Minggu, 19 April 2009

Virus Osint

Nick2642008-11-30, 19:16Here's the Fresh HJT Log as Requested. I will post the other log in a moment-----------------------------------------------Logfile of Trend Micro HijackThis v2.0.2Scan saved at 1:15:35 PM, on 11/30/2008Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16735)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\ZoneLabs\vsmon.exeC:\Program Files\Alwil Software\Avast4\aswUpdSv.exeC:\Program Files\Alwil Software\Avast4\ashServ.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeC:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exeC:\Program Files\Bonjour\mDNSResponder.exeC:\WINDOWS\eHome\ehRecvr.exeC:\WINDOWS\eHome\ehSched.exeC:\Program Files\Java\jre6\bin\jqs.exeC:\Program Files\CyberLink\Shared Files\RichVideo.exeC:\Program Files\Trend Micro\RUBotted\TMRUBotted.exeC:\Program Files\Dell Support Center\bin\sprtsvc.exec:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Viewpoint\Common\ViewpointService.exeC:\WINDOWS\system32\SearchIndexer.exeC:\Program Files\Alwil Software\Avast4\ashMaiSv.exeC:\Program Files\Alwil Software\Avast4\ashWebSv.exeC:\WINDOWS\system32\dllhost.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\ehome\ehtray.exeC:\WINDOWS\eHome\ehmsas.exeC:\WINDOWS\stsystra.exeC:\Program Files\Dell Support Center\bin\sprtcmd.exeC:\Program Files\Microsoft IntelliType Pro\itype.exeC:\Program Files\Microsoft IntelliPoint\ipoint.exeC:\Program Files\Trend Micro\RUBotted\TMRUBottedTray.exeC:\Program Files\iTunes\iTunesHelper.exeC:\Program Files\Common Files\Real\Update_OB\realsched.exeC:\Program Files\Microsoft Office\Office12\GrooveMonitor.exeC:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exeC:\Program Files\TrojanHunter 5.0\THGuard.exeC:\Program Files\Microsoft IntelliPoint\dpupdchk.exeC:\Program Files\Zone Labs\ZoneAlarm\zlclient.exeC:\Program Files\Java\jre6\bin\jusched.exeC:\WINDOWS\system32\ctfmon.exeC:\Program Files\TomTom HOME 2\HOMERunner.exeC:\Program Files\Messenger\msmsgs.exeC:\Program Files\Windows Desktop Search\WindowsSearch.exeC:\Program Files\iPod\bin\iPodService.exeC:\Program Files\Mozilla Firefox\firefox.exeC:\Program Files\Trend Micro\HijackThis\HijackThis.exeC:\WINDOWS\system32\ZoneLabs\UpdClient.exeR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.nasa.govR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dllO2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dllO2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dllO2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dllO2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dllO2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dllO2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dllO2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dllO2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dllO2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dllO2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dllO2 - BHO: MSN Toolbar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN\Toolbar\3.0.0315.0\msneshellx.dllO2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dllO2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dllO3 - Toolbar: Yahoo! ¤u¨ã¦C - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dllO3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dllO3 - Toolbar: MSN Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:\Program Files\MSN\Toolbar\3.0.0315.0\msneshellx.dllO3 - Toolbar: AIM Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dllO3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dllO4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exeO4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exeO4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenterO4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"O4 - HKLM\..\Run: [UpdatePPShortCut] "C:\Program Files\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\PowerProducer" update "Software\CyberLink\PowerProducer\4.0"O4 - HKLM\..\Run: [itype] "C:\Program Files\Microsoft IntelliType Pro\itype.exe"O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"O4 - HKLM\..\Run: [TMRUBottedTray] "C:\Program Files\Trend Micro\RUBotted\TMRUBottedTray.exe"O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottimeO4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exeO4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osbootO4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exeO4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 5.0\THGuard.exe"O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exeO4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenterO4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\HOMERunner.exe"O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /backgroundO4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM')O4 - HKUS\.DEFAULT\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'Default user')O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exeO8 - Extra context menu item: &AIM Search - c:\program files\aol\aim toolbar 5.0\resources\en-US\local\search.htmlO8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htmO8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspxO9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dllO9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dllO9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dllO9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dllO9 - Extra button: AIM Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dllO9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dllO9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLLO9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dllO9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dllO9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exeO9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exeO9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dllO16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase6662.cabO16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cabO16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1212618016890O16 - DPF: {B7D07999-2ADB-4AEB-997E-F61CB7B2E2CD} (TSEasyInstallX Control) - http://www.trendsecure.com/easy_install/_activex/en-US/TSEasyInstallX.CABO18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dllO20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dllO23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeO23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exeO23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exeO23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exeO23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exeO23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exeO23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exeO23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exeO23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exeO23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exeO23 - Service: lxci_device - - C:\WINDOWS\system32\lxcicoms.exeO23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exeO23 - Service: Trend Micro RUBotted Service (RUBotted) - Trend Micro Inc. - C:\Program Files\Trend Micro\RUBotted\TMRUBotted.exeO23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exeO23 - Service: Symantec RemoteAssist - Symantec, Inc. - C:\Program Files\Common Files\Symantec Shared\Support Controls\ssrc.exeO23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exeO23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe--End of file - 13181 bytesNick2642008-11-30, 19:38Here's the other post as requested:GMER 1.0.14.14536 - http://www.gmer.netRootkit scan 2008-11-30 13:37:53Windows 5.1.2600 Service Pack 3---- System - GMER 1.0.14 ----SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwClose [0xEB030604]SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwConnectPort [0xED907040]SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwCreateFile [0xED903930]SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwCreateKey [0xEB0304C0]SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwCreatePort [0xED907510]SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwCreateProcess [0xED90D870]SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwCreateProcessEx [0xED90DAA0]SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwCreateSection [0xED910FD0]SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwCreateWaitablePort [0xED907600]SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwDeleteFile [0xED903F20]SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwDeleteKey [0xED90F6E0]SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDeleteValueKey [0xEB03099E]SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwDuplicateObject [0xED90D580]SSDT spyo.sys ZwEnumerateKey [0xF72F2CA2]SSDT spyo.sys ZwEnumerateValueKey [0xF72F3030]SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwLoadKey [0xED90F8B0]SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwOpenFile [0xED903D70]SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenKey [0xEB03059A]SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwOpenProcess [0xED90D350]SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwOpenThread [0xED90D150]SSDT spyo.sys ZwQueryKey [0xF72F3108]SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwQueryValueKey [0xEB0306BA]SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwRenameKey [0xED910250]SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwReplaceKey [0xED90FCB0]SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwRequestWaitReplyPort [0xED906C00]SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwRestoreKey [0xEB03067A]SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwSecureConnectPort [0xED907220]SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwSetInformationFile [0xED904120]SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwSetValueKey [0xEB0307FA]SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwTerminateProcess [0xED90DCD0]INT 0x62 ? 86F65BF8INT 0x63 ? 86FD7BF8INT 0x84 ? 86FD6BF8INT 0x94 ? 86FD6BF8INT 0xA4 ? 86FD6BF8INT 0xB4 ? 86FD6BF8---- Kernel code sections - GMER 1.0.14 ----.text ntkrnlpa.exe!ZwCallbackReturn + 2C7C 80504518 12 Bytes [ 10, 75, 90, ED, 70, D8, 90, ... ]? spyo.sys The system cannot find the file specified. !? srescan.sys The system cannot find the file specified. !.text USBPORT.SYS!DllUnload F60138AC 5 Bytes JMP 86FD61D8 ---- User code sections - GMER 1.0.14 ----.text C:\WINDOWS\system32\SearchIndexer.exe[2176] kernel32.dll!WriteFile 7C810E17 7 Bytes JMP 00585C0C C:\WINDOWS\system32\MSSRCH.DLL (mssrch.dll/Microsoft Corporation)---- Kernel IAT/EAT - GMER 1.0.14 ----IAT atapi.sys[HAL.dll!READ_PORT_UCHAR] [F72D6040] spyo.sysIAT atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT] [F72D613C] spyo.sysIAT atapi.sys[HAL.dll!READ_PORT_USHORT] [F72D60BE] spyo.sysIAT atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT] [F72D67FC] spyo.sysIAT atapi.sys[HAL.dll!WRITE_PORT_UCHAR] [F72D66D2] spyo.sysIAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisRegisterProtocol] [ED90BCA0] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisOpenAdapter] [ED90C1C0] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisCloseAdapter] [ED90C320] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisDeregisterProtocol] [ED90BE10] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisDeregisterProtocol] [ED90BE10] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisRegisterProtocol] [ED90BCA0] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisOpenAdapter] [ED90C1C0] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisCloseAdapter] [ED90C320] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisRegisterProtocol] [ED90BCA0] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisDeregisterProtocol] [ED90BE10] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisCloseAdapter] [ED90C320] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisOpenAdapter] [ED90C1C0] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisCloseAdapter] [ED90C320] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisOpenAdapter] [ED90C1C0] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisRegisterProtocol] [ED90BCA0] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisDeregisterProtocol] [ED90BE10] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisRegisterProtocol] [ED90BCA0] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisOpenAdapter] [ED90C1C0] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisCloseAdapter] [ED90C320] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisRegisterProtocol] [ED90BCA0] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisDeregisterProtocol] [ED90BE10] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisCloseAdapter] [ED90C320] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisOpenAdapter] [ED90C1C0] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)---- User IAT/EAT - GMER 1.0.14 ----IAT C:\WINDOWS\system32\services.exe[1072] @ C:\WINDOWS\system32\services.exe [ADVAPI32.dll!CreateProcessAsUserW] 00380002IAT C:\WINDOWS\system32\services.exe[1072] @ C:\WINDOWS\system32\services.exe [KERNEL32.dll!CreateProcessW] 00380000---- Devices - GMER 1.0.14 ----Device \FileSystem\Ntfs \Ntfs 86FD51F8AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/ALWIL Software)Device \Driver\Tcpip \Device\Ip vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)Device \Driver\usbehci \Device\USBPDO-0 864C51F8Device \Driver\usbuhci \Device\USBPDO-1 865631F8Device \Driver\dmio \Device\DmControl\DmIoDaemon 86F661F8Device \Driver\dmio \Device\DmControl\DmConfig 86F661F8Device \Driver\dmio \Device\DmControl\DmPnP 86F661F8Device \Driver\dmio \Device\DmControl\DmInfo 86F661F8Device \Driver\NetBT \Device\NetBT_Tcpip_{5726A844-B0D2-4A53-870A-0224830B2368} 8636F500Device \Driver\usbuhci \Device\USBPDO-2 865631F8Device \Driver\usbuhci \Device\USBPDO-3 865631F8Device \Driver\usbuhci \Device\USBPDO-4 865631F8Device \Driver\Tcpip \Device\Tcp vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)Device \Driver\Ftdisk \Device\HarddiskVolume1 86FD81F8Device \Driver\Ftdisk \Device\HarddiskVolume2 86FD81F8Device \Driver\Cdrom \Device\CdRom0 8645B1F8Device \Driver\usbstor \Device\00000072 85D701F8Device \Driver\Cdrom \Device\CdRom1 8645B1F8Device \Driver\usbstor \Device\00000073 85D701F8Device \Driver\Ftdisk \Device\HarddiskVolume3 86FD81F8Device \Driver\usbstor \Device\00000074 85D701F8Device \Driver\usbstor \Device\00000075 85D701F8Device \Driver\NetBT \Device\NetBt_Wins_Export 8636F500Device \Driver\NetBT \Device\NetbiosSmb 8636F500Device \Driver\Tcpip \Device\Udp vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)Device \Driver\Tcpip \Device\RawIp vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)Device \Driver\usbstor \Device\0000006b 85D701F8Device \Driver\usbuhci \Device\USBFDO-0 865631F8Device \Driver\usbuhci \Device\USBFDO-1 865631F8Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 864371F8Device \Driver\usbuhci \Device\USBFDO-2 865631F8Device \Driver\Tcpip \Device\IPMULTICAST vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)Device \FileSystem\MRxSmb \Device\LanmanRedirector 864371F8Device \Driver\usbuhci \Device\USBFDO-3 865631F8Device \Driver\usbehci \Device\USBFDO-4 864C51F8Device \Driver\Ftdisk \Device\FtControl 86FD81F8Device \FileSystem\Fastfat \Fat 85B33500Device \FileSystem\Fastfat \Fat B7A1C297AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)AttachedDevice \FileSystem\Fastfat \Fat aswMon2.SYS (avast! File System Filter Driver for Windows XP/ALWIL Software)Device \FileSystem\Cdfs \Cdfs 85C021F8---- Registry - GMER 1.0.14 ----Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x9E 0x78 0x4F 0x8D ...Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x9E 0x78 0x4F 0x8D ...Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x9E 0x78 0x4F 0x8D ...Reg HKLM\SOFTWARE\Classes\.gba@ gba_auto_fileReg HKLM\SOFTWARE\Classes\.IMG@ IMG_auto_fileReg HKLM\SOFTWARE\Classes\.srf\PersistentHandler@ {eec97550-47a9-11cf-b952-00aa0051fe20}Reg HKLM\SOFTWARE\Classes\.svg@ SafariHTMLReg HKLM\SOFTWARE\Classes\.ThrillvilleSaveGame@ ThrillvilleSaveGameTypeReg HKLM\SOFTWARE\Classes\.ThrillvilleSaveGame\ShellEx Reg HKLM\SOFTWARE\Classes\.ThrillvilleSaveGame\ShellEx\{BB2E617C-0920-11d1-9A0B-00C04FC2D6C1} Reg HKLM\SOFTWARE\Classes\.ThrillvilleSaveGame\ShellEx\{BB2E617C-0920-11d1-9A0B-00C04FC2D6C1}@ {4E5BFBF8-F59A-4e87-9805-1F9B42CC254A}Reg HKLM\SOFTWARE\Classes\ciplImageList.cipllImageList@ ciplImageList.cipllImageListReg HKLM\SOFTWARE\Classes\ciplImageList.cipllImageList\Clsid Reg HKLM\SOFTWARE\Classes\ciplImageList.cipllImageList\Clsid@ {2B0E4DA3-A9B4-470F-A419-020192F5648D}Reg HKLM\SOFTWARE\Classes\ciplLbar6.ciplListBar@ ciplLbar6.ciplListBarReg HKLM\SOFTWARE\Classes\ciplLbar6.ciplListBar\Clsid Reg HKLM\SOFTWARE\Classes\ciplLbar6.ciplListBar\Clsid@ {904AD4B2-FC80-4ADF-9D92-D7FFA7948E08}Reg HKLM\SOFTWARE\Classes\ciplLbar6.cListBar@ ciplLbar6.cListBarReg HKLM\SOFTWARE\Classes\ciplLbar6.cListBar\Clsid Reg HKLM\SOFTWARE\Classes\ciplLbar6.cListBar\Clsid@ {379ACD52-7B83-4C0A-9FD4-08D6AFA83CB5}Reg HKLM\SOFTWARE\Classes\ciplLbar6.cListBarItem@ ciplLbar6.cListBarItemReg HKLM\SOFTWARE\Classes\ciplLbar6.cListBarItem\Clsid Reg HKLM\SOFTWARE\Classes\ciplLbar6.cListBarItem\Clsid@ {0FEA2009-3E60-4913-A0D0-1483AF32464C}Reg HKLM\SOFTWARE\Classes\ciplLbar6.cListBarItems@ ciplLbar6.cListBarItemsReg HKLM\SOFTWARE\Classes\ciplLbar6.cListBarItems\Clsid Reg HKLM\SOFTWARE\Classes\ciplLbar6.cListBarItems\Clsid@ {E56836F1-D03C-4540-8F6E-859DFBF7611C}Reg HKLM\SOFTWARE\Classes\ciplLbar6.cListBars@ ciplLbar6.cListBarsReg HKLM\SOFTWARE\Classes\ciplLbar6.cListBars\Clsid Reg HKLM\SOFTWARE\Classes\ciplLbar6.cListBars\Clsid@ {7D776CDE-61FC-4347-9CF7-FB6F1F5658E2}Reg HKLM\SOFTWARE\Classes\ciplLbar6.CTimer@ ciplLbar6.CTimerReg HKLM\SOFTWARE\Classes\ciplLbar6.CTimer\Clsid Reg HKLM\SOFTWARE\Classes\ciplLbar6.CTimer\Clsid@ {E4CCF4DB-3A24-437F-9354-CC61D4658280}Reg HKLM\SOFTWARE\Classes\ciplLbar6.GSubclass@ ciplLbar6.GSubclassReg HKLM\SOFTWARE\Classes\ciplLbar6.GSubclass\Clsid Reg HKLM\SOFTWARE\Classes\ciplLbar6.GSubclass\Clsid@ {37E556FB-6ADA-444D-82B3-E4A763B194E4}Reg HKLM\SOFTWARE\Classes\ciplLbar6.ISubclass@ ciplLbar6.ISubclassReg HKLM\SOFTWARE\Classes\ciplLbar6.ISubclass\Clsid Reg HKLM\SOFTWARE\Classes\ciplLbar6.ISubclass\Clsid@ {BC92CF16-4A2C-49DD-8B82-E4CC68938E9D}Reg HKLM\SOFTWARE\Classes\gba_auto_file@ Reg HKLM\SOFTWARE\Classes\gba_auto_file\shell Reg HKLM\SOFTWARE\Classes\gba_auto_file\shell\Read Reg HKLM\SOFTWARE\Classes\gba_auto_file\shell\Read\command Reg HKLM\SOFTWARE\Classes\gba_auto_file\shell\Read\command@ "C:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32.exe" "%1"Reg HKLM\SOFTWARE\Classes\GOPHER\DefaultIcon Reg HKLM\SOFTWARE\Classes\GOPHER\DefaultIcon@ C:\PROGRA~1\FLOCK\FLOCK\FLOCK.EXE,1Reg HKLM\SOFTWARE\Classes\GOPHER\shell Reg HKLM\SOFTWARE\Classes\GOPHER\shell\open Reg HKLM\SOFTWARE\Classes\GOPHER\shell\open\command Reg HKLM\SOFTWARE\Classes\GOPHER\shell\open\command@ C:\PROGRA~1\FLOCK\FLOCK\FLOCK.EXE -requestPending -osint -url "%1"Reg HKLM\SOFTWARE\Classes\GOPHER\shell\open\ddeexec Reg HKLM\SOFTWARE\Classes\GOPHER\shell\open\ddeexec@ Reg HKLM\SOFTWARE\Classes\GOPHER\shell\open\ddeexec\Application Reg HKLM\SOFTWARE\Classes\GOPHER\shell\open\ddeexec\Application@ FlockReg HKLM\SOFTWARE\Classes\GOPHER\shell\open\ddeexec\Topic Reg HKLM\SOFTWARE\Classes\GOPHER\shell\open\ddeexec\Topic@ WWW_OpenURLReg HKLM\SOFTWARE\Classes\IMG_auto_file@ Reg HKLM\SOFTWARE\Classes\IMG_auto_file\shell Reg HKLM\SOFTWARE\Classes\IMG_auto_file\shell\Play Reg HKLM\SOFTWARE\Classes\IMG_auto_file\shell\Play@ Play with VLCReg HKLM\SOFTWARE\Classes\IMG_auto_file\shell\Play\command Reg HKLM\SOFTWARE\Classes\IMG_auto_file\shell\Play\command@ C:\Program Files\VideoLAN\VLC\vlc.exe --started-from-file "%1"Reg HKLM\SOFTWARE\Classes\TabDlg.SSTab@ Microsoft Tabbed Dialog Control 6.0 (SP6)Reg HKLM\SOFTWARE\Classes\TabDlg.SSTab\CLSID Reg HKLM\SOFTWARE\Classes\TabDlg.SSTab\CLSID@ {BDC217C5-ED16-11CD-956C-0000C04E4C0A}Reg HKLM\SOFTWARE\Classes\TabDlg.SSTab\CurVer Reg HKLM\SOFTWARE\Classes\TabDlg.SSTab\CurVer@ TabDlg.SSTab.1Reg HKLM\SOFTWARE\Classes\TabDlg.SSTab.1@ Microsoft Tabbed Dialog Control 6.0 (SP6)Reg HKLM\SOFTWARE\Classes\TabDlg.SSTab.1\CLSID Reg HKLM\SOFTWARE\Classes\TabDlg.SSTab.1\CLSID@ {BDC217C5-ED16-11CD-956C-0000C04E4C0A}Reg HKLM\SOFTWARE\Classes\ThrillvilleSaveGameType@PreviewTitle prop:System.Game.RichSaveName;System.Game.RichApplicationNameReg HKLM\SOFTWARE\Classes\ThrillvilleSaveGameType@PreviewDetails prop:System.Game.RichLevel;System.DateChanged;System.Game.RichComment;System.DisplayName;System.DisplayTypeReg HKLM\SOFTWARE\Classes\ThrillvilleSaveGameType\Shell Reg HKLM\SOFTWARE\Classes\ThrillvilleSaveGameType\Shell\Open Reg HKLM\SOFTWARE\Classes\ThrillvilleSaveGameType\Shell\Open\Command Reg HKLM\SOFTWARE\Classes\ThrillvilleSaveGameType\Shell\Open\Command@ C:\Documents and Settings\Malik & Jamal\Application Data\LucasArts\Thrillville Off The Rails Demo\Thrillville07Demo.exe --workingdir "C:\Documents and Settings\Malik & Jamal\Application Data\LucasArts\Thrillville Off The Rails Demo" --loadfile "%1"Reg HKLM\SOFTWARE\Classes\WebKit.CFDictionaryPropertyBag.3@ CFDictionaryPropertyBagReg HKLM\SOFTWARE\Classes\WebKit.CFDictionaryPropertyBag.3\CLSID Reg HKLM\SOFTWARE\Classes\WebKit.CFDictionaryPropertyBag.3\CLSID@ {DD653964-4D37-4FB2-9CB6-6A9A97719332}Reg HKLM\SOFTWARE\Classes\WebKit.WebCache.3@ WebCacheReg HKLM\SOFTWARE\Classes\WebKit.WebCache.3\CLSID Reg HKLM\SOFTWARE\Classes\WebKit.WebCache.3\CLSID@ {F71071FD-A51B-4B69-9EB6-44374405E80C}Reg HKLM\SOFTWARE\Classes\WebKit.WebDatabaseManager.3@ WebDatabaseManagerReg HKLM\SOFTWARE\Classes\WebKit.WebDatabaseManager.3\CLSID Reg HKLM\SOFTWARE\Classes\WebKit.WebDatabaseManager.3\CLSID@ {C2A1BFC2-1E7C-49FE-8592-D0C7FB440BC0}Reg HKLM\SOFTWARE\Classes\WebKit.WebDownload.3@ WebDownloadReg HKLM\SOFTWARE\Classes\WebKit.WebDownload.3\CLSID Reg HKLM\SOFTWARE\Classes\WebKit.WebDownload.3\CLSID@ {C0F98BD9-3B1C-413D-904A-E2D1453EAF1F}Reg HKLM\SOFTWARE\Classes\WebKit.WebError.3@ WebErrorReg HKLM\SOFTWARE\Classes\WebKit.WebError.3\CLSID Reg HKLM\SOFTWARE\Classes\WebKit.WebError.3\CLSID@ {6C6AF3F9-36B4-4BF7-8BDE-74DCD4AD75A4}Reg HKLM\SOFTWARE\Classes\WebKit.WebHistory.3@ WebHistoryReg HKLM\SOFTWARE\Classes\WebKit.WebHistory.3\CLSID Reg HKLM\SOFTWARE\Classes\WebKit.WebHistory.3\CLSID@ {A4B9B45D-949F-4C8C-9B92-6FBFCC1CAAA2}Reg HKLM\SOFTWARE\Classes\WebKit.WebHistoryItem.3@ WebHistoryItemReg HKLM\SOFTWARE\Classes\WebKit.WebHistoryItem.3\CLSID Reg HKLM\SOFTWARE\Classes\WebKit.WebHistoryItem.3\CLSID@ {6BE190E9-1725-4E4A-88DB-6A9FE242C9E5}Reg HKLM\SOFTWARE\Classes\WebKit.WebIconDatabase.3@ WebIconDatabaseReg HKLM\SOFTWARE\Classes\WebKit.WebIconDatabase.3\CLSID Reg HKLM\SOFTWARE\Classes\WebKit.WebIconDatabase.3\CLSID@ {66827EC1-3AEF-4241-BAC5-F776B44F030F}Reg HKLM\SOFTWARE\Classes\WebKit.WebJavaScriptCollector.3@ WebJavaScriptCollectorReg HKLM\SOFTWARE\Classes\WebKit.WebJavaScriptCollector.3\CLSID Reg HKLM\SOFTWARE\Classes\WebKit.WebJavaScriptCollector.3\CLSID@ {1820D883-42FE-4B78-88C8-5456BB19D224}Reg HKLM\SOFTWARE\Classes\WebKit.WebKitStatistics.3@ WebKitStatisticsReg HKLM\SOFTWARE\Classes\WebKit.WebKitStatistics.3\CLSID Reg HKLM\SOFTWARE\Classes\WebKit.WebKitStatistics.3\CLSID@ {E93AA8D7-F362-4A4A-A95D-325906BEB5F0}Reg HKLM\SOFTWARE\Classes\WebKit.WebMutableURLRequest.3@ WebMutableURLRequestReg HKLM\SOFTWARE\Classes\WebKit.WebMutableURLRequest.3\CLSID Reg HKLM\SOFTWARE\Classes\WebKit.WebMutableURLRequest.3\CLSID@ {A062ECC3-BB1B-4694-A569-F59E0AD6BE0C}Reg HKLM\SOFTWARE\Classes\WebKit.WebNotificationCenter.3@ WebNotificationCenterReg HKLM\SOFTWARE\Classes\WebKit.WebNotificationCenter.3\CLSID Reg HKLM\SOFTWARE\Classes\WebKit.WebNotificationCenter.3\CLSID@ {BA590766-0A6F-46C7-B96E-743490D94CB7}Reg HKLM\SOFTWARE\Classes\WebKit.WebPreferences.3@ WebPreferencesReg HKLM\SOFTWARE\Classes\WebKit.WebPreferences.3\CLSID Reg HKLM\SOFTWARE\Classes\WebKit.WebPreferences.3\CLSID@ {67B89F90-F778-438B-ABBF-34D1ACBF8651}Reg HKLM\SOFTWARE\Classes\WebKit.WebScriptDebugServer.3@ WebScriptDebugServerReg HKLM\SOFTWARE\Classes\WebKit.WebScriptDebugServer.3\CLSID Reg HKLM\SOFTWARE\Classes\WebKit.WebScriptDebugServer.3\CLSID@ {715636C4-59E7-4B85-BBC5-B555888787D7}Reg HKLM\SOFTWARE\Classes\WebKit.WebScrollBar.3@ WebScrollBarReg HKLM\SOFTWARE\Classes\WebKit.WebScrollBar.3\CLSID Reg HKLM\SOFTWARE\Classes\WebKit.WebScrollBar.3\CLSID@ {24A53AD5-AA9F-44E6-AA22-2C7C250B661A}Reg HKLM\SOFTWARE\Classes\WebKit.WebTextRenderer.3@ WebTextRendererReg HKLM\SOFTWARE\Classes\WebKit.WebTextRenderer.3\CLSID Reg HKLM\SOFTWARE\Classes\WebKit.WebTextRenderer.3\CLSID@ {24040CD6-AFF4-4A51-9C8B-71539580EE76}Reg HKLM\SOFTWARE\Classes\WebKit.WebURLCredential.3@ WebURLCredentialReg HKLM\SOFTWARE\Classes\WebKit.WebURLCredential.3\CLSID Reg HKLM\SOFTWARE\Classes\WebKit.WebURLCredential.3\CLSID@ {7433F53B-7FE9-484A-9432-72909457A646}Reg HKLM\SOFTWARE\Classes\WebKit.WebURLProtectionSpace.3@ WebURLProtectionSpaceReg HKLM\SOFTWARE\Classes\WebKit.WebURLProtectionSpace.3\CLSID Reg HKLM\SOFTWARE\Classes\WebKit.WebURLProtectionSpace.3\CLSID@ {F366A6E8-E43C-4FD4-AAB0-8E6E79C73E6E}Reg HKLM\SOFTWARE\Classes\WebKit.WebURLRequest.3@ WebURLRequestReg HKLM\SOFTWARE\Classes\WebKit.WebURLRequest.3\CLSID Reg HKLM\SOFTWARE\Classes\WebKit.WebURLRequest.3\CLSID@ {2FB5499A-BB5D-4469-8517-789FEC8FD9BA}Reg HKLM\SOFTWARE\Classes\WebKit.WebURLResponse.3@ WebURLResponseReg HKLM\SOFTWARE\Classes\WebKit.WebURLResponse.3\CLSID Reg HKLM\SOFTWARE\Classes\WebKit.WebURLResponse.3\CLSID@ {AB201196-8DD2-4D45-AEBD-029B6A37AA27}Reg HKLM\SOFTWARE\Classes\WebKit.WebView.3@ WebViewReg HKLM\SOFTWARE\Classes\WebKit.WebView.3\CLSID Reg HKLM\SOFTWARE\Classes\WebKit.WebView.3\CLSID@ {D6BCA079-F61C-4E1E-B453-32A0477D02E3}Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{AAAE602F-C19A-BF58-FB4A-B7FB6AF25C49} Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{AAAE602F-C19A-BF58-FB4A-B7FB6AF25C49}@haofbfcbfofpeika 0x6B 0x61 0x64 0x64 ...Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{AAAE602F-C19A-BF58-FB4A-B7FB6AF25C49}@haabdeocncfckdbe 0x6E 0x62 0x62 0x68 ...Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{AAAE602F-C19A-BF58-FB4A-B7FB6AF25C49}@haabdeociekahmij 0x6D 0x61 0x65 0x64 ...Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{AAAE602F-C19A-BF58-FB4A-B7FB6AF25C49}@iaegfdlcfdpbkjgcin 0x6B 0x61 0x64 0x64 ...

Berita Terkait



Tidak ada komentar:

Posting Komentar