|
Poslao: 21 Feb 2007 00:56
|
offline
- skadarlija
- Novi MyCity građanin
- Pridružio: 20 Feb 2007
- Poruke: 10
|
Skeniram sa SpyBot Search&Destroy bar jednom nedeljno...
Mogu eventuano da probam da ugasim AVG dok radim Fix sa HJT... a evo saljem i trazeni fajl...
Dopuna: 21 Feb 2007 0:56
obavestavam da je trazeni fajl uspesno poslat
|
|
|
|
|
|
|
Poslao: 21 Feb 2007 01:18
|
offline
- bobby
- Administrator
- Pridružio: 04 Sep 2003
- Poruke: 24135
- Gde živiš: Wien
|
Sumnjiv fajl, ali ne mogu da tvrdim dok ne dobijem potrvrdu bar od neke anti-virus laboratorije kojoj sam fajl poslao na analizu.
Dok se oni ne jave (ako se smiluju da se jave) mi mozemo da proverimo da nema nekih rootkitova...
Uradi sledeće:
Preuzmi fajl gmer.zip sa ovog linka i sačuvaj na Desktop-u.
Raspakuj ga u neki folder.
Dupli klik na gmer.exe za početak: Izaberi Rootkit Tab na vrhu.
Klikni na Scan.
Kada je skeniranje završeno, klik na Copy dugme ispod - ovo će sačuvati to u Clipboard.
Iskoristi opciju Paste u Notepad-u da bi to prebacio u tekst. Snimi taj tekst iz Notepada kao file1.txt.
Ponovi ovo isto sa Autostart Tab-om. Snimi taj tekst iz Notepada kao file2.txt.
Iskopiraj nam ovde sadrzaj ta dva fajla koja smo malopre snimili
|
|
|
|
|
|
|
Poslao: 21 Feb 2007 01:23
|
offline
- skadarlija
- Novi MyCity građanin
- Pridružio: 20 Feb 2007
- Poruke: 10
|
Ako nesto znaci - sad sam se setila da sam pre nekog vremena (ne mogu tacno da odredim) koristila i System Mechanic sa kojim takodje znam da povremeno procistim kompjuter. Znam da na njemu idem i na opcioju - fix registry. Da nije on ostavio neke repove?
Otprilike u isto vreme je radjen i scan AdAware-om i defragmentacija diskova jer to obicno praktikujem posle vecih instalacija odnosno deinstalacija a negde oko Nove godine sam instalirala i aninstalirala nekoliko velikih igara sa DVD-a isprobavajuci ih...
Ne znam koji bi aktivan program mogao da pravi problem.. jer sve aktivne procese vidite iz loga HJT... mozda deamon tools... koga licno ne volim ali mi cesto zna biti koristan?
Da ne pametujem vise !!! Cekam instrukcije za sutra posto radim od osam ujutru a proslu noc sam skoro probdela skenirajuci Ewidom...
Hvala na podrsci. Citamo se.
Dopuna: 21 Feb 2007 1:23
ok - krenula sam skeniranje - ako ne potraje saljem nocas...
|
|
|
|
|
|
|
Poslao: 21 Feb 2007 01:41
|
offline
- skadarlija
- Novi MyCity građanin
- Pridružio: 20 Feb 2007
- Poruke: 10
|
file1.txt izgleda ovako:
GMER 1.0.12.12027 - gmer.net
Rootkit scan 2007-02-21 01:41:51
Windows 5.1.2600 Service Pack 1
---- System - GMER 1.0.12 ----
SSDT sptd.sys ZwCreateKey
SSDT sptd.sys ZwEnumerateKey
SSDT sptd.sys ZwEnumerateValueKey
SSDT sptd.sys ZwOpenKey
SSDT sptd.sys ZwQueryKey
SSDT sptd.sys ZwQueryValueKey
SSDT sptd.sys ZwSetValueKey
---- Kernel code sections - GMER 1.0.12 ----
.text ntoskrnl.exe!KeInitializeInterrupt + B67 804DA23C 1 Byte [ 06 ]
.text ntoskrnl.exe!KeI386Call16BitCStyleFunction + 1B0 8050262C 4 Bytes [ C8, FA, 73, F7 ]
.text ntoskrnl.exe!KeI386Call16BitCStyleFunction + 228 805026A4 4 Bytes [ 22, FC, 73, F7 ]
.text ntoskrnl.exe!KeI386Call16BitCStyleFunction + 230 805026AC 4 Bytes [ 9A, FF, 73, F7 ]
.text ntoskrnl.exe!KeI386Call16BitCStyleFunction + 2E8 80502764 4 Bytes [ 8E, F9, 73, F7 ]
.text ntoskrnl.exe!KeI386Call16BitCStyleFunction + 38C 80502808 4 Bytes [ 64, 00, 74, F7 ]
.text ...
.text ntdll.dll!NtClose 77F758AA 5 Bytes JMP 7203407A
.text ntdll.dll!NtCreateProcess 77F759F4 5 Bytes JMP 72034205
.text ntdll.dll!NtCreateProcessEx 77F75A03 5 Bytes JMP 720340E9
.text ntdll.dll!NtCreateSection 77F75A21 5 Bytes JMP 72034098
---- Devices - GMER 1.0.12 ----
Device \FileSystem\Ntfs \Ntfs IRP_MJ_CREATE 8679B708
Device \FileSystem\Ntfs \Ntfs IRP_MJ_CLOSE 8679B708
Device \FileSystem\Ntfs \Ntfs IRP_MJ_READ 8679B708
Device \FileSystem\Ntfs \Ntfs IRP_MJ_WRITE 8679B708
Device \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_INFORMATION 8679B708
Device \FileSystem\Ntfs \Ntfs IRP_MJ_SET_INFORMATION 8679B708
Device \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_EA 8679B708
Device \FileSystem\Ntfs \Ntfs IRP_MJ_SET_EA 8679B708
Device \FileSystem\Ntfs \Ntfs IRP_MJ_FLUSH_BUFFERS 8679B708
Device \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_VOLUME_INFORMATION 8679B708
Device \FileSystem\Ntfs \Ntfs IRP_MJ_SET_VOLUME_INFORMATION 8679B708
Device \FileSystem\Ntfs \Ntfs IRP_MJ_DIRECTORY_CONTROL 8679B708
Device \FileSystem\Ntfs \Ntfs IRP_MJ_FILE_SYSTEM_CONTROL 8679B708
Device \FileSystem\Ntfs \Ntfs IRP_MJ_DEVICE_CONTROL 8679B708
Device \FileSystem\Ntfs \Ntfs IRP_MJ_SHUTDOWN 8679B708
Device \FileSystem\Ntfs \Ntfs IRP_MJ_LOCK_CONTROL 8679B708
Device \FileSystem\Ntfs \Ntfs IRP_MJ_CLEANUP 8679B708
Device \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_SECURITY 8679B708
Device \FileSystem\Ntfs \Ntfs IRP_MJ_SET_SECURITY 8679B708
Device \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_QUOTA 8679B708
Device \FileSystem\Ntfs \Ntfs IRP_MJ_SET_QUOTA 8679B708
Device \FileSystem\Ntfs \Ntfs IRP_MJ_PNP 8679B708
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_CREATE 863D18C8
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_CLOSE 863D18C8
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_READ 863D18C8
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_WRITE 863D18C8
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_QUERY_INFORMATION 863D18C8
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_SET_INFORMATION 863D18C8
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_QUERY_EA 863D18C8
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_SET_EA 863D18C8
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_FLUSH_BUFFERS 863D18C8
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_QUERY_VOLUME_INFORMATION 863D18C8
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_SET_VOLUME_INFORMATION 863D18C8
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_DIRECTORY_CONTROL 863D18C8
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_FILE_SYSTEM_CONTROL 863D18C8
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_DEVICE_CONTROL 863D18C8
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_SHUTDOWN 863D18C8
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_LOCK_CONTROL 863D18C8
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_CLEANUP 863D18C8
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_PNP 863D18C8
Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_CREATE 867E41D8
Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_CLOSE 867E41D8
Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_READ 867E41D8
Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_WRITE 867E41D8
Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_FLUSH_BUFFERS 867E41D8
Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_DEVICE_CONTROL 867E41D8
Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_INTERNAL_DEVICE_CONTROL 867E41D8
Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_SHUTDOWN 867E41D8
Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_POWER 867E41D8
Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_SYSTEM_CONTROL 867E41D8
Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_PNP 867E41D8
Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_CREATE 867E41D8
Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_CLOSE 867E41D8
Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_READ 867E41D8
Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_WRITE 867E41D8
Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_FLUSH_BUFFERS 867E41D8
Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_DEVICE_CONTROL 867E41D8
Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_INTERNAL_DEVICE_CONTROL 867E41D8
Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_SHUTDOWN 867E41D8
Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_POWER 867E41D8
Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_SYSTEM_CONTROL 867E41D8
Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_PNP 867E41D8
Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_CREATE 867E41D8
Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_CLOSE 867E41D8
Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_READ 867E41D8
Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_WRITE 867E41D8
Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_FLUSH_BUFFERS 867E41D8
Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_DEVICE_CONTROL 867E41D8
Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_INTERNAL_DEVICE_CONTROL 867E41D8
Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_SHUTDOWN 867E41D8
Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_POWER 867E41D8
Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_SYSTEM_CONTROL 867E41D8
Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_PNP 867E41D8
Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_CREATE 867E41D8
Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_CLOSE 867E41D8
Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_READ 867E41D8
Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_WRITE 867E41D8
Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_FLUSH_BUFFERS 867E41D8
Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_DEVICE_CONTROL 867E41D8
Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_INTERNAL_DEVICE_CONTROL 867E41D8
Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_SHUTDOWN 867E41D8
Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_POWER 867E41D8
Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_SYSTEM_CONTROL 867E41D8
Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_PNP 867E41D8
Device \Driver\00000052 \Device\00000046 IRP_MJ_POWER [F7746A26] sptd.sys
Device \Driver\00000052 \Device\00000046 IRP_MJ_SYSTEM_CONTROL [F775ABD8] sptd.sys
Device \Driver\00000052 \Device\00000046 IRP_MJ_PNP [F775354E] sptd.sys
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_CREATE 867E4490
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_READ 867E4490
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_WRITE 867E4490
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_FLUSH_BUFFERS 867E4490
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_DEVICE_CONTROL 867E4490
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_INTERNAL_DEVICE_CONTROL 867E4490
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_SHUTDOWN 867E4490
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_CLEANUP 867E4490
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_POWER 867E4490
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_SYSTEM_CONTROL 867E4490
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_PNP 867E4490
Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_CREATE 867E4490
Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_READ 867E4490
Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_WRITE 867E4490
Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_FLUSH_BUFFERS 867E4490
Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_DEVICE_CONTROL 867E4490
Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_INTERNAL_DEVICE_CONTROL 867E4490
Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_SHUTDOWN 867E4490
Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_CLEANUP 867E4490
Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_POWER 867E4490
Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_SYSTEM_CONTROL 867E4490
Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_PNP 867E4490
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_CREATE 864B36E0
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_CLOSE 864B36E0
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_READ 864B36E0
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_WRITE 864B36E0
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_FLUSH_BUFFERS 864B36E0
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_DEVICE_CONTROL 864B36E0
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_INTERNAL_DEVICE_CONTROL 864B36E0
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SHUTDOWN 864B36E0
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_POWER 864B36E0
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SYSTEM_CONTROL 864B36E0
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_PNP 864B36E0
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_CREATE 8649ABF8
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_CREATE_NAMED_PIPE 8649ABF8
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_CLOSE 8649ABF8
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_READ 8649ABF8
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_WRITE 8649ABF8
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_QUERY_INFORMATION 8649ABF8
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_SET_INFORMATION 8649ABF8
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_QUERY_EA 8649ABF8
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_SET_EA 8649ABF8
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_FLUSH_BUFFERS 8649ABF8
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_QUERY_VOLUME_INFORMATION 8649ABF8
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_SET_VOLUME_INFORMATION 8649ABF8
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_DIRECTORY_CONTROL 8649ABF8
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_FILE_SYSTEM_CONTROL 8649ABF8
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_DEVICE_CONTROL 8649ABF8
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_INTERNAL_DEVICE_CONTROL 8649ABF8
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_SHUTDOWN 8649ABF8
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_LOCK_CONTROL 8649ABF8
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_CLEANUP 8649ABF8
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_CREATE_MAILSLOT 8649ABF8
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_QUERY_SECURITY 8649ABF8
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_SET_SECURITY 8649ABF8
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_POWER 8649ABF8
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_SYSTEM_CONTROL 8649ABF8
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_DEVICE_CHANGE 8649ABF8
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_QUERY_QUOTA 8649ABF8
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_SET_QUOTA 8649ABF8
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_CREATE 864B36E0
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_CLOSE 864B36E0
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_READ 864B36E0
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_WRITE 864B36E0
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_FLUSH_BUFFERS 864B36E0
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_DEVICE_CONTROL 864B36E0
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_INTERNAL_DEVICE_CONTROL 864B36E0
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SHUTDOWN 864B36E0
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_POWER 864B36E0
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SYSTEM_CONTROL 864B36E0
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_PNP 864B36E0
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_CREATE 864B36E0
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_CLOSE 864B36E0
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_READ 864B36E0
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_WRITE 864B36E0
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_FLUSH_BUFFERS 864B36E0
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_DEVICE_CONTROL 864B36E0
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_INTERNAL_DEVICE_CONTROL 864B36E0
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_SHUTDOWN 864B36E0
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_POWER 864B36E0
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_SYSTEM_CONTROL 864B36E0
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_PNP 864B36E0
Device \Driver\Cdrom \Device\CdRom3 IRP_MJ_CREATE 864B36E0
Device \Driver\Cdrom \Device\CdRom3 IRP_MJ_CLOSE 864B36E0
Device \Driver\Cdrom \Device\CdRom3 IRP_MJ_READ 864B36E0
Device \Driver\Cdrom \Device\CdRom3 IRP_MJ_WRITE 864B36E0
Device \Driver\Cdrom \Device\CdRom3 IRP_MJ_FLUSH_BUFFERS 864B36E0
Device \Driver\Cdrom \Device\CdRom3 IRP_MJ_DEVICE_CONTROL 864B36E0
Device \Driver\Cdrom \Device\CdRom3 IRP_MJ_INTERNAL_DEVICE_CONTROL 864B36E0
Device \Driver\Cdrom \Device\CdRom3 IRP_MJ_SHUTDOWN 864B36E0
Device \Driver\Cdrom \Device\CdRom3 IRP_MJ_POWER 864B36E0
Device \Driver\Cdrom \Device\CdRom3 IRP_MJ_SYSTEM_CONTROL 864B36E0
Device \Driver\Cdrom \Device\CdRom3 IRP_MJ_PNP 864B36E0
Device \Driver\NetBT \Device\NetBT_Tcpip_{56A677A6-A31F-4FBC-ADBA-486D6B0FB06C} IRP_MJ_CREATE 865A50E8
Device \Driver\NetBT \Device\NetBT_Tcpip_{56A677A6-A31F-4FBC-ADBA-486D6B0FB06C} IRP_MJ_CLOSE 865A50E8
Device \Driver\NetBT \Device\NetBT_Tcpip_{56A677A6-A31F-4FBC-ADBA-486D6B0FB06C} IRP_MJ_DEVICE_CONTROL 865A50E8
Device \Driver\NetBT \Device\NetBT_Tcpip_{56A677A6-A31F-4FBC-ADBA-486D6B0FB06C} IRP_MJ_INTERNAL_DEVICE_CONTROL 865A50E8
Device \Driver\NetBT \Device\NetBT_Tcpip_{56A677A6-A31F-4FBC-ADBA-486D6B0FB06C} IRP_MJ_CLEANUP 865A50E8
Device \Driver\NetBT \Device\NetBT_Tcpip_{56A677A6-A31F-4FBC-ADBA-486D6B0FB06C} IRP_MJ_PNP 865A50E8
Device \Driver\NetBT \Device\NetBt_Wins_Export IRP_MJ_CREATE 865A50E8
Device \Driver\NetBT \Device\NetBt_Wins_Export IRP_MJ_CLOSE 865A50E8
Device \Driver\NetBT \Device\NetBt_Wins_Export IRP_MJ_DEVICE_CONTROL 865A50E8
Device \Driver\NetBT \Device\NetBt_Wins_Export IRP_MJ_INTERNAL_DEVICE_CONTROL 865A50E8
Device \Driver\NetBT \Device\NetBt_Wins_Export IRP_MJ_CLEANUP 865A50E8
Device \Driver\NetBT \Device\NetBt_Wins_Export IRP_MJ_PNP 865A50E8
Device \Driver\NetBT \Device\NetBT_Tcpip_{F13F1175-6FFE-4933-9FF1-C09313112DEE} IRP_MJ_CREATE 865A50E8
Device \Driver\NetBT \Device\NetBT_Tcpip_{F13F1175-6FFE-4933-9FF1-C09313112DEE} IRP_MJ_CLOSE 865A50E8
Device \Driver\NetBT \Device\NetBT_Tcpip_{F13F1175-6FFE-4933-9FF1-C09313112DEE} IRP_MJ_DEVICE_CONTROL 865A50E8
Device \Driver\NetBT \Device\NetBT_Tcpip_{F13F1175-6FFE-4933-9FF1-C09313112DEE} IRP_MJ_INTERNAL_DEVICE_CONTROL 865A50E8
Device \Driver\NetBT \Device\NetBT_Tcpip_{F13F1175-6FFE-4933-9FF1-C09313112DEE} IRP_MJ_CLEANUP 865A50E8
Device \Driver\NetBT \Device\NetBT_Tcpip_{F13F1175-6FFE-4933-9FF1-C09313112DEE} IRP_MJ_PNP 865A50E8
Device \Driver\NetBT \Device\NetbiosSmb IRP_MJ_CREATE 865A50E8
Device \Driver\NetBT \Device\NetbiosSmb IRP_MJ_CLOSE 865A50E8
Device \Driver\NetBT \Device\NetbiosSmb IRP_MJ_DEVICE_CONTROL 865A50E8
Device \Driver\NetBT \Device\NetbiosSmb IRP_MJ_INTERNAL_DEVICE_CONTROL 865A50E8
Device \Driver\NetBT \Device\NetbiosSmb IRP_MJ_CLEANUP 865A50E8
Device \Driver\NetBT \Device\NetbiosSmb IRP_MJ_PNP 865A50E8
Device \Driver\Disk \Device\Harddisk0\DR0 IRP_MJ_CREATE 8679B940
Device \Driver\Disk \Device\Harddisk0\DR0 IRP_MJ_CLOSE 8679B940
Device \Driver\Disk \Device\Harddisk0\DR0 IRP_MJ_READ 8679B940
Device \Driver\Disk \Device\Harddisk0\DR0 IRP_MJ_WRITE 8679B940
Device \Driver\Disk \Device\Harddisk0\DR0 IRP_MJ_FLUSH_BUFFERS 8679B940
Device \Driver\Disk \Device\Harddisk0\DR0 IRP_MJ_DEVICE_CONTROL 8679B940
Device \Driver\Disk \Device\Harddisk0\DR0 IRP_MJ_INTERNAL_DEVICE_CONTROL 8679B940
Device \Driver\Disk \Device\Harddisk0\DR0 IRP_MJ_SHUTDOWN 8679B940
Device \Driver\Disk \Device\Harddisk0\DR0 IRP_MJ_POWER 8679B940
Device \Driver\Disk \Device\Harddisk0\DR0 IRP_MJ_SYSTEM_CONTROL 8679B940
Device \Driver\Disk \Device\Harddisk0\DR0 IRP_MJ_PNP 8679B940
Device \Driver\Disk \Device\Harddisk1\DR1 IRP_MJ_CREATE 8679B940
Device \Driver\Disk \Device\Harddisk1\DR1 IRP_MJ_CLOSE 8679B940
Device \Driver\Disk \Device\Harddisk1\DR1 IRP_MJ_READ 8679B940
Device \Driver\Disk \Device\Harddisk1\DR1 IRP_MJ_WRITE 8679B940
Device \Driver\Disk \Device\Harddisk1\DR1 IRP_MJ_FLUSH_BUFFERS 8679B940
Device \Driver\Disk \Device\Harddisk1\DR1 IRP_MJ_DEVICE_CONTROL 8679B940
Device \Driver\Disk \Device\Harddisk1\DR1 IRP_MJ_INTERNAL_DEVICE_CONTROL 8679B940
Device \Driver\Disk \Device\Harddisk1\DR1 IRP_MJ_SHUTDOWN 8679B940
Device \Driver\Disk \Device\Harddisk1\DR1 IRP_MJ_POWER 8679B940
Device \Driver\Disk \Device\Harddisk1\DR1 IRP_MJ_SYSTEM_CONTROL 8679B940
Device \Driver\Disk \Device\Harddisk1\DR1 IRP_MJ_PNP 8679B940
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_CREATE 86389EB0
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_CREATE_NAMED_PIPE 86389EB0
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_CLOSE 86389EB0
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_READ 86389EB0
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_WRITE 86389EB0
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_QUERY_INFORMATION 86389EB0
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SET_INFORMATION 86389EB0
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_QUERY_EA 86389EB0
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SET_EA 86389EB0
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_FLUSH_BUFFERS 86389EB0
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_QUERY_VOLUME_INFORMATION 86389EB0
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SET_VOLUME_INFORMATION 86389EB0
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_DIRECTORY_CONTROL 86389EB0
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_FILE_SYSTEM_CONTROL 86389EB0
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_DEVICE_CONTROL 86389EB0
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_INTERNAL_DEVICE_CONTROL 86389EB0
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SHUTDOWN 86389EB0
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_LOCK_CONTROL 86389EB0
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_CLEANUP 86389EB0
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_CREATE_MAILSLOT 86389EB0
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_QUERY_SECURITY 86389EB0
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SET_SECURITY 86389EB0
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_POWER 86389EB0
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SYSTEM_CONTROL 86389EB0
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_DEVICE_CHANGE 86389EB0
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_QUERY_QUOTA 86389EB0
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SET_QUOTA 86389EB0
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_PNP 86389EB0
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_CREATE 86389EB0
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_CREATE_NAMED_PIPE 86389EB0
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_CLOSE 86389EB0
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_READ 86389EB0
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_WRITE 86389EB0
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_QUERY_INFORMATION 86389EB0
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SET_INFORMATION 86389EB0
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_QUERY_EA 86389EB0
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SET_EA 86389EB0
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_FLUSH_BUFFERS 86389EB0
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_QUERY_VOLUME_INFORMATION 86389EB0
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SET_VOLUME_INFORMATION 86389EB0
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_DIRECTORY_CONTROL 86389EB0
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_FILE_SYSTEM_CONTROL 86389EB0
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_DEVICE_CONTROL 86389EB0
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_INTERNAL_DEVICE_CONTROL 86389EB0
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SHUTDOWN 86389EB0
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_LOCK_CONTROL 86389EB0
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_CLEANUP 86389EB0
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_CREATE_MAILSLOT 86389EB0
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_QUERY_SECURITY 86389EB0
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SET_SECURITY 86389EB0
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_POWER 86389EB0
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SYSTEM_CONTROL 86389EB0
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_DEVICE_CHANGE 86389EB0
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_QUERY_QUOTA 86389EB0
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SET_QUOTA 86389EB0
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_PNP 86389EB0
Device \FileSystem\Npfs \Device\NamedPipe IRP_MJ_CREATE 8650AE88
Device \FileSystem\Npfs \Device\NamedPipe IRP_MJ_CREATE_NAMED_PIPE 8650AE88
Device \FileSystem\Npfs \Device\NamedPipe IRP_MJ_CLOSE 8650AE88
Device \FileSystem\Npfs \Device\NamedPipe IRP_MJ_READ 8650AE88
Device \FileSystem\Npfs \Device\NamedPipe IRP_MJ_WRITE 8650AE88
Device \FileSystem\Npfs \Device\NamedPipe IRP_MJ_QUERY_INFORMATION 8650AE88
Device \FileSystem\Npfs \Device\NamedPipe IRP_MJ_SET_INFORMATION 8650AE88
Device \FileSystem\Npfs \Device\NamedPipe IRP_MJ_FLUSH_BUFFERS 8650AE88
Device \FileSystem\Npfs \Device\NamedPipe IRP_MJ_QUERY_VOLUME_INFORMATION 8650AE88
Device \FileSystem\Npfs \Device\NamedPipe IRP_MJ_DIRECTORY_CONTROL 8650AE88
Device \FileSystem\Npfs \Device\NamedPipe IRP_MJ_FILE_SYSTEM_CONTROL 8650AE88
Device \FileSystem\Npfs \Device\NamedPipe IRP_MJ_CLEANUP 8650AE88
Device \FileSystem\Npfs \Device\NamedPipe IRP_MJ_QUERY_SECURITY 8650AE88
Device \FileSystem\Npfs \Device\NamedPipe IRP_MJ_SET_SECURITY 8650AE88
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_CREATE 867E4490
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_READ 867E4490
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_WRITE 867E4490
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_FLUSH_BUFFERS 867E4490
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_DEVICE_CONTROL 867E4490
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_INTERNAL_DEVICE_CONTROL 867E4490
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_SHUTDOWN 867E4490
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_CLEANUP 867E4490
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_POWER 867E4490
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_SYSTEM_CONTROL 867E4490
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_PNP 867E4490
Device \FileSystem\Msfs \Device\Mailslot IRP_MJ_CREATE 8637A0E8
Device \FileSystem\Msfs \Device\Mailslot IRP_MJ_CLOSE 8637A0E8
Device \FileSystem\Msfs \Device\Mailslot IRP_MJ_READ 8637A0E8
Device \FileSystem\Msfs \Device\Mailslot IRP_MJ_WRITE 8637A0E8
Device \FileSystem\Msfs \Device\Mailslot IRP_MJ_QUERY_INFORMATION 8637A0E8
Device \FileSystem\Msfs \Device\Mailslot IRP_MJ_SET_INFORMATION 8637A0E8
Device \FileSystem\Msfs \Device\Mailslot IRP_MJ_QUERY_VOLUME_INFORMATION 8637A0E8
Device \FileSystem\Msfs \Device\Mailslot IRP_MJ_DIRECTORY_CONTROL 8637A0E8
Device \FileSystem\Msfs \Device\Mailslot IRP_MJ_FILE_SYSTEM_CONTROL 8637A0E8
Device \FileSystem\Msfs \Device\Mailslot IRP_MJ_CLEANUP 8637A0E8
Device \FileSystem\Msfs \Device\Mailslot IRP_MJ_CREATE_MAILSLOT 8637A0E8
Device \FileSystem\Msfs \Device\Mailslot IRP_MJ_QUERY_SECURITY 8637A0E8
Device \FileSystem\Msfs \Device\Mailslot IRP_MJ_SET_SECURITY 8637A0E8
Device \Driver\Imagedrv \Device\Scsi\Imagedrv1Port0Path0Target0Lun0 IRP_MJ_CREATE 8679BEB0
Device \Driver\Imagedrv \Device\Scsi\Imagedrv1Port0Path0Target0Lun0 IRP_MJ_CREATE_NAMED_PIPE 8679BEB0
Device \Driver\Imagedrv \Device\Scsi\Imagedrv1Port0Path0Target0Lun0 IRP_MJ_CLOSE 8679BEB0
Device \Driver\Imagedrv \Device\Scsi\Imagedrv1Port0Path0Target0Lun0 IRP_MJ_READ 8679BEB0
Device \Driver\Imagedrv \Device\Scsi\Imagedrv1Port0Path0Target0Lun0 IRP_MJ_WRITE 8679BEB0
Device \Driver\Imagedrv \Device\Scsi\Imagedrv1Port0Path0Target0Lun0 IRP_MJ_QUERY_INFORMATION 8679BEB0
Device \Driver\Imagedrv \Device\Scsi\Imagedrv1Port0Path0Target0Lun0 IRP_MJ_SET_INFORMATION 8679BEB0
Device \Driver\Imagedrv \Device\Scsi\Imagedrv1Port0Path0Target0Lun0 IRP_MJ_QUERY_EA 8679BEB0
Device \Driver\Imagedrv \Device\Scsi\Imagedrv1Port0Path0Target0Lun0 IRP_MJ_SET_EA 8679BEB0
Device \Driver\Imagedrv \Device\Scsi\Imagedrv1Port0Path0Target0Lun0 IRP_MJ_FLUSH_BUFFERS 8679BEB0
Device \Driver\Imagedrv \Device\Scsi\Imagedrv1Port0Path0Target0Lun0 IRP_MJ_QUERY_VOLUME_INFORMATION 8679BEB0
Device \Driver\Imagedrv \Device\Scsi\Imagedrv1Port0Path0Target0Lun0 IRP_MJ_SET_VOLUME_INFORMATION 8679BEB0
Device \Driver\Imagedrv \Device\Scsi\Imagedrv1Port0Path0Target0Lun0 IRP_MJ_DIRECTORY_CONTROL 8679BEB0
Device \Driver\Imagedrv \Device\Scsi\Imagedrv1Port0Path0Target0Lun0 IRP_MJ_FILE_SYSTEM_CONTROL 8679BEB0
Device \Driver\Imagedrv \Device\Scsi\Imagedrv1Port0Path0Target0Lun0 IRP_MJ_DEVICE_CONTROL 8679BEB0
Device \Driver\Imagedrv \Device\Scsi\Imagedrv1Port0Path0Target0Lun0 IRP_MJ_INTERNAL_DEVICE_CONTROL 8679BEB0
Device \Driver\Imagedrv \Device\Scsi\Imagedrv1Port0Path0Target0Lun0 IRP_MJ_SHUTDOWN 8679BEB0
Device \Driver\Imagedrv \Device\Scsi\Imagedrv1Port0Path0Target0Lun0 IRP_MJ_LOCK_CONTROL 8679BEB0
Device \Driver\Imagedrv \Device\Scsi\Imagedrv1Port0Path0Target0Lun0 IRP_MJ_CLEANUP 8679BEB0
Device \Driver\Imagedrv \Device\Scsi\Imagedrv1Port0Path0Target0Lun0 IRP_MJ_CREATE_MAILSLOT 8679BEB0
Device \Driver\Imagedrv \Device\Scsi\Imagedrv1Port0Path0Target0Lun0 IRP_MJ_QUERY_SECURITY 8679BEB0
Device \Driver\Imagedrv \Device\Scsi\Imagedrv1Port0Path0Target0Lun0 IRP_MJ_SET_SECURITY 8679BEB0
Device \Driver\Imagedrv \Device\Scsi\Imagedrv1Port0Path0Target0Lun0 IRP_MJ_POWER 8679BEB0
Device \Driver\Imagedrv \Device\Scsi\Imagedrv1Port0Path0Target0Lun0 IRP_MJ_SYSTEM_CONTROL 8679BEB0
Device \Driver\Imagedrv \Device\Scsi\Imagedrv1Port0Path0Target0Lun0 IRP_MJ_DEVICE_CHANGE 8679BEB0
Device \Driver\Imagedrv \Device\Scsi\Imagedrv1Port0Path0Target0Lun0 IRP_MJ_QUERY_QUOTA 8679BEB0
Device \Driver\Imagedrv \Device\Scsi\Imagedrv1Port0Path0Target0Lun0 IRP_MJ_SET_QUOTA 8679BEB0
Device \Driver\Imagedrv \Device\Scsi\Imagedrv1Port0Path0Target0Lun0 IRP_MJ_PNP 8679BEB0
Device \Driver\dtscsi \Device\Scsi\dtscsi1Port5Path0Target0Lun0 IRP_MJ_CREATE 86601618
Device \Driver\dtscsi \Device\Scsi\dtscsi1Port5Path0Target0Lun0 IRP_MJ_CLOSE 86601618
Device \Driver\dtscsi \Device\Scsi\dtscsi1Port5Path0Target0Lun0 IRP_MJ_DEVICE_CONTROL 86601618
Device \Driver\dtscsi \Device\Scsi\dtscsi1Port5Path0Target0Lun0 IRP_MJ_INTERNAL_DEVICE_CONTROL 86601618
Device \Driver\dtscsi \Device\Scsi\dtscsi1Port5Path0Target0Lun0 IRP_MJ_POWER 86601618
Device \Driver\dtscsi \Device\Scsi\dtscsi1Port5Path0Target0Lun0 IRP_MJ_SYSTEM_CONTROL 86601618
Device \Driver\dtscsi \Device\Scsi\dtscsi1Port5Path0Target0Lun0 IRP_MJ_PNP 86601618
Device \Driver\Imagedrv \Device\Scsi\Imagedrv1 IRP_MJ_CREATE 8679BEB0
Device \Driver\Imagedrv \Device\Scsi\Imagedrv1 IRP_MJ_CREATE_NAMED_PIPE 8679BEB0
Device \Driver\Imagedrv \Device\Scsi\Imagedrv1 IRP_MJ_CLOSE 8679BEB0
Device \Driver\Imagedrv \Device\Scsi\Imagedrv1 IRP_MJ_READ 8679BEB0
Device \Driver\Imagedrv \Device\Scsi\Imagedrv1 IRP_MJ_WRITE 8679BEB0
Device \Driver\Imagedrv \Device\Scsi\Imagedrv1 IRP_MJ_QUERY_INFORMATION 8679BEB0
Device \Driver\Imagedrv \Device\Scsi\Imagedrv1 IRP_MJ_SET_INFORMATION 8679BEB0
Device \Driver\Imagedrv \Device\Scsi\Imagedrv1 IRP_MJ_QUERY_EA 8679BEB0
Device \Driver\Imagedrv \Device\Scsi\Imagedrv1 IRP_MJ_SET_EA 8679BEB0
Device \Driver\Imagedrv \Device\Scsi\Imagedrv1 IRP_MJ_FLUSH_BUFFERS 8679BEB0
Device \Driver\Imagedrv \Device\Scsi\Imagedrv1 IRP_MJ_QUERY_VOLUME_INFORMATION 8679BEB0
Device \Driver\Imagedrv \Device\Scsi\Imagedrv1 IRP_MJ_SET_VOLUME_INFORMATION 8679BEB0
Device \Driver\Imagedrv \Device\Scsi\Imagedrv1 IRP_MJ_DIRECTORY_CONTROL 8679BEB0
Device \Driver\Imagedrv \Device\Scsi\Imagedrv1 IRP_MJ_FILE_SYSTEM_CONTROL 8679BEB0
Device \Driver\Imagedrv \Device\Scsi\Imagedrv1 IRP_MJ_DEVICE_CONTROL 8679BEB0
Device \Driver\Imagedrv \Device\Scsi\Imagedrv1 IRP_MJ_INTERNAL_DEVICE_CONTROL 8679BEB0
Device \Driver\Imagedrv \Device\Scsi\Imagedrv1 IRP_MJ_SHUTDOWN 8679BEB0
Device \Driver\Imagedrv \Device\Scsi\Imagedrv1 IRP_MJ_LOCK_CONTROL 8679BEB0
Device \Driver\Imagedrv \Device\Scsi\Imagedrv1 IRP_MJ_CLEANUP 8679BEB0
Device \Driver\Imagedrv \Device\Scsi\Imagedrv1 IRP_MJ_CREATE_MAILSLOT 8679BEB0
Device \Driver\Imagedrv \Device\Scsi\Imagedrv1 IRP_MJ_QUERY_SECURITY 8679BEB0
Device \Driver\Imagedrv \Device\Scsi\Imagedrv1 IRP_MJ_SET_SECURITY 8679BEB0
Device \Driver\Imagedrv \Device\Scsi\Imagedrv1 IRP_MJ_POWER 8679BEB0
Device \Driver\Imagedrv \Device\Scsi\Imagedrv1 IRP_MJ_SYSTEM_CONTROL 8679BEB0
Device \Driver\Imagedrv \Device\Scsi\Imagedrv1 IRP_MJ_DEVICE_CHANGE 8679BEB0
Device \Driver\Imagedrv \Device\Scsi\Imagedrv1 IRP_MJ_QUERY_QUOTA 8679BEB0
Device \Driver\Imagedrv \Device\Scsi\Imagedrv1 IRP_MJ_SET_QUOTA 8679BEB0
Device \Driver\Imagedrv \Device\Scsi\Imagedrv1 IRP_MJ_PNP 8679BEB0
Device \Driver\dtscsi \Device\Scsi\dtscsi1 IRP_MJ_CREATE 86601618
Device \Driver\dtscsi \Device\Scsi\dtscsi1 IRP_MJ_CLOSE 86601618
Device \Driver\dtscsi \Device\Scsi\dtscsi1 IRP_MJ_DEVICE_CONTROL 86601618
Device \Driver\dtscsi \Device\Scsi\dtscsi1 IRP_MJ_INTERNAL_DEVICE_CONTROL 86601618
Device \Driver\dtscsi \Device\Scsi\dtscsi1 IRP_MJ_POWER 86601618
Device \Driver\dtscsi \Device\Scsi\dtscsi1 IRP_MJ_SYSTEM_CONTROL 86601618
Device \Driver\dtscsi \Device\Scsi\dtscsi1 IRP_MJ_PNP 86601618
Device \FileSystem\Fastfat \Fat IRP_MJ_CREATE 863D18C8
Device \FileSystem\Fastfat \Fat IRP_MJ_CLOSE 863D18C8
Device \FileSystem\Fastfat \Fat IRP_MJ_READ 863D18C8
Device \FileSystem\Fastfat \Fat IRP_MJ_WRITE 863D18C8
Device \FileSystem\Fastfat \Fat IRP_MJ_QUERY_INFORMATION 863D18C8
Device \FileSystem\Fastfat \Fat IRP_MJ_SET_INFORMATION 863D18C8
Device \FileSystem\Fastfat \Fat IRP_MJ_QUERY_EA 863D18C8
Device \FileSystem\Fastfat \Fat IRP_MJ_SET_EA 863D18C8
Device \FileSystem\Fastfat \Fat IRP_MJ_FLUSH_BUFFERS 863D18C8
Device \FileSystem\Fastfat \Fat IRP_MJ_QUERY_VOLUME_INFORMATION 863D18C8
Device \FileSystem\Fastfat \Fat IRP_MJ_SET_VOLUME_INFORMATION 863D18C8
Device \FileSystem\Fastfat \Fat IRP_MJ_DIRECTORY_CONTROL 863D18C8
Device \FileSystem\Fastfat \Fat IRP_MJ_FILE_SYSTEM_CONTROL 863D18C8
Device \FileSystem\Fastfat \Fat IRP_MJ_DEVICE_CONTROL 863D18C8
Device \FileSystem\Fastfat \Fat IRP_MJ_SHUTDOWN 863D18C8
Device \FileSystem\Fastfat \Fat IRP_MJ_LOCK_CONTROL 863D18C8
Device \FileSystem\Fastfat \Fat IRP_MJ_CLEANUP 863D18C8
Device \FileSystem\Fastfat \Fat IRP_MJ_PNP 863D18C8
Device \FileSystem\Cdfs \Cdfs IRP_MJ_CREATE 863DAEB0
Device \FileSystem\Cdfs \Cdfs IRP_MJ_CLOSE 863DAEB0
Device \FileSystem\Cdfs \Cdfs IRP_MJ_READ 863DAEB0
Device \FileSystem\Cdfs \Cdfs IRP_MJ_QUERY_INFORMATION 863DAEB0
Device \FileSystem\Cdfs \Cdfs IRP_MJ_SET_INFORMATION 863DAEB0
Device \FileSystem\Cdfs \Cdfs IRP_MJ_QUERY_VOLUME_INFORMATION 863DAEB0
Device \FileSystem\Cdfs \Cdfs IRP_MJ_DIRECTORY_CONTROL 863DAEB0
Device \FileSystem\Cdfs \Cdfs IRP_MJ_FILE_SYSTEM_CONTROL 863DAEB0
Device \FileSystem\Cdfs \Cdfs IRP_MJ_DEVICE_CONTROL 863DAEB0
Device \FileSystem\Cdfs \Cdfs IRP_MJ_SHUTDOWN 863DAEB0
Device \FileSystem\Cdfs \Cdfs IRP_MJ_LOCK_CONTROL 863DAEB0
Device \FileSystem\Cdfs \Cdfs IRP_MJ_CLEANUP 863DAEB0
Device \FileSystem\Cdfs \Cdfs IRP_MJ_PNP 863DAEB0
---- EOF - GMER 1.0.12 ----
file2.txt izgleda ovako:
GMER 1.0.12.12027 - gmer.net
Autostart scan 2007-02-21 01:42:57
Windows 5.1.2600 Service Pack 1
HKLM\SYSTEM\CurrentControlSet\Control\Session Manager@BootExecute = autocheck autochk * /*file not
found*/
HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems@Windows =
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On
SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3
ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16
HKLM\SYSTEM\CurrentControlSet\Control\WOW@cmdline = %SystemRoot%\system32\ntvdm.exe
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon >>>
@UserinitC:\WINDOWS\system32\userinit.exe, = C:\WINDOWS\system32\userinit.exe,
@ShellExplorer.exe = Explorer.exe
@System =
@UIHostlogonui.exe = logonui.exe
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ >>>
crypt32chain@DLLName = crypt32.dll
cryptnet@DLLName = cryptnet.dll
cscdll@DLLName = cscdll.dll
ScCertProp@DLLName = wlnotify.dll
Schedule@DLLName = wlnotify.dll
sclgntfy@DLLName = sclgntfy.dll
SensLogn@DLLName = WlNotify.dll
termsrv@DLLName = wlnotify.dll
wlballoon@DLLName = wlnotify.dll
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows@AppInit_DLLs =
HKLM\SYSTEM\CurrentControlSet\Services\ >>>
AudioSrv /*Windows Audio*/@ = %SystemRoot%\System32\svchost.exe -k netsvcs
Avg7Alrt /*AVG7 Alert Manager Server*/@ = C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
Avg7UpdSvc /*AVG7 Update Service*/@ = C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
Browser /*Computer Browser*/@ = %SystemRoot%\System32\svchost.exe -k netsvcs
CryptSvc /*Cryptographic Services*/@ = %SystemRoot%\system32\svchost.exe -k netsvcs
Dhcp /*DHCP Client*/@ = %SystemRoot%\System32\svchost.exe -k netsvcs
dmserver /*Logical Disk Manager*/@ = %SystemRoot%\System32\svchost.exe -k netsvcs
Dnscache /*DNS Client*/@ = %SystemRoot%\System32\svchost.exe -k NetworkService
ERSvc /*Error Reporting Service*/@ = %SystemRoot%\System32\svchost.exe -k netsvcs
Eventlog /*Event Log*/@ = %SystemRoot%\system32\services.exe
helpsvc /*Help and Support*/@ = %SystemRoot%\System32\svchost.exe -k netsvcs
lanmanserver /*Server*/@ = %SystemRoot%\System32\svchost.exe -k netsvcs
lanmanworkstation /*Workstation*/@ = %SystemRoot%\System32\svchost.exe -k netsvcs
LmHosts /*TCP/IP NetBIOS Helper*/@ = %SystemRoot%\System32\svchost.exe -k LocalService
MDM /*Machine Debug Manager*/@ = "C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE"
NVSvc /*NVIDIA Display Driver Service*/@ = %SystemRoot%\System32\nvsvc32.exe
PlugPlay /*Plug and Play*/@ = %SystemRoot%\system32\services.exe
PolicyAgent /*IPSEC Services*/@ = %SystemRoot%\System32\lsass.exe
ProtectedStorage /*Protected Storage*/@ = %SystemRoot%\system32\lsass.exe
RemoteRegistry /*Remote Registry*/@ = %SystemRoot%\system32\svchost.exe -k LocalService
RpcSs /*Remote Procedure Call (RPC)*/@ = %SystemRoot%\system32\svchost -k rpcss
SamSs /*Security Accounts Manager*/@ = %SystemRoot%\system32\lsass.exe
Schedule /*Task Scheduler*/@ = %SystemRoot%\System32\svchost.exe -k netsvcs
ScsiPort@ = %SystemRoot%\system32\drivers\scsiport.sys
seclogon /*Secondary Logon*/@ = %SystemRoot%\System32\svchost.exe -k netsvcs
SENS /*System Event Notification*/@ = %SystemRoot%\system32\svchost.exe -k netsvcs
ShellHWDetection /*Shell Hardware Detection*/@ = %SystemRoot%\System32\svchost.exe -k netsvcs
Spooler /*Print Spooler*/@ = %SystemRoot%\system32\spoolsv.exe
srservice /*System Restore Service*/@ = %SystemRoot%\System32\svchost.exe -k netsvcs
stisvc /*Windows Image Acquisition (WIA)*/@ = %SystemRoot%\System32\svchost.exe -k imgsvc
Themes /*Themes*/@ = %SystemRoot%\System32\svchost.exe -k netsvcs
TrkWks /*Distributed Link Tracking Client*/@ = %SystemRoot%\system32\svchost.exe -k netsvcs
UleadBurningHelper /*Ulead Burning Helper*/@ = C:\Program Files\Common Files\Ulead
Systems\DVD\ULCDRSvr.exe
uploadmgr /*Upload Manager*/@ = %SystemRoot%\System32\svchost.exe -k netsvcs
W32Time /*Windows Time*/@ = %SystemRoot%\System32\svchost.exe -k netsvcs
WebClient /*WebClient*/@ = %SystemRoot%\System32\svchost.exe -k LocalService
winmgmt /*Windows Management Instrumentation*/@ = %systemroot%\system32\svchost.exe -k netsvcs
WmdmPmSp /*Portable Media Serial Number*/@ = %SystemRoot%\System32\svchost.exe -k netsvcs
wuauserv /*Automatic Updates*/@ = %SystemRoot%\system32\svchost.exe -k netsvcs
WZCSVC /*Wireless Zero Configuration*/@ = %SystemRoot%\System32\svchost.exe -k netsvcs
HKLM\Software\Microsoft\Windows\CurrentVersion\Run >>>
@AVG7_CCC:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP = C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
/STARTUP
@SunJavaUpdateSched"C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe" = "C:\Program
Files\Java\jre1.5.0_10\bin\jusched.exe"
@NeroCheckC:\WINDOWS\system32\NeroCheck.exe = C:\WINDOWS\system32\NeroCheck.exe
@DAEMON Tools"C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033 = "C:\Program Files\DAEMON
Tools\daemon.exe" -lang 1033
@NvCplDaemonRUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup = RUNDLL32.EXE
C:\WINDOWS\System32\NvCpl.dll,NvStartup
@nwiznwiz.exe /install = nwiz.exe /install
@NvMediaCenterRUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit = RUNDLL32.EXE
C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
RunOnceEx@Flag = 2 /*file not found*/
HKCU\Software\Microsoft\Windows\CurrentVersion\Run >>>
@ctfmon.exeC:\WINDOWS\System32\ctfmon.exe = C:\WINDOWS\System32\ctfmon.exe
@SpybotSD TeaTimerC:\Program Files\Spybot - Search & Destroy\TeaTimer.exe = C:\Program Files\Spybot - Search
& Destroy\TeaTimer.exe
@swgC:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe = C:\Program
Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
HKLM\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad >>>
@PostBootReminder%SystemRoot%\system32\SHELL32.dll = %SystemRoot%\system32\SHELL32.dll
@CDBurn%SystemRoot%\system32\SHELL32.dll = %SystemRoot%\system32\SHELL32.dll
@WebCheck%SystemRoot%\System32\webcheck.dll = %SystemRoot%\System32\webcheck.dll
@SysTrayC:\WINDOWS\System32\stobject.dll = C:\WINDOWS\System32\stobject.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler >>>
@{438755C2-A8BA-11D1-B96B-00A0C90312E1}%SystemRoot%\System32\browseui.dll =
%SystemRoot%\System32\browseui.dll
@{8C7461EF-2B13-11d2-BE35-3078302C2030}%SystemRoot%\System32\browseui.dll =
%SystemRoot%\System32\browseui.dll
HKLM\Software\Classes\Folder\shell\open\command@ = %SystemRoot%\Explorer.exe /idlist,%I,%L
HKLM\Software\Classes\Folder\shell\explore\command@ = %SystemRoot%\Explorer.exe /e,/idlist,%I,%L
HKLM\Software\Classes\ >>>
.exe@ = "%1" %*
.com@ = "%1" %*
.cmd@ = "%1" %*
.bat@ = "%1" %*
.pif@ = "%1" %*
.scr@ = "%1" /S
.hta@ = C:\WINDOWS\System32\mshta.exe "%1" %*
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks@{AEB6717E-7E19-11d0-97EE-00
C04FD91972} = shell32.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved >>>
@{00022613-0000-0000-C000-000000000046} /*Multimedia File Property Sheet*/mmsys.cpl = mmsys.cpl
@{176d6597-26d3-11d1-b350-080036a75b03} /*ICM Scanner Management*/icmui.dll = icmui.dll
@{1F2E5C40-9550-11CE-99D2-00AA006E086C} /*NTFS Security Page*/rshx32.dll = rshx32.dll
@{3EA48300-8CF6-101B-84FB-666CCB9BCD32} /*OLE Docfile Property Page*/docprop.dll = docprop.dll
@{40dd6e20-7c17-11ce-a804-00aa003ca9f6} /*Shell extensions for sharing*/ntshrui.dll = ntshrui.dll
@{41E300E0-78B6-11ce-849B-444553540000} /*PlusPack CPL Extension*/%SystemRoot%\System32\themeui.dll =
%SystemRoot%\System32\themeui.dll
@{42071712-76d4-11d1-8b24-00a0c9068ff3} /*Display Adapter CPL Extension*/deskadp.dll = deskadp.dll
@{42071713-76d4-11d1-8b24-00a0c9068ff3} /*Display Monitor CPL Extension*/deskmon.dll = deskmon.dll
@{42071714-76d4-11d1-8b24-00a0c9068ff3} /*Display Panning CPL Extension*/deskpan.dll /*file not found*/ =
deskpan.dll /*file not found*/
@{4E40F770-369C-11d0-8922-00A024AB2DBB} /*DS Security Page*/dssec.dll = dssec.dll
@{513D916F-2A8E-4F51-AEAB-0CBC76FB1AF8} /*Compatibility Page*/SlayerXP.dll = SlayerXP.dll
@{56117100-C0CD-101B-81E2-00AA004AE837} /*Shell Scrap DataHandler*/shscrap.dll = shscrap.dll
@{59099400-57FF-11CE-BD94-0020AF85B590} /*Disk Copy Extension*/diskcopy.dll = diskcopy.dll
@{59be4990-f85c-11ce-aff7-00aa003ca9f6} /*Shell extensions for Microsoft Windows Network objects*/ntlanui2.dll
= ntlanui2.dll
@{5DB2625A-54DF-11D0-B6C4-0800091AA605} /*ICM Monitor Management*/%SystemRoot%\System32\icmui.dll =
%SystemRoot%\System32\icmui.dll
@{675F097E-4C4D-11D0-B6C1-0800091AA605} /*ICM Printer Management*/%SystemRoot%\system32\icmui.dll =
%SystemRoot%\system32\icmui.dll
@{764BF0E1-F219-11ce-972D-00AA00A14F56} /*Shell extensions for file compression*/(null) =
@{77597368-7b15-11d0-a0c2-080036af3f03} /*Web Printer Shell Extension*/printui.dll = printui.dll
@{7988B573-EC89-11cf-9C00-00AA00A14F56} /*Disk Quota UI*/dskquoui.dll = dskquoui.dll
@{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA} /*Encryption Context Menu*/(null) =
@{85BBD920-42A0-1069-A2E4-08002B30309D} /*Briefcase*/syncui.dll = syncui.dll
@{88895560-9AA2-1069-930E-00AA0030EBC8} /*HyperTerminal Icon Ext*/C:\WINDOWS\System32\hticons.dll =
C:\WINDOWS\System32\hticons.dll
@{BD84B380-8CA2-1069-AB1D-08000948F534} /*Fonts*/fontext.dll = fontext.dll
@{DBCE2480-C732-101B-BE72-BA78E9AD5B27} /*ICC Profile*/%SystemRoot%\system32\icmui.dll =
%SystemRoot%\system32\icmui.dll
@{F37C5810-4D3F-11d0-B4BF-00AA00BBB723} /*Printers Security Page*/rshx32.dll = rshx32.dll
@{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6} /*Shell extensions for sharing*/ntshrui.dll = ntshrui.dll
@{f92e8c40-3d33-11d2-b1aa-080036a75b03} /*Display TroubleShoot CPL Extension*/deskperf.dll = deskperf.dll
@{7444C717-39BF-11D1-8CD9-00C04FC29D45} /*Crypto PKO Extension*/C:\WINDOWS\system32\cryptext.dll =
C:\WINDOWS\system32\cryptext.dll
@{7444C719-39BF-11D1-8CD9-00C04FC29D45} /*Crypto Sign Extension*/C:\WINDOWS\system32\cryptext.dll =
C:\WINDOWS\system32\cryptext.dll
@{7007ACC7-3202-11D1-AAD2-00805FC1270E} /*Network Connections*/C:\WINDOWS\system32\NETSHELL.dll =
C:\WINDOWS\system32\NETSHELL.dll
@{992CFFA0-F557-101A-88EC-00DD010CCC48} /*Network Connections*/C:\WINDOWS\system32\NETSHELL.dll =
C:\WINDOWS\system32\NETSHELL.dll
@{E211B736-43FD-11D1-9EFB-0000F8757FCD} /*Scanners & Cameras*/wiashext.dll = wiashext.dll
@{FB0C9C8A-6C50-11D1-9F1D-0000F87
|
|
|
|
|
|
|
Poslao: 21 Feb 2007 01:47
|
offline
- skadarlija
- Novi MyCity građanin
- Pridružio: 20 Feb 2007
- Poruke: 10
|
Imam utisak da file2.txt nije stigao ceo. Evo ga opet:
GMER 1.0.12.12027 - gmer.net
Autostart scan 2007-02-21 01:42:57
Windows 5.1.2600 Service Pack 1
HKLM\SYSTEM\CurrentControlSet\Control\Session Manager@BootExecute = autocheck autochk * /*file not found*/
HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems@Windows = %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16
HKLM\SYSTEM\CurrentControlSet\Control\WOW@cmdline = %SystemRoot%\system32\ntvdm.exe
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon >>>
@UserinitC:\WINDOWS\system32\userinit.exe, = C:\WINDOWS\system32\userinit.exe,
@ShellExplorer.exe = Explorer.exe
@System =
@UIHostlogonui.exe = logonui.exe
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ >>>
crypt32chain@DLLName = crypt32.dll
cryptnet@DLLName = cryptnet.dll
cscdll@DLLName = cscdll.dll
ScCertProp@DLLName = wlnotify.dll
Schedule@DLLName = wlnotify.dll
sclgntfy@DLLName = sclgntfy.dll
SensLogn@DLLName = WlNotify.dll
termsrv@DLLName = wlnotify.dll
wlballoon@DLLName = wlnotify.dll
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows@AppInit_DLLs =
HKLM\SYSTEM\CurrentControlSet\Services\ >>>
AudioSrv /*Windows Audio*/@ = %SystemRoot%\System32\svchost.exe -k netsvcs
Avg7Alrt /*AVG7 Alert Manager Server*/@ = C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
Avg7UpdSvc /*AVG7 Update Service*/@ = C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
Browser /*Computer Browser*/@ = %SystemRoot%\System32\svchost.exe -k netsvcs
CryptSvc /*Cryptographic Services*/@ = %SystemRoot%\system32\svchost.exe -k netsvcs
Dhcp /*DHCP Client*/@ = %SystemRoot%\System32\svchost.exe -k netsvcs
dmserver /*Logical Disk Manager*/@ = %SystemRoot%\System32\svchost.exe -k netsvcs
Dnscache /*DNS Client*/@ = %SystemRoot%\System32\svchost.exe -k NetworkService
ERSvc /*Error Reporting Service*/@ = %SystemRoot%\System32\svchost.exe -k netsvcs
Eventlog /*Event Log*/@ = %SystemRoot%\system32\services.exe
helpsvc /*Help and Support*/@ = %SystemRoot%\System32\svchost.exe -k netsvcs
lanmanserver /*Server*/@ = %SystemRoot%\System32\svchost.exe -k netsvcs
lanmanworkstation /*Workstation*/@ = %SystemRoot%\System32\svchost.exe -k netsvcs
LmHosts /*TCP/IP NetBIOS Helper*/@ = %SystemRoot%\System32\svchost.exe -k LocalService
MDM /*Machine Debug Manager*/@ = "C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE"
NVSvc /*NVIDIA Display Driver Service*/@ = %SystemRoot%\System32\nvsvc32.exe
PlugPlay /*Plug and Play*/@ = %SystemRoot%\system32\services.exe
PolicyAgent /*IPSEC Services*/@ = %SystemRoot%\System32\lsass.exe
ProtectedStorage /*Protected Storage*/@ = %SystemRoot%\system32\lsass.exe
RemoteRegistry /*Remote Registry*/@ = %SystemRoot%\system32\svchost.exe -k LocalService
RpcSs /*Remote Procedure Call (RPC)*/@ = %SystemRoot%\system32\svchost -k rpcss
SamSs /*Security Accounts Manager*/@ = %SystemRoot%\system32\lsass.exe
Schedule /*Task Scheduler*/@ = %SystemRoot%\System32\svchost.exe -k netsvcs
ScsiPort@ = %SystemRoot%\system32\drivers\scsiport.sys
seclogon /*Secondary Logon*/@ = %SystemRoot%\System32\svchost.exe -k netsvcs
SENS /*System Event Notification*/@ = %SystemRoot%\system32\svchost.exe -k netsvcs
ShellHWDetection /*Shell Hardware Detection*/@ = %SystemRoot%\System32\svchost.exe -k netsvcs
Spooler /*Print Spooler*/@ = %SystemRoot%\system32\spoolsv.exe
srservice /*System Restore Service*/@ = %SystemRoot%\System32\svchost.exe -k netsvcs
stisvc /*Windows Image Acquisition (WIA)*/@ = %SystemRoot%\System32\svchost.exe -k imgsvc
Themes /*Themes*/@ = %SystemRoot%\System32\svchost.exe -k netsvcs
TrkWks /*Distributed Link Tracking Client*/@ = %SystemRoot%\system32\svchost.exe -k netsvcs
UleadBurningHelper /*Ulead Burning Helper*/@ = C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
uploadmgr /*Upload Manager*/@ = %SystemRoot%\System32\svchost.exe -k netsvcs
W32Time /*Windows Time*/@ = %SystemRoot%\System32\svchost.exe -k netsvcs
WebClient /*WebClient*/@ = %SystemRoot%\System32\svchost.exe -k LocalService
winmgmt /*Windows Management Instrumentation*/@ = %systemroot%\system32\svchost.exe -k netsvcs
WmdmPmSp /*Portable Media Serial Number*/@ = %SystemRoot%\System32\svchost.exe -k netsvcs
wuauserv /*Automatic Updates*/@ = %SystemRoot%\system32\svchost.exe -k netsvcs
WZCSVC /*Wireless Zero Configuration*/@ = %SystemRoot%\System32\svchost.exe -k netsvcs
HKLM\Software\Microsoft\Windows\CurrentVersion\Run >>>
@AVG7_CCC:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP = C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
@SunJavaUpdateSched"C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe" = "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
@NeroCheckC:\WINDOWS\system32\NeroCheck.exe = C:\WINDOWS\system32\NeroCheck.exe
@DAEMON Tools"C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033 = "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
@NvCplDaemonRUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup = RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
@nwiznwiz.exe /install = nwiz.exe /install
@NvMediaCenterRUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit = RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
RunOnceEx@Flag = 2 /*file not found*/
HKCU\Software\Microsoft\Windows\CurrentVersion\Run >>>
@ctfmon.exeC:\WINDOWS\System32\ctfmon.exe = C:\WINDOWS\System32\ctfmon.exe
@SpybotSD TeaTimerC:\Program Files\Spybot - Search & Destroy\TeaTimer.exe = C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
@swgC:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe = C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
HKLM\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad >>>
@PostBootReminder%SystemRoot%\system32\SHELL32.dll = %SystemRoot%\system32\SHELL32.dll
@CDBurn%SystemRoot%\system32\SHELL32.dll = %SystemRoot%\system32\SHELL32.dll
@WebCheck%SystemRoot%\System32\webcheck.dll = %SystemRoot%\System32\webcheck.dll
@SysTrayC:\WINDOWS\System32\stobject.dll = C:\WINDOWS\System32\stobject.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler >>>
@{438755C2-A8BA-11D1-B96B-00A0C90312E1}%SystemRoot%\System32\browseui.dll = %SystemRoot%\System32\browseui.dll
@{8C7461EF-2B13-11d2-BE35-3078302C2030}%SystemRoot%\System32\browseui.dll = %SystemRoot%\System32\browseui.dll
HKLM\Software\Classes\Folder\shell\open\command@ = %SystemRoot%\Explorer.exe /idlist,%I,%L
HKLM\Software\Classes\Folder\shell\explore\command@ = %SystemRoot%\Explorer.exe /e,/idlist,%I,%L
HKLM\Software\Classes\ >>>
.exe@ = "%1" %*
.com@ = "%1" %*
.cmd@ = "%1" %*
.bat@ = "%1" %*
.pif@ = "%1" %*
.scr@ = "%1" /S
.hta@ = C:\WINDOWS\System32\mshta.exe "%1" %*
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks@{AEB6717E-7E19-11d0-97EE-00C04FD91972} = shell32.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved >>>
@{00022613-0000-0000-C000-000000000046} /*Multimedia File Property Sheet*/mmsys.cpl = mmsys.cpl
@{176d6597-26d3-11d1-b350-080036a75b03} /*ICM Scanner Management*/icmui.dll = icmui.dll
@{1F2E5C40-9550-11CE-99D2-00AA006E086C} /*NTFS Security Page*/rshx32.dll = rshx32.dll
@{3EA48300-8CF6-101B-84FB-666CCB9BCD32} /*OLE Docfile Property Page*/docprop.dll = docprop.dll
@{40dd6e20-7c17-11ce-a804-00aa003ca9f6} /*Shell extensions for sharing*/ntshrui.dll = ntshrui.dll
@{41E300E0-78B6-11ce-849B-444553540000} /*PlusPack CPL Extension*/%SystemRoot%\System32\themeui.dll = %SystemRoot%\System32\themeui.dll
@{42071712-76d4-11d1-8b24-00a0c9068ff3} /*Display Adapter CPL Extension*/deskadp.dll = deskadp.dll
@{42071713-76d4-11d1-8b24-00a0c9068ff3} /*Display Monitor CPL Extension*/deskmon.dll = deskmon.dll
@{42071714-76d4-11d1-8b24-00a0c9068ff3} /*Display Panning CPL Extension*/deskpan.dll /*file not found*/ = deskpan.dll /*file not found*/
@{4E40F770-369C-11d0-8922-00A024AB2DBB} /*DS Security Page*/dssec.dll = dssec.dll
@{513D916F-2A8E-4F51-AEAB-0CBC76FB1AF8} /*Compatibility Page*/SlayerXP.dll = SlayerXP.dll
@{56117100-C0CD-101B-81E2-00AA004AE837} /*Shell Scrap DataHandler*/shscrap.dll = shscrap.dll
@{59099400-57FF-11CE-BD94-0020AF85B590} /*Disk Copy Extension*/diskcopy.dll = diskcopy.dll
@{59be4990-f85c-11ce-aff7-00aa003ca9f6} /*Shell extensions for Microsoft Windows Network objects*/ntlanui2.dll = ntlanui2.dll
@{5DB2625A-54DF-11D0-B6C4-0800091AA605} /*ICM Monitor Management*/%SystemRoot%\System32\icmui.dll = %SystemRoot%\System32\icmui.dll
@{675F097E-4C4D-11D0-B6C1-0800091AA605} /*ICM Printer Management*/%SystemRoot%\system32\icmui.dll = %SystemRoot%\system32\icmui.dll
@{764BF0E1-F219-11ce-972D-00AA00A14F56} /*Shell extensions for file compression*/(null) =
@{77597368-7b15-11d0-a0c2-080036af3f03} /*Web Printer Shell Extension*/printui.dll = printui.dll
@{7988B573-EC89-11cf-9C00-00AA00A14F56} /*Disk Quota UI*/dskquoui.dll = dskquoui.dll
@{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA} /*Encryption Context Menu*/(null) =
@{85BBD920-42A0-1069-A2E4-08002B30309D} /*Briefcase*/syncui.dll = syncui.dll
@{88895560-9AA2-1069-930E-00AA0030EBC8} /*HyperTerminal Icon Ext*/C:\WINDOWS\System32\hticons.dll = C:\WINDOWS\System32\hticons.dll
@{BD84B380-8CA2-1069-AB1D-08000948F534} /*Fonts*/fontext.dll = fontext.dll
@{DBCE2480-C732-101B-BE72-BA78E9AD5B27} /*ICC Profile*/%SystemRoot%\system32\icmui.dll = %SystemRoot%\system32\icmui.dll
@{F37C5810-4D3F-11d0-B4BF-00AA00BBB723} /*Printers Security Page*/rshx32.dll = rshx32.dll
@{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6} /*Shell extensions for sharing*/ntshrui.dll = ntshrui.dll
@{f92e8c40-3d33-11d2-b1aa-080036a75b03} /*Display TroubleShoot CPL Extension*/deskperf.dll = deskperf.dll
@{7444C717-39BF-11D1-8CD9-00C04FC29D45} /*Crypto PKO Extension*/C:\WINDOWS\system32\cryptext.dll = C:\WINDOWS\system32\cryptext.dll
@{7444C719-39BF-11D1-8CD9-00C04FC29D45} /*Crypto Sign Extension*/C:\WINDOWS\system32\cryptext.dll = C:\WINDOWS\system32\cryptext.dll
@{7007ACC7-3202-11D1-AAD2-00805FC1270E} /*Network Connections*/C:\WINDOWS\system32\NETSHELL.dll = C:\WINDOWS\system32\NETSHELL.dll
@{992CFFA0-F557-101A-88EC-00DD010CCC48} /*Network Connections*/C:\WINDOWS\system32\NETSHELL.dll = C:\WINDOWS\system32\NETSHELL.dll
@{E211B736-43FD-11D1-9EFB-0000F8757FCD} /*Scanners & Cameras*/wiashext.dll = wiashext.dll
@{FB0C9C8A-6C50-11D1-9F1D-0000F8757FCD} /*Scanners & Cameras*/wiashext.dll = wiashext.dll
@{905667aa-acd6-11d2-8080-00805f6596d2} /*Scanners & Cameras*/wiashext.dll = wiashext.dll
@{3F953603-1008-4f6e-A73A-04AAC7A992F1} /*Scanners & Cameras*/wiashext.dll = wiashext.dll
@{83bbcbf3-b28a-4919-a5aa-73027445d672} /*Scanners & Cameras*/wiashext.dll = wiashext.dll
@{F0152790-D56E-4445-850E-4F3117DB740C} /*Remote Sessions CPL Extension*/C:\WINDOWS\System32\remotepg.dll = C:\WINDOWS\System32\remotepg.dll
@{5F327514-6C5E-4d60-8F16-D07FA08A78ED} /*Auto Update Property Sheet Extension*/C:\WINDOWS\System32\wuaueng.dll = C:\WINDOWS\System32\wuaueng.dll
@{60254CA5-953B-11CF-8C96-00AA00B8708C} /*Shell extensions for Windows Script Host*/C:\WINDOWS\System32\wshext.dll = C:\WINDOWS\System32\wshext.dll
@{2206CDB2-19C1-11D1-89E0-00C04FD7A829} /*Microsoft Data Link*/C:\Program Files\Common Files\System\Ole DB\oledb32.dll = C:\Program Files\Common Files\System\Ole DB\oledb32.dll
@{DD2110F0-9EEF-11cf-8D8E-00AA0060F5BF} /*Tasks Folder Icon Handler*/C:\WINDOWS\System32\mstask.dll = C:\WINDOWS\System32\mstask.dll
@{797F1E90-9EDD-11cf-8D8E-00AA0060F5BF} /*Tasks Folder Shell Extension*/C:\WINDOWS\System32\mstask.dll = C:\WINDOWS\System32\mstask.dll
@{D6277990-4C6A-11CF-8D87-00AA0060F5BF} /*Scheduled Tasks*/C:\WINDOWS\System32\mstask.dll = C:\WINDOWS\System32\mstask.dll
@{0DF44EAA-FF21-4412-828E-260A8728E7F1} /*Taskbar and Start Menu*/(null) =
@{2559a1f0-21d7-11d4-bdaf-00c04f60b9f0} /*Search*/%SystemRoot%\system32\shdocvw.dll = %SystemRoot%\system32\shdocvw.dll
@{2559a1f1-21d7-11d4-bdaf-00c04f60b9f0} /*Help and Support*/%SystemRoot%\system32\shdocvw.dll = %SystemRoot%\system32\shdocvw.dll
@{2559a1f2-21d7-11d4-bdaf-00c04f60b9f0} /*Help and Support*/%SystemRoot%\system32\shdocvw.dll = %SystemRoot%\system32\shdocvw.dll
@{2559a1f3-21d7-11d4-bdaf-00c04f60b9f0} /*Run...*/%SystemRoot%\system32\shdocvw.dll = %SystemRoot%\system32\shdocvw.dll
@{2559a1f4-21d7-11d4-bdaf-00c04f60b9f0} /*Internet*/%SystemRoot%\system32\shdocvw.dll = %SystemRoot%\system32\shdocvw.dll
@{2559a1f5-21d7-11d4-bdaf-00c04f60b9f0} /*E-mail*/%SystemRoot%\system32\shdocvw.dll = %SystemRoot%\system32\shdocvw.dll
@{D20EA4E1-3957-11d2-A40B-0C5020524152} /*Fonts*/%SystemRoot%\system32\shdocvw.dll = %SystemRoot%\system32\shdocvw.dll
@{D20EA4E1-3957-11d2-A40B-0C5020524153} /*Administrative Tools*/%SystemRoot%\system32\shdocvw.dll = %SystemRoot%\system32\shdocvw.dll
@{875CB1A1-0F29-45de-A1AE-CFB4950D0B78} /*Audio Media Properties Handler*/%SystemRoot%\System32\shmedia.dll = %SystemRoot%\System32\shmedia.dll
@{40C3D757-D6E4-4b49-BB41-0E5BBEA28817} /*Video Media Properties Handler*/%SystemRoot%\System32\shmedia.dll = %SystemRoot%\System32\shmedia.dll
@{E4B29F9D-D390-480b-92FD-7DDB47101D71} /*Wav Properties Handler*/%SystemRoot%\System32\shmedia.dll = %SystemRoot%\System32\shmedia.dll
@{87D62D94-71B3-4b9a-9489-5FE6850DC73E} /*Avi Properties Handler*/%SystemRoot%\System32\shmedia.dll = %SystemRoot%\System32\shmedia.dll
@{A6FD9E45-6E44-43f9-8644-08598F5A74D9} /*Midi Properties Handler*/%SystemRoot%\System32\shmedia.dll = %SystemRoot%\System32\shmedia.dll
@{c5a40261-cd64-4ccf-84cb-c394da41d590} /*Video Thumbnail Extractor*/%SystemRoot%\System32\shmedia.dll = %SystemRoot%\System32\shmedia.dll
@{5E6AB780-7743-11CF-A12B-00AA004AE837} /*Microsoft Internet Toolbar*/%SystemRoot%\System32\browseui.dll = %SystemRoot%\System32\browseui.dll
@{22BF0C20-6DA7-11D0-B373-00A0C9034938} /*Download Status*/%SystemRoot%\System32\browseui.dll = %SystemRoot%\System32\browseui.dll
@{91EA3F8B-C99B-11d0-9815-00C04FD91972} /*Augmented Shell Folder*/%SystemRoot%\System32\browseui.dll = %SystemRoot%\System32\browseui.dll
@{6413BA2C-B461-11d1-A18A-080036B11A03} /*Augmented Shell Folder 2*/%SystemRoot%\System32\browseui.dll = %SystemRoot%\System32\browseui.dll
@{F61FFEC1-754F-11d0-80CA-00AA005B4383} /*BandProxy*/%SystemRoot%\System32\browseui.dll = %SystemRoot%\System32\browseui.dll
@{7BA4C742-9E81-11CF-99D3-00AA004AE837} /*Microsoft BrowserBand*/%SystemRoot%\System32\browseui.dll = %SystemRoot%\System32\browseui.dll
@{30D02401-6A81-11d0-8274-00C04FD5AE38} /*Search Band*/%SystemRoot%\System32\browseui.dll = %SystemRoot%\System32\browseui.dll
@{32683183-48a0-441b-a342-7c2a440a9478} /*Media Band*/%SystemRoot%\System32\browseui.dll = %SystemRoot%\System32\browseui.dll
@{169A0691-8DF9-11d1-A1C4-00C04FD75D13} /*In-pane search*/%SystemRoot%\System32\browseui.dll = %SystemRoot%\System32\browseui.dll
@{07798131-AF23-11d1-9111-00A0C98BA67D} /*Web Search*/%SystemRoot%\System32\browseui.dll = %SystemRoot%\System32\browseui.dll
@{AF4F6510-F982-11d0-8595-00AA004CD6D8} /*Registry Tree Options Utility*/%SystemRoot%\System32\browseui.dll = %SystemRoot%\System32\browseui.dll
@{01E04581-4EEE-11d0-BFE9-00AA005B4383} /*&Address*/%SystemRoot%\System32\browseui.dll = %SystemRoot%\System32\browseui.dll
@{A08C11D2-A228-11d0-825B-00AA005B4383} /*Address EditBox*/%SystemRoot%\System32\browseui.dll = %SystemRoot%\System32\browseui.dll
@{00BB2763-6A77-11D0-A535-00C04FD7D062} /*Microsoft AutoComplete*/%SystemRoot%\System32\browseui.dll = %SystemRoot%\System32\browseui.dll
@{7376D660-C583-11d0-A3A5-00C04FD706EC} /*TridentImageExtractor*/%SystemRoot%\System32\browseui.dll = %SystemRoot%\System32\browseui.dll
@{6756A641-DE71-11d0-831B-00AA005B4383} /*MRU AutoComplete List*/%SystemRoot%\System32\browseui.dll = %SystemRoot%\System32\browseui.dll
@{6935DB93-21E8-4ccc-BEB9-9FE3C77A297A} /*Custom MRU AutoCompleted List*/%SystemRoot%\System32\browseui.dll = %SystemRoot%\System32\browseui.dll
@{7e653215-fa25-46bd-a339-34a2790f3cb7} /*Accessible*/%SystemRoot%\System32\browseui.dll = %SystemRoot%\System32\browseui.dll
@{acf35015-526e-4230-9596-becbe19f0ac9} /*Track Popup Bar*/%SystemRoot%\System32\browseui.dll = %SystemRoot%\System32\browseui.dll
@{E0E11A09-5CB8-4B6C-8332-E00720A168F2} /*Address Bar Parser*/%SystemRoot%\System32\browseui.dll = %SystemRoot%\System32\browseui.dll
@{00BB2764-6A77-11D0-A535-00C04FD7D062} /*Microsoft History AutoComplete List*/%SystemRoot%\System32\browseui.dll = %SystemRoot%\System32\browseui.dll
@{03C036F1-A186-11D0-824A-00AA005B4383} /*Microsoft Shell Folder AutoComplete List*/%SystemRoot%\System32\browseui.dll = %SystemRoot%\System32\browseui.dll
@{00BB2765-6A77-11D0-A535-00C04FD7D062} /*Microsoft Multiple AutoComplete List Container*/%SystemRoot%\System32\browseui.dll = %SystemRoot%\System32\browseui.dll
@{ECD4FC4E-521C-11D0-B792-00A0C90312E1} /*Shell Band Site Menu*/%SystemRoot%\System32\browseui.dll = %SystemRoot%\System32\browseui.dll
@{3CCF8A41-5C85-11d0-9796-00AA00B90ADF} /*Shell DeskBarApp*/%SystemRoot%\System32\browseui.dll = %SystemRoot%\System32\browseui.dll
@{ECD4FC4C-521C-11D0-B792-00A0C90312E1} /*Shell DeskBar*/%SystemRoot%\System32\browseui.dll = %SystemRoot%\System32\browseui.dll
@{ECD4FC4D-521C-11D0-B792-00A0C90312E1} /*Shell Rebar BandSite*/%SystemRoot%\System32\browseui.dll = %SystemRoot%\System32\browseui.dll
@{DD313E04-FEFF-11d1-8ECD-0000F87A470C} /*User Assist*/%SystemRoot%\System32\browseui.dll = %SystemRoot%\System32\browseui.dll
@{EF8AD2D1-AE36-11D1-B2D2-006097DF8C11} /*Global Folder Settings*/%SystemRoot%\System32\browseui.dll = %SystemRoot%\System32\browseui.dll
@{EFA24E61-B078-11d0-89E4-00C04FC9E26E} /*Favorites Band*/%SystemRoot%\System32\shdocvw.dll = %SystemRoot%\System32\shdocvw.dll
@{0A89A860-D7B1-11CE-8350-444553540000} /*Shell Automation Inproc Service*/%SystemRoot%\System32\shdocvw.dll = %SystemRoot%\System32\shdocvw.dll
@{E7E4BC40-E76A-11CE-A9BB-00AA004AE837} /*Shell DocObject Viewer*/%SystemRoot%\System32\shdocvw.dll = %SystemRoot%\System32\shdocvw.dll
@{A5E46E3A-8849-11D1-9D8C-00C04FC99D61} /*Microsoft Browser Architecture*/%SystemRoot%\System32\shdocvw.dll = %SystemRoot%\System32\shdocvw.dll
@{FBF23B40-E3F0-101B-8488-00AA003E56F8} /*InternetShortcut*/shdocvw.dll = shdocvw.dll
@{3C374A40-BAE4-11CF-BF7D-00AA006946EE} /*Microsoft Url History Service*/%SystemRoot%\System32\shdocvw.dll = %SystemRoot%\System32\shdocvw.dll
@{FF393560-C2A7-11CF-BFF4-444553540000} /*History*/%SystemRoot%\System32\shdocvw.dll = %SystemRoot%\System32\shdocvw.dll
@{7BD29E00-76C1-11CF-9DD0-00A0C9034933} /*Temporary Internet Files*/%SystemRoot%\System32\shdocvw.dll = %SystemRoot%\System32\shdocvw.dll
@{7BD29E01-76C1-11CF-9DD0-00A0C9034933} /*Temporary Internet Files*/%SystemRoot%\System32\shdocvw.dll = %SystemRoot%\System32\shdocvw.dll
@{CFBFAE00-17A6-11D0-99CB-00C04FD64497} /*Microsoft Url Search Hook*/%SystemRoot%\System32\shdocvw.dll = %SystemRoot%\System32\shdocvw.dll
@{A2B0DD40-CC59-11d0-A3A5-00C04FD706EC} /*IE4 Suite Splash Screen*/%SystemRoot%\System32\shdocvw.dll = %SystemRoot%\System32\shdocvw.dll
@{67EA19A0-CCEF-11d0-8024-00C04FD75D13} /*CDF Extension Copy Hook*/%SystemRoot%\System32\shdocvw.dll = %SystemRoot%\System32\shdocvw.dll
@{131A6951-7F78-11D0-A979-00C04FD705A2} /*ISFBand OC*/%SystemRoot%\System32\shdocvw.dll = %SystemRoot%\System32\shdocvw.dll
@{9461b922-3c5a-11d2-bf8b-00c04fb93661} /*Search Assistant OC*/%SystemRoot%\System32\shdocvw.dll = %SystemRoot%\System32\shdocvw.dll
@{3DC7A020-0ACD-11CF-A9BB-00AA004AE837} /*The Internet*/%SystemRoot%\System32\shdocvw.dll = %SystemRoot%\System32\shdocvw.dll
@{871C5380-42A0-1069-A2EA-08002B30309D} /*Internet Name Space*/%SystemRoot%\System32\shdocvw.dll = %SystemRoot%\System32\shdocvw.dll
@{EFA24E64-B078-11d0-89E4-00C04FC9E26E} /*Explorer Band*/%SystemRoot%\System32\shdocvw.dll = %SystemRoot%\System32\shdocvw.dll
@{9E56BE60-C50F-11CF-9A2C-00A0C90A90CE} /*Sendmail service*/C:\WINDOWS\System32\sendmail.dll = C:\WINDOWS\System32\sendmail.dll
@{9E56BE61-C50F-11CF-9A2C-00A0C90A90CE} /*Sendmail service*/C:\WINDOWS\System32\sendmail.dll = C:\WINDOWS\System32\sendmail.dll
@{88C6C381-2E85-11D0-94DE-444553540000} /*ActiveX Cache Folder*/%SystemRoot%\System32\occache.dll = %SystemRoot%\System32\occache.dll
@{E6FB5E20-DE35-11CF-9C87-00AA005127ED} /*WebCheck*/%SystemRoot%\System32\webcheck.dll = %SystemRoot%\System32\webcheck.dll
@{ABBE31D0-6DAE-11D0-BECA-00C04FD940BE} /*Subscription Mgr*/%SystemRoot%\System32\webcheck.dll = %SystemRoot%\System32\webcheck.dll
@{F5175861-2688-11d0-9C5E-00AA00A45957} /*Subscription Folder*/%SystemRoot%\System32\webcheck.dll = %SystemRoot%\System32\webcheck.dll
@{08165EA0-E946-11CF-9C87-00AA005127ED} /*WebCheckWebCrawler*/%SystemRoot%\System32\webcheck.dll = %SystemRoot%\System32\webcheck.dll
@{E3A8BDE6-ABCE-11d0-BC4B-00C04FD929DB} /*WebCheckChannelAgent*/%SystemRoot%\System32\webcheck.dll = %SystemRoot%\System32\webcheck.dll
@{E8BB6DC0-6B4E-11d0-92DB-00A0C90C2BD7} /*TrayAgent*/%SystemRoot%\System32\webcheck.dll = %SystemRoot%\System32\webcheck.dll
@{7D559C10-9FE9-11d0-93F7-00AA0059CE02} /*Code Download Agent*/%SystemRoot%\System32\webcheck.dll = %SystemRoot%\System32\webcheck.dll
@{E6CC6978-6B6E-11D0-BECA-00C04FD940BE} /*ConnectionAgent*/%SystemRoot%\System32\webcheck.dll = %SystemRoot%\System32\webcheck.dll
@{D8BD2030-6FC9-11D0-864F-00AA006809D9} /*PostAgent*/%SystemRoot%\System32\webcheck.dll = %SystemRoot%\System32\webcheck.dll
@{7FC0B86E-5FA7-11d1-BC7C-00C04FD929DB} /*WebCheck SyncMgr Handler*/%SystemRoot%\System32\webcheck.dll = %SystemRoot%\System32\webcheck.dll
@{352EC2B7-8B9A-11D1-B8AE-006008059382} /*Shell Application Manager*/%SystemRoot%\System32\appwiz.cpl = %SystemRoot%\System32\appwiz.cpl
@{0B124F8F-91F0-11D1-B8B5-006008059382} /*Installed Apps Enumerator*/%SystemRoot%\System32\appwiz.cpl = %SystemRoot%\System32\appwiz.cpl
@{CFCCC7A0-A282-11D1-9082-006008059382} /*Darwin App Publisher*/%SystemRoot%\System32\appwiz.cpl = %SystemRoot%\System32\appwiz.cpl
@{e84fda7c-1d6a-45f6-b725-cb260c236066} /*Shell Image Verbs*/%SystemRoot%\system32\shimgvw.dll = %SystemRoot%\system32\shimgvw.dll
@{66e4e4fb-f385-4dd0-8d74-a2efd1bc6178} /*Shell Image Data Factory*/%SystemRoot%\system32\shimgvw.dll = %SystemRoot%\system32\shimgvw.dll
@{3F30C968-480A-4C6C-862D-EFC0897BB84B} /*GDI+ file thumbnail extractor*/C:\WINDOWS\system32\shimgvw.dll = C:\WINDOWS\system32\shimgvw.dll
@{9DBD2C50-62AD-11d0-B806-00C04FD706EC} /*Summary Info Thumbnail handler (DOCFILES)*/C:\WINDOWS\system32\shimgvw.dll = C:\WINDOWS\system32\shimgvw.dll
@{EAB841A0-9550-11cf-8C16-00805F1408F3} /*HTML Thumbnail Extractor*/C:\WINDOWS\system32\shimgvw.dll = C:\WINDOWS\system32\shimgvw.dll
@{eb9b1153-3b57-4e68-959a-a3266bc3d7fe} /*Shell Image Property Handler*/%SystemRoot%\system32\shimgvw.dll = %SystemRoot%\system32\shimgvw.dll
@{CC6EEFFB-43F6-46c5-9619-51D571967F7D} /*Web Publishing Wizard*/%SystemRoot%\System32\netplwiz.dll = %SystemRoot%\System32\netplwiz.dll
@{add36aa8-751a-4579-a266-d66f5202ccbb} /*Print Ordering via the Web*/%SystemRoot%\System32\netplwiz.dll = %SystemRoot%\System32\netplwiz.dll
@{6b33163c-76a5-4b6c-bf21-45de9cd503a1} /*Shell Publishing Wizard Object*/%SystemRoot%\System32\netplwiz.dll = %SystemRoot%\System32\netplwiz.dll
@{58f1f272-9240-4f51-b6d4-fd63d1618591} /*Get a Passport Wizard*/%SystemRoot%\System32\netplwiz.dll = %SystemRoot%\System32\netplwiz.dll
@{7A9D77BD-5403-11d2-8785-2E0420524153} /*User Accounts*/(null) =
@{E88DCCE0-B7B3-11d1-A9F0-00AA0060FA31} /*Compressed (zipped) Folder*/%SystemRoot%\System32\zipfldr.dll = %SystemRoot%\System32\zipfldr.dll
@{BD472F60-27FA-11cf-B8B4-444553540000} /*Compressed (zipped) Folder Right Drag Handler*/%SystemRoot%\System32\zipfldr.dll = %SystemRoot%\System32\zipfldr.dll
@{888DCA60-FC0A-11CF-8F0F-00C04FD7D062} /*Compressed (zipped) Folder SendTo Target*/%SystemRoot%\System32\zipfldr.dll = %SystemRoot%\System32\zipfldr.dll
@{f39a0dc0-9cc8-11d0-a599-00c04fd64433} /*Channel File*/%SystemRoot%\System32\cdfview.dll = %SystemRoot%\System32\cdfview.dll
@{f3aa0dc0-9cc8-11d0-a599-00c04fd64434} /*Channel Shortcut*/%SystemRoot%\System32\cdfview.dll = %SystemRoot%\System32\cdfview.dll
@{f3ba0dc0-9cc8-11d0-a599-00c04fd64435} /*Channel Handler Object*/%SystemRoot%\System32\cdfview.dll = %SystemRoot%\System32\cdfview.dll
@{f3da0dc0-9cc8-11d0-a599-00c04fd64437} /*Channel Menu*/%SystemRoot%\System32\cdfview.dll = %SystemRoot%\System32\cdfview.dll
@{f3ea0dc0-9cc8-11d0-a599-00c04fd64438} /*Channel Properties*/%SystemRoot%\System32\cdfview.dll = %SystemRoot%\System32\cdfview.dll
@{63da6ec0-2e98-11cf-8d82-444553540000} /*FTP Folders Webview*/C:\WINDOWS\System32\msieftp.dll = C:\WINDOWS\System32\msieftp.dll
@{883373C3-BF89-11D1-BE35-080036B11A03} /*Microsoft DocProp Shell Ext*/C:\WINDOWS\System32\docprop2.dll = C:\WINDOWS\System32\docprop2.dll
@{A9CF0EAE-901A-4739-A481-E35B73E47F6D} /*Microsoft DocProp Inplace Edit Box Control*/C:\WINDOWS\System32\docprop2.dll = C:\WINDOWS\System32\docprop2.dll
@{8EE97210-FD1F-4B19-91DA-67914005F020} /*Microsoft DocProp Inplace ML Edit Box Control*/C:\WINDOWS\System32\docprop2.dll = C:\WINDOWS\System32\docprop2.dll
@{0EEA25CC-4362-4A12-850B-86EE61B0D3EB} /*Microsoft DocProp Inplace Droplist Combo Control*/C:\WINDOWS\System32\docprop2.dll = C:\WINDOWS\System32\docprop2.dll
@{6A205B57-2567-4A2C-B881-F787FAB579A3} /*Microsoft DocProp Inplace Calendar Control*/C:\WINDOWS\System32\docprop2.dll = C:\WINDOWS\System32\docprop2.dll
@{28F8A4AC-BBB3-4D9B-B177-82BFC914FA33} /*Microsoft DocProp Inplace Time Control*/C:\WINDOWS\System32\docprop2.dll = C:\WINDOWS\System32\docprop2.dll
@{8A23E65E-31C2-11d0-891C-00A024AB2DBB} /*Directory Query UI*/%SystemRoot%\System32\dsquery.dll = %SystemRoot%\System32\dsquery.dll
@{9E51E0D0-6E0F-11d2-9601-00C04FA31A86} /*Shell properties for a DS object*/%SystemRoot%\System32\dsquery.dll = %SystemRoot%\System32\dsquery.dll
@{163FDC20-2ABC-11d0-88F0-00A024AB2DBB} /*Directory Object Find*/%SystemRoot%\System32\dsquery.dll = %SystemRoot%\System32\dsquery.dll
@{F020E586-5264-11d1-A532-0000F8757D7E} /*Directory Start/Search Find*/%SystemRoot%\System32\dsquery.dll = %SystemRoot%\System32\dsquery.dll
@{0D45D530-764B-11d0-A1CA-00AA00C16E65} /*Directory Property UI*/%SystemRoot%\System32\dsuiext.dll = %SystemRoot%\System32\dsuiext.dll
@{62AE1F9A-126A-11D0-A14B-0800361B1103} /*Directory Context Menu Verbs*/%SystemRoot%\System32\dsuiext.dll = %SystemRoot%\System32\dsuiext.dll
@{ECF03A33-103D-11d2-854D-006008059367} /*MyDocs Copy Hook*/%SystemRoot%\System32\mydocs.dll = %SystemRoot%\System32\mydocs.dll
@{ECF03A32-103D-11d2-854D-006008059367} /*MyDocs Drop Target*/%SystemRoot%\System32\mydocs.dll = %SystemRoot%\System32\mydocs.dll
@{4a7ded0a-ad25-11d0-98a8-0800361b1103} /*MyDocs Properties*/%SystemRoot%\System32\mydocs.dll = %SystemRoot%\System32\mydocs.dll
@{750fdf0e-2a26-11d1-a3ea-080036587f03} /*Offline Files Menu*/%SystemRoot%\System32\cscui.dll = %SystemRoot%\System32\cscui.dll
@{10CFC467-4392-11d2-8DB4-00C04FA31A66} /*Offline Files Folder Options*/%SystemRoot%\System32\cscui.dll = %SystemRoot%\System32\cscui.dll
@{AFDB1F70-2A4C-11d2-9039-00C04F8EEB3E} /*Offline Files Folder*/%SystemRoot%\System32\cscui.dll = %SystemRoot%\System32\cscui.dll
@{143A62C8-C33B-11D1-84FE-00C04FA34A14} /*Microsoft Agent Character Property Sheet Handler*/C:\WINDOWS\msagent\agentpsh.dll = C:\WINDOWS\msagent\agentpsh.dll
@{ECCDF543-45CC-11CE-B9BF-0080C87CDBA6} /*DfsShell*/C:\WINDOWS\System32\dfsshlex.dll = C:\WINDOWS\System32\dfsshlex.dll
@{60fd46de-f830-4894-a628-6fa81bc0190d} /*%DESC_PublishDropTarget%*/%SystemRoot%\System32\photowiz.dll = %SystemRoot%\System32\photowiz.dll
@{7A80E4A8-8005-11D2-BCF8-00C04F72C717} /*MMC Icon Handler*/%SystemRoot%\System32\mmcshext.dll = %SystemRoot%\System32\mmcshext.dll
@{0CD7A5C0-9F37-11CE-AE65-08002B2E1262} /*.CAB file viewer*/cabview.dll = cabview.dll
@{32714800-2E5F-11d0-8B85-00AA0044F941} /*For &People...*/C:\Program Files\Outlook Express\wabfind.dll = C:\Program Files\Outlook Express\wabfind.dll
@{8DD448E6-C188-4aed-AF92-44956194EB1F} /*Windows Media Player Play as Playlist Context Menu Handler*/C:\WINDOWS\System32\wmpshell.dll = C:\WINDOWS\System32\wmpshell.dll
@{CE3FB1D1-02AE-4a5f-A6E9-D9F1B4073E6C} /*Windows Media Player Burn Audio CD Context Menu Handler*/C:\WINDOWS\System32\wmpshell.dll = C:\WINDOWS\System32\wmpshell.dll
@{F1B9284F-E9DC-4e68-9D7E-42362A59F0FD} /*Windows Media Player Add to Playlist Context Menu Handler*/C:\WINDOWS\System32\wmpshell.dll = C:\WINDOWS\System32\wmpshell.dll
@{BDEADF00-C265-11D0-BCED-00A0C90AB50F} /*Web Folders*/C:\PROGRA~1\COMMON~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL = C:\PROGRA~1\COMMON~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL
@{00020D75-0000-0000-C000-000000000046} /*Microsoft Office Outlook Desktop Icon Handler*/C:\PROGRA~1\MICROS~2\OFFICE11\MLSHEXT.DLL = C:\PROGRA~1\MICROS~2\OFFICE11\MLSHEXT.DLL
@{0006F045-0000-0000-C000-000000000046} /*Microsoft Office Outlook Custom Icon Handler*/C:\PROGRA~1\MICROS~2\OFFICE11\OLKFSTUB.DLL = C:\PROGRA~1\MICROS~2\OFFICE11\OLKFSTUB.DLL
@{42042206-2D85-11D3-8CFF-005004838597} /*Microsoft Office HTML Icon Handler*/C:\Program Files\Microsoft Office\OFFICE11\msohev.dll = C:\Program Files\Microsoft Office\OFFICE11\msohev.dll
@{D25B2CAB-8A9A-4517-A9B2-CB5F68A5A802} /*Adobe.Acrobat.ContextMenu*/C:\Program Files\Adobe\Acrobat 6.0\Acrobat Elements\ContextMenu.dll = C:\Program Files\Adobe\Acrobat 6.0\Acrobat Elements\ContextMenu.dll
@{E0D79304-84BE-11CE-9641-444553540000} /*WinZip*/C:\PROGRA~1\WINZIP\WZSHLSTB.DLL = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL
@{E0D79305-84BE-11CE-9641-444553540000} /*WinZip*/C:\PROGRA~1\WINZIP\WZSHLSTB.DLL = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL
@{E0D79306-84BE-11CE-9641-444553540000} /*WinZip*/C:\PROGRA~1\WINZIP\WZSHLSTB.DLL = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL
@{E0D79307-84BE-11CE-9641-444553540000} /*WinZip*/C:\PROGRA~1\WINZIP\WZSHLSTB.DLL = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL
@{9F97547E-4609-42C5-AE0C-81C61FFAEBC3} /*AVG7 Shell Extension*/C:\Program Files\Grisoft\AVG Free\avgse.dll = C:\Program Files\Grisoft\AVG Free\avgse.dll
@{9F97547E-460A-42C5-AE0C-81C61FFAEBC3} /*AVG7 Find Extension*/C:\Program Files\Grisoft\AVG Free\avgse.dll = C:\Program Files\Grisoft\AVG Free\avgse.dll
@{B41DB860-8EE4-11D2-9906-E49FADC173CA} /*WinRAR shell extension*/C:\Program Files\WinRAR\rarext.dll = C:\Program Files\WinRAR\rarext.dll
@{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4} /*Shell Extensions for RealOne Player*/C:\Program Files\Real\RealPlayer\rpshell.dll = C:\Program Files\Real\RealPlayer\rpshell.dll
@{8F2357C8-6CFC-43E0-9EF2-7129F1DE6CAC} /*ERCUTIL Menu Extension*/C:\PROGRA~1\EASYRE~1\ERCUtil.dll = C:\PROGRA~1\EASYRE~1\ERCUtil.dll
@{A70C977A-BF00-412C-90B7-034C51DA2439} /*NvCpl DesktopContext Class*/C:\WINDOWS\System32\nvcpl.dll = C:\WINDOWS\System32\nvcpl.dll
@{FFB699E0-306A-11d3-8BD1-00104B6F7516} /*Play on my TV helper*/C:\WINDOWS\System32\nvcpl.dll = C:\WINDOWS\System32\nvcpl.dll
@{1CDB2949-8F65-4355-8456-263E7C208A5D} /*Desktop Explorer*/C:\WINDOWS\System32\nvshell.dll = C:\WINDOWS\System32\nvshell.dll
@{1E9B04FB-F9E5-4718-997B-B8DA88302A47} /*Desktop Explorer Menu*/C:\WINDOWS\System32\nvshell.dll = C:\WINDOWS\System32\nvshell.dll
@{1E9B04FB-F9E5-4718-997B-B8DA88302A48} /*nView Desktop Context Menu*/C:\WINDOWS\System32\nvshell.dll = C:\WINDOWS\System32\nvshell.dll
HKLM\Software\Classes\*\shellex\ContextMenuHandlers\ >>>
Adobe.Acrobat.ContextMenu@{D25B2CAB-8A9A-4517-A9B2-CB5F68A5A802} = C:\Program Files\Adobe\Acrobat 6.0\Acrobat Elements\ContextMenu.dll
AVG7 Shell Extension@{9F97547E-4609-42C5-AE0C-81C61FFAEBC3} = C:\Program Files\Grisoft\AVG Free\avgse.dll
ERCUTIL@{8F2357C8-6CFC-43E0-9EF2-7129F1DE6CAC} = C:\PROGRA~1\EASYRE~1\ERCUtil.dll
Offline Files@{750fdf0e-2a26-11d1-a3ea-080036587f03} = %SystemRoot%\System32\cscui.dll
Open With@{09799AFB-AD67-11d1-ABCD-00C04FC30936} = %SystemRoot%\system32\SHELL32.dll
Open With EncryptionMenu@{A470F8CF-A1E8-4f65-8335-227475AA5C46} = %SystemRoot%\system32\SHELL32.dll
WinRAR@{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Program Files\WinRAR\rarext.dll
WinZip@{E0D79304-84BE-11CE-9641-444553540000} = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL
HKLM\Software\Classes\*\shellex\ContextMenuHandlers@{a2a9545d-a0c2-42b4-9708-a0b2badd77c8} = %SystemRoot%\system32\SHELL32.dll
HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\ >>>
EncryptionMenu@{A470F8CF-A1E8-4f65-8335-227475AA5C46} = %SystemRoot%\system32\SHELL32.dll
Offline Files@{750fdf0e-2a26-11d1-a3ea-080036587f03} = %SystemRoot%\System32\cscui.dll
Sharing@{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6} = ntshrui.dll
WinRAR@{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Program Files\WinRAR\rarext.dll
WinZip@{E0D79304-84BE-11CE-9641-444553540000} = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL
HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\ >>>
AVG7 Shell Extension@{9F97547E-4609-42C5-AE0C-81C61FFAEBC3} = C:\Program Files\Grisoft\AVG Free\avgse.dll
WinRAR@{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Program Files\WinRAR\rarext.dll
WinZip@{E0D79304-84BE-11CE-9641-444553540000} = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects >>>
@{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll = C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
@{29C88E20-4234-41B9-A9DB-982958C95FB1}C:\Program Files\PimpFish\PimpFish.dll = C:\Program Files\PimpFish\PimpFish.dll
@{53707962-6F74-2D53-2644-206D7942484F}C:\Program Files\Spybot - Search & Destroy\SDHelper.dll = C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
@{75B1A646-CDCE-4C06-B52F-84F4463B4FC8}C:\Program Files\PimpFish\FloatBar.dll = C:\Program Files\PimpFish\FloatBar.dll
@{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll = C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
@{AA58ED58-01DD-4d91-8333-CF10577473F7}c:\program files\google\googletoolbar3.dll = c:\program files\google\googletoolbar3.dll
@{AE7CD045-E861-484f-8273-0445EE161910}C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll = C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
HKLM\Software\Microsoft\Internet Explorer\Plugins\Extension\ >>>
.mp3@Location = C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll
.mpeg@Location = C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll
HKLM\Software\Microsoft\Internet Explorer\Main >>>
@Default_Page_URLhttp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome = microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
@Start Pagehttp://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home = microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
@Local Page%SystemRoot%\system32\blank.htm = %SystemRoot%\system32\blank.htm
HKCU\Software\Microsoft\Internet Explorer\Main >>>
@Start Pagehttp://www.harisdzinovic.com/ = harisdzinovic.com/
@Local PageC:\WINDOWS\System32\blank.htm = C:\WINDOWS\System32\blank.htm
HKLM\Software\Classes\PROTOCOLS\Filter\ >>>
Class Install Handler@CLSID = C:\WINDOWS\system32\urlmon.dll
deflate@CLSID = C:\WINDOWS\system32\urlmon.dll
gzip@CLSID = C:\WINDOWS\system32\urlmon.dll
lzdhtml@CLSID = C:\WINDOWS\system32\urlmon.dll
text/webviewhtml@CLSID = %SystemRoot%\system32\SHELL32.dll
text/xml@CLSID = C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL
HKLM\Software\Classes\PROTOCOLS\Handler\ >>>
about@CLSID = %SystemRoot%\System32\mshtml.dll
cdl@CLSID = C:\WINDOWS\system32\urlmon.dll
dvd@CLSID = C:\WINDOWS\System32\msvidctl.dll
file@CLSID = C:\WINDOWS\system32\urlmon.dll
ftp@CLSID = C:\WINDOWS\system32\urlmon.dll
gopher@CLSID = C:\WINDOWS\system32\urlmon.dll
http@CLSID = C:\WINDOWS\system32\urlmon.dll
https@CLSID = C:\WINDOWS\system32\urlmon.dll
its@CLSID = C:\WINDOWS\System32\itss.dll
javascript@CLSID = %SystemRoot%\System32\mshtml.dll
lid@CLSID = C:\WINDOWS\System32\msvidctl.dll
local@CLSID = C:\WINDOWS\system32\urlmon.dll
mailto@CLSID = %SystemRoot%\System32\mshtml.dll
mhtml@CLSID = %SystemRoot%\System32\inetcomm.dll
mk@CLSID = C:\WINDOWS\system32\urlmon.dll
ms-its@CLSID = C:\WINDOWS\System32\itss.dll
ms-itss@CLSID = C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL
mso-offdap@CLSID = C:\PROGRA~1\COMMON~1\MICROS~1\WEBCOM~1\10\OWC10.DLL
mso-offdap11@CLSID = C:\PROGRA~1\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL
res@CLSID = %SystemRoot%\System32\mshtml.dll
sysimage@CLSID = %SystemRoot%\System32\mshtml.dll
tv@CLSID = C:\WINDOWS\System32\msvidctl.dll
vbscript@CLSID = %SystemRoot%\System32\mshtml.dll
vnd.ms.radio@CLSID = C:\WINDOWS\System32\msdxm.ocx
wia@CLSID = C:\WINDOWS\System32\wiascr.dll
HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters@Domain =
HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ >>>
000000000001@LibraryPath = %SystemRoot%\System32\mswsock.dll
000000000002@LibraryPath = %SystemRoot%\System32\winrnr.dll
000000000003@LibraryPath = %SystemRoot%\System32\mswsock.dll
HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\ >>>
000000000001@PackedCatalogItem = %SystemRoot%\system32\mswsock.dll
000000000002@PackedCatalogItem = %SystemRoot%\system32\mswsock.dll
000000000003@PackedCatalogItem = %SystemRoot%\system32\mswsock.dll
000000000004@PackedCatalogItem = %SystemRoot%\system32\rsvpsp.dll
000000000005@PackedCatalogItem = %SystemRoot%\system32\rsvpsp.dll
000000000006@PackedCatalogItem = %SystemRoot%\system32\mswsock.dll
000000000007@PackedCatalogItem = %SystemRoot%\system32\mswsock.dll
000000000008@PackedCatalogItem = %SystemRoot%\system32\mswsock.dll
000000000009@PackedCatalogItem = %SystemRoot%\system32\mswsock.dll
000000000010@PackedCatalogItem = %SystemRoot%\system32\mswsock.dll
000000000011@PackedCatalogItem = %SystemRoot%\system32\mswsock.dll
000000000012@PackedCatalogItem = %SystemRoot%\system32\mswsock.dll
000000000013@PackedCatalogItem = %SystemRoot%\system32\mswsock.dll
000000000014@PackedCatalogItem = %SystemRoot%\system32\mswsock.dll
000000000015@PackedCatalogItem = %SystemRoot%\system32\mswsock.dll
000000000016@PackedCatalogItem = %SystemRoot%\system32\mswsock.dll
000000000017@PackedCatalogItem = %SystemRoot%\system32\mswsock.dll
000000000018@PackedCatalogItem = %SystemRoot%\system32\mswsock.dll
HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000019@PackedCatalogItem = %SystemRoot%\system32\mswsock.dll
---- EOF - GMER 1.0.12 ----
|
|
|
|
|
|
|
Poslao: 21 Feb 2007 11:31
|
offline
- bobby
- Administrator
- Pridružio: 04 Sep 2003
- Poruke: 24135
- Gde živiš: Wien
|
Log je cist, izgleda da HJT kod tebe daje lose rezultate.
Trazeci informacije o drajveru sptd.sys (deo Daemon Toolsa) naleteo sam na par diskusija u kojima se isto spominju problemi sa restartovanjima.
Moj savet je da deinstaliras Daemon Tools, i da obavezno instaliras SP2 za Windows.
Javljam se ponovo kada stignu rezultati za onej YuMP3com. Antivirus program F-Prot ga detektuje uz pomoc heuristike, pa smo cimnuli coveka u toj firmi da proveri da li je lazna uzbuna ili je stvarno maliciozan.
Dopuna: 21 Feb 2007 11:31
Iz F-Prota su mi javili da je onaj fajl OK, i da je to bio login manager za neki MP3 dajt koji vise ne postoji. Posto sajt ne postoji vise, mozemo taj program i da uklonimo sa kompa.
Pogledaj da li mozes da ga nadjes u Add/Remove Programs i da ga deinstaliras. Ukoliko ne mozes, onda cemo to preko HJT-a da ucinimo.
|
|
|
|
|
|
|
Poslao: 21 Feb 2007 23:29
|
offline
- skadarlija
- Novi MyCity građanin
- Pridružio: 20 Feb 2007
- Poruke: 10
|
Hvala na pomoci do sada. Bicemo na vezi.
Ja se preko tog programa i sada logujem na jedan sajt sa domacom mp3 muzikom (da ih ne reklamiram ovde koji su) i jedino mi kada je on aktivan daje pristup sekciji za download gde u free verziji mogu da skinem dve pesme na dan... a kako imaju dobar izbor to mi se ponekad itekako isplati...
Praticemo razvoj situacije.
Ja sam nocas skinula najnoviji paket drivera za moju NVidiu i instalirala ih... i danas sam usla normalno u win i nije se gasio evo ceo dan.
Znam da nije pitanje za ovu temu ali ako uklonim Deamona koji program je OK za podizanje virtuelnih drajvova. Za vecinu igara to je jedini nacin da se igraju. Deamon mi se cinio jednostavnijim od Alkohola... mada ga ja licno ne volim i ko sto rekaoh nemam poverenja u bilo koji program koji nesto simulira i pravi neku vestacku situaciju na racunaru jer mi on uglavnom sluzi za rad ali ponekad se treba opustiti uz neku dobru avanturu...
|
|
|
|
|
|
|
Poslao: 21 Feb 2007 23:37
|
offline
- bobby
- Administrator
- Pridružio: 04 Sep 2003
- Poruke: 24135
- Gde živiš: Wien
|
Nazalost oko Daemona ja ne mogu da ti pomognem (ima vec 5 godina kako nisam igrao ni jednu igricu). Problem sa njim je sto presrece jako puno poziva sistemu, ne bi li prevario one silne zastite koje postoje na igricama. Najmanja nestabilnost u njegovom drajveru (ugradjuje se kao drajver) destabilizuje ceo sistem. Drajveri su direktno vezani za kernel (jezgro sistema) i daleko vise uticu na stabilnost od bilo kog servisa ili programa/igrice.
Sto se drajvera za graficku tice, i za njega vazi isto: los drajver = nestabilan sistem.
Temu cu temu sada zakljucati, posto smo utvrdili da je komp cist sto se tice malwarea.
Nemoj zaboraviti da instaliras SP2 za Windows (najbolje je to uraditi nakon sveze instalacije windowsa, ili integrisati SP2 na sam instalacioni CD).
|
|
|
|
|
|
