Logfile of The Avenger version 1, by Swandog46 Running from registry key: \Registry\Machine\System\CurrentControlSet\Services\xrjkolle ******************* Script file located at: \??\C:\WINNT\system32\cvfbfaul.txt Script file opened successfully. Script file read successfully Backups directory opened successfully at C:\Avenger ******************* Beginning to process script file: Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\mscnls deleted successfully. Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\mscnls deleted successfully. Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\mscnls not found! Deletion of registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\mscnls failed! Could not process line: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\mscnls Status: 0xc0000034 Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\nsms deleted successfully. Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\nsms deleted successfully. Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\nsms not found! Deletion of registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\nsms failed! Could not process line: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\nsms Status: 0xc0000034 Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_WGAREG\0000 deleted successfully. Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\wgareg deleted successfully. Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_WGAREG\0000 deleted successfully. Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\wgareg deleted successfully. Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_WGAREG\0000 not found! Deletion of registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_WGAREG\0000 failed! Could not process line: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_WGAREG\0000 Status: 0xc0000034 Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wgareg not found! Deletion of registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wgareg failed! Could not process line: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wgareg Status: 0xc0000034 File C:\WINNT\system32\wgareg.exe not found! Deletion of file C:\WINNT\system32\wgareg.exe failed! Could not process line: C:\WINNT\system32\wgareg.exe Status: 0xc0000034 File C:\WINNT\system32\remote.exe not found! Deletion of file C:\WINNT\system32\remote.exe failed! Could not process line: C:\WINNT\system32\remote.exe Status: 0xc0000034 File C:\WINNT\system32\mscnslskrnl.exe not found! Deletion of file C:\WINNT\system32\mscnslskrnl.exe failed! Could not process line: C:\WINNT\system32\mscnslskrnl.exe Status: 0xc0000034 File C:\WINNT\system32\tupss.dll deleted successfully. File C:\WINNT\system32\.exe deleted successfully. File C:\WINNT\system32\RKXA.0XE deleted successfully. File C:\WINNT\system32\QFNODOBV.0XE deleted successfully. File C:\WINNT\system32\nt.0xe deleted successfully. File C:\WINNT\system32\C.0MP deleted successfully. File C:\WINNT\system32\B.0MP deleted successfully. File C:\WINNT\system32\8.0MP deleted successfully. File C:\WINNT\system32\7.0MP deleted successfully. File C:\WINNT\system32\6.0MP deleted successfully. File C:\WINNT\system32\msibot.cfg deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Microsoft (R) Windows Network Security Management Service deleted successfully. Registry key HKEY_USERS\.DEFAULT\Software\Microsoft\Windows NT\CurrentVersion\Windows\load not found! Deletion of registry key HKEY_USERS\.DEFAULT\Software\Microsoft\Windows NT\CurrentVersion\Windows\load failed! Status: 0xc0000034 Completed script processing. ******************* Finished! Terminate. REGEDIT4 ; Registry Search 2.0 by Bobbi Flekman © 2005 ; Version: 2.0.1.0 ; Results at 19.08.2006 14:30:53 for strings: ; 'spcmdntidos' ; Strings excluded from search: ; (None) ; Search in: ; Registry Keys Registry Values Registry Data ; HKEY_LOCAL_MACHINE HKEY_USERS ; End Of The Log... REGEDIT4 ; Registry Search 2.0 by Bobbi Flekman © 2005 ; Version: 2.0.1.0 ; Results at 19.08.2006 14:31:47 for strings: ; 'windows genuine advantage registration service' ; Strings excluded from search: ; (None) ; Search in: ; Registry Keys Registry Values Registry Data ; HKEY_LOCAL_MACHINE HKEY_USERS ; End Of The Log... REGEDIT4 ; Registry Search 2.0 by Bobbi Flekman © 2005 ; Version: 2.0.1.0 ; Results at 19.08.2006 14:33:21 for strings: ; 'remote procedure call (rpc) remote' ; Strings excluded from search: ; (None) ; Search in: ; Registry Keys Registry Values Registry Data ; HKEY_LOCAL_MACHINE HKEY_USERS [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_RPCREMOTE\0000] "DeviceDesc"="Remote Procedure Call (RPC) Remote" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\RpcRemote] "DisplayName"="Remote Procedure Call (RPC) Remote" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_RPCREMOTE\0000] "DeviceDesc"="Remote Procedure Call (RPC) Remote" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\RpcRemote] "DisplayName"="Remote Procedure Call (RPC) Remote" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_RPCREMOTE\0000] "DeviceDesc"="Remote Procedure Call (RPC) Remote" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RpcRemote] "DisplayName"="Remote Procedure Call (RPC) Remote" ; End Of The Log... REGEDIT4 ; Registry Search 2.0 by Bobbi Flekman © 2005 ; Version: 2.0.1.0 ; Results at 19.08.2006 14:35:06 for strings: ; 'remote.exe' ; Strings excluded from search: ; (None) ; Search in: ; Registry Keys Registry Values Registry Data ; HKEY_LOCAL_MACHINE HKEY_USERS [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\dmremote.exe] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{D485DDC0-49C6-11d1-8E56-00A0C92C9D5D}] "LocalServer32"="dmremote.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D485DDC0-49C6-11d1-8E56-00A0C92C9D5D}\LocalServer32] @="dmremote.exe" "ThreadingModel"="dmremote.exe" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\RpcRemote] ; Contents of value: ; c:\winnt\system32\remote.exe "ImagePath"=hex(2):43,3a,5c,57,49,4e,4e,54,5c,73,79,73,74,65,6d,33,32,5c,72,65,\ 6d,6f,74,65,2e,65,78,65,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\RpcRemote] ; Contents of value: ; c:\winnt\system32\remote.exe "ImagePath"=hex(2):43,3a,5c,57,49,4e,4e,54,5c,73,79,73,74,65,6d,33,32,5c,72,65,\ 6d,6f,74,65,2e,65,78,65,00 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RpcRemote] ; Contents of value: ; c:\winnt\system32\remote.exe "ImagePath"=hex(2):43,3a,5c,57,49,4e,4e,54,5c,73,79,73,74,65,6d,33,32,5c,72,65,\ 6d,6f,74,65,2e,65,78,65,00 ; End Of The Log... REGEDIT4 ; Registry Search 2.0 by Bobbi Flekman © 2005 ; Version: 2.0.1.0 ; Results at 19.08.2006 14:36:06 for strings: ; 'windows network security management service' ; Strings excluded from search: ; (None) ; Search in: ; Registry Keys Registry Values Registry Data ; HKEY_LOCAL_MACHINE HKEY_USERS [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_NSMS\0000] "DeviceDesc"="Windows Network Security Management Service" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_NSMS\0000] "DeviceDesc"="Windows Network Security Management Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_NSMS\0000] "DeviceDesc"="Windows Network Security Management Service" ; End Of The Log... REGEDIT4 ; Registry Search 2.0 by Bobbi Flekman © 2005 ; Version: 2.0.1.0 ; Results at 19.08.2006 14:37:19 for strings: ; '6.tmp' ; Strings excluded from search: ; (None) ; Search in: ; Registry Keys Registry Values Registry Data ; HKEY_LOCAL_MACHINE HKEY_USERS [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Advanced INF Setup\IE40.Controls] "InstallINFFile"="C:\\DOKUME~1\\ADMINI~1\\LOKALE~1\\Temp\\1\\RGI6.tmp" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Advanced INF Setup\OutlookExpress] "InstallINFFile"="C:\\WINNT\\msdownld.tmp\\AS072726.tmp\\oeexcep.inf" [HKEY_USERS\S-1-5-21-1606980848-484763869-1343024091-500\Software\ej-technologies\exe4j\temp] "delete_file"="C:\\DOKUME~1\\ADMINI~1\\LOKALE~1\\Temp\\2\\e4j6.tmp_dir21220\\exe4jlib.jar;" "delete_dir"="C:\\DOKUME~1\\ADMINI~1\\LOKALE~1\\Temp\\2\\e4j6.tmp_dir21220;" ; End Of The Log... REGEDIT4 ; Registry Search 2.0 by Bobbi Flekman © 2005 ; Version: 2.0.1.0 ; Results at 19.08.2006 14:39:09 for strings: ; 'microsoft console' ; Strings excluded from search: ; (None) ; Search in: ; Registry Keys Registry Values Registry Data ; HKEY_LOCAL_MACHINE HKEY_USERS [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_MSCNLS\0000] "DeviceDesc"="Microsoft Console" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_MSCNLS\0000] "DeviceDesc"="Microsoft Console" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MSCNLS\0000] "DeviceDesc"="Microsoft Console" ; End Of The Log... REGEDIT4 ; Registry Search 2.0 by Bobbi Flekman © 2005 ; Version: 2.0.1.0 ; Results at 19.08.2006 14:39:59 for strings: ; 'mscnslskrnl.exe' ; Strings excluded from search: ; (None) ; Search in: ; Registry Keys Registry Values Registry Data ; HKEY_LOCAL_MACHINE HKEY_USERS ; End Of The Log... REGEDIT4 ; Registry Search 2.0 by Bobbi Flekman © 2005 ; Version: 2.0.1.0 ; Results at 19.08.2006 14:40:58 for strings: ; 'identd' ; Strings excluded from search: ; (None) ; Search in: ; Registry Keys Registry Values Registry Data ; HKEY_LOCAL_MACHINE HKEY_USERS [HKEY_LOCAL_MACHINE\SOFTWARE\Identd] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\Identd.exe] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\Identd.exe] "Path"="d:\\identd" @="D:\\IdentD\\identalt\\Identd.exe" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_DIDENTD] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_DIDENTD\0000] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_DIDENTD\0000] "Service"="DidentD" "DeviceDesc"="DidentD" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_IDENTD] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_IDENTD\0000] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_IDENTD\0000] "Service"="Identd" "DeviceDesc"="Identd" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\atapi\Parameters] ; Contents of value: ; QUANTUM FIREBALL ; "NeedIdentDevice"=hex(7):51,55,41,4e,54,55,4d,20,46,49,52,45,42,41,4c,4c,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\DidentD] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\DidentD] ; Contents of value: ; d:\identd\didentd.exe "ImagePath"=hex(2):44,3a,5c,49,64,65,6e,74,44,5c,64,69,64,65,6e,74,64,2e,65,78,\ 65,00 "DisplayName"="DidentD" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\DidentD\Parameters] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\DidentD\Security] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\DidentD\Enum] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\DidentD\Enum] "0"="Root\\LEGACY_DIDENTD\\0000" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\Application] ; Contents of value: ; WSH ; WinMgmt Winl ; Winlogon Windows 3.1 ; Windows 3.1 Migration W3Ctrs VBRuntime User ; W3Ctrs VBRuntime Userinit Userenv Tlntsvr SysmonLo ; VBRuntime Userinit Userenv Tlntsvr SysmonLog SpoolerCtrs spf ; Userinit Userenv Tlntsvr SysmonLog SpoolerCtrs spfirewallsvc Software ; Userenv Tlntsvr SysmonLog SpoolerCtrs spfirewallsvc Software Installation Scl ; Tlntsvr SysmonLog SpoolerCtrs spfirewallsvc Software Installation SclgNtfy SceSrv Sce ; SysmonLog SpoolerCtrs spfirewallsvc Software Installation SclgNtfy SceSrv SceCli PlugPlayManage ; SpoolerCtrs spfirewallsvc Software Installation SclgNtfy SceSrv SceCli PlugPlayManager PerfProc PerfOS Perf ; spfirewallsvc Software Installation SclgNtfy SceSrv SceCli PlugPlayManager PerfProc PerfOS PerfNet Perfmon Perflib PerfDi ; Software Installation SclgNtfy SceSrv SceCli PlugPlayManager PerfProc PerfOS PerfNet Perfmon Perflib PerfDisk Perfctrs Offline Files Oakley Ntb ; SclgNtfy SceSrv SceCli PlugPlayManager PerfProc PerfOS PerfNet Perfmon Perflib PerfDisk Perfctrs Offline Files Oakley Ntbackup.ini ntbackup MySQL MsiIns ; SceSrv SceCli PlugPlayManager PerfProc PerfOS PerfNet Perfmon Perflib PerfDisk Perfctrs Offline Files Oakley Ntbackup.ini ntbackup MySQL MsiInstaller MSDTC Cli ; SceCli PlugPlayManager PerfProc PerfOS PerfNet Perfmon Perflib PerfDisk Perfctrs Offline Files Oakley Ntbackup.ini ntbackup MySQL MsiInstaller MSDTC Client MSDTC mnms ; PlugPlayManager PerfProc PerfOS PerfNet Perfmon Perflib PerfDisk Perfctrs Offline Files Oakley Ntbackup.ini ntbackup MySQL MsiInstaller MSDTC Client MSDTC mnmsrvc LoadPerf LicenseSer ; PerfProc PerfOS PerfNet Perfmon Perflib PerfDisk Perfctrs Offline Files Oakley Ntbackup.ini ntbackup MySQL MsiInstaller MSDTC Client MSDTC mnmsrvc LoadPerf LicenseService IPSECPolicyStorage I ; PerfOS PerfNet Perfmon Perflib PerfDisk Perfctrs Offline Files Oakley Ntbackup.ini ntbackup MySQL MsiInstaller MSDTC Client MSDTC mnmsrvc LoadPerf LicenseService IPSECPolicyStorage IISInfoCtrs IISAD ; PerfNet Perfmon Perflib PerfDisk Perfctrs Offline Files Oakley Ntbackup.ini ntbackup MySQL MsiInstaller MSDTC Client MSDTC mnmsrvc LoadPerf LicenseService IPSECPolicyStorage IISInfoCtrs IISADMIN IExplore Id ; Perfmon Perflib PerfDisk Perfctrs Offline Files Oakley Ntbackup.ini ntbackup MySQL MsiInstaller MSDTC Client MSDTC mnmsrvc LoadPerf LicenseService IPSECPolicyStorage IISInfoCtrs IISADMIN IExplore Identd HTTPEXT hpm ; Perflib PerfDisk Perfctrs Offline Files Oakley Ntbackup.ini ntbackup MySQL MsiInstaller MSDTC Client MSDTC mnmsrvc LoadPerf LicenseService IPSECPolicyStorage IISInfoCtrs IISADMIN IExplore Identd HTTPEXT hpmon H+BEDV AntiVi ; PerfDisk Perfctrs Offline Files Oakley Ntbackup.ini ntbackup MySQL MsiInstaller MSDTC Client MSDTC mnmsrvc LoadPerf LicenseService IPSECPolicyStorage IISInfoCtrs IISADMIN IExplore Identd HTTPEXT hpmon H+BEDV AntiVir FtpCtrs Folder ; Perfctrs Offline Files Oakley Ntbackup.ini ntbackup MySQL MsiInstaller MSDTC Client MSDTC mnmsrvc LoadPerf LicenseService IPSECPolicyStorage IISInfoCtrs IISADMIN IExplore Identd HTTPEXT hpmon H+BEDV AntiVir FtpCtrs Folder Redirection File D ; Offline Files Oakley Ntbackup.ini ntbackup MySQL MsiInstaller MSDTC Client MSDTC mnmsrvc LoadPerf LicenseService IPSECPolicyStorage IISInfoCtrs IISADMIN IExplore Identd HTTPEXT hpmon H+BEDV AntiVir FtpCtrs Folder Redirection File Deployment EventSystem E ; Oakley Ntbackup.ini ntbackup MySQL MsiInstaller MSDTC Client MSDTC mnmsrvc LoadPerf LicenseService IPSECPolicyStorage IISInfoCtrs IISADMIN IExplore Identd HTTPEXT hpmon H+BEDV AntiVir FtpCtrs Folder Redirection File Deployment EventSystem ESENT DrWatson DiskQuo ; Ntbackup.ini ntbackup MySQL MsiInstaller MSDTC Client MSDTC mnmsrvc LoadPerf LicenseService IPSECPolicyStorage IISInfoCtrs IISADMIN IExplore Identd HTTPEXT hpmon H+BEDV AntiVir FtpCtrs Folder Redirection File Deployment EventSystem ESENT DrWatson DiskQuota DidentD COM+ Ci C ; ntbackup MySQL MsiInstaller MSDTC Client MSDTC mnmsrvc LoadPerf LicenseService IPSECPolicyStorage IISInfoCtrs IISADMIN IExplore Identd HTTPEXT hpmon H+BEDV AntiVir FtpCtrs Folder Redirection File Deployment EventSystem ESENT DrWatson DiskQuota DidentD COM+ Ci Chkdsk Avg7UpdSvc Avg7A ; MySQL MsiInstaller MSDTC Client MSDTC mnmsrvc LoadPerf LicenseService IPSECPolicyStorage IISInfoCtrs IISADMIN IExplore Identd HTTPEXT hpmon H+BEDV AntiVir FtpCtrs Folder Redirection File Deployment EventSystem ESENT DrWatson DiskQuota DidentD COM+ Ci Chkdsk Avg7UpdSvc Avg7Alrt AVG7 Autoch ; MsiInstaller MSDTC Client MSDTC mnmsrvc LoadPerf LicenseService IPSECPolicyStorage IISInfoCtrs IISADMIN IExplore Identd HTTPEXT hpmon H+BEDV AntiVir FtpCtrs Folder Redirection File Deployment EventSystem ESENT DrWatson DiskQuota DidentD COM+ Ci Chkdsk Avg7UpdSvc Avg7Alrt AVG7 Autochk Application Manag ; MSDTC Client MSDTC mnmsrvc LoadPerf LicenseService IPSECPolicyStorage IISInfoCtrs IISADMIN IExplore Identd HTTPEXT hpmon H+BEDV AntiVir FtpCtrs Folder Redirection File Deployment EventSystem ESENT DrWatson DiskQuota DidentD COM+ Ci Chkdsk Avg7UpdSvc Avg7Alrt AVG7 Autochk Application Management Apache Service Activ ; MSDTC mnmsrvc LoadPerf LicenseService IPSECPolicyStorage IISInfoCtrs IISADMIN IExplore Identd HTTPEXT hpmon H+BEDV AntiVir FtpCtrs Folder Redirection File Deployment EventSystem ESENT DrWatson DiskQuota DidentD COM+ Ci Chkdsk Avg7UpdSvc Avg7Alrt AVG7 Autochk Application Management Apache Service Active Server Pages Appl ; mnmsrvc LoadPerf LicenseService IPSECPolicyStorage IISInfoCtrs IISADMIN IExplore Identd HTTPEXT hpmon H+BEDV AntiVir FtpCtrs Folder Redirection File Deployment EventSystem ESENT DrWatson DiskQuota DidentD COM+ Ci Chkdsk Avg7UpdSvc Avg7Alrt AVG7 Autochk Application Management Apache Service Active Server Pages Application ; LoadPerf LicenseService IPSECPolicyStorage IISInfoCtrs IISADMIN IExplore Identd HTTPEXT hpmon H+BEDV AntiVir FtpCtrs Folder Redirection File Deployment EventSystem ESENT DrWatson DiskQuota DidentD COM+ Ci Chkdsk Avg7UpdSvc Avg7Alrt AVG7 Autochk Application Management Apache Service Active Server Pages Application ; LicenseService IPSECPolicyStorage IISInfoCtrs IISADMIN IExplore Identd HTTPEXT hpmon H+BEDV AntiVir FtpCtrs Folder Redirection File Deployment EventSystem ESENT DrWatson DiskQuota DidentD COM+ Ci Chkdsk Avg7UpdSvc Avg7Alrt AVG7 Autochk Application Management Apache Service Active Server Pages Application ; IPSECPolicyStorage IISInfoCtrs IISADMIN IExplore Identd HTTPEXT hpmon H+BEDV AntiVir FtpCtrs Folder Redirection File Deployment EventSystem ESENT DrWatson DiskQuota DidentD COM+ Ci Chkdsk Avg7UpdSvc Avg7Alrt AVG7 Autochk Application Management Apache Service Active Server Pages Application ; IISInfoCtrs IISADMIN IExplore Identd HTTPEXT hpmon H+BEDV AntiVir FtpCtrs Folder Redirection File Deployment EventSystem ESENT DrWatson DiskQuota DidentD COM+ Ci Chkdsk Avg7UpdSvc Avg7Alrt AVG7 Autochk Application Management Apache Service Active Server Pages Application ; IISADMIN IExplore Identd HTTPEXT hpmon H+BEDV AntiVir FtpCtrs Folder Redirection File Deployment EventSystem ESENT DrWatson DiskQuota DidentD COM+ Ci Chkdsk Avg7UpdSvc Avg7Alrt AVG7 Autochk Application Management Apache Service Active Server Pages Application ; IExplore Identd HTTPEXT hpmon H+BEDV AntiVir FtpCtrs Folder Redirection File Deployment EventSystem ESENT DrWatson DiskQuota DidentD COM+ Ci Chkdsk Avg7UpdSvc Avg7Alrt AVG7 Autochk Application Management Apache Service Active Server Pages Application ; Identd HTTPEXT hpmon H+BEDV AntiVir FtpCtrs Folder Redirection File Deployment EventSystem ESENT DrWatson DiskQuota DidentD COM+ Ci Chkdsk Avg7UpdSvc Avg7Alrt AVG7 Autochk Application Management Apache Service Active Server Pages Application ; HTTPEXT hpmon H+BEDV AntiVir FtpCtrs Folder Redirection File Deployment EventSystem ESENT DrWatson DiskQuota DidentD COM+ Ci Chkdsk Avg7UpdSvc Avg7Alrt AVG7 Autochk Application Management Apache Service Active Server Pages Application ; hpmon H+BEDV AntiVir FtpCtrs Folder Redirection File Deployment EventSystem ESENT DrWatson DiskQuota DidentD COM+ Ci Chkdsk Avg7UpdSvc Avg7Alrt AVG7 Autochk Application Management Apache Service Active Server Pages Application ; H+BEDV AntiVir FtpCtrs Folder Redirection File Deployment EventSystem ESENT DrWatson DiskQuota DidentD COM+ Ci Chkdsk Avg7UpdSvc Avg7Alrt AVG7 Autochk Application Management Apache Service Active Server Pages Application ; FtpCtrs Folder Redirection File Deployment EventSystem ESENT DrWatson DiskQuota DidentD COM+ Ci Chkdsk Avg7UpdSvc Avg7Alrt AVG7 Autochk Application Management Apache Service Active Server Pages Application ; Folder Redirection File Deployment EventSystem ESENT DrWatson DiskQuota DidentD COM+ Ci Chkdsk Avg7UpdSvc Avg7Alrt AVG7 Autochk Application Management Apache Service Active Server Pages Application ; File Deployment EventSystem ESENT DrWatson DiskQuota DidentD COM+ Ci Chkdsk Avg7UpdSvc Avg7Alrt AVG7 Autochk Application Management Apache Service Active Server Pages Application ; EventSystem ESENT DrWatson DiskQuota DidentD COM+ Ci Chkdsk Avg7UpdSvc Avg7Alrt AVG7 Autochk Application Management Apache Service Active Server Pages Application ; ESENT DrWatson DiskQuota DidentD COM+ Ci Chkdsk Avg7UpdSvc Avg7Alrt AVG7 Autochk Application Management Apache Service Active Server Pages Application ; DrWatson DiskQuota DidentD COM+ Ci Chkdsk Avg7UpdSvc Avg7Alrt AVG7 Autochk Application Management Apache Service Active Server Pages Application ; DiskQuota DidentD COM+ Ci Chkdsk Avg7UpdSvc Avg7Alrt AVG7 Autochk Application Management Apache Service Active Server Pages Application ; DidentD COM+ Ci Chkdsk Avg7UpdSvc Avg7Alrt AVG7 Autochk Application Management Apache Service Active Server Pages Application ; COM+ Ci Chkdsk Avg7UpdSvc Avg7Alrt AVG7 Autochk Application Management Apache Service Active Server Pages Application ; Ci Chkdsk Avg7UpdSvc Avg7Alrt AVG7 Autochk Application Management Apache Service Active Server Pages Application ; Chkdsk Avg7UpdSvc Avg7Alrt AVG7 Autochk Application Management Apache Service Active Server Pages Application ; Avg7UpdSvc Avg7Alrt AVG7 Autochk Application Management Apache Service Active Server Pages Application ; Avg7Alrt AVG7 Autochk Application Management Apache Service Active Server Pages Application ; AVG7 Autochk Application Management Apache Service Active Server Pages Application ; Autochk Application Management Apache Service Active Server Pages Application ; Application Management Apache Service Active Server Pages Application ; Apache Service Active Server Pages Application ; Active Server Pages Application ; Application ; "Sources"=hex(7):57,53,48,00,57,69,6e,4d,67,6d,74,00,57,69,6e,6c,6f,67,6f,6e,\ 00,57,69,6e,64,6f,77,73,20,33,2e,31,20,4d,69,67,72,61,74,69,6f,6e,00,57,33,\ 43,74,72,73,00,56,42,52,75,6e,74,69,6d,65,00,55,73,65,72,69,6e,69,74,00,55,\ 73,65,72,65,6e,76,00,54,6c,6e,74,73,76,72,00,53,79,73,6d,6f,6e,4c,6f,67,00,\ 53,70,6f,6f,6c,65,72,43,74,72,73,00,73,70,66,69,72,65,77,61,6c,6c,73,76,63,\ 00,53,6f,66,74,77,61,72,65,20,49,6e,73,74,61,6c,6c,61,74,69,6f,6e,00,53,63,\ 6c,67,4e,74,66,79,00,53,63,65,53,72,76,00,53,63,65,43,6c,69,00,50,6c,75,67,\ 50,6c,61,79,4d,61,6e,61,67,65,72,00,50,65,72,66,50,72,6f,63,00,50,65,72,66,\ 4f,53,00,50,65,72,66,4e,65,74,00,50,65,72,66,6d,6f,6e,00,50,65,72,66,6c,69,\ 62,00,50,65,72,66,44,69,73,6b,00,50,65,72,66,63,74,72,73,00,4f,66,66,6c,69,\ 6e,65,20,46,69,6c,65,73,00,4f,61,6b,6c,65,79,00,4e,74,62,61,63,6b,75,70,2e,\ 69,6e,69,00,6e,74,62,61,63,6b,75,70,00,4d,79,53,51,4c,00,4d,73,69,49,6e,73,\ 74,61,6c,6c,65,72,00,4d,53,44,54,43,20,43,6c,69,65,6e,74,00,4d,53,44,54,43,\ 00,6d,6e,6d,73,72,76,63,00,4c,6f,61,64,50,65,72,66,00,4c,69,63,65,6e,73,65,\ 53,65,72,76,69,63,65,00,49,50,53,45,43,50,6f,6c,69,63,79,53,74,6f,72,61,67,\ 65,00,49,49,53,49,6e,66,6f,43,74,72,73,00,49,49,53,41,44,4d,49,4e,00,49,45,\ 78,70,6c,6f,72,65,00,49,64,65,6e,74,64,00,48,54,54,50,45,58,54,00,68,70,6d,\ 6f,6e,00,48,2b,42,45,44,56,20,41,6e,74,69,56,69,72,00,46,74,70,43,74,72,73,\ 00,46,6f,6c,64,65,72,20,52,65,64,69,72,65,63,74,69,6f,6e,00,46,69,6c,65,20,\ 44,65,70,6c,6f,79,6d,65,6e,74,00,45,76,65,6e,74,53,79,73,74,65,6d,00,45,53,\ 45,4e,54,00,44,72,57,61,74,73,6f,6e,00,44,69,73,6b,51,75,6f,74,61,00,44,69,\ 64,65,6e,74,44,00,43,4f,4d,2b,00,43,69,00,43,68,6b,64,73,6b,00,41,76,67,37,\ 55,70,64,53,76,63,00,41,76,67,37,41,6c,72,74,00,41,56,47,37,00,41,75,74,6f,\ 63,68,6b,00,41,70,70,6c,69,63,61,74,69,6f,6e,20,4d,61,6e,61,67,65,6d,65,6e,\ 74,00,41,70,61,63,68,65,20,53,65,72,76,69,63,65,00,41,63,74,69,76,65,20,53,\ 65,72,76,65,72,20,50,61,67,65,73,00,41,70,70,6c,69,63,61,74,69,6f,6e,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\Application\DidentD] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\Application\DidentD] ; Contents of value: ; d:\identd\didentd.exe "EventMessageFile"=hex(2):44,3a,5c,49,64,65,6e,74,44,5c,64,69,64,65,6e,74,64,\ 2e,65,78,65,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\Application\Identd] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\Application\Identd] "EventMessageFile"="d:\\IdentD\\Identd.exe" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Identd] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Identd] ; Contents of value: ; d:\identd\identd.exe "ImagePath"=hex(2):64,3a,5c,49,64,65,6e,74,44,5c,49,64,65,6e,74,64,2e,65,78,65,\ 00 "DisplayName"="Identd" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Identd\Security] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Identd\Enum] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Identd\Enum] "0"="Root\\LEGACY_IDENTD\\0000" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_DIDENTD] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_DIDENTD\0000] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_DIDENTD\0000] "Service"="DidentD" "DeviceDesc"="DidentD" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_IDENTD] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_IDENTD\0000] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_IDENTD\0000] "Service"="Identd" "DeviceDesc"="Identd" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\atapi\Parameters] ; Contents of value: ; QUANTUM FIREBALL ; "NeedIdentDevice"=hex(7):51,55,41,4e,54,55,4d,20,46,49,52,45,42,41,4c,4c,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\DidentD] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\DidentD] ; Contents of value: ; d:\identd\didentd.exe "ImagePath"=hex(2):44,3a,5c,49,64,65,6e,74,44,5c,64,69,64,65,6e,74,64,2e,65,78,\ 65,00 "DisplayName"="DidentD" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\DidentD\Parameters] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\DidentD\Security] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\Application] ; Contents of value: ; WSH ; WinMgmt Winl ; Winlogon Windows 3.1 ; Windows 3.1 Migration W3Ctrs VBRuntime User ; W3Ctrs VBRuntime Userinit Userenv Tlntsvr SysmonLo ; VBRuntime Userinit Userenv Tlntsvr SysmonLog SpoolerCtrs spf ; Userinit Userenv Tlntsvr SysmonLog SpoolerCtrs spfirewallsvc Software ; Userenv Tlntsvr SysmonLog SpoolerCtrs spfirewallsvc Software Installation Scl ; Tlntsvr SysmonLog SpoolerCtrs spfirewallsvc Software Installation SclgNtfy SceSrv Sce ; SysmonLog SpoolerCtrs spfirewallsvc Software Installation SclgNtfy SceSrv SceCli PlugPlayManage ; SpoolerCtrs spfirewallsvc Software Installation SclgNtfy SceSrv SceCli PlugPlayManager PerfProc PerfOS Perf ; spfirewallsvc Software Installation SclgNtfy SceSrv SceCli PlugPlayManager PerfProc PerfOS PerfNet Perfmon Perflib PerfDi ; Software Installation SclgNtfy SceSrv SceCli PlugPlayManager PerfProc PerfOS PerfNet Perfmon Perflib PerfDisk Perfctrs Offline Files Oakley Ntb ; SclgNtfy SceSrv SceCli PlugPlayManager PerfProc PerfOS PerfNet Perfmon Perflib PerfDisk Perfctrs Offline Files Oakley Ntbackup.ini ntbackup MySQL MsiIns ; SceSrv SceCli PlugPlayManager PerfProc PerfOS PerfNet Perfmon Perflib PerfDisk Perfctrs Offline Files Oakley Ntbackup.ini ntbackup MySQL MsiInstaller MSDTC Cli ; SceCli PlugPlayManager PerfProc PerfOS PerfNet Perfmon Perflib PerfDisk Perfctrs Offline Files Oakley Ntbackup.ini ntbackup MySQL MsiInstaller MSDTC Client MSDTC mnms ; PlugPlayManager PerfProc PerfOS PerfNet Perfmon Perflib PerfDisk Perfctrs Offline Files Oakley Ntbackup.ini ntbackup MySQL MsiInstaller MSDTC Client MSDTC mnmsrvc LoadPerf LicenseSer ; PerfProc PerfOS PerfNet Perfmon Perflib PerfDisk Perfctrs Offline Files Oakley Ntbackup.ini ntbackup MySQL MsiInstaller MSDTC Client MSDTC mnmsrvc LoadPerf LicenseService IPSECPolicyStorage I ; PerfOS PerfNet Perfmon Perflib PerfDisk Perfctrs Offline Files Oakley Ntbackup.ini ntbackup MySQL MsiInstaller MSDTC Client MSDTC mnmsrvc LoadPerf LicenseService IPSECPolicyStorage IISInfoCtrs IISAD ; PerfNet Perfmon Perflib PerfDisk Perfctrs Offline Files Oakley Ntbackup.ini ntbackup MySQL MsiInstaller MSDTC Client MSDTC mnmsrvc LoadPerf LicenseService IPSECPolicyStorage IISInfoCtrs IISADMIN IExplore Id ; Perfmon Perflib PerfDisk Perfctrs Offline Files Oakley Ntbackup.ini ntbackup MySQL MsiInstaller MSDTC Client MSDTC mnmsrvc LoadPerf LicenseService IPSECPolicyStorage IISInfoCtrs IISADMIN IExplore Identd HTTPEXT hpm ; Perflib PerfDisk Perfctrs Offline Files Oakley Ntbackup.ini ntbackup MySQL MsiInstaller MSDTC Client MSDTC mnmsrvc LoadPerf LicenseService IPSECPolicyStorage IISInfoCtrs IISADMIN IExplore Identd HTTPEXT hpmon H+BEDV AntiVi ; PerfDisk Perfctrs Offline Files Oakley Ntbackup.ini ntbackup MySQL MsiInstaller MSDTC Client MSDTC mnmsrvc LoadPerf LicenseService IPSECPolicyStorage IISInfoCtrs IISADMIN IExplore Identd HTTPEXT hpmon H+BEDV AntiVir FtpCtrs Folder ; Perfctrs Offline Files Oakley Ntbackup.ini ntbackup MySQL MsiInstaller MSDTC Client MSDTC mnmsrvc LoadPerf LicenseService IPSECPolicyStorage IISInfoCtrs IISADMIN IExplore Identd HTTPEXT hpmon H+BEDV AntiVir FtpCtrs Folder Redirection File D ; Offline Files Oakley Ntbackup.ini ntbackup MySQL MsiInstaller MSDTC Client MSDTC mnmsrvc LoadPerf LicenseService IPSECPolicyStorage IISInfoCtrs IISADMIN IExplore Identd HTTPEXT hpmon H+BEDV AntiVir FtpCtrs Folder Redirection File Deployment EventSystem E ; Oakley Ntbackup.ini ntbackup MySQL MsiInstaller MSDTC Client MSDTC mnmsrvc LoadPerf LicenseService IPSECPolicyStorage IISInfoCtrs IISADMIN IExplore Identd HTTPEXT hpmon H+BEDV AntiVir FtpCtrs Folder Redirection File Deployment EventSystem ESENT DrWatson DiskQuo ; Ntbackup.ini ntbackup MySQL MsiInstaller MSDTC Client MSDTC mnmsrvc LoadPerf LicenseService IPSECPolicyStorage IISInfoCtrs IISADMIN IExplore Identd HTTPEXT hpmon H+BEDV AntiVir FtpCtrs Folder Redirection File Deployment EventSystem ESENT DrWatson DiskQuota DidentD COM+ Ci C ; ntbackup MySQL MsiInstaller MSDTC Client MSDTC mnmsrvc LoadPerf LicenseService IPSECPolicyStorage IISInfoCtrs IISADMIN IExplore Identd HTTPEXT hpmon H+BEDV AntiVir FtpCtrs Folder Redirection File Deployment EventSystem ESENT DrWatson DiskQuota DidentD COM+ Ci Chkdsk Avg7UpdSvc Avg7A ; MySQL MsiInstaller MSDTC Client MSDTC mnmsrvc LoadPerf LicenseService IPSECPolicyStorage IISInfoCtrs IISADMIN IExplore Identd HTTPEXT hpmon H+BEDV AntiVir FtpCtrs Folder Redirection File Deployment EventSystem ESENT DrWatson DiskQuota DidentD COM+ Ci Chkdsk Avg7UpdSvc Avg7Alrt AVG7 Autoch ; MsiInstaller MSDTC Client MSDTC mnmsrvc LoadPerf LicenseService IPSECPolicyStorage IISInfoCtrs IISADMIN IExplore Identd HTTPEXT hpmon H+BEDV AntiVir FtpCtrs Folder Redirection File Deployment EventSystem ESENT DrWatson DiskQuota DidentD COM+ Ci Chkdsk Avg7UpdSvc Avg7Alrt AVG7 Autochk Application Manag ; MSDTC Client MSDTC mnmsrvc LoadPerf LicenseService IPSECPolicyStorage IISInfoCtrs IISADMIN IExplore Identd HTTPEXT hpmon H+BEDV AntiVir FtpCtrs Folder Redirection File Deployment EventSystem ESENT DrWatson DiskQuota DidentD COM+ Ci Chkdsk Avg7UpdSvc Avg7Alrt AVG7 Autochk Application Management Apache Service Activ ; MSDTC mnmsrvc LoadPerf LicenseService IPSECPolicyStorage IISInfoCtrs IISADMIN IExplore Identd HTTPEXT hpmon H+BEDV AntiVir FtpCtrs Folder Redirection File Deployment EventSystem ESENT DrWatson DiskQuota DidentD COM+ Ci Chkdsk Avg7UpdSvc Avg7Alrt AVG7 Autochk Application Management Apache Service Active Server Pages Appl ; mnmsrvc LoadPerf LicenseService IPSECPolicyStorage IISInfoCtrs IISADMIN IExplore Identd HTTPEXT hpmon H+BEDV AntiVir FtpCtrs Folder Redirection File Deployment EventSystem ESENT DrWatson DiskQuota DidentD COM+ Ci Chkdsk Avg7UpdSvc Avg7Alrt AVG7 Autochk Application Management Apache Service Active Server Pages Application ; LoadPerf LicenseService IPSECPolicyStorage IISInfoCtrs IISADMIN IExplore Identd HTTPEXT hpmon H+BEDV AntiVir FtpCtrs Folder Redirection File Deployment EventSystem ESENT DrWatson DiskQuota DidentD COM+ Ci Chkdsk Avg7UpdSvc Avg7Alrt AVG7 Autochk Application Management Apache Service Active Server Pages Application ; LicenseService IPSECPolicyStorage IISInfoCtrs IISADMIN IExplore Identd HTTPEXT hpmon H+BEDV AntiVir FtpCtrs Folder Redirection File Deployment EventSystem ESENT DrWatson DiskQuota DidentD COM+ Ci Chkdsk Avg7UpdSvc Avg7Alrt AVG7 Autochk Application Management Apache Service Active Server Pages Application ; IPSECPolicyStorage IISInfoCtrs IISADMIN IExplore Identd HTTPEXT hpmon H+BEDV AntiVir FtpCtrs Folder Redirection File Deployment EventSystem ESENT DrWatson DiskQuota DidentD COM+ Ci Chkdsk Avg7UpdSvc Avg7Alrt AVG7 Autochk Application Management Apache Service Active Server Pages Application ; IISInfoCtrs IISADMIN IExplore Identd HTTPEXT hpmon H+BEDV AntiVir FtpCtrs Folder Redirection File Deployment EventSystem ESENT DrWatson DiskQuota DidentD COM+ Ci Chkdsk Avg7UpdSvc Avg7Alrt AVG7 Autochk Application Management Apache Service Active Server Pages Application ; IISADMIN IExplore Identd HTTPEXT hpmon H+BEDV AntiVir FtpCtrs Folder Redirection File Deployment EventSystem ESENT DrWatson DiskQuota DidentD COM+ Ci Chkdsk Avg7UpdSvc Avg7Alrt AVG7 Autochk Application Management Apache Service Active Server Pages Application ; IExplore Identd HTTPEXT hpmon H+BEDV AntiVir FtpCtrs Folder Redirection File Deployment EventSystem ESENT DrWatson DiskQuota DidentD COM+ Ci Chkdsk Avg7UpdSvc Avg7Alrt AVG7 Autochk Application Management Apache Service Active Server Pages Application ; Identd HTTPEXT hpmon H+BEDV AntiVir FtpCtrs Folder Redirection File Deployment EventSystem ESENT DrWatson DiskQuota DidentD COM+ Ci Chkdsk Avg7UpdSvc Avg7Alrt AVG7 Autochk Application Management Apache Service Active Server Pages Application ; HTTPEXT hpmon H+BEDV AntiVir FtpCtrs Folder Redirection File Deployment EventSystem ESENT DrWatson DiskQuota DidentD COM+ Ci Chkdsk Avg7UpdSvc Avg7Alrt AVG7 Autochk Application Management Apache Service Active Server Pages Application ; hpmon H+BEDV AntiVir FtpCtrs Folder Redirection File Deployment EventSystem ESENT DrWatson DiskQuota DidentD COM+ Ci Chkdsk Avg7UpdSvc Avg7Alrt AVG7 Autochk Application Management Apache Service Active Server Pages Application ; H+BEDV AntiVir FtpCtrs Folder Redirection File Deployment EventSystem ESENT DrWatson DiskQuota DidentD COM+ Ci Chkdsk Avg7UpdSvc Avg7Alrt AVG7 Autochk Application Management Apache Service Active Server Pages Application ; FtpCtrs Folder Redirection File Deployment EventSystem ESENT DrWatson DiskQuota DidentD COM+ Ci Chkdsk Avg7UpdSvc Avg7Alrt AVG7 Autochk Application Management Apache Service Active Server Pages Application ; Folder Redirection File Deployment EventSystem ESENT DrWatson DiskQuota DidentD COM+ Ci Chkdsk Avg7UpdSvc Avg7Alrt AVG7 Autochk Application Management Apache Service Active Server Pages Application ; File Deployment EventSystem ESENT DrWatson DiskQuota DidentD COM+ Ci Chkdsk Avg7UpdSvc Avg7Alrt AVG7 Autochk Application Management Apache Service Active Server Pages Application ; EventSystem ESENT DrWatson DiskQuota DidentD COM+ Ci Chkdsk Avg7UpdSvc Avg7Alrt AVG7 Autochk Application Management Apache Service Active Server Pages Application ; ESENT DrWatson DiskQuota DidentD COM+ Ci Chkdsk Avg7UpdSvc Avg7Alrt AVG7 Autochk Application Management Apache Service Active Server Pages Application ; DrWatson DiskQuota DidentD COM+ Ci Chkdsk Avg7UpdSvc Avg7Alrt AVG7 Autochk Application Management Apache Service Active Server Pages Application ; DiskQuota DidentD COM+ Ci Chkdsk Avg7UpdSvc Avg7Alrt AVG7 Autochk Application Management Apache Service Active Server Pages Application ; DidentD COM+ Ci Chkdsk Avg7UpdSvc Avg7Alrt AVG7 Autochk Application Management Apache Service Active Server Pages Application ; COM+ Ci Chkdsk Avg7UpdSvc Avg7Alrt AVG7 Autochk Application Management Apache Service Active Server Pages Application ; Ci Chkdsk Avg7UpdSvc Avg7Alrt AVG7 Autochk Application Management Apache Service Active Server Pages Application ; Chkdsk Avg7UpdSvc Avg7Alrt AVG7 Autochk Application Management Apache Service Active Server Pages Application ; Avg7UpdSvc Avg7Alrt AVG7 Autochk Application Management Apache Service Active Server Pages Application ; Avg7Alrt AVG7 Autochk Application Management Apache Service Active Server Pages Application ; AVG7 Autochk Application Management Apache Service Active Server Pages Application ; Autochk Application Management Apache Service Active Server Pages Application ; Application Management Apache Service Active Server Pages Application ; Apache Service Active Server Pages Application ; Active Server Pages Application ; Application ; "Sources"=hex(7):57,53,48,00,57,69,6e,4d,67,6d,74,00,57,69,6e,6c,6f,67,6f,6e,\ 00,57,69,6e,64,6f,77,73,20,33,2e,31,20,4d,69,67,72,61,74,69,6f,6e,00,57,33,\ 43,74,72,73,00,56,42,52,75,6e,74,69,6d,65,00,55,73,65,72,69,6e,69,74,00,55,\ 73,65,72,65,6e,76,00,54,6c,6e,74,73,76,72,00,53,79,73,6d,6f,6e,4c,6f,67,00,\ 53,70,6f,6f,6c,65,72,43,74,72,73,00,73,70,66,69,72,65,77,61,6c,6c,73,76,63,\ 00,53,6f,66,74,77,61,72,65,20,49,6e,73,74,61,6c,6c,61,74,69,6f,6e,00,53,63,\ 6c,67,4e,74,66,79,00,53,63,65,53,72,76,00,53,63,65,43,6c,69,00,50,6c,75,67,\ 50,6c,61,79,4d,61,6e,61,67,65,72,00,50,65,72,66,50,72,6f,63,00,50,65,72,66,\ 4f,53,00,50,65,72,66,4e,65,74,00,50,65,72,66,6d,6f,6e,00,50,65,72,66,6c,69,\ 62,00,50,65,72,66,44,69,73,6b,00,50,65,72,66,63,74,72,73,00,4f,66,66,6c,69,\ 6e,65,20,46,69,6c,65,73,00,4f,61,6b,6c,65,79,00,4e,74,62,61,63,6b,75,70,2e,\ 69,6e,69,00,6e,74,62,61,63,6b,75,70,00,4d,79,53,51,4c,00,4d,73,69,49,6e,73,\ 74,61,6c,6c,65,72,00,4d,53,44,54,43,20,43,6c,69,65,6e,74,00,4d,53,44,54,43,\ 00,6d,6e,6d,73,72,76,63,00,4c,6f,61,64,50,65,72,66,00,4c,69,63,65,6e,73,65,\ 53,65,72,76,69,63,65,00,49,50,53,45,43,50,6f,6c,69,63,79,53,74,6f,72,61,67,\ 65,00,49,49,53,49,6e,66,6f,43,74,72,73,00,49,49,53,41,44,4d,49,4e,00,49,45,\ 78,70,6c,6f,72,65,00,49,64,65,6e,74,64,00,48,54,54,50,45,58,54,00,68,70,6d,\ 6f,6e,00,48,2b,42,45,44,56,20,41,6e,74,69,56,69,72,00,46,74,70,43,74,72,73,\ 00,46,6f,6c,64,65,72,20,52,65,64,69,72,65,63,74,69,6f,6e,00,46,69,6c,65,20,\ 44,65,70,6c,6f,79,6d,65,6e,74,00,45,76,65,6e,74,53,79,73,74,65,6d,00,45,53,\ 45,4e,54,00,44,72,57,61,74,73,6f,6e,00,44,69,73,6b,51,75,6f,74,61,00,44,69,\ 64,65,6e,74,44,00,43,4f,4d,2b,00,43,69,00,43,68,6b,64,73,6b,00,41,76,67,37,\ 55,70,64,53,76,63,00,41,76,67,37,41,6c,72,74,00,41,56,47,37,00,41,75,74,6f,\ 63,68,6b,00,41,70,70,6c,69,63,61,74,69,6f,6e,20,4d,61,6e,61,67,65,6d,65,6e,\ 74,00,41,70,61,63,68,65,20,53,65,72,76,69,63,65,00,41,63,74,69,76,65,20,53,\ 65,72,76,65,72,20,50,61,67,65,73,00,41,70,70,6c,69,63,61,74,69,6f,6e,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\Application\DidentD] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\Application\DidentD] ; Contents of value: ; d:\identd\didentd.exe "EventMessageFile"=hex(2):44,3a,5c,49,64,65,6e,74,44,5c,64,69,64,65,6e,74,64,\ 2e,65,78,65,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\Application\Identd] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\Application\Identd] "EventMessageFile"="d:\\IdentD\\Identd.exe" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Identd] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Identd] ; Contents of value: ; d:\identd\identd.exe "ImagePath"=hex(2):64,3a,5c,49,64,65,6e,74,44,5c,49,64,65,6e,74,64,2e,65,78,65,\ 00 "DisplayName"="Identd" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Identd\Security] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_DIDENTD] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_DIDENTD\0000] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_DIDENTD\0000] "Service"="DidentD" "DeviceDesc"="DidentD" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_IDENTD] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_IDENTD\0000] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_IDENTD\0000] "Service"="Identd" "DeviceDesc"="Identd" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\atapi\Parameters] ; Contents of value: ; QUANTUM FIREBALL ; "NeedIdentDevice"=hex(7):51,55,41,4e,54,55,4d,20,46,49,52,45,42,41,4c,4c,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\DidentD] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\DidentD] ; Contents of value: ; d:\identd\didentd.exe "ImagePath"=hex(2):44,3a,5c,49,64,65,6e,74,44,5c,64,69,64,65,6e,74,64,2e,65,78,\ 65,00 "DisplayName"="DidentD" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\DidentD\Parameters] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\DidentD\Security] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\DidentD\Enum] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\DidentD\Enum] "0"="Root\\LEGACY_DIDENTD\\0000" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application] ; Contents of value: ; WSH ; WinMgmt Winl ; Winlogon Windows 3.1 ; Windows 3.1 Migration W3Ctrs VBRuntime User ; W3Ctrs VBRuntime Userinit Userenv Tlntsvr SysmonLo ; VBRuntime Userinit Userenv Tlntsvr SysmonLog SpoolerCtrs spf ; Userinit Userenv Tlntsvr SysmonLog SpoolerCtrs spfirewallsvc Software ; Userenv Tlntsvr SysmonLog SpoolerCtrs spfirewallsvc Software Installation Scl ; Tlntsvr SysmonLog SpoolerCtrs spfirewallsvc Software Installation SclgNtfy SceSrv Sce ; SysmonLog SpoolerCtrs spfirewallsvc Software Installation SclgNtfy SceSrv SceCli PlugPlayManage ; SpoolerCtrs spfirewallsvc Software Installation SclgNtfy SceSrv SceCli PlugPlayManager PerfProc PerfOS Perf ; spfirewallsvc Software Installation SclgNtfy SceSrv SceCli PlugPlayManager PerfProc PerfOS PerfNet Perfmon Perflib PerfDi ; Software Installation SclgNtfy SceSrv SceCli PlugPlayManager PerfProc PerfOS PerfNet Perfmon Perflib PerfDisk Perfctrs Offline Files Oakley Ntb ; SclgNtfy SceSrv SceCli PlugPlayManager PerfProc PerfOS PerfNet Perfmon Perflib PerfDisk Perfctrs Offline Files Oakley Ntbackup.ini ntbackup MySQL MsiIns ; SceSrv SceCli PlugPlayManager PerfProc PerfOS PerfNet Perfmon Perflib PerfDisk Perfctrs Offline Files Oakley Ntbackup.ini ntbackup MySQL MsiInstaller MSDTC Cli ; SceCli PlugPlayManager PerfProc PerfOS PerfNet Perfmon Perflib PerfDisk Perfctrs Offline Files Oakley Ntbackup.ini ntbackup MySQL MsiInstaller MSDTC Client MSDTC mnms ; PlugPlayManager PerfProc PerfOS PerfNet Perfmon Perflib PerfDisk Perfctrs Offline Files Oakley Ntbackup.ini ntbackup MySQL MsiInstaller MSDTC Client MSDTC mnmsrvc LoadPerf LicenseSer ; PerfProc PerfOS PerfNet Perfmon Perflib PerfDisk Perfctrs Offline Files Oakley Ntbackup.ini ntbackup MySQL MsiInstaller MSDTC Client MSDTC mnmsrvc LoadPerf LicenseService IPSECPolicyStorage I ; PerfOS PerfNet Perfmon Perflib PerfDisk Perfctrs Offline Files Oakley Ntbackup.ini ntbackup MySQL MsiInstaller MSDTC Client MSDTC mnmsrvc LoadPerf LicenseService IPSECPolicyStorage IISInfoCtrs IISAD ; PerfNet Perfmon Perflib PerfDisk Perfctrs Offline Files Oakley Ntbackup.ini ntbackup MySQL MsiInstaller MSDTC Client MSDTC mnmsrvc LoadPerf LicenseService IPSECPolicyStorage IISInfoCtrs IISADMIN IExplore Id ; Perfmon Perflib PerfDisk Perfctrs Offline Files Oakley Ntbackup.ini ntbackup MySQL MsiInstaller MSDTC Client MSDTC mnmsrvc LoadPerf LicenseService IPSECPolicyStorage IISInfoCtrs IISADMIN IExplore Identd HTTPEXT hpm ; Perflib PerfDisk Perfctrs Offline Files Oakley Ntbackup.ini ntbackup MySQL MsiInstaller MSDTC Client MSDTC mnmsrvc LoadPerf LicenseService IPSECPolicyStorage IISInfoCtrs IISADMIN IExplore Identd HTTPEXT hpmon H+BEDV AntiVi ; PerfDisk Perfctrs Offline Files Oakley Ntbackup.ini ntbackup MySQL MsiInstaller MSDTC Client MSDTC mnmsrvc LoadPerf LicenseService IPSECPolicyStorage IISInfoCtrs IISADMIN IExplore Identd HTTPEXT hpmon H+BEDV AntiVir FtpCtrs Folder ; Perfctrs Offline Files Oakley Ntbackup.ini ntbackup MySQL MsiInstaller MSDTC Client MSDTC mnmsrvc LoadPerf LicenseService IPSECPolicyStorage IISInfoCtrs IISADMIN IExplore Identd HTTPEXT hpmon H+BEDV AntiVir FtpCtrs Folder Redirection File D ; Offline Files Oakley Ntbackup.ini ntbackup MySQL MsiInstaller MSDTC Client MSDTC mnmsrvc LoadPerf LicenseService IPSECPolicyStorage IISInfoCtrs IISADMIN IExplore Identd HTTPEXT hpmon H+BEDV AntiVir FtpCtrs Folder Redirection File Deployment EventSystem E ; Oakley Ntbackup.ini ntbackup MySQL MsiInstaller MSDTC Client MSDTC mnmsrvc LoadPerf LicenseService IPSECPolicyStorage IISInfoCtrs IISADMIN IExplore Identd HTTPEXT hpmon H+BEDV AntiVir FtpCtrs Folder Redirection File Deployment EventSystem ESENT DrWatson DiskQuo ; Ntbackup.ini ntbackup MySQL MsiInstaller MSDTC Client MSDTC mnmsrvc LoadPerf LicenseService IPSECPolicyStorage IISInfoCtrs IISADMIN IExplore Identd HTTPEXT hpmon H+BEDV AntiVir FtpCtrs Folder Redirection File Deployment EventSystem ESENT DrWatson DiskQuota DidentD COM+ Ci C ; ntbackup MySQL MsiInstaller MSDTC Client MSDTC mnmsrvc LoadPerf LicenseService IPSECPolicyStorage IISInfoCtrs IISADMIN IExplore Identd HTTPEXT hpmon H+BEDV AntiVir FtpCtrs Folder Redirection File Deployment EventSystem ESENT DrWatson DiskQuota DidentD COM+ Ci Chkdsk Avg7UpdSvc Avg7A ; MySQL MsiInstaller MSDTC Client MSDTC mnmsrvc LoadPerf LicenseService IPSECPolicyStorage IISInfoCtrs IISADMIN IExplore Identd HTTPEXT hpmon H+BEDV AntiVir FtpCtrs Folder Redirection File Deployment EventSystem ESENT DrWatson DiskQuota DidentD COM+ Ci Chkdsk Avg7UpdSvc Avg7Alrt AVG7 Autoch ; MsiInstaller MSDTC Client MSDTC mnmsrvc LoadPerf LicenseService IPSECPolicyStorage IISInfoCtrs IISADMIN IExplore Identd HTTPEXT hpmon H+BEDV AntiVir FtpCtrs Folder Redirection File Deployment EventSystem ESENT DrWatson DiskQuota DidentD COM+ Ci Chkdsk Avg7UpdSvc Avg7Alrt AVG7 Autochk Application Manag ; MSDTC Client MSDTC mnmsrvc LoadPerf LicenseService IPSECPolicyStorage IISInfoCtrs IISADMIN IExplore Identd HTTPEXT hpmon H+BEDV AntiVir FtpCtrs Folder Redirection File Deployment EventSystem ESENT DrWatson DiskQuota DidentD COM+ Ci Chkdsk Avg7UpdSvc Avg7Alrt AVG7 Autochk Application Management Apache Service Activ ; MSDTC mnmsrvc LoadPerf LicenseService IPSECPolicyStorage IISInfoCtrs IISADMIN IExplore Identd HTTPEXT hpmon H+BEDV AntiVir FtpCtrs Folder Redirection File Deployment EventSystem ESENT DrWatson DiskQuota DidentD COM+ Ci Chkdsk Avg7UpdSvc Avg7Alrt AVG7 Autochk Application Management Apache Service Active Server Pages Appl ; mnmsrvc LoadPerf LicenseService IPSECPolicyStorage IISInfoCtrs IISADMIN IExplore Identd HTTPEXT hpmon H+BEDV AntiVir FtpCtrs Folder Redirection File Deployment EventSystem ESENT DrWatson DiskQuota DidentD COM+ Ci Chkdsk Avg7UpdSvc Avg7Alrt AVG7 Autochk Application Management Apache Service Active Server Pages Application ; LoadPerf LicenseService IPSECPolicyStorage IISInfoCtrs IISADMIN IExplore Identd HTTPEXT hpmon H+BEDV AntiVir FtpCtrs Folder Redirection File Deployment EventSystem ESENT DrWatson DiskQuota DidentD COM+ Ci Chkdsk Avg7UpdSvc Avg7Alrt AVG7 Autochk Application Management Apache Service Active Server Pages Application ; LicenseService IPSECPolicyStorage IISInfoCtrs IISADMIN IExplore Identd HTTPEXT hpmon H+BEDV AntiVir FtpCtrs Folder Redirection File Deployment EventSystem ESENT DrWatson DiskQuota DidentD COM+ Ci Chkdsk Avg7UpdSvc Avg7Alrt AVG7 Autochk Application Management Apache Service Active Server Pages Application ; IPSECPolicyStorage IISInfoCtrs IISADMIN IExplore Identd HTTPEXT hpmon H+BEDV AntiVir FtpCtrs Folder Redirection File Deployment EventSystem ESENT DrWatson DiskQuota DidentD COM+ Ci Chkdsk Avg7UpdSvc Avg7Alrt AVG7 Autochk Application Management Apache Service Active Server Pages Application ; IISInfoCtrs IISADMIN IExplore Identd HTTPEXT hpmon H+BEDV AntiVir FtpCtrs Folder Redirection File Deployment EventSystem ESENT DrWatson DiskQuota DidentD COM+ Ci Chkdsk Avg7UpdSvc Avg7Alrt AVG7 Autochk Application Management Apache Service Active Server Pages Application ; IISADMIN IExplore Identd HTTPEXT hpmon H+BEDV AntiVir FtpCtrs Folder Redirection File Deployment EventSystem ESENT DrWatson DiskQuota DidentD COM+ Ci Chkdsk Avg7UpdSvc Avg7Alrt AVG7 Autochk Application Management Apache Service Active Server Pages Application ; IExplore Identd HTTPEXT hpmon H+BEDV AntiVir FtpCtrs Folder Redirection File Deployment EventSystem ESENT DrWatson DiskQuota DidentD COM+ Ci Chkdsk Avg7UpdSvc Avg7Alrt AVG7 Autochk Application Management Apache Service Active Server Pages Application ; Identd HTTPEXT hpmon H+BEDV AntiVir FtpCtrs Folder Redirection File Deployment EventSystem ESENT DrWatson DiskQuota DidentD COM+ Ci Chkdsk Avg7UpdSvc Avg7Alrt AVG7 Autochk Application Management Apache Service Active Server Pages Application ; HTTPEXT hpmon H+BEDV AntiVir FtpCtrs Folder Redirection File Deployment EventSystem ESENT DrWatson DiskQuota DidentD COM+ Ci Chkdsk Avg7UpdSvc Avg7Alrt AVG7 Autochk Application Management Apache Service Active Server Pages Application ; hpmon H+BEDV AntiVir FtpCtrs Folder Redirection File Deployment EventSystem ESENT DrWatson DiskQuota DidentD COM+ Ci Chkdsk Avg7UpdSvc Avg7Alrt AVG7 Autochk Application Management Apache Service Active Server Pages Application ; H+BEDV AntiVir FtpCtrs Folder Redirection File Deployment EventSystem ESENT DrWatson DiskQuota DidentD COM+ Ci Chkdsk Avg7UpdSvc Avg7Alrt AVG7 Autochk Application Management Apache Service Active Server Pages Application ; FtpCtrs Folder Redirection File Deployment EventSystem ESENT DrWatson DiskQuota DidentD COM+ Ci Chkdsk Avg7UpdSvc Avg7Alrt AVG7 Autochk Application Management Apache Service Active Server Pages Application ; Folder Redirection File Deployment EventSystem ESENT DrWatson DiskQuota DidentD COM+ Ci Chkdsk Avg7UpdSvc Avg7Alrt AVG7 Autochk Application Management Apache Service Active Server Pages Application ; File Deployment EventSystem ESENT DrWatson DiskQuota DidentD COM+ Ci Chkdsk Avg7UpdSvc Avg7Alrt AVG7 Autochk Application Management Apache Service Active Server Pages Application ; EventSystem ESENT DrWatson DiskQuota DidentD COM+ Ci Chkdsk Avg7UpdSvc Avg7Alrt AVG7 Autochk Application Management Apache Service Active Server Pages Application ; ESENT DrWatson DiskQuota DidentD COM+ Ci Chkdsk Avg7UpdSvc Avg7Alrt AVG7 Autochk Application Management Apache Service Active Server Pages Application ; DrWatson DiskQuota DidentD COM+ Ci Chkdsk Avg7UpdSvc Avg7Alrt AVG7 Autochk Application Management Apache Service Active Server Pages Application ; DiskQuota DidentD COM+ Ci Chkdsk Avg7UpdSvc Avg7Alrt AVG7 Autochk Application Management Apache Service Active Server Pages Application ; DidentD COM+ Ci Chkdsk Avg7UpdSvc Avg7Alrt AVG7 Autochk Application Management Apache Service Active Server Pages Application ; COM+ Ci Chkdsk Avg7UpdSvc Avg7Alrt AVG7 Autochk Application Management Apache Service Active Server Pages Application ; Ci Chkdsk Avg7UpdSvc Avg7Alrt AVG7 Autochk Application Management Apache Service Active Server Pages Application ; Chkdsk Avg7UpdSvc Avg7Alrt AVG7 Autochk Application Management Apache Service Active Server Pages Application ; Avg7UpdSvc Avg7Alrt AVG7 Autochk Application Management Apache Service Active Server Pages Application ; Avg7Alrt AVG7 Autochk Application Management Apache Service Active Server Pages Application ; AVG7 Autochk Application Management Apache Service Active Server Pages Application ; Autochk Application Management Apache Service Active Server Pages Application ; Application Management Apache Service Active Server Pages Application ; Apache Service Active Server Pages Application ; Active Server Pages Application ; Application ; "Sources"=hex(7):57,53,48,00,57,69,6e,4d,67,6d,74,00,57,69,6e,6c,6f,67,6f,6e,\ 00,57,69,6e,64,6f,77,73,20,33,2e,31,20,4d,69,67,72,61,74,69,6f,6e,00,57,33,\ 43,74,72,73,00,56,42,52,75,6e,74,69,6d,65,00,55,73,65,72,69,6e,69,74,00,55,\ 73,65,72,65,6e,76,00,54,6c,6e,74,73,76,72,00,53,79,73,6d,6f,6e,4c,6f,67,00,\ 53,70,6f,6f,6c,65,72,43,74,72,73,00,73,70,66,69,72,65,77,61,6c,6c,73,76,63,\ 00,53,6f,66,74,77,61,72,65,20,49,6e,73,74,61,6c,6c,61,74,69,6f,6e,00,53,63,\ 6c,67,4e,74,66,79,00,53,63,65,53,72,76,00,53,63,65,43,6c,69,00,50,6c,75,67,\ 50,6c,61,79,4d,61,6e,61,67,65,72,00,50,65,72,66,50,72,6f,63,00,50,65,72,66,\ 4f,53,00,50,65,72,66,4e,65,74,00,50,65,72,66,6d,6f,6e,00,50,65,72,66,6c,69,\ 62,00,50,65,72,66,44,69,73,6b,00,50,65,72,66,63,74,72,73,00,4f,66,66,6c,69,\ 6e,65,20,46,69,6c,65,73,00,4f,61,6b,6c,65,79,00,4e,74,62,61,63,6b,75,70,2e,\ 69,6e,69,00,6e,74,62,61,63,6b,75,70,00,4d,79,53,51,4c,00,4d,73,69,49,6e,73,\ 74,61,6c,6c,65,72,00,4d,53,44,54,43,20,43,6c,69,65,6e,74,00,4d,53,44,54,43,\ 00,6d,6e,6d,73,72,76,63,00,4c,6f,61,64,50,65,72,66,00,4c,69,63,65,6e,73,65,\ 53,65,72,76,69,63,65,00,49,50,53,45,43,50,6f,6c,69,63,79,53,74,6f,72,61,67,\ 65,00,49,49,53,49,6e,66,6f,43,74,72,73,00,49,49,53,41,44,4d,49,4e,00,49,45,\ 78,70,6c,6f,72,65,00,49,64,65,6e,74,64,00,48,54,54,50,45,58,54,00,68,70,6d,\ 6f,6e,00,48,2b,42,45,44,56,20,41,6e,74,69,56,69,72,00,46,74,70,43,74,72,73,\ 00,46,6f,6c,64,65,72,20,52,65,64,69,72,65,63,74,69,6f,6e,00,46,69,6c,65,20,\ 44,65,70,6c,6f,79,6d,65,6e,74,00,45,76,65,6e,74,53,79,73,74,65,6d,00,45,53,\ 45,4e,54,00,44,72,57,61,74,73,6f,6e,00,44,69,73,6b,51,75,6f,74,61,00,44,69,\ 64,65,6e,74,44,00,43,4f,4d,2b,00,43,69,00,43,68,6b,64,73,6b,00,41,76,67,37,\ 55,70,64,53,76,63,00,41,76,67,37,41,6c,72,74,00,41,56,47,37,00,41,75,74,6f,\ 63,68,6b,00,41,70,70,6c,69,63,61,74,69,6f,6e,20,4d,61,6e,61,67,65,6d,65,6e,\ 74,00,41,70,61,63,68,65,20,53,65,72,76,69,63,65,00,41,63,74,69,76,65,20,53,\ 65,72,76,65,72,20,50,61,67,65,73,00,41,70,70,6c,69,63,61,74,69,6f,6e,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\DidentD] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\DidentD] ; Contents of value: ; d:\identd\didentd.exe "EventMessageFile"=hex(2):44,3a,5c,49,64,65,6e,74,44,5c,64,69,64,65,6e,74,64,\ 2e,65,78,65,00 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\Identd] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\Identd] "EventMessageFile"="d:\\IdentD\\Identd.exe" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Identd] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Identd] ; Contents of value: ; d:\identd\identd.exe "ImagePath"=hex(2):64,3a,5c,49,64,65,6e,74,44,5c,49,64,65,6e,74,64,2e,65,78,65,\ 00 "DisplayName"="Identd" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Identd\Security] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Identd\Enum] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Identd\Enum] "0"="Root\\LEGACY_IDENTD\\0000" [HKEY_USERS\S-1-5-21-1606980848-484763869-1343024091-500\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSaveMRU\chm] "a"="D:\\IdentD\\identd.chm" [HKEY_USERS\S-1-5-21-1606980848-484763869-1343024091-500\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSaveMRU\log] "a"="D:\\IdentD\\identdlog.log" [HKEY_USERS\S-1-5-21-1606980848-484763869-1343024091-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.log\OpenWithList] "b"="TinyIdentD.exe" [HKEY_USERS\S-1-5-21-1606980848-484763869-1343024091-500\Software\Tiny IdentD] [HKEY_USERS\S-1-5-21-1606980848-484763869-1343024091-500\Software\Tiny IdentD] "Logfile"="D:\\IdentD\\identdlog.log" [HKEY_USERS\S-1-5-21-1606980848-484763869-1343024091-500\Software\WinRAR\DialogEditHistory\ExtrPath] "12"="D:\\IdentD" ; End Of The Log... REGEDIT4 ; Registry Search 2.0 by Bobbi Flekman © 2005 ; Version: 2.0.1.0 ; Results at 19.08.2006 14:42:33 for strings: ; 'identd.exe' ; Strings excluded from search: ; (None) ; Search in: ; Registry Keys Registry Values Registry Data ; HKEY_LOCAL_MACHINE HKEY_USERS [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\Identd.exe] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\Identd.exe] @="D:\\IdentD\\identalt\\Identd.exe" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\DidentD] ; Contents of value: ; d:\identd\didentd.exe "ImagePath"=hex(2):44,3a,5c,49,64,65,6e,74,44,5c,64,69,64,65,6e,74,64,2e,65,78,\ 65,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\Application\DidentD] ; Contents of value: ; d:\identd\didentd.exe "EventMessageFile"=hex(2):44,3a,5c,49,64,65,6e,74,44,5c,64,69,64,65,6e,74,64,\ 2e,65,78,65,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\Application\Identd] "EventMessageFile"="d:\\IdentD\\Identd.exe" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Identd] ; Contents of value: ; d:\identd\identd.exe "ImagePath"=hex(2):64,3a,5c,49,64,65,6e,74,44,5c,49,64,65,6e,74,64,2e,65,78,65,\ 00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\DidentD] ; Contents of value: ; d:\identd\didentd.exe "ImagePath"=hex(2):44,3a,5c,49,64,65,6e,74,44,5c,64,69,64,65,6e,74,64,2e,65,78,\ 65,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\Application\DidentD] ; Contents of value: ; d:\identd\didentd.exe "EventMessageFile"=hex(2):44,3a,5c,49,64,65,6e,74,44,5c,64,69,64,65,6e,74,64,\ 2e,65,78,65,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\Application\Identd] "EventMessageFile"="d:\\IdentD\\Identd.exe" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Identd] ; Contents of value: ; d:\identd\identd.exe "ImagePath"=hex(2):64,3a,5c,49,64,65,6e,74,44,5c,49,64,65,6e,74,64,2e,65,78,65,\ 00 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\DidentD] ; Contents of value: ; d:\identd\didentd.exe "ImagePath"=hex(2):44,3a,5c,49,64,65,6e,74,44,5c,64,69,64,65,6e,74,64,2e,65,78,\ 65,00 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\DidentD] ; Contents of value: ; d:\identd\didentd.exe "EventMessageFile"=hex(2):44,3a,5c,49,64,65,6e,74,44,5c,64,69,64,65,6e,74,64,\ 2e,65,78,65,00 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\Identd] "EventMessageFile"="d:\\IdentD\\Identd.exe" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Identd] ; Contents of value: ; d:\identd\identd.exe "ImagePath"=hex(2):64,3a,5c,49,64,65,6e,74,44,5c,49,64,65,6e,74,64,2e,65,78,65,\ 00 [HKEY_USERS\S-1-5-21-1606980848-484763869-1343024091-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.log\OpenWithList] "b"="TinyIdentD.exe" ; End Of The Log... REGEDIT4 ; Registry Search 2.0 by Bobbi Flekman © 2005 ; Version: 2.0.1.0 ; Results at 19.08.2006 14:43:31 for strings: ; 'didentd' ; Strings excluded from search: ; (None) ; Search in: ; Registry Keys Registry Values Registry Data ; HKEY_LOCAL_MACHINE HKEY_USERS [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_DIDENTD] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_DIDENTD\0000] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_DIDENTD\0000] "Service"="DidentD" "DeviceDesc"="DidentD" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\atapi\Parameters] ; Contents of value: ; QUANTUM FIREBALL ; "NeedIdentDevice"=hex(7):51,55,41,4e,54,55,4d,20,46,49,52,45,42,41,4c,4c,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\DidentD] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\DidentD] ; Contents of value: ; d:\identd\didentd.exe "ImagePath"=hex(2):44,3a,5c,49,64,65,6e,74,44,5c,64,69,64,65,6e,74,64,2e,65,78,\ 65,00 "DisplayName"="DidentD" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\DidentD\Parameters] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\DidentD\Security] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\DidentD\Enum] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\DidentD\Enum] "0"="Root\\LEGACY_DIDENTD\\0000" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\Application] ; Contents of value: ; WSH ; WinMgmt Winl ; Winlogon Windows 3.1 ; Windows 3.1 Migration W3Ctrs VBRuntime User ; W3Ctrs VBRuntime Userinit Userenv Tlntsvr SysmonLo ; VBRuntime Userinit Userenv Tlntsvr SysmonLog SpoolerCtrs spf ; Userinit Userenv Tlntsvr SysmonLog SpoolerCtrs spfirewallsvc Software ; Userenv Tlntsvr SysmonLog SpoolerCtrs spfirewallsvc Software Installation Scl ; Tlntsvr SysmonLog SpoolerCtrs spfirewallsvc Software Installation SclgNtfy SceSrv Sce ; SysmonLog SpoolerCtrs spfirewallsvc Software Installation SclgNtfy SceSrv SceCli PlugPlayManage ; SpoolerCtrs spfirewallsvc Software Installation SclgNtfy SceSrv SceCli PlugPlayManager PerfProc PerfOS Perf ; spfirewallsvc Software Installation SclgNtfy SceSrv SceCli PlugPlayManager PerfProc PerfOS PerfNet Perfmon Perflib PerfDi ; Software Installation SclgNtfy SceSrv SceCli PlugPlayManager PerfProc PerfOS PerfNet Perfmon Perflib PerfDisk Perfctrs Offline Files Oakley Ntb ; SclgNtfy SceSrv SceCli PlugPlayManager PerfProc PerfOS PerfNet Perfmon Perflib PerfDisk Perfctrs Offline Files Oakley Ntbackup.ini ntbackup MySQL MsiIns ; SceSrv SceCli PlugPlayManager PerfProc PerfOS PerfNet Perfmon Perflib PerfDisk Perfctrs Offline Files Oakley Ntbackup.ini ntbackup MySQL MsiInstaller MSDTC Cli ; SceCli PlugPlayManager PerfProc PerfOS PerfNet Perfmon Perflib PerfDisk Perfctrs Offline Files Oakley Ntbackup.ini ntbackup MySQL MsiInstaller MSDTC Client MSDTC mnms ; PlugPlayManager PerfProc PerfOS PerfNet Perfmon Perflib PerfDisk Perfctrs Offline Files Oakley Ntbackup.ini ntbackup MySQL MsiInstaller MSDTC Client MSDTC mnmsrvc LoadPerf LicenseSer ; PerfProc PerfOS PerfNet Perfmon Perflib PerfDisk Perfctrs Offline Files Oakley Ntbackup.ini ntbackup MySQL MsiInstaller MSDTC Client MSDTC mnmsrvc LoadPerf LicenseService IPSECPolicyStorage I ; PerfOS PerfNet Perfmon Perflib PerfDisk Perfctrs Offline Files Oakley Ntbackup.ini ntbackup MySQL MsiInstaller MSDTC Client MSDTC mnmsrvc LoadPerf LicenseService IPSECPolicyStorage IISInfoCtrs IISAD ; PerfNet Perfmon Perflib PerfDisk Perfctrs Offline Files Oakley Ntbackup.ini ntbackup MySQL MsiInstaller MSDTC Client MSDTC mnmsrvc LoadPerf LicenseService IPSECPolicyStorage IISInfoCtrs IISADMIN IExplore Id ; Perfmon Perflib PerfDisk Perfctrs Offline Files Oakley Ntbackup.ini ntbackup MySQL MsiInstaller MSDTC Client MSDTC mnmsrvc LoadPerf LicenseService IPSECPolicyStorage IISInfoCtrs IISADMIN IExplore Identd HTTPEXT hpm ; Perflib PerfDisk Perfctrs Offline Files Oakley Ntbackup.ini ntbackup MySQL MsiInstaller MSDTC Client MSDTC mnmsrvc LoadPerf LicenseService IPSECPolicyStorage IISInfoCtrs IISADMIN IExplore Identd HTTPEXT hpmon H+BEDV AntiVi ; PerfDisk Perfctrs Offline Files Oakley Ntbackup.ini ntbackup MySQL MsiInstaller MSDTC Client MSDTC mnmsrvc LoadPerf LicenseService IPSECPolicyStorage IISInfoCtrs IISADMIN IExplore Identd HTTPEXT hpmon H+BEDV AntiVir FtpCtrs Folder ; Perfctrs Offline Files Oakley Ntbackup.ini ntbackup MySQL MsiInstaller MSDTC Client MSDTC mnmsrvc LoadPerf LicenseService IPSECPolicyStorage IISInfoCtrs IISADMIN IExplore Identd HTTPEXT hpmon H+BEDV AntiVir FtpCtrs Folder Redirection File D ; Offline Files Oakley Ntbackup.ini ntbackup MySQL MsiInstaller MSDTC Client MSDTC mnmsrvc LoadPerf LicenseService IPSECPolicyStorage IISInfoCtrs IISADMIN IExplore Identd HTTPEXT hpmon H+BEDV AntiVir FtpCtrs Folder Redirection File Deployment EventSystem E ; Oakley Ntbackup.ini ntbackup MySQL MsiInstaller MSDTC Client MSDTC mnmsrvc LoadPerf LicenseService IPSECPolicyStorage IISInfoCtrs IISADMIN IExplore Identd HTTPEXT hpmon H+BEDV AntiVir FtpCtrs Folder Redirection File Deployment EventSystem ESENT DrWatson DiskQuo ; Ntbackup.ini ntbackup MySQL MsiInstaller MSDTC Client MSDTC mnmsrvc LoadPerf LicenseService IPSECPolicyStorage IISInfoCtrs IISADMIN IExplore Identd HTTPEXT hpmon H+BEDV AntiVir FtpCtrs Folder Redirection File Deployment EventSystem ESENT DrWatson DiskQuota DidentD COM+ Ci C ; ntbackup MySQL MsiInstaller MSDTC Client MSDTC mnmsrvc LoadPerf LicenseService IPSECPolicyStorage IISInfoCtrs IISADMIN IExplore Identd HTTPEXT hpmon H+BEDV AntiVir FtpCtrs Folder Redirection File Deployment EventSystem ESENT DrWatson DiskQuota DidentD COM+ Ci Chkdsk Avg7UpdSvc Avg7A ; MySQL MsiInstaller MSDTC Client MSDTC mnmsrvc LoadPerf LicenseService IPSECPolicyStorage IISInfoCtrs IISADMIN IExplore Identd HTTPEXT hpmon H+BEDV AntiVir FtpCtrs Folder Redirection File Deployment EventSystem ESENT DrWatson DiskQuota DidentD COM+ Ci Chkdsk Avg7UpdSvc Avg7Alrt AVG7 Autoch ; MsiInstaller MSDTC Client MSDTC mnmsrvc LoadPerf LicenseService IPSECPolicyStorage IISInfoCtrs IISADMIN IExplore Identd HTTPEXT hpmon H+BEDV AntiVir FtpCtrs Folder Redirection File Deployment EventSystem ESENT DrWatson DiskQuota DidentD COM+ Ci Chkdsk Avg7UpdSvc Avg7Alrt AVG7 Autochk Application Manag ; MSDTC Client MSDTC mnmsrvc LoadPerf LicenseService IPSECPolicyStorage IISInfoCtrs IISADMIN IExplore Identd HTTPEXT hpmon H+BEDV AntiVir FtpCtrs Folder Redirection File Deployment EventSystem ESENT DrWatson DiskQuota DidentD COM+ Ci Chkdsk Avg7UpdSvc Avg7Alrt AVG7 Autochk Application Management Apache Service Activ ; MSDTC mnmsrvc LoadPerf LicenseService IPSECPolicyStorage IISInfoCtrs IISADMIN IExplore Identd HTTPEXT hpmon H+BEDV AntiVir FtpCtrs Folder Redirection File Deployment EventSystem ESENT DrWatson DiskQuota DidentD COM+ Ci Chkdsk Avg7UpdSvc Avg7Alrt AVG7 Autochk Application Management Apache Service Active Server Pages Appl ; mnmsrvc LoadPerf LicenseService IPSECPolicyStorage IISInfoCtrs IISADMIN IExplore Identd HTTPEXT hpmon H+BEDV AntiVir FtpCtrs Folder Redirection File Deployment EventSystem ESENT DrWatson DiskQuota DidentD COM+ Ci Chkdsk Avg7UpdSvc Avg7Alrt AVG7 Autochk Application Management Apache Service Active Server Pages Application ; LoadPerf LicenseService IPSECPolicyStorage IISInfoCtrs IISADMIN IExplore Identd HTTPEXT hpmon H+BEDV AntiVir FtpCtrs Folder Redirection File Deployment EventSystem ESENT DrWatson DiskQuota DidentD COM+ Ci Chkdsk Avg7UpdSvc Avg7Alrt AVG7 Autochk Application Management Apache Service Active Server Pages Application ; LicenseService IPSECPolicyStorage IISInfoCtrs IISADMIN IExplore Identd HTTPEXT hpmon H+BEDV AntiVir FtpCtrs Folder Redirection File Deployment EventSystem ESENT DrWatson DiskQuota DidentD COM+ Ci Chkdsk Avg7UpdSvc Avg7Alrt AVG7 Autochk Application Management Apache Service Active Server Pages Application ; IPSECPolicyStorage IISInfoCtrs IISADMIN IExplore Identd HTTPEXT hpmon H+BEDV AntiVir FtpCtrs Folder Redirection File Deployment EventSystem ESENT DrWatson DiskQuota DidentD COM+ Ci Chkdsk Avg7UpdSvc Avg7Alrt AVG7 Autochk Application Management Apache Service Active Server Pages Application ; IISInfoCtrs IISADMIN IExplore Identd HTTPEXT hpmon H+BEDV AntiVir FtpCtrs Folder Redirection File Deployment EventSystem ESENT DrWatson DiskQuota DidentD COM+ Ci Chkdsk Avg7UpdSvc Avg7Alrt AVG7 Autochk Application Management Apache Service Active Server Pages Application ; IISADMIN IExplore Identd HTTPEXT hpmon H+BEDV AntiVir FtpCtrs Folder Redirection File Deployment EventSystem ESENT DrWatson DiskQuota DidentD COM+ Ci Chkdsk Avg7UpdSvc Avg7Alrt AVG7 Autochk Application Management Apache Service Active Server Pages Application ; IExplore Identd HTTPEXT hpmon H+BEDV AntiVir FtpCtrs Folder Redirection File Deployment EventSystem ESENT DrWatson DiskQuota DidentD COM+ Ci Chkdsk Avg7UpdSvc Avg7Alrt AVG7 Autochk Application Management Apache Service Active Server Pages Application ; Identd HTTPEXT hpmon H+BEDV AntiVir FtpCtrs Folder Redirection File Deployment EventSystem ESENT DrWatson DiskQuota DidentD COM+ Ci Chkdsk Avg7UpdSvc Avg7Alrt AVG7 Autochk Application Management Apache Service Active Server Pages Application ; HTTPEXT hpmon H+BEDV AntiVir FtpCtrs Folder Redirection File Deployment EventSystem ESENT DrWatson DiskQuota DidentD COM+ Ci Chkdsk Avg7UpdSvc Avg7Alrt AVG7 Autochk Application Management Apache Service Active Server Pages Application ; hpmon H+BEDV AntiVir FtpCtrs Folder Redirection File Deployment EventSystem ESENT DrWatson DiskQuota DidentD COM+ Ci Chkdsk Avg7UpdSvc Avg7Alrt AVG7 Autochk Application Management Apache Service Active Server Pages Application ; H+BEDV AntiVir FtpCtrs Folder Redirection File Deployment EventSystem ESENT DrWatson DiskQuota DidentD COM+ Ci Chkdsk Avg7UpdSvc Avg7Alrt AVG7 Autochk Application Management Apache Service Active Server Pages Application ; FtpCtrs Folder Redirection File Deployment EventSystem ESENT DrWatson DiskQuota DidentD COM+ Ci Chkdsk Avg7UpdSvc Avg7Alrt AVG7 Autochk Application Management Apache Service Active Server Pages Application ; Folder Redirection File Deployment EventSystem ESENT DrWatson DiskQuota DidentD COM+ Ci Chkdsk Avg7UpdSvc Avg7Alrt AVG7 Autochk Application Management Apache Service Active Server Pages Application ; File Deployment EventSystem ESENT DrWatson DiskQuota DidentD COM+ Ci Chkdsk Avg7UpdSvc Avg7Alrt AVG7 Autochk Application Management Apache Service Active Server Pages Application ; EventSystem ESENT DrWatson DiskQuota DidentD COM+ Ci Chkdsk Avg7UpdSvc Avg7Alrt AVG7 Autochk Application Management Apache Service Active Server Pages Application ; ESENT DrWatson DiskQuota DidentD COM+ Ci Chkdsk Avg7UpdSvc Avg7Alrt AVG7 Autochk Application Management Apache Service Active Server Pages Application ; DrWatson DiskQuota DidentD COM+ Ci Chkdsk Avg7UpdSvc Avg7Alrt AVG7 Autochk Application Management Apache Service Active Server Pages Application ; DiskQuota DidentD COM+ Ci Chkdsk Avg7UpdSvc Avg7Alrt AVG7 Autochk Application Management Apache Service Active Server Pages Application ; DidentD COM+ Ci Chkdsk Avg7UpdSvc Avg7Alrt AVG7 Autochk Application Management Apache Service Active Server Pages Application ; COM+ Ci Chkdsk Avg7UpdSvc Avg7Alrt AVG7 Autochk Application Management Apache Service Active Server Pages Application ; Ci Chkdsk Avg7UpdSvc Avg7Alrt AVG7 Autochk Application Management Apache Service Active Server Pages Application ; Chkdsk Avg7UpdSvc Avg7Alrt AVG7 Autochk Application Management Apache Service Active Server Pages Application ; Avg7UpdSvc Avg7Alrt AVG7 Autochk Application Management Apache Service Active Server Pages Application ; Avg7Alrt AVG7 Autochk Application Management Apache Service Active Server Pages Application ; AVG7 Autochk Application Management Apache Service Active Server Pages Application ; Autochk Application Management Apache Service Active Server Pages Application ; Application Management Apache Service Active Server Pages Application ; Apache Service Active Server Pages Application ; Active Server Pages Application ; Application ; "Sources"=hex(7):57,53,48,00,57,69,6e,4d,67,6d,74,00,57,69,6e,6c,6f,67,6f,6e,\ 00,57,69,6e,64,6f,77,73,20,33,2e,31,20,4d,69,67,72,61,74,69,6f,6e,00,57,33,\ 43,74,72,73,00,56,42,52,75,6e,74,69,6d,65,00,55,73,65,72,69,6e,69,74,00,55,\ 73,65,72,65,6e,76,00,54,6c,6e,74,73,76,72,00,53,79,73,6d,6f,6e,4c,6f,67,00,\ 53,70,6f,6f,6c,65,72,43,74,72,73,00,73,70,66,69,72,65,77,61,6c,6c,73,76,63,\ 00,53,6f,66,74,77,61,72,65,20,49,6e,73,74,61,6c,6c,61,74,69,6f,6e,00,53,63,\ 6c,67,4e,74,66,79,00,53,63,65,53,72,76,00,53,63,65,43,6c,69,00,50,6c,75,67,\ 50,6c,61,79,4d,61,6e,61,67,65,72,00,50,65,72,66,50,72,6f,63,00,50,65,72,66,\ 4f,53,00,50,65,72,66,4e,65,74,00,50,65,72,66,6d,6f,6e,00,50,65,72,66,6c,69,\ 62,00,50,65,72,66,44,69,73,6b,00,50,65,72,66,63,74,72,73,00,4f,66,66,6c,69,\ 6e,65,20,46,69,6c,65,73,00,4f,61,6b,6c,65,79,00,4e,74,62,61,63,6b,75,70,2e,\ 69,6e,69,00,6e,74,62,61,63,6b,75,70,00,4d,79,53,51,4c,00,4d,73,69,49,6e,73,\ 74,61,6c,6c,65,72,00,4d,53,44,54,43,20,43,6c,69,65,6e,74,00,4d,53,44,54,43,\ 00,6d,6e,6d,73,72,76,63,00,4c,6f,61,64,50,65,72,66,00,4c,69,63,65,6e,73,65,\ 53,65,72,76,69,63,65,00,49,50,53,45,43,50,6f,6c,69,63,79,53,74,6f,72,61,67,\ 65,00,49,49,53,49,6e,66,6f,43,74,72,73,00,49,49,53,41,44,4d,49,4e,00,49,45,\ 78,70,6c,6f,72,65,00,49,64,65,6e,74,64,00,48,54,54,50,45,58,54,00,68,70,6d,\ 6f,6e,00,48,2b,42,45,44,56,20,41,6e,74,69,56,69,72,00,46,74,70,43,74,72,73,\ 00,46,6f,6c,64,65,72,20,52,65,64,69,72,65,63,74,69,6f,6e,00,46,69,6c,65,20,\ 44,65,70,6c,6f,79,6d,65,6e,74,00,45,76,65,6e,74,53,79,73,74,65,6d,00,45,53,\ 45,4e,54,00,44,72,57,61,74,73,6f,6e,00,44,69,73,6b,51,75,6f,74,61,00,44,69,\ 64,65,6e,74,44,00,43,4f,4d,2b,00,43,69,00,43,68,6b,64,73,6b,00,41,76,67,37,\ 55,70,64,53,76,63,00,41,76,67,37,41,6c,72,74,00,41,56,47,37,00,41,75,74,6f,\ 63,68,6b,00,41,70,70,6c,69,63,61,74,69,6f,6e,20,4d,61,6e,61,67,65,6d,65,6e,\ 74,00,41,70,61,63,68,65,20,53,65,72,76,69,63,65,00,41,63,74,69,76,65,20,53,\ 65,72,76,65,72,20,50,61,67,65,73,00,41,70,70,6c,69,63,61,74,69,6f,6e,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\Application\DidentD] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\Application\DidentD] ; Contents of value: ; d:\identd\didentd.exe "EventMessageFile"=hex(2):44,3a,5c,49,64,65,6e,74,44,5c,64,69,64,65,6e,74,64,\ 2e,65,78,65,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_DIDENTD] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_DIDENTD\0000] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_DIDENTD\0000] "Service"="DidentD" "DeviceDesc"="DidentD" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\atapi\Parameters] ; Contents of value: ; QUANTUM FIREBALL ; "NeedIdentDevice"=hex(7):51,55,41,4e,54,55,4d,20,46,49,52,45,42,41,4c,4c,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\DidentD] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\DidentD] ; Contents of value: ; d:\identd\didentd.exe "ImagePath"=hex(2):44,3a,5c,49,64,65,6e,74,44,5c,64,69,64,65,6e,74,64,2e,65,78,\ 65,00 "DisplayName"="DidentD" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\DidentD\Parameters] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\DidentD\Security] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\Application] ; Contents of value: ; WSH ; WinMgmt Winl ; Winlogon Windows 3.1 ; Windows 3.1 Migration W3Ctrs VBRuntime User ; W3Ctrs VBRuntime Userinit Userenv Tlntsvr SysmonLo ; VBRuntime Userinit Userenv Tlntsvr SysmonLog SpoolerCtrs spf ; Userinit Userenv Tlntsvr SysmonLog SpoolerCtrs spfirewallsvc Software ; Userenv Tlntsvr SysmonLog SpoolerCtrs spfirewallsvc Software Installation Scl ; Tlntsvr SysmonLog SpoolerCtrs spfirewallsvc Software Installation SclgNtfy SceSrv Sce ; SysmonLog SpoolerCtrs spfirewallsvc Software Installation SclgNtfy SceSrv SceCli PlugPlayManage ; SpoolerCtrs spfirewallsvc Software Installation SclgNtfy SceSrv SceCli PlugPlayManager PerfProc PerfOS Perf ; spfirewallsvc Software Installation SclgNtfy SceSrv SceCli PlugPlayManager PerfProc PerfOS PerfNet Perfmon Perflib PerfDi ; Software Installation SclgNtfy SceSrv SceCli PlugPlayManager PerfProc PerfOS PerfNet Perfmon Perflib PerfDisk Perfctrs Offline Files Oakley Ntb ; SclgNtfy SceSrv SceCli PlugPlayManager PerfProc PerfOS PerfNet Perfmon Perflib PerfDisk Perfctrs Offline Files Oakley Ntbackup.ini ntbackup MySQL MsiIns ; SceSrv SceCli PlugPlayManager PerfProc PerfOS PerfNet Perfmon Perflib PerfDisk Perfctrs Offline Files Oakley Ntbackup.ini ntbackup MySQL MsiInstaller MSDTC Cli ; SceCli PlugPlayManager PerfProc PerfOS PerfNet Perfmon Perflib PerfDisk Perfctrs Offline Files Oakley Ntbackup.ini ntbackup MySQL MsiInstaller MSDTC Client MSDTC mnms ; PlugPlayManager PerfProc PerfOS PerfNet Perfmon Perflib PerfDisk Perfctrs Offline Files Oakley Ntbackup.ini ntbackup MySQL MsiInstaller MSDTC Client MSDTC mnmsrvc LoadPerf LicenseSer ; PerfProc PerfOS PerfNet Perfmon Perflib PerfDisk Perfctrs Offline Files Oakley Ntbackup.ini ntbackup MySQL MsiInstaller MSDTC Client MSDTC mnmsrvc LoadPerf LicenseService IPSECPolicyStorage I ; PerfOS PerfNet Perfmon Perflib PerfDisk Perfctrs Offline Files Oakley Ntbackup.ini ntbackup MySQL MsiInstaller MSDTC Client MSDTC mnmsrvc LoadPerf LicenseService IPSECPolicyStorage IISInfoCtrs IISAD ; PerfNet Perfmon Perflib PerfDisk Perfctrs Offline Files Oakley Ntbackup.ini ntbackup MySQL MsiInstaller MSDTC Client MSDTC mnmsrvc LoadPerf LicenseService IPSECPolicyStorage IISInfoCtrs IISADMIN IExplore Id ; Perfmon Perflib PerfDisk Perfctrs Offline Files Oakley Ntbackup.ini ntbackup MySQL MsiInstaller MSDTC Client MSDTC mnmsrvc LoadPerf LicenseService IPSECPolicyStorage IISInfoCtrs IISADMIN IExplore Identd HTTPEXT hpm ; Perflib PerfDisk Perfctrs Offline Files Oakley Ntbackup.ini ntbackup MySQL MsiInstaller MSDTC Client MSDTC mnmsrvc LoadPerf LicenseService IPSECPolicyStorage IISInfoCtrs IISADMIN IExplore Identd HTTPEXT hpmon H+BEDV AntiVi ; PerfDisk Perfctrs Offline Files Oakley Ntbackup.ini ntbackup MySQL MsiInstaller MSDTC Client MSDTC mnmsrvc LoadPerf LicenseService IPSECPolicyStorage IISInfoCtrs IISADMIN IExplore Identd HTTPEXT hpmon H+BEDV AntiVir FtpCtrs Folder ; Perfctrs Offline Files Oakley Ntbackup.ini ntbackup MySQL MsiInstaller MSDTC Client MSDTC mnmsrvc LoadPerf LicenseService IPSECPolicyStorage IISInfoCtrs IISADMIN IExplore Identd HTTPEXT hpmon H+BEDV AntiVir FtpCtrs Folder Redirection File D ; Offline Files Oakley Ntbackup.ini ntbackup MySQL MsiInstaller MSDTC Client MSDTC mnmsrvc LoadPerf LicenseService IPSECPolicyStorage IISInfoCtrs IISADMIN IExplore Identd HTTPEXT hpmon H+BEDV AntiVir FtpCtrs Folder Redirection File Deployment EventSystem E ; Oakley Ntbackup.ini ntbackup MySQL MsiInstaller MSDTC Client MSDTC mnmsrvc LoadPerf LicenseService IPSECPolicyStorage IISInfoCtrs IISADMIN IExplore Identd HTTPEXT hpmon H+BEDV AntiVir FtpCtrs Folder Redirection File Deployment EventSystem ESENT DrWatson DiskQuo ; Ntbackup.ini ntbackup MySQL MsiInstaller MSDTC Client MSDTC mnmsrvc LoadPerf LicenseService IPSECPolicyStorage IISInfoCtrs IISADMIN IExplore Identd HTTPEXT hpmon H+BEDV AntiVir FtpCtrs Folder Redirection File Deployment EventSystem ESENT DrWatson DiskQuota DidentD COM+ Ci C ; ntbackup MySQL MsiInstaller MSDTC Client MSDTC mnmsrvc LoadPerf LicenseService IPSECPolicyStorage IISInfoCtrs IISADMIN IExplore Identd HTTPEXT hpmon H+BEDV AntiVir FtpCtrs Folder Redirection File Deployment EventSystem ESENT DrWatson DiskQuota DidentD COM+ Ci Chkdsk Avg7UpdSvc Avg7A ; MySQL MsiInstaller MSDTC Client MSDTC mnmsrvc LoadPerf LicenseService IPSECPolicyStorage IISInfoCtrs IISADMIN IExplore Identd HTTPEXT hpmon H+BEDV AntiVir FtpCtrs Folder Redirection File Deployment EventSystem ESENT DrWatson DiskQuota DidentD COM+ Ci Chkdsk Avg7UpdSvc Avg7Alrt AVG7 Autoch ; MsiInstaller MSDTC Client MSDTC mnmsrvc LoadPerf LicenseService IPSECPolicyStorage IISInfoCtrs IISADMIN IExplore Identd HTTPEXT hpmon H+BEDV AntiVir FtpCtrs Folder Redirection File Deployment EventSystem ESENT DrWatson DiskQuota DidentD COM+ Ci Chkdsk Avg7UpdSvc Avg7Alrt AVG7 Autochk Application Manag ; MSDTC Client MSDTC mnmsrvc LoadPerf LicenseService IPSECPolicyStorage IISInfoCtrs IISADMIN IExplore Identd HTTPEXT hpmon H+BEDV AntiVir FtpCtrs Folder Redirection File Deployment EventSystem ESENT DrWatson DiskQuota DidentD COM+ Ci Chkdsk Avg7UpdSvc Avg7Alrt AVG7 Autochk Application Management Apache Service Activ ; MSDTC mnmsrvc LoadPerf LicenseService IPSECPolicyStorage IISInfoCtrs IISADMIN IExplore Identd HTTPEXT hpmon H+BEDV AntiVir FtpCtrs Folder Redirection File Deployment EventSystem ESENT DrWatson DiskQuota DidentD COM+ Ci Chkdsk Avg7UpdSvc Avg7Alrt AVG7 Autochk Application Management Apache Service Active Server Pages Appl ; mnmsrvc LoadPerf LicenseService IPSECPolicyStorage IISInfoCtrs IISADMIN IExplore Identd HTTPEXT hpmon H+BEDV AntiVir FtpCtrs Folder Redirection File Deployment EventSystem ESENT DrWatson DiskQuota DidentD COM+ Ci Chkdsk Avg7UpdSvc Avg7Alrt AVG7 Autochk Application Management Apache Service Active Server Pages Application ; LoadPerf LicenseService IPSECPolicyStorage IISInfoCtrs IISADMIN IExplore Identd HTTPEXT hpmon H+BEDV AntiVir FtpCtrs Folder Redirection File Deployment EventSystem ESENT DrWatson DiskQuota DidentD COM+ Ci Chkdsk Avg7UpdSvc Avg7Alrt AVG7 Autochk Application Management Apache Service Active Server Pages Application ; LicenseService IPSECPolicyStorage IISInfoCtrs IISADMIN IExplore Identd HTTPEXT hpmon H+BEDV AntiVir FtpCtrs Folder Redirection File Deployment EventSystem ESENT DrWatson DiskQuota DidentD COM+ Ci Chkdsk Avg7UpdSvc Avg7Alrt AVG7 Autochk Application Management Apache Service Active Server Pages Application ; IPSECPolicyStorage IISInfoCtrs IISADMIN IExplore Identd HTTPEXT hpmon H+BEDV AntiVir FtpCtrs Folder Redirection File Deployment EventSystem ESENT DrWatson DiskQuota DidentD COM+ Ci Chkdsk Avg7UpdSvc Avg7Alrt AVG7 Autochk Application Management Apache Service Active Server Pages Application ; IISInfoCtrs IISADMIN IExplore Identd HTTPEXT hpmon H+BEDV AntiVir FtpCtrs Folder Redirection File Deployment EventSystem ESENT DrWatson DiskQuota DidentD COM+ Ci Chkdsk Avg7UpdSvc Avg7Alrt AVG7 Autochk Application Management Apache Service Active Server Pages Application ; IISADMIN IExplore Identd HTTPEXT hpmon H+BEDV AntiVir FtpCtrs Folder Redirection File Deployment EventSystem ESENT DrWatson DiskQuota DidentD COM+ Ci Chkdsk Avg7UpdSvc Avg7Alrt AVG7 Autochk Application Management Apache Service Active Server Pages Application ; IExplore Identd HTTPEXT hpmon H+BEDV AntiVir FtpCtrs Folder Redirection File Deployment EventSystem ESENT DrWatson DiskQuota DidentD COM+ Ci Chkdsk Avg7UpdSvc Avg7Alrt AVG7 Autochk Application Management Apache Service Active Server Pages Application ; Identd HTTPEXT hpmon H+BEDV AntiVir FtpCtrs Folder Redirection File Deployment EventSystem ESENT DrWatson DiskQuota DidentD COM+ Ci Chkdsk Avg7UpdSvc Avg7Alrt AVG7 Autochk Application Management Apache Service Active Server Pages Application ; HTTPEXT hpmon H+BEDV AntiVir FtpCtrs Folder Redirection File Deployment EventSystem ESENT DrWatson DiskQuota DidentD COM+ Ci Chkdsk Avg7UpdSvc Avg7Alrt AVG7 Autochk Application Management Apache Service Active Server Pages Application ; hpmon H+BEDV AntiVir FtpCtrs Folder Redirection File Deployment EventSystem ESENT DrWatson DiskQuota DidentD COM+ Ci Chkdsk Avg7UpdSvc Avg7Alrt AVG7 Autochk Application Management Apache Service Active Server Pages Application ; H+BEDV AntiVir FtpCtrs Folder Redirection File Deployment EventSystem ESENT DrWatson DiskQuota DidentD COM+ Ci Chkdsk Avg7UpdSvc Avg7Alrt AVG7 Autochk Application Management Apache Service Active Server Pages Application ; FtpCtrs Folder Redirection File Deployment EventSystem ESENT DrWatson DiskQuota DidentD COM+ Ci Chkdsk Avg7UpdSvc Avg7Alrt AVG7 Autochk Application Management Apache Service Active Server Pages Application ; Folder Redirection File Deployment EventSystem ESENT DrWatson DiskQuota DidentD COM+ Ci Chkdsk Avg7UpdSvc Avg7Alrt AVG7 Autochk Application Management Apache Service Active Server Pages Application ; File Deployment EventSystem ESENT DrWatson DiskQuota DidentD COM+ Ci Chkdsk Avg7UpdSvc Avg7Alrt AVG7 Autochk Application Management Apache Service Active Server Pages Application ; EventSystem ESENT DrWatson DiskQuota DidentD COM+ Ci Chkdsk Avg7UpdSvc Avg7Alrt AVG7 Autochk Application Management Apache Service Active Server Pages Application ; ESENT DrWatson DiskQuota DidentD COM+ Ci Chkdsk Avg7UpdSvc Avg7Alrt AVG7 Autochk Application Management Apache Service Active Server Pages Application ; DrWatson DiskQuota DidentD COM+ Ci Chkdsk Avg7UpdSvc Avg7Alrt AVG7 Autochk Application Management Apache Service Active Server Pages Application ; DiskQuota DidentD COM+ Ci Chkdsk Avg7UpdSvc Avg7Alrt AVG7 Autochk Application Management Apache Service Active Server Pages Application ; DidentD COM+ Ci Chkdsk Avg7UpdSvc Avg7Alrt AVG7 Autochk Application Management Apache Service Active Server Pages Application ; COM+ Ci Chkdsk Avg7UpdSvc Avg7Alrt AVG7 Autochk Application Management Apache Service Active Server Pages Application ; Ci Chkdsk Avg7UpdSvc Avg7Alrt AVG7 Autochk Application Management Apache Service Active Server Pages Application ; Chkdsk Avg7UpdSvc Avg7Alrt AVG7 Autochk Application Management Apache Service Active Server Pages Application ; Avg7UpdSvc Avg7Alrt AVG7 Autochk Application Management Apache Service Active Server Pages Application ; Avg7Alrt AVG7 Autochk Application Management Apache Service Active Server Pages Application ; AVG7 Autochk Application Management Apache Service Active Server Pages Application ; Autochk Application Management Apache Service Active Server Pages Application ; Application Management Apache Service Active Server Pages Application ; Apache Service Active Server Pages Application ; Active Server Pages Application ; Application ; "Sources"=hex(7):57,53,48,00,57,69,6e,4d,67,6d,74,00,57,69,6e,6c,6f,67,6f,6e,\ 00,57,69,6e,64,6f,77,73,20,33,2e,31,20,4d,69,67,72,61,74,69,6f,6e,00,57,33,\ 43,74,72,73,00,56,42,52,75,6e,74,69,6d,65,00,55,73,65,72,69,6e,69,74,00,55,\ 73,65,72,65,6e,76,00,54,6c,6e,74,73,76,72,00,53,79,73,6d,6f,6e,4c,6f,67,00,\ 53,70,6f,6f,6c,65,72,43,74,72,73,00,73,70,66,69,72,65,77,61,6c,6c,73,76,63,\ 00,53,6f,66,74,77,61,72,65,20,49,6e,73,74,61,6c,6c,61,74,69,6f,6e,00,53,63,\ 6c,67,4e,74,66,79,00,53,63,65,53,72,76,00,53,63,65,43,6c,69,00,50,6c,75,67,\ 50,6c,61,79,4d,61,6e,61,67,65,72,00,50,65,72,66,50,72,6f,63,00,50,65,72,66,\ 4f,53,00,50,65,72,66,4e,65,74,00,50,65,72,66,6d,6f,6e,00,50,65,72,66,6c,69,\ 62,00,50,65,72,66,44,69,73,6b,00,50,65,72,66,63,74,72,73,00,4f,66,66,6c,69,\ 6e,65,20,46,69,6c,65,73,00,4f,61,6b,6c,65,79,00,4e,74,62,61,63,6b,75,70,2e,\ 69,6e,69,00,6e,74,62,61,63,6b,75,70,00,4d,79,53,51,4c,00,4d,73,69,49,6e,73,\ 74,61,6c,6c,65,72,00,4d,53,44,54,43,20,43,6c,69,65,6e,74,00,4d,53,44,54,43,\ 00,6d,6e,6d,73,72,76,63,00,4c,6f,61,64,50,65,72,66,00,4c,69,63,65,6e,73,65,\ 53,65,72,76,69,63,65,00,49,50,53,45,43,50,6f,6c,69,63,79,53,74,6f,72,61,67,\ 65,00,49,49,53,49,6e,66,6f,43,74,72,73,00,49,49,53,41,44,4d,49,4e,00,49,45,\ 78,70,6c,6f,72,65,00,49,64,65,6e,74,64,00,48,54,54,50,45,58,54,00,68,70,6d,\ 6f,6e,00,48,2b,42,45,44,56,20,41,6e,74,69,56,69,72,00,46,74,70,43,74,72,73,\ 00,46,6f,6c,64,65,72,20,52,65,64,69,72,65,63,74,69,6f,6e,00,46,69,6c,65,20,\ 44,65,70,6c,6f,79,6d,65,6e,74,00,45,76,65,6e,74,53,79,73,74,65,6d,00,45,53,\ 45,4e,54,00,44,72,57,61,74,73,6f,6e,00,44,69,73,6b,51,75,6f,74,61,00,44,69,\ 64,65,6e,74,44,00,43,4f,4d,2b,00,43,69,00,43,68,6b,64,73,6b,00,41,76,67,37,\ 55,70,64,53,76,63,00,41,76,67,37,41,6c,72,74,00,41,56,47,37,00,41,75,74,6f,\ 63,68,6b,00,41,70,70,6c,69,63,61,74,69,6f,6e,20,4d,61,6e,61,67,65,6d,65,6e,\ 74,00,41,70,61,63,68,65,20,53,65,72,76,69,63,65,00,41,63,74,69,76,65,20,53,\ 65,72,76,65,72,20,50,61,67,65,73,00,41,70,70,6c,69,63,61,74,69,6f,6e,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\Application\DidentD] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\Application\DidentD] ; Contents of value: ; d:\identd\didentd.exe "EventMessageFile"=hex(2):44,3a,5c,49,64,65,6e,74,44,5c,64,69,64,65,6e,74,64,\ 2e,65,78,65,00 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_DIDENTD] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_DIDENTD\0000] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_DIDENTD\0000] "Service"="DidentD" "DeviceDesc"="DidentD" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\atapi\Parameters] ; Contents of value: ; QUANTUM FIREBALL ; "NeedIdentDevice"=hex(7):51,55,41,4e,54,55,4d,20,46,49,52,45,42,41,4c,4c,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\DidentD] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\DidentD] ; Contents of value: ; d:\identd\didentd.exe "ImagePath"=hex(2):44,3a,5c,49,64,65,6e,74,44,5c,64,69,64,65,6e,74,64,2e,65,78,\ 65,00 "DisplayName"="DidentD" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\DidentD\Parameters] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\DidentD\Security] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\DidentD\Enum] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\DidentD\Enum] "0"="Root\\LEGACY_DIDENTD\\0000" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application] ; Contents of value: ; WSH ; WinMgmt Winl ; Winlogon Windows 3.1 ; Windows 3.1 Migration W3Ctrs VBRuntime User ; W3Ctrs VBRuntime Userinit Userenv Tlntsvr SysmonLo ; VBRuntime Userinit Userenv Tlntsvr SysmonLog SpoolerCtrs spf ; Userinit Userenv Tlntsvr SysmonLog SpoolerCtrs spfirewallsvc Software ; Userenv Tlntsvr SysmonLog SpoolerCtrs spfirewallsvc Software Installation Scl ; Tlntsvr SysmonLog SpoolerCtrs spfirewallsvc Software Installation SclgNtfy SceSrv Sce ; SysmonLog SpoolerCtrs spfirewallsvc Software Installation SclgNtfy SceSrv SceCli PlugPlayManage ; SpoolerCtrs spfirewallsvc Software Installation SclgNtfy SceSrv SceCli PlugPlayManager PerfProc PerfOS Perf ; spfirewallsvc Software Installation SclgNtfy SceSrv SceCli PlugPlayManager PerfProc PerfOS PerfNet Perfmon Perflib PerfDi ; Software Installation SclgNtfy SceSrv SceCli PlugPlayManager PerfProc PerfOS PerfNet Perfmon Perflib PerfDisk Perfctrs Offline Files Oakley Ntb ; SclgNtfy SceSrv SceCli PlugPlayManager PerfProc PerfOS PerfNet Perfmon Perflib PerfDisk Perfctrs Offline Files Oakley Ntbackup.ini ntbackup MySQL MsiIns ; SceSrv SceCli PlugPlayManager PerfProc PerfOS PerfNet Perfmon Perflib PerfDisk Perfctrs Offline Files Oakley Ntbackup.ini ntbackup MySQL MsiInstaller MSDTC Cli ; SceCli PlugPlayManager PerfProc PerfOS PerfNet Perfmon Perflib PerfDisk Perfctrs Offline Files Oakley Ntbackup.ini ntbackup MySQL MsiInstaller MSDTC Client MSDTC mnms ; PlugPlayManager PerfProc PerfOS PerfNet Perfmon Perflib PerfDisk Perfctrs Offline Files Oakley Ntbackup.ini ntbackup MySQL MsiInstaller MSDTC Client MSDTC mnmsrvc LoadPerf LicenseSer ; PerfProc PerfOS PerfNet Perfmon Perflib PerfDisk Perfctrs Offline Files Oakley Ntbackup.ini ntbackup MySQL MsiInstaller MSDTC Client MSDTC mnmsrvc LoadPerf LicenseService IPSECPolicyStorage I ; PerfOS PerfNet Perfmon Perflib PerfDisk Perfctrs Offline Files Oakley Ntbackup.ini ntbackup MySQL MsiInstaller MSDTC Client MSDTC mnmsrvc LoadPerf LicenseService IPSECPolicyStorage IISInfoCtrs IISAD ; PerfNet Perfmon Perflib PerfDisk Perfctrs Offline Files Oakley Ntbackup.ini ntbackup MySQL MsiInstaller MSDTC Client MSDTC mnmsrvc LoadPerf LicenseService IPSECPolicyStorage IISInfoCtrs IISADMIN IExplore Id ; Perfmon Perflib PerfDisk Perfctrs Offline Files Oakley Ntbackup.ini ntbackup MySQL MsiInstaller MSDTC Client MSDTC mnmsrvc LoadPerf LicenseService IPSECPolicyStorage IISInfoCtrs IISADMIN IExplore Identd HTTPEXT hpm ; Perflib PerfDisk Perfctrs Offline Files Oakley Ntbackup.ini ntbackup MySQL MsiInstaller MSDTC Client MSDTC mnmsrvc LoadPerf LicenseService IPSECPolicyStorage IISInfoCtrs IISADMIN IExplore Identd HTTPEXT hpmon H+BEDV AntiVi ; PerfDisk Perfctrs Offline Files Oakley Ntbackup.ini ntbackup MySQL MsiInstaller MSDTC Client MSDTC mnmsrvc LoadPerf LicenseService IPSECPolicyStorage IISInfoCtrs IISADMIN IExplore Identd HTTPEXT hpmon H+BEDV AntiVir FtpCtrs Folder ; Perfctrs Offline Files Oakley Ntbackup.ini ntbackup MySQL MsiInstaller MSDTC Client MSDTC mnmsrvc LoadPerf LicenseService IPSECPolicyStorage IISInfoCtrs IISADMIN IExplore Identd HTTPEXT hpmon H+BEDV AntiVir FtpCtrs Folder Redirection File D ; Offline Files Oakley Ntbackup.ini ntbackup MySQL MsiInstaller MSDTC Client MSDTC mnmsrvc LoadPerf LicenseService IPSECPolicyStorage IISInfoCtrs IISADMIN IExplore Identd HTTPEXT hpmon H+BEDV AntiVir FtpCtrs Folder Redirection File Deployment EventSystem E ; Oakley Ntbackup.ini ntbackup MySQL MsiInstaller MSDTC Client MSDTC mnmsrvc LoadPerf LicenseService IPSECPolicyStorage IISInfoCtrs IISADMIN IExplore Identd HTTPEXT hpmon H+BEDV AntiVir FtpCtrs Folder Redirection File Deployment EventSystem ESENT DrWatson DiskQuo ; Ntbackup.ini ntbackup MySQL MsiInstaller MSDTC Client MSDTC mnmsrvc LoadPerf LicenseService IPSECPolicyStorage IISInfoCtrs IISADMIN IExplore Identd HTTPEXT hpmon H+BEDV AntiVir FtpCtrs Folder Redirection File Deployment EventSystem ESENT DrWatson DiskQuota DidentD COM+ Ci C ; ntbackup MySQL MsiInstaller MSDTC Client MSDTC mnmsrvc LoadPerf LicenseService IPSECPolicyStorage IISInfoCtrs IISADMIN IExplore Identd HTTPEXT hpmon H+BEDV AntiVir FtpCtrs Folder Redirection File Deployment EventSystem ESENT DrWatson DiskQuota DidentD COM+ Ci Chkdsk Avg7UpdSvc Avg7A ; MySQL MsiInstaller MSDTC Client MSDTC mnmsrvc LoadPerf LicenseService IPSECPolicyStorage IISInfoCtrs IISADMIN IExplore Identd HTTPEXT hpmon H+BEDV AntiVir FtpCtrs Folder Redirection File Deployment EventSystem ESENT DrWatson DiskQuota DidentD COM+ Ci Chkdsk Avg7UpdSvc Avg7Alrt AVG7 Autoch ; MsiInstaller MSDTC Client MSDTC mnmsrvc LoadPerf LicenseService IPSECPolicyStorage IISInfoCtrs IISADMIN IExplore Identd HTTPEXT hpmon H+BEDV AntiVir FtpCtrs Folder Redirection File Deployment EventSystem ESENT DrWatson DiskQuota DidentD COM+ Ci Chkdsk Avg7UpdSvc Avg7Alrt AVG7 Autochk Application Manag ; MSDTC Client MSDTC mnmsrvc LoadPerf LicenseService IPSECPolicyStorage IISInfoCtrs IISADMIN IExplore Identd HTTPEXT hpmon H+BEDV AntiVir FtpCtrs Folder Redirection File Deployment EventSystem ESENT DrWatson DiskQuota DidentD COM+ Ci Chkdsk Avg7UpdSvc Avg7Alrt AVG7 Autochk Application Management Apache Service Activ ; MSDTC mnmsrvc LoadPerf LicenseService IPSECPolicyStorage IISInfoCtrs IISADMIN IExplore Identd HTTPEXT hpmon H+BEDV AntiVir FtpCtrs Folder Redirection File Deployment EventSystem ESENT DrWatson DiskQuota DidentD COM+ Ci Chkdsk Avg7UpdSvc Avg7Alrt AVG7 Autochk Application Management Apache Service Active Server Pages Appl ; mnmsrvc LoadPerf LicenseService IPSECPolicyStorage IISInfoCtrs IISADMIN IExplore Identd HTTPEXT hpmon H+BEDV AntiVir FtpCtrs Folder Redirection File Deployment EventSystem ESENT DrWatson DiskQuota DidentD COM+ Ci Chkdsk Avg7UpdSvc Avg7Alrt AVG7 Autochk Application Management Apache Service Active Server Pages Application ; LoadPerf LicenseService IPSECPolicyStorage IISInfoCtrs IISADMIN IExplore Identd HTTPEXT hpmon H+BEDV AntiVir FtpCtrs Folder Redirection File Deployment EventSystem ESENT DrWatson DiskQuota DidentD COM+ Ci Chkdsk Avg7UpdSvc Avg7Alrt AVG7 Autochk Application Management Apache Service Active Server Pages Application ; LicenseService IPSECPolicyStorage IISInfoCtrs IISADMIN IExplore Identd HTTPEXT hpmon H+BEDV AntiVir FtpCtrs Folder Redirection File Deployment EventSystem ESENT DrWatson DiskQuota DidentD COM+ Ci Chkdsk Avg7UpdSvc Avg7Alrt AVG7 Autochk Application Management Apache Service Active Server Pages Application ; IPSECPolicyStorage IISInfoCtrs IISADMIN IExplore Identd HTTPEXT hpmon H+BEDV AntiVir FtpCtrs Folder Redirection File Deployment EventSystem ESENT DrWatson DiskQuota DidentD COM+ Ci Chkdsk Avg7UpdSvc Avg7Alrt AVG7 Autochk Application Management Apache Service Active Server Pages Application ; IISInfoCtrs IISADMIN IExplore Identd HTTPEXT hpmon H+BEDV AntiVir FtpCtrs Folder Redirection File Deployment EventSystem ESENT DrWatson DiskQuota DidentD COM+ Ci Chkdsk Avg7UpdSvc Avg7Alrt AVG7 Autochk Application Management Apache Service Active Server Pages Application ; IISADMIN IExplore Identd HTTPEXT hpmon H+BEDV AntiVir FtpCtrs Folder Redirection File Deployment EventSystem ESENT DrWatson DiskQuota DidentD COM+ Ci Chkdsk Avg7UpdSvc Avg7Alrt AVG7 Autochk Application Management Apache Service Active Server Pages Application ; IExplore Identd HTTPEXT hpmon H+BEDV AntiVir FtpCtrs Folder Redirection File Deployment EventSystem ESENT DrWatson DiskQuota DidentD COM+ Ci Chkdsk Avg7UpdSvc Avg7Alrt AVG7 Autochk Application Management Apache Service Active Server Pages Application ; Identd HTTPEXT hpmon H+BEDV AntiVir FtpCtrs Folder Redirection File Deployment EventSystem ESENT DrWatson DiskQuota DidentD COM+ Ci Chkdsk Avg7UpdSvc Avg7Alrt AVG7 Autochk Application Management Apache Service Active Server Pages Application ; HTTPEXT hpmon H+BEDV AntiVir FtpCtrs Folder Redirection File Deployment EventSystem ESENT DrWatson DiskQuota DidentD COM+ Ci Chkdsk Avg7UpdSvc Avg7Alrt AVG7 Autochk Application Management Apache Service Active Server Pages Application ; hpmon H+BEDV AntiVir FtpCtrs Folder Redirection File Deployment EventSystem ESENT DrWatson DiskQuota DidentD COM+ Ci Chkdsk Avg7UpdSvc Avg7Alrt AVG7 Autochk Application Management Apache Service Active Server Pages Application ; H+BEDV AntiVir FtpCtrs Folder Redirection File Deployment EventSystem ESENT DrWatson DiskQuota DidentD COM+ Ci Chkdsk Avg7UpdSvc Avg7Alrt AVG7 Autochk Application Management Apache Service Active Server Pages Application ; FtpCtrs Folder Redirection File Deployment EventSystem ESENT DrWatson DiskQuota DidentD COM+ Ci Chkdsk Avg7UpdSvc Avg7Alrt AVG7 Autochk Application Management Apache Service Active Server Pages Application ; Folder Redirection File Deployment EventSystem ESENT DrWatson DiskQuota DidentD COM+ Ci Chkdsk Avg7UpdSvc Avg7Alrt AVG7 Autochk Application Management Apache Service Active Server Pages Application ; File Deployment EventSystem ESENT DrWatson DiskQuota DidentD COM+ Ci Chkdsk Avg7UpdSvc Avg7Alrt AVG7 Autochk Application Management Apache Service Active Server Pages Application ; EventSystem ESENT DrWatson DiskQuota DidentD COM+ Ci Chkdsk Avg7UpdSvc Avg7Alrt AVG7 Autochk Application Management Apache Service Active Server Pages Application ; ESENT DrWatson DiskQuota DidentD COM+ Ci Chkdsk Avg7UpdSvc Avg7Alrt AVG7 Autochk Application Management Apache Service Active Server Pages Application ; DrWatson DiskQuota DidentD COM+ Ci Chkdsk Avg7UpdSvc Avg7Alrt AVG7 Autochk Application Management Apache Service Active Server Pages Application ; DiskQuota DidentD COM+ Ci Chkdsk Avg7UpdSvc Avg7Alrt AVG7 Autochk Application Management Apache Service Active Server Pages Application ; DidentD COM+ Ci Chkdsk Avg7UpdSvc Avg7Alrt AVG7 Autochk Application Management Apache Service Active Server Pages Application ; COM+ Ci Chkdsk Avg7UpdSvc Avg7Alrt AVG7 Autochk Application Management Apache Service Active Server Pages Application ; Ci Chkdsk Avg7UpdSvc Avg7Alrt AVG7 Autochk Application Management Apache Service Active Server Pages Application ; Chkdsk Avg7UpdSvc Avg7Alrt AVG7 Autochk Application Management Apache Service Active Server Pages Application ; Avg7UpdSvc Avg7Alrt AVG7 Autochk Application Management Apache Service Active Server Pages Application ; Avg7Alrt AVG7 Autochk Application Management Apache Service Active Server Pages Application ; AVG7 Autochk Application Management Apache Service Active Server Pages Application ; Autochk Application Management Apache Service Active Server Pages Application ; Application Management Apache Service Active Server Pages Application ; Apache Service Active Server Pages Application ; Active Server Pages Application ; Application ; "Sources"=hex(7):57,53,48,00,57,69,6e,4d,67,6d,74,00,57,69,6e,6c,6f,67,6f,6e,\ 00,57,69,6e,64,6f,77,73,20,33,2e,31,20,4d,69,67,72,61,74,69,6f,6e,00,57,33,\ 43,74,72,73,00,56,42,52,75,6e,74,69,6d,65,00,55,73,65,72,69,6e,69,74,00,55,\ 73,65,72,65,6e,76,00,54,6c,6e,74,73,76,72,00,53,79,73,6d,6f,6e,4c,6f,67,00,\ 53,70,6f,6f,6c,65,72,43,74,72,73,00,73,70,66,69,72,65,77,61,6c,6c,73,76,63,\ 00,53,6f,66,74,77,61,72,65,20,49,6e,73,74,61,6c,6c,61,74,69,6f,6e,00,53,63,\ 6c,67,4e,74,66,79,00,53,63,65,53,72,76,00,53,63,65,43,6c,69,00,50,6c,75,67,\ 50,6c,61,79,4d,61,6e,61,67,65,72,00,50,65,72,66,50,72,6f,63,00,50,65,72,66,\ 4f,53,00,50,65,72,66,4e,65,74,00,50,65,72,66,6d,6f,6e,00,50,65,72,66,6c,69,\ 62,00,50,65,72,66,44,69,73,6b,00,50,65,72,66,63,74,72,73,00,4f,66,66,6c,69,\ 6e,65,20,46,69,6c,65,73,00,4f,61,6b,6c,65,79,00,4e,74,62,61,63,6b,75,70,2e,\ 69,6e,69,00,6e,74,62,61,63,6b,75,70,00,4d,79,53,51,4c,00,4d,73,69,49,6e,73,\ 74,61,6c,6c,65,72,00,4d,53,44,54,43,20,43,6c,69,65,6e,74,00,4d,53,44,54,43,\ 00,6d,6e,6d,73,72,76,63,00,4c,6f,61,64,50,65,72,66,00,4c,69,63,65,6e,73,65,\ 53,65,72,76,69,63,65,00,49,50,53,45,43,50,6f,6c,69,63,79,53,74,6f,72,61,67,\ 65,00,49,49,53,49,6e,66,6f,43,74,72,73,00,49,49,53,41,44,4d,49,4e,00,49,45,\ 78,70,6c,6f,72,65,00,49,64,65,6e,74,64,00,48,54,54,50,45,58,54,00,68,70,6d,\ 6f,6e,00,48,2b,42,45,44,56,20,41,6e,74,69,56,69,72,00,46,74,70,43,74,72,73,\ 00,46,6f,6c,64,65,72,20,52,65,64,69,72,65,63,74,69,6f,6e,00,46,69,6c,65,20,\ 44,65,70,6c,6f,79,6d,65,6e,74,00,45,76,65,6e,74,53,79,73,74,65,6d,00,45,53,\ 45,4e,54,00,44,72,57,61,74,73,6f,6e,00,44,69,73,6b,51,75,6f,74,61,00,44,69,\ 64,65,6e,74,44,00,43,4f,4d,2b,00,43,69,00,43,68,6b,64,73,6b,00,41,76,67,37,\ 55,70,64,53,76,63,00,41,76,67,37,41,6c,72,74,00,41,56,47,37,00,41,75,74,6f,\ 63,68,6b,00,41,70,70,6c,69,63,61,74,69,6f,6e,20,4d,61,6e,61,67,65,6d,65,6e,\ 74,00,41,70,61,63,68,65,20,53,65,72,76,69,63,65,00,41,63,74,69,76,65,20,53,\ 65,72,76,65,72,20,50,61,67,65,73,00,41,70,70,6c,69,63,61,74,69,6f,6e,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\DidentD] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\DidentD] ; Contents of value: ; d:\identd\didentd.exe "EventMessageFile"=hex(2):44,3a,5c,49,64,65,6e,74,44,5c,64,69,64,65,6e,74,64,\ 2e,65,78,65,00 ; End Of The Log... REGEDIT4 ; Registry Search 2.0 by Bobbi Flekman © 2005 ; Version: 2.0.1.0 ; Results at 19.08.2006 14:44:28 for strings: ; 'angel-59935597' ; Strings excluded from search: ; (None) ; Search in: ; Registry Keys Registry Values Registry Data ; HKEY_LOCAL_MACHINE HKEY_USERS [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_ANGEL-59935597] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_ANGEL-59935597\0000] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_ANGEL-59935597\0000] "Service"="AnGeL-59935597" "DeviceDesc"="AnGeL-59935597" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\AnGeL-59935597] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\AnGeL-59935597] "DisplayName"="AnGeL-59935597" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\AnGeL-59935597\Security] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\AnGeL-59935597\Enum] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\AnGeL-59935597\Enum] "0"="Root\\LEGACY_ANGEL-59935597\\0000" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_ANGEL-59935597] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_ANGEL-59935597\0000] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_ANGEL-59935597\0000] "Service"="AnGeL-59935597" "DeviceDesc"="AnGeL-59935597" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\AnGeL-59935597] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\AnGeL-59935597] "DisplayName"="AnGeL-59935597" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\AnGeL-59935597\Security] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_ANGEL-59935597] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_ANGEL-59935597\0000] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_ANGEL-59935597\0000] "Service"="AnGeL-59935597" "DeviceDesc"="AnGeL-59935597" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\AnGeL-59935597] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\AnGeL-59935597] "DisplayName"="AnGeL-59935597" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\AnGeL-59935597\Security] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\AnGeL-59935597\Enum] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\AnGeL-59935597\Enum] "0"="Root\\LEGACY_ANGEL-59935597\\0000" ; End Of The Log... Logfile of HijackThis v1.99.1 Scan saved at 14:46:48, on 19.08.2006 Platform: Windows 2000 SP4 (WinNT 5.00.2195) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINNT\System32\smss.exe C:\WINNT\system32\winlogon.exe C:\WINNT\system32\services.exe C:\WINNT\system32\lsass.exe C:\WINNT\System32\termsrv.exe C:\WINNT\system32\svchost.exe C:\WINNT\system32\spoolsv.exe D:\Webserver\xampp\apache\bin\Apache.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe C:\WINNT\System32\llssrv.exe D:\Webserver\xampp\mysql\bin\mysqld-nt.exe C:\WINNT\System32\svchost.exe C:\WINNT\system32\MSTask.exe D:\Voiceserver\TeamSpeak2\srvany.exe C:\WINNT\System32\WBEM\WinMgmt.exe D:\Voiceserver\TeamSpeak2\server_windows.exe C:\WINNT\system32\svchost.exe C:\WINNT\system32\Dfssvc.exe D:\Webserver\xampp\apache\bin\Apache.exe C:\WINNT\System32\svchost.exe C:\WINNT\system32\winlogon.exe C:\WINNT\system32\rdpclip.exe C:\WINNT\Explorer.EXE D:\Programme\Spybot - Search & Destroy\TeaTimer.exe C:\Programme\Uptime Project\client.exe C:\WINNT\system32\taskmgr.exe C:\WINNT\system32\msiexec.exe C:\WINNT\system32\explorer.exe C:\WINNT\system32\tsadmin.exe C:\WINNT\system32\logon.scr C:\Dokumente und Einstellungen\Administrator\Desktop\HijackThis.exe O3 - Toolbar: @msdxmLC.dll,-1@1031,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx O4 - HKLM\..\Run: [avgnt] "C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKLM\..\Run: [FRISK FP-Scheduler] C:\Programme\FSI\F-Prot\F-Sched.exe STARTUP O4 - HKLM\..\Run: [F-StopW] C:\Programme\FSI\F-Prot\F-StopW.EXE O4 - HKCU\..\Run: [Steam] "d:\martin\csserver\steam.exe" -silent O4 - HKCU\..\Run: [SpybotSD TeaTimer] d:\Programme\Spybot - Search & Destroy\TeaTimer.exe O4 - HKCU\..\Run: [mini-Relay] "D:\Programme\miniRelay\miniRelay.exe" O4 - HKCU\..\Run: [ServerMonitor] "d:\Programme\RanaInside\ServerMonitor\ServerMonitor.exe" -s O4 - HKCU\..\Run: [G6FTP Server Tray Monitor] "d:\Programme\Gene6 FTP Server\G6FTPTray.exe" O4 - HKCU\..\Run: [Uptime-Project] C:\Programme\Uptime Project\client.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_04\bin\npjpi150_04.dll (file missing) O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_04\bin\npjpi150_04.dll (file missing) O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/german/kavwebscan_unicode.cab O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://scan.safety.live.com/resource/download/scanner/wlscbase969.cab O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall-Kontrolle) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab O16 - DPF: {9D190AE6-C81E-4039-8061-978EBAD10073} (F-Secure Online Scanner 3.0) - http://support.f-secure.com/ols/fscax.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{AA258F7B-545B-4ACF-94D9-0980CBAF2C90}: NameServer = 213.202.193.165,213.202.250.188 O23 - Service: AnGeL-59935597 - (AnGeL-59935597) - - - D:\angelbot\AnGeL.exe O23 - Service: AnGeL-68129770 - (AnGeL-68129770) - - - D:\angelbot2\AnGeL.exe O23 - Service: AnGeL-82509427 - (AnGeL-82509427) - - - D:\angelbot6\AnGeL.exe O23 - Service: AnGeL-87668793 - (AnGeL-87668793) - - - D:\angelbot5\AnGeL.exe O23 - Service: AntiVir PersonalEdition Classic Planer (AntiVirScheduler) - Avira GmbH - C:\Programme\AntiVir PersonalEdition Classic\sched.exe O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - AVIRA GmbH - C:\Programme\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: Apache2 - Unknown owner - D:\Webserver\xampp\apache\bin\Apache.exe" -k runservice (file missing) O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe O23 - Service: Verwaltungsdienst für die Verwaltung logischer Datenträger (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe O23 - Service: FileZilla Server FTP server (FileZilla Server) - FileZilla Project - D:\Webserver\xampp\FileZillaFTP\FileZilla Server.exe O23 - Service: Gene6 FTP Server (G6FTPServer) - Gene6 - d:\Programme\Gene6 FTP Server\G6FTPSERVER.EXE O23 - Service: Identd - Unknown owner - d:\IdentD\Identd.exe (file missing) O23 - Service: mysql - Unknown owner - D:\Webserver\xampp\mysql\bin\mysqld-nt.exe O23 - Service: PHPGeekUtil - Unknown owner - c:\apache\APACHE.EXE" --ntservice (file missing) O23 - Service: Remote Procedure Call (RPC) Remote (RpcRemote) - Unknown owner - C:\WINNT\system32\remote.exe (file missing) O23 - Service: TSService - Unknown owner - d:\Voiceserver\TeamSpeak2\srvany.exe O23 - Service: TSWinServer - Unknown owner - D:\Voiceserver\TeamSpeak2\srvany.exe Datentr„ger in Laufwerk C: ist SYSTEM Datentr„gernummer: DC3C-4F67 Verzeichnis von C:\WINNT\system32 19.08.2006 14:43 9.609 .exe 19.08.2006 14:32 1.079 tupss.dll 19.08.2006 12:13 44.544 net32a.exe 18.08.2006 12:43 16.384 Perflib_Perfdata_5a4.dat 18.08.2006 12:13 16.384 Perflib_Perfdata_348.dat 17.08.2006 20:28 16.384 Perflib_Perfdata_4b8.dat 17.08.2006 20:28 16.384 Perflib_Perfdata_4b0.dat 14.08.2006 19:00 16.384 Perflib_Perfdata_354.dat 14.08.2006 01:06 16.384 Perflib_Perfdata_4d4.dat 02.06.2006 11:04 57.384 avsda.dll 09.04.2006 04:33 176 start.bat Datentr„ger in Laufwerk C: ist SYSTEM Datentr„gernummer: DC3C-4F67 Verzeichnis von C:\DOKUME~1\ADMINI~1\LOKALE~1\Temp\1 19.08.2006 14:32 340 MSI8d601.LOG 15.08.2006 19:58 73 CB1163BD.TMP 2 Datei(en) 413 Bytes 0 Verzeichnis(se), 4.862.348.288 Bytes frei Datentr„ger in Laufwerk C: ist SYSTEM Datentr„gernummer: DC3C-4F67 Verzeichnis von C:\WINNT 19.08.2006 14:23 1.245.936 WindowsUpdate.log 19.08.2006 14:21 32.482 SchedLgU.Txt 19.08.2006 12:43 322.790 setupapi.log 18.08.2006 22:37 229.264 ShellIconCache 16.08.2006 20:09 321 win.ini 16.08.2006 20:09 227 system.ini 14.08.2006 01:32 786 KB921883.log 03.02.2006 15:51 5.043 mozver.dat Datentr„ger in Laufwerk C: ist SYSTEM Datentr„gernummer: DC3C-4F67 Verzeichnis von C:\ 19.08.2006 14:49 0 sys.txt 19.08.2006 14:49 9.474 system.txt 19.08.2006 14:49 347 systemtemp.txt 19.08.2006 14:48 97.102 system32.txt 19.08.2006 14:47 197.120 idhds.exe 19.08.2006 14:23 792.723.456 pagefile.sys 19.08.2006 14:11 8.024 avenger.txt 16.08.2006 20:09 186 boot.ini