Mialem chec na zmiane ekranu bootowania z tego tez wzgledu postanowilem skorzystac z poradnika zamieszczonego w odpowiednim dziale na tym forum "Poradniki". Wszystko wydawac by sie moglo wporzadku gdyby nie to, ze podczas wymaganego restartu systemu wyskakuje niebieski ekran informujacy o wadliwym dzialaniu jednego z programow. Nie trudno sie domyslec ze informacje zawarte w poradniku nie byly kompletne a moe poprostu pominieto niektore z roznych wzgledow. Mniejsza o to, nie mozna uruchomic komputera w trybie awaryjnym gdyz w oknie logowania do systemu pojawia sie blad ktorego nie jestem w stanie tutaj opisac gdyz system jest natychmiast restartowany. Link do poradnika. Tym samym prosze o pomoc. Aha bym zapomnial... zdolalem uruchomic komputer poprzez opcje "powroc do ostatniego poprawnego stanu systemu", nie cytuje tego komunikatu, mniej wiecej go opisuje bo nie pamietam. Niektore programy po tych czynnosciach widocznie szwankuja. Prosze o pomoc 
- Kod: Zaznacz wszystko
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:00, on 2007-09-13
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Common Files\Stardock\SDMCP.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Gadu-Gadu\gg.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.soccer-live.kk.e-wro.pl/ogolnie.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: BitComet Helper - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.5.19.dll
O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MegauploadToolbar\megauploadtoolbar.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: IeMonitorBho Class - {bf00e119-21a3-4fd1-b178-3b8537e75c92} - C:\Program Files\Megaupload\Mega Manager\MegaIEMn.dll
O2 - BHO: (no name) - {FFFFFEF0-5B30-21D4-945D-000000000000} - C:\PROGRA~1\STARDO~1\SDIEInt.dll
O3 - Toolbar: (no name) - {37B85A29-692B-4205-9CAD-2626E4993404} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MegauploadToolbar\megauploadtoolbar.dll
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /tray
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA LOKALNA')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA SIECIOWA')
O8 - Extra context menu item: Download all links using BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: Download all videos using BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: Download link using &BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: Download Link Using Mega Manager... - C:\Program Files\Megaupload\Mega Manager\mm_file.htm
O8 - Extra context menu item: Download with Star Downloader - C:\Program Files\Star Downloader\sdie.htm
O8 - Extra context menu item: Pobierz za pomocą Mega Manager... - C:\Program Files\Megaupload\Mega Manager\mm_file.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {B91AEDBE-93DF-4017-8BB3-F1C300C0EC51} - file://C:\Program Files\InstallShield\Professional 7 Eval Setup\Disk1\setup.exe
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Apache Software Foundation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
--
End of file - 7300 bytes
- Kod: Zaznacz wszystko
ComboFix 07-09-13.3 - "p" 2007-09-13 18:01:09.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.611 [GMT 2:00]
* Created a new restore point
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Program Files\myglobalsearch
C:\Program Files\myglobalsearch\bar\2.bin\M9FFXTBR.JAR
C:\Program Files\myglobalsearch\bar\2.bin\M9FFXTBR.MANIFEST
C:\Program Files\myglobalsearch\bar\2.bin\M9NTSTBR.JAR
C:\Program Files\myglobalsearch\bar\2.bin\M9NTSTBR.MANIFEST
C:\Program Files\myglobalsearch\bar\2.bin\M9PLUGIN.DLL
C:\Program Files\myglobalsearch\bar\2.bin\MGSBAR.DLL
C:\Program Files\myglobalsearch\bar\2.bin\NPMYGLSH.DLL
C:\WINDOWS\retadpu41.exe
.
((((((((((((((((((((((((( Files Created from 2007-08-13 to 2007-09-13 )))))))))))))))))))))))))))))))
.
2007-09-13 18:00 <DIR> d-------- C:\Program Files\Trend Micro
2007-09-13 17:48 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-09-13 15:00 <DIR> d-------- C:\Program Files\Stardock
2007-09-10 17:40 <DIR> d-------- C:\Program Files\ReflexiveArcade
2007-09-09 13:05 <DIR> d-------- C:\Program Files\SoundInDepth.com
2007-09-09 12:53 <DIR> d-------- C:\Program Files\Bobyte
2007-09-08 19:00 8 --a------ C:\WINDOWS\schedule.dat
2007-09-08 18:43 <DIR> d-------- C:\Program Files\Teleport Pro
2007-09-06 18:48 <DIR> d-------- C:\Program Files\DivX
2007-09-06 18:34 <DIR> d-------- C:\My Downloads
2007-09-06 18:14 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\DANEAP~1\Spybot - Search & Destroy
2007-09-05 17:15 <DIR> d-------- C:\Program Files\UltraISO
2007-09-05 17:15 <DIR> d-------- C:\Program Files\Common Files\EZB Systems
2007-09-05 16:13 <DIR> d-------- C:\DOCUME~1\p\DANEAP~1\Ahead
2007-08-31 12:23 <DIR> d-------- C:\Program Files\Common Files\Totem Shared
2007-08-28 12:02 111,104 --a------ C:\WINDOWS\system32\uharc.exe
2007-08-27 12:07 <DIR> d-------- C:\DOCUME~1\p\DANEAP~1\Zylom
2007-08-27 12:07 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\DANEAP~1\Zylom
2007-08-27 12:06 <DIR> d-------- C:\Program Files\Zylom Games
2007-08-25 13:17 <DIR> d-------- C:\DOCUME~1\p\WINDOWS
2007-08-24 22:31 <DIR> d-------- C:\WINDOWS\system32\QuickTime
2007-08-19 14:57 <DIR> d-------- C:\Program Files\TVAnts
2007-08-19 14:45 32,256 --a------ C:\WINDOWS\winow.dll
2007-08-15 21:22 <DIR> d-------- C:\Program Files\PhotoZoom Pro 2
2007-08-15 17:25 210,944 --a------ C:\WINDOWS\system32\MSVCRT10.DLL
2007-08-15 17:24 210,944 --a------ C:\WINDOWS\system\MSVCRT10.DLL
2007-08-15 14:05 <DIR> d-------- C:\DOCUME~1\p\DANEAP~1\AGD plugin
2007-08-15 13:57 44,544 --------- C:\WINDOWS\AWuninstall.exe
2007-08-15 13:54 <DIR> d-------- C:\WINDOWS\Splash Screens
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-09-13 15:40 --------- d-------- C:\Program Files\Mozilla Thunderbird
2007-09-13 15:38 --------- d-------- C:\Program Files\Common Files\Stardock
2007-09-11 17:17 --------- d-------- C:\DOCUME~1\p\DANEAP~1\gtk-2.0
2007-09-06 12:05 94416 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys
2007-09-06 12:05 92848 --a------ C:\WINDOWS\system32\drivers\aswmon.sys
2007-09-06 12:03 23152 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys
2007-09-06 12:02 42912 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys
2007-09-06 12:00 26624 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys
2007-08-28 22:28 --------- d-------- C:\Program Files\TC PowerPack
2007-08-26 19:40 --------- d-------- C:\Program Files\mIRC
2007-08-19 14:39 --------- d-------- C:\DOCUME~1\p\DANEAP~1\MegauploadToolbar
2007-08-12 12:23 --------- d-------- C:\Program Files\SopCast
2007-08-12 12:22 --------- d-------- C:\DOCUME~1\p\DANEAP~1\SopCast
2007-08-04 19:43 --------- d--h----- C:\Program Files\InstallShield Installation Information
2007-08-04 15:01 739 --ah----- C:\os848618.bin
2007-08-03 13:39 --------- d-------- C:\DOCUME~1\p\DANEAP~1\Skype
2007-07-25 12:25 --------- d-------- C:\Program Files\LIVEUPDATE
2007-07-22 16:57 --------- d-------- C:\Program Files\Winamp
2007-07-19 17:31 73393 --a------ C:\WINDOWS\unins000.exe
2007-07-19 17:31 --------- d-------- C:\Program Files\kswiat
2007-07-18 13:37 --------- d-------- C:\DOCUME~1\p\DANEAP~1\GanymedeNet
2007-07-18 12:36 --------- d-------- C:\Program Files\Ganymede
2007-07-17 12:12 --------- d-------- C:\Program Files\MegauploadToolbar
2007-07-17 12:12 --------- d-------- C:\Program Files\Megaupload
2007-07-17 12:12 --------- d-------- C:\DOCUME~1\p\DANEAP~1\Megaupload
2007-07-17 12:11 --------- d-------- C:\DOCUME~1\p\DANEAP~1\InstallShield
2007-07-13 11:54 --------- d-------- C:\Program Files\bwin
2007-06-19 17:21 73216 --a------ C:\WINDOWS\ST6UNST.EXE
2007-06-19 17:21 286720 --------- C:\WINDOWS\Setup1.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2006-07-13 07:19]
"High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2004-10-27 15:21 C:\WINDOWS\system32\HdAShCut.exe]
"SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [2005-05-21 11:11]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-09-06 12:06]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-07-13 07:19]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Gadu-Gadu"="C:\Program Files\Gadu-Gadu\gg.exe" [2007-05-08 10:47]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2007-08-31 16:46]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"RunStartupScriptSync"=0 (0x0)
"SynchronousMachineGroupPolicy"=0 (0x0)
"SynchronousUserGroupPolicy"=0 (0x0)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"NoDispBackgroundPage"=0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoStrCmpLogical"=1 (0x1)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSMBalloonTip"=1 (0x1)
"NoRecentDocsHistory"=1 (0x1)
"MemCheckBoxInRunDlg"=0 (0x0)
"NoAutoTrayNotify"=0 (0x0)
"NoResolveTrack"=0 (0x0)
"NoResolveSearch"=1 (0x1)
"NoWelcomeScreen"=1 (0x1)
"NoRecentDocsNetHood"=1 (0x1)
"NoDesktopCleanupWizard"=1 (0x1)
"NoSharedDocuments"=1 (0x1)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
LMIinit.dll 2007-05-25 15:22 63040 C:\WINDOWS\system32\LMIinit.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\MCPClient]
C:\Program Files\Common Files\Stardock\mcpstub.dll 2005-01-31 15:13 49152 C:\Program Files\Common Files\Stardock\MCPStub.dll
R1 ISODrive;ISO DVD/CD-ROM Device Driver;\??\C:\Program Files\UltraISO\drivers\ISODrive.sys
R2 LMIRfsDriver;LogMeIn Remote File System Driver;\??\C:\WINDOWS\system32\drivers\LMIRfsDriver.sys
R3 AEAudioService;AEAudio Service;C:\WINDOWS\system32\drivers\AEAudio.sys
R3 lmimirr;lmimirr;C:\WINDOWS\system32\DRIVERS\lmimirr.sys
R3 SenFiltService;SenFilt Service;C:\WINDOWS\system32\drivers\Senfilt.sys
S2 LMIInfo;LogMeIn Kernel Information Provider;\??\C:\Program Files\LogMeIn\x86\RaInfo.sys
S3 USBSTOR;Sterownik magazynu masowego USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
.
**************************************************************************
catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-09-13 18:03:00
Windows 5.1.2600 Dodatek Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2007-09-13 18:04:08 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-09-13 18:03
.
--- E O F ---
- Kod: Zaznacz wszystko
[code]
2007-06-13 12:42 0 --a------ C:\Qoobox\Quarantine\C\WINDOWS\retadpu41.exe.vir
2007-07-08 21:23 15399 --a------ C:\Qoobox\Quarantine\C\ComboFix\FProps.vbs.vir
2007-09-06 15:30 140 --a------ C:\Qoobox\Quarantine\C\Program Files\MyGlobalSearch\bar\2.bin\M9FFXTBR.MANIFEST.vir
2007-09-06 15:30 140 --a------ C:\Qoobox\Quarantine\C\Program Files\MyGlobalSearch\bar\2.bin\M9NTSTBR.MANIFEST.vir
2007-09-06 15:30 225280 --a------ C:\Qoobox\Quarantine\C\Program Files\MyGlobalSearch\bar\2.bin\MGSBAR.DLL.vir
2007-09-06 15:30 24576 --a------ C:\Qoobox\Quarantine\C\Program Files\MyGlobalSearch\bar\2.bin\NPMYGLSH.DLL.vir
2007-09-06 15:30 45056 --a------ C:\Qoobox\Quarantine\C\Program Files\MyGlobalSearch\bar\2.bin\M9PLUGIN.DLL.vir
2007-09-06 15:30 4829 --a------ C:\Qoobox\Quarantine\C\Program Files\MyGlobalSearch\bar\2.bin\M9FFXTBR.JAR.vir
2007-09-06 15:30 6493 --a------ C:\Qoobox\Quarantine\C\Program Files\MyGlobalSearch\bar\2.bin\M9NTSTBR.JAR.vir
Zmienna PATH folderu
Numer seryjny woluminu: 6833-6E6B
C:\QOOBOX\QUARANTINE
+---C
| +---ComboFix
| | FProps.vbs.vir
| |
| +---Program Files
| | \---MyGlobalSearch
| | \---bar
| | \---2.bin
| | M9FFXTBR.JAR.vir
| | M9FFXTBR.MANIFEST.vir
| | M9NTSTBR.JAR.vir
| | M9NTSTBR.MANIFEST.vir
| | M9PLUGIN.DLL.vir
| | MGSBAR.DLL.vir
| | NPMYGLSH.DLL.vir
| |
| \---WINDOWS
| retadpu41.exe.vir
|
\---Registry_backups
[/code]
