Možda tražite i:
Virus W32
Kako da obrisem virus W32.spybot.worm
W32/Conficker.worm

MyCity » Ambulanta -> Arhiva Ambulante » W32 ili Vundo???

W32 ili Vundo???

Napisano na dan: 16.8.2007

Strana:
1
2

W32 ili Vundo???

Sledeća strana

Pagination

Odgovori

Strana:
1
2

misto Poslao: 16 Avg 2007 17:24 Idi na vrh
offline misto Građanin Pridružio: 08 Okt 2003 Poruke: 63 Gde živiš: Sweden	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Danas sam pisao u ZASTITI OD VIRUSA na temu "Otkriven „trojanac“ koji „jede“ MP"... Sada sledi nastavak price kao sto mi je Rogi23 i predlozio. Uspeo sam da (preko Zone Alarm-a) odem na net, skinem HijackThis! i nakon njegovog startovanja dobio sam ovaj log: Logfile of Trend Micro HijackThis v2.0.0 (BETA) Scan saved at 17:18:46, on 2007-08-16 Platform: Windows XP SP2 (WinNT 5.01.2600) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program\Delade filer\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\windows\system\hpsysdrv.exe C:\Program\USB Storage RW\shwicon.exe C:\HP\KBD\KBD.EXE C:\Program\Delade filer\Symantec Shared\ccApp.exe C:\WINDOWS\system32\CTHELPER.EXE C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb06.exe C:\Program\Registry Mechanic\RegMech.exe C:\Program\Java\jre1.6.0_02\bin\jusched.exe C:\Program\Zone Labs\ZoneAlarm\zlclient.exe C:\Program\ATI Technologies\ATI.ACE\cli.exe C:\Program\Enigma Software Group\SpyHunter\SpyHunter.exe C:\Program\Messenger\msmsgs.exe C:\WINDOWS\system32\ctfmon.exe C:\Program\Yahoo!\Search Protection\SearchProtection.exe C:\WINDOWS\System32\CTsvcCDA.exe C:\Program\Delade filer\Microsoft Shared\VS7Debug\mdm.exe c:\Program\Norton AntiVirus\navapsvc.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\ZoneLabs\vsmon.exe C:\WINDOWS\System32\MsPMSPSv.exe C:\Program\ZONELA~1\ZONEAL~1\MAILFR~1\mantispm.exe C:\Program\ATI Technologies\ATI.ACE\cli.exe C:\Program\ATI Technologies\ATI.ACE\cli.exe C:\Program\Internet Explorer\IEXPLORE.EXE C:\Documents and Settings\Ägaren\Lokala inställningar\Temporary Internet Files\Content.IE5\K58AYGPP\HiJackThis_v2[1].exe R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = red.clientapps.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program\Java\jre1.6.0_02\bin\ssv.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program\google\googletoolbar2.dll O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - c:\Program\Norton AntiVirus\NavShExt.dll O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program\Norton AntiVirus\NavShExt.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program\google\googletoolbar2.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program\Yahoo!\Companion\Installs\cpn\yt.dll O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe O4 - HKLM\..\Run: [KYE_Showicon] "C:\Program\USB Storage RW\shwicon.exe" -t"KYE\USB Storage RW" O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE O4 - HKLM\..\Run: [StorageGuard] "C:\Program\VERITAS Software\Update Manager\sgtray.exe" /r O4 - HKLM\..\Run: [WCOLOREAL] C:\Program\Coloreal\coloreal.exe O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [ccApp] C:\Program\Delade filer\Symantec Shared\ccApp.exe O4 - HKLM\..\Run: [ccRegVfy] C:\Program\Delade filer\Symantec Shared\ccRegVfy.exe O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb06.exe O4 - HKLM\..\Run: [RegistryMechanic] C:\Program\Registry Mechanic\RegMech.exe /S O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program\Java\jre1.6.0_02\bin\jusched.exe" O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program\Zone Labs\ZoneAlarm\zlclient.exe" O4 - HKLM\..\Run: [ATICCC] "C:\Program\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKLM\..\Run: [TrojanScanner] C:\Program\Trojan Remover\Trjscan.exe O4 - HKLM\..\Run: [SpyHunter] C:\Program\Enigma Software Group\SpyHunter\SpyHunter.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [YSearchProtection] C:\Program\Yahoo!\Search Protection\SearchProtection.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOKAL TJÄNST') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\RunOnce: [SetDefaultMidi] MIDIDEF.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\RunOnce: [SetDefaultMidi] MIDIDEF.EXE (User 'Default user') O4 - Global Startup: Microsoft Office.lnk = C:\Program\Microsoft Office\Office10\OSA.EXE O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java-konsol - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - update.microsoft.com/windowsupdate/v6/V.....4246139109 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - update.microsoft.com/microsoftupdate/v6.....4771457937 O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program\DELADE~1\Skype\SKYPE4~1.DLL O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\ccPwdSvc.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - c:\Program\Norton AntiVirus\navapsvc.exe O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe -- End of file - 8032 bytes Jos jedna interesantna stvar,posto sam danas malo ceprkao po netu (na zadatu temu) uspeo sam da dodjem do nekih podataka da je mozda (u mom slucaju) u pitanju i Vundo Trojanac. Skinuo sam i VundoFix.exe medjutim on nista ne pronalazi i kaze da je sve ok?!? Pokrenuo sam cak i program Spy Hunter 2.9 koji sam preuzeo takodje sa neta i on mi je jedini pronasao Vundo Trojan ali ga ne mogu izbrisati jer trazi da se prvo uplati odredjena svota novca... Nijedan drugi program ne nalazi nista sem ovog poslednjeg... Molim vas za pomoc jer ovo nikako ne mogu sam da resim! Hvala unapred svima!!!

Profil

DEMIAN Poslao: 16 Avg 2007 18:33 Idi na vrh
offline DEMIAN Legendarni građanin IT Manager Pridružio: 25 Mar 2005 Poruke: 3706 Gde živiš: The darkest place on earth..	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Pozz Misto, Log koji si napravio nije pokazao linije koje su nam bitne za analizu tvog slučaja. Najverovatnije, uzrok tome je to što si program startovao direktno iz download prompta IE-a, a nisi promenio naziv aplikacije i pokrenuo je iz zasebnog foldera kao po uputstvu za otvaranje teme u Ambulanti. Zato bih te zamolio da do detalja ispratiš uputstvo koje ti je na linku ispod i postaviš nov log: http://www.mycity.rs/Ambulanta/Kako-otvoriti-temu-u-Ambulanti.html Takodje nam je jako bitno da koristis verziju HijackThisa koja je linkovana u gornjoj temi.

Profil

misto Poslao: 16 Avg 2007 20:39 Idi na vrh
offline misto Građanin Pridružio: 08 Okt 2003 Poruke: 63 Gde živiš: Sweden	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Pozz DeM14n, i ja bih voleo da mogu da ispratim uputstva do detalja ali kad nesto ne moze...A zasto ne moze? Pa zato sto ne mogu da startujem nijedan program na racunaru jer mi uporno "govori" da ja nemam pristup iako samo ja koristim taj racunar???Ko je adminstrator onda????? Stvarno mi nije jasno... Sve sam uradio po uputstvu,skinuo fajl,promenio mu ime ali kada sam hteo da ga pokrenem ono... Da li postoji neko drugo resenje kako bih pokrenuo hijackthis sa racunara a ne sa neta? Da li uopste postoji resenje za ovaj problem? Hvala jos jednom!!! Pozz svima

Profil

bobby Poslao: 16 Avg 2007 21:22 Idi na vrh
offline bobby Administrator Pridružio: 04 Sep 2003 Poruke: 24135 Gde živiš: Wien	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Posto DeM14n trenutno nije tu, uzecu sebi za slobodu da te uputim na jos jedan program koji moze da nam pomogne. Preuzmi program Deckard's System Scanner. Preporučuje se čuvanje programa direktno na Desktop radi lakšeg i bržeg pokretanja. Program se startuje prosto - dvoklikom na ikonu. Skeniranje i provera sistema se odvija kroz par koraka i traje maksimalno par minuta. Rezultat je log main.txt koji Deckard's System Scanner kreira i otvara automatski po završtetku skeniranja. Kompletan sadržaj tog loga je potrebno kopirati i postovati na forum u sledećem postu radi analize. Nadamo se da ce ovaj program da radi. Ukoliko i on bude blokiran, imamo mi toga jos u arsenalu

Profil

misto Poslao: 16 Avg 2007 22:33 Idi na vrh
offline misto Građanin Pridružio: 08 Okt 2003 Poruke: 63 Gde živiš: Sweden	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Evo mene opet... E ovako,posto naravno nisam uspeo da otvorim DSS kroz folder na desktopu (pa cak ni sa desktopa), moram sam preko neta kao i malopre sa HijackThis. To izgleda ovako: Deckard's System Scanner v20070809.63 Run by Ägaren on 2007-08-16 at 22:28:05 Computer is in Normal Mode. -------------------------------------------------------------------------------- -- System Restore -------------------------------------------------------------- Successfully created a Deckard's System Scanner Restore Point. -- Last 5 Restore Point(s) -- 161: 2007-08-16 20:28:10 UTC - RP161 - Deckard's System Scanner Restore Point 160: 2007-08-16 15:45:54 UTC - RP160 - Installed Ad-Aware 2007 159: 2007-08-15 14:37:05 UTC - RP159 - Installation av osignerad drivrutin 158: 2007-08-14 20:37:14 UTC - RP158 - Software Distribution Service 3.0 157: 2007-08-14 16:34:41 UTC - RP157 - Systemkontrollpunkt -- First Restore Point -- 1: 2007-07-12 12:48:12 UTC - RP1 - Systemkontrollpunkt Backed up registry hives. Performed disk cleanup. -- HijackThis Clone ------------------------------------------------------------ Emulating logfile of HijackThis v1.99.1 Scan saved at 2007-08-16 22:29:41 Platform: Windows XP Service Pack 2 (5.01.2600) MSIE: Internet Explorer (7.00.6000.16512) Running processes: C:\WINDOWS\system32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program\Delade filer\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\ati2evxx.exe C:\WINDOWS\explorer.exe C:\WINDOWS\system\hpsysdrv.exe C:\Program\USB Storage RW\shwicon.exe C:\hp\KBD\kbd.exe C:\Program\Delade filer\Symantec Shared\ccApp.exe C:\WINDOWS\system32\cthelper.exe C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb06.exe C:\Program\Registry Mechanic\RegMech.exe C:\Program\Java\jre1.6.0_02\bin\jusched.exe C:\Program\Zone Labs\ZoneAlarm\zlclient.exe C:\Program\ATI Technologies\ATI.ACE\CLI.exe C:\Program\Enigma Software Group\SpyHunter\SpyHunter.exe C:\Program\Messenger\msmsgs.exe C:\WINDOWS\system32\ctfmon.exe C:\Program\Yahoo!\Search Protection\SearchProtection.exe C:\WINDOWS\system32\CTSVCCDA.EXE C:\Program\Delade filer\Microsoft Shared\VS7Debug\mdm.exe C:\Program\Norton AntiVirus\Navapsvc.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\ZoneLabs\vsmon.exe C:\WINDOWS\system32\MsPMSPSv.exe C:\Program\Zone Labs\ZoneAlarm\MailFrontier\mantispm.exe C:\Program\ATI Technologies\ATI.ACE\CLI.exe C:\Program\ATI Technologies\ATI.ACE\CLI.exe C:\Program\Lavasoft\Ad-Aware 2007\aawservice.exe C:\Program\Lavasoft\Ad-Aware 2007\Ad-Aware2007.exe C:\Program\Adobe\Acrobat 5.0\Reader\AcroRd32.exe C:\Program\Internet Explorer\iexplore.exe C:\Documents and Settings\Ägaren\Lokala inställningar\Temporary Internet Files\Content.IE5\3OQWB9GJ\dss[1].exe R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = red.clientapps.yahoo.com/customize/ycomp/defaults/su/http://www.yahoo.com R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = iexplore R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program\Java\jre1.6.0_02\bin\ssv.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program\Google\GoogleToolbar2.dll O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program\Norton AntiVirus\NAVShExt.dll O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program\Norton AntiVirus\NAVShExt.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program\Google\GoogleToolbar2.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program\Yahoo!\Companion\Installs\cpn\yt.dll O4 - HKEY_LOCAL_MACHINE\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe O4 - HKEY_LOCAL_MACHINE\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe O4 - HKEY_LOCAL_MACHINE\..\Run: [KYE_Showicon] "C:\Program\USB Storage RW\shwicon.exe" -t"KYE\USB Storage RW" O4 - HKEY_LOCAL_MACHINE\..\Run: [KBD] C:\HP\KBD\KBD.EXE O4 - HKEY_LOCAL_MACHINE\..\Run: [StorageGuard] "C:\Program\VERITAS Software\Update Manager\sgtray.exe" /r O4 - HKEY_LOCAL_MACHINE\..\Run: [WCOLOREAL] C:\Program\Coloreal\coloreal.exe O4 - HKEY_LOCAL_MACHINE\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE O4 - HKEY_LOCAL_MACHINE\..\Run: [nwiz] nwiz.exe /install O4 - HKEY_LOCAL_MACHINE\..\Run: [ccApp] C:\Program\Delade filer\Symantec Shared\ccApp.exe O4 - HKEY_LOCAL_MACHINE\..\Run: [ccRegVfy] C:\Program\Delade filer\Symantec Shared\ccRegVfy.exe O4 - HKEY_LOCAL_MACHINE\..\Run: [CTHelper] CTHELPER.EXE O4 - HKEY_LOCAL_MACHINE\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE O4 - HKEY_LOCAL_MACHINE\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe O4 - HKEY_LOCAL_MACHINE\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb06.exe O4 - HKEY_LOCAL_MACHINE\..\Run: [RegistryMechanic] C:\Program\Registry Mechanic\RegMech.exe /S O4 - HKEY_LOCAL_MACHINE\..\Run: [SunJavaUpdateSched] "C:\Program\Java\jre1.6.0_02\bin\jusched.exe" O4 - HKEY_LOCAL_MACHINE\..\Run: [ZoneAlarm Client] "C:\Program\Zone Labs\ZoneAlarm\zlclient.exe" O4 - HKEY_LOCAL_MACHINE\..\Run: [ATICCC] "C:\Program\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay O4 - HKEY_LOCAL_MACHINE\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKEY_LOCAL_MACHINE\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKEY_LOCAL_MACHINE\..\Run: [TrojanScanner] C:\Program\Trojan Remover\Trjscan.exe O4 - HKEY_LOCAL_MACHINE\..\Run: [SpyHunter] C:\Program\Enigma Software Group\SpyHunter\SpyHunter.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [YSearchProtection] C:\Program\Yahoo!\Search Protection\SearchProtection.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program\Microsoft Office\Office10\OSA.EXE O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java-konsol - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O9 - Extra 'Tools' menuitem: (no name) - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - update.microsoft.com/windowsupdate/v6/V.....4246139109 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - update.microsoft.com/microsoftupdate/v6.....4771457937 O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab O18 - Protocol: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program\Delade filer\Microsoft Shared\Web Folders\PKMCDO.DLL O18 - Protocol: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program\Delade filer\Microsoft Shared\Information Retrieval\MSITSS.DLL O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program\Delade filer\Skype\Skype4COM.dll O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - "C:\Program\Lavasoft\Ad-Aware 2007\aawservice.exe" O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTSVCCDA.EXE -- File Associations ----------------------------------------------------------- All associations okay. -- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------- R3 pfc (Padus ASPI Shell) - c:\windows\system32\drivers\pfc.sys <Not Verified; Padus, Inc.; Padus(R) ASPI Shell> S3 w800bus (Sony Ericsson W800 driver (WDM)) - c:\windows\system32\drivers\w800bus.sys <Not Verified; MCCI; Sony Ericsson W800> S3 w800mdfl (Sony Ericsson W800 USB WMC Modem Filter) - c:\windows\system32\drivers\w800mdfl.sys <Not Verified; MCCI; Sony Ericsson W800 USB WMC Modem Filter Driver> S3 w800mdm (Sony Ericsson W800 USB WMC Modem Drivers) - c:\windows\system32\drivers\w800mdm.sys <Not Verified; MCCI; Sony Ericsson W800 USB WMC Modem> S3 w800obex (Sony Ericsson W800 USB WMC OBEX Interface Drivers) - c:\windows\system32\drivers\w800obex.sys <Not Verified; MCCI; Sony Ericsson W800 USB WMC OBEX Interface> -- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled -------------------- R2 aawservice (Ad-Aware 2007 Service) - "c:\program\lavasoft\ad-aware 2007\aawservice.exe" <Not Verified; Lavasoft AB; Ad-Aware 2007 Service> -- Device Manager: Disabled ---------------------------------------------------- No disabled devices found. -- Scheduled Tasks ------------------------------------------------------------- 2007-08-16 22:28:38 390 --a------ C:\WINDOWS\Tasks\Symantec NetDetect.job 2007-08-10 23:50:20 476 --a------ C:\WINDOWS\Tasks\Norton AntiVirus - Sök igenom datorn.job 2007-07-28 00:12:31 404 --a------ C:\WINDOWS\Tasks\RegistrySmart Scheduled Scan.job -- Files created between 2007-07-16 and 2007-08-16 ----------------------------- 2007-08-16 17:45:57 0 d-------- C:\Program\Lavasoft 2007-08-16 17:45:56 0 d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft 2007-08-16 17:45:21 0 d-------- C:\Program\Delade filer\Wise Installation Wizard 2007-08-16 16:53:46 0 d-------- C:\Documents and Settings\Administratör\WINDOWS 2007-08-16 16:53:46 0 dra------ C:\Documents and Settings\Administratör\Start-meny 2007-08-16 16:53:46 0 d-------- C:\Documents and Settings\Administratör\Skrivbord 2007-08-16 16:53:46 0 d--h----- C:\Documents and Settings\Administratör\Skrivare 2007-08-16 16:53:46 0 drah----- C:\Documents and Settings\Administratör\SendTo 2007-08-16 16:53:46 0 drah----- C:\Documents and Settings\Administratör\Recent 2007-08-16 16:53:46 0 d--h----- C:\Documents and Settings\Administratör\Nätverket 2007-08-16 16:53:46 0 dra------ C:\Documents and Settings\Administratör\Mina dokument 2007-08-16 16:53:46 0 d--h----- C:\Documents and Settings\Administratör\Mallar 2007-08-16 16:53:46 0 d--h----- C:\Documents and Settings\Administratör\Lokala inställningar 2007-08-16 16:53:46 0 dra------ C:\Documents and Settings\Administratör\Favoriter 2007-08-16 16:53:46 0 d--hs---- C:\Documents and Settings\Administratör\Cookies 2007-08-16 16:53:46 0 drah----- C:\Documents and Settings\Administratör\Application Data 2007-08-16 16:53:46 0 d-------- C:\Documents and Settings\Administratör\Application Data\VERITAS 2007-08-16 16:53:46 0 d-------- C:\Documents and Settings\Administratör\Application Data\Symantec 2007-08-16 16:53:46 0 d-------- C:\Documents and Settings\Administratör\Application Data\SampleView 2007-08-16 16:53:46 0 d---s---- C:\Documents and Settings\Administratör\Application Data\Microsoft 2007-08-16 16:53:46 0 d-------- C:\Documents and Settings\Administratör\Application Data\InterTrust 2007-08-16 16:53:46 0 d-------- C:\Documents and Settings\Administratör\Application Data\Identities 2007-08-16 16:53:46 0 d-------- C:\Documents and Settings\Administratör\Application Data\Adobe 2007-08-16 16:53:45 786432 --ah----- C:\Documents and Settings\Administratör\NTUSER.DAT 2007-08-16 16:39:02 0 d-------- C:\VundoFix Backups 2007-08-16 00:07:41 0 d-------- C:\Program\Antivirus Protection 2007-08-16 00:02:46 0 d-------- C:\Program\Common Files 2007-08-16 00:01:06 0 d-------- C:\Program\Anti Trojan Elite 2007-08-15 23:58:47 0 d-------- C:\Program\Enigma Software Group 2007-08-15 23:15:11 162304 --a------ C:\WINDOWS\system32\ztvunrar36.dll 2007-08-15 23:15:11 77312 --a------ C:\WINDOWS\system32\ztvunace26.dll 2007-08-15 23:15:11 69632 --a------ C:\WINDOWS\system32\ztvcabinet.dll <Not Verified; Microsoft Corporation; Microsoft(R) Windows (R) 2000 Operating System> 2007-08-15 23:15:11 153088 --a------ C:\WINDOWS\system32\UNRAR3.dll 2007-08-15 23:15:11 75264 --a------ C:\WINDOWS\system32\unacev2.dll 2007-08-15 23:15:07 0 d-------- C:\Program\Trojan Remover 2007-08-15 23:15:07 0 d-------- C:\Documents and Settings\Ägaren\Application Data\Simply Super Software 2007-08-15 23:15:07 0 d-------- C:\Documents and Settings\All Users\Application Data\Simply Super Software 2007-08-15 16:39:34 77040 -ra------ C:\WINDOWS\system32\drivers\w800obex.sys <Not Verified; MCCI; Sony Ericsson W800 USB WMC OBEX Interface> 2007-08-15 16:37:58 87424 -ra------ C:\WINDOWS\system32\drivers\w800mdm.sys <Not Verified; MCCI; Sony Ericsson W800 USB WMC Modem> 2007-08-15 16:37:58 6096 -ra------ C:\WINDOWS\system32\drivers\w800mdfl.sys <Not Verified; MCCI; Sony Ericsson W800 USB WMC Modem Filter Driver> 2007-08-15 16:37:58 6112 -ra------ C:\WINDOWS\system32\drivers\w800cmnt.sys <Not Verified; MCCI; Sony Ericsson W800 USB WMC OBEX Interface> 2007-08-15 16:37:58 6112 -ra------ C:\WINDOWS\system32\drivers\w800cm.sys <Not Verified; MCCI; Sony Ericsson W800 USB WMC OBEX Interface> 2007-08-15 16:37:13 5744 -ra------ C:\WINDOWS\system32\drivers\w800whnt.sys <Not Verified; MCCI; Sony Ericsson W800> 2007-08-15 16:37:13 5744 -ra------ C:\WINDOWS\system32\drivers\w800wh.sys <Not Verified; MCCI; Sony Ericsson W800> 2007-08-15 16:37:13 52384 -ra------ C:\WINDOWS\system32\drivers\w800bus.sys <Not Verified; MCCI; Sony Ericsson W800> 2007-08-03 15:56:27 0 d-------- C:\Documents and Settings\Ägaren\Application Data\Help 2007-08-03 15:32:33 6688 --a------ C:\WINDOWS\movexe.exe 2007-08-03 15:29:24 0 d-------- C:\mts 2007-07-27 23:58:35 0 d-------- C:\Documents and Settings\Ägaren\Application Data\RegistrySmart 2007-07-27 23:55:48 0 d-------- C:\WINDOWS\system32\custom matrices 2007-07-27 23:55:47 200704 --a------ C:\WINDOWS\system32\TomsMoComp_ff.dll 2007-07-27 23:55:47 114688 --a------ C:\WINDOWS\system32\libmpeg2_ff.dll 2007-07-27 23:55:47 0 d-------- C:\WINDOWS\system32\languages 2007-07-27 23:55:47 7680 --a------ C:\WINDOWS\system32\ff_vfw.dll 2007-07-27 23:55:47 221184 --a------ C:\WINDOWS\system32\ff_kernelDeint.dll 2007-07-27 23:55:47 741376 --a------ C:\WINDOWS\system32\audxlib.dll 2007-07-27 23:55:46 60273 --a------ C:\WINDOWS\system32\pthreadGC2.dll <Not Verified; Open Source Software community project; > 2007-07-27 23:55:46 38400 --a------ C:\WINDOWS\system32\ff_unrar.dll 2007-07-27 23:55:46 79872 --a------ C:\WINDOWS\system32\ff_tremor.dll 2007-07-27 23:55:46 122880 --a------ C:\WINDOWS\system32\ff_samplerate.dll 2007-07-27 23:55:46 97280 --a------ C:\WINDOWS\system32\ff_realaac.dll 2007-07-27 23:55:46 118784 --a------ C:\WINDOWS\system32\ff_libmad.dll 2007-07-27 23:55:46 245760 --a------ C:\WINDOWS\system32\ff_libfaad2.dll 2007-07-27 23:55:46 155648 --a------ C:\WINDOWS\system32\ff_libdts.dll 2007-07-27 23:55:46 40960 --a------ C:\WINDOWS\system32\ff_liba52.dll 2007-07-27 23:55:45 684549 --a------ C:\WINDOWS\system32\unins000.exe <Not Verified; ; Inno Setup> 2007-07-27 23:55:45 51478 --a------ C:\WINDOWS\system32\unins000.dat 2007-07-27 23:39:47 0 d-------- C:\Program\XP Codec Pack 2007-07-26 12:05:35 344064 --a------ C:\WINDOWS\xvid.dll 2007-07-26 11:55:38 0 d-------- C:\WINDOWS\system32\backup 2007-07-26 11:32:28 0 d-------- C:\WINDOWS\Sun 2007-07-25 10:41:47 0 d-------- C:\Program\DC++ 2007-07-23 08:30:06 0 d--h----- C:\WINDOWS\msdownld.tmp 2007-07-23 08:26:59 0 d-------- C:\Documents and Settings\Ägaren\Application Data\ACD Systems 2007-07-23 08:26:24 0 d-------- C:\Program\Delade filer\ACD Systems 2007-07-23 08:26:24 0 d-------- C:\Program\ACD Systems 2007-07-22 14:06:51 364544 -----n--- C:\WINDOWS\system32\TwnLib4.dll <Not Verified; Pegasus Imaging Corp.; TwnLib4> 2007-07-22 14:06:51 106496 --a------ C:\WINDOWS\system32\TwnLib20.dll <Not Verified; Pegasus Software; TWNLIB20> 2007-07-22 14:06:50 155648 --a------ C:\WINDOWS\system32\NeroCheck.exe <Not Verified; Nero AG; Nero AG NeroCheck> 2007-07-22 14:06:50 471040 -----n--- C:\WINDOWS\system32\ImagXRA7.dll <Not Verified; Pegasus Imaging Corp.; ImagXpress7> 2007-07-22 14:06:50 262144 -----n--- C:\WINDOWS\system32\ImagXR7.dll <Not Verified; Pegasus Imaging Corp.; ImagXpress7> 2007-07-22 14:06:50 1568768 -----n--- C:\WINDOWS\system32\ImagX7.dll <Not Verified; Pegasus Imaging Corp.; ImagXpress7> 2007-07-22 14:06:48 0 d-------- C:\Program\Delade filer\Ahead 2007-07-22 14:06:48 0 d-------- C:\Program\Ahead 2007-07-20 17:24:52 0 d-------- C:\Program\Codec Pack - All In 1 2007-07-20 16:38:16 0 d-------- C:\Program\Webteh 2007-07-20 12:46:47 0 d-------- C:\Program\BSPlayer 2007-07-20 10:47:10 0 d-------- C:\Documents and Settings\Ägaren\Application Data\BSplayer 2007-07-20 10:47:10 0 d-------- C:\Documents and Settings\Ägaren\Application Data\BSplayer Pro 2007-07-20 10:44:33 0 d-------- C:\Program\AC3Filter 2007-07-20 10:41:37 0 d-------- C:\Program\XviD 2007-07-20 10:38:48 0 d-------- C:\Program\DivX 2007-07-20 10:38:34 0 d-------- C:\Program\ffdshow 2007-07-20 08:47:39 0 d-------- C:\Program\Far Cry 2007-07-20 08:42:40 0 d-------- C:\Program\Alex Feinman 2007-07-20 08:41:31 0 d-------- C:\Program\WinISO 2007-07-18 17:07:36 0 d-------- C:\WINDOWS\ShellNew 2007-07-16 09:04:24 0 d-------- C:\Program\Windows Media Connect 2 2007-07-16 09:02:58 0 d-------- C:\WINDOWS\system32\LogFiles 2007-07-16 09:02:58 0 d-------- C:\WINDOWS\system32\drivers\UMDF -- Find3M Report --------------------------------------------------------------- 2007-08-16 20:04:01 288 --a------ C:\WINDOWS\system32\DVCStateBkp-{00000002-00000000-0000000A-00001102-00000004-00541102}.dat 2007-08-16 20:04:01 288 --a------ C:\WINDOWS\system32\DVCState-{00000002-00000000-0000000A-00001102-00000004-00541102}.dat 2007-08-16 17:45:21 0 d-------- C:\Program\Delade filer 2007-08-16 17:02:59 0 d-------- C:\Program\Delade filer\Symantec Shared 2007-08-16 17:02:33 4212 ---h----- C:\WINDOWS\system32\zllictbl.dat 2007-08-16 17:02:11 0 d-------- C:\Program\Coloreal 2007-08-16 00:02:42 0 d-------- C:\Program\Yahoo! 2007-08-15 18:29:15 0 d-------- C:\Program\Norton AntiVirus 2007-08-15 18:13:49 0 d-------- C:\Program\USB Storage RW 2007-08-13 23:01:07 0 d-------- C:\Documents and Settings\Ägaren\Application Data\Skype 2007-07-26 11:53:20 344064 --a------ C:\WINDOWS\system32\xvid.dll 2007-07-22 11:32:00 661504 --a------ C:\WINDOWS\system32\xvidcore.dll 2007-07-22 11:32:00 403968 --a------ C:\WINDOWS\system32\libmplayer.dll 2007-07-22 11:32:00 3165184 --a------ C:\WINDOWS\system32\libavcodec.dll 2007-07-22 11:32:00 510976 --a------ C:\WINDOWS\system32\ff_x264.dll 2007-07-22 11:32:00 26624 --a------ C:\WINDOWS\system32\ff_wmv9.dll 2007-07-22 11:32:00 143360 --a------ C:\WINDOWS\system32\ff_theora.dll 2007-07-18 22:38:52 1100 --a------ C:\WINDOWS\system32\d3d8caps.dat 2007-07-18 17:15:59 384758 --a------ C:\WINDOWS\system32\perfh01D.dat 2007-07-18 17:15:59 63494 --a------ C:\WINDOWS\system32\perfc01D.dat 2007-07-16 15:37:37 0 d-------- C:\Program\Delade filer\Adobe 2007-07-15 00:51:09 0 d-------- C:\Documents and Settings\Ägaren\Application Data\ATI 2007-07-15 00:48:28 0 d-------- C:\Program\Delade filer\ATI Technologies 2007-07-15 00:45:33 0 d-------- C:\Program\ATI Technologies 2007-07-15 00:45:09 0 d-------- C:\Program\Delade filer\InstallShield 2007-07-15 00:42:17 0 d--h----- C:\Program\InstallShield Installation Information 2007-07-14 09:05:45 0 d-------- C:\Documents and Settings\Ägaren\Application Data\MailFrontier 2007-07-13 23:43:47 0 d-------- C:\Program\Java 2007-07-13 23:43:01 0 d-------- C:\Program\Delade filer\Java 2007-07-13 23:42:31 0 d-------- C:\Documents and Settings\Ägaren\Application Data\Sun 2007-07-12 23:25:24 664 --a------ C:\WINDOWS\system32\d3d9caps.dat 2007-07-12 23:19:13 0 d-------- C:\Program\Skype 2007-07-12 23:19:09 0 d-------- C:\Program\Delade filer\Skype 2007-07-12 17:09:31 0 d-------- C:\Documents and Settings\Ägaren\Application Data\Yahoo! 2007-07-12 16:44:03 0 d-------- C:\Program\Symantec 2007-07-12 16:08:28 0 d-------- C:\Program\Messenger 2007-07-12 15:14:48 0 d-------- C:\Program\Movie Maker 2007-07-12 15:13:01 0 d-------- C:\Program\Windows NT 2007-07-12 15:10:58 0 d--h----- C:\Program\WindowsUpdate 2007-07-12 15:08:12 0 d-------- C:\Documents and Settings\Ägaren\Application Data\WinRAR 2007-07-12 15:05:13 0 d-------- C:\Documents and Settings\Ägaren\Application Data\Google 2007-07-12 15:04:55 0 d-------- C:\Documents and Settings\Ägaren\Application Data\Macromedia 2007-07-12 15:03:42 0 d-------- C:\Program\Google 2007-07-12 14:54:41 0 d-------- C:\Program\Hewlett-Packard 2007-07-12 14:53:48 0 d-------- C:\Program\hp deskjet 5550 series 2007-07-12 14:47:43 0 --a------ C:\WINDOWS\system32\iAlmcoin.dll 2007-07-12 14:46:51 0 d-------- C:\Program\Creative 2007-06-07 21:10:48 20480 --a------ C:\WINDOWS\system32\ac3config.exe 2007-05-30 05:31:58 57344 --a------ C:\WINDOWS\system32\filekiller.dll -- Registry Dump --------------------------------------------------------------- Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 17:04] "HotKeysCmds"="C:\WINDOWS\System32\hkcmd.exe" [2002-10-16 07:05] "KYE_Showicon"="C:\Program\USB Storage RW\shwicon.exe" [2002-10-25 16:33] "KBD"="C:\HP\KBD\KBD.EXE" [2003-02-10 15:02] "StorageGuard"="C:\Program\VERITAS Software\Update Manager\sgtray.exe" [2002-06-18 08:01] "WCOLOREAL"="C:\Program\Coloreal\coloreal.exe" [2002-11-26 18:14] "Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [2002-09-13 22:42] "nwiz"="nwiz.exe" [2002-09-09 23:35 C:\WINDOWS\system32\nwiz.exe] "ccApp"="C:\Program\Delade filer\Symantec Shared\ccApp.exe" [2002-10-23 12:50] "ccRegVfy"="C:\Program\Delade filer\Symantec Shared\ccRegVfy.exe" [2002-10-23 12:51] "CTHelper"="CTHELPER.EXE" [2003-01-09 01:39 C:\WINDOWS\system32\cthelper.exe] "UpdReg"="C:\WINDOWS\UpdReg.EXE" [2000-05-11 01:00] "PS2"="C:\WINDOWS\system32\ps2.exe" [2002-07-31 20:28] "HPDJ Taskbar Utility"="C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb06.exe" [2002-07-11 15:12] "RegistryMechanic"="C:\Program\Registry Mechanic\RegMech.exe" [2007-05-09 10:41] "SunJavaUpdateSched"="C:\Program\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 04:00] "ZoneAlarm Client"="C:\Program\Zone Labs\ZoneAlarm\zlclient.exe" [2007-03-09 01:02] "ATICCC"="C:\Program\ATI Technologies\ATI.ACE\cli.exe" [2006-01-02 17:41] "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2006-01-12 15:40] "KernelFaultCheck"="C:\WINDOWS\system32\dumprep 0 -k" [] "TrojanScanner"="C:\Program\Trojan Remover\Trjscan.exe" [2007-08-11 20:11] "SpyHunter"="C:\Program\Enigma Software Group\SpyHunter\SpyHunter.exe" [2007-04-26 19:03] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MSMSGS"="C:\Program\Messenger\msmsgs.exe" [2004-10-13 18:24] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 10:34] "YSearchProtection"="C:\Program\Yahoo!\Search Protection\SearchProtection.exe" [2007-03-29 00:10] [HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce] "SetDefaultMidi"=MIDIDEF.EXE "PlayCenter2"="C:\Program\Creative\SBAudigy\PlayCenter2\MDEntry.EXE" "C:\Program\Creative\SBAudigy\PlayCenter2" C:\Documents and Settings\All Users\Start-meny\Program\Autostart\ Microsoft Office.lnk - C:\Program\Microsoft Office\Office10\OSA.EXE [2001-02-13 09:01:04] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer] @= [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}] @="Volume shadow copy" Newly Created Service - AAWSERVICE -- End of Deckard's System Scanner: finished at 2007-08-16 at 22:31:32 --------- Ajd ljudi pomagajte molim vas!!! Hvala svima!!! Pozz

Profil

misto Poslao: 17 Avg 2007 00:46 Idi na vrh
offline misto Građanin Pridružio: 08 Okt 2003 Poruke: 63 Gde živiš: Sweden	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! E ako nesto znaci evo log koji mi je izbacio SpyHunter 2.9(koji jedininalazi Trojan Vundo?!) : Log Contents provided by Enigma Software Group, Inc. ###########################Runnning Processes DATA########################### processName = SMSS.EXE File Size = 50688 File Path = \SystemRoot\System32\smss.exe ModuleMD5 = 2997c8f2515c72df278e83f977a5ac40 processName = WINLOGON.EXE File Size = 502272 File Path = \??\C:\WINDOWS\system32\winlogon.exe ModuleMD5 = 3e080d3d4f81b0638766ccc4d7707d10 processName = SERVICES.EXE File Size = 108032 File Path = C:\WINDOWS\system32\services.exe ModuleMD5 = 0df00535e2f5aefaead3a800f75137af processName = LSASS.EXE File Size = 13312 File Path = C:\WINDOWS\system32\lsass.exe ModuleMD5 = ba428312d9a0726e4c07c2037e882520 processName = ATI2EVXX.EXE File Size = 405504 File Path = C:\WINDOWS\system32\Ati2evxx.exe ModuleMD5 = c4b5144443a368741e6427faa44c5491 processName = SVCHOST.EXE File Size = 14336 File Path = C:\WINDOWS\system32\svchost.exe ModuleMD5 = 22d8a75754b7b9ecc4753e3c09a56b18 processName = SVCHOST.EXE File Size = 14336 File Path = C:\WINDOWS\System32\svchost.exe ModuleMD5 = 22d8a75754b7b9ecc4753e3c09a56b18 processName = CCEVTMGR.EXE File Size = 317112 File Path = C:\Program\Delade filer\Symantec Shared\ccEvtMgr.exe ModuleMD5 = 3ed7d2c9556cbded30df0c7ef45f27af processName = SPOOLSV.EXE File Size = 57856 File Path = C:\WINDOWS\system32\spoolsv.exe ModuleMD5 = da81ec57acd4cdc3d4c51cf3d409af9f processName = ATI2EVXX.EXE File Size = 405504 File Path = C:\WINDOWS\system32\Ati2evxx.exe ModuleMD5 = c4b5144443a368741e6427faa44c5491 processName = EXPLORER.EXE File Size = 1033728 File Path = C:\WINDOWS\Explorer.EXE ModuleMD5 = 96d1dde74e550113d2fcb97c8a4c43cb processName = HPSYSDRV.EXE File Size = 52736 File Path = C:\windows\system\hpsysdrv.exe ModuleMD5 = 06a1ecb63df139ec639e084d4ab3c9d7 processName = SHWICON.EXE File Size = 69632 File Path = C:\Program\USB Storage RW\shwicon.exe ModuleMD5 = fdee1e4b56df300769be7c5740473e98 processName = KBD.EXE File Size = 61440 File Path = C:\HP\KBD\KBD.EXE ModuleMD5 = 4a95f15b706b8fd9ec8715b6401eab7b processName = CCAPP.EXE File Size = 54960 File Path = C:\Program\Delade filer\Symantec Shared\ccApp.exe ModuleMD5 = 1442b0b41c1b755a53c0c68aa2419876 processName = CTHELPER.EXE File Size = 28672 File Path = C:\WINDOWS\system32\CTHELPER.EXE ModuleMD5 = 2ba0f02e4b41b282408b3bf8caac2ffe processName = HPZTSB06.EXE File Size = 188416 File Path = C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb06.exe ModuleMD5 = 45a483a8b56605414af38abf71db102e processName = REGMECH.EXE File Size = 2299400 File Path = C:\Program\Registry Mechanic\RegMech.exe ModuleMD5 = e35f4404ec6ef6a87b2f6a3a9cafa17a processName = JUSCHED.EXE File Size = 132496 File Path = C:\Program\Java\jre1.6.0_02\bin\jusched.exe ModuleMD5 = 896e712a34d654a337c8cbb9deb07200 processName = ZLCLIENT.EXE File Size = 919280 File Path = C:\Program\Zone Labs\ZoneAlarm\zlclient.exe ModuleMD5 = 3e1731c55f77d150791d4c7e87ad4e5c processName = CLI.EXE File Size = 45056 File Path = C:\Program\ATI Technologies\ATI.ACE\cli.exe ModuleMD5 = 64c4c17bf6a40ff1cd21205e6fd415b8 processName = SPYHUNTER.EXE File Size = 2693248 File Path = C:\Program\Enigma Software Group\SpyHunter\SpyHunter.exe ModuleMD5 = 106556f40e0366b98ff715462aa3c3e5 processName = MSMSGS.EXE File Size = 1694208 File Path = C:\Program\Messenger\msmsgs.exe ModuleMD5 = 74e6e96c6f0e2eca4edbb7f7a468f259 processName = CTFMON.EXE File Size = 15360 File Path = C:\WINDOWS\system32\ctfmon.exe ModuleMD5 = febe82a289a6645e26b27f3a0a4d2b84 processName = SEARCHPROTECTION.EXE File Size = 224248 File Path = C:\Program\Yahoo!\Search Protection\SearchProtection.exe ModuleMD5 = b426580cb595d54cedf222a0e5c1ae54 processName = AAWSERVICE.EXE File Size = 557056 File Path = C:\Program\Lavasoft\Ad-Aware 2007\aawservice.exe ModuleMD5 = 2aa15adef712d1ef9ae651a4de7ffd4d processName = CTSVCCDA.EXE File Size = 44032 File Path = C:\WINDOWS\System32\CTsvcCDA.exe ModuleMD5 = 3c8b6609712f4ff78e521f6dcfc4032b processName = MDM.EXE File Size = 322120 File Path = C:\Program\Delade filer\Microsoft Shared\VS7Debug\mdm.exe ModuleMD5 = 11f714f85530a2bd134074dc30e99fca processName = NAVAPSVC.EXE File Size = 116344 File Path = c:\Program\Norton AntiVirus\navapsvc.exe ModuleMD5 = 81af14f7143364aa48179ab92766242b processName = SVCHOST.EXE File Size = 14336 File Path = C:\WINDOWS\System32\svchost.exe ModuleMD5 = 22d8a75754b7b9ecc4753e3c09a56b18 processName = VSMON.EXE File Size = 75568 File Path = C:\WINDOWS\system32\ZoneLabs\vsmon.exe ModuleMD5 = de71661665a86a2305918e8b91acedb9 processName = MSPMSPSV.EXE File Size = 53520 File Path = C:\WINDOWS\System32\MsPMSPSv.exe ModuleMD5 = 581176f60885aef8f78c6e38dcc3cdf9 processName = MANTISPM.EXE File Size = 869984 File Path = C:\Program\ZONELA~1\ZONEAL~1\MAILFR~1\mantispm.exe ModuleMD5 = cea7c867f7551d92bc5367968456b328 processName = CLI.EXE File Size = 45056 File Path = C:\Program\ATI Technologies\ATI.ACE\cli.exe ModuleMD5 = 64c4c17bf6a40ff1cd21205e6fd415b8 processName = CLI.EXE File Size = 45056 File Path = C:\Program\ATI Technologies\ATI.ACE\cli.exe ModuleMD5 = 64c4c17bf6a40ff1cd21205e6fd415b8 processName = IEXPLORE.EXE File Size = 625152 File Path = C:\Program\Internet Explorer\IEXPLORE.EXE ModuleMD5 = 275cee268b9e5d82474c43d5d249d111 ###########################REGISTRY MD5 DATA########################### <HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN> Name=hpsysdrv Data=c:\windows\system\hpsysdrv.exe FileSize = 52736 MD5=06a1ecb63df139ec639e084d4ab3c9d7 Name=HotKeysCmds Data=C:\WINDOWS\System32\hkcmd.exe FileSize = 114688 MD5=57a789dc4984ad1f5ce49f52104f2e87 Name=KYE_Showicon Data="C:\Program\USB Storage RW\shwicon.exe" -t"KYE\USB Storage RW" FileSize = MD5=****************************** Name=KBD Data=C:\HP\KBD\KBD.EXE FileSize = 61440 MD5=4a95f15b706b8fd9ec8715b6401eab7b Name=StorageGuard Data="C:\Program\VERITAS Software\Update Manager\sgtray.exe" /r FileSize = 155648 MD5=68c91658a3cb6773ec79c90cc0ee6bc1 Name=WCOLOREAL Data=C:\Program\Coloreal\coloreal.exe FileSize = 131072 MD5=73eba89a1c2830fe233f61a324b8c685 Name=Recguard Data=C:\WINDOWS\SMINST\RECGUARD.EXE FileSize = 212992 MD5=d3cc7a3813123e955b3a497c04b404e2 Name=nwiz Data=nwiz.exe /install FileSize = 372736 MD5=2265dca28bf872c0fa4ed831b430f405 Name=ccApp Data=C:\Program\Delade filer\Symantec Shared\ccApp.exe FileSize = 54960 MD5=1442b0b41c1b755a53c0c68aa2419876 Name=ccRegVfy Data=C:\Program\Delade filer\Symantec Shared\ccRegVfy.exe FileSize = 38576 MD5=6f817d95caf5ecf255d397eb676796ff Name=CTHelper Data=CTHELPER.EXE FileSize = 28672 MD5=2ba0f02e4b41b282408b3bf8caac2ffe Name=UpdReg Data=C:\WINDOWS\UpdReg.EXE FileSize = 90112 MD5=c419df63e0121d72411285780c2fc6cc Name=PS2 Data=C:\WINDOWS\system32\ps2.exe FileSize = 81920 MD5=5f48e155d9d723763feaf4a73ddad62c Name=HPDJ Taskbar Utility Data=C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb06.exe FileSize = 188416 MD5=45a483a8b56605414af38abf71db102e Name=RegistryMechanic Data=C:\Program\Registry Mechanic\RegMech.exe /S FileSize = 2299400 MD5=e35f4404ec6ef6a87b2f6a3a9cafa17a Name=SunJavaUpdateSched Data="C:\Program\Java\jre1.6.0_02\bin\jusched.exe" FileSize = 132496 MD5=896e712a34d654a337c8cbb9deb07200 Name=ZoneAlarm Client Data="C:\Program\Zone Labs\ZoneAlarm\zlclient.exe" FileSize = 919280 MD5=3e1731c55f77d150791d4c7e87ad4e5c Name=ATICCC Data="C:\Program\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay FileSize = 45056 MD5=64c4c17bf6a40ff1cd21205e6fd415b8 Name=NeroFilterCheck Data=C:\WINDOWS\system32\NeroCheck.exe FileSize = 155648 MD5=c93ab037a8c792d5f8a1a9fc88a7c7c5 Name=KernelFaultCheck Data=%systemroot%\system32\dumprep 0 -k FileSize = MD5= Name=TrojanScanner Data=C:\Program\Trojan Remover\Trjscan.exe FileSize = 470096 MD5=861e856ac170c266d88c71d58695e3c5 Name=SpyHunter Data=C:\Program\Enigma Software Group\SpyHunter\SpyHunter.exe FileSize = 2693248 MD5=106556f40e0366b98ff715462aa3c3e5 <HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUNONCEEX> <HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUNONCE> <HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN> Name=MSMSGS Data="C:\Program\Messenger\msmsgs.exe" /background FileSize = 1694208 MD5=74e6e96c6f0e2eca4edbb7f7a468f259 Name=ctfmon.exe Data=C:\WINDOWS\system32\ctfmon.exe FileSize = 15360 MD5=febe82a289a6645e26b27f3a0a4d2b84 Name=YSearchProtection Data=C:\Program\Yahoo!\Search Protection\SearchProtection.exe FileSize = 224248 MD5=b426580cb595d54cedf222a0e5c1ae54 <HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUNONCE> <HKEY_USERS\.DEFAULT\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN> <HKEY_USERS\.DEFAULT\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUNONCE> Name=SetDefaultMidi Data=MIDIDEF.EXE FileSize = 49152 MD5=21d25ed782720280391b5bbc2fbafc8a Name=PlayCenter2 Data="C:\Program\Creative\SBAudigy\PlayCenter2\MDEntry.EXE" "C:\Program\Creative\SBAudigy\PlayCenter2" FileSize = MD5=****************************** <HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWSNT\CURRENTVERSION\WINDOWS\APPINIT_DLLS> <HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\EXPLORER\RUN> <HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWSNT\CURRENTVERSION\WINLOGON\SHELL> Explorer.exe FileSize = 1033728 MD5=96d1dde74e550113d2fcb97c8a4c43cb <HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWSNT\CURRENTVERSION\WINLOGON\USERINIT> C:\WINDOWS\system32\userinit.exe, FileSize = 24576 MD5=452202227d7a5020d058d49106c0b872 #############################FILE MD5 DATA############################# <C:\Documents and Settings\Ägaren\Start-meny\Program\Autostart> File Path = C:\Documents and Settings\Ägaren\Start-meny\Program\Autostart\desktop.ini File Size = 4096 md5=d6a6856702e3f0953e7246a9b4a9fe35 #############################SERVICES DATA############################# Service Name = aawservice Service Display Name = Ad-Aware 2007 Service Opened = YES Status = Running Query = SUCCESS Service Type = 272 Service Start Type = 2 Service Error Control = 0 Service Binary Path = "C:\Program\Lavasoft\Ad-Aware 2007\aawservice.exe" Binary Size = 0 Binary MD5 = Service Name = ALG Service Display Name = Application Layer Gateway Service Opened = YES Status = Running Query = SUCCESS Service Type = 16 Service Start Type = 3 Service Error Control = 1 Service Binary Path = C:\WINDOWS\System32\alg.exe Binary Size = 44544 Binary MD5 = 674ad0546272f9adb8028b9ca0d0658f Service Name = Ati HotKey Poller Service Display Name = Ati HotKey Poller Opened = YES Status = Running Query = SUCCESS Service Type = 272 Service Start Type = 2 Service Error Control = 1 Service Binary Path = C:\WINDOWS\system32\Ati2evxx.exe Binary Size = 405504 Binary MD5 = c4b5144443a368741e6427faa44c5491 Service Name = AudioSrv Service Display Name = Windows Audio Opened = YES Status = Running Query = SUCCESS Service Type = 32 Service Start Type = 2 Service Error Control = 1 Service Binary Path = C:\WINDOWS\System32\svchost.exe -k netsvcs Binary Size = 0 Binary MD5 = Service Name = Browser Service Display Name = Computer Browser Opened = YES Status = Running Query = SUCCESS Service Type = 32 Service Start Type = 2 Service Error Control = 1 Service Binary Path = C:\WINDOWS\System32\svchost.exe -k netsvcs Binary Size = 0 Binary MD5 = Service Name = ccEvtMgr Service Display Name = Symantec Event Manager Opened = YES Status = Running Query = SUCCESS Service Type = 16 Service Start Type = 2 Service Error Control = 0 Service Binary Path = "C:\Program\Delade filer\Symantec Shared\ccEvtMgr.exe" Binary Size = 0 Binary MD5 = Service Name = Creative Service for CDROM Access Service Display Name = Creative Service for CDROM Access Opened = YES Status = Running Query = SUCCESS Service Type = 16 Service Start Type = 2 Service Error Control = 1 Service Binary Path = C:\WINDOWS\System32\CTsvcCDA.exe Binary Size = 44032 Binary MD5 = 3c8b6609712f4ff78e521f6dcfc4032b Service Name = CryptSvc Service Display Name = Cryptographic Services Opened = YES Status = Running Query = SUCCESS Service Type = 32 Service Start Type = 2 Service Error Control = 1 Service Binary Path = C:\WINDOWS\system32\svchost.exe -k netsvcs Binary Size = 0 Binary MD5 = Service Name = DcomLaunch Service Display Name = DCOM Server Process Launcher Opened = YES Status = Running Query = SUCCESS Service Type = 32 Service Start Type = 2 Service Error Control = 1 Service Binary Path = C:\WINDOWS\system32\svchost -k DcomLaunch Binary Size = 0 Binary MD5 = Service Name = Dhcp Service Display Name = DHCP Client Opened = YES Status = Running Query = SUCCESS Service Type = 32 Service Start Type = 2 Service Error Control = 1 Service Binary Path = C:\WINDOWS\System32\svchost.exe -k netsvcs Binary Size = 0 Binary MD5 = Service Name = Dnscache Service Display Name = DNS Client Opened = YES Status = Running Query = SUCCESS Service Type = 32 Service Start Type = 2 Service Error Control = 1 Service Binary Path = C:\WINDOWS\System32\svchost.exe -k NetworkService Binary Size = 0 Binary MD5 = Service Name = ERSvc Service Display Name = Error Reporting Service Opened = YES Status = Running Query = SUCCESS Service Type = 32 Service Start Type = 2 Service Error Control = 0 Service Binary Path = C:\WINDOWS\System32\svchost.exe -k netsvcs Binary Size = 0 Binary MD5 = Service Name = Eventlog Service Display Name = Event Log Opened = YES Status = Running Query = SUCCESS Service Type = 32 Service Start Type = 2 Service Error Control = 1 Service Binary Path = C:\WINDOWS\system32\services.exe Binary Size = 108032 Binary MD5 = 0df00535e2f5aefaead3a800f75137af Service Name = EventSystem Service Display Name = COM+ Event System Opened = YES Status = Running Query = SUCCESS Service Type = 32 Service Start Type = 3 Service Error Control = 1 Service Binary Path = C:\WINDOWS\System32\svchost.exe -k netsvcs Binary Size = 0 Binary MD5 = Service Name = FastUserSwitchingCompatibility Service Display Name = Fast User Switching Compatibility Opened = YES Status = Running Query = SUCCESS Service Type = 32 Service Start Type = 3 Service Error Control = 1 Service Binary Path = C:\WINDOWS\System32\svchost.exe -k netsvcs Binary Size = 0 Binary MD5 = Service Name = helpsvc Service Display Name = Help and Support Opened = YES Status = Running Query = SUCCESS Service Type = 32 Service Start Type = 2 Service Error Control = 1 Service Binary Path = C:\WINDOWS\System32\svchost.exe -k netsvcs Binary Size = 0 Binary MD5 = Service Name = lanmanserver Service Display Name = Server Opened = YES Status = Running Query = SUCCESS Service Type = 32 Service Start Type = 2 Service Error Control = 1 Service Binary Path = C:\WINDOWS\System32\svchost.exe -k netsvcs Binary Size = 0 Binary MD5 = Service Name = lanmanworkstation Service Display Name = Workstation Opened = YES Status = Running Query = SUCCESS Service Type = 32 Service Start Type = 2 Service Error Control = 1 Service Binary Path = C:\WINDOWS\System32\svchost.exe -k netsvcs Binary Size = 0 Binary MD5 = Service Name = LmHosts Service Display Name = TCP/IP NetBIOS Helper Opened = YES Status = Running Query = SUCCESS Service Type = 32 Service Start Type = 2 Service Error Control = 1 Service Binary Path = C:\WINDOWS\System32\svchost.exe -k LocalService Binary Size = 0 Binary MD5 = Service Name = MDM Service Display Name = Machine Debug Manager Opened = YES Status = Running Query = SUCCESS Service Type = 272 Service Start Type = 2 Service Error Control = 1 Service Binary Path = "C:\Program\Delade filer\Microsoft Shared\VS7Debug\mdm.exe" Binary Size = 0 Binary MD5 = Service Name = navapsvc Service Display Name = Norton AntiVirus Auto Protect Service Opened = YES Status = Running Query = SUCCESS Service Type = 16 Service Start Type = 2 Service Error Control = 1 Service Binary Path = c:\Program\Norton AntiVirus\navapsvc.exe Binary Size = 116344 Binary MD5 = 81af14f7143364aa48179ab92766242b Service Name = Netman Service Display Name = Network Connections Opened = YES Status = Running Query = SUCCESS Service Type = 288 Service Start Type = 3 Service Error Control = 1 Service Binary Path = C:\WINDOWS\System32\svchost.exe -k netsvcs Binary Size = 0 Binary MD5 = Service Name = Nla Service Display Name = Network Location Awareness (NLA) Opened = YES Status = Running Query = SUCCESS Service Type = 32 Service Start Type = 3 Service Error Control = 1 Service Binary Path = C:\WINDOWS\System32\svchost.exe -k netsvcs Binary Size = 0 Binary MD5 = Service Name = PlugPlay Service Display Name = Plug and Play Opened = YES Status = Running Query = SUCCESS Service Type = 32 Service Start Type = 2 Service Error Control = 1 Service Binary Path = C:\WINDOWS\system32\services.exe Binary Size = 108032 Binary MD5 = 0df00535e2f5aefaead3a800f75137af Service Name = PolicyAgent Service Display Name = IPSEC Services Opened = YES Status = Running Query = SUCCESS Service Type = 32 Service Start Type = 2 Service Error Control = 1 Service Binary Path = C:\WINDOWS\System32\lsass.exe Binary Size = 13312 Binary MD5 = ba428312d9a0726e4c07c2037e882520 Service Name = ProtectedStorage Service Display Name = Protected Storage Opened = YES Status = Running Query = SUCCESS Service Type = 288 Service Start Type = 2 Service Error Control = 1 Service Binary Path = C:\WINDOWS\system32\lsass.exe Binary Size = 13312 Binary MD5 = ba428312d9a0726e4c07c2037e882520 Service Name = RasMan Service Display Name = Remote Access Connection Manager Opened = YES Status = Running Query = SUCCESS Service Type = 32 Service Start Type = 3 Service Error Control = 1 Service Binary Path = C:\WINDOWS\System32\svchost.exe -k netsvcs Binary Size = 0 Binary MD5 = Service Name = RpcSs Service Display Name = Remote Procedure Call (RPC) Opened = YES Status = Running Query = SUCCESS Service Type = 32 Service Start Type = 2 Service Error Control = 1 Service Binary Path = C:\WINDOWS\system32\svchost -k rpcss Binary Size = 0 Binary MD5 = Service Name = SamSs Service Display Name = Security Accounts Manager Opened = YES Status = Running Query = SUCCESS Service Type = 32 Service Start Type = 2 Service Error Control = 1 Service Binary Path = C:\WINDOWS\system32\lsass.exe Binary Size = 13312 Binary MD5 = ba428312d9a0726e4c07c2037e882520 Service Name = Schedule Service Display Name = Task Scheduler Opened = YES Status = Running Query = SUCCESS Service Type = 288 Service Start Type = 2 Service Error Control = 1 Service Binary Path = C:\WINDOWS\System32\svchost.exe -k netsvcs Binary Size = 0 Binary MD5 = Service Name = seclogon Service Display Name = Secondary Logon Service Opened = YES Status = Running Query = SUCCESS Service Type = 288 Service Start Type = 2 Service Error Control = 0 Service Binary Path = C:\WINDOWS\System32\svchost.exe -k netsvcs Binary Size = 0 Binary MD5 = Service Name = SENS Service Display Name = System Event Notification Opened = YES Status = Running Query = SUCCESS Service Type = 32 Service Start Type = 2 Service Error Control = 1 Service Binary Path = C:\WINDOWS\system32\svchost.exe -k netsvcs Binary Size = 0 Binary MD5 = Service Name = SharedAccess Service Display Name = Windows Firewall/Internet Connection Sharing (ICS) Opened = YES Status = Running Query = SUCCESS Service Type = 32 Service Start Type = 2 Service Error Control = 1 Service Binary Path = C:\WINDOWS\System32\svchost.exe -k netsvcs Binary Size = 0 Binary MD5 = Service Name = ShellHWDetection Service Display Name = Shell Hardware Detection Opened = YES Status = Running Query = SUCCESS Service Type = 32 Service Start Type = 2 Service Error Control = 0 Service Binary Path = C:\WINDOWS\System32\svchost.exe -k netsvcs Binary Size = 0 Binary MD5 = Service Name = Spooler Service Display Name = Print Spooler Opened = YES Status = Running Query = SUCCESS Service Type = 272 Service Start Type = 2 Service Error Control = 1 Service Binary Path = C:\WINDOWS\system32\spoolsv.exe Binary Size = 57856 Binary MD5 = da81ec57acd4cdc3d4c51cf3d409af9f Service Name = srservice Service Display Name = System Restore Service Opened = YES Status = Running Query = SUCCESS Service Type = 32 Service Start Type = 2 Service Error Control = 1 Service Binary Path = C:\WINDOWS\System32\svchost.exe -k netsvcs Binary Size = 0 Binary MD5 = Service Name = SSDPSRV Service Display Name = SSDP Discovery Service Opened = YES Status = Running Query = SUCCESS Service Type = 32 Service Start Type = 3 Service Error Control = 1 Service Binary Path = C:\WINDOWS\System32\svchost.exe -k LocalService Binary Size = 0 Binary MD5 = Service Name = stisvc Service Display Name = WIA (Windows Image Acquisition) Opened = YES Status = Running Query = SUCCESS Service Type = 32 Service Start Type = 2 Service Error Control = 1 Service Binary Path = C:\WINDOWS\System32\svchost.exe -k imgsvc Binary Size = 0 Binary MD5 = Service Name = TapiSrv Service Display Name = Telephony Opened = YES Status = Running Query = SUCCESS Service Type = 32 Service Start Type = 3 Service Error Control = 1 Service Binary Path = C:\WINDOWS\System32\svchost.exe -k netsvcs Binary Size = 0 Binary MD5 = Service Name = TermService Service Display Name = Terminal Services Opened = YES Status = Running Query = SUCCESS Service Type = 32 Service Start Type = 3 Service Error Control = 1 Service Binary Path = C:\WINDOWS\System32\svchost -k DComLaunch Binary Size = 0 Binary MD5 = Service Name = Themes Service Display Name = Themes Opened = YES Status = Running Query = SUCCESS Service Type = 32 Service Start Type = 2 Service Error Control = 1 Service Binary Path = C:\WINDOWS\System32\svchost.exe -k netsvcs Binary Size = 0 Binary MD5 = Service Name = TrkWks Service Display Name = Distributed Link Tracking Client Opened = YES Status = Running Query = SUCCESS Service Type = 32 Service Start Type = 2 Service Error Control = 1 Service Binary Path = C:\WINDOWS\system32\svchost.exe -k netsvcs Binary Size = 0 Binary MD5 = Service Name = vsmon Service Display Name = TrueVector Internet Monitor Opened = YES Status = Running Query = SUCCESS Service Type = 272 Service Start Type = 2 Service Error Control = 1 Service Binary Path = C:\WINDOWS\system32\ZoneLabs\vsmon.exe -service Binary Size = 0 Binary MD5 = Service Name = W32Time Service Display Name = Windows Time Opened = YES Status = Running Query = SUCCESS Service Type = 32 Service Start Type = 2 Service Error Control = 1 Service Binary Path = C:\WINDOWS\System32\svchost.exe -k netsvcs Binary Size = 0 Binary MD5 = Service Name = WebClient Service Display Name = WebClient Opened = YES Status = Running Query = SUCCESS Service Type = 32 Service Start Type = 2 Service Error Control = 1 Service Binary Path = C:\WINDOWS\System32\svchost.exe -k LocalService Binary Size = 0 Binary MD5 = Service Name = winmgmt Service Display Name = Windows Management Instrumentation Opened = YES Status = Running Query = SUCCESS Service Type = 32 Service Start Type = 2 Service Error Control = 0 Service Binary Path = C:\WINDOWS\system32\svchost.exe -k netsvcs Binary Size = 0 Binary MD5 = Service Name = WMDM PMSP Service Service Display Name = WMDM PMSP Service Opened = YES Status = Running Query = SUCCESS Service Type = 16 Service Start Type = 2 Service Error Control = 1 Service Binary Path = C:\WINDOWS\System32\MsPMSPSv.exe Binary Size = 53520 Binary MD5 = 581176f60885aef8f78c6e38dcc3cdf9 Service Name = wscsvc Service Display Name = Security Center Opened = YES Status = Running Query = SUCCESS Service Type = 32 Service Start Type = 2 Service Error Control = 1 Service Binary Path = C:\WINDOWS\System32\svchost.exe -k netsvcs Binary Size = 0 Binary MD5 = Service Name = wuauserv Service Display Name = Automatiska uppdateringar Opened = YES Status = Running Query = SUCCESS Service Type = 32 Service Start Type = 2 Service Error Control = 1 Service Binary Path = C:\WINDOWS\system32\svchost.exe -k netsvcs Binary Size = 0 Binary MD5 = Service Name = WZCSVC Service Display Name = Wireless Zero Configuration Opened = YES Status = Running Query = SUCCESS Service Type = 32 Service Start Type = 2 Service Error Control = 1 Service Binary Path = C:\WINDOWS\System32\svchost.exe -k netsvcs Binary Size = 0 Binary MD5 = #############################WINLOGON DATA############################# <HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWSNT\CURRENTVERSION\WINLOGON\NOTIFY> Subkey Name = Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent Filepath = C:\WINDOWS\system32\Ati2evxx.dll File Size = 61440 File MD5 = 8b2f44c23bf09904e73d6e060a1dfd90 Subkey Name = Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain Filepath = C:\WINDOWS\system32\crypt32.dll File Size = 600576 File MD5 = 20176d9c3b1efcc7a4483a691f1a1ef2 Subkey Name = Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet Filepath = C:\WINDOWS\system32\cryptnet.dll File Size = 63488 File MD5 = 509927af34b0d25837e2d9b4ecf3fc06 Subkey Name = Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll Filepath = C:\WINDOWS\system32\cscdll.dll File Size = 101888 File MD5 = eba4bffaf08c36b8b8ed677de3ca59c0 Subkey Name = Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui Filepath = C:\WINDOWS\system32\igfxsrvc.dll File Size = 315392 File MD5 = 61f0a42d45d401a5d3fef374d03f5179 Subkey Name = Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp Filepath = C:\WINDOWS\system32\wlnotify.dll File Size = 93184 File MD5 = 1caa768ca61c151e5ffc2a6e2e1877af Subkey Name = Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule Filepath = C:\WINDOWS\system32\wlnotify.dll File Size = 93184 File MD5 = 1caa768ca61c151e5ffc2a6e2e1877af Subkey Name = Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy Filepath = C:\WINDOWS\system32\sclgntfy.dll File Size = 22016 File MD5 = 8b70976fc6ed09797e1a1291d3805518 Subkey Name = Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn Filepath = C:\WINDOWS\system32\WlNotify.dll File Size = 93184 File MD5 = 1caa768ca61c151e5ffc2a6e2e1877af Subkey Name = Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv Filepath = C:\WINDOWS\system32\wlnotify.dll File Size = 93184 File MD5 = 1caa768ca61c151e5ffc2a6e2e1877af Subkey Name = Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon Filepath = C:\WINDOWS\system32\WgaLogon.dll File Size = 236928 File MD5 = 190eac13ebe017a588043011ca3e3dbe Subkey Name = Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon Filepath = C:\WINDOWS\system32\wlnotify.dll File Size = 93184 File MD5 = 1caa768ca61c151e5ffc2a6e2e1877af ##########################BROWSER ADD-ON DATA########################## <HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar> CLSID = {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} FilePath = c:\Program\Norton AntiVirus\NavShExt.dll File Size = 112248 File MD5 = 9e12604767096103c2a4051735ba22ab Description = Norton AntiVirus CLSID = {2318C2B1-4965-11d4-9B18-009027A5CD4F} FilePath = c:\program\google\googletoolbar2.dll File Size = 2403392 File MD5 = 6319f2d4708dbcae37cfa03da10782c0 Description = 0 CLSID = {EF99BD32-C1FB-11D2-892F-0090271D4F88} FilePath = C:\Program\Yahoo!\Companion\Installs\cpn\yt.dll File Size = 808472 File MD5 = 10555a800613c8613af53fad54f1c23f Description = 0 <HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Explorer Bars> CLSID = {4D5C8C25-D075-11d0-B416-00C04FB90376} FilePath = C:\WINDOWS\System32\shdocvw.dll File Size = 1497088 File MD5 = 559b2d22a1ee947a7eaed530c7ff9320 <HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars> CLSID = {32683183-48a0-441b-a342-7c2a440a9478} FilePath = File Size = 0 File MD5 = <HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects> CLSID = {02478D38-C3F9-4efb-9B51-7695ECA05670} FilePath = C:\Program\Yahoo!\Companion\Installs\cpn\yt.dll File Size = 808472 File MD5 = 10555a800613c8613af53fad54f1c23f CLSID = {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} FilePath = C:\Program\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx File Size = 37808 File MD5 = 8394abfc1be196a62c9f532511936df7 CLSID = {22BF413B-C6D2-4d91-82A9-A0F997BA588C} FilePath = C:\Program\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll File Size = 1062184 File MD5 = 666babcd255c9a6a616e6c3c46fa7ec0 CLSID = {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} FilePath = C:\Program\Java\jre1.6.0_02\bin\ssv.dll File Size = 501136 File MD5 = d6137540bdf0f9f9b9055c60add8007a CLSID = {AA58ED58-01DD-4d91-8333-CF10577473F7} FilePath = c:\program\google\googletoolbar2.dll File Size = 2403392 File MD5 = 6319f2d4708dbcae37cfa03da10782c0 CLSID = {BDF3E430-B101-42AD-A544-FADC6B084872} FilePath = c:\Program\Norton AntiVirus\NavShExt.dll File Size = 112248 File MD5 = 9e12604767096103c2a4051735ba22ab <HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Extensions> CLSID = {08B0E5C0-4FCB-11CF-AAA5-00401C608501} FilePath = C:\WINDOWS\System32\msjava.dll File Size = 947472 File MD5 = e75aa32c6b79c846f5314ca4da92f29e CLSID = {77BF5300-1474-4EC7-9980-D32B190E9B07} FilePath = C:\Program\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll File Size = 1062184 File MD5 = 666babcd255c9a6a616e6c3c46fa7ec0 CLSID = {e2e2dd38-d088-4134-82b7-f2ba38496583} FilePath = File Size = 0 File MD5 = CLSID = {FB5F1910-F110-11d2-BB9E-00C04F795683} FilePath = File Size = 0 File MD5 = <HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions> CLSID = CmdMapping FilePath = File Size = 0 File MD5 = <HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks> CLSID = {CFBFAE00-17A6-11D0-99CB-00C04FD64497} FilePath = C:\WINDOWS\system32\ieframe.dll File Size = 6058496 File MD5 = 58500a5eb0c0663dc24b9dd461d194a8 Description = CLSID = {EF99BD32-C1FB-11D2-892F-0090271D4F88} FilePath = C:\Program\Yahoo!\Companion\Installs\cpn\yt.dll File Size = 808472 File MD5 = 10555a800613c8613af53fad54f1c23f Description = <HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler> CLSID = {438755C2-A8BA-11D1-B96B-00A0C90312E1} FilePath = C:\WINDOWS\System32\browseui.dll File Size = 1022976 File MD5 = b99ff349bf53bd91fbddcd6b1ede8980 Description = Browseui preloader CLSID = {8C7461EF-2B13-11d2-BE35-3078302C2030} FilePath = C:\WINDOWS\System32\browseui.dll File Size = 1022976 File MD5 = b99ff349bf53bd91fbddcd6b1ede8980 Description = Component Categories cache daemon ##########################LSP CHAIN DATA########################## <HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\WINSOCK2\PARAMETERS> Sequence Num = SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000001 Filepath = C:\WINDOWS\system32\mswsock.dll File Size = 247296 File MD5 = 85d58e28d38f3e3b6e6c6912bfb9562d Sequence Num = SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000002 Filepath = C:\WINDOWS\system32\mswsock.dll File Size = 247296 File MD5 = 85d58e28d38f3e3b6e6c6912bfb9562d Sequence Num = SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000003 Filepath = C:\WINDOWS\system32\mswsock.dll File Size = 247296 File MD5 = 85d58e28d38f3e3b6e6c6912bfb9562d Sequence Num = SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000004 Filepath = C:\WINDOWS\system32\rsvpsp.dll File Size = 90112 File MD5 = c4ddf85260ae124288f1f4d5a4fc852e Sequence Num = SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000005 Filepath = C:\WINDOWS\system32\rsvpsp.dll File Size = 90112 File MD5 = c4ddf85260ae124288f1f4d5a4fc852e Sequence Num = SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000006 Filepath = C:\WINDOWS\system32\mswsock.dll File Size = 247296 File MD5 = 85d58e28d38f3e3b6e6c6912bfb9562d Sequence Num = SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000007 Filepath = C:\WINDOWS\system32\mswsock.dll File Size = 247296 File MD5 = 85d58e28d38f3e3b6e6c6912bfb9562d Sequence Num = SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000008 Filepath = C:\WINDOWS\system32\mswsock.dll File Size = 247296 File MD5 = 85d58e28d38f3e3b6e6c6912bfb9562d Sequence Num = SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000009 Filepath = C:\WINDOWS\system32\mswsock.dll File Size = 247296 File MD5 = 85d58e28d38f3e3b6e6c6912bfb9562d Sequence Num = SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000010 Filepath = C:\WINDOWS\system32\mswsock.dll File Size = 247296 File MD5 = 85d58e28d38f3e3b6e6c6912bfb9562d Sequence Num = SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000011 Filepath = C:\WINDOWS\system32\mswsock.dll File Size = 247296 File MD5 = 85d58e28d38f3e3b6e6c6912bfb9562d Sequence Num = SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000012 Filepath = C:\WINDOWS\system32\mswsock.dll File Size = 247296 File MD5 = 85d58e28d38f3e3b6e6c6912bfb9562d Sequence Num = SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000013 Filepath = C:\WINDOWS\system32\mswsock.dll File Size = 247296 File MD5 = 85d58e28d38f3e3b6e6c6912bfb9562d Sequence Num = SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000014 Filepath = C:\WINDOWS\system32\mswsock.dll File Size = 247296 File MD5 = 85d58e28d38f3e3b6e6c6912bfb9562d Sequence Num = SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000015 Filepath = C:\WINDOWS\system32\mswsock.dll File Size = 247296 File MD5 = 85d58e28d38f3e3b6e6c6912bfb9562d ##########################UNINSTALL DATA########################## <HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL> Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\AC3Filter DisplayName = AC3Filter (remove only) Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\Ad-aware 6 Personal DisplayName = Ad-aware 6 Personal Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\AddressBook Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\Adobe Acrobat 5.0 DisplayName = Adobe Acrobat 5.0 InstallLocation = C:\Program\Adobe\Acrobat 5.0 Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\All ATI Software DisplayName = ATI - Hjälp för avinstallation av program InstallLocation = C:\Program\ATI Technologies\UninstallAll Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\Anti Trojan Elite_is1 DisplayName = Anti Trojan Elite 3.8.4 InstallLocation = C:\Program\Anti Trojan Elite\ Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\Antivirus Protection DisplayName = Antivirus Protection 3.0.0 Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\ATI Display Driver DisplayName = ATI Display Driver Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\AudioHQ Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\BSPlayer DisplayName = BSPlayer (remove only) Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\BSPlayer1 DisplayName = BSPlayer Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\CamModul DisplayName = CamModul Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\Connection Manager Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\Cool's_Codec_pack_4.12 DisplayName = Codec Pack - All In 1 6.0.3.0 Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\Creative Driver DisplayName = Creative Driver Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\Creative PlayCenter 2.0 Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\Creative Recorder Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\Creative Restore Defaults Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\Creative Surround Mixer 2 Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\Creative WaveStudio Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\DC++ DisplayName = DC++ 0.699 InstallLocation = C:\Program\DC++ Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\Diagnostics2 Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\DirectAnimation Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\DirectDrawEx Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\DivX Codec DisplayName = DivX Pro Codec Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\DXM_Runtime Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\Far Cry DisplayName = Far Cry Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\ffdshow_is1 DisplayName = ffdshow [rev 1370] [2007-07-22] InstallLocation = C:\WINDOWS\system32\ Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\Fontcore Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\HijackThis DisplayName = HijackThis 2.0.0 Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\Hollywood FX 4.6 DisplayName = Pinnacle Hollywood FX 4.6 Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\hp deskjet 5550 series DisplayName = hp deskjet 5550 series - Avinstallation Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\hp print screen utility DisplayName = hp print screen utility Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\ICW Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\IDNMitigationAPIs DisplayName = Microsoft Internationalized Domain Names Mitigation APIs Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\IE40 Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\IE4Data Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\IE5BAKEX Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\ie7 DisplayName = Windows Internet Explorer 7 Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\IEData Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB873339 DisplayName = Windows XP Hotfix - KB873339 Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB884016 Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB884267 Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB885353 Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB885835 DisplayName = Windows XP Hotfix - KB885835 Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB885836 DisplayName = Windows XP Hotfix - KB885836 Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB885884 DisplayName = Windows XP Hotfix - KB885884 Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB886185 DisplayName = Windows XP Hotfix - KB886185 Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB886612 Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB887078 Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB887472 DisplayName = Windows XP Hotfix - KB887472 Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB887626 Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB888302 DisplayName = Windows XP Hotfix - KB888302 Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB888656 Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB889858 Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB890046 DisplayName = Säkerhetsuppdatering för Windows XP (KB890046) Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB890859 DisplayName = Windows XP Hotfix - KB890859 Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB891122 Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB891781 DisplayName = Windows XP Hotfix - KB891781 Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB892130 DisplayName = Windows Genuine Advantage Validation Tool (KB892130) Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB892313 Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB893240 Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB893241 Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB893756 DisplayName = Säkerhetsuppdatering för Windows XP (KB893756) Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB893803 Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB893803v2 DisplayName = Windows Installer 3.1 (KB893803) Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB895181 Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB895316 Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB895572 Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB896358 DisplayName = Säkerhetsuppdatering för Windows XP (KB896358-) Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB896423 DisplayName = Säkerhetsuppdatering för Windows XP (KB896423) Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB896424 DisplayName = Säkerhetsuppdatering för Windows XP (KB896424) Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB896428 DisplayName = Säkerhetsuppdatering för Windows XP (KB896428-) Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB897586 Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB898458 DisplayName = Säkerhetsuppdatering för Step by Step Interactive Training (KB898458-) Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB898461 DisplayName = Uppdatering för Windows XP (KB898461) Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB898549 Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB899587 DisplayName = Säkerhetsuppdatering för Windows XP (KB899587) Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB899591 DisplayName = Säkerhetsuppdatering för Windows XP (KB899591) Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB900399 Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB900485 DisplayName = Uppdatering för Windows XP (KB900485) Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB900725 DisplayName = Säkerhetsuppdatering för Windows XP (KB900725) Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB901017 DisplayName = Säkerhetsuppdatering för Windows XP (KB901017) Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB901214 DisplayName = Säkerhetsuppdatering för Windows XP (KB901214) Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB902344 Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB902400 DisplayName = Säkerhetsuppdatering för Windows XP (KB902400) Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB904706 DisplayName = Säkerhetsuppdatering för Windows XP (KB904706) Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB904942 DisplayName = Uppdatering för Windows XP (KB904942) Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB905414 DisplayName = Säkerhetsuppdatering för Windows XP (KB905414) Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB905749 DisplayName = Säkerhetsuppdatering för Windows XP (KB905749) Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB907658 Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB908519 DisplayName = Säkerhetsuppdatering för Windows XP (KB908519) Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB908531 DisplayName = Uppdatering för Windows XP (KB908531) Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB910437 DisplayName = Uppdatering för Windows XP (KB910437) Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB911280 DisplayName = Uppdatering för Windows XP (KB911280) Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB911562 DisplayName = Säkerhetsuppdatering för Windows XP (KB911562) Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB911564 DisplayName = Säkerhetsuppdatering för Windows Media Player (KB911564) Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB911565 Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB911854 Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB911927 DisplayName = Säkerhetsuppdatering för Windows XP (KB911927) Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB912919 DisplayName = Säkerhetsuppdatering för Windows XP (KB912919) Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB913580 DisplayName = Säkerhetsuppdatering för Windows XP (KB913580) Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB914388 DisplayName = Säkerhetsuppdatering för Windows XP (KB914388-) Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB914389 DisplayName = Säkerhetsuppdatering för Windows XP (KB914389) Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB914440 DisplayName = Snabbkorrigering för Windows XP (KB914440) Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB915865 DisplayName = Hotfix for Windows XP (KB915865) Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB916595 DisplayName = Uppdatering för Windows XP (KB916595) Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB917344 DisplayName = Säkerhetsuppdatering för Windows XP (KB917344) Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB917422 DisplayName = Säkerhetsuppdatering för Windows XP (KB917422) Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB917734_WMP8 DisplayName = Säkerhetsuppdatering för Windows Media Player 8 (KB917734) Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB917734_WMP9 DisplayName = Säkerhetsuppdatering för Windows Media Player 9 (KB917734) Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB917953 DisplayName = Säkerhetsuppdatering för Windows XP (KB917953) Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB918118 DisplayName = Säkerhetsuppdatering för Windows XP (KB918118-) Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB919007 DisplayName = Säkerhetsuppdatering för Windows XP (KB919007) Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB920213 DisplayName = Säkerhetsuppdatering för Windows XP (KB920213) Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB920670 DisplayName = Säkerhetsuppdatering för Windows XP (KB920670) Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB920683 DisplayName = Säkerhetsuppdatering för Windows XP (KB920683) Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB920685 DisplayName = Säkerhetsuppdatering för Windows XP (KB920685) Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB920872 DisplayName = Uppdatering för Windows XP (KB920872) Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB921398 DisplayName = Säkerhetsuppdatering för Windows XP (KB921398-) Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB921503 DisplayName = Säkerhetsuppdatering för Windows XP (KB921503) Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB921883 DisplayName = Säkerhetsuppdatering för Windows XP (KB921883) Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB922582 DisplayName = Uppdatering för Windows XP (KB922582) Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB922616 DisplayName = Säkerhetsuppdatering för Windows XP (KB922616) Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB922819 DisplayName = Säkerhetsuppdatering för Windows XP (KB922819) Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB923191 DisplayName = Säkerhetsuppdatering för Windows XP (KB923191) Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB923414 DisplayName = Säkerhetsuppdatering för Windows XP (KB923414) Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB923689 DisplayName = Säkerhetsuppdatering för Windows XP (KB923689) Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB923723 DisplayName = Säkerhetsuppdatering för Step by Step Interactive Training (KB923723) Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB923980 DisplayName = Säkerhetsuppdatering för Windows XP (KB923980) Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB924191 DisplayName = Säkerhetsuppdatering för Windows XP (KB924191) Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB924270 DisplayName = Säkerhetsuppdatering för Windows XP (KB924270) Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB924496 DisplayName = Säkerhetsuppdatering för Windows XP (KB924496) Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB924667 DisplayName = Säkerhetsuppdatering för Windows XP (KB924667) Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB925398_WMP64 DisplayName = Säkerhetsuppdatering för Windows Media Player 6.4 (KB925398-) Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB925902 DisplayName = Säkerhetsuppdatering för Windows XP (KB925902) Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB926239 DisplayName = Hotfix for Windows XP (KB926239) Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB926255 DisplayName = Säkerhetsuppdatering för Windows XP (KB926255) Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB926436 DisplayName = Säkerhetsuppdatering för Windows XP (KB926436) Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB927779 DisplayName = Säkerhetsuppdatering för Windows XP (KB927779) Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB927802 DisplayName = Säkerhetsuppdatering för Windows XP (KB927802) Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB927891 DisplayName = Uppdatering för Windows XP (KB927891) Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB928255 DisplayName = Säkerhetsuppdatering för Windows XP (KB928255) Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB928843 DisplayName = Säkerhetsuppdatering för Windows XP (KB928843) Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB929123 DisplayName = Säkerhetsuppdatering för Windows XP (KB929123) Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB929399 DisplayName = Hotfix for Windows Media Format 11 SDK (KB929399) Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB929969 DisplayName = Säkerhetsuppdatering för Windows Internet Explorer 7 (KB929969) Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB930178 DisplayName = Säkerhetsuppdatering för Windows XP (KB930178-) Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB930916 DisplayName = Uppdatering för Windows XP (KB930916) Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB931261 DisplayName = Säkerhetsuppdatering för Windows XP (KB931261) Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB931784 DisplayName = Säkerhetsuppdatering för Windows XP (KB931784) Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB931836 DisplayName = Uppdatering för Windows XP (KB931836) Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB932168 DisplayName = Säkerhetsuppdatering för Windows XP (KB932168-) Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB933566 DisplayName = Säkerhetsuppdatering för Windows XP (KB933566) Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB933566-IE7 Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB935839 DisplayName = Säkerhetsuppdatering för Windows XP (KB935839) Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB935840 DisplayName = Säkerhetsuppdatering för Windows XP (KB935840) Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB936021 DisplayName = Säkerhetsuppdatering för Windows XP (KB936021) Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB936357 DisplayName = Uppdatering för Windows XP (KB936357) Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB936782_WMP11 DisplayName = Säkerhetsuppdatering för Windows Media Player 11 (KB936782) Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB937143-IE7 DisplayName = Säkerhetsuppdatering för Windows Internet Explorer 7 (KB937143) Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB938127-IE7 DisplayName = Säkerhetsuppdatering för Windows Internet Explorer 7 (KB938127) Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB938828 DisplayName = Uppdatering för Windows XP (KB938828-) Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KB938829 DisplayName = Säkerhetsuppdatering för Windows XP (KB938829) Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\KBD DisplayName = KBD Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\LiveReg DisplayName = LiveReg (Symantec Corporation) InstallLocation = C:\Program\Delade filer\Symantec Shared\LiveReg Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\LiveUpdate DisplayName = LiveUpdate 1.80 (Symantec Corporation) InstallLocation = C:\Program\Symantec\LiveUpdate Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\M928366 DisplayName = Microsoft .NET Framework 1.1 Hotfix (KB928366) Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\M9283671053 DisplayName = Microsoft .NET Framework 1.0 Hotfix (KB928367) Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\MailFrontier Desktop Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\Microsoft Full v1.0.3705 (1053) Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\Microsoft .NET Framework 1.1 (1033) DisplayName = Microsoft .NET Framework 1.1 Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\Microsoft .NET Framework Full v1.0.3705 (1053) DisplayName = Microsoft .NET Framework (Swedish) v1.0.3705 Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\Microsoft Interactive Training Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\Microsoft NetShow Player 2.0 Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\MobileOptionPack Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\MPlayer2 Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\MSCompPackV1 DisplayName = Microsoft Compression Client Pack 1.0 for Windows XP Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\MSI30-Beta1 Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\MSI30-Beta2 Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\MSI30-KB884016 Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\MSI30-RC1 Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\MSI30-RC2 Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\MSI30a-KB884016 Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\MSI31-Beta Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\MSI31-RC1 Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\MsJavaVM Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\MyCD.exe Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\Nero - Burning Rom!UninstallKey DisplayName = Nero OEM Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\NetMeeting Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\NLSDownlevelMapping DisplayName = Microsoft National Language Support Downlevel APIs Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\NVIDIA DisplayName = NVIDIA Windows 2000/XP Display Drivers Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\OutlookExpress Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\PCHealth Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\PS2 DisplayName = PS2 Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\Python 2.2 combined Win32 extensions DisplayName = Python 2.2 combined Win32 extensions Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\Python 2.2.1 DisplayName = Python 2.2.1 Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\Registry Mechanic_is1 DisplayName = Registry Mechanic 6.0 InstallLocation = C:\Program\Registry Mechanic\ Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\S3Display DisplayName = S3Display Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\S3Gamma2 DisplayName = S3Gamma2 Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\S3Info2 DisplayName = S3Info2 Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\S3Overlay DisplayName = S3Overlay Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\SchedulingAgent Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\SGTRAY.EXE Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\ShockwaveFlash DisplayName = Adobe Flash Player 9 ActiveX Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\Sound Blaster Audigy Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\Sound Blaster Audigy Windows Drivers Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\T r o j a n R e m o v e r_is1 DisplayName = Trojan Remover 6.6.1 InstallLocation = C:\Program\Trojan Remover\ Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\WGA DisplayName = Windows Genuine Advantage Validation Tool (KB892130) Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\WgaNotify DisplayName = Windows Genuine Advantage Notifications (KB905474) Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\Windows Media Format Runtime DisplayName = Windows Media Format 11 runtime Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\Windows Media Player DisplayName = Windows Media Player 11 Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\Windows XP Service Pack DisplayName = Windows XP Service Pack 2 Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\WinISO_is1 DisplayName = WinISO 5.3 Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\WinRAR archiver DisplayName = WinRAR arhiver Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\WMCSetup Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\WMFDist11 DisplayName = Windows Media Format 11 runtime Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\wmp11 DisplayName = Windows Media Player 11 Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\Wudf01000 DisplayName = Microsoft User-Mode Driver Framework Feature Pack 1.0 Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\XP Codec Pack DisplayName = XP Codec Pack Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\XviD DisplayName = XviD MPEG-4 Codec Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\Yahoo! Anti-Spy DisplayName = Yahoo! Anti-Spy Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\Yahoo! Companion DisplayName = Yahoo! Toolbar Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\Yahoo! Search Defender DisplayName = Yahoo! Search Protection Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\Yahoo! Toolbar DisplayName = Yahoo! Toolbar Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\YInstHelper DisplayName = Yahoo! Install Manager Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\ZoneAlarm Security Suite DisplayName = ZoneAlarm Security Suite Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\{083F79E4-6FE9-46FB-A6C6-4F8862742947} DisplayName = ATI HYDRAVISION Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\{09DA4F91-2A09-4232-AB8C-6BC740096DE3} DisplayName = RecordNow Update Manager InstallLocation = Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\{0DCFC7D5-8608-478C-8082-1FF848B978AF} DisplayName = USB Storage RW Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\{0F6A7971-0F11-4A79-A0E9-133D0963A570} DisplayName = ISO Recorder InstallLocation = Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\{2318C2B1-4965-11d4-9B18-009027A5CD4F} DisplayName = Google Toolbar for Internet Explorer Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\{3248F0A8-6813-11D6-A77B-00B0D0160020} DisplayName = Java(TM) 6 Update 2 InstallLocation = Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\{350C941d-3D7C-4EE8-BAA9-00BCB3D54227} DisplayName = WebFldrs XP InstallLocation = Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\{435E969D-867E-4364-8E74-3DC8A69C5BDB} Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\{48E3A9E6-FA13-11D5-8CC9-00A0C98192B6} Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\{4C643986-DE3C-4737-8472-CCEC36CCC267} DisplayName = Studio Content CD InstallLocation = C:\Program\Pinnacle\Studio 8 Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\{4EF69D40-4DC9-485E-95D3-B1C22F218FC8} DisplayName = upapp InstallLocation = Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\{53EF6570-21A4-47ED-A40A-E6470A5677A3} DisplayName = Studio 8 Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\{54C8254E-D68E-490C-9126-57999F4B1BBF} DisplayName = Microsoft .NET Framework (Swedish) InstallLocation = Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\{58582977-44D2-44A0-A09B-031CC2AE5938} Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\{5C82DAE5-6EB0-4374-9254-BE3319BA4E82} DisplayName = Skype™ 3.2 InstallLocation = C:\Program\Skype\ Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\{5E835305-63BB-4E55-BBB7-EEBBE67774DB} DisplayName = MyDVD Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\{8214CC02-6271-4DC8-B8DD-779933450264} DisplayName = RecordNow InstallLocation = Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\{8A708DD8-A5E6-11D4-A706-000629E95E20} DisplayName = Intel(R) Extreme Graphics Driver Software Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\{8D5D99B8-DFA2-4018-ADE9-A6B83E655C65} DisplayName = Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\{8D70145A-3BD3-4DBF-9CBF-223EF4A43257} DisplayName = ATI Parental Control & Encoder InstallLocation = C:\WINDOWS\system32\ Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\{90AF041D-6000-11D3-8CFE-0150048383C9} DisplayName = Microsoft Office PowerPoint Viewer 2003 InstallLocation = C:\Program\Microsoft Office\ Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\{9115E7DB-3B29-445A-802D-11E0AA945B7F} DisplayName = Sound Blaster Audigy Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\{911B041D-6000-11D3-8CFE-0050048383C9} DisplayName = Microsoft Word 2002 InstallLocation = Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\{94CFDD29-1CB2-4D89-A024-5E1E8DEF3072} DisplayName = ACDSee 3.1 SR-1 InstallLocation = Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\{98E8A2EF-4EAE-43B8-A172-74842B764777} DisplayName = InterVideo WinDVD Player InstallLocation = C:\Program\InterVideo\WinDVD4 Subkey

Profil

misto Poslao: 17 Avg 2007 00:51 Idi na vrh
offline misto Građanin Pridružio: 08 Okt 2003 Poruke: 63 Gde živiš: Sweden	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! ...Ovo je nastavak... Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\{9A4D2983-4662-4387-BE3D-4CFC2FA9C100} Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\{A731533B-B325-4D9C-91A4-D93C8E294C19} Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\{BDE90251-93EB-4F6A-89D8-086E2D91DC56} DisplayName = Coloreal Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\{CB2F7EDD-9D Eto,pa sad ako moze da pomogne... Nista,meni ostaje samo da cekam da neko da neki predlog,a do tada pozdrav svima!!! Laku noc

Profil

DEMIAN Poslao: 17 Avg 2007 01:34 Idi na vrh
offline DEMIAN Legendarni građanin IT Manager Pridružio: 25 Mar 2005 Poruke: 3706 Gde živiš: The darkest place on earth..	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Jel' možeš da zapišeš ili slikaš (screenshot) ime fajla koji je detektovan kao Vundo ? PS: Nisi mi odgovorio na PP. Ajd' bitno je..

Profil

misto Poslao: 17 Avg 2007 16:11 Idi na vrh
offline misto Građanin Pridružio: 08 Okt 2003 Poruke: 63 Gde živiš: Sweden	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Dobar dan! Evo ovako: reinstalirao sam windows tako da vise nemam problem sa virusom ili sta je vec bilo... Uglavnom za sada sve radi normalno. Za svaki slucaj evo HijackThis log: Logfile of HijackThis v1.99.1 Scan saved at 16:09:12, on 2007-08-17 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16512) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\System32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\windows\system\hpsysdrv.exe C:\Program\USB Storage RW\shwicon.exe C:\HP\KBD\KBD.EXE C:\Program\Delade filer\Symantec Shared\ccApp.exe C:\WINDOWS\system32\CTHELPER.EXE c:\Program\Delade filer\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb06.exe C:\Program\Messenger\msmsgs.exe C:\WINDOWS\System32\CTsvcCDA.exe C:\Program\Yahoo!\Search Protection\SearchProtection.exe c:\Program\Norton AntiVirus\navapsvc.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\MsPMSPSv.exe C:\Program\Internet Explorer\iexplore.exe C:\Program\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe C:\Documents and Settings\Ägaren\Skrivbord\TR3.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = us.rd.yahoo.com/customize/ycomp/defaults/sb/http://www.yahoo.com/search/ie.html R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = us.rd.yahoo.com/customize/ycomp/defaults/sp/http://www.yahoo.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = us.rd.yahoo.com/customize/ycomp/defaults/su/http://www.yahoo.com R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program\Delade filer\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program\google\googletoolbar1.dll O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - c:\Program\Norton AntiVirus\NavShExt.dll O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program\Norton AntiVirus\NavShExt.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program\Yahoo!\Companion\Installs\cpn\yt.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program\google\googletoolbar1.dll O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe O4 - HKLM\..\Run: [KYE_Showicon] "C:\Program\USB Storage RW\shwicon.exe" -t"KYE\USB Storage RW" O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE O4 - HKLM\..\Run: [StorageGuard] "C:\Program\VERITAS Software\Update Manager\sgtray.exe" /r O4 - HKLM\..\Run: [WCOLOREAL] C:\Program\Coloreal\coloreal.exe O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [ccApp] c:\Program\Delade filer\Symantec Shared\ccApp.exe O4 - HKLM\..\Run: [ccRegVfy] c:\Program\Delade filer\Symantec Shared\ccRegVfy.exe O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE O4 - HKLM\..\Run: [Jet Detection] C:\Program\Creative\SBAudigy\PROGRAM\ADGJDet.exe O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb06.exe O4 - HKLM\..\Run: [StartCCC] C:\Program\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\RunOnce: [getPlusUninstall_ocx] rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\inf\GETPLUSo.INF, DefaultUninstall O4 - HKCU\..\Run: [MSMSGS] "C:\Program\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [YSearchProtection] C:\Program\Yahoo!\Search Protection\SearchProtection.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe O11 - Options group: [INTERNATIONAL] International O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - us.dl1.yimg.com/download.yahoo.com/dl/installs/yinst20040510.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - update.microsoft.com/windowsupdate/v6/V.....7344012142 O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - adobe.com/products/acrobat/nos/gp.cab O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program\Delade filer\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - c:\Program\Delade filer\Symantec Shared\ccPwdSvc.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - c:\Program\Norton AntiVirus\navapsvc.exe O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

Profil

DEMIAN Poslao: 17 Avg 2007 18:13 Idi na vrh
offline DEMIAN Legendarni građanin IT Manager Pridružio: 25 Mar 2005 Poruke: 3706 Gde živiš: The darkest place on earth..	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Pretpostavljam da ti sada radi upload, pokreću se aplikacije i sl.. Međutim, prema ovome što vidim sumnjam da i dalje imaš malware na računaru. Prvo ćeš da mi pošalješ na upload sledeće fajlove preko ove forme > http://www.mycity.rs/ambulanta-upload.php C:\WINDOWS\System32\nvsvc32.exe C:\WINDOWS\SYSTEM32\igfxsrvc.dll C:\Program\USB Storage RW\shwicon.exe Za slučaj da neki od njih ne bude vidljiv iz Windows Expolorer-a, (pošto ceš ih tražiti po putanji koju sam ti naveo) uključićeš prikaz skrivenih fajlova u XP-u prema uputstvu sa ovog linka: http://www.mycity.rs/Uputstva-sa-ex-SuperSajta/Kako-videti-skrivene-fajlove.html Kada mi pošalješ te fajlove ispratićeš ovo uputstvo: VundoFix: http://www.atribune.org/ccount/click.php?id=4 * Dvoklikom se startuje fajl VundoFix.exe. * Izabere opcija Scan for Vundo. * Posle završenog skeniranja i pojave poruke Done Searching for files klikne se na OK. * Sada, kada je skeniranje obavljeno potrebno je kliknuti na opciju Remove Vundo. * Po pojavljivanju upita o uklanjaju Vundo fajlova klikne se na Yes. * Pokretanje ove opcije učiniće Desktop privremeno praznim u cilju pripreme sistema za uklanjanje Vundo-a. * Po završetku, pojaviće se obaveštenje o gašnjenju računara, klikne se OK. * Uključi se računar i podigne sistem iznova. * Iskopira se sadržaj loga sa putanje C:\vundofix.txt i novi HiJackThis log u poruku na forumu.

Profil

MyCity » Ambulanta -> Arhiva Ambulante » W32 ili Vundo???

Ko je trenutno na forumu

Ukupno su 705 korisnika na forumu :: 19 registrovanih, 2 sakrivenih i 684 gosta :: [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:: Korisnici trenutno na forumu: A.R.Chafee.Jr., Aleksandar Tomić, bbogdan, deimos25, DragoslavS, esx66, indja, janbo, kolle.the.kid, Koridor, Krusarac, ladro, Lazarus, maCvele, Mare Ivanović, panzerwaffe, SR-3m, vandrej, VP6919

Svaki korisnik ovog sajta je odgovoran za sadržaj svoje poruke koju objavi na sajtu. Sajt se odriče svake odgovornosti za sadržaj tih poruka.
Postavljanjem vaše poruke ili vašeg autorskog dela na ovaj sajt, saglasni ste da ovaj sajt postaje distributer vašeg dela, i odričete se mogućnosti njegovog povlačenja ili brisanja, bez saglasnosti uprave sajta.
Distribucija sadržaja sa ovog sajta je dozvoljena samo u nekomercijalne svrhe, uz obaveznu napomenu da je sadržaj preuzet sa ovog sajta, i uz obavezno navođenje adrese MyCity sajta. Za sve ostale vidove distribucije obavezni ste da prethodno zatražite odobrenje od vlasnika MyCity sajta.
MyCity pokrenuo, administrira i razvija Predrag Damnjanović, a o uređenju sajta se brine MyCity Tim.
Ukoliko želite da nas kontaktirate kliknite ovde.
Naši sajtovi:
Vesti, Vojni forum, Zaštita od virusa, TekstPesme.rs

This content is licensed under a Creative Commons License.
Based on phpBB 2, translated by Simke, designed by