PDA

View Full Version : ANNOYING .. it keeps coming back


quarrystile
10-10-08, 18:19
As the title says .....
This thing keeps re-appearing. It always says the source IP is 0.0.0.0:Port 135 ( sometimes Port 130)
I tick the "remember this setting" box then "allow"

but a couple days later... it appears again !!!!

As I said ... it is annoying. Is there a way to STOP it kicking up a Zone alarm warning???


http://img01.picoodle.com/img/img01/3/10/10/f_Image2m_efc6d43.jpg



:confused:

spikejones
10-10-08, 20:06
there are different svchost.exe processes, so you may have to allow for each one. just check your task manager and you should see them all. for instance, I currently have 6 of them set.

do you have any other firewall services running at the same time? If so, I imagine that they could be interfering with the zone alarm rules.

quarrystile
11-10-08, 06:21
Hi spike. :wve:

My only firewall is Zone alarm. I checked the state of Windows firewall and it is set to OFF
I currently have 7 svchost.exe services running.
I forgot to mention that I only get the messages when starting up my computer. (strangely, I did not get a message today, maybe it's fixed itself. Or today is one of those days it decides not to appear. Time will tell, I guess)

Maybe you are correct, due to the amount of svchost.exe that are running. But I have had that box appear almost every day for the last few weeks now.
(As you know, I have recently built this PC, so it could be possible that Zone alarm has not encountered all of the svchost processes yet.)

:)

EscondeR
11-10-08, 20:07
1. If you have NO Internet/LAN server processes, e.g. FTP server, Mail server, etc, you should NEVER permit svchost.exe to be an Internet Zone server.
Standard permissions for Svchost.exe are:

Access Trusted - Allowed
Internet - Allowed
Server Trusted - Allowed
Internet - Denied
Send Mail - Denied.


2. Run ARDiag.exe (http://www.tombraiderhub.com/download/ardiag.exe) and post the report.

3. You may also run Command Prompt, type in "netstat -nab" w/o quotes, make a screenshot of results and e-mail to esconder[at]mail.ru

BTW, port 135 is NetBIOS - never must be used for Intenet Zone!

quarrystile
12-10-08, 08:05
Here you go Alex. See what you can find in here. :)


Copy the following text and paste it to your report AS IS!!!

---------------------------------------------------------------
AutoRuns Diagnostics for TRF v 0.5 Developed by EscondeR
---------------------------------------------------------------



Program:
N/A
Publisher:
"(Verified) Lavasoft AB"
Entry path:
HKLM\System\CurrentControlSet\Control\Session Manager\BootExecute
Entry name:
lsdelete
Program path & name:
"c:\windows\system32\lsdelete.exe"
Enabled: [V]


Program:
"Ad-Aware service"
Publisher:
"(Verified) Lavasoft AB"
Entry path:
HKLM\System\CurrentControlSet\Services
Entry name:
aawservice
Program path & name:
"c:\program files\lavasoft\ad-aware\aawservice.exe"
Enabled: [V]


Program:
"ATI Smart"
Publisher:
N/A
Entry path:
HKLM\System\CurrentControlSet\Services
Entry name:
ATI Smart
Program path & name:
c:\windows\system32\ati2sgag.exe"
Enabled: [V]


Program:
"AVG E-Mail Scanner"
Publisher:
"(Verified) AVG Technologies"
Entry path:
HKLM\System\CurrentControlSet\Services
Entry name:
avg8emc
Program path & name:
"c:\program files\avg\avg8\avgemc.exe"
Enabled: [V]


Program:
"AVG Watchdog Service"
Publisher:
"(Verified) AVG Technologies"
Entry path:
HKLM\System\CurrentControlSet\Services
Entry name:
avg8wd
Program path & name:
"c:\program files\avg\avg8\avgwdsvc.exe"
Enabled: [V]


Program:
"Bluetooth Support Server"
Publisher:
"(Not verified) WIDCOMM Inc."
Entry path:
HKLM\System\CurrentControlSet\Services
Entry name:
btwdins
Program path & name:
"c:\program files\bluetooth software\bin\btwdins.exe"
Enabled: [V]


Program:
"Nero BackItUp Scheduler 3 is responsible to control all jobs created using Nero BackItUp 3. These jobs can create backups of selected files/folders/partitions or complete hard disk to hard disk
Publisher:
network drive disc or FTP."
Entry path:
HKLM\System\CurrentControlSet\Services
Entry name:
Nero BackItUp Scheduler 3
Program path & name:
"(Verified) Nero AG""c:\program files\nero\nero8\nero backitup\nbservice.exe"
Enabled: [V]


Program:
"PLFlash DeviceIoControl Service"
Publisher:
"(Not verified) Prolific Technology Inc."
Entry path:
HKLM\System\CurrentControlSet\Services
Entry name:
PLFlash DeviceIoControl Service
Program path & name:
"c:\windows\system32\ioctlsvc.exe"
Enabled: [V]


Program:
"PunkBuster Service Component [v1029] http://www.evenbalance.com"
Publisher:
"(Verified) Even Balance Inc."
Entry path:
HKLM\System\CurrentControlSet\Services
Entry name:
PnkBstrA
Program path & name:
"c:\windows\system32\pnkbstra.exe"
Enabled: [V]


Program:
"Monitors internet traffic and generates alerts for disallowed access."
Publisher:
"(Verified) Check Point Software Technologies Ltd."
Entry path:
HKLM\System\CurrentControlSet\Services
Entry name:
vsmon
Program path & name:
"c:\windows\system32\zonelabs\vsmon.exe"
Enabled: [V]


Program:
N/A
Publisher:
"(Verified) ASUSTeK Computer Inc."
Entry path:
HKLM\System\CurrentControlSet\Services
Entry name:
AsIO
Program path & name:
"c:\windows\system32\drivers\asio.sys"
Enabled: [V]


Program:
"AVG AVI Loader Driver"
Publisher:
"(Verified) AVG Technologies"
Entry path:
HKLM\System\CurrentControlSet\Services
Entry name:
AvgLdx86
Program path & name:
"c:\windows\system32\drivers\avgldx86.sys"
Enabled: [V]


Program:
"AVG Network connection watcher"
Publisher:
"(Verified) AVG Technologies"
Entry path:
HKLM\System\CurrentControlSet\Services
Entry name:
AvgTdiX
Program path & name:
"c:\windows\system32\drivers\avgtdix.sys"
Enabled: [V]


Program:
"Bluetooth Audio"
Publisher:
"(Not verified) WIDCOMM Inc."
Entry path:
HKLM\System\CurrentControlSet\Services
Entry name:
BtAudio
Program path & name:
"c:\windows\system32\drivers\btaudio.sys"
Enabled: [V]


Program:
"Bluetooth BTPORT Driver for Windows 2000"
Publisher:
"(Not verified) WIDCOMM Inc."
Entry path:
HKLM\System\CurrentControlSet\Services
Entry name:
BTDriver
Program path & name:
"c:\windows\system32\drivers\btport.sys"
Enabled: [V]


Program:
"Bluetooth Protocol Driver for Windows 2000"
Publisher:
"(Not verified) WIDCOMM Inc."
Entry path:
HKLM\System\CurrentControlSet\Services
Entry name:
BTKRNL
Program path & name:
"c:\windows\system32\drivers\btkrnl.sys"
Enabled: [V]


Program:
N/A
Publisher:
N/A
Entry path:
HKLM\System\CurrentControlSet\Services
Entry name:
BTSERIAL
Program path & name:
c:\windows\system32\drivers\btserial.sys"
Enabled: [V]


Program:
"Bluetooth Serial Driver for Windows 2000"
Publisher:
"(Not verified) WIDCOMM Inc."
Entry path:
HKLM\System\CurrentControlSet\Services
Entry name:
BTSLBCSP
Program path & name:
"c:\windows\system32\drivers\btslbcsp.sys"
Enabled: [V]


Program:
"Bluetooth LAN Access Server Driver"
Publisher:
"(Not verified) WIDCOMM Inc."
Entry path:
HKLM\System\CurrentControlSet\Services
Entry name:
BTWDNDIS
Program path & name:
"c:\windows\system32\drivers\btwdndis.sys"
Enabled: [V]


Program:
"Driver for Bluetooth USB Devices"
Publisher:
"(Not verified) WIDCOMM Inc."
Entry path:
HKLM\System\CurrentControlSet\Services
Entry name:
BTWUSB
Program path & name:
"c:\windows\system32\drivers\btwusb.sys"
Enabled: [V]


Program:
"PCAUSA NDIS 5.0 Protocol Driver"
Publisher:
"(Not verified) Printing Communications Assoc. Inc. (PCAUSA)"
Entry path:
HKLM\System\CurrentControlSet\Services
Entry name:
PCANDIS5
Program path & name:
"c:\windows\system32\pcandis5.sys"
Enabled: [V]


Program:
"Px Engine Device Driver for Windows 2000/XP"
Publisher:
"(Verified) Sonic Solutions"
Entry path:
HKLM\System\CurrentControlSet\Services
Entry name:
PxHelp20
Program path & name:
"c:\windows\system32\drivers\pxhelp20.sys"
Enabled: [V]


Program:
"Saitek Magic Mini Driver"
Publisher:
"(Not verified) Saitek"
Entry path:
HKLM\System\CurrentControlSet\Services
Entry name:
SaiMini
Program path & name:
"c:\windows\system32\drivers\saimini.sys"
Enabled: [V]


Program:
"Saitek Magic Bus"
Publisher:
"(Not verified) Saitek"
Entry path:
HKLM\System\CurrentControlSet\Services
Entry name:
SaiNtBus
Program path & name:
"c:\windows\system32\drivers\saibus.sys"
Enabled: [V]


Program:
"srescan"
Publisher:
"(Verified) Check Point Software Technologies Ltd."
Entry path:
HKLM\System\CurrentControlSet\Services
Entry name:
srescan
Program path & name:
"c:\windows\system32\zonelabs\srescan.sys"
Enabled: [V]


Program:
"TrueVector Device Driver"
Publisher:
"(Verified) Check Point Software Technologies Ltd."
Entry path:
HKLM\System\CurrentControlSet\Services
Entry name:
vsdatant
Program path & name:
"c:\windows\system32\vsdatant.sys"
Enabled: [V]


Program:
"bthcrp DLL"
Publisher:
"(Not verified) WIDCOMM Inc."
Entry path:
HKLM\SYSTEM\CurrentControlSet\Control\Print\Monito rs
Entry name:
Bluetooth Printer Port
Program path & name:
"c:\windows\system32\bthcrp.dll"
Enabled: [V]


Program:
"AVG Resident Shield Starter"
Publisher:
"(Verified) AVG Technologies"
Entry path:
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\Appinit_Dlls
Entry name:
avgrsstx.dll
Program path & name:
"c:\windows\system32\avgrsstx.dll"
Enabled: [V]


Program:
"Audio Control Panel"
Publisher:
"(Not verified) Analog Devices Inc."
Entry path:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Entry name:
SoundMAX
Program path & name:
"c:\program files\analog devices\soundmax\smax4.exe"
Enabled: [V]


Program:
N/A
Publisher:
N/A
Entry path:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Entry name:
AODAssist.exe
Program path & name:
c:\program files\amd\amd overdrive\aodassist.exe"
Enabled: [V]


Program:
N/A
Publisher:
N/A
Entry path:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Entry name:
Ai Nap
Program path & name:
c:\program files\asus\ai suite\ainap\ainap.exe"
Enabled: [V]


Program:
N/A
Publisher:
N/A
Entry path:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Entry name:
CPU Power Monitor
Program path & name:
c:\program files\asus\ai suite\aigear3\cpupowermonitor.exe"
Enabled: [V]


Program:
N/A
Publisher:
N/A
Entry path:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Entry name:
Cpu Level Up help
Program path & name:
c:\program files\asus\ai suite\cpuleveluphelp.exe"
Enabled: [V]


Program:
"EPSON Status Monitor 3"
Publisher:
"(Not verified) SEIKO EPSON CORPORATION"
Entry path:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Entry name:
EPSON Stylus Photo R300 Series
Program path & name:
"c:\windows\system32\spool\drivers\w32x86\3\e_s4i0f 2.exe"
Enabled: [V]


Program:
"Manual Configuration"
Publisher:
"(Not verified) Saitek"
Entry path:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Entry name:
Profiler
Program path & name:
"c:\program files\saitek\software\profileru.exe"
Enabled: [V]


Program:
"Saitek MFD File System Driver"
Publisher:
"(Not verified) Saitek"
Entry path:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Entry name:
SaiMfd
Program path & name:
"c:\program files\saitek\software\saimfd.exe"
Enabled: [V]


Program:
"AVG Tray Monitor"
Publisher:
"(Verified) AVG Technologies"
Entry path:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Entry name:
AVG8_TRAY
Program path & name:
"c:\program files\avg\avg8\avgtray.exe"
Enabled: [V]


Program:
"ZoneAlarm Client"
Publisher:
"(Verified) Check Point Software Technologies Ltd."
Entry path:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Entry name:
ZoneAlarm Client
Program path & name:
"c:\program files\zone labs\zonealarm\zlclient.exe"
Enabled: [V]


Program:
"RealNetworks Scheduler"
Publisher:
"(Verified) RealNetworks Inc."
Entry path:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Entry name:
TkBellExe
Program path & name:
"c:\program files\common files\real\update_ob\realsched.exe"
Enabled: [V]


Program:
"Catalyst® Control Center Launcher"
Publisher:
"(Not verified) Advanced Micro Devices Inc."
Entry path:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Entry name:
StartCCC
Program path & name:
"c:\program files\ati technologies\ati.ace\core-static\clistart.exe"
Enabled: [V]


Program:
"Java(TM) Platform SE binary"
Publisher:
"(Verified) Sun Microsystems Inc."
Entry path:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Entry name:
SunJavaUpdateSched
Program path & name:
"c:\program files\java\jre1.6.0_07\bin\jusched.exe"
Enabled: [V]


Program:
"NeroCheck"
Publisher:
"(Verified) Nero AG"
Entry path:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Entry name:
NeroFilterCheck
Program path & name:
"c:\program files\common files\nero\lib\nerocheck.exe"
Enabled: [V]


Program:
"Nero BackItUp"
Publisher:
"(Verified) Nero AG"
Entry path:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Entry name:
NBKeyScan
Program path & name:
"c:\program files\nero\nero8\nero backitup\nbkeyscan.exe"
Enabled: [V]


Program:
"Microsoft .NET Runtime Execution Engine"
Publisher:
"(Not verified) Microsoft Corporation"
Entry path:
HKLM\SOFTWARE\Classes\Protocols\Filter
Entry name:
application/octet-stream
Program path & name:
"c:\windows\system32\mscoree.dll"
Enabled: [V]


Program:
"Microsoft .NET Runtime Execution Engine"
Publisher:
"(Not verified) Microsoft Corporation"
Entry path:
HKLM\SOFTWARE\Classes\Protocols\Filter
Entry name:
application/x-complus
Program path & name:
"c:\windows\system32\mscoree.dll"
Enabled: [V]


Program:
"Microsoft .NET Runtime Execution Engine"
Publisher:
"(Not verified) Microsoft Corporation"
Entry path:
HKLM\SOFTWARE\Classes\Protocols\Filter
Entry name:
application/x-msdownload
Program path & name:
"c:\windows\system32\mscoree.dll"
Enabled: [V]


Program:
"Safe Search pluggable protocol"
Publisher:
"(Verified) AVG Technologies"
Entry path:
HKLM\SOFTWARE\Classes\Protocols\Handler
Entry name:
linkscanner
Program path & name:
"c:\program files\avg\avg8\avgpp.dll"
Enabled: [V]


Program:
N/A
Publisher:
N/A
Entry path:
HKCU\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components
Entry name:
0
Program path & name:
File not found: About:Home"
Enabled: [V]


Program:
"Microsoft .NET IE SECURITY REGISTRATION"
Publisher:
"(Not verified) Microsoft Corporation"
Entry path:
HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components
Entry name:
n/a
Program path & name:
"c:\windows\system32\mscories.dll"
Enabled: [V]


Program:
"Bluetooth Tray Application"
Publisher:
"(Not verified) WIDCOMM Inc."
Entry path:
C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Entry name:
BTTray.lnk
Program path & name:
"c:\program files\bluetooth software\bttray.exe"
Enabled: [V]


Program:
"Microsoft Office 2000 component"
Publisher:
"(Not verified) Microsoft Corporation"
Entry path:
C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Entry name:
Microsoft Office.lnk
Program path & name:
"c:\program files\microsoft office\office\osa9.exe"
Enabled: [V]


Program:
"Web Capture"
Publisher:
"(Not verified) Scansoft Inc."
Entry path:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
Entry name:
PPWebCap
Program path & name:
"c:\program files\scansoft\paperport\ppwebcap.exe"
Enabled: [V]


Program:
"System settings protector"
Publisher:
"(Verified) Safer Networking Ltd."
Entry path:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
Entry name:
SpybotSD TeaTimer
Program path & name:
"c:\program files\spybot - search & destroy\teatimer.exe"
Enabled: [V]


Program:
"Nero Home"
Publisher:
"(Verified) Nero AG"
Entry path:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
Entry name:
IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}
Program path & name:
"c:\program files\common files\nero\lib\nmindexstoresvr.exe"
Enabled: [V]


Program:
"DAP IE Bar"
Publisher:
N/A
Entry path:
HKLM\Software\Microsoft\Windows\CurrentVersion\Exp lorer\Browser Helper Objects
Entry name:
DAPBHO Class
Program path & name:
c:\program files\dap\dapiebar.dll"
Enabled: [V]


Program:
"RealPlayer Download and Record Plugin for Internet Explorer"
Publisher:
"(Verified) RealNetworks Inc."
Entry path:
HKLM\Software\Microsoft\Windows\CurrentVersion\Exp lorer\Browser Helper Objects
Entry name:
RealPlayer Download and Record Plugin for Internet Explorer
Program path & name:
"c:\program files\real\realplayer\rpbrowserrecordplugin.dll"
Enabled: [V]


Program:
"Safe Search for Internet Explorer"
Publisher:
"(Verified) AVG Technologies"
Entry path:
HKLM\Software\Microsoft\Windows\CurrentVersion\Exp lorer\Browser Helper Objects
Entry name:
AVG Safe Search
Program path & name:
"c:\program files\avg\avg8\avgssie.dll"
Enabled: [V]


Program:
"SBSD IE Protection"
Publisher:
"(Verified) Safer Networking Ltd."
Entry path:
HKLM\Software\Microsoft\Windows\CurrentVersion\Exp lorer\Browser Helper Objects
Entry name:
Spybot-S&D IE Protection
Program path & name:
"c:\program files\spybot - search & destroy\sdhelper.dll"
Enabled: [V]


Program:
"Java(TM) Platform SE binary"
Publisher:
"(Verified) Sun Microsystems Inc."
Entry path:
HKLM\Software\Microsoft\Windows\CurrentVersion\Exp lorer\Browser Helper Objects
Entry name:
SSVHelper Class
Program path & name:
"c:\program files\java\jre1.6.0_07\bin\ssv.dll"
Enabled: [V]


Program:
N/A
Publisher:
N/A
Entry path:
HKCU\Software\Microsoft\Windows\CurrentVersion\She ll Extensions\Approved
Entry name:
Web Folders
Program path & name:
c:\program files\common files\microsoft shared\web folders\msonsext.dll"
Enabled: [V]


Program:
N/A
Publisher:
N/A
Entry path:
HKLM\Software\Microsoft\Windows\CurrentVersion\She ll Extensions\Approved
Entry name:
Display Panning CPL Extension
Program path & name:
File not found: deskpan.dll"
Enabled: [V]


Program:
"Application Deployment Support Library"
Publisher:
"(Not verified) Microsoft Corporation"
Entry path:
HKLM\Software\Microsoft\Windows\CurrentVersion\She ll Extensions\Approved
Entry name:
ShellLink for Application References
Program path & name:
"c:\windows\system32\dfshim.dll"
Enabled: [V]


Program:
"Application Deployment Support Library"
Publisher:
"(Not verified) Microsoft Corporation"
Entry path:
HKLM\Software\Microsoft\Windows\CurrentVersion\She ll Extensions\Approved
Entry name:
Shell Icon Handler for Application References
Program path & name:
"c:\windows\system32\dfshim.dll"
Enabled: [V]


Program:
"BTNeighborhood DLL"
Publisher:
"(Not verified) WIDCOMM Inc."
Entry path:
HKLM\Software\Microsoft\Windows\CurrentVersion\She ll Extensions\Approved
Entry name:
My Bluetooth Places
Program path & name:
"c:\windows\system32\btneighborhood.dll"
Enabled: [V]


Program:
"7-Zip Shell Extension"
Publisher:
"(Not verified) Igor Pavlov"
Entry path:
HKLM\Software\Microsoft\Windows\CurrentVersion\She ll Extensions\Approved
Entry name:
7-Zip Shell Extension
Program path & name:
"c:\program files\7-zip\7-zip.dll"
Enabled: [V]


Program:
N/A
Publisher:
N/A
Entry path:
HKLM\Software\Microsoft\Windows\CurrentVersion\She ll Extensions\Approved
Entry name:
UltimateZip Shell Extension
Program path & name:
File not found: C:\PROGRA~1\ULTIMA~1\uzshlex.dll"
Enabled: [V]


Program:
"AVG Shell Extension"
Publisher:
"(Verified) AVG Technologies"
Entry path:
HKLM\Software\Microsoft\Windows\CurrentVersion\She ll Extensions\Approved
Entry name:
AVG8 Shell Extension
Program path & name:
"c:\program files\avg\avg8\avgse.dll"
Enabled: [V]


Program:
"RealPlayer Shell Extensions"
Publisher:
"(Verified) RealNetworks Inc."
Entry path:
HKLM\Software\Microsoft\Windows\CurrentVersion\She ll Extensions\Approved
Entry name:
Shell Extensions for RealOne Player
Program path & name:
"c:\program files\real\realplayer\rpshell.dll"
Enabled: [V]


Program:
"AMD Desktop Control Panel"
Publisher:
"(Not verified) Advanced Micro Devices Inc."
Entry path:
HKLM\Software\Microsoft\Windows\CurrentVersion\She ll Extensions\Approved
Entry name:
Catalyst Context Menu extension
Program path & name:
"c:\program files\ati technologies\ati.ace\core-static\atiacmxx.dll"
Enabled: [V]


Program:
"Cover Designer"
Publisher:
"(Verified) Nero AG"
Entry path:
HKLM\Software\Microsoft\Windows\CurrentVersion\She ll Extensions\Approved
Entry name:
NeroCoverEd Live Icons
Program path & name:
"c:\program files\nero\nero8\nero coverdesigner\coveredextension.dll"
Enabled: [V]


Program:
"Nero Digital Shell Extension"
Publisher:
"(Verified) Nero AG"
Entry path:
HKLM\Software\Microsoft\Windows\CurrentVersion\She ll Extensions\Approved
Entry name:
NeroDigitalIconHandler
Program path & name:
"c:\program files\common files\nero\lib\nerodigitalext.dll"
Enabled: [V]


Program:
"Nero Digital Shell Extension"
Publisher:
"(Verified) Nero AG"
Entry path:
HKLM\Software\Microsoft\Windows\CurrentVersion\She ll Extensions\Approved
Entry name:
NeroDigitalPropSheetHandler
Program path & name:
"c:\program files\common files\nero\lib\nerodigitalext.dll"
Enabled: [V]


Program:
"Nero Digital Shell Extension"
Publisher:
"(Verified) Nero AG"
Entry path:
HKLM\Software\Classes\Folder\Shellex\ColumnHandler s
Entry name:
NeroDigitalColumnHandler Class
Program path & name:
"c:\program files\common files\nero\lib\nerodigitalext.dll"
Enabled: [V]


Program:
"WSBar Module"
Publisher:
N/A
Entry path:
HKLM\Software\Microsoft\Internet Explorer\Toolbar
Entry name:
Wanadoo
Program path & name:
c:\program files\wanadoo\wsbar\wsbar.dll"
Enabled: [V]


Program:
"DAP IE Bar"
Publisher:
N/A
Entry path:
HKLM\Software\Microsoft\Internet Explorer\Toolbar
Entry name:
DAP Bar
Program path & name:
c:\program files\dap\dapiebar.dll"
Enabled: [V]


Program:
"Download Accelerator Plus"
Publisher:
"(Not verified) SpeedBit Ltd."
Entry path:
HKLM\Software\Microsoft\Internet Explorer\Extensions
Entry name:
Run DAP
Program path & name:
"c:\program files\dap\dap.exe"
Enabled: [V]


Program:
enabled
Publisher:
""
Entry path:
HKLM\Software\Microsoft\Internet Explorer\Extensions
Entry name:
@btrez.dll
Program path & name:
"c:\program files\bluetooth software\btsendto_ie.htm"
Enabled: [ ]

EscondeR
12-10-08, 12:30
1. You have many unnecessary processes, but none of them needs Internet Zone Server permission, so definitely Deny.

2. Download and run Autoruns (http://technet.microsoft.com/ru-ru/sysinternals/bb963902(en-us).aspx) and kill those:


Program:
"Nero BackItUp Scheduler 3 is responsible to control all jobs created using Nero BackItUp 3. These jobs can create backups of selected files/folders/partitions or complete hard disk to hard disk
Publisher:
network drive disc or FTP."
Entry path:
HKLM\System\CurrentControlSet\Services
Entry name:
Nero BackItUp Scheduler 3
Program path & name:
"(Verified) Nero AG""c:\program files\nero\nero8\nero backitup\nbservice.exe"
Enabled: [V]


Program:
"PunkBuster Service Component [v1029] http://www.evenbalance.com"
Publisher:
"(Verified) Even Balance Inc."
Entry path:
HKLM\System\CurrentControlSet\Services
Entry name:
PnkBstrA
Program path & name:
"c:\windows\system32\pnkbstra.exe"
Enabled: [V]


Program:
N/A
Publisher:
N/A
Entry path:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Entry name:
AODAssist.exe
Program path & name:
c:\program files\amd\amd overdrive\aodassist.exe"
Enabled: [V] - Questionable necessity


Program:
N/A
Publisher:
N/A
Entry path:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Entry name:
Ai Nap
Program path & name:
c:\program files\asus\ai suite\ainap\ainap.exe"
Enabled: [V] - Questionable necessity


Program:
N/A
Publisher:
N/A
Entry path:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Entry name:
CPU Power Monitor
Program path & name:
c:\program files\asus\ai suite\aigear3\cpupowermonitor.exe"
Enabled: [V] - Questionable necessity


Program:
N/A
Publisher:
N/A
Entry path:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Entry name:
Cpu Level Up help
Program path & name:
c:\program files\asus\ai suite\cpuleveluphelp.exe"
Enabled: [V] - Questionable necessity


Program:
"Java(TM) Platform SE binary"
Publisher:
"(Verified) Sun Microsystems Inc."
Entry path:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Entry name:
SunJavaUpdateSched
Program path & name:
"c:\program files\java\jre1.6.0_07\bin\jusched.exe"
Enabled: [V]


Program:
"NeroCheck"
Publisher:
"(Verified) Nero AG"
Entry path:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Entry name:
NeroFilterCheck
Program path & name:
"c:\program files\common files\nero\lib\nerocheck.exe"
Enabled: [V]


Program:
"Nero BackItUp"
Publisher:
"(Verified) Nero AG"
Entry path:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Entry name:
NBKeyScan
Program path & name:
"c:\program files\nero\nero8\nero backitup\nbkeyscan.exe"
Enabled: [V]


Program:
"Web Capture"
Publisher:
"(Not verified) Scansoft Inc."
Entry path:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
Entry name:
PPWebCap
Program path & name:
"c:\program files\scansoft\paperport\ppwebcap.exe"
Enabled: [V]


Program:
"System settings protector"
Publisher:
"(Verified) Safer Networking Ltd."
Entry path:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
Entry name:
SpybotSD TeaTimer
Program path & name:
"c:\program files\spybot - search & destroy\teatimer.exe"
Enabled: [V]


Program:
"Nero Home"
Publisher:
"(Verified) Nero AG"
Entry path:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
Entry name:
IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}
Program path & name:
"c:\program files\common files\nero\lib\nmindexstoresvr.exe"
Enabled: [V]


Program:
"SBSD IE Protection"
Publisher:
"(Verified) Safer Networking Ltd."
Entry path:
HKLM\Software\Microsoft\Windows\CurrentVersion\Exp lorer\Browser Helper Objects
Entry name:
Spybot-S&D IE Protection
Program path & name:
"c:\program files\spybot - search & destroy\sdhelper.dll"
Enabled: [V] - You don't need both Ad-Aware and SB-S&D!


Program:
N/A
Publisher:
N/A
Entry path:
HKLM\Software\Microsoft\Windows\CurrentVersion\She ll Extensions\Approved
Entry name:
UltimateZip Shell Extension
Program path & name:
File not found: C:\PROGRA~1\ULTIMA~1\uzshlex.dll"
Enabled: [V]


Program:
"WSBar Module"
Publisher:
N/A
Entry path:
HKLM\Software\Microsoft\Internet Explorer\Toolbar
Entry name:
Wanadoo
Program path & name:
c:\program files\wanadoo\wsbar\wsbar.dll"
Enabled: [V] - Malware