W32 ili Vundo???

1

W32 ili Vundo???

offline
  • Pridružio: 08 Okt 2003
  • Poruke: 63
  • Gde živiš: Sweden

Danas sam pisao u ZASTITI OD VIRUSA na temu "Otkriven „trojanac“ koji „jede“ MP"... Sada sledi nastavak price kao sto mi je Rogi23 i predlozio. Uspeo sam da (preko Zone Alarm-a) odem na net, skinem HijackThis! i nakon njegovog startovanja dobio sam ovaj log:

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 17:18:46, on 2007-08-16
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program\Delade filer\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\windows\system\hpsysdrv.exe
C:\Program\USB Storage RW\shwicon.exe
C:\HP\KBD\KBD.EXE
C:\Program\Delade filer\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb06.exe
C:\Program\Registry Mechanic\RegMech.exe
C:\Program\Java\jre1.6.0_02\bin\jusched.exe
C:\Program\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program\ATI Technologies\ATI.ACE\cli.exe
C:\Program\Enigma Software Group\SpyHunter\SpyHunter.exe
C:\Program\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program\Yahoo!\Search Protection\SearchProtection.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program\Delade filer\Microsoft Shared\VS7Debug\mdm.exe
c:\Program\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program\ZONELA~1\ZONEAL~1\MAILFR~1\mantispm.exe
C:\Program\ATI Technologies\ATI.ACE\cli.exe
C:\Program\ATI Technologies\ATI.ACE\cli.exe
C:\Program\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Ägaren\Lokala inställningar\Temporary Internet Files\Content.IE5\K58AYGPP\HiJackThis_v2[1].exe

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = red.clientapps.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program\google\googletoolbar2.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - c:\Program\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program\google\googletoolbar2.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [KYE_Showicon] "C:\Program\USB Storage RW\shwicon.exe" -t"KYE\USB Storage RW"
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [StorageGuard] "C:\Program\VERITAS Software\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [WCOLOREAL] C:\Program\Coloreal\coloreal.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [ccApp] C:\Program\Delade filer\Symantec Shared\ccApp.exe
O4 - HKLM\..\Run: [ccRegVfy] C:\Program\Delade filer\Symantec Shared\ccRegVfy.exe
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb06.exe
O4 - HKLM\..\Run: [RegistryMechanic] C:\Program\Registry Mechanic\RegMech.exe /S
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [ATICCC] "C:\Program\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [TrojanScanner] C:\Program\Trojan Remover\Trjscan.exe
O4 - HKLM\..\Run: [SpyHunter] C:\Program\Enigma Software Group\SpyHunter\SpyHunter.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [YSearchProtection] C:\Program\Yahoo!\Search Protection\SearchProtection.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOKAL TJÄNST')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\RunOnce: [SetDefaultMidi] MIDIDEF.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [SetDefaultMidi] MIDIDEF.EXE (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = C:\Program\Microsoft Office\Office10\OSA.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java-konsol - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - update.microsoft.com/windowsupdate/v6/V.....4246139109
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - update.microsoft.com/microsoftupdate/v6.....4771457937
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program\DELADE~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\ccPwdSvc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - c:\Program\Norton AntiVirus\navapsvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 8032 bytes


Jos jedna interesantna stvar,posto sam danas malo ceprkao po netu (na zadatu temu) uspeo sam da dodjem do nekih podataka da je mozda (u mom slucaju) u pitanju i Vundo Trojanac. Skinuo sam i VundoFix.exe medjutim on nista ne pronalazi i kaze da je sve ok?!?
Pokrenuo sam cak i program Spy Hunter 2.9 koji sam preuzeo takodje sa neta i on mi je jedini pronasao Vundo Trojan ali ga ne mogu izbrisati jer trazi da se prvo uplati odredjena svota novca... Nijedan drugi program ne nalazi nista sem ovog poslednjeg...

Molim vas za pomoc jer ovo nikako ne mogu sam da resim!
Hvala unapred svima!!!

offline
  • DEMIAN  Male
  • Legendarni graðanin
  • IT Manager
  • Pridružio: 25 Mar 2005
  • Poruke: 3706
  • Gde živiš: The darkest place on earth..

Pozz Misto,
Log koji si napravio nije pokazao linije koje su nam bitne za analizu tvog sluèaja. Najverovatnije, uzrok tome je to što si program startovao direktno iz download prompta IE-a, a nisi promenio naziv aplikacije i pokrenuo je iz zasebnog foldera kao po uputstvu za otvaranje teme u Ambulanti.

Zato bih te zamolio da do detalja ispratiš uputstvo koje ti je na linku ispod i postaviš nov log:
http://www.mycity.rs/Ambulanta/Kako-otvoriti-temu-u-Ambulanti.html

Takodje nam je jako bitno da koristis verziju HijackThisa koja je linkovana u gornjoj temi.

offline
  • Pridružio: 08 Okt 2003
  • Poruke: 63
  • Gde živiš: Sweden

Pozz DeM14n,
i ja bih voleo da mogu da ispratim uputstva do detalja ali kad nesto ne moze...A zasto ne moze? Pa zato sto ne mogu da startujem nijedan program na racunaru jer mi uporno "govori" da ja nemam pristup iako samo ja koristim taj racunar???Ko je adminstrator onda?????
Stvarno mi nije jasno... Sve sam uradio po uputstvu,skinuo fajl,promenio mu ime ali kada sam hteo da ga pokrenem ono...
Da li postoji neko drugo resenje kako bih pokrenuo hijackthis sa racunara a ne sa neta? Da li uopste postoji resenje za ovaj problem?
Hvala jos jednom!!!
Pozz svima

offline
  • Pridružio: 04 Sep 2003
  • Poruke: 24135
  • Gde živiš: Wien

Posto DeM14n trenutno nije tu, uzecu sebi za slobodu da te uputim na jos jedan program koji moze da nam pomogne.

Preuzmi program Deckard's System Scanner.
Preporuèuje se èuvanje programa direktno na Desktop radi lakšeg i bržeg pokretanja.

Program se startuje prosto - dvoklikom na ikonu. Skeniranje i provera sistema se odvija kroz par koraka i traje maksimalno par minuta.

Rezultat je log main.txt koji Deckard's System Scanner kreira i otvara automatski po završtetku skeniranja. Kompletan sadržaj tog loga je potrebno kopirati i postovati na forum u sledeæem postu radi analize.

Nadamo se da ce ovaj program da radi. Ukoliko i on bude blokiran, imamo mi toga jos u arsenalu Wink

offline
  • Pridružio: 08 Okt 2003
  • Poruke: 63
  • Gde živiš: Sweden

Evo mene opet...
E ovako,posto naravno nisam uspeo da otvorim DSS kroz folder na desktopu (pa cak ni sa desktopa), moram sam preko neta kao i malopre sa HijackThis.
To izgleda ovako:

Deckard's System Scanner v20070809.63
Run by Ägaren on 2007-08-16 at 22:28:05
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
161: 2007-08-16 20:28:10 UTC - RP161 - Deckard's System Scanner Restore Point
160: 2007-08-16 15:45:54 UTC - RP160 - Installed Ad-Aware 2007
159: 2007-08-15 14:37:05 UTC - RP159 - Installation av osignerad drivrutin
158: 2007-08-14 20:37:14 UTC - RP158 - Software Distribution Service 3.0
157: 2007-08-14 16:34:41 UTC - RP157 - Systemkontrollpunkt


-- First Restore Point --
1: 2007-07-12 12:48:12 UTC - RP1 - Systemkontrollpunkt


Backed up registry hives.
Performed disk cleanup.



-- HijackThis Clone ------------------------------------------------------------

Emulating logfile of HijackThis v1.99.1
Scan saved at 2007-08-16 22:29:41
Platform: Windows XP Service Pack 2 (5.01.2600)
MSIE: Internet Explorer (7.00.6000.16512)

Running processes:
C:\WINDOWS\system32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program\Delade filer\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system\hpsysdrv.exe
C:\Program\USB Storage RW\shwicon.exe
C:\hp\KBD\kbd.exe
C:\Program\Delade filer\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\cthelper.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb06.exe
C:\Program\Registry Mechanic\RegMech.exe
C:\Program\Java\jre1.6.0_02\bin\jusched.exe
C:\Program\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program\ATI Technologies\ATI.ACE\CLI.exe
C:\Program\Enigma Software Group\SpyHunter\SpyHunter.exe
C:\Program\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program\Yahoo!\Search Protection\SearchProtection.exe
C:\WINDOWS\system32\CTSVCCDA.EXE
C:\Program\Delade filer\Microsoft Shared\VS7Debug\mdm.exe
C:\Program\Norton AntiVirus\Navapsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program\Zone Labs\ZoneAlarm\MailFrontier\mantispm.exe
C:\Program\ATI Technologies\ATI.ACE\CLI.exe
C:\Program\ATI Technologies\ATI.ACE\CLI.exe
C:\Program\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program\Lavasoft\Ad-Aware 2007\Ad-Aware2007.exe
C:\Program\Adobe\Acrobat 5.0\Reader\AcroRd32.exe
C:\Program\Internet Explorer\iexplore.exe
C:\Documents and Settings\Ägaren\Lokala inställningar\Temporary Internet Files\Content.IE5\3OQWB9GJ\dss[1].exe

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = red.clientapps.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = iexplore
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program\Google\GoogleToolbar2.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program\Norton AntiVirus\NAVShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program\Norton AntiVirus\NAVShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program\Google\GoogleToolbar2.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKEY_LOCAL_MACHINE\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKEY_LOCAL_MACHINE\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKEY_LOCAL_MACHINE\..\Run: [KYE_Showicon] "C:\Program\USB Storage RW\shwicon.exe" -t"KYE\USB Storage RW"
O4 - HKEY_LOCAL_MACHINE\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKEY_LOCAL_MACHINE\..\Run: [StorageGuard] "C:\Program\VERITAS Software\Update Manager\sgtray.exe" /r
O4 - HKEY_LOCAL_MACHINE\..\Run: [WCOLOREAL] C:\Program\Coloreal\coloreal.exe
O4 - HKEY_LOCAL_MACHINE\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKEY_LOCAL_MACHINE\..\Run: [nwiz] nwiz.exe /install
O4 - HKEY_LOCAL_MACHINE\..\Run: [ccApp] C:\Program\Delade filer\Symantec Shared\ccApp.exe
O4 - HKEY_LOCAL_MACHINE\..\Run: [ccRegVfy] C:\Program\Delade filer\Symantec Shared\ccRegVfy.exe
O4 - HKEY_LOCAL_MACHINE\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKEY_LOCAL_MACHINE\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKEY_LOCAL_MACHINE\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKEY_LOCAL_MACHINE\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb06.exe
O4 - HKEY_LOCAL_MACHINE\..\Run: [RegistryMechanic] C:\Program\Registry Mechanic\RegMech.exe /S
O4 - HKEY_LOCAL_MACHINE\..\Run: [SunJavaUpdateSched] "C:\Program\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKEY_LOCAL_MACHINE\..\Run: [ZoneAlarm Client] "C:\Program\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKEY_LOCAL_MACHINE\..\Run: [ATICCC] "C:\Program\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKEY_LOCAL_MACHINE\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKEY_LOCAL_MACHINE\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKEY_LOCAL_MACHINE\..\Run: [TrojanScanner] C:\Program\Trojan Remover\Trjscan.exe
O4 - HKEY_LOCAL_MACHINE\..\Run: [SpyHunter] C:\Program\Enigma Software Group\SpyHunter\SpyHunter.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [YSearchProtection] C:\Program\Yahoo!\Search Protection\SearchProtection.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program\Microsoft Office\Office10\OSA.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java-konsol - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra 'Tools' menuitem: (no name) - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - update.microsoft.com/windowsupdate/v6/V.....4246139109
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - update.microsoft.com/microsoftupdate/v6.....4771457937
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O18 - Protocol: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program\Delade filer\Microsoft Shared\Web Folders\PKMCDO.DLL
O18 - Protocol: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program\Delade filer\Microsoft Shared\Information Retrieval\MSITSS.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program\Delade filer\Skype\Skype4COM.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - "C:\Program\Lavasoft\Ad-Aware 2007\aawservice.exe"
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTSVCCDA.EXE


-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R3 pfc (Padus ASPI Shell) - c:\windows\system32\drivers\pfc.sys <Not Verified; Padus, Inc.; Padus(R) ASPI Shell>

S3 w800bus (Sony Ericsson W800 driver (WDM)) - c:\windows\system32\drivers\w800bus.sys <Not Verified; MCCI; Sony Ericsson W800>
S3 w800mdfl (Sony Ericsson W800 USB WMC Modem Filter) - c:\windows\system32\drivers\w800mdfl.sys <Not Verified; MCCI; Sony Ericsson W800 USB WMC Modem Filter Driver>
S3 w800mdm (Sony Ericsson W800 USB WMC Modem Drivers) - c:\windows\system32\drivers\w800mdm.sys <Not Verified; MCCI; Sony Ericsson W800 USB WMC Modem>
S3 w800obex (Sony Ericsson W800 USB WMC OBEX Interface Drivers) - c:\windows\system32\drivers\w800obex.sys <Not Verified; MCCI; Sony Ericsson W800 USB WMC OBEX Interface>


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 aawservice (Ad-Aware 2007 Service) - "c:\program\lavasoft\ad-aware 2007\aawservice.exe" <Not Verified; Lavasoft AB; Ad-Aware 2007 Service>


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Scheduled Tasks -------------------------------------------------------------

2007-08-16 22:28:38 390 --a------ C:\WINDOWS\Tasks\Symantec NetDetect.job
2007-08-10 23:50:20 476 --a------ C:\WINDOWS\Tasks\Norton AntiVirus - Sök igenom datorn.job
2007-07-28 00:12:31 404 --a------ C:\WINDOWS\Tasks\RegistrySmart Scheduled Scan.job


-- Files created between 2007-07-16 and 2007-08-16 -----------------------------

2007-08-16 17:45:57 0 d-------- C:\Program\Lavasoft
2007-08-16 17:45:56 0 d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2007-08-16 17:45:21 0 d-------- C:\Program\Delade filer\Wise Installation Wizard
2007-08-16 16:53:46 0 d-------- C:\Documents and Settings\Administratör\WINDOWS
2007-08-16 16:53:46 0 dra------ C:\Documents and Settings\Administratör\Start-meny
2007-08-16 16:53:46 0 d-------- C:\Documents and Settings\Administratör\Skrivbord
2007-08-16 16:53:46 0 d--h----- C:\Documents and Settings\Administratör\Skrivare
2007-08-16 16:53:46 0 drah----- C:\Documents and Settings\Administratör\SendTo
2007-08-16 16:53:46 0 drah----- C:\Documents and Settings\Administratör\Recent
2007-08-16 16:53:46 0 d--h----- C:\Documents and Settings\Administratör\Nätverket
2007-08-16 16:53:46 0 dra------ C:\Documents and Settings\Administratör\Mina dokument
2007-08-16 16:53:46 0 d--h----- C:\Documents and Settings\Administratör\Mallar
2007-08-16 16:53:46 0 d--h----- C:\Documents and Settings\Administratör\Lokala inställningar
2007-08-16 16:53:46 0 dra------ C:\Documents and Settings\Administratör\Favoriter
2007-08-16 16:53:46 0 d--hs---- C:\Documents and Settings\Administratör\Cookies
2007-08-16 16:53:46 0 drah----- C:\Documents and Settings\Administratör\Application Data
2007-08-16 16:53:46 0 d-------- C:\Documents and Settings\Administratör\Application Data\VERITAS
2007-08-16 16:53:46 0 d-------- C:\Documents and Settings\Administratör\Application Data\Symantec
2007-08-16 16:53:46 0 d-------- C:\Documents and Settings\Administratör\Application Data\SampleView
2007-08-16 16:53:46 0 d---s---- C:\Documents and Settings\Administratör\Application Data\Microsoft
2007-08-16 16:53:46 0 d-------- C:\Documents and Settings\Administratör\Application Data\InterTrust
2007-08-16 16:53:46 0 d-------- C:\Documents and Settings\Administratör\Application Data\Identities
2007-08-16 16:53:46 0 d-------- C:\Documents and Settings\Administratör\Application Data\Adobe
2007-08-16 16:53:45 786432 --ah----- C:\Documents and Settings\Administratör\NTUSER.DAT
2007-08-16 16:39:02 0 d-------- C:\VundoFix Backups
2007-08-16 00:07:41 0 d-------- C:\Program\Antivirus Protection
2007-08-16 00:02:46 0 d-------- C:\Program\Common Files
2007-08-16 00:01:06 0 d-------- C:\Program\Anti Trojan Elite
2007-08-15 23:58:47 0 d-------- C:\Program\Enigma Software Group
2007-08-15 23:15:11 162304 --a------ C:\WINDOWS\system32\ztvunrar36.dll
2007-08-15 23:15:11 77312 --a------ C:\WINDOWS\system32\ztvunace26.dll
2007-08-15 23:15:11 69632 --a------ C:\WINDOWS\system32\ztvcabinet.dll <Not Verified; Microsoft Corporation; Microsoft(R) Windows (R) 2000 Operating System>
2007-08-15 23:15:11 153088 --a------ C:\WINDOWS\system32\UNRAR3.dll
2007-08-15 23:15:11 75264 --a------ C:\WINDOWS\system32\unacev2.dll
2007-08-15 23:15:07 0 d-------- C:\Program\Trojan Remover
2007-08-15 23:15:07 0 d-------- C:\Documents and Settings\Ägaren\Application Data\Simply Super Software
2007-08-15 23:15:07 0 d-------- C:\Documents and Settings\All Users\Application Data\Simply Super Software
2007-08-15 16:39:34 77040 -ra------ C:\WINDOWS\system32\drivers\w800obex.sys <Not Verified; MCCI; Sony Ericsson W800 USB WMC OBEX Interface>
2007-08-15 16:37:58 87424 -ra------ C:\WINDOWS\system32\drivers\w800mdm.sys <Not Verified; MCCI; Sony Ericsson W800 USB WMC Modem>
2007-08-15 16:37:58 6096 -ra------ C:\WINDOWS\system32\drivers\w800mdfl.sys <Not Verified; MCCI; Sony Ericsson W800 USB WMC Modem Filter Driver>
2007-08-15 16:37:58 6112 -ra------ C:\WINDOWS\system32\drivers\w800cmnt.sys <Not Verified; MCCI; Sony Ericsson W800 USB WMC OBEX Interface>
2007-08-15 16:37:58 6112 -ra------ C:\WINDOWS\system32\drivers\w800cm.sys <Not Verified; MCCI; Sony Ericsson W800 USB WMC OBEX Interface>
2007-08-15 16:37:13 5744 -ra------ C:\WINDOWS\system32\drivers\w800whnt.sys <Not Verified; MCCI; Sony Ericsson W800>
2007-08-15 16:37:13 5744 -ra------ C:\WINDOWS\system32\drivers\w800wh.sys <Not Verified; MCCI; Sony Ericsson W800>
2007-08-15 16:37:13 52384 -ra------ C:\WINDOWS\system32\drivers\w800bus.sys <Not Verified; MCCI; Sony Ericsson W800>
2007-08-03 15:56:27 0 d-------- C:\Documents and Settings\Ägaren\Application Data\Help
2007-08-03 15:32:33 6688 --a------ C:\WINDOWS\movexe.exe
2007-08-03 15:29:24 0 d-------- C:\mts
2007-07-27 23:58:35 0 d-------- C:\Documents and Settings\Ägaren\Application Data\RegistrySmart
2007-07-27 23:55:48 0 d-------- C:\WINDOWS\system32\custom matrices
2007-07-27 23:55:47 200704 --a------ C:\WINDOWS\system32\TomsMoComp_ff.dll
2007-07-27 23:55:47 114688 --a------ C:\WINDOWS\system32\libmpeg2_ff.dll
2007-07-27 23:55:47 0 d-------- C:\WINDOWS\system32\languages
2007-07-27 23:55:47 7680 --a------ C:\WINDOWS\system32\ff_vfw.dll
2007-07-27 23:55:47 221184 --a------ C:\WINDOWS\system32\ff_kernelDeint.dll
2007-07-27 23:55:47 741376 --a------ C:\WINDOWS\system32\audxlib.dll
2007-07-27 23:55:46 60273 --a------ C:\WINDOWS\system32\pthreadGC2.dll <Not Verified; Open Source Software community project; >
2007-07-27 23:55:46 38400 --a------ C:\WINDOWS\system32\ff_unrar.dll
2007-07-27 23:55:46 79872 --a------ C:\WINDOWS\system32\ff_tremor.dll
2007-07-27 23:55:46 122880 --a------ C:\WINDOWS\system32\ff_samplerate.dll
2007-07-27 23:55:46 97280 --a------ C:\WINDOWS\system32\ff_realaac.dll
2007-07-27 23:55:46 118784 --a------ C:\WINDOWS\system32\ff_libmad.dll
2007-07-27 23:55:46 245760 --a------ C:\WINDOWS\system32\ff_libfaad2.dll
2007-07-27 23:55:46 155648 --a------ C:\WINDOWS\system32\ff_libdts.dll
2007-07-27 23:55:46 40960 --a------ C:\WINDOWS\system32\ff_liba52.dll
2007-07-27 23:55:45 684549 --a------ C:\WINDOWS\system32\unins000.exe <Not Verified; ; Inno Setup>
2007-07-27 23:55:45 51478 --a------ C:\WINDOWS\system32\unins000.dat
2007-07-27 23:39:47 0 d-------- C:\Program\XP Codec Pack
2007-07-26 12:05:35 344064 --a------ C:\WINDOWS\xvid.dll
2007-07-26 11:55:38 0 d-------- C:\WINDOWS\system32\backup
2007-07-26 11:32:28 0 d-------- C:\WINDOWS\Sun
2007-07-25 10:41:47 0 d-------- C:\Program\DC++
2007-07-23 08:30:06 0 d--h----- C:\WINDOWS\msdownld.tmp
2007-07-23 08:26:59 0 d-------- C:\Documents and Settings\Ägaren\Application Data\ACD Systems
2007-07-23 08:26:24 0 d-------- C:\Program\Delade filer\ACD Systems
2007-07-23 08:26:24 0 d-------- C:\Program\ACD Systems
2007-07-22 14:06:51 364544 -----n--- C:\WINDOWS\system32\TwnLib4.dll <Not Verified; Pegasus Imaging Corp.; TwnLib4>
2007-07-22 14:06:51 106496 --a------ C:\WINDOWS\system32\TwnLib20.dll <Not Verified; Pegasus Software; TWNLIB20>
2007-07-22 14:06:50 155648 --a------ C:\WINDOWS\system32\NeroCheck.exe <Not Verified; Nero AG; Nero AG NeroCheck>
2007-07-22 14:06:50 471040 -----n--- C:\WINDOWS\system32\ImagXRA7.dll <Not Verified; Pegasus Imaging Corp.; ImagXpress7>
2007-07-22 14:06:50 262144 -----n--- C:\WINDOWS\system32\ImagXR7.dll <Not Verified; Pegasus Imaging Corp.; ImagXpress7>
2007-07-22 14:06:50 1568768 -----n--- C:\WINDOWS\system32\ImagX7.dll <Not Verified; Pegasus Imaging Corp.; ImagXpress7>
2007-07-22 14:06:48 0 d-------- C:\Program\Delade filer\Ahead
2007-07-22 14:06:48 0 d-------- C:\Program\Ahead
2007-07-20 17:24:52 0 d-------- C:\Program\Codec Pack - All In 1
2007-07-20 16:38:16 0 d-------- C:\Program\Webteh
2007-07-20 12:46:47 0 d-------- C:\Program\BSPlayer
2007-07-20 10:47:10 0 d-------- C:\Documents and Settings\Ägaren\Application Data\BSplayer
2007-07-20 10:47:10 0 d-------- C:\Documents and Settings\Ägaren\Application Data\BSplayer Pro
2007-07-20 10:44:33 0 d-------- C:\Program\AC3Filter
2007-07-20 10:41:37 0 d-------- C:\Program\XviD
2007-07-20 10:38:48 0 d-------- C:\Program\DivX
2007-07-20 10:38:34 0 d-------- C:\Program\ffdshow
2007-07-20 08:47:39 0 d-------- C:\Program\Far Cry
2007-07-20 08:42:40 0 d-------- C:\Program\Alex Feinman
2007-07-20 08:41:31 0 d-------- C:\Program\WinISO
2007-07-18 17:07:36 0 d-------- C:\WINDOWS\ShellNew
2007-07-16 09:04:24 0 d-------- C:\Program\Windows Media Connect 2
2007-07-16 09:02:58 0 d-------- C:\WINDOWS\system32\LogFiles
2007-07-16 09:02:58 0 d-------- C:\WINDOWS\system32\drivers\UMDF


-- Find3M Report ---------------------------------------------------------------

2007-08-16 20:04:01 288 --a------ C:\WINDOWS\system32\DVCStateBkp-{00000002-00000000-0000000A-00001102-00000004-00541102}.dat
2007-08-16 20:04:01 288 --a------ C:\WINDOWS\system32\DVCState-{00000002-00000000-0000000A-00001102-00000004-00541102}.dat
2007-08-16 17:45:21 0 d-------- C:\Program\Delade filer
2007-08-16 17:02:59 0 d-------- C:\Program\Delade filer\Symantec Shared
2007-08-16 17:02:33 4212 ---h----- C:\WINDOWS\system32\zllictbl.dat
2007-08-16 17:02:11 0 d-------- C:\Program\Coloreal
2007-08-16 00:02:42 0 d-------- C:\Program\Yahoo!
2007-08-15 18:29:15 0 d-------- C:\Program\Norton AntiVirus
2007-08-15 18:13:49 0 d-------- C:\Program\USB Storage RW
2007-08-13 23:01:07 0 d-------- C:\Documents and Settings\Ägaren\Application Data\Skype
2007-07-26 11:53:20 344064 --a------ C:\WINDOWS\system32\xvid.dll
2007-07-22 11:32:00 661504 --a------ C:\WINDOWS\system32\xvidcore.dll
2007-07-22 11:32:00 403968 --a------ C:\WINDOWS\system32\libmplayer.dll
2007-07-22 11:32:00 3165184 --a------ C:\WINDOWS\system32\libavcodec.dll
2007-07-22 11:32:00 510976 --a------ C:\WINDOWS\system32\ff_x264.dll
2007-07-22 11:32:00 26624 --a------ C:\WINDOWS\system32\ff_wmv9.dll
2007-07-22 11:32:00 143360 --a------ C:\WINDOWS\system32\ff_theora.dll
2007-07-18 22:38:52 1100 --a------ C:\WINDOWS\system32\d3d8caps.dat
2007-07-18 17:15:59 384758 --a------ C:\WINDOWS\system32\perfh01D.dat
2007-07-18 17:15:59 63494 --a------ C:\WINDOWS\system32\perfc01D.dat
2007-07-16 15:37:37 0 d-------- C:\Program\Delade filer\Adobe
2007-07-15 00:51:09 0 d-------- C:\Documents and Settings\Ägaren\Application Data\ATI
2007-07-15 00:48:28 0 d-------- C:\Program\Delade filer\ATI Technologies
2007-07-15 00:45:33 0 d-------- C:\Program\ATI Technologies
2007-07-15 00:45:09 0 d-------- C:\Program\Delade filer\InstallShield
2007-07-15 00:42:17 0 d--h----- C:\Program\InstallShield Installation Information
2007-07-14 09:05:45 0 d-------- C:\Documents and Settings\Ägaren\Application Data\MailFrontier
2007-07-13 23:43:47 0 d-------- C:\Program\Java
2007-07-13 23:43:01 0 d-------- C:\Program\Delade filer\Java
2007-07-13 23:42:31 0 d-------- C:\Documents and Settings\Ägaren\Application Data\Sun
2007-07-12 23:25:24 664 --a------ C:\WINDOWS\system32\d3d9caps.dat
2007-07-12 23:19:13 0 d-------- C:\Program\Skype
2007-07-12 23:19:09 0 d-------- C:\Program\Delade filer\Skype
2007-07-12 17:09:31 0 d-------- C:\Documents and Settings\Ägaren\Application Data\Yahoo!
2007-07-12 16:44:03 0 d-------- C:\Program\Symantec
2007-07-12 16:08:28 0 d-------- C:\Program\Messenger
2007-07-12 15:14:48 0 d-------- C:\Program\Movie Maker
2007-07-12 15:13:01 0 d-------- C:\Program\Windows NT
2007-07-12 15:10:58 0 d--h----- C:\Program\WindowsUpdate
2007-07-12 15:08:12 0 d-------- C:\Documents and Settings\Ägaren\Application Data\WinRAR
2007-07-12 15:05:13 0 d-------- C:\Documents and Settings\Ägaren\Application Data\Google
2007-07-12 15:04:55 0 d-------- C:\Documents and Settings\Ägaren\Application Data\Macromedia
2007-07-12 15:03:42 0 d-------- C:\Program\Google
2007-07-12 14:54:41 0 d-------- C:\Program\Hewlett-Packard
2007-07-12 14:53:48 0 d-------- C:\Program\hp deskjet 5550 series
2007-07-12 14:47:43 0 --a------ C:\WINDOWS\system32\iAlmcoin.dll
2007-07-12 14:46:51 0 d-------- C:\Program\Creative
2007-06-07 21:10:48 20480 --a------ C:\WINDOWS\system32\ac3config.exe
2007-05-30 05:31:58 57344 --a------ C:\WINDOWS\system32\filekiller.dll


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 17:04]
"HotKeysCmds"="C:\WINDOWS\System32\hkcmd.exe" [2002-10-16 07:05]
"KYE_Showicon"="C:\Program\USB Storage RW\shwicon.exe" [2002-10-25 16:33]
"KBD"="C:\HP\KBD\KBD.EXE" [2003-02-10 15:02]
"StorageGuard"="C:\Program\VERITAS Software\Update Manager\sgtray.exe" [2002-06-18 08:01]
"WCOLOREAL"="C:\Program\Coloreal\coloreal.exe" [2002-11-26 18:14]
"Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [2002-09-13 22:42]
"nwiz"="nwiz.exe" [2002-09-09 23:35 C:\WINDOWS\system32\nwiz.exe]
"ccApp"="C:\Program\Delade filer\Symantec Shared\ccApp.exe" [2002-10-23 12:50]
"ccRegVfy"="C:\Program\Delade filer\Symantec Shared\ccRegVfy.exe" [2002-10-23 12:51]
"CTHelper"="CTHELPER.EXE" [2003-01-09 01:39 C:\WINDOWS\system32\cthelper.exe]
"UpdReg"="C:\WINDOWS\UpdReg.EXE" [2000-05-11 01:00]
"PS2"="C:\WINDOWS\system32\ps2.exe" [2002-07-31 20:28]
"HPDJ Taskbar Utility"="C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb06.exe" [2002-07-11 15:12]
"RegistryMechanic"="C:\Program\Registry Mechanic\RegMech.exe" [2007-05-09 10:41]
"SunJavaUpdateSched"="C:\Program\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 04:00]
"ZoneAlarm Client"="C:\Program\Zone Labs\ZoneAlarm\zlclient.exe" [2007-03-09 01:02]
"ATICCC"="C:\Program\ATI Technologies\ATI.ACE\cli.exe" [2006-01-02 17:41]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2006-01-12 15:40]
"KernelFaultCheck"="C:\WINDOWS\system32\dumprep 0 -k" []
"TrojanScanner"="C:\Program\Trojan Remover\Trjscan.exe" [2007-08-11 20:11]
"SpyHunter"="C:\Program\Enigma Software Group\SpyHunter\SpyHunter.exe" [2007-04-26 19:03]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program\Messenger\msmsgs.exe" [2004-10-13 18:24]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 10:34]
"YSearchProtection"="C:\Program\Yahoo!\Search Protection\SearchProtection.exe" [2007-03-29 00:10]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"SetDefaultMidi"=MIDIDEF.EXE
"PlayCenter2"="C:\Program\Creative\SBAudigy\PlayCenter2\MDEntry.EXE" "C:\Program\Creative\SBAudigy\PlayCenter2"

C:\Documents and Settings\All Users\Start-meny\Program\Autostart\
Microsoft Office.lnk - C:\Program\Microsoft Office\Office10\OSA.EXE [2001-02-13 09:01:04]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
@=

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

*Newly Created Service* - AAWSERVICE



-- End of Deckard's System Scanner: finished at 2007-08-16 at 22:31:32 ---------

Ajd ljudi pomagajte molim vas!!!

Hvala svima!!!
Pozz

offline
  • Pridružio: 08 Okt 2003
  • Poruke: 63
  • Gde živiš: Sweden

E ako nesto znaci evo log koji mi je izbacio SpyHunter 2.9(koji jedininalazi Trojan Vundo?!) :

Log Contents provided by Enigma Software Group, Inc.
###########################Runnning Processes DATA###########################
processName = SMSS.EXE File Size = 50688 File Path = \SystemRoot\System32\smss.exe ModuleMD5 = 2997c8f2515c72df278e83f977a5ac40
processName = WINLOGON.EXE File Size = 502272 File Path = \??\C:\WINDOWS\system32\winlogon.exe ModuleMD5 = 3e080d3d4f81b0638766ccc4d7707d10
processName = SERVICES.EXE File Size = 108032 File Path = C:\WINDOWS\system32\services.exe ModuleMD5 = 0df00535e2f5aefaead3a800f75137af
processName = LSASS.EXE File Size = 13312 File Path = C:\WINDOWS\system32\lsass.exe ModuleMD5 = ba428312d9a0726e4c07c2037e882520
processName = ATI2EVXX.EXE File Size = 405504 File Path = C:\WINDOWS\system32\Ati2evxx.exe ModuleMD5 = c4b5144443a368741e6427faa44c5491
processName = SVCHOST.EXE File Size = 14336 File Path = C:\WINDOWS\system32\svchost.exe ModuleMD5 = 22d8a75754b7b9ecc4753e3c09a56b18
processName = SVCHOST.EXE File Size = 14336 File Path = C:\WINDOWS\System32\svchost.exe ModuleMD5 = 22d8a75754b7b9ecc4753e3c09a56b18
processName = CCEVTMGR.EXE File Size = 317112 File Path = C:\Program\Delade filer\Symantec Shared\ccEvtMgr.exe ModuleMD5 = 3ed7d2c9556cbded30df0c7ef45f27af
processName = SPOOLSV.EXE File Size = 57856 File Path = C:\WINDOWS\system32\spoolsv.exe ModuleMD5 = da81ec57acd4cdc3d4c51cf3d409af9f
processName = ATI2EVXX.EXE File Size = 405504 File Path = C:\WINDOWS\system32\Ati2evxx.exe ModuleMD5 = c4b5144443a368741e6427faa44c5491
processName = EXPLORER.EXE File Size = 1033728 File Path = C:\WINDOWS\Explorer.EXE ModuleMD5 = 96d1dde74e550113d2fcb97c8a4c43cb
processName = HPSYSDRV.EXE File Size = 52736 File Path = C:\windows\system\hpsysdrv.exe ModuleMD5 = 06a1ecb63df139ec639e084d4ab3c9d7
processName = SHWICON.EXE File Size = 69632 File Path = C:\Program\USB Storage RW\shwicon.exe ModuleMD5 = fdee1e4b56df300769be7c5740473e98
processName = KBD.EXE File Size = 61440 File Path = C:\HP\KBD\KBD.EXE ModuleMD5 = 4a95f15b706b8fd9ec8715b6401eab7b
processName = CCAPP.EXE File Size = 54960 File Path = C:\Program\Delade filer\Symantec Shared\ccApp.exe ModuleMD5 = 1442b0b41c1b755a53c0c68aa2419876
processName = CTHELPER.EXE File Size = 28672 File Path = C:\WINDOWS\system32\CTHELPER.EXE ModuleMD5 = 2ba0f02e4b41b282408b3bf8caac2ffe
processName = HPZTSB06.EXE File Size = 188416 File Path = C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb06.exe ModuleMD5 = 45a483a8b56605414af38abf71db102e
processName = REGMECH.EXE File Size = 2299400 File Path = C:\Program\Registry Mechanic\RegMech.exe ModuleMD5 = e35f4404ec6ef6a87b2f6a3a9cafa17a
processName = JUSCHED.EXE File Size = 132496 File Path = C:\Program\Java\jre1.6.0_02\bin\jusched.exe ModuleMD5 = 896e712a34d654a337c8cbb9deb07200
processName = ZLCLIENT.EXE File Size = 919280 File Path = C:\Program\Zone Labs\ZoneAlarm\zlclient.exe ModuleMD5 = 3e1731c55f77d150791d4c7e87ad4e5c
processName = CLI.EXE File Size = 45056 File Path = C:\Program\ATI Technologies\ATI.ACE\cli.exe ModuleMD5 = 64c4c17bf6a40ff1cd21205e6fd415b8
processName = SPYHUNTER.EXE File Size = 2693248 File Path = C:\Program\Enigma Software Group\SpyHunter\SpyHunter.exe ModuleMD5 = 106556f40e0366b98ff715462aa3c3e5
processName = MSMSGS.EXE File Size = 1694208 File Path = C:\Program\Messenger\msmsgs.exe ModuleMD5 = 74e6e96c6f0e2eca4edbb7f7a468f259
processName = CTFMON.EXE File Size = 15360 File Path = C:\WINDOWS\system32\ctfmon.exe ModuleMD5 = febe82a289a6645e26b27f3a0a4d2b84
processName = SEARCHPROTECTION.EXE File Size = 224248 File Path = C:\Program\Yahoo!\Search Protection\SearchProtection.exe ModuleMD5 = b426580cb595d54cedf222a0e5c1ae54
processName = AAWSERVICE.EXE File Size = 557056 File Path = C:\Program\Lavasoft\Ad-Aware 2007\aawservice.exe ModuleMD5 = 2aa15adef712d1ef9ae651a4de7ffd4d
processName = CTSVCCDA.EXE File Size = 44032 File Path = C:\WINDOWS\System32\CTsvcCDA.exe ModuleMD5 = 3c8b6609712f4ff78e521f6dcfc4032b
processName = MDM.EXE File Size = 322120 File Path = C:\Program\Delade filer\Microsoft Shared\VS7Debug\mdm.exe ModuleMD5 = 11f714f85530a2bd134074dc30e99fca
processName = NAVAPSVC.EXE File Size = 116344 File Path = c:\Program\Norton AntiVirus\navapsvc.exe ModuleMD5 = 81af14f7143364aa48179ab92766242b
processName = SVCHOST.EXE File Size = 14336 File Path = C:\WINDOWS\System32\svchost.exe ModuleMD5 = 22d8a75754b7b9ecc4753e3c09a56b18
processName = VSMON.EXE File Size = 75568 File Path = C:\WINDOWS\system32\ZoneLabs\vsmon.exe ModuleMD5 = de71661665a86a2305918e8b91acedb9
processName = MSPMSPSV.EXE File Size = 53520 File Path = C:\WINDOWS\System32\MsPMSPSv.exe ModuleMD5 = 581176f60885aef8f78c6e38dcc3cdf9
processName = MANTISPM.EXE File Size = 869984 File Path = C:\Program\ZONELA~1\ZONEAL~1\MAILFR~1\mantispm.exe ModuleMD5 = cea7c867f7551d92bc5367968456b328
processName = CLI.EXE File Size = 45056 File Path = C:\Program\ATI Technologies\ATI.ACE\cli.exe ModuleMD5 = 64c4c17bf6a40ff1cd21205e6fd415b8
processName = CLI.EXE File Size = 45056 File Path = C:\Program\ATI Technologies\ATI.ACE\cli.exe ModuleMD5 = 64c4c17bf6a40ff1cd21205e6fd415b8
processName = IEXPLORE.EXE File Size = 625152 File Path = C:\Program\Internet Explorer\IEXPLORE.EXE ModuleMD5 = 275cee268b9e5d82474c43d5d249d111
###########################REGISTRY MD5 DATA###########################
<HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN>
Name=hpsysdrv Data=c:\windows\system\hpsysdrv.exe FileSize = 52736 MD5=06a1ecb63df139ec639e084d4ab3c9d7
Name=HotKeysCmds Data=C:\WINDOWS\System32\hkcmd.exe FileSize = 114688 MD5=57a789dc4984ad1f5ce49f52104f2e87
Name=KYE_Showicon Data="C:\Program\USB Storage RW\shwicon.exe" -t"KYE\USB Storage RW" FileSize = MD5=********************************
Name=KBD Data=C:\HP\KBD\KBD.EXE FileSize = 61440 MD5=4a95f15b706b8fd9ec8715b6401eab7b
Name=StorageGuard Data="C:\Program\VERITAS Software\Update Manager\sgtray.exe" /r FileSize = 155648 MD5=68c91658a3cb6773ec79c90cc0ee6bc1
Name=WCOLOREAL Data=C:\Program\Coloreal\coloreal.exe FileSize = 131072 MD5=73eba89a1c2830fe233f61a324b8c685
Name=Recguard Data=C:\WINDOWS\SMINST\RECGUARD.EXE FileSize = 212992 MD5=d3cc7a3813123e955b3a497c04b404e2
Name=nwiz Data=nwiz.exe /install FileSize = 372736 MD5=2265dca28bf872c0fa4ed831b430f405
Name=ccApp Data=C:\Program\Delade filer\Symantec Shared\ccApp.exe FileSize = 54960 MD5=1442b0b41c1b755a53c0c68aa2419876
Name=ccRegVfy Data=C:\Program\Delade filer\Symantec Shared\ccRegVfy.exe FileSize = 38576 MD5=6f817d95caf5ecf255d397eb676796ff
Name=CTHelper Data=CTHELPER.EXE FileSize = 28672 MD5=2ba0f02e4b41b282408b3bf8caac2ffe
Name=UpdReg Data=C:\WINDOWS\UpdReg.EXE FileSize = 90112 MD5=c419df63e0121d72411285780c2fc6cc
Name=PS2 Data=C:\WINDOWS\system32\ps2.exe FileSize = 81920 MD5=5f48e155d9d723763feaf4a73ddad62c
Name=HPDJ Taskbar Utility Data=C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb06.exe FileSize = 188416 MD5=45a483a8b56605414af38abf71db102e
Name=RegistryMechanic Data=C:\Program\Registry Mechanic\RegMech.exe /S FileSize = 2299400 MD5=e35f4404ec6ef6a87b2f6a3a9cafa17a
Name=SunJavaUpdateSched Data="C:\Program\Java\jre1.6.0_02\bin\jusched.exe" FileSize = 132496 MD5=896e712a34d654a337c8cbb9deb07200
Name=ZoneAlarm Client Data="C:\Program\Zone Labs\ZoneAlarm\zlclient.exe" FileSize = 919280 MD5=3e1731c55f77d150791d4c7e87ad4e5c
Name=ATICCC Data="C:\Program\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay FileSize = 45056 MD5=64c4c17bf6a40ff1cd21205e6fd415b8
Name=NeroFilterCheck Data=C:\WINDOWS\system32\NeroCheck.exe FileSize = 155648 MD5=c93ab037a8c792d5f8a1a9fc88a7c7c5
Name=KernelFaultCheck Data=%systemroot%\system32\dumprep 0 -k FileSize = MD5=
Name=TrojanScanner Data=C:\Program\Trojan Remover\Trjscan.exe FileSize = 470096 MD5=861e856ac170c266d88c71d58695e3c5
Name=SpyHunter Data=C:\Program\Enigma Software Group\SpyHunter\SpyHunter.exe
FileSize = 2693248 MD5=106556f40e0366b98ff715462aa3c3e5
<HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUNONCEEX>
<HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUNONCE>
<HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN>
Name=MSMSGS Data="C:\Program\Messenger\msmsgs.exe" /background FileSize = 1694208 MD5=74e6e96c6f0e2eca4edbb7f7a468f259
Name=ctfmon.exe Data=C:\WINDOWS\system32\ctfmon.exe FileSize = 15360 MD5=febe82a289a6645e26b27f3a0a4d2b84
Name=YSearchProtection Data=C:\Program\Yahoo!\Search Protection\SearchProtection.exe
FileSize = 224248 MD5=b426580cb595d54cedf222a0e5c1ae54
<HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUNONCE>
<HKEY_USERS\.DEFAULT\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN>
<HKEY_USERS\.DEFAULT\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUNONCE>
Name=SetDefaultMidi Data=MIDIDEF.EXE FileSize = 49152 MD5=21d25ed782720280391b5bbc2fbafc8a
Name=PlayCenter2 Data="C:\Program\Creative\SBAudigy\PlayCenter2\MDEntry.EXE" "C:\Program\Creative\SBAudigy\PlayCenter2"
FileSize = MD5=********************************
<HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWSNT\CURRENTVERSION\WINDOWS\APPINIT_DLLS>
<HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\EXPLORER\RUN>
<HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWSNT\CURRENTVERSION\WINLOGON\SHELL>
Explorer.exe FileSize = 1033728 MD5=96d1dde74e550113d2fcb97c8a4c43cb
<HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWSNT\CURRENTVERSION\WINLOGON\USERINIT>
C:\WINDOWS\system32\userinit.exe, FileSize = 24576 MD5=452202227d7a5020d058d49106c0b872
#############################FILE MD5 DATA#############################
<C:\Documents and Settings\Ägaren\Start-meny\Program\Autostart>
File Path = C:\Documents and Settings\Ägaren\Start-meny\Program\Autostart\desktop.ini File Size = 4096 md5=d6a6856702e3f0953e7246a9b4a9fe35
#############################SERVICES DATA#############################
Service Name = aawservice Service Display Name = Ad-Aware 2007 Service Opened = YES Status = Running Query = SUCCESS Service Type = 272 Service Start Type = 2 Service Error Control = 0 Service Binary Path = "C:\Program\Lavasoft\Ad-Aware 2007\aawservice.exe" Binary Size = 0 Binary MD5 =
Service Name = ALG Service Display Name = Application Layer Gateway Service Opened = YES Status = Running Query = SUCCESS Service Type = 16 Service Start Type = 3 Service Error Control = 1 Service Binary Path = C:\WINDOWS\System32\alg.exe Binary Size = 44544 Binary MD5 = 674ad0546272f9adb8028b9ca0d0658f
Service Name = Ati HotKey Poller Service Display Name = Ati HotKey Poller Opened = YES Status = Running Query = SUCCESS Service Type = 272 Service Start Type = 2 Service Error Control = 1 Service Binary Path = C:\WINDOWS\system32\Ati2evxx.exe Binary Size = 405504 Binary MD5 = c4b5144443a368741e6427faa44c5491
Service Name = AudioSrv Service Display Name = Windows Audio Opened = YES Status = Running Query = SUCCESS Service Type = 32 Service Start Type = 2 Service Error Control = 1 Service Binary Path = C:\WINDOWS\System32\svchost.exe -k netsvcs Binary Size = 0 Binary MD5 =
Service Name = Browser Service Display Name = Computer Browser Opened = YES Status = Running Query = SUCCESS Service Type = 32 Service Start Type = 2 Service Error Control = 1 Service Binary Path = C:\WINDOWS\System32\svchost.exe -k netsvcs Binary Size = 0 Binary MD5 =
Service Name = ccEvtMgr Service Display Name = Symantec Event Manager Opened = YES Status = Running Query = SUCCESS Service Type = 16 Service Start Type = 2 Service Error Control = 0 Service Binary Path = "C:\Program\Delade filer\Symantec Shared\ccEvtMgr.exe" Binary Size = 0 Binary MD5 =
Service Name = Creative Service for CDROM Access Service Display Name = Creative Service for CDROM Access Opened = YES Status = Running Query = SUCCESS Service Type = 16 Service Start Type = 2 Service Error Control = 1 Service Binary Path = C:\WINDOWS\System32\CTsvcCDA.exe Binary Size = 44032 Binary MD5 = 3c8b6609712f4ff78e521f6dcfc4032b
Service Name = CryptSvc Service Display Name = Cryptographic Services Opened = YES Status = Running Query = SUCCESS Service Type = 32 Service Start Type = 2 Service Error Control = 1 Service Binary Path = C:\WINDOWS\system32\svchost.exe -k netsvcs Binary Size = 0 Binary MD5 =
Service Name = DcomLaunch Service Display Name = DCOM Server Process Launcher Opened = YES Status = Running Query = SUCCESS Service Type = 32 Service Start Type = 2 Service Error Control = 1 Service Binary Path = C:\WINDOWS\system32\svchost -k DcomLaunch Binary Size = 0 Binary MD5 =
Service Name = Dhcp Service Display Name = DHCP Client Opened = YES Status = Running Query = SUCCESS Service Type = 32 Service Start Type = 2 Service Error Control = 1 Service Binary Path = C:\WINDOWS\System32\svchost.exe -k netsvcs Binary Size = 0 Binary MD5 =
Service Name = Dnscache Service Display Name = DNS Client Opened = YES Status = Running Query = SUCCESS Service Type = 32 Service Start Type = 2 Service Error Control = 1 Service Binary Path = C:\WINDOWS\System32\svchost.exe -k NetworkService Binary Size = 0 Binary MD5 =
Service Name = ERSvc Service Display Name = Error Reporting Service Opened = YES Status = Running Query = SUCCESS Service Type = 32 Service Start Type = 2 Service Error Control = 0 Service Binary Path = C:\WINDOWS\System32\svchost.exe -k netsvcs Binary Size = 0 Binary MD5 =
Service Name = Eventlog Service Display Name = Event Log Opened = YES Status = Running Query = SUCCESS Service Type = 32 Service Start Type = 2 Service Error Control = 1 Service Binary Path = C:\WINDOWS\system32\services.exe Binary Size = 108032 Binary MD5 = 0df00535e2f5aefaead3a800f75137af
Service Name = EventSystem Service Display Name = COM+ Event System Opened = YES Status = Running Query = SUCCESS Service Type = 32 Service Start Type = 3 Service Error Control = 1 Service Binary Path = C:\WINDOWS\System32\svchost.exe -k netsvcs Binary Size = 0 Binary MD5 =
Service Name = FastUserSwitchingCompatibility Service Display Name = Fast User Switching Compatibility Opened = YES Status = Running Query = SUCCESS Service Type = 32 Service Start Type = 3 Service Error Control = 1 Service Binary Path = C:\WINDOWS\System32\svchost.exe -k netsvcs Binary Size = 0 Binary MD5 =
Service Name = helpsvc Service Display Name = Help and Support Opened = YES Status = Running Query = SUCCESS Service Type = 32 Service Start Type = 2 Service Error Control = 1 Service Binary Path = C:\WINDOWS\System32\svchost.exe -k netsvcs Binary Size = 0 Binary MD5 =
Service Name = lanmanserver Service Display Name = Server Opened = YES Status = Running Query = SUCCESS Service Type = 32 Service Start Type = 2 Service Error Control = 1 Service Binary Path = C:\WINDOWS\System32\svchost.exe -k netsvcs Binary Size = 0 Binary MD5 =
Service Name = lanmanworkstation Service Display Name = Workstation Opened = YES Status = Running Query = SUCCESS Service Type = 32 Service Start Type = 2 Service Error Control = 1 Service Binary Path = C:\WINDOWS\System32\svchost.exe -k netsvcs Binary Size = 0 Binary MD5 =
Service Name = LmHosts Service Display Name = TCP/IP NetBIOS Helper Opened = YES Status = Running Query = SUCCESS Service Type = 32 Service Start Type = 2 Service Error Control = 1 Service Binary Path = C:\WINDOWS\System32\svchost.exe -k LocalService Binary Size = 0 Binary MD5 =
Service Name = MDM Service Display Name = Machine Debug Manager Opened = YES Status = Running Query = SUCCESS Service Type = 272 Service Start Type = 2 Service Error Control = 1 Service Binary Path = "C:\Program\Delade filer\Microsoft Shared\VS7Debug\mdm.exe" Binary Size = 0 Binary MD5 =
Service Name = navapsvc Service Display Name = Norton AntiVirus Auto Protect Service Opened = YES Status = Running Query = SUCCESS Service Type = 16 Service Start Type = 2 Service Error Control = 1 Service Binary Path = c:\Program\Norton AntiVirus\navapsvc.exe Binary Size = 116344 Binary MD5 = 81af14f7143364aa48179ab92766242b
Service Name = Netman Service Display Name = Network Connections Opened = YES Status = Running Query = SUCCESS Service Type = 288 Service Start Type = 3 Service Error Control = 1 Service Binary Path = C:\WINDOWS\System32\svchost.exe -k netsvcs Binary Size = 0 Binary MD5 =
Service Name = Nla Service Display Name = Network Location Awareness (NLA) Opened = YES Status = Running Query = SUCCESS Service Type = 32 Service Start Type = 3 Service Error Control = 1 Service Binary Path = C:\WINDOWS\System32\svchost.exe -k netsvcs Binary Size = 0 Binary MD5 =
Service Name = PlugPlay Service Display Name = Plug and Play Opened = YES Status = Running Query = SUCCESS Service Type = 32 Service Start Type = 2 Service Error Control = 1 Service Binary Path = C:\WINDOWS\system32\services.exe Binary Size = 108032 Binary MD5 = 0df00535e2f5aefaead3a800f75137af
Service Name = PolicyAgent Service Display Name = IPSEC Services Opened = YES Status = Running Query = SUCCESS Service Type = 32 Service Start Type = 2 Service Error Control = 1 Service Binary Path = C:\WINDOWS\System32\lsass.exe Binary Size = 13312 Binary MD5 = ba428312d9a0726e4c07c2037e882520
Service Name = ProtectedStorage Service Display Name = Protected Storage Opened = YES Status = Running Query = SUCCESS Service Type = 288 Service Start Type = 2 Service Error Control = 1 Service Binary Path = C:\WINDOWS\system32\lsass.exe Binary Size = 13312 Binary MD5 = ba428312d9a0726e4c07c2037e882520
Service Name = RasMan Service Display Name = Remote Access Connection Manager Opened = YES Status = Running Query = SUCCESS Service Type = 32 Service Start Type = 3 Service Error Control = 1 Service Binary Path = C:\WINDOWS\System32\svchost.exe -k netsvcs Binary Size = 0 Binary MD5 =
Service Name = RpcSs Service Display Name = Remote Procedure Call (RPC) Opened = YES Status = Running Query = SUCCESS Service Type = 32 Service Start Type = 2 Service Error Control = 1 Service Binary Path = C:\WINDOWS\system32\svchost -k rpcss Binary Size = 0 Binary MD5 =
Service Name = SamSs Service Display Name = Security Accounts Manager Opened = YES Status = Running Query = SUCCESS Service Type = 32 Service Start Type = 2 Service Error Control = 1 Service Binary Path = C:\WINDOWS\system32\lsass.exe Binary Size = 13312 Binary MD5 = ba428312d9a0726e4c07c2037e882520
Service Name = Schedule Service Display Name = Task Scheduler Opened = YES Status = Running Query = SUCCESS Service Type = 288 Service Start Type = 2 Service Error Control = 1 Service Binary Path = C:\WINDOWS\System32\svchost.exe -k netsvcs Binary Size = 0 Binary MD5 =
Service Name = seclogon Service Display Name = Secondary Logon Service Opened = YES Status = Running Query = SUCCESS Service Type = 288 Service Start Type = 2 Service Error Control = 0 Service Binary Path = C:\WINDOWS\System32\svchost.exe -k netsvcs Binary Size = 0 Binary MD5 =
Service Name = SENS Service Display Name = System Event Notification Opened = YES Status = Running Query = SUCCESS Service Type = 32 Service Start Type = 2 Service Error Control = 1 Service Binary Path = C:\WINDOWS\system32\svchost.exe -k netsvcs Binary Size = 0 Binary MD5 =
Service Name = SharedAccess Service Display Name = Windows Firewall/Internet Connection Sharing (ICS) Opened = YES Status = Running Query = SUCCESS Service Type = 32 Service Start Type = 2 Service Error Control = 1 Service Binary Path = C:\WINDOWS\System32\svchost.exe -k netsvcs Binary Size = 0 Binary MD5 =
Service Name = ShellHWDetection Service Display Name = Shell Hardware Detection Opened = YES Status = Running Query = SUCCESS Service Type = 32 Service Start Type = 2 Service Error Control = 0 Service Binary Path = C:\WINDOWS\System32\svchost.exe -k netsvcs Binary Size = 0 Binary MD5 =
Service Name = Spooler Service Display Name = Print Spooler Opened = YES Status = Running Query = SUCCESS Service Type = 272 Service Start Type = 2 Service Error Control = 1 Service Binary Path = C:\WINDOWS\system32\spoolsv.exe Binary Size = 57856 Binary MD5 = da81ec57acd4cdc3d4c51cf3d409af9f
Service Name = srservice Service Display Name = System Restore Service Opened = YES Status = Running Query = SUCCESS Service Type = 32 Service Start Type = 2 Service Error Control = 1 Service Binary Path = C:\WINDOWS\System32\svchost.exe -k netsvcs Binary Size = 0 Binary MD5 =
Service Name = SSDPSRV Service Display Name = SSDP Discovery Service Opened = YES Status = Running Query = SUCCESS Service Type = 32 Service Start Type = 3 Service Error Control = 1 Service Binary Path = C:\WINDOWS\System32\svchost.exe -k LocalService Binary Size = 0 Binary MD5 =
Service Name = stisvc Service Display Name = WIA (Windows Image Acquisition) Opened = YES Status = Running Query = SUCCESS Service Type = 32 Service Start Type = 2 Service Error Control = 1 Service Binary Path = C:\WINDOWS\System32\svchost.exe -k imgsvc Binary Size = 0 Binary MD5 =
Service Name = TapiSrv Service Display Name = Telephony Opened = YES Status = Running Query = SUCCESS Service Type = 32 Service Start Type = 3 Service Error Control = 1 Service Binary Path = C:\WINDOWS\System32\svchost.exe -k netsvcs Binary Size = 0 Binary MD5 =
Service Name = TermService Service Display Name = Terminal Services Opened = YES Status = Running Query = SUCCESS Service Type = 32 Service Start Type = 3 Service Error Control = 1 Service Binary Path = C:\WINDOWS\System32\svchost -k DComLaunch Binary Size = 0 Binary MD5 =
Service Name = Themes Service Display Name = Themes Opened = YES Status = Running Query = SUCCESS Service Type = 32 Service Start Type = 2 Service Error Control = 1 Service Binary Path = C:\WINDOWS\System32\svchost.exe -k netsvcs Binary Size = 0 Binary MD5 =
Service Name = TrkWks Service Display Name = Distributed Link Tracking Client Opened = YES Status = Running Query = SUCCESS Service Type = 32 Service Start Type = 2 Service Error Control = 1 Service Binary Path = C:\WINDOWS\system32\svchost.exe -k netsvcs Binary Size = 0 Binary MD5 =
Service Name = vsmon Service Display Name = TrueVector Internet Monitor Opened = YES Status = Running Query = SUCCESS Service Type = 272 Service Start Type = 2 Service Error Control = 1 Service Binary Path = C:\WINDOWS\system32\ZoneLabs\vsmon.exe -service Binary Size = 0 Binary MD5 =
Service Name = W32Time Service Display Name = Windows Time Opened = YES Status = Running Query = SUCCESS Service Type = 32 Service Start Type = 2 Service Error Control = 1 Service Binary Path = C:\WINDOWS\System32\svchost.exe -k netsvcs Binary Size = 0 Binary MD5 =
Service Name = WebClient Service Display Name = WebClient Opened = YES Status = Running Query = SUCCESS Service Type = 32 Service Start Type = 2 Service Error Control = 1 Service Binary Path = C:\WINDOWS\System32\svchost.exe -k LocalService Binary Size = 0 Binary MD5 =
Service Name = winmgmt Service Display Name = Windows Management Instrumentation Opened = YES Status = Running Query = SUCCESS Service Type = 32 Service Start Type = 2 Service Error Control = 0 Service Binary Path = C:\WINDOWS\system32\svchost.exe -k netsvcs Binary Size = 0 Binary MD5 =
Service Name = WMDM PMSP Service Service Display Name = WMDM PMSP Service Opened = YES Status = Running Query = SUCCESS Service Type = 16 Service Start Type = 2 Service Error Control = 1 Service Binary Path = C:\WINDOWS\System32\MsPMSPSv.exe Binary Size = 53520 Binary MD5 = 581176f60885aef8f78c6e38dcc3cdf9
Service Name = wscsvc Service Display Name = Security Center Opened = YES Status = Running Query = SUCCESS Service Type = 32 Service Start Type = 2 Service Error Control = 1 Service Binary Path = C:\WINDOWS\System32\svchost.exe -k netsvcs Binary Size = 0 Binary MD5 =
Service Name = wuauserv Service Display Name = Automatiska uppdateringar Opened = YES Status = Running Query = SUCCESS Service Type = 32 Service Start Type = 2 Service Error Control = 1 Service Binary Path = C:\WINDOWS\system32\svchost.exe -k netsvcs Binary Size = 0 Binary MD5 =
Service Name = WZCSVC Service Display Name = Wireless Zero Configuration Opened = YES Status = Running Query = SUCCESS Service Type = 32 Service Start Type = 2 Service Error Control = 1 Service Binary Path = C:\WINDOWS\System32\svchost.exe -k netsvcs Binary Size = 0 Binary MD5 =
#############################WINLOGON DATA#############################
<HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWSNT\CURRENTVERSION\WINLOGON\NOTIFY>
Subkey Name = Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent Filepath = C:\WINDOWS\system32\Ati2evxx.dll File Size = 61440 File MD5 = 8b2f44c23bf09904e73d6e060a1dfd90
Subkey Name = Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain Filepath = C:\WINDOWS\system32\crypt32.dll File Size = 600576 File MD5 = 20176d9c3b1efcc7a4483a691f1a1ef2
Subkey Name = Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet Filepath = C:\WINDOWS\system32\cryptnet.dll File Size = 63488 File MD5 = 509927af34b0d25837e2d9b4ecf3fc06
Subkey Name = Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll Filepath = C:\WINDOWS\system32\cscdll.dll File Size = 101888 File MD5 = eba4bffaf08c36b8b8ed677de3ca59c0
Subkey Name = Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui Filepath = C:\WINDOWS\system32\igfxsrvc.dll File Size = 315392 File MD5 = 61f0a42d45d401a5d3fef374d03f5179
Subkey Name = Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp Filepath = C:\WINDOWS\system32\wlnotify.dll File Size = 93184 File MD5 = 1caa768ca61c151e5ffc2a6e2e1877af
Subkey Name = Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule Filepath = C:\WINDOWS\system32\wlnotify.dll File Size = 93184 File MD5 = 1caa768ca61c151e5ffc2a6e2e1877af
Subkey Name = Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy Filepath = C:\WINDOWS\system32\sclgntfy.dll File Size = 22016 File MD5 = 8b70976fc6ed09797e1a1291d3805518
Subkey Name = Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn Filepath = C:\WINDOWS\system32\WlNotify.dll File Size = 93184 File MD5 = 1caa768ca61c151e5ffc2a6e2e1877af
Subkey Name = Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv Filepath = C:\WINDOWS\system32\wlnotify.dll File Size = 93184 File MD5 = 1caa768ca61c151e5ffc2a6e2e1877af
Subkey Name = Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon Filepath = C:\WINDOWS\system32\WgaLogon.dll File Size = 236928 File MD5 = 190eac13ebe017a588043011ca3e3dbe
Subkey Name = Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon Filepath = C:\WINDOWS\system32\wlnotify.dll File Size = 93184 File MD5 = 1caa768ca61c151e5ffc2a6e2e1877af
##########################BROWSER ADD-ON DATA##########################
<HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar>
CLSID = {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} FilePath = c:\Program\Norton AntiVirus\NavShExt.dll File Size = 112248 File MD5 = 9e12604767096103c2a4051735ba22ab Description = Norton AntiVirus
CLSID = {2318C2B1-4965-11d4-9B18-009027A5CD4F} FilePath = c:\program\google\googletoolbar2.dll File Size = 2403392 File MD5 = 6319f2d4708dbcae37cfa03da10782c0 Description = 0
CLSID = {EF99BD32-C1FB-11D2-892F-0090271D4F88} FilePath = C:\Program\Yahoo!\Companion\Installs\cpn\yt.dll File Size = 808472 File MD5 = 10555a800613c8613af53fad54f1c23f Description = 0
<HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Explorer Bars>
CLSID = {4D5C8C25-D075-11d0-B416-00C04FB90376} FilePath = C:\WINDOWS\System32\shdocvw.dll File Size = 1497088 File MD5 = 559b2d22a1ee947a7eaed530c7ff9320
<HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars>
CLSID = {32683183-48a0-441b-a342-7c2a440a9478} FilePath = File Size = 0 File MD5 =
<HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects>
CLSID = {02478D38-C3F9-4efb-9B51-7695ECA05670} FilePath = C:\Program\Yahoo!\Companion\Installs\cpn\yt.dll File Size = 808472 File MD5 = 10555a800613c8613af53fad54f1c23f
CLSID = {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} FilePath = C:\Program\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx File Size = 37808 File MD5 = 8394abfc1be196a62c9f532511936df7
CLSID = {22BF413B-C6D2-4d91-82A9-A0F997BA588C} FilePath = C:\Program\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll File Size = 1062184 File MD5 = 666babcd255c9a6a616e6c3c46fa7ec0
CLSID = {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} FilePath = C:\Program\Java\jre1.6.0_02\bin\ssv.dll File Size = 501136 File MD5 = d6137540bdf0f9f9b9055c60add8007a
CLSID = {AA58ED58-01DD-4d91-8333-CF10577473F7} FilePath = c:\program\google\googletoolbar2.dll File Size = 2403392 File MD5 = 6319f2d4708dbcae37cfa03da10782c0
CLSID = {BDF3E430-B101-42AD-A544-FADC6B084872} FilePath = c:\Program\Norton AntiVirus\NavShExt.dll File Size = 112248 File MD5 = 9e12604767096103c2a4051735ba22ab
<HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Extensions>
CLSID = {08B0E5C0-4FCB-11CF-AAA5-00401C608501} FilePath = C:\WINDOWS\System32\msjava.dll File Size = 947472 File MD5 = e75aa32c6b79c846f5314ca4da92f29e
CLSID = {77BF5300-1474-4EC7-9980-D32B190E9B07} FilePath = C:\Program\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll File Size = 1062184 File MD5 = 666babcd255c9a6a616e6c3c46fa7ec0
CLSID = {e2e2dd38-d088-4134-82b7-f2ba38496583} FilePath = File Size = 0 File MD5 =
CLSID = {FB5F1910-F110-11d2-BB9E-00C04F795683} FilePath = File Size = 0 File MD5 =
<HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions>
CLSID = CmdMapping FilePath = File Size = 0 File MD5 =
<HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks>
CLSID = {CFBFAE00-17A6-11D0-99CB-00C04FD64497} FilePath = C:\WINDOWS\system32\ieframe.dll File Size = 6058496 File MD5 = 58500a5eb0c0663dc24b9dd461d194a8 Description =
CLSID = {EF99BD32-C1FB-11D2-892F-0090271D4F88} FilePath = C:\Program\Yahoo!\Companion\Installs\cpn\yt.dll File Size = 808472 File MD5 = 10555a800613c8613af53fad54f1c23f Description =
<HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler>
CLSID = {438755C2-A8BA-11D1-B96B-00A0C90312E1} FilePath = C:\WINDOWS\System32\browseui.dll File Size = 1022976 File MD5 = b99ff349bf53bd91fbddcd6b1ede8980 Description = Browseui preloader
CLSID = {8C7461EF-2B13-11d2-BE35-3078302C2030} FilePath = C:\WINDOWS\System32\browseui.dll File Size = 1022976 File MD5 = b99ff349bf53bd91fbddcd6b1ede8980 Description = Component Categories cache daemon
##########################LSP CHAIN DATA##########################
<HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\WINSOCK2\PARAMETERS>
Sequence Num = SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000001 Filepath = C:\WINDOWS\system32\mswsock.dll File Size = 247296 File MD5 = 85d58e28d38f3e3b6e6c6912bfb9562d
Sequence Num = SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000002 Filepath = C:\WINDOWS\system32\mswsock.dll File Size = 247296 File MD5 = 85d58e28d38f3e3b6e6c6912bfb9562d
Sequence Num = SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000003 Filepath = C:\WINDOWS\system32\mswsock.dll File Size = 247296 File MD5 = 85d58e28d38f3e3b6e6c6912bfb9562d
Sequence Num = SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000004 Filepath = C:\WINDOWS\system32\rsvpsp.dll File Size = 90112 File MD5 = c4ddf85260ae124288f1f4d5a4fc852e
Sequence Num = SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000005 Filepath = C:\WINDOWS\system32\rsvpsp.dll File Size = 90112 File MD5 = c4ddf85260ae124288f1f4d5a4fc852e
Sequence Num = SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000006 Filepath = C:\WINDOWS\system32\mswsock.dll File Size = 247296 File MD5 = 85d58e28d38f3e3b6e6c6912bfb9562d
Sequence Num = SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000007 Filepath = C:\WINDOWS\system32\mswsock.dll File Size = 247296 File MD5 = 85d58e28d38f3e3b6e6c6912bfb9562d
Sequence Num = SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000008 Filepath = C:\WINDOWS\system32\mswsock.dll File Size = 247296 File MD5 = 85d58e28d38f3e3b6e6c6912bfb9562d
Sequence Num = SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000009 Filepath = C:\WINDOWS\system32\mswsock.dll File Size = 247296 File MD5 = 85d58e28d38f3e3b6e6c6912bfb9562d
Sequence Num = SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000010 Filepath = C:\WINDOWS\system32\mswsock.dll File Size = 247296 File MD5 = 85d58e28d38f3e3b6e6c6912bfb9562d
Sequence Num = SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000011 Filepath = C:\WINDOWS\system32\mswsock.dll File Size = 247296 File MD5 = 85d58e28d38f3e3b6e6c6912bfb9562d
Sequence Num = SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000012 Filepath = C:\WINDOWS\system32\mswsock.dll File Size = 247296 File MD5 = 85d58e28d38f3e3b6e6c6912bfb9562d
Sequence Num = SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000013 Filepath = C:\WINDOWS\system32\mswsock.dll File Size = 247296 File MD5 = 85d58e28d38f3e3b6e6c6912bfb9562d
Sequence Num = SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000014 Filepath = C:\WINDOWS\system32\mswsock.dll File Size = 247296 File MD5 = 85d58e28d38f3e3b6e6c6912bfb9562d
Sequence Num = SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000015 Filepath = C:\WINDOWS\system32\mswsock.dll File Size = 247296 File MD5 = 85d58e28d38f3e3b6e6c6912bfb9562d
##########################UNINSTALL DATA##########################
<HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL>
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\AC3Filter DisplayName = AC3Filter (remove only)
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\Ad-aware 6 Personal DisplayName = Ad-aware 6 Personal
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\AddressBook
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\Adobe Acrobat 5.0 DisplayName = Adobe Acrobat 5.0 InstallLocation = C:\Program\Adobe\Acrobat 5.0
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\All ATI Software DisplayName = ATI - Hjälp för avinstallation av program InstallLocation = C:\Program\ATI Technologies\UninstallAll
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\Anti Trojan Elite_is1 DisplayName = Anti Trojan Elite 3.8.4 InstallLocation = C:\Program\Anti Trojan Elite\
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\Antivirus Protection DisplayName = Antivirus Protection 3.0.0
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\ATI Display Driver DisplayName = ATI Display Driver
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\AudioHQ
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\BSPlayer DisplayName = BSPlayer (remove only)
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\BSPlayer1 DisplayName = BSPlayer
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\CamModul DisplayName = CamModul
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\Connection Manager
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\Cool's_Codec_pack_4.12 DisplayName = Codec Pack - All In 1 6.0.3.0
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\Creative Driver DisplayName = Creative Driver
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\Creative PlayCenter 2.0
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\Creative Recorder
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\Creative Restore Defaults
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\Creative Surround Mixer 2
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\Creative WaveStudio
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\DC++ DisplayName = DC++ 0.699 InstallLocation = C:\Program\DC++
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\Diagnostics2
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\DirectAnimation
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\DirectDrawEx
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\DivX Codec DisplayName = DivX Pro Codec
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\DXM_Runtime
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\Far Cry DisplayName = Far Cry
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\ffdshow_is1 DisplayName = ffdshow [rev 1370] [2007-07-22] InstallLocation = C:\WINDOWS\system32\
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\Fontcore
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\HijackThis DisplayName = HijackThis 2.0.0
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\Hollywood FX 4.6 DisplayName = Pinnacle Hollywood FX 4.6
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\hp deskjet 5550 series DisplayName = hp deskjet 5550 series - Avinstallation
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\hp print screen utility DisplayName = hp print screen utility
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\ICW
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\IDNMitigationAPIs DisplayName = Microsoft Internationalized Domain Names Mitigation APIs
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\IE40
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\IE4Data
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\IE5BAKEX
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\ie7 DisplayName = Windows Internet Explorer 7
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\IEData
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB873339 DisplayName = Windows XP Hotfix - KB873339
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB884016
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB884267
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB885353
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB885835 DisplayName = Windows XP Hotfix - KB885835
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB885836 DisplayName = Windows XP Hotfix - KB885836
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB885884 DisplayName = Windows XP Hotfix - KB885884
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB886185 DisplayName = Windows XP Hotfix - KB886185
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB886612
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB887078
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB887472 DisplayName = Windows XP Hotfix - KB887472
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB887626
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB888302 DisplayName = Windows XP Hotfix - KB888302
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB888656
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB889858
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB890046 DisplayName = Säkerhetsuppdatering för Windows XP (KB890046)
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB890859 DisplayName = Windows XP Hotfix - KB890859
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB891122
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB891781 DisplayName = Windows XP Hotfix - KB891781
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB892130 DisplayName = Windows Genuine Advantage Validation Tool (KB892130)
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB892313
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB893240
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB893241
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB893756 DisplayName = Säkerhetsuppdatering för Windows XP (KB893756)
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB893803
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB893803v2 DisplayName = Windows Installer 3.1 (KB893803)
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB895181
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB895316
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB895572
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB896358 DisplayName = Säkerhetsuppdatering för Windows XP (KB896358-)
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB896423 DisplayName = Säkerhetsuppdatering för Windows XP (KB896423)
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB896424 DisplayName = Säkerhetsuppdatering för Windows XP (KB896424)
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB896428 DisplayName = Säkerhetsuppdatering för Windows XP (KB896428-)
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB897586
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB898458 DisplayName = Säkerhetsuppdatering för Step by Step Interactive Training (KB898458-)
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB898461 DisplayName = Uppdatering för Windows XP (KB898461)
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB898549
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB899587 DisplayName = Säkerhetsuppdatering för Windows XP (KB899587)
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB899591 DisplayName = Säkerhetsuppdatering för Windows XP (KB899591)
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB900399
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB900485 DisplayName = Uppdatering för Windows XP (KB900485)
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB900725 DisplayName = Säkerhetsuppdatering för Windows XP (KB900725)
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB901017 DisplayName = Säkerhetsuppdatering för Windows XP (KB901017)
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB901214 DisplayName = Säkerhetsuppdatering för Windows XP (KB901214)
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB902344
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB902400 DisplayName = Säkerhetsuppdatering för Windows XP (KB902400)
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB904706 DisplayName = Säkerhetsuppdatering för Windows XP (KB904706)
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB904942 DisplayName = Uppdatering för Windows XP (KB904942)
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB905414 DisplayName = Säkerhetsuppdatering för Windows XP (KB905414)
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB905749 DisplayName = Säkerhetsuppdatering för Windows XP (KB905749)
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB907658
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB908519 DisplayName = Säkerhetsuppdatering för Windows XP (KB908519)
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB908531 DisplayName = Uppdatering för Windows XP (KB908531)
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB910437 DisplayName = Uppdatering för Windows XP (KB910437)
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB911280 DisplayName = Uppdatering för Windows XP (KB911280)
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB911562 DisplayName = Säkerhetsuppdatering för Windows XP (KB911562)
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB911564 DisplayName = Säkerhetsuppdatering för Windows Media Player (KB911564)
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB911565
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB911854
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB911927 DisplayName = Säkerhetsuppdatering för Windows XP (KB911927)
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB912919 DisplayName = Säkerhetsuppdatering för Windows XP (KB912919)
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB913580 DisplayName = Säkerhetsuppdatering för Windows XP (KB913580)
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB914388 DisplayName = Säkerhetsuppdatering för Windows XP (KB914388-)
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB914389 DisplayName = Säkerhetsuppdatering för Windows XP (KB914389)
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB914440 DisplayName = Snabbkorrigering för Windows XP (KB914440)
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB915865 DisplayName = Hotfix for Windows XP (KB915865)
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB916595 DisplayName = Uppdatering för Windows XP (KB916595)
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB917344 DisplayName = Säkerhetsuppdatering för Windows XP (KB917344)
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB917422 DisplayName = Säkerhetsuppdatering för Windows XP (KB917422)
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB917734_WMP8 DisplayName = Säkerhetsuppdatering för Windows Media Player 8 (KB917734)
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB917734_WMP9 DisplayName = Säkerhetsuppdatering för Windows Media Player 9 (KB917734)
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB917953 DisplayName = Säkerhetsuppdatering för Windows XP (KB917953)
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB918118 DisplayName = Säkerhetsuppdatering för Windows XP (KB918118-)
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB919007 DisplayName = Säkerhetsuppdatering för Windows XP (KB919007)
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB920213 DisplayName = Säkerhetsuppdatering för Windows XP (KB920213)
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB920670 DisplayName = Säkerhetsuppdatering för Windows XP (KB920670)
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB920683 DisplayName = Säkerhetsuppdatering för Windows XP (KB920683)
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB920685 DisplayName = Säkerhetsuppdatering för Windows XP (KB920685)
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB920872 DisplayName = Uppdatering för Windows XP (KB920872)
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB921398 DisplayName = Säkerhetsuppdatering för Windows XP (KB921398-)
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB921503 DisplayName = Säkerhetsuppdatering för Windows XP (KB921503)
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB921883 DisplayName = Säkerhetsuppdatering för Windows XP (KB921883)
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB922582 DisplayName = Uppdatering för Windows XP (KB922582)
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB922616 DisplayName = Säkerhetsuppdatering för Windows XP (KB922616)
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB922819 DisplayName = Säkerhetsuppdatering för Windows XP (KB922819)
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB923191 DisplayName = Säkerhetsuppdatering för Windows XP (KB923191)
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB923414 DisplayName = Säkerhetsuppdatering för Windows XP (KB923414)
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB923689 DisplayName = Säkerhetsuppdatering för Windows XP (KB923689)
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB923723 DisplayName = Säkerhetsuppdatering för Step by Step Interactive Training (KB923723)
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB923980 DisplayName = Säkerhetsuppdatering för Windows XP (KB923980)
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB924191 DisplayName = Säkerhetsuppdatering för Windows XP (KB924191)
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB924270 DisplayName = Säkerhetsuppdatering för Windows XP (KB924270)
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB924496 DisplayName = Säkerhetsuppdatering för Windows XP (KB924496)
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB924667 DisplayName = Säkerhetsuppdatering för Windows XP (KB924667)
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB925398_WMP64 DisplayName = Säkerhetsuppdatering för Windows Media Player 6.4 (KB925398-)
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB925902 DisplayName = Säkerhetsuppdatering för Windows XP (KB925902)
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB926239 DisplayName = Hotfix for Windows XP (KB926239)
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB926255 DisplayName = Säkerhetsuppdatering för Windows XP (KB926255)
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB926436 DisplayName = Säkerhetsuppdatering för Windows XP (KB926436)
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB927779 DisplayName = Säkerhetsuppdatering för Windows XP (KB927779)
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB927802 DisplayName = Säkerhetsuppdatering för Windows XP (KB927802)
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB927891 DisplayName = Uppdatering för Windows XP (KB927891)
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB928255 DisplayName = Säkerhetsuppdatering för Windows XP (KB928255)
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB928843 DisplayName = Säkerhetsuppdatering för Windows XP (KB928843)
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB929123 DisplayName = Säkerhetsuppdatering för Windows XP (KB929123)
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB929399 DisplayName = Hotfix for Windows Media Format 11 SDK (KB929399)
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB929969 DisplayName = Säkerhetsuppdatering för Windows Internet Explorer 7 (KB929969)
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB930178 DisplayName = Säkerhetsuppdatering för Windows XP (KB930178-)
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB930916 DisplayName = Uppdatering för Windows XP (KB930916)
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB931261 DisplayName = Säkerhetsuppdatering för Windows XP (KB931261)
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB931784 DisplayName = Säkerhetsuppdatering för Windows XP (KB931784)
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB931836 DisplayName = Uppdatering för Windows XP (KB931836)
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB932168 DisplayName = Säkerhetsuppdatering för Windows XP (KB932168-)
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB933566 DisplayName = Säkerhetsuppdatering för Windows XP (KB933566)
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB933566-IE7
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB935839 DisplayName = Säkerhetsuppdatering för Windows XP (KB935839)
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB935840 DisplayName = Säkerhetsuppdatering för Windows XP (KB935840)
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB936021 DisplayName = Säkerhetsuppdatering för Windows XP (KB936021)
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB936357 DisplayName = Uppdatering för Windows XP (KB936357)
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB936782_WMP11 DisplayName = Säkerhetsuppdatering för Windows Media Player 11 (KB936782)
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB937143-IE7 DisplayName = Säkerhetsuppdatering för Windows Internet Explorer 7 (KB937143)
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB938127-IE7 DisplayName = Säkerhetsuppdatering för Windows Internet Explorer 7 (KB938127)
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB938828 DisplayName = Uppdatering för Windows XP (KB938828-)
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB938829 DisplayName = Säkerhetsuppdatering för Windows XP (KB938829)
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KBD DisplayName = KBD
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\LiveReg DisplayName = LiveReg (Symantec Corporation) InstallLocation = C:\Program\Delade filer\Symantec Shared\LiveReg
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\LiveUpdate DisplayName = LiveUpdate 1.80 (Symantec Corporation) InstallLocation = C:\Program\Symantec\LiveUpdate
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\M928366 DisplayName = Microsoft .NET Framework 1.1 Hotfix (KB928366)
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\M9283671053 DisplayName = Microsoft .NET Framework 1.0 Hotfix (KB928367)
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\MailFrontier Desktop
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\Microsoft Full v1.0.3705 (1053)
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\Microsoft .NET Framework 1.1 (1033) DisplayName = Microsoft .NET Framework 1.1
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\Microsoft .NET Framework Full v1.0.3705 (1053) DisplayName = Microsoft .NET Framework (Swedish) v1.0.3705
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\Microsoft Interactive Training
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\Microsoft NetShow Player 2.0
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\MobileOptionPack
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\MPlayer2
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\MSCompPackV1 DisplayName = Microsoft Compression Client Pack 1.0 for Windows XP
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\MSI30-Beta1
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\MSI30-Beta2
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\MSI30-KB884016
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\MSI30-RC1
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\MSI30-RC2
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\MSI30a-KB884016
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\MSI31-Beta
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\MSI31-RC1
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\MsJavaVM
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\MyCD.exe
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\Nero - Burning Rom!UninstallKey DisplayName = Nero OEM
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\NetMeeting
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\NLSDownlevelMapping DisplayName = Microsoft National Language Support Downlevel APIs
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\NVIDIA DisplayName = NVIDIA Windows 2000/XP Display Drivers
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\OutlookExpress
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\PCHealth
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\PS2 DisplayName = PS2
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\Python 2.2 combined Win32 extensions DisplayName = Python 2.2 combined Win32 extensions
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\Python 2.2.1 DisplayName = Python 2.2.1
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\Registry Mechanic_is1 DisplayName = Registry Mechanic 6.0 InstallLocation = C:\Program\Registry Mechanic\
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\S3Display DisplayName = S3Display
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\S3Gamma2 DisplayName = S3Gamma2
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\S3Info2 DisplayName = S3Info2
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\S3Overlay DisplayName = S3Overlay
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\SchedulingAgent
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\SGTRAY.EXE
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\ShockwaveFlash DisplayName = Adobe Flash Player 9 ActiveX
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\Sound Blaster Audigy
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\Sound Blaster Audigy Windows Drivers
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\T r o j a n R e m o v e r_is1 DisplayName = Trojan Remover 6.6.1 InstallLocation = C:\Program\Trojan Remover\
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\WGA DisplayName = Windows Genuine Advantage Validation Tool (KB892130)
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\WgaNotify DisplayName = Windows Genuine Advantage Notifications (KB905474)
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\Windows Media Format Runtime DisplayName = Windows Media Format 11 runtime
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\Windows Media Player DisplayName = Windows Media Player 11
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\Windows XP Service Pack DisplayName = Windows XP Service Pack 2
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\WinISO_is1 DisplayName = WinISO 5.3
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\WinRAR archiver DisplayName = WinRAR arhiver
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\WMCSetup
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\WMFDist11 DisplayName = Windows Media Format 11 runtime
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\wmp11 DisplayName = Windows Media Player 11
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\Wudf01000 DisplayName = Microsoft User-Mode Driver Framework Feature Pack 1.0
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\XP Codec Pack DisplayName = XP Codec Pack
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\XviD DisplayName = XviD MPEG-4 Codec
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\Yahoo! Anti-Spy DisplayName = Yahoo! Anti-Spy
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\Yahoo! Companion DisplayName = Yahoo! Toolbar
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\Yahoo! Search Defender DisplayName = Yahoo! Search Protection
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\Yahoo! Toolbar DisplayName = Yahoo! Toolbar
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\YInstHelper DisplayName = Yahoo! Install Manager
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\ZoneAlarm Security Suite DisplayName = ZoneAlarm Security Suite
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\{083F79E4-6FE9-46FB-A6C6-4F8862742947} DisplayName = ATI HYDRAVISION
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\{09DA4F91-2A09-4232-AB8C-6BC740096DE3} DisplayName = RecordNow Update Manager InstallLocation =
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\{0DCFC7D5-8608-478C-8082-1FF848B978AF} DisplayName = USB Storage RW
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\{0F6A7971-0F11-4A79-A0E9-133D0963A570} DisplayName = ISO Recorder InstallLocation =
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\{2318C2B1-4965-11d4-9B18-009027A5CD4F} DisplayName = Google Toolbar for Internet Explorer
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\{3248F0A8-6813-11D6-A77B-00B0D0160020} DisplayName = Java(TM) 6 Update 2 InstallLocation =
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\{350C941d-3D7C-4EE8-BAA9-00BCB3D54227} DisplayName = WebFldrs XP InstallLocation =
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\{435E969D-867E-4364-8E74-3DC8A69C5BDB}
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\{48E3A9E6-FA13-11D5-8CC9-00A0C98192B6}
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\{4C643986-DE3C-4737-8472-CCEC36CCC267} DisplayName = Studio Content CD InstallLocation = C:\Program\Pinnacle\Studio 8
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\{4EF69D40-4DC9-485E-95D3-B1C22F218FC8} DisplayName = upapp InstallLocation =
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\{53EF6570-21A4-47ED-A40A-E6470A5677A3} DisplayName = Studio 8
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\{54C8254E-D68E-490C-9126-57999F4B1BBF} DisplayName = Microsoft .NET Framework (Swedish) InstallLocation =
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\{58582977-44D2-44A0-A09B-031CC2AE5938}
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\{5C82DAE5-6EB0-4374-9254-BE3319BA4E82} DisplayName = Skype™ 3.2 InstallLocation = C:\Program\Skype\
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\{5E835305-63BB-4E55-BBB7-EEBBE67774DB} DisplayName = MyDVD
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\{8214CC02-6271-4DC8-B8DD-779933450264} DisplayName = RecordNow InstallLocation =
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\{8A708DD8-A5E6-11D4-A706-000629E95E20} DisplayName = Intel(R) Extreme Graphics Driver Software
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\{8D5D99B8-DFA2-4018-ADE9-A6B83E655C65} DisplayName =
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\{8D70145A-3BD3-4DBF-9CBF-223EF4A43257} DisplayName = ATI Parental Control & Encoder InstallLocation = C:\WINDOWS\system32\
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\{90AF041D-6000-11D3-8CFE-0150048383C9} DisplayName = Microsoft Office PowerPoint Viewer 2003 InstallLocation = C:\Program\Microsoft Office\
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\{9115E7DB-3B29-445A-802D-11E0AA945B7F} DisplayName = Sound Blaster Audigy
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\{911B041D-6000-11D3-8CFE-0050048383C9} DisplayName = Microsoft Word 2002 InstallLocation =
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\{94CFDD29-1CB2-4D89-A024-5E1E8DEF3072} DisplayName = ACDSee 3.1 SR-1 InstallLocation =
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\{98E8A2EF-4EAE-43B8-A172-74842B764777} DisplayName = InterVideo WinDVD Player InstallLocation = C:\Program\InterVideo\WinDVD4
Subkey

offline
  • Pridružio: 08 Okt 2003
  • Poruke: 63
  • Gde živiš: Sweden

...Ovo je nastavak...

Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\{9A4D2983-4662-4387-BE3D-4CFC2FA9C100}
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\{A731533B-B325-4D9C-91A4-D93C8E294C19}
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\{BDE90251-93EB-4F6A-89D8-086E2D91DC56} DisplayName = Coloreal
Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\{CB2F7EDD-9D


Eto,pa sad ako moze da pomogne...
Nista,meni ostaje samo da cekam da neko da neki predlog,a do tada pozdrav svima!!!
Laku noc

offline
  • DEMIAN  Male
  • Legendarni graðanin
  • IT Manager
  • Pridružio: 25 Mar 2005
  • Poruke: 3706
  • Gde živiš: The darkest place on earth..

Jel' možeš da zapišeš ili slikaš (screenshot) ime fajla koji je detektovan kao Vundo ?

PS: Nisi mi odgovorio na PP. Ajd' bitno je.. Smile

offline
  • Pridružio: 08 Okt 2003
  • Poruke: 63
  • Gde živiš: Sweden

Dobar dan!
Evo ovako: reinstalirao sam windows tako da vise nemam problem sa virusom ili sta je vec bilo... Uglavnom za sada sve radi normalno.
Za svaki slucaj evo HijackThis log:

Logfile of HijackThis v1.99.1
Scan saved at 16:09:12, on 2007-08-17
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\windows\system\hpsysdrv.exe
C:\Program\USB Storage RW\shwicon.exe
C:\HP\KBD\KBD.EXE
C:\Program\Delade filer\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\CTHELPER.EXE
c:\Program\Delade filer\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb06.exe
C:\Program\Messenger\msmsgs.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program\Yahoo!\Search Protection\SearchProtection.exe
c:\Program\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program\Internet Explorer\iexplore.exe
C:\Program\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
C:\Documents and Settings\Ägaren\Skrivbord\TR3.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = us.rd.yahoo.com/customize/ycomp/defaults/sb/*http://www.yahoo.com/search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = us.rd.yahoo.com/customize/ycomp/defaults/sp/*http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = us.rd.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program\Delade filer\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program\google\googletoolbar1.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - c:\Program\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program\google\googletoolbar1.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [KYE_Showicon] "C:\Program\USB Storage RW\shwicon.exe" -t"KYE\USB Storage RW"
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [StorageGuard] "C:\Program\VERITAS Software\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [WCOLOREAL] C:\Program\Coloreal\coloreal.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [ccApp] c:\Program\Delade filer\Symantec Shared\ccApp.exe
O4 - HKLM\..\Run: [ccRegVfy] c:\Program\Delade filer\Symantec Shared\ccRegVfy.exe
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [Jet Detection] C:\Program\Creative\SBAudigy\PROGRAM\ADGJDet.exe
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb06.exe
O4 - HKLM\..\Run: [StartCCC] C:\Program\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\RunOnce: [getPlusUninstall_ocx] rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\inf\GETPLUSo.INF, DefaultUninstall
O4 - HKCU\..\Run: [MSMSGS] "C:\Program\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [YSearchProtection] C:\Program\Yahoo!\Search Protection\SearchProtection.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - us.dl1.yimg.com/download.yahoo.com/dl/installs/yinst20040510.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - update.microsoft.com/windowsupdate/v6/V.....7344012142
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - adobe.com/products/acrobat/nos/gp.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program\Delade filer\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - c:\Program\Delade filer\Symantec Shared\ccPwdSvc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - c:\Program\Norton AntiVirus\navapsvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

offline
  • DEMIAN  Male
  • Legendarni graðanin
  • IT Manager
  • Pridružio: 25 Mar 2005
  • Poruke: 3706
  • Gde živiš: The darkest place on earth..

Pretpostavljam da ti sada radi upload, pokreæu se aplikacije i sl.. Meðutim, prema ovome što vidim sumnjam da i dalje imaš malware na raèunaru.

Prvo æeš da mi pošalješ na upload sledeæe fajlove preko ove forme > http://www.mycity.rs/ambulanta-upload.php

C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\SYSTEM32\igfxsrvc.dll
C:\Program\USB Storage RW\shwicon.exe


Za sluèaj da neki od njih ne bude vidljiv iz Windows Expolorer-a, (pošto ceš ih tražiti po putanji koju sam ti naveo) ukljuèiæeš prikaz skrivenih fajlova u XP-u prema uputstvu sa ovog linka:
http://www.mycity.rs/Uputstva-sa-ex-SuperSajta/Kako-videti-skrivene-fajlove.html

Kada mi pošalješ te fajlove ispratiæeš ovo uputstvo:

VundoFix:
http://www.atribune.org/ccount/click.php?id=4

* Dvoklikom se startuje fajl VundoFix.exe.
* Izabere opcija Scan for Vundo.
* Posle završenog skeniranja i pojave poruke Done Searching for files klikne se na OK.
* Sada, kada je skeniranje obavljeno potrebno je kliknuti na opciju Remove Vundo.
* Po pojavljivanju upita o uklanjaju Vundo fajlova klikne se na Yes.
* Pokretanje ove opcije uèiniæe Desktop privremeno praznim u cilju pripreme sistema za uklanjanje Vundo-a.
* Po završetku, pojaviæe se obaveštenje o gašnjenju raèunara, klikne se OK.
* Ukljuèi se raèunar i podigne sistem iznova.
* Iskopira se sadržaj loga sa putanje C:\vundofix.txt i novi HiJackThis log u poruku na forumu.

Ko je trenutno na forumu
 

Ukupno su 763 korisnika na forumu :: 33 registrovanih, 5 sakrivenih i 725 gosta   ::   [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:
Korisnici trenutno na forumu: _commandos_, _Rade, A.R.Chafee.Jr., Aleksandar Tomiæ, Arhiv, babaroga, Bahuss, Buzdovan, captaingox, cezar 35, danilopu, dankisha, djboj, Djokkinen, Faki-Valjevo, JOntra, Mahovljani, Majki, Mercury, Mihajlo, milenko crazy north, mk, mrav pesadinac, n.jokan, novator, Sale.S, Sibin, Sirius, Snorks, Toni, uruk, voja64, Warhawk