Izdvojeno iz druge teme (4)

1

Izdvojeno iz druge teme (4)

offline
  • vr7600 
  • Novi MyCity građanin
  • Pridružio: 25 Jan 2008
  • Poruke: 26

Bog!
Čitajući ovaj post, skužio sam da Dalibor ima sličan problem ko i ja.
Doma, na lapu mi se svako malo javlja da su nađeni crvi ili trojanci, koje ne mogu obrisati.
Koristio sam razne antivirusne programe. Sada koristim AVG 8 i Search and Destroy.
Kaj da radim?
Hvala! Smile

PS
i zbog njih mi svako malo puca veza sa netom (vjerojatno ju antivirus isključuje)

offline
  • Pridružio: 04 Sep 2003
  • Poruke: 24135
  • Gde živiš: Wien

Ovde pise sta treba da uradis:
http://www.mycity.rs/Ambulanta/Kako-otvoriti-temu-u-Ambulanti.html

offline
  • vr7600 
  • Novi MyCity građanin
  • Pridružio: 25 Jan 2008
  • Poruke: 26

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:42:24, on 11.2.2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\WINDOWS\Explorer.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Flock\flock.exe
C:\Documents and Settings\Bella\Desktop\hitna pomoc\TR3.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = yahoo.com/
F2 - REG:system.ini: Shell=Explorer.exe %windir%\system32\drivers\services.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {594E7FF5-9484-46CD-824A-A2362BCF826C} - C:\WINDOWS\system32\ciadminj.dll (file missing)
O2 - BHO: (no name) - {7C568414-D589-4FCA-A508-BB3673ADBCE4} - c:\windows\system32\asferrorj.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [QlbCtrl.exe] C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [Windows Video Drivers] C:\RECYCLER\S-1-5-21-6707281032-7796660059-958187083-6929\winlogon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [] (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [] (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [] (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [] (User 'Default user')
O8 - Extra context menu item: &Search - ?p=ZKxdm016YYHR
O8 - Extra context menu item: Add to Evernote - res://C:\Program Files\Evernote\Evernote3\enbar.dll/2000
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Add to Evernote - {E0B8C461-F8FB-49b4-8373-FE32E9252800} - C:\Program Files\Evernote\Evernote3\enbar.dll
O9 - Extra 'Tools' menuitem: Add to Evernote - {E0B8C461-F8FB-49b4-8373-FE32E9252800} - C:\Program Files\Evernote\Evernote3\enbar.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {33331111-1111-1111-1111-611111193457} - file://c:\ex.cab
O16 - DPF: {33331111-1111-1111-1111-611111193458} - file://c:\ex.cab
O16 - DPF: {33331111-1111-1111-1111-622221193458} - file://c:\ex.cab
O16 - DPF: {64311111-1111-1121-1111-111191113457} - file://c:\eied_s7.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{18E339D1-E478-40BF-9949-50725EEA1A27}: NameServer = 193.198.184.130 193.198.184.140
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O20 - Winlogon Notify: swtbzsgl - C:\WINDOWS\SYSTEM32\asferrorj.dll
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Microsoft Service Controler - Unknown owner - C:\WINDOWS\system32\drivers\services.exe (file missing)
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe

--
End of file - 6184 bytes

Dopuna: 11 Feb 2009 12:40

PS
Evo i primjera kaj mi javlja:

offline
  • Pridružio: 04 Sep 2003
  • Poruke: 24135
  • Gde živiš: Wien

Potrebno je da iskljucimo zastitne programe koje imas za vreme dok obavljamo ciscenje.

* Klikni desnim tasterom miša na AVG ikonicu ( ) u donjem, desnom uglu ekrana.
* Kada se pokrene AVG Control Center, dvoklikni na AVG Resident Shield komponentu.
* U prozoru koji se otvori, deštikliraj opciju Turn on AVG Resident Shield i klikni OK.

Napomena: Ne zaboravi da uključiš ovu opciju po završetku čišćenja.

==================================


Pokrenite Spybot S&D
Kliknite Mode stavku u meniju
Odaberite Advance Mode
Na traci levo kliknite na Tools
Kliknite na Resident
Destiklirajte Resident Tea-Timer
Zatvorite Spybot S&D
Restartujte kompjuter.

- Zatim skinuti program sa ovog linka na Desktop.
- Pokrenuti ga dvoklikom i ispratiti uputstva.

Nemojte zaboraviti da ponovo ukljucite ove opcije kada zavrsimo ciscenje.

=================================

Skini ComboFix sa jedne od sledecih adresa na Desktop:
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
http://www.forospyware.com/sUBs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe

Startuj ga i ne diraj prozor programa dok skenira.
Sledi uputstva na ekranu. Kada zavrsi pojavice se log (C:\ComboFix.txt) koji ces nam ovde iskopirati.

=================================

USB memorije koje imas nemoj prikljucivati ni na jedan kompjuter dok ti to ne budem rekao, posto su najverovatnije zarazeni.

Pod USB memorijama podrazumevam flash drajvove, USB eksterne hard diskove, MP3 i slicne plejere, kartice iz digitalnih foto aparata i slicno.

offline
  • vr7600 
  • Novi MyCity građanin
  • Pridružio: 25 Jan 2008
  • Poruke: 26

Evo
------------
mycity.rs/must-login.png


PS
USB stik sam spojio u lap i kasnije u PCe.
Kaj da radim s njima? Imaju slične simptome. Da i na njima ponovim gornji postupak (s tim da jedan ima AVASTov antivirus) i da priložim rezultate?

ComboFix 09-02-11.02 - Bella 2009-02-12 13:38:38.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1250.1.1033.18.759.444 [GMT 1:00]
Running from: c:\documents and settings\Bella\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated)
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
ADS - explorer.exe: deleted 576 bytes in 2 streams.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Bella\ravmonlog
c:\documents and settings\Borko\ravmonlog
c:\windows\system32\appcert
c:\windows\system32\asferrorj.dll . . . . failed to delete

.
((((((((((((((((((((((((( Files Created from 2009-01-12 to 2009-02-12 )))))))))))))))))))))))))))))))
.

2009-02-09 18:34 . 2009-02-09 18:35 <DIR> d-------- c:\documents and settings\Borko\Application Data\vlc
2009-02-09 18:33 . 2009-02-09 18:33 <DIR> d-------- c:\program files\VideoLAN
2009-02-05 21:24 . 2009-02-08 14:11 <DIR> d-------- c:\documents and settings\Borko\Application Data\AVGTOOLBAR
2009-02-05 10:15 . 2009-02-12 13:35 <DIR> d--h----- C:\$AVG8.VAULT$
2009-02-05 10:14 . 2009-02-12 11:58 <DIR> d-------- c:\windows\system32\drivers\Avg
2009-02-05 10:14 . 2009-02-05 10:14 <DIR> d-------- c:\program files\AVG
2009-02-05 10:14 . 2009-02-05 12:25 <DIR> d-------- c:\documents and settings\Bella\Application Data\AVGTOOLBAR
2009-02-05 10:14 . 2009-02-12 13:43 <DIR> d-------- c:\documents and settings\All Users\Application Data\avg8
2009-02-05 10:14 . 2009-02-05 10:14 325,128 --a------ c:\windows\system32\drivers\avgldx86.sys
2009-02-05 10:14 . 2009-02-05 10:14 107,272 --a------ c:\windows\system32\drivers\avgtdix.sys
2009-02-05 10:14 . 2009-02-05 10:14 10,520 --a------ c:\windows\system32\avgrsstx.dll
2009-02-04 22:24 . 2009-02-04 22:24 8,633 --a------ C:\a6b5i3h6z5e5.exe
2009-01-24 23:58 . 2009-01-24 23:58 54,156 --ah----- c:\windows\QTFont.qfn
2009-01-24 23:58 . 2009-01-24 23:58 1,409 --a------ c:\windows\QTFont.for
2009-01-24 17:45 . 2009-01-24 17:45 <DIR> d-------- c:\program files\Evernote
2009-01-20 00:04 . 2009-01-20 00:04 <DIR> d-------- c:\program files\PlayPianoTODAY
2009-01-15 01:02 . 2009-01-15 01:02 <DIR> d-------- c:\documents and settings\All Users\Application Data\Symantec
2009-01-15 01:00 . 2009-02-05 10:02 <DIR> d-------- c:\documents and settings\All Users\Application Data\Norton
2009-01-15 01:00 . 2009-01-15 01:00 36,272 -ra------ c:\windows\system32\drivers\SymIM.sys
2009-01-15 00:59 . 2009-01-15 00:59 <DIR> d-------- c:\documents and settings\All Users\Application Data\NortonInstaller
2009-01-14 14:14 . 2009-01-14 14:14 50 --a------ c:\windows\WININIT.INI

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-02-12 10:57 --------- d-----w c:\program files\Flock
2009-02-11 11:34 --------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-02-09 15:25 --------- d-----w c:\program files\NCH Swift Sound
2009-02-09 15:21 --------- d-----w c:\program files\DivX
2009-01-24 16:45 --------- d--h--w c:\program files\InstallShield Installation Information
2009-01-23 22:48 --------- d-----w c:\documents and settings\Borko\Application Data\Winamp
2009-01-19 23:03 737,280 -c--a-w c:\windows\iun6002.exe
2009-01-18 15:45 1,033,728 ----a-w c:\windows\explorer.exe
2009-01-05 12:12 --------- d-----w c:\documents and settings\All Users\Application Data\NCH Swift Sound
2009-01-05 11:55 --------- d-----w c:\documents and settings\Borko\Application Data\NCH Swift Sound
2008-12-30 22:32 --------- d-----w c:\documents and settings\Bella\Application Data\Winamp
2008-12-30 21:57 --------- d-----w c:\program files\Winamp
2008-12-30 21:56 --------- d-----w c:\program files\Windows Media Connect 2
2008-12-23 09:27 --------- d-----w c:\program files\Spybot - Search & Destroy
2008-12-23 07:59 --------- d-----w c:\documents and settings\All Users\Application Data\ESET
2008-12-22 16:03 --------- d-----w c:\program files\Common Files\Wise Installation Wizard
2007-01-04 16:51 604 -c-ha-w c:\program files\STLL Notifier
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7C568414-D589-4FCA-A508-BB3673ADBCE4}]
2009-02-12 13:42 104960 --a------ c:\windows\system32\asferrorj.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"Windows Video Drivers"="c:\recycler\S-1-5-21-6707281032-7796660059-958187083-6929\winlogon.exe" [2009-01-20 89600]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2008-09-16 1833296]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-11-14 815104]
"QlbCtrl.exe"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2007-10-19 177456]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-02-05 1601304]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2006-09-01 282624]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-02-05 10:14 10520 c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\swtbzsgl]
2009-02-12 13:42 104960 c:\windows\system32\asferrorj.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.AP41"= APmpg4v1.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^GStartup.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\GStartup.lnk
backup=c:\windows\pss\GStartup.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WinZip Quick Pick.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk
backup=c:\windows\pss\WinZip Quick Pick.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
--a------ 2008-04-14 01:12 15360 c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
--a------ 2007-06-19 16:26 84760 c:\windows\system32\hkcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxhkcmd]
--a------ 2007-06-19 16:26 84760 c:\windows\system32\hkcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxpers]
--a------ 2007-06-19 16:26 125720 c:\windows\system32\igfxpers.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
--a------ 2007-06-19 16:26 101144 c:\windows\system32\igfxtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--a------ 2008-04-14 01:12 1695232 c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBJ]
-----c--- 2005-02-10 16:00 1937408 c:\program files\Ahead\Nero BackItUp\NBJ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a--c--- 2001-07-09 09:50 155648 c:\windows\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OM2_Monitor]
--a------ 2007-02-08 19:43 95800 c:\program files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
--a------ 2007-06-19 16:26 125720 c:\windows\system32\igfxpers.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2006-09-01 14:57 282624 c:\program files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
--a--c--- 2004-11-02 19:24 32768 c:\program files\CyberLink\PowerDVD\PDVDServ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMax]
--a------ 2004-09-23 12:41 860160 c:\program files\Analog Devices\SoundMAX\SMax4.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAXPnP]
--a------ 2004-10-14 09:11 1388544 c:\program files\Analog Devices\SoundMAX\SMax4PNP.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
--a------ 2006-11-14 16:02 815104 c:\program files\Synaptics\SynTP\SynTPEnh.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPLpr]
--a------ 2004-11-04 17:40 98394 c:\program files\Synaptics\SynTP\SynTPLpr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]
-ra--c--- 2004-11-22 07:18 307200 c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AGRSMMSG]
--a--c--- 2004-08-24 10:20 88363 c:\windows\AGRSMMSG.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\SoulseekNS\\slsk.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\explorer.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"15281:TCP"= 15281:TCP:NortonAV
"12085:TCP"= 12085:TCP:NortonAV
"16057:TCP"= 16057:TCP:NortonAV
"48205:TCP"= 48205:TCP:@xpsp2res.dll,-22009
"80:TCP"= 80:TCP:@xpsp2res.dll,-22009
"1867:TCP"= 1867:TCP:@xpsp2res.dll,-22009
"63041:TCP"= 63041:TCP:@xpsp2res.dll,-22009
"40529:TCP"= 40529:TCP:@xpsp2res.dll,-22009
"5194:TCP"= 5194:TCP:@xpsp2res.dll,-22009
"32065:TCP"= 32065:TCP:@xpsp2res.dll,-22009
"42305:TCP"= 42305:TCP:@xpsp2res.dll,-22009
"53827:TCP"= 53827:TCP:@xpsp2res.dll,-22009
"22353:TCP"= 22353:TCP:@xpsp2res.dll,-22009
"34371:TCP"= 34371:TCP:@xpsp2res.dll,-22009
"2129:TCP"= 2129:TCP:@xpsp2res.dll,-22009
"3665:TCP"= 3665:TCP:@xpsp2res.dll,-22009
"58177:TCP"= 58177:TCP:@xpsp2res.dll,-22009
"23117:TCP"= 23117:TCP:@xpsp2res.dll,-22009
"39233:TCP"= 39233:TCP:@xpsp2res.dll,-22009
"42563:TCP"= 42563:TCP:@xpsp2res.dll,-22009
"54353:TCP"= 54353:TCP:@xpsp2res.dll,-22009
"43597:TCP"= 43597:TCP:@xpsp2res.dll,-22009
"20035:TCP"= 20035:TCP:@xpsp2res.dll,-22009
"11587:TCP"= 11587:TCP:@xpsp2res.dll,-22009
"50243:TCP"= 50243:TCP:@xpsp2res.dll,-22009
"36675:TCP"= 36675:TCP:@xpsp2res.dll,-22009
"18243:TCP"= 18243:TCP:@xpsp2res.dll,-22009
"64587:TCP"= 64587:TCP:@xpsp2res.dll,-22009
"47691:TCP"= 47691:TCP:@xpsp2res.dll,-22009
"30032:TCP"= 30032:TCP:@xpsp2res.dll,-22009
"37441:TCP"= 37441:TCP:@xpsp2res.dll,-22009
"11075:TCP"= 11075:TCP:@xpsp2res.dll,-22009
"32080:TCP"= 32080:TCP:@xpsp2res.dll,-22009
"35403:TCP"= 35403:TCP:@xpsp2res.dll,-22009
"52299:TCP"= 52299:TCP:@xpsp2res.dll,-22009
"56387:TCP"= 56387:TCP:@xpsp2res.dll,-22009
"27201:TCP"= 27201:TCP:@xpsp2res.dll,-22009
"46913:TCP"= 46913:TCP:@xpsp2res.dll,-22009
"52305:TCP"= 52305:TCP:@xpsp2res.dll,-22009
"21325:TCP"= 21325:TCP:@xpsp2res.dll,-22009
"53585:TCP"= 53585:TCP:@xpsp2res.dll,-22009
"45137:TCP"= 45137:TCP:@xpsp2res.dll,-22009
"50763:TCP"= 50763:TCP:@xpsp2res.dll,-22009
"10570:TCP"= 10570:TCP:@xpsp2res.dll,-22009
"26691:TCP"= 26691:TCP:@xpsp2res.dll,-22009
"2897:TCP"= 2897:TCP:@xpsp2res.dll,-22009
"64321:TCP"= 64321:TCP:@xpsp2res.dll,-22009
"30797:TCP"= 30797:TCP:@xpsp2res.dll,-22009
"34881:TCP"= 34881:TCP:@xpsp2res.dll,-22009
"39501:TCP"= 39501:TCP:@xpsp2res.dll,-22009
"11601:TCP"= 11601:TCP:@xpsp2res.dll,-22009
"21059:TCP"= 21059:TCP:@xpsp2res.dll,-22009
"28749:TCP"= 28749:TCP:@xpsp2res.dll,-22009
"2893:TCP"= 2893:TCP:@xpsp2res.dll,-22009
"12109:TCP"= 12109:TCP:@xpsp2res.dll,-22009
"55121:TCP"= 55121:TCP:@xpsp2res.dll,-22009
"24141:TCP"= 24141:TCP:@xpsp2res.dll,-22009
"48193:TCP"= 48193:TCP:@xpsp2res.dll,-22009
"5187:TCP"= 5187:TCP:@xpsp2res.dll,-22009
"47681:TCP"= 47681:TCP:@xpsp2res.dll,-22009
"25933:TCP"= 25933:TCP:@xpsp2res.dll,-22009
"833:TCP"= 833:TCP:@xpsp2res.dll,-22009
"41549:TCP"= 41549:TCP:@xpsp2res.dll,-22009
"36939:TCP"= 36939:TCP:@xpsp2res.dll,-22009
"35153:TCP"= 35153:TCP:@xpsp2res.dll,-22009
"23361:TCP"= 23361:TCP:@xpsp2res.dll,-22009
"12625:TCP"= 12625:TCP:@xpsp2res.dll,-22009
"1611:TCP"= 1611:TCP:@xpsp2res.dll,-22009
"7501:TCP"= 7501:TCP:@xpsp2res.dll,-22009
"4683:TCP"= 4683:TCP:@xpsp2res.dll,-22009
"38721:TCP"= 38721:TCP:@xpsp2res.dll,-22009
"10317:TCP"= 10317:TCP:@xpsp2res.dll,-22009
"22097:TCP"= 22097:TCP:@xpsp2res.dll,-22009
"47683:TCP"= 47683:TCP:@xpsp2res.dll,-22009
"31040:TCP"= 31040:TCP:@xpsp2res.dll,-22009
"48707:TCP"= 48707:TCP:@xpsp2res.dll,-22009
"6721:TCP"= 6721:TCP:@xpsp2res.dll,-22009
"9035:TCP"= 9035:TCP:@xpsp2res.dll,-22009
"10305:TCP"= 10305:TCP:@xpsp2res.dll,-22009
"13123:TCP"= 13123:TCP:@xpsp2res.dll,-22009
"10577:TCP"= 10577:TCP:@xpsp2res.dll,-22009
"47947:TCP"= 47947:TCP:@xpsp2res.dll,-22009
"37185:TCP"= 37185:TCP:@xpsp2res.dll,-22009
"47435:TCP"= 47435:TCP:@xpsp2res.dll,-22009
"19521:TCP"= 19521:TCP:@xpsp2res.dll,-22009
"2123:TCP"= 2123:TCP:@xpsp2res.dll,-22009
"43329:TCP"= 43329:TCP:@xpsp2res.dll,-22009
"321:TCP"= 321:TCP:@xpsp2res.dll,-22009
"2381:TCP"= 2381:TCP:@xpsp2res.dll,-22009
"41547:TCP"= 41547:TCP:@xpsp2res.dll,-22009
"19777:TCP"= 19777:TCP:@xpsp2res.dll,-22009
"10561:TCP"= 10561:TCP:@xpsp2res.dll,-22009
"1857:TCP"= 1857:TCP:@xpsp2res.dll,-22009
"19025:TCP"= 19025:TCP:@xpsp2res.dll,-22009
"4163:TCP"= 4163:TCP:@xpsp2res.dll,-22009
"57409:TCP"= 57409:TCP:@xpsp2res.dll,-22009
"10065:TCP"= 10065:TCP:@xpsp2res.dll,-22009
"46401:TCP"= 46401:TCP:@xpsp2res.dll,-22009
"6481:TCP"= 6481:TCP:@xpsp2res.dll,-22009
"44875:TCP"= 44875:TCP:@xpsp2res.dll,-22009
"44609:TCP"= 44609:TCP:@xpsp2res.dll,-22009
"51277:TCP"= 51277:TCP:@xpsp2res.dll,-22009
"33345:TCP"= 33345:TCP:@xpsp2res.dll,-22009
"58445:TCP"= 58445:TCP:@xpsp2res.dll,-22009
"62029:TCP"= 62029:TCP:@xpsp2res.dll,-22009
"59469:TCP"= 59469:TCP:@xpsp2res.dll,-22009
"27467:TCP"= 27467:TCP:@xpsp2res.dll,-22009
"22347:TCP"= 22347:TCP:@xpsp2res.dll,-22009
"31307:TCP"= 31307:TCP:@xpsp2res.dll,-22009
"62785:TCP"= 62785:TCP:@xpsp2res.dll,-22009
"5969:TCP"= 5969:TCP:@xpsp2res.dll,-22009
"61773:TCP"= 61773:TCP:@xpsp2res.dll,-22009
"37187:TCP"= 37187:TCP:@xpsp2res.dll,-22009
"33873:TCP"= 33873:TCP:@xpsp2res.dll,-22009
"49997:TCP"= 49997:TCP:@xpsp2res.dll,-22009
"43339:TCP"= 43339:TCP:@xpsp2res.dll,-22009
"36941:TCP"= 36941:TCP:@xpsp2res.dll,-22009
"10817:TCP"= 10817:TCP:@xpsp2res.dll,-22009
"12619:TCP"= 12619:TCP:@xpsp2res.dll,-22009
"37699:TCP"= 37699:TCP:@xpsp2res.dll,-22009
"31553:TCP"= 31553:TCP:@xpsp2res.dll,-22009
"46657:TCP"= 46657:TCP:@xpsp2res.dll,-22009
"37707:TCP"= 37707:TCP:@xpsp2res.dll,-22009
"49731:TCP"= 49731:TCP:@xpsp2res.dll,-22009
"12867:TCP"= 12867:TCP:@xpsp2res.dll,-22009
"12609:TCP"= 12609:TCP:@xpsp2res.dll,-22009
"21329:TCP"= 21329:TCP:@xpsp2res.dll,-22009
"31299:TCP"= 31299:TCP:@xpsp2res.dll,-22009
"31825:TCP"= 31825:TCP:@xpsp2res.dll,-22009
"40013:TCP"= 40013:TCP:@xpsp2res.dll,-22009
"61521:TCP"= 61521:TCP:@xpsp2res.dll,-22009
"29251:TCP"= 29251:TCP:@xpsp2res.dll,-22009
"55105:TCP"= 55105:TCP:@xpsp2res.dll,-22009
"61777:TCP"= 61777:TCP:@xpsp2res.dll,-22009
"11341:TCP"= 11341:TCP:@xpsp2res.dll,-22009
"2369:TCP"= 2369:TCP:@xpsp2res.dll,-22009
"38737:TCP"= 38737:TCP:@xpsp2res.dll,-22009
"12353:TCP"= 12353:TCP:@xpsp2res.dll,-22009
"6465:TCP"= 6465:TCP:@xpsp2res.dll,-22009
"40785:TCP"= 40785:TCP:@xpsp2res.dll,-22009
"22093:TCP"= 22093:TCP:@xpsp2res.dll,-22009
"57675:TCP"= 57675:TCP:@xpsp2res.dll,-22009
"19284:TCP"= 19284:TCP:@xpsp2res.dll,-22009
"45139:TCP"= 45139:TCP:@xpsp2res.dll,-22009
"48709:TCP"= 48709:TCP:@xpsp2res.dll,-22009
"17477:TCP"= 17477:TCP:@xpsp2res.dll,-22009
"46405:TCP"= 46405:TCP:@xpsp2res.dll,-22009
"20805:TCP"= 20805:TCP:@xpsp2res.dll,-22009
"34132:TCP"= 34132:TCP:@xpsp2res.dll,-22009
"7251:TCP"= 7251:TCP:@xpsp2res.dll,-22009
"21587:TCP"= 21587:TCP:@xpsp2res.dll,-22009
"48197:TCP"= 48197:TCP:@xpsp2res.dll,-22009
"41043:TCP"= 41043:TCP:@xpsp2res.dll,-22009
"60741:TCP"= 60741:TCP:@xpsp2res.dll,-22009
"59717:TCP"= 59717:TCP:@xpsp2res.dll,-22009
"22867:TCP"= 22867:TCP:@xpsp2res.dll,-22009
"11589:TCP"= 11589:TCP:@xpsp2res.dll,-22009
"61523:TCP"= 61523:TCP:@xpsp2res.dll,-22009
"34131:TCP"= 34131:TCP:@xpsp2res.dll,-22009
"56403:TCP"= 56403:TCP:@xpsp2res.dll,-22009
"52820:TCP"= 52820:TCP:@xpsp2res.dll,-22009
"62548:TCP"= 62548:TCP:@xpsp2res.dll,-22009
"2387:TCP"= 2387:TCP:@xpsp2res.dll,-22009
"4435:TCP"= 4435:TCP:@xpsp2res.dll,-22009
"15187:TCP"= 15187:TCP:@xpsp2res.dll,-22009
"32084:TCP"= 32084:TCP:@xpsp2res.dll,-22009
"52563:TCP"= 52563:TCP:@xpsp2res.dll,-22009
"38227:TCP"= 38227:TCP:@xpsp2res.dll,-22009
"60499:TCP"= 60499:TCP:@xpsp2res.dll,-22009
"5460:TCP"= 5460:TCP:@xpsp2res.dll,-22009
"32595:TCP"= 32595:TCP:@xpsp2res.dll,-22009
"25940:TCP"= 25940:TCP:@xpsp2res.dll,-22009
"18245:TCP"= 18245:TCP:@xpsp2res.dll,-22009
"50004:TCP"= 50004:TCP:@xpsp2res.dll,-22009
"61779:TCP"= 61779:TCP:@xpsp2res.dll,-22009
"52564:TCP"= 52564:TCP:@xpsp2res.dll,-22009
"2629:TCP"= 2629:TCP:@xpsp2res.dll,-22009
"57428:TCP"= 57428:TCP:@xpsp2res.dll,-22009
"44627:TCP"= 44627:TCP:@xpsp2res.dll,-22009
"54867:TCP"= 54867:TCP:@xpsp2res.dll,-22009
"6995:TCP"= 6995:TCP:@xpsp2res.dll,-22009
"63571:TCP"= 63571:TCP:@xpsp2res.dll,-22009
"24404:TCP"= 24404:TCP:@xpsp2res.dll,-22009
"47697:TCP"= 47697:TCP:@xpsp2res.dll,-22009
"45899:TCP"= 45899:TCP:@xpsp2res.dll,-22009
"18241:TCP"= 18241:TCP:@xpsp2res.dll,-22009
"44867:TCP"= 44867:TCP:@xpsp2res.dll,-22009
"26961:TCP"= 26961:TCP:@xpsp2res.dll,-22009
"34113:TCP"= 34113:TCP:@xpsp2res.dll,-22009
"23363:TCP"= 23363:TCP:@xpsp2res.dll,-22009
"57681:TCP"= 57681:TCP:@xpsp2res.dll,-22009
"30033:TCP"= 30033:TCP:@xpsp2res.dll,-22009
"55633:TCP"= 55633:TCP:@xpsp2res.dll,-22009
"23115:TCP"= 23115:TCP:@xpsp2res.dll,-22009
"9027:TCP"= 9027:TCP:@xpsp2res.dll,-22009
"33105:TCP"= 33105:TCP:@xpsp2res.dll,-22009
"10829:TCP"= 10829:TCP:@xpsp2res.dll,-22009
"39747:TCP"= 39747:TCP:@xpsp2res.dll,-22009
"75:TCP"= 75:TCP:@xpsp2res.dll,-22009
"33355:TCP"= 33355:TCP:@xpsp2res.dll,-22009
"31555:TCP"= 31555:TCP:@xpsp2res.dll,-22009
"53835:TCP"= 53835:TCP:@xpsp2res.dll,-22009
"56139:TCP"= 56139:TCP:@xpsp2res.dll,-22009
"25675:TCP"= 25675:TCP:@xpsp2res.dll,-22009
"52801:TCP"= 52801:TCP:@xpsp2res.dll,-22009
"38225:TCP"= 38225:TCP:@xpsp2res.dll,-22009
"55107:TCP"= 55107:TCP:@xpsp2res.dll,-22009
"42315:TCP"= 42315:TCP:@xpsp2res.dll,-22009
"35405:TCP"= 35405:TCP:@xpsp2res.dll,-22009
"10819:TCP"= 10819:TCP:@xpsp2res.dll,-22009
"57677:TCP"= 57677:TCP:@xpsp2res.dll,-22009
"33613:TCP"= 33613:TCP:@xpsp2res.dll,-22009
"65357:TCP"= 65357:TCP:@xpsp2res.dll,-22009
"65355:TCP"= 65355:TCP:@xpsp2res.dll,-22009
"3139:TCP"= 3139:TCP:@xpsp2res.dll,-22009
"10827:TCP"= 10827:TCP:@xpsp2res.dll,-22009
"20299:TCP"= 20299:TCP:@xpsp2res.dll,-22009
"2627:TCP"= 2627:TCP:@xpsp2res.dll,-22009
"61249:TCP"= 61249:TCP:@xpsp2res.dll,-22009
"41537:TCP"= 41537:TCP:@xpsp2res.dll,-22009
"43075:TCP"= 43075:TCP:@xpsp2res.dll,-22009
"46411:TCP"= 46411:TCP:@xpsp2res.dll,-22009
"35659:TCP"= 35659:TCP:@xpsp2res.dll,-22009
"31297:TCP"= 31297:TCP:@xpsp2res.dll,-22009
"30017:TCP"= 30017:TCP:@xpsp2res.dll,-22009
"11851:TCP"= 11851:TCP:@xpsp2res.dll,-22009
"52803:TCP"= 52803:TCP:@xpsp2res.dll,-22009
"6219:TCP"= 6219:TCP:@xpsp2res.dll,-22009
"43853:TCP"= 43853:TCP:@xpsp2res.dll,-22009
"19779:TCP"= 19779:TCP:@xpsp2res.dll,-22009
"54083:TCP"= 54083:TCP:@xpsp2res.dll,-22009
"6477:TCP"= 6477:TCP:@xpsp2res.dll,-22009
"46161:TCP"= 46161:TCP:@xpsp2res.dll,-22009
"59201:TCP"= 59201:TCP:@xpsp2res.dll,-22009
"50513:TCP"= 50513:TCP:@xpsp2res.dll,-22009
"25923:TCP"= 25923:TCP:@xpsp2res.dll,-22009
"11597:TCP"= 11597:TCP:@xpsp2res.dll,-22009
"46669:TCP"= 46669:TCP:@xpsp2res.dll,-22009
"38221:TCP"= 38221:TCP:@xpsp2res.dll,-22009
"24643:TCP"= 24643:TCP:@xpsp2res.dll,-22009
"29515:TCP"= 29515:TCP:@xpsp2res.dll,-22009
"63057:TCP"= 63057:TCP:@xpsp2res.dll,-22009
"3403:TCP"= 3403:TCP:@xpsp2res.dll,-22009
"33611:TCP"= 33611:TCP:@xpsp2res.dll,-22009
"31051:TCP"= 31051:TCP:@xpsp2res.dll,-22009
"27713:TCP"= 27713:TCP:@xpsp2res.dll,-22009
"22609:TCP"= 22609:TCP:@xpsp2res.dll,-22009
"55629:TCP"= 55629:TCP:@xpsp2res.dll,-22009
"10321:TCP"= 10321:TCP:@xpsp2res.dll,-22009
"1613:TCP"= 1613:TCP:@xpsp2res.dll,-22009
"50507:TCP"= 50507:TCP:@xpsp2res.dll,-22009
"47953:TCP"= 47953:TCP:@xpsp2res.dll,-22009
"53313:TCP"= 53313:TCP:@xpsp2res.dll,-22009
"63565:TCP"= 63565:TCP:@xpsp2res.dll,-22009
"25153:TCP"= 25153:TCP:@xpsp2res.dll,-22009
"29763:TCP"= 29763:TCP:@xpsp2res.dll,-22009
"64065:TCP"= 64065:TCP:@xpsp2res.dll,-22009
"32067:TCP"= 32067:TCP:@xpsp2res.dll,-22009
"54097:TCP"= 54097:TCP:@xpsp2res.dll,-22009
"51011:TCP"= 51011:TCP:@xpsp2res.dll,-22009
"57165:TCP"= 57165:TCP:@xpsp2res.dll,-22009
"31041:TCP"= 31041:TCP:@xpsp2res.dll,-22009
"19267:TCP"= 19267:TCP:@xpsp2res.dll,-22009
"59217:TCP"= 59217:TCP:@xpsp2res.dll,-22009
"30529:TCP"= 30529:TCP:@xpsp2res.dll,-22009
"24657:TCP"= 24657:TCP:@xpsp2res.dll,-22009
"30273:TCP"= 30273:TCP:@xpsp2res.dll,-22009
"60235:TCP"= 60235:TCP:@xpsp2res.dll,-22009
"28227:TCP"= 28227:TCP:@xpsp2res.dll,-22009
"14915:TCP"= 14915:TCP:@xpsp2res.dll,-22009
"17997:TCP"= 17997:TCP:@xpsp2res.dll,-22009
"49229:TCP"= 49229:TCP:@xpsp2res.dll,-22009
"28491:TCP"= 28491:TCP:@xpsp2res.dll,-22009
"64075:TCP"= 64075:TCP:@xpsp2res.dll,-22009
"61251:TCP"= 61251:TCP:@xpsp2res.dll,-22009
"23105:TCP"= 23105:TCP:@xpsp2res.dll,-22009
"12365:TCP"= 12365:TCP:@xpsp2res.dll,-22009
"29507:TCP"= 29507:TCP:@xpsp2res.dll,-22009
"59211:TCP"= 59211:TCP:@xpsp2res.dll,-22009
"48449:TCP"= 48449:TCP:@xpsp2res.dll,-22009
"5185:TCP"= 5185:TCP:@xpsp2res.dll,-22009
"39491:TCP"= 39491:TCP:@xpsp2res.dll,-22009
"24131:TCP"= 24131:TCP:@xpsp2res.dll,-22009
"33089:TCP"= 33089:TCP:@xpsp2res.dll,-22009
"9281:TCP"= 9281:TCP:@xpsp2res.dll,-22009
"12355:TCP"= 12355:TCP:@xpsp2res.dll,-22009
"42307:TCP"= 42307:TCP:@xpsp2res.dll,-22009
"27469:TCP"= 27469:TCP:@xpsp2res.dll,-22009
"54609:TCP"= 54609:TCP:@xpsp2res.dll,-22009
"52561:TCP"= 52561:TCP:@xpsp2res.dll,-22009
"58961:TCP"= 58961:TCP:@xpsp2res.dll,-22009
"33603:TCP"= 33603:TCP:@xpsp2res.dll,-22009
"40273:TCP"= 40273:TCP:@xpsp2res.dll,-22009
"64577:TCP"= 64577:TCP:@xpsp2res.dll,-22009
"63569:TCP"= 63569:TCP:@xpsp2res.dll,-22009
"15171:TCP"= 15171:TCP:@xpsp2res.dll,-22009
"7745:TCP"= 7745:TCP:@xpsp2res.dll,-22009
"1347:TCP"= 1347:TCP:@xpsp2res.dll,-22009
"62529:TCP"= 62529:TCP:@xpsp2res.dll,-22009
"31811:TCP"= 31811:TCP:@xpsp2res.dll,-22009
"32833:TCP"= 32833:TCP:@xpsp2res.dll,-22009
"33857:TCP"= 33857:TCP:@xpsp2res.dll,-22009
"3907:TCP"= 3907:TCP:@xpsp2res.dll,-22009
"4465:TCP"= 4465:TCP:@xpsp2res.dll,-22009
"35186:TCP"= 35186:TCP:@xpsp2res.dll,-22009
"48753:TCP"= 48753:TCP:@xpsp2res.dll,-22009
"61553:TCP"= 61553:TCP:@xpsp2res.dll,-22009
"16497:TCP"= 16497:TCP:@xpsp2res.dll,-22009
"34161:TCP"= 34161:TCP:@xpsp2res.dll,-22009
"26993:TCP"= 26993:TCP:@xpsp2res.dll,-22009
"46705:TCP"= 46705:TCP:@xpsp2res.dll,-22009
"46449:TCP"= 46449:TCP:@xpsp2res.dll,-22009
"61042:TCP"= 61042:TCP:@xpsp2res.dll,-22009
"28273:TCP"= 28273:TCP:@xpsp2res.dll,-22009
"61297:TCP"= 61297:TCP:@xpsp2res.dll,-22009
"36978:TCP"= 36978:TCP:@xpsp2res.dll,-22009
"11378:TCP"= 11378:TCP:@xpsp2res.dll,-22009
"3185:TCP"= 3185:TCP:@xpsp2res.dll,-22009
"5490:TCP"= 5490:TCP:@xpsp2res.dll,-22009
"11377:TCP"= 11377:TCP:@xpsp2res.dll,-22009
"56689:TCP"= 56689:TCP:@xpsp2res.dll,-22009
"44401:TCP"= 44401:TCP:@xpsp2res.dll,-22009
"21617:TCP"= 21617:TCP:@xpsp2res.dll,-22009
"21361:TCP"= 21361:TCP:@xpsp2res.dll,-22009
"6002:TCP"= 6002:TCP:@xpsp2res.dll,-22009
"53105:TCP"= 53105:TCP:@xpsp2res.dll,-22009
"19825:TCP"= 19825:TCP:@xpsp2res.dll,-22009
"3953:TCP"= 3953:TCP:@xpsp2res.dll,-22009
"26738:TCP"= 26738:TCP:@xpsp2res.dll,-22009
"17777:TCP"= 17777:TCP:@xpsp2res.dll,-22009
"41841:TCP"= 41841:TCP:@xpsp2res.dll,-22009
"30577:TCP"= 30577:TCP:@xpsp2res.dll,-22009
"34929:TCP"= 34929:TCP:@xpsp2res.dll,-22009
"62834:TCP"= 62834:TCP:@xpsp2res.dll,-22009
"60786:TCP"= 60786:TCP:@xpsp2res.dll,-22009
"1905:TCP"= 1905:TCP:@xpsp2res.dll,-22009
"52593:TCP"= 52593:TCP:@xpsp2res.dll,-22009
"2930:TCP"= 2930:TCP:@xpsp2res.dll,-22009
"8306:TCP"= 8306:TCP:@xpsp2res.dll,-22009
"43889:TCP"= 43889:TCP:@xpsp2res.dll,-22009
"5489:TCP"= 5489:TCP:@xpsp2res.dll,-22009
"14705:TCP"= 14705:TCP:@xpsp2res.dll,-22009
"43377:TCP"= 43377:TCP:@xpsp2res.dll,-22009
"60273:TCP"= 60273:TCP:@xpsp2res.dll,-22009
"12657:TCP"= 12657:TCP:@xpsp2res.dll,-22009
"10865:TCP"= 10865:TCP:@xpsp2res.dll,-22009
"3698:TCP"= 3698:TCP:@xpsp2res.dll,-22009
"41329:TCP"= 41329:TCP:@xpsp2res.dll,-22009
"8049:TCP"= 8049:TCP:@xpsp2res.dll,-22009
"60017:TCP"= 60017:TCP:@xpsp2res.dll,-22009
"14450:TCP"= 14450:TCP:@xpsp2res.dll,-22009
"64369:TCP"= 64369:TCP:@xpsp2res.dll,-22009
"7025:TCP"= 7025:TCP:@xpsp2res.dll,-22009
"6513:TCP"= 6513:TCP:@xpsp2res.dll,-22009
"40817:TCP"= 40817:TCP:@xpsp2res.dll,-22009
"50546:TCP"= 50546:TCP:@xpsp2res.dll,-22009
"23410:TCP"= 23410:TCP:@xpsp2res.dll,-22009
"20594:TCP"= 20594:TCP:@xpsp2res.dll,-22009
"50033:TCP"= 50033:TCP:@xpsp2res.dll,-22009
"6257:TCP"= 6257:TCP:@xpsp2res.dll,-22009
"14961:TCP"= 14961:TCP:@xpsp2res.dll,-22009
"2417:TCP"= 2417:TCP:@xpsp2res.dll,-22009
"27761:TCP"= 27761:TCP:@xpsp2res.dll,-22009
"57714:TCP"= 57714:TCP:@xpsp2res.dll,-22009
"13681:TCP"= 13681:TCP:@xpsp2res.dll,-22009
"29553:TCP"= 29553:TCP:@xpsp2res.dll,-22009
"45937:TCP"= 45937:TCP:@xpsp2res.dll,-22009
"15985:TCP"= 15985:TCP:@xpsp2res.dll,-22009
"12913:TCP"= 12913:TCP:@xpsp2res.dll,-22009
"11122:TCP"= 11122:TCP:@xpsp2res.dll,-22009
"51057:TCP"= 51057:TCP:@xpsp2res.dll,-22009
"15473:TCP"= 15473:TCP:@xpsp2res.dll,-22009
"5234:TCP"= 5234:TCP:@xpsp2res.dll,-22009
"33650:TCP"= 33650:TCP:@xpsp2res.dll,-22009
"52849:TCP"= 52849:TCP:@xpsp2res.dll,-22009
"47729:TCP"= 47729:TCP:@xpsp2res.dll,-22009
"56177:TCP"= 56177:TCP:@xpsp2res.dll,-22009
"1137:TCP"= 1137:TCP:@xpsp2res.dll,-22009
"42609:TCP"= 42609:TCP:@xpsp2res.dll,-22009
"38769:TCP"= 38769:TCP:@xpsp2res.dll,-22009
"33649:TCP"= 33649:TCP:@xpsp2res.dll,-22009
"61809:TCP"= 61809:TCP:@xpsp2res.dll,-22009
"38513:TCP"= 38513:TCP:@xpsp2res.dll,-22009
"65137:TCP"= 65137:TCP:@xpsp2res.dll,-22009
"57713:TCP"= 57713:TCP:@xpsp2res.dll,-22009
"28017:TCP"= 28017:TCP:@xpsp2res.dll,-22009
"14449:TCP"= 14449:TCP:@xpsp2res.dll,-22009
"113:TCP"= 113:TCP:@xpsp2res.dll,-22009
"50801:TCP"= 50801:TCP:@xpsp2res.dll,-22009
"44145:TCP"= 44145:TCP:@xpsp2res.dll,-22009
"882:TCP"= 882:TCP:@xpsp2res.dll,-22009
"20593:TCP"= 20593:TCP:@xpsp2res.dll,-22009
"33394:TCP"= 33394:TCP:@xpsp2res.dll,-22009
"52850:TCP"= 52850:TCP:@xpsp2res.dll,-22009
"40306:TCP"= 40306:TCP:@xpsp2res.dll,-22009
"55153:TCP"= 55153:TCP:@xpsp2res.dll,-22009
"22642:TCP"= 22642:TCP:@xpsp2res.dll,-22009
"51313:TCP"= 51313:TCP:@xpsp2res.dll,-22009
"22641:TCP"= 22641:TCP:@xpsp2res.dll,-22009
"55410:TCP"= 55410:TCP:@xpsp2res.dll,-22009
"64625:TCP"= 64625:TCP:@xpsp2res.dll,-22009
"15217:TCP"= 15217:TCP:@xpsp2res.dll,-22009
"46193:TCP"= 46193:TCP:@xpsp2res.dll,-22009
"23666:TCP"= 23666:TCP:@xpsp2res.dll,-22009
"64113:TCP"= 64113:TCP:@xpsp2res.dll,-22009
"65394:TCP"= 65394:TCP:@xpsp2res.dll,-22009
"32626:TCP"= 32626:TCP:@xpsp2res.dll,-22009
"8305:TCP"= 8305:TCP:@xpsp2res.dll,-22009
"6514:TCP"= 6514:TCP:@xpsp2res.dll,-22009
"25202:TCP"= 25202:TCP:@xpsp2res.dll,-22009
"41073:TCP"= 41073:TCP:@xpsp2res.dll,-22009
"31602:TCP"= 31602:TCP:@xpsp2res.dll,-22009
"10610:TCP"= 10610:TCP:@xpsp2res.dll,-22009
"58738:TCP"= 58738:TCP:@xpsp2res.dll,-22009
"35185:TCP"= 35185:TCP:@xpsp2res.dll,-22009
"29042:TCP"= 29042:TCP:@xpsp2res.dll,-22009
"58482:TCP"= 58482:TCP:@xpsp2res.dll,-22009
"13425:TCP"= 13425:TCP:@xpsp2res.dll,-22009
"19057:TCP"= 19057:TCP:@xpsp2res.dll,-22009
"25714:TCP"= 25714:TCP:@xpsp2res.dll,-22009
"6001:TCP"= 6001:TCP:@xpsp2res.dll,-22009
"63602:TCP"= 63602:TCP:@xpsp2res.dll,-22009
"56690:TCP"= 56690:TCP:@xpsp2res.dll,-22009
"24946:TCP"= 24946:TCP:@xpsp2res.dll,-22009
"30321:TCP"= 30321:TCP:@xpsp2res.dll,-22009
"23153:TCP"= 23153:TCP:@xpsp2res.dll,-22009
"3442:TCP"= 3442:TCP:@xpsp2res.dll,-22009
"55665:TCP"= 55665:TCP:@xpsp2res.dll,-22009
"7281:TCP"= 7281:TCP:@xpsp2res.dll,-22009
"26994:TCP"= 26994:TCP:@xpsp2res.dll,-22009
"27250:TCP"= 27250:TCP:@xpsp2res.dll,-22009
"8050:TCP"= 8050:TCP:@xpsp2res.dll,-22009
"36465:TCP"= 36465:TCP:@xpsp2res.dll,-22009
"54130:TCP"= 54130:TCP:@xpsp2res.dll,-22009
"21873:TCP"= 21873:TCP:@xpsp2res.dll,-22009
"11889:TCP"= 11889:TCP:@xpsp2res.dll,-22009

R0 zbwvfbyf;zbwvfbyf;c:\windows\system32\drivers\zbwvfbyf.sys [2001-08-23 23424]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-02-05 325128]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-02-05 107272]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2009-02-05 298264]
S2 Microsoft Service Controler;Microsoft Service Controler;"c:\windows\system32\drivers\services.exe" --> c:\windows\system32\drivers\services.exe [?]
S2 zeucyyyx;IP Traffic Filter Helper;c:\windows\System32\svchost.exe -k netsvcs [2001-08-23 14336]
S3 jgameenp;jgameenp;\??\c:\docume~1\Bella\LOCALS~1\Temp\jgameenp.sys --> c:\docume~1\Bella\LOCALS~1\Temp\jgameenp.sys [?]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
zeucyyyx
.
Contents of the 'Scheduled Tasks' folder

2009-02-12 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2008\OneClickStarter.exe [2008-06-20 09:09]
.
- - - - ORPHANS REMOVED - - - -

BHO-{594E7FF5-9484-46CD-824A-A2362BCF826C} - c:\windows\system32\ciadminj.dll
Toolbar-ID - (no file)
MSConfigStartUp-avast! - c:\progra~1\ALWILS~1\Avast4\ashDisp.exe
MSConfigStartUp-CMESys - c:\program files\Common Files\CMEII\CMESys.exe
MSConfigStartUp-DAEMON Tools-1033 - c:\program files\D-Tools\daemon.exe
MSConfigStartUp-ke645fe8 - c:\windows\system32\ke645fe8.exe
MSConfigStartUp-ML1HelperStartUp - c:\progra~1\MIDNIG~1\ML1HEL~1.EXE
MSConfigStartUp-My Web Search Bar - c:\progra~1\MYWEBS~1\bar\1.bin\MWSBAR.DLL
MSConfigStartUp-MyWebSearch Email Plugin - c:\progra~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
MSConfigStartUp-swg - c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
MSConfigStartUp-WinampAgent - c:\program files\Winamp\winampa.exe
MSConfigStartUp-MSI Configuration - msiconf.exe
MSConfigStartUp-msiconf - msiconf.exe


.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &Search - ?p=ZKxdm016YYHR
IE: Add to Evernote - c:\program files\Evernote\Evernote3\enbar.dll/2000
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
DPF: {33331111-1111-1111-1111-622221193458} - file://c:\ex.cab
DPF: {64311111-1111-1121-1111-111191113457} - file://c:\eied_s7.cab
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net
Rootkit scan 2009-02-12 13:43:15
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\ccEvtMgr]
"ImagePath"="-"

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\SAVRT]
"ImagePath"="-"

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\SNDSrvc]
"ImagePath"="-"
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Analog Devices\SoundMAX\SMAgent.exe
c:\program files\Hewlett-Packard\Shared\hpqwmiex.exe
c:\program files\AVG\AVG8\avgrsx.exe
c:\progra~1\AVG\AVG8\avgnsx.exe
.
**************************************************************************
.
Completion time: 2009-02-12 13:46:09 - machine was rebooted
ComboFix-quarantined-files.txt 2009-02-12 12:46:06

Pre-Run: 1.203.486.720 bytes free
Post-Run: 1,283,481,600 bytes free

Current=2 Default=2 Failed=1 LastKnownGood=3 Sets=1,2,3,4
649 --- E O F --- 2008-12-31 05:09:50

offline
  • Pridružio: 04 Sep 2003
  • Poruke: 24135
  • Gde živiš: Wien

Nemoj USB stick i slicne uredjaje setati izmedju kompjutera sve dok ih ne ocistimo.
Zamolio bih te da ih cistimo jedan po jedan jer cu se inace izgubiti u logovima.

Pokrenucemo ponovo sada ComboFix, i zamolio bih te da ovaj put dopustis da ComboFix instalira Recovery Console.
Iskljuci ponovo antivirus program dok ovo radimo, inace se moze desiti da antivirus proceni da je ComboFix suvise agresivan, pa da ne dozvoli da zavrsi posao.
Takodje iskljuci TeaTimer (deo SpyBot S&D), inace ce nam blokirati popravke registry baze.

Otvoriti Notepad i iskopirati sledeci tekst:

File::
C:\a6b5i3h6z5e5.exe
c:\windows\system32\asferrorj.dll
c:\recycler\S-1-5-21-6707281032-7796660059-958187083-6929\winlogon.exe
c:\windows\system32\drivers\zbwvfbyf.sys
c:\windows\system32\drivers\services.exe
c:\docume~1\Bella\LOCALS~1\Temp\jgameenp.sys
c:\ex.cab
c:\eied_s7.cab

KillAll::

NetSvc::
zeucyyyx

Driver::
zbwvfbyf
Microsoft Service Controler
jgameenp

Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7C568414-D589-4FCA-A508-BB3673ADBCE4}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Video Drivers"=-
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\swtbzsgl]


Snimiti na Desktop fajl iz Notepada kao "CFScript"




Prevuci snimljeni skript/tekst na ComboFix ikonicu kao na slici.
Postaviti u sledecoj poruci log koji bude bio napravljen na kraju ciscenja/skeniranja.

offline
  • vr7600 
  • Novi MyCity građanin
  • Pridružio: 25 Jan 2008
  • Poruke: 26

Bog!
Prvo isprike zbog 2 loga. Mislio sam da će biti prikazani ko linkovi.

Napravio sam sve kako si rekao. 2x!
Prilažem ti 1.log.
ComboFix mi nije tražio, niti instalirao recovery console.


mycity.rs/must-login.png






ComboFix 09-02-11.02 - Bella 2009-02-12 21:49:43.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1250.385.1033.18.759.464 [GMT 1:00]
Running from: c:\documents and settings\Bella\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Bella\Desktop\CFScript.txt
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated)
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE ::
C:\a6b5i3h6z5e5.exe
c:\docume~1\Bella\LOCALS~1\Temp\jgameenp.sys
c:\eied_s7.cab
c:\ex.cab
c:\recycler\S-1-5-21-6707281032-7796660059-958187083-6929\winlogon.exe
c:\windows\system32\asferrorj.dll
c:\windows\system32\drivers\services.exe
c:\windows\system32\drivers\zbwvfbyf.sys
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\a6b5i3h6z5e5.exe
c:\recycler\S-1-5-21-6707281032-7796660059-958187083-6929\winlogon.exe
c:\windows\system32\asferrorj.dll
c:\windows\system32\drivers\zbwvfbyf.sys

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_JGAMEENP
-------\Legacy_MICROSOFT_SERVICE_CONTROLER
-------\Legacy_ZBWVFBYF
-------\Service_jgameenp
-------\Service_Microsoft Service Controler
-------\Service_zbwvfbyf
-------\Legacy_zeucyyyx
-------\Service_zeucyyyx


((((((((((((((((((((((((( Files Created from 2009-01-12 to 2009-02-12 )))))))))))))))))))))))))))))))
.

2009-02-09 18:34 . 2009-02-09 18:35 <DIR> d-------- c:\documents and settings\Borko\Application Data\vlc
2009-02-09 18:33 . 2009-02-09 18:33 <DIR> d-------- c:\program files\VideoLAN
2009-02-05 21:24 . 2009-02-08 14:11 <DIR> d-------- c:\documents and settings\Borko\Application Data\AVGTOOLBAR
2009-02-05 10:15 . 2009-02-12 13:51 <DIR> d--h----- C:\$AVG8.VAULT$
2009-02-05 10:14 . 2009-02-12 11:58 <DIR> d-------- c:\windows\system32\drivers\Avg
2009-02-05 10:14 . 2009-02-05 10:14 <DIR> d-------- c:\program files\AVG
2009-02-05 10:14 . 2009-02-05 12:25 <DIR> d-------- c:\documents and settings\Bella\Application Data\AVGTOOLBAR
2009-02-05 10:14 . 2009-02-12 13:43 <DIR> d-------- c:\documents and settings\All Users\Application Data\avg8
2009-02-05 10:14 . 2009-02-05 10:14 325,128 --a------ c:\windows\system32\drivers\avgldx86.sys
2009-02-05 10:14 . 2009-02-05 10:14 107,272 --a------ c:\windows\system32\drivers\avgtdix.sys
2009-02-05 10:14 . 2009-02-05 10:14 10,520 --a------ c:\windows\system32\avgrsstx.dll
2009-01-24 23:58 . 2009-01-24 23:58 54,156 --ah----- c:\windows\QTFont.qfn
2009-01-24 23:58 . 2009-01-24 23:58 1,409 --a------ c:\windows\QTFont.for
2009-01-24 17:45 . 2009-01-24 17:45 <DIR> d-------- c:\program files\Evernote
2009-01-20 00:04 . 2009-01-20 00:04 <DIR> d-------- c:\program files\PlayPianoTODAY
2009-01-15 01:02 . 2009-01-15 01:02 <DIR> d-------- c:\documents and settings\All Users\Application Data\Symantec
2009-01-15 01:00 . 2009-02-05 10:02 <DIR> d-------- c:\documents and settings\All Users\Application Data\Norton
2009-01-15 01:00 . 2009-01-15 01:00 36,272 -ra------ c:\windows\system32\drivers\SymIM.sys
2009-01-15 00:59 . 2009-01-15 00:59 <DIR> d-------- c:\documents and settings\All Users\Application Data\NortonInstaller
2009-01-14 14:14 . 2009-01-14 14:14 50 --a------ c:\windows\WININIT.INI

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-02-12 20:30 --------- d-----w c:\program files\Flock
2009-02-11 11:34 --------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-02-09 15:25 --------- d-----w c:\program files\NCH Swift Sound
2009-02-09 15:21 --------- d-----w c:\program files\DivX
2009-01-24 16:45 --------- d--h--w c:\program files\InstallShield Installation Information
2009-01-23 22:48 --------- d-----w c:\documents and settings\Borko\Application Data\Winamp
2009-01-19 23:03 737,280 -c--a-w c:\windows\iun6002.exe
2009-01-18 15:45 1,033,728 ----a-w c:\windows\explorer.exe
2009-01-05 12:12 --------- d-----w c:\documents and settings\All Users\Application Data\NCH Swift Sound
2009-01-05 11:55 --------- d-----w c:\documents and settings\Borko\Application Data\NCH Swift Sound
2008-12-30 22:32 --------- d-----w c:\documents and settings\Bella\Application Data\Winamp
2008-12-30 21:57 --------- d-----w c:\program files\Winamp
2008-12-30 21:56 --------- d-----w c:\program files\Windows Media Connect 2
2008-12-23 09:27 --------- d-----w c:\program files\Spybot - Search & Destroy
2008-12-23 07:59 --------- d-----w c:\documents and settings\All Users\Application Data\ESET
2008-12-22 16:03 --------- d-----w c:\program files\Common Files\Wise Installation Wizard
2007-01-04 16:51 604 -c-ha-w c:\program files\STLL Notifier
.

((((((((((((((((((((((((((((( SnapShot@2009-02-12_13.44.46.09 )))))))))))))))))))))))))))))))))))))))))
.
+ 2005-10-20 19:02:28 163,328 ----a-w c:\windows\ERDNT\subs\ERDNT.EXE
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{594E7FF5-9484-46CD-824A-A2362BCF826C}]
c:\windows\system32\ciadminj.dll [BU]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-11-14 815104]
"QlbCtrl.exe"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2007-10-19 177456]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-02-05 1601304]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2006-09-01 282624]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-02-05 10:14 10520 c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.AP41"= APmpg4v1.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^GStartup.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\GStartup.lnk
backup=c:\windows\pss\GStartup.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WinZip Quick Pick.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk
backup=c:\windows\pss\WinZip Quick Pick.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
--a------ 2008-04-14 01:12 15360 c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
--a------ 2007-06-19 16:26 84760 c:\windows\system32\hkcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxhkcmd]
--a------ 2007-06-19 16:26 84760 c:\windows\system32\hkcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxpers]
--a------ 2007-06-19 16:26 125720 c:\windows\system32\igfxpers.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
--a------ 2007-06-19 16:26 101144 c:\windows\system32\igfxtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--a------ 2008-04-14 01:12 1695232 c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBJ]
-----c--- 2005-02-10 16:00 1937408 c:\program files\Ahead\Nero BackItUp\NBJ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a--c--- 2001-07-09 09:50 155648 c:\windows\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OM2_Monitor]
--a------ 2007-02-08 19:43 95800 c:\program files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
--a------ 2007-06-19 16:26 125720 c:\windows\system32\igfxpers.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2006-09-01 14:57 282624 c:\program files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
--a--c--- 2004-11-02 19:24 32768 c:\program files\CyberLink\PowerDVD\PDVDServ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMax]
--a------ 2004-09-23 12:41 860160 c:\program files\Analog Devices\SoundMAX\SMax4.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAXPnP]
--a------ 2004-10-14 09:11 1388544 c:\program files\Analog Devices\SoundMAX\SMax4PNP.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
--a------ 2006-11-14 16:02 815104 c:\program files\Synaptics\SynTP\SynTPEnh.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPLpr]
--a------ 2004-11-04 17:40 98394 c:\program files\Synaptics\SynTP\SynTPLpr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]
-ra--c--- 2004-11-22 07:18 307200 c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AGRSMMSG]
--a--c--- 2004-08-24 10:20 88363 c:\windows\AGRSMMSG.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\SoulseekNS\\slsk.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\explorer.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"15281:TCP"= 15281:TCP:NortonAV
"12085:TCP"= 12085:TCP:NortonAV
"16057:TCP"= 16057:TCP:NortonAV
"48205:TCP"= 48205:TCP:@xpsp2res.dll,-22009
"80:TCP"= 80:TCP:@xpsp2res.dll,-22009
"1867:TCP"= 1867:TCP:@xpsp2res.dll,-22009
"63041:TCP"= 63041:TCP:@xpsp2res.dll,-22009
"40529:TCP"= 40529:TCP:@xpsp2res.dll,-22009
"5194:TCP"= 5194:TCP:@xpsp2res.dll,-22009
"32065:TCP"= 32065:TCP:@xpsp2res.dll,-22009
"42305:TCP"= 42305:TCP:@xpsp2res.dll,-22009
"53827:TCP"= 53827:TCP:@xpsp2res.dll,-22009
"22353:TCP"= 22353:TCP:@xpsp2res.dll,-22009
"34371:TCP"= 34371:TCP:@xpsp2res.dll,-22009
"2129:TCP"= 2129:TCP:@xpsp2res.dll,-22009
"3665:TCP"= 3665:TCP:@xpsp2res.dll,-22009
"58177:TCP"= 58177:TCP:@xpsp2res.dll,-22009
"23117:TCP"= 23117:TCP:@xpsp2res.dll,-22009
"39233:TCP"= 39233:TCP:@xpsp2res.dll,-22009
"42563:TCP"= 42563:TCP:@xpsp2res.dll,-22009
"54353:TCP"= 54353:TCP:@xpsp2res.dll,-22009
"43597:TCP"= 43597:TCP:@xpsp2res.dll,-22009
"20035:TCP"= 20035:TCP:@xpsp2res.dll,-22009
"11587:TCP"= 11587:TCP:@xpsp2res.dll,-22009
"50243:TCP"= 50243:TCP:@xpsp2res.dll,-22009
"36675:TCP"= 36675:TCP:@xpsp2res.dll,-22009
"18243:TCP"= 18243:TCP:@xpsp2res.dll,-22009
"64587:TCP"= 64587:TCP:@xpsp2res.dll,-22009
"47691:TCP"= 47691:TCP:@xpsp2res.dll,-22009
"30032:TCP"= 30032:TCP:@xpsp2res.dll,-22009
"37441:TCP"= 37441:TCP:@xpsp2res.dll,-22009
"11075:TCP"= 11075:TCP:@xpsp2res.dll,-22009
"32080:TCP"= 32080:TCP:@xpsp2res.dll,-22009
"35403:TCP"= 35403:TCP:@xpsp2res.dll,-22009
"52299:TCP"= 52299:TCP:@xpsp2res.dll,-22009
"56387:TCP"= 56387:TCP:@xpsp2res.dll,-22009
"27201:TCP"= 27201:TCP:@xpsp2res.dll,-22009
"46913:TCP"= 46913:TCP:@xpsp2res.dll,-22009
"52305:TCP"= 52305:TCP:@xpsp2res.dll,-22009
"21325:TCP"= 21325:TCP:@xpsp2res.dll,-22009
"53585:TCP"= 53585:TCP:@xpsp2res.dll,-22009
"45137:TCP"= 45137:TCP:@xpsp2res.dll,-22009
"50763:TCP"= 50763:TCP:@xpsp2res.dll,-22009
"10570:TCP"= 10570:TCP:@xpsp2res.dll,-22009
"26691:TCP"= 26691:TCP:@xpsp2res.dll,-22009
"2897:TCP"= 2897:TCP:@xpsp2res.dll,-22009
"64321:TCP"= 64321:TCP:@xpsp2res.dll,-22009
"30797:TCP"= 30797:TCP:@xpsp2res.dll,-22009
"34881:TCP"= 34881:TCP:@xpsp2res.dll,-22009
"39501:TCP"= 39501:TCP:@xpsp2res.dll,-22009
"11601:TCP"= 11601:TCP:@xpsp2res.dll,-22009
"21059:TCP"= 21059:TCP:@xpsp2res.dll,-22009
"28749:TCP"= 28749:TCP:@xpsp2res.dll,-22009
"2893:TCP"= 2893:TCP:@xpsp2res.dll,-22009
"12109:TCP"= 12109:TCP:@xpsp2res.dll,-22009
"55121:TCP"= 55121:TCP:@xpsp2res.dll,-22009
"24141:TCP"= 24141:TCP:@xpsp2res.dll,-22009
"48193:TCP"= 48193:TCP:@xpsp2res.dll,-22009
"5187:TCP"= 5187:TCP:@xpsp2res.dll,-22009
"47681:TCP"= 47681:TCP:@xpsp2res.dll,-22009
"25933:TCP"= 25933:TCP:@xpsp2res.dll,-22009
"833:TCP"= 833:TCP:@xpsp2res.dll,-22009
"41549:TCP"= 41549:TCP:@xpsp2res.dll,-22009
"36939:TCP"= 36939:TCP:@xpsp2res.dll,-22009
"35153:TCP"= 35153:TCP:@xpsp2res.dll,-22009
"23361:TCP"= 23361:TCP:@xpsp2res.dll,-22009
"12625:TCP"= 12625:TCP:@xpsp2res.dll,-22009
"1611:TCP"= 1611:TCP:@xpsp2res.dll,-22009
"7501:TCP"= 7501:TCP:@xpsp2res.dll,-22009
"4683:TCP"= 4683:TCP:@xpsp2res.dll,-22009
"38721:TCP"= 38721:TCP:@xpsp2res.dll,-22009
"10317:TCP"= 10317:TCP:@xpsp2res.dll,-22009
"22097:TCP"= 22097:TCP:@xpsp2res.dll,-22009
"47683:TCP"= 47683:TCP:@xpsp2res.dll,-22009
"31040:TCP"= 31040:TCP:@xpsp2res.dll,-22009
"48707:TCP"= 48707:TCP:@xpsp2res.dll,-22009
"6721:TCP"= 6721:TCP:@xpsp2res.dll,-22009
"9035:TCP"= 9035:TCP:@xpsp2res.dll,-22009
"10305:TCP"= 10305:TCP:@xpsp2res.dll,-22009
"13123:TCP"= 13123:TCP:@xpsp2res.dll,-22009
"10577:TCP"= 10577:TCP:@xpsp2res.dll,-22009
"47947:TCP"= 47947:TCP:@xpsp2res.dll,-22009
"37185:TCP"= 37185:TCP:@xpsp2res.dll,-22009
"47435:TCP"= 47435:TCP:@xpsp2res.dll,-22009
"19521:TCP"= 19521:TCP:@xpsp2res.dll,-22009
"2123:TCP"= 2123:TCP:@xpsp2res.dll,-22009
"43329:TCP"= 43329:TCP:@xpsp2res.dll,-22009
"321:TCP"= 321:TCP:@xpsp2res.dll,-22009
"2381:TCP"= 2381:TCP:@xpsp2res.dll,-22009
"41547:TCP"= 41547:TCP:@xpsp2res.dll,-22009
"19777:TCP"= 19777:TCP:@xpsp2res.dll,-22009
"10561:TCP"= 10561:TCP:@xpsp2res.dll,-22009
"1857:TCP"= 1857:TCP:@xpsp2res.dll,-22009
"19025:TCP"= 19025:TCP:@xpsp2res.dll,-22009
"4163:TCP"= 4163:TCP:@xpsp2res.dll,-22009
"57409:TCP"= 57409:TCP:@xpsp2res.dll,-22009
"10065:TCP"= 10065:TCP:@xpsp2res.dll,-22009
"46401:TCP"= 46401:TCP:@xpsp2res.dll,-22009
"6481:TCP"= 6481:TCP:@xpsp2res.dll,-22009
"44875:TCP"= 44875:TCP:@xpsp2res.dll,-22009
"44609:TCP"= 44609:TCP:@xpsp2res.dll,-22009
"51277:TCP"= 51277:TCP:@xpsp2res.dll,-22009
"33345:TCP"= 33345:TCP:@xpsp2res.dll,-22009
"58445:TCP"= 58445:TCP:@xpsp2res.dll,-22009
"62029:TCP"= 62029:TCP:@xpsp2res.dll,-22009
"59469:TCP"= 59469:TCP:@xpsp2res.dll,-22009
"27467:TCP"= 27467:TCP:@xpsp2res.dll,-22009
"22347:TCP"= 22347:TCP:@xpsp2res.dll,-22009
"31307:TCP"= 31307:TCP:@xpsp2res.dll,-22009
"62785:TCP"= 62785:TCP:@xpsp2res.dll,-22009
"5969:TCP"= 5969:TCP:@xpsp2res.dll,-22009
"61773:TCP"= 61773:TCP:@xpsp2res.dll,-22009
"37187:TCP"= 37187:TCP:@xpsp2res.dll,-22009
"33873:TCP"= 33873:TCP:@xpsp2res.dll,-22009
"49997:TCP"= 49997:TCP:@xpsp2res.dll,-22009
"43339:TCP"= 43339:TCP:@xpsp2res.dll,-22009
"36941:TCP"= 36941:TCP:@xpsp2res.dll,-22009
"10817:TCP"= 10817:TCP:@xpsp2res.dll,-22009
"12619:TCP"= 12619:TCP:@xpsp2res.dll,-22009
"37699:TCP"= 37699:TCP:@xpsp2res.dll,-22009
"31553:TCP"= 31553:TCP:@xpsp2res.dll,-22009
"46657:TCP"= 46657:TCP:@xpsp2res.dll,-22009
"37707:TCP"= 37707:TCP:@xpsp2res.dll,-22009
"49731:TCP"= 49731:TCP:@xpsp2res.dll,-22009
"12867:TCP"= 12867:TCP:@xpsp2res.dll,-22009
"12609:TCP"= 12609:TCP:@xpsp2res.dll,-22009
"21329:TCP"= 21329:TCP:@xpsp2res.dll,-22009
"31299:TCP"= 31299:TCP:@xpsp2res.dll,-22009
"31825:TCP"= 31825:TCP:@xpsp2res.dll,-22009
"40013:TCP"= 40013:TCP:@xpsp2res.dll,-22009
"61521:TCP"= 61521:TCP:@xpsp2res.dll,-22009
"29251:TCP"= 29251:TCP:@xpsp2res.dll,-22009
"55105:TCP"= 55105:TCP:@xpsp2res.dll,-22009
"61777:TCP"= 61777:TCP:@xpsp2res.dll,-22009
"11341:TCP"= 11341:TCP:@xpsp2res.dll,-22009
"2369:TCP"= 2369:TCP:@xpsp2res.dll,-22009
"38737:TCP"= 38737:TCP:@xpsp2res.dll,-22009
"12353:TCP"= 12353:TCP:@xpsp2res.dll,-22009
"6465:TCP"= 6465:TCP:@xpsp2res.dll,-22009
"40785:TCP"= 40785:TCP:@xpsp2res.dll,-22009
"22093:TCP"= 22093:TCP:@xpsp2res.dll,-22009
"57675:TCP"= 57675:TCP:@xpsp2res.dll,-22009
"19284:TCP"= 19284:TCP:@xpsp2res.dll,-22009
"45139:TCP"= 45139:TCP:@xpsp2res.dll,-22009
"48709:TCP"= 48709:TCP:@xpsp2res.dll,-22009
"17477:TCP"= 17477:TCP:@xpsp2res.dll,-22009
"46405:TCP"= 46405:TCP:@xpsp2res.dll,-22009
"20805:TCP"= 20805:TCP:@xpsp2res.dll,-22009
"34132:TCP"= 34132:TCP:@xpsp2res.dll,-22009
"7251:TCP"= 7251:TCP:@xpsp2res.dll,-22009
"21587:TCP"= 21587:TCP:@xpsp2res.dll,-22009
"48197:TCP"= 48197:TCP:@xpsp2res.dll,-22009
"41043:TCP"= 41043:TCP:@xpsp2res.dll,-22009
"60741:TCP"= 60741:TCP:@xpsp2res.dll,-22009
"59717:TCP"= 59717:TCP:@xpsp2res.dll,-22009
"22867:TCP"= 22867:TCP:@xpsp2res.dll,-22009
"11589:TCP"= 11589:TCP:@xpsp2res.dll,-22009
"61523:TCP"= 61523:TCP:@xpsp2res.dll,-22009
"34131:TCP"= 34131:TCP:@xpsp2res.dll,-22009
"56403:TCP"= 56403:TCP:@xpsp2res.dll,-22009
"52820:TCP"= 52820:TCP:@xpsp2res.dll,-22009
"62548:TCP"= 62548:TCP:@xpsp2res.dll,-22009
"2387:TCP"= 2387:TCP:@xpsp2res.dll,-22009
"4435:TCP"= 4435:TCP:@xpsp2res.dll,-22009
"15187:TCP"= 15187:TCP:@xpsp2res.dll,-22009
"32084:TCP"= 32084:TCP:@xpsp2res.dll,-22009
"52563:TCP"= 52563:TCP:@xpsp2res.dll,-22009
"38227:TCP"= 38227:TCP:@xpsp2res.dll,-22009
"60499:TCP"= 60499:TCP:@xpsp2res.dll,-22009
"5460:TCP"= 5460:TCP:@xpsp2res.dll,-22009
"32595:TCP"= 32595:TCP:@xpsp2res.dll,-22009
"25940:TCP"= 25940:TCP:@xpsp2res.dll,-22009
"18245:TCP"= 18245:TCP:@xpsp2res.dll,-22009
"50004:TCP"= 50004:TCP:@xpsp2res.dll,-22009
"61779:TCP"= 61779:TCP:@xpsp2res.dll,-22009
"52564:TCP"= 52564:TCP:@xpsp2res.dll,-22009
"2629:TCP"= 2629:TCP:@xpsp2res.dll,-22009
"57428:TCP"= 57428:TCP:@xpsp2res.dll,-22009
"44627:TCP"= 44627:TCP:@xpsp2res.dll,-22009
"54867:TCP"= 54867:TCP:@xpsp2res.dll,-22009
"6995:TCP"= 6995:TCP:@xpsp2res.dll,-22009
"63571:TCP"= 63571:TCP:@xpsp2res.dll,-22009
"24404:TCP"= 24404:TCP:@xpsp2res.dll,-22009
"47697:TCP"= 47697:TCP:@xpsp2res.dll,-22009
"45899:TCP"= 45899:TCP:@xpsp2res.dll,-22009
"18241:TCP"= 18241:TCP:@xpsp2res.dll,-22009
"44867:TCP"= 44867:TCP:@xpsp2res.dll,-22009
"26961:TCP"= 26961:TCP:@xpsp2res.dll,-22009
"34113:TCP"= 34113:TCP:@xpsp2res.dll,-22009
"23363:TCP"= 23363:TCP:@xpsp2res.dll,-22009
"57681:TCP"= 57681:TCP:@xpsp2res.dll,-22009
"30033:TCP"= 30033:TCP:@xpsp2res.dll,-22009
"55633:TCP"= 55633:TCP:@xpsp2res.dll,-22009
"23115:TCP"= 23115:TCP:@xpsp2res.dll,-22009
"9027:TCP"= 9027:TCP:@xpsp2res.dll,-22009
"33105:TCP"= 33105:TCP:@xpsp2res.dll,-22009
"10829:TCP"= 10829:TCP:@xpsp2res.dll,-22009
"39747:TCP"= 39747:TCP:@xpsp2res.dll,-22009
"75:TCP"= 75:TCP:@xpsp2res.dll,-22009
"33355:TCP"= 33355:TCP:@xpsp2res.dll,-22009
"31555:TCP"= 31555:TCP:@xpsp2res.dll,-22009
"53835:TCP"= 53835:TCP:@xpsp2res.dll,-22009
"56139:TCP"= 56139:TCP:@xpsp2res.dll,-22009
"25675:TCP"= 25675:TCP:@xpsp2res.dll,-22009
"52801:TCP"= 52801:TCP:@xpsp2res.dll,-22009
"38225:TCP"= 38225:TCP:@xpsp2res.dll,-22009
"55107:TCP"= 55107:TCP:@xpsp2res.dll,-22009
"42315:TCP"= 42315:TCP:@xpsp2res.dll,-22009
"35405:TCP"= 35405:TCP:@xpsp2res.dll,-22009
"10819:TCP"= 10819:TCP:@xpsp2res.dll,-22009
"57677:TCP"= 57677:TCP:@xpsp2res.dll,-22009
"33613:TCP"= 33613:TCP:@xpsp2res.dll,-22009
"65357:TCP"= 65357:TCP:@xpsp2res.dll,-22009
"65355:TCP"= 65355:TCP:@xpsp2res.dll,-22009
"3139:TCP"= 3139:TCP:@xpsp2res.dll,-22009
"10827:TCP"= 10827:TCP:@xpsp2res.dll,-22009
"20299:TCP"= 20299:TCP:@xpsp2res.dll,-22009
"2627:TCP"= 2627:TCP:@xpsp2res.dll,-22009
"61249:TCP"= 61249:TCP:@xpsp2res.dll,-22009
"41537:TCP"= 41537:TCP:@xpsp2res.dll,-22009
"43075:TCP"= 43075:TCP:@xpsp2res.dll,-22009
"46411:TCP"= 46411:TCP:@xpsp2res.dll,-22009
"35659:TCP"= 35659:TCP:@xpsp2res.dll,-22009
"31297:TCP"= 31297:TCP:@xpsp2res.dll,-22009
"30017:TCP"= 30017:TCP:@xpsp2res.dll,-22009
"11851:TCP"= 11851:TCP:@xpsp2res.dll,-22009
"52803:TCP"= 52803:TCP:@xpsp2res.dll,-22009
"6219:TCP"= 6219:TCP:@xpsp2res.dll,-22009
"43853:TCP"= 43853:TCP:@xpsp2res.dll,-22009
"19779:TCP"= 19779:TCP:@xpsp2res.dll,-22009
"54083:TCP"= 54083:TCP:@xpsp2res.dll,-22009
"6477:TCP"= 6477:TCP:@xpsp2res.dll,-22009
"46161:TCP"= 46161:TCP:@xpsp2res.dll,-22009
"59201:TCP"= 59201:TCP:@xpsp2res.dll,-22009
"50513:TCP"= 50513:TCP:@xpsp2res.dll,-22009
"25923:TCP"= 25923:TCP:@xpsp2res.dll,-22009
"11597:TCP"= 11597:TCP:@xpsp2res.dll,-22009
"46669:TCP"= 46669:TCP:@xpsp2res.dll,-22009
"38221:TCP"= 38221:TCP:@xpsp2res.dll,-22009
"24643:TCP"= 24643:TCP:@xpsp2res.dll,-22009
"29515:TCP"= 29515:TCP:@xpsp2res.dll,-22009
"63057:TCP"= 63057:TCP:@xpsp2res.dll,-22009
"3403:TCP"= 3403:TCP:@xpsp2res.dll,-22009
"33611:TCP"= 33611:TCP:@xpsp2res.dll,-22009
"31051:TCP"= 31051:TCP:@xpsp2res.dll,-22009
"27713:TCP"= 27713:TCP:@xpsp2res.dll,-22009
"22609:TCP"= 22609:TCP:@xpsp2res.dll,-22009
"55629:TCP"= 55629:TCP:@xpsp2res.dll,-22009
"10321:TCP"= 10321:TCP:@xpsp2res.dll,-22009
"1613:TCP"= 1613:TCP:@xpsp2res.dll,-22009
"50507:TCP"= 50507:TCP:@xpsp2res.dll,-22009
"47953:TCP"= 47953:TCP:@xpsp2res.dll,-22009
"53313:TCP"= 53313:TCP:@xpsp2res.dll,-22009
"63565:TCP"= 63565:TCP:@xpsp2res.dll,-22009
"25153:TCP"= 25153:TCP:@xpsp2res.dll,-22009
"29763:TCP"= 29763:TCP:@xpsp2res.dll,-22009
"64065:TCP"= 64065:TCP:@xpsp2res.dll,-22009
"32067:TCP"= 32067:TCP:@xpsp2res.dll,-22009
"54097:TCP"= 54097:TCP:@xpsp2res.dll,-22009
"51011:TCP"= 51011:TCP:@xpsp2res.dll,-22009
"57165:TCP"= 57165:TCP:@xpsp2res.dll,-22009
"31041:TCP"= 31041:TCP:@xpsp2res.dll,-22009
"19267:TCP"= 19267:TCP:@xpsp2res.dll,-22009
"59217:TCP"= 59217:TCP:@xpsp2res.dll,-22009
"30529:TCP"= 30529:TCP:@xpsp2res.dll,-22009
"24657:TCP"= 24657:TCP:@xpsp2res.dll,-22009
"30273:TCP"= 30273:TCP:@xpsp2res.dll,-22009
"60235:TCP"= 60235:TCP:@xpsp2res.dll,-22009
"28227:TCP"= 28227:TCP:@xpsp2res.dll,-22009
"14915:TCP"= 14915:TCP:@xpsp2res.dll,-22009
"17997:TCP"= 17997:TCP:@xpsp2res.dll,-22009
"49229:TCP"= 49229:TCP:@xpsp2res.dll,-22009
"28491:TCP"= 28491:TCP:@xpsp2res.dll,-22009
"64075:TCP"= 64075:TCP:@xpsp2res.dll,-22009
"61251:TCP"= 61251:TCP:@xpsp2res.dll,-22009
"23105:TCP"= 23105:TCP:@xpsp2res.dll,-22009
"12365:TCP"= 12365:TCP:@xpsp2res.dll,-22009
"29507:TCP"= 29507:TCP:@xpsp2res.dll,-22009
"59211:TCP"= 59211:TCP:@xpsp2res.dll,-22009
"48449:TCP"= 48449:TCP:@xpsp2res.dll,-22009
"5185:TCP"= 5185:TCP:@xpsp2res.dll,-22009
"39491:TCP"= 39491:TCP:@xpsp2res.dll,-22009
"24131:TCP"= 24131:TCP:@xpsp2res.dll,-22009
"33089:TCP"= 33089:TCP:@xpsp2res.dll,-22009
"9281:TCP"= 9281:TCP:@xpsp2res.dll,-22009
"12355:TCP"= 12355:TCP:@xpsp2res.dll,-22009
"42307:TCP"= 42307:TCP:@xpsp2res.dll,-22009
"27469:TCP"= 27469:TCP:@xpsp2res.dll,-22009
"54609:TCP"= 54609:TCP:@xpsp2res.dll,-22009
"52561:TCP"= 52561:TCP:@xpsp2res.dll,-22009
"58961:TCP"= 58961:TCP:@xpsp2res.dll,-22009
"33603:TCP"= 33603:TCP:@xpsp2res.dll,-22009
"40273:TCP"= 40273:TCP:@xpsp2res.dll,-22009
"64577:TCP"= 64577:TCP:@xpsp2res.dll,-22009
"63569:TCP"= 63569:TCP:@xpsp2res.dll,-22009
"15171:TCP"= 15171:TCP:@xpsp2res.dll,-22009
"7745:TCP"= 7745:TCP:@xpsp2res.dll,-22009
"1347:TCP"= 1347:TCP:@xpsp2res.dll,-22009
"62529:TCP"= 62529:TCP:@xpsp2res.dll,-22009
"31811:TCP"= 31811:TCP:@xpsp2res.dll,-22009
"32833:TCP"= 32833:TCP:@xpsp2res.dll,-22009
"33857:TCP"= 33857:TCP:@xpsp2res.dll,-22009
"3907:TCP"= 3907:TCP:@xpsp2res.dll,-22009
"4465:TCP"= 4465:TCP:@xpsp2res.dll,-22009
"35186:TCP"= 35186:TCP:@xpsp2res.dll,-22009
"48753:TCP"= 48753:TCP:@xpsp2res.dll,-22009
"61553:TCP"= 61553:TCP:@xpsp2res.dll,-22009
"16497:TCP"= 16497:TCP:@xpsp2res.dll,-22009
"34161:TCP"= 34161:TCP:@xpsp2res.dll,-22009
"26993:TCP"= 26993:TCP:@xpsp2res.dll,-22009
"46705:TCP"= 46705:TCP:@xpsp2res.dll,-22009
"46449:TCP"= 46449:TCP:@xpsp2res.dll,-22009
"61042:TCP"= 61042:TCP:@xpsp2res.dll,-22009
"28273:TCP"= 28273:TCP:@xpsp2res.dll,-22009
"61297:TCP"= 61297:TCP:@xpsp2res.dll,-22009
"36978:TCP"= 36978:TCP:@xpsp2res.dll,-22009
"11378:TCP"= 11378:TCP:@xpsp2res.dll,-22009
"3185:TCP"= 3185:TCP:@xpsp2res.dll,-22009
"5490:TCP"= 5490:TCP:@xpsp2res.dll,-22009
"11377:TCP"= 11377:TCP:@xpsp2res.dll,-22009
"56689:TCP"= 56689:TCP:@xpsp2res.dll,-22009
"44401:TCP"= 44401:TCP:@xpsp2res.dll,-22009
"21617:TCP"= 21617:TCP:@xpsp2res.dll,-22009
"21361:TCP"= 21361:TCP:@xpsp2res.dll,-22009
"6002:TCP"= 6002:TCP:@xpsp2res.dll,-22009
"53105:TCP"= 53105:TCP:@xpsp2res.dll,-22009
"19825:TCP"= 19825:TCP:@xpsp2res.dll,-22009
"3953:TCP"= 3953:TCP:@xpsp2res.dll,-22009
"26738:TCP"= 26738:TCP:@xpsp2res.dll,-22009
"17777:TCP"= 17777:TCP:@xpsp2res.dll,-22009
"41841:TCP"= 41841:TCP:@xpsp2res.dll,-22009
"30577:TCP"= 30577:TCP:@xpsp2res.dll,-22009
"34929:TCP"= 34929:TCP:@xpsp2res.dll,-22009
"62834:TCP"= 62834:TCP:@xpsp2res.dll,-22009
"60786:TCP"= 60786:TCP:@xpsp2res.dll,-22009
"1905:TCP"= 1905:TCP:@xpsp2res.dll,-22009
"52593:TCP"= 52593:TCP:@xpsp2res.dll,-22009
"2930:TCP"= 2930:TCP:@xpsp2res.dll,-22009
"8306:TCP"= 8306:TCP:@xpsp2res.dll,-22009
"43889:TCP"= 43889:TCP:@xpsp2res.dll,-22009
"5489:TCP"= 5489:TCP:@xpsp2res.dll,-22009
"14705:TCP"= 14705:TCP:@xpsp2res.dll,-22009
"43377:TCP"= 43377:TCP:@xpsp2res.dll,-22009
"60273:TCP"= 60273:TCP:@xpsp2res.dll,-22009
"12657:TCP"= 12657:TCP:@xpsp2res.dll,-22009
"10865:TCP"= 10865:TCP:@xpsp2res.dll,-22009
"3698:TCP"= 3698:TCP:@xpsp2res.dll,-22009
"41329:TCP"= 41329:TCP:@xpsp2res.dll,-22009
"8049:TCP"= 8049:TCP:@xpsp2res.dll,-22009
"60017:TCP"= 60017:TCP:@xpsp2res.dll,-22009
"14450:TCP"= 14450:TCP:@xpsp2res.dll,-22009
"64369:TCP"= 64369:TCP:@xpsp2res.dll,-22009
"7025:TCP"= 7025:TCP:@xpsp2res.dll,-22009
"6513:TCP"= 6513:TCP:@xpsp2res.dll,-22009
"40817:TCP"= 40817:TCP:@xpsp2res.dll,-22009
"50546:TCP"= 50546:TCP:@xpsp2res.dll,-22009
"23410:TCP"= 23410:TCP:@xpsp2res.dll,-22009
"20594:TCP"= 20594:TCP:@xpsp2res.dll,-22009
"50033:TCP"= 50033:TCP:@xpsp2res.dll,-22009
"6257:TCP"= 6257:TCP:@xpsp2res.dll,-22009
"14961:TCP"= 14961:TCP:@xpsp2res.dll,-22009
"2417:TCP"= 2417:TCP:@xpsp2res.dll,-22009
"27761:TCP"= 27761:TCP:@xpsp2res.dll,-22009
"57714:TCP"= 57714:TCP:@xpsp2res.dll,-22009
"13681:TCP"= 13681:TCP:@xpsp2res.dll,-22009
"29553:TCP"= 29553:TCP:@xpsp2res.dll,-22009
"45937:TCP"= 45937:TCP:@xpsp2res.dll,-22009
"15985:TCP"= 15985:TCP:@xpsp2res.dll,-22009
"12913:TCP"= 12913:TCP:@xpsp2res.dll,-22009
"11122:TCP"= 11122:TCP:@xpsp2res.dll,-22009
"51057:TCP"= 51057:TCP:@xpsp2res.dll,-22009
"15473:TCP"= 15473:TCP:@xpsp2res.dll,-22009
"5234:TCP"= 5234:TCP:@xpsp2res.dll,-22009
"33650:TCP"= 33650:TCP:@xpsp2res.dll,-22009
"52849:TCP"= 52849:TCP:@xpsp2res.dll,-22009
"47729:TCP"= 47729:TCP:@xpsp2res.dll,-22009
"56177:TCP"= 56177:TCP:@xpsp2res.dll,-22009
"1137:TCP"= 1137:TCP:@xpsp2res.dll,-22009
"42609:TCP"= 42609:TCP:@xpsp2res.dll,-22009
"38769:TCP"= 38769:TCP:@xpsp2res.dll,-22009
"33649:TCP"= 33649:TCP:@xpsp2res.dll,-22009
"61809:TCP"= 61809:TCP:@xpsp2res.dll,-22009
"38513:TCP"= 38513:TCP:@xpsp2res.dll,-22009
"65137:TCP"= 65137:TCP:@xpsp2res.dll,-22009
"57713:TCP"= 57713:TCP:@xpsp2res.dll,-22009
"28017:TCP"= 28017:TCP:@xpsp2res.dll,-22009
"14449:TCP"= 14449:TCP:@xpsp2res.dll,-22009
"113:TCP"= 113:TCP:@xpsp2res.dll,-22009
"50801:TCP"= 50801:TCP:@xpsp2res.dll,-22009
"44145:TCP"= 44145:TCP:@xpsp2res.dll,-22009
"882:TCP"= 882:TCP:@xpsp2res.dll,-22009
"20593:TCP"= 20593:TCP:@xpsp2res.dll,-22009
"33394:TCP"= 33394:TCP:@xpsp2res.dll,-22009
"52850:TCP"= 52850:TCP:@xpsp2res.dll,-22009
"40306:TCP"= 40306:TCP:@xpsp2res.dll,-22009
"55153:TCP"= 55153:TCP:@xpsp2res.dll,-22009
"22642:TCP"= 22642:TCP:@xpsp2res.dll,-22009
"51313:TCP"= 51313:TCP:@xpsp2res.dll,-22009
"22641:TCP"= 22641:TCP:@xpsp2res.dll,-22009
"55410:TCP"= 55410:TCP:@xpsp2res.dll,-22009
"64625:TCP"= 64625:TCP:@xpsp2res.dll,-22009
"15217:TCP"= 15217:TCP:@xpsp2res.dll,-22009
"46193:TCP"= 46193:TCP:@xpsp2res.dll,-22009
"23666:TCP"= 23666:TCP:@xpsp2res.dll,-22009
"64113:TCP"= 64113:TCP:@xpsp2res.dll,-22009
"65394:TCP"= 65394:TCP:@xpsp2res.dll,-22009
"32626:TCP"= 32626:TCP:@xpsp2res.dll,-22009
"8305:TCP"= 8305:TCP:@xpsp2res.dll,-22009
"6514:TCP"= 6514:TCP:@xpsp2res.dll,-22009
"25202:TCP"= 25202:TCP:@xpsp2res.dll,-22009
"41073:TCP"= 41073:TCP:@xpsp2res.dll,-22009
"31602:TCP"= 31602:TCP:@xpsp2res.dll,-22009
"10610:TCP"= 10610:TCP:@xpsp2res.dll,-22009
"58738:TCP"= 58738:TCP:@xpsp2res.dll,-22009
"35185:TCP"= 35185:TCP:@xpsp2res.dll,-22009
"29042:TCP"= 29042:TCP:@xpsp2res.dll,-22009
"58482:TCP"= 58482:TCP:@xpsp2res.dll,-22009
"13425:TCP"= 13425:TCP:@xpsp2res.dll,-22009
"19057:TCP"= 19057:TCP:@xpsp2res.dll,-22009
"25714:TCP"= 25714:TCP:@xpsp2res.dll,-22009
"6001:TCP"= 6001:TCP:@xpsp2res.dll,-22009
"63602:TCP"= 63602:TCP:@xpsp2res.dll,-22009
"56690:TCP"= 56690:TCP:@xpsp2res.dll,-22009
"24946:TCP"= 24946:TCP:@xpsp2res.dll,-22009
"30321:TCP"= 30321:TCP:@xpsp2res.dll,-22009
"23153:TCP"= 23153:TCP:@xpsp2res.dll,-22009
"3442:TCP"= 3442:TCP:@xpsp2res.dll,-22009
"55665:TCP"= 55665:TCP:@xpsp2res.dll,-22009
"7281:TCP"= 7281:TCP:@xpsp2res.dll,-22009
"26994:TCP"= 26994:TCP:@xpsp2res.dll,-22009
"27250:TCP"= 27250:TCP:@xpsp2res.dll,-22009
"8050:TCP"= 8050:TCP:@xpsp2res.dll,-22009
"36465:TCP"= 36465:TCP:@xpsp2res.dll,-22009
"54130:TCP"= 54130:TCP:@xpsp2res.dll,-22009
"21873:TCP"= 21873:TCP:@xpsp2res.dll,-22009
"11889:TCP"= 11889:TCP:@xpsp2res.dll,-22009

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-02-05 325128]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-02-05 107272]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2009-02-05 298264]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - ZBWVFBYF

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Contents of the 'Scheduled Tasks' folder

2009-02-12 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2008\OneClickStarter.exe [2008-06-20 09:09]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &Search - ?p=ZKxdm016YYHR
IE: Add to Evernote - c:\program files\Evernote\Evernote3\enbar.dll/2000
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
DPF: {33331111-1111-1111-1111-622221193458} - file://c:\ex.cab
DPF: {64311111-1111-1121-1111-111191113457} - file://c:\eied_s7.cab
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net
Rootkit scan 2009-02-12 21:56:37
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\ccEvtMgr]
"ImagePath"="-"

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\SAVRT]
"ImagePath"="-"

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\SNDSrvc]
"ImagePath"="-"
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Analog Devices\SoundMAX\SMAgent.exe
c:\program files\Hewlett-Packard\Shared\hpqwmiex.exe
c:\program files\AVG\AVG8\avgrsx.exe
c:\progra~1\AVG\AVG8\avgnsx.exe
.
**************************************************************************
.
Completion time: 2009-02-12 21:59:09 - machine was rebooted
ComboFix-quarantined-files.txt 2009-02-12 20:59:07
ComboFix2.txt 2009-02-12 12:46:13

Pre-Run: 1.458.593.792 bytes free
Post-Run: 1,374,756,864 bytes free

650 --- E O F --- 2008-12-31 05:09:50

offline
  • Pridružio: 04 Sep 2003
  • Poruke: 24135
  • Gde živiš: Wien

Ja sam iskopirao logove u tvoje poruke. Nemoj vise da ih kacis kao fajlove, vec ih jednostavno iskopiraj u poruku preko Copy/Paste.
Ovo je nama bitno za reference za kasnije slucajeve, posto samo ovako pretraga na forumu moze da nadje ranije slucajeve u kojima smo resavali nesto slicno.


Hajmo dalje:
Otvoriti Notepad i iskopirati sledeci tekst:

File::
c:\windows\system32\ciadminj.dll

Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{594E7FF5-9484-46CD-824A-A2362BCF826C}]


Snimiti na Desktop fajl iz Notepada kao "CFScript"




Prevuci snimljeni skript/tekst na ComboFix ikonicu kao na slici.
Postaviti u sledecoj poruci log koji bude bio napravljen na kraju ciscenja/skeniranja.

========================

Ja cu sada morati na spavanje, posto sutra ustajem rano za na posao.
Tvoj log koji mi budes postavio cu moci da pregledam tek sutra posle podne.

offline
  • vr7600 
  • Novi MyCity građanin
  • Pridružio: 25 Jan 2008
  • Poruke: 26

ComboFix 09-02-11.02 - Bella 2009-02-13 0:15:14.4 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1250.385.1033.18.759.465 [GMT 1:00]
Running from: c:\documents and settings\Bella\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Bella\Desktop\CFScript.txt
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated)
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE ::
c:\windows\system32\ciadminj.dll
.

((((((((((((((((((((((((( Files Created from 2009-01-12 to 2009-02-12 )))))))))))))))))))))))))))))))
.

2009-02-09 18:34 . 2009-02-09 18:35 <DIR> d-------- c:\documents and settings\Borko\Application Data\vlc
2009-02-09 18:33 . 2009-02-09 18:33 <DIR> d-------- c:\program files\VideoLAN
2009-02-05 21:24 . 2009-02-08 14:11 <DIR> d-------- c:\documents and settings\Borko\Application Data\AVGTOOLBAR
2009-02-05 10:15 . 2009-02-12 13:51 <DIR> d--h----- C:\$AVG8.VAULT$
2009-02-05 10:14 . 2009-02-12 11:58 <DIR> d-------- c:\windows\system32\drivers\Avg
2009-02-05 10:14 . 2009-02-05 10:14 <DIR> d-------- c:\program files\AVG
2009-02-05 10:14 . 2009-02-05 12:25 <DIR> d-------- c:\documents and settings\Bella\Application Data\AVGTOOLBAR
2009-02-05 10:14 . 2009-02-12 13:43 <DIR> d-------- c:\documents and settings\All Users\Application Data\avg8
2009-02-05 10:14 . 2009-02-05 10:14 325,128 --a------ c:\windows\system32\drivers\avgldx86.sys
2009-02-05 10:14 . 2009-02-05 10:14 107,272 --a------ c:\windows\system32\drivers\avgtdix.sys
2009-02-05 10:14 . 2009-02-05 10:14 10,520 --a------ c:\windows\system32\avgrsstx.dll
2009-01-24 23:58 . 2009-01-24 23:58 54,156 --ah----- c:\windows\QTFont.qfn
2009-01-24 23:58 . 2009-01-24 23:58 1,409 --a------ c:\windows\QTFont.for
2009-01-24 17:45 . 2009-01-24 17:45 <DIR> d-------- c:\program files\Evernote
2009-01-20 00:04 . 2009-01-20 00:04 <DIR> d-------- c:\program files\PlayPianoTODAY
2009-01-15 01:02 . 2009-01-15 01:02 <DIR> d-------- c:\documents and settings\All Users\Application Data\Symantec
2009-01-15 01:00 . 2009-02-05 10:02 <DIR> d-------- c:\documents and settings\All Users\Application Data\Norton
2009-01-15 01:00 . 2009-01-15 01:00 36,272 -ra------ c:\windows\system32\drivers\SymIM.sys
2009-01-15 00:59 . 2009-01-15 00:59 <DIR> d-------- c:\documents and settings\All Users\Application Data\NortonInstaller
2009-01-14 14:14 . 2009-01-14 14:14 50 --a------ c:\windows\WININIT.INI

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-02-12 23:07 --------- d-----w c:\program files\Flock
2009-02-12 12:42 104,960 ----a-w c:\windows\system32\hxzglujue.dll
2009-02-11 11:34 --------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-02-09 15:25 --------- d-----w c:\program files\NCH Swift Sound
2009-02-09 15:21 --------- d-----w c:\program files\DivX
2009-02-08 00:50 4,984,707 ----a-w c:\windows\java\Packages\JTN7ZZLR.ZIP
2009-02-08 00:50 4,254,611 ----a-w c:\windows\java\Packages\LJ793LZF.ZIP
2009-01-24 16:45 --------- d--h--w c:\program files\InstallShield Installation Information
2009-01-23 22:48 --------- d-----w c:\documents and settings\Borko\Application Data\Winamp
2009-01-19 23:03 737,280 -c--a-w c:\windows\iun6002.exe
2009-01-18 15:45 1,033,728 ----a-w c:\windows\explorer.exe
2009-01-05 12:12 --------- d-----w c:\documents and settings\All Users\Application Data\NCH Swift Sound
2009-01-05 11:55 --------- d-----w c:\documents and settings\Borko\Application Data\NCH Swift Sound
2008-12-30 22:32 --------- d-----w c:\documents and settings\Bella\Application Data\Winamp
2008-12-30 21:57 --------- d-----w c:\program files\Winamp
2008-12-30 21:56 --------- d-----w c:\program files\Windows Media Connect 2
2008-12-23 09:27 --------- d-----w c:\program files\Spybot - Search & Destroy
2008-12-23 07:59 --------- d-----w c:\documents and settings\All Users\Application Data\ESET
2008-12-22 16:03 --------- d-----w c:\program files\Common Files\Wise Installation Wizard
2008-11-28 23:06 355,584 ----a-w c:\windows\system32\TuneUpDefragService.exe
2007-01-04 16:51 604 -c-ha-w c:\program files\STLL Notifier
.

((((((((((((((((((((((((((((( SnapShot@2009-02-12_13.44.46.09 )))))))))))))))))))))))))))))))))))))))))
.
+ 2005-10-20 19:02:28 163,328 ----a-w c:\windows\ERDNT\subs\ERDNT.EXE
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-11-14 815104]
"QlbCtrl.exe"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2007-10-19 177456]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-02-05 1601304]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2006-09-01 282624]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-02-05 10:14 10520 c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.AP41"= APmpg4v1.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^GStartup.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\GStartup.lnk
backup=c:\windows\pss\GStartup.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WinZip Quick Pick.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk
backup=c:\windows\pss\WinZip Quick Pick.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
--a------ 2008-04-14 01:12 15360 c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
--a------ 2007-06-19 16:26 84760 c:\windows\system32\hkcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxhkcmd]
--a------ 2007-06-19 16:26 84760 c:\windows\system32\hkcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxpers]
--a------ 2007-06-19 16:26 125720 c:\windows\system32\igfxpers.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
--a------ 2007-06-19 16:26 101144 c:\windows\system32\igfxtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--a------ 2008-04-14 01:12 1695232 c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBJ]
-----c--- 2005-02-10 16:00 1937408 c:\program files\Ahead\Nero BackItUp\NBJ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a--c--- 2001-07-09 09:50 155648 c:\windows\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OM2_Monitor]
--a------ 2007-02-08 19:43 95800 c:\program files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
--a------ 2007-06-19 16:26 125720 c:\windows\system32\igfxpers.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2006-09-01 14:57 282624 c:\program files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
--a--c--- 2004-11-02 19:24 32768 c:\program files\CyberLink\PowerDVD\PDVDServ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMax]
--a------ 2004-09-23 12:41 860160 c:\program files\Analog Devices\SoundMAX\SMax4.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAXPnP]
--a------ 2004-10-14 09:11 1388544 c:\program files\Analog Devices\SoundMAX\SMax4PNP.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
--a------ 2006-11-14 16:02 815104 c:\program files\Synaptics\SynTP\SynTPEnh.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPLpr]
--a------ 2004-11-04 17:40 98394 c:\program files\Synaptics\SynTP\SynTPLpr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]
-ra--c--- 2004-11-22 07:18 307200 c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AGRSMMSG]
--a--c--- 2004-08-24 10:20 88363 c:\windows\AGRSMMSG.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\SoulseekNS\\slsk.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\explorer.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"15281:TCP"= 15281:TCP:NortonAV
"12085:TCP"= 12085:TCP:NortonAV
"16057:TCP"= 16057:TCP:NortonAV
"48205:TCP"= 48205:TCP:@xpsp2res.dll,-22009
"80:TCP"= 80:TCP:@xpsp2res.dll,-22009
"1867:TCP"= 1867:TCP:@xpsp2res.dll,-22009
"63041:TCP"= 63041:TCP:@xpsp2res.dll,-22009
"40529:TCP"= 40529:TCP:@xpsp2res.dll,-22009
"5194:TCP"= 5194:TCP:@xpsp2res.dll,-22009
"32065:TCP"= 32065:TCP:@xpsp2res.dll,-22009
"42305:TCP"= 42305:TCP:@xpsp2res.dll,-22009
"53827:TCP"= 53827:TCP:@xpsp2res.dll,-22009
"22353:TCP"= 22353:TCP:@xpsp2res.dll,-22009
"34371:TCP"= 34371:TCP:@xpsp2res.dll,-22009
"2129:TCP"= 2129:TCP:@xpsp2res.dll,-22009
"3665:TCP"= 3665:TCP:@xpsp2res.dll,-22009
"58177:TCP"= 58177:TCP:@xpsp2res.dll,-22009
"23117:TCP"= 23117:TCP:@xpsp2res.dll,-22009
"39233:TCP"= 39233:TCP:@xpsp2res.dll,-22009
"42563:TCP"= 42563:TCP:@xpsp2res.dll,-22009
"54353:TCP"= 54353:TCP:@xpsp2res.dll,-22009
"43597:TCP"= 43597:TCP:@xpsp2res.dll,-22009
"20035:TCP"= 20035:TCP:@xpsp2res.dll,-22009
"11587:TCP"= 11587:TCP:@xpsp2res.dll,-22009
"50243:TCP"= 50243:TCP:@xpsp2res.dll,-22009
"36675:TCP"= 36675:TCP:@xpsp2res.dll,-22009
"18243:TCP"= 18243:TCP:@xpsp2res.dll,-22009
"64587:TCP"= 64587:TCP:@xpsp2res.dll,-22009
"47691:TCP"= 47691:TCP:@xpsp2res.dll,-22009
"30032:TCP"= 30032:TCP:@xpsp2res.dll,-22009
"37441:TCP"= 37441:TCP:@xpsp2res.dll,-22009
"11075:TCP"= 11075:TCP:@xpsp2res.dll,-22009
"32080:TCP"= 32080:TCP:@xpsp2res.dll,-22009
"35403:TCP"= 35403:TCP:@xpsp2res.dll,-22009
"52299:TCP"= 52299:TCP:@xpsp2res.dll,-22009
"56387:TCP"= 56387:TCP:@xpsp2res.dll,-22009
"27201:TCP"= 27201:TCP:@xpsp2res.dll,-22009
"46913:TCP"= 46913:TCP:@xpsp2res.dll,-22009
"52305:TCP"= 52305:TCP:@xpsp2res.dll,-22009
"21325:TCP"= 21325:TCP:@xpsp2res.dll,-22009
"53585:TCP"= 53585:TCP:@xpsp2res.dll,-22009
"45137:TCP"= 45137:TCP:@xpsp2res.dll,-22009
"50763:TCP"= 50763:TCP:@xpsp2res.dll,-22009
"10570:TCP"= 10570:TCP:@xpsp2res.dll,-22009
"26691:TCP"= 26691:TCP:@xpsp2res.dll,-22009
"2897:TCP"= 2897:TCP:@xpsp2res.dll,-22009
"64321:TCP"= 64321:TCP:@xpsp2res.dll,-22009
"30797:TCP"= 30797:TCP:@xpsp2res.dll,-22009
"34881:TCP"= 34881:TCP:@xpsp2res.dll,-22009
"39501:TCP"= 39501:TCP:@xpsp2res.dll,-22009
"11601:TCP"= 11601:TCP:@xpsp2res.dll,-22009
"21059:TCP"= 21059:TCP:@xpsp2res.dll,-22009
"28749:TCP"= 28749:TCP:@xpsp2res.dll,-22009
"2893:TCP"= 2893:TCP:@xpsp2res.dll,-22009
"12109:TCP"= 12109:TCP:@xpsp2res.dll,-22009
"55121:TCP"= 55121:TCP:@xpsp2res.dll,-22009
"24141:TCP"= 24141:TCP:@xpsp2res.dll,-22009
"48193:TCP"= 48193:TCP:@xpsp2res.dll,-22009
"5187:TCP"= 5187:TCP:@xpsp2res.dll,-22009
"47681:TCP"= 47681:TCP:@xpsp2res.dll,-22009
"25933:TCP"= 25933:TCP:@xpsp2res.dll,-22009
"833:TCP"= 833:TCP:@xpsp2res.dll,-22009
"41549:TCP"= 41549:TCP:@xpsp2res.dll,-22009
"36939:TCP"= 36939:TCP:@xpsp2res.dll,-22009
"35153:TCP"= 35153:TCP:@xpsp2res.dll,-22009
"23361:TCP"= 23361:TCP:@xpsp2res.dll,-22009
"12625:TCP"= 12625:TCP:@xpsp2res.dll,-22009
"1611:TCP"= 1611:TCP:@xpsp2res.dll,-22009
"7501:TCP"= 7501:TCP:@xpsp2res.dll,-22009
"4683:TCP"= 4683:TCP:@xpsp2res.dll,-22009
"38721:TCP"= 38721:TCP:@xpsp2res.dll,-22009
"10317:TCP"= 10317:TCP:@xpsp2res.dll,-22009
"22097:TCP"= 22097:TCP:@xpsp2res.dll,-22009
"47683:TCP"= 47683:TCP:@xpsp2res.dll,-22009
"31040:TCP"= 31040:TCP:@xpsp2res.dll,-22009
"48707:TCP"= 48707:TCP:@xpsp2res.dll,-22009
"6721:TCP"= 6721:TCP:@xpsp2res.dll,-22009
"9035:TCP"= 9035:TCP:@xpsp2res.dll,-22009
"10305:TCP"= 10305:TCP:@xpsp2res.dll,-22009
"13123:TCP"= 13123:TCP:@xpsp2res.dll,-22009
"10577:TCP"= 10577:TCP:@xpsp2res.dll,-22009
"47947:TCP"= 47947:TCP:@xpsp2res.dll,-22009
"37185:TCP"= 37185:TCP:@xpsp2res.dll,-22009
"47435:TCP"= 47435:TCP:@xpsp2res.dll,-22009
"19521:TCP"= 19521:TCP:@xpsp2res.dll,-22009
"2123:TCP"= 2123:TCP:@xpsp2res.dll,-22009
"43329:TCP"= 43329:TCP:@xpsp2res.dll,-22009
"321:TCP"= 321:TCP:@xpsp2res.dll,-22009
"2381:TCP"= 2381:TCP:@xpsp2res.dll,-22009
"41547:TCP"= 41547:TCP:@xpsp2res.dll,-22009
"19777:TCP"= 19777:TCP:@xpsp2res.dll,-22009
"10561:TCP"= 10561:TCP:@xpsp2res.dll,-22009
"1857:TCP"= 1857:TCP:@xpsp2res.dll,-22009
"19025:TCP"= 19025:TCP:@xpsp2res.dll,-22009
"4163:TCP"= 4163:TCP:@xpsp2res.dll,-22009
"57409:TCP"= 57409:TCP:@xpsp2res.dll,-22009
"10065:TCP"= 10065:TCP:@xpsp2res.dll,-22009
"46401:TCP"= 46401:TCP:@xpsp2res.dll,-22009
"6481:TCP"= 6481:TCP:@xpsp2res.dll,-22009
"44875:TCP"= 44875:TCP:@xpsp2res.dll,-22009
"44609:TCP"= 44609:TCP:@xpsp2res.dll,-22009
"51277:TCP"= 51277:TCP:@xpsp2res.dll,-22009
"33345:TCP"= 33345:TCP:@xpsp2res.dll,-22009
"58445:TCP"= 58445:TCP:@xpsp2res.dll,-22009
"62029:TCP"= 62029:TCP:@xpsp2res.dll,-22009
"59469:TCP"= 59469:TCP:@xpsp2res.dll,-22009
"27467:TCP"= 27467:TCP:@xpsp2res.dll,-22009
"22347:TCP"= 22347:TCP:@xpsp2res.dll,-22009
"31307:TCP"= 31307:TCP:@xpsp2res.dll,-22009
"62785:TCP"= 62785:TCP:@xpsp2res.dll,-22009
"5969:TCP"= 5969:TCP:@xpsp2res.dll,-22009
"61773:TCP"= 61773:TCP:@xpsp2res.dll,-22009
"37187:TCP"= 37187:TCP:@xpsp2res.dll,-22009
"33873:TCP"= 33873:TCP:@xpsp2res.dll,-22009
"49997:TCP"= 49997:TCP:@xpsp2res.dll,-22009
"43339:TCP"= 43339:TCP:@xpsp2res.dll,-22009
"36941:TCP"= 36941:TCP:@xpsp2res.dll,-22009
"10817:TCP"= 10817:TCP:@xpsp2res.dll,-22009
"12619:TCP"= 12619:TCP:@xpsp2res.dll,-22009
"37699:TCP"= 37699:TCP:@xpsp2res.dll,-22009
"31553:TCP"= 31553:TCP:@xpsp2res.dll,-22009
"46657:TCP"= 46657:TCP:@xpsp2res.dll,-22009
"37707:TCP"= 37707:TCP:@xpsp2res.dll,-22009
"49731:TCP"= 49731:TCP:@xpsp2res.dll,-22009
"12867:TCP"= 12867:TCP:@xpsp2res.dll,-22009
"12609:TCP"= 12609:TCP:@xpsp2res.dll,-22009
"21329:TCP"= 21329:TCP:@xpsp2res.dll,-22009
"31299:TCP"= 31299:TCP:@xpsp2res.dll,-22009
"31825:TCP"= 31825:TCP:@xpsp2res.dll,-22009
"40013:TCP"= 40013:TCP:@xpsp2res.dll,-22009
"61521:TCP"= 61521:TCP:@xpsp2res.dll,-22009
"29251:TCP"= 29251:TCP:@xpsp2res.dll,-22009
"55105:TCP"= 55105:TCP:@xpsp2res.dll,-22009
"61777:TCP"= 61777:TCP:@xpsp2res.dll,-22009
"11341:TCP"= 11341:TCP:@xpsp2res.dll,-22009
"2369:TCP"= 2369:TCP:@xpsp2res.dll,-22009
"38737:TCP"= 38737:TCP:@xpsp2res.dll,-22009
"12353:TCP"= 12353:TCP:@xpsp2res.dll,-22009
"6465:TCP"= 6465:TCP:@xpsp2res.dll,-22009
"40785:TCP"= 40785:TCP:@xpsp2res.dll,-22009
"22093:TCP"= 22093:TCP:@xpsp2res.dll,-22009
"57675:TCP"= 57675:TCP:@xpsp2res.dll,-22009
"19284:TCP"= 19284:TCP:@xpsp2res.dll,-22009
"45139:TCP"= 45139:TCP:@xpsp2res.dll,-22009
"48709:TCP"= 48709:TCP:@xpsp2res.dll,-22009
"17477:TCP"= 17477:TCP:@xpsp2res.dll,-22009
"46405:TCP"= 46405:TCP:@xpsp2res.dll,-22009
"20805:TCP"= 20805:TCP:@xpsp2res.dll,-22009
"34132:TCP"= 34132:TCP:@xpsp2res.dll,-22009
"7251:TCP"= 7251:TCP:@xpsp2res.dll,-22009
"21587:TCP"= 21587:TCP:@xpsp2res.dll,-22009
"48197:TCP"= 48197:TCP:@xpsp2res.dll,-22009
"41043:TCP"= 41043:TCP:@xpsp2res.dll,-22009
"60741:TCP"= 60741:TCP:@xpsp2res.dll,-22009
"59717:TCP"= 59717:TCP:@xpsp2res.dll,-22009
"22867:TCP"= 22867:TCP:@xpsp2res.dll,-22009
"11589:TCP"= 11589:TCP:@xpsp2res.dll,-22009
"61523:TCP"= 61523:TCP:@xpsp2res.dll,-22009
"34131:TCP"= 34131:TCP:@xpsp2res.dll,-22009
"56403:TCP"= 56403:TCP:@xpsp2res.dll,-22009
"52820:TCP"= 52820:TCP:@xpsp2res.dll,-22009
"62548:TCP"= 62548:TCP:@xpsp2res.dll,-22009
"2387:TCP"= 2387:TCP:@xpsp2res.dll,-22009
"4435:TCP"= 4435:TCP:@xpsp2res.dll,-22009
"15187:TCP"= 15187:TCP:@xpsp2res.dll,-22009
"32084:TCP"= 32084:TCP:@xpsp2res.dll,-22009
"52563:TCP"= 52563:TCP:@xpsp2res.dll,-22009
"38227:TCP"= 38227:TCP:@xpsp2res.dll,-22009
"60499:TCP"= 60499:TCP:@xpsp2res.dll,-22009
"5460:TCP"= 5460:TCP:@xpsp2res.dll,-22009
"32595:TCP"= 32595:TCP:@xpsp2res.dll,-22009
"25940:TCP"= 25940:TCP:@xpsp2res.dll,-22009
"18245:TCP"= 18245:TCP:@xpsp2res.dll,-22009
"50004:TCP"= 50004:TCP:@xpsp2res.dll,-22009
"61779:TCP"= 61779:TCP:@xpsp2res.dll,-22009
"52564:TCP"= 52564:TCP:@xpsp2res.dll,-22009
"2629:TCP"= 2629:TCP:@xpsp2res.dll,-22009
"57428:TCP"= 57428:TCP:@xpsp2res.dll,-22009
"44627:TCP"= 44627:TCP:@xpsp2res.dll,-22009
"54867:TCP"= 54867:TCP:@xpsp2res.dll,-22009
"6995:TCP"= 6995:TCP:@xpsp2res.dll,-22009
"63571:TCP"= 63571:TCP:@xpsp2res.dll,-22009
"24404:TCP"= 24404:TCP:@xpsp2res.dll,-22009
"47697:TCP"= 47697:TCP:@xpsp2res.dll,-22009
"45899:TCP"= 45899:TCP:@xpsp2res.dll,-22009
"18241:TCP"= 18241:TCP:@xpsp2res.dll,-22009
"44867:TCP"= 44867:TCP:@xpsp2res.dll,-22009
"26961:TCP"= 26961:TCP:@xpsp2res.dll,-22009
"34113:TCP"= 34113:TCP:@xpsp2res.dll,-22009
"23363:TCP"= 23363:TCP:@xpsp2res.dll,-22009
"57681:TCP"= 57681:TCP:@xpsp2res.dll,-22009
"30033:TCP"= 30033:TCP:@xpsp2res.dll,-22009
"55633:TCP"= 55633:TCP:@xpsp2res.dll,-22009
"23115:TCP"= 23115:TCP:@xpsp2res.dll,-22009
"9027:TCP"= 9027:TCP:@xpsp2res.dll,-22009
"33105:TCP"= 33105:TCP:@xpsp2res.dll,-22009
"10829:TCP"= 10829:TCP:@xpsp2res.dll,-22009
"39747:TCP"= 39747:TCP:@xpsp2res.dll,-22009
"75:TCP"= 75:TCP:@xpsp2res.dll,-22009
"33355:TCP"= 33355:TCP:@xpsp2res.dll,-22009
"31555:TCP"= 31555:TCP:@xpsp2res.dll,-22009
"53835:TCP"= 53835:TCP:@xpsp2res.dll,-22009
"56139:TCP"= 56139:TCP:@xpsp2res.dll,-22009
"25675:TCP"= 25675:TCP:@xpsp2res.dll,-22009
"52801:TCP"= 52801:TCP:@xpsp2res.dll,-22009
"38225:TCP"= 38225:TCP:@xpsp2res.dll,-22009
"55107:TCP"= 55107:TCP:@xpsp2res.dll,-22009
"42315:TCP"= 42315:TCP:@xpsp2res.dll,-22009
"35405:TCP"= 35405:TCP:@xpsp2res.dll,-22009
"10819:TCP"= 10819:TCP:@xpsp2res.dll,-22009
"57677:TCP"= 57677:TCP:@xpsp2res.dll,-22009
"33613:TCP"= 33613:TCP:@xpsp2res.dll,-22009
"65357:TCP"= 65357:TCP:@xpsp2res.dll,-22009
"65355:TCP"= 65355:TCP:@xpsp2res.dll,-22009
"3139:TCP"= 3139:TCP:@xpsp2res.dll,-22009
"10827:TCP"= 10827:TCP:@xpsp2res.dll,-22009
"20299:TCP"= 20299:TCP:@xpsp2res.dll,-22009
"2627:TCP"= 2627:TCP:@xpsp2res.dll,-22009
"61249:TCP"= 61249:TCP:@xpsp2res.dll,-22009
"41537:TCP"= 41537:TCP:@xpsp2res.dll,-22009
"43075:TCP"= 43075:TCP:@xpsp2res.dll,-22009
"46411:TCP"= 46411:TCP:@xpsp2res.dll,-22009
"35659:TCP"= 35659:TCP:@xpsp2res.dll,-22009
"31297:TCP"= 31297:TCP:@xpsp2res.dll,-22009
"30017:TCP"= 30017:TCP:@xpsp2res.dll,-22009
"11851:TCP"= 11851:TCP:@xpsp2res.dll,-22009
"52803:TCP"= 52803:TCP:@xpsp2res.dll,-22009
"6219:TCP"= 6219:TCP:@xpsp2res.dll,-22009
"43853:TCP"= 43853:TCP:@xpsp2res.dll,-22009
"19779:TCP"= 19779:TCP:@xpsp2res.dll,-22009
"54083:TCP"= 54083:TCP:@xpsp2res.dll,-22009
"6477:TCP"= 6477:TCP:@xpsp2res.dll,-22009
"46161:TCP"= 46161:TCP:@xpsp2res.dll,-22009
"59201:TCP"= 59201:TCP:@xpsp2res.dll,-22009
"50513:TCP"= 50513:TCP:@xpsp2res.dll,-22009
"25923:TCP"= 25923:TCP:@xpsp2res.dll,-22009
"11597:TCP"= 11597:TCP:@xpsp2res.dll,-22009
"46669:TCP"= 46669:TCP:@xpsp2res.dll,-22009
"38221:TCP"= 38221:TCP:@xpsp2res.dll,-22009
"24643:TCP"= 24643:TCP:@xpsp2res.dll,-22009
"29515:TCP"= 29515:TCP:@xpsp2res.dll,-22009
"63057:TCP"= 63057:TCP:@xpsp2res.dll,-22009
"3403:TCP"= 3403:TCP:@xpsp2res.dll,-22009
"33611:TCP"= 33611:TCP:@xpsp2res.dll,-22009
"31051:TCP"= 31051:TCP:@xpsp2res.dll,-22009
"27713:TCP"= 27713:TCP:@xpsp2res.dll,-22009
"22609:TCP"= 22609:TCP:@xpsp2res.dll,-22009
"55629:TCP"= 55629:TCP:@xpsp2res.dll,-22009
"10321:TCP"= 10321:TCP:@xpsp2res.dll,-22009
"1613:TCP"= 1613:TCP:@xpsp2res.dll,-22009
"50507:TCP"= 50507:TCP:@xpsp2res.dll,-22009
"47953:TCP"= 47953:TCP:@xpsp2res.dll,-22009
"53313:TCP"= 53313:TCP:@xpsp2res.dll,-22009
"63565:TCP"= 63565:TCP:@xpsp2res.dll,-22009
"25153:TCP"= 25153:TCP:@xpsp2res.dll,-22009
"29763:TCP"= 29763:TCP:@xpsp2res.dll,-22009
"64065:TCP"= 64065:TCP:@xpsp2res.dll,-22009
"32067:TCP"= 32067:TCP:@xpsp2res.dll,-22009
"54097:TCP"= 54097:TCP:@xpsp2res.dll,-22009
"51011:TCP"= 51011:TCP:@xpsp2res.dll,-22009
"57165:TCP"= 57165:TCP:@xpsp2res.dll,-22009
"31041:TCP"= 31041:TCP:@xpsp2res.dll,-22009
"19267:TCP"= 19267:TCP:@xpsp2res.dll,-22009
"59217:TCP"= 59217:TCP:@xpsp2res.dll,-22009
"30529:TCP"= 30529:TCP:@xpsp2res.dll,-22009
"24657:TCP"= 24657:TCP:@xpsp2res.dll,-22009
"30273:TCP"= 30273:TCP:@xpsp2res.dll,-22009
"60235:TCP"= 60235:TCP:@xpsp2res.dll,-22009
"28227:TCP"= 28227:TCP:@xpsp2res.dll,-22009
"14915:TCP"= 14915:TCP:@xpsp2res.dll,-22009
"17997:TCP"= 17997:TCP:@xpsp2res.dll,-22009
"49229:TCP"= 49229:TCP:@xpsp2res.dll,-22009
"28491:TCP"= 28491:TCP:@xpsp2res.dll,-22009
"64075:TCP"= 64075:TCP:@xpsp2res.dll,-22009
"61251:TCP"= 61251:TCP:@xpsp2res.dll,-22009
"23105:TCP"= 23105:TCP:@xpsp2res.dll,-22009
"12365:TCP"= 12365:TCP:@xpsp2res.dll,-22009
"29507:TCP"= 29507:TCP:@xpsp2res.dll,-22009
"59211:TCP"= 59211:TCP:@xpsp2res.dll,-22009
"48449:TCP"= 48449:TCP:@xpsp2res.dll,-22009
"5185:TCP"= 5185:TCP:@xpsp2res.dll,-22009
"39491:TCP"= 39491:TCP:@xpsp2res.dll,-22009
"24131:TCP"= 24131:TCP:@xpsp2res.dll,-22009
"33089:TCP"= 33089:TCP:@xpsp2res.dll,-22009
"9281:TCP"= 9281:TCP:@xpsp2res.dll,-22009
"12355:TCP"= 12355:TCP:@xpsp2res.dll,-22009
"42307:TCP"= 42307:TCP:@xpsp2res.dll,-22009
"27469:TCP"= 27469:TCP:@xpsp2res.dll,-22009
"54609:TCP"= 54609:TCP:@xpsp2res.dll,-22009
"52561:TCP"= 52561:TCP:@xpsp2res.dll,-22009
"58961:TCP"= 58961:TCP:@xpsp2res.dll,-22009
"33603:TCP"= 33603:TCP:@xpsp2res.dll,-22009
"40273:TCP"= 40273:TCP:@xpsp2res.dll,-22009
"64577:TCP"= 64577:TCP:@xpsp2res.dll,-22009
"63569:TCP"= 63569:TCP:@xpsp2res.dll,-22009
"15171:TCP"= 15171:TCP:@xpsp2res.dll,-22009
"7745:TCP"= 7745:TCP:@xpsp2res.dll,-22009
"1347:TCP"= 1347:TCP:@xpsp2res.dll,-22009
"62529:TCP"= 62529:TCP:@xpsp2res.dll,-22009
"31811:TCP"= 31811:TCP:@xpsp2res.dll,-22009
"32833:TCP"= 32833:TCP:@xpsp2res.dll,-22009
"33857:TCP"= 33857:TCP:@xpsp2res.dll,-22009
"3907:TCP"= 3907:TCP:@xpsp2res.dll,-22009
"4465:TCP"= 4465:TCP:@xpsp2res.dll,-22009
"35186:TCP"= 35186:TCP:@xpsp2res.dll,-22009
"48753:TCP"= 48753:TCP:@xpsp2res.dll,-22009
"61553:TCP"= 61553:TCP:@xpsp2res.dll,-22009
"16497:TCP"= 16497:TCP:@xpsp2res.dll,-22009
"34161:TCP"= 34161:TCP:@xpsp2res.dll,-22009
"26993:TCP"= 26993:TCP:@xpsp2res.dll,-22009
"46705:TCP"= 46705:TCP:@xpsp2res.dll,-22009
"46449:TCP"= 46449:TCP:@xpsp2res.dll,-22009
"61042:TCP"= 61042:TCP:@xpsp2res.dll,-22009
"28273:TCP"= 28273:TCP:@xpsp2res.dll,-22009
"61297:TCP"= 61297:TCP:@xpsp2res.dll,-22009
"36978:TCP"= 36978:TCP:@xpsp2res.dll,-22009
"11378:TCP"= 11378:TCP:@xpsp2res.dll,-22009
"3185:TCP"= 3185:TCP:@xpsp2res.dll,-22009
"5490:TCP"= 5490:TCP:@xpsp2res.dll,-22009
"11377:TCP"= 11377:TCP:@xpsp2res.dll,-22009
"56689:TCP"= 56689:TCP:@xpsp2res.dll,-22009
"44401:TCP"= 44401:TCP:@xpsp2res.dll,-22009
"21617:TCP"= 21617:TCP:@xpsp2res.dll,-22009
"21361:TCP"= 21361:TCP:@xpsp2res.dll,-22009
"6002:TCP"= 6002:TCP:@xpsp2res.dll,-22009
"53105:TCP"= 53105:TCP:@xpsp2res.dll,-22009
"19825:TCP"= 19825:TCP:@xpsp2res.dll,-22009
"3953:TCP"= 3953:TCP:@xpsp2res.dll,-22009
"26738:TCP"= 26738:TCP:@xpsp2res.dll,-22009
"17777:TCP"= 17777:TCP:@xpsp2res.dll,-22009
"41841:TCP"= 41841:TCP:@xpsp2res.dll,-22009
"30577:TCP"= 30577:TCP:@xpsp2res.dll,-22009
"34929:TCP"= 34929:TCP:@xpsp2res.dll,-22009
"62834:TCP"= 62834:TCP:@xpsp2res.dll,-22009
"60786:TCP"= 60786:TCP:@xpsp2res.dll,-22009
"1905:TCP"= 1905:TCP:@xpsp2res.dll,-22009
"52593:TCP"= 52593:TCP:@xpsp2res.dll,-22009
"2930:TCP"= 2930:TCP:@xpsp2res.dll,-22009
"8306:TCP"= 8306:TCP:@xpsp2res.dll,-22009
"43889:TCP"= 43889:TCP:@xpsp2res.dll,-22009
"5489:TCP"= 5489:TCP:@xpsp2res.dll,-22009
"14705:TCP"= 14705:TCP:@xpsp2res.dll,-22009
"43377:TCP"= 43377:TCP:@xpsp2res.dll,-22009
"60273:TCP"= 60273:TCP:@xpsp2res.dll,-22009
"12657:TCP"= 12657:TCP:@xpsp2res.dll,-22009
"10865:TCP"= 10865:TCP:@xpsp2res.dll,-22009
"3698:TCP"= 3698:TCP:@xpsp2res.dll,-22009
"41329:TCP"= 41329:TCP:@xpsp2res.dll,-22009
"8049:TCP"= 8049:TCP:@xpsp2res.dll,-22009
"60017:TCP"= 60017:TCP:@xpsp2res.dll,-22009
"14450:TCP"= 14450:TCP:@xpsp2res.dll,-22009
"64369:TCP"= 64369:TCP:@xpsp2res.dll,-22009
"7025:TCP"= 7025:TCP:@xpsp2res.dll,-22009
"6513:TCP"= 6513:TCP:@xpsp2res.dll,-22009
"40817:TCP"= 40817:TCP:@xpsp2res.dll,-22009
"50546:TCP"= 50546:TCP:@xpsp2res.dll,-22009
"23410:TCP"= 23410:TCP:@xpsp2res.dll,-22009
"20594:TCP"= 20594:TCP:@xpsp2res.dll,-22009
"50033:TCP"= 50033:TCP:@xpsp2res.dll,-22009
"6257:TCP"= 6257:TCP:@xpsp2res.dll,-22009
"14961:TCP"= 14961:TCP:@xpsp2res.dll,-22009
"2417:TCP"= 2417:TCP:@xpsp2res.dll,-22009
"27761:TCP"= 27761:TCP:@xpsp2res.dll,-22009
"57714:TCP"= 57714:TCP:@xpsp2res.dll,-22009
"13681:TCP"= 13681:TCP:@xpsp2res.dll,-22009
"29553:TCP"= 29553:TCP:@xpsp2res.dll,-22009
"45937:TCP"= 45937:TCP:@xpsp2res.dll,-22009
"15985:TCP"= 15985:TCP:@xpsp2res.dll,-22009
"12913:TCP"= 12913:TCP:@xpsp2res.dll,-22009
"11122:TCP"= 11122:TCP:@xpsp2res.dll,-22009
"51057:TCP"= 51057:TCP:@xpsp2res.dll,-22009
"15473:TCP"= 15473:TCP:@xpsp2res.dll,-22009
"5234:TCP"= 5234:TCP:@xpsp2res.dll,-22009
"33650:TCP"= 33650:TCP:@xpsp2res.dll,-22009
"52849:TCP"= 52849:TCP:@xpsp2res.dll,-22009
"47729:TCP"= 47729:TCP:@xpsp2res.dll,-22009
"56177:TCP"= 56177:TCP:@xpsp2res.dll,-22009
"1137:TCP"= 1137:TCP:@xpsp2res.dll,-22009
"42609:TCP"= 42609:TCP:@xpsp2res.dll,-22009
"38769:TCP"= 38769:TCP:@xpsp2res.dll,-22009
"33649:TCP"= 33649:TCP:@xpsp2res.dll,-22009
"61809:TCP"= 61809:TCP:@xpsp2res.dll,-22009
"38513:TCP"= 38513:TCP:@xpsp2res.dll,-22009
"65137:TCP"= 65137:TCP:@xpsp2res.dll,-22009
"57713:TCP"= 57713:TCP:@xpsp2res.dll,-22009
"28017:TCP"= 28017:TCP:@xpsp2res.dll,-22009
"14449:TCP"= 14449:TCP:@xpsp2res.dll,-22009
"113:TCP"= 113:TCP:@xpsp2res.dll,-22009
"50801:TCP"= 50801:TCP:@xpsp2res.dll,-22009
"44145:TCP"= 44145:TCP:@xpsp2res.dll,-22009
"882:TCP"= 882:TCP:@xpsp2res.dll,-22009
"20593:TCP"= 20593:TCP:@xpsp2res.dll,-22009
"33394:TCP"= 33394:TCP:@xpsp2res.dll,-22009
"52850:TCP"= 52850:TCP:@xpsp2res.dll,-22009
"40306:TCP"= 40306:TCP:@xpsp2res.dll,-22009
"55153:TCP"= 55153:TCP:@xpsp2res.dll,-22009
"22642:TCP"= 22642:TCP:@xpsp2res.dll,-22009
"51313:TCP"= 51313:TCP:@xpsp2res.dll,-22009
"22641:TCP"= 22641:TCP:@xpsp2res.dll,-22009
"55410:TCP"= 55410:TCP:@xpsp2res.dll,-22009
"64625:TCP"= 64625:TCP:@xpsp2res.dll,-22009
"15217:TCP"= 15217:TCP:@xpsp2res.dll,-22009
"46193:TCP"= 46193:TCP:@xpsp2res.dll,-22009
"23666:TCP"= 23666:TCP:@xpsp2res.dll,-22009
"64113:TCP"= 64113:TCP:@xpsp2res.dll,-22009
"65394:TCP"= 65394:TCP:@xpsp2res.dll,-22009
"32626:TCP"= 32626:TCP:@xpsp2res.dll,-22009
"8305:TCP"= 8305:TCP:@xpsp2res.dll,-22009
"6514:TCP"= 6514:TCP:@xpsp2res.dll,-22009
"25202:TCP"= 25202:TCP:@xpsp2res.dll,-22009
"41073:TCP"= 41073:TCP:@xpsp2res.dll,-22009
"31602:TCP"= 31602:TCP:@xpsp2res.dll,-22009
"10610:TCP"= 10610:TCP:@xpsp2res.dll,-22009
"58738:TCP"= 58738:TCP:@xpsp2res.dll,-22009
"35185:TCP"= 35185:TCP:@xpsp2res.dll,-22009
"29042:TCP"= 29042:TCP:@xpsp2res.dll,-22009
"58482:TCP"= 58482:TCP:@xpsp2res.dll,-22009
"13425:TCP"= 13425:TCP:@xpsp2res.dll,-22009
"19057:TCP"= 19057:TCP:@xpsp2res.dll,-22009
"25714:TCP"= 25714:TCP:@xpsp2res.dll,-22009
"6001:TCP"= 6001:TCP:@xpsp2res.dll,-22009
"63602:TCP"= 63602:TCP:@xpsp2res.dll,-22009
"56690:TCP"= 56690:TCP:@xpsp2res.dll,-22009
"24946:TCP"= 24946:TCP:@xpsp2res.dll,-22009
"30321:TCP"= 30321:TCP:@xpsp2res.dll,-22009
"23153:TCP"= 23153:TCP:@xpsp2res.dll,-22009
"3442:TCP"= 3442:TCP:@xpsp2res.dll,-22009
"55665:TCP"= 55665:TCP:@xpsp2res.dll,-22009
"7281:TCP"= 7281:TCP:@xpsp2res.dll,-22009
"26994:TCP"= 26994:TCP:@xpsp2res.dll,-22009
"27250:TCP"= 27250:TCP:@xpsp2res.dll,-22009
"8050:TCP"= 8050:TCP:@xpsp2res.dll,-22009
"36465:TCP"= 36465:TCP:@xpsp2res.dll,-22009
"54130:TCP"= 54130:TCP:@xpsp2res.dll,-22009
"21873:TCP"= 21873:TCP:@xpsp2res.dll,-22009
"11889:TCP"= 11889:TCP:@xpsp2res.dll,-22009

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-02-05 325128]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-02-05 107272]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2009-02-05 298264]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Contents of the 'Scheduled Tasks' folder

2009-02-12 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2008\OneClickStarter.exe [2008-06-20 09:09]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &Search - ?p=ZKxdm016YYHR
IE: Add to Evernote - c:\program files\Evernote\Evernote3\enbar.dll/2000
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
DPF: {33331111-1111-1111-1111-622221193458} - file://c:\ex.cab
DPF: {64311111-1111-1121-1111-111191113457} - file://c:\eied_s7.cab
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net
Rootkit scan 2009-02-13 00:16:58
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\ccEvtMgr]
"ImagePath"="-"

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\SAVRT]
"ImagePath"="-"

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\SNDSrvc]
"ImagePath"="-"
.
Completion time: 2009-02-13 0:18:40
ComboFix-quarantined-files.txt 2009-02-12 23:18:38
ComboFix2.txt 2009-02-12 21:41:13
ComboFix3.txt 2009-02-12 20:59:11
ComboFix4.txt 2009-02-12 12:46:13

Pre-Run: 1.345.658.880 bytes free
Post-Run: 1,334,587,392 bytes free

619 --- E O F --- 2008-12-31 05:09:50

offline
  • Pridružio: 04 Sep 2003
  • Poruke: 24135
  • Gde živiš: Wien

Prijatelju, ti si u medjuvremenu uspeo da navuces neku novu infekciju.
Ne znam sta to radis, ali izgleda da imas talenta za navlacenje malwarea na racunar Smile

Otvoriti Notepad i iskopirati sledeci tekst:

File::
c:\windows\system32\hxzglujue.dll


Snimiti na Desktop fajl iz Notepada kao "CFScript"




Prevuci snimljeni skript/tekst na ComboFix ikonicu kao na slici.
Postaviti u sledecoj poruci log koji bude bio napravljen na kraju ciscenja/skeniranja.

Ko je trenutno na forumu
 

Ukupno su 936 korisnika na forumu :: 66 registrovanih, 6 sakrivenih i 864 gosta   ::   [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:
Korisnici trenutno na forumu: A.R.Chafee.Jr., Altay, altec.gs, Apok, babaroga, Bahuss, bankulen, Battlehammer, celik, cikadeda, Cirkon, cole77, cvrle312, djboj, djo97, Dorcolac, dragon986, Drug pukovnik, eighty-one, EODBiH, Georgius, goxin, Insan, Klecaviks, kovinacc, kuntalo, kvcali, Leonardo, Lieutenant, liman, Lucije Kvint, lukac, Markoni29, mean_machine, Mila Mandic, Milan A. Nikolic, milimoj, Milos ZA, nikoladim, Oscar, pedja63, pein, perko91, Pohovani_00, randja26, rodoljub, S-lash, sajbervulf, sakota79, Singidunumac, Sirius, Snorks, Steeeefan, suton, Toni, trajkoni018, Viceroy, VJ, vladancekicsrb, vlahale, vlvl, Wiesel092, Zerajic, Zlatko580, zuxbg, Živković