Log - trojan.gamethief + amvo.exe + dziwne okna w windzie

**Posty:** 2 · przez **eszte** 11 Mar 2009, 13:41

z góry mówię że jestem noobem i proszę o litość

mam problem z komputerem... podejrzewam ze powodem jest wyżej wymieniony wirus...
na 2 poprzednich komputerach kaspersky + combofix sobie poradził, na 3cim komputerze skanowałem kilka razy i dalej objawy te same - windows uruchamia sie z otwartymi oknami w explorerze + wyskakuje błąd amvo.exe + strasznie spadła zdolność reakcji komputera na moje polecenia;]

oto log (?) z combofixa

Kod: Zaznacz wszystko: ComboFix 09-03-10.03 - Basia Sepetowska 2009-03-11 12:12:44.3 - [color=red][b]FAT32[/b][/color]x86 Microsoft Windows XP Home Edition 5.1.2600.2.1250.1.1045.18.1014.619 [GMT 1:00] Uruchomiony z: c:\documents and settings\Basia Sepetowska\Pulpit\ComboFix.exe AV: Kaspersky Anti-Virus *On-access scanning disabled* (Updated) * Utworzono nowy punkt przywracania . ((((((((((((((((((((((((((((((((((((((( Usunięto ))))))))))))))))))))))))))))))))))))))))))))))))) . . ---- Poprzednie uruchomienie ------- . C:\autorun.inf c:\windows\emMON.exe c:\windows\system32\amvo.exe c:\windows\system32\amvo0.dll c:\windows\system32\autorun.ini c:\windows\Temp\log.txt D:\Autorun.inf . ((((((((((((((((((((((((( Pliki utworzone od 2009-02-11 do 2009-03-11 ))))))))))))))))))))))))))))))) . 2009-03-11 11:59 . 2009-03-11 11:59 <DIR> d-------- c:\windows\LastGood 2009-03-11 11:59 . 2009-03-11 11:59 <DIR> d-------- c:\program files\Kaspersky Lab 2009-03-11 11:59 . 2009-03-11 11:59 <DIR> d-------- c:\documents and settings\All Users\Dane aplikacji\Kaspersky Lab 2009-03-11 11:59 . 2009-03-11 12:07 101,287 --a------ c:\windows\system32\drivers\klin.dat 2009-03-11 11:59 . 2009-03-11 12:07 89,601 --a------ c:\windows\system32\drivers\klick.dat 2009-03-11 11:59 . 2009-03-11 11:59 32 --ahs---- c:\windows\system32\drivers\fidbox2.idx 2009-03-11 11:59 . 2009-03-11 11:59 32 --ahs---- c:\windows\system32\drivers\fidbox2.dat 2009-03-11 11:59 . 2009-03-11 11:59 32 --ahs---- c:\windows\system32\drivers\fidbox.idx 2009-03-11 11:59 . 2009-03-11 11:59 32 --ahs---- c:\windows\system32\drivers\fidbox.dat 2009-03-11 11:39 . 2009-03-11 11:39 <DIR> d-------- c:\documents and settings\All Users\Dane aplikacji\Kaspersky Lab Setup Files 2009-03-11 10:56 . 2009-03-11 10:56 60 --a------ c:\windows\wininit.ini 2009-03-11 10:52 . 2009-03-11 10:52 <DIR> d-------- c:\program files\NeoKwinto 2009-03-10 18:55 . 2009-03-10 18:55 <DIR> d-------- c:\documents and settings\All Users\Dane aplikacji\Reality Engineering 2009-03-10 18:54 . 2009-03-10 18:54 <DIR> d-------- c:\program files\MirroSoft 2009-03-10 18:52 . 2009-03-10 18:52 <DIR> d-------- c:\program files\QuickTime 2009-03-10 18:52 . 2009-03-10 18:52 <DIR> d-------- c:\documents and settings\All Users\Dane aplikacji\Apple Computer . (((((((((((((((((((((((((((((((((((((((( Sekcja Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-03-11 11:07 33,808 ----a-w c:\windows\system32\drivers\klbg.sys 2008-12-12 17:36 3,081,216 ----a-w c:\windows\system32\dllcache\mshtml.dll 2008-12-11 11:57 333,184 ----a-w c:\windows\system32\dllcache\srv.sys 2008-11-19 21:11 67,696 ----a-w c:\program files\mozilla firefox\components\jar50.dll 2008-11-19 21:11 54,376 ----a-w c:\program files\mozilla firefox\components\jsd3250.dll 2008-11-19 21:11 34,952 ----a-w c:\program files\mozilla firefox\components\myspell.dll 2008-11-19 21:11 46,720 ----a-w c:\program files\mozilla firefox\components\spellchk.dll 2008-11-19 21:11 172,144 ----a-w c:\program files\mozilla firefox\components\xpinstal.dll . ((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360] "MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-10-13 1694208] "EXPLORER.EXE"="EXPLORER.EXE" [2007-06-13 c:\windows\explorer.exe] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "preload"="c:\windows\RUNXMLPL.exe" [2005-05-19 32768] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2005-01-23 155648] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2005-01-23 126976] "SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2005-02-04 102490] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2005-02-04 708698] "EPM-DM"="c:\acer\epm\epm-dm.exe" [2005-10-26 212992] "ePowerManagement"="c:\acer\ePM\ePM.exe" [2005-10-26 2889728] "IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 208952] "MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-04 59392] "PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168] "PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168] "LaunchAp"="c:\program files\Launch Manager\LaunchAp.exe" [2005-07-25 32768] "PowerKey"="c:\program files\Launch Manager\PowerKey.exe" [2002-08-30 94208] "LManager"="c:\program files\Launch Manager\HotkeyApp.exe" [2005-06-06 69632] "CtrlVol"="c:\program files\Launch Manager\CtrlVol.exe" [2003-09-16 20480] "LMgrOSD"="c:\program files\Launch Manager\OSDCtrl.exe" [2005-07-25 241664] "Wbutton"="c:\program files\Launch Manager\Wbutton.exe" [2005-07-25 81920] "eRecoveryService"="c:\acer\Empowering Technology\eRecovery\Monitor.exe" [2005-10-31 385024] "KDIT"="c:\program files\KodakDigitalImagingTransfer\KDIT.exe" [2005-05-31 369152] "PinnacleDriverCheck"="c:\windows\system32\PSDrvCheck.exe" [2003-11-10 406016] "PMCRemote"="c:\program files\Pinnacle\Shared Files\Programs\Remote\Remoterm.exe" [2006-02-16 90112] "PMCS"="c:\program files\Pinnacle\Shared Files\Programs\MediaCenterService\PMC.Service.Main.exe" [2006-02-10 65536] "SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 132496] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2007-12-11 286720] "SoundMan"="SOUNDMAN.EXE" [2005-04-15 c:\windows\SOUNDMAN.EXE] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360] [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Gadu-Gadu\\gg.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "6501:TCP"= 6501:TCP:MirroSoft Server R1 Hotkey;Hotkey;c:\windows\system32\drivers\HOTKEY.sys [2006-06-06 9867] R2 EpmPsd;Acer EPM Power Scheme Driver;c:\windows\system32\drivers\epm-psd.sys [2004-07-19 4096] R2 EpmShd;Acer EPM System Hardware Driver;c:\windows\system32\drivers\epm-shd.sys [2005-04-07 78208] R2 MIRASSERVICE;MirroSoft Server;c:\program files\MirroSoft\Server\MirroSoft Server.exe [2008-12-19 20480] R2 MSSQL$INFOTEL;MSSQL$INFOTEL;c:\program files\Microsoft SQL Server\MSSQL$INFOTEL\Binn\sqlservr.exe -sINFOTEL --> c:\program files\Microsoft SQL Server\MSSQL$INFOTEL\Binn\sqlservr.exe -sINFOTEL [?] R2 osaio;osaio;c:\windows\system32\drivers\osaio.sys [2006-06-06 8704] R2 osanbm;osanbm;c:\windows\system32\drivers\osanbm.sys [2006-06-06 4010] R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [2008-04-30 24592] R3 POWERKEY;POWERKEY;c:\program files\Launch Manager\POWERKEY.SYS [2006-06-06 2343] S0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [2008-01-29 33808] S1 mailKmd;mailKmd; [x] S1 Wbutton;Wbutton;c:\windows\system32\drivers\Wbutton.sys --> c:\windows\system32\drivers\Wbutton.sys [?] S3 RVG6Driver;Kodak Trophy RVG Driver;c:\windows\system32\drivers\RVG6Usb.sys [2007-03-02 122880] S3 SQLAgent$INFOTEL;SQLAgent$INFOTEL;c:\program files\Microsoft SQL Server\MSSQL$INFOTEL\Binn\sqlagent.EXE -i INFOTEL --> c:\program files\Microsoft SQL Server\MSSQL$INFOTEL\Binn\sqlagent.EXE -i INFOTEL [?] S3 ZDCndis5;ZDCndis5 Protocol Driver;\??\c:\windows\system32\ZDCndis5.SYS --> c:\windows\system32\ZDCndis5.SYS [?] --- Inne Usługi/Sterowniki w Pamięci --- *NewlyCreated* - AVP *NewlyCreated* - INT15.SYS *NewlyCreated* - KLIF *NewlyCreated* - POWERKEY [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3a03395e-be38-11dd-8cde-0016ce23fc0f}] \Shell\AutoRun\command - F:\pa39xth.cmd \Shell\explore\Command - F:\pa39xth.cmd \Shell\open\Command - F:\pa39xth.cmd [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d04cd6fa-5a56-11dc-8b3b-0016ce23fc0f}] \Shell\AutoRun\command - F:\EXPLORER.EXE \Shell\explore\Command - F:\EXPLORER.EXE \Shell\open\Command - F:\EXPLORER.EXE . - - - - USUNIĘTO PUSTE WPISY - - - - HKCU-Run-wsctf.exe - wsctf.exe . ------- Skan uzupełniający ------- . uStart Page = hxxp://www.google.pl/ uInternet Connection Wizard,ShellNext = iexplore uSearchURL,(Default) = hxxp://www.google.com/search?q=%s FF - ProfilePath - c:\documents and settings\Basia Sepetowska\Dane aplikacji\Mozilla\Firefox\Profiles\8g5kdbjb.default\ FF - component: c:\program files\Mozilla Firefox\components\xpinstal.dll . ************************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-03-11 12:13:57 Windows 5.1.2600 Dodatek Service Pack 2 FAT NTAPI skanowanie ukrytych procesów ... skanowanie ukrytych wpisów autostartu ... skanowanie ukrytych plików ... skanowanie pomyślnie ukończone ukryte pliki: 0 ************************************************************************** . --------------------- ZABLOKOWANE KLUCZE REJESTRU --------------------- [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32*] "ThreadingModel"="Apartment" @="c:\\WINDOWS\\system32\\OLE32.DLL" "cd042efbbd7f7af1647644e76e06692b"=hex:e2,63,26,f1,3f,c8,ff,68,59,f1,e8,78,51, 4c,d5,54,c8,28,51,af,b0,29,a3,98,7e,7e,93,33,8e,dd,89,ff,e2,63,26,f1,3f,c8,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32*] "ThreadingModel"="Apartment" @="c:\\WINDOWS\\system32\\OLE32.DLL" "bca643cdc5c2726b20d2ecedcc62c59b"=hex:6a,9c,d6,61,af,45,84,18,31,6b,b6,73,e5, 96,3c,4a,71,3b,04,66,8b,46,0d,96,e3,9a,1f,ad,c3,49,6f,14,6a,9c,d6,61,af,45,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32*] "ThreadingModel"="Apartment" @="c:\\WINDOWS\\system32\\OLE32.DLL" "2c81e34222e8052573023a60d06dd016"=hex:25,da,ec,7e,55,20,c9,26,28,33,6b,13,e6, 1c,88,9e,25,da,ec,7e,55,20,c9,26,cd,4a,34,99,37,01,08,87,ff,7c,85,e0,43,d4,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32*] "ThreadingModel"="Apartment" @="c:\\WINDOWS\\system32\\OLE32.DLL" "2582ae41fb52324423be06337561aa48"=hex:86,8c,21,01,be,91,eb,e7,71,24,89,90,6e, 38,78,b6,3e,1e,9e,e0,57,5a,93,61,80,b1,dc,2f,61,9c,7a,b0,86,8c,21,01,be,91,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32*] "ThreadingModel"="Apartment" @="c:\\WINDOWS\\system32\\OLE32.DLL" "caaeda5fd7a9ed7697d9686d4b818472"=hex:f5,1d,4d,73,a8,13,5c,05,db,ed,26,94,d0, 00,df,49,cd,44,cd,b9,a6,33,6c,cd,e7,a1,27,2c,d5,b0,a1,b0,f5,1d,4d,73,a8,13,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32*] "ThreadingModel"="Apartment" @="c:\\WINDOWS\\system32\\OLE32.DLL" "a4a1bcf2cc2b8bc3716b74b2b4522f5d"=hex:b0,18,ed,a7,3f,8d,37,a4,09,8f,a5,5d,c6, 53,48,e2,b0,18,ed,a7,3f,8d,37,a4,5a,a0,d7,68,d7,6c,ab,b1,df,20,58,62,78,6b,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32*] "ThreadingModel"="Apartment" @="c:\\WINDOWS\\system32\\OLE32.DLL" "4d370831d2c43cd13623e232fed27b7b"=hex:fb,a7,78,e6,12,2f,9a,ea,9e,13,1d,41,da, 14,99,72,31,77,e1,ba,b1,f8,68,02,60,92,31,14,b2,b0,82,9e,fb,a7,78,e6,12,2f,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32*] "ThreadingModel"="Apartment" @="c:\\WINDOWS\\system32\\OLE32.DLL" "1d68fe701cdea33e477eb204b76f993d"=hex:01,3a,48,fc,e8,04,4a,f1,f6,75,4c,29,da, 22,4b,4c,83,6c,56,8b,a0,85,96,ab,c2,5f,7d,a6,c3,3c,ce,c8,01,3a,48,fc,e8,04,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32*] "ThreadingModel"="Apartment" @="c:\\WINDOWS\\system32\\OLE32.DLL" "1fac81b91d8e3c5aa4b0a51804d844a3"=hex:51,fa,6e,91,28,9e,14,cc,53,fd,38,94,8e, 35,88,ac,51,fa,6e,91,28,9e,14,cc,a2,04,90,15,26,cd,31,a3,f6,0f,4e,58,98,5b,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32*] "ThreadingModel"="Apartment" @="c:\\WINDOWS\\system32\\OLE32.DLL" "f5f62a6129303efb32fbe080bb27835b"=hex:b1,cd,45,5a,a8,c4,f8,b9,49,1c,6f,6e,a8, 54,af,40,b1,cd,45,5a,a8,c4,f8,b9,5d,4d,6b,b6,53,03,d5,bc,3d,ce,ea,26,2d,45,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32*] "ThreadingModel"="Apartment" @="c:\\WINDOWS\\system32\\OLE32.DLL" "fd4e2e1a3940b94dceb5a6a021f2e3c6"=hex:e3,0e,66,d5,eb,bc,2f,6b,34,09,5e,19,80, 77,78,ee,e3,0e,66,d5,eb,bc,2f,6b,32,f6,f3,8a,da,38,14,7a,2a,b7,cc,b5,b9,7f,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32*] "ThreadingModel"="Apartment" @="c:\\WINDOWS\\system32\\OLE32.DLL" "8a8aec57dd6508a385616fbc86791ec2"=hex:6c,43,2d,1e,aa,22,2f,9c,88,36,3b,e1,e0, 73,f0,7c,fa,ea,66,7f,d4,3b,6b,70,30,30,80,fe,05,23,8b,4a,6c,43,2d,1e,aa,22,\ . Czas ukończenia: 2009-03-11 12:15:00 ComboFix-quarantined-files.txt 2009-03-11 11:15:00 Przed: 18,115,133,440 bajtów wolnych Po: 18,141,347,840 bajtów wolnych WindowsXP-KB310994-SP2-Home-BootDisk-PLK.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect 217 --- E O F --- 2009-01-22 19:49:47

- czytałem że samemu jak sie nie jest pewnym nic nie robić wiec bardzo proszę o pomoc
- jeżeli coś źle zatytułowałem/wkleiłem z góry przepraszam

edit
dodam że robilem tylko zwykle skany kasperskim i standardowe uruchamianie combofixa(bez nanoszenia zadnych CFScript itd :?:

)
edit 2
jeżeli jest ktoś w stanie pomóc proszę o "łopatologiczne" wytłumaczenie ;]

**Posty:** 18165 · przez **wojtas** 11 Mar 2009, 22:47

1. Ściągnij OTMoveIt i go włacz i odpal go z opcji CleanUp

oraz skasuj folder C:\Qoobox
2. wykonaj optymalizację windowsa
3.sciagnij ATF_Cleaner
zaznacz
Windows Temp
All users Temp
Temporary internet files
Recycle Bin
i wcisnij EMPTY SELECTED
4.Wyłącz przywracanie systemu ( właściwości mój komputer-zakładka przywracanie - wyłącz przywracanie na wszystkich dyskach). Po chwili włącz je powrotem
5. Wykonaj skan Dr. Web CureIt
6. Przeskanuj obszar mojego komputera http://www.kaspersky.pl/virusscanner.html (uruchom przez IE) Daj raport z niego na forum.

i tym:

FixIEDef.

**Posty:** 2 · przez **eszte** 16 Mar 2009, 01:17

te rzeczy które poleciłeś będę robił dopiero jutro na komputerze na którym występują te problemy o których w temacie...

tymczasem na drugim komputerze wystapil dziwny bardzo irytujący blad, mianowicie - co chwile wyskakuje błąd "Media Center Receiver Service". po kliknieciu don't send wyskakuje natychmiast to samo... jeżeli nie kliknę następne okno wyskoczy po kilkudziesięciu sekundach

ponad to... Dr.web crelt mi się nie otwiera... ani ten z linka którego podałeś, anie żaden inny z googli....
kaspersky online wiesza mi ff'a
resztę zrobiłem

poniezej 2 logi

COMBOFIX

Kod: Zaznacz wszystko: ComboFix 09-03-14.02 - user 2009-03-16 0:13:56.4 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1250.1.1033.18.2047.1514 [GMT 1:00] Uruchomiony z: c:\documents and settings\user\Desktop\pulpit\ComboFix.exe AV: Kaspersky Anti-Virus *On-access scanning disabled* (Updated) . ((((((((((((((((((((((((( Pliki utworzone od 2009-02-15 do 2009-03-15 ))))))))))))))))))))))))))))))) . 2009-03-15 21:31 . 2009-03-15 21:31 <DIR> d-------- c:\windows\ERUNT 2009-03-15 21:31 . 2009-03-15 21:31 <DIR> d-------- C:\ERDNT 2009-03-15 21:31 . 2009-03-15 21:31 <DIR> d-------- C:\!FixIEDef 2009-03-15 18:55 . 2009-03-15 23:32 68 --a------ c:\windows\VplayerINI.vpl 2009-03-15 18:54 . 2009-03-15 18:54 <DIR> d-------- c:\program files\Codec Pack - All In 1 2009-03-15 18:54 . 2009-03-15 18:53 737,280 --a------ c:\windows\iun6002.exe 2009-03-15 18:54 . 2009-03-15 23:32 919 --a------ c:\windows\VPlayer.INI 2009-03-15 18:52 . 2009-03-15 18:52 <DIR> d-------- c:\program files\Vplayer 2009-03-14 11:35 . 2009-03-14 11:35 <DIR> d-------- c:\program files\Real Alternative 2009-03-14 11:33 . 2009-03-14 11:36 <DIR> d-------- c:\documents and settings\user\Application Data\Media Player Classic 2009-03-11 20:08 . 2009-03-11 20:08 <DIR> d-------- c:\documents and settings\All Users\Application Data\Age of Empires 3 2009-03-11 20:06 . 2009-03-11 20:07 <DIR> d-------- c:\documents and settings\user\Age of Empires 3 2009-03-11 20:02 . 2009-03-11 20:02 <DIR> d-------- c:\program files\Common Files\Microsoft Games 2009-03-11 19:53 . 2005-05-26 15:34 2,297,552 --a------ c:\windows\system32\d3dx9_26.dll 2009-03-11 19:48 . 2009-03-11 19:48 <DIR> d-------- c:\program files\Microsoft Games 2009-03-11 19:43 . 2009-03-11 19:43 <DIR> d-------- c:\windows\Downloaded Installations 2009-03-11 19:43 . 2009-03-11 19:43 <DIR> d-------- c:\program files\D-Tools 2009-03-11 19:43 . 2004-08-22 16:31 155,136 --a------ c:\windows\system32\drivers\d347bus.sys 2009-03-11 19:43 . 2004-08-22 16:31 5,248 --a------ c:\windows\system32\drivers\d347prt.sys 2009-03-11 19:19 . 2009-03-11 19:19 <DIR> d-------- c:\documents and settings\NetworkService\Application Data\Intel 2009-03-11 10:45 . 2009-03-11 10:46 <DIR> d-------- c:\program files\NeoKwinto 2009-03-07 15:44 . 2009-03-07 15:44 <DIR> d-------- c:\program files\AidemMedia 2009-03-06 22:41 . 1998-10-29 16:45 306,688 --a------ c:\windows\IsUninst.exe 2009-03-06 21:51 . 2009-03-06 21:51 275,758 ---h----- C:\treeinfo.wc 2009-03-06 21:45 . 2009-03-06 21:54 281 --a------ c:\windows\wcx_ftp.ini 2009-03-06 19:27 . 2009-03-07 16:38 101,287 --a------ c:\windows\system32\drivers\klin.dat 2009-03-06 19:27 . 2009-03-07 16:38 89,601 --a------ c:\windows\system32\drivers\klick.dat 2009-03-06 19:26 . 2009-03-15 21:17 <DIR> d-------- c:\documents and settings\All Users\Application Data\Kaspersky Lab 2009-03-06 19:26 . 2009-03-15 21:27 1,390,624 --ahs---- c:\windows\system32\drivers\fidbox.dat 2009-03-06 19:26 . 2009-03-15 21:29 311,328 --ahs---- c:\windows\system32\drivers\fidbox2.dat 2009-03-06 19:26 . 2009-03-15 21:27 12,992 --ahs---- c:\windows\system32\drivers\fidbox.idx 2009-03-06 19:26 . 2009-03-15 21:29 2,144 --ahs---- c:\windows\system32\drivers\fidbox2.idx 2009-03-05 12:32 . 2009-03-06 21:48 <DIR> d-------- c:\program files\totalcmd 2009-03-05 12:32 . 2009-03-09 12:15 573 --a------ c:\windows\wincmd.ini 2009-03-05 12:32 . 2008-08-08 07:04 545 --a------ c:\windows\UC.PIF 2009-03-05 12:32 . 2008-08-08 07:04 545 --a------ c:\windows\RAR.PIF 2009-03-05 12:32 . 2008-08-08 07:04 545 --a------ c:\windows\PKZIP.PIF 2009-03-05 12:32 . 2008-08-08 07:04 545 --a------ c:\windows\PKUNZIP.PIF 2009-03-05 12:32 . 2008-08-08 07:04 545 --a------ c:\windows\NOCLOSE.PIF 2009-03-05 12:32 . 2008-08-08 07:04 545 --a------ c:\windows\LHA.PIF 2009-03-05 12:32 . 2008-08-08 07:04 545 --a------ c:\windows\ARJ.PIF 2009-03-04 14:30 . 2008-11-01 21:57 <DIR> d-------- c:\documents and settings\1\Application Data\Windows Desktop Search 2009-03-04 14:30 . 2008-11-01 21:57 <DIR> d-------- c:\documents and settings\1\Application Data\toshiba 2009-03-04 14:30 . 2008-11-01 17:39 <DIR> d-------- c:\documents and settings\1\Application Data\Intel 2009-03-04 14:30 . 2009-03-11 19:31 <DIR> d-------- c:\documents and settings\1 2009-03-04 14:28 . 2009-03-04 14:28 36,162 --a------ c:\windows\BricoPackUninst.cmd 2009-03-04 14:27 . 2009-03-04 14:27 3,932,214 --a------ c:\windows\BricoPack Wallpaper.bmp 2009-03-04 14:26 . 2009-03-04 14:28 1,884 --a------ c:\windows\BricoPackFoldersDelete.cmd 2009-03-04 14:25 . 2009-03-04 14:25 <DIR> d-------- c:\windows\BricoPacks 2009-03-04 14:04 . 2009-03-04 14:05 2,143,744 --a------ c:\windows\system32\kernel1.exe 2009-03-04 14:04 . 2009-03-04 14:04 2,143,744 --a------ c:\windows\system32\KERNEL.TMP 2009-03-04 13:59 . 2009-01-11 01:59 2,848,575 --a------ c:\windows\Wheathump-2560x1600.jpg 2009-03-04 13:54 . 2009-03-04 14:03 45 --a------ C:\TEST.XML 2009-03-04 13:18 . 2009-02-23 14:09 850,835 --a------ c:\windows\[u]0[/u]1232_lazydaysii_1920x1080.jpg 2009-03-04 13:06 . 2009-02-22 23:16 294 -rahs---- C:\BOOT.BKK 2009-03-04 13:01 . 2009-03-04 13:01 <DIR> d-------- c:\program files\TGTSoft 2009-03-04 12:54 . 2009-03-04 12:54 <DIR> d-------- c:\documents and settings\user\Application Data\FileSubmit 2009-03-03 17:41 . 2009-03-14 21:56 <DIR> d-------- c:\program files\Rapid Express 2009-03-03 12:13 . 2009-03-03 12:13 <DIR> d-------- c:\program files\Abrosoft 2009-03-03 12:13 . 2009-03-05 21:02 1,496,576 ---h----- c:\windows\system32\wodfamop.dll 2009-03-02 13:01 . 2009-03-02 13:01 <DIR> d-------- c:\program files\Ahead 2009-03-02 13:01 . 2006-01-12 15:40 155,648 --a------ c:\windows\system32\NeroCheck.exe 2009-03-02 13:01 . 2005-09-01 11:03 127,488 --------- c:\windows\system32\drivers\imagesrv.sys 2009-03-02 13:01 . 2000-06-26 10:45 106,496 --a------ c:\windows\system32\TwnLib20.dll 2009-03-02 13:01 . 2005-09-01 11:03 5,888 --------- c:\windows\system32\drivers\imagedrv.sys 2009-02-28 23:17 . 2009-03-15 18:46 96 --a------ c:\windows\NeroDigital.ini 2009-02-25 13:42 . 2009-02-25 13:42 <DIR> d-------- c:\documents and settings\LocalService\Application Data\DivX 2009-02-23 14:59 . 2009-02-23 14:59 <DIR> d-------- c:\program files\Nero 2009-02-23 14:59 . 2009-02-23 14:59 <DIR> d-------- c:\program files\Common Files\Ahead 2009-02-23 14:59 . 2004-07-26 16:16 1,568,768 --------- c:\windows\system32\imagX7.dll 2009-02-23 14:59 . 2004-07-26 16:16 476,320 --------- c:\windows\system32\imagXpr7.dll 2009-02-23 14:59 . 2004-07-26 16:16 471,040 --------- c:\windows\system32\imagXRA7.dll 2009-02-23 14:59 . 2004-07-09 08:43 364,544 --------- c:\windows\system32\TwnLib4.dll 2009-02-23 14:59 . 2004-07-26 16:16 262,144 --------- c:\windows\system32\imagXR7.dll 2009-02-23 00:38 . 2009-02-23 00:38 <DIR> d-------- c:\documents and settings\All Users\Application Data\nView_Profiles 2009-02-22 23:14 . 2009-02-22 23:14 <DIR> d-------- c:\documents and settings\user\Application Data\Gadu-Gadu 2009-02-22 22:22 . 2009-02-22 22:22 <DIR> d-------- c:\documents and settings\All Users\Application Data\Brother 2009-02-22 22:13 . 2004-08-03 23:08 31,616 --a------ c:\windows\system32\drivers\usbccgp.sys 2009-02-22 22:13 . 2004-08-03 23:08 31,616 --a--c--- c:\windows\system32\dllcache\usbccgp.sys 2009-02-22 22:13 . 2004-08-03 23:01 25,856 --a------ c:\windows\system32\drivers\usbprint.sys 2009-02-22 22:13 . 2004-08-03 23:01 25,856 --a--c--- c:\windows\system32\dllcache\usbprint.sys 2009-02-22 16:49 . 2009-02-22 16:49 <DIR> d-------- c:\program files\Neostrada TP 2009-02-22 16:45 . 2009-03-06 14:28 46 --a------ c:\windows\adiras.ini 2009-02-22 16:44 . 2009-02-22 16:44 <DIR> d--hs---- c:\windows\ftpcache 2009-02-22 13:50 . 2009-02-22 17:12 <DIR> d-------- c:\program files\Kaspersky Lab 2009-02-22 13:39 . 2009-02-22 13:39 <DIR> d-------- c:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files 2009-02-21 18:18 . 2004-08-03 23:08 26,496 --a--c--- c:\windows\system32\dllcache\usbstor.sys 2009-02-21 01:08 . 2009-02-21 01:08 <DIR> d-------- c:\documents and settings\user\Application Data\AdobeUM 2009-02-20 21:20 . 2009-02-20 21:20 0 --a------ c:\windows\nsreg.dat 2009-02-20 20:07 . 2009-03-04 21:41 <DIR> d-------- c:\program files\Winamp 2009-02-20 20:07 . 2009-03-15 21:32 132 --a------ c:\windows\winamp.ini 2009-02-20 19:51 . 2009-02-20 19:51 <DIR> d-------- c:\program files\Gadu-Gadu 2009-02-20 19:51 . 2009-02-20 19:52 <DIR> d-------- c:\documents and settings\user\Gadu-Gadu 2009-02-20 19:43 . 2008-10-24 12:10 453,632 -----c--- c:\windows\system32\dllcache\mrxsmb.sys 2009-02-20 19:38 . 2008-12-21 00:15 6,066,688 -----c--- c:\windows\system32\dllcache\ieframe.dll 2009-02-20 19:38 . 2007-04-17 10:32 2,455,488 -----c--- c:\windows\system32\dllcache\ieapfltr.dat 2009-02-20 19:38 . 2007-03-08 06:10 991,232 -----c--- c:\windows\system32\dllcache\ieframe.dll.mui 2009-02-20 19:38 . 2008-12-21 00:15 459,264 -----c--- c:\windows\system32\dllcache\msfeeds.dll 2009-02-20 19:38 . 2008-12-21 00:15 383,488 -----c--- c:\windows\system32\dllcache\ieapfltr.dll 2009-02-20 19:38 . 2008-12-21 00:15 267,776 -----c--- c:\windows\system32\dllcache\iertutil.dll 2009-02-20 19:38 . 2008-12-21 00:15 63,488 -----c--- c:\windows\system32\dllcache\icardie.dll 2009-02-20 19:38 . 2008-12-21 00:15 52,224 -----c--- c:\windows\system32\dllcache\msfeedsbs.dll 2009-02-20 19:38 . 2008-12-19 10:10 13,824 -----c--- c:\windows\system32\dllcache\ieudinit.exe 2009-02-20 19:36 . 2008-09-04 17:42 1,106,944 -----c--- c:\windows\system32\dllcache\msxml3.dll 2009-02-20 19:36 . 2008-10-03 11:15 247,326 -----c--- c:\windows\system32\dllcache\strmdll.dll . (((((((((((((((((((((((((((((((((((((((( Sekcja Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-03-11 18:54 --------- d--h--w c:\program files\InstallShield Installation Information 2009-03-07 15:38 33,808 ----a-w c:\windows\system32\drivers\klbg.sys 2009-03-06 21:52 --------- d-----w c:\program files\Common Files\Adobe 2009-03-04 13:28 218,624 ----a-w c:\windows\system32\uxtheme.dll 2009-03-04 13:27 107 ---ha-w c:\program files\Desktop.ini 2009-02-22 23:47 --------- d-----w c:\program files\MSN Toolbar Suite 2009-02-22 12:54 --------- d-----w c:\program files\Common Files\Symantec Shared 2009-02-22 12:54 --------- d-----w c:\documents and settings\All Users\Application Data\Symantec 2009-02-09 10:19 1,846,272 ----a-w c:\windows\system32\win32k.sys 2008-12-20 23:15 931,328 ----a-w c:\windows\system32\wininet.dll . ------- Sigcheck ------- 2008-08-20 06:30 666112 9af5f25124fbdc36e2b510729cba2674 c:\windows\$hf_mig$\KB956390\SP3GDR\wininet.dll 2008-08-20 05:58 666624 94418f53d2612c26dbadc04dafbc197c c:\windows\$hf_mig$\KB956390\SP3QFE\wininet.dll 2008-12-21 00:56 827904 044e0a4e9fe97c0fb9afe9c89e2a82e6 c:\windows\$hf_mig$\KB961260-IE7\SP2QFE\wininet.dll 2004-08-10 13:00 656384 c0823fc5469663ba63e7db88f9919d70 c:\windows\$NtUninstallKB912812$\wininet.dll 2006-03-04 04:58 663552 c0845ecbf4f9164e618ee381b79c9032 c:\windows\$NtUninstallKB956390$\wininet.dll 2008-08-20 06:33 667648 c91e3a6ef094202f6b5ca8960dfcf243 c:\windows\ie7\wininet.dll 2007-08-13 18:54 818688 a4a0fc92358f39538a6494c42ef99fe9 c:\windows\ie7updates\KB961260-IE7\wininet.dll 2008-04-14 01:12 666112 7a4f775abb2f1c97def3e73afa2faedd c:\windows\SoftwareDistribution\Download\59fc8f12b80caa991163249076d0bcca\wininet.dll 2008-12-21 00:15 931328 4b5e223ff78ccff0f067972353f8372b c:\windows\system32\wininet.dll 2008-12-21 00:15 931328 4b5e223ff78ccff0f067972353f8372b c:\windows\system32\dllcache\wininet.dll 2004-08-10 13:00 2114048 c0244047052a24fa7b99b280dc6fd497 c:\windows\explorer.exe 2008-04-14 01:12 1033728 12896823fb95bfb3dc9b46bcaedc9923 c:\windows\SoftwareDistribution\Download\59fc8f12b80caa991163249076d0bcca\explorer.exe . ((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-10 15360] "TOSCDSPD"="c:\program files\TOSHIBA\TOSCDSPD\toscdspd.exe" [2005-04-12 65536] "MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-10-13 1694208] "Gadu-Gadu"="c:\program files\Gadu-Gadu\gg.exe" [2008-03-20 2127296] "STYLEXP"="c:\program files\TGTSoft\StyleXP\StyleXP.exe" [2006-05-24 1372160] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-05 64512] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-07-25 7340032] "00THotkey"="c:\windows\system32\[u]0[/u]0THotkey.exe" [2006-08-11 08:54 253952] "SmoothView"="c:\program files\TOSHIBA\Program narzędziowy TOSHIBA Zooming Utility\SmoothView.exe" [2005-05-13 118784] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2005-12-08 761947] "TouchED"="c:\program files\TOSHIBA\TouchED\TouchED.exe" [2005-09-06 98304] "PadTouch"="c:\program files\TOSHIBA\Touch and Launch\PadExe.exe" [2005-12-22 1077329] "TosHKCW.exe"="c:\program files\TOSHIBA\Wireless Hotkey\TosHKCW.exe" [2005-05-17 49152] "Kraidman"="c:\program files\TOSHIBA\TOSHIBA RAID\Console\Kraidman.exe" [2006-08-09 1093708] "DDWMon"="c:\program files\TOSHIBA\TOSHIBA Direct Disc Writer\\ddwmon.exe" [2006-04-28 262144] "IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2006-07-03 802816] "IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2006-07-02 700416] "WinampAgent"="c:\program files\Winamp\Winampa.exe" [2003-04-02 12288] "NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2006-01-12 155648] "AVP"="c:\program files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe" [2009-03-07 206088] "MSConfig"="c:\windows\pchealth\helpctr\Binaries\MSCONFIG.EXE" [2004-08-10 158208] "000StTHK"="000StTHK.exe" [2001-06-23 04:28 24576 c:\windows\system32\[u]0[/u]00StTHK.exe] "TFNF5"="TFNF5.exe" [2006-02-14 c:\windows\system32\TFNF5.exe] "AGRSMMSG"="AGRSMMSG.exe" [2005-12-13 c:\windows\agrsmmsg.exe] "NDSTray.exe"="NDSTray.exe" [BU] "TPSODDCtl"="TPSODDCtl.exe" [2006-08-10 c:\windows\system32\TPSODDCtl.exe] "TPSMain"="TPSMain.exe" [2006-08-10 c:\windows\system32\TPSMain.exe] "TFncKy"="TFncKy.exe" [BU] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-10 15360] c:\documents and settings\user\Start Menu\Programs\Startup\ Stardock ObjectDock.lnk - c:\windows\BricoPacks\Longhorn Inspirat\ObjectDock\ObjectDock.exe [2005-02-21 1826885] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2006-03-13 233472] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon] "UIHost"="c:\program files\TGTSoft\StyleXP\Logon\CurrentLogon.EXE" [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk backup=c:\windows\pss\Adobe Gamma Loader.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Desktop Search.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Windows Desktop Search.lnk backup=c:\windows\pss\Windows Desktop Search.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools-1033] --a------ 2004-08-22 17:05 81920 c:\program files\D-Tools\daemon.exe [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "c:\\Program Files\\Gadu-Gadu\\gg.exe"= "c:\\Program Files\\Microsoft Games\\Age of Empires III\\age3x.exe"= "c:\\Program Files\\Microsoft Games\\Age of Empires III\\age3y.exe"= R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [2008-01-29 33808] R2 tdudf;TOSHIBA UDF File System Driver;c:\windows\system32\drivers\tdudf.sys [2006-06-28 98816] R2 thdudf;TOSHIBA UDF2.5 Reader File System Driver;c:\windows\system32\drivers\thdudf.sys [2006-09-15 66944] R2 TOS_SPS;TOSHIBA SPS Driver;c:\program files\Common Files\TOSHIBA Shared\tos_sps.sys [2006-07-28 189184] R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [2008-04-30 24592] R3 ttv400x;TOSHIBA PCI DVB-T/Analog Hybrid Tuner;c:\windows\system32\drivers\ttv400x.sys [2006-09-15 173568] R3 X10Hid;X10 Hid Device;c:\windows\system32\drivers\x10hid.sys [2006-09-15 7040] S3 AVPsys;AVPsys;c:\windows\system32\drivers\cdaudio.sys [2001-08-17 18688] . . ------- Skan uzupełniający ------- . uSearchMigratedDefaultURL = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} uSearchURL,(Default) = hxxp://g.msn.co.uk/0SEENGB/SAOS01?FORM=TOOLBR FF - ProfilePath - c:\documents and settings\user\Application Data\Mozilla\Firefox\Profiles\z78ike3n.default\ FF - plugin: c:\program files\Java\jre1.5.0_07\bin\NPJava11.dll FF - plugin: c:\program files\Java\jre1.5.0_07\bin\NPJava12.dll FF - plugin: c:\program files\Java\jre1.5.0_07\bin\NPJava13.dll FF - plugin: c:\program files\Java\jre1.5.0_07\bin\NPJava14.dll FF - plugin: c:\program files\Java\jre1.5.0_07\bin\NPJava32.dll FF - plugin: c:\program files\Java\jre1.5.0_07\bin\NPJPI150_07.dll FF - plugin: c:\program files\Java\jre1.5.0_07\bin\NPOJI610.dll . ************************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-03-16 00:15:37 Windows 5.1.2600 Service Pack 2 NTFS skanowanie ukrytych procesów ... ? [38860] ? [65148] ? [19552] ? [23764] ? [26604] ? [47004] ? [45448] ? [50544] ? [57280] ? [57276] skanowanie ukrytych wpisów autostartu ... skanowanie ukrytych plików ... skanowanie pomyślnie ukończone ukryte pliki: 0 ************************************************************************** . Czas ukończenia: 2009-03-16 0:16:26 ComboFix-quarantined-files.txt 2009-03-15 23:16:24 Przed: 133 191 004 160 bytes free Po: 133,225,730,048 bajtów wolnych 247 --- E O F --- 2009-03-12 09:11:18

log z FixIEDef

Kod: Zaznacz wszystko: ******************************************************************************** * * * FixIEDef Log * * Version 1.7.22.7514 * * * ******************************************************************************** Created at 21:31:55 on Sunday, March 15, 2009 Time Zone : (GMT+01:00) Sarajevo, Skopje, Warsaw, Zagreb Logged On User : user Operating System : Microsoft Windows XP Professional Service Pack 2 OS Architecture : X86 System Langauge : English (United States) Keyboard Layout : English (United States) Processor : X64 Intel(R) Core(TM)2 CPU T7600 @ 2.33GHz System Drive : C:\ Windows Directory : C:\WINDOWS System Directory : C:\WINDOWS\system32 System Drive Type : Fixed System Drive Status : READY System Drive Label : System Drive Size : 147.86 GB System Drive Free : 126.96 GB Total Physical Memory: 2047 MB Free Physical Memory : 1475 MB Total Page File : 2047 MB Free Page File : 3468 MB Total Virtual Memory : 2048 MB Free Virtual Memory : 1939 MB Boot State : Normal boot -------------------------------------------------------------------------------- !!! userinit.exe is Clean !!! -------------------------------------------------------------------------------- !!! Files that have been deleted !!! C:\WINDOWS\system32\LuResult.txt -------------------------------------------------------------------------------- !!! Directories that have been removed !!! No malicious directories to be removed -------------------------------------------------------------------------------- !!! Registry entries that have been removed !!! No malicious Registry entries found ================================================================================ All Done :) ShadowPuterDude Safe Surfing!!!