[waxvax]

i got a link thru AIM
http://funny.afz.biz...ile=checkit.jpg
and it appears to be an exec...
it has installed some ad/spy/malware
the funny thing: i have SCS 3.0, MS Antispyware and Spybot SD installed. and they didnt help...

Logfile of HijackThis v1.99.1
Scan saved at 10:57:28, on 2005-06-21
Platform: Windows XP Dodatek SP. 1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Symantec Client Security\Symantec Client Firewall\ISSVC.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
C:\Program Files\Symantec Client Security\Symantec AntiVirus\DefWatch.exe
C:\WINDOWS\system32\cba\pds.exe
C:\PROGRA~1\Symantec\SYMANT~1\NSCTOP.EXE
C:\Program Files\ntop-Win32\ntop.exe
C:\Program Files\Symantec Client Security\Symantec AntiVirus\SavRoam.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Symantec Client Security\Symantec Client Firewall\SymSPort.exe
C:\WINDOWS\System32\ups.exe
C:\WINDOWS\system32\ams_ii\hndlrsvc.exe
C:\WINDOWS\system32\MsgSys.EXE
C:\WINDOWS\system32\ams_ii\iao.exe
C:\WINDOWS\system32\cba\xfr.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\RunDll32.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\ABBYY FineReader 7.0 Professional Edition\ABBYYNewsReader.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\ATI Technologies\ATI HYDRAVISION\HydraDM.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~2\SYMANT~2\VPTray.exe
C:\Program Files\Symantec Client Security\Symantec AntiVirus\DoScan.exe
C:\Program Files\MSI\Core Center\CoreCenter.exe
C:\Program Files\Logitech\SetPoint\KEM.exe
C:\Program Files\Microtek\ScanWizard 5\ScannerFinder.exe
C:\Program Files\SpamPal\spampal.exe
C:\Program Files\Logitech\SetPoint\KHALMNPR.EXE
C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe
C:\Program Files\RMClient\PMCTray.exe
C:\Program Files\Symantec Client Security\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\The Bat!\thebat.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\FlashGet\flashget.exe
C:\Program Files\Gadu-Gadu\gg.exe
C:\Program Files\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = nights.pl:3128
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 192.168;;localhost;<local>
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [FineReader7NewsReaderPro] "C:\Program Files\ABBYY FineReader 7.0 Professional Edition\ABBYYNewsReader.exe"
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [HydraVisionDesktopManager] C:\Program Files\ATI Technologies\ATI HYDRAVISION\HydraDM.exe
O4 - HKLM\..\Run: [LinuxTSC_startup] C:\Program Files\LinuxTSC\usr\X11R6\bin\XWin.exe -multiwindow -clipboard
O4 - HKLM\..\Run: [JobHisInit] C:\Program Files\RMClient\JobHisInit.exe
O4 - HKLM\..\Run: [MplSetUp] C:\Program Files\RMClient\MplSetUp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~2\SYMANT~2\VPTray.exe
O4 - HKLM\..\Run: [PestPatrol Control Center] c:\PROGRA~1\PESTPA~1\PPControl.exe
O4 - HKLM\..\Run: [PPMemCheck] c:\PROGRA~1\PESTPA~1\PPMemCheck.exe
O4 - HKLM\..\Run: [CookiePatrol] c:\PROGRA~1\PESTPA~1\CookiePatrol.exe
O4 - HKLM\..\Run: [MCAgentExe] C:\Program Files\McAfee.com\Agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\McAfee.com\Agent\McUpdate.exe
O4 - HKLM\..\Run: [checkrun] c:\windows\system32\elitezxn32.exe
O4 - HKLM\..\RunOnce: [MicrosoftAntiSpywareCleaner] C:\Program Files\Microsoft AntiSpyware\gcASCleaner.exe
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
O4 - HKCU\..\Run: [Komunikator] C:\Program Files\Tlen.pl\tlen.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\MSMSGS.EXE" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [strmsgms] aimstats.exe
O4 - HKCU\..\RunOnce: [The Bat!] C:\Program Files\The Bat!\thebat.exe
O4 - Startup: SpamPal.lnk = C:\Program Files\SpamPal\spampal.exe
O4 - Global Startup: APC UPS Status.lnk = ?
O4 - Global Startup: CoreCenter.lnk = C:\Program Files\MSI\Core Center\CoreCenter.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\KEM.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Microtek Scanner Finder.lnk = C:\Program Files\Microtek\ScanWizard 5\ScannerFinder.exe
O4 - Global Startup: SmartDeviceMonitor for Client.lnk = C:\Program Files\RMClient\PMClient.exe
O8 - Extra context menu item: Otwórz klienta na monitorze &1 - C:\WINDOWS\web\AOpenClient.htm
O8 - Extra context menu item: Otwórz klienta na monitorze &2 - C:\WINDOWS\web\AOpenClient.htm
O8 - Extra context menu item: Ściągnij przy pomocy FlashGet'a - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: Ściągnij wszystko przy pomocy FlashGet'a - C:\Program Files\FlashGet\jc_all.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {02E09B2E-2A03-4572-9291-69900C068564} (LCSim Control) - http://www.learnitco.../cabs/lcsim.cab
O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://www.cult3d.co...wnload/cult.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupd...b?1093953118593
O16 - DPF: {E36C5562-C4E0-4220-BCB2-1C671E3A5916} - http://www.seagate.c.../npseatools.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = krakow.sa.gov.pl
O17 - HKLM\Software\..\Telephony: DomainName = krakow.sa.gov.pl
O17 - HKLM\System\CCS\Services\Tcpip\..\{E701BBEA-B014-4E88-AED0-05B03F4D148E}: NameServer = 192.168.1.196
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = krakow.sa.gov.pl
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = krakow.sa.gov.pl
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\System32\NavLogon.dll
O23 - Service: APC UPS Service - American Power Conversion Corporation - C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec AntiVirus\DefWatch.exe
O23 - Service: Intel Alert Handler - Intel® Corporation - C:\WINDOWS\system32\ams_ii\hndlrsvc.exe
O23 - Service: Intel Alert Originator - Intel® Corporation - C:\WINDOWS\system32\ams_ii\iao.exe
O23 - Service: Intel File Transfer - Intel® Corporation - C:\WINDOWS\system32\cba\xfr.exe
O23 - Service: Intel PDS - Intel® Corporation - C:\WINDOWS\system32\cba\pds.exe
O23 - Service: IS Service (ISSVC) - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec Client Firewall\ISSVC.exe
O23 - Service: Symantec System Center Discovery Service (NSCTOP) - Symantec Corporation - C:\PROGRA~1\Symantec\SYMANT~1\NSCTOP.EXE
O23 - Service: ntop for Win32 (ntop) - Unknown owner - C:\Program Files\ntop-Win32\ntop.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\HPZipm12.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: Sandra Data Service (SandraDataSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2005\RpcDataSrv.exe
O23 - Service: Sandra Service (SandraTheSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2005\RpcSandraSrv.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec Client Security\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec AntiVirus\Rtvscan.exe
O23 - Service: Symantec SecurePort (SymSecurePort) - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec Client Firewall\SymSPort.exe

[Advertisements]

Hello

We are sorry for the delay in replying to your post, if your still need help please post a current HijackThis.log.

Thank you

Kc

[waxvax]

Logfile of HijackThis v1.99.1
Scan saved at 09:04:46, on 2005-06-27
Platform: Windows XP Dodatek SP. 1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Symantec Client Security\Symantec Client Firewall\ISSVC.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
C:\Program Files\Symantec Client Security\Symantec AntiVirus\DefWatch.exe
C:\WINDOWS\system32\cba\pds.exe
C:\PROGRA~1\Symantec\SYMANT~1\NSCTOP.EXE
C:\Program Files\ntop-Win32\ntop.exe
C:\Program Files\Symantec Client Security\Symantec AntiVirus\SavRoam.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Symantec Client Security\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Symantec Client Security\Symantec Client Firewall\SymSPort.exe
C:\WINDOWS\System32\ups.exe
C:\WINDOWS\system32\ams_ii\iao.exe
C:\WINDOWS\system32\MsgSys.EXE
C:\WINDOWS\system32\cba\xfr.exe
C:\WINDOWS\system32\ams_ii\hndlrsvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\RunDll32.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\ABBYY FineReader 7.0 Professional Edition\ABBYYNewsReader.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\ATI Technologies\ATI HYDRAVISION\HydraDM.exe
C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\PROGRA~1\SYMANT~2\SYMANT~2\VPTray.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\PROGRA~1\SPYCLE~1\SpyWatcher.exe
C:\Program Files\MSI\Core Center\CoreCenter.exe
C:\Program Files\Logitech\SetPoint\KEM.exe
C:\Program Files\Microtek\ScanWizard 5\ScannerFinder.exe
C:\Program Files\SpamPal\spampal.exe
C:\Program Files\Logitech\SetPoint\KHALMNPR.EXE
C:\Program Files\RMClient\PMCTray.exe
C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe
C:\Program Files\The Bat!\thebat.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = nights.pl:3128
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 192.168;;localhost;<local>
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [FineReader7NewsReaderPro] "C:\Program Files\ABBYY FineReader 7.0 Professional Edition\ABBYYNewsReader.exe"
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [HydraVisionDesktopManager] C:\Program Files\ATI Technologies\ATI HYDRAVISION\HydraDM.exe
O4 - HKLM\..\Run: [LinuxTSC_startup] C:\Program Files\LinuxTSC\usr\X11R6\bin\XWin.exe -multiwindow -clipboard
O4 - HKLM\..\Run: [JobHisInit] C:\Program Files\RMClient\JobHisInit.exe
O4 - HKLM\..\Run: [MplSetUp] C:\Program Files\RMClient\MplSetUp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~2\SYMANT~2\VPTray.exe
O4 - HKLM\..\Run: [PestPatrol Control Center] c:\PROGRA~1\PESTPA~1\PPControl.exe
O4 - HKLM\..\Run: [PPMemCheck] c:\PROGRA~1\PESTPA~1\PPMemCheck.exe
O4 - HKLM\..\Run: [CookiePatrol] c:\PROGRA~1\PESTPA~1\CookiePatrol.exe
O4 - HKLM\..\Run: [MCAgentExe] C:\Program Files\McAfee.com\Agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\McAfee.com\Agent\McUpdate.exe
O4 - HKLM\..\Run: [checkrun] c:\windows\system32\elitezxn32.exe
O4 - HKLM\..\RunOnce: [MicrosoftAntiSpywareCleaner] C:\Program Files\Microsoft AntiSpyware\gcASCleaner.exe
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\MSMSGS.EXE" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [Spy Watcher] "C:\PROGRA~1\SPYCLE~1\SpyWatcher.exe" -S
O4 - HKCU\..\RunOnce: [The Bat!] C:\Program Files\The Bat!\thebat.exe
O4 - Startup: SpamPal.lnk = C:\Program Files\SpamPal\spampal.exe
O4 - Global Startup: APC UPS Status.lnk = ?
O4 - Global Startup: CoreCenter.lnk = C:\Program Files\MSI\Core Center\CoreCenter.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\KEM.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Microtek Scanner Finder.lnk = C:\Program Files\Microtek\ScanWizard 5\ScannerFinder.exe
O4 - Global Startup: SmartDeviceMonitor for Client.lnk = C:\Program Files\RMClient\PMClient.exe
O8 - Extra context menu item: Otwórz klienta na monitorze &1 - C:\WINDOWS\web\AOpenClient.htm
O8 - Extra context menu item: Otwórz klienta na monitorze &2 - C:\WINDOWS\web\AOpenClient.htm
O8 - Extra context menu item: Ściągnij przy pomocy FlashGet'a - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: Ściągnij wszystko przy pomocy FlashGet'a - C:\Program Files\FlashGet\jc_all.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {02E09B2E-2A03-4572-9291-69900C068564} (LCSim Control) - http://www.learnitco.../cabs/lcsim.cab
O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://www.cult3d.co...wnload/cult.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupd...b?1093953118593
O16 - DPF: {E36C5562-C4E0-4220-BCB2-1C671E3A5916} - http://www.seagate.c.../npseatools.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = krakow.sa.gov.pl
O17 - HKLM\Software\..\Telephony: DomainName = krakow.sa.gov.pl
O17 - HKLM\System\CCS\Services\Tcpip\..\{E701BBEA-B014-4E88-AED0-05B03F4D148E}: NameServer = 192.168.1.196
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = krakow.sa.gov.pl
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = krakow.sa.gov.pl
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\System32\NavLogon.dll
O23 - Service: APC UPS Service - American Power Conversion Corporation - C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec AntiVirus\DefWatch.exe
O23 - Service: Intel Alert Handler - Intel® Corporation - C:\WINDOWS\system32\ams_ii\hndlrsvc.exe
O23 - Service: Intel Alert Originator - Intel® Corporation - C:\WINDOWS\system32\ams_ii\iao.exe
O23 - Service: Intel File Transfer - Intel® Corporation - C:\WINDOWS\system32\cba\xfr.exe
O23 - Service: Intel PDS - Intel® Corporation - C:\WINDOWS\system32\cba\pds.exe
O23 - Service: IS Service (ISSVC) - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec Client Firewall\ISSVC.exe
O23 - Service: Symantec System Center Discovery Service (NSCTOP) - Symantec Corporation - C:\PROGRA~1\Symantec\SYMANT~1\NSCTOP.EXE
O23 - Service: ntop for Win32 (ntop) - Unknown owner - C:\Program Files\ntop-Win32\ntop.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\HPZipm12.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: Sandra Data Service (SandraDataSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2005\RpcDataSrv.exe
O23 - Service: Sandra Service (SandraTheSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2005\RpcSandraSrv.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec Client Security\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec AntiVirus\Rtvscan.exe
O23 - Service: Symantec SecurePort (SymSecurePort) - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec Client Firewall\SymSPort.exe

i've tried to manage it by myself using hints from this forum, i've tried hijackthis, spybot sd and ad aware se, but it looks like the entry O4 - HKLM\..\Run: [checkrun] c:\windows\system32\elitezxn32.exe comes back all the time, tho it stopeed popping up ads. anyway i've noticed lowered performance of my machine

[waxvax]

LOG FROM PANDA:


Incident Status Location

Possible Virus. No disinfected C:\Downloads\software\UBCD4WinV241Full.exe[NwDetect.exe]
Possible Virus. No disinfected C:\Downloads\software\UBCD4WinV241Full.exe[PasswdRenew.exe]
Possible Virus. No disinfected C:\Downloads\software\UBCD4WinV241Full.exe[SAMInside_Demo.exe]
Possible Virus. No disinfected C:\Program Files\cygwin\bin\cygform-8.dll
Possible Virus. No disinfected C:\Program Files\cygwin\bin\cyggdk-1-2-0.dll
Possible Virus. No disinfected C:\Program Files\cygwin\bin\cyggmodule-1-2-0.dll
Possible Virus. No disinfected C:\Program Files\cygwin\bin\cyggthread-1-2-0.dll
Possible Virus. No disinfected C:\Program Files\cygwin\bin\cyggtk-1-2-0.dll
Possible Virus. No disinfected C:\Program Files\cygwin\bin\cygmenu-8.dll
Possible Virus. No disinfected C:\Program Files\cygwin\bin\cygncurses++-8.dll
Possible Virus. No disinfected C:\Program Files\cygwin\bin\cygpanel-8.dll
Possible Virus. No disinfected C:\Program Files\cygwin\usr\X11R6\bin\cygDtPrint-1.dll
Possible Virus. No disinfected C:\Program Files\cygwin\usr\X11R6\bin\cygMrm-2.dll
Possible Virus. No disinfected C:\Program Files\cygwin\usr\X11R6\bin\cygOSMesa-4.dll
Possible Virus. No disinfected C:\Program Files\cygwin\usr\X11R6\bin\cygXaw-6.dll
Possible Virus. No disinfected C:\Program Files\cygwin\usr\X11R6\bin\cygXaw-7.dll
Possible Virus. No disinfected C:\Program Files\cygwin\usr\X11R6\bin\cygXaw-8.dll
Possible Virus. No disinfected C:\Program Files\cygwin\usr\X11R6\bin\cygXcomposite-1.dll
Possible Virus. No disinfected C:\Program Files\cygwin\usr\X11R6\bin\cygXcursor-1.dll
Possible Virus. No disinfected C:\Program Files\cygwin\usr\X11R6\bin\cygXdamage-1.dll
Possible Virus. No disinfected C:\Program Files\cygwin\usr\X11R6\bin\cygXext-6.dll
Possible Virus. No disinfected C:\Program Files\cygwin\usr\X11R6\bin\cygXfixes-3.dll
Possible Virus. No disinfected C:\Program Files\cygwin\usr\X11R6\bin\cygXm-2.dll
Possible Virus. No disinfected C:\Program Files\cygwin\usr\X11R6\bin\cygXp-6.dll
Possible Virus. No disinfected C:\Program Files\cygwin\usr\X11R6\bin\cygXrender-1.dll
Possible Virus. No disinfected C:\Program Files\cygwin\usr\X11R6\bin\cygxrx-6.dll
Possible Virus. No disinfected C:\Program Files\cygwin\usr\X11R6\bin\cygxrxnest-6.dll
Possible Virus. No disinfected C:\Program Files\setupfiles\ftp%3a%2f%2fftp.funet.fi%2fpub%2fmirrors%2fcygwin.com%2fpub%2fcygwin\release\apr-util\libaprutil0\libaprutil0-0.9.6-1.tar.bz2[libaprutil0-0.9.6-1.tar][cygaprutil-0-0.dll]
Possible Virus. No disinfected C:\Program Files\setupfiles\ftp%3a%2f%2fftp.funet.fi%2fpub%2fmirrors%2fcygwin.com%2fpub%2fcygwin\release\gettext\libgettextpo0\libgettextpo0-0.14.1-1.tar.bz2[libgettextpo0-0.14.1-1.tar][cyggettextpo-0.dll]
Possible Virus. No disinfected C:\Program Files\setupfiles\ftp%3a%2f%2fftp.funet.fi%2fpub%2fmirrors%2fcygwin.com%2fpub%2fcygwin\release\gettext\libgettextpo0\libgettextpo0-0.14.1-1.tar.bz2[libgettextpo0-0.14.1-1.tar][cyggettextsrc-0-14-1.dll]
Possible Virus. No disinfected C:\Program Files\setupfiles\ftp%3a%2f%2fftp.funet.fi%2fpub%2fmirrors%2fcygwin.com%2fpub%2fcygwin\release\glib\glib-1.2.10-2.tar.bz2[glib-1.2.10-2.tar][cyggmodule-1-2-0.dll]
Possible Virus. No disinfected C:\Program Files\setupfiles\ftp%3a%2f%2fftp.funet.fi%2fpub%2fmirrors%2fcygwin.com%2fpub%2fcygwin\release\glib\glib-1.2.10-2.tar.bz2[glib-1.2.10-2.tar][cyggthread-1-2-0.dll]
Possible Virus. No disinfected C:\Program Files\setupfiles\ftp%3a%2f%2fftp.funet.fi%2fpub%2fmirrors%2fcygwin.com%2fpub%2fcygwin\release\GNOME\GConf2\GConf2-2.8.1-1.tar.bz2[GConf2-2.8.1-1.tar][cyggconf-2-4.dll]
Possible Virus. No disinfected C:\Program Files\setupfiles\ftp%3a%2f%2fftp.funet.fi%2fpub%2fmirrors%2fcygwin.com%2fpub%2fcygwin\release\GNOME\GConf2\GConf2-2.8.1-1.tar.bz2[GConf2-2.8.1-1.tar][cyggconfbackend-oldxml.dll]
Possible Virus. No disinfected C:\Program Files\setupfiles\ftp%3a%2f%2fftp.funet.fi%2fpub%2fmirrors%2fcygwin.com%2fpub%2fcygwin\release\GNOME\gnome-vfs2\gnome-vfs2-2.8.0-1.tar.bz2[gnome-vfs2-2.8.0-1.tar][cyggnomevfs-2-0.dll]
Possible Virus. No disinfected C:\Program Files\setupfiles\ftp%3a%2f%2fftp.funet.fi%2fpub%2fmirrors%2fcygwin.com%2fpub%2fcygwin\release\GNOME\gnome-vfs2\gnome-vfs2-2.8.0-1.tar.bz2[gnome-vfs2-2.8.0-1.tar][cygmoniker_gnome_vfs_std.dll]
Possible Virus. No disinfected C:\Program Files\setupfiles\ftp%3a%2f%2fftp.funet.fi%2fpub%2fmirrors%2fcygwin.com%2fpub%2fcygwin\release\GNOME\gnome-vfs2\gnome-vfs2-2.8.0-1.tar.bz2[gnome-vfs2-2.8.0-1.tar][cygvfolder-desktop.dll]
Possible Virus. No disinfected C:\Program Files\setupfiles\ftp%3a%2f%2fftp.funet.fi%2fpub%2fmirrors%2fcygwin.com%2fpub%2fcygwin\release\GNOME\gnome-vfs2\gnome-vfs2-2.8.0-1.tar.bz2[gnome-vfs2-2.8.0-1.tar][cygvfs-test.dll]
Possible Virus. No disinfected C:\Program Files\setupfiles\ftp%3a%2f%2fftp.funet.fi%2fpub%2fmirrors%2fcygwin.com%2fpub%2fcygwin\release\GNOME\libbonobo2\libbonobo2-2.8.0-1.tar.bz2[libbonobo2-2.8.0-1.tar][cygmoniker_std_2.dll]
Possible Virus. No disinfected C:\Program Files\setupfiles\ftp%3a%2f%2fftp.funet.fi%2fpub%2fmirrors%2fcygwin.com%2fpub%2fcygwin\release\GNOME\libbonobo2\libbonobo2-2.8.0-1.tar.bz2[libbonobo2-2.8.0-1.tar][Bonobo_module.dll]
Possible Virus. No disinfected C:\Program Files\setupfiles\ftp%3a%2f%2fftp.funet.fi%2fpub%2fmirrors%2fcygwin.com%2fpub%2fcygwin\release\GNOME\libbonobo2\libbonobo20\libbonobo20-2.8.0-1.tar.bz2[libbonobo20-2.8.0-1.tar][cygbonobo-2-0.dll]
Possible Virus. No disinfected C:\Program Files\setupfiles\ftp%3a%2f%2fftp.funet.fi%2fpub%2fmirrors%2fcygwin.com%2fpub%2fcygwin\release\GNOME\libbonobo2\libbonobo20\libbonobo20-2.8.0-1.tar.bz2[libbonobo20-2.8.0-1.tar][cygbonobo-activation-4.dll]
Possible Virus. No disinfected C:\Program Files\setupfiles\ftp%3a%2f%2fftp.funet.fi%2fpub%2fmirrors%2fcygwin.com%2fpub%2fcygwin\release\GNOME\libbonoboui2\libbonoboui2-2.8.0-1.tar.bz2[libbonoboui2-2.8.0-1.tar][cygbonoboui-2-0.dll]
Possible Virus. No disinfected C:\Program Files\setupfiles\ftp%3a%2f%2fftp.funet.fi%2fpub%2fmirrors%2fcygwin.com%2fpub%2fcygwin\release\GNOME\libgnome2\libgnome2-2.8.0-1.tar.bz2[libgnome2-2.8.0-1.tar][cyggnome-2-0.dll]
Possible Virus. No disinfected C:\Program Files\setupfiles\ftp%3a%2f%2fftp.funet.fi%2fpub%2fmirrors%2fcygwin.com%2fpub%2fcygwin\release\GNOME\libgnome2\libgnome2-2.8.0-1.tar.bz2[libgnome2-2.8.0-1.tar][cygmoniker_extra_2.dll]
Possible Virus. No disinfected C:\Program Files\setupfiles\ftp%3a%2f%2fftp.funet.fi%2fpub%2fmirrors%2fcygwin.com%2fpub%2fcygwin\release\GNOME\libgnomecanvas2\libgnomecanvas2-2.8.0-1.tar.bz2[libgnomecanvas2-2.8.0-1.tar][cyggnomecanvas-2-0.dll]
Possible Virus. No disinfected C:\Program Files\setupfiles\ftp%3a%2f%2fftp.funet.fi%2fpub%2fmirrors%2fcygwin.com%2fpub%2fcygwin\release\GNOME\libgnomeprint22\libgnomeprint22-2.8.0.1-1.tar.bz2[libgnomeprint22-2.8.0.1-1.tar][cyggnomeprint-2-2-0.dll]
Possible Virus. No disinfected C:\Program Files\setupfiles\ftp%3a%2f%2fftp.funet.fi%2fpub%2fmirrors%2fcygwin.com%2fpub%2fcygwin\release\GNOME\libgnomeprintui22\libgnomeprintui22-2.8.0-1.tar.bz2[libgnomeprintui22-2.8.0-1.tar][cyggnomeprintui-2-2-0.dll]
Possible Virus. No disinfected C:\Program Files\setupfiles\ftp%3a%2f%2fftp.funet.fi%2fpub%2fmirrors%2fcygwin.com%2fpub%2fcygwin\release\GNOME\libgnomeui2\libgnomeui2-2.8.0-1.tar.bz2[libgnomeui2-2.8.0-1.tar][cyggnomeui-2-0.dll]
Possible Virus. No disinfected C:\Program Files\setupfiles\ftp%3a%2f%2fftp.funet.fi%2fpub%2fmirrors%2fcygwin.com%2fpub%2fcygwin\release\GNOME\libgnomeui2\libgnomeui2-2.8.0-1.tar.bz2[libgnomeui2-2.8.0-1.tar][cyggnome-vfs.dll]
Possible Virus. No disinfected C:\Program Files\setupfiles\ftp%3a%2f%2fftp.funet.fi%2fpub%2fmirrors%2fcygwin.com%2fpub%2fcygwin\release\GNOME\libwnck\libwnck-2.8.1-1.tar.bz2[libwnck-2.8.1-1.tar][cygwnck-1-4.dll]
Possible Virus. No disinfected C:\Program Files\setupfiles\ftp%3a%2f%2fftp.funet.fi%2fpub%2fmirrors%2fcygwin.com%2fpub%2fcygwin\release\gtk+\gtk+-1.2.10-2.tar.bz2[gtk+-1.2.10-2.tar][cyggdk-1-2-0.dll]
Possible Virus. No disinfected C:\Program Files\setupfiles\ftp%3a%2f%2fftp.funet.fi%2fpub%2fmirrors%2fcygwin.com%2fpub%2fcygwin\release\gtk+\gtk+-1.2.10-2.tar.bz2[gtk+-1.2.10-2.tar][cyggtk-1-2-0.dll]
Possible Virus. No disinfected C:\Program Files\setupfiles\ftp%3a%2f%2fftp.funet.fi%2fpub%2fmirrors%2fcygwin.com%2fpub%2fcygwin\release\gtk2-x11\gtk2-x11-runtime\gtk2-x11-runtime-2.4.14-1.tar.bz2[gtk2-x11-runtime-2.4.14-1.tar][cyggtk-x11-2.0-0.dll]
Possible Virus. No disinfected C:\Program Files\setupfiles\ftp%3a%2f%2fftp.funet.fi%2fpub%2fmirrors%2fcygwin.com%2fpub%2fcygwin\release\guile\libguile12\libguile12-1.6.5-1.tar.bz2[libguile12-1.6.5-1.tar][cygguilereadline-v-12-12.dll]
Possible Virus. No disinfected C:\Program Files\setupfiles\ftp%3a%2f%2fftp.funet.fi%2fpub%2fmirrors%2fcygwin.com%2fpub%2fcygwin\release\guile\libguile12\libguile12-1.6.5-1.tar.bz2[libguile12-1.6.5-1.tar][cygguile-srfi-srfi-13-14-v-1-1.dll]
Possible Virus. No disinfected C:\Program Files\setupfiles\ftp%3a%2f%2fftp.funet.fi%2fpub%2fmirrors%2fcygwin.com%2fpub%2fcygwin\release\guile\libguile12\libguile12-1.6.5-1.tar.bz2[libguile12-1.6.5-1.tar][cygguile-srfi-srfi-4-v-1-1.dll]
Possible Virus. No disinfected C:\Program Files\setupfiles\ftp%3a%2f%2fftp.funet.fi%2fpub%2fmirrors%2fcygwin.com%2fpub%2fcygwin\release\guile\libguile16\libguile16-1.7.1.20041006-1.tar.bz2[libguile16-1.7.1.20041006-1.tar][cygguilereadline-v-16-16.dll]
Possible Virus. No disinfected C:\Program Files\setupfiles\ftp%3a%2f%2fftp.funet.fi%2fpub%2fmirrors%2fcygwin.com%2fpub%2fcygwin\release\guile\libguile16\libguile16-1.7.1.20041006-1.tar.bz2[libguile16-1.7.1.20041006-1.tar][cygguile-srfi-srfi-4-v-2-2.dll]
Possible Virus. No disinfected C:\Program Files\setupfiles\ftp%3a%2f%2fftp.funet.fi%2fpub%2fmirrors%2fcygwin.com%2fpub%2fcygwin\release\libcroco\libcroco06\libcroco06-0.6.0-1.tar.bz2[libcroco06-0.6.0-1.tar][cygcroco-0.6-3.dll]
Possible Virus. No disinfected C:\Program Files\setupfiles\ftp%3a%2f%2fftp.funet.fi%2fpub%2fmirrors%2fcygwin.com%2fpub%2fcygwin\release\libwmf\libwmf-0.2.8.3-1.tar.bz2[libwmf-0.2.8.3-1.tar][cygwmf-0-2-7.dll]
Possible Virus. No disinfected C:\Program Files\setupfiles\ftp%3a%2f%2fftp.funet.fi%2fpub%2fmirrors%2fcygwin.com%2fpub%2fcygwin\release\libxml2\libxml2-python\libxml2-python-2.6.16-2.tar.bz2[libxml2-python-2.6.16-2.tar][libxml2mod.dll]
Possible Virus. No disinfected C:\Program Files\setupfiles\ftp%3a%2f%2fftp.funet.fi%2fpub%2fmirrors%2fcygwin.com%2fpub%2fcygwin\release\libxslt\libxslt-1.1.12-2.tar.bz2[libxslt-1.1.12-2.tar][cygexslt-0.dll]
Possible Virus. No disinfected C:\Program Files\setupfiles\ftp%3a%2f%2fftp.funet.fi%2fpub%2fmirrors%2fcygwin.com%2fpub%2fcygwin\release\libxslt\libxslt-1.1.12-2.tar.bz2[libxslt-1.1.12-2.tar][cygxslt-1.dll]
Possible Virus. No disinfected C:\Program Files\setupfiles\ftp%3a%2f%2fftp.funet.fi%2fpub%2fmirrors%2fcygwin.com%2fpub%2fcygwin\release\libxslt\libxslt-1.1.12-2.tar.bz2[libxslt-1.1.12-2.tar][libxsltmod.dll]
Possible Virus. No disinfected C:\Program Files\setupfiles\ftp%3a%2f%2fftp.funet.fi%2fpub%2fmirrors%2fcygwin.com%2fpub%2fcygwin\release\lighttpd\lighttpd-1.3.0-1.tar.bz2[lighttpd-1.3.0-1.tar][cyglightcomp.dll]
Possible Virus. No disinfected C:\Program Files\setupfiles\ftp%3a%2f%2fftp.funet.fi%2fpub%2fmirrors%2fcygwin.com%2fpub%2fcygwin\release\lighttpd\lighttpd-1.3.0-1.tar.bz2[lighttpd-1.3.0-1.tar][mod_redirect.dll]
Possible Virus. No disinfected C:\Program Files\setupfiles\ftp%3a%2f%2fftp.funet.fi%2fpub%2fmirrors%2fcygwin.com%2fpub%2fcygwin\release\lighttpd\lighttpd-1.3.0-1.tar.bz2[lighttpd-1.3.0-1.tar][mod_rewrite.dll]
Possible Virus. No disinfected C:\Program Files\setupfiles\ftp%3a%2f%2fftp.funet.fi%2fpub%2fmirrors%2fcygwin.com%2fpub%2fcygwin\release\lighttpd\lighttpd-1.3.0-1.tar.bz2[lighttpd-1.3.0-1.tar][mod_ssi.dll]
Possible Virus. No disinfected C:\Program Files\setupfiles\ftp%3a%2f%2fftp.funet.fi%2fpub%2fmirrors%2fcygwin.com%2fpub%2fcygwin\release\naim\naim-0.11.7.2-1.tar.bz2[naim-0.11.7.2-1.tar][cygnaim_core-0.dll]
Possible Virus. No disinfected C:\Program Files\setupfiles\ftp%3a%2f%2fftp.funet.fi%2fpub%2fmirrors%2fcygwin.com%2fpub%2fcygwin\release\ncurses\libncurses8\libncurses8-5.4-1.tar.bz2[libncurses8-5.4-1.tar][cygform-8.dll]
Possible Virus. No disinfected C:\Program Files\setupfiles\ftp%3a%2f%2fftp.funet.fi%2fpub%2fmirrors%2fcygwin.com%2fpub%2fcygwin\release\ncurses\libncurses8\libncurses8-5.4-1.tar.bz2[libncurses8-5.4-1.tar][cygmenu-8.dll]
Possible Virus. No disinfected C:\Program Files\setupfiles\ftp%3a%2f%2fftp.funet.fi%2fpub%2fmirrors%2fcygwin.com%2fpub%2fcygwin\release\ncurses\libncurses8\libncurses8-5.4-1.tar.bz2[libncurses8-5.4-1.tar][cygncurses++-8.dll]
Possible Virus. No disinfected C:\Program Files\setupfiles\ftp%3a%2f%2fftp.funet.fi%2fpub%2fmirrors%2fcygwin.com%2fpub%2fcygwin\release\ncurses\libncurses8\libncurses8-5.4-1.tar.bz2[libncurses8-5.4-1.tar][cygpanel-8.dll]
Possible Virus. No disinfected C:\Program Files\setupfiles\ftp%3a%2f%2fftp.funet.fi%2fpub%2fmirrors%2fcygwin.com%2fpub%2fcygwin\release\neon\libneon24\libneon24-0.24.7-1.tar.bz2[libneon24-0.24.7-1.tar][cygneon-24.dll]
Possible Virus. No disinfected C:\Program Files\setupfiles\ftp%3a%2f%2fftp.funet.fi%2fpub%2fmirrors%2fcygwin.com%2fpub%2fcygwin\release\openjade\openjade-1.3.3-1.tar.bz2[openjade-1.3.3-1.tar][cygospgrove-0.dll]
Possible Virus. No disinfected C:\Program Files\setupfiles\ftp%3a%2f%2fftp.funet.fi%2fpub%2fmirrors%2fcygwin.com%2fpub%2fcygwin\release\openjade\openjade-1.3.3-1.tar.bz2[openjade-1.3.3-1.tar][cygostyle-0.dll]
Possible Virus. No disinfected C:\Program Files\setupfiles\ftp%3a%2f%2fftp.funet.fi%2fpub%2fmirrors%2fcygwin.com%2fpub%2fcygwin\release\openldap\libopenldap2_2_7\libopenldap2_2_7-2.2.17-2.tar.bz2[libopenldap2_2_7-2.2.17-2.tar][cygldap-2-2-7.dll]
Possible Virus. No disinfected C:\Program Files\setupfiles\ftp%3a%2f%2fftp.funet.fi%2fpub%2fmirrors%2fcygwin.com%2fpub%2fcygwin\release\openldap\libopenldap2_2_7\libopenldap2_2_7-2.2.17-2.tar.bz2[libopenldap2_2_7-2.2.17-2.tar][cygldap_r-2-2-7.dll]
Possible Virus. No disinfected C:\Program Files\setupfiles\ftp%3a%2f%2fftp.funet.fi%2fpub%2fmirrors%2fcygwin.com%2fpub%2fcygwin\release\ORBit2\ORBit2-2.12.0-1.tar.bz2[ORBit2-2.12.0-1.tar][cygORBit-imodule-2-0.dll]
Possible Virus. No disinfected C:\Program Files\setupfiles\ftp%3a%2f%2fftp.funet.fi%2fpub%2fmirrors%2fcygwin.com%2fpub%2fcygwin\release\ORBit2\ORBit2-2.12.0-1.tar.bz2[ORBit2-2.12.0-1.tar][cygORBitCosNaming-2-0.dll]
Possible Virus. No disinfected C:\Program Files\setupfiles\ftp%3a%2f%2fftp.funet.fi%2fpub%2fmirrors%2fcygwin.com%2fpub%2fcygwin\release\ORBit2\ORBit2-devel\ORBit2-devel-2.12.0-1.tar.bz2[ORBit2-devel-2.12.0-1.tar][Everything_module.dll]
Possible Virus. No disinfected C:\Program Files\setupfiles\ftp%3a%2f%2fftp.funet.fi%2fpub%2fmirrors%2fcygwin.com%2fpub%2fcygwin\release\python\python-2.4-1.tar.bz2[python-2.4-1.tar][gdbm.dll]
Possible Virus. No disinfected C:\Program Files\setupfiles\ftp%3a%2f%2fftp.funet.fi%2fpub%2fmirrors%2fcygwin.com%2fpub%2fcygwin\release\python\python-2.4-1.tar.bz2[python-2.4-1.tar][readline.dll]
Possible Virus. No disinfected C:\Program Files\setupfiles\ftp%3a%2f%2fftp.funet.fi%2fpub%2fmirrors%2fcygwin.com%2fpub%2fcygwin\release\python\python-2.4-1.tar.bz2[python-2.4-1.tar][_curses.dll]
Possible Virus. No disinfected C:\Program Files\setupfiles\ftp%3a%2f%2fftp.funet.fi%2fpub%2fmirrors%2fcygwin.com%2fpub%2fcygwin\release\ruby\ruby-1.8.2-1.tar.bz2[ruby-1.8.2-1.tar][bigdecimal.so]
Possible Virus. No disinfected C:\Program Files\setupfiles\ftp%3a%2f%2fftp.funet.fi%2fpub%2fmirrors%2fcygwin.com%2fpub%2fcygwin\release\ruby\ruby-1.8.2-1.tar.bz2[ruby-1.8.2-1.tar][curses.so]
Possible Virus. No disinfected C:\Program Files\setupfiles\ftp%3a%2f%2fftp.funet.fi%2fpub%2fmirrors%2fcygwin.com%2fpub%2fcygwin\release\ruby\ruby-1.8.2-1.tar.bz2[ruby-1.8.2-1.tar][dbm.so]
Possible Virus. No disinfected C:\Program Files\setupfiles\ftp%3a%2f%2fftp.funet.fi%2fpub%2fmirrors%2fcygwin.com%2fpub%2fcygwin\release\ruby\ruby-1.8.2-1.tar.bz2[ruby-1.8.2-1.tar][md5.so]
Possible Virus. No disinfected C:\Program Files\setupfiles\ftp%3a%2f%2fftp.funet.fi%2fpub%2fmirrors%2fcygwin.com%2fpub%2fcygwin\release\ruby\ruby-1.8.2-1.tar.bz2[ruby-1.8.2-1.tar][rmd160.so]
Possible Virus. No disinfected C:\Program Files\setupfiles\ftp%3a%2f%2fftp.funet.fi%2fpub%2fmirrors%2fcygwin.com%2fpub%2fcygwin\release\ruby\ruby-1.8.2-1.tar.bz2[ruby-1.8.2-1.tar][sha1.so]
Possible Virus. No disinfected C:\Program Files\setupfiles\ftp%3a%2f%2fftp.funet.fi%2fpub%2fmirrors%2fcygwin.com%2fpub%2fcygwin\release\ruby\ruby-1.8.2-1.tar.bz2[ruby-1.8.2-1.tar][sha2.so]
Possible Virus. No disinfected C:\Program Files\setupfiles\ftp%3a%2f%2fftp.funet.fi%2fpub%2fmirrors%2fcygwin.com%2fpub%2fcygwin\release\ruby\ruby-1.8.2-1.tar.bz2[ruby-1.8.2-1.tar][digest.so]
Possible Virus. No disinfected C:\Program Files\setupfiles\ftp%3a%2f%2fftp.funet.fi%2fpub%2fmirrors%2fcygwin.com%2fpub%2fcygwin\release\ruby\ruby-1.8.2-1.tar.bz2[ruby-1.8.2-1.tar][dl.so]
Possible Virus. No disinfected C:\Program Files\setupfiles\ftp%3a%2f%2fftp.funet.fi%2fpub%2fmirrors%2fcygwin.com%2fpub%2fcygwin\release\ruby\ruby-1.8.2-1.tar.bz2[ruby-1.8.2-1.tar][enumerator.so]
Possible Virus. No disinfected C:\Program Files\setupfiles\ftp%3a%2f%2fftp.funet.fi%2fpub%2fmirrors%2fcygwin.com%2fpub%2fcygwin\release\ruby\ruby-1.8.2-1.tar.bz2[ruby-1.8.2-1.tar][etc.so]
Possible Virus. No disinfected C:\Program Files\setupfiles\ftp%3a%2f%2fftp.funet.fi%2fpub%2fmirrors%2fcygwin.com%2fpub%2fcygwin\release\ruby\ruby-1.8.2-1.tar.bz2[ruby-1.8.2-1.tar][gdbm.so]
Possible Virus. No disinfected C:\Program Files\setupfiles\ftp%3a%2f%2fftp.funet.fi%2fpub%2fmirrors%2fcygwin.com%2fpub%2fcygwin\release\ruby\ruby-1.8.2-1.tar.bz2[ruby-1.8.2-1.tar][iconv.so]
Possible Virus. No disinfected C:\Program Files\setupfiles\ftp%3a%2f%2fftp.funet.fi%2fpub%2fmirrors%2fcygwin.com%2fpub%2fcygwin\release\ruby\ruby-1.8.2-1.tar.bz2[ruby-1.8.2-1.tar][openssl.so]
Possible Virus. No disinfected C:\Program Files\setupfiles\ftp%3a%2f%2fftp.funet.fi%2fpub%2fmirrors%2fcygwin.com%2fpub%2fcygwin\release\ruby\ruby-1.8.2-1.tar.bz2[ruby-1.8.2-1.tar][pty.so]
Possible Virus. No disinfected C:\Program Files\setupfiles\ftp%3a%2f%2fftp.funet.fi%2fpub%2fmirrors%2fcygwin.com%2fpub%2fcygwin\release\ruby\ruby-1.8.2-1.tar.bz2[ruby-1.8.2-1.tar][cparse.so]
Possible Virus. No disinfected C:\Program Files\setupfiles\ftp%3a%2f%2fftp.funet.fi%2fpub%2fmirrors%2fcygwin.com%2fpub%2fcygwin\release\ruby\ruby-1.8.2-1.tar.bz2[ruby-1.8.2-1.tar][readline.so]
Possible Virus. No disinfected C:\Program Files\setupfiles\ftp%3a%2f%2fftp.funet.fi%2fpub%2fmirrors%2fcygwin.com%2fpub%2fcygwin\release\ruby\ruby-1.8.2-1.tar.bz2[ruby-1.8.2-1.tar][sdbm.so]
Possible Virus. No disinfected C:\Program Files\setupfiles\ftp%3a%2f%2fftp.funet.fi%2fpub%2fmirrors%2fcygwin.com%2fpub%2fcygwin\release\ruby\ruby-1.8.2-1.tar.bz2[ruby-1.8.2-1.tar][socket.so]
Possible Virus. No disinfected C:\Program Files\setupfiles\ftp%3a%2f%2fftp.funet.fi%2fpub%2fmirrors%2fcygwin.com%2fpub%2fcygwin\release\ruby\ruby-1.8.2-1.tar.bz2[ruby-1.8.2-1.tar][stringio.so]
Possible Virus. No disinfected C:\Program Files\setupfiles\ftp%3a%2f%2fftp.funet.fi%2fpub%2fmirrors%2fcygwin.com%2fpub%2fcygwin\release\ruby\ruby-1.8.2-1.tar.bz2[ruby-1.8.2-1.tar][strscan.so]
Possible Virus. No disinfected C:\Program Files\setupfiles\ftp%3a%2f%2fftp.funet.fi%2fpub%2fmirrors%2fcygwin.com%2fpub%2fcygwin\release\ruby\ruby-1.8.2-1.tar.bz2[ruby-1.8.2-1.tar][syck.so]
Possible Virus. No disinfected C:\Program Files\setupfiles\ftp%3a%2f%2fftp.funet.fi%2fpub%2fmirrors%2fcygwin.com%2fpub%2fcygwin\release\ruby\ruby-1.8.2-1.tar.bz2[ruby-1.8.2-1.tar][syslog.so]
Possible Virus. No disinfected C:\Program Files\setupfiles\ftp%3a%2f%2fftp.funet.fi%2fpub%2fmirrors%2fcygwin.com%2fpub%2fcygwin\release\ruby\ruby-1.8.2-1.tar.bz2[ruby-1.8.2-1.tar][tcltklib.so]
Possible Virus. No disinfected C:\Program Files\setupfiles\ftp%3a%2f%2fftp.funet.fi%2fpub%2fmirrors%2fcygwin.com%2fpub%2fcygwin\release\ruby\ruby-1.8.2-1.tar.bz2[ruby-1.8.2-1.tar][tkutil.so]
Possible Virus. No disinfected C:\Program Files\setupfiles\ftp%3a%2f%2fftp.funet.fi%2fpub%2fmirrors%2fcygwin.com%2fpub%2fcygwin\release\ruby\ruby-1.8.2-1.tar.bz2[ruby-1.8.2-1.tar][Win32API.so]
Possible Virus. No disinfected C:\Program Files\setupfiles\ftp%3a%2f%2fftp.funet.fi%2fpub%2fmirrors%2fcygwin.com%2fpub%2fcygwin\release\ruby\ruby-1.8.2-1.tar.bz2[ruby-1.8.2-1.tar][win32ole.so]
Possible Virus. No disinfected C:\Program Files\setupfiles\ftp%3a%2f%2fftp.funet.fi%2fpub%2fmirrors%2fcygwin.com%2fpub%2fcygwin\release\ruby\ruby-1.8.2-1.tar.bz2[ruby-1.8.2-1.tar][zlib.so]
Possible Virus. No disinfected C:\Program Files\setupfiles\ftp%3a%2f%2fftp.funet.fi%2fpub%2fmirrors%2fcygwin.com%2fpub%2fcygwin\release\subversion\subversion-1.1.2-1.tar.bz2[subversion-1.1.2-1.tar][cygsvn_subr-1-0.dll]
Possible Virus. No disinfected C:\Program Files\setupfiles\ftp%3a%2f%2fftp.funet.fi%2fpub%2fmirrors%2fcygwin.com%2fpub%2fcygwin\release\t1lib\t1lib-x11\t1lib-x11-5.0.2-1.tar.bz2[t1lib-x11-5.0.2-1.tar][cygt1x-5.dll]
Possible Virus. No disinfected C:\Program Files\setupfiles\ftp%3a%2f%2fftp.funet.fi%2fpub%2fmirrors%2fcygwin.com%2fpub%2fcygwin\release\X11\lesstif\lesstif-0.93.94-2.tar.bz2[lesstif-0.93.94-2.tar][cygDtPrint-1.dll]
Possible Virus. No disinfected C:\Program Files\setupfiles\ftp%3a%2f%2fftp.funet.fi%2fpub%2fmirrors%2fcygwin.com%2fpub%2fcygwin\release\X11\lesstif\lesstif-0.93.94-2.tar.bz2[lesstif-0.93.94-2.tar][cygMrm-2.dll]
Possible Virus. No disinfected C:\Program Files\setupfiles\ftp%3a%2f%2fftp.funet.fi%2fpub%2fmirrors%2fcygwin.com%2fpub%2fcygwin\release\X11\lesstif\lesstif-0.93.94-2.tar.bz2[lesstif-0.93.94-2.tar][cygXm-2.dll]
Possible Virus. No disinfected C:\Program Files\setupfiles\ftp%3a%2f%2fftp.funet.fi%2fpub%2fmirrors%2fcygwin.com%2fpub%2fcygwin\release\X11\xorg-x11-bin-dlls\xorg-x11-bin-dlls-6.8.2.0-1.tar.bz2[xorg-x11-bin-dlls-6.8.2.0-1.tar][cygOSMesa-4.dll]
Possible Virus. No disinfected C:\Program Files\setupfiles\ftp%3a%2f%2fftp.funet.fi%2fpub%2fmirrors%2fcygwin.com%2fpub%2fcygwin\release\X11\xorg-x11-bin-dlls\xorg-x11-bin-dlls-6.8.2.0-1.tar.bz2[xorg-x11-bin-dlls-6.8.2.0-1.tar][cygXaw-6.dll]
Possible Virus. No disinfected C:\Program Files\setupfiles\ftp%3a%2f%2fftp.funet.fi%2fpub%2fmirrors%2fcygwin.com%2fpub%2fcygwin\release\X11\xorg-x11-bin-dlls\xorg-x11-bin-dlls-6.8.2.0-1.tar.bz2[xorg-x11-bin-dlls-6.8.2.0-1.tar][cygXaw-7.dll]
Possible Virus. No disinfected C:\Program Files\setupfiles\ftp%3a%2f%2fftp.funet.fi%2fpub%2fmirrors%2fcygwin.com%2fpub%2fcygwin\release\X11\xorg-x11-bin-dlls\xorg-x11-bin-dlls-6.8.2.0-1.tar.bz2[xorg-x11-bin-dlls-6.8.2.0-1.tar][cygXaw-8.dll]
Possible Virus. No disinfected C:\Program Files\setupfiles\ftp%3a%2f%2fftp.funet.fi%2fpub%2fmirrors%2fcygwin.com%2fpub%2fcygwin\release\X11\xorg-x11-bin-dlls\xorg-x11-bin-dlls-6.8.2.0-1.tar.bz2[xorg-x11-bin-dlls-6.8.2.0-1.tar][cygXcomposite-1.dll]
Possible Virus. No disinfected C:\Program Files\setupfiles\ftp%3a%2f%2fftp.funet.fi%2fpub%2fmirrors%2fcygwin.com%2fpub%2fcygwin\release\X11\xorg-x11-bin-dlls\xorg-x11-bin-dlls-6.8.2.0-1.tar.bz2[xorg-x11-bin-dlls-6.8.2.0-1.tar][cygXcursor-1.dll]
Possible Virus. No disinfected C:\Program Files\setupfiles\ftp%3a%2f%2fftp.funet.fi%2fpub%2fmirrors%2fcygwin.com%2fpub%2fcygwin\release\X11\xorg-x11-bin-dlls\xorg-x11-bin-dlls-6.8.2.0-1.tar.bz2[xorg-x11-bin-dlls-6.8.2.0-1.tar][cygXdamage-1.dll]
Possible Virus. No disinfected C:\Program Files\setupfiles\ftp%3a%2f%2fftp.funet.fi%2fpub%2fmirrors%2fcygwin.com%2fpub%2fcygwin\release\X11\xorg-x11-bin-dlls\xorg-x11-bin-dlls-6.8.2.0-1.tar.bz2[xorg-x11-bin-dlls-6.8.2.0-1.tar][cygXext-6.dll]
Possible Virus. No disinfected C:\Program Files\setupfiles\ftp%3a%2f%2fftp.funet.fi%2fpub%2fmirrors%2fcygwin.com%2fpub%2fcygwin\release\X11\xorg-x11-bin-dlls\xorg-x11-bin-dlls-6.8.2.0-1.tar.bz2[xorg-x11-bin-dlls-6.8.2.0-1.tar][cygXfixes-3.dll]
Possible Virus. No disinfected C:\Program Files\setupfiles\ftp%3a%2f%2fftp.funet.fi%2fpub%2fmirrors%2fcygwin.com%2fpub%2fcygwin\release\X11\xorg-x11-bin-dlls\xorg-x11-bin-dlls-6.8.2.0-1.tar.bz2[xorg-x11-bin-dlls-6.8.2.0-1.tar][cygXp-6.dll]
Possible Virus. No disinfected C:\Program Files\setupfiles\ftp%3a%2f%2fftp.funet.fi%2fpub%2fmirrors%2fcygwin.com%2fpub%2fcygwin\release\X11\xorg-x11-bin-dlls\xorg-x11-bin-dlls-6.8.2.0-1.tar.bz2[xorg-x11-bin-dlls-6.8.2.0-1.tar][cygXrender-1.dll]
Possible Virus. No disinfected C:\Program Files\setupfiles\ftp%3a%2f%2fftp.funet.fi%2fpub%2fmirrors%2fcygwin.com%2fpub%2fcygwin\release\X11\xorg-x11-bin-dlls\xorg-x11-bin-dlls-6.8.2.0-1.tar.bz2[xorg-x11-bin-dlls-6.8.2.0-1.tar][cygxrx-6.dll]
Possible Virus. No disinfected C:\Program Files\setupfiles\ftp%3a%2f%2fftp.funet.fi%2fpub%2fmirrors%2fcygwin.com%2fpub%2fcygwin\release\X11\xorg-x11-bin-dlls\xorg-x11-bin-dlls-6.8.2.0-1.tar.bz2[xorg-x11-bin-dlls-6.8.2.0-1.tar][cygxrxnest-6.dll]
Possible Virus. No disinfected C:\Program Files\setupfiles\ftp%3a%2f%2fftp.funet.fi%2fpub%2fmirrors%2fcygwin.com%2fpub%2fcygwin\release\zsh\zsh-4.2.4-1.tar.bz2[zsh-4.2.4-1.tar][zle.dll]

[waxvax]

LOG FROM EWIDO:

---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------

+ Created on: 13:48:38, 2005-06-28
+ Report-Checksum: 1D2FC172

+ Date of database: 2005-06-28
+ Version of scan engine: v3.0

+ Duration: 42 min
+ Scanned Files: 173994
+ Speed: 67.87 Files/Second
+ Infected files: 74
+ Removed files: 74
+ Files put in quarantine: 0
+ Files that could not be opened: 0
+ Files that could not be cleaned: 0

+ Binder: Yes
+ Crypter: Yes
+ Archives: Yes

+ Scanned items:
C:\

+ Scan result:
C:\Documents and Settings\twolek\Cookies\twolek@3com[2].txt -> Spyware.Tracking-Cookie -> Cleaned without backup
C:\Documents and Settings\twolek\Cookies\[email protected][2].txt -> Spyware.Tracking-Cookie -> Cleaned without backup
C:\Documents and Settings\twolek\Cookies\[email protected][1].txt -> Spyware.Tracking-Cookie -> Cleaned without backup
C:\Documents and Settings\twolek\Cookies\[email protected][1].txt -> Spyware.Tracking-Cookie -> Cleaned without backup
C:\Documents and Settings\twolek\Cookies\twolek@a[1].txt -> Spyware.Tracking-Cookie -> Cleaned without backup
C:\Documents and Settings\twolek\Cookies\[email protected][2].txt -> Spyware.Tracking-Cookie -> Cleaned without backup
C:\Documents and Settings\twolek\Cookies\[email protected][1].txt -> Spyware.Tracking-Cookie -> Cleaned without backup
C:\Documents and Settings\twolek\Cookies\[email protected][1].txt -> Spyware.Tracking-Cookie -> Cleaned without backup
C:\Documents and Settings\twolek\Cookies\[email protected][1].txt -> Spyware.Tracking-Cookie -> Cleaned without backup
C:\Documents and Settings\twolek\Cookies\[email protected][1].txt -> Spyware.Tracking-Cookie -> Cleaned without backup
C:\Documents and Settings\twolek\Cookies\[email protected][2].txt -> Spyware.Tracking-Cookie -> Cleaned without backup
C:\Documents and Settings\twolek\Cookies\twolek@geocities[2].txt -> Spyware.Tracking-Cookie -> Cleaned without backup
C:\Documents and Settings\twolek\Cookies\[email protected][1].txt -> Spyware.Tracking-Cookie -> Cleaned without backup
C:\Documents and Settings\twolek\Cookies\[email protected][2].txt -> Spyware.Tracking-Cookie -> Cleaned without backup
C:\Documents and Settings\twolek\Cookies\twolek@indiads[1].txt -> Spyware.Tracking-Cookie -> Cleaned without backup
C:\Documents and Settings\twolek\Cookies\[email protected][2].txt -> Spyware.Tracking-Cookie -> Cleaned without backup
C:\Documents and Settings\twolek\Cookies\twolek@pl_PL_EMEA[2].txt -> Spyware.Tracking-Cookie -> Cleaned without backup
C:\Documents and Settings\twolek\Cookies\[email protected][2].txt -> Spyware.Tracking-Cookie -> Cleaned without backup
C:\Documents and Settings\twolek\Cookies\[email protected][1].txt -> Spyware.Tracking-Cookie -> Cleaned without backup
C:\Documents and Settings\twolek\Cookies\[email protected][1].txt -> Spyware.Tracking-Cookie -> Cleaned without backup
C:\Documents and Settings\twolek\Cookies\[email protected][1].txt -> Spyware.Tracking-Cookie -> Cleaned without backup
C:\Documents and Settings\twolek\Cookies\twolek@xiti[1].txt -> Spyware.Tracking-Cookie -> Cleaned without backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\3BDAB730-054B-4EF3-90B5-2A8554\2EB1BF59-AAE2-4262-AE8A-49ACFF -> Backdoor.Vnc -> Cleaned without backup
C:\WINDOWS\system32\consys98.exe -> Spyware.Small.an -> Cleaned without backup
C:\WINDOWS\system32\secupd1203.exe -> TrojanDownloader.Esepor.e -> Cleaned without backup


::Report End

[waxvax]

HJT

Logfile of HijackThis v1.99.1
Scan saved at 10:47:40, on 2005-06-29
Platform: Windows XP Dodatek SP. 1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Symantec Client Security\Symantec Client Firewall\ISSVC.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
C:\Program Files\Symantec Client Security\Symantec AntiVirus\DefWatch.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\WINDOWS\system32\cba\pds.exe
C:\PROGRA~1\Symantec\SYMANT~1\NSCTOP.EXE
C:\Program Files\Symantec Client Security\Symantec AntiVirus\SavRoam.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Symantec Client Security\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Symantec Client Security\Symantec Client Firewall\SymSPort.exe
C:\WINDOWS\System32\ups.exe
C:\WINDOWS\system32\ams_ii\hndlrsvc.exe
C:\WINDOWS\system32\MsgSys.EXE
C:\WINDOWS\system32\ams_ii\iao.exe
C:\WINDOWS\system32\cba\xfr.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\RunDll32.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\ABBYY FineReader 7.0 Professional Edition\ABBYYNewsReader.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\ATI Technologies\ATI HYDRAVISION\HydraDM.exe
C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~2\SYMANT~2\VPTray.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\PROGRA~1\SPYCLE~1\SpyWatcher.exe
C:\Program Files\MSI\Core Center\CoreCenter.exe
C:\Program Files\Logitech\SetPoint\KEM.exe
C:\Program Files\Microtek\ScanWizard 5\ScannerFinder.exe
C:\Program Files\SpamPal\spampal.exe
C:\Program Files\Logitech\SetPoint\KHALMNPR.EXE
C:\Program Files\RMClient\PMCTray.exe
C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Program Files\The Bat!\thebat.exe
C:\Program Files\Gadu-Gadu\gg.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [FineReader7NewsReaderPro] "C:\Program Files\ABBYY FineReader 7.0 Professional Edition\ABBYYNewsReader.exe"
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [HydraVisionDesktopManager] C:\Program Files\ATI Technologies\ATI HYDRAVISION\HydraDM.exe
O4 - HKLM\..\Run: [LinuxTSC_startup] C:\Program Files\LinuxTSC\usr\X11R6\bin\XWin.exe -multiwindow -clipboard
O4 - HKLM\..\Run: [JobHisInit] C:\Program Files\RMClient\JobHisInit.exe
O4 - HKLM\..\Run: [MplSetUp] C:\Program Files\RMClient\MplSetUp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~2\SYMANT~2\VPTray.exe
O4 - HKLM\..\Run: [checkrun] c:\windows\system32\elitezxn32.exe
O4 - HKLM\..\RunOnce: [MicrosoftAntiSpywareCleaner] C:\Program Files\Microsoft AntiSpyware\gcASCleaner.exe
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\MSMSGS.EXE" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [Spy Watcher] "C:\PROGRA~1\SPYCLE~1\SpyWatcher.exe" -S
O4 - HKCU\..\RunOnce: [The Bat!] C:\Program Files\The Bat!\thebat.exe
O4 - Startup: SpamPal.lnk = C:\Program Files\SpamPal\spampal.exe
O4 - Global Startup: APC UPS Status.lnk = ?
O4 - Global Startup: CoreCenter.lnk = C:\Program Files\MSI\Core Center\CoreCenter.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\KEM.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Microtek Scanner Finder.lnk = C:\Program Files\Microtek\ScanWizard 5\ScannerFinder.exe
O4 - Global Startup: SmartDeviceMonitor for Client.lnk = C:\Program Files\RMClient\PMClient.exe
O8 - Extra context menu item: Otwórz klienta na monitorze &1 - C:\WINDOWS\web\AOpenClient.htm
O8 - Extra context menu item: Otwórz klienta na monitorze &2 - C:\WINDOWS\web\AOpenClient.htm
O8 - Extra context menu item: Ściągnij przy pomocy FlashGet'a - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: Ściągnij wszystko przy pomocy FlashGet'a - C:\Program Files\FlashGet\jc_all.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {02E09B2E-2A03-4572-9291-69900C068564} (LCSim Control) - http://www.learnitco.../cabs/lcsim.cab
O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://www.cult3d.co...wnload/cult.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupd...b?1093953118593
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft.../as5/asinst.cab
O16 - DPF: {E36C5562-C4E0-4220-BCB2-1C671E3A5916} - http://www.seagate.c.../npseatools.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = krakow.sa.gov.pl
O17 - HKLM\Software\..\Telephony: DomainName = krakow.sa.gov.pl
O17 - HKLM\System\CCS\Services\Tcpip\..\{E701BBEA-B014-4E88-AED0-05B03F4D148E}: NameServer = 192.168.1.196
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = krakow.sa.gov.pl
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = krakow.sa.gov.pl
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\System32\NavLogon.dll
O23 - Service: APC UPS Service - American Power Conversion Corporation - C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec AntiVirus\DefWatch.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: Intel Alert Handler - Intel® Corporation - C:\WINDOWS\system32\ams_ii\hndlrsvc.exe
O23 - Service: Intel Alert Originator - Intel® Corporation - C:\WINDOWS\system32\ams_ii\iao.exe
O23 - Service: Intel File Transfer - Intel® Corporation - C:\WINDOWS\system32\cba\xfr.exe
O23 - Service: Intel PDS - Intel® Corporation - C:\WINDOWS\system32\cba\pds.exe
O23 - Service: IS Service (ISSVC) - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec Client Firewall\ISSVC.exe
O23 - Service: Symantec System Center Discovery Service (NSCTOP) - Symantec Corporation - C:\PROGRA~1\Symantec\SYMANT~1\NSCTOP.EXE
O23 - Service: ntop for Win32 (ntop) - Unknown owner - C:\Program Files\ntop-Win32\ntop.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\HPZipm12.exe
O23 - Service: Sandra Data Service (SandraDataSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2005\RpcDataSrv.exe
O23 - Service: Sandra Service (SandraTheSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2005\RpcSandraSrv.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec Client Security\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec AntiVirus\Rtvscan.exe
O23 - Service: Symantec SecurePort (SymSecurePort) - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec Client Firewall\SymSPort.exe

[waxvax]

Run killbox and click the radio button that says Delete a file on reboot. Paste the file's one at a time into the full path of file to delete box and click the red circle with a white cross in it.

i've already done it before postings logs from Panda+Ewido+HJT...

Possible Virus. As you can see the following may not be virus or malware you downloaded the file's it for you to keep or delete them. You must know if they are safe

Cygwin is definitely not a virus. that must be some error in Panda virus signatures.
I'm rather sure about that.
but still something keeps adding
c:\windows\system32\elitezxn32.exe to checkrun...

[waxvax]

"Silent Runners.vbs", revision 39, http://www.silentrunners.org/
Operating System: Windows XP
Output limited to non-default values, except where indicated by "{++}"


Startup items buried in registry:
---------------------------------

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"AIM" = "C:\Program Files\AIM\aim.exe -cnetwait.odl" ["America Online, Inc."]
"MSMSGS" = ""C:\Program Files\Messenger\MSMSGS.EXE" /background" [MS]
"SpybotSD TeaTimer" = "C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" ["Safer Networking Limited"]
"Spy Watcher" = ""C:\PROGRA~1\SPYCLE~1\SpyWatcher.exe" -S" ["Topdownloads Networks"]

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\ {++}
"The Bat!" = "C:\Program Files\The Bat!\thebat.exe" [empty string]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"Cmaudio" = "RunDll32 cmicnfg.cpl,CMICtrlWnd" [MS]
"CloneCDTray" = ""C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s" ["SlySoft, Inc."]
"TkBellExe" = ""C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot" ["RealNetworks, Inc."]
"QuickTime Task" = ""C:\Program Files\QuickTime\qttask.exe" -atboottime" ["Apple Computer, Inc."]
"KernelFaultCheck" = "C:\WINDOWS\system32\dumprep 0 -k" [MS]
"gcasServ" = ""C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"" [MS]
"SSBkgdUpdate" = ""C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot" ["Scansoft, Inc."]
"PaperPort PTD" = "C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe" ["ScanSoft, Inc."]
"IndexSearch" = "C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe" ["ScanSoft, Inc."]
"NeroFilterCheck" = "C:\WINDOWS\system32\NeroCheck.exe" ["Ahead Software Gmbh"]
"FineReader7NewsReaderPro" = ""C:\Program Files\ABBYY FineReader 7.0 Professional Edition\ABBYYNewsReader.exe"" ["ABBYY (BIT Software)"]
"ATIPTA" = "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" ["ATI Technologies, Inc."]
"HydraVisionDesktopManager" = "C:\Program Files\ATI Technologies\ATI HYDRAVISION\HydraDM.exe" ["ATI Technologies Inc."]
"LinuxTSC_startup" = "C:\Program Files\LinuxTSC\usr\X11R6\bin\XWin.exe -multiwindow -clipboard" [null data]
"JobHisInit" = "C:\Program Files\RMClient\JobHisInit.exe" [empty string]
"MplSetUp" = "C:\Program Files\RMClient\MplSetUp.exe" ["RICOH CO.,LTD."]
"SunJavaUpdateSched" = "C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe" ["Sun Microsystems, Inc."]
"ccApp" = ""C:\Program Files\Common Files\Symantec Shared\ccApp.exe"" ["Symantec Corporation"]
"vptray" = "C:\PROGRA~1\SYMANT~2\SYMANT~2\VPTray.exe" ["Symantec Corporation"]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\ {++}
"MicrosoftAntiSpywareCleaner" = "C:\Program Files\Microsoft AntiSpyware\gcASCleaner.exe" [MS]

HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Rozszerzenie CPL kadrowania wyświetlania"
-> {CLSID}\InProcServer32\(Default) = "deskpan.dll" [file not found]
"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Rozszerzenie ikony HyperTerminalu"
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\hticons.dll" ["Hilgraeve, Inc."]
"{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
"{1CDB2949-8F65-4355-8456-263E7C208A5D}" = "Desktop Explorer"
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\nvshell.dll" ["NVIDIA Corporation"]
"{1E9B04FB-F9E5-4718-997B-B8DA88302A47}" = "Desktop Explorer Menu"
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\nvshell.dll" ["NVIDIA Corporation"]
"{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4}" = "Shell Extensions for RealOne Player"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Real\RealOne Player\rpshell.dll" ["RealNetworks, Inc."]
"{59850401-6664-101B-B21C-00AA004BA90B}" = "Microsoft Office Binder Unbind"
-> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~3\Office\1045\UNBIND.DLL" [MS]
"{692E33B0-AF9D-11D0-B976-00A0C9190447}" = "Remote Storage Properties"
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\rsshell.dll" [MS]
"{0006F045-0000-0000-C000-000000000046}" = "Microsoft Outlook Custom Icon Handler"
-> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~3\Office\OLKFSTUB.DLL" [MS]
"{640167b4-59b0-47a6-b335-a6b3c0695aea}" = "Portable Media Devices"
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\Audiodev.dll" [MS]
"{cc86590a-b60a-48e6-996b-41d25ed39a1e}" = "Portable Media Devices Menu"
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\Audiodev.dll" [MS]
"{BDA77241-42F6-11d0-85E2-00AA001FE28C}" = "LDVP Shell Extensions"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Common Files\Symantec Shared\SSC\vpshell2.dll" ["Symantec Corporation"]

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\
INFECTION WARNING! "{9EF34FF2-3396-4527-9D27-04C8C1C67806}" = "Microsoft AntiSpyware Service Hook"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Microsoft AntiSpyware\shellextension.dll" [MS]
INFECTION WARNING! "{54D9498B-CF93-414F-8984-8CE7FDE0D391}" = "ewido shell guard"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\ewido\security suite\shellhook.dll" ["TODO: <Firmenname>"]

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\
INFECTION WARNING! AtiExtEvent\DLLName = "Ati2evxx.dll" ["ATI Technologies Inc."]
INFECTION WARNING! NavLogon\DLLName = "C:\WINDOWS\System32\NavLogon.dll" ["Symantec Corporation"]

HKLM\Software\Classes\*\shellex\ContextMenuHandlers\
LDVPMenu\(Default) = "{BDA77241-42F6-11d0-85E2-00AA001FE28C}"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Common Files\Symantec Shared\SSC\vpshell2.dll" ["Symantec Corporation"]
VersionsMenu\(Default) = "{03170921-4754-11cf-AB9A-00C0F00683EB}"
-> {CLSID}\InProcServer32\(Default) = "c:\Program Files\Corel\shared\versions\cversion.dll" ["Corel Corporation Limited"]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]

HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]

HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\
FineReader\(Default) = "{AC0DD14A-8F29-4F88-BE1D-0F0ED1B06C9F}"
-> {CLSID}\InProcServer32\(Default) = "c:\program files\abbyy finereader 7.0 professional edition\fecmenu.dll" ["ABBYY (BIT Software)"]
LDVPMenu\(Default) = "{BDA77241-42F6-11d0-85E2-00AA001FE28C}"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Common Files\Symantec Shared\SSC\vpshell2.dll" ["Symantec Corporation"]
VersionsMenu\(Default) = "{03170921-4754-11cf-AB9A-00C0F00683EB}"
-> {CLSID}\InProcServer32\(Default) = "c:\Program Files\Corel\shared\versions\cversion.dll" ["Corel Corporation Limited"]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]


Active Desktop and Wallpaper:
-----------------------------

Active Desktop is disabled at this entry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState

HKCU\Control Panel\Desktop\
"Wallpaper" = "C:\WINDOWS\Firefox Wallpaper.bmp"


Enabled Screen Saver:
---------------------

HKCU\Control Panel\Desktop\
"SCRNSAVE.EXE" = "C:\WINDOWS\System32\logon.scr" [MS]


Startup items in "twolek" & "All Users" startup folders:
--------------------------------------------------------

C:\Documents and Settings\twolek\Menu Start\Programy\Autostart
"SpamPal" -> shortcut to: "C:\Program Files\SpamPal\spampal.exe" ["www.spampal.org"]

C:\Documents and Settings\All Users\Menu Start\Programy\Autostart
"APC UPS Status" -> shortcut to: "C:\Program Files\APC\APC PowerChute Personal Edition\Display.exe" ["American Power Conversion Corporation"]
"CoreCenter" -> shortcut to: "C:\Program Files\MSI\Core Center\CoreCenter.exe" [empty string]
"Logitech Desktop Messenger" -> shortcut to: "C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe /start" ["Logitech"]
"Logitech SetPoint" -> shortcut to: "C:\Program Files\Logitech\SetPoint\KEM.exe" ["Logitech Inc."]
"Microsoft Office" -> shortcut to: "C:\Program Files\Microsoft Office\Office\OSA9.EXE -b -l" [MS]
"Microtek Scanner Finder" -> shortcut to: "C:\Program Files\Microtek\ScanWizard 5\ScannerFinder.exe" [empty string]
"SmartDeviceMonitor for Client" -> shortcut to: "C:\Program Files\RMClient\PMClient.exe" ["RICOH COMPANY,LTD."]


Winsock2 Service Provider DLLs:
-------------------------------

Namespace Service Providers

HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}
000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]
000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]

Transport Service Providers

HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}
0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
%SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 12
%SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05


Toolbars, Explorer Bars, Extensions:
------------------------------------

Extensions (Tools menu items, main toolbar menu buttons)

HKLM\Software\Microsoft\Internet Explorer\Extensions\
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}\
"MenuText" = "Sun Java Console"
"CLSIDExtension" = "{CAFEEFAC-0015-0000-0002-ABCDEFFEDCBC}"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll" ["Sun Microsystems, Inc."]

{AC9E2541-2814-11D5-BC6D-00B0D0A1DE45}\
"ButtonText" = "AIM"
"Exec" = "C:\Program Files\AIM\aim.exe" ["America Online, Inc."]

{D6E814A0-E0C5-11D4-8D29-0050BA6940E3}\
"ButtonText" = "FlashGet"
"MenuText" = "&FlashGet"
"Exec" = "C:\PROGRA~1\FlashGet\flashget.exe" ["Amaze Soft"]

{FB5F1910-F110-11D2-BB9E-00C04F795683}\
"ButtonText" = "Messenger"
"MenuText" = "Windows Messenger"
"Exec" = "C:\Program Files\Messenger\MSMSGS.EXE" [MS]


Running Services (Display Name, Service Name, Path {Service DLL}):
------------------------------------------------------------------

APC UPS Service, APC UPS Service, "C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe" ["American Power Conversion Corporation"]
Ati HotKey Poller, Ati HotKey Poller, "C:\WINDOWS\System32\Ati2evxx.exe" ["ATI Technologies Inc."]
ewido security suite control, ewido security suite control, "C:\Program Files\ewido\security suite\ewidoctrl.exe" ["ewido networks"]
Intel Alert Handler, Intel Alert Handler, "C:\WINDOWS\system32\ams_ii\hndlrsvc.exe" ["Intel® Corporation"]
Intel Alert Originator, Intel Alert Originator, "C:\WINDOWS\system32\ams_ii\iao.exe" ["Intel® Corporation"]
Intel File Transfer, Intel File Transfer, "C:\WINDOWS\system32\cba\xfr.exe" ["Intel® Corporation"]
Intel PDS, Intel PDS, "C:\WINDOWS\system32\cba\pds.exe" ["Intel® Corporation"]
IS Service, ISSVC, ""C:\Program Files\Symantec Client Security\Symantec Client Firewall\ISSVC.exe"" ["Symantec Corporation"]
SAVRoam, SavRoam, ""C:\Program Files\Symantec Client Security\Symantec AntiVirus\SavRoam.exe"" ["symantec"]
Symantec AntiVirus, Symantec AntiVirus, ""C:\Program Files\Symantec Client Security\Symantec AntiVirus\Rtvscan.exe"" ["Symantec Corporation"]
Symantec AntiVirus Definition Watcher, DefWatch, ""C:\Program Files\Symantec Client Security\Symantec AntiVirus\DefWatch.exe"" ["Symantec Corporation"]
Symantec Event Manager, ccEvtMgr, ""C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe"" ["Symantec Corporation"]
Symantec Network Drivers Service, SNDSrvc, ""C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe"" ["Symantec Corporation"]
Symantec Network Proxy, ccProxy, ""C:\Program Files\Common Files\Symantec Shared\ccProxy.exe"" ["Symantec Corporation"]
Symantec SecurePort, SymSecurePort, ""C:\Program Files\Symantec Client Security\Symantec Client Firewall\SymSPort.exe"" ["Symantec Corporation"]
Symantec Settings Manager, ccSetMgr, ""C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe"" ["Symantec Corporation"]
Symantec System Center Discovery Service, NSCTOP, "C:\PROGRA~1\Symantec\SYMANT~1\NSCTOP.EXE" ["Symantec Corporation"]
Windows User Mode Driver Framework, UMWdf, "C:\WINDOWS\System32\wdfmgr.exe" [MS]


----------
+ This report excludes default entries except where indicated.
+ To see *everywhere* the script checks and *everything* it finds,
launch it from a command prompt or a shortcut with the -all parameter.
+ The search for DESKTOP.INI DLL launch points on all local fixed drives
took 186 seconds.
+ The search for all Registry CLSIDs containing dormant Explorer Bars
took 43 seconds.
---------- (total run time: 319 seconds)

[waxvax]

AimFix run, nothing reported

log from RKfiles

C:\Antispyware

PLEASE NOTE THAT ALL FILES FOUND BY THIS METHOD ARE NOT BAD FILES, THERE MIGHT BE LEGIT FILES LISTED AND PLEASE BE CAREFUL WHILE FIXING. IF YOU ARE UNSURE OF WHAT IT IS LEAVE THEM ALONE.
Files Found in system Folder............
------------------------
C:\WINDOWS\system32\D2VSource.ax: UPX!
C:\WINDOWS\system32\dfrg.msc: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQAAAAAwGpEc213
C:\WINDOWS\system32\dfrg.msc: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQAAAAAwGpEc213

Files Found in all users startup Folder............
------------------------
C:\WINDOWS\system32\D2VSource.ax: UPX!
Files Found in all users windows Folder............
------------------------
C:\WINDOWS\IFinst27.exe: UPX!
Finished
bye