Please help; Win32 problem

cinio · 04-29-2009, 02:20 PM

Hello,
symptoms: performance slow, cannot start AntiVir and ZoneAlarm (...is not valid Win32 application)
had shortly this problem - reinstalled everything; yesterday run windows repair; no results
please help
thank you
Marcin

DDS (Ver_09-03-16.01) - NTFSx86
Run by Marcin at 21:46:23,99 on 2009-04-29
Internet Explorer: 6.0.2900.5512
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.454 [GMT 2:00]

AV: AntiVir Desktop *On-access scanning enabled* (Updated)
FW: ZoneAlarm Firewall *enabled*

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
C:\WINDOWS\System32\tcpsvcs.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Logitech\QuickCam\Quickcam.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\WINDOWS\stsystra.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Secunia\PSI\psi.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Documents and Settings\Marcin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Marcin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Marcin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\system32\notepad.exe
C:\Documents and Settings\Marcin\Desktop\dds.pif

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.ch/
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Skype add-on (mastermind): {22bf413b-c6d2-4d91-82a9-a0f997ba588c} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\DLASHX_W.DLL
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized
uRun: [Google Update] "c:\documents and settings\marcin\local settings\application data\google\update\GoogleUpdate.exe" /c
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [LogitechCommunicationsManager] "c:\program files\common files\logishrd\lcommgr\Communications_Helper.exe"
mRun: [LogitechQuickCamRibbon] "c:\program files\logitech\quickcam\Quickcam.exe" /hide
mRun: [ZoneAlarm Client] "c:\program files\zone labs\zonealarm\zlclient.exe"
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
mRun: [DLA] c:\windows\system32\dla\DLACTRLW.EXE
mRun: [VIPv3_Auto_Update]
mRun: [Vistadrv]
mRun: [VisualTooltip]
mRun: [SigmatelSysTrayApp] stsystra.exe
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
StartupFolder: c:\docume~1\marcin\startm~1\programs\startup\secuni~1.lnk - c:\program files\secunia\psi\psi.exe
StartupFolder: c:\docume~1\marcin\startm~1\programs\startup\tworze~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\acroba~1.lnk - c:\program files\adobe\acrobat 5.0\distillr\AcroTray.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\logite~1.lnk - c:\program files\logitech\desktop messenger\8876480\program\LogitechDesktopMessenger.exe
mPolicies-system: EnableLUA = 0 (0x0)
IE: E&ksportuj do programu Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office10\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
DPF: DirectAnimation Java Classes - file://c:\windows\java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1239546075453
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1239553479156
DPF: {A796D216-2DE1-4EA8-BABB-FE6E7C959098} - hxxp://www.hp.com/cpso-support-new/SDD/hpsddObjSigned.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\logitech\desktop messenger\8876480\program\GAPlugProtocol-8876480.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: AtiExtEvent - Ati2evxx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

============= SERVICES / DRIVERS ===============

R0 pxscan;pxscan;c:\windows\system32\drivers\pxscan.sys --> c:\windows\system32\drivers\pxscan.sys [?]
R0 pxsec;pxsec;c:\windows\system32\drivers\pxsec.sys --> c:\windows\system32\drivers\pxsec.sys [?]
R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2009-4-18 11608]
R1 sK9Ou0s;sK9Ou0s;c:\documents and settings\marcin\application data\drivers\srosa2.sys [2009-4-27 7168]
R1 vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2009-4-18 353672]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2009-4-18 55640]
R2 Nero BackItUp Scheduler 4.0;Nero BackItUp Scheduler 4.0;c:\program files\common files\nero\nero backitup 4\NBService.exe [2008-9-29 935208]
S2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files\avira\antivir desktop\sched.exe [2009-4-18 108289]
S2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2009-4-18 185089]
S2 chkr32;Zone Game DLL - Checkers;c:\windows\system32\rundll32.exe chkr32.dll,uxul --> c:\windows\system32\rundll32.exe chkr32.dll,uxul [?]
S3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [2009-3-24 7808]
S4 vsmon;TrueVector Internet Monitor;c:\windows\system32\zonelabs\vsmon.exe -service --> c:\windows\system32\zonelabs\vsmon.exe -service [?]

=============== Created Last 30 ================

2009-04-29 21:43 <DIR> --d-h--- c:\windows\PIF
2009-04-29 21:35 <DIR> --d-h--- c:\docume~1\marcin\applic~1\m
2009-04-28 21:16 103,424 ac------ c:\windows\system32\dllcache\uihelper.dll
2009-04-28 21:15 92,416 ac------ c:\windows\system32\dllcache\mga.sys
2009-04-28 21:14 180,770 ac------ c:\windows\system32\dllcache\c_20932.nls
2009-04-28 21:14 <DIR> --d----- c:\program files\msn gaming zone
2009-04-28 21:12 488 a---hr-- c:\windows\system32\logonui.exe.manifest
2009-04-28 21:12 749 a---hr-- c:\windows\WindowsShell.Manifest
2009-04-28 21:12 749 a---hr-- c:\windows\system32\wuaucpl.cpl.manifest
2009-04-28 21:12 749 a---hr-- c:\windows\system32\sapi.cpl.manifest
2009-04-28 21:12 749 a---hr-- c:\windows\system32\nwc.cpl.manifest
2009-04-28 21:12 749 a---hr-- c:\windows\system32\ncpa.cpl.manifest
2009-04-28 21:07 4,444 a------- c:\windows\system32\pid.PNF
2009-04-28 21:00 24,661 ac------ c:\windows\system32\dllcache\spxcoins.dll
2009-04-28 21:00 13,312 ac------ c:\windows\system32\dllcache\irclass.dll
2009-04-28 21:00 24,661 a------- c:\windows\system32\spxcoins.dll
2009-04-28 21:00 13,312 a------- c:\windows\system32\irclass.dll
2009-04-26 22:04 <DIR> --d-h--- c:\docume~1\marcin\applic~1\drivers
2009-04-19 00:32 <DIR> --d----- c:\program files\common files\Logitech
2009-04-19 00:20 33,797 a------- c:\windows\setupapi.old
2009-04-18 23:50 666 a------- c:\windows\VisualTooltip.ini
2009-04-18 23:44 54,689 a------- c:\windows\system32\VIPicon.ico
2009-04-18 23:44 138 a------- c:\windows\system32\VIPuninstall.bat
2009-04-18 23:44 8,231,936 a------- c:\windows\system32\wmploc.backup
2009-04-18 23:44 105,984 a------- c:\windows\system32\url.backup
2009-04-18 23:44 1,499,136 a------- c:\windows\system32\shdocvw.backup
2009-04-18 23:44 1,025,024 a------- c:\windows\system32\browseui.backup
2009-04-18 23:44 1,830,912 a------- c:\windows\system32\inetcpl.backup
2009-04-18 23:43 514,560 a------- c:\windows\system32\logonui.backup
2009-04-18 23:43 2,145,280 a------- c:\windows\system32\ntoskrnl.backup
2009-04-18 23:43 155,648 a------- c:\windows\system32\wscript.backup
2009-04-18 23:43 35,328 a------- c:\windows\system32\winchat.backup
2009-04-18 23:43 433,664 a------- c:\windows\system32\wiaacmgr.backup
2009-04-18 23:43 50,176 a------- c:\windows\system32\utilman.backup
2009-04-18 23:43 51,200 a------- c:\windows\system32\syncapp.backup
2009-04-18 23:41 389,120 a------- c:\windows\system32\cmd.backup
2009-04-18 23:41 98,304 a------- c:\windows\system32\ahui.backup
2009-04-18 23:41 80,384 a------- c:\windows\system32\charmap.backup
2009-04-18 23:41 51,712 a------- c:\windows\system32\migpwd.backup
2009-04-18 23:41 114,688 a------- c:\windows\system32\calc.backup
2009-04-18 23:41 51,224 a------- c:\windows\system32\wuauclt.backup
2009-04-18 23:41 184,320 a------- c:\windows\system32\accwiz.backup
2009-04-18 23:41 338,432 a------- c:\windows\system32\zipfldr.backup
2009-04-18 23:40 2,897,920 a------- c:\windows\system32\xpsp2res.backup
2009-04-18 23:40 589,312 a------- c:\windows\system32\wiashext.backup
2009-04-18 23:40 233,472 a------- c:\windows\system32\webcheck.backup
2009-04-18 23:40 191,488 a------- c:\windows\system32\syncui.backup
2009-04-18 23:40 438,272 a------- c:\windows\system32\shimgvw.backup
2009-04-18 23:40 8,461,312 a------- c:\windows\system32\shell32.backup
2009-04-18 23:40 1,703,936 a------- c:\windows\system32\netshell.backup
2009-04-18 23:38 68,608 a------- c:\windows\system32\joy.backup
2009-04-18 23:37 144,896 a------- c:\windows\system32\hotplug.backup
2009-04-18 23:37 220,672 a------- c:\windows\system32\logon.backup
2009-04-18 23:37 54,784 a------- c:\windows\system32\icmui.backup
2009-04-18 23:37 64,000 a------- c:\windows\system32\cleanmgr.backup
2009-04-18 23:37 561,688 a------- c:\windows\system32\wuapi.backup
2009-04-18 23:37 68,608 a------- c:\windows\system32\access.backup
2009-04-18 23:37 135,680 a------- c:\windows\system32\taskmgr.backup
2009-04-18 23:37 300,544 a------- c:\windows\system32\sysdm.backup
2009-04-18 23:37 658,432 a------- c:\windows\system32\rasdlg.backup
2009-04-18 23:37 163,840 a------- c:\windows\system32\credui.backup
2009-04-18 23:36 985,088 a------- c:\windows\system32\setupapi.backup
2009-04-18 23:36 344,064 a------- c:\windows\system32\cmdial32.backup
2009-04-18 23:36 10,752 a------- c:\windows\hh.backup
2009-04-18 23:30 65,536 a------- c:\windows\system32\vbalProgBar6.ocx
2009-04-18 23:30 96 a------- c:\windows\docs.ini
2009-04-18 23:30 <DIR> --d----- c:\windows\VIPv3
2009-04-18 21:34 94,263 a------- c:\windows\DLA.EXE
2009-04-18 21:34 89,264 a------- c:\windows\system32\drivers\DRVMCDB.SYS
2009-04-18 21:34 61,500 a------- c:\windows\system32\DLAAPI_W.DLL
2009-04-18 21:34 40,544 a------- c:\windows\system32\drivers\DRVNDDM.SYS
2009-04-18 21:34 22,684 a------- c:\windows\system32\drivers\DLARTL_N.SYS
2009-04-18 21:34 5,660 a------- c:\windows\system32\drivers\DLACDBHM.SYS
2009-04-18 21:34 222 a------- c:\windows\wininit.ini
2009-04-18 21:34 <DIR> --d----- c:\windows\system32\DLA
2009-04-18 21:34 <DIR> --d----- c:\program files\Sonic
2009-04-18 21:31 <DIR> --d----- c:\program files\Sony
2009-04-18 21:30 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Sony Corporation
2009-04-18 16:00 <DIR> --d----- c:\documents and settings\marcin\05 - Mieszkanie
2009-04-18 15:59 <DIR> --d----- c:\documents and settings\marcin\04 - Kamienica
2009-04-18 15:59 <DIR> --d----- c:\documents and settings\marcin\03 - Praca
2009-04-18 15:59 <DIR> --d----- c:\documents and settings\marcin\02 - Pisma
2009-04-18 15:59 <DIR> --d----- c:\documents and settings\marcin\01 - Templates
2009-04-18 15:59 <DIR> --d----- c:\documents and settings\marcin\99 - Hand Over
2009-04-18 15:49 <DIR> --d----- c:\documents and settings\marcin\13 - Family
2009-04-18 15:43 <DIR> --d----- c:\documents and settings\marcin\12 - Nikon
2009-04-18 15:43 <DIR> --d----- c:\documents and settings\marcin\11 - Sport
2009-04-18 15:43 <DIR> --d----- c:\documents and settings\marcin\10 - Company
2009-04-18 15:39 <DIR> --d----- c:\documents and settings\marcin\08 - Zdjecia
2009-04-18 15:39 <DIR> --d----- c:\documents and settings\marcin\07 - Know-how
2009-04-18 15:39 <DIR> --d----- c:\documents and settings\marcin\06 - Mail accounts
2009-04-18 15:00 339,968 a------- c:\windows\stsystra.exe
2009-04-18 15:00 159,825 a------- c:\windows\system32\stac97.cpl
2009-04-18 15:00 172,032 a------- c:\windows\system32\stacapi.dll
2009-04-18 15:00 <DIR> --d----- c:\program files\SigmaTel
2009-04-18 14:37 69 a------- c:\windows\NeroDigital.ini
2009-04-18 11:46 55,640 a------- c:\windows\system32\drivers\avgntflt.sys
2009-04-18 11:45 <DIR> --d----- c:\program files\Avira
2009-04-18 11:45 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Avira
2009-04-18 11:30 4,212 a---h--- c:\windows\system32\zllictbl.dat
2009-04-18 11:30 1,221,512 a------- c:\windows\system32\zpeng25.dll
2009-04-18 11:30 <DIR> --d----- c:\windows\system32\ZoneLabs
2009-04-18 11:30 <DIR> --d----- c:\program files\Zone Labs
2009-04-18 11:30 350,192 a------- c:\windows\system32\vsconfig.xml
2009-04-18 11:28 <DIR> --d----- c:\windows\Internet Logs
2009-04-17 23:47 <DIR> --d----- c:\program files\Microsoft CAPICOM 2.1.0.2
2009-04-17 23:28 <DIR> --d----- c:\program files\Secunia
2009-04-17 23:23 <DIR> --d----- c:\program files\CCleaner
2009-04-17 23:17 <DIR> --d----- c:\windows\pss
2009-04-16 22:09 127,034 -----r-- c:\windows\bwUnin-8.1.1.50-8876480SL.exe
2009-04-16 20:33 14,848 a------- c:\windows\system32\ADI3.HDI
2009-04-16 20:33 0 a------- c:\windows\MTSTACK.INI
2009-04-16 20:33 721,168 a------- c:\windows\system32\VB40032.DLL
2009-04-16 20:33 447,488 a------- c:\windows\system32\HEIDI3.DLL
2009-04-16 20:33 267,264 a------- c:\windows\system32\ACADFICN.DLL
2009-04-16 20:33 81,920 a------- c:\windows\system32\GDIFONT3.HDI
2009-04-16 20:33 76,800 a------- c:\windows\system32\REGACAD.DLL
2009-04-16 20:33 42,496 a------- c:\windows\system32\MTSTACK.EXE
2009-04-16 20:33 7,680 a------- c:\windows\system32\ADRESC.DLL
2009-04-16 20:33 <DIR> --d----- c:\program files\AutoCAD R14
2009-04-16 18:21 2,560 -------- c:\windows\system32\xpsp4res.dll
2009-04-15 20:28 <DIR> --d----- C:\lj525
2009-04-15 20:20 299,520 a------- c:\windows\uninst.exe
2009-04-15 20:15 25,856 a------- c:\windows\system32\drivers\usbprint.sys
2009-04-15 20:13 210,944 -------- c:\windows\system32\Msvcrt10.dll
2009-04-15 20:13 65,536 -------- c:\windows\system32\adistres.dll
2009-04-15 20:13 20,584 -------- c:\windows\system32\PdfPorts.dll
2009-04-15 20:13 101,200 -------- c:\windows\system32\pdfshell.dll
2009-04-15 20:13 <DIR> --d----- c:\windows\system32\Adobe
2009-04-15 20:11 306,688 a------- c:\windows\IsUninst.exe
2009-04-14 20:44 32,592 a------- c:\windows\system32\msonpmon.dll
2009-04-14 20:40 <DIR> --d-h--- c:\windows\ShellNew
2009-04-14 20:36 <DIR> --d----- c:\docume~1\marcin\applic~1\DAEMON Tools Pro
2009-04-14 20:35 <DIR> --d----- c:\docume~1\alluse~1\applic~1\DAEMON Tools Lite
2009-04-14 20:35 <DIR> --d----- c:\program files\DAEMON Tools Lite
2009-04-14 20:29 717,296 a------- c:\windows\system32\drivers\sptd.sys
2009-04-14 20:29 <DIR> --d----- c:\docume~1\marcin\applic~1\DAEMON Tools Lite
2009-04-13 23:41 <DIR> --d----- c:\docume~1\marcin\applic~1\Uniblue
2009-04-13 19:25 <DIR> --d----- c:\program files\MSXML 4.0
2009-04-13 19:15 268,648 a------- c:\windows\system32\mucltui.dll
2009-04-13 19:15 27,496 a------- c:\windows\system32\mucltui.dll.mui
2009-04-13 18:24 56 a---h--- c:\windows\system32\ezsidmv.dat
2009-04-13 18:22 <DIR> --d--r-- c:\program files\Skype
2009-04-13 11:29 4,767 a------- c:\windows\Irremote.ini
2009-04-13 11:17 <DIR> --d----- c:\program files\Nero
2009-04-13 11:17 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Nero
2009-04-13 00:05 <DIR> --d----- c:\docume~1\marcin\applic~1\Quark
2009-04-13 00:04 <DIR> --d----- c:\windows\system32\QuickTime
2009-04-13 00:03 <DIR> --d----- c:\program files\Quark
2009-04-13 00:03 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Quark
2009-04-12 23:55 <DIR> --d----- c:\program files\K-Lite Codec Pack
2009-04-12 23:51 <DIR> --d----- c:\program files\GPL MPEG Decoder
2009-04-12 23:20 <DIR> --d----- c:\windows\system32\NtmsData
2009-04-12 23:14 <DIR> --d----- c:\program files\common files\DivX Shared
2009-04-12 23:14 <DIR> --d----- c:\program files\DivX
2009-04-12 23:05 54,156 a---h--- c:\windows\QTFont.qfn
2009-04-12 23:05 1,409 a------- c:\windows\QTFont.for
2009-04-12 22:50 <DIR> --d----- c:\docume~1\marcin\applic~1\Autodesk
2009-04-12 22:45 <DIR> --d----- c:\docume~1\marcin\applic~1\ACD Systems
2009-04-12 22:44 <DIR> --d----- c:\program files\common files\ACD Systems
2009-04-12 22:44 <DIR> --d----- c:\program files\ACD Systems
2009-04-12 22:44 <DIR> --d----- c:\docume~1\alluse~1\applic~1\ACD Systems
2009-04-12 22:43 <DIR> --d----- c:\windows\Downloaded Installations
2009-04-12 22:36 <DIR> --d----- C:\knclogs
2009-04-12 22:32 <DIR> --d----- c:\program files\eMule0.49c
2009-04-12 22:22 <DIR> --d----- c:\windows\system32\appmgmt
2009-04-12 22:12 376 a------- c:\windows\ODBC.INI
2009-04-12 20:56 <DIR> --d----- C:\INFECTED
2009-04-12 18:15 <DIR> --d----- c:\windows\system32\XPSViewer
2009-04-12 18:14 1,676,288 -------- c:\windows\system32\xpssvcs.dll
2009-04-12 18:14 575,488 -------- c:\windows\system32\xpsshhdr.dll
2009-04-12 18:14 117,760 -------- c:\windows\system32\prntvpt.dll
2009-04-12 18:14 <DIR> --d----- C:\876cf69017808cc24cfd33fe977c43c3
2009-04-12 18:11 0 a------- c:\windows\ativpsrm.bin
2009-04-12 18:11 6,272 a------- c:\windows\system32\drivers\splitter.sys
2009-04-12 18:11 52,864 a------- c:\windows\system32\drivers\DMusic.sys
2009-04-12 18:11 <DIR> --d----- c:\program files\IDT
2009-04-12 18:11 129,536 a------- c:\windows\system32\ksproxy.ax
2009-04-12 18:11 4,096 a------- c:\windows\system32\ksuser.dll
2009-04-12 18:10 <DIR> --d----- c:\program files\Windows Media Connect 2
2009-04-12 18:09 <DIR> --d----- c:\windows\system32\LogFiles
2009-04-12 17:40 2,066,048 -c------ c:\windows\system32\dllcache\ntkrnlpa.exe
2009-04-12 17:33 <DIR> --d----- c:\windows\system32\scripting
2009-04-12 17:33 <DIR> --d----- c:\windows\system32\en
2009-04-12 17:33 <DIR> --d----- c:\windows\l2schemas
2009-04-12 17:28 <DIR> --d----- c:\windows\network diagnostic
2009-04-12 17:15 53,248 ac------ c:\windows\system32\dllcache\tsgqec.dll
2009-04-12 17:15 53,248 -------- c:\windows\system32\tsgqec.dll
2009-04-12 17:15 290,304 ac------ c:\windows\system32\dllcache\rhttpaa.dll
2009-04-12 17:15 290,304 -------- c:\windows\system32\rhttpaa.dll
2009-04-12 17:15 19,569 a------- c:\windows\005674_.tmp
2009-04-12 17:15 7,168 ac------ c:\windows\system32\dllcache\bitsprx4.dll
2009-04-12 17:15 7,168 -------- c:\windows\system32\bitsprx4.dll
2009-04-12 17:15 136,192 ac------ c:\windows\system32\dllcache\aaclient.dll
2009-04-12 17:15 136,192 -------- c:\windows\system32\aaclient.dll
2009-04-12 16:49 316,640 a------- c:\windows\WMSysPr9.prx
2009-04-12 16:49 <DIR> --d----- c:\windows\provisioning
2009-04-12 16:49 <DIR> --d----- c:\windows\peernet
2009-04-12 16:47 <DIR> --d----- c:\windows\ServicePackFiles
2009-04-12 16:44 <DIR> --d----- c:\windows\system32\ReinstallBackups
2009-04-12 16:41 <DIR> --d----- c:\windows\EHome
2009-04-12 16:38 67,866 -------- c:\windows\system32\drivers\netwlan5.img
2009-04-12 16:21 31,768 a------- c:\windows\system32\wucltui.dll.mui
2009-04-12 16:21 <DIR> --dsh--- c:\documents and settings\marcin\UserData
2009-04-12 15:57 1,904 -------- c:\windows\system32\SetupBD.din
2009-04-12 15:57 162,816 a------- c:\windows\system32\drivers\e100b325.sys
2009-04-12 15:57 126,976 a------- c:\windows\system32\Prounstl.exe
2009-04-12 15:57 36,864 a------- c:\windows\system32\e100bmsg.dll
2009-04-12 15:57 19,456 a------- c:\windows\system32\IntelNic.dll
2009-04-12 15:57 5,178 a------- c:\windows\system32\e100b325.din
2009-04-12 15:57 <DIR> --d----- C:\drvrtmp
2009-04-12 15:57 <DIR> --d----- C:\dell
2009-04-12 15:33 13,335 a------- c:\windows\system32\drivers\usbcm.sys
2009-04-12 14:51 3,072 a------- c:\windows\system32\drivers\audstub.sys
2009-04-12 14:50 57,600 a------- c:\windows\system32\drivers\redbook.sys
2009-04-12 14:48 <DIR> --d----- c:\program files\common files\ODBC
2009-04-12 14:48 <DIR> --d----- c:\program files\common files\SpeechEngines
2009-04-12 14:48 <DIR> --d--r-- c:\documents and settings\all users\Documents
2009-04-12 14:47 <DIR> --d----- C:\Documents and Settings
2009-04-12 14:46 288 a------- c:\windows\system32\$winnt$.inf
2009-04-12 13:27 <DIR> --d----- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com
2009-04-12 13:27 <DIR> --d----- c:\program files\SUPERAntiSpyware
2009-04-12 13:27 <DIR> --d----- c:\docume~1\marcin\applic~1\SUPERAntiSpyware.com
2009-04-12 13:08 <DIR> --dsh--- c:\documents and settings\all users\DRM
2009-04-12 13:07 <DIR> --d----- c:\program files\common files\MSSoap
2009-04-12 13:06 <DIR> --d-h--- c:\program files\WindowsUpdate
2009-04-12 13:06 <DIR> --d----- c:\program files\Online Services
2009-04-12 13:06 <DIR> --d----- c:\program files\Messenger
2009-04-12 13:05 <DIR> --d----- c:\program files\Windows NT

==================== Find3M ====================

2009-04-29 18:26 0 a------- c:\windows\system32\drivers\lvuvc.hs
2009-04-29 18:26 0 a------- c:\windows\system32\drivers\logiflt.iad
2009-04-28 21:10 22,720 a------- c:\windows\system32\emptyregdb.dat
2009-04-12 17:34 86,327 a------- c:\windows\pchealth\helpctr\offlinecache\index.dat
2009-04-12 16:57 2,678 a------- c:\windows\java\packages\data\2JV5VVZV.DAT
2009-04-12 16:57 2,678 a------- c:\windows\java\packages\data\OX35ZP39.DAT
2009-04-12 16:57 2,678 a------- c:\windows\java\packages\data\UNHN1NXB.DAT
2009-04-12 16:57 2,678 a------- c:\windows\java\packages\data\PVVPFP7T.DAT
2009-04-12 16:57 2,678 a------- c:\windows\java\packages\data\OJDJ7FNZ.DAT
2009-04-12 13:08 558,142 a------- c:\windows\java\packages\7HBD3B7F.ZIP
2009-04-12 13:08 155,995 a------- c:\windows\java\packages\G4OFPRF5.ZIP
2009-03-24 13:03 7,808 a------- c:\windows\system32\drivers\psi_mf.sys
2009-03-06 13:54 180,224 a------- c:\windows\system32\Ncs2Setp.dll
2009-03-04 15:42 760,368 a------- c:\windows\system32\ncs2dmix.dll
2009-03-04 15:41 530,992 a------- c:\windows\system32\accesor.dll
2009-03-04 15:26 141,872 a------- c:\windows\system32\ncs2instutility.dll
2009-03-04 15:17 1,522,224 a------- c:\windows\system32\ncscolib.dll
2009-02-24 21:35 129,784 -------- c:\windows\system32\pxafs.dll
2009-02-24 21:35 120,056 -------- c:\windows\system32\pxcpyi64.exe
2009-02-24 21:35 118,520 -------- c:\windows\system32\pxinsi64.exe
2009-02-24 21:34 90,112 a------- c:\windows\system32\dpl100.dll
2009-02-24 21:34 823,296 a------- c:\windows\system32\divx_xx0c.dll
2009-02-24 21:34 823,296 a------- c:\windows\system32\divx_xx07.dll
2009-02-24 21:34 815,104 a------- c:\windows\system32\divx_xx0a.dll
2009-02-24 21:34 802,816 a------- c:\windows\system32\divx_xx11.dll
2009-01-30 18:26 236,120 a------- c:\windows\system32\PRONtObj.dll

============= FINISH: 21:46:52,11 ===============

**chemist** · 05-01-2009, 07:16 AM

Hello and Welcome to TSF.

Please Subscribe to this Thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant notification by email, then click Add Subscription.

Please note that the forum is very busy and if I don't hear from you within three days this thread will be closed.

Please copy this page to Notepad and Save it to your Desktop in order to assist you when carrying out the following instructions.

Before beginning the fix, read this post completely. If there's anything that you do not understand, kindly ask your questions before proceeding.
Ensure that there aren't any opened browsers when you are carrying out the procedures below.

It is IMPORTANT that you don't miss a step & perform everything in the correct order/sequence.

------------------------------------------------------

Download ComboFix from any of the links below. You must rename it to Combo-Fix before saving it. Save it to your Desktop.

If you are using Firefox, go to Tools > Options > Main and select 'Always ask me where to save files' and click OK.

Link 1
Link 2
Link 3

* IMPORTANT !!! Save Combo-Fix.exe to your Desktop

------------------------------------------------------

Disable your AntiVirus and AntiSpyware applications, usually via a right-click on the System Tray icon. They may otherwise interfere with our tools.
Get help here
Double-click on Combo-Fix.exe & follow the prompts.
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Click on Yes to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

------------------------------------------------------

cinio · 05-01-2009, 09:18 AM

Dear chemist, thank you for your reply!

ComboFix found that AtiVir Desktop is running and I could not disabled it as on system tray I had no icon of the program and the virus did not allow to start the program - I've just deinstalled Antivir.

See the results of ComboFix.txt. I do nor much understand from this but it looks bad...

ComboFix 09-04-30.056 - Marcin 2009-05-01 16:59.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.758 [GMT 2:00]
Running from: c:\documents and settings\Marcin\Desktop\Combo-Fix.exe
FW: ZoneAlarm Firewall *enabled*
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Marcin\Application Data\drivers\downld
c:\documents and settings\Marcin\Application Data\drivers\downld\100078.exe
c:\documents and settings\Marcin\Application Data\drivers\downld\100234.exe
c:\documents and settings\Marcin\Application Data\drivers\downld\104062.exe
c:\documents and settings\Marcin\Application Data\drivers\downld\104796.exe
c:\documents and settings\Marcin\Application Data\drivers\downld\105109.exe
c:\documents and settings\Marcin\Application Data\drivers\downld\105953.exe
c:\documents and settings\Marcin\Application Data\drivers\downld\107125.exe
c:\documents and settings\Marcin\Application Data\drivers\downld\107531.exe
c:\documents and settings\Marcin\Application Data\drivers\downld\108593.exe
c:\documents and settings\Marcin\Application Data\drivers\downld\110890.exe
c:\documents and settings\Marcin\Application Data\drivers\downld\111406.exe
c:\documents and settings\Marcin\Application Data\drivers\downld\11282406.exe
c:\documents and settings\Marcin\Application Data\drivers\downld\11283406.exe
c:\documents and settings\Marcin\Application Data\drivers\downld\11283750.exe
c:\documents and settings\Marcin\Application Data\drivers\downld\11298218.exe
c:\documents and settings\Marcin\Application Data\drivers\downld\11300453.exe
c:\documents and settings\Marcin\Application Data\drivers\downld\11301031.exe
c:\documents and settings\Marcin\Application Data\drivers\downld\11311203.exe
c:\documents and settings\Marcin\Application Data\drivers\downld\11313703.exe
c:\documents and settings\Marcin\Application Data\drivers\downld\11314515.exe
c:\documents and settings\Marcin\Application Data\drivers\downld\11338921.exe
c:\documents and settings\Marcin\Application Data\drivers\downld\113765.exe
c:\documents and settings\Marcin\Application Data\drivers\downld\11413078.exe
c:\documents and settings\Marcin\Application Data\drivers\downld\11417000.exe
c:\documents and settings\Marcin\Application Data\drivers\downld\11418234.exe
c:\documents and settings\Marcin\Application Data\drivers\downld\11418546.exe
c:\documents and settings\Marcin\Application Data\drivers\downld\11436687.exe
c:\documents and settings\Marcin\Application Data\drivers\downld\11437265.exe
c:\documents and settings\Marcin\Application Data\drivers\downld\11443171.exe
c:\documents and settings\Marcin\Application Data\drivers\downld\11443843.exe
c:\documents and settings\Marcin\Application Data\drivers\downld\11443859.exe
c:\documents and settings\Marcin\Application Data\drivers\downld\11448625.exe
c:\documents and settings\Marcin\Application Data\drivers\downld\11449781.exe
c:\documents and settings\Marcin\Application Data\drivers\downld\11450187.exe
c:\documents and settings\Marcin\Application Data\drivers\downld\11450859.exe
c:\documents and settings\Marcin\Application Data\drivers\downld\11477375.exe
c:\documents and settings\Marcin\Application Data\drivers\downld\115062.exe
c:\documents and settings\Marcin\Application Data\drivers\downld\115406.exe
c:\documents and settings\Marcin\Application Data\drivers\downld\116484.exe
c:\documents and settings\Marcin\Application Data\drivers\downld\11665640.exe
c:\documents and settings\Marcin\Application Data\drivers\downld\11667625.exe
c:\documents and settings\Marcin\Application Data\drivers\downld\11668171.exe
c:\documents and settings\Marcin\Application Data\drivers\downld\11751796.exe
c:\documents and settings\Marcin\Application Data\drivers\downld\11845625.exe
c:\documents and settings\Marcin\Application Data\drivers\downld\11862796.exe
c:\documents and settings\Marcin\Application Data\drivers\downld\11868359.exe
c:\documents and settings\Marcin\Application Data\drivers\downld\11868765.exe
c:\documents and settings\Marcin\Application Data\drivers\downld\11868843.exe
c:\documents and settings\Marcin\Application Data\drivers\downld\11869593.exe
c:\documents and settings\Marcin\Application Data\drivers\downld\118703.exe
c:\documents and settings\Marcin\Application Data\drivers\downld\11870640.exe
c:\documents and settings\Marcin\Application Data\drivers\downld\11870750.exe
c:\documents and settings\Marcin\Application Data\drivers\downld\119125.exe
c:\documents and settings\Marcin\Application Data\drivers\downld\131937.exe
c:\documents and settings\Marcin\Application Data\drivers\downld\133312.exe
c:\documents and settings\Marcin\Application Data\drivers\downld\133703.exe
c:\documents and settings\Marcin\Application Data\drivers\downld\149765.exe
c:\documents and settings\Marcin\Application Data\drivers\downld\154609.exe
c:\documents and settings\Marcin\Application Data\drivers\downld\155234.exe
c:\documents and settings\Marcin\Application Data\drivers\downld\166343.exe
c:\documents and settings\Marcin\Application Data\drivers\downld\16891937.exe
c:\documents and settings\Marcin\Application Data\drivers\downld\16892921.exe
c:\documents and settings\Marcin\Application Data\drivers\downld\16893109.exe
c:\documents and settings\Marcin\Application Data\drivers\downld\16898484.exe
c:\documents and settings\Marcin\Application Data\drivers\downld\16903265.exe
c:\documents and settings\Marcin\Application Data\drivers\downld\16903750.exe
c:\documents and settings\Marcin\Application Data\drivers\downld\16904812.exe
c:\documents and settings\Marcin\Application Data\drivers\downld\16905453.exe
c:\documents and settings\Marcin\Application Data\drivers\downld\16906015.exe
c:\documents and settings\Marcin\Application Data\drivers\downld\169062.exe
c:\documents and settings\Marcin\Application Data\drivers\downld\16995640.exe
c:\documents and settings\Marcin\Application Data\drivers\downld\16996312.exe
c:\documents and settings\Marcin\Application Data\drivers\downld\16996796.exe
c:\documents and settings\Marcin\Application Data\drivers\downld\17010937.exe
c:\documents and settings\Marcin\Application Data\drivers\downld\17011406.exe
c:\documents and settings\Marcin\Application Data\drivers\downld\17011578.exe
c:\documents and settings\Marcin\Application Data\drivers\downld\170140.exe
c:\documents and settings\Marcin\Application Data\drivers\downld\17017046.exe
c:\documents and settings\Marcin\Application Data\drivers\downld\17017859.exe
c:\documents and settings\Marcin\Application Data\drivers\downld\17017890.exe
c:\documents and settings\Marcin\Application Data\drivers\downld\17021625.exe
c:\documents and settings\Marcin\Application Data\drivers\downld\17022546.exe
c:\documents and settings\Marcin\Application Data\drivers\downld\17023062.exe
c:\documents and settings\Marcin\Application Data\drivers\downld\17024171.exe
c:\documents and settings\Marcin\Application Data\drivers\downld\17025000.exe
c:\documents and settings\Marcin\Application Data\drivers\downld\17025421.exe
c:\documents and settings\Marcin\Application Data\drivers\downld\17030750.exe
c:\documents and settings\Marcin\Application Data\drivers\downld\17134203.exe
c:\documents and settings\Marcin\Application Data\drivers\downld\17135781.exe
c:\documents and settings\Marcin\Application Data\drivers\downld\17136968.exe
c:\documents and settings\Marcin\Application Data\drivers\downld\17206921.exe
c:\documents and settings\Marcin\Application Data\drivers\downld\17207390.exe
c:\documents and settings\Marcin\Application Data\drivers\downld\17207609.exe
c:\documents and settings\Marcin\Application Data\drivers\downld\17225218.exe
c:\documents and settings\Marcin\Application Data\drivers\downld\17225375.exe
c:\documents and settings\Marcin\Application Data\drivers\downld\17225437.exe
c:\documents and settings\Marcin\Application Data\drivers\downld\17225703.exe
c:\documents and settings\Marcin\Application Data\drivers\downld\17225796.exe
c:\documents and settings\Marcin\Application Data\drivers\downld\17225828.exe
c:\documents and settings\Marcin\Application Data\drivers\downld\174171.exe
c:\documents and settings\Marcin\Application Data\drivers\downld\181640.exe
c:\documents and settings\Marcin\Application Data\drivers\downld\182765.exe
c:\documents and settings\Marcin\Application Data\drivers\downld\183109.exe
c:\documents and settings\Marcin\Application Data\drivers\downld\197859.exe
c:\documents and settings\Marcin\Application Data\drivers\downld\201375.exe
c:\documents and settings\Marcin\Application Data\drivers\downld\201906.exe
c:\documents and settings\Marcin\Application Data\drivers\downld\203046.exe
c:\documents and settings\Marcin\Application Data\drivers\downld\203343.exe
c:\documents and settings\Marcin\Application Data\drivers\downld\203531.exe
c:\documents and settings\Marcin\Application Data\drivers\downld\211062.exe
c:\documents and settings\Marcin\Application Data\drivers\downld\212812.exe
c:\documents and settings\Marcin\Application Data\drivers\downld\213500.exe
c:\documents and settings\Marcin\Application Data\drivers\downld\2163437.exe
c:\documents and settings\Marcin\Application Data\drivers\downld\2164406.exe
c:\documents and settings\Marcin\Application Data\drivers\downld\2164703.exe
c:\documents and settings\Marcin\Application Data\drivers\downld\217312.exe
c:\documents and settings\Marcin\Application Data\drivers\downld\2173421.exe
c:\documents and settings\Marcin\Application Data\drivers\downld\2174343.exe
c:\documents and settings\Marcin\Application Data\drivers\downld\2174765.exe
c:\documents and settings\Marcin\Application Data\drivers\downld\2175718.exe
c:\documents and settings\Marcin\Application Data\drivers\downld\2177796.exe
c:\documents and settings\Marcin\Application Data\drivers\downld\2178234.exe
c:\documents and settings\Marcin\Application Data\drivers\downld\2269687.exe
c:\documents and settings\Marcin\Application Data\drivers\downld\2270093.exe
c:\documents and settings\Marcin\Application Data\drivers\downld\2271375.exe
c:\documents and settings\Marcin\Application Data\drivers\downld\2284906.exe
c:\documents and settings\Marcin\Application Data\drivers\downld\2285406.exe
c:\documents and settings\Marcin\Application Data\drivers\downld\2285718.exe
c:\documents and settings\Marcin\Application Data\drivers\downld\2290828.exe
c:\documents and settings\Marcin\Application Data\drivers\downld\2291406.exe
c:\documents and settings\Marcin\Application Data\drivers\downld\2291421.exe
c:\documents and settings\Marcin\Application Data\drivers\downld\2295218.exe
c:\documents and settings\Marcin\Application Data\drivers\downld\2296218.exe
c:\documents and settings\Marcin\Application Data\drivers\downld\2296734.exe
c:\documents and settings\Marcin\Application Data\drivers\downld\2297312.exe
c:\documents and settings\Marcin\Application Data\drivers\downld\2298031.exe
c:\documents and settings\Marcin\Application Data\drivers\downld\2298421.exe
c:\documents and settings\Marcin\Application Data\drivers\downld\2303453.exe
c:\documents and settings\Marcin\Application Data\drivers\downld\2401796.exe
c:\documents and settings\Marcin\Application Data\drivers\downld\2404031.exe
c:\documents and settings\Marcin\Application Data\drivers\downld\2404656.exe
c:\documents and settings\Marcin\Application Data\drivers\downld\2472500.exe
c:\documents and settings\Marcin\Application Data\drivers\downld\2473406.exe
c:\documents and settings\Marcin\Application Data\drivers\downld\2473609.exe
c:\documents and settings\Marcin\Application Data\drivers\downld\2488437.exe
c:\documents and settings\Marcin\Application Data\drivers\downld\2488609.exe
c:\documents and settings\Marcin\Application Data\drivers\downld\2488640.exe
c:\documents and settings\Marcin\Application Data\drivers\downld\2488968.exe
c:\documents and settings\Marcin\Application Data\drivers\downld\2489609.exe
c:\documents and settings\Marcin\Application Data\drivers\downld\281156.exe
c:\documents and settings\Marcin\Application Data\drivers\downld\281875.exe
c:\documents and settings\Marcin\Application Data\drivers\downld\282406.exe
c:\documents and settings\Marcin\Application Data\drivers\downld\288078.exe
c:\documents and settings\Marcin\Application Data\drivers\downld\289015.exe
c:\documents and settings\Marcin\Application Data\drivers\downld\289078.exe
c:\documents and settings\Marcin\Application Data\drivers\downld\293468.exe
c:\documents and settings\Marcin\Application Data\drivers\downld\294515.exe
c:\documents and settings\Marcin\Application Data\drivers\downld\295015.exe
c:\documents and settings\Marcin\Application Data\drivers\downld\295703.exe
c:\documents and settings\Marcin\Application Data\drivers\downld\296406.exe
c:\documents and settings\Marcin\Application Data\drivers\downld\296843.exe
c:\documents and settings\Marcin\Application Data\drivers\downld\303078.exe
c:\documents and settings\Marcin\Application Data\drivers\downld\309531.exe
c:\documents and settings\Marcin\Application Data\drivers\downld\31628687.exe
c:\documents and settings\Marcin\Application Data\drivers\downld\31629468.exe
c:\documents and settings\Marcin\Application Data\drivers\downld\31629625.exe
c:\documents and settings\Marcin\Application Data\drivers\downld\31638046.exe
c:\documents and settings\Marcin\Application Data\drivers\downld\31654375.exe
c:\documents and settings\Marcin\Application Data\drivers\downld\31654703.exe
c:\documents and settings\Marcin\Application Data\drivers\downld\31656015.exe
c:\documents and settings\Marcin\Application Data\drivers\downld\31656640.exe
c:\documents and settings\Marcin\Application Data\drivers\downld\31657156.exe
c:\documents and settings\Marcin\Application Data\drivers\downld\317328.exe
c:\documents and settings\Marcin\Application Data\drivers\downld\31785984.exe
c:\documents and settings\Marcin\Application Data\drivers\downld\31786640.exe
c:\documents and settings\Marcin\Application Data\drivers\downld\31787015.exe
c:\documents and settings\Marcin\Application Data\drivers\downld\31801187.exe
c:\documents and settings\Marcin\Application Data\drivers\downld\31801781.exe
c:\documents and settings\Marcin\Application Data\drivers\downld\31801953.exe
c:\documents and settings\Marcin\Application Data\drivers\downld\31807515.exe
c:\documents and settings\Marcin\Application Data\drivers\downld\31807562.exe
c:\documents and settings\Marcin\Application Data\drivers\downld\31807609.exe
c:\documents and settings\Marcin\Application Data\drivers\downld\31812000.exe
c:\documents and settings\Marcin\Application Data\drivers\downld\31812906.exe
c:\documents and settings\Marcin\Application Data\drivers\downld\31813390.exe
c:\documents and settings\Marcin\Application Data\drivers\downld\31815390.exe
c:\documents and settings\Marcin\Application Data\drivers\downld\31816218.exe
c:\documents and settings\Marcin\Application Data\drivers\downld\31816843.exe
c:\documents and settings\Marcin\Application Data\drivers\downld\31822812.exe
c:\documents and settings\Marcin\Application Data\drivers\downld\318484.exe
c:\documents and settings\Marcin\Application Data\drivers\downld\31932046.exe
c:\documents and settings\Marcin\Application Data\drivers\downld\31933437.exe
c:\documents and settings\Marcin\Application Data\drivers\downld\31934093.exe
c:\documents and settings\Marcin\Application Data\drivers\downld\319828.exe
c:\documents and settings\Marcin\Application Data\drivers\downld\32002593.exe
c:\documents and settings\Marcin\Application Data\drivers\downld\32003125.exe
c:\documents and settings\Marcin\Application Data\drivers\downld\32003328.exe
c:\documents and settings\Marcin\Application Data\drivers\downld\32020609.exe
c:\documents and settings\Marcin\Application Data\drivers\downld\32020968.exe
c:\documents and settings\Marcin\Application Data\drivers\downld\32021062.exe
c:\documents and settings\Marcin\Application Data\drivers\downld\32021406.exe
c:\documents and settings\Marcin\Application Data\drivers\downld\32021437.exe
c:\documents and settings\Marcin\Application Data\drivers\downld\32021453.exe
c:\documents and settings\Marcin\Application Data\drivers\downld\336125.exe
c:\documents and settings\Marcin\Application Data\drivers\downld\336640.exe
c:\documents and settings\Marcin\Application Data\drivers\downld\342703.exe
c:\documents and settings\Marcin\Application Data\drivers\downld\343390.exe
c:\documents and settings\Marcin\Application Data\drivers\downld\343421.exe
c:\documents and settings\Marcin\Application Data\drivers\downld\348906.exe
c:\documents and settings\Marcin\Application Data\drivers\downld\350046.exe
c:\documents and settings\Marcin\Application Data\drivers\downld\350593.exe
c:\documents and settings\Marcin\Application Data\drivers\downld\351406.exe
c:\documents and settings\Marcin\Application Data\drivers\downld\352531.exe
c:\documents and settings\Marcin\Application Data\drivers\downld\357531.exe
c:\documents and settings\Marcin\Application Data\drivers\downld\358140.exe
c:\documents and settings\Marcin\Application Data\drivers\downld\358687.exe
c:\documents and settings\Marcin\Application Data\drivers\downld\373156.exe
c:\documents and settings\Marcin\Application Data\drivers\downld\373656.exe
c:\documents and settings\Marcin\Application Data\drivers\downld\373671.exe
c:\documents and settings\Marcin\Application Data\drivers\downld\377343.exe
c:\documents and settings\Marcin\Application Data\drivers\downld\379156.exe
c:\documents and settings\Marcin\Application Data\drivers\downld\379750.exe
c:\documents and settings\Marcin\Application Data\drivers\downld\383968.exe
c:\documents and settings\Marcin\Application Data\drivers\downld\385062.exe
c:\documents and settings\Marcin\Application Data\drivers\downld\385500.exe
c:\documents and settings\Marcin\Application Data\drivers\downld\387671.exe
c:\documents and settings\Marcin\Application Data\drivers\downld\433125.exe
c:\documents and settings\Marcin\Application Data\drivers\downld\572687.exe
c:\documents and settings\Marcin\Application Data\drivers\downld\574609.exe
c:\documents and settings\Marcin\Application Data\drivers\downld\575796.exe
c:\documents and settings\Marcin\Application Data\drivers\downld\647203.exe
c:\documents and settings\Marcin\Application Data\drivers\downld\647968.exe
c:\documents and settings\Marcin\Application Data\drivers\downld\648171.exe
c:\documents and settings\Marcin\Application Data\drivers\downld\661796.exe
c:\documents and settings\Marcin\Application Data\drivers\downld\665562.exe
c:\documents and settings\Marcin\Application Data\drivers\downld\666000.exe
c:\documents and settings\Marcin\Application Data\drivers\downld\666109.exe
c:\documents and settings\Marcin\Application Data\drivers\downld\666468.exe
c:\documents and settings\Marcin\Application Data\drivers\downld\667390.exe
c:\documents and settings\Marcin\Application Data\drivers\downld\667406.exe
c:\documents and settings\Marcin\Application Data\drivers\downld\99156.exe
c:\documents and settings\Marcin\Application Data\drivers\srosa2.sys
c:\documents and settings\Marcin\Application Data\drivers\wfsintwq.sys
c:\documents and settings\Marcin\Application Data\drivers\winupgro.exe
c:\documents and settings\Marcin\Application Data\m
c:\documents and settings\Marcin\Application Data\m\data.oct
c:\documents and settings\Marcin\Application Data\m\flec006.exe
c:\documents and settings\Marcin\Application Data\m\list.oct
c:\documents and settings\Marcin\Application Data\m\shared\#1 Bulk PageRank Checker 1.10.zip
c:\documents and settings\Marcin\Application Data\m\shared\Abcc All Media Converter Platinum 4.3.zip
c:\documents and settings\Marcin\Application Data\m\shared\Able2Doc - PDF to Word Conversion 3.0 (Key).zip
c:\documents and settings\Marcin\Application Data\m\shared\Aevita Advanced HTML Optimizer 3.3.zip
c:\documents and settings\Marcin\Application Data\m\shared\Ai Yori Aoshi 1.zip
c:\documents and settings\Marcin\Application Data\m\shared\Anne Hathaway Screensaver2.zip
c:\documents and settings\Marcin\Application Data\m\shared\Antechinus JavaScript Editor Standard 6.0.zip
c:\documents and settings\Marcin\Application Data\m\shared\Apollo Audio DVD Creator 1.2.29.zip
c:\documents and settings\Marcin\Application Data\m\shared\Argente - Process Manager 1.3.0.1.zip
c:\documents and settings\Marcin\Application Data\m\shared\Armobiles 1.0.zip
c:\documents and settings\Marcin\Application Data\m\shared\Aros Magic Checkers 1.5.zip
c:\documents and settings\Marcin\Application Data\m\shared\AVTJet Video Studio 2.0.8.zip
c:\documents and settings\Marcin\Application Data\m\shared\B3 2.993 Beta.zip
c:\documents and settings\Marcin\Application Data\m\shared\BatMan Widget 3.1.4.zip
c:\documents and settings\Marcin\Application Data\m\shared\Battlefield 1942 - ADCAP Destroyer mod.zip
c:\documents and settings\Marcin\Application Data\m\shared\Birthday Bios 4.3.0 Crack.zip
c:\documents and settings\Marcin\Application Data\m\shared\Boyer-Moore Search Implementation 1.12.zip
c:\documents and settings\Marcin\Application Data\m\shared\Business Restructuring Expert 1.7 Key+Serial.zip
c:\documents and settings\Marcin\Application Data\m\shared\CA Anti-Spam 5.0.416.zip
c:\documents and settings\Marcin\Application Data\m\shared\Christmas Screensaver 3.0.zip
c:\documents and settings\Marcin\Application Data\m\shared\CloseMany 2.3.zip
c:\documents and settings\Marcin\Application Data\m\shared\CoffeeCup WebCam 3.5.zip
c:\documents and settings\Marcin\Application Data\m\shared\CRD Subscription 6.1.zip
c:\documents and settings\Marcin\Application Data\m\shared\CrossVC XXL 2.0.zip
c:\documents and settings\Marcin\Application Data\m\shared\Crystal REVS for C 2.75.zip
c:\documents and settings\Marcin\Application Data\m\shared\Cue Club.zip
c:\documents and settings\Marcin\Application Data\m\shared\Curtain 1.zip
c:\documents and settings\Marcin\Application Data\m\shared\Data Master 2003 11.8.0.305 Beta.zip
c:\documents and settings\Marcin\Application Data\m\shared\DataConversionTools.com CSVtoSQL Converter 1.01 [Key].zip
c:\documents and settings\Marcin\Application Data\m\shared\Developer Spell Check Engine 4.0.0.zip
c:\documents and settings\Marcin\Application Data\m\shared\Digital Vault 2.1.5.0 (KeyGen).zip
c:\documents and settings\Marcin\Application Data\m\shared\DiskView 3.6.zip
c:\documents and settings\Marcin\Application Data\m\shared\DriveHQ FileManager with FTP Hosting 4.0.269.zip
c:\documents and settings\Marcin\Application Data\m\shared\Drugstore.com Explorer 1.0.zip
c:\documents and settings\Marcin\Application Data\m\shared\Easy AuctionTools 5.36.zip
c:\documents and settings\Marcin\Application Data\m\shared\Easy HTML Construction Kit 9.21.zip
c:\documents and settings\Marcin\Application Data\m\shared\Easy Russian Dialogs 3.11 [Key+Serial].zip
c:\documents and settings\Marcin\Application Data\m\shared\Egyptian Portraits by Winifred Brunton 1.0.zip
c:\documents and settings\Marcin\Application Data\m\shared\eRanch 1.0.zip
c:\documents and settings\Marcin\Application Data\m\shared\ErgoAssist.zip
c:\documents and settings\Marcin\Application Data\m\shared\Family Tree-Printery 3.0.zip
c:\documents and settings\Marcin\Application Data\m\shared\FastOpen XP Gold 3.0.zip
c:\documents and settings\Marcin\Application Data\m\shared\FCOPY 1.12 Crack.zip
c:\documents and settings\Marcin\Application Data\m\shared\File Maven Pro 2.21 Patch.zip
c:\documents and settings\Marcin\Application Data\m\shared\File Maven Pro 2.21.zip
c:\documents and settings\Marcin\Application Data\m\shared\File Tracker 1.0 Crack.zip
c:\documents and settings\Marcin\Application Data\m\shared\Fleet Maintenance Pro Standard 10.0.1.19.zip
c:\documents and settings\Marcin\Application Data\m\shared\Fontographer 4.73.zip
c:\documents and settings\Marcin\Application Data\m\shared\FRS Score Collector 1.0.3.zip
c:\documents and settings\Marcin\Application Data\m\shared\Full Convert Enterprise 2.17.zip
c:\documents and settings\Marcin\Application Data\m\shared\GTI Mortsel in 3D photo 2.0.zip
c:\documents and settings\Marcin\Application Data\m\shared\Herbal Remedies 1.5.zip
c:\documents and settings\Marcin\Application Data\m\shared\HighVIP Protected Email 2.7.0.zip
c:\documents and settings\Marcin\Application Data\m\shared\HTML LZW Pro 2.5.0415.zip
c:\documents and settings\Marcin\Application Data\m\shared\Icon Extractor 1.0.0.5.zip
c:\documents and settings\Marcin\Application Data\m\shared\ID AntiPhishing 1.2.zip
c:\documents and settings\Marcin\Application Data\m\shared\Image Suit 4.0.1.zip
c:\documents and settings\Marcin\Application Data\m\shared\Instant Team Spring 2006 Edition 1.5.zip
c:\documents and settings\Marcin\Application Data\m\shared\IntelliAdmin LAN Edition 2.5.zip
c:\documents and settings\Marcin\Application Data\m\shared\IP Wizard Toolpack 3.0.3.zip
c:\documents and settings\Marcin\Application Data\m\shared\JPhotoViewer 1.1 (Key+Serial).zip
c:\documents and settings\Marcin\Application Data\m\shared\LEARNit Spanish Verb Tutor 1.1.zip
c:\documents and settings\Marcin\Application Data\m\shared\Leonardo EDA 0.01.zip
c:\documents and settings\Marcin\Application Data\m\shared\Magic Audio Editor Pro 10.3.11 [Crack].zip
c:\documents and settings\Marcin\Application Data\m\shared\Micro Menu 2.1.zip
c:\documents and settings\Marcin\Application Data\m\shared\MLA Survival of the Florid 3.0.2.zip
c:\documents and settings\Marcin\Application Data\m\shared\Movie Magic Screenwriter 2000 4.6.zip
c:\documents and settings\Marcin\Application Data\m\shared\Multi Project Planner 2.1.zip
c:\documents and settings\Marcin\Application Data\m\shared\MySQL Delete (Remove) Duplicate Entries Software 7.0 Cracked.zip
c:\documents and settings\Marcin\Application Data\m\shared\Nectarine Requester 1.0 Beta.zip
c:\documents and settings\Marcin\Application Data\m\shared\Nod32.Pl+Wpis.do.rejestru.zip
c:\documents and settings\Marcin\Application Data\m\shared\Nursery Rhymes Studio 1.0.zip
c:\documents and settings\Marcin\Application Data\m\shared\Opell Video to 3GP Converter 2.1.15.zip
c:\documents and settings\Marcin\Application Data\m\shared\Outlook Email Extractor 2.0.zip
c:\documents and settings\Marcin\Application Data\m\shared\Oxygen SMS Plugin for Alchemy Eye 1.1.zip
c:\documents and settings\Marcin\Application Data\m\shared\ParaWorld single-player demo.zip
c:\documents and settings\Marcin\Application Data\m\shared\PCSpeeder 3.0.zip
c:\documents and settings\Marcin\Application Data\m\shared\Perfect Companion 3.8.zip
c:\documents and settings\Marcin\Application Data\m\shared\Perfect4contact 3.0 [Cracked].zip
c:\documents and settings\Marcin\Application Data\m\shared\Photo Copier Professional 5.0.zip
c:\documents and settings\Marcin\Application Data\m\shared\Photo Suit 4.0.zip
c:\documents and settings\Marcin\Application Data\m\shared\PictureBetter 1.1 [With Crack].zip
c:\documents and settings\Marcin\Application Data\m\shared\Power Media Converter 1.1.zip
c:\documents and settings\Marcin\Application Data\m\shared\PowerLotto6 1.12.zip
c:\documents and settings\Marcin\Application Data\m\shared\PS Text Formatter 1.0.zip
c:\documents and settings\Marcin\Application Data\m\shared\pwStore 1.0.6.421.zip
c:\documents and settings\Marcin\Application Data\m\shared\pyFlashCards 0.2.1.zip
c:\documents and settings\Marcin\Application Data\m\shared\RadEdit 1.1D.zip
c:\documents and settings\Marcin\Application Data\m\shared\Real Lives 2007 [Key+Serial].zip
c:\documents and settings\Marcin\Application Data\m\shared\Reportizer 3.2.2.389.zip
c:\documents and settings\Marcin\Application Data\m\shared\Restoration Manager 1 build 1061.zip
c:\documents and settings\Marcin\Application Data\m\shared\RGS-AutoShutDown 1.2.0.zip
c:\documents and settings\Marcin\Application Data\m\shared\Roosl's Mail Filter 4.0 (Key+Serial).zip
c:\documents and settings\Marcin\Application Data\m\shared\SaveCD 0.9.zip
c:\documents and settings\Marcin\Application Data\m\shared\Scorched Planet demo.zip
c:\documents and settings\Marcin\Application Data\m\shared\Screensaver Builder 3.20.zip
c:\documents and settings\Marcin\Application Data\m\shared\ScreenViewer 1.8.4.zip
c:\documents and settings\Marcin\Application Data\m\shared\Sexy Valentine Heart Demo Screensaver 1.0 Key+Serial.zip
c:\documents and settings\Marcin\Application Data\m\shared\SFTPBlackbox (.NET) 5.1 (Patch).zip
c:\documents and settings\Marcin\Application Data\m\shared\ShortCuts 1.0 (With Crack).zip
c:\documents and settings\Marcin\Application Data\m\shared\Signal Generator 1.zip
c:\documents and settings\Marcin\Application Data\m\shared\Simple Timer 1.0.0 [Serial].zip
c:\documents and settings\Marcin\Application Data\m\shared\Small Business Publisher 3.2.zip
c:\documents and settings\Marcin\Application Data\m\shared\Smart Decimate 0.23.zip
c:\documents and settings\Marcin\Application Data\m\shared\SP Ace 1 [Key].zip
c:\documents and settings\Marcin\Application Data\m\shared\Speak Lite 1.0.41.zip
c:\documents and settings\Marcin\Application Data\m\shared\StartupXPert 2.1.zip
c:\documents and settings\Marcin\Application Data\m\shared\Stevie.Wonder.Songs.In.The.Key.Of.Life.Cd2.(192Kbps)By.Panda.zip
c:\documents and settings\Marcin\Application Data\m\shared\Stock Icons 1.0 Cracked.zip
c:\documents and settings\Marcin\Application Data\m\shared\Super AJAX Programming Seed 1.0.zip
c:\documents and settings\Marcin\Application Data\m\shared\System Purifier 3.38.zip
c:\documents and settings\Marcin\Application Data\m\shared\TermiNET 2.8.11.1575.zip
c:\documents and settings\Marcin\Application Data\m\shared\The Elder Scrolls III Morrowind Golem and Dragons mod.zip
c:\documents and settings\Marcin\Application Data\m\shared\The Howard Stern Widget 1.1.zip
c:\documents and settings\Marcin\Application Data\m\shared\Tidy Favorites 3.4.zip
c:\documents and settings\Marcin\Application Data\m\shared\Unreal Tournament 2004 OSRL mutator.zip
c:\documents and settings\Marcin\Application Data\m\shared\Video to iPod Converter 1.011.zip
c:\documents and settings\Marcin\Application Data\m\shared\Virtual Serial Port ActiveX 5.0 build 5.0.8.57.zip
c:\documents and settings\Marcin\Application Data\m\shared\Visio Electrical 1.1 (KeyGen).zip
c:\documents and settings\Marcin\Application Data\m\shared\Webcam Timershot 1.0.zip
c:\documents and settings\Marcin\Application Data\m\shared\What-if Analysis Manager 1.0.zip
c:\documents and settings\Marcin\Application Data\m\shared\WinI2C-DDC 2.30.zip
c:\documents and settings\Marcin\Application Data\m\shared\WordPerfect to XML HTML - WP 2 Web Publisher 1.0.zip
c:\documents and settings\Marcin\Application Data\m\shared\WordSmith 2.2.23.zip
c:\documents and settings\Marcin\Application Data\m\shared\XRM Radio ELectronic 1.1.zip
c:\documents and settings\Marcin\Application Data\m\shared\Yahoo Messenger Plug-In SDK 1.0b1.zip
c:\documents and settings\Marcin\Application Data\m\srvlist.oct
c:\documents and settings\Marcin\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
c:\windows\system32\_003871_.tmp.dll
c:\windows\system32\ban_list.txt
c:\windows\system32\e100bmsg.dll
c:\windows\system32\mdelk.exe
c:\windows\system32\wintems.exe

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_SROSA
-------\Legacy_SROSA
-------\Legacy_SK9OU0S
-------\Service_sK9Ou0s

((((((((((((((((((((((((( Files Created from 2009-04-01 to 2009-05-01 )))))))))))))))))))))))))))))))
.

2009-04-29 19:43 . 2009-04-29 19:43 -------- d--h--w c:\windows\PIF
2009-04-28 19:16 . 2008-04-14 03:41 76288 -c--a-w c:\windows\system32\dllcache\uniime.dll
2009-04-28 19:15 . 2002-08-29 12:00 92416 -c--a-w c:\windows\system32\dllcache\mga.sys
2009-04-28 19:14 . 2002-08-29 12:00 45568 -c--a-w c:\windows\system32\dllcache\browscap.dll
2009-04-28 19:00 . 2002-08-29 12:00 13312 -c--a-w c:\windows\system32\dllcache\irclass.dll
2009-04-28 19:00 . 2002-08-29 12:00 13312 ----a-w c:\windows\system32\irclass.dll
2009-04-28 19:00 . 2002-08-29 12:00 24661 -c--a-w c:\windows\system32\dllcache\spxcoins.dll
2009-04-28 19:00 . 2002-08-29 12:00 24661 ----a-w c:\windows\system32\spxcoins.dll
2009-04-26 20:47 . 2009-04-26 20:47 -------- d-----w c:\documents and settings\Edyta\Application Data\Skype
2009-04-26 20:04 . 2009-05-01 15:00 -------- d--h--w c:\documents and settings\Marcin\Application Data\drivers
2009-04-19 17:07 . 2009-04-19 17:07 -------- d-----w c:\documents and settings\Marcin\Local Settings\Application Data\Nero
2009-04-18 22:32 . 2009-04-18 22:32 -------- d-----w c:\program files\Common Files\Logitech
2009-04-18 22:32 . 2009-04-18 22:32 -------- d-----w c:\documents and settings\Marcin\Local Settings\Application Data\Downloaded Installations
2009-04-18 21:59 . 2009-04-18 21:59 -------- d-----w c:\documents and settings\Edyta\Application Data\Sony Corporation
2009-04-18 21:52 . 2009-04-18 21:52 -------- d-----w c:\documents and settings\Marcin\Local Settings\Application Data\Stardock
2009-04-18 21:44 . 2006-08-02 13:01 138 ----a-w c:\windows\system32\VIPuninstall.bat
2009-04-18 21:30 . 2009-04-18 22:27 -------- d-----w c:\windows\VIPv3
2009-04-18 20:57 . 2009-04-18 20:57 -------- d-----w c:\documents and settings\Marcin\Application Data\Sony Corporation
2009-04-18 19:34 . 2006-03-17 03:20 40544 ----a-w c:\windows\system32\drivers\DRVNDDM.SYS
2009-04-18 19:34 . 2006-06-12 01:30 89264 ----a-w c:\windows\system32\drivers\DRVMCDB.SYS
2009-04-18 19:34 . 2006-03-17 06:35 5660 ----a-w c:\windows\system32\drivers\DLACDBHM.SYS
2009-04-18 19:34 . 2006-03-17 06:34 22684 ----a-w c:\windows\system32\drivers\DLARTL_N.SYS
2009-04-18 19:34 . 2006-06-13 03:20 61500 ----a-w c:\windows\system32\DLAAPI_W.DLL
2009-04-18 19:34 . 2006-06-13 03:20 94263 ----a-w c:\windows\DLA.EXE
2009-04-18 19:34 . 2009-04-18 19:34 -------- d-----w c:\windows\system32\DLA
2009-04-18 19:34 . 2009-04-18 19:34 -------- d-----w c:\program files\Sonic
2009-04-18 19:31 . 2009-04-18 19:31 -------- d-----w c:\program files\Sony
2009-04-18 19:30 . 2009-04-18 19:30 -------- d-----w c:\documents and settings\All Users\Application Data\Sony Corporation
2009-04-18 19:28 . 2009-04-18 19:28 -------- d-----w c:\documents and settings\Marcin\Application Data\InstallShield
2009-04-18 14:00 . 2009-04-18 14:00 -------- d-----w c:\documents and settings\Marcin\05 - Mieszkanie
2009-04-18 13:59 . 2009-04-18 13:59 -------- d-----w c:\documents and settings\Marcin\04 - Kamienica
2009-04-18 13:59 . 2009-04-18 13:59 -------- d-----w c:\documents and settings\Marcin\03 - Praca
2009-04-18 13:59 . 2009-04-18 13:59 -------- d-----w c:\documents and settings\Marcin\02 - Pisma
2009-04-18 13:59 . 2009-04-18 13:59 -------- d-----w c:\documents and settings\Marcin\01 - Templates
2009-04-18 13:59 . 2009-04-18 13:59 -------- d-----w c:\documents and settings\Marcin\99 - Hand Over
2009-04-18 13:49 . 2009-04-18 13:49 -------- d-----w c:\documents and settings\Marcin\13 - Family
2009-04-18 13:43 . 2009-04-18 13:49 -------- d-----w c:\documents and settings\Marcin\12 - Nikon
2009-04-18 13:43 . 2009-04-18 13:43 -------- d-----w c:\documents and settings\Marcin\11 - Sport
2009-04-18 13:43 . 2009-04-18 13:43 -------- d-----w c:\documents and settings\Marcin\10 - Company
2009-04-18 13:39 . 2009-04-18 13:39 -------- d-----w c:\documents and settings\Marcin\08 - Zdjecia
2009-04-18 13:39 . 2009-04-18 13:39 -------- d-----w c:\documents and settings\Marcin\07 - Know-how
2009-04-18 13:39 . 2009-04-18 19:35 -------- d-----w c:\documents and settings\Marcin\06 - Mail accounts
2009-04-18 13:12 . 2009-04-18 13:12 -------- d-----w c:\documents and settings\Edyta\Application Data\Leadertech
2009-04-18 13:00 . 2005-03-22 15:20 339968 ----a-w c:\windows\stsystra.exe
2009-04-18 13:00 . 2005-11-16 13:35 172032 ----a-w c:\windows\system32\stacapi.dll
2009-04-18 13:00 . 2009-04-18 13:00 -------- d-----w c:\program files\SigmaTel
2009-04-18 09:46 . 2009-02-13 09:31 55640 ----a-w c:\windows\system32\drivers\avgntflt.sys
2009-04-18 09:30 . 2009-04-18 09:30 4212 ---ha-w c:\windows\system32\zllictbl.dat
2009-04-18 09:30 . 2009-02-15 22:10 1221512 ----a-w c:\windows\system32\zpeng25.dll
2009-04-18 09:30 . 2009-04-29 19:38 -------- d-----w c:\windows\system32\ZoneLabs
2009-04-18 09:30 . 2009-04-18 09:30 -------- d-----w c:\program files\Zone Labs
2009-04-18 09:28 . 2009-04-27 07:01 -------- d-----w c:\windows\Internet Logs
2009-04-17 22:09 . 2009-04-17 22:09 -------- d-----w c:\documents and settings\Marcin\Application Data\Leadertech
2009-04-17 21:47 . 2009-04-17 21:47 -------- d-----w c:\program files\Microsoft CAPICOM 2.1.0.2
2009-04-17 21:28 . 2009-04-17 21:28 -------- d-----w c:\program files\Secunia
2009-04-17 21:23 . 2009-04-18 13:23 -------- d-----w c:\program files\CCleaner
2009-04-17 12:34 . 2009-04-17 12:34 -------- d-----w c:\documents and settings\NetworkService\Local Settings\Application Data\Apple
2009-04-16 20:24 . 2009-04-16 20:24 -------- d-----w c:\documents and settings\Marcin\Local Settings\Application Data\Google
2009-04-16 20:24 . 2009-04-16 20:24 -------- d-----w c:\documents and settings\Marcin\Local Settings\Application Data\Deployment
2009-04-16 20:09 . 2009-04-16 20:09 127034 ------r c:\windows\bwUnin-8.1.1.50-8876480SL.exe
2009-04-16 20:08 . 2009-04-16 20:08 -------- dc----w c:\windows\system32\DRVSTORE
2009-04-16 20:07 . 2009-04-17 22:09 -------- d-----w c:\documents and settings\All Users\Application Data\Logishrd
2009-04-16 20:07 . 2009-04-17 22:09 -------- d-----w c:\program files\Common Files\LogiShrd
2009-04-16 20:07 . 2009-04-16 20:07 -------- d-----w c:\documents and settings\All Users\Application Data\Logitech
2009-04-16 20:07 . 2009-04-17 22:09 -------- d-----w c:\program files\Logitech
2009-04-16 18:46 . 2009-04-16 18:46 -------- d-----w c:\documents and settings\Edyta\Local Settings\Application Data\Microsoft Help
2009-04-16 18:43 . 2009-04-16 18:43 -------- d-----w c:\documents and settings\Edyta\Application Data\DAEMON Tools
2009-04-16 18:43 . 2009-04-16 18:45 -------- d-----w c:\documents and settings\Edyta\Application Data\DAEMON Tools Lite
2009-04-16 18:43 . 2009-04-16 18:43 -------- d-----w c:\documents and settings\Edyta\Application Data\DAEMON Tools Pro
2009-04-16 18:41 . 2009-04-17 13:09 -------- d-----w c:\documents and settings\Edyta\Application Data\Nero
2009-04-16 18:33 . 1997-05-06 04:24 447488 ----a-w c:\windows\system32\HEIDI3.DLL
2009-04-16 18:33 . 1997-05-06 04:26 721168 ----a-w c:\windows\system32\VB40032.DLL
2009-04-16 18:33 . 1997-05-06 04:15 7680 ----a-w c:\windows\system32\ADRESC.DLL
2009-04-16 18:33 . 1997-05-06 04:24 42496 ----a-w c:\windows\system32\MTSTACK.EXE
2009-04-16 18:33 . 1997-05-06 04:15 267264 ----a-w c:\windows\system32\ACADFICN.DLL
2009-04-16 18:33 . 1997-05-06 04:15 76800 ----a-w c:\windows\system32\REGACAD.DLL
2009-04-16 18:33 . 2009-04-18 13:30 -------- d-----w c:\program files\AutoCAD R14
2009-04-16 16:21 . 2008-05-03 11:55 2560 ------w c:\windows\system32\xpsp4res.dll
2009-04-15 20:28 . 2009-04-15 20:28 200192 ----a-w c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2009-04-15 18:30 . 2002-03-01 09:28 109840 ----a-w c:\windows\system32\drivers\hpbf242f.dll
2009-04-15 18:30 . 2002-03-01 09:26 1417488 ----a-w c:\windows\system32\drivers\hpbf242g.dll
2009-04-15 18:30 . 2002-03-01 09:27 1096464 ----a-w c:\windows\system32\drivers\hpbf242h.dll
2009-04-15 18:30 . 2001-05-04 02:31 45056 ----a-w c:\windows\system32\drivers\hpbafd32.dll
2009-04-15 18:30 . 2002-03-01 09:27 8464 ----a-w c:\windows\system32\drivers\hpbf242e.dll
2009-04-15 18:30 . 2002-03-01 09:30 290576 ----a-w c:\windows\system32\drivers\hpbf242j.dll
2009-04-15 18:30 . 2002-03-01 09:25 460800 ----a-w c:\windows\system32\drivers\hpbf242k.dll
2009-04-15 18:30 . 2000-03-13 00:58 99840 ----a-w c:\windows\system32\drivers\hpbftm32.dll
2009-04-15 18:30 . 2001-03-14 07:08 58880 ----a-w c:\windows\system32\drivers\hpdcmon.dll
2009-04-15 18:30 . 2002-03-01 09:29 351504 ----a-w c:\windows\system32\drivers\hpbf242i.dll
2009-04-15 18:28 . 2009-04-15 18:28 -------- d-----w c:\documents and settings\Edyta\Local Settings\Application Data\Help
2009-04-15 18:28 . 2009-04-15 18:28 -------- d-----w C:\lj525
2009-04-15 18:20 . 1997-01-22 13:23 299520 ----a-w c:\windows\uninst.exe
2009-04-15 18:20 . 2009-04-15 18:20 -------- d-----w c:\documents and settings\Edyta\WINDOWS
2009-04-15 18:15 . 2008-04-13 18:47 25856 ----a-w c:\windows\system32\drivers\usbprint.sys
2009-04-15 18:13 . 1993-07-22 21:00 210944 ------w c:\windows\system32\Msvcrt10.dll
2009-04-15 18:13 . 2001-03-15 03:18 65536 ------w c:\windows\system32\adistres.dll
2009-04-15 18:13 . 2001-03-15 03:18 20584 ------w c:\windows\system32\PdfPorts.dll
2009-04-15 18:13 . 2001-03-15 02:55 101200 ------w c:\windows\system32\pdfshell.dll
2009-04-15 18:13 . 2009-04-17 22:25 -------- d-----w c:\windows\system32\Adobe
2009-04-15 18:12 . 2009-04-15 18:12 -------- d-----w c:\documents and settings\Edyta\Application Data\InterTrust
2009-04-15 18:11 . 1998-10-29 12:45 306688 ----a-w c:\windows\IsUninst.exe
2009-04-15 14:28 . 2009-04-15 14:28 -------- d-----w c:\documents and settings\Edyta\Local Settings\Application Data\Apple Computer
2009-04-15 14:27 . 2009-04-15 14:27 -------- d-----w c:\documents and settings\Edyta\Application Data\Quark
2009-04-15 11:54 . 2009-04-15 11:54 -------- d-----w c:\documents and settings\Edyta\Local Settings\Application Data\Adobe
2009-04-14 21:19 . 2009-04-14 21:19 -------- d-----w c:\documents and settings\Marcin\Local Settings\Application Data\Identities
2009-04-14 20:56 . 2009-04-14 20:56 -------- d-----w c:\documents and settings\Edyta\Local Settings\Application Data\ACDSee
2009-04-14 20:56 . 2009-04-14 20:56 -------- d-----w c:\documents and settings\Edyta\Application Data\ACD Systems
2009-04-14 18:44 . 2006-10-26 17:56 32592 ----a-w c:\windows\system32\msonpmon.dll
2009-04-14 18:43 . 2009-04-16 18:51 -------- d-----w c:\program files\Microsoft Works
2009-04-14 18:42 . 2009-04-14 18:42 -------- d-----w c:\program files\Microsoft.NET
2009-04-14 18:40 . 2009-04-16 19:39 -------- d--h--w c:\windows\ShellNew
2009-04-14 18:40 . 2009-04-14 18:40 -------- d--h--r C:\MSOCache
2009-04-14 18:36 . 2009-04-14 18:36 -------- d-----w c:\documents and settings\Marcin\Application Data\DAEMON Tools
2009-04-14 18:36 . 2009-04-14 18:36 -------- d-----w c:\documents and settings\Marcin\Application Data\DAEMON Tools Pro
2009-04-14 18:35 . 2009-04-14 18:35 -------- d-----w c:\documents and settings\All Users\Application Data\DAEMON Tools Lite
2009-04-14 18:35 . 2009-04-14 18:35 -------- d-----w c:\program files\DAEMON Tools Lite
2009-04-14 18:29 . 2009-04-14 18:29 717296 ----a-w c:\windows\system32\drivers\sptd.sys
2009-04-14 18:29 . 2009-04-14 18:37 -------- d-----w c:\documents and settings\Marcin\Application Data\DAEMON Tools Lite
2009-04-14 13:39 . 2009-04-14 13:39 -------- d-----w c:\documents and settings\Edyta\Local Settings\Application Data\Autodesk
2009-04-14 13:39 . 2009-04-14 13:39 -------- d-----w c:\documents and settings\Edyta\Application Data\Autodesk
2009-04-14 09:04 . 2009-04-17 08:45 98872 ----a-w c:\documents and settings\Edyta\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-04-13 21:41 . 2009-04-13 21:41 -------- d-----w c:\documents and settings\Marcin\Application Data\Uniblue
2009-04-13 21:04 . 2009-04-13 21:04 -------- d-----w c:\documents and settings\Marcin\Local Settings\Application Data\PCHealth
2009-04-13 20:43 . 2009-04-13 20:43 -------- d-----w c:\documents and settings\Marcin\Local Settings\Application Data\Microsoft Help
2009-04-13 20:43 . 2009-04-17 21:52 -------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-01 15:04 . 2009-04-16 20:10 0 ----a-w c:\windows\system32\drivers\lvuvc.hs
2009-05-01 15:04 . 2009-04-16 20:10 0 ----a-w c:\windows\system32\drivers\logiflt.iad
2009-04-28 19:13 . 2002-08-29 12:00 67 --sha-w c:\windows\Fonts\desktop.ini
2009-04-28 19:10 . 2009-04-12 11:06 22720 ----a-w c:\windows\system32\emptyregdb.dat
2009-04-27 06:58 . 2009-04-25 08:14 1378384 ----a-w c:\windows\Internet Logs\tvDebug.Zip
2009-04-19 10:52 . 2009-04-19 10:52 98872 ----a-w c:\documents and settings\Maya Nela\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-04-18 12:50 . 2009-04-12 16:11 6384 ----a-w c:\windows\system32\drivers\sthdae.log
2009-04-18 09:51 . 2009-04-12 11:27 -------- d-----w c:\documents and settings\Marcin\Application Data\SUPERAntiSpyware.com
2009-04-18 09:51 . 2009-04-12 11:27 -------- d-----w c:\program files\SUPERAntiSpyware
2009-04-12 21:14 . 2009-04-12 21:14 -------- d-----w c:\program files\DivX
2009-04-12 21:14 . 2009-04-12 21:14 -------- d-----w c:\program files\Common Files\DivX Shared
2009-04-12 15:34 . 2009-04-12 11:08 86327 ----a-w c:\windows\PCHealth\HelpCtr\OfflineCache\index.dat
2009-04-12 14:57 . 2009-04-12 14:57 2678 ----a-w c:\windows\java\Packages\Data\2JV5VVZV.DAT
2009-04-12 14:57 . 2009-04-12 14:57 2678 ----a-w c:\windows\java\Packages\Data\OX35ZP39.DAT
2009-04-12 14:57 . 2009-04-12 14:57 2678 ----a-w c:\windows\java\Packages\Data\UNHN1NXB.DAT
2009-04-12 14:57 . 2009-04-12 14:57 2678 ----a-w c:\windows\java\Packages\Data\PVVPFP7T.DAT
2009-04-12 14:57 . 2009-04-12 14:57 2678 ----a-w c:\windows\java\Packages\Data\OJDJ7FNZ.DAT
2009-04-12 11:27 . 2009-04-12 11:27 -------- d-----w c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2009-04-12 11:09 . 2009-04-12 11:09 -------- d-----w c:\program files\microsoft frontpage
2009-04-12 11:08 . 2009-04-12 11:08 558142 ----a-w c:\windows\java\Packages\7HBD3B7F.ZIP
2009-04-12 11:08 . 2009-04-12 11:08 155995 ----a-w c:\windows\java\Packages\G4OFPRF5.ZIP
2009-03-24 11:03 . 2009-03-24 11:03 7808 ----a-w c:\windows\system32\drivers\psi_mf.sys
2009-03-06 11:54 . 2009-03-06 11:54 180224 ----a-w c:\windows\system32\Ncs2Setp.dll
2009-03-04 13:42 . 2009-03-04 13:42 760368 ----a-w c:\windows\system32\ncs2dmix.dll
2009-03-04 13:41 . 2009-03-04 13:41 530992 ----a-w c:\windows\system32\accesor.dll
2009-03-04 13:26 . 2009-03-04 13:26 141872 ----a-w c:\windows\system32\ncs2instutility.dll
2009-03-04 13:17 . 2009-03-04 13:17 1522224 ----a-w c:\windows\system32\ncscolib.dll
2009-02-24 19:35 . 2009-04-12 21:14 9464 ------w c:\windows\system32\drivers\cdralw2k.sys
2009-02-24 19:35 . 2009-04-12 21:14 9336 ------w c:\windows\system32\drivers\cdr4_xp.sys
2009-02-24 19:35 . 2009-04-12 21:14 43528 ------w c:\windows\system32\drivers\PxHelp20.sys
2009-02-24 19:35 . 2009-04-12 21:14 129784 ------w c:\windows\system32\pxafs.dll
2009-02-24 19:35 . 2009-04-12 21:14 120056 ------w c:\windows\system32\pxcpyi64.exe
2009-02-24 19:35 . 2009-04-12 21:14 118520 ------w c:\windows\system32\pxinsi64.exe
2009-02-24 19:34 . 2009-02-24 19:34 90112 ----a-w c:\windows\system32\dpl100.dll
2009-02-24 19:34 . 2009-02-24 19:34 823296 ----a-w c:\windows\system32\divx_xx0c.dll
2009-02-24 19:34 . 2009-02-24 19:34 823296 ----a-w c:\windows\system32\divx_xx07.dll
2009-02-24 19:34 . 2009-02-24 19:34 815104 ----a-w c:\windows\system32\divx_xx0a.dll
2009-02-24 19:34 . 2009-02-24 19:34 802816 ----a-w c:\windows\system32\divx_xx11.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2009-03-27 24103720]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-01-05 413696]
"LogitechCommunicationsManager"="c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2008-08-14 565008]
"LogitechQuickCamRibbon"="c:\program files\Logitech\QuickCam\Quickcam.exe" [2008-08-14 2407184]
"ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2009-05-01 981384]
"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2006-06-13 127036]
"SigmatelSysTrayApp"="stsystra.exe" - c:\windows\stsystra.exe [2005-03-22 339968]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\Marcin\Start Menu\Programs\Startup\
Secunia PSI.lnk - c:\program files\Secunia\PSI\psi.exe [2009-3-24 748840]
Tworzenie wycink¢w ekranu i uruchamianie programu OneNote 2007.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2007-12-7 101440]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Acrobat Assistant.lnk - c:\program files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe [2009-4-15 49254]
Logitech Desktop Messenger.lnk - c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2009-4-16 66864]

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\eMule0.49c\\emule.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"25:TCP"= 25:TCP:File and Printer Sharing
"7254:TCP"= 7254:TCP:uxul
"5443:TCP"= 5443:TCP:uxul
"5242:TCP"= 5242:TCP:uxul

R2 chkr32;Zone Game DLL - Checkers; [x]
S3 PSI;PSI;c:\windows\system32\DRIVERS\psi_mf.sys [2009-03-24 7808]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{236903ee-275e-11de-b5ba-806d6172696f}]
\Shell\AutoRun\command - F:\setup.exe
.
Contents of the 'Scheduled Tasks' folder

2009-04-24 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34]
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-Google Update - c:\documents and settings\Marcin\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
HKLM-Run-VIPv3_Auto_Update - (no file)
HKLM-Run-Vistadrv - (no file)
HKLM-Run-VisualTooltip - (no file)

.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.ch/
IE: E&ksportuj do programu Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-05-01 17:06
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(692)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(7524)
c:\windows\TEMP\logishrd\LVPrcInj01.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
c:\program files\Common Files\Nero\Nero BackItUp 4\NBService.exe
c:\windows\system32\tcpsvcs.exe
c:\windows\system32\snmp.exe
c:\windows\system32\wscntfy.exe
c:\program files\Common Files\LogiShrd\LQCVFX\COCIManager.exe
.
**************************************************************************
.
Completion time: 2009-05-01 17:08 - machine was rebooted
ComboFix-quarantined-files.txt 2009-05-01 15:08

Pre-Run: 197*863*686*144 bytes free
Post-Run: 198*299*701*248 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /noexecute=optin

Current=2 Default=2 Failed=0 LastKnownGood=4 Sets=1,2,3,4
674 --- E O F --- 2009-04-16 19:00

**chemist** · 05-01-2009, 10:23 AM

Hello, cinio.

Please copy this page to Notepad and Save it to your Desktop in order to assist you when carrying out the following instructions.

Before beginning the fix, read this post completely. If there's anything that you do not understand, kindly ask your questions before proceeding.
Ensure that there aren't any opened browsers when you are carrying out the procedures below.

It is IMPORTANT that you don't miss a step & perform everything in the correct order/sequence.

------------------------------------------------------

Quote:

c:\documents and settings\Marcin\Application Data\m\shared\Able2Doc - PDF to Word Conversion 3.0 (Key).zip
c:\documents and settings\Marcin\Application Data\m\shared\Birthday Bios 4.3.0 Crack.zip
c:\documents and settings\Marcin\Application Data\m\shared\Business Restructuring Expert 1.7 Key+Serial.zip
c:\documents and settings\Marcin\Application Data\m\shared\DataConversionTools.com CSVtoSQL Converter 1.01 [Key].zip
c:\documents and settings\Marcin\Application Data\m\shared\Digital Vault 2.1.5.0 (KeyGen).zip
c:\documents and settings\Marcin\Application Data\m\shared\Easy Russian Dialogs 3.11 [Key+Serial].zip
c:\documents and settings\Marcin\Application Data\m\shared\FCOPY 1.12 Crack.zip
c:\documents and settings\Marcin\Application Data\m\shared\File Maven Pro 2.21 Patch.zip
c:\documents and settings\Marcin\Application Data\m\shared\File Tracker 1.0 Crack.zip
c:\documents and settings\Marcin\Application Data\m\shared\JPhotoViewer 1.1 (Key+Serial).zip
c:\documents and settings\Marcin\Application Data\m\shared\Magic Audio Editor Pro 10.3.11 [Crack].zip
c:\documents and settings\Marcin\Application Data\m\shared\MySQL Delete (Remove) Duplicate Entries Software 7.0 Cracked.zip
c:\documents and settings\Marcin\Application Data\m\shared\Perfect4contact 3.0 [Cracked].zip
c:\documents and settings\Marcin\Application Data\m\shared\PictureBetter 1.1 [With Crack].zip
c:\documents and settings\Marcin\Application Data\m\shared\Real Lives 2007 [Key+Serial].zip
c:\documents and settings\Marcin\Application Data\m\shared\Roosl's Mail Filter 4.0 (Key+Serial).zip
c:\documents and settings\Marcin\Application Data\m\shared\Sexy Valentine Heart Demo Screensaver 1.0 Key+Serial.zip
c:\documents and settings\Marcin\Application Data\m\shared\SFTPBlackbox (.NET) 5.1 (Patch).zip
c:\documents and settings\Marcin\Application Data\m\shared\ShortCuts 1.0 (With Crack).zip
c:\documents and settings\Marcin\Application Data\m\shared\Simple Timer 1.0.0 [Serial].zip
c:\documents and settings\Marcin\Application Data\m\shared\SP Ace 1 [Key].zip
c:\documents and settings\Marcin\Application Data\m\shared\Stock Icons 1.0 Cracked.zip
c:\documents and settings\Marcin\Application Data\m\shared\Visio Electrical 1.1 (KeyGen).zip

This is the main reason your computer is infected. Visiting cracksites/warezsites - and other questionable/illegal sites is always a risk.

Even a single click on the site can drop multiple forms of very serious malware, many of which disable your onboard protection, and System Restore.

If you install the cracked software, you are running executable files from these dubious, unknown sources. You are in effect giving these sources access to information on your hard disk, and potential control over the operation of your computer.

Additionally, cracked programs are illegal. Before posting for help, uninstall any such applications.

Referring to the Forum Rules which you should have read at the time of Registering at this forum, TSF does not support illegal activity. As such, be advised that any request for assistance in removing malware may go unanswered, or may be discontinued, if the cracked (illegal) software is still present on the machine.

In 2006, a study revealed that 59% of keygens and crack tools downloaded from peer-to-peer networks contained malicious or "unwanted" software.

If you continue this behavior and get re-infected in the future, you are unlikely to receive further help from this forum.

------------------------------------------------------

Close any open browsers.

Disable your antivirus and antispyware applications, usually via a right-click on the System Tray icon. They may otherwise interfere with ComboFix.

Open Notepad and copy/paste all the text in the codebox below into Notepad:

Code:

File::
c:\windows\system32\drivers\lvuvc.hs
c:\windows\system32\drivers\logiflt.iad

FixCSet::

DirLook::
c:\documents and settings\Edyta\WINDOWS
C:\lj525

Driver::
chkr32

Save this Notepad file as CFScript.txt to your Desktop and then close the file.

Referring to the picture above, drag CFScript onto ComboFix

If you are prompted to update ComboFix and have an internet connection, please choose Yes

Your desktop may go blank. This is normal. It will return when ComboFix is done. ComboFix may reboot your machine. This is normal.

When finished, it shall produce a log for you. Please post that log, ComboFix.txt in your next reply.

------------------------------------------------------

We need to install Java on your machine in order to run an online scan with Kaspersky.

Download the latest version of Java Runtime Environment (JRE) 6 and Save it to your Desktop.
Scroll down to where it says Java Runtime Environment (JRE) 6 Update 13 The Java SE Runtime Environment (JRE) allows end-users to run Java applications.
Click the Download button to the right.
Select the Windows platform from the dropdown menu.
Read the License Agreement and then check the box that says: I agree to the Java SE Runtime Environment 6 with JavaFX License Agreement
Click Continue
Click on the link to download Windows Offline Installation and Save the file to your Desktop.
Close any programs you may have running - especially your web browser.
Then from your desktop double-click on jre-6u13-windows-i586-p.exe to install the newest version.

After the install is complete, go back to your Control Panel(using Classic View) and click the Java icon. (looks like a coffee cup)
- On the General tab, under Temporary Internet Files, click the Settings button.
- Next, click on the Delete Files button.
- There are two options in the window to clear the cache - Leave BOTH Checked
  - Applications and Applets
  - Trace and Log Files
- Click OK on Delete Temporary Files Window.
  Note: This deletes ALL the Downloaded Applications and Applets from the CACHE
- Click OK to leave the Temporary Files Window.
- Click OK to leave the Java Control Panel.
- Delete jre-6u13-windows-i586-p.exe from your desktop.

------------------------------------------------------

Please download ATF-Cleaner by Atribune and Save it to your Desktop.

Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.

If you use Firefox browser

Click Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.

If you use Opera browser

Click Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.

Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.

------------------------------------------------------

Please run this online scan to help look for remnants.

Ensure your external and/or USB drives are inserted during the scan.

Establish an internet connection & perform an online scan at Kaspersky Online Scanner

Click Accept, when prompted to download and install the program files and database of malware definitions.

Click Run at any Security prompt.
The program will then begin downloading and installing and will also update the database.
Please be patient as this can take several minutes.
Once the update is complete, click on My Computer under the green Scan bar to the left to start the scan.
Once the scan is complete, it will display if your system has been infected.
It does not provide an option to clean/disinfect. We only require a report from it.
Do NOT be alarmed by what you see in the report. Many of the finds have likely been quarantined.
Click View scan report at the bottom.
Click the Save Report As... button.
Click the Save as Text button to save the file to your desktop so that you may post it in your next reply.

**Note**

To optimize scanning time and produce a more sensible report for review:

Close any open programs.
Turn off the real-time scanner of all antivirus or antispyware programs while performing the online scan.

Note for Internet Explorer 7 users: If at any time you have trouble viewing the accept button of the license, click on the Zoom tool located at the bottom right of the IE window and set the zoom to 75%. Once the license is accepted, reset to 100%.

------------------------------------------------------

Please post the following in your next reply:

ComboFix.txt
Kaspersky report
report on system behavior

cinio · 05-01-2009, 12:13 PM

Hello, chemist,
thank you for your support.

system behavior: performance ok

; I still cannot start firewall (ZoneAlarm) - ... is not valit Win32 application message. Antivir is stll deinstalled - should I install it now?

see the results from combofix and kaspersky

ComboFix 09-04-30.056 - Marcin 2009-05-01 18:33.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.646 [GMT 2:00]
Running from: c:\documents and settings\Marcin\Desktop\Combo-Fix.exe
Command switches used :: c:\documents and settings\Marcin\Desktop\CFScript.txt
FW: ZoneAlarm Firewall *enabled*

FILE ::
c:\windows\system32\drivers\logiflt.iad
c:\windows\system32\drivers\lvuvc.hs
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\drivers\logiflt.iad
c:\windows\system32\drivers\lvuvc.hs
c:\windows\TEMP\logishrd\LVPrcInj01.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_CHKR32
-------\Service_chkr32

((((((((((((((((((((((((( Files Created from 2009-04-01 to 2009-05-01 )))))))))))))))))))))))))))))))
.

2009-04-29 19:43 . 2009-04-29 19:43 -------- d--h--w c:\windows\PIF
2009-04-28 19:16 . 2008-04-14 03:41 76288 -c--a-w c:\windows\system32\dllcache\uniime.dll
2009-04-28 19:15 . 2002-08-29 12:00 92416 -c--a-w c:\windows\system32\dllcache\mga.sys
2009-04-28 19:14 . 2002-08-29 12:00 45568 -c--a-w c:\windows\system32\dllcache\browscap.dll
2009-04-28 19:00 . 2002-08-29 12:00 13312 -c--a-w c:\windows\system32\dllcache\irclass.dll
2009-04-28 19:00 . 2002-08-29 12:00 13312 ----a-w c:\windows\system32\irclass.dll
2009-04-28 19:00 . 2002-08-29 12:00 24661 -c--a-w c:\windows\system32\dllcache\spxcoins.dll
2009-04-28 19:00 . 2002-08-29 12:00 24661 ----a-w c:\windows\system32\spxcoins.dll
2009-04-26 20:47 . 2009-04-26 20:47 -------- d-----w c:\documents and settings\Edyta\Application Data\Skype
2009-04-26 20:04 . 2009-05-01 15:00 -------- d--h--w c:\documents and settings\Marcin\Application Data\drivers
2009-04-19 17:07 . 2009-04-19 17:07 -------- d-----w c:\documents and settings\Marcin\Local Settings\Application Data\Nero
2009-04-18 22:32 . 2009-04-18 22:32 -------- d-----w c:\program files\Common Files\Logitech
2009-04-18 22:32 . 2009-04-18 22:32 -------- d-----w c:\documents and settings\Marcin\Local Settings\Application Data\Downloaded Installations
2009-04-18 21:59 . 2009-04-18 21:59 -------- d-----w c:\documents and settings\Edyta\Application Data\Sony Corporation
2009-04-18 21:52 . 2009-04-18 21:52 -------- d-----w c:\documents and settings\Marcin\Local Settings\Application Data\Stardock
2009-04-18 21:44 . 2006-08-02 13:01 138 ----a-w c:\windows\system32\VIPuninstall.bat
2009-04-18 21:30 . 2009-04-18 22:27 -------- d-----w c:\windows\VIPv3
2009-04-18 20:57 . 2009-04-18 20:57 -------- d-----w c:\documents and settings\Marcin\Application Data\Sony Corporation
2009-04-18 19:34 . 2006-03-17 03:20 40544 ----a-w c:\windows\system32\drivers\DRVNDDM.SYS
2009-04-18 19:34 . 2006-06-12 01:30 89264 ----a-w c:\windows\system32\drivers\DRVMCDB.SYS
2009-04-18 19:34 . 2006-03-17 06:35 5660 ----a-w c:\windows\system32\drivers\DLACDBHM.SYS
2009-04-18 19:34 . 2006-03-17 06:34 22684 ----a-w c:\windows\system32\drivers\DLARTL_N.SYS
2009-04-18 19:34 . 2006-06-13 03:20 61500 ----a-w c:\windows\system32\DLAAPI_W.DLL
2009-04-18 19:34 . 2006-06-13 03:20 94263 ----a-w c:\windows\DLA.EXE
2009-04-18 19:34 . 2009-04-18 19:34 -------- d-----w c:\windows\system32\DLA
2009-04-18 19:34 . 2009-04-18 19:34 -------- d-----w c:\program files\Sonic
2009-04-18 19:31 . 2009-04-18 19:31 -------- d-----w c:\program files\Sony
2009-04-18 19:30 . 2009-04-18 19:30 -------- d-----w c:\documents and settings\All Users\Application Data\Sony Corporation
2009-04-18 19:28 . 2009-04-18 19:28 -------- d-----w c:\documents and settings\Marcin\Application Data\InstallShield
2009-04-18 14:00 . 2009-04-18 14:00 -------- d-----w c:\documents and settings\Marcin\05 - Mieszkanie
2009-04-18 13:59 . 2009-04-18 13:59 -------- d-----w c:\documents and settings\Marcin\04 - Kamienica
2009-04-18 13:59 . 2009-04-18 13:59 -------- d-----w c:\documents and settings\Marcin\03 - Praca
2009-04-18 13:59 . 2009-04-18 13:59 -------- d-----w c:\documents and settings\Marcin\02 - Pisma
2009-04-18 13:59 . 2009-04-18 13:59 -------- d-----w c:\documents and settings\Marcin\01 - Templates
2009-04-18 13:59 . 2009-04-18 13:59 -------- d-----w c:\documents and settings\Marcin\99 - Hand Over
2009-04-18 13:49 . 2009-04-18 13:49 -------- d-----w c:\documents and settings\Marcin\13 - Family
2009-04-18 13:43 . 2009-04-18 13:49 -------- d-----w c:\documents and settings\Marcin\12 - Nikon
2009-04-18 13:43 . 2009-04-18 13:43 -------- d-----w c:\documents and settings\Marcin\11 - Sport
2009-04-18 13:43 . 2009-04-18 13:43 -------- d-----w c:\documents and settings\Marcin\10 - Company
2009-04-18 13:39 . 2009-04-18 13:39 -------- d-----w c:\documents and settings\Marcin\08 - Zdjecia
2009-04-18 13:39 . 2009-04-18 13:39 -------- d-----w c:\documents and settings\Marcin\07 - Know-how
2009-04-18 13:39 . 2009-04-18 19:35 -------- d-----w c:\documents and settings\Marcin\06 - Mail accounts
2009-04-18 13:12 . 2009-04-18 13:12 -------- d-----w c:\documents and settings\Edyta\Application Data\Leadertech
2009-04-18 13:00 . 2005-03-22 15:20 339968 ----a-w c:\windows\stsystra.exe
2009-04-18 13:00 . 2005-11-16 13:35 172032 ----a-w c:\windows\system32\stacapi.dll
2009-04-18 13:00 . 2009-04-18 13:00 -------- d-----w c:\program files\SigmaTel
2009-04-18 09:46 . 2009-02-13 09:31 55640 ----a-w c:\windows\system32\drivers\avgntflt.sys
2009-04-18 09:30 . 2009-04-18 09:30 4212 ---ha-w c:\windows\system32\zllictbl.dat
2009-04-18 09:30 . 2009-02-15 22:10 1221512 ----a-w c:\windows\system32\zpeng25.dll
2009-04-18 09:30 . 2009-04-29 19:38 -------- d-----w c:\windows\system32\ZoneLabs
2009-04-18 09:30 . 2009-04-18 09:30 -------- d-----w c:\program files\Zone Labs
2009-04-18 09:28 . 2009-04-27 07:01 -------- d-----w c:\windows\Internet Logs
2009-04-17 22:09 . 2009-04-17 22:09 -------- d-----w c:\documents and settings\Marcin\Application Data\Leadertech
2009-04-17 21:47 . 2009-04-17 21:47 -------- d-----w c:\program files\Microsoft CAPICOM 2.1.0.2
2009-04-17 21:28 . 2009-04-17 21:28 -------- d-----w c:\program files\Secunia
2009-04-17 21:23 . 2009-04-18 13:23 -------- d-----w c:\program files\CCleaner
2009-04-17 12:34 . 2009-04-17 12:34 -------- d-----w c:\documents and settings\NetworkService\Local Settings\Application Data\Apple
2009-04-16 20:24 . 2009-04-16 20:24 -------- d-----w c:\documents and settings\Marcin\Local Settings\Application Data\Google
2009-04-16 20:24 . 2009-04-16 20:24 -------- d-----w c:\documents and settings\Marcin\Local Settings\Application Data\Deployment
2009-04-16 20:09 . 2009-04-16 20:09 127034 ------r c:\windows\bwUnin-8.1.1.50-8876480SL.exe
2009-04-16 20:08 . 2009-04-16 20:08 -------- dc----w c:\windows\system32\DRVSTORE
2009-04-16 20:07 . 2009-04-17 22:09 -------- d-----w c:\documents and settings\All Users\Application Data\Logishrd
2009-04-16 20:07 . 2009-04-17 22:09 -------- d-----w c:\program files\Common Files\LogiShrd
2009-04-16 20:07 . 2009-04-16 20:07 -------- d-----w c:\documents and settings\All Users\Application Data\Logitech
2009-04-16 20:07 . 2009-04-17 22:09 -------- d-----w c:\program files\Logitech
2009-04-16 18:46 . 2009-04-16 18:46 -------- d-----w c:\documents and settings\Edyta\Local Settings\Application Data\Microsoft Help
2009-04-16 18:43 . 2009-04-16 18:43 -------- d-----w c:\documents and settings\Edyta\Application Data\DAEMON Tools
2009-04-16 18:43 . 2009-04-16 18:45 -------- d-----w c:\documents and settings\Edyta\Application Data\DAEMON Tools Lite
2009-04-16 18:43 . 2009-04-16 18:43 -------- d-----w c:\documents and settings\Edyta\Application Data\DAEMON Tools Pro
2009-04-16 18:41 . 2009-04-17 13:09 -------- d-----w c:\documents and settings\Edyta\Application Data\Nero
2009-04-16 18:33 . 1997-05-06 04:24 447488 ----a-w c:\windows\system32\HEIDI3.DLL
2009-04-16 18:33 . 1997-05-06 04:26 721168 ----a-w c:\windows\system32\VB40032.DLL
2009-04-16 18:33 . 1997-05-06 04:15 7680 ----a-w c:\windows\system32\ADRESC.DLL
2009-04-16 18:33 . 1997-05-06 04:24 42496 ----a-w c:\windows\system32\MTSTACK.EXE
2009-04-16 18:33 . 1997-05-06 04:15 267264 ----a-w c:\windows\system32\ACADFICN.DLL
2009-04-16 18:33 . 1997-05-06 04:15 76800 ----a-w c:\windows\system32\REGACAD.DLL
2009-04-16 18:33 . 2009-04-18 13:30 -------- d-----w c:\program files\AutoCAD R14
2009-04-16 16:21 . 2008-05-03 11:55 2560 ------w c:\windows\system32\xpsp4res.dll
2009-04-15 20:28 . 2009-04-15 20:28 200192 ----a-w c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2009-04-15 18:30 . 2002-03-01 09:28 109840 ----a-w c:\windows\system32\drivers\hpbf242f.dll
2009-04-15 18:30 . 2002-03-01 09:26 1417488 ----a-w c:\windows\system32\drivers\hpbf242g.dll
2009-04-15 18:30 . 2002-03-01 09:27 1096464 ----a-w c:\windows\system32\drivers\hpbf242h.dll
2009-04-15 18:30 . 2001-05-04 02:31 45056 ----a-w c:\windows\system32\drivers\hpbafd32.dll
2009-04-15 18:30 . 2002-03-01 09:27 8464 ----a-w c:\windows\system32\drivers\hpbf242e.dll
2009-04-15 18:30 . 2002-03-01 09:30 290576 ----a-w c:\windows\system32\drivers\hpbf242j.dll
2009-04-15 18:30 . 2002-03-01 09:25 460800 ----a-w c:\windows\system32\drivers\hpbf242k.dll
2009-04-15 18:30 . 2000-03-13 00:58 99840 ----a-w c:\windows\system32\drivers\hpbftm32.dll
2009-04-15 18:30 . 2001-03-14 07:08 58880 ----a-w c:\windows\system32\drivers\hpdcmon.dll
2009-04-15 18:30 . 2002-03-01 09:29 351504 ----a-w c:\windows\system32\drivers\hpbf242i.dll
2009-04-15 18:28 . 2009-04-15 18:28 -------- d-----w c:\documents and settings\Edyta\Local Settings\Application Data\Help
2009-04-15 18:28 . 2009-04-15 18:28 -------- d-----w C:\lj525
2009-04-15 18:20 . 1997-01-22 13:23 299520 ----a-w c:\windows\uninst.exe
2009-04-15 18:20 . 2009-04-15 18:20 -------- d-----w c:\documents and settings\Edyta\WINDOWS
2009-04-15 18:15 . 2008-04-13 18:47 25856 ----a-w c:\windows\system32\drivers\usbprint.sys
2009-04-15 18:13 . 1993-07-22 21:00 210944 ------w c:\windows\system32\Msvcrt10.dll
2009-04-15 18:13 . 2001-03-15 03:18 65536 ------w c:\windows\system32\adistres.dll
2009-04-15 18:13 . 2001-03-15 03:18 20584 ------w c:\windows\system32\PdfPorts.dll
2009-04-15 18:13 . 2001-03-15 02:55 101200 ------w c:\windows\system32\pdfshell.dll
2009-04-15 18:13 . 2009-04-17 22:25 -------- d-----w c:\windows\system32\Adobe
2009-04-15 18:12 . 2009-04-15 18:12 -------- d-----w c:\documents and settings\Edyta\Application Data\InterTrust
2009-04-15 18:11 . 1998-10-29 12:45 306688 ----a-w c:\windows\IsUninst.exe
2009-04-15 14:28 . 2009-04-15 14:28 -------- d-----w c:\documents and settings\Edyta\Local Settings\Application Data\Apple Computer
2009-04-15 14:27 . 2009-04-15 14:27 -------- d-----w c:\documents and settings\Edyta\Application Data\Quark
2009-04-15 11:54 . 2009-04-15 11:54 -------- d-----w c:\documents and settings\Edyta\Local Settings\Application Data\Adobe
2009-04-14 21:19 . 2009-04-14 21:19 -------- d-----w c:\documents and settings\Marcin\Local Settings\Application Data\Identities
2009-04-14 20:56 . 2009-04-14 20:56 -------- d-----w c:\documents and settings\Edyta\Local Settings\Application Data\ACDSee
2009-04-14 20:56 . 2009-04-14 20:56 -------- d-----w c:\documents and settings\Edyta\Application Data\ACD Systems
2009-04-14 18:44 . 2006-10-26 17:56 32592 ----a-w c:\windows\system32\msonpmon.dll
2009-04-14 18:43 . 2009-04-16 18:51 -------- d-----w c:\program files\Microsoft Works
2009-04-14 18:42 . 2009-04-14 18:42 -------- d-----w c:\program files\Microsoft.NET
2009-04-14 18:40 . 2009-04-16 19:39 -------- d--h--w c:\windows\ShellNew
2009-04-14 18:40 . 2009-04-14 18:40 -------- d--h--r C:\MSOCache
2009-04-14 18:36 . 2009-04-14 18:36 -------- d-----w c:\documents and settings\Marcin\Application Data\DAEMON Tools
2009-04-14 18:36 . 2009-04-14 18:36 -------- d-----w c:\documents and settings\Marcin\Application Data\DAEMON Tools Pro
2009-04-14 18:35 . 2009-04-14 18:35 -------- d-----w c:\documents and settings\All Users\Application Data\DAEMON Tools Lite
2009-04-14 18:35 . 2009-04-14 18:35 -------- d-----w c:\program files\DAEMON Tools Lite
2009-04-14 18:29 . 2009-04-14 18:29 717296 ----a-w c:\windows\system32\drivers\sptd.sys
2009-04-14 18:29 . 2009-04-14 18:37 -------- d-----w c:\documents and settings\Marcin\Application Data\DAEMON Tools Lite
2009-04-14 13:39 . 2009-04-14 13:39 -------- d-----w c:\documents and settings\Edyta\Local Settings\Application Data\Autodesk
2009-04-14 13:39 . 2009-04-14 13:39 -------- d-----w c:\documents and settings\Edyta\Application Data\Autodesk
2009-04-14 09:04 . 2009-04-17 08:45 98872 ----a-w c:\documents and settings\Edyta\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-04-13 21:41 . 2009-04-13 21:41 -------- d-----w c:\documents and settings\Marcin\Application Data\Uniblue
2009-04-13 21:04 . 2009-04-13 21:04 -------- d-----w c:\documents and settings\Marcin\Local Settings\Application Data\PCHealth
2009-04-13 20:43 . 2009-04-13 20:43 -------- d-----w c:\documents and settings\Marcin\Local Settings\Application Data\Microsoft Help
2009-04-13 20:43 . 2009-04-17 21:52 -------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-28 19:13 . 2002-08-29 12:00 67 --sha-w c:\windows\Fonts\desktop.ini
2009-04-28 19:10 . 2009-04-12 11:06 22720 ----a-w c:\windows\system32\emptyregdb.dat
2009-04-27 06:58 . 2009-04-25 08:14 1378384 ----a-w c:\windows\Internet Logs\tvDebug.Zip
2009-04-19 10:52 . 2009-04-19 10:52 98872 ----a-w c:\documents and settings\Maya Nela\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-04-18 12:50 . 2009-04-12 16:11 6384 ----a-w c:\windows\system32\drivers\sthdae.log
2009-04-18 09:51 . 2009-04-12 11:27 -------- d-----w c:\documents and settings\Marcin\Application Data\SUPERAntiSpyware.com
2009-04-18 09:51 . 2009-04-12 11:27 -------- d-----w c:\program files\SUPERAntiSpyware
2009-04-12 21:14 . 2009-04-12 21:14 -------- d-----w c:\program files\DivX
2009-04-12 21:14 . 2009-04-12 21:14 -------- d-----w c:\program files\Common Files\DivX Shared
2009-04-12 15:34 . 2009-04-12 11:08 86327 ----a-w c:\windows\PCHealth\HelpCtr\OfflineCache\index.dat
2009-04-12 14:57 . 2009-04-12 14:57 2678 ----a-w c:\windows\java\Packages\Data\2JV5VVZV.DAT
2009-04-12 14:57 . 2009-04-12 14:57 2678 ----a-w c:\windows\java\Packages\Data\OX35ZP39.DAT
2009-04-12 14:57 . 2009-04-12 14:57 2678 ----a-w c:\windows\java\Packages\Data\UNHN1NXB.DAT
2009-04-12 14:57 . 2009-04-12 14:57 2678 ----a-w c:\windows\java\Packages\Data\PVVPFP7T.DAT
2009-04-12 14:57 . 2009-04-12 14:57 2678 ----a-w c:\windows\java\Packages\Data\OJDJ7FNZ.DAT
2009-04-12 11:27 . 2009-04-12 11:27 -------- d-----w c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2009-04-12 11:09 . 2009-04-12 11:09 -------- d-----w c:\program files\microsoft frontpage
2009-04-12 11:08 . 2009-04-12 11:08 558142 ----a-w c:\windows\java\Packages\7HBD3B7F.ZIP
2009-04-12 11:08 . 2009-04-12 11:08 155995 ----a-w c:\windows\java\Packages\G4OFPRF5.ZIP
2009-03-24 11:03 . 2009-03-24 11:03 7808 ----a-w c:\windows\system32\drivers\psi_mf.sys
2009-03-06 11:54 . 2009-03-06 11:54 180224 ----a-w c:\windows\system32\Ncs2Setp.dll
2009-03-04 13:42 . 2009-03-04 13:42 760368 ----a-w c:\windows\system32\ncs2dmix.dll
2009-03-04 13:41 . 2009-03-04 13:41 530992 ----a-w c:\windows\system32\accesor.dll
2009-03-04 13:26 . 2009-03-04 13:26 141872 ----a-w c:\windows\system32\ncs2instutility.dll
2009-03-04 13:17 . 2009-03-04 13:17 1522224 ----a-w c:\windows\system32\ncscolib.dll
2009-02-24 19:35 . 2009-04-12 21:14 9464 ------w c:\windows\system32\drivers\cdralw2k.sys
2009-02-24 19:35 . 2009-04-12 21:14 9336 ------w c:\windows\system32\drivers\cdr4_xp.sys
2009-02-24 19:35 . 2009-04-12 21:14 43528 ------w c:\windows\system32\drivers\PxHelp20.sys
2009-02-24 19:35 . 2009-04-12 21:14 129784 ------w c:\windows\system32\pxafs.dll
2009-02-24 19:35 . 2009-04-12 21:14 120056 ------w c:\windows\system32\pxcpyi64.exe
2009-02-24 19:35 . 2009-04-12 21:14 118520 ------w c:\windows\system32\pxinsi64.exe
2009-02-24 19:34 . 2009-02-24 19:34 90112 ----a-w c:\windows\system32\dpl100.dll
2009-02-24 19:34 . 2009-02-24 19:34 823296 ----a-w c:\windows\system32\divx_xx0c.dll
2009-02-24 19:34 . 2009-02-24 19:34 823296 ----a-w c:\windows\system32\divx_xx07.dll
2009-02-24 19:34 . 2009-02-24 19:34 815104 ----a-w c:\windows\system32\divx_xx0a.dll
2009-02-24 19:34 . 2009-02-24 19:34 802816 ----a-w c:\windows\system32\divx_xx11.dll
.

(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.

---- Directory of c:\documents and settings\Edyta\WINDOWS ----

---- Directory of C:\lj525 ----

2009-04-15 18:28 . 2009-04-15 18:29 8628 ---ha-w c:\lj525\win2000_xp\hpbf242i.GID
2003-03-13 15:19 . 2003-03-13 15:19 1911 -c--a-w c:\lj525\win9x_me\HP2420p6.inf
2003-03-13 14:37 . 2003-03-13 14:37 63196 -c--a-w c:\lj525\win9x_me\HPBF2420.PMD
2003-02-20 09:39 . 2003-02-20 09:39 40960 -c--a-w c:\lj525\win9x_me\UPWININI.DLL
2003-02-20 08:38 . 2003-02-20 08:38 32768 ----a-w c:\lj525\win9x_me\HP5000_6.exe
2002-03-22 05:39 . 2002-03-22 05:39 1638 -c--a-w c:\lj525\winnt40\HP2424p6.inf
2002-03-21 09:58 . 2002-03-21 09:58 293648 -c--a-w c:\lj525\winnt40\hpbf2425.dll
2002-03-21 09:57 . 2002-03-21 09:57 355088 -c--a-w c:\lj525\winnt40\hpbf2424.dll
2002-03-21 09:54 . 2002-03-21 09:54 111376 -c--a-w c:\lj525\winnt40\hpbf2421.dll
2002-03-21 09:54 . 2002-03-21 09:54 1099536 -c--a-w c:\lj525\winnt40\hpbf2423.dll
2002-03-21 09:53 . 2002-03-21 09:53 12048 -c--a-w c:\lj525\winnt40\hpbf2420.dll
2002-03-21 09:52 . 2002-03-21 09:52 1323792 -c--a-w c:\lj525\winnt40\hpbf2422.dll
2002-03-21 09:52 . 2002-03-21 09:52 460800 -c--a-w c:\lj525\winnt40\hpbf2426.dll
2002-03-21 09:51 . 2002-03-21 09:51 77369 -c--a-w c:\lj525\winnt40\hpbf2424.pmd
2002-03-18 06:19 . 2002-03-18 06:19 12073 ----a-w c:\lj525\win2000_xp\hp242ip6.cat
2002-03-01 09:30 . 2002-03-01 09:30 290576 ----a-w c:\lj525\win2000_xp\hpbf242j.dll
2002-03-01 09:29 . 2002-03-01 09:29 351504 ----a-w c:\lj525\win2000_xp\hpbf242i.dll
2002-03-01 09:28 . 2002-03-01 09:28 109840 -c--a-w c:\lj525\win2000_xp\hpbf242f.dll
2002-03-01 09:27 . 2002-03-01 09:27 1096464 ----a-w c:\lj525\win2000_xp\hpbf242h.dll
2002-03-01 09:27 . 2002-03-01 09:27 8464 -c--a-w c:\lj525\win2000_xp\hpbf242e.dll
2002-03-01 09:26 . 2002-03-01 09:26 1417488 ----a-w c:\lj525\win2000_xp\hpbf242g.dll
2002-03-01 09:25 . 2002-03-01 09:25 460800 ----a-w c:\lj525\win2000_xp\hpbf242k.dll
2002-03-01 09:25 . 2002-03-01 09:25 77369 -c--a-w c:\lj525\win2000_xp\hpbf242i.pmd
2002-02-28 02:05 . 2002-02-28 02:05 1698 -c--a-w c:\lj525\win2000_xp\hp242ip6.inf
2001-07-19 06:50 . 2001-07-19 06:50 17108 -c--a-w c:\lj525\win9x_me\HP2420p6.cat
2001-05-05 17:31 . 2001-05-05 17:31 325120 -c--a-w c:\lj525\win9x_me\HPBF2421.DLL
2001-05-05 17:31 . 2001-05-05 17:31 2369536 -c--a-w c:\lj525\win9x_me\HPBF2420.DRV
2001-05-04 10:20 . 2001-05-04 10:20 12176 -c--a-w c:\lj525\win9x_me\HPBAFD16.DLL
2001-05-04 02:31 . 2001-05-04 02:31 45056 -c--a-w c:\lj525\win2000_xp\hpbafd32.dll
2001-05-04 02:31 . 2001-05-04 02:31 45056 -c--a-w c:\lj525\winnt40\hpbafd32.dll
2001-03-30 12:26 . 2001-03-30 12:26 1200 -c--a-w c:\lj525\win9x_me\HPBFTM16.DLL
2001-03-30 12:26 . 2001-03-30 12:26 99840 -c--a-w c:\lj525\win9x_me\HPBFTM32.DLL
2001-03-30 12:21 . 2001-03-30 12:21 58368 -c--a-w c:\lj525\win9x_me\hpdcmon.dll
2001-03-30 12:21 . 2001-03-30 12:21 48544 -c--a-w c:\lj525\win9x_me\HPBF2420.HLP
2001-03-30 12:18 . 2001-03-30 12:18 1392 -c--a-w c:\lj525\win9x_me\HPBFAB16.DLL
2001-03-30 12:18 . 2001-03-30 12:18 19968 -c--a-w c:\lj525\win9x_me\HPBFAB32.DLL
2001-03-30 12:18 . 2001-03-30 12:18 38400 -c--a-w c:\lj525\win9x_me\HPBFAB.DDU
2001-03-14 07:08 . 2001-03-14 07:08 58880 -c--a-w c:\lj525\win2000_xp\hpdcmon.dll
2001-03-14 07:08 . 2001-03-14 07:08 58880 -c--a-w c:\lj525\winnt40\hpdcmon.dll
2000-11-13 07:20 . 2000-11-13 07:20 48544 ----a-w c:\lj525\win2000_xp\hpbf242i.hlp
2000-11-13 07:20 . 2000-11-13 07:20 48544 -c--a-w c:\lj525\winnt40\hpbf2424.hlp
2000-03-13 00:58 . 2000-03-13 00:58 99840 -c--a-w c:\lj525\win2000_xp\hpbftm32.dll
2000-03-13 00:58 . 2000-03-13 00:58 99840 -c--a-w c:\lj525\winnt40\hpbftm32.dll
1996-10-07 14:53 . 1996-10-07 14:53 6020 -c--a-w c:\lj525\win9x_me\HPLicen.txt

((((((((((((((((((((((((((((( SnapShot@2009-05-01_15.06.48 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-05-01 16:36 . 2009-05-01 16:36 16384 c:\windows\Temp\Perflib_Perfdata_438.dat
+ 2009-04-12 14:21 . 2008-10-16 12:08 34328 c:\windows\system32\wups.dll
+ 2009-04-12 14:21 . 2008-10-16 12:08 34328 c:\windows\system32\dllcache\wups.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-01-05 413696]
"LogitechCommunicationsManager"="c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2008-08-14 565008]
"LogitechQuickCamRibbon"="c:\program files\Logitech\QuickCam\Quickcam.exe" [2008-08-14 2407184]
"ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2009-05-01 981384]
"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2006-06-13 127036]
"SigmatelSysTrayApp"="stsystra.exe" - c:\windows\stsystra.exe [2005-03-22 339968]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\Marcin\Start Menu\Programs\Startup\
Secunia PSI.lnk - c:\program files\Secunia\PSI\psi.exe [2009-3-24 748840]
Tworzenie wycink¢w ekranu i uruchamianie programu OneNote 2007.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2007-12-7 101440]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Acrobat Assistant.lnk - c:\program files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe [2009-4-15 49254]
Logitech Desktop Messenger.lnk - c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2009-4-16 66864]

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\eMule0.49c\\emule.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"25:TCP"= 25:TCP:File and Printer Sharing
"7254:TCP"= 7254:TCP:uxul
"5443:TCP"= 5443:TCP:uxul
"5242:TCP"= 5242:TCP:uxul

S3 PSI;PSI;c:\windows\system32\DRIVERS\psi_mf.sys [2009-03-24 7808]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{236903ee-275e-11de-b5ba-806d6172696f}]
\Shell\AutoRun\command - F:\setup.exe
.
Contents of the 'Scheduled Tasks' folder

2009-04-24 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.ch/
IE: E&ksportuj do programu Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-05-01 18:37
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(684)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(6816)
c:\windows\TEMP\logishrd\LVPrcInj01.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
c:\program files\Common Files\Nero\Nero BackItUp 4\NBService.exe
c:\windows\system32\tcpsvcs.exe
c:\windows\system32\snmp.exe
c:\program files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
c:\windows\system32\wscntfy.exe
c:\program files\Common Files\LogiShrd\LQCVFX\COCIManager.exe
.
**************************************************************************
.
Completion time: 2009-05-01 18:39 - machine was rebooted
ComboFix-quarantined-files.txt 2009-05-01 16:39
ComboFix2.txt 2009-05-01 15:08

Pre-Run: 198*062*845*952 bytes free
Post-Run: 198*092*996*608 bytes free

335 --- E O F --- 2009-04-16 19:00

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0 REPORT
Friday, May 1, 2009
Operating System: Microsoft Windows XP Professional Service Pack 3 (build 2600)
Kaspersky Online Scanner version: 7.0.26.13
Program database last update: Friday, May 01, 2009 14:52:27
Records in database: 2117868
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
C:\
D:\
E:\

Scan statistics:
Files scanned: 44571
Threat name: 5
Infected objects: 166
Suspicious objects: 0
Duration of the scan: 00:58:14

File name / Threat name / Threats count
C:\Program Files\eMule0.49c\Incoming\MessageSave 4.0.2.234\install_patch.exe Infected: Trojan-Downloader.Win32.Bagle.ary 1
C:\Program Files\eMule0.49c\Incoming\MessageSave for Microsoft Outlook 3.1\crac.exe Infected: Trojan-Downloader.Win32.Bagle.asb 1
C:\Qoobox\Quarantine\C\Documents and Settings\Marcin\Application Data\drivers\downld\11338921.exe.vir Infected: Email-Worm.Win32.Bagle.of 1
C:\Qoobox\Quarantine\C\Documents and Settings\Marcin\Application Data\drivers\downld\11450859.exe.vir Infected: Email-Worm.Win32.Bagle.of 1
C:\Qoobox\Quarantine\C\Documents and Settings\Marcin\Application Data\drivers\downld\11862796.exe.vir Infected: Email-Worm.Win32.Bagle.of 1
C:\Qoobox\Quarantine\C\Documents and Settings\Marcin\Application Data\drivers\downld\174171.exe.vir Infected: Email-Worm.Win32.Bagle.of 1
C:\Qoobox\Quarantine\C\Documents and Settings\Marcin\Application Data\drivers\downld\217312.exe.vir Infected: Email-Worm.Win32.Bagle.of 1
C:\Qoobox\Quarantine\C\Documents and Settings\Marcin\Application Data\drivers\downld\352531.exe.vir Infected: Email-Worm.Win32.Bagle.of 1
C:\Qoobox\Quarantine\C\Documents and Settings\Marcin\Application Data\drivers\downld\387671.exe.vir Infected: Email-Worm.Win32.Bagle.of 1
C:\Qoobox\Quarantine\C\Documents and Settings\Marcin\Application Data\drivers\downld\661796.exe.vir Infected: Email-Worm.Win32.Bagle.of 1
C:\Qoobox\Quarantine\C\Documents and Settings\Marcin\Application Data\drivers\winupgro.exe.vir Infected: Trojan-Downloader.Win32.Bagle.ary 1
C:\Qoobox\Quarantine\C\Documents and Settings\Marcin\Application Data\drivers\_wfsintwq_.sys.zip Infected: Trojan-Downloader.Win32.Bagle.arw 1
C:\Qoobox\Quarantine\C\Documents and Settings\Marcin\Application Data\m\data.oct.vir Infected: Trojan-Downloader.Win32.Bagle.asg 1
C:\Qoobox\Quarantine\C\Documents and Settings\Marcin\Application Data\m\flec006.exe.vir Infected: Email-Worm.Win32.Bagle.of 1
C:\Qoobox\Quarantine\C\Documents and Settings\Marcin\Application Data\m\shared\#1 Bulk PageRank Checker 1.10.zip.vir Infected: Trojan-Downloader.Win32.Bagle.asg 1
C:\Qoobox\Quarantine\C\Documents and Settings\Marcin\Application Data\m\shared\Abcc All Media Converter Platinum 4.3.zip.vir Infected: Trojan-Downloader.Win32.Bagle.asg 1
C:\Qoobox\Quarantine\C\Documents and Settings\Marcin\Application Data\m\shared\Able2Doc - PDF to Word Conversion 3.0 (Key).zip.vir Infected: Trojan-Downloader.Win32.Bagle.asg 1
C:\Qoobox\Quarantine\C\Documents and Settings\Marcin\Application Data\m\shared\Aevita Advanced HTML Optimizer 3.3.zip.vir Infected: Trojan-Downloader.Win32.Bagle.asg 1
C:\Qoobox\Quarantine\C\Documents and Settings\Marcin\Application Data\m\shared\Ai Yori Aoshi 1.zip.vir Infected: Trojan-Downloader.Win32.Bagle.asg 1
C:\Qoobox\Quarantine\C\Documents and Settings\Marcin\Application Data\m\shared\Anne Hathaway Screensaver2.zip.vir Infected: Trojan-Downloader.Win32.Bagle.asg 1
C:\Qoobox\Quarantine\C\Documents and Settings\Marcin\Application Data\m\shared\Antechinus JavaScript Editor Standard 6.0.zip.vir Infected: Trojan-Downloader.Win32.Bagle.asg 1
C:\Qoobox\Quarantine\C\Documents and Settings\Marcin\Application Data\m\shared\Apollo Audio DVD Creator 1.2.29.zip.vir Infected: Trojan-Downloader.Win32.Bagle.asg 1
C:\Qoobox\Quarantine\C\Documents and Settings\Marcin\Application Data\m\shared\Argente - Process Manager 1.3.0.1.zip.vir Infected: Trojan-Downloader.Win32.Bagle.asg 1
C:\Qoobox\Quarantine\C\Documents and Settings\Marcin\Application Data\m\shared\Armobiles 1.0.zip.vir Infected: Trojan-Downloader.Win32.Bagle.asg 1
C:\Qoobox\Quarantine\C\Documents and Settings\Marcin\Application Data\m\shared\Aros Magic Checkers 1.5.zip.vir Infected: Trojan-Downloader.Win32.Bagle.asg 1
C:\Qoobox\Quarantine\C\Documents and Settings\Marcin\Application Data\m\shared\AVTJet Video Studio 2.0.8.zip.vir Infected: Trojan-Downloader.Win32.Bagle.asg 1
C:\Qoobox\Quarantine\C\Documents and Settings\Marcin\Application Data\m\shared\B3 2.993 Beta.zip.vir Infected: Trojan-Downloader.Win32.Bagle.asg 1
C:\Qoobox\Quarantine\C\Documents and Settings\Marcin\Application Data\m\shared\BatMan Widget 3.1.4.zip.vir Infected: Trojan-Downloader.Win32.Bagle.asg 1
C:\Qoobox\Quarantine\C\Documents and Settings\Marcin\Application Data\m\shared\Battlefield 1942 - ADCAP Destroyer mod.zip.vir Infected: Trojan-Downloader.Win32.Bagle.asg 1
C:\Qoobox\Quarantine\C\Documents and Settings\Marcin\Application Data\m\shared\Birthday Bios 4.3.0 Crack.zip.vir Infected: Trojan-Downloader.Win32.Bagle.asg 1
C:\Qoobox\Quarantine\C\Documents and Settings\Marcin\Application Data\m\shared\Boyer-Moore Search Implementation 1.12.zip.vir Infected: Trojan-Downloader.Win32.Bagle.asg 1
C:\Qoobox\Quarantine\C\Documents and Settings\Marcin\Application Data\m\shared\Business Restructuring Expert 1.7 Key+Serial.zip.vir Infected: Trojan-Downloader.Win32.Bagle.asg 1
C:\Qoobox\Quarantine\C\Documents and Settings\Marcin\Application Data\m\shared\CA Anti-Spam 5.0.416.zip.vir Infected: Trojan-Downloader.Win32.Bagle.asg 1
C:\Qoobox\Quarantine\C\Documents and Settings\Marcin\Application Data\m\shared\Christmas Screensaver 3.0.zip.vir Infected: Trojan-Downloader.Win32.Bagle.asg 1
C:\Qoobox\Quarantine\C\Documents and Settings\Marcin\Application Data\m\shared\CloseMany 2.3.zip.vir Infected: Trojan-Downloader.Win32.Bagle.asg 1
C:\Qoobox\Quarantine\C\Documents and Settings\Marcin\Application Data\m\shared\CoffeeCup WebCam 3.5.zip.vir Infected: Trojan-Downloader.Win32.Bagle.asg 1
C:\Qoobox\Quarantine\C\Documents and Settings\Marcin\Application Data\m\shared\CRD Subscription 6.1.zip.vir Infected: Trojan-Downloader.Win32.Bagle.asg 1
C:\Qoobox\Quarantine\C\Documents and Settings\Marcin\Application Data\m\shared\CrossVC XXL 2.0.zip.vir Infected: Trojan-Downloader.Win32.Bagle.asg 1
C:\Qoobox\Quarantine\C\Documents and Settings\Marcin\Application Data\m\shared\Crystal REVS for C 2.75.zip.vir Infected: Trojan-Downloader.Win32.Bagle.asg 1
C:\Qoobox\Quarantine\C\Documents and Settings\Marcin\Application Data\m\shared\Cue Club.zip.vir Infected: Trojan-Downloader.Win32.Bagle.asg 1
C:\Qoobox\Quarantine\C\Documents and Settings\Marcin\Application Data\m\shared\Curtain 1.zip.vir Infected: Trojan-Downloader.Win32.Bagle.asg 1
C:\Qoobox\Quarantine\C\Documents and Settings\Marcin\Application Data\m\shared\Data Master 2003 11.8.0.305 Beta.zip.vir Infected: Trojan-Downloader.Win32.Bagle.asg 1
C:\Qoobox\Quarantine\C\Documents and Settings\Marcin\Application Data\m\shared\DataConversionTools.com CSVtoSQL Converter 1.01 [Key].zip.vir Infected: Trojan-Downloader.Win32.Bagle.asg 1
C:\Qoobox\Quarantine\C\Documents and Settings\Marcin\Application Data\m\shared\Developer Spell Check Engine 4.0.0.zip.vir Infected: Trojan-Downloader.Win32.Bagle.asg 1
C:\Qoobox\Quarantine\C\Documents and Settings\Marcin\Application Data\m\shared\Digital Vault 2.1.5.0 (KeyGen).zip.vir Infected: Trojan-Downloader.Win32.Bagle.asg 1
C:\Qoobox\Quarantine\C\Documents and Settings\Marcin\Application Data\m\shared\DiskView 3.6.zip.vir Infected: Trojan-Downloader.Win32.Bagle.asg 1
C:\Qoobox\Quarantine\C\Documents and Settings\Marcin\Application Data\m\shared\DriveHQ FileManager with FTP Hosting 4.0.269.zip.vir Infected: Trojan-Downloader.Win32.Bagle.asg 1
C:\Qoobox\Quarantine\C\Documents and Settings\Marcin\Application Data\m\shared\Drugstore.com Explorer 1.0.zip.vir Infected: Trojan-Downloader.Win32.Bagle.asg 1
C:\Qoobox\Quarantine\C\Documents and Settings\Marcin\Application Data\m\shared\Easy AuctionTools 5.36.zip.vir Infected: Trojan-Downloader.Win32.Bagle.asg 1
C:\Qoobox\Quarantine\C\Documents and Settings\Marcin\Application Data\m\shared\Easy HTML Construction Kit 9.21.zip.vir Infected: Trojan-Downloader.Win32.Bagle.asg 1
C:\Qoobox\Quarantine\C\Documents and Settings\Marcin\Application Data\m\shared\Easy Russian Dialogs 3.11 [Key+Serial].zip.vir Infected: Trojan-Downloader.Win32.Bagle.asg 1
C:\Qoobox\Quarantine\C\Documents and Settings\Marcin\Application Data\m\shared\Egyptian Portraits by Winifred Brunton 1.0.zip.vir Infected: Trojan-Downloader.Win32.Bagle.asg 1
C:\Qoobox\Quarantine\C\Documents and Settings\Marcin\Application Data\m\shared\eRanch 1.0.zip.vir Infected: Trojan-Downloader.Win32.Bagle.asg 1
C:\Qoobox\Quarantine\C\Documents and Settings\Marcin\Application Data\m\shared\ErgoAssist.zip.vir Infected: Trojan-Downloader.Win32.Bagle.asg 1
C:\Qoobox\Quarantine\C\Documents and Settings\Marcin\Application Data\m\shared\Family Tree-Printery 3.0.zip.vir Infected: Trojan-Downloader.Win32.Bagle.asg 1
C:\Qoobox\Quarantine\C\Documents and Settings\Marcin\Application Data\m\shared\FastOpen XP Gold 3.0.zip.vir Infected: Trojan-Downloader.Win32.Bagle.asg 1
C:\Qoobox\Quarantine\C\Documents and Settings\Marcin\Application Data\m\shared\FCOPY 1.12 Crack.zip.vir Infected: Trojan-Downloader.Win32.Bagle.asg 1
C:\Qoobox\Quarantine\C\Documents and Settings\Marcin\Application Data\m\shared\File Maven Pro 2.21 Patch.zip.vir Infected: Trojan-Downloader.Win32.Bagle.asg 1
C:\Qoobox\Quarantine\C\Documents and Settings\Marcin\Application Data\m\shared\File Maven Pro 2.21.zip.vir Infected: Trojan-Downloader.Win32.Bagle.asg 1
C:\Qoobox\Quarantine\C\Documents and Settings\Marcin\Application Data\m\shared\File Tracker 1.0 Crack.zip.vir Infected: Trojan-Downloader.Win32.Bagle.asg 1
C:\Qoobox\Quarantine\C\Documents and Settings\Marcin\Application Data\m\shared\Fleet Maintenance Pro Standard 10.0.1.19.zip.vir Infected: Trojan-Downloader.Win32.Bagle.asg 1
C:\Qoobox\Quarantine\C\Documents and Settings\Marcin\Application Data\m\shared\Fontographer 4.73.zip.vir Infected: Trojan-Downloader.Win32.Bagle.asg 1
C:\Qoobox\Quarantine\C\Documents and Settings\Marcin\Application Data\m\shared\FRS Score Collector 1.0.3.zip.vir Infected: Trojan-Downloader.Win32.Bagle.asg 1
C:\Qoobox\Quarantine\C\Documents and Settings\Marcin\Application Data\m\shared\Full Convert Enterprise 2.17.zip.vir Infected: Trojan-Downloader.Win32.Bagle.asg 1
C:\Qoobox\Quarantine\C\Documents and Settings\Marcin\Application Data\m\shared\GTI Mortsel in 3D photo 2.0.zip.vir Infected: Trojan-Downloader.Win32.Bagle.asg 1
C:\Qoobox\Quarantine\C\Documents and Settings\Marcin\Application Data\m\shared\Herbal Remedies 1.5.zip.vir Infected: Trojan-Downloader.Win32.Bagle.asg 1
C:\Qoobox\Quarantine\C\Documents and Settings\Marcin\Application Data\m\shared\HighVIP Protected Email 2.7.0.zip.vir Infected: Trojan-Downloader.Win32.Bagle.asg 1
C:\Qoobox\Quarantine\C\Documents and Settings\Marcin\Application Data\m\shared\HTML LZW Pro 2.5.0415.zip.vir Infected: Trojan-Downloader.Win32.Bagle.asg 1
C:\Qoobox\Quarantine\C\Documents and Settings\Marcin\Application Data\m\shared\Icon Extractor 1.0.0.5.zip.vir Infected: Trojan-Downloader.Win32.Bagle.asg 1
C:\Qoobox\Quarantine\C\Documents and Settings\Marcin\Application Data\m\shared\ID AntiPhishing 1.2.zip.vir Infected: Trojan-Downloader.Win32.Bagle.asg 1
C:\Qoobox\Quarantine\C\Documents and Settings\Marcin\Application Data\m\shared\Image Suit 4.0.1.zip.vir Infected: Trojan-Downloader.Win32.Bagle.asg 1
C:\Qoobox\Quarantine\C\Documents and Settings\Marcin\Application Data\m\shared\Instant Team Spring 2006 Edition 1.5.zip.vir Infected: Trojan-Downloader.Win32.Bagle.asg 1
C:\Qoobox\Quarantine\C\Documents and Settings\Marcin\Application Data\m\shared\IntelliAdmin LAN Edition 2.5.zip.vir Infected: Trojan-Downloader.Win32.Bagle.asg 1
C:\Qoobox\Quarantine\C\Documents and Settings\Marcin\Application Data\m\shared\IP Wizard Toolpack 3.0.3.zip.vir Infected: Trojan-Downloader.Win32.Bagle.asg 1
C:\Qoobox\Quarantine\C\Documents and Settings\Marcin\Application Data\m\shared\JPhotoViewer 1.1 (Key+Serial).zip.vir Infected: Trojan-Downloader.Win32.Bagle.asg 1
C:\Qoobox\Quarantine\C\Documents and Settings\Marcin\Application Data\m\shared\LEARNit Spanish Verb Tutor 1.1.zip.vir Infected: Trojan-Downloader.Win32.Bagle.asg 1
C:\Qoobox\Quarantine\C\Documents and Settings\Marcin\Application Data\m\shared\Leonardo EDA 0.01.zip.vir Infected: Trojan-Downloader.Win32.Bagle.asg 1
C:\Qoobox\Quarantine\C\Documents and Settings\Marcin\Application Data\m\shared\Magic Audio Editor Pro 10.3.11 [Crack].zip.vir Infected: Trojan-Downloader.Win32.Bagle.asg 1
C:\Qoobox\Quarantine\C\Documents and Settings\Marcin\Application Data\m\shared\Micro Menu 2.1.zip.vir Infected: Trojan-Downloader.Win32.Bagle.asg 1
C:\Qoobox\Quarantine\C\Documents and Settings\Marcin\Application Data\m\shared\MLA Survival of the Florid 3.0.2.zip.vir Infected: Trojan-Downloader.Win32.Bagle.asg 1
C:\Qoobox\Quarantine\C\Documents and Settings\Marcin\Application Data\m\shared\Movie Magic Screenwriter 2000 4.6.zip.vir Infected: Trojan-Downloader.Win32.Bagle.asg 1
C:\Qoobox\Quarantine\C\Documents and Settings\Marcin\Application Data\m\shared\Multi Project Planner 2.1.zip.vir Infected: Trojan-Downloader.Win32.Bagle.asg 1
C:\Qoobox\Quarantine\C\Documents and Settings\Marcin\Application Data\m\shared\MySQL Delete (Remove) Duplicate Entries Software 7.0 Cracked.zip.vir Infected: Trojan-Downloader.Win32.Bagle.asg 1
C:\Qoobox\Quarantine\C\Documents and Settings\Marcin\Application Data\m\shared\Nectarine Requester 1.0 Beta.zip.vir Infected: Trojan-Downloader.Win32.Bagle.asg 1
C:\Qoobox\Quarantine\C\Documents and Settings\Marcin\Application Data\m\shared\Nod32.Pl+Wpis.do.rejestru.zip.vir Infected: Trojan-Downloader.Win32.Bagle.asg 1
C:\Qoobox\Quarantine\C\Documents and Settings\Marcin\Application Data\m\shared\Nursery Rhymes Studio 1.0.zip.vir Infected: Trojan-Downloader.Win32.Bagle.asg 1
C:\Qoobox\Quarantine\C\Documents and Settings\Marcin\Application Data\m\shared\Opell Video to 3GP Converter 2.1.15.zip.vir Infected: Trojan-Downloader.Win32.Bagle.asg 1
C:\Qoobox\Quarantine\C\Documents and Settings\Marcin\Application Data\m\shared\Outlook Email Extractor 2.0.zip.vir Infected: Trojan-Downloader.Win32.Bagle.asg 1
C:\Qoobox\Quarantine\C\Documents and Settings\Marcin\Application Data\m\shared\Oxygen SMS Plugin for Alchemy Eye 1.1.zip.vir Infected: Trojan-Downloader.Win32.Bagle.asg 1
C:\Qoobox\Quarantine\C\Documents and Settings\Marcin\Application Data\m\shared\ParaWorld single-player demo.zip.vir Infected: Trojan-Downloader.Win32.Bagle.asg 1
C:\Qoobox\Quarantine\C\Documents and Settings\Marcin\Application Data\m\shared\PCSpeeder 3.0.zip.vir Infected: Trojan-Downloader.Win32.Bagle.asg 1
C:\Qoobox\Quarantine\C\Documents and Settings\Marcin\Application Data\m\shared\Perfect Companion 3.8.zip.vir Infected: Trojan-Downloader.Win32.Bagle.asg 1
C:\Qoobox\Quarantine\C\Documents and Settings\Marcin\Application Data\m\shared\Perfect4contact 3.0 [Cracked].zip.vir Infected: Trojan-Downloader.Win32.Bagle.asg 1
C:\Qoobox\Quarantine\C\Documents and Settings\Marcin\Application Data\m\shared\Photo Copier Professional 5.0.zip.vir Infected: Trojan-Downloader.Win32.Bagle.asg 1
C:\Qoobox\Quarantine\C\Documents and Settings\Marcin\Application Data\m\shared\Photo Suit 4.0.zip.vir Infected: Trojan-Downloader.Win32.Bagle.asg 1
C:\Qoobox\Quarantine\C\Documents and Settings\Marcin\Application Data\m\shared\PictureBetter 1.1 [With Crack].zip.vir Infected: Trojan-Downloader.Win32.Bagle.asg 1
C:\Qoobox\Quarantine\C\Documents and Settings\Marcin\Application Data\m\shared\Power Media Converter 1.1.zip.vir Infected: Trojan-Downloader.Win32.Bagle.asg 1
C:\Qoobox\Quarantine\C\Documents and Settings\Marcin\Application Data\m\shared\PowerLotto6 1.12.zip.vir Infected: Trojan-Downloader.Win32.Bagle.asg 1
C:\Qoobox\Quarantine\C\Documents and Settings\Marcin\Application Data\m\shared\PS Text Formatter 1.0.zip.vir Infected: Trojan-Downloader.Win32.Bagle.asg 1
C:\Qoobox\Quarantine\C\Documents and Settings\Marcin\Application Data\m\shared\pwStore 1.0.6.421.zip.vir Infected: Trojan-Downloader.Win32.Bagle.asg 1
C:\Qoobox\Quarantine\C\Documents and Settings\Marcin\Application Data\m\shared\pyFlashCards 0.2.1.zip.vir Infected: Trojan-Downloader.Win32.Bagle.asg 1
C:\Qoobox\Quarantine\C\Documents and Settings\Marcin\Application Data\m\shared\RadEdit 1.1D.zip.vir Infected: Trojan-Downloader.Win32.Bagle.asg 1
C:\Qoobox\Quarantine\C\Documents and Settings\Marcin\Application Data\m\shared\Real Lives 2007 [Key+Serial].zip.vir Infected: Trojan-Downloader.Win32.Bagle.asg 1
C:\Qoobox\Quarantine\C\Documents and Settings\Marcin\Application Data\m\shared\Reportizer 3.2.2.389.zip.vir Infected: Trojan-Downloader.Win32.Bagle.asg 1
C:\Qoobox\Quarantine\C\Documents and Settings\Marcin\Application Data\m\shared\Restoration Manager 1 build 1061.zip.vir Infected: Trojan-Downloader.Win32.Bagle.asg 1
C:\Qoobox\Quarantine\C\Documents and Settings\Marcin\Application Data\m\shared\RGS-AutoShutDown 1.2.0.zip.vir Infected: Trojan-Downloader.Win32.Bagle.asg 1
C:\Qoobox\Quarantine\C\Documents and Settings\Marcin\Application Data\m\shared\Roosl's Mail Filter 4.0 (Key+Serial).zip.vir Infected: Trojan-Downloader.Win32.Bagle.asg 1
C:\Qoobox\Quarantine\C\Documents and Settings\Marcin\Application Data\m\shared\SaveCD 0.9.zip.vir Infected: Trojan-Downloader.Win32.Bagle.asg 1
C:\Qoobox\Quarantine\C\Documents and Settings\Marcin\Application Data\m\shared\Scorched Planet demo.zip.vir Infected: Trojan-Downloader.Win32.Bagle.asg 1
C:\Qoobox\Quarantine\C\Documents and Settings\Marcin\Application Data\m\shared\Screensaver Builder 3.20.zip.vir Infected: Trojan-Downloader.Win32.Bagle.asg 1
C:\Qoobox\Quarantine\C\Documents and Settings\Marcin\Application Data\m\shared\ScreenViewer 1.8.4.zip.vir Infected: Trojan-Downloader.Win32.Bagle.asg 1
C:\Qoobox\Quarantine\C\Documents and Settings\Marcin\Application Data\m\shared\Sexy Valentine Heart Demo Screensaver 1.0 Key+Serial.zip.vir Infected: Trojan-Downloader.Win32.Bagle.asg 1
C:\Qoobox\Quarantine\C\Documents and Settings\Marcin\Application Data\m\shared\SFTPBlackbox (.NET) 5.1 (Patch).zip.vir Infected: Trojan-Downloader.Win32.Bagle.asg 1
C:\Qoobox\Quarantine\C\Documents and Settings\Marcin\Application Data\m\shared\ShortCuts 1.0 (With Crack).zip.vir Infected: Trojan-Downloader.Win32.Bagle.asg 1
C:\Qoobox\Quarantine\C\Documents and Settings\Marcin\Application Data\m\shared\Signal Generator 1.zip.vir Infected: Trojan-Downloader.Win32.Bagle.asg 1
C:\Qoobox\Quarantine\C\Documents and Settings\Marcin\Application Data\m\shared\Simple Timer 1.0.0 [Serial].zip.vir Infected: Trojan-Downloader.Win32.Bagle.asg 1
C:\Qoobox\Quarantine\C\Documents and Settings\Marcin\Application Data\m\shared\Small Business Publisher 3.2.zip.vir Infected: Trojan-Downloader.Win32.Bagle.asg 1
C:\Qoobox\Quarantine\C\Documents and Settings\Marcin\Application Data\m\shared\Smart Decimate 0.23.zip.vir Infected: Trojan-Downloader.Win32.Bagle.asg 1
C:\Qoobox\Quarantine\C\Documents and Settings\Marcin\Application Data\m\shared\SP Ace 1 [Key].zip.vir Infected: Trojan-Downloader.Win32.Bagle.asg 1
C:\Qoobox\Quarantine\C\Documents and Settings\Marcin\Application Data\m\shared\Speak Lite 1.0.41.zip.vir Infected: Trojan-Downloader.Win32.Bagle.asg 1
C:\Qoobox\Quarantine\C\Documents and Settings\Marcin\Application Data\m\shared\StartupXPert 2.1.zip.vir Infected: Trojan-Downloader.Win32.Bagle.asg 1
C:\Qoobox\Quarantine\C\Documents and Settings\Marcin\Application Data\m\shared\Stevie.Wonder.Songs.In.The.Key.Of.Life.Cd2.(192Kbps)By.Panda.zip.vir Infected: Trojan-Downloader.Win32.Bagle.asg 1
C:\Qoobox\Quarantine\C\Documents and Settings\Marcin\Application Data\m\shared\Stock Icons 1.0 Cracked.zip.vir Infected: Trojan-Downloader.Win32.Bagle.asg 1
C:\Qoobox\Quarantine\C\Documents and Settings\Marcin\Application Data\m\shared\Super AJAX Programming Seed 1.0.zip.vir Infected: Trojan-Downloader.Win32.Bagle.asg 1
C:\Qoobox\Quarantine\C\Documents and Settings\Marcin\Application Data\m\shared\System Purifier 3.38.zip.vir Infected: Trojan-Downloader.Win32.Bagle.asg 1
C:\Qoobox\Quarantine\C\Documents and Settings\Marcin\Application Data\m\shared\TermiNET 2.8.11.1575.zip.vir Infected: Trojan-Downloader.Win32.Bagle.asg 1
C:\Qoobox\Quarantine\C\Documents and Settings\Marcin\Application Data\m\shared\The Elder Scrolls III Morrowind Golem and Dragons mod.zip.vir Infected: Trojan-Downloader.Win32.Bagle.asg 1
C:\Qoobox\Quarantine\C\Documents and Settings\Marcin\Application Data\m\shared\The Howard Stern Widget 1.1.zip.vir Infected: Trojan-Downloader.Win32.Bagle.asg 1
C:\Qoobox\Quarantine\C\Documents and Settings\Marcin\Application Data\m\shared\Tidy Favorites 3.4.zip.vir Infected: Trojan-Downloader.Win32.Bagle.asg 1
C:\Qoobox\Quarantine\C\Documents and Settings\Marcin\Application Data\m\shared\Unreal Tournament 2004 OSRL mutator.zip.vir Infected: Trojan-Downloader.Win32.Bagle.asg 1
C:\Qoobox\Quarantine\C\Documents and Settings\Marcin\Application Data\m\shared\Video to iPod Converter 1.011.zip.vir Infected: Trojan-Downloader.Win32.Bagle.asg 1
C:\Qoobox\Quarantine\C\Documents and Settings\Marcin\Application Data\m\shared\Virtual Serial Port ActiveX 5.0 build 5.0.8.57.zip.vir Infected: Trojan-Downloader.Win32.Bagle.asg 1
C:\Qoobox\Quarantine\C\Documents and Settings\Marcin\Application Data\m\shared\Visio Electrical 1.1 (KeyGen).zip.vir Infected: Trojan-Downloader.Win32.Bagle.asg 1
C:\Qoobox\Quarantine\C\Documents and Settings\Marcin\Application Data\m\shared\Webcam Timershot 1.0.zip.vir Infected: Trojan-Downloader.Win32.Bagle.asg 1
C:\Qoobox\Quarantine\C\Documents and Settings\Marcin\Application Data\m\shared\What-if Analysis Manager 1.0.zip.vir Infected: Trojan-Downloader.Win32.Bagle.asg 1
C:\Qoobox\Quarantine\C\Documents and Settings\Marcin\Application Data\m\shared\WinI2C-DDC 2.30.zip.vir Infected: Trojan-Downloader.Win32.Bagle.asg 1
C:\Qoobox\Quarantine\C\Documents and Settings\Marcin\Application Data\m\shared\WordPerfect to XML HTML - WP 2 Web Publisher 1.0.zip.vir Infected: Trojan-Downloader.Win32.Bagle.asg 1
C:\Qoobox\Quarantine\C\Documents and Settings\Marcin\Application Data\m\shared\WordSmith 2.2.23.zip.vir Infected: Trojan-Downloader.Win32.Bagle.asg 1
C:\Qoobox\Quarantine\C\Documents and Settings\Marcin\Application Data\m\shared\XRM Radio ELectronic 1.1.zip.vir Infected: Trojan-Downloader.Win32.Bagle.asg 1
C:\Qoobox\Quarantine\C\Documents and Settings\Marcin\Application Data\m\shared\Yahoo Messenger Plug-In SDK 1.0b1.zip.vir Infected: Trojan-Downloader.Win32.Bagle.asg 1
C:\Qoobox\Quarantine\C\Documents and Settings\Marcin\Local Settings\Application Data\Google\Update\GoogleUpdate.exe.vir Infected: Trojan-Downloader.Win32.Bagle.ary 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\mdelk.exe.vir Infected: Email-Worm.Win32.Bagle.of 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\wintems.exe.vir Infected: Email-Worm.Win32.Bagle.of 1
C:\System Volume Information\_restore{2825C949-A1D4-4542-A907-5D8399B97DC1}\RP1\A0000022.sys Infected: Trojan-Downloader.Win32.Bagle.arw 1
C:\System Volume Information\_restore{2825C949-A1D4-4542-A907-5D8399B97DC1}\RP1\A0000034.exe Infected: Trojan-Downloader.Win32.Bagle.ary 1
C:\System Volume Information\_restore{2825C949-A1D4-4542-A907-5D8399B97DC1}\RP1\A0000059.sys Infected: Trojan-Downloader.Win32.Bagle.arw 1
C:\System Volume Information\_restore{2825C949-A1D4-4542-A907-5D8399B97DC1}\RP1\A0000060.exe Infected: Email-Worm.Win32.Bagle.of 1
C:\System Volume Information\_restore{2825C949-A1D4-4542-A907-5D8399B97DC1}\RP1\A0000061.exe Infected: Email-Worm.Win32.Bagle.of 1
C:\System Volume Information\_restore{2825C949-A1D4-4542-A907-5D8399B97DC1}\RP1\A0000062.exe Infected: Email-Worm.Win32.Bagle.of 1
C:\System Volume Information\_restore{2825C949-A1D4-4542-A907-5D8399B97DC1}\RP2\A0000195.sys Infected: Trojan-Downloader.Win32.Bagle.arw 1
C:\System Volume Information\_restore{2825C949-A1D4-4542-A907-5D8399B97DC1}\RP2\A0000197.exe Infected: Email-Worm.Win32.Bagle.of 1
C:\System Volume Information\_restore{2825C949-A1D4-4542-A907-5D8399B97DC1}\RP2\A0000264.exe Infected: Email-Worm.Win32.Bagle.of 1
C:\System Volume Information\_restore{2825C949-A1D4-4542-A907-5D8399B97DC1}\RP2\A0000265.exe Infected: Email-Worm.Win32.Bagle.of 1
C:\System Volume Information\_restore{2825C949-A1D4-4542-A907-5D8399B97DC1}\RP2\A0000292.exe Infected: Email-Worm.Win32.Bagle.of 1
C:\System Volume Information\_restore{2825C949-A1D4-4542-A907-5D8399B97DC1}\RP2\A0000293.exe Infected: Email-Worm.Win32.Bagle.of 1
C:\System Volume Information\_restore{2825C949-A1D4-4542-A907-5D8399B97DC1}\RP2\A0000315.exe Infected: Email-Worm.Win32.Bagle.of 1
C:\System Volume Information\_restore{2825C949-A1D4-4542-A907-5D8399B97DC1}\RP2\A0000329.exe Infected: Email-Worm.Win32.Bagle.of 1
C:\System Volume Information\_restore{2825C949-A1D4-4542-A907-5D8399B97DC1}\RP2\A0000339.exe Infected: Email-Worm.Win32.Bagle.of 1
C:\System Volume Information\_restore{2825C949-A1D4-4542-A907-5D8399B97DC1}\RP2\A0000394.exe Infected: Email-Worm.Win32.Bagle.of 1
C:\System Volume Information\_restore{2825C949-A1D4-4542-A907-5D8399B97DC1}\RP2\A0000410.exe Infected: Email-Worm.Win32.Bagle.of 1
C:\System Volume Information\_restore{2825C949-A1D4-4542-A907-5D8399B97DC1}\RP2\A0000507.exe Infected: Email-Worm.Win32.Bagle.of 1
C:\System Volume Information\_restore{2825C949-A1D4-4542-A907-5D8399B97DC1}\RP2\A0000520.exe Infected: Email-Worm.Win32.Bagle.of 1
C:\System Volume Information\_restore{2825C949-A1D4-4542-A907-5D8399B97DC1}\RP2\A0000528.exe Infected: Email-Worm.Win32.Bagle.of 1
C:\System Volume Information\_restore{2825C949-A1D4-4542-A907-5D8399B97DC1}\RP2\A0000537.exe Infected: Trojan-Downloader.Win32.Bagle.ary 1
C:\System Volume Information\_restore{2825C949-A1D4-4542-A907-5D8399B97DC1}\RP2\A0000538.exe Infected: Email-Worm.Win32.Bagle.of 1
C:\System Volume Information\_restore{2825C949-A1D4-4542-A907-5D8399B97DC1}\RP2\A0000540.exe Infected: Trojan-Downloader.Win32.Bagle.ary 1

The selected area was scanned.

Kindest regards
Marcin

**chemist** · 05-01-2009, 12:41 PM

Hello again, cinio.

Open Notepad and copy/paste the entire contents of the codebox below into Notepad (don't forget to copy and paste REGEDIT4):

Code:

REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000000

Save the file as fix.reg and choose to Save as type: - All Files then close the Notepad file.
It should look like this:

Double-click on fix.reg and choose Yes to merge/add it to the registry. Please delete the file afterwards.

------------------------------------------------------

All the Kaspersky finds, except for two(again, more cracks), have been quarantined by ComboFix or are in old system restore points, both of which will get deleted when we uninstall ComboFix.

Open Notepad and copy/paste the entire contents of the codebox below into Notepad:

Code:

@echo off
if exist "%temp%\log.txt" del "%temp%\log.txt"

for %%g in (

"C:\Program Files\eMule0.49c\Incoming\MessageSave 4.0.2.234\install_patch.exe"
"C:\Program Files\eMule0.49c\Incoming\MessageSave for Microsoft Outlook 3.1\crac.exe"

) do (
del /a/f/q %%g >nul 2>&1
if exist %%g echo.%%~g>>"%temp%\log.txt"
)


if exist "%temp%\log.txt" ( start notepad "%temp%\log.txt"
) else echo.Deleted Successfully !!

pause
del %0

Save this Notepad file as fix.bat and choose to Save as type: - All Files then close the Notepad file.
It should look like this:

Double-click on fix.bat to run it.

Tell me what it says in your next reply. Press any key to continue.

------------------------------------------------------

Open Notepad and copy/paste the entire contents of the codebox below into Notepad:

Code:

dir /a /s "C:\Program Files\eMule0.49c" > log.txt
notepad log.txt
del log.txt
del peek.bat

Save this as peek.bat and choose to Save as type: - All Files then close the Notepad file.
It should look like this:

Double-click on peek.bat and allow it to run. A Notepad file will open. Post the contents of that file in your next reply.

------------------------------------------------------

I'm not seeing why ZoneAlarm won't start. I would uninstall it and then reinstall it.

Yes, you can reinstall AntiVir but please refrain from running a scan until we uninstall ComboFix.

------------------------------------------------------

cinio · 05-01-2009, 01:25 PM

Hi chemist, me again

result of fix.bat -> Deleted Successfully!

result of peek.bat

Volume in drive C has no label.
Volume Serial Number is 9044-638B

Directory of C:\Program Files\eMule0.49c

2009-04-12 22:34 <DIR> .
2009-04-12 22:34 <DIR> ..
2009-04-12 22:32 13*983 changelog.ger.txt
2009-04-12 22:32 14*859 changelog.txt
2009-04-27 21:11 <DIR> config
2009-04-12 22:32 5*668*864 emule.exe
2009-04-27 11:32 <DIR> Incoming
2009-04-12 22:33 <DIR> lang
2009-04-12 22:32 17*947 license-DK.txt
2009-04-12 22:32 18*915 license-FR.txt
2009-04-12 22:32 18*401 license-GER.txt
2009-04-12 22:32 23*228 license-GR.txt
2009-04-12 22:32 22*970 license-HE.txt
2009-04-12 22:32 22*763 license-IT.txt
2009-04-12 22:32 15*492 license-KO.txt
2009-04-12 22:32 21*143 license-LT.txt
2009-04-12 22:32 20*093 license-PT_BR.txt
2009-04-12 22:32 20*397 license-PT_PT.txt
2009-04-12 22:32 32*582 license-RU.txt
2009-04-12 22:32 21*204 license-SP.txt
2009-04-12 22:32 19*976 license-TR.txt
2009-04-12 22:32 14*971 license.txt
2009-04-12 22:32 <DIR> logs
2009-04-12 22:32 12*737 readme.txt
2009-04-12 22:32 <DIR> skins
2009-04-27 21:11 <DIR> Temp
2009-04-12 22:32 17*713 Template.eMuleSkin.ini
2009-04-12 22:32 688 Template.Notifier.ini
2009-04-12 22:32 <DIR> webserver
20 File(s) 6*018*926 bytes

Directory of C:\Program Files\eMule0.49c\config

2009-04-27 21:11 <DIR> .
2009-04-27 21:11 <DIR> ..
2009-04-27 21:11 2 AC_BootstrapIPs.dat
2009-04-27 21:11 952 AC_SearchStrings.dat
2009-04-27 21:11 2 AC_ServerMetURLs.dat
2009-04-12 22:32 0 addresses.dat
2009-04-27 21:11 231 cancelled.met
2009-04-27 21:11 129*001 clients.met
2009-04-27 09:13 127*335 clients.met.bak
2009-04-12 22:32 365 cryptkey.dat
2009-04-27 10:02 1*610 downloads.bak
2009-04-27 11:32 1*242 downloads.txt
2009-04-27 21:11 5 emfriends.met
2009-04-12 22:32 115*247 eMule.tmpl
2009-04-27 21:10 607*987 key_index.dat
2009-04-27 21:11 27*199 known.met
2009-04-27 11:32 1*172*113 known2_64.met
2009-04-27 21:10 432 load_index.dat
2009-04-27 21:10 4*432 nodes.dat
2009-04-27 21:11 61 preferences.dat
2009-04-27 21:11 9*926 preferences.ini
2009-04-27 21:10 23 preferencesKad.dat
2009-04-27 21:11 5 SearchSpam.met
2009-04-27 21:11 369 server.met
2009-04-27 21:05 369 server_met.old
2009-04-27 21:11 2 shareddir.dat
2009-04-27 21:11 2 sharedfiles.dat
2009-04-27 21:10 12 src_index.dat
2009-04-12 22:32 284 staticservers.dat
2009-04-27 21:11 2*099 statistics.ini
2009-04-27 21:11 96*819 StoredSearches.met
2009-04-12 22:32 693 webservices.dat
30 File(s) 2*298*819 bytes

Directory of C:\Program Files\eMule0.49c\Incoming

2009-04-27 11:32 <DIR> .
2009-04-27 11:32 <DIR> ..
2009-04-27 11:32 62 Adobe Photoshop Extended CS4 11 FULL Serial REAL WORKS Keygen Crack Activation Final 2009(1).txt
2009-05-01 21:05 <DIR> MessageSave 4.0.2.234
2009-05-01 21:05 <DIR> MessageSave for Microsoft Outlook 3.1
1 File(s) 62 bytes

Directory of C:\Program Files\eMule0.49c\Incoming\MessageSave 4.0.2.234

2009-05-01 21:05 <DIR> .
2009-05-01 21:05 <DIR> ..
2004-07-17 02:10 36*586 changes.nfo
2006-10-27 04:06 34*656 iconv.dll
2 File(s) 71*242 bytes

Directory of C:\Program Files\eMule0.49c\Incoming\MessageSave for Microsoft Outlook 3.1

2009-05-01 21:05 <DIR> .
2009-05-01 21:05 <DIR> ..
2005-03-26 01:08 82*693 release_notes.nfo
1 File(s) 82*693 bytes

Directory of C:\Program Files\eMule0.49c\lang

2009-04-12 22:33 <DIR> .
2009-04-12 22:33 <DIR> ..
2009-04-12 22:32 110*592 de_DE.dll
2009-04-12 22:32 114*688 es_ES_T.dll
2009-04-12 22:32 114*688 fr_FR.dll
2009-04-12 22:32 114*688 it_IT.dll
2009-04-12 22:33 102*400 pl_PL.dll
5 File(s) 557*056 bytes

Directory of C:\Program Files\eMule0.49c\logs

2009-04-12 22:32 <DIR> .
2009-04-12 22:32 <DIR> ..
0 File(s) 0 bytes

Directory of C:\Program Files\eMule0.49c\skins

2009-04-12 22:32 <DIR> .
2009-04-12 22:32 <DIR> ..
0 File(s) 0 bytes

Directory of C:\Program Files\eMule0.49c\Temp

2009-04-27 21:11 <DIR> .
2009-04-27 21:11 <DIR> ..
2009-04-27 21:11 302*573*827 001.part
2009-04-27 21:11 1*029 001.part.met
2009-04-27 21:11 1*029 001.part.met.bak
2009-04-27 20:03 114*776*828 002.part
2009-04-27 21:11 428 002.part.met
2009-04-27 21:11 428 002.part.met.bak
2009-04-27 16:46 223*744*000 003.part
2009-04-27 21:11 683 003.part.met
2009-04-27 21:11 683 003.part.met.bak
2009-04-26 16:16 0 005.part
2009-04-27 21:11 127 005.part.met
2009-04-27 21:11 127 005.part.met.bak
12 File(s) 641*099*189 bytes

Directory of C:\Program Files\eMule0.49c\webserver

2009-04-12 22:32 <DIR> .
2009-04-12 22:32 <DIR> ..
2009-04-12 22:32 285 add_server.gif
2009-04-12 22:32 942 arrow_down.gif
2009-04-12 22:32 939 arrow_up.gif
2009-04-12 22:32 960 arrow_up_q.gif
2009-04-12 22:32 68 black.gif
2009-04-12 22:32 70 blue1.gif
2009-04-12 22:32 70 blue2.gif
2009-04-12 22:32 70 blue3.gif
2009-04-12 22:32 70 blue4.gif
2009-04-12 22:32 70 blue5.gif
2009-04-12 22:32 70 blue6.gif
2009-04-12 22:32 59 checked.gif
2009-04-12 22:32 51 checked_no.gif
2009-04-12 22:32 363 complete.gif
2009-04-12 22:32 583 completing.gif
2009-04-12 22:32 282 connecting.gif
2009-04-12 22:32 990 ct_0.gif
2009-04-12 22:32 965 ct_1.gif
2009-04-12 22:32 985 ct_a.gif
2009-04-12 22:32 983 ct_h.gif
2009-04-12 22:32 983 ct_l.gif
2009-04-12 22:32 987 ct_m.gif
2009-04-12 22:32 987 ct_s.gif
2009-04-12 22:32 965 ct_u.gif
2009-04-12 22:32 965 disconnected.gif
2009-04-12 22:32 214 downloading.gif
2009-04-12 22:32 143 error.gif
2009-04-12 22:32 965 failed.gif
2009-04-12 22:32 1*406 favicon.ico
2009-04-12 22:32 255 file.gif
2009-04-12 22:32 258 filedown.gif
2009-04-12 22:32 971 filetype_archive.gif
2009-04-12 22:32 944 filetype_audio.gif
2009-04-12 22:32 947 filetype_cdimage.gif
2009-04-12 22:32 969 filetype_document.gif
2009-04-12 22:32 1*007 filetype_emulecollection.gif
2009-04-12 22:32 965 filetype_other.gif
2009-04-12 22:32 974 filetype_picture.gif
2009-04-12 22:32 950 filetype_program.gif
2009-04-12 22:32 936 filetype_video.gif
2009-04-12 22:32 60 green.gif
2009-04-12 22:32 57 greenpercent.gif
2009-04-12 22:32 235 hashing.gif
2009-04-12 22:32 395 high.gif
2009-04-12 22:32 2*530 h_emule.gif
2009-04-12 22:32 1*494 h_graph.gif
2009-04-12 22:32 1*021 h_graphs.gif
2009-04-12 22:32 1*677 h_kad.gif
2009-04-12 22:32 176 h_log.gif
2009-04-12 22:32 1*055 h_preferences.gif
2009-04-12 22:32 1*512 h_search.gif
2009-04-12 22:32 1*552 h_server.gif
2009-04-12 22:32 1*511 h_shared.gif
2009-04-12 22:32 1*021 h_statistic.gif
2009-04-12 22:32 1*441 h_transfer.gif
2009-04-12 22:32 123 is_a4af.gif
2009-04-12 22:32 138 is_banned.gif
2009-04-12 22:32 134 is_credit.gif
2009-04-12 22:32 140 is_friend.gif
2009-04-12 22:32 124 is_getflc.gif
2009-04-12 22:32 873 is_halfcmtbad.gif
2009-04-12 22:32 872 is_halfcmtgood.gif
2009-04-12 22:32 50 is_halfnone.gif
2009-04-12 22:32 55 is_none.gif
2009-04-12 22:32 139 is_release.gif
2009-04-12 22:32 191 is_static.gif
2009-04-12 22:32 890 login_bottom.gif
2009-04-12 22:32 1*181 login_downmain.gif
2009-04-12 22:32 107 login_lefttop.gif
2009-04-12 22:32 592 login_righttop.gif
2009-04-12 22:32 602 login_top.gif
2009-04-12 22:32 1*491 login_topdown.gif
2009-04-12 22:32 158 login_topseperator.gif
2009-04-12 22:32 25*676 logo.jpg
2009-04-12 22:32 395 low.gif
2009-04-12 22:32 106 l_add.gif
2009-04-12 22:32 122 l_calendar.gif
2009-04-12 22:32 873 l_cancel.gif
2009-04-12 22:32 127 l_catarrow.gif
2009-04-12 22:32 100 l_category.gif
2009-04-12 22:32 140 l_catprio.gif
2009-04-12 22:32 138 l_clear.gif
2009-04-12 22:32 261 l_clock.gif
2009-04-12 22:32 391 l_close.gif
2009-04-12 22:32 906 l_comments.gif
2009-04-12 22:32 375 l_con.gif
2009-04-12 22:32 970 l_connect.gif
2009-04-12 22:32 73 l_dndoublearrow.gif
2009-04-12 22:32 59 l_downarrow.gif
2009-04-12 22:32 1*004 l_ed2klink.gif
2009-04-12 22:32 161 l_filedonkey.gif
2009-04-12 22:32 635 l_filesearch.gif
2009-04-12 22:32 560 l_forum.gif
2009-04-12 22:32 1*009 l_friend.gif
2009-04-12 22:32 220 l_getflc.gif
2009-04-12 22:32 149 l_hasherror.gif
2009-04-12 22:32 353 l_homepage.gif
2009-04-12 22:32 364 l_info.gif
2009-04-12 22:32 601 l_logout.gif
2009-04-12 22:32 143 l_none.gif
2009-04-12 22:32 1*206 l_options.gif
2009-04-12 22:32 876 l_pause.gif
2009-04-12 22:32 234 l_reboot.gif
2009-04-12 22:32 90 l_remove.gif
2009-04-12 22:32 972 l_rename.gif
2009-04-12 22:32 870 l_resume.gif
2009-04-12 22:32 986 l_search.gif
2009-04-12 22:32 991 l_server.gif
2009-04-12 22:32 356 l_shared.gif
2009-04-12 22:32 57 l_showcat.gif
2009-04-12 22:32 394 l_shutdown.gif
2009-04-12 22:32 153 l_sources_0.gif
2009-04-12 22:32 207 l_sources_10.gif
2009-04-12 22:32 207 l_sources_25.gif
2009-04-12 22:32 209 l_sources_5.gif
2009-04-12 22:32 204 l_sources_50.gif
2009-04-12 22:32 874 l_static.gif
2009-04-12 22:32 911 l_stop.gif
2009-04-12 22:32 499 l_timer.gif
2009-04-12 22:32 189 l_timer_off.gif
2009-04-12 22:32 59 l_uparrow.gif
2009-04-12 22:32 73 l_updoublearrow.gif
2009-04-12 22:32 374 l_users.gif
2009-04-12 22:32 364 l_version.gif
2009-04-12 22:32 38 main_bg.gif
2009-04-12 22:32 57 main_menubg.gif
2009-04-12 22:32 277 main_topbar.gif
2009-04-12 22:32 277 main_topbardarker.gif
2009-04-12 22:32 1*405 main_topbarseperator.gif
2009-04-12 22:32 980 m_category.gif
2009-04-12 22:32 996 m_catprio.gif
2009-04-12 22:32 911 m_clearcompleted.gif
2009-04-12 22:32 350 paused.gif
2009-04-12 22:32 68 p_black.gif
2009-04-12 22:32 70 p_blue1.gif
2009-04-12 22:32 70 p_blue2.gif
2009-04-12 22:32 70 p_blue3.gif
2009-04-12 22:32 70 p_blue4.gif
2009-04-12 22:32 70 p_blue5.gif
2009-04-12 22:32 70 p_blue6.gif
2009-04-12 22:32 60 p_green.gif
2009-04-12 22:32 57 p_greenpercent.gif
2009-04-12 22:32 60 p_red.gif
2009-04-12 22:32 60 p_yellow.gif
2009-04-12 22:32 678 qs_con.jpg
2009-04-12 22:32 677 qs_down.jpg
2009-04-12 22:32 672 qs_up.jpg
2009-04-12 22:32 672 qs_user.jpg
2009-04-12 22:32 60 red.gif
2009-04-12 22:32 248 stalled.gif
2009-04-12 22:32 68 stats_0.gif
2009-04-12 22:32 895 stats_1.gif
2009-04-12 22:32 598 stats_10.gif
2009-04-12 22:32 375 stats_11.gif
2009-04-12 22:32 244 stats_12.gif
2009-04-12 22:32 899 stats_13.gif
2009-04-12 22:32 163 stats_14.gif
2009-04-12 22:32 165 stats_15.gif
2009-04-12 22:32 165 stats_16.gif
2009-04-12 22:32 941 stats_17.gif
2009-04-12 22:32 974 stats_2.gif
2009-04-12 22:32 371 stats_3.gif
2009-04-12 22:32 965 stats_4.gif
2009-04-12 22:32 961 stats_5.gif
2009-04-12 22:32 939 stats_6.gif
2009-04-12 22:32 942 stats_7.gif
2009-04-12 22:32 391 stats_8.gif
2009-04-12 22:32 244 stats_9.gif
2009-04-12 22:32 61 stats_back.gif
2009-04-12 22:32 91 stats_con.gif
2009-04-12 22:32 91 stats_down.gif
2009-04-12 22:32 203 stats_hidden.gif
2009-04-12 22:32 55 stats_space.gif
2009-04-12 22:32 91 stats_up.gif
2009-04-12 22:32 200 stats_visible.gif
2009-04-12 22:32 358 stopped.gif
2009-04-12 22:32 43 transparent.gif
2009-04-12 22:32 1*062 t_complete.gif
2009-04-12 22:32 1*062 t_completing.gif
2009-04-12 22:32 998 t_connecting.gif
2009-04-12 22:32 970 t_downloading.gif
2009-04-12 22:32 1*052 t_error.gif
2009-04-12 22:32 1*065 t_hashing.gif
2009-04-12 22:32 999 t_next.gif
2009-04-12 22:32 1*057 t_paused.gif
2009-04-12 22:32 970 t_stalled.gif
2009-04-12 22:32 1*052 t_stopped.gif
2009-04-12 22:32 1*003 t_uploading.gif
2009-04-12 22:32 968 t_waiting.gif
2009-04-12 22:32 1*057 t_waitinghash.gif
2009-04-12 22:32 357 waiting.gif
2009-04-12 22:32 258 waitinghash.gif
2009-04-12 22:32 60 yellow.gif
193 File(s) 131*035 bytes

Total Files Listed:
264 File(s) 650*259*022 bytes
29 Dir(s) 197*908*598*784 bytes free

ZoneAlarm: cannot uninstall... it says it has been already uninstalled and then than I have no sufficient rights to do it (admin rights). Reinstall says: Setup is unable to log into TrueVector service and I should shut down it.
I refrainded from instaling Antivir
What should I do now?
Thank you
cinio

cinio · 05-01-2009, 01:57 PM

merely fyi
in the meantime windows installed approx. 30 updates on the reboot.
cheers
cinio

cinio · 05-01-2009, 02:48 PM

... I've managed the reinstallation of ZoneAlarm. It's working again.
Kindest regards
cinio

**chemist** · 05-01-2009, 03:13 PM

Please don't multi-post. Post once, and wait for a reply.

Now try reinstalling AntiVir and let me know.

cinio · 05-01-2009, 03:53 PM

Hi chemist,
Antivir installed - with no problmes. On your request: no scan done.
Everything looks normal now...
cinio

**chemist** · 05-01-2009, 04:40 PM

Your logs appear clean. You should be good to go.

As far as those infected objects listed in the Kaspersky report, those are safely tucked away in ComboFix's quarantine folder or in old System Restore Points, which we will be taking care of now.

Please disable Avira before uninstalling ComboFix and then re-enable it after doing so.

Go to Start >> Run and Copy/Paste the following single-line command into the Run box and click OK:

combofix /u

This will uninstall ComboFix and delete ComboFix's quarantine folder. It will also implement some cleanup procedures, remove old System Restore Points which contain previous infections, and create a fresh, clean System Restore point.

Please re-enable your antivirus program and any other antispyware programs disabled earlier if you haven't already.

You can safely delete any tools downloaded or any logs, files, and any shortcuts on your desktop that were created during this fix.

------------------------------------------------------

MICROSOFT UPDATES
It is very important that you get all of the critical updates for your Operating System and Internet Explorer. Keeping your OS and browser up to date will help make you less susceptible to attacks by Trojans and viruses. Please go to Microsoft and download all the critical updates to help prevent possible re-infection.

SPYWARE PREVENTION
This is a good time to set up protection against further attacks. In light of your recent problem, I'm sure you'd like to avoid any future infections. Please read these well written articles:

How Did I Get Infected In The First Place? by TonyKlein
How to Prevent Malware by miekiemoes

To help protect your computer in the future I recommend that you get the following free programs if you do not already have them:

SpywareBlaster prevents the installation of ActiveX-based malware, blocks cookies, and restricts the actions of "bad" sites in Internet Explorer. See tutorial here
IE-Spyad is another excellent program that places over 5000 dubious websites and domains in the IE Restricted list, which will help prevent attempts to infect your system. It basically prevents any downloads from the sites listed, although you will still be able to connect to the site. See tutorial here
MVPS HOSTS FILE replaces your current HOSTS file with one that will restrict known ad sites from serving you unsolicited advertisements. It basically prevents your computer from connecting to those sites by redirecting the attempted connections to 127.0.0.1, which is the IP of your local computer. See guide here and for Windows Vista here

Keep your antivirus program and antispyware programs updated and scan with them on a regular basis.

Please respond to this thread one more time so we can mark this thread as resolved.

cinio · 05-02-2009, 03:50 AM

Dear chemist,
Thank you!
Everything is in line now; I've installed the three new programs you suggested... and will be very careful now while I am browsing.
Greetings from Switzerland
cinio

**chemist** · 05-02-2009, 06:22 AM

You're welcome, cinio! Glad to have helped.

05-01-2009, 07:16 AM	#2 (permalink)
chemist Moderator, Analyst, Security Team; Rangemaster, TSF Academy Join Date: Oct 2007 Location: Georgia Posts: 10,627 OS: XP SP3	Re: Please help; Win32 problem Hello and Welcome to TSF. Please Subscribe to this Thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant notification by email, then click Add Subscription. Please note that the forum is very busy and if I don't hear from you within three days this thread will be closed. Please copy this page to Notepad and Save it to your Desktop in order to assist you when carrying out the following instructions. Before beginning the fix, read this post completely. If there's anything that you do not understand, kindly ask your questions before proceeding. Ensure that there aren't any opened browsers when you are carrying out the procedures below. It is IMPORTANT that you don't miss a step & perform everything in the correct order/sequence. ------------------------------------------------------ Download ComboFix from any of the links below. You *must* rename it to Combo-Fix before saving it. Save it to your Desktop. If you are using Firefox, go to Tools > Options > Main and select 'Always ask me where to save files' and click OK. Link 1 Link 2 Link 3 * IMPORTANT !!! Save Combo-Fix.exe to your Desktop ------------------------------------------------------ Disable your AntiVirus and AntiSpyware applications, usually via a right-click on the System Tray icon. They may otherwise interfere with our tools. Get help here Double-click on Combo-Fix.exe & follow the prompts. As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware. Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console. Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures. Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message: Click on Yes to continue scanning for malware. When finished, it shall produce a log for you. Please include the C:\ComboFix.txt** in your next reply. ------------------------------------------------------ __________________ Our help is free but please donate Proud member of ASAP Proud member of UNITE

05-01-2009, 09:18 AM	#3 (permalink)
cinio Registered User Join Date: Apr 2009 Posts: 8 OS: XP	Re: Please help; Win32 problem Dear chemist, thank you for your reply! ComboFix found that AtiVir Desktop is running and I could not disabled it as on system tray I had no icon of the program and the virus did not allow to start the program - I've just deinstalled Antivir. See the results of ComboFix.txt. I do nor much understand from this but it looks bad... ComboFix 09-04-30.056 - Marcin 2009-05-01 16:59.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.758 [GMT 2:00] Running from: c:\documents and settings\Marcin\Desktop\Combo-Fix.exe FW: ZoneAlarm Firewall enabled . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\Marcin\Application Data\drivers\downld c:\documents and settings\Marcin\Application Data\drivers\downld\100078.exe c:\documents and settings\Marcin\Application Data\drivers\downld\100234.exe c:\documents and settings\Marcin\Application Data\drivers\downld\104062.exe c:\documents and settings\Marcin\Application Data\drivers\downld\104796.exe c:\documents and settings\Marcin\Application Data\drivers\downld\105109.exe c:\documents and settings\Marcin\Application Data\drivers\downld\105953.exe c:\documents and settings\Marcin\Application Data\drivers\downld\107125.exe c:\documents and settings\Marcin\Application Data\drivers\downld\107531.exe c:\documents and settings\Marcin\Application Data\drivers\downld\108593.exe c:\documents and settings\Marcin\Application Data\drivers\downld\110890.exe c:\documents and settings\Marcin\Application Data\drivers\downld\111406.exe c:\documents and settings\Marcin\Application Data\drivers\downld\11282406.exe c:\documents and settings\Marcin\Application Data\drivers\downld\11283406.exe c:\documents and settings\Marcin\Application Data\drivers\downld\11283750.exe c:\documents and settings\Marcin\Application Data\drivers\downld\11298218.exe c:\documents and settings\Marcin\Application Data\drivers\downld\11300453.exe c:\documents and settings\Marcin\Application Data\drivers\downld\11301031.exe c:\documents and settings\Marcin\Application Data\drivers\downld\11311203.exe c:\documents and settings\Marcin\Application Data\drivers\downld\11313703.exe c:\documents and settings\Marcin\Application Data\drivers\downld\11314515.exe c:\documents and settings\Marcin\Application Data\drivers\downld\11338921.exe c:\documents and settings\Marcin\Application Data\drivers\downld\113765.exe c:\documents and settings\Marcin\Application Data\drivers\downld\11413078.exe c:\documents and settings\Marcin\Application Data\drivers\downld\11417000.exe c:\documents and settings\Marcin\Application Data\drivers\downld\11418234.exe c:\documents and settings\Marcin\Application Data\drivers\downld\11418546.exe c:\documents and settings\Marcin\Application Data\drivers\downld\11436687.exe c:\documents and settings\Marcin\Application Data\drivers\downld\11437265.exe c:\documents and settings\Marcin\Application Data\drivers\downld\11443171.exe c:\documents and settings\Marcin\Application Data\drivers\downld\11443843.exe c:\documents and settings\Marcin\Application Data\drivers\downld\11443859.exe c:\documents and settings\Marcin\Application Data\drivers\downld\11448625.exe c:\documents and settings\Marcin\Application Data\drivers\downld\11449781.exe c:\documents and settings\Marcin\Application Data\drivers\downld\11450187.exe c:\documents and settings\Marcin\Application Data\drivers\downld\11450859.exe c:\documents and settings\Marcin\Application Data\drivers\downld\11477375.exe c:\documents and settings\Marcin\Application Data\drivers\downld\115062.exe c:\documents and settings\Marcin\Application Data\drivers\downld\115406.exe c:\documents and settings\Marcin\Application Data\drivers\downld\116484.exe c:\documents and settings\Marcin\Application Data\drivers\downld\11665640.exe c:\documents and settings\Marcin\Application Data\drivers\downld\11667625.exe c:\documents and settings\Marcin\Application Data\drivers\downld\11668171.exe c:\documents and settings\Marcin\Application Data\drivers\downld\11751796.exe c:\documents and settings\Marcin\Application Data\drivers\downld\11845625.exe c:\documents and settings\Marcin\Application Data\drivers\downld\11862796.exe c:\documents and settings\Marcin\Application Data\drivers\downld\11868359.exe c:\documents and settings\Marcin\Application Data\drivers\downld\11868765.exe c:\documents and settings\Marcin\Application Data\drivers\downld\11868843.exe c:\documents and settings\Marcin\Application Data\drivers\downld\11869593.exe c:\documents and settings\Marcin\Application Data\drivers\downld\118703.exe c:\documents and settings\Marcin\Application Data\drivers\downld\11870640.exe c:\documents and settings\Marcin\Application Data\drivers\downld\11870750.exe c:\documents and settings\Marcin\Application Data\drivers\downld\119125.exe c:\documents and settings\Marcin\Application Data\drivers\downld\131937.exe c:\documents and settings\Marcin\Application Data\drivers\downld\133312.exe c:\documents and settings\Marcin\Application Data\drivers\downld\133703.exe c:\documents and settings\Marcin\Application Data\drivers\downld\149765.exe c:\documents and settings\Marcin\Application Data\drivers\downld\154609.exe c:\documents and settings\Marcin\Application Data\drivers\downld\155234.exe c:\documents and settings\Marcin\Application Data\drivers\downld\166343.exe c:\documents and settings\Marcin\Application Data\drivers\downld\16891937.exe c:\documents and settings\Marcin\Application Data\drivers\downld\16892921.exe c:\documents and settings\Marcin\Application Data\drivers\downld\16893109.exe c:\documents and settings\Marcin\Application Data\drivers\downld\16898484.exe c:\documents and settings\Marcin\Application Data\drivers\downld\16903265.exe c:\documents and settings\Marcin\Application Data\drivers\downld\16903750.exe c:\documents and settings\Marcin\Application Data\drivers\downld\16904812.exe c:\documents and settings\Marcin\Application Data\drivers\downld\16905453.exe c:\documents and settings\Marcin\Application Data\drivers\downld\16906015.exe c:\documents and settings\Marcin\Application Data\drivers\downld\169062.exe c:\documents and settings\Marcin\Application Data\drivers\downld\16995640.exe c:\documents and settings\Marcin\Application Data\drivers\downld\16996312.exe c:\documents and settings\Marcin\Application Data\drivers\downld\16996796.exe c:\documents and settings\Marcin\Application Data\drivers\downld\17010937.exe c:\documents and settings\Marcin\Application Data\drivers\downld\17011406.exe c:\documents and settings\Marcin\Application Data\drivers\downld\17011578.exe c:\documents and settings\Marcin\Application Data\drivers\downld\170140.exe c:\documents and settings\Marcin\Application Data\drivers\downld\17017046.exe c:\documents and settings\Marcin\Application Data\drivers\downld\17017859.exe c:\documents and settings\Marcin\Application Data\drivers\downld\17017890.exe c:\documents and settings\Marcin\Application Data\drivers\downld\17021625.exe c:\documents and settings\Marcin\Application Data\drivers\downld\17022546.exe c:\documents and settings\Marcin\Application Data\drivers\downld\17023062.exe c:\documents and settings\Marcin\Application Data\drivers\downld\17024171.exe c:\documents and settings\Marcin\Application Data\drivers\downld\17025000.exe c:\documents and settings\Marcin\Application Data\drivers\downld\17025421.exe c:\documents and settings\Marcin\Application Data\drivers\downld\17030750.exe c:\documents and settings\Marcin\Application Data\drivers\downld\17134203.exe c:\documents and settings\Marcin\Application Data\drivers\downld\17135781.exe c:\documents and settings\Marcin\Application Data\drivers\downld\17136968.exe c:\documents and settings\Marcin\Application Data\drivers\downld\17206921.exe c:\documents and settings\Marcin\Application Data\drivers\downld\17207390.exe c:\documents and settings\Marcin\Application Data\drivers\downld\17207609.exe c:\documents and settings\Marcin\Application Data\drivers\downld\17225218.exe c:\documents and settings\Marcin\Application Data\drivers\downld\17225375.exe c:\documents and settings\Marcin\Application Data\drivers\downld\17225437.exe c:\documents and settings\Marcin\Application Data\drivers\downld\17225703.exe c:\documents and settings\Marcin\Application Data\drivers\downld\17225796.exe c:\documents and settings\Marcin\Application Data\drivers\downld\17225828.exe c:\documents and settings\Marcin\Application Data\drivers\downld\174171.exe c:\documents and settings\Marcin\Application Data\drivers\downld\181640.exe c:\documents and settings\Marcin\Application Data\drivers\downld\182765.exe c:\documents and settings\Marcin\Application Data\drivers\downld\183109.exe c:\documents and settings\Marcin\Application Data\drivers\downld\197859.exe c:\documents and settings\Marcin\Application Data\drivers\downld\201375.exe c:\documents and settings\Marcin\Application Data\drivers\downld\201906.exe c:\documents and settings\Marcin\Application Data\drivers\downld\203046.exe c:\documents and settings\Marcin\Application Data\drivers\downld\203343.exe c:\documents and settings\Marcin\Application Data\drivers\downld\203531.exe c:\documents and settings\Marcin\Application Data\drivers\downld\211062.exe c:\documents and settings\Marcin\Application Data\drivers\downld\212812.exe c:\documents and settings\Marcin\Application Data\drivers\downld\213500.exe c:\documents and settings\Marcin\Application Data\drivers\downld\2163437.exe c:\documents and settings\Marcin\Application Data\drivers\downld\2164406.exe c:\documents and settings\Marcin\Application Data\drivers\downld\2164703.exe c:\documents and settings\Marcin\Application Data\drivers\downld\217312.exe c:\documents and settings\Marcin\Application Data\drivers\downld\2173421.exe c:\documents and settings\Marcin\Application Data\drivers\downld\2174343.exe c:\documents and settings\Marcin\Application Data\drivers\downld\2174765.exe c:\documents and settings\Marcin\Application Data\drivers\downld\2175718.exe c:\documents and settings\Marcin\Application Data\drivers\downld\2177796.exe c:\documents and settings\Marcin\Application Data\drivers\downld\2178234.exe c:\documents and settings\Marcin\Application Data\drivers\downld\2269687.exe c:\documents and settings\Marcin\Application Data\drivers\downld\2270093.exe c:\documents and settings\Marcin\Application Data\drivers\downld\2271375.exe c:\documents and settings\Marcin\Application Data\drivers\downld\2284906.exe c:\documents and settings\Marcin\Application Data\drivers\downld\2285406.exe c:\documents and settings\Marcin\Application Data\drivers\downld\2285718.exe c:\documents and settings\Marcin\Application Data\drivers\downld\2290828.exe c:\documents and settings\Marcin\Application Data\drivers\downld\2291406.exe c:\documents and settings\Marcin\Application Data\drivers\downld\2291421.exe c:\documents and settings\Marcin\Application Data\drivers\downld\2295218.exe c:\documents and settings\Marcin\Application Data\drivers\downld\2296218.exe c:\documents and settings\Marcin\Application Data\drivers\downld\2296734.exe c:\documents and settings\Marcin\Application Data\drivers\downld\2297312.exe c:\documents and settings\Marcin\Application Data\drivers\downld\2298031.exe c:\documents and settings\Marcin\Application Data\drivers\downld\2298421.exe c:\documents and settings\Marcin\Application Data\drivers\downld\2303453.exe c:\documents and settings\Marcin\Application Data\drivers\downld\2401796.exe c:\documents and settings\Marcin\Application Data\drivers\downld\2404031.exe c:\documents and settings\Marcin\Application Data\drivers\downld\2404656.exe c:\documents and settings\Marcin\Application Data\drivers\downld\2472500.exe c:\documents and settings\Marcin\Application Data\drivers\downld\2473406.exe c:\documents and settings\Marcin\Application Data\drivers\downld\2473609.exe c:\documents and settings\Marcin\Application Data\drivers\downld\2488437.exe c:\documents and settings\Marcin\Application Data\drivers\downld\2488609.exe c:\documents and settings\Marcin\Application Data\drivers\downld\2488640.exe c:\documents and settings\Marcin\Application Data\drivers\downld\2488968.exe c:\documents and settings\Marcin\Application Data\drivers\downld\2489609.exe c:\documents and settings\Marcin\Application Data\drivers\downld\281156.exe c:\documents and settings\Marcin\Application Data\drivers\downld\281875.exe c:\documents and settings\Marcin\Application Data\drivers\downld\282406.exe c:\documents and settings\Marcin\Application Data\drivers\downld\288078.exe c:\documents and settings\Marcin\Application Data\drivers\downld\289015.exe c:\documents and settings\Marcin\Application Data\drivers\downld\289078.exe c:\documents and settings\Marcin\Application Data\drivers\downld\293468.exe c:\documents and settings\Marcin\Application Data\drivers\downld\294515.exe c:\documents and settings\Marcin\Application Data\drivers\downld\295015.exe c:\documents and settings\Marcin\Application Data\drivers\downld\295703.exe c:\documents and settings\Marcin\Application Data\drivers\downld\296406.exe c:\documents and settings\Marcin\Application Data\drivers\downld\296843.exe c:\documents and settings\Marcin\Application Data\drivers\downld\303078.exe c:\documents and settings\Marcin\Application Data\drivers\downld\309531.exe c:\documents and settings\Marcin\Application Data\drivers\downld\31628687.exe c:\documents and settings\Marcin\Application Data\drivers\downld\31629468.exe c:\documents and settings\Marcin\Application Data\drivers\downld\31629625.exe c:\documents and settings\Marcin\Application Data\drivers\downld\31638046.exe c:\documents and settings\Marcin\Application Data\drivers\downld\31654375.exe c:\documents and settings\Marcin\Application Data\drivers\downld\31654703.exe c:\documents and settings\Marcin\Application Data\drivers\downld\31656015.exe c:\documents and settings\Marcin\Application Data\drivers\downld\31656640.exe c:\documents and settings\Marcin\Application Data\drivers\downld\31657156.exe c:\documents and settings\Marcin\Application Data\drivers\downld\317328.exe c:\documents and settings\Marcin\Application Data\drivers\downld\31785984.exe c:\documents and settings\Marcin\Application Data\drivers\downld\31786640.exe c:\documents and settings\Marcin\Application Data\drivers\downld\31787015.exe c:\documents and settings\Marcin\Application Data\drivers\downld\31801187.exe c:\documents and settings\Marcin\Application Data\drivers\downld\31801781.exe c:\documents and settings\Marcin\Application Data\drivers\downld\31801953.exe c:\documents and settings\Marcin\Application Data\drivers\downld\31807515.exe c:\documents and settings\Marcin\Application Data\drivers\downld\31807562.exe c:\documents and settings\Marcin\Application Data\drivers\downld\31807609.exe c:\documents and settings\Marcin\Application Data\drivers\downld\31812000.exe c:\documents and settings\Marcin\Application Data\drivers\downld\31812906.exe c:\documents and settings\Marcin\Application Data\drivers\downld\31813390.exe c:\documents and settings\Marcin\Application Data\drivers\downld\31815390.exe c:\documents and settings\Marcin\Application Data\drivers\downld\31816218.exe c:\documents and settings\Marcin\Application Data\drivers\downld\31816843.exe c:\documents and settings\Marcin\Application Data\drivers\downld\31822812.exe c:\documents and settings\Marcin\Application Data\drivers\downld\318484.exe c:\documents and settings\Marcin\Application Data\drivers\downld\31932046.exe c:\documents and settings\Marcin\Application Data\drivers\downld\31933437.exe c:\documents and settings\Marcin\Application Data\drivers\downld\31934093.exe c:\documents and settings\Marcin\Application Data\drivers\downld\319828.exe c:\documents and settings\Marcin\Application Data\drivers\downld\32002593.exe c:\documents and settings\Marcin\Application Data\drivers\downld\32003125.exe c:\documents and settings\Marcin\Application Data\drivers\downld\32003328.exe c:\documents and settings\Marcin\Application Data\drivers\downld\32020609.exe c:\documents and settings\Marcin\Application Data\drivers\downld\32020968.exe c:\documents and settings\Marcin\Application Data\drivers\downld\32021062.exe c:\documents and settings\Marcin\Application Data\drivers\downld\32021406.exe c:\documents and settings\Marcin\Application Data\drivers\downld\32021437.exe c:\documents and settings\Marcin\Application Data\drivers\downld\32021453.exe c:\documents and settings\Marcin\Application Data\drivers\downld\336125.exe c:\documents and settings\Marcin\Application Data\drivers\downld\336640.exe c:\documents and settings\Marcin\Application Data\drivers\downld\342703.exe c:\documents and settings\Marcin\Application Data\drivers\downld\343390.exe c:\documents and settings\Marcin\Application Data\drivers\downld\343421.exe c:\documents and settings\Marcin\Application Data\drivers\downld\348906.exe c:\documents and settings\Marcin\Application Data\drivers\downld\350046.exe c:\documents and settings\Marcin\Application Data\drivers\downld\350593.exe c:\documents and settings\Marcin\Application Data\drivers\downld\351406.exe c:\documents and settings\Marcin\Application Data\drivers\downld\352531.exe c:\documents and settings\Marcin\Application Data\drivers\downld\357531.exe c:\documents and settings\Marcin\Application Data\drivers\downld\358140.exe c:\documents and settings\Marcin\Application Data\drivers\downld\358687.exe c:\documents and settings\Marcin\Application Data\drivers\downld\373156.exe c:\documents and settings\Marcin\Application Data\drivers\downld\373656.exe c:\documents and settings\Marcin\Application Data\drivers\downld\373671.exe c:\documents and settings\Marcin\Application Data\drivers\downld\377343.exe c:\documents and settings\Marcin\Application Data\drivers\downld\379156.exe c:\documents and settings\Marcin\Application Data\drivers\downld\379750.exe c:\documents and settings\Marcin\Application Data\drivers\downld\383968.exe c:\documents and settings\Marcin\Application Data\drivers\downld\385062.exe c:\documents and settings\Marcin\Application Data\drivers\downld\385500.exe c:\documents and settings\Marcin\Application Data\drivers\downld\387671.exe c:\documents and settings\Marcin\Application Data\drivers\downld\433125.exe c:\documents and settings\Marcin\Application Data\drivers\downld\572687.exe c:\documents and settings\Marcin\Application Data\drivers\downld\574609.exe c:\documents and settings\Marcin\Application Data\drivers\downld\575796.exe c:\documents and settings\Marcin\Application Data\drivers\downld\647203.exe c:\documents and settings\Marcin\Application Data\drivers\downld\647968.exe c:\documents and settings\Marcin\Application Data\drivers\downld\648171.exe c:\documents and settings\Marcin\Application Data\drivers\downld\661796.exe c:\documents and settings\Marcin\Application Data\drivers\downld\665562.exe c:\documents and settings\Marcin\Application Data\drivers\downld\666000.exe c:\documents and settings\Marcin\Application Data\drivers\downld\666109.exe c:\documents and settings\Marcin\Application Data\drivers\downld\666468.exe c:\documents and settings\Marcin\Application Data\drivers\downld\667390.exe c:\documents and settings\Marcin\Application Data\drivers\downld\667406.exe c:\documents and settings\Marcin\Application Data\drivers\downld\99156.exe c:\documents and settings\Marcin\Application Data\drivers\srosa2.sys c:\documents and settings\Marcin\Application Data\drivers\wfsintwq.sys c:\documents and settings\Marcin\Application Data\drivers\winupgro.exe c:\documents and settings\Marcin\Application Data\m c:\documents and settings\Marcin\Application Data\m\data.oct c:\documents and settings\Marcin\Application Data\m\flec006.exe c:\documents and settings\Marcin\Application Data\m\list.oct c:\documents and settings\Marcin\Application Data\m\shared\#1 Bulk PageRank Checker 1.10.zip c:\documents and settings\Marcin\Application Data\m\shared\Abcc All Media Converter Platinum 4.3.zip c:\documents and settings\Marcin\Application Data\m\shared\Able2Doc - PDF to Word Conversion 3.0 (Key).zip c:\documents and settings\Marcin\Application Data\m\shared\Aevita Advanced HTML Optimizer 3.3.zip c:\documents and settings\Marcin\Application Data\m\shared\Ai Yori Aoshi 1.zip c:\documents and settings\Marcin\Application Data\m\shared\Anne Hathaway Screensaver2.zip c:\documents and settings\Marcin\Application Data\m\shared\Antechinus JavaScript Editor Standard 6.0.zip c:\documents and settings\Marcin\Application Data\m\shared\Apollo Audio DVD Creator 1.2.29.zip c:\documents and settings\Marcin\Application Data\m\shared\Argente - Process Manager 1.3.0.1.zip c:\documents and settings\Marcin\Application Data\m\shared\Armobiles 1.0.zip c:\documents and settings\Marcin\Application Data\m\shared\Aros Magic Checkers 1.5.zip c:\documents and settings\Marcin\Application Data\m\shared\AVTJet Video Studio 2.0.8.zip c:\documents and settings\Marcin\Application Data\m\shared\B3 2.993 Beta.zip c:\documents and settings\Marcin\Application Data\m\shared\BatMan Widget 3.1.4.zip c:\documents and settings\Marcin\Application Data\m\shared\Battlefield 1942 - ADCAP Destroyer mod.zip c:\documents and settings\Marcin\Application Data\m\shared\Birthday Bios 4.3.0 Crack.zip c:\documents and settings\Marcin\Application Data\m\shared\Boyer-Moore Search Implementation 1.12.zip c:\documents and settings\Marcin\Application Data\m\shared\Business Restructuring Expert 1.7 Key+Serial.zip c:\documents and settings\Marcin\Application Data\m\shared\CA Anti-Spam 5.0.416.zip c:\documents and settings\Marcin\Application Data\m\shared\Christmas Screensaver 3.0.zip c:\documents and settings\Marcin\Application Data\m\shared\CloseMany 2.3.zip c:\documents and settings\Marcin\Application Data\m\shared\CoffeeCup WebCam 3.5.zip c:\documents and settings\Marcin\Application Data\m\shared\CRD Subscription 6.1.zip c:\documents and settings\Marcin\Application Data\m\shared\CrossVC XXL 2.0.zip c:\documents and settings\Marcin\Application Data\m\shared\Crystal REVS for C 2.75.zip c:\documents and settings\Marcin\Application Data\m\shared\Cue Club.zip c:\documents and settings\Marcin\Application Data\m\shared\Curtain 1.zip c:\documents and settings\Marcin\Application Data\m\shared\Data Master 2003 11.8.0.305 Beta.zip c:\documents and settings\Marcin\Application Data\m\shared\DataConversionTools.com CSVtoSQL Converter 1.01 [Key].zip c:\documents and settings\Marcin\Application Data\m\shared\Developer Spell Check Engine 4.0.0.zip c:\documents and settings\Marcin\Application Data\m\shared\Digital Vault 2.1.5.0 (KeyGen).zip c:\documents and settings\Marcin\Application Data\m\shared\DiskView 3.6.zip c:\documents and settings\Marcin\Application Data\m\shared\DriveHQ FileManager with FTP Hosting 4.0.269.zip c:\documents and settings\Marcin\Application Data\m\shared\Drugstore.com Explorer 1.0.zip c:\documents and settings\Marcin\Application Data\m\shared\Easy AuctionTools 5.36.zip c:\documents and settings\Marcin\Application Data\m\shared\Easy HTML Construction Kit 9.21.zip c:\documents and settings\Marcin\Application Data\m\shared\Easy Russian Dialogs 3.11 [Key+Serial].zip c:\documents and settings\Marcin\Application Data\m\shared\Egyptian Portraits by Winifred Brunton 1.0.zip c:\documents and settings\Marcin\Application Data\m\shared\eRanch 1.0.zip c:\documents and settings\Marcin\Application Data\m\shared\ErgoAssist.zip c:\documents and settings\Marcin\Application Data\m\shared\Family Tree-Printery 3.0.zip c:\documents and settings\Marcin\Application Data\m\shared\FastOpen XP Gold 3.0.zip c:\documents and settings\Marcin\Application Data\m\shared\FCOPY 1.12 Crack.zip c:\documents and settings\Marcin\Application Data\m\shared\File Maven Pro 2.21 Patch.zip c:\documents and settings\Marcin\Application Data\m\shared\File Maven Pro 2.21.zip c:\documents and settings\Marcin\Application Data\m\shared\File Tracker 1.0 Crack.zip c:\documents and settings\Marcin\Application Data\m\shared\Fleet Maintenance Pro Standard 10.0.1.19.zip c:\documents and settings\Marcin\Application Data\m\shared\Fontographer 4.73.zip c:\documents and settings\Marcin\Application Data\m\shared\FRS Score Collector 1.0.3.zip c:\documents and settings\Marcin\Application Data\m\shared\Full Convert Enterprise 2.17.zip c:\documents and settings\Marcin\Application Data\m\shared\GTI Mortsel in 3D photo 2.0.zip c:\documents and settings\Marcin\Application Data\m\shared\Herbal Remedies 1.5.zip c:\documents and settings\Marcin\Application Data\m\shared\HighVIP Protected Email 2.7.0.zip c:\documents and settings\Marcin\Application Data\m\shared\HTML LZW Pro 2.5.0415.zip c:\documents and settings\Marcin\Application Data\m\shared\Icon Extractor 1.0.0.5.zip c:\documents and settings\Marcin\Application Data\m\shared\ID AntiPhishing 1.2.zip c:\documents and settings\Marcin\Application Data\m\shared\Image Suit 4.0.1.zip c:\documents and settings\Marcin\Application Data\m\shared\Instant Team Spring 2006 Edition 1.5.zip c:\documents and settings\Marcin\Application Data\m\shared\IntelliAdmin LAN Edition 2.5.zip c:\documents and settings\Marcin\Application Data\m\shared\IP Wizard Toolpack 3.0.3.zip c:\documents and settings\Marcin\Application Data\m\shared\JPhotoViewer 1.1 (Key+Serial).zip c:\documents and settings\Marcin\Application Data\m\shared\LEARNit Spanish Verb Tutor 1.1.zip c:\documents and settings\Marcin\Application Data\m\shared\Leonardo EDA 0.01.zip c:\documents and settings\Marcin\Application Data\m\shared\Magic Audio Editor Pro 10.3.11 [Crack].zip c:\documents and settings\Marcin\Application Data\m\shared\Micro Menu 2.1.zip c:\documents and settings\Marcin\Application Data\m\shared\MLA Survival of the Florid 3.0.2.zip c:\documents and settings\Marcin\Application Data\m\shared\Movie Magic Screenwriter 2000 4.6.zip c:\documents and settings\Marcin\Application Data\m\shared\Multi Project Planner 2.1.zip c:\documents and settings\Marcin\Application Data\m\shared\MySQL Delete (Remove) Duplicate Entries Software 7.0 Cracked.zip c:\documents and settings\Marcin\Application Data\m\shared\Nectarine Requester 1.0 Beta.zip c:\documents and settings\Marcin\Application Data\m\shared\Nod32.Pl+Wpis.do.rejestru.zip c:\documents and settings\Marcin\Application Data\m\shared\Nursery Rhymes Studio 1.0.zip c:\documents and settings\Marcin\Application Data\m\shared\Opell Video to 3GP Converter 2.1.15.zip c:\documents and settings\Marcin\Application Data\m\shared\Outlook Email Extractor 2.0.zip c:\documents and settings\Marcin\Application Data\m\shared\Oxygen SMS Plugin for Alchemy Eye 1.1.zip c:\documents and settings\Marcin\Application Data\m\shared\ParaWorld single-player demo.zip c:\documents and settings\Marcin\Application Data\m\shared\PCSpeeder 3.0.zip c:\documents and settings\Marcin\Application Data\m\shared\Perfect Companion 3.8.zip c:\documents and settings\Marcin\Application Data\m\shared\Perfect4contact 3.0 [Cracked].zip c:\documents and settings\Marcin\Application Data\m\shared\Photo Copier Professional 5.0.zip c:\documents and settings\Marcin\Application Data\m\shared\Photo Suit 4.0.zip c:\documents and settings\Marcin\Application Data\m\shared\PictureBetter 1.1 [With Crack].zip c:\documents and settings\Marcin\Application Data\m\shared\Power Media Converter 1.1.zip c:\documents and settings\Marcin\Application Data\m\shared\PowerLotto6 1.12.zip c:\documents and settings\Marcin\Application Data\m\shared\PS Text Formatter 1.0.zip c:\documents and settings\Marcin\Application Data\m\shared\pwStore 1.0.6.421.zip c:\documents and settings\Marcin\Application Data\m\shared\pyFlashCards 0.2.1.zip c:\documents and settings\Marcin\Application Data\m\shared\RadEdit 1.1D.zip c:\documents and settings\Marcin\Application Data\m\shared\Real Lives 2007 [Key+Serial].zip c:\documents and settings\Marcin\Application Data\m\shared\Reportizer 3.2.2.389.zip c:\documents and settings\Marcin\Application Data\m\shared\Restoration Manager 1 build 1061.zip c:\documents and settings\Marcin\Application Data\m\shared\RGS-AutoShutDown 1.2.0.zip c:\documents and settings\Marcin\Application Data\m\shared\Roosl's Mail Filter 4.0 (Key+Serial).zip c:\documents and settings\Marcin\Application Data\m\shared\SaveCD 0.9.zip c:\documents and settings\Marcin\Application Data\m\shared\Scorched Planet demo.zip c:\documents and settings\Marcin\Application Data\m\shared\Screensaver Builder 3.20.zip c:\documents and settings\Marcin\Application Data\m\shared\ScreenViewer 1.8.4.zip c:\documents and settings\Marcin\Application Data\m\shared\Sexy Valentine Heart Demo Screensaver 1.0 Key+Serial.zip c:\documents and settings\Marcin\Application Data\m\shared\SFTPBlackbox (.NET) 5.1 (Patch).zip c:\documents and settings\Marcin\Application Data\m\shared\ShortCuts 1.0 (With Crack).zip c:\documents and settings\Marcin\Application Data\m\shared\Signal Generator 1.zip c:\documents and settings\Marcin\Application Data\m\shared\Simple Timer 1.0.0 [Serial].zip c:\documents and settings\Marcin\Application Data\m\shared\Small Business Publisher 3.2.zip c:\documents and settings\Marcin\Application Data\m\shared\Smart Decimate 0.23.zip c:\documents and settings\Marcin\Application Data\m\shared\SP Ace 1 [Key].zip c:\documents and settings\Marcin\Application Data\m\shared\Speak Lite 1.0.41.zip c:\documents and settings\Marcin\Application Data\m\shared\StartupXPert 2.1.zip c:\documents and settings\Marcin\Application Data\m\shared\Stevie.Wonder.Songs.In.The.Key.Of.Life.Cd2.(192Kbps)By.Panda.zip c:\documents and settings\Marcin\Application Data\m\shared\Stock Icons 1.0 Cracked.zip c:\documents and settings\Marcin\Application Data\m\shared\Super AJAX Programming Seed 1.0.zip c:\documents and settings\Marcin\Application Data\m\shared\System Purifier 3.38.zip c:\documents and settings\Marcin\Application Data\m\shared\TermiNET 2.8.11.1575.zip c:\documents and settings\Marcin\Application Data\m\shared\The Elder Scrolls III Morrowind Golem and Dragons mod.zip c:\documents and settings\Marcin\Application Data\m\shared\The Howard Stern Widget 1.1.zip c:\documents and settings\Marcin\Application Data\m\shared\Tidy Favorites 3.4.zip c:\documents and settings\Marcin\Application Data\m\shared\Unreal Tournament 2004 OSRL mutator.zip c:\documents and settings\Marcin\Application Data\m\shared\Video to iPod Converter 1.011.zip c:\documents and settings\Marcin\Application Data\m\shared\Virtual Serial Port ActiveX 5.0 build 5.0.8.57.zip c:\documents and settings\Marcin\Application Data\m\shared\Visio Electrical 1.1 (KeyGen).zip c:\documents and settings\Marcin\Application Data\m\shared\Webcam Timershot 1.0.zip c:\documents and settings\Marcin\Application Data\m\shared\What-if Analysis Manager 1.0.zip c:\documents and settings\Marcin\Application Data\m\shared\WinI2C-DDC 2.30.zip c:\documents and settings\Marcin\Application Data\m\shared\WordPerfect to XML HTML - WP 2 Web Publisher 1.0.zip c:\documents and settings\Marcin\Application Data\m\shared\WordSmith 2.2.23.zip c:\documents and settings\Marcin\Application Data\m\shared\XRM Radio ELectronic 1.1.zip c:\documents and settings\Marcin\Application Data\m\shared\Yahoo Messenger Plug-In SDK 1.0b1.zip c:\documents and settings\Marcin\Application Data\m\srvlist.oct c:\documents and settings\Marcin\Local Settings\Application Data\Google\Update\GoogleUpdate.exe c:\windows\system32\_003871_.tmp.dll c:\windows\system32\ban_list.txt c:\windows\system32\e100bmsg.dll c:\windows\system32\mdelk.exe c:\windows\system32\wintems.exe . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Service_SROSA -------\Legacy_SROSA -------\Legacy_SK9OU0S -------\Service_sK9Ou0s ((((((((((((((((((((((((( Files Created from 2009-04-01 to 2009-05-01 ))))))))))))))))))))))))))))))) . 2009-04-29 19:43 . 2009-04-29 19:43 -------- d--h--w c:\windows\PIF 2009-04-28 19:16 . 2008-04-14 03:41 76288 -c--a-w c:\windows\system32\dllcache\uniime.dll 2009-04-28 19:15 . 2002-08-29 12:00 92416 -c--a-w c:\windows\system32\dllcache\mga.sys 2009-04-28 19:14 . 2002-08-29 12:00 45568 -c--a-w c:\windows\system32\dllcache\browscap.dll 2009-04-28 19:00 . 2002-08-29 12:00 13312 -c--a-w c:\windows\system32\dllcache\irclass.dll 2009-04-28 19:00 . 2002-08-29 12:00 13312 ----a-w c:\windows\system32\irclass.dll 2009-04-28 19:00 . 2002-08-29 12:00 24661 -c--a-w c:\windows\system32\dllcache\spxcoins.dll 2009-04-28 19:00 . 2002-08-29 12:00 24661 ----a-w c:\windows\system32\spxcoins.dll 2009-04-26 20:47 . 2009-04-26 20:47 -------- d-----w c:\documents and settings\Edyta\Application Data\Skype 2009-04-26 20:04 . 2009-05-01 15:00 -------- d--h--w c:\documents and settings\Marcin\Application Data\drivers 2009-04-19 17:07 . 2009-04-19 17:07 -------- d-----w c:\documents and settings\Marcin\Local Settings\Application Data\Nero 2009-04-18 22:32 . 2009-04-18 22:32 -------- d-----w c:\program files\Common Files\Logitech 2009-04-18 22:32 . 2009-04-18 22:32 -------- d-----w c:\documents and settings\Marcin\Local Settings\Application Data\Downloaded Installations 2009-04-18 21:59 . 2009-04-18 21:59 -------- d-----w c:\documents and settings\Edyta\Application Data\Sony Corporation 2009-04-18 21:52 . 2009-04-18 21:52 -------- d-----w c:\documents and settings\Marcin\Local Settings\Application Data\Stardock 2009-04-18 21:44 . 2006-08-02 13:01 138 ----a-w c:\windows\system32\VIPuninstall.bat 2009-04-18 21:30 . 2009-04-18 22:27 -------- d-----w c:\windows\VIPv3 2009-04-18 20:57 . 2009-04-18 20:57 -------- d-----w c:\documents and settings\Marcin\Application Data\Sony Corporation 2009-04-18 19:34 . 2006-03-17 03:20 40544 ----a-w c:\windows\system32\drivers\DRVNDDM.SYS 2009-04-18 19:34 . 2006-06-12 01:30 89264 ----a-w c:\windows\system32\drivers\DRVMCDB.SYS 2009-04-18 19:34 . 2006-03-17 06:35 5660 ----a-w c:\windows\system32\drivers\DLACDBHM.SYS 2009-04-18 19:34 . 2006-03-17 06:34 22684 ----a-w c:\windows\system32\drivers\DLARTL_N.SYS 2009-04-18 19:34 . 2006-06-13 03:20 61500 ----a-w c:\windows\system32\DLAAPI_W.DLL 2009-04-18 19:34 . 2006-06-13 03:20 94263 ----a-w c:\windows\DLA.EXE 2009-04-18 19:34 . 2009-04-18 19:34 -------- d-----w c:\windows\system32\DLA 2009-04-18 19:34 . 2009-04-18 19:34 -------- d-----w c:\program files\Sonic 2009-04-18 19:31 . 2009-04-18 19:31 -------- d-----w c:\program files\Sony 2009-04-18 19:30 . 2009-04-18 19:30 -------- d-----w c:\documents and settings\All Users\Application Data\Sony Corporation 2009-04-18 19:28 . 2009-04-18 19:28 -------- d-----w c:\documents and settings\Marcin\Application Data\InstallShield 2009-04-18 14:00 . 2009-04-18 14:00 -------- d-----w c:\documents and settings\Marcin\05 - Mieszkanie 2009-04-18 13:59 . 2009-04-18 13:59 -------- d-----w c:\documents and settings\Marcin\04 - Kamienica 2009-04-18 13:59 . 2009-04-18 13:59 -------- d-----w c:\documents and settings\Marcin\03 - Praca 2009-04-18 13:59 . 2009-04-18 13:59 -------- d-----w c:\documents and settings\Marcin\02 - Pisma 2009-04-18 13:59 . 2009-04-18 13:59 -------- d-----w c:\documents and settings\Marcin\01 - Templates 2009-04-18 13:59 . 2009-04-18 13:59 -------- d-----w c:\documents and settings\Marcin\99 - Hand Over 2009-04-18 13:49 . 2009-04-18 13:49 -------- d-----w c:\documents and settings\Marcin\13 - Family 2009-04-18 13:43 . 2009-04-18 13:49 -------- d-----w c:\documents and settings\Marcin\12 - Nikon 2009-04-18 13:43 . 2009-04-18 13:43 -------- d-----w c:\documents and settings\Marcin\11 - Sport 2009-04-18 13:43 . 2009-04-18 13:43 -------- d-----w c:\documents and settings\Marcin\10 - Company 2009-04-18 13:39 . 2009-04-18 13:39 -------- d-----w c:\documents and settings\Marcin\08 - Zdjecia 2009-04-18 13:39 . 2009-04-18 13:39 -------- d-----w c:\documents and settings\Marcin\07 - Know-how 2009-04-18 13:39 . 2009-04-18 19:35 -------- d-----w c:\documents and settings\Marcin\06 - Mail accounts 2009-04-18 13:12 . 2009-04-18 13:12 -------- d-----w c:\documents and settings\Edyta\Application Data\Leadertech 2009-04-18 13:00 . 2005-03-22 15:20 339968 ----a-w c:\windows\stsystra.exe 2009-04-18 13:00 . 2005-11-16 13:35 172032 ----a-w c:\windows\system32\stacapi.dll 2009-04-18 13:00 . 2009-04-18 13:00 -------- d-----w c:\program files\SigmaTel 2009-04-18 09:46 . 2009-02-13 09:31 55640 ----a-w c:\windows\system32\drivers\avgntflt.sys 2009-04-18 09:30 . 2009-04-18 09:30 4212 ---ha-w c:\windows\system32\zllictbl.dat 2009-04-18 09:30 . 2009-02-15 22:10 1221512 ----a-w c:\windows\system32\zpeng25.dll 2009-04-18 09:30 . 2009-04-29 19:38 -------- d-----w c:\windows\system32\ZoneLabs 2009-04-18 09:30 . 2009-04-18 09:30 -------- d-----w c:\program files\Zone Labs 2009-04-18 09:28 . 2009-04-27 07:01 -------- d-----w c:\windows\Internet Logs 2009-04-17 22:09 . 2009-04-17 22:09 -------- d-----w c:\documents and settings\Marcin\Application Data\Leadertech 2009-04-17 21:47 . 2009-04-17 21:47 -------- d-----w c:\program files\Microsoft CAPICOM 2.1.0.2 2009-04-17 21:28 . 2009-04-17 21:28 -------- d-----w c:\program files\Secunia 2009-04-17 21:23 . 2009-04-18 13:23 -------- d-----w c:\program files\CCleaner 2009-04-17 12:34 . 2009-04-17 12:34 -------- d-----w c:\documents and settings\NetworkService\Local Settings\Application Data\Apple 2009-04-16 20:24 . 2009-04-16 20:24 -------- d-----w c:\documents and settings\Marcin\Local Settings\Application Data\Google 2009-04-16 20:24 . 2009-04-16 20:24 -------- d-----w c:\documents and settings\Marcin\Local Settings\Application Data\Deployment 2009-04-16 20:09 . 2009-04-16 20:09 127034 ------r c:\windows\bwUnin-8.1.1.50-8876480SL.exe 2009-04-16 20:08 . 2009-04-16 20:08 -------- dc----w c:\windows\system32\DRVSTORE 2009-04-16 20:07 . 2009-04-17 22:09 -------- d-----w c:\documents and settings\All Users\Application Data\Logishrd 2009-04-16 20:07 . 2009-04-17 22:09 -------- d-----w c:\program files\Common Files\LogiShrd 2009-04-16 20:07 . 2009-04-16 20:07 -------- d-----w c:\documents and settings\All Users\Application Data\Logitech 2009-04-16 20:07 . 2009-04-17 22:09 -------- d-----w c:\program files\Logitech 2009-04-16 18:46 . 2009-04-16 18:46 -------- d-----w c:\documents and settings\Edyta\Local Settings\Application Data\Microsoft Help 2009-04-16 18:43 . 2009-04-16 18:43 -------- d-----w c:\documents and settings\Edyta\Application Data\DAEMON Tools 2009-04-16 18:43 . 2009-04-16 18:45 -------- d-----w c:\documents and settings\Edyta\Application Data\DAEMON Tools Lite 2009-04-16 18:43 . 2009-04-16 18:43 -------- d-----w c:\documents and settings\Edyta\Application Data\DAEMON Tools Pro 2009-04-16 18:41 . 2009-04-17 13:09 -------- d-----w c:\documents and settings\Edyta\Application Data\Nero 2009-04-16 18:33 . 1997-05-06 04:24 447488 ----a-w c:\windows\system32\HEIDI3.DLL 2009-04-16 18:33 . 1997-05-06 04:26 721168 ----a-w c:\windows\system32\VB40032.DLL 2009-04-16 18:33 . 1997-05-06 04:15 7680 ----a-w c:\windows\system32\ADRESC.DLL 2009-04-16 18:33 . 1997-05-06 04:24 42496 ----a-w c:\windows\system32\MTSTACK.EXE 2009-04-16 18:33 . 1997-05-06 04:15 267264 ----a-w c:\windows\system32\ACADFICN.DLL 2009-04-16 18:33 . 1997-05-06 04:15 76800 ----a-w c:\windows\system32\REGACAD.DLL 2009-04-16 18:33 . 2009-04-18 13:30 -------- d-----w c:\program files\AutoCAD R14 2009-04-16 16:21 . 2008-05-03 11:55 2560 ------w c:\windows\system32\xpsp4res.dll 2009-04-15 20:28 . 2009-04-15 20:28 200192 ----a-w c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat 2009-04-15 18:30 . 2002-03-01 09:28 109840 ----a-w c:\windows\system32\drivers\hpbf242f.dll 2009-04-15 18:30 . 2002-03-01 09:26 1417488 ----a-w c:\windows\system32\drivers\hpbf242g.dll 2009-04-15 18:30 . 2002-03-01 09:27 1096464 ----a-w c:\windows\system32\drivers\hpbf242h.dll 2009-04-15 18:30 . 2001-05-04 02:31 45056 ----a-w c:\windows\system32\drivers\hpbafd32.dll 2009-04-15 18:30 . 2002-03-01 09:27 8464 ----a-w c:\windows\system32\drivers\hpbf242e.dll 2009-04-15 18:30 . 2002-03-01 09:30 290576 ----a-w c:\windows\system32\drivers\hpbf242j.dll 2009-04-15 18:30 . 2002-03-01 09:25 460800 ----a-w c:\windows\system32\drivers\hpbf242k.dll 2009-04-15 18:30 . 2000-03-13 00:58 99840 ----a-w c:\windows\system32\drivers\hpbftm32.dll 2009-04-15 18:30 . 2001-03-14 07:08 58880 ----a-w c:\windows\system32\drivers\hpdcmon.dll 2009-04-15 18:30 . 2002-03-01 09:29 351504 ----a-w c:\windows\system32\drivers\hpbf242i.dll 2009-04-15 18:28 . 2009-04-15 18:28 -------- d-----w c:\documents and settings\Edyta\Local Settings\Application Data\Help 2009-04-15 18:28 . 2009-04-15 18:28 -------- d-----w C:\lj525 2009-04-15 18:20 . 1997-01-22 13:23 299520 ----a-w c:\windows\uninst.exe 2009-04-15 18:20 . 2009-04-15 18:20 -------- d-----w c:\documents and settings\Edyta\WINDOWS 2009-04-15 18:15 . 2008-04-13 18:47 25856 ----a-w c:\windows\system32\drivers\usbprint.sys 2009-04-15 18:13 . 1993-07-22 21:00 210944 ------w c:\windows\system32\Msvcrt10.dll 2009-04-15 18:13 . 2001-03-15 03:18 65536 ------w c:\windows\system32\adistres.dll 2009-04-15 18:13 . 2001-03-15 03:18 20584 ------w c:\windows\system32\PdfPorts.dll 2009-04-15 18:13 . 2001-03-15 02:55 101200 ------w c:\windows\system32\pdfshell.dll 2009-04-15 18:13 . 2009-04-17 22:25 -------- d-----w c:\windows\system32\Adobe 2009-04-15 18:12 . 2009-04-15 18:12 -------- d-----w c:\documents and settings\Edyta\Application Data\InterTrust 2009-04-15 18:11 . 1998-10-29 12:45 306688 ----a-w c:\windows\IsUninst.exe 2009-04-15 14:28 . 2009-04-15 14:28 -------- d-----w c:\documents and settings\Edyta\Local Settings\Application Data\Apple Computer 2009-04-15 14:27 . 2009-04-15 14:27 -------- d-----w c:\documents and settings\Edyta\Application Data\Quark 2009-04-15 11:54 . 2009-04-15 11:54 -------- d-----w c:\documents and settings\Edyta\Local Settings\Application Data\Adobe 2009-04-14 21:19 . 2009-04-14 21:19 -------- d-----w c:\documents and settings\Marcin\Local Settings\Application Data\Identities 2009-04-14 20:56 . 2009-04-14 20:56 -------- d-----w c:\documents and settings\Edyta\Local Settings\Application Data\ACDSee 2009-04-14 20:56 . 2009-04-14 20:56 -------- d-----w c:\documents and settings\Edyta\Application Data\ACD Systems 2009-04-14 18:44 . 2006-10-26 17:56 32592 ----a-w c:\windows\system32\msonpmon.dll 2009-04-14 18:43 . 2009-04-16 18:51 -------- d-----w c:\program files\Microsoft Works 2009-04-14 18:42 . 2009-04-14 18:42 -------- d-----w c:\program files\Microsoft.NET 2009-04-14 18:40 . 2009-04-16 19:39 -------- d--h--w c:\windows\ShellNew 2009-04-14 18:40 . 2009-04-14 18:40 -------- d--h--r C:\MSOCache 2009-04-14 18:36 . 2009-04-14 18:36 -------- d-----w c:\documents and settings\Marcin\Application Data\DAEMON Tools 2009-04-14 18:36 . 2009-04-14 18:36 -------- d-----w c:\documents and settings\Marcin\Application Data\DAEMON Tools Pro 2009-04-14 18:35 . 2009-04-14 18:35 -------- d-----w c:\documents and settings\All Users\Application Data\DAEMON Tools Lite 2009-04-14 18:35 . 2009-04-14 18:35 -------- d-----w c:\program files\DAEMON Tools Lite 2009-04-14 18:29 . 2009-04-14 18:29 717296 ----a-w c:\windows\system32\drivers\sptd.sys 2009-04-14 18:29 . 2009-04-14 18:37 -------- d-----w c:\documents and settings\Marcin\Application Data\DAEMON Tools Lite 2009-04-14 13:39 . 2009-04-14 13:39 -------- d-----w c:\documents and settings\Edyta\Local Settings\Application Data\Autodesk 2009-04-14 13:39 . 2009-04-14 13:39 -------- d-----w c:\documents and settings\Edyta\Application Data\Autodesk 2009-04-14 09:04 . 2009-04-17 08:45 98872 ----a-w c:\documents and settings\Edyta\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2009-04-13 21:41 . 2009-04-13 21:41 -------- d-----w c:\documents and settings\Marcin\Application Data\Uniblue 2009-04-13 21:04 . 2009-04-13 21:04 -------- d-----w c:\documents and settings\Marcin\Local Settings\Application Data\PCHealth 2009-04-13 20:43 . 2009-04-13 20:43 -------- d-----w c:\documents and settings\Marcin\Local Settings\Application Data\Microsoft Help 2009-04-13 20:43 . 2009-04-17 21:52 -------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-05-01 15:04 . 2009-04-16 20:10 0 ----a-w c:\windows\system32\drivers\lvuvc.hs 2009-05-01 15:04 . 2009-04-16 20:10 0 ----a-w c:\windows\system32\drivers\logiflt.iad 2009-04-28 19:13 . 2002-08-29 12:00 67 --sha-w c:\windows\Fonts\desktop.ini 2009-04-28 19:10 . 2009-04-12 11:06 22720 ----a-w c:\windows\system32\emptyregdb.dat 2009-04-27 06:58 . 2009-04-25 08:14 1378384 ----a-w c:\windows\Internet Logs\tvDebug.Zip 2009-04-19 10:52 . 2009-04-19 10:52 98872 ----a-w c:\documents and settings\Maya Nela\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2009-04-18 12:50 . 2009-04-12 16:11 6384 ----a-w c:\windows\system32\drivers\sthdae.log 2009-04-18 09:51 . 2009-04-12 11:27 -------- d-----w c:\documents and settings\Marcin\Application Data\SUPERAntiSpyware.com 2009-04-18 09:51 . 2009-04-12 11:27 -------- d-----w c:\program files\SUPERAntiSpyware 2009-04-12 21:14 . 2009-04-12 21:14 -------- d-----w c:\program files\DivX 2009-04-12 21:14 . 2009-04-12 21:14 -------- d-----w c:\program files\Common Files\DivX Shared 2009-04-12 15:34 . 2009-04-12 11:08 86327 ----a-w c:\windows\PCHealth\HelpCtr\OfflineCache\index.dat 2009-04-12 14:57 . 2009-04-12 14:57 2678 ----a-w c:\windows\java\Packages\Data\2JV5VVZV.DAT 2009-04-12 14:57 . 2009-04-12 14:57 2678 ----a-w c:\windows\java\Packages\Data\OX35ZP39.DAT 2009-04-12 14:57 . 2009-04-12 14:57 2678 ----a-w c:\windows\java\Packages\Data\UNHN1NXB.DAT 2009-04-12 14:57 . 2009-04-12 14:57 2678 ----a-w c:\windows\java\Packages\Data\PVVPFP7T.DAT 2009-04-12 14:57 . 2009-04-12 14:57 2678 ----a-w c:\windows\java\Packages\Data\OJDJ7FNZ.DAT 2009-04-12 11:27 . 2009-04-12 11:27 -------- d-----w c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com 2009-04-12 11:09 . 2009-04-12 11:09 -------- d-----w c:\program files\microsoft frontpage 2009-04-12 11:08 . 2009-04-12 11:08 558142 ----a-w c:\windows\java\Packages\7HBD3B7F.ZIP 2009-04-12 11:08 . 2009-04-12 11:08 155995 ----a-w c:\windows\java\Packages\G4OFPRF5.ZIP 2009-03-24 11:03 . 2009-03-24 11:03 7808 ----a-w c:\windows\system32\drivers\psi_mf.sys 2009-03-06 11:54 . 2009-03-06 11:54 180224 ----a-w c:\windows\system32\Ncs2Setp.dll 2009-03-04 13:42 . 2009-03-04 13:42 760368 ----a-w c:\windows\system32\ncs2dmix.dll 2009-03-04 13:41 . 2009-03-04 13:41 530992 ----a-w c:\windows\system32\accesor.dll 2009-03-04 13:26 . 2009-03-04 13:26 141872 ----a-w c:\windows\system32\ncs2instutility.dll 2009-03-04 13:17 . 2009-03-04 13:17 1522224 ----a-w c:\windows\system32\ncscolib.dll 2009-02-24 19:35 . 2009-04-12 21:14 9464 ------w c:\windows\system32\drivers\cdralw2k.sys 2009-02-24 19:35 . 2009-04-12 21:14 9336 ------w c:\windows\system32\drivers\cdr4_xp.sys 2009-02-24 19:35 . 2009-04-12 21:14 43528 ------w c:\windows\system32\drivers\PxHelp20.sys 2009-02-24 19:35 . 2009-04-12 21:14 129784 ------w c:\windows\system32\pxafs.dll 2009-02-24 19:35 . 2009-04-12 21:14 120056 ------w c:\windows\system32\pxcpyi64.exe 2009-02-24 19:35 . 2009-04-12 21:14 118520 ------w c:\windows\system32\pxinsi64.exe 2009-02-24 19:34 . 2009-02-24 19:34 90112 ----a-w c:\windows\system32\dpl100.dll 2009-02-24 19:34 . 2009-02-24 19:34 823296 ----a-w c:\windows\system32\divx_xx0c.dll 2009-02-24 19:34 . 2009-02-24 19:34 823296 ----a-w c:\windows\system32\divx_xx07.dll 2009-02-24 19:34 . 2009-02-24 19:34 815104 ----a-w c:\windows\system32\divx_xx0a.dll 2009-02-24 19:34 . 2009-02-24 19:34 802816 ----a-w c:\windows\system32\divx_xx11.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360] "Skype"="c:\program files\Skype\Phone\Skype.exe" [2009-03-27 24103720] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-01-05 413696] "LogitechCommunicationsManager"="c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2008-08-14 565008] "LogitechQuickCamRibbon"="c:\program files\Logitech\QuickCam\Quickcam.exe" [2008-08-14 2407184] "ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2009-05-01 981384] "DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2006-06-13 127036] "SigmatelSysTrayApp"="stsystra.exe" - c:\windows\stsystra.exe [2005-03-22 339968] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360] c:\documents and settings\Marcin\Start Menu\Programs\Startup\ Secunia PSI.lnk - c:\program files\Secunia\PSI\psi.exe [2009-3-24 748840] Tworzenie wycink¢w ekranu i uruchamianie programu OneNote 2007.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2007-12-7 101440] c:\documents and settings\All Users\Start Menu\Programs\Startup\ Acrobat Assistant.lnk - c:\program files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe [2009-4-15 49254] Logitech Desktop Messenger.lnk - c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2009-4-16 66864] [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\eMule0.49c\\emule.exe"= "c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"= "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "25:TCP"= 25:TCP:File and Printer Sharing "7254:TCP"= 7254:TCP:uxul "5443:TCP"= 5443:TCP:uxul "5242:TCP"= 5242:TCP:uxul R2 chkr32;Zone Game DLL - Checkers; [x] S3 PSI;PSI;c:\windows\system32\DRIVERS\psi_mf.sys [2009-03-24 7808] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{236903ee-275e-11de-b5ba-806d6172696f}] \Shell\AutoRun\command - F:\setup.exe . Contents of the 'Scheduled Tasks' folder 2009-04-24 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34] . - - - - ORPHANS REMOVED - - - - HKCU-Run-Google Update - c:\documents and settings\Marcin\Local Settings\Application Data\Google\Update\GoogleUpdate.exe HKLM-Run-VIPv3_Auto_Update - (no file) HKLM-Run-Vistadrv - (no file) HKLM-Run-VisualTooltip - (no file) . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.ch/ IE: E&ksportuj do programu Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000 Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab . ************************************************************************ catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-05-01 17:06 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ********************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(692) c:\windows\system32\Ati2evxx.dll - - - - - - - > 'explorer.exe'(7524) c:\windows\TEMP\logishrd\LVPrcInj01.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . ------------------------ Other Running Processes ------------------------ . c:\program files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe c:\program files\Common Files\Nero\Nero BackItUp 4\NBService.exe c:\windows\system32\tcpsvcs.exe c:\windows\system32\snmp.exe c:\windows\system32\wscntfy.exe c:\program files\Common Files\LogiShrd\LQCVFX\COCIManager.exe . ************************************************************************ . Completion time: 2009-05-01 17:08 - machine was rebooted ComboFix-quarantined-files.txt 2009-05-01 15:08 Pre-Run: 197863686144 bytes free Post-Run: 198299701248 bytes free WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /noexecute=optin Current=2 Default=2 Failed=0 LastKnownGood=4 Sets=1,2,3,4 674 --- E O F --- 2009-04-16 19:00

05-01-2009, 12:13 PM	#5 (permalink)
cinio Registered User Join Date: Apr 2009 Posts: 8 OS: XP	Re: Please help; Win32 problem Hello, chemist, thank you for your support. system behavior: performance ok ; I still cannot start firewall (ZoneAlarm) - ... is not valit Win32 application message. Antivir is stll deinstalled - should I install it now? see the results from combofix and kaspersky ComboFix 09-04-30.056 - Marcin 2009-05-01 18:33.2 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.646 [GMT 2:00] Running from: c:\documents and settings\Marcin\Desktop\Combo-Fix.exe Command switches used :: c:\documents and settings\Marcin\Desktop\CFScript.txt FW: ZoneAlarm Firewall enabled FILE :: c:\windows\system32\drivers\logiflt.iad c:\windows\system32\drivers\lvuvc.hs . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\windows\system32\drivers\logiflt.iad c:\windows\system32\drivers\lvuvc.hs c:\windows\TEMP\logishrd\LVPrcInj01.dll . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_CHKR32 -------\Service_chkr32 ((((((((((((((((((((((((( Files Created from 2009-04-01 to 2009-05-01 ))))))))))))))))))))))))))))))) . 2009-04-29 19:43 . 2009-04-29 19:43 -------- d--h--w c:\windows\PIF 2009-04-28 19:16 . 2008-04-14 03:41 76288 -c--a-w c:\windows\system32\dllcache\uniime.dll 2009-04-28 19:15 . 2002-08-29 12:00 92416 -c--a-w c:\windows\system32\dllcache\mga.sys 2009-04-28 19:14 . 2002-08-29 12:00 45568 -c--a-w c:\windows\system32\dllcache\browscap.dll 2009-04-28 19:00 . 2002-08-29 12:00 13312 -c--a-w c:\windows\system32\dllcache\irclass.dll 2009-04-28 19:00 . 2002-08-29 12:00 13312 ----a-w c:\windows\system32\irclass.dll 2009-04-28 19:00 . 2002-08-29 12:00 24661 -c--a-w c:\windows\system32\dllcache\spxcoins.dll 2009-04-28 19:00 . 2002-08-29 12:00 24661 ----a-w c:\windows\system32\spxcoins.dll 2009-04-26 20:47 . 2009-04-26 20:47 -------- d-----w c:\documents and settings\Edyta\Application Data\Skype 2009-04-26 20:04 . 2009-05-01 15:00 -------- d--h--w c:\documents and settings\Marcin\Application Data\drivers 2009-04-19 17:07 . 2009-04-19 17:07 -------- d-----w c:\documents and settings\Marcin\Local Settings\Application Data\Nero 2009-04-18 22:32 . 2009-04-18 22:32 -------- d-----w c:\program files\Common Files\Logitech 2009-04-18 22:32 . 2009-04-18 22:32 -------- d-----w c:\documents and settings\Marcin\Local Settings\Application Data\Downloaded Installations 2009-04-18 21:59 . 2009-04-18 21:59 -------- d-----w c:\documents and settings\Edyta\Application Data\Sony Corporation 2009-04-18 21:52 . 2009-04-18 21:52 -------- d-----w c:\documents and settings\Marcin\Local Settings\Application Data\Stardock 2009-04-18 21:44 . 2006-08-02 13:01 138 ----a-w c:\windows\system32\VIPuninstall.bat 2009-04-18 21:30 . 2009-04-18 22:27 -------- d-----w c:\windows\VIPv3 2009-04-18 20:57 . 2009-04-18 20:57 -------- d-----w c:\documents and settings\Marcin\Application Data\Sony Corporation 2009-04-18 19:34 . 2006-03-17 03:20 40544 ----a-w c:\windows\system32\drivers\DRVNDDM.SYS 2009-04-18 19:34 . 2006-06-12 01:30 89264 ----a-w c:\windows\system32\drivers\DRVMCDB.SYS 2009-04-18 19:34 . 2006-03-17 06:35 5660 ----a-w c:\windows\system32\drivers\DLACDBHM.SYS 2009-04-18 19:34 . 2006-03-17 06:34 22684 ----a-w c:\windows\system32\drivers\DLARTL_N.SYS 2009-04-18 19:34 . 2006-06-13 03:20 61500 ----a-w c:\windows\system32\DLAAPI_W.DLL 2009-04-18 19:34 . 2006-06-13 03:20 94263 ----a-w c:\windows\DLA.EXE 2009-04-18 19:34 . 2009-04-18 19:34 -------- d-----w c:\windows\system32\DLA 2009-04-18 19:34 . 2009-04-18 19:34 -------- d-----w c:\program files\Sonic 2009-04-18 19:31 . 2009-04-18 19:31 -------- d-----w c:\program files\Sony 2009-04-18 19:30 . 2009-04-18 19:30 -------- d-----w c:\documents and settings\All Users\Application Data\Sony Corporation 2009-04-18 19:28 . 2009-04-18 19:28 -------- d-----w c:\documents and settings\Marcin\Application Data\InstallShield 2009-04-18 14:00 . 2009-04-18 14:00 -------- d-----w c:\documents and settings\Marcin\05 - Mieszkanie 2009-04-18 13:59 . 2009-04-18 13:59 -------- d-----w c:\documents and settings\Marcin\04 - Kamienica 2009-04-18 13:59 . 2009-04-18 13:59 -------- d-----w c:\documents and settings\Marcin\03 - Praca 2009-04-18 13:59 . 2009-04-18 13:59 -------- d-----w c:\documents and settings\Marcin\02 - Pisma 2009-04-18 13:59 . 2009-04-18 13:59 -------- d-----w c:\documents and settings\Marcin\01 - Templates 2009-04-18 13:59 . 2009-04-18 13:59 -------- d-----w c:\documents and settings\Marcin\99 - Hand Over 2009-04-18 13:49 . 2009-04-18 13:49 -------- d-----w c:\documents and settings\Marcin\13 - Family 2009-04-18 13:43 . 2009-04-18 13:49 -------- d-----w c:\documents and settings\Marcin\12 - Nikon 2009-04-18 13:43 . 2009-04-18 13:43 -------- d-----w c:\documents and settings\Marcin\11 - Sport 2009-04-18 13:43 . 2009-04-18 13:43 -------- d-----w c:\documents and settings\Marcin\10 - Company 2009-04-18 13:39 . 2009-04-18 13:39 -------- d-----w c:\documents and settings\Marcin\08 - Zdjecia 2009-04-18 13:39 . 2009-04-18 13:39 -------- d-----w c:\documents and settings\Marcin\07 - Know-how 2009-04-18 13:39 . 2009-04-18 19:35 -------- d-----w c:\documents and settings\Marcin\06 - Mail accounts 2009-04-18 13:12 . 2009-04-18 13:12 -------- d-----w c:\documents and settings\Edyta\Application Data\Leadertech 2009-04-18 13:00 . 2005-03-22 15:20 339968 ----a-w c:\windows\stsystra.exe 2009-04-18 13:00 . 2005-11-16 13:35 172032 ----a-w c:\windows\system32\stacapi.dll 2009-04-18 13:00 . 2009-04-18 13:00 -------- d-----w c:\program files\SigmaTel 2009-04-18 09:46 . 2009-02-13 09:31 55640 ----a-w c:\windows\system32\drivers\avgntflt.sys 2009-04-18 09:30 . 2009-04-18 09:30 4212 ---ha-w c:\windows\system32\zllictbl.dat 2009-04-18 09:30 . 2009-02-15 22:10 1221512 ----a-w c:\windows\system32\zpeng25.dll 2009-04-18 09:30 . 2009-04-29 19:38 -------- d-----w c:\windows\system32\ZoneLabs 2009-04-18 09:30 . 2009-04-18 09:30 -------- d-----w c:\program files\Zone Labs 2009-04-18 09:28 . 2009-04-27 07:01 -------- d-----w c:\windows\Internet Logs 2009-04-17 22:09 . 2009-04-17 22:09 -------- d-----w c:\documents and settings\Marcin\Application Data\Leadertech 2009-04-17 21:47 . 2009-04-17 21:47 -------- d-----w c:\program files\Microsoft CAPICOM 2.1.0.2 2009-04-17 21:28 . 2009-04-17 21:28 -------- d-----w c:\program files\Secunia 2009-04-17 21:23 . 2009-04-18 13:23 -------- d-----w c:\program files\CCleaner 2009-04-17 12:34 . 2009-04-17 12:34 -------- d-----w c:\documents and settings\NetworkService\Local Settings\Application Data\Apple 2009-04-16 20:24 . 2009-04-16 20:24 -------- d-----w c:\documents and settings\Marcin\Local Settings\Application Data\Google 2009-04-16 20:24 . 2009-04-16 20:24 -------- d-----w c:\documents and settings\Marcin\Local Settings\Application Data\Deployment 2009-04-16 20:09 . 2009-04-16 20:09 127034 ------r c:\windows\bwUnin-8.1.1.50-8876480SL.exe 2009-04-16 20:08 . 2009-04-16 20:08 -------- dc----w c:\windows\system32\DRVSTORE 2009-04-16 20:07 . 2009-04-17 22:09 -------- d-----w c:\documents and settings\All Users\Application Data\Logishrd 2009-04-16 20:07 . 2009-04-17 22:09 -------- d-----w c:\program files\Common Files\LogiShrd 2009-04-16 20:07 . 2009-04-16 20:07 -------- d-----w c:\documents and settings\All Users\Application Data\Logitech 2009-04-16 20:07 . 2009-04-17 22:09 -------- d-----w c:\program files\Logitech 2009-04-16 18:46 . 2009-04-16 18:46 -------- d-----w c:\documents and settings\Edyta\Local Settings\Application Data\Microsoft Help 2009-04-16 18:43 . 2009-04-16 18:43 -------- d-----w c:\documents and settings\Edyta\Application Data\DAEMON Tools 2009-04-16 18:43 . 2009-04-16 18:45 -------- d-----w c:\documents and settings\Edyta\Application Data\DAEMON Tools Lite 2009-04-16 18:43 . 2009-04-16 18:43 -------- d-----w c:\documents and settings\Edyta\Application Data\DAEMON Tools Pro 2009-04-16 18:41 . 2009-04-17 13:09 -------- d-----w c:\documents and settings\Edyta\Application Data\Nero 2009-04-16 18:33 . 1997-05-06 04:24 447488 ----a-w c:\windows\system32\HEIDI3.DLL 2009-04-16 18:33 . 1997-05-06 04:26 721168 ----a-w c:\windows\system32\VB40032.DLL 2009-04-16 18:33 . 1997-05-06 04:15 7680 ----a-w c:\windows\system32\ADRESC.DLL 2009-04-16 18:33 . 1997-05-06 04:24 42496 ----a-w c:\windows\system32\MTSTACK.EXE 2009-04-16 18:33 . 1997-05-06 04:15 267264 ----a-w c:\windows\system32\ACADFICN.DLL 2009-04-16 18:33 . 1997-05-06 04:15 76800 ----a-w c:\windows\system32\REGACAD.DLL 2009-04-16 18:33 . 2009-04-18 13:30 -------- d-----w c:\program files\AutoCAD R14 2009-04-16 16:21 . 2008-05-03 11:55 2560 ------w c:\windows\system32\xpsp4res.dll 2009-04-15 20:28 . 2009-04-15 20:28 200192 ----a-w c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat 2009-04-15 18:30 . 2002-03-01 09:28 109840 ----a-w c:\windows\system32\drivers\hpbf242f.dll 2009-04-15 18:30 . 2002-03-01 09:26 1417488 ----a-w c:\windows\system32\drivers\hpbf242g.dll 2009-04-15 18:30 . 2002-03-01 09:27 1096464 ----a-w c:\windows\system32\drivers\hpbf242h.dll 2009-04-15 18:30 . 2001-05-04 02:31 45056 ----a-w c:\windows\system32\drivers\hpbafd32.dll 2009-04-15 18:30 . 2002-03-01 09:27 8464 ----a-w c:\windows\system32\drivers\hpbf242e.dll 2009-04-15 18:30 . 2002-03-01 09:30 290576 ----a-w c:\windows\system32\drivers\hpbf242j.dll 2009-04-15 18:30 . 2002-03-01 09:25 460800 ----a-w c:\windows\system32\drivers\hpbf242k.dll 2009-04-15 18:30 . 2000-03-13 00:58 99840 ----a-w c:\windows\system32\drivers\hpbftm32.dll 2009-04-15 18:30 . 2001-03-14 07:08 58880 ----a-w c:\windows\system32\drivers\hpdcmon.dll 2009-04-15 18:30 . 2002-03-01 09:29 351504 ----a-w c:\windows\system32\drivers\hpbf242i.dll 2009-04-15 18:28 . 2009-04-15 18:28 -------- d-----w c:\documents and settings\Edyta\Local Settings\Application Data\Help 2009-04-15 18:28 . 2009-04-15 18:28 -------- d-----w C:\lj525 2009-04-15 18:20 . 1997-01-22 13:23 299520 ----a-w c:\windows\uninst.exe 2009-04-15 18:20 . 2009-04-15 18:20 -------- d-----w c:\documents and settings\Edyta\WINDOWS 2009-04-15 18:15 . 2008-04-13 18:47 25856 ----a-w c:\windows\system32\drivers\usbprint.sys 2009-04-15 18:13 . 1993-07-22 21:00 210944 ------w c:\windows\system32\Msvcrt10.dll 2009-04-15 18:13 . 2001-03-15 03:18 65536 ------w c:\windows\system32\adistres.dll 2009-04-15 18:13 . 2001-03-15 03:18 20584 ------w c:\windows\system32\PdfPorts.dll 2009-04-15 18:13 . 2001-03-15 02:55 101200 ------w c:\windows\system32\pdfshell.dll 2009-04-15 18:13 . 2009-04-17 22:25 -------- d-----w c:\windows\system32\Adobe 2009-04-15 18:12 . 2009-04-15 18:12 -------- d-----w c:\documents and settings\Edyta\Application Data\InterTrust 2009-04-15 18:11 . 1998-10-29 12:45 306688 ----a-w c:\windows\IsUninst.exe 2009-04-15 14:28 . 2009-04-15 14:28 -------- d-----w c:\documents and settings\Edyta\Local Settings\Application Data\Apple Computer 2009-04-15 14:27 . 2009-04-15 14:27 -------- d-----w c:\documents and settings\Edyta\Application Data\Quark 2009-04-15 11:54 . 2009-04-15 11:54 -------- d-----w c:\documents and settings\Edyta\Local Settings\Application Data\Adobe 2009-04-14 21:19 . 2009-04-14 21:19 -------- d-----w c:\documents and settings\Marcin\Local Settings\Application Data\Identities 2009-04-14 20:56 . 2009-04-14 20:56 -------- d-----w c:\documents and settings\Edyta\Local Settings\Application Data\ACDSee 2009-04-14 20:56 . 2009-04-14 20:56 -------- d-----w c:\documents and settings\Edyta\Application Data\ACD Systems 2009-04-14 18:44 . 2006-10-26 17:56 32592 ----a-w c:\windows\system32\msonpmon.dll 2009-04-14 18:43 . 2009-04-16 18:51 -------- d-----w c:\program files\Microsoft Works 2009-04-14 18:42 . 2009-04-14 18:42 -------- d-----w c:\program files\Microsoft.NET 2009-04-14 18:40 . 2009-04-16 19:39 -------- d--h--w c:\windows\ShellNew 2009-04-14 18:40 . 2009-04-14 18:40 -------- d--h--r C:\MSOCache 2009-04-14 18:36 . 2009-04-14 18:36 -------- d-----w c:\documents and settings\Marcin\Application Data\DAEMON Tools 2009-04-14 18:36 . 2009-04-14 18:36 -------- d-----w c:\documents and settings\Marcin\Application Data\DAEMON Tools Pro 2009-04-14 18:35 . 2009-04-14 18:35 -------- d-----w c:\documents and settings\All Users\Application Data\DAEMON Tools Lite 2009-04-14 18:35 . 2009-04-14 18:35 -------- d-----w c:\program files\DAEMON Tools Lite 2009-04-14 18:29 . 2009-04-14 18:29 717296 ----a-w c:\windows\system32\drivers\sptd.sys 2009-04-14 18:29 . 2009-04-14 18:37 -------- d-----w c:\documents and settings\Marcin\Application Data\DAEMON Tools Lite 2009-04-14 13:39 . 2009-04-14 13:39 -------- d-----w c:\documents and settings\Edyta\Local Settings\Application Data\Autodesk 2009-04-14 13:39 . 2009-04-14 13:39 -------- d-----w c:\documents and settings\Edyta\Application Data\Autodesk 2009-04-14 09:04 . 2009-04-17 08:45 98872 ----a-w c:\documents and settings\Edyta\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2009-04-13 21:41 . 2009-04-13 21:41 -------- d-----w c:\documents and settings\Marcin\Application Data\Uniblue 2009-04-13 21:04 . 2009-04-13 21:04 -------- d-----w c:\documents and settings\Marcin\Local Settings\Application Data\PCHealth 2009-04-13 20:43 . 2009-04-13 20:43 -------- d-----w c:\documents and settings\Marcin\Local Settings\Application Data\Microsoft Help 2009-04-13 20:43 . 2009-04-17 21:52 -------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-04-28 19:13 . 2002-08-29 12:00 67 --sha-w c:\windows\Fonts\desktop.ini 2009-04-28 19:10 . 2009-04-12 11:06 22720 ----a-w c:\windows\system32\emptyregdb.dat 2009-04-27 06:58 . 2009-04-25 08:14 1378384 ----a-w c:\windows\Internet Logs\tvDebug.Zip 2009-04-19 10:52 . 2009-04-19 10:52 98872 ----a-w c:\documents and settings\Maya Nela\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2009-04-18 12:50 . 2009-04-12 16:11 6384 ----a-w c:\windows\system32\drivers\sthdae.log 2009-04-18 09:51 . 2009-04-12 11:27 -------- d-----w c:\documents and settings\Marcin\Application Data\SUPERAntiSpyware.com 2009-04-18 09:51 . 2009-04-12 11:27 -------- d-----w c:\program files\SUPERAntiSpyware 2009-04-12 21:14 . 2009-04-12 21:14 -------- d-----w c:\program files\DivX 2009-04-12 21:14 . 2009-04-12 21:14 -------- d-----w c:\program files\Common Files\DivX Shared 2009-04-12 15:34 . 2009-04-12 11:08 86327 ----a-w c:\windows\PCHealth\HelpCtr\OfflineCache\index.dat 2009-04-12 14:57 . 2009-04-12 14:57 2678 ----a-w c:\windows\java\Packages\Data\2JV5VVZV.DAT 2009-04-12 14:57 . 2009-04-12 14:57 2678 ----a-w c:\windows\java\Packages\Data\OX35ZP39.DAT 2009-04-12 14:57 . 2009-04-12 14:57 2678 ----a-w c:\windows\java\Packages\Data\UNHN1NXB.DAT 2009-04-12 14:57 . 2009-04-12 14:57 2678 ----a-w c:\windows\java\Packages\Data\PVVPFP7T.DAT 2009-04-12 14:57 . 2009-04-12 14:57 2678 ----a-w c:\windows\java\Packages\Data\OJDJ7FNZ.DAT 2009-04-12 11:27 . 2009-04-12 11:27 -------- d-----w c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com 2009-04-12 11:09 . 2009-04-12 11:09 -------- d-----w c:\program files\microsoft frontpage 2009-04-12 11:08 . 2009-04-12 11:08 558142 ----a-w c:\windows\java\Packages\7HBD3B7F.ZIP 2009-04-12 11:08 . 2009-04-12 11:08 155995 ----a-w c:\windows\java\Packages\G4OFPRF5.ZIP 2009-03-24 11:03 . 2009-03-24 11:03 7808 ----a-w c:\windows\system32\drivers\psi_mf.sys 2009-03-06 11:54 . 2009-03-06 11:54 180224 ----a-w c:\windows\system32\Ncs2Setp.dll 2009-03-04 13:42 . 2009-03-04 13:42 760368 ----a-w c:\windows\system32\ncs2dmix.dll 2009-03-04 13:41 . 2009-03-04 13:41 530992 ----a-w c:\windows\system32\accesor.dll 2009-03-04 13:26 . 2009-03-04 13:26 141872 ----a-w c:\windows\system32\ncs2instutility.dll 2009-03-04 13:17 . 2009-03-04 13:17 1522224 ----a-w c:\windows\system32\ncscolib.dll 2009-02-24 19:35 . 2009-04-12 21:14 9464 ------w c:\windows\system32\drivers\cdralw2k.sys 2009-02-24 19:35 . 2009-04-12 21:14 9336 ------w c:\windows\system32\drivers\cdr4_xp.sys 2009-02-24 19:35 . 2009-04-12 21:14 43528 ------w c:\windows\system32\drivers\PxHelp20.sys 2009-02-24 19:35 . 2009-04-12 21:14 129784 ------w c:\windows\system32\pxafs.dll 2009-02-24 19:35 . 2009-04-12 21:14 120056 ------w c:\windows\system32\pxcpyi64.exe 2009-02-24 19:35 . 2009-04-12 21:14 118520 ------w c:\windows\system32\pxinsi64.exe 2009-02-24 19:34 . 2009-02-24 19:34 90112 ----a-w c:\windows\system32\dpl100.dll 2009-02-24 19:34 . 2009-02-24 19:34 823296 ----a-w c:\windows\system32\divx_xx0c.dll 2009-02-24 19:34 . 2009-02-24 19:34 823296 ----a-w c:\windows\system32\divx_xx07.dll 2009-02-24 19:34 . 2009-02-24 19:34 815104 ----a-w c:\windows\system32\divx_xx0a.dll 2009-02-24 19:34 . 2009-02-24 19:34 802816 ----a-w c:\windows\system32\divx_xx11.dll . (((((((((((((((((((((((((((((((((((((((((((( Look ))))))))))))))))))))))))))))))))))))))))))))))))))))))))) . ---- Directory of c:\documents and settings\Edyta\WINDOWS ---- ---- Directory of C:\lj525 ---- 2009-04-15 18:28 . 2009-04-15 18:29 8628 ---ha-w c:\lj525\win2000_xp\hpbf242i.GID 2003-03-13 15:19 . 2003-03-13 15:19 1911 -c--a-w c:\lj525\win9x_me\HP2420p6.inf 2003-03-13 14:37 . 2003-03-13 14:37 63196 -c--a-w c:\lj525\win9x_me\HPBF2420.PMD 2003-02-20 09:39 . 2003-02-20 09:39 40960 -c--a-w c:\lj525\win9x_me\UPWININI.DLL 2003-02-20 08:38 . 2003-02-20 08:38 32768 ----a-w c:\lj525\win9x_me\HP5000_6.exe 2002-03-22 05:39 . 2002-03-22 05:39 1638 -c--a-w c:\lj525\winnt40\HP2424p6.inf 2002-03-21 09:58 . 2002-03-21 09:58 293648 -c--a-w c:\lj525\winnt40\hpbf2425.dll 2002-03-21 09:57 . 2002-03-21 09:57 355088 -c--a-w c:\lj525\winnt40\hpbf2424.dll 2002-03-21 09:54 . 2002-03-21 09:54 111376 -c--a-w c:\lj525\winnt40\hpbf2421.dll 2002-03-21 09:54 . 2002-03-21 09:54 1099536 -c--a-w c:\lj525\winnt40\hpbf2423.dll 2002-03-21 09:53 . 2002-03-21 09:53 12048 -c--a-w c:\lj525\winnt40\hpbf2420.dll 2002-03-21 09:52 . 2002-03-21 09:52 1323792 -c--a-w c:\lj525\winnt40\hpbf2422.dll 2002-03-21 09:52 . 2002-03-21 09:52 460800 -c--a-w c:\lj525\winnt40\hpbf2426.dll 2002-03-21 09:51 . 2002-03-21 09:51 77369 -c--a-w c:\lj525\winnt40\hpbf2424.pmd 2002-03-18 06:19 . 2002-03-18 06:19 12073 ----a-w c:\lj525\win2000_xp\hp242ip6.cat 2002-03-01 09:30 . 2002-03-01 09:30 290576 ----a-w c:\lj525\win2000_xp\hpbf242j.dll 2002-03-01 09:29 . 2002-03-01 09:29 351504 ----a-w c:\lj525\win2000_xp\hpbf242i.dll 2002-03-01 09:28 . 2002-03-01 09:28 109840 -c--a-w c:\lj525\win2000_xp\hpbf242f.dll 2002-03-01 09:27 . 2002-03-01 09:27 1096464 ----a-w c:\lj525\win2000_xp\hpbf242h.dll 2002-03-01 09:27 . 2002-03-01 09:27 8464 -c--a-w c:\lj525\win2000_xp\hpbf242e.dll 2002-03-01 09:26 . 2002-03-01 09:26 1417488 ----a-w c:\lj525\win2000_xp\hpbf242g.dll 2002-03-01 09:25 . 2002-03-01 09:25 460800 ----a-w c:\lj525\win2000_xp\hpbf242k.dll 2002-03-01 09:25 . 2002-03-01 09:25 77369 -c--a-w c:\lj525\win2000_xp\hpbf242i.pmd 2002-02-28 02:05 . 2002-02-28 02:05 1698 -c--a-w c:\lj525\win2000_xp\hp242ip6.inf 2001-07-19 06:50 . 2001-07-19 06:50 17108 -c--a-w c:\lj525\win9x_me\HP2420p6.cat 2001-05-05 17:31 . 2001-05-05 17:31 325120 -c--a-w c:\lj525\win9x_me\HPBF2421.DLL 2001-05-05 17:31 . 2001-05-05 17:31 2369536 -c--a-w c:\lj525\win9x_me\HPBF2420.DRV 2001-05-04 10:20 . 2001-05-04 10:20 12176 -c--a-w c:\lj525\win9x_me\HPBAFD16.DLL 2001-05-04 02:31 . 2001-05-04 02:31 45056 -c--a-w c:\lj525\win2000_xp\hpbafd32.dll 2001-05-04 02:31 . 2001-05-04 02:31 45056 -c--a-w c:\lj525\winnt40\hpbafd32.dll 2001-03-30 12:26 . 2001-03-30 12:26 1200 -c--a-w c:\lj525\win9x_me\HPBFTM16.DLL 2001-03-30 12:26 . 2001-03-30 12:26 99840 -c--a-w c:\lj525\win9x_me\HPBFTM32.DLL 2001-03-30 12:21 . 2001-03-30 12:21 58368 -c--a-w c:\lj525\win9x_me\hpdcmon.dll 2001-03-30 12:21 . 2001-03-30 12:21 48544 -c--a-w c:\lj525\win9x_me\HPBF2420.HLP 2001-03-30 12:18 . 2001-03-30 12:18 1392 -c--a-w c:\lj525\win9x_me\HPBFAB16.DLL 2001-03-30 12:18 . 2001-03-30 12:18 19968 -c--a-w c:\lj525\win9x_me\HPBFAB32.DLL 2001-03-30 12:18 . 2001-03-30 12:18 38400 -c--a-w c:\lj525\win9x_me\HPBFAB.DDU 2001-03-14 07:08 . 2001-03-14 07:08 58880 -c--a-w c:\lj525\win2000_xp\hpdcmon.dll 2001-03-14 07:08 . 2001-03-14 07:08 58880 -c--a-w c:\lj525\winnt40\hpdcmon.dll 2000-11-13 07:20 . 2000-11-13 07:20 48544 ----a-w c:\lj525\win2000_xp\hpbf242i.hlp 2000-11-13 07:20 . 2000-11-13 07:20 48544 -c--a-w c:\lj525\winnt40\hpbf2424.hlp 2000-03-13 00:58 . 2000-03-13 00:58 99840 -c--a-w c:\lj525\win2000_xp\hpbftm32.dll 2000-03-13 00:58 . 2000-03-13 00:58 99840 -c--a-w c:\lj525\winnt40\hpbftm32.dll 1996-10-07 14:53 . 1996-10-07 14:53 6020 -c--a-w c:\lj525\win9x_me\HPLicen.txt ((((((((((((((((((((((((((((( SnapShot@2009-05-01_15.06.48 ))))))))))))))))))))))))))))))))))))))))) . + 2009-05-01 16:36 . 2009-05-01 16:36 16384 c:\windows\Temp\Perflib_Perfdata_438.dat + 2009-04-12 14:21 . 2008-10-16 12:08 34328 c:\windows\system32\wups.dll + 2009-04-12 14:21 . 2008-10-16 12:08 34328 c:\windows\system32\dllcache\wups.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-01-05 413696] "LogitechCommunicationsManager"="c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2008-08-14 565008] "LogitechQuickCamRibbon"="c:\program files\Logitech\QuickCam\Quickcam.exe" [2008-08-14 2407184] "ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2009-05-01 981384] "DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2006-06-13 127036] "SigmatelSysTrayApp"="stsystra.exe" - c:\windows\stsystra.exe [2005-03-22 339968] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360] c:\documents and settings\Marcin\Start Menu\Programs\Startup\ Secunia PSI.lnk - c:\program files\Secunia\PSI\psi.exe [2009-3-24 748840] Tworzenie wycink¢w ekranu i uruchamianie programu OneNote 2007.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2007-12-7 101440] c:\documents and settings\All Users\Start Menu\Programs\Startup\ Acrobat Assistant.lnk - c:\program files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe [2009-4-15 49254] Logitech Desktop Messenger.lnk - c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2009-4-16 66864] [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\eMule0.49c\\emule.exe"= "c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"= "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "25:TCP"= 25:TCP:File and Printer Sharing "7254:TCP"= 7254:TCP:uxul "5443:TCP"= 5443:TCP:uxul "5242:TCP"= 5242:TCP:uxul S3 PSI;PSI;c:\windows\system32\DRIVERS\psi_mf.sys [2009-03-24 7808] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{236903ee-275e-11de-b5ba-806d6172696f}] \Shell\AutoRun\command - F:\setup.exe . Contents of the 'Scheduled Tasks' folder 2009-04-24 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.ch/ IE: E&ksportuj do programu Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000 Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab . ************************************************************************ catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-05-01 18:37 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ********************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(684) c:\windows\system32\Ati2evxx.dll - - - - - - - > 'explorer.exe'(6816) c:\windows\TEMP\logishrd\LVPrcInj01.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . ------------------------ Other Running Processes ------------------------ . c:\program files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe c:\program files\Common Files\Nero\Nero BackItUp 4\NBService.exe c:\windows\system32\tcpsvcs.exe c:\windows\system32\snmp.exe c:\program files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe c:\windows\system32\wscntfy.exe c:\program files\Common Files\LogiShrd\LQCVFX\COCIManager.exe . ************************************************************************ . Completion time: 2009-05-01 18:39 - machine was rebooted ComboFix-quarantined-files.txt 2009-05-01 16:39 ComboFix2.txt 2009-05-01 15:08 Pre-Run: 198062845952 bytes free Post-Run: 198092996608 bytes free 335 --- E O F --- 2009-04-16 19:00 -------------------------------------------------------------------------------- KASPERSKY ONLINE SCANNER 7.0 REPORT Friday, May 1, 2009 Operating System: Microsoft Windows XP Professional Service Pack 3 (build 2600) Kaspersky Online Scanner version: 7.0.26.13 Program database last update: Friday, May 01, 2009 14:52:27 Records in database: 2117868 -------------------------------------------------------------------------------- Scan settings: Scan using the following database: extended Scan archives: yes Scan mail databases: yes Scan area - My Computer: C:\ D:\ E:\ Scan statistics: Files scanned: 44571 Threat name: 5 Infected objects: 166 Suspicious objects: 0 Duration of the scan: 00:58:14 File name / Threat name / Threats count C:\Program Files\eMule0.49c\Incoming\MessageSave 4.0.2.234\install_patch.exe Infected: Trojan-Downloader.Win32.Bagle.ary 1 C:\Program Files\eMule0.49c\Incoming\MessageSave for Microsoft Outlook 3.1\crac.exe Infected: Trojan-Downloader.Win32.Bagle.asb 1 C:\Qoobox\Quarantine\C\Documents and Settings\Marcin\Application Data\drivers\downld\11338921.exe.vir Infected: Email-Worm.Win32.Bagle.of 1 C:\Qoobox\Quarantine\C\Documents and Settings\Marcin\Application Data\drivers\downld\11450859.exe.vir Infected: Email-Worm.Win32.Bagle.of 1 C:\Qoobox\Quarantine\C\Documents and Settings\Marcin\Application Data\drivers\downld\11862796.exe.vir Infected: Email-Worm.Win32.Bagle.of 1 C:\Qoobox\Quarantine\C\Documents and Settings\Marcin\Application Data\drivers\downld\174171.exe.vir Infected: Email-Worm.Win32.Bagle.of 1 C:\Qoobox\Quarantine\C\Documents and Settings\Marcin\Application Data\drivers\downld\217312.exe.vir Infected: Email-Worm.Win32.Bagle.of 1 C:\Qoobox\Quarantine\C\Documents and Settings\Marcin\Application Data\drivers\downld\352531.exe.vir Infected: Email-Worm.Win32.Bagle.of 1 C:\Qoobox\Quarantine\C\Documents and Settings\Marcin\Application Data\drivers\downld\387671.exe.vir Infected: Email-Worm.Win32.Bagle.of 1 C:\Qoobox\Quarantine\C\Documents and Settings\Marcin\Application Data\drivers\downld\661796.exe.vir Infected: Email-Worm.Win32.Bagle.of 1 C:\Qoobox\Quarantine\C\Documents and Settings\Marcin\Application Data\drivers\winupgro.exe.vir Infected: Trojan-Downloader.Win32.Bagle.ary 1 C:\Qoobox\Quarantine\C\Documents and Settings\Marcin\Application Data\drivers\_wfsintwq_.sys.zip Infected: Trojan-Downloader.Win32.Bagle.arw 1 C:\Qoobox\Quarantine\C\Documents and Settings\Marcin\Application Data\m\data.oct.vir Infected: Trojan-Downloader.Win32.Bagle.asg 1 C:\Qoobox\Quarantine\C\Documents and Settings\Marcin\Application Data\m\flec006.exe.vir Infected: Email-Worm.Win32.Bagle.of 1 C:\Qoobox\Quarantine\C\Documents and Settings\Marcin\Application Data\m\shared\#1 Bulk PageRank Checker 1.10.zip.vir Infected: Trojan-Downloader.Win32.Bagle.asg 1 C:\Qoobox\Quarantine\C\Documents and Settings\Marcin\Application Data\m\shared\Abcc All Media Converter Platinum 4.3.zip.vir Infected: Trojan-Downloader.Win32.Bagle.asg 1 C:\Qoobox\Quarantine\C\Documents and Settings\Marcin\Application Data\m\shared\Able2Doc - PDF to Word Conversion 3.0 (Key).zip.vir Infected: Trojan-Downloader.Win32.Bagle.asg 1 C:\Qoobox\Quarantine\C\Documents and Settings\Marcin\Application Data\m\shared\Aevita Advanced HTML Optimizer 3.3.zip.vir Infected: Trojan-Downloader.Win32.Bagle.asg 1 C:\Qoobox\Quarantine\C\Documents and Settings\Marcin\Application Data\m\shared\Ai Yori Aoshi 1.zip.vir Infected: Trojan-Downloader.Win32.Bagle.asg 1 C:\Qoobox\Quarantine\C\Documents and Settings\Marcin\Application Data\m\shared\Anne Hathaway Screensaver2.zip.vir Infected: Trojan-Downloader.Win32.Bagle.asg 1 C:\Qoobox\Quarantine\C\Documents and Settings\Marcin\Application Data\m\shared\Antechinus JavaScript Editor Standard 6.0.zip.vir Infected: Trojan-Downloader.Win32.Bagle.asg 1 C:\Qoobox\Quarantine\C\Documents and Settings\Marcin\Application Data\m\shared\Apollo Audio DVD Creator 1.2.29.zip.vir Infected: Trojan-Downloader.Win32.Bagle.asg 1 C:\Qoobox\Quarantine\C\Documents and Settings\Marcin\Application Data\m\shared\Argente - Process Manager 1.3.0.1.zip.vir Infected: Trojan-Downloader.Win32.Bagle.asg 1 C:\Qoobox\Quarantine\C\Documents and Settings\Marcin\Application Data\m\shared\Armobiles 1.0.zip.vir Infected: Trojan-Downloader.Win32.Bagle.asg 1 C:\Qoobox\Quarantine\C\Documents and Settings\Marcin\Application Data\m\shared\Aros Magic Checkers 1.5.zip.vir Infected: Trojan-Downloader.Win32.Bagle.asg 1 C:\Qoobox\Quarantine\C\Documents and Settings\Marcin\Application Data\m\shared\AVTJet Video Studio 2.0.8.zip.vir Infected: Trojan-Downloader.Win32.Bagle.asg 1 C:\Qoobox\Quarantine\C\Documents and Settings\Marcin\Application Data\m\shared\B3 2.993 Beta.zip.vir Infected: Trojan-Downloader.Win32.Bagle.asg 1 C:\Qoobox\Quarantine\C\Documents and Settings\Marcin\Application Data\m\shared\BatMan Widget 3.1.4.zip.vir Infected: Trojan-Downloader.Win32.Bagle.asg 1 C:\Qoobox\Quarantine\C\Documents and Settings\Marcin\Application Data\m\shared\Battlefield 1942 - ADCAP Destroyer mod.zip.vir Infected: Trojan-Downloader.Win32.Bagle.asg 1 C:\Qoobox\Quarantine\C\Documents and Settings\Marcin\Application Data\m\shared\Birthday Bios 4.3.0 Crack.zip.vir Infected: Trojan-Downloader.Win32.Bagle.asg 1 C:\Qoobox\Quarantine\C\Documents and Settings\Marcin\Application Data\m\shared\Boyer-Moore Search Implementation 1.12.zip.vir Infected: Trojan-Downloader.Win32.Bagle.asg 1 C:\Qoobox\Quarantine\C\Documents and Settings\Marcin\Application Data\m\shared\Business Restructuring Expert 1.7 Key+Serial.zip.vir Infected: Trojan-Downloader.Win32.Bagle.asg 1 C:\Qoobox\Quarantine\C\Documents and Settings\Marcin\Application Data\m\shared\CA Anti-Spam 5.0.416.zip.vir Infected: Trojan-Downloader.Win32.Bagle.asg 1 C:\Qoobox\Quarantine\C\Documents and Settings\Marcin\Application Data\m\shared\Christmas Screensaver 3.0.zip.vir Infected: Trojan-Downloader.Win32.Bagle.asg 1 C:\Qoobox\Quarantine\C\Documents and Settings\Marcin\Application Data\m\shared\CloseMany 2.3.zip.vir Infected: Trojan-Downloader.Win32.Bagle.asg 1 C:\Qoobox\Quarantine\C\Documents and Settings\Marcin\Application Data\m\shared\CoffeeCup WebCam 3.5.zip.vir Infected: Trojan-Downloader.Win32.Bagle.asg 1 C:\Qoobox\Quarantine\C\Documents and Settings\Marcin\Application Data\m\shared\CRD Subscription 6.1.zip.vir Infected: Trojan-Downloader.Win32.Bagle.asg 1 C:\Qoobox\Quarantine\C\Documents and Settings\Marcin\Application Data\m\shared\CrossVC XXL 2.0.zip.vir Infected: Trojan-Downloader.Win32.Bagle.asg 1 C:\Qoobox\Quarantine\C\Documents and Settings\Marcin\Application Data\m\shared\Crystal REVS for C 2.75.zip.vir Infected: Trojan-Downloader.Win32.Bagle.asg 1 C:\Qoobox\Quarantine\C\Documents and Settings\Marcin\Application Data\m\shared\Cue Club.zip.vir Infected: Trojan-Downloader.Win32.Bagle.asg 1 C:\Qoobox\Quarantine\C\Documents and Settings\Marcin\Application Data\m\shared\Curtain 1.zip.vir Infected: Trojan-Downloader.Win32.Bagle.asg 1 C:\Qoobox\Quarantine\C\Documents and Settings\Marcin\Application Data\m\shared\Data Master 2003 11.8.0.305 Beta.zip.vir Infected: Trojan-Downloader.Win32.Bagle.asg 1 C:\Qoobox\Quarantine\C\Documents and Settings\Marcin\Application Data\m\shared\DataConversionTools.com CSVtoSQL Converter 1.01 [Key].zip.vir Infected: Trojan-Downloader.Win32.Bagle.asg 1 C:\Qoobox\Quarantine\C\Documents and Settings\Marcin\Application Data\m\shared\Developer Spell Check Engine 4.0.0.zip.vir Infected: Trojan-Downloader.Win32.Bagle.asg 1 C:\Qoobox\Quarantine\C\Documents and Settings\Marcin\Application Data\m\shared\Digital Vault 2.1.5.0 (KeyGen).zip.vir Infected: Trojan-Downloader.Win32.Bagle.asg 1 C:\Qoobox\Quarantine\C\Documents and Settings\Marcin\Application Data\m\shared\DiskView 3.6.zip.vir Infected: Trojan-Downloader.Win32.Bagle.asg 1 C:\Qoobox\Quarantine\C\Documents and Settings\Marcin\Application Data\m\shared\DriveHQ FileManager with FTP Hosting 4.0.269.zip.vir Infected: Trojan-Downloader.Win32.Bagle.asg 1 C:\Qoobox\Quarantine\C\Documents and Settings\Marcin\Application Data\m\shared\Drugstore.com Explorer 1.0.zip.vir Infected: Trojan-Downloader.Win32.Bagle.asg 1 C:\Qoobox\Quarantine\C\Documents and Settings\Marcin\Application Data\m\shared\Easy AuctionTools 5.36.zip.vir Infected: Trojan-Downloader.Win32.Bagle.asg 1 C:\Qoobox\Quarantine\C\Documents and Settings\Marcin\Application Data\m\shared\Easy HTML Construction Kit 9.21.zip.vir Infected: Trojan-Downloader.Win32.Bagle.asg 1 C:\Qoobox\Quarantine\C\Documents and Settings\Marcin\Application Data\m\shared\Easy Russian Dialogs 3.11 [Key+Serial].zip.vir Infected: Trojan-Downloader.Win32.Bagle.asg 1 C:\Qoobox\Quarantine\C\Documents and Settings\Marcin\Application Data\m\shared\Egyptian Portraits by Winifred Brunton 1.0.zip.vir Infected: Trojan-Downloader.Win32.Bagle.asg 1 C:\Qoobox\Quarantine\C\Documents and Settings\Marcin\Application Data\m\shared\eRanch 1.0.zip.vir Infected: Trojan-Downloader.Win32.Bagle.asg 1 C:\Qoobox\Quarantine\C\Documents and Settings\Marcin\Application Data\m\shared\ErgoAssist.zip.vir Infected: Trojan-Downloader.Win32.Bagle.asg 1 C:\Qoobox\Quarantine\C\Documents and Settings\Marcin\Application Data\m\shared\Family Tree-Printery 3.0.zip.vir Infected: Trojan-Downloader.Win32.Bagle.asg 1 C:\Qoobox\Quarantine\C\Documents and Settings\Marcin\Application Data\m\shared\FastOpen XP Gold 3.0.zip.vir Infected: Trojan-Downloader.Win32.Bagle.asg 1 C:\Qoobox\Quarantine\C\Documents and Settings\Marcin\Application Data\m\shared\FCOPY 1.12 Crack.zip.vir Infected: Trojan-Downloader.Win32.Bagle.asg 1 C:\Qoobox\Quarantine\C\Documents and Settings\Marcin\Application Data\m\shared\File Maven Pro 2.21 Patch.zip.vir Infected: Trojan-Downloader.Win32.Bagle.asg 1 C:\Qoobox\Quarantine\C\Documents and Settings\Marcin\Application Data\m\shared\File Maven Pro 2.21.zip.vir Infected: Trojan-Downloader.Win32.Bagle.asg 1 C:\Qoobox\Quarantine\C\Documents and Settings\Marcin\Application Data\m\shared\File Tracker 1.0 Crack.zip.vir Infected: Trojan-Downloader.Win32.Bagle.asg 1 C:\Qoobox\Quarantine\C\Documents and Settings\Marcin\Application Data\m\shared\Fleet Maintenance Pro Standard 10.0.1.19.zip.vir Infected: Trojan-Downloader.Win32.Bagle.asg 1 C:\Qoobox\Quarantine\C\Documents and Settings\Marcin\Application Data\m\shared\Fontographer 4.73.zip.vir Infected: Trojan-Downloader.Win32.Bagle.asg 1 C:\Qoobox\Quarantine\C\Documents and Settings\Marcin\Application Data\m\shared\FRS Score Collector 1.0.3.zip.vir Infected: Trojan-Downloader.Win32.Bagle.asg 1 C:\Qoobox\Quarantine\C\Documents and Settings\Marcin\Application Data\m\shared\Full Convert Enterprise 2.17.zip.vir Infected: Trojan-Downloader.Win32.Bagle.asg 1 C:\Qoobox\Quarantine\C\Documents and Settings\Marcin\Application Data\m\shared\GTI Mortsel in 3D photo 2.0.zip.vir Infected: Trojan-Downloader.Win32.Bagle.asg 1 C:\Qoobox\Quarantine\C\Documents and Settings\Marcin\Application Data\m\shared\Herbal Remedies 1.5.zip.vir Infected: Trojan-Downloader.Win32.Bagle.asg 1 C:\Qoobox\Quarantine\C\Documents and Settings\Marcin\Application Data\m\shared\HighVIP Protected Email 2.7.0.zip.vir Infected: Trojan-Downloader.Win32.Bagle.asg 1 C:\Qoobox\Quarantine\C\Documents and Settings\Marcin\Application Data\m\shared\HTML LZW Pro 2.5.0415.zip.vir Infected: Trojan-Downloader.Win32.Bagle.asg 1 C:\Qoobox\Quarantine\C\Documents and Settings\Marcin\Application Data\m\shared\Icon Extractor 1.0.0.5.zip.vir Infected: Trojan-Downloader.Win32.Bagle.asg 1 C:\Qoobox\Quarantine\C\Documents and Settings\Marcin\Application Data\m\shared\ID AntiPhishing 1.2.zip.vir Infected: Trojan-Downloader.Win32.Bagle.asg 1 C:\Qoobox\Quarantine\C\Documents and Settings\Marcin\Application Data\m\shared\Image Suit 4.0.1.zip.vir Infected: Trojan-Downloader.Win32.Bagle.asg 1 C:\Qoobox\Quarantine\C\Documents and Settings\Marcin\Application Data\m\shared\Instant Team Spring 2006 Edition 1.5.zip.vir Infected: Trojan-Downloader.Win32.Bagle.asg 1 C:\Qoobox\Quarantine\C\Documents and Settings\Marcin\Application Data\m\shared\IntelliAdmin LAN Edition 2.5.zip.vir Infected: Trojan-Downloader.Win32.Bagle.asg 1 C:\Qoobox\Quarantine\C\Documents and Settings\Marcin\Application Data\m\shared\IP Wizard Toolpack 3.0.3.zip.vir Infected: Trojan-Downloader.Win32.Bagle.asg 1 C:\Qoobox\Quarantine\C\Documents and Settings\Marcin\Application Data\m\shared\JPhotoViewer 1.1 (Key+Serial).zip.vir Infected: Trojan-Downloader.Win32.Bagle.asg 1 C:\Qoobox\Quarantine\C\Documents and Settings\Marcin\Application Data\m\shared\LEARNit Spanish Verb Tutor 1.1.zip.vir Infected: Trojan-Downloader.Win32.Bagle.asg 1 C:\Qoobox\Quarantine\C\Documents and Settings\Marcin\Application Data\m\shared\Leonardo EDA 0.01.zip.vir Infected: Trojan-Downloader.Win32.Bagle.asg 1 C:\Qoobox\Quarantine\C\Documents and Settings\Marcin\Application Data\m\shared\Magic Audio Editor Pro 10.3.11 [Crack].zip.vir Infected: Trojan-Downloader.Win32.Bagle.asg 1 C:\Qoobox\Quarantine\C\Documents and Settings\Marcin\Application Data\m\shared\Micro Menu 2.1.zip.vir Infected: Trojan-Downloader.Win32.Bagle.asg 1 C:\Qoobox\Quarantine\C\Documents and Settings\Marcin\Application Data\m\shared\MLA Survival of the Florid 3.0.2.zip.vir Infected: Trojan-Downloader.Win32.Bagle.asg 1 C:\Qoobox\Quarantine\C\Documents and Settings\Marcin\Application Data\m\shared\Movie Magic Screenwriter 2000 4.6.zip.vir Infected: Trojan-Downloader.Win32.Bagle.asg 1 C:\Qoobox\Quarantine\C\Documents and Settings\Marcin\Application Data\m\shared\Multi Project Planner 2.1.zip.vir Infected: Trojan-Downloader.Win32.Bagle.asg 1 C:\Qoobox\Quarantine\C\Documents and Settings\Marcin\Application Data\m\shared\MySQL Delete (Remove) Duplicate Entries Software 7.0 Cracked.zip.vir Infected: Trojan-Downloader.Win32.Bagle.asg 1 C:\Qoobox\Quarantine\C\Documents and Settings\Marcin\Application Data\m\shared\Nectarine Requester 1.0 Beta.zip.vir Infected: Trojan-Downloader.Win32.Bagle.asg 1 C:\Qoobox\Quarantine\C\Documents and Settings\Marcin\Application Data\m\shared\Nod32.Pl+Wpis.do.rejestru.zip.vir Infected: Trojan-Downloader.Win32.Bagle.asg 1 C:\Qoobox\Quarantine\C\Documents and Settings\Marcin\Application Data\m\shared\Nursery Rhymes Studio 1.0.zip.vir Infected: Trojan-Downloader.Win32.Bagle.asg 1 C:\Qoobox\Quarantine\C\Documents and Settings\Marcin\Application Data\m\shared\Opell Video to 3GP Converter 2.1.15.zip.vir Infected: Trojan-Downloader.Win32.Bagle.asg 1 C:\Qoobox\Quarantine\C\Documents and Settings\Marcin\Application Data\m\shared\Outlook Email Extractor 2.0.zip.vir Infected: Trojan-Downloader.Win32.Bagle.asg 1 C:\Qoobox\Quarantine\C\Documents and Settings\Marcin\Application Data\m\shared\Oxygen SMS Plugin for Alchemy Eye 1.1.zip.vir Infected: Trojan-Downloader.Win32.Bagle.asg 1 C:\Qoobox\Quarantine\C\Documents and Settings\Marcin\Application Data\m\shared\ParaWorld single-player demo.zip.vir Infected: Trojan-Downloader.Win32.Bagle.asg 1 C:\Qoobox\Quarantine\C\Documents and Settings\Marcin\Application Data\m\shared\PCSpeeder 3.0.zip.vir Infected: Trojan-Downloader.Win32.Bagle.asg 1 C:\Qoobox\Quarantine\C\Documents and Settings\Marcin\Application Data\m\shared\Perfect Companion 3.8.zip.vir Infected: Trojan-Downloader.Win32.Bagle.asg 1 C:\Qoobox\Quarantine\C\Documents and Settings\Marcin\Application Data\m\shared\Perfect4contact 3.0 [Cracked].zip.vir Infected: Trojan-Downloader.Win32.Bagle.asg 1 C:\Qoobox\Quarantine\C\Documents and Settings\Marcin\Application Data\m\shared\Photo Copier Professional 5.0.zip.vir Infected: Trojan-Downloader.Win32.Bagle.asg 1 C:\Qoobox\Quarantine\C\Documents and Settings\Marcin\Application Data\m\shared\Photo Suit 4.0.zip.vir Infected: Trojan-Downloader.Win32.Bagle.asg 1 C:\Qoobox\Quarantine\C\Documents and Settings\Marcin\Application Data\m\shared\PictureBetter 1.1 [With Crack].zip.vir Infected: Trojan-Downloader.Win32.Bagle.asg 1 C:\Qoobox\Quarantine\C\Documents and Settings\Marcin\Application Data\m\shared\Power Media Converter 1.1.zip.vir Infected: Trojan-Downloader.Win32.Bagle.asg 1 C:\Qoobox\Quarantine\C\Documents and Settings\Marcin\Application Data\m\shared\PowerLotto6 1.12.zip.vir Infected: Trojan-Downloader.Win32.Bagle.asg 1 C:\Qoobox\Quarantine\C\Documents and Settings\Marcin\Application Data\m\shared\PS Text Formatter 1.0.zip.vir Infected: Trojan-Downloader.Win32.Bagle.asg 1 C:\Qoobox\Quarantine\C\Documents and Settings\Marcin\Application Data\m\shared\pwStore 1.0.6.421.zip.vir Infected: Trojan-Downloader.Win32.Bagle.asg 1 C:\Qoobox\Quarantine\C\Documents and Settings\Marcin\Application Data\m\shared\pyFlashCards 0.2.1.zip.vir Infected: Trojan-Downloader.Win32.Bagle.asg 1 C:\Qoobox\Quarantine\C\Documents and Settings\Marcin\Application Data\m\shared\RadEdit 1.1D.zip.vir Infected: Trojan-Downloader.Win32.Bagle.asg 1 C:\Qoobox\Quarantine\C\Documents and Settings\Marcin\Application Data\m\shared\Real Lives 2007 [Key+Serial].zip.vir Infected: Trojan-Downloader.Win32.Bagle.asg 1 C:\Qoobox\Quarantine\C\Documents and Settings\Marcin\Application Data\m\shared\Reportizer 3.2.2.389.zip.vir Infected: Trojan-Downloader.Win32.Bagle.asg 1 C:\Qoobox\Quarantine\C\Documents and Settings\Marcin\Application Data\m\shared\Restoration Manager 1 build 1061.zip.vir Infected: Trojan-Downloader.Win32.Bagle.asg 1 C:\Qoobox\Quarantine\C\Documents and Settings\Marcin\Application Data\m\shared\RGS-AutoShutDown 1.2.0.zip.vir Infected: Trojan-Downloader.Win32.Bagle.asg 1 C:\Qoobox\Quarantine\C\Documents and Settings\Marcin\Application Data\m\shared\Roosl's Mail Filter 4.0 (Key+Serial).zip.vir Infected: Trojan-Downloader.Win32.Bagle.asg 1 C:\Qoobox\Quarantine\C\Documents and Settings\Marcin\Application Data\m\shared\SaveCD 0.9.zip.vir Infected: Trojan-Downloader.Win32.Bagle.asg 1 C:\Qoobox\Quarantine\C\Documents and Settings\Marcin\Application Data\m\shared\Scorched Planet demo.zip.vir Infected: Trojan-Downloader.Win32.Bagle.asg 1 C:\Qoobox\Quarantine\C\Documents and Settings\Marcin\Application Data\m\shared\Screensaver Builder 3.20.zip.vir Infected: Trojan-Downloader.Win32.Bagle.asg 1 C:\Qoobox\Quarantine\C\Documents and Settings\Marcin\Application Data\m\shared\ScreenViewer 1.8.4.zip.vir Infected: Trojan-Downloader.Win32.Bagle.asg 1 C:\Qoobox\Quarantine\C\Documents and Settings\Marcin\Application Data\m\shared\Sexy Valentine Heart Demo Screensaver 1.0 Key+Serial.zip.vir Infected: Trojan-Downloader.Win32.Bagle.asg 1 C:\Qoobox\Quarantine\C\Documents and Settings\Marcin\Application Data\m\shared\SFTPBlackbox (.NET) 5.1 (Patch).zip.vir Infected: Trojan-Downloader.Win32.Bagle.asg 1 C:\Qoobox\Quarantine\C\Documents and Settings\Marcin\Application Data\m\shared\ShortCuts 1.0 (With Crack).zip.vir Infected: Trojan-Downloader.Win32.Bagle.asg 1 C:\Qoobox\Quarantine\C\Documents and Settings\Marcin\Application Data\m\shared\Signal Generator 1.zip.vir Infected: Trojan-Downloader.Win32.Bagle.asg 1 C:\Qoobox\Quarantine\C\Documents and Settings\Marcin\Application Data\m\shared\Simple Timer 1.0.0 [Serial].zip.vir Infected: Trojan-Downloader.Win32.Bagle.asg 1 C:\Qoobox\Quarantine\C\Documents and Settings\Marcin\Application Data\m\shared\Small Business Publisher 3.2.zip.vir Infected: Trojan-Downloader.Win32.Bagle.asg 1 C:\Qoobox\Quarantine\C\Documents and Settings\Marcin\Application Data\m\shared\Smart Decimate 0.23.zip.vir Infected: Trojan-Downloader.Win32.Bagle.asg 1 C:\Qoobox\Quarantine\C\Documents and Settings\Marcin\Application Data\m\shared\SP Ace 1 [Key].zip.vir Infected: Trojan-Downloader.Win32.Bagle.asg 1 C:\Qoobox\Quarantine\C\Documents and Settings\Marcin\Application Data\m\shared\Speak Lite 1.0.41.zip.vir Infected: Trojan-Downloader.Win32.Bagle.asg 1 C:\Qoobox\Quarantine\C\Documents and Settings\Marcin\Application Data\m\shared\StartupXPert 2.1.zip.vir Infected: Trojan-Downloader.Win32.Bagle.asg 1 C:\Qoobox\Quarantine\C\Documents and Settings\Marcin\Application Data\m\shared\Stevie.Wonder.Songs.In.The.Key.Of.Life.Cd2.(192Kbps)By.Panda.zip.vir Infected: Trojan-Downloader.Win32.Bagle.asg 1 C:\Qoobox\Quarantine\C\Documents and Settings\Marcin\Application Data\m\shared\Stock Icons 1.0 Cracked.zip.vir Infected: Trojan-Downloader.Win32.Bagle.asg 1 C:\Qoobox\Quarantine\C\Documents and Settings\Marcin\Application Data\m\shared\Super AJAX Programming Seed 1.0.zip.vir Infected: Trojan-Downloader.Win32.Bagle.asg 1 C:\Qoobox\Quarantine\C\Documents and Settings\Marcin\Application Data\m\shared\System Purifier 3.38.zip.vir Infected: Trojan-Downloader.Win32.Bagle.asg 1 C:\Qoobox\Quarantine\C\Documents and Settings\Marcin\Application Data\m\shared\TermiNET 2.8.11.1575.zip.vir Infected: Trojan-Downloader.Win32.Bagle.asg 1 C:\Qoobox\Quarantine\C\Documents and Settings\Marcin\Application Data\m\shared\The Elder Scrolls III Morrowind Golem and Dragons mod.zip.vir Infected: Trojan-Downloader.Win32.Bagle.asg 1 C:\Qoobox\Quarantine\C\Documents and Settings\Marcin\Application Data\m\shared\The Howard Stern Widget 1.1.zip.vir Infected: Trojan-Downloader.Win32.Bagle.asg 1 C:\Qoobox\Quarantine\C\Documents and Settings\Marcin\Application Data\m\shared\Tidy Favorites 3.4.zip.vir Infected: Trojan-Downloader.Win32.Bagle.asg 1 C:\Qoobox\Quarantine\C\Documents and Settings\Marcin\Application Data\m\shared\Unreal Tournament 2004 OSRL mutator.zip.vir Infected: Trojan-Downloader.Win32.Bagle.asg 1 C:\Qoobox\Quarantine\C\Documents and Settings\Marcin\Application Data\m\shared\Video to iPod Converter 1.011.zip.vir Infected: Trojan-Downloader.Win32.Bagle.asg 1 C:\Qoobox\Quarantine\C\Documents and Settings\Marcin\Application Data\m\shared\Virtual Serial Port ActiveX 5.0 build 5.0.8.57.zip.vir Infected: Trojan-Downloader.Win32.Bagle.asg 1 C:\Qoobox\Quarantine\C\Documents and Settings\Marcin\Application Data\m\shared\Visio Electrical 1.1 (KeyGen).zip.vir Infected: Trojan-Downloader.Win32.Bagle.asg 1 C:\Qoobox\Quarantine\C\Documents and Settings\Marcin\Application Data\m\shared\Webcam Timershot 1.0.zip.vir Infected: Trojan-Downloader.Win32.Bagle.asg 1 C:\Qoobox\Quarantine\C\Documents and Settings\Marcin\Application Data\m\shared\What-if Analysis Manager 1.0.zip.vir Infected: Trojan-Downloader.Win32.Bagle.asg 1 C:\Qoobox\Quarantine\C\Documents and Settings\Marcin\Application Data\m\shared\WinI2C-DDC 2.30.zip.vir Infected: Trojan-Downloader.Win32.Bagle.asg 1 C:\Qoobox\Quarantine\C\Documents and Settings\Marcin\Application Data\m\shared\WordPerfect to XML HTML - WP 2 Web Publisher 1.0.zip.vir Infected: Trojan-Downloader.Win32.Bagle.asg 1 C:\Qoobox\Quarantine\C\Documents and Settings\Marcin\Application Data\m\shared\WordSmith 2.2.23.zip.vir Infected: Trojan-Downloader.Win32.Bagle.asg 1 C:\Qoobox\Quarantine\C\Documents and Settings\Marcin\Application Data\m\shared\XRM Radio ELectronic 1.1.zip.vir Infected: Trojan-Downloader.Win32.Bagle.asg 1 C:\Qoobox\Quarantine\C\Documents and Settings\Marcin\Application Data\m\shared\Yahoo Messenger Plug-In SDK 1.0b1.zip.vir Infected: Trojan-Downloader.Win32.Bagle.asg 1 C:\Qoobox\Quarantine\C\Documents and Settings\Marcin\Local Settings\Application Data\Google\Update\GoogleUpdate.exe.vir Infected: Trojan-Downloader.Win32.Bagle.ary 1 C:\Qoobox\Quarantine\C\WINDOWS\system32\mdelk.exe.vir Infected: Email-Worm.Win32.Bagle.of 1 C:\Qoobox\Quarantine\C\WINDOWS\system32\wintems.exe.vir Infected: Email-Worm.Win32.Bagle.of 1 C:\System Volume Information\_restore{2825C949-A1D4-4542-A907-5D8399B97DC1}\RP1\A0000022.sys Infected: Trojan-Downloader.Win32.Bagle.arw 1 C:\System Volume Information\_restore{2825C949-A1D4-4542-A907-5D8399B97DC1}\RP1\A0000034.exe Infected: Trojan-Downloader.Win32.Bagle.ary 1 C:\System Volume Information\_restore{2825C949-A1D4-4542-A907-5D8399B97DC1}\RP1\A0000059.sys Infected: Trojan-Downloader.Win32.Bagle.arw 1 C:\System Volume Information\_restore{2825C949-A1D4-4542-A907-5D8399B97DC1}\RP1\A0000060.exe Infected: Email-Worm.Win32.Bagle.of 1 C:\System Volume Information\_restore{2825C949-A1D4-4542-A907-5D8399B97DC1}\RP1\A0000061.exe Infected: Email-Worm.Win32.Bagle.of 1 C:\System Volume Information\_restore{2825C949-A1D4-4542-A907-5D8399B97DC1}\RP1\A0000062.exe Infected: Email-Worm.Win32.Bagle.of 1 C:\System Volume Information\_restore{2825C949-A1D4-4542-A907-5D8399B97DC1}\RP2\A0000195.sys Infected: Trojan-Downloader.Win32.Bagle.arw 1 C:\System Volume Information\_restore{2825C949-A1D4-4542-A907-5D8399B97DC1}\RP2\A0000197.exe Infected: Email-Worm.Win32.Bagle.of 1 C:\System Volume Information\_restore{2825C949-A1D4-4542-A907-5D8399B97DC1}\RP2\A0000264.exe Infected: Email-Worm.Win32.Bagle.of 1 C:\System Volume Information\_restore{2825C949-A1D4-4542-A907-5D8399B97DC1}\RP2\A0000265.exe Infected: Email-Worm.Win32.Bagle.of 1 C:\System Volume Information\_restore{2825C949-A1D4-4542-A907-5D8399B97DC1}\RP2\A0000292.exe Infected: Email-Worm.Win32.Bagle.of 1 C:\System Volume Information\_restore{2825C949-A1D4-4542-A907-5D8399B97DC1}\RP2\A0000293.exe Infected: Email-Worm.Win32.Bagle.of 1 C:\System Volume Information\_restore{2825C949-A1D4-4542-A907-5D8399B97DC1}\RP2\A0000315.exe Infected: Email-Worm.Win32.Bagle.of 1 C:\System Volume Information\_restore{2825C949-A1D4-4542-A907-5D8399B97DC1}\RP2\A0000329.exe Infected: Email-Worm.Win32.Bagle.of 1 C:\System Volume Information\_restore{2825C949-A1D4-4542-A907-5D8399B97DC1}\RP2\A0000339.exe Infected: Email-Worm.Win32.Bagle.of 1 C:\System Volume Information\_restore{2825C949-A1D4-4542-A907-5D8399B97DC1}\RP2\A0000394.exe Infected: Email-Worm.Win32.Bagle.of 1 C:\System Volume Information\_restore{2825C949-A1D4-4542-A907-5D8399B97DC1}\RP2\A0000410.exe Infected: Email-Worm.Win32.Bagle.of 1 C:\System Volume Information\_restore{2825C949-A1D4-4542-A907-5D8399B97DC1}\RP2\A0000507.exe Infected: Email-Worm.Win32.Bagle.of 1 C:\System Volume Information\_restore{2825C949-A1D4-4542-A907-5D8399B97DC1}\RP2\A0000520.exe Infected: Email-Worm.Win32.Bagle.of 1 C:\System Volume Information\_restore{2825C949-A1D4-4542-A907-5D8399B97DC1}\RP2\A0000528.exe Infected: Email-Worm.Win32.Bagle.of 1 C:\System Volume Information\_restore{2825C949-A1D4-4542-A907-5D8399B97DC1}\RP2\A0000537.exe Infected: Trojan-Downloader.Win32.Bagle.ary 1 C:\System Volume Information\_restore{2825C949-A1D4-4542-A907-5D8399B97DC1}\RP2\A0000538.exe Infected: Email-Worm.Win32.Bagle.of 1 C:\System Volume Information\_restore{2825C949-A1D4-4542-A907-5D8399B97DC1}\RP2\A0000540.exe Infected: Trojan-Downloader.Win32.Bagle.ary 1 The selected area was scanned. Kindest regards Marcin

05-01-2009, 12:41 PM	#6 (permalink)
chemist Moderator, Analyst, Security Team; Rangemaster, TSF Academy Join Date: Oct 2007 Location: Georgia Posts: 10,627 OS: XP SP3	Re: Please help; Win32 problem Hello again, cinio. Open Notepad and copy/paste the entire contents of the codebox below into Notepad (don't forget to copy and paste REGEDIT4): Code: REGEDIT4 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall] "DisableMonitoring"=dword:00000000 Save the file as fix.reg and choose to Save as type: - All Files then close the Notepad file. It should look like this: Double-click on fix.reg and choose Yes to merge/add it to the registry. Please delete the file afterwards. ------------------------------------------------------ All the Kaspersky finds, except for two(again, more cracks), have been quarantined by ComboFix or are in old system restore points, both of which will get deleted when we uninstall ComboFix. Open Notepad and copy/paste the entire contents of the codebox below into Notepad: Code: @echo off if exist "%temp%\log.txt" del "%temp%\log.txt" for %%g in ( "C:\Program Files\eMule0.49c\Incoming\MessageSave 4.0.2.234\install_patch.exe" "C:\Program Files\eMule0.49c\Incoming\MessageSave for Microsoft Outlook 3.1\crac.exe" ) do ( del /a/f/q %%g >nul 2>&1 if exist %%g echo.%%~g>>"%temp%\log.txt" ) if exist "%temp%\log.txt" ( start notepad "%temp%\log.txt" ) else echo.Deleted Successfully !! pause del %0 Save this Notepad file as fix.bat and choose to Save as type: - All Files then close the Notepad file. It should look like this: Double-click on fix.bat to run it. Tell me what it says in your next reply. Press any key to continue. ------------------------------------------------------ Open Notepad and copy/paste the entire contents of the codebox below into Notepad: Code: dir /a /s "C:\Program Files\eMule0.49c" > log.txt notepad log.txt del log.txt del peek.bat Save this as peek.bat and choose to Save as type: - All Files then close the Notepad file. It should look like this: Double-click on peek.bat and allow it to run. A Notepad file will open. Post the contents of that file in your next reply. ------------------------------------------------------ I'm not seeing why ZoneAlarm won't start. I would uninstall it and then reinstall it. Yes, you can reinstall AntiVir but please refrain from running a scan until we uninstall ComboFix. ------------------------------------------------------ __________________ Our help is free but please donate Proud member of ASAP Proud member of UNITE

05-01-2009, 01:25 PM	#7 (permalink)
cinio Registered User Join Date: Apr 2009 Posts: 8 OS: XP	Re: Please help; Win32 problem Hi chemist, me again result of fix.bat -> Deleted Successfully! result of peek.bat Volume in drive C has no label. Volume Serial Number is 9044-638B Directory of C:\Program Files\eMule0.49c 2009-04-12 22:34 <DIR> . 2009-04-12 22:34 <DIR> .. 2009-04-12 22:32 13983 changelog.ger.txt 2009-04-12 22:32 14859 changelog.txt 2009-04-27 21:11 <DIR> config 2009-04-12 22:32 5668864 emule.exe 2009-04-27 11:32 <DIR> Incoming 2009-04-12 22:33 <DIR> lang 2009-04-12 22:32 17947 license-DK.txt 2009-04-12 22:32 18915 license-FR.txt 2009-04-12 22:32 18401 license-GER.txt 2009-04-12 22:32 23228 license-GR.txt 2009-04-12 22:32 22970 license-HE.txt 2009-04-12 22:32 22763 license-IT.txt 2009-04-12 22:32 15492 license-KO.txt 2009-04-12 22:32 21143 license-LT.txt 2009-04-12 22:32 20093 license-PT_BR.txt 2009-04-12 22:32 20397 license-PT_PT.txt 2009-04-12 22:32 32582 license-RU.txt 2009-04-12 22:32 21204 license-SP.txt 2009-04-12 22:32 19976 license-TR.txt 2009-04-12 22:32 14971 license.txt 2009-04-12 22:32 <DIR> logs 2009-04-12 22:32 12737 readme.txt 2009-04-12 22:32 <DIR> skins 2009-04-27 21:11 <DIR> Temp 2009-04-12 22:32 17713 Template.eMuleSkin.ini 2009-04-12 22:32 688 Template.Notifier.ini 2009-04-12 22:32 <DIR> webserver 20 File(s) 6018926 bytes Directory of C:\Program Files\eMule0.49c\config 2009-04-27 21:11 <DIR> . 2009-04-27 21:11 <DIR> .. 2009-04-27 21:11 2 AC_BootstrapIPs.dat 2009-04-27 21:11 952 AC_SearchStrings.dat 2009-04-27 21:11 2 AC_ServerMetURLs.dat 2009-04-12 22:32 0 addresses.dat 2009-04-27 21:11 231 cancelled.met 2009-04-27 21:11 129001 clients.met 2009-04-27 09:13 127335 clients.met.bak 2009-04-12 22:32 365 cryptkey.dat 2009-04-27 10:02 1610 downloads.bak 2009-04-27 11:32 1242 downloads.txt 2009-04-27 21:11 5 emfriends.met 2009-04-12 22:32 115247 eMule.tmpl 2009-04-27 21:10 607987 key_index.dat 2009-04-27 21:11 27199 known.met 2009-04-27 11:32 1172113 known2_64.met 2009-04-27 21:10 432 load_index.dat 2009-04-27 21:10 4432 nodes.dat 2009-04-27 21:11 61 preferences.dat 2009-04-27 21:11 9926 preferences.ini 2009-04-27 21:10 23 preferencesKad.dat 2009-04-27 21:11 5 SearchSpam.met 2009-04-27 21:11 369 server.met 2009-04-27 21:05 369 server_met.old 2009-04-27 21:11 2 shareddir.dat 2009-04-27 21:11 2 sharedfiles.dat 2009-04-27 21:10 12 src_index.dat 2009-04-12 22:32 284 staticservers.dat 2009-04-27 21:11 2099 statistics.ini 2009-04-27 21:11 96819 StoredSearches.met 2009-04-12 22:32 693 webservices.dat 30 File(s) 2298819 bytes Directory of C:\Program Files\eMule0.49c\Incoming 2009-04-27 11:32 <DIR> . 2009-04-27 11:32 <DIR> .. 2009-04-27 11:32 62 Adobe Photoshop Extended CS4 11 FULL Serial REAL WORKS Keygen Crack Activation Final 2009(1).txt 2009-05-01 21:05 <DIR> MessageSave 4.0.2.234 2009-05-01 21:05 <DIR> MessageSave for Microsoft Outlook 3.1 1 File(s) 62 bytes Directory of C:\Program Files\eMule0.49c\Incoming\MessageSave 4.0.2.234 2009-05-01 21:05 <DIR> . 2009-05-01 21:05 <DIR> .. 2004-07-17 02:10 36586 changes.nfo 2006-10-27 04:06 34656 iconv.dll 2 File(s) 71242 bytes Directory of C:\Program Files\eMule0.49c\Incoming\MessageSave for Microsoft Outlook 3.1 2009-05-01 21:05 <DIR> . 2009-05-01 21:05 <DIR> .. 2005-03-26 01:08 82693 release_notes.nfo 1 File(s) 82693 bytes Directory of C:\Program Files\eMule0.49c\lang 2009-04-12 22:33 <DIR> . 2009-04-12 22:33 <DIR> .. 2009-04-12 22:32 110592 de_DE.dll 2009-04-12 22:32 114688 es_ES_T.dll 2009-04-12 22:32 114688 fr_FR.dll 2009-04-12 22:32 114688 it_IT.dll 2009-04-12 22:33 102400 pl_PL.dll 5 File(s) 557056 bytes Directory of C:\Program Files\eMule0.49c\logs 2009-04-12 22:32 <DIR> . 2009-04-12 22:32 <DIR> .. 0 File(s) 0 bytes Directory of C:\Program Files\eMule0.49c\skins 2009-04-12 22:32 <DIR> . 2009-04-12 22:32 <DIR> .. 0 File(s) 0 bytes Directory of C:\Program Files\eMule0.49c\Temp 2009-04-27 21:11 <DIR> . 2009-04-27 21:11 <DIR> .. 2009-04-27 21:11 302573827 001.part 2009-04-27 21:11 1029 001.part.met 2009-04-27 21:11 1029 001.part.met.bak 2009-04-27 20:03 114776828 002.part 2009-04-27 21:11 428 002.part.met 2009-04-27 21:11 428 002.part.met.bak 2009-04-27 16:46 223744000 003.part 2009-04-27 21:11 683 003.part.met 2009-04-27 21:11 683 003.part.met.bak 2009-04-26 16:16 0 005.part 2009-04-27 21:11 127 005.part.met 2009-04-27 21:11 127 005.part.met.bak 12 File(s) 641099189 bytes Directory of C:\Program Files\eMule0.49c\webserver 2009-04-12 22:32 <DIR> . 2009-04-12 22:32 <DIR> .. 2009-04-12 22:32 285 add_server.gif 2009-04-12 22:32 942 arrow_down.gif 2009-04-12 22:32 939 arrow_up.gif 2009-04-12 22:32 960 arrow_up_q.gif 2009-04-12 22:32 68 black.gif 2009-04-12 22:32 70 blue1.gif 2009-04-12 22:32 70 blue2.gif 2009-04-12 22:32 70 blue3.gif 2009-04-12 22:32 70 blue4.gif 2009-04-12 22:32 70 blue5.gif 2009-04-12 22:32 70 blue6.gif 2009-04-12 22:32 59 checked.gif 2009-04-12 22:32 51 checked_no.gif 2009-04-12 22:32 363 complete.gif 2009-04-12 22:32 583 completing.gif 2009-04-12 22:32 282 connecting.gif 2009-04-12 22:32 990 ct_0.gif 2009-04-12 22:32 965 ct_1.gif 2009-04-12 22:32 985 ct_a.gif 2009-04-12 22:32 983 ct_h.gif 2009-04-12 22:32 983 ct_l.gif 2009-04-12 22:32 987 ct_m.gif 2009-04-12 22:32 987 ct_s.gif 2009-04-12 22:32 965 ct_u.gif 2009-04-12 22:32 965 disconnected.gif 2009-04-12 22:32 214 downloading.gif 2009-04-12 22:32 143 error.gif 2009-04-12 22:32 965 failed.gif 2009-04-12 22:32 1406 favicon.ico 2009-04-12 22:32 255 file.gif 2009-04-12 22:32 258 filedown.gif 2009-04-12 22:32 971 filetype_archive.gif 2009-04-12 22:32 944 filetype_audio.gif 2009-04-12 22:32 947 filetype_cdimage.gif 2009-04-12 22:32 969 filetype_document.gif 2009-04-12 22:32 1007 filetype_emulecollection.gif 2009-04-12 22:32 965 filetype_other.gif 2009-04-12 22:32 974 filetype_picture.gif 2009-04-12 22:32 950 filetype_program.gif 2009-04-12 22:32 936 filetype_video.gif 2009-04-12 22:32 60 green.gif 2009-04-12 22:32 57 greenpercent.gif 2009-04-12 22:32 235 hashing.gif 2009-04-12 22:32 395 high.gif 2009-04-12 22:32 2530 h_emule.gif 2009-04-12 22:32 1494 h_graph.gif 2009-04-12 22:32 1021 h_graphs.gif 2009-04-12 22:32 1677 h_kad.gif 2009-04-12 22:32 176 h_log.gif 2009-04-12 22:32 1055 h_preferences.gif 2009-04-12 22:32 1512 h_search.gif 2009-04-12 22:32 1552 h_server.gif 2009-04-12 22:32 1511 h_shared.gif 2009-04-12 22:32 1021 h_statistic.gif 2009-04-12 22:32 1441 h_transfer.gif 2009-04-12 22:32 123 is_a4af.gif 2009-04-12 22:32 138 is_banned.gif 2009-04-12 22:32 134 is_credit.gif 2009-04-12 22:32 140 is_friend.gif 2009-04-12 22:32 124 is_getflc.gif 2009-04-12 22:32 873 is_halfcmtbad.gif 2009-04-12 22:32 872 is_halfcmtgood.gif 2009-04-12 22:32 50 is_halfnone.gif 2009-04-12 22:32 55 is_none.gif 2009-04-12 22:32 139 is_release.gif 2009-04-12 22:32 191 is_static.gif 2009-04-12 22:32 890 login_bottom.gif 2009-04-12 22:32 1181 login_downmain.gif 2009-04-12 22:32 107 login_lefttop.gif 2009-04-12 22:32 592 login_righttop.gif 2009-04-12 22:32 602 login_top.gif 2009-04-12 22:32 1491 login_topdown.gif 2009-04-12 22:32 158 login_topseperator.gif 2009-04-12 22:32 25676 logo.jpg 2009-04-12 22:32 395 low.gif 2009-04-12 22:32 106 l_add.gif 2009-04-12 22:32 122 l_calendar.gif 2009-04-12 22:32 873 l_cancel.gif 2009-04-12 22:32 127 l_catarrow.gif 2009-04-12 22:32 100 l_category.gif 2009-04-12 22:32 140 l_catprio.gif 2009-04-12 22:32 138 l_clear.gif 2009-04-12 22:32 261 l_clock.gif 2009-04-12 22:32 391 l_close.gif 2009-04-12 22:32 906 l_comments.gif 2009-04-12 22:32 375 l_con.gif 2009-04-12 22:32 970 l_connect.gif 2009-04-12 22:32 73 l_dndoublearrow.gif 2009-04-12 22:32 59 l_downarrow.gif 2009-04-12 22:32 1004 l_ed2klink.gif 2009-04-12 22:32 161 l_filedonkey.gif 2009-04-12 22:32 635 l_filesearch.gif 2009-04-12 22:32 560 l_forum.gif 2009-04-12 22:32 1009 l_friend.gif 2009-04-12 22:32 220 l_getflc.gif 2009-04-12 22:32 149 l_hasherror.gif 2009-04-12 22:32 353 l_homepage.gif 2009-04-12 22:32 364 l_info.gif 2009-04-12 22:32 601 l_logout.gif 2009-04-12 22:32 143 l_none.gif 2009-04-12 22:32 1206 l_options.gif 2009-04-12 22:32 876 l_pause.gif 2009-04-12 22:32 234 l_reboot.gif 2009-04-12 22:32 90 l_remove.gif 2009-04-12 22:32 972 l_rename.gif 2009-04-12 22:32 870 l_resume.gif 2009-04-12 22:32 986 l_search.gif 2009-04-12 22:32 991 l_server.gif 2009-04-12 22:32 356 l_shared.gif 2009-04-12 22:32 57 l_showcat.gif 2009-04-12 22:32 394 l_shutdown.gif 2009-04-12 22:32 153 l_sources_0.gif 2009-04-12 22:32 207 l_sources_10.gif 2009-04-12 22:32 207 l_sources_25.gif 2009-04-12 22:32 209 l_sources_5.gif 2009-04-12 22:32 204 l_sources_50.gif 2009-04-12 22:32 874 l_static.gif 2009-04-12 22:32 911 l_stop.gif 2009-04-12 22:32 499 l_timer.gif 2009-04-12 22:32 189 l_timer_off.gif 2009-04-12 22:32 59 l_uparrow.gif 2009-04-12 22:32 73 l_updoublearrow.gif 2009-04-12 22:32 374 l_users.gif 2009-04-12 22:32 364 l_version.gif 2009-04-12 22:32 38 main_bg.gif 2009-04-12 22:32 57 main_menubg.gif 2009-04-12 22:32 277 main_topbar.gif 2009-04-12 22:32 277 main_topbardarker.gif 2009-04-12 22:32 1405 main_topbarseperator.gif 2009-04-12 22:32 980 m_category.gif 2009-04-12 22:32 996 m_catprio.gif 2009-04-12 22:32 911 m_clearcompleted.gif 2009-04-12 22:32 350 paused.gif 2009-04-12 22:32 68 p_black.gif 2009-04-12 22:32 70 p_blue1.gif 2009-04-12 22:32 70 p_blue2.gif 2009-04-12 22:32 70 p_blue3.gif 2009-04-12 22:32 70 p_blue4.gif 2009-04-12 22:32 70 p_blue5.gif 2009-04-12 22:32 70 p_blue6.gif 2009-04-12 22:32 60 p_green.gif 2009-04-12 22:32 57 p_greenpercent.gif 2009-04-12 22:32 60 p_red.gif 2009-04-12 22:32 60 p_yellow.gif 2009-04-12 22:32 678 qs_con.jpg 2009-04-12 22:32 677 qs_down.jpg 2009-04-12 22:32 672 qs_up.jpg 2009-04-12 22:32 672 qs_user.jpg 2009-04-12 22:32 60 red.gif 2009-04-12 22:32 248 stalled.gif 2009-04-12 22:32 68 stats_0.gif 2009-04-12 22:32 895 stats_1.gif 2009-04-12 22:32 598 stats_10.gif 2009-04-12 22:32 375 stats_11.gif 2009-04-12 22:32 244 stats_12.gif 2009-04-12 22:32 899 stats_13.gif 2009-04-12 22:32 163 stats_14.gif 2009-04-12 22:32 165 stats_15.gif 2009-04-12 22:32 165 stats_16.gif 2009-04-12 22:32 941 stats_17.gif 2009-04-12 22:32 974 stats_2.gif 2009-04-12 22:32 371 stats_3.gif 2009-04-12 22:32 965 stats_4.gif 2009-04-12 22:32 961 stats_5.gif 2009-04-12 22:32 939 stats_6.gif 2009-04-12 22:32 942 stats_7.gif 2009-04-12 22:32 391 stats_8.gif 2009-04-12 22:32 244 stats_9.gif 2009-04-12 22:32 61 stats_back.gif 2009-04-12 22:32 91 stats_con.gif 2009-04-12 22:32 91 stats_down.gif 2009-04-12 22:32 203 stats_hidden.gif 2009-04-12 22:32 55 stats_space.gif 2009-04-12 22:32 91 stats_up.gif 2009-04-12 22:32 200 stats_visible.gif 2009-04-12 22:32 358 stopped.gif 2009-04-12 22:32 43 transparent.gif 2009-04-12 22:32 1062 t_complete.gif 2009-04-12 22:32 1062 t_completing.gif 2009-04-12 22:32 998 t_connecting.gif 2009-04-12 22:32 970 t_downloading.gif 2009-04-12 22:32 1052 t_error.gif 2009-04-12 22:32 1065 t_hashing.gif 2009-04-12 22:32 999 t_next.gif 2009-04-12 22:32 1057 t_paused.gif 2009-04-12 22:32 970 t_stalled.gif 2009-04-12 22:32 1052 t_stopped.gif 2009-04-12 22:32 1003 t_uploading.gif 2009-04-12 22:32 968 t_waiting.gif 2009-04-12 22:32 1057 t_waitinghash.gif 2009-04-12 22:32 357 waiting.gif 2009-04-12 22:32 258 waitinghash.gif 2009-04-12 22:32 60 yellow.gif 193 File(s) 131035 bytes Total Files Listed: 264 File(s) 650259022 bytes 29 Dir(s) 197908598*784 bytes free ZoneAlarm: cannot uninstall... it says it has been already uninstalled and then than I have no sufficient rights to do it (admin rights). Reinstall says: Setup is unable to log into TrueVector service and I should shut down it. I refrainded from instaling Antivir What should I do now? Thank you cinio

05-01-2009, 01:57 PM	#8 (permalink)
cinio Registered User Join Date: Apr 2009 Posts: 8 OS: XP	Re: Please help; Win32 problem merely fyi in the meantime windows installed approx. 30 updates on the reboot. cheers cinio

05-01-2009, 02:48 PM	#9 (permalink)
cinio Registered User Join Date: Apr 2009 Posts: 8 OS: XP	Re: Please help; Win32 problem ... I've managed the reinstallation of ZoneAlarm. It's working again. Kindest regards cinio

05-01-2009, 03:13 PM	#10 (permalink)
chemist Moderator, Analyst, Security Team; Rangemaster, TSF Academy Join Date: Oct 2007 Location: Georgia Posts: 10,627 OS: XP SP3	Re: Please help; Win32 problem Please don't multi-post. Post once, and wait for a reply. Now try reinstalling AntiVir and let me know. __________________ Our help is free but please donate Proud member of ASAP Proud member of UNITE

05-01-2009, 03:53 PM	#11 (permalink)
cinio Registered User Join Date: Apr 2009 Posts: 8 OS: XP	Re: Please help; Win32 problem Hi chemist, Antivir installed - with no problmes. On your request: no scan done. Everything looks normal now... cinio

05-01-2009, 04:40 PM	#12 (permalink)
chemist Moderator, Analyst, Security Team; Rangemaster, TSF Academy Join Date: Oct 2007 Location: Georgia Posts: 10,627 OS: XP SP3	Re: Please help; Win32 problem Your logs appear clean. You should be good to go. As far as those infected objects listed in the Kaspersky report, those are safely tucked away in ComboFix's quarantine folder or in old System Restore Points, which we will be taking care of now. Please disable Avira before uninstalling ComboFix and then re-enable it after doing so. Go to Start >> Run and Copy/Paste the following single-line command into the Run box and click OK: combofix /u This will uninstall ComboFix and delete ComboFix's quarantine folder. It will also implement some cleanup procedures, remove old System Restore Points which contain previous infections, and create a fresh, clean System Restore point. Please re-enable your antivirus program and any other antispyware programs disabled earlier if you haven't already. You can safely delete any tools downloaded or any logs, files, and any shortcuts on your desktop that were created during this fix. ------------------------------------------------------ MICROSOFT UPDATES It is very important that you get all of the critical updates for your Operating System and Internet Explorer. Keeping your OS and browser up to date will help make you less susceptible to attacks by Trojans and viruses. Please go to Microsoft and download all the critical updates to help prevent possible re-infection. SPYWARE PREVENTION This is a good time to set up protection against further attacks. In light of your recent problem, I'm sure you'd like to avoid any future infections. Please read these well written articles: How Did I Get Infected In The First Place? by TonyKlein How to Prevent Malware by miekiemoes To help protect your computer in the future I recommend that you get the following free programs if you do not already have them: SpywareBlaster prevents the installation of ActiveX-based malware, blocks cookies, and restricts the actions of "bad" sites in Internet Explorer. See tutorial here IE-Spyad is another excellent program that places over 5000 dubious websites and domains in the IE Restricted list, which will help prevent attempts to infect your system. It basically prevents any downloads from the sites listed, although you will still be able to connect to the site. See tutorial here MVPS HOSTS FILE replaces your current HOSTS file with one that will restrict known ad sites from serving you unsolicited advertisements. It basically prevents your computer from connecting to those sites by redirecting the attempted connections to 127.0.0.1, which is the IP of your local computer. See guide here and for Windows Vista here Keep your antivirus program and antispyware programs updated and scan with them on a regular basis. Please respond to this thread one more time so we can mark this thread as resolved. __________________ Our help is free but please donate Proud member of ASAP Proud member of UNITE

05-02-2009, 03:50 AM	#13 (permalink)
cinio Registered User Join Date: Apr 2009 Posts: 8 OS: XP	Re: Please help; Win32 problem Dear chemist, Thank you! Everything is in line now; I've installed the three new programs you suggested... and will be very careful now while I am browsing. Greetings from Switzerland cinio

05-02-2009, 06:22 AM	#14 (permalink)
chemist Moderator, Analyst, Security Team; Rangemaster, TSF Academy Join Date: Oct 2007 Location: Georgia Posts: 10,627 OS: XP SP3	Re: Please help; Win32 problem You're welcome, cinio! Glad to have helped. __________________ Our help is free but please donate Proud member of ASAP Proud member of UNITE