Pengurusan Windows 2000 Server Makmal Sekolah

Sabar · January 11, 2006

Askm kawan-Kawan. Saya nak tanya pasal pengendalian windows 2000 server kat makmal sekolah tu. Maksud saya apakah yang perlu saya lakukan berkenaan dengan penjagaan windows, sekuritinya macam mana pulak, Kalau saya buat laman web tu dan letak kat server tu, saya kena on 24 jam ke server tu.

Lagi masalahnya pelajar-pelajar ni asyik ubahsuai windows banyak jugak yang rosak....pening kepala jugak kalau rosak melibatkan dengan servernya sekali.

Sekian.

Amer · January 11, 2006

cadangan saya:

Kena pasang (utama):

1. Firewall

2. antivirus

3. antispyware

Ttg pelajar yg suka tukar setting tu, mungkin anda boleh enablekan guest account dan bair pelajar guna akaun tu..Baru la diorang tak boleh sesuka hati nak tukar setting.

Harap membantu.

isfann · January 11, 2006

biar jer lor bebudak tuh nak tukar seting ke apa ke.. tu namanya belajar jugak... kita dulu belajar camtuh jugak..

lagipun bukan rosak pun komputer tuh bila bebudak tukar seting ke apa ke... just part of learning process....

BraDeRz · January 11, 2006

kalu pasal ubah setting leh pakai system restore or norton go back kan?

Amer · January 11, 2006

hehe..Mencegah baik dr me repair..Block terus la kalau student nak tukar setting..

C-Fu · January 11, 2006

biar jer lor bebudak tuh nak tukar seting ke apa ke.. tu namanya belajar jugak... kita dulu belajar camtuh jugak..
lagipun bukan rosak pun komputer tuh bila bebudak tukar seting ke apa ke... just part of learning process....
←

system admin bangang camni yang buatkan banyak windows pc kene virus la spyware la.

student datang ke lab untuk BELAJAR komputer. bukan belajar rosakkan komputer. nak rosakkan pc, gune pc rumah la. ko pegi cc yang elok pon jangan harap senang2 nak boleh install tu install ni. unless penjage pc tu name die isfann la.

ahmades · January 11, 2006

Saya cadangkan memasang :-

1::Norton AntiVirus Cooperate Edition = Untuk memantau virus yang berada didalam rangkaian

2::ZoneAlarm Pro Firewall

3::Diskeeper 10 Professional

4::Sistem Mechanic Pro 6.0 (Tanpa AntiVirus dan Firewall)

Harap membantu.

xdenama · January 12, 2006

aku pun kat sekolah gak, kau jangan le bagi budak-budak tu akses ke server sesuka hati, kau tinggal kat area mana, kalau kat hujung-hujung tu, rasanya kau lebih terror dari dia orang,

pasal nak ubah-ubah gambar kat desktop tu biasa le, so kau kenala pasang norton go back untuk mengatasi masalah tu...

apa yang kau perlu risau lagi, apa website yang dilawati oleh bebudak tu, pasang le firewall sikit...

blok le mana yang boleh.

p/s. minta le 2003 server, cantik skit interfacenya..

polyfuze_4336 · January 12, 2006

mmm kalau ko dah pakai win200 tue..ko enforce la domain nye policy..jadikan setiap user kena pakai mandatory nyer user profile..yg ko dah define..so setiap kali komp yg dah diubah2 tu restart...all the settings will revert back to normal...

Sabar · January 13, 2006

Terima kasih kepada semua kawan2 yang beri good idea tu. Saya berminat nak buat seperti mana yang diperkatakan oleh saudara Polyfuze 0411. saudara polyfuze, boleh tak tunjukkan cara nak buat balik ke setting asal bila restart semula komputer tu. Emel saya ialah [email protected] atau [email protected]. Tq

polyfuze_4336 · January 14, 2006

Microsoft KB

bole refer sini..pastu kalau tak paham..post question kat forum nie..hope that helps ...gud luck ngan bebdk tue

C-Fu · January 14, 2006

buat step2 ni kat SEMUA PC.

1. buang SEMUA shortcut2 internet explorer yang ade kat desktop DAN start menu. pastu tukar dengan browser lain macam firefox http://www.getfirefox.com

first download spybot. http://www.safer-networking.org/en/mirrors/index.html

download, UPDATE.

lepas dah update semua, bukak balik spybot. pegi menu mode>advanced mode. kat menu kiri, pegi tools. checkkan semua, so semua setting boleh kite set.

then kat menu kiri, pegi spybot>immunize. klik immunize, dan klik enable permanent blocking of bad addresses... dan block all pages silently.

pastu gi Tools>Hosts file. add spybot hosts file.

pastu scan. fix, pastu restart. pastu scan balik, takut2 ade problem balik. kalau problem tu asyik kluar balik, sila pos log hijackthis.

kalau tak paham step2 kat atas, boleh tengok flash tutorial untuk step2 dia gak.

===================================

pegi download CWSHREDDER.

http://www.trendmicro.com/ftp/products/onl.../cwshredder.exe

Download, start, Scan, pastu fix.

FREE

=================================

kalo nak software buang file2 yang takde gune kat pc, macam temporary file, gune ccleaner.

http://www.ccleaner.com/ccdownload.asp

download, install, dan bukak ccleaner. analyze, pastu run cleaner. restart pc.

FREE

=================================

pegi download hijackthis.

http://216.180.233.162/~merijn/files/HijackThis.exe

create new folder bernama hijackthis dan download ke folder tuh, kat desktop ke.

software ni bergune untuk pakar pc check virus ke, spyware ke dalam pc ko. cara dia?

lepas download, ko run program tu. pastu scan dan save log. pastu bukak log gune notepad kalo log tu tak di-auto-bukak lepas ko save. copy dan paste SEMUA isi kandungan log tu ke sini.

==============

then kene set antivirus supaya dia update HARI HARI. ako gune antivirus AVG, yang ni free. takyah bayar nye.

http://free.grisoft.com/doc/Get+AVG+FREE/lng/us/tpl/v5

FREE

==================

tutup SEMUA window, dan IE. bukak SATU SAHAJA Internet Explorer. Pastu pegi Tools>Windows Update. Kalau tak pernah buat windows update, nanti die akan suruh install something dari Microsoft. pilih Yes, dan mungkin kene restart pastu. Kalau kene restart, just ulang. Nanti akan keluar 2 option - pilih Custom Install. Pastu jangan pilih Service Pack 2, pilih Review Other Updates. Pastu pilih je semua kalau nak senang, dan install. Kalau ada ape2 kotak keluar pilih yes. Restart. Pastu ulang balik kalo nak install Service Pack 2.

=====================

kalo nak firewall, ako suggest kerio. oran lain suggest zonealarm, tapi kerio gune sikit je RAM. ako personally tak gune pasal modem ako ade firewall. tapi kalo nak gak, download la. http://www.kerio.com/kpf_download.html

Ako suggest untuk guna versi lama, versi 2.15. yang versi baru2 nye dah bloat sangat- banyak sangat features yang tak penting. 2.15 kecik, tak makan RAM sangat, dan cukup powerful.

http://www.kerio.com/dwn/kpf2-en-win.exe

FREE

polyfuze_4336 · January 14, 2006

takpun nak senang ko create satu user baru dlm win2000 tue..pastu bile ko dah abih setting sume ko pi copy user profile yg ko baru create tu pastu ko paste kat user profile for all user contohnyer dlm folder nie :\Documents and Settings\All Users

scorps · January 15, 2006

Logfile of HijackThis v1.99.1

Scan saved at 10:00:33 AM, on 1/15/2006

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\r_server.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\wscntfy.exe

C:\Program Files\LimeWire\LimeWire.exe

C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE

E:\scorps\software\scorps\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.nokia.com/

O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll

O2 - BHO: TGTSoft Explorer Toolbar Changer - {C333CF63-767F-4831-94AC-E683D962C63C} - C:\Program Files\TGTSoft\StyleXP\TGT_BHO.dll

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O4 - HKLM\..\RunServices: [p2pnetworking] p2pnetworking.exe

O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe

O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm

O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm

O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm

O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1137021528591

O17 - HKLM\System\CCS\Services\Tcpip\..\{0C912BC6-3DC2-4C93-A14E-26DB4F36BAC7}: NameServer = 202.188.0.133,202.188.0.132

O17 - HKLM\System\CCS\Services\Tcpip\..\{495A9E42-525B-4D26-9E54-F8D471FA4A14}: NameServer = 202.188.0.133,202.188.0.132

O17 - HKLM\System\CCS\Services\Tcpip\..\{5A0BD195-EDDD-4627-BE17-F5526447BB9D}: NameServer = 202.188.0.133,202.188.0.132

O17 - HKLM\System\CCS\Services\Tcpip\..\{84012B67-CBC9-4064-9AB8-A44A73F0BDF6}: NameServer = 202.188.0.133,202.188.0.132

O23 - Service: Remote Administrator Service (r_server) - Unknown owner - C:\WINDOWS\system32\r_server.exe" /service (file missing)

O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe

======================================

c-fu dan sesape sajer,

korang boleh tolong check yg aku punya tak??

ok kan????

polyfuze_4336 · January 15, 2006

Bad - Remove almost always

OK Most of the time - don't need to touch

Probably not needed - Safe to remove

Generally harmless - third party applications

Bad if you don't know what it is

Unknown Item - Investigate further

--------------------------------------------------------------------------------

You can reference this log by going to: http://hjt.iamnotageek.com/parse.php?log=160486

--------------------------------------------------------------------------------

Logfile of HijackThis v1.99.1Up To Date Version of HijackThis

You are using the latest version of HijackThis. Check www.merijn.org frequently for updates.

Scan saved at 10:00:33 AM, on 1/15/2006

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:

C:\WINDOWS\System32\smss.exeSmss.exe

What is it?

Session Manager SubSystem - smss.exe

What does it do?

smss.exe - This is the session manager subsystem, which is responsible for starting the user session. This process is initiated by the system thread and is responsible for various activities, including launching the Winlogon and Win32 (Csrss.exe) processes and setting system variables. After it has launched these processes, it waits for either Winlogon or Csrss to end. If this happens "normally," the system shuts down; if it happens unexpectedly, Smss.exe causes the system to stop responding (hang).

Additional Reading:

Smss.exe does not resolve forward references in environment

You will not be able to end this through task manager!

More info

--------------------------------------------------------------------------------

Virus Precaution:

The smss.exe which is from Microsoft is located at c:windowsSystem32smss.exe . We've been able to find several viruses that run as smss to trick you.

Adware.Advision - Symantec Corporation

Adware.DreamAd - Symantec Corporation

Backdoor.IRC.Aladinz.O - Symantec Corporation

Backdoor.IRC.Flood.F - Symantec Corporation

W32.Dalbug.Worm - Symantec Corporation

W32.Resdoc - Symantec Corporation

C:\WINDOWS\system32\winlogon.exeWinlogon.exe

What is it?

Windows Logon Process - Winlogon.exe

What does it do?

Direct Quote from here:

This is the process responsible for managing user logon and logoff. Moreover, Winlogon is active only when the user presses CTRL+ALT+DEL, at which point it shows the security dialog box.

Search MS for more info: Link

Virus Precaution:

The original Winlogon.exe from Microsoft gets placed in the C:WINDOWSSystem32 directory. if you find it anywhere else then you should be suspicious for sure.

You'll want to keep an eye on this google search for any known viruses. We've been able to find only 1 report of a virus so far.

Troj/Madr-B @ Sophos

Netsky.D @ Trend Micro

C:\WINDOWS\system32\services.exeservices.exe

services.exe is a part of Windows that manages the processes. Anytime a service starts or stops it is through services.exe. During system startup and shutdown is when this process sees most of its action. You should never end this process unless it is running outside of your windows system folder.

C:\WINDOWS\system32\lsass.exelsass.exe

What is it?

Local Security Authentication Server - lsass.exe

What does it do?

lsass.exe - It generates the process responsible for authenticating users for the Winlogon service. This process is performed by using authentication packages such as the default Msgina.dll. If authentication is successful, Lsass generates the user's access token, which is used to launch the initial shell. Other processes that the user initiates inherit this token.

You will not be able to end this through task manager!

From MS

--------------------------------------------------------------------------------

The lsass.exe which is from Microsoft is located at c:windowsSystem32lsass.exe . there's a few viruses that have been found to run as lsass.exe to hide from you.

C:\WINDOWS\system32\svchost.exeSvchost.exe

What is it?

Service Host Process - svchost.exe

What does it do?

Here's a direct quote from MS about this: (source)

Svchost.exe is a generic host process name for services that are run from dynamic-link libraries (DLLs). The Svchost.exe file is located in the %SystemRoot%System32 folder. At startup, Svchost.exe checks the services portion of the registry to construct a list of services that it needs to load. There can be multiple instances of Svchost.exe running at the same time. Each Svchost.exe session can contain a grouping of services, so that separate services can be run depending on how and where Svchost.exe is started. This allows for better control and debugging.

Svchost.exe groups are identified in the following registry key:

HKEY_LOCAL_MACHINESoftwareMicrosoftWindows NTCurrentVersionSvchost

Each value under this key represents a separate Svchost group and is displayed as a separate instance when you are viewing active processes. Each value is a REG_MULTI_SZ value and contains the services that run under that Svchost group. Each Svchost group can contain one or more service_names extracted from the following registry key, whose Parameters key contains a ServiceDLL value:

HKEY_LOCAL_MACHINESystemCurrentControlSetServicesService

If you're running Windows XP Home edition then you'll have to download this file HERE and put it in your windows/system32 directory. If you're running XP Pro then you won't need that file since you already have it.

1.) Start --> Run --> cmd

2.) Tasklist /svc >C:ianaginfo.txt

Here's an example of what I got when I issued this command if you'd like to take a look at an example.

A Description of Svchost.exe in Windows XP:

http://support.microsoft.com/?kbid=314056

More Info

Virus Precaution:

The original file from Microsoft gets placed in the Located in C:WINDOWSSystem32 directory. If you find it anywhere else then you should be suspicious for sure.

You'll want to keep an eye on this google search for any known viruses.

C:\WINDOWS\System32\svchost.exeSvchost.exe

What is it?

Service Host Process - svchost.exe

What does it do?

Here's a direct quote from MS about this: (source)

Svchost.exe is a generic host process name for services that are run from dynamic-link libraries (DLLs). The Svchost.exe file is located in the %SystemRoot%System32 folder. At startup, Svchost.exe checks the services portion of the registry to construct a list of services that it needs to load. There can be multiple instances of Svchost.exe running at the same time. Each Svchost.exe session can contain a grouping of services, so that separate services can be run depending on how and where Svchost.exe is started. This allows for better control and debugging.

Svchost.exe groups are identified in the following registry key:

HKEY_LOCAL_MACHINESoftwareMicrosoftWindows NTCurrentVersionSvchost

Each value under this key represents a separate Svchost group and is displayed as a separate instance when you are viewing active processes. Each value is a REG_MULTI_SZ value and contains the services that run under that Svchost group. Each Svchost group can contain one or more service_names extracted from the following registry key, whose Parameters key contains a ServiceDLL value:

HKEY_LOCAL_MACHINESystemCurrentControlSetServicesService

If you're running Windows XP Home edition then you'll have to download this file HERE and put it in your windows/system32 directory. If you're running XP Pro then you won't need that file since you already have it.

1.) Start --> Run --> cmd

2.) Tasklist /svc >C:ianaginfo.txt

Here's an example of what I got when I issued this command if you'd like to take a look at an example.

A Description of Svchost.exe in Windows XP:

http://support.microsoft.com/?kbid=314056

More Info

Virus Precaution:

The original file from Microsoft gets placed in the Located in C:WINDOWSSystem32 directory. If you find it anywhere else then you should be suspicious for sure.

You'll want to keep an eye on this google search for any known viruses.

C:\Program Files\TGTSoft\StyleXP\StyleXPService.exeStyleXPService.exe

StyleXPService.exe StyleXP is a pretty cool application to customize windows. More information can be found here.

Quote:

Style XP supports native Microsoft visual styles instead of a non-Microsoft skinning engine. As a result, skinning in Style XP will not slow down your computer as other skinning software can.

C:\WINDOWS\system32\spoolsv.exeSpoolsv.exe

What is it?

SPOOLer SerVice - spoolsv.exe

What does it do?

spoolsv.exe - The spooler service is responsible for managing spooled print/fax jobs

You will be able to end this through task manager!

More info

--------------------------------------------------------------------------------

Virus Precaution:

The spoolsv.exe which is from Microsoft is located at c:windowsSystem32spoolsv.exe . We've been able to find several viruses that run as spoolsv to trick you.

Backdoor.Ciadoor.B - Symantec Corporation

Hacktool.Privshell - Symantec Corporation

VBS.Masscal.Worm (vbs) - Symantec Corporation

Graybird-A @ Sophos

C:\WINDOWS\system32\r_server.exeR_SERVER.EXE

R_SERVER.EXE - This is a portion of a remote administrator this allows a user to work on more than one computer, this has features such as file transfer, NT security and Telnet.

C:\WINDOWS\system32\wuauclt.exewuauclt.exe

What is it?

Windows Update Automatic Client - wuauclt.exe

What does it do?

wuauclt.exe - This is used by the automatic update tool in Windows ME to check the Windows Update site every so often to see if any updates need to be installed.

More Info

Virus Precaution:

The original wuauclt.exe from Microsoft gets placed in the Located at C:WINDOWSSystem32wuauclt.exe . If you find it anywhere else then you should be suspicious for sure.

You'll want to keep an eye on this google search for any known viruses.

.

Backdoor.Clt @ Symantec Corporation

Troj/Cult-B @ Sophos

C:\WINDOWS\Explorer.EXEexplorer.exe

What is it?

Windows Explorer - explorer.exe

What does it do?

explorer.exe - Below is a direct quote from Microsoft found on THIS page:

This is the user shell, which we see as the familiar taskbar, desktop, and so on. This process isn't as vital to the running of Windows as you might expect, and can be stopped (and restarted) from Task Manager, usually with no negative side effects on the system.

I have found that stopping this process is needed sometimes to stop some other processes.

More Info

Virus Precaution:

The original file from Microsoft gets placed at C:WINDOWSSystem32explorer.exe . if you find it anywhere else then you should be suspicious for sure.

You'll want to keep an eye on this google search for any known viruses. There's only one unique virus found through this search. All of the results are the various names of this single virus.

Deloder-A @ Sophos

MyDoom.B @ Symantec

C:\WINDOWS\system32\wscntfy.exewscntfy.exe

What is It?

Windows Security Center Notification - wscntfy.exe

What does it do?

wscntfy.exe - This is a part of windows XP's SP2. This is a little notification that will be in your taskbar and continue to nag you about various security settings like your firewall, automatic updates and virus protection.

If you'd like to get rid of this process you'll want to go into your control panel and then go into the security center. Once in there look along the left bar where you'll see quite a bit of text. At the bottom of this list you'll see where it says change the way security center alerts me. Click on this. Uncheck all three of these settings.

Virus Precaution:

The original wscntfy.exe from Microsoft gets placed at C:WINDOWSSystem32wscntfy.exe . If you find it anywhere else then you should be suspicious for sure.

You'll want to keep an eye on this google search for any known viruses. At this time I have not found ANY viruses that run themselves using this filename. All of the results currently affect this file in some way, but do not actually run as this filename.

C:\Program Files\LimeWire\LimeWire.exeLimeWire.exe

LimeWire.exe - This is a process with LimeWire peer to peer file sharing client.

C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXEwinword.exe

What is it?

Microsoft Word - winword.exe

What does it do?

Microsoft Word is the most common professional level document reading and writing application on the market. Due to this you will find plenty of viruses floating around that will try to represent themselves as this file.

Virus Precautions:

You'll want to keep an eye on this google search for any known viruses. The normal location of this file is C:Program FilesMicrosoft OfficeVERSIONwinword.exe

Also .

E:\scorps\software\scorps\hijackthis\HijackThis.exeHijackThis.exe

This is our favorite application for fighting against malware and other trashy application that bog systems down. Our guide to using this software can be found here. We have also taken the time to write a system to process the log files created from this application here.

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.nokia.com/Internet Start Page

This is where you go when you first open IE. Should be something like google.com or iamnotageek.com if theres a site you don't know here clean this line!

O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dllUnnamed BHO

L

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dllUnnamed BHO

L

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dllUnnamed BHO

L

O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dllUnknown Item

Sorry. We are not sure what this item is. If you would like, you can click on it to request additional information about it.

O2 - BHO: TGTSoft Explorer Toolbar Changer - {C333CF63-767F-4831-94AC-E683D962C63C} - C:\Program Files\TGTSoft\StyleXP\TGT_BHO.dllUnnamed BHO

L

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dllUnknown Item

Sorry. We are not sure what this item is. If you would like, you can click on it to request additional information about it.

O4 - HKLM\..\RunServices: [p2pnetworking] p2pnetworking.exep2pnetworking

"Added by the W32/Rbot-AFL

O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe

O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htmInternet Right Click Menu