Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz

Trojan Dybalom

Patříte mezi Vzorné návštěvníky? Pak je tato sekce pro vás.

Moderátor: Moderátoři

Pravidla fóra
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
Odpovědět
Zpráva
Autor
Ashok28
Vzorný návštěvník
Vzorný návštěvník
Příspěvky: 370
Registrován: 01 kvě 2011 22:26

Trojan Dybalom

#1 Příspěvek od Ashok28 »

Dobré odpoledne :) V posledním čase na mě furt vyskakují hlášky UAC že se chce zpustit nějaký program označený
8 místními číslicemi který má být umistněn v Appdata/Roaming. Jakmile kliknu na nespuštět tak mi vyhodí hlášku
že nějaký program s nesmyslnýma písmenama přestal pracovat. Když jsem si otevřel ten roaming narazil jsem tam mimo jiné i na exe soubor lshss.exe který má být podle googlu trojanem Dybalom.
Virustotal vykazuje detekci 17/43 (odkaz na Virustotal ZDE) Bylo tam asi 8 souborů s těmi číslicemi a ty jsem všechny smazal. Ten lshss.exe jsem tam zatím radši ponechal.
Zde přikládám log z RSIT:

Logfile of random's system information tool 1.09 (written by random/random)
Run by Ashok28 at 2011-07-27 12:08:29
Microsoft Windows 7 Ultimate Service Pack 1
System drive C: has 62 GB (13%) free of 461 GB
Total RAM: 4087 MB (54% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 12:08:32, on 27. 7. 2011
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files (x86)\DigitalPersona\Bin\DpAgent.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
c:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe
C:\Users\Ashok28\AppData\Roaming\lshss.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqToaster.exe
C:\Program Files (x86)\Windows Media Player\wmplayer.exe
C:\Users\Ashok28\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Ashok28\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Users\Ashok28\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Ashok28\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Ashok28\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files\trend micro\Ashok28.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE= ... on&pf=cnnb
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.sk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: DigitalPersona Personal Extension - {395610AE-C624-4f58-B89E-23733EA00F9A} - C:\Program Files (x86)\DigitalPersona\Bin\DpOtsPluginIe8.dll
O2 - BHO: Pomocník pri prihlasovaní v konte Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [DpAgent] C:\Program Files (x86)\DigitalPersona\Bin\dpagent.exe
O4 - HKLM\..\Run: [QlbCtrl.exe] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [UpdatePRCShortCut] "C:\Program Files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Hewlett-Packard\Recovery" UpdateWithCreateOnce "Software\CyberLink\PowerRecover"
O4 - HKLM\..\Run: [WirelessAssistant] C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [LogMeIn Hamachi Ui] "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start
O4 - HKLM\..\Run: [amd_dc_opt] C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [FileZilla Server Interface] "C:\Program Files (x86)\FileZilla Server\FileZilla Server Interface.exe"
O4 - HKCU\..\Run: [DS3 Tool] C:\Program Files\MotioninJoy\ds3\DS3_Tool.exe -mini
O4 - HKCU\..\Run: [Patcher_EFIGS.exe] C:\Users\Ashok28\AppData\Roaming\Patcher_EFIGS.exe
O4 - HKCU\..\Run: [mgOJxI.exe] C:\Users\Ashok28\AppData\Roaming\mgOJxI.exe
O4 - HKUS\S-1-5-21-2094344383-1364548060-3467643000-1009\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'UpdatusUser')
O4 - HKUS\S-1-5-21-2094344383-1364548060-3467643000-1009\..\Run: [HPADVISOR] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe autorun=AUTORUN (User 'UpdatusUser')
O4 - HKUS\S-1-5-21-2094344383-1364548060-3467643000-1009\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'UpdatusUser')
O4 - Startup: mgOJxI.exe
O4 - Global Startup: Bluetooth.lnk = ?
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xportovať do programu Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files (x86)\ICQ7.5\ICQ.exe (file missing)
O9 - Extra 'Tools' menuitem: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files (x86)\ICQ7.5\ICQ.exe (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: Odeslat do zařízení Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: Odeslat do zařízení &Bluetooth... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Fiddler2 - {CF819DA3-9882-4944-ADF5-6EF17ECF3C6E} - "C:\Program Files (x86)\Fiddler2\Fiddler.exe" (file missing)
O9 - Extra 'Tools' menuitem: Fiddler2 - {CF819DA3-9882-4944-ADF5-6EF17ECF3C6E} - "C:\Program Files (x86)\Fiddler2\Fiddler.exe" (file missing)
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\AESTSr64.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: ASP.NET State Service (aspnet_state) - Unknown owner - C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (file missing)
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
O23 - Service: Com4QLBEx - Hewlett-Packard Development Company, L.P. - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
O23 - Service: Dragon Age: Prameny - aktualizace obsahu (DAUpdaterSvc) - BioWare - C:\Program Files (x86)\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe
O23 - Service: Defragmentation-Service (DfSdkS) - mst software GmbH, Germany - C:\Program Files (x86)\Ashampoo\Ashampoo WinOptimizer 6\Dfsdks.exe
O23 - Service: @C:\Program Files (x86)\DigitalPersona\Bin\DpHostW.exe,-128 (DpHost) - DigitalPersona, Inc. - C:\Program Files (x86)\DigitalPersona\Bin\DpHostW.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: FileZilla Server FTP server (FileZilla Server) - FileZilla Project - C:\Program Files (x86)\FileZilla Server\FileZilla Server.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LogMeIn Hamachi 2.0 Tunneling Engine (Hamachi2Svc) - LogMeIn Inc. - C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
O23 - Service: HP Health Check Service - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: HP Quick Synchronization Service (HPDrvMntSvc.exe) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
O23 - Service: HP Software Framework Service (hpqwmiex) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: HP Service (hpsrv) - Unknown owner - C:\Windows\system32\Hpservice.exe (file missing)
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe
O23 - Service: LibUsb-Win32 - Daemon, Version 0.1.10.1 (libusbd) - http://libusb-win32.sourceforge.net - C:\Windows\system32\libusbd-nt.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: ServiceLayer - Nokia - C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: Sony Ericsson PCCompanion - Avanquest Software - C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Audio Service (STacSV) - IDT, Inc. - C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\STacSV64.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O23 - Service: TeamViewer 6 (TeamViewer6) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe
O23 - Service: Intel(R) Turbo Boost Technology Monitor (TurboBoost) - Intel(R) Corporation - C:\Program Files\Intel\TurboBoost\TurboBoost.exe
O23 - Service: TV Background Capture Service (TVBCS) (TVCapSvc) - Unknown owner - c:\Program Files (x86)\Hewlett-Packard\Media\Live TV\Kernel\TV\TVCapSvc.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Validity VCS Fingerprint Service (vcsFPService) - Validity Sensors, Inc. - C:\Windows\system32\vcsFPService.exe
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: VNC Server Version 4 (WinVNC4) - RealVNC Ltd - C:\Program Files\RealVNC\VNC4\WinVNC4.exe
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 15889 bytes

======Listing Processes======

\SystemRoot\System32\smss.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
wininit.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\STacSV64.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\Hpservice.exe
"C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe"
winlogon.exe
C:\Windows\system32\vcsFPService.exe
C:\Windows\system32\svchost.exe -k NetworkService
"C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe"
C:\Windows\system32\nvvsvc.exe -session -first
C:\Windows\System32\spoolsv.exe
"C:\Program Files (x86)\DigitalPersona\Bin\DpHostW.exe"
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\AESTSr64.exe
"C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe"
"C:\Program Files (x86)\Bonjour\mDNSResponder.exe"
"C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe"
"C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe"
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
"C:\Program Files (x86)\FileZilla Server\FileZilla Server.exe"
"C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe" -s
"C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe"
"C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe"
"C:\Program Files (x86)\Common Files\Microsoft Shared\VS7Debug\mdm.exe"
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\SysWOW64\PnkBstrA.exe
"C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe"
"C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe"
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
"C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe"
"C:\Program Files\Intel\TurboBoost\TurboBoost.exe"
"c:\Program Files (x86)\Hewlett-Packard\Media\Live TV\Kernel\TV\TVCapSvc.exe"
"C:\Program Files\RealVNC\VNC4\WinVNC4.exe" -service
"C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE"
"winvnc4.exe" -noconsole -slave Global\RealVNC.Enterprise.WinVNC4_Shutdown_Session_Instance -cadevent Global\RealVNC.Enterprise.WinVNC4_CAD
"C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe"
WLIDSvcM.exe 2784
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
"taskhost.exe"
"C:\Windows\system32\Dwm.exe"
C:\Windows\Explorer.EXE
C:\Windows\system32\wbem\wmiprvse.exe
"C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"
"C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe" /background
"C:\Windows\WindowsMobile\wmdc.exe"
C:\Windows\system32\svchost.exe -k WindowsMobile
"C:\Program Files\IDT\WDM\sttray64.exe"
"C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
"C:\Program Files\Logitech\SetPointP\SetPoint.exe" /launchGaming
"C:\Program Files\Synaptics\SynTP\SynTPHelper.exe"
"C:\Program Files\Logitech\SetPointP\LBTWiz.exe" -silent
"C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe" -hidden
"C:\Program Files\Windows Sidebar\sidebar.exe" /autoRun
"C:\Program Files\MotioninJoy\ds3\DS3_Tool.exe" -mini
"C:\Program Files (x86)\DigitalPersona\Bin\DpAgent.exe"
"C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe" /Start
C:\Windows\system32\SearchIndexer.exe /Embedding
"C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe"
"C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe"
"C:\Program Files (x86)\iTunes\iTunesHelper.exe"
"C:/Program Files/NVIDIA Corporation/Display/nvtray.exe" -user_has_logged_in 1
"C:\Program Files\DigitalPersona\Bin\DPAgent.exe"
"C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe"
taskeng.exe {2A71E044-238C-4770-A0BC-DD8B88A1E619}
"c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe"
"c:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe"
KHALMNPR.EXE /API
"C:\Program Files\Windows Media Player\wmpnetwk.exe"
"C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe"
"C:\Program Files\iPod\bin\iPodService.exe"
C:\Users\Ashok28\AppData\Roaming\lshss.exe
"C:\Program Files (x86)\Hewlett-Packard\Shared\hpqToaster.exe" -Embedding
"C:\Program Files (x86)\Hewlett-Packard\Shared\hpCaslNotification.exe" "<hpNotification><Toast><ID>11768</ID><Title>HP Wireless Assistant</Title><Text>WLAN: Deaktivované
Bluetooth: Deaktivované</Text><IconPath>C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\images\wireless_off.ico</IconPath><Path>C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe</Path><Parameters>SHOWSTATUS</Parameters></Toast></hpNotification>"
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
"C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe"
C:\Windows\system32\svchost.exe -k HPService
C:\Windows\system32\DllHost.exe /Processid:{30D49246-D217-465F-B00B-AC9DDD652EB7}
"C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe"
"C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /Play -Embedding
"C:\Users\Ashok28\AppData\Local\Google\Chrome\Application\chrome.exe"
"C:\Users\Ashok28\AppData\Local\Google\Chrome\Application\chrome.exe" --type=renderer --disable-client-side-phishing-detection --lang=sk --force-fieldtest=ConnCountImpact/conn_count_6/ConnnectBackupJobs/ConnectBackupJobsEnabled/DnsImpact/default_enabled_prefetch/DnsParallelism/parallel_default/GlobalSdch/global_enable_sdch/IdleSktToImpact/idle_timeout_60/Prefetch/ContentPrefetchDisabled/ProxyConnectionImpact/proxy_connections_32/SSLFalseStart/FalseStart_disabled/SpdyCwnd/cwndDynamic/SpdyImpact/npn_with_spdy/ --channel=6136.04282558.1951798423 /prefetch:3
C:\Windows\system32\rundll32.exe "C:\Users\Ashok28\AppData\Local\Google\Chrome\APPLIC~1\120742~1.122\gcswf32.dll",BrokerMain browser=chrome
"C:\Users\Ashok28\AppData\Local\Google\Chrome\Application\chrome.exe" --type=plugin --plugin-path="C:\Users\Ashok28\AppData\Local\Google\Chrome\Application\12.0.742.122\gcswf32.dll" --lang=sk --channel=6136.0740BFE8.1044122697 /prefetch:4 --flash-broker=1924
"C:\Users\Ashok28\AppData\Local\Google\Chrome\Application\chrome.exe" --type=renderer --disable-client-side-phishing-detection --lang=sk --force-fieldtest=CacheSize/CacheSizeGroup_6/ConnCountImpact/conn_count_6/ConnnectBackupJobs/ConnectBackupJobsEnabled/DnsImpact/default_enabled_prefetch/DnsParallelism/parallel_default/GlobalSdch/global_enable_sdch/IdleSktToImpact/idle_timeout_60/Prefetch/ContentPrefetchDisabled/ProxyConnectionImpact/proxy_connections_32/SSLFalseStart/FalseStart_disabled/SpdyCwnd/cwndDynamic/SpdyImpact/npn_with_spdy/ --channel=6136.074948A8.1747774646 /prefetch:3
"C:\Users\Ashok28\AppData\Local\Google\Chrome\Application\chrome.exe" --type=renderer --disable-client-side-phishing-detection --lang=sk --force-fieldtest=CacheSize/CacheSizeGroup_6/ConnCountImpact/conn_count_6/ConnnectBackupJobs/ConnectBackupJobsEnabled/DnsImpact/default_enabled_prefetch/DnsParallelism/parallel_default/GlobalSdch/global_enable_sdch/IdleSktToImpact/idle_timeout_60/Prefetch/ContentPrefetchDisabled/ProxyConnectionImpact/proxy_connections_32/SSLFalseStart/FalseStart_disabled/SpdyCwnd/cwndDynamic/SpdyImpact/npn_with_spdy/ --channel=6136.07493338.390880327 /prefetch:3
"C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe2_ Global\UsGthrCtrlFltPipeMssGthrPipe2 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon"
"C:\Windows\system32\SearchFilterHost.exe" 0 544 548 556 65536 552
C:\Windows\system32\DllHost.exe /Processid:{E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}
C:\Windows\system32\DllHost.exe /Processid:{E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}
"C:\Users\Ashok28\Downloads\RSITx64.exe"
C:\Windows\system32\wbem\wmiprvse.exe

======Scheduled tasks folder======

C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2094344383-1364548060-3467643000-1011Core.job
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2094344383-1364548060-3467643000-1011UA.job
C:\Windows\tasks\HPCeeScheduleForDushan.job

=========Mozilla firefox=========

ProfilePath - C:\Users\Ashok28\AppData\Roaming\Mozilla\Firefox\Profiles\bhel8jjn.default

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 10.1 Plugin
"Path"=C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@Apple.com/iTunes,version=]
"Description"=iTunes Detector Plug-in
"Path"=

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@Apple.com/iTunes,version=1.0]
"Description"=
"Path"=C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@Google.com/GoogleEarthPlugin]
"Description"=Google Earth in your browser
"Path"=C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@google.com/npPicasa3,version=3.0.0]
"Description"=Picasa3 plugin
"Path"=C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@java.com/JavaPlugin]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=disabled

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=c:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrl.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922]
"Description"=WLPG Install MIME type
"Path"=C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109]
"Description"=WLPG Install MIME type
"Path"=C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513]
"Description"=WLPG Install MIME type
"Path"=C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@pandonetworks.com/PandoWebPlugin]
"Description"=This plugin detects and launches Pando Media Booster
"Path"=C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@real.com/nppl3260;version=6.0.12.709]
"Description"=RealPlayer(tm) LiveConnect-Enabled Plug-In
"Path"=C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@real.com/nprjplug;version=1.0.3.709]
"Description"=RealJukebox Netscape Plugin
"Path"=C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprjplug.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.709]
"Description"=6.0.12.709
"Path"=C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpjplug.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=]
"Description"=
"Path"=

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=3]
"Description"=Google Update
"Path"=C:\Program Files (x86)\Google\Update\1.3.21.57\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=9]
"Description"=Google Update
"Path"=C:\Program Files (x86)\Google\Update\1.3.21.57\npGoogleUpdate3.dll


[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=disabled

C:\Program Files (x86)\Mozilla Firefox\extensions\
{972ce4c6-7e08-4474-a285-3208198ce6fd}
{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}
{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
{CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA}
{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}

C:\Program Files (x86)\Mozilla Firefox\components\
binary.manifest
browsercomps.dll
nppl3260.xpt
nsIQTScriptablePlugin.xpt
nsJSRealPlayerPlugin.xpt

C:\Program Files (x86)\Mozilla Firefox\plugins\
np-mswmp.dll
npdeployJava1.dll
NPOFF12.DLL
nppdf32.dll
nppl3260.dll
npqtplugin.dll
npqtplugin2.dll
npqtplugin3.dll
npqtplugin4.dll
npqtplugin5.dll
npqtplugin6.dll
npqtplugin7.dll
nprjplug.dll
nprpjplug.dll
npwachk.dll
QuickTimePlugin.class
WMP Firefox Plugin License.rtf
WMP Firefox Plugin RelNotes.txt

C:\Program Files (x86)\Mozilla Firefox\searchplugins\
atlas-sk.xml
azet-sk.xml
dunaj-sk.xml
eBay.xml
google.xml
slovnik-sk.xml
wikipedia-sk.xml
zoznam-sk.xml

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{395610AE-C624-4f58-B89E-23733EA00F9A}]
DigitalPersona Personal Extension - C:\Program Files\DigitalPersona\Bin\DpOtsPluginIe8.dll [2009-07-01 1888832]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live ID Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28 529280]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-09-20 43520]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-09-22 75200]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{395610AE-C624-4f58-B89E-23733EA00F9A}]
DigitalPersona Personal Extension - C:\Program Files (x86)\DigitalPersona\Bin\DpOtsPluginIe8.dll [2009-07-01 1256512]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Pomocník pri prihlasovaní v konte Windows Live ID - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28 441216]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll [2011-05-04 42272]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2010-05-27 2096424]
"SmartMenu"=C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe [2009-07-21 610872]
"egui"=C:\Program Files\ESET\ESET Smart Security\egui.exe [2009-05-14 2692520]
"Windows Mobile Device Center"=C:\Windows\WindowsMobile\wmdc.exe [2007-05-31 660360]
"IntelTBRunOnce"=wscript.exe //b //nologo C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs []
"AdobeAAMUpdater-1.0"=C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2010-03-06 500208]
"SysTrayApp"=C:\Program Files\IDT\WDM\sttray64.exe [2010-03-23 487424]
"IntelliPoint"=C:\Program Files\Microsoft IntelliPoint\ipoint.exe [2009-05-26 2314120]
"IAAnotif"=C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe [2009-10-13 186904]
"EvtMgr6"=C:\Program Files\Logitech\SetPointP\SetPoint.exe [2011-06-24 1744152]
"Bluetooth Connection Assistant"=LBTWIZ.EXE -silent []

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"LightScribe Control Panel"=C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe [2009-06-17 2363392]
"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2010-11-20 1475584]
"FileZilla Server Interface"=C:\Program Files (x86)\FileZilla Server\FileZilla Server Interface.exe [2011-06-07 2573312]
"DS3 Tool"=C:\Program Files\MotioninJoy\ds3\DS3_Tool.exe [2011-01-01 110352]
"Patcher_EFIGS.exe"=C:\Users\Ashok28\AppData\Roaming\Patcher_EFIGS.exe []
"mgOJxI.exe"=C:\Users\Ashok28\AppData\Roaming\mgOJxI.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS5ServiceManager]
C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe [2010-02-22 406992]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Comrade.exe]
C:\Program Files (x86)\GameSpy\Comrade\Comrade.exe [2007-06-29 36864]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Corel File Shell Monitor]
C:\Program Files (x86)\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe [2009-06-22 16712]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe [2010-09-16 1164584]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ICQ]
C:\Program Files (x86)\ICQ7.5\ICQ.exe silent loginmode=4 []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
C:\Program Files (x86)\iTunes\iTunesHelper.exe [2011-07-19 421736]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogMeIn Hamachi Ui]
C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe [2011-05-25 1951112]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ManyCam]
C:\Program Files (x86)\ManyCam\Bin\ManyCam.exe [2011-03-21 1752136]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Suite Tray]
C:\Program Files (x86)\Nokia\Nokia PC Suite 7\PCSuite.exe [2010-05-14 1479680]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files (x86)\QuickTime\QTTask.exe [2010-11-29 421888]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RGSC]
C:\Program Files (x86)\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe /silent []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTBatteryMeter]
C:\Program Files (x86)\VibrateGameDeviceDriver\RFPIcon.exe [2003-01-16 49152]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
C:\Program Files (x86)\Skype\Phone\Skype.exe [2011-06-15 15141768]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Companion]
C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe [2011-02-28 427008]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
C:\Program Files (x86)\Steam\Steam.exe [2011-07-25 1242448]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SwitchBoard]
C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe [2010-03-11 202256]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
C:\Program Files (x86)\Winamp\winampa.exe [2010-12-02 74752]

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"DpAgent"=C:\Program Files (x86)\DigitalPersona\Bin\dpagent.exe [2009-07-01 842816]
"QlbCtrl.exe"=C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe [2009-06-24 320056]
"UpdatePRCShortCut"=C:\Program Files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe [2009-05-19 222504]
"WirelessAssistant"=C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe [2010-03-23 500792]
"LogMeIn Hamachi Ui"=C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe [2011-05-25 1951112]
"amd_dc_opt"=C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe [2008-07-22 77824]
"iTunesHelper"=C:\Program Files (x86)\iTunes\iTunesHelper.exe [2011-07-19 421736]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
Bluetooth.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe

C:\Users\Ashok28\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
mgOJxI.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\LBTWlgn]
c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll [2011-06-17 68376]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\Windows\system32\webcheck.dll [2011-06-22 249344]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Hamachi2Svc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"WallpaperStyle"=2
"LogonHoursAction"=2
"DontDisplayLogonHoursWarnings"=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5
"ConsentPromptBehaviorUser"=3
"EnableUIADesktopToggle"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVYU"=msyuv.dll
"VIDC.IYUV"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"VIDC.YVU9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"MSVideo8"=VfWWDM32.dll
"wave5"=wdmaud.drv
"midi5"=wdmaud.drv
"mixer5"=wdmaud.drv
"VIDC.FPS1"=frapsv64.dll
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"wave6"=wdmaud.drv
"mixer6"=wdmaud.drv
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"wave2"=wdmaud.drv
"midi2"=wdmaud.drv
"mixer2"=wdmaud.drv
"wave3"=wdmaud.drv
"midi3"=wdmaud.drv
"mixer3"=wdmaud.drv
"wave4"=wdmaud.drv
"midi4"=wdmaud.drv
"mixer4"=wdmaud.drv

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.txt - open - "C:\Program Files (x86)\PSPad editor\PSPad.exe" "%1"

======List of files/folders created in the last 1 month======

2011-07-25 21:58:34 ----D---- C:\Program Files\iTunes
2011-07-25 21:58:34 ----D---- C:\Program Files\iPod
2011-07-25 21:55:38 ----D---- C:\Program Files\Bonjour
2011-07-25 15:41:15 ----D---- C:\Program Files (x86)\Rovio
2011-07-21 23:09:19 ----D---- C:\Users\Ashok28\AppData\Roaming\Logitech
2011-07-21 22:12:50 ----D---- C:\ProgramData\Logitech
2011-07-21 21:42:04 ----A---- C:\Windows\system32\drivers\LNonPnP.sys
2011-07-21 21:39:49 ----D---- C:\ProgramData\Logishrd
2011-07-21 21:39:46 ----D---- C:\Program Files\Logitech
2011-07-21 21:39:14 ----D---- C:\Program Files\Common Files\LogiShrd
2011-07-20 10:26:31 ----A---- C:\Users\Ashok28\AppData\Roaming\lshss.exe
2011-07-19 14:58:46 ----D---- C:\Windows\sk
2011-07-19 14:55:55 ----D---- C:\Program Files\Windows Live
2011-07-19 13:28:45 ----D---- C:\Users\Ashok28\AppData\Roaming\Windows Live Writer
2011-07-19 09:33:50 ----D---- C:\Program Files (x86)\Passware
2011-07-14 14:45:28 ----D---- C:\Users\Ashok28\AppData\Roaming\.minecraft
2011-07-13 10:59:22 ----A---- C:\Windows\system32\KernelBase.dll
2011-07-13 10:59:21 ----A---- C:\Windows\SYSWOW64\KernelBase.dll
2011-07-13 10:59:20 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2011-07-13 10:59:20 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2011-07-13 10:59:20 ----AH---- C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2011-07-13 10:59:20 ----AH---- C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2011-07-13 10:59:20 ----AH---- C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2011-07-13 10:59:19 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2011-07-13 10:59:19 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2011-07-13 10:59:19 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-synch-l1-1-0.dll
2011-07-13 10:59:19 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2011-07-13 10:59:19 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-misc-l1-1-0.dll
2011-07-13 10:59:19 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2011-07-13 10:59:19 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-heap-l1-1-0.dll
2011-07-13 10:59:19 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-handle-l1-1-0.dll
2011-07-13 10:59:19 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-file-l1-1-0.dll
2011-07-13 10:59:19 ----AH---- C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2011-07-13 10:59:19 ----AH---- C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2011-07-13 10:59:19 ----AH---- C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2011-07-13 10:59:19 ----AH---- C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2011-07-13 10:59:19 ----AH---- C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2011-07-13 10:59:19 ----AH---- C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2011-07-13 10:59:19 ----AH---- C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2011-07-13 10:59:19 ----AH---- C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2011-07-13 10:59:19 ----AH---- C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2011-07-13 10:59:19 ----AH---- C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2011-07-13 10:59:18 ----AH---- C:\Windows\SYSWOW64\api-ms-win-security-base-l1-1-0.dll
2011-07-13 10:59:18 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-xstate-l1-1-0.dll
2011-07-13 10:59:18 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-util-l1-1-0.dll
2011-07-13 10:59:18 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-string-l1-1-0.dll
2011-07-13 10:59:18 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-fibers-l1-1-0.dll
2011-07-13 10:59:18 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2011-07-13 10:59:18 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-delayload-l1-1-0.dll
2011-07-13 10:59:18 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-debug-l1-1-0.dll
2011-07-13 10:59:18 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-datetime-l1-1-0.dll
2011-07-13 10:59:18 ----AH---- C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2011-07-13 10:59:18 ----AH---- C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2011-07-13 10:59:18 ----AH---- C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2011-07-13 10:59:18 ----AH---- C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2011-07-13 10:59:18 ----AH---- C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2011-07-13 10:59:18 ----AH---- C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2011-07-13 10:59:18 ----AH---- C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2011-07-13 10:59:18 ----AH---- C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2011-07-13 10:59:18 ----AH---- C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2011-07-13 10:59:18 ----AH---- C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2011-07-13 10:59:17 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2011-07-13 10:59:17 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-profile-l1-1-0.dll
2011-07-13 10:59:17 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2011-07-13 10:59:17 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2011-07-13 10:59:17 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-memory-l1-1-0.dll
2011-07-13 10:59:17 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-localization-l1-1-0.dll
2011-07-13 10:59:17 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-io-l1-1-0.dll
2011-07-13 10:59:17 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-console-l1-1-0.dll
2011-07-13 10:59:17 ----AH---- C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2011-07-13 10:59:17 ----AH---- C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2011-07-13 10:59:17 ----AH---- C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2011-07-13 10:59:17 ----AH---- C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2011-07-13 10:59:17 ----AH---- C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2011-07-13 10:59:15 ----A---- C:\Windows\system32\drivers\BTHUSB.SYS
2011-07-13 10:59:15 ----A---- C:\Windows\system32\drivers\bthport.sys
2011-07-13 10:59:14 ----A---- C:\Windows\system32\win32k.sys
2011-07-13 10:59:10 ----A---- C:\Windows\system32\wow64win.dll
2011-07-13 10:59:10 ----A---- C:\Windows\system32\winsrv.dll
2011-07-13 10:59:10 ----A---- C:\Windows\system32\kernel32.dll
2011-07-13 10:59:10 ----A---- C:\Windows\system32\conhost.exe
2011-07-13 10:59:09 ----A---- C:\Windows\SYSWOW64\wow32.dll
2011-07-13 10:59:09 ----A---- C:\Windows\SYSWOW64\setup16.exe
2011-07-13 10:59:09 ----A---- C:\Windows\SYSWOW64\ntvdm64.dll
2011-07-13 10:59:09 ----A---- C:\Windows\SYSWOW64\kernel32.dll
2011-07-13 10:59:09 ----A---- C:\Windows\SYSWOW64\instnm.exe
2011-07-13 10:59:09 ----A---- C:\Windows\system32\wow64cpu.dll
2011-07-13 10:59:09 ----A---- C:\Windows\system32\wow64.dll
2011-07-13 10:59:09 ----A---- C:\Windows\system32\ntvdm64.dll
2011-07-13 10:59:06 ----A---- C:\Windows\SYSWOW64\user.exe
2011-07-12 14:03:02 ----D---- C:\ProgramData\Blizzard Entertainment
2011-07-12 14:03:02 ----D---- C:\Program Files (x86)\StarCraft II
2011-07-12 11:34:00 ----A---- C:\Windows\system32\dns-sd.exe
2011-07-12 11:34:00 ----A---- C:\Windows\system32\dnssd.dll
2011-07-12 11:20:54 ----A---- C:\Windows\SYSWOW64\dns-sd.exe
2011-07-12 11:20:54 ----A---- C:\Windows\SYSWOW64\dnssd.dll
2011-07-10 13:13:23 ----D---- C:\Program Files (x86)\Apple Software Update
2011-07-05 15:59:15 ----D---- C:\Windows\C5C1C0F0D62F4DBF81D4D7EF397C228B.TMP
2011-07-05 15:02:52 ----D---- C:\Windows\6833245EDD86479A882A8360D62C8194.TMP
2011-07-05 14:42:48 ----D---- C:\Program Files (x86)\Eidos
2011-07-05 11:24:53 ----D---- C:\Users\Ashok28\AppData\Roaming\MotioninJoy
2011-07-05 11:24:53 ----A---- C:\Windows\system32\MijFrc.dll
2011-07-05 11:24:52 ----D---- C:\Program Files\MotioninJoy
2011-07-05 11:24:52 ----A---- C:\Windows\system32\drivers\xusb21.sys
2011-07-05 11:24:52 ----A---- C:\Windows\system32\drivers\MijXfilt.sys
2011-07-05 11:12:19 ----RHD---- C:\Users\Ashok28\AppData\Roaming\SecuROM
2011-07-05 11:10:22 ----D---- C:\Users\Ashok28\AppData\Roaming\NVIDIA
2011-07-05 11:06:19 ----D---- C:\Program Files (x86)\LibUSB-Win32-0.1.10.1
2011-07-05 11:06:19 ----A---- C:\Windows\SYSWOW64\libusbd-nt.exe
2011-07-05 11:06:19 ----A---- C:\Windows\SYSWOW64\libusbd-9x.exe
2011-07-05 11:06:19 ----A---- C:\Windows\SYSWOW64\libusb0.dll
2011-07-05 11:06:19 ----A---- C:\Windows\SYSWOW64\drivers\libusb0.sys
2011-07-04 20:39:28 ----D---- C:\Users\Ashok28\AppData\Roaming\TuneUp Software
2011-07-04 20:38:15 ----D---- C:\ProgramData\TuneUp Software
2011-07-04 20:37:55 ----SHD---- C:\ProgramData\{24036256-BFDB-4CD3-BE8A-A3D6160F2E16}
2011-07-04 20:31:20 ----D---- C:\Users\Ashok28\AppData\Roaming\FileZilla
2011-07-04 20:26:20 ----D---- C:\Program Files (x86)\FileZilla Server
2011-07-04 15:41:31 ----D---- C:\Program Files\WinRAR
2011-07-04 13:41:08 ----D---- C:\Users\Ashok28\AppData\Roaming\Corel
2011-07-03 11:52:35 ----D---- C:\Program Files (x86)\Total War Shogun 2
2011-07-02 11:36:54 ----D---- C:\Users\Ashok28\AppData\Roaming\The Creative Assembly
2011-07-02 11:11:26 ----D---- C:\Users\Ashok28\AppData\Roaming\DAEMON Tools Lite
2011-07-02 11:03:34 ----D---- C:\ProgramData\TreeCardGames
2011-07-02 11:03:33 ----D---- C:\Users\Ashok28\AppData\Roaming\MahJong Suite
2011-07-02 11:03:25 ----D---- C:\Program Files (x86)\MahJong Suite
2011-07-01 13:08:13 ----D---- C:\Users\Ashok28\AppData\Roaming\DivX
2011-07-01 09:49:17 ----D---- C:\Users\Ashok28\AppData\Roaming\Media Player Classic
2011-07-01 09:45:59 ----D---- C:\Users\Ashok28\AppData\Roaming\Winamp
2011-06-29 21:17:27 ----D---- C:\Users\Ashok28\AppData\Roaming\skypePM
2011-06-29 21:17:02 ----D---- C:\Users\Ashok28\AppData\Roaming\Skype
2011-06-29 19:43:14 ----D---- C:\Users\Ashok28\AppData\Roaming\HP TCS
2011-06-29 17:21:03 ----D---- C:\Users\Ashok28\AppData\Roaming\Mozilla
2011-06-29 14:13:56 ----D---- C:\Users\Ashok28\AppData\Roaming\PSpad
2011-06-29 14:12:08 ----D---- C:\Users\Ashok28\AppData\Roaming\Rovio
2011-06-29 14:03:48 ----D---- C:\Users\Ashok28\AppData\Roaming\Adobe
2011-06-29 13:41:12 ----D---- C:\Users\Ashok28\AppData\Roaming\WinRAR
2011-06-29 13:29:32 ----D---- C:\Users\Ashok28\AppData\Roaming\Macrovision
2011-06-29 13:28:59 ----D---- C:\Users\Ashok28\AppData\Roaming\Hewlett-Packard
2011-06-29 13:28:34 ----D---- C:\Users\Ashok28\AppData\Roaming\Apple Computer
2011-06-29 13:28:32 ----D---- C:\Users\Ashok28\AppData\Roaming\ESET
2011-06-29 13:28:31 ----D---- C:\Users\Ashok28\AppData\Roaming\DigitalPersona
2011-06-29 13:26:43 ----D---- C:\Users\Ashok28\AppData\Roaming\Identities
2011-06-29 13:26:36 ----SD---- C:\Users\Ashok28\AppData\Roaming\Microsoft
2011-06-29 13:26:36 ----D---- C:\Users\Ashok28\AppData\Roaming\Media Center Programs
2011-06-29 13:26:36 ----D---- C:\Users\Ashok28\AppData\Roaming\Macromedia
2011-06-29 08:05:00 ----A---- C:\Windows\SYSWOW64\drvinst.exe
2011-06-29 08:05:00 ----A---- C:\Windows\SYSWOW64\devrtl.dll
2011-06-29 08:05:00 ----A---- C:\Windows\SYSWOW64\devobj.dll
2011-06-29 08:05:00 ----A---- C:\Windows\SYSWOW64\cfgmgr32.dll
2011-06-29 08:05:00 ----A---- C:\Windows\system32\umpnpmgr.dll
2011-06-29 08:04:58 ----A---- C:\Windows\system32\tquery.dll
2011-06-29 08:04:58 ----A---- C:\Windows\system32\mssrch.dll
2011-06-29 08:04:57 ----A---- C:\Windows\SYSWOW64\tquery.dll
2011-06-29 08:04:57 ----A---- C:\Windows\SYSWOW64\mssrch.dll
2011-06-29 08:04:57 ----A---- C:\Windows\system32\SearchProtocolHost.exe
2011-06-29 08:04:57 ----A---- C:\Windows\system32\SearchIndexer.exe
2011-06-29 08:04:56 ----A---- C:\Windows\SYSWOW64\SearchProtocolHost.exe
2011-06-29 08:04:56 ----A---- C:\Windows\SYSWOW64\SearchIndexer.exe
2011-06-29 08:04:56 ----A---- C:\Windows\SYSWOW64\mssph.dll
2011-06-29 08:04:55 ----A---- C:\Windows\system32\SearchFilterHost.exe
2011-06-29 08:04:55 ----A---- C:\Windows\system32\mssvp.dll
2011-06-29 08:04:55 ----A---- C:\Windows\system32\mssphtb.dll
2011-06-29 08:04:55 ----A---- C:\Windows\system32\mssph.dll
2011-06-29 08:04:54 ----A---- C:\Windows\SYSWOW64\SearchFilterHost.exe
2011-06-29 08:04:54 ----A---- C:\Windows\SYSWOW64\mssvp.dll
2011-06-29 08:04:54 ----A---- C:\Windows\SYSWOW64\mssphtb.dll
2011-06-29 08:04:54 ----A---- C:\Windows\system32\msscntrs.dll
2011-06-29 08:04:53 ----A---- C:\Windows\SYSWOW64\msscntrs.dll

======List of files/folders modified in the last 1 month======

2011-07-27 12:08:31 ----D---- C:\Program Files\trend micro
2011-07-27 12:08:30 ----D---- C:\Windows\Temp
2011-07-27 12:00:07 ----D---- C:\Windows\tracing
2011-07-27 11:56:49 ----D---- C:\Windows\system32\DriverStore
2011-07-27 11:50:32 ----D---- C:\Windows\system32\config
2011-07-27 11:16:48 ----D---- C:\Windows\System32
2011-07-27 11:16:48 ----D---- C:\Windows\inf
2011-07-27 11:16:48 ----A---- C:\Windows\system32\PerfStringBackup.INI
2011-07-27 11:13:21 ----D---- C:\Windows\Prefetch
2011-07-27 11:01:50 ----D---- C:\ProgramData
2011-07-27 11:01:50 ----A---- C:\ProgramData\HPWALog.txt
2011-07-27 10:33:25 ----D---- C:\Program Files (x86)\Steam
2011-07-26 09:33:58 ----SHD---- C:\System Volume Information
2011-07-26 09:28:48 ----D---- C:\Config.Msi
2011-07-25 21:59:39 ----SHD---- C:\Windows\Installer
2011-07-25 21:59:09 ----D---- C:\Program Files (x86)\iTunes
2011-07-25 21:58:34 ----D---- C:\Program Files
2011-07-25 21:55:43 ----D---- C:\Program Files (x86)\Bonjour
2011-07-25 21:55:39 ----D---- C:\Windows\SysWOW64
2011-07-25 21:17:29 ----D---- C:\Windows\Logs
2011-07-25 21:17:28 ----HD---- C:\Windows\msdownld.tmp
2011-07-25 21:17:27 ----D---- C:\Windows\SYSWOW64\directx
2011-07-25 15:41:15 ----D---- C:\Program Files (x86)
2011-07-25 12:08:04 ----D---- C:\Program Files (x86)\The Witcher 2
2011-07-22 07:34:47 ----D---- C:\Windows
2011-07-22 07:32:42 ----D---- C:\Windows\system32\Tasks
2011-07-22 03:01:16 ----D---- C:\Windows\winsxs
2011-07-22 03:00:54 ----D---- C:\Program Files\Common Files\Microsoft Shared
2011-07-21 23:04:54 ----D---- C:\Windows\system32\drivers
2011-07-21 21:44:53 ----D---- C:\Program Files (x86)\Common Files
2011-07-21 21:41:11 ----D---- C:\Windows\system32\catroot
2011-07-21 21:39:14 ----D---- C:\Program Files\Common Files
2011-07-20 20:33:04 ----D---- C:\Program Files (x86)\JDownloader
2011-07-19 15:31:00 ----D---- C:\Windows\Microsoft.NET
2011-07-19 15:30:59 ----RSD---- C:\Windows\assembly
2011-07-19 14:56:13 ----D---- C:\Program Files (x86)\Windows Live
2011-07-14 03:19:56 ----D---- C:\Windows\AppPatch
2011-07-14 03:01:10 ----A---- C:\Windows\system32\MRT.exe
2011-07-14 03:01:03 ----D---- C:\ProgramData\Microsoft Help
2011-07-13 10:58:51 ----D---- C:\Windows\system32\catroot2
2011-07-06 10:08:57 ----D---- C:\Program Files (x86)\FileZilla FTP Client
2011-07-05 15:23:44 ----HD---- C:\Program Files (x86)\InstallShield Installation Information
2011-07-05 13:22:19 ----D---- C:\Program Files (x86)\WinRAR
2011-07-05 11:06:19 ----D---- C:\Windows\SYSWOW64\drivers
2011-07-04 15:03:33 ----RD---- C:\Program Files (x86)\Skype
2011-07-04 15:03:29 ----D---- C:\ProgramData\Skype
2011-07-03 00:02:32 ----D---- C:\ProgramData\Skype Extras
2011-07-02 03:48:22 ----D---- C:\Program Files (x86)\Google
2011-07-01 14:37:33 ----RSD---- C:\Windows\Fonts
2011-06-30 22:55:42 ----D---- C:\Windows\rescache
2011-06-29 22:27:04 ----D---- C:\Windows\SYSWOW64\ru-RU
2011-06-29 22:27:04 ----D---- C:\Program Files\Internet Explorer
2011-06-29 22:27:04 ----D---- C:\Program Files (x86)\Internet Explorer
2011-06-29 22:27:03 ----D---- C:\Windows\system32\ru-RU
2011-06-29 20:42:30 ----D---- C:\Program Files (x86)\Microsoft Office
2011-06-29 17:18:42 ----D---- C:\Program Files (x86)\Mozilla Firefox
2011-06-29 15:09:44 ----D---- C:\Windows\Tasks
2011-06-29 14:01:25 ----D---- C:\Program Files (x86)\Aurora
2011-06-29 13:26:41 ----D---- C:\$RECYCLE.BIN
2011-06-29 13:26:36 ----RD---- C:\Users

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 hpdskflt;HP Filter; C:\Windows\system32\DRIVERS\hpdskflt.sys [2011-05-13 30008]
R0 iaStor;Intel AHCI Controller; C:\Windows\system32\DRIVERS\iaStor.sys [2009-10-13 409624]
R0 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12352]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2010-11-20 213888]
R0 sptd;sptd; C:\Windows\System32\Drivers\sptd.sys [2009-11-29 834544]
R1 ehdrv;ehdrv; C:\Windows\system32\DRIVERS\ehdrv.sys [2009-05-14 134024]
R2 adfs;adfs; C:\Windows\system32\drivers\adfs.sys [2008-06-27 88632]
R2 atksgt;atksgt; C:\Windows\system32\DRIVERS\atksgt.sys [2010-07-23 314016]
R2 eamon;eamon; C:\Windows\system32\DRIVERS\eamon.sys [2009-05-14 142776]
R2 epfw;epfw; C:\Windows\system32\DRIVERS\epfw.sys [2009-05-14 165960]
R2 epfwwfp;epfwwfp; C:\Windows\system32\DRIVERS\epfwwfp.sys [2009-05-14 44944]
R2 lirsgt;lirsgt; C:\Windows\system32\DRIVERS\lirsgt.sys [2010-07-23 43680]
R2 TurboB;Turbo Boost UI Monitor driver; C:\Windows\system32\DRIVERS\TurboB.sys [2010-05-21 13832]
R3 Accelerometer;HP Mobile Data Protection Sensor; C:\Windows\system32\DRIVERS\Accelerometer.sys [2011-05-13 43320]
R3 AVerAF15;HP DVB-T TV Tuner; C:\Windows\System32\Drivers\AVerAF15.sys [2009-05-22 311424]
R3 enecir;ENE CIR Receiver; C:\Windows\system32\DRIVERS\enecir.sys [2009-06-29 70656]
R3 Epfwndis;Eset Personal Firewall; C:\Windows\system32\DRIVERS\Epfwndis.sys [2009-05-14 33608]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\Windows\system32\DRIVERS\GEARAspiWDM.sys [2009-05-18 34152]
R3 hamachi;Hamachi Network Interface; C:\Windows\system32\DRIVERS\hamachi.sys [2010-02-03 33856]
R3 HpqKbFiltr;HpqKbFilter Driver; C:\Windows\system32\DRIVERS\HpqKbFiltr.sys [2009-04-29 18432]
R3 JMCR;JMCR; C:\Windows\system32\DRIVERS\jmcr.sys [2009-07-21 140712]
R3 MarvinBus;Pinnacle Marvin Bus 64; C:\Windows\system32\DRIVERS\MarvinBus64.sys [2005-09-23 261120]
R3 NETw5s64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit; C:\Windows\system32\DRIVERS\NETw5s64.sys [2010-01-13 7675392]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver; C:\Windows\system32\drivers\nvhda64v.sys [2011-05-10 174184]
R3 pnetmdm;PdaNet Modem; C:\Windows\system32\DRIVERS\pnetmdm64.sys [2007-03-07 17920]
R3 Point64;Microsoft IntelliPoint Filter Driver; C:\Windows\system32\DRIVERS\point64k.sys [2009-05-09 33160]
R3 RTL8167;Realtek 8167 NT Driver; C:\Windows\system32\DRIVERS\Rt64win7.sys [2009-07-14 233472]
R3 STHDA;IDT High Definition Audio CODEC; C:\Windows\system32\DRIVERS\stwrt64.sys [2010-03-23 505344]
R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys [2010-05-27 320560]
R3 VCSVADHWSer;Avnex Virtual Audio Device (WDM); C:\Windows\system32\DRIVERS\vcsvad.sys [2008-12-26 21504]
S3 AgereSoftModem;Agere Systems Soft Modem; C:\Windows\system32\DRIVERS\agrsm64.sys [2009-06-10 1146880]
S3 BthEnum;Bluetooth Request Block Driver; C:\Windows\system32\drivers\BthEnum.sys [2009-07-14 41984]
S3 BthPan;Zařízení Bluetooth (síť PAN); C:\Windows\system32\DRIVERS\bthpan.sys [2009-07-14 118784]
S3 BTHPORT;Bluetooth Port Driver; C:\Windows\System32\Drivers\BTHport.sys [2011-04-28 552960]
S3 BTHUSB;Bluetooth Radio USB Driver; C:\Windows\System32\Drivers\BTHUSB.sys [2011-04-28 80384]
S3 btwaudio;Bluetooth Audio Device Service; C:\Windows\system32\drivers\btwaudio.sys [2009-07-17 98344]
S3 btwavdt;Bluetooth AVDT; C:\Windows\system32\drivers\btwavdt.sys [2009-07-17 132648]
S3 btwl2cap;Bluetooth L2CAP Service; C:\Windows\system32\DRIVERS\btwl2cap.sys [2009-07-17 35104]
S3 btwrchid;btwrchid; C:\Windows\system32\DRIVERS\btwrchid.sys [2009-07-17 21160]
S3 catchme;catchme; \??\C:\ComboFix\catchme.sys []
S3 DFUBTUSB;WIDCOMM USB Bluetooth Driver in DFU State; C:\Windows\System32\Drivers\frmupgr.sys [2009-09-08 37552]
S3 Dot4;MS IEEE-1284.4 Driver; C:\Windows\system32\DRIVERS\Dot4.sys [2009-07-14 145920]
S3 Dot4Print;Print Class Driver for IEEE-1284.4; C:\Windows\system32\drivers\Dot4Prt.sys [2010-11-20 19968]
S3 dot4usb;MS Dot4USB Filter Dot4USB Filter; C:\Windows\system32\DRIVERS\dot4usb.sys [2009-07-14 43008]
S3 DynCal;Dynamic Calibration Service; C:\Windows\system32\drivers\Dyncal.sys []
S3 ggflt;SEMC USB Flash Driver Filter; C:\Windows\system32\DRIVERS\ggflt.sys [2011-04-15 13352]
S3 ggsemc;SEMC USB Flash Driver; C:\Windows\system32\DRIVERS\ggsemc.sys [2011-04-15 27176]
S3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd64.sys [2009-06-10 6108416]
S3 Impcd;Impcd; C:\Windows\system32\DRIVERS\Impcd.sys [2009-10-12 151040]
S3 LHidFilt;Logitech SetPoint KMDF HID Filter Driver; C:\Windows\system32\DRIVERS\LHidFilt.Sys [2011-04-30 66840]
S3 libusb0;LibUsb-Win32 - Kernel Driver, Version 0.1.10.1; C:\Windows\system32\drivers\libusb0.sys []
S3 LMouFilt;Logitech SetPoint KMDF Mouse Filter Driver; C:\Windows\system32\DRIVERS\LMouFilt.Sys [2011-04-30 60184]
S3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver; C:\Windows\system32\DRIVERS\ManyCam_x64.sys [2008-03-13 27136]
S3 MotioninJoyXFilter;MotioninJoy Virtual Xinput device Filter Driver; C:\Windows\system32\DRIVERS\MijXfilt.sys [2011-01-01 97040]
S3 Netaapl;Apple Mobile Device Ethernet Service; C:\Windows\system32\DRIVERS\netaapl64.sys [2010-03-16 21504]
S3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit; C:\Windows\system32\DRIVERS\netw5v64.sys [2009-07-23 5435904]
S3 nmwcdcx64;Nokia USB Generic; C:\Windows\system32\drivers\ccdcmbox64.sys [2010-02-26 25088]
S3 nmwcdnsucx64;Nokia USB Flashing Generic; C:\Windows\system32\drivers\nmwcdnsucx64.sys [2010-02-26 12288]
S3 nmwcdnsux64;Nokia USB Flashing Phone Parent; C:\Windows\system32\drivers\nmwcdnsux64.sys [2010-02-26 173056]
S3 nmwcdx64;Nokia USB Phone Parent; C:\Windows\system32\drivers\ccdcmbx64.sys [2010-02-26 19456]
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\Windows\system32\DRIVERS\pccsmcfdx64.sys [2008-08-28 25600]
S3 RDPDR;Terminal Server Device Redirector Driver; C:\Windows\System32\drivers\rdpdr.sys [2010-11-20 165888]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver; C:\Windows\System32\drivers\rdpvideominiport.sys [2010-11-20 20992]
S3 RFCOMM;Zařízení Bluetooth (RFCOMM protokol TDI); C:\Windows\system32\DRIVERS\rfcomm.sys [2009-07-14 158720]
S3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\Windows\System32\Drivers\RootMdm.sys [2009-07-14 11264]
S3 sdbus;sdbus; C:\Windows\system32\drivers\sdbus.sys [2010-11-20 109056]
S3 SrvHsfHDA;SrvHsfHDA; C:\Windows\system32\DRIVERS\VSTAZL6.SYS [2009-06-10 292864]
S3 SrvHsfV92;SrvHsfV92; C:\Windows\system32\DRIVERS\VSTDPV6.SYS [2009-06-10 1485312]
S3 SrvHsfWinac;SrvHsfWinac; C:\Windows\system32\DRIVERS\VSTCNXT6.SYS [2009-06-10 740864]
S3 Synth3dVsc;Synth3dVsc; C:\Windows\System32\drivers\synth3dvsc.sys []
S3 teamviewervpn;TeamViewer VPN Adapter; C:\Windows\system32\DRIVERS\teamviewervpn.sys [2010-10-15 35112]
S3 TsUsbFlt;TsUsbFlt; C:\Windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
S3 tsusbhub;@%SystemRoot%\system32\drivers\tsusbhub.sys,-1; C:\Windows\system32\drivers\tsusbhub.sys []
S3 upperdev;upperdev; C:\Windows\system32\DRIVERS\usbser_lowerfltx64.sys [2010-02-26 9216]
S3 usb_rndisx;USB RNDIS Adapter; C:\Windows\system32\DRIVERS\usb8023x.sys [2009-07-14 19968]
S3 USBAAPL64;Apple Mobile USB Driver; C:\Windows\System32\Drivers\usbaapl64.sys [2011-05-10 51712]
S3 usbscan;USB Scanner Driver; C:\Windows\system32\DRIVERS\usbscan.sys [2009-07-14 41984]
S3 usbser;USB Modem Driver; C:\Windows\system32\DRIVERS\usbser.sys [2010-11-20 32768]
S3 UsbserFilt;UsbserFilt; C:\Windows\system32\DRIVERS\usbser_lowerfltx64j.sys [2010-02-26 9216]
S3 VGPU;VGPU; C:\Windows\System32\drivers\rdvgkmd.sys []
S4 CSC;@%systemroot%\system32\cscsvc.dll,-202; C:\Windows\system32\drivers\csc.sys [2010-11-20 514560]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AESTFilters;Andrea ST Filters Service; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\AESTSr64.exe [2009-03-02 89600]
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [2011-02-18 37664]
R2 Bonjour Service;Bonjour Service; C:\Program Files (x86)\Bonjour\mDNSResponder.exe [2011-07-12 387944]
R2 btwdins;Bluetooth Service; C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe [2009-07-01 864032]
R2 DpHost;@C:\Program Files (x86)\DigitalPersona\Bin\DpHostW.exe,-128; C:\Program Files (x86)\DigitalPersona\Bin\DpHostW.exe [2009-07-01 322624]
R2 ekrn;ESET Service; C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe [2009-05-14 731840]
R2 FileZilla Server;FileZilla Server FTP server; C:\Program Files (x86)\FileZilla Server\FileZilla Server.exe [2011-06-07 630272]
R2 Hamachi2Svc;LogMeIn Hamachi 2.0 Tunneling Engine; C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe [2011-05-25 2275720]
R2 HP Health Check Service;HP Health Check Service; C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe [2011-02-23 125496]
R2 HPDrvMntSvc.exe;HP Quick Synchronization Service; C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-01-25 92216]
R2 HPSLPSVC;HP Network Devices Support; C:\Windows\system32\svchost.exe [2009-07-14 27136]
R2 hpsrv;HP Service; C:\Windows\system32\Hpservice.exe [2011-05-13 30520]
R2 IAANTMON;Intel(R) Matrix Storage Event Monitor; C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe [2009-10-13 354840]
R2 LBTServ;Logitech Bluetooth Service; C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe [2011-06-17 359192]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [2009-06-17 73728]
R2 MDM;Machine Debug Manager; C:\Program Files (x86)\Common Files\Microsoft Shared\VS7Debug\mdm.exe [2003-03-19 335872]
R2 Net Driver HPZ12;Net Driver HPZ12; C:\Windows\System32\svchost.exe [2009-07-14 27136]
R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2011-05-21 1016936]
R2 nvUpdatusService;NVIDIA Update Service Daemon; C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-05-21 2214504]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\Windows\System32\svchost.exe [2009-07-14 27136]
R2 PnkBstrA;PnkBstrA; C:\Windows\syswow64\PnkBstrA.exe [2011-04-17 75136]
R2 PSI_SVC_2;Protexis Licensing V2; C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe [2007-07-24 185632]
R2 RapiMgr;@%windir%\WindowsMobile\rapimgr.dll,-104; C:\Windows\system32\svchost.exe [2009-07-14 27136]
R2 RichVideo;Cyberlink RichVideo Service(CRVS); C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [2009-01-21 247152]
R2 STacSV;Audio Service; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\STacSV64.exe [2010-03-23 247808]
R2 TeamViewer6;TeamViewer 6; C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe [2010-12-07 2228008]
R2 TurboBoost;Intel(R) Turbo Boost Technology Monitor; C:\Program Files\Intel\TurboBoost\TurboBoost.exe [2010-05-21 134928]
R2 TVCapSvc;TV Background Capture Service (TVBCS); c:\Program Files (x86)\Hewlett-Packard\Media\Live TV\Kernel\TV\TVCapSvc.exe [2009-07-24 275840]
R2 vcsFPService;Validity VCS Fingerprint Service; C:\Windows\system32\vcsFPService.exe [2009-07-12 1924400]
R3 Com4QLBEx;Com4QLBEx; C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2009-05-05 228408]
R3 hpqwmiex;HP Software Framework Service; C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe [2011-01-25 791608]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2011-07-19 934760]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
S2 gupdate;Google Update Service (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-01-20 136176]
S2 libusbd;LibUsb-Win32 - Daemon, Version 0.1.10.1; C:\Windows\syswow64\libusbd-nt.exe [2005-03-09 18944]
S3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2009-07-14 27136]
S3 aspnet_state;ASP.NET State Service; C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe []
S3 DAUpdaterSvc;Dragon Age: Prameny - aktualizace obsahu; C:\Program Files (x86)\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe [2009-12-15 25832]
S3 DfSdkS;Defragmentation-Service; C:\Program Files (x86)\Ashampoo\Ashampoo WinOptimizer 6\Dfsdks.exe [2009-08-24 544768]
S3 EhttpSrv;ESET HTTP Server; C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe [2009-05-14 23296]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2010-11-01 654848]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-01-20 136176]
S3 gusvc;Google Updater Service; C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-12-22 136120]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712]
S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S3 ServiceLayer;ServiceLayer; C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe [2010-06-14 615936]
S3 Sony Ericsson PCCompanion;Sony Ericsson PCCompanion; C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe [2011-02-10 150528]
S3 Steam Client Service;Steam Client Service; C:\Program Files (x86)\Common Files\Steam\SteamService.exe [2011-07-27 411432]
S3 SwitchBoard;SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S4 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2009-07-14 27136]

-----------------EOF-----------------

Předem děkuji za jakoukoliv pomoc :)
Nahoru
Uživatelský avatar
vyosek
VIP
VIP
Příspěvky: 56373
Registrován: 07 lis 2006 15:24
Bydliště: Šalingrad - Brno

Re: Trojan Dybalom

#2 Příspěvek od vyosek »

Zdravim a pekny den preji :)

:arrow: Stahnete RogueKiller http://www.sur-la-toile.com/RogueKiller/RogueKiller.exe
  • Ukoncete vsechny programy
  • Pokud pouzivate Win Vista ci W7, kliknete na RogueKiller pravym a dejte Run As Administrator ci Spustit jako spravce
  • Zvolte moznost 2 a potvrte enterem
  • Utilita provede svou cinnost a da log - ten sem vlozte
  • Nyni znovu, ale zvolte moznost 3 a pote jeste 4 - logy opet vlozte
"Kdo víno má a nepije,kdo hrozny má a nejí je, kdo ženu má a nelíbá, kdo zábavě se vyhýbá, na toho vemte bič a hůl, to není člověk, to je vůl."
Člen Obrázek od 1. února 2011.
Nahoru
Ashok28
Vzorný návštěvník
Vzorný návštěvník
Příspěvky: 370
Registrován: 01 kvě 2011 22:26

Re: Trojan Dybalom

#3 Příspěvek od Ashok28 »

Zde je log:

RogueKiller V5.2.8 [07/23/2011] by Tigzy
contact at http://www.sur-la-toile.com
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.sur-la-toile.com/discussion- ... ntees.html

Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User: Ashok28 [Admin rights]
Mode: Remove -- Date : 07/27/2011 12:27:35

Bad processes: 1
[SUSP PATH] lshss.exe -- c:\users\ashok28\appdata\roaming\lshss.exe -> KILLED

Registry Entries: 5
[SUSP PATH] HKCU\[...]\Run : Patcher_EFIGS.exe (C:\Users\Ashok28\AppData\Roaming\Patcher_EFIGS.exe) -> DELETED
[SUSP PATH] HKCU\[...]\Run : mgOJxI.exe (C:\Users\Ashok28\AppData\Roaming\mgOJxI.exe) -> DELETED
[SUSP PATH] mgOJxI.exe : C:\Users\Ashok28\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mgOJxI.exe -> DELETED
[HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

HOSTS File:
127.0.0.1 localhost


Finished : << RKreport[1].txt >>
RKreport[1].txt
xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx

Hned vložím i ty další.
Ještě bych vás rád požádal o radu ohledně antiviru. Vzhledem k tomu že mi končí licence na Eset Smart Security zajímalo by mě do kterého AV bych měl podle vás investovat. Předem děkuji :)
Naposledy upravil(a) Ashok28 dne 27 črc 2011 11:33, celkem upraveno 1 x.
Nahoru
Uživatelský avatar
vyosek
VIP
VIP
Příspěvky: 56373
Registrován: 07 lis 2006 15:24
Bydliště: Šalingrad - Brno

Re: Trojan Dybalom

#4 Příspěvek od vyosek »

:arrow: Ohledne zabezpeceni bych sel do balicku NIS ci KIS - jsou na vetsi urovni nez ESS

PROSIM CTETE DUKLADNE NAVOD - TATO UTILITA MA VELKOU SCHOPNOST MAZAT A JE NUTNE JI APLIKOVAT JEN NA DOPORUCENI, JINAK VAM MUZE JIT SYSTEM DO KYTEK
:arrow: Stahnete a ulozte na plochu Combofix http://download.bleepingcomputer.com/sUBs/ComboFix.exe
  • Vypnete vsechny rezidentni bezpecnostní programy - firewally, antiviry, antispywary apod.
  • Pokud mate Win XP spustte pod uctem Spravce\Administratora
  • Pokud mate Win Vista ci Win 7, kliknete na Combofix pravym a dejte Run As Administrator ci Spustit jako spravce
  • Ihned po startu se zobrazi stranka s licencnim ujednanim, pokracujte kliknutim na Ano
  • Pokud Vam CF nabidne instalaci Konzoly pro zotaveni, tak souhlaste
  • Dale postupujte dle pokynu, behem scanu nechte PC naprosto v klidu - nespoustejte zadne aplikace a neklikejte do zobrazujiciho se okna
  • Scan by mel trvat cca 10 min, ale pokud bude PC hodne zaneseno, muze se cas prodlouzit
  • Po dokonceni skenu a pripadnem restartu CF zobrazi log, pripadne jej najdete zde C:\ComboFix.txt, jeho obsah sem vlozte
  • Detailni postup vc. obrazku mate zde http://www.bleepingcomputer.com/combofi ... t-combofix
"Kdo víno má a nepije,kdo hrozny má a nejí je, kdo ženu má a nelíbá, kdo zábavě se vyhýbá, na toho vemte bič a hůl, to není člověk, to je vůl."
Člen Obrázek od 1. února 2011.
Nahoru
Ashok28
Vzorný návštěvník
Vzorný návštěvník
Příspěvky: 370
Registrován: 01 kvě 2011 22:26

Re: Trojan Dybalom

#5 Příspěvek od Ashok28 »

Hned jdu na ten CF.
Zde jsou ještě ty další logy:


RogueKiller V5.2.8 [07/23/2011] by Tigzy
contact at http://www.sur-la-toile.com
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.sur-la-toile.com/discussion- ... ntees.html

Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User: Ashok28 [Admin rights]
Mode: HOSTSFix -- Date : 07/27/2011 12:31:35

Bad processes: 0

HOSTS File:
127.0.0.1 localhost


Resetted HOSTS:
127.0.0.1 localhost

Finished : << RKreport[2].txt >>
RKreport[1].txt ; RKreport[2].txt



Další log:

RogueKiller V5.2.8 [07/23/2011] by Tigzy
contact at http://www.sur-la-toile.com
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.sur-la-toile.com/discussion- ... ntees.html

Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User: Ashok28 [Admin rights]
Mode: ProxyFix -- Date : 07/27/2011 12:32:45

Bad processes: 0

Registry Entries: 0

Finished : << RKreport[5].txt >>
RKreport[1].txt ; RKreport[2].txt ; RKreport[3].txt ; RKreport[4].txt ; RKreport[5].txt
Nahoru
Uživatelský avatar
vyosek
VIP
VIP
Příspěvky: 56373
Registrován: 07 lis 2006 15:24
Bydliště: Šalingrad - Brno

Re: Trojan Dybalom

#6 Příspěvek od vyosek »

vyborne :wink:
"Kdo víno má a nepije,kdo hrozny má a nejí je, kdo ženu má a nelíbá, kdo zábavě se vyhýbá, na toho vemte bič a hůl, to není člověk, to je vůl."
Člen Obrázek od 1. února 2011.
Nahoru
Ashok28
Vzorný návštěvník
Vzorný návštěvník
Příspěvky: 370
Registrován: 01 kvě 2011 22:26

Re: Trojan Dybalom

#7 Příspěvek od Ashok28 »

Zde je log:

ComboFix 11-07-27.01 - Ashok28 . 07. 2011 12:37:04.3.8 - x64
Microsoft Windows 7 Ultimate 6.1.7601.1.1250.421.1051.18.4087.2019 [GMT 2:00]
Running from: c:\users\Ashok28\Desktop\ComboFix.exe
AV: ESET Smart Security 4.0 *Disabled/Updated* {CB0F8167-5331-BA19-698E-64816B6801A5}
FW: ESET personal firewall *Disabled* {F3340042-195E-BB41-42D1-CDB495BB46DE}
SP: ESET Smart Security 4.0 *Disabled/Updated* {706E6083-750B-B597-533E-5FF310EF4B18}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Ashok28\AppData\Roaming\lshss.exe
c:\windows\system32\no
c:\windows\system32\no\DPCrProv.dll.mui
c:\windows\system32\no\DPSDApi.dll.mui
c:\windows\system32\SV
c:\windows\system32\SV\DPCrProv.dll.mui
c:\windows\system32\SV\DPSDApi.dll.mui
c:\windows\SysWow64\no
c:\windows\SysWow64\no\DPCrProv.dll.mui
c:\windows\SysWow64\no\DPSDApi.dll.mui
c:\windows\SysWow64\SV
c:\windows\SysWow64\SV\DPCrProv.dll.mui
c:\windows\SysWow64\SV\DPSDApi.dll.mui
.
.
((((((((((((((((((((((((( Files Created from 2011-06-27 to 2011-07-27 )))))))))))))))))))))))))))))))
.
.
2011-07-27 10:44 . 2011-07-27 10:44 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2011-07-27 10:44 . 2011-07-27 10:44 -------- d-----w- c:\users\Public\AppData\Local\temp
2011-07-27 10:44 . 2011-07-27 10:44 -------- d-----w- c:\users\Dushan\AppData\Local\temp
2011-07-27 10:44 . 2011-07-27 10:44 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-07-27 10:44 . 2011-07-27 10:44 -------- d-----w- c:\users\Slovintel\AppData\Local\temp
2011-07-27 10:34 . 2011-07-27 10:34 -------- d-----w- C:\32788R22FWJFW
2011-07-26 07:34 . 2011-07-13 04:53 8578896 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{1C359701-6F16-459C-87B7-F1F1070EFE63}\mpengine.dll
2011-07-25 19:58 . 2011-07-25 19:59 -------- d-----w- c:\program files\iTunes
2011-07-25 19:58 . 2011-07-25 19:58 -------- d-----w- c:\program files\iPod
2011-07-25 19:55 . 2011-07-25 19:55 -------- d-----w- c:\program files\Bonjour
2011-07-25 13:41 . 2011-07-25 13:41 -------- d-----w- c:\program files (x86)\Rovio
2011-07-21 20:12 . 2011-07-21 20:12 -------- d-----w- c:\programdata\Logitech
2011-07-21 19:44 . 2011-07-21 19:44 53248 ----a-r- c:\users\Dushan\AppData\Roaming\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe
2011-07-21 19:44 . 2011-07-21 19:44 -------- d-----w- c:\users\Dushan\AppData\Roaming\Leadertech
2011-07-21 19:44 . 2011-07-21 19:44 -------- d-----w- c:\program files (x86)\Common Files\LogiShrd
2011-07-21 19:42 . 2011-07-21 19:42 18960 ----a-w- c:\windows\system32\drivers\LNonPnP.sys
2011-07-21 19:39 . 2011-07-21 19:44 -------- d-----w- c:\programdata\Logishrd
2011-07-21 19:39 . 2011-07-21 19:40 -------- d-----w- c:\program files\Logitech
2011-07-21 19:39 . 2011-07-21 19:44 -------- d-----w- c:\program files\Common Files\LogiShrd
2011-07-21 19:39 . 2011-07-21 20:12 -------- d-----w- c:\users\Dushan\AppData\Roaming\Logitech
2011-07-21 19:39 . 2011-07-21 19:39 -------- d-----w- c:\users\Dushan\AppData\Roaming\Logishrd
2011-07-19 12:58 . 2011-07-19 12:58 -------- d-----w- c:\windows\sk
2011-07-19 12:55 . 2011-07-19 12:55 -------- d-----w- c:\program files\Windows Live
2011-07-19 12:55 . 2011-07-19 12:55 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2011-07-19 07:33 . 2011-07-19 07:33 -------- d-----w- c:\program files (x86)\Passware
2011-07-12 12:03 . 2011-07-13 08:48 -------- d-----w- c:\program files (x86)\StarCraft II
2011-07-12 12:03 . 2011-07-12 13:31 -------- d-----w- c:\programdata\Blizzard Entertainment
2011-07-12 09:34 . 2011-07-12 09:34 96104 ----a-w- c:\windows\system32\dns-sd.exe
2011-07-12 09:34 . 2011-07-12 09:34 85864 ----a-w- c:\windows\system32\dnssd.dll
2011-07-12 09:20 . 2011-07-12 09:20 83816 ----a-w- c:\windows\SysWow64\dns-sd.exe
2011-07-12 09:20 . 2011-07-12 09:20 73064 ----a-w- c:\windows\SysWow64\dnssd.dll
2011-07-10 18:09 . 2011-07-14 01:21 -------- d-----w- c:\program files (x86)\Common Files\Blizzard Entertainment
2011-07-10 11:13 . 2011-07-10 11:13 -------- d-----w- c:\program files (x86)\Apple Software Update
2011-07-06 08:10 . 2011-07-06 08:10 -------- d-----w- c:\users\Dushan\AppData\Roaming\TuneUp Software
2011-07-05 13:59 . 2011-07-05 13:59 -------- d-----w- c:\windows\C5C1C0F0D62F4DBF81D4D7EF397C228B.TMP
2011-07-05 13:02 . 2011-07-05 13:02 -------- d-----w- c:\windows\6833245EDD86479A882A8360D62C8194.TMP
2011-07-05 12:42 . 2011-07-05 12:42 -------- d-----w- c:\program files (x86)\Eidos
2011-07-05 09:24 . 2010-05-03 14:12 328712 ----a-w- c:\windows\system32\MijFrc.dll
2011-07-05 09:24 . 2011-07-05 09:24 -------- d-----w- c:\program files\MotioninJoy
2011-07-05 09:24 . 2011-01-01 08:12 97040 ----a-w- c:\windows\system32\drivers\MijXfilt.sys
2011-07-05 09:24 . 2010-08-19 17:24 74960 ----a-w- c:\windows\system32\drivers\xusb21.sys
2011-07-05 09:06 . 2011-07-05 09:06 -------- d-----w- c:\program files (x86)\LibUSB-Win32-0.1.10.1
2011-07-05 09:06 . 2005-03-09 18:50 19456 ----a-w- c:\windows\SysWow64\libusbd-9x.exe
2011-07-05 09:06 . 2005-03-09 18:50 18944 ----a-w- c:\windows\SysWow64\libusbd-nt.exe
2011-07-05 09:06 . 2005-03-09 18:50 33792 ----a-w- c:\windows\SysWow64\drivers\libusb0.sys
2011-07-05 09:06 . 2005-03-09 18:50 46592 ----a-w- c:\windows\SysWow64\libusb0.dll
2011-07-04 18:38 . 2011-07-04 18:40 -------- d-----w- c:\programdata\TuneUp Software
2011-07-04 18:37 . 2011-07-04 18:37 -------- d-sh--w- c:\programdata\{24036256-BFDB-4CD3-BE8A-A3D6160F2E16}
2011-07-04 18:26 . 2011-07-04 18:26 -------- d-----w- c:\program files (x86)\FileZilla Server
2011-07-03 09:52 . 2011-07-03 10:13 -------- d-----w- c:\program files (x86)\Total War Shogun 2
2011-07-02 09:03 . 2011-07-02 09:03 -------- d-----w- c:\programdata\TreeCardGames
2011-07-02 09:03 . 2011-07-02 09:03 -------- d-----w- c:\program files (x86)\MahJong Suite
2011-06-29 15:18 . 2010-01-01 08:00 2106216 ----a-w- c:\program files (x86)\Mozilla Firefox\D3DCompiler_43.dll
2011-06-29 15:18 . 2010-01-01 08:00 1998168 ----a-w- c:\program files (x86)\Mozilla Firefox\d3dx9_43.dll
2011-06-29 11:26 . 2011-07-14 12:37 -------- d-----w- c:\users\Ashok28
2011-06-29 06:05 . 2011-05-24 11:42 404480 ----a-w- c:\windows\system32\umpnpmgr.dll
2011-06-29 06:05 . 2011-05-24 10:40 64512 ----a-w- c:\windows\SysWow64\devobj.dll
2011-06-29 06:05 . 2011-05-24 10:40 44544 ----a-w- c:\windows\SysWow64\devrtl.dll
2011-06-29 06:05 . 2011-05-24 10:39 145920 ----a-w- c:\windows\SysWow64\cfgmgr32.dll
2011-06-29 06:05 . 2011-05-24 10:37 252928 ----a-w- c:\windows\SysWow64\drvinst.exe
2011-06-27 13:17 . 2011-06-27 13:17 -------- d-----w- c:\programdata\{E91883C8-8CDC-46A4-A45F-CB40EB82ED60}
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-07-19 07:37 . 2011-05-18 16:21 404640 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-06-23 20:04 . 2009-11-27 19:44 952 --sha-w- c:\programdata\KGyGaAvL.sys
2011-06-21 23:15 . 2011-06-21 23:15 91648 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2011-06-21 23:15 . 2011-06-21 23:15 89088 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2011-06-21 23:15 . 2011-06-21 23:15 86528 ----a-w- c:\windows\SysWow64\iesysprep.dll
2011-06-21 23:15 . 2011-06-21 23:15 85504 ----a-w- c:\windows\system32\iesetup.dll
2011-06-21 23:15 . 2011-06-21 23:15 76800 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2011-06-21 23:15 . 2011-06-21 23:15 76800 ----a-w- c:\windows\system32\tdc.ocx
2011-06-21 23:15 . 2011-06-21 23:15 74752 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe
2011-06-21 23:15 . 2011-06-21 23:15 74752 ----a-w- c:\windows\SysWow64\iesetup.dll
2011-06-21 23:15 . 2011-06-21 23:15 63488 ----a-w- c:\windows\SysWow64\tdc.ocx
2011-06-21 23:15 . 2011-06-21 23:15 603648 ----a-w- c:\windows\system32\vbscript.dll
2011-06-21 23:15 . 2011-06-21 23:15 49664 ----a-w- c:\windows\system32\imgutil.dll
2011-06-21 23:15 . 2011-06-21 23:15 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2011-06-21 23:15 . 2011-06-21 23:15 48640 ----a-w- c:\windows\system32\mshtmler.dll
2011-06-21 23:15 . 2011-06-21 23:15 448512 ----a-w- c:\windows\system32\html.iec
2011-06-21 23:15 . 2011-06-21 23:15 420864 ----a-w- c:\windows\SysWow64\vbscript.dll
2011-06-21 23:15 . 2011-06-21 23:15 367104 ----a-w- c:\windows\SysWow64\html.iec
2011-06-21 23:15 . 2011-06-21 23:15 35840 ----a-w- c:\windows\SysWow64\imgutil.dll
2011-06-21 23:15 . 2011-06-21 23:15 30720 ----a-w- c:\windows\system32\licmgr10.dll
2011-06-21 23:15 . 2011-06-21 23:15 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
2011-06-21 23:15 . 2011-06-21 23:15 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2011-06-21 23:15 . 2011-06-21 23:15 23552 ----a-w- c:\windows\SysWow64\licmgr10.dll
2011-06-21 23:15 . 2011-06-21 23:15 2303488 ----a-w- c:\windows\system32\jscript9.dll
2011-06-21 23:15 . 2011-06-21 23:15 222208 ----a-w- c:\windows\system32\msls31.dll
2011-06-21 23:15 . 2011-06-21 23:15 1797632 ----a-w- c:\windows\SysWow64\jscript9.dll
2011-06-21 23:15 . 2011-06-21 23:15 173056 ----a-w- c:\windows\system32\ieUnatt.exe
2011-06-21 23:15 . 2011-06-21 23:15 165888 ----a-w- c:\windows\system32\iexpress.exe
2011-06-21 23:15 . 2011-06-21 23:15 161792 ----a-w- c:\windows\SysWow64\msls31.dll
2011-06-21 23:15 . 2011-06-21 23:15 160256 ----a-w- c:\windows\system32\wextract.exe
2011-06-21 23:15 . 2011-06-21 23:15 152064 ----a-w- c:\windows\SysWow64\wextract.exe
2011-06-21 23:15 . 2011-06-21 23:15 150528 ----a-w- c:\windows\SysWow64\iexpress.exe
2011-06-21 23:15 . 2011-06-21 23:15 1492992 ----a-w- c:\windows\system32\inetcpl.cpl
2011-06-21 23:15 . 2011-06-21 23:15 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2011-06-21 23:15 . 2011-06-21 23:15 1427456 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2011-06-21 23:15 . 2011-06-21 23:15 1389056 ----a-w- c:\windows\system32\wininet.dll
2011-06-21 23:15 . 2011-06-21 23:15 135168 ----a-w- c:\windows\system32\IEAdvpack.dll
2011-06-21 23:15 . 2011-06-21 23:15 12288 ----a-w- c:\windows\system32\mshta.exe
2011-06-21 23:15 . 2011-06-21 23:15 11776 ----a-w- c:\windows\SysWow64\mshta.exe
2011-06-21 23:15 . 2011-06-21 23:15 114176 ----a-w- c:\windows\system32\admparse.dll
2011-06-21 23:15 . 2011-06-21 23:15 1126912 ----a-w- c:\windows\SysWow64\wininet.dll
2011-06-21 23:15 . 2011-06-21 23:15 111616 ----a-w- c:\windows\system32\iesysprep.dll
2011-06-21 23:15 . 2011-06-21 23:15 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2011-06-21 23:15 . 2011-06-21 23:15 101888 ----a-w- c:\windows\SysWow64\admparse.dll
2011-06-08 15:29 . 2011-06-08 15:29 679936 ----a-w- c:\windows\system32\LA Noire.scr
2011-06-08 15:29 . 2011-06-08 15:29 679936 ------w- c:\windows\SysWow64\LA Noire.scr
2011-06-03 05:57 . 2011-07-13 08:59 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2011-05-24 17:14 . 2009-11-27 20:09 270720 ------w- c:\windows\system32\MpSigStub.exe
2011-05-21 06:01 . 2011-06-16 14:23 67176 ----a-w- c:\windows\system32\OpenCL.dll
2011-05-21 06:01 . 2011-06-16 14:23 57960 ----a-w- c:\windows\SysWow64\OpenCL.dll
2011-05-21 06:01 . 2011-06-16 14:23 7123560 ----a-w- c:\windows\system32\nvcuda.dll
2011-05-21 06:01 . 2011-06-16 14:23 5301352 ----a-w- c:\windows\SysWow64\nvcuda.dll
2011-05-21 06:01 . 2011-06-16 14:23 2943592 ----a-w- c:\windows\system32\nvcuvid.dll
2011-05-21 06:01 . 2011-06-16 14:23 2804328 ----a-w- c:\windows\SysWow64\nvcuvid.dll
2011-05-21 06:01 . 2011-06-16 14:23 22286952 ----a-w- c:\windows\system32\nvoglv64.dll
2011-05-21 06:01 . 2011-06-16 14:23 2212968 ----a-w- c:\windows\system32\nvcuvenc.dll
2011-05-21 06:01 . 2011-06-16 14:23 2082408 ----a-w- c:\windows\SysWow64\nvcuvenc.dll
2011-05-21 06:01 . 2011-06-16 14:23 18583144 ----a-w- c:\windows\system32\nvcompiler.dll
2011-05-21 06:01 . 2011-06-16 14:23 16456296 ----a-w- c:\windows\SysWow64\nvoglv32.dll
2011-05-21 06:01 . 2011-06-16 14:23 15223912 ----a-w- c:\windows\system32\nvd3dumx.dll
2011-05-21 06:01 . 2011-06-16 14:23 1496168 ----a-w- c:\windows\system32\nvdispco6420150.dll
2011-05-21 06:01 . 2011-06-16 14:23 1427048 ----a-w- c:\windows\system32\nvgenco642090.dll
2011-05-21 06:01 . 2011-06-16 14:23 13206120 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys
2011-05-21 06:01 . 2011-06-16 14:23 13011560 ----a-w- c:\windows\SysWow64\nvcompiler.dll
2011-05-21 06:01 . 2011-06-16 14:23 11992680 ----a-w- c:\windows\SysWow64\nvd3dum.dll
2011-05-21 06:01 . 2011-05-21 16:40 6555240 ----a-w- c:\windows\SysWow64\nvwgf2um.dll
2011-05-21 06:01 . 2011-05-21 16:40 2335848 ----a-w- c:\windows\SysWow64\nvapi.dll
2011-05-21 06:01 . 2011-04-07 21:19 326760 ----a-w- c:\windows\system32\nvhotkey.dll
2011-05-21 06:01 . 2011-04-07 21:19 2560616 ----a-w- c:\windows\system32\nvsvcr.dll
2011-05-21 06:01 . 2011-04-07 21:19 117864 ----a-w- c:\windows\system32\nvmctray.dll
2011-05-21 06:01 . 2011-04-07 21:19 1016936 ----a-w- c:\windows\system32\nvvsvc.exe
2011-05-21 06:01 . 2011-04-07 21:19 739432 ----a-w- c:\windows\system32\easyupdatusapiu64.dll
2011-05-21 06:01 . 2011-04-07 21:19 6300776 ----a-w- c:\windows\system32\nvcpl.dll
2011-05-21 06:01 . 2011-04-07 21:18 3040872 ----a-w- c:\windows\system32\nvsvc64.dll
2011-05-21 06:01 . 2009-07-23 22:01 8863336 ----a-w- c:\windows\system32\nvwgf2umx.dll
2011-05-21 06:01 . 2009-07-23 22:01 2644584 ----a-w- c:\windows\system32\nvapi64.dll
2011-05-21 06:01 . 2009-07-23 13:40 61544 ----a-w- c:\windows\system32\nvshext.dll
2011-05-13 16:58 . 2011-05-13 16:58 17720 ----a-w- c:\windows\system32\HPMDPCoInst12.dll
2011-05-13 16:58 . 2009-07-08 11:49 30008 ----a-w- c:\windows\system32\drivers\hpdskflt.sys
2011-05-13 16:58 . 2011-05-13 16:58 30520 ----a-w- c:\windows\system32\hpservice.exe
2011-05-13 16:58 . 2011-05-13 16:58 20792 ----a-w- c:\windows\system32\accelerometerdll.DLL
2011-05-13 16:57 . 2011-05-13 16:57 43320 ----a-w- c:\windows\system32\drivers\Accelerometer.sys
2011-05-13 13:42 . 2011-05-13 13:42 302448 ----a-w- c:\windows\WLXPGSS.SCR
2011-05-10 09:41 . 2011-06-16 14:23 29288 ----a-w- c:\windows\system32\nvhdap64.dll
2011-05-10 09:41 . 2011-06-16 14:23 174184 ----a-w- c:\windows\system32\drivers\nvhda64v.sys
2011-05-10 09:41 . 2011-05-21 16:40 1426536 ----a-w- c:\windows\system32\nvhdagenco642040.dll
2011-05-10 06:06 . 2011-05-10 06:06 51712 ----a-w- c:\windows\system32\drivers\usbaapl64.sys
2011-05-10 06:06 . 2011-05-10 06:06 4517664 ----a-w- c:\windows\system32\usbaaplrc.dll
2011-05-04 02:52 . 2010-06-26 14:45 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2011-05-03 05:29 . 2011-06-14 22:37 976896 ----a-w- c:\windows\system32\inetcomm.dll
2011-05-03 04:30 . 2011-06-14 22:37 741376 ----a-w- c:\windows\SysWow64\inetcomm.dll
2011-04-30 11:59 . 2011-04-30 11:59 52504 ----a-w- c:\windows\system32\LBTCoIns.DLL
2011-04-30 11:59 . 2011-04-30 11:59 55064 ----a-w- c:\windows\system32\LMouFiltCoInst.dll
2011-04-30 11:59 . 2011-04-30 11:59 66840 ----a-w- c:\windows\system32\drivers\LHidFilt.Sys
2011-04-30 11:59 . 2011-04-30 11:59 60184 ----a-w- c:\windows\system32\drivers\LMouFilt.Sys
2011-04-30 11:59 . 2011-04-30 11:59 1845528 ----a-w- c:\windows\system32\LkmdfCoInst.dll
2011-04-29 03:06 . 2011-06-14 22:38 467456 ----a-w- c:\windows\system32\drivers\srv.sys
2011-04-29 03:05 . 2011-06-14 22:38 410112 ----a-w- c:\windows\system32\drivers\srv2.sys
2011-04-29 03:05 . 2011-06-14 22:38 168448 ----a-w- c:\windows\system32\drivers\srvnet.sys
.
.
((((((((((((((((((((((((((((( SnapShot@2011-06-20_17.12.22 )))))))))))))))))))))))))))))))))))))))))
.
- 2009-07-13 23:16 . 2009-07-14 01:14 25600 c:\windows\SysWOW64\setup16.exe
+ 2011-07-13 08:59 . 2011-06-03 05:57 25600 c:\windows\SysWOW64\setup16.exe
+ 2011-06-29 06:04 . 2011-05-04 04:28 86528 c:\windows\SysWOW64\SearchFilterHost.exe
- 2009-07-14 00:13 . 2009-07-14 01:14 86528 c:\windows\SysWOW64\SearchFilterHost.exe
+ 2011-06-21 23:15 . 2011-06-21 23:15 54272 c:\windows\SysWOW64\pngfilt.dll
- 2011-02-10 18:48 . 2011-02-10 18:48 54272 c:\windows\SysWOW64\pngfilt.dll
+ 2011-07-13 08:59 . 2011-06-03 06:00 14336 c:\windows\SysWOW64\ntvdm64.dll
- 2009-07-13 23:15 . 2009-07-14 01:16 14336 c:\windows\SysWOW64\ntvdm64.dll
+ 2011-06-29 06:04 . 2011-05-04 04:32 59392 c:\windows\SysWOW64\msscntrs.dll
- 2009-07-14 00:12 . 2009-07-14 01:15 59392 c:\windows\SysWOW64\msscntrs.dll
- 2011-02-10 18:48 . 2011-02-10 18:48 72704 c:\windows\SysWOW64\mshtmled.dll
+ 2011-06-21 23:15 . 2011-06-21 23:15 72704 c:\windows\SysWOW64\mshtmled.dll
+ 2011-06-21 23:15 . 2011-06-21 23:15 10752 c:\windows\SysWOW64\msfeedssync.exe
+ 2011-06-21 23:15 . 2011-06-21 23:15 41472 c:\windows\SysWOW64\msfeedsbs.dll
- 2011-02-10 18:48 . 2011-02-10 18:48 41472 c:\windows\SysWOW64\msfeedsbs.dll
- 2011-02-10 18:48 . 2011-02-10 18:48 66048 c:\windows\SysWOW64\migration\WininetPlugin.dll
+ 2011-06-21 23:15 . 2011-06-21 23:15 66048 c:\windows\SysWOW64\migration\WininetPlugin.dll
+ 2011-06-21 23:15 . 2011-06-21 23:15 65024 c:\windows\SysWOW64\jsproxy.dll
+ 2011-06-21 23:15 . 2011-06-21 23:15 78848 c:\windows\SysWOW64\inseng.dll
- 2011-02-10 18:48 . 2011-02-10 18:48 78848 c:\windows\SysWOW64\inseng.dll
- 2011-02-10 18:48 . 2011-02-10 18:48 31744 c:\windows\SysWOW64\iernonce.dll
+ 2011-06-21 23:15 . 2011-06-21 23:15 31744 c:\windows\SysWOW64\iernonce.dll
+ 2011-06-21 23:15 . 2011-06-21 23:15 74240 c:\windows\SysWOW64\ie4uinit.exe
- 2011-02-10 18:48 . 2011-02-10 18:48 74240 c:\windows\SysWOW64\ie4uinit.exe
+ 2011-06-21 23:15 . 2011-06-21 23:15 66048 c:\windows\SysWOW64\icardie.dll
- 2011-02-10 18:48 . 2011-02-10 18:48 66048 c:\windows\SysWOW64\icardie.dll
+ 2009-07-14 04:54 . 2011-07-18 21:30 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-14 04:54 . 2011-06-20 13:45 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:54 . 2011-07-18 21:30 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2011-06-20 13:45 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2011-06-20 13:45 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2011-07-18 21:30 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2011-02-26 17:44 . 2010-11-20 04:27 13312 c:\windows\system32\wow64cpu.dll
+ 2011-07-13 08:59 . 2011-06-03 06:57 13312 c:\windows\system32\wow64cpu.dll
+ 2009-09-20 04:22 . 2011-07-26 07:31 79476 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2011-07-27 09:52 39438 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2009-11-27 19:41 . 2011-07-20 12:24 10670 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2094344383-1364548060-3467643000-1001_UserData.bin
+ 2011-06-21 23:15 . 2011-06-21 23:15 65024 c:\windows\system32\pngfilt.dll
- 2011-02-10 18:48 . 2011-02-10 18:48 65024 c:\windows\system32\pngfilt.dll
- 2009-12-12 11:24 . 2011-06-19 09:11 26188 c:\windows\system32\perfc01B.dat
+ 2009-12-12 11:24 . 2011-07-27 09:16 26188 c:\windows\system32\perfc01B.dat
- 2009-07-13 23:26 . 2009-07-14 01:41 16384 c:\windows\system32\ntvdm64.dll
+ 2011-07-13 08:59 . 2011-06-03 06:57 16384 c:\windows\system32\ntvdm64.dll
- 2009-07-14 00:29 . 2009-07-14 01:41 75264 c:\windows\system32\msscntrs.dll
+ 2011-06-29 06:04 . 2011-05-04 05:22 75264 c:\windows\system32\msscntrs.dll
- 2011-02-10 18:48 . 2011-02-10 18:48 96256 c:\windows\system32\mshtmled.dll
+ 2011-06-21 23:15 . 2011-06-21 23:15 96256 c:\windows\system32\mshtmled.dll
+ 2011-06-21 23:15 . 2011-06-21 23:15 10752 c:\windows\system32\msfeedssync.exe
- 2011-02-10 18:48 . 2011-02-10 18:48 55296 c:\windows\system32\msfeedsbs.dll
+ 2011-06-21 23:15 . 2011-06-21 23:15 55296 c:\windows\system32\msfeedsbs.dll
+ 2011-06-21 23:15 . 2011-06-21 23:15 86528 c:\windows\system32\migration\WininetPlugin.dll
- 2011-02-10 18:48 . 2011-02-10 18:48 86528 c:\windows\system32\migration\WininetPlugin.dll
- 2011-02-10 18:48 . 2011-02-10 18:48 85504 c:\windows\system32\jsproxy.dll
+ 2011-06-21 23:15 . 2011-06-21 23:15 85504 c:\windows\system32\jsproxy.dll
+ 2011-06-21 23:15 . 2011-06-21 23:15 39936 c:\windows\system32\iernonce.dll
- 2011-02-10 18:48 . 2011-02-10 18:48 39936 c:\windows\system32\iernonce.dll
+ 2011-06-21 23:15 . 2011-06-21 23:15 89088 c:\windows\system32\ie4uinit.exe
- 2011-02-10 18:48 . 2011-02-10 18:48 89088 c:\windows\system32\ie4uinit.exe
- 2011-02-10 18:48 . 2011-02-10 18:48 82432 c:\windows\system32\icardie.dll
+ 2011-06-21 23:15 . 2011-06-21 23:15 82432 c:\windows\system32\icardie.dll
- 2009-07-14 05:30 . 2011-06-19 09:11 86016 c:\windows\system32\DriverStore\infpub.dat
+ 2009-07-14 05:30 . 2011-07-27 09:56 86016 c:\windows\system32\DriverStore\infpub.dat
+ 2011-07-05 09:24 . 2010-08-19 17:24 74960 c:\windows\system32\DriverStore\FileRepository\mijxinput.inf_amd64_neutral_452fabe792a00d17\x64\xusb21.sys
+ 2011-07-05 09:24 . 2011-01-01 08:12 97040 c:\windows\system32\DriverStore\FileRepository\mijxinput.inf_amd64_neutral_452fabe792a00d17\x64\MijXfilt.sys
+ 2011-04-30 11:59 . 2011-04-30 11:59 55064 c:\windows\system32\DriverStore\FileRepository\lfmouhid.inf_amd64_neutral_713f4a01216d6929\LMouFiltCoInst.dll
+ 2011-04-30 11:59 . 2011-04-30 11:59 60184 c:\windows\system32\DriverStore\FileRepository\lfmouhid.inf_amd64_neutral_713f4a01216d6929\LMouFilt.Sys
+ 2011-04-30 11:59 . 2011-04-30 11:59 66840 c:\windows\system32\DriverStore\FileRepository\lfmouhid.inf_amd64_neutral_713f4a01216d6929\LHidFilt.Sys
+ 2011-04-30 11:59 . 2011-04-30 11:59 66840 c:\windows\system32\DriverStore\FileRepository\lfkbdhid.inf_amd64_neutral_b81b61bb6f92c6d3\LHidFilt.Sys
+ 2011-04-30 11:59 . 2011-04-30 11:59 42776 c:\windows\system32\DriverStore\FileRepository\lfhidusb.inf_amd64_neutral_16b2e239f5355707\LUsbFilt.sys
+ 2011-04-30 11:59 . 2011-04-30 11:59 66840 c:\windows\system32\DriverStore\FileRepository\lfhidhid.inf_amd64_neutral_c0deb827da6ec7d7\LHidFilt.Sys
+ 2011-04-30 11:59 . 2011-04-30 11:59 15128 c:\windows\system32\DriverStore\FileRepository\lfhideqd.inf_amd64_neutral_a1f199434efad04b\LHidEqd.sys
+ 2011-04-30 11:59 . 2011-04-30 11:59 76056 c:\windows\system32\DriverStore\FileRepository\lfeqdusb.inf_amd64_neutral_22b6c2cb24bb48f2\LEqdUsb.sys
+ 2011-04-30 11:59 . 2011-04-30 11:59 52504 c:\windows\system32\DriverStore\FileRepository\lbtcoins.inf_amd64_neutral_da83c8097fa362bb\LBTCoIns.DLL
+ 2009-09-08 21:50 . 2009-09-08 21:50 37552 c:\windows\system32\DriverStore\FileRepository\frmupgr.inf_amd64_neutral_b5d2e43c95cabb3d\frmupgr.sys
+ 2011-07-13 08:59 . 2011-04-28 03:54 80384 c:\windows\system32\DriverStore\FileRepository\bth.inf_amd64_neutral_ca26c6da62d71ca8\BTHUSB.SYS
+ 2009-07-14 00:06 . 2009-07-14 00:06 41984 c:\windows\system32\DriverStore\FileRepository\bth.inf_amd64_neutral_ca26c6da62d71ca8\bthenum.sys
+ 2011-05-13 16:58 . 2011-05-13 16:58 30520 c:\windows\system32\DriverStore\FileRepository\accelerometer.inf_amd64_neutral_c8b1e093c46a3e18\amd64\hpservice.exe
+ 2011-05-13 16:58 . 2011-05-13 16:58 17720 c:\windows\system32\DriverStore\FileRepository\accelerometer.inf_amd64_neutral_c8b1e093c46a3e18\amd64\HPMDPCoInst12.dll
+ 2011-05-13 16:58 . 2011-05-13 16:58 30008 c:\windows\system32\DriverStore\FileRepository\accelerometer.inf_amd64_neutral_c8b1e093c46a3e18\amd64\hpdskflt.sys
+ 2011-05-13 16:58 . 2011-05-13 16:58 20792 c:\windows\system32\DriverStore\FileRepository\accelerometer.inf_amd64_neutral_c8b1e093c46a3e18\amd64\accelerometerdll.DLL
+ 2011-05-13 16:57 . 2011-05-13 16:57 43320 c:\windows\system32\DriverStore\FileRepository\accelerometer.inf_amd64_neutral_c8b1e093c46a3e18\amd64\Accelerometer.sys
+ 2009-09-08 21:50 . 2009-09-08 21:50 37552 c:\windows\system32\drivers\frmupgr.sys
+ 2011-07-13 08:59 . 2011-04-28 03:54 80384 c:\windows\system32\drivers\BTHUSB.SYS
- 2011-02-26 17:44 . 2010-11-20 01:44 80384 c:\windows\system32\drivers\BTHUSB.SYS
- 2009-11-26 01:27 . 2011-06-20 17:11 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-11-26 01:27 . 2011-07-27 09:50 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-11-26 01:27 . 2011-07-27 09:50 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-11-26 01:27 . 2011-06-20 17:11 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2011-07-27 09:50 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:54 . 2011-06-20 17:11 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:46 . 2011-07-24 08:48 92712 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat
+ 2011-07-19 12:59 . 2011-07-19 12:59 23552 c:\windows\Installer\1303ece2.msp
+ 2010-10-06 12:28 . 2010-10-06 12:28 29696 c:\windows\Installer\1303ecdd.msi
+ 2011-07-19 12:59 . 2011-07-19 12:59 61952 c:\windows\Installer\1303ecd7.msp
+ 2011-07-19 12:53 . 2011-07-19 12:53 30208 c:\windows\Installer\1303ec88.msp
+ 2011-07-19 12:53 . 2011-07-19 12:53 70144 c:\windows\Installer\1303ec7e.msi
+ 2011-07-19 12:54 . 2011-07-19 12:54 39936 c:\windows\Installer\1303eb6b.msp
+ 2010-10-06 12:21 . 2010-10-06 12:21 74240 c:\windows\Installer\1303eb66.msi
+ 2011-07-19 12:54 . 2011-07-19 12:54 26112 c:\windows\Installer\1303eb5d.msi
+ 2011-07-02 01:48 . 2011-07-02 01:48 65536 c:\windows\Installer\{B3FED300-806C-11E0-A0D0-B8AC6F97B88E}\UNINST_Uninstall_G_F6A848FB884248E6A4CDCBDCF41F6A74_1.exe
+ 2011-07-02 01:48 . 2011-07-02 01:48 65536 c:\windows\Installer\{B3FED300-806C-11E0-A0D0-B8AC6F97B88E}\UNINST_Uninstall_G_F6A848FB884248E6A4CDCBDCF41F6A74.exe
+ 2011-07-02 01:48 . 2011-07-02 01:48 65536 c:\windows\Installer\{B3FED300-806C-11E0-A0D0-B8AC6F97B88E}\ShortcutOGL_EB071909B9884F8CBF3D6115D4ADEE5E.exe
+ 2011-07-02 01:48 . 2011-07-02 01:48 65536 c:\windows\Installer\{B3FED300-806C-11E0-A0D0-B8AC6F97B88E}\ShortcutDX_EB071909B9884F8CBF3D6115D4ADEE5E.exe
+ 2011-07-02 01:48 . 2011-07-02 01:48 65536 c:\windows\Installer\{B3FED300-806C-11E0-A0D0-B8AC6F97B88E}\googleearth.exe1_F6A848FB884248E6A4CDCBDCF41F6A74.exe
+ 2011-07-02 01:48 . 2011-07-02 01:48 65536 c:\windows\Installer\{B3FED300-806C-11E0-A0D0-B8AC6F97B88E}\googleearth.exe_F6A848FB884248E6A4CDCBDCF41F6A74.exe
+ 2011-07-02 01:48 . 2011-07-02 01:48 65536 c:\windows\Installer\{B3FED300-806C-11E0-A0D0-B8AC6F97B88E}\ARPPRODUCTICON.exe
- 2009-12-12 13:13 . 2011-06-15 01:17 35088 c:\windows\Installer\{91120000-0031-0000-0000-0000000FF1CE}\oisicon.exe
+ 2009-12-12 13:13 . 2011-07-14 01:01 35088 c:\windows\Installer\{91120000-0031-0000-0000-0000000FF1CE}\oisicon.exe
+ 2009-12-12 13:13 . 2011-07-14 01:01 18704 c:\windows\Installer\{91120000-0031-0000-0000-0000000FF1CE}\mspicons.exe
- 2009-12-12 13:13 . 2011-06-15 01:17 18704 c:\windows\Installer\{91120000-0031-0000-0000-0000000FF1CE}\mspicons.exe
+ 2009-12-12 13:13 . 2011-07-14 01:01 20240 c:\windows\Installer\{91120000-0031-0000-0000-0000000FF1CE}\cagicon.exe
- 2009-12-12 13:13 . 2011-06-15 01:17 20240 c:\windows\Installer\{91120000-0031-0000-0000-0000000FF1CE}\cagicon.exe
+ 2011-07-10 11:13 . 2011-07-10 11:13 27136 c:\windows\Installer\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}\AppleSoftwareUpdateIco.exe
+ 2011-07-25 13:41 . 2011-07-25 13:41 81350 c:\windows\Installer\{4D634FB6-42BB-42AB-A37A-DCFF95CD654D}\AngryBirdsRio.exe
+ 2011-06-27 13:23 . 2010-05-19 07:31 14904 c:\windows\Help\OEM\Scripts\launchWebChat.exe
- 2010-12-20 18:26 . 2010-05-19 07:31 14904 c:\windows\Help\OEM\Scripts\launchWebChat.exe
- 2010-12-20 18:26 . 2010-07-16 11:51 14904 c:\windows\Help\OEM\Scripts\LaunchHPForums.exe
+ 2011-06-27 13:23 . 2010-07-16 11:51 14904 c:\windows\Help\OEM\Scripts\LaunchHPForums.exe
+ 2011-06-27 13:23 . 2009-10-07 10:33 49152 c:\windows\Help\OEM\Scripts\Interop.TaskScheduler.dll
- 2010-12-20 18:26 . 2009-10-07 10:33 49152 c:\windows\Help\OEM\Scripts\Interop.TaskScheduler.dll
- 2010-12-20 18:26 . 2009-08-14 09:22 20744 c:\windows\Help\OEM\Scripts\checkMui.dll
+ 2011-06-27 13:23 . 2009-08-14 08:22 20744 c:\windows\Help\OEM\Scripts\checkMui.dll
- 2010-12-20 18:26 . 2009-11-24 10:05 58632 c:\windows\Help\OEM\Scripts\HPSAUpdaterObj.exe
+ 2011-06-27 13:23 . 2009-11-24 10:05 58632 c:\windows\Help\OEM\Scripts\HPSAUpdaterObj.exe
+ 2011-06-27 13:23 . 2009-10-08 13:10 23816 c:\windows\Help\OEM\Scripts\HPSAScript.exe
- 2010-12-20 18:26 . 2009-10-08 13:10 23816 c:\windows\Help\OEM\Scripts\HPSAScript.exe
+ 2011-06-27 13:23 . 2010-10-27 12:28 11320 c:\windows\Help\OEM\Scripts\HPSARedirectorLauncher.exe
- 2010-10-27 12:28 . 2010-10-27 12:28 11320 c:\windows\Help\OEM\Scripts\HPSARedirectorLauncher.exe
+ 2011-07-19 13:29 . 2011-07-19 13:29 61440 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLiveWriter\b157714d9a1eecaee02d81f42659673d\WindowsLiveWriter.ni.exe
+ 2011-07-19 13:30 . 2011-07-19 13:30 80896 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\5021733bc84350d4e639b00f51bad421\WindowsLive.Writer.Passport.ni.dll
- 2010-12-20 18:22 . 2010-12-20 18:22 92728 c:\windows\assembly\GAC_MSIL\hpcasl\3.5.1.1__9c6f83d5b7f3d097\hpcasl.dll
+ 2011-06-27 13:19 . 2011-06-27 13:19 92728 c:\windows\assembly\GAC_MSIL\hpcasl\3.5.1.1__9c6f83d5b7f3d097\hpcasl.dll
+ 2011-06-27 13:19 . 2011-06-27 13:19 12856 c:\windows\assembly\GAC_MSIL\HP.SupportAssistant\5.0.1.1__ff8a51a3dda870ab\HP.SupportAssistant.dll
- 2010-12-20 18:21 . 2010-12-20 18:21 12856 c:\windows\assembly\GAC_MSIL\HP.SupportAssistant\5.0.1.1__ff8a51a3dda870ab\HP.SupportAssistant.dll
+ 2011-06-27 13:19 . 2011-06-27 13:19 77368 c:\windows\assembly\GAC_MSIL\CaslShared\3.5.1.1__9c6f83d5b7f3d097\CaslShared.dll
- 2011-06-16 13:15 . 2011-06-16 13:15 12800 c:\windows\assembly\GAC\Microsoft.DirectX.Diagnostics\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Diagnostics.dll
+ 2011-07-05 13:38 . 2011-07-05 13:38 12800 c:\windows\assembly\GAC\Microsoft.DirectX.Diagnostics\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Diagnostics.dll
+ 2011-07-05 13:38 . 2011-07-05 13:38 53248 c:\windows\assembly\GAC\Microsoft.DirectX.AudioVideoPlayback\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.AudioVideoPlayback.dll
- 2011-06-16 13:15 . 2011-06-16 13:15 53248 c:\windows\assembly\GAC\Microsoft.DirectX.AudioVideoPlayback\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.AudioVideoPlayback.dll
+ 2011-07-13 08:59 . 2011-06-03 05:56 5120 c:\windows\SysWOW64\wow32.dll
- 2009-07-13 23:15 . 2009-07-14 01:11 5120 c:\windows\SysWOW64\wow32.dll
+ 2011-07-13 08:59 . 2011-06-03 03:53 2048 c:\windows\SysWOW64\user.exe
- 2009-07-13 23:15 . 2009-07-13 23:15 2048 c:\windows\SysWOW64\user.exe
- 2009-07-13 23:16 . 2009-07-13 23:16 7680 c:\windows\SysWOW64\instnm.exe
+ 2011-07-13 08:59 . 2011-06-03 03:53 7680 c:\windows\SysWOW64\instnm.exe
- 2009-07-13 23:10 . 2009-07-13 23:10 6144 c:\windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
+ 2011-07-13 08:59 . 2011-06-03 03:48 6144 c:\windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
- 2009-07-13 23:10 . 2009-07-13 23:10 3584 c:\windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
+ 2011-07-13 08:59 . 2011-06-03 03:48 3584 c:\windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
+ 2011-07-13 08:59 . 2011-06-03 03:48 3072 c:\windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
- 2009-07-13 23:10 . 2009-07-13 23:10 3072 c:\windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
+ 2011-07-13 08:59 . 2011-06-03 03:48 4608 c:\windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
- 2009-07-13 23:10 . 2009-07-13 23:10 4608 c:\windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
+ 2011-07-13 08:59 . 2011-06-03 05:47 4096 c:\windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
- 2009-07-13 23:10 . 2009-07-14 01:03 4096 c:\windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
+ 2011-07-13 08:59 . 2011-06-03 05:47 4096 c:\windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
- 2009-07-13 23:10 . 2009-07-14 01:03 4096 c:\windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
- 2009-07-13 23:10 . 2009-07-14 01:03 3072 c:\windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
+ 2011-07-13 08:59 . 2011-06-03 05:47 3072 c:\windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
+ 2011-07-13 08:59 . 2011-06-03 05:47 3072 c:\windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
- 2009-07-13 23:10 . 2009-07-14 01:03 3072 c:\windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
+ 2011-07-13 08:59 . 2011-06-03 05:47 3072 c:\windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
- 2009-07-13 23:10 . 2009-07-14 01:03 3072 c:\windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
+ 2011-07-13 08:59 . 2011-06-03 05:47 4608 c:\windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
- 2009-07-13 23:10 . 2009-07-14 01:03 4608 c:\windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
+ 2011-07-13 08:59 . 2011-06-03 05:47 3584 c:\windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
- 2009-07-13 23:10 . 2009-07-14 01:03 3584 c:\windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
- 2009-07-13 23:10 . 2009-07-14 01:03 3584 c:\windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
+ 2011-07-13 08:59 . 2011-06-03 05:47 3584 c:\windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
- 2009-07-13 23:10 . 2009-07-14 01:03 4096 c:\windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
+ 2011-07-13 08:59 . 2011-06-03 05:47 4096 c:\windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
+ 2011-07-13 08:59 . 2011-06-03 05:47 3584 c:\windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
- 2009-07-13 23:10 . 2009-07-14 01:03 3584 c:\windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
- 2009-07-13 23:10 . 2009-07-14 01:03 4096 c:\windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
+ 2011-07-13 08:59 . 2011-06-03 05:47 4096 c:\windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
- 2009-07-13 23:10 . 2009-07-14 01:03 4096 c:\windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
+ 2011-07-13 08:59 . 2011-06-03 05:47 4096 c:\windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
- 2009-07-13 23:10 . 2009-07-14 01:03 3584 c:\windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
+ 2011-07-13 08:59 . 2011-06-03 05:47 3584 c:\windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
- 2009-07-13 23:10 . 2009-07-14 01:03 3072 c:\windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
+ 2011-07-13 08:59 . 2011-06-03 05:47 3072 c:\windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
- 2009-07-13 23:10 . 2009-07-14 01:03 3584 c:\windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
+ 2011-07-13 08:59 . 2011-06-03 05:47 3584 c:\windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
+ 2011-07-13 08:59 . 2011-06-03 05:47 3584 c:\windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
- 2009-07-13 23:10 . 2009-07-14 01:03 3584 c:\windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
- 2009-07-13 23:10 . 2009-07-14 01:03 3072 c:\windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
+ 2011-07-13 08:59 . 2011-06-03 05:47 3072 c:\windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
+ 2011-07-13 08:59 . 2011-06-03 05:47 5120 c:\windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
- 2009-07-13 23:10 . 2009-07-14 01:03 5120 c:\windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
- 2009-07-13 23:10 . 2009-07-14 01:03 3072 c:\windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
+ 2011-07-13 08:59 . 2011-06-03 05:47 3072 c:\windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
- 2009-07-13 23:10 . 2009-07-14 01:03 3072 c:\windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
+ 2011-07-13 08:59 . 2011-06-03 05:47 3072 c:\windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
+ 2011-07-13 08:59 . 2011-06-03 05:47 3072 c:\windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
- 2009-07-13 23:10 . 2009-07-14 01:03 3072 c:\windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
- 2009-07-13 23:10 . 2009-07-14 01:03 3072 c:\windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
+ 2011-07-13 08:59 . 2011-06-03 05:47 3072 c:\windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
+ 2011-07-13 08:59 . 2011-06-03 05:47 3072 c:\windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
- 2009-07-13 23:10 . 2009-07-14 01:03 3072 c:\windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
+ 2011-07-13 08:59 . 2011-06-03 05:47 3072 c:\windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
- 2009-07-13 23:10 . 2009-07-14 01:03 3072 c:\windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
+ 2009-12-20 19:59 . 2011-07-14 01:20 6010 c:\windows\system32\wdi\ERCQueuedResolutions.dat
+ 2009-12-22 17:54 . 2011-07-06 21:09 3402 c:\windows\system32\wdi\{88d4896f-f553-446a-9c75-9dec124ff8b7}.bin
+ 2011-07-03 06:35 . 2011-07-27 09:52 4476 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2094344383-1364548060-3467643000-1011_UserData.bin
Nahoru
Ashok28
Vzorný návštěvník
Vzorný návštěvník
Příspěvky: 370
Registrován: 01 kvě 2011 22:26

Re: Trojan Dybalom

#8 Příspěvek od Ashok28 »

+ 2011-07-13 08:59 . 2011-06-03 06:44 6144 c:\windows\system32\api-ms-win-security-base-l1-1-0.dll
- 2009-07-13 23:18 . 2009-07-14 01:24 6144 c:\windows\system32\api-ms-win-security-base-l1-1-0.dll
+ 2011-07-13 08:59 . 2011-06-03 06:44 3072 c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
- 2009-07-13 23:18 . 2009-07-14 01:24 3072 c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
- 2009-07-13 23:18 . 2009-07-14 01:24 3072 c:\windows\system32\api-ms-win-core-util-l1-1-0.dll
+ 2011-07-13 08:59 . 2011-06-03 06:44 3072 c:\windows\system32\api-ms-win-core-util-l1-1-0.dll
- 2009-07-13 23:18 . 2009-07-14 01:24 4608 c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
+ 2011-07-13 08:59 . 2011-06-03 06:44 4608 c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
+ 2011-07-13 08:59 . 2011-06-03 06:44 4096 c:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
- 2009-07-13 23:18 . 2009-07-14 01:24 4096 c:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
- 2009-07-13 23:18 . 2009-07-14 01:24 4096 c:\windows\system32\api-ms-win-core-synch-l1-1-0.dll
+ 2011-07-13 08:59 . 2011-06-03 06:44 4096 c:\windows\system32\api-ms-win-core-synch-l1-1-0.dll
- 2009-07-13 23:18 . 2009-07-14 01:24 3072 c:\windows\system32\api-ms-win-core-string-l1-1-0.dll
+ 2011-07-13 08:59 . 2011-06-03 06:44 3072 c:\windows\system32\api-ms-win-core-string-l1-1-0.dll
- 2009-07-13 23:18 . 2009-07-14 01:24 3584 c:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
+ 2011-07-13 08:59 . 2011-06-03 06:44 3584 c:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
- 2009-07-13 23:18 . 2009-07-14 01:24 3072 c:\windows\system32\api-ms-win-core-profile-l1-1-0.dll
+ 2011-07-13 08:59 . 2011-06-03 06:44 3072 c:\windows\system32\api-ms-win-core-profile-l1-1-0.dll
+ 2011-07-13 08:59 . 2011-06-03 06:44 4608 c:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
- 2009-07-13 23:18 . 2009-07-14 01:24 4608 c:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
- 2009-07-13 23:18 . 2009-07-14 01:24 3584 c:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
+ 2011-07-13 08:59 . 2011-06-03 06:44 3584 c:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
- 2009-07-13 23:18 . 2009-07-14 01:24 3584 c:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
+ 2011-07-13 08:59 . 2011-06-03 06:44 3584 c:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
- 2009-07-13 23:18 . 2009-07-14 01:24 3584 c:\windows\system32\api-ms-win-core-misc-l1-1-0.dll
+ 2011-07-13 08:59 . 2011-06-03 06:44 3584 c:\windows\system32\api-ms-win-core-misc-l1-1-0.dll
+ 2011-07-13 08:59 . 2011-06-03 06:44 3584 c:\windows\system32\api-ms-win-core-memory-l1-1-0.dll
- 2009-07-13 23:18 . 2009-07-14 01:24 3584 c:\windows\system32\api-ms-win-core-memory-l1-1-0.dll
+ 2011-07-13 08:59 . 2011-06-03 06:44 4096 c:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
- 2009-07-13 23:18 . 2009-07-14 01:24 4096 c:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
- 2009-07-13 23:18 . 2009-07-14 01:24 4096 c:\windows\system32\api-ms-win-core-localization-l1-1-0.dll
+ 2011-07-13 08:59 . 2011-06-03 06:44 4096 c:\windows\system32\api-ms-win-core-localization-l1-1-0.dll
+ 2011-07-13 08:59 . 2011-06-03 06:44 3584 c:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
- 2009-07-13 23:18 . 2009-07-14 01:24 3584 c:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
+ 2011-07-13 08:59 . 2011-06-03 06:44 3072 c:\windows\system32\api-ms-win-core-io-l1-1-0.dll
- 2009-07-13 23:18 . 2009-07-14 01:24 3072 c:\windows\system32\api-ms-win-core-io-l1-1-0.dll
+ 2011-07-13 08:59 . 2011-06-03 06:44 3072 c:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
- 2009-07-13 23:18 . 2009-07-14 01:24 3072 c:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
- 2009-07-13 23:18 . 2009-07-14 01:24 3584 c:\windows\system32\api-ms-win-core-heap-l1-1-0.dll
+ 2011-07-13 08:59 . 2011-06-03 06:44 3584 c:\windows\system32\api-ms-win-core-heap-l1-1-0.dll
+ 2011-07-13 08:59 . 2011-06-03 06:44 3072 c:\windows\system32\api-ms-win-core-handle-l1-1-0.dll
- 2009-07-13 23:18 . 2009-07-14 01:24 3072 c:\windows\system32\api-ms-win-core-handle-l1-1-0.dll
- 2009-07-13 23:18 . 2009-07-14 01:24 5120 c:\windows\system32\api-ms-win-core-file-l1-1-0.dll
+ 2011-07-13 08:59 . 2011-06-03 06:44 5120 c:\windows\system32\api-ms-win-core-file-l1-1-0.dll
+ 2011-07-13 08:59 . 2011-06-03 06:44 3072 c:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll
- 2009-07-13 23:18 . 2009-07-14 01:24 3072 c:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll
+ 2011-07-13 08:59 . 2011-06-03 06:44 3072 c:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
- 2009-07-13 23:18 . 2009-07-14 01:24 3072 c:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
+ 2011-07-13 08:59 . 2011-06-03 06:44 3072 c:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll
- 2009-07-13 23:18 . 2009-07-14 01:24 3072 c:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll
- 2009-07-13 23:18 . 2009-07-14 01:24 3072 c:\windows\system32\api-ms-win-core-debug-l1-1-0.dll
+ 2011-07-13 08:59 . 2011-06-03 06:44 3072 c:\windows\system32\api-ms-win-core-debug-l1-1-0.dll
- 2009-07-13 23:18 . 2009-07-14 01:24 3072 c:\windows\system32\api-ms-win-core-datetime-l1-1-0.dll
+ 2011-07-13 08:59 . 2011-06-03 06:44 3072 c:\windows\system32\api-ms-win-core-datetime-l1-1-0.dll
- 2009-07-13 23:18 . 2009-07-14 01:24 3072 c:\windows\system32\api-ms-win-core-console-l1-1-0.dll
+ 2011-07-13 08:59 . 2011-06-03 06:44 3072 c:\windows\system32\api-ms-win-core-console-l1-1-0.dll
- 2009-10-19 23:30 . 2011-05-12 01:20 2190 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Bluetooth\bthservsdp.dat
+ 2009-10-19 23:30 . 2011-07-05 11:20 2190 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Bluetooth\bthservsdp.dat
- 2011-06-20 17:11 . 2011-06-20 17:11 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2011-07-27 09:50 . 2011-07-27 09:50 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2011-06-20 17:11 . 2011-06-20 17:11 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2011-07-27 09:50 . 2011-07-27 09:50 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2010-12-20 18:26 . 2006-09-29 13:28 4096 c:\windows\Help\OEM\Scripts\Interop.HelpPane.dll
+ 2011-06-27 13:23 . 2006-09-29 12:28 4096 c:\windows\Help\OEM\Scripts\Interop.HelpPane.dll
- 2010-12-20 18:26 . 2008-12-03 09:24 7168 c:\windows\Help\OEM\Scripts\HPHS_Launcher.exe
+ 2011-06-27 13:23 . 2008-12-03 08:24 7168 c:\windows\Help\OEM\Scripts\HPHS_Launcher.exe
+ 2011-06-21 23:15 . 2011-06-21 23:15 203776 c:\windows\SysWOW64\webcheck.dll
- 2011-02-10 18:48 . 2011-02-10 18:48 203776 c:\windows\SysWOW64\webcheck.dll
+ 2011-06-21 23:15 . 2011-06-21 23:15 231936 c:\windows\SysWOW64\url.dll
- 2011-02-10 18:48 . 2011-02-10 18:48 231936 c:\windows\SysWOW64\url.dll
+ 2011-06-29 06:04 . 2011-05-04 04:28 164352 c:\windows\SysWOW64\SearchProtocolHost.exe
- 2009-07-14 00:14 . 2009-07-14 01:14 164352 c:\windows\SysWOW64\SearchProtocolHost.exe
+ 2011-06-29 06:04 . 2011-05-04 04:28 427520 c:\windows\SysWOW64\SearchIndexer.exe
- 2011-02-10 18:48 . 2011-02-10 18:48 123392 c:\windows\SysWOW64\occache.dll
+ 2011-06-21 23:15 . 2011-06-21 23:15 123392 c:\windows\SysWOW64\occache.dll
+ 2011-06-29 06:04 . 2011-05-04 04:32 666624 c:\windows\SysWOW64\mssvp.dll
- 2011-02-26 17:44 . 2010-11-20 03:19 666624 c:\windows\SysWOW64\mssvp.dll
- 2011-02-26 17:44 . 2010-11-20 03:19 197120 c:\windows\SysWOW64\mssphtb.dll
+ 2011-06-29 06:04 . 2011-05-04 04:32 197120 c:\windows\SysWOW64\mssphtb.dll
+ 2011-06-29 06:04 . 2011-05-04 04:32 337408 c:\windows\SysWOW64\mssph.dll
- 2009-07-14 00:13 . 2009-07-14 01:15 337408 c:\windows\SysWOW64\mssph.dll
+ 2011-06-21 23:15 . 2011-06-21 23:15 162304 c:\windows\SysWOW64\msrating.dll
- 2011-02-10 18:48 . 2011-02-10 18:48 162304 c:\windows\SysWOW64\msrating.dll
+ 2011-06-21 23:15 . 2011-06-21 23:15 580608 c:\windows\SysWOW64\msfeeds.dll
+ 2011-07-19 07:37 . 2011-07-19 07:37 240288 c:\windows\SysWOW64\Macromed\Flash\FlashUtil10t_Plugin.exe
+ 2011-07-12 12:00 . 2011-07-12 12:00 240288 c:\windows\SysWOW64\Macromed\Flash\FlashUtil10t_ActiveX.exe
+ 2011-07-12 12:00 . 2011-07-12 12:00 321184 c:\windows\SysWOW64\Macromed\Flash\FlashUtil10t_ActiveX.dll
+ 2011-03-28 18:31 . 2011-03-28 18:31 209280 c:\windows\SysWOW64\LIVESSP.DLL
+ 2011-07-13 08:59 . 2011-06-03 05:56 272384 c:\windows\SysWOW64\KernelBase.dll
- 2011-02-26 17:42 . 2010-11-20 03:08 837632 c:\windows\SysWOW64\kernel32.dll
+ 2011-07-13 08:59 . 2011-05-14 06:22 837632 c:\windows\SysWOW64\kernel32.dll
- 2011-02-10 18:48 . 2011-02-10 18:48 716800 c:\windows\SysWOW64\jscript.dll
+ 2011-06-21 23:15 . 2011-06-21 23:15 716800 c:\windows\SysWOW64\jscript.dll
+ 2011-06-21 23:15 . 2011-06-21 23:15 176640 c:\windows\SysWOW64\ieui.dll
- 2011-02-10 18:48 . 2011-02-10 18:48 176640 c:\windows\SysWOW64\ieui.dll
+ 2011-06-21 23:15 . 2011-06-21 23:15 118784 c:\windows\SysWOW64\iepeers.dll
+ 2011-06-21 23:15 . 2011-06-21 23:15 353584 c:\windows\SysWOW64\iedkcs32.dll
+ 2011-06-21 23:15 . 2011-06-21 23:15 434176 c:\windows\SysWOW64\ieapfltr.dll
- 2011-02-10 18:48 . 2011-02-10 18:48 434176 c:\windows\SysWOW64\ieapfltr.dll
+ 2011-06-21 23:15 . 2011-06-21 23:15 163840 c:\windows\SysWOW64\ieakui.dll
- 2011-02-10 18:48 . 2011-02-10 18:48 163840 c:\windows\SysWOW64\ieakui.dll
+ 2011-06-21 23:15 . 2011-06-21 23:15 227840 c:\windows\SysWOW64\ieaksie.dll
- 2011-02-10 18:48 . 2011-02-10 18:48 227840 c:\windows\SysWOW64\ieaksie.dll
+ 2011-06-21 23:15 . 2011-06-21 23:15 130560 c:\windows\SysWOW64\ieakeng.dll
- 2011-02-10 18:48 . 2011-02-10 18:48 130560 c:\windows\SysWOW64\ieakeng.dll
+ 2011-06-21 23:15 . 2011-06-21 23:15 223232 c:\windows\SysWOW64\dxtrans.dll
- 2011-02-10 18:48 . 2011-02-10 18:48 353792 c:\windows\SysWOW64\dxtmsft.dll
+ 2011-06-21 23:15 . 2011-06-21 23:15 353792 c:\windows\SysWOW64\dxtmsft.dll
+ 2011-07-13 08:59 . 2011-06-03 06:57 362496 c:\windows\system32\wow64win.dll
- 2011-02-26 17:44 . 2010-11-20 04:27 243200 c:\windows\system32\wow64.dll
+ 2011-07-13 08:59 . 2011-06-03 06:57 243200 c:\windows\system32\wow64.dll
+ 2011-07-13 08:59 . 2011-06-03 06:57 214528 c:\windows\system32\winsrv.dll
+ 2011-06-21 23:15 . 2011-06-21 23:15 249344 c:\windows\system32\webcheck.dll
- 2011-02-10 18:48 . 2011-02-10 18:48 249344 c:\windows\system32\webcheck.dll
+ 2009-11-27 20:00 . 2011-07-09 08:14 350094 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S4.bin
+ 2009-11-26 21:52 . 2011-07-24 18:06 645370 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S3.bin
- 2011-02-10 18:48 . 2011-02-10 18:48 236544 c:\windows\system32\url.dll
+ 2011-06-21 23:15 . 2011-06-21 23:15 236544 c:\windows\system32\url.dll
+ 2011-06-29 06:04 . 2011-05-04 05:19 249856 c:\windows\system32\SearchProtocolHost.exe
- 2009-07-14 00:30 . 2009-07-14 01:39 249856 c:\windows\system32\SearchProtocolHost.exe
+ 2011-06-29 06:04 . 2011-05-04 05:19 591872 c:\windows\system32\SearchIndexer.exe
- 2009-07-14 00:29 . 2009-07-14 01:39 113664 c:\windows\system32\SearchFilterHost.exe
+ 2011-06-29 06:04 . 2011-05-04 05:19 113664 c:\windows\system32\SearchFilterHost.exe
- 2009-12-12 11:24 . 2011-06-19 09:11 120716 c:\windows\system32\perfh01B.dat
+ 2009-12-12 11:24 . 2011-07-27 09:16 120716 c:\windows\system32\perfh01B.dat
+ 2009-12-12 11:24 . 2011-07-27 09:16 685122 c:\windows\system32\perfh019.dat
- 2009-12-12 11:24 . 2011-06-19 09:11 685122 c:\windows\system32\perfh019.dat
- 2009-07-14 02:36 . 2011-06-19 09:11 624776 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2011-07-27 09:16 624776 c:\windows\system32\perfh009.dat
- 2009-12-12 11:24 . 2011-06-19 09:11 137296 c:\windows\system32\perfc019.dat
+ 2009-12-12 11:24 . 2011-07-27 09:16 137296 c:\windows\system32\perfc019.dat
+ 2009-07-14 02:36 . 2011-07-27 09:16 110414 c:\windows\system32\perfc009.dat
- 2009-07-14 02:36 . 2011-06-19 09:11 110414 c:\windows\system32\perfc009.dat
- 2011-02-10 18:48 . 2011-02-10 18:48 149504 c:\windows\system32\occache.dll
+ 2011-06-21 23:15 . 2011-06-21 23:15 149504 c:\windows\system32\occache.dll
+ 2011-06-29 06:04 . 2011-05-04 05:22 778752 c:\windows\system32\mssvp.dll
- 2011-02-26 17:43 . 2010-11-20 04:27 778752 c:\windows\system32\mssvp.dll
- 2011-02-26 17:43 . 2010-11-20 04:27 288256 c:\windows\system32\mssphtb.dll
+ 2011-06-29 06:04 . 2011-05-04 05:22 288256 c:\windows\system32\mssphtb.dll
+ 2011-06-29 06:04 . 2011-05-04 05:22 491520 c:\windows\system32\mssph.dll
- 2009-07-14 00:30 . 2009-07-14 01:41 491520 c:\windows\system32\mssph.dll
+ 2011-06-21 23:15 . 2011-06-21 23:15 197120 c:\windows\system32\msrating.dll
- 2011-02-10 18:48 . 2011-02-10 18:48 197120 c:\windows\system32\msrating.dll
+ 2011-06-21 23:15 . 2011-06-21 23:15 697344 c:\windows\system32\msfeeds.dll
+ 2011-03-28 19:11 . 2011-03-28 19:11 252800 c:\windows\system32\LIVESSP.DLL
- 2010-09-21 12:49 . 2010-09-21 12:49 252800 c:\windows\system32\LIVESSP.DLL
+ 2011-07-13 08:59 . 2011-06-03 06:56 421888 c:\windows\system32\KernelBase.dll
+ 2011-06-21 23:15 . 2011-06-21 23:15 818176 c:\windows\system32\jscript.dll
+ 2011-06-21 23:15 . 2011-06-21 23:15 103936 c:\windows\system32\inseng.dll
- 2011-02-10 18:48 . 2011-02-10 18:48 103936 c:\windows\system32\inseng.dll
+ 2011-06-21 23:15 . 2011-06-21 23:15 248320 c:\windows\system32\ieui.dll
- 2011-02-10 18:48 . 2011-02-10 18:48 248320 c:\windows\system32\ieui.dll
+ 2011-06-21 23:15 . 2011-06-21 23:15 145920 c:\windows\system32\iepeers.dll
+ 2011-06-21 23:15 . 2011-06-21 23:15 403248 c:\windows\system32\iedkcs32.dll
- 2011-02-10 18:48 . 2011-02-10 18:48 534528 c:\windows\system32\ieapfltr.dll
+ 2011-06-21 23:15 . 2011-06-21 23:15 534528 c:\windows\system32\ieapfltr.dll
+ 2011-06-21 23:15 . 2011-06-21 23:15 163840 c:\windows\system32\ieakui.dll
- 2011-02-10 18:48 . 2011-02-10 18:48 163840 c:\windows\system32\ieakui.dll
- 2011-02-10 18:48 . 2011-02-10 18:48 267776 c:\windows\system32\ieaksie.dll
+ 2011-06-21 23:15 . 2011-06-21 23:15 267776 c:\windows\system32\ieaksie.dll
- 2011-02-10 18:48 . 2011-02-10 18:48 160256 c:\windows\system32\ieakeng.dll
+ 2011-06-21 23:15 . 2011-06-21 23:15 160256 c:\windows\system32\ieakeng.dll
+ 2011-06-21 23:15 . 2011-06-21 23:15 282112 c:\windows\system32\dxtrans.dll
+ 2011-06-21 23:15 . 2011-06-21 23:15 452608 c:\windows\system32\dxtmsft.dll
+ 2009-07-14 05:30 . 2011-07-27 09:56 239616 c:\windows\system32\DriverStore\infstrng.dat
- 2009-07-14 05:30 . 2011-06-19 09:11 239616 c:\windows\system32\DriverStore\infstrng.dat
- 2009-07-14 05:30 . 2011-06-19 09:11 143360 c:\windows\system32\DriverStore\infstor.dat
+ 2009-07-14 05:30 . 2011-07-27 09:56 143360 c:\windows\system32\DriverStore\infstor.dat
+ 2011-02-26 17:44 . 2010-11-20 04:24 229376 c:\windows\system32\DriverStore\FileRepository\bth.inf_amd64_neutral_ca26c6da62d71ca8\fsquirt.exe
+ 2011-07-13 08:59 . 2011-04-28 03:55 552960 c:\windows\system32\DriverStore\FileRepository\bth.inf_amd64_neutral_ca26c6da62d71ca8\bthport.sys
+ 2009-07-14 05:31 . 2011-07-14 01:19 399360 c:\windows\system32\DriverStore\drvindex.dat
- 2009-07-14 05:31 . 2011-05-12 01:20 399360 c:\windows\system32\DriverStore\drvindex.dat
+ 2011-07-13 08:59 . 2011-04-28 03:55 552960 c:\windows\system32\drivers\bthport.sys
+ 2011-07-13 08:59 . 2011-06-03 06:53 338944 c:\windows\system32\conhost.exe
+ 2009-07-14 05:01 . 2011-07-27 09:27 555708 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2011-04-19 02:21 . 2011-04-19 02:21 235520 c:\windows\Installer\d53858.msi
+ 2011-06-24 12:22 . 2011-06-24 12:22 245760 c:\windows\Installer\3b52ef4.msi
+ 2009-11-16 18:10 . 2009-11-16 18:10 889344 c:\windows\Installer\1307dba.msi
+ 2008-08-08 12:46 . 2008-08-08 12:46 242176 c:\windows\Installer\1307db3.msi
+ 2010-10-06 12:28 . 2010-10-06 12:28 161792 c:\windows\Installer\1303ecd2.msi
+ 2011-07-19 12:58 . 2011-07-19 12:58 517120 c:\windows\Installer\1303ecbb.msp
+ 2011-07-19 12:58 . 2011-07-19 12:58 470528 c:\windows\Installer\1303ecb0.msp
+ 2011-07-19 12:58 . 2011-07-19 12:58 666112 c:\windows\Installer\1303eca1.msp
+ 2011-07-19 12:58 . 2011-07-19 12:58 632832 c:\windows\Installer\1303ec96.msp
+ 2011-07-19 12:58 . 2011-07-19 12:58 205824 c:\windows\Installer\1303ec78.msp
+ 2010-10-06 12:26 . 2010-10-06 12:26 775168 c:\windows\Installer\1303ec6f.msi
+ 2011-07-19 12:55 . 2011-07-19 12:55 715264 c:\windows\Installer\1303ebcc.msp
+ 2011-07-19 12:54 . 2011-07-19 12:54 136704 c:\windows\Installer\1303eba2.msp
+ 2010-10-06 12:22 . 2010-10-06 12:22 429056 c:\windows\Installer\1303eb9d.msi
+ 2011-06-27 13:19 . 2011-06-27 13:19 409600 c:\windows\Installer\{E92D47A1-D27D-430A-8368-0BAFD956507D}\HPSF.exe1_6155E73FD92E470C8558A19434529225.exe
+ 2011-06-27 13:19 . 2011-06-27 13:19 409600 c:\windows\Installer\{E92D47A1-D27D-430A-8368-0BAFD956507D}\HPSF.exe_EF7870CF457E4A21A116232D3E46ED1E.exe
+ 2011-06-27 13:19 . 2011-06-27 13:19 409600 c:\windows\Installer\{E92D47A1-D27D-430A-8368-0BAFD956507D}\ARPPRODUCTICON.exe
+ 2011-07-04 13:03 . 2011-07-04 13:03 371272 c:\windows\Installer\{D6F879CC-59D6-4D4B-AE9B-D761E48D25ED}\SkypeIcon.exe
+ 2011-07-25 19:59 . 2011-07-25 19:59 380928 c:\windows\Installer\{B613A9BB-2B34-4824-A4BE-2427653D59D6}\iTunesIco.exe
+ 2009-12-12 13:13 . 2011-07-14 01:01 888080 c:\windows\Installer\{91120000-0031-0000-0000-0000000FF1CE}\wordicon.exe
- 2009-12-12 13:13 . 2011-06-15 01:17 888080 c:\windows\Installer\{91120000-0031-0000-0000-0000000FF1CE}\wordicon.exe
- 2009-12-12 13:13 . 2011-06-15 01:17 272648 c:\windows\Installer\{91120000-0031-0000-0000-0000000FF1CE}\pubs.exe
+ 2009-12-12 13:13 . 2011-07-14 01:01 272648 c:\windows\Installer\{91120000-0031-0000-0000-0000000FF1CE}\pubs.exe
+ 2009-12-12 13:13 . 2011-07-14 01:01 922384 c:\windows\Installer\{91120000-0031-0000-0000-0000000FF1CE}\pptico.exe
- 2009-12-12 13:13 . 2011-06-15 01:17 922384 c:\windows\Installer\{91120000-0031-0000-0000-0000000FF1CE}\pptico.exe
- 2009-12-12 13:13 . 2011-06-15 01:17 845584 c:\windows\Installer\{91120000-0031-0000-0000-0000000FF1CE}\outicon.exe
+ 2009-12-12 13:13 . 2011-07-14 01:01 845584 c:\windows\Installer\{91120000-0031-0000-0000-0000000FF1CE}\outicon.exe
- 2009-12-12 13:13 . 2011-06-15 01:17 217864 c:\windows\Installer\{91120000-0031-0000-0000-0000000FF1CE}\misc.exe
+ 2009-12-12 13:13 . 2011-07-14 01:01 217864 c:\windows\Installer\{91120000-0031-0000-0000-0000000FF1CE}\misc.exe
+ 2011-07-05 13:59 . 2011-07-05 13:59 200704 c:\windows\C5C1C0F0D62F4DBF81D4D7EF397C228B.TMP\WiseCustomCalla.dll
+ 2011-07-19 13:30 . 2011-07-19 13:30 634368 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLiveLocal.Wr#\02110a6f87ffcb2c40ceee71def8834d\WindowsLiveLocal.WriterPlugin.ni.dll
+ 2011-07-19 13:30 . 2011-07-19 13:30 328192 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\8dedee905cdb043a3f38f5f25d14532d\WindowsLive.Writer.Mshtml.ni.dll
+ 2011-07-19 13:30 . 2011-07-19 13:30 156672 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\892c55a38fa06d5772403fa5badb6fe1\WindowsLive.Writer.HtmlParser.ni.dll
+ 2011-07-19 13:30 . 2011-07-19 13:30 326144 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\874448785f46950fafe2b985bf141fde\WindowsLive.Writer.SpellChecker.ni.dll
+ 2011-07-19 13:30 . 2011-07-19 13:30 665600 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\778a0688350cf9fca7a63ac412bb0553\WindowsLive.Writer.Interop.ni.dll
+ 2011-07-19 13:30 . 2011-07-19 13:30 122368 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\6826e9a87c71e98d1d7096c1d34f38b4\WindowsLive.Writer.Extensibility.ni.dll
+ 2011-07-19 13:30 . 2011-07-19 13:30 871424 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\5f1bf2163683d96aa713bd3027f023ca\WindowsLive.Writer.BlogClient.ni.dll
+ 2011-07-19 13:30 . 2011-07-19 13:30 891392 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\56550d800bd929d19a15a794bb60c711\WindowsLive.Writer.HtmlEditor.ni.dll
+ 2011-07-19 13:30 . 2011-07-19 13:30 119296 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\360c3474e29d4b032c6a93bfc61aff00\WindowsLive.Writer.FileDestinations.ni.dll
+ 2011-07-19 13:30 . 2011-07-19 13:30 101376 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\2fd0e0605143ef5f3a853312f78dae36\WindowsLive.Writer.Api.ni.dll
+ 2011-07-19 13:30 . 2011-07-19 13:30 174080 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\151f9aee909569971f120f49d9d6086d\WindowsLive.Writer.BrowserControl.ni.dll
+ 2011-07-19 13:30 . 2011-07-19 13:30 146432 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\10b4b88976e779c6d348fd079ae7229c\WindowsLive.Writer.Instrumentation.ni.dll
+ 2011-07-19 13:30 . 2011-07-19 13:30 374272 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\0403af327e2ce5bab0bb0cf8464f7b60\WindowsLive.Writer.Interop.Mshtml.ni.dll
+ 2011-07-19 13:30 . 2011-07-19 13:30 780800 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\037db0a0b200ca58c37f9c0191a116fc\WindowsLive.Writer.Controls.ni.dll
+ 2011-07-19 13:30 . 2011-07-19 13:30 222720 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Client\dc40bf7a05469f0c9961d33b7d6681a3\WindowsLive.Client.ni.dll
+ 2011-06-27 13:19 . 2011-06-27 13:19 869888 c:\windows\assembly\GAC_MSIL\HP.SupportFramework\1.0.0.0__2a4860322af7ba08\HP.SupportFramework.dll
- 2010-12-20 18:21 . 2010-12-20 18:21 123448 c:\windows\assembly\GAC_MSIL\HP.ActiveSupportLibrary\2.0.0.1__01a974bc1760f423\HP.ActiveSupportLibrary.dll
+ 2011-06-27 13:19 . 2011-06-27 13:19 123448 c:\windows\assembly\GAC_MSIL\HP.ActiveSupportLibrary\2.0.0.1__01a974bc1760f423\HP.ActiveSupportLibrary.dll
+ 2011-07-05 13:38 . 2011-07-05 13:38 223232 c:\windows\assembly\GAC\Microsoft.DirectX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.dll
- 2011-06-16 13:15 . 2011-06-16 13:15 223232 c:\windows\assembly\GAC\Microsoft.DirectX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.dll
+ 2011-07-05 13:38 . 2011-07-05 13:38 178176 c:\windows\assembly\GAC\Microsoft.DirectX.DirectSound\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectSound.dll
- 2011-06-16 13:15 . 2011-06-16 13:15 178176 c:\windows\assembly\GAC\Microsoft.DirectX.DirectSound\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectSound.dll
- 2011-06-16 13:15 . 2011-06-16 13:15 364544 c:\windows\assembly\GAC\Microsoft.DirectX.DirectPlay\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectPlay.dll
+ 2011-07-05 13:38 . 2011-07-05 13:38 364544 c:\windows\assembly\GAC\Microsoft.DirectX.DirectPlay\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectPlay.dll
- 2011-06-16 13:15 . 2011-06-16 13:15 159232 c:\windows\assembly\GAC\Microsoft.DirectX.DirectInput\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectInput.dll
+ 2011-07-05 13:38 . 2011-07-05 13:38 159232 c:\windows\assembly\GAC\Microsoft.DirectX.DirectInput\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectInput.dll
- 2011-06-16 13:15 . 2011-06-16 13:15 145920 c:\windows\assembly\GAC\Microsoft.DirectX.DirectDraw\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectDraw.dll
+ 2011-07-05 13:38 . 2011-07-05 13:38 145920 c:\windows\assembly\GAC\Microsoft.DirectX.DirectDraw\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectDraw.dll
- 2011-06-16 13:15 . 2011-06-16 13:15 578560 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2911.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2011-07-05 13:38 . 2011-07-05 13:38 578560 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2911.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2011-06-16 13:15 . 2011-06-16 13:15 578560 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2910.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2011-07-05 13:38 . 2011-07-05 13:38 578560 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2910.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2011-06-16 13:15 . 2011-06-16 13:15 577536 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2909.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2011-07-05 13:38 . 2011-07-05 13:38 577536 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2909.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2011-06-16 13:15 . 2011-06-16 13:15 577536 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2908.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2011-07-05 13:38 . 2011-07-05 13:38 577536 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2908.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2011-06-16 13:15 . 2011-06-16 13:15 577024 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2907.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2011-07-05 13:38 . 2011-07-05 13:38 577024 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2907.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2011-06-16 13:15 . 2011-06-16 13:15 576000 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2906.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2011-07-05 13:38 . 2011-07-05 13:38 576000 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2906.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2011-06-16 13:15 . 2011-06-16 13:15 567296 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2905.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2011-07-05 13:38 . 2011-07-05 13:38 567296 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2905.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2011-06-16 13:15 . 2011-06-16 13:15 563712 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2904.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2011-07-05 13:38 . 2011-07-05 13:38 563712 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2904.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2011-07-05 13:38 . 2011-07-05 13:38 473600 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3D\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Direct3D.dll
- 2011-06-16 13:15 . 2011-06-16 13:15 473600 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3D\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Direct3D.dll
+ 2011-07-05 13:02 . 2011-07-05 13:39 200704 c:\windows\6833245EDD86479A882A8360D62C8194.TMP\WiseCustomCalla.dll
+ 2011-06-06 13:33 . 2011-07-05 12:00 200704 c:\windows\3F5C371F8EA24F259D3DD0B4526E3AEA.TMP\WiseCustomCalla.dll
- 2011-06-06 13:33 . 2011-06-12 13:28 200704 c:\windows\3F5C371F8EA24F259D3DD0B4526E3AEA.TMP\WiseCustomCalla.dll
+ 2011-06-21 23:15 . 2011-06-21 23:15 1102336 c:\windows\SysWOW64\urlmon.dll
+ 2011-06-29 06:04 . 2011-05-04 04:34 1549312 c:\windows\SysWOW64\tquery.dll
+ 2011-06-29 06:04 . 2011-05-04 04:32 1401344 c:\windows\SysWOW64\mssrch.dll
- 2011-02-26 17:44 . 2010-11-20 03:19 1401344 c:\windows\SysWOW64\mssrch.dll
+ 2009-07-18 03:21 . 2011-07-19 07:37 6271136 c:\windows\SysWOW64\Macromed\Flash\NPSWF32.dll
- 2009-07-18 03:21 . 2011-06-11 21:01 6271136 c:\windows\SysWOW64\Macromed\Flash\NPSWF32.dll
+ 2011-06-21 23:15 . 2011-06-21 23:15 1785344 c:\windows\SysWOW64\iertutil.dll
+ 2011-06-21 23:15 . 2011-06-21 23:15 9703936 c:\windows\SysWOW64\ieframe.dll
+ 2011-06-21 23:15 . 2011-06-21 23:15 3695416 c:\windows\SysWOW64\ieapfltr.dat
- 2011-02-10 18:48 . 2011-02-10 18:48 3695416 c:\windows\SysWOW64\ieapfltr.dat
+ 2011-07-13 08:59 . 2011-06-11 03:07 3137536 c:\windows\system32\win32k.sys
+ 2011-06-21 23:15 . 2011-06-21 23:15 1344000 c:\windows\system32\urlmon.dll
+ 2011-06-29 06:04 . 2011-05-04 05:25 2315776 c:\windows\system32\tquery.dll
+ 2011-06-29 06:04 . 2011-05-04 05:22 2223616 c:\windows\system32\mssrch.dll
- 2011-02-26 17:43 . 2010-11-20 04:27 2223616 c:\windows\system32\mssrch.dll
+ 2011-07-13 08:59 . 2011-05-14 07:20 1162752 c:\windows\system32\kernel32.dll
+ 2011-06-21 23:15 . 2011-06-21 23:15 2136064 c:\windows\system32\iertutil.dll
- 2011-02-10 18:48 . 2011-02-10 18:48 2136064 c:\windows\system32\iertutil.dll
+ 2011-06-21 23:15 . 2011-06-21 23:15 3695416 c:\windows\system32\ieapfltr.dat
- 2011-02-10 18:48 . 2011-02-10 18:48 3695416 c:\windows\system32\ieapfltr.dat
+ 2009-07-14 04:45 . 2011-07-14 01:21 5341704 c:\windows\system32\FNTCACHE.DAT
+ 2011-07-05 09:24 . 2010-08-19 17:24 1721576 c:\windows\system32\DriverStore\FileRepository\mijxinput.inf_amd64_neutral_452fabe792a00d17\x64\WdfCoInstaller01009.dll
+ 2011-04-30 11:59 . 2011-04-30 11:59 1845528 c:\windows\system32\DriverStore\FileRepository\lfmouhid.inf_amd64_neutral_713f4a01216d6929\LkmdfCoInst.dll
+ 2011-04-30 11:59 . 2011-04-30 11:59 1845528 c:\windows\system32\DriverStore\FileRepository\lfkbdhid.inf_amd64_neutral_b81b61bb6f92c6d3\LkmdfCoInst.dll
+ 2011-04-30 11:59 . 2011-04-30 11:59 1845528 c:\windows\system32\DriverStore\FileRepository\lfhidusb.inf_amd64_neutral_16b2e239f5355707\LkmdfCoInst.dll
+ 2011-04-30 11:59 . 2011-04-30 11:59 1845528 c:\windows\system32\DriverStore\FileRepository\lfhidhid.inf_amd64_neutral_c0deb827da6ec7d7\LkmdfCoInst.dll
+ 2011-04-30 11:59 . 2011-04-30 11:59 1845528 c:\windows\system32\DriverStore\FileRepository\lfhideqd.inf_amd64_neutral_a1f199434efad04b\LkmdfCoInst.dll
+ 2011-04-30 11:59 . 2011-04-30 11:59 1845528 c:\windows\system32\DriverStore\FileRepository\lfeqdusb.inf_amd64_neutral_22b6c2cb24bb48f2\LkmdfCoInst.dll
+ 2009-07-14 04:45 . 2011-07-22 12:43 6090377 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat
- 2009-07-14 04:45 . 2011-06-16 13:50 6090377 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat
+ 2009-09-20 06:45 . 2011-07-25 23:41 5587400 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
+ 2011-06-29 20:27 . 2011-07-19 17:47 4532016 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2094344383-1364548060-3467643000-1011-12288.dat
+ 2011-02-26 23:32 . 2011-06-29 20:27 2781084 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2094344383-1364548060-3467643000-1001-4096.dat
+ 2011-02-19 08:11 . 2011-07-21 21:07 2946500 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2094344383-1364548060-3467643000-1001-12288.dat
+ 2011-06-07 15:08 . 2011-06-07 15:08 1259008 c:\windows\Installer\f083370.msi
+ 2011-07-10 11:13 . 2011-07-10 11:13 2323456 c:\windows\Installer\e377f47.msi
+ 2006-12-02 05:09 . 2006-12-02 05:09 2818048 c:\windows\Installer\d1cab4c.msi
+ 2011-05-17 10:03 . 2011-05-17 10:03 1531392 c:\windows\Installer\b711d4e.msi
+ 2011-06-21 10:01 . 2011-06-21 10:01 4991488 c:\windows\Installer\7f41a5f.msp
+ 2005-09-23 05:48 . 2005-09-23 05:48 2483200 c:\windows\Installer\5960bc.msi
+ 2011-01-15 07:46 . 2011-01-15 07:46 2049536 c:\windows\Installer\2bbb196.msi
+ 2011-07-19 12:58 . 2011-07-19 12:58 2149376 c:\windows\Installer\1303eccc.msp
+ 2010-10-06 12:28 . 2010-10-06 12:28 4271104 c:\windows\Installer\1303ecc1.msi
+ 2010-10-06 12:28 . 2010-10-06 12:28 4824576 c:\windows\Installer\1303ecb6.msi
+ 2010-10-06 12:27 . 2010-10-06 12:27 1074176 c:\windows\Installer\1303eca6.msi
+ 2010-10-06 12:28 . 2010-10-06 12:28 4079104 c:\windows\Installer\1303ec9b.msi
+ 2010-10-06 12:27 . 2010-10-06 12:27 1526784 c:\windows\Installer\1303ec8d.msi
+ 2011-07-19 12:57 . 2011-07-19 12:57 3731968 c:\windows\Installer\1303ec68.msp
+ 2011-07-19 12:56 . 2011-07-19 12:56 3313152 c:\windows\Installer\1303ec27.msp
+ 2010-10-06 12:23 . 2010-10-06 12:23 8332288 c:\windows\Installer\1303ec0b.msi
+ 2011-07-19 12:56 . 2011-07-19 12:56 2956288 c:\windows\Installer\1303ec06.msp
+ 2010-10-06 12:25 . 2010-10-06 12:25 8313856 c:\windows\Installer\1303ebec.msi
+ 2011-07-19 12:55 . 2011-07-19 12:55 5872128 c:\windows\Installer\1303ebe7.msp
+ 2011-07-19 12:55 . 2011-07-19 12:55 2310656 c:\windows\Installer\1303ebbb.msi
+ 2011-07-19 12:55 . 2011-07-19 12:55 1139200 c:\windows\Installer\1303ebb3.msp
+ 2010-10-06 12:22 . 2010-10-06 12:22 4004864 c:\windows\Installer\1303eba7.msi
+ 2011-07-19 12:54 . 2011-07-19 12:54 2933248 c:\windows\Installer\1303eb98.msp
+ 2010-10-06 12:21 . 2010-10-06 12:21 7710720 c:\windows\Installer\1303eb84.msi
+ 2011-07-19 12:53 . 2011-07-19 12:53 4425728 c:\windows\Installer\1303eb7f.msp
+ 2010-10-06 12:21 . 2010-10-06 12:21 9433088 c:\windows\Installer\1303eb70.msi
+ 2011-07-19 12:54 . 2011-07-19 12:54 8822784 c:\windows\Installer\1303eb59.msi
+ 2011-07-25 19:52 . 2011-07-25 19:52 2503168 c:\windows\Installer\105ecc5e.msi
+ 2009-12-12 13:13 . 2011-07-14 01:01 1172240 c:\windows\Installer\{91120000-0031-0000-0000-0000000FF1CE}\xlicons.exe
- 2009-12-12 13:13 . 2011-06-15 01:17 1172240 c:\windows\Installer\{91120000-0031-0000-0000-0000000FF1CE}\xlicons.exe
+ 2009-12-12 13:13 . 2011-07-14 01:01 1165584 c:\windows\Installer\{91120000-0031-0000-0000-0000000FF1CE}\accicons.exe
- 2009-12-12 13:13 . 2011-06-15 01:17 1165584 c:\windows\Installer\{91120000-0031-0000-0000-0000000FF1CE}\accicons.exe
+ 2010-09-22 22:17 . 2010-09-22 22:17 1204584 c:\windows\Installer\$PatchCache$\Managed\99BA1946E11ADF145A7E23EDA890B7E8\15.4.3502\wlarp.exe
+ 2011-06-27 13:23 . 2009-11-19 13:21 1124104 c:\windows\Help\OEM\Scripts\HPSAUpgrade.exe
- 2010-12-20 18:26 . 2009-11-19 13:21 1124104 c:\windows\Help\OEM\Scripts\HPSAUpgrade.exe
+ 2011-07-19 13:30 . 2011-07-19 13:30 1346560 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\b77219effe571078c2c191966dfed6a6\WindowsLive.Writer.Localization.ni.dll
+ 2011-07-19 13:30 . 2011-07-19 13:30 2193408 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\9fd12277f004a6ca2c7f77b7ee0d0a64\WindowsLive.Writer.CoreServices.ni.dll
+ 2011-07-19 13:30 . 2011-07-19 13:30 1285632 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\9d2f444ed259c37d17a6b961ec01a67b\WindowsLive.Writer.ApplicationFramework.ni.dll
+ 2011-07-19 13:30 . 2011-07-19 13:30 7025152 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\8271226662dfed651808c9791c66f09d\WindowsLive.Writer.PostEditor.ni.dll
- 2011-06-16 13:15 . 2011-06-16 13:15 2846720 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2903.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2011-07-05 13:38 . 2011-07-05 13:38 2846720 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2903.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2011-07-05 13:38 . 2011-07-05 13:38 2676224 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2011-06-16 13:15 . 2011-06-16 13:15 2676224 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2011-06-21 23:15 . 2011-06-21 23:15 12269056 c:\windows\SysWOW64\mshtml.dll
+ 2009-07-14 02:34 . 2011-07-14 01:20 10485760 c:\windows\system32\SMI\Store\Machine\schema.dat
- 2009-07-14 02:34 . 2011-06-16 23:43 10485760 c:\windows\system32\SMI\Store\Machine\schema.dat
+ 2011-06-21 23:15 . 2011-06-21 23:15 17773568 c:\windows\system32\mshtml.dll
+ 2009-11-27 20:53 . 2011-07-14 01:01 50867144 c:\windows\system32\MRT.exe
+ 2011-06-21 23:15 . 2011-06-21 23:15 10885632 c:\windows\system32\ieframe.dll
+ 2011-06-29 20:27 . 2011-07-27 09:27 10626404 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2094344383-1364548060-3467643000-1011-8192.dat
+ 2009-11-27 19:37 . 2011-07-27 09:27 30283824 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2094344383-1364548060-3467643000-1001-8192.dat
+ 2011-07-04 13:03 . 2011-07-04 13:03 16579584 c:\windows\Installer\68bd30d.msi
+ 2011-06-27 13:17 . 2011-06-27 13:17 36462592 c:\windows\Installer\1519a30.msi
+ 2010-10-06 12:26 . 2010-10-06 12:26 11846656 c:\windows\Installer\1303ec5f.msi
+ 2011-07-19 12:57 . 2011-07-19 12:57 14623744 c:\windows\Installer\1303ec59.msp
+ 2010-10-06 12:26 . 2010-10-06 12:26 34193408 c:\windows\Installer\1303ec2d.msi
+ 2010-10-06 12:24 . 2010-10-06 12:24 13850624 c:\windows\Installer\1303ebd1.msi
+ 2011-07-25 19:55 . 2011-07-25 19:55 40321536 c:\windows\Installer\105ed643.msi
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LightScribe Control Panel"="c:\program files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe" [2009-06-17 2363392]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
"FileZilla Server Interface"="c:\program files (x86)\FileZilla Server\FileZilla Server Interface.exe" [2011-06-07 2573312]
"DS3 Tool"="c:\program files\MotioninJoy\ds3\DS3_Tool.exe" [2011-01-01 110352]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"DpAgent"="c:\program files (x86)\DigitalPersona\Bin\dpagent.exe" [2009-07-01 842816]
"QlbCtrl.exe"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2009-06-24 320056]
"UpdatePRCShortCut"="c:\program files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe" [2009-05-19 222504]
"WirelessAssistant"="c:\program files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2010-03-23 500792]
"LogMeIn Hamachi Ui"="c:\program files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" [2011-05-25 1951112]
"amd_dc_opt"="c:\program files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2008-07-22 77824]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-07-19 421736]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-7-1 1079584]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\system]
"WallpaperStyle"= 2
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"LogMeIn Hamachi Ui"="c:\program files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe"
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe"
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" -atboottime
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"HP Software Update"=c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe
"HPCam_Menu"="c:\program files (x86)\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe" "c:\program files (x86)\Hewlett-Packard\Media\Webcam" UpdateWithCreateOnce "Software\Hewlett-Packard\Media\Webcam"
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-01-20 136176]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [x]
R3 DAUpdaterSvc;Dragon Age: Prameny - aktualizace obsahu;c:\program files (x86)\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe [2009-12-15 25832]
R3 DfSdkS;Defragmentation-Service;c:\program files (x86)\Ashampoo\Ashampoo WinOptimizer 6\Dfsdks.exe [2009-08-24 544768]
R3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\DRIVERS\ggflt.sys [x]
R3 gupdatem;Služba Google Update (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-01-20 136176]
R3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [x]
R3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;c:\windows\system32\DRIVERS\ManyCam_x64.sys [x]
R3 MotioninJoyXFilter;MotioninJoy Virtual Xinput device Filter Driver;c:\windows\system32\DRIVERS\MijXfilt.sys [x]
R3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl64.sys [x]
R3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [x]
R3 nmwcdcx64;Nokia USB Generic;c:\windows\system32\drivers\ccdcmbox64.sys [x]
R3 nmwcdnsucx64;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsucx64.sys [x]
R3 nmwcdnsux64;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsux64.sys [x]
R3 nmwcdx64;Nokia USB Phone Parent;c:\windows\system32\drivers\ccdcmbx64.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x]
R3 Sony Ericsson PCCompanion;Sony Ericsson PCCompanion;c:\program files (x86)\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe [2011-02-10 150528]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [x]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [x]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [x]
R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 teamviewervpn;TeamViewer VPN Adapter;c:\windows\system32\DRIVERS\teamviewervpn.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Služba Windows Activation Technologies;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [x]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [x]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [x]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\AESTSr64.exe [2009-03-02 89600]
S2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\x86\ekrn.exe [2009-05-14 731840]
S2 epfwwfp;epfwwfp;c:\windows\system32\DRIVERS\epfwwfp.sys [x]
S2 Hamachi2Svc;LogMeIn Hamachi 2.0 Tunneling Engine;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [2011-05-25 2275720]
S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-01-25 92216]
S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [x]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-05-21 2214504]
S2 TeamViewer6;TeamViewer 6;c:\program files (x86)\TeamViewer\Version6\TeamViewer_Service.exe [2010-12-07 2228008]
S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys [x]
S2 TurboBoost;Intel(R) Turbo Boost Technology Monitor;c:\program files\Intel\TurboBoost\TurboBoost.exe [2010-05-21 134928]
S2 TVCapSvc;TV Background Capture Service (TVBCS);c:\program files (x86)\Hewlett-Packard\Media\Live TV\Kernel\TV\TVCapSvc.exe [2009-07-24 275840]
S2 vcsFPService;Validity VCS Fingerprint Service;c:\windows\system32\vcsFPService.exe [2009-07-12 1924400]
S3 AVerAF15;HP DVB-T TV Tuner;c:\windows\system32\Drivers\AVerAF15.sys [x]
S3 Com4QLBEx;Com4QLBEx;c:\program files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2009-05-05 228408]
S3 enecir;ENE CIR Receiver;c:\windows\system32\DRIVERS\enecir.sys [x]
S3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [x]
S3 NETw5s64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETw5s64.sys [x]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [x]
S3 pnetmdm;PdaNet Modem;c:\windows\system32\DRIVERS\pnetmdm64.sys [x]
S3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64k.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 VCSVADHWSer;Avnex Virtual Audio Device (WDM);c:\windows\system32\DRIVERS\vcsvad.sys [x]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2009-06-17 10:11 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder
.
2011-07-27 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-01-20 16:30]
.
2011-07-27 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-01-20 16:30]
.
2011-07-26 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2094344383-1364548060-3467643000-1011Core.job
- c:\users\Ashok28\AppData\Local\Google\Update\GoogleUpdate.exe [2011-06-29 21:41]
.
2011-07-27 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2094344383-1364548060-3467643000-1011UA.job
- c:\users\Ashok28\AppData\Local\Google\Update\GoogleUpdate.exe [2011-06-29 21:41]
.
2011-06-27 c:\windows\Tasks\HPCeeScheduleForDushan.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2009-10-07 03:22]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Bluetooth Connection Assistant"="LBTWIZ.EXE -silent" [X]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2010-05-27 2096424]
"SmartMenu"="c:\program files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe" [2009-07-21 610872]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2009-05-14 2692520]
"Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 660360]
"IntelTBRunOnce"="wscript.exe" [2009-07-14 168960]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2010-03-23 487424]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2009-05-26 2314120]
"IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-10-13 186904]
"EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2011-06-23 1744152]
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.sk/
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://home.sweetim.com
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xportovať do programu Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {{7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - c:\program files (x86)\ICQ7.5\ICQ.exe
FF - ProfilePath - c:\users\Ashok28\AppData\Roaming\Mozilla\Firefox\Profiles\bhel8jjn.default\
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
.
.
------- File Associations -------
.
txtfile="c:\program files (x86)\PSPad editor\PSPad.exe" "%1"
.
- - - - ORPHANS REMOVED - - - -
.
WebBrowser-{EEE6C35B-6118-11DC-9C72-001320C79847} - (no file)
AddRemove-{E92D47A1-D27D-430A-8368-0BAFD956507D} - c:\program files (x86)\InstallShield Installation Information\{E92D47A1-D27D-430A-8368-0BAFD956507D}\setup.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-2094344383-1364548060-3467643000-1011\Software\SecuROM\License information*]
"datasecu"=hex:4b,ab,43,4f,cd,29,0d,66,9d,07,02,18,96,f7,49,ee,53,3d,66,f6,70,
24,63,37,4b,0c,e4,ab,f4,3d,52,b3,a6,09,cd,3f,e1,36,97,4f,ed,7a,e4,6b,bd,00,\
"rkeysecu"=hex:76,82,47,a7,2d,99,8e,76,18,17,9a,fd,bd,b5,53,59
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10t_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10t_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10t.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10t.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10t.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10t.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows CE Services]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2011-07-27 12:49:38
ComboFix-quarantined-files.txt 2011-07-27 10:49
ComboFix2.txt 2011-06-20 19:40
ComboFix3.txt 2011-06-20 17:19
.
Pre-Run: 64 919 785 472 bytes free
Post-Run: 64 800 071 680 bytes free
.
- - End Of File - - 89790C7B9DC22378E3CA97E9287798B6
Nahoru
Uživatelský avatar
vyosek
VIP
VIP
Příspěvky: 56373
Registrován: 07 lis 2006 15:24
Bydliště: Šalingrad - Brno

Re: Trojan Dybalom

#9 Příspěvek od vyosek »

:arrow: Pokud nemate, tak presunte Combofix na plochu
  • Spustte poznamkovy blok (Start-spustit-notepad)
  • Zkopirujte skript nize

  • Kód: Vybrat vše

    KillAll::

Collect::
C:\Users\Ashok28\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mgOJxI.exe

File::
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2094344383-1364548060-3467643000-1011Core.job
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2094344383-1364548060-3467643000-1011UA.job

Driver::
gupdate
gupdatem
Akamai

NetSvc::
Akamai

Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AdobeAAMUpdater-1.0"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost]
"netsvcs"=hex(7):41,00,65,00,4C,00,6F,00,6F,00,6B,00,75,00,\
  70,00,53,00,76,00,63,00,00,00,41,00,70,00,70,00,49,00,6E,00,66,00,6F,00,\
  00,00,41,00,70,00,70,00,4D,00,67,00,6D,00,74,00,00,00,41,00,75,00,64,00,\
  69,00,6F,00,53,00,72,00,76,00,00,00,42,00,44,00,45,00,53,00,56,00,43,00,\
  00,00,42,00,49,00,54,00,53,00,00,00,62,00,72,00,6F,00,77,00,73,00,65,00,\
  72,00,00,00,43,00,65,00,72,00,74,00,50,00,72,00,6F,00,70,00,53,00,76,00,\
  63,00,00,00,45,00,61,00,70,00,48,00,6F,00,73,00,74,00,00,00,46,00,61,00,\
  73,00,74,00,55,00,73,00,65,00,72,00,53,00,77,00,69,00,74,00,63,00,68,00,\
  69,00,6E,00,67,00,43,00,6F,00,6D,00,70,00,61,00,74,00,69,00,62,00,69,00,\
  6C,00,69,00,74,00,79,00,00,00,67,00,70,00,73,00,76,00,63,00,00,00,68,00,\
  65,00,6C,00,70,00,73,00,76,00,63,00,00,00,68,00,6B,00,6D,00,73,00,76,00,\
  63,00,00,00,49,00,61,00,73,00,00,00,49,00,4B,00,45,00,45,00,58,00,54,00,\
  00,00,69,00,70,00,68,00,6C,00,70,00,73,00,76,00,63,00,00,00,49,00,72,00,\
  6D,00,6F,00,6E,00,00,00,6C,00,61,00,6E,00,6D,00,61,00,6E,00,73,00,65,00,\
  72,00,76,00,65,00,72,00,00,00,4C,00,6F,00,67,00,6F,00,6E,00,48,00,6F,00,\
  75,00,72,00,73,00,00,00,4D,00,4D,00,43,00,53,00,53,00,00,00,6D,00,73,00,\
  69,00,73,00,63,00,73,00,69,00,00,00,4E,00,6C,00,61,00,00,00,4E,00,74,00,\
  6D,00,73,00,73,00,76,00,63,00,00,00,4E,00,57,00,43,00,57,00,6F,00,72,00,\
  6B,00,73,00,74,00,61,00,74,00,69,00,6F,00,6E,00,00,00,4E,00,77,00,73,00,\
  61,00,70,00,61,00,67,00,65,00,6E,00,74,00,00,00,50,00,43,00,41,00,75,00,\
  64,00,69,00,74,00,00,00,50,00,72,00,6F,00,66,00,53,00,76,00,63,00,00,00,52,00,\
  61,00,73,00,61,00,75,00,74,00,6F,00,00,00,52,00,61,00,73,00,6D,00,61,00,\
  6E,00,00,00,52,00,65,00,6D,00,6F,00,74,00,65,00,61,00,63,00,63,00,65,00,\
  73,00,73,00,00,00,53,00,43,00,50,00,6F,00,6C,00,69,00,63,00,79,00,53,00,\
  76,00,63,00,00,00,73,00,65,00,63,00,6C,00,6F,00,67,00,6F,00,6E,00,00,00,53,00,\
  45,00,4E,00,53,00,00,00,53,00,65,00,73,00,73,00,69,00,6F,00,6E,00,45,00,\
  6E,00,76,00,00,00,53,00,68,00,61,00,72,00,65,00,64,00,61,00,63,00,63,00,\
  65,00,73,00,73,00,00,00,53,00,68,00,65,00,6C,00,6C,00,48,00,57,00,44,00,\
  65,00,74,00,65,00,63,00,74,00,69,00,6F,00,6E,00,00,00,73,00,63,00,68,00,\
  65,00,64,00,75,00,6C,00,65,00,00,00,53,00,52,00,53,00,65,00,72,00,76,00,\
  69,00,63,00,65,00,00,00,54,00,61,00,70,00,69,00,73,00,72,00,76,00,00,00,54,00,\
  65,00,72,00,6D,00,53,00,65,00,72,00,76,00,69,00,63,00,65,00,00,00,54,00,\
  68,00,65,00,6D,00,65,00,73,00,00,00,75,00,70,00,6C,00,6F,00,61,00,64,00,\
  6D,00,67,00,72,00,00,00,77,00,65,00,72,00,63,00,70,00,6C,00,73,00,75,00,\
  70,00,70,00,6F,00,72,00,74,00,00,00,77,00,69,00,6E,00,6D,00,67,00,6D,00,\
  74,00,00,00,57,00,6D,00,64,00,6D,00,50,00,6D,00,53,00,70,00,00,00,57,00,\
  6D,00,69,00,00,00,77,00,75,00,61,00,75,00,73,00,65,00,72,00,76,00,00,00,00,00

DDS::
mStart Page = hxxp://home.sweetim.com

RegLock::
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows CE Services]
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]

Reboot::
  • Ulozte vytvoreny TXT jako CFScript.txt
  • Pretahnete vytvoreny CFScript.txt nad Combofix a pustte (viz obrazek nize)
    Obrázek
  • Po aplikaci skriptu (a pripadnem restartu) na Vas vypadne log, jeho obsah sem vlozte
:arrow: Muze se stat, ze po aplikaci skriptu nenabehnou windows, v tomto pripade restartuje PC a mackejte F8 a zvolte Posledni znamou konfiguraci
"Kdo víno má a nepije,kdo hrozny má a nejí je, kdo ženu má a nelíbá, kdo zábavě se vyhýbá, na toho vemte bič a hůl, to není člověk, to je vůl."
Člen Obrázek od 1. února 2011.
Nahoru
Ashok28
Vzorný návštěvník
Vzorný návštěvník
Příspěvky: 370
Registrován: 01 kvě 2011 22:26

Re: Trojan Dybalom

#10 Příspěvek od Ashok28 »

Po tom co jsem CF aplikoval PC absolutne nefunguje. Uzivatelske profili jsou prazdne, cerna plocha bez jakychkoliv ikon dale pise mi hlasku ze chyby account configuration ze system32. Dal jsem posledni znamou konfiguraci ale je to bez vysledku. Zadne aplikace nefungujou jenom zazrakem se mi povedlo spustit IE a Task Manager.
Co s tim mam delat[nejde otaznik mam jenom anglickou klavesnici...] da se to n+ejak opravit nebo sem v loji a muzu jenom reinstalovat system[otaznik]
Nahoru
Uživatelský avatar
vyosek
VIP
VIP
Příspěvky: 56373
Registrován: 07 lis 2006 15:24
Bydliště: Šalingrad - Brno

Re: Trojan Dybalom

#11 Příspěvek od vyosek »

Co nouzovy rezim :???:

Zkuste jeste opravnou instalaci - navod zde http://viry.cz/forum/viewtopic.php?f=46&t=41036
"Kdo víno má a nepije,kdo hrozny má a nejí je, kdo ženu má a nelíbá, kdo zábavě se vyhýbá, na toho vemte bič a hůl, to není člověk, to je vůl."
Člen Obrázek od 1. února 2011.
Nahoru
Ashok28
Vzorný návštěvník
Vzorný návštěvník
Příspěvky: 370
Registrován: 01 kvě 2011 22:26

Re: Trojan Dybalom

#12 Příspěvek od Ashok28 »

V nouzovém režimu fungují aspoň aplikace ale veškeré věci co jsem měl na ploše jsou fuč... Jako dostanu se k nim přes C://Použivatelé etc. ale na na ploše fyzicky nejsou... Z chybové hlášky co na mě vyskočila jsem pochopil že byl smazán nějaký konfigurační soubor který kontroloval použivatelské profily.
No každopádně jdu vyskoušet tu opravnou instalaci.
Nahoru
Ashok28
Vzorný návštěvník
Vzorný návštěvník
Příspěvky: 370
Registrován: 01 kvě 2011 22:26

Re: Trojan Dybalom

#13 Příspěvek od Ashok28 »

Tak vše se mi povedlo vrátit do púvodního stavu pomocí HP utility. Bohužel se taky vrátili hlášky že se chce spustit program 27340.exe apod. Také lshss.exe je zpět na svém místě. Mám opět udělat všechny procedůry co jsme dělali od začátku?
Nahoru
Uživatelský avatar
vyosek
VIP
VIP
Příspěvky: 56373
Registrován: 07 lis 2006 15:24
Bydliště: Šalingrad - Brno

Re: Trojan Dybalom

#14 Příspěvek od vyosek »

Ne, ComboFix uz radeji poustet nebudem :o

:arrow: Stahnete Malwarebytes' Anti-Malware (zkracene MBAM) (viz muj podpis)
  • Provedte aktualizaci - treti zalozka
  • Provedte uplny sken - nic nemazte :!:
  • MBAM miva obcas falesne detekce, proto vlozte log do prispevku a pockejte na posouzeni
"Kdo víno má a nepije,kdo hrozny má a nejí je, kdo ženu má a nelíbá, kdo zábavě se vyhýbá, na toho vemte bič a hůl, to není člověk, to je vůl."
Člen Obrázek od 1. února 2011.
Nahoru
Ashok28
Vzorný návštěvník
Vzorný návštěvník
Příspěvky: 370
Registrován: 01 kvě 2011 22:26

Re: Trojan Dybalom

#15 Příspěvek od Ashok28 »

Zde je log:


Malwarebytes' Anti-Malware 1.51.1.1800
www.malwarebytes.org

Verzia databázy: 7307

Windows 6.1.7601 Service Pack 1
Internet Explorer 9.0.8112.16421

28. 7. 2011 10:33:23
mbam-log-2011-07-28 (10-33-17).txt

Typ kontroly: Rýchla kontrola
Objektov kontrolovaných: 223721
Uplynutý čas: 5 min, 13 sek

Infikované služby pamäte: 1
Infikované moduly pamäte: 0
Infikované registračné kľúče: 2
Infikované registračné hodnoty: 0
Infikované položky registračných dát: 0
Infikované priečinky: 0
Infikované súbory: 11

Infikované služby pamäte:
c:\Users\Ashok28\AppData\Roaming\lshss.exe (Trojan.Agent) -> 8948 -> No action taken.

Infikované moduly pamäte:
(Škodlivé položky neboli zistené)

Infikované registračné kľúče:
HKEY_CURRENT_USER\Software\DC3_FEXEC (Malware.Trace) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\iTunes.exe (Security.Hijack) -> No action taken.

Infikované registračné hodnoty:
(Škodlivé položky neboli zistené)

Infikované položky registračných dát:
(Škodlivé položky neboli zistené)

Infikované priečinky:
(Škodlivé položky neboli zistené)

Infikované súbory:
c:\Users\Ashok28\AppData\Roaming\lshss.exe (Trojan.Agent) -> No action taken.
c:\$RECYCLE.BIN\s-1-5-21-2094344383-1364548060-3467643000-1011\$RVQVKND.exe (HackTool.Agent) -> No action taken.
c:\Users\Ashok28\AppData\Roaming\27340.exe (Rogue.Agent.Gen) -> No action taken.
c:\Users\Ashok28\AppData\Roaming\31547.exe (Rogue.Agent.Gen) -> No action taken.
c:\Users\Ashok28\AppData\Roaming\33673.exe (Rogue.Agent.Gen) -> No action taken.
c:\Users\Ashok28\AppData\Roaming\53964.exe (Rogue.Agent.Gen) -> No action taken.
c:\Users\Ashok28\AppData\Roaming\56841.exe (Rogue.Agent.Gen) -> No action taken.
c:\Users\Ashok28\AppData\Roaming\59632.exe (Rogue.Agent.Gen) -> No action taken.
c:\Users\Ashok28\AppData\Roaming\70796.exe (Rogue.Agent.Gen) -> No action taken.
c:\Users\Ashok28\AppData\Roaming\71106.exe (Rogue.Agent.Gen) -> No action taken.
c:\Users\Ashok28\AppData\Roaming\81881.exe (Rogue.Agent.Gen) -> No action taken.
Nahoru
Odpovědět

Zpět na „Sekce pouze pro Vzorné návštěvníky“