Hello,
Here they are.
ComboFix 09-10-30.01 - John 11/01/2009 12:22.2.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.511.322 [GMT -5:00]
Running from: e:\documents and settings\John\Desktop\ComboFix.exe
Command switches used :: e:\documents and settings\John\Desktop\CFScript.txt
file zipped: e:\documents and settings\John\Start Menu\Programs\Startup\userinit.exe
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
e:\documents and settings\John\Start Menu\Programs\Startup\userinit.exe
.
((((((((((((((((((((((((( Files Created from 2009-10-01 to 2009-11-01 )))))))))))))))))))))))))))))))
.
2009-10-29 22:29 . 2009-10-29 22:29 -------- d-----w- e:\windows\system32\wbem\Repository
2009-10-29 22:26 . 2009-10-29 22:26 -------- d-----w- e:\documents and settings\John\Application Data\Roxio
2009-10-29 22:26 . 2009-10-29 22:26 -------- d-----w- e:\documents and settings\All Users\Application Data\InstallShield
2009-10-29 22:25 . 2009-10-29 22:26 -------- d-----w- e:\program files\Common Files\Sonic Shared
2009-10-29 22:25 . 2009-10-29 22:25 -------- d-----w- e:\program files\Common Files\SureThing Shared
2009-10-29 22:25 . 2009-10-29 22:25 -------- d-sh--w- e:\windows\ftpcache
2009-10-29 22:24 . 2009-10-29 22:24 -------- d-----w- e:\windows\system32\DRVSTORE
2009-10-29 22:22 . 2009-10-29 22:22 -------- d-----w- e:\program files\Microsoft ActiveSync
2009-10-29 22:21 . 2009-10-29 22:21 -------- d-----w- e:\documents and settings\John\Local Settings\Application Data\Help
2009-10-29 22:20 . 2009-10-29 22:20 -------- d-----w- e:\windows\system32\windows media
2009-10-29 22:19 . 2009-10-29 22:20 -------- d-----w- e:\program files\Common Files\ATI
2009-10-29 22:19 . 2009-10-29 22:19 -------- d-----w- E:\0ce3906792d3b9e348ed3eb87b
2009-10-29 22:12 . 2009-10-29 22:12 -------- d-----w- E:\aa36ac0572b91e8570dea0
2009-10-29 22:06 . 2009-10-29 22:06 -------- d-----w- e:\program files\MSXML 4.0
2009-10-29 22:06 . 2009-10-29 22:06 -------- d-----w- e:\windows\system32\CatRoot_bak
2009-10-29 22:06 . 2009-10-29 22:06 -------- d--h--w- e:\windows\PIF
2009-10-29 22:03 . 2009-10-29 22:03 -------- d-----w- e:\windows\Downloaded Installations
2009-10-29 22:03 . 2009-10-30 00:58 -------- d-----w- e:\documents and settings\John\Application Data\U3
2009-10-29 22:02 . 2009-10-29 22:02 -------- d-----w- e:\program files\Realtek Sound Manager
2009-10-29 22:02 . 2009-10-29 22:02 -------- d-----w- e:\program files\AvRack
2009-10-29 22:01 . 2009-10-29 22:02 -------- d-----w- e:\documents and settings\me\Local Settings\Application Data\ApplicationHistory
2009-10-29 22:01 . 2009-10-29 22:01 -------- d-----w- e:\documents and settings\John\Local Settings\Application Data\ApplicationHistory(3)
2009-10-29 21:58 . 2009-11-01 17:12 -------- d-----w- e:\documents and settings\John\Local Settings\Application Data\ApplicationHistory
2009-10-27 21:54 . 2009-10-27 21:54 -------- d-----w- e:\program files\Trend Micro
2009-10-26 22:04 . 2009-10-26 22:04 -------- d-----w- e:\documents and settings\John\Local Settings\Application Data\Roxio
2009-10-26 22:01 . 2009-10-26 22:01 -------- d-----w- e:\documents and settings\All Users\Application Data\Sonic
2009-10-26 22:00 . 2009-10-29 21:39 -------- d-----w- e:\program files\Common Files\Roxio Shared
2009-10-26 22:00 . 2006-08-18 17:17 56056 ----a-w- e:\windows\system32\DLAAPI_W.DLL
2009-10-26 22:00 . 2006-08-18 17:17 92920 ----a-w- e:\windows\DLA.EXE
2009-10-26 22:00 . 2006-08-11 15:05 51768 ----a-w- e:\windows\system32\drivers\DRVNDDM.SYS
2009-10-26 22:00 . 2006-08-11 14:35 12920 ----a-w- e:\windows\system32\drivers\DLACDBHM.SYS
2009-10-26 22:00 . 2006-08-11 14:35 28184 ----a-w- e:\windows\system32\drivers\DLARTL_M.SYS
2009-10-26 22:00 . 2006-07-21 15:21 99176 ----a-w- e:\windows\system32\drivers\DRVMCDB.SYS
2009-10-26 22:00 . 2009-10-29 22:25 -------- d-----w- e:\windows\system32\DLA
2009-10-26 22:00 . 2009-10-29 21:39 -------- d-----w- e:\program files\Roxio
2009-10-04 13:39 . 2009-10-04 13:39 -------- d-----w- e:\documents and settings\John\Application Data\IRISPen
2009-10-04 13:38 . 2009-10-04 13:38 -------- d-----w- e:\documents and settings\John\Application Data\IrisPen6
2009-10-04 13:32 . 2009-10-29 22:24 -------- d-----w- e:\program files\IRISPen Express 6
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-10-29 22:24 . 2009-02-21 03:47 -------- d-----w- e:\program files\Common Files\Adobe
2009-10-29 22:24 . 2008-10-04 23:00 -------- d--h--w- e:\program files\InstallShield Installation Information
2009-10-29 22:03 . 2009-08-12 23:47 -------- d-----w- e:\program files\Common Files\InstallShield
2009-10-29 21:41 . 2009-09-20 17:15 -------- d-----w- e:\program files\ATI Multimedia
2009-10-01 22:08 . 2008-09-17 23:12 17144 ----a-w- e:\documents and settings\John\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-09-21 22:21 . 2009-09-20 17:20 -------- d-----w- e:\documents and settings\All Users\Application Data\ATI MMC
2009-09-20 17:14 . 2009-09-20 17:14 -------- d-----w- e:\program files\Windows Media Components
2009-09-20 17:13 . 2009-09-20 17:13 -------- d-----w- e:\program files\Common Files\CyberLink
2009-09-20 17:12 . 2009-09-20 17:12 -------- d-----w- e:\program files\ATI Technologies
2009-09-20 17:04 . 2009-09-20 17:04 664 ----a-w- e:\windows\system32\d3d9caps.dat
2009-09-15 07:09 . 2009-09-15 07:09 -------- d-----w- e:\program files\MSBuild
2009-09-15 07:09 . 2009-09-15 07:09 -------- d-----w- e:\program files\Reference Assemblies
2009-09-15 07:06 . 2009-09-15 07:06 -------- d-----w- e:\program files\MSXML 6.0
2009-08-05 09:11 . 2004-08-04 10:00 204800 ----a-w- e:\windows\system32\mswebdvd.dll
.
((((((((((((((((((((((((((((( SnapShot@2009-11-01_15.50.25 )))))))))))))))))))))))))))))))))))))))))
.
- 2004-08-04 10:00 . 2009-09-15 07:27 71292 e:\windows\system32\perfc009.dat
+ 2004-08-04 10:00 . 2009-11-01 17:13 71292 e:\windows\system32\perfc009.dat
+ 2004-08-04 10:00 . 2009-11-01 17:13 441740 e:\windows\system32\perfh009.dat
- 2004-08-04 10:00 . 2009-09-15 07:27 441740 e:\windows\system32\perfh009.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="e:\program files\Messenger\msmsgs.exe" [2004-08-04 1667584]
"ATI Launchpad"="e:\program files\ATI Multimedia\main\launchPd.EXE" [2004-06-16 106571]
"ATI Remote Control"="e:\program files\ATI Multimedia\RemCtrl\ATIRW.exe" [2004-04-16 196608]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HPDJ Taskbar Utility"="e:\windows\system32\spool\drivers\w32x86\3\hpztsb12.exe" [2004-12-14 176128]
"ATIPTA"="e:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-07-11 339968]
"ATI DeviceDetect"="e:\program files\ATI Multimedia\main\ATIDtct.EXE" [2004-06-16 69705]
"HP Software Update"="e:\program files\HP\HP Software Update\HPWuSchd2.exe" [2004-09-13 49152]
"Adobe Reader Speed Launcher"="e:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]
"Adobe ARM"="e:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]
"RoxioDragToDisc"="e:\program files\Roxio\Drag-to-Disc\DrgToDsc.exe" [2006-08-17 1116920]
"ISUSPM Startup"="e:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 221184]
"ISUSScheduler"="e:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 81920]
"SoundMan"="SOUNDMAN.EXE" - e:\windows\SOUNDMAN.EXE [2003-06-10 55296]
e:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - e:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2004-11-4 258048]
HP Image Zone Fast Start.lnk - e:\program files\HP\Digital Imaging\bin\hpqthb08.exe [2004-11-4 53248]
Microsoft Office.lnk - e:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"e:\\WINDOWS\\system32\\sessmgr.exe"=
--- Other Services/Drivers In Memory ---
*NewlyCreated* - PCIIDEX_2
*Deregistered* - CLASSPNP_2
*Deregistered* - mbr
*Deregistered* - PCIIDEX_2
.
Contents of the 'Scheduled Tasks' folder
2009-11-01 e:\windows\Tasks\WGASetup.job
- e:\windows\system32\KB905474\wgasetup.exe [2009-09-15 02:18]
.
.
------- Supplementary Scan -------
.
IE: E&xport to Microsoft Excel - e:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2009-11-01 12:26
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(552)
e:\windows\system32\Ati2evxx.dll
.
Completion time: 2009-11-01 12:27
ComboFix-quarantined-files.txt 2009-11-01 17:27
ComboFix2.txt 2009-11-01 15:51
Pre-Run: 24,224,571,392 bytes free
Post-Run: 24,209,145,856 bytes free
- - End Of File - - 7B48D91B6EDD3C4E26F0F5CF6956DC6F
Upload was successful
ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)
# OnlineScanner.ocx=1.0.0.6211
# api_version=3.0.2
# EOSSerial=66f7810cb71fa9439e1c48a23aad3279
# end=finished
# remove_checked=false
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2009-11-01 06:43:29
# local_time=2009-11-01 01:43:29 (-0500, Eastern Standard Time)
# country="United States"
# lang=9
# osver=5.1.2600 NT Service Pack 2
# compatibility_mode=512 16777215 100 0 331550 331550 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=98505
# found=348
# cleaned=0
# scan_time=2616
C:\autorun.exe Win32/Zalup trojan 00000000000000000000000000000000 I
C:\AOL Instant Messenger\AIM.exe Win32/Adware.WBug.A application 00000000000000000000000000000000 I
D:\autorun.exe Win32/Zalup trojan 00000000000000000000000000000000 I
D:\WINDOWS\TEMP\Rem4054.exe probably a variant of Win32/Agent trojan 00000000000000000000000000000000 I
D:\WINDOWS\TEMP\unpack\inst43.exe a variant of Win32/Adware.Comet application 00000000000000000000000000000000 I
D:\System Volume Information\_restore{FCCF63F7-3EC0-4187-A099-609710C14255}\RP10\A0004088.exe Win32/Zalup trojan 00000000000000000000000000000000 I
D:\System Volume Information\_restore{D61E128B-B8DD-4500-BA36-57E26C7E171B}\RP20\A0000259.exe Win32/Zalup trojan 00000000000000000000000000000000 I
D:\System Volume Information\_restore{D61E128B-B8DD-4500-BA36-57E26C7E171B}\RP20\A0000278.exe Win32/Zalup trojan 00000000000000000000000000000000 I
D:\System Volume Information\_restore{D61E128B-B8DD-4500-BA36-57E26C7E171B}\RP21\A0000310.exe Win32/Zalup trojan 00000000000000000000000000000000 I
D:\System Volume Information\_restore{D61E128B-B8DD-4500-BA36-57E26C7E171B}\RP21\A0000332.exe Win32/Zalup trojan 00000000000000000000000000000000 I
D:\System Volume Information\_restore{D61E128B-B8DD-4500-BA36-57E26C7E171B}\RP21\A0000355.exe Win32/Zalup trojan 00000000000000000000000000000000 I
D:\System Volume Information\_restore{D61E128B-B8DD-4500-BA36-57E26C7E171B}\RP21\A0000395.exe Win32/Zalup trojan 00000000000000000000000000000000 I
D:\System Volume Information\_restore{D61E128B-B8DD-4500-BA36-57E26C7E171B}\RP22\A0000407.exe Win32/Zalup trojan 00000000000000000000000000000000 I
D:\System Volume Information\_restore{D61E128B-B8DD-4500-BA36-57E26C7E171B}\RP22\A0000533.exe Win32/Zalup trojan 00000000000000000000000000000000 I
D:\System Volume Information\_restore{D61E128B-B8DD-4500-BA36-57E26C7E171B}\RP22\A0000541.exe Win32/Zalup trojan 00000000000000000000000000000000 I
D:\System Volume Information\_restore{D61E128B-B8DD-4500-BA36-57E26C7E171B}\RP23\A0000574.exe Win32/Zalup trojan 00000000000000000000000000000000 I
D:\System Volume Information\_restore{D61E128B-B8DD-4500-BA36-57E26C7E171B}\RP23\A0000575.exe Win32/Zalup trojan 00000000000000000000000000000000 I
D:\System Volume Information\_restore{D61E128B-B8DD-4500-BA36-57E26C7E171B}\RP23\A0000772.exe Win32/Zalup trojan 00000000000000000000000000000000 I
D:\System Volume Information\_restore{D61E128B-B8DD-4500-BA36-57E26C7E171B}\RP23\A0000794.exe Win32/Zalup trojan 00000000000000000000000000000000 I
D:\System Volume Information\_restore{D61E128B-B8DD-4500-BA36-57E26C7E171B}\RP23\A0000818.exe Win32/Zalup trojan 00000000000000000000000000000000 I
D:\System Volume Information\_restore{D61E128B-B8DD-4500-BA36-57E26C7E171B}\RP23\A0000833.exe Win32/Zalup trojan 00000000000000000000000000000000 I
D:\System Volume Information\_restore{D61E128B-B8DD-4500-BA36-57E26C7E171B}\RP23\A0000849.exe Win32/Zalup trojan 00000000000000000000000000000000 I
D:\System Volume Information\_restore{D61E128B-B8DD-4500-BA36-57E26C7E171B}\RP23\A0001849.exe Win32/Zalup trojan 00000000000000000000000000000000 I
D:\System Volume Information\_restore{D61E128B-B8DD-4500-BA36-57E26C7E171B}\RP23\A0001884.exe Win32/Zalup trojan 00000000000000000000000000000000 I
D:\System Volume Information\_restore{D61E128B-B8DD-4500-BA36-57E26C7E171B}\RP24\A0001901.exe Win32/Zalup trojan 00000000000000000000000000000000 I
D:\System Volume Information\_restore{D61E128B-B8DD-4500-BA36-57E26C7E171B}\RP24\A0002133.exe Win32/Zalup trojan 00000000000000000000000000000000 I
D:\System Volume Information\_restore{D61E128B-B8DD-4500-BA36-57E26C7E171B}\RP24\A0002147.exe Win32/Zalup trojan 00000000000000000000000000000000 I
D:\System Volume Information\_restore{D61E128B-B8DD-4500-BA36-57E26C7E171B}\RP25\A0002153.exe Win32/Zalup trojan 00000000000000000000000000000000 I
D:\System Volume Information\_restore{D61E128B-B8DD-4500-BA36-57E26C7E171B}\RP25\A0002369.exe Win32/Zalup trojan 00000000000000000000000000000000 I
D:\System Volume Information\_restore{D61E128B-B8DD-4500-BA36-57E26C7E171B}\RP26\A0003369.exe Win32/Zalup trojan 00000000000000000000000000000000 I
D:\System Volume Information\_restore{D61E128B-B8DD-4500-BA36-57E26C7E171B}\RP26\A0004369.exe Win32/Zalup trojan 00000000000000000000000000000000 I
D:\System Volume Information\_restore{D61E128B-B8DD-4500-BA36-57E26C7E171B}\RP26\A0005369.exe Win32/Zalup trojan 00000000000000000000000000000000 I
D:\System Volume Information\_restore{D61E128B-B8DD-4500-BA36-57E26C7E171B}\RP26\A0006369.exe Win32/Zalup trojan 00000000000000000000000000000000 I
D:\System Volume Information\_restore{D61E128B-B8DD-4500-BA36-57E26C7E171B}\RP26\A0007369.exe Win32/Zalup trojan 00000000000000000000000000000000 I
D:\System Volume Information\_restore{D61E128B-B8DD-4500-BA36-57E26C7E171B}\RP27\A0007381.exe Win32/Zalup trojan 00000000000000000000000000000000 I
D:\System Volume Information\_restore{D61E128B-B8DD-4500-BA36-57E26C7E171B}\RP27\A0008369.exe Win32/Zalup trojan 00000000000000000000000000000000 I
D:\System Volume Information\_restore{D61E128B-B8DD-4500-BA36-57E26C7E171B}\RP28\A0008409.exe Win32/Zalup trojan 00000000000000000000000000000000 I
D:\System Volume Information\_restore{D61E128B-B8DD-4500-BA36-57E26C7E171B}\RP29\A0008414.exe Win32/Zalup trojan 00000000000000000000000000000000 I
D:\System Volume Information\_restore{D61E128B-B8DD-4500-BA36-57E26C7E171B}\RP29\A0009455.exe Win32/Zalup trojan 00000000000000000000000000000000 I
D:\System Volume Information\_restore{D61E128B-B8DD-4500-BA36-57E26C7E171B}\RP29\A0010454.exe Win32/Zalup trojan 00000000000000000000000000000000 I
D:\System Volume Information\_restore{D61E128B-B8DD-4500-BA36-57E26C7E171B}\RP29\A0011456.exe Win32/Zalup trojan 00000000000000000000000000000000 I
D:\System Volume Information\_restore{D61E128B-B8DD-4500-BA36-57E26C7E171B}\RP30\A0011470.exe Win32/Zalup trojan 00000000000000000000000000000000 I
D:\System Volume Information\_restore{D61E128B-B8DD-4500-BA36-57E26C7E171B}\RP30\A0011994.exe Win32/Zalup trojan 00000000000000000000000000000000 I
D:\System Volume Information\_restore{D61E128B-B8DD-4500-BA36-57E26C7E171B}\RP30\A0012993.exe Win32/Zalup trojan 00000000000000000000000000000000 I
D:\System Volume Information\_restore{D61E128B-B8DD-4500-BA36-57E26C7E171B}\RP30\A0013011.exe Win32/Zalup trojan 00000000000000000000000000000000 I
D:\System Volume Information\_restore{D61E128B-B8DD-4500-BA36-57E26C7E171B}\RP31\A0013101.exe Win32/Zalup trojan 00000000000000000000000000000000 I
D:\System Volume Information\_restore{D61E128B-B8DD-4500-BA36-57E26C7E171B}\RP31\A0013176.exe Win32/Zalup trojan 00000000000000000000000000000000 I
D:\System Volume Information\_restore{D61E128B-B8DD-4500-BA36-57E26C7E171B}\RP32\A0013206.exe Win32/Zalup trojan 00000000000000000000000000000000 I
D:\System Volume Information\_restore{D61E128B-B8DD-4500-BA36-57E26C7E171B}\RP32\A0014067.exe Win32/Zalup trojan 00000000000000000000000000000000 I
D:\System Volume Information\_restore{D61E128B-B8DD-4500-BA36-57E26C7E171B}\RP32\A0014096.exe Win32/Zalup trojan 00000000000000000000000000000000 I
D:\System Volume Information\_restore{D61E128B-B8DD-4500-BA36-57E26C7E171B}\RP33\A0014103.exe Win32/Zalup trojan 00000000000000000000000000000000 I
D:\System Volume Information\_restore{D61E128B-B8DD-4500-BA36-57E26C7E171B}\RP33\A0014216.exe Win32/Zalup trojan 00000000000000000000000000000000 I
D:\System Volume Information\_restore{D61E128B-B8DD-4500-BA36-57E26C7E171B}\RP34\A0014224.exe Win32/Zalup trojan 00000000000000000000000000000000 I
D:\System Volume Information\_restore{D61E128B-B8DD-4500-BA36-57E26C7E171B}\RP35\A0014237.exe Win32/Zalup trojan 00000000000000000000000000000000 I
D:\System Volume Information\_restore{D61E128B-B8DD-4500-BA36-57E26C7E171B}\RP36\A0014250.exe Win32/Zalup trojan 00000000000000000000000000000000 I
D:\System Volume Information\_restore{D61E128B-B8DD-4500-BA36-57E26C7E171B}\RP37\A0014259.exe Win32/Zalup trojan 00000000000000000000000000000000 I
D:\System Volume Information\_restore{D61E128B-B8DD-4500-BA36-57E26C7E171B}\RP38\A0015217.exe Win32/Zalup trojan 00000000000000000000000000000000 I
D:\System Volume Information\_restore{D61E128B-B8DD-4500-BA36-57E26C7E171B}\RP39\A0015230.exe Win32/Zalup trojan 00000000000000000000000000000000 I
D:\System Volume Information\_restore{D61E128B-B8DD-4500-BA36-57E26C7E171B}\RP40\A0015240.exe Win32/Zalup trojan 00000000000000000000000000000000 I
D:\System Volume Information\_restore{D61E128B-B8DD-4500-BA36-57E26C7E171B}\RP41\A0015247.exe Win32/Zalup trojan 00000000000000000000000000000000 I
D:\System Volume Information\_restore{D61E128B-B8DD-4500-BA36-57E26C7E171B}\RP42\A0015253.exe Win32/Zalup trojan 00000000000000000000000000000000 I
D:\System Volume Information\_restore{D61E128B-B8DD-4500-BA36-57E26C7E171B}\RP43\A0015261.exe Win32/Zalup trojan 00000000000000000000000000000000 I
D:\System Volume Information\_restore{D61E128B-B8DD-4500-BA36-57E26C7E171B}\RP43\A0015273.exe Win32/Zalup trojan 00000000000000000000000000000000 I
D:\System Volume Information\_restore{D61E128B-B8DD-4500-BA36-57E26C7E171B}\RP44\A0015296.exe Win32/Zalup trojan 00000000000000000000000000000000 I
D:\System Volume Information\_restore{D61E128B-B8DD-4500-BA36-57E26C7E171B}\RP44\A0015326.exe Win32/Zalup trojan 00000000000000000000000000000000 I
D:\System Volume Information\_restore{D61E128B-B8DD-4500-BA36-57E26C7E171B}\RP45\A0015348.exe Win32/Zalup trojan 00000000000000000000000000000000 I
D:\System Volume Information\_restore{D61E128B-B8DD-4500-BA36-57E26C7E171B}\RP46\A0015366.exe Win32/Zalup trojan 00000000000000000000000000000000 I
D:\System Volume Information\_restore{D61E128B-B8DD-4500-BA36-57E26C7E171B}\RP47\A0015385.exe Win32/Zalup trojan 00000000000000000000000000000000 I
D:\System Volume Information\_restore{D61E128B-B8DD-4500-BA36-57E26C7E171B}\RP48\A0015396.exe Win32/Zalup trojan 00000000000000000000000000000000 I
D:\System Volume Information\_restore{D61E128B-B8DD-4500-BA36-57E26C7E171B}\RP49\A0015410.exe Win32/Zalup trojan 00000000000000000000000000000000 I
D:\System Volume Information\_restore{D61E128B-B8DD-4500-BA36-57E26C7E171B}\RP50\A0015418.exe Win32/Zalup trojan 00000000000000000000000000000000 I
D:\System Volume Information\_restore{D61E128B-B8DD-4500-BA36-57E26C7E171B}\RP51\A0015440.exe Win32/Zalup trojan 00000000000000000000000000000000 I
D:\System Volume Information\_restore{D61E128B-B8DD-4500-BA36-57E26C7E171B}\RP52\A0015448.exe Win32/Zalup trojan 00000000000000000000000000000000 I
D:\System Volume Information\_restore{D61E128B-B8DD-4500-BA36-57E26C7E171B}\RP53\A0015553.exe Win32/Zalup trojan 00000000000000000000000000000000 I
D:\System Volume Information\_restore{D61E128B-B8DD-4500-BA36-57E26C7E171B}\RP54\A0015569.exe Win32/Zalup trojan 00000000000000000000000000000000 I
D:\System Volume Information\_restore{D61E128B-B8DD-4500-BA36-57E26C7E171B}\RP54\A0015595.exe Win32/Zalup trojan 00000000000000000000000000000000 I
D:\System Volume Information\_restore{D61E128B-B8DD-4500-BA36-57E26C7E171B}\RP54\A0015627.exe Win32/Zalup trojan 00000000000000000000000000000000 I
D:\System Volume Information\_restore{D61E128B-B8DD-4500-BA36-57E26C7E171B}\RP54\A0015647.exe Win32/Zalup trojan 00000000000000000000000000000000 I
D:\System Volume Information\_restore{D61E128B-B8DD-4500-BA36-57E26C7E171B}\RP55\A0015668.exe Win32/Zalup trojan 00000000000000000000000000000000 I
D:\System Volume Information\_restore{D61E128B-B8DD-4500-BA36-57E26C7E171B}\RP56\A0015674.exe Win32/Zalup trojan 00000000000000000000000000000000 I
D:\System Volume Information\_restore{D61E128B-B8DD-4500-BA36-57E26C7E171B}\RP57\A0015681.exe Win32/Zalup trojan 00000000000000000000000000000000 I
D:\System Volume Information\_restore{D61E128B-B8DD-4500-BA36-57E26C7E171B}\RP57\A0015699.exe Win32/Zalup trojan 00000000000000000000000000000000 I
D:\System Volume Information\_restore{D61E128B-B8DD-4500-BA36-57E26C7E171B}\RP58\A0015716.exe Win32/Zalup trojan 00000000000000000000000000000000 I
D:\System Volume Information\_restore{D61E128B-B8DD-4500-BA36-57E26C7E171B}\RP59\A0015737.exe Win32/Zalup trojan 00000000000000000000000000000000 I
D:\System Volume Information\_restore{D61E128B-B8DD-4500-BA36-57E26C7E171B}\RP60\A0015839.exe Win32/Zalup trojan 00000000000000000000000000000000 I
D:\System Volume Information\_restore{D61E128B-B8DD-4500-BA36-57E26C7E171B}\RP61\A0015959.exe Win32/Zalup trojan 00000000000000000000000000000000 I
D:\System Volume Information\_restore{D61E128B-B8DD-4500-BA36-57E26C7E171B}\RP61\A0016007.exe Win32/Zalup trojan 00000000000000000000000000000000 I
D:\System Volume Information\_restore{D61E128B-B8DD-4500-BA36-57E26C7E171B}\RP61\A0016028.exe Win32/Zalup trojan 00000000000000000000000000000000 I
D:\System Volume Information\_restore{D61E128B-B8DD-4500-BA36-57E26C7E171B}\RP62\A0016058.exe Win32/Zalup trojan 00000000000000000000000000000000 I
D:\System Volume Information\_restore{D61E128B-B8DD-4500-BA36-57E26C7E171B}\RP63\A0024673.exe Win32/Zalup trojan 00000000000000000000000000000000 I
D:\System Volume Information\_restore{D61E128B-B8DD-4500-BA36-57E26C7E171B}\RP63\A0024710.exe Win32/Zalup trojan 00000000000000000000000000000000 I
D:\System Volume Information\_restore{D61E128B-B8DD-4500-BA36-57E26C7E171B}\RP64\A0024737.exe Win32/Zalup trojan 00000000000000000000000000000000 I
E:\Qoobox\Quarantine\E\autorun.exe.vir Win32/Zalup trojan 00000000000000000000000000000000 I
E:\Qoobox\Quarantine\E\userinit.exe.vir Win32/Zalup trojan 00000000000000000000000000000000 I
E:\Qoobox\Quarantine\E\Documents and Settings\John\svchost.exe.vir Win32/Zalup trojan 00000000000000000000000000000000 I
E:\Qoobox\Quarantine\E\Documents and Settings\LocalService\svchost.exe.vir Win32/Zalup trojan 00000000000000000000000000000000 I
E:\Qoobox\Quarantine\E\WINDOWS\system32\drivers\services.exe.vir Win32/Zalup trojan 00000000000000000000000000000000 I
E:\System Volume Information\_restore{D61E128B-B8DD-4500-BA36-57E26C7E171B}\RP10\A0000202.exe Win32/Zalup trojan 00000000000000000000000000000000 I
E:\System Volume Information\_restore{D61E128B-B8DD-4500-BA36-57E26C7E171B}\RP11\A0000207.exe Win32/Zalup trojan 00000000000000000000000000000000 I
E:\System Volume Information\_restore{D61E128B-B8DD-4500-BA36-57E26C7E171B}\RP12\A0000212.exe Win32/Zalup trojan 00000000000000000000000000000000 I
E:\System Volume Information\_restore{D61E128B-B8DD-4500-BA36-57E26C7E171B}\RP13\A0000217.exe Win32/Zalup trojan 00000000000000000000000000000000 I
E:\System Volume Information\_restore{D61E128B-B8DD-4500-BA36-57E26C7E171B}\RP14\A0000222.exe Win32/Zalup trojan 00000000000000000000000000000000 I
E:\System Volume Information\_restore{D61E128B-B8DD-4500-BA36-57E26C7E171B}\RP15\A0000227.exe Win32/Zalup trojan 00000000000000000000000000000000 I
E:\System Volume Information\_restore{D61E128B-B8DD-4500-BA36-57E26C7E171B}\RP16\A0000232.exe Win32/Zalup trojan 00000000000000000000000000000000 I
E:\System Volume Information\_restore{D61E128B-B8DD-4500-BA36-57E26C7E171B}\RP17\A0000237.exe Win32/Zalup trojan 00000000000000000000000000000000 I
E:\System Volume Information\_restore{D61E128B-B8DD-4500-BA36-57E26C7E171B}\RP18\A0000242.exe Win32/Zalup trojan 00000000000000000000000000000000 I
E:\System Volume Information\_restore{D61E128B-B8DD-4500-BA36-57E26C7E171B}\RP19\A0000247.exe Win32/Zalup trojan 00000000000000000000000000000000 I
E:\System Volume Information\_restore{D61E128B-B8DD-4500-BA36-57E26C7E171B}\RP20\A0000252.exe Win32/Zalup trojan 00000000000000000000000000000000 I
E:\System Volume Information\_restore{D61E128B-B8DD-4500-BA36-57E26C7E171B}\RP20\A0000261.exe Win32/Zalup trojan 00000000000000000000000000000000 I
E:\System Volume Information\_restore{D61E128B-B8DD-4500-BA36-57E26C7E171B}\RP20\A0000264.exe Win32/Zalup trojan 00000000000000000000000000000000 I
E:\System Volume Information\_restore{D61E128B-B8DD-4500-BA36-57E26C7E171B}\RP20\A0000275.exe Win32/Zalup trojan 00000000000000000000000000000000 I
E:\System Volume Information\_restore{D61E128B-B8DD-4500-BA36-57E26C7E171B}\RP20\A0000280.exe Win32/Zalup trojan 00000000000000000000000000000000 I
E:\System Volume Information\_restore{D61E128B-B8DD-4500-BA36-57E26C7E171B}\RP20\A0000284.exe Win32/Zalup trojan 00000000000000000000000000000000 I
E:\System Volume Information\_restore{D61E128B-B8DD-4500-BA36-57E26C7E171B}\RP20\A0000285.exe Win32/Zalup trojan 00000000000000000000000000000000 I
E:\System Volume Information\_restore{D61E128B-B8DD-4500-BA36-57E26C7E171B}\RP21\A0000312.exe Win32/Zalup trojan 00000000000000000000000000000000 I
E:\System Volume Information\_restore{D61E128B-B8DD-4500-BA36-57E26C7E171B}\RP21\A0000319.exe Win32/Zalup trojan 00000000000000000000000000000000 I
E:\System Volume Information\_restore{D61E128B-B8DD-4500-BA36-57E26C7E171B}\RP21\A0000320.exe Win32/Zalup trojan 00000000000000000000000000000000 I
E:\System Volume Information\_restore{D61E128B-B8DD-4500-BA36-57E26C7E171B}\RP21\A0000323.exe Win32/Zalup trojan 00000000000000000000000000000000 I
E:\System Volume Information\_restore{D61E128B-B8DD-4500-BA36-57E26C7E171B}\RP21\A0000327.exe Win32/Zalup trojan 00000000000000000000000000000000 I
E:\System Volume Information\_restore{D61E128B-B8DD-4500-BA36-57E26C7E171B}\RP21\A0000334.exe Win32/Zalup trojan 00000000000000000000000000000000 I
E:\System Volume Information\_restore{D61E128B-B8DD-4500-BA36-57E26C7E171B}\RP21\A0000337.exe Win32/Zalup trojan 00000000000000000000000000000000 I
E:\System Volume Information\_restore{D61E128B-B8DD-4500-BA36-57E26C7E171B}\RP21\A0000352.exe Win32/Zalup trojan 00000000000000000000000000000000 I
E:\System Volume Information\_restore{D61E128B-B8DD-4500-BA36-57E26C7E171B}\RP21\A0000357.exe Win32/Zalup trojan 00000000000000000000000000000000 I
E:\System Volume Information\_restore{D61E128B-B8DD-4500-BA36-57E26C7E171B}\RP21\A0000361.exe Win32/Zalup trojan 00000000000000000000000000000000 I
E:\System Volume Information\_restore{D61E128B-B8DD-4500-BA36-57E26C7E171B}\RP21\A0000392.exe Win32/Zalup trojan 00000000000000000000000000000000 I
E:\System Volume Information\_restore{D61E128B-B8DD-4500-BA36-57E26C7E171B}\RP21\A0000397.exe Win32/Zalup trojan 00000000000000000000000000000000 I
E:\System Volume Information\_restore{D61E128B-B8DD-4500-BA36-57E26C7E171B}\RP21\A0000401.exe Win32/Zalup trojan 00000000000000000000000000000000 I
E:\System Volume Information\_restore{D61E128B-B8DD-4500-BA36-57E26C7E171B}\RP22\A0000409.exe Win32/Zalup trojan 00000000000000000000000000000000 I
E:\System Volume Information\_restore{D61E128B-B8DD-4500-BA36-57E26C7E171B}\RP22\A0000415.exe Win32/Zalup trojan 00000000000000000000000000000000 I
E:\System Volume Information\_restore{D61E128B-B8DD-4500-BA36-57E26C7E171B}\RP22\A0000419.exe Win32/Zalup trojan 00000000000000000000000000000000 I
E:\System Volume Information\_restore{D61E128B-B8DD-4500-BA36-57E26C7E171B}\RP22\A0000433.exe Win32/Zalup trojan 00000000000000000000000000000000 I
E:\System Volume Information\_restore{D61E128B-B8DD-4500-BA36-57E26C7E171B}\RP22\A0000434.exe Win32/Zalup trojan 00000000000000000000000000000000 I
E:\System Volume Information\_restore{D61E128B-B8DD-4500-BA36-57E26C7E171B}\RP22\A0000479.exe Win32/Zalup trojan 00000000000000000000000000000000 I
E:\System Volume Information\_restore{D61E128B-B8DD-4500-BA36-57E26C7E171B}\RP22\A0000543.exe Win32/Zalup trojan 00000000000000000000000000000000 I
E:\System Volume Information\_restore{D61E128B-B8DD-4500-BA36-57E26C7E171B}\RP22\A0000547.exe Win32/Zalup trojan 00000000000000000000000000000000 I
E:\System Volume Information\_restore{D61E128B-B8DD-4500-BA36-57E26C7E171B}\RP22\A0000548.exe Win32/Zalup trojan 00000000000000000000000000000000 I
E:\System Volume Information\_restore{D61E128B-B8DD-4500-BA36-57E26C7E171B}\RP23\A0000578.exe Win32/Zalup trojan 00000000000000000000000000000000 I
E:\System Volume Information\_restore{D61E128B-B8DD-4500-BA36-57E26C7E171B}\RP23\A0000604.exe Win32/Zalup trojan 00000000000000000000000000000000 I
E:\System Volume Information\_restore{D61E128B-B8DD-4500-BA36-57E26C7E171B}\RP23\A0000605.exe Win32/Zalup trojan 00000000000000000000000000000000 I
E:\System Volume Information\_restore{D61E128B-B8DD-4500-BA36-57E26C7E171B}\RP23\A0000639.exe Win32/Zalup trojan 00000000000000000000000000000000 I
E:\System Volume Information\_restore{D61E128B-B8DD-4500-BA36-57E26C7E171B}\RP23\A0000640.exe Win32/Zalup trojan 00000000000000000000000000000000 I
E:\System Volume Information\_restore{D61E128B-B8DD-4500-BA36-57E26C7E171B}\RP23\A0000643.exe Win32/Zalup trojan 00000000000000000000000000000000 I
E:\System Volume Information\_restore{D61E128B-B8DD-4500-BA36-57E26C7E171B}\RP23\A0000644.exe Win32/Zalup trojan 00000000000000000000000000000000 I
E:\System Volume Information\_restore{D61E128B-B8DD-4500-BA36-57E26C7E171B}\RP23\A0000648.exe Win32/Zalup trojan 00000000000000000000000000000000 I
E:\System Volume Information\_restore{D61E128B-B8DD-4500-BA36-57E26C7E171B}\RP23\A0000769.exe Win32/Zalup trojan 00000000000000000000000000000000 I
E:\System Volume Information\_restore{D61E128B-B8DD-4500-BA36-57E26C7E171B}\RP23\A0000774.exe Win32/Zalup trojan 00000000000000000000000000000000 I
E:\System Volume Information\_restore{D61E128B-B8DD-4500-BA36-57E26C7E171B}\RP23\A0000777.exe Win32/Zalup trojan 00000000000000000000000000000000 I
E:\System Volume Information\_restore{D61E128B-B8DD-4500-BA36-57E26C7E171B}\RP23\A0000791.exe Win32/Zalup trojan 00000000000000000000000000000000 I
E:\System Volume Information\_restore{D61E128B-B8DD-4500-BA36-57E26C7E171B}\RP23\A0000796.exe Win32/Zalup trojan 00000000000000000000000000000000 I
E:\System Volume Information\_restore{D61E128B-B8DD-4500-BA36-57E26C7E171B}\RP23\A0000800.exe Win32/Zalup trojan 00000000000000000000000000000000 I
E:\System Volume Information\_restore{D61E128B-B8DD-4500-BA36-57E26C7E171B}\RP23\A0000815.exe Win32/Zalup trojan 00000000000000000000000000000000 I
E:\System Volume Information\_restore{D61E128B-B8DD-4500-BA36-57E26C7E171B}\RP23\A0000820.exe Win32/Zalup trojan 00000000000000000000000000000000 I
E:\System Volume Information\_restore{D61E128B-B8DD-4500-BA36-57E26C7E171B}\RP23\A0000824.exe Win32/Zalup trojan 00000000000000000000000000000000 I
E:\System Volume Information\_restore{D61E128B-B8DD-4500-BA36-57E26C7E171B}\RP23\A0000830.exe Win32/Zalup trojan 00000000000000000000000000000000 I
E:\System Volume Information\_restore{D61E128B-B8DD-4500-BA36-57E26C7E171B}\RP23\A0000835.exe Win32/Zalup trojan 00000000000000000000000000000000 I
E:\System Volume Information\_restore{D61E128B-B8DD-4500-BA36-57E26C7E171B}\RP23\A0000839.exe Win32/Zalup trojan 00000000000000000000000000000000 I
E:\System Volume Information\_restore{D61E128B-B8DD-4500-BA36-57E26C7E171B}\RP23\A0000846.exe Win32/Zalup trojan 00000000000000000000000000000000 I
E:\System Volume Information\_restore{D61E128B-B8DD-4500-BA36-57E26C7E171B}\RP23\A0000851.exe Win32/Zalup trojan 00000000000000000000000000000000 I
E:\System Volume Information\_restore{D61E128B-B8DD-4500-BA36-57E26C7E171B}\RP23\A0000854.exe Win32/Zalup trojan 00000000000000000000000000000000 I
E:\System Volume Information\_restore{D61E128B-B8DD-4500-BA36-57E26C7E171B}\RP23\A0001846.exe Win32/Zalup trojan 00000000000000000000000000000000 I
E:\System Volume Information\_restore{D61E128B-B8DD-4500-BA36-57E26C7E171B}\RP23\A0001851.exe Win32/Zalup trojan 00000000000000000000000000000000 I
E:\System Volume Information\_restore{D61E128B-B8DD-4500-BA36-57E26C7E171B}\RP23\A0001855.exe Win32/Zalup trojan 00000000000000000000000000000000 I
E:\System Volume Information\_restore{D61E128B-B8DD-4500-BA36-57E26C7E171B}\RP23\A0001863.exe Win32/Zalup trojan 00000000000000000000000000000000 I
E:\System Volume Information\_restore{D61E128B-B8DD-4500-BA36-57E26C7E171B}\RP23\A0001864.exe Win32/Zalup trojan 00000000000000000000000000000000 I
E:\System Volume Information\_restore{D61E128B-B8DD-4500-BA36-57E26C7E171B}\RP23\A0001881.exe Win32/Zalup trojan 00000000000000000000000000000000 I
E:\System Volume Information\_restore{D61E128B-B8DD-4500-BA36-57E26C7E171B}\RP23\A0001886.exe Win32/Zalup trojan 00000000000000000000000000000000 I
E:\System Volume Information\_restore{D61E128B-B8DD-4500-BA36-57E26C7E171B}\RP23\A0001889.exe Win32/Zalup trojan 00000000000000000000000000000000 I
E:\System Volume Information\_restore{D61E128B-B8DD-4500-BA36-57E26C7E171B}\RP24\A0001903.exe Win32/Zalup trojan 00000000000000000000000000000000 I
E:\System Volume Information\_restore{D61E128B-B8DD-4500-BA36-57E26C7E171B}\RP24\A0001915.exe Win32/Zalup trojan 00000000000000000000000000000000 I
E:\System Volume Information\_restore{D61E128B-B8DD-4500-BA36-57E26C7E171B}\RP24\A0001917.exe Win32/Zalup trojan 00000000000000000000000000000000 I
E:\System Volume Information\_restore{D61E128B-B8DD-4500-BA36-57E26C7E171B}\RP24\A0001930.exe Win32/Zalup trojan 00000000000000000000000000000000 I
E:\System Volume Information\_restore{D61E128B-B8DD-4500-BA36-57E26C7E171B}\RP24\A0001931.exe Win32/Zalup trojan 00000000000000000000000000000000 I
E:\System Volume Information\_restore{D61E128B-B8DD-4500-BA36-57E26C7E171B}\RP24\A0002022.exe Win32/Zalup trojan 00000000000000000000000000000000 I
E:\System Volume Information\_restore{D61E128B-B8DD-4500-BA36-57E26C7E171B}\RP24\A0002130.exe Win32/Zalup trojan 00000000000000000000000000000000 I
E:\System Volume Information\_restore{D61E128B-B8DD-4500-BA36-57E26C7E171B}\RP24\A0002135.exe Win32/Zalup trojan 00000000000000000000000000000000 I
E:\System Volume Information\_restore{D61E128B-B8DD-4500-BA36-57E26C7E171B}\RP24\A0002144.exe Win32/Zalup trojan 00000000000000000000000000000000 I
E:\System Volume Information\_restore{D61E128B-B8DD-4500-BA36-57E26C7E171B}\RP24\A0002149.exe Win32/Zalup trojan 00000000000000000000000000000000 I
E:\System Volume Information\_restore{D61E128B-B8DD-4500-BA36-57E26C7E171B}\RP25\A0002155.exe Win32/Zalup trojan 00000000000000000000000000000000 I
E:\System Volume Information\_restore{D61E128B-B8DD-4500-BA36-57E26C7E171B}\RP25\A0002158.exe Win32/Zalup trojan 00000000000000000000000000000000 I
E:\System Volume Information\_restore{D61E128B-B8DD-4500-BA36-57E26C7E171B}\RP25\A0002164.exe Win32/Zalup trojan 00000000000000000000000000000000 I
E:\System Volume Information\_restore{D61E128B-B8DD-4500-BA36-57E26C7E171B}\RP25\A0002188.exe Win32/Zalup trojan 00000000000000000000000000000000 I
E:\System Volume Information\_restore{D61E128B-B8DD-4500-BA36-57E26C7E171B}\RP25\A0002189.exe Win32/Zalup trojan 00000000000000000000000000000000 I
E:\System Volume Information\_restore{D61E128B-B8DD-4500-BA36-57E26C7E171B}\RP25\A0002220.exe Win32/Zalup trojan 00000000000000000000000000000000 I
E:\System Volume Information\_restore{D61E128B-B8DD-4500-BA36-57E26C7E171B}\RP25\A0002222.exe Win32/Zalup trojan 00000000000000000000000000000000 I
E:\System Volume Information\_restore{D61E128B-B8DD-4500-BA36-57E26C7E171B}\RP25\A0002224.exe Win32/Zalup trojan 00000000000000000000000000000000 I
E:\System Volume Information\_restore{D61E128B-B8DD-4500-BA36-57E26C7E171B}\RP25\A0002366.exe Win32/Zalup trojan 00000000000000000000000000000000 I
E:\System Volume Information\_restore{D61E128B-B8DD-4500-BA36-57E26C7E171B}\RP25\A0002371.exe Win32/Zalup trojan 00000000000000000000000000000000 I
E:\System Volume Information\_restore{D61E128B-B8DD-4500-BA36-57E26C7E171B}\RP25\A0002375.exe Win32/Zalup trojan 00000000000000000000000000000000 I
E:\System Volume Information\_restore{D61E128B-B8DD-4500-BA36-57E26C7E171B}\RP25\A0002379.exe Win32/Zalup trojan 00000000000000000000000000000000 I
E:\System Volume Information\_restore{D61E128B-B8DD-4500-BA36-57E26C7E171B}\RP25\A0002380.exe Win32/Zalup trojan 00000000000000000000000000000000 I
E:\System Volume Information\_restore{D61E128B-B8DD-4500-BA36-57E26C7E171B}\RP26\A0002401.exe Win32/Zalup trojan 00000000000000000000000000000000 I
E:\System Volume Information\_restore{D61E128B-B8DD-4500-BA36-57E26C7E171B}\RP26\A0003366.exe Win32/Zalup trojan 00000000000000000000000000000000 I
E:\System Volume Information\_restore{D61E128B-B8DD-4500-BA36-57E26C7E171B}\RP26\A0003371.exe Win32/Zalup trojan 00000000000000000000000000000000 I
E:\System Volume Information\_restore{D61E128B-B8DD-4500-BA36-57E26C7E171B}\RP26\A0003374.exe Win32/Zalup trojan 00000000000000000000000000000000 I
E:\System Volume Information\_restore{D61E128B-B8DD-4500-BA36-57E26C7E171B}\RP26\A0004366.exe Win32/Zalup trojan 00000000000000000000000000000000 I
E:\System Volume Information\_restore{D61E128B-B8DD-4500-BA36-57E26C7E171B}\RP26\A0004371.exe Win32/Zalup trojan 00000000000000000000000000000000 I
E:\System Volume Information\_restore{D61E128B-B8DD-4500-BA36-57E26C7E171B}\RP26\A0004375.exe Win32/Zalup trojan 00000000000000000000000000000000 I
E:\System Volume Information\_restore{D61E128B-B8DD-4500-BA36-57E26C7E171B}\RP26\A0005366.exe Win32/Zalup trojan 00000000000000000000000000000000 I
E:\System Volume Information\_restore{D61E128B-B8DD-4500-BA36-57E26C7E171B}\RP26\A0005371.exe Win32/Zalup trojan 00000000000000000000000000000000 I
E:\System Volume Information\_restore{D61E128B-B8DD-4500-BA36-57E26C7E171B}\RP26\A0005374.exe Win32/Zalup trojan 00000000000000000000000000000000 I
E:\System Volume Information\_restore{D61E128B-B8DD-4500-BA36-57E26C7E171B}\RP26\A0005418.exe Win32/Zalup trojan 00000000000000000000000000000000 I
E:\System Volume Information\_restore{D61E128B-B8DD-4500-BA36-57E26C7E171B}\RP26\A0005419.exe Win32/Zalup trojan 00000000000000000000000000000000 I
E:\System Volume Information\_restore{D61E128B-B8DD-4500-BA36-57E26C7E171B}\RP26\A0006366.exe Win32/Zalup trojan 00000000000000000000000000000000 I
E:\System Volume Information\_restore{D61E128B-B8DD-4500-BA36-57E26C7E171B}\RP26\A0006371.exe Win32/Zalup trojan 00000000000000000000000000000000 I
E:\System Volume Information\_restore{D61E128B-B8DD-4500-BA36-57E26C7E171B}\RP26\A0006375.exe Win32/Zalup trojan 00000000000000000000000000000000 I
E:\System Volume Information\_restore{D61E128B-B8DD-4500-BA36-57E26C7E171B}\RP26\A0007366.exe Win32/Zalup trojan 00000000000000000000000000000000 I
E:\System Volume Information\_restore{D61E128B-B8DD-4500-BA36-57E26C7E171B}\RP26\A0007371.exe Win32/Zalup trojan 00000000000000000000000000000000 I
E:\System Volume Information\_restore{D61E128B-B8DD-4500-BA36-57E26C7E171B}\RP26\A0007375.exe Win32/Zalup trojan 00000000000000000000000000000000 I
E:\System Volume Information\_restore{D61E128B-B8DD-4500-BA36-57E26C7E171B}\RP26\A0007378.exe Win32/Zalup trojan 00000000000000000000000000000000 I
E:\System Volume Information\_restore{D61E128B-B8DD-4500-BA36-57E26C7E171B}\RP26\A0007379.exe Win32/Zalup trojan 00000000000000000000000000000000 I
E:\System Volume Information\_restore{D61E128B-B8DD-4500-BA36-57E26C7E171B}\RP27\A0007383.exe Win32/Zalup trojan 00000000000000000000000000000000 I
E:\System Volume Information\_restore{D61E128B-B8DD-4500-BA36-57E26C7E171B}\RP27\A0008366.exe Win32/Zalup trojan 00000000000000000000000000000000 I
E:\System Volume Information\_restore{D61E128B-B8DD-4500-BA36-57E26C7E171B}\RP27\A0008371.exe Win32/Zalup trojan 00000000000000000000000000000000 I
E:\System Volume Information\_restore{D61E128B-B8DD-4500-BA36-57E26C7E171B}\RP27\A0008374.exe Win32/Zalup trojan 00000000000000000000000000000000 I
E:\System Volume Information\_restore{D61E128B-B8DD-4500-BA36-57E26C7E171B}\RP28\A0008411.exe Win32/Zalup trojan 00000000000000000000000000000000 I
E:\System Volume Information\_restore{D61E128B-B8DD-4500-BA36-57E26C7E171B}\RP29\A0008416.exe Win32/Zalup trojan 00000000000000000000000000000000 I
E:\System Volume Information\_restore{D61E128B-B8DD-4500-BA36-57E26C7E171B}\RP29\A0008783.exe Win32/Zalup trojan 00000000000000000000000000000000 I
E:\System Volume Information\_restore{D61E128B-B8DD-4500-BA36-57E26C7E171B}\RP29\A0008785.exe Win32/Zalup trojan 00000000000000000000000000000000 I
E:\System Volume Information\_restore{D61E128B-B8DD-4500-BA36-57E26C7E171B}\RP29\A0008820.exe Win32/Zalup trojan 00000000000000000000000000000000 I
E:\System Volume Information\_restore{D61E128B-B8DD-4500-BA36-57E26C7E171B}\RP29\A0008821.exe Win32/Zalup trojan 00000000000000000000000000000000 I
E:\System Volume Information\_restore{D61E128B-B8DD-4500-BA36-57E26C7E171B}\RP29\A0009093.exe Win32/Zalup trojan 00000000000000000000000000000000 I
E:\System Volume Information\_restore{D61E128B-B8DD-4500-BA36-57E26C7E171B}\RP29\A0009457.exe Win32/Zalup trojan 00000000000000000000000000000000 I
E:\System Volume Information\_restore{D61E128B-B8DD-4500-BA36-57E26C7E171B}\RP29\A0010456.exe Win32/Zalup trojan 00000000000000000000000000000000 I
E:\System Volume Information\_restore{D61E128B-B8DD-4500-BA36-57E26C7E171B}\RP29\A0011453.exe Win32/Zalup trojan 00000000000000000000000000000000 I
E:\System Volume Information\_restore{D61E128B-B8DD-4500-BA36-57E26C7E171B}\RP29\A0011458.exe Win32/Zalup trojan 00000000000000000000000000000000 I
E:\System Volume Information\_restore{D61E128B-B8DD-4500-BA36-57E26C7E171B}\RP29\A0011461.exe Win32/Zalup trojan 00000000000000000000000000000000 I
E:\System Volume Information\_restore{D61E128B-B8DD-4500-BA36-57E26C7E171B}\RP30\A0011472.exe Win32/Zalup trojan 00000000000000000000000000000000 I
E:\System Volume Information\_restore{D61E128B-B8DD-4500-BA36-57E26C7E171B}\RP30\A0011481.exe Win32/Zalup trojan 00000000000000000000000000000000 I
E:\System Volume Information\_restore{D61E128B-B8DD-4500-BA36-57E26C7E171B}\RP30\A0011483.exe Win32/Zalup trojan 00000000000000000000000000000000 I
E:\System Volume Information\_restore{D61E128B-B8DD-4500-BA36-57E26C7E171B}\RP30\A0011486.exe Win32/Zalup trojan 00000000000000000000000000000000 I
E:\System Volume Information\_restore{D61E128B-B8DD-4500-BA36-57E26C7E171B}\RP30\A0011487.exe Win32/Zalup trojan 00000000000000000000000000000000 I
E:\System Volume Information\_restore{D61E128B-B8DD-4500-BA36-57E26C7E171B}\RP30\A0011523.exe Win32/Zalup trojan 00000000000000000000000000000000 I
E:\System Volume Information\_restore{D61E128B-B8DD-4500-BA36-57E26C7E171B}\RP30\A0011524.exe Win32/Zalup trojan 00000000000000000000000000000000 I
E:\System Volume Information\_restore{D61E128B-B8DD-4500-BA36-57E26C7E171B}\RP30\A0011613.exe Win32/Zalup trojan 00000000000000000000000000000000 I
E:\System Volume Information\_restore{D61E128B-B8DD-4500-BA36-57E26C7E171B}\RP30\A0011991.exe Win32/Zalup trojan 00000000000000000000000000000000 I
E:\System Volume Information\_restore{D61E128B-B8DD-4500-BA36-57E26C7E171B}\RP30\A0011996.exe Win32/Zalup trojan 00000000000000000000000000000000 I
E:\System Volume Information\_restore{D61E128B-B8DD-4500-BA36-57E26C7E171B}\RP30\A0011998.exe Win32/Zalup trojan 00000000000000000000000000000000 I
E:\System Volume Information\_restore{D61E128B-B8DD-4500-BA36-57E26C7E171B}\RP30\A0012034.exe Win32/Zalup trojan 00000000000000000000000000000000 I
E:\System Volume Information\_restore{D61E128B-B8DD-4500-BA36-57E26C7E171B}\RP30\A0012035.exe Win32/Zalup trojan 00000000000000000000000000000000 I
E:\System Volume Information\_restore{D61E128B-B8DD-4500-BA36-57E26C7E171B}\RP30\A0012990.exe Win32/Zalup trojan 00000000000000000000000000000000 I
E:\System Volume Information\_restore{D61E128B-B8DD-4500-BA36-57E26C7E171B}\RP30\A0012995.exe Win32/Zalup trojan 00000000000000000000000000000000 I
E:\System Volume Information\_restore{D61E128B-B8DD-4500-BA36-57E26C7E171B}\RP30\A0012998.exe Win32/Zalup trojan 00000000000000000000000000000000 I
E:\System Volume Information\_restore{D61E128B-B8DD-4500-BA36-57E26C7E171B}\RP30\A0013008.exe Win32/Zalup trojan 00000000000000000000000000000000 I
E:\System Volume Information\_restore{D61E128B-B8DD-4500-BA36-57E26C7E171B}\RP30\A0013013.exe Win32/Zalup trojan 00000000000000000000000000000000 I
E:\System Volume Information\_restore{D61E128B-B8DD-4500-BA36-57E26C7E171B}\RP30\A0013016.exe Win32/Zalup trojan 00000000000000000000000000000000 I
E:\System Volume Information\_restore{D61E128B-B8DD-4500-BA36-57E26C7E171B}\RP31\A0013103.exe Win32/Zalup trojan 00000000000000000000000000000000 I
E:\System Volume Information\_restore{D61E128B-B8DD-4500-BA36-57E26C7E171B}\RP31\A0013172.exe Win32/Zalup trojan 00000000000000000000000000000000 I
E:\System Volume Information\_restore{D61E128B-B8DD-4500-BA36-57E26C7E171B}\RP31\A0013178.exe Win32/Zalup trojan 00000000000000000000000000000000 I
E:\System Volume Information\_restore{D61E128B-B8DD-4500-BA36-57E26C7E171B}\RP31\A0013181.exe Win32/Zalup trojan 00000000000000000000000000000000 I
E:\System Volume Information\_restore{D61E128B-B8DD-4500-BA36-57E26C7E171B}\RP32\A0013208.exe Win32/Zalup trojan 00000000000000000000000000000000 I
E:\System Volume Information\_restore{D61E128B-B8DD-4500-BA36-57E26C7E171B}\RP32\A0014063.exe Win32/Zalup trojan 00000000000000000000000000000000 I
E:\System Volume Information\_restore{D61E128B-B8DD-4500-BA36-57E26C7E171B}\RP32\A0014069.exe Win32/Zalup trojan 00000000000000000000000000000000 I
E:\System Volume Information\_restore{D61E128B-B8DD-4500-BA36-57E26C7E171B}\RP32\A0014071.exe Win32/Zalup trojan 00000000000000000000000000000000 I
E:\System Volume Information\_restore{D61E128B-B8DD-4500-BA36-57E26C7E171B}\RP32\A0014083.exe Win32/Zalup trojan 00000000000000000000000000000000 I
E:\System Volume Information\_restore{D61E128B-B8DD-4500-BA36-57E26C7E171B}\RP32\A0014084.exe Win32/Zalup trojan 00000000000000000000000000000000 I
E:\System Volume Information\_restore{D61E128B-B8DD-4500-BA36-57E26C7E171B}\RP32\A0014093.exe Win32/Zalup trojan 00000000000000000000000000000000 I
E:\System Volume Information\_restore{D61E128B-B8DD-4500-BA36-57E26C7E171B}\RP32\A0014098.exe Win32/Zalup trojan 00000000000000000000000000000000 I
E:\System Volume Information\_restore{D61E128B-B8DD-4500-BA36-57E26C7E171B}\RP33\A0014105.exe Win32/Zalup trojan 00000000000000000000000000000000 I
E:\System Volume Information\_restore{D61E128B-B8DD-4500-BA36-57E26C7E171B}\RP33\A0014191.exe Win32/Zalup trojan 00000000000000000000000000000000 I
E:\System Volume Information\_restore{D61E128B-B8DD-4500-BA36-57E26C7E171B}\RP33\A0014212.exe Win32/Zalup trojan 00000000000000000000000000000000 I
E:\System Volume Information\_restore{D61E128B-B8DD-4500-BA36-57E26C7E171B}\RP33\A0014218.exe Win32/Zalup trojan 00000000000000000000000000000000 I
E:\System Volume Information\_restore{D61E128B-B8DD-4500-BA36-57E26C7E171B}\RP34\A0014226.exe Win32/Zalup trojan 00000000000000000000000000000000 I
E:\System Volume Information\_restore{D61E128B-B8DD-4500-BA36-57E26C7E171B}\RP35\A0014239.exe Win32/Zalup trojan 00000000000000000000000000000000 I
E:\System Volume Information\_restore{D61E128B-B8DD-4500-BA36-57E26C7E171B}\RP36\A0014252.exe Win32/Zalup trojan 00000000000000000000000000000000 I
E:\System Volume Information\_restore{D61E128B-B8DD-4500-BA36-57E26C7E171B}\RP37\A0014261.exe Win32/Zalup trojan 00000000000000000000000000000000 I
E:\System Volume Information\_restore{D61E128B-B8DD-4500-BA36-57E26C7E171B}\RP38\A0015213.exe Win32/Zalup trojan 00000000000000000000000000000000 I
E:\System Volume Information\_restore{D61E128B-B8DD-4500-BA36-57E26C7E171B}\RP38\A0015219.exe Win32/Zalup trojan 00000000000000000000000000000000 I
E:\System Volume Information\_restore{D61E128B-B8DD-4500-BA36-57E26C7E171B}\RP38\A0015221.exe Win32/Zalup trojan 00000000000000000000000000000000 I
E:\System Volume Information\_restore{D61E128B-B8DD-4500-BA36-57E26C7E171B}\RP39\A0015232.exe Win32/Zalup trojan 00000000000000000000000000000000 I
E:\System Volume Information\_restore{D61E128B-B8DD-4500-BA36-57E26C7E171B}\RP4\A0000170.exe Win32/Zalup trojan 00000000000000000000000000000000 I
E:\System Volume Information\_restore{D61E128B-B8DD-4500-BA36-57E26C7E171B}\RP40\A0015242.exe Win32/Zalup trojan 00000000000000000000000000000000 I
E:\System Volume Information\_restore{D61E128B-B8DD-4500-BA36-57E26C7E171B}\RP41\A0015249.exe Win32/Zalup trojan 00000000000000000000000000000000 I
E:\System Volume Information\_restore{D61E128B-B8DD-4500-BA36-57E26C7E171B}\RP42\A0015255.exe Win32/Zalup trojan 00000000000000000000000000000000 I
E:\System Volume Information\_restore{D61E128B-B8DD-4500-BA36-57E26C7E171B}\RP43\A0015263.exe Win32/Zalup trojan 00000000000000000000000000000000 I
E:\System Volume Information\_restore{D61E128B-B8DD-4500-BA36-57E26C7E171B}\RP43\A0015270.exe Win32/Zalup trojan 00000000000000000000000000000000 I
E:\System Volume Information\_restore{D61E128B-B8DD-4500-BA36-57E26C7E171B}\RP43\A0015275.exe Win32/Zalup trojan 00000000000000000000000000000000 I
E:\System Volume Information\_restore{D61E128B-B8DD-4500-BA36-57E26C7E171B}\RP43\A0015278.exe Win32/Zalup trojan 00000000000000000000000000000000 I
E:\System Volume Information\_restore{D61E128B-B8DD-4500-BA36-57E26C7E171B}\RP44\A0015298.exe Win32/Zalup trojan 00000000000000000000000000000000 I
E:\System Volume Information\_restore{D61E128B-B8DD-4500-BA36-57E26C7E171B}\RP44\A0015312.exe Win32/Zalup trojan 00000000000000000000000000000000 I
E:\System Volume Information\_restore{D61E128B-B8DD-4500-BA36-57E26C7E171B}\RP44\A0015313.exe Win32/Zalup trojan 00000000000000000000000000000000 I
E:\System Volume Information\_restore{D61E128B-B8DD-4500-BA36-57E26C7E171B}\RP44\A0015314.exe Win32/Zalup trojan 00000000000000000000000000000000 I
E:\System Volume Information\_restore{D61E128B-B8DD-4500-BA36-57E26C7E171B}\RP44\A0015323.exe Win32/Zalup trojan 00000000000000000000000000000000 I
E:\System Volume Information\_restore{D61E128B-B8DD-4500-BA36-57E26C7E171B}\RP44\A0015328.exe Win32/Zalup trojan 00000000000000000000000000000000 I
E:\System Volume Information\_restore{D61E128B-B8DD-4500-BA36-57E26C7E171B}\RP44\A0015330.exe Win32/Zalup trojan 00000000000000000000000000000000 I
E:\System Volume Information\_restore{D61E128B-B8DD-4500-BA36-57E26C7E171B}\RP45\A0015350.exe Win32/Zalup trojan 00000000000000000000000000000000 I
E:\System Volume Information\_restore{D61E128B-B8DD-4500-BA36-57E26C7E171B}\RP46\A0015368.exe Win32/Zalup trojan 00000000000000000000000000000000 I
E:\System Volume Information\_restore{D61E128B-B8DD-4500-BA36-57E26C7E171B}\RP47\A0015387.exe Win32/Zalup trojan 00000000000000000000000000000000 I
E:\System Volume Information\_restore{D61E128B-B8DD-4500-BA36-57E26C7E171B}\RP48\A0015398.exe Win32/Zalup trojan 00000000000000000000000000000000 I
E:\System Volume Information\_restore{D61E128B-B8DD-4500-BA36-57E26C7E171B}\RP49\A0015412.exe Win32/Zalup trojan 00000000000000000000000000000000 I
E:\System Volume Information\_restore{D61E128B-B8DD-4500-BA36-57E26C7E171B}\RP5\A0000175.exe Win32/Zalup trojan 00000000000000000000000000000000 I
E:\System Volume Information\_restore{D61E128B-B8DD-4500-BA36-57E26C7E171B}\RP50\A0015420.exe Win32/Zalup trojan 00000000000000000000000000000000 I
E:\System Volume Information\_restore{D61E128B-B8DD-4500-BA36-57E26C7E171B}\RP51\A0015442.exe Win32/Zalup trojan 00000000000000000000000000000000 I
E:\System Volume Information\_restore{D61E128B-B8DD-4500-BA36-57E26C7E171B}\RP52\A0015450.exe Win32/Zalup trojan 00000000000000000000000000000000 I
E:\System Volume Information\_restore{D61E128B-B8DD-4500-BA36-57E26C7E171B}\RP53\A0015555.exe Win32/Zalup trojan 00000000000000000000000000000000 I
E:\System Volume Information\_restore{D61E128B-B8DD-4500-BA36-57E26C7E171B}\RP54\A0015571.exe Win32/Zalup trojan 00000000000000000000000000000000 I
E:\System Volume Information\_restore{D61E128B-B8DD-4500-BA36-57E26C7E171B}\RP54\A0015592.exe Win32/Zalup trojan 00000000000000000000000000000000 I
E:\System Volume Information\_restore{D61E128B-B8DD-4500-BA36-57E26C7E171B}\RP54\A0015597.exe Win32/Zalup trojan 00000000000000000000000000000000 I
E:\System Volume Information\_restore{D61E128B-B8DD-4500-BA36-57E26C7E171B}\RP54\A0015599.exe Win32/Zalup trojan 00000000000000000000000000000000 I
E:\System Volume Information\_restore{D61E128B-B8DD-4500-BA36-57E26C7E171B}\RP54\A0015624.exe Win32/Zalup trojan 00000000000000000000000000000000 I
E:\System Volume Information\_restore{D61E128B-B8DD-4500-BA36-57E26C7E171B}\RP54\A0015629.exe Win32/Zalup trojan 00000000000000000000000000000000 I
E:\System Volume Information\_restore{D61E128B-B8DD-4500-BA36-57E26C7E171B}\RP54\A0015631.exe Win32/Zalup trojan 00000000000000000000000000000000 I
E:\System Volume Information\_restore{D61E128B-B8DD-4500-BA36-57E26C7E171B}\RP54\A0015644.exe Win32/Zalup trojan 00000000000000000000000000000000 I
E:\System Volume Information\_restore{D61E128B-B8DD-4500-BA36-57E26C7E171B}\RP54\A0015649.exe Win32/Zalup trojan 00000000000000000000000000000000 I
E:\System Volume Information\_restore{D61E128B-B8DD-4500-BA36-57E26C7E171B}\RP54\A0015651.exe Win32/Zalup trojan 00000000000000000000000000000000 I
E:\System Volume Information\_restore{D61E128B-B8DD-4500-BA36-57E26C7E171B}\RP55\A0015670.exe Win32/Zalup trojan 00000000000000000000000000000000 I
E:\System Volume Information\_restore{D61E128B-B8DD-4500-BA36-57E26C7E171B}\RP56\A0015676.exe Win32/Zalup trojan 00000000000000000000000000000000 I
E:\System Volume Information\_restore{D61E128B-B8DD-4500-BA36-57E26C7E171B}\RP57\A0015683.exe Win32/Zalup trojan 00000000000000000000000000000000 I
E:\System Volume Information\_restore{D61E128B-B8DD-4500-BA36-57E26C7E171B}\RP57\A0015689.exe Win32/Zalup trojan 00000000000000000000000000000000 I
E:\System Volume Information\_restore{D61E128B-B8DD-4500-BA36-57E26C7E171B}\RP57\A0015690.exe Win32/Zalup trojan 00000000000000000000000000000000 I
E:\System Volume Information\_restore{D61E128B-B8DD-4500-BA36-57E26C7E171B}\RP57\A0015691.exe Win32/Zalup trojan 00000000000000000000000000000000 I
E:\System Volume Information\_restore{D61E128B-B8DD-4500-BA36-57E26C7E171B}\RP57\A0015696.exe Win32/Zalup trojan 00000000000000000000000000000000 I
E:\System Volume Information\_restore{D61E128B-B8DD-4500-BA36-57E26C7E171B}\RP57\A0015701.exe Win32/Zalup trojan 00000000000000000000000000000000 I
E:\System Volume Information\_restore{D61E128B-B8DD-4500-BA36-57E26C7E171B}\RP57\A0015703.exe Win32/Zalup trojan 00000000000000000000000000000000 I
E:\System Volume Information\_restore{D61E128B-B8DD-4500-BA36-57E26C7E171B}\RP58\A0015718.exe Win32/Zalup trojan 00000000000000000000000000000000 I
E:\System Volume Information\_restore{D61E128B-B8DD-4500-BA36-57E26C7E171B}\RP59\A0015739.exe Win32/Zalup trojan 00000000000000000000000000000000 I
E:\System Volume Information\_restore{D61E128B-B8DD-4500-BA36-57E26C7E171B}\RP59\A0015832.exe Win32/Zalup trojan 00000000000000000000000000000000 I
E:\System Volume Information\_restore{D61E128B-B8DD-4500-BA36-57E26C7E171B}\RP59\A0015833.exe Win32/Zalup trojan 00000000000000000000000000000000 I
E:\System Volume Information\_restore{D61E128B-B8DD-4500-BA36-57E26C7E171B}\RP59\A0015834.exe Win32/Zalup trojan 00000000000000000000000000000000 I
E:\System Volume Information\_restore{D61E128B-B8DD-4500-BA36-57E26C7E171B}\RP6\A0000180.exe Win32/Zalup trojan 00000000000000000000000000000000 I
E:\System Volume Information\_restore{D61E128B-B8DD-4500-BA36-57E26C7E171B}\RP61\A0015994.exe Win32/Zalup trojan 00000000000000000000000000000000 I
E:\System Volume Information\_restore{D61E128B-B8DD-4500-BA36-57E26C7E171B}\RP61\A0015995.exe Win32/Zalup trojan 00000000000000000000000000000000 I
E:\System Volume Information\_restore{D61E128B-B8DD-4500-BA36-57E26C7E171B}\RP61\A0016004.exe Win32/Zalup trojan 00000000000000000000000000000000 I
E:\System Volume Information\_restore{D61E128B-B8DD-4500-BA36-57E26C7E171B}\RP61\A0016009.exe Win32/Zalup trojan 00000000000000000000000000000000 I
E:\System Volume Information\_restore{D61E128B-B8DD-4500-BA36-57E26C7E171B}\RP61\A0016011.exe Win32/Zalup trojan 00000000000000000000000000000000 I
E:\System Volume Information\_restore{D61E128B-B8DD-4500-BA36-57E26C7E171B}\RP61\A0016025.exe Win32/Zalup trojan 00000000000000000000000000000000 I
E:\System Volume Information\_restore{D61E128B-B8DD-4500-BA36-57E26C7E171B}\RP61\A0016030.exe Win32/Zalup trojan 00000000000000000000000000000000 I
E:\System Volume Information\_restore{D61E128B-B8DD-4500-BA36-57E26C7E171B}\RP61\A0016032.exe Win32/Zalup trojan 00000000000000000000000000000000 I
E:\System Volume Information\_restore{D61E128B-B8DD-4500-BA36-57E26C7E171B}\RP61\A0016045.exe Win32/Zalup trojan 00000000000000000000000000000000 I
E:\System Volume Information\_restore{D61E128B-B8DD-4500-BA36-57E26C7E171B}\RP61\A0016046.exe Win32/Zalup trojan 00000000000000000000000000000000 I
E:\System Volume Information\_restore{D61E128B-B8DD-4500-BA36-57E26C7E171B}\RP62\A0016076.exe Win32/Zalup trojan 00000000000000000000000000000000 I
E:\System Volume Information\_restore{D61E128B-B8DD-4500-BA36-57E26C7E171B}\RP62\A0016077.exe Win32/Zalup trojan 00000000000000000000000000000000 I
E:\System Volume Information\_restore{D61E128B-B8DD-4500-BA36-57E26C7E171B}\RP62\A0016093.exe Win32/Zalup trojan 00000000000000000000000000000000 I
E:\System Volume Information\_restore{D61E128B-B8DD-4500-BA36-57E26C7E171B}\RP62\A0016094.exe Win32/Zalup trojan 00000000000000000000000000000000 I
E:\System Volume Information\_restore{D61E128B-B8DD-4500-BA36-57E26C7E171B}\RP62\A0016095.exe Win32/Zalup trojan 00000000000000000000000000000000 I
E:\System Volume Information\_restore{D61E128B-B8DD-4500-BA36-57E26C7E171B}\RP62\A0021017.exe Win32/Zalup trojan 00000000000000000000000000000000 I
E:\System Volume Information\_restore{D61E128B-B8DD-4500-BA36-57E26C7E171B}\RP63\A0024707.exe Win32/Zalup trojan 00000000000000000000000000000000 I
E:\System Volume Information\_restore{D61E128B-B8DD-4500-BA36-57E26C7E171B}\RP63\A0024712.exe Win32/Zalup trojan 00000000000000000000000000000000 I
E:\System Volume Information\_restore{D61E128B-B8DD-4500-BA36-57E26C7E171B}\RP63\A0024714.exe Win32/Zalup trojan 00000000000000000000000000000000 I
E:\System Volume Information\_restore{D61E128B-B8DD-4500-BA36-57E26C7E171B}\RP63\A0024722.exe Win32/Zalup trojan 00000000000000000000000000000000 I
E:\System Volume Information\_restore{D61E128B-B8DD-4500-BA36-57E26C7E171B}\RP63\A0024723.exe Win32/Zalup trojan 00000000000000000000000000000000 I
E:\System Volume Information\_restore{D61E128B-B8DD-4500-BA36-57E26C7E171B}\RP64\A0024763.exe Win32/Zalup trojan 00000000000000000000000000000000 I
E:\System Volume Information\_restore{D61E128B-B8DD-4500-BA36-57E26C7E171B}\RP64\A0024764.exe Win32/Zalup trojan 00000000000000000000000000000000 I
E:\System Volume Information\_restore{D61E128B-B8DD-4500-BA36-57E26C7E171B}\RP64\A0024765.exe Win32/Zalup trojan 00000000000000000000000000000000 I
E:\System Volume Information\_restore{D61E128B-B8DD-4500-BA36-57E26C7E171B}\RP64\A0024766.exe Win32/Zalup trojan 00000000000000000000000000000000 I
E:\System Volume Information\_restore{D61E128B-B8DD-4500-BA36-57E26C7E171B}\RP64\A0024767.exe Win32/Zalup trojan 00000000000000000000000000000000 I
E:\System Volume Information\_restore{D61E128B-B8DD-4500-BA36-57E26C7E171B}\RP7\A0000185.exe Win32/Zalup trojan 00000000000000000000000000000000 I
E:\System Volume Information\_restore{D61E128B-B8DD-4500-BA36-57E26C7E171B}\RP8\A0000190.exe Win32/Zalup trojan 00000000000000000000000000000000 I
E:\System Volume Information\_restore{D61E128B-B8DD-4500-BA36-57E26C7E171B}\RP9\A0000197.exe Win32/Zalup trojan 00000000000000000000000000000000 I
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:57:59 PM, on 11/1/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
E:\WINDOWS\System32\smss.exe
E:\WINDOWS\system32\winlogon.exe
E:\WINDOWS\system32\services.exe
E:\WINDOWS\system32\lsass.exe
E:\WINDOWS\system32\Ati2evxx.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\System32\svchost.exe
E:\WINDOWS\system32\spoolsv.exe
E:\WINDOWS\system32\Ati2evxx.exe
E:\WINDOWS\Explorer.EXE
E:\WINDOWS\SOUNDMAN.EXE
E:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb12.exe
E:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
E:\Program Files\ATI Multimedia\main\ATIDtct.EXE
E:\Program Files\HP\HP Software Update\HPWuSchd2.exe
E:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
E:\Program Files\ATI Multimedia\RemCtrl\ATIRW.exe
E:\WINDOWS\system32\HPZipm12.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\system32\rundll32.exe
E:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
E:\WINDOWS\system32\wscntfy.exe
E:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft.com/fwlink/?LinkId=54896O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - E:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] E:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb12.exe
O4 - HKLM\..\Run: [ATIPTA] E:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [ATI DeviceDetect] E:\Program Files\ATI Multimedia\main\ATIDtct.EXE
O4 - HKLM\..\Run: [HP Software Update] "E:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "E:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "E:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [RoxioDragToDisc] "E:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] E:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "E:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKCU\..\Run: [MSMSGS] "E:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ATI Launchpad] "E:\Program Files\ATI Multimedia\main\launchPd.EXE"
O4 - HKCU\..\Run: [ATI Remote Control] E:\Program Files\ATI Multimedia\RemCtrl\ATIRW.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = E:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = E:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Microsoft Office.lnk = E:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel -
res://E:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) -
http://download.eset.com/special/eos-be ... canner.cabO23 - Service: Ati HotKey Poller - Unknown owner - E:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - E:\WINDOWS\system32\ati2sgag.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - E:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Pml Driver HPZ12 - HP - E:\WINDOWS\system32\HPZipm12.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - E:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: X10 Device Network Service (x10nets) - Unknown owner - E:\PROGRA~1\ATIMUL~1\RemCtrl\x10nets.exe (file missing)
--
End of file - 4285 bytes