spylock tuli takaisin, tässä loki

Discussion in 'Virukset ja haittaohjelmat - HijackThis -logit' started by anxtar, Jun 6, 2007.

  1. anxtar

    anxtar Member

    Joined:
    May 24, 2007
    Messages:
    29
    Likes Received:
    0
    Trophy Points:
    11
    Päivän ku on pois ni heti on virukset vallanu koneen...eli toi spylockin retale vilkkuu tuol alakulmassa, skannasin avg:llä ei antanu mitään, blacklight ei antanu mitään.. et jos tosta näkyis..kiitän ja kumarran=)



    Logfile of HijackThis v1.99.1
    Scan saved at 23:39:36, on 6.6.2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\SYSTEM32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Sygate\SPF\smc.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\Program Files\CyberLink\Shared files\RichVideo.exe
    C:\Program Files\Spyware Terminator\sp_rsser.exe
    C:\Program Files\Winamp\winampa.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
    C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
    C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe
    C:\Program Files\MSN Messenger\MsnMsgr.Exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\MSN Messenger\usnsvc.exe
    C:\Program Files\HijackThis\HijackThis.exe

    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O3 - Toolbar: AOL Security Toolbar - {3BB63FD4-3C00-44D7-94A9-5DE211900DEF} - C:\Program Files\AOL Security Toolbar\AOL_security_toolbar.dll (file missing)
    O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
    O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
    O4 - HKLM\..\Run: [SpywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"
    O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll (file missing)
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll (file missing)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {0B79F48A-E8D6-11DB-9283-E25056D89593} (F-Secure Online Scanner 3.1) - http://support.f-secure.com/ols/fscax.cab
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Unknown owner - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe (file missing)
    O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Unknown owner - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe (file missing)
    O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: Google Updater Service (gusvc) - Unknown owner - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (file missing)
    O23 - Service: iPod-palvelu (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
    O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe
    O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe
     
    anxtar, Jun 6, 2007
    #1
  2. Etzo

    Etzo Regular member

    Joined:
    Feb 8, 2007
    Messages:
    489
    Likes Received:
    0
    Trophy Points:
    26
    moi kokeiles tästä

    Lataa SmitfraudFix (by S!Ri) työpöydällesi.

    Tuplaklikkaa tiedostoa SmitfraudFix.exe

    Valitse optio #1 - Search kirjoittamalla 1 ja painamalla "Enter"; tekstitiedosto avautuu, joka listaa tarttuneet tiedostot (jos olemassa).
    Postita tämän tekstitiedoston sisältö viestiketjuusi.

    **Jos työkalu ei käynnisty työpöydältä niin siirrä SmitfraudFix.exe suoraan järjestelmäaseman juureen (yleensä C:). Kokeile sitten käynnistää ohjelma uudestaan sieltä.

    Huomaa : process.exe filun tunnistaa jotkut Anti-virus ohjelmat (AntiVir, Dr.Web, Kaspersky) "Haittakaluna"; se ei ole virus, vaan ohjelma joka pysäyttää prosesseja. A/V ohjelmat eivät pysty tunnistamaan hyvän ja pahan käytön tälläisten ohjelmian väliltä, silloin ne saattavat varoittaa käyttäjää.
    http://www.beyondlogic.org/consulting/processutil/processutil.htm
     
    Etzo, Jun 7, 2007
    #2
  3. anxtar

    anxtar Member

    Joined:
    May 24, 2007
    Messages:
    29
    Likes Received:
    0
    Trophy Points:
    11
    unohdin muuten kertoo tos viestis et mun kone ei avaa tota smittia..viimeks kokeilin ja se vaan vilahtaa tos ruudus..oisko joku muu vastaava?
     
    anxtar, Jun 7, 2007
    #3
  4. anxtar

    anxtar Member

    Joined:
    May 24, 2007
    Messages:
    29
    Likes Received:
    0
    Trophy Points:
    11
    laitan nyt vaik tän dss:n main lokin jos se auttas, sitä toista ei edes tullu...

    Deckard's System Scanner v20070426.43
    Run by Ansku on 2007-06-07 at 18:16:11
    Computer is in Normal Mode.
    --------------------------------------------------------------------------------



    -- HijackThis (run as Ansku.exe) -----------------------------------------------

    Logfile of HijackThis v1.99.1
    Scan saved at 18:17:12, on 7.6.2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\SYSTEM32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Sygate\SPF\smc.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\Program Files\CyberLink\Shared files\RichVideo.exe
    C:\Program Files\Spyware Terminator\sp_rsser.exe
    C:\Program Files\Winamp\winampa.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
    C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
    C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe
    C:\Program Files\MSN Messenger\MsnMsgr.Exe
    C:\Program Files\MSN Messenger\usnsvc.exe
    C:\Documents and Settings\Ansku\Työpöytä\dss.exe
    C:\PROGRA~1\HIJACK~1\Ansku.exe

    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
    O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
    O4 - HKLM\..\Run: [SpywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"
    O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll (file missing)
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll (file missing)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {0B79F48A-E8D6-11DB-9283-E25056D89593} (F-Secure Online Scanner 3.1) - http://support.f-secure.com/ols/fscax.cab
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Unknown owner - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe (file missing)
    O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Unknown owner - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe (file missing)
    O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: Google Updater Service (gusvc) - Unknown owner - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (file missing)
    O23 - Service: iPod-palvelu (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
    O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe
    O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe


    -- Files created between 2007-05-07 and 2007-06-07 -----------------------------

    2007-06-06 23:36:34 21075 --a------ C:\WINDOWS\system32\drivers\wpsdrvnt.sys <Not Verified; Sygate Technologies, Inc.; wpsdrvnt>
    2007-06-06 23:36:34 60496 --a------ C:\WINDOWS\system32\drivers\Teefer.sys <Not Verified; Sygate Technologies, Inc.; Sygate Teefer Driver>
    2007-06-06 23:36:17 0 d-------- C:\Program Files\Sygate
    2007-06-06 23:35:50 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
    2007-06-06 22:58:56 138368 --a------ C:\WINDOWS\system32\drivers\sp_rsdrv2.sys
    2007-06-06 22:48:35 0 d-------- C:\Documents and Settings\All Users\Application Data\Spyware Terminator
    2007-06-06 22:48:34 0 d-------- C:\Documents and Settings\Ansku\Application Data\Spyware Terminator
    2007-06-06 22:48:33 0 d-------- C:\Program Files\Spyware Terminator
    2007-06-06 22:10:48 0 dr-h----- C:\Documents and Settings\Ansku\Recent
    2007-06-05 12:13:11 0 d-------- C:\Documents and Settings\Ansku\Application Data\IMVU
    2007-06-04 23:11:29 0 d-------- C:\WINDOWS\RegisteredPackages
    2007-06-04 22:18:04 0 d-------- C:\Program Files\thriXXX
    2007-06-03 20:03:55 0 d-------- C:\Downloads
    2007-05-27 19:18:06 118784 --a------ C:\WINDOWS\system32\MSSTDFMT.DLL <Not Verified; Microsoft Corporation; MSSTDFMT Object Library>
    2007-05-27 19:18:06 0 d-------- C:\Program Files\SpywareBlaster
    2007-05-27 19:00:13 4212 ---h----- C:\WINDOWS\system32\zllictbl.dat
    2007-05-27 18:59:57 11264 --a------ C:\WINDOWS\system32\SpOrder.dll <Not Verified; Microsoft Corporation; Microsoft(R) Windows NT(TM) Operating System>
    2007-05-27 18:58:37 0 d-------- C:\WINDOWS\Internet Logs
    2007-05-26 14:31:39 0 d-------- C:\Program Files\Common Files\Java
    2007-05-25 21:00:58 4 --a------ C:\SmitfraudFix.exe
    2007-05-25 15:19:27 0 d-------- C:\Documents and Settings\Ansku\DoctorWeb
    2007-05-25 14:59:07 0 d-------- C:\Program Files\RogueRemover
    2007-05-25 14:58:37 933750 --a------ C:\rr-free-setup.exe
    2007-05-25 14:46:17 0 d-------- C:\!KillBox
    2007-05-24 17:54:45 0 d-------- C:\Program Files\AOL Security Toolbar
    2007-05-24 17:38:37 0 d-------- C:\FIXPATH2
    2007-05-24 12:47:10 0 d-------- C:\WINDOWS\SxsCaPendDel
    2007-05-24 12:47:07 0 d-------- C:\Program Files\Common Files\iS3
    2007-05-24 03:58:00 0 d-------- C:\WINDOWS\system32\Panda Software
    2007-05-24 03:17:06 0 d-------- C:\WINDOWS\BDOSCAN8
    2007-05-24 02:20:20 0 d-------- C:\Documents and Settings\All Users\Application Data\STOPzilla!
    2007-05-23 11:50:18 1107022 --a------ C:\SubtitleWorkshop251.exe
    2007-05-22 00:35:19 0 d-------- C:\Program Files\iPod
    2007-05-22 00:35:06 0 d-------- C:\Program Files\iTunes
    2007-05-21 16:51:14 0 d-------- C:\Documents and Settings\Ansku\Application Data\vlc
    2007-05-21 16:14:50 0 d-------- C:\Program Files\VideoLAN
    2007-05-21 15:59:41 0 d-------- C:\TempDVD
    2007-05-21 15:55:12 0 d-------- C:\Program Files\AviSynth 2.5
    2007-05-21 15:55:08 57344 --a------ C:\WINDOWS\SSEUninstaller.exe <Not Verified; ; SSE Setup Uninstall Module by Chris Long 2004-2006. Freeware for non-commercial use.>
    2007-05-21 15:54:57 32768 --a------ C:\WINDOWS\system32\ShellLnkSSE.dll <Not Verified; ; pShellLink>
    2007-05-21 15:54:57 44544 --a------ C:\WINDOWS\system32\Gif89.dll <Not Verified; ; Gif89 Module>
    2007-05-21 14:57:56 0 d-------- C:\Documents and Settings\Ansku\Application Data\URUSoft
    2007-05-21 14:57:52 0 d-------- C:\Program Files\URUSoft
    2007-05-21 14:53:55 0 d-------- C:\Documents and Settings\Ansku\Application Data\WinRAR
    2007-05-21 14:24:39 0 d-------- C:\Documents and Settings\Ansku\Application Data\BSplayer
    2007-05-21 14:24:39 0 d-------- C:\Documents and Settings\Ansku\Application Data\BSplayer Pro
    2007-05-21 14:24:38 0 d-------- C:\Program Files\Webteh
    2007-05-21 14:06:13 0 d-------- C:\VobSub
    2007-05-21 13:49:49 0 d-------- C:\Documents and Settings\Ansku\Application Data\Media Player Classic
    2007-05-21 13:42:30 0 d-------- C:\Program Files\Gabest
    2007-05-21 13:31:57 0 d-------- C:\ffdshow
    2007-05-19 21:11:13 638976 --a------ C:\WINDOWS\system32\divx.dll <Not Verified; DivXNetworks, Inc.; DivX Video for Windows Codec>
    2007-05-19 20:45:02 0 --a------ C:\WINDOWS\nsreg.dat
    2007-05-19 20:13:49 0 d-------- C:\Program Files\DivX
    2007-05-19 20:09:19 0 d-------- C:\Documents and Settings\All Users\Application Data\Azureus
    2007-05-19 20:09:16 0 d-------- C:\Documents and Settings\Ansku\Application Data\Azureus
    2007-05-16 00:32:07 0 d-------- C:\Program Files\Eudemons Online
    2007-05-16 00:18:42 0 d-------- C:\Documents and Settings\Ansku\Application Data\InstallShield
    2007-05-14 21:27:49 0 d-------- C:\Documents and Settings\All Users\Application Data\JollyBear
    2007-05-13 21:45:27 0 d-------- C:\Program Files\Common Files\AVSMedia
    2007-05-13 21:45:26 139264 --a------ C:\WINDOWS\system32\xvidvfw.dll
    2007-05-13 21:45:26 524288 --a------ C:\WINDOWS\system32\xvidcore.dll
    2007-05-13 21:45:26 413760 --a------ C:\WINDOWS\system32\mpg4c32.dll <Not Verified; Microsoft Corporation; Microsoft MPEG-4 Video Codec>
    2007-05-13 21:45:26 261632 --a------ C:\WINDOWS\system32\mcdvd_32.dll <Not Verified; MainConcept; MainConcept DV Codec "2.0.4>
    2007-05-13 21:05:45 0 d-------- C:\Documents and Settings\All Users\Application Data\Entriq
    2007-05-13 21:05:37 0 d-------- C:\Program Files\Entriq
    2007-05-12 16:17:57 0 d-------- C:\Program Files\Fairies
    2007-05-12 16:14:04 0 d-------- C:\Program Files\Magic Vines
    2007-05-09 00:45:05 0 d-------- C:\Documents and Settings\Ansku\Application Data\Mozilla
    2007-05-09 00:44:31 0 d-------- C:\Documents and Settings\Ansku\Application Data\SecondLife
    2007-05-08 21:01:11 0 d-------- C:\Documents and Settings\All Users\Application Data\BigFishGamesCache
    2007-05-08 21:01:09 0 d-------- C:\Program Files\bfgclient
    2007-05-07 23:47:58 597 --a------ C:\WINDOWS\wwwconfig.dat
    2007-05-07 14:24:54 0 d-------- C:\Documents and Settings\Ansku\Application Data\MysteryStudio


    -- Find3M Report ---------------------------------------------------------------

    2007-06-05 00:00:05 7168 --a-s---- C:\WINDOWS\system32\eeuydc.dll
    2007-06-04 23:20:10 283024 --a------ C:\WINDOWS\system32\perfh00B.dat
    2007-06-04 23:20:10 48448 --a------ C:\WINDOWS\system32\perfc00B.dat
    2007-06-04 23:19:06 0 d-------- C:\Program Files\Windows NT
    2007-05-26 14:32:58 0 d-------- C:\Program Files\Java
    2007-05-24 19:50:08 0 d--h----- C:\Program Files\InstallShield Installation Information
    2007-05-22 00:34:02 0 d-------- C:\Program Files\QuickTime
    2007-05-20 18:55:38 84 --a------ C:\Documents and Settings\Ansku\Application Data\AVSDVDPlayer.m3u
    2007-05-19 20:29:56 0 d-------- C:\Program Files\Winamp
    2007-05-15 20:54:52 0 d-------- C:\Program Files\Common Files\Companion Wizard
    2007-05-14 20:56:33 532 --a------ C:\CONFIG.SYS
    2007-05-10 18:56:50 0 d-------- C:\Program Files\MSN Messenger
    2007-05-06 22:02:02 0 d-------- C:\Documents and Settings\Ansku\Application Data\PlayFirst
    2007-05-06 20:52:34 19 --a------ C:\WINDOWS\popcinfo.dat
    2007-05-06 19:34:46 0 d-------- C:\Documents and Settings\Ansku\Application Data\Gaijin Ent
    2007-05-04 12:15:48 0 d-------- C:\Program Files\DCPlusPlus
    2007-04-28 10:26:06 0 d-------- C:\Program Files\Apple Software Update
    2007-04-28 10:25:36 0 d-------- C:\Program Files\Siemens Subscriber Networks
    2007-04-28 10:25:01 0 d-------- C:\Program Files\Shockwave.com
    2007-04-28 10:25:01 0 d-------- C:\Program Files\Online Services
    2007-04-28 10:25:01 0 d-------- C:\Program Files\Common Files\InstallShield
    2007-04-28 10:25:01 0 d-------- C:\Program Files\Common Files\Adobe
    2007-04-28 10:25:01 0 d-------- C:\Program Files\BFG
    2007-04-28 10:25:01 0 d-------- C:\Program Files\B2BPOKER
    2007-04-28 09:53:25 0 d-------- C:\Program Files\Skins
    2007-04-28 00:00:36 0 d-------- C:\Program Files\CyberLink
    2007-04-27 23:57:04 0 d-------- C:\Documents and Settings\Ansku\Application Data\Macromedia
    2007-04-26 19:41:53 0 d-------- C:\Program Files\images
    2007-04-09 15:50:41 0 d-------- C:\Documents and Settings\Ansku\Application Data\Apple Computer
    2007-04-09 14:20:23 0 d-------- C:\Documents and Settings\Ansku\Application Data\MusicIP
    2007-04-08 22:37:48 0 d-------- C:\Program Files\creatures


    -- Registry Dump ---------------------------------------------------------------

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
    {53707962-6F74-2D53-2644-206D7942484F} C:\PROGRA~1\SPYBOT~1\SDHelper.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
    "WinampAgent"="C:\\Program Files\\Winamp\\winampa.exe"
    "!AVG Anti-Spyware"="\"C:\\Program Files\\Grisoft\\AVG Anti-Spyware 7.5\\avgas.exe\" /minimized"
    "SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.6.0_01\\bin\\jusched.exe\""
    "SpywareTerminator"="\"C:\\Program Files\\Spyware Terminator\\SpywareTerminatorShield.exe\""
    "SmcService"="C:\\PROGRA~1\\Sygate\\SPF\\smc.exe -startgui"

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
    "MsnMsgr"="\"C:\\Program Files\\MSN Messenger\\MsnMsgr.Exe\" /background"

    [HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
    "CTFMON.EXE"="C:\\WINDOWS\\system32\\CTFMON.EXE"

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
    "DisableRegistryTools"=dword:00000000

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
    "{44e670f2-d57b-4815-a576-955d17dbbf2d}"="auditioned"

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
    "{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5"

    HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa
    Authentication Packages REG_MULTI_SZ msv1_0\0\0
    Security Packages REG_MULTI_SZ kerberos\0msv1_0\0schannel\0wdigest\0\0
    Notification Packages REG_MULTI_SZ scecli\0\0


    [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
    HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
    LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
    NetworkService REG_MULTI_SZ DnsCache\0\0
    DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0
    rpcss REG_MULTI_SZ RpcSs\0\0
    imgsvc REG_MULTI_SZ StiSvc\0\0
    termsvcs REG_MULTI_SZ TermService\0\0
    WudfServiceGroup REG_MULTI_SZ WUDFSvc\0\0



    -- End of Deckard's System Scanner: finished at 2007-06-07 at 18:17:43 ---------
     
    anxtar, Jun 7, 2007
    #4

Share This Page