Fyrir nokkrum dögum þá var ég að skoða einhverja svona flash síðu, allt í einu þegar ég var að fara að spila einhvern leik þá kom svona gluggi sem líktist svona security drasli, í heimsku minni þá ýtti ég á OK án þess að hugsa mig um en svo sá ég að þetta var einhver helv. auglýsing! Núna er tölvan mín FULL af spyware.
Ég hef þegar skannað oft og mörgu sinnum með spybot og ad-aware en ennþá eru nokkrir eftir. Þessir sem ég eftir eru og ég hef mestekið eftir heita í Processes t.d. Pco77i, SisJcis, Hrnn33xW, Gnsd, Uax65 og Ins4fm8. Flestir þessa spybotta “re-spawna” þegar ég slekk á þeim og þá undir öðru nafni.
Hér er svo startuplistinn:
StartupList report, 2.5.2004, 14:33:10
StartupList version: 1.52
Started from : C:\\Documents and Settings\\Egill\\Desktop\\StartupList.EXE
Detected: Windows XP SP1 (WinNT 5.01.2600)
Detected: Internet Explorer v6.00 SP1 (6.00.2800.1106)
* Using default options
==================================================
Running processes:
C:\\Windows\\System32\\smss.exe
C:\\Windows\\system32\\winlogon.exe
C:\\Windows\\system32\\services.exe
C:\\Windows\\system32\\lsass.exe
C:\\Windows\\system32\\svchost.exe
C:\\Windows\\System32\\svchost.exe
C:\\Windows\\system32\\spoolsv.exe
C:\\Program Files\\Common Files\\Symantec Shared\\ccEvtMgr.exe
C:\\Windows\\Explorer.EXE
C:\\Windows\\System32\\DRIVERS\\CDANTSRV.EXE
C:\\Program Files\\Norton AntiVirus\\navapsvc.exe
C:\\Program Files\\Norton Internet Security\\NISUM.EXE
C:\\Windows\\System32\\NMSSvc.exe
C:\\Program Files\\Norton AntiVirus\\AdvTools\\NPROTECT.EXE
C:\\Windows\\System32\\nvsvc32.exe
C:\\Program Files\\Analog Devices\\SoundMAX\\SMAgent.exe
C:\\Program Files\\Norton Internet Security\\SymProxySvc.exe
C:\\Program Files\\Norton Internet Security\\NISSERV.EXE
C:\\Program Files\\Analog Devices\\SoundMAX\\DrvLsnr.exe
C:\\Program Files\\COMPAQ\\Easy Access Button Support\\StartEAK.exe
C:\\Program Files\\Compaq\\Easy Access Button Support\\CPQEAKSYSTEMTRAY.EXE
C:\\Program Files\\Compaq\\Easy Access Button Support\\CPQEADM.EXE
C:\\Compaq\\EAKDRV\\EAUSBKBD.EXE
C:\\Program Files\\Roxio\\Easy CD Creator 5\\DirectCD\\DirectCD.exe
C:\\Program Files\\Norton Internet Security\\IAMAPP.EXE
C:\\PROGRA~1\\Compaq\\EASYAC~1\\BttnServ.exe
C:\\Windows\\System32\\rundll32.exe
C:\\Windows\\System32\\NotifyPhoneBook.exe
C:\\Program Files\\NetInternals\\CostAware\\niIPCApp.exe
C:\\Windows\\System32\\MMTray.exe
C:\\Windows\\System32\\MMTray2k.exe
C:\\Windows\\System32\\MMTrayLSI.exe
C:\\Program Files\\HighCriteria\\TotalRecorder\\TotRecSched.exe
C:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe
C:\\Windows\\System32\\msqmgr.exe
C:\\PROGRA~1\\PANICW~1\\POP-UP~1\\PSFree.exe
C:\\Program Files\\MSN Messenger\\msnmsgr.exe
C:\\Program Files\\Norton Internet Security\\ATRACK.EXE
C:\\Program Files\\Internet Explorer\\iexplore.exe
C:\\Program Files\\Internet Explorer\\iexplore.exe
C:\\Documents and Settings\\Egill\\Desktop\\StartupList.exe
————————————————–
Listing of startup folders:
Shell folders Startup:
[C:\\Documents and Settings\\Egill\\Start Menu\\Programs\\Startup]
3DNA Auto-Update.lnk = C:\\Program Files\\3DNA\\WiseUpdt.exe
3DNA Desktop.lnk = C:\\Program Files\\3DNA\\Resources\\3dnasys.exe
Shell folders Common Startup:
[C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup]
Adobe Gamma Loader.lnk = C:\\Program Files\\Common Files\\Adobe\\Calibration\\Adobe Gamma Loader.exe
InterVideo WinCinema Manager.lnk = C:\\Program Files\\InterVideo\\Common\\Bin\\WinCinemaMgr.exe
Microsoft Office.lnk = C:\\Program Files\\Microsoft Office\\Office10\\OSA.EXE
————————————————–
Checking Windows NT UserInit:
[HKLM\\Software\\Microsoft\\Windows NT\\CurrentVersion\\Winlogon]
UserInit = C:\\WINDOWS\\system32\\userinit.exe,
————————————————–
Autorun entries from Registry:
HKLM\\Software\\Microsoft\\Windows\\CurrentVersion\\Run
IgfxTray = C:\\Windows\\System32\\igfxtray.exe
HotKeysCmds = C:\\Windows\\System32\\hkcmd.exe
Smapp = C:\\Program Files\\Analog Devices\\SoundMAX\\Smtray.exe
DrvLsnr = C:\\Program Files\\Analog Devices\\SoundMAX\\DrvLsnr.exe
CPQEASYACC = C:\\Program Files\\COMPAQ\\Easy Access Button Support\\StartEAK.exe
WCOLOREAL = “C:\\Program Files\\COMPAQ\\Coloreal\\coloreal.exe”
NvCplDaemon = RUNDLL32.EXE C:\\Windows\\System32\\NvCpl.dll,NvStartup
nwiz = nwiz.exe /install
AdaptecDirectCD = “C:\\Program Files\\Roxio\\Easy CD Creator 5\\DirectCD\\DirectCD.exe”
iamapp = C:\\Program Files\\Norton Internet Security\\IAMAPP.EXE
AME_CSA = rundll32 amecsa.cpl,RUN_DLL
CloneCDElbyCDFL = “C:\\Program Files\\Elaborate Bytes\\CloneCD\\ElbyCheck.exe” /L ElbyCDFL
CostAware = C:\\Program Files\\NetInternals\\CostAware\\niIPCApp.exe
MMTray = MMTray.exe
MMTray2K = MMTray2k.exe
MMTrayLSI = MMTrayLSI.exe
QuickTime Task = “C:\\Windows\\System32\\qttask.exe” -atboottime
WinampAgent = “C:\\Program Files\\Winamp3\\winampa.exe”
LogonStudio = “C:\\Program Files\\WinCustomize\\LogonStudio\\logonstudio.exe” /RANDOM
TotalRecorderScheduler = C:\\Program Files\\HighCriteria\\TotalRecorder\\TotRecSched.exe
ccApp = “C:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe”
ccRegVfy = “C:\\Program Files\\Common Files\\Symantec Shared\\ccRegVfy.exe”
Advanced Tools Check = C:\\PROGRA~1\\NORTON~1\\AdvTools\\ADVCHK.EXE
Microsoft QMGR = msqmgr.exe
NvMediaCenter = RUNDLL32.EXE C:\\Windows\\System32\\NvMcTray.dll,NvTaskbarInit
Dsi = C:\\Windows\\System32\\dp-him.exe
v29h35Q = C:\\Windows\\System32\\tracfgx.exe
————————————————–
Autorun entries from Registry:
HKLM\\Software\\Microsoft\\Windows\\CurrentVersion\\RunServices
Microsoft QMGR = msqmgr.exe
————————————————–
Autorun entries from Registry:
HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Run
PopUpStopperFreeEdition = “C:\\PROGRA~1\\PANICW~1\\POP-UP~1\\PSFree.exe”
Steam = C:\\Documents and Settings\\Egill\\My Documents\\GORMUR II\\DC++\\half-life\\Steam.exe -silent
msnmsgr = “C:\\Program Files\\MSN Messenger\\msnmsgr.exe” /background
WNSI = C:\\Windows\\System32\\wnscpsv.exe
————————————————–
Shell & screensaver key from C:\\Windows\\SYSTEM.INI:
Shell=*INI section not found*
SCRNSAVE.EXE=*INI section not found*
drivers=*INI section not found*
Shell & screensaver key from Registry:
Shell=Explorer.exe
SCRNSAVE.EXE=C:\\Windows\\System32\\sstext3d.scr
drivers=*Registry value not found*
Policies Shell key:
HKCU\\..\\Policies: Shell=*Registry key not found*
HKLM\\..\\Policies: Shell=*Registry value not found*
————————————————–
Enumerating Browser Helper Objects:
MyWebSearch Search Assistant BHO - C:\\Program Files\\MyWebSearch\\SrchAstt\\1.bin\\MWSSRCAS.DLL - {00A6FAF1-072E-44cf-8957-5838F569A31D}
(no name) - C:\\Program Files\\Adobe\\Acrobat 5.0\\Reader\\ActiveX\\AcroIEHelper.ocx - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
(no name) - C:\\PROGRA~1\\SPYBOT~1\\SDHelper.dll - {53707962-6F74-2D53-2644-206D7942484F}
NAV Helper - C:\\Program Files\\Norton AntiVirus\\NavShExt.dll - {BDF3E430-B101-42AD-A544-FADC6B084872}
————————————————–
Enumerating Task Scheduler jobs:
Norton AntiVirus - Scan my computer.job
Symantec NetDetect.job
————————————————–
Enumerating Download Program Files:
[Checkers Class]
InProcServer32 = C:\\WINDOWS\\Downloaded Program Files\\msgrchkr.dll
CODEBASE = http://messenger.zone.msn.com/binary/msgrchkr.cab
[DjVuCtl Class]
InProcServer32 = C:\\Program Files\\LizardTech\\DjVuControl\\DjVuCntl.dll
CODEBASE = http://www.lizardtech.com/plugins/en_US/DjVuControl_en_US.cab
[Shockwave ActiveX Control]
InProcServer32 = C:\\WINDOWS\\system32\\Macromed\\Director\\SwDir.dll
CODEBASE = http://download.macromedia.com/pub/shockwave/cabs/director/swdir.cab
[{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB}]
CODEBASE = http://imgfarm.com/images/nocache/funwebproducts/SmileyCentralInitialSetup1.0.0.5.exe
[Illuminatus 5 IE Plugin]
InProcServer32 = C:\\WINDOWS\\Downloaded Program Files\\ilm5.ocx
CODEBASE = http://www.digitalworkshop.com/OpusPlugins/ilm500.cab
[Vacpro.emsat_ver2]
InProcServer32 = C:\\WINDOWS\\Downloaded Program Files\\emsat_ver2.ocx
CODEBASE = http://www.7adpower.com/dialer/emsat_ver2.CAB
[GSDACtl Class]
InProcServer32 = C:\\WINDOWS\\Downloaded Program Files\\gsda.dll
CODEBASE = http://launch.gamespyarcade.com/software/launch/alaunch.cab
[MessengerStatsClient Class]
InProcServer32 = C:\\WINDOWS\\Downloaded Program Files\\messengerstatsclient.dll
CODEBASE = http://messenger.zone.msn.com/binary/MessengerStatsClient.cab
[Update Class]
InProcServer32 = C:\\WINDOWS\\System32\\iuctl.dll
CODEBASE = http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37880.3568171296
[Shockwave Flash Object]
InProcServer32 = C:\\Windows\\System32\\macromed\\flash\\Flash.ocx
CODEBASE = http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
[KB836528 Object]
InProcServer32 = C:\\WINDOWS\\Downloaded Program Files\\DoomChk.dll
CODEBASE = http://microsoft.com/security/controls/DoomChk.CAB
————————————————–
Enumerating ShellServiceObjectDelayLoad items:
PostBootReminder: C:\\Windows\\system32\\SHELL32.dll
CDBurn: C:\\Windows\\system32\\SHELL32.dll
WebCheck: C:\\Windows\\System32\\webcheck.dll
SysTray: C:\\WINDOWS\\System32\\stobject.dll
————————————————–
End of report, 9.411 bytes
Report generated in 0,203 seconds
Command line options:
/verbose - to add additional info on each section
/complete - to include empty sections and unsuspicious data
/full - to include several rarely-important sections
/force9x - to include Win9x-only startups even if running on WinNT
/forcent - to include WinNT-only startups even if running on Win9x
/forceall - to include all Win9x and WinNT startups, regardless of platform
/history - to list version history only
Getur einhver sagt mér einhverja góða leið til að losna við þetta? (Helst án þess að formatta heila klabbið).
<br><br>—————————-
<b>BF1942</b>: <i>Poggi1</i