
[b]SDFix: Version 1.237 [/b]
Run by viktor on 2008-10-23 at 22:08

Microsoft Windows XP [ 5.1.2600]
Running From: C:\SDFix

[b]Checking Services [/b]:


Restoring Default Security Values
Restoring Default Hosts File

Rebooting


[b]Checking Files [/b]: 

No Trojan Files Found






Removing Temp Files

[b]ADS Check [/b]:
 


                                 [b]Final Check [/b]:

catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-23 22:22:12
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

IPC error: 2     .
scanning hidden services & system hive ...

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SysmonLog\Log Queries\{8cea385d-8ea5-4673-9c2d-0790cdee69b2}]
"\32\4>\4A\0042\0045\4=\4=\4K\49\4 ?:\4>\4<\4<\0045\4=\4B\0040\4@\48\49\4"="@C:\WINDOWS\system32\smlogcfg.dll,-735"
"\20\4B\4@\48\0041\4C\4B\4K\4 ?E\4@\0040\4=\0045\4=\48\4O\4 ?4\0040\4=\4=\4K\4E\4"=dword:00000021
"\32\4>\4A\0042\0045\4=\4=\4>\0045\4 ?8\4<\4O\4 ?D\0040\49\4;\0040\4 ?6\4C\4@\4=\0040\4;\0040\4 ?1\0040\0047\4K\4 ?4\0040\4=\4=\4K\4E\4"="@C:\WINDOWS\system32\smlogcfg.dll,-744"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\Descriptions]
"\34\48\4=\48\4?\4>\4@\4B\4 ?W?A?N? ?(?L?2?T?P?)?"=str(7):"1\0"
"\34\48\4=\48\4?\4>\4@\4B\4 ?W?A?N? ?(?P?P?T?P?)?"=str(7):"1\0"
"\34\48\4=\48\4?\4>\4@\4B\4 ?W?A?N? ?(?P?P?P?o?E?)?"=str(7):"1\0"
"\37\4@\4O\4<\4>\49\4 ??\0040\4@\0040\4;\4;\0045\4;\4L\4=\4K\49\4 ??\4>\4@\4B\4"=str(7):"1\0"
"\34\48\4=\48\4?\4>\4@\4B\4 ?W?A?N? ?(?I?P?)?"=str(7):"1\0"
"\34\48\4=\48\4?\4>\4@\4B\4 ??\4;\0040\4=\48\4@\4>\0042\4I\48\4:\0040\4 ??\0040\4:\0045\4B\4>\0042\4"=str(7):"1\0002\0003\0004\0"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SysmonLog\Log Queries\{8cea385d-8ea5-4673-9c2d-0790cdee69b2}]
"\32\4>\4A\0042\0045\4=\4=\4K\49\4 ?:\4>\4<\4<\0045\4=\4B\0040\4@\48\49\4"="@C:\WINDOWS\system32\smlogcfg.dll,-735"
"\20\4B\4@\48\0041\4C\4B\4K\4 ?E\4@\0040\4=\0045\4=\48\4O\4 ?4\0040\4=\4=\4K\4E\4"=dword:00000021
"\32\4>\4A\0042\0045\4=\4=\4>\0045\4 ?8\4<\4O\4 ?D\0040\49\4;\0040\4 ?6\4C\4@\4=\0040\4;\0040\4 ?1\0040\0047\4K\4 ?4\0040\4=\4=\4K\4E\4"="@C:\WINDOWS\system32\smlogcfg.dll,-744"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\Descriptions]
"\34\48\4=\48\4?\4>\4@\4B\4 ?W?A?N? ?(?L?2?T?P?)?"=str(7):"1\0"
"\34\48\4=\48\4?\4>\4@\4B\4 ?W?A?N? ?(?P?P?T?P?)?"=str(7):"1\0"
"\34\48\4=\48\4?\4>\4@\4B\4 ?W?A?N? ?(?P?P?P?o?E?)?"=str(7):"1\0"
"\37\4@\4O\4<\4>\49\4 ??\0040\4@\0040\4;\4;\0045\4;\4L\4=\4K\49\4 ??\4>\4@\4B\4"=str(7):"1\0"
"\34\48\4=\48\4?\4>\4@\4B\4 ?W?A?N? ?(?I?P?)?"=str(7):"1\0"
"\34\48\4=\48\4?\4>\4@\4B\4 ??\4;\0040\4=\48\4@\4>\0042\4I\48\4:\0040\4 ??\0040\4:\0045\4B\4>\0042\4"=str(7):"1\0002\0003\0004\0"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\SysmonLog\Log Queries\{8cea385d-8ea5-4673-9c2d-0790cdee69b2}]
"\32\4>\4A\0042\0045\4=\4=\4K\49\4 ?:\4>\4<\4<\0045\4=\4B\0040\4@\48\49\4"="@C:\WINDOWS\system32\smlogcfg.dll,-735"
"\20\4B\4@\48\0041\4C\4B\4K\4 ?E\4@\0040\4=\0045\4=\48\4O\4 ?4\0040\4=\4=\4K\4E\4"=dword:00000021
"\32\4>\4A\0042\0045\4=\4=\4>\0045\4 ?8\4<\4O\4 ?D\0040\49\4;\0040\4 ?6\4C\4@\4=\0040\4;\0040\4 ?1\0040\0047\4K\4 ?4\0040\4=\4=\4K\4E\4"="@C:\WINDOWS\system32\smlogcfg.dll,-744"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet005\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\Descriptions]
"\34\48\4=\48\4?\4>\4@\4B\4 ?W?A?N? ?(?L?2?T?P?)?"=str(7):"1\0"
"\34\48\4=\48\4?\4>\4@\4B\4 ?W?A?N? ?(?P?P?T?P?)?"=str(7):"1\0"
"\34\48\4=\48\4?\4>\4@\4B\4 ?W?A?N? ?(?P?P?P?o?E?)?"=str(7):"1\0"
"\37\4@\4O\4<\4>\49\4 ??\0040\4@\0040\4;\4;\0045\4;\4L\4=\4K\49\4 ??\4>\4@\4B\4"=str(7):"1\0"
"\34\48\4=\48\4?\4>\4@\4B\4 ?W?A?N? ?(?I?P?)?"=str(7):"1\0"
"\34\48\4=\48\4?\4>\4@\4B\4 ??\4;\0040\4=\48\4@\4>\0042\4I\48\4:\0040\4 ??\0040\4:\0045\4B\4>\0042\4"=str(7):"1\0002\0003\0004\0"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet005\Services\SysmonLog\Log Queries\{8cea385d-8ea5-4673-9c2d-0790cdee69b2}]
"\32\4>\4A\0042\0045\4=\4=\4K\49\4 ?:\4>\4<\4<\0045\4=\4B\0040\4@\48\49\4"="@C:\WINDOWS\system32\smlogcfg.dll,-735"
"\20\4B\4@\48\0041\4C\4B\4K\4 ?E\4@\0040\4=\0045\4=\48\4O\4 ?4\0040\4=\4=\4K\4E\4"=dword:00000021
"\32\4>\4A\0042\0045\4=\4=\4>\0045\4 ?8\4<\4O\4 ?D\0040\49\4;\0040\4 ?6\4C\4@\4=\0040\4;\0040\4 ?1\0040\0047\4K\4 ?4\0040\4=\4=\4K\4E\4"="@C:\WINDOWS\system32\smlogcfg.dll,-744"

scanning hidden registry entries ...

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Control Panel\Cursors\Schemes]
"!\4B\0040\4=\0044\0040\4@\4B\4=\0040\4O\4 ?W?i?n?d?o?w?s?"="",,,,,,,,,,,,,""
"\37\4>\0044\0042\48\0046\4=\0040\4O\4 ?W?i?n?d?o?w?s?"=""C:\WINDOWS\Cursors\rainbow.ani,,C:\WINDOWS\Cursors\appstart.ani,C:\WINDOWS\Cursors\hourglas.ani,C:\WINDOWS\Cursors\cross.cur,,,,C:\WINDOWS\Cursors\sizens.ani,C:\WINDOWS\Cursors\sizewe.ani,C:\WINDOWS\Cursors\sizenwse.ani,C:\WINDOWS\Cursors\sizenesw.ani,,""
"\36\0041\4J\0045\4<\4=\0040\4O\4 ?1\0045\4;\0040\4O\4"=""C:\WINDOWS\Cursors\3dwarro.cur,,C:\WINDOWS\Cursors\appstar3.ani,C:\WINDOWS\Cursors\hourgla3.ani,C:\WINDOWS\Cursors\cross.cur,,,C:\WINDOWS\Cursors\3dwno.cur,C:\WINDOWS\Cursors\3dwns.cur,C:\WINDOWS\Cursors\3dwwe.cur,C:\WINDOWS\Cursors\3dwnwse.cur,C:\WINDOWS\Cursors\3dwnesw.cur,C:\WINDOWS\Cursors\3dwmove.cur,""
" \4C\4:\48\4 ?1?"=""C:\WINDOWS\Cursors\harrow.cur,,C:\WINDOWS\Cursors\handapst.ani,C:\WINDOWS\Cursors\hand.ani,C:\WINDOWS\Cursors\hcross.cur,C:\WINDOWS\Cursors\hibeam.cur,,C:\WINDOWS\Cursors\hnodrop.cur,C:\WINDOWS\Cursors\hns.cur,C:\WINDOWS\Cursors\hwe.cur,C:\WINDOWS\Cursors\hnwse.cur,C:\WINDOWS\Cursors\hnesw.cur,C:\WINDOWS\Cursors\hmove.cur,""
" \4C\4:\48\4 ?2?"=""C:\WINDOWS\Cursors\harrow.cur,,C:\WINDOWS\Cursors\handapst.ani,C:\WINDOWS\Cursors\handwait.ani,C:\WINDOWS\Cursors\hcross.cur,C:\WINDOWS\Cursors\hibeam.cur,,C:\WINDOWS\Cursors\handno.ani,C:\WINDOWS\Cursors\handns.ani,C:\WINDOWS\Cursors\handwe.ani,C:\WINDOWS\Cursors\handnwse.ani,C:\WINDOWS\Cursors\handnesw.ani,C:\WINDOWS\Cursors\hmove.cur,""
"\24\48\4=\4>\0047\0040\0042\4@\4"=""C:\WINDOWS\Cursors\3dgarro.cur,,C:\WINDOWS\Cursors\dinosaur.ani,C:\WINDOWS\Cursors\dinosau2.ani,C:\WINDOWS\Cursors\cross.cur,,,C:\WINDOWS\Cursors\banana.ani,C:\WINDOWS\Cursors\3dsns.cur,C:\WINDOWS\Cursors\3dgwe.cur,C:\WINDOWS\Cursors\3dsnwse.cur,C:\WINDOWS\Cursors\3dgnesw.cur,C:\WINDOWS\Cursors\3dsmove.cur,""
"\22\4 ?A\4B\0040\4@\4>\4<\4 ?A\4B\48\4;\0045\4"=""C:\WINDOWS\Cursors\harrow.cur,,C:\WINDOWS\Cursors\horse.ani,C:\WINDOWS\Cursors\barber.ani,C:\WINDOWS\Cursors\hcross.cur,C:\WINDOWS\Cursors\hibeam.cur,,C:\WINDOWS\Cursors\coin.ani,C:\WINDOWS\Cursors\3dgns.cur,C:\WINDOWS\Cursors\3dgwe.cur,C:\WINDOWS\Cursors\3dgnwse.cur,C:\WINDOWS\Cursors\3dgnesw.cur,C:\WINDOWS\Cursors\3dgmove.cur,""
"\24\48\4@\48\0046\0045\4@\4"=""C:\WINDOWS\Cursors\harrow.cur,,C:\WINDOWS\Cursors\drum.ani,C:\WINDOWS\Cursors\metronom.ani,C:\WINDOWS\Cursors\hcross.cur,C:\WINDOWS\Cursors\hibeam.cur,,C:\WINDOWS\Cursors\piano.ani,C:\WINDOWS\Cursors\hns.cur,C:\WINDOWS\Cursors\hwe.cur,C:\WINDOWS\Cursors\hnwse.cur,C:\WINDOWS\Cursors\hnesw.cur,C:\WINDOWS\Cursors\hmove.cur,""
"#\0042\0045\4;\48\4G\0045\4=\4=\0040\4O\4"=""C:\WINDOWS\Cursors\larrow.cur,,C:\WINDOWS\Cursors\lappstrt.cur,C:\WINDOWS\Cursors\lwait.cur,C:\WINDOWS\Cursors\lcross.cur,C:\WINDOWS\Cursors\libeam.cur,,C:\WINDOWS\Cursors\lnodrop.cur,C:\WINDOWS\Cursors\lns.cur,C:\WINDOWS\Cursors\lwe.cur,C:\WINDOWS\Cursors\lnwse.cur,C:\WINDOWS\Cursors\lnesw.cur,C:\WINDOWS\Cursors\lmove.cur,""
"\22\0040\4@\48\0040\4F\48\48\4"=""C:\WINDOWS\Cursors\fillitup.ani,,C:\WINDOWS\Cursors\raindrop.ani,C:\WINDOWS\Cursors\counter.ani,C:\WINDOWS\Cursors\cross.cur,,,C:\WINDOWS\Cursors\wagtail.ani,C:\WINDOWS\Cursors\sizens.ani,C:\WINDOWS\Cursors\sizewe.ani,C:\WINDOWS\Cursors\sizenwse.ani,C:\WINDOWS\Cursors\sizenesw.ani,""
"\36\0041\4J\0045\4<\4=\0040\4O\4 ?1\4@\4>\4=\0047\4>\0042\0040\4O\4"=""C:\WINDOWS\Cursors\3dgarro.cur,,C:\WINDOWS\Cursors\appstar2.ani,C:\WINDOWS\Cursors\hourgla2.ani,C:\WINDOWS\Cursors\cross.cur,,,C:\WINDOWS\Cursors\3dgno.cur,C:\WINDOWS\Cursors\3dgns.cur,C:\WINDOWS\Cursors\3dgwe.cur,C:\WINDOWS\Cursors\3dgnwse.cur,C:\WINDOWS\Cursors\3dgnesw.cur,C:\WINDOWS\Cursors\3dgmove.cur,""
"'\0045\4@\4=\0040\4O\4 ?"="C:\WINDOWS\cursors\arrow_r.cur,C:\WINDOWS\cursors\help_r.cur,C:\WINDOWS\cursors\wait_r.cur,C:\WINDOWS\cursors\busy_r.cur,C:\WINDOWS\cursors\cross_r.cur,C:\WINDOWS\cursors\beam_r.cur,C:\WINDOWS\cursors\pen_r.cur,C:\WINDOWS\cursors\no_r.cur,C:\WINDOWS\cursors\size4_r.cur,C:\WINDOWS\cursors\size3_r.cur,C:\WINDOWS\cursors\size2_r.cur,C:\WINDOWS\cursors\size1_r.cur,C:\WINDOWS\cursors\move_r.cur,C:\WINDOWS\cursors\up_r.cur"
"'\0045\4@\4=\0040\4O\4 ?(?:\4@\4C\4?\4=\0040\4O\4)?"="C:\WINDOWS\cursors\arrow_rm.cur,C:\WINDOWS\cursors\help_rm.cur,C:\WINDOWS\cursors\wait_rm.cur,C:\WINDOWS\cursors\busy_rm.cur,C:\WINDOWS\cursors\cross_rm.cur,C:\WINDOWS\cursors\beam_rm.cur,C:\WINDOWS\cursors\pen_rm.cur,C:\WINDOWS\cursors\no_rm.cur,C:\WINDOWS\cursors\size4_rm.cur,C:\WINDOWS\cursors\size3_rm.cur,C:\WINDOWS\cursors\size2_rm.cur,C:\WINDOWS\cursors\size1_rm.cur,C:\WINDOWS\cursors\move_rm.cur,C:\WINDOWS\cursors\up_rm.cur"
"'\0045\4@\4=\0040\4O\4 ?(?>\0043\4@\4>\4<\4=\0040\4O\4)?"="C:\WINDOWS\cursors\arrow_rl.cur,C:\WINDOWS\cursors\help_rl.cur,C:\WINDOWS\cursors\wait_rl.cur,C:\WINDOWS\cursors\busy_rl.cur,C:\WINDOWS\cursors\cross_rl.cur,C:\WINDOWS\cursors\beam_rl.cur,C:\WINDOWS\cursors\pen_rl.cur,C:\WINDOWS\cursors\no_rl.cur,C:\WINDOWS\cursors\size4_rl.cur,C:\WINDOWS\cursors\size3_rl.cur,C:\WINDOWS\cursors\size2_rl.cur,C:\WINDOWS\cursors\size1_rl.cur,C:\WINDOWS\cursors\move_rl.cur,C:\WINDOWS\cursors\up_rl.cur"
"\30\4=\0042\0045\4@\4A\4=\0040\4O\4"="C:\WINDOWS\cursors\arrow_i.cur,C:\WINDOWS\cursors\help_i.cur,C:\WINDOWS\cursors\wait_i.cur,C:\WINDOWS\cursors\busy_i.cur,C:\WINDOWS\cursors\cross_i.cur,C:\WINDOWS\cursors\beam_i.cur,C:\WINDOWS\cursors\pen_i.cur,C:\WINDOWS\cursors\no_i.cur,C:\WINDOWS\cursors\size4_i.cur,C:\WINDOWS\cursors\size3_i.cur,C:\WINDOWS\cursors\size2_i.cur,C:\WINDOWS\cursors\size1_i.cur,C:\WINDOWS\cursors\move_i.cur,C:\WINDOWS\cursors\up_i.cur"
"\30\4=\0042\0045\4@\4A\4=\0040\4O\4 ?(?:\4@\4C\4?\4=\0040\4O\4)?"="C:\WINDOWS\cursors\arrow_im.cur,C:\WINDOWS\cursors\help_im.cur,C:\WINDOWS\cursors\wait_im.cur,C:\WINDOWS\cursors\busy_im.cur,C:\WINDOWS\cursors\cross_im.cur,C:\WINDOWS\cursors\beam_im.cur,C:\WINDOWS\cursors\pen_im.cur,C:\WINDOWS\cursors\no_im.cur,C:\WINDOWS\cursors\size4_im.cur,C:\WINDOWS\cursors\size3_im.cur,C:\WINDOWS\cursors\size2_im.cur,C:\WINDOWS\cursors\size1_im.cur,C:\WINDOWS\cursors\move_im.cur,C:\WINDOWS\cursors\up_im.cur"
"\30\4=\0042\0045\4@\4A\4=\0040\4O\4 ?(?>\0043\4@\4>\4<\4=\0040\4O\4)?"="C:\WINDOWS\cursors\arrow_il.cur,C:\WINDOWS\cursors\help_il.cur,C:\WINDOWS\cursors\wait_il.cur,C:\WINDOWS\cursors\busy_il.cur,C:\WINDOWS\cursors\cross_il.cur,C:\WINDOWS\cursors\beam_il.cur,C:\WINDOWS\cursors\pen_il.cur,C:\WINDOWS\cursors\no_il.cur,C:\WINDOWS\cursors\size4_il.cur,C:\WINDOWS\cursors\size3_il.cur,C:\WINDOWS\cursors\size2_il.cur,C:\WINDOWS\cursors\size1_il.cur,C:\WINDOWS\cursors\move_il.cur,C:\WINDOWS\cursors\up_il.cur"
"!\4B\0040\4=\0044\0040\4@\4B\4=\0040\4O\4 ?(?:\4@\4C\4?\4=\0040\4O\4)?"="C:\WINDOWS\cursors\arrow_m.cur,C:\WINDOWS\cursors\help_m.cur,C:\WINDOWS\cursors\wait_m.cur,C:\WINDOWS\cursors\busy_m.cur,C:\WINDOWS\cursors\cross_m.cur,C:\WINDOWS\cursors\beam_m.cur,C:\WINDOWS\cursors\pen_m.cur,C:\WINDOWS\cursors\no_m.cur,C:\WINDOWS\cursors\size4_m.cur,C:\WINDOWS\cursors\size3_m.cur,C:\WINDOWS\cursors\size2_m.cur,C:\WINDOWS\cursors\size1_m.cur,C:\WINDOWS\cursors\move_m.cur,C:\WINDOWS\cursors\up_m.cur"
"!\4B\0040\4=\0044\0040\4@\4B\4=\0040\4O\4 ?(?>\0043\4@\4>\4<\4=\0040\4O\4)?"="C:\WINDOWS\cursors\arrow_l.cur,C:\WINDOWS\cursors\help_l.cur,C:\WINDOWS\cursors\wait_l.cur,C:\WINDOWS\cursors\busy_l.cur,C:\WINDOWS\cursors\cross_l.cur,C:\WINDOWS\cursors\beam_l.cur,C:\WINDOWS\cursors\pen_l.cur,C:\WINDOWS\cursors\no_l.cur,C:\WINDOWS\cursors\size4_l.cur,C:\WINDOWS\cursors\size3_l.cur,C:\WINDOWS\cursors\size2_l.cur,C:\WINDOWS\cursors\size1_l.cur,C:\WINDOWS\cursors\move_l.cur,C:\WINDOWS\cursors\up_l.cur"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\System]
"OODEFRAG08.00.00.01WORKSTATION"="50AEA1EFE5FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74C8EDD5E5BE2F6E667A6171C11EC38DE3DFEBC9E127BECC74CA9C6AECB7A5D1407CBD03F8FDA59B9C681B22C42291D1C5A5C8EAE3BE85615C5A3DE0B95904CD09AF15ED34C80D8C8C952D50202BAC243329879D44F6A231FB617DD0AA73F5C6FED99EC5D4910A06A5ABAFD63425B86A131836C2B02083493BBD9C82E7D0210833E419B9EDC228B2AEEEFACF14368762F092767CB9F01E9F6606AC4B28B1DB7BF8C7FCC0D4520F989A6B9267F2B11A2DA1121300A53EAA34753DDB483A82CA5CB82FA28D3224850FD4177711484D99E07412550E9B12DC771E5D946420F1CAFC4EC7018D078ADF4EF2319DB6A3A980589B87815A23087BF5A121A6544E02E31BA39B0CC972EB7D43C562474731FFB712B38F58EA12B0879D770ED44941F780831FD9F396F13A0DDB5083210526981842C270B12865E9468B4C0395B6F32E59620F13414CF56F6851E0870C65D307DE13D8EBBBA27EDE57E31E5F2E0C665B246736F7D58E98B1FC2324B1F74227318B3839B9CE38BDE09B7FDE5255640E772FE0CF899451FABCD909B6B163ADE124C279BA1D82E6F9DDE12C5EC707C354D882F3EB13D5F86948E6EFDA4BBFA86D36BEA11962E00C3779A0F204908DA320EB0CBCF6030EB6A04BF61EC588EDEC26197B4E613EF022E9DC6B11E6D33397A83F6C97F725077491F95F0718C9FD2EB47C93D92D502A207283F87C1724DA6036DBF24FA768CCF567016A70A67158715F74D417F40E090D891B51C021045767471BD596821E909F5E01B1626372770FEC7C1818AD89BC266372E81CAA69D3EAD14FCECDDC980FA4543D44F2C6EA44423F09AC1074951F123DB01CCFAB96ED63FC25AE368ED7C3F124CC46BF21FEC02AB90A0CA38DFBA1C3826DB97E46F63606E4B884B092B9E35DD134206498475E779A7EF6ADB8D220080203F8150133B3B36E20B3032C6B902DF14F8BE6F7949799D9C75F09C6864A50FB900AAF793C80F4320BDA44CA8380A82B066391C81840262B778B11F2C74D326C247B70A8274C476FCCE4033DB947A65AC5D9C763FD789C2288F0777B3D899407291D3AB19B90C665BBE9EB791DFC1593006159BFC09E3ECFC25CD30832CC688E4AE2DF1B0A6D55C7D625C1D1C3D126548D9D19DA6F122452D7A6448C01C705F964473E7C8DD58D48AE59D9BF4676445642787014C7F9FE212A2B030B36AF15A6B4BDC8D83198D820E4508DEB7A8F2E4D9136C3EA532F592E7861C504CEDE541A79025D5A8A135CA7754C688A261BC6AE0123DC28A20855152E0927F1C91AD11F7B307A7A258CEC69A3688AB9B07042995EF3AEFF5F3F3D5D441058ED853EF7AE8AB465E802FA3452F6500CE2A21D22D784B259A8A67A805"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""
"DeviceNotSelectedTimeout"="15"
"GDIProcessHandleQuota"=dword:00002710
"Spooler"="yes"
"swapdisk"=""
"TransmissionRetryTimeout"="90"
"USERProcessHandleQuota"=dword:00002710
source file error: C:\Documents and Settings\viktor\ntuser.dat

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0


[b]Remaining Services [/b]:




Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\WINDOWS\\SMINST\\Scheduler.exe"="C:\\WINDOWS\\SMINST\\Scheduler.exe:*:Enabled:Scheduler "
"G:\\activexdebugger32.exe"="G:\\activexdebugger32.exe:*:Enabled:ipsec"
"C:\\Program Files\\Sony Ericsson\\Mobile2\\Connection Wizard\\ConnectionWizard.exe"="C:\\Program Files\\Sony Ericsson\\Mobile2\\Connection Wizard\\ConnectionWizard.exe:*:Enabled:ipsec"
"C:\\Program Files\\REGSHAVE\\REGSHAVE.EXE"="C:\\Program Files\\REGSHAVE\\REGSHAVE.EXE:*:Enabled:ipsec"
"C:\\Program Files\\FinePixViewer\\QuickDCF.exe"="C:\\Program Files\\FinePixViewer\\QuickDCF.exe:*:Enabled:ipsec"
"C:\\Program Files\\Sony Ericsson\\Mobile2\\Application Launcher\\Application Launcher.exe"="C:\\Program Files\\Sony Ericsson\\Mobile2\\Application Launcher\\Application Launcher.exe:*:Enabled:ipsec"
"C:\\Program Files\\FinePixViewer\\FinePixViewer.exe"="C:\\Program Files\\FinePixViewer\\FinePixViewer.exe:*:Enabled:ipsec"
"C:\\Program Files\\Synaptics\\SynTP\\SynTPEnh.exe"="C:\\Program Files\\Synaptics\\SynTP\\SynTPEnh.exe:*:Enabled:ipsec"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

[b]Remaining Files [/b]:



[b]Files with Hidden Attributes [/b]:


[b]Finished![/b]

