bankerfox.A and Win32/nugel.E

View previous topic View next topic Go down

bankerfox.A and Win32/nugel.E

Post by daisey25 on 18th June 2009, 9:49 pm

i was surfing the web and got them it keeps saying ANTIVIRUS SYSTEM PRO AND THEM IT SAYS IM BEING ATTACKED.

HOW DO I REMOVE IT?
THX,
DONNA

daisey25
Novice
Novice

Posts Posts : 7
Joined Joined : 2009-06-18
OS OS : xp
Points Points : 27319
# Likes # Likes : 0

View user profile

Back to top Go down

Re: bankerfox.A and Win32/nugel.E

Post by Origin on 18th June 2009, 9:52 pm

Please download the current version of HijackThis from [You must be registered and logged in to see this link.]

  • Double click and run the installer.
  • It will install to C:\Program Files\Trend Micro\HijackThis\hijackthis.exe
  • After installing, you should get the user agreement, press accept and Hijack This will run.
  • Select Do a system scan and save a log file. This will open a notepad file of everything Hijack This found, copy and paste it back here.


While my help is always free, please consider donating to keep this site alive: [You must be registered and logged in to see this link.]

[You must be registered and logged in to see this link.]

Origin
Master
Master

Posts Posts : 2685
Joined Joined : 2009-05-05
Gender Gender : Male
OS OS : Windows Xp Sp3
Points Points : 31513
# Likes # Likes : 0

View user profile

Back to top Go down

Re: bankerfox.A and Win32/nugel.E

Post by daisey25 on 18th June 2009, 10:04 pm

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:02:01 PM, on 6/18/2009
Platform: Windows XP SP2, v.2096 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2096)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\sysguard.exe
C:\WINDOWS\system32\wscntfy.exe
C:\DOCUME~1\donna\LOCALS~1\Temp\yg4i4k0irf.exe
C:\DOCUME~1\donna\LOCALS~1\Temp\yg4i4k0irf.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Flock\flock.exe
C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: C:\WINDOWS\system32\gsf83iujid.dll - {B2C7B2A1-00F3-42BD-F434-00AABA2C8952} - C:\WINDOWS\system32\gsf83iujid.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [sysldtray] C:\windows\ld09.exe
O4 - HKLM\..\Run: [sysmstray] c:\windows\mstre19.exe
O4 - HKLM\..\Run: [sysfbtray] c:\windows\freddy46.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [system tool] C:\WINDOWS\sysguard.exe
O4 - HKCU\..\Run: [] C:\DOCUME~1\donna\LOCALS~1\Temp\yg4i4k0irf.exe
O4 - HKCU\..\Run: [hsf7husjnfg98gi498aejhiugjkdg4] C:\DOCUME~1\donna\LOCALS~1\Temp\yg4i4k0irf.exe
O4 - HKCU\..\Run: [Windows System Recover!] C:\DOCUME~1\donna\LOCALS~1\Temp\svchost.exe
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - [You must be registered and logged in to see this link.]
O17 - HKLM\System\CCS\Services\Tcpip\..\{8766BC8E-BA67-4E35-BE14-4B1473EF0941}: NameServer = 167.142.225.3 167.142.225.5
O22 - SharedTaskScheduler: IE Component Categories cache daemon - {553858A7-4922-4e7e-B1C1-97140C1C16EF} - C:\WINDOWS\system32\ieframe.dll
O22 - SharedTaskScheduler: hs837hiudjgfo9s8gjio4gfd - {B2C7B2A1-00F3-42BD-F434-00AABA2C8952} - C:\WINDOWS\system32\gsf83iujid.dll
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE

--
End of file - 6043 bytes

daisey25
Novice
Novice

Posts Posts : 7
Joined Joined : 2009-06-18
OS OS : xp
Points Points : 27319
# Likes # Likes : 0

View user profile

Back to top Go down

Re: bankerfox.A and Win32/nugel.E

Post by Origin on 18th June 2009, 10:09 pm


  • Open HijackThis.
  • Choose "Do a system scan only"
  • Check the boxes in front of these lines:


    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
    O2 - BHO: C:\WINDOWS\system32\gsf83iujid.dll - {B2C7B2A1-00F3-42BD-F434-00AABA2C8952} - C:\WINDOWS\system32\gsf83iujid.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocxO4 - HKLM\..\Run: [sysldtray] C:\windows\ld09.exe
    O4 - HKLM\..\Run: [sysmstray] c:\windows\mstre19.exe
    O4 - HKLM\..\Run: [sysfbtray] c:\windows\freddy46.exe
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
    O4 - HKCU\..\Run: [system tool] C:\WINDOWS\sysguard.exe
    O4 - HKCU\..\Run: [] C:\DOCUME~1\donna\LOCALS~1\Temp\yg4i4k0irf.exe
    O4 - HKCU\..\Run: [hsf7husjnfg98gi498aejhiugjkdg4] C:\DOCUME~1\donna\LOCALS~1\Temp\yg4i4k0irf.exe
    O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
    O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
    O17 - HKLM\System\CCS\Services\Tcpip\..\{8766BC8E-BA67-4E35-BE14-4B1473EF0941}: NameServer = 167.142.225.3 167.142.225.5
    O22 - SharedTaskScheduler: hs837hiudjgfo9s8gjio4gfd - {B2C7B2A1-00F3-42BD-F434-00AABA2C8952} - C:\WINDOWS\system32\gsf83iujid.dll


  • Press "Fix Checked"
  • Close Hijack This.






1. If you are using Firefox, make sure that your download settings are as follows:

* Tools->Options->Main tab
* Set to "Always ask me where to Save the files".

2. During the download, rename Combofix to Combo-Fix as follows:





3. It is important you rename Combofix during the download, but not after.
4. Please do not rename Combofix to other names, but only to the one indicated.
5. Close any open browsers.
6. We need to disable your local AV (Anti-virus) before running Combofix.

  • See [You must be registered and logged in to see this link.] for how to disable your AV. (Avira/Avast)
  • Double click on ComboFix.exe.
  • Follow the prompts. NOTE:
  • ComboFix will check to see if the Microsoft Windows Recovery Console is installed.
    ***It's strongly recommended to have the Recovery Console installed before doing any malware removal.***
  • Allow combofix to run
  • Post C:\combofix.txt back here.

    Note:
    Do not mouseclick combofix's window whilst it's running. That may cause it to stall.


While my help is always free, please consider donating to keep this site alive: [You must be registered and logged in to see this link.]

[You must be registered and logged in to see this link.]

Origin
Master
Master

Posts Posts : 2685
Joined Joined : 2009-05-05
Gender Gender : Male
OS OS : Windows Xp Sp3
Points Points : 31513
# Likes # Likes : 0

View user profile

Back to top Go down

Re: bankerfox.A and Win32/nugel.E

Post by daisey25 on 19th June 2009, 12:38 am

ComboFix 09-06-18.02 - donna 06/18/2009 19:17.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.247.113 [GMT -5:00]
Running from: c:\documents and settings\donna\Desktop\Combo-Fix.exe
AV: avast! antivirus 4.8.1335 [VPS 090618-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
AV: Avira AntiVir PersonalEdition *On-access scanning disabled* (Outdated) {AD166499-45F9-482A-A743-FDD3350758C7}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\driver
C:\blnqxlg.exe
c:\docume~1\donna\LOCALS~1\Temp\lsass.exe
c:\docume~1\donna\LOCALS~1\Temp\svchost.exe
c:\docume~1\donna\LOCALS~1\Temp\taskmgr.exe
C:\mupwjiav.exe
c:\program files\driver\driver.dll
c:\program files\driver\driver.sys
c:\windows\sysguard.exe
c:\windows\system32\_000110_.tmp.dll
c:\windows\system32\advapi32new.dll
c:\windows\system32\apphelpnew.dll
c:\windows\system32\crypt32new.dll
c:\windows\system32\d3d10core.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\dxgi.dll
c:\windows\system32\gsf83iujid.dll
c:\windows\system32\kernel32new.dll
c:\windows\system32\msvcrtnew.dll
c:\windows\system32\ntdsapinew.dll
c:\windows\system32\powrprofnew.dll
c:\windows\system32\secur32new.dll
c:\windows\system32\user32new.dll
c:\windows\system32\winstanew.dll
c:\windows\zaponce52597.dat
c:\windows\zaponce52621.dat
c:\windows\zaponce52689.dat
C:\wyhgm.exe

c:\windows\system32\proquota.exe was missing
Restored copy from - c:\system volume information\_restore{7D272F89-2132-4044-9E90-2C12CE5A654E}\RP129\A0085212.exe

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_DRIVER
-------\Legacy_DRIVERDRV
-------\Service_driver
-------\Service_driverdrv
-------\Service_glaide32


((((((((((((((((((((((((( Files Created from 2009-05-19 to 2009-06-19 )))))))))))))))))))))))))))))))
.

2009-06-19 00:20 . 2004-03-12 02:19 50176 -c--a-w- c:\windows\system32\dllcache\proquota.exe
2009-06-19 00:20 . 2004-03-12 02:19 50176 ----a-w- c:\windows\system32\proquota.exe
2009-06-18 22:01 . 2009-06-18 22:01 -------- d-----w- c:\program files\Trend Micro
2009-06-18 20:54 . 2007-02-27 20:18 40000 ----a-w- c:\windows\system32\drivers\avgntdd.sys
2009-06-18 20:54 . 2006-11-22 19:30 14848 ----a-w- c:\windows\system32\drivers\avgntmgr.sys
2009-06-18 20:54 . 2007-03-20 14:55 43584 ----a-w- c:\windows\system32\drivers\avipbb.sys
2009-06-18 20:54 . 2009-06-18 20:55 -------- d-----w- c:\documents and settings\All Users\Application Data\AntiVir PersonalEdition Classic
2009-06-17 22:00 . 2009-02-05 20:06 23152 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2009-06-17 21:59 . 2009-02-05 20:06 51376 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2009-06-17 21:59 . 2009-02-05 20:05 26944 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2009-06-17 21:59 . 2009-02-05 20:04 97480 ----a-w- c:\windows\system32\AvastSS.scr
2009-06-17 21:59 . 2009-02-05 20:08 93296 ----a-w- c:\windows\system32\drivers\aswmon.sys
2009-06-17 21:59 . 2009-02-05 20:08 94032 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2009-06-17 21:59 . 2009-02-05 20:07 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys
2009-06-17 21:59 . 2009-02-05 20:07 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2009-06-17 21:59 . 2009-02-05 20:11 1256296 ----a-w- c:\windows\system32\aswBoot.exe
2009-06-17 21:59 . 2003-03-18 19:20 1060864 ----a-w- c:\windows\system32\MFC71.dll
2009-06-17 21:59 . 2009-06-17 21:59 -------- d-----w- c:\program files\Alwil Software
2009-06-17 19:13 . 2009-06-18 19:18 -------- d-----w- c:\program files\Anti-Virus Professional
2009-06-17 18:27 . 2009-06-17 18:27 1 ---h--w- c:\windows\jmmark2.dat
2009-06-17 18:26 . 2009-06-17 18:26 1 ---h--w- c:\windows\bf23567.dat
2009-06-17 18:24 . 2009-06-17 18:29 159744 ----a-w- C:\vopyp.exe
2009-06-17 18:22 . 2009-06-17 18:22 360448 ----a-w- C:\XuA.exe
2009-06-17 14:23 . 2009-06-17 15:39 -------- d-----w- c:\program files\Incomplete
2009-06-15 00:52 . 2009-06-15 00:53 152064 ----a-w- c:\windows\snap.dat
2009-06-14 23:29 . 2003-08-05 16:41 53248 ----a-w- c:\windows\ap561.exe
2009-06-14 23:29 . 2002-11-22 20:56 118784 ----a-w- c:\windows\ShowBmp.exe
2009-06-14 23:29 . 2002-10-01 19:43 119798 ----a-w- c:\windows\system32\drivers\spca561.sys
2009-06-14 23:28 . 2009-06-14 23:29 -------- d-----w- c:\windows\Setup2K

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-18 20:44 . 2009-03-27 04:47 -------- d-----w- c:\program files\Flock
2009-06-17 15:39 . 2009-01-07 12:32 -------- d-----w- c:\documents and settings\donna\Application Data\FrostWire
2009-06-17 15:33 . 2009-01-05 06:26 -------- d-----w- c:\program files\FrostWire
2009-06-16 17:32 . 2009-03-15 00:16 -------- d-----w- c:\program files\Common Files\EPSON
2009-06-14 23:52 . 2009-03-15 00:15 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-06-14 23:10 . 2009-01-15 02:42 12720 ----a-w- c:\documents and settings\donna\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-06-14 22:59 . 2009-05-12 22:23 -------- d-----w- c:\program files\AVS4YOU
2009-06-14 22:59 . 2009-05-12 22:23 -------- d-----w- c:\program files\Common Files\AVSMedia
2009-05-19 05:24 . 2009-05-12 22:30 -------- d-----w- c:\documents and settings\donna\Application Data\dvdcss
2009-05-12 22:32 . 2009-05-12 22:30 -------- d-----w- c:\documents and settings\donna\Application Data\vlc
2009-05-12 22:27 . 2009-05-12 22:27 -------- d-----w- c:\program files\VideoLAN
2009-05-12 22:24 . 2009-05-12 22:24 -------- d-----w- c:\documents and settings\All Users\Application Data\AVS4YOU
2009-05-12 04:57 . 2009-01-07 10:20 -------- d-----w- c:\documents and settings\donna\Application Data\Apple Computer
2009-05-10 02:35 . 2009-05-10 02:34 -------- d-----w- c:\program files\iTunes
2009-05-10 02:34 . 2009-05-10 02:34 -------- d-----w- c:\program files\iPod
2009-05-10 02:34 . 2009-01-05 04:33 -------- d-----w- c:\program files\Common Files\Apple
2009-05-08 00:37 . 2009-05-08 00:36 -------- d-----w- c:\documents and settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
2009-05-08 00:36 . 2009-05-08 00:35 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer
2009-05-08 00:36 . 2009-05-08 00:36 -------- d-----w- c:\program files\Bonjour
2009-05-08 00:35 . 2009-01-05 04:33 -------- d-----w- c:\program files\QuickTime
2009-05-08 00:21 . 2009-05-08 00:21 -------- d-----w- c:\documents and settings\All Users\Application Data\336B
2009-04-09 03:10 . 2009-04-06 21:01 3218 ----a-w- c:\windows\system32\PerfStringBackup.TMP
2009-04-02 21:29 . 2009-04-02 21:29 75048 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 8.1.1.10\SetupAdmin.exe
2009-03-26 02:15 . 2009-03-26 02:15 8464 ----a-w- c:\windows\system32\sporder.dll
2008-03-09 13:25 . 2009-01-05 04:27 236 ---ha-w- c:\program files\Common Files\dx.reg
2009-03-19 11:03 . 2009-03-19 11:03 132 --sha-r- c:\windows\Regbak.dat
.

daisey25
Novice
Novice

Posts Posts : 7
Joined Joined : 2009-06-18
OS OS : xp
Points Points : 27319
# Likes # Likes : 0

View user profile

Back to top Go down

Re: bankerfox.A and Win32/nugel.E

Post by daisey25 on 19th June 2009, 12:41 am

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-03-12 14336]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-03-12 1679360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2005-06-21 155648]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2005-06-21 126976]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-01-05 136600]
"Lexmark X1100 Series"="c:\program files\Lexmark X1100 Series\lxbkbmgr.exe" [2003-08-19 57344]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-01-05 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-04-02 342312]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000]
"avgnt"="c:\program files\AntiVir PersonalEdition Classic\avgnt.exe" [2007-04-02 327720]

daisey25
Novice
Novice

Posts Posts : 7
Joined Joined : 2009-06-18
OS OS : xp
Points Points : 27319
# Likes # Likes : 0

View user profile

Back to top Go down

Re: bankerfox.A and Win32/nugel.E

Post by daisey25 on 19th June 2009, 12:42 am

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"LegacyDrive"= d0725d9e84c45eedde233ab4b2677144a2f5e8beda9d3c1bfec3556f61bd3e6e787d342f8e70fd30b9a57a9a0c3280c70ed4e4026bd5d58eea336fe99ffe8c516202de887fa63bd5af14374bed489af84db050465217fce2e6663219f172c0983c76488231c02fc0e2aab6984ecc6782df70b3373646d90a2b59097b1042ca0a369c9949b3b8d3356291d5c62a0261c5843643de376035f6669fad01becd77e58948bc3b5a95ce59425a4cb7e96a504f6a44ea4a64dcced84d9f49600ab17ad9bd79be77df5f6c8b8ed4c3a4289320fb1827740ef0aef68ab8dc156e8643b16e4fd18a95fd9acbf92fc2d7dee6ab2fd92b7836bdd8ab344113df27f9755b0b856be75808dddecddc0e856c85c49bc5e3a83278abefbcf6173a6987ddbbb1915e9a2c172197aa807ff0809aa08520dea63aedf6aa279d4d7ce1c8ff05a989ae5ea5c1c715bb0a883b499d5a691772610189a851b61a28834f058648a745277df9c0a9605ac07fa187a2dcbce1d2d387b6f7bc07c26ad988f6ed39ed779add44eadc191a9def163e1debf2764e0bb9f0b986553cb72201f884f9ffac957d8ef32cba17dc29dba78f23f0a134b7eeb51020f70cf108dcc5cd9ee1a5a6e9c00ab05cf021b6aa2659badb1c18dca092f6ac7ce49384a3a3faa09fff3446ee9148f75efd14a171c9d916066ffabd36b000877d2ce2251a308379b8cf7d4a4d341d3b4336aefed52dfbc5bd040ff90c903f2f59206b581d5680375e3541b1188b7a48c0a73047a0aa7f944d25c5e53524e7578a58e9b68376bdf8c4da590a1a700cd06cd41266efb866ad9886d703d7475e5182c4af4b0feb0ef30774645fb7c392bd2911059453c78b4ce08d2a65f1483d9d34fee399b36545f17ae8737ec9574eb317dea53158349e957c14589538f1ce4b08e6ffd075eb4b0d934f21cecf62d718e772d9bd3afa062d4215578f5f39c211d6215e7c19f40bc70b4924c47df941276935cff5d2c20dc7fba878707cee87e096a59948c4272c7f92a14fa5b2cf5a064d07dc419779d5a9a6b526eb846d45f1837d3507d028b63d4ba5b80c96da163c6c67e5810435e6ba74d7710510ce65dabd7f66dde2c9a410c7de5c484051a1dd906f5ca688d39225ef35e5fe26835eae0c33697920d721a4e5f2cee58b0aac18cbfeee33139a037ce36918fa77cade9829a6468df10a2129d9612f047833e9842db5c02610eeb1c329181a12df49cc6fb35361db2ee8d04317023e05ea8118b086165e0b2661425a9256f1dc96e5b198b4da2c5916020bf8c68fc7d9b921bdbcb889b680a65bb3724e2165967d0893a0e294044e11929ffbce4fd17189072f0025a05dccfd982e6b293c0cb0fd1c9bc1d3bb99700b8b08c84f1890e51c831f097e32d2ed1bc6185572f94d14e765b9443df59161394ee78699038a93cb9a7cd4024ba7de8905cbba57b2bb46e4bcc9d73cd07f2352e2905f96710da4ca0cdc971115674949c5915c9a70ee684f0a339ce5eaeba962cfdd6cdbe8210a898a798ab05e62d9dbd461fe4646344e42d058dfdb61cd3fb9121d6544b79be70bb4e96e6712bd675bd3e4fcbf8287439e0dadb5dcd701e11c0ad561e02a680ef2f064700355aba97893ed53721076ef3542b1119de6700c3b9af1ff4af96a0fe506e5f378ce4eb67549cbb848824bf68cf7628c7f435478b3fa6fa107d59f18d60f3c9d6e0e2665c446141a655b2924b085c827f04339aacdb3062ec580bcf00c48d49c6b3a0c0540ce527182b3e3370009b48de9d1119b91a284d3729df88571a21eae63c41011d0fb348af719649e12004c56db11134e4ee73d09b146d087d2dd4eb51a90f562759cb4b606817f2486e2fb14ce03ec86ec8becf97689638b1eb4b36187f7b349572d5f9e8d28cd6c15f963d59a6b48b49cd1187fc202dc7271a139ea9da2e70fe00965b5c9f5f4ec8476dea157651b0ee387a7d399962499cda920481706987afa37ba2fc360efc2b4cf191b62d519275cd495850d9af883e4edba48b167e1525384c82490fa1f384449333bbe926f7967ac23c596a4758580fe66f5a1806b865961f1b9abe3408b377b0bb368324525ee4b37da6f26d0d379643c5cbc4cb78e766ea4172e86d93da5a33e210a8896416d529c41765b52eb575f9674ffddf601f390c0c569143f6e3d6b02090688862ccdddc204e1140ba4d400359cc7d3fbcee791a07d38c5d7a79172e095e84cf5b0d028e49640b2fd6d965e2e77dca16de7496056f40ba8162b43a187095297bd9cc95335007be8b6fa563a57944f3bcffcea2ee52a516a27c3a35bdf3e8ec94345205dec5eda618aca07c7d5ad4b6dc6707f9f0864bcdda9a8b6df164c4cd746b65cf63545dc3194352745ebbfc394f9ef914da3b14b5fed978b0dd92dfa6a032eb82726f8ffa9e23e035ebdfd1c5267b126fd42c8285f2157354f500c9011d5631326f61dd268fceefb56367700ac4073f936843543e702d1526e254d9b5668d64e8f036d8c0741050ee6b4b814b9ca0a9fd0a172e0e41d17f0fd37d7c193988d55f466942ee55e87058c234bbf8ed5509c74e613b25329e89aac2cf66991c883e109f671d3e9b6e4093bb549f85dc6f597d2adac7091d734fdb641adb27896213e5b975c0fa6c0fe141829cec6d7aa5169a9429b8f66ba66dfad856114d7ebca4829663f734e4dd22f04af5bbe1582124dde89fd5d7a1a42e615e840f1236ed8ec29b53e48a7c7a388e2671198e6ff965fccdaa4973993b8dd27ce3a04e825a4af6765e71fb2fb0a49b5a9152c487d2d616d0400f4d2bb64729ec63a4369b1e5993a8ca3286b9cd0cc3d313284bfec789040b86fd9194f798dce003a0a56b094fdb620d6cbd56d30308bdd6a25fbd8d608233584f7b1b7b47c18d89170e4c51c194aa96696042e027d5b41adbac2861681db326da9216213567a79ab333595ae63351fb1ba52a0e72efcd7e6882108ae5f5196e74721d46a46cd19038721127553995dbf3cc7539e9cf525533e0b2aa65ab4772bc7bdb1c4ce6cbd1f67f7fb0322d28c2b5c53bcc35d34af6d1042489308594afcc28fbe9e2ab094b460eb8d10bbca57b10e67fa982bdd74d8a6fea0eddc445d4e3309eb45a2fa98ff75c99ddf4a22431860bde14a7b11828a8d9cd8dbdd28023395069b0e4e373213292efaf41bd6c29688d727721415083ab57a3ac00df67d14f8c4afed61ee404b5913e65a6a68929828fda23a0a4258cc78c98b19254d999c4a9ff4ac5224d10c89b8adf59674077a932159ba6c069d5a88fd1033accc36471cb31efa0342e77e146d839072e2bb62cd9a73d8ceaf30f6b66dd79942abb766d15cca01c861387f36a11db91db45c8c328fbcd4622aae02159defa727a26adbe1b2c181296b2acdf5357c0405258983d221af03c246aa1b9d86ac064496b0a7a1070bcadab244adca5a25bfb18d12a72acb9a885eea4c84f278b9cc7f58e425258c18612e7c6757e0e4edc5d688b49f0122d5a6eca0e03b448c7e7697cc55735c8b2cec3477500d6f2d3683d2f161d797a386fab6eeef2063c31dd2d806b13f54878cd4649633360c618b7c883a565e62739328bf6eb2dea3ea04dd09c96fc034166681404618e0fcbee809fc961e71e99ddc011c9d53766be0360843f26f49f7a9125158638f18868f2b23056fb163141bd9645a3aca397f214d43e4a7dc6f16331571444542fea452db3c13ce4b77fb8af7157a407dccc16c3912ba5e0ed5ed8e636da42f6bcf4d07aa03217db5d803f439d6ab573e7403f5ad8bd19010c50b97b09aecb73d6768db4d0468943b323c41f9e78e33a796990f64b09673646b77dc42c2d8c798bd3316cef253b62f4c0b7f420b275b570ca3ab604b1be602a68383ece4181a68f596c62f7bddaccd828aad8376ac886b9029faa09185027393499656550694f8d498fbb21ba85b225b748a153ed399ab797306b5a06633623fdd171b263334ab042dc9a3388048fde3930aff428742623b74ba30b435f697fb2de9709b0670e07a213c68612e0b5ba5426e960829d06bdafdb4de63f73e148686f5089e9ec780ac534d3fb4a6517d649f8e94f79cb6fc59e8ba798c8f45934a718947ec963fb7fc8ac1e9b864485b948022796e954242dd28230e6af5a513fd90172e954c95e03c5c94973a38bb308a42f4b98aaac47bf68fd7381767e0b138a09f6b5a8743b3296af3e02ef9a8d845f23dd6c452fec96a30d52cc0eaa9e8262ec232c9fe6549bfa9fb074bfa6fb65cafd824562c58fa157144492f4a85667ac53ef8cfe9ae4f0da558f86007628ec3ae3cd2c38281fe86a222570d9ec102b6d4e75b1805842afca306caeda7bd9ad7152c656fa4bb427ec5acb87de0502663e17b62bbf335a1f98bb2970ea984de3a5a109c22823f6122d8754ee432c77c3203699b082265daeecd930784edecc5f85f9b422913e476a691c9e72cb48a6b8b1625984e28197d9e826f8f6477fbe6aeede0aa546b52c8db74a0e9991471a41ab84df2c34260e3b55d7b90f40e5c51c98c2f306552549dc67263b762df2c6edaf3bf865e427f8001e728f87d0172976c11e692bca3ef735d31341c3c44250975dcd4d5c41207003dfc8bef3ed1cb34a14da01036576b3670e262d25e1127cadd9e9f440d7c0168c801bb2d67bbac40bc574765b186c9ed263ea1a38eb08d593a7b01c7da1fc89641b4edb768dbdcf9b6f6c5db7e94419ec92f389f571a02e4e0b5ccf59fe33eed11be5ad0fb89a81faae590aa7ee84807a6aaac6dff3584b6ef44f4c9d09c41252f6387ca2126aa57da208e707bba8b622c4e1b0a6b30d6f2a3efa1be01d822c783bc760552f3273251a1582cf638439c583fe6d58a51f8fe2868d222742f5b6c6a12a6f5d20a6ae881adb4ab8ec2025afb54047397059fd322a537e1b3032e095703a86cfbf192d58c15e2ef5c8820b6c845252c1783224da643e544422558dfd67f4b4146b073c0d69ab2b28c5fef98414a562a771fade34fd129f9b5eb3ce1d82eae15dd7cef15d4f4acaceb5fa074e1cbad9cbe752be9c2ed7ffb9b74f0d2daa9b790a8655581b5e32a58722442bc80917203af68e2a43d8c406f745da6eb32cf8dc3440ac88bbe63ad543f8a757e7605e5cee5dd2ec0e597131feb6549d2099e23f9b86c6e39d4c49a53e89c1bfcac580fe8cc852129ebc9adb7e81a255060ff2fb38274342005ccc2f44fdb0edf63656157ea3fc88384560c5860f3e4010a3e6a858500cca49aad44016fa14a875baa0705f9c70e1b7c2f475a42952ba7abab37e02be59ac29e7f310bdcc1f0b6db8e82356040ebbfb2b67d61fc845557ddd9af7e0e9caa0844ba4a7358bec3bca5a2f5d0b1e4334310dd4844864ebcd16c3c532755ffd77df09517f1303c30c3ab3f0bc140102702fd9799d6d740ca51ff1c7e9e1afe7cf46090d8ed93dd7e8f32b60ecdf055ea5064418c7702711e9c4ab444993f503c8a1bea2ad541a6ad68738eb64245389a35d2a366eaad6372251afe394a7f956720b915c734d6e3d2f144edfbe072a930495eb2edcafac05cef75d8c002bbc013253fb6ee9df861aa71a908c5346602871f546ee562b023a5bc13eac34af4eb149c6e66290e43a47656222cb35925963983439e6c54d613bf860287bacfb7fbe9def7358d3e2fc0927ec734c18ff8b7376ddec41601ce2b7a46e95aafacf1daa1b95c1c93f6a7761409ed692f1fb825e38d174fd2b6f1013d2f9813ce3021a199faeff4ace0191f6e1360ef48de2c4276242a17c60a39e79cf187383aa7f76f3edec7e66cdd6f3eae75ccf759377d3db2e48d05b1255359057c97f0577bf602d334885ae5f0bfad40b423932a25a0dc52e20aff0a998bccef42c8a7e9f314e6035fe37b7a9d82d3132b06fdb233820f290d7ec64e04a46c505dbbff4b95da8f19ebd5e86b1efc7119780554b70b46df693b272af87d9bd8fb255d3fe63dc635b9ed7ef11758f0c462672e07de60365214bb74ef7530898f40154b3ba6e70d8d2b27201f4f6799446ea455f6e5d63b1076c6c1bded20b23104c92e978572f24aae6ed9ae47d9c0a3e25c79f6b9af41a2e7cc33297adcee7f260fe80e3acc06fdd40a6ab251fd8c9608f68d183884c7f43ee0a9b50c88c278d6291bf40ec2cab79307c4b22603f3f81d0289c35bae93b8fb7f78d16c5c3ac526a91a0ae6fab1e7a7ef6c24e2ac331c53894914ff0a74cb76115d525652391e1008a95cefe6df845651033148ccd5302eb493d7d52d1d98b75c57d57bd6cff6bf59a0ba14b9ba95ca4a1f9294ee6e30561206a8794cacf22101c82e02e4d14275b906c5cb5f5f1be10dc3e2f4dc7b8db786e74fa36d6f3b8fdfbda9809829dbc28875e138d7bbb9f027a3bbfa19d9347b12b1bf52fd3f5e4009d6a391f89fc8e206b310bba884b7b71f1e29e54ead726dc93ef6772eca6248b870e2ae1102949f68c33d1dc46f3c5c987cbc2797a02d80c993f487df16619cc334e2c874c8d97759113f66cd339f30f280c8c34a7efaf1b4a4982149b72c458554aa0ca7c8f9585a28aff2949e1c7cbf028ba817aac4a85382d6e5875f13f449905bc612b69e1fe8d69c493aadef090c444c99d253c30639a38ad3a9077ed35830a1ce79d3e6bdb34c438dd387071fbe206e93a9c973c68cede519d392bd755784af8b8eb0ff61fece960af84355b48245a9e99540600e8978bb30cdf0c4ffe5db8be11b6b72aa8fe7b5f89b20353eb73fc11dd4fe7f32e5188e339efde93a7ccb8f60057ae18e51564b90c9b3266b2fdcddf1de4c4f9254217575edcd45c7f10fd653d121c454ae33d6871bda19de842441e14d8fe77828618c76aaa4a4cb15688fa8e308cae4a3af679f041aba25309f56155b6e37c29b1741d9fa4ce944c9e8324f3831dc0a245ad8ee304cfec317a602c04003a5f5947bef28e68c6c06798e7ae21279d4bffc7eb96f0b333b4e7fe244302c27d697d8ba9729e5898c622f0a258738cf7adb835ad4143d346f1022397ec59f36707634b6722d1d18356531e5f1070a61aacd986660b1b0cd5b6fae74c35eaa629558abd12f141ad762ed7746c8e64bd058ec5e6f375a2903d1c38e3d29ebc7bd6d169d77ce86da5b8e3f00355b0d3bd2dbc8956488d76927bef31a45122dba04f7e633b3ee3acf53f1c5b068c7456dbf5713c7a50efa2e56814987b854272d4a5a273657fd1cf76fe12fca17c42f0ec0a92770f6353669da599b08d23110f27f2c59a7f06e1c071572f314a976f4c0f9240e404bf0a1e490dcf6dcfecfa574848db6a30fe507e1062ced3a16eb1ea135d5cf86e1fc19aaa944a133ef1778fbec5a402ef4a09114fc9e9a2b59df0c79cab93320b9806633bed3f9a2c86512724f31d01222e188d35cf152c1ef64bb84f1c1ba84375ce55025d6e541c4e7285a155bd573a65b059762ee30aaadbfe54fb121bf08f250949f29faefc64ffec1faf87353ade2ecdf7fa3cefa209d8ef3c73560f2af097a1ff41be631ff78903045189e803106ff1b5ec0471e0ae1ba87c8fda63d74cdf6506c8c0583fda0b0081c7daf8a57c725700ab67561d6bf58034f712c09ecf59d8f6c66b92df8d186d60baef1d49aad377b74ec4d01cb6c7f90f0c6579a5e1ac06dfa496b079964722bc3633cb4b61ba02aae6a4d9364b5698cd594789844cb80b7827d6a3b6d9cacd7b7e7a425f9e9894859a7ed7dd23597c4713a219cccc4f023968d697e707c627b016fd7754838df7831e5dea66745fbda6aa7d58ae1e571f231a2776f4ecf9f29d17466f44cad0578daf2a390fa9cb1caf19da5180c7db03735b1490e047e6d39fc714db76aaa4fe3907b56a6033243ea5232bb52e8492b28343d0a9606a85e1a3d0682349f0d2661083c974dc7b74145455272ebe7ec602d36fe6e9a783e73ab2833bb9c445b1b3b6827473f02a3329ec11125514bd10e572f851bfc1a71885b4d28b5224e657c95de37c1d62c614b634800d2e0da6e59171467bd3de56a8f7670621f9cbc86d93cfead7ed5e233c7a997c15882a7018673a8c5250cb741f02f05782a1f92f586da39bb45a9ed7e9ef54214625c2f26e004122b062ff497ca100f4fc8dd8d612d2693f2d3657e77add66c286689ff8bb245b55d2d544f7c4dc1db9cdc848315684266523972321e85bef51ee7ac309f0e7d2d92b25593d5cd9d38b507a636b0728f417f776838531097f960387b7a98a05015b9a45324897d26ce60c7b87520e8e7da602196fe9ea881018b38031d8e71d28615d8ea942920c72346a7d73a69442fec6a407d7c8ca23ec453b031d896b20be6d4f96c61cb20125e47924c3e394cb28d08e4142a2ccbcfb0a8f8cfa8f5b7e4b339fb2312013213c59d7a2800c6b689d984e216434fa3aa3f75239d51bb1b8e3147315fc4be85804aa98771d91d0b820a9b9fddf2351cc754f27b231474ea38efd81fb4df6adeedf0084a1575c08a5ebfae98e8420922bdab55e8a968da664b6a54b46d2aecaa91ea6747cc3d9e54d8c92e44644c705faeddac20547489db67adc8a2c2c9326a9af6cf6a55d059c4a0279bf067bc030f3418e5bf5f25500b196688b36cc69a24662f9ca8795836db22df615ec9976fcfe8234cf870c40346686f847dd823a4abe579655a3d7c780ab6bc00df319e9996c5f699bd1ad895a92412aa278faf7eefad319fd84e7e6a9dd0c7608bda6978884d11ba547824090f8b5e41fc4fb882841490ca7eea04caad149ef28ab937cf44dd159606905701786593598826bdd46ac64b22ddd8979643b1bd849b86e36448d62c19b3366d7b65d899fa1d557c841fa9ada9ce7fbefe7dafb5bf8306c0b88d452465386c7758e0380fdbb2eabad7094aaff4f7ecc50221b2e397d192b8fa469999ac404e3016b5179faf7e43cf467c3a54b672c4aa166bd7bf2f56adb233f41adbabf41d0bb25bb515612af68d8a3b5bcfa96d5e43170046e0814241ef996cb2120bc7cc84b31360a20d28f3abe5edde14c4702bec3f328b171cc1a5b2d0522bb646b302842481a3c04f9bc163b1d62b0c3af3f59724ced2f17cd7c52bdec6f9cd7f8bec6c7184d37f23f33a6e27afecec391912877c529f7d06caacebd29f5e9d9fc67bcfadf5256d4227fdde3b96dfe75bc9cccce3ce28b863c4265ecf9d80e1d5226bf16e38ca37b461a2f4f386cee502f3f469d4a3b7e54abe2e684b60958b179c439cd8c1b2dcfb7adbc8c3bd7de4ad89be7732818267f0dafbad4f6e6e06640c3beb161318c47f3f9d5994c205890997333e6f13f3a09fbd83895c5f5139345d074ca746c5e88ca9ad3baf2aa525bfd458963168b17ecabc985eacd7479198c3b1084c999950b2e96015585c1ce62098e937386484ac4d0d1695fc084db48ad8b147d432364289600ddd96e3c04ee25c7ed83cadb304915bdc2e63369a44eb763d05cbcdbc4223d4b7580bdf8b3f67d3d33a412389670fff6d9534c7ab55c9c6b8549c1d7de879fdb7e8a91a9ec1b95cc4c67cd741c853fd0de7ac12ada7c9e11246c3aebe4ece6b2866bee82e626dcae3f9ca913e1cfd5af4017aa02b85b8ce2f13854766c69ca986d2795305206c25d138ed8642642fac4d12f717fa7baf5f1882b6302fdffb93b67cca6f861fe54f8f4ad765ca5f85cfb86e08061a67d6b50504288487f04f931363f0011a99a901d184f73136bd57284dc1ab4eb05ae0f1465bce9553905f8bb1f5f4c55c2604e8341706a3ff05923faeadc378e1bbdf8cad853a919c9bf9570bf5d451be3e1579c100b241d4ca8959f37899172bb5721cadbfea35216a127f3d6869cf95c74f50b5bbbc6e6d9e31f36c35ef70103567df7d06f386edc6c31e46911a35f200bad1ebefb09c561584e5aad16c1696cf688370230906f79cb7f47e51f8504d7cef3f448c23bcc175828dc44ba676510f57ac16c8508c4ed6468de5842674dddc9ec7f0bfe0837735a3118a016a77697808aacb1a9464ee54457a769c07a2ecaeb915381eadad593ffcec5a441c4081a5b485c9c4aecc92d18e5b98eb03f42288bc5b7b167d12a6e272674e3ac3b0fcce68d68c5c3f10e28d5cf1d919a0a5fa7c328d7779205897d229401bd6b31f4350ac3f01fe2a6eb9454f55452270053c6476d374198466c546d90e10dbf95780e507df100676644e22e0215e5c365b41411a37574289ce2368bd834fae435294f023a7f00a8b874957e30969446db4c93d7ae7602ade78b93aa19c48dff707fe1973541bf877a6445cef90d5003f3278b779a5f6f5d4994e905a3d04c8e05fbc853bd507e1b11b7de6b2ae3d0c99b8f88f37a51ca3be0c34b6aff9696013e5a4f7bce5f35ecd212e1d7c88dab717c24d374566130d8f6e91181fe7e804c7ed1cd644d776c5c5af274ca7e52d7d83447b986a2454dc6fd8e2f89d668d8297ece21182a77b26e6cf434d31ee2d0007e426c8d92d47a5b96750b06d0e52ffc28babc9226d37ca69f6c5e9f5d9c819fc424f7d231738cf4c7da002af9f9d262caa308ddf1cc5752cf63f1d43bff01e4005a5a9e19daf5d9a3cbbba368b9fd8c07e5459a4e13e9c1233b433a3b8bc983fca161b3e707d1fcd322986942b986a955f8e0e584f5a1445cb5cf05108c49cddf29cb08ddac309e632d5ceed63b411bb6d786237ef52f9458d643f3a94d69093e12640e7ffbfdc1b8fceb2d5ed5193331070d7bcb211a297b1a766fab64aa9e6140d0912f38c7d24adc4dd277828a5e53a46f0f585e9b5dd727b3bd819fd8d96fb3e50fff4fe51746b546058cc4d61cf38d6a0c57adc65323eb1c89d7db2c7df3c27962a766a364a574b492aaab425999589274e84d24a2a631cf8bef5101c1f0d10968893807d65864f5c285babf49c8cb9272e9989158b4c49847142b985bea7de54ce41fb8103b000

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

daisey25
Novice
Novice

Posts Posts : 7
Joined Joined : 2009-06-18
OS OS : xp
Points Points : 27319
# Likes # Likes : 0

View user profile

Back to top Go down

Re: bankerfox.A and Win32/nugel.E

Post by daisey25 on 19th June 2009, 12:43 am

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"c:\\Program Files\\FrostWire\\FrostWire.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\eMule\\emule.exe"=
"c:\\Program Files\\messenger\\msmsgs.exe"=
"c:\\WINDOWS\\system32\\LEXPPS.EXE"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"8085:TCP"= 8085:TCP:driver

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [6/17/2009 4:59 PM 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [6/17/2009 4:59 PM 20560]
R3 crtaud;Conexant Riptide WDM Audio Driver;c:\windows\system32\drivers\crtaud.sys [1/4/2009 4:21 PM 42112]
R3 rpfun;Conexant Riptide Dummy Driver;c:\windows\system32\drivers\rpfun.sys [1/4/2009 4:21 PM 3840]
R3 rthwcls;Conexant Riptide Bus / Firmware Downloader;c:\windows\system32\drivers\rthwcls.sys [1/4/2009 4:21 PM 30720]

daisey25
Novice
Novice

Posts Posts : 7
Joined Joined : 2009-06-18
OS OS : xp
Points Points : 27319
# Likes # Likes : 0

View user profile

Back to top Go down

Re: bankerfox.A and Win32/nugel.E

Post by daisey25 on 19th June 2009, 12:45 am

it will not let me post the rest, it says its to big..

and the in the tast bar the ANTIVIRUS SYSTEM PRO is not there anymore and i have no pop up from it.

daisey25
Novice
Novice

Posts Posts : 7
Joined Joined : 2009-06-18
OS OS : xp
Points Points : 27319
# Likes # Likes : 0

View user profile

Back to top Go down

Re: bankerfox.A and Win32/nugel.E

Post by Belahzur on 19th June 2009, 8:12 am

Hello.
Please upload it the log at rapidshare.com, in the mean time, lets get an uninstall log before we remove the leftovers.

  • Open HijackThis.
  • When Hijack This opens, click "Open the Misc Tools section"
  • Then select "Open Uninstall Manager"
  • Click on "Save List..." (generates uninstall_list.txt)
  • Click Save, copy and paste the results in your next post.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245101
# Likes # Likes : 1

View user profile

Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum