nie mogę otworzyc dysków c i d

**Posty:** 5 · przez **a1ien** 20 Mar 2008, 23:40

Witam,
kiedy chcę otworzyc partycje C lub D pojawia się okno z komunikatem 'wybierz program, którego chcesz użyc do otwarcia pliku' i nic nie da sie zrobic..
wcześniej miałem jakiegoś trojana którego zwalczałem Avastem
Macie jakąś receptę na ten problem? Proszę o pomoc.

Może pomoże analiza loga?

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:33:28, on 2008-03-20
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Hewlett-Packard\hp deskjet 9300 series\Toolbox\mpm.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Gadu-Gadu\gg.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.onet.pl/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_6_0_1.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_6_0_1.dll
O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\WINDOWS\RaidTool\xInsIDE.exe
O4 - HKLM\..\Run: [36X Raid Configurer] C:\WINDOWS\system32\xRaidSetup.exe boot
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [HPWG myPrintMileage Agent] C:\Program Files\Hewlett-Packard\hp deskjet 9300 series\Toolbox\mpm.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [CorelDRAW Graphics Suite 11b] C:\Program Files\Corel\Corel Graphics 12\Languages\PL\Programs\Registration.exe /title="CorelDRAW Graphics Suite 12" /date=032608 serial=dR12WRS-8796594-FHE lang=PL
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [amva] C:\WINDOWS\system32\amvo.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /tray
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Registry Helper] "C:\Program Files\Registry Helper\RegistryHelper.Exe" /boot
O4 - HKCU\..\Run: [Disk Cleaner] "C:\Program Files\Disk Cleaner\DiskCleaner.Exe" /boot
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA LOKALNA')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA SIECIOWA')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe

--
End of file - 6363 bytes

**Posty:** 18165 · przez **wojtas** 21 Mar 2008, 17:36

Wykonaj to co jest podane w tym temacie

Zastosuj SDFix . Po pobraniu uruchom go a rozpakuje się do C:\SDFix. Uruchom komputer w trybie awaryjnym (F8 przy stracie systemu). Będąc w awaryjnym uruchom plik RunThis.bat z folderu SDFixa. Zatwierdź czyszczenie przez Y. Poczekaj aż ukończy i komputer zresetuje

Potem wejdz do folderu C:\SDFix wrzuc zawartość pliku Report.txt + log z combofixa ( jak będziesz sciągał zapisz go pod nazwa combo-fix.exe) oraz daj loga z hijacka

**Posty:** 5 · przez **a1ien** 22 Mar 2008, 11:24

Wykonałem i zamieszczam logi

SDFix

SDFix: Version 1.159

Run by admin on 2008-03-22 at 10:00

Microsoft Windows XP [Wersja 5.1.2600]
Running From: C:\SDFix

Checking Services :

Restoring Windows Registry Values
Restoring Windows Default Hosts File

Rebooting

Checking Files :

Trojan Files Found:

C:\autorun.inf - Deleted

Removing Temp Files

ADS Check :

Final Check :

catchme 0.3.1344.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-22 10:03:38
Windows 5.1.2600 Dodatek Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

scanning hidden registry entries ...

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\A\1\5\1c]
"Order"=hex:08,00,00,00,02,00,00,00,b8,01,00,00,01,00,00,00,04,00,00,00,8c,..

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0

Remaining Services :

Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Gadu-Gadu\\gg.exe"="C:\\Program Files\\Gadu-Gadu\\gg.exe:*:Enabled:Gadu-Gadu - program g˘wny"
"C:\\Program Files\\ATMEL\\WA RFMD Configuration\\WA_SNMP_Manager.exe"="C:\\Program Files\\ATMEL\\WA RFMD Configuration\\WA_SNMP_Manager.exe:*:Enabled:SnmpManager"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

Remaining Files :

File Backups: - C:\SDFix\backups\backups.zip

Files with Hidden Attributes :

Sat 8 Mar 2008 102,536 ..SHR --- "C:\v.com"
Wed 13 Feb 2008 102,211 ..SHR --- "C:\x.com"
Mon 17 Mar 2008 72,192 ..SHR --- "C:\WINDOWS\system32\amvo1.dll"
Thu 31 Jan 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\f7db876e78b88fd8276fd7d29cb7e4eb\BIT1.tmp"
Thu 31 Jan 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\22d177b61fde58f114e05dfd9b70c96d\download\BIT47.tmp"
Thu 31 Jan 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\2c7c094c07d8ab1c6d2c7df6e96d2df0\download\BIT51.tmp"
Thu 31 Jan 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\31383aab90693af2687520e301606b09\download\BIT40.tmp"
Thu 31 Jan 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\56218116adeb0961447eecf6b4b00c7a\download\BIT55.tmp"
Thu 31 Jan 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\6d09d0f1482adb9cdbb79b3d45a002d6\download\BIT56.tmp"

Finished!

ComboFix

ComboFix 08-03-21.2 - admin 2008-03-22 10:12:31.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1250.1.1045.18.3054 [GMT 1:00]
Running from: C:\Documents and Settings\admin\Pulpit\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\amvo1.dll
D:\Autorun.inf

.
((((((((((((((((((((((((( Files Created from 2008-02-22 to 2008-03-22 )))))))))))))))))))))))))))))))
.

2008-03-22 10:00 . 2008-03-22 10:00 <DIR> d-------- C:\WINDOWS\ERUNT
2008-03-22 09:52 . 2008-03-22 10:05 <DIR> d-------- C:\SDFix
2008-03-20 21:42 . 2008-03-20 21:42 <DIR> d-------- C:\Program Files\Trend Micro
2008-03-20 21:34 . 2008-03-20 21:34 <DIR> d-------- C:\Program Files\Lavasoft
2008-03-20 21:34 . 2008-03-20 21:36 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Lavasoft
2008-03-20 21:33 . 2008-03-20 21:33 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-03-16 20:58 . 2008-03-16 20:58 <DIR> d-------- C:\Program Files\ToniArts
2008-03-11 19:54 . 2008-03-11 19:54 <DIR> d-------- C:\Documents and Settings\admin\Dane aplikacji\Corel
2008-03-11 19:49 . 2008-03-11 19:49 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\InstallShield
2008-03-11 19:48 . 2008-03-11 19:48 <DIR> d-------- C:\Program Files\Corel
2008-03-11 19:48 . 2008-03-11 19:48 <DIR> d-------- C:\Program Files\Common Files\Corel
2008-03-08 08:54 . 2008-03-08 21:15 102,536 -r-hs---- C:\v.com
2008-03-06 14:31 . 2008-03-06 14:31 <DIR> d-------- C:\Program Files\ATMEL
2008-03-06 14:31 . 2001-09-19 19:24 241,664 --a------ C:\WINDOWS\system32\DartSnmp2.dll
2008-03-06 14:31 . 2001-09-19 19:24 212,992 --a------ C:\WINDOWS\system32\dartsock.dll
2008-03-06 14:31 . 2001-09-19 19:24 166,200 --a------ C:\WINDOWS\system32\msmask32.ocx
2008-03-06 14:31 . 2001-09-19 19:24 77,824 --a------ C:\WINDOWS\system32\DartService.dll
2008-03-02 09:48 . 2008-03-03 14:17 108,058 -r-hs---- C:\x6.bat
2008-02-26 16:10 . 2003-06-19 01:31 17,920 --a------ C:\WINDOWS\system32\mdimon.dll
2008-02-26 16:10 . 2008-02-26 16:10 421 --a------ C:\WINDOWS\ODBC.INI
2008-02-26 16:08 . 2008-02-26 16:09 <DIR> d-------- C:\WINDOWS\SHELLNEW
2008-02-26 16:08 . 2008-02-26 16:08 <DIR> d-------- C:\Program Files\Microsoft.NET
2008-02-26 16:04 . 2008-02-26 16:04 2,422 --a------ C:\WINDOWS\system32\wpa.bak
2008-02-26 13:07 . 2008-02-26 17:48 107,489 -r-hs---- C:\u2.cmd

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-19 18:26 --------- d-----w C:\Program Files\Teczka ArchiCADa 8.1-S
2008-03-16 19:58 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-03-11 18:48 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-02-18 21:40 --------- d-----w C:\Program Files\ESET
2008-02-18 21:40 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\ESET
2008-02-13 18:15 --------- d-----w C:\Program Files\ACAD2000
2008-02-13 17:55 --------- d-----w C:\Program Files\Common Files\Autodesk Shared
2008-02-13 17:53 102,211 --sh--r C:\x.com
2008-02-09 20:08 892,928 ----a-w C:\WINDOWS\system32\iconv.dll
2008-02-09 20:05 405,504 ----a-w C:\WINDOWS\system32\libmplayer.dll
2008-02-09 20:04 3,108,864 ----a-w C:\WINDOWS\system32\libavcodec.dll
2008-02-09 20:04 126,976 ----a-w C:\WINDOWS\system32\libmpeg2_ff.dll
2008-02-09 20:01 56,320 ----a-w C:\WINDOWS\system32\ff_unrar.dll
2008-02-09 20:01 26,624 ----a-w C:\WINDOWS\system32\ff_wmv9.dll
2008-02-09 20:01 188,416 ----a-w C:\WINDOWS\system32\ff_theora.dll
2008-02-09 20:01 143,360 ----a-w C:\WINDOWS\system32\ff_libmad.dll
2008-02-09 20:01 135,168 ----a-w C:\WINDOWS\system32\ff_samplerate.dll
2008-02-09 20:01 118,784 ----a-w C:\WINDOWS\system32\ff_realaac.dll
2008-02-09 20:01 102,912 ----a-w C:\WINDOWS\system32\ff_tremor.dll
2008-02-09 20:00 397,312 ----a-w C:\WINDOWS\system32\ff_libfaad2.dll
2008-02-09 20:00 167,936 ----a-w C:\WINDOWS\system32\ff_libdts.dll
2008-02-09 19:59 921,600 ----a-w C:\WINDOWS\system32\vorbisenc.dll
2008-02-09 19:59 54,784 ----a-w C:\WINDOWS\system32\ff_liba52.dll
2008-02-09 19:59 237,568 ----a-w C:\WINDOWS\system32\OggDS.dll
2008-02-09 19:58 45,056 ----a-w C:\WINDOWS\system32\ogg.dll
2008-02-09 19:58 188,416 ----a-w C:\WINDOWS\system32\vorbis.dll
2008-02-09 19:58 1,415,680 ----a-w C:\WINDOWS\system32\WMV9VCM.dll
2008-02-09 19:56 245,760 ----a-w C:\WINDOWS\system32\mplvpx.dll
2008-02-09 19:55 9,216 ----a-w C:\WINDOWS\system32\cpuinf32.dll
2008-02-09 19:54 391,168 ----a-w C:\WINDOWS\system32\i263_32.drv
2008-02-09 19:52 524,288 ----a-w C:\WINDOWS\system32\DivXsm.exe
2008-02-09 19:51 1,559,040 ----a-w C:\WINDOWS\system32\xvidcore.dll
2008-02-09 19:48 159,744 ----a-w C:\WINDOWS\system32\mmfinfo.dll
2008-02-09 19:48 148,480 ----a-w C:\WINDOWS\system32\mkx.dll
2008-02-09 19:48 141,312 ----a-w C:\WINDOWS\system32\mp4.dll
2008-02-09 19:48 108,032 ----a-w C:\WINDOWS\system32\avi.dll
2008-02-09 19:47 79,360 ----a-w C:\WINDOWS\system32\mkzlib.dll
2008-02-09 19:47 23,552 ----a-w C:\WINDOWS\system32\mkunicode.dll
2008-02-09 19:47 163,840 ----a-w C:\WINDOWS\system32\ts.dll
2008-02-09 19:47 120,832 ----a-w C:\WINDOWS\system32\ogm.dll
2008-02-09 19:46 --------- d-----w C:\Program Files\Real Alternative
2008-02-09 19:17 --------- d-----w C:\Program Files\MarBit
2008-02-05 23:50 --------- d-----w C:\Program Files\MSXML 4.0
2008-02-04 20:05 --------- d-----w C:\Program Files\SubEdit-Player
2008-02-04 19:57 --------- d-----w C:\Program Files\DivX
2008-02-04 19:39 --------- d-----w C:\Program Files\Alwil Software
2008-02-04 19:35 --------- d-----w C:\Program Files\Common Files\Ahead
2008-02-04 19:35 --------- d-----w C:\Documents and Settings\admin\Dane aplikacji\Ahead
2008-02-04 19:34 --------- d-----w C:\Program Files\Nero
2008-02-04 19:34 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Nero
2008-02-03 21:12 --------- d-----w C:\Program Files\Hewlett-Packard
2008-02-01 21:58 --------- d-----w C:\Documents and Settings\admin\Dane aplikacji\CyberLink
2008-02-01 21:55 --------- d-----w C:\Program Files\CyberLink
2008-02-01 21:55 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\CyberLink
2008-02-01 20:51 --------- d-----w C:\Program Files\Common Files\Adobe
2008-02-01 20:01 --------- d-----w C:\Documents and Settings\admin\Dane aplikacji\Graphisoft
2008-02-01 20:00 --------- d-----w C:\Documents and Settings\admin\Dane aplikacji\InterTrust
2008-02-01 19:59 --------- d-----w C:\Program Files\QuickTime
2008-02-01 19:59 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\QuickTime
2008-02-01 19:53 155,995 ----a-w C:\WINDOWS\java\Packages\6ZDZF5BF.ZIP
2008-01-31 20:36 --------- d-----w C:\Program Files\Gadu-Gadu
2008-01-31 20:11 --------- d-----w C:\Documents and Settings\admin\Dane aplikacji\Gadu-Gadu
2008-01-30 19:38 317,987 ----a-w C:\Program Files\setuplog.txt
2008-01-30 19:37 --------- d-----w C:\Program Files\MAXON
2008-01-29 20:47 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\ATI
2008-01-29 20:47 --------- d-----w C:\Documents and Settings\admin\Dane aplikacji\ATI
2008-01-29 20:46 --------- d-----w C:\Program Files\My Company Name
2008-01-29 20:45 --------- d-----w C:\Program Files\ATI Technologies
2008-01-29 20:43 --------- d-----w C:\Program Files\Common Files\ATI Technologies
2008-01-29 20:31 --------- d-----w C:\Program Files\Realtek
2008-01-29 20:24 15,600 ----a-w C:\WINDOWS\gdrv.sys
2008-01-29 20:09 --------- d-----w C:\Documents and Settings\admin\Dane aplikacji\InstallShield
2008-01-29 20:06 315,392 ----a-w C:\WINDOWS\HideWin.exe
2008-01-29 20:04 --------- d-----w C:\Program Files\Yahoo!
2008-01-29 20:04 --------- d-----w C:\Program Files\Intel
2008-01-29 18:56 --------- d-----w C:\Program Files\microsoft frontpage
2008-01-29 18:55 --------- d-----w C:\Program Files\Usługi online
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2006-03-02 13:00 15360]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 17:24 1694208]
"Gadu-Gadu"="C:\Program Files\Gadu-Gadu\gg.exe" [2006-10-10 16:51 1636040]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-03-12 13:49 153136]
"Registry Helper"="C:\Program Files\Registry Helper\RegistryHelper.exe" [ ]
"Disk Cleaner"="C:\Program Files\Disk Cleaner\DiskCleaner.exe" [ ]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"JMB36X IDE Setup"="C:\WINDOWS\RaidTool\xInsIDE.exe" [2007-03-20 07:36 36864]
"36X Raid Configurer"="C:\WINDOWS\system32\xRaidSetup.exe" [2007-05-25 07:07 1953792]
"RTHDCPL"="RTHDCPL.EXE" [2007-10-16 18:30 16855552 C:\WINDOWS\RTHDCPL.exe]
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 12:35 90112]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-02-01 20:59 77824]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2003-10-31 19:42 32768]
"HPWG myPrintMileage Agent"="C:\Program Files\Hewlett-Packard\hp deskjet 9300 series\Toolbox\mpm.exe" [2003-12-11 11:51 102400]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-09 18:53 153136]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 14:00 79224]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-06-16 06:03 221184]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2004-06-16 06:03 81920]
"CorelDRAW Graphics Suite 11b"="C:\Program Files\Corel\Corel Graphics 12\Languages\PL\Programs\Registration.exe" [2004-06-23 00:20 733184]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2006-03-02 13:00 15360]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Gadu-Gadu\\gg.exe"=
"C:\\Program Files\\ATMEL\\WA RFMD Configuration\\WA_SNMP_Manager.exe"=

S3 gdrv;gdrv;C:\WINDOWS\gdrv.sys [2008-01-29 21:24]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\C]
\Shell\AutoRun\command - xp19.com
\Shell\explore\Command - xp19.com
\Shell\open\Command - xp19.com

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
\Shell\AutoRun\command - xp19.com
\Shell\explore\Command - xp19.com
\Shell\open\Command - xp19.com

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{29125f82-f377-11dc-a1ed-001d7d9e4314}]
\Shell\AutoRun\command - J:\22wcb21o.exe
\Shell\explore\Command - J:\22wcb21o.exe
\Shell\open\Command - J:\22wcb21o.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6de746fb-f1ee-11dc-a1e7-001d7d9e4314}]
\Shell\AutoRun\command - J:\cayfq2.cmd
\Shell\explore\Command - J:\cayfq2.cmd
\Shell\open\Command - J:\cayfq2.cmd

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{70e6c388-d670-11dc-a177-001d7d9e4314}]
\Shell\AutoRun\command - J:\3wcxx91.cmd
\Shell\explore\Command - J:\3wcxx91.cmd
\Shell\open\Command - J:\3wcxx91.cmd

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cba1e150-d18d-11dc-a15a-001d7d9e4314}]
\Shell\AutoRun\command - J:\oufddh.exe
\Shell\explore\Command - J:\oufddh.exe
\Shell\open\Command - J:\oufddh.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d5619ef7-d034-11dc-a152-001d7d9e4314}]
\Shell\AutoRun\command - K:\h.cmd
\Shell\explore\Command - K:\h.cmd
\Shell\open\Command - K:\h.cmd

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e54b8710-cf6a-11dc-a14b-001d7d9e4314}]
\Shell\AutoRun\command - J:\h.cmd
\Shell\explore\Command - J:\h.cmd
\Shell\open\Command - J:\h.cmd

.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-22 10:13:22
Windows 5.1.2600 Dodatek Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-03-22 10:13:36
ComboFix-quarantined-files.txt 2008-03-22 09:13:34
.
2008-02-13 17:50:41 --- E O F ---

HijackThis

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:14:29, on 2008-03-22
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Hewlett-Packard\hp deskjet 9300 series\Toolbox\mpm.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Gadu-Gadu\gg.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.onet.pl/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_6_0_1.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_6_0_1.dll
O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\WINDOWS\RaidTool\xInsIDE.exe
O4 - HKLM\..\Run: [36X Raid Configurer] C:\WINDOWS\system32\xRaidSetup.exe boot
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [HPWG myPrintMileage Agent] C:\Program Files\Hewlett-Packard\hp deskjet 9300 series\Toolbox\mpm.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [CorelDRAW Graphics Suite 11b] C:\Program Files\Corel\Corel Graphics 12\Languages\PL\Programs\Registration.exe /title="CorelDRAW Graphics Suite 12" /date=032608 serial=dR12WRS-8796594-FHE lang=PL
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /tray
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Registry Helper] "C:\Program Files\Registry Helper\RegistryHelper.Exe" /boot
O4 - HKCU\..\Run: [Disk Cleaner] "C:\Program Files\Disk Cleaner\DiskCleaner.Exe" /boot
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA LOKALNA')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA SIECIOWA')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe

--
End of file - 6492 bytes

Co dalej?

**Posty:** 18165 · przez **wojtas** 22 Mar 2008, 12:09

Otworz notatnik i wklej w nim to:

File::
C:\v.com
C:\x6.bat
C:\u2.cmd
C:\x.com

Registry::
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\C]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{29125f82-f377-11dc-a1ed-001d7d9e4314}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6de746fb-f1ee-11dc-a1e7-001d7d9e4314}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{70e6c388-d670-11dc-a177-001d7d9e4314}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cba1e150-d18d-11dc-a15a-001d7d9e4314}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d5619ef7-d034-11dc-a152-001d7d9e4314}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e54b8710-cf6a-11dc-a14b-001d7d9e4314}]

Plik >>> zapisz jako CFScript.txt .Plik przeciągnij i upuść na ikonę ComboFixa (tak jak tu ) . odczekaj az wygeneruje sie nowy log i go daj na forum

**Posty:** 5 · przez **a1ien** 22 Mar 2008, 15:40

ComboFix 08-03-21.2 - admin 2008-03-22 14:36:43.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1250.1.1045.18.3010 [GMT 1:00]
Running from: C:\Documents and Settings\admin\Pulpit\ComboFix.exe
Command switches used :: C:\Documents and Settings\admin\Pulpit\CFScript.txt
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE ::
C:\u2.cmd
C:\v.com
C:\x.com
C:\x6.bat
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\u2.cmd
C:\v.com
C:\x.com
C:\x6.bat

.
((((((((((((((((((((((((( Files Created from 2008-02-22 to 2008-03-22 )))))))))))))))))))))))))))))))
.

2008-03-22 10:00 . 2008-03-22 10:00 <DIR> d-------- C:\WINDOWS\ERUNT
2008-03-22 09:52 . 2008-03-22 10:05 <DIR> d-------- C:\SDFix
2008-03-20 21:42 . 2008-03-20 21:42 <DIR> d-------- C:\Program Files\Trend Micro
2008-03-20 21:34 . 2008-03-20 21:34 <DIR> d-------- C:\Program Files\Lavasoft
2008-03-20 21:34 . 2008-03-20 21:36 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Lavasoft
2008-03-20 21:33 . 2008-03-20 21:33 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-03-16 20:58 . 2008-03-16 20:58 <DIR> d-------- C:\Program Files\ToniArts
2008-03-11 19:54 . 2008-03-11 19:54 <DIR> d-------- C:\Documents and Settings\admin\Dane aplikacji\Corel
2008-03-11 19:49 . 2008-03-11 19:49 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\InstallShield
2008-03-11 19:48 . 2008-03-11 19:48 <DIR> d-------- C:\Program Files\Corel
2008-03-11 19:48 . 2008-03-11 19:48 <DIR> d-------- C:\Program Files\Common Files\Corel
2008-03-06 14:31 . 2008-03-06 14:31 <DIR> d-------- C:\Program Files\ATMEL
2008-03-06 14:31 . 2001-09-19 19:24 241,664 --a------ C:\WINDOWS\system32\DartSnmp2.dll
2008-03-06 14:31 . 2001-09-19 19:24 212,992 --a------ C:\WINDOWS\system32\dartsock.dll
2008-03-06 14:31 . 2001-09-19 19:24 166,200 --a------ C:\WINDOWS\system32\msmask32.ocx
2008-03-06 14:31 . 2001-09-19 19:24 77,824 --a------ C:\WINDOWS\system32\DartService.dll
2008-02-26 16:10 . 2003-06-19 01:31 17,920 --a------ C:\WINDOWS\system32\mdimon.dll
2008-02-26 16:10 . 2008-02-26 16:10 421 --a------ C:\WINDOWS\ODBC.INI
2008-02-26 16:08 . 2008-02-26 16:09 <DIR> d-------- C:\WINDOWS\SHELLNEW
2008-02-26 16:08 . 2008-02-26 16:08 <DIR> d-------- C:\Program Files\Microsoft.NET
2008-02-26 16:04 . 2008-02-26 16:04 2,422 --a------ C:\WINDOWS\system32\wpa.bak

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-19 18:26 --------- d-----w C:\Program Files\Teczka ArchiCADa 8.1-S
2008-03-16 19:58 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-03-11 18:48 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-02-18 21:40 --------- d-----w C:\Program Files\ESET
2008-02-18 21:40 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\ESET
2008-02-13 18:15 --------- d-----w C:\Program Files\ACAD2000
2008-02-13 17:55 --------- d-----w C:\Program Files\Common Files\Autodesk Shared
2008-02-09 20:08 892,928 ----a-w C:\WINDOWS\system32\iconv.dll
2008-02-09 20:05 405,504 ----a-w C:\WINDOWS\system32\libmplayer.dll
2008-02-09 20:04 3,108,864 ----a-w C:\WINDOWS\system32\libavcodec.dll
2008-02-09 20:04 126,976 ----a-w C:\WINDOWS\system32\libmpeg2_ff.dll
2008-02-09 20:01 56,320 ----a-w C:\WINDOWS\system32\ff_unrar.dll
2008-02-09 20:01 26,624 ----a-w C:\WINDOWS\system32\ff_wmv9.dll
2008-02-09 20:01 188,416 ----a-w C:\WINDOWS\system32\ff_theora.dll
2008-02-09 20:01 143,360 ----a-w C:\WINDOWS\system32\ff_libmad.dll
2008-02-09 20:01 135,168 ----a-w C:\WINDOWS\system32\ff_samplerate.dll
2008-02-09 20:01 118,784 ----a-w C:\WINDOWS\system32\ff_realaac.dll
2008-02-09 20:01 102,912 ----a-w C:\WINDOWS\system32\ff_tremor.dll
2008-02-09 20:00 397,312 ----a-w C:\WINDOWS\system32\ff_libfaad2.dll
2008-02-09 20:00 167,936 ----a-w C:\WINDOWS\system32\ff_libdts.dll
2008-02-09 19:59 921,600 ----a-w C:\WINDOWS\system32\vorbisenc.dll
2008-02-09 19:59 54,784 ----a-w C:\WINDOWS\system32\ff_liba52.dll
2008-02-09 19:59 237,568 ----a-w C:\WINDOWS\system32\OggDS.dll
2008-02-09 19:58 45,056 ----a-w C:\WINDOWS\system32\ogg.dll
2008-02-09 19:58 188,416 ----a-w C:\WINDOWS\system32\vorbis.dll
2008-02-09 19:58 1,415,680 ----a-w C:\WINDOWS\system32\WMV9VCM.dll
2008-02-09 19:56 245,760 ----a-w C:\WINDOWS\system32\mplvpx.dll
2008-02-09 19:55 9,216 ----a-w C:\WINDOWS\system32\cpuinf32.dll
2008-02-09 19:54 391,168 ----a-w C:\WINDOWS\system32\i263_32.drv
2008-02-09 19:52 524,288 ----a-w C:\WINDOWS\system32\DivXsm.exe
2008-02-09 19:51 1,559,040 ----a-w C:\WINDOWS\system32\xvidcore.dll
2008-02-09 19:48 159,744 ----a-w C:\WINDOWS\system32\mmfinfo.dll
2008-02-09 19:48 148,480 ----a-w C:\WINDOWS\system32\mkx.dll
2008-02-09 19:48 141,312 ----a-w C:\WINDOWS\system32\mp4.dll
2008-02-09 19:48 108,032 ----a-w C:\WINDOWS\system32\avi.dll
2008-02-09 19:47 79,360 ----a-w C:\WINDOWS\system32\mkzlib.dll
2008-02-09 19:47 23,552 ----a-w C:\WINDOWS\system32\mkunicode.dll
2008-02-09 19:47 163,840 ----a-w C:\WINDOWS\system32\ts.dll
2008-02-09 19:47 120,832 ----a-w C:\WINDOWS\system32\ogm.dll
2008-02-09 19:46 --------- d-----w C:\Program Files\Real Alternative
2008-02-09 19:17 --------- d-----w C:\Program Files\MarBit
2008-02-05 23:50 --------- d-----w C:\Program Files\MSXML 4.0
2008-02-04 20:05 --------- d-----w C:\Program Files\SubEdit-Player
2008-02-04 19:57 --------- d-----w C:\Program Files\DivX
2008-02-04 19:39 --------- d-----w C:\Program Files\Alwil Software
2008-02-04 19:35 --------- d-----w C:\Program Files\Common Files\Ahead
2008-02-04 19:35 --------- d-----w C:\Documents and Settings\admin\Dane aplikacji\Ahead
2008-02-04 19:34 --------- d-----w C:\Program Files\Nero
2008-02-04 19:34 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Nero
2008-02-03 21:12 --------- d-----w C:\Program Files\Hewlett-Packard
2008-02-01 21:58 --------- d-----w C:\Documents and Settings\admin\Dane aplikacji\CyberLink
2008-02-01 21:55 --------- d-----w C:\Program Files\CyberLink
2008-02-01 21:55 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\CyberLink
2008-02-01 20:51 --------- d-----w C:\Program Files\Common Files\Adobe
2008-02-01 20:01 --------- d-----w C:\Documents and Settings\admin\Dane aplikacji\Graphisoft
2008-02-01 20:00 --------- d-----w C:\Documents and Settings\admin\Dane aplikacji\InterTrust
2008-02-01 19:59 --------- d-----w C:\Program Files\QuickTime
2008-02-01 19:59 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\QuickTime
2008-02-01 19:53 155,995 ----a-w C:\WINDOWS\java\Packages\6ZDZF5BF.ZIP
2008-01-31 20:36 --------- d-----w C:\Program Files\Gadu-Gadu
2008-01-31 20:11 --------- d-----w C:\Documents and Settings\admin\Dane aplikacji\Gadu-Gadu
2008-01-30 19:38 317,987 ----a-w C:\Program Files\setuplog.txt
2008-01-30 19:37 --------- d-----w C:\Program Files\MAXON
2008-01-29 20:47 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\ATI
2008-01-29 20:47 --------- d-----w C:\Documents and Settings\admin\Dane aplikacji\ATI
2008-01-29 20:46 --------- d-----w C:\Program Files\My Company Name
2008-01-29 20:45 --------- d-----w C:\Program Files\ATI Technologies
2008-01-29 20:43 --------- d-----w C:\Program Files\Common Files\ATI Technologies
2008-01-29 20:31 --------- d-----w C:\Program Files\Realtek
2008-01-29 20:24 15,600 ----a-w C:\WINDOWS\gdrv.sys
2008-01-29 20:09 --------- d-----w C:\Documents and Settings\admin\Dane aplikacji\InstallShield
2008-01-29 20:06 315,392 ----a-w C:\WINDOWS\HideWin.exe
2008-01-29 20:04 --------- d-----w C:\Program Files\Yahoo!
2008-01-29 20:04 --------- d-----w C:\Program Files\Intel
2008-01-29 18:56 --------- d-----w C:\Program Files\microsoft frontpage
2008-01-29 18:55 --------- d-----w C:\Program Files\Usługi online
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2006-03-02 13:00 15360]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 17:24 1694208]
"Gadu-Gadu"="C:\Program Files\Gadu-Gadu\gg.exe" [2006-10-10 16:51 1636040]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-03-12 13:49 153136]
"Registry Helper"="C:\Program Files\Registry Helper\RegistryHelper.exe" [ ]
"Disk Cleaner"="C:\Program Files\Disk Cleaner\DiskCleaner.exe" [ ]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"JMB36X IDE Setup"="C:\WINDOWS\RaidTool\xInsIDE.exe" [2007-03-20 07:36 36864]
"36X Raid Configurer"="C:\WINDOWS\system32\xRaidSetup.exe" [2007-05-25 07:07 1953792]
"RTHDCPL"="RTHDCPL.EXE" [2007-10-16 18:30 16855552 C:\WINDOWS\RTHDCPL.exe]
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 12:35 90112]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-02-01 20:59 77824]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2003-10-31 19:42 32768]
"HPWG myPrintMileage Agent"="C:\Program Files\Hewlett-Packard\hp deskjet 9300 series\Toolbox\mpm.exe" [2003-12-11 11:51 102400]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-09 18:53 153136]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 14:00 79224]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-06-16 06:03 221184]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2004-06-16 06:03 81920]
"CorelDRAW Graphics Suite 11b"="C:\Program Files\Corel\Corel Graphics 12\Languages\PL\Programs\Registration.exe" [2004-06-23 00:20 733184]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2006-03-02 13:00 15360]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Gadu-Gadu\\gg.exe"=
"C:\\Program Files\\ATMEL\\WA RFMD Configuration\\WA_SNMP_Manager.exe"=

S3 gdrv;gdrv;C:\WINDOWS\gdrv.sys [2008-01-29 21:24]

.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-22 14:37:32
Windows 5.1.2600 Dodatek Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-03-22 14:37:44
ComboFix-quarantined-files.txt 2008-03-22 13:37:43
ComboFix2.txt 2008-03-22 09:13:36
.
2008-02-13 17:50:41 --- E O F ---

**Posty:** 18165 · przez **wojtas** 22 Mar 2008, 16:55

czysto jak sytuacja z kompem?

**Posty:** 5 · przez **a1ien** 22 Mar 2008, 21:21

Partycje się otwierają. Można normalnie pracowac. Wielkie dzięki!!
Avast nadal znajduje kilkaset zarażonych plików. Co z tym robic?

**Posty:** 237 · przez **Kuba1** 22 Mar 2008, 22:00

Pokaż raport ze skanowania Avastem, oraz raport ze skanowania http://www.kaspersky.com/virusscanner

**Posty:** 5 · przez **a1ien** 24 Mar 2008, 23:29

Wrzucam raport z Kasperskiego bo z Avasta nie moge znaleśc. Gdzie go szukac?

-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Monday, March 24, 2008 10:17:31 PM
Operating System: Microsoft Windows XP Home Edition, Dodatek Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 24/03/2008
Kaspersky Anti-Virus database records: 593625
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: standard
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
C:\
D:\
E:\
F:\
G:\
H:\
I:\

Scan Statistics:
Total number of scanned objects: 153218
Number of viruses found: 24
Number of infected objects: 286
Number of suspicious objects: 0
Duration of the scan process: 00:39:20

Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\admin\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\admin\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\admin\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\admin\Ustawienia lokalne\Dane aplikacji\Ahead\Nero Home\bl.db Object is locked skipped
C:\Documents and Settings\admin\Ustawienia lokalne\Dane aplikacji\Ahead\Nero Home\is2.db Object is locked skipped
C:\Documents and Settings\admin\Ustawienia lokalne\Dane aplikacji\Identities\{FDA60735-95F4-43F9-BC8C-72123F6A5EBB}\Microsoft\Outlook Express\Folders.dbx Object is locked skipped
C:\Documents and Settings\admin\Ustawienia lokalne\Dane aplikacji\Identities\{FDA60735-95F4-43F9-BC8C-72123F6A5EBB}\Microsoft\Outlook Express\Offline.dbx Object is locked skipped
C:\Documents and Settings\admin\Ustawienia lokalne\Dane aplikacji\Microsoft\Media Player\CurrentDatabase_59R.wmdb Object is locked skipped
C:\Documents and Settings\admin\Ustawienia lokalne\Dane aplikacji\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\admin\Ustawienia lokalne\Dane aplikacji\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\admin\Ustawienia lokalne\Historia\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\admin\Ustawienia lokalne\Historia\History.IE5\MSHist012008032420080325\index.dat Object is locked skipped
C:\Documents and Settings\admin\Ustawienia lokalne\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\All Users\Dane aplikacji\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users\Dane aplikacji\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Ustawienia lokalne\Dane aplikacji\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Ustawienia lokalne\Dane aplikacji\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Ustawienia lokalne\Historia\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Ustawienia lokalne\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Ustawienia lokalne\Dane aplikacji\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Ustawienia lokalne\Dane aplikacji\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\aswResp.dat Object is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\Avast4.db Object is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\integ\avast.int Object is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\log\nshield.log Object is locked skipped
C:\RECYCLER\S-1-5-21-796845957-1303643608-839522115-1004\Dc2124.dll Infected: Worm.Win32.AutoRun.clb skipped
C:\RECYCLER\S-1-5-21-796845957-1303643608-839522115-1004\Dc2140.dll Infected: Trojan-PSW.Win32.OnLineGames.sfd skipped
C:\RECYCLER\S-1-5-21-796845957-1303643608-839522115-1004\Dc2147.dll Infected: Trojan-PSW.Win32.OnLineGames.skg skipped
C:\RECYCLER\S-1-5-21-796845957-1303643608-839522115-1004\Dc2150.dll Infected: Trojan-PSW.Win32.OnLineGames.rvj skipped
C:\RECYCLER\S-1-5-21-796845957-1303643608-839522115-1004\Dc2151.dll Infected: Trojan-PSW.Win32.OnLineGames.snt skipped
C:\RECYCLER\S-1-5-21-796845957-1303643608-839522115-1004\Dc2152.dll Infected: Trojan.Win32.Pakes.cgq skipped
C:\RECYCLER\S-1-5-21-796845957-1303643608-839522115-1004\Dc2160.dll Infected: Worm.Win32.AutoRun.cvx skipped
C:\RECYCLER\S-1-5-21-796845957-1303643608-839522115-1004\Dc2164.dll Infected: Worm.Win32.AutoRun.cur skipped
C:\RECYCLER\S-1-5-21-796845957-1303643608-839522115-1004\Dc2167.dll Infected: Trojan-PSW.Win32.OnLineGames.sny skipped
C:\RECYCLER\S-1-5-21-796845957-1303643608-839522115-1004\Dc2174.dll Infected: Rootkit.Win32.Agent.zh skipped
C:\RECYCLER\S-1-5-21-796845957-1303643608-839522115-1004\Dc2182.dll Infected: Trojan.Win32.Pakes.cgo skipped
C:\RECYCLER\S-1-5-21-796845957-1303643608-839522115-1004\Dc2193.dll Infected: Trojan.Win32.Inject.r skipped
C:\RECYCLER\S-1-5-21-796845957-1303643608-839522115-1004\Dc2201.dll Infected: Trojan-PSW.Win32.OnLineGames.udq skipped
C:\RECYCLER\S-1-5-21-796845957-1303643608-839522115-1004\Dc3238.sys Infected: Trojan-PSW.Win32.OnLineGames.uam skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{9990BDC8-31D6-4E88-B1B9-F8D5C861F31C}\RP21\A0003425.inf Infected: Trojan-PSW.Win32.OnLineGames.qmf skipped
C:\System Volume Information\_restore{9990BDC8-31D6-4E88-B1B9-F8D5C861F31C}\RP21\A0003435.inf Infected: Trojan-PSW.Win32.OnLineGames.qmf skipped
C:\System Volume Information\_restore{9990BDC8-31D6-4E88-B1B9-F8D5C861F31C}\RP21\A0003445.inf Infected: Trojan-PSW.Win32.OnLineGames.qmf skipped
C:\System Volume Information\_restore{9990BDC8-31D6-4E88-B1B9-F8D5C861F31C}\RP21\A0003456.inf Infected: Trojan-PSW.Win32.OnLineGames.qmf skipped
C:\System Volume Information\_restore{9990BDC8-31D6-4E88-B1B9-F8D5C861F31C}\RP21\A0003466.inf Infected: Trojan-PSW.Win32.OnLineGames.qmf skipped
C:\System Volume Information\_restore{9990BDC8-31D6-4E88-B1B9-F8D5C861F31C}\RP21\A0003478.inf Infected: Trojan-PSW.Win32.OnLineGames.qmf skipped
C:\System Volume Information\_restore{9990BDC8-31D6-4E88-B1B9-F8D5C861F31C}\RP21\A0003489.inf Infected: Trojan-PSW.Win32.OnLineGames.qmf skipped
C:\System Volume Information\_restore{9990BDC8-31D6-4E88-B1B9-F8D5C861F31C}\RP21\A0003499.inf Infected: Trojan-PSW.Win32.OnLineGames.qmf skipped
C:\System Volume Information\_restore{9990BDC8-31D6-4E88-B1B9-F8D5C861F31C}\RP22\A0003511.inf Infected: Trojan-PSW.Win32.OnLineGames.qmf skipped
C:\System Volume Information\_restore{9990BDC8-31D6-4E88-B1B9-F8D5C861F31C}\RP23\A0003516.inf Infected: Trojan-PSW.Win32.OnLineGames.qmf skipped
C:\System Volume Information\_restore{9990BDC8-31D6-4E88-B1B9-F8D5C861F31C}\RP24\A0003549.inf Infected: Trojan-PSW.Win32.OnLineGames.qmf skipped
C:\System Volume Information\_restore{9990BDC8-31D6-4E88-B1B9-F8D5C861F31C}\RP24\A0003579.inf Infected: Trojan-PSW.Win32.OnLineGames.qmf skipped
C:\System Volume Information\_restore{9990BDC8-31D6-4E88-B1B9-F8D5C861F31C}\RP24\A0003589.inf Infected: Trojan-PSW.Win32.OnLineGames.qmf skipped
C:\System Volume Information\_restore{9990BDC8-31D6-4E88-B1B9-F8D5C861F31C}\RP24\A0003599.inf Infected: Trojan-PSW.Win32.OnLineGames.qmf skipped
C:\System Volume Information\_restore{9990BDC8-31D6-4E88-B1B9-F8D5C861F31C}\RP24\A0003612.inf Infected: Trojan-PSW.Win32.OnLineGames.qmf skipped
C:\System Volume Information\_restore{9990BDC8-31D6-4E88-B1B9-F8D5C861F31C}\RP25\A0003616.inf Infected: Trojan-PSW.Win32.OnLineGames.qmf skipped
C:\System Volume Information\_restore{9990BDC8-31D6-4E88-B1B9-F8D5C861F31C}\RP26\A0003675.inf Infected: Trojan-PSW.Win32.OnLineGames.qmf skipped
C:\System Volume Information\_restore{9990BDC8-31D6-4E88-B1B9-F8D5C861F31C}\RP26\A0003732.inf Infected: Trojan-PSW.Win32.OnLineGames.qmf skipped
C:\System Volume Information\_restore{9990BDC8-31D6-4E88-B1B9-F8D5C861F31C}\RP26\A0003742.inf Infected: Trojan-PSW.Win32.OnLineGames.qmf skipped
C:\System Volume Information\_restore{9990BDC8-31D6-4E88-B1B9-F8D5C861F31C}\RP27\A0003765.inf Infected: Trojan-PSW.Win32.OnLineGames.qmf skipped
C:\System Volume Information\_restore{9990BDC8-31D6-4E88-B1B9-F8D5C861F31C}\RP27\A0003779.inf Infected: Trojan-PSW.Win32.OnLineGames.qmf skipped
C:\System Volume Information\_restore{9990BDC8-31D6-4E88-B1B9-F8D5C861F31C}\RP28\A0003814.inf Infected: Trojan-PSW.Win32.OnLineGames.qmf skipped
C:\System Volume Information\_restore{9990BDC8-31D6-4E88-B1B9-F8D5C861F31C}\RP28\A0003829.inf Infected: Trojan-PSW.Win32.OnLineGames.qmf skipped
C:\System Volume Information\_restore{9990BDC8-31D6-4E88-B1B9-F8D5C861F31C}\RP28\A0003841.inf Infected: Trojan-PSW.Win32.OnLineGames.qmf skipped
C:\System Volume Information\_restore{9990BDC8-31D6-4E88-B1B9-F8D5C861F31C}\RP28\A0003871.inf Infected: Trojan-PSW.Win32.OnLineGames.qmf skipped
C:\System Volume Information\_restore{9990BDC8-31D6-4E88-B1B9-F8D5C861F31C}\RP29\A0003907.inf Infected: Trojan-PSW.Win32.OnLineGames.rem skipped
C:\System Volume Information\_restore{9990BDC8-31D6-4E88-B1B9-F8D5C861F31C}\RP29\A0003919.inf Infected: Trojan-PSW.Win32.OnLineGames.rem skipped
C:\System Volume Information\_restore{9990BDC8-31D6-4E88-B1B9-F8D5C861F31C}\RP29\A0003931.inf Infected: Trojan-PSW.Win32.OnLineGames.rem skipped
C:\System Volume Information\_restore{9990BDC8-31D6-4E88-B1B9-F8D5C861F31C}\RP29\A0003942.inf Infected: Trojan-PSW.Win32.OnLineGames.rem skipped
C:\System Volume Information\_restore{9990BDC8-31D6-4E88-B1B9-F8D5C861F31C}\RP30\A0003947.inf Infected: Trojan-PSW.Win32.OnLineGames.rem skipped
C:\System Volume Information\_restore{9990BDC8-31D6-4E88-B1B9-F8D5C861F31C}\RP30\A0004944.inf Infected: Trojan-PSW.Win32.OnLineGames.rem skipped
C:\System Volume Information\_restore{9990BDC8-31D6-4E88-B1B9-F8D5C861F31C}\RP30\A0004962.inf Infected: Trojan-PSW.Win32.OnLineGames.rem skipped
C:\System Volume Information\_restore{9990BDC8-31D6-4E88-B1B9-F8D5C861F31C}\RP30\A0004973.inf Infected: Trojan-PSW.Win32.OnLineGames.rem skipped
C:\System Volume Information\_restore{9990BDC8-31D6-4E88-B1B9-F8D5C861F31C}\RP30\A0004984.inf Infected: Trojan-PSW.Win32.OnLineGames.rem skipped
C:\System Volume Information\_restore{9990BDC8-31D6-4E88-B1B9-F8D5C861F31C}\RP31\A0004990.inf Infected: Trojan-PSW.Win32.OnLineGames.rem skipped
C:\System Volume Information\_restore{9990BDC8-31D6-4E88-B1B9-F8D5C861F31C}\RP31\A0005003.inf Infected: Trojan-PSW.Win32.OnLineGames.rem skipped
C:\System Volume Information\_restore{9990BDC8-31D6-4E88-B1B9-F8D5C861F31C}\RP31\A0005013.inf Infected: Trojan-PSW.Win32.OnLineGames.rem skipped
C:\System Volume Information\_restore{9990BDC8-31D6-4E88-B1B9-F8D5C861F31C}\RP31\A0005028.inf Infected: Trojan-PSW.Win32.OnLineGames.rem skipped
C:\System Volume Information\_restore{9990BDC8-31D6-4E88-B1B9-F8D5C861F31C}\RP31\A0005044.inf Infected: Trojan-PSW.Win32.OnLineGames.rem skipped
C:\System Volume Information\_restore{9990BDC8-31D6-4E88-B1B9-F8D5C861F31C}\RP31\A0005060.inf Infected: Trojan-PSW.Win32.OnLineGames.rem skipped
C:\System Volume Information\_restore{9990BDC8-31D6-4E88-B1B9-F8D5C861F31C}\RP31\A0005073.inf Infected: Trojan-PSW.Win32.OnLineGames.rem skipped
C:\System Volume Information\_restore{9990BDC8-31D6-4E88-B1B9-F8D5C861F31C}\RP31\A0005096.inf Infected: Trojan-PSW.Win32.OnLineGames.rem skipped
C:\System Volume Information\_restore{9990BDC8-31D6-4E88-B1B9-F8D5C861F31C}\RP32\A0005101.inf Infected: Trojan-PSW.Win32.OnLineGames.rem skipped
C:\System Volume Information\_restore{9990BDC8-31D6-4E88-B1B9-F8D5C861F31C}\RP32\A0005114.inf Infected: Trojan-PSW.Win32.OnLineGames.rem skipped
C:\System Volume Information\_restore{9990BDC8-31D6-4E88-B1B9-F8D5C861F31C}\RP32\A0005126.inf Infected: Trojan-PSW.Win32.OnLineGames.rem skipped
C:\System Volume Information\_restore{9990BDC8-31D6-4E88-B1B9-F8D5C861F31C}\RP32\A0005138.inf Infected: Trojan-PSW.Win32.OnLineGames.rem skipped
C:\System Volume Information\_restore{9990BDC8-31D6-4E88-B1B9-F8D5C861F31C}\RP32\A0005150.inf Infected: Trojan-PSW.Win32.OnLineGames.rem skipped
C:\System Volume Information\_restore{9990BDC8-31D6-4E88-B1B9-F8D5C861F31C}\RP32\A0005162.inf Infected: Trojan-PSW.Win32.OnLineGames.rem skipped
C:\System Volume Information\_restore{9990BDC8-31D6-4E88-B1B9-F8D5C861F31C}\RP32\A0005175.inf Infected: Trojan-PSW.Win32.OnLineGames.rem skipped
C:\System Volume Information\_restore{9990BDC8-31D6-4E88-B1B9-F8D5C861F31C}\RP33\A0005180.inf Infected: Trojan-PSW.Win32.OnLineGames.rem skipped
C:\System Volume Information\_restore{9990BDC8-31D6-4E88-B1B9-F8D5C861F31C}\RP33\A0005197.inf Infected: Trojan-PSW.Win32.OnLineGames.rem skipped
C:\System Volume Information\_restore{9990BDC8-31D6-4E88-B1B9-F8D5C861F31C}\RP37\A0006476.inf Infected: Trojan-PSW.Win32.OnLineGames.rem skipped
C:\System Volume Information\_restore{9990BDC8-31D6-4E88-B1B9-F8D5C861F31C}\RP37\A0006492.inf Infected: Trojan-PSW.Win32.OnLineGames.rem skipped
C:\System Volume Information\_restore{9990BDC8-31D6-4E88-B1B9-F8D5C861F31C}\RP38\A0007510.inf Infected: Trojan-PSW.Win32.OnLineGames.rem skipped
C:\System Volume Information\_restore{9990BDC8-31D6-4E88-B1B9-F8D5C861F31C}\RP38\A0007530.inf Infected: Trojan-PSW.Win32.OnLineGames.rem skipped
C:\System Volume Information\_restore{9990BDC8-31D6-4E88-B1B9-F8D5C861F31C}\RP38\A0007545.inf Infected: Trojan-PSW.Win32.OnLineGames.rem skipped
C:\System Volume Information\_restore{9990BDC8-31D6-4E88-B1B9-F8D5C861F31C}\RP39\A0007553.inf Infected: Trojan-PSW.Win32.OnLineGames.rem skipped
C:\System Volume Information\_restore{9990BDC8-31D6-4E88-B1B9-F8D5C861F31C}\RP39\A0007573.inf Infected: Trojan-PSW.Win32.OnLineGames.rem skipped
C:\System Volume Information\_restore{9990BDC8-31D6-4E88-B1B9-F8D5C861F31C}\RP39\A0007590.inf Infected: Trojan-PSW.Win32.OnLineGames.rem skipped
C:\System Volume Information\_restore{9990BDC8-31D6-4E88-B1B9-F8D5C861F31C}\RP39\A0007608.inf Infected: Trojan-PSW.Win32.OnLineGames.rem skipped
C:\System Volume Information\_restore{9990BDC8-31D6-4E88-B1B9-F8D5C861F31C}\RP39\A0007620.inf Infected: Trojan-PSW.Win32.OnLineGames.rem skipped
C:\System Volume Information\_restore{9990BDC8-31D6-4E88-B1B9-F8D5C861F31C}\RP39\A0007635.inf Infected: Trojan-PSW.Win32.OnLineGames.rem skipped
C:\System Volume Information\_restore{9990BDC8-31D6-4E88-B1B9-F8D5C861F31C}\RP40\A0007645.inf Infected: Trojan-PSW.Win32.OnLineGames.rem skipped
C:\System Volume Information\_restore{9990BDC8-31D6-4E88-B1B9-F8D5C861F31C}\RP41\A0007654.inf Infected: Trojan-PSW.Win32.OnLineGames.rem skipped
C:\System Volume Information\_restore{9990BDC8-31D6-4E88-B1B9-F8D5C861F31C}\RP41\A0008638.inf Infected: Trojan-PSW.Win32.OnLineGames.rem skipped
C:\System Volume Information\_restore{9990BDC8-31D6-4E88-B1B9-F8D5C861F31C}\RP41\A0009637.inf Infected: Trojan-PSW.Win32.OnLineGames.rem skipped
C:\System Volume Information\_restore{9990BDC8-31D6-4E88-B1B9-F8D5C861F31C}\RP41\A0012717.inf Infected: Trojan-PSW.Win32.OnLineGames.rem skipped
C:\System Volume Information\_restore{9990BDC8-31D6-4E88-B1B9-F8D5C861F31C}\RP41\A0013785.inf Infected: Worm.Win32.AutoRun.cpq skipped
C:\System Volume Information\_restore{9990BDC8-31D6-4E88-B1B9-F8D5C861F31C}\RP42\A0013795.inf Infected: Worm.Win32.AutoRun.cpq skipped
C:\System Volume Information\_restore{9990BDC8-31D6-4E88-B1B9-F8D5C861F31C}\RP42\A0014788.inf Infected: Worm.Win32.AutoRun.cpq skipped
C:\System Volume Information\_restore{9990BDC8-31D6-4E88-B1B9-F8D5C861F31C}\RP42\A0014814.inf Infected: Trojan-PSW.Win32.OnLineGames.rry skipped
C:\System Volume Information\_restore{9990BDC8-31D6-4E88-B1B9-F8D5C861F31C}\RP43\A0014830.inf Infected: Trojan-PSW.Win32.OnLineGames.rry skipped
C:\System Volume Information\_restore{9990BDC8-31D6-4E88-B1B9-F8D5C861F31C}\RP43\A0014852.inf Infected: Trojan-PSW.Win32.OnLineGames.rry skipped
C:\System Volume Information\_restore{9990BDC8-31D6-4E88-B1B9-F8D5C861F31C}\RP43\A0014865.inf Infected: Trojan-PSW.Win32.OnLineGames.rry skipped
C:\System Volume Information\_restore{9990BDC8-31D6-4E88-B1B9-F8D5C861F31C}\RP43\A0014883.inf Infected: Trojan-PSW.Win32.OnLineGames.rry skipped
C:\System Volume Information\_restore{9990BDC8-31D6-4E88-B1B9-F8D5C861F31C}\RP43\A0014895.inf Infected: Trojan-PSW.Win32.OnLineGames.rry skipped
C:\System Volume Information\_restore{9990BDC8-31D6-4E88-B1B9-F8D5C861F31C}\RP44\A0014903.inf Infected: Trojan-PSW.Win32.OnLineGames.rry skipped
C:\System Volume Information\_restore{9990BDC8-31D6-4E88-B1B9-F8D5C861F31C}\RP44\A0014929.inf Infected: Trojan-PSW.Win32.OnLineGames.rry skipped
C:\System Volume Information\_restore{9990BDC8-31D6-4E88-B1B9-F8D5C861F31C}\RP44\A0014955.inf Infected: Trojan-PSW.Win32.OnLineGames.rry skipped
C:\System Volume Information\_restore{9990BDC8-31D6-4E88-B1B9-F8D5C861F31C}\RP44\A0014968.inf Infected: Trojan-PSW.Win32.OnLineGames.rry skipped
C:\System Volume Information\_restore{9990BDC8-31D6-4E88-B1B9-F8D5C861F31C}\RP44\A0014982.inf Infected: Trojan-PSW.Win32.OnLineGames.rry skipped
C:\System Volume Information\_restore{9990BDC8-31D6-4E88-B1B9-F8D5C861F31C}\RP45\A0014988.inf Infected: Trojan-PSW.Win32.OnLineGames.rry skipped
C:\System Volume Information\_restore{9990BDC8-31D6-4E88-B1B9-F8D5C861F31C}\RP45\A0015026.inf Infected: Trojan-PSW.Win32.OnLineGames.rry skipped
C:\System Volume Information\_restore{9990BDC8-31D6-4E88-B1B9-F8D5C861F31C}\RP46\A0015044.inf Infected: Trojan-PSW.Win32.OnLineGames.rry skipped
C:\System Volume Information\_restore{9990BDC8-31D6-4E88-B1B9-F8D5C861F31C}\RP46\A0015061.inf Infected: Trojan-PSW.Win32.OnLineGames.rry skipped
C:\System Volume Information\_restore{9990BDC8-31D6-4E88-B1B9-F8D5C861F31C}\RP46\A0015079.inf Infected: Trojan-PSW.Win32.OnLineGames.rry skipped
C:\System Volume Information\_restore{9990BDC8-31D6-4E88-B1B9-F8D5C861F31C}\RP46\A0015093.inf Infected: Trojan-PSW.Win32.OnLineGames.rry skipped
C:\System Volume Information\_restore{9990BDC8-31D6-4E88-B1B9-F8D5C861F31C}\RP46\A0015105.inf Infected: Trojan-PSW.Win32.OnLineGames.rry skipped
C:\System Volume Information\_restore{9990BDC8-31D6-4E88-B1B9-F8D5C861F31C}\RP47\A0015119.inf Infected: Trojan-PSW.Win32.OnLineGames.rry skipped
C:\System Volume Information\_restore{9990BDC8-31D6-4E88-B1B9-F8D5C861F31C}\RP47\A0015146.inf Infected: Trojan-PSW.Win32.OnLineGames.rry skipped
C:\System Volume Information\_restore{9990BDC8-31D6-4E88-B1B9-F8D5C861F31C}\RP47\A0015158.inf Infected: Trojan-PSW.Win32.OnLineGames.rry skipped
C:\System Volume Information\_restore{9990BDC8-31D6-4E88-B1B9-F8D5C861F31C}\RP47\A0015170.inf Infected: Trojan-PSW.Win32.OnLineGames.ryg skipped
C:\System Volume Information\_restore{9990BDC8-31D6-4E88-B1B9-F8D5C861F31C}\RP48\A0015182.inf Infected: Trojan-PSW.Win32.OnLineGames.ryg skipped
C:\System Volume Information\_restore{9990BDC8-31D6-4E88-B1B9-F8D5C861F31C}\RP48\A0016174.inf Infected: Trojan-PSW.Win32.OnLineGames.ryg skipped
C:\System Volume Information\_restore{9990BDC8-31D6-4E88-B1B9-F8D5C861F31C}\RP48\A0016186.inf Infected: Trojan-PSW.Win32.OnLineGames.ryg skipped
C:\System Volume Information\_restore{9990BDC8-31D6-4E88-B1B9-F8D5C861F31C}\RP48\A0016215.inf Infected: Trojan-PSW.Win32.OnLineGames.ryg skipped
C:\System Volume Information\_restore{9990BDC8-31D6-4E88-B1B9-F8D5C861F31C}\RP49\A0016220.inf Infected: Trojan-PSW.Win32.OnLineGames.ryg skipped
C:\System Volume Information\_restore{9990BDC8-31D6-4E88-B1B9-F8D5C861F31C}\RP49\A0016237.inf Infected: Trojan-PSW.Win32.OnLineGames.ryg skipped
C:\System Volume Information\_restore{9990BDC8-31D6-4E88-B1B9-F8D5C861F31C}\RP49\A0016248.inf Infected: Trojan-PSW.Win32.OnLineGames.skg skipped
C:\System Volume Information\_restore{9990BDC8-31D6-4E88-B1B9-F8D5C861F31C}\RP49\A0016266.inf Infected: Trojan-PSW.Win32.OnLineGames.skg skipped
C:\System Volume Information\_restore{9990BDC8-31D6-4E88-B1B9-F8D5C861F31C}\RP50\A0016278.inf Infected: Trojan-PSW.Win32.OnLineGames.skg skipped
C:\System Volume Information\_restore{9990BDC8-31D6-4E88-B1B9-F8D5C861F31C}\RP50\A0016310.inf Infected: Trojan-PSW.Win32.OnLineGames.skg skipped
C:\System Volume Information\_restore{9990BDC8-31D6-4E88-B1B9-F8D5C861F31C}\RP51\A0016337.inf Infected: Trojan-PSW.Win32.OnLineGames.skg skipped
C:\System Volume Information\_restore{9990BDC8-31D6-4E88-B1B9-F8D5C861F31C}\RP51\A0016349.inf Infected: Trojan-PSW.Win32.OnLineGames.skg skipped
C:\System Volume Information\_restore{9990BDC8-31D6-4E88-B1B9-F8D5C861F31C}\RP51\A0016369.inf Infected: Trojan-PSW.Win32.OnLineGames.skg skipped
C:\System Volume Information\_restore{9990BDC8-31D6-4E88-B1B9-F8D5C861F31C}\RP52\A0016425.inf Infected: Trojan-PSW.Win32.OnLineGames.skg skipped
C:\System Volume Information\_restore{9990BDC8-31D6-4E88-B1B9-F8D5C861F31C}\RP52\A0016445.inf Infected: Trojan-PSW.Win32.OnLineGames.skg skipped
C:\System Volume Information\_restore{9990BDC8-31D6-4E88-B1B9-F8D5C861F31C}\RP54\A0016614.inf Infected: Worm.Win32.AutoRun.cvx skipped
C:\System Volume Information\_restore{9990BDC8-31D6-4E88-B1B9-F8D5C861F31C}\RP55\A0016618.inf Infected: Worm.Win32.AutoRun.cvx skipped
C:\System Volume Information\_restore{9990BDC8-31D6-4E88-B1B9-F8D5C861F31C}\RP55\A0016639.inf Infected: Worm.Win32.AutoRun.cvx skipped
C:\System Volume Information\_restore{9990BDC8-31D6-4E88-B1B9-F8D5C861F31C}\RP55\A0016649.inf Infected: Worm.Win32.AutoRun.cvx skipped
C:\System Volume Information\_restore{9990BDC8-31D6-4E88-B1B9-F8D5C861F31C}\RP55\A0016666.inf Infected: Worm.Win32.AutoRun.cvx skipped
C:\System Volume Information\_restore{9990BDC8-31D6-4E88-B1B9-F8D5C861F31C}\RP55\A0016676.inf Infected: Worm.Win32.AutoRun.cvx skipped
C:\System Volume Information\_restore{9990BDC8-31D6-4E88-B1B9-F8D5C861F31C}\RP55\A0016693.inf Infected: Worm.Win32.AutoRun.cvx skipped
C:\System Volume Information\_restore{9990BDC8-31D6-4E88-B1B9-F8D5C861F31C}\RP56\A0016709.inf Infected: Worm.Win32.AutoRun.cvx skipped
C:\System Volume Information\_restore{9990BDC8-31D6-4E88-B1B9-F8D5C861F31C}\RP56\A0017695.inf Infected: Worm.Win32.AutoRun.cvx skipped
C:\System Volume Information\_restore{9990BDC8-31D6-4E88-B1B9-F8D5C861F31C}\RP56\A0017706.inf Infected: Worm.Win32.AutoRun.cvx skipped
C:\System Volume Information\_restore{9990BDC8-31D6-4E88-B1B9-F8D5C861F31C}\RP56\A0017718.inf Infected: Worm.Win32.AutoRun.cvx skipped
C:\System Volume Information\_restore{9990BDC8-31D6-4E88-B1B9-F8D5C861F31C}\RP57\A0017729.inf Infected: Worm.Win32.AutoRun.cvx skipped
C:\System Volume Information\_restore{9990BDC8-31D6-4E88-B1B9-F8D5C861F31C}\RP57\A0017753.inf Infected: Worm.Win32.AutoRun.cvx skipped
C:\System Volume Information\_restore{9990BDC8-31D6-4E88-B1B9-F8D5C861F31C}\RP57\A0017766.inf Infected: Trojan-PSW.Win32.OnLineGames.uam skipped
C:\System Volume Information\_restore{9990BDC8-31D6-4E88-B1B9-F8D5C861F31C}\RP58\A0017772.inf Infected: Trojan-PSW.Win32.OnLineGames.uam skipped
C:\System Volume Information\_restore{9990BDC8-31D6-4E88-B1B9-F8D5C861F31C}\RP58\A0017804.inf Infected: Trojan-PSW.Win32.OnLineGames.uam skipped
C:\System Volume Information\_restore{9990BDC8-31D6-4E88-B1B9-F8D5C861F31C}\RP65\A0018351.inf Infected: Trojan-PSW.Win32.OnLineGames.urp skipped
C:\System Volume Information\_restore{9990BDC8-31D6-4E88-B1B9-F8D5C861F31C}\RP65\A0018368.inf Infected: Trojan-PSW.Win32.OnLineGames.urp skipped
C:\System Volume Information\_restore{9990BDC8-31D6-4E88-B1B9-F8D5C861F31C}\RP65\A0018387.inf Infected: Trojan-PSW.Win32.OnLineGames.urp skipped
C:\System Volume Information\_restore{9990BDC8-31D6-4E88-B1B9-F8D5C861F31C}\RP66\A0018393.inf Infected: Trojan-PSW.Win32.OnLineGames.urp skipped
C:\System Volume Information\_restore{9990BDC8-31D6-4E88-B1B9-F8D5C861F31C}\RP66\A0018407.inf Infected: Trojan-PSW.Win32.OnLineGames.urp skipped
C:\System Volume Information\_restore{9990BDC8-31D6-4E88-B1B9-F8D5C861F31C}\RP66\A0018433.inf Infected: Trojan-PSW.Win32.OnLineGames.urp skipped
C:\System Volume Information\_restore{9990BDC8-31D6-4E88-B1B9-F8D5C861F31C}\RP67\A0018487.inf Infected: Trojan-PSW.Win32.OnLineGames.urp skipped
C:\System Volume Information\_restore{9990BDC8-31D6-4E88-B1B9-F8D5C861F31C}\RP67\A0018520.inf Infected: Trojan-PSW.Win32.OnLineGames.urp skipped
C:\System Volume Information\_restore{9990BDC8-31D6-4E88-B1B9-F8D5C861F31C}\RP67\A0018534.inf Infected: Trojan-PSW.Win32.OnLineGames.urp skipped
C:\System Volume Information\_restore{9990BDC8-31D6-4E88-B1B9-F8D5C861F31C}\RP68\A0018570.inf Infected: Trojan-PSW.Win32.OnLineGames.urp skipped
C:\System Volume Information\_restore{9990BDC8-31D6-4E88-B1B9-F8D5C861F31C}\RP74\A0018888.inf Infected: Trojan-PSW.Win32.OnLineGames.urp skipped
C:\System Volume Information\_restore{9990BDC8-31D6-4E88-B1B9-F8D5C861F31C}\RP74\A0018893.inf Infected: Trojan-PSW.Win32.OnLineGames.urp skipped
C:\System Volume Information\_restore{9990BDC8-31D6-4E88-B1B9-F8D5C861F31C}\RP78\change.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\EventCache\{8A2B4008-B313-46AA-BCD0-F29192D1B945}.bin Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\ACEEvent.evt Object is locked skipped
C:\WINDOWS\system32\config\Antivirus.Evt Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\Temp\Perflib_Perfdata_5e8.dat Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
D:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
D:\System Volume Information\_restore{9990BDC8-31D6-4E88-B1B9-F8D5C861F31C}\RP21\A0003427.inf Infected: Trojan-PSW.Win32.OnLineGames.qmf skipped
D:\System Volume Information\_restore{9990BDC8-31D6-4E88-B1B9-F8D5C861F31C}\RP21\A0003437.inf Infected: Trojan-PSW.Win32.OnLineGames.qmf skipped
D:\System Volume Information\_restore{9990BDC8-31D6-4E88-B1B9-F8D5C861F31C}\RP21\A0003447.inf Infected: Trojan-PSW.Win32.OnLineGames.qmf skipped
D:\System Volume Information\_restore{9990BDC8-31D6-4E88-B1B9-F8D5C861F31C}\RP21\A0003458.inf Infected: Trojan-PSW.Win32.OnLineGames.qmf skipped
D:\System Volume Information\_restore{9990BDC8-31D6-4E88-B1B9-F8D5C861F31C}\RP21\A0003468.inf Infected: Trojan-PSW.Win32.OnLineGames.qmf skipped
D:\System Volume Information\_restore{9990BDC8-31D6-4E88-B1B9-F8D5C861F31C}\RP21\A0003480.inf Infected: Trojan-PSW.Win32.OnLineGames.qmf skipped
D:\System Volume Information\_restore{9990BDC8-31D6-4E88-B1B9-F8D5C861F31C}\RP21\A0003491.inf Infected: Trojan-PSW.Win32.OnLineGames.qmf skipped
D:\System Volume Information\_restore{9990BDC8-31D6-4E88-B1B9-F8D5C861F31C}\RP21\A0003501.inf Infected: Trojan-PSW.Win32.OnLineGames.qmf skipped
D:\System Volume Information\_restore{9990BDC8-31D6-4E88-B1B9-F8D5C861F31C}\RP22\A0003513.inf Infected: Trojan-PSW.Win32.OnLineGames.qmf skipped
D:\System Volume Information\_restore{9990BDC8-31D6-4E88-B1B9-F8D5C861F31C}\RP23\A0003518.inf Infected: Trojan-PSW.Win32.OnLineGames.qmf skipped
D:\System Volume Information\_restore{9990BDC8-31D6-4E88-B1B9-F8D5C861F31C}\RP24\A0003551.inf Infected: Trojan-PSW.Win32.OnLineGames.qmf skipped
D:\System Volume Information\_restore{9990BDC8-31D6-4E88-B1B9-F8D5C861F31C}\RP24\A0003581.inf Infected: Trojan-PSW.Win32.OnLineGames.qmf skipped
D:\System Volume Information\_restore{9990BDC8-31D6-4E88-B1B9-F8D5C861F31C}\RP24\A0003591.inf Infected: Trojan-PSW.Win32.OnLineGames.qmf skipped
D:\System Volume Information\_restore{9990BDC8-31D6-4E88-B1B9-F8D5C861F31C}\RP24\A0003601.inf Infected: Trojan-PSW.Win32.OnLineGames.qmf skipped
D:\System Volume Information\_restore{9990BDC8-31D6-4E88-B1B9-F8D5C861F31C}\RP24\A0003614.inf Infected: Trojan-PSW.Win32.OnLineGames.qmf skipped
D:\System Volume Information\_restore{9990BDC8-31D6-4E88-B1B9-F8D5C861F31C}\RP25\A0003618.inf Infected: Trojan-PSW.Win32.OnLineGames.qmf skipped
D:\System Volume Information\_restore{9990BDC8-31D6-4E88-B1B9-F8D5C861F31C}\RP26\A0003677.inf Infected: Trojan-PSW.Win32.OnLineGames.qmf skipped
D:\System Volume Information\_restore{9990BDC8-31D6-4E88-B1B9-F8D5C861F31C}\RP26\A0003734.inf Infected: Trojan-PSW.Win32.OnLineGames.qmf skipped
D:\System Volume Information\_restore{9990BDC8-31D6-4E88-B1B9-F8D5C861F31C}\RP26\A0003744.inf Infected: Trojan-PSW.Win32.OnLineGames.qmf skipped
D:\System Volume Information\_restore{9990BDC8-31D6-4E88-B1B9-F8D5C861F31C}\RP27\A0003767.inf Infected: Trojan-PSW.Win32.OnLineGames.qmf skipped
D:\System Volume Information\_restore{9990BDC8-31D6-4E88-B1B9-F8D5C861F31C}\RP27\A0003781.inf Infected: Trojan-PSW.Win32.OnLineGames.qmf skipped
D:\System Volume Information\_restore{9990BDC8-31D6-4E88-B1B9-F8D5C861F31C}\RP28\A0003816.inf Infected: Trojan-PSW.Win32.OnLineGames.qmf skipped
D:\System Volume Information\_restore{9990BDC8-31D6-4E88-B1B9-F8D5C861F31C}\RP28\A0003831.inf Infected: Trojan-PSW.Win32.OnLineGames.qmf skipped
D:\System Volume Information\_restore{9990BDC8-31D6-4E88-B1B9-F8D5C861F31C}\RP28\A0003843.inf Infected: Trojan-PSW.Win32.OnLineGames.qmf skipped
D:\System Volume Information\_restore{9990BDC8-31D6-4E88-B1B9-F8D5C861F31C}\RP28\A0003873.inf Infected: Trojan-PSW.Win32.OnLineGames.qmf skipped
D:\System Volume Information\_restore{9990BDC8-31D6-4E88-B1B9-F8D5C861F31C}\RP29\A0003909.inf Infected: Trojan-PSW.Win32.OnLineGames.rem skipped
D:\System Volume Information\_restore{9990BDC8-31D6-4E88-B1B9-F8D5C861F31C}\RP29\A0003921.inf Infected: Trojan-PSW.Win32.OnLineGames.rem skipped
D:\System Volume Information\_restore{9990BDC8-31D6-4E88-B1B9-F8D5C861F31C}\RP29\A0003933.inf Infected: Trojan-PSW.Win32.OnLineGames.rem skipped
D:\System Volume Information\_restore{9990BDC8-31D6-4E88-B1B9-F8D5C861F31C}\RP29\A0003944.inf Infected: Trojan-PSW.Win32.OnLineGames.rem skipped
D:\System Volume Information\_restore{9990BDC8-31D6-4E88-B1B9-F8D5C861F31C}\RP30\A0003949.inf Infected: Trojan-PSW.Win32.OnLineGames.rem skipped
D:\System Volume Information\_restore{9990BDC8-31D6-4E88-B1B9-F8D5C861F31C}\RP30\A0004946.inf Infected: Trojan-PSW.Win32.OnLineGames.rem skipped
D:\System Volume Information\_restore{9990BDC8-31D6-4E88-B1B9-F8D5C861F31C}\RP30\A0004964.inf Infected: Trojan-PSW.Win32.OnLineGames.rem skipped
D:\System Volume Information\_restore{9990BDC8-31D6-4E88-B1B9-F8D5C861F31C}\RP30\A0004975.inf Infected: Trojan-PSW.Win32.OnLineGames.rem skipped
D:\System Volume Information\_restore{9990BDC8-31D6-4E88-B1B9-F8D5C861F31C}\RP30\A0004986.inf Infected: Trojan-PSW.Win32.OnLineGames.rem skipped
D:\System Volume Information\_restore{9990BDC8-31D6-4E88-B1B9-F8D5C861F31C}\RP31\A0004992.inf Infected: Trojan-PSW.Win32.OnLineGames.rem skipped
D:\System Volume Information\_restore{9990BDC8-31D6-4E88-B1B9-F8D5C861F31C}\RP31\A0005005.inf Infected: Trojan-PSW.Win32.OnLineGames.rem skipped
D:\System Volume Information\_restore{9990BDC8-31D6-4E88-B1B9-F8D5C861F31C}\RP31\A0005015.inf Infected: Trojan-PSW.Win32.OnLineGames.rem skipped
D:\System Volume Information\_restore{9990BDC8-31D6-4E88-B1B9-F8D5C861F31C}\RP31\A0005030.inf Infected: Trojan-PSW.Win32.OnLineGames.rem skipped
D:\System Volume Information\_restore{9990BDC8-31D6-4E88-B1B9-F8D5C861F31C}\RP31\A0005046.inf Infected: Trojan-PSW.Win32.OnLineGames.rem skipped
D:\System Volume Information\_restore{9990BDC8-31D6-4E88-B1B9-F8D5C861F31C}\RP31\A0005062.inf Infected: Trojan-PSW.Win32.OnLineGames.rem skipped
D:\System Volume Information\_restore{9990BDC8-31D6-4E88-B1B9-F8D5C861F31C}\RP31\A0005075.inf Infected: Trojan-PSW.Win32.OnLineGames.rem skipped
D:\System Volume Information\_restore{9990BDC8-31D6-4E88-B1B9-F8D5C861F31C}\RP31\A0005098.inf Infected: Trojan-PSW.Win32.OnLineGames.rem skipped
D:\System Volume Information\_restore{9990BDC8-31D6-4E88-B1B9-F8D5C861F31C}\RP32\A0005103.inf Infected: Trojan-PSW.Win32.OnLineGames.rem skipped
D:\System Volume Information\_restore{9990BDC8-31D6-4E88-B1B9-F8D5C861F31C}\RP32\A0005116.inf Infected: Trojan-PSW.Win32.OnLineGames.rem skipped
D:\System Volume Information\_restore{9990BDC8-31D6-4E88-B1B9-F8D5C861F31C}\RP32\A0005128.inf Infected: Trojan-PSW.Win32.OnLineGames.rem skipped
D:\System Volume Information\_restore{9990BDC8-31D6-4E88-B1B9-F8D5C861F31C}\RP32\A0005140.inf Infected: Trojan-PSW.Win32.OnLineGames.rem skipped
D:\System Volume Information\_restore{9990BDC8-31D6-4E88-B1B9-F8D5C861F31C}\RP32\A0005152.inf Infected: Trojan-PSW.Win32.OnLineGames.rem skipped
D:\System Volume Information\_restore{9990BDC8-31D6-4E88-B1B9-F8D5C861F31C}\RP32\A0005164.inf Infected: Trojan-PSW.Win32.OnLineGames.rem skipped
D:\System Volume Information\_restore{9990BDC8-31D6-4E88-B1B9-F8D5C861F31C}\RP32\A0005177.inf Infected: Trojan-PSW.Win32.OnLineGames.rem skipped
D:\System Volume Information\_restore{9990BDC8-31D6-4E88-B1B9-F8D5C861F31C}\RP33\A0005182.inf Infected: Trojan-PSW.Win32.OnLineGames.rem skipped
D:\System Volume Information\_restore{9990BDC8-31D6-4E88-B1B9-F8D5C861F31C}\RP33\A0005199.inf Infected: Trojan-PSW.Win32.OnLineGames.rem skipped
D:\System Volume Information\_restore{9990BDC8-31D6-4E88-B1B9-F8D5C861F31C}\RP37\A0006478.inf Infected: Trojan-PSW.Win32.OnLineGames.rem skipped
D:\System Volume Information\_restore{9990BDC8-31D6-4E88-B1B9-F8D5C861F31C}\RP37\A0006494.inf Infected: Trojan-PSW.Win32.OnLineGames.rem skipped
D:\System Volume Information\_restore{9990BDC8-31D6-4E88-B1B9-F8D5C861F31C}\RP38\A0007512.inf Infected: Trojan-PSW.Win32.OnLineGames.rem skipped
D:\System Volume Information\_restore{9990BDC8-31D6-4E88-B1B9-F8D5C861F31C}\RP38\A0007532.inf Infected: Trojan-PSW.Win32.OnLineGames.rem skipped
D:\System Volume Information\_restore{9990BDC8-31D6-4E88-B1B9-F8D5C861F31C}\RP38\A0007547.inf Infected: Trojan-PSW.Win32.OnLineGames.rem skipped
D:\System Volume Information\_restore{9990BDC8-31D6-4E88-B1B9-F8D5C861F31C}\RP39\A0007555.inf Infected: Trojan-PSW.Win32.OnLineGames.rem skipped
D:\System Volume Information\_restore{9990BDC8-31D6-4E88-B1B9-F8D5C861F31C}\RP39\A0007575.inf Infected: Trojan-PSW.Win32.OnLineGames.rem skipped
D:\System Volume Information\_restore{9990BDC8-31D6-4E88-B1B9-F8D5C861F31C}\RP39\A0007592.inf Infected: Trojan-PSW.Win32.OnLineGames.rem skipped
D:\System Volume Information\_restore{9990BDC8-31D6-4E88-B1B9-F8D5C861F31C}\RP39\A0007610.inf Infected: Trojan-PSW.Win32.OnLineGames.rem skipped
D:\System Volume Information\_restore{9990BDC8-31D6-4E88-B1B9-F8D5C861F31C}\RP39\A0007622.inf Infected: Trojan-PSW.Win32.OnLineGames.rem skipped
D:\System Volume Information\_restore{9990BDC8-31D6-4E88-B1B9-F8D5C861F31C}\RP39\A0007637.inf Infected: Trojan-PSW.Win32.OnLineGames.rem skipped
D:\System Volume Information\_restore{9990BDC8-31D6-4E88-B1B9-F8D5C861F31C}\RP40\A0007647.inf Infected: Trojan-PSW.Win32.OnLineGames.rem skipped
D:\System Volume Information\_restore{9990BDC8-31D6-4E88-B1B9-F8D5C861F31C}\RP41\A0007656.inf Infected: Trojan-PSW.Win32.OnLineGames.rem skipped
D:\System Volume Information\_restore{9990BDC8-31D6-4E88-B1B9-F8D5C861F31C}\RP41\A0008640.inf Infected: Trojan-PSW.Win32.OnLineGames.rem skipped
D:\System Volume Information\_restore{9990BDC8-31D6-4E88-B1B9-F8D5C861F31C}\RP41\A0009639.inf Infected: Trojan-PSW.Win32.OnLineGames.rem skipped
D:\System Volume Information\_restore{9990BDC8-31D6-4E88-B1B9-F8D5C861F31C}\RP41\A0012718.inf Infected: Trojan-PSW.Win32.OnLineGames.rem skipped
D:\System Volume Information\_restore{9990BDC8-31D6-4E88-B1B9-F8D5C861F31C}\RP41\A0013787.inf Infected: Worm.Win32.AutoRun.cpq skipped
D:\System Volume Information\_restore{9990BDC8-31D6-4E88-B1B9-F8D5C861F31C}\RP42\A0013797.inf Infected: Worm.Win32.AutoRun.cpq skipped
D:\System Volume Information\_restore{9990BDC8-31D6-4E88-B1B9-F8D5C861F31C}\RP42\A0014816.inf Infected: Trojan-PSW.Win32.OnLineGames.rry skipped
D:\System Volume Information\_restore{9990BDC8-31D6-4E88-B1B9-F8D5C861F31C}\RP43\A0014832.inf Infected: Trojan-PSW.Win32.OnLineGames.rry skipped
D:\System Volume Information\_restore{9990BDC8-31D6-4E88-B1B9-F8D5C861F31C}\RP43\A0014854.inf Infected: Trojan-PSW.Win32.OnLineGames.rry skipped
D:\System Volume Information\_restore{9990BDC8-31D6-4E88-B1B9-F8D5C861F31C}\RP43\A0014867.inf Infected: Trojan-PSW.Win32.OnLineGames.rry skipped
D:\System Volume Information\_restore{9990BDC8-31D6-4E88-B1B9-F8D5C861F31C}\RP43\A0014885.inf Infected: Trojan-PSW.Win32.OnLineGames.rry skipped
D:\System Volume Information\_restore{9990BDC8-31D6-4E88-B1B9-F8D5C861F31C}\RP43\A0014897.inf Infected: Trojan-PSW.Win32.OnLineGames.rry skipped
D:\System Volume Information\_restore{9990BDC8-31D6-4E88-B1B9-F8D5C861F31C}\RP44\A0014905.inf Infected: Trojan-PSW.Win32.OnLineGames.rry skipped
D:\System Volume Information\_restore{9990BDC8-31D6-4E88-B1B9-F8D5C861F31C}\RP44\A0014931.inf Infected: Trojan-PSW.Win32.OnLineGames.rry skipped
D:\System Volume Information\_restore{9990BDC8-31D6-4E88-B1B9-F8D5C861F31C}\RP44\A0014957.inf Infected: Trojan-PSW.Win32.OnLineGames.rry skipped
D:\System Volume Information\_restore{9990BDC8-31D6-4E88-B1B9-F8D5C861F31C}\RP44\A0014970.inf Infected: Trojan-PSW.Win32.OnLineGames.rry skipped
D:\System Volume Information\_restore{9990BDC8-31D6-4E88-B1B9-F8D5C861F31C}\RP44\A0014984.inf Infected: Trojan-PSW.Win32.OnLineGames.rry skipped
D:\System Volume Information\_restore{9990BDC8-31D6-4E88-B1B9-F8D5C861F31C}\RP45\A0014990.inf Infected: Trojan-PSW.Win32.OnLineGames.rry skipped
D:\System Volume Information\_restore{9990BDC8-31D6-4E88-B1B9-F8D5C861F31C}\RP45\A0015028.inf Infected: Trojan-PSW.Win32.OnLineGames.rry skipped
D:\System Volume Information\_restore{9990BDC8-31D6-4E88-B1B9-F8D5C861F31C}\RP46\A0015046.inf Infected: Trojan-PSW.Win32.OnLineGames.rry skipped
D:\System Volume Information\_restore{9990BDC8-31D6-4E88-B1B9-F8D5C861F31C}\RP46\A0015063.inf Infected: Trojan-PSW.Win32.OnLineGames.rry skipped
D:\System Volume Information\_restore{9990BDC8-31D6-4E88-B1B9-F8D5C861F31C}\RP46\A0015081.inf Infected: Trojan-PSW.Win32.OnLineGames.rry skipped
D:\System Volume Information\_restore{9990BDC8-31D6-4E88-B1B9-F8D5C861F31C}\RP46\A0015095.inf Infected: Trojan-PSW.Win32.OnLineGames.rry skipped
D:\System Volume Information\_restore{9990BDC8-31D6-4E88-B1B9-F8D5C861F31C}\RP46\A0015107.inf Infected: Trojan-PSW.Win32.OnLineGames.rry skipped
D:\System Volume Information\_restore{9990BDC8-31D6-4E88-B1B9-F8D5C861F31C}\RP47\A0015121.inf Infected: Trojan-PSW.Win32.OnLineGames.rry skipped
D:\System Volume Information\_restore{9990BDC8-31D6-4E88-B1B9-F8D5C861F31C}\RP47\A0015148.inf Infected: Trojan-PSW.Win32.OnLineGames.rry skipped
D:\System Volume Information\_restore{9990BDC8-31D6-4E88-B1B9-F8D5C861F31C}\RP47\A0015160.inf Infected: Trojan-PSW.Win32.OnLineGames.rry skipped
D:\System Volume Information\_restore{9990BDC8-31D6-4E88-B1B9-F8D5C861F31C}\RP47\A0015172.inf Infected: Trojan-PSW.Win32.OnLineGames.ryg skipped
D:\System Volume Information\_restore{9990BDC8-31D6-4E88-B1B9-F8D5C861F31C}\RP48\A0015184.inf Infected: Trojan-PSW.Win32.OnLineGames.ryg skipped
D:\System Volume Information\_restore{9990BDC8-31D6-4E88-B1B9-F8D5C861F31C}\RP48\A0016176.inf Infected: Trojan-PSW.Win32.OnLineGames.ryg skipped
D:\System Volume Information\_restore{9990BDC8-31D6-4E88-B1B9-F8D5C861F31C}\RP48\A0016188.inf Infected: Trojan-PSW.Win32.OnLineGames.ryg skipped
D:\System Volume Information\_restore{9990BDC8-31D6-4E88-B1B9-F8D5C861F31C}\RP48\A0016217.inf Infected: Trojan-PSW.Win32.OnLineGames.ryg skipped
D:\System Volume Information\_restore{9990BDC8-31D6-4E88-B1B9-F8D5C861F31C}\RP49\A0016222.inf Infected: Trojan-PSW.Win32.OnLineGames.ryg skipped
D:\System Volume Information\_restore{9990BDC8-31D6-4E88-B1B9-F8D5C861F31C}\RP49\A0016239.inf Infected: Trojan-PSW.Win32.OnLineGames.ryg skipped
D:\System Volume Information\_restore{9990BDC8-31D6-4E88-B1B9-F8D5C861F31C}\RP49\A0016250.inf Infected: Trojan-PSW.Win32.OnLineGames.skg skipped
D:\System Volume Information\_restore{9990BDC8-31D6-4E88-B1B9-F8D5C861F31C}\RP49\A0016268.inf Infected: Trojan-PSW.Win32.OnLineGames.skg skipped
D:\System Volume Information\_restore{9990BDC8-31D6-4E88-B1B9-F8D5C861F31C}\RP50\A0016280.inf Infected: Trojan-PSW.Win32.OnLineGames.skg skipped
D:\System Volume Information\_restore{9990BDC8-31D6-4E88-B1B9-F8D5C861F31C}\RP50\A0016312.inf Infected: Trojan-PSW.Win32.OnLineGames.skg skipped
D:\System Volume Information\_restore{9990BDC8-31D6-4E88-B1B9-F8D5C861F31C}\RP51\A0016339.inf Infected: Trojan-PSW.Win32.OnLineGames.skg skipped
D:\System Volume Information\_restore{9990BDC8-31D6-4E88-B1B9-F8D5C861F31C}\RP51\A0016351.inf Infected: Trojan-PSW.Win32.OnLineGames.skg skipped
D:\System Volume Information\_restore{9990BDC8-31D6-4E88-B1B9-F8D5C861F31C}\RP51\A0016371.inf Infected: Trojan-PSW.Win32.OnLineGames.skg skipped
D:\System Volume Information\_restore{9990BDC8-31D6-4E88-B1B9-F8D5C861F31C}\RP52\A0016427.inf Infected: Trojan-PSW.Win32.OnLineGames.skg skipped
D:\System Volume Information\_restore{9990BDC8-31D6-4E88-B1B9-F8D5C861F31C}\RP52\A0016447.inf Infected: Trojan-PSW.Win32.OnLineGames.skg skipped
D:\System Volume Information\_restore{9990BDC8-31D6-4E88-B1B9-F8D5C861F31C}\RP54\A0016616.inf Infected: Worm.Win32.AutoRun.cvx skipped
D:\System Volume Information\_restore{9990BDC8-31D6-4E88-B1B9-F8D5C861F31C}\RP55\A0016620.inf Infected: Worm.Win32.AutoRun.cvx skipped
D:\System Volume Information\_restore{9990BDC8-31D6-4E88-B1B9-F8D5C861F31C}\RP55\A0016641.inf Infected: Worm.Win32.AutoRun.cvx skipped
D:\System Volume Information\_restore{9990BDC8-31D6-4E88-B1B9-F8D5C861F31C}\RP55\A0016651.inf Infected: Worm.Win32.AutoRun.cvx skipped
D:\System Volume Information\_restore{9990BDC8-31D6-4E88-B1B9-F8D5C861F31C}\RP55\A0016668.inf Infected: Worm.Win32.AutoRun.cvx skipped
D:\System Volume Information\_restore{9990BDC8-31D6-4E88-B1B9-F8D5C861F31C}\RP55\A0016678.inf Infected: Worm.Win32.AutoRun.cvx skipped
D:\System Volume Information\_restore{9990BDC8-31D6-4E88-B1B9-F8D5C861F31C}\RP55\A0016695.inf Infected: Worm.Win32.AutoRun.cvx skipped
D:\System Volume Information\_restore{9990BDC8-31D6-4E88-B1B9-F8D5C861F31C}\RP56\A0016711.inf Infected: Worm.Win32.AutoRun.cvx skipped
D:\System Volume Information\_restore{9990BDC8-31D6-4E88-B1B9-F8D5C861F31C}\RP56\A0017697.inf Infected: Worm.Win32.AutoRun.cvx skipped
D:\System Volume Information\_restore{9990BDC8-31D6-4E88-B1B9-F8D5C861F31C}\RP56\A0017708.inf Infected: Worm.Win32.AutoRun.cvx skipped
D:\System Volume Information\_restore{9990BDC8-31D6-4E88-B1B9-F8D5C861F31C}\RP56\A0017720.inf Infected: Worm.Win32.AutoRun.cvx skipped
D:\System Volume Information\_restore{9990BDC8-31D6-4E88-B1B9-F8D5C861F31C}\RP57\A0017731.inf Infected: Worm.Win32.AutoRun.cvx skipped
D:\System Volume Information\_restore{9990BDC8-31D6-4E88-B1B9-F8D5C861F31C}\RP57\A0017755.inf Infected: Worm.Win32.AutoRun.cvx skipped
D:\System Volume Information\_restore{9990BDC8-31D6-4E88-B1B9-F8D5C861F31C}\RP57\A0017768.inf Infected: Trojan-PSW.Win32.OnLineGames.uam skipped
D:\System Volume Information\_restore{9990BDC8-31D6-4E88-B1B9-F8D5C861F31C}\RP58\A0017774.inf Infected: Trojan-PSW.Win32.OnLineGames.uam skipped
D:\System Volume Information\_restore{9990BDC8-31D6-4E88-B1B9-F8D5C861F31C}\RP58\A0017806.inf Infected: Trojan-PSW.Win32.OnLineGames.uam skipped
D:\System Volume Information\_restore{9990BDC8-31D6-4E88-B1B9-F8D5C861F31C}\RP65\A0018353.inf Infected: Trojan-PSW.Win32.OnLineGames.urp skipped
D:\System Volume Information\_restore{9990BDC8-31D6-4E88-B1B9-F8D5C861F31C}\RP65\A0018370.inf Infected: Trojan-PSW.Win32.OnLineGames.urp skipped
D:\System Volume Information\_restore{9990BDC8-31D6-4E88-B1B9-F8D5C861F31C}\RP65\A0018389.inf Infected: Trojan-PSW.Win32.OnLineGames.urp skipped
D:\System Volume Information\_restore{9990BDC8-31D6-4E88-B1B9-F8D5C861F31C}\RP66\A0018395.inf Infected: Trojan-PSW.Win32.OnLineGames.urp skipped
D:\System Volume Information\_restore{9990BDC8-31D6-4E88-B1B9-F8D5C861F31C}\RP66\A0018409.inf Infected: Trojan-PSW.Win32.OnLineGames.urp skipped
D:\System Volume Information\_restore{9990BDC8-31D6-4E88-B1B9-F8D5C861F31C}\RP66\A0018435.inf Infected: Trojan-PSW.Win32.OnLineGames.urp skipped
D:\System Volume Information\_restore{9990BDC8-31D6-4E88-B1B9-F8D5C861F31C}\RP67\A0018489.inf Infected: Trojan-PSW.Win32.OnLineGames.urp skipped
D:\System Volume Information\_restore{9990BDC8-31D6-4E88-B1B9-F8D5C861F31C}\RP67\A0018522.inf Infected: Trojan-PSW.Win32.OnLineGames.urp skipped
D:\System Volume Information\_restore{9990BDC8-31D6-4E88-B1B9-F8D5C861F31C}\RP67\A0018536.inf Infected: Trojan-PSW.Win32.OnLineGames.urp skipped
D:\System Volume Information\_restore{9990BDC8-31D6-4E88-B1B9-F8D5C861F31C}\RP68\A0018572.inf Infected: Trojan-PSW.Win32.OnLineGames.urp skipped
D:\System Volume Information\_restore{9990BDC8-31D6-4E88-B1B9-F8D5C861F31C}\RP75\A0018937.inf Infected: Trojan-PSW.Win32.OnLineGames.urp skipped
D:\System Volume Information\_restore{9990BDC8-31D6-4E88-B1B9-F8D5C861F31C}\RP77\A0020161.cmd Infected: Trojan-PSW.Win32.OnLineGames.ryx skipped
D:\System Volume Information\_restore{9990BDC8-31D6-4E88-B1B9-F8D5C861F31C}\RP77\A0020162.com Infected: Trojan-PSW.Win32.OnLineGames.too skipped
D:\System Volume Information\_restore{9990BDC8-31D6-4E88-B1B9-F8D5C861F31C}\RP77\A0020163.com Infected: Trojan-PSW.Win32.OnLineGames.rbj skipped
D:\System Volume Information\_restore{9990BDC8-31D6-4E88-B1B9-F8D5C861F31C}\RP77\A0020164.bat Infected: Worm.Win32.AutoRun.cvh skipped

Scan process completed.

**Posty:** 18165 · przez **wojtas** 25 Mar 2008, 17:24

sciagnij ATF_Cleaner
zaznacz
Windows Temp
Temporary internet files
i wcisnij EMPTY SELECTED

Wyłącz przywracanie systemu ( właściwości mój komputer-zakładka przywracanie - wyłącz przywracanie na wszystkich dyskach i po chwili włącz

**Posty:** 4 · przez **MartaS** 12 Kwi 2008, 20:04

Witam, mam ten sam problem. Spróbuję tego co tu wyczytałam i zwróce sie po rady co dalej, jeżeli oczywiście dam sobie radę bom baba , w dodatku nie najmłodsza

**Posty:** 18165 · przez **wojtas** 12 Kwi 2008, 22:50

MartaS załoz swoj temat daj logi i opisz problem

pozdro

nie mogę otworzyc dysków c i d

Nie mogę otworzyc dysków C i D

Kto jest na forum