Kone jumittaa ja HJT logi

NoSkillZ · 11.09.2006

Semmoinen vika on ollut jo usean päivän ajan, että SVCHOST.EXE vie kaikki prossutehot ja sen sammuttaminen auttaa vain vähän aikaa ja toinen(sama?) svchost.exe tulee ja vie kaikki tehot.

Tuossa hjt logi jos siinä näkyy jotain.

Logfile of HijackThis v1.99.1
Scan saved at 19:21:15, on 11.9.2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
C:\Program Files\Skype\Phone\Skype.exe
E:\utorrent.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\UltraVNC\WinVNC.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Nero\Nero 7\Core\nero.exe
C:\RenameMaster.exe
C:\Program Files\Common Files\Ahead\lib\NMIndexStoreSvr.exe
C:\Program Files\Nero\Nero 7\Core\nero.exe
C:\Program Files\Nero\Nero 7\Core\nero.exe
C:\Program Files\Nero\Nero 7\Core\nero.exe
C:\SrtToSub.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\HJT\HijackThis.exe

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
O4 - HKLM\..\Run: [WinVNC] "C:\Program Files\UltraVNC\WinVNC.exe" -servicehelper
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\System32\NeroCheck.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [µTorrent] "E:\utorrent.exe"
O4 - HKCU\..\Run: [PeerGuardian] C:\Program Files\PeerGuardian2\pg2.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\MSMSGS.EXE" /background
O4 - Global Startup: Reset.lnk = C:\WINDOWS\repair\reset.bat
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1157122585079
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: VNC Server (winvnc) - Unknown owner - C:\Program Files\UltraVNC\WinVNC.exe" -service (file missing)

AfterDawn

Daniii · 12.09.2006

Nimeä uudestaan toi HijackThis.exe esim. scanner.exe ja tallenna se c:n juureen omaan kansioon esim. C:/HJT/scanner.exe

Käynnistä scanner.exe ja lähetä uusi logi.

Wezda · 13.09.2006

[Offtopic]
Paljon oppii seuraamalla fiksauksia, mutta tuo exe:n uudelleen nimeäminen ei mee jakeluun ?
[/Offtopic]

Sebu92 · 13.09.2006

En väitä, ettei tuossa olisi mitään järkeä, mutten kyllä ymmärrä, että mitä järkeä tuossa on.

-kemisti- · 13.09.2006

@Wezda + Sebu92: Vundo piilottaa kaikki O2- ja O20-rivit (ja vundo näkyy juuri noilla riveillä), jos prosesseissa on päällä HijackThis.exe-niminen prosessi. Lokissa ei näy yhtään ko. rivejä (ja yleensä niitä on käytännössä joka lokissa), joten kannattaa katsoa josko Vundo olisi läsnä uudelleennimeämällä hijackthis.exe. Eli hommassa on itseasiassa hyvinkin paljon järkeä

Sebu92 · 13.09.2006

Ajattelinkin, että siinä on joku tuollainen juttu, mutta luulin, että se piilottaa vain itsensä. Mutta kiitos selvityksestä.

Wezda · 13.09.2006

@-kemisti-: OK, osaa ne pöpöt olla kieroja.

NoSkillZ · 13.09.2006

Tuossa tuo logi uudelleen nimeämisen jälkeen.

Logfile of HijackThis v1.99.1
Scan saved at 11:40:33, on 13.9.2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
C:\Program Files\Skype\Phone\Skype.exe
E:\utorrent.exe
C:\Program Files\PeerGuardian2\pg2.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\UltraVNC\WinVNC.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\AnalogX\NetStat Live\nsl.exe
C:\HJT\HOOJIITEE.exe

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
O4 - HKLM\..\Run: [WinVNC] "C:\Program Files\UltraVNC\WinVNC.exe" -servicehelper
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\System32\NeroCheck.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
O4 - HKLM\..\Run: [AnyDVD] C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [µTorrent] "E:\utorrent.exe"
O4 - HKCU\..\Run: [PeerGuardian] C:\Program Files\PeerGuardian2\pg2.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\MSMSGS.EXE" /background
O4 - Global Startup: Reset.lnk = C:\WINDOWS\repair\reset.bat
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1157122585079
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: VNC Server (winvnc) - Unknown owner - C:\Program Files\UltraVNC\WinVNC.exe" -service (file missing)

Daniii · 13.09.2006

Ei ollu sitä infektiota mitä epäiltiin, tai ei ainakaan näy. Kysyisin vielä oletko asentanut koneeseesi HOSTS-tiedostoa ? Koitetaas myös tätä seuraavaksi.

Lataa WinPFind2.
http://download.bleepingcomputer.com/oldtimer/winpfind2.zip

* Pura tiedostot hakemistoon(eg: C:\WinPFind2).
* Tuplaklikkaa WinPFind2.exe käynnistääksesi ohjelman.
* Klikkaa Select All-painiketta File Options-boksissa Configuration-välilehdellä(ohjelma avaa tämän välilehden oletuksena).
* Klikkaa Run all Scans-painiketta..
* Kun skanni on valmis, näetScans Complete! alavasemmalla.
* Klikkaa Export to Text-painiketta.
* Muistio avautuu ja loki tallentuu siihen kansioon mihin purit ohjelman(C:\WinPFind2\WinPFind2.txt)
* Lähetä loki seuraavassa vastauksessasi. Voit tarvita siihen useita vastauksia, ettei se jää vaillinaiseksi.

NoSkillZ · 23.09.2006

No niin pääsin vasta nyt tälle ongelmakoneelle. Tuossa Winpfindin logia jos joku vielä viittii tarkastella.

Logfile created on: 09.23.2006 20:41
WinPFind2 by OldTimer - Version 1.0.10 Folder = C:\WinPFind2\
Microsoft Windows XP (Version = Service Pack 1)
Internet Explorer (Version - 6.0.2800.1106)

[Start Post #1]

Processes
Image Name---------------ProcessID--Thread Count--Parent ID--Base Priority--
#Full Path
##(Version Info)

ati2evxx.exe-------------000816-----0004----------000648-----Normal---------
#c:\windows\system32\ati2evxx.exe
##(ATI Technologies Inc. [Ver = 6.14.10.4129 | Size = 405504 bytes | Date = 02.22.2006 05:39 | Attr = ])

ati2evxx.exe-------------001276-----0004----------000604-----Normal---------
#c:\windows\system32\ati2evxx.exe
##(ATI Technologies Inc. [Ver = 6.14.10.4129 | Size = 405504 bytes | Date = 02.22.2006 05:39 | Attr = ])

avgamsvr.exe-------------002040-----0008----------000648-----Normal---------
#c:\progra~1\grisoft\avgfre~1\avgamsvr.exe
##(GRISOFT, s.r.o. [Ver = 7,1,0,365 | Size = 336896 bytes | Date = 06.02.2006 17:51 | Attr = ])

avgcc.exe----------------001620-----0006----------001360-----Normal---------
#c:\progra~1\grisoft\avgfre~1\avgcc.exe
##(GRISOFT, s.r.o. [Ver = 7,1,0,405 | Size = 369664 bytes | Date = 08.08.2006 09:23 | Attr = ])

avgupsvc.exe-------------000128-----0003----------000648-----Normal---------
#c:\progra~1\grisoft\avgfre~1\avgupsvc.exe
##(GRISOFT, s.r.o. [Ver = 7,1,0,349 | Size = 84480 bytes | Date = 06.02.2006 17:51 | Attr = ])

firefox.exe--------------003120-----0010----------001360-----Normal---------
#c:\program files\mozilla firefox\firefox.exe
##(Mozilla [Ver = 1.0.7 | Size = 6637161 bytes | Date = 09.19.2005 13:37 | Attr = ])

nero.exe-----------------001856-----0014----------002940-----Normal---------
#c:\program files\nero\nero 7\core\nero.exe
##(Nero AG [Ver = 7, 0, 1, 4 | Size = 19087360 bytes | Date = 11.22.2005 21:05 | Attr = ])

nero.exe-----------------002940-----0015----------001360-----Normal---------
#c:\program files\nero\nero 7\core\nero.exe
##(Nero AG [Ver = 7, 0, 1, 4 | Size = 19087360 bytes | Date = 11.22.2005 21:05 | Attr = ])

nero.exe-----------------002116-----0014----------001856-----Normal---------
#c:\program files\nero\nero 7\core\nero.exe
##(Nero AG [Ver = 7, 0, 1, 4 | Size = 19087360 bytes | Date = 11.22.2005 21:05 | Attr = ])

nsl.exe------------------000264-----0003----------001360-----Normal---------
#c:\program files\analogx\netstat live\nsl.exe
##( [Ver = | Size = 126980 bytes | Date = 05.22.2006 17:12 | Attr = ])

opwarese2.exe------------001652-----0001----------001360-----Normal---------
#c:\program files\scansoft\omnipagese2.0\opwarese2.exe
##(ScanSoft, Inc. [Ver = 12.0 | Size = 49152 bytes | Date = 05.08.2003 12:00 | Attr = ])

pg2.exe------------------001504-----0002----------001360-----Normal---------
#c:\program files\peerguardian2\pg2.exe
##(Methlabs [Ver = 1, 0, 6, 4 | Size = 1421824 bytes | Date = 09.18.2005 18:40 | Attr = ])

renamemaster.exe---------002348-----0001----------001360-----Normal---------
#c:\renamemaster.exe
##(www.joejoesoft.com [Ver = 2.7.2.2128 | Size = 1154560 bytes | Date = 01.05.2006 08:13 | Attr = ])

skype.exe----------------001680-----0011----------001360-----Normal---------
#c:\program files\skype\phone\skype.exe
##( [Ver = | Size = 20253736 bytes | Date = 04.28.2006 12:46 | Attr = ])

utorrent.exe-------------001744-----0006----------001360-----Normal---------
#e:\utorrent.exe
##( [Ver = | Size = 174163 bytes | Date = 07.14.2006 21:30 | Attr = ])

vsmon.exe----------------000244-----0017----------000648-----Normal---------
#c:\windows\system32\zonelabs\vsmon.exe
##(Zone Labs, LLC [Ver = 6.1.737.000 | Size = 1693448 bytes | Date = 11.15.2005 00:50 | Attr = ])

winpfind2.exe------------003980-----0001----------001360-----Normal---------
#c:\winpfind2\winpfind2.exe
##(OldTimer Tools [Ver = 1.0.10.0 | Size = 392704 bytes | Date = 09.17.2006 11:39 | Attr = ])

winvnc.exe---------------000432-----0004----------000648-----Normal---------
#c:\program files\ultravnc\winvnc.exe
##(UltraVNC [Ver = 1.1.0.1 | Size = 974848 bytes | Date = 08.06.2005 19:45 | Attr = ])

zlclient.exe-------------001584-----0006----------001360-----Normal---------
#c:\program files\zone labs\zonealarm\zlclient.exe
##(Zone Labs, LLC [Ver = 6.1.737.000 | Size = 755472 bytes | Date = 11.15.2005 00:51 | Attr = ])

Registry Entries

#Value
##(Version Info)

<<< >> Internet Explorer Settings << >>>

HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page
#http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
##

HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Search Page
#http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
##

HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Page_URL
#http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
##

HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Search_URL
#http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
##

HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Local Page
#%SystemRoot%\system32\blank.htm
##

HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page
#http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
##

HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Search Page
#http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
##

HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Local Page
#C:\WINDOWS\System32\blank.htm
##

HKLM\SOFTWARE\Microsoft\Internet Explorer\Search\\CustomizeSearch
#http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
##

HKLM\SOFTWARE\Microsoft\Internet Explorer\Search\\SearchAssistant
#http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
##

HKCU\Software\Microsoft\Internet Explorer\urlSearchHooks\\{CFBFAE00-17A6-11D0-99CB-00C04FD64497}
#Microsoft Url Search Hook = %SystemRoot%\System32\shdocvw.dll
##(Microsoft Corporation [Ver = 6.00.2800.1849 (xpsp2.060519-1300) | Size = 1339904 bytes | Date = 05.26.2006 15:40 | Attr = ])

HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable
#0
##

<<< >> BHO's << >>>

<<< >> Internet Explorer Bars, Toolbars and Extensions << >>>

<<< HKLM-> Internet Explorer Bars >>>

HKLM\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{4D5C8C25-D075-11d0-B416-00C04FB90376}
#&Tip of the Day = %SystemRoot%\System32\shdocvw.dll
##(Microsoft Corporation [Ver = 6.00.2800.1849 (xpsp2.060519-1300) | Size = 1339904 bytes | Date = 05.26.2006 15:40 | Attr = ])

<<< HKCU-> Internet Explorer Bars >>>

HKCU\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{32683183-48a0-441b-a342-7c2a440a9478}
#Media Band = %SystemRoot%\System32\browseui.dll
##(Microsoft Corporation [Ver = 6.00.2800.1692 (xpsp2.050617-2102) | Size = 1017856 bytes | Date = 06.18.2005 00:16 | Attr = ])

HKCU\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{C4EE31F3-4768-11D2-BE5C-00A0C9A83DA1}
#File Search Explorer Band = %SystemRoot%\system32\SHELL32.dll
##(Microsoft Corporation [Ver = 6.00.2800.1873 (xpsp2.060713-0016) | Size = 8353280 bytes | Date = 07.13.2006 16:46 | Attr = ])

HKCU\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{EFA24E64-B078-11D0-89E4-00C04FC9E26E}
#Explorer Band = %SystemRoot%\System32\shdocvw.dll
##(Microsoft Corporation [Ver = 6.00.2800.1849 (xpsp2.060519-1300) | Size = 1339904 bytes | Date = 05.26.2006 15:40 | Attr = ])

<<< HKLM-> Internet Explorer ToolBars >>>

HKLM\SOFTWARE\Microsoft\Internet Explorer\ToolBar\\{8E718888-423F-11D2-876E-00A0C9082467}
#&Radio = C:\WINDOWS\System32\msdxm.ocx
##( [Ver = | Size = 842268 bytes | Date = 08.29.2002 15:00 | Attr = ])

<<< HKCU-> Internet Explorer ToolBars >>>

HKCU\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\\{01E04581-4EEE-11D0-BFE9-00AA005B4383}
#&Address = %SystemRoot%\System32\browseui.dll
##(Microsoft Corporation [Ver = 6.00.2800.1692 (xpsp2.050617-2102) | Size = 1017856 bytes | Date = 06.18.2005 00:16 | Attr = ])

HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{01E04581-4EEE-11D0-BFE9-00AA005B4383}
#&Address = %SystemRoot%\System32\browseui.dll
##(Microsoft Corporation [Ver = 6.00.2800.1692 (xpsp2.050617-2102) | Size = 1017856 bytes | Date = 06.18.2005 00:16 | Attr = ])

HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{0E5CBF21-D15F-11D0-8301-00AA005B4383}
#&Links = %SystemRoot%\system32\SHELL32.dll
##(Microsoft Corporation [Ver = 6.00.2800.1873 (xpsp2.060713-0016) | Size = 8353280 bytes | Date = 07.13.2006 16:46 | Attr = ])

<<< HKCU-> Internet Explorer CmdMapping >>>

HKCU\Software\Microsoft\Internet Explorer\Extensions\CmdMapping\\{c95fe080-8f5d-11d2-a20b-00aa003c157a}
#8192 - @shdoclc.dll,-864
##

HKCU\Software\Microsoft\Internet Explorer\Extensions\CmdMapping\\NextId
#8193
##

<<< HKLM-> Internet Explorer Extensions >>>

HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{c95fe080-8f5d-11d2-a20b-00aa003c157a}
#ButtonText: @shdoclc.dll,-866 = %SystemRoot%\web\related.htm
##( [Ver = | Size = 646 bytes | Date = 05.31.2005 01:04 | Attr = ])

HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{FB5F1910-F110-11d2-BB9E-00C04F795683}
#ButtonText: Messenger = C:\Program Files\Messenger\MSMSGS.EXE
##(Microsoft Corporation [Ver = 4.7.2010 | Size = 1670144 bytes | Date = 11.15.2004 16:18 | Attr = ])

<<< >> Approved Shell Extensions (Non-Microsoft only) << >>>

<<< HKLM-> Approved Shell Extensions >>>

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{087B3AE3-E237-4467-B8DB-5A38AB959AC9}
#OpenOffice.org Infotip Handler = "C:\Program Files\OpenOffice.org 2.0\program\shlxthdl.dll"
##(Sun Microsystems, Inc. [Ver = 8.0.0.8968 | Size = 311296 bytes | Date = 10.15.2005 02:02 | Attr = ])

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{0DF44EAA-FF21-4412-828E-260A8728E7F1}
#Taskbar and Start Menu = Reg Data missing or invalid
##(File not found)

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{3B092F0C-7696-40E3-A80F-68D74DA84210}
#OpenOffice.org Thumbnail Viewer = "C:\Program Files\OpenOffice.org 2.0\program\shlxthdl.dll"
##(Sun Microsystems, Inc. [Ver = 8.0.0.8968 | Size = 311296 bytes | Date = 10.15.2005 02:02 | Attr = ])

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{42071714-76d4-11d1-8b24-00a0c9068ff3}
#Display Panning CPL Extension = deskpan.dll
##(File not found)

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{63542C48-9552-494A-84F7-73AA6A7C99C1}
#OpenOffice.org Property Sheet Handler = "C:\Program Files\OpenOffice.org 2.0\program\shlxthdl.dll"
##(Sun Microsystems, Inc. [Ver = 8.0.0.8968 | Size = 311296 bytes | Date = 10.15.2005 02:02 | Attr = ])

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{764BF0E1-F219-11ce-972D-00AA00A14F56}
#Shell extensions for file compression = Reg Data missing or invalid
##(File not found)

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{7A9D77BD-5403-11d2-8785-2E0420524153}
#User Accounts = Reg Data missing or invalid
##(File not found)

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{7F1CF152-04F8-453A-B34C-E609530A9DC8}
#NeroDigitalPropSheetHandler = C:\Program Files\Common Files\Ahead\lib\NeroDigitalExt.dll
##(Nero AG [Ver = 2, 0, 0, 8 | Size = 1802240 bytes | Date = 11.15.2005 11:07 | Attr = ])

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA}
#Encryption Context Menu = Reg Data missing or invalid
##(File not found)

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{88895560-9AA2-1069-930E-00AA0030EBC8}
#HyperTerminal Icon Ext = C:\WINDOWS\System32\hticons.dll
##(Hilgraeve, Inc. [Ver = 5.1.2600.0 | Size = 44544 bytes | Date = 08.29.2002 15:00 | Attr = ])

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{9F97547E-4609-42C5-AE0C-81C61FFAEBC3}
#AVG7 Shell Extension = C:\Program Files\Grisoft\AVG Free\avgse.dll
##(GRISOFT, s.r.o. [Ver = 7,1,0,354 | Size = 40960 bytes | Date = 06.02.2006 17:51 | Attr = ])

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{9F97547E-460A-42C5-AE0C-81C61FFAEBC3}
#AVG7 Find Extension = C:\Program Files\Grisoft\AVG Free\avgse.dll
##(GRISOFT, s.r.o. [Ver = 7,1,0,354 | Size = 40960 bytes | Date = 06.02.2006 17:51 | Attr = ])

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{B327765E-D724-4347-8B16-78AE18552FC3}
#NeroDigitalIconHandler = C:\Program Files\Common Files\Ahead\lib\NeroDigitalExt.dll
##(Nero AG [Ver = 2, 0, 0, 8 | Size = 1802240 bytes | Date = 11.15.2005 11:07 | Attr = ])

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{B41DB860-8EE4-11D2-9906-E49FADC173CA}
#WinRAR shell extension = C:\Program Files\WinRAR\rarext.dll
##( [Ver = | Size = 125440 bytes | Date = 10.07.2005 15:05 | Attr = ])

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}
#OpenOffice.org Column Handler = "C:\Program Files\OpenOffice.org 2.0\program\shlxthdl.dll"
##(Sun Microsystems, Inc. [Ver = 8.0.0.8968 | Size = 311296 bytes | Date = 10.15.2005 02:02 | Attr = ])

<<< >> ContextMenuHandlers (Non-Microsoft only) << >>>

<<< HKLM-> ContextMenuHandlers >>>

HKLM\Software\Classes\*\shellex\ContextMenuHandlers\{EB4D3CFE-E2AA-4C6E-B2FE-2A749F95D208}
#Reg Data missing or invalid = C:\Program Files\Nero\Nero 7\Nero BackItUp\NBShell.dll
##(Nero AG [Ver = 2, 0, 0, 6 | Size = 73728 bytes | Date = 11.14.2005 16:58 | Attr = ])

HKLM\Software\Classes\*\shellex\ContextMenuHandlers\AVG7 Shell Extension
#{9F97547E-4609-42C5-AE0C-81C61FFAEBC3} = C:\Program Files\Grisoft\AVG Free\avgse.dll
##(GRISOFT, s.r.o. [Ver = 7,1,0,354 | Size = 40960 bytes | Date = 06.02.2006 17:51 | Attr = ])

HKLM\Software\Classes\*\shellex\ContextMenuHandlers\WinRAR
#{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Program Files\WinRAR\rarext.dll
##( [Ver = | Size = 125440 bytes | Date = 10.07.2005 15:05 | Attr = ])

HKLM\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\WinRAR
#{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Program Files\WinRAR\rarext.dll
##( [Ver = | Size = 125440 bytes | Date = 10.07.2005 15:05 | Attr = ])

HKLM\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\{EB4D3CFE-E2AA-4C6E-B2FE-2A749F95D208}
#Reg Data missing or invalid = C:\Program Files\Nero\Nero 7\Nero BackItUp\NBShell.dll
##(Nero AG [Ver = 2, 0, 0, 6 | Size = 73728 bytes | Date = 11.14.2005 16:58 | Attr = ])

HKLM\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\AVG7 Shell Extension
#{9F97547E-4609-42C5-AE0C-81C61FFAEBC3} = C:\Program Files\Grisoft\AVG Free\avgse.dll
##(GRISOFT, s.r.o. [Ver = 7,1,0,354 | Size = 40960 bytes | Date = 06.02.2006 17:51 | Attr = ])

HKLM\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\WinRAR
#{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Program Files\WinRAR\rarext.dll
##( [Ver = | Size = 125440 bytes | Date = 10.07.2005 15:05 | Attr = ])

<<< >> ColumnHandlers (Non-Microsoft only) << >>>

<<< HKLM-> ColumnHandlers >>>

HKLM\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{7D4D6379-F301-4311-BEBA-E26EB0561882}
#NeroDigitalColumnHandler Class = C:\Program Files\Common Files\Ahead\lib\NeroDigitalExt.dll
##(Nero AG [Ver = 2, 0, 0, 8 | Size = 1802240 bytes | Date = 11.15.2005 11:07 | Attr = ])

HKLM\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}
#Reg Data missing or invalid = "C:\Program Files\OpenOffice.org 2.0\program\shlxthdl.dll"
##(Sun Microsystems, Inc. [Ver = 8.0.0.8968 | Size = 311296 bytes | Date = 10.15.2005 02:02 | Attr = ])

<<< >> File Associations Keys << >>>

HKLM\SOFTWARE\Classes\.bat\\''
#batfile
##

HKLM\SOFTWARE\Classes\batfile\shell\open\command\\''
#"%1" %*
##

HKLM\SOFTWARE\Classes\.cmd\\''
#cmdfile
##

HKLM\SOFTWARE\Classes\cmdfile\shell\open\command\\''
#"%1" %*
##

HKLM\SOFTWARE\Classes\.com\\''
#comfile
##

HKLM\SOFTWARE\Classes\comfile\shell\open\command\\''
#"%1" %*
##

HKLM\SOFTWARE\Classes\.exe\\''
#exefile
##

HKLM\SOFTWARE\Classes\exefile\shell\open\command\\''
#"%1" %*
##

HKLM\SOFTWARE\Classes\.hta\\''
#htafile
##

HKLM\SOFTWARE\Classes\htafile\shell\open\command\\''
#C:\WINDOWS\System32\mshta.exe "%1" %*
##

HKLM\SOFTWARE\Classes\.js\\''
#JSFile
##

HKLM\SOFTWARE\Classes\jsfile\shell\open\command\\''
#%SystemRoot%\System32\WScript.exe "%1" %*
##

HKLM\SOFTWARE\Classes\.jse\\''
#JSEFile
##

HKLM\SOFTWARE\Classes\jsefile\shell\open\command\\''
#%SystemRoot%\System32\WScript.exe "%1" %*
##

HKLM\SOFTWARE\Classes\.scr\\''
#scrfile
##

HKLM\SOFTWARE\Classes\scrfile\shell\open\command\\''
#"%1" /S
##

HKLM\SOFTWARE\Classes\.vbe\\''
#VBEFile
##

HKLM\SOFTWARE\Classes\vbefile\shell\open\command\\''
#%SystemRoot%\System32\WScript.exe "%1" %*
##

HKLM\SOFTWARE\Classes\.vbs\\''
#VBSFile
##

HKLM\SOFTWARE\Classes\vbsfile\shell\open\command\\''
#%SystemRoot%\System32\WScript.exe "%1" %*
##

HKLM\SOFTWARE\Classes\.wsf\\''
#WSFFile
##

HKLM\SOFTWARE\Classes\wsffile\shell\open\command\\''
#%SystemRoot%\System32\WScript.exe "%1" %*
##

HKLM\SOFTWARE\Classes\.wsh\\''
#WSHFile
##

HKLM\SOFTWARE\Classes\wshfile\shell\open\command\\''
#%SystemRoot%\System32\WScript.exe "%1" %*
##

HKLM\SOFTWARE\Classes\.txt\\''
#txtfile
##

HKLM\SOFTWARE\Classes\txtfile\shell\open\command\\''
#%SystemRoot%\system32\NOTEPAD.EXE %1
##

<<< >> Registry Run Keys << >>>

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\AnyDVD
#C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
##(SlySoft, Inc. [Ver = 5.4.1.1 | Size = 454144 bytes | Date = 09.12.2006 16:39 | Attr = ])

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\AtiPTA
#atiptaxx.exe
##(ATI Technologies, Inc. [Ver = 6.14.10.5173 | Size = 344064 bytes | Date = 11.23.2005 03:05 | Attr = ])

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\AVG7_CC
#C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
##(GRISOFT, s.r.o. [Ver = 7,1,0,405 | Size = 369664 bytes | Date = 08.08.2006 09:23 | Attr = ])

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\NeroFilterCheck
#C:\WINDOWS\System32\NeroCheck.exe
##(Ahead Software Gmbh [Ver = 1, 0, 0, 2 | Size = 155648 bytes | Date = 07.09.2001 10:50 | Attr = ])

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\OpwareSE2
#"C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
##(ScanSoft, Inc. [Ver = 12.0 | Size = 49152 bytes | Date = 05.08.2003 12:00 | Attr = ])

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\WinVNC
#"C:\Program Files\UltraVNC\WinVNC.exe" -servicehelper
##(UltraVNC [Ver = 1.1.0.1 | Size = 974848 bytes | Date = 08.06.2005 19:45 | Attr = ])

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\Zone Labs Client
#C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
##(Zone Labs, LLC [Ver = 6.1.737.000 | Size = 755472 bytes | Date = 11.15.2005 00:51 | Attr = ])

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\µTorrent
#"E:\utorrent.exe"
##( [Ver = | Size = 174163 bytes | Date = 07.14.2006 21:30 | Attr = ])

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\MSMSGS
#"C:\Program Files\Messenger\MSMSGS.EXE" /background
##(Microsoft Corporation [Ver = 4.7.2010 | Size = 1670144 bytes | Date = 11.15.2004 16:18 | Attr = ])

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\PeerGuardian
#C:\Program Files\PeerGuardian2\pg2.exe
##(Methlabs [Ver = 1, 0, 6, 4 | Size = 1421824 bytes | Date = 09.18.2005 18:40 | Attr = ])

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\Skype
#"C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
##( [Ver = | Size = 20253736 bytes | Date = 04.28.2006 12:46 | Attr = ])

<<< >> Miscellaneous Startup Keys << >>>

<<< AppInit DLLs >>>

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs
#
##(File not found)

<<< Image File Execution Options >>>

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Your Image File Name Here without a path
#Debugger = ntsd -d
##

<<< Shell Service Object Delay Load >>>

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\CDBurn
#{fbeb8a05-beee-4442-804e-409d6c4515e9} = %SystemRoot%\system32\SHELL32.dll
##(Microsoft Corporation [Ver = 6.00.2800.1873 (xpsp2.060713-0016) | Size = 8353280 bytes | Date = 07.13.2006 16:46 | Attr = ])

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\PostBootReminder
#{7849596a-48ea-486e-8937-a2a3009f31a9} = %SystemRoot%\system32\SHELL32.dll
##(Microsoft Corporation [Ver = 6.00.2800.1873 (xpsp2.060713-0016) | Size = 8353280 bytes | Date = 07.13.2006 16:46 | Attr = ])

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\SysTray
#{35CEC8A3-2BE6-11D2-8773-92E220524153} = C:\WINDOWS\System32\stobject.dll
##(Microsoft Corporation [Ver = 5.1.2600.1106 (xpsp1.020828-1920) | Size = 117760 bytes | Date = 08.29.2002 15:00 | Attr = ])

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck
#{E6FB5E20-DE35-11CF-9C87-00AA005127ED} = %SystemRoot%\System32\webcheck.dll
##(Microsoft Corporation [Ver = 6.00.2800.1106 (xpsp1.020828-1920) | Size = 258048 bytes | Date = 08.29.2002 15:00 | Attr = ])

<<< Shell Execute Hooks >>>

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\\{AEB6717E-7E19-11d0-97EE-00C04FD91972}
#URL Exec Hook = shell32.dll
##(Microsoft Corporation [Ver = 6.00.2800.1873 (xpsp2.060713-0016) | Size = 8353280 bytes | Date = 07.13.2006 16:46 | Attr = ])

<<< Shared Task Scheduler >>>

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\\{438755C2-A8BA-11D1-B96B-00A0C90312E1}
#Browseui preloader = %SystemRoot%\System32\browseui.dll
##(Microsoft Corporation [Ver = 6.00.2800.1692 (xpsp2.050617-2102) | Size = 1017856 bytes | Date = 06.18.2005 00:16 | Attr = ])

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\\{8C7461EF-2B13-11d2-BE35-3078302C2030}
#Component Categories cache daemon = %SystemRoot%\System32\browseui.dll
##(Microsoft Corporation [Ver = 6.00.2800.1692 (xpsp2.050617-2102) | Size = 1017856 bytes | Date = 06.18.2005 00:16 | Attr = ])

<<< SafeBoot Option >>>

<<< HKLM Command Processor AutoRun >>>

HKLM\SOFTWARE\Microsoft\Command Processor\\AutoRun
#
##

<<< HKCU Command Processor AutoRun >>>

<<< Security Providers >>>

HKLM\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders
#msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll
##

<<< BootExecute >>>

HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\\BootExecute
#autocheck autochk *;
##

<<< PendingFileRenameOperations >>>

HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\\PendingFileRenameOperations
#!\??\C:\WINDOWS\system32\config\security;
##

<<< FileRenameOperations >>>

<<< ExcludeFromKnownDlls >>>

HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\\ExcludeFromKnownDlls
#
##

<<< >> Disabled MSConfig Items << >>>

<<< >> User Agent Post Platform << >>>

<<< >> Winlogon << >>>

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit
#C:\WINDOWS\system32\userinit.exe,
##(Microsoft Corporation [Ver = 5.1.2600.1106 (xpsp1.020828-1920) | Size = 22016 bytes | Date = 08.29.2002 15:00 | Attr = ])

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell
#Explorer.exe
##(Microsoft Corporation [Ver = 6.00.2800.1106 (xpsp1.020828-1920) | Size = 1004032 bytes | Date = 08.29.2002 15:00 | Attr = ])

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\System
#
##(File not found)

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet
#rundll32 shell32,Control_RunDLL "sysdm.cpl"
##

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent
#Ati2evxx.dll
##(ATI Technologies Inc. [Ver = 6.14.10.4129 | Size = 61440 bytes | Date = 02.22.2006 05:40 | Attr = ])

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain
#crypt32.dll
##(Microsoft Corporation [Ver = 5.131.2600.1106 (xpsp1.020828-1920) | Size = 557568 bytes | Date = 08.29.2002 15:00 | Attr = ])

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet
#cryptnet.dll
##(Microsoft Corporation [Ver = 5.131.2600.0 (xpclient.010817-1148) | Size = 53248 bytes | Date = 08.29.2002 15:00 | Attr = ])

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll
#cscdll.dll
##(Microsoft Corporation [Ver = 5.1.2600.1599 (xpsp2.040919-1003) | Size = 92160 bytes | Date = 10.28.2004 04:29 | Attr = ])

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp
#wlnotify.dll
##(Microsoft Corporation [Ver = 5.1.2600.1106 (xpsp1.020828-1920) | Size = 86528 bytes | Date = 08.29.2002 15:00 | Attr = ])

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule
#wlnotify.dll
##(Microsoft Corporation [Ver = 5.1.2600.1106 (xpsp1.020828-1920) | Size = 86528 bytes | Date = 08.29.2002 15:00 | Attr = ])

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy
#sclgntfy.dll
##(Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) | Size = 18432 bytes | Date = 08.29.2002 15:00 | Attr = ])

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn
#WlNotify.dll
##(Microsoft Corporation [Ver = 5.1.2600.1106 (xpsp1.020828-1920) | Size = 86528 bytes | Date = 08.29.2002 15:00 | Attr = ])

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv
#wlnotify.dll
##(Microsoft Corporation [Ver = 5.1.2600.1106 (xpsp1.020828-1920) | Size = 86528 bytes | Date = 08.29.2002 15:00 | Attr = ])

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon
#wlnotify.dll
##(Microsoft Corporation [Ver = 5.1.2600.1106 (xpsp1.020828-1920) | Size = 86528 bytes | Date = 08.29.2002 15:00 | Attr = ])

<<< >> DNS Name Servers << >>>

HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{1D3725F6-650E-4DED-8C7A-17D9FE639A14}
# (Realtek RTL8139 Family PCI Fast Ethernet NIC)
##

HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{3F9DBDB9-891A-44B6-A6BB-2F13BDEB6B07}
# (SiS 900-Based PCI Fast Ethernet Adapter)
##

<<< >> All Winsock2 Catalogs << >>>

HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000001
#%SystemRoot%\System32\mswsock.dll
##(Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) | Size = 228352 bytes | Date = 08.29.2002 15:00 | Attr = ])

HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000002
#%SystemRoot%\System32\winrnr.dll
##(Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) | Size = 14848 bytes | Date = 08.29.2002 15:00 | Attr = ])

HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000003
#%SystemRoot%\System32\mswsock.dll
##(Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) | Size = 228352 bytes | Date = 08.29.2002 15:00 | Attr = ])

HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000001
#%SystemRoot%\system32\mswsock.dll
##(Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) | Size = 228352 bytes | Date = 08.29.2002 15:00 | Attr = ])

HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000002
#%SystemRoot%\system32\mswsock.dll
##(Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) | Size = 228352 bytes | Date = 08.29.2002 15:00 | Attr = ])

HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000003
#%SystemRoot%\system32\mswsock.dll
##(Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) | Size = 228352 bytes | Date = 08.29.2002 15:00 | Attr = ])

HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000004
#%SystemRoot%\system32\rsvpsp.dll
##(Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) | Size = 90112 bytes | Date = 08.29.2002 15:00 | Attr = ])

HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000005
#%SystemRoot%\system32\rsvpsp.dll
##(Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) | Size = 90112 bytes | Date = 08.29.2002 15:00 | Attr = ])

HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000006
#%SystemRoot%\system32\mswsock.dll
##(Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) | Size = 228352 bytes | Date = 08.29.2002 15:00 | Attr = ])

HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000007
#%SystemRoot%\system32\mswsock.dll
##(Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) | Size = 228352 bytes | Date = 08.29.2002 15:00 | Attr = ])

HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000008
#%SystemRoot%\system32\mswsock.dll
##(Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) | Size = 228352 bytes | Date = 08.29.2002 15:00 | Attr = ])

HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000009
#%SystemRoot%\system32\mswsock.dll
##(Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) | Size = 228352 bytes | Date = 08.29.2002 15:00 | Attr = ])

HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000010
#%SystemRoot%\system32\mswsock.dll
##(Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) | Size = 228352 bytes | Date = 08.29.2002 15:00 | Attr = ])

HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000011
#%SystemRoot%\system32\mswsock.dll
##(Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) | Size = 228352 bytes | Date = 08.29.2002 15:00 | Attr = ])

HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000012
#%SystemRoot%\system32\mswsock.dll
##(Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) | Size = 228352 bytes | Date = 08.29.2002 15:00 | Attr = ])

HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000013
#%SystemRoot%\system32\mswsock.dll
##(Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) | Size = 228352 bytes | Date = 08.29.2002 15:00 | Attr = ])

<<< >> Protocol Handlers (Non-Microsoft only) << >>>

HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\ipp
#
##(File not found)

HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\msdaipp
#
##(File not found)

HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\vnd.ms.radio
#C:\WINDOWS\System32\msdxm.ocx
##( [Ver = | Size = 842268 bytes | Date = 08.29.2002 15:00 | Attr = ])

<<< >> Protocol Filters (Non-Microsoft only) << >>>

[Start Post #2]

Services
Name--Internal Name--Startup Type--State--Service Type--
#Path
##(Version Info)

Ati HotKey Poller--Ati HotKey Poller--Automatic--Running--Win32, running in it's own process--
#C:\WINDOWS\System32\Ati2evxx.exe
##(ATI Technologies Inc. [Ver = 6.14.10.4129 | Size = 405504 bytes | Date = 02.22.2006 05:39 | Attr = ])

AVG7 Alert Manager Server--Avg7Alrt--Automatic--Running--Win32, running in it's own process--
#C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
##(GRISOFT, s.r.o. [Ver = 7,1,0,365 | Size = 336896 bytes | Date = 06.02.2006 17:51 | Attr = ])

AVG7 Update Service--Avg7UpdSvc--Automatic--Running--Win32, running in it's own process--
#C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
##(GRISOFT, s.r.o. [Ver = 7,1,0,349 | Size = 84480 bytes | Date = 06.02.2006 17:51 | Attr = ])

TrueVector Internet Monitor--vsmon--Automatic--Running--Win32, running in it's own process--
#C:\WINDOWS\system32\ZoneLabs\vsmon.exe -service
##(Zone Labs, LLC [Ver = 6.1.737.000 | Size = 1693448 bytes | Date = 11.15.2005 00:50 | Attr = ])

VNC Server--winvnc--Automatic--Running--Win32, running in it's own process--
#"C:\Program Files\UltraVNC\WinVNC.exe" -service
##(UltraVNC [Ver = 1.1.0.1 | Size = 974848 bytes | Date = 08.06.2005 19:45 | Attr = ])

Files
Full Path
#Details

%SystemDrive%
#

C:\utorrent.exe
#PEC2 ( [Ver = | Size = 158147 bytes | Date = 04.13.2006 15:08 | Attr = ])

C:\utorrent.exe
#PECompact2 ( [Ver = | Size = 158147 bytes | Date = 04.13.2006 15:08 | Attr = ])

C:\WPA_Kill.exe
#UPX! ( [Ver = 1.02.0007 | Size = 24576 bytes | Date = 04.17.2004 19:52 | Attr = ])

%ProgramFilesDir%
#

%WinDir%
#

C:\WINDOWS\Radeon Omega Drivers v3.8.231 Uninstall.exe
#UPX! ( [Ver = 7.0.1.0 | Size = 451072 bytes | Date = 06.10.2006 08:34 | Attr = ])

%System%
#

C:\WINDOWS\SYSTEM32\dfrg.msc
#PEC2 ( [Ver = | Size = 41397 bytes | Date = 08.29.2002 15:00 | Attr = ])

C:\WINDOWS\SYSTEM32\MRT.exe
#PECompact2 (Microsoft Corporation [Ver = 1.20.1625.0 | Size = 8960936 bytes | Date = 09.11.2006 20:37 | Attr = ])

C:\WINDOWS\SYSTEM32\MRT.exe
#aspack (Microsoft Corporation [Ver = 1.20.1625.0 | Size = 8960936 bytes | Date = 09.11.2006 20:37 | Attr = ])

C:\WINDOWS\SYSTEM32\ntbackup.exe
#WSUD (Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) | Size = 1135616 bytes | Date = 08.29.2002 15:00 | Attr = ])

C:\WINDOWS\SYSTEM32\nusrmgr.cpl
#WSUD (Microsoft Corporation [Ver = 6.00.2600.0000 (xpclient.010817-1148) | Size = 256000 bytes | Date = 08.29.2002 15:00 | Attr = ])

C:\WINDOWS\SYSTEM32\rasdlg.dll
#Umonitor (Microsoft Corporation [Ver = 5.1.2600.1106 (xpsp1.020828-1920) | Size = 631808 bytes | Date = 08.29.2002 15:00 | Attr = ])

C:\WINDOWS\SYSTEM32\wbdbase.deu
#winsync ( [Ver = | Size = 1309184 bytes | Date = 08.29.2002 15:00 | Attr = ])

%System%\Drivers folder and sub-folders
#

C:\WINDOWS\SYSTEM32\drivers\avg7core.sys
#UPX! (GRISOFT, s.r.o. [Ver = 7,1,0,402 | Size = 777472 bytes | Date = 08.08.2006 09:23 | Attr = ])

C:\WINDOWS\SYSTEM32\drivers\avg7core.sys
#FSG! (GRISOFT, s.r.o. [Ver = 7,1,0,402 | Size = 777472 bytes | Date = 08.08.2006 09:23 | Attr = ])

C:\WINDOWS\SYSTEM32\drivers\avg7core.sys
#PEC2 (GRISOFT, s.r.o. [Ver = 7,1,0,402 | Size = 777472 bytes | Date = 08.08.2006 09:23 | Attr = ])

C:\WINDOWS\SYSTEM32\drivers\avg7core.sys
#aspack (GRISOFT, s.r.o. [Ver = 7,1,0,402 | Size = 777472 bytes | Date = 08.08.2006 09:23 | Attr = ])

%windir% + sub-dirs for System or Hidden files less than 60 days old
#

C:\WINDOWS\bootstat.dat
# ( [Ver = | Size = 2048 bytes | Date = 09.14.2006 03:08 | Attr = S])

C:\WINDOWS\inf\oem3.inf
# ( [Ver = | Size = 0 bytes | Date = 09.01.2006 17:57 | Attr = H ])

C:\WINDOWS\system32\vsconfig.xml
# ( [Ver = | Size = 35870 bytes | Date = 09.14.2006 03:08 | Attr = H ])

C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB918899-IE6SP1-20060725.123917.cat
# ( [Ver = | Size = 21765 bytes | Date = 08.31.2006 08:33 | Attr = S])

C:\WINDOWS\system32\config\default.LOG
# ( [Ver = | Size = 1024 bytes | Date = 09.23.2006 20:36 | Attr = H ])

C:\WINDOWS\system32\config\SAM.LOG
# ( [Ver = | Size = 1024 bytes | Date = 09.14.2006 03:08 | Attr = H ])

C:\WINDOWS\system32\config\SECURITY.LOG
# ( [Ver = | Size = 1024 bytes | Date = 09.23.2006 00:10 | Attr = H ])

C:\WINDOWS\system32\config\software.LOG
# ( [Ver = | Size = 1024 bytes | Date = 09.23.2006 20:31 | Attr = H ])

C:\WINDOWS\system32\config\system.LOG
# ( [Ver = | Size = 1024 bytes | Date = 09.23.2006 19:50 | Attr = H ])

C:\WINDOWS\system32\config\systemprofile\ntuser.dat.LOG
# ( [Ver = | Size = 1024 bytes | Date = 09.14.2006 03:01 | Attr = H ])

C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\User\36d7312b-dfaa-4493-b868-71df16cada9e
# ( [Ver = | Size = 388 bytes | Date = 09.02.2006 03:07 | Attr = HS])

C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\User\Preferred
# ( [Ver = | Size = 24 bytes | Date = 09.02.2006 03:07 | Attr = HS])

C:\WINDOWS\system32\Restore\filelist.xml
# ( [Ver = | Size = 13698 bytes | Date = 09.01.2006 17:58 | Attr = RHS])

C:\WINDOWS\Tasks\SA.DAT
# ( [Ver = | Size = 6 bytes | Date = 09.14.2006 03:08 | Attr = H ])

CPL files
#

C:\WINDOWS\SYSTEM32\access.cpl
# (Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) | Size = 66048 bytes | Date = 08.29.2002 15:00 | Attr = ])

C:\WINDOWS\SYSTEM32\appwiz.cpl
# (Microsoft Corporation [Ver = 5.1.2600.1106 (xpsp1.020828-1920) | Size = 578560 bytes | Date = 08.29.2002 15:00 | Attr = ])

C:\WINDOWS\SYSTEM32\desk.cpl
# (Microsoft Corporation [Ver = 5.1.2600.1106 (xpsp1.020828-1920) | Size = 129024 bytes | Date = 08.29.2002 15:00 | Attr = ])

C:\WINDOWS\SYSTEM32\DIRECTX.CPL
# (Microsoft Corporation [Ver = 5.04.00.3900 | Size = 135168 bytes | Date = 09.30.2004 18:17 | Attr = ])

C:\WINDOWS\SYSTEM32\hdwwiz.cpl
# (Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) | Size = 150016 bytes | Date = 08.29.2002 15:00 | Attr = ])

C:\WINDOWS\SYSTEM32\inetcpl.cpl
# (Microsoft Corporation [Ver = 6.00.2800.1106 (xpsp1.020828-1920) | Size = 292352 bytes | Date = 08.29.2002 15:00 | Attr = ])

C:\WINDOWS\SYSTEM32\intl.cpl
# (Microsoft Corporation [Ver = 5.1.2600.1106 (xpsp1.020828-1920) | Size = 121856 bytes | Date = 08.29.2002 15:00 | Attr = ])

C:\WINDOWS\SYSTEM32\joy.cpl
# (Microsoft Corporation [Ver = 5.1.2600.1106 (xpsp1.020828-1920) | Size = 208896 bytes | Date = 08.29.2002 03:41 | Attr = ])

C:\WINDOWS\SYSTEM32\main.cpl
# (Microsoft Corporation [Ver = 5.1.2403.1 | Size = 187904 bytes | Date = 08.29.2002 15:00 | Attr = ])

C:\WINDOWS\SYSTEM32\mmsys.cpl
# (Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) | Size = 559616 bytes | Date = 08.29.2002 15:00 | Attr = ])

C:\WINDOWS\SYSTEM32\ncpa.cpl
# (Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) | Size = 35840 bytes | Date = 08.29.2002 15:00 | Attr = ])

C:\WINDOWS\SYSTEM32\nusrmgr.cpl
# (Microsoft Corporation [Ver = 6.00.2600.0000 (xpclient.010817-1148) | Size = 256000 bytes | Date = 08.29.2002 15:00 | Attr = ])

C:\WINDOWS\SYSTEM32\nwc.cpl
# (Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) | Size = 36864 bytes | Date = 08.29.2002 15:00 | Attr = ])

C:\WINDOWS\SYSTEM32\odbccp32.cpl
# (Microsoft Corporation [Ver = 3.520.7713.0 | Size = 36864 bytes | Date = 08.29.2002 15:00 | Attr = ])

C:\WINDOWS\SYSTEM32\powercfg.cpl
# (Microsoft Corporation [Ver = 6.00.2600.0000 (xpclient.010817-1148) | Size = 109056 bytes | Date = 08.29.2002 15:00 | Attr = ])

C:\WINDOWS\SYSTEM32\sysdm.cpl
# (Microsoft Corporation [Ver = 5.1.2600.1106 (xpsp1.020828-1920) | Size = 268288 bytes | Date = 08.29.2002 15:00 | Attr = ])

C:\WINDOWS\SYSTEM32\telephon.cpl
# (Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) | Size = 28160 bytes | Date = 08.29.2002 15:00 | Attr = ])

C:\WINDOWS\SYSTEM32\timedate.cpl
# (Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) | Size = 90112 bytes | Date = 08.29.2002 15:00 | Attr = ])

C:\WINDOWS\SYSTEM32\wuaucpl.cpl
# (Microsoft Corporation [Ver = 5.8.0.2469 built by: lab01_n(wmbla) | Size = 174360 bytes | Date = 05.26.2005 04:16 | Attr = ])

C:\WINDOWS\SYSTEM32\dllcache\access.cpl
# (Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) | Size = 66048 bytes | Date = 08.29.2002 15:00 | Attr = ])

C:\WINDOWS\SYSTEM32\dllcache\appwiz.cpl
# (Microsoft Corporation [Ver = 5.1.2600.1106 (xpsp1.020828-1920) | Size = 578560 bytes | Date = 08.29.2002 15:00 | Attr = ])

C:\WINDOWS\SYSTEM32\dllcache\desk.cpl
# (Microsoft Corporation [Ver = 5.1.2600.1106 (xpsp1.020828-1920) | Size = 129024 bytes | Date = 08.29.2002 15:00 | Attr = ])

C:\WINDOWS\SYSTEM32\dllcache\hdwwiz.cpl
# (Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) | Size = 150016 bytes | Date = 08.29.2002 15:00 | Attr = ])

C:\WINDOWS\SYSTEM32\dllcache\inetcpl.cpl
# (Microsoft Corporation [Ver = 6.00.2800.1106 (xpsp1.020828-1920) | Size = 292352 bytes | Date = 08.29.2002 15:00 | Attr = ])

C:\WINDOWS\SYSTEM32\dllcache\intl.cpl
# (Microsoft Corporation [Ver = 5.1.2600.1106 (xpsp1.020828-1920) | Size = 121856 bytes | Date = 08.29.2002 15:00 | Attr = ])

C:\WINDOWS\SYSTEM32\dllcache\joy.cpl
# (Microsoft Corporation [Ver = 5.1.2600.1106 (xpsp1.020828-1920) | Size = 208896 bytes | Date = 08.29.2002 03:41 | Attr = ])

C:\WINDOWS\SYSTEM32\dllcache\main.cpl
# (Microsoft Corporation [Ver = 5.1.2403.1 | Size = 187904 bytes | Date = 08.29.2002 15:00 | Attr = ])

C:\WINDOWS\SYSTEM32\dllcache\mmsys.cpl
# (Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) | Size = 559616 bytes | Date = 08.29.2002 15:00 | Attr = ])

C:\WINDOWS\SYSTEM32\dllcache\ncpa.cpl
# (Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) | Size = 35840 bytes | Date = 08.29.2002 15:00 | Attr = ])

C:\WINDOWS\SYSTEM32\dllcache\nusrmgr.cpl
# (Microsoft Corporation [Ver = 6.00.2600.0000 (xpclient.010817-1148) | Size = 256000 bytes | Date = 08.29.2002 15:00 | Attr = ])

C:\WINDOWS\SYSTEM32\dllcache\nwc.cpl
# (Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) | Size = 36864 bytes | Date = 08.29.2002 15:00 | Attr = ])

C:\WINDOWS\SYSTEM32\dllcache\odbccp32.cpl
# (Microsoft Corporation [Ver = 3.520.7713.0 | Size = 36864 bytes | Date = 08.29.2002 15:00 | Attr = ])

C:\WINDOWS\SYSTEM32\dllcache\powercfg.cpl
# (Microsoft Corporation [Ver = 6.00.2600.0000 (xpclient.010817-1148) | Size = 109056 bytes | Date = 08.29.2002 15:00 | Attr = ])

C:\WINDOWS\SYSTEM32\dllcache\sapi.cpl
# (Microsoft Corporation [Ver = 5.1.4111.00 (xpsp1.020828-1920) | Size = 147456 bytes | Date = 08.29.2002 15:00 | Attr = ])

C:\WINDOWS\SYSTEM32\dllcache\sysdm.cpl
# (Microsoft Corporation [Ver = 5.1.2600.1106 (xpsp1.020828-1920) | Size = 268288 bytes | Date = 08.29.2002 15:00 | Attr = ])

C:\WINDOWS\SYSTEM32\dllcache\telephon.cpl
# (Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) | Size = 28160 bytes | Date = 08.29.2002 15:00 | Attr = ])

C:\WINDOWS\SYSTEM32\dllcache\timedate.cpl
# (Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) | Size = 90112 bytes | Date = 08.29.2002 15:00 | Attr = ])

C:\WINDOWS\SYSTEM32\ReinstallBackups\0001\DriverFiles\DIRECTX.CPL
# (Microsoft Corporation [Ver = 5.04.00.3900 | Size = 135168 bytes | Date = 09.30.2004 18:17 | Attr = ])

Auto-Start Folders
#

HKLM->Explorer\Shell Folders\\Common Startup
# = C:\Documents and Settings\All Users\Start Menu\Programs\Startup

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\desktop.ini
#( [Ver = | Size = 84 bytes | Date = 06.09.2006 22:25 | Attr = HS])

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Reset.lnk
#C:\WINDOWS\repair\reset.bat ( [Ver = | Size = 238 bytes | Date = 05.21.2001 14:34 | Attr = ])

HKLM->Explorer\User Shell Folders\\Common Startup
# = %ALLUSERSPROFILE%\Start Menu\Programs\Startup

HKLM->Explorer\Shell Folders\\Startup
# = C:\Documents and Settings\X\Start Menu\Programs\Startup

C:\Documents and Settings\X\Start Menu\Programs\Startup\desktop.ini
#( [Ver = | Size = 84 bytes | Date = 05.22.2006 14:34 | Attr = HS])

HKCU->Explorer\User Shell Folders\\Startup
# = %USERPROFILE%\Start Menu\Programs\Startup

Miscellaneous Auto-Start Files
#

System.ini->[Boot]\\Shell
#Explorer.exe

Config.nt: Line 1
#REM Windows MS-DOS Startup File

Config.nt: Line 2
#REM

Config.nt: Line 3
#REM CONFIG.SYS vs CONFIG.NT

Config.nt: Line 4
#REM CONFIG.SYS is not used to initialize the MS-DOS environment.

Config.nt: Line 5
#REM CONFIG.NT is used to initialize the MS-DOS environment unless a

Config.nt: Line 6
#REM different startup file is specified in an application's PIF.

Config.nt: Line 7
#REM

Config.nt: Line 8
#REM ECHOCONFIG

Config.nt: Line 9
#REM By default, no information is displayed when the MS-DOS environment

Config.nt: Line 10
#REM is initialized. To display CONFIG.NT/AUTOEXEC.NT information, add

Config.nt: Line 11
#REM the command echoconfig to CONFIG.NT or other startup file.

Config.nt: Line 12
#REM

Config.nt: Line 13
#REM NTCMDPROMPT

Config.nt: Line 14
#REM When you return to the command prompt from a TSR or while running an

Config.nt: Line 15
#REM MS-DOS-based application, Windows runs COMMAND.COM. This allows the

Config.nt: Line 16
#REM TSR to remain active. To run CMD.EXE, the Windows command prompt,

Config.nt: Line 17
#REM rather than COMMAND.COM, add the command ntcmdprompt to CONFIG.NT or

Config.nt: Line 18
#REM other startup file.

Config.nt: Line 19
#REM

Config.nt: Line 20
#REM DOSONLY

Config.nt: Line 21
#REM By default, you can start any type of application when running

Config.nt: Line 22
#REM COMMAND.COM. If you start an application other than an MS-DOS-based

Config.nt: Line 23
#REM application, any running TSR may be disrupted. To ensure that only

Config.nt: Line 24
#REM MS-DOS-based applications can be started, add the command dosonly to

Config.nt: Line 25
#REM CONFIG.NT or other startup file.

Config.nt: Line 26
#REM

Config.nt: Line 27
#REM EMM

Config.nt: Line 28
#REM You can use EMM command line to configure EMM(Expanded Memory Manager).

Config.nt: Line 29
#REM The syntax is:

Config.nt: Line 30
#REM

Config.nt: Line 31
#REM EMM = [A=AltRegSets] [B=BaseSegment] [RAM]

Config.nt: Line 32
#REM

Config.nt: Line 33
#REM AltRegSets

Config.nt: Line 34
#REM specifies the total Alternative Mapping Register Sets you

Config.nt: Line 35
#REM want the system to support. 1 <= AltRegSets <= 255. The

Config.nt: Line 36
#REM default value is 8.

Config.nt: Line 37
#REM BaseSegment

Config.nt: Line 38
#REM specifies the starting segment address in the Dos conventional

Config.nt: Line 39
#REM memory you want the system to allocate for EMM page frames.

Config.nt: Line 40
#REM The value must be given in Hexdecimal.

Config.nt: Line 41
#REM 0x1000 <= BaseSegment <= 0x4000. The value is rounded down to

Config.nt: Line 42
#REM 16KB boundary. The default value is 0x4000

Config.nt: Line 43
#REM RAM

Config.nt: Line 44
#REM specifies that the system should only allocate 64Kb address

Config.nt: Line 45
#REM space from the Upper Memory Block(UMB) area for EMM page frames

Config.nt: Line 46
#REM and leave the rests(if available) to be used by DOS to support

Config.nt: Line 47
#REM loadhigh and devicehigh commands. The system, by default, would

Config.nt: Line 48
#REM allocate all possible and available UMB for page frames.

Config.nt: Line 49
#REM

Config.nt: Line 50
#REM The EMM size is determined by pif file(either the one associated

Config.nt: Line 51
#REM with your application or _default.pif). If the size from PIF file

Config.nt: Line 52
#REM is zero, EMM will be disabled and the EMM line will be ignored.

Config.nt: Line 53
#REM

Config.nt: Line 54
#dos=high, umb

Config.nt: Line 55
#device=%SystemRoot%\system32\himem.sys

Config.nt: Line 56
#files=40

AutoExec.nt: Line 1
#@echo off

AutoExec.nt: Line 3
#REM AUTOEXEC.BAT is not used to initialize the MS-DOS environment.

AutoExec.nt: Line 4
#REM AUTOEXEC.NT is used to initialize the MS-DOS environment unless a

AutoExec.nt: Line 5
#REM different startup file is specified in an application's PIF.

AutoExec.nt: Line 7
#REM Install CD ROM extensions

AutoExec.nt: Line 8
#lh %SystemRoot%\system32\mscdexnt.exe

AutoExec.nt: Line 10
#REM Install network redirector (load before dosx.exe)

AutoExec.nt: Line 11
#lh %SystemRoot%\system32\redir

AutoExec.nt: Line 13
#REM Install DPMI support

AutoExec.nt: Line 14
#lh %SystemRoot%\system32\dosx

AutoExec.nt: Line 16
#REM The following line enables Sound Blaster 2.0 support on NTVDM.

AutoExec.nt: Line 17
#REM The command for setting the BLASTER environment is as follows:

AutoExec.nt: Line 18
#REM SET BLASTER=A220 I5 D1 P330

AutoExec.nt: Line 19
#REM where:

AutoExec.nt: Line 20
#REM A specifies the sound blaster's base I/O port

AutoExec.nt: Line 21
#REM I specifies the interrupt request line

AutoExec.nt: Line 22
#REM D specifies the 8-bit DMA channel

AutoExec.nt: Line 23
#REM P specifies the MPU-401 base I/O port

AutoExec.nt: Line 24
#REM T specifies the type of sound blaster card

AutoExec.nt: Line 25
#REM 1 - Sound Blaster 1.5

AutoExec.nt: Line 26
#REM 2 - Sound Blaster Pro I

AutoExec.nt: Line 27
#REM 3 - Sound Blaster 2.0

AutoExec.nt: Line 28
#REM 4 - Sound Blaster Pro II

AutoExec.nt: Line 29
#REM 6 - SOund Blaster 16/AWE 32/32/64

AutoExec.nt: Line 30
#REM

AutoExec.nt: Line 31
#REM The default value is A220 I5 D1 T3 and P330. If any of the switches is

AutoExec.nt: Line 32
#REM left unspecified, the default value will be used. (NOTE, since all the

AutoExec.nt: Line 33
#REM ports are virtualized, the information provided here does not have to

AutoExec.nt: Line 34
#REM match the real hardware setting.) NTVDM supports Sound Blaster 2.0 only.

AutoExec.nt: Line 35
#REM The T switch must be set to 3, if specified.

AutoExec.nt: Line 36
#SET BLASTER=A220 I5 D1 P330 T3

AutoExec.nt: Line 38
#REM To disable the sound blaster 2.0 support on NTVDM, specify an invalid

AutoExec.nt: Line 39
#REM SB base I/O port address. For example:

AutoExec.nt: Line 40
#REM SET BLASTER=A0

Miscellaneous Folders
#

AllUsers ApplicationData Folder
#

C:\Documents and Settings\All Users\Application Data\desktop.ini
# ( [Ver = | Size = 62 bytes | Date = 06.09.2006 21:52 | Attr = HS])

CurrentUser ApplicationData Folder
#

C:\Documents and Settings\X\Application Data\desktop.ini
# ( [Ver = | Size = 62 bytes | Date = 05.22.2006 17:25 | Attr = HS])

Program Files Folder
#

Common Files Folder
#

DPF files
#

{6414512B-B978-451D-A0D8-FCFDF33E833C}
#WUWebControl Class - CodeBase = http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1157122585079

DirectAnimation Java Classes
# - CodeBase = file://C:\WINDOWS\Java\classes\dajava.cab

Microsoft XML Parser for Java
# - CodeBase = file://C:\WINDOWS\Java\classes\xmldso.cab

Hosts file = 734 bytes. Reading all entries.
#C:\WINDOWS\System32\drivers\etc\Hosts

# Copyright (c) 1993-1999 Microsoft Corp.
#

#
#

# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#

#
#

# This file contains the mappings of IP addresses to host names. Each
#

# entry should be kept on an individual line. The IP address should
#

# be placed in the first column followed by the corresponding host name.
#

# The IP address and the host name should be separated by at least one
#

# space.
#

#
#

# Additionally, comments (such as these) may be inserted on individual
#

# lines or following the machine name denoted by a '#' symbol.
#

#
#

# For example:
#

#
#

# 102.54.94.97 rhino.acme.com # source server
#

# 38.25.63.10 x.acme.com # x client host
#

#

127.0.0.1 localhost
#

Daniii · 26.09.2006

Mulla on nyt vähän kiirettä ni en ehdi tarkemmin syynätä tätä, toivottavasti joku viittii kattoa tarkemmin, mun silmään ei nyt pikasen katsauksen jälkeen paistanu mitään kriittistä.

Kirjaudu tai liity jäseneksi

Kone jumittaa ja HJT logi

NoSkillZ Regular member

Daniii Regular member

Wezda Regular member

Sebu92 Active member

-kemisti- Active member

Sebu92 Active member

Wezda Regular member

NoSkillZ Regular member

Daniii Regular member

NoSkillZ Regular member

Daniii Regular member

Jaa tämä sivu

Kirjaudu tai liity jäseneksi

Kone jumittaa ja HJT logi

NoSkillZ Regular member

Daniii Regular member

Wezda Regular member

Sebu92 Active member

-kemisti- Active member

Sebu92 Active member

Wezda Regular member

NoSkillZ Regular member

Daniii Regular member

NoSkillZ Regular member

Daniii Regular member

Jaa tämä sivu

Hyödyllisiä hakuja