tuli tyhmyyksissä painettua tuota messengerin kautta leviävässä linkkiä... löytyisköhän apua kiitos
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:23:53, on 24.11.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\System32\Ati2evxx.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\Ati2evxx.exe
D:\WINDOWS\system32\spoolsv.exe
D:\WINDOWS\Explorer.EXE
D:\WINDOWS\SOUNDMAN.EXE
D:\Program Files\Winamp\winampa.exe
D:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
D:\WINDOWS\system32\ctfmon.exe
D:\Program Files\DAEMON Tools\daemon.exe
D:\WINDOWS\system32\svchost.exe
D:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
D:\Program Files\MSN Messenger\usnsvc.exe
D:\progra~1\steam\steam.exe
D:\Program Files\mIRC\mirc.exe
D:\Program Files\Mozilla Firefox\firefox.exe
D:\Program Files\Winamp\winamp.exe
D:\WINDOWS\system32\rundll32.exe
D:\WINDOWS\regedit.exe
D:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - D:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [WinampAgent] "D:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [NeroCheck] D:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [AVP] "D:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "D:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Steam] "d:\progra~1\steam\steam.exe" -silent
O4 - HKCU\..\Run: [DAEMON Tools] "D:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Policies\Explorer\Run: [NTSpool] NTSpool.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] D:\WINDOWS\System32\CTFMON.EXE (User 'Paikallinen palve')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] D:\WINDOWS\System32\CTFMON.EXE (User 'Verkkopalve')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] D:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] D:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = D:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - D:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\SCIEPlgn.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1193682832406
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{B9756DF9-D829-4263-AAE0-B8E0035FB404}: NameServer = 212.50.211.242 212.50.192.226
O23 - Service: Ati HotKey Poller - Unknown owner - D:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - D:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Kaspersky Anti-Virus 7.0 (AVP) - Kaspersky Lab - D:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
--
End of file - 4060 bytes
Mesenger virus
38
9838
Vastaukset
- axa.doe
Onko palomuuria käytössä?
Joko löysit apua muualta?
Ellet, niin
Lataa http://downloads.andymanchesta.com/RemovalTools/SDFix.zip ja tallenna se työpöydällesi.
Käynnistä koneesi vikasietotilaan ja valitse tavallinen käyttäjätilisi:
* Käynnistä tietokone
* Kun kuulet koneen piippaavan, paina F8, kuitenkin ennen Windowsin logon esiintuloa
* Seuraavaksi pitäisi ilmestyä valikko
* Valitse valikosta vikasietotila.
* Kun vikasietotilassa, pura tiedoston SDFix.zip sisältö (SDFix kansio). Työpöydälle ilmestyy sdfix.exe. Tuplakilikkaa sitä, niin tiedosto purkaantuu ja asentaa itsensä siihen levyasemaan, minne on käyttöjärjestelmä on asennettu ja juureen ilmestyy kansio SDFix, ESIM C:\SDFix
* Avaa SDFix-kansio ja tuplaklikkaa tiedostoa RunThis.bat käynnistääksesi ohjelman.
* Paina Y käynnistääksesi skriptin.
* Työkalu puhdistaa troijalaisen palvelut ja tekee myös joitakin korjauksia rekisteriin. Lopuksi se pyytää käynnistämään koneen uudelleen, "Press any key to Reboot".
* Paina mitä tahansa näppäintä ja kone käynnistyy uudelleen.
* Käynnistyminen kestää normaalia kauemmin sillä SDFix puhdistaa konetta.
* Kun kone on käynnistynyt ja työpöytä latautunut, SDFix kertoo että puhdistus on suoritettu, "Finished".
* Paina sitten mitä tahansa näppäintä sulkeaksesi skriptin ja ladataksesi pikakuvakkeet työpöydälle.
***
Lataa CCleaner tästä
http://www.atribune.org/ccount/click.php?id=1
* Asennuksessa poista merkki/rasti kohdasta "asenna Yahoo! toolbar/työkalupalkki".
* Asennuksen jälkeen aukaise CCleaner.
* Valitse vasemmalta pystyrivistä Options.
o Valitse viereisestä pystyrivistä Settings.
o Language kohtaan valitse Suomi.
Valinnat
*Lisäasetukset
0 Ota ruksi pois kohdasta:
0 Poista vain yli 48 tuntia
Puhdistaja
* Valitse vasemmalta pystyrivistä Puhdistaja.
o Paina alhaalta Tutki.
Nyt CCleaner tutkii, mitä voidaan poistaa (tempit, cookiessit jne.).
o Kun tutkiminen on valmis, paina Aja CCleaner.
Nyt CCleaner poistaa löydetyt tempit, cookiessit jne.
Rekisterin virheiden korjaus
* Valitse vasemmalta pystyrivistä Virheet.
o Paina alhaalta Etsi rekisterin virheitä.
o Kun etsintä on valmis ja olet varma, että haluat korjata ne rivit jotka ovat merkattuja, niin paina Korjaa valitut rekisterin virheet.
o Sinulta kysytään "haluatko varmuuskopioida muutokset rekisteriin", paina Kyllä. Tallenna varmuuskopio vaikka "Omat tiedostot" -kansioon.
o Klikkaa uudesta aukeavasta ikkunasta Korjaa kaikki valitut virheet.
o Saat vielä varmistus kysymyksen, paina Ok.
o Kun virheet on korjattu, paina Sulje.
* Nyt voit suljea CCleanerin painamalla oikealta ylhäältä punaista rastia.
***
Ohje AVG Anti-Spyware 7.5:n käyttöön
Huom! Tässä ohjeessa sammutetaan tuo reaaliaikasuojaus (Shield). Näin vältetään tilanteet, joissa suojaus estäisi esim HijackThis
työkalun toimintaa.
Tallenna nämä ohjeet tekstitiedostoon tai tulosta nämä, muuten et pääse niihin käsiksi vikasietotilasta
Lataa AVG Anti-Spyware 7.5 http://www.ewido.net/en/download/ ja tallenna ohjelma työpöydällesi.
* Kun olet ladannut ohjelman, kaksoisklikkaa asennuohjelman pikakuvaketta työpöydälläsi, asennus alkaa.
* Asennuksen jälkeen täytyy ohjelma käynnistää ja sen tunnisteet päivittää.
* Käynnistä AVG Anti-Spyware.
* Klikkaa "Update" kuvaketta päävalikossa. Sen jälkeen klikkaa "Update now" painiketta.
o Sitten klikkaa "Start Update" kuvaketta jolloin päivitys alkaa.
Jos automaattipäivitys ei jostain syystä toimi, niin tunnisteet voi ladata manuaalisesti
http://www.ewido.net/en/download/updates/ -linkin takaa.
* Kun päivitykset on ladattu, klikkaa "Scanner" kuvaketta ikkunan ylälaidassa. Valitse sitten "Settings" välilehti.
* Kun "Settings" valikko on auennut, klikkaa "Recommended actions" ja sitten valitse "Quarantine".
* Sitten "Reports" valikon alta:
o Ota täppi pois kohdasta "Do not automatically generate reports"
o Ota täppi pois kohdasta "Only if threats were found"
* Sitten klikkaa "Shield" kuvaketta ikkunan ylälaidassa
* "Resident shield is", muuta tila active:sta inactive:ksi
* Sulje ohjelma, älä skannaa vielä.
Käynnistä koneesi vikasietotilaan, näpyttele käynnistyksen yhteydessä F8:ia, ja valitse aukeavasta
ikkunasta safe mode, vikasietotila.
HUOM! Älä käytä muita ohjelmia AVG skannauksen aikana, tämä saattaa häiritä skannausta.
* Kun vikasietotilassa, käynnistä AVG Anti-Spyware.
* Klikkaa "Scanner" kuvaketta ikkunan ylälaidassa ja valitse "Scan" välilehti. Sitten klikkaa "Complete System Scan".
* Ewido aloittaa nyt tietokoneen skannaamisen, ole kärsivällinen sillä skannaus vie aikaa.
Kun skannaus on valmis:
TÄRKEÄÄ!: ÄLÄ klikkaa "Save Scan Report" ennen kuin klikkaat "Apply all Actions"
* Varmistu, että Set all elements to: näyttää Quarantine, jos ei, klikkaa linkkiä ja valitse Quarantine popup-valikosta.
* Sinulta kysytään mitä tehdä jos infektioita löytyi, valitse silloin "Apply all actions"
* Sitten klikkaa "Reports" kuvaketta ohjelma yläosasta.
* Klikkaa "Save report as" painiketta ikkunan vasemmassa alalaidassa ja tallenna raportti työpöydälle.
* Sulje ohjelma, käynnistä kone normaalisti
Avaa SDFix kansio (työpöydällä) ja kopioi & liitä tiedoston Report.txt sisältö tänne
AVG:n raportin ja uuden HijackThis lokin kera.- aatu
moro axa.doe :)mulle tuli myös tuon mesen kautta virus/viruksia koneelle ja tein nuo sinun kaikki neuvot, mutta edelleen minun antivir hälyttää kokoajan troijan hevosia... missähän vika...?
tässä hijackthis raportti skannauksien ja puhdistusten jälkeen:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 0:37:33, on 27.1.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\WIDCOMM\Bluetooth-ohjelmisto\BTTray.exe
C:\Program Files\Option\GlobeTrotter Connect\GlobeTrotter Connect.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\WIDCOMM\Bluetooth-ohjelmisto\bin\btwdins.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\GtFlashSwitch\GtFlashSwitch.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\mqsvc.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\WINDOWS\system32\mqtgsvc.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5AAF23D8-4489-43D8-A064-319D1254ABCA} - C:\WINDOWS\system32\mljijif.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {958C2C5C-D7F4-40E4-BC7D-506826B97484} - (no file)
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /nodetect
O4 - HKLM\..\Run: [MsmqIntCert] regsvr32 /s mqrt.dll
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] CHDAudPropShortcut.exe
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Paikallinen palve')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Verkkopalve')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: GlobeTrotter Connect.lnk = C:\Program Files\Option\GlobeTrotter Connect\GlobeTrotter Connect.exe
O8 - Extra context menu item: Download all links using BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: Download all videos using BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: Download link using &BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\WINDOWS\system32\shdocvw.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by115fd.bay115.hotmail.msn.com/resources/MsnPUpld.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Filter hijack: text/html - {2AB289AE-4B90-4281-B2AE-1F4BB034B647} - (no file)
O20 - Winlogon Notify: mljijif - C:\WINDOWS\SYSTEM32\mljijif.dll
O23 - Service: AddFiltr - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth-ohjelmisto\bin\btwdins.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: DomainService - Unknown owner - C:\WINDOWS\system32\ikrhiyxd.exe (file missing)
O23 - Service: GtFlashSwitch - OptionNV - C:\Program Files\Common Files\GtFlashSwitch\GtFlashSwitch.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - c:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod-palvelu (iPod Service) - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing)
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Unknown owner - C:\Program Files\Norton AntiVirus\isPwdSvc.exe (file missing)
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Unknown owner - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe (file missing)
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
--
End of file - 8555 bytes
ja tässä tuo AVG:n raportti:
---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------
Created at: 0:30:47 27.1.2008
Scan result:
Nothing found.
::Report end
palomuurina mulla on tuo windowsin oma palomuuri... - axa.doe
aatu kirjoitti:
moro axa.doe :)mulle tuli myös tuon mesen kautta virus/viruksia koneelle ja tein nuo sinun kaikki neuvot, mutta edelleen minun antivir hälyttää kokoajan troijan hevosia... missähän vika...?
tässä hijackthis raportti skannauksien ja puhdistusten jälkeen:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 0:37:33, on 27.1.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\WIDCOMM\Bluetooth-ohjelmisto\BTTray.exe
C:\Program Files\Option\GlobeTrotter Connect\GlobeTrotter Connect.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\WIDCOMM\Bluetooth-ohjelmisto\bin\btwdins.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\GtFlashSwitch\GtFlashSwitch.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\mqsvc.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\WINDOWS\system32\mqtgsvc.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5AAF23D8-4489-43D8-A064-319D1254ABCA} - C:\WINDOWS\system32\mljijif.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {958C2C5C-D7F4-40E4-BC7D-506826B97484} - (no file)
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /nodetect
O4 - HKLM\..\Run: [MsmqIntCert] regsvr32 /s mqrt.dll
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] CHDAudPropShortcut.exe
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Paikallinen palve')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Verkkopalve')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: GlobeTrotter Connect.lnk = C:\Program Files\Option\GlobeTrotter Connect\GlobeTrotter Connect.exe
O8 - Extra context menu item: Download all links using BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: Download all videos using BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: Download link using &BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\WINDOWS\system32\shdocvw.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by115fd.bay115.hotmail.msn.com/resources/MsnPUpld.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Filter hijack: text/html - {2AB289AE-4B90-4281-B2AE-1F4BB034B647} - (no file)
O20 - Winlogon Notify: mljijif - C:\WINDOWS\SYSTEM32\mljijif.dll
O23 - Service: AddFiltr - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth-ohjelmisto\bin\btwdins.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: DomainService - Unknown owner - C:\WINDOWS\system32\ikrhiyxd.exe (file missing)
O23 - Service: GtFlashSwitch - OptionNV - C:\Program Files\Common Files\GtFlashSwitch\GtFlashSwitch.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - c:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod-palvelu (iPod Service) - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing)
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Unknown owner - C:\Program Files\Norton AntiVirus\isPwdSvc.exe (file missing)
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Unknown owner - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe (file missing)
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
--
End of file - 8555 bytes
ja tässä tuo AVG:n raportti:
---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------
Created at: 0:30:47 27.1.2008
Scan result:
Nothing found.
::Report end
palomuurina mulla on tuo windowsin oma palomuuri...Ensinnäkin, sulla on myös Symantecin virustorjunta koneella (ei palomuuria?)
Jos meinaat pitää AntiVirin, niin avaa Ohjauspaneeli ja poista kaikki
* Symanteciin liittyvä
* Liveupdate
Käynnistä sen jälkeen kone uudelleen
***
Saitko laitettua AntiVirin löytöjä karanteeniin? Etsi AntiVirin viimeinen raportti ja
kopsaa se tänne myös.
1. Lataa combofix.exe työpöydällesi jommastakummasta linkistä:
http://www.techsupportforum.com/sectools/sUBs/ComboFix.exe
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
2. Tuplaklikkaa combofix.exe tiedostoa ja seuraa ohjeistuksia.
3. Kun työkalu on valmis, se tuottaa lokin. (C:\ComboFix.txt)
Huom!! ÄLÄ klikkaile combofixin ikkunaa käytön aikana. Tämä saattaa aiheuttaa ohjelman jumiutumisen.
Lähetä C:\ComboFix.txt
ja SDFixin Report.txt sisältö ( C:\SDFix kansiossa) tänne
uuden HijackThis login mukana. - aatu
axa.doe kirjoitti:
Ensinnäkin, sulla on myös Symantecin virustorjunta koneella (ei palomuuria?)
Jos meinaat pitää AntiVirin, niin avaa Ohjauspaneeli ja poista kaikki
* Symanteciin liittyvä
* Liveupdate
Käynnistä sen jälkeen kone uudelleen
***
Saitko laitettua AntiVirin löytöjä karanteeniin? Etsi AntiVirin viimeinen raportti ja
kopsaa se tänne myös.
1. Lataa combofix.exe työpöydällesi jommastakummasta linkistä:
http://www.techsupportforum.com/sectools/sUBs/ComboFix.exe
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
2. Tuplaklikkaa combofix.exe tiedostoa ja seuraa ohjeistuksia.
3. Kun työkalu on valmis, se tuottaa lokin. (C:\ComboFix.txt)
Huom!! ÄLÄ klikkaile combofixin ikkunaa käytön aikana. Tämä saattaa aiheuttaa ohjelman jumiutumisen.
Lähetä C:\ComboFix.txt
ja SDFixin Report.txt sisältö ( C:\SDFix kansiossa) tänne
uuden HijackThis login mukana.Poistelin kaikki Symantecin tiedostot mitä löysin mutta tuota "C:\Program Files\Common Files\Symantec Shared" en saanu poistettua... palomuurina mulla on vain tuo windowsin oma palomuuri, ei mitään muuta.
Antivir:n löytämiä viruksia/troijan hevosia en pystynyt laittaan karanteeniin ollenkaan...
Mutta tässäpä nyt näitä raportteja.
Antivir:n virus-skannauksen raportti:
AntiVir PersonalEdition Classic
Report file date: 28. tammikuuta 2008 23:24
Scanning for 1082989 virus strains and unwanted programs.
Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows XP
Windows version: (Service Pack 2) [5.1.2600]
Username: SYSTEM
Computer name: AATU78
Version information:
BUILD.DAT : 270 15603 Bytes 19.9.2007 13:32:00
AVSCAN.EXE : 7.0.6.1 290856 Bytes 23.8.2007 12:16:29
AVSCAN.DLL : 7.0.6.0 49192 Bytes 16.8.2007 11:23:51
LUKE.DLL : 7.0.5.3 147496 Bytes 14.8.2007 14:32:47
LUKERES.DLL : 7.0.6.1 10280 Bytes 21.8.2007 11:35:20
ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18.7.2007 13:27:15
ANTIVIR1.VDF : 7.0.1.95 3367424 Bytes 14.12.2007 19:04:39
ANTIVIR2.VDF : 7.0.2.49 1339904 Bytes 25.1.2008 19:17:59
ANTIVIR3.VDF : 7.0.2.60 171008 Bytes 28.1.2008 20:50:35
AVEWIN32.DLL : 7.6.0.56 3215872 Bytes 26.1.2008 19:17:59
AVWINLL.DLL : 1.0.0.7 14376 Bytes 26.2.2007 09:36:26
AVPREF.DLL : 7.0.2.2 25640 Bytes 18.7.2007 06:39:17
AVREP.DLL : 7.0.0.1 155688 Bytes 16.4.2007 12:16:24
AVPACK32.DLL : 7.6.0.3 360488 Bytes 19.1.2008 19:04:40
AVREG.DLL : 7.0.1.6 30760 Bytes 18.7.2007 06:17:06
AVARKT.DLL : 1.0.0.20 278568 Bytes 28.8.2007 11:26:33
AVEVTLOG.DLL : 7.0.0.20 86056 Bytes 18.7.2007 06:10:18
NETNT.DLL : 7.0.0.0 7720 Bytes 8.3.2007 10:09:42
RCIMAGE.DLL : 7.0.1.30 2342952 Bytes 7.8.2007 11:38:13
RCTEXT.DLL : 7.0.62.0 86056 Bytes 21.8.2007 11:50:37
SQLITE3.DLL : 3.3.17.1 339968 Bytes 23.7.2007 08:37:21
Configuration settings for the scan:
Jobname..........................: Complete system scan
Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: off
Scan boot sector.................: on
Boot sectors.....................: D:,
Scan memory......................: on
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: off
Scan all files...................: Intelligent file selection
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: medium
Start of the scan: 28. tammikuuta 2008 23:24
The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'alg.exe' - '1' Module(s) have been scanned
Scan process 'wmiprvse.exe' - '1' Module(s) have been scanned
Scan process 'dllhost.exe' - '1' Module(s) have been scanned
Scan process 'mqtgsvc.exe' - '1' Module(s) have been scanned
Scan process 'mcrdsvc.exe' - '1' Module(s) have been scanned
Scan process 'hpqwmiex.exe' - '1' Module(s) have been scanned
Scan process 'mqsvc.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'nvsvc32.exe' - '1' Module(s) have been scanned
Scan process 'LSSrvc.exe' - '1' Module(s) have been scanned
Scan process 'GtFlashSwitch.exe' - '1' Module(s) have been scanned
Scan process 'ehSched.exe' - '1' Module(s) have been scanned
Scan process 'ehrecvr.exe' - '1' Module(s) have been scanned
Scan process 'btwdins.exe' - '1' Module(s) have been scanned
Scan process 'guard.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'msdtc.exe' - '1' Module(s) have been scanned
Scan process 'GlobeTrotter Connect.exe' - '1' Module(s) have been scanned
Scan process 'BTTray.exe' - '1' Module(s) have been scanned
Scan process 'msnmsgr.exe' - '1' Module(s) have been scanned
Scan process 'rundll32.exe' - '1' Module(s) have been scanned
Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
Scan process 'avgas.exe' - '1' Module(s) have been scanned
Scan process 'QLBCTRL.exe' - '1' Module(s) have been scanned
Scan process 'rundll32.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'AppSvc32.exe' - '1' Module(s) have been scanned
Scan process 'ccSvcHst.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
43 processes with 43 modules were scanned
Start scanning boot sectors:
Boot sector 'C:\'
[NOTE] No virus was found!
Boot sector 'D:\'
[NOTE] No virus was found!
Starting to scan the registry.
C:\WINDOWS\system32\mljijif.dll
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[WARNING] An error has occurred and the file was not deleted. ErrorID: 16003
[WARNING] The file could not be deleted!
C:\WINDOWS\system32\mljijif.dll
[DETECTION] Is the Trojan horse TR/Vundo.Gen
The registry was scanned ( '30' files ).
Starting the file scan:
Begin scan in 'C:\'
C:\hiberfil.sys
[WARNING] The file could not be opened!
C:\pagefile.sys
[WARNING] The file could not be opened!
C:\System Volume Information\_restore{A13B5E8E-F617-46BA-B368-1985B3BA9E17}\RP4\A0002549.dll
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was moved to '47ce4f91.qua'!
C:\System Volume Information\_restore{A13B5E8E-F617-46BA-B368-1985B3BA9E17}\RP4\A0002550.dll
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was moved to '47ce4f92.qua'!
C:\System Volume Information\_restore{A13B5E8E-F617-46BA-B368-1985B3BA9E17}\RP4\A0002551.dll
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was moved to '4664ec33.qua'!
C:\WINDOWS\system32\efcbbba.VIR
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was moved to '4801519f.qua'!
C:\WINDOWS\system32\gebbbyv.VIR
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was moved to '480051a0.qua'!
C:\WINDOWS\system32\mljijif.dll
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[WARNING] An error has occurred and the file was not deleted. ErrorID: 16003
[WARNING] The file could not be deleted!
C:\WINDOWS\system32\pmkhf.VIR
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was moved to '480951c3.qua'!
Begin scan in 'D:\'
End of the scan: 29. tammikuuta 2008 00:05
Used time: 41:38 min
The scan has been done completely.
6456 Scanning directories
454081 Files were scanned
8 viruses and/or unwanted programs were found
0 Files were classified as suspicious:
0 files were deleted
0 files were repaired
6 files were moved to quarantine
0 files were renamed
2 Files cannot be scanned
454073 Files not concerned
14625 Archives were scanned
4 Warnings
241 Notes
ComboFix raportti:
ComboFix 08-01-29.2 - Administrator 2008-01-29 0:12:22.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1520 [GMT 2:00]
Running from: C:\Documents and Settings\Administrator\Desktop\ComboFix.exe
* Created a new restore point
[color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color]
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
D:\Autorun.inf
C:\WINDOWS\system32\ddabb.dll
C:\WINDOWS\system32\fhkmp.ini
C:\WINDOWS\system32\fhkmp.ini2
C:\WINDOWS\system32\uhijixra.exe
C:\WINDOWS\system32\uvvwa.ini
C:\WINDOWS\system32\uvvwa.ini2
D:\Autorun.inf
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\LEGACY_DOMAINSERVICE
-------\DomainService
-------\nm
((((((((((((((((((((((((( Files Created from 2007-12-28 to 2008-01-28 )))))))))))))))))))))))))))))))
.
2008-01-27 00:13 . 2008-01-27 00:13 552 --a------ C:\WINDOWS\system32\d3d8caps.dat
2008-01-26 23:39 . 2008-01-26 23:39 d-------- C:\Program Files\CCleaner
2008-01-25 23:29 . 2008-01-25 23:29 d-------- C:\Program Files\MSN Messenger
2008-01-25 23:09 . 2008-01-25 23:09 d-------- C:\WINDOWS\D45EC2594A194656B588C2C360DD18EA.TMP
2008-01-25 21:52 . 2008-01-25 21:52 d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-01-25 21:52 . 2008-01-25 21:52 d-------- C:\Documents and Settings\Administrator\Application Data\Grisoft
2008-01-25 21:52 . 2007-05-30 14:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2008-01-25 20:39 . 2008-01-25 20:39 d-------- C:\WINDOWS\ERUNT
2008-01-25 20:23 . 2008-01-25 20:58 d-------- C:\WINDOWS\system32\ZoneLabs
2008-01-25 20:23 . 2008-01-25 20:23 d-------- C:\Documents and Settings\All Users\Application Data\MailFrontier
2008-01-25 20:23 . 2004-04-27 04:40 11,264 --a------ C:\WINDOWS\system32\SpOrder.dll
2008-01-25 20:23 . 2008-01-25 20:24 4,212 ---h----- C:\WINDOWS\system32\zllictbl.dat
2008-01-25 20:22 . 2008-01-25 20:58 d-------- C:\WINDOWS\Internet Logs
2008-01-23 07:08 . 2008-01-23 07:08 8 --a------ C:\WINDOWS\system32\6e9963f7
2008-01-21 14:57 . 2008-01-22 12:41 15,360 --a------ C:\WINDOWS\system32\ctfmon .exe
2008-01-21 14:18 . 2008-01-21 14:18 d-------- C:\Program Files\Trend Micro
2008-01-21 13:58 . 2008-01-21 13:58 d-------- C:\Documents and Settings\All Users\Application Data\Prevx
2008-01-21 13:58 . 2008-01-21 14:12 d-------- C:\Documents and Settings\Administrator\Application Data\PrevxCSI
2008-01-19 21:30 . 2008-01-19 21:30 38,400 --a------ C:\WINDOWS\system32\mljijif.VIR
2008-01-19 21:02 . 2008-01-19 21:02 d-------- C:\Program Files\Avira
2008-01-19 21:02 . 2008-01-19 21:02 d-------- C:\Documents and Settings\All Users\Application Data\Avira
2008-01-11 07:06 . 2008-01-11 07:06 d-------- C:\Documents and Settings\Administrator\Application Data\SystemRequirementsLab
2008-01-11 06:34 . 2008-01-11 06:34 d-------- C:\Program Files\Valve
2008-01-06 18:23 . 2008-01-06 18:23 d-------- C:\Program Files\Option
2008-01-06 18:23 . 2008-01-06 18:23 d-------- C:\Program Files\Common Files\GtFlashSwitch
2008-01-06 16:24 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
2008-01-06 16:24 . 2007-07-30 19:19 207,736 --a------ C:\WINDOWS\system32\muweb.dll
2007-12-31 07:59 . 2008-01-06 17:36 d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2
2007-12-31 06:40 . 2007-07-30 19:19 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui
2007-12-31 06:39 . 2008-01-06 16:04 d-------- C:\Program Files\Option(3)
2007-12-31 06:39 . 2008-01-06 16:04 d-------- C:\Program Files\Common Files\GtFlashSwitch(3)
2007-12-31 06:24 . 2007-12-31 06:24 d-------- C:\Program Files\Nokia Maploader
2007-12-31 06:24 . 2007-12-31 06:24 d-------- C:\Program Files\Common Files\Nokia
2007-12-31 06:24 . 2007-12-31 06:24 d-------- C:\Program Files\ArcSoft
2007-12-30 17:46 . 2007-12-31 06:23 d----c--- C:\Program Files\Common Files\WindowsLiveInstaller
2007-12-30 17:45 . 2008-01-25 22:49 d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller
2007-12-30 00:24 . 2008-01-24 03:29 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2007-12-30 00:24 . 2007-12-30 00:24 1,409 --a------ C:\WINDOWS\QTFont.for
2007-12-28 22:43 . 2007-12-31 06:24 d-------- C:\Program Files\Option(2)
2007-12-28 22:43 . 2007-12-31 06:24 d-------- C:\Program Files\Common Files\GtFlashSwitch(2)
2007-12-28 22:31 . 2007-12-28 22:31 244 --ah----- C:\sqmnoopt19.sqm
2007-12-28 22:31 . 2007-12-28 22:31 232 --ah----- C:\sqmdata19.sqm
2007-12-28 11:23 . 2007-12-28 11:23 244 --ah----- C:\sqmnoopt18.sqm
2007-12-28 11:23 . 2007-12-28 11:23 232 --ah----- C:\sqmdata18.sqm
2007-12-28 02:39 . 2007-12-28 02:39 244 --ah----- C:\sqmnoopt17.sqm
2007-12-28 02:39 . 2007-12-28 02:39 232 --ah----- C:\sqmdata17.sqm
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-28 21:07 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-01-28 21:07 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2008-01-26 21:41 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-01-21 13:04 --------- d-----w C:\Program Files\TuneUp Utilities 2007
2008-01-21 12:10 --------- d-----w C:\Program Files\Google
2008-01-20 12:32 --------- d-----w C:\Documents and Settings\Administrator\Application Data\ICQ
2008-01-20 12:31 --------- d-----w C:\Program Files\ICQToolbar
2008-01-20 04:52 --------- d-----w C:\Program Files\SmitfraudFix
2008-01-20 04:51 --------- d-----w C:\Program Files\QuickTime
2008-01-19 19:08 --------- d-----w C:\Documents and Settings\Administrator\Application Data\Skype
2007-12-31 04:24 --------- d-----w C:\Program Files\Opera
2007-12-31 04:24 --------- d-----w C:\Program Files\Microsoft Works
2007-12-31 04:24 --------- d-----w C:\Documents and Settings\All Users\Application Data\Yahoo!
2007-12-31 04:24 --------- d-----w C:\Documents and Settings\Administrator\Application Data\Yahoo!
2007-12-11 05:13 --------- d-----w C:\Program Files\Canon
.
[code]
----a-w 15,360 2008-01-22 10:41:06 C:\WINDOWS\system32\ctfmon .exe
[/code]
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2006-03-15 22:00 15360]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:55 5674352]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-08-18 10:00 7585792]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2006-08-18 10:00 86016]
"nwiz"="nwiz.exe" [2006-08-18 10:00 1617920 C:\WINDOWS\system32\nwiz.exe]
"MsmqIntCert"="regsvr32 /s mqrt.dll" []
"High Definition Audio Property Page Shortcut"="CHDAudPropShortcut.exe" [2006-06-02 02:02 61952 C:\WINDOWS\system32\CHDAudPropShortcut.exe]
"QlbCtrl"="C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2006-06-19 10:33 163840]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 11:25 6731312]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2006-03-15 22:00 15360]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
BTTray.lnk - C:\Program Files\WIDCOMM\Bluetooth-ohjelmisto\BTTray.exe [2006-05-12 13:33:22 581693]
GlobeTrotter Connect.lnk - C:\Program Files\Option\GlobeTrotter Connect\GlobeTrotter Connect.exe [2007-05-19 17:19:44 729088]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\mljijif]
mljijif.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 C:\WINDOWS\system32\pmkhf
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe protect.ed 480 480
*Newly Created Service* - MDMXSDK
.
Contents of the 'Scheduled Tasks' folder
"2008-01-22 11:25:01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-29 00:15:34
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\WIDCOMM\Bluetooth-ohjelmisto\BTTray.exe
C:\Program Files\Option\GlobeTrotter Connect\GlobeTrotter Connect.exe
C:\WINDOWS\system32\cscript.exe
.
**************************************************************************
.
Completion time: 2008-01-29 0:16:52 - machine was rebooted
ComboFix-quarantined-files.txt 2008-01-28 22:16:47
.
2008-01-09 01:01:48 --- E O F ---
SDFix raportti:
SDFix: Version 1.132
Run by Administrator on ti 29.01.2008 at 00:42
Microsoft Windows XP [versio 5.1.2600]
Running From: C:\Documents and Settings\Administrator\Desktop\SDFix
Safe Mode:
Checking Services:
Restoring Windows Registry Values
Restoring Windows Default Hosts File
Rebooting...
Normal Mode:
Checking Files:
No Trojan Files Found
Removing Temp Files...
ADS Check:
Final Check:
catchme 0.3.1344.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-29 00:49:15
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden services & system hive ...
scanning hidden registry entries ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 3
Remaining Services:
------------------
Authorized Application Key Export:
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Messenger"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
Remaining Files:
---------------
Files with Hidden Attributes:
Finished!
Hijackthis raportti:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 0:55:46, on 29.1.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\WIDCOMM\Bluetooth-ohjelmisto\bin\btwdins.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\GtFlashSwitch\GtFlashSwitch.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\mqsvc.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\WINDOWS\system32\mqtgsvc.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\WIDCOMM\Bluetooth-ohjelmisto\BTTray.exe
C:\Program Files\Option\GlobeTrotter Connect\GlobeTrotter Connect.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /nodetect
O4 - HKLM\..\Run: [MsmqIntCert] regsvr32 /s mqrt.dll
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] CHDAudPropShortcut.exe
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Paikallinen palve')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Verkkopalve')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: GlobeTrotter Connect.lnk = C:\Program Files\Option\GlobeTrotter Connect\GlobeTrotter Connect.exe
O8 - Extra context menu item: Download all links using BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: Download all videos using BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: Download link using &BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\WINDOWS\system32\shdocvw.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by115fd.bay115.hotmail.msn.com/resources/MsnPUpld.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: mljijif - mljijif.dll (file missing)
O23 - Service: AddFiltr - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth-ohjelmisto\bin\btwdins.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: GtFlashSwitch - OptionNV - C:\Program Files\Common Files\GtFlashSwitch\GtFlashSwitch.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - c:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod-palvelu (iPod Service) - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing)
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Unknown owner - C:\Program Files\Norton AntiVirus\isPwdSvc.exe (file missing)
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
--
End of file - 7562 bytes - axa.doe
aatu kirjoitti:
Poistelin kaikki Symantecin tiedostot mitä löysin mutta tuota "C:\Program Files\Common Files\Symantec Shared" en saanu poistettua... palomuurina mulla on vain tuo windowsin oma palomuuri, ei mitään muuta.
Antivir:n löytämiä viruksia/troijan hevosia en pystynyt laittaan karanteeniin ollenkaan...
Mutta tässäpä nyt näitä raportteja.
Antivir:n virus-skannauksen raportti:
AntiVir PersonalEdition Classic
Report file date: 28. tammikuuta 2008 23:24
Scanning for 1082989 virus strains and unwanted programs.
Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows XP
Windows version: (Service Pack 2) [5.1.2600]
Username: SYSTEM
Computer name: AATU78
Version information:
BUILD.DAT : 270 15603 Bytes 19.9.2007 13:32:00
AVSCAN.EXE : 7.0.6.1 290856 Bytes 23.8.2007 12:16:29
AVSCAN.DLL : 7.0.6.0 49192 Bytes 16.8.2007 11:23:51
LUKE.DLL : 7.0.5.3 147496 Bytes 14.8.2007 14:32:47
LUKERES.DLL : 7.0.6.1 10280 Bytes 21.8.2007 11:35:20
ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18.7.2007 13:27:15
ANTIVIR1.VDF : 7.0.1.95 3367424 Bytes 14.12.2007 19:04:39
ANTIVIR2.VDF : 7.0.2.49 1339904 Bytes 25.1.2008 19:17:59
ANTIVIR3.VDF : 7.0.2.60 171008 Bytes 28.1.2008 20:50:35
AVEWIN32.DLL : 7.6.0.56 3215872 Bytes 26.1.2008 19:17:59
AVWINLL.DLL : 1.0.0.7 14376 Bytes 26.2.2007 09:36:26
AVPREF.DLL : 7.0.2.2 25640 Bytes 18.7.2007 06:39:17
AVREP.DLL : 7.0.0.1 155688 Bytes 16.4.2007 12:16:24
AVPACK32.DLL : 7.6.0.3 360488 Bytes 19.1.2008 19:04:40
AVREG.DLL : 7.0.1.6 30760 Bytes 18.7.2007 06:17:06
AVARKT.DLL : 1.0.0.20 278568 Bytes 28.8.2007 11:26:33
AVEVTLOG.DLL : 7.0.0.20 86056 Bytes 18.7.2007 06:10:18
NETNT.DLL : 7.0.0.0 7720 Bytes 8.3.2007 10:09:42
RCIMAGE.DLL : 7.0.1.30 2342952 Bytes 7.8.2007 11:38:13
RCTEXT.DLL : 7.0.62.0 86056 Bytes 21.8.2007 11:50:37
SQLITE3.DLL : 3.3.17.1 339968 Bytes 23.7.2007 08:37:21
Configuration settings for the scan:
Jobname..........................: Complete system scan
Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: off
Scan boot sector.................: on
Boot sectors.....................: D:,
Scan memory......................: on
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: off
Scan all files...................: Intelligent file selection
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: medium
Start of the scan: 28. tammikuuta 2008 23:24
The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'alg.exe' - '1' Module(s) have been scanned
Scan process 'wmiprvse.exe' - '1' Module(s) have been scanned
Scan process 'dllhost.exe' - '1' Module(s) have been scanned
Scan process 'mqtgsvc.exe' - '1' Module(s) have been scanned
Scan process 'mcrdsvc.exe' - '1' Module(s) have been scanned
Scan process 'hpqwmiex.exe' - '1' Module(s) have been scanned
Scan process 'mqsvc.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'nvsvc32.exe' - '1' Module(s) have been scanned
Scan process 'LSSrvc.exe' - '1' Module(s) have been scanned
Scan process 'GtFlashSwitch.exe' - '1' Module(s) have been scanned
Scan process 'ehSched.exe' - '1' Module(s) have been scanned
Scan process 'ehrecvr.exe' - '1' Module(s) have been scanned
Scan process 'btwdins.exe' - '1' Module(s) have been scanned
Scan process 'guard.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'msdtc.exe' - '1' Module(s) have been scanned
Scan process 'GlobeTrotter Connect.exe' - '1' Module(s) have been scanned
Scan process 'BTTray.exe' - '1' Module(s) have been scanned
Scan process 'msnmsgr.exe' - '1' Module(s) have been scanned
Scan process 'rundll32.exe' - '1' Module(s) have been scanned
Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
Scan process 'avgas.exe' - '1' Module(s) have been scanned
Scan process 'QLBCTRL.exe' - '1' Module(s) have been scanned
Scan process 'rundll32.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'AppSvc32.exe' - '1' Module(s) have been scanned
Scan process 'ccSvcHst.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
43 processes with 43 modules were scanned
Start scanning boot sectors:
Boot sector 'C:\'
[NOTE] No virus was found!
Boot sector 'D:\'
[NOTE] No virus was found!
Starting to scan the registry.
C:\WINDOWS\system32\mljijif.dll
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[WARNING] An error has occurred and the file was not deleted. ErrorID: 16003
[WARNING] The file could not be deleted!
C:\WINDOWS\system32\mljijif.dll
[DETECTION] Is the Trojan horse TR/Vundo.Gen
The registry was scanned ( '30' files ).
Starting the file scan:
Begin scan in 'C:\'
C:\hiberfil.sys
[WARNING] The file could not be opened!
C:\pagefile.sys
[WARNING] The file could not be opened!
C:\System Volume Information\_restore{A13B5E8E-F617-46BA-B368-1985B3BA9E17}\RP4\A0002549.dll
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was moved to '47ce4f91.qua'!
C:\System Volume Information\_restore{A13B5E8E-F617-46BA-B368-1985B3BA9E17}\RP4\A0002550.dll
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was moved to '47ce4f92.qua'!
C:\System Volume Information\_restore{A13B5E8E-F617-46BA-B368-1985B3BA9E17}\RP4\A0002551.dll
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was moved to '4664ec33.qua'!
C:\WINDOWS\system32\efcbbba.VIR
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was moved to '4801519f.qua'!
C:\WINDOWS\system32\gebbbyv.VIR
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was moved to '480051a0.qua'!
C:\WINDOWS\system32\mljijif.dll
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[WARNING] An error has occurred and the file was not deleted. ErrorID: 16003
[WARNING] The file could not be deleted!
C:\WINDOWS\system32\pmkhf.VIR
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was moved to '480951c3.qua'!
Begin scan in 'D:\'
End of the scan: 29. tammikuuta 2008 00:05
Used time: 41:38 min
The scan has been done completely.
6456 Scanning directories
454081 Files were scanned
8 viruses and/or unwanted programs were found
0 Files were classified as suspicious:
0 files were deleted
0 files were repaired
6 files were moved to quarantine
0 files were renamed
2 Files cannot be scanned
454073 Files not concerned
14625 Archives were scanned
4 Warnings
241 Notes
ComboFix raportti:
ComboFix 08-01-29.2 - Administrator 2008-01-29 0:12:22.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1520 [GMT 2:00]
Running from: C:\Documents and Settings\Administrator\Desktop\ComboFix.exe
* Created a new restore point
[color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color]
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
D:\Autorun.inf
C:\WINDOWS\system32\ddabb.dll
C:\WINDOWS\system32\fhkmp.ini
C:\WINDOWS\system32\fhkmp.ini2
C:\WINDOWS\system32\uhijixra.exe
C:\WINDOWS\system32\uvvwa.ini
C:\WINDOWS\system32\uvvwa.ini2
D:\Autorun.inf
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\LEGACY_DOMAINSERVICE
-------\DomainService
-------\nm
((((((((((((((((((((((((( Files Created from 2007-12-28 to 2008-01-28 )))))))))))))))))))))))))))))))
.
2008-01-27 00:13 . 2008-01-27 00:13 552 --a------ C:\WINDOWS\system32\d3d8caps.dat
2008-01-26 23:39 . 2008-01-26 23:39 d-------- C:\Program Files\CCleaner
2008-01-25 23:29 . 2008-01-25 23:29 d-------- C:\Program Files\MSN Messenger
2008-01-25 23:09 . 2008-01-25 23:09 d-------- C:\WINDOWS\D45EC2594A194656B588C2C360DD18EA.TMP
2008-01-25 21:52 . 2008-01-25 21:52 d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-01-25 21:52 . 2008-01-25 21:52 d-------- C:\Documents and Settings\Administrator\Application Data\Grisoft
2008-01-25 21:52 . 2007-05-30 14:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2008-01-25 20:39 . 2008-01-25 20:39 d-------- C:\WINDOWS\ERUNT
2008-01-25 20:23 . 2008-01-25 20:58 d-------- C:\WINDOWS\system32\ZoneLabs
2008-01-25 20:23 . 2008-01-25 20:23 d-------- C:\Documents and Settings\All Users\Application Data\MailFrontier
2008-01-25 20:23 . 2004-04-27 04:40 11,264 --a------ C:\WINDOWS\system32\SpOrder.dll
2008-01-25 20:23 . 2008-01-25 20:24 4,212 ---h----- C:\WINDOWS\system32\zllictbl.dat
2008-01-25 20:22 . 2008-01-25 20:58 d-------- C:\WINDOWS\Internet Logs
2008-01-23 07:08 . 2008-01-23 07:08 8 --a------ C:\WINDOWS\system32\6e9963f7
2008-01-21 14:57 . 2008-01-22 12:41 15,360 --a------ C:\WINDOWS\system32\ctfmon .exe
2008-01-21 14:18 . 2008-01-21 14:18 d-------- C:\Program Files\Trend Micro
2008-01-21 13:58 . 2008-01-21 13:58 d-------- C:\Documents and Settings\All Users\Application Data\Prevx
2008-01-21 13:58 . 2008-01-21 14:12 d-------- C:\Documents and Settings\Administrator\Application Data\PrevxCSI
2008-01-19 21:30 . 2008-01-19 21:30 38,400 --a------ C:\WINDOWS\system32\mljijif.VIR
2008-01-19 21:02 . 2008-01-19 21:02 d-------- C:\Program Files\Avira
2008-01-19 21:02 . 2008-01-19 21:02 d-------- C:\Documents and Settings\All Users\Application Data\Avira
2008-01-11 07:06 . 2008-01-11 07:06 d-------- C:\Documents and Settings\Administrator\Application Data\SystemRequirementsLab
2008-01-11 06:34 . 2008-01-11 06:34 d-------- C:\Program Files\Valve
2008-01-06 18:23 . 2008-01-06 18:23 d-------- C:\Program Files\Option
2008-01-06 18:23 . 2008-01-06 18:23 d-------- C:\Program Files\Common Files\GtFlashSwitch
2008-01-06 16:24 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
2008-01-06 16:24 . 2007-07-30 19:19 207,736 --a------ C:\WINDOWS\system32\muweb.dll
2007-12-31 07:59 . 2008-01-06 17:36 d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2
2007-12-31 06:40 . 2007-07-30 19:19 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui
2007-12-31 06:39 . 2008-01-06 16:04 d-------- C:\Program Files\Option(3)
2007-12-31 06:39 . 2008-01-06 16:04 d-------- C:\Program Files\Common Files\GtFlashSwitch(3)
2007-12-31 06:24 . 2007-12-31 06:24 d-------- C:\Program Files\Nokia Maploader
2007-12-31 06:24 . 2007-12-31 06:24 d-------- C:\Program Files\Common Files\Nokia
2007-12-31 06:24 . 2007-12-31 06:24 d-------- C:\Program Files\ArcSoft
2007-12-30 17:46 . 2007-12-31 06:23 d----c--- C:\Program Files\Common Files\WindowsLiveInstaller
2007-12-30 17:45 . 2008-01-25 22:49 d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller
2007-12-30 00:24 . 2008-01-24 03:29 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2007-12-30 00:24 . 2007-12-30 00:24 1,409 --a------ C:\WINDOWS\QTFont.for
2007-12-28 22:43 . 2007-12-31 06:24 d-------- C:\Program Files\Option(2)
2007-12-28 22:43 . 2007-12-31 06:24 d-------- C:\Program Files\Common Files\GtFlashSwitch(2)
2007-12-28 22:31 . 2007-12-28 22:31 244 --ah----- C:\sqmnoopt19.sqm
2007-12-28 22:31 . 2007-12-28 22:31 232 --ah----- C:\sqmdata19.sqm
2007-12-28 11:23 . 2007-12-28 11:23 244 --ah----- C:\sqmnoopt18.sqm
2007-12-28 11:23 . 2007-12-28 11:23 232 --ah----- C:\sqmdata18.sqm
2007-12-28 02:39 . 2007-12-28 02:39 244 --ah----- C:\sqmnoopt17.sqm
2007-12-28 02:39 . 2007-12-28 02:39 232 --ah----- C:\sqmdata17.sqm
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-28 21:07 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-01-28 21:07 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2008-01-26 21:41 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-01-21 13:04 --------- d-----w C:\Program Files\TuneUp Utilities 2007
2008-01-21 12:10 --------- d-----w C:\Program Files\Google
2008-01-20 12:32 --------- d-----w C:\Documents and Settings\Administrator\Application Data\ICQ
2008-01-20 12:31 --------- d-----w C:\Program Files\ICQToolbar
2008-01-20 04:52 --------- d-----w C:\Program Files\SmitfraudFix
2008-01-20 04:51 --------- d-----w C:\Program Files\QuickTime
2008-01-19 19:08 --------- d-----w C:\Documents and Settings\Administrator\Application Data\Skype
2007-12-31 04:24 --------- d-----w C:\Program Files\Opera
2007-12-31 04:24 --------- d-----w C:\Program Files\Microsoft Works
2007-12-31 04:24 --------- d-----w C:\Documents and Settings\All Users\Application Data\Yahoo!
2007-12-31 04:24 --------- d-----w C:\Documents and Settings\Administrator\Application Data\Yahoo!
2007-12-11 05:13 --------- d-----w C:\Program Files\Canon
.
[code]
----a-w 15,360 2008-01-22 10:41:06 C:\WINDOWS\system32\ctfmon .exe
[/code]
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2006-03-15 22:00 15360]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:55 5674352]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-08-18 10:00 7585792]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2006-08-18 10:00 86016]
"nwiz"="nwiz.exe" [2006-08-18 10:00 1617920 C:\WINDOWS\system32\nwiz.exe]
"MsmqIntCert"="regsvr32 /s mqrt.dll" []
"High Definition Audio Property Page Shortcut"="CHDAudPropShortcut.exe" [2006-06-02 02:02 61952 C:\WINDOWS\system32\CHDAudPropShortcut.exe]
"QlbCtrl"="C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2006-06-19 10:33 163840]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 11:25 6731312]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2006-03-15 22:00 15360]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
BTTray.lnk - C:\Program Files\WIDCOMM\Bluetooth-ohjelmisto\BTTray.exe [2006-05-12 13:33:22 581693]
GlobeTrotter Connect.lnk - C:\Program Files\Option\GlobeTrotter Connect\GlobeTrotter Connect.exe [2007-05-19 17:19:44 729088]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\mljijif]
mljijif.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 C:\WINDOWS\system32\pmkhf
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe protect.ed 480 480
*Newly Created Service* - MDMXSDK
.
Contents of the 'Scheduled Tasks' folder
"2008-01-22 11:25:01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-29 00:15:34
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\WIDCOMM\Bluetooth-ohjelmisto\BTTray.exe
C:\Program Files\Option\GlobeTrotter Connect\GlobeTrotter Connect.exe
C:\WINDOWS\system32\cscript.exe
.
**************************************************************************
.
Completion time: 2008-01-29 0:16:52 - machine was rebooted
ComboFix-quarantined-files.txt 2008-01-28 22:16:47
.
2008-01-09 01:01:48 --- E O F ---
SDFix raportti:
SDFix: Version 1.132
Run by Administrator on ti 29.01.2008 at 00:42
Microsoft Windows XP [versio 5.1.2600]
Running From: C:\Documents and Settings\Administrator\Desktop\SDFix
Safe Mode:
Checking Services:
Restoring Windows Registry Values
Restoring Windows Default Hosts File
Rebooting...
Normal Mode:
Checking Files:
No Trojan Files Found
Removing Temp Files...
ADS Check:
Final Check:
catchme 0.3.1344.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-29 00:49:15
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden services & system hive ...
scanning hidden registry entries ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 3
Remaining Services:
------------------
Authorized Application Key Export:
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Messenger"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
Remaining Files:
---------------
Files with Hidden Attributes:
Finished!
Hijackthis raportti:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 0:55:46, on 29.1.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\WIDCOMM\Bluetooth-ohjelmisto\bin\btwdins.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\GtFlashSwitch\GtFlashSwitch.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\mqsvc.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\WINDOWS\system32\mqtgsvc.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\WIDCOMM\Bluetooth-ohjelmisto\BTTray.exe
C:\Program Files\Option\GlobeTrotter Connect\GlobeTrotter Connect.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /nodetect
O4 - HKLM\..\Run: [MsmqIntCert] regsvr32 /s mqrt.dll
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] CHDAudPropShortcut.exe
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Paikallinen palve')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Verkkopalve')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: GlobeTrotter Connect.lnk = C:\Program Files\Option\GlobeTrotter Connect\GlobeTrotter Connect.exe
O8 - Extra context menu item: Download all links using BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: Download all videos using BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: Download link using &BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\WINDOWS\system32\shdocvw.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by115fd.bay115.hotmail.msn.com/resources/MsnPUpld.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: mljijif - mljijif.dll (file missing)
O23 - Service: AddFiltr - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth-ohjelmisto\bin\btwdins.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: GtFlashSwitch - OptionNV - C:\Program Files\Common Files\GtFlashSwitch\GtFlashSwitch.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - c:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod-palvelu (iPod Service) - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing)
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Unknown owner - C:\Program Files\Norton AntiVirus\isPwdSvc.exe (file missing)
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
--
End of file - 7562 bytesLöysitkö muuten enää mitään Symanteciin viittaavaa Ohjauspaneelin LIsää/poista sovelluksista?
Olet poistanut Symantecin väärin. Kokeillaan näin:
1. Tyhjennä ensin AntiVirin karanteeni (deletoi kaikki pois).
Ei näy siellä meseörkkiä, mutta vundofiluja kyllä on :)
***
2. Tee uusi skannaus hjt:llä, klikkaa Do a system scan only, merkkaa rivi
O20 - Winlogon Notify: mljijif - mljijif.dll (file missing)
Sulje selaimet ja kaikki avoimet ikkunat, ja
klikkaa Fix Checked
Käynnistä kone uudelleen.
***
3. Lataa Atribunen ATF Cleaner http://www.atribune.org/ccount/click.php?id=1
Ohjeet:
Tupla-klikkaa ATF-Cleaner.exe käynnistääksesi ohjelman.
Main:n alla valitse: Select All
Klikkaa Empty Selected valintaa.
Jos käytät FireFoxia selaimenasi
Klikkaa Firefox yläpuolelta ja valitse: Select All
Klikkaa Empty Selected valintaa.
HUOMIO: Jos haluaisit pitää tallennetut salasanasi, klikkaa No kun se sitä kysyy.
Jos käytät Operaa selaimenasi
Klikkaa Opera yläpuolelta ja valitse: Select All
Klikkaa Empty Selected valintaa taas.
HUOMIO: Jos haluaisit pitää tallennetut salasanasi, klikkaa No kun se sitä kysyy.
Klikkaa Exit päävalikosta sulkeaksesi ohjelman.
***
4. Kopioi/liitä seuraava **tähtien välinen teksti** tyhjään Muistioon. Varmista että tiedostotyyppi on
All Files ja tallenna se
poistasym.bat ( - aatu
axa.doe kirjoitti:
Löysitkö muuten enää mitään Symanteciin viittaavaa Ohjauspaneelin LIsää/poista sovelluksista?
Olet poistanut Symantecin väärin. Kokeillaan näin:
1. Tyhjennä ensin AntiVirin karanteeni (deletoi kaikki pois).
Ei näy siellä meseörkkiä, mutta vundofiluja kyllä on :)
***
2. Tee uusi skannaus hjt:llä, klikkaa Do a system scan only, merkkaa rivi
O20 - Winlogon Notify: mljijif - mljijif.dll (file missing)
Sulje selaimet ja kaikki avoimet ikkunat, ja
klikkaa Fix Checked
Käynnistä kone uudelleen.
***
3. Lataa Atribunen ATF Cleaner http://www.atribune.org/ccount/click.php?id=1
Ohjeet:
Tupla-klikkaa ATF-Cleaner.exe käynnistääksesi ohjelman.
Main:n alla valitse: Select All
Klikkaa Empty Selected valintaa.
Jos käytät FireFoxia selaimenasi
Klikkaa Firefox yläpuolelta ja valitse: Select All
Klikkaa Empty Selected valintaa.
HUOMIO: Jos haluaisit pitää tallennetut salasanasi, klikkaa No kun se sitä kysyy.
Jos käytät Operaa selaimenasi
Klikkaa Opera yläpuolelta ja valitse: Select All
Klikkaa Empty Selected valintaa taas.
HUOMIO: Jos haluaisit pitää tallennetut salasanasi, klikkaa No kun se sitä kysyy.
Klikkaa Exit päävalikosta sulkeaksesi ohjelman.
***
4. Kopioi/liitä seuraava **tähtien välinen teksti** tyhjään Muistioon. Varmista että tiedostotyyppi on
All Files ja tallenna se
poistasym.bat (Noniin :D alkaa näyttään jo paljon paremmalle kun kone toimii nyt huomattavasti nopeammin kuin viimepäivinä :)
tässäpä tämä muistio:
ComboFix 08-01-29.2 - Administrator 2008-01-30 6:59:01.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1586 [GMT 2:00]
Running from: C:\Documents and Settings\Administrator\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Administrator\Desktop\CFScript.txt
* Created a new restore point
[color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color]
FILE
C:\WINDOWS\system32\mljijif.dll
C:\WINDOWS\system32\mljijif.VIR
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\settings.dat
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtETmp\
C:\Documents and Settings\All Users\Application Data\Symantec\Common Client(2)\settings.bak
C:\Documents and Settings\All Users\Application Data\Symantec\Common Client(2)\settings.dat
C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\settings.bak
C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\settings.dat
C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\Product.Inventory.LiveUpdate
C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\Settings.LiveUpdate
C:\Documents and Settings\All Users\Application Data\Symantec\rmt.dat
C:\Documents and Settings\All Users\Application Data\Symantec\SyKnAppS\patch25.dll
C:\Documents and Settings\All Users\Application Data\Symantec\SyKnAppS\SyKnAppS.dll
C:\Documents and Settings\All Users\Application Data\Symantec\SyKnAppS\SyKnAppS.spm
C:\Documents and Settings\All Users\Application Data\Symantec\wds.dat
C:\Program Files\Common Files\Symantec Shared
C:\Program Files\Common Files\Symantec Shared\AntiVirus\avCmpCtl.dll
C:\Program Files\Common Files\Symantec Shared\AntiVirus\AVDefMgr.dll
C:\Program Files\Common Files\Symantec Shared\AntiVirus\AVExclu.dll
C:\Program Files\Common Files\Symantec Shared\AntiVirus\AVifc.dll
C:\Program Files\Common Files\Symantec Shared\AntiVirus\AVMail.dll
C:\Program Files\Common Files\Symantec Shared\AntiVirus\AVModule.dll
C:\Program Files\Common Files\Symantec Shared\AntiVirus\AVScan.dll
C:\Program Files\Common Files\Symantec Shared\AppCore\AppMgr32.dll
C:\Program Files\Common Files\Symantec Shared\AppCore\AppPlg32.dll
C:\Program Files\Common Files\Symantec Shared\AppCore\AppReg32.dll
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSch32.dll
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSet32.dll
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppTrc32.dll
C:\Program Files\Common Files\Symantec Shared\ccALEng.dll
C:\Program Files\Common Files\Symantec Shared\ccAlert.dl^
C:\Program Files\Common Files\Symantec Shared\ccAlert.dll
C:\Program Files\Common Files\Symantec Shared\ccApp.ex^
C:\Program Files\Common Files\Symantec Shared\ccDec.dl^
C:\Program Files\Common Files\Symantec Shared\ccEmlPxy.dl^
C:\Program Files\Common Files\Symantec Shared\ccEmlPxy.dll
C:\Program Files\Common Files\Symantec Shared\ccErrDsp.dl^
C:\Program Files\Common Files\Symantec Shared\ccErrDsp.dll
C:\Program Files\Common Files\Symantec Shared\ccEvtCli.dll
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.ex^
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtPlg.dll
C:\Program Files\Common Files\Symantec Shared\ccInst.dl^
C:\Program Files\Common Files\Symantec Shared\ccInst.dll
C:\Program Files\Common Files\Symantec Shared\ccL40.dl^
C:\Program Files\Common Files\Symantec Shared\ccL60.dll
C:\Program Files\Common Files\Symantec Shared\ccL60U.dll
C:\Program Files\Common Files\Symantec Shared\ccLgView.ex^
C:\Program Files\Common Files\Symantec Shared\ccLgView.exe
C:\Program Files\Common Files\Symantec Shared\ccLogin.dl^
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\ez_log.htm
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcnet.dll
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcrst.dll
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlctnk.dll
C:\Program Files\Common Files\Symantec Shared\ccProd.dl^
C:\Program Files\Common Files\Symantec Shared\ccProd.dll
C:\Program Files\Common Files\Symantec Shared\ccProSub.dl^
C:\Program Files\Common Files\Symantec Shared\ccProSub.dll
C:\Program Files\Common Files\Symantec Shared\ccScan.dl^
C:\Program Files\Common Files\Symantec Shared\ccScanW.dll
C:\Program Files\Common Files\Symantec Shared\ccSet.dl^
C:\Program Files\Common Files\Symantec Shared\ccSet.dll
C:\Program Files\Common Files\Symantec Shared\ccSetEvt.dl^
C:\Program Files\Common Files\Symantec Shared\ccSetEvt.dll
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.ex^
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccSetPlg.dll
C:\Program Files\Common Files\Symantec Shared\ccSvc.dll
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\ccWebWnd.dll
C:\Program Files\Common Files\Symantec Shared\ccVrTrst.dl^
C:\Program Files\Common Files\Symantec Shared\ccVrTrst.dll
C:\Program Files\Common Files\Symantec Shared\CF\cfEPack.dll
C:\Program Files\Common Files\Symantec Shared\CF\cfLUCbk.dll
C:\Program Files\Common Files\Symantec Shared\CF\cfV2Pack.dll
C:\Program Files\Common Files\Symantec Shared\CF\Manifests\avCFReg.dll
C:\Program Files\Common Files\Symantec Shared\CF\Manifests\cfReg.dll
C:\Program Files\Common Files\Symantec Shared\CF\Manifests\cltCFReg.dll
C:\Program Files\Common Files\Symantec Shared\CF\Manifests\ISCFReg.dll
C:\Program Files\Common Files\Symantec Shared\CF\Manifests\UICFREG.DLL
C:\Program Files\Common Files\Symantec Shared\CF\PEP2.dll
C:\Program Files\Common Files\Symantec Shared\CF\PEP2S.dll
C:\Program Files\Common Files\Symantec Shared\COH\AHS.dll
C:\Program Files\Common Files\Symantec Shared\COH\coh.cache
C:\Program Files\Common Files\Symantec Shared\COH\COH32.exe
C:\Program Files\Common Files\Symantec Shared\COH\COH64.exe
C:\Program Files\Common Files\Symantec Shared\COH\COHClean.dll
C:\Program Files\Common Files\Symantec Shared\COH\sesHlp.dll
C:\Program Files\Common Files\Symantec Shared\COH\sH0000.dll
C:\Program Files\Common Files\Symantec Shared\dec_abi.dll
C:\Program Files\Common Files\Symantec Shared\DEFUTDCD.DL^
C:\Program Files\Common Files\Symantec Shared\DefUtDCD.dll
C:\Program Files\Common Files\Symantec Shared\ecmldr32.dl^
C:\Program Files\Common Files\Symantec Shared\ecmldr32.DLL
C:\Program Files\Common Files\Symantec Shared\eengine\eectrl.sys
C:\Program Files\Common Files\Symantec Shared\IDS\DefUTDCD.dll
C:\Program Files\Common Files\Symantec Shared\IDS\IDSAux.dll
C:\Program Files\Common Files\Symantec Shared\IDS\IdsInst.exe
C:\Program Files\Common Files\Symantec Shared\IDS\IPSPlug.dll
C:\Program Files\Common Files\Symantec Shared\IDS\Patch25.dll
C:\Program Files\Common Files\Symantec Shared\MSL\msl.dll
C:\Program Files\Common Files\Symantec Shared\NPC\DATAPVDR.DLL
C:\Program Files\Common Files\Symantec Shared\NPC\LOADOPTS.EXE
C:\Program Files\Common Files\Symantec Shared\NPC\NPCTRAY.DLL
C:\Program Files\Common Files\Symantec Shared\NPC\NPCWMICL.DLL
C:\Program Files\Common Files\Symantec Shared\NPC\NPCWMIDT.DLL
C:\Program Files\Common Files\Symantec Shared\NPC\NPCWMIMN.DLL
C:\Program Files\Common Files\Symantec Shared\NPC\NSCEXT.DLL
C:\Program Files\Common Files\Symantec Shared\NPC\NSCHLPR2.DLL
C:\Program Files\Common Files\Symantec Shared\NPC\NSCPLUG2.DLL
C:\Program Files\Common Files\Symantec Shared\NPC\NSCWSCR2.DLL
C:\Program Files\Common Files\Symantec Shared\NPC\OPTIONS.DLL
C:\Program Files\Common Files\Symantec Shared\NPC\PCSTATUS.DLL
C:\Program Files\Common Files\Symantec Shared\NPC\PEPEVNT.DLL
C:\Program Files\Common Files\Symantec Shared\NPC\UIBTPLG.DLL
C:\Program Files\Common Files\Symantec Shared\NPC\UICntnr.dll
C:\Program Files\Common Files\Symantec Shared\NPC\UILICPLG.DLL
C:\Program Files\Common Files\Symantec Shared\NPC\UISTUB.EXE
C:\Program Files\Common Files\Symantec Shared\OPC\{31011D49-D90C-4da0-878B-78D28AD507AF}\ActComp.dll
C:\Program Files\Common Files\Symantec Shared\OPC\{31011D49-D90C-4da0-878B-78D28AD507AF}\CfgWiz.exe
C:\Program Files\Common Files\Symantec Shared\OPC\{31011D49-D90C-4da0-878B-78D28AD507AF}\CfgWiz.tlb
C:\Program Files\Common Files\Symantec Shared\OPC\{31011D49-D90C-4da0-878B-78D28AD507AF}\clt06PIN.dll
C:\Program Files\Common Files\Symantec Shared\OPC\{31011D49-D90C-4da0-878B-78D28AD507AF}\cltBTPgS.dll
C:\Program Files\Common Files\Symantec Shared\OPC\{31011D49-D90C-4da0-878B-78D28AD507AF}\cltBTPlg.dll
C:\Program Files\Common Files\Symantec Shared\OPC\{31011D49-D90C-4da0-878B-78D28AD507AF}\cltEndPt.dll
C:\Program Files\Common Files\Symantec Shared\OPC\{31011D49-D90C-4da0-878B-78D28AD507AF}\CLTNetCN.dll
C:\Program Files\Common Files\Symantec Shared\OPC\{31011D49-D90C-4da0-878B-78D28AD507AF}\cltPIPlg.dll
C:\Program Files\Common Files\Symantec Shared\OPC\{31011D49-D90C-4da0-878B-78D28AD507AF}\cltUAC.exe
C:\Program Files\Common Files\Symantec Shared\OPC\{31011D49-D90C-4da0-878B-78D28AD507AF}\CUWUtils.dll
C:\Program Files\Common Files\Symantec Shared\OPC\{31011D49-D90C-4da0-878B-78D28AD507AF}\EULAComp.dll
C:\Program Files\Common Files\Symantec Shared\OPC\{31011D49-D90C-4da0-878B-78D28AD507AF}\ewoc.dll
C:\Program Files\Common Files\Symantec Shared\OPC\{31011D49-D90C-4da0-878B-78D28AD507AF}\LicPlug.dll
C:\Program Files\Common Files\Symantec Shared\OPC\{31011D49-D90C-4da0-878B-78D28AD507AF}\SSAutoRN.exe
C:\Program Files\Common Files\Symantec Shared\OPC\{31011D49-D90C-4da0-878B-78D28AD507AF}\SubComp.dll
C:\Program Files\Common Files\Symantec Shared\OPC\{31011D49-D90C-4da0-878B-78D28AD507AF}\SubStats.dll
C:\Program Files\Common Files\Symantec Shared\OPC\{31011D49-D90C-4da0-878B-78D28AD507AF}\SymCAbt.dll
C:\Program Files\Common Files\Symantec Shared\OPC\{31011D49-D90C-4da0-878B-78D28AD507AF}\SYMCUW.exe
C:\Program Files\Common Files\Symantec Shared\OPC\{31011D49-D90C-4da0-878B-78D28AD507AF}\SymHost.dll
C:\Program Files\Common Files\Symantec Shared\OPC\{31011D49-D90C-4da0-878B-78D28AD507AF}\SymLCUI.dll
C:\Program Files\Common Files\Symantec Shared\OPC\{31011D49-D90C-4da0-878B-78D28AD507AF}\SymLTCOM.dll
C:\Program Files\Common Files\Symantec Shared\OPC\{31011D49-D90C-4da0-878B-78D28AD507AF}\SymSubWz.dll
C:\Program Files\Common Files\Symantec Shared\OPC\{31011D49-D90C-4da0-878B-78D28AD507AF}\SymUIAx2.ocx
C:\Program Files\Common Files\Symantec Shared\OPC\{31011D49-D90C-4da0-878B-78D28AD507AF}\SymUIHlp.dll
C:\Program Files\Common Files\Symantec Shared\Options\CLTWrap2.dll
C:\Program Files\Common Files\Symantec Shared\Options\VTCache.dll
C:\Program Files\Common Files\Symantec Shared\QBackup.dll
C:\Program Files\Common Files\Symantec Shared\rcAlert.dl^
C:\Program Files\Common Files\Symantec Shared\rcAlert.dll
C:\Program Files\Common Files\Symantec Shared\rcApp.dl^
C:\Program Files\Common Files\Symantec Shared\rcApp.dll
C:\Program Files\Common Files\Symantec Shared\rcEmlPxy.dl^
C:\Program Files\Common Files\Symantec Shared\rcEmlPxy.dll
C:\Program Files\Common Files\Symantec Shared\rcErrDsp.dl^
C:\Program Files\Common Files\Symantec Shared\rcErrDsp.dll
C:\Program Files\Common Files\Symantec Shared\rcEvtMgr.dl^
C:\Program Files\Common Files\Symantec Shared\rcLgView.dl^
C:\Program Files\Common Files\Symantec Shared\rcLgView.dll
C:\Program Files\Common Files\Symantec Shared\rcSetMgr.dl^
C:\Program Files\Common Files\Symantec Shared\rcSvcHst.dll
C:\Program Files\Common Files\Symantec Shared\SecurityHistory\MCMGR32.dll
C:\Program Files\Common Files\Symantec Shared\SecurityHistory\MCUI32.exe
C:\Program Files\Common Files\Symantec Shared\SEVINST.EXE
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SNDSvc.dll
C:\Program Files\Common Files\Symantec Shared\SNDunin.dll
C:\Program Files\Common Files\Symantec Shared\SPManifests\AppCore.spm
C:\Program Files\Common Files\Symantec Shared\SPManifests\AV.spm
C:\Program Files\Common Files\Symantec Shared\SPManifests\ccCmnPch.spm
C:\Program Files\Common Files\Symantec Shared\SPManifests\ccCommon.spm
C:\Program Files\Common Files\Symantec Shared\SPManifests\CfgWiz.spm
C:\Program Files\Common Files\Symantec Shared\SPManifests\CfgWzTLB.spm
C:\Program Files\Common Files\Symantec Shared\SPManifests\cfLUCbk.spm
C:\Program Files\Common Files\Symantec Shared\SPManifests\CIDS.SPM
C:\Program Files\Common Files\Symantec Shared\SPManifests\CLTNetCn.spm
C:\Program Files\Common Files\Symantec Shared\SPManifests\CLTWrap.spm
C:\Program Files\Common Files\Symantec Shared\SPManifests\COHCfg.spm
C:\Program Files\Common Files\Symantec Shared\SPManifests\dec_abi.spm
C:\Program Files\Common Files\Symantec Shared\SPManifests\DRMCOMMD.spm
C:\Program Files\Common Files\Symantec Shared\SPManifests\eraser.grd
C:\Program Files\Common Files\Symantec Shared\SPManifests\eraser.sig
C:\Program Files\Common Files\Symantec Shared\SPManifests\eraser.spm
C:\Program Files\Common Files\Symantec Shared\SPManifests\ISCUWReg.spm
C:\Program Files\Common Files\Symantec Shared\SPManifests\isPwd.spm
C:\Program Files\Common Files\Symantec Shared\SPManifests\isPwdSvc.spm
C:\Program Files\Common Files\Symantec Shared\SPManifests\isRes.spm
C:\Program Files\Common Files\Symantec Shared\SPManifests\ISUAC.spm
C:\Program Files\Common Files\Symantec Shared\SPManifests\MsgCntr.spm
C:\Program Files\Common Files\Symantec Shared\SPManifests\MSLight.spm
C:\Program Files\Common Files\Symantec Shared\SPManifests\NPC2007.SPM
C:\Program Files\Common Files\Symantec Shared\SPManifests\osCheck.spm
C:\Program Files\Common Files\Symantec Shared\SPManifests\Parent.spm
C:\Program Files\Common Files\Symantec Shared\SPManifests\PEP2.spm
C:\Program Files\Common Files\Symantec Shared\SPManifests\ShrdRent.spm
C:\Program Files\Common Files\Symantec Shared\SPManifests\Snd.spm
C:\Program Files\Common Files\Symantec Shared\SPManifests\SubInst.spm
C:\Program Files\Common Files\Symantec Shared\SPManifests\SyKnAppS.spm
C:\Program Files\Common Files\Symantec Shared\SPManifests\SymCAbt.spm
C:\Program Files\Common Files\Symantec Shared\SPManifests\symcleng.spm
C:\Program Files\Common Files\Symantec Shared\SPManifests\Symcuw.spm
C:\Program Files\Common Files\Symantec Shared\SPManifests\SYMEVNT.GRD
C:\Program Files\Common Files\Symantec Shared\SPManifests\SYMEVNT.SIG
C:\Program Files\Common Files\Symantec Shared\SPManifests\SYMEVNT.SPM
C:\Program Files\Common Files\Symantec Shared\SPManifests\SymHtml.spm
C:\Program Files\Common Files\Symantec Shared\SPManifests\SYMLCUI.spm
C:\Program Files\Common Files\Symantec Shared\SPManifests\SYMLT.spm
C:\Program Files\Common Files\Symantec Shared\SPManifests\SymSHAx.spm
C:\Program Files\Common Files\Symantec Shared\SPManifests\SymTheme.spm
C:\Program Files\Common Files\Symantec Shared\SPManifests\VTCache.spm
C:\Program Files\Common Files\Symantec Shared\SRTSP\SAVRT32.DLL.DeleteMe
C:\Program Files\Common Files\Symantec Shared\SRTSP\SRTSP32.DLL.DeleteMe
C:\Program Files\Common Files\Symantec Shared\SRTSP\SRTUNIN.DLL.DeleteMe
C:\Program Files\Common Files\Symantec Shared\SubmissionEngine\SUBCONN.dll
C:\Program Files\Common Files\Symantec Shared\SubmissionEngine\subeng.dll
C:\Program Files\Common Files\Symantec Shared\SubmissionEngine\SUBUPDT.exe
C:\Program Files\Common Files\Symantec Shared\SymHTML\1.0\SymHTML.dll
C:\Program Files\Common Files\Symantec Shared\SymHTML\shtmbase.dll
C:\Program Files\Common Files\Symantec Shared\SymSetup\{830D8CBD-C668-49e2-A969-C2C2106332E0}_14_0_0_89\{830D8CBD-C668-49e2-A969-C2C2106332E0}.exe
C:\Program Files\Common Files\Symantec Shared\SymSetup\{830D8CBD-C668-49e2-A969-C2C2106332E0}_14_0_0_89\ccL60U.dll
C:\Program Files\Common Files\Symantec Shared\SymSetup\{830D8CBD-C668-49e2-A969-C2C2106332E0}_14_0_0_89\msvcp71.dll
C:\Program Files\Common Files\Symantec Shared\SymSetup\{830D8CBD-C668-49e2-A969-C2C2106332E0}_14_0_0_89\msvcr71.dll
C:\Program Files\Common Files\Symantec Shared\SymSetup\{830D8CBD-C668-49e2-A969-C2C2106332E0}_14_0_0_89\NAV\Parent\NORTON\App\isRes.dll
C:\Program Files\Common Files\Symantec Shared\SymSetup\{830D8CBD-C668-49e2-A969-C2C2106332E0}_14_0_0_89\Support\Reporter\Reporter.exe
C:\Program Files\Common Files\Symantec Shared\SymSetup\{830D8CBD-C668-49e2-A969-C2C2106332E0}_14_0_0_89\SymHTML.dll
C:\Program Files\Common Files\Symantec Shared\SymSetup\{830D8CBD-C668-49e2-A969-C2C2106332E0}_14_0_0_89\SymTheme.dll
C:\Program Files\Common Files\Symantec Shared\SymSHAx.dll
C:\Program Files\Common Files\Symantec Shared\SymTheme\1.0\SymTheme.dll
C:\Program Files\Common Files\Symantec Shared\SymTheme\sthmbase.dll
C:\Program Files\Common Files\Symantec Shared\VirusDefs\20070203.016\CATALOG.DAT
C:\Program Files\Common Files\Symantec Shared\VirusDefs\20070203.016\CCERASER.DLL
C:\Program Files\Common Files\Symantec Shared\VirusDefs\20070203.016\ECBOOTIL.VXD
C:\Program Files\Common Files\Symantec Shared\VirusDefs\20070203.016\ECMSVR32.DLL
C:\Program Files\Common Files\Symantec Shared\VirusDefs\20070203.016\EECTRL.SYS
C:\Program Files\Common Files\Symantec Shared\VirusDefs\20070203.016\ERASER.GRD
C:\Program Files\Common Files\Symantec Shared\VirusDefs\20070203.016\ERASER.SIG
C:\Program Files\Common Files\Symantec Shared\VirusDefs\20070203.016\ERASER.SPM
C:\Program Files\Common Files\Symantec Shared\VirusDefs\20070203.016\ERASER.SYS
C:\Program Files\Common Files\Symantec Shared\VirusDefs\20070203.016\ESRDEF.BIN
C:\Program Files\Common Files\Symantec Shared\VirusDefs\20070203.016\HH
C:\Program Files\Common Files\Symantec Shared\VirusDefs\20070203.016\NAVENG.EXP
C:\Program Files\Common Files\Symantec Shared\VirusDefs\20070203.016\NAVENG.SYS
C:\Program Files\Common Files\Symantec Shared\VirusDefs\20070203.016\NAVENG.VXD
C:\Program Files\Common Files\Symantec Shared\VirusDefs\20070203.016\NAVENG32.DLL
C:\Program Files\Common Files\Symantec Shared\VirusDefs\20070203.016\NAVEX15.EXP
C:\Program Files\Common Files\Symantec Shared\VirusDefs\20070203.016\NAVEX15.SYS
C:\Program Files\Common Files\Symantec Shared\VirusDefs\20070203.016\NAVEX15.VXD
C:\Program Files\Common Files\Symantec Shared\VirusDefs\20070203.016\NAVEX32A.DLL
C:\Program Files\Common Files\Symantec Shared\VirusDefs\20070203.016\NCSACERT.TXT
C:\Program Files\Common Files\Symantec Shared\VirusDefs\20070203.016\SCRAUTH.DAT
C:\Program Files\Common Files\Symantec Shared\VirusDefs\20070203.016\SYMAVENG.CAT
C:\Program Files\Common Files\Symantec Shared\VirusDefs\20070203.016\SYMAVENG.INF
C:\Program Files\Common Files\Symantec Shared\VirusDefs\20070203.016\SYMERASE.CAT
C:\Program Files\Common Files\Symantec Shared\VirusDefs\20070203.016\SYMERASE.INF
C:\Program Files\Common Files\Symantec Shared\VirusDefs\20070203.016\TCDEFS.DAT
C:\Program Files\Common Files\Symantec Shared\VirusDefs\20070203.016\TCSCAN7.DAT
C:\Program Files\Common Files\Symantec Shared\VirusDefs\20070203.016\TCSCAN8.DAT
C:\Program Files\Common Files\Symantec Shared\VirusDefs\20070203.016\TCSCAN9.DAT
C:\Program Files\Common Files\Symantec Shared\VirusDefs\20070203.016\TECHNOTE.TXT
C:\Program Files\Common Files\Symantec Shared\VirusDefs\20070203.016\TINF.DAT
C:\Program Files\Common Files\Symantec Shared\VirusDefs\20070203.016\TINFIDX.DAT
C:\Program Files\Common Files\Symantec Shared\VirusDefs\20070203.016\TINFL.DAT
C:\Program Files\Common Files\Symantec Shared\VirusDefs\20070203.016\TSCAN1.DAT
C:\Program Files\Common Files\Symantec Shared\VirusDefs\20070203.016\TSCAN1HD.DAT
C:\Program Files\Common Files\Symantec Shared\VirusDefs\20070203.016\UPDATE.TXT
C:\Program Files\Common Files\Symantec Shared\VirusDefs\20070203.016\V.GRD
C:\Program Files\Common Files\Symantec Shared\VirusDefs\20070203.016\V.SIG
C:\Program Files\Common Files\Symantec Shared\VirusDefs\20070203.016\WHATSNEW.TXT
C:\Program Files\Common Files\Symantec Shared\VirusDefs\20070203.016\VIRSCAN.INF
C:\Program Files\Common Files\Symantec Shared\VirusDefs\20070203.016\VIRSCAN1.DAT
C:\Program Files\Common Files\Symantec Shared\VirusDefs\20070203.016\VIRSCAN2.DAT
C:\Program Files\Common Files\Symantec Shared\VirusDefs\20070203.016\VIRSCAN3.DAT
C:\Program Files\Common Files\Symantec Shared\VirusDefs\20070203.016\VIRSCAN4.DAT
C:\Program Files\Common Files\Symantec Shared\VirusDefs\20070203.016\VIRSCAN5.DAT
C:\Program Files\Common Files\Symantec Shared\VirusDefs\20070203.016\VIRSCAN6.DAT
C:\Program Files\Common Files\Symantec Shared\VirusDefs\20070203.016\VIRSCAN7.DAT
C:\Program Files\Common Files\Symantec Shared\VirusDefs\20070203.016\VIRSCAN8.DAT
C:\Program Files\Common Files\Symantec Shared\VirusDefs\20070203.016\VIRSCAN9.DAT
C:\Program Files\Common Files\Symantec Shared\VirusDefs\20070203.016\VIRSCANT.DAT
C:\Program Files\Common Files\Symantec Shared\VirusDefs\20070203.016\ZDONE.DAT
C:\Program Files\Common Files\Symantec Shared\VirusDefs\20071120.002\CATALOG.DAT
C:\Program Files\Common Files\Symantec Shared\VirusDefs\20071120.002\CCERASER.DLL
C:\Program Files\Common Files\Symantec Shared\VirusDefs\20071120.002\ECBOOTIL.VXD
C:\Program Files\Common Files\Symantec Shared\VirusDefs\20071120.002\ECMSVR32.DLL
C:\Program Files\Common Files\Symantec Shared\VirusDefs\20071120.002\EECTRL.SYS
C:\Program Files\Common Files\Symantec Shared\VirusDefs\20071120.002\ERASER.GRD
C:\Program Files\Common Files\Symantec Shared\VirusDefs\20071120.002\ERASER.SIG
C:\Program Files\Common Files\Symantec Shared\VirusDefs\20071120.002\ERASER.SPM
C:\Program Files\Common Files\Symantec Shared\VirusDefs\20071120.002\ERASER.SYS
C:\Program Files\Common Files\Symantec Shared\VirusDefs\20071120.002\ESRDEF.BIN
C:\Program Files\Common Files\Symantec Shared\VirusDefs\20071120.002\HH
C:\Program Files\Common Files\Symantec Shared\VirusDefs\20071120.002\NAVENG.EXP
C:\Program Files\Common Files\Symantec Shared\VirusDefs\20071120.002\NAVENG.SYS
C:\Program Files\Common Files\Symantec Shared\VirusDefs\20071120.002\NAVENG.VXD
C:\Program Files\Common Files\Symantec Shared\VirusDefs\20071120.002\NAVENG32.DLL
C:\Program Files\Common Files\Symantec Shared\VirusDefs\20071120.002\NAVEX15.EXP
C:\Program Files\Common Files\Symantec Shared\VirusDefs\20071120.002\NAVEX15.SYS
C:\Program Files\Common Files\Symantec Shared\VirusDefs\20071120.002\NAVEX15.VXD
C:\Program Files\Common Files\Symantec Shared\VirusDefs\20071120.002\NAVEX32A.DLL
C:\Program Files\Common Files\Symantec Shared\VirusDefs\20071120.002\NCSACERT.TXT
C:\Program Files\Common Files\Symantec Shared\VirusDefs\20071120.002\SCRAUTH.DAT
C:\Program Files\Common Files\Symantec Shared\VirusDefs\20071120.002\SYMAVENG.CAT
C:\Program Files\Common Files\Symantec Shared\VirusDefs\20071120.002\SYMAVENG.INF
C:\Program Files\Common Files\Symantec Shared\VirusDefs\20071120.002\SYMERASE.CAT
C:\Program Files\Common Files\Symantec Shared\VirusDefs\20071120.002\SYMERASE.INF
C:\Program Files\Common Files\Symantec Shared\VirusDefs\20071120.002\TCDEFS.DAT
C:\Program Files\Common Files\Symantec Shared\VirusDefs\20071120.002\TCSCAN7.DAT
C:\Program Files\Common Files\Symantec Shared\VirusDefs\20071120.002\TCSCAN8.DAT
C:\Program Files\Common Files\Symantec Shared\VirusDefs\20071120.002\TCSCAN9.DAT
C:\Program Files\Common Files\Symantec Shared\VirusDefs\20071120.002\TECHNOTE.TXT
C:\Program Files\Common Files\Symantec Shared\VirusDefs\20071120.002\TINF.DAT
C:\Program Files\Common Files\Symantec Shared\VirusDefs\20071120.002\TINFIDX.DAT
C:\Program Files\Common Files\Symantec Shared\VirusDefs\20071120.002\TINFL.DAT
C:\Program Files\Common Files\Symantec Shared\VirusDefs\20071120.002\TSCAN1.DAT
C:\Program Files\Common Files\Symantec Shared\VirusDefs\20071120.002\TSCAN1HD.DAT
C:\Program Files\Common Files\Symantec Shared\VirusDefs\20071120.002\UPDATE.TXT
C:\Program Files\Common Files\Symantec Shared\VirusDefs\20071120.002\V.GRD
C:\Program Files\Common Files\Symantec Shared\VirusDefs\20071120.002\V.SIG
C:\Program Files\Common Files\Symantec Shared\VirusDefs\20071120.002\WHATSNEW.TXT
C:\Program Files\Common Files\Symantec Shared\VirusDefs\20071120.002\VIRSCAN.INF
C:\Program Files\Common Files\Symantec Shared\VirusDefs\20071120.002\VIRSCAN1.DAT
C:\Program Files\Common Files\Symantec Shared\VirusDefs\20071120.002\VIRSCAN2.DAT
C:\Program Files\Common Files\Symantec Shared\VirusDefs\20071120.002\VIRSCAN3.DAT
C:\Program Files\Common Files\Symantec Shared\VirusDefs\20071120.002\VIRSCAN4.DAT
C:\Program Files\Common Files\Symantec Shared\VirusDefs\20071120.002\VIRSCAN5.DAT
C:\Program Files\Common Files\Symantec Shared\VirusDefs\20071120.002\VIRSCAN6.DAT
C:\Program Files\Common Files\Symantec Shared\VirusDefs\20071120.002\VIRSCAN7.DAT
C:\Program Files\Common Files\Symantec Shared\VirusDefs\20071120.002\VIRSCAN8.DAT
C:\Program Files\Common Files\Symantec Shared\VirusDefs\20071120.002\VIRSCAN9.DAT
C:\Program Files\Common Files\Symantec Shared\VirusDefs\20071120.002\VIRSCANT.DAT
C:\Program Files\Common Files\Symantec Shared\VirusDefs\20071120.002\ZDONE.DAT
C:\Program Files\Common Files\Symantec Shared\VirusDefs\20071202.001\CATALOG.DAT
C:\Program Files\Common Files\Symantec Shared\VirusDefs\20071202.001\CCERASER.DLL
C:\Program Files\Common Files\Symantec Shared\VirusDefs\20071202.001\ECBOOTIL.VXD
C:\Program Files\Common Files\Symantec Shared\VirusDefs\20071202.001\ECMSVR32.DLL
C:\Program Files\Common Files\Symantec Shared\VirusDefs\20071202.001\EECTRL.SYS
C:\Program Files\Common Files\Symantec Shared\VirusDefs\20071202.001\ERASER.GRD
C:\Program Files\Common Files\Symantec Shared\VirusDefs\20071202.001\ERASER.SIG
C:\Program Files\Common Files\Symantec Shared\VirusDefs\20071202.001\ERASER.SPM
C:\Program Files\Common Files\Symantec Shared\VirusDefs\20071202.001\ERASER.SYS
C:\Program Files\Common Files\Symantec Shared\VirusDefs\20071202.001\ESRDEF.BIN
C:\Program Files\Common Files\Symantec Shared\VirusDefs\20071202.001\HH
C:\Program Files\Common Files\Symantec Shared\VirusDefs\20071202.001\NAVENG.EXP
C:\Program Files\Common Files\Symantec Shared\VirusDefs\20071202.001\NAVENG.SYS
C:\Program Files\Common Files\Symantec Shared\VirusDefs\20071202.001\NAVENG.VXD
C:\Program Files\Common Files\Symantec Shared\VirusDefs\20071202.001\NAVENG32.DLL
C:\Program Files\Common Files\Symantec Shared\VirusDefs\20071202.001\NAVEX15.EXP
C:\Program Files\Common Files\Symantec Shared\VirusDefs\20071202.001\NAVEX15.SYS
C:\Program Files\Common Files\Symantec Shared\VirusDefs\20071202.001\NAVEX15.VXD
C:\Program Files\Common Files\Symantec Shared\VirusDefs\20071202.001\NAVEX32A.DLL
C:\Program Files\Common Files\Symantec Shared\VirusDefs\20071202.001\NCSACERT.TXT
C:\Program Files\Common Files\Symantec Shared\VirusDefs\20071202.001\SCRAUTH.DAT
C:\Program Files\Common Files\Symantec Shared\VirusDefs\20071202.001\SYMAVENG.CAT
C:\Program Files\Common Files\Symantec Shared\VirusDefs\20071202.001\SYMAVENG.INF
C:\Program Files\Common Files\Symantec Shared\VirusDefs\20071202.001\SYMERASE.CAT
C:\Program Files\Common Files\Symantec Shared\VirusDefs\20071202.001\SYMERASE.INF
C:\Program Files\Common Files\Symantec Shared\VirusDefs\20071202.001\TCDEFS.DAT
C:\Program Files\Common Files\Symantec Shared\VirusDefs\20071202.001\TCSCAN7.DAT
C:\Program Files\Common Files\Symantec Shared\VirusDefs\20071202.001\TCSCAN8.DAT
C:\Program Files\Common Files\Symantec Shared\VirusDefs\20071202.001\TCSCAN9.DAT
C:\Program Files\Common Files\Symantec Shared\VirusDefs\20071202.001\TECHNOTE.TXT
C:\Program Files\Common Files\Symantec Shared\VirusDefs\20071202.001\TINF.DAT
C:\Program Files\Common Files\Symantec Shared\VirusDefs\20071202.001\TINFIDX.DAT
C:\Program Files\Common Files\Symantec Shared\VirusDefs\20071202.001\TINFL.DAT
C:\Program Files\Common Files\Symantec Shared\VirusDefs\20071202.001\TSCAN1.DAT
C:\Program Files\Common Files\Symantec Shared\VirusDefs\20071202.001\TSCAN1HD.DAT
C:\Program Files\Common Files\Symantec Shared\VirusDefs\20071202.001\UPDATE.TXT
C:\Program Files\Common Files\Symantec Shared\VirusDefs\20071202.001\V.GRD
C:\Program Files\Common Files\Symantec Shared\VirusDefs\20071202.001\V.SIG
C:\Program Files\Common Files\Symantec Shared\VirusDefs\20071202.001\WHATSNEW.TXT
C:\Program Files\Common Files\Symantec Shared\VirusDefs\20071202.001\VIRSCAN.INF
C:\Program Files\Common Files\Symantec Shared\VirusDefs\20071202.001\VIRSCAN1.DAT
C:\Program Files\Common Files\Symantec Shared\VirusDefs\20071202.001\VIRSCAN2.DAT
C:\Program Files\Common Files\Symantec Shared\VirusDefs\20071202.001\VIRSCAN3.DAT
C:\Program Files\Common Files\Symantec Shared\VirusDefs\20071202.001\VIRSCAN4.DAT
C:\Program Files\Common Files\Symantec Shared\VirusDefs\20071202.001\VIRSCAN5.DAT
C:\Program Files\Common Files\Symantec Shared\VirusDefs\20071202.001\VIRSCAN6.DAT
C:\Program Files\Common Files\Symantec Shared\VirusDefs\20071202.001\VIRSCAN7.DAT
C:\Program Files\Common Files\Symantec Shared\VirusDefs\20071202.001\VIRSCAN8.DAT
C:\Program Files\Common Files\Symantec Shared\VirusDefs\20071202.001\VIRSCAN9.DAT
C:\Program Files\Common Files\Symantec Shared\VirusDefs\20071202.001\VIRSCANT.DAT
C:\Program Files\Common Files\Symantec Shared\VirusDefs\20071202.001\ZDONE.DAT
C:\Program Files\Common Files\Symantec Shared\VirusDefs\BinHub\catalog.dat
C:\Program Files\Common Files\Symantec Shared\VirusDefs\BinHub\cceraser.dll
C:\Program Files\Common Files\Symantec Shared\VirusDefs\BinHub\ecbootil.vxd
C:\Program Files\Common Files\Symantec Shared\VirusDefs\BinHub\ecmsvr32.dll
C:\Program Files\Common Files\Symantec Shared\VirusDefs\BinHub\eeCtrl.sys
C:\Program Files\Common Files\Symantec Shared\VirusDefs\BinHub\ERASER.grd
C:\Program Files\Common Files\Symantec Shared\VirusDefs\BinHub\ERASER.sig
C:\Program Files\Common Files\Symantec Shared\VirusDefs\BinHub\ERASER.spm
C:\Program Files\Common Files\Symantec Shared\VirusDefs\BinHub\eraser.sys
C:\Program Files\Common Files\Symantec Shared\VirusDefs\BinHub\esrdef.bin
C:\Program Files\Common Files\Symantec Shared\VirusDefs\BinHub\hh
C:\Program Files\Common Files\Symantec Shared\VirusDefs\BinHub\naveng.exp
C:\Program Files\Common Files\Symantec Shared\VirusDefs\BinHub\naveng.sys
C:\Program Files\Common Files\Symantec Shared\VirusDefs\BinHub\naveng.vxd
C:\Program Files\Common Files\Symantec Shared\VirusDefs\BinHub\naveng32.dll
C:\Program Files\Common Files\Symantec Shared\VirusDefs\BinHub\navex15.exp
C:\Program Files\Common Files\Symantec Shared\VirusDefs\BinHub\navex15.sys
C:\Program Files\Common Files\Symantec Shared\VirusDefs\BinHub\navex15.vxd
C:\Program Files\Common Files\Symantec Shared\VirusDefs\BinHub\navex32a.dll
C:\Program Files\Common Files\Symantec Shared\VirusDefs\BinHub\ncsacert.txt
C:\Program Files\Common Files\Symantec Shared\VirusDefs\BinHub\scrauth.dat
C:\Program Files\Common Files\Symantec Shared\VirusDefs\BinHub\symaveng.cat
C:\Program Files\Common Files\Symantec Shared\VirusDefs\BinHub\symaveng.inf
C:\Program Files\Common Files\Symantec Shared\VirusDefs\BinHub\SymErase.cat
C:\Program Files\Common Files\Symantec Shared\VirusDefs\BinHub\SymErase.inf
C:\Program Files\Common Files\Symantec Shared\VirusDefs\BinHub\tcdefs.dat
C:\Program Files\Common Files\Symantec Shared\VirusDefs\BinHub\tcscan7.dat
C:\Program Files\Common Files\Symantec Shared\VirusDefs\BinHub\tcscan8.dat
C:\Program Files\Common Files\Symantec Shared\VirusDefs\BinHub\tcscan9.dat
C:\Program Files\Common Files\Symantec Shared\VirusDefs\BinHub\technote.txt
C:\Program Files\Common Files\Symantec Shared\VirusDefs\BinHub\tinf.dat
C:\Program Files\Common Files\Symantec Shared\VirusDefs\BinHub\tinfidx.dat
C:\Program Files\Common Files\Symantec Shared\VirusDefs\BinHub\tinfl.dat
C:\Program Files\Common Files\Symantec Shared\VirusDefs\BinHub\tscan1.dat
C:\Program Files\Common Files\Symantec Shared\VirusDefs\BinHub\tscan1hd.dat
C:\Program Files\Common Files\Symantec Shared\VirusDefs\BinHub\v.grd
C:\Program Files\Common Files\Symantec Shared\VirusDefs\BinHub\v.sig
C:\Program Files\Common Files\Symantec Shared\VirusDefs\BinHub\whatsnew.txt
C:\Program Files\Common Files\Symantec Shared\VirusDefs\BinHub\virscan.inf
C:\Program Files\Common Files\Symantec Shared\VirusDefs\BinHub\virscan1.dat
C:\Program Files\Common Files\Symantec Shared\VirusDefs\BinHub\virscan2.dat
C:\Program Files\Common Files\Symantec Shared\VirusDefs\BinHub\virscan3.dat
C:\Program Files\Common Files\Symantec Shared\VirusDefs\BinHub\virscan4.dat
C:\Program Files\Common Files\Symantec Shared\VirusDefs\BinHub\virscan5.dat
C:\Program Files\Common Files\Symantec Shared\VirusDefs\BinHub\virscan6.dat
C:\Program Files\Common Files\Symantec Shared\VirusDefs\BinHub\virscan7.dat
C:\Program Files\Common Files\Symantec Shared\VirusDefs\BinHub\virscan8.dat
C:\Program Files\Common Files\Symantec Shared\VirusDefs\BinHub\virscan9.dat
C:\Program Files\Common Files\Symantec Shared\VirusDefs\BinHub\VIRSCANT.DAT
C:\Program Files\Common Files\Symantec Shared\VirusDefs\BinHub\zdone.dat
C:\Program Files\Common Files\Symantec Shared\VirusDefs\definfo.dat
C:\Program Files\Common Files\Symantec Shared\VirusDefs\TextHub\virscant.dat
C:\Program Files\Common Files\Symantec Shared\VirusDefs\usage.dat
.
((((((((((((((((((((((((( Files Created from 2007-12-28 to 2008-01-30 )))))))))))))))))))))))))))))))
.
2008-01-29 13:26 . 2008-01-29 13:26 d-------- C:\Documents and Settings\All Users\Application Data\Apple
2008-01-27 00:13 . 2008-01-27 00:13 552 --a------ C:\WINDOWS\system32\d3d8caps.dat
2008-01-26 23:39 . 2008-01-26 23:39 d-------- C:\Program Files\CCleaner
2008-01-25 23:29 . 2008-01-25 23:29 d-------- C:\Program Files\MSN Messenger
2008-01-25 23:09 . 2008-01-25 23:09 d-------- C:\WINDOWS\D45EC2594A194656B588C2C360DD18EA.TMP
2008-01-25 21:52 . 2008-01-25 21:52 d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-01-25 21:52 . 2008-01-25 21:52 d-------- C:\Documents and Settings\Administrator\Application Data\Grisoft
2008-01-25 21:52 . 2007-05-30 14:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2008-01-25 20:39 . 2008-01-25 20:39 d-------- C:\WINDOWS\ERUNT
2008-01-25 20:23 . 2008-01-25 20:58 d-------- C:\WINDOWS\system32\ZoneLabs
2008-01-25 20:23 . 2008-01-25 20:23 d-------- C:\Documents and Settings\All Users\Application Data\MailFrontier
2008-01-25 20:23 . 2004-04-27 04:40 11,264 --a------ C:\WINDOWS\system32\SpOrder.dll
2008-01-25 20:23 . 2008-01-25 20:24 4,212 ---h----- C:\WINDOWS\system32\zllictbl.dat
2008-01-25 20:22 . 2008-01-25 20:58 d-------- C:\WINDOWS\Internet Logs
2008-01-23 07:08 . 2008-01-23 07:08 8 --a------ C:\WINDOWS\system32\6e9963f7
2008-01-21 14:57 . 2008-01-22 12:41 15,360 --a------ C:\WINDOWS\system32\ctfmon .exe
2008-01-21 14:18 . 2008-01-21 14:18 d-------- C:\Program Files\Trend Micro
2008-01-21 13:58 . 2008-01-21 13:58 d-------- C:\Documents and Settings\All Users\Application Data\Prevx
2008-01-21 13:58 . 2008-01-21 14:12 d-------- C:\Documents and Settings\Administrator\Application Data\PrevxCSI
2008-01-19 21:02 . 2008-01-19 21:02 d-------- C:\Program Files\Avira
2008-01-19 21:02 . 2008-01-19 21:02 d-------- C:\Documents and Settings\All Users\Application Data\Avira
2008-01-11 07:06 . 2008-01-11 07:06 d-------- C:\Documents and Settings\Administrator\Application Data\SystemRequirementsLab
2008-01-11 06:34 . 2008-01-11 06:34 d-------- C:\Program Files\Valve
2008-01-06 18:23 . 2008-01-06 18:23 d-------- C:\Program Files\Option
2008-01-06 18:23 . 2008-01-06 18:23 d-------- C:\Program Files\Common Files\GtFlashSwitch
2008-01-06 16:24 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
2008-01-06 16:24 . 2007-07-30 19:19 207,736 --a------ C:\WINDOWS\system32\muweb.dll
2007-12-31 07:59 . 2008-01-06 17:36 d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2
2007-12-31 06:40 . 2007-07-30 19:19 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui
2007-12-31 06:39 . 2008-01-06 16:04 d-------- C:\Program Files\Option(3)
2007-12-31 06:39 . 2008-01-06 16:04 d-------- C:\Program Files\Common Files\GtFlashSwitch(3)
2007-12-31 06:24 . 2007-12-31 06:24 d-------- C:\Program Files\Nokia Maploader
2007-12-31 06:24 . 2007-12-31 06:24 d-------- C:\Program Files\Common Files\Nokia
2007-12-31 06:24 . 2007-12-31 06:24 d-------- C:\Program Files\ArcSoft
2007-12-30 17:46 . 2007-12-31 06:23 d----c--- C:\Program Files\Common Files\WindowsLiveInstaller
2007-12-30 17:45 . 2008-01-25 22:49 d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller
2007-12-30 00:24 . 2008-01-24 03:29 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2007-12-30 00:24 . 2007-12-30 00:24 1,409 --a------ C:\WINDOWS\QTFont.for
2007-12-28 22:43 . 2007-12-31 06:24 d-------- C:\Program Files\Option(2)
2007-12-28 22:43 . 2007-12-31 06:24 d-------- C:\Program Files\Common Files\GtFlashSwitch(2)
2007-12-28 22:31 . 2007-12-28 22:31 244 --ah----- C:\sqmnoopt19.sqm
2007-12-28 22:31 . 2007-12-28 22:31 232 --ah----- C:\sqmdata19.sqm
2007-12-28 11:23 . 2007-12-28 11:23 244 --ah----- C:\sqmnoopt18.sqm
2007-12-28 11:23 . 2007-12-28 11:23 232 --ah----- C:\sqmdata18.sqm
2007-12-28 02:39 . 2007-12-28 02:39 244 --ah----- C:\sqmnoopt17.sqm
2007-12-28 02:39 . 2007-12-28 02:39 232 --ah----- C:\sqmdata17.sqm
2007-12-27 15:51 . 2007-12-27 15:51 244 --ah----- C:\sqmnoopt16.sqm
2007-12-27 15:51 . 2007-12-27 15:51 232 --ah----- C:\sqmdata16.sqm
2007-12-26 21:27 . 2007-12-26 21:27 244 --ah----- C:\sqmnoopt15.sqm
2007-12-26 21:27 . 2007-12-26 21:27 232 --ah----- C:\sqmdata15.sqm
2007-12-25 22:39 . 2007-12-25 22:39 244 --ah----- C:\sqmnoopt14.sqm
2007-12-25 22:39 . 2007-12-25 22:39 232 --ah----- C:\sqmdata14.sqm
2007-12-07 23:02 . 2007-12-07 23:02 244 --ah----- C:\sqmnoopt13.sqm
2007-12-07 23:02 . 2007-12-07 23:02 232 --ah----- C:\sqmdata13.sqm
2007-12-07 21:49 . 2007-10-30 19:55 625,032 --a------ C:\WINDOWS\system32\SymNeti.dll
2007-12-07 21:49 . 2007-10-30 19:55 242,056 --a------ C:\WINDOWS\system32\SymRedir.dll
2007-12-03 11:38 . 2007-12-03 11:38 244 --ah----- C:\sqmnoopt12.sqm
2007-12-03 11:38 . 2007-12-03 11:38 232 --ah----- C:\sqmdata12.sqm
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-29 11:26 --------- d-----w C:\Program Files\Apple Software Update
2008-01-26 21:41 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-01-21 13:04 --------- d-----w C:\Program Files\TuneUp Utilities 2007
2008-01-21 12:10 --------- d-----w C:\Program Files\Google
2008-01-20 12:32 --------- d-----w C:\Documents and Settings\Administrator\Application Data\ICQ
2008-01-20 12:31 --------- d-----w C:\Program Files\ICQToolbar
2008-01-20 04:52 --------- d-----w C:\Program Files\SmitfraudFix
2008-01-20 04:51 --------- d-----w C:\Program Files\QuickTime
2008-01-19 19:08 --------- d-----w C:\Documents and Settings\Administrator\Application Data\Skype
2007-12-31 04:24 --------- d-----w C:\Program Files\Opera
2007-12-31 04:24 --------- d-----w C:\Program Files\Microsoft Works
2007-12-31 04:24 --------- d-----w C:\Documents and Settings\All Users\Application Data\Yahoo!
2007-12-31 04:24 --------- d-----w C:\Documents and Settings\Administrator\Application Data\Yahoo!
2007-12-11 05:13 --------- d-----w C:\Program Files\Canon
.
[code]
----a-w 15,360 2008-01-22 10:41:06 C:\WINDOWS\system32\ctfmon .exe
[/code]
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2006-03-15 22:00 15360]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:55 5674352]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-08-18 10:00 7585792]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2006-08-18 10:00 86016]
"nwiz"="nwiz.exe" [2006-08-18 10:00 1617920 C:\WINDOWS\system32\nwiz.exe]
"MsmqIntCert"="regsvr32 /s mqrt.dll" []
"High Definition Audio Property Page Shortcut"="CHDAudPropShortcut.exe" [2006-06-02 02:02 61952 C:\WINDOWS\system32\CHDAudPropShortcut.exe]
"QlbCtrl"="C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2006-06-19 10:33 163840]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 11:25 6731312]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2006-03-15 22:00 15360]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
BTTray.lnk - C:\Program Files\WIDCOMM\Bluetooth-ohjelmisto\BTTray.exe [2006-05-12 13:33:22 581693]
GlobeTrotter Connect.lnk - C:\Program Files\Option\GlobeTrotter Connect\GlobeTrotter Connect.exe [2007-05-19 17:19:44 729088]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\mljijif]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 C:\WINDOWS\system32\pmkhf
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
*Newly Created Service* - MDMXSDK
.
Contents of the 'Scheduled Tasks' folder
"2008-01-29 11:26:06 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-30 07:03:51
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\WIDCOMM\Bluetooth-ohjelmisto\BTTray.exe
C:\Program Files\Option\GlobeTrotter Connect\GlobeTrotter Connect.exe
C:\WINDOWS\system32\cscript.exe
C:\WINDOWS\system32\msdtc.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\WIDCOMM\Bluetooth-ohjelmisto\bin\btwdins.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\GtFlashSwitch\GtFlashSwitch.exe
C:\WINDOWS\eHome\ehRec.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
.
**************************************************************************
.
Completion time: 2008-01-30 7:05:26 - machine was rebooted
ComboFix-quarantined-files.txt 2008-01-30 05:05:16
ComboFix2.txt 2008-01-28 22:16:52
.
2008-01-09 01:01:48 --- E O F --- - axa.doe
aatu kirjoitti:
Noniin :D alkaa näyttään jo paljon paremmalle kun kone toimii nyt huomattavasti nopeammin kuin viimepäivinä :)
tässäpä tämä muistio:
ComboFix 08-01-29.2 - Administrator 2008-01-30 6:59:01.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1586 [GMT 2:00]
Running from: C:\Documents and Settings\Administrator\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Administrator\Desktop\CFScript.txt
* Created a new restore point
[color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color]
FILE
C:\WINDOWS\system32\mljijif.dll
C:\WINDOWS\system32\mljijif.VIR
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\settings.dat
C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtETmp\
C:\Documents and Settings\All Users\Application Data\Symantec\Common Client(2)\settings.bak
C:\Documents and Settings\All Users\Application Data\Symantec\Common Client(2)\settings.dat
C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\settings.bak
C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\settings.dat
C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\Product.Inventory.LiveUpdate
C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\Settings.LiveUpdate
C:\Documents and Settings\All Users\Application Data\Symantec\rmt.dat
C:\Documents and Settings\All Users\Application Data\Symantec\SyKnAppS\patch25.dll
C:\Documents and Settings\All Users\Application Data\Symantec\SyKnAppS\SyKnAppS.dll
C:\Documents and Settings\All Users\Application Data\Symantec\SyKnAppS\SyKnAppS.spm
C:\Documents and Settings\All Users\Application Data\Symantec\wds.dat
C:\Program Files\Common Files\Symantec Shared
C:\Program Files\Common Files\Symantec Shared\AntiVirus\avCmpCtl.dll
C:\Program Files\Common Files\Symantec Shared\AntiVirus\AVDefMgr.dll
C:\Program Files\Common Files\Symantec Shared\AntiVirus\AVExclu.dll
C:\Program Files\Common Files\Symantec Shared\AntiVirus\AVifc.dll
C:\Program Files\Common Files\Symantec Shared\AntiVirus\AVMail.dll
C:\Program Files\Common Files\Symantec Shared\AntiVirus\AVModule.dll
C:\Program Files\Common Files\Symantec Shared\AntiVirus\AVScan.dll
C:\Program Files\Common Files\Symantec Shared\AppCore\AppMgr32.dll
C:\Program Files\Common Files\Symantec Shared\AppCore\AppPlg32.dll
C:\Program Files\Common Files\Symantec Shared\AppCore\AppReg32.dll
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSch32.dll
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSet32.dll
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppTrc32.dll
C:\Program Files\Common Files\Symantec Shared\ccALEng.dll
C:\Program Files\Common Files\Symantec Shared\ccAlert.dl^
C:\Program Files\Common Files\Symantec Shared\ccAlert.dll
C:\Program Files\Common Files\Symantec Shared\ccApp.ex^
C:\Program Files\Common Files\Symantec Shared\ccDec.dl^
C:\Program Files\Common Files\Symantec Shared\ccEmlPxy.dl^
C:\Program Files\Common Files\Symantec Shared\ccEmlPxy.dll
C:\Program Files\Common Files\Symantec Shared\ccErrDsp.dl^
C:\Program Files\Common Files\Symantec Shared\ccErrDsp.dll
C:\Program Files\Common Files\Symantec Shared\ccEvtCli.dll
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.ex^
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtPlg.dll
C:\Program Files\Common Files\Symantec Shared\ccInst.dl^
C:\Program Files\Common Files\Symantec Shared\ccInst.dll
C:\Program Files\Common Files\Symantec Shared\ccL40.dl^
C:\Program Files\Common Files\Symantec Shared\ccL60.dll
C:\Program Files\Common Files\Symantec Shared\ccL60U.dll
C:\Program Files\Common Files\Symantec Shared\ccLgView.ex^
C:\Program Files\Common Files\Symantec Shared\ccLgView.exe
C:\Program Files\Common Files\Symantec Shared\ccLogin.dl^
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\ez_log.htm
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcnet.dll
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcrst.dll
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlctnk.dll
C:\Program Files\Common Files\Symantec Shared\ccProd.dl^
C:\Program Files\Common Files\Symantec Shared\ccProd.dll
C:\Program Files\Common Files\Symantec Shared\ccProSub.dl^
C:\Program Files\Common Files\Symantec Shared\ccProSub.dll
C:\Program Files\Common Files\Symantec Shared\ccScan.dl^
C:\Program Files\Common Files\Symantec Shared\ccScanW.dll
C:\Program Files\Common Files\Symantec Shared\ccSet.dl^
C:\Program Files\Common Files\Symantec Shared\ccSet.dll
C:\Program Files\Common Files\Symantec Shared\ccSetEvt.dl^
C:\Program Files\Common Files\Symantec Shared\ccSetEvt.dll
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.ex^
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccSetPlg.dll
C:\Program Files\Common Files\Symantec Shared\ccSvc.dll
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\ccWebWnd.dll
C:\Program Files\Common Files\Symantec Shared\ccVrTrst.dl^
C:\Program Files\Common Files\Symantec Shared\ccVrTrst.dll
C:\Program Files\Common Files\Symantec Shared\CF\cfEPack.dll
C:\Program Files\Common Files\Symantec Shared\CF\cfLUCbk.dll
C:\Program Files\Common Files\Symantec Shared\CF\cfV2Pack.dll
C:\Program Files\Common Files\Symantec Shared\CF\Manifests\avCFReg.dll
C:\Program Files\Common Files\Symantec Shared\CF\Manifests\cfReg.dll
C:\Program Files\Common Files\Symantec Shared\CF\Manifests\cltCFReg.dll
C:\Program Files\Common Files\Symantec Shared\CF\Manifests\ISCFReg.dll
C:\Program Files\Common Files\Symantec Shared\CF\Manifests\UICFREG.DLL
C:\Program Files\Common Files\Symantec Shared\CF\PEP2.dll
C:\Program Files\Common Files\Symantec Shared\CF\PEP2S.dll
C:\Program Files\Common Files\Symantec Shared\COH\AHS.dll
C:\Program Files\Common Files\Symantec Shared\COH\coh.cache
C:\Program Files\Common Files\Symantec Shared\COH\COH32.exe
C:\Program Files\Common Files\Symantec Shared\COH\COH64.exe
C:\Program Files\Common Files\Symantec Shared\COH\COHClean.dll
C:\Program Files\Common Files\Symantec Shared\COH\sesHlp.dll
C:\Program Files\Common Files\Symantec Shared\COH\sH0000.dll
C:\Program Files\Common Files\Symantec Shared\dec_abi.dll
C:\Program Files\Common Files\Symantec Shared\DEFUTDCD.DL^
C:\Program Files\Common Files\Symantec Shared\DefUtDCD.dll
C:\Program Files\Common Files\Symantec Shared\ecmldr32.dl^
C:\Program Files\Common Files\Symantec Shared\ecmldr32.DLL
C:\Program Files\Common Files\Symantec Shared\eengine\eectrl.sys
C:\Program Files\Common Files\Symantec Shared\IDS\DefUTDCD.dll
C:\Program Files\Common Files\Symantec Shared\IDS\IDSAux.dll
C:\Program Files\Common Files\Symantec Shared\IDS\IdsInst.exe
C:\Program Files\Common Files\Symantec Shared\IDS\IPSPlug.dll
C:\Program Files\Common Files\Symantec Shared\IDS\Patch25.dll
C:\Program Files\Common Files\Symantec Shared\MSL\msl.dll
C:\Program Files\Common Files\Symantec Shared\NPC\DATAPVDR.DLL
C:\Program Files\Common Files\Symantec Shared\NPC\LOADOPTS.EXE
C:\Program Files\Common Files\Symantec Shared\NPC\NPCTRAY.DLL
C:\Program Files\Common Files\Symantec Shared\NPC\NPCWMICL.DLL
C:\Program Files\Common Files\Symantec Shared\NPC\NPCWMIDT.DLL
C:\Program Files\Common Files\Symantec Shared\NPC\NPCWMIMN.DLL
C:\Program Files\Common Files\Symantec Shared\NPC\NSCEXT.DLL
C:\Program Files\Common Files\Symantec Shared\NPC\NSCHLPR2.DLL
C:\Program Files\Common Files\Symantec Shared\NPC\NSCPLUG2.DLL
C:\Program Files\Common Files\Symantec Shared\NPC\NSCWSCR2.DLL
C:\Program Files\Common Files\Symantec Shared\NPC\OPTIONS.DLL
C:\Program Files\Common Files\Symantec Shared\NPC\PCSTATUS.DLL
C:\Program Files\Common Files\Symantec Shared\NPC\PEPEVNT.DLL
C:\Program Files\Common Files\Symantec Shared\NPC\UIBTPLG.DLL
C:\Program Files\Common Files\Symantec Shared\NPC\UICntnr.dll
C:\Program Files\Common Files\Symantec Shared\NPC\UILICPLG.DLL
C:\Program Files\Common Files\Symantec Shared\NPC\UISTUB.EXE
C:\Program Files\Common Files\Symantec Shared\OPC\{31011D49-D90C-4da0-878B-78D28AD507AF}\ActComp.dll
C:\Program Files\Common Files\Symantec Shared\OPC\{31011D49-D90C-4da0-878B-78D28AD507AF}\CfgWiz.exe
C:\Program Files\Common Files\Symantec Shared\OPC\{31011D49-D90C-4da0-878B-78D28AD507AF}\CfgWiz.tlb
C:\Program Files\Common Files\Symantec Shared\OPC\{31011D49-D90C-4da0-878B-78D28AD507AF}\clt06PIN.dll
C:\Program Files\Common Files\Symantec Shared\OPC\{31011D49-D90C-4da0-878B-78D28AD507AF}\cltBTPgS.dll
C:\Program Files\Common Files\Symantec Shared\OPC\{31011D49-D90C-4da0-878B-78D28AD507AF}\cltBTPlg.dll
C:\Program Files\Common Files\Symantec Shared\OPC\{31011D49-D90C-4da0-878B-78D28AD507AF}\cltEndPt.dll
C:\Program Files\Common Files\Symantec Shared\OPC\{31011D49-D90C-4da0-878B-78D28AD507AF}\CLTNetCN.dll
C:\Program Files\Common Files\Symantec Shared\OPC\{31011D49-D90C-4da0-878B-78D28AD507AF}\cltPIPlg.dll
C:\Program Files\Common Files\Symantec Shared\OPC\{31011D49-D90C-4da0-878B-78D28AD507AF}\cltUAC.exe
C:\Program Files\Common Files\Symantec Shared\OPC\{31011D49-D90C-4da0-878B-78D28AD507AF}\CUWUtils.dll
C:\Program Files\Common Files\Symantec Shared\OPC\{31011D49-D90C-4da0-878B-78D28AD507AF}\EULAComp.dll
C:\Program Files\Common Files\Symantec Shared\OPC\{31011D49-D90C-4da0-878B-78D28AD507AF}\ewoc.dll
C:\Program Files\Common Files\Symantec Shared\OPC\{31011D49-D90C-4da0-878B-78D28AD507AF}\LicPlug.dll
C:\Program Files\Common Files\Symantec Shared\OPC\{31011D49-D90C-4da0-878B-78D28AD507AF}\SSAutoRN.exe
C:\Program Files\Common Files\Symantec Shared\OPC\{31011D49-D90C-4da0-878B-78D28AD507AF}\SubComp.dll
C:\Program Files\Common Files\Symantec Shared\OPC\{31011D49-D90C-4da0-878B-78D28AD507AF}\SubStats.dll
C:\Program Files\Common Files\Symantec Shared\OPC\{31011D49-D90C-4da0-878B-78D28AD507AF}\SymCAbt.dll
C:\Program Files\Common Files\Symantec Shared\OPC\{31011D49-D90C-4da0-878B-78D28AD507AF}\SYMCUW.exe
C:\Program Files\Common Files\Symantec Shared\OPC\{31011D49-D90C-4da0-878B-78D28AD507AF}\SymHost.dll
C:\Program Files\Common Files\Symantec Shared\OPC\{31011D49-D90C-4da0-878B-78D28AD507AF}\SymLCUI.dll
C:\Program Files\Common Files\Symantec Shared\OPC\{31011D49-D90C-4da0-878B-78D28AD507AF}\SymLTCOM.dll
C:\Program Files\Common Files\Symantec Shared\OPC\{31011D49-D90C-4da0-878B-78D28AD507AF}\SymSubWz.dll
C:\Program Files\Common Files\Symantec Shared\OPC\{31011D49-D90C-4da0-878B-78D28AD507AF}\SymUIAx2.ocx
C:\Program Files\Common Files\Symantec Shared\OPC\{31011D49-D90C-4da0-878B-78D28AD507AF}\SymUIHlp.dll
C:\Program Files\Common Files\Symantec Shared\Options\CLTWrap2.dll
C:\Program Files\Common Files\Symantec Shared\Options\VTCache.dll
C:\Program Files\Common Files\Symantec Shared\QBackup.dll
C:\Program Files\Common Files\Symantec Shared\rcAlert.dl^
C:\Program Files\Common Files\Symantec Shared\rcAlert.dll
C:\Program Files\Common Files\Symantec Shared\rcApp.dl^
C:\Program Files\Common Files\Symantec Shared\rcApp.dll
C:\Program Files\Common Files\Symantec Shared\rcEmlPxy.dl^
C:\Program Files\Common Files\Symantec Shared\rcEmlPxy.dll
C:\Program Files\Common Files\Symantec Shared\rcErrDsp.dl^
C:\Program Files\Common Files\Symantec Shared\rcErrDsp.dll
C:\Program Files\Common Files\Symantec Shared\rcEvtMgr.dl^
C:\Program Files\Common Files\Symantec Shared\rcLgView.dl^
C:\Program Files\Common Files\Symantec Shared\rcLgView.dll
C:\Program Files\Common Files\Symantec Shared\rcSetMgr.dl^
C:\Program Files\Common Files\Symantec Shared\rcSvcHst.dll
C:\Program Files\Common Files\Symantec Shared\SecurityHistory\MCMGR32.dll
C:\Program Files\Common Files\Symantec Shared\SecurityHistory\MCUI32.exe
C:\Program Files\Common Files\Symantec Shared\SEVINST.EXE
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SNDSvc.dll
C:\Program Files\Common Files\Symantec Shared\SNDunin.dll
C:\Program Files\Common Files\Symantec Shared\SPManifests\AppCore.spm
C:\Program Files\Common Files\Symantec Shared\SPManifests\AV.spm
C:\Program Files\Common Files\Symantec Shared\SPManifests\ccCmnPch.spm
C:\Program Files\Common Files\Symantec Shared\SPManifests\ccCommon.spm
C:\Program Files\Common Files\Symantec Shared\SPManifests\CfgWiz.spm
C:\Program Files\Common Files\Symantec Shared\SPManifests\CfgWzTLB.spm
C:\Program Files\Common Files\Symantec Shared\SPManifests\cfLUCbk.spm
C:\Program Files\Common Files\Symantec Shared\SPManifests\CIDS.SPM
C:\Program Files\Common Files\Symantec Shared\SPManifests\CLTNetCn.spm
C:\Program Files\Common Files\Symantec Shared\SPManifests\CLTWrap.spm
C:\Program Files\Common Files\Symantec Shared\SPManifests\COHCfg.spm
C:\Program Files\Common Files\Symantec Shared\SPManifests\dec_abi.spm
C:\Program Files\Common Files\Symantec Shared\SPManifests\DRMCOMMD.spm
C:\Program Files\Common Files\Symantec Shared\SPManifests\eraser.grd
C:\Program Files\Common Files\Symantec Shared\SPManifests\eraser.sig
C:\Program Files\Common Files\Symantec Shared\SPManifests\eraser.spm
C:\Program Files\Common Files\Symantec Shared\SPManifests\ISCUWReg.spm
C:\Program Files\Common Files\Symantec Shared\SPManifests\isPwd.spm
C:\Program Files\Common Files\Symantec Shared\SPManifests\isPwdSvc.spm
C:\Program Files\Common Files\Symantec Shared\SPManifests\isRes.spm
C:\Program Files\Common Files\Symantec Shared\SPManifests\ISUAC.spm
C:\Program Files\Common Files\Symantec Shared\SPManifests\MsgCntr.spm
C:\Program Files\Common Files\Symantec Shared\SPManifests\MSLight.spm
C:\Program Files\Common Files\Symantec Shared\SPManifests\NPC2007.SPM
C:\Program Files\Common Files\Symantec Shared\SPManifests\osCheck.spm
C:\Program Files\Common Files\Symantec Shared\SPManifests\Parent.spm
C:\Program Files\Common Files\Symantec Shared\SPManifests\PEP2.spm
C:\Program Files\Common Files\Symantec Shared\SPManifests\ShrdRent.spm
C:\Program Files\Common Files\Symantec Shared\SPManifests\Snd.spm
C:\Program Files\Common Files\Symantec Shared\SPManifests\SubInst.spm
C:\Program Files\Common Files\Symantec Shared\SPManifests\SyKnAppS.spm
C:\Program Files\Common Files\Symantec Shared\SPManifests\SymCAbt.spm
C:\Program Files\Common Files\Symantec Shared\SPManifests\symcleng.spm
C:\Program Files\Common Files\Symantec Shared\SPManifests\Symcuw.spm
C:\Program Files\Common Files\Symantec Shared\SPManifests\SYMEVNT.GRD
C:\Program Files\Common Files\Symantec Shared\SPManifests\SYMEVNT.SIG
C:\Program Files\Common Files\Symantec Shared\SPManifests\SYMEVNT.SPM
C:\Program Files\Common Files\Symantec Shared\SPManifests\SymHtml.spm
C:\Program Files\Common Files\Symantec Shared\SPManifests\SYMLCUI.spm
C:\Program Files\Common Files\Symantec Shared\SPManifests\SYMLT.spm
C:\Program Files\Common Files\Symantec Shared\SPManifests\SymSHAx.spm
C:\Program Files\Common Files\Symantec Shared\SPManifests\SymTheme.spm
C:\Program Files\Common Files\Symantec Shared\SPManifests\VTCache.spm
C:\Program Files\Common Files\Symantec Shared\SRTSP\SAVRT32.DLL.DeleteMe
C:\Program Files\Common Files\Symantec Shared\SRTSP\SRTSP32.DLL.DeleteMe
C:\Program Files\Common Files\Symantec Shared\SRTSP\SRTUNIN.DLL.DeleteMe
C:\Program Files\Common Files\Symantec Shared\SubmissionEngine\SUBCONN.dll
C:\Program Files\Common Files\Symantec Shared\SubmissionEngine\subeng.dll
C:\Program Files\Common Files\Symantec Shared\SubmissionEngine\SUBUPDT.exe
C:\Program Files\Common Files\Symantec Shared\SymHTML\1.0\SymHTML.dll
C:\Program Files\Common Files\Symantec Shared\SymHTML\shtmbase.dll
C:\Program Files\Common Files\Symantec Shared\SymSetup\{830D8CBD-C668-49e2-A969-C2C2106332E0}_14_0_0_89\{830D8CBD-C668-49e2-A969-C2C2106332E0}.exe
C:\Program Files\Common Files\Symantec Shared\SymSetup\{830D8CBD-C668-49e2-A969-C2C2106332E0}_14_0_0_89\ccL60U.dll
C:\Program Files\Common Files\Symantec Shared\SymSetup\{830D8CBD-C668-49e2-A969-C2C2106332E0}_14_0_0_89\msvcp71.dll
C:\Program Files\Common Files\Symantec Shared\SymSetup\{830D8CBD-C668-49e2-A969-C2C2106332E0}_14_0_0_89\msvcr71.dll
C:\Program Files\Common Files\Symantec Shared\SymSetup\{830D8CBD-C668-49e2-A969-C2C2106332E0}_14_0_0_89\NAV\Parent\NORTON\App\isRes.dll
C:\Program Files\Common Files\Symantec Shared\SymSetup\{830D8CBD-C668-49e2-A969-C2C2106332E0}_14_0_0_89\Support\Reporter\Reporter.exe
C:\Program Files\Common Files\Symantec Shared\SymSetup\{830D8CBD-C668-49e2-A969-C2C2106332E0}_14_0_0_89\SymHTML.dll
C:\Program Files\Common Files\Symantec Shared\SymSetup\{830D8CBD-C668-49e2-A969-C2C2106332E0}_14_0_0_89\SymTheme.dll
C:\Program Files\Common Files\Symantec Shared\SymSHAx.dll
C:\Program Files\Common Files\Symantec Shared\SymTheme\1.0\SymTheme.dll
C:\Program Files\Common Files\Symantec Shared\SymTheme\sthmbase.dll
C:\Program Files\Common Files\Symantec Shared\VirusDefs\20070203.016\CATALOG.DAT
C:\Program Files\Common Files\Symantec Shared\VirusDefs\20070203.016\CCERASER.DLL
C:\Program Files\Common Files\Symantec Shared\VirusDefs\20070203.016\ECBOOTIL.VXD
C:\Program Files\Common Files\Symantec Shared\VirusDefs\20070203.016\ECMSVR32.DLL
C:\Program Files\Common Files\Symantec Shared\VirusDefs\20070203.016\EECTRL.SYS
C:\Program Files\Common Files\Symantec Shared\VirusDefs\20070203.016\ERASER.GRD
C:\Program Files\Common Files\Symantec Shared\VirusDefs\20070203.016\ERASER.SIG
C:\Program Files\Common Files\Symantec Shared\VirusDefs\20070203.016\ERASER.SPM
C:\Program Files\Common Files\Symantec Shared\VirusDefs\20070203.016\ERASER.SYS
C:\Program Files\Common Files\Symantec Shared\VirusDefs\20070203.016\ESRDEF.BIN
C:\Program Files\Common Files\Symantec Shared\VirusDefs\20070203.016\HH
C:\Program Files\Common Files\Symantec Shared\VirusDefs\20070203.016\NAVENG.EXP
C:\Program Files\Common Files\Symantec Shared\VirusDefs\20070203.016\NAVENG.SYS
C:\Program Files\Common Files\Symantec Shared\VirusDefs\20070203.016\NAVENG.VXD
C:\Program Files\Common Files\Symantec Shared\VirusDefs\20070203.016\NAVENG32.DLL
C:\Program Files\Common Files\Symantec Shared\VirusDefs\20070203.016\NAVEX15.EXP
C:\Program Files\Common Files\Symantec Shared\VirusDefs\20070203.016\NAVEX15.SYS
C:\Program Files\Common Files\Symantec Shared\VirusDefs\20070203.016\NAVEX15.VXD
C:\Program Files\Common Files\Symantec Shared\VirusDefs\20070203.016\NAVEX32A.DLL
C:\Program Files\Common Files\Symantec Shared\VirusDefs\20070203.016\NCSACERT.TXT
C:\Program Files\Common Files\Symantec Shared\VirusDefs\20070203.016\SCRAUTH.DAT
C:\Program Files\Common Files\Symantec Shared\VirusDefs\20070203.016\SYMAVENG.CAT
C:\Program Files\Common Files\Symantec Shared\VirusDefs\20070203.016\SYMAVENG.INF
C:\Program Files\Common Files\Symantec Shared\VirusDefs\20070203.016\SYMERASE.CAT
C:\Program Files\Common Files\Symantec Shared\VirusDefs\20070203.016\SYMERASE.INF
C:\Program Files\Common Files\Symantec Shared\VirusDefs\20070203.016\TCDEFS.DAT
C:\Program Files\Common Files\Symantec Shared\VirusDefs\20070203.016\TCSCAN7.DAT
C:\Program Files\Common Files\Symantec Shared\VirusDefs\20070203.016\TCSCAN8.DAT
C:\Program Files\Common Files\Symantec Shared\VirusDefs\20070203.016\TCSCAN9.DAT
C:\Program Files\Common Files\Symantec Shared\VirusDefs\20070203.016\TECHNOTE.TXT
C:\Program Files\Common Files\Symantec Shared\VirusDefs\20070203.016\TINF.DAT
C:\Program Files\Common Files\Symantec Shared\VirusDefs\20070203.016\TINFIDX.DAT
C:\Program Files\Common Files\Symantec Shared\VirusDefs\20070203.016\TINFL.DAT
C:\Program Files\Common Files\Symantec Shared\VirusDefs\20070203.016\TSCAN1.DAT
C:\Program Files\Common Files\Symantec Shared\VirusDefs\20070203.016\TSCAN1HD.DAT
C:\Program Files\Common Files\Symantec Shared\VirusDefs\20070203.016\UPDATE.TXT
C:\Program Files\Common Files\Symantec Shared\VirusDefs\20070203.016\V.GRD
C:\Program Files\Common Files\Symantec Shared\VirusDefs\20070203.016\V.SIG
C:\Program Files\Common Files\Symantec Shared\VirusDefs\20070203.016\WHATSNEW.TXT
C:\Program Files\Common Files\Symantec Shared\VirusDefs\20070203.016\VIRSCAN.INF
C:\Program Files\Common Files\Symantec Shared\VirusDefs\20070203.016\VIRSCAN1.DAT
C:\Program Files\Common Files\Symantec Shared\VirusDefs\20070203.016\VIRSCAN2.DAT
C:\Program Files\Common Files\Symantec Shared\VirusDefs\20070203.016\VIRSCAN3.DAT
C:\Program Files\Common Files\Symantec Shared\VirusDefs\20070203.016\VIRSCAN4.DAT
C:\Program Files\Common Files\Symantec Shared\VirusDefs\20070203.016\VIRSCAN5.DAT
C:\Program Files\Common Files\Symantec Shared\VirusDefs\20070203.016\VIRSCAN6.DAT
C:\Program Files\Common Files\Symantec Shared\VirusDefs\20070203.016\VIRSCAN7.DAT
C:\Program Files\Common Files\Symantec Shared\VirusDefs\20070203.016\VIRSCAN8.DAT
C:\Program Files\Common Files\Symantec Shared\VirusDefs\20070203.016\VIRSCAN9.DAT
C:\Program Files\Common Files\Symantec Shared\VirusDefs\20070203.016\VIRSCANT.DAT
C:\Program Files\Common Files\Symantec Shared\VirusDefs\20070203.016\ZDONE.DAT
C:\Program Files\Common Files\Symantec Shared\VirusDefs\20071120.002\CATALOG.DAT
C:\Program Files\Common Files\Symantec Shared\VirusDefs\20071120.002\CCERASER.DLL
C:\Program Files\Common Files\Symantec Shared\VirusDefs\20071120.002\ECBOOTIL.VXD
C:\Program Files\Common Files\Symantec Shared\VirusDefs\20071120.002\ECMSVR32.DLL
C:\Program Files\Common Files\Symantec Shared\VirusDefs\20071120.002\EECTRL.SYS
C:\Program Files\Common Files\Symantec Shared\VirusDefs\20071120.002\ERASER.GRD
C:\Program Files\Common Files\Symantec Shared\VirusDefs\20071120.002\ERASER.SIG
C:\Program Files\Common Files\Symantec Shared\VirusDefs\20071120.002\ERASER.SPM
C:\Program Files\Common Files\Symantec Shared\VirusDefs\20071120.002\ERASER.SYS
C:\Program Files\Common Files\Symantec Shared\VirusDefs\20071120.002\ESRDEF.BIN
C:\Program Files\Common Files\Symantec Shared\VirusDefs\20071120.002\HH
C:\Program Files\Common Files\Symantec Shared\VirusDefs\20071120.002\NAVENG.EXP
C:\Program Files\Common Files\Symantec Shared\VirusDefs\20071120.002\NAVENG.SYS
C:\Program Files\Common Files\Symantec Shared\VirusDefs\20071120.002\NAVENG.VXD
C:\Program Files\Common Files\Symantec Shared\VirusDefs\20071120.002\NAVENG32.DLL
C:\Program Files\Common Files\Symantec Shared\VirusDefs\20071120.002\NAVEX15.EXP
C:\Program Files\Common Files\Symantec Shared\VirusDefs\20071120.002\NAVEX15.SYS
C:\Program Files\Common Files\Symantec Shared\VirusDefs\20071120.002\NAVEX15.VXD
C:\Program Files\Common Files\Symantec Shared\VirusDefs\20071120.002\NAVEX32A.DLL
C:\Program Files\Common Files\Symantec Shared\VirusDefs\20071120.002\NCSACERT.TXT
C:\Program Files\Common Files\Symantec Shared\VirusDefs\20071120.002\SCRAUTH.DAT
C:\Program Files\Common Files\Symantec Shared\VirusDefs\20071120.002\SYMAVENG.CAT
C:\Program Files\Common Files\Symantec Shared\VirusDefs\20071120.002\SYMAVENG.INF
C:\Program Files\Common Files\Symantec Shared\VirusDefs\20071120.002\SYMERASE.CAT
C:\Program Files\Common Files\Symantec Shared\VirusDefs\20071120.002\SYMERASE.INF
C:\Program Files\Common Files\Symantec Shared\VirusDefs\20071120.002\TCDEFS.DAT
C:\Program Files\Common Files\Symantec Shared\VirusDefs\20071120.002\TCSCAN7.DAT
C:\Program Files\Common Files\Symantec Shared\VirusDefs\20071120.002\TCSCAN8.DAT
C:\Program Files\Common Files\Symantec Shared\VirusDefs\20071120.002\TCSCAN9.DAT
C:\Program Files\Common Files\Symantec Shared\VirusDefs\20071120.002\TECHNOTE.TXT
C:\Program Files\Common Files\Symantec Shared\VirusDefs\20071120.002\TINF.DAT
C:\Program Files\Common Files\Symantec Shared\VirusDefs\20071120.002\TINFIDX.DAT
C:\Program Files\Common Files\Symantec Shared\VirusDefs\20071120.002\TINFL.DAT
C:\Program Files\Common Files\Symantec Shared\VirusDefs\20071120.002\TSCAN1.DAT
C:\Program Files\Common Files\Symantec Shared\VirusDefs\20071120.002\TSCAN1HD.DAT
C:\Program Files\Common Files\Symantec Shared\VirusDefs\20071120.002\UPDATE.TXT
C:\Program Files\Common Files\Symantec Shared\VirusDefs\20071120.002\V.GRD
C:\Program Files\Common Files\Symantec Shared\VirusDefs\20071120.002\V.SIG
C:\Program Files\Common Files\Symantec Shared\VirusDefs\20071120.002\WHATSNEW.TXT
C:\Program Files\Common Files\Symantec Shared\VirusDefs\20071120.002\VIRSCAN.INF
C:\Program Files\Common Files\Symantec Shared\VirusDefs\20071120.002\VIRSCAN1.DAT
C:\Program Files\Common Files\Symantec Shared\VirusDefs\20071120.002\VIRSCAN2.DAT
C:\Program Files\Common Files\Symantec Shared\VirusDefs\20071120.002\VIRSCAN3.DAT
C:\Program Files\Common Files\Symantec Shared\VirusDefs\20071120.002\VIRSCAN4.DAT
C:\Program Files\Common Files\Symantec Shared\VirusDefs\20071120.002\VIRSCAN5.DAT
C:\Program Files\Common Files\Symantec Shared\VirusDefs\20071120.002\VIRSCAN6.DAT
C:\Program Files\Common Files\Symantec Shared\VirusDefs\20071120.002\VIRSCAN7.DAT
C:\Program Files\Common Files\Symantec Shared\VirusDefs\20071120.002\VIRSCAN8.DAT
C:\Program Files\Common Files\Symantec Shared\VirusDefs\20071120.002\VIRSCAN9.DAT
C:\Program Files\Common Files\Symantec Shared\VirusDefs\20071120.002\VIRSCANT.DAT
C:\Program Files\Common Files\Symantec Shared\VirusDefs\20071120.002\ZDONE.DAT
C:\Program Files\Common Files\Symantec Shared\VirusDefs\20071202.001\CATALOG.DAT
C:\Program Files\Common Files\Symantec Shared\VirusDefs\20071202.001\CCERASER.DLL
C:\Program Files\Common Files\Symantec Shared\VirusDefs\20071202.001\ECBOOTIL.VXD
C:\Program Files\Common Files\Symantec Shared\VirusDefs\20071202.001\ECMSVR32.DLL
C:\Program Files\Common Files\Symantec Shared\VirusDefs\20071202.001\EECTRL.SYS
C:\Program Files\Common Files\Symantec Shared\VirusDefs\20071202.001\ERASER.GRD
C:\Program Files\Common Files\Symantec Shared\VirusDefs\20071202.001\ERASER.SIG
C:\Program Files\Common Files\Symantec Shared\VirusDefs\20071202.001\ERASER.SPM
C:\Program Files\Common Files\Symantec Shared\VirusDefs\20071202.001\ERASER.SYS
C:\Program Files\Common Files\Symantec Shared\VirusDefs\20071202.001\ESRDEF.BIN
C:\Program Files\Common Files\Symantec Shared\VirusDefs\20071202.001\HH
C:\Program Files\Common Files\Symantec Shared\VirusDefs\20071202.001\NAVENG.EXP
C:\Program Files\Common Files\Symantec Shared\VirusDefs\20071202.001\NAVENG.SYS
C:\Program Files\Common Files\Symantec Shared\VirusDefs\20071202.001\NAVENG.VXD
C:\Program Files\Common Files\Symantec Shared\VirusDefs\20071202.001\NAVENG32.DLL
C:\Program Files\Common Files\Symantec Shared\VirusDefs\20071202.001\NAVEX15.EXP
C:\Program Files\Common Files\Symantec Shared\VirusDefs\20071202.001\NAVEX15.SYS
C:\Program Files\Common Files\Symantec Shared\VirusDefs\20071202.001\NAVEX15.VXD
C:\Program Files\Common Files\Symantec Shared\VirusDefs\20071202.001\NAVEX32A.DLL
C:\Program Files\Common Files\Symantec Shared\VirusDefs\20071202.001\NCSACERT.TXT
C:\Program Files\Common Files\Symantec Shared\VirusDefs\20071202.001\SCRAUTH.DAT
C:\Program Files\Common Files\Symantec Shared\VirusDefs\20071202.001\SYMAVENG.CAT
C:\Program Files\Common Files\Symantec Shared\VirusDefs\20071202.001\SYMAVENG.INF
C:\Program Files\Common Files\Symantec Shared\VirusDefs\20071202.001\SYMERASE.CAT
C:\Program Files\Common Files\Symantec Shared\VirusDefs\20071202.001\SYMERASE.INF
C:\Program Files\Common Files\Symantec Shared\VirusDefs\20071202.001\TCDEFS.DAT
C:\Program Files\Common Files\Symantec Shared\VirusDefs\20071202.001\TCSCAN7.DAT
C:\Program Files\Common Files\Symantec Shared\VirusDefs\20071202.001\TCSCAN8.DAT
C:\Program Files\Common Files\Symantec Shared\VirusDefs\20071202.001\TCSCAN9.DAT
C:\Program Files\Common Files\Symantec Shared\VirusDefs\20071202.001\TECHNOTE.TXT
C:\Program Files\Common Files\Symantec Shared\VirusDefs\20071202.001\TINF.DAT
C:\Program Files\Common Files\Symantec Shared\VirusDefs\20071202.001\TINFIDX.DAT
C:\Program Files\Common Files\Symantec Shared\VirusDefs\20071202.001\TINFL.DAT
C:\Program Files\Common Files\Symantec Shared\VirusDefs\20071202.001\TSCAN1.DAT
C:\Program Files\Common Files\Symantec Shared\VirusDefs\20071202.001\TSCAN1HD.DAT
C:\Program Files\Common Files\Symantec Shared\VirusDefs\20071202.001\UPDATE.TXT
C:\Program Files\Common Files\Symantec Shared\VirusDefs\20071202.001\V.GRD
C:\Program Files\Common Files\Symantec Shared\VirusDefs\20071202.001\V.SIG
C:\Program Files\Common Files\Symantec Shared\VirusDefs\20071202.001\WHATSNEW.TXT
C:\Program Files\Common Files\Symantec Shared\VirusDefs\20071202.001\VIRSCAN.INF
C:\Program Files\Common Files\Symantec Shared\VirusDefs\20071202.001\VIRSCAN1.DAT
C:\Program Files\Common Files\Symantec Shared\VirusDefs\20071202.001\VIRSCAN2.DAT
C:\Program Files\Common Files\Symantec Shared\VirusDefs\20071202.001\VIRSCAN3.DAT
C:\Program Files\Common Files\Symantec Shared\VirusDefs\20071202.001\VIRSCAN4.DAT
C:\Program Files\Common Files\Symantec Shared\VirusDefs\20071202.001\VIRSCAN5.DAT
C:\Program Files\Common Files\Symantec Shared\VirusDefs\20071202.001\VIRSCAN6.DAT
C:\Program Files\Common Files\Symantec Shared\VirusDefs\20071202.001\VIRSCAN7.DAT
C:\Program Files\Common Files\Symantec Shared\VirusDefs\20071202.001\VIRSCAN8.DAT
C:\Program Files\Common Files\Symantec Shared\VirusDefs\20071202.001\VIRSCAN9.DAT
C:\Program Files\Common Files\Symantec Shared\VirusDefs\20071202.001\VIRSCANT.DAT
C:\Program Files\Common Files\Symantec Shared\VirusDefs\20071202.001\ZDONE.DAT
C:\Program Files\Common Files\Symantec Shared\VirusDefs\BinHub\catalog.dat
C:\Program Files\Common Files\Symantec Shared\VirusDefs\BinHub\cceraser.dll
C:\Program Files\Common Files\Symantec Shared\VirusDefs\BinHub\ecbootil.vxd
C:\Program Files\Common Files\Symantec Shared\VirusDefs\BinHub\ecmsvr32.dll
C:\Program Files\Common Files\Symantec Shared\VirusDefs\BinHub\eeCtrl.sys
C:\Program Files\Common Files\Symantec Shared\VirusDefs\BinHub\ERASER.grd
C:\Program Files\Common Files\Symantec Shared\VirusDefs\BinHub\ERASER.sig
C:\Program Files\Common Files\Symantec Shared\VirusDefs\BinHub\ERASER.spm
C:\Program Files\Common Files\Symantec Shared\VirusDefs\BinHub\eraser.sys
C:\Program Files\Common Files\Symantec Shared\VirusDefs\BinHub\esrdef.bin
C:\Program Files\Common Files\Symantec Shared\VirusDefs\BinHub\hh
C:\Program Files\Common Files\Symantec Shared\VirusDefs\BinHub\naveng.exp
C:\Program Files\Common Files\Symantec Shared\VirusDefs\BinHub\naveng.sys
C:\Program Files\Common Files\Symantec Shared\VirusDefs\BinHub\naveng.vxd
C:\Program Files\Common Files\Symantec Shared\VirusDefs\BinHub\naveng32.dll
C:\Program Files\Common Files\Symantec Shared\VirusDefs\BinHub\navex15.exp
C:\Program Files\Common Files\Symantec Shared\VirusDefs\BinHub\navex15.sys
C:\Program Files\Common Files\Symantec Shared\VirusDefs\BinHub\navex15.vxd
C:\Program Files\Common Files\Symantec Shared\VirusDefs\BinHub\navex32a.dll
C:\Program Files\Common Files\Symantec Shared\VirusDefs\BinHub\ncsacert.txt
C:\Program Files\Common Files\Symantec Shared\VirusDefs\BinHub\scrauth.dat
C:\Program Files\Common Files\Symantec Shared\VirusDefs\BinHub\symaveng.cat
C:\Program Files\Common Files\Symantec Shared\VirusDefs\BinHub\symaveng.inf
C:\Program Files\Common Files\Symantec Shared\VirusDefs\BinHub\SymErase.cat
C:\Program Files\Common Files\Symantec Shared\VirusDefs\BinHub\SymErase.inf
C:\Program Files\Common Files\Symantec Shared\VirusDefs\BinHub\tcdefs.dat
C:\Program Files\Common Files\Symantec Shared\VirusDefs\BinHub\tcscan7.dat
C:\Program Files\Common Files\Symantec Shared\VirusDefs\BinHub\tcscan8.dat
C:\Program Files\Common Files\Symantec Shared\VirusDefs\BinHub\tcscan9.dat
C:\Program Files\Common Files\Symantec Shared\VirusDefs\BinHub\technote.txt
C:\Program Files\Common Files\Symantec Shared\VirusDefs\BinHub\tinf.dat
C:\Program Files\Common Files\Symantec Shared\VirusDefs\BinHub\tinfidx.dat
C:\Program Files\Common Files\Symantec Shared\VirusDefs\BinHub\tinfl.dat
C:\Program Files\Common Files\Symantec Shared\VirusDefs\BinHub\tscan1.dat
C:\Program Files\Common Files\Symantec Shared\VirusDefs\BinHub\tscan1hd.dat
C:\Program Files\Common Files\Symantec Shared\VirusDefs\BinHub\v.grd
C:\Program Files\Common Files\Symantec Shared\VirusDefs\BinHub\v.sig
C:\Program Files\Common Files\Symantec Shared\VirusDefs\BinHub\whatsnew.txt
C:\Program Files\Common Files\Symantec Shared\VirusDefs\BinHub\virscan.inf
C:\Program Files\Common Files\Symantec Shared\VirusDefs\BinHub\virscan1.dat
C:\Program Files\Common Files\Symantec Shared\VirusDefs\BinHub\virscan2.dat
C:\Program Files\Common Files\Symantec Shared\VirusDefs\BinHub\virscan3.dat
C:\Program Files\Common Files\Symantec Shared\VirusDefs\BinHub\virscan4.dat
C:\Program Files\Common Files\Symantec Shared\VirusDefs\BinHub\virscan5.dat
C:\Program Files\Common Files\Symantec Shared\VirusDefs\BinHub\virscan6.dat
C:\Program Files\Common Files\Symantec Shared\VirusDefs\BinHub\virscan7.dat
C:\Program Files\Common Files\Symantec Shared\VirusDefs\BinHub\virscan8.dat
C:\Program Files\Common Files\Symantec Shared\VirusDefs\BinHub\virscan9.dat
C:\Program Files\Common Files\Symantec Shared\VirusDefs\BinHub\VIRSCANT.DAT
C:\Program Files\Common Files\Symantec Shared\VirusDefs\BinHub\zdone.dat
C:\Program Files\Common Files\Symantec Shared\VirusDefs\definfo.dat
C:\Program Files\Common Files\Symantec Shared\VirusDefs\TextHub\virscant.dat
C:\Program Files\Common Files\Symantec Shared\VirusDefs\usage.dat
.
((((((((((((((((((((((((( Files Created from 2007-12-28 to 2008-01-30 )))))))))))))))))))))))))))))))
.
2008-01-29 13:26 . 2008-01-29 13:26 d-------- C:\Documents and Settings\All Users\Application Data\Apple
2008-01-27 00:13 . 2008-01-27 00:13 552 --a------ C:\WINDOWS\system32\d3d8caps.dat
2008-01-26 23:39 . 2008-01-26 23:39 d-------- C:\Program Files\CCleaner
2008-01-25 23:29 . 2008-01-25 23:29 d-------- C:\Program Files\MSN Messenger
2008-01-25 23:09 . 2008-01-25 23:09 d-------- C:\WINDOWS\D45EC2594A194656B588C2C360DD18EA.TMP
2008-01-25 21:52 . 2008-01-25 21:52 d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-01-25 21:52 . 2008-01-25 21:52 d-------- C:\Documents and Settings\Administrator\Application Data\Grisoft
2008-01-25 21:52 . 2007-05-30 14:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2008-01-25 20:39 . 2008-01-25 20:39 d-------- C:\WINDOWS\ERUNT
2008-01-25 20:23 . 2008-01-25 20:58 d-------- C:\WINDOWS\system32\ZoneLabs
2008-01-25 20:23 . 2008-01-25 20:23 d-------- C:\Documents and Settings\All Users\Application Data\MailFrontier
2008-01-25 20:23 . 2004-04-27 04:40 11,264 --a------ C:\WINDOWS\system32\SpOrder.dll
2008-01-25 20:23 . 2008-01-25 20:24 4,212 ---h----- C:\WINDOWS\system32\zllictbl.dat
2008-01-25 20:22 . 2008-01-25 20:58 d-------- C:\WINDOWS\Internet Logs
2008-01-23 07:08 . 2008-01-23 07:08 8 --a------ C:\WINDOWS\system32\6e9963f7
2008-01-21 14:57 . 2008-01-22 12:41 15,360 --a------ C:\WINDOWS\system32\ctfmon .exe
2008-01-21 14:18 . 2008-01-21 14:18 d-------- C:\Program Files\Trend Micro
2008-01-21 13:58 . 2008-01-21 13:58 d-------- C:\Documents and Settings\All Users\Application Data\Prevx
2008-01-21 13:58 . 2008-01-21 14:12 d-------- C:\Documents and Settings\Administrator\Application Data\PrevxCSI
2008-01-19 21:02 . 2008-01-19 21:02 d-------- C:\Program Files\Avira
2008-01-19 21:02 . 2008-01-19 21:02 d-------- C:\Documents and Settings\All Users\Application Data\Avira
2008-01-11 07:06 . 2008-01-11 07:06 d-------- C:\Documents and Settings\Administrator\Application Data\SystemRequirementsLab
2008-01-11 06:34 . 2008-01-11 06:34 d-------- C:\Program Files\Valve
2008-01-06 18:23 . 2008-01-06 18:23 d-------- C:\Program Files\Option
2008-01-06 18:23 . 2008-01-06 18:23 d-------- C:\Program Files\Common Files\GtFlashSwitch
2008-01-06 16:24 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
2008-01-06 16:24 . 2007-07-30 19:19 207,736 --a------ C:\WINDOWS\system32\muweb.dll
2007-12-31 07:59 . 2008-01-06 17:36 d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2
2007-12-31 06:40 . 2007-07-30 19:19 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui
2007-12-31 06:39 . 2008-01-06 16:04 d-------- C:\Program Files\Option(3)
2007-12-31 06:39 . 2008-01-06 16:04 d-------- C:\Program Files\Common Files\GtFlashSwitch(3)
2007-12-31 06:24 . 2007-12-31 06:24 d-------- C:\Program Files\Nokia Maploader
2007-12-31 06:24 . 2007-12-31 06:24 d-------- C:\Program Files\Common Files\Nokia
2007-12-31 06:24 . 2007-12-31 06:24 d-------- C:\Program Files\ArcSoft
2007-12-30 17:46 . 2007-12-31 06:23 d----c--- C:\Program Files\Common Files\WindowsLiveInstaller
2007-12-30 17:45 . 2008-01-25 22:49 d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller
2007-12-30 00:24 . 2008-01-24 03:29 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2007-12-30 00:24 . 2007-12-30 00:24 1,409 --a------ C:\WINDOWS\QTFont.for
2007-12-28 22:43 . 2007-12-31 06:24 d-------- C:\Program Files\Option(2)
2007-12-28 22:43 . 2007-12-31 06:24 d-------- C:\Program Files\Common Files\GtFlashSwitch(2)
2007-12-28 22:31 . 2007-12-28 22:31 244 --ah----- C:\sqmnoopt19.sqm
2007-12-28 22:31 . 2007-12-28 22:31 232 --ah----- C:\sqmdata19.sqm
2007-12-28 11:23 . 2007-12-28 11:23 244 --ah----- C:\sqmnoopt18.sqm
2007-12-28 11:23 . 2007-12-28 11:23 232 --ah----- C:\sqmdata18.sqm
2007-12-28 02:39 . 2007-12-28 02:39 244 --ah----- C:\sqmnoopt17.sqm
2007-12-28 02:39 . 2007-12-28 02:39 232 --ah----- C:\sqmdata17.sqm
2007-12-27 15:51 . 2007-12-27 15:51 244 --ah----- C:\sqmnoopt16.sqm
2007-12-27 15:51 . 2007-12-27 15:51 232 --ah----- C:\sqmdata16.sqm
2007-12-26 21:27 . 2007-12-26 21:27 244 --ah----- C:\sqmnoopt15.sqm
2007-12-26 21:27 . 2007-12-26 21:27 232 --ah----- C:\sqmdata15.sqm
2007-12-25 22:39 . 2007-12-25 22:39 244 --ah----- C:\sqmnoopt14.sqm
2007-12-25 22:39 . 2007-12-25 22:39 232 --ah----- C:\sqmdata14.sqm
2007-12-07 23:02 . 2007-12-07 23:02 244 --ah----- C:\sqmnoopt13.sqm
2007-12-07 23:02 . 2007-12-07 23:02 232 --ah----- C:\sqmdata13.sqm
2007-12-07 21:49 . 2007-10-30 19:55 625,032 --a------ C:\WINDOWS\system32\SymNeti.dll
2007-12-07 21:49 . 2007-10-30 19:55 242,056 --a------ C:\WINDOWS\system32\SymRedir.dll
2007-12-03 11:38 . 2007-12-03 11:38 244 --ah----- C:\sqmnoopt12.sqm
2007-12-03 11:38 . 2007-12-03 11:38 232 --ah----- C:\sqmdata12.sqm
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-29 11:26 --------- d-----w C:\Program Files\Apple Software Update
2008-01-26 21:41 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-01-21 13:04 --------- d-----w C:\Program Files\TuneUp Utilities 2007
2008-01-21 12:10 --------- d-----w C:\Program Files\Google
2008-01-20 12:32 --------- d-----w C:\Documents and Settings\Administrator\Application Data\ICQ
2008-01-20 12:31 --------- d-----w C:\Program Files\ICQToolbar
2008-01-20 04:52 --------- d-----w C:\Program Files\SmitfraudFix
2008-01-20 04:51 --------- d-----w C:\Program Files\QuickTime
2008-01-19 19:08 --------- d-----w C:\Documents and Settings\Administrator\Application Data\Skype
2007-12-31 04:24 --------- d-----w C:\Program Files\Opera
2007-12-31 04:24 --------- d-----w C:\Program Files\Microsoft Works
2007-12-31 04:24 --------- d-----w C:\Documents and Settings\All Users\Application Data\Yahoo!
2007-12-31 04:24 --------- d-----w C:\Documents and Settings\Administrator\Application Data\Yahoo!
2007-12-11 05:13 --------- d-----w C:\Program Files\Canon
.
[code]
----a-w 15,360 2008-01-22 10:41:06 C:\WINDOWS\system32\ctfmon .exe
[/code]
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2006-03-15 22:00 15360]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:55 5674352]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-08-18 10:00 7585792]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2006-08-18 10:00 86016]
"nwiz"="nwiz.exe" [2006-08-18 10:00 1617920 C:\WINDOWS\system32\nwiz.exe]
"MsmqIntCert"="regsvr32 /s mqrt.dll" []
"High Definition Audio Property Page Shortcut"="CHDAudPropShortcut.exe" [2006-06-02 02:02 61952 C:\WINDOWS\system32\CHDAudPropShortcut.exe]
"QlbCtrl"="C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2006-06-19 10:33 163840]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 11:25 6731312]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2006-03-15 22:00 15360]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
BTTray.lnk - C:\Program Files\WIDCOMM\Bluetooth-ohjelmisto\BTTray.exe [2006-05-12 13:33:22 581693]
GlobeTrotter Connect.lnk - C:\Program Files\Option\GlobeTrotter Connect\GlobeTrotter Connect.exe [2007-05-19 17:19:44 729088]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\mljijif]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 C:\WINDOWS\system32\pmkhf
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
*Newly Created Service* - MDMXSDK
.
Contents of the 'Scheduled Tasks' folder
"2008-01-29 11:26:06 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-30 07:03:51
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\WIDCOMM\Bluetooth-ohjelmisto\BTTray.exe
C:\Program Files\Option\GlobeTrotter Connect\GlobeTrotter Connect.exe
C:\WINDOWS\system32\cscript.exe
C:\WINDOWS\system32\msdtc.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\WIDCOMM\Bluetooth-ohjelmisto\bin\btwdins.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\GtFlashSwitch\GtFlashSwitch.exe
C:\WINDOWS\eHome\ehRec.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
.
**************************************************************************
.
Completion time: 2008-01-30 7:05:26 - machine was rebooted
ComboFix-quarantined-files.txt 2008-01-30 05:05:16
ComboFix2.txt 2008-01-28 22:16:52
.
2008-01-09 01:01:48 --- E O F ---Mutta vielä jotain on jotain jäljellä...
Poista entinen combofix.exe työpöydältä, ja hae täältä uusi:
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
Tallenna se työpöydälle, mutta älä aja sitä.
Avaa sitten muistio ja kopioi/liitä alla oleva *****tähtien välinen teksti***** sinne:
*****
RenV::
C:\WINDOWS\system32\ctfmon .exe
registry::
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\ Lsa]
"Authentication Packages"=hex(7):6d,73,76,31,5f,30,00,00
*****
Tallenna nimellä CFScript
(itse asiassa combofix tunnistaa tuon vaikka tiedostopääte ei olisi edes .txt).
Sitten raahaa CFScript ComboFix.exeen kuten alla:
http://img.photobucket.com/albums/v666/sUBs/CFScript.gif
(tartu tekstitiedostoon hiiren vasemmalla, ja raahaa tiedosto punaisen ruksi päälle ja tiputa)
Käynnistä nyt kone uudelleen (ellei ohjelma käynnistä sitä), ja lähetä combofix.txt-tiedoston sisältö tänne uuden hijack login kanssa. - aatu
axa.doe kirjoitti:
Mutta vielä jotain on jotain jäljellä...
Poista entinen combofix.exe työpöydältä, ja hae täältä uusi:
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
Tallenna se työpöydälle, mutta älä aja sitä.
Avaa sitten muistio ja kopioi/liitä alla oleva *****tähtien välinen teksti***** sinne:
*****
RenV::
C:\WINDOWS\system32\ctfmon .exe
registry::
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\ Lsa]
"Authentication Packages"=hex(7):6d,73,76,31,5f,30,00,00
*****
Tallenna nimellä CFScript
(itse asiassa combofix tunnistaa tuon vaikka tiedostopääte ei olisi edes .txt).
Sitten raahaa CFScript ComboFix.exeen kuten alla:
http://img.photobucket.com/albums/v666/sUBs/CFScript.gif
(tartu tekstitiedostoon hiiren vasemmalla, ja raahaa tiedosto punaisen ruksi päälle ja tiputa)
Käynnistä nyt kone uudelleen (ellei ohjelma käynnistä sitä), ja lähetä combofix.txt-tiedoston sisältö tänne uuden hijack login kanssa.tässä viellä värkkäilen yövuoron jälkeen väsyksissä :)
Mutta tässäpäs olis lisää raportteja:
ComboFix 08-01-31.3 - Administrator 2008-01-31 8:02:04.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1580 [GMT 2:00]
Running from: C:\Documents and Settings\Administrator\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Administrator\Desktop\CFScript.txt
* Created a new restore point
[color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color]
.
((((((((((((((((((((((((( Files Created from 2007-12-28 to 2008-01-31 )))))))))))))))))))))))))))))))
.
2008-01-29 13:26 . 2008-01-29 13:26 d-------- C:\Documents and Settings\All Users\Application Data\Apple
2008-01-27 00:13 . 2008-01-27 00:13 552 --a------ C:\WINDOWS\system32\d3d8caps.dat
2008-01-26 23:39 . 2008-01-26 23:39 d-------- C:\Program Files\CCleaner
2008-01-25 23:29 . 2008-01-25 23:29 d-------- C:\Program Files\MSN Messenger
2008-01-25 23:09 . 2008-01-25 23:09 d-------- C:\WINDOWS\D45EC2594A194656B588C2C360DD18EA.TMP
2008-01-25 21:52 . 2008-01-25 21:52 d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-01-25 21:52 . 2008-01-25 21:52 d-------- C:\Documents and Settings\Administrator\Application Data\Grisoft
2008-01-25 21:52 . 2007-05-30 14:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2008-01-25 20:39 . 2008-01-25 20:39 d-------- C:\WINDOWS\ERUNT
2008-01-25 20:23 . 2008-01-25 20:58 d-------- C:\WINDOWS\system32\ZoneLabs
2008-01-25 20:23 . 2008-01-25 20:23 d-------- C:\Documents and Settings\All Users\Application Data\MailFrontier
2008-01-25 20:23 . 2004-04-27 04:40 11,264 --a------ C:\WINDOWS\system32\SpOrder.dll
2008-01-25 20:23 . 2008-01-25 20:24 4,212 ---h----- C:\WINDOWS\system32\zllictbl.dat
2008-01-25 20:22 . 2008-01-25 20:58 d-------- C:\WINDOWS\Internet Logs
2008-01-23 07:08 . 2008-01-23 07:08 8 --a------ C:\WINDOWS\system32\6e9963f7
2008-01-21 14:57 . 2008-01-22 12:41 15,360 --a------ C:\WINDOWS\system32\ctfmon .exe
2008-01-21 14:18 . 2008-01-21 14:18 d-------- C:\Program Files\Trend Micro
2008-01-21 13:58 . 2008-01-21 13:58 d-------- C:\Documents and Settings\All Users\Application Data\Prevx
2008-01-21 13:58 . 2008-01-21 14:12 d-------- C:\Documents and Settings\Administrator\Application Data\PrevxCSI
2008-01-19 21:02 . 2008-01-19 21:02 d-------- C:\Program Files\Avira
2008-01-19 21:02 . 2008-01-19 21:02 d-------- C:\Documents and Settings\All Users\Application Data\Avira
2008-01-11 07:06 . 2008-01-11 07:06 d-------- C:\Documents and Settings\Administrator\Application Data\SystemRequirementsLab
2008-01-11 06:34 . 2008-01-11 06:34 d-------- C:\Program Files\Valve
2008-01-06 18:23 . 2008-01-06 18:23 d-------- C:\Program Files\Option
2008-01-06 18:23 . 2008-01-06 18:23 d-------- C:\Program Files\Common Files\GtFlashSwitch
2008-01-06 16:24 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
2008-01-06 16:24 . 2007-07-30 19:19 207,736 --a------ C:\WINDOWS\system32\muweb.dll
2007-12-31 07:59 . 2008-01-06 17:36 d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2
2007-12-31 06:40 . 2007-07-30 19:19 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui
2007-12-31 06:39 . 2008-01-06 16:04 d-------- C:\Program Files\Option(3)
2007-12-31 06:39 . 2008-01-06 16:04 d-------- C:\Program Files\Common Files\GtFlashSwitch(3)
2007-12-31 06:24 . 2007-12-31 06:24 d-------- C:\Program Files\Nokia Maploader
2007-12-31 06:24 . 2007-12-31 06:24 d-------- C:\Program Files\Common Files\Nokia
2007-12-31 06:24 . 2007-12-31 06:24 d-------- C:\Program Files\ArcSoft
2007-12-30 17:46 . 2007-12-31 06:23 d----c--- C:\Program Files\Common Files\WindowsLiveInstaller
2007-12-30 17:45 . 2008-01-25 22:49 d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller
2007-12-30 00:24 . 2008-01-24 03:29 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2007-12-30 00:24 . 2007-12-30 00:24 1,409 --a------ C:\WINDOWS\QTFont.for
2007-12-28 22:43 . 2007-12-31 06:24 d-------- C:\Program Files\Option(2)
2007-12-28 22:43 . 2007-12-31 06:24 d-------- C:\Program Files\Common Files\GtFlashSwitch(2)
2007-12-28 22:31 . 2007-12-28 22:31 244 --ah----- C:\sqmnoopt19.sqm
2007-12-28 22:31 . 2007-12-28 22:31 232 --ah----- C:\sqmdata19.sqm
2007-12-28 11:23 . 2007-12-28 11:23 244 --ah----- C:\sqmnoopt18.sqm
2007-12-28 11:23 . 2007-12-28 11:23 232 --ah----- C:\sqmdata18.sqm
2007-12-28 02:39 . 2007-12-28 02:39 244 --ah----- C:\sqmnoopt17.sqm
2007-12-28 02:39 . 2007-12-28 02:39 232 --ah----- C:\sqmdata17.sqm
2007-12-27 15:51 . 2007-12-27 15:51 244 --ah----- C:\sqmnoopt16.sqm
2007-12-27 15:51 . 2007-12-27 15:51 232 --ah----- C:\sqmdata16.sqm
2007-12-26 21:27 . 2007-12-26 21:27 244 --ah----- C:\sqmnoopt15.sqm
2007-12-26 21:27 . 2007-12-26 21:27 232 --ah----- C:\sqmdata15.sqm
2007-12-25 22:39 . 2007-12-25 22:39 244 --ah----- C:\sqmnoopt14.sqm
2007-12-25 22:39 . 2007-12-25 22:39 232 --ah----- C:\sqmdata14.sqm
2007-12-07 23:02 . 2007-12-07 23:02 244 --ah----- C:\sqmnoopt13.sqm
2007-12-07 23:02 . 2007-12-07 23:02 232 --ah----- C:\sqmdata13.sqm
2007-12-07 21:49 . 2007-10-30 19:55 625,032 --a------ C:\WINDOWS\system32\SymNeti.dll
2007-12-07 21:49 . 2007-10-30 19:55 242,056 --a------ C:\WINDOWS\system32\SymRedir.dll
2007-12-03 11:38 . 2007-12-03 11:38 244 --ah----- C:\sqmnoopt12.sqm
2007-12-03 11:38 . 2007-12-03 11:38 232 --ah----- C:\sqmdata12.sqm
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-29 11:26 --------- d-----w C:\Program Files\Apple Software Update
2008-01-26 21:41 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-01-21 13:04 --------- d-----w C:\Program Files\TuneUp Utilities 2007
2008-01-21 12:10 --------- d-----w C:\Program Files\Google
2008-01-20 12:32 --------- d-----w C:\Documents and Settings\Administrator\Application Data\ICQ
2008-01-20 12:31 --------- d-----w C:\Program Files\ICQToolbar
2008-01-20 04:52 --------- d-----w C:\Program Files\SmitfraudFix
2008-01-20 04:51 --------- d-----w C:\Program Files\QuickTime
2008-01-19 19:08 --------- d-----w C:\Documents and Settings\Administrator\Application Data\Skype
2007-12-31 04:24 --------- d-----w C:\Program Files\Opera
2007-12-31 04:24 --------- d-----w C:\Program Files\Microsoft Works
2007-12-31 04:24 --------- d-----w C:\Documents and Settings\All Users\Application Data\Yahoo!
2007-12-31 04:24 --------- d-----w C:\Documents and Settings\Administrator\Application Data\Yahoo!
2007-12-11 05:13 --------- d-----w C:\Program Files\Canon
.
[code]
----a-w 15,360 2008-01-22 10:41:06 C:\WINDOWS\system32\ctfmon .exe
[/code]
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2006-03-15 22:00 15360]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:55 5674352]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-08-18 10:00 7585792]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2006-08-18 10:00 86016]
"nwiz"="nwiz.exe" [2006-08-18 10:00 1617920 C:\WINDOWS\system32\nwiz.exe]
"MsmqIntCert"="regsvr32 /s mqrt.dll" []
"High Definition Audio Property Page Shortcut"="CHDAudPropShortcut.exe" [2006-06-02 02:02 61952 C:\WINDOWS\system32\CHDAudPropShortcut.exe]
"QlbCtrl"="C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2006-06-19 10:33 163840]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 11:25 6731312]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2006-03-15 22:00 15360]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
BTTray.lnk - C:\Program Files\WIDCOMM\Bluetooth-ohjelmisto\BTTray.exe [2006-05-12 13:33:22 581693]
GlobeTrotter Connect.lnk - C:\Program Files\Option\GlobeTrotter Connect\GlobeTrotter Connect.exe [2007-05-19 17:19:44 729088]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\mljijif]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
*Newly Created Service* - MDMXSDK
.
Contents of the 'Scheduled Tasks' folder
"2008-01-29 11:26:06 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-31 08:05:24
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\WIDCOMM\Bluetooth-ohjelmisto\BTTray.exe
C:\Program Files\Option\GlobeTrotter Connect\GlobeTrotter Connect.exe
C:\WINDOWS\system32\cscript.exe
.
**************************************************************************
.
Completion time: 2008-01-31 8:06:43 - machine was rebooted
ComboFix-quarantined-files.txt 2008-01-31 06:06:38
ComboFix2.txt 2008-01-28 22:16:52
.
2008-01-09 01:01:48 --- E O F ---
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:12:38, on 31.1.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\WIDCOMM\Bluetooth-ohjelmisto\BTTray.exe
C:\Program Files\Option\GlobeTrotter Connect\GlobeTrotter Connect.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\WIDCOMM\Bluetooth-ohjelmisto\bin\btwdins.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\GtFlashSwitch\GtFlashSwitch.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\mqsvc.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\WINDOWS\system32\mqtgsvc.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wuauclt.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /nodetect
O4 - HKLM\..\Run: [MsmqIntCert] regsvr32 /s mqrt.dll
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] CHDAudPropShortcut.exe
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Paikallinen palve')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Verkkopalve')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: GlobeTrotter Connect.lnk = C:\Program Files\Option\GlobeTrotter Connect\GlobeTrotter Connect.exe
O8 - Extra context menu item: Download all links using BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: Download all videos using BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: Download link using &BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\WINDOWS\system32\shdocvw.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by115fd.bay115.hotmail.msn.com/resources/MsnPUpld.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: mljijif - C:\WINDOWS\
O23 - Service: AddFiltr - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth-ohjelmisto\bin\btwdins.exe
O23 - Service: GtFlashSwitch - OptionNV - C:\Program Files\Common Files\GtFlashSwitch\GtFlashSwitch.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - c:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod-palvelu (iPod Service) - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing)
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
--
End of file - 6549 bytes - axa.doe
aatu kirjoitti:
tässä viellä värkkäilen yövuoron jälkeen väsyksissä :)
Mutta tässäpäs olis lisää raportteja:
ComboFix 08-01-31.3 - Administrator 2008-01-31 8:02:04.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1580 [GMT 2:00]
Running from: C:\Documents and Settings\Administrator\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Administrator\Desktop\CFScript.txt
* Created a new restore point
[color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color]
.
((((((((((((((((((((((((( Files Created from 2007-12-28 to 2008-01-31 )))))))))))))))))))))))))))))))
.
2008-01-29 13:26 . 2008-01-29 13:26 d-------- C:\Documents and Settings\All Users\Application Data\Apple
2008-01-27 00:13 . 2008-01-27 00:13 552 --a------ C:\WINDOWS\system32\d3d8caps.dat
2008-01-26 23:39 . 2008-01-26 23:39 d-------- C:\Program Files\CCleaner
2008-01-25 23:29 . 2008-01-25 23:29 d-------- C:\Program Files\MSN Messenger
2008-01-25 23:09 . 2008-01-25 23:09 d-------- C:\WINDOWS\D45EC2594A194656B588C2C360DD18EA.TMP
2008-01-25 21:52 . 2008-01-25 21:52 d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-01-25 21:52 . 2008-01-25 21:52 d-------- C:\Documents and Settings\Administrator\Application Data\Grisoft
2008-01-25 21:52 . 2007-05-30 14:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2008-01-25 20:39 . 2008-01-25 20:39 d-------- C:\WINDOWS\ERUNT
2008-01-25 20:23 . 2008-01-25 20:58 d-------- C:\WINDOWS\system32\ZoneLabs
2008-01-25 20:23 . 2008-01-25 20:23 d-------- C:\Documents and Settings\All Users\Application Data\MailFrontier
2008-01-25 20:23 . 2004-04-27 04:40 11,264 --a------ C:\WINDOWS\system32\SpOrder.dll
2008-01-25 20:23 . 2008-01-25 20:24 4,212 ---h----- C:\WINDOWS\system32\zllictbl.dat
2008-01-25 20:22 . 2008-01-25 20:58 d-------- C:\WINDOWS\Internet Logs
2008-01-23 07:08 . 2008-01-23 07:08 8 --a------ C:\WINDOWS\system32\6e9963f7
2008-01-21 14:57 . 2008-01-22 12:41 15,360 --a------ C:\WINDOWS\system32\ctfmon .exe
2008-01-21 14:18 . 2008-01-21 14:18 d-------- C:\Program Files\Trend Micro
2008-01-21 13:58 . 2008-01-21 13:58 d-------- C:\Documents and Settings\All Users\Application Data\Prevx
2008-01-21 13:58 . 2008-01-21 14:12 d-------- C:\Documents and Settings\Administrator\Application Data\PrevxCSI
2008-01-19 21:02 . 2008-01-19 21:02 d-------- C:\Program Files\Avira
2008-01-19 21:02 . 2008-01-19 21:02 d-------- C:\Documents and Settings\All Users\Application Data\Avira
2008-01-11 07:06 . 2008-01-11 07:06 d-------- C:\Documents and Settings\Administrator\Application Data\SystemRequirementsLab
2008-01-11 06:34 . 2008-01-11 06:34 d-------- C:\Program Files\Valve
2008-01-06 18:23 . 2008-01-06 18:23 d-------- C:\Program Files\Option
2008-01-06 18:23 . 2008-01-06 18:23 d-------- C:\Program Files\Common Files\GtFlashSwitch
2008-01-06 16:24 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
2008-01-06 16:24 . 2007-07-30 19:19 207,736 --a------ C:\WINDOWS\system32\muweb.dll
2007-12-31 07:59 . 2008-01-06 17:36 d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2
2007-12-31 06:40 . 2007-07-30 19:19 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui
2007-12-31 06:39 . 2008-01-06 16:04 d-------- C:\Program Files\Option(3)
2007-12-31 06:39 . 2008-01-06 16:04 d-------- C:\Program Files\Common Files\GtFlashSwitch(3)
2007-12-31 06:24 . 2007-12-31 06:24 d-------- C:\Program Files\Nokia Maploader
2007-12-31 06:24 . 2007-12-31 06:24 d-------- C:\Program Files\Common Files\Nokia
2007-12-31 06:24 . 2007-12-31 06:24 d-------- C:\Program Files\ArcSoft
2007-12-30 17:46 . 2007-12-31 06:23 d----c--- C:\Program Files\Common Files\WindowsLiveInstaller
2007-12-30 17:45 . 2008-01-25 22:49 d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller
2007-12-30 00:24 . 2008-01-24 03:29 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2007-12-30 00:24 . 2007-12-30 00:24 1,409 --a------ C:\WINDOWS\QTFont.for
2007-12-28 22:43 . 2007-12-31 06:24 d-------- C:\Program Files\Option(2)
2007-12-28 22:43 . 2007-12-31 06:24 d-------- C:\Program Files\Common Files\GtFlashSwitch(2)
2007-12-28 22:31 . 2007-12-28 22:31 244 --ah----- C:\sqmnoopt19.sqm
2007-12-28 22:31 . 2007-12-28 22:31 232 --ah----- C:\sqmdata19.sqm
2007-12-28 11:23 . 2007-12-28 11:23 244 --ah----- C:\sqmnoopt18.sqm
2007-12-28 11:23 . 2007-12-28 11:23 232 --ah----- C:\sqmdata18.sqm
2007-12-28 02:39 . 2007-12-28 02:39 244 --ah----- C:\sqmnoopt17.sqm
2007-12-28 02:39 . 2007-12-28 02:39 232 --ah----- C:\sqmdata17.sqm
2007-12-27 15:51 . 2007-12-27 15:51 244 --ah----- C:\sqmnoopt16.sqm
2007-12-27 15:51 . 2007-12-27 15:51 232 --ah----- C:\sqmdata16.sqm
2007-12-26 21:27 . 2007-12-26 21:27 244 --ah----- C:\sqmnoopt15.sqm
2007-12-26 21:27 . 2007-12-26 21:27 232 --ah----- C:\sqmdata15.sqm
2007-12-25 22:39 . 2007-12-25 22:39 244 --ah----- C:\sqmnoopt14.sqm
2007-12-25 22:39 . 2007-12-25 22:39 232 --ah----- C:\sqmdata14.sqm
2007-12-07 23:02 . 2007-12-07 23:02 244 --ah----- C:\sqmnoopt13.sqm
2007-12-07 23:02 . 2007-12-07 23:02 232 --ah----- C:\sqmdata13.sqm
2007-12-07 21:49 . 2007-10-30 19:55 625,032 --a------ C:\WINDOWS\system32\SymNeti.dll
2007-12-07 21:49 . 2007-10-30 19:55 242,056 --a------ C:\WINDOWS\system32\SymRedir.dll
2007-12-03 11:38 . 2007-12-03 11:38 244 --ah----- C:\sqmnoopt12.sqm
2007-12-03 11:38 . 2007-12-03 11:38 232 --ah----- C:\sqmdata12.sqm
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-29 11:26 --------- d-----w C:\Program Files\Apple Software Update
2008-01-26 21:41 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-01-21 13:04 --------- d-----w C:\Program Files\TuneUp Utilities 2007
2008-01-21 12:10 --------- d-----w C:\Program Files\Google
2008-01-20 12:32 --------- d-----w C:\Documents and Settings\Administrator\Application Data\ICQ
2008-01-20 12:31 --------- d-----w C:\Program Files\ICQToolbar
2008-01-20 04:52 --------- d-----w C:\Program Files\SmitfraudFix
2008-01-20 04:51 --------- d-----w C:\Program Files\QuickTime
2008-01-19 19:08 --------- d-----w C:\Documents and Settings\Administrator\Application Data\Skype
2007-12-31 04:24 --------- d-----w C:\Program Files\Opera
2007-12-31 04:24 --------- d-----w C:\Program Files\Microsoft Works
2007-12-31 04:24 --------- d-----w C:\Documents and Settings\All Users\Application Data\Yahoo!
2007-12-31 04:24 --------- d-----w C:\Documents and Settings\Administrator\Application Data\Yahoo!
2007-12-11 05:13 --------- d-----w C:\Program Files\Canon
.
[code]
----a-w 15,360 2008-01-22 10:41:06 C:\WINDOWS\system32\ctfmon .exe
[/code]
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2006-03-15 22:00 15360]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:55 5674352]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-08-18 10:00 7585792]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2006-08-18 10:00 86016]
"nwiz"="nwiz.exe" [2006-08-18 10:00 1617920 C:\WINDOWS\system32\nwiz.exe]
"MsmqIntCert"="regsvr32 /s mqrt.dll" []
"High Definition Audio Property Page Shortcut"="CHDAudPropShortcut.exe" [2006-06-02 02:02 61952 C:\WINDOWS\system32\CHDAudPropShortcut.exe]
"QlbCtrl"="C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2006-06-19 10:33 163840]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 11:25 6731312]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2006-03-15 22:00 15360]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
BTTray.lnk - C:\Program Files\WIDCOMM\Bluetooth-ohjelmisto\BTTray.exe [2006-05-12 13:33:22 581693]
GlobeTrotter Connect.lnk - C:\Program Files\Option\GlobeTrotter Connect\GlobeTrotter Connect.exe [2007-05-19 17:19:44 729088]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\mljijif]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
*Newly Created Service* - MDMXSDK
.
Contents of the 'Scheduled Tasks' folder
"2008-01-29 11:26:06 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-31 08:05:24
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\WIDCOMM\Bluetooth-ohjelmisto\BTTray.exe
C:\Program Files\Option\GlobeTrotter Connect\GlobeTrotter Connect.exe
C:\WINDOWS\system32\cscript.exe
.
**************************************************************************
.
Completion time: 2008-01-31 8:06:43 - machine was rebooted
ComboFix-quarantined-files.txt 2008-01-31 06:06:38
ComboFix2.txt 2008-01-28 22:16:52
.
2008-01-09 01:01:48 --- E O F ---
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:12:38, on 31.1.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\WIDCOMM\Bluetooth-ohjelmisto\BTTray.exe
C:\Program Files\Option\GlobeTrotter Connect\GlobeTrotter Connect.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\WIDCOMM\Bluetooth-ohjelmisto\bin\btwdins.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\GtFlashSwitch\GtFlashSwitch.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\mqsvc.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\WINDOWS\system32\mqtgsvc.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wuauclt.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /nodetect
O4 - HKLM\..\Run: [MsmqIntCert] regsvr32 /s mqrt.dll
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] CHDAudPropShortcut.exe
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Paikallinen palve')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Verkkopalve')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: GlobeTrotter Connect.lnk = C:\Program Files\Option\GlobeTrotter Connect\GlobeTrotter Connect.exe
O8 - Extra context menu item: Download all links using BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: Download all videos using BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: Download link using &BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\WINDOWS\system32\shdocvw.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by115fd.bay115.hotmail.msn.com/resources/MsnPUpld.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: mljijif - C:\WINDOWS\
O23 - Service: AddFiltr - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth-ohjelmisto\bin\btwdins.exe
O23 - Service: GtFlashSwitch - OptionNV - C:\Program Files\Common Files\GtFlashSwitch\GtFlashSwitch.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - c:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod-palvelu (iPod Service) - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing)
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
--
End of file - 6549 bytesPäiväkoulu päättyi, ja iltavuoro alkaa xD
Combon CFScriptin ajo ei onnistunut :(
Avaa ensin AVG, klikkaa "Shield" kuvaketta ikkunan ylälaidassa
"Resident shield is", muuta tila active:sta inactive:ksi
Sulje ohjelma
Tai, sulje se alapalkin kuvakkeen kautta.
Tee nyt uusi skannaus hjt:llä, klikkaa "Do a system scan only"
merkkaa rivi
O20 - Winlogon Notify: mljijif - C:\WINDOWS\
sulje selain, ja kaikki muut avoimet ikkunat, paitsi ei hjt:tä
ja klikkaa "Fix Checked"
***
Hae uusin Combofix tuolta, paitsi jos tämänpäivänen on vielä työpöydällä :)
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
(Tallenna se työpöydälle, mutta älä aja sitä)
Avaa sitten muistio ja kopioi/liitä alla oleva *****tähtien välinen teksti***** sinne:
*****
File::
C:\WINDOWS\system32\SymNeti.dll
C:\WINDOWS\system32\SymRedir.dll
Folder::
C:\Program Files\SmitfraudFix
C:\WINDOWS\system32\ctfmon .exe
Registry::
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\mljijif]
*****
Tallenna nimellä: CFScript - aatu
axa.doe kirjoitti:
Päiväkoulu päättyi, ja iltavuoro alkaa xD
Combon CFScriptin ajo ei onnistunut :(
Avaa ensin AVG, klikkaa "Shield" kuvaketta ikkunan ylälaidassa
"Resident shield is", muuta tila active:sta inactive:ksi
Sulje ohjelma
Tai, sulje se alapalkin kuvakkeen kautta.
Tee nyt uusi skannaus hjt:llä, klikkaa "Do a system scan only"
merkkaa rivi
O20 - Winlogon Notify: mljijif - C:\WINDOWS\
sulje selain, ja kaikki muut avoimet ikkunat, paitsi ei hjt:tä
ja klikkaa "Fix Checked"
***
Hae uusin Combofix tuolta, paitsi jos tämänpäivänen on vielä työpöydällä :)
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
(Tallenna se työpöydälle, mutta älä aja sitä)
Avaa sitten muistio ja kopioi/liitä alla oleva *****tähtien välinen teksti***** sinne:
*****
File::
C:\WINDOWS\system32\SymNeti.dll
C:\WINDOWS\system32\SymRedir.dll
Folder::
C:\Program Files\SmitfraudFix
C:\WINDOWS\system32\ctfmon .exe
Registry::
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\mljijif]
*****
Tallenna nimellä: CFScriptmorjesta vaan :)
Tuossa AVG: skannauksessa alussa avautui ikkuna (swreg.cfexe - sovellusvirhe
käsky osoitteessa "0x7c911e0" viittasi muistiinosoitteessa "0x0020006b" muisti ei voi olla "read".)
klikkasin ok jonka jälkeen kuului 2 piippausta ja senjälkeen avautui ikkuna
(disclaimer of warranty on software)
klikkasin ok ja AVG ajoi ohjelman läpi... käynnistin itse koneen uudelleen...
raportteja tuli:
ComboFix 08-01-31.3 - Administrator 2008-01-31 22:11:59.4 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1580 [GMT 2:00]
Running from: C:\Documents and Settings\Administrator\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Administrator\Desktop\CFScript.txt
* Created a new restore point
[color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color]
FILE
C:\WINDOWS\system32\SymNeti.dll
C:\WINDOWS\system32\SymRedir.dll
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Program Files\SmitfraudFix
C:\Program Files\SmitfraudFix\dumphive.exe
C:\Program Files\SmitfraudFix\GenericRenosFix.exe
C:\Program Files\SmitfraudFix\Process.exe
C:\Program Files\SmitfraudFix\Reboot.exe
C:\Program Files\SmitfraudFix\restart.exe
C:\Program Files\SmitfraudFix\SmitfraudFix.cmd
C:\Program Files\SmitfraudFix\SrchSTS.exe
C:\Program Files\SmitfraudFix\swreg.exe
C:\Program Files\SmitfraudFix\swsc.exe
C:\Program Files\SmitfraudFix\swxcacls.exe
C:\Program Files\SmitfraudFix\unzip.exe
C:\WINDOWS\system32\ctfmon .exe\
C:\WINDOWS\system32\SymNeti.dll
C:\WINDOWS\system32\SymRedir.dll
.
((((((((((((((((((((((((( Files Created from 2007-12-28 to 2008-01-31 )))))))))))))))))))))))))))))))
.
2008-01-29 13:26 . 2008-01-29 13:26 d-------- C:\Documents and Settings\All Users\Application Data\Apple
2008-01-27 00:13 . 2008-01-27 00:13 552 --a------ C:\WINDOWS\system32\d3d8caps.dat
2008-01-26 23:39 . 2008-01-26 23:39 d-------- C:\Program Files\CCleaner
2008-01-25 23:29 . 2008-01-25 23:29 d-------- C:\Program Files\MSN Messenger
2008-01-25 23:09 . 2008-01-25 23:09 d-------- C:\WINDOWS\D45EC2594A194656B588C2C360DD18EA.TMP
2008-01-25 21:52 . 2008-01-25 21:52 d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-01-25 21:52 . 2008-01-25 21:52 d-------- C:\Documents and Settings\Administrator\Application Data\Grisoft
2008-01-25 21:52 . 2007-05-30 14:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2008-01-25 20:39 . 2008-01-25 20:39 d-------- C:\WINDOWS\ERUNT
2008-01-25 20:23 . 2008-01-25 20:58 d-------- C:\WINDOWS\system32\ZoneLabs
2008-01-25 20:23 . 2008-01-25 20:23 d-------- C:\Documents and Settings\All Users\Application Data\MailFrontier
2008-01-25 20:23 . 2004-04-27 04:40 11,264 --a------ C:\WINDOWS\system32\SpOrder.dll
2008-01-25 20:23 . 2008-01-25 20:24 4,212 ---h----- C:\WINDOWS\system32\zllictbl.dat
2008-01-25 20:22 . 2008-01-25 20:58 d-------- C:\WINDOWS\Internet Logs
2008-01-23 07:08 . 2008-01-23 07:08 8 --a------ C:\WINDOWS\system32\6e9963f7
2008-01-21 14:57 . 2008-01-22 12:41 15,360 --a------ C:\WINDOWS\system32\ctfmon .exe
2008-01-21 14:18 . 2008-01-21 14:18 d-------- C:\Program Files\Trend Micro
2008-01-21 13:58 . 2008-01-21 13:58 d-------- C:\Documents and Settings\All Users\Application Data\Prevx
2008-01-21 13:58 . 2008-01-21 14:12 d-------- C:\Documents and Settings\Administrator\Application Data\PrevxCSI
2008-01-19 21:02 . 2008-01-19 21:02 d-------- C:\Program Files\Avira
2008-01-19 21:02 . 2008-01-19 21:02 d-------- C:\Documents and Settings\All Users\Application Data\Avira
2008-01-11 07:06 . 2008-01-11 07:06 d-------- C:\Documents and Settings\Administrator\Application Data\SystemRequirementsLab
2008-01-11 06:34 . 2008-01-11 06:34 d-------- C:\Program Files\Valve
2008-01-06 18:23 . 2008-01-06 18:23 d-------- C:\Program Files\Option
2008-01-06 18:23 . 2008-01-06 18:23 d-------- C:\Program Files\Common Files\GtFlashSwitch
2008-01-06 16:24 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
2008-01-06 16:24 . 2007-07-30 19:19 207,736 --a------ C:\WINDOWS\system32\muweb.dll
2007-12-31 07:59 . 2008-01-06 17:36 d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2
2007-12-31 06:40 . 2007-07-30 19:19 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui
2007-12-31 06:39 . 2008-01-06 16:04 d-------- C:\Program Files\Option(3)
2007-12-31 06:39 . 2008-01-06 16:04 d-------- C:\Program Files\Common Files\GtFlashSwitch(3)
2007-12-31 06:24 . 2007-12-31 06:24 d-------- C:\Program Files\Nokia Maploader
2007-12-31 06:24 . 2007-12-31 06:24 d-------- C:\Program Files\Common Files\Nokia
2007-12-31 06:24 . 2007-12-31 06:24 d-------- C:\Program Files\ArcSoft
2007-12-30 17:46 . 2007-12-31 06:23 d----c--- C:\Program Files\Common Files\WindowsLiveInstaller
2007-12-30 17:45 . 2008-01-25 22:49 d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller
2007-12-30 00:24 . 2008-01-24 03:29 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2007-12-30 00:24 . 2007-12-30 00:24 1,409 --a------ C:\WINDOWS\QTFont.for
2007-12-28 22:43 . 2007-12-31 06:24 d-------- C:\Program Files\Option(2)
2007-12-28 22:43 . 2007-12-31 06:24 d-------- C:\Program Files\Common Files\GtFlashSwitch(2)
2007-12-28 22:31 . 2007-12-28 22:31 244 --ah----- C:\sqmnoopt19.sqm
2007-12-28 22:31 . 2007-12-28 22:31 232 --ah----- C:\sqmdata19.sqm
2007-12-28 11:23 . 2007-12-28 11:23 244 --ah----- C:\sqmnoopt18.sqm
2007-12-28 11:23 . 2007-12-28 11:23 232 --ah----- C:\sqmdata18.sqm
2007-12-28 02:39 . 2007-12-28 02:39 244 --ah----- C:\sqmnoopt17.sqm
2007-12-28 02:39 . 2007-12-28 02:39 232 --ah----- C:\sqmdata17.sqm
2007-12-27 15:51 . 2007-12-27 15:51 244 --ah----- C:\sqmnoopt16.sqm
2007-12-27 15:51 . 2007-12-27 15:51 232 --ah----- C:\sqmdata16.sqm
2007-12-26 21:27 . 2007-12-26 21:27 244 --ah----- C:\sqmnoopt15.sqm
2007-12-26 21:27 . 2007-12-26 21:27 232 --ah----- C:\sqmdata15.sqm
2007-12-25 22:39 . 2007-12-25 22:39 244 --ah----- C:\sqmnoopt14.sqm
2007-12-25 22:39 . 2007-12-25 22:39 232 --ah----- C:\sqmdata14.sqm
2007-12-07 23:02 . 2007-12-07 23:02 244 --ah----- C:\sqmnoopt13.sqm
2007-12-07 23:02 . 2007-12-07 23:02 232 --ah----- C:\sqmdata13.sqm
2007-12-03 11:38 . 2007-12-03 11:38 244 --ah----- C:\sqmnoopt12.sqm
2007-12-03 11:38 . 2007-12-03 11:38 232 --ah----- C:\sqmdata12.sqm
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-29 11:26 --------- d-----w C:\Program Files\Apple Software Update
2008-01-26 21:41 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-01-21 13:04 --------- d-----w C:\Program Files\TuneUp Utilities 2007
2008-01-21 12:10 --------- d-----w C:\Program Files\Google
2008-01-20 12:32 --------- d-----w C:\Documents and Settings\Administrator\Application Data\ICQ
2008-01-20 12:31 --------- d-----w C:\Program Files\ICQToolbar
2008-01-20 04:51 --------- d-----w C:\Program Files\QuickTime
2008-01-19 19:08 --------- d-----w C:\Documents and Settings\Administrator\Application Data\Skype
2007-12-31 04:24 --------- d-----w C:\Program Files\Opera
2007-12-31 04:24 --------- d-----w C:\Program Files\Microsoft Works
2007-12-31 04:24 --------- d-----w C:\Documents and Settings\All Users\Application Data\Yahoo!
2007-12-31 04:24 --------- d-----w C:\Documents and Settings\Administrator\Application Data\Yahoo!
2007-12-11 05:13 --------- d-----w C:\Program Files\Canon
2007-11-07 09:26 721,920 ----a-w C:\WINDOWS\system32\lsasrv.dll
2007-11-07 09:26 721,920 ------w C:\WINDOWS\system32\dllcache\lsasrv.dll
2007-10-30 23:42 3,590,656 ----a-w C:\WINDOWS\system32\dllcache\mshtml.dll
2007-10-30 17:20 360,064 ------w C:\WINDOWS\system32\dllcache\tcpip.sys
2007-10-29 22:43 1,287,680 ----a-w C:\WINDOWS\system32\quartz.dll
2007-10-29 22:43 1,287,680 ------w C:\WINDOWS\system32\dllcache\quartz.dll
2007-10-27 15:39 228,864 ----a-w C:\WINDOWS\system32\wmasf.dll
2007-10-27 15:39 228,864 ------w C:\WINDOWS\system32\dllcache\wmasf.dll
2007-10-26 03:34 8,460,288 ----a-w C:\WINDOWS\system32\shell32(2)(2).dll
2007-10-26 03:34 8,460,288 ----a-w C:\WINDOWS\system32\dllcache\shell32.dll
2007-10-11 05:57 474,112 ----a-w C:\WINDOWS\system32\shlwapi(2).dll
2007-10-11 05:57 474,112 ----a-w C:\WINDOWS\system32\shlwapi(2)(2).dll
2007-10-11 05:57 474,112 ------w C:\WINDOWS\system32\dllcache\shlwapi.dll
2007-10-11 05:57 151,040 ------w C:\WINDOWS\system32\dllcache\cdfview.dll
2007-10-11 05:57 1,498,112 ----a-w C:\WINDOWS\system32\shdocvw(2).dll
2007-10-11 05:57 1,498,112 ----a-w C:\WINDOWS\system32\shdocvw(2)(2).dll
2007-10-11 05:57 1,498,112 ------w C:\WINDOWS\system32\dllcache\shdocvw.dll
2007-10-11 05:57 1,054,208 ------w C:\WINDOWS\system32\dllcache\danim.dll
2007-10-11 05:57 1,024,000 ------w C:\WINDOWS\system32\dllcache\browseui.dll
2007-10-10 23:56 824,832 ----a-w C:\WINDOWS\system32\wininet.dll
2007-10-10 23:56 824,832 ----a-w C:\WINDOWS\system32\wininet(2).dll
2007-10-10 23:56 824,832 ----a-w C:\WINDOWS\system32\wininet(2)(2).dll
2007-10-10 23:56 824,832 ----a-w C:\WINDOWS\system32\dllcache\wininet.dll
2007-10-10 23:56 232,960 ------w C:\WINDOWS\system32\dllcache\webcheck.dll
2007-10-10 23:56 1,159,680 ----a-w C:\WINDOWS\system32\urlmon(2).dll
2007-10-10 23:56 1,159,680 ----a-w C:\WINDOWS\system32\urlmon(2)(2).dll
2007-10-10 23:56 1,159,680 ----a-w C:\WINDOWS\system32\dllcache\urlmon.dll
2007-10-10 23:55 671,232 ----a-w C:\WINDOWS\system32\dllcache\mstime.dll
2007-10-10 23:55 63,488 ------w C:\WINDOWS\system32\dllcache\icardie.dll
2007-10-10 23:55 6,065,664 ------w C:\WINDOWS\system32\dllcache\ieframe.dll
2007-10-10 23:55 52,224 ------w C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2007-10-10 23:55 478,208 ----a-w C:\WINDOWS\system32\dllcache\mshtmled.dll
2007-10-10 23:55 459,264 ------w C:\WINDOWS\system32\dllcache\msfeeds.dll
2007-10-10 23:55 44,544 ------w C:\WINDOWS\system32\dllcache\iernonce.dll
2007-10-10 23:55 384,512 ------w C:\WINDOWS\system32\dllcache\iedkcs32.dll
2007-10-10 23:55 383,488 ------w C:\WINDOWS\system32\dllcache\ieapfltr.dll
2007-10-10 23:55 27,648 ----a-w C:\WINDOWS\system32\dllcache\jsproxy.dll
2007-10-10 23:55 267,776 ----a-w C:\WINDOWS\system32\iertutil(2).dll
2007-10-10 23:55 267,776 ----a-w C:\WINDOWS\system32\iertutil(2)(2).dll
2007-10-10 23:55 267,776 ------w C:\WINDOWS\system32\dllcache\iertutil.dll
2007-10-10 23:55 230,400 ------w C:\WINDOWS\system32\dllcache\ieaksie.dll
2007-10-10 23:55 214,528 ----a-w C:\WINDOWS\system32\dllcache\dxtrans.dll
2007-10-10 23:55 193,024 ----a-w C:\WINDOWS\system32\dllcache\msrating.dll
2007-10-10 23:55 153,088 ------w C:\WINDOWS\system32\dllcache\ieakeng.dll
2007-10-10 23:55 132,608 ----a-w C:\WINDOWS\system32\dllcache\extmgr.dll
2007-10-10 23:55 124,928 ----a-w C:\WINDOWS\system32\advpack(4).dll
2007-10-10 23:55 124,928 ----a-w C:\WINDOWS\system32\advpack(2).dll
2007-10-10 23:55 124,928 ------w C:\WINDOWS\system32\dllcache\advpack.dll
2007-10-10 23:55 105,984 ----a-w C:\WINDOWS\system32\url(2).dll
2007-10-10 23:55 105,984 ----a-w C:\WINDOWS\system32\url(2)(2).dll
2007-10-10 23:55 105,984 ------w C:\WINDOWS\system32\dllcache\url.dll
2007-10-10 23:55 102,400 ------w C:\WINDOWS\system32\dllcache\occache.dll
2007-10-10 10:59 70,656 ------w C:\WINDOWS\system32\dllcache\ie4uinit.exe
2007-10-10 10:59 625,152 ------w C:\WINDOWS\system32\dllcache\iexplore.exe
2007-10-10 10:59 13,824 ------w C:\WINDOWS\system32\dllcache\ieudinit.exe
2007-10-10 05:46 161,792 ------w C:\WINDOWS\system32\dllcache\ieakui.dll
2007-10-04 06:31 60,800 ----a-w C:\WINDOWS\system32\S32EVNT1.DLL
2005-09-24 05:49 12,288 ----a-w C:\WINDOWS\Fonts\RandFont.dll
.
[code]
----a-w 15,360 2008-01-22 10:41:06 C:\WINDOWS\system32\ctfmon .exe
[/code]
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2006-03-15 22:00 15360]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:55 5674352]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-08-18 10:00 7585792]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2006-08-18 10:00 86016]
"nwiz"="nwiz.exe" [2006-08-18 10:00 1617920 C:\WINDOWS\system32\nwiz.exe]
"MsmqIntCert"="regsvr32 /s mqrt.dll" []
"High Definition Audio Property Page Shortcut"="CHDAudPropShortcut.exe" [2006-06-02 02:02 61952 C:\WINDOWS\system32\CHDAudPropShortcut.exe]
"QlbCtrl"="C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2006-06-19 10:33 163840]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 11:25 6731312]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2006-03-15 22:00 15360]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
BTTray.lnk - C:\Program Files\WIDCOMM\Bluetooth-ohjelmisto\BTTray.exe [2006-05-12 13:33:22 581693]
GlobeTrotter Connect.lnk - C:\Program Files\Option\GlobeTrotter Connect\GlobeTrotter Connect.exe [2007-05-19 17:19:44 729088]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme
R2 GtFlashSwitch;GtFlashSwitch;"C:\Program Files\Common Files\GtFlashSwitch\GtFlashSwitch.exe" [2007-02-09 14:48]
R2 UxTuneUp;TuneUp Theme Extension;C:\WINDOWS\System32\svchost.exe [2006-03-16 06:00]
R3 GTMNDISIRPXP;GT M 3G IRP NDIS;C:\WINDOWS\system32\DRIVERS\Gtm51Irp.sys [2007-04-14 05:05]
R3 GTPTSER;GT PT SER;C:\WINDOWS\system32\DRIVERS\gtptser.sys [2007-04-14 05:05]
R3 GTUQBUS;GT UQ BUS;C:\WINDOWS\system32\DRIVERS\gtuqbus.sys [2007-04-14 05:06]
R3 nvsmu;nvsmu;C:\WINDOWS\system32\DRIVERS\nvsmu.sys [2006-03-06 01:49]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Contents of the 'Scheduled Tasks' folder
"2008-01-29 11:26:06 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-31 22:13:33
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-01-31 22:13:53
ComboFix-quarantined-files.txt 2008-01-31 20:13:51
ComboFix2.txt 2008-01-31 06:06:43
ComboFix3.txt 2008-01-28 22:16:52
.
2008-01-09 01:01:48 --- E O F ---
jotti:
Scan taken on 31 Jan 2008 20:35:23 (GMT)
A-Squared
Found nothing
AntiVir
Found nothing
ArcaVir
Found nothing
Avast
Found nothing
AVG Antivirus
Found nothing
BitDefender
Found nothing
ClamAV
Found nothing
CPsecure
Found nothing
Dr.Web
Found nothing
F-Prot Antivirus
Found nothing
F-Secure Anti-Virus
Found nothing
Fortinet
Found nothing
Ikarus
Found nothing
Kaspersky Anti-Virus
Found nothing
NOD32
Found nothing
Norman Virus Control
Found nothing
Panda Antivirus
Found nothing
Rising Antivirus
Found nothing
Sophos Antivirus
Found nothing
VirusBuster
Found nothing
VBA32
Found nothing
hijack:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:54:54, on 31.1.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\WIDCOMM\Bluetooth-ohjelmisto\BTTray.exe
C:\Program Files\Option\GlobeTrotter Connect\GlobeTrotter Connect.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\WIDCOMM\Bluetooth-ohjelmisto\bin\btwdins.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\GtFlashSwitch\GtFlashSwitch.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\mqsvc.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\WINDOWS\system32\mqtgsvc.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /nodetect
O4 - HKLM\..\Run: [MsmqIntCert] regsvr32 /s mqrt.dll
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] CHDAudPropShortcut.exe
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Paikallinen palve')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Verkkopalve')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: GlobeTrotter Connect.lnk = C:\Program Files\Option\GlobeTrotter Connect\GlobeTrotter Connect.exe
O8 - Extra context menu item: Download all links using BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: Download all videos using BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: Download link using &BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\WINDOWS\system32\shdocvw.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by115fd.bay115.hotmail.msn.com/resources/MsnPUpld.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: AddFiltr - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth-ohjelmisto\bin\btwdins.exe
O23 - Service: GtFlashSwitch - OptionNV - C:\Program Files\Common Files\GtFlashSwitch\GtFlashSwitch.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - c:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod-palvelu (iPod Service) - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing)
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
--
End of file - 6517 bytes - aatu
axa.doe kirjoitti:
Päiväkoulu päättyi, ja iltavuoro alkaa xD
Combon CFScriptin ajo ei onnistunut :(
Avaa ensin AVG, klikkaa "Shield" kuvaketta ikkunan ylälaidassa
"Resident shield is", muuta tila active:sta inactive:ksi
Sulje ohjelma
Tai, sulje se alapalkin kuvakkeen kautta.
Tee nyt uusi skannaus hjt:llä, klikkaa "Do a system scan only"
merkkaa rivi
O20 - Winlogon Notify: mljijif - C:\WINDOWS\
sulje selain, ja kaikki muut avoimet ikkunat, paitsi ei hjt:tä
ja klikkaa "Fix Checked"
***
Hae uusin Combofix tuolta, paitsi jos tämänpäivänen on vielä työpöydällä :)
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
(Tallenna se työpöydälle, mutta älä aja sitä)
Avaa sitten muistio ja kopioi/liitä alla oleva *****tähtien välinen teksti***** sinne:
*****
File::
C:\WINDOWS\system32\SymNeti.dll
C:\WINDOWS\system32\SymRedir.dll
Folder::
C:\Program Files\SmitfraudFix
C:\WINDOWS\system32\ctfmon .exe
Registry::
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\mljijif]
*****
Tallenna nimellä: CFScriptniin joo annanko minä olla tuon täpin tuolla Näytä-välilehden Piilotetut tiedostot ja kansiot
-kohdassa" Näytä piilotetut tiedostot ja kansiot.
vai vaihdanko sen nyt takas siihen älä näytä piilotettuja tiedostoja ja kansioita? - axa.doe
aatu kirjoitti:
niin joo annanko minä olla tuon täpin tuolla Näytä-välilehden Piilotetut tiedostot ja kansiot
-kohdassa" Näytä piilotetut tiedostot ja kansiot.
vai vaihdanko sen nyt takas siihen älä näytä piilotettuja tiedostoja ja kansioita?anna olla vielä näkyvillä. Laitan kohta lisää ohjeita :)
- axa.doe
aatu kirjoitti:
niin joo annanko minä olla tuon täpin tuolla Näytä-välilehden Piilotetut tiedostot ja kansiot
-kohdassa" Näytä piilotetut tiedostot ja kansiot.
vai vaihdanko sen nyt takas siihen älä näytä piilotettuja tiedostoja ja kansioita?tuosta herjasta en osaa sanoa mitään.
Kerran vielä..
Poista entinen työpöydältä, lataa tästä uusin http://www.techsupportforum.com/sectools/sUBs/ComboFix.exe
Älä aja sitä vielä.
Avaa taas muistio ja kopioi/liitä alla oleva *****tähtien välinen teksti***** sinne:
*****
File::
C:\WINDOWS\system32\ctfmon .exe
C:\WINDOWS\system32\S32EVNT1.DLL
*****
Tallenna nimellä: CFScript - aatu
axa.doe kirjoitti:
tuosta herjasta en osaa sanoa mitään.
Kerran vielä..
Poista entinen työpöydältä, lataa tästä uusin http://www.techsupportforum.com/sectools/sUBs/ComboFix.exe
Älä aja sitä vielä.
Avaa taas muistio ja kopioi/liitä alla oleva *****tähtien välinen teksti***** sinne:
*****
File::
C:\WINDOWS\system32\ctfmon .exe
C:\WINDOWS\system32\S32EVNT1.DLL
*****
Tallenna nimellä: CFScripttässä olis näitä raportteja:
ComboFix 08-02.02.5 - Administrator 2008-02-03 10:48:30.5 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1624 [GMT 2:00]
Running from: C:\Documents and Settings\Administrator\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Administrator\Desktop\CFScript.txt
* Created a new restore point
[color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color]
FILE
C:\WINDOWS\system32\ctfmon .exe
C:\WINDOWS\system32\S32EVNT1.DLL
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\WINDOWS\system32\ctfmon .exe
C:\WINDOWS\system32\S32EVNT1.DLL
.
((((((((((((((((((((((((( Files Created from 2008-01-03 to 2008-02-03 )))))))))))))))))))))))))))))))
.
2008-01-29 13:26 . 2008-01-29 13:26 d-------- C:\Documents and Settings\All Users\Application Data\Apple
2008-01-27 00:13 . 2008-01-27 00:13 552 --a------ C:\WINDOWS\system32\d3d8caps.dat
2008-01-26 23:39 . 2008-01-26 23:39 d-------- C:\Program Files\CCleaner
2008-01-25 23:29 . 2008-01-25 23:29 d-------- C:\Program Files\MSN Messenger
2008-01-25 23:09 . 2008-01-25 23:09 d-------- C:\WINDOWS\D45EC2594A194656B588C2C360DD18EA.TMP
2008-01-25 21:52 . 2008-01-25 21:52 d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-01-25 21:52 . 2008-01-25 21:52 d-------- C:\Documents and Settings\Administrator\Application Data\Grisoft
2008-01-25 21:52 . 2007-05-30 14:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2008-01-25 20:39 . 2008-01-25 20:39 d-------- C:\WINDOWS\ERUNT
2008-01-25 20:23 . 2008-01-25 20:58 d-------- C:\WINDOWS\system32\ZoneLabs
2008-01-25 20:23 . 2008-01-25 20:23 d-------- C:\Documents and Settings\All Users\Application Data\MailFrontier
2008-01-25 20:23 . 2004-04-27 04:40 11,264 --a------ C:\WINDOWS\system32\SpOrder.dll
2008-01-25 20:23 . 2008-01-25 20:24 4,212 ---h----- C:\WINDOWS\system32\zllictbl.dat
2008-01-25 20:22 . 2008-01-25 20:58 d-------- C:\WINDOWS\Internet Logs
2008-01-23 07:08 . 2008-01-23 07:08 8 --a------ C:\WINDOWS\system32\6e9963f7
2008-01-21 14:18 . 2008-01-21 14:18 d-------- C:\Program Files\Trend Micro
2008-01-21 13:58 . 2008-01-21 13:58 d-------- C:\Documents and Settings\All Users\Application Data\Prevx
2008-01-21 13:58 . 2008-01-21 14:12 d-------- C:\Documents and Settings\Administrator\Application Data\PrevxCSI
2008-01-19 21:02 . 2008-01-19 21:02 d-------- C:\Program Files\Avira
2008-01-19 21:02 . 2008-01-19 21:02 d-------- C:\Documents and Settings\All Users\Application Data\Avira
2008-01-11 07:06 . 2008-01-11 07:06 d-------- C:\Documents and Settings\Administrator\Application Data\SystemRequirementsLab
2008-01-11 06:34 . 2008-01-11 06:34 d-------- C:\Program Files\Valve
2008-01-06 18:23 . 2008-01-06 18:23 d-------- C:\Program Files\Option
2008-01-06 18:23 . 2008-01-06 18:23 d-------- C:\Program Files\Common Files\GtFlashSwitch
2008-01-06 16:24 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
2008-01-06 16:24 . 2007-07-30 19:19 207,736 --a------ C:\WINDOWS\system32\muweb.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-29 11:26 --------- d-----w C:\Program Files\Apple Software Update
2008-01-26 21:41 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-01-25 20:49 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-01-21 13:04 --------- d-----w C:\Program Files\TuneUp Utilities 2007
2008-01-21 12:10 --------- d-----w C:\Program Files\Google
2008-01-21 04:36 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-01-20 12:32 --------- d-----w C:\Documents and Settings\Administrator\Application Data\ICQ
2008-01-20 12:31 --------- d-----w C:\Program Files\ICQToolbar
2008-01-20 04:51 --------- d-----w C:\Program Files\QuickTime
2008-01-19 19:08 --------- d-----w C:\Documents and Settings\Administrator\Application Data\Skype
2008-01-06 15:36 --------- d-----w C:\Program Files\Microsoft CAPICOM 2.1.0.2
2008-01-06 14:04 --------- d-----w C:\Program Files\Option(3)
2008-01-06 14:04 --------- d-----w C:\Program Files\Common Files\GtFlashSwitch(3)
2007-12-31 04:24 --------- d-----w C:\Program Files\Option(2)
2007-12-31 04:24 --------- d-----w C:\Program Files\Opera
2007-12-31 04:24 --------- d-----w C:\Program Files\Nokia Maploader
2007-12-31 04:24 --------- d-----w C:\Program Files\Microsoft Works
2007-12-31 04:24 --------- d-----w C:\Program Files\Common Files\Nokia
2007-12-31 04:24 --------- d-----w C:\Program Files\Common Files\GtFlashSwitch(2)
2007-12-31 04:24 --------- d-----w C:\Program Files\ArcSoft
2007-12-31 04:24 --------- d-----w C:\Documents and Settings\All Users\Application Data\Yahoo!
2007-12-31 04:24 --------- d-----w C:\Documents and Settings\Administrator\Application Data\Yahoo!
2007-12-31 04:23 --------- dc----w C:\Program Files\Common Files\WindowsLiveInstaller
2007-12-11 05:13 --------- d-----w C:\Program Files\Canon
2007-11-07 09:26 721,920 ----a-w C:\WINDOWS\system32\lsasrv.dll
2007-11-07 09:26 721,920 ------w C:\WINDOWS\system32\dllcache\lsasrv.dll
2005-09-24 05:49 12,288 ----a-w C:\WINDOWS\Fonts\RandFont.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2006-03-15 22:00 15360]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:55 5674352]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-08-18 10:00 7585792]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2006-08-18 10:00 86016]
"nwiz"="nwiz.exe" [2006-08-18 10:00 1617920 C:\WINDOWS\system32\nwiz.exe]
"MsmqIntCert"="regsvr32 /s mqrt.dll" []
"High Definition Audio Property Page Shortcut"="CHDAudPropShortcut.exe" [2006-06-02 02:02 61952 C:\WINDOWS\system32\CHDAudPropShortcut.exe]
"QlbCtrl"="C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2006-06-19 10:33 163840]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 11:25 6731312]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2006-03-15 22:00 15360]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
BTTray.lnk - C:\Program Files\WIDCOMM\Bluetooth-ohjelmisto\BTTray.exe [2006-05-12 13:33:22 581693]
GlobeTrotter Connect.lnk - C:\Program Files\Option\GlobeTrotter Connect\GlobeTrotter Connect.exe [2007-05-19 17:19:44 729088]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme
R2 GtFlashSwitch;GtFlashSwitch;"C:\Program Files\Common Files\GtFlashSwitch\GtFlashSwitch.exe" [2007-02-09 14:48]
R2 UxTuneUp;TuneUp Theme Extension;C:\WINDOWS\System32\svchost.exe [2006-03-16 06:00]
R3 GTMNDISIRPXP;GT M 3G IRP NDIS;C:\WINDOWS\system32\DRIVERS\Gtm51Irp.sys [2007-04-14 05:05]
R3 GTPTSER;GT PT SER;C:\WINDOWS\system32\DRIVERS\gtptser.sys [2007-04-14 05:05]
R3 GTUQBUS;GT UQ BUS;C:\WINDOWS\system32\DRIVERS\gtuqbus.sys [2007-04-14 05:06]
R3 nvsmu;nvsmu;C:\WINDOWS\system32\DRIVERS\nvsmu.sys [2006-03-06 01:49]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Contents of the 'Scheduled Tasks' folder
"2008-01-29 11:26:06 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-03 10:50:11
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-02-03 10:50:31
ComboFix-quarantined-files.txt 2008-02-03 08:50:29
ComboFix2.txt 2008-01-31 20:13:54
ComboFix3.txt 2008-01-31 06:06:43
ComboFix4.txt 2008-01-28 22:16:52
.
2008-01-09 01:01:48 --- E O F ---
skannasin kaikki tiedostot kansiosta "C:\WINDOWS\D45EC2594A194656B588C2C360DD18EA.TMP" ja kaikista tiedostoista tuli "Found nothing" paitsi tiedostosta "WiseCustomCalla3.dll" :
Scan taken on 03 Feb 2008 09:24:47 (GMT)
A-Squared
Found nothing
AntiVir
Found nothing
ArcaVir
Found nothing
Avast
Found nothing
AVG Antivirus
Found nothing
BitDefender
Found nothing
ClamAV
Found nothing
CPsecure
Found nothing
Dr.Web
Found nothing
F-Prot Antivirus
Found nothing
F-Secure Anti-Virus
Found nothing
Fortinet
Found nothing
Ikarus
Found nothing
Kaspersky Anti-Virus
Found nothing
NOD32
Found nothing
Norman Virus Control
Found DLoader.FDND
Panda Antivirus
Found nothing
Rising Antivirus
Found nothing
Sophos Antivirus
Found nothing
VirusBuster
Found nothing
VBA32
Found nothing - aatu
axa.doe kirjoitti:
tuosta herjasta en osaa sanoa mitään.
Kerran vielä..
Poista entinen työpöydältä, lataa tästä uusin http://www.techsupportforum.com/sectools/sUBs/ComboFix.exe
Älä aja sitä vielä.
Avaa taas muistio ja kopioi/liitä alla oleva *****tähtien välinen teksti***** sinne:
*****
File::
C:\WINDOWS\system32\ctfmon .exe
C:\WINDOWS\system32\S32EVNT1.DLL
*****
Tallenna nimellä: CFScriptTere, laitan nuo Kasperskyn online scannerin ja Hijackthis raportit tuossa 22:30 jälkeen koska lähden nyt töihin ja en kerennyt odottaan tuota kasperskyn scannausta...
- aatu
axa.doe kirjoitti:
tuosta herjasta en osaa sanoa mitään.
Kerran vielä..
Poista entinen työpöydältä, lataa tästä uusin http://www.techsupportforum.com/sectools/sUBs/ComboFix.exe
Älä aja sitä vielä.
Avaa taas muistio ja kopioi/liitä alla oleva *****tähtien välinen teksti***** sinne:
*****
File::
C:\WINDOWS\system32\ctfmon .exe
C:\WINDOWS\system32\S32EVNT1.DLL
*****
Tallenna nimellä: CFScriptSunday, February 03, 2008 10:31:20 PM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 3/02/2008
Kaspersky Anti-Virus database records: 546327
Scan Settings
Scan using the following antivirus database extended
Scan Archives true
Scan Mail Bases true
Scan Target My Computer
C:\
D:\
E:\
Scan Statistics
Total number of scanned objects 74921
Number of viruses found 7
Number of infected objects 19
Number of suspicious objects 0
Duration of the scan process 01:13:17
Infected Object Name Virus Name Last Action
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\vr0qa73u.default\cert8.db Object is locked skipped
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\vr0qa73u.default\history.dat Object is locked skipped
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\vr0qa73u.default\key3.db Object is locked skipped
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\vr0qa73u.default\parent.lock Object is locked skipped
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\vr0qa73u.default\search.sqlite Object is locked skipped
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\vr0qa73u.default\urlclassifier2.sqlite Object is locked skipped
C:\Documents and Settings\Administrator\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Feeds Cache\index.dat Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Application Data\Mozilla\Firefox\Profiles\vr0qa73u.default\Cache\_CACHE_001_ Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Application Data\Mozilla\Firefox\Profiles\vr0qa73u.default\Cache\_CACHE_002_ Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Application Data\Mozilla\Firefox\Profiles\vr0qa73u.default\Cache\_CACHE_003_ Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Application Data\Mozilla\Firefox\Profiles\vr0qa73u.default\Cache\_CACHE_MAP_ Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\History\History.IE5\MSHist012008020320080204\index.dat Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Administrator\ntuser.dat Object is locked skipped
C:\Documents and Settings\Administrator\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\logs\ehRecvr.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT.LOG Object is locked skipped
C:\QooBox\Quarantine\C\Program Files\SmitfraudFix\Reboot.exe.vir Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\uhijixra.exe.vir Infected: Trojan-Downloader.Win32.Agent.gwe skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{A13B5E8E-F617-46BA-B368-1985B3BA9E17}\RP1\A0000020.exe/WISE0016.BIN Infected: not-a-virus:AdWare.Win32.OneStep.c skipped
C:\System Volume Information\_restore{A13B5E8E-F617-46BA-B368-1985B3BA9E17}\RP1\A0000020.exe/WISE0019.BIN Infected: not-a-virus:AdWare.Win32.Relevant.a skipped
C:\System Volume Information\_restore{A13B5E8E-F617-46BA-B368-1985B3BA9E17}\RP1\A0000020.exe/WISE0020.BIN Infected: not-a-virus:AdTool.Win32.WhenU.a skipped
C:\System Volume Information\_restore{A13B5E8E-F617-46BA-B368-1985B3BA9E17}\RP1\A0000020.exe WiseSFX: infected - 3 skipped
C:\System Volume Information\_restore{A13B5E8E-F617-46BA-B368-1985B3BA9E17}\RP1\A0000021.exe/WISE0014.BIN Infected: not-a-virus:AdWare.Win32.OneStep.c skipped
C:\System Volume Information\_restore{A13B5E8E-F617-46BA-B368-1985B3BA9E17}\RP1\A0000021.exe/WISE0017.BIN Infected: not-a-virus:AdTool.Win32.WhenU.a skipped
C:\System Volume Information\_restore{A13B5E8E-F617-46BA-B368-1985B3BA9E17}\RP1\A0000021.exe WiseSFX: infected - 2 skipped
C:\System Volume Information\_restore{A13B5E8E-F617-46BA-B368-1985B3BA9E17}\RP12\A0004549.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\System Volume Information\_restore{A13B5E8E-F617-46BA-B368-1985B3BA9E17}\RP14\change.log Object is locked skipped
C:\System Volume Information\_restore{A13B5E8E-F617-46BA-B368-1985B3BA9E17}\RP3\A0001077.exe/data.rar/SmitfraudFix/Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\System Volume Information\_restore{A13B5E8E-F617-46BA-B368-1985B3BA9E17}\RP3\A0001077.exe/data.rar Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\System Volume Information\_restore{A13B5E8E-F617-46BA-B368-1985B3BA9E17}\RP3\A0001077.exe RarSFX: infected - 2 skipped
C:\System Volume Information\_restore{A13B5E8E-F617-46BA-B368-1985B3BA9E17}\RP3\A0001085.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\System Volume Information\_restore{A13B5E8E-F617-46BA-B368-1985B3BA9E17}\RP3\A0002393.dll Infected: not-a-virus:AdTool.Win32.MyWebSearch.au skipped
C:\System Volume Information\_restore{A13B5E8E-F617-46BA-B368-1985B3BA9E17}\RP3\A0002401.dll Infected: not-a-virus:AdTool.Win32.MyWebSearch skipped
C:\System Volume Information\_restore{A13B5E8E-F617-46BA-B368-1985B3BA9E17}\RP3\A0002463.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\System Volume Information\_restore{A13B5E8E-F617-46BA-B368-1985B3BA9E17}\RP3\A0002477.exe Infected: Trojan-Downloader.Win32.Agent.gwe skipped
C:\System Volume Information\_restore{A13B5E8E-F617-46BA-B368-1985B3BA9E17}\RP8\A0002804.exe Infected: Trojan-Downloader.Win32.Agent.gwe skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\ModemLog_HDAUDIO Soft Data Fax Modem with SmartCP.txt Object is locked skipped
C:\WINDOWS\Registration\{02D4B3F1-FD88-11D1-960D-00805FC79235}.{C47A2E38-F9C1-4578-9FC8-B6CDBB819A09}.crmlog Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\EventCache\{B10C07CA-DCC6-489C-AE8F-7BE84E047AF7}.bin Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\Internet.evt Object is locked skipped
C:\WINDOWS\system32\config\Media Ce.evt Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\MsDtc\MSDTC.LOG Object is locked skipped
C:\WINDOWS\system32\MsDtc\Trace\dtctrace.log Object is locked skipped
C:\WINDOWS\system32\msmq\storage\QMLog Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
D:\System Volume Information\_restore{A13B5E8E-F617-46BA-B368-1985B3BA9E17}\RP14\change.log Object is locked skipped
Scan process completed.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:33, on 2008-02-03
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\WIDCOMM\Bluetooth-ohjelmisto\BTTray.exe
C:\Program Files\Option\GlobeTrotter Connect\GlobeTrotter Connect.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\WIDCOMM\Bluetooth-ohjelmisto\bin\btwdins.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\GtFlashSwitch\GtFlashSwitch.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\mqsvc.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\WINDOWS\system32\mqtgsvc.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /nodetect
O4 - HKLM\..\Run: [MsmqIntCert] regsvr32 /s mqrt.dll
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] CHDAudPropShortcut.exe
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Paikallinen palve')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Verkkopalve')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: GlobeTrotter Connect.lnk = C:\Program Files\Option\GlobeTrotter Connect\GlobeTrotter Connect.exe
O8 - Extra context menu item: Download all links using BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: Download all videos using BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: Download link using &BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\WINDOWS\system32\shdocvw.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by115fd.bay115.hotmail.msn.com/resources/MsnPUpld.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: AddFiltr - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth-ohjelmisto\bin\btwdins.exe
O23 - Service: GtFlashSwitch - OptionNV - C:\Program Files\Common Files\GtFlashSwitch\GtFlashSwitch.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - c:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod-palvelu (iPod Service) - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing)
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
--
End of file - 6807 bytes - axa.doe
aatu kirjoitti:
Sunday, February 03, 2008 10:31:20 PM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 3/02/2008
Kaspersky Anti-Virus database records: 546327
Scan Settings
Scan using the following antivirus database extended
Scan Archives true
Scan Mail Bases true
Scan Target My Computer
C:\
D:\
E:\
Scan Statistics
Total number of scanned objects 74921
Number of viruses found 7
Number of infected objects 19
Number of suspicious objects 0
Duration of the scan process 01:13:17
Infected Object Name Virus Name Last Action
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\vr0qa73u.default\cert8.db Object is locked skipped
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\vr0qa73u.default\history.dat Object is locked skipped
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\vr0qa73u.default\key3.db Object is locked skipped
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\vr0qa73u.default\parent.lock Object is locked skipped
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\vr0qa73u.default\search.sqlite Object is locked skipped
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\vr0qa73u.default\urlclassifier2.sqlite Object is locked skipped
C:\Documents and Settings\Administrator\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Feeds Cache\index.dat Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Application Data\Mozilla\Firefox\Profiles\vr0qa73u.default\Cache\_CACHE_001_ Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Application Data\Mozilla\Firefox\Profiles\vr0qa73u.default\Cache\_CACHE_002_ Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Application Data\Mozilla\Firefox\Profiles\vr0qa73u.default\Cache\_CACHE_003_ Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Application Data\Mozilla\Firefox\Profiles\vr0qa73u.default\Cache\_CACHE_MAP_ Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\History\History.IE5\MSHist012008020320080204\index.dat Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Administrator\ntuser.dat Object is locked skipped
C:\Documents and Settings\Administrator\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\logs\ehRecvr.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT.LOG Object is locked skipped
C:\QooBox\Quarantine\C\Program Files\SmitfraudFix\Reboot.exe.vir Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\uhijixra.exe.vir Infected: Trojan-Downloader.Win32.Agent.gwe skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{A13B5E8E-F617-46BA-B368-1985B3BA9E17}\RP1\A0000020.exe/WISE0016.BIN Infected: not-a-virus:AdWare.Win32.OneStep.c skipped
C:\System Volume Information\_restore{A13B5E8E-F617-46BA-B368-1985B3BA9E17}\RP1\A0000020.exe/WISE0019.BIN Infected: not-a-virus:AdWare.Win32.Relevant.a skipped
C:\System Volume Information\_restore{A13B5E8E-F617-46BA-B368-1985B3BA9E17}\RP1\A0000020.exe/WISE0020.BIN Infected: not-a-virus:AdTool.Win32.WhenU.a skipped
C:\System Volume Information\_restore{A13B5E8E-F617-46BA-B368-1985B3BA9E17}\RP1\A0000020.exe WiseSFX: infected - 3 skipped
C:\System Volume Information\_restore{A13B5E8E-F617-46BA-B368-1985B3BA9E17}\RP1\A0000021.exe/WISE0014.BIN Infected: not-a-virus:AdWare.Win32.OneStep.c skipped
C:\System Volume Information\_restore{A13B5E8E-F617-46BA-B368-1985B3BA9E17}\RP1\A0000021.exe/WISE0017.BIN Infected: not-a-virus:AdTool.Win32.WhenU.a skipped
C:\System Volume Information\_restore{A13B5E8E-F617-46BA-B368-1985B3BA9E17}\RP1\A0000021.exe WiseSFX: infected - 2 skipped
C:\System Volume Information\_restore{A13B5E8E-F617-46BA-B368-1985B3BA9E17}\RP12\A0004549.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\System Volume Information\_restore{A13B5E8E-F617-46BA-B368-1985B3BA9E17}\RP14\change.log Object is locked skipped
C:\System Volume Information\_restore{A13B5E8E-F617-46BA-B368-1985B3BA9E17}\RP3\A0001077.exe/data.rar/SmitfraudFix/Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\System Volume Information\_restore{A13B5E8E-F617-46BA-B368-1985B3BA9E17}\RP3\A0001077.exe/data.rar Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\System Volume Information\_restore{A13B5E8E-F617-46BA-B368-1985B3BA9E17}\RP3\A0001077.exe RarSFX: infected - 2 skipped
C:\System Volume Information\_restore{A13B5E8E-F617-46BA-B368-1985B3BA9E17}\RP3\A0001085.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\System Volume Information\_restore{A13B5E8E-F617-46BA-B368-1985B3BA9E17}\RP3\A0002393.dll Infected: not-a-virus:AdTool.Win32.MyWebSearch.au skipped
C:\System Volume Information\_restore{A13B5E8E-F617-46BA-B368-1985B3BA9E17}\RP3\A0002401.dll Infected: not-a-virus:AdTool.Win32.MyWebSearch skipped
C:\System Volume Information\_restore{A13B5E8E-F617-46BA-B368-1985B3BA9E17}\RP3\A0002463.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\System Volume Information\_restore{A13B5E8E-F617-46BA-B368-1985B3BA9E17}\RP3\A0002477.exe Infected: Trojan-Downloader.Win32.Agent.gwe skipped
C:\System Volume Information\_restore{A13B5E8E-F617-46BA-B368-1985B3BA9E17}\RP8\A0002804.exe Infected: Trojan-Downloader.Win32.Agent.gwe skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\ModemLog_HDAUDIO Soft Data Fax Modem with SmartCP.txt Object is locked skipped
C:\WINDOWS\Registration\{02D4B3F1-FD88-11D1-960D-00805FC79235}.{C47A2E38-F9C1-4578-9FC8-B6CDBB819A09}.crmlog Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\EventCache\{B10C07CA-DCC6-489C-AE8F-7BE84E047AF7}.bin Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\Internet.evt Object is locked skipped
C:\WINDOWS\system32\config\Media Ce.evt Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\MsDtc\MSDTC.LOG Object is locked skipped
C:\WINDOWS\system32\MsDtc\Trace\dtctrace.log Object is locked skipped
C:\WINDOWS\system32\msmq\storage\QMLog Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
D:\System Volume Information\_restore{A13B5E8E-F617-46BA-B368-1985B3BA9E17}\RP14\change.log Object is locked skipped
Scan process completed.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:33, on 2008-02-03
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\WIDCOMM\Bluetooth-ohjelmisto\BTTray.exe
C:\Program Files\Option\GlobeTrotter Connect\GlobeTrotter Connect.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\WIDCOMM\Bluetooth-ohjelmisto\bin\btwdins.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\GtFlashSwitch\GtFlashSwitch.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\mqsvc.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\WINDOWS\system32\mqtgsvc.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /nodetect
O4 - HKLM\..\Run: [MsmqIntCert] regsvr32 /s mqrt.dll
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] CHDAudPropShortcut.exe
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Paikallinen palve')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Verkkopalve')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: GlobeTrotter Connect.lnk = C:\Program Files\Option\GlobeTrotter Connect\GlobeTrotter Connect.exe
O8 - Extra context menu item: Download all links using BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: Download all videos using BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: Download link using &BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\WINDOWS\system32\shdocvw.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by115fd.bay115.hotmail.msn.com/resources/MsnPUpld.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: AddFiltr - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth-ohjelmisto\bin\btwdins.exe
O23 - Service: GtFlashSwitch - OptionNV - C:\Program Files\Common Files\GtFlashSwitch\GtFlashSwitch.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - c:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod-palvelu (iPod Service) - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing)
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
--
End of file - 6807 bytesPoista työpöydältä combofix.exe, ja C:\Combofix Prevx PrevxCSI Ohjauspaneeli ja tupla-klikkaa Lisää tai poista sovellus Ohjauspaneelissa.
2. Etsi listasta *kaikki entiset Java versiosi. (J2SE Runtime Environment.... )*
3. Valitse kaikki entiset Java versiosi ja valitse Poista.
Käynnistä kone uudelleen
4. Asenna uusin Java päivitys seuraavasta linkistä..
http://java.sun.com/javase/downloads/index.jsp
---> Rullaa alas kohteeseen Java Runtime Environment (JRE) 6 Update 4
Paina Download
Laita Platform -kohtaan Windows
Ruksaa I agree to the Java SE Runtime Environment 6 License Agreement ja paina Continue
Paina Windows Offline Installationin alapuolella jre-6u4-windows-i586-p.exe
Tallenna tiedosto vaikka työpöydälle ja asenna se.
5. Käynnistä kone uudelleen asennuksen jälkeen.
6. Käynnistyksen jälkeen, mene takaisin Ohjauspaneeliin ja avaa Java asetuksesi (Muita Ohjauspaneelin asetuksia -> Java kahvikuppi).
7. General-välilehdellä klikkaa Settings. Vedä liukusäädintä (Disk Space) pienemmälle.
(Jotkut javapohjaiset ohjelmat saattavat tarvita enemmän levytilaa.
Jos huomaat säädön pienentämisen jälkeen koneessa hitautta, siirrä liukusäädintä isommalle).
8. Klikkaa Delete Files -nappia. Varmista että kaikki kaksi valintaa ovat rastitettuja:
* Applications and Applets
* Trace and Log Files
Ja paina OK -nappia
Huomaa: Tämä poistaa kaikki ladatut sovellukset ja appletit VÄLIMUISTISTA.
9. Klikkaa OK "Temporary Files Settings" -ikkunassasi.
10. Välilehti Update: ota ruksi pois kohdasta Check for Updates automatically
Valitse Never check
11. Klikkaa Apply ja OK jättääksesi Java asetusikkunasi.
***
Tupla-klikkaa ATF-Cleaner.exe käynnistääksesi ohjelman.
Main:n alla valitse: Select All
Klikkaa Empty Selected valintaa.
Jos käytät FireFoxia selaimenasi
Klikkaa Firefox yläpuolelta ja valitse: Select All
Klikkaa Empty Selected valintaa.
HUOMIO: Jos haluaisit pitää tallennetut salasanasi, klikkaa No kun se sitä kysyy.
Jos käytät Operaa selaimenasi
Klikkaa Opera yläpuolelta ja valitse: Select All
Klikkaa Empty Selected valintaa taas.
HUOMIO: Jos haluaisit pitää tallennetut salasanasi, klikkaa No kun se sitä kysyy.
Klikkaa Exit päävalikosta sulkeaksesi ohjelman.
***
Katso tuolta nopeutusohjeita http://neko.1g.fi/ohje/hidastelua.html
Ja lähetä vielä uusi hijack logi
Miltä kone tuntuu nyt? - aatu
axa.doe kirjoitti:
Poista työpöydältä combofix.exe, ja C:\Combofix Prevx PrevxCSI Ohjauspaneeli ja tupla-klikkaa Lisää tai poista sovellus Ohjauspaneelissa.
2. Etsi listasta *kaikki entiset Java versiosi. (J2SE Runtime Environment.... )*
3. Valitse kaikki entiset Java versiosi ja valitse Poista.
Käynnistä kone uudelleen
4. Asenna uusin Java päivitys seuraavasta linkistä..
http://java.sun.com/javase/downloads/index.jsp
---> Rullaa alas kohteeseen Java Runtime Environment (JRE) 6 Update 4
Paina Download
Laita Platform -kohtaan Windows
Ruksaa I agree to the Java SE Runtime Environment 6 License Agreement ja paina Continue
Paina Windows Offline Installationin alapuolella jre-6u4-windows-i586-p.exe
Tallenna tiedosto vaikka työpöydälle ja asenna se.
5. Käynnistä kone uudelleen asennuksen jälkeen.
6. Käynnistyksen jälkeen, mene takaisin Ohjauspaneeliin ja avaa Java asetuksesi (Muita Ohjauspaneelin asetuksia -> Java kahvikuppi).
7. General-välilehdellä klikkaa Settings. Vedä liukusäädintä (Disk Space) pienemmälle.
(Jotkut javapohjaiset ohjelmat saattavat tarvita enemmän levytilaa.
Jos huomaat säädön pienentämisen jälkeen koneessa hitautta, siirrä liukusäädintä isommalle).
8. Klikkaa Delete Files -nappia. Varmista että kaikki kaksi valintaa ovat rastitettuja:
* Applications and Applets
* Trace and Log Files
Ja paina OK -nappia
Huomaa: Tämä poistaa kaikki ladatut sovellukset ja appletit VÄLIMUISTISTA.
9. Klikkaa OK "Temporary Files Settings" -ikkunassasi.
10. Välilehti Update: ota ruksi pois kohdasta Check for Updates automatically
Valitse Never check
11. Klikkaa Apply ja OK jättääksesi Java asetusikkunasi.
***
Tupla-klikkaa ATF-Cleaner.exe käynnistääksesi ohjelman.
Main:n alla valitse: Select All
Klikkaa Empty Selected valintaa.
Jos käytät FireFoxia selaimenasi
Klikkaa Firefox yläpuolelta ja valitse: Select All
Klikkaa Empty Selected valintaa.
HUOMIO: Jos haluaisit pitää tallennetut salasanasi, klikkaa No kun se sitä kysyy.
Jos käytät Operaa selaimenasi
Klikkaa Opera yläpuolelta ja valitse: Select All
Klikkaa Empty Selected valintaa taas.
HUOMIO: Jos haluaisit pitää tallennetut salasanasi, klikkaa No kun se sitä kysyy.
Klikkaa Exit päävalikosta sulkeaksesi ohjelman.
***
Katso tuolta nopeutusohjeita http://neko.1g.fi/ohje/hidastelua.html
Ja lähetä vielä uusi hijack logi
Miltä kone tuntuu nyt?Noniin, ne olis nyt tehty ja kone tuntuis muuten toimivan hyvin mutta, windowsin käynnistyessä tulee normaalisti taustakuva näkyviin mutta työpöydän avautumiseen menee varmaan jotain 1-2 minuuttia... mistähän se mahtaa johtua (tämä vika tuli esille tämänillan muutosten aikana...)
mutta tässäpäs tämä HJT:n raportti:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 01:12, on 2008-02-04
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\WIDCOMM\Bluetooth-ohjelmisto\bin\btwdins.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\GtFlashSwitch\GtFlashSwitch.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\mqsvc.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\WINDOWS\system32\mqtgsvc.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\WIDCOMM\Bluetooth-ohjelmisto\BTTray.exe
C:\Program Files\Option\GlobeTrotter Connect\GlobeTrotter Connect.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [MsmqIntCert] regsvr32 /s mqrt.dll
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] CHDAudPropShortcut.exe
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Paikallinen palve')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Verkkopalve')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: GlobeTrotter Connect.lnk = C:\Program Files\Option\GlobeTrotter Connect\GlobeTrotter Connect.exe
O8 - Extra context menu item: Download all links using BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: Download all videos using BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: Download link using &BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\WINDOWS\system32\shdocvw.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by115fd.bay115.hotmail.msn.com/resources/MsnPUpld.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: AddFiltr - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth-ohjelmisto\bin\btwdins.exe
O23 - Service: GtFlashSwitch - OptionNV - C:\Program Files\Common Files\GtFlashSwitch\GtFlashSwitch.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - c:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod-palvelu (iPod Service) - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing)
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
--
End of file - 6752 bytes - axa.doe
aatu kirjoitti:
Noniin, ne olis nyt tehty ja kone tuntuis muuten toimivan hyvin mutta, windowsin käynnistyessä tulee normaalisti taustakuva näkyviin mutta työpöydän avautumiseen menee varmaan jotain 1-2 minuuttia... mistähän se mahtaa johtua (tämä vika tuli esille tämänillan muutosten aikana...)
mutta tässäpäs tämä HJT:n raportti:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 01:12, on 2008-02-04
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\WIDCOMM\Bluetooth-ohjelmisto\bin\btwdins.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\GtFlashSwitch\GtFlashSwitch.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\mqsvc.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\WINDOWS\system32\mqtgsvc.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\WIDCOMM\Bluetooth-ohjelmisto\BTTray.exe
C:\Program Files\Option\GlobeTrotter Connect\GlobeTrotter Connect.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [MsmqIntCert] regsvr32 /s mqrt.dll
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] CHDAudPropShortcut.exe
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Paikallinen palve')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Verkkopalve')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: GlobeTrotter Connect.lnk = C:\Program Files\Option\GlobeTrotter Connect\GlobeTrotter Connect.exe
O8 - Extra context menu item: Download all links using BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: Download all videos using BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: Download link using &BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\WINDOWS\system32\shdocvw.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by115fd.bay115.hotmail.msn.com/resources/MsnPUpld.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: AddFiltr - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth-ohjelmisto\bin\btwdins.exe
O23 - Service: GtFlashSwitch - OptionNV - C:\Program Files\Common Files\GtFlashSwitch\GtFlashSwitch.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - c:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod-palvelu (iPod Service) - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing)
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
--
End of file - 6752 bytesJoo, mulla teki joskus samaa ajoittain :) Sain nopeammin työpöydän auki, kun klikkasin Ctr alt del,
klikkasin "Task Manager", ja ikkunan auettua suljin sen samantien yläkulman ruksista. Hidastui muistaakseni jonkun tarkemman puhdistuksen yhteydessä.
AntiVir, AVG anti-spyware ja ZoneAlarm käynnistyksessä saattavat hidastaa, mutta vain AVG anti-spywaren voi sulkea.
Kokeile auttaako:
Avaa AVG, klikkaa "Shield" kuvaketta ikkunan ylälaidassa
* "Resident shield is", muuta tila active:sta inactive:ksi
* Sulje ohjelma
Ellei onnistu, avaa AVG alapalkin kuvakkeesta, hiiren oikealla, ja ota ruksi pois "Start with Windows" ja
"Check for Updates" (päivitykset voi hakea manuaalisesti)
***
Logi on kunnossa, mutta voisit vielä ajaa Deckard'sin, niin tarkistetaan muistin määrä ja pari muuta juttua vielä:
Lataa Deckard's System Scanner työpöydällesi http://www.techsupportforum.com/sectools/Deckard/dss.exe
Huomioi: Sinulla tulee olla Järjestelmänvalvojan oikeudet ajaaksesi ohjelma.
* Sulje kaikki avoimet ikkunat ja ohjelmat.
* Tupla Klikkaa Dss.exe tiedostoa ajaaksesi ohjelma, seuraa ohjeita.
* Kun Scannaus on valmis 2 textitiedostoa pitäisi avautua, Main.txt ja extra.txt
* Näppäile Kopioi ( CTRL A -> CTRL C ) ja liitä ( CTRL V )
* kopioi ja liitä Extra.txt & Main.txt sisältö seuraavaan vastaukseesi.
Huom: Jotkut palomuurit voivat varoittaa, että sigcheck.exe yrittää päästä nettiin - tässä tapauksessa varmistu, että päästät sigcheck.exen nettiin. - aatu
axa.doe kirjoitti:
Joo, mulla teki joskus samaa ajoittain :) Sain nopeammin työpöydän auki, kun klikkasin Ctr alt del,
klikkasin "Task Manager", ja ikkunan auettua suljin sen samantien yläkulman ruksista. Hidastui muistaakseni jonkun tarkemman puhdistuksen yhteydessä.
AntiVir, AVG anti-spyware ja ZoneAlarm käynnistyksessä saattavat hidastaa, mutta vain AVG anti-spywaren voi sulkea.
Kokeile auttaako:
Avaa AVG, klikkaa "Shield" kuvaketta ikkunan ylälaidassa
* "Resident shield is", muuta tila active:sta inactive:ksi
* Sulje ohjelma
Ellei onnistu, avaa AVG alapalkin kuvakkeesta, hiiren oikealla, ja ota ruksi pois "Start with Windows" ja
"Check for Updates" (päivitykset voi hakea manuaalisesti)
***
Logi on kunnossa, mutta voisit vielä ajaa Deckard'sin, niin tarkistetaan muistin määrä ja pari muuta juttua vielä:
Lataa Deckard's System Scanner työpöydällesi http://www.techsupportforum.com/sectools/Deckard/dss.exe
Huomioi: Sinulla tulee olla Järjestelmänvalvojan oikeudet ajaaksesi ohjelma.
* Sulje kaikki avoimet ikkunat ja ohjelmat.
* Tupla Klikkaa Dss.exe tiedostoa ajaaksesi ohjelma, seuraa ohjeita.
* Kun Scannaus on valmis 2 textitiedostoa pitäisi avautua, Main.txt ja extra.txt
* Näppäile Kopioi ( CTRL A -> CTRL C ) ja liitä ( CTRL V )
* kopioi ja liitä Extra.txt & Main.txt sisältö seuraavaan vastaukseesi.
Huom: Jotkut palomuurit voivat varoittaa, että sigcheck.exe yrittää päästä nettiin - tässä tapauksessa varmistu, että päästät sigcheck.exen nettiin.Deckard's System Scanner v20071014.68
Run by Administrator on 2008-02-04 22:24:31
Computer is in Normal Mode.
--------------------------------------------------------------------------------
-- System Restore --------------------------------------------------------------
Successfully created a Deckard's System Scanner Restore Point.
-- Last 5 Restore Point(s) --
7: 2008-02-04 20:24:35 UTC - RP7 - Deckard's System Scanner Restore Point
6: 2008-02-03 22:44:28 UTC - RP6 - Installed Java(TM) 6 Update 4
5: 2008-02-03 22:29:56 UTC - RP5 - Removed J2SE Runtime Environment 5.0 Update 6
4: 2008-02-03 22:29:18 UTC - RP4 - Removed Java(TM) 6 Update 2
3: 2008-02-03 22:28:37 UTC - RP3 - Removed Java(TM) 6 Update 3
-- First Restore Point --
1: 2008-02-03 21:58:04 UTC - RP1 - Järjestelmän tarkistuspiste
Backed up registry hives.
Performed disk cleanup.
-- HijackThis (run as Administrator.exe) ---------------------------------------
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:25, on 2008-02-04
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\WIDCOMM\Bluetooth-ohjelmisto\bin\btwdins.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\GtFlashSwitch\GtFlashSwitch.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\mqsvc.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\WINDOWS\system32\mqtgsvc.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\WIDCOMM\Bluetooth-ohjelmisto\BTTray.exe
C:\Program Files\Option\GlobeTrotter Connect\GlobeTrotter Connect.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Administrator\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Administrator.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [MsmqIntCert] regsvr32 /s mqrt.dll
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] CHDAudPropShortcut.exe
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Paikallinen palve')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Verkkopalve')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: GlobeTrotter Connect.lnk = C:\Program Files\Option\GlobeTrotter Connect\GlobeTrotter Connect.exe
O8 - Extra context menu item: Download all links using BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: Download all videos using BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: Download link using &BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\WINDOWS\system32\shdocvw.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by115fd.bay115.hotmail.msn.com/resources/MsnPUpld.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: AddFiltr - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth-ohjelmisto\bin\btwdins.exe
O23 - Service: GtFlashSwitch - OptionNV - C:\Program Files\Common Files\GtFlashSwitch\GtFlashSwitch.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - c:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod-palvelu (iPod Service) - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing)
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
--
End of file - 6799 bytes
-- HijackThis Fixed Entries (C:\PROGRA~1\TRENDM~1\HIJACK~1\backups\) -----------
backup-20080121-142843-956 F3 - REG:win.ini: load=C:\WINDOWS\system32\awvvu.exe
backup-20080123-080634-593 O2 - BHO: (no name) - {55FFF4FB-8E67-42B3-AE65-096502A00CD1} - C:\WINDOWS\system32\awvvu.dll (file missing)
backup-20080123-080716-326 O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - (no file)
backup-20080130-064032-142 O20 - Winlogon Notify: mljijif - mljijif.dll (file missing)
backup-20080131-220348-992 O20 - Winlogon Notify: mljijif - C:\WINDOWS\
-- File Associations -----------------------------------------------------------
All associations okay.
-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------
S1 eeCtrl (Symantec Eraser Control driver) - c:\program files\common files\symantec shared\eengine\eectrl.sys (file missing)
S1 SPBBCDrv - c:\program files\common files\symantec shared\spbbc\spbbcdrv.sys (file missing)
S1 SRTSP - c:\windows\system32\drivers\srtsp.sys (file missing)
S1 SRTSPX - c:\windows\system32\drivers\srtspx.sys (file missing)
S3 catchme - c:\docume~1\admini~1\locals~1\temp\catchme.sys (file missing)
S3 NAVENG - c:\progra~1\common~1\symant~1\virusd~1\20071101.016\naveng.sys (file missing)
S3 NAVEX15 - c:\progra~1\common~1\symant~1\virusd~1\20071101.016\navex15.sys (file missing)
S3 SRTSPL - c:\windows\system32\drivers\srtspl.sys (file missing)
S3 SYMIDSCO - c:\progra~1\common~1\symant~1\symcdata\ids-di~1\20071031.001\symidsco.sys (file missing)
S3 UIUSys (Conexant Setup API) - c:\windows\system32\drivers\uiusys.sys (file missing)
-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------
R2 AntiVirScheduler (AntiVir PersonalEdition Classic Scheduler) - "c:\program files\avira\antivir personaledition classic\sched.exe"
R2 GtFlashSwitch - "c:\program files\common files\gtflashswitch\gtflashswitch.exe"
S3 iPod Service (iPod-palvelu) - "c:\program files\ipod\bin\ipodservice.exe" (file missing)
S3 NBService - c:\program files\nero\nero 7\nero backitup\nbservice.exe
S3 ServiceLayer - "c:\program files\pc connectivity solution\servicelayer.exe"
-- Device Manager: Disabled ----------------------------------------------------
Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: 1394 Net Adapter
Device ID: V1394\NIC1394\D61B6F00241B00
Manufacturer: Microsoft
Name: 1394 Net Adapter #2
PNP Device ID: V1394\NIC1394\D61B6F00241B00
Service: NIC1394
-- Scheduled Tasks -------------------------------------------------------------
2008-01-29 13:26:06 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
-- Files created between 2008-01-04 and 2008-02-04 -----------------------------
2008-02-04 00:19:01 245792 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2008-02-03 11:42:12 0 d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-02-03 11:42:11 0 d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-02-03 11:21:25 53248 --a------ C:\WINDOWS\PSEXESVC.EXE
2008-02-03 10:47:56 68096 --a------ C:\WINDOWS\system32\zip.exe
2008-02-03 10:47:56 98816 --a------ C:\WINDOWS\system32\sed.exe
2008-02-03 10:47:56 80412 --a------ C:\WINDOWS\system32\grep.exe
2008-02-03 10:47:56 73728 --a------ C:\WINDOWS\system32\fdsv.exe
2008-01-29 13:26:03 0 d-------- C:\Documents and Settings\All Users\Application Data\Apple
2008-01-27 00:13:04 552 --a------ C:\WINDOWS\system32\d3d8caps.dat
2008-01-26 23:41:14 0 dr-h----- C:\Documents and Settings\Administrator\Recent
2008-01-26 23:39:26 0 d-------- C:\Program Files\CCleaner
2008-01-25 23:29:23 0 d-------- C:\Program Files\MSN Messenger
2008-01-25 23:09:20 0 d-------- C:\WINDOWS\D45EC2594A194656B588C2C360DD18EA.TMP
2008-01-25 21:52:35 0 d-------- C:\Documents and Settings\Administrator\Application Data\Grisoft
2008-01-25 21:52:24 0 d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-01-25 20:39:48 0 d-------- C:\WINDOWS\ERUNT
2008-01-25 20:23:40 0 d-------- C:\Documents and Settings\All Users\Application Data\MailFrontier
2008-01-25 20:23:35 4212 ---h----- C:\WINDOWS\system32\zllictbl.dat
2008-01-25 20:23:30 11264 --a------ C:\WINDOWS\system32\SpOrder.dll
2008-01-25 20:23:02 0 d-------- C:\WINDOWS\system32\ZoneLabs
2008-01-25 20:22:27 0 d-------- C:\WINDOWS\Internet Logs
2008-01-23 07:08:07 8 --a------ C:\WINDOWS\system32\6e9963f7
2008-01-21 14:18:36 0 d-------- C:\Program Files\Trend Micro
2008-01-21 13:58:39 0 d-------- C:\Documents and Settings\All Users\Application Data\Prevx
2008-01-21 13:58:17 0 d-------- C:\Documents and Settings\Administrator\Application Data\PrevxCSI
2008-01-19 21:02:31 0 d-------- C:\Program Files\Avira
2008-01-19 21:02:31 0 d-------- C:\Documents and Settings\All Users\Application Data\Avira
2008-01-11 07:06:24 0 d-------- C:\Documents and Settings\Administrator\Application Data\SystemRequirementsLab
2008-01-11 06:34:49 0 d-------- C:\Program Files\Valve
2008-01-06 18:23:36 0 d-------- C:\Program Files\Option
2008-01-06 18:23:36 0 d-------- C:\Program Files\Common Files\GtFlashSwitch
-- Find3M Report ---------------------------------------------------------------
2008-02-04 00:45:04 0 d-------- C:\Program Files\Java
2008-01-30 07:01:23 0 d-------- C:\Program Files\Common Files
2008-01-29 13:26:03 0 d-------- C:\Program Files\Apple Software Update
2008-01-25 21:01:53 1816 --a------ C:\WINDOWS\system32\tmp.reg
2008-01-21 15:04:47 0 d-------- C:\Program Files\TuneUp Utilities 2007
2008-01-21 14:10:13 0 d-------- C:\Program Files\Google
2008-01-20 14:32:26 0 d-------- C:\Documents and Settings\Administrator\Application Data\ICQ
2008-01-20 14:31:08 0 d-------- C:\Program Files\ICQToolbar
2008-01-20 06:51:31 0 d-------- C:\Program Files\QuickTime
2008-01-19 21:08:23 0 d-------- C:\Documents and Settings\Administrator\Application Data\Skype
2008-01-06 17:36:24 0 d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2
2008-01-06 16:04:17 0 d-------- C:\Program Files\Option(3)
2008-01-06 16:04:17 0 d-------- C:\Program Files\Common Files\GtFlashSwitch(3)
2008-01-06 16:03:24 0 d-------- C:\Documents and Settings\Administrator\Application Data\Adobe
2007-12-31 06:24:51 0 d-------- C:\Program Files\ArcSoft
2007-12-31 06:24:49 0 d-------- C:\Program Files\Common Files\Nokia
2007-12-31 06:24:43 0 d-------- C:\Documents and Settings\Administrator\Application Data\Yahoo!
2007-12-31 06:24:32 0 d-------- C:\Program Files\Opera
2007-12-31 06:24:21 0 d-------- C:\Program Files\Microsoft Works
2007-12-31 06:24:14 0 d-------- C:\Program Files\Nokia Maploader
2007-12-31 06:24:09 0 d-------- C:\Program Files\Option(2)
2007-12-31 06:24:09 0 d-------- C:\Program Files\Common Files\GtFlashSwitch(2)
2007-12-31 06:23:33 0 d------c- C:\Program Files\Common Files\WindowsLiveInstaller
2007-12-11 07:13:53 0 d-------- C:\Program Files\Canon
-- Registry Dump ---------------------------------------------------------------
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2006-08-18 10:00]
"MsmqIntCert"="regsvr32 /s mqrt.dll" []
"High Definition Audio Property Page Shortcut"="CHDAudPropShortcut.exe" [2006-06-02 02:02 C:\WINDOWS\system32\CHDAudPropShortcut.exe]
"QlbCtrl"="C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2006-06-19 10:33]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2007-11-14 16:05]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-08-18 10:00]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:55]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2006-03-15 22:00]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
BTTray.lnk - C:\Program Files\WIDCOMM\Bluetooth-ohjelmisto\BTTray.exe [2006-05-12 13:33:22]
GlobeTrotter Connect.lnk - C:\Program Files\Option\GlobeTrotter Connect\GlobeTrotter Connect.exe [2007-05-19 17:19:44]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PSEXESVC]
@="Service"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
-- End of Deckard's System Scanner: finished at 2008-02-04 22:26:31 ------------
Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------
-- System Information ----------------------------------------------------------
Microsoft Windows XP Professional (build 2600) SP 2.0
Architecture: X86; Language: English
CPU 0: AMD Turion(tm) 64 X2 Mobile Technology TL-56
CPU 1: AMD Turion(tm) 64 X2 Mobile Technology TL-56
Percentage of Memory in Use: 26%
Physical Memory (total/avail): 2046.54 MiB / 1497.93 MiB
Pagefile Memory (total/avail): 3942.34 MiB / 3373.75 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1928.03 MiB
C: is Fixed (NTFS) - 101.25 GiB total, 56.27 GiB free.
D: is Fixed (FAT32) - 9.5 GiB total, 1.37 GiB free.
E: is CDROM (No Media)
\\.\PHYSICALDRIVE0 - TOSHIBA MK1234GSX - 111.79 GiB - 3 partitions
\PARTITION0 (bootable) - Asennettava tiedostojärjestelmä - 101.25 GiB - C:
\PARTITION1 - Unknown - 9.52 GiB - D:
\PARTITION2 - Unknown - 1027.6 MiB
-- Security Center -------------------------------------------------------------
AUOptions is scheduled to auto-install.
Windows Internal Firewall is disabled.
FirstRunDisabled is set.
FW: Norton AntiVirus v2007 (Symantec Corporation)
FW: Sonera Tietoturva 6.02 v6.02 (F-Secure Corporation) [COLOR=RED]Disabled[/COLOR]
AV: Norton AntiVirus v2007 (Symantec Corporation)
AV: Avira AntiVir PersonalEdition v 7.0.2.88
(Avira GmbH)
[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Messenger"
-- Environment Variables -------------------------------------------------------
ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Administrator\Application Data
CLASSPATH=.;C:\Program Files\Java\jre1.6.0_03\lib\ext\QTJava.zip
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=AATU78
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Administrator
LOGONSERVER=\\AATU78
NUMBER_OF_PROCESSORS=2
OS=Windows_NT
Path=C:\Program Files\PC Connectivity Solution\;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\QuickTime\QTSystem\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PCTYPE=PAVILION
PLATFORM=MCD
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 72 Stepping 2, AuthenticAMD
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=4802
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\Java\jre1.6.0_03\lib\ext\QTJava.zip
SESSIONNAME=Console
SonicCentral=C:\Program Files\Common Files\Sonic Shared\Sonic Central\
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp
TMP=C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp
tvdumpflags=8
USERDOMAIN=AATU78
USERNAME=Administrator
USERPROFILE=C:\Documents and Settings\Administrator
windir=C:\WINDOWS
-- User Profiles ---------------------------------------------------------------
Administrator [I](admin)[/I]
-- Add/Remove Programs ---------------------------------------------------------
--> C:\Program Files\Nero\Nero 7\nero\uninstall\UNNERO.exe /UNINSTALL
--> C:\WINDOWS\system32\\MSIEXEC.EXE /x {075473F5-846A-448B-BCB3-104AA1760205}
--> C:\WINDOWS\system32\\MSIEXEC.EXE /x {AB708C9B-97C8-4AC9-899B-DBF226AC9382}
--> C:\WINDOWS\system32\\MSIEXEC.EXE /x {B12665F4-4E93-4AB4-B7FC-37053B524629}
--> C:\WINDOWS\UNNeroBackItUp.exe /UNINSTALL
--> C:\WINDOWS\UNNeroMediaHome.exe /UNINSTALL
--> C:\WINDOWS\UNNeroShowTime.exe /UNINSTALL
--> C:\WINDOWS\UNNeroVision.exe /UNINSTALL
--> C:\WINDOWS\UNRecode.exe /UNINSTALL
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{939F8208-C8CE-4AFF-B7BA-ACEB2E74A6CB}\Setup.exe"
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Reader 7.0.9 - Suomi --> MsiExec.exe /I{AC76BA86-7AD7-1035-7B44-A70900000002}
AppCore --> MsiExec.exe /I{EFB5B3B5-A280-4E25-BE1C-634EEFE32C1B}
Apple Software Update --> MsiExec.exe /I{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}
ArcSoft PhotoStudio 5.5 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{85309D89-7BE9-4094-BB17-24999C6118FC}\SETUP.EXE" -l0x9
AV --> MsiExec.exe /I{F4DB525F-A986-4249-B98B-42A8066251CA}
AVG Anti-Spyware 7.5 --> C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Uninstall.exe
Avira AntiVir PersonalEdition Classic --> C:\Program Files\Avira\AntiVir PersonalEdition Classic\SETUP.EXE /REMOVE
BitComet 0.82 --> C:\Program Files\BitComet\uninst.exe
BSPlayer --> "C:\Program Files\Webteh\BSplayerPro\uninstall.exe"
Canon MP Navigator 2.0 --> "C:\Program Files\Canon\MP Navigator 2.0\Maint.exe" /UninstallRemove C:\Program Files\Canon\MP Navigator 2.0\uninst.ini
Canon MP170 --> "C:\WINDOWS\system32\CanonMP Uninstaller Information\{91175441-4E5D-4e13-B116-828FD352CDB2}\DelDrv.exe" /U:{91175441-4E5D-4e13-B116-828FD352CDB2} /L0x0009
Canon Utilities Easy-PhotoPrint --> C:\Program Files\Canon\Easy-PhotoPrint\uninst.exe uninst.ini
ccCommon --> MsiExec.exe /I{3CCAD2EF-CFF2-4637-82AA-AABF370282D3}
CCleaner (remove only) --> "C:\Program Files\CCleaner\uninst.exe"
Conexant HD Audio --> C:\Program Files\CONEXANT\CNXT_HDAUDIO\HXFSETUP.EXE -U -IAt8VEN5a.inf
Easy-WebPrint --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Canon\Easy-WebPrint\Uninst.isu"
GlobeTrotter Connect --> MsiExec.exe /X{2EC2670A-A2DE-429D-AECB-B811AC3CD8EE}
Google Earth --> MsiExec.exe /I{1E04F83B-2AB9-4301-9EF7-E86307F79C72}
Half-Life(R) 2 --> MsiExec.exe /I{D45EC259-4A19-4656-B588-C2C360DD18EA}
HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
HP Help and Support --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A93C4E94-1005-489D-BEAA-B873C1AA6CFC}\setup.exe" -l0xb -removeonly
HP Imaging Device Functions 6.0 --> C:\Program Files\HP\Digital Imaging\DigitalImagingMonitor\hpzscr01.exe -datfile hpqbud01.dat
HP Integrated Module with Bluetooth wireless technology --> MsiExec.exe /X{3F4EC965-28EF-45C3-B063-04B25D4E9679}
HP Pavilion Webcam Tray Icon --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0C23BEBC-0429-4254-A83F-15C591AB768A}\Setup.exe" -l0x9
HP Photosmart Premier Software 6.0 --> C:\Program Files\HP\Digital Imaging\uninstall\hpzscr01.exe -datfile hpqscr01.dat
HP Quick Launch Buttons 6.10 A2 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{34D2AB40-150D-475D-AE32-BD23FB5EE355}\setup.exe" -l0xb -removeonly uninst
HP QuickPlay 2.3 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{45D707E9-F3C4-11D9-A373-0050BAE317E1}\setup.exe" -uninstall
HP Update --> MsiExec.exe /X{BB85ED9C-AFC9-43BD-B8DC-258C3C7DF72E}
HP User Guides 0031 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{13BCF6CB-2F54-4962-9B11-32F07048ACF3}\Setup.exe" -l0xb -removeonly
HP Wireless Assistant 2.00 G2 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{4302B2DD-D958-40E3-BAF3-B07FFE1978CE}\setup.exe" -l0xb hpquninst
Internet Worm Protection --> MsiExec.exe /I{2908F0CB-C1D4-447F-97A2-CFC135C9F8D4}
Java(TM) 6 Update 4 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160040}
Kaspersky Online Scanner --> C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavuninstall.exe
Localization Pack for Microsoft Windows XP Media Center Edition --> MsiExec.exe /I{9E667C7C-F80C-4B91-BCBA-01CBA164A5E9}
Macromedia Shockwave Player --> MsiExec.exe /X{838A1BC9-95CA-4880-9BE3-2A7D23600A2B}
Microsoft Works --> MsiExec.exe /I{2EF8368A-5670-45C0-82F1-D7B00F7E7AB8}
Microsoft Works 7.0 --> MsiExec.exe /I{323F6CCF-BBBA-41FB-AF39-62C4FE717CA4}
Mozilla Firefox (2.0.0.11) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe
Nero 7 Ultra Edition --> MsiExec.exe /I{235BBFC6-D863-4066-A01A-3BD504C31035}
Nokia Lifeblog 2.1 --> MsiExec.exe /I{EE565795-2776-415A-B31C-EB3A8D7C6FA4}
Nokia Maploader --> C:\Program Files\Nokia Maploader\Uninstall.exe
Nokia Software Updater --> MsiExec.exe /X{3186AEAE-E104-424D-9152-1BF6A4404758}
Norton AntiVirus --> MsiExec.exe /X{830D8CBD-C668-49e2-A969-C2C2106332E0}
Norton AntiVirus (Symantec Corporation) --> "C:\Program Files\Common Files\Symantec Shared\SymSetup\{830D8CBD-C668-49e2-A969-C2C2106332E0}_14_0_0_89\{830D8CBD-C668-49e2-A969-C2C2106332E0}.exe" /X
Norton AntiVirus Help --> MsiExec.exe /I{34EEB1F5-E939-40A1-A6BA-957282A4B2C8}
Norton AntiVirus Parent MSI --> MsiExec.exe /I{E5EE9939-259F-4DE2-8023-5C49E16A4F43}
Norton AntiVirus SYMLT MSI --> MsiExec.exe /I{D1FF75E7-DD42-4CFD-B052-20B3FFF4EDB8}
Norton Protection Center --> MsiExec.exe /I{9A129ABC-A53A-4209-A21E-D5DEDFB7CCA8}
NVIDIA Drivers --> C:\WINDOWS\system32\nvunrm.exe UninstallGUI
OmniPage SE 2.0 --> MsiExec.exe /I{79D5997E-BF79-48BB-8B41-9BE59C15C2D7}
Opera 9.23 --> MsiExec.exe /X{E9EEE4CB-CB2B-4273-9AF5-7E12022B444B}
PAF POKER (remove only) --> "C:\Program Files\PAFPoker\uninstall.exe"
PC Connectivity Solution --> MsiExec.exe /I{066D65EA-ED53-44E4-A96A-F81B6E409D2E}
PhotoFiltre --> "C:\Program Files\PhotoFiltre\Uninst.exe"
QuickTime --> MsiExec.exe /I{95A890AA-B3B1-44B6-9C18-A8F7AB3EE7FC}
Security Update for CAPICOM (KB931906) --> MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906) --> MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Skype™ 3.5 --> MsiExec.exe /X{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}
Soft Data Fax Modem with SmartCP --> C:\Program Files\CONEXANT\CNXT_MODEM_PCI_VEN_14F1&DEV_5045_at8ven5m\HXFSETUP.EXE -U -IAt8VEN5m.inf
Sonic Audio Module --> MsiExec.exe /I{AB708C9B-97C8-4AC9-899B-DBF226AC9382}
Sonic Copy Module --> MsiExec.exe /I{B12665F4-4E93-4AB4-B7FC-37053B524629}
Sonic Data Module --> MsiExec.exe /I{075473F5-846A-448B-BCB3-104AA1760205}
Sonic Express Labeler --> MsiExec.exe /I{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}
Sonic MyDVD Plus --> MsiExec.exe /I{21657574-BD54-48A2-9450-EB03B2C7FC29}
Sonic Update Manager --> MsiExec.exe /I{30465B6C-B53F-49A1-9EBA-A3F187AD502E}
SonicAC3Encoder --> MsiExec.exe /I{52FBAE98-D389-4281-8C14-21B4046CCB4E}
SonicMPEGEncoder --> MsiExec.exe /I{B16AF568-A644-483C-A6DA-5028CD019C8C}
SPBBC 32bit --> MsiExec.exe /I{77772678-817F-4401-9301-ED1D01A8DA56}
Spybot - Search & Destroy 1.4 --> "C:\Program Files\Spybot - Search & Destroy\unins000.exe"
Symantec --> MsiExec.exe /I{228F6876-A313-40A3-91C0-C3CBE6997D09}
SymNet --> MsiExec.exe /I{2DA85B02-13C0-4E6D-9A76-22E6B3DD0CB2}
Synaptics Pointing Device Driver --> rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
TuneUp Utilities 2007 --> MsiExec.exe /I{C8BB4912-12D9-42AE-B571-E580D8CD1B5B}
UltimateZip 2.7 --> "C:\Program Files\UltimateZip 2.7\unins000.exe"
VideoLAN VLC media player 0.8.6a --> C:\Program Files\VideoLAN\VLC\uninstall.exe
Winamp (remove only) --> "C:\Program Files\Winamp\UninstWA.exe"
Windows Driver Package - Nokia (WUDFRd) WPD (03/19/2007 6.83.31.1) --> C:\PROGRA~1\DIFX\D6ACC4BE676423A2B130B78A4B627FC457D98997\dpinst.exe /u C:\WINDOWS\system32\DRVSTORE\pccswpddri_039E7E24575DBAE6A389611AF28F4EB97729D33E\pccswpddriver.inf
Windows Live Messenger --> MsiExec.exe /I{DF6FEB75-A0D1-44E5-A754-0072D4967734}
Windows Media Connect --> "C:\WINDOWS\$NtUninstallWMCSetup$\spuninst\spuninst.exe"
Windows XP Media Center Edition 2005 KB888316 --> C:\WINDOWS\$NtUninstallKB888316$\spuninst\spuninst.exe
Windows XP Media Center Edition 2005 KB895678 --> C:\WINDOWS\$NtUninstallKB895678$\spuninst\spuninst.exe
Windows XP Media Center Edition 2005 KB908250 --> "C:\WINDOWS\$NtUninstallKB908250$\spuninst\spuninst.exe"
WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe
ZoneAlarm --> C:\Program Files\Zone Labs\ZoneAlarm\zauninst.exe
-- Application Event Log -------------------------------------------------------
Event Record #/Type21444 / Error
Event Submitted/Written: 02/04/2008 10:26:01 PM
Event ID/Source: 11 / crypt32
Event Description:
Kolmannen osapuolen pääluetteloa ei voi purkaa automaattisesti päivitetystä Cab-tiedostosta kohteessa; . Virhe: Vaadittu sertifikaatti ei ole voimassa järjestelmän nykyisen kellonajan tai allekirjoitetun tiedoston aikamerkinnän mukaan.
Event Record #/Type21436 / Success
Event Submitted/Written: 02/04/2008 08:47:18 PM
Event ID/Source: 12001 / usnjsvc
Event Description:
The Messenger Sharing USN Journal Reader service started successfully.
Event Record #/Type21422 / Success
Event Submitted/Written: 02/04/2008 04:13:51 PM
Event ID/Source: 12001 / usnjsvc
Event Description:
The Messenger Sharing USN Journal Reader service started successfully.
Event Record #/Type21408 / Success
Event Submitted/Written: 02/04/2008 01:23:24 AM
Event ID/Source: 12001 / usnjsvc
Event Description:
The Messenger Sharing USN Journal Reader service started successfully.
Event Record #/Type21392 / Error
Event Submitted/Written: 02/04/2008 00:46:07 AM
Event ID/Source: 11316 / MsiInstaller
Event Description:
Product: Java(TM) 6 Update 4 -- Error 1316.A network error occurred while attempting to read from the file C:\Documents and Settings\Administrator\Application Data\Sun\Java\jre1.6.0_04\jre1.6.0_04.msi
-- Security Event Log ----------------------------------------------------------
No Errors/Warnings found.
-- System Event Log ------------------------------------------------------------
Event Record #/Type26197 / Warning
Event Submitted/Written: 02/04/2008 07:05:45 PM
Event ID/Source: 4226 / Tcpip
Event Description:
TCP/IP saavutti yhtäaikaisille TCP-yhteysyrityksille asetetun suojausrajoituksen.
Event Record #/Type26196 / Error
Event Submitted/Written: 02/04/2008 06:57:34 PM
Event ID/Source: 1002 / Dhcp
Event Description:
DHCP-palvelin 217.78.193.147 eväsi IP-osoitteen 87.93.240.24 verkkokortilta, jonka verkko-osoite on 00F1D000F1D0
(DHCP-palvelin lähetti DHCPNACK-sanoman).
Event Record #/Type26180 / Error
Event Submitted/Written: 02/04/2008 06:56:12 PM
Event ID/Source: 7026 / Service Control Manager
Event Description:
Seuraava käynnistys- tai järjestelmäkäynnistysohjain ei latautunut:
eeCtrl
SPBBCDrv
SRTSP
SRTSPX
Event Record #/Type26171 / Error
Event Submitted/Written: 02/04/2008 04:12:54 PM
Event ID/Source: 1002 / Dhcp
Event Description:
DHCP-palvelin 217.78.193.147 eväsi IP-osoitteen 87.93.225.153 verkkokortilta, jonka verkko-osoite on 00F1D000F1D0
(DHCP-palvelin lähetti DHCPNACK-sanoman).
Event Record #/Type26154 / Error
Event Submitted/Written: 02/04/2008 04:10:47 PM
Event ID/Source: 7034 / Service Control Manager
Event Description:
Palvelu NVIDIA Display Driver Service lopetti yllättäen toimintansa. Se on tehnyt näin jo 1 kertaa.
-- End of Deckard's System Scanner: finished at 2008-02-04 22:26:31 ------------ - axa.doe
aatu kirjoitti:
Deckard's System Scanner v20071014.68
Run by Administrator on 2008-02-04 22:24:31
Computer is in Normal Mode.
--------------------------------------------------------------------------------
-- System Restore --------------------------------------------------------------
Successfully created a Deckard's System Scanner Restore Point.
-- Last 5 Restore Point(s) --
7: 2008-02-04 20:24:35 UTC - RP7 - Deckard's System Scanner Restore Point
6: 2008-02-03 22:44:28 UTC - RP6 - Installed Java(TM) 6 Update 4
5: 2008-02-03 22:29:56 UTC - RP5 - Removed J2SE Runtime Environment 5.0 Update 6
4: 2008-02-03 22:29:18 UTC - RP4 - Removed Java(TM) 6 Update 2
3: 2008-02-03 22:28:37 UTC - RP3 - Removed Java(TM) 6 Update 3
-- First Restore Point --
1: 2008-02-03 21:58:04 UTC - RP1 - Järjestelmän tarkistuspiste
Backed up registry hives.
Performed disk cleanup.
-- HijackThis (run as Administrator.exe) ---------------------------------------
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:25, on 2008-02-04
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\WIDCOMM\Bluetooth-ohjelmisto\bin\btwdins.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\GtFlashSwitch\GtFlashSwitch.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\mqsvc.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\WINDOWS\system32\mqtgsvc.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\WIDCOMM\Bluetooth-ohjelmisto\BTTray.exe
C:\Program Files\Option\GlobeTrotter Connect\GlobeTrotter Connect.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Administrator\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Administrator.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [MsmqIntCert] regsvr32 /s mqrt.dll
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] CHDAudPropShortcut.exe
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Paikallinen palve')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Verkkopalve')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: GlobeTrotter Connect.lnk = C:\Program Files\Option\GlobeTrotter Connect\GlobeTrotter Connect.exe
O8 - Extra context menu item: Download all links using BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: Download all videos using BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: Download link using &BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\WINDOWS\system32\shdocvw.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by115fd.bay115.hotmail.msn.com/resources/MsnPUpld.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: AddFiltr - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth-ohjelmisto\bin\btwdins.exe
O23 - Service: GtFlashSwitch - OptionNV - C:\Program Files\Common Files\GtFlashSwitch\GtFlashSwitch.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - c:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod-palvelu (iPod Service) - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing)
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
--
End of file - 6799 bytes
-- HijackThis Fixed Entries (C:\PROGRA~1\TRENDM~1\HIJACK~1\backups\) -----------
backup-20080121-142843-956 F3 - REG:win.ini: load=C:\WINDOWS\system32\awvvu.exe
backup-20080123-080634-593 O2 - BHO: (no name) - {55FFF4FB-8E67-42B3-AE65-096502A00CD1} - C:\WINDOWS\system32\awvvu.dll (file missing)
backup-20080123-080716-326 O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - (no file)
backup-20080130-064032-142 O20 - Winlogon Notify: mljijif - mljijif.dll (file missing)
backup-20080131-220348-992 O20 - Winlogon Notify: mljijif - C:\WINDOWS\
-- File Associations -----------------------------------------------------------
All associations okay.
-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------
S1 eeCtrl (Symantec Eraser Control driver) - c:\program files\common files\symantec shared\eengine\eectrl.sys (file missing)
S1 SPBBCDrv - c:\program files\common files\symantec shared\spbbc\spbbcdrv.sys (file missing)
S1 SRTSP - c:\windows\system32\drivers\srtsp.sys (file missing)
S1 SRTSPX - c:\windows\system32\drivers\srtspx.sys (file missing)
S3 catchme - c:\docume~1\admini~1\locals~1\temp\catchme.sys (file missing)
S3 NAVENG - c:\progra~1\common~1\symant~1\virusd~1\20071101.016\naveng.sys (file missing)
S3 NAVEX15 - c:\progra~1\common~1\symant~1\virusd~1\20071101.016\navex15.sys (file missing)
S3 SRTSPL - c:\windows\system32\drivers\srtspl.sys (file missing)
S3 SYMIDSCO - c:\progra~1\common~1\symant~1\symcdata\ids-di~1\20071031.001\symidsco.sys (file missing)
S3 UIUSys (Conexant Setup API) - c:\windows\system32\drivers\uiusys.sys (file missing)
-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------
R2 AntiVirScheduler (AntiVir PersonalEdition Classic Scheduler) - "c:\program files\avira\antivir personaledition classic\sched.exe"
R2 GtFlashSwitch - "c:\program files\common files\gtflashswitch\gtflashswitch.exe"
S3 iPod Service (iPod-palvelu) - "c:\program files\ipod\bin\ipodservice.exe" (file missing)
S3 NBService - c:\program files\nero\nero 7\nero backitup\nbservice.exe
S3 ServiceLayer - "c:\program files\pc connectivity solution\servicelayer.exe"
-- Device Manager: Disabled ----------------------------------------------------
Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: 1394 Net Adapter
Device ID: V1394\NIC1394\D61B6F00241B00
Manufacturer: Microsoft
Name: 1394 Net Adapter #2
PNP Device ID: V1394\NIC1394\D61B6F00241B00
Service: NIC1394
-- Scheduled Tasks -------------------------------------------------------------
2008-01-29 13:26:06 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
-- Files created between 2008-01-04 and 2008-02-04 -----------------------------
2008-02-04 00:19:01 245792 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2008-02-03 11:42:12 0 d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-02-03 11:42:11 0 d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-02-03 11:21:25 53248 --a------ C:\WINDOWS\PSEXESVC.EXE
2008-02-03 10:47:56 68096 --a------ C:\WINDOWS\system32\zip.exe
2008-02-03 10:47:56 98816 --a------ C:\WINDOWS\system32\sed.exe
2008-02-03 10:47:56 80412 --a------ C:\WINDOWS\system32\grep.exe
2008-02-03 10:47:56 73728 --a------ C:\WINDOWS\system32\fdsv.exe
2008-01-29 13:26:03 0 d-------- C:\Documents and Settings\All Users\Application Data\Apple
2008-01-27 00:13:04 552 --a------ C:\WINDOWS\system32\d3d8caps.dat
2008-01-26 23:41:14 0 dr-h----- C:\Documents and Settings\Administrator\Recent
2008-01-26 23:39:26 0 d-------- C:\Program Files\CCleaner
2008-01-25 23:29:23 0 d-------- C:\Program Files\MSN Messenger
2008-01-25 23:09:20 0 d-------- C:\WINDOWS\D45EC2594A194656B588C2C360DD18EA.TMP
2008-01-25 21:52:35 0 d-------- C:\Documents and Settings\Administrator\Application Data\Grisoft
2008-01-25 21:52:24 0 d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-01-25 20:39:48 0 d-------- C:\WINDOWS\ERUNT
2008-01-25 20:23:40 0 d-------- C:\Documents and Settings\All Users\Application Data\MailFrontier
2008-01-25 20:23:35 4212 ---h----- C:\WINDOWS\system32\zllictbl.dat
2008-01-25 20:23:30 11264 --a------ C:\WINDOWS\system32\SpOrder.dll
2008-01-25 20:23:02 0 d-------- C:\WINDOWS\system32\ZoneLabs
2008-01-25 20:22:27 0 d-------- C:\WINDOWS\Internet Logs
2008-01-23 07:08:07 8 --a------ C:\WINDOWS\system32\6e9963f7
2008-01-21 14:18:36 0 d-------- C:\Program Files\Trend Micro
2008-01-21 13:58:39 0 d-------- C:\Documents and Settings\All Users\Application Data\Prevx
2008-01-21 13:58:17 0 d-------- C:\Documents and Settings\Administrator\Application Data\PrevxCSI
2008-01-19 21:02:31 0 d-------- C:\Program Files\Avira
2008-01-19 21:02:31 0 d-------- C:\Documents and Settings\All Users\Application Data\Avira
2008-01-11 07:06:24 0 d-------- C:\Documents and Settings\Administrator\Application Data\SystemRequirementsLab
2008-01-11 06:34:49 0 d-------- C:\Program Files\Valve
2008-01-06 18:23:36 0 d-------- C:\Program Files\Option
2008-01-06 18:23:36 0 d-------- C:\Program Files\Common Files\GtFlashSwitch
-- Find3M Report ---------------------------------------------------------------
2008-02-04 00:45:04 0 d-------- C:\Program Files\Java
2008-01-30 07:01:23 0 d-------- C:\Program Files\Common Files
2008-01-29 13:26:03 0 d-------- C:\Program Files\Apple Software Update
2008-01-25 21:01:53 1816 --a------ C:\WINDOWS\system32\tmp.reg
2008-01-21 15:04:47 0 d-------- C:\Program Files\TuneUp Utilities 2007
2008-01-21 14:10:13 0 d-------- C:\Program Files\Google
2008-01-20 14:32:26 0 d-------- C:\Documents and Settings\Administrator\Application Data\ICQ
2008-01-20 14:31:08 0 d-------- C:\Program Files\ICQToolbar
2008-01-20 06:51:31 0 d-------- C:\Program Files\QuickTime
2008-01-19 21:08:23 0 d-------- C:\Documents and Settings\Administrator\Application Data\Skype
2008-01-06 17:36:24 0 d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2
2008-01-06 16:04:17 0 d-------- C:\Program Files\Option(3)
2008-01-06 16:04:17 0 d-------- C:\Program Files\Common Files\GtFlashSwitch(3)
2008-01-06 16:03:24 0 d-------- C:\Documents and Settings\Administrator\Application Data\Adobe
2007-12-31 06:24:51 0 d-------- C:\Program Files\ArcSoft
2007-12-31 06:24:49 0 d-------- C:\Program Files\Common Files\Nokia
2007-12-31 06:24:43 0 d-------- C:\Documents and Settings\Administrator\Application Data\Yahoo!
2007-12-31 06:24:32 0 d-------- C:\Program Files\Opera
2007-12-31 06:24:21 0 d-------- C:\Program Files\Microsoft Works
2007-12-31 06:24:14 0 d-------- C:\Program Files\Nokia Maploader
2007-12-31 06:24:09 0 d-------- C:\Program Files\Option(2)
2007-12-31 06:24:09 0 d-------- C:\Program Files\Common Files\GtFlashSwitch(2)
2007-12-31 06:23:33 0 d------c- C:\Program Files\Common Files\WindowsLiveInstaller
2007-12-11 07:13:53 0 d-------- C:\Program Files\Canon
-- Registry Dump ---------------------------------------------------------------
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2006-08-18 10:00]
"MsmqIntCert"="regsvr32 /s mqrt.dll" []
"High Definition Audio Property Page Shortcut"="CHDAudPropShortcut.exe" [2006-06-02 02:02 C:\WINDOWS\system32\CHDAudPropShortcut.exe]
"QlbCtrl"="C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2006-06-19 10:33]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2007-11-14 16:05]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-08-18 10:00]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:55]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2006-03-15 22:00]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
BTTray.lnk - C:\Program Files\WIDCOMM\Bluetooth-ohjelmisto\BTTray.exe [2006-05-12 13:33:22]
GlobeTrotter Connect.lnk - C:\Program Files\Option\GlobeTrotter Connect\GlobeTrotter Connect.exe [2007-05-19 17:19:44]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PSEXESVC]
@="Service"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
-- End of Deckard's System Scanner: finished at 2008-02-04 22:26:31 ------------
Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------
-- System Information ----------------------------------------------------------
Microsoft Windows XP Professional (build 2600) SP 2.0
Architecture: X86; Language: English
CPU 0: AMD Turion(tm) 64 X2 Mobile Technology TL-56
CPU 1: AMD Turion(tm) 64 X2 Mobile Technology TL-56
Percentage of Memory in Use: 26%
Physical Memory (total/avail): 2046.54 MiB / 1497.93 MiB
Pagefile Memory (total/avail): 3942.34 MiB / 3373.75 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1928.03 MiB
C: is Fixed (NTFS) - 101.25 GiB total, 56.27 GiB free.
D: is Fixed (FAT32) - 9.5 GiB total, 1.37 GiB free.
E: is CDROM (No Media)
\\.\PHYSICALDRIVE0 - TOSHIBA MK1234GSX - 111.79 GiB - 3 partitions
\PARTITION0 (bootable) - Asennettava tiedostojärjestelmä - 101.25 GiB - C:
\PARTITION1 - Unknown - 9.52 GiB - D:
\PARTITION2 - Unknown - 1027.6 MiB
-- Security Center -------------------------------------------------------------
AUOptions is scheduled to auto-install.
Windows Internal Firewall is disabled.
FirstRunDisabled is set.
FW: Norton AntiVirus v2007 (Symantec Corporation)
FW: Sonera Tietoturva 6.02 v6.02 (F-Secure Corporation) [COLOR=RED]Disabled[/COLOR]
AV: Norton AntiVirus v2007 (Symantec Corporation)
AV: Avira AntiVir PersonalEdition v 7.0.2.88
(Avira GmbH)
[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Messenger"
-- Environment Variables -------------------------------------------------------
ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Administrator\Application Data
CLASSPATH=.;C:\Program Files\Java\jre1.6.0_03\lib\ext\QTJava.zip
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=AATU78
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Administrator
LOGONSERVER=\\AATU78
NUMBER_OF_PROCESSORS=2
OS=Windows_NT
Path=C:\Program Files\PC Connectivity Solution\;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\QuickTime\QTSystem\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PCTYPE=PAVILION
PLATFORM=MCD
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 72 Stepping 2, AuthenticAMD
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=4802
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\Java\jre1.6.0_03\lib\ext\QTJava.zip
SESSIONNAME=Console
SonicCentral=C:\Program Files\Common Files\Sonic Shared\Sonic Central\
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp
TMP=C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp
tvdumpflags=8
USERDOMAIN=AATU78
USERNAME=Administrator
USERPROFILE=C:\Documents and Settings\Administrator
windir=C:\WINDOWS
-- User Profiles ---------------------------------------------------------------
Administrator [I](admin)[/I]
-- Add/Remove Programs ---------------------------------------------------------
--> C:\Program Files\Nero\Nero 7\nero\uninstall\UNNERO.exe /UNINSTALL
--> C:\WINDOWS\system32\\MSIEXEC.EXE /x {075473F5-846A-448B-BCB3-104AA1760205}
--> C:\WINDOWS\system32\\MSIEXEC.EXE /x {AB708C9B-97C8-4AC9-899B-DBF226AC9382}
--> C:\WINDOWS\system32\\MSIEXEC.EXE /x {B12665F4-4E93-4AB4-B7FC-37053B524629}
--> C:\WINDOWS\UNNeroBackItUp.exe /UNINSTALL
--> C:\WINDOWS\UNNeroMediaHome.exe /UNINSTALL
--> C:\WINDOWS\UNNeroShowTime.exe /UNINSTALL
--> C:\WINDOWS\UNNeroVision.exe /UNINSTALL
--> C:\WINDOWS\UNRecode.exe /UNINSTALL
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{939F8208-C8CE-4AFF-B7BA-ACEB2E74A6CB}\Setup.exe"
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Reader 7.0.9 - Suomi --> MsiExec.exe /I{AC76BA86-7AD7-1035-7B44-A70900000002}
AppCore --> MsiExec.exe /I{EFB5B3B5-A280-4E25-BE1C-634EEFE32C1B}
Apple Software Update --> MsiExec.exe /I{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}
ArcSoft PhotoStudio 5.5 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{85309D89-7BE9-4094-BB17-24999C6118FC}\SETUP.EXE" -l0x9
AV --> MsiExec.exe /I{F4DB525F-A986-4249-B98B-42A8066251CA}
AVG Anti-Spyware 7.5 --> C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Uninstall.exe
Avira AntiVir PersonalEdition Classic --> C:\Program Files\Avira\AntiVir PersonalEdition Classic\SETUP.EXE /REMOVE
BitComet 0.82 --> C:\Program Files\BitComet\uninst.exe
BSPlayer --> "C:\Program Files\Webteh\BSplayerPro\uninstall.exe"
Canon MP Navigator 2.0 --> "C:\Program Files\Canon\MP Navigator 2.0\Maint.exe" /UninstallRemove C:\Program Files\Canon\MP Navigator 2.0\uninst.ini
Canon MP170 --> "C:\WINDOWS\system32\CanonMP Uninstaller Information\{91175441-4E5D-4e13-B116-828FD352CDB2}\DelDrv.exe" /U:{91175441-4E5D-4e13-B116-828FD352CDB2} /L0x0009
Canon Utilities Easy-PhotoPrint --> C:\Program Files\Canon\Easy-PhotoPrint\uninst.exe uninst.ini
ccCommon --> MsiExec.exe /I{3CCAD2EF-CFF2-4637-82AA-AABF370282D3}
CCleaner (remove only) --> "C:\Program Files\CCleaner\uninst.exe"
Conexant HD Audio --> C:\Program Files\CONEXANT\CNXT_HDAUDIO\HXFSETUP.EXE -U -IAt8VEN5a.inf
Easy-WebPrint --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Canon\Easy-WebPrint\Uninst.isu"
GlobeTrotter Connect --> MsiExec.exe /X{2EC2670A-A2DE-429D-AECB-B811AC3CD8EE}
Google Earth --> MsiExec.exe /I{1E04F83B-2AB9-4301-9EF7-E86307F79C72}
Half-Life(R) 2 --> MsiExec.exe /I{D45EC259-4A19-4656-B588-C2C360DD18EA}
HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
HP Help and Support --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A93C4E94-1005-489D-BEAA-B873C1AA6CFC}\setup.exe" -l0xb -removeonly
HP Imaging Device Functions 6.0 --> C:\Program Files\HP\Digital Imaging\DigitalImagingMonitor\hpzscr01.exe -datfile hpqbud01.dat
HP Integrated Module with Bluetooth wireless technology --> MsiExec.exe /X{3F4EC965-28EF-45C3-B063-04B25D4E9679}
HP Pavilion Webcam Tray Icon --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0C23BEBC-0429-4254-A83F-15C591AB768A}\Setup.exe" -l0x9
HP Photosmart Premier Software 6.0 --> C:\Program Files\HP\Digital Imaging\uninstall\hpzscr01.exe -datfile hpqscr01.dat
HP Quick Launch Buttons 6.10 A2 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{34D2AB40-150D-475D-AE32-BD23FB5EE355}\setup.exe" -l0xb -removeonly uninst
HP QuickPlay 2.3 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{45D707E9-F3C4-11D9-A373-0050BAE317E1}\setup.exe" -uninstall
HP Update --> MsiExec.exe /X{BB85ED9C-AFC9-43BD-B8DC-258C3C7DF72E}
HP User Guides 0031 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{13BCF6CB-2F54-4962-9B11-32F07048ACF3}\Setup.exe" -l0xb -removeonly
HP Wireless Assistant 2.00 G2 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{4302B2DD-D958-40E3-BAF3-B07FFE1978CE}\setup.exe" -l0xb hpquninst
Internet Worm Protection --> MsiExec.exe /I{2908F0CB-C1D4-447F-97A2-CFC135C9F8D4}
Java(TM) 6 Update 4 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160040}
Kaspersky Online Scanner --> C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavuninstall.exe
Localization Pack for Microsoft Windows XP Media Center Edition --> MsiExec.exe /I{9E667C7C-F80C-4B91-BCBA-01CBA164A5E9}
Macromedia Shockwave Player --> MsiExec.exe /X{838A1BC9-95CA-4880-9BE3-2A7D23600A2B}
Microsoft Works --> MsiExec.exe /I{2EF8368A-5670-45C0-82F1-D7B00F7E7AB8}
Microsoft Works 7.0 --> MsiExec.exe /I{323F6CCF-BBBA-41FB-AF39-62C4FE717CA4}
Mozilla Firefox (2.0.0.11) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe
Nero 7 Ultra Edition --> MsiExec.exe /I{235BBFC6-D863-4066-A01A-3BD504C31035}
Nokia Lifeblog 2.1 --> MsiExec.exe /I{EE565795-2776-415A-B31C-EB3A8D7C6FA4}
Nokia Maploader --> C:\Program Files\Nokia Maploader\Uninstall.exe
Nokia Software Updater --> MsiExec.exe /X{3186AEAE-E104-424D-9152-1BF6A4404758}
Norton AntiVirus --> MsiExec.exe /X{830D8CBD-C668-49e2-A969-C2C2106332E0}
Norton AntiVirus (Symantec Corporation) --> "C:\Program Files\Common Files\Symantec Shared\SymSetup\{830D8CBD-C668-49e2-A969-C2C2106332E0}_14_0_0_89\{830D8CBD-C668-49e2-A969-C2C2106332E0}.exe" /X
Norton AntiVirus Help --> MsiExec.exe /I{34EEB1F5-E939-40A1-A6BA-957282A4B2C8}
Norton AntiVirus Parent MSI --> MsiExec.exe /I{E5EE9939-259F-4DE2-8023-5C49E16A4F43}
Norton AntiVirus SYMLT MSI --> MsiExec.exe /I{D1FF75E7-DD42-4CFD-B052-20B3FFF4EDB8}
Norton Protection Center --> MsiExec.exe /I{9A129ABC-A53A-4209-A21E-D5DEDFB7CCA8}
NVIDIA Drivers --> C:\WINDOWS\system32\nvunrm.exe UninstallGUI
OmniPage SE 2.0 --> MsiExec.exe /I{79D5997E-BF79-48BB-8B41-9BE59C15C2D7}
Opera 9.23 --> MsiExec.exe /X{E9EEE4CB-CB2B-4273-9AF5-7E12022B444B}
PAF POKER (remove only) --> "C:\Program Files\PAFPoker\uninstall.exe"
PC Connectivity Solution --> MsiExec.exe /I{066D65EA-ED53-44E4-A96A-F81B6E409D2E}
PhotoFiltre --> "C:\Program Files\PhotoFiltre\Uninst.exe"
QuickTime --> MsiExec.exe /I{95A890AA-B3B1-44B6-9C18-A8F7AB3EE7FC}
Security Update for CAPICOM (KB931906) --> MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906) --> MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Skype™ 3.5 --> MsiExec.exe /X{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}
Soft Data Fax Modem with SmartCP --> C:\Program Files\CONEXANT\CNXT_MODEM_PCI_VEN_14F1&DEV_5045_at8ven5m\HXFSETUP.EXE -U -IAt8VEN5m.inf
Sonic Audio Module --> MsiExec.exe /I{AB708C9B-97C8-4AC9-899B-DBF226AC9382}
Sonic Copy Module --> MsiExec.exe /I{B12665F4-4E93-4AB4-B7FC-37053B524629}
Sonic Data Module --> MsiExec.exe /I{075473F5-846A-448B-BCB3-104AA1760205}
Sonic Express Labeler --> MsiExec.exe /I{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}
Sonic MyDVD Plus --> MsiExec.exe /I{21657574-BD54-48A2-9450-EB03B2C7FC29}
Sonic Update Manager --> MsiExec.exe /I{30465B6C-B53F-49A1-9EBA-A3F187AD502E}
SonicAC3Encoder --> MsiExec.exe /I{52FBAE98-D389-4281-8C14-21B4046CCB4E}
SonicMPEGEncoder --> MsiExec.exe /I{B16AF568-A644-483C-A6DA-5028CD019C8C}
SPBBC 32bit --> MsiExec.exe /I{77772678-817F-4401-9301-ED1D01A8DA56}
Spybot - Search & Destroy 1.4 --> "C:\Program Files\Spybot - Search & Destroy\unins000.exe"
Symantec --> MsiExec.exe /I{228F6876-A313-40A3-91C0-C3CBE6997D09}
SymNet --> MsiExec.exe /I{2DA85B02-13C0-4E6D-9A76-22E6B3DD0CB2}
Synaptics Pointing Device Driver --> rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
TuneUp Utilities 2007 --> MsiExec.exe /I{C8BB4912-12D9-42AE-B571-E580D8CD1B5B}
UltimateZip 2.7 --> "C:\Program Files\UltimateZip 2.7\unins000.exe"
VideoLAN VLC media player 0.8.6a --> C:\Program Files\VideoLAN\VLC\uninstall.exe
Winamp (remove only) --> "C:\Program Files\Winamp\UninstWA.exe"
Windows Driver Package - Nokia (WUDFRd) WPD (03/19/2007 6.83.31.1) --> C:\PROGRA~1\DIFX\D6ACC4BE676423A2B130B78A4B627FC457D98997\dpinst.exe /u C:\WINDOWS\system32\DRVSTORE\pccswpddri_039E7E24575DBAE6A389611AF28F4EB97729D33E\pccswpddriver.inf
Windows Live Messenger --> MsiExec.exe /I{DF6FEB75-A0D1-44E5-A754-0072D4967734}
Windows Media Connect --> "C:\WINDOWS\$NtUninstallWMCSetup$\spuninst\spuninst.exe"
Windows XP Media Center Edition 2005 KB888316 --> C:\WINDOWS\$NtUninstallKB888316$\spuninst\spuninst.exe
Windows XP Media Center Edition 2005 KB895678 --> C:\WINDOWS\$NtUninstallKB895678$\spuninst\spuninst.exe
Windows XP Media Center Edition 2005 KB908250 --> "C:\WINDOWS\$NtUninstallKB908250$\spuninst\spuninst.exe"
WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe
ZoneAlarm --> C:\Program Files\Zone Labs\ZoneAlarm\zauninst.exe
-- Application Event Log -------------------------------------------------------
Event Record #/Type21444 / Error
Event Submitted/Written: 02/04/2008 10:26:01 PM
Event ID/Source: 11 / crypt32
Event Description:
Kolmannen osapuolen pääluetteloa ei voi purkaa automaattisesti päivitetystä Cab-tiedostosta kohteessa; . Virhe: Vaadittu sertifikaatti ei ole voimassa järjestelmän nykyisen kellonajan tai allekirjoitetun tiedoston aikamerkinnän mukaan.
Event Record #/Type21436 / Success
Event Submitted/Written: 02/04/2008 08:47:18 PM
Event ID/Source: 12001 / usnjsvc
Event Description:
The Messenger Sharing USN Journal Reader service started successfully.
Event Record #/Type21422 / Success
Event Submitted/Written: 02/04/2008 04:13:51 PM
Event ID/Source: 12001 / usnjsvc
Event Description:
The Messenger Sharing USN Journal Reader service started successfully.
Event Record #/Type21408 / Success
Event Submitted/Written: 02/04/2008 01:23:24 AM
Event ID/Source: 12001 / usnjsvc
Event Description:
The Messenger Sharing USN Journal Reader service started successfully.
Event Record #/Type21392 / Error
Event Submitted/Written: 02/04/2008 00:46:07 AM
Event ID/Source: 11316 / MsiInstaller
Event Description:
Product: Java(TM) 6 Update 4 -- Error 1316.A network error occurred while attempting to read from the file C:\Documents and Settings\Administrator\Application Data\Sun\Java\jre1.6.0_04\jre1.6.0_04.msi
-- Security Event Log ----------------------------------------------------------
No Errors/Warnings found.
-- System Event Log ------------------------------------------------------------
Event Record #/Type26197 / Warning
Event Submitted/Written: 02/04/2008 07:05:45 PM
Event ID/Source: 4226 / Tcpip
Event Description:
TCP/IP saavutti yhtäaikaisille TCP-yhteysyrityksille asetetun suojausrajoituksen.
Event Record #/Type26196 / Error
Event Submitted/Written: 02/04/2008 06:57:34 PM
Event ID/Source: 1002 / Dhcp
Event Description:
DHCP-palvelin 217.78.193.147 eväsi IP-osoitteen 87.93.240.24 verkkokortilta, jonka verkko-osoite on 00F1D000F1D0
(DHCP-palvelin lähetti DHCPNACK-sanoman).
Event Record #/Type26180 / Error
Event Submitted/Written: 02/04/2008 06:56:12 PM
Event ID/Source: 7026 / Service Control Manager
Event Description:
Seuraava käynnistys- tai järjestelmäkäynnistysohjain ei latautunut:
eeCtrl
SPBBCDrv
SRTSP
SRTSPX
Event Record #/Type26171 / Error
Event Submitted/Written: 02/04/2008 04:12:54 PM
Event ID/Source: 1002 / Dhcp
Event Description:
DHCP-palvelin 217.78.193.147 eväsi IP-osoitteen 87.93.225.153 verkkokortilta, jonka verkko-osoite on 00F1D000F1D0
(DHCP-palvelin lähetti DHCPNACK-sanoman).
Event Record #/Type26154 / Error
Event Submitted/Written: 02/04/2008 04:10:47 PM
Event ID/Source: 7034 / Service Control Manager
Event Description:
Palvelu NVIDIA Display Driver Service lopetti yllättäen toimintansa. Se on tehnyt näin jo 1 kertaa.
-- End of Deckard's System Scanner: finished at 2008-02-04 22:26:31 ------------Tyhjennä C:\PROGRAM Files\TRENDMicro\HIJACKThis\backups\
- aatu
axa.doe kirjoitti:
Tyhjennä C:\PROGRAM Files\TRENDMicro\HIJACKThis\backups\
Windows Registry Editor Version 5.00
; Registry Search 2.0 by Bobbi Flekman © 2005
; Version: 2.0.5.0
; Results at 2008-02-06 12:50:25 for strings:
; 'norton antivirus v2007'
; Strings excluded from search:
; (None)
; Search in:
; Registry Keys Registry Values Registry Data
; HKEY_LOCAL_MACHINE HKEY_USERS
; End Of The Log...
tänään kävi joku ihme juttuu tässä mun koneella, kun olin menossa poistaan nuita hijackthis backupeja niin huomasin että piilotetut kansiot ja tiedostot oli ilmestyny taas näkyviin ja oli tullu myös "paikallinen levy (F:)" jonka päällä oli kysymysmerkki ja sitä ei voinu avata... kuitenkin käytin nettiä kiinni ja vähänajan päästä se hävis kuin tuhka tuuleen... - axa.doe
aatu kirjoitti:
moro axa.doe :)mulle tuli myös tuon mesen kautta virus/viruksia koneelle ja tein nuo sinun kaikki neuvot, mutta edelleen minun antivir hälyttää kokoajan troijan hevosia... missähän vika...?
tässä hijackthis raportti skannauksien ja puhdistusten jälkeen:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 0:37:33, on 27.1.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\WIDCOMM\Bluetooth-ohjelmisto\BTTray.exe
C:\Program Files\Option\GlobeTrotter Connect\GlobeTrotter Connect.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\WIDCOMM\Bluetooth-ohjelmisto\bin\btwdins.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\GtFlashSwitch\GtFlashSwitch.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\mqsvc.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\WINDOWS\system32\mqtgsvc.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5AAF23D8-4489-43D8-A064-319D1254ABCA} - C:\WINDOWS\system32\mljijif.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {958C2C5C-D7F4-40E4-BC7D-506826B97484} - (no file)
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /nodetect
O4 - HKLM\..\Run: [MsmqIntCert] regsvr32 /s mqrt.dll
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] CHDAudPropShortcut.exe
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Paikallinen palve')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Verkkopalve')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: GlobeTrotter Connect.lnk = C:\Program Files\Option\GlobeTrotter Connect\GlobeTrotter Connect.exe
O8 - Extra context menu item: Download all links using BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: Download all videos using BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: Download link using &BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\WINDOWS\system32\shdocvw.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by115fd.bay115.hotmail.msn.com/resources/MsnPUpld.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Filter hijack: text/html - {2AB289AE-4B90-4281-B2AE-1F4BB034B647} - (no file)
O20 - Winlogon Notify: mljijif - C:\WINDOWS\SYSTEM32\mljijif.dll
O23 - Service: AddFiltr - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth-ohjelmisto\bin\btwdins.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: DomainService - Unknown owner - C:\WINDOWS\system32\ikrhiyxd.exe (file missing)
O23 - Service: GtFlashSwitch - OptionNV - C:\Program Files\Common Files\GtFlashSwitch\GtFlashSwitch.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - c:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod-palvelu (iPod Service) - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing)
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Unknown owner - C:\Program Files\Norton AntiVirus\isPwdSvc.exe (file missing)
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Unknown owner - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe (file missing)
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
--
End of file - 8555 bytes
ja tässä tuo AVG:n raportti:
---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------
Created at: 0:30:47 27.1.2008
Scan result:
Nothing found.
::Report end
palomuurina mulla on tuo windowsin oma palomuuri...Viestihierarkia estää vastaamasta edelliseen..
Regsearch ei löytynyt mitään. Uusi haku: Klikkaa taas regsearch.exeä, ja kirjoita hakuun
Symantec
Käytit nettiä kiinni? Selainta, et koko konetta?
Sinulla on kaksi levyosiota, D on Fattina?
Testaa-> Software Inspectorilla http://secunia.com/software_inspector/ kaipaavatko koneesi ohjelmat päivittämistä.
Klikkaat "Start now" ja ruksaa "Enable thorough system inspection." Ohjelma tarkistaa asennettujen ohjelmien versiot
koneelta, ja antaa linkit mistä päivittää ne.
***
Asenna vielä SpywareBlaster, ohjeita kuvineen http://koti.mbnet.fi/pattaya1/spywareblaster.htm
Ei vie koneen tehoja mutta on hyvä suoja :)
Lähetä regsearchin logi :) - aatu
axa.doe kirjoitti:
Viestihierarkia estää vastaamasta edelliseen..
Regsearch ei löytynyt mitään. Uusi haku: Klikkaa taas regsearch.exeä, ja kirjoita hakuun
Symantec
Käytit nettiä kiinni? Selainta, et koko konetta?
Sinulla on kaksi levyosiota, D on Fattina?
Testaa-> Software Inspectorilla http://secunia.com/software_inspector/ kaipaavatko koneesi ohjelmat päivittämistä.
Klikkaat "Start now" ja ruksaa "Enable thorough system inspection." Ohjelma tarkistaa asennettujen ohjelmien versiot
koneelta, ja antaa linkit mistä päivittää ne.
***
Asenna vielä SpywareBlaster, ohjeita kuvineen http://koti.mbnet.fi/pattaya1/spywareblaster.htm
Ei vie koneen tehoja mutta on hyvä suoja :)
Lähetä regsearchin logi :)Windows Registry Editor Version 5.00
; Registry Search 2.0 by Bobbi Flekman © 2005
; Version: 2.0.5.0
; Results at 2008-02-06 22:32:03 for strings:
; 'symantec'
; Strings excluded from search:
; (None)
; Search in:
; Registry Keys Registry Values Registry Data
; HKEY_LOCAL_MACHINE HKEY_USERS
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\Symantec.Norton.Antivirus.IEContextMenu]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{E39D1C81-7E76-4d84-9F25-E2CC76EC050B}]
"LocalService"="Symantec Core LC"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{03970E0C-9DA6-460E-A754-FAD0FA3F7037}\ProgID]
@="Symantec.Norton.AntiVirus.SnoozeAlert.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{03970E0C-9DA6-460E-A754-FAD0FA3F7037}\VersionIndependentProgID]
@="Symantec.Norton.AntiVirus.SnoozeAlert"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{085ABFE2-D753-445C-8A2A-D4BD46CE0811}]
@="Symantec.Norton.AntiVirus.NAVOptions Class"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{085ABFE2-D753-445C-8A2A-D4BD46CE0811}\ProgID]
@="Symantec.Norton.AntiVirus.NAVOptions.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{085ABFE2-D753-445C-8A2A-D4BD46CE0811}\VersionIndependentProgID]
@="Symantec.Norton.AntiVirus.NAVOptions"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{117891BF-AE4C-4E57-959E-0E0CA7A71E48}\InprocServer32]
@="C:\\Program Files\\Common Files\\Symantec Shared\\SymSHAx.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{117891BF-AE4C-4E57-959E-0E0CA7A71E48}\ToolboxBitmap32]
@="C:\\Program Files\\Common Files\\Symantec Shared\\SymSHAx.dll, 104"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{311CF1A1-872A-4ED5-943F-058C886E2F7F}\ProgID]
@="Symantec.CommonClient.ccEvtMgr.ModuleManager.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{311CF1A1-872A-4ED5-943F-058C886E2F7F}\VersionIndependentProgID]
@="Symantec.CommonClient.ccEvtMgr.ModuleManager"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5EA5E43F-0449-4CD8-9947-4EFAE455A4E8}\InprocServer32]
@="C:\\Program Files\\Common Files\\Symantec Shared\\OPC\\{31011D49-D90C-4da0-878B-78D28AD507AF}\\SymUIAx2.ocx"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{60C70E11-2B08-4798-B366-C8450CDA7B1A}\LocalServer32]
@="C:\\Program Files\\Common Files\\Symantec Shared\\CCPD-LC\\symlcsvc.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{62FAA135-84EB-4225-B2D5-707DDB884B51}\InprocServer32]
@="C:\\Program Files\\Common Files\\Symantec Shared\\OPC\\{31011D49-D90C-4da0-878B-78D28AD507AF}\\SymUIAx2.ocx"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{62FAA135-84EB-4225-B2D5-707DDB884B51}\ToolboxBitmap32]
@="C:\\Program Files\\Common Files\\Symantec Shared\\OPC\\{31011D49-D90C-4da0-878B-78D28AD507AF}\\SymUIAx2.ocx, 1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8EC217F4-3428-4881-8019-AA8A19C2F07F}\ProgID]
@="Symantec.CommonClient.ccSetMgr.SettingsService.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8EC217F4-3428-4881-8019-AA8A19C2F07F}\VersionIndependentProgID]
@="Symantec.CommonClient.ccSetMgr.SettingsService"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9B663083-7F14-4E27-9933-D55F162F1FCC}]
@="Symantec.Norton.Antivirus.NAVOptionGroup Class"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9B663083-7F14-4E27-9933-D55F162F1FCC}\ProgID]
@="Symantec.Norton.Antivirus.NAVOptionGroup.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9B663083-7F14-4E27-9933-D55F162F1FCC}\VersionIndependentProgID]
@="Symantec.Norton.Antivirus.NAVOptionGroup"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B8E914C1-A516-421F-B413-B32B3FA3F18F}\ProgID]
@="Symantec.CommonClient.ccEvtMgr.LogManager.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B8E914C1-A516-421F-B413-B32B3FA3F18F}\VersionIndependentProgID]
@="Symantec.CommonClient.ccEvtMgr.LogManager"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DE1F7EEF-1851-11D3-939E-0004AC1ABE1F}]
@="Symantec Norton AntiVirus OfficeAntiVirus Class"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E8DEB7D4-EAE2-45AF-B0F5-0B6D9ADF2850}\InprocServer32]
@="C:\\Program Files\\Common Files\\Symantec Shared\\ccSetEvt.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E8DEB7D4-EAE2-45AF-B0F5-0B6D9ADF2850}\ProgID]
@="Symantec.CommonClient.ccSetEvt.SettingsChangeEvent.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E8DEB7D4-EAE2-45AF-B0F5-0B6D9ADF2850}\VersionIndependentProgID]
@="Symantec.CommonClient.ccSetEvt.SettingsChangeEvent"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F181CBB8-795E-4e16-AEB8-254501FE9C30}\ProgID]
@="Symantec.Norton.AntiVirus.ThreatsByVID.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F181CBB8-795E-4e16-AEB8-254501FE9C30}\VersionIndependentProgID]
@="Symantec.Norton.AntiVirus.ThreatsByVID"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FAD61B3D-699D-49B2-BE16-7F82CB4C59CA}\ProgID]
@="Symantec.Norton.Antivirus.IEContextMenu.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FAD61B3D-699D-49B2-BE16-7F82CB4C59CA}\VersionIndependentProgID]
@="Symantec.Norton.Antivirus.IEContextMenu"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Drive\shellex\ContextMenuHandlers\Symantec.Norton.Antivirus.IEContextMenu]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\file\ShellEx\ContextMenuHandlers\Symantec.Norton.Antivirus.IEContextMenu]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\Symantec.Norton.Antivirus.IEContextMenu]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\6786F822313A3A04190C3CBC6E99D790]
"ProductName"="Symantec"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\9F47B39B28AE21549A6A2D6A058B0649]
"ProductName"="Symantec Real Time Storage Protection Component"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\9F47B39B28AE21549A6A2D6A058B0649\SourceList]
; Contents of value:
; n;1;C:\DOCUME~1\ALLUSE~1\APPLIC~1\Symantec\LIVEUP~1\DOWNLO~1\Updt6\
"LastUsedSource"=hex(2):6e,00,3b,00,31,00,3b,00,43,00,3a,00,5c,00,44,00,4f,00,\
43,00,55,00,4d,00,45,00,7e,00,31,00,5c,00,41,00,4c,00,4c,00,55,00,53,00,45,\
00,7e,00,31,00,5c,00,41,00,50,00,50,00,4c,00,49,00,43,00,7e,00,31,00,5c,00,\
53,00,79,00,6d,00,61,00,6e,00,74,00,65,00,63,00,5c,00,4c,00,49,00,56,00,45,\
00,55,00,50,00,7e,00,31,00,5c,00,44,00,4f,00,57,00,4e,00,4c,00,4f,00,7e,00,\
31,00,5c,00,55,00,70,00,64,00,74,00,36,00,5c,00,00,00
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\9F47B39B28AE21549A6A2D6A058B0649\SourceList\Net]
; Contents of value:
; C:\DOCUME~1\ALLUSE~1\APPLIC~1\Symantec\LIVEUP~1\DOWNLO~1\Updt6\
"1"=hex(2):43,00,3a,00,5c,00,44,00,4f,00,43,00,55,00,4d,00,45,00,7e,00,31,00,\
5c,00,41,00,4c,00,4c,00,55,00,53,00,45,00,7e,00,31,00,5c,00,41,00,50,00,50,\
00,4c,00,49,00,43,00,7e,00,31,00,5c,00,53,00,79,00,6d,00,61,00,6e,00,74,00,\
65,00,63,00,5c,00,4c,00,49,00,56,00,45,00,55,00,50,00,7e,00,31,00,5c,00,44,\
00,4f,00,57,00,4e,00,4c,00,4f,00,7e,00,31,00,5c,00,55,00,70,00,64,00,74,00,\
36,00,5c,00,00,00
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\NortonAntiVirus.OfficeAntiVirus]
@="Symantec Norton AntiVirus OfficeAntiVirus Class"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\NortonAntiVirus.OfficeAntiVirus.1]
@="Symantec Norton AntiVirus OfficeAntiVirus Class"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Symantec.CommonClient.ccEvtMgr.LogManager]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Symantec.CommonClient.ccEvtMgr.LogManager\CLSID]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Symantec.CommonClient.ccEvtMgr.LogManager\CurVer]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Symantec.CommonClient.ccEvtMgr.LogManager\CurVer]
@="Symantec.CommonClient.ccEvtMgr.LogManager.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Symantec.CommonClient.ccEvtMgr.LogManager.1]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Symantec.CommonClient.ccEvtMgr.LogManager.1\CLSID]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Symantec.CommonClient.ccEvtMgr.ModuleManager]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Symantec.CommonClient.ccEvtMgr.ModuleManager\CLSID]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Symantec.CommonClient.ccEvtMgr.ModuleManager\CurVer]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Symantec.CommonClient.ccEvtMgr.ModuleManager\CurVer]
@="Symantec.CommonClient.ccEvtMgr.ModuleManager.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Symantec.CommonClient.ccEvtMgr.ModuleManager.1]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Symantec.CommonClient.ccEvtMgr.ModuleManager.1\CLSID]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Symantec.CommonClient.ccSetEvt.SettingsChangeEvent]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Symantec.CommonClient.ccSetEvt.SettingsChangeEvent\CLSID]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Symantec.CommonClient.ccSetEvt.SettingsChangeEvent\CurVer]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Symantec.CommonClient.ccSetEvt.SettingsChangeEvent\CurVer]
@="Symantec.CommonClient.ccSetEvt.SettingsChangeEvent.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Symantec.CommonClient.ccSetEvt.SettingsChangeEvent.1]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Symantec.CommonClient.ccSetEvt.SettingsChangeEvent.1\CLSID]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Symantec.CommonClient.ccSetMgr.SettingsService]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Symantec.CommonClient.ccSetMgr.SettingsService\CLSID]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Symantec.CommonClient.ccSetMgr.SettingsService\CurVer]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Symantec.CommonClient.ccSetMgr.SettingsService\CurVer]
@="Symantec.CommonClient.ccSetMgr.SettingsService.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Symantec.CommonClient.ccSetMgr.SettingsService.1]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Symantec.CommonClient.ccSetMgr.SettingsService.1\CLSID]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Symantec.isPassword]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Symantec.isPassword\CLSID]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Symantec.isPassword\CurVer]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Symantec.isPassword\CurVer]
@="Symantec.isPassword.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Symantec.isPassword.1]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Symantec.isPassword.1\CLSID]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Symantec.Norton.Antivirus.IEContextMenu]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Symantec.Norton.Antivirus.IEContextMenu\CLSID]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Symantec.Norton.Antivirus.IEContextMenu\CurVer]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Symantec.Norton.Antivirus.IEContextMenu\CurVer]
@="Symantec.Norton.Antivirus.IEContextMenu.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Symantec.Norton.Antivirus.IEContextMenu.1]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Symantec.Norton.Antivirus.IEContextMenu.1\CLSID]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Symantec.Norton.Antivirus.NAVOptionGroup]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Symantec.Norton.Antivirus.NAVOptionGroup]
@="Symantec.Norton.Antivirus.NAVOptionGroup Class"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Symantec.Norton.Antivirus.NAVOptionGroup\CLSID]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Symantec.Norton.Antivirus.NAVOptionGroup\CurVer]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Symantec.Norton.Antivirus.NAVOptionGroup\CurVer]
@="Symantec.Norton.Antivirus.NAVOptionGroup.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Symantec.Norton.Antivirus.NAVOptionGroup.1]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Symantec.Norton.Antivirus.NAVOptionGroup.1]
@="Symantec.Norton.Antivirus.NAVOptionGroup Class"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Symantec.Norton.Antivirus.NAVOptionGroup.1\CLSID]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Symantec.Norton.AntiVirus.NAVOptions]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Symantec.Norton.AntiVirus.NAVOptions]
@="Symantec.Norton.AntiVirus.NAVOptions Class"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Symantec.Norton.AntiVirus.NAVOptions\CLSID]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Symantec.Norton.AntiVirus.NAVOptions\CurVer]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Symantec.Norton.AntiVirus.NAVOptions\CurVer]
@="Symantec.Norton.AntiVirus.NAVOptions.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Symantec.Norton.AntiVirus.NAVOptions.1]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Symantec.Norton.AntiVirus.NAVOptions.1]
@="Symantec.Norton.AntiVirus.NAVOptions Class"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Symantec.Norton.AntiVirus.NAVOptions.1\CLSID]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Symantec.Norton.AntiVirus.SnoozeAlert]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Symantec.Norton.AntiVirus.SnoozeAlert\CLSID]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Symantec.Norton.AntiVirus.SnoozeAlert\CurVer]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Symantec.Norton.AntiVirus.SnoozeAlert\CurVer]
@="Symantec.Norton.AntiVirus.SnoozeAlert.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Symantec.Norton.AntiVirus.SnoozeAlert.1]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Symantec.Norton.AntiVirus.SnoozeAlert.1\CLSID]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Symantec.Norton.AntiVirus.ThreatsByVID]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Symantec.Norton.AntiVirus.ThreatsByVID\CLSID]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Symantec.Norton.AntiVirus.ThreatsByVID\CurVer]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Symantec.Norton.AntiVirus.ThreatsByVID\CurVer]
@="Symantec.Norton.AntiVirus.ThreatsByVID.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Symantec.Norton.AntiVirus.ThreatsByVID.1]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Symantec.Norton.AntiVirus.ThreatsByVID.1\CLSID]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{0E15F5F6-D369-47db-BE42-B61270883572}\1.0\0\win32]
@="C:\\Program Files\\Common Files\\Symantec Shared\\OPC\\{31011D49-D90C-4da0-878B-78D28AD507AF}\\CfgWiz.tlb"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{0E15F5F6-D369-47db-BE42-B61270883572}\1.0\HELPDIR]
@="C:\\Program Files\\Common Files\\Symantec Shared\\OPC\\{31011D49-D90C-4da0-878B-78D28AD507AF}\\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{54635C92-DFAF-4A99-8802-92FB068A6154}\1.0]
@="Symantec Core LC Type Library"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{54635C92-DFAF-4A99-8802-92FB068A6154}\1.0\0\win32]
@="C:\\Program Files\\Common Files\\Symantec Shared\\CCPD-LC\\symlcsvc.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{54635C92-DFAF-4A99-8802-92FB068A6154}\1.0\HELPDIR]
@="C:\\Program Files\\Common Files\\Symantec Shared\\CCPD-LC\\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{60681DC5-21B2-4264-B1F1-E1289819E023}\1.0\0\win32]
@="C:\\Program Files\\Common Files\\Symantec Shared\\ccEvtMgr.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{60681DC5-21B2-4264-B1F1-E1289819E023}\1.0\HELPDIR]
@="C:\\Program Files\\Common Files\\Symantec Shared\\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{7DBB70B5-8001-4616-B7BE-94DF8C945512}\1.0\0\win32]
@="C:\\Program Files\\Common Files\\Symantec Shared\\SRTSP\\Srtsp32.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{7DBB70B5-8001-4616-B7BE-94DF8C945512}\1.0\HELPDIR]
@="C:\\Program Files\\Common Files\\Symantec Shared\\SRTSP\\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{C9C05A42-D571-4B3C-8F11-D6D6A81C90EB}\1.0\0\win32]
@="C:\\Program Files\\Common Files\\Symantec Shared\\SPBBC\\SPBBCEvt.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{D323F395-AA30-4DF9-A379-2F3F4819AB00}\1.0]
@="Symantec.Norton.AntiVirus.NAVOptions 1.0 Type Library"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{DB491B25-6E24-4C5A-8A12-D5B543205DBF}\1.0\0\win32]
@="C:\\Program Files\\Common Files\\Symantec Shared\\OPC\\{31011D49-D90C-4da0-878B-78D28AD507AF}\\SymUIAx2.ocx"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{DB491B25-6E24-4C5A-8A12-D5B543205DBF}\1.0\HELPDIR]
@="C:\\Program Files\\Common Files\\Symantec Shared\\OPC\\{31011D49-D90C-4da0-878B-78D28AD507AF}\\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{DE1F7EE0-1851-11D3-939E-0004AC1ABE1F}\1.0]
@="Symantec AntiVirus OfficeAntiVirus 1.0 Type Library"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\MCUI32.exe]
"Path"="C:\\Program Files\\Common Files\\Symantec Shared\\SecurityHistory\\;C:\\Program Files\\Common Files\\Symantec Shared\\;"
@="C:\\Program Files\\Common Files\\Symantec Shared\\SecurityHistory\\MCUI32.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\uiStub.exe]
"Path"="C:\\Program Files\\Common Files\\Symantec Shared\\NPC\\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"c:\\Documents and Settings\\All Users\\Application Data\\Symantec\\Common Client\\"="1"
"C:\\Program Files\\Common Files\\Symantec Shared\\MSL\\"=""
"C:\\Documents and Settings\\All Users\\Application Data\\Symantec\\SubEng\\Temp\\"="1"
"C:\\Documents and Settings\\All Users\\Application Data\\Symantec\\SubEng\\"="1"
"C:\\Program Files\\Common Files\\Symantec Shared\\CF\\Manifests\\"=""
"C:\\Program Files\\Common Files\\Symantec Shared\\CF\\"=""
"C:\\Program Files\\Common Files\\Symantec Shared\\Options\\"=""
"C:\\Program Files\\Common Files\\Symantec Shared\\SecurityHistory\\"=""
"C:\\Program Files\\Common Files\\Symantec Shared\\SubmissionEngine\\"=""
"C:\\Program Files\\Common Files\\Symantec Shared\\NPC\\"="1"
"C:\\Program Files\\Common Files\\Symantec Shared\\SymTheme\\"="1"
"C:\\Program Files\\Common Files\\Symantec Shared\\SymTheme\\1.0\\"=""
"C:\\Program Files\\Common Files\\Symantec Shared\\SymHTML\\1.0\\"=""
"C:\\Program Files\\Common Files\\Symantec Shared\\SymHTML\\"=""
"C:\\Program Files\\Common Files\\Symantec Shared\\OPC\\{31011D49-D90C-4da0-878B-78D28AD507AF}\\"=""
"C:\\Program Files\\Common Files\\Symantec Shared\\OPC\\"=""
"C:\\Program Files\\Common Files\\Symantec Shared\\IDS\\"="1"
"C:\\Documents and Settings\\All Users\\Application Data\\Symantec\\IDS\\"="1"
"C:\\Program Files\\Common Files\\Symantec Shared\\AppCore\\"=""
"C:\\Program Files\\Common Files\\Symantec Shared\\COH\\"="1"
"C:\\Documents and Settings\\All Users\\Application Data\\Symantec\\Shared\\QBackup\\"="1"
"C:\\Documents and Settings\\All Users\\Application Data\\Symantec\\Shared\\"="1"
"C:\\Documents and Settings\\All Users\\Application Data\\Symantec\\SyKnAppS\\Freezer\\"="1"
"C:\\Documents and Settings\\All Users\\Application Data\\Symantec\\SyKnAppS\\"="1"
"C:\\Documents and Settings\\All Users\\Application Data\\Symantec\\SyKnAppS\\LiveUpdate\\"="1"
"C:\\Documents and Settings\\All Users\\Application Data\\Symantec\\SyKnAppS\\Updates\\"="1"
"C:\\Program Files\\Common Files\\Symantec Shared\\AntiVirus\\"=""
"C:\\Documents and Settings\\All Users\\Application Data\\Symantec\\SRTSP\\SrtETmp\\"="1"
"C:\\Documents and Settings\\All Users\\Application Data\\Symantec\\SRTSP\\"="1"
"C:\\Program Files\\Common Files\\Symantec Shared\\SRTSP\\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\004C36741AEE44B488D180BEF3F6FA66]
"5B3B5BFE082A52E4EBC136E4FE3EC2B1"="C:\\Program Files\\Common Files\\Symantec Shared\\AppCore\\AppPlg32.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\014636D5B24C16B40956E2764656D2F4]
"87627777F71810443910DED1108AAD65"="C:\\Program Files\\Common Files\\Symantec Shared\\SPBBC\\TPDef.dat"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\01E798707741D4F408C0DC063E2AB8C9]
"DBC8D038866C2e949A962C2C0136230E"="C:\\Program Files\\Common Files\\Symantec Shared\\SPManifests\\NAVEvent.spm"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0288F3C31E075C14A8A06B68F1728D95]
"5F1BEE43939E1A046AAB5927284A2B8C"="C?\\Program Files\\Common Files\\Symantec Shared\\Help\\SYM_IA.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\02963CCCAFEE30847AE42DDB3EEDFE74]
"CBA921A9A35A90242AE15DEDFD7BCC8A"="C?\\Program Files\\Common Files\\Symantec Shared\\NPC\\NSCWSCR2.DLL"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\02DD143A4A26566408B49995B1EFA63F]
"9F47B39B28AE21549A6A2D6A058B0649"="C:\\Program Files\\Common Files\\Symantec Shared\\SPManifests\\srt.spm"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0330AC69A87333941AC284AE55BD3540]
"DBC8D038866C2e949A962C2C0136230E"="C:\\Program Files\\Common Files\\Symantec Shared\\SPManifests\\DefAlert.spm"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\03A9FC3E3E95C0740A521901F8767CB1]
"BC0F80924D1CF744792AFC1C539C8F4D"="C:\\Program Files\\Common Files\\Symantec Shared\\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\03FE058C68C13F949B357E5FD3543A60]
"BC0F80924D1CF744792AFC1C539C8F4D"="C:\\Program Files\\Common Files\\Symantec Shared\\CF\\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\04DEDDA6511C8C847B6D9188421615B3]
"7E57FF1D24DDDFC40B25023BFF4FDE8B"="02:\\SOFTWARE\\Symantec\\CCPD\\CUW\\Modules\\{1717D63D-0995-4120-8DE7-0051ED05D378}\\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\057C1291E3AF4DC49804EAE83FB848B5]
"9399EE5EF9522ED40832C5941EA6F434"="C?\\Program Files\\Common Files\\Symantec Shared\\SPManifests\\osCheck.grd"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\05A4A08667005584CACC2F54DB27E634]
"5F1BEE43939E1A046AAB5927284A2B8C"="C?\\Program Files\\Common Files\\Symantec Shared\\Help\\unin.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0600E2C975DF9D042A5189B24519594F]
"DBC8D038866C2e949A962C2C0136230E"="02:\\Software\\Symantec\\InstalledApps\\NAVNT"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\075603C1A0A349649BF01150129CC6A5]
"FE2DACC32FFC736428AAAAFB7320283D"="C:\\Documents and Settings\\All Users\\Application Data\\Symantec\\Common Client\\"
"BC0F80924D1CF744792AFC1C539C8F4D"="C:\\Documents and Settings\\All Users\\Application Data\\Symantec\\Common Client\\"
"DBC8D038866C2e949A962C2C0136230E"="C:\\Documents and Settings\\All Users\\Application Data\\Symantec\\Common Client\\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\07C5353B8B88CF841931E223A8F6FE1A]
"7E57FF1D24DDDFC40B25023BFF4FDE8B"="C?\\Program Files\\Common Files\\Symantec Shared\\OPC\\{31011D49-D90C-4da0-878B-78D28AD507AF}\\SymHost.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\08BD09D4CDC879A4F8782F45101CACCA]
"5B3B5BFE082A52E4EBC136E4FE3EC2B1"="C:\\Program Files\\Common Files\\Symantec Shared\\AppCore\\AppSvc32.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0919F779039492B4EBCBA4FE4D5FE167]
"CBA921A9A35A90242AE15DEDFD7BCC8A"="C?\\Program Files\\Common Files\\Symantec Shared\\NPC\\PEPEvnt.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\099321B84C2C2BB41851CA389FB70165]
"20B58AD20C31D6E4A967226E3BDDC02B"="C:\\Program Files\\Common Files\\Symantec Shared\\SPManifests\\Snd.spm"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0AC6CD7E40074B445BD03609B1B002B1]
"5F1BEE43939E1A046AAB5927284A2B8C"="C?\\Program Files\\Common Files\\Symantec Shared\\Help\\IWP_FWcs.chm"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0BA54A281EFF56F4C9A11DF6295073D2]
"BC0F80924D1CF744792AFC1C539C8F4D"="C?\\Program Files\\Common Files\\Symantec Shared\\SPManifests\\SPLVPlug.spm"
"DBC8D038866C2e949A962C2C0136230E"="C?\\Program Files\\Common Files\\Symantec Shared\\SPManifests\\SPLVPlug.spm"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0C389EE5A5F174545BCA501441CE623E]
"DBC8D038866C2e949A962C2C0136230E"="C?\\Program Files\\Common Files\\Symantec Shared\\SPManifests\\SMNLnch.grd"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0C8F566CEA001F943A1DEEF074599FDF]
"DBC8D038866C2e949A962C2C0136230E"="C:\\Program Files\\Common Files\\Symantec Shared\\SMNLnch.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0DE0D10EE51026D46A5FD6C960B32DC7]
"F525BD4F689A94249BB8248A602615AC"="C:\\Documents and Settings\\All Users\\Application Data\\Symantec\\SyKnAppS\\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0E78EB76F5E8848498F2D6CAD211E3E1]
"F525BD4F689A94249BB8248A602615AC"="C:\\Documents and Settings\\All Users\\Application Data\\Symantec\\SyKnAppS\\Updates\\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\10329A7AB213b0b4C90B545B39627A0F]
"7E57FF1D24DDDFC40B25023BFF4FDE8B"="C?\\Program Files\\Common Files\\Symantec Shared\\SPManifests\\ShrdRent.spm"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\126A4A0DD2C5B994F9171B66877DDF1D]
"BC0F80924D1CF744792AFC1C539C8F4D"="C?\\Program Files\\Common Files\\Symantec Shared\\CF\\Manifests\\ISFWReg.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\12A05DBB74D0EA94E9187CB7C7493E77]
"CBA921A9A35A90242AE15DEDFD7BCC8A"="C?\\Program Files\\Common Files\\Symantec Shared\\NPC\\npcWmiCl.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1320AC6CA3C6BE348BCCF3A944187592]
"CBA921A9A35A90242AE15DEDFD7BCC8A"="C:\\Program Files\\Common Files\\Symantec Shared\\SymTheme\\1.0\\SymTheme.dll"
"00000000000000000000000000000000"="C:\\Program Files\\Common Files\\Symantec Shared\\SymTheme\\1.0\\SymTheme.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1320C6D5FEC04214982C98A35FC1FF6D]
"FE2DACC32FFC736428AAAAFB7320283D"="C:\\Program Files\\Common Files\\Symantec Shared\\SPManifests\\ccCommon.grd"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\145FDFDEEDAD7D54ABEDAB4C231A0972]
"BC0F80924D1CF744792AFC1C539C8F4D"="C?\\Program Files\\Common Files\\Symantec Shared\\Firewall\\FWRulMtn.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1489BDE07E47BE142B91DAF45843B1B0]
"5F1BEE43939E1A046AAB5927284A2B8C"="C?\\Program Files\\Common Files\\Symantec Shared\\Help\\NAV_007.chm"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\15E6AE69D474F3F4CA40C97240884521]
"FE2DACC32FFC736428AAAAFB7320283D"="C:\\Program Files\\Common Files\\Symantec Shared\\ccErrDsp.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\16808795F439F7E488DF599DE0F71CC7]
"FE2DACC32FFC736428AAAAFB7320283D"="C:\\Documents and Settings\\All Users\\Application Data\\Symantec\\Common Client\\Temp\\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\16C5C1911ECFCE4489B8FE21429C2299]
"9399EE5EF9522ED40832C5941EA6F434"="C?\\Program Files\\Common Files\\Symantec Shared\\SPManifests\\isRes.grd"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\192BCB16F5DEE874FB776000C1EDFBF6]
"9F47B39B28AE21549A6A2D6A058B0649"="C:\\Program Files\\Common Files\\Symantec Shared\\SRTSP\\srtUnin.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\19513656DD80D3F42BF0CB440281D136]
"CBA921A9A35A90242AE15DEDFD7BCC8A"="C?\\Program Files\\Common Files\\Symantec Shared\\NPC\\NSCPLUG2.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1992CF21290F3ED46A5BFA64916A4E2C]
"20B58AD20C31D6E4A967226E3BDDC02B"="C?\\Program Files\\Common Files\\Symantec Shared\\IDS\\IdsInst.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\19E2A33BE39764B41A3FA6A811E2430A]
"BC0F80924D1CF744792AFC1C539C8F4D"="C?\\Program Files\\Common Files\\Symantec Shared\\Firewall\\FWCmpCtl.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1A951DB9A1F3F844A9148B18B292825F]
"9399EE5EF9522ED40832C5941EA6F434"="C:\\Program Files\\Common Files\\Symantec Shared\\SubmissionEngine\\SUBRES.loc"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1B070EE9DD504674082E7B2A08283353]
"7E57FF1D24DDDFC40B25023BFF4FDE8B"="C?\\Program Files\\Common Files\\Symantec Shared\\SPManifests\\Symcuw.grd"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1B8F7B76B2A3B0A40A3937498B2C8B0F]
"DBC8D038866C2e949A962C2C0136230E"="02:\\Software\\Symantec\\InstalledApps\\NAV"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1D2A21950EF961E4A85E3B1FC298A50E]
"7E57FF1D24DDDFC40B25023BFF4FDE8B"="C:\\Program Files\\Common Files\\Symantec Shared\\OPC\\{31011D49-D90C-4da0-878B-78D28AD507AF}\\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1F3633DEEE6A4064CB2B744F3977B740]
"9399EE5EF9522ED40832C5941EA6F434"="C?\\Program Files\\Common Files\\Symantec Shared\\SPManifests\\isPwdSvc.grd"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\20F90FDA7EC33F14F98BE0D0DC4AA7B9]
"CBA921A9A35A90242AE15DEDFD7BCC8A"="C?\\Program Files\\Common Files\\Symantec Shared\\CF\\Manifests\\uiCFReg.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2152F86FEF35F504F97FB78DD22BA758]
"9F47B39B28AE21549A6A2D6A058B0649"="C:\\Program Files\\Common Files\\Symantec Shared\\SRTSP\\Srtsp32.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\23227B2A7565f7c488801DD83F18F19B]
"9399EE5EF9522ED40832C5941EA6F434"="C?\\Program Files\\Common Files\\Symantec Shared\\SPManifests\\CLTWrap.grd"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\264D8F51844D0984B8C0207B16CD3DE5]
"5F1BEE43939E1A046AAB5927284A2B8C"="C?\\Program Files\\Common Files\\Symantec Shared\\Help\\IWP_feat.chm"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2A0FE241FFEFFF842A931A326E5E9A8D]
"5B3B5BFE082A52E4EBC136E4FE3EC2B1"="C:\\Program Files\\Common Files\\Symantec Shared\\AppCore\\AppReg32.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2C8A8BE9137FE0240B18BE65BCFA2172]
"BC0F80924D1CF744792AFC1C539C8F4D"="C:\\Program Files\\Common Files\\Symantec Shared\\Firewall\\FWCfg.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2E0E3AC586E450848BDFF8BDAA3AF964]
"DBC8D038866C2e949A962C2C0136230E"="C:\\Documents and Settings\\All Users\\Application Data\\Symantec\\Norton AntiVirus\\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2E53A294F83182D45A3785356A851754]
"FE2DACC32FFC736428AAAAFB7320283D"="C:\\Program Files\\Common Files\\Symantec Shared\\ccInst.dll"
"00000000000000000000000000000000"="C:\\Program Files\\Common Files\\Symantec Shared\\ccInst.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2F7E90858B8A6DF45B6174B9CA82E9A6]
"87627777F71810443910DED1108AAD65"="C?\\Program Files\\Common Files\\Symantec Shared\\SPBBC\\UpdMgr.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3024198938D653b4795B63A8E996F73D]
"7E57FF1D24DDDFC40B25023BFF4FDE8B"="C?\\Program Files\\Common Files\\Symantec Shared\\SPManifests\\CfgWiz.spm"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3035C23AD68FA3942A5596F63D6CD691]
"7E57FF1D24DDDFC40B25023BFF4FDE8B"="C?\\Program Files\\Common Files\\Symantec Shared\\OPC\\{31011D49-D90C-4da0-878B-78D28AD507AF}\\cltBTPgS.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\31F53FE94552931419B3DD0EB5410812]
"5F1BEE43939E1A046AAB5927284A2B8C"="C?\\Program Files\\Common Files\\Symantec Shared\\Help\\symhelp.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\333D0370E776E1B449C9DDFB1103A97B]
"CBA921A9A35A90242AE15DEDFD7BCC8A"="C?\\Program Files\\Common Files\\Symantec Shared\\NPC\\npcWmiMn.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\336CD3BC7E82E45459691ABCB463679B]
"5F1BEE43939E1A046AAB5927284A2B8C"="C?\\Program Files\\Common Files\\Symantec Shared\\Help\\disable.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\33B4C06182B6D8C4799931A0532C4534]
"5F1BEE43939E1A046AAB5927284A2B8C"="C?\\Program Files\\Common Files\\Symantec Shared\\Help\\NAV_unin.chm"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\33DC2D2C146Cecd4D83C5660FC330EAE]
"7E57FF1D24DDDFC40B25023BFF4FDE8B"="C?\\Program Files\\Common Files\\Symantec Shared\\OPC\\{31011D49-D90C-4da0-878B-78D28AD507AF}\\SymCAbt.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\353148F2ADB2C7348B654607D44BA4BF]
"9399EE5EF9522ED40832C5941EA6F434"="C?\\Program Files\\Common Files\\Symantec Shared\\CF\\cfLUCbk.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3538FE3431421C5418366717CD90DEFE]
"5F1BEE43939E1A046AAB5927284A2B8C"="C?\\Program Files\\Common Files\\Symantec Shared\\Help\\LU_001.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\356C30E816214564986AF2A1FFFF4F07]
"BC0F80924D1CF744792AFC1C539C8F4D"="02:\\Software\\Symantec\\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3571CAAE9CB99C142A2C016A1D3371A6]
"FE2DACC32FFC736428AAAAFB7320283D"="C:\\Program Files\\Common Files\\Symantec Shared\\rcAlert.dll"
"00000000000000000000000000000000"="C:\\Program Files\\Common Files\\Symantec Shared\\rcAlert.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3696CB9C1614d3c4EA196945CA36BB05]
"7E57FF1D24DDDFC40B25023BFF4FDE8B"="C?\\Program Files\\Common Files\\Symantec Shared\\OPC\\{31011D49-D90C-4da0-878B-78D28AD507AF}\\SymLTCOM.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\377CF6FF5358f5b44BA497E3649BFC56]
"9399EE5EF9522ED40832C5941EA6F434"="C?\\Program Files\\Common Files\\Symantec Shared\\SPManifests\\isPwd.grd"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\37CD63D80A9C6E94FB16F99570330B3E]
"CBA921A9A35A90242AE15DEDFD7BCC8A"="C:\\Program Files\\Common Files\\Symantec Shared\\SymHTML\\1.0\\SymHTML.dll"
"00000000000000000000000000000000"="C:\\Program Files\\Common Files\\Symantec Shared\\SymHTML\\1.0\\SymHTML.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\37ED516465EECD34EA2C3CEB0FFB164D]
"BC0F80924D1CF744792AFC1C539C8F4D"="C?\\Program Files\\Common Files\\Symantec Shared\\SPManifests\\FWInst.grd"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\394B417F1041D7B48BA5BB9880037C80]
"5F1BEE43939E1A046AAB5927284A2B8C"="C?\\Program Files\\Common Files\\Symantec Shared\\Help\\LU_PC.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3B314258F30DC584B92A830C21D2423C]
"9399EE5EF9522ED40832C5941EA6F434"="C?\\Program Files\\Common Files\\Symantec Shared\\Options\\VTCache.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3C9A2AED576F5544193A0C5A8DC65BE7]
"20B58AD20C31D6E4A967226E3BDDC02B"="C:\\Program Files\\Common Files\\Symantec Shared\\SPManifests\\Snd.sig"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3E5C13AD56B2A9B4B960D63E452F2D41]
"9399EE5EF9522ED40832C5941EA6F434"="C?\\Program Files\\Common Files\\Symantec Shared\\CF\\Manifests\\ISCFReg.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3E81A4DC21026924FB5FAF933085D236]
"FE2DACC32FFC736428AAAAFB7320283D"="C:\\Program Files\\Common Files\\Symantec Shared\\ccVrTrst.dll"
"00000000000000000000000000000000"="C:\\Program Files\\Common Files\\Symantec Shared\\ccVrTrst.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\40C594422C6BD8D4EAD0C54BB9EFD7AD]
"CBA921A9A35A90242AE15DEDFD7BCC8A"="C?\\Program Files\\Common Files\\Symantec Shared\\SPManifests\\SymTheme.grd"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\4195C25231CD14247835E2AA5BC26860]
"F525BD4F689A94249BB8248A602615AC"="C:\\Program Files\\Common Files\\Symantec Shared\\AntiVirus\\AVMail.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\41F868EB9D0DFAD4E8BC09795F5451DC]
"7E57FF1D24DDDFC40B25023BFF4FDE8B"="C:\\Program Files\\Common Files\\Symantec Shared\\OPC\\{31011D49-D90C-4da0-878B-78D28AD507AF}\\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\43BE7E834BB89F74EA8045BE46CCB3F5]
"20B58AD20C31D6E4A967226E3BDDC02B"="C:\\Program Files\\Common Files\\Symantec Shared\\SPManifests\\Snd.grd"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\441567AAA28618C46A8BACAAC9BD2047]
"FE2DACC32FFC736428AAAAFB7320283D"="C:\\Program Files\\Common Files\\Symantec Shared\\ecmldr32.DLL"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\452F176D393D2E842B78F854DF5D9D56]
"FE2DACC32FFC736428AAAAFB7320283D"="C:\\Program Files\\Common Files\\Symantec Shared\\ccLgView.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\4592EA26606A3594B976FD94299047B9]
"CBA921A9A35A90242AE15DEDFD7BCC8A"="C?\\Program Files\\Common Files\\Symantec Shared\\NPC\\uiStub.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\45ECC17136830F040BF82A2CFE8CF687]
"F525BD4F689A94249BB8248A602615AC"="C:\\Program Files\\Common Files\\Symantec Shared\\COH\\AHS.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\4604A1142ADFCCF47913A0AD3FE29D43]
"87627777F71810443910DED1108AAD65"="C?\\Program Files\\Common Files\\Symantec Shared\\SPBBC\\bbRGen.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\48F14AD033FE3EB4A87CDCEDC2AAE23B]
"DBC8D038866C2e949A962C2C0136230E"="C:\\Program Files\\Common Files\\Symantec Shared\\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\4CB829E5237898741983A2C0FB59BAEF]
"FE2DACC32FFC736428AAAAFB7320283D"="C:\\Program Files\\Common Files\\Symantec Shared\\"
"BC0F80924D1CF744792AFC1C539C8F4D"="C:\\Program Files\\Common Files\\Symantec Shared\\"
"DBC8D038866C2e949A962C2C0136230E"="C:\\Program Files\\Common Files\\Symantec Shared\\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\4DA9511A9849E6749A328D0F3DCB5115]
"5F1BEE43939E1A046AAB5927284A2B8C"="C?\\Program Files\\Common Files\\Symantec Shared\\Help\\SYMstart.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\501BACB76ED261848879D486E4208310]
"7E57FF1D24DDDFC40B25023BFF4FDE8B"="C:\\Program Files\\Common Files\\Symantec Shared\\OPC\\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\50C154874C6F14B48AE0F5068BC7E626]
"FE2DACC32FFC736428AAAAFB7320283D"="C:\\Program Files\\Common Files\\Symantec Shared\\DefUtDCD.dll"
"00000000000000000000000000000000"="C:\\Program Files\\Common Files\\Symantec Shared\\DefUtDCD.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\518035C2DFB35CC4AA863E00DADBA635]
"BC0F80924D1CF744792AFC1C539C8F4D"="C:\\Program Files\\Common Files\\Symantec Shared\\CF\\Manifests\\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\5214FA3088B8BAD419A265B6153E97C0]
"DBC8D038866C2e949A962C2C0136230E"="C:\\Program Files\\Common Files\\Symantec Shared\\VirusDefs\\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\52329A5967EA7BE4396C59CEA602DECC]
"FE2DACC32FFC736428AAAAFB7320283D"="C:\\Program Files\\Common Files\\Symantec Shared\\ccProSub.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\536047F5A7019214AA22A7567FC48A8C]
"9399EE5EF9522ED40832C5941EA6F434"="C?\\Program Files\\Common Files\\Symantec Shared\\Options\\CLTWrap2.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\5577B56EF32Bcff42B01F9207C715CF3]
"7E57FF1D24DDDFC40B25023BFF4FDE8B"="C?\\Program Files\\Common Files\\Symantec Shared\\OPC\\{31011D49-D90C-4da0-878B-78D28AD507AF}\\CLTNetCN.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\559B19D41039A724D9C48D0241CC2E52]
"F525BD4F689A94249BB8248A602615AC"="C?\\Program Files\\Common Files\\Symantec Shared\\QBackup.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\5914DB2821BDEC44E8DEB08A9988A4D2]
"7E57FF1D24DDDFC40B25023BFF4FDE8B"="C?\\Program Files\\Common Files\\Symantec Shared\\SymSHAx.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\5951F3873B3F082449139E4A2C1E760B]
"9399EE5EF9522ED40832C5941EA6F434"="02:\\SOFTWARE\\Symantec\\CCPD\\CUW\\Products\\{77CCBE0B-A541-49a9-883E-14F8337EC861}\\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\5A2056846AAAD9942A856A1CE096C9D1]
"87627777F71810443910DED1108AAD65"="C?\\Program Files\\Common Files\\Symantec Shared\\SPManifests\\SPBBC.spm"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\5AEE8DEEF66D4C94FBDD5E3DEAA42E7C]
"7E57FF1D24DDDFC40B25023BFF4FDE8B"="02:\\Software\\Symantec\\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\5C670DEFF59E3B84EA5FB1F10026D8B3]
"CBA921A9A35A90242AE15DEDFD7BCC8A"="C:\\Program Files\\Common Files\\Symantec Shared\\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\5D5E3CA2F6ABC7843ACCA3FE7FA5C2C9]
"FE2DACC32FFC736428AAAAFB7320283D"="C:\\Program Files\\Common Files\\Symantec Shared\\ccSet.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\5DC1BF2EFEBB4184A951D9DCC5DB62A9]
"9399EE5EF9522ED40832C5941EA6F434"="C?\\Program Files\\Common Files\\Symantec Shared\\CF\\cfV2Pack.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\5F0C99DF0DB59C442AA2D49772F81553]
"F525BD4F689A94249BB8248A602615AC"="C:\\Program Files\\Common Files\\Symantec Shared\\CF\\Manifests\\avCFReg.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\5F9AC449A7861694E9449DC4E2BE4F3C]
"5F1BEE43939E1A046AAB5927284A2B8C"="C?\\Program Files\\Common Files\\Symantec Shared\\Help\\V_AutoLU.chm"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\601DDF5959A6B17469A9E2FA8063F296]
"5F1BEE43939E1A046AAB5927284A2B8C"="C?\\Program Files\\Common Files\\Symantec Shared\\Help\\NAV_mon.chm"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\60370E0AF8A430549BF85B9FEF476545]
"87627777F71810443910DED1108AAD65"="C:\\Program Files\\Common Files\\Symantec Shared\\SPManifests\\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\624FFDC2268AC6C4A9E6BC5926E5A098]
"FE2DACC32FFC736428AAAAFB7320283D"="C:\\Program Files\\Common Files\\Symantec Shared\\ccL60.dll"
"00000000000000000000000000000000"="C:\\Program Files\\Common Files\\Symantec Shared\\ccL60.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\62E04A480DF861B4E83F1C76EAB4302D]
"7E57FF1D24DDDFC40B25023BFF4FDE8B"="C?\\Program Files\\Common Files\\Symantec Shared\\OPC\\{31011D49-D90C-4da0-878B-78D28AD507AF}\\CUWUtils.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\63CB6D96A48646C459D0E6A18C150B04]
"9399EE5EF9522ED40832C5941EA6F434"="C?\\Program Files\\Common Files\\Symantec Shared\\SubmissionEngine\\subeng.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6461D068520383843AD7C61C2BF18A79]
"CBA921A9A35A90242AE15DEDFD7BCC8A"="C?\\Program Files\\Common Files\\Symantec Shared\\NPC\\uiBtPlg.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6683773473EDA3B49BC8300D91088875]
"CBA921A9A35A90242AE15DEDFD7BCC8A"="C?\\Program Files\\Common Files\\Symantec Shared\\SPManifests\\npc2007.sig"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6699168B17FDA8C40A62687CD8156AD6]
"FE2DACC32FFC736428AAAAFB7320283D"="C:\\Program Files\\Common Files\\Symantec Shared\\rcErrDsp.dll"
"00000000000000000000000000000000"="C:\\Program Files\\Common Files\\Symantec Shared\\rcErrDsp.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\677714E41621C764D88777B9A656B278]
"5F1BEE43939E1A046AAB5927284A2B8C"="C?\\Program Files\\Common Files\\Symantec Shared\\Help\\NIS_007.chm"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\68A1D51404115E3428E6AC9809F5C8B4]
"5F1BEE43939E1A046AAB5927284A2B8C"="C?\\Program Files\\Common Files\\Symantec Shared\\Help\\protect.chm"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\68C950C58426CBE44B53670481C98F08]
"5F1BEE43939E1A046AAB5927284A2B8C"="C?\\Program Files\\Common Files\\Symantec Shared\\Help\\SYM_cust.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\68ED002552CC1FA4F87046DE7BB67F8C]
"CBA921A9A35A90242AE15DEDFD7BCC8A"="C?\\Program Files\\Common Files\\Symantec Shared\\NPC\\LoadOpts.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\699C1776A888F5D4B8DFFB1E683A34C8]
"FE2DACC32FFC736428AAAAFB7320283D"="C:\\Program Files\\Common Files\\Symantec Shared\\ccSetPlg.dll"
"00000000000000000000000000000000"="C:\\Program Files\\Common Files\\Symantec Shared\\ccSetPlg.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6A907D1BB1A42D64096D34B6FBB8F916]
"CBA921A9A35A90242AE15DEDFD7BCC8A"="C?\\Program Files\\Common Files\\Symantec Shared\\NPC\\NSCEXT.LOC"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6B6556A26BBEF93429B292477434D0DF]
"CBA921A9A35A90242AE15DEDFD7BCC8A"="C:\\Program Files\\Common Files\\Symantec Shared\\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6B8BBE7DC713C424B886F2EC51574EBF]
"DBC8D038866C2e949A962C2C0136230E"="C:\\Program Files\\Common Files\\Symantec Shared\\SPManifests\\NAVError.spm"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6C0536CE2171AD94ABB4E812A58C5F77]
"5F1BEE43939E1A046AAB5927284A2B8C"="C?\\Program Files\\Common Files\\Symantec Shared\\Help\\feat_sum.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6C9D4AD32A3387A43B9A505E6C9A2D10]
"7E57FF1D24DDDFC40B25023BFF4FDE8B"="C?\\Program Files\\Common Files\\Symantec Shared\\OPC\\{31011D49-D90C-4da0-878B-78D28AD507AF}\\cltUAC.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6D93A8FB377C4224C9B39D7D06668336]
"CBA921A9A35A90242AE15DEDFD7BCC8A"="C?\\Program Files\\Common Files\\Symantec Shared\\NPC\\NSCEXT.DLL"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6E6F3C7100A0DAA4ABEDD82C170B843D]
"7E57FF1D24DDDFC40B25023BFF4FDE8B"="02:\\SOFTWARE\\Symantec\\CCPD-LC\\KStore\\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\702D2440CCCD1284A864A98422E3C149]
"CBA921A9A35A90242AE15DEDFD7BCC8A"="C?\\Program Files\\Common Files\\Symantec Shared\\SymTheme\\sthmbase.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\70D2DE21FED8FF34C844F4A31D07101A]
"FE2DACC32FFC736428AAAAFB7320283D"="C:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\719B3FD4E68228741BC8E794AAAC7A82]
"5F1BEE43939E1A046AAB5927284A2B8C"="C?\\Program Files\\Common Files\\Symantec Shared\\Help\\SYM_FD.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\71AA35B41082C024BA406F92F318FDE9]
"5B3B5BFE082A52E4EBC136E4FE3EC2B1"="C:\\Program Files\\Common Files\\Symantec Shared\\AppCore\\AppTrc32.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\72C318A4B1B384747BFE1BD0CBBF1905]
"FE2DACC32FFC736428AAAAFB7320283D"="C:\\Program Files\\Common Files\\Symantec Shared\\rcSvcHst.dll"
"00000000000000000000000000000000"="C:\\Program Files\\Common Files\\Symantec Shared\\rcSvcHst.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\735ED64A94F3373499479C3363DD5270]
"7E57FF1D24DDDFC40B25023BFF4FDE8B"="C?\\Program Files\\Common Files\\Symantec Shared\\SPManifests\\DRMCOMMD.sig"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7489D7826A1E54747A3D77B7FD9E4B0A]
"CBA921A9A35A90242AE15DEDFD7BCC8A"="C?\\Program Files\\Common Files\\Symantec Shared\\NPC\\UICntnr.loc"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\756227D602203DF49B43663A2570D3BD]
"5B3B5BFE082A52E4EBC136E4FE3EC2B1"="C:\\Program Files\\Common Files\\Symantec Shared\\AppCore\\AppSet32.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\75D02AB0972BD4446B36501CFFD91CAB]
"5F1BEE43939E1A046AAB5927284A2B8C"="C?\\Program Files\\Common Files\\Symantec Shared\\Help\\options.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\78A84A0F95FB9934788C3658AB1F8861]
"BC0F80924D1CF744792AFC1C539C8F4D"="C:\\Program Files\\Common Files\\Symantec Shared\\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\78E964A783DD3CF4693C1A2A402CE86F]
"F525BD4F689A94249BB8248A602615AC"="C:\\Program Files\\Common Files\\Symantec Shared\\AntiVirus\\avCmpCtl.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\79415DF986DC0064DBE741096F4FBD06]
"7E57FF1D24DDDFC40B25023BFF4FDE8B"="C?\\Program Files\\Common Files\\Symantec Shared\\OPC\\{31011D49-D90C-4da0-878B-78D28AD507AF}\\SSAutoRN.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7A533E482821188469A3AAA5B91C5FDD]
"FE2DACC32FFC736428AAAAFB7320283D"="C:\\Program Files\\Common Files\\Symantec Shared\\MSL\\msl.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7AAFB2B3A7B0688439257DAE3A757276]
"7E57FF1D24DDDFC40B25023BFF4FDE8B"="C?\\Program Files\\Common Files\\Symantec Shared\\SPManifests\\SymCAbt.grd"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7B50EBD049034D245BACB7DF3D3F0055]
"FE2DACC32FFC736428AAAAFB7320283D"="C:\\Program Files\\Common Files\\Symantec Shared\\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7BC765E056A655144A872352F7A39131]
"7E57FF1D24DDDFC40B25023BFF4FDE8B"="02:\\SOFTWARE\\Symantec\\InstalledApps\\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7CB58150C2B06EF4490509B8371E2CA5]
"FE2DACC32FFC736428AAAAFB7320283D"="C:\\Program Files\\Common Files\\Symantec Shared\\SPManifests\\MSLight.sig"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7DCE565C976AD944DB35752586EE4592]
"9399EE5EF9522ED40832C5941EA6F434"="C?\\Program Files\\Common Files\\Symantec Shared\\SecurityHistory\\MCUI32.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7ECB3865217942B41AB986B7B99D2538]
"DBC8D038866C2e949A962C2C0136230E"="C:\\Program Files\\Common Files\\Symantec Shared\\SPManifests\\ccOEH.grd"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7F9DB744211E6514BA50BC3E1028F12B]
"9F47B39B28AE21549A6A2D6A058B0649"="C:\\Program Files\\Common Files\\Symantec Shared\\SPManifests\\srt.sig"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\80A818D6A1ABF1A4BBF6AC7AF998D80F]
"7E57FF1D24DDDFC40B25023BFF4FDE8B"="C?\\Program Files\\Common Files\\Symantec Shared\\OPC\\{31011D49-D90C-4da0-878B-78D28AD507AF}\\SubComp.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\812CEEB51755B4D44B3F599F97269B25]
"7E57FF1D24DDDFC40B25023BFF4FDE8B"="C?\\Program Files\\Common Files\\Symantec Shared\\OPC\\{31011D49-D90C-4da0-878B-78D28AD507AF}\\SubStats.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\813E4DE03DE056D4594CE53DB960DE0F]
"7E57FF1D24DDDFC40B25023BFF4FDE8B"="02:\\SOFTWARE\\Symantec\\CCPD\\CUW\\Modules\\{C3D19720-8821-48f2-A22D-2B1EB797047B}\\Path"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\819E87494C4723B45800D6033BCC1761]
"FE2DACC32FFC736428AAAAFB7320283D"="C:\\Program Files\\Common Files\\Symantec Shared\\ccProd.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\81AA100A2E724ac488BEDAFFC5D8E878]
"7E57FF1D24DDDFC40B25023BFF4FDE8B"="C:\\Program Files\\Common Files\\Symantec Shared\\OPC\\{31011D49-D90C-4da0-878B-78D28AD507AF}\\CfgWiz.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\82026C8F976DF9E46AC0B7F98CC86C5E]
"FE2DACC32FFC736428AAAAFB7320283D"="C:\\Program Files\\Common Files\\Symantec Shared\\ccEvtCli.dll"
"00000000000000000000000000000000"="C:\\Program Files\\Common Files\\Symantec Shared\\ccEvtCli.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\83A95D794C71DB64CA21B8EF9EB689F7]
"CBA921A9A35A90242AE15DEDFD7BCC8A"="02:\\Software\\Symantec\\InstalledApps\\UI"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8430E3E13F7278641A7AA895C7C4B60E]
"5F1BEE43939E1A046AAB5927284A2B8C"="C?\\Program Files\\Common Files\\Symantec Shared\\Help\\NAV_pvnt.chm"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\85A6640347184DE419174A7D938EE4A3]
"FE2DACC32FFC736428AAAAFB7320283D"="C:\\Program Files\\Common Files\\Symantec Shared\\ccEvtMgr.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\85D44A05508AE7443A1F82B7DDDEB1CB]
"5F1BEE43939E1A046AAB5927284A2B8C"="C?\\Program Files\\Common Files\\Symantec Shared\\Help\\Msg_Cntr.chm"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\86095466B37C0E2439C999C8734ACE74]
"FE2DACC32FFC736428AAAAFB7320283D"="C:\\Program Files\\Common Files\\Symantec Shared\\ccAlert.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\86C7F2CA1A7502E4AA21DBC828E43D73]
"F525BD4F689A94249BB8248A602615AC"="C:\\Documents and Settings\\All Users\\Application Data\\Symantec\\SyKnAppS\\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\86F36A5371A5926459BD23CDEB5AE140]
"9399EE5EF9522ED40832C5941EA6F434"="C?\\Program Files\\Common Files\\Symantec Shared\\SPManifests\\VTCache.spm"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\87A01E22DCC00034CA932177193A5A03]
"CBA921A9A35A90242AE15DEDFD7BCC8A"="C?\\Program Files\\Common Files\\Symantec Shared\\NPC\\DataPvdr.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\883F13DB8610B244B9E727C5F10E1465]
"BC0F80924D1CF744792AFC1C539C8F4D"="C?\\Program Files\\Common Files\\Symantec Shared\\Firewall\\FWAgent.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\89E7B5F349C256D4CA0F57CE71A0D514]
"BC0F80924D1CF744792AFC1C539C8F4D"="C:\\Program Files\\Common Files\\Symantec Shared\\Firewall\\FWSetup.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8A496394D4654AD42B68DFDFFEDCD6CB]
"7E57FF1D24DDDFC40B25023BFF4FDE8B"="C:\\Program Files\\Common Files\\Symantec Shared\\SPManifests\\symcleng.sig"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8B4CC2ABC1F3E914897FD80A7A8DA80E]
"5F1BEE43939E1A046AAB5927284A2B8C"="C?\\Program Files\\Common Files\\Symantec Shared\\Help\\SYM_mon.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8C6688A07C89DA346B6E8582B04E03D8]
"DBC8D038866C2e949A962C2C0136230E"="C?\\Program Files\\Common Files\\Symantec Shared\\SPManifests\\Scnrs.grd"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8D3671FF4AD564D488E28B9D03A10373]
"DBC8D038866C2e949A962C2C0136230E"="C:\\Program Files\\Common Files\\Symantec Shared\\SPManifests\\Navw32.spm"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8E1B2A6B4A713234CBD7E11E945FC970]
"5F1BEE43939E1A046AAB5927284A2B8C"="C?\\Program Files\\Common Files\\Symantec Shared\\Help\\NAV_dis.chm"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8EF9EE1FC66940B468785FE27846A4B5]
"FE2DACC32FFC736428AAAAFB7320283D"="C:\\Program Files\\Common Files\\Symantec Shared\\" - axa.doe
aatu kirjoitti:
Windows Registry Editor Version 5.00
; Registry Search 2.0 by Bobbi Flekman © 2005
; Version: 2.0.5.0
; Results at 2008-02-06 22:32:03 for strings:
; 'symantec'
; Strings excluded from search:
; (None)
; Search in:
; Registry Keys Registry Values Registry Data
; HKEY_LOCAL_MACHINE HKEY_USERS
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\Symantec.Norton.Antivirus.IEContextMenu]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{E39D1C81-7E76-4d84-9F25-E2CC76EC050B}]
"LocalService"="Symantec Core LC"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{03970E0C-9DA6-460E-A754-FAD0FA3F7037}\ProgID]
@="Symantec.Norton.AntiVirus.SnoozeAlert.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{03970E0C-9DA6-460E-A754-FAD0FA3F7037}\VersionIndependentProgID]
@="Symantec.Norton.AntiVirus.SnoozeAlert"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{085ABFE2-D753-445C-8A2A-D4BD46CE0811}]
@="Symantec.Norton.AntiVirus.NAVOptions Class"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{085ABFE2-D753-445C-8A2A-D4BD46CE0811}\ProgID]
@="Symantec.Norton.AntiVirus.NAVOptions.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{085ABFE2-D753-445C-8A2A-D4BD46CE0811}\VersionIndependentProgID]
@="Symantec.Norton.AntiVirus.NAVOptions"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{117891BF-AE4C-4E57-959E-0E0CA7A71E48}\InprocServer32]
@="C:\\Program Files\\Common Files\\Symantec Shared\\SymSHAx.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{117891BF-AE4C-4E57-959E-0E0CA7A71E48}\ToolboxBitmap32]
@="C:\\Program Files\\Common Files\\Symantec Shared\\SymSHAx.dll, 104"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{311CF1A1-872A-4ED5-943F-058C886E2F7F}\ProgID]
@="Symantec.CommonClient.ccEvtMgr.ModuleManager.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{311CF1A1-872A-4ED5-943F-058C886E2F7F}\VersionIndependentProgID]
@="Symantec.CommonClient.ccEvtMgr.ModuleManager"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5EA5E43F-0449-4CD8-9947-4EFAE455A4E8}\InprocServer32]
@="C:\\Program Files\\Common Files\\Symantec Shared\\OPC\\{31011D49-D90C-4da0-878B-78D28AD507AF}\\SymUIAx2.ocx"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{60C70E11-2B08-4798-B366-C8450CDA7B1A}\LocalServer32]
@="C:\\Program Files\\Common Files\\Symantec Shared\\CCPD-LC\\symlcsvc.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{62FAA135-84EB-4225-B2D5-707DDB884B51}\InprocServer32]
@="C:\\Program Files\\Common Files\\Symantec Shared\\OPC\\{31011D49-D90C-4da0-878B-78D28AD507AF}\\SymUIAx2.ocx"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{62FAA135-84EB-4225-B2D5-707DDB884B51}\ToolboxBitmap32]
@="C:\\Program Files\\Common Files\\Symantec Shared\\OPC\\{31011D49-D90C-4da0-878B-78D28AD507AF}\\SymUIAx2.ocx, 1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8EC217F4-3428-4881-8019-AA8A19C2F07F}\ProgID]
@="Symantec.CommonClient.ccSetMgr.SettingsService.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8EC217F4-3428-4881-8019-AA8A19C2F07F}\VersionIndependentProgID]
@="Symantec.CommonClient.ccSetMgr.SettingsService"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9B663083-7F14-4E27-9933-D55F162F1FCC}]
@="Symantec.Norton.Antivirus.NAVOptionGroup Class"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9B663083-7F14-4E27-9933-D55F162F1FCC}\ProgID]
@="Symantec.Norton.Antivirus.NAVOptionGroup.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9B663083-7F14-4E27-9933-D55F162F1FCC}\VersionIndependentProgID]
@="Symantec.Norton.Antivirus.NAVOptionGroup"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B8E914C1-A516-421F-B413-B32B3FA3F18F}\ProgID]
@="Symantec.CommonClient.ccEvtMgr.LogManager.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B8E914C1-A516-421F-B413-B32B3FA3F18F}\VersionIndependentProgID]
@="Symantec.CommonClient.ccEvtMgr.LogManager"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DE1F7EEF-1851-11D3-939E-0004AC1ABE1F}]
@="Symantec Norton AntiVirus OfficeAntiVirus Class"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E8DEB7D4-EAE2-45AF-B0F5-0B6D9ADF2850}\InprocServer32]
@="C:\\Program Files\\Common Files\\Symantec Shared\\ccSetEvt.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E8DEB7D4-EAE2-45AF-B0F5-0B6D9ADF2850}\ProgID]
@="Symantec.CommonClient.ccSetEvt.SettingsChangeEvent.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E8DEB7D4-EAE2-45AF-B0F5-0B6D9ADF2850}\VersionIndependentProgID]
@="Symantec.CommonClient.ccSetEvt.SettingsChangeEvent"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F181CBB8-795E-4e16-AEB8-254501FE9C30}\ProgID]
@="Symantec.Norton.AntiVirus.ThreatsByVID.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F181CBB8-795E-4e16-AEB8-254501FE9C30}\VersionIndependentProgID]
@="Symantec.Norton.AntiVirus.ThreatsByVID"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FAD61B3D-699D-49B2-BE16-7F82CB4C59CA}\ProgID]
@="Symantec.Norton.Antivirus.IEContextMenu.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FAD61B3D-699D-49B2-BE16-7F82CB4C59CA}\VersionIndependentProgID]
@="Symantec.Norton.Antivirus.IEContextMenu"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Drive\shellex\ContextMenuHandlers\Symantec.Norton.Antivirus.IEContextMenu]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\file\ShellEx\ContextMenuHandlers\Symantec.Norton.Antivirus.IEContextMenu]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\Symantec.Norton.Antivirus.IEContextMenu]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\6786F822313A3A04190C3CBC6E99D790]
"ProductName"="Symantec"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\9F47B39B28AE21549A6A2D6A058B0649]
"ProductName"="Symantec Real Time Storage Protection Component"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\9F47B39B28AE21549A6A2D6A058B0649\SourceList]
; Contents of value:
; n;1;C:\DOCUME~1\ALLUSE~1\APPLIC~1\Symantec\LIVEUP~1\DOWNLO~1\Updt6\
"LastUsedSource"=hex(2):6e,00,3b,00,31,00,3b,00,43,00,3a,00,5c,00,44,00,4f,00,\
43,00,55,00,4d,00,45,00,7e,00,31,00,5c,00,41,00,4c,00,4c,00,55,00,53,00,45,\
00,7e,00,31,00,5c,00,41,00,50,00,50,00,4c,00,49,00,43,00,7e,00,31,00,5c,00,\
53,00,79,00,6d,00,61,00,6e,00,74,00,65,00,63,00,5c,00,4c,00,49,00,56,00,45,\
00,55,00,50,00,7e,00,31,00,5c,00,44,00,4f,00,57,00,4e,00,4c,00,4f,00,7e,00,\
31,00,5c,00,55,00,70,00,64,00,74,00,36,00,5c,00,00,00
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\9F47B39B28AE21549A6A2D6A058B0649\SourceList\Net]
; Contents of value:
; C:\DOCUME~1\ALLUSE~1\APPLIC~1\Symantec\LIVEUP~1\DOWNLO~1\Updt6\
"1"=hex(2):43,00,3a,00,5c,00,44,00,4f,00,43,00,55,00,4d,00,45,00,7e,00,31,00,\
5c,00,41,00,4c,00,4c,00,55,00,53,00,45,00,7e,00,31,00,5c,00,41,00,50,00,50,\
00,4c,00,49,00,43,00,7e,00,31,00,5c,00,53,00,79,00,6d,00,61,00,6e,00,74,00,\
65,00,63,00,5c,00,4c,00,49,00,56,00,45,00,55,00,50,00,7e,00,31,00,5c,00,44,\
00,4f,00,57,00,4e,00,4c,00,4f,00,7e,00,31,00,5c,00,55,00,70,00,64,00,74,00,\
36,00,5c,00,00,00
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\NortonAntiVirus.OfficeAntiVirus]
@="Symantec Norton AntiVirus OfficeAntiVirus Class"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\NortonAntiVirus.OfficeAntiVirus.1]
@="Symantec Norton AntiVirus OfficeAntiVirus Class"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Symantec.CommonClient.ccEvtMgr.LogManager]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Symantec.CommonClient.ccEvtMgr.LogManager\CLSID]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Symantec.CommonClient.ccEvtMgr.LogManager\CurVer]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Symantec.CommonClient.ccEvtMgr.LogManager\CurVer]
@="Symantec.CommonClient.ccEvtMgr.LogManager.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Symantec.CommonClient.ccEvtMgr.LogManager.1]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Symantec.CommonClient.ccEvtMgr.LogManager.1\CLSID]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Symantec.CommonClient.ccEvtMgr.ModuleManager]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Symantec.CommonClient.ccEvtMgr.ModuleManager\CLSID]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Symantec.CommonClient.ccEvtMgr.ModuleManager\CurVer]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Symantec.CommonClient.ccEvtMgr.ModuleManager\CurVer]
@="Symantec.CommonClient.ccEvtMgr.ModuleManager.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Symantec.CommonClient.ccEvtMgr.ModuleManager.1]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Symantec.CommonClient.ccEvtMgr.ModuleManager.1\CLSID]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Symantec.CommonClient.ccSetEvt.SettingsChangeEvent]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Symantec.CommonClient.ccSetEvt.SettingsChangeEvent\CLSID]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Symantec.CommonClient.ccSetEvt.SettingsChangeEvent\CurVer]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Symantec.CommonClient.ccSetEvt.SettingsChangeEvent\CurVer]
@="Symantec.CommonClient.ccSetEvt.SettingsChangeEvent.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Symantec.CommonClient.ccSetEvt.SettingsChangeEvent.1]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Symantec.CommonClient.ccSetEvt.SettingsChangeEvent.1\CLSID]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Symantec.CommonClient.ccSetMgr.SettingsService]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Symantec.CommonClient.ccSetMgr.SettingsService\CLSID]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Symantec.CommonClient.ccSetMgr.SettingsService\CurVer]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Symantec.CommonClient.ccSetMgr.SettingsService\CurVer]
@="Symantec.CommonClient.ccSetMgr.SettingsService.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Symantec.CommonClient.ccSetMgr.SettingsService.1]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Symantec.CommonClient.ccSetMgr.SettingsService.1\CLSID]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Symantec.isPassword]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Symantec.isPassword\CLSID]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Symantec.isPassword\CurVer]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Symantec.isPassword\CurVer]
@="Symantec.isPassword.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Symantec.isPassword.1]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Symantec.isPassword.1\CLSID]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Symantec.Norton.Antivirus.IEContextMenu]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Symantec.Norton.Antivirus.IEContextMenu\CLSID]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Symantec.Norton.Antivirus.IEContextMenu\CurVer]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Symantec.Norton.Antivirus.IEContextMenu\CurVer]
@="Symantec.Norton.Antivirus.IEContextMenu.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Symantec.Norton.Antivirus.IEContextMenu.1]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Symantec.Norton.Antivirus.IEContextMenu.1\CLSID]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Symantec.Norton.Antivirus.NAVOptionGroup]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Symantec.Norton.Antivirus.NAVOptionGroup]
@="Symantec.Norton.Antivirus.NAVOptionGroup Class"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Symantec.Norton.Antivirus.NAVOptionGroup\CLSID]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Symantec.Norton.Antivirus.NAVOptionGroup\CurVer]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Symantec.Norton.Antivirus.NAVOptionGroup\CurVer]
@="Symantec.Norton.Antivirus.NAVOptionGroup.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Symantec.Norton.Antivirus.NAVOptionGroup.1]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Symantec.Norton.Antivirus.NAVOptionGroup.1]
@="Symantec.Norton.Antivirus.NAVOptionGroup Class"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Symantec.Norton.Antivirus.NAVOptionGroup.1\CLSID]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Symantec.Norton.AntiVirus.NAVOptions]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Symantec.Norton.AntiVirus.NAVOptions]
@="Symantec.Norton.AntiVirus.NAVOptions Class"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Symantec.Norton.AntiVirus.NAVOptions\CLSID]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Symantec.Norton.AntiVirus.NAVOptions\CurVer]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Symantec.Norton.AntiVirus.NAVOptions\CurVer]
@="Symantec.Norton.AntiVirus.NAVOptions.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Symantec.Norton.AntiVirus.NAVOptions.1]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Symantec.Norton.AntiVirus.NAVOptions.1]
@="Symantec.Norton.AntiVirus.NAVOptions Class"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Symantec.Norton.AntiVirus.NAVOptions.1\CLSID]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Symantec.Norton.AntiVirus.SnoozeAlert]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Symantec.Norton.AntiVirus.SnoozeAlert\CLSID]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Symantec.Norton.AntiVirus.SnoozeAlert\CurVer]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Symantec.Norton.AntiVirus.SnoozeAlert\CurVer]
@="Symantec.Norton.AntiVirus.SnoozeAlert.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Symantec.Norton.AntiVirus.SnoozeAlert.1]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Symantec.Norton.AntiVirus.SnoozeAlert.1\CLSID]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Symantec.Norton.AntiVirus.ThreatsByVID]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Symantec.Norton.AntiVirus.ThreatsByVID\CLSID]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Symantec.Norton.AntiVirus.ThreatsByVID\CurVer]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Symantec.Norton.AntiVirus.ThreatsByVID\CurVer]
@="Symantec.Norton.AntiVirus.ThreatsByVID.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Symantec.Norton.AntiVirus.ThreatsByVID.1]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Symantec.Norton.AntiVirus.ThreatsByVID.1\CLSID]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{0E15F5F6-D369-47db-BE42-B61270883572}\1.0\0\win32]
@="C:\\Program Files\\Common Files\\Symantec Shared\\OPC\\{31011D49-D90C-4da0-878B-78D28AD507AF}\\CfgWiz.tlb"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{0E15F5F6-D369-47db-BE42-B61270883572}\1.0\HELPDIR]
@="C:\\Program Files\\Common Files\\Symantec Shared\\OPC\\{31011D49-D90C-4da0-878B-78D28AD507AF}\\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{54635C92-DFAF-4A99-8802-92FB068A6154}\1.0]
@="Symantec Core LC Type Library"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{54635C92-DFAF-4A99-8802-92FB068A6154}\1.0\0\win32]
@="C:\\Program Files\\Common Files\\Symantec Shared\\CCPD-LC\\symlcsvc.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{54635C92-DFAF-4A99-8802-92FB068A6154}\1.0\HELPDIR]
@="C:\\Program Files\\Common Files\\Symantec Shared\\CCPD-LC\\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{60681DC5-21B2-4264-B1F1-E1289819E023}\1.0\0\win32]
@="C:\\Program Files\\Common Files\\Symantec Shared\\ccEvtMgr.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{60681DC5-21B2-4264-B1F1-E1289819E023}\1.0\HELPDIR]
@="C:\\Program Files\\Common Files\\Symantec Shared\\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{7DBB70B5-8001-4616-B7BE-94DF8C945512}\1.0\0\win32]
@="C:\\Program Files\\Common Files\\Symantec Shared\\SRTSP\\Srtsp32.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{7DBB70B5-8001-4616-B7BE-94DF8C945512}\1.0\HELPDIR]
@="C:\\Program Files\\Common Files\\Symantec Shared\\SRTSP\\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{C9C05A42-D571-4B3C-8F11-D6D6A81C90EB}\1.0\0\win32]
@="C:\\Program Files\\Common Files\\Symantec Shared\\SPBBC\\SPBBCEvt.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{D323F395-AA30-4DF9-A379-2F3F4819AB00}\1.0]
@="Symantec.Norton.AntiVirus.NAVOptions 1.0 Type Library"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{DB491B25-6E24-4C5A-8A12-D5B543205DBF}\1.0\0\win32]
@="C:\\Program Files\\Common Files\\Symantec Shared\\OPC\\{31011D49-D90C-4da0-878B-78D28AD507AF}\\SymUIAx2.ocx"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{DB491B25-6E24-4C5A-8A12-D5B543205DBF}\1.0\HELPDIR]
@="C:\\Program Files\\Common Files\\Symantec Shared\\OPC\\{31011D49-D90C-4da0-878B-78D28AD507AF}\\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{DE1F7EE0-1851-11D3-939E-0004AC1ABE1F}\1.0]
@="Symantec AntiVirus OfficeAntiVirus 1.0 Type Library"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\MCUI32.exe]
"Path"="C:\\Program Files\\Common Files\\Symantec Shared\\SecurityHistory\\;C:\\Program Files\\Common Files\\Symantec Shared\\;"
@="C:\\Program Files\\Common Files\\Symantec Shared\\SecurityHistory\\MCUI32.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\uiStub.exe]
"Path"="C:\\Program Files\\Common Files\\Symantec Shared\\NPC\\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"c:\\Documents and Settings\\All Users\\Application Data\\Symantec\\Common Client\\"="1"
"C:\\Program Files\\Common Files\\Symantec Shared\\MSL\\"=""
"C:\\Documents and Settings\\All Users\\Application Data\\Symantec\\SubEng\\Temp\\"="1"
"C:\\Documents and Settings\\All Users\\Application Data\\Symantec\\SubEng\\"="1"
"C:\\Program Files\\Common Files\\Symantec Shared\\CF\\Manifests\\"=""
"C:\\Program Files\\Common Files\\Symantec Shared\\CF\\"=""
"C:\\Program Files\\Common Files\\Symantec Shared\\Options\\"=""
"C:\\Program Files\\Common Files\\Symantec Shared\\SecurityHistory\\"=""
"C:\\Program Files\\Common Files\\Symantec Shared\\SubmissionEngine\\"=""
"C:\\Program Files\\Common Files\\Symantec Shared\\NPC\\"="1"
"C:\\Program Files\\Common Files\\Symantec Shared\\SymTheme\\"="1"
"C:\\Program Files\\Common Files\\Symantec Shared\\SymTheme\\1.0\\"=""
"C:\\Program Files\\Common Files\\Symantec Shared\\SymHTML\\1.0\\"=""
"C:\\Program Files\\Common Files\\Symantec Shared\\SymHTML\\"=""
"C:\\Program Files\\Common Files\\Symantec Shared\\OPC\\{31011D49-D90C-4da0-878B-78D28AD507AF}\\"=""
"C:\\Program Files\\Common Files\\Symantec Shared\\OPC\\"=""
"C:\\Program Files\\Common Files\\Symantec Shared\\IDS\\"="1"
"C:\\Documents and Settings\\All Users\\Application Data\\Symantec\\IDS\\"="1"
"C:\\Program Files\\Common Files\\Symantec Shared\\AppCore\\"=""
"C:\\Program Files\\Common Files\\Symantec Shared\\COH\\"="1"
"C:\\Documents and Settings\\All Users\\Application Data\\Symantec\\Shared\\QBackup\\"="1"
"C:\\Documents and Settings\\All Users\\Application Data\\Symantec\\Shared\\"="1"
"C:\\Documents and Settings\\All Users\\Application Data\\Symantec\\SyKnAppS\\Freezer\\"="1"
"C:\\Documents and Settings\\All Users\\Application Data\\Symantec\\SyKnAppS\\"="1"
"C:\\Documents and Settings\\All Users\\Application Data\\Symantec\\SyKnAppS\\LiveUpdate\\"="1"
"C:\\Documents and Settings\\All Users\\Application Data\\Symantec\\SyKnAppS\\Updates\\"="1"
"C:\\Program Files\\Common Files\\Symantec Shared\\AntiVirus\\"=""
"C:\\Documents and Settings\\All Users\\Application Data\\Symantec\\SRTSP\\SrtETmp\\"="1"
"C:\\Documents and Settings\\All Users\\Application Data\\Symantec\\SRTSP\\"="1"
"C:\\Program Files\\Common Files\\Symantec Shared\\SRTSP\\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\004C36741AEE44B488D180BEF3F6FA66]
"5B3B5BFE082A52E4EBC136E4FE3EC2B1"="C:\\Program Files\\Common Files\\Symantec Shared\\AppCore\\AppPlg32.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\014636D5B24C16B40956E2764656D2F4]
"87627777F71810443910DED1108AAD65"="C:\\Program Files\\Common Files\\Symantec Shared\\SPBBC\\TPDef.dat"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\01E798707741D4F408C0DC063E2AB8C9]
"DBC8D038866C2e949A962C2C0136230E"="C:\\Program Files\\Common Files\\Symantec Shared\\SPManifests\\NAVEvent.spm"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0288F3C31E075C14A8A06B68F1728D95]
"5F1BEE43939E1A046AAB5927284A2B8C"="C?\\Program Files\\Common Files\\Symantec Shared\\Help\\SYM_IA.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\02963CCCAFEE30847AE42DDB3EEDFE74]
"CBA921A9A35A90242AE15DEDFD7BCC8A"="C?\\Program Files\\Common Files\\Symantec Shared\\NPC\\NSCWSCR2.DLL"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\02DD143A4A26566408B49995B1EFA63F]
"9F47B39B28AE21549A6A2D6A058B0649"="C:\\Program Files\\Common Files\\Symantec Shared\\SPManifests\\srt.spm"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0330AC69A87333941AC284AE55BD3540]
"DBC8D038866C2e949A962C2C0136230E"="C:\\Program Files\\Common Files\\Symantec Shared\\SPManifests\\DefAlert.spm"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\03A9FC3E3E95C0740A521901F8767CB1]
"BC0F80924D1CF744792AFC1C539C8F4D"="C:\\Program Files\\Common Files\\Symantec Shared\\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\03FE058C68C13F949B357E5FD3543A60]
"BC0F80924D1CF744792AFC1C539C8F4D"="C:\\Program Files\\Common Files\\Symantec Shared\\CF\\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\04DEDDA6511C8C847B6D9188421615B3]
"7E57FF1D24DDDFC40B25023BFF4FDE8B"="02:\\SOFTWARE\\Symantec\\CCPD\\CUW\\Modules\\{1717D63D-0995-4120-8DE7-0051ED05D378}\\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\057C1291E3AF4DC49804EAE83FB848B5]
"9399EE5EF9522ED40832C5941EA6F434"="C?\\Program Files\\Common Files\\Symantec Shared\\SPManifests\\osCheck.grd"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\05A4A08667005584CACC2F54DB27E634]
"5F1BEE43939E1A046AAB5927284A2B8C"="C?\\Program Files\\Common Files\\Symantec Shared\\Help\\unin.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0600E2C975DF9D042A5189B24519594F]
"DBC8D038866C2e949A962C2C0136230E"="02:\\Software\\Symantec\\InstalledApps\\NAVNT"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\075603C1A0A349649BF01150129CC6A5]
"FE2DACC32FFC736428AAAAFB7320283D"="C:\\Documents and Settings\\All Users\\Application Data\\Symantec\\Common Client\\"
"BC0F80924D1CF744792AFC1C539C8F4D"="C:\\Documents and Settings\\All Users\\Application Data\\Symantec\\Common Client\\"
"DBC8D038866C2e949A962C2C0136230E"="C:\\Documents and Settings\\All Users\\Application Data\\Symantec\\Common Client\\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\07C5353B8B88CF841931E223A8F6FE1A]
"7E57FF1D24DDDFC40B25023BFF4FDE8B"="C?\\Program Files\\Common Files\\Symantec Shared\\OPC\\{31011D49-D90C-4da0-878B-78D28AD507AF}\\SymHost.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\08BD09D4CDC879A4F8782F45101CACCA]
"5B3B5BFE082A52E4EBC136E4FE3EC2B1"="C:\\Program Files\\Common Files\\Symantec Shared\\AppCore\\AppSvc32.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0919F779039492B4EBCBA4FE4D5FE167]
"CBA921A9A35A90242AE15DEDFD7BCC8A"="C?\\Program Files\\Common Files\\Symantec Shared\\NPC\\PEPEvnt.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\099321B84C2C2BB41851CA389FB70165]
"20B58AD20C31D6E4A967226E3BDDC02B"="C:\\Program Files\\Common Files\\Symantec Shared\\SPManifests\\Snd.spm"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0AC6CD7E40074B445BD03609B1B002B1]
"5F1BEE43939E1A046AAB5927284A2B8C"="C?\\Program Files\\Common Files\\Symantec Shared\\Help\\IWP_FWcs.chm"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0BA54A281EFF56F4C9A11DF6295073D2]
"BC0F80924D1CF744792AFC1C539C8F4D"="C?\\Program Files\\Common Files\\Symantec Shared\\SPManifests\\SPLVPlug.spm"
"DBC8D038866C2e949A962C2C0136230E"="C?\\Program Files\\Common Files\\Symantec Shared\\SPManifests\\SPLVPlug.spm"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0C389EE5A5F174545BCA501441CE623E]
"DBC8D038866C2e949A962C2C0136230E"="C?\\Program Files\\Common Files\\Symantec Shared\\SPManifests\\SMNLnch.grd"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0C8F566CEA001F943A1DEEF074599FDF]
"DBC8D038866C2e949A962C2C0136230E"="C:\\Program Files\\Common Files\\Symantec Shared\\SMNLnch.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0DE0D10EE51026D46A5FD6C960B32DC7]
"F525BD4F689A94249BB8248A602615AC"="C:\\Documents and Settings\\All Users\\Application Data\\Symantec\\SyKnAppS\\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0E78EB76F5E8848498F2D6CAD211E3E1]
"F525BD4F689A94249BB8248A602615AC"="C:\\Documents and Settings\\All Users\\Application Data\\Symantec\\SyKnAppS\\Updates\\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\10329A7AB213b0b4C90B545B39627A0F]
"7E57FF1D24DDDFC40B25023BFF4FDE8B"="C?\\Program Files\\Common Files\\Symantec Shared\\SPManifests\\ShrdRent.spm"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\126A4A0DD2C5B994F9171B66877DDF1D]
"BC0F80924D1CF744792AFC1C539C8F4D"="C?\\Program Files\\Common Files\\Symantec Shared\\CF\\Manifests\\ISFWReg.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\12A05DBB74D0EA94E9187CB7C7493E77]
"CBA921A9A35A90242AE15DEDFD7BCC8A"="C?\\Program Files\\Common Files\\Symantec Shared\\NPC\\npcWmiCl.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1320AC6CA3C6BE348BCCF3A944187592]
"CBA921A9A35A90242AE15DEDFD7BCC8A"="C:\\Program Files\\Common Files\\Symantec Shared\\SymTheme\\1.0\\SymTheme.dll"
"00000000000000000000000000000000"="C:\\Program Files\\Common Files\\Symantec Shared\\SymTheme\\1.0\\SymTheme.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1320C6D5FEC04214982C98A35FC1FF6D]
"FE2DACC32FFC736428AAAAFB7320283D"="C:\\Program Files\\Common Files\\Symantec Shared\\SPManifests\\ccCommon.grd"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\145FDFDEEDAD7D54ABEDAB4C231A0972]
"BC0F80924D1CF744792AFC1C539C8F4D"="C?\\Program Files\\Common Files\\Symantec Shared\\Firewall\\FWRulMtn.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1489BDE07E47BE142B91DAF45843B1B0]
"5F1BEE43939E1A046AAB5927284A2B8C"="C?\\Program Files\\Common Files\\Symantec Shared\\Help\\NAV_007.chm"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\15E6AE69D474F3F4CA40C97240884521]
"FE2DACC32FFC736428AAAAFB7320283D"="C:\\Program Files\\Common Files\\Symantec Shared\\ccErrDsp.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\16808795F439F7E488DF599DE0F71CC7]
"FE2DACC32FFC736428AAAAFB7320283D"="C:\\Documents and Settings\\All Users\\Application Data\\Symantec\\Common Client\\Temp\\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\16C5C1911ECFCE4489B8FE21429C2299]
"9399EE5EF9522ED40832C5941EA6F434"="C?\\Program Files\\Common Files\\Symantec Shared\\SPManifests\\isRes.grd"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\192BCB16F5DEE874FB776000C1EDFBF6]
"9F47B39B28AE21549A6A2D6A058B0649"="C:\\Program Files\\Common Files\\Symantec Shared\\SRTSP\\srtUnin.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\19513656DD80D3F42BF0CB440281D136]
"CBA921A9A35A90242AE15DEDFD7BCC8A"="C?\\Program Files\\Common Files\\Symantec Shared\\NPC\\NSCPLUG2.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1992CF21290F3ED46A5BFA64916A4E2C]
"20B58AD20C31D6E4A967226E3BDDC02B"="C?\\Program Files\\Common Files\\Symantec Shared\\IDS\\IdsInst.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\19E2A33BE39764B41A3FA6A811E2430A]
"BC0F80924D1CF744792AFC1C539C8F4D"="C?\\Program Files\\Common Files\\Symantec Shared\\Firewall\\FWCmpCtl.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1A951DB9A1F3F844A9148B18B292825F]
"9399EE5EF9522ED40832C5941EA6F434"="C:\\Program Files\\Common Files\\Symantec Shared\\SubmissionEngine\\SUBRES.loc"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1B070EE9DD504674082E7B2A08283353]
"7E57FF1D24DDDFC40B25023BFF4FDE8B"="C?\\Program Files\\Common Files\\Symantec Shared\\SPManifests\\Symcuw.grd"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1B8F7B76B2A3B0A40A3937498B2C8B0F]
"DBC8D038866C2e949A962C2C0136230E"="02:\\Software\\Symantec\\InstalledApps\\NAV"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1D2A21950EF961E4A85E3B1FC298A50E]
"7E57FF1D24DDDFC40B25023BFF4FDE8B"="C:\\Program Files\\Common Files\\Symantec Shared\\OPC\\{31011D49-D90C-4da0-878B-78D28AD507AF}\\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1F3633DEEE6A4064CB2B744F3977B740]
"9399EE5EF9522ED40832C5941EA6F434"="C?\\Program Files\\Common Files\\Symantec Shared\\SPManifests\\isPwdSvc.grd"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\20F90FDA7EC33F14F98BE0D0DC4AA7B9]
"CBA921A9A35A90242AE15DEDFD7BCC8A"="C?\\Program Files\\Common Files\\Symantec Shared\\CF\\Manifests\\uiCFReg.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2152F86FEF35F504F97FB78DD22BA758]
"9F47B39B28AE21549A6A2D6A058B0649"="C:\\Program Files\\Common Files\\Symantec Shared\\SRTSP\\Srtsp32.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\23227B2A7565f7c488801DD83F18F19B]
"9399EE5EF9522ED40832C5941EA6F434"="C?\\Program Files\\Common Files\\Symantec Shared\\SPManifests\\CLTWrap.grd"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\264D8F51844D0984B8C0207B16CD3DE5]
"5F1BEE43939E1A046AAB5927284A2B8C"="C?\\Program Files\\Common Files\\Symantec Shared\\Help\\IWP_feat.chm"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2A0FE241FFEFFF842A931A326E5E9A8D]
"5B3B5BFE082A52E4EBC136E4FE3EC2B1"="C:\\Program Files\\Common Files\\Symantec Shared\\AppCore\\AppReg32.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2C8A8BE9137FE0240B18BE65BCFA2172]
"BC0F80924D1CF744792AFC1C539C8F4D"="C:\\Program Files\\Common Files\\Symantec Shared\\Firewall\\FWCfg.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2E0E3AC586E450848BDFF8BDAA3AF964]
"DBC8D038866C2e949A962C2C0136230E"="C:\\Documents and Settings\\All Users\\Application Data\\Symantec\\Norton AntiVirus\\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2E53A294F83182D45A3785356A851754]
"FE2DACC32FFC736428AAAAFB7320283D"="C:\\Program Files\\Common Files\\Symantec Shared\\ccInst.dll"
"00000000000000000000000000000000"="C:\\Program Files\\Common Files\\Symantec Shared\\ccInst.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2F7E90858B8A6DF45B6174B9CA82E9A6]
"87627777F71810443910DED1108AAD65"="C?\\Program Files\\Common Files\\Symantec Shared\\SPBBC\\UpdMgr.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3024198938D653b4795B63A8E996F73D]
"7E57FF1D24DDDFC40B25023BFF4FDE8B"="C?\\Program Files\\Common Files\\Symantec Shared\\SPManifests\\CfgWiz.spm"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3035C23AD68FA3942A5596F63D6CD691]
"7E57FF1D24DDDFC40B25023BFF4FDE8B"="C?\\Program Files\\Common Files\\Symantec Shared\\OPC\\{31011D49-D90C-4da0-878B-78D28AD507AF}\\cltBTPgS.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\31F53FE94552931419B3DD0EB5410812]
"5F1BEE43939E1A046AAB5927284A2B8C"="C?\\Program Files\\Common Files\\Symantec Shared\\Help\\symhelp.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\333D0370E776E1B449C9DDFB1103A97B]
"CBA921A9A35A90242AE15DEDFD7BCC8A"="C?\\Program Files\\Common Files\\Symantec Shared\\NPC\\npcWmiMn.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\336CD3BC7E82E45459691ABCB463679B]
"5F1BEE43939E1A046AAB5927284A2B8C"="C?\\Program Files\\Common Files\\Symantec Shared\\Help\\disable.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\33B4C06182B6D8C4799931A0532C4534]
"5F1BEE43939E1A046AAB5927284A2B8C"="C?\\Program Files\\Common Files\\Symantec Shared\\Help\\NAV_unin.chm"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\33DC2D2C146Cecd4D83C5660FC330EAE]
"7E57FF1D24DDDFC40B25023BFF4FDE8B"="C?\\Program Files\\Common Files\\Symantec Shared\\OPC\\{31011D49-D90C-4da0-878B-78D28AD507AF}\\SymCAbt.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\353148F2ADB2C7348B654607D44BA4BF]
"9399EE5EF9522ED40832C5941EA6F434"="C?\\Program Files\\Common Files\\Symantec Shared\\CF\\cfLUCbk.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3538FE3431421C5418366717CD90DEFE]
"5F1BEE43939E1A046AAB5927284A2B8C"="C?\\Program Files\\Common Files\\Symantec Shared\\Help\\LU_001.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\356C30E816214564986AF2A1FFFF4F07]
"BC0F80924D1CF744792AFC1C539C8F4D"="02:\\Software\\Symantec\\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3571CAAE9CB99C142A2C016A1D3371A6]
"FE2DACC32FFC736428AAAAFB7320283D"="C:\\Program Files\\Common Files\\Symantec Shared\\rcAlert.dll"
"00000000000000000000000000000000"="C:\\Program Files\\Common Files\\Symantec Shared\\rcAlert.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3696CB9C1614d3c4EA196945CA36BB05]
"7E57FF1D24DDDFC40B25023BFF4FDE8B"="C?\\Program Files\\Common Files\\Symantec Shared\\OPC\\{31011D49-D90C-4da0-878B-78D28AD507AF}\\SymLTCOM.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\377CF6FF5358f5b44BA497E3649BFC56]
"9399EE5EF9522ED40832C5941EA6F434"="C?\\Program Files\\Common Files\\Symantec Shared\\SPManifests\\isPwd.grd"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\37CD63D80A9C6E94FB16F99570330B3E]
"CBA921A9A35A90242AE15DEDFD7BCC8A"="C:\\Program Files\\Common Files\\Symantec Shared\\SymHTML\\1.0\\SymHTML.dll"
"00000000000000000000000000000000"="C:\\Program Files\\Common Files\\Symantec Shared\\SymHTML\\1.0\\SymHTML.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\37ED516465EECD34EA2C3CEB0FFB164D]
"BC0F80924D1CF744792AFC1C539C8F4D"="C?\\Program Files\\Common Files\\Symantec Shared\\SPManifests\\FWInst.grd"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\394B417F1041D7B48BA5BB9880037C80]
"5F1BEE43939E1A046AAB5927284A2B8C"="C?\\Program Files\\Common Files\\Symantec Shared\\Help\\LU_PC.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3B314258F30DC584B92A830C21D2423C]
"9399EE5EF9522ED40832C5941EA6F434"="C?\\Program Files\\Common Files\\Symantec Shared\\Options\\VTCache.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3C9A2AED576F5544193A0C5A8DC65BE7]
"20B58AD20C31D6E4A967226E3BDDC02B"="C:\\Program Files\\Common Files\\Symantec Shared\\SPManifests\\Snd.sig"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3E5C13AD56B2A9B4B960D63E452F2D41]
"9399EE5EF9522ED40832C5941EA6F434"="C?\\Program Files\\Common Files\\Symantec Shared\\CF\\Manifests\\ISCFReg.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3E81A4DC21026924FB5FAF933085D236]
"FE2DACC32FFC736428AAAAFB7320283D"="C:\\Program Files\\Common Files\\Symantec Shared\\ccVrTrst.dll"
"00000000000000000000000000000000"="C:\\Program Files\\Common Files\\Symantec Shared\\ccVrTrst.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\40C594422C6BD8D4EAD0C54BB9EFD7AD]
"CBA921A9A35A90242AE15DEDFD7BCC8A"="C?\\Program Files\\Common Files\\Symantec Shared\\SPManifests\\SymTheme.grd"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\4195C25231CD14247835E2AA5BC26860]
"F525BD4F689A94249BB8248A602615AC"="C:\\Program Files\\Common Files\\Symantec Shared\\AntiVirus\\AVMail.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\41F868EB9D0DFAD4E8BC09795F5451DC]
"7E57FF1D24DDDFC40B25023BFF4FDE8B"="C:\\Program Files\\Common Files\\Symantec Shared\\OPC\\{31011D49-D90C-4da0-878B-78D28AD507AF}\\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\43BE7E834BB89F74EA8045BE46CCB3F5]
"20B58AD20C31D6E4A967226E3BDDC02B"="C:\\Program Files\\Common Files\\Symantec Shared\\SPManifests\\Snd.grd"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\441567AAA28618C46A8BACAAC9BD2047]
"FE2DACC32FFC736428AAAAFB7320283D"="C:\\Program Files\\Common Files\\Symantec Shared\\ecmldr32.DLL"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\452F176D393D2E842B78F854DF5D9D56]
"FE2DACC32FFC736428AAAAFB7320283D"="C:\\Program Files\\Common Files\\Symantec Shared\\ccLgView.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\4592EA26606A3594B976FD94299047B9]
"CBA921A9A35A90242AE15DEDFD7BCC8A"="C?\\Program Files\\Common Files\\Symantec Shared\\NPC\\uiStub.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\45ECC17136830F040BF82A2CFE8CF687]
"F525BD4F689A94249BB8248A602615AC"="C:\\Program Files\\Common Files\\Symantec Shared\\COH\\AHS.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\4604A1142ADFCCF47913A0AD3FE29D43]
"87627777F71810443910DED1108AAD65"="C?\\Program Files\\Common Files\\Symantec Shared\\SPBBC\\bbRGen.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\48F14AD033FE3EB4A87CDCEDC2AAE23B]
"DBC8D038866C2e949A962C2C0136230E"="C:\\Program Files\\Common Files\\Symantec Shared\\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\4CB829E5237898741983A2C0FB59BAEF]
"FE2DACC32FFC736428AAAAFB7320283D"="C:\\Program Files\\Common Files\\Symantec Shared\\"
"BC0F80924D1CF744792AFC1C539C8F4D"="C:\\Program Files\\Common Files\\Symantec Shared\\"
"DBC8D038866C2e949A962C2C0136230E"="C:\\Program Files\\Common Files\\Symantec Shared\\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\4DA9511A9849E6749A328D0F3DCB5115]
"5F1BEE43939E1A046AAB5927284A2B8C"="C?\\Program Files\\Common Files\\Symantec Shared\\Help\\SYMstart.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\501BACB76ED261848879D486E4208310]
"7E57FF1D24DDDFC40B25023BFF4FDE8B"="C:\\Program Files\\Common Files\\Symantec Shared\\OPC\\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\50C154874C6F14B48AE0F5068BC7E626]
"FE2DACC32FFC736428AAAAFB7320283D"="C:\\Program Files\\Common Files\\Symantec Shared\\DefUtDCD.dll"
"00000000000000000000000000000000"="C:\\Program Files\\Common Files\\Symantec Shared\\DefUtDCD.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\518035C2DFB35CC4AA863E00DADBA635]
"BC0F80924D1CF744792AFC1C539C8F4D"="C:\\Program Files\\Common Files\\Symantec Shared\\CF\\Manifests\\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\5214FA3088B8BAD419A265B6153E97C0]
"DBC8D038866C2e949A962C2C0136230E"="C:\\Program Files\\Common Files\\Symantec Shared\\VirusDefs\\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\52329A5967EA7BE4396C59CEA602DECC]
"FE2DACC32FFC736428AAAAFB7320283D"="C:\\Program Files\\Common Files\\Symantec Shared\\ccProSub.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\536047F5A7019214AA22A7567FC48A8C]
"9399EE5EF9522ED40832C5941EA6F434"="C?\\Program Files\\Common Files\\Symantec Shared\\Options\\CLTWrap2.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\5577B56EF32Bcff42B01F9207C715CF3]
"7E57FF1D24DDDFC40B25023BFF4FDE8B"="C?\\Program Files\\Common Files\\Symantec Shared\\OPC\\{31011D49-D90C-4da0-878B-78D28AD507AF}\\CLTNetCN.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\559B19D41039A724D9C48D0241CC2E52]
"F525BD4F689A94249BB8248A602615AC"="C?\\Program Files\\Common Files\\Symantec Shared\\QBackup.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\5914DB2821BDEC44E8DEB08A9988A4D2]
"7E57FF1D24DDDFC40B25023BFF4FDE8B"="C?\\Program Files\\Common Files\\Symantec Shared\\SymSHAx.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\5951F3873B3F082449139E4A2C1E760B]
"9399EE5EF9522ED40832C5941EA6F434"="02:\\SOFTWARE\\Symantec\\CCPD\\CUW\\Products\\{77CCBE0B-A541-49a9-883E-14F8337EC861}\\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\5A2056846AAAD9942A856A1CE096C9D1]
"87627777F71810443910DED1108AAD65"="C?\\Program Files\\Common Files\\Symantec Shared\\SPManifests\\SPBBC.spm"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\5AEE8DEEF66D4C94FBDD5E3DEAA42E7C]
"7E57FF1D24DDDFC40B25023BFF4FDE8B"="02:\\Software\\Symantec\\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\5C670DEFF59E3B84EA5FB1F10026D8B3]
"CBA921A9A35A90242AE15DEDFD7BCC8A"="C:\\Program Files\\Common Files\\Symantec Shared\\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\5D5E3CA2F6ABC7843ACCA3FE7FA5C2C9]
"FE2DACC32FFC736428AAAAFB7320283D"="C:\\Program Files\\Common Files\\Symantec Shared\\ccSet.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\5DC1BF2EFEBB4184A951D9DCC5DB62A9]
"9399EE5EF9522ED40832C5941EA6F434"="C?\\Program Files\\Common Files\\Symantec Shared\\CF\\cfV2Pack.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\5F0C99DF0DB59C442AA2D49772F81553]
"F525BD4F689A94249BB8248A602615AC"="C:\\Program Files\\Common Files\\Symantec Shared\\CF\\Manifests\\avCFReg.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\5F9AC449A7861694E9449DC4E2BE4F3C]
"5F1BEE43939E1A046AAB5927284A2B8C"="C?\\Program Files\\Common Files\\Symantec Shared\\Help\\V_AutoLU.chm"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\601DDF5959A6B17469A9E2FA8063F296]
"5F1BEE43939E1A046AAB5927284A2B8C"="C?\\Program Files\\Common Files\\Symantec Shared\\Help\\NAV_mon.chm"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\60370E0AF8A430549BF85B9FEF476545]
"87627777F71810443910DED1108AAD65"="C:\\Program Files\\Common Files\\Symantec Shared\\SPManifests\\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\624FFDC2268AC6C4A9E6BC5926E5A098]
"FE2DACC32FFC736428AAAAFB7320283D"="C:\\Program Files\\Common Files\\Symantec Shared\\ccL60.dll"
"00000000000000000000000000000000"="C:\\Program Files\\Common Files\\Symantec Shared\\ccL60.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\62E04A480DF861B4E83F1C76EAB4302D]
"7E57FF1D24DDDFC40B25023BFF4FDE8B"="C?\\Program Files\\Common Files\\Symantec Shared\\OPC\\{31011D49-D90C-4da0-878B-78D28AD507AF}\\CUWUtils.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\63CB6D96A48646C459D0E6A18C150B04]
"9399EE5EF9522ED40832C5941EA6F434"="C?\\Program Files\\Common Files\\Symantec Shared\\SubmissionEngine\\subeng.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6461D068520383843AD7C61C2BF18A79]
"CBA921A9A35A90242AE15DEDFD7BCC8A"="C?\\Program Files\\Common Files\\Symantec Shared\\NPC\\uiBtPlg.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6683773473EDA3B49BC8300D91088875]
"CBA921A9A35A90242AE15DEDFD7BCC8A"="C?\\Program Files\\Common Files\\Symantec Shared\\SPManifests\\npc2007.sig"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6699168B17FDA8C40A62687CD8156AD6]
"FE2DACC32FFC736428AAAAFB7320283D"="C:\\Program Files\\Common Files\\Symantec Shared\\rcErrDsp.dll"
"00000000000000000000000000000000"="C:\\Program Files\\Common Files\\Symantec Shared\\rcErrDsp.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\677714E41621C764D88777B9A656B278]
"5F1BEE43939E1A046AAB5927284A2B8C"="C?\\Program Files\\Common Files\\Symantec Shared\\Help\\NIS_007.chm"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\68A1D51404115E3428E6AC9809F5C8B4]
"5F1BEE43939E1A046AAB5927284A2B8C"="C?\\Program Files\\Common Files\\Symantec Shared\\Help\\protect.chm"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\68C950C58426CBE44B53670481C98F08]
"5F1BEE43939E1A046AAB5927284A2B8C"="C?\\Program Files\\Common Files\\Symantec Shared\\Help\\SYM_cust.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\68ED002552CC1FA4F87046DE7BB67F8C]
"CBA921A9A35A90242AE15DEDFD7BCC8A"="C?\\Program Files\\Common Files\\Symantec Shared\\NPC\\LoadOpts.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\699C1776A888F5D4B8DFFB1E683A34C8]
"FE2DACC32FFC736428AAAAFB7320283D"="C:\\Program Files\\Common Files\\Symantec Shared\\ccSetPlg.dll"
"00000000000000000000000000000000"="C:\\Program Files\\Common Files\\Symantec Shared\\ccSetPlg.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6A907D1BB1A42D64096D34B6FBB8F916]
"CBA921A9A35A90242AE15DEDFD7BCC8A"="C?\\Program Files\\Common Files\\Symantec Shared\\NPC\\NSCEXT.LOC"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6B6556A26BBEF93429B292477434D0DF]
"CBA921A9A35A90242AE15DEDFD7BCC8A"="C:\\Program Files\\Common Files\\Symantec Shared\\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6B8BBE7DC713C424B886F2EC51574EBF]
"DBC8D038866C2e949A962C2C0136230E"="C:\\Program Files\\Common Files\\Symantec Shared\\SPManifests\\NAVError.spm"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6C0536CE2171AD94ABB4E812A58C5F77]
"5F1BEE43939E1A046AAB5927284A2B8C"="C?\\Program Files\\Common Files\\Symantec Shared\\Help\\feat_sum.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6C9D4AD32A3387A43B9A505E6C9A2D10]
"7E57FF1D24DDDFC40B25023BFF4FDE8B"="C?\\Program Files\\Common Files\\Symantec Shared\\OPC\\{31011D49-D90C-4da0-878B-78D28AD507AF}\\cltUAC.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6D93A8FB377C4224C9B39D7D06668336]
"CBA921A9A35A90242AE15DEDFD7BCC8A"="C?\\Program Files\\Common Files\\Symantec Shared\\NPC\\NSCEXT.DLL"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6E6F3C7100A0DAA4ABEDD82C170B843D]
"7E57FF1D24DDDFC40B25023BFF4FDE8B"="02:\\SOFTWARE\\Symantec\\CCPD-LC\\KStore\\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\702D2440CCCD1284A864A98422E3C149]
"CBA921A9A35A90242AE15DEDFD7BCC8A"="C?\\Program Files\\Common Files\\Symantec Shared\\SymTheme\\sthmbase.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\70D2DE21FED8FF34C844F4A31D07101A]
"FE2DACC32FFC736428AAAAFB7320283D"="C:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\719B3FD4E68228741BC8E794AAAC7A82]
"5F1BEE43939E1A046AAB5927284A2B8C"="C?\\Program Files\\Common Files\\Symantec Shared\\Help\\SYM_FD.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\71AA35B41082C024BA406F92F318FDE9]
"5B3B5BFE082A52E4EBC136E4FE3EC2B1"="C:\\Program Files\\Common Files\\Symantec Shared\\AppCore\\AppTrc32.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\72C318A4B1B384747BFE1BD0CBBF1905]
"FE2DACC32FFC736428AAAAFB7320283D"="C:\\Program Files\\Common Files\\Symantec Shared\\rcSvcHst.dll"
"00000000000000000000000000000000"="C:\\Program Files\\Common Files\\Symantec Shared\\rcSvcHst.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\735ED64A94F3373499479C3363DD5270]
"7E57FF1D24DDDFC40B25023BFF4FDE8B"="C?\\Program Files\\Common Files\\Symantec Shared\\SPManifests\\DRMCOMMD.sig"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7489D7826A1E54747A3D77B7FD9E4B0A]
"CBA921A9A35A90242AE15DEDFD7BCC8A"="C?\\Program Files\\Common Files\\Symantec Shared\\NPC\\UICntnr.loc"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\756227D602203DF49B43663A2570D3BD]
"5B3B5BFE082A52E4EBC136E4FE3EC2B1"="C:\\Program Files\\Common Files\\Symantec Shared\\AppCore\\AppSet32.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\75D02AB0972BD4446B36501CFFD91CAB]
"5F1BEE43939E1A046AAB5927284A2B8C"="C?\\Program Files\\Common Files\\Symantec Shared\\Help\\options.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\78A84A0F95FB9934788C3658AB1F8861]
"BC0F80924D1CF744792AFC1C539C8F4D"="C:\\Program Files\\Common Files\\Symantec Shared\\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\78E964A783DD3CF4693C1A2A402CE86F]
"F525BD4F689A94249BB8248A602615AC"="C:\\Program Files\\Common Files\\Symantec Shared\\AntiVirus\\avCmpCtl.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\79415DF986DC0064DBE741096F4FBD06]
"7E57FF1D24DDDFC40B25023BFF4FDE8B"="C?\\Program Files\\Common Files\\Symantec Shared\\OPC\\{31011D49-D90C-4da0-878B-78D28AD507AF}\\SSAutoRN.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7A533E482821188469A3AAA5B91C5FDD]
"FE2DACC32FFC736428AAAAFB7320283D"="C:\\Program Files\\Common Files\\Symantec Shared\\MSL\\msl.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7AAFB2B3A7B0688439257DAE3A757276]
"7E57FF1D24DDDFC40B25023BFF4FDE8B"="C?\\Program Files\\Common Files\\Symantec Shared\\SPManifests\\SymCAbt.grd"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7B50EBD049034D245BACB7DF3D3F0055]
"FE2DACC32FFC736428AAAAFB7320283D"="C:\\Program Files\\Common Files\\Symantec Shared\\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7BC765E056A655144A872352F7A39131]
"7E57FF1D24DDDFC40B25023BFF4FDE8B"="02:\\SOFTWARE\\Symantec\\InstalledApps\\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7CB58150C2B06EF4490509B8371E2CA5]
"FE2DACC32FFC736428AAAAFB7320283D"="C:\\Program Files\\Common Files\\Symantec Shared\\SPManifests\\MSLight.sig"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7DCE565C976AD944DB35752586EE4592]
"9399EE5EF9522ED40832C5941EA6F434"="C?\\Program Files\\Common Files\\Symantec Shared\\SecurityHistory\\MCUI32.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7ECB3865217942B41AB986B7B99D2538]
"DBC8D038866C2e949A962C2C0136230E"="C:\\Program Files\\Common Files\\Symantec Shared\\SPManifests\\ccOEH.grd"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7F9DB744211E6514BA50BC3E1028F12B]
"9F47B39B28AE21549A6A2D6A058B0649"="C:\\Program Files\\Common Files\\Symantec Shared\\SPManifests\\srt.sig"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\80A818D6A1ABF1A4BBF6AC7AF998D80F]
"7E57FF1D24DDDFC40B25023BFF4FDE8B"="C?\\Program Files\\Common Files\\Symantec Shared\\OPC\\{31011D49-D90C-4da0-878B-78D28AD507AF}\\SubComp.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\812CEEB51755B4D44B3F599F97269B25]
"7E57FF1D24DDDFC40B25023BFF4FDE8B"="C?\\Program Files\\Common Files\\Symantec Shared\\OPC\\{31011D49-D90C-4da0-878B-78D28AD507AF}\\SubStats.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\813E4DE03DE056D4594CE53DB960DE0F]
"7E57FF1D24DDDFC40B25023BFF4FDE8B"="02:\\SOFTWARE\\Symantec\\CCPD\\CUW\\Modules\\{C3D19720-8821-48f2-A22D-2B1EB797047B}\\Path"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\819E87494C4723B45800D6033BCC1761]
"FE2DACC32FFC736428AAAAFB7320283D"="C:\\Program Files\\Common Files\\Symantec Shared\\ccProd.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\81AA100A2E724ac488BEDAFFC5D8E878]
"7E57FF1D24DDDFC40B25023BFF4FDE8B"="C:\\Program Files\\Common Files\\Symantec Shared\\OPC\\{31011D49-D90C-4da0-878B-78D28AD507AF}\\CfgWiz.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\82026C8F976DF9E46AC0B7F98CC86C5E]
"FE2DACC32FFC736428AAAAFB7320283D"="C:\\Program Files\\Common Files\\Symantec Shared\\ccEvtCli.dll"
"00000000000000000000000000000000"="C:\\Program Files\\Common Files\\Symantec Shared\\ccEvtCli.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\83A95D794C71DB64CA21B8EF9EB689F7]
"CBA921A9A35A90242AE15DEDFD7BCC8A"="02:\\Software\\Symantec\\InstalledApps\\UI"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8430E3E13F7278641A7AA895C7C4B60E]
"5F1BEE43939E1A046AAB5927284A2B8C"="C?\\Program Files\\Common Files\\Symantec Shared\\Help\\NAV_pvnt.chm"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\85A6640347184DE419174A7D938EE4A3]
"FE2DACC32FFC736428AAAAFB7320283D"="C:\\Program Files\\Common Files\\Symantec Shared\\ccEvtMgr.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\85D44A05508AE7443A1F82B7DDDEB1CB]
"5F1BEE43939E1A046AAB5927284A2B8C"="C?\\Program Files\\Common Files\\Symantec Shared\\Help\\Msg_Cntr.chm"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\86095466B37C0E2439C999C8734ACE74]
"FE2DACC32FFC736428AAAAFB7320283D"="C:\\Program Files\\Common Files\\Symantec Shared\\ccAlert.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\86C7F2CA1A7502E4AA21DBC828E43D73]
"F525BD4F689A94249BB8248A602615AC"="C:\\Documents and Settings\\All Users\\Application Data\\Symantec\\SyKnAppS\\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\86F36A5371A5926459BD23CDEB5AE140]
"9399EE5EF9522ED40832C5941EA6F434"="C?\\Program Files\\Common Files\\Symantec Shared\\SPManifests\\VTCache.spm"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\87A01E22DCC00034CA932177193A5A03]
"CBA921A9A35A90242AE15DEDFD7BCC8A"="C?\\Program Files\\Common Files\\Symantec Shared\\NPC\\DataPvdr.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\883F13DB8610B244B9E727C5F10E1465]
"BC0F80924D1CF744792AFC1C539C8F4D"="C?\\Program Files\\Common Files\\Symantec Shared\\Firewall\\FWAgent.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\89E7B5F349C256D4CA0F57CE71A0D514]
"BC0F80924D1CF744792AFC1C539C8F4D"="C:\\Program Files\\Common Files\\Symantec Shared\\Firewall\\FWSetup.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8A496394D4654AD42B68DFDFFEDCD6CB]
"7E57FF1D24DDDFC40B25023BFF4FDE8B"="C:\\Program Files\\Common Files\\Symantec Shared\\SPManifests\\symcleng.sig"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8B4CC2ABC1F3E914897FD80A7A8DA80E]
"5F1BEE43939E1A046AAB5927284A2B8C"="C?\\Program Files\\Common Files\\Symantec Shared\\Help\\SYM_mon.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8C6688A07C89DA346B6E8582B04E03D8]
"DBC8D038866C2e949A962C2C0136230E"="C?\\Program Files\\Common Files\\Symantec Shared\\SPManifests\\Scnrs.grd"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8D3671FF4AD564D488E28B9D03A10373]
"DBC8D038866C2e949A962C2C0136230E"="C:\\Program Files\\Common Files\\Symantec Shared\\SPManifests\\Navw32.spm"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8E1B2A6B4A713234CBD7E11E945FC970]
"5F1BEE43939E1A046AAB5927284A2B8C"="C?\\Program Files\\Common Files\\Symantec Shared\\Help\\NAV_dis.chm"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8EF9EE1FC66940B468785FE27846A4B5]
"FE2DACC32FFC736428AAAAFB7320283D"="C:\\Program Files\\Common Files\\Symantec Shared\\"Taitaa olla helpompi tehdä näin: lataa Nortonin poistotyökalu tuolta
http://service1.symantec.com/support/inter/tsgeninfointl.nsf/fi_docid/20050411155204924?Open&src=&docid=20040622135741928&nsf=SUPPORT\INTER\nisintl.n
ja aja se ohjeiden mukaan.
Kerro kuinka onnistui :) - aatu
axa.doe kirjoitti:
Taitaa olla helpompi tehdä näin: lataa Nortonin poistotyökalu tuolta
http://service1.symantec.com/support/inter/tsgeninfointl.nsf/fi_docid/20050411155204924?Open&src=&docid=20040622135741928&nsf=SUPPORT\INTER\nisintl.n
ja aja se ohjeiden mukaan.
Kerro kuinka onnistui :)morjes, viellä löytyy symantecin tiedostoja tuolla regsearch.exe ohjelmalla... aika sitkaassa ovat :)
- axa.doe
aatu kirjoitti:
morjes, viellä löytyy symantecin tiedostoja tuolla regsearch.exe ohjelmalla... aika sitkaassa ovat :)
Katotaas millasia, tee uusi haku vielä ja lähetä ne näytille.
Lähetä samalla uusi hijack logi. - aatu
axa.doe kirjoitti:
Katotaas millasia, tee uusi haku vielä ja lähetä ne näytille.
Lähetä samalla uusi hijack logi.Windows Registry Editor Version 5.00
; Registry Search 2.0 by Bobbi Flekman © 2005
; Version: 2.0.5.0
; Results at 2008-02-09 14:16:05 for strings:
; 'symantec'
; Strings excluded from search:
; (None)
; Search in:
; Registry Keys Registry Values Registry Data
; HKEY_LOCAL_MACHINE HKEY_USERS
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{E39D1C81-7E76-4d84-9F25-E2CC76EC050B}]
"LocalService"="Symantec Core LC"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{60C70E11-2B08-4798-B366-C8450CDA7B1A}\LocalServer32]
@="C:\\Program Files\\Common Files\\Symantec Shared\\CCPD-LC\\symlcsvc.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{54635C92-DFAF-4A99-8802-92FB068A6154}\1.0]
@="Symantec Core LC Type Library"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{54635C92-DFAF-4A99-8802-92FB068A6154}\1.0\0\win32]
@="C:\\Program Files\\Common Files\\Symantec Shared\\CCPD-LC\\symlcsvc.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{54635C92-DFAF-4A99-8802-92FB068A6154}\1.0\HELPDIR]
@="C:\\Program Files\\Common Files\\Symantec Shared\\CCPD-LC\\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"c:\\Documents and Settings\\All Users\\Application Data\\Symantec\\Common Client\\"="1"
"C:\\Program Files\\Common Files\\Symantec Shared\\MSL\\"=""
"C:\\Documents and Settings\\All Users\\Application Data\\Symantec\\SubEng\\Temp\\"="1"
"C:\\Documents and Settings\\All Users\\Application Data\\Symantec\\SubEng\\"="1"
"C:\\Program Files\\Common Files\\Symantec Shared\\CF\\Manifests\\"=""
"C:\\Program Files\\Common Files\\Symantec Shared\\CF\\"=""
"C:\\Program Files\\Common Files\\Symantec Shared\\Options\\"=""
"C:\\Program Files\\Common Files\\Symantec Shared\\SecurityHistory\\"=""
"C:\\Program Files\\Common Files\\Symantec Shared\\SubmissionEngine\\"=""
"C:\\Program Files\\Common Files\\Symantec Shared\\NPC\\"="1"
"C:\\Program Files\\Common Files\\Symantec Shared\\SymTheme\\"="1"
"C:\\Program Files\\Common Files\\Symantec Shared\\SymTheme\\1.0\\"=""
"C:\\Program Files\\Common Files\\Symantec Shared\\SymHTML\\1.0\\"=""
"C:\\Program Files\\Common Files\\Symantec Shared\\SymHTML\\"=""
"C:\\Program Files\\Common Files\\Symantec Shared\\OPC\\{31011D49-D90C-4da0-878B-78D28AD507AF}\\"=""
"C:\\Program Files\\Common Files\\Symantec Shared\\OPC\\"=""
"C:\\Program Files\\Common Files\\Symantec Shared\\IDS\\"="1"
"C:\\Documents and Settings\\All Users\\Application Data\\Symantec\\IDS\\"="1"
"C:\\Program Files\\Common Files\\Symantec Shared\\AppCore\\"=""
"C:\\Program Files\\Common Files\\Symantec Shared\\COH\\"="1"
"C:\\Documents and Settings\\All Users\\Application Data\\Symantec\\Shared\\QBackup\\"="1"
"C:\\Documents and Settings\\All Users\\Application Data\\Symantec\\Shared\\"="1"
"C:\\Documents and Settings\\All Users\\Application Data\\Symantec\\SyKnAppS\\Freezer\\"="1"
"C:\\Documents and Settings\\All Users\\Application Data\\Symantec\\SyKnAppS\\"="1"
"C:\\Documents and Settings\\All Users\\Application Data\\Symantec\\SyKnAppS\\LiveUpdate\\"="1"
"C:\\Documents and Settings\\All Users\\Application Data\\Symantec\\SyKnAppS\\Updates\\"="1"
"C:\\Program Files\\Common Files\\Symantec Shared\\AntiVirus\\"=""
"C:\\Documents and Settings\\All Users\\Application Data\\Symantec\\SRTSP\\SrtETmp\\"="1"
"C:\\Documents and Settings\\All Users\\Application Data\\Symantec\\SRTSP\\"="1"
"C:\\Program Files\\Common Files\\Symantec Shared\\SRTSP\\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1320AC6CA3C6BE348BCCF3A944187592]
"00000000000000000000000000000000"="C:\\Program Files\\Common Files\\Symantec Shared\\SymTheme\\1.0\\SymTheme.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\37CD63D80A9C6E94FB16F99570330B3E]
"00000000000000000000000000000000"="C:\\Program Files\\Common Files\\Symantec Shared\\SymHTML\\1.0\\SymHTML.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\624FFDC2268AC6C4A9E6BC5926E5A098]
"00000000000000000000000000000000"="C:\\Program Files\\Common Files\\Symantec Shared\\ccL60.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B2B10810A354175489D0CE7F0B77DEF4]
"00000000000000000000000000000000"="C:\\Program Files\\Common Files\\Symantec Shared\\ccL60U.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Symantec]
[HKEY_LOCAL_MACHINE\SOFTWARE\Symantec\CCPD-LC]
[HKEY_LOCAL_MACHINE\SOFTWARE\Symantec\CCPD-LC\KStore]
[HKEY_LOCAL_MACHINE\SOFTWARE\Symantec\CCPD-LC\KStore\00000082]
[HKEY_LOCAL_MACHINE\SOFTWARE\Symantec\CCPD-LC\KStore\00000082\0000001f]
[HKEY_LOCAL_MACHINE\SOFTWARE\Symantec\CCPD-LC\KStore\00000082\0000001f\0000005e]
[HKEY_LOCAL_MACHINE\SOFTWARE\Symantec\CCPD-LC\KStore\00000082\00000046]
[HKEY_LOCAL_MACHINE\SOFTWARE\Symantec\CCPD-LC\KStore\00000082\00000046\000000b5]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\BackupRestore\FilesNotToBackup]
; Contents of value:
; C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsys.dll
; C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcrst.dll
;
"Symantec Core Components"=hex(7):43,00,3a,00,5c,00,50,00,72,00,6f,00,67,00,72,\
00,61,00,6d,00,20,00,46,00,69,00,6c,00,65,00,73,00,5c,00,43,00,6f,00,6d,00,\
6d,00,6f,00,6e,00,20,00,46,00,69,00,6c,00,65,00,73,00,5c,00,53,00,79,00,6d,\
00,61,00,6e,00,74,00,65,00,63,00,20,00,53,00,68,00,61,00,72,00,65,00,64,00,\
5c,00,43,00,43,00,50,00,44,00,2d,00,4c,00,43,00,5c,00,73,00,79,00,6d,00,6c,\
00,63,00,73,00,79,00,73,00,2e,00,64,00,6c,00,6c,00,00,00,43,00,3a,00,5c,00,\
50,00,72,00,6f,00,67,00,72,00,61,00,6d,00,20,00,46,00,69,00,6c,00,65,00,73,\
00,5c,00,43,00,6f,00,6d,00,6d,00,6f,00,6e,00,20,00,46,00,69,00,6c,00,65,00,\
73,00,5c,00,53,00,79,00,6d,00,61,00,6e,00,74,00,65,00,63,00,20,00,53,00,68,\
00,61,00,72,00,65,00,64,00,5c,00,43,00,43,00,50,00,44,00,2d,00,4c,00,43,00,\
5c,00,73,00,79,00,6d,00,6c,00,63,00,72,00,73,00,74,00,2e,00,64,00,6c,00,6c,\
00,00,00,00,00
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\ServiceGroupOrder]
; Contents of value:
; System Reserved
; Boot Bus Extender
; System Bus Extender
; SCSI miniport
; Port
; Primary Disk
; SCSI Class
; SCSI CDROM Class
; FSFilter Infrastructure
; FSFilter System
; FSFilter Bottom
; FSFilter Copy Protection
; FSFilter Security Enhancer
; FSFilter Open File
; FSFilter Physical Quota Management
; FSFilter Encryption
; FSFilter Compression
; FSFilter HSM
; FSFilter Cluster File System
; FSFilter System Recovery
; FSFilter Quota Management
; FSFilter Content Screener
; FSFilter Continuous Backup
; FSFilter Replication
; FSFilter Anti-Virus
; FSFilter Undelete
; FSFilter Activity Monitor
; FSFilter Top
; Filter
; Boot File System
; Base
; Pointer Port
; Keyboard Port
; Pointer Class
; Keyboard Class
; Video Init
; Video
; Video Save
; File System
; Event Log
; Streams Drivers
; NDIS Wrapper
; COM Infrastructure
; UIGroup
; LocalValidation
; PlugPlay
; PNP_TDI
; NDIS
; TDI
; Symantec Core Services
; Symantec Services
; NetBIOSGroup
; ShellSvcGroup
; SchedulerGroup
; SpoolerGroup
; AudioGroup
; SmartCardGroup
; NetworkProvider
; RemoteValidation
; NetDDEGroup
; Parallel arbitrator
; Extended Base
; PCI Configuration
; MS Transactions
;
"List"=hex(7):53,00,79,00,73,00,74,00,65,00,6d,00,20,00,52,00,65,00,73,00,65,\
00,72,00,76,00,65,00,64,00,00,00,42,00,6f,00,6f,00,74,00,20,00,42,00,75,00,\
73,00,20,00,45,00,78,00,74,00,65,00,6e,00,64,00,65,00,72,00,00,00,53,00,79,\
00,73,00,74,00,65,00,6d,00,20,00,42,00,75,00,73,00,20,00,45,00,78,00,74,00,\
65,00,6e,00,64,00,65,00,72,00,00,00,53,00,43,00,53,00,49,00,20,00,6d,00,69,\
00,6e,00,69,00,70,00,6f,00,72,00,74,00,00,00,50,00,6f,00,72,00,74,00,00,00,\
50,00,72,00,69,00,6d,00,61,00,72,00,79,00,20,00,44,00,69,00,73,00,6b,00,00,\
00,53,00,43,00,53,00,49,00,20,00,43,00,6c,00,61,00,73,00,73,00,00,00,53,00,\
43,00,53,00,49,00,20,00,43,00,44,00,52,00,4f,00,4d,00,20,00,43,00,6c,00,61,\
00,73,00,73,00,00,00,46,00,53,00,46,00,69,00,6c,00,74,00,65,00,72,00,20,00,\
49,00,6e,00,66,00,72,00,61,00,73,00,74,00,72,00,75,00,63,00,74,00,75,00,72,\
00,65,00,00,00,46,00,53,00,46,00,69,00,6c,00,74,00,65,00,72,00,20,00,53,00,\
79,00,73,00,74,00,65,00,6d,00,00,00,46,00,53,00,46,00,69,00,6c,00,74,00,65,\
00,72,00,20,00,42,00,6f,00,74,00,74,00,6f,00,6d,00,00,00,46,00,53,00,46,00,\
69,00,6c,00,74,00,65,00,72,00,20,00,43,00,6f,00,70,00,79,00,20,00,50,00,72,\
00,6f,00,74,00,65,00,63,00,74,00,69,00,6f,00,6e,00,00,00,46,00,53,00,46,00,\
69,00,6c,00,74,00,65,00,72,00,20,00,53,00,65,00,63,00,75,00,72,00,69,00,74,\
00,79,00,20,00,45,00,6e,00,68,00,61,00,6e,00,63,00,65,00,72,00,00,00,46,00,\
53,00,46,00,69,00,6c,00,74,00,65,00,72,00,20,00,4f,00,70,00,65,00,6e,00,20,\
00,46,00,69,00,6c,00,65,00,00,00,46,00,53,00,46,00,69,00,6c,00,74,00,65,00,\
72,00,20,00,50,00,68,00,79,00,73,00,69,00,63,00,61,00,6c,00,20,00,51,00,75,\
00,6f,00,74,00,61,00,20,00,4d,00,61,00,6e,00,61,00,67,00,65,00,6d,00,65,00,\
6e,00,74,00,00,00,46,00,53,00,46,00,69,00,6c,00,74,00,65,00,72,00,20,00,45,\
00,6e,00,63,00,72,00,79,00,70,00,74,00,69,00,6f,00,6e,00,00,00,46,00,53,00,\
46,00,69,00,6c,00,74,00,65,00,72,00,20,00,43,00,6f,00,6d,00,70,00,72,00,65,\
00,73,00,73,00,69,00,6f,00,6e,00,00,00,46,00,53,00,46,00,69,00,6c,00,74,00,\
65,00,72,00,20,00,48,00,53,00,4d,00,00,00,46,00,53,00,46,00,69,00,6c,00,74,\
00,65,00,72,00,20,00,43,00,6c,00,75,00,73,00,74,00,65,00,72,00,20,00,46,00,\
69,00,6c,00,65,00,20,00,53,00,79,00,73,00,74,00,65,00,6d,00,00,00,46,00,53,\
00,46,00,69,00,6c,00,74,00,65,00,72,00,20,00,53,00,79,00,73,00,74,00,65,00,\
6d,00,20,00,52,00,65,00,63,00,6f,00,76,00,65,00,72,00,79,00,00,00,46,00,53,\
00,46,00,69,00,6c,00,74,00,65,00,72,00,20,00,51,00,75,00,6f,00,74,00,61,00,\
20,00,4d,00,61,00,6e,00,61,00,67,00,65,00,6d,00,65,00,6e,00,74,00,00,00,46,\
00,53,00,46,00,69,00,6c,00,74,00,65,00,72,00,20,00,43,00,6f,00,6e,00,74,00,\
65,00,6e,00,74,00,20,00,53,00,63,00,72,00,65,00,65,00,6e,00,65,00,72,00,00,\
00,46,00,53,00,46,00,69,00,6c,00,74,00,65,00,72,00,20,00,43,00,6f,00,6e,00,\
74,00,69,00,6e,00,75,00,6f,00,75,00,73,00,20,00,42,00,61,00,63,00,6b,00,75,\
00,70,00,00,00,46,00,53,00,46,00,69,00,6c,00,74,00,65,00,72,00,20,00,52,00,\
65,00,70,00,6c,00,69,00,63,00,61,00,74,00,69,00,6f,00,6e,00,00,00,46,00,53,\
00,46,00,69,00,6c,00,74,00,65,00,72,00,20,00,41,00,6e,00,74,00,69,00,2d,00,\
56,00,69,00,72,00,75,00,73,00,00,00,46,00,53,00,46,00,69,00,6c,00,74,00,65,\
00,72,00,20,00,55,00,6e,00,64,00,65,00,6c,00,65,00,74,00,65,00,00,00,46,00,\
53,00,46,00,69,00,6c,00,74,00,65,00,72,00,20,00,41,00,63,00,74,00,69,00,76,\
00,69,00,74,00,79,00,20,00,4d,00,6f,00,6e,00,69,00,74,00,6f,00,72,00,00,00,\
46,00,53,00,46,00,69,00,6c,00,74,00,65,00,72,00,20,00,54,00,6f,00,70,00,00,\
00,46,00,69,00,6c,00,74,00,65,00,72,00,00,00,42,00,6f,00,6f,00,74,00,20,00,\
46,00,69,00,6c,00,65,00,20,00,53,00,79,00,73,00,74,00,65,00,6d,00,00,00,42,\
00,61,00,73,00,65,00,00,00,50,00,6f,00,69,00,6e,00,74,00,65,00,72,00,20,00,\
50,00,6f,00,72,00,74,00,00,00,4b,00,65,00,79,00,62,00,6f,00,61,00,72,00,64,\
00,20,00,50,00,6f,00,72,00,74,00,00,00,50,00,6f,00,69,00,6e,00,74,00,65,00,\
72,00,20,00,43,00,6c,00,61,00,73,00,73,00,00,00,4b,00,65,00,79,00,62,00,6f,\
00,61,00,72,00,64,00,20,00,43,00,6c,00,61,00,73,00,73,00,00,00,56,00,69,00,\
64,00,65,00,6f,00,20,00,49,00,6e,00,69,00,74,00,00,00,56,00,69,00,64,00,65,\
00,6f,00,00,00,56,00,69,00,64,00,65,00,6f,00,20,00,53,00,61,00,76,00,65,00,\
00,00,46,00,69,00,6c,00,65,00,20,00,53,00,79,00,73,00,74,00,65,00,6d,00,00,\
00,45,00,76,00,65,00,6e,00,74,00,20,00,4c,00,6f,00,67,00,00,00,53,00,74,00,\
72,00,65,00,61,00,6d,00,73,00,20,00,44,00,72,00,69,00,76,00,65,00,72,00,73,\
00,00,00,4e,00,44,00,49,00,53,00,20,00,57,00,72,00,61,00,70,00,70,00,65,00,\
72,00,00,00,43,00,4f,00,4d,00,20,00,49,00,6e,00,66,00,72,00,61,00,73,00,74,\
00,72,00,75,00,63,00,74,00,75,00,72,00,65,00,00,00,55,00,49,00,47,00,72,00,\
6f,00,75,00,70,00,00,00,4c,00,6f,00,63,00,61,00,6c,00,56,00,61,00,6c,00,69,\
00,64,00,61,00,74,00,69,00,6f,00,6e,00,00,00,50,00,6c,00,75,00,67,00,50,00,\
6c,00,61,00,79,00,00,00,50,00,4e,00,50,00,5f,00,54,00,44,00,49,00,00,00,4e,\
00,44,00,49,00,53,00,00,00,54,00,44,00,49,00,00,00,53,00,79,00,6d,00,61,00,\
6e,00,74,00,65,00,63,00,20,00,43,00,6f,00,72,00,65,00,20,00,53,00,65,00,72,\
00,76,00,69,00,63,00,65,00,73,00,00,00,53,00,79,00,6d,00,61,00,6e,00,74,00,\
65,00,63,00,20,00,53,00,65,00,72,00,76,00,69,00,63,00,65,00,73,00,00,00,4e,\
00,65,00,74,00,42,00,49,00,4f,00,53,00,47,00,72,00,6f,00,75,00,70,00,00,00,\
53,00,68,00,65,00,6c,00,6c,00,53,00,76,00,63,00,47,00,72,00,6f,00,75,00,70,\
00,00,00,53,00,63,00,68,00,65,00,64,00,75,00,6c,00,65,00,72,00,47,00,72,00,\
6f,00,75,00,70,00,00,00,53,00,70,00,6f,00,6f,00,6c,00,65,00,72,00,47,00,72,\
00,6f,00,75,00,70,00,00,00,41,00,75,00,64,00,69,00,6f,00,47,00,72,00,6f,00,\
75,00,70,00,00,00,53,00,6d,00,61,00,72,00,74,00,43,00,61,00,72,00,64,00,47,\
00,72,00,6f,00,75,00,70,00,00,00,4e,00,65,00,74,00,77,00,6f,00,72,00,6b,00,\
50,00,72,00,6f,00,76,00,69,00,64,00,65,00,72,00,00,00,52,00,65,00,6d,00,6f,\
00,74,00,65,00,56,00,61,00,6c,00,69,00,64,00,61,00,74,00,69,00,6f,00,6e,00,\
00,00,4e,00,65,00,74,00,44,00,44,00,45,00,47,00,72,00,6f,00,75,00,70,00,00,\
00,50,00,61,00,72,00,61,00,6c,00,6c,00,65,00,6c,00,20,00,61,00,72,00,62,00,\
69,00,74,00,72,00,61,00,74,00,6f,00,72,00,00,00,45,00,78,00,74,00,65,00,6e,\
00,64,00,65,00,64,00,20,00,42,00,61,00,73,00,65,00,00,00,50,00,43,00,49,00,\
20,00,43,00,6f,00,6e,00,66,00,69,00,67,00,75,00,72,00,61,00,74,00,69,00,6f,\
00,6e,00,00,00,4d,00,53,00,20,00,54,00,72,00,61,00,6e,00,73,00,61,00,63,00,\
74,00,69,00,6f,00,6e,00,73,00,00,00,00,00
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\VirtualDeviceDrivers]
; Contents of value:
; C:\PROGRA~1\Symantec\S32EVNT1.DLL
;
"VDD"=hex(7):43,00,3a,00,5c,00,50,00,52,00,4f,00,47,00,52,00,41,00,7e,00,31,00,\
5c,00,53,00,79,00,6d,00,61,00,6e,00,74,00,65,00,63,00,5c,00,53,00,33,00,32,\
00,45,00,56,00,4e,00,54,00,31,00,2e,00,44,00,4c,00,4c,00,00,00,00,00
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_CCSETMGR\0000]
"DeviceDesc"="Symantec Settings Manager"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\BackupRestore\FilesNotToBackup]
; Contents of value:
; C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsys.dll
; C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcrst.dll
;
"Symantec Core Components"=hex(7):43,00,3a,00,5c,00,50,00,72,00,6f,00,67,00,72,\
00,61,00,6d,00,20,00,46,00,69,00,6c,00,65,00,73,00,5c,00,43,00,6f,00,6d,00,\
6d,00,6f,00,6e,00,20,00,46,00,69,00,6c,00,65,00,73,00,5c,00,53,00,79,00,6d,\
00,61,00,6e,00,74,00,65,00,63,00,20,00,53,00,68,00,61,00,72,00,65,00,64,00,\
5c,00,43,00,43,00,50,00,44,00,2d,00,4c,00,43,00,5c,00,73,00,79,00,6d,00,6c,\
00,63,00,73,00,79,00,73,00,2e,00,64,00,6c,00,6c,00,00,00,43,00,3a,00,5c,00,\
50,00,72,00,6f,00,67,00,72,00,61,00,6d,00,20,00,46,00,69,00,6c,00,65,00,73,\
00,5c,00,43,00,6f,00,6d,00,6d,00,6f,00,6e,00,20,00,46,00,69,00,6c,00,65,00,\
73,00,5c,00,53,00,79,00,6d,00,61,00,6e,00,74,00,65,00,63,00,20,00,53,00,68,\
00,61,00,72,00,65,00,64,00,5c,00,43,00,43,00,50,00,44,00,2d,00,4c,00,43,00,\
5c,00,73,00,79,00,6d,00,6c,00,63,00,72,00,73,00,74,00,2e,00,64,00,6c,00,6c,\
00,00,00,00,00
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\ServiceGroupOrder]
; Contents of value:
; System Reserved
; Boot Bus Extender
; System Bus Extender
; SCSI miniport
; Port
; Primary Disk
; SCSI Class
; SCSI CDROM Class
; FSFilter Infrastructure
; FSFilter System
; FSFilter Bottom
; FSFilter Copy Protection
; FSFilter Security Enhancer
; FSFilter Open File
; FSFilter Physical Quota Management
; FSFilter Encryption
; FSFilter Compression
; FSFilter HSM
; FSFilter Cluster File System
; FSFilter System Recovery
; FSFilter Quota Management
; FSFilter Content Screener
; FSFilter Continuous Backup
; FSFilter Replication
; FSFilter Anti-Virus
; FSFilter Undelete
; FSFilter Activity Monitor
; FSFilter Top
; Filter
; Boot File System
; Base
; Pointer Port
; Keyboard Port
; Pointer Class
; Keyboard Class
; Video Init
; Video
; Video Save
; File System
; Event Log
; Streams Drivers
; NDIS Wrapper
; COM Infrastructure
; UIGroup
; LocalValidation
; PlugPlay
; PNP_TDI
; NDIS
; TDI
; Symantec Core Services
; Symantec Services
; NetBIOSGroup
; ShellSvcGroup
; SchedulerGroup
; SpoolerGroup
; AudioGroup
; SmartCardGroup
; NetworkProvider
; RemoteValidation
; NetDDEGroup
; Parallel arbitrator
; Extended Base
; PCI Configuration
; MS Transactions
;
"List"=hex(7):53,00,79,00,73,00,74,00,65,00,6d,00,20,00,52,00,65,00,73,00,65,\
00,72,00,76,00,65,00,64,00,00,00,42,00,6f,00,6f,00,74,00,20,00,42,00,75,00,\
73,00,20,00,45,00,78,00,74,00,65,00,6e,00,64,00,65,00,72,00,00,00,53,00,79,\
00,73,00,74,00,65,00,6d,00,20,00,42,00,75,00,73,00,20,00,45,00,78,00,74,00,\
65,00,6e,00,64,00,65,00,72,00,00,00,53,00,43,00,53,00,49,00,20,00,6d,00,69,\
00,6e,00,69,00,70,00,6f,00,72,00,74,00,00,00,50,00,6f,00,72,00,74,00,00,00,\
50,00,72,00,69,00,6d,00,61,00,72,00,79,00,20,00,44,00,69,00,73,00,6b,00,00,\
00,53,00,43,00,53,00,49,00,20,00,43,00,6c,00,61,00,73,00,73,00,00,00,53,00,\
43,00,53,00,49,00,20,00,43,00,44,00,52,00,4f,00,4d,00,20,00,43,00,6c,00,61,\
00,73,00,73,00,00,00,46,00,53,00,46,00,69,00,6c,00,74,00,65,00,72,00,20,00,\
49,00,6e,00,66,00,72,00,61,00,73,00,74,00,72,00,75,00,63,00,74,00,75,00,72,\
00,65,00,00,00,46,00,53,00,46,00,69,00,6c,00,74,00,65,00,72,00,20,00,53,00,\
79,00,73,00,74,00,65,00,6d,00,00,00,46,00,53,00,46,00,69,00,6c,00,74,00,65,\
00,72,00,20,00,42,00,6f,00,74,00,74,00,6f,00,6d,00,00,00,46,00,53,00,46,00,\
69,00,6c,00,74,00,65,00,72,00,20,00,43,00,6f,00,70,00,79,00,20,00,50,00,72,\
00,6f,00,74,00,65,00,63,00,74,00,69,00,6f,00,6e,00,00,00,46,00,53,00,46,00,\
69,00,6c,00,74,00,65,00,72,00,20,00,53,00,65,00,63,00,75,00,72,00,69,00,74,\
00,79,00,20,00,45,00,6e,00,68,00,61,00,6e,00,63,00,65,00,72,00,00,00,46,00,\
53,00,46,00,69,00,6c,00,74,00,65,00,72,00,20,00,4f,00,70,00,65,00,6e,00,20,\
00,46,00,69,00,6c,00,65,00,00,00,46,00,53,00,46,00,69,00,6c,00,74,00,65,00,\
72,00,20,00,50,00,68,00,79,00,73,00,69,00,63,00,61,00,6c,00,20,00,51,00,75,\
00,6f,00,74,00,61,00,20,00,4d,00,61,00,6e,00,61,00,67,00,65,00,6d,00,65,00,\
6e,00,74,00,00,00,46,00,53,00,46,00,69,00,6c,00,74,00,65,00,72,00,20,00,45,\
00,6e,00,63,00,72,00,79,00,70,00,74,00,69,00,6f,00,6e,00,00,00,46,00,53,00,\
46,00,69,00,6c,00,74,00,65,00,72,00,20,00,43,00,6f,00,6d,00,70,00,72,00,65,\
00,73,00,73,00,69,00,6f,00,6e,00,00,00,46,00,53,00,46,00,69,00,6c,00,74,00,\
65,00,72,00,20,00,48,00,53,00,4d,00,00,00,46,00,53,00,46,00,69,00,6c,00,74,\
00,65,00,72,00,20,00,43,00,6c,00,75,00,73,00,74,00,65,00,72,00,20,00,46,00,\
69,00,6c,00,65,00,20,00,53,00,79,00,73,00,74,00,65,00,6d,00,00,00,46,00,53,\
00,46,00,69,00,6c,00,74,00,65,00,72,00,20,00,53,00,79,00,73,00,74,00,65,00,\
6d,00,20,00,52,00,65,00,63,00,6f,00,76,00,65,00,72,00,79,00,00,00,46,00,53,\
00,46,00,69,00,6c,00,74,00,65,00,72,00,20,00,51,00,75,00,6f,00,74,00,61,00,\
20,00,4d,00,61,00,6e,00,61,00,67,00,65,00,6d,00,65,00,6e,00,74,00,00,00,46,\
00,53,00,46,00,69,00,6c,00,74,00,65,00,72,00,20,00,43,00,6f,00,6e,00,74,00,\
65,00,6e,00,74,00,20,00,53,00,63,00,72,00,65,00,65,00,6e,00,65,00,72,00,00,\
00,46,00,53,00,46,00,69,00,6c,00,74,00,65,00,72,00,20,00,43,00,6f,00,6e,00,\
74,00,69,00,6e,00,75,00,6f,00,75,00,73,00,20,00,42,00,61,00,63,00,6b,00,75,\
00,70,00,00,00,46,00,53,00,46,00,69,00,6c,00,74,00,65,00,72,00,20,00,52,00,\
65,00,70,00,6c,00,69,00,63,00,61,00,74,00,69,00,6f,00,6e,00,00,00,46,00,53,\
00,46,00,69,00,6c,00,74,00,65,00,72,00,20,00,41,00,6e,00,74,00,69,00,2d,00,\
56,00,69,00,72,00,75,00,73,00,00,00,46,00,53,00,46,00,69,00,6c,00,74,00,65,\
00,72,00,20,00,55,00,6e,00,64,00,65,00,6c,00,65,00,74,00,65,00,00,00,46,00,\
53,00,46,00,69,00,6c,00,74,00,65,00,72,00,20,00,41,00,63,00,74,00,69,00,76,\
00,69,00,74,00,79,00,20,00,4d,00,6f,00,6e,00,69,00,74,00,6f,00,72,00,00,00,\
46,00,53,00,46,00,69,00,6c,00,74,00,65,00,72,00,20,00,54,00,6f,00,70,00,00,\
00,46,00,69,00,6c,00,74,00,65,00,72,00,00,00,42,00,6f,00,6f,00,74,00,20,00,\
46,00,69,00,6c,00,65,00,20,00,53,00,79,00,73,00,74,00,65,00,6d,00,00,00,42,\
00,61,00,73,00,65,00,00,00,50,00,6f,00,69,00,6e,00,74,00,65,00,72,00,20,00,\
50,00,6f,00,72,00,74,00,00,00,4b,00,65,00,79,00,62,00,6f,00,61,00,72,00,64,\
00,20,00,50,00,6f,00,72,00,74,00,00,00,50,00,6f,00,69,00,6e,00,74,00,65,00,\
72,00,20,00,43,00,6c,00,61,00,73,00,73,00,00,00,4b,00,65,00,79,00,62,00,6f,\
00,61,00,72,00,64,00,20,00,43,00,6c,00,61,00,73,00,73,00,00,00,56,00,69,00,\
64,00,65,00,6f,00,20,00,49,00,6e,00,69,00,74,00,00,00,56,00,69,00,64,00,65,\
00,6f,00,00,00,56,00,69,00,64,00,65,00,6f,00,20,00,53,00,61,00,76,00,65,00,\
00,00,46,00,69,00,6c,00,65,00,20,00,53,00,79,00,73,00,74,00,65,00,6d,00,00,\
00,45,00,76,00,65,00,6e,00,74,00,20,00,4c,00,6f,00,67,00,00,00,53,00,74,00,\
72,00,65,00,61,00,6d,00,73,00,20,00,44,00,72,00,69,00,76,00,65,00,72,00,73,\
00,00,00,4e,00,44,00,49,00,53,00,20,00,57,00,72,00,61,00,70,00,70,00,65,00,\
72,00,00,00,43,00,4f,00,4d,00,20,00,49,00,6e,00,66,00,72,00,61,00,73,00,74,\
00,72,00,75,00,63,00,74,00,75,00,72,00,65,00,00,00,55,00,49,00,47,00,72,00,\
6f,00,75,00,70,00,00,00,4c,00,6f,00,63,00,61,00,6c,00,56,00,61,00,6c,00,69,\
00,64,00,61,00,74,00,69,00,6f,00,6e,00,00,00,50,00,6c,00,75,00,67,00,50,00,\
6c,00,61,00,79,00,00,00,50,00,4e,00,50,00,5f,00,54,00,44,00,49,00,00,00,4e,\
00,44,00,49,00,53,00,00,00,54,00,44,00,49,00,00,00,53,00,79,00,6d,00,61,00,\
6e,00,74,00,65,00,63,00,20,00,43,00,6f,00,72,00,65,00,20,00,53,00,65,00,72,\
00,76,00,69,00,63,00,65,00,73,00,00,00,53,00,79,00,6d,00,61,00,6e,00,74,00,\
65,00,63,00,20,00,53,00,65,00,72,00,76,00,69,00,63,00,65,00,73,00,00,00,4e,\
00,65,00,74,00,42,00,49,00,4f,00,53,00,47,00,72,00,6f,00,75,00,70,00,00,00,\
53,00,68,00,65,00,6c,00,6c,00,53,00,76,00,63,00,47,00,72,00,6f,00,75,00,70,\
00,00,00,53,00,63,00,68,00,65,00,64,00,75,00,6c,00,65,00,72,00,47,00,72,00,\
6f,00,75,00,70,00,00,00,53,00,70,00,6f,00,6f,00,6c,00,65,00,72,00,47,00,72,\
00,6f,00,75,00,70,00,00,00,41,00,75,00,64,00,69,00,6f,00,47,00,72,00,6f,00,\
75,00,70,00,00,00,53,00,6d,00,61,00,72,00,74,00,43,00,61,00,72,00,64,00,47,\
00,72,00,6f,00,75,00,70,00,00,00,4e,00,65,00,74,00,77,00,6f,00,72,00,6b,00,\
50,00,72,00,6f,00,76,00,69,00,64,00,65,00,72,00,00,00,52,00,65,00,6d,00,6f,\
00,74,00,65,00,56,00,61,00,6c,00,69,00,64,00,61,00,74,00,69,00,6f,00,6e,00,\
00,00,4e,00,65,00,74,00,44,00,44,00,45,00,47,00,72,00,6f,00,75,00,70,00,00,\
00,50,00,61,00,72,00,61,00,6c,00,6c,00,65,00,6c,00,20,00,61,00,72,00,62,00,\
69,00,74,00,72,00,61,00,74,00,6f,00,72,00,00,00,45,00,78,00,74,00,65,00,6e,\
00,64,00,65,00,64,00,20,00,42,00,61,00,73,00,65,00,00,00,50,00,43,00,49,00,\
20,00,43,00,6f,00,6e,00,66,00,69,00,67,00,75,00,72,00,61,00,74,00,69,00,6f,\
00,6e,00,00,00,4d,00,53,00,20,00,54,00,72,00,61,00,6e,00,73,00,61,00,63,00,\
74,00,69,00,6f,00,6e,00,73,00,00,00,00,00
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\VirtualDeviceDrivers]
; Contents of value:
; C:\PROGRA~1\Symantec\S32EVNT1.DLL
;
"VDD"=hex(7):43,00,3a,00,5c,00,50,00,52,00,4f,00,47,00,52,00,41,00,7e,00,31,00,\
5c,00,53,00,79,00,6d,00,61,00,6e,00,74,00,65,00,63,00,5c,00,53,00,33,00,32,\
00,45,00,56,00,4e,00,54,00,31,00,2e,00,44,00,4c,00,4c,00,00,00,00,00
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_CCSETMGR\0000]
"DeviceDesc"="Symantec Settings Manager"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\BackupRestore\FilesNotToBackup]
; Contents of value:
; C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsys.dll
; C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcrst.dll
;
"Symantec Core Components"=hex(7):43,00,3a,00,5c,00,50,00,72,00,6f,00,67,00,72,\
00,61,00,6d,00,20,00,46,00,69,00,6c,00,65,00,73,00,5c,00,43,00,6f,00,6d,00,\
6d,00,6f,00,6e,00,20,00,46,00,69,00,6c,00,65,00,73,00,5c,00,53,00,79,00,6d,\
00,61,00,6e,00,74,00,65,00,63,00,20,00,53,00,68,00,61,00,72,00,65,00,64,00,\
5c,00,43,00,43,00,50,00,44,00,2d,00,4c,00,43,00,5c,00,73,00,79,00,6d,00,6c,\
00,63,00,73,00,79,00,73,00,2e,00,64,00,6c,00,6c,00,00,00,43,00,3a,00,5c,00,\
50,00,72,00,6f,00,67,00,72,00,61,00,6d,00,20,00,46,00,69,00,6c,00,65,00,73,\
00,5c,00,43,00,6f,00,6d,00,6d,00,6f,00,6e,00,20,00,46,00,69,00,6c,00,65,00,\
73,00,5c,00,53,00,79,00,6d,00,61,00,6e,00,74,00,65,00,63,00,20,00,53,00,68,\
00,61,00,72,00,65,00,64,00,5c,00,43,00,43,00,50,00,44,00,2d,00,4c,00,43,00,\
5c,00,73,00,79,00,6d,00,6c,00,63,00,72,00,73,00,74,00,2e,00,64,00,6c,00,6c,\
00,00,00,00,00
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\ServiceGroupOrder]
; Contents of value:
; System Reserved
; Boot Bus Extender
; System Bus Extender
; SCSI miniport
; Port
; Primary Disk
; SCSI Class
; SCSI CDROM Class
; FSFilter Infrastructure
; FSFilter System
; FSFilter Bottom
; FSFilter Copy Protection
; FSFilter Security Enhancer
; FSFilter Open File
; FSFilter Physical Quota Management
; FSFilter Encryption
; FSFilter Compression
; FSFilter HSM
; FSFilter Cluster File System
; FSFilter System Recovery
; FSFilter Quota Management
; FSFilter Content Screener
; FSFilter Continuous Backup
; FSFilter Replication
; FSFilter Anti-Virus
; FSFilter Undelete
; FSFilter Activity Monitor
; FSFilter Top
; Filter
; Boot File System
; Base
; Pointer Port
; Keyboard Port
; Pointer Class
; Keyboard Class
; Video Init
; Video
; Video Save
; File System
; Event Log
; Streams Drivers
; NDIS Wrapper
; COM Infrastructure
; UIGroup
; LocalValidation
; PlugPlay
; PNP_TDI
; NDIS
; TDI
; Symantec Core Services
; Symantec Services
; NetBIOSGroup
; ShellSvcGroup
; SchedulerGroup
; SpoolerGroup
; AudioGroup
; SmartCardGroup
; NetworkProvider
; RemoteValidation
; NetDDEGroup
; Parallel arbitrator
; Extended Base
; PCI Configuration
; MS Transactions
;
"List"=hex(7):53,00,79,00,73,00,74,00,65,00,6d,00,20,00,52,00,65,00,73,00,65,\
00,72,00,76,00,65,00,64,00,00,00,42,00,6f,00,6f,00,74,00,20,00,42,00,75,00,\
73,00,20,00,45,00,78,00,74,00,65,00,6e,00,64,00,65,00,72,00,00,00,53,00,79,\
00,73,00,74,00,65,00,6d,00,20,00,42,00,75,00,73,00,20,00,45,00,78,00,74,00,\
65,00,6e,00,64,00,65,00,72,00,00,00,53,00,43,00,53,00,49,00,20,00,6d,00,69,\
00,6e,00,69,00,70,00,6f,00,72,00,74,00,00,00,50,00,6f,00,72,00,74,00,00,00,\
50,00,72,00,69,00,6d,00,61,00,72,00,79,00,20,00,44,00,69,00,73,00,6b,00,00,\
00,53,00,43,00,53,00,49,00,20,00,43,00,6c,00,61,00,73,00,73,00,00,00,53,00,\
43,00,53,00,49,00,20,00,43,00,44,00,52,00,4f,00,4d,00,20,00,43,00,6c,00,61,\
00,73,00,73,00,00,00,46,00,53,00,46,00,69,00,6c,00,74,00,65,00,72,00,20,00,\
49,00,6e,00,66,00,72,00,61,00,73,00,74,00,72,00,75,00,63,00,74,00,75,00,72,\
00,65,00,00,00,46,00,53,00,46,00,69,00,6c,00,74,00,65,00,72,00,20,00,53,00,\
79,00,73,00,74,00,65,00,6d,00,00,00,46,00,53,00,46,00,69,00,6c,00,74,00,65,\
00,72,00,20,00,42,00,6f,00,74,00,74,00,6f,00,6d,00,00,00,46,00,53,00,46,00,\
69,00,6c,00,74,00,65,00,72,00,20,00,43,00,6f,00,70,00,79,00,20,00,50,00,72,\
00,6f,00,74,00,65,00,63,00,74,00,69,00,6f,00,6e,00,00,00,46,00,53,00,46,00,\
69,00,6c,00,74,00,65,00,72,00,20,00,53,00,65,00,63,00,75,00,72,00,69,00,74,\
00,79,00,20,00,45,00,6e,00,68,00,61,00,6e,00,63,00,65,00,72,00,00,00,46,00,\
53,00,46,00,69,00,6c,00,74,00,65,00,72,00,20,00,4f,00,70,00,65,00,6e,00,20,\
00,46,00,69,00,6c,00,65,00,00,00,46,00,53,00,46,00,69,00,6c,00,74,00,65,00,\
72,00,20,00,50,00,68,00,79,00,73,00,69,00,63,00,61,00,6c,00,20,00,51,00,75,\
00,6f,00,74,00,61,00,20,00,4d,00,61,00,6e,00,61,00,67,00,65,00,6d,00,65,00,\
6e,00,74,00,00,00,46,00,53,00,46,00,69,00,6c,00,74,00,65,00,72,00,20,00,45,\
00,6e,00,63,00,72,00,79,00,70,00,74,00,69,00,6f,00,6e,00,00,00,46,00,53,00,\
46,00,69,00,6c,00,74,00,65,00,72,00,20,00,43,00,6f,00,6d,00,70,00,72,00,65,\
00,73,00,73,00,69,00,6f,00,6e,00,00,00,46,00,53,00,46,00,69,00,6c,00,74,00,\
65,00,72,00,20,00,48,00,53,00,4d,00,00,00,46,00,53,00,46,00,69,00,6c,00,74,\
00,65,00,72,00,20,00,43,00,6c,00,75,00,73,00,74,00,65,00,72,00,20,00,46,00,\
69,00,6c,00,65,00,20,00,53,00,79,00,73,00,74,00,65,00,6d,00,00,00,46,00,53,\
00,46,00,69,00,6c,00,74,00,65,00,72,00,20,00,53,00,79,00,73,00,74,00,65,00,\
6d,00,20,00,52,00,65,00,63,00,6f,00,76,00,65,00,72,00,79,00,00,00,46,00,53,\
00,46,00,69,00,6c,00,74,00,65,00,72,00,20,00,51,00,75,00,6f,00,74,00,61,00,\
20,00,4d,00,61,00,6e,00,61,00,67,00,65,00,6d,00,65,00,6e,00,74,00,00,00,46,\
00,53,00,46,00,69,00,6c,00,74,00,65,00,72,00,20,00,43,00,6f,00,6e,00,74,00,\
65,00,6e,00,74,00,20,00,53,00,63,00,72,00,65,00,65,00,6e,00,65,00,72,00,00,\
00,46,00,53,00,46,00,69,00,6c,00,74,00,65,00,72,00,20,00,43,00,6f,00,6e,00,\
74,00,69,00,6e,00,75,00,6f,00,75,00,73,00,20,00,42,00,61,00,63,00,6b,00,75,\
00,70,00,00,00,46,00,53,00,46,00,69,00,6c,00,74,00,65,00,72,00,20,00,52,00,\
65,00,70,00,6c,00,69,00,63,00,61,00,74,00,69,00,6f,00,6e,00,00,00,46,00,53,\
00,46,00,69,00,6c,00,74,00,65,00,72,00,20,00,41,00,6e,00,74,00,69,00,2d,00,\
56,00,69,00,72,00,75,00,73,00,00,00,46,00,53,00,46,00,69,00,6c,00,74,00,65,\
00,72,00,20,00,55,00,6e,00,64,00,65,00,6c,00,65,00,74,00,65,00,00,00,46,00,\
53,00,46,00,69,00,6c,00,74,00,65,00,72,00,20,00,41,00,63,00,74,00,69,00,76,\
00,69,00,74,00,79,00,20,00,4d,00,6f,00,6e,00,69,00,74,00,6f,00,72,00,00,00,\
46,00,53,00,46,00,69,00,6c,00,74,00,65,00,72,00,20,00,54,00,6f,00,70,00,00,\
00,46,00,69,00,6c,00,74,00,65,00,72,00,00,00,42,00,6f,00,6f,00,74,00,20,00,\
46,00,69,00,6c,00,65,00,20,00,53,00,79,00,73,00,74,00,65,00,6d,00,00,00,42,\
00,61,00,73,00,65,00,00,00,50,00,6f,00,69,00,6e,00,74,00,65,00,72,00,20,00,\
50,00,6f,00,72,00,74,00,00,00,4b,00,65,00,79,00,62,00,6f,00,61,00,72,00,64,\
00,20,00,50,00,6f,00,72,00,74,00,00,00,50,00,6f,00,69,00,6e,00,74,00,65,00,\
72,00,20,00,43,00,6c,00,61,00,73,00,73,00,00,00,4b,00,65,00,79,00,62,00,6f,\
00,61,00,72,00,64,00,20,00,43,00,6c,00,61,00,73,00,73,00,00,00,56,00,69,00,\
64,00,65,00,6f,00,20,00,49,00,6e,00,69,00,74,00,00,00,56,00,69,00,64,00,65,\
00,6f,00,00,00,56,00,69,00,64,00,65,00,6f,00,20,00,53,00,61,00,76,00,65,00,\
00,00,46,00,69,00,6c,00,65,00,20,00,53,00,79,00,73,00,74,00,65,00,6d,00,00,\
00,45,00,76,00,65,00,6e,00,74,00,20,00,4c,00,6f,00,67,00,00,00,53,00,74,00,\
72,00,65,00,61,00,6d,00,73,00,20,00,44,00,72,00,69,00,76,00,65,00,72,00,73,\
00,00,00,4e,00,44,00,49,00,53,00,20,00,57,00,72,00,61,00,70,00,70,00,65,00,\
72,00,00,00,43,00,4f,00,4d,00,20,00,49,00,6e,00,66,00,72,00,61,00,73,00,74,\
00,72,00,75,00,63,00,74,00,75,00,72,00,65,00,00,00,55,00,49,00,47,00,72,00,\
6f,00,75,00,70,00,00,00,4c,00,6f,00,63,00,61,00,6c,00,56,00,61,00,6c,00,69,\
00,64,00,61,00,74,00,69,00,6f,00,6e,00,00,00,50,00,6c,00,75,00,67,00,50,00,\
6c,00,61,00,79,00,00,00,50,00,4e,00,50,00,5f,00,54,00,44,00,49,00,00,00,4e,\
00,44,00,49,00,53,00,00,00,54,00,44,00,49,00,00,00,53,00,79,00,6d,00,61,00,\
6e,00,74,00,65,00,63,00,20,00,43,00,6f,00,72,00,65,00,20,00,53,00,65,00,72,\
00,76,00,69,00,63,00,65,00,73,00,00,00,53,00,79,00,6d,00,61,00,6e,00,74,00,\
65,00,63,00,20,00,53,00,65,00,72,00,76,00,69,00,63,00,65,00,73,00,00,00,4e,\
00,65,00,74,00,42,00,49,00,4f,00,53,00,47,00,72,00,6f,00,75,00,70,00,00,00,\
53,00,68,00,65,00,6c,00,6c,00,53,00,76,00,63,00,47,00,72,00,6f,00,75,00,70,\
00,00,00,53,00,63,00,68,00,65,00,64,00,75,00,6c,00,65,00,72,00,47,00,72,00,\
6f,00,75,00,70,00,00,00,53,00,70,00,6f,00,6f,00,6c,00,65,00,72,00,47,00,72,\
00,6f,00,75,00,70,00,00,00,41,00,75,00,64,00,69,00,6f,00,47,00,72,00,6f,00,\
75,00,70,00,00,00,53,00,6d,00,61,00,72,00,74,00,43,00,61,00,72,00,64,00,47,\
00,72,00,6f,00,75,00,70,00,00,00,4e,00,65,00,74,00,77,00,6f,00,72,00,6b,00,\
50,00,72,00,6f,00,76,00,69,00,64,00,65,00,72,00,00,00,52,00,65,00,6d,00,6f,\
00,74,00,65,00,56,00,61,00,6c,00,69,00,64,00,61,00,74,00,69,00,6f,00,6e,00,\
00,00,4e,00,65,00,74,00,44,00,44,00,45,00,47,00,72,00,6f,00,75,00,70,00,00,\
00,50,00,61,00,72,00,61,00,6c,00,6c,00,65,00,6c,00,20,00,61,00,72,00,62,00,\
69,00,74,00,72,00,61,00,74,00,6f,00,72,00,00,00,45,00,78,00,74,00,65,00,6e,\
00,64,00,65,00,64,00,20,00,42,00,61,00,73,00,65,00,00,00,50,00,43,00,49,00,\
20,00,43,00,6f,00,6e,00,66,00,69,00,67,00,75,00,72,00,61,00,74,00,69,00,6f,\
00,6e,00,00,00,4d,00,53,00,20,00,54,00,72,00,61,00,6e,00,73,00,61,00,63,00,\
74,00,69,00,6f,00,6e,00,73,00,00,00,00,00
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\VirtualDeviceDrivers]
; Contents of value:
; C:\PROGRA~1\Symantec\S32EVNT1.DLL
;
"VDD"=hex(7):43,00,3a,00,5c,00,50,00,52,00,4f,00,47,00,52,00,41,00,7e,00,31,00,\
5c,00,53,00,79,00,6d,00,61,00,6e,00,74,00,65,00,63,00,5c,00,53,00,33,00,32,\
00,45,00,56,00,4e,00,54,00,31,00,2e,00,44,00,4c,00,4c,00,00,00,00,00
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CCSETMGR\0000]
"DeviceDesc"="Symantec Settings Manager"
[HKEY_CURRENT_USER\Software\Microsoft\Search Assistant\ACMru\5603]
"000"="symantec"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\ShellNoRoam\MUICache]
"C:\\Program Files\\Common Files\\Symantec Shared\\SymSetup\\{830D8CBD-C668-49e2-A969-C2C2106332E0}_14_0_0_89\\{830D8CBD-C668-49e2-A969-C2C2106332E0}.exe"="Norton AntiVirus NAVSetup"
"C:\\DOCUME~1\\ADMINI~1\\LOCALS~1\\Temp\\WZSE0.TMP\\SymNRT.exe"="Symantec Removal Utility"
; End Of The Log...
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:24, on 2008-02-09
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\WIDCOMM\Bluetooth-ohjelmisto\bin\btwdins.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\GtFlashSwitch\GtFlashSwitch.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\mqsvc.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\WINDOWS\system32\mqtgsvc.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\WIDCOMM\Bluetooth-ohjelmisto\BTTray.exe
C:\Program Files\Option\GlobeTrotter Connect\GlobeTrotter Connect.exe
C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [MsmqIntCert] regsvr32 /s mqrt.dll
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] CHDAudPropShortcut.exe
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Paikallinen palve')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Verkkopalve')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: GlobeTrotter Connect.lnk = C:\Program Files\Option\GlobeTrotter Connect\GlobeTrotter Connect.exe
O8 - Extra context menu item: Download all links using BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: Download all videos using BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: Download link using &BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\WINDOWS\system32\shdocvw.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by115fd.bay115.hotmail.msn.com/resources/MsnPUpld.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: AddFiltr - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth-ohjelmisto\bin\btwdins.exe
O23 - Service: GtFlashSwitch - OptionNV - C:\Program Files\Common Files\GtFlashSwitch\GtFlashSwitch.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - c:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod-palvelu (iPod Service) - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing)
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
--
End of file - 6768 bytes - axa.doe
aatu kirjoitti:
Windows Registry Editor Version 5.00
; Registry Search 2.0 by Bobbi Flekman © 2005
; Version: 2.0.5.0
; Results at 2008-02-09 14:16:05 for strings:
; 'symantec'
; Strings excluded from search:
; (None)
; Search in:
; Registry Keys Registry Values Registry Data
; HKEY_LOCAL_MACHINE HKEY_USERS
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{E39D1C81-7E76-4d84-9F25-E2CC76EC050B}]
"LocalService"="Symantec Core LC"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{60C70E11-2B08-4798-B366-C8450CDA7B1A}\LocalServer32]
@="C:\\Program Files\\Common Files\\Symantec Shared\\CCPD-LC\\symlcsvc.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{54635C92-DFAF-4A99-8802-92FB068A6154}\1.0]
@="Symantec Core LC Type Library"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{54635C92-DFAF-4A99-8802-92FB068A6154}\1.0\0\win32]
@="C:\\Program Files\\Common Files\\Symantec Shared\\CCPD-LC\\symlcsvc.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{54635C92-DFAF-4A99-8802-92FB068A6154}\1.0\HELPDIR]
@="C:\\Program Files\\Common Files\\Symantec Shared\\CCPD-LC\\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"c:\\Documents and Settings\\All Users\\Application Data\\Symantec\\Common Client\\"="1"
"C:\\Program Files\\Common Files\\Symantec Shared\\MSL\\"=""
"C:\\Documents and Settings\\All Users\\Application Data\\Symantec\\SubEng\\Temp\\"="1"
"C:\\Documents and Settings\\All Users\\Application Data\\Symantec\\SubEng\\"="1"
"C:\\Program Files\\Common Files\\Symantec Shared\\CF\\Manifests\\"=""
"C:\\Program Files\\Common Files\\Symantec Shared\\CF\\"=""
"C:\\Program Files\\Common Files\\Symantec Shared\\Options\\"=""
"C:\\Program Files\\Common Files\\Symantec Shared\\SecurityHistory\\"=""
"C:\\Program Files\\Common Files\\Symantec Shared\\SubmissionEngine\\"=""
"C:\\Program Files\\Common Files\\Symantec Shared\\NPC\\"="1"
"C:\\Program Files\\Common Files\\Symantec Shared\\SymTheme\\"="1"
"C:\\Program Files\\Common Files\\Symantec Shared\\SymTheme\\1.0\\"=""
"C:\\Program Files\\Common Files\\Symantec Shared\\SymHTML\\1.0\\"=""
"C:\\Program Files\\Common Files\\Symantec Shared\\SymHTML\\"=""
"C:\\Program Files\\Common Files\\Symantec Shared\\OPC\\{31011D49-D90C-4da0-878B-78D28AD507AF}\\"=""
"C:\\Program Files\\Common Files\\Symantec Shared\\OPC\\"=""
"C:\\Program Files\\Common Files\\Symantec Shared\\IDS\\"="1"
"C:\\Documents and Settings\\All Users\\Application Data\\Symantec\\IDS\\"="1"
"C:\\Program Files\\Common Files\\Symantec Shared\\AppCore\\"=""
"C:\\Program Files\\Common Files\\Symantec Shared\\COH\\"="1"
"C:\\Documents and Settings\\All Users\\Application Data\\Symantec\\Shared\\QBackup\\"="1"
"C:\\Documents and Settings\\All Users\\Application Data\\Symantec\\Shared\\"="1"
"C:\\Documents and Settings\\All Users\\Application Data\\Symantec\\SyKnAppS\\Freezer\\"="1"
"C:\\Documents and Settings\\All Users\\Application Data\\Symantec\\SyKnAppS\\"="1"
"C:\\Documents and Settings\\All Users\\Application Data\\Symantec\\SyKnAppS\\LiveUpdate\\"="1"
"C:\\Documents and Settings\\All Users\\Application Data\\Symantec\\SyKnAppS\\Updates\\"="1"
"C:\\Program Files\\Common Files\\Symantec Shared\\AntiVirus\\"=""
"C:\\Documents and Settings\\All Users\\Application Data\\Symantec\\SRTSP\\SrtETmp\\"="1"
"C:\\Documents and Settings\\All Users\\Application Data\\Symantec\\SRTSP\\"="1"
"C:\\Program Files\\Common Files\\Symantec Shared\\SRTSP\\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1320AC6CA3C6BE348BCCF3A944187592]
"00000000000000000000000000000000"="C:\\Program Files\\Common Files\\Symantec Shared\\SymTheme\\1.0\\SymTheme.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\37CD63D80A9C6E94FB16F99570330B3E]
"00000000000000000000000000000000"="C:\\Program Files\\Common Files\\Symantec Shared\\SymHTML\\1.0\\SymHTML.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\624FFDC2268AC6C4A9E6BC5926E5A098]
"00000000000000000000000000000000"="C:\\Program Files\\Common Files\\Symantec Shared\\ccL60.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B2B10810A354175489D0CE7F0B77DEF4]
"00000000000000000000000000000000"="C:\\Program Files\\Common Files\\Symantec Shared\\ccL60U.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Symantec]
[HKEY_LOCAL_MACHINE\SOFTWARE\Symantec\CCPD-LC]
[HKEY_LOCAL_MACHINE\SOFTWARE\Symantec\CCPD-LC\KStore]
[HKEY_LOCAL_MACHINE\SOFTWARE\Symantec\CCPD-LC\KStore\00000082]
[HKEY_LOCAL_MACHINE\SOFTWARE\Symantec\CCPD-LC\KStore\00000082\0000001f]
[HKEY_LOCAL_MACHINE\SOFTWARE\Symantec\CCPD-LC\KStore\00000082\0000001f\0000005e]
[HKEY_LOCAL_MACHINE\SOFTWARE\Symantec\CCPD-LC\KStore\00000082\00000046]
[HKEY_LOCAL_MACHINE\SOFTWARE\Symantec\CCPD-LC\KStore\00000082\00000046\000000b5]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\BackupRestore\FilesNotToBackup]
; Contents of value:
; C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsys.dll
; C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcrst.dll
;
"Symantec Core Components"=hex(7):43,00,3a,00,5c,00,50,00,72,00,6f,00,67,00,72,\
00,61,00,6d,00,20,00,46,00,69,00,6c,00,65,00,73,00,5c,00,43,00,6f,00,6d,00,\
6d,00,6f,00,6e,00,20,00,46,00,69,00,6c,00,65,00,73,00,5c,00,53,00,79,00,6d,\
00,61,00,6e,00,74,00,65,00,63,00,20,00,53,00,68,00,61,00,72,00,65,00,64,00,\
5c,00,43,00,43,00,50,00,44,00,2d,00,4c,00,43,00,5c,00,73,00,79,00,6d,00,6c,\
00,63,00,73,00,79,00,73,00,2e,00,64,00,6c,00,6c,00,00,00,43,00,3a,00,5c,00,\
50,00,72,00,6f,00,67,00,72,00,61,00,6d,00,20,00,46,00,69,00,6c,00,65,00,73,\
00,5c,00,43,00,6f,00,6d,00,6d,00,6f,00,6e,00,20,00,46,00,69,00,6c,00,65,00,\
73,00,5c,00,53,00,79,00,6d,00,61,00,6e,00,74,00,65,00,63,00,20,00,53,00,68,\
00,61,00,72,00,65,00,64,00,5c,00,43,00,43,00,50,00,44,00,2d,00,4c,00,43,00,\
5c,00,73,00,79,00,6d,00,6c,00,63,00,72,00,73,00,74,00,2e,00,64,00,6c,00,6c,\
00,00,00,00,00
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\ServiceGroupOrder]
; Contents of value:
; System Reserved
; Boot Bus Extender
; System Bus Extender
; SCSI miniport
; Port
; Primary Disk
; SCSI Class
; SCSI CDROM Class
; FSFilter Infrastructure
; FSFilter System
; FSFilter Bottom
; FSFilter Copy Protection
; FSFilter Security Enhancer
; FSFilter Open File
; FSFilter Physical Quota Management
; FSFilter Encryption
; FSFilter Compression
; FSFilter HSM
; FSFilter Cluster File System
; FSFilter System Recovery
; FSFilter Quota Management
; FSFilter Content Screener
; FSFilter Continuous Backup
; FSFilter Replication
; FSFilter Anti-Virus
; FSFilter Undelete
; FSFilter Activity Monitor
; FSFilter Top
; Filter
; Boot File System
; Base
; Pointer Port
; Keyboard Port
; Pointer Class
; Keyboard Class
; Video Init
; Video
; Video Save
; File System
; Event Log
; Streams Drivers
; NDIS Wrapper
; COM Infrastructure
; UIGroup
; LocalValidation
; PlugPlay
; PNP_TDI
; NDIS
; TDI
; Symantec Core Services
; Symantec Services
; NetBIOSGroup
; ShellSvcGroup
; SchedulerGroup
; SpoolerGroup
; AudioGroup
; SmartCardGroup
; NetworkProvider
; RemoteValidation
; NetDDEGroup
; Parallel arbitrator
; Extended Base
; PCI Configuration
; MS Transactions
;
"List"=hex(7):53,00,79,00,73,00,74,00,65,00,6d,00,20,00,52,00,65,00,73,00,65,\
00,72,00,76,00,65,00,64,00,00,00,42,00,6f,00,6f,00,74,00,20,00,42,00,75,00,\
73,00,20,00,45,00,78,00,74,00,65,00,6e,00,64,00,65,00,72,00,00,00,53,00,79,\
00,73,00,74,00,65,00,6d,00,20,00,42,00,75,00,73,00,20,00,45,00,78,00,74,00,\
65,00,6e,00,64,00,65,00,72,00,00,00,53,00,43,00,53,00,49,00,20,00,6d,00,69,\
00,6e,00,69,00,70,00,6f,00,72,00,74,00,00,00,50,00,6f,00,72,00,74,00,00,00,\
50,00,72,00,69,00,6d,00,61,00,72,00,79,00,20,00,44,00,69,00,73,00,6b,00,00,\
00,53,00,43,00,53,00,49,00,20,00,43,00,6c,00,61,00,73,00,73,00,00,00,53,00,\
43,00,53,00,49,00,20,00,43,00,44,00,52,00,4f,00,4d,00,20,00,43,00,6c,00,61,\
00,73,00,73,00,00,00,46,00,53,00,46,00,69,00,6c,00,74,00,65,00,72,00,20,00,\
49,00,6e,00,66,00,72,00,61,00,73,00,74,00,72,00,75,00,63,00,74,00,75,00,72,\
00,65,00,00,00,46,00,53,00,46,00,69,00,6c,00,74,00,65,00,72,00,20,00,53,00,\
79,00,73,00,74,00,65,00,6d,00,00,00,46,00,53,00,46,00,69,00,6c,00,74,00,65,\
00,72,00,20,00,42,00,6f,00,74,00,74,00,6f,00,6d,00,00,00,46,00,53,00,46,00,\
69,00,6c,00,74,00,65,00,72,00,20,00,43,00,6f,00,70,00,79,00,20,00,50,00,72,\
00,6f,00,74,00,65,00,63,00,74,00,69,00,6f,00,6e,00,00,00,46,00,53,00,46,00,\
69,00,6c,00,74,00,65,00,72,00,20,00,53,00,65,00,63,00,75,00,72,00,69,00,74,\
00,79,00,20,00,45,00,6e,00,68,00,61,00,6e,00,63,00,65,00,72,00,00,00,46,00,\
53,00,46,00,69,00,6c,00,74,00,65,00,72,00,20,00,4f,00,70,00,65,00,6e,00,20,\
00,46,00,69,00,6c,00,65,00,00,00,46,00,53,00,46,00,69,00,6c,00,74,00,65,00,\
72,00,20,00,50,00,68,00,79,00,73,00,69,00,63,00,61,00,6c,00,20,00,51,00,75,\
00,6f,00,74,00,61,00,20,00,4d,00,61,00,6e,00,61,00,67,00,65,00,6d,00,65,00,\
6e,00,74,00,00,00,46,00,53,00,46,00,69,00,6c,00,74,00,65,00,72,00,20,00,45,\
00,6e,00,63,00,72,00,79,00,70,00,74,00,69,00,6f,00,6e,00,00,00,46,00,53,00,\
46,00,69,00,6c,00,74,00,65,00,72,00,20,00,43,00,6f,00,6d,00,70,00,72,00,65,\
00,73,00,73,00,69,00,6f,00,6e,00,00,00,46,00,53,00,46,00,69,00,6c,00,74,00,\
65,00,72,00,20,00,48,00,53,00,4d,00,00,00,46,00,53,00,46,00,69,00,6c,00,74,\
00,65,00,72,00,20,00,43,00,6c,00,75,00,73,00,74,00,65,00,72,00,20,00,46,00,\
69,00,6c,00,65,00,20,00,53,00,79,00,73,00,74,00,65,00,6d,00,00,00,46,00,53,\
00,46,00,69,00,6c,00,74,00,65,00,72,00,20,00,53,00,79,00,73,00,74,00,65,00,\
6d,00,20,00,52,00,65,00,63,00,6f,00,76,00,65,00,72,00,79,00,00,00,46,00,53,\
00,46,00,69,00,6c,00,74,00,65,00,72,00,20,00,51,00,75,00,6f,00,74,00,61,00,\
20,00,4d,00,61,00,6e,00,61,00,67,00,65,00,6d,00,65,00,6e,00,74,00,00,00,46,\
00,53,00,46,00,69,00,6c,00,74,00,65,00,72,00,20,00,43,00,6f,00,6e,00,74,00,\
65,00,6e,00,74,00,20,00,53,00,63,00,72,00,65,00,65,00,6e,00,65,00,72,00,00,\
00,46,00,53,00,46,00,69,00,6c,00,74,00,65,00,72,00,20,00,43,00,6f,00,6e,00,\
74,00,69,00,6e,00,75,00,6f,00,75,00,73,00,20,00,42,00,61,00,63,00,6b,00,75,\
00,70,00,00,00,46,00,53,00,46,00,69,00,6c,00,74,00,65,00,72,00,20,00,52,00,\
65,00,70,00,6c,00,69,00,63,00,61,00,74,00,69,00,6f,00,6e,00,00,00,46,00,53,\
00,46,00,69,00,6c,00,74,00,65,00,72,00,20,00,41,00,6e,00,74,00,69,00,2d,00,\
56,00,69,00,72,00,75,00,73,00,00,00,46,00,53,00,46,00,69,00,6c,00,74,00,65,\
00,72,00,20,00,55,00,6e,00,64,00,65,00,6c,00,65,00,74,00,65,00,00,00,46,00,\
53,00,46,00,69,00,6c,00,74,00,65,00,72,00,20,00,41,00,63,00,74,00,69,00,76,\
00,69,00,74,00,79,00,20,00,4d,00,6f,00,6e,00,69,00,74,00,6f,00,72,00,00,00,\
46,00,53,00,46,00,69,00,6c,00,74,00,65,00,72,00,20,00,54,00,6f,00,70,00,00,\
00,46,00,69,00,6c,00,74,00,65,00,72,00,00,00,42,00,6f,00,6f,00,74,00,20,00,\
46,00,69,00,6c,00,65,00,20,00,53,00,79,00,73,00,74,00,65,00,6d,00,00,00,42,\
00,61,00,73,00,65,00,00,00,50,00,6f,00,69,00,6e,00,74,00,65,00,72,00,20,00,\
50,00,6f,00,72,00,74,00,00,00,4b,00,65,00,79,00,62,00,6f,00,61,00,72,00,64,\
00,20,00,50,00,6f,00,72,00,74,00,00,00,50,00,6f,00,69,00,6e,00,74,00,65,00,\
72,00,20,00,43,00,6c,00,61,00,73,00,73,00,00,00,4b,00,65,00,79,00,62,00,6f,\
00,61,00,72,00,64,00,20,00,43,00,6c,00,61,00,73,00,73,00,00,00,56,00,69,00,\
64,00,65,00,6f,00,20,00,49,00,6e,00,69,00,74,00,00,00,56,00,69,00,64,00,65,\
00,6f,00,00,00,56,00,69,00,64,00,65,00,6f,00,20,00,53,00,61,00,76,00,65,00,\
00,00,46,00,69,00,6c,00,65,00,20,00,53,00,79,00,73,00,74,00,65,00,6d,00,00,\
00,45,00,76,00,65,00,6e,00,74,00,20,00,4c,00,6f,00,67,00,00,00,53,00,74,00,\
72,00,65,00,61,00,6d,00,73,00,20,00,44,00,72,00,69,00,76,00,65,00,72,00,73,\
00,00,00,4e,00,44,00,49,00,53,00,20,00,57,00,72,00,61,00,70,00,70,00,65,00,\
72,00,00,00,43,00,4f,00,4d,00,20,00,49,00,6e,00,66,00,72,00,61,00,73,00,74,\
00,72,00,75,00,63,00,74,00,75,00,72,00,65,00,00,00,55,00,49,00,47,00,72,00,\
6f,00,75,00,70,00,00,00,4c,00,6f,00,63,00,61,00,6c,00,56,00,61,00,6c,00,69,\
00,64,00,61,00,74,00,69,00,6f,00,6e,00,00,00,50,00,6c,00,75,00,67,00,50,00,\
6c,00,61,00,79,00,00,00,50,00,4e,00,50,00,5f,00,54,00,44,00,49,00,00,00,4e,\
00,44,00,49,00,53,00,00,00,54,00,44,00,49,00,00,00,53,00,79,00,6d,00,61,00,\
6e,00,74,00,65,00,63,00,20,00,43,00,6f,00,72,00,65,00,20,00,53,00,65,00,72,\
00,76,00,69,00,63,00,65,00,73,00,00,00,53,00,79,00,6d,00,61,00,6e,00,74,00,\
65,00,63,00,20,00,53,00,65,00,72,00,76,00,69,00,63,00,65,00,73,00,00,00,4e,\
00,65,00,74,00,42,00,49,00,4f,00,53,00,47,00,72,00,6f,00,75,00,70,00,00,00,\
53,00,68,00,65,00,6c,00,6c,00,53,00,76,00,63,00,47,00,72,00,6f,00,75,00,70,\
00,00,00,53,00,63,00,68,00,65,00,64,00,75,00,6c,00,65,00,72,00,47,00,72,00,\
6f,00,75,00,70,00,00,00,53,00,70,00,6f,00,6f,00,6c,00,65,00,72,00,47,00,72,\
00,6f,00,75,00,70,00,00,00,41,00,75,00,64,00,69,00,6f,00,47,00,72,00,6f,00,\
75,00,70,00,00,00,53,00,6d,00,61,00,72,00,74,00,43,00,61,00,72,00,64,00,47,\
00,72,00,6f,00,75,00,70,00,00,00,4e,00,65,00,74,00,77,00,6f,00,72,00,6b,00,\
50,00,72,00,6f,00,76,00,69,00,64,00,65,00,72,00,00,00,52,00,65,00,6d,00,6f,\
00,74,00,65,00,56,00,61,00,6c,00,69,00,64,00,61,00,74,00,69,00,6f,00,6e,00,\
00,00,4e,00,65,00,74,00,44,00,44,00,45,00,47,00,72,00,6f,00,75,00,70,00,00,\
00,50,00,61,00,72,00,61,00,6c,00,6c,00,65,00,6c,00,20,00,61,00,72,00,62,00,\
69,00,74,00,72,00,61,00,74,00,6f,00,72,00,00,00,45,00,78,00,74,00,65,00,6e,\
00,64,00,65,00,64,00,20,00,42,00,61,00,73,00,65,00,00,00,50,00,43,00,49,00,\
20,00,43,00,6f,00,6e,00,66,00,69,00,67,00,75,00,72,00,61,00,74,00,69,00,6f,\
00,6e,00,00,00,4d,00,53,00,20,00,54,00,72,00,61,00,6e,00,73,00,61,00,63,00,\
74,00,69,00,6f,00,6e,00,73,00,00,00,00,00
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\VirtualDeviceDrivers]
; Contents of value:
; C:\PROGRA~1\Symantec\S32EVNT1.DLL
;
"VDD"=hex(7):43,00,3a,00,5c,00,50,00,52,00,4f,00,47,00,52,00,41,00,7e,00,31,00,\
5c,00,53,00,79,00,6d,00,61,00,6e,00,74,00,65,00,63,00,5c,00,53,00,33,00,32,\
00,45,00,56,00,4e,00,54,00,31,00,2e,00,44,00,4c,00,4c,00,00,00,00,00
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_CCSETMGR\0000]
"DeviceDesc"="Symantec Settings Manager"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\BackupRestore\FilesNotToBackup]
; Contents of value:
; C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsys.dll
; C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcrst.dll
;
"Symantec Core Components"=hex(7):43,00,3a,00,5c,00,50,00,72,00,6f,00,67,00,72,\
00,61,00,6d,00,20,00,46,00,69,00,6c,00,65,00,73,00,5c,00,43,00,6f,00,6d,00,\
6d,00,6f,00,6e,00,20,00,46,00,69,00,6c,00,65,00,73,00,5c,00,53,00,79,00,6d,\
00,61,00,6e,00,74,00,65,00,63,00,20,00,53,00,68,00,61,00,72,00,65,00,64,00,\
5c,00,43,00,43,00,50,00,44,00,2d,00,4c,00,43,00,5c,00,73,00,79,00,6d,00,6c,\
00,63,00,73,00,79,00,73,00,2e,00,64,00,6c,00,6c,00,00,00,43,00,3a,00,5c,00,\
50,00,72,00,6f,00,67,00,72,00,61,00,6d,00,20,00,46,00,69,00,6c,00,65,00,73,\
00,5c,00,43,00,6f,00,6d,00,6d,00,6f,00,6e,00,20,00,46,00,69,00,6c,00,65,00,\
73,00,5c,00,53,00,79,00,6d,00,61,00,6e,00,74,00,65,00,63,00,20,00,53,00,68,\
00,61,00,72,00,65,00,64,00,5c,00,43,00,43,00,50,00,44,00,2d,00,4c,00,43,00,\
5c,00,73,00,79,00,6d,00,6c,00,63,00,72,00,73,00,74,00,2e,00,64,00,6c,00,6c,\
00,00,00,00,00
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\ServiceGroupOrder]
; Contents of value:
; System Reserved
; Boot Bus Extender
; System Bus Extender
; SCSI miniport
; Port
; Primary Disk
; SCSI Class
; SCSI CDROM Class
; FSFilter Infrastructure
; FSFilter System
; FSFilter Bottom
; FSFilter Copy Protection
; FSFilter Security Enhancer
; FSFilter Open File
; FSFilter Physical Quota Management
; FSFilter Encryption
; FSFilter Compression
; FSFilter HSM
; FSFilter Cluster File System
; FSFilter System Recovery
; FSFilter Quota Management
; FSFilter Content Screener
; FSFilter Continuous Backup
; FSFilter Replication
; FSFilter Anti-Virus
; FSFilter Undelete
; FSFilter Activity Monitor
; FSFilter Top
; Filter
; Boot File System
; Base
; Pointer Port
; Keyboard Port
; Pointer Class
; Keyboard Class
; Video Init
; Video
; Video Save
; File System
; Event Log
; Streams Drivers
; NDIS Wrapper
; COM Infrastructure
; UIGroup
; LocalValidation
; PlugPlay
; PNP_TDI
; NDIS
; TDI
; Symantec Core Services
; Symantec Services
; NetBIOSGroup
; ShellSvcGroup
; SchedulerGroup
; SpoolerGroup
; AudioGroup
; SmartCardGroup
; NetworkProvider
; RemoteValidation
; NetDDEGroup
; Parallel arbitrator
; Extended Base
; PCI Configuration
; MS Transactions
;
"List"=hex(7):53,00,79,00,73,00,74,00,65,00,6d,00,20,00,52,00,65,00,73,00,65,\
00,72,00,76,00,65,00,64,00,00,00,42,00,6f,00,6f,00,74,00,20,00,42,00,75,00,\
73,00,20,00,45,00,78,00,74,00,65,00,6e,00,64,00,65,00,72,00,00,00,53,00,79,\
00,73,00,74,00,65,00,6d,00,20,00,42,00,75,00,73,00,20,00,45,00,78,00,74,00,\
65,00,6e,00,64,00,65,00,72,00,00,00,53,00,43,00,53,00,49,00,20,00,6d,00,69,\
00,6e,00,69,00,70,00,6f,00,72,00,74,00,00,00,50,00,6f,00,72,00,74,00,00,00,\
50,00,72,00,69,00,6d,00,61,00,72,00,79,00,20,00,44,00,69,00,73,00,6b,00,00,\
00,53,00,43,00,53,00,49,00,20,00,43,00,6c,00,61,00,73,00,73,00,00,00,53,00,\
43,00,53,00,49,00,20,00,43,00,44,00,52,00,4f,00,4d,00,20,00,43,00,6c,00,61,\
00,73,00,73,00,00,00,46,00,53,00,46,00,69,00,6c,00,74,00,65,00,72,00,20,00,\
49,00,6e,00,66,00,72,00,61,00,73,00,74,00,72,00,75,00,63,00,74,00,75,00,72,\
00,65,00,00,00,46,00,53,00,46,00,69,00,6c,00,74,00,65,00,72,00,20,00,53,00,\
79,00,73,00,74,00,65,00,6d,00,00,00,46,00,53,00,46,00,69,00,6c,00,74,00,65,\
00,72,00,20,00,42,00,6f,00,74,00,74,00,6f,00,6d,00,00,00,46,00,53,00,46,00,\
69,00,6c,00,74,00,65,00,72,00,20,00,43,00,6f,00,70,00,79,00,20,00,50,00,72,\
00,6f,00,74,00,65,00,63,00,74,00,69,00,6f,00,6e,00,00,00,46,00,53,00,46,00,\
69,00,6c,00,74,00,65,00,72,00,20,00,53,00,65,00,63,00,75,00,72,00,69,00,74,\
00,79,00,20,00,45,00,6e,00,68,00,61,00,6e,00,63,00,65,00,72,00,00,00,46,00,\
53,00,46,00,69,00,6c,00,74,00,65,00,72,00,20,00,4f,00,70,00,65,00,6e,00,20,\
00,46,00,69,00,6c,00,65,00,00,00,46,00,53,00,46,00,69,00,6c,00,74,00,65,00,\
72,00,20,00,50,00,68,00,79,00,73,00,69,00,63,00,61,00,6c,00,20,00,51,00,75,\
00,6f,00,74,00,61,00,20,00,4d,00,61,00,6e,00,61,00,67,00,65,00,6d,00,65,00,\
6e,00,74,00,00,00,46,00,53,00,46,00,69,00,6c,00,74,00,65,00,72,00,20,00,45,\
00,6e,00,63,00,72,00,79,00,70,00,74,00,69,00,6f,00,6e,00,00,00,46,00,53,00,\
46,00,69,00,6c,00,74,00,65,00,72,00,20,00,43,00,6f,00,6d,00,70,00,72,00,65,\
00,73,00,73,00,69,00,6f,00,6e,00,00,00,46,00,53,00,46,00,69,00,6c,00,74,00,\
65,00,72,00,20,00,48,00,53,00,4d,00,00,00,46,00,53,00,46,00,69,00,6c,00,74,\
00,65,00,72,00,20,00,43,00,6c,00,75,00,73,00,74,00,65,00,72,00,20,00,46,00,\
69,00,6c,00,65,00,20,00,53,00,79,00,73,00,74,00,65,00,6d,00,00,00,46,00,53,\
00,46,00,69,00,6c,00,74,00,65,00,72,00,20,00,53,00,79,00,73,00,74,00,65,00,\
6d,00,20,00,52,00,65,00,63,00,6f,00,76,00,65,00,72,00,79,00,00,00,46,00,53,\
00,46,00,69,00,6c,00,74,00,65,00,72,00,20,00,51,00,75,00,6f,00,74,00,61,00,\
20,00,4d,00,61,00,6e,00,61,00,67,00,65,00,6d,00,65,00,6e,00,74,00,00,00,46,\
00,53,00,46,00,69,00,6c,00,74,00,65,00,72,00,20,00,43,00,6f,00,6e,00,74,00,\
65,00,6e,00,74,00,20,00,53,00,63,00,72,00,65,00,65,00,6e,00,65,00,72,00,00,\
00,46,00,53,00,46,00,69,00,6c,00,74,00,65,00,72,00,20,00,43,00,6f,00,6e,00,\
74,00,69,00,6e,00,75,00,6f,00,75,00,73,00,20,00,42,00,61,00,63,00,6b,00,75,\
00,70,00,00,00,46,00,53,00,46,00,69,00,6c,00,74,00,65,00,72,00,20,00,52,00,\
65,00,70,00,6c,00,69,00,63,00,61,00,74,00,69,00,6f,00,6e,00,00,00,46,00,53,\
00,46,00,69,00,6c,00,74,00,65,00,72,00,20,00,41,00,6e,00,74,00,69,00,2d,00,\
56,00,69,00,72,00,75,00,73,00,00,00,46,00,53,00,46,00,69,00,6c,00,74,00,65,\
00,72,00,20,00,55,00,6e,00,64,00,65,00,6c,00,65,00,74,00,65,00,00,00,46,00,\
53,00,46,00,69,00,6c,00,74,00,65,00,72,00,20,00,41,00,63,00,74,00,69,00,76,\
00,69,00,74,00,79,00,20,00,4d,00,6f,00,6e,00,69,00,74,00,6f,00,72,00,00,00,\
46,00,53,00,46,00,69,00,6c,00,74,00,65,00,72,00,20,00,54,00,6f,00,70,00,00,\
00,46,00,69,00,6c,00,74,00,65,00,72,00,00,00,42,00,6f,00,6f,00,74,00,20,00,\
46,00,69,00,6c,00,65,00,20,00,53,00,79,00,73,00,74,00,65,00,6d,00,00,00,42,\
00,61,00,73,00,65,00,00,00,50,00,6f,00,69,00,6e,00,74,00,65,00,72,00,20,00,\
50,00,6f,00,72,00,74,00,00,00,4b,00,65,00,79,00,62,00,6f,00,61,00,72,00,64,\
00,20,00,50,00,6f,00,72,00,74,00,00,00,50,00,6f,00,69,00,6e,00,74,00,65,00,\
72,00,20,00,43,00,6c,00,61,00,73,00,73,00,00,00,4b,00,65,00,79,00,62,00,6f,\
00,61,00,72,00,64,00,20,00,43,00,6c,00,61,00,73,00,73,00,00,00,56,00,69,00,\
64,00,65,00,6f,00,20,00,49,00,6e,00,69,00,74,00,00,00,56,00,69,00,64,00,65,\
00,6f,00,00,00,56,00,69,00,64,00,65,00,6f,00,20,00,53,00,61,00,76,00,65,00,\
00,00,46,00,69,00,6c,00,65,00,20,00,53,00,79,00,73,00,74,00,65,00,6d,00,00,\
00,45,00,76,00,65,00,6e,00,74,00,20,00,4c,00,6f,00,67,00,00,00,53,00,74,00,\
72,00,65,00,61,00,6d,00,73,00,20,00,44,00,72,00,69,00,76,00,65,00,72,00,73,\
00,00,00,4e,00,44,00,49,00,53,00,20,00,57,00,72,00,61,00,70,00,70,00,65,00,\
72,00,00,00,43,00,4f,00,4d,00,20,00,49,00,6e,00,66,00,72,00,61,00,73,00,74,\
00,72,00,75,00,63,00,74,00,75,00,72,00,65,00,00,00,55,00,49,00,47,00,72,00,\
6f,00,75,00,70,00,00,00,4c,00,6f,00,63,00,61,00,6c,00,56,00,61,00,6c,00,69,\
00,64,00,61,00,74,00,69,00,6f,00,6e,00,00,00,50,00,6c,00,75,00,67,00,50,00,\
6c,00,61,00,79,00,00,00,50,00,4e,00,50,00,5f,00,54,00,44,00,49,00,00,00,4e,\
00,44,00,49,00,53,00,00,00,54,00,44,00,49,00,00,00,53,00,79,00,6d,00,61,00,\
6e,00,74,00,65,00,63,00,20,00,43,00,6f,00,72,00,65,00,20,00,53,00,65,00,72,\
00,76,00,69,00,63,00,65,00,73,00,00,00,53,00,79,00,6d,00,61,00,6e,00,74,00,\
65,00,63,00,20,00,53,00,65,00,72,00,76,00,69,00,63,00,65,00,73,00,00,00,4e,\
00,65,00,74,00,42,00,49,00,4f,00,53,00,47,00,72,00,6f,00,75,00,70,00,00,00,\
53,00,68,00,65,00,6c,00,6c,00,53,00,76,00,63,00,47,00,72,00,6f,00,75,00,70,\
00,00,00,53,00,63,00,68,00,65,00,64,00,75,00,6c,00,65,00,72,00,47,00,72,00,\
6f,00,75,00,70,00,00,00,53,00,70,00,6f,00,6f,00,6c,00,65,00,72,00,47,00,72,\
00,6f,00,75,00,70,00,00,00,41,00,75,00,64,00,69,00,6f,00,47,00,72,00,6f,00,\
75,00,70,00,00,00,53,00,6d,00,61,00,72,00,74,00,43,00,61,00,72,00,64,00,47,\
00,72,00,6f,00,75,00,70,00,00,00,4e,00,65,00,74,00,77,00,6f,00,72,00,6b,00,\
50,00,72,00,6f,00,76,00,69,00,64,00,65,00,72,00,00,00,52,00,65,00,6d,00,6f,\
00,74,00,65,00,56,00,61,00,6c,00,69,00,64,00,61,00,74,00,69,00,6f,00,6e,00,\
00,00,4e,00,65,00,74,00,44,00,44,00,45,00,47,00,72,00,6f,00,75,00,70,00,00,\
00,50,00,61,00,72,00,61,00,6c,00,6c,00,65,00,6c,00,20,00,61,00,72,00,62,00,\
69,00,74,00,72,00,61,00,74,00,6f,00,72,00,00,00,45,00,78,00,74,00,65,00,6e,\
00,64,00,65,00,64,00,20,00,42,00,61,00,73,00,65,00,00,00,50,00,43,00,49,00,\
20,00,43,00,6f,00,6e,00,66,00,69,00,67,00,75,00,72,00,61,00,74,00,69,00,6f,\
00,6e,00,00,00,4d,00,53,00,20,00,54,00,72,00,61,00,6e,00,73,00,61,00,63,00,\
74,00,69,00,6f,00,6e,00,73,00,00,00,00,00
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\VirtualDeviceDrivers]
; Contents of value:
; C:\PROGRA~1\Symantec\S32EVNT1.DLL
;
"VDD"=hex(7):43,00,3a,00,5c,00,50,00,52,00,4f,00,47,00,52,00,41,00,7e,00,31,00,\
5c,00,53,00,79,00,6d,00,61,00,6e,00,74,00,65,00,63,00,5c,00,53,00,33,00,32,\
00,45,00,56,00,4e,00,54,00,31,00,2e,00,44,00,4c,00,4c,00,00,00,00,00
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_CCSETMGR\0000]
"DeviceDesc"="Symantec Settings Manager"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\BackupRestore\FilesNotToBackup]
; Contents of value:
; C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsys.dll
; C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcrst.dll
;
"Symantec Core Components"=hex(7):43,00,3a,00,5c,00,50,00,72,00,6f,00,67,00,72,\
00,61,00,6d,00,20,00,46,00,69,00,6c,00,65,00,73,00,5c,00,43,00,6f,00,6d,00,\
6d,00,6f,00,6e,00,20,00,46,00,69,00,6c,00,65,00,73,00,5c,00,53,00,79,00,6d,\
00,61,00,6e,00,74,00,65,00,63,00,20,00,53,00,68,00,61,00,72,00,65,00,64,00,\
5c,00,43,00,43,00,50,00,44,00,2d,00,4c,00,43,00,5c,00,73,00,79,00,6d,00,6c,\
00,63,00,73,00,79,00,73,00,2e,00,64,00,6c,00,6c,00,00,00,43,00,3a,00,5c,00,\
50,00,72,00,6f,00,67,00,72,00,61,00,6d,00,20,00,46,00,69,00,6c,00,65,00,73,\
00,5c,00,43,00,6f,00,6d,00,6d,00,6f,00,6e,00,20,00,46,00,69,00,6c,00,65,00,\
73,00,5c,00,53,00,79,00,6d,00,61,00,6e,00,74,00,65,00,63,00,20,00,53,00,68,\
00,61,00,72,00,65,00,64,00,5c,00,43,00,43,00,50,00,44,00,2d,00,4c,00,43,00,\
5c,00,73,00,79,00,6d,00,6c,00,63,00,72,00,73,00,74,00,2e,00,64,00,6c,00,6c,\
00,00,00,00,00
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\ServiceGroupOrder]
; Contents of value:
; System Reserved
; Boot Bus Extender
; System Bus Extender
; SCSI miniport
; Port
; Primary Disk
; SCSI Class
; SCSI CDROM Class
; FSFilter Infrastructure
; FSFilter System
; FSFilter Bottom
; FSFilter Copy Protection
; FSFilter Security Enhancer
; FSFilter Open File
; FSFilter Physical Quota Management
; FSFilter Encryption
; FSFilter Compression
; FSFilter HSM
; FSFilter Cluster File System
; FSFilter System Recovery
; FSFilter Quota Management
; FSFilter Content Screener
; FSFilter Continuous Backup
; FSFilter Replication
; FSFilter Anti-Virus
; FSFilter Undelete
; FSFilter Activity Monitor
; FSFilter Top
; Filter
; Boot File System
; Base
; Pointer Port
; Keyboard Port
; Pointer Class
; Keyboard Class
; Video Init
; Video
; Video Save
; File System
; Event Log
; Streams Drivers
; NDIS Wrapper
; COM Infrastructure
; UIGroup
; LocalValidation
; PlugPlay
; PNP_TDI
; NDIS
; TDI
; Symantec Core Services
; Symantec Services
; NetBIOSGroup
; ShellSvcGroup
; SchedulerGroup
; SpoolerGroup
; AudioGroup
; SmartCardGroup
; NetworkProvider
; RemoteValidation
; NetDDEGroup
; Parallel arbitrator
; Extended Base
; PCI Configuration
; MS Transactions
;
"List"=hex(7):53,00,79,00,73,00,74,00,65,00,6d,00,20,00,52,00,65,00,73,00,65,\
00,72,00,76,00,65,00,64,00,00,00,42,00,6f,00,6f,00,74,00,20,00,42,00,75,00,\
73,00,20,00,45,00,78,00,74,00,65,00,6e,00,64,00,65,00,72,00,00,00,53,00,79,\
00,73,00,74,00,65,00,6d,00,20,00,42,00,75,00,73,00,20,00,45,00,78,00,74,00,\
65,00,6e,00,64,00,65,00,72,00,00,00,53,00,43,00,53,00,49,00,20,00,6d,00,69,\
00,6e,00,69,00,70,00,6f,00,72,00,74,00,00,00,50,00,6f,00,72,00,74,00,00,00,\
50,00,72,00,69,00,6d,00,61,00,72,00,79,00,20,00,44,00,69,00,73,00,6b,00,00,\
00,53,00,43,00,53,00,49,00,20,00,43,00,6c,00,61,00,73,00,73,00,00,00,53,00,\
43,00,53,00,49,00,20,00,43,00,44,00,52,00,4f,00,4d,00,20,00,43,00,6c,00,61,\
00,73,00,73,00,00,00,46,00,53,00,46,00,69,00,6c,00,74,00,65,00,72,00,20,00,\
49,00,6e,00,66,00,72,00,61,00,73,00,74,00,72,00,75,00,63,00,74,00,75,00,72,\
00,65,00,00,00,46,00,53,00,46,00,69,00,6c,00,74,00,65,00,72,00,20,00,53,00,\
79,00,73,00,74,00,65,00,6d,00,00,00,46,00,53,00,46,00,69,00,6c,00,74,00,65,\
00,72,00,20,00,42,00,6f,00,74,00,74,00,6f,00,6d,00,00,00,46,00,53,00,46,00,\
69,00,6c,00,74,00,65,00,72,00,20,00,43,00,6f,00,70,00,79,00,20,00,50,00,72,\
00,6f,00,74,00,65,00,63,00,74,00,69,00,6f,00,6e,00,00,00,46,00,53,00,46,00,\
69,00,6c,00,74,00,65,00,72,00,20,00,53,00,65,00,63,00,75,00,72,00,69,00,74,\
00,79,00,20,00,45,00,6e,00,68,00,61,00,6e,00,63,00,65,00,72,00,00,00,46,00,\
53,00,46,00,69,00,6c,00,74,00,65,00,72,00,20,00,4f,00,70,00,65,00,6e,00,20,\
00,46,00,69,00,6c,00,65,00,00,00,46,00,53,00,46,00,69,00,6c,00,74,00,65,00,\
72,00,20,00,50,00,68,00,79,00,73,00,69,00,63,00,61,00,6c,00,20,00,51,00,75,\
00,6f,00,74,00,61,00,20,00,4d,00,61,00,6e,00,61,00,67,00,65,00,6d,00,65,00,\
6e,00,74,00,00,00,46,00,53,00,46,00,69,00,6c,00,74,00,65,00,72,00,20,00,45,\
00,6e,00,63,00,72,00,79,00,70,00,74,00,69,00,6f,00,6e,00,00,00,46,00,53,00,\
46,00,69,00,6c,00,74,00,65,00,72,00,20,00,43,00,6f,00,6d,00,70,00,72,00,65,\
00,73,00,73,00,69,00,6f,00,6e,00,00,00,46,00,53,00,46,00,69,00,6c,00,74,00,\
65,00,72,00,20,00,48,00,53,00,4d,00,00,00,46,00,53,00,46,00,69,00,6c,00,74,\
00,65,00,72,00,20,00,43,00,6c,00,75,00,73,00,74,00,65,00,72,00,20,00,46,00,\
69,00,6c,00,65,00,20,00,53,00,79,00,73,00,74,00,65,00,6d,00,00,00,46,00,53,\
00,46,00,69,00,6c,00,74,00,65,00,72,00,20,00,53,00,79,00,73,00,74,00,65,00,\
6d,00,20,00,52,00,65,00,63,00,6f,00,76,00,65,00,72,00,79,00,00,00,46,00,53,\
00,46,00,69,00,6c,00,74,00,65,00,72,00,20,00,51,00,75,00,6f,00,74,00,61,00,\
20,00,4d,00,61,00,6e,00,61,00,67,00,65,00,6d,00,65,00,6e,00,74,00,00,00,46,\
00,53,00,46,00,69,00,6c,00,74,00,65,00,72,00,20,00,43,00,6f,00,6e,00,74,00,\
65,00,6e,00,74,00,20,00,53,00,63,00,72,00,65,00,65,00,6e,00,65,00,72,00,00,\
00,46,00,53,00,46,00,69,00,6c,00,74,00,65,00,72,00,20,00,43,00,6f,00,6e,00,\
74,00,69,00,6e,00,75,00,6f,00,75,00,73,00,20,00,42,00,61,00,63,00,6b,00,75,\
00,70,00,00,00,46,00,53,00,46,00,69,00,6c,00,74,00,65,00,72,00,20,00,52,00,\
65,00,70,00,6c,00,69,00,63,00,61,00,74,00,69,00,6f,00,6e,00,00,00,46,00,53,\
00,46,00,69,00,6c,00,74,00,65,00,72,00,20,00,41,00,6e,00,74,00,69,00,2d,00,\
56,00,69,00,72,00,75,00,73,00,00,00,46,00,53,00,46,00,69,00,6c,00,74,00,65,\
00,72,00,20,00,55,00,6e,00,64,00,65,00,6c,00,65,00,74,00,65,00,00,00,46,00,\
53,00,46,00,69,00,6c,00,74,00,65,00,72,00,20,00,41,00,63,00,74,00,69,00,76,\
00,69,00,74,00,79,00,20,00,4d,00,6f,00,6e,00,69,00,74,00,6f,00,72,00,00,00,\
46,00,53,00,46,00,69,00,6c,00,74,00,65,00,72,00,20,00,54,00,6f,00,70,00,00,\
00,46,00,69,00,6c,00,74,00,65,00,72,00,00,00,42,00,6f,00,6f,00,74,00,20,00,\
46,00,69,00,6c,00,65,00,20,00,53,00,79,00,73,00,74,00,65,00,6d,00,00,00,42,\
00,61,00,73,00,65,00,00,00,50,00,6f,00,69,00,6e,00,74,00,65,00,72,00,20,00,\
50,00,6f,00,72,00,74,00,00,00,4b,00,65,00,79,00,62,00,6f,00,61,00,72,00,64,\
00,20,00,50,00,6f,00,72,00,74,00,00,00,50,00,6f,00,69,00,6e,00,74,00,65,00,\
72,00,20,00,43,00,6c,00,61,00,73,00,73,00,00,00,4b,00,65,00,79,00,62,00,6f,\
00,61,00,72,00,64,00,20,00,43,00,6c,00,61,00,73,00,73,00,00,00,56,00,69,00,\
64,00,65,00,6f,00,20,00,49,00,6e,00,69,00,74,00,00,00,56,00,69,00,64,00,65,\
00,6f,00,00,00,56,00,69,00,64,00,65,00,6f,00,20,00,53,00,61,00,76,00,65,00,\
00,00,46,00,69,00,6c,00,65,00,20,00,53,00,79,00,73,00,74,00,65,00,6d,00,00,\
00,45,00,76,00,65,00,6e,00,74,00,20,00,4c,00,6f,00,67,00,00,00,53,00,74,00,\
72,00,65,00,61,00,6d,00,73,00,20,00,44,00,72,00,69,00,76,00,65,00,72,00,73,\
00,00,00,4e,00,44,00,49,00,53,00,20,00,57,00,72,00,61,00,70,00,70,00,65,00,\
72,00,00,00,43,00,4f,00,4d,00,20,00,49,00,6e,00,66,00,72,00,61,00,73,00,74,\
00,72,00,75,00,63,00,74,00,75,00,72,00,65,00,00,00,55,00,49,00,47,00,72,00,\
6f,00,75,00,70,00,00,00,4c,00,6f,00,63,00,61,00,6c,00,56,00,61,00,6c,00,69,\
00,64,00,61,00,74,00,69,00,6f,00,6e,00,00,00,50,00,6c,00,75,00,67,00,50,00,\
6c,00,61,00,79,00,00,00,50,00,4e,00,50,00,5f,00,54,00,44,00,49,00,00,00,4e,\
00,44,00,49,00,53,00,00,00,54,00,44,00,49,00,00,00,53,00,79,00,6d,00,61,00,\
6e,00,74,00,65,00,63,00,20,00,43,00,6f,00,72,00,65,00,20,00,53,00,65,00,72,\
00,76,00,69,00,63,00,65,00,73,00,00,00,53,00,79,00,6d,00,61,00,6e,00,74,00,\
65,00,63,00,20,00,53,00,65,00,72,00,76,00,69,00,63,00,65,00,73,00,00,00,4e,\
00,65,00,74,00,42,00,49,00,4f,00,53,00,47,00,72,00,6f,00,75,00,70,00,00,00,\
53,00,68,00,65,00,6c,00,6c,00,53,00,76,00,63,00,47,00,72,00,6f,00,75,00,70,\
00,00,00,53,00,63,00,68,00,65,00,64,00,75,00,6c,00,65,00,72,00,47,00,72,00,\
6f,00,75,00,70,00,00,00,53,00,70,00,6f,00,6f,00,6c,00,65,00,72,00,47,00,72,\
00,6f,00,75,00,70,00,00,00,41,00,75,00,64,00,69,00,6f,00,47,00,72,00,6f,00,\
75,00,70,00,00,00,53,00,6d,00,61,00,72,00,74,00,43,00,61,00,72,00,64,00,47,\
00,72,00,6f,00,75,00,70,00,00,00,4e,00,65,00,74,00,77,00,6f,00,72,00,6b,00,\
50,00,72,00,6f,00,76,00,69,00,64,00,65,00,72,00,00,00,52,00,65,00,6d,00,6f,\
00,74,00,65,00,56,00,61,00,6c,00,69,00,64,00,61,00,74,00,69,00,6f,00,6e,00,\
00,00,4e,00,65,00,74,00,44,00,44,00,45,00,47,00,72,00,6f,00,75,00,70,00,00,\
00,50,00,61,00,72,00,61,00,6c,00,6c,00,65,00,6c,00,20,00,61,00,72,00,62,00,\
69,00,74,00,72,00,61,00,74,00,6f,00,72,00,00,00,45,00,78,00,74,00,65,00,6e,\
00,64,00,65,00,64,00,20,00,42,00,61,00,73,00,65,00,00,00,50,00,43,00,49,00,\
20,00,43,00,6f,00,6e,00,66,00,69,00,67,00,75,00,72,00,61,00,74,00,69,00,6f,\
00,6e,00,00,00,4d,00,53,00,20,00,54,00,72,00,61,00,6e,00,73,00,61,00,63,00,\
74,00,69,00,6f,00,6e,00,73,00,00,00,00,00
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\VirtualDeviceDrivers]
; Contents of value:
; C:\PROGRA~1\Symantec\S32EVNT1.DLL
;
"VDD"=hex(7):43,00,3a,00,5c,00,50,00,52,00,4f,00,47,00,52,00,41,00,7e,00,31,00,\
5c,00,53,00,79,00,6d,00,61,00,6e,00,74,00,65,00,63,00,5c,00,53,00,33,00,32,\
00,45,00,56,00,4e,00,54,00,31,00,2e,00,44,00,4c,00,4c,00,00,00,00,00
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CCSETMGR\0000]
"DeviceDesc"="Symantec Settings Manager"
[HKEY_CURRENT_USER\Software\Microsoft\Search Assistant\ACMru\5603]
"000"="symantec"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\ShellNoRoam\MUICache]
"C:\\Program Files\\Common Files\\Symantec Shared\\SymSetup\\{830D8CBD-C668-49e2-A969-C2C2106332E0}_14_0_0_89\\{830D8CBD-C668-49e2-A969-C2C2106332E0}.exe"="Norton AntiVirus NAVSetup"
"C:\\DOCUME~1\\ADMINI~1\\LOCALS~1\\Temp\\WZSE0.TMP\\SymNRT.exe"="Symantec Removal Utility"
; End Of The Log...
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:24, on 2008-02-09
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\WIDCOMM\Bluetooth-ohjelmisto\bin\btwdins.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\GtFlashSwitch\GtFlashSwitch.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\mqsvc.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\WINDOWS\system32\mqtgsvc.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\WIDCOMM\Bluetooth-ohjelmisto\BTTray.exe
C:\Program Files\Option\GlobeTrotter Connect\GlobeTrotter Connect.exe
C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [MsmqIntCert] regsvr32 /s mqrt.dll
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] CHDAudPropShortcut.exe
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Paikallinen palve')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Verkkopalve')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: GlobeTrotter Connect.lnk = C:\Program Files\Option\GlobeTrotter Connect\GlobeTrotter Connect.exe
O8 - Extra context menu item: Download all links using BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: Download all videos using BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: Download link using &BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\WINDOWS\system32\shdocvw.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by115fd.bay115.hotmail.msn.com/resources/MsnPUpld.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: AddFiltr - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth-ohjelmisto\bin\btwdins.exe
O23 - Service: GtFlashSwitch - OptionNV - C:\Program Files\Common Files\GtFlashSwitch\GtFlashSwitch.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - c:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod-palvelu (iPod Service) - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing)
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
--
End of file - 6768 bytesPahoittelen kun vastaaminen kestää..
Oliko tuo Symantec Norton laillinen, maksullinen versio?
***
Ota ensin rekisteristä näin varmuuskopio:
Suorita -> regedit -> ok. Sitten Tiedosto -> Vie. Kirjoita sille joku nimi ja sitten Tallenna
(ja laita muistiin, mihin tallensit sen).
Tallenna ensin ***tähtien välinen teksti*** nimellä fixsym.reg ( - aatu
axa.doe kirjoitti:
Pahoittelen kun vastaaminen kestää..
Oliko tuo Symantec Norton laillinen, maksullinen versio?
***
Ota ensin rekisteristä näin varmuuskopio:
Suorita -> regedit -> ok. Sitten Tiedosto -> Vie. Kirjoita sille joku nimi ja sitten Tallenna
(ja laita muistiin, mihin tallensit sen).
Tallenna ensin ***tähtien välinen teksti*** nimellä fixsym.reg (Morjesta, ja sori että mullakin kesti tässä vastauksessa... oli vähän kiireitä tuossa :)
Nortonin alkuperästä minä en uskalla sanoa mitään koska se oli tällä koneella kun ostin sen, mutta pieni aavistus on että tais olla piraatti...
mutta tässäpäs logia:
Windows Registry Editor Version 5.00
; Registry Search 2.0 by Bobbi Flekman © 2005
; Version: 2.0.5.0
; Results at 2008-02-14 19:47:32 for strings:
; 'symantec'
; Strings excluded from search:
; (None)
; Search in:
; Registry Keys Registry Values Registry Data
; HKEY_LOCAL_MACHINE HKEY_USERS
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\BackupRestore\FilesNotToBackup]
; Contents of value:
; C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsys.dll
; C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcrst.dll
;
"Symantec Core Components"=hex(7):43,00,3a,00,5c,00,50,00,72,00,6f,00,67,00,72,\
00,61,00,6d,00,20,00,46,00,69,00,6c,00,65,00,73,00,5c,00,43,00,6f,00,6d,00,\
6d,00,6f,00,6e,00,20,00,46,00,69,00,6c,00,65,00,73,00,5c,00,53,00,79,00,6d,\
00,61,00,6e,00,74,00,65,00,63,00,20,00,53,00,68,00,61,00,72,00,65,00,64,00,\
5c,00,43,00,43,00,50,00,44,00,2d,00,4c,00,43,00,5c,00,73,00,79,00,6d,00,6c,\
00,63,00,73,00,79,00,73,00,2e,00,64,00,6c,00,6c,00,00,00,43,00,3a,00,5c,00,\
50,00,72,00,6f,00,67,00,72,00,61,00,6d,00,20,00,46,00,69,00,6c,00,65,00,73,\
00,5c,00,43,00,6f,00,6d,00,6d,00,6f,00,6e,00,20,00,46,00,69,00,6c,00,65,00,\
73,00,5c,00,53,00,79,00,6d,00,61,00,6e,00,74,00,65,00,63,00,20,00,53,00,68,\
00,61,00,72,00,65,00,64,00,5c,00,43,00,43,00,50,00,44,00,2d,00,4c,00,43,00,\
5c,00,73,00,79,00,6d,00,6c,00,63,00,72,00,73,00,74,00,2e,00,64,00,6c,00,6c,\
00,00,00,00,00
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\ServiceGroupOrder]
; Contents of value:
; System Reserved
; Boot Bus Extender
; System Bus Extender
; SCSI miniport
; Port
; Primary Disk
; SCSI Class
; SCSI CDROM Class
; FSFilter Infrastructure
; FSFilter System
; FSFilter Bottom
; FSFilter Copy Protection
; FSFilter Security Enhancer
; FSFilter Open File
; FSFilter Physical Quota Management
; FSFilter Encryption
; FSFilter Compression
; FSFilter HSM
; FSFilter Cluster File System
; FSFilter System Recovery
; FSFilter Quota Management
; FSFilter Content Screener
; FSFilter Continuous Backup
; FSFilter Replication
; FSFilter Anti-Virus
; FSFilter Undelete
; FSFilter Activity Monitor
; FSFilter Top
; Filter
; Boot File System
; Base
; Pointer Port
; Keyboard Port
; Pointer Class
; Keyboard Class
; Video Init
; Video
; Video Save
; File System
; Event Log
; Streams Drivers
; NDIS Wrapper
; COM Infrastructure
; UIGroup
; LocalValidation
; PlugPlay
; PNP_TDI
; NDIS
; TDI
; Symantec Core Services
; Symantec Services
; NetBIOSGroup
; ShellSvcGroup
; SchedulerGroup
; SpoolerGroup
; AudioGroup
; SmartCardGroup
; NetworkProvider
; RemoteValidation
; NetDDEGroup
; Parallel arbitrator
; Extended Base
; PCI Configuration
; MS Transactions
;
"List"=hex(7):53,00,79,00,73,00,74,00,65,00,6d,00,20,00,52,00,65,00,73,00,65,\
00,72,00,76,00,65,00,64,00,00,00,42,00,6f,00,6f,00,74,00,20,00,42,00,75,00,\
73,00,20,00,45,00,78,00,74,00,65,00,6e,00,64,00,65,00,72,00,00,00,53,00,79,\
00,73,00,74,00,65,00,6d,00,20,00,42,00,75,00,73,00,20,00,45,00,78,00,74,00,\
65,00,6e,00,64,00,65,00,72,00,00,00,53,00,43,00,53,00,49,00,20,00,6d,00,69,\
00,6e,00,69,00,70,00,6f,00,72,00,74,00,00,00,50,00,6f,00,72,00,74,00,00,00,\
50,00,72,00,69,00,6d,00,61,00,72,00,79,00,20,00,44,00,69,00,73,00,6b,00,00,\
00,53,00,43,00,53,00,49,00,20,00,43,00,6c,00,61,00,73,00,73,00,00,00,53,00,\
43,00,53,00,49,00,20,00,43,00,44,00,52,00,4f,00,4d,00,20,00,43,00,6c,00,61,\
00,73,00,73,00,00,00,46,00,53,00,46,00,69,00,6c,00,74,00,65,00,72,00,20,00,\
49,00,6e,00,66,00,72,00,61,00,73,00,74,00,72,00,75,00,63,00,74,00,75,00,72,\
00,65,00,00,00,46,00,53,00,46,00,69,00,6c,00,74,00,65,00,72,00,20,00,53,00,\
79,00,73,00,74,00,65,00,6d,00,00,00,46,00,53,00,46,00,69,00,6c,00,74,00,65,\
00,72,00,20,00,42,00,6f,00,74,00,74,00,6f,00,6d,00,00,00,46,00,53,00,46,00,\
69,00,6c,00,74,00,65,00,72,00,20,00,43,00,6f,00,70,00,79,00,20,00,50,00,72,\
00,6f,00,74,00,65,00,63,00,74,00,69,00,6f,00,6e,00,00,00,46,00,53,00,46,00,\
69,00,6c,00,74,00,65,00,72,00,20,00,53,00,65,00,63,00,75,00,72,00,69,00,74,\
00,79,00,20,00,45,00,6e,00,68,00,61,00,6e,00,63,00,65,00,72,00,00,00,46,00,\
53,00,46,00,69,00,6c,00,74,00,65,00,72,00,20,00,4f,00,70,00,65,00,6e,00,20,\
00,46,00,69,00,6c,00,65,00,00,00,46,00,53,00,46,00,69,00,6c,00,74,00,65,00,\
72,00,20,00,50,00,68,00,79,00,73,00,69,00,63,00,61,00,6c,00,20,00,51,00,75,\
00,6f,00,74,00,61,00,20,00,4d,00,61,00,6e,00,61,00,67,00,65,00,6d,00,65,00,\
6e,00,74,00,00,00,46,00,53,00,46,00,69,00,6c,00,74,00,65,00,72,00,20,00,45,\
00,6e,00,63,00,72,00,79,00,70,00,74,00,69,00,6f,00,6e,00,00,00,46,00,53,00,\
46,00,69,00,6c,00,74,00,65,00,72,00,20,00,43,00,6f,00,6d,00,70,00,72,00,65,\
00,73,00,73,00,69,00,6f,00,6e,00,00,00,46,00,53,00,46,00,69,00,6c,00,74,00,\
65,00,72,00,20,00,48,00,53,00,4d,00,00,00,46,00,53,00,46,00,69,00,6c,00,74,\
00,65,00,72,00,20,00,43,00,6c,00,75,00,73,00,74,00,65,00,72,00,20,00,46,00,\
69,00,6c,00,65,00,20,00,53,00,79,00,73,00,74,00,65,00,6d,00,00,00,46,00,53,\
00,46,00,69,00,6c,00,74,00,65,00,72,00,20,00,53,00,79,00,73,00,74,00,65,00,\
6d,00,20,00,52,00,65,00,63,00,6f,00,76,00,65,00,72,00,79,00,00,00,46,00,53,\
00,46,00,69,00,6c,00,74,00,65,00,72,00,20,00,51,00,75,00,6f,00,74,00,61,00,\
20,00,4d,00,61,00,6e,00,61,00,67,00,65,00,6d,00,65,00,6e,00,74,00,00,00,46,\
00,53,00,46,00,69,00,6c,00,74,00,65,00,72,00,20,00,43,00,6f,00,6e,00,74,00,\
65,00,6e,00,74,00,20,00,53,00,63,00,72,00,65,00,65,00,6e,00,65,00,72,00,00,\
00,46,00,53,00,46,00,69,00,6c,00,74,00,65,00,72,00,20,00,43,00,6f,00,6e,00,\
74,00,69,00,6e,00,75,00,6f,00,75,00,73,00,20,00,42,00,61,00,63,00,6b,00,75,\
00,70,00,00,00,46,00,53,00,46,00,69,00,6c,00,74,00,65,00,72,00,20,00,52,00,\
65,00,70,00,6c,00,69,00,63,00,61,00,74,00,69,00,6f,00,6e,00,00,00,46,00,53,\
00,46,00,69,00,6c,00,74,00,65,00,72,00,20,00,41,00,6e,00,74,00,69,00,2d,00,\
56,00,69,00,72,00,75,00,73,00,00,00,46,00,53,00,46,00,69,00,6c,00,74,00,65,\
00,72,00,20,00,55,00,6e,00,64,00,65,00,6c,00,65,00,74,00,65,00,00,00,46,00,\
53,00,46,00,69,00,6c,00,74,00,65,00,72,00,20,00,41,00,63,00,74,00,69,00,76,\
00,69,00,74,00,79,00,20,00,4d,00,6f,00,6e,00,69,00,74,00,6f,00,72,00,00,00,\
46,00,53,00,46,00,69,00,6c,00,74,00,65,00,72,00,20,00,54,00,6f,00,70,00,00,\
00,46,00,69,00,6c,00,74,00,65,00,72,00,00,00,42,00,6f,00,6f,00,74,00,20,00,\
46,00,69,00,6c,00,65,00,20,00,53,00,79,00,73,00,74,00,65,00,6d,00,00,00,42,\
00,61,00,73,00,65,00,00,00,50,00,6f,00,69,00,6e,00,74,00,65,00,72,00,20,00,\
50,00,6f,00,72,00,74,00,00,00,4b,00,65,00,79,00,62,00,6f,00,61,00,72,00,64,\
00,20,00,50,00,6f,00,72,00,74,00,00,00,50,00,6f,00,69,00,6e,00,74,00,65,00,\
72,00,20,00,43,00,6c,00,61,00,73,00,73,00,00,00,4b,00,65,00,79,00,62,00,6f,\
00,61,00,72,00,64,00,20,00,43,00,6c,00,61,00,73,00,73,00,00,00,56,00,69,00,\
64,00,65,00,6f,00,20,00,49,00,6e,00,69,00,74,00,00,00,56,00,69,00,64,00,65,\
00,6f,00,00,00,56,00,69,00,64,00,65,00,6f,00,20,00,53,00,61,00,76,00,65,00,\
00,00,46,00,69,00,6c,00,65,00,20,00,53,00,79,00,73,00,74,00,65,00,6d,00,00,\
00,45,00,76,00,65,00,6e,00,74,00,20,00,4c,00,6f,00,67,00,00,00,53,00,74,00,\
72,00,65,00,61,00,6d,00,73,00,20,00,44,00,72,00,69,00,76,00,65,00,72,00,73,\
00,00,00,4e,00,44,00,49,00,53,00,20,00,57,00,72,00,61,00,70,00,70,00,65,00,\
72,00,00,00,43,00,4f,00,4d,00,20,00,49,00,6e,00,66,00,72,00,61,00,73,00,74,\
00,72,00,75,00,63,00,74,00,75,00,72,00,65,00,00,00,55,00,49,00,47,00,72,00,\
6f,00,75,00,70,00,00,00,4c,00,6f,00,63,00,61,00,6c,00,56,00,61,00,6c,00,69,\
00,64,00,61,00,74,00,69,00,6f,00,6e,00,00,00,50,00,6c,00,75,00,67,00,50,00,\
6c,00,61,00,79,00,00,00,50,00,4e,00,50,00,5f,00,54,00,44,00,49,00,00,00,4e,\
00,44,00,49,00,53,00,00,00,54,00,44,00,49,00,00,00,53,00,79,00,6d,00,61,00,\
6e,00,74,00,65,00,63,00,20,00,43,00,6f,00,72,00,65,00,20,00,53,00,65,00,72,\
00,76,00,69,00,63,00,65,00,73,00,00,00,53,00,79,00,6d,00,61,00,6e,00,74,00,\
65,00,63,00,20,00,53,00,65,00,72,00,76,00,69,00,63,00,65,00,73,00,00,00,4e,\
00,65,00,74,00,42,00,49,00,4f,00,53,00,47,00,72,00,6f,00,75,00,70,00,00,00,\
53,00,68,00,65,00,6c,00,6c,00,53,00,76,00,63,00,47,00,72,00,6f,00,75,00,70,\
00,00,00,53,00,63,00,68,00,65,00,64,00,75,00,6c,00,65,00,72,00,47,00,72,00,\
6f,00,75,00,70,00,00,00,53,00,70,00,6f,00,6f,00,6c,00,65,00,72,00,47,00,72,\
00,6f,00,75,00,70,00,00,00,41,00,75,00,64,00,69,00,6f,00,47,00,72,00,6f,00,\
75,00,70,00,00,00,53,00,6d,00,61,00,72,00,74,00,43,00,61,00,72,00,64,00,47,\
00,72,00,6f,00,75,00,70,00,00,00,4e,00,65,00,74,00,77,00,6f,00,72,00,6b,00,\
50,00,72,00,6f,00,76,00,69,00,64,00,65,00,72,00,00,00,52,00,65,00,6d,00,6f,\
00,74,00,65,00,56,00,61,00,6c,00,69,00,64,00,61,00,74,00,69,00,6f,00,6e,00,\
00,00,4e,00,65,00,74,00,44,00,44,00,45,00,47,00,72,00,6f,00,75,00,70,00,00,\
00,50,00,61,00,72,00,61,00,6c,00,6c,00,65,00,6c,00,20,00,61,00,72,00,62,00,\
69,00,74,00,72,00,61,00,74,00,6f,00,72,00,00,00,45,00,78,00,74,00,65,00,6e,\
00,64,00,65,00,64,00,20,00,42,00,61,00,73,00,65,00,00,00,50,00,43,00,49,00,\
20,00,43,00,6f,00,6e,00,66,00,69,00,67,00,75,00,72,00,61,00,74,00,69,00,6f,\
00,6e,00,00,00,4d,00,53,00,20,00,54,00,72,00,61,00,6e,00,73,00,61,00,63,00,\
74,00,69,00,6f,00,6e,00,73,00,00,00,00,00
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\VirtualDeviceDrivers]
; Contents of value:
; C:\PROGRA~1\Symantec\S32EVNT1.DLL
;
"VDD"=hex(7):43,00,3a,00,5c,00,50,00,52,00,4f,00,47,00,52,00,41,00,7e,00,31,00,\
5c,00,53,00,79,00,6d,00,61,00,6e,00,74,00,65,00,63,00,5c,00,53,00,33,00,32,\
00,45,00,56,00,4e,00,54,00,31,00,2e,00,44,00,4c,00,4c,00,00,00,00,00
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_CCSETMGR\0000]
"DeviceDesc"="Symantec Settings Manager"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\BackupRestore\FilesNotToBackup]
; Contents of value:
; C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsys.dll
; C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcrst.dll
;
"Symantec Core Components"=hex(7):43,00,3a,00,5c,00,50,00,72,00,6f,00,67,00,72,\
00,61,00,6d,00,20,00,46,00,69,00,6c,00,65,00,73,00,5c,00,43,00,6f,00,6d,00,\
6d,00,6f,00,6e,00,20,00,46,00,69,00,6c,00,65,00,73,00,5c,00,53,00,79,00,6d,\
00,61,00,6e,00,74,00,65,00,63,00,20,00,53,00,68,00,61,00,72,00,65,00,64,00,\
5c,00,43,00,43,00,50,00,44,00,2d,00,4c,00,43,00,5c,00,73,00,79,00,6d,00,6c,\
00,63,00,73,00,79,00,73,00,2e,00,64,00,6c,00,6c,00,00,00,43,00,3a,00,5c,00,\
50,00,72,00,6f,00,67,00,72,00,61,00,6d,00,20,00,46,00,69,00,6c,00,65,00,73,\
00,5c,00,43,00,6f,00,6d,00,6d,00,6f,00,6e,00,20,00,46,00,69,00,6c,00,65,00,\
73,00,5c,00,53,00,79,00,6d,00,61,00,6e,00,74,00,65,00,63,00,20,00,53,00,68,\
00,61,00,72,00,65,00,64,00,5c,00,43,00,43,00,50,00,44,00,2d,00,4c,00,43,00,\
5c,00,73,00,79,00,6d,00,6c,00,63,00,72,00,73,00,74,00,2e,00,64,00,6c,00,6c,\
00,00,00,00,00
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\ServiceGroupOrder]
; Contents of value:
; System Reserved
; Boot Bus Extender
; System Bus Extender
; SCSI miniport
; Port
; Primary Disk
; SCSI Class
; SCSI CDROM Class
; FSFilter Infrastructure
; FSFilter System
; FSFilter Bottom
; FSFilter Copy Protection
; FSFilter Security Enhancer
; FSFilter Open File
; FSFilter Physical Quota Management
; FSFilter Encryption
; FSFilter Compression
; FSFilter HSM
; FSFilter Cluster File System
; FSFilter System Recovery
; FSFilter Quota Management
; FSFilter Content Screener
; FSFilter Continuous Backup
; FSFilter Replication
; FSFilter Anti-Virus
; FSFilter Undelete
; FSFilter Activity Monitor
; FSFilter Top
; Filter
; Boot File System
; Base
; Pointer Port
; Keyboard Port
; Pointer Class
; Keyboard Class
; Video Init
; Video
; Video Save
; File System
; Event Log
; Streams Drivers
; NDIS Wrapper
; COM Infrastructure
; UIGroup
; LocalValidation
; PlugPlay
; PNP_TDI
; NDIS
; TDI
; Symantec Core Services
; Symantec Services
; NetBIOSGroup
; ShellSvcGroup
; SchedulerGroup
; SpoolerGroup
; AudioGroup
; SmartCardGroup
; NetworkProvider
; RemoteValidation
; NetDDEGroup
; Parallel arbitrator
; Extended Base
; PCI Configuration
; MS Transactions
;
"List"=hex(7):53,00,79,00,73,00,74,00,65,00,6d,00,20,00,52,00,65,00,73,00,65,\
00,72,00,76,00,65,00,64,00,00,00,42,00,6f,00,6f,00,74,00,20,00,42,00,75,00,\
73,00,20,00,45,00,78,00,74,00,65,00,6e,00,64,00,65,00,72,00,00,00,53,00,79,\
00,73,00,74,00,65,00,6d,00,20,00,42,00,75,00,73,00,20,00,45,00,78,00,74,00,\
65,00,6e,00,64,00,65,00,72,00,00,00,53,00,43,00,53,00,49,00,20,00,6d,00,69,\
00,6e,00,69,00,70,00,6f,00,72,00,74,00,00,00,50,00,6f,00,72,00,74,00,00,00,\
50,00,72,00,69,00,6d,00,61,00,72,00,79,00,20,00,44,00,69,00,73,00,6b,00,00,\
00,53,00,43,00,53,00,49,00,20,00,43,00,6c,00,61,00,73,00,73,00,00,00,53,00,\
43,00,53,00,49,00,20,00,43,00,44,00,52,00,4f,00,4d,00,20,00,43,00,6c,00,61,\
00,73,00,73,00,00,00,46,00,53,00,46,00,69,00,6c,00,74,00,65,00,72,00,20,00,\
49,00,6e,00,66,00,72,00,61,00,73,00,74,00,72,00,75,00,63,00,74,00,75,00,72,\
00,65,00,00,00,46,00,53,00,46,00,69,00,6c,00,74,00,65,00,72,00,20,00,53,00,\
79,00,73,00,74,00,65,00,6d,00,00,00,46,00,53,00,46,00,69,00,6c,00,74,00,65,\
00,72,00,20,00,42,00,6f,00,74,00,74,00,6f,00,6d,00,00,00,46,00,53,00,46,00,\
69,00,6c,00,74,00,65,00,72,00,20,00,43,00,6f,00,70,00,79,00,20,00,50,00,72,\
00,6f,00,74,00,65,00,63,00,74,00,69,00,6f,00,6e,00,00,00,46,00,53,00,46,00,\
69,00,6c,00,74,00,65,00,72,00,20,00,53,00,65,00,63,00,75,00,72,00,69,00,74,\
00,79,00,20,00,45,00,6e,00,68,00,61,00,6e,00,63,00,65,00,72,00,00,00,46,00,\
53,00,46,00,69,00,6c,00,74,00,65,00,72,00,20,00,4f,00,70,00,65,00,6e,00,20,\
00,46,00,69,00,6c,00,65,00,00,00,46,00,53,00,46,00,69,00,6c,00,74,00,65,00,\
72,00,20,00,50,00,68,00,79,00,73,00,69,00,63,00,61,00,6c,00,20,00,51,00,75,\
00,6f,00,74,00,61,00,20,00,4d,00,61,00,6e,00,61,00,67,00,65,00,6d,00,65,00,\
6e,00,74,00,00,00,46,00,53,00,46,00,69,00,6c,00,74,00,65,00,72,00,20,00,45,\
00,6e,00,63,00,72,00,79,00,70,00,74,00,69,00,6f,00,6e,00,00,00,46,00,53,00,\
46,00,69,00,6c,00,74,00,65,00,72,00,20,00,43,00,6f,00,6d,00,70,00,72,00,65,\
00,73,00,73,00,69,00,6f,00,6e,00,00,00,46,00,53,00,46,00,69,00,6c,00,74,00,\
65,00,72,00,20,00,48,00,53,00,4d,00,00,00,46,00,53,00,46,00,69,00,6c,00,74,\
00,65,00,72,00,20,00,43,00,6c,00,75,00,73,00,74,00,65,00,72,00,20,00,46,00,\
69,00,6c,00,65,00,20,00,53,00,79,00,73,00,74,00,65,00,6d,00,00,00,46,00,53,\
00,46,00,69,00,6c,00,74,00,65,00,72,00,20,00,53,00,79,00,73,00,74,00,65,00,\
6d,00,20,00,52,00,65,00,63,00,6f,00,76,00,65,00,72,00,79,00,00,00,46,00,53,\
00,46,00,69,00,6c,00,74,00,65,00,72,00,20,00,51,00,75,00,6f,00,74,00,61,00,\
20,00,4d,00,61,00,6e,00,61,00,67,00,65,00,6d,00,65,00,6e,00,74,00,00,00,46,\
00,53,00,46,00,69,00,6c,00,74,00,65,00,72,00,20,00,43,00,6f,00,6e,00,74,00,\
65,00,6e,00,74,00,20,00,53,00,63,00,72,00,65,00,65,00,6e,00,65,00,72,00,00,\
00,46,00,53,00,46,00,69,00,6c,00,74,00,65,00,72,00,20,00,43,00,6f,00,6e,00,\
74,00,69,00,6e,00,75,00,6f,00,75,00,73,00,20,00,42,00,61,00,63,00,6b,00,75,\
00,70,00,00,00,46,00,53,00,46,00,69,00,6c,00,74,00,65,00,72,00,20,00,52,00,\
65,00,70,00,6c,00,69,00,63,00,61,00,74,00,69,00,6f,00,6e,00,00,00,46,00,53,\
00,46,00,69,00,6c,00,74,00,65,00,72,00,20,00,41,00,6e,00,74,00,69,00,2d,00,\
56,00,69,00,72,00,75,00,73,00,00,00,46,00,53,00,46,00,69,00,6c,00,74,00,65,\
00,72,00,20,00,55,00,6e,00,64,00,65,00,6c,00,65,00,74,00,65,00,00,00,46,00,\
53,00,46,00,69,00,6c,00,74,00,65,00,72,00,20,00,41,00,63,00,74,00,69,00,76,\
00,69,00,74,00,79,00,20,00,4d,00,6f,00,6e,00,69,00,74,00,6f,00,72,00,00,00,\
46,00,53,00,46,00,69,00,6c,00,74,00,65,00,72,00,20,00,54,00,6f,00,70,00,00,\
00,46,00,69,00,6c,00,74,00,65,00,72,00,00,00,42,00,6f,00,6f,00,74,00,20,00,\
46,00,69,00,6c,00,65,00,20,00,53,00,79,00,73,00,74,00,65,00,6d,00,00,00,42,\
00,61,00,73,00,65,00,00,00,50,00,6f,00,69,00,6e,00,74,00,65,00,72,00,20,00,\
50,00,6f,00,72,00,74,00,00,00,4b,00,65,00,79,00,62,00,6f,00,61,00,72,00,64,\
00,20,00,50,00,6f,00,72,00,74,00,00,00,50,00,6f,00,69,00,6e,00,74,00,65,00,\
72,00,20,00,43,00,6c,00,61,00,73,00,73,00,00,00,4b,00,65,00,79,00,62,00,6f,\
00,61,00,72,00,64,00,20,00,43,00,6c,00,61,00,73,00,73,00,00,00,56,00,69,00,\
64,00,65,00,6f,00,20,00,49,00,6e,00,69,00,74,00,00,00,56,00,69,00,64,00,65,\
00,6f,00,00,00,56,00,69,00,64,00,65,00,6f,00,20,00,53,00,61,00,76,00,65,00,\
00,00,46,00,69,00,6c,00,65,00,20,00,53,00,79,00,73,00,74,00,65,00,6d,00,00,\
00,45,00,76,00,65,00,6e,00,74,00,20,00,4c,00,6f,00,67,00,00,00,53,00,74,00,\
72,00,65,00,61,00,6d,00,73,00,20,00,44,00,72,00,69,00,76,00,65,00,72,00,73,\
00,00,00,4e,00,44,00,49,00,53,00,20,00,57,00,72,00,61,00,70,00,70,00,65,00,\
72,00,00,00,43,00,4f,00,4d,00,20,00,49,00,6e,00,66,00,72,00,61,00,73,00,74,\
00,72,00,75,00,63,00,74,00,75,00,72,00,65,00,00,00,55,00,49,00,47,00,72,00,\
6f,00,75,00,70,00,00,00,4c,00,6f,00,63,00,61,00,6c,00,56,00,61,00,6c,00,69,\
00,64,00,61,00,74,00,69,00,6f,00,6e,00,00,00,50,00,6c,00,75,00,67,00,50,00,\
6c,00,61,00,79,00,00,00,50,00,4e,00,50,00,5f,00,54,00,44,00,49,00,00,00,4e,\
00,44,00,49,00,53,00,00,00,54,00,44,00,49,00,00,00,53,00,79,00,6d,00,61,00,\
6e,00,74,00,65,00,63,00,20,00,43,00,6f,00,72,00,65,00,20,00,53,00,65,00,72,\
00,76,00,69,00,63,00,65,00,73,00,00,00,53,00,79,00,6d,00,61,00,6e,00,74,00,\
65,00,63,00,20,00,53,00,65,00,72,00,76,00,69,00,63,00,65,00,73,00,00,00,4e,\
00,65,00,74,00,42,00,49,00,4f,00,53,00,47,00,72,00,6f,00,75,00,70,00,00,00,\
53,00,68,00,65,00,6c,00,6c,00,53,00,76,00,63,00,47,00,72,00,6f,00,75,00,70,\
00,00,00,53,00,63,00,68,00,65,00,64,00,75,00,6c,00,65,00,72,00,47,00,72,00,\
6f,00,75,00,70,00,00,00,53,00,70,00,6f,00,6f,00,6c,00,65,00,72,00,47,00,72,\
00,6f,00,75,00,70,00,00,00,41,00,75,00,64,00,69,00,6f,00,47,00,72,00,6f,00,\
75,00,70,00,00,00,53,00,6d,00,61,00,72,00,74,00,43,00,61,00,72,00,64,00,47,\
00,72,00,6f,00,75,00,70,00,00,00,4e,00,65,00,74,00,77,00,6f,00,72,00,6b,00,\
50,00,72,00,6f,00,76,00,69,00,64,00,65,00,72,00,00,00,52,00,65,00,6d,00,6f,\
00,74,00,65,00,56,00,61,00,6c,00,69,00,64,00,61,00,74,00,69,00,6f,00,6e,00,\
00,00,4e,00,65,00,74,00,44,00,44,00,45,00,47,00,72,00,6f,00,75,00,70,00,00,\
00,50,00,61,00,72,00,61,00,6c,00,6c,00,65,00,6c,00,20,00,61,00,72,00,62,00,\
69,00,74,00,72,00,61,00,74,00,6f,00,72,00,00,00,45,00,78,00,74,00,65,00,6e,\
00,64,00,65,00,64,00,20,00,42,00,61,00,73,00,65,00,00,00,50,00,43,00,49,00,\
20,00,43,00,6f,00,6e,00,66,00,69,00,67,00,75,00,72,00,61,00,74,00,69,00,6f,\
00,6e,00,00,00,4d,00,53,00,20,00,54,00,72,00,61,00,6e,00,73,00,61,00,63,00,\
74,00,69,00,6f,00,6e,00,73,00,00,00,00,00
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\VirtualDeviceDrivers]
; Contents of value:
; C:\PROGRA~1\Symantec\S32EVNT1.DLL
;
"VDD"=hex(7):43,00,3a,00,5c,00,50,00,52,00,4f,00,47,00,52,00,41,00,7e,00,31,00,\
5c,00,53,00,79,00,6d,00,61,00,6e,00,74,00,65,00,63,00,5c,00,53,00,33,00,32,\
00,45,00,56,00,4e,00,54,00,31,00,2e,00,44,00,4c,00,4c,00,00,00,00,00
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_CCSETMGR\0000]
"DeviceDesc"="Symantec Settings Manager"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\BackupRestore\FilesNotToBackup]
; Contents of value:
; C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsys.dll
; C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcrst.dll
;
"Symantec Core Components"=hex(7):43,00,3a,00,5c,00,50,00,72,00,6f,00,67,00,72,\
00,61,00,6d,00,20,00,46,00,69,00,6c,00,65,00,73,00,5c,00,43,00,6f,00,6d,00,\
6d,00,6f,00,6e,00,20,00,46,00,69,00,6c,00,65,00,73,00,5c,00,53,00,79,00,6d,\
00,61,00,6e,00,74,00,65,00,63,00,20,00,53,00,68,00,61,00,72,00,65,00,64,00,\
5c,00,43,00,43,00,50,00,44,00,2d,00,4c,00,43,00,5c,00,73,00,79,00,6d,00,6c,\
00,63,00,73,00,79,00,73,00,2e,00,64,00,6c,00,6c,00,00,00,43,00,3a,00,5c,00,\
50,00,72,00,6f,00,67,00,72,00,61,00,6d,00,20,00,46,00,69,00,6c,00,65,00,73,\
00,5c,00,43,00,6f,00,6d,00,6d,00,6f,00,6e,00,20,00,46,00,69,00,6c,00,65,00,\
73,00,5c,00,53,00,79,00,6d,00,61,00,6e,00,74,00,65,00,63,00,20,00,53,00,68,\
00,61,00,72,00,65,00,64,00,5c,00,43,00,43,00,50,00,44,00,2d,00,4c,00,43,00,\
5c,00,73,00,79,00,6d,00,6c,00,63,00,72,00,73,00,74,00,2e,00,64,00,6c,00,6c,\
00,00,00,00,00
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\ServiceGroupOrder]
; Contents of value:
; System Reserved
; Boot Bus Extender
; System Bus Extender
; SCSI miniport
; Port
; Primary Disk
; SCSI Class
; SCSI CDROM Class
; FSFilter Infrastructure
; FSFilter System
; FSFilter Bottom
; FSFilter Copy Protection
; FSFilter Security Enhancer
; FSFilter Open File
; FSFilter Physical Quota Management
; FSFilter Encryption
; FSFilter Compression
; FSFilter HSM
; FSFilter Cluster File System
; FSFilter System Recovery
; FSFilter Quota Management
; FSFilter Content Screener
; FSFilter Continuous Backup
; FSFilter Replication
; FSFilter Anti-Virus
; FSFilter Undelete
; FSFilter Activity Monitor
; FSFilter Top
; Filter
; Boot File System
; Base
; Pointer Port
; Keyboard Port
; Pointer Class
; Keyboard Class
; Video Init
; Video
; Video Save
; File System
; Event Log
; Streams Drivers
; NDIS Wrapper
; COM Infrastructure
; UIGroup
; LocalValidation
; PlugPlay
; PNP_TDI
; NDIS
; TDI
; Symantec Core Services
; Symantec Services
; NetBIOSGroup
; ShellSvcGroup
; SchedulerGroup
; SpoolerGroup
; AudioGroup
; SmartCardGroup
; NetworkProvider
; RemoteValidation
; NetDDEGroup
; Parallel arbitrator
; Extended Base
; PCI Configuration
; MS Transactions
;
"List"=hex(7):53,00,79,00,73,00,74,00,65,00,6d,00,20,00,52,00,65,00,73,00,65,\
00,72,00,76,00,65,00,64,00,00,00,42,00,6f,00,6f,00,74,00,20,00,42,00,75,00,\
73,00,20,00,45,00,78,00,74,00,65,00,6e,00,64,00,65,00,72,00,00,00,53,00,79,\
00,73,00,74,00,65,00,6d,00,20,00,42,00,75,00,73,00,20,00,45,00,78,00,74,00,\
65,00,6e,00,64,00,65,00,72,00,00,00,53,00,43,00,53,00,49,00,20,00,6d,00,69,\
00,6e,00,69,00,70,00,6f,00,72,00,74,00,00,00,50,00,6f,00,72,00,74,00,00,00,\
50,00,72,00,69,00,6d,00,61,00,72,00,79,00,20,00,44,00,69,00,73,00,6b,00,00,\
00,53,00,43,00,53,00,49,00,20,00,43,00,6c,00,61,00,73,00,73,00,00,00,53,00,\
43,00,53,00,49,00,20,00,43,00,44,00,52,00,4f,00,4d,00,20,00,43,00,6c,00,61,\
00,73,00,73,00,00,00,46,00,53,00,46,00,69,00,6c,00,74,00,65,00,72,00,20,00,\
49,00,6e,00,66,00,72,00,61,00,73,00,74,00,72,00,75,00,63,00,74,00,75,00,72,\
00,65,00,00,00,46,00,53,00,46,00,69,00,6c,00,74,00,65,00,72,00,20,00,53,00,\
79,00,73,00,74,00,65,00,6d,00,00,00,46,00,53,00,46,00,69,00,6c,00,74,00,65,\
00,72,00,20,00,42,00,6f,00,74,00,74,00,6f,00,6d,00,00,00,46,00,53,00,46,00,\
69,00,6c,00,74,00,65,00,72,00,20,00,43,00,6f,00,70,00,79,00,20,00,50,00,72,\
00,6f,00,74,00,65,00,63,00,74,00,69,00,6f,00,6e,00,00,00,46,00,53,00,46,00,\
69,00,6c,00,74,00,65,00,72,00,20,00,53,00,65,00,63,00,75,00,72,00,69,00,74,\
00,79,00,20,00,45,00,6e,00,68,00,61,00,6e,00,63,00,65,00,72,00,00,00,46,00,\
53,00,46,00,69,00,6c,00,74,00,65,00,72,00,20,00,4f,00,70,00,65,00,6e,00,20,\
00,46,00,69,00,6c,00,65,00,00,00,46,00,53,00,46,00,69,00,6c,00,74,00,65,00,\
72,00,20,00,50,00,68,00,79,00,73,00,69,00,63,00,61,00,6c,00,20,00,51,00,75,\
00,6f,00,74,00,61,00,20,00,4d,00,61,00,6e,00,61,00,67,00,65,00,6d,00,65,00,\
6e,00,74,00,00,00,46,00,53,00,46,00,69,00,6c,00,74,00,65,00,72,00,20,00,45,\
00,6e,00,63,00,72,00,79,00,70,00,74,00,69,00,6f,00,6e,00,00,00,46,00,53,00,\
46,00,69,00,6c,00,74,00,65,00,72,00,20,00,43,00,6f,00,6d,00,70,00,72,00,65,\
00,73,00,73,00,69,00,6f,00,6e,00,00,00,46,00,53,00,46,00,69,00,6c,00,74,00,\
65,00,72,00,20,00,48,00,53,00,4d,00,00,00,46,00,53,00,46,00,69,00,6c,00,74,\
00,65,00,72,00,20,00,43,00,6c,00,75,00,73,00,74,00,65,00,72,00,20,00,46,00,\
69,00,6c,00,65,00,20,00,53,00,79,00,73,00,74,00,65,00,6d,00,00,00,46,00,53,\
00,46,00,69,00,6c,00,74,00,65,00,72,00,20,00,53,00,79,00,73,00,74,00,65,00,\
6d,00,20,00,52,00,65,00,63,00,6f,00,76,00,65,00,72,00,79,00,00,00,46,00,53,\
00,46,00,69,00,6c,00,74,00,65,00,72,00,20,00,51,00,75,00,6f,00,74,00,61,00,\
20,00,4d,00,61,00,6e,00,61,00,67,00,65,00,6d,00,65,00,6e,00,74,00,00,00,46,\
00,53,00,46,00,69,00,6c,00,74,00,65,00,72,00,20,00,43,00,6f,00,6e,00,74,00,\
65,00,6e,00,74,00,20,00,53,00,63,00,72,00,65,00,65,00,6e,00,65,00,72,00,00,\
00,46,00,53,00,46,00,69,00,6c,00,74,00,65,00,72,00,20,00,43,00,6f,00,6e,00,\
74,00,69,00,6e,00,75,00,6f,00,75,00,73,00,20,00,42,00,61,00,63,00,6b,00,75,\
00,70,00,00,00,46,00,53,00,46,00,69,00,6c,00,74,00,65,00,72,00,20,00,52,00,\
65,00,70,00,6c,00,69,00,63,00,61,00,74,00,69,00,6f,00,6e,00,00,00,46,00,53,\
00,46,00,69,00,6c,00,74,00,65,00,72,00,20,00,41,00,6e,00,74,00,69,00,2d,00,\
56,00,69,00,72,00,75,00,73,00,00,00,46,00,53,00,46,00,69,00,6c,00,74,00,65,\
00,72,00,20,00,55,00,6e,00,64,00,65,00,6c,00,65,00,74,00,65,00,00,00,46,00,\
53,00,46,00,69,00,6c,00,74,00,65,00,72,00,20,00,41,00,63,00,74,00,69,00,76,\
00,69,00,74,00,79,00,20,00,4d,00,6f,00,6e,00,69,00,74,00,6f,00,72,00,00,00,\
46,00,53,00,46,00,69,00,6c,00,74,00,65,00,72,00,20,00,54,00,6f,00,70,00,00,\
00,46,00,69,00,6c,00,74,00,65,00,72,00,00,00,42,00,6f,00,6f,00,74,00,20,00,\
46,00,69,00,6c,00,65,00,20,00,53,00,79,00,73,00,74,00,65,00,6d,00,00,00,42,\
00,61,00,73,00,65,00,00,00,50,00,6f,00,69,00,6e,00,74,00,65,00,72,00,20,00,\
50,00,6f,00,72,00,74,00,00,00,4b,00,65,00,79,00,62,00,6f,00,61,00,72,00,64,\
00,20,00,50,00,6f,00,72,00,74,00,00,00,50,00,6f,00,69,00,6e,00,74,00,65,00,\
72,00,20,00,43,00,6c,00,61,00,73,00,73,00,00,00,4b,00,65,00,79,00,62,00,6f,\
00,61,00,72,00,64,00,20,00,43,00,6c,00,61,00,73,00,73,00,00,00,56,00,69,00,\
64,00,65,00,6f,00,20,00,49,00,6e,00,69,00,74,00,00,00,56,00,69,00,64,00,65,\
00,6f,00,00,00,56,00,69,00,64,00,65,00,6f,00,20,00,53,00,61,00,76,00,65,00,\
00,00,46,00,69,00,6c,00,65,00,20,00,53,00,79,00,73,00,74,00,65,00,6d,00,00,\
00,45,00,76,00,65,00,6e,00,74,00,20,00,4c,00,6f,00,67,00,00,00,53,00,74,00,\
72,00,65,00,61,00,6d,00,73,00,20,00,44,00,72,00,69,00,76,00,65,00,72,00,73,\
00,00,00,4e,00,44,00,49,00,53,00,20,00,57,00,72,00,61,00,70,00,70,00,65,00,\
72,00,00,00,43,00,4f,00,4d,00,20,00,49,00,6e,00,66,00,72,00,61,00,73,00,74,\
00,72,00,75,00,63,00,74,00,75,00,72,00,65,00,00,00,55,00,49,00,47,00,72,00,\
6f,00,75,00,70,00,00,00,4c,00,6f,00,63,00,61,00,6c,00,56,00,61,00,6c,00,69,\
00,64,00,61,00,74,00,69,00,6f,00,6e,00,00,00,50,00,6c,00,75,00,67,00,50,00,\
6c,00,61,00,79,00,00,00,50,00,4e,00,50,00,5f,00,54,00,44,00,49,00,00,00,4e,\
00,44,00,49,00,53,00,00,00,54,00,44,00,49,00,00,00,53,00,79,00,6d,00,61,00,\
6e,00,74,00,65,00,63,00,20,00,43,00,6f,00,72,00,65,00,20,00,53,00,65,00,72,\
00,76,00,69,00,63,00,65,00,73,00,00,00,53,00,79,00,6d,00,61,00,6e,00,74,00,\
65,00,63,00,20,00,53,00,65,00,72,00,76,00,69,00,63,00,65,00,73,00,00,00,4e,\
00,65,00,74,00,42,00,49,00,4f,00,53,00,47,00,72,00,6f,00,75,00,70,00,00,00,\
53,00,68,00,65,00,6c,00,6c,00,53,00,76,00,63,00,47,00,72,00,6f,00,75,00,70,\
00,00,00,53,00,63,00,68,00,65,00,64,00,75,00,6c,00,65,00,72,00,47,00,72,00,\
6f,00,75,00,70,00,00,00,53,00,70,00,6f,00,6f,00,6c,00,65,00,72,00,47,00,72,\
00,6f,00,75,00,70,00,00,00,41,00,75,00,64,00,69,00,6f,00,47,00,72,00,6f,00,\
75,00,70,00,00,00,53,00,6d,00,61,00,72,00,74,00,43,00,61,00,72,00,64,00,47,\
00,72,00,6f,00,75,00,70,00,00,00,4e,00,65,00,74,00,77,00,6f,00,72,00,6b,00,\
50,00,72,00,6f,00,76,00,69,00,64,00,65,00,72,00,00,00,52,00,65,00,6d,00,6f,\
00,74,00,65,00,56,00,61,00,6c,00,69,00,64,00,61,00,74,00,69,00,6f,00,6e,00,\
00,00,4e,00,65,00,74,00,44,00,44,00,45,00,47,00,72,00,6f,00,75,00,70,00,00,\
00,50,00,61,00,72,00,61,00,6c,00,6c,00,65,00,6c,00,20,00,61,00,72,00,62,00,\
69,00,74,00,72,00,61,00,74,00,6f,00,72,00,00,00,45,00,78,00,74,00,65,00,6e,\
00,64,00,65,00,64,00,20,00,42,00,61,00,73,00,65,00,00,00,50,00,43,00,49,00,\
20,00,43,00,6f,00,6e,00,66,00,69,00,67,00,75,00,72,00,61,00,74,00,69,00,6f,\
00,6e,00,00,00,4d,00,53,00,20,00,54,00,72,00,61,00,6e,00,73,00,61,00,63,00,\
74,00,69,00,6f,00,6e,00,73,00,00,00,00,00
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\VirtualDeviceDrivers]
; Contents of value:
; C:\PROGRA~1\Symantec\S32EVNT1.DLL
;
"VDD"=hex(7):43,00,3a,00,5c,00,50,00,52,00,4f,00,47,00,52,00,41,00,7e,00,31,00,\
5c,00,53,00,79,00,6d,00,61,00,6e,00,74,00,65,00,63,00,5c,00,53,00,33,00,32,\
00,45,00,56,00,4e,00,54,00,31,00,2e,00,44,00,4c,00,4c,00,00,00,00,00
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CCSETMGR\0000]
"DeviceDesc"="Symantec Settings Manager"
; End Of The Log... - axa.doe
aatu kirjoitti:
Morjesta, ja sori että mullakin kesti tässä vastauksessa... oli vähän kiireitä tuossa :)
Nortonin alkuperästä minä en uskalla sanoa mitään koska se oli tällä koneella kun ostin sen, mutta pieni aavistus on että tais olla piraatti...
mutta tässäpäs logia:
Windows Registry Editor Version 5.00
; Registry Search 2.0 by Bobbi Flekman © 2005
; Version: 2.0.5.0
; Results at 2008-02-14 19:47:32 for strings:
; 'symantec'
; Strings excluded from search:
; (None)
; Search in:
; Registry Keys Registry Values Registry Data
; HKEY_LOCAL_MACHINE HKEY_USERS
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\BackupRestore\FilesNotToBackup]
; Contents of value:
; C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsys.dll
; C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcrst.dll
;
"Symantec Core Components"=hex(7):43,00,3a,00,5c,00,50,00,72,00,6f,00,67,00,72,\
00,61,00,6d,00,20,00,46,00,69,00,6c,00,65,00,73,00,5c,00,43,00,6f,00,6d,00,\
6d,00,6f,00,6e,00,20,00,46,00,69,00,6c,00,65,00,73,00,5c,00,53,00,79,00,6d,\
00,61,00,6e,00,74,00,65,00,63,00,20,00,53,00,68,00,61,00,72,00,65,00,64,00,\
5c,00,43,00,43,00,50,00,44,00,2d,00,4c,00,43,00,5c,00,73,00,79,00,6d,00,6c,\
00,63,00,73,00,79,00,73,00,2e,00,64,00,6c,00,6c,00,00,00,43,00,3a,00,5c,00,\
50,00,72,00,6f,00,67,00,72,00,61,00,6d,00,20,00,46,00,69,00,6c,00,65,00,73,\
00,5c,00,43,00,6f,00,6d,00,6d,00,6f,00,6e,00,20,00,46,00,69,00,6c,00,65,00,\
73,00,5c,00,53,00,79,00,6d,00,61,00,6e,00,74,00,65,00,63,00,20,00,53,00,68,\
00,61,00,72,00,65,00,64,00,5c,00,43,00,43,00,50,00,44,00,2d,00,4c,00,43,00,\
5c,00,73,00,79,00,6d,00,6c,00,63,00,72,00,73,00,74,00,2e,00,64,00,6c,00,6c,\
00,00,00,00,00
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\ServiceGroupOrder]
; Contents of value:
; System Reserved
; Boot Bus Extender
; System Bus Extender
; SCSI miniport
; Port
; Primary Disk
; SCSI Class
; SCSI CDROM Class
; FSFilter Infrastructure
; FSFilter System
; FSFilter Bottom
; FSFilter Copy Protection
; FSFilter Security Enhancer
; FSFilter Open File
; FSFilter Physical Quota Management
; FSFilter Encryption
; FSFilter Compression
; FSFilter HSM
; FSFilter Cluster File System
; FSFilter System Recovery
; FSFilter Quota Management
; FSFilter Content Screener
; FSFilter Continuous Backup
; FSFilter Replication
; FSFilter Anti-Virus
; FSFilter Undelete
; FSFilter Activity Monitor
; FSFilter Top
; Filter
; Boot File System
; Base
; Pointer Port
; Keyboard Port
; Pointer Class
; Keyboard Class
; Video Init
; Video
; Video Save
; File System
; Event Log
; Streams Drivers
; NDIS Wrapper
; COM Infrastructure
; UIGroup
; LocalValidation
; PlugPlay
; PNP_TDI
; NDIS
; TDI
; Symantec Core Services
; Symantec Services
; NetBIOSGroup
; ShellSvcGroup
; SchedulerGroup
; SpoolerGroup
; AudioGroup
; SmartCardGroup
; NetworkProvider
; RemoteValidation
; NetDDEGroup
; Parallel arbitrator
; Extended Base
; PCI Configuration
; MS Transactions
;
"List"=hex(7):53,00,79,00,73,00,74,00,65,00,6d,00,20,00,52,00,65,00,73,00,65,\
00,72,00,76,00,65,00,64,00,00,00,42,00,6f,00,6f,00,74,00,20,00,42,00,75,00,\
73,00,20,00,45,00,78,00,74,00,65,00,6e,00,64,00,65,00,72,00,00,00,53,00,79,\
00,73,00,74,00,65,00,6d,00,20,00,42,00,75,00,73,00,20,00,45,00,78,00,74,00,\
65,00,6e,00,64,00,65,00,72,00,00,00,53,00,43,00,53,00,49,00,20,00,6d,00,69,\
00,6e,00,69,00,70,00,6f,00,72,00,74,00,00,00,50,00,6f,00,72,00,74,00,00,00,\
50,00,72,00,69,00,6d,00,61,00,72,00,79,00,20,00,44,00,69,00,73,00,6b,00,00,\
00,53,00,43,00,53,00,49,00,20,00,43,00,6c,00,61,00,73,00,73,00,00,00,53,00,\
43,00,53,00,49,00,20,00,43,00,44,00,52,00,4f,00,4d,00,20,00,43,00,6c,00,61,\
00,73,00,73,00,00,00,46,00,53,00,46,00,69,00,6c,00,74,00,65,00,72,00,20,00,\
49,00,6e,00,66,00,72,00,61,00,73,00,74,00,72,00,75,00,63,00,74,00,75,00,72,\
00,65,00,00,00,46,00,53,00,46,00,69,00,6c,00,74,00,65,00,72,00,20,00,53,00,\
79,00,73,00,74,00,65,00,6d,00,00,00,46,00,53,00,46,00,69,00,6c,00,74,00,65,\
00,72,00,20,00,42,00,6f,00,74,00,74,00,6f,00,6d,00,00,00,46,00,53,00,46,00,\
69,00,6c,00,74,00,65,00,72,00,20,00,43,00,6f,00,70,00,79,00,20,00,50,00,72,\
00,6f,00,74,00,65,00,63,00,74,00,69,00,6f,00,6e,00,00,00,46,00,53,00,46,00,\
69,00,6c,00,74,00,65,00,72,00,20,00,53,00,65,00,63,00,75,00,72,00,69,00,74,\
00,79,00,20,00,45,00,6e,00,68,00,61,00,6e,00,63,00,65,00,72,00,00,00,46,00,\
53,00,46,00,69,00,6c,00,74,00,65,00,72,00,20,00,4f,00,70,00,65,00,6e,00,20,\
00,46,00,69,00,6c,00,65,00,00,00,46,00,53,00,46,00,69,00,6c,00,74,00,65,00,\
72,00,20,00,50,00,68,00,79,00,73,00,69,00,63,00,61,00,6c,00,20,00,51,00,75,\
00,6f,00,74,00,61,00,20,00,4d,00,61,00,6e,00,61,00,67,00,65,00,6d,00,65,00,\
6e,00,74,00,00,00,46,00,53,00,46,00,69,00,6c,00,74,00,65,00,72,00,20,00,45,\
00,6e,00,63,00,72,00,79,00,70,00,74,00,69,00,6f,00,6e,00,00,00,46,00,53,00,\
46,00,69,00,6c,00,74,00,65,00,72,00,20,00,43,00,6f,00,6d,00,70,00,72,00,65,\
00,73,00,73,00,69,00,6f,00,6e,00,00,00,46,00,53,00,46,00,69,00,6c,00,74,00,\
65,00,72,00,20,00,48,00,53,00,4d,00,00,00,46,00,53,00,46,00,69,00,6c,00,74,\
00,65,00,72,00,20,00,43,00,6c,00,75,00,73,00,74,00,65,00,72,00,20,00,46,00,\
69,00,6c,00,65,00,20,00,53,00,79,00,73,00,74,00,65,00,6d,00,00,00,46,00,53,\
00,46,00,69,00,6c,00,74,00,65,00,72,00,20,00,53,00,79,00,73,00,74,00,65,00,\
6d,00,20,00,52,00,65,00,63,00,6f,00,76,00,65,00,72,00,79,00,00,00,46,00,53,\
00,46,00,69,00,6c,00,74,00,65,00,72,00,20,00,51,00,75,00,6f,00,74,00,61,00,\
20,00,4d,00,61,00,6e,00,61,00,67,00,65,00,6d,00,65,00,6e,00,74,00,00,00,46,\
00,53,00,46,00,69,00,6c,00,74,00,65,00,72,00,20,00,43,00,6f,00,6e,00,74,00,\
65,00,6e,00,74,00,20,00,53,00,63,00,72,00,65,00,65,00,6e,00,65,00,72,00,00,\
00,46,00,53,00,46,00,69,00,6c,00,74,00,65,00,72,00,20,00,43,00,6f,00,6e,00,\
74,00,69,00,6e,00,75,00,6f,00,75,00,73,00,20,00,42,00,61,00,63,00,6b,00,75,\
00,70,00,00,00,46,00,53,00,46,00,69,00,6c,00,74,00,65,00,72,00,20,00,52,00,\
65,00,70,00,6c,00,69,00,63,00,61,00,74,00,69,00,6f,00,6e,00,00,00,46,00,53,\
00,46,00,69,00,6c,00,74,00,65,00,72,00,20,00,41,00,6e,00,74,00,69,00,2d,00,\
56,00,69,00,72,00,75,00,73,00,00,00,46,00,53,00,46,00,69,00,6c,00,74,00,65,\
00,72,00,20,00,55,00,6e,00,64,00,65,00,6c,00,65,00,74,00,65,00,00,00,46,00,\
53,00,46,00,69,00,6c,00,74,00,65,00,72,00,20,00,41,00,63,00,74,00,69,00,76,\
00,69,00,74,00,79,00,20,00,4d,00,6f,00,6e,00,69,00,74,00,6f,00,72,00,00,00,\
46,00,53,00,46,00,69,00,6c,00,74,00,65,00,72,00,20,00,54,00,6f,00,70,00,00,\
00,46,00,69,00,6c,00,74,00,65,00,72,00,00,00,42,00,6f,00,6f,00,74,00,20,00,\
46,00,69,00,6c,00,65,00,20,00,53,00,79,00,73,00,74,00,65,00,6d,00,00,00,42,\
00,61,00,73,00,65,00,00,00,50,00,6f,00,69,00,6e,00,74,00,65,00,72,00,20,00,\
50,00,6f,00,72,00,74,00,00,00,4b,00,65,00,79,00,62,00,6f,00,61,00,72,00,64,\
00,20,00,50,00,6f,00,72,00,74,00,00,00,50,00,6f,00,69,00,6e,00,74,00,65,00,\
72,00,20,00,43,00,6c,00,61,00,73,00,73,00,00,00,4b,00,65,00,79,00,62,00,6f,\
00,61,00,72,00,64,00,20,00,43,00,6c,00,61,00,73,00,73,00,00,00,56,00,69,00,\
64,00,65,00,6f,00,20,00,49,00,6e,00,69,00,74,00,00,00,56,00,69,00,64,00,65,\
00,6f,00,00,00,56,00,69,00,64,00,65,00,6f,00,20,00,53,00,61,00,76,00,65,00,\
00,00,46,00,69,00,6c,00,65,00,20,00,53,00,79,00,73,00,74,00,65,00,6d,00,00,\
00,45,00,76,00,65,00,6e,00,74,00,20,00,4c,00,6f,00,67,00,00,00,53,00,74,00,\
72,00,65,00,61,00,6d,00,73,00,20,00,44,00,72,00,69,00,76,00,65,00,72,00,73,\
00,00,00,4e,00,44,00,49,00,53,00,20,00,57,00,72,00,61,00,70,00,70,00,65,00,\
72,00,00,00,43,00,4f,00,4d,00,20,00,49,00,6e,00,66,00,72,00,61,00,73,00,74,\
00,72,00,75,00,63,00,74,00,75,00,72,00,65,00,00,00,55,00,49,00,47,00,72,00,\
6f,00,75,00,70,00,00,00,4c,00,6f,00,63,00,61,00,6c,00,56,00,61,00,6c,00,69,\
00,64,00,61,00,74,00,69,00,6f,00,6e,00,00,00,50,00,6c,00,75,00,67,00,50,00,\
6c,00,61,00,79,00,00,00,50,00,4e,00,50,00,5f,00,54,00,44,00,49,00,00,00,4e,\
00,44,00,49,00,53,00,00,00,54,00,44,00,49,00,00,00,53,00,79,00,6d,00,61,00,\
6e,00,74,00,65,00,63,00,20,00,43,00,6f,00,72,00,65,00,20,00,53,00,65,00,72,\
00,76,00,69,00,63,00,65,00,73,00,00,00,53,00,79,00,6d,00,61,00,6e,00,74,00,\
65,00,63,00,20,00,53,00,65,00,72,00,76,00,69,00,63,00,65,00,73,00,00,00,4e,\
00,65,00,74,00,42,00,49,00,4f,00,53,00,47,00,72,00,6f,00,75,00,70,00,00,00,\
53,00,68,00,65,00,6c,00,6c,00,53,00,76,00,63,00,47,00,72,00,6f,00,75,00,70,\
00,00,00,53,00,63,00,68,00,65,00,64,00,75,00,6c,00,65,00,72,00,47,00,72,00,\
6f,00,75,00,70,00,00,00,53,00,70,00,6f,00,6f,00,6c,00,65,00,72,00,47,00,72,\
00,6f,00,75,00,70,00,00,00,41,00,75,00,64,00,69,00,6f,00,47,00,72,00,6f,00,\
75,00,70,00,00,00,53,00,6d,00,61,00,72,00,74,00,43,00,61,00,72,00,64,00,47,\
00,72,00,6f,00,75,00,70,00,00,00,4e,00,65,00,74,00,77,00,6f,00,72,00,6b,00,\
50,00,72,00,6f,00,76,00,69,00,64,00,65,00,72,00,00,00,52,00,65,00,6d,00,6f,\
00,74,00,65,00,56,00,61,00,6c,00,69,00,64,00,61,00,74,00,69,00,6f,00,6e,00,\
00,00,4e,00,65,00,74,00,44,00,44,00,45,00,47,00,72,00,6f,00,75,00,70,00,00,\
00,50,00,61,00,72,00,61,00,6c,00,6c,00,65,00,6c,00,20,00,61,00,72,00,62,00,\
69,00,74,00,72,00,61,00,74,00,6f,00,72,00,00,00,45,00,78,00,74,00,65,00,6e,\
00,64,00,65,00,64,00,20,00,42,00,61,00,73,00,65,00,00,00,50,00,43,00,49,00,\
20,00,43,00,6f,00,6e,00,66,00,69,00,67,00,75,00,72,00,61,00,74,00,69,00,6f,\
00,6e,00,00,00,4d,00,53,00,20,00,54,00,72,00,61,00,6e,00,73,00,61,00,63,00,\
74,00,69,00,6f,00,6e,00,73,00,00,00,00,00
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\VirtualDeviceDrivers]
; Contents of value:
; C:\PROGRA~1\Symantec\S32EVNT1.DLL
;
"VDD"=hex(7):43,00,3a,00,5c,00,50,00,52,00,4f,00,47,00,52,00,41,00,7e,00,31,00,\
5c,00,53,00,79,00,6d,00,61,00,6e,00,74,00,65,00,63,00,5c,00,53,00,33,00,32,\
00,45,00,56,00,4e,00,54,00,31,00,2e,00,44,00,4c,00,4c,00,00,00,00,00
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_CCSETMGR\0000]
"DeviceDesc"="Symantec Settings Manager"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\BackupRestore\FilesNotToBackup]
; Contents of value:
; C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsys.dll
; C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcrst.dll
;
"Symantec Core Components"=hex(7):43,00,3a,00,5c,00,50,00,72,00,6f,00,67,00,72,\
00,61,00,6d,00,20,00,46,00,69,00,6c,00,65,00,73,00,5c,00,43,00,6f,00,6d,00,\
6d,00,6f,00,6e,00,20,00,46,00,69,00,6c,00,65,00,73,00,5c,00,53,00,79,00,6d,\
00,61,00,6e,00,74,00,65,00,63,00,20,00,53,00,68,00,61,00,72,00,65,00,64,00,\
5c,00,43,00,43,00,50,00,44,00,2d,00,4c,00,43,00,5c,00,73,00,79,00,6d,00,6c,\
00,63,00,73,00,79,00,73,00,2e,00,64,00,6c,00,6c,00,00,00,43,00,3a,00,5c,00,\
50,00,72,00,6f,00,67,00,72,00,61,00,6d,00,20,00,46,00,69,00,6c,00,65,00,73,\
00,5c,00,43,00,6f,00,6d,00,6d,00,6f,00,6e,00,20,00,46,00,69,00,6c,00,65,00,\
73,00,5c,00,53,00,79,00,6d,00,61,00,6e,00,74,00,65,00,63,00,20,00,53,00,68,\
00,61,00,72,00,65,00,64,00,5c,00,43,00,43,00,50,00,44,00,2d,00,4c,00,43,00,\
5c,00,73,00,79,00,6d,00,6c,00,63,00,72,00,73,00,74,00,2e,00,64,00,6c,00,6c,\
00,00,00,00,00
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\ServiceGroupOrder]
; Contents of value:
; System Reserved
; Boot Bus Extender
; System Bus Extender
; SCSI miniport
; Port
; Primary Disk
; SCSI Class
; SCSI CDROM Class
; FSFilter Infrastructure
; FSFilter System
; FSFilter Bottom
; FSFilter Copy Protection
; FSFilter Security Enhancer
; FSFilter Open File
; FSFilter Physical Quota Management
; FSFilter Encryption
; FSFilter Compression
; FSFilter HSM
; FSFilter Cluster File System
; FSFilter System Recovery
; FSFilter Quota Management
; FSFilter Content Screener
; FSFilter Continuous Backup
; FSFilter Replication
; FSFilter Anti-Virus
; FSFilter Undelete
; FSFilter Activity Monitor
; FSFilter Top
; Filter
; Boot File System
; Base
; Pointer Port
; Keyboard Port
; Pointer Class
; Keyboard Class
; Video Init
; Video
; Video Save
; File System
; Event Log
; Streams Drivers
; NDIS Wrapper
; COM Infrastructure
; UIGroup
; LocalValidation
; PlugPlay
; PNP_TDI
; NDIS
; TDI
; Symantec Core Services
; Symantec Services
; NetBIOSGroup
; ShellSvcGroup
; SchedulerGroup
; SpoolerGroup
; AudioGroup
; SmartCardGroup
; NetworkProvider
; RemoteValidation
; NetDDEGroup
; Parallel arbitrator
; Extended Base
; PCI Configuration
; MS Transactions
;
"List"=hex(7):53,00,79,00,73,00,74,00,65,00,6d,00,20,00,52,00,65,00,73,00,65,\
00,72,00,76,00,65,00,64,00,00,00,42,00,6f,00,6f,00,74,00,20,00,42,00,75,00,\
73,00,20,00,45,00,78,00,74,00,65,00,6e,00,64,00,65,00,72,00,00,00,53,00,79,\
00,73,00,74,00,65,00,6d,00,20,00,42,00,75,00,73,00,20,00,45,00,78,00,74,00,\
65,00,6e,00,64,00,65,00,72,00,00,00,53,00,43,00,53,00,49,00,20,00,6d,00,69,\
00,6e,00,69,00,70,00,6f,00,72,00,74,00,00,00,50,00,6f,00,72,00,74,00,00,00,\
50,00,72,00,69,00,6d,00,61,00,72,00,79,00,20,00,44,00,69,00,73,00,6b,00,00,\
00,53,00,43,00,53,00,49,00,20,00,43,00,6c,00,61,00,73,00,73,00,00,00,53,00,\
43,00,53,00,49,00,20,00,43,00,44,00,52,00,4f,00,4d,00,20,00,43,00,6c,00,61,\
00,73,00,73,00,00,00,46,00,53,00,46,00,69,00,6c,00,74,00,65,00,72,00,20,00,\
49,00,6e,00,66,00,72,00,61,00,73,00,74,00,72,00,75,00,63,00,74,00,75,00,72,\
00,65,00,00,00,46,00,53,00,46,00,69,00,6c,00,74,00,65,00,72,00,20,00,53,00,\
79,00,73,00,74,00,65,00,6d,00,00,00,46,00,53,00,46,00,69,00,6c,00,74,00,65,\
00,72,00,20,00,42,00,6f,00,74,00,74,00,6f,00,6d,00,00,00,46,00,53,00,46,00,\
69,00,6c,00,74,00,65,00,72,00,20,00,43,00,6f,00,70,00,79,00,20,00,50,00,72,\
00,6f,00,74,00,65,00,63,00,74,00,69,00,6f,00,6e,00,00,00,46,00,53,00,46,00,\
69,00,6c,00,74,00,65,00,72,00,20,00,53,00,65,00,63,00,75,00,72,00,69,00,74,\
00,79,00,20,00,45,00,6e,00,68,00,61,00,6e,00,63,00,65,00,72,00,00,00,46,00,\
53,00,46,00,69,00,6c,00,74,00,65,00,72,00,20,00,4f,00,70,00,65,00,6e,00,20,\
00,46,00,69,00,6c,00,65,00,00,00,46,00,53,00,46,00,69,00,6c,00,74,00,65,00,\
72,00,20,00,50,00,68,00,79,00,73,00,69,00,63,00,61,00,6c,00,20,00,51,00,75,\
00,6f,00,74,00,61,00,20,00,4d,00,61,00,6e,00,61,00,67,00,65,00,6d,00,65,00,\
6e,00,74,00,00,00,46,00,53,00,46,00,69,00,6c,00,74,00,65,00,72,00,20,00,45,\
00,6e,00,63,00,72,00,79,00,70,00,74,00,69,00,6f,00,6e,00,00,00,46,00,53,00,\
46,00,69,00,6c,00,74,00,65,00,72,00,20,00,43,00,6f,00,6d,00,70,00,72,00,65,\
00,73,00,73,00,69,00,6f,00,6e,00,00,00,46,00,53,00,46,00,69,00,6c,00,74,00,\
65,00,72,00,20,00,48,00,53,00,4d,00,00,00,46,00,53,00,46,00,69,00,6c,00,74,\
00,65,00,72,00,20,00,43,00,6c,00,75,00,73,00,74,00,65,00,72,00,20,00,46,00,\
69,00,6c,00,65,00,20,00,53,00,79,00,73,00,74,00,65,00,6d,00,00,00,46,00,53,\
00,46,00,69,00,6c,00,74,00,65,00,72,00,20,00,53,00,79,00,73,00,74,00,65,00,\
6d,00,20,00,52,00,65,00,63,00,6f,00,76,00,65,00,72,00,79,00,00,00,46,00,53,\
00,46,00,69,00,6c,00,74,00,65,00,72,00,20,00,51,00,75,00,6f,00,74,00,61,00,\
20,00,4d,00,61,00,6e,00,61,00,67,00,65,00,6d,00,65,00,6e,00,74,00,00,00,46,\
00,53,00,46,00,69,00,6c,00,74,00,65,00,72,00,20,00,43,00,6f,00,6e,00,74,00,\
65,00,6e,00,74,00,20,00,53,00,63,00,72,00,65,00,65,00,6e,00,65,00,72,00,00,\
00,46,00,53,00,46,00,69,00,6c,00,74,00,65,00,72,00,20,00,43,00,6f,00,6e,00,\
74,00,69,00,6e,00,75,00,6f,00,75,00,73,00,20,00,42,00,61,00,63,00,6b,00,75,\
00,70,00,00,00,46,00,53,00,46,00,69,00,6c,00,74,00,65,00,72,00,20,00,52,00,\
65,00,70,00,6c,00,69,00,63,00,61,00,74,00,69,00,6f,00,6e,00,00,00,46,00,53,\
00,46,00,69,00,6c,00,74,00,65,00,72,00,20,00,41,00,6e,00,74,00,69,00,2d,00,\
56,00,69,00,72,00,75,00,73,00,00,00,46,00,53,00,46,00,69,00,6c,00,74,00,65,\
00,72,00,20,00,55,00,6e,00,64,00,65,00,6c,00,65,00,74,00,65,00,00,00,46,00,\
53,00,46,00,69,00,6c,00,74,00,65,00,72,00,20,00,41,00,63,00,74,00,69,00,76,\
00,69,00,74,00,79,00,20,00,4d,00,6f,00,6e,00,69,00,74,00,6f,00,72,00,00,00,\
46,00,53,00,46,00,69,00,6c,00,74,00,65,00,72,00,20,00,54,00,6f,00,70,00,00,\
00,46,00,69,00,6c,00,74,00,65,00,72,00,00,00,42,00,6f,00,6f,00,74,00,20,00,\
46,00,69,00,6c,00,65,00,20,00,53,00,79,00,73,00,74,00,65,00,6d,00,00,00,42,\
00,61,00,73,00,65,00,00,00,50,00,6f,00,69,00,6e,00,74,00,65,00,72,00,20,00,\
50,00,6f,00,72,00,74,00,00,00,4b,00,65,00,79,00,62,00,6f,00,61,00,72,00,64,\
00,20,00,50,00,6f,00,72,00,74,00,00,00,50,00,6f,00,69,00,6e,00,74,00,65,00,\
72,00,20,00,43,00,6c,00,61,00,73,00,73,00,00,00,4b,00,65,00,79,00,62,00,6f,\
00,61,00,72,00,64,00,20,00,43,00,6c,00,61,00,73,00,73,00,00,00,56,00,69,00,\
64,00,65,00,6f,00,20,00,49,00,6e,00,69,00,74,00,00,00,56,00,69,00,64,00,65,\
00,6f,00,00,00,56,00,69,00,64,00,65,00,6f,00,20,00,53,00,61,00,76,00,65,00,\
00,00,46,00,69,00,6c,00,65,00,20,00,53,00,79,00,73,00,74,00,65,00,6d,00,00,\
00,45,00,76,00,65,00,6e,00,74,00,20,00,4c,00,6f,00,67,00,00,00,53,00,74,00,\
72,00,65,00,61,00,6d,00,73,00,20,00,44,00,72,00,69,00,76,00,65,00,72,00,73,\
00,00,00,4e,00,44,00,49,00,53,00,20,00,57,00,72,00,61,00,70,00,70,00,65,00,\
72,00,00,00,43,00,4f,00,4d,00,20,00,49,00,6e,00,66,00,72,00,61,00,73,00,74,\
00,72,00,75,00,63,00,74,00,75,00,72,00,65,00,00,00,55,00,49,00,47,00,72,00,\
6f,00,75,00,70,00,00,00,4c,00,6f,00,63,00,61,00,6c,00,56,00,61,00,6c,00,69,\
00,64,00,61,00,74,00,69,00,6f,00,6e,00,00,00,50,00,6c,00,75,00,67,00,50,00,\
6c,00,61,00,79,00,00,00,50,00,4e,00,50,00,5f,00,54,00,44,00,49,00,00,00,4e,\
00,44,00,49,00,53,00,00,00,54,00,44,00,49,00,00,00,53,00,79,00,6d,00,61,00,\
6e,00,74,00,65,00,63,00,20,00,43,00,6f,00,72,00,65,00,20,00,53,00,65,00,72,\
00,76,00,69,00,63,00,65,00,73,00,00,00,53,00,79,00,6d,00,61,00,6e,00,74,00,\
65,00,63,00,20,00,53,00,65,00,72,00,76,00,69,00,63,00,65,00,73,00,00,00,4e,\
00,65,00,74,00,42,00,49,00,4f,00,53,00,47,00,72,00,6f,00,75,00,70,00,00,00,\
53,00,68,00,65,00,6c,00,6c,00,53,00,76,00,63,00,47,00,72,00,6f,00,75,00,70,\
00,00,00,53,00,63,00,68,00,65,00,64,00,75,00,6c,00,65,00,72,00,47,00,72,00,\
6f,00,75,00,70,00,00,00,53,00,70,00,6f,00,6f,00,6c,00,65,00,72,00,47,00,72,\
00,6f,00,75,00,70,00,00,00,41,00,75,00,64,00,69,00,6f,00,47,00,72,00,6f,00,\
75,00,70,00,00,00,53,00,6d,00,61,00,72,00,74,00,43,00,61,00,72,00,64,00,47,\
00,72,00,6f,00,75,00,70,00,00,00,4e,00,65,00,74,00,77,00,6f,00,72,00,6b,00,\
50,00,72,00,6f,00,76,00,69,00,64,00,65,00,72,00,00,00,52,00,65,00,6d,00,6f,\
00,74,00,65,00,56,00,61,00,6c,00,69,00,64,00,61,00,74,00,69,00,6f,00,6e,00,\
00,00,4e,00,65,00,74,00,44,00,44,00,45,00,47,00,72,00,6f,00,75,00,70,00,00,\
00,50,00,61,00,72,00,61,00,6c,00,6c,00,65,00,6c,00,20,00,61,00,72,00,62,00,\
69,00,74,00,72,00,61,00,74,00,6f,00,72,00,00,00,45,00,78,00,74,00,65,00,6e,\
00,64,00,65,00,64,00,20,00,42,00,61,00,73,00,65,00,00,00,50,00,43,00,49,00,\
20,00,43,00,6f,00,6e,00,66,00,69,00,67,00,75,00,72,00,61,00,74,00,69,00,6f,\
00,6e,00,00,00,4d,00,53,00,20,00,54,00,72,00,61,00,6e,00,73,00,61,00,63,00,\
74,00,69,00,6f,00,6e,00,73,00,00,00,00,00
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\VirtualDeviceDrivers]
; Contents of value:
; C:\PROGRA~1\Symantec\S32EVNT1.DLL
;
"VDD"=hex(7):43,00,3a,00,5c,00,50,00,52,00,4f,00,47,00,52,00,41,00,7e,00,31,00,\
5c,00,53,00,79,00,6d,00,61,00,6e,00,74,00,65,00,63,00,5c,00,53,00,33,00,32,\
00,45,00,56,00,4e,00,54,00,31,00,2e,00,44,00,4c,00,4c,00,00,00,00,00
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_CCSETMGR\0000]
"DeviceDesc"="Symantec Settings Manager"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\BackupRestore\FilesNotToBackup]
; Contents of value:
; C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsys.dll
; C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcrst.dll
;
"Symantec Core Components"=hex(7):43,00,3a,00,5c,00,50,00,72,00,6f,00,67,00,72,\
00,61,00,6d,00,20,00,46,00,69,00,6c,00,65,00,73,00,5c,00,43,00,6f,00,6d,00,\
6d,00,6f,00,6e,00,20,00,46,00,69,00,6c,00,65,00,73,00,5c,00,53,00,79,00,6d,\
00,61,00,6e,00,74,00,65,00,63,00,20,00,53,00,68,00,61,00,72,00,65,00,64,00,\
5c,00,43,00,43,00,50,00,44,00,2d,00,4c,00,43,00,5c,00,73,00,79,00,6d,00,6c,\
00,63,00,73,00,79,00,73,00,2e,00,64,00,6c,00,6c,00,00,00,43,00,3a,00,5c,00,\
50,00,72,00,6f,00,67,00,72,00,61,00,6d,00,20,00,46,00,69,00,6c,00,65,00,73,\
00,5c,00,43,00,6f,00,6d,00,6d,00,6f,00,6e,00,20,00,46,00,69,00,6c,00,65,00,\
73,00,5c,00,53,00,79,00,6d,00,61,00,6e,00,74,00,65,00,63,00,20,00,53,00,68,\
00,61,00,72,00,65,00,64,00,5c,00,43,00,43,00,50,00,44,00,2d,00,4c,00,43,00,\
5c,00,73,00,79,00,6d,00,6c,00,63,00,72,00,73,00,74,00,2e,00,64,00,6c,00,6c,\
00,00,00,00,00
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\ServiceGroupOrder]
; Contents of value:
; System Reserved
; Boot Bus Extender
; System Bus Extender
; SCSI miniport
; Port
; Primary Disk
; SCSI Class
; SCSI CDROM Class
; FSFilter Infrastructure
; FSFilter System
; FSFilter Bottom
; FSFilter Copy Protection
; FSFilter Security Enhancer
; FSFilter Open File
; FSFilter Physical Quota Management
; FSFilter Encryption
; FSFilter Compression
; FSFilter HSM
; FSFilter Cluster File System
; FSFilter System Recovery
; FSFilter Quota Management
; FSFilter Content Screener
; FSFilter Continuous Backup
; FSFilter Replication
; FSFilter Anti-Virus
; FSFilter Undelete
; FSFilter Activity Monitor
; FSFilter Top
; Filter
; Boot File System
; Base
; Pointer Port
; Keyboard Port
; Pointer Class
; Keyboard Class
; Video Init
; Video
; Video Save
; File System
; Event Log
; Streams Drivers
; NDIS Wrapper
; COM Infrastructure
; UIGroup
; LocalValidation
; PlugPlay
; PNP_TDI
; NDIS
; TDI
; Symantec Core Services
; Symantec Services
; NetBIOSGroup
; ShellSvcGroup
; SchedulerGroup
; SpoolerGroup
; AudioGroup
; SmartCardGroup
; NetworkProvider
; RemoteValidation
; NetDDEGroup
; Parallel arbitrator
; Extended Base
; PCI Configuration
; MS Transactions
;
"List"=hex(7):53,00,79,00,73,00,74,00,65,00,6d,00,20,00,52,00,65,00,73,00,65,\
00,72,00,76,00,65,00,64,00,00,00,42,00,6f,00,6f,00,74,00,20,00,42,00,75,00,\
73,00,20,00,45,00,78,00,74,00,65,00,6e,00,64,00,65,00,72,00,00,00,53,00,79,\
00,73,00,74,00,65,00,6d,00,20,00,42,00,75,00,73,00,20,00,45,00,78,00,74,00,\
65,00,6e,00,64,00,65,00,72,00,00,00,53,00,43,00,53,00,49,00,20,00,6d,00,69,\
00,6e,00,69,00,70,00,6f,00,72,00,74,00,00,00,50,00,6f,00,72,00,74,00,00,00,\
50,00,72,00,69,00,6d,00,61,00,72,00,79,00,20,00,44,00,69,00,73,00,6b,00,00,\
00,53,00,43,00,53,00,49,00,20,00,43,00,6c,00,61,00,73,00,73,00,00,00,53,00,\
43,00,53,00,49,00,20,00,43,00,44,00,52,00,4f,00,4d,00,20,00,43,00,6c,00,61,\
00,73,00,73,00,00,00,46,00,53,00,46,00,69,00,6c,00,74,00,65,00,72,00,20,00,\
49,00,6e,00,66,00,72,00,61,00,73,00,74,00,72,00,75,00,63,00,74,00,75,00,72,\
00,65,00,00,00,46,00,53,00,46,00,69,00,6c,00,74,00,65,00,72,00,20,00,53,00,\
79,00,73,00,74,00,65,00,6d,00,00,00,46,00,53,00,46,00,69,00,6c,00,74,00,65,\
00,72,00,20,00,42,00,6f,00,74,00,74,00,6f,00,6d,00,00,00,46,00,53,00,46,00,\
69,00,6c,00,74,00,65,00,72,00,20,00,43,00,6f,00,70,00,79,00,20,00,50,00,72,\
00,6f,00,74,00,65,00,63,00,74,00,69,00,6f,00,6e,00,00,00,46,00,53,00,46,00,\
69,00,6c,00,74,00,65,00,72,00,20,00,53,00,65,00,63,00,75,00,72,00,69,00,74,\
00,79,00,20,00,45,00,6e,00,68,00,61,00,6e,00,63,00,65,00,72,00,00,00,46,00,\
53,00,46,00,69,00,6c,00,74,00,65,00,72,00,20,00,4f,00,70,00,65,00,6e,00,20,\
00,46,00,69,00,6c,00,65,00,00,00,46,00,53,00,46,00,69,00,6c,00,74,00,65,00,\
72,00,20,00,50,00,68,00,79,00,73,00,69,00,63,00,61,00,6c,00,20,00,51,00,75,\
00,6f,00,74,00,61,00,20,00,4d,00,61,00,6e,00,61,00,67,00,65,00,6d,00,65,00,\
6e,00,74,00,00,00,46,00,53,00,46,00,69,00,6c,00,74,00,65,00,72,00,20,00,45,\
00,6e,00,63,00,72,00,79,00,70,00,74,00,69,00,6f,00,6e,00,00,00,46,00,53,00,\
46,00,69,00,6c,00,74,00,65,00,72,00,20,00,43,00,6f,00,6d,00,70,00,72,00,65,\
00,73,00,73,00,69,00,6f,00,6e,00,00,00,46,00,53,00,46,00,69,00,6c,00,74,00,\
65,00,72,00,20,00,48,00,53,00,4d,00,00,00,46,00,53,00,46,00,69,00,6c,00,74,\
00,65,00,72,00,20,00,43,00,6c,00,75,00,73,00,74,00,65,00,72,00,20,00,46,00,\
69,00,6c,00,65,00,20,00,53,00,79,00,73,00,74,00,65,00,6d,00,00,00,46,00,53,\
00,46,00,69,00,6c,00,74,00,65,00,72,00,20,00,53,00,79,00,73,00,74,00,65,00,\
6d,00,20,00,52,00,65,00,63,00,6f,00,76,00,65,00,72,00,79,00,00,00,46,00,53,\
00,46,00,69,00,6c,00,74,00,65,00,72,00,20,00,51,00,75,00,6f,00,74,00,61,00,\
20,00,4d,00,61,00,6e,00,61,00,67,00,65,00,6d,00,65,00,6e,00,74,00,00,00,46,\
00,53,00,46,00,69,00,6c,00,74,00,65,00,72,00,20,00,43,00,6f,00,6e,00,74,00,\
65,00,6e,00,74,00,20,00,53,00,63,00,72,00,65,00,65,00,6e,00,65,00,72,00,00,\
00,46,00,53,00,46,00,69,00,6c,00,74,00,65,00,72,00,20,00,43,00,6f,00,6e,00,\
74,00,69,00,6e,00,75,00,6f,00,75,00,73,00,20,00,42,00,61,00,63,00,6b,00,75,\
00,70,00,00,00,46,00,53,00,46,00,69,00,6c,00,74,00,65,00,72,00,20,00,52,00,\
65,00,70,00,6c,00,69,00,63,00,61,00,74,00,69,00,6f,00,6e,00,00,00,46,00,53,\
00,46,00,69,00,6c,00,74,00,65,00,72,00,20,00,41,00,6e,00,74,00,69,00,2d,00,\
56,00,69,00,72,00,75,00,73,00,00,00,46,00,53,00,46,00,69,00,6c,00,74,00,65,\
00,72,00,20,00,55,00,6e,00,64,00,65,00,6c,00,65,00,74,00,65,00,00,00,46,00,\
53,00,46,00,69,00,6c,00,74,00,65,00,72,00,20,00,41,00,63,00,74,00,69,00,76,\
00,69,00,74,00,79,00,20,00,4d,00,6f,00,6e,00,69,00,74,00,6f,00,72,00,00,00,\
46,00,53,00,46,00,69,00,6c,00,74,00,65,00,72,00,20,00,54,00,6f,00,70,00,00,\
00,46,00,69,00,6c,00,74,00,65,00,72,00,00,00,42,00,6f,00,6f,00,74,00,20,00,\
46,00,69,00,6c,00,65,00,20,00,53,00,79,00,73,00,74,00,65,00,6d,00,00,00,42,\
00,61,00,73,00,65,00,00,00,50,00,6f,00,69,00,6e,00,74,00,65,00,72,00,20,00,\
50,00,6f,00,72,00,74,00,00,00,4b,00,65,00,79,00,62,00,6f,00,61,00,72,00,64,\
00,20,00,50,00,6f,00,72,00,74,00,00,00,50,00,6f,00,69,00,6e,00,74,00,65,00,\
72,00,20,00,43,00,6c,00,61,00,73,00,73,00,00,00,4b,00,65,00,79,00,62,00,6f,\
00,61,00,72,00,64,00,20,00,43,00,6c,00,61,00,73,00,73,00,00,00,56,00,69,00,\
64,00,65,00,6f,00,20,00,49,00,6e,00,69,00,74,00,00,00,56,00,69,00,64,00,65,\
00,6f,00,00,00,56,00,69,00,64,00,65,00,6f,00,20,00,53,00,61,00,76,00,65,00,\
00,00,46,00,69,00,6c,00,65,00,20,00,53,00,79,00,73,00,74,00,65,00,6d,00,00,\
00,45,00,76,00,65,00,6e,00,74,00,20,00,4c,00,6f,00,67,00,00,00,53,00,74,00,\
72,00,65,00,61,00,6d,00,73,00,20,00,44,00,72,00,69,00,76,00,65,00,72,00,73,\
00,00,00,4e,00,44,00,49,00,53,00,20,00,57,00,72,00,61,00,70,00,70,00,65,00,\
72,00,00,00,43,00,4f,00,4d,00,20,00,49,00,6e,00,66,00,72,00,61,00,73,00,74,\
00,72,00,75,00,63,00,74,00,75,00,72,00,65,00,00,00,55,00,49,00,47,00,72,00,\
6f,00,75,00,70,00,00,00,4c,00,6f,00,63,00,61,00,6c,00,56,00,61,00,6c,00,69,\
00,64,00,61,00,74,00,69,00,6f,00,6e,00,00,00,50,00,6c,00,75,00,67,00,50,00,\
6c,00,61,00,79,00,00,00,50,00,4e,00,50,00,5f,00,54,00,44,00,49,00,00,00,4e,\
00,44,00,49,00,53,00,00,00,54,00,44,00,49,00,00,00,53,00,79,00,6d,00,61,00,\
6e,00,74,00,65,00,63,00,20,00,43,00,6f,00,72,00,65,00,20,00,53,00,65,00,72,\
00,76,00,69,00,63,00,65,00,73,00,00,00,53,00,79,00,6d,00,61,00,6e,00,74,00,\
65,00,63,00,20,00,53,00,65,00,72,00,76,00,69,00,63,00,65,00,73,00,00,00,4e,\
00,65,00,74,00,42,00,49,00,4f,00,53,00,47,00,72,00,6f,00,75,00,70,00,00,00,\
53,00,68,00,65,00,6c,00,6c,00,53,00,76,00,63,00,47,00,72,00,6f,00,75,00,70,\
00,00,00,53,00,63,00,68,00,65,00,64,00,75,00,6c,00,65,00,72,00,47,00,72,00,\
6f,00,75,00,70,00,00,00,53,00,70,00,6f,00,6f,00,6c,00,65,00,72,00,47,00,72,\
00,6f,00,75,00,70,00,00,00,41,00,75,00,64,00,69,00,6f,00,47,00,72,00,6f,00,\
75,00,70,00,00,00,53,00,6d,00,61,00,72,00,74,00,43,00,61,00,72,00,64,00,47,\
00,72,00,6f,00,75,00,70,00,00,00,4e,00,65,00,74,00,77,00,6f,00,72,00,6b,00,\
50,00,72,00,6f,00,76,00,69,00,64,00,65,00,72,00,00,00,52,00,65,00,6d,00,6f,\
00,74,00,65,00,56,00,61,00,6c,00,69,00,64,00,61,00,74,00,69,00,6f,00,6e,00,\
00,00,4e,00,65,00,74,00,44,00,44,00,45,00,47,00,72,00,6f,00,75,00,70,00,00,\
00,50,00,61,00,72,00,61,00,6c,00,6c,00,65,00,6c,00,20,00,61,00,72,00,62,00,\
69,00,74,00,72,00,61,00,74,00,6f,00,72,00,00,00,45,00,78,00,74,00,65,00,6e,\
00,64,00,65,00,64,00,20,00,42,00,61,00,73,00,65,00,00,00,50,00,43,00,49,00,\
20,00,43,00,6f,00,6e,00,66,00,69,00,67,00,75,00,72,00,61,00,74,00,69,00,6f,\
00,6e,00,00,00,4d,00,53,00,20,00,54,00,72,00,61,00,6e,00,73,00,61,00,63,00,\
74,00,69,00,6f,00,6e,00,73,00,00,00,00,00
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\VirtualDeviceDrivers]
; Contents of value:
; C:\PROGRA~1\Symantec\S32EVNT1.DLL
;
"VDD"=hex(7):43,00,3a,00,5c,00,50,00,52,00,4f,00,47,00,52,00,41,00,7e,00,31,00,\
5c,00,53,00,79,00,6d,00,61,00,6e,00,74,00,65,00,63,00,5c,00,53,00,33,00,32,\
00,45,00,56,00,4e,00,54,00,31,00,2e,00,44,00,4c,00,4c,00,00,00,00,00
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CCSETMGR\0000]
"DeviceDesc"="Symantec Settings Manager"
; End Of The Log...Nyt kokeillaan erilaista keinoa :)
Poista ensin se entinen rekisterin varmuuskopio fixsym.reg koneelta (älä tuplaklikkaa sitä!)
Seuraavana lataa http://www.xs4all.nl/~fstaal01/downloads/swreg.exe
by Bobbi Flekman ja tallenna se hakemistoon:
C:\Windows\System32\swreg.exe (Hyvin tärkeää !)
***
Sitten otetaan taas varmuuskopio rekisteristä:
Käynnistä -> Suorita -> regedit -> ok. Sitten Tiedosto -> Vie. Kirjoita sille joku nimi ja sitten Tallenna
(ja laita muistiin, mihin tallensit sen).
Avaa muistio (notepad).
-> kopioi siihen seuraava tekstin pätkä alapuolelta:
@echo off
SWReg ACL HKLM\SYSTEM\ControlSet001\Enum\Root\LEGACY_CCSETMGR /GE:F
SWReg ACL HKLM\SYSTEM\ControlSet002\Enum\Root\LEGACY_CCSETMGR /GE:F
SWReg ACL HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CCSETMGR /GE:F
exit
Tallenna teksti nimellä Fix.bat ja tiedostotyypiksi Kaikki tiedostot (All files).
Tallenna se vaikka työpöydälle tai hakemistoon mistä sen löytää helposti. Tupla-klikkaa [b]Fix.bat[/b]-tiedostoa.
Avaa muistio uudelleen.
-> Kopioi siihen seuraava tekstin pätkä alapuolelta: (älä jätä alkuun tyhää väliä)
REGEDIT4
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_CCSETMGR]
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_CCSETMGR]
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CCSETMGR]
Sitten tallenna teksti nimellä Fix.reg ja tiedostotyypiksi Kaikki tiedostot (All files).
Tallenna se vaikka työpöydälle tai hakemistoon mistä sen löytää helposti. Tupla-klikkaa Fix.reg-tiedostoa.
Aja taas CCleanerin Turhat ja rekisteri.
Käynnistä kone uudelleen!
Aja taas uusi haku regsearchillä sanalla Symantec ja lähetä tulos tänne :) - aatu
axa.doe kirjoitti:
Nyt kokeillaan erilaista keinoa :)
Poista ensin se entinen rekisterin varmuuskopio fixsym.reg koneelta (älä tuplaklikkaa sitä!)
Seuraavana lataa http://www.xs4all.nl/~fstaal01/downloads/swreg.exe
by Bobbi Flekman ja tallenna se hakemistoon:
C:\Windows\System32\swreg.exe (Hyvin tärkeää !)
***
Sitten otetaan taas varmuuskopio rekisteristä:
Käynnistä -> Suorita -> regedit -> ok. Sitten Tiedosto -> Vie. Kirjoita sille joku nimi ja sitten Tallenna
(ja laita muistiin, mihin tallensit sen).
Avaa muistio (notepad).
-> kopioi siihen seuraava tekstin pätkä alapuolelta:
@echo off
SWReg ACL HKLM\SYSTEM\ControlSet001\Enum\Root\LEGACY_CCSETMGR /GE:F
SWReg ACL HKLM\SYSTEM\ControlSet002\Enum\Root\LEGACY_CCSETMGR /GE:F
SWReg ACL HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CCSETMGR /GE:F
exit
Tallenna teksti nimellä Fix.bat ja tiedostotyypiksi Kaikki tiedostot (All files).
Tallenna se vaikka työpöydälle tai hakemistoon mistä sen löytää helposti. Tupla-klikkaa [b]Fix.bat[/b]-tiedostoa.
Avaa muistio uudelleen.
-> Kopioi siihen seuraava tekstin pätkä alapuolelta: (älä jätä alkuun tyhää väliä)
REGEDIT4
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_CCSETMGR]
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_CCSETMGR]
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CCSETMGR]
Sitten tallenna teksti nimellä Fix.reg ja tiedostotyypiksi Kaikki tiedostot (All files).
Tallenna se vaikka työpöydälle tai hakemistoon mistä sen löytää helposti. Tupla-klikkaa Fix.reg-tiedostoa.
Aja taas CCleanerin Turhat ja rekisteri.
Käynnistä kone uudelleen!
Aja taas uusi haku regsearchillä sanalla Symantec ja lähetä tulos tänne :)Terve, ja sori taas että kesti tämä vastaus... on ollu vähän kiireitä :) tässäpä logi:
Windows Registry Editor Version 5.00
; Registry Search 2.0 by Bobbi Flekman © 2005
; Version: 2.0.5.0
; Results at 2008-02-21 20:31:20 for strings:
; 'symantec'
; Strings excluded from search:
; (None)
; Search in:
; Registry Keys Registry Values Registry Data
; HKEY_LOCAL_MACHINE HKEY_USERS
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\BackupRestore\FilesNotToBackup]
; Contents of value:
; C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsys.dll
; C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcrst.dll
;
"Symantec Core Components"=hex(7):43,00,3a,00,5c,00,50,00,72,00,6f,00,67,00,72,\
00,61,00,6d,00,20,00,46,00,69,00,6c,00,65,00,73,00,5c,00,43,00,6f,00,6d,00,\
6d,00,6f,00,6e,00,20,00,46,00,69,00,6c,00,65,00,73,00,5c,00,53,00,79,00,6d,\
00,61,00,6e,00,74,00,65,00,63,00,20,00,53,00,68,00,61,00,72,00,65,00,64,00,\
5c,00,43,00,43,00,50,00,44,00,2d,00,4c,00,43,00,5c,00,73,00,79,00,6d,00,6c,\
00,63,00,73,00,79,00,73,00,2e,00,64,00,6c,00,6c,00,00,00,43,00,3a,00,5c,00,\
50,00,72,00,6f,00,67,00,72,00,61,00,6d,00,20,00,46,00,69,00,6c,00,65,00,73,\
00,5c,00,43,00,6f,00,6d,00,6d,00,6f,00,6e,00,20,00,46,00,69,00,6c,00,65,00,\
73,00,5c,00,53,00,79,00,6d,00,61,00,6e,00,74,00,65,00,63,00,20,00,53,00,68,\
00,61,00,72,00,65,00,64,00,5c,00,43,00,43,00,50,00,44,00,2d,00,4c,00,43,00,\
5c,00,73,00,79,00,6d,00,6c,00,63,00,72,00,73,00,74,00,2e,00,64,00,6c,00,6c,\
00,00,00,00,00
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\ServiceGroupOrder]
; Contents of value:
; System Reserved
; Boot Bus Extender
; System Bus Extender
; SCSI miniport
; Port
; Primary Disk
; SCSI Class
; SCSI CDROM Class
; FSFilter Infrastructure
; FSFilter System
; FSFilter Bottom
; FSFilter Copy Protection
; FSFilter Security Enhancer
; FSFilter Open File
; FSFilter Physical Quota Management
; FSFilter Encryption
; FSFilter Compression
; FSFilter HSM
; FSFilter Cluster File System
; FSFilter System Recovery
; FSFilter Quota Management
; FSFilter Content Screener
; FSFilter Continuous Backup
; FSFilter Replication
; FSFilter Anti-Virus
; FSFilter Undelete
; FSFilter Activity Monitor
; FSFilter Top
; Filter
; Boot File System
; Base
; Pointer Port
; Keyboard Port
; Pointer Class
; Keyboard Class
; Video Init
; Video
; Video Save
; File System
; Event Log
; Streams Drivers
; NDIS Wrapper
; COM Infrastructure
; UIGroup
; LocalValidation
; PlugPlay
; PNP_TDI
; NDIS
; TDI
; Symantec Core Services
; Symantec Services
; NetBIOSGroup
; ShellSvcGroup
; SchedulerGroup
; SpoolerGroup
; AudioGroup
; SmartCardGroup
; NetworkProvider
; RemoteValidation
; NetDDEGroup
; Parallel arbitrator
; Extended Base
; PCI Configuration
; MS Transactions
;
"List"=hex(7):53,00,79,00,73,00,74,00,65,00,6d,00,20,00,52,00,65,00,73,00,65,\
00,72,00,76,00,65,00,64,00,00,00,42,00,6f,00,6f,00,74,00,20,00,42,00,75,00,\
73,00,20,00,45,00,78,00,74,00,65,00,6e,00,64,00,65,00,72,00,00,00,53,00,79,\
00,73,00,74,00,65,00,6d,00,20,00,42,00,75,00,73,00,20,00,45,00,78,00,74,00,\
65,00,6e,00,64,00,65,00,72,00,00,00,53,00,43,00,53,00,49,00,20,00,6d,00,69,\
00,6e,00,69,00,70,00,6f,00,72,00,74,00,00,00,50,00,6f,00,72,00,74,00,00,00,\
50,00,72,00,69,00,6d,00,61,00,72,00,79,00,20,00,44,00,69,00,73,00,6b,00,00,\
00,53,00,43,00,53,00,49,00,20,00,43,00,6c,00,61,00,73,00,73,00,00,00,53,00,\
43,00,53,00,49,00,20,00,43,00,44,00,52,00,4f,00,4d,00,20,00,43,00,6c,00,61,\
00,73,00,73,00,00,00,46,00,53,00,46,00,69,00,6c,00,74,00,65,00,72,00,20,00,\
49,00,6e,00,66,00,72,00,61,00,73,00,74,00,72,00,75,00,63,00,74,00,75,00,72,\
00,65,00,00,00,46,00,53,00,46,00,69,00,6c,00,74,00,65,00,72,00,20,00,53,00,\
79,00,73,00,74,00,65,00,6d,00,00,00,46,00,53,00,46,00,69,00,6c,00,74,00,65,\
00,72,00,20,00,42,00,6f,00,74,00,74,00,6f,00,6d,00,00,00,46,00,53,00,46,00,\
69,00,6c,00,74,00,65,00,72,00,20,00,43,00,6f,00,70,00,79,00,20,00,50,00,72,\
00,6f,00,74,00,65,00,63,00,74,00,69,00,6f,00,6e,00,00,00,46,00,53,00,46,00,\
69,00,6c,00,74,00,65,00,72,00,20,00,53,00,65,00,63,00,75,00,72,00,69,00,74,\
00,79,00,20,00,45,00,6e,00,68,00,61,00,6e,00,63,00,65,00,72,00,00,00,46,00,\
53,00,46,00,69,00,6c,00,74,00,65,00,72,00,20,00,4f,00,70,00,65,00,6e,00,20,\
00,46,00,69,00,6c,00,65,00,00,00,46,00,53,00,46,00,69,00,6c,00,74,00,65,00,\
72,00,20,00,50,00,68,00,79,00,73,00,69,00,63,00,61,00,6c,00,20,00,51,00,75,\
00,6f,00,74,00,61,00,20,00,4d,00,61,00,6e,00,61,00,67,00,65,00,6d,00,65,00,\
6e,00,74,00,00,00,46,00,53,00,46,00,69,00,6c,00,74,00,65,00,72,00,20,00,45,\
00,6e,00,63,00,72,00,79,00,70,00,74,00,69,00,6f,00,6e,00,00,00,46,00,53,00,\
46,00,69,00,6c,00,74,00,65,00,72,00,20,00,43,00,6f,00,6d,00,70,00,72,00,65,\
00,73,00,73,00,69,00,6f,00,6e,00,00,00,46,00,53,00,46,00,69,00,6c,00,74,00,\
65,00,72,00,20,00,48,00,53,00,4d,00,00,00,46,00,53,00,46,00,69,00,6c,00,74,\
00,65,00,72,00,20,00,43,00,6c,00,75,00,73,00,74,00,65,00,72,00,20,00,46,00,\
69,00,6c,00,65,00,20,00,53,00,79,00,73,00,74,00,65,00,6d,00,00,00,46,00,53,\
00,46,00,69,00,6c,00,74,00,65,00,72,00,20,00,53,00,79,00,73,00,74,00,65,00,\
6d,00,20,00,52,00,65,00,63,00,6f,00,76,00,65,00,72,00,79,00,00,00,46,00,53,\
00,46,00,69,00,6c,00,74,00,65,00,72,00,20,00,51,00,75,00,6f,00,74,00,61,00,\
20,00,4d,00,61,00,6e,00,61,00,67,00,65,00,6d,00,65,00,6e,00,74,00,00,00,46,\
00,53,00,46,00,69,00,6c,00,74,00,65,00,72,00,20,00,43,00,6f,00,6e,00,74,00,\
65,00,6e,00,74,00,20,00,53,00,63,00,72,00,65,00,65,00,6e,00,65,00,72,00,00,\
00,46,00,53,00,46,00,69,00,6c,00,74,00,65,00,72,00,20,00,43,00,6f,00,6e,00,\
74,00,69,00,6e,00,75,00,6f,00,75,00,73,00,20,00,42,00,61,00,63,00,6b,00,75,\
00,70,00,00,00,46,00,53,00,46,00,69,00,6c,00,74,00,65,00,72,00,20,00,52,00,\
65,00,70,00,6c,00,69,00,63,00,61,00,74,00,69,00,6f,00,6e,00,00,00,46,00,53,\
00,46,00,69,00,6c,00,74,00,65,00,72,00,20,00,41,00,6e,00,74,00,69,00,2d,00,\
56,00,69,00,72,00,75,00,73,00,00,00,46,00,53,00,46,00,69,00,6c,00,74,00,65,\
00,72,00,20,00,55,00,6e,00,64,00,65,00,6c,00,65,00,74,00,65,00,00,00,46,00,\
53,00,46,00,69,00,6c,00,74,00,65,00,72,00,20,00,41,00,63,00,74,00,69,00,76,\
00,69,00,74,00,79,00,20,00,4d,00,6f,00,6e,00,69,00,74,00,6f,00,72,00,00,00,\
46,00,53,00,46,00,69,00,6c,00,74,00,65,00,72,00,20,00,54,00,6f,00,70,00,00,\
00,46,00,69,00,6c,00,74,00,65,00,72,00,00,00,42,00,6f,00,6f,00,74,00,20,00,\
46,00,69,00,6c,00,65,00,20,00,53,00,79,00,73,00,74,00,65,00,6d,00,00,00,42,\
00,61,00,73,00,65,00,00,00,50,00,6f,00,69,00,6e,00,74,00,65,00,72,00,20,00,\
50,00,6f,00,72,00,74,00,00,00,4b,00,65,00,79,00,62,00,6f,00,61,00,72,00,64,\
00,20,00,50,00,6f,00,72,00,74,00,00,00,50,00,6f,00,69,00,6e,00,74,00,65,00,\
72,00,20,00,43,00,6c,00,61,00,73,00,73,00,00,00,4b,00,65,00,79,00,62,00,6f,\
00,61,00,72,00,64,00,20,00,43,00,6c,00,61,00,73,00,73,00,00,00,56,00,69,00,\
64,00,65,00,6f,00,20,00,49,00,6e,00,69,00,74,00,00,00,56,00,69,00,64,00,65,\
00,6f,00,00,00,56,00,69,00,64,00,65,00,6f,00,20,00,53,00,61,00,76,00,65,00,\
00,00,46,00,69,00,6c,00,65,00,20,00,53,00,79,00,73,00,74,00,65,00,6d,00,00,\
00,45,00,76,00,65,00,6e,00,74,00,20,00,4c,00,6f,00,67,00,00,00,53,00,74,00,\
72,00,65,00,61,00,6d,00,73,00,20,00,44,00,72,00,69,00,76,00,65,00,72,00,73,\
00,00,00,4e,00,44,00,49,00,53,00,20,00,57,00,72,00,61,00,70,00,70,00,65,00,\
72,00,00,00,43,00,4f,00,4d,00,20,00,49,00,6e,00,66,00,72,00,61,00,73,00,74,\
00,72,00,75,00,63,00,74,00,75,00,72,00,65,00,00,00,55,00,49,00,47,00,72,00,\
6f,00,75,00,70,00,00,00,4c,00,6f,00,63,00,61,00,6c,00,56,00,61,00,6c,00,69,\
00,64,00,61,00,74,00,69,00,6f,00,6e,00,00,00,50,00,6c,00,75,00,67,00,50,00,\
6c,00,61,00,79,00,00,00,50,00,4e,00,50,00,5f,00,54,00,44,00,49,00,00,00,4e,\
00,44,00,49,00,53,00,00,00,54,00,44,00,49,00,00,00,53,00,79,00,6d,00,61,00,\
6e,00,74,00,65,00,63,00,20,00,43,00,6f,00,72,00,65,00,20,00,53,00,65,00,72,\
00,76,00,69,00,63,00,65,00,73,00,00,00,53,00,79,00,6d,00,61,00,6e,00,74,00,\
65,00,63,00,20,00,53,00,65,00,72,00,76,00,69,00,63,00,65,00,73,00,00,00,4e,\
00,65,00,74,00,42,00,49,00,4f,00,53,00,47,00,72,00,6f,00,75,00,70,00,00,00,\
53,00,68,00,65,00,6c,00,6c,00,53,00,76,00,63,00,47,00,72,00,6f,00,75,00,70,\
00,00,00,53,00,63,00,68,00,65,00,64,00,75,00,6c,00,65,00,72,00,47,00,72,00,\
6f,00,75,00,70,00,00,00,53,00,70,00,6f,00,6f,00,6c,00,65,00,72,00,47,00,72,\
00,6f,00,75,00,70,00,00,00,41,00,75,00,64,00,69,00,6f,00,47,00,72,00,6f,00,\
75,00,70,00,00,00,53,00,6d,00,61,00,72,00,74,00,43,00,61,00,72,00,64,00,47,\
00,72,00,6f,00,75,00,70,00,00,00,4e,00,65,00,74,00,77,00,6f,00,72,00,6b,00,\
50,00,72,00,6f,00,76,00,69,00,64,00,65,00,72,00,00,00,52,00,65,00,6d,00,6f,\
00,74,00,65,00,56,00,61,00,6c,00,69,00,64,00,61,00,74,00,69,00,6f,00,6e,00,\
00,00,4e,00,65,00,74,00,44,00,44,00,45,00,47,00,72,00,6f,00,75,00,70,00,00,\
00,50,00,61,00,72,00,61,00,6c,00,6c,00,65,00,6c,00,20,00,61,00,72,00,62,00,\
69,00,74,00,72,00,61,00,74,00,6f,00,72,00,00,00,45,00,78,00,74,00,65,00,6e,\
00,64,00,65,00,64,00,20,00,42,00,61,00,73,00,65,00,00,00,50,00,43,00,49,00,\
20,00,43,00,6f,00,6e,00,66,00,69,00,67,00,75,00,72,00,61,00,74,00,69,00,6f,\
00,6e,00,00,00,4d,00,53,00,20,00,54,00,72,00,61,00,6e,00,73,00,61,00,63,00,\
74,00,69,00,6f,00,6e,00,73,00,00,00,00,00
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\VirtualDeviceDrivers]
; Contents of value:
; C:\PROGRA~1\Symantec\S32EVNT1.DLL
;
"VDD"=hex(7):43,00,3a,00,5c,00,50,00,52,00,4f,00,47,00,52,00,41,00,7e,00,31,00,\
5c,00,53,00,79,00,6d,00,61,00,6e,00,74,00,65,00,63,00,5c,00,53,00,33,00,32,\
00,45,00,56,00,4e,00,54,00,31,00,2e,00,44,00,4c,00,4c,00,00,00,00,00
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\BackupRestore\FilesNotToBackup]
; Contents of value:
; C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsys.dll
; C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcrst.dll
;
"Symantec Core Components"=hex(7):43,00,3a,00,5c,00,50,00,72,00,6f,00,67,00,72,\
00,61,00,6d,00,20,00,46,00,69,00,6c,00,65,00,73,00,5c,00,43,00,6f,00,6d,00,\
6d,00,6f,00,6e,00,20,00,46,00,69,00,6c,00,65,00,73,00,5c,00,53,00,79,00,6d,\
00,61,00,6e,00,74,00,65,00,63,00,20,00,53,00,68,00,61,00,72,00,65,00,64,00,\
5c,00,43,00,43,00,50,00,44,00,2d,00,4c,00,43,00,5c,00,73,00,79,00,6d,00,6c,\
00,63,00,73,00,79,00,73,00,2e,00,64,00,6c,00,6c,00,00,00,43,00,3a,00,5c,00,\
50,00,72,00,6f,00,67,00,72,00,61,00,6d,00,20,00,46,00,69,00,6c,00,65,00,73,\
00,5c,00,43,00,6f,00,6d,00,6d,00,6f,00,6e,00,20,00,46,00,69,00,6c,00,65,00,\
73,00,5c,00,53,00,79,00,6d,00,61,00,6e,00,74,00,65,00,63,00,20,00,53,00,68,\
00,61,00,72,00,65,00,64,00,5c,00,43,00,43,00,50,00,44,00,2d,00,4c,00,43,00,\
5c,00,73,00,79,00,6d,00,6c,00,63,00,72,00,73,00,74,00,2e,00,64,00,6c,00,6c,\
00,00,00,00,00
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\ServiceGroupOrder]
; Contents of value:
; System Reserved
; Boot Bus Extender
; System Bus Extender
; SCSI miniport
; Port
; Primary Disk
; SCSI Class
; SCSI CDROM Class
; FSFilter Infrastructure
; FSFilter System
; FSFilter Bottom
; FSFilter Copy Protection
; FSFilter Security Enhancer
; FSFilter Open File
; FSFilter Physical Quota Management
; FSFilter Encryption
; FSFilter Compression
; FSFilter HSM
; FSFilter Cluster File System
; FSFilter System Recovery
; FSFilter Quota Management
; FSFilter Content Screener
; FSFilter Continuous Backup
; FSFilter Replication
; FSFilter Anti-Virus
; FSFilter Undelete
; FSFilter Activity Monitor
; FSFilter Top
; Filter
; Boot File System
; Base
; Pointer Port
; Keyboard Port
; Pointer Class
; Keyboard Class
; Video Init
; Video
; Video Save
; File System
; Event Log
; Streams Drivers
; NDIS Wrapper
; COM Infrastructure
; UIGroup
; LocalValidation
; PlugPlay
; PNP_TDI
; NDIS
; TDI
; Symantec Core Services
; Symantec Services
; NetBIOSGroup
; ShellSvcGroup
; SchedulerGroup
; SpoolerGroup
; AudioGroup
; SmartCardGroup
; NetworkProvider
; RemoteValidation
; NetDDEGroup
; Parallel arbitrator
; Extended Base
; PCI Configuration
; MS Transactions
;
"List"=hex(7):53,00,79,00,73,00,74,00,65,00,6d,00,20,00,52,00,65,00,73,00,65,\
00,72,00,76,00,65,00,64,00,00,00,42,00,6f,00,6f,00,74,00,20,00,42,00,75,00,\
73,00,20,00,45,00,78,00,74,00,65,00,6e,00,64,00,65,00,72,00,00,00,53,00,79,\
00,73,00,74,00,65,00,6d,00,20,00,42,00,75,00,73,00,20,00,45,00,78,00,74,00,\
65,00,6e,00,64,00,65,00,72,00,00,00,53,00,43,00,53,00,49,00,20,00,6d,00,69,\
00,6e,00,69,00,70,00,6f,00,72,00,74,00,00,00,50,00,6f,00,72,00,74,00,00,00,\
50,00,72,00,69,00,6d,00,61,00,72,00,79,00,20,00,44,00,69,00,73,00,6b,00,00,\
00,53,00,43,00,53,00,49,00,20,00,43,00,6c,00,61,00,73,00,73,00,00,00,53,00,\
43,00,53,00,49,00,20,00,43,00,44,00,52,00,4f,00,4d,00,20,00,43,00,6c,00,61,\
00,73,00,73,00,00,00,46,00,53,00,46,00,69,00,6c,00,74,00,65,00,72,00,20,00,\
49,00,6e,00,66,00,72,00,61,00,73,00,74,00,72,00,75,00,63,00,74,00,75,00,72,\
00,65,00,00,00,46,00,53,00,46,00,69,00,6c,00,74,00,65,00,72,00,20,00,53,00,\
79,00,73,00,74,00,65,00,6d,00,00,00,46,00,53,00,46,00,69,00,6c,00,74,00,65,\
00,72,00,20,00,42,00,6f,00,74,00,74,00,6f,00,6d,00,00,00,46,00,53,00,46,00,\
69,00,6c,00,74,00,65,00,72,00,20,00,43,00,6f,00,70,00,79,00,20,00,50,00,72,\
00,6f,00,74,00,65,00,63,00,74,00,69,00,6f,00,6e,00,00,00,46,00,53,00,46,00,\
69,00,6c,00,74,00,65,00,72,00,20,00,53,00,65,00,63,00,75,00,72,00,69,00,74,\
00,79,00,20,00,45,00,6e,00,68,00,61,00,6e,00,63,00,65,00,72,00,00,00,46,00,\
53,00,46,00,69,00,6c,00,74,00,65,00,72,00,20,00,4f,00,70,00,65,00,6e,00,20,\
00,46,00,69,00,6c,00,65,00,00,00,46,00,53,00,46,00,69,00,6c,00,74,00,65,00,\
72,00,20,00,50,00,68,00,79,00,73,00,69,00,63,00,61,00,6c,00,20,00,51,00,75,\
00,6f,00,74,00,61,00,20,00,4d,00,61,00,6e,00,61,00,67,00,65,00,6d,00,65,00,\
6e,00,74,00,00,00,46,00,53,00,46,00,69,00,6c,00,74,00,65,00,72,00,20,00,45,\
00,6e,00,63,00,72,00,79,00,70,00,74,00,69,00,6f,00,6e,00,00,00,46,00,53,00,\
46,00,69,00,6c,00,74,00,65,00,72,00,20,00,43,00,6f,00,6d,00,70,00,72,00,65,\
00,73,00,73,00,69,00,6f,00,6e,00,00,00,46,00,53,00,46,00,69,00,6c,00,74,00,\
65,00,72,00,20,00,48,00,53,00,4d,00,00,00,46,00,53,00,46,00,69,00,6c,00,74,\
00,65,00,72,00,20,00,43,00,6c,00,75,00,73,00,74,00,65,00,72,00,20,00,46,00,\
69,00,6c,00,65,00,20,00,53,00,79,00,73,00,74,00,65,00,6d,00,00,00,46,00,53,\
00,46,00,69,00,6c,00,74,00,65,00,72,00,20,00,53,00,79,00,73,00,74,00,65,00,\
6d,00,20,00,52,00,65,00,63,00,6f,00,76,00,65,00,72,00,79,00,00,00,46,00,53,\
00,46,00,69,00,6c,00,74,00,65,00,72,00,20,00,51,00,75,00,6f,00,74,00,61,00,\
20,00,4d,00,61,00,6e,00,61,00,67,00,65,00,6d,00,65,00,6e,00,74,00,00,00,46,\
00,53,00,46,00,69,00,6c,00,74,00,65,00,72,00,20,00,43,00,6f,00,6e,00,74,00,\
65,00,6e,00,74,00,20,00,53,00,63,00,72,00,65,00,65,00,6e,00,65,00,72,00,00,\
00,46,00,53,00,46,00,69,00,6c,00,74,00,65,00,72,00,20,00,43,00,6f,00,6e,00,\
74,00,69,00,6e,00,75,00,6f,00,75,00,73,00,20,00,42,00,61,00,63,00,6b,00,75,\
00,70,00,00,00,46,00,53,00,46,00,69,00,6c,00,74,00,65,00,72,00,20,00,52,00,\
65,00,70,00,6c,00,69,00,63,00,61,00,74,00,69,00,6f,00,6e,00,00,00,46,00,53,\
00,46,00,69,00,6c,00,74,00,65,00,72,00,20,00,41,00,6e,00,74,00,69,00,2d,00,\
56,00,69,00,72,00,75,00,73,00,00,00,46,00,53,00,46,00,69,00,6c,00,74,00,65,\
00,72,00,20,00,55,00,6e,00,64,00,65,00,6c,00,65,00,74,00,65,00,00,00,46,00,\
53,00,46,00,69,00,6c,00,74,00,65,00,72,00,20,00,41,00,63,00,74,00,69,00,76,\
00,69,00,74,00,79,00,20,00,4d,00,6f,00,6e,00,69,00,74,00,6f,00,72,00,00,00,\
46,00,53,00,46,00,69,00,6c,00,74,00,65,00,72,00,20,00,54,00,6f,00,70,00,00,\
00,46,00,69,00,6c,00,74,00,65,00,72,00,00,00,42,00,6f,00,6f,00,74,00,20,00,\
46,00,69,00,6c,00,65,00,20,00,53,00,79,00,73,00,74,00,65,00,6d,00,00,00,42,\
00,61,00,73,00,65,00,00,00,50,00,6f,00,69,00,6e,00,74,00,65,00,72,00,20,00,\
50,00,6f,00,72,00,74,00,00,00,4b,00,65,00,79,00,62,00,6f,00,61,00,72,00,64,\
00,20,00,50,00,6f,00,72,00,74,00,00,00,50,00,6f,00,69,00,6e,00,74,00,65,00,\
72,00,20,00,43,00,6c,00,61,00,73,00,73,00,00,00,4b,00,65,00,79,00,62,00,6f,\
00,61,00,72,00,64,00,20,00,43,00,6c,00,61,00,73,00,73,00,00,00,56,00,69,00,\
64,00,65,00,6f,00,20,00,49,00,6e,00,69,00,74,00,00,00,56,00,69,00,64,00,65,\
00,6f,00,00,00,56,00,69,00,64,00,65,00,6f,00,20,00,53,00,61,00,76,00,65,00,\
00,00,46,00,69,00,6c,00,65,00,20,00,53,00,79,00,73,00,74,00,65,00,6d,00,00,\
00,45,00,76,00,65,00,6e,00,74,00,20,00,4c,00,6f,00,67,00,00,00,53,00,74,00,\
72,00,65,00,61,00,6d,00,73,00,20,00,44,00,72,00,69,00,76,00,65,00,72,00,73,\
00,00,00,4e,00,44,00,49,00,53,00,20,00,57,00,72,00,61,00,70,00,70,00,65,00,\
72,00,00,00,43,00,4f,00,4d,00,20,00,49,00,6e,00,66,00,72,00,61,00,73,00,74,\
00,72,00,75,00,63,00,74,00,75,00,72,00,65,00,00,00,55,00,49,00,47,00,72,00,\
6f,00,75,00,70,00,00,00,4c,00,6f,00,63,00,61,00,6c,00,56,00,61,00,6c,00,69,\
00,64,00,61,00,74,00,69,00,6f,00,6e,00,00,00,50,00,6c,00,75,00,67,00,50,00,\
6c,00,61,00,79,00,00,00,50,00,4e,00,50,00,5f,00,54,00,44,00,49,00,00,00,4e,\
00,44,00,49,00,53,00,00,00,54,00,44,00,49,00,00,00,53,00,79,00,6d,00,61,00,\
6e,00,74,00,65,00,63,00,20,00,43,00,6f,00,72,00,65,00,20,00,53,00,65,00,72,\
00,76,00,69,00,63,00,65,00,73,00,00,00,53,00,79,00,6d,00,61,00,6e,00,74,00,\
65,00,63,00,20,00,53,00,65,00,72,00,76,00,69,00,63,00,65,00,73,00,00,00,4e,\
00,65,00,74,00,42,00,49,00,4f,00,53,00,47,00,72,00,6f,00,75,00,70,00,00,00,\
53,00,68,00,65,00,6c,00,6c,00,53,00,76,00,63,00,47,00,72,00,6f,00,75,00,70,\
00,00,00,53,00,63,00,68,00,65,00,64,00,75,00,6c,00,65,00,72,00,47,00,72,00,\
6f,00,75,00,70,00,00,00,53,00,70,00,6f,00,6f,00,6c,00,65,00,72,00,47,00,72,\
00,6f,00,75,00,70,00,00,00,41,00,75,00,64,00,69,00,6f,00,47,00,72,00,6f,00,\
75,00,70,00,00,00,53,00,6d,00,61,00,72,00,74,00,43,00,61,00,72,00,64,00,47,\
00,72,00,6f,00,75,00,70,00,00,00,4e,00,65,00,74,00,77,00,6f,00,72,00,6b,00,\
50,00,72,00,6f,00,76,00,69,00,64,00,65,00,72,00,00,00,52,00,65,00,6d,00,6f,\
00,74,00,65,00,56,00,61,00,6c,00,69,00,64,00,61,00,74,00,69,00,6f,00,6e,00,\
00,00,4e,00,65,00,74,00,44,00,44,00,45,00,47,00,72,00,6f,00,75,00,70,00,00,\
00,50,00,61,00,72,00,61,00,6c,00,6c,00,65,00,6c,00,20,00,61,00,72,00,62,00,\
69,00,74,00,72,00,61,00,74,00,6f,00,72,00,00,00,45,00,78,00,74,00,65,00,6e,\
00,64,00,65,00,64,00,20,00,42,00,61,00,73,00,65,00,00,00,50,00,43,00,49,00,\
20,00,43,00,6f,00,6e,00,66,00,69,00,67,00,75,00,72,00,61,00,74,00,69,00,6f,\
00,6e,00,00,00,4d,00,53,00,20,00,54,00,72,00,61,00,6e,00,73,00,61,00,63,00,\
74,00,69,00,6f,00,6e,00,73,00,00,00,00,00
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\VirtualDeviceDrivers]
; Contents of value:
; C:\PROGRA~1\Symantec\S32EVNT1.DLL
;
"VDD"=hex(7):43,00,3a,00,5c,00,50,00,52,00,4f,00,47,00,52,00,41,00,7e,00,31,00,\
5c,00,53,00,79,00,6d,00,61,00,6e,00,74,00,65,00,63,00,5c,00,53,00,33,00,32,\
00,45,00,56,00,4e,00,54,00,31,00,2e,00,44,00,4c,00,4c,00,00,00,00,00
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\BackupRestore\FilesNotToBackup]
; Contents of value:
; C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsys.dll
; C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcrst.dll
;
"Symantec Core Components"=hex(7):43,00,3a,00,5c,00,50,00,72,00,6f,00,67,00,72,\
00,61,00,6d,00,20,00,46,00,69,00,6c,00,65,00,73,00,5c,00,43,00,6f,00,6d,00,\
6d,00,6f,00,6e,00,20,00,46,00,69,00,6c,00,65,00,73,00,5c,00,53,00,79,00,6d,\
00,61,00,6e,00,74,00,65,00,63,00,20,00,53,00,68,00,61,00,72,00,65,00,64,00,\
5c,00,43,00,43,00,50,00,44,00,2d,00,4c,00,43,00,5c,00,73,00,79,00,6d,00,6c,\
00,63,00,73,00,79,00,73,00,2e,00,64,00,6c,00,6c,00,00,00,43,00,3a,00,5c,00,\
50,00,72,00,6f,00,67,00,72,00,61,00,6d,00,20,00,46,00,69,00,6c,00,65,00,73,\
00,5c,00,43,00,6f,00,6d,00,6d,00,6f,00,6e,00,20,00,46,00,69,00,6c,00,65,00,\
73,00,5c,00,53,00,79,00,6d,00,61,00,6e,00,74,00,65,00,63,00,20,00,53,00,68,\
00,61,00,72,00,65,00,64,00,5c,00,43,00,43,00,50,00,44,00,2d,00,4c,00,43,00,\
5c,00,73,00,79,00,6d,00,6c,00,63,00,72,00,73,00,74,00,2e,00,64,00,6c,00,6c,\
00,00,00,00,00
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\ServiceGroupOrder]
; Contents of value:
; System Reserved
; Boot Bus Extender
; System Bus Extender
; SCSI miniport
; Port
; Primary Disk
; SCSI Class
; SCSI CDROM Class
; FSFilter Infrastructure
; FSFilter System
; FSFilter Bottom
; FSFilter Copy Protection
; FSFilter Security Enhancer
; FSFilter Open File
; FSFilter Physical Quota Management
; FSFilter Encryption
; FSFilter Compression
; FSFilter HSM
; FSFilter Cluster File System
; FSFilter System Recovery
; FSFilter Quota Management
; FSFilter Content Screener
; FSFilter Continuous Backup
; FSFilter Replication
; FSFilter Anti-Virus
; FSFilter Undelete
; FSFilter Activity Monitor
; FSFilter Top
; Filter
; Boot File System
; Base
; Pointer Port
; Keyboard Port
; Pointer Class
; Keyboard Class
; Video Init
; Video
; Video Save
; File System
; Event Log
; Streams Drivers
; NDIS Wrapper
; COM Infrastructure
; UIGroup
; LocalValidation
; PlugPlay
; PNP_TDI
; NDIS
; TDI
; Symantec Core Services
; Symantec Services
; NetBIOSGroup
; ShellSvcGroup
; SchedulerGroup
; SpoolerGroup
; AudioGroup
; SmartCardGroup
; NetworkProvider
; RemoteValidation
; NetDDEGroup
; Parallel arbitrator
; Extended Base
; PCI Configuration
; MS Transactions
;
"List"=hex(7):53,00,79,00,73,00,74,00,65,00,6d,00,20,00,52,00,65,00,73,00,65,\
00,72,00,76,00,65,00,64,00,00,00,42,00,6f,00,6f,00,74,00,20,00,42,00,75,00,\
73,00,20,00,45,00,78,00,74,00,65,00,6e,00,64,00,65,00,72,00,00,00,53,00,79,\
00,73,00,74,00,65,00,6d,00,20,00,42,00,75,00,73,00,20,00,45,00,78,00,74,00,\
65,00,6e,00,64,00,65,00,72,00,00,00,53,00,43,00,53,00,49,00,20,00,6d,00,69,\
00,6e,00,69,00,70,00,6f,00,72,00,74,00,00,00,50,00,6f,00,72,00,74,00,00,00,\
50,00,72,00,69,00,6d,00,61,00,72,00,79,00,20,00,44,00,69,00,73,00,6b,00,00,\
00,53,00,43,00,53,00,49,00,20,00,43,00,6c,00,61,00,73,00,73,00,00,00,53,00,\
43,00,53,00,49,00,20,00,43,00,44,00,52,00,4f,00,4d,00,20,00,43,00,6c,00,61,\
00,73,00,73,00,00,00,46,00,53,00,46,00,69,00,6c,00,74,00,65,00,72,00,20,00,\
49,00,6e,00,66,00,72,00,61,00,73,00,74,00,72,00,75,00,63,00,74,00,75,00,72,\
00,65,00,00,00,46,00,53,00,46,00,69,00,6c,00,74,00,65,00,72,00,20,00,53,00,\
79,00,73,00,74,00,65,00,6d,00,00,00,46,00,53,00,46,00,69,00,6c,00,74,00,65,\
00,72,00,20,00,42,00,6f,00,74,00,74,00,6f,00,6d,00,00,00,46,00,53,00,46,00,\
69,00,6c,00,74,00,65,00,72,00,20,00,43,00,6f,00,70,00,79,00,20,00,50,00,72,\
00,6f,00,74,00,65,00,63,00,74,00,69,00,6f,00,6e,00,00,00,46,00,53,00,46,00,\
69,00,6c,00,74,00,65,00,72,00,20,00,53,00,65,00,63,00,75,00,72,00,69,00,74,\
00,79,00,20,00,45,00,6e,00,68,00,61,00,6e,00,63,00,65,00,72,00,00,00,46,00,\
53,00,46,00,69,00,6c,00,74,00,65,00,72,00,20,00,4f,00,70,00,65,00,6e,00,20,\
00,46,00,69,00,6c,00,65,00,00,00,46,00,53,00,46,00,69,00,6c,00,74,00,65,00,\
72,00,20,00,50,00,68,00,79,00,73,00,69,00,63,00,61,00,6c,00,20,00,51,00,75,\
00,6f,00,74,00,61,00,20,00,4d,00,61,00,6e,00,61,00,67,00,65,00,6d,00,65,00,\
6e,00,74,00,00,00,46,00,53,00,46,00,69,00,6c,00,74,00,65,00,72,00,20,00,45,\
00,6e,00,63,00,72,00,79,00,70,00,74,00,69,00,6f,00,6e,00,00,00,46,00,53,00,\
46,00,69,00,6c,00,74,00,65,00,72,00,20,00,43,00,6f,00,6d,00,70,00,72,00,65,\
00,73,00,73,00,69,00,6f,00,6e,00,00,00,46,00,53,00,46,00,69,00,6c,00,74,00,\
65,00,72,00,20,00,48,00,53,00,4d,00,00,00,46,00,53,00,46,00,69,00,6c,00,74,\
00,65,00,72,00,20,00,43,00,6c,00,75,00,73,00,74,00,65,00,72,00,20,00,46,00,\
69,00,6c,00,65,00,20,00,53,00,79,00,73,00,74,00,65,00,6d,00,00,00,46,00,53,\
00,46,00,69,00,6c,00,74,00,65,00,72,00,20,00,53,00,79,00,73,00,74,00,65,00,\
6d,00,20,00,52,00,65,00,63,00,6f,00,76,00,65,00,72,00,79,00,00,00,46,00,53,\
00,46,00,69,00,6c,00,74,00,65,00,72,00,20,00,51,00,75,00,6f,00,74,00,61,00,\
20,00,4d,00,61,00,6e,00,61,00,67,00,65,00,6d,00,65,00,6e,00,74,00,00,00,46,\
00,53,00,46,00,69,00,6c,00,74,00,65,00,72,00,20,00,43,00,6f,00,6e,00,74,00,\
65,00,6e,00,74,00,20,00,53,00,63,00,72,00,65,00,65,00,6e,00,65,00,72,00,00,\
00,46,00,53,00,46,00,69,00,6c,00,74,00,65,00,72,00,20,00,43,00,6f,00,6e,00,\
74,00,69,00,6e,00,75,00,6f,00,75,00,73,00,20,00,42,00,61,00,63,00,6b,00,75,\
00,70,00,00,00,46,00,53,00,46,00,69,00,6c,00,74,00,65,00,72,00,20,00,52,00,\
65,00,70,00,6c,00,69,00,63,00,61,00,74,00,69,00,6f,00,6e,00,00,00,46,00,53,\
00,46,00,69,00,6c,00,74,00,65,00,72,00,20,00,41,00,6e,00,74,00,69,00,2d,00,\
56,00,69,00,72,00,75,00,73,00,00,00,46,00,53,00,46,00,69,00,6c,00,74,00,65,\
00,72,00,20,00,55,00,6e,00,64,00,65,00,6c,00,65,00,74,00,65,00,00,00,46,00,\
53,00,46,00,69,00,6c,00,74,00,65,00,72,00,20,00,41,00,63,00,74,00,69,00,76,\
00,69,00,74,00,79,00,20,00,4d,00,6f,00,6e,00,69,00,74,00,6f,00,72,00,00,00,\
46,00,53,00,46,00,69,00,6c,00,74,00,65,00,72,00,20,00,54,00,6f,00,70,00,00,\
00,46,00,69,00,6c,00,74,00,65,00,72,00,00,00,42,00,6f,00,6f,00,74,00,20,00,\
46,00,69,00,6c,00,65,00,20,00,53,00,79,00,73,00,74,00,65,00,6d,00,00,00,42,\
00,61,00,73,00,65,00,00,00,50,00,6f,00,69,00,6e,00,74,00,65,00,72,00,20,00,\
50,00,6f,00,72,00,74,00,00,00,4b,00,65,00,79,00,62,00,6f,00,61,00,72,00,64,\
00,20,00,50,00,6f,00,72,00,74,00,00,00,50,00,6f,00,69,00,6e,00,74,00,65,00,\
72,00,20,00,43,00,6c,00,61,00,73,00,73,00,00,00,4b,00,65,00,79,00,62,00,6f,\
00,61,00,72,00,64,00,20,00,43,00,6c,00,61,00,73,00,73,00,00,00,56,00,69,00,\
64,00,65,00,6f,00,20,00,49,00,6e,00,69,00,74,00,00,00,56,00,69,00,64,00,65,\
00,6f,00,00,00,56,00,69,00,64,00,65,00,6f,00,20,00,53,00,61,00,76,00,65,00,\
00,00,46,00,69,00,6c,00,65,00,20,00,53,00,79,00,73,00,74,00,65,00,6d,00,00,\
00,45,00,76,00,65,00,6e,00,74,00,20,00,4c,00,6f,00,67,00,00,00,53,00,74,00,\
72,00,65,00,61,00,6d,00,73,00,20,00,44,00,72,00,69,00,76,00,65,00,72,00,73,\
00,00,00,4e,00,44,00,49,00,53,00,20,00,57,00,72,00,61,00,70,00,70,00,65,00,\
72,00,00,00,43,00,4f,00,4d,00,20,00,49,00,6e,00,66,00,72,00,61,00,73,00,74,\
00,72,00,75,00,63,00,74,00,75,00,72,00,65,00,00,00,55,00,49,00,47,00,72,00,\
6f,00,75,00,70,00,00,00,4c,00,6f,00,63,00,61,00,6c,00,56,00,61,00,6c,00,69,\
00,64,00,61,00,74,00,69,00,6f,00,6e,00,00,00,50,00,6c,00,75,00,67,00,50,00,\
6c,00,61,00,79,00,00,00,50,00,4e,00,50,00,5f,00,54,00,44,00,49,00,00,00,4e,\
00,44,00,49,00,53,00,00,00,54,00,44,00,49,00,00,00,53,00,79,00,6d,00,61,00,\
6e,00,74,00,65,00,63,00,20,00,43,00,6f,00,72,00,65,00,20,00,53,00,65,00,72,\
00,76,00,69,00,63,00,65,00,73,00,00,00,53,00,79,00,6d,00,61,00,6e,00,74,00,\
65,00,63,00,20,00,53,00,65,00,72,00,76,00,69,00,63,00,65,00,73,00,00,00,4e,\
00,65,00,74,00,42,00,49,00,4f,00,53,00,47,00,72,00,6f,00,75,00,70,00,00,00,\
53,00,68,00,65,00,6c,00,6c,00,53,00,76,00,63,00,47,00,72,00,6f,00,75,00,70,\
00,00,00,53,00,63,00,68,00,65,00,64,00,75,00,6c,00,65,00,72,00,47,00,72,00,\
6f,00,75,00,70,00,00,00,53,00,70,00,6f,00,6f,00,6c,00,65,00,72,00,47,00,72,\
00,6f,00,75,00,70,00,00,00,41,00,75,00,64,00,69,00,6f,00,47,00,72,00,6f,00,\
75,00,70,00,00,00,53,00,6d,00,61,00,72,00,74,00,43,00,61,00,72,00,64,00,47,\
00,72,00,6f,00,75,00,70,00,00,00,4e,00,65,00,74,00,77,00,6f,00,72,00,6b,00,\
50,00,72,00,6f,00,76,00,69,00,64,00,65,00,72,00,00,00,52,00,65,00,6d,00,6f,\
00,74,00,65,00,56,00,61,00,6c,00,69,00,64,00,61,00,74,00,69,00,6f,00,6e,00,\
00,00,4e,00,65,00,74,00,44,00,44,00,45,00,47,00,72,00,6f,00,75,00,70,00,00,\
00,50,00,61,00,72,00,61,00,6c,00,6c,00,65,00,6c,00,20,00,61,00,72,00,62,00,\
69,00,74,00,72,00,61,00,74,00,6f,00,72,00,00,00,45,00,78,00,74,00,65,00,6e,\
00,64,00,65,00,64,00,20,00,42,00,61,00,73,00,65,00,00,00,50,00,43,00,49,00,\
20,00,43,00,6f,00,6e,00,66,00,69,00,67,00,75,00,72,00,61,00,74,00,69,00,6f,\
00,6e,00,00,00,4d,00,53,00,20,00,54,00,72,00,61,00,6e,00,73,00,61,00,63,00,\
74,00,69,00,6f,00,6e,00,73,00,00,00,00,00
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\VirtualDeviceDrivers]
; Contents of value:
; C:\PROGRA~1\Symantec\S32EVNT1.DLL
;
"VDD"=hex(7):43,00,3a,00,5c,00,50,00,52,00,4f,00,47,00,52,00,41,00,7e,00,31,00,\
5c,00,53,00,79,00,6d,00,61,00,6e,00,74,00,65,00,63,00,5c,00,53,00,33,00,32,\
00,45,00,56,00,4e,00,54,00,31,00,2e,00,44,00,4c,00,4c,00,00,00,00,00
; End Of The Log... - axa.doe
aatu kirjoitti:
Terve, ja sori taas että kesti tämä vastaus... on ollu vähän kiireitä :) tässäpä logi:
Windows Registry Editor Version 5.00
; Registry Search 2.0 by Bobbi Flekman © 2005
; Version: 2.0.5.0
; Results at 2008-02-21 20:31:20 for strings:
; 'symantec'
; Strings excluded from search:
; (None)
; Search in:
; Registry Keys Registry Values Registry Data
; HKEY_LOCAL_MACHINE HKEY_USERS
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\BackupRestore\FilesNotToBackup]
; Contents of value:
; C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsys.dll
; C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcrst.dll
;
"Symantec Core Components"=hex(7):43,00,3a,00,5c,00,50,00,72,00,6f,00,67,00,72,\
00,61,00,6d,00,20,00,46,00,69,00,6c,00,65,00,73,00,5c,00,43,00,6f,00,6d,00,\
6d,00,6f,00,6e,00,20,00,46,00,69,00,6c,00,65,00,73,00,5c,00,53,00,79,00,6d,\
00,61,00,6e,00,74,00,65,00,63,00,20,00,53,00,68,00,61,00,72,00,65,00,64,00,\
5c,00,43,00,43,00,50,00,44,00,2d,00,4c,00,43,00,5c,00,73,00,79,00,6d,00,6c,\
00,63,00,73,00,79,00,73,00,2e,00,64,00,6c,00,6c,00,00,00,43,00,3a,00,5c,00,\
50,00,72,00,6f,00,67,00,72,00,61,00,6d,00,20,00,46,00,69,00,6c,00,65,00,73,\
00,5c,00,43,00,6f,00,6d,00,6d,00,6f,00,6e,00,20,00,46,00,69,00,6c,00,65,00,\
73,00,5c,00,53,00,79,00,6d,00,61,00,6e,00,74,00,65,00,63,00,20,00,53,00,68,\
00,61,00,72,00,65,00,64,00,5c,00,43,00,43,00,50,00,44,00,2d,00,4c,00,43,00,\
5c,00,73,00,79,00,6d,00,6c,00,63,00,72,00,73,00,74,00,2e,00,64,00,6c,00,6c,\
00,00,00,00,00
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\ServiceGroupOrder]
; Contents of value:
; System Reserved
; Boot Bus Extender
; System Bus Extender
; SCSI miniport
; Port
; Primary Disk
; SCSI Class
; SCSI CDROM Class
; FSFilter Infrastructure
; FSFilter System
; FSFilter Bottom
; FSFilter Copy Protection
; FSFilter Security Enhancer
; FSFilter Open File
; FSFilter Physical Quota Management
; FSFilter Encryption
; FSFilter Compression
; FSFilter HSM
; FSFilter Cluster File System
; FSFilter System Recovery
; FSFilter Quota Management
; FSFilter Content Screener
; FSFilter Continuous Backup
; FSFilter Replication
; FSFilter Anti-Virus
; FSFilter Undelete
; FSFilter Activity Monitor
; FSFilter Top
; Filter
; Boot File System
; Base
; Pointer Port
; Keyboard Port
; Pointer Class
; Keyboard Class
; Video Init
; Video
; Video Save
; File System
; Event Log
; Streams Drivers
; NDIS Wrapper
; COM Infrastructure
; UIGroup
; LocalValidation
; PlugPlay
; PNP_TDI
; NDIS
; TDI
; Symantec Core Services
; Symantec Services
; NetBIOSGroup
; ShellSvcGroup
; SchedulerGroup
; SpoolerGroup
; AudioGroup
; SmartCardGroup
; NetworkProvider
; RemoteValidation
; NetDDEGroup
; Parallel arbitrator
; Extended Base
; PCI Configuration
; MS Transactions
;
"List"=hex(7):53,00,79,00,73,00,74,00,65,00,6d,00,20,00,52,00,65,00,73,00,65,\
00,72,00,76,00,65,00,64,00,00,00,42,00,6f,00,6f,00,74,00,20,00,42,00,75,00,\
73,00,20,00,45,00,78,00,74,00,65,00,6e,00,64,00,65,00,72,00,00,00,53,00,79,\
00,73,00,74,00,65,00,6d,00,20,00,42,00,75,00,73,00,20,00,45,00,78,00,74,00,\
65,00,6e,00,64,00,65,00,72,00,00,00,53,00,43,00,53,00,49,00,20,00,6d,00,69,\
00,6e,00,69,00,70,00,6f,00,72,00,74,00,00,00,50,00,6f,00,72,00,74,00,00,00,\
50,00,72,00,69,00,6d,00,61,00,72,00,79,00,20,00,44,00,69,00,73,00,6b,00,00,\
00,53,00,43,00,53,00,49,00,20,00,43,00,6c,00,61,00,73,00,73,00,00,00,53,00,\
43,00,53,00,49,00,20,00,43,00,44,00,52,00,4f,00,4d,00,20,00,43,00,6c,00,61,\
00,73,00,73,00,00,00,46,00,53,00,46,00,69,00,6c,00,74,00,65,00,72,00,20,00,\
49,00,6e,00,66,00,72,00,61,00,73,00,74,00,72,00,75,00,63,00,74,00,75,00,72,\
00,65,00,00,00,46,00,53,00,46,00,69,00,6c,00,74,00,65,00,72,00,20,00,53,00,\
79,00,73,00,74,00,65,00,6d,00,00,00,46,00,53,00,46,00,69,00,6c,00,74,00,65,\
00,72,00,20,00,42,00,6f,00,74,00,74,00,6f,00,6d,00,00,00,46,00,53,00,46,00,\
69,00,6c,00,74,00,65,00,72,00,20,00,43,00,6f,00,70,00,79,00,20,00,50,00,72,\
00,6f,00,74,00,65,00,63,00,74,00,69,00,6f,00,6e,00,00,00,46,00,53,00,46,00,\
69,00,6c,00,74,00,65,00,72,00,20,00,53,00,65,00,63,00,75,00,72,00,69,00,74,\
00,79,00,20,00,45,00,6e,00,68,00,61,00,6e,00,63,00,65,00,72,00,00,00,46,00,\
53,00,46,00,69,00,6c,00,74,00,65,00,72,00,20,00,4f,00,70,00,65,00,6e,00,20,\
00,46,00,69,00,6c,00,65,00,00,00,46,00,53,00,46,00,69,00,6c,00,74,00,65,00,\
72,00,20,00,50,00,68,00,79,00,73,00,69,00,63,00,61,00,6c,00,20,00,51,00,75,\
00,6f,00,74,00,61,00,20,00,4d,00,61,00,6e,00,61,00,67,00,65,00,6d,00,65,00,\
6e,00,74,00,00,00,46,00,53,00,46,00,69,00,6c,00,74,00,65,00,72,00,20,00,45,\
00,6e,00,63,00,72,00,79,00,70,00,74,00,69,00,6f,00,6e,00,00,00,46,00,53,00,\
46,00,69,00,6c,00,74,00,65,00,72,00,20,00,43,00,6f,00,6d,00,70,00,72,00,65,\
00,73,00,73,00,69,00,6f,00,6e,00,00,00,46,00,53,00,46,00,69,00,6c,00,74,00,\
65,00,72,00,20,00,48,00,53,00,4d,00,00,00,46,00,53,00,46,00,69,00,6c,00,74,\
00,65,00,72,00,20,00,43,00,6c,00,75,00,73,00,74,00,65,00,72,00,20,00,46,00,\
69,00,6c,00,65,00,20,00,53,00,79,00,73,00,74,00,65,00,6d,00,00,00,46,00,53,\
00,46,00,69,00,6c,00,74,00,65,00,72,00,20,00,53,00,79,00,73,00,74,00,65,00,\
6d,00,20,00,52,00,65,00,63,00,6f,00,76,00,65,00,72,00,79,00,00,00,46,00,53,\
00,46,00,69,00,6c,00,74,00,65,00,72,00,20,00,51,00,75,00,6f,00,74,00,61,00,\
20,00,4d,00,61,00,6e,00,61,00,67,00,65,00,6d,00,65,00,6e,00,74,00,00,00,46,\
00,53,00,46,00,69,00,6c,00,74,00,65,00,72,00,20,00,43,00,6f,00,6e,00,74,00,\
65,00,6e,00,74,00,20,00,53,00,63,00,72,00,65,00,65,00,6e,00,65,00,72,00,00,\
00,46,00,53,00,46,00,69,00,6c,00,74,00,65,00,72,00,20,00,43,00,6f,00,6e,00,\
74,00,69,00,6e,00,75,00,6f,00,75,00,73,00,20,00,42,00,61,00,63,00,6b,00,75,\
00,70,00,00,00,46,00,53,00,46,00,69,00,6c,00,74,00,65,00,72,00,20,00,52,00,\
65,00,70,00,6c,00,69,00,63,00,61,00,74,00,69,00,6f,00,6e,00,00,00,46,00,53,\
00,46,00,69,00,6c,00,74,00,65,00,72,00,20,00,41,00,6e,00,74,00,69,00,2d,00,\
56,00,69,00,72,00,75,00,73,00,00,00,46,00,53,00,46,00,69,00,6c,00,74,00,65,\
00,72,00,20,00,55,00,6e,00,64,00,65,00,6c,00,65,00,74,00,65,00,00,00,46,00,\
53,00,46,00,69,00,6c,00,74,00,65,00,72,00,20,00,41,00,63,00,74,00,69,00,76,\
00,69,00,74,00,79,00,20,00,4d,00,6f,00,6e,00,69,00,74,00,6f,00,72,00,00,00,\
46,00,53,00,46,00,69,00,6c,00,74,00,65,00,72,00,20,00,54,00,6f,00,70,00,00,\
00,46,00,69,00,6c,00,74,00,65,00,72,00,00,00,42,00,6f,00,6f,00,74,00,20,00,\
46,00,69,00,6c,00,65,00,20,00,53,00,79,00,73,00,74,00,65,00,6d,00,00,00,42,\
00,61,00,73,00,65,00,00,00,50,00,6f,00,69,00,6e,00,74,00,65,00,72,00,20,00,\
50,00,6f,00,72,00,74,00,00,00,4b,00,65,00,79,00,62,00,6f,00,61,00,72,00,64,\
00,20,00,50,00,6f,00,72,00,74,00,00,00,50,00,6f,00,69,00,6e,00,74,00,65,00,\
72,00,20,00,43,00,6c,00,61,00,73,00,73,00,00,00,4b,00,65,00,79,00,62,00,6f,\
00,61,00,72,00,64,00,20,00,43,00,6c,00,61,00,73,00,73,00,00,00,56,00,69,00,\
64,00,65,00,6f,00,20,00,49,00,6e,00,69,00,74,00,00,00,56,00,69,00,64,00,65,\
00,6f,00,00,00,56,00,69,00,64,00,65,00,6f,00,20,00,53,00,61,00,76,00,65,00,\
00,00,46,00,69,00,6c,00,65,00,20,00,53,00,79,00,73,00,74,00,65,00,6d,00,00,\
00,45,00,76,00,65,00,6e,00,74,00,20,00,4c,00,6f,00,67,00,00,00,53,00,74,00,\
72,00,65,00,61,00,6d,00,73,00,20,00,44,00,72,00,69,00,76,00,65,00,72,00,73,\
00,00,00,4e,00,44,00,49,00,53,00,20,00,57,00,72,00,61,00,70,00,70,00,65,00,\
72,00,00,00,43,00,4f,00,4d,00,20,00,49,00,6e,00,66,00,72,00,61,00,73,00,74,\
00,72,00,75,00,63,00,74,00,75,00,72,00,65,00,00,00,55,00,49,00,47,00,72,00,\
6f,00,75,00,70,00,00,00,4c,00,6f,00,63,00,61,00,6c,00,56,00,61,00,6c,00,69,\
00,64,00,61,00,74,00,69,00,6f,00,6e,00,00,00,50,00,6c,00,75,00,67,00,50,00,\
6c,00,61,00,79,00,00,00,50,00,4e,00,50,00,5f,00,54,00,44,00,49,00,00,00,4e,\
00,44,00,49,00,53,00,00,00,54,00,44,00,49,00,00,00,53,00,79,00,6d,00,61,00,\
6e,00,74,00,65,00,63,00,20,00,43,00,6f,00,72,00,65,00,20,00,53,00,65,00,72,\
00,76,00,69,00,63,00,65,00,73,00,00,00,53,00,79,00,6d,00,61,00,6e,00,74,00,\
65,00,63,00,20,00,53,00,65,00,72,00,76,00,69,00,63,00,65,00,73,00,00,00,4e,\
00,65,00,74,00,42,00,49,00,4f,00,53,00,47,00,72,00,6f,00,75,00,70,00,00,00,\
53,00,68,00,65,00,6c,00,6c,00,53,00,76,00,63,00,47,00,72,00,6f,00,75,00,70,\
00,00,00,53,00,63,00,68,00,65,00,64,00,75,00,6c,00,65,00,72,00,47,00,72,00,\
6f,00,75,00,70,00,00,00,53,00,70,00,6f,00,6f,00,6c,00,65,00,72,00,47,00,72,\
00,6f,00,75,00,70,00,00,00,41,00,75,00,64,00,69,00,6f,00,47,00,72,00,6f,00,\
75,00,70,00,00,00,53,00,6d,00,61,00,72,00,74,00,43,00,61,00,72,00,64,00,47,\
00,72,00,6f,00,75,00,70,00,00,00,4e,00,65,00,74,00,77,00,6f,00,72,00,6b,00,\
50,00,72,00,6f,00,76,00,69,00,64,00,65,00,72,00,00,00,52,00,65,00,6d,00,6f,\
00,74,00,65,00,56,00,61,00,6c,00,69,00,64,00,61,00,74,00,69,00,6f,00,6e,00,\
00,00,4e,00,65,00,74,00,44,00,44,00,45,00,47,00,72,00,6f,00,75,00,70,00,00,\
00,50,00,61,00,72,00,61,00,6c,00,6c,00,65,00,6c,00,20,00,61,00,72,00,62,00,\
69,00,74,00,72,00,61,00,74,00,6f,00,72,00,00,00,45,00,78,00,74,00,65,00,6e,\
00,64,00,65,00,64,00,20,00,42,00,61,00,73,00,65,00,00,00,50,00,43,00,49,00,\
20,00,43,00,6f,00,6e,00,66,00,69,00,67,00,75,00,72,00,61,00,74,00,69,00,6f,\
00,6e,00,00,00,4d,00,53,00,20,00,54,00,72,00,61,00,6e,00,73,00,61,00,63,00,\
74,00,69,00,6f,00,6e,00,73,00,00,00,00,00
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\VirtualDeviceDrivers]
; Contents of value:
; C:\PROGRA~1\Symantec\S32EVNT1.DLL
;
"VDD"=hex(7):43,00,3a,00,5c,00,50,00,52,00,4f,00,47,00,52,00,41,00,7e,00,31,00,\
5c,00,53,00,79,00,6d,00,61,00,6e,00,74,00,65,00,63,00,5c,00,53,00,33,00,32,\
00,45,00,56,00,4e,00,54,00,31,00,2e,00,44,00,4c,00,4c,00,00,00,00,00
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\BackupRestore\FilesNotToBackup]
; Contents of value:
; C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsys.dll
; C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcrst.dll
;
"Symantec Core Components"=hex(7):43,00,3a,00,5c,00,50,00,72,00,6f,00,67,00,72,\
00,61,00,6d,00,20,00,46,00,69,00,6c,00,65,00,73,00,5c,00,43,00,6f,00,6d,00,\
6d,00,6f,00,6e,00,20,00,46,00,69,00,6c,00,65,00,73,00,5c,00,53,00,79,00,6d,\
00,61,00,6e,00,74,00,65,00,63,00,20,00,53,00,68,00,61,00,72,00,65,00,64,00,\
5c,00,43,00,43,00,50,00,44,00,2d,00,4c,00,43,00,5c,00,73,00,79,00,6d,00,6c,\
00,63,00,73,00,79,00,73,00,2e,00,64,00,6c,00,6c,00,00,00,43,00,3a,00,5c,00,\
50,00,72,00,6f,00,67,00,72,00,61,00,6d,00,20,00,46,00,69,00,6c,00,65,00,73,\
00,5c,00,43,00,6f,00,6d,00,6d,00,6f,00,6e,00,20,00,46,00,69,00,6c,00,65,00,\
73,00,5c,00,53,00,79,00,6d,00,61,00,6e,00,74,00,65,00,63,00,20,00,53,00,68,\
00,61,00,72,00,65,00,64,00,5c,00,43,00,43,00,50,00,44,00,2d,00,4c,00,43,00,\
5c,00,73,00,79,00,6d,00,6c,00,63,00,72,00,73,00,74,00,2e,00,64,00,6c,00,6c,\
00,00,00,00,00
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\ServiceGroupOrder]
; Contents of value:
; System Reserved
; Boot Bus Extender
; System Bus Extender
; SCSI miniport
; Port
; Primary Disk
; SCSI Class
; SCSI CDROM Class
; FSFilter Infrastructure
; FSFilter System
; FSFilter Bottom
; FSFilter Copy Protection
; FSFilter Security Enhancer
; FSFilter Open File
; FSFilter Physical Quota Management
; FSFilter Encryption
; FSFilter Compression
; FSFilter HSM
; FSFilter Cluster File System
; FSFilter System Recovery
; FSFilter Quota Management
; FSFilter Content Screener
; FSFilter Continuous Backup
; FSFilter Replication
; FSFilter Anti-Virus
; FSFilter Undelete
; FSFilter Activity Monitor
; FSFilter Top
; Filter
; Boot File System
; Base
; Pointer Port
; Keyboard Port
; Pointer Class
; Keyboard Class
; Video Init
; Video
; Video Save
; File System
; Event Log
; Streams Drivers
; NDIS Wrapper
; COM Infrastructure
; UIGroup
; LocalValidation
; PlugPlay
; PNP_TDI
; NDIS
; TDI
; Symantec Core Services
; Symantec Services
; NetBIOSGroup
; ShellSvcGroup
; SchedulerGroup
; SpoolerGroup
; AudioGroup
; SmartCardGroup
; NetworkProvider
; RemoteValidation
; NetDDEGroup
; Parallel arbitrator
; Extended Base
; PCI Configuration
; MS Transactions
;
"List"=hex(7):53,00,79,00,73,00,74,00,65,00,6d,00,20,00,52,00,65,00,73,00,65,\
00,72,00,76,00,65,00,64,00,00,00,42,00,6f,00,6f,00,74,00,20,00,42,00,75,00,\
73,00,20,00,45,00,78,00,74,00,65,00,6e,00,64,00,65,00,72,00,00,00,53,00,79,\
00,73,00,74,00,65,00,6d,00,20,00,42,00,75,00,73,00,20,00,45,00,78,00,74,00,\
65,00,6e,00,64,00,65,00,72,00,00,00,53,00,43,00,53,00,49,00,20,00,6d,00,69,\
00,6e,00,69,00,70,00,6f,00,72,00,74,00,00,00,50,00,6f,00,72,00,74,00,00,00,\
50,00,72,00,69,00,6d,00,61,00,72,00,79,00,20,00,44,00,69,00,73,00,6b,00,00,\
00,53,00,43,00,53,00,49,00,20,00,43,00,6c,00,61,00,73,00,73,00,00,00,53,00,\
43,00,53,00,49,00,20,00,43,00,44,00,52,00,4f,00,4d,00,20,00,43,00,6c,00,61,\
00,73,00,73,00,00,00,46,00,53,00,46,00,69,00,6c,00,74,00,65,00,72,00,20,00,\
49,00,6e,00,66,00,72,00,61,00,73,00,74,00,72,00,75,00,63,00,74,00,75,00,72,\
00,65,00,00,00,46,00,53,00,46,00,69,00,6c,00,74,00,65,00,72,00,20,00,53,00,\
79,00,73,00,74,00,65,00,6d,00,00,00,46,00,53,00,46,00,69,00,6c,00,74,00,65,\
00,72,00,20,00,42,00,6f,00,74,00,74,00,6f,00,6d,00,00,00,46,00,53,00,46,00,\
69,00,6c,00,74,00,65,00,72,00,20,00,43,00,6f,00,70,00,79,00,20,00,50,00,72,\
00,6f,00,74,00,65,00,63,00,74,00,69,00,6f,00,6e,00,00,00,46,00,53,00,46,00,\
69,00,6c,00,74,00,65,00,72,00,20,00,53,00,65,00,63,00,75,00,72,00,69,00,74,\
00,79,00,20,00,45,00,6e,00,68,00,61,00,6e,00,63,00,65,00,72,00,00,00,46,00,\
53,00,46,00,69,00,6c,00,74,00,65,00,72,00,20,00,4f,00,70,00,65,00,6e,00,20,\
00,46,00,69,00,6c,00,65,00,00,00,46,00,53,00,46,00,69,00,6c,00,74,00,65,00,\
72,00,20,00,50,00,68,00,79,00,73,00,69,00,63,00,61,00,6c,00,20,00,51,00,75,\
00,6f,00,74,00,61,00,20,00,4d,00,61,00,6e,00,61,00,67,00,65,00,6d,00,65,00,\
6e,00,74,00,00,00,46,00,53,00,46,00,69,00,6c,00,74,00,65,00,72,00,20,00,45,\
00,6e,00,63,00,72,00,79,00,70,00,74,00,69,00,6f,00,6e,00,00,00,46,00,53,00,\
46,00,69,00,6c,00,74,00,65,00,72,00,20,00,43,00,6f,00,6d,00,70,00,72,00,65,\
00,73,00,73,00,69,00,6f,00,6e,00,00,00,46,00,53,00,46,00,69,00,6c,00,74,00,\
65,00,72,00,20,00,48,00,53,00,4d,00,00,00,46,00,53,00,46,00,69,00,6c,00,74,\
00,65,00,72,00,20,00,43,00,6c,00,75,00,73,00,74,00,65,00,72,00,20,00,46,00,\
69,00,6c,00,65,00,20,00,53,00,79,00,73,00,74,00,65,00,6d,00,00,00,46,00,53,\
00,46,00,69,00,6c,00,74,00,65,00,72,00,20,00,53,00,79,00,73,00,74,00,65,00,\
6d,00,20,00,52,00,65,00,63,00,6f,00,76,00,65,00,72,00,79,00,00,00,46,00,53,\
00,46,00,69,00,6c,00,74,00,65,00,72,00,20,00,51,00,75,00,6f,00,74,00,61,00,\
20,00,4d,00,61,00,6e,00,61,00,67,00,65,00,6d,00,65,00,6e,00,74,00,00,00,46,\
00,53,00,46,00,69,00,6c,00,74,00,65,00,72,00,20,00,43,00,6f,00,6e,00,74,00,\
65,00,6e,00,74,00,20,00,53,00,63,00,72,00,65,00,65,00,6e,00,65,00,72,00,00,\
00,46,00,53,00,46,00,69,00,6c,00,74,00,65,00,72,00,20,00,43,00,6f,00,6e,00,\
74,00,69,00,6e,00,75,00,6f,00,75,00,73,00,20,00,42,00,61,00,63,00,6b,00,75,\
00,70,00,00,00,46,00,53,00,46,00,69,00,6c,00,74,00,65,00,72,00,20,00,52,00,\
65,00,70,00,6c,00,69,00,63,00,61,00,74,00,69,00,6f,00,6e,00,00,00,46,00,53,\
00,46,00,69,00,6c,00,74,00,65,00,72,00,20,00,41,00,6e,00,74,00,69,00,2d,00,\
56,00,69,00,72,00,75,00,73,00,00,00,46,00,53,00,46,00,69,00,6c,00,74,00,65,\
00,72,00,20,00,55,00,6e,00,64,00,65,00,6c,00,65,00,74,00,65,00,00,00,46,00,\
53,00,46,00,69,00,6c,00,74,00,65,00,72,00,20,00,41,00,63,00,74,00,69,00,76,\
00,69,00,74,00,79,00,20,00,4d,00,6f,00,6e,00,69,00,74,00,6f,00,72,00,00,00,\
46,00,53,00,46,00,69,00,6c,00,74,00,65,00,72,00,20,00,54,00,6f,00,70,00,00,\
00,46,00,69,00,6c,00,74,00,65,00,72,00,00,00,42,00,6f,00,6f,00,74,00,20,00,\
46,00,69,00,6c,00,65,00,20,00,53,00,79,00,73,00,74,00,65,00,6d,00,00,00,42,\
00,61,00,73,00,65,00,00,00,50,00,6f,00,69,00,6e,00,74,00,65,00,72,00,20,00,\
50,00,6f,00,72,00,74,00,00,00,4b,00,65,00,79,00,62,00,6f,00,61,00,72,00,64,\
00,20,00,50,00,6f,00,72,00,74,00,00,00,50,00,6f,00,69,00,6e,00,74,00,65,00,\
72,00,20,00,43,00,6c,00,61,00,73,00,73,00,00,00,4b,00,65,00,79,00,62,00,6f,\
00,61,00,72,00,64,00,20,00,43,00,6c,00,61,00,73,00,73,00,00,00,56,00,69,00,\
64,00,65,00,6f,00,20,00,49,00,6e,00,69,00,74,00,00,00,56,00,69,00,64,00,65,\
00,6f,00,00,00,56,00,69,00,64,00,65,00,6f,00,20,00,53,00,61,00,76,00,65,00,\
00,00,46,00,69,00,6c,00,65,00,20,00,53,00,79,00,73,00,74,00,65,00,6d,00,00,\
00,45,00,76,00,65,00,6e,00,74,00,20,00,4c,00,6f,00,67,00,00,00,53,00,74,00,\
72,00,65,00,61,00,6d,00,73,00,20,00,44,00,72,00,69,00,76,00,65,00,72,00,73,\
00,00,00,4e,00,44,00,49,00,53,00,20,00,57,00,72,00,61,00,70,00,70,00,65,00,\
72,00,00,00,43,00,4f,00,4d,00,20,00,49,00,6e,00,66,00,72,00,61,00,73,00,74,\
00,72,00,75,00,63,00,74,00,75,00,72,00,65,00,00,00,55,00,49,00,47,00,72,00,\
6f,00,75,00,70,00,00,00,4c,00,6f,00,63,00,61,00,6c,00,56,00,61,00,6c,00,69,\
00,64,00,61,00,74,00,69,00,6f,00,6e,00,00,00,50,00,6c,00,75,00,67,00,50,00,\
6c,00,61,00,79,00,00,00,50,00,4e,00,50,00,5f,00,54,00,44,00,49,00,00,00,4e,\
00,44,00,49,00,53,00,00,00,54,00,44,00,49,00,00,00,53,00,79,00,6d,00,61,00,\
6e,00,74,00,65,00,63,00,20,00,43,00,6f,00,72,00,65,00,20,00,53,00,65,00,72,\
00,76,00,69,00,63,00,65,00,73,00,00,00,53,00,79,00,6d,00,61,00,6e,00,74,00,\
65,00,63,00,20,00,53,00,65,00,72,00,76,00,69,00,63,00,65,00,73,00,00,00,4e,\
00,65,00,74,00,42,00,49,00,4f,00,53,00,47,00,72,00,6f,00,75,00,70,00,00,00,\
53,00,68,00,65,00,6c,00,6c,00,53,00,76,00,63,00,47,00,72,00,6f,00,75,00,70,\
00,00,00,53,00,63,00,68,00,65,00,64,00,75,00,6c,00,65,00,72,00,47,00,72,00,\
6f,00,75,00,70,00,00,00,53,00,70,00,6f,00,6f,00,6c,00,65,00,72,00,47,00,72,\
00,6f,00,75,00,70,00,00,00,41,00,75,00,64,00,69,00,6f,00,47,00,72,00,6f,00,\
75,00,70,00,00,00,53,00,6d,00,61,00,72,00,74,00,43,00,61,00,72,00,64,00,47,\
00,72,00,6f,00,75,00,70,00,00,00,4e,00,65,00,74,00,77,00,6f,00,72,00,6b,00,\
50,00,72,00,6f,00,76,00,69,00,64,00,65,00,72,00,00,00,52,00,65,00,6d,00,6f,\
00,74,00,65,00,56,00,61,00,6c,00,69,00,64,00,61,00,74,00,69,00,6f,00,6e,00,\
00,00,4e,00,65,00,74,00,44,00,44,00,45,00,47,00,72,00,6f,00,75,00,70,00,00,\
00,50,00,61,00,72,00,61,00,6c,00,6c,00,65,00,6c,00,20,00,61,00,72,00,62,00,\
69,00,74,00,72,00,61,00,74,00,6f,00,72,00,00,00,45,00,78,00,74,00,65,00,6e,\
00,64,00,65,00,64,00,20,00,42,00,61,00,73,00,65,00,00,00,50,00,43,00,49,00,\
20,00,43,00,6f,00,6e,00,66,00,69,00,67,00,75,00,72,00,61,00,74,00,69,00,6f,\
00,6e,00,00,00,4d,00,53,00,20,00,54,00,72,00,61,00,6e,00,73,00,61,00,63,00,\
74,00,69,00,6f,00,6e,00,73,00,00,00,00,00
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\VirtualDeviceDrivers]
; Contents of value:
; C:\PROGRA~1\Symantec\S32EVNT1.DLL
;
"VDD"=hex(7):43,00,3a,00,5c,00,50,00,52,00,4f,00,47,00,52,00,41,00,7e,00,31,00,\
5c,00,53,00,79,00,6d,00,61,00,6e,00,74,00,65,00,63,00,5c,00,53,00,33,00,32,\
00,45,00,56,00,4e,00,54,00,31,00,2e,00,44,00,4c,00,4c,00,00,00,00,00
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\BackupRestore\FilesNotToBackup]
; Contents of value:
; C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsys.dll
; C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcrst.dll
;
"Symantec Core Components"=hex(7):43,00,3a,00,5c,00,50,00,72,00,6f,00,67,00,72,\
00,61,00,6d,00,20,00,46,00,69,00,6c,00,65,00,73,00,5c,00,43,00,6f,00,6d,00,\
6d,00,6f,00,6e,00,20,00,46,00,69,00,6c,00,65,00,73,00,5c,00,53,00,79,00,6d,\
00,61,00,6e,00,74,00,65,00,63,00,20,00,53,00,68,00,61,00,72,00,65,00,64,00,\
5c,00,43,00,43,00,50,00,44,00,2d,00,4c,00,43,00,5c,00,73,00,79,00,6d,00,6c,\
00,63,00,73,00,79,00,73,00,2e,00,64,00,6c,00,6c,00,00,00,43,00,3a,00,5c,00,\
50,00,72,00,6f,00,67,00,72,00,61,00,6d,00,20,00,46,00,69,00,6c,00,65,00,73,\
00,5c,00,43,00,6f,00,6d,00,6d,00,6f,00,6e,00,20,00,46,00,69,00,6c,00,65,00,\
73,00,5c,00,53,00,79,00,6d,00,61,00,6e,00,74,00,65,00,63,00,20,00,53,00,68,\
00,61,00,72,00,65,00,64,00,5c,00,43,00,43,00,50,00,44,00,2d,00,4c,00,43,00,\
5c,00,73,00,79,00,6d,00,6c,00,63,00,72,00,73,00,74,00,2e,00,64,00,6c,00,6c,\
00,00,00,00,00
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\ServiceGroupOrder]
; Contents of value:
; System Reserved
; Boot Bus Extender
; System Bus Extender
; SCSI miniport
; Port
; Primary Disk
; SCSI Class
; SCSI CDROM Class
; FSFilter Infrastructure
; FSFilter System
; FSFilter Bottom
; FSFilter Copy Protection
; FSFilter Security Enhancer
; FSFilter Open File
; FSFilter Physical Quota Management
; FSFilter Encryption
; FSFilter Compression
; FSFilter HSM
; FSFilter Cluster File System
; FSFilter System Recovery
; FSFilter Quota Management
; FSFilter Content Screener
; FSFilter Continuous Backup
; FSFilter Replication
; FSFilter Anti-Virus
; FSFilter Undelete
; FSFilter Activity Monitor
; FSFilter Top
; Filter
; Boot File System
; Base
; Pointer Port
; Keyboard Port
; Pointer Class
; Keyboard Class
; Video Init
; Video
; Video Save
; File System
; Event Log
; Streams Drivers
; NDIS Wrapper
; COM Infrastructure
; UIGroup
; LocalValidation
; PlugPlay
; PNP_TDI
; NDIS
; TDI
; Symantec Core Services
; Symantec Services
; NetBIOSGroup
; ShellSvcGroup
; SchedulerGroup
; SpoolerGroup
; AudioGroup
; SmartCardGroup
; NetworkProvider
; RemoteValidation
; NetDDEGroup
; Parallel arbitrator
; Extended Base
; PCI Configuration
; MS Transactions
;
"List"=hex(7):53,00,79,00,73,00,74,00,65,00,6d,00,20,00,52,00,65,00,73,00,65,\
00,72,00,76,00,65,00,64,00,00,00,42,00,6f,00,6f,00,74,00,20,00,42,00,75,00,\
73,00,20,00,45,00,78,00,74,00,65,00,6e,00,64,00,65,00,72,00,00,00,53,00,79,\
00,73,00,74,00,65,00,6d,00,20,00,42,00,75,00,73,00,20,00,45,00,78,00,74,00,\
65,00,6e,00,64,00,65,00,72,00,00,00,53,00,43,00,53,00,49,00,20,00,6d,00,69,\
00,6e,00,69,00,70,00,6f,00,72,00,74,00,00,00,50,00,6f,00,72,00,74,00,00,00,\
50,00,72,00,69,00,6d,00,61,00,72,00,79,00,20,00,44,00,69,00,73,00,6b,00,00,\
00,53,00,43,00,53,00,49,00,20,00,43,00,6c,00,61,00,73,00,73,00,00,00,53,00,\
43,00,53,00,49,00,20,00,43,00,44,00,52,00,4f,00,4d,00,20,00,43,00,6c,00,61,\
00,73,00,73,00,00,00,46,00,53,00,46,00,69,00,6c,00,74,00,65,00,72,00,20,00,\
49,00,6e,00,66,00,72,00,61,00,73,00,74,00,72,00,75,00,63,00,74,00,75,00,72,\
00,65,00,00,00,46,00,53,00,46,00,69,00,6c,00,74,00,65,00,72,00,20,00,53,00,\
79,00,73,00,74,00,65,00,6d,00,00,00,46,00,53,00,46,00,69,00,6c,00,74,00,65,\
00,72,00,20,00,42,00,6f,00,74,00,74,00,6f,00,6d,00,00,00,46,00,53,00,46,00,\
69,00,6c,00,74,00,65,00,72,00,20,00,43,00,6f,00,70,00,79,00,20,00,50,00,72,\
00,6f,00,74,00,65,00,63,00,74,00,69,00,6f,00,6e,00,00,00,46,00,53,00,46,00,\
69,00,6c,00,74,00,65,00,72,00,20,00,53,00,65,00,63,00,75,00,72,00,69,00,74,\
00,79,00,20,00,45,00,6e,00,68,00,61,00,6e,00,63,00,65,00,72,00,00,00,46,00,\
53,00,46,00,69,00,6c,00,74,00,65,00,72,00,20,00,4f,00,70,00,65,00,6e,00,20,\
00,46,00,69,00,6c,00,65,00,00,00,46,00,53,00,46,00,69,00,6c,00,74,00,65,00,\
72,00,20,00,50,00,68,00,79,00,73,00,69,00,63,00,61,00,6c,00,20,00,51,00,75,\
00,6f,00,74,00,61,00,20,00,4d,00,61,00,6e,00,61,00,67,00,65,00,6d,00,65,00,\
6e,00,74,00,00,00,46,00,53,00,46,00,69,00,6c,00,74,00,65,00,72,00,20,00,45,\
00,6e,00,63,00,72,00,79,00,70,00,74,00,69,00,6f,00,6e,00,00,00,46,00,53,00,\
46,00,69,00,6c,00,74,00,65,00,72,00,20,00,43,00,6f,00,6d,00,70,00,72,00,65,\
00,73,00,73,00,69,00,6f,00,6e,00,00,00,46,00,53,00,46,00,69,00,6c,00,74,00,\
65,00,72,00,20,00,48,00,53,00,4d,00,00,00,46,00,53,00,46,00,69,00,6c,00,74,\
00,65,00,72,00,20,00,43,00,6c,00,75,00,73,00,74,00,65,00,72,00,20,00,46,00,\
69,00,6c,00,65,00,20,00,53,00,79,00,73,00,74,00,65,00,6d,00,00,00,46,00,53,\
00,46,00,69,00,6c,00,74,00,65,00,72,00,20,00,53,00,79,00,73,00,74,00,65,00,\
6d,00,20,00,52,00,65,00,63,00,6f,00,76,00,65,00,72,00,79,00,00,00,46,00,53,\
00,46,00,69,00,6c,00,74,00,65,00,72,00,20,00,51,00,75,00,6f,00,74,00,61,00,\
20,00,4d,00,61,00,6e,00,61,00,67,00,65,00,6d,00,65,00,6e,00,74,00,00,00,46,\
00,53,00,46,00,69,00,6c,00,74,00,65,00,72,00,20,00,43,00,6f,00,6e,00,74,00,\
65,00,6e,00,74,00,20,00,53,00,63,00,72,00,65,00,65,00,6e,00,65,00,72,00,00,\
00,46,00,53,00,46,00,69,00,6c,00,74,00,65,00,72,00,20,00,43,00,6f,00,6e,00,\
74,00,69,00,6e,00,75,00,6f,00,75,00,73,00,20,00,42,00,61,00,63,00,6b,00,75,\
00,70,00,00,00,46,00,53,00,46,00,69,00,6c,00,74,00,65,00,72,00,20,00,52,00,\
65,00,70,00,6c,00,69,00,63,00,61,00,74,00,69,00,6f,00,6e,00,00,00,46,00,53,\
00,46,00,69,00,6c,00,74,00,65,00,72,00,20,00,41,00,6e,00,74,00,69,00,2d,00,\
56,00,69,00,72,00,75,00,73,00,00,00,46,00,53,00,46,00,69,00,6c,00,74,00,65,\
00,72,00,20,00,55,00,6e,00,64,00,65,00,6c,00,65,00,74,00,65,00,00,00,46,00,\
53,00,46,00,69,00,6c,00,74,00,65,00,72,00,20,00,41,00,63,00,74,00,69,00,76,\
00,69,00,74,00,79,00,20,00,4d,00,6f,00,6e,00,69,00,74,00,6f,00,72,00,00,00,\
46,00,53,00,46,00,69,00,6c,00,74,00,65,00,72,00,20,00,54,00,6f,00,70,00,00,\
00,46,00,69,00,6c,00,74,00,65,00,72,00,00,00,42,00,6f,00,6f,00,74,00,20,00,\
46,00,69,00,6c,00,65,00,20,00,53,00,79,00,73,00,74,00,65,00,6d,00,00,00,42,\
00,61,00,73,00,65,00,00,00,50,00,6f,00,69,00,6e,00,74,00,65,00,72,00,20,00,\
50,00,6f,00,72,00,74,00,00,00,4b,00,65,00,79,00,62,00,6f,00,61,00,72,00,64,\
00,20,00,50,00,6f,00,72,00,74,00,00,00,50,00,6f,00,69,00,6e,00,74,00,65,00,\
72,00,20,00,43,00,6c,00,61,00,73,00,73,00,00,00,4b,00,65,00,79,00,62,00,6f,\
00,61,00,72,00,64,00,20,00,43,00,6c,00,61,00,73,00,73,00,00,00,56,00,69,00,\
64,00,65,00,6f,00,20,00,49,00,6e,00,69,00,74,00,00,00,56,00,69,00,64,00,65,\
00,6f,00,00,00,56,00,69,00,64,00,65,00,6f,00,20,00,53,00,61,00,76,00,65,00,\
00,00,46,00,69,00,6c,00,65,00,20,00,53,00,79,00,73,00,74,00,65,00,6d,00,00,\
00,45,00,76,00,65,00,6e,00,74,00,20,00,4c,00,6f,00,67,00,00,00,53,00,74,00,\
72,00,65,00,61,00,6d,00,73,00,20,00,44,00,72,00,69,00,76,00,65,00,72,00,73,\
00,00,00,4e,00,44,00,49,00,53,00,20,00,57,00,72,00,61,00,70,00,70,00,65,00,\
72,00,00,00,43,00,4f,00,4d,00,20,00,49,00,6e,00,66,00,72,00,61,00,73,00,74,\
00,72,00,75,00,63,00,74,00,75,00,72,00,65,00,00,00,55,00,49,00,47,00,72,00,\
6f,00,75,00,70,00,00,00,4c,00,6f,00,63,00,61,00,6c,00,56,00,61,00,6c,00,69,\
00,64,00,61,00,74,00,69,00,6f,00,6e,00,00,00,50,00,6c,00,75,00,67,00,50,00,\
6c,00,61,00,79,00,00,00,50,00,4e,00,50,00,5f,00,54,00,44,00,49,00,00,00,4e,\
00,44,00,49,00,53,00,00,00,54,00,44,00,49,00,00,00,53,00,79,00,6d,00,61,00,\
6e,00,74,00,65,00,63,00,20,00,43,00,6f,00,72,00,65,00,20,00,53,00,65,00,72,\
00,76,00,69,00,63,00,65,00,73,00,00,00,53,00,79,00,6d,00,61,00,6e,00,74,00,\
65,00,63,00,20,00,53,00,65,00,72,00,76,00,69,00,63,00,65,00,73,00,00,00,4e,\
00,65,00,74,00,42,00,49,00,4f,00,53,00,47,00,72,00,6f,00,75,00,70,00,00,00,\
53,00,68,00,65,00,6c,00,6c,00,53,00,76,00,63,00,47,00,72,00,6f,00,75,00,70,\
00,00,00,53,00,63,00,68,00,65,00,64,00,75,00,6c,00,65,00,72,00,47,00,72,00,\
6f,00,75,00,70,00,00,00,53,00,70,00,6f,00,6f,00,6c,00,65,00,72,00,47,00,72,\
00,6f,00,75,00,70,00,00,00,41,00,75,00,64,00,69,00,6f,00,47,00,72,00,6f,00,\
75,00,70,00,00,00,53,00,6d,00,61,00,72,00,74,00,43,00,61,00,72,00,64,00,47,\
00,72,00,6f,00,75,00,70,00,00,00,4e,00,65,00,74,00,77,00,6f,00,72,00,6b,00,\
50,00,72,00,6f,00,76,00,69,00,64,00,65,00,72,00,00,00,52,00,65,00,6d,00,6f,\
00,74,00,65,00,56,00,61,00,6c,00,69,00,64,00,61,00,74,00,69,00,6f,00,6e,00,\
00,00,4e,00,65,00,74,00,44,00,44,00,45,00,47,00,72,00,6f,00,75,00,70,00,00,\
00,50,00,61,00,72,00,61,00,6c,00,6c,00,65,00,6c,00,20,00,61,00,72,00,62,00,\
69,00,74,00,72,00,61,00,74,00,6f,00,72,00,00,00,45,00,78,00,74,00,65,00,6e,\
00,64,00,65,00,64,00,20,00,42,00,61,00,73,00,65,00,00,00,50,00,43,00,49,00,\
20,00,43,00,6f,00,6e,00,66,00,69,00,67,00,75,00,72,00,61,00,74,00,69,00,6f,\
00,6e,00,00,00,4d,00,53,00,20,00,54,00,72,00,61,00,6e,00,73,00,61,00,63,00,\
74,00,69,00,6f,00,6e,00,73,00,00,00,00,00
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\VirtualDeviceDrivers]
; Contents of value:
; C:\PROGRA~1\Symantec\S32EVNT1.DLL
;
"VDD"=hex(7):43,00,3a,00,5c,00,50,00,52,00,4f,00,47,00,52,00,41,00,7e,00,31,00,\
5c,00,53,00,79,00,6d,00,61,00,6e,00,74,00,65,00,63,00,5c,00,53,00,33,00,32,\
00,45,00,56,00,4e,00,54,00,31,00,2e,00,44,00,4c,00,4c,00,00,00,00,00
; End Of The Log...Luo ensin poistolista:
* Avaa HiJackThis
* Klikkaa "Open the misc tool section" valintaa
* Klikkaa "Open uninstall manager"
* Klikkaa valintaa "Save list"
-> Kopioi ja liitä kyseinen lista postiisi
***
Luo käynnistyslista
* Avaa HiJackThis
* Klikkaa "Configure" valintaa oikealla alhaalla
* Klikkaa "Misc Tools"
* Rastita 2 boxia boxin vierestä jossa lukee "Generate StartupList log"
* Klikkaa valintaa "Generate StartupList log"
-> Kopioi ja liitä käynnistyslistasi muistiosta postiisi
* Sulje hjt yläkulman ruksista - aatu
axa.doe kirjoitti:
Luo ensin poistolista:
* Avaa HiJackThis
* Klikkaa "Open the misc tool section" valintaa
* Klikkaa "Open uninstall manager"
* Klikkaa valintaa "Save list"
-> Kopioi ja liitä kyseinen lista postiisi
***
Luo käynnistyslista
* Avaa HiJackThis
* Klikkaa "Configure" valintaa oikealla alhaalla
* Klikkaa "Misc Tools"
* Rastita 2 boxia boxin vierestä jossa lukee "Generate StartupList log"
* Klikkaa valintaa "Generate StartupList log"
-> Kopioi ja liitä käynnistyslistasi muistiosta postiisi
* Sulje hjt yläkulman ruksistauninstall list:
Adobe Flash Player ActiveX
Adobe Reader 7.0.9 - Suomi
Apple Software Update
ArcSoft PhotoStudio 5.5
AVG Anti-Spyware 7.5
Avira AntiVir PersonalEdition Classic
BitComet 0.82
BSPlayer
Canon MP Navigator 2.0
Canon MP170
Canon Utilities Easy-PhotoPrint
CCleaner (remove only)
Conexant HD Audio
Easy-WebPrint
GlobeTrotter Connect
Google Earth
Half-Life(R) 2
HijackThis 2.0.2
Hotfix for Windows XP (KB896256)
Hotfix for Windows XP (KB909095)
Hotfix for Windows XP (KB910728)
Hotfix for Windows XP (KB912436)
Hotfix for Windows XP (KB915865)
HP Help and Support
HP Imaging Device Functions 6.0
HP Integrated Module with Bluetooth wireless technology
HP Pavilion Webcam Tray Icon
HP Photosmart Premier Software 6.0
HP Quick Launch Buttons 6.10 A2
HP QuickPlay 2.3
HP Update
HP User Guides 0031
HP Wireless Assistant 2.00 G2
Java(TM) 6 Update 4
Kaspersky Online Scanner
Localization Pack for Microsoft Windows XP Media Center Edition
Macromedia Shockwave Player
Microsoft .NET Framework 1.0 Hotfix (KB887998)
Microsoft .NET Framework 1.0 Hotfix (KB930494)
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Finnish Language Pack
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Works
Microsoft Works 7.0
Mozilla Firefox (2.0.0.12)
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
Nero 7 Ultra Edition
Nokia Lifeblog 2.1
Nokia Maploader
Nokia Software Updater
NVIDIA Drivers
OmniPage SE 2.0
Opera 9.23
PAF POKER (remove only)
PC Connectivity Solution
PhotoFiltre
QuickTime
Security Update for CAPICOM (KB931906)
Security Update for CAPICOM (KB931906)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB893066)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901190)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB903235)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913446)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB921503)
Security Update for Windows XP (KB922616)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923694)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925454)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928090)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB929969)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931768)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB933566)
Security Update for Windows XP (KB933729)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
Security Update for Windows XP (KB936021)
Security Update for Windows XP (KB937143)
Security Update for Windows XP (KB937894)
Security Update for Windows XP (KB938127)
Security Update for Windows XP (KB938829)
Security Update for Windows XP (KB939653)
Security Update for Windows XP (KB941202)
Security Update for Windows XP (KB941568)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB941644)
Security Update for Windows XP (KB942615)
Security Update for Windows XP (KB943055)
Security Update for Windows XP (KB943485)
Security Update for Windows XP (KB944653)
Security Update for Windows XP (KB946026)
Skype™ 3.6
Soft Data Fax Modem with SmartCP
Sonic Audio Module
Sonic Copy Module
Sonic Data Module
Sonic Express Labeler
Sonic MyDVD Plus
Sonic Update Manager
SonicAC3Encoder
SonicMPEGEncoder
Spybot - Search & Destroy 1.4
SpywareBlaster v3.5.1
Steam(TM)
TuneUp Utilities 2007
UltimateZip 2.7
Update for Windows Media Player 10 (KB913800)
Update for Windows Media Player 10 (KB926251)
Update for Windows XP (KB894391)
Update for Windows XP (KB896727)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB908531)
Update for Windows XP (KB910437)
Update for Windows XP (KB911164)
Update for Windows XP (KB911280)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB927891)
Update for Windows XP (KB929338)
Update for Windows XP (KB930916)
Update for Windows XP (KB931836)
Update for Windows XP (KB933360)
Update for Windows XP (KB938828)
Update for Windows XP (KB942763)
Update for Windows XP (KB942840)
VideoLAN VLC media player 0.8.6a
Winamp
Windows Driver Package - Nokia (WUDFRd) WPD (03/19/2007 6.83.31.1)
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows Live Messenger
Windows Media Connect
Windows Media Format Runtime
Windows Media Player Firefox Plugin
Windows XP Hotfix - KB873333
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB885855
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888239
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890546
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891220
Windows XP Hotfix - KB891781
Windows XP Hotfix - KB892559
Windows XP Media Center Edition 2005 KB888316
Windows XP Media Center Edition 2005 KB895678
Windows XP Media Center Edition 2005 KB908250
WinRAR archiver
ZoneAlarm
startup list:
StartupList report, 2008-02-22, 13:17:50
StartupList version: 1.52.2
Started from : C:\Program Files\Trend Micro\HijackThis\HijackThis.EXE
Detected: Windows XP SP2 (WinNT 5.01.2600)
Detected: Internet Explorer v7.00 (7.00.6000.16608)
* Using default options
* Including empty and uninteresting sections
* Showing rarely important sections
==================================================
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\WIDCOMM\Bluetooth-ohjelmisto\bin\btwdins.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\GtFlashSwitch\GtFlashSwitch.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\mqsvc.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\WINDOWS\system32\mqtgsvc.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\WIDCOMM\Bluetooth-ohjelmisto\BTTray.exe
C:\Program Files\Option\GlobeTrotter Connect\GlobeTrotter Connect.exe
C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
--------------------------------------------------
Listing of startup folders:
Shell folders Startup:
[C:\Documents and Settings\Administrator\Start Menu\Programs\Startup]
*No files*
Shell folders AltStartup:
*Folder not found*
User shell folders Startup:
*Folder not found*
User shell folders AltStartup:
*Folder not found*
Shell folders Common Startup:
[C:\Documents and Settings\All Users\Start Menu\Programs\Startup]
BTTray.lnk = ?
GlobeTrotter Connect.lnk = C:\Program Files\Option\GlobeTrotter Connect\GlobeTrotter Connect.exe
Shell folders Common AltStartup:
*Folder not found*
User shell folders Common Startup:
*Folder not found*
User shell folders Alternate Common Startup:
*Folder not found*
--------------------------------------------------
Checking Windows NT UserInit:
[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
UserInit = C:\WINDOWS\system32\userinit.exe,
[HKLM\Software\Microsoft\Windows\CurrentVersion\Winlogon]
*Registry key not found*
[HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
*Registry value not found*
[HKCU\Software\Microsoft\Windows\CurrentVersion\Winlogon]
*Registry key not found*
--------------------------------------------------
Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
NvMediaCenter = RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
MsmqIntCert = regsvr32 /s mqrt.dll
High Definition Audio Property Page Shortcut = CHDAudPropShortcut.exe
ZoneAlarm Client = "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
NvCplDaemon = RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
--------------------------------------------------
Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce
*No values found*
--------------------------------------------------
Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx
*No values found*
--------------------------------------------------
Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices
*No values found*
--------------------------------------------------
Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce
*Registry key not found*
--------------------------------------------------
Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
MsnMsgr = "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
ctfmon.exe = C:\WINDOWS\system32\ctfmon.exe
Steam = C:\Program Files\Valve\Steam\\Steam.exe -silent
--------------------------------------------------
Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce
*No values found*
--------------------------------------------------
Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnceEx
*No values found*
--------------------------------------------------
Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices
*No values found*
--------------------------------------------------
Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce
*No values found*
--------------------------------------------------
Autorun entries from Registry:
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Run
*Registry key not found*
--------------------------------------------------
Autorun entries from Registry:
HKCU\Software\Microsoft\Windows NT\CurrentVersion\Run
*Registry key not found*
--------------------------------------------------
Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
*No subkeys found*
--------------------------------------------------
Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce
*No subkeys found*
--------------------------------------------------
Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx
*No subkeys found*
--------------------------------------------------
Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices
*No subkeys found*
--------------------------------------------------
Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce
*Registry key not found*
--------------------------------------------------
Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
*No subkeys found*
--------------------------------------------------
Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce
*No subkeys found*
--------------------------------------------------
Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnceEx
*No subkeys found*
--------------------------------------------------
Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices
*No subkeys found*
--------------------------------------------------
Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce
*No subkeys found*
--------------------------------------------------
Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Run
*Registry key not found*
--------------------------------------------------
Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows NT\CurrentVersion\Run
*Registry key not found*
--------------------------------------------------
File association entry for .EXE:
HKEY_CLASSES_ROOT\exefile\shell\open\command
(Default) = "%1" %*
--------------------------------------------------
File association entry for .COM:
HKEY_CLASSES_ROOT\comfile\shell\open\command
(Default) = "%1" %*
--------------------------------------------------
File association entry for .BAT:
HKEY_CLASSES_ROOT\batfile\shell\open\command
(Default) = "%1" %*
--------------------------------------------------
File association entry for .PIF:
HKEY_CLASSES_ROOT\piffile\shell\open\command
(Default) = "%1" %*
--------------------------------------------------
File association entry for .SCR:
HKEY_CLASSES_ROOT\scrfile\shell\open\command
(Default) = "%1" /S
--------------------------------------------------
File association entry for .HTA:
HKEY_CLASSES_ROOT\htafile\shell\open\command
(Default) = C:\WINDOWS\system32\mshta.exe "%1" %*
--------------------------------------------------
File association entry for .TXT:
HKEY_CLASSES_ROOT\txtfile\shell\open\command
(Default) = %SystemRoot%\system32\NOTEPAD.EXE %1
--------------------------------------------------
Enumerating Active Setup stub paths:
HKLM\Software\Microsoft\Active Setup\Installed Components
(* = disabled by HKCU twin)
[{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
StubPath = C:\WINDOWS\inf\unregmp2.exe /ShowWMP
[>{26923b43-4d38-484f-9b9e-de460746276c}] *
StubPath = C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig
[>{60B49E34-C7CC-11D0-8953-00A0C90347FF}] *
StubPath = RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
[>{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS] *
StubPath = RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
[>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}] *
StubPath = %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE
[KB910393] *
StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\EasyCDBlock.inf,PerUserInstall
[{2C7339CF-2B09-4501-B3F3-F3508C9228ED}] *
StubPath = %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
[{407408d4-94ed-4d86-ab69-a7f649d112ee}] *
StubPath = %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection QuickLaunchShortcut 640 %systemroot%\inf\mcdftreg.inf
[{44BBA840-CC51-11CF-AAFA-00AA00B6015C}] *
StubPath = "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
[{44BBA842-CC51-11CF-AAFA-00AA00B6015B}] *
StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
[{5945c046-1e7d-11d1-bc44-00c04fd912be}] *
StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
[{6BF52A52-394A-11d3-B153-00C04F79FAA6}] *
StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp.inf,PerUserStub
[{7790769C-0471-11d2-AF11-00C04FA35D02}] *
StubPath = "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
[{89820200-ECBD-11cf-8B85-00AA005B4340}] *
StubPath = regsvr32.exe /s /n /i:U shell32.dll
[{89820200-ECBD-11cf-8B85-00AA005B4383}] *
StubPath = C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
[{89B4C1CD-B018-4511-B0A1-5476DBF70820}] *
StubPath = C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install
--------------------------------------------------
Enumerating ICQ Agent Autostart apps:
HKCU\Software\Mirabilis\ICQ\Agent\Apps
*Registry key not found*
--------------------------------------------------
Load/Run keys from C:\WINDOWS\WIN.INI:
load=*INI section not found*
run=*INI section not found*
Load/Run keys from Registry:
HKLM\..\Windows NT\CurrentVersion\WinLogon: load=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\WinLogon: run=*Registry value not found*
HKLM\..\Windows\CurrentVersion\WinLogon: load=*Registry key not found*
HKLM\..\Windows\CurrentVersion\WinLogon: run=*Registry key not found*
HKCU\..\Windows NT\CurrentVersion\WinLogon: load=*Registry value not found*
HKCU\..\Windows NT\CurrentVersion\WinLogon: run=*Registry value not found*
HKCU\..\Windows\CurrentVersion\WinLogon: load=*Registry key not found*
HKCU\..\Windows\CurrentVersion\WinLogon: run=*Registry key not found*
HKCU\..\Windows NT\CurrentVersion\Windows: load=*Registry value not found*
HKCU\..\Windows NT\CurrentVersion\Windows: run=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\Windows: load=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\Windows: run=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\Windows: AppInit_DLLs=
--------------------------------------------------
Shell & screensaver key from C:\WINDOWS\SYSTEM.INI:
Shell=*INI section not found*
SCRNSAVE.EXE=*INI section not found*
drivers=*INI section not found*
Shell & screensaver key from Registry:
Shell=Explorer.exe
SCRNSAVE.EXE=C:\WINDOWS\system32\ss3dfo.scr
drivers=*Registry value not found*
Policies Shell key:
HKCU\..\Policies: Shell=*Registry value not found*
HKLM\..\Policies: Shell=*Registry value not found*
--------------------------------------------------
Checking for EXPLORER.EXE instances:
C:\WINDOWS\Explorer.exe: PRESENT!
C:\Explorer.exe: not present
C:\WINDOWS\Explorer\Explorer.exe: not present
C:\WINDOWS\System\Explorer.exe: not present
C:\WINDOWS\System32\Explorer.exe: not present
C:\WINDOWS\Command\Explorer.exe: not present
C:\WINDOWS\Fonts\Explorer.exe: not present
--------------------------------------------------
Checking for superhidden extensions:
.lnk: HIDDEN! (arrow overlay: yes)
.pif: HIDDEN! (arrow overlay: yes)
.exe: not hidden
.com: not hidden
.bat: not hidden
.hta: not hidden
.scr: not hidden
.shs: HIDDEN!
.shb: HIDDEN!
.vbs: not hidden
.vbe: not hidden
.wsh: not hidden
.scf: HIDDEN! (arrow overlay: NO!)
.url: HIDDEN! (arrow overlay: yes)
.js: not hidden
.jse: not hidden
--------------------------------------------------
Verifying REGEDIT.EXE integrity:
- Regedit.exe found in C:\WINDOWS
- .reg open command is normal (regedit.exe %1)
- Company name OK: 'Microsoft Corporation'
- Original filename OK: 'REGEDIT.EXE'
- File description: 'Registry Editor'
Registry check passed
--------------------------------------------------
Enumerating Browser Helper Objects:
(no name) - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
BitComet ClickCapture - C:\Program Files\BitComet\tools\BitCometBHO.dll - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60}
(no name) - C:\PROGRA~1\SPYBOT~1\SDHelper.dll - {53707962-6F74-2D53-2644-206D7942484F}
(no name) - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}
(no name) - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D}
--------------------------------------------------
Enumerating Task Scheduler jobs:
AppleSoftwareUpdate.job
--------------------------------------------------
Enumerating Download Program Files:
[CKAVWebScan Object]
InProcServer32 = C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavwebscan.dll
CODEBASE = http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
[{4F1E5B1A-2A80-42CA-8532-2D05CB959537}]
CODEBASE = http://by115fd.bay115.hotmail.msn.com/resources/MsnPUpld.cab
[Java Plug-in 1.6.0_04]
InProcServer32 = C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
CODEBASE = http://java.sun.com/update/1.6.0/jinstall-1_6_0_04-windows-i586.cab
[Java Plug-in 1.6.0_04]
InProcServer32 = C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
CODEBASE = http://java.sun.com/update/1.6.0/jinstall-1_6_0_04-windows-i586.cab
[Java Plug-in 1.6.0_04]
InProcServer32 = C:\Program Files\Java\jre1.6.0_04\bin\npjpi160_04.dll
CODEBASE = http://java.sun.com/update/1.6.0/jinstall-1_6_0_04-windows-i586.cab
[Shockwave Flash Object]
InProcServer32 = C:\WINDOWS\system32\Macromed\Flash\Flash9c.ocx
CODEBASE = http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
--------------------------------------------------
Enumerating Winsock LSP files:
NameSpace #1: C:\WINDOWS\System32\mswsock.dll
NameSpace #2: C:\WINDOWS\System32\winrnr.dll
NameSpace #3: C:\WINDOWS\System32\mswsock.dll
NameSpace #4: C:\WINDOWS\System32\nwprovau.dll
Protocol #1: C:\WINDOWS\system32\mswsock.dll
Protocol #2: C:\WINDOWS\system32\mswsock.dll
Protocol #3: C:\WINDOWS\system32\mswsock.dll
Protocol #4: C:\WINDOWS\system32\rsvpsp.dll
Protocol #5: C:\WINDOWS\system32\rsvpsp.dll
Protocol #6: C:\WINDOWS\system32\mswsock.dll
Protocol #7: C:\WINDOWS\system32\mswsock.dll
Protocol #8: C:\WINDOWS\system32\mswsock.dll
Protocol #9: C:\WINDOWS\system32\mswsock.dll
Protocol #10: C:\WINDOWS\system32\mswsock.dll
Protocol #11: C:\WINDOWS\system32\mswsock.dll
Protocol #12: C:\WINDOWS\system32\mswsock.dll
Protocol #13: C:\WINDOWS\system32\mswsock.dll
Protocol #14: C:\WINDOWS\system32\mswsock.dll
Protocol #15: C:\WINDOWS\system32\mswsock.dll
Protocol #16: C:\WINDOWS\system32\mswsock.dll
Protocol #17: C:\WINDOWS\system32\mswsock.dll
Protocol #18: C:\WINDOWS\system32\mswsock.dll
Protocol #19: C:\WINDOWS\system32\mswsock.dll
Protocol #20: C:\WINDOWS\system32\mswsock.dll
Protocol #21: C:\WINDOWS\system32\mswsock.dll
Protocol #22: C:\WINDOWS\system32\mswsock.dll
Protocol #23: C:\WINDOWS\system32\mswsock.dll
Protocol #24: C:\WINDOWS\system32\mswsock.dll
Protocol #25: C:\WINDOWS\system32\mswsock.dll
Protocol #26: C:\WINDOWS\system32\mswsock.dll
Protocol #27: C:\WINDOWS\system32\mswsock.dll
Protocol #28: C:\WINDOWS\system32\mswsock.dll
Protocol #29: C:\WINDOWS\system32\mswsock.dll
Protocol #30: C:\WINDOWS\system32\mswsock.dll
Protocol #31: C:\WINDOWS\system32\mswsock.dll
Protocol #32: C:\WINDOWS\system32\mswsock.dll
--------------------------------------------------
Enumerating Windows NT/2000/XP services
abp480n5: \SystemRoot\system32\DRIVERS\ABP480N5.SYS (disabled)
Microsoft ACPI Driver: system32\DRIVERS\ACPI.sys (system)
Microsoft Embedded Controller Driver: system32\DRIVERS\ACPIEC.sys (system)
AddFiltr: "C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe" (manual start)
adpu160m: \SystemRoot\system32\DRIVERS\adpu160m.sys (disabled)
Microsoft Kernel Acoustic Echo Canceller: system32\drivers\aec.sys (manual start)
AFD: \SystemRoot\System32\drivers\afd.sys (system)
Intel AGP Bus Filter: \SystemRoot\system32\DRIVERS\agp440.sys (disabled)
Compaq AGP Bus Filter: \SystemRoot\system32\DRIVERS\agpCPQ.sys (disabled)
Aha154x: \SystemRoot\system32\DRIVERS\aha154x.sys (disabled)
aic78u2: \SystemRoot\system32\DRIVERS\aic78u2.sys (disabled)
aic78xx: \SystemRoot\system32\DRIVERS\aic78xx.sys (disabled)
Alerter: %SystemRoot%\system32\svchost.exe -k LocalService (disabled)
Application Layer Gateway Service: %SystemRoot%\System32\alg.exe (manual start)
AliIde: system32\DRIVERS\aliide.sys (system)
ALI AGP Bus Filter: \SystemRoot\system32\DRIVERS\alim1541.sys (disabled)
AMD AGP Bus Filter Driver: \SystemRoot\system32\DRIVERS\amdagp.sys (disabled)
AMD Processor Driver: system32\DRIVERS\AmdK8.sys (system)
amsint: \SystemRoot\system32\DRIVERS\amsint.sys (disabled)
AntiVir PersonalEdition Classic Scheduler: "C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe" (autostart)
AntiVir PersonalEdition Classic Guard: "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe" (autostart)
Application Management: %SystemRoot%\system32\svchost.exe -k netsvcs (manual start)
1394 ARP Client Protocol: system32\DRIVERS\arp1394.sys (manual start)
asc: \SystemRoot\system32\DRIVERS\asc.sys (disabled)
asc3350p: \SystemRoot\system32\DRIVERS\asc3350p.sys (disabled)
asc3550: \SystemRoot\system32\DRIVERS\asc3550.sys (disabled)
ASP.NET State Service: %SystemRoot%\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe (manual start)
RAS Asynchronous Media Driver: system32\DRIVERS\asyncmac.sys (manual start)
Standard IDE/ESDI Hard Disk Controller: system32\DRIVERS\atapi.sys (system)
ATM ARP Client Protocol: system32\DRIVERS\atmarpc.sys (manual start)
Windows Audio: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Audio Stub Driver: system32\DRIVERS\audstub.sys (manual start)
AVG Anti-Spyware Driver: \??\C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.sys (system)
AVG Anti-Spyware Guard: C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe (autostart)
AVG Anti-Spyware Clean Driver: System32\DRIVERS\AvgAsCln.sys (system)
avgio: \??\C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgio.sys (system)
avgntflt: \??\C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgntflt.sys (manual start)
avipbb: system32\DRIVERS\avipbb.sys (system)
Broadcom 802.11 -verkkosovittimen ohjain: system32\DRIVERS\bcmwl5.sys (manual start)
Background Intelligent Transfer Service: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
Computer Browser: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
Bluetooth-äänilaite: system32\drivers\btaudio.sys (manual start)
Bluetooth-näennäistietoliikenneohjain: system32\DRIVERS\btport.sys (manual start)
Bluetooth-väyläluetteloija: system32\DRIVERS\btkrnl.sys (manual start)
Bluetooth Service: C:\Program Files\WIDCOMM\Bluetooth-ohjelmisto\bin\btwdins.exe (autostart)
Bluetooth-lähiverkkopalvelin: system32\DRIVERS\btwdndis.sys (manual start)
WIDCOMM USB Bluetooth Driver: System32\Drivers\btwusb.sys (manual start)
catchme: \??\C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\catchme.sys (manual start)
cbidf: \SystemRoot\system32\DRIVERS\cbidf2k.sys (disabled)
Closed Caption Decoder: system32\DRIVERS\CCDECODE.sys (manual start)
cd20xrnt: \SystemRoot\system32\DRIVERS\cd20xrnt.sys (disabled)
CD-ROM Driver: system32\DRIVERS\cdrom.sys (system)
Indexing Service: %SystemRoot%\system32\cisvc.exe (manual start)
ClipBook: %SystemRoot%\system32\clipsrv.exe (disabled)
Microsoft ACPI Control Method Battery Driver: system32\DRIVERS\CmBatt.sys (manual start)
CmdIde: \SystemRoot\system32\DRIVERS\cmdide.sys (disabled)
Microsoft Composite Battery Driver: system32\DRIVERS\compbatt.sys (system)
COM System Application: C:\WINDOWS\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235} (manual start)
Cpqarray: \SystemRoot\system32\DRIVERS\cpqarray.sys (disabled)
Cryptographic Services: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
dac2w2k: \SystemRoot\system32\DRIVERS\dac2w2k.sys (disabled)
dac960nt: \SystemRoot\system32\DRIVERS\dac960nt.sys (disabled)
DCOM Server Process Launcher: %SystemRoot%\system32\svchost -k DcomLaunch (autostart)
DHCP Client: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
Disk Driver: system32\DRIVERS\disk.sys (system)
Logical Disk Manager Administrative Service: %SystemRoot%\System32\dmadmin.exe /com (manual start)
dmboot: System32\drivers\dmboot.sys (disabled)
Logical Disk Manager Driver: System32\drivers\dmio.sys (system)
dmload: System32\drivers\dmload.sys (system)
Logical Disk Manager: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Microsoft Kernel DLS Syntheiszer: system32\drivers\DMusic.sys (manual start)
DNS Client: %SystemRoot%\system32\svchost.exe -k NetworkService (autostart)
dpti2o: \SystemRoot\system32\DRIVERS\dpti2o.sys (disabled)
Microsoft Kernel DRM Audio Descrambler: system32\drivers\drmkaud.sys (manual start)
eabfiltr: system32\DRIVERS\eabfiltr.sys (system)
eabusb: system32\DRIVERS\eabusb.sys (manual start)
Media Center - Vastaanotinpalvelu: C:\WINDOWS\eHome\ehRecvr.exe (autostart)
Media Center - Ajastinpalvelu: C:\WINDOWS\eHome\ehSched.exe (autostart)
Error Reporting Service: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Event Log: %SystemRoot%\system32\services.exe (autostart)
COM Event System: C:\WINDOWS\system32\svchost.exe -k netsvcs (manual start)
Fast User Switching Compatibility: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
FltMgr: system32\DRIVERS\fltMgr.sys (system)
Volume Manager Driver: system32\DRIVERS\ftdisk.sys (system)
Generic Packet Classifier: system32\DRIVERS\msgpc.sys (manual start)
GtFlashSwitch: "C:\Program Files\Common Files\GtFlashSwitch\GtFlashSwitch.exe" (autostart)
GT M 3G IRP NDIS: system32\DRIVERS\Gtm51Irp.sys (manual start)
GT PT SER: system32\DRIVERS\gtptser.sys (manual start)
GT UQ BUS: system32\DRIVERS\gtuqbus.sys (manual start)
HBtnKey: system32\DRIVERS\cpqbttn.sys (manual start)
Microsoft UAA Function Driver for High Definition Audio Service: system32\drivers\CHDAud.sys (manual start)
Microsoft UAA Bus Driver for High Definition Audio: system32\DRIVERS\HDAudBus.sys (manual start)
Help and Support: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
HID Input Service: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Microsoft HID Class Driver: system32\DRIVERS\hidusb.sys (manual start)
hpn: \SystemRoot\system32\DRIVERS\hpn.sys (disabled)
hpqwmiex: C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe (autostart)
HSFHWAZL: system32\DRIVERS\HSFHWAZL.sys (manual start)
HSF_DPV: system32\DRIVERS\HSF_DPV.sys (manual start)
HTTP: System32\Drivers\HTTP.sys (manual start)
HTTP SSL: %SystemRoot%\System32\svchost.exe -k HTTPFilter (manual start)
i2omp: \SystemRoot\system32\DRIVERS\i2omp.sys (disabled)
i8042 Keyboard and PS/2 Mouse Port Driver: system32\DRIVERS\i8042prt.sys (system)
Intel AHCI Controller: \SystemRoot\system32\DRIVERS\iaStor.sys (disabled)
InstallDriver Table Manager: "c:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe" (manual start)
CD-Burning Filter Driver: system32\DRIVERS\imapi.sys (system)
IMAPI CD-Burning COM Service: C:\WINDOWS\system32\imapi.exe (manual start)
ini910u: \SystemRoot\system32\DRIVERS\ini910u.sys (disabled)
IntelIde: system32\DRIVERS\intelide.sys (system)
IPv6 Windows Firewall Driver: system32\DRIVERS\Ip6Fw.sys (manual start)
IP Traffic Filter Driver: system32\DRIVERS\ipfltdrv.sys (manual start)
IP in IP Tunnel Driver: system32\DRIVERS\ipinip.sys (manual start)
IP Network Address Translator: system32\DRIVERS\ipnat.sys (manual start)
iPod-palvelu: "C:\Program Files\iPod\bin\iPodService.exe" (manual start)
IPSEC driver: system32\DRIVERS\ipsec.sys (system)
IR Enumerator Service: system32\DRIVERS\irenum.sys (manual start)
PnP ISA/EISA Bus Driver: system32\DRIVERS\isapnp.sys (system)
Sony Ericsson 750 driver (WDM): system32\DRIVERS\k750bus.sys (manual start)
Sony Ericsson 750 USB WMC Modem Filter: system32\DRIVERS\k750mdfl.sys (manual start)
Sony Ericsson 750 USB WMC Modem Drivers: system32\DRIVERS\k750mdm.sys (manual start)
Sony Ericsson 750 USB WMC OBEX Interface Drivers: system32\DRIVERS\k750obex.sys (manual start)
Keyboard Class Driver: system32\DRIVERS\kbdclass.sys (system)
Keyboard HID Driver: system32\DRIVERS\kbdhid.sys (system)
KLIF: system32\DRIVERS\klif.sys (system)
Microsoft Kernel Wave Audio Mixer: system32\drivers\kmixer.sys (manual start)
Server: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
Workstation: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
LightScribeService Direct Disc Labeling Service: "C:\Program Files\Common Files\LightScribe\LSSrvc.exe" (autostart)
TCP/IP NetBIOS Helper: %SystemRoot%\system32\svchost.exe -k LocalService (autostart)
Media Center Extender Service: C:\WINDOWS\ehome\mcrdsvc.exe (autostart)
mdmxsdk: system32\DRIVERS\mdmxsdk.sys (autostart)
Messenger: %SystemRoot%\system32\svchost.exe -k netsvcs (disabled)
MHN: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
MHN driver: system32\DRIVERS\mhndrv.sys (manual start)
NetMeeting Remote Desktop Sharing: C:\WINDOWS\system32\mnmsrvc.exe (manual start)
Mouse Class Driver: system32\DRIVERS\mouclass.sys (system)
Mouse HID Driver: system32\DRIVERS\mouhid.sys (manual start)
Message Queuing access control: \??\C:\WINDOWS\system32\drivers\mqac.sys (manual start)
mraid35x: \SystemRoot\system32\DRIVERS\mraid35x.sys (disabled)
WebDav Client Redirector: system32\DRIVERS\mrxdav.sys (manual start)
MRXSMB: system32\DRIVERS\mrxsmb.sys (system)
Distributed Transaction Coordinator: C:\WINDOWS\system32\msdtc.exe (manual start)
Windows Installer: %systemroot%\system32\msiexec.exe /V (manual start)
Microsoft Streaming Service Proxy: system32\drivers\MSKSSRV.sys (manual start)
Message Queuing: C:\WINDOWS\system32\mqsvc.exe (autostart)
Message Queuing Triggers: C:\WINDOWS\system32\mqtgsvc.exe (autostart)
Microsoft Streaming Clock Proxy: system32\drivers\MSPCLOCK.sys (manual start)
Microsoft Streaming Quality Manager Proxy: system32\drivers\MSPQM.sys (manual start)
Microsoft System Management BIOS Driver: system32\DRIVERS\mssmbios.sys (manual start)
Microsoft Streaming Tee/Sink-to-Sink Converter: system32\drivers\MSTEE.sys (manual start)
NABTS/FEC VBI Codec: system32\DRIVERS\NABTSFEC.sys (manual start)
NBService: C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe (manual start)
Microsoft TV/Video Connection: system32\DRIVERS\NdisIP.sys (manual start)
Remote Access NDIS TAPI Driver: system32\DRIVERS\ndistapi.sys (manual start)
NDIS Usermode I/O Protocol: system32\DRIVERS\ndisuio.sys (manual start)
Remote Access NDIS WAN Driver: system32\DRIVERS\ndiswan.sys (manual start)
NetBIOS Interface: system32\DRIVERS\netbios.sys (system)
NetBios over Tcpip: system32\DRIVERS\netbt.sys (system)
Network DDE: %SystemRoot%\system32\netdde.exe (disabled)
Network DDE DSDM: %SystemRoot%\system32\netdde.exe (disabled)
Net Logon: %SystemRoot%\system32\lsass.exe (manual start)
Network Connections: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
1394 Net Driver: system32\DRIVERS\nic1394.sys (manual start)
Network Location Awareness (NLA): %SystemRoot%\system32\svchost.exe -k netsvcs (manual start)
NT LM Security Support Provider: %SystemRoot%\system32\lsass.exe (manual start)
Removable Storage: %SystemRoot%\system32\svchost.exe -k netsvcs (disabled)
nv: system32\DRIVERS\nv4_mini.sys (manual start)
nvata: system32\DRIVERS\nvata.sys (system)
NVIDIA nForce Networking Controller Driver: system32\DRIVERS\NVENETFD.sys (manual start)
NVIDIA Network Bus Enumerator: system32\DRIVERS\nvnetbus.sys (manual start)
nvsmu: system32\DRIVERS\nvsmu.sys (manual start)
NVIDIA Display Driver Service: %SystemRoot%\system32\nvsvc32.exe (autostart)
IPX Traffic Filter Driver: system32\DRIVERS\nwlnkflt.sys (manual start)
IPX Traffic Forwarder Driver: system32\DRIVERS\nwlnkfwd.sys (manual start)
NWLink IPX/SPX/NetBIOS Compatible Transport Protocol: system32\DRIVERS\nwlnkipx.sys (autostart)
NWLink NetBIOS: system32\DRIVERS\nwlnknb.sys (autostart)
NWLink SPX/SPXII Protocol: system32\DRIVERS\nwlnkspx.sys (autostart)
OHCI Compliant IEEE 1394 Host Controller: system32\DRIVERS\ohci1394.sys (system)
PCI Bus Driver: system32\DRIVERS\pci.sys (system)
PCIIde: system32\DRIVERS\pciide.sys (system)
Pcmcia: system32\DRIVERS\pcmcia.sys (system)
perc2: \SystemRoot\system32\DRIVERS\perc2.sys (disabled)
perc2hib: \SystemRoot\system32\DRIVERS\perc2hib.sys (disabled)
Plug and Play: %SystemRoot%\system32\services.exe (autostart)
IPSEC Services: %SystemRoot%\system32\lsass.exe (autostart)
WAN Miniport (PPTP): system32\DRIVERS\raspptp.sys (manual start)
Protected Storage: %SystemRoot%\system32\lsass.exe (autostart)
QoS Packet Scheduler: system32\DRIVERS\psched.sys (manual start)
Direct Parallel Link Driver: system32\DRIVERS\ptilink.sys (manual start)
PxHelp20: System32\Drivers\PxHelp20.sys (system)
ql1080: \SystemRoot\system32\DRIVERS\ql1080.sys (disabled)
Ql10wnt: \SystemRoot\system32\DRIVERS\ql10wnt.sys (disabled)
ql12160: \SystemRoot\system32\DRIVERS\ql12160.sys (disabled)
ql1240: \SystemRoot\system32\DRIVERS\ql1240.sys (disabled)
ql1280: \SystemRoot\system32\DRIVERS\ql1280.sys (disabled)
Remote Access Auto Connection Driver: system32\DRIVERS\rasacd.sys (system)
Remote Access Auto Connection Manager: %SystemRoot%\system32\svchost.exe -k netsvcs (manual start)
WAN Miniport (L2TP): system32\DRIVERS\rasl2tp.sys (manual start)
Remote Access Connection Manager: %SystemRoot%\system32\svchost.exe -k netsvcs (manual start)
Remote Access PPPOE Driver: system32\DRIVERS\raspppoe.sys (manual start)
Direct Parallel: system32\DRIVERS\raspti.sys (manual start)
Rdbss: system32\DRIVERS\rdbss.sys (system)
RDPCDD: System32\DRIVERS\RDPCDD.sys (system)
Terminal Server Device Redirector Driver: system32\DRIVERS\rdpdr.sys (manual start)
Etätyöpöydän ohjeen istunnonhallinta: C:\WINDOWS\system32\sessmgr.exe (manual start)
Digital CD Audio Playback Filter Driver: system32\DRIVERS\redbook.sys (system)
Routing and Remote Access: %SystemRoot%\system32\svchost.exe -k netsvcs (disabled)
Remote Registry: %SystemRoot%\system32\svchost.exe -k LocalService (autostart)
rimmptsk: system32\DRIVERS\rimmptsk.sys (manual start)
rimsptsk: system32\DRIVERS\rimsptsk.sys (manual start)
Ricoh xD-Picture Card Driver: system32\DRIVERS\rixdptsk.sys (manual start)
Reliable Multicast Protocol driver: \??\C:\WINDOWS\system32\drivers\RMCast.sys (manual start)
Remote Procedure Call (RPC) Locator: %SystemRoot%\system32\locator.exe (manual start)
Remote Procedure Call (RPC): %SystemRoot%\system32\svchost -k rpcss (autostart)
QoS RSVP: %SystemRoot%\system32\rsvp.exe (manual start)
Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver: system32\DRIVERS\RTL8139.SYS (manual start)
Security Accounts Manager: %SystemRoot%\system32\lsass.exe (autostart)
Smart Card: %SystemRoot%\System32\SCardSvr.exe (manual start)
Task Scheduler: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
sdbus: system32\DRIVERS\sdbus.sys (manual start)
Secdrv: system32\DRIVERS\secdrv.sys (manual start)
Secondary Logon: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
System Event Notification: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
ServiceLayer: "C:\Program Files\PC Connectivity Solution\ServiceLayer.exe" (manual start)
Windows Firewall/Internet Connection Sharing (ICS): %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Shell Hardware Detection: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
SIS AGP Bus Filter: \SystemRoot\system32\DRIVERS\sisagp.sys (disabled)
BDA Slip De-Framer: system32\DRIVERS\SLIP.sys (manual start)
Sparrow: \SystemRoot\system32\DRIVERS\sparrow.sys (disabled)
Microsoft Kernel Audio Splitter: system32\drivers\splitter.sys (manual start)
Print Spooler: %SystemRoot%\system32\spoolsv.exe (autostart)
System Restore Filter Driver: system32\DRIVERS\sr.sys (system)
srescan: system32\ZoneLabs\srescan.sys (system)
System Restore Service: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
Srv: system32\DRIVERS\srv.sys (manual start)
SSDP Discovery Service: %SystemRoot%\system32\svchost.exe -k LocalService (autostart)
ssmdrv: system32\DRIVERS\ssmdrv.sys (system)
Windows Image Acquisition (WIA): %SystemRoot%\system32\svchost.exe -k imgsvc (autostart)
BDA IPSink: system32\DRIVERS\StreamIP.sys (manual start)
Software Bus Driver: system32\DRIVERS\swenum.sys (manual start)
Microsoft Kernel GS Wavetable Synthesizer: system32\drivers\swmidi.sys (manual start)
MS Software Shadow Copy Provider: C:\WINDOWS\system32\dllhost.exe /Processid:{19FECBC3-1DCF-4BBF-91D0-1A8453A9611E} (manual start)
symc810: \SystemRoot\system32\DRIVERS\symc810.sys (disabled)
symc8xx: \SystemRoot\system32\DRIVERS\symc8xx.sys (disabled)
sym_hi: \SystemRoot\system32\DRIVERS\sym_hi.sys (disabled)
sym_u3: \SystemRoot\system32\DRIVERS\sym_u3.sys (disabled)
Synaptics TouchPad Driver: system32\DRIVERS\SynTP.sys (manual start)
Microsoft Kernel System Audio Device: system32\drivers\sysaudio.sys (manual start)
Performance Logs and Alerts: %SystemRoot%\system32\smlogsvc.exe (manual start)
Telephony: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
TCP/IP Protocol Driver: system32\DRIVERS\tcpip.sys (system)
Terminal Device Driver: system32\DRIVERS\termdd.sys (system)
Terminal Services: %SystemRoot%\System32\svchost -k DComLaunch (manual start)
Themes: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Telnet: C:\WINDOWS\system32\tlntsvr.exe (disabled)
TosIde: \SystemRoot\system32\DRIVERS\toside.sys (disabled)
Distributed Link Tracking Client: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
Conexant Setup API: system32\DRIVERS\UIUSYS.SYS (manual start)
ultra: \SystemRoot\system32\DRIVERS\ultra.sys (disabled)
Windows User Mode Driver Framework: C:\WINDOWS\system32\wdfmgr.exe (manual start)
Microcode Update Driver: system32\DRIVERS\update.sys (manual start)
Universal Plug and Play Device Host: %SystemRoot%\system32\svchost.exe -k LocalService (manual start)
Uninterruptible Power Supply: %SystemRoot%\System32\ups.exe (manual start)
USB Audio Driver (WDM): system32\drivers\usbaudio.sys (manual start)
Microsoft USB Generic Parent Driver: system32\DRIVERS\usbccgp.sys (manual start)
Microsoft USB 2.0 Enhanced Host Controller Miniport Driver: system32\DRIVERS\usbehci.sys (manual start)
USB2 Enabled Hub: system32\DRIVERS\usbhub.sys (manual start)
Microsoft USB Open Host Controller Miniport Driver: system32\DRIVERS\usbohci.sys (manual start)
Microsoft USB PRINTER Class: system32\DRIVERS\usbprint.sys (manual start)
USB Scanner Driver: system32\DRIVERS\usbscan.sys (manual start)
USB Mass Storage Driver: system32\DRIVERS\USBSTOR.SYS (manual start)
Microsoft USB Universal Host Controller Miniport Driver: system32\DRIVERS\usbuhci.sys (manual start)
USB Video Device (WDM): System32\Drivers\usbvideo.sys (manual start)
Messengerin jaettavien kansioiden USN Journal -lokin lukupalvelu: "C:\Program Files\MSN Messenger\usnsvc.exe" (manual start)
TuneUp Theme Extension: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
VgaSave: \SystemRoot\System32\drivers\vga.sys (system)
VIA AGP Bus Filter: \SystemRoot\system32\DRIVERS\viaagp.sys (disabled)
ViaIde: system32\DRIVERS\viaide.sys (system)
vsdatant: System32\vsdatant.sys (system)
TrueVector Internet Monitor: C:\WINDOWS\system32\ZoneLabs\vsmon.exe -service (autostart)
Volume Shadow Copy: %SystemRoot%\System32\vssvc.exe (manual start)
Windows Time: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Remote Access IP ARP Driver: system32\DRIVERS\wanarp.sys (manual start)
Microsoft WINMM WDM Audio Compatibility Driver: system32\drivers\wdmaud.sys (manual start)
WebClient: %SystemRoot%\system32\svchost.exe -k LocalService (autostart)
winachsf: system32\DRIVERS\HSF_CNXT.sys (manual start)
Windows Management Instrumentation: %systemroot%\system32\svchost.exe -k netsvcs (autostart)
Windows Media Connect -palvelu: C:\Program Files\Windows Media Connect 2\wmccds.exe (manual start)
Portable Media Serial Number Service: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
Windows Management Instrumentation Driver Extensions: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
Microsoft Windows Management Interface for ACPI: system32\DRIVERS\wmiacpi.sys (system)
WMI Performance Adapter: C:\WINDOWS\system32\wbem\wmiapsrv.exe (manual start)
Security Center: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
World Standard Teletext Codec: system32\DRIVERS\WSTCODEC.SYS (manual start)
Automatic Updates: %systemroot%\system32\svchost.exe -k netsvcs (autostart)
Wireless Zero Configuration: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Network Provisioning Service: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
--------------------------------------------------
Enumerating Windows NT logon/logoff scripts:
*No scripts set to run*
Windows NT checkdisk command:
BootExecute = autocheck autochk *
Windows NT 'Wininit.ini':
PendingFileRenameOperations: *Registry value not found*
--------------------------------------------------
Enumerating ShellServiceObjectDelayLoad items:
PostBootReminder: C:\WINDOWS\system32\SHELL32.dll
CDBurn: C:\WINDOWS\system32\SHELL32.dll
WebCheck: C:\WINDOWS\system32\webcheck.dll
SysTray: C:\WINDOWS\system32\stobject.dll
--------------------------------------------------
Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run
*No values found*
--------------------------------------------------
Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run
*No values found*
--------------------------------------------------
End of report, 41,770 bytes
Report generated in 0.500 seconds
Command line options:
/verbose - to add additional info on each section
/complete - to include empty sections and unsuspicious data
/full - to include several rarely-important sections
/force9x - to include Win9x-only startups even if running on WinNT
/forcent - to include WinNT-only startups even if running on Win9x
/forceall - to include all Win9x and WinNT startups, regardless of platform
/history - to list version history only - axa.doe
aatu kirjoitti:
uninstall list:
Adobe Flash Player ActiveX
Adobe Reader 7.0.9 - Suomi
Apple Software Update
ArcSoft PhotoStudio 5.5
AVG Anti-Spyware 7.5
Avira AntiVir PersonalEdition Classic
BitComet 0.82
BSPlayer
Canon MP Navigator 2.0
Canon MP170
Canon Utilities Easy-PhotoPrint
CCleaner (remove only)
Conexant HD Audio
Easy-WebPrint
GlobeTrotter Connect
Google Earth
Half-Life(R) 2
HijackThis 2.0.2
Hotfix for Windows XP (KB896256)
Hotfix for Windows XP (KB909095)
Hotfix for Windows XP (KB910728)
Hotfix for Windows XP (KB912436)
Hotfix for Windows XP (KB915865)
HP Help and Support
HP Imaging Device Functions 6.0
HP Integrated Module with Bluetooth wireless technology
HP Pavilion Webcam Tray Icon
HP Photosmart Premier Software 6.0
HP Quick Launch Buttons 6.10 A2
HP QuickPlay 2.3
HP Update
HP User Guides 0031
HP Wireless Assistant 2.00 G2
Java(TM) 6 Update 4
Kaspersky Online Scanner
Localization Pack for Microsoft Windows XP Media Center Edition
Macromedia Shockwave Player
Microsoft .NET Framework 1.0 Hotfix (KB887998)
Microsoft .NET Framework 1.0 Hotfix (KB930494)
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Finnish Language Pack
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Works
Microsoft Works 7.0
Mozilla Firefox (2.0.0.12)
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
Nero 7 Ultra Edition
Nokia Lifeblog 2.1
Nokia Maploader
Nokia Software Updater
NVIDIA Drivers
OmniPage SE 2.0
Opera 9.23
PAF POKER (remove only)
PC Connectivity Solution
PhotoFiltre
QuickTime
Security Update for CAPICOM (KB931906)
Security Update for CAPICOM (KB931906)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB893066)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901190)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB903235)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913446)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB921503)
Security Update for Windows XP (KB922616)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923694)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925454)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928090)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB929969)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931768)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB933566)
Security Update for Windows XP (KB933729)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
Security Update for Windows XP (KB936021)
Security Update for Windows XP (KB937143)
Security Update for Windows XP (KB937894)
Security Update for Windows XP (KB938127)
Security Update for Windows XP (KB938829)
Security Update for Windows XP (KB939653)
Security Update for Windows XP (KB941202)
Security Update for Windows XP (KB941568)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB941644)
Security Update for Windows XP (KB942615)
Security Update for Windows XP (KB943055)
Security Update for Windows XP (KB943485)
Security Update for Windows XP (KB944653)
Security Update for Windows XP (KB946026)
Skype™ 3.6
Soft Data Fax Modem with SmartCP
Sonic Audio Module
Sonic Copy Module
Sonic Data Module
Sonic Express Labeler
Sonic MyDVD Plus
Sonic Update Manager
SonicAC3Encoder
SonicMPEGEncoder
Spybot - Search & Destroy 1.4
SpywareBlaster v3.5.1
Steam(TM)
TuneUp Utilities 2007
UltimateZip 2.7
Update for Windows Media Player 10 (KB913800)
Update for Windows Media Player 10 (KB926251)
Update for Windows XP (KB894391)
Update for Windows XP (KB896727)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB908531)
Update for Windows XP (KB910437)
Update for Windows XP (KB911164)
Update for Windows XP (KB911280)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB927891)
Update for Windows XP (KB929338)
Update for Windows XP (KB930916)
Update for Windows XP (KB931836)
Update for Windows XP (KB933360)
Update for Windows XP (KB938828)
Update for Windows XP (KB942763)
Update for Windows XP (KB942840)
VideoLAN VLC media player 0.8.6a
Winamp
Windows Driver Package - Nokia (WUDFRd) WPD (03/19/2007 6.83.31.1)
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows Live Messenger
Windows Media Connect
Windows Media Format Runtime
Windows Media Player Firefox Plugin
Windows XP Hotfix - KB873333
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB885855
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888239
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890546
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891220
Windows XP Hotfix - KB891781
Windows XP Hotfix - KB892559
Windows XP Media Center Edition 2005 KB888316
Windows XP Media Center Edition 2005 KB895678
Windows XP Media Center Edition 2005 KB908250
WinRAR archiver
ZoneAlarm
startup list:
StartupList report, 2008-02-22, 13:17:50
StartupList version: 1.52.2
Started from : C:\Program Files\Trend Micro\HijackThis\HijackThis.EXE
Detected: Windows XP SP2 (WinNT 5.01.2600)
Detected: Internet Explorer v7.00 (7.00.6000.16608)
* Using default options
* Including empty and uninteresting sections
* Showing rarely important sections
==================================================
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\WIDCOMM\Bluetooth-ohjelmisto\bin\btwdins.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\GtFlashSwitch\GtFlashSwitch.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\mqsvc.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\WINDOWS\system32\mqtgsvc.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\WIDCOMM\Bluetooth-ohjelmisto\BTTray.exe
C:\Program Files\Option\GlobeTrotter Connect\GlobeTrotter Connect.exe
C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
--------------------------------------------------
Listing of startup folders:
Shell folders Startup:
[C:\Documents and Settings\Administrator\Start Menu\Programs\Startup]
*No files*
Shell folders AltStartup:
*Folder not found*
User shell folders Startup:
*Folder not found*
User shell folders AltStartup:
*Folder not found*
Shell folders Common Startup:
[C:\Documents and Settings\All Users\Start Menu\Programs\Startup]
BTTray.lnk = ?
GlobeTrotter Connect.lnk = C:\Program Files\Option\GlobeTrotter Connect\GlobeTrotter Connect.exe
Shell folders Common AltStartup:
*Folder not found*
User shell folders Common Startup:
*Folder not found*
User shell folders Alternate Common Startup:
*Folder not found*
--------------------------------------------------
Checking Windows NT UserInit:
[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
UserInit = C:\WINDOWS\system32\userinit.exe,
[HKLM\Software\Microsoft\Windows\CurrentVersion\Winlogon]
*Registry key not found*
[HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
*Registry value not found*
[HKCU\Software\Microsoft\Windows\CurrentVersion\Winlogon]
*Registry key not found*
--------------------------------------------------
Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
NvMediaCenter = RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
MsmqIntCert = regsvr32 /s mqrt.dll
High Definition Audio Property Page Shortcut = CHDAudPropShortcut.exe
ZoneAlarm Client = "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
NvCplDaemon = RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
--------------------------------------------------
Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce
*No values found*
--------------------------------------------------
Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx
*No values found*
--------------------------------------------------
Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices
*No values found*
--------------------------------------------------
Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce
*Registry key not found*
--------------------------------------------------
Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
MsnMsgr = "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
ctfmon.exe = C:\WINDOWS\system32\ctfmon.exe
Steam = C:\Program Files\Valve\Steam\\Steam.exe -silent
--------------------------------------------------
Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce
*No values found*
--------------------------------------------------
Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnceEx
*No values found*
--------------------------------------------------
Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices
*No values found*
--------------------------------------------------
Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce
*No values found*
--------------------------------------------------
Autorun entries from Registry:
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Run
*Registry key not found*
--------------------------------------------------
Autorun entries from Registry:
HKCU\Software\Microsoft\Windows NT\CurrentVersion\Run
*Registry key not found*
--------------------------------------------------
Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
*No subkeys found*
--------------------------------------------------
Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce
*No subkeys found*
--------------------------------------------------
Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx
*No subkeys found*
--------------------------------------------------
Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices
*No subkeys found*
--------------------------------------------------
Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce
*Registry key not found*
--------------------------------------------------
Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
*No subkeys found*
--------------------------------------------------
Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce
*No subkeys found*
--------------------------------------------------
Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnceEx
*No subkeys found*
--------------------------------------------------
Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices
*No subkeys found*
--------------------------------------------------
Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce
*No subkeys found*
--------------------------------------------------
Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Run
*Registry key not found*
--------------------------------------------------
Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows NT\CurrentVersion\Run
*Registry key not found*
--------------------------------------------------
File association entry for .EXE:
HKEY_CLASSES_ROOT\exefile\shell\open\command
(Default) = "%1" %*
--------------------------------------------------
File association entry for .COM:
HKEY_CLASSES_ROOT\comfile\shell\open\command
(Default) = "%1" %*
--------------------------------------------------
File association entry for .BAT:
HKEY_CLASSES_ROOT\batfile\shell\open\command
(Default) = "%1" %*
--------------------------------------------------
File association entry for .PIF:
HKEY_CLASSES_ROOT\piffile\shell\open\command
(Default) = "%1" %*
--------------------------------------------------
File association entry for .SCR:
HKEY_CLASSES_ROOT\scrfile\shell\open\command
(Default) = "%1" /S
--------------------------------------------------
File association entry for .HTA:
HKEY_CLASSES_ROOT\htafile\shell\open\command
(Default) = C:\WINDOWS\system32\mshta.exe "%1" %*
--------------------------------------------------
File association entry for .TXT:
HKEY_CLASSES_ROOT\txtfile\shell\open\command
(Default) = %SystemRoot%\system32\NOTEPAD.EXE %1
--------------------------------------------------
Enumerating Active Setup stub paths:
HKLM\Software\Microsoft\Active Setup\Installed Components
(* = disabled by HKCU twin)
[{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
StubPath = C:\WINDOWS\inf\unregmp2.exe /ShowWMP
[>{26923b43-4d38-484f-9b9e-de460746276c}] *
StubPath = C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig
[>{60B49E34-C7CC-11D0-8953-00A0C90347FF}] *
StubPath = RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
[>{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS] *
StubPath = RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
[>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}] *
StubPath = %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE
[KB910393] *
StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\EasyCDBlock.inf,PerUserInstall
[{2C7339CF-2B09-4501-B3F3-F3508C9228ED}] *
StubPath = %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
[{407408d4-94ed-4d86-ab69-a7f649d112ee}] *
StubPath = %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection QuickLaunchShortcut 640 %systemroot%\inf\mcdftreg.inf
[{44BBA840-CC51-11CF-AAFA-00AA00B6015C}] *
StubPath = "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
[{44BBA842-CC51-11CF-AAFA-00AA00B6015B}] *
StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
[{5945c046-1e7d-11d1-bc44-00c04fd912be}] *
StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
[{6BF52A52-394A-11d3-B153-00C04F79FAA6}] *
StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp.inf,PerUserStub
[{7790769C-0471-11d2-AF11-00C04FA35D02}] *
StubPath = "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
[{89820200-ECBD-11cf-8B85-00AA005B4340}] *
StubPath = regsvr32.exe /s /n /i:U shell32.dll
[{89820200-ECBD-11cf-8B85-00AA005B4383}] *
StubPath = C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
[{89B4C1CD-B018-4511-B0A1-5476DBF70820}] *
StubPath = C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install
--------------------------------------------------
Enumerating ICQ Agent Autostart apps:
HKCU\Software\Mirabilis\ICQ\Agent\Apps
*Registry key not found*
--------------------------------------------------
Load/Run keys from C:\WINDOWS\WIN.INI:
load=*INI section not found*
run=*INI section not found*
Load/Run keys from Registry:
HKLM\..\Windows NT\CurrentVersion\WinLogon: load=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\WinLogon: run=*Registry value not found*
HKLM\..\Windows\CurrentVersion\WinLogon: load=*Registry key not found*
HKLM\..\Windows\CurrentVersion\WinLogon: run=*Registry key not found*
HKCU\..\Windows NT\CurrentVersion\WinLogon: load=*Registry value not found*
HKCU\..\Windows NT\CurrentVersion\WinLogon: run=*Registry value not found*
HKCU\..\Windows\CurrentVersion\WinLogon: load=*Registry key not found*
HKCU\..\Windows\CurrentVersion\WinLogon: run=*Registry key not found*
HKCU\..\Windows NT\CurrentVersion\Windows: load=*Registry value not found*
HKCU\..\Windows NT\CurrentVersion\Windows: run=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\Windows: load=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\Windows: run=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\Windows: AppInit_DLLs=
--------------------------------------------------
Shell & screensaver key from C:\WINDOWS\SYSTEM.INI:
Shell=*INI section not found*
SCRNSAVE.EXE=*INI section not found*
drivers=*INI section not found*
Shell & screensaver key from Registry:
Shell=Explorer.exe
SCRNSAVE.EXE=C:\WINDOWS\system32\ss3dfo.scr
drivers=*Registry value not found*
Policies Shell key:
HKCU\..\Policies: Shell=*Registry value not found*
HKLM\..\Policies: Shell=*Registry value not found*
--------------------------------------------------
Checking for EXPLORER.EXE instances:
C:\WINDOWS\Explorer.exe: PRESENT!
C:\Explorer.exe: not present
C:\WINDOWS\Explorer\Explorer.exe: not present
C:\WINDOWS\System\Explorer.exe: not present
C:\WINDOWS\System32\Explorer.exe: not present
C:\WINDOWS\Command\Explorer.exe: not present
C:\WINDOWS\Fonts\Explorer.exe: not present
--------------------------------------------------
Checking for superhidden extensions:
.lnk: HIDDEN! (arrow overlay: yes)
.pif: HIDDEN! (arrow overlay: yes)
.exe: not hidden
.com: not hidden
.bat: not hidden
.hta: not hidden
.scr: not hidden
.shs: HIDDEN!
.shb: HIDDEN!
.vbs: not hidden
.vbe: not hidden
.wsh: not hidden
.scf: HIDDEN! (arrow overlay: NO!)
.url: HIDDEN! (arrow overlay: yes)
.js: not hidden
.jse: not hidden
--------------------------------------------------
Verifying REGEDIT.EXE integrity:
- Regedit.exe found in C:\WINDOWS
- .reg open command is normal (regedit.exe %1)
- Company name OK: 'Microsoft Corporation'
- Original filename OK: 'REGEDIT.EXE'
- File description: 'Registry Editor'
Registry check passed
--------------------------------------------------
Enumerating Browser Helper Objects:
(no name) - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
BitComet ClickCapture - C:\Program Files\BitComet\tools\BitCometBHO.dll - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60}
(no name) - C:\PROGRA~1\SPYBOT~1\SDHelper.dll - {53707962-6F74-2D53-2644-206D7942484F}
(no name) - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}
(no name) - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D}
--------------------------------------------------
Enumerating Task Scheduler jobs:
AppleSoftwareUpdate.job
--------------------------------------------------
Enumerating Download Program Files:
[CKAVWebScan Object]
InProcServer32 = C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavwebscan.dll
CODEBASE = http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
[{4F1E5B1A-2A80-42CA-8532-2D05CB959537}]
CODEBASE = http://by115fd.bay115.hotmail.msn.com/resources/MsnPUpld.cab
[Java Plug-in 1.6.0_04]
InProcServer32 = C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
CODEBASE = http://java.sun.com/update/1.6.0/jinstall-1_6_0_04-windows-i586.cab
[Java Plug-in 1.6.0_04]
InProcServer32 = C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
CODEBASE = http://java.sun.com/update/1.6.0/jinstall-1_6_0_04-windows-i586.cab
[Java Plug-in 1.6.0_04]
InProcServer32 = C:\Program Files\Java\jre1.6.0_04\bin\npjpi160_04.dll
CODEBASE = http://java.sun.com/update/1.6.0/jinstall-1_6_0_04-windows-i586.cab
[Shockwave Flash Object]
InProcServer32 = C:\WINDOWS\system32\Macromed\Flash\Flash9c.ocx
CODEBASE = http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
--------------------------------------------------
Enumerating Winsock LSP files:
NameSpace #1: C:\WINDOWS\System32\mswsock.dll
NameSpace #2: C:\WINDOWS\System32\winrnr.dll
NameSpace #3: C:\WINDOWS\System32\mswsock.dll
NameSpace #4: C:\WINDOWS\System32\nwprovau.dll
Protocol #1: C:\WINDOWS\system32\mswsock.dll
Protocol #2: C:\WINDOWS\system32\mswsock.dll
Protocol #3: C:\WINDOWS\system32\mswsock.dll
Protocol #4: C:\WINDOWS\system32\rsvpsp.dll
Protocol #5: C:\WINDOWS\system32\rsvpsp.dll
Protocol #6: C:\WINDOWS\system32\mswsock.dll
Protocol #7: C:\WINDOWS\system32\mswsock.dll
Protocol #8: C:\WINDOWS\system32\mswsock.dll
Protocol #9: C:\WINDOWS\system32\mswsock.dll
Protocol #10: C:\WINDOWS\system32\mswsock.dll
Protocol #11: C:\WINDOWS\system32\mswsock.dll
Protocol #12: C:\WINDOWS\system32\mswsock.dll
Protocol #13: C:\WINDOWS\system32\mswsock.dll
Protocol #14: C:\WINDOWS\system32\mswsock.dll
Protocol #15: C:\WINDOWS\system32\mswsock.dll
Protocol #16: C:\WINDOWS\system32\mswsock.dll
Protocol #17: C:\WINDOWS\system32\mswsock.dll
Protocol #18: C:\WINDOWS\system32\mswsock.dll
Protocol #19: C:\WINDOWS\system32\mswsock.dll
Protocol #20: C:\WINDOWS\system32\mswsock.dll
Protocol #21: C:\WINDOWS\system32\mswsock.dll
Protocol #22: C:\WINDOWS\system32\mswsock.dll
Protocol #23: C:\WINDOWS\system32\mswsock.dll
Protocol #24: C:\WINDOWS\system32\mswsock.dll
Protocol #25: C:\WINDOWS\system32\mswsock.dll
Protocol #26: C:\WINDOWS\system32\mswsock.dll
Protocol #27: C:\WINDOWS\system32\mswsock.dll
Protocol #28: C:\WINDOWS\system32\mswsock.dll
Protocol #29: C:\WINDOWS\system32\mswsock.dll
Protocol #30: C:\WINDOWS\system32\mswsock.dll
Protocol #31: C:\WINDOWS\system32\mswsock.dll
Protocol #32: C:\WINDOWS\system32\mswsock.dll
--------------------------------------------------
Enumerating Windows NT/2000/XP services
abp480n5: \SystemRoot\system32\DRIVERS\ABP480N5.SYS (disabled)
Microsoft ACPI Driver: system32\DRIVERS\ACPI.sys (system)
Microsoft Embedded Controller Driver: system32\DRIVERS\ACPIEC.sys (system)
AddFiltr: "C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe" (manual start)
adpu160m: \SystemRoot\system32\DRIVERS\adpu160m.sys (disabled)
Microsoft Kernel Acoustic Echo Canceller: system32\drivers\aec.sys (manual start)
AFD: \SystemRoot\System32\drivers\afd.sys (system)
Intel AGP Bus Filter: \SystemRoot\system32\DRIVERS\agp440.sys (disabled)
Compaq AGP Bus Filter: \SystemRoot\system32\DRIVERS\agpCPQ.sys (disabled)
Aha154x: \SystemRoot\system32\DRIVERS\aha154x.sys (disabled)
aic78u2: \SystemRoot\system32\DRIVERS\aic78u2.sys (disabled)
aic78xx: \SystemRoot\system32\DRIVERS\aic78xx.sys (disabled)
Alerter: %SystemRoot%\system32\svchost.exe -k LocalService (disabled)
Application Layer Gateway Service: %SystemRoot%\System32\alg.exe (manual start)
AliIde: system32\DRIVERS\aliide.sys (system)
ALI AGP Bus Filter: \SystemRoot\system32\DRIVERS\alim1541.sys (disabled)
AMD AGP Bus Filter Driver: \SystemRoot\system32\DRIVERS\amdagp.sys (disabled)
AMD Processor Driver: system32\DRIVERS\AmdK8.sys (system)
amsint: \SystemRoot\system32\DRIVERS\amsint.sys (disabled)
AntiVir PersonalEdition Classic Scheduler: "C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe" (autostart)
AntiVir PersonalEdition Classic Guard: "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe" (autostart)
Application Management: %SystemRoot%\system32\svchost.exe -k netsvcs (manual start)
1394 ARP Client Protocol: system32\DRIVERS\arp1394.sys (manual start)
asc: \SystemRoot\system32\DRIVERS\asc.sys (disabled)
asc3350p: \SystemRoot\system32\DRIVERS\asc3350p.sys (disabled)
asc3550: \SystemRoot\system32\DRIVERS\asc3550.sys (disabled)
ASP.NET State Service: %SystemRoot%\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe (manual start)
RAS Asynchronous Media Driver: system32\DRIVERS\asyncmac.sys (manual start)
Standard IDE/ESDI Hard Disk Controller: system32\DRIVERS\atapi.sys (system)
ATM ARP Client Protocol: system32\DRIVERS\atmarpc.sys (manual start)
Windows Audio: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Audio Stub Driver: system32\DRIVERS\audstub.sys (manual start)
AVG Anti-Spyware Driver: \??\C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.sys (system)
AVG Anti-Spyware Guard: C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe (autostart)
AVG Anti-Spyware Clean Driver: System32\DRIVERS\AvgAsCln.sys (system)
avgio: \??\C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgio.sys (system)
avgntflt: \??\C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgntflt.sys (manual start)
avipbb: system32\DRIVERS\avipbb.sys (system)
Broadcom 802.11 -verkkosovittimen ohjain: system32\DRIVERS\bcmwl5.sys (manual start)
Background Intelligent Transfer Service: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
Computer Browser: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
Bluetooth-äänilaite: system32\drivers\btaudio.sys (manual start)
Bluetooth-näennäistietoliikenneohjain: system32\DRIVERS\btport.sys (manual start)
Bluetooth-väyläluetteloija: system32\DRIVERS\btkrnl.sys (manual start)
Bluetooth Service: C:\Program Files\WIDCOMM\Bluetooth-ohjelmisto\bin\btwdins.exe (autostart)
Bluetooth-lähiverkkopalvelin: system32\DRIVERS\btwdndis.sys (manual start)
WIDCOMM USB Bluetooth Driver: System32\Drivers\btwusb.sys (manual start)
catchme: \??\C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\catchme.sys (manual start)
cbidf: \SystemRoot\system32\DRIVERS\cbidf2k.sys (disabled)
Closed Caption Decoder: system32\DRIVERS\CCDECODE.sys (manual start)
cd20xrnt: \SystemRoot\system32\DRIVERS\cd20xrnt.sys (disabled)
CD-ROM Driver: system32\DRIVERS\cdrom.sys (system)
Indexing Service: %SystemRoot%\system32\cisvc.exe (manual start)
ClipBook: %SystemRoot%\system32\clipsrv.exe (disabled)
Microsoft ACPI Control Method Battery Driver: system32\DRIVERS\CmBatt.sys (manual start)
CmdIde: \SystemRoot\system32\DRIVERS\cmdide.sys (disabled)
Microsoft Composite Battery Driver: system32\DRIVERS\compbatt.sys (system)
COM System Application: C:\WINDOWS\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235} (manual start)
Cpqarray: \SystemRoot\system32\DRIVERS\cpqarray.sys (disabled)
Cryptographic Services: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
dac2w2k: \SystemRoot\system32\DRIVERS\dac2w2k.sys (disabled)
dac960nt: \SystemRoot\system32\DRIVERS\dac960nt.sys (disabled)
DCOM Server Process Launcher: %SystemRoot%\system32\svchost -k DcomLaunch (autostart)
DHCP Client: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
Disk Driver: system32\DRIVERS\disk.sys (system)
Logical Disk Manager Administrative Service: %SystemRoot%\System32\dmadmin.exe /com (manual start)
dmboot: System32\drivers\dmboot.sys (disabled)
Logical Disk Manager Driver: System32\drivers\dmio.sys (system)
dmload: System32\drivers\dmload.sys (system)
Logical Disk Manager: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Microsoft Kernel DLS Syntheiszer: system32\drivers\DMusic.sys (manual start)
DNS Client: %SystemRoot%\system32\svchost.exe -k NetworkService (autostart)
dpti2o: \SystemRoot\system32\DRIVERS\dpti2o.sys (disabled)
Microsoft Kernel DRM Audio Descrambler: system32\drivers\drmkaud.sys (manual start)
eabfiltr: system32\DRIVERS\eabfiltr.sys (system)
eabusb: system32\DRIVERS\eabusb.sys (manual start)
Media Center - Vastaanotinpalvelu: C:\WINDOWS\eHome\ehRecvr.exe (autostart)
Media Center - Ajastinpalvelu: C:\WINDOWS\eHome\ehSched.exe (autostart)
Error Reporting Service: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Event Log: %SystemRoot%\system32\services.exe (autostart)
COM Event System: C:\WINDOWS\system32\svchost.exe -k netsvcs (manual start)
Fast User Switching Compatibility: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
FltMgr: system32\DRIVERS\fltMgr.sys (system)
Volume Manager Driver: system32\DRIVERS\ftdisk.sys (system)
Generic Packet Classifier: system32\DRIVERS\msgpc.sys (manual start)
GtFlashSwitch: "C:\Program Files\Common Files\GtFlashSwitch\GtFlashSwitch.exe" (autostart)
GT M 3G IRP NDIS: system32\DRIVERS\Gtm51Irp.sys (manual start)
GT PT SER: system32\DRIVERS\gtptser.sys (manual start)
GT UQ BUS: system32\DRIVERS\gtuqbus.sys (manual start)
HBtnKey: system32\DRIVERS\cpqbttn.sys (manual start)
Microsoft UAA Function Driver for High Definition Audio Service: system32\drivers\CHDAud.sys (manual start)
Microsoft UAA Bus Driver for High Definition Audio: system32\DRIVERS\HDAudBus.sys (manual start)
Help and Support: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
HID Input Service: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Microsoft HID Class Driver: system32\DRIVERS\hidusb.sys (manual start)
hpn: \SystemRoot\system32\DRIVERS\hpn.sys (disabled)
hpqwmiex: C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe (autostart)
HSFHWAZL: system32\DRIVERS\HSFHWAZL.sys (manual start)
HSF_DPV: system32\DRIVERS\HSF_DPV.sys (manual start)
HTTP: System32\Drivers\HTTP.sys (manual start)
HTTP SSL: %SystemRoot%\System32\svchost.exe -k HTTPFilter (manual start)
i2omp: \SystemRoot\system32\DRIVERS\i2omp.sys (disabled)
i8042 Keyboard and PS/2 Mouse Port Driver: system32\DRIVERS\i8042prt.sys (system)
Intel AHCI Controller: \SystemRoot\system32\DRIVERS\iaStor.sys (disabled)
InstallDriver Table Manager: "c:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe" (manual start)
CD-Burning Filter Driver: system32\DRIVERS\imapi.sys (system)
IMAPI CD-Burning COM Service: C:\WINDOWS\system32\imapi.exe (manual start)
ini910u: \SystemRoot\system32\DRIVERS\ini910u.sys (disabled)
IntelIde: system32\DRIVERS\intelide.sys (system)
IPv6 Windows Firewall Driver: system32\DRIVERS\Ip6Fw.sys (manual start)
IP Traffic Filter Driver: system32\DRIVERS\ipfltdrv.sys (manual start)
IP in IP Tunnel Driver: system32\DRIVERS\ipinip.sys (manual start)
IP Network Address Translator: system32\DRIVERS\ipnat.sys (manual start)
iPod-palvelu: "C:\Program Files\iPod\bin\iPodService.exe" (manual start)
IPSEC driver: system32\DRIVERS\ipsec.sys (system)
IR Enumerator Service: system32\DRIVERS\irenum.sys (manual start)
PnP ISA/EISA Bus Driver: system32\DRIVERS\isapnp.sys (system)
Sony Ericsson 750 driver (WDM): system32\DRIVERS\k750bus.sys (manual start)
Sony Ericsson 750 USB WMC Modem Filter: system32\DRIVERS\k750mdfl.sys (manual start)
Sony Ericsson 750 USB WMC Modem Drivers: system32\DRIVERS\k750mdm.sys (manual start)
Sony Ericsson 750 USB WMC OBEX Interface Drivers: system32\DRIVERS\k750obex.sys (manual start)
Keyboard Class Driver: system32\DRIVERS\kbdclass.sys (system)
Keyboard HID Driver: system32\DRIVERS\kbdhid.sys (system)
KLIF: system32\DRIVERS\klif.sys (system)
Microsoft Kernel Wave Audio Mixer: system32\drivers\kmixer.sys (manual start)
Server: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
Workstation: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
LightScribeService Direct Disc Labeling Service: "C:\Program Files\Common Files\LightScribe\LSSrvc.exe" (autostart)
TCP/IP NetBIOS Helper: %SystemRoot%\system32\svchost.exe -k LocalService (autostart)
Media Center Extender Service: C:\WINDOWS\ehome\mcrdsvc.exe (autostart)
mdmxsdk: system32\DRIVERS\mdmxsdk.sys (autostart)
Messenger: %SystemRoot%\system32\svchost.exe -k netsvcs (disabled)
MHN: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
MHN driver: system32\DRIVERS\mhndrv.sys (manual start)
NetMeeting Remote Desktop Sharing: C:\WINDOWS\system32\mnmsrvc.exe (manual start)
Mouse Class Driver: system32\DRIVERS\mouclass.sys (system)
Mouse HID Driver: system32\DRIVERS\mouhid.sys (manual start)
Message Queuing access control: \??\C:\WINDOWS\system32\drivers\mqac.sys (manual start)
mraid35x: \SystemRoot\system32\DRIVERS\mraid35x.sys (disabled)
WebDav Client Redirector: system32\DRIVERS\mrxdav.sys (manual start)
MRXSMB: system32\DRIVERS\mrxsmb.sys (system)
Distributed Transaction Coordinator: C:\WINDOWS\system32\msdtc.exe (manual start)
Windows Installer: %systemroot%\system32\msiexec.exe /V (manual start)
Microsoft Streaming Service Proxy: system32\drivers\MSKSSRV.sys (manual start)
Message Queuing: C:\WINDOWS\system32\mqsvc.exe (autostart)
Message Queuing Triggers: C:\WINDOWS\system32\mqtgsvc.exe (autostart)
Microsoft Streaming Clock Proxy: system32\drivers\MSPCLOCK.sys (manual start)
Microsoft Streaming Quality Manager Proxy: system32\drivers\MSPQM.sys (manual start)
Microsoft System Management BIOS Driver: system32\DRIVERS\mssmbios.sys (manual start)
Microsoft Streaming Tee/Sink-to-Sink Converter: system32\drivers\MSTEE.sys (manual start)
NABTS/FEC VBI Codec: system32\DRIVERS\NABTSFEC.sys (manual start)
NBService: C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe (manual start)
Microsoft TV/Video Connection: system32\DRIVERS\NdisIP.sys (manual start)
Remote Access NDIS TAPI Driver: system32\DRIVERS\ndistapi.sys (manual start)
NDIS Usermode I/O Protocol: system32\DRIVERS\ndisuio.sys (manual start)
Remote Access NDIS WAN Driver: system32\DRIVERS\ndiswan.sys (manual start)
NetBIOS Interface: system32\DRIVERS\netbios.sys (system)
NetBios over Tcpip: system32\DRIVERS\netbt.sys (system)
Network DDE: %SystemRoot%\system32\netdde.exe (disabled)
Network DDE DSDM: %SystemRoot%\system32\netdde.exe (disabled)
Net Logon: %SystemRoot%\system32\lsass.exe (manual start)
Network Connections: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
1394 Net Driver: system32\DRIVERS\nic1394.sys (manual start)
Network Location Awareness (NLA): %SystemRoot%\system32\svchost.exe -k netsvcs (manual start)
NT LM Security Support Provider: %SystemRoot%\system32\lsass.exe (manual start)
Removable Storage: %SystemRoot%\system32\svchost.exe -k netsvcs (disabled)
nv: system32\DRIVERS\nv4_mini.sys (manual start)
nvata: system32\DRIVERS\nvata.sys (system)
NVIDIA nForce Networking Controller Driver: system32\DRIVERS\NVENETFD.sys (manual start)
NVIDIA Network Bus Enumerator: system32\DRIVERS\nvnetbus.sys (manual start)
nvsmu: system32\DRIVERS\nvsmu.sys (manual start)
NVIDIA Display Driver Service: %SystemRoot%\system32\nvsvc32.exe (autostart)
IPX Traffic Filter Driver: system32\DRIVERS\nwlnkflt.sys (manual start)
IPX Traffic Forwarder Driver: system32\DRIVERS\nwlnkfwd.sys (manual start)
NWLink IPX/SPX/NetBIOS Compatible Transport Protocol: system32\DRIVERS\nwlnkipx.sys (autostart)
NWLink NetBIOS: system32\DRIVERS\nwlnknb.sys (autostart)
NWLink SPX/SPXII Protocol: system32\DRIVERS\nwlnkspx.sys (autostart)
OHCI Compliant IEEE 1394 Host Controller: system32\DRIVERS\ohci1394.sys (system)
PCI Bus Driver: system32\DRIVERS\pci.sys (system)
PCIIde: system32\DRIVERS\pciide.sys (system)
Pcmcia: system32\DRIVERS\pcmcia.sys (system)
perc2: \SystemRoot\system32\DRIVERS\perc2.sys (disabled)
perc2hib: \SystemRoot\system32\DRIVERS\perc2hib.sys (disabled)
Plug and Play: %SystemRoot%\system32\services.exe (autostart)
IPSEC Services: %SystemRoot%\system32\lsass.exe (autostart)
WAN Miniport (PPTP): system32\DRIVERS\raspptp.sys (manual start)
Protected Storage: %SystemRoot%\system32\lsass.exe (autostart)
QoS Packet Scheduler: system32\DRIVERS\psched.sys (manual start)
Direct Parallel Link Driver: system32\DRIVERS\ptilink.sys (manual start)
PxHelp20: System32\Drivers\PxHelp20.sys (system)
ql1080: \SystemRoot\system32\DRIVERS\ql1080.sys (disabled)
Ql10wnt: \SystemRoot\system32\DRIVERS\ql10wnt.sys (disabled)
ql12160: \SystemRoot\system32\DRIVERS\ql12160.sys (disabled)
ql1240: \SystemRoot\system32\DRIVERS\ql1240.sys (disabled)
ql1280: \SystemRoot\system32\DRIVERS\ql1280.sys (disabled)
Remote Access Auto Connection Driver: system32\DRIVERS\rasacd.sys (system)
Remote Access Auto Connection Manager: %SystemRoot%\system32\svchost.exe -k netsvcs (manual start)
WAN Miniport (L2TP): system32\DRIVERS\rasl2tp.sys (manual start)
Remote Access Connection Manager: %SystemRoot%\system32\svchost.exe -k netsvcs (manual start)
Remote Access PPPOE Driver: system32\DRIVERS\raspppoe.sys (manual start)
Direct Parallel: system32\DRIVERS\raspti.sys (manual start)
Rdbss: system32\DRIVERS\rdbss.sys (system)
RDPCDD: System32\DRIVERS\RDPCDD.sys (system)
Terminal Server Device Redirector Driver: system32\DRIVERS\rdpdr.sys (manual start)
Etätyöpöydän ohjeen istunnonhallinta: C:\WINDOWS\system32\sessmgr.exe (manual start)
Digital CD Audio Playback Filter Driver: system32\DRIVERS\redbook.sys (system)
Routing and Remote Access: %SystemRoot%\system32\svchost.exe -k netsvcs (disabled)
Remote Registry: %SystemRoot%\system32\svchost.exe -k LocalService (autostart)
rimmptsk: system32\DRIVERS\rimmptsk.sys (manual start)
rimsptsk: system32\DRIVERS\rimsptsk.sys (manual start)
Ricoh xD-Picture Card Driver: system32\DRIVERS\rixdptsk.sys (manual start)
Reliable Multicast Protocol driver: \??\C:\WINDOWS\system32\drivers\RMCast.sys (manual start)
Remote Procedure Call (RPC) Locator: %SystemRoot%\system32\locator.exe (manual start)
Remote Procedure Call (RPC): %SystemRoot%\system32\svchost -k rpcss (autostart)
QoS RSVP: %SystemRoot%\system32\rsvp.exe (manual start)
Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver: system32\DRIVERS\RTL8139.SYS (manual start)
Security Accounts Manager: %SystemRoot%\system32\lsass.exe (autostart)
Smart Card: %SystemRoot%\System32\SCardSvr.exe (manual start)
Task Scheduler: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
sdbus: system32\DRIVERS\sdbus.sys (manual start)
Secdrv: system32\DRIVERS\secdrv.sys (manual start)
Secondary Logon: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
System Event Notification: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
ServiceLayer: "C:\Program Files\PC Connectivity Solution\ServiceLayer.exe" (manual start)
Windows Firewall/Internet Connection Sharing (ICS): %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Shell Hardware Detection: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
SIS AGP Bus Filter: \SystemRoot\system32\DRIVERS\sisagp.sys (disabled)
BDA Slip De-Framer: system32\DRIVERS\SLIP.sys (manual start)
Sparrow: \SystemRoot\system32\DRIVERS\sparrow.sys (disabled)
Microsoft Kernel Audio Splitter: system32\drivers\splitter.sys (manual start)
Print Spooler: %SystemRoot%\system32\spoolsv.exe (autostart)
System Restore Filter Driver: system32\DRIVERS\sr.sys (system)
srescan: system32\ZoneLabs\srescan.sys (system)
System Restore Service: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
Srv: system32\DRIVERS\srv.sys (manual start)
SSDP Discovery Service: %SystemRoot%\system32\svchost.exe -k LocalService (autostart)
ssmdrv: system32\DRIVERS\ssmdrv.sys (system)
Windows Image Acquisition (WIA): %SystemRoot%\system32\svchost.exe -k imgsvc (autostart)
BDA IPSink: system32\DRIVERS\StreamIP.sys (manual start)
Software Bus Driver: system32\DRIVERS\swenum.sys (manual start)
Microsoft Kernel GS Wavetable Synthesizer: system32\drivers\swmidi.sys (manual start)
MS Software Shadow Copy Provider: C:\WINDOWS\system32\dllhost.exe /Processid:{19FECBC3-1DCF-4BBF-91D0-1A8453A9611E} (manual start)
symc810: \SystemRoot\system32\DRIVERS\symc810.sys (disabled)
symc8xx: \SystemRoot\system32\DRIVERS\symc8xx.sys (disabled)
sym_hi: \SystemRoot\system32\DRIVERS\sym_hi.sys (disabled)
sym_u3: \SystemRoot\system32\DRIVERS\sym_u3.sys (disabled)
Synaptics TouchPad Driver: system32\DRIVERS\SynTP.sys (manual start)
Microsoft Kernel System Audio Device: system32\drivers\sysaudio.sys (manual start)
Performance Logs and Alerts: %SystemRoot%\system32\smlogsvc.exe (manual start)
Telephony: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
TCP/IP Protocol Driver: system32\DRIVERS\tcpip.sys (system)
Terminal Device Driver: system32\DRIVERS\termdd.sys (system)
Terminal Services: %SystemRoot%\System32\svchost -k DComLaunch (manual start)
Themes: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Telnet: C:\WINDOWS\system32\tlntsvr.exe (disabled)
TosIde: \SystemRoot\system32\DRIVERS\toside.sys (disabled)
Distributed Link Tracking Client: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
Conexant Setup API: system32\DRIVERS\UIUSYS.SYS (manual start)
ultra: \SystemRoot\system32\DRIVERS\ultra.sys (disabled)
Windows User Mode Driver Framework: C:\WINDOWS\system32\wdfmgr.exe (manual start)
Microcode Update Driver: system32\DRIVERS\update.sys (manual start)
Universal Plug and Play Device Host: %SystemRoot%\system32\svchost.exe -k LocalService (manual start)
Uninterruptible Power Supply: %SystemRoot%\System32\ups.exe (manual start)
USB Audio Driver (WDM): system32\drivers\usbaudio.sys (manual start)
Microsoft USB Generic Parent Driver: system32\DRIVERS\usbccgp.sys (manual start)
Microsoft USB 2.0 Enhanced Host Controller Miniport Driver: system32\DRIVERS\usbehci.sys (manual start)
USB2 Enabled Hub: system32\DRIVERS\usbhub.sys (manual start)
Microsoft USB Open Host Controller Miniport Driver: system32\DRIVERS\usbohci.sys (manual start)
Microsoft USB PRINTER Class: system32\DRIVERS\usbprint.sys (manual start)
USB Scanner Driver: system32\DRIVERS\usbscan.sys (manual start)
USB Mass Storage Driver: system32\DRIVERS\USBSTOR.SYS (manual start)
Microsoft USB Universal Host Controller Miniport Driver: system32\DRIVERS\usbuhci.sys (manual start)
USB Video Device (WDM): System32\Drivers\usbvideo.sys (manual start)
Messengerin jaettavien kansioiden USN Journal -lokin lukupalvelu: "C:\Program Files\MSN Messenger\usnsvc.exe" (manual start)
TuneUp Theme Extension: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
VgaSave: \SystemRoot\System32\drivers\vga.sys (system)
VIA AGP Bus Filter: \SystemRoot\system32\DRIVERS\viaagp.sys (disabled)
ViaIde: system32\DRIVERS\viaide.sys (system)
vsdatant: System32\vsdatant.sys (system)
TrueVector Internet Monitor: C:\WINDOWS\system32\ZoneLabs\vsmon.exe -service (autostart)
Volume Shadow Copy: %SystemRoot%\System32\vssvc.exe (manual start)
Windows Time: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Remote Access IP ARP Driver: system32\DRIVERS\wanarp.sys (manual start)
Microsoft WINMM WDM Audio Compatibility Driver: system32\drivers\wdmaud.sys (manual start)
WebClient: %SystemRoot%\system32\svchost.exe -k LocalService (autostart)
winachsf: system32\DRIVERS\HSF_CNXT.sys (manual start)
Windows Management Instrumentation: %systemroot%\system32\svchost.exe -k netsvcs (autostart)
Windows Media Connect -palvelu: C:\Program Files\Windows Media Connect 2\wmccds.exe (manual start)
Portable Media Serial Number Service: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
Windows Management Instrumentation Driver Extensions: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
Microsoft Windows Management Interface for ACPI: system32\DRIVERS\wmiacpi.sys (system)
WMI Performance Adapter: C:\WINDOWS\system32\wbem\wmiapsrv.exe (manual start)
Security Center: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
World Standard Teletext Codec: system32\DRIVERS\WSTCODEC.SYS (manual start)
Automatic Updates: %systemroot%\system32\svchost.exe -k netsvcs (autostart)
Wireless Zero Configuration: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Network Provisioning Service: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
--------------------------------------------------
Enumerating Windows NT logon/logoff scripts:
*No scripts set to run*
Windows NT checkdisk command:
BootExecute = autocheck autochk *
Windows NT 'Wininit.ini':
PendingFileRenameOperations: *Registry value not found*
--------------------------------------------------
Enumerating ShellServiceObjectDelayLoad items:
PostBootReminder: C:\WINDOWS\system32\SHELL32.dll
CDBurn: C:\WINDOWS\system32\SHELL32.dll
WebCheck: C:\WINDOWS\system32\webcheck.dll
SysTray: C:\WINDOWS\system32\stobject.dll
--------------------------------------------------
Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run
*No values found*
--------------------------------------------------
Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run
*No values found*
--------------------------------------------------
End of report, 41,770 bytes
Report generated in 0.500 seconds
Command line options:
/verbose - to add additional info on each section
/complete - to include empty sections and unsuspicious data
/full - to include several rarely-important sections
/force9x - to include Win9x-only startups even if running on WinNT
/forcent - to include WinNT-only startups even if running on Win9x
/forceall - to include all Win9x and WinNT startups, regardless of platform
/history - to list version history onlyPahoittelen, en osaa/uskalla poistattaa enempää :(
Logit olivat muuten kunnossa, paitsi jäljet Symantecista. Jos on vielä jotain ongelmia, kirjaudu samalla nikillä virustorjunta.nettiin (linkkaa tähän viestiin tarvittaessa) ja laita uusi hijack logi tänne:
http://www.virustorjunta.net/modules.php?name=Forums&file=viewforum&f=14 - aatu
axa.doe kirjoitti:
Pahoittelen, en osaa/uskalla poistattaa enempää :(
Logit olivat muuten kunnossa, paitsi jäljet Symantecista. Jos on vielä jotain ongelmia, kirjaudu samalla nikillä virustorjunta.nettiin (linkkaa tähän viestiin tarvittaessa) ja laita uusi hijack logi tänne:
http://www.virustorjunta.net/modules.php?name=Forums&file=viewforum&f=14terve :) juu ei se mitään... katsotaan ny jaksanko enään alkaa hirveasti värkkään tuon kans...
Kiitos sinulle, kone toimii nyt paljon paremmin kuin koskaan, mitä se mulla on kerennyt olemaan :D - axa.doe
aatu kirjoitti:
terve :) juu ei se mitään... katsotaan ny jaksanko enään alkaa hirveasti värkkään tuon kans...
Kiitos sinulle, kone toimii nyt paljon paremmin kuin koskaan, mitä se mulla on kerennyt olemaan :DOokoo, mutta jos ja kun tulee kysyttävää koneesta, niin postia vaan vt:lle ;)
Ole hyvä vaan :)
- rrumz0
Syynä on poker peli?
Ketjusta on poistettu 0 sääntöjenvastaista viestiä.
Luetuimmat keskustelut
Tällä kertaa Marinia kadehtii Minäminä Päivärinta
Kokoomuksen tyhjäntoimittelija itkeä tuhertaa, kun kansainvälinen superstaramme ei leiki hänen kanssaan. Oikean puoluee4171762Miksi jollain jää "talvi päälle"
Huvittaa kastoa ullkona jotain vahempaa äijää joka pukeutuu edelleen kun olisi +5 astetta lämmittä vaikka on helle keli1761390- 1051378
Miksi koulut pakottavat
Lapset uimaan sekaryhmänä? Murrosikäiset tunnetusti häpeilevät vartalossa tapahtuvia muutoksia. Tulee turhia poissaoloja1251304- 451046
- 63946
Suomen Pallolitto: Tasoryhmät lasten jalkapallossa - Erätauko-tilaisuus ma 20.5.2024
Tasoryhmät lasten ja nuorten jalkapallossa herättävät paljon keskustelua. Mitä tasoryhmät ovat ja mikä on niiden tarkoit0922Susanne Päivärinta kirjassaan: Sannalla nousi valta päähän, Big Time!
Päivärinta toteaa ettei ole nähnyt kenenkään muuttuvan niin totaalisesti kuin Marinin, eikä siis todellakaan parempaan s92891Mitä et hyväksy miehessä/naisessa josta olet kiinnostunut?
Itse en halua, että miehellä olisi lapsia!116885Se katse silloin
Oli hetki, jolloin katseemme kohtasivat. Oli talvi vielä. Kerta toisensa jälkeen palaan tuohon jaettuun katseeseen. Tunt32866