Smadow.gen!B
Napsal: 01 říj 2011 20:42
Dobrý den,
prosím o pomoc s odstraněním Backdoor viru SmadowGenB. Microsoft security essentials jej najde, odstraní, požaduje reset, po resetu se však vir objevuje stále znova a znova...
LOG přikládám. Díky Luk
Logfile of random's system information tool 1.09 (written by random/random)
Run by Luk at 2011-10-01 21:39:12
Microsoft Windows 7 Professional Service Pack 1
System drive C: has 76 GB (35%) free of 221 GB
Total RAM: 1903 MB (29% free)
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-09-22 75200]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll [2009-01-26 1879896]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B}]
Search Helper - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll [2010-09-22 191792]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live ID Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21 439168]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE}]
QIPBHO Class - C:\Users\Luk\AppData\Roaming\Microsoft\Internet Explorer\qipsearchbar.dll [2010-10-12 149968]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}]
Skype Browser Helper - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2011-05-16 1164680]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
Nero Toolbar - C:\Program Files\Ask.com\GenericAskToolbar.dll [2010-02-04 1197448]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-07-22 41760]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{0BF43445-2F28-4351-9252-17FE6E806AA0}
{D4027C7F-154A-4066-A1AD-4243D8127440} - Nero Toolbar - C:\Program Files\Ask.com\GenericAskToolbar.dll [2010-02-04 1197448]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"=C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe [2009-08-25 186904]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2010-06-04 1791272]
"File Sanitizer"=C:\Program Files\Hewlett-Packard\File Sanitizer\CoreShredder.exe []
"IgfxTray"=C:\windows\system32\igfxtray.exe [2009-12-17 141848]
"HotKeysCmds"=C:\windows\system32\hkcmd.exe [2009-12-17 175640]
"Persistence"=C:\windows\system32\igfxpers.exe [2009-12-17 166936]
"SysTrayApp"=C:\Program Files\IDT\WDM\sttray.exe [2009-12-03 495711]
"QLBController"=C:\Program Files\Hewlett-Packard\HP HotKey Support\QLBController.exe [2010-01-04 254520]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2011-09-08 37296]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2011-03-30 937920]
"Nero MediaHome 4"=C:\Program Files\Nero\Nero MediaHome 4\NeroMediaHome.exe [2010-03-08 5174568]
"MSC"=c:\Program Files\Microsoft Security Client\msseces.exe [2011-06-15 997920]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"HPADVISOR"=C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe autorun=AUTORUN []
"LightScribe Control Panel"=C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe [2009-06-17 2363392]
"QIP Internet Guardian"=C:\Users\Luk\AppData\Roaming\QipGuard\QipGuard.exe /p []
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"=C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe []
"Infium"=C:\Program Files\QIP 2010\qip.exe [2011-07-18 6812032]
""= []
"SpybotSD TeaTimer"=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2009-03-05 2260480]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPSON Stylus DX4400 Series]
C:\windows\system32\spool\DRIVERS\W32X86\3\E_FATICAE.EXE [2007-03-01 180736]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NokiaMServer]
C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer /watchfiles startup []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SkinClock]
C:\Program Files\Free Desktop Clock\DesktopClock.exe []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TomTomHOME.exe]
C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe []
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
Bluetooth.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Users\Luk\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
JDownloader.lnk - C:\Program Files\JDownloader\JDownloader.exe
Microsoft Office Outlook 2007.lnk - C:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\outicon.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\windows\system32\igfxdev.dll [2009-11-21 226304]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\90070948.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\90070948.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MsMpSvc]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=0
"ConsentPromptBehaviorUser"=3
"EnableLUA"=0
"EnableUIADesktopToggle"=0
"PromptOnSecureDesktop"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVYU"=msyuv.dll
"VIDC.IYUV"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"VIDC.YVU9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"vidc.cvid"=iccvid.dll
"MSVideo8"=VfWWDM32.dll
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv
"wave2"=wdmaud.drv
"midi2"=wdmaud.drv
"mixer2"=wdmaud.drv
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"vidc.XVID"=xvidvfw.dll
"wave3"=wdmaud.drv
"midi3"=wdmaud.drv
"mixer3"=wdmaud.drv
"wave4"=wdmaud.drv
"midi4"=wdmaud.drv
"mixer4"=wdmaud.drv
"wave5"=wdmaud.drv
"midi5"=wdmaud.drv
"mixer5"=wdmaud.drv
======File associations======
.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*
.txt - open - "C:\Program Files\PSPad editor\PSPad.exe" "%1"
======List of files/folders created in the last 1 month======
2011-10-01 21:39:13 ----D---- C:\Program Files\trend micro
2011-10-01 21:39:12 ----D---- C:\rsit
2011-10-01 21:25:34 ----A---- C:\windows\system32\drivers\bimfqvxj.sys
2011-10-01 21:16:26 ----D---- C:\ProgramData\Spybot - Search & Destroy
2011-10-01 21:16:26 ----D---- C:\Program Files\Spybot - Search & Destroy
2011-10-01 21:05:55 ----A---- C:\TDSSKiller.2.6.2.0_01.10.2011_21.05.55_log.txt
2011-10-01 19:08:43 ----A---- C:\windows\system32\drivers\13424537.sys
2011-10-01 19:05:23 ----D---- C:\windows\Minidump
2011-10-01 18:49:10 ----D---- C:\a
2011-09-16 07:29:03 ----SHD---- C:\Config.Msi
======List of files/folders modified in the last 1 month======
2011-10-01 21:39:13 ----RD---- C:\Program Files
2011-10-01 21:29:49 ----D---- C:\windows\Temp
2011-10-01 21:29:22 ----D---- C:\windows\system32\config
2011-10-01 21:25:34 ----D---- C:\windows\system32\drivers
2011-10-01 21:20:19 ----D---- C:\Users\Luk\AppData\Roaming\QipGuard
2011-10-01 21:16:26 ----HD---- C:\ProgramData
2011-10-01 21:15:52 ----D---- C:\Program Files\QIP 2010
2011-10-01 21:15:05 ----A---- C:\windows\system32\log.txt
2011-10-01 21:12:32 ----D---- C:\Downloads
2011-10-01 20:58:24 ----D---- C:\Windows
2011-10-01 20:43:36 ----SHD---- C:\System Volume Information
2011-10-01 20:09:59 ----D---- C:\windows\System32
2011-10-01 19:25:03 ----D---- C:\windows\Prefetch
2011-10-01 19:00:23 ----A---- C:\windows\ntbtlog.txt
2011-10-01 17:35:37 ----D---- C:\Program Files\Fingerprint Sensor
2011-10-01 17:35:37 ----D---- C:\Program Files\Common Files\LightScribe
2011-10-01 17:35:37 ----D---- C:\Program Files\CDBurnerXP
2011-10-01 17:08:26 ----D---- C:\Program Files\Opera
2011-10-01 13:01:33 ----D---- C:\MP3
2011-09-29 18:32:20 ----D---- C:\Program Files\JDownloader
2011-09-28 18:08:25 ----A---- C:\windows\system32\MRT.exe
2011-09-26 19:26:14 ----D---- C:\Users\Luk\AppData\Roaming\Skype
2011-09-16 07:30:32 ----D---- C:\windows\inf
2011-09-16 07:30:32 ----A---- C:\windows\system32\PerfStringBackup.INI
2011-09-16 07:29:43 ----SHD---- C:\windows\Installer
2011-09-16 07:28:57 ----D---- C:\Program Files\PokerStars.NET
2011-09-14 07:41:08 ----D---- C:\ProgramData\Microsoft Help
2011-09-14 07:35:34 ----D---- C:\windows\winsxs
2011-09-14 07:34:00 ----D---- C:\windows\system32\catroot
2011-09-14 07:09:01 ----D---- C:\windows\system32\catroot2
2011-09-08 17:58:56 ----RSD---- C:\windows\assembly
2011-09-08 17:58:56 ----D---- C:\windows\Microsoft.NET
2011-09-07 20:20:39 ----D---- C:\windows\system32\DriverStore
prosím o pomoc s odstraněním Backdoor viru SmadowGenB. Microsoft security essentials jej najde, odstraní, požaduje reset, po resetu se však vir objevuje stále znova a znova...
LOG přikládám. Díky Luk
Logfile of random's system information tool 1.09 (written by random/random)
Run by Luk at 2011-10-01 21:39:12
Microsoft Windows 7 Professional Service Pack 1
System drive C: has 76 GB (35%) free of 221 GB
Total RAM: 1903 MB (29% free)
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-09-22 75200]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll [2009-01-26 1879896]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B}]
Search Helper - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll [2010-09-22 191792]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live ID Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21 439168]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE}]
QIPBHO Class - C:\Users\Luk\AppData\Roaming\Microsoft\Internet Explorer\qipsearchbar.dll [2010-10-12 149968]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}]
Skype Browser Helper - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2011-05-16 1164680]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
Nero Toolbar - C:\Program Files\Ask.com\GenericAskToolbar.dll [2010-02-04 1197448]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-07-22 41760]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{0BF43445-2F28-4351-9252-17FE6E806AA0}
{D4027C7F-154A-4066-A1AD-4243D8127440} - Nero Toolbar - C:\Program Files\Ask.com\GenericAskToolbar.dll [2010-02-04 1197448]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"=C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe [2009-08-25 186904]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2010-06-04 1791272]
"File Sanitizer"=C:\Program Files\Hewlett-Packard\File Sanitizer\CoreShredder.exe []
"IgfxTray"=C:\windows\system32\igfxtray.exe [2009-12-17 141848]
"HotKeysCmds"=C:\windows\system32\hkcmd.exe [2009-12-17 175640]
"Persistence"=C:\windows\system32\igfxpers.exe [2009-12-17 166936]
"SysTrayApp"=C:\Program Files\IDT\WDM\sttray.exe [2009-12-03 495711]
"QLBController"=C:\Program Files\Hewlett-Packard\HP HotKey Support\QLBController.exe [2010-01-04 254520]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2011-09-08 37296]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2011-03-30 937920]
"Nero MediaHome 4"=C:\Program Files\Nero\Nero MediaHome 4\NeroMediaHome.exe [2010-03-08 5174568]
"MSC"=c:\Program Files\Microsoft Security Client\msseces.exe [2011-06-15 997920]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"HPADVISOR"=C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe autorun=AUTORUN []
"LightScribe Control Panel"=C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe [2009-06-17 2363392]
"QIP Internet Guardian"=C:\Users\Luk\AppData\Roaming\QipGuard\QipGuard.exe /p []
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"=C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe []
"Infium"=C:\Program Files\QIP 2010\qip.exe [2011-07-18 6812032]
""= []
"SpybotSD TeaTimer"=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2009-03-05 2260480]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPSON Stylus DX4400 Series]
C:\windows\system32\spool\DRIVERS\W32X86\3\E_FATICAE.EXE [2007-03-01 180736]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NokiaMServer]
C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer /watchfiles startup []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SkinClock]
C:\Program Files\Free Desktop Clock\DesktopClock.exe []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TomTomHOME.exe]
C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe []
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
Bluetooth.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Users\Luk\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
JDownloader.lnk - C:\Program Files\JDownloader\JDownloader.exe
Microsoft Office Outlook 2007.lnk - C:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\outicon.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\windows\system32\igfxdev.dll [2009-11-21 226304]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\90070948.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\90070948.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MsMpSvc]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=0
"ConsentPromptBehaviorUser"=3
"EnableLUA"=0
"EnableUIADesktopToggle"=0
"PromptOnSecureDesktop"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVYU"=msyuv.dll
"VIDC.IYUV"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"VIDC.YVU9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"vidc.cvid"=iccvid.dll
"MSVideo8"=VfWWDM32.dll
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv
"wave2"=wdmaud.drv
"midi2"=wdmaud.drv
"mixer2"=wdmaud.drv
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"vidc.XVID"=xvidvfw.dll
"wave3"=wdmaud.drv
"midi3"=wdmaud.drv
"mixer3"=wdmaud.drv
"wave4"=wdmaud.drv
"midi4"=wdmaud.drv
"mixer4"=wdmaud.drv
"wave5"=wdmaud.drv
"midi5"=wdmaud.drv
"mixer5"=wdmaud.drv
======File associations======
.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*
.txt - open - "C:\Program Files\PSPad editor\PSPad.exe" "%1"
======List of files/folders created in the last 1 month======
2011-10-01 21:39:13 ----D---- C:\Program Files\trend micro
2011-10-01 21:39:12 ----D---- C:\rsit
2011-10-01 21:25:34 ----A---- C:\windows\system32\drivers\bimfqvxj.sys
2011-10-01 21:16:26 ----D---- C:\ProgramData\Spybot - Search & Destroy
2011-10-01 21:16:26 ----D---- C:\Program Files\Spybot - Search & Destroy
2011-10-01 21:05:55 ----A---- C:\TDSSKiller.2.6.2.0_01.10.2011_21.05.55_log.txt
2011-10-01 19:08:43 ----A---- C:\windows\system32\drivers\13424537.sys
2011-10-01 19:05:23 ----D---- C:\windows\Minidump
2011-10-01 18:49:10 ----D---- C:\a
2011-09-16 07:29:03 ----SHD---- C:\Config.Msi
======List of files/folders modified in the last 1 month======
2011-10-01 21:39:13 ----RD---- C:\Program Files
2011-10-01 21:29:49 ----D---- C:\windows\Temp
2011-10-01 21:29:22 ----D---- C:\windows\system32\config
2011-10-01 21:25:34 ----D---- C:\windows\system32\drivers
2011-10-01 21:20:19 ----D---- C:\Users\Luk\AppData\Roaming\QipGuard
2011-10-01 21:16:26 ----HD---- C:\ProgramData
2011-10-01 21:15:52 ----D---- C:\Program Files\QIP 2010
2011-10-01 21:15:05 ----A---- C:\windows\system32\log.txt
2011-10-01 21:12:32 ----D---- C:\Downloads
2011-10-01 20:58:24 ----D---- C:\Windows
2011-10-01 20:43:36 ----SHD---- C:\System Volume Information
2011-10-01 20:09:59 ----D---- C:\windows\System32
2011-10-01 19:25:03 ----D---- C:\windows\Prefetch
2011-10-01 19:00:23 ----A---- C:\windows\ntbtlog.txt
2011-10-01 17:35:37 ----D---- C:\Program Files\Fingerprint Sensor
2011-10-01 17:35:37 ----D---- C:\Program Files\Common Files\LightScribe
2011-10-01 17:35:37 ----D---- C:\Program Files\CDBurnerXP
2011-10-01 17:08:26 ----D---- C:\Program Files\Opera
2011-10-01 13:01:33 ----D---- C:\MP3
2011-09-29 18:32:20 ----D---- C:\Program Files\JDownloader
2011-09-28 18:08:25 ----A---- C:\windows\system32\MRT.exe
2011-09-26 19:26:14 ----D---- C:\Users\Luk\AppData\Roaming\Skype
2011-09-16 07:30:32 ----D---- C:\windows\inf
2011-09-16 07:30:32 ----A---- C:\windows\system32\PerfStringBackup.INI
2011-09-16 07:29:43 ----SHD---- C:\windows\Installer
2011-09-16 07:28:57 ----D---- C:\Program Files\PokerStars.NET
2011-09-14 07:41:08 ----D---- C:\ProgramData\Microsoft Help
2011-09-14 07:35:34 ----D---- C:\windows\winsxs
2011-09-14 07:34:00 ----D---- C:\windows\system32\catroot
2011-09-14 07:09:01 ----D---- C:\windows\system32\catroot2
2011-09-08 17:58:56 ----RSD---- C:\windows\assembly
2011-09-08 17:58:56 ----D---- C:\windows\Microsoft.NET
2011-09-07 20:20:39 ----D---- C:\windows\system32\DriverStore
