 |
| FRST |
HKLM\...\Run: [5kS43ADO0bzprWo] C:\Documents and Settings\thisisu\Application Data\soundblaster_fx648.exe [x]
HKU\thisisu\...\Run: [5kS43ADO0bzprWo] C:\Documents and Settings\thisisu\Application Data\soundblaster_fx648.exe [x]
HKU\thisisu\...\Policies\system: [DisableTaskMgr] 1
HKU\thisisu\...\Policies\system: [DisableRegistryTools] 1
HKU\thisisu\...\Winlogon: [Userinit] C:\Documents and Settings\thisisu\Application Data\soundblaster_fx648.exe,C:\WINDOWS\System32\userinit.exe, [26112 2008-04-14] (Microsoft Corporation)
HKU\thisisu\...\Winlogon: [Shell] C:\Documents and Settings\thisisu\Application Data\soundblaster_fx648.exe [x]
HKLM\...\Winlogon: [Userinit] C:\Documents and Settings\thisisu\Application Data\soundblaster_fx648.exe,C:\WINDOWS\System32\userinit.exe, [26112 2008-04-14] (Microsoft Corporation)
HKLM\...\Winlogon: [Shell] C:\Documents and Settings\thisisu\Application Data\soundblaster_fx648.exe [x ] ()
File to delete:
C:\Documents and Settings\thisisu\Application Data\soundblaster_fx648.exe
Registry entries to fix:
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer]
"NoDesktop"=dword:00000001 should be 0
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"5kS43ADO0bzprWo"="C:\\Documents and Settings\\thisisu\\Application Data\\soundblaster_fx648.exe"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"5kS43ADO0bzprWo"="C:\\Documents and Settings\\thisisu\\Application Data\\soundblaster_fx648.exe"
__________________________________________________________________________________
Thank you for the research :)
ReplyDeleteAnd thank you for yours :)
ReplyDelete