Welcome, Guest. Please login or register. Did you miss your activation email?
Mạng BoCau :: Cửa tự động :: Sơn Hà

Author Topic: Virus nhiễm máy tinh  (Read 3022 times)

nhien235

  • Registered Users
  • Thank You
  • -Given: 0
  • -Receive: 0
  • Posts: 1
  • Karma: +0/-0

Hijack Hunter 1.8.4.1
http://www.novirusthanks.org
Log created on 27/2/2014 at 4:12:36 PM

  • Generic system info


Operating System: Microsoft Windows XP Service Pack 2 32-bit
Build Version: 2600.xpsp_sp2_qfe.070719-1309
Internet Explorer: 8.0.6001.18702
System Folder: C:\WINDOWS\system32

  • Running processes
[System Process] (0 bytes) (Unknown) () (HSAR) (d41d8cd98f00b204e9800998ecf8427e)
System (0 bytes) (Unknown) () (HSAR) (d41d8cd98f00b204e9800998ecf8427e)
C:\WINDOWS\system32\Ati2evxx.exe (536576 bytes) (ATI Technologies Inc.) (14/11/2008 6:58:31 PM) (--A-) (e4f45e3b56003b41e7c7863f79f4c108)
C:\WINDOWS\system32\BkavService.exe (291616 bytes) (Bk@v Corporation) (15/5/2013 12:15:09 AM) (--A-) (a8aa6cb54ef95f2dadf337b5df8def2c)
C:\Program Files\BkavPro\System\BkavSystemService.exe (287744 bytes) (Bk@v Corporation) (15/5/2013 12:15:50 AM) (--A-) (f2022088075482f8e25bf339188c482d)
C:\Program Files\asus\ASUS Data Security Manager\ADSMSrv.exe (73728 bytes) (Unknown) (20/1/2009 2:05:00 PM) (--A-) (609a6f49b6af0f25837f8a0edddb0745)
C:\WINDOWS\system32\acs.exe (467028 bytes) (Atheros) (21/12/2008 12:10:58 PM) (--A-) (3b8b1bdf87166fd146644e88df67442b)
C:\Program Files\BkavPro\Bka.exe (8317952 bytes) (Bk@v Corporation) (15/5/2013 12:15:09 AM) (--A-) (81712e4fc490d8983b4ff8b3eedd10b5)
C:\WINDOWS\system32\agrsmsvc.exe (13312 bytes) (Agere Systems) (16/11/2008 9:09:42 PM) (--AR) (efbc44fbd75e4f80bd927aebf6e7eade)
C:\WINDOWS\system32\BluProService.exe (162080 bytes) (Bk@v Corporation) (15/5/2013 12:15:10 AM) (--A-) (2ca0c641331e2fcfe5c67d710e984a31)
C:\WINDOWS\system32\drivers\CDAC11BA.EXE (54784 bytes) (Macrovision) (11/7/2013 2:35:28 PM) (--A-) (9bdbda21d3ba8e374fd06a405be10215)
C:\Documents and Settings\All Users\Application Data\DatacardService\HWDeviceService.exe (264704 bytes) (Unknown) (16/11/2010 8:37:38 PM) (----) (e956c0614367d4106a4411f151d494a5)
C:\Program Files\BLuPro\BLuPro.exe (108904 bytes) (Bk@v Corporation) (15/5/2013 12:15:47 AM) (--A-) (b2637610b47a4fbaf00482994272f687)
C:\Program Files\Java\jre6\bin\jqs.exe (153376 bytes) (Sun Microsystems, Inc.) (14/2/2014 6:42:23 PM) (--A-) (126a16f569122ae00ad3d12ef831d651)
E:\02. SOFTWARE\04. CHUONG TRINH UNG DUNG\UniKey\UniKeyNT.exe (261632 bytes) (Unknown) (20/3/2013 7:50:34 PM) (----) (14f1d57345979b8bdb5f5b3ac5f2e462)
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE (322120 bytes) (Microsoft Corporation) (19/6/2003 11:25:00 PM) (--A-) (11f714f85530a2bd134074dc30e99fca)
C:\Program Files\Touchpad Blocker\TouchpadBlocker.exe (837632 bytes) (KARPOLAN) (24/10/2011 3:09:54 AM) (--A-) (bb00d1566194dd3aa59c34b3900065c1)
C:\Program Files\CyberLink\Shared Files\RichVideo.exe (167936 bytes) (Unknown) (17/11/2008 10:32:32 AM) (----) (bd517c7fb119997effbe39d5e4b37b05)
C:\Program Files\BkavPro\System\BkavSystemServer.exe (945440 bytes) (Bk@v Corporation) (15/5/2013 12:15:50 AM) (--A-) (a1a95895eacc1875c95399c140bc8ee6)
C:\Program Files\TeamViewer\Version8\TeamViewer_Service.exe (3467768 bytes) (TeamViewer GmbH) (16/1/2013 9:06:43 PM) (--A-) (d723929aa980cead6b9c4433faf3fd74)
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe (602392 bytes) (Yahoo! Inc.) (10/11/2008 3:48:14 AM) (--A-) (dd0042f0c3b606a6a8b92d49afb18ad6)
C:\WINDOWS\system32\CAP2RSK.EXE (61892 bytes) (CANON INC.) (9/8/2013 3:19:47 PM) (--A-) (c9b2e02e5363b027b48ad6b676849fad)
C:\WINDOWS\system32\CNAB5RPK.EXE (63168 bytes) (CANON INC.) (13/6/2013 9:37:35 AM) (--A-) (80572c435d0fd73cb790a53ac9a1809d)
C:\WINDOWS\system32\CNAB6RPK.EXE (62912 bytes) (CANON INC.) (17/5/2013 10:04:24 PM) (--A-) (6e2094f444aa45352781a1ed6cef9d5a)
C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\CAP2SWK.EXE (138240 bytes) (CANON INC.) (6/9/2002) (--A-) (de80dc4ccfcf7a0c7e1a6300a6e22d13)
C:\Documents and Settings\INTEL\Desktop\Auto_TQTK_Gacon_v4.7.4\Auto_TQTK_GaCon.exe (2037248 bytes) (Gà Con Club) (6/2/2014 8:37:02 AM) (----) (a2fd8b30f9ac412f3174ed90e0ffbbbf)
C:\Program Files\BkavPro\System\Util\BkavUtil.exe (391680 bytes) (Bk@v Corporation) (12/9/2013 8:40:45 PM) (--A-) (0aaae82bb0d38930dc4466b272005a0c)
C:\Program Files\NhacCuaTui\1.0.6.23\NhacCuaTui.exe (2025848 bytes) (NCT Corporation) (10/9/2013 3:08:46 PM) (--A-) (955d0829074f38f55da894bd64cd8e8e)
C:\Documents and Settings\All Users\Application Data\WPM\wprotectmanager.exe (501904 bytes) (Cherished Technololgy LIMITED) (27/2/2014 4:05:22 PM) (--A-) (3fe10e8516db3f29817b03c5a446a3da)
C:\Program Files\Mozilla Firefox\firefox.exe (275568 bytes) (Mozilla Corporation) (24/2/2014 9:42:17 PM) (--A-) (d9184c5ff3fd526761d518a95aba74a3)
C:\Program Files\Mozilla Firefox\plugin-container.exe (18544 bytes) (Mozilla Corporation) (24/2/2014 9:42:16 PM) (--A-) (ff409c974a9ad58b82374deef6b44cbb)
C:\Program Files\NoVirusThanks\Hijack Hunter\HijackHunter.exe (628736 bytes) (NoVirusThanks Company Srl) (27/2/2014 4:11:57 PM) (--A-) (b6ffa83b91d78a0369fe0e15e4dba69c)

  • Loaded Modules


C:\WINDOWS\system32\Ati2evxx.dll (126976 bytes) (ATI Technologies Inc.) (14/11/2008 6:58:31 PM) (--A-) (ecbbc1343e71e16b3a356f360ba84349)
C:\WINDOWS\system32\msacm32.drv (20480 bytes) (Microsoft Corporation) (23/8/2001 11:00:00 AM) (--A-) (9a3bd5f55aadff859539142f6328a66e)
C:\WINDOWS\AppPatch\AcAdProc.dll (39424 bytes) (Microsoft Corporation) (20/9/2007 3:48:46 AM) (--A-) (edbdbac0b5ea347e4d89c8830b87d69b)
C:\WINDOWS\system32\Normaliz.dll (23552 bytes) (Microsoft Corporation) (20/9/2007 3:59:07 AM) (--A-) (10753a3adc3e39a3b10cc3f08e98e6b4)
C:\WINDOWS\system32\iertutil.dll (1985024 bytes) (Microsoft Corporation) (20/9/2007 3:58:52 AM) (--A-) (58bd4689e1dcd40a903721d7ef45f2ec)
C:\WINDOWS\system32\CAP2LMK.DLL (13824 bytes) (CANON INC.) (9/8/2013 3:19:47 PM) (--A-) (5972f5be8e912e392337575c09ceef9f)
C:\WINDOWS\system32\CAP2SMK.DLL (40960 bytes) (CANON INC.) (9/8/2013 3:19:47 PM) (--A-) (47d078918d61ef75c7b812bd5c11ef34)
C:\WINDOWS\system32\CAP2PTMN.DLL (24064 bytes) (CANON INC.) (9/8/2013 3:19:47 PM) (--A-) (278743b4c26878b9b1bf72616a1b110e)
C:\WINDOWS\system32\CNAB5LMK.DLL (28725 bytes) (CANON INC.) (13/6/2013 9:37:35 AM) (--A-) (38bc82faacc8ad2805ed6f725af4bef7)
C:\WINDOWS\system32\CNAB5SMK.DLL (102458 bytes) (CANON INC.) (13/6/2013 9:37:35 AM) (--A-) (9f7653395e223a703cbb7ad8e3f06e38)
C:\WINDOWS\system32\CNAB5PTU.DLL (28672 bytes) (CANON INC.) (13/6/2013 9:37:35 AM) (--A-) (3aa0dd30ba31aaadbdfef7d659e8a7aa)
C:\WINDOWS\system32\CNAB6LMK.DLL (28737 bytes) (CANON INC.) (17/5/2013 10:04:24 PM) (--A-) (a368e8ad4480024b5ea43f533160bec5)
C:\WINDOWS\system32\CNAB6SMK.DLL (102461 bytes) (CANON INC.) (17/5/2013 10:04:24 PM) (--A-) (927f7e975eb3495920ebfd270770ad9e)
C:\WINDOWS\system32\CNAB6PTU.DLL (28672 bytes) (CANON INC.) (17/5/2013 10:04:24 PM) (--A-) (c80c0a061a71290ca2f612a2dd0b1a9e)
C:\WINDOWS\system32\cpwmon2k.dll (88688 bytes) (Unknown) (14/2/2014 6:28:33 PM) (--A-) (94d297432c2b09bb1c4ffaf89fbee340)
C:\WINDOWS\system32\mdimon.dll (17920 bytes) (Microsoft Corporation) (17/11/2008 10:21:51 AM) (--A-) (cf0376023360aadd55c89ba50564afdc)
C:\WINDOWS\System32\spool\PRTPROCS\W32X86\mdippr.dll (18944 bytes) (Microsoft Corporation) (17/11/2008 10:21:51 AM) (--A-) (58e13a2292839321d3cdc918d5a4f5ae)
C:\WINDOWS\System32\spool\PRTPROCS\W32X86\filterpipelineprintproc.dll (89088 bytes) (Microsoft Corporation) (15/5/2013 7:03:34 AM) (--A-) (eee7f12d9ff46f68fbc0da059a359e9e)
C:\WINDOWS\system32\CNAB6EMU.DLL (192512 bytes) (CANON INC.) (17/5/2013 10:04:24 PM) (--A-) (c65d46a283ff27ea4b38ee9dd3bf2090)
C:\WINDOWS\system32\CAP2EMN.DLL (53760 bytes) (CANON INC.) (9/8/2013 3:19:47 PM) (--A-) (cc397e946ea63c324b26c3571d26db8c)
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\CNAB5MUI.DLL (1222656 bytes) (CANON INC.) (10/10/2007 10:00:00 PM) (--A-) (c658207c3c8e515f2b9d3c26d5ff39f9)
C:\WINDOWS\system32\athcfg20U.dll (307294 bytes) (Atheros) (21/12/2008 12:10:51 PM) (--A-) (b62c1f499c2f6dc0df8e31abb89e77b4)
C:\WINDOWS\system32\athcfg20ResU.dll (127079 bytes) (Atheros Communications, Inc.) (21/12/2008 12:10:51 PM) (--A-) (5a111d91aea246700a3f78dbe2b58c1c)
C:\WINDOWS\system32\odbcbcp.dll (24576 bytes) (Microsoft Corporation) (3/8/2004 10:56:46 PM) (--A-) (7aa15ccbe1dd20339200659af99d588f)
C:\WINDOWS\system32\MFC42LOC.DLL (53248 bytes) (Microsoft Corporation) (18/6/1998 5:08:31 AM) (--A-) (c272bfd418d3398a9f18e4a764f00629)
C:\WINDOWS\system32\wsfwDS.dll (254022 bytes) (Atheros Communications, Inc.) (21/12/2008 12:10:51 PM) (--A-) (008cd27cc69239adc597b2f913b3e85a)
C:\WINDOWS\system32\wsimd.dll (249924 bytes) (Atheros Communications, Inc.) (21/12/2008 12:10:51 PM) (--A-) (b217b8fe81476aad56b6600098dd87fd)
C:\WINDOWS\system32\DSA.dll (1265758 bytes) (Devicescape) (21/12/2008 12:10:51 PM) (--A-) (44c4a6a704241359c07cf72bb4469cf5)
C:\WINDOWS\system32\AcSignIcon.dll (185448 bytes) (Autodesk) (4/3/2006 12:55:56 PM) (--A-) (f29937a86031341fc60ce316d7f88881)
C:\WINDOWS\system32\ieframe.dll (11063808 bytes) (Microsoft Corporation) (20/9/2007 3:58:51 AM) (--A-) (729da5d23a9ad20a6aa353156a126420)
C:\WINDOWS\system32\wpdshserviceobj.dll (133632 bytes) (Microsoft Corporation) (20/9/2007 3:50:21 AM) (--A-) (045e228f71c31901084b64be59093499)
C:\WINDOWS\system32\portabledevicetypes.dll (166912 bytes) (Microsoft Corporation) (20/9/2007 3:49:42 AM) (--A-) (22358578cb321f3325496a3723029409)
C:\WINDOWS\system32\portabledeviceapi.dll (284160 bytes) (Microsoft Corporation) (20/9/2007 3:49:41 AM) (--A-) (9d45b2201d0ecf9f42136c7b99deb8b2)
C:\WINDOWS\system32\igfxpph.dll (212992 bytes) (Intel Corporation) (20/1/2009 1:59:20 PM) (--AR) (724fc2ddbee993632a4d3ebfb14de9b2)
C:\WINDOWS\system32\hccutils.DLL (106496 bytes) (Intel Corporation) (20/1/2009 1:59:20 PM) (--AR) (ebf795cf06269e6d3423b3e1d0388e66)
C:\WINDOWS\system32\igfxsrvc.dll (52224 bytes) (Intel Corporation) (20/1/2009 1:59:20 PM) (--AR) (feec22511112f6fed5d21fcb35a76464)
C:\WINDOWS\system32\igfxrENU.lrc (249856 bytes) (Intel Corporation) (20/1/2009 1:59:20 PM) (--AR) (a858f04375e85d0783f436072076cc69)
C:\WINDOWS\system32\dfshim.dll (1130824 bytes) (Microsoft Corporation) (11/11/2009 8:06:20 PM) (--A-) (fa4b5940b31853ade67a73026884c8c9)
C:\WINDOWS\system32\mscoree.dll (297808 bytes) (Microsoft Corporation) (18/3/2010 10:09:00 AM) (--A-) (b04db1f0b2652fcbccc5fd0c46579f0f)
C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscoreei.dll (413008 bytes) (Microsoft Corporation) (18/3/2010 1:16:28 PM) (--A-) (83ba5e873164a3711b44052f58c8fe9f)
C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\clr.dll (6730056 bytes) (Microsoft Corporation) (18/3/2010 1:16:28 PM) (--A-) (cc30b8e9489f35940de00f407f61a592)
C:\WINDOWS\system32\MSVCR100_CLR0400.dll (771424 bytes) (Microsoft Corporation) (18/3/2010 1:16:28 PM) (--A-) (e5f7c30edf0892667933be879f067d67)
C:\WINDOWS\system32\MFC71ENU.DLL (57344 bytes) (Microsoft Corporation) (18/3/2003 8:44:38 PM) (--A-) (baf751e7061ff626aa60f56d1d5d1fdc)
C:\WINDOWS\system32\asfsipc.dll (14832 bytes) (Microsoft Corporation) (9/8/1999 2:39:20 PM) (--A-) (5e7d78e61129ff8b4e129c000b52f5fb)
C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\CAP2PMN.DLL (134144 bytes) (CANON INC.) (8/2/2002) (--A-) (8a30387e2c719586a6a06dd3d992b74f)
C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\CAP2SMK.DLL (40960 bytes) (CANON INC.) (22/11/2004) (--A-) (47d078918d61ef75c7b812bd5c11ef34)
C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll (5815296 bytes) (Microsoft Corporation) (25/7/2008 11:16:58 AM) (--A-) (67bf0c8bda19a0e61bf2de5b499049e4)
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\9adb89fa22fd5b4ce433b5aca7fb1b07\mscorlib.ni.dll (11485184 bytes) (Microsoft Corporation) (15/5/2013 7:21:49 AM) (--A-) (d3bc53216811710e24046c80c3907785)
C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll (367104 bytes) (Microsoft Corporation) (25/7/2008 11:17:00 AM) (--A-) (989caeaa4ada032d649395a3311ff98b)
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\aa7926460a336408c8041330ad90929d\System.ni.dll (7867392 bytes) (Microsoft Corporation) (15/5/2013 7:22:00 AM) (--A-) (d234ce89c6bf195b4c7ea2a883c228df)
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\6978f2e90f13bc720d57fa6895c911e2\System.Drawing.ni.dll (1587200 bytes) (Microsoft Corporation) (15/5/2013 7:27:19 AM) (--A-) (e5365e044825c61d1627e930ac7b8bd6)
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\9a254c455892c02355ab0ab0f0727c5b\System.Windows.Forms.ni.dll (12428800 bytes) (Microsoft Corporation) (15/5/2013 7:27:32 AM) (--A-) (657c1698ca70b074f918e33fdbdf6484)
C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsec.dll (77312 bytes) (Microsoft Corporation) (25/7/2008 11:17:00 AM) (--A-) (f282d4edd85d53e20d902cc92190c5f5)
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Data\0b40341027c01716cec1dd97592698e0\System.Data.ni.dll (6614016 bytes) (Microsoft Corporation) (15/5/2013 7:27:04 AM) (--A-) (9bf2d2638da15adf25a1166b7134a8c5)
C:\WINDOWS\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll (2933248 bytes) (Microsoft Corporation) (15/5/2013 7:02:37 AM) (--A-) (16f96c1496cbd0965285ab19a9271d02)
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\36f3953f24d4f0b767bf172331ad6f3e\System.Xml.ni.dll (5449728 bytes) (Microsoft Corporation) (15/5/2013 7:27:38 AM) (--A-) (fa93bc3b3867980b4021e6894f39bd42)
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Core\6c69930d05c557da70144bcc0add7065\System.Core.ni.dll (2294784 bytes) (Microsoft Corporation) (15/5/2013 7:26:58 AM) (--A-) (5b0d4f185986826957a84d96a8bc533c)
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Data.DataSet#\4f4ddae492a4a4ce4a2961f3d72d9399\System.Data.DataSetExtensions.ni.dll (135680 bytes) (Microsoft Corporation) (15/5/2013 8:43:49 AM) (--A-) (ba359743889fea32e90f38afa04a89a2)
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\cb4cb21d14767292e079366a5d3d76cd\System.Configuration.ni.dll (970752 bytes) (Microsoft Corporation) (15/5/2013 8:43:31 AM) (--A-) (ed9f4b38227b793da5f1f404e6651065)
C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\diasymreader.dll (575496 bytes) (Microsoft Corporation) (25/7/2008 11:17:16 AM) (--A-) (860fad57b4668a9f5f350a9d5444ae89)
C:\WINDOWS\system32\Macromed\Flash\Flash32_12_0_0_70.ocx (16338824 bytes) (Adobe Systems, Inc.) (24/2/2014 7:26:11 AM) (--AR) (950e73d43ba3d8415ef788d301cbe364)
C:\WINDOWS\system32\Macromed\Flash\NPSWF32_12_0_0_70.dll (16265096 bytes) (Unknown) (25/2/2014 9:29:01 AM) (--A-) (d775fa6f1e88b3b99e69e8a0d6c3a819)

  • Registry startups


Value: Bk@v
Data: "C:\Program Files\BkavPro\Bka.exe" /Taskbar
Key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Value: BLuPro
Data: C:\Program Files\BLuPro\BLuPro.exe
Key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Value:
Data:
Key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Value: UniKey
Data: E:\02. SOFTWARE\04. CHUONG TRINH UNG DUNG\UniKey\UniKeyNT.exe
Key: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Value: TouchpadBlocker.exe
Data: "C:\Program Files\Touchpad Blocker\TouchpadBlocker.exe"
Key: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Value: NhacCuaTui
Data: C:\Program Files\NhacCuaTui\1.0.6.23\NhacCuaTui.exe
Key: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Value: StubPath
Data: C:\WINDOWS\system32\ieudinit.exe
Key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\<{12d0ed0d-0ee0-4f90-8827-78cefb8f4988}

Value: StubPath
Data: "C:\Program Files\Google\Chrome\Application\33.0.1750.117\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
Key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8A69D345-D564-463c-AFF1-A69D9E530F96}

Value: {02478D38-C3F9-4efb-9B51-7695ECA05670}
Data: C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
Key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}

Value: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
Data: C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
Key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}

Value: {136439F4-0642-63F2-6538-64DE1798290E}
Data: C:\Program Files\surf aiNd keieop\mlsfs3L.dll
Key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{136439F4-0642-63F2-6538-64DE1798290E}

Value: {18775249-5D5A-9D4B-3C27-A3F18618960F}
Data: C:\Program Files\suurf. annd keeP\MncZVOHbN.dll
Key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18775249-5D5A-9D4B-3C27-A3F18618960F}

Value: {2112B026-D7CB-5E58-94C1-6C96A85170E7}
Data: C:\Program Files\SearchNewTab\IJUOgegoC.dll
Key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2112B026-D7CB-5E58-94C1-6C96A85170E7}

Value: {2876549C-1023-4AA0-82FF-8ED7112D5269}
Data: C:\Program Files\BkavPro\SiteAdvisor\BkavIESiteAdvisor.dll
Key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2876549C-1023-4AA0-82FF-8ED7112D5269}

Value: {6C5FF460-6110-88C4-BDAA-F71BBCFA4A8F}
Data: C:\Program Files\SearchNewTab\mGT_W.dll
Key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6C5FF460-6110-88C4-BDAA-F71BBCFA4A8F}

Value: {6F3310A7-BF49-08C8-F574-CECC1A852F3B}
Data: C:\Program Files\SearchNewTab\19g5WTSflC.dll
Key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6F3310A7-BF49-08C8-F574-CECC1A852F3B}

Value: {94FE42C8-8BA2-6903-C1C9-E8D9C1C0FB50}
Data: C:\Program Files\SearchNewTab\gblzN.dll
Key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{94FE42C8-8BA2-6903-C1C9-E8D9C1C0FB50}

Value: {AE42E23C-1AE0-FF34-C598-3488242F508E}
Data: C:\Program Files\suarf and keeipa\ytTQ2m48.dll
Key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE42E23C-1AE0-FF34-C598-3488242F508E}

Value: {B01AF09D-2797-B940-709E-3BFB64ABD3C3}
Data: C:\Program Files\SearchNewTab\1L6.dll
Key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B01AF09D-2797-B940-709E-3BFB64ABD3C3}

Value: {B94A1656-7897-7078-DF1B-6597E0847B96}
Data: C:\Program Files\SearchNewTab\T2.dll
Key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B94A1656-7897-7078-DF1B-6597E0847B96}

Value: {C98A4078-FB38-8D48-DB43-93DEFD081634}
Data: C:\Program Files\sauRF Anda keep\xrxI2xLO.dll
Key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C98A4078-FB38-8D48-DB43-93DEFD081634}

Value: {DBC80044-A445-435b-BC74-9C25C1C588A9}
Data: C:\Program Files\Java\jre6\bin\jp2ssv.dll
Key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}

Value: {DE21635D-6380-0F35-14EA-B3398AFED466}
Data: C:\Program Files\SearchNewTab\sF1.dll
Key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DE21635D-6380-0F35-14EA-B3398AFED466}

Value: {E6F476B5-1077-05F7-80D0-2A570881A09F}
Data: C:\Program Files\suirf. aNd keepe\r.dll
Key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E6F476B5-1077-05F7-80D0-2A570881A09F}

Value: {E744E3FD-6DC0-DB81-45D1-6E91B9E1C1A3}
Data: C:\Program Files\suorff oaNiD keep\mRpk_.dll
Key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E744E3FD-6DC0-DB81-45D1-6E91B9E1C1A3}

Value: {E7E6F031-17CE-4C07-BC86-EABFE594F69C}
Data: C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
Key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}

Value: {EC37F85A-38BF-0C2C-AAF5-4F12ADF619A9}
Data: C:\Program Files\SearchNewTab\2AD.dll
Key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EC37F85A-38BF-0C2C-AAF5-4F12ADF619A9}

Value: {EECD5C94-93E7-A382-8DFE-F3007A96ECE8}
Data: C:\Program Files\surf  and kkeepp\dQtCdw.dll
Key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EECD5C94-93E7-A382-8DFE-F3007A96ECE8}

Value: {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}
Data: C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
Key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}

Value: {FE063DB1-4EC0-403e-8DD8-394C54984B2C}
Data: C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL
Key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FE063DB1-4EC0-403e-8DD8-394C54984B2C}


  • Other Startups Methods


Value: WPDShServiceObj
Data: C:\WINDOWS\system32\wpdshserviceobj.dll
CLSID: {AAA288BA-9A4C-45B0-95D7-94D524869DB5}
Key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad

Value: DLLName
Data: Ati2evxx.dll
Key: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent

Value: DLLName
Data: igfxdev.dll
Key: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui


  • Startup folders
  • TCPIP nameservers
  • Internet Explorer settings


Value: Start Page
Data: http://www.sweet-page.com/?type=hp&ts=1393491884&from=cor&uid=HitachiXHTS543216L9A300_081014FB0203LNHAG3BAX
Key: HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main

Value: Start Page
Data: http://www.sweet-page.com/?type=hp&ts=1393491884&from=cor&uid=HitachiXHTS543216L9A300_081014FB0203LNHAG3BAX
Key: HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main

Value: Default_Search_URL
Data: http://www.sweet-page.com/web/?type=ds&ts=1393491884&from=cor&uid=HitachiXHTS543216L9A300_081014FB0203LNHAG3BAX&q={searchTerms}
Key: HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main

Value: Search Page
Data: http://www.sweet-page.com/web/?type=ds&ts=1393491884&from=cor&uid=HitachiXHTS543216L9A300_081014FB0203LNHAG3BAX&q={searchTerms}
Key: HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main

Value: Window Title
Data: Windows Internet Explorer provided by Yahoo!
Key: HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main

Value: Default_Page_URL
Data: http://www.sweet-page.com/?type=hp&ts=1393491884&from=cor&uid=HitachiXHTS543216L9A300_081014FB0203LNHAG3BAX
Key: HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main

Value: SearchAssistant
Data: http://www.sweet-page.com/web/?type=ds&ts=1393491884&from=cor&uid=HitachiXHTS543216L9A300_081014FB0203LNHAG3BAX&q={searchTerms}
Key: HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search


  • Internet Explorer Trusted Sites
  • Windows Firewall allowed programs


Value: %windir%\Network Diagnostic\xpnetdiag.exe
Data: %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000
Key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List

Value: C:\Program Files\Internet Download Manager\IDMan.exe
Data: C:\Program Files\Internet Download Manager\IDMan.exe:*:Disabled:Internet Download Manager (IDM)
Key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List

Value: C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
Data: C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger
Key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List

Value: C:\Program Files\Yahoo!\Messenger\YServer.exe
Data: C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server
Key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List

Value: C:\WINDOWS\System32\CNAB6RPK.EXE
Data: C:\WINDOWS\System32\CNAB6RPK.EXE:*:Enabled:Canon LBP3500 RPC Server Process
Key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List

Value: C:\Program Files\Vinagame\ZingPlay\ZingPlay.exe
Data: C:\Program Files\Vinagame\ZingPlay\ZingPlay.exe:*:Enabled:Zing Play
Key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List

Value: C:\Program Files\Vinagame\ZingPlay\ZingPlayD.exe
Data: C:\Program Files\Vinagame\ZingPlay\ZingPlayD.exe:*:Enabled:Zing Play Downloader
Key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List

Value: C:\Program Files\TeamViewer\Version8\TeamViewer.exe
Data: C:\Program Files\TeamViewer\Version8\TeamViewer.exe:*:Enabled:Teamviewer Remote Control Application
Key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List

Value: C:\Program Files\TeamViewer\Version8\TeamViewer_Service.exe
Data: C:\Program Files\TeamViewer\Version8\TeamViewer_Service.exe:*:Enabled:Teamviewer Remote Control Service
Key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List

Value: C:\DOCUME~1\INTEL\LOCALS~1\Temp\13043b9.exe
Data: C:\DOCUME~1\INTEL\LOCALS~1\Temp\13043b9.exe:*:Enabled:ipsec
Key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List

Value: C:\WINDOWS\Explorer.EXE
Data: C:\WINDOWS\Explorer.EXE:*:Enabled:ipsec
Key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List

Value: C:\DOCUME~1\INTEL\LOCALS~1\Temp\winftnbu.exe
Data: C:\DOCUME~1\INTEL\LOCALS~1\Temp\winftnbu.exe:*:Enabled:ipsec
Key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List

Value: C:\DOCUME~1\INTEL\LOCALS~1\Temp\winieka.exe
Data: C:\DOCUME~1\INTEL\LOCALS~1\Temp\winieka.exe:*:Enabled:ipsec
Key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List

Value: C:\DOCUME~1\INTEL\LOCALS~1\Temp\windoxrw.exe
Data: C:\DOCUME~1\INTEL\LOCALS~1\Temp\windoxrw.exe:*:Enabled:ipsec
Key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List

Value: C:\DOCUME~1\INTEL\LOCALS~1\Temp\winhmodrs.exe
Data: C:\DOCUME~1\INTEL\LOCALS~1\Temp\winhmodrs.exe:*:Enabled:ipsec
Key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List

Value: C:\Program Files\Mozilla Firefox\plugin-container.exe
Data: C:\Program Files\Mozilla Firefox\plugin-container.exe:*:Enabled:ipsec
Key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List

Value: C:\DOCUME~1\INTEL\LOCALS~1\Temp\winyaacng.exe
Data: C:\DOCUME~1\INTEL\LOCALS~1\Temp\winyaacng.exe:*:Enabled:ipsec
Key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List

Value: %windir%\Network Diagnostic\xpnetdiag.exe
Data: %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000
Key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List

Value: C:\Program Files\Vinagame\ZingPlay\ZingPlay.exe
Data: C:\Program Files\Vinagame\ZingPlay\ZingPlay.exe:*:Enabled:Zing Play
Key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List

Value: C:\Program Files\Vinagame\ZingPlay\ZingPlayD.exe
Data: C:\Program Files\Vinagame\ZingPlay\ZingPlayD.exe:*:Enabled:Zing Play Downloader
Key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List


  • Windows Firewall allowed ports


Value: 139:TCP
Data: 139:TCP:*:Enabled:@xpsp2res.dll,-22004
Key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List

Value: 445:TCP
Data: 445:TCP:*:Enabled:@xpsp2res.dll,-22005
Key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List

Value: 137:UDP
Data: 137:UDP:*:Enabled:@xpsp2res.dll,-22001
Key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List

Value: 138:UDP
Data: 138:UDP:*:Enabled:@xpsp2res.dll,-22002
Key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List

Value: 3389:TCP
Data: 3389:TCP:*:Enabled:@xpsp2res.dll,-22009
Key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List

Value: 139:TCP
Data: 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
Key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List

Value: 445:TCP
Data: 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
Key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List

Value: 137:UDP
Data: 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
Key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List

Value: 138:UDP
Data: 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
Key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List

Value: 2702:TCP
Data: 2702:TCP:*:Enabled:fidsmuqn
Key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List

Value: 3389:TCP
Data: 3389:TCP:*:Enabled:@xpsp2res.dll,-22009
Key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List


  • System Hijack


Value: EnableLUA
Data: 0
Key: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System

Value: DisableSR
Data: 1
Key: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\SystemRestore

Value: FirstRunDisabled
Data: 1
Key: HKEY_LOCAL_MACHINE\Software\Microsoft\Security Center

Value: UacDisableNotify
Data: 1
Key: HKEY_LOCAL_MACHINE\Software\Microsoft\Security Center

Value: Start
Data: 4
Key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess

Value: Start
Data: 2
Key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry

Value: Start
Data: 4
Key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv

Value: Wallpaper
Data: C:\Documents and Settings\INTEL\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
Key: HKEY_CURRENT_USER\Control Panel\Desktop

Value: OriginalWallpaper
Data: C:\Documents and Settings\INTEL\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
Key: HKEY_CURRENT_USER\Control Panel\Desktop

Value: ConvertedWallpaper
Data: C:\WINDOWS\Web\Wallpaper\Tulips.jpg
Key: HKEY_CURRENT_USER\Control Panel\Desktop

Value: LoadAppInit_DLLs
Data: 1
Key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows

SafeBoot (Minimal) is NOT PRESENT!

  • Executables in Temp folders


C:\DOCUME~1\INTEL\LOCALS~1\Temp\~e5d141.tmp (46080 bytes) (Macrovision Europe Ltd.) (26/2/2014 9:09:44 PM) (--A-) (a19804b45575151100c3de28ddeba2fe)

  • Executables in suspicious folders


C:\WINDOWS\Temp\QRemover.exe (147456 bytes) (Unknown) (16/7/2013 12:04:16 PM) (--A-) (004fa62f61df14ea8623b474e49921af)
C:\WINDOWS\Temp\DeleteUSB.exe (143360 bytes) (Unknown) (16/7/2013 12:04:16 PM) (--A-) (80d740259e177515bb336c8896ad88dc)
C:\WINDOWS\Temp\PLUninst.exe (143360 bytes) (Unknown) (16/7/2013 12:04:16 PM) (--A-) (5e4d5ad7d6b97325158f9b208ed6b98b)
C:\WINDOWS\system32\athw.sys (1309504 bytes) (Atheros Communications, Inc.) (21/12/2008 12:10:47 PM) (--A-) (0297af4b89769159058b996c21218421)
C:\WINDOWS\system32\wsimd.sys (57408 bytes) (Atheros Communications, Inc.) (21/12/2008 12:10:51 PM) (--A-) (21ac4f228f3d36876a42277c76a766c0)
C:\WINDOWS\system32\SER9PL.sys (35892 bytes) (Prolific Technology Inc.) (16/7/2013 12:04:16 PM) (--A-) (a16fb34e56c781dc56be7492315655b9)
C:\Program Files\windows nt\hypertrm.exe (28160 bytes) (Hilgraeve, Inc.) (16/11/2008 8:33:59 PM) (--A-) (9dbb82fb602aa42b131c55c5d136dc9c)

  • Autorun.ini
  • Unknown .SYS files


C:\WINDOWS\system32\drivers\imagedrv.sys (5888 bytes) (Ahead Software AG) (15/8/2005 11:08:26 AM) (--A-) (25edd75e23c5ef6b33d0fbcce125a601)
C:\WINDOWS\system32\drivers\imagesrv.sys (127488 bytes) (Ahead Software AG) (15/8/2005 11:08:26 AM) (--A-) (9c4bbacf4e9b9543c3ce23f1fe556941)
C:\WINDOWS\system32\drivers\rspndr.sys (62336 bytes) (Microsoft Corporation) (20/9/2007 3:34:38 AM) (--A-) (0e11b35e972796042044bc27ce13b065)
C:\WINDOWS\system32\drivers\secdrv.sys (163644 bytes) (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) (20/9/2007 3:34:41 AM) (--A-) (07f7f501ad50de2ba2d5842d9b6d6155)
C:\WINDOWS\system32\drivers\sffp_mmc.sys (10240 bytes) (Microsoft Corporation) (20/9/2007 3:49:15 AM) (--A-) (bd6b206178a90d5a40158d1d3a67f8a7)
C:\WINDOWS\system32\drivers\wpdusb.sys (38528 bytes) (Microsoft Corporation) (20/9/2007 3:50:22 AM) (--A-) (cf4def1bf66f06964dc0d91844239104)
C:\WINDOWS\system32\drivers\wudfpf.sys (77568 bytes) (Microsoft Corporation) (20/9/2007 3:50:22 AM) (--A-) (f15feafffbb3644ccc80c5da584e6311)
C:\WINDOWS\system32\drivers\wudfrd.sys (82944 bytes) (Microsoft Corporation) (20/9/2007 3:50:22 AM) (--A-) (28b524262bce6de1f7ef9f510ba3985b)
C:\WINDOWS\system32\drivers\RtkHDAud.sys (4751360 bytes) (Realtek Semiconductor Corp.) (17/11/2008 10:34:48 AM) (--A-) (c73a4a48fbb3d00c7dbc6fe4f5e3675f)
C:\WINDOWS\system32\drivers\RtHDMI.sys (3684352 bytes) (Realtek Semiconductor Corp.) (17/11/2008 10:36:58 AM) (--A-) (ee76248ca187bb50ff964a287d420fee)
C:\WINDOWS\system32\drivers\ati2erec.dll (49152 bytes) (ATI Technologies Inc.) (14/11/2008 6:58:31 PM) (--A-) (a0da2add488c38f804180fd555e79d6e)
C:\WINDOWS\system32\drivers\ATKACPI.sys (7680 bytes) (ATK0100) (9/11/2008 12:03:44 PM) (--A-) (97affa9d95ffe20eee6229bc6be166cf)
C:\WINDOWS\system32\drivers\SiSGbeXP.sys (43392 bytes) (Silicon Integrated Systems Corp.) (17/11/2008 9:55:47 AM) (--A-) (a86e52c55de3488b3fc0ff2b8ad711bf)
C:\WINDOWS\system32\drivers\ar5211.sys (546976 bytes) (Atheros Communications, Inc.) (26/4/2008 9:18:53 AM) (--A-) (6d5f95602b8d0d994d31a864872b38ef)
C:\WINDOWS\system32\drivers\kbfiltr.sys (5632 bytes) (Unknown) (21/12/2008 12:06:58 PM) (--AR) (cc2a86d7bbf14977340dca61bbcba771)
C:\WINDOWS\system32\drivers\snp2uvc.sys (1807744 bytes) (Unknown) (21/12/2008 12:10:23 PM) (--AR) (85da7b2a2f248c8c69d7d0a526342683)
C:\WINDOWS\system32\drivers\sncduvc.sys (28160 bytes) (Unknown) (21/12/2008 12:10:24 PM) (--AR) (0057f29323c393a35903b4c5daf9a144)
C:\WINDOWS\system32\drivers\wsimd.sys (57408 bytes) (Atheros Communications, Inc.) (16/11/2008 9:21:24 PM) (--A-) (21ac4f228f3d36876a42277c76a766c0)
C:\WINDOWS\system32\drivers\igxpmp32.sys (6043040 bytes) (Intel Corporation) (20/1/2009 1:59:20 PM) (--AR) (c56fc0970b453e68eba1c78ae36185a8)
C:\WINDOWS\system32\drivers\Rtenicxp.sys (105856 bytes) (Realtek Semiconductor Corporation) (20/1/2009 2:02:00 PM) (--AR) (89619ef503f949fae09252a8b883ee11)
C:\WINDOWS\system32\drivers\AGRSM.sys (1203776 bytes) (Agere Systems) (22/11/2007 6:37:57 PM) (--AR) (1cfeba39fc613e45b49d3eddfbcda289)
C:\WINDOWS\system32\drivers\AsDsm.sys (29752 bytes) (Windows (R) Codename Longhorn DDK provider) (20/1/2009 2:05:00 PM) (--A-) (4385e371c25c94c804e9d3152bd9e1f7)
C:\WINDOWS\system32\drivers\athw.sys (1309504 bytes) (Atheros Communications, Inc.) (16/11/2008 9:21:54 PM) (--A-) (0297af4b89769159058b996c21218421)
C:\WINDOWS\system32\drivers\ew_mbbusbdev.sys (102144 bytes) (MBB Technologies Co., Ltd.) (14/5/2013 11:40:15 PM) (--A-) (9b1f05dd0697bd6f9f7119f259a9c93c)
C:\WINDOWS\system32\drivers\ewdcsc.sys (25472 bytes) (MBB Tech. Co., Ltd.) (14/5/2013 11:40:15 PM) (--A-) (43cabb4786d611ddfa537de02526e444)
C:\WINDOWS\system32\drivers\ewusbmdm.sys (106496 bytes) (MBB Technologies Co., Ltd.) (14/5/2013 11:40:15 PM) (--A-) (a47e11d22f85df9bdb6c489e29793b51)
C:\WINDOWS\system32\drivers\ewusbnet.sys (117632 bytes) (MBB Technologies Co., Ltd.) (14/5/2013 11:40:15 PM) (--A-) (ad6550df2691553ee5b6809fdb7e9177)
C:\WINDOWS\system32\drivers\ew_usbenumfilter.sys (11648 bytes) (MBB Technologies Co., Ltd.) (14/5/2013 11:40:15 PM) (--A-) (7730fce5c290292b6d302c511035a4ad)
C:\WINDOWS\system32\drivers\mod7700.sys (860928 bytes) (DiBcom SA) (14/5/2013 11:40:15 PM) (--A-) (8075a313a5a4e0c15e5a974e8a4eec66)
C:\WINDOWS\system32\drivers\BkavAuto.sys (65142 bytes) (Unknown) (15/5/2013 12:15:10 AM) (--A-) (62141247395efbf8bcd031ef0d93c8c9)
C:\WINDOWS\system32\drivers\Syslib.sys (336167 bytes) (Unknown) (15/5/2013 12:15:10 AM) (--A-) (d3674c2181adeac250338bf50457a348)
C:\WINDOWS\system32\drivers\Syslib0.sys (67072 bytes) (Bk@v Corporation) (15/5/2013 12:15:10 AM) (--A-) (e513bdbb68155bc72c60613cd106122b)
C:\WINDOWS\system32\drivers\Syslib1.sys (497664 bytes) (Bk@v Corporation) (15/5/2013 12:15:10 AM) (--A-) (513c892877920bd1ff8b28542af50f45)
C:\WINDOWS\system32\drivers\Syslib2.sys (49392 bytes) (Bk@v Corporation) (15/5/2013 12:15:10 AM) (--A-) (02eba2aae3ee58d3ba1e851373a370c5)
C:\WINDOWS\system32\drivers\Syslib3.sys (46080 bytes) (Bk@v Corporation) (15/5/2013 12:15:10 AM) (--A-) (5c63a75bc5a4bc39c9a99c14bd92035d)
C:\WINDOWS\system32\drivers\Syslib4.sys (1101824 bytes) (Bk@v Corporation) (15/5/2013 12:15:10 AM) (--A-) (571fc74a292b260419786986af84210b)
C:\WINDOWS\system32\drivers\Syslib5.sys (8645632 bytes) (Bk@v Corporation) (15/5/2013 12:15:10 AM) (--A-) (ab5bd73b9a3f0c995e30ff7046e88a25)
C:\WINDOWS\system32\drivers\Syslib6.sys (1956864 bytes) (Bk@v Corporation) (15/5/2013 12:15:11 AM) (--A-) (3d3417cc6da3f8133007add3ca3c2d76)
C:\WINDOWS\system32\drivers\Syslib7.sys (79600 bytes) (Bk@v Corporation) (15/5/2013 12:15:11 AM) (--A-) (b25de6b6feabb7c3586235b6f97a09df)
C:\WINDOWS\system32\drivers\BkavSD.sys (131184 bytes) (Bk@v Corporation) (15/5/2013 12:15:14 AM) (--A-) (1348e3f2339b84b410b89fe5a5e8edf3)
C:\WINDOWS\system32\drivers\BkavCoreLib.sys (60960 bytes) (Bk@v Corporation) (15/5/2013 12:15:14 AM) (--A-) (521f828d946270a9a742743084597dcb)
C:\WINDOWS\system32\drivers\BkavSR.sys (46592 bytes) (Bk@v Corporation) (15/5/2013 12:15:14 AM) (--A-) (c0ad26ecf09290d4495536da8d40a2a2)
C:\WINDOWS\system32\drivers\CRFILTER.sys (6656 bytes) (Generic) (7/4/2008 1:00:46 PM) (--A-) (d18893845ae1c5833b5b2ea9b7f5c670)
C:\WINDOWS\system32\drivers\RkDtyr.sys (5760 bytes) (BK@V) (1/7/2013 9:22:42 PM) (--A-) (94b0b8c3d468734bd5378f4a0d85354a)
C:\WINDOWS\system32\drivers\RkDtyrBt.sys (5888 bytes) (BK@V) (1/7/2013 9:22:43 PM) (--A-) (50972d1eb8d9c213d636a76d3c716665)
C:\WINDOWS\system32\drivers\CDAC15BA.SYS (12464 bytes) (Macrovision Europe Ltd) (11/7/2013 2:35:29 PM) (--A-) (f76cb7259aa575cc53f3996bc6b68c18)
C:\WINDOWS\system32\drivers\ser2pl.sys (50176 bytes) (Prolific Technology Inc.) (16/7/2013 12:04:16 PM) (--A-) (bc4649b8bc9c5f443f01a144cf996660)
C:\WINDOWS\system32\drivers\CAP2LPT.SYS (23232 bytes) (CANON INC.) (9/8/2013 3:19:47 PM) (--A-) (7b891f5a659e74cbd2094cf50087831e)
C:\WINDOWS\system32\drivers\ftdibus.sys (57536 bytes) (FTDI Ltd.) (12/11/2013 1:47:11 PM) (--A-) (47b9cf937ac479046da289bd5a769ce9)
C:\WINDOWS\system32\drivers\ftser2k.sys (72000 bytes) (FTDI Ltd.) (12/11/2013 1:47:11 PM) (--A-) (216b9a2191676034999785c7f94fa5d6)
C:\WINDOWS\system32\drivers\RimUsb.sys (22784 bytes) (Research In Motion Limited) (20/5/2008 7:33:50 PM) (--A-) (f17713d108aca124a139fde877eef68a)
C:\WINDOWS\system32\drivers\RimSerial.sys (26496 bytes) (Research in Motion Ltd) (16/5/2013 9:17:27 PM) (--AR) (d9b34325ee5df78b8f28a3de9f577c7d)
C:\WINDOWS\system32\drivers\pxhelp20.sys (43528 bytes) (Sonic Solutions) (1/5/2007 3:00:00 AM) (--A-) (d86b4a68565e444d76457f14172c875a)
C:\WINDOWS\system32\drivers\cdralw2k.sys (9464 bytes) (Sonic Solutions) (2/2/2007 4:00:00 AM) (--A-) (579da2f9f5401f55dae2cf8779d61dfc)
C:\WINDOWS\system32\drivers\cdr4_xp.sys (9336 bytes) (Sonic Solutions) (2/2/2007 4:00:00 AM) (--A-) (837eef65af62d4e8a37c41d3879f7274)

  • Non accessible files
  • Executables in Internet Explorer Folder


C:\Program Files\Internet Explorer\custsat.dll (33792 bytes) (Microsoft Corporation) (16/11/2008 8:34:18 PM) (--A-) (ad7a6ccd52c94700b1ba38ffaabcfbb8)
C:\Program Files\Internet Explorer\ExtExport.exe (144384 bytes) (Microsoft Corporation) (8/3/2009 4:35:04 AM) (----) (44d37a87f00d8684ad907dae295f67fb)
C:\Program Files\Internet Explorer\iecompat.dll (2048 bytes) (Microsoft Corporation) (8/3/2009 4:35:04 AM) (----) (d439e31044c4f0fbd41a0c7f30668c35)
C:\Program Files\Internet Explorer\iedvtool.dll (742912 bytes) (Microsoft Corporation) (8/3/2009 4:35:32 AM) (----) (bd3c4101b9340e697c9eb0c9c7c9fedf)
C:\Program Files\Internet Explorer\ieproxy.dll (246784 bytes) (Microsoft Corporation) (16/11/2008 8:34:23 PM) (--A-) (2ad2e831fb023915188008f5b3103f5b)
C:\Program Files\Internet Explorer\iexplore.exe.mui (12288 bytes) (Microsoft Corporation) (8/3/2009 2:21:44 PM) (----) (943030b55fdb56fb8b8fcc086071e119)
C:\Program Files\Internet Explorer\jsdbgui.dll (521216 bytes) (Microsoft Corporation) (8/3/2009 4:35:02 AM) (----) (33db6e706fd3a2271033c5d29b3d6f76)
C:\Program Files\Internet Explorer\jsdebuggeride.dll (121344 bytes) (Microsoft Corporation) (8/3/2009 4:35:02 AM) (----) (3494af094cfb1d1b9a3c1ce255492b6c)
C:\Program Files\Internet Explorer\JSProfilerCore.dll (118272 bytes) (Microsoft Corporation) (8/3/2009 4:35:04 AM) (----) (d68cc4e775420716b6abc4d188d5d316)
C:\Program Files\Internet Explorer\jsprofilerui.dll (233984 bytes) (Microsoft Corporation) (8/3/2009 4:35:12 AM) (----) (0f6a0675181d3ae76755986f3bf9e598)
C:\Program Files\Internet Explorer\pdm.dll (355832 bytes) (Microsoft Corporation) (7/1/2009 6:20:18 PM) (----) (3ca2dfd1ee857cde7dccf4235f52d142)
C:\Program Files\Internet Explorer\sqmapi.dll (134144 bytes) (Microsoft Corporation) (7/1/2009 6:20:54 PM) (----) (5eb87ba0b93ca7e894fc8002e3ce4c2a)
C:\Program Files\Internet Explorer\xpshims.dll (12288 bytes) (Microsoft Corporation) (8/3/2009 4:33:18 AM) (----) (065b2f67ebf71130e9126b161f3740dc)

  • Files created/modified 15 days ago


C:\WINDOWS\system32\drivers\Syslib1.sys (497664 bytes) (Bk@v Corporation) (20/2/2014 3:09:58 PM) (--A-) (513c892877920bd1ff8b28542af50f45) (Modified)
C:\WINDOWS\system32\drivers\Syslib4.sys (1101824 bytes) (Bk@v Corporation) (25/2/2014 11:13:38 AM) (--A-) (571fc74a292b260419786986af84210b) (Modified)
C:\WINDOWS\system32\drivers\Syslib6.sys (1956864 bytes) (Bk@v Corporation) (15/2/2014 11:07:20 AM) (--A-) (3d3417cc6da3f8133007add3ca3c2d76) (Modified)
C:\Program Files\InstallShield Installation Information\{C3A9344A-8048-466D-9CD5-A40D1B94FEE0}\setup.exe (116688 bytes) (InstallShield Software Corporation) (14/2/2014 6:30:22 PM) (--A-) (dd11e8fed01ac201c24c7df5f786adf5) (Created)
C:\Program Files\InstallShield Installation Information\{C3A9344A-8048-466D-9CD5-A40D1B94FEE0}\_setup.dll (159744 bytes) (InstallShield Software Corporation) (14/2/2014 6:30:48 PM) (--A-) (1cc1f699908797a5eab9a1f47bad1fea) (Created)
C:\Program Files\Yahoo!\Common\unyt.exe (105407 bytes) (Yahoo! Inc.) (14/2/2014 6:02:42 PM) (--A-) (6531a8f4f2b89d19b65c1a117290c2c5) (Created)
C:\Program Files\Yahoo!\SoftwareUpdate\Uninst_AutoUpdater.exe (99770 bytes) (Yahoo! Inc.) (14/2/2014 6:02:50 PM) (--A-) (1356762e8b571738f2f19db5b7881787) (Created)
C:\Program Files\BkavPro\BkavScanDll1.dll (847872 bytes) (Bk@v Corporation) (20/2/2014 3:10:08 PM) (--A-) (d9338a24ecef6c9d09804aa957c02711) (Modified)
C:\Program Files\BkavPro\BkavScanDll4.dll (1310800 bytes) (Bk@v Corporation) (25/2/2014 11:13:42 AM) (--A-) (8d62ef686c0de5a26c3fb0bd8980290f) (Modified)
C:\Program Files\BkavPro\BkavScanDll6.dll (2748416 bytes) (Bk@v Corporation) (15/2/2014 11:07:34 AM) (--A-) (470e619dfabebeb268fb7d6573bf8342) (Modified)
C:\Program Files\BkavPro\BluPro.exe (108904 bytes) (Bk@v Corporation) (27/2/2014 9:25:52 AM) (--A-) (b2637610b47a4fbaf00482994272f687) (Modified)
C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe (118896 bytes) (Mozilla Foundation) (24/2/2014 9:42:28 PM) (--A-) (338037efa0e8e8699b2667d57b751574) (Modified)
C:\Program Files\Mozilla Maintenance Service\Uninstall.exe (106212 bytes) (Mozilla Corporation) (25/2/2014 6:44:36 AM) (--A-) (fc558f42ca98dab4465263fde812a5b2) (Modified)
C:\Program Files\Google\Chrome\Application\chrome.exe (933192 bytes) (Google Inc.) (20/2/2014 8:03:08 AM) (--A-) (9d6d673aa70485e7972990ec2465f11b) (Modified)
C:\Program Files\Google\Chrome\Application\33.0.1750.117\chrome_elf.dll (51016 bytes) (Unknown) (24/2/2014 7:03:09 AM) (--A-) (d47d822784a9e9bfd7ae8593e95309b7) (Created)
C:\Program Files\Google\Chrome\Application\33.0.1750.117\d3dcompiler_43.dll (2106216 bytes) (Microsoft Corporation) (24/2/2014 7:03:09 AM) (--A-) (1c9b45e87528b8bb8cfa884ea0099a85) (Created)
C:\Program Files\Google\Chrome\Application\33.0.1750.117\ffmpegsumo.dll (1647432 bytes) (Unknown) (24/2/2014 7:03:09 AM) (--A-) (b1cb3e710ab435fd8b899ed01ccdcafc) (Created)
C:\Program Files\Google\Chrome\Application\33.0.1750.117\libegl.dll (100168 bytes) (Unknown) (24/2/2014 7:03:10 AM) (--A-) (d1bb6035428f57f6e6efaff4b577598f) (Created)
C:\Program Files\Google\Chrome\Application\33.0.1750.117\libglesv2.dll (716616 bytes) (Unknown) (24/2/2014 7:03:10 AM) (--A-) (d3134eefd36fd24d183f6fcad2afc239) (Created)
C:\Program Files\Google\Chrome\Application\33.0.1750.117\libpeerconnection.dll (2285896 bytes) (Google Inc.) (24/2/2014 7:03:10 AM) (--A-) (b1bc9351af7a7f7c6bf9421da8b0a3b7) (Created)
C:\Program Files\Google\Chrome\Application\33.0.1750.117\metro_driver.dll (461640 bytes) (Google Inc.) (24/2/2014 7:03:10 AM) (--A-) (87bfc74299be801c41ef8d46fecb2356) (Created)
C:\Program Files\Google\Chrome\Application\33.0.1750.117\ppgooglenaclpluginchrome.dll (394568 bytes) (Unknown) (24/2/2014 7:03:10 AM) (--A-) (829877548b0f6876fb4d83e69040e50f) (Created)
C:\Program Files\Google\Chrome\Application\33.0.1750.117\widevinecdmadapter.dll (113992 bytes) (Unknown) (24/2/2014 7:03:10 AM) (--A-) (ed60f574670865f44873d3079d5497a8) (Created)
C:\Program Files\Google\Chrome\Application\33.0.1750.117\xinput1_3.dll (81768 bytes) (Microsoft Corporation) (24/2/2014 7:03:10 AM) (--A-) (77f595dee5ffacea72b135b1fce1312e) (Created)
C:\Program Files\Google\Chrome\Application\33.0.1750.117\delegate_execute.exe (1689416 bytes) (Google Inc.) (24/2/2014 7:03:10 AM) (--A-) (3c6bcc427f239937d9f5bb4bd8f79b38) (Created)
C:\Program Files\Google\Chrome\Application\33.0.1750.117\Installer\setup.exe (1150280 bytes) (Google Inc.) (24/2/2014 7:03:13 AM) (--A-) (5daeb8a2d5343eac07bb9732670f2a1e) (Created)
C:\Program Files\Google\Chrome\Application\33.0.1750.117\Installer\chrmstp.exe (1150280 bytes) (Google Inc.) (24/2/2014 7:03:13 AM) (--A-) (5daeb8a2d5343eac07bb9732670f2a1e) (Created)
C:\Program Files\Nacencomm\PKI Token\PKI Token Manager\uninst.exe (184642 bytes) (Nacencomm) (14/2/2014 4:12:14 PM) (--A-) (48d1069381f2983e5aa2d1b138b60d51) (Created)
C:\Program Files\GPLGS\gsdll32.dll (2768896 bytes) (Unknown) (14/2/2014 6:28:20 PM) (--A-) (140e9a22abd09f57f5ee0181ada1dabb) (Created)
C:\Program Files\GPLGS\gswin32c.exe (126976 bytes) (Unknown) (14/2/2014 6:28:20 PM) (--A-) (ae427b6cef5ba09ba3c72f8f3897a62e) (Created)
C:\Program Files\Acro Software\CutePDF Writer\CPWSave.exe (240240 bytes) (Acro Software Inc.) (14/2/2014 6:28:32 PM) (--A-) (e1214ed1a20765cb648342bd3c4189b5) (Created)
C:\Program Files\Acro Software\CutePDF Writer\uninscpw.exe (55920 bytes) (Unknown) (14/2/2014 6:28:32 PM) (--A-) (413fdfcc911e3df654e618e25f1f3073) (Created)
C:\Program Files\Java\jre6\bin\awt.dll (1208320 bytes) (Sun Microsystems, Inc.) (14/2/2014 6:42:23 PM) (--A-) (45431b613631b8018188b5ff7681d2d6) (Created)
C:\Program Files\Java\jre6\bin\axbridge.dll (118784 bytes) (Sun Microsystems, Inc.) (14/2/2014 6:42:23 PM) (--A-) (286b6dbd6b4ac859dcea57ba1d3763c4) (Created)
C:\Program Files\Java\jre6\bin\cmm.dll (192512 bytes) (Eastman Kodak Company) (14/2/2014 6:42:23 PM) (--A-) (361ada522a66774d7b7013686d335985) (Created)
C:\Program Files\Java\jre6\bin\dcpr.dll (143360 bytes) (Sun Microsystems, Inc.) (14/2/2014 6:42:23 PM) (--A-) (51f5543a923881555859a464ed42c789) (Created)
C:\Program Files\Java\jre6\bin\deploy.dll (77824 bytes) (Sun Microsystems, Inc.) (14/2/2014 6:42:23 PM) (--A-) (0c96b3dd657c6e30cb12dd3ffd965fa2) (Created)
C:\Program Files\Java\jre6\bin\deployJava1.dll (423656 bytes) (Sun Microsystems, Inc.) (14/2/2014 6:42:23 PM) (--A-) (0686cd90e881f84a2950951a305443e7) (Created)
C:\Program Files\Java\jre6\bin\dt_shmem.dll (16896 bytes) (Sun Microsystems, Inc.) (14/2/2014 6:42:23 PM) (--A-) (4916f636b33e1f98f0760e9eab813aaa) (Created)
C:\Program Files\Java\jre6\bin\dt_socket.dll (13312 bytes) (Sun Microsystems, Inc.) (14/2/2014 6:42:23 PM) (--A-) (994ecebecaf34db7cb1dd50d61b5ec88) (Created)
C:\Program Files\Java\jre6\bin\eula.dll (94208 bytes) (Sun Microsystems, Inc.) (14/2/2014 6:42:23 PM) (--A-) (e7cd8ddc03917a9979459b207cad01fc) (Created)
C:\Program Files\Java\jre6\bin\fontmanager.dll (339968 bytes) (Sun Microsystems, Inc.) (14/2/2014 6:42:23 PM) (--A-) (4fe2589f81258ab47549e1bc9f09808b) (Created)
C:\Program Files\Java\jre6\bin\hpi.dll (15872 bytes) (Sun Microsystems, Inc.) (14/2/2014 6:42:23 PM) (--A-) (be988a809aa97ce669b30f7684953107) (Created)
C:\Program Files\Java\jre6\bin\hprof.dll (139264 bytes) (Sun Microsystems, Inc.) (14/2/2014 6:42:23 PM) (--A-) (e51c27199d24f2b1dc2e57a61c907d0e) (Created)
C:\Program Files\Java\jre6\bin\instrument.dll (98304 bytes) (Sun Microsystems, Inc.) (14/2/2014 6:42:23 PM) (--A-) (b57f4a004f6d815ae18740458e665ebc) (Created)
C:\Program Files\Java\jre6\bin\ioser12.dll (12800 bytes) (Sun Microsystems, Inc.) (14/2/2014 6:42:23 PM) (--A-) (e0d9306cbacccd3a5a376441731b336b) (Created)
C:\Program Files\Java\jre6\bin\j2pcsc.dll (7680 bytes) (Sun Microsystems, Inc.) (14/2/2014 6:42:23 PM) (--A-) (12cb43f3701de348075f2a103af65e1a) (Created)
C:\Program Files\Java\jre6\bin\j2pkcs11.dll (41984 bytes) (Sun Microsystems, Inc.) (14/2/2014 6:42:23 PM) (--A-) (d2cc475f7ba07d20f93be4c02401767f) (Created)
C:\Program Files\Java\jre6\bin\jaas_nt.dll (10240 bytes) (Sun Microsystems, Inc.) (14/2/2014 6:42:23 PM) (--A-) (9d0988239ad43efced631fdaaaf9beae) (Created)
C:\Program Files\Java\jre6\bin\java-rmi.exe (33568 bytes) (Sun Microsystems, Inc.) (14/2/2014 6:42:23 PM) (--A-) (a6db44c29b7dd991449e55253becee1b) (Created)
C:\Program Files\Java\jre6\bin\java.dll (126976 bytes) (Sun Microsystems, Inc.) (14/2/2014 6:42:23 PM) (--A-) (033dbe7f938b8a96f130a2aec0ddfa90) (Created)
C:\Program Files\Java\jre6\bin\java.exe (145184 bytes) (Sun Microsystems, Inc.) (14/2/2014 6:42:23 PM) (--A-) (e4478df37c06221a5e3f4eae52f88f90) (Created)
C:\Program Files\Java\jre6\bin\javacpl.cpl (73728 bytes) (Sun Microsystems, Inc.) (14/2/2014 6:42:23 PM) (--A-) (b59867c38b1f3ffc1b9c5e03510e1b16) (Created)
C:\Program Files\Java\jre6\bin\javacpl.exe (59168 bytes) (Sun Microsystems, Inc.) (14/2/2014 6:42:23 PM) (--A-) (54b0fffd3a4e4e46658b6949ee604840) (Created)
C:\Program Files\Java\jre6\bin\javaw.exe (145184 bytes) (Sun Microsystems, Inc.) (14/2/2014 6:42:23 PM) (--A-) (359b080f9226d078847e363c7aeda903) (Created)
C:\Program Files\Java\jre6\bin\javaws.exe (153376 bytes) (Sun Microsystems, Inc.) (14/2/2014 6:42:23 PM) (--A-) (06cce24882d9577d3795432e1b22fe4a) (Created)
C:\Program Files\Java\jre6\bin\java_crw_demo.dll (14336 bytes) (Sun Microsystems, Inc.) (14/2/2014 6:42:23 PM) (--A-) (c8901d46f7630c44c9334e2c165cdf0b) (Created)
C:\Program Files\Java\jre6\bin\jawt.dll (5120 bytes) (Sun Microsystems, Inc.) (14/2/2014 6:42:23 PM) (--A-) (1bda2cf47113e8f17e77ee56c5acf9da) (Created)
C:\Program Files\Java\jre6\bin\jbroker.exe (79648 bytes) (Sun Microsystems, Inc.) (14/2/2014 6:42:23 PM) (--A-) (da722e0c890fb8c13cc0354ac0029ee7) (Created)
C:\Program Files\Java\jre6\bin\JdbcOdbc.dll (36352 bytes) (Sun Microsystems, Inc.) (14/2/2014 6:42:23 PM) (--A-) (43ba9e01bea4fc6878c59f85ef67fc10) (Created)
C:\Program Files\Java\jre6\bin\jdwp.dll (167936 bytes) (Sun Microsystems, Inc.) (14/2/2014 6:42:23 PM) (--A-) (fbe5ba8f14746d35ae9b0e6c04436be2) (Created)
C:\Program Files\Java\jre6\bin\jkernel.dll (217088 bytes) (Sun Microsystems, Inc.) (14/2/2014 6:42:23 PM) (--A-) (f0da2e32b2cfd7c212b385374dae6c74) (Created)
C:\Program Files\Java\jre6\bin\jli.dll (77824 bytes) (Sun Microsystems, Inc.) (14/2/2014 6:42:23 PM) (--A-) (f9ed085a3b94946aecb2ab79903ec590) (Created)
C:\Program Files\Java\jre6\bin\jp2iexp.dll (108320 bytes) (Unknown) (14/2/2014 6:42:23 PM) (--A-) (25f044baa126064eb0284fb6c115bab9) (Created)
C:\Program Files\Java\jre6\bin\jp2launcher.exe (23328 bytes) (Sun Microsystems, Inc.) (14/2/2014 6:42:23 PM) (--A-) (fa6764eb0a59b961b34119a5dd47a56c) (Created)
C:\Program Files\Java\jre6\bin\jp2native.dll (8192 bytes) (Unknown) (14/2/2014 6:42:23 PM) (--A-) (56b768c0146433eda2ba855c14a35612) (Created)
C:\Program Files\Java\jre6\bin\jp2ssv.dll (41760 bytes) (Sun Microsystems, Inc.) (14/2/2014 6:42:23 PM) (--A-) (6d5adb1c823bfe21f9431d0995c7b185) (Created)
C:\Program Files\Java\jre6\bin\jpeg.dll (147456 bytes) (Sun Microsystems, Inc.) (14/2/2014 6:42:23 PM) (--A-) (53d40b19dfe745a3c5af4799f2daefee) (Created)
C:\Program Files\Java\jre6\bin\jpicom.dll (98304 bytes) (Sun Microsystems, Inc.) (14/2/2014 6:42:23 PM) (--A-) (b180c85bd50468d610b3e22cecdced1b) (Created)
C:\Program Files\Java\jre6\bin\jpiexp.dll (114688 bytes) (Sun Microsystems, Inc.) (14/2/2014 6:42:23 PM) (--A-) (649402035cb58b38fe850ab7a0d25d91) (Created)
C:\Program Files\Java\jre6\bin\jpinscp.dll (98304 bytes) (Sun Microsystems, Inc.) (14/2/2014 6:42:23 PM) (--A-) (cb99add86a842c6317361910bdb5f64a) (Created)
C:\Program Files\Java\jre6\bin\jpioji.dll (65536 bytes) (Sun Microsystems, Inc.) (14/2/2014 6:42:23 PM) (--A-) (c0e3ebb640f79e9faec219112de7b5c0) (Created)
C:\Program Files\Java\jre6\bin\jpishare.dll (126976 bytes) (Sun Microsystems, Inc.) (14/2/2014 6:42:23 PM) (--A-) (3e4b8965e5b32a1a9d2a460a2030b959) (Created)
C:\Program Files\Java\jre6\bin\jqs.exe (153376 bytes) (Sun Microsystems, Inc.) (14/2/2014 6:42:23 PM) (--A-) (126a16f569122ae00ad3d12ef831d651) (Created)
C:\Program Files\Java\jre6\bin\jqsnotify.exe (55072 bytes) (Sun Microsystems, Inc.) (14/2/2014 6:42:23 PM) (--A-) (b557c21523952999836324b749a2866f) (Created)
C:\Program Files\Java\jre6\bin\jsound.dll (147456 bytes) (Sun Microsystems, Inc.) (14/2/2014 6:42:23 PM) (--A-) (f432138e8d9d6507743312c93f9deb99) (Created)
C:\Program Files\Java\jre6\bin\jsoundds.dll (18432 bytes) (Sun Microsystems, Inc.) (14/2/2014 6:42:23 PM) (--A-) (47c606b05f0baf6300c07682bd999619) (Created)
C:\Program Files\Java\jre6\bin\keytool.exe (33568 bytes) (Sun Microsystems, Inc.) (14/2/2014 6:42:23 PM) (--A-) (8ee42eff0d8c31527e374ec7f4219781) (Created)
C:\Program Files\Java\jre6\bin\kinit.exe (33568 bytes) (Sun Microsystems, Inc.) (14/2/2014 6:42:23 PM) (--A-) (9e87e075486bc6f0877333c23c271cfd) (Created)
C:\Program Files\Java\jre6\bin\klist.exe (33568 bytes) (Sun Microsystems, Inc.) (14/2/2014 6:42:23 PM) (--A-) (1d73c92d5a8bede0ba46ff6025eba60a) (Created)
C:\Program Files\Java\jre6\bin\ktab.exe (33568 bytes) (Sun Microsystems, Inc.) (14/2/2014 6:42:23 PM) (--A-) (bdcc98e8136ecb3ea441e2a663a66a41) (Created)
C:\Program Files\Java\jre6\bin\management.dll (18432 bytes) (Sun Microsystems, Inc.) (14/2/2014 6:42:23 PM) (--A-) (f981c70653e871336e683cb5f7f5d6a4) (Created)
C:\Program Files\Java\jre6\bin\mlib_image.dll (602112 bytes) (Sun Microsystems, Inc.) (14/2/2014 6:42:23 PM) (--A-) (cc2a2a28c901f7ed0566388aa95df0f2) (Created)
C:\Program Files\Java\jre6\bin\msvcr71.dll (348160 bytes) (Microsoft Corporation) (14/2/2014 6:42:23 PM) (--A-) (86f1895ae8c5e8b17d99ece768a70732) (Created)
C:\Program Files\Java\jre6\bin\msvcrt.dll (266293 bytes) (Microsoft Corporation) (14/2/2014 6:42:23 PM) (--A-) (63da4613383ec70e047b4cd5c48f0b05) (Created)
C:\Program Files\Java\jre6\bin\net.dll (77824 bytes) (Sun Microsystems, Inc.) (14/2/2014 6:42:23 PM) (--A-) (364aadeab4e1aa7362f0fd43e2c39212) (Created)
C:\Program Files\Java\jre6\bin\nio.dll (20480 bytes) (Sun Microsystems, Inc.) (14/2/2014 6:42:23 PM) (--A-) (5a50a8f9e3164fb0afc102e03feb4fa9) (Created)
C:\Program Files\Java\jre6\bin\npdeployJava1.dll (423656 bytes) (Sun Microsystems, Inc.) (14/2/2014 6:42:23 PM) (--A-) (26a69db65300b7d98bca9678bbb0c87e) (Created)
C:\Program Files\Java\jre6\bin\npjpi160_21.dll (141088 bytes) (Sun Microsystems, Inc.) (14/2/2014 6:42:23 PM) (--A-) (0b3ac6c55a8f57ffeb18a9fc35a5e9cf) (Created)
C:\Program Files\Java\jre6\bin\npoji610.dll (131072 bytes) (Sun Microsystems, Inc.) (14/2/2014 6:42:23 PM) (--A-) (31ebc054a81e48e01e46073cf3cf4424) (Created)
C:\Program Files\Java\jre6\bin\npt.dll (8192 bytes) (Sun Microsystems, Inc.) (14/2/2014 6:42:23 PM) (--A-) (8aa85313b1cac15741d8acd5bb1ffd31) (Created)
C:\Program Files\Java\jre6\bin\orbd.exe (33568 bytes) (Sun Microsystems, Inc.) (14/2/2014 6:42:23 PM) (--A-) (67097365a4c2bce8ca2028e0acc2d225) (Created)
C:\Program Files\Java\jre6\bin\pack200.exe (33568 bytes) (Sun Microsystems, Inc.) (14/2/2014 6:42:23 PM) (--A-) (21f05f56fbc3b27988ff84c0fe59578a) (Created)
C:\Program Files\Java\jre6\bin\policytool.exe (33568 bytes) (Sun Microsystems, Inc.) (14/2/2014 6:42:23 PM) (--A-) (d2de0ba4a54d63160dc6dde24af42d3c) (Created)
C:\Program Files\Java\jre6\bin\rmi.dll (5120 bytes) (Sun Microsystems, Inc.) (14/2/2014 6:42:23 PM) (--A-) (cd51947dc05e5f2d6bc408ef8ef11dcd) (Created)
C:\Program Files\Java\jre6\bin\rmid.exe (33568 bytes) (Sun Microsystems, Inc.) (14/2/2014 6:42:23 PM) (--A-) (8b9893b776dc3dd38d2f7f5ed0d01360) (Created)
C:\Program Files\Java\jre6\bin\rmiregistry.exe (33568 bytes) (Sun Microsystems, Inc.) (14/2/2014 6:42:23 PM) (--A-) (46e0124786275fd2fb7995b3ff12c89f) (Created)
C:\Program Files\Java\jre6\bin\servertool.exe (33568 bytes) (Sun Microsystems, Inc.) (14/2/2014 6:42:23 PM) (--A-) (bd121d7149d2d0db2c2c6b927692bb02) (Created)
C:\Program Files\Java\jre6\bin\splashscreen.dll (131072 bytes) (Sun Microsystems, Inc.) (14/2/2014 6:42:23 PM) (--A-) (0c00c2be8d55ad4eb877d07395c6aff7) (Created)
C:\Program Files\Java\jre6\bin\ssv.dll (325408 bytes) (Sun Microsystems, Inc.) (14/2/2014 6:42:23 PM) (--A-) (9712129d4827bd7e0e39d32f80ed4fa4) (Created)
C:\Program Files\Java\jre6\bin\ssvagent.exe (30496 bytes) (Sun Microsystems, Inc.) (14/2/2014 6:42:23 PM) (--A-) (5821c5d74e5f63b842f777804fe1859a) (Created)
C:\Program Files\Java\jre6\bin\sunmscapi.dll (16384 bytes) (Sun Microsystems, Inc.) (14/2/2014 6:42:23 PM) (--A-) (4f2e8459ea448d560f8457aec15725e9) (Created)
C:\Program Files\Java\jre6\bin\tnameserv.exe (33568 bytes) (Sun Microsystems, Inc.) (14/2/2014 6:42:23 PM) (--A-) (ca43978023d1fef6e2391eb2a08147da) (Created)
C:\Program Files\Java\jre6\bin\unicows.dll (245400 bytes) (Microsoft Corporation) (14/2/2014 6:42:23 PM) (--A-) (2d2f84761a9fde81898ed505b227e7e3) (Created)
C:\Program Files\Java\jre6\bin\unpack.dll (61440 bytes) (Sun Microsystems, Inc.) (14/2/2014 6:42:23 PM) (--A-) (36613f0a113871206364455a845100ee) (Created)
C:\Program Files\Java\jre6\bin\unpack200.exe (132896 bytes) (Sun Microsystems, Inc.) (14/2/2014 6:42:23 PM) (--A-) (85b687233f53006ccb62802af4077743) (Created)
C:\Program Files\Java\jre6\bin\verify.dll (31744 bytes) (Sun Microsystems, Inc.) (14/2/2014 6:42:23 PM) (--A-) (356420645bf81cd9eeb0f3dab215db92) (Created)
C:\Program Files\Java\jre6\bin\w2k_lsa_auth.dll (10240 bytes) (Oracle) (14/2/2014 6:42:23 PM) (--A-) (e00b31ea0d6c50bf084241602480decb) (Created)
C:\Program Files\Java\jre6\bin\wsdetect.dll (108320 bytes) (Sun Microsystems, Inc.) (14/2/2014 6:42:23 PM) (--A-) (7a7149e5bfe01463f1385d6e43d93593) (Created)
C:\Program Files\Java\jre6\bin\zip.dll (46592 bytes) (Sun Microsystems, Inc.) (14/2/2014 6:42:23 PM) (--A-) (57f1c20af66160b892166f6826c7caf8) (Created)
C:\Program Files\Java\jre6\bin\client\jvm.dll (2699264 bytes) (Sun Microsystems, Inc.) (14/2/2014 6:42:23 PM) (--A-) (34812a4786e9898c29dcd11e71e6cd2a) (Created)
C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (69632 bytes) (Sun Microsystems, Inc.) (14/2/2014 6:42:23 PM) (--A-) (2d5394ff0e31ffefb5049f0911e91d89) (Created)
C:\Program Files\Java\jre6\bin\new_plugin\msvcr71.dll (348160 bytes) (Microsoft Corporation) (14/2/2014 6:42:27 PM) (--A-) (86f1895ae8c5e8b17d99ece768a70732) (Created)
C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll (423656 bytes) (Sun Microsystems, Inc.) (14/2/2014 6:42:33 PM) (--A-) (26a69db65300b7d98bca9678bbb0c87e) (Created)
C:\Program Files\Java\jre6\lib\deploy\lzma.dll (152576 bytes) (Unknown) (14/2/2014 6:42:23 PM) (--A-) (435bd8e6b81f7417d4426daff5bd1b06) (Created)
C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (79648 bytes) (Sun Microsystems, Inc.) (14/2/2014 6:42:23 PM) (--A-) (59ea2357c22eeae4677a19c38c2702d0) (Created)
C:\Program Files\Mozilla Firefox\D3DCompiler_43.dll (2106216 bytes) (Microsoft Corporation) (24/2/2014 9:42:15 PM) (--A-) (1c9b45e87528b8bb8cfa884ea0099a85) (Created)
C:\Program Files\Mozilla Firefox\msvcp100.dll (421200 bytes) (Microsoft Corporation) (24/2/2014 9:42:15 PM) (--A-) (03e9314004f504a14a61c3d364b62f66) (Created)
C:\Program Files\Mozilla Firefox\msvcr100.dll (770384 bytes) (Microsoft Corporation) (24/2/2014 9:42:15 PM) (--A-) (67ec459e42d3081dd8fd34356f7cafc1) (Created)
C:\Program Files\Mozilla Firefox\webapprt-stub.exe (93808 bytes) (Mozilla Foundation) (24/2/2014 9:42:16 PM) (--A-) (4b41fa7e1232ae62f0581c8be7a69800) (Created)
C:\Program Files\Mozilla Firefox\webapp-uninstaller.exe (170960 bytes) (Mozilla Corporation) (24/2/2014 9:42:16 PM) (--A-) (4459ccaac86ef8a2c2d6d14dacfeb2a4) (Created)
C:\Program Files\Mozilla Firefox\updater.exe (276592 bytes) (Mozilla Foundation) (24/2/2014 9:42:16 PM) (--A-) (6f7f7ca01c60db690b58261126e0c6e8) (Created)
C:\Program Files\Mozilla Firefox\softokn3.dll (152688 bytes) (Mozilla Foundation) (24/2/2014 9:42:16 PM) (--A-) (c6bcc1be95ae7258d013eea1c9159c8d) (Created)
C:\Program Files\Mozilla Firefox\plugin-hang-ui.exe (102000 bytes) (Mozilla Corporation) (24/2/2014 9:42:16 PM) (--A-) (4c8acdee7eafd718889044a995861e53) (Created)
C:\Program Files\Mozilla Firefox\plugin-container.exe (18544 bytes) (Mozilla Corporation) (24/2/2014 9:42:16 PM) (--A-) (ff409c974a9ad58b82374deef6b44cbb) (Created)
C:\Program Files\Mozilla Firefox\nssdbm3.dll (92784 bytes) (Mozilla Foundation) (24/2/2014 9:42:17 PM) (--A-) (193a0626ca65a5aedddd161560615d24) (Created)
C:\Program Files\Mozilla Firefox\nssckbi.dll (398960 bytes) (Mozilla Foundation) (24/2/2014 9:42:17 PM) (--A-) (463dadbe8f36ab3c8906d5be6012659d) (Created)
C:\Program Files\Mozilla Firefox\nss3.dll (1786480 bytes) (Mozilla Foundation) (24/2/2014 9:42:17 PM) (--A-) (f87eaf29c38913728e14ef9645eed92f) (Created)
C:\Program Files\Mozilla Firefox\mozglue.dll (142960 bytes) (Mozilla Foundation) (24/2/2014 9:42:17 PM) (--A-) (efcd571d096682970ef998dd7154ebc3) (Created)
C:\Program Files\Mozilla Firefox\mozalloc.dll (17008 bytes) (Mozilla Foundation) (24/2/2014 9:42:17 PM) (--A-) (80537057e6efdc1272f8af572daf0fbb) (Created)
C:\Program Files\Mozilla Firefox\maintenanceservice_installer.exe (194560 bytes) (Mozilla Corporation) (24/2/2014 9:42:17 PM) (--A-) (08a169386faff4d90aa921eb5ae5f9c6) (Created)
C:\Program Files\Mozilla Firefox\maintenanceservice.exe (118896 bytes) (Mozilla Foundation) (24/2/2014 9:42:17 PM) (--A-) (338037efa0e8e8699b2667d57b751574) (Created)
C:\Program Files\Mozilla Firefox\libGLESv2.dll (647280 bytes) (Mozilla Foundation) (24/2/2014 9:42:17 PM) (--A-) (a44bae7b2f84b1cdef0db05541bec0e3) (Created)
C:\Program Files\Mozilla Firefox\libEGL.dll (53360 bytes) (Mozilla Foundation) (24/2/2014 9:42:17 PM) (--A-) (1bf05a742fcc5ffbebe3ebcc8dcd7995) (Created)
C:\Program Files\Mozilla Firefox\freebl3.dll (307824 bytes) (Mozilla Foundation) (24/2/2014 9:42:17 PM) (--A-) (cad0b60df3e790fa7ddd205c117ba5c0) (Created)
C:\Program Files\Mozilla Firefox\firefox.exe (275568 bytes) (Mozilla Corporation) (24/2/2014 9:42:17 PM) (--A-) (d9184c5ff3fd526761d518a95aba74a3) (Created)
C:\Program Files\Mozilla Firefox\crashreporter.exe (117360 bytes) (Mozilla Foundation) (24/2/2014 9:42:17 PM) (--A-) (7f314b6ffb578a54beca14729f2416d0) (Created)
C:\Program Files\Mozilla Firefox\breakpadinjector.dll (75376 bytes) (Mozilla Foundation) (24/2/2014 9:42:17 PM) (--A-) (e85da321343c3d415a24e0b89dc94469) (Created)
C:\Program Files\Mozilla Firefox\AccessibleMarshal.dll (20080 bytes) (Mozilla Foundation) (24/2/2014 9:42:17 PM) (--A-) (848f648a7aeab95e82c7a58df84d0d55) (Created)
C:\Program Files\Mozilla Firefox\uninstall\helper.exe (872392 bytes) (Mozilla Corporation) (24/2/2014 9:42:15 PM) (--A-) (bada3354301e612177855e71c2072eba) (Created)
C:\Program Files\Mozilla Firefox\browser\components\browsercomps.dll (272496 bytes) (Mozilla Foundation) (24/2/2014 9:42:15 PM) (--A-) (c6097b864f628594ed3e53ba55fe0e0c) (Created)
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe (396288 bytes) (Trend Micro Inc.) (27/2/2014 4:07:50 PM) (--A-) (c4ca7416a6df6d95075f81d9e3b41ad1) (Created)
C:\Program Files\NoVirusThanks\Hijack Hunter\unins000.exe (707354 bytes) (Unknown) (27/2/2014 4:11:57 PM) (--A-) (eecf7fe501b410aa3733bb0b23ab678a) (Created)
C:\Program Files\NoVirusThanks\Hijack Hunter\HijackHunter.exe (628736 bytes) (NoVirusThanks Company Srl) (27/2/2014 4:11:57 PM) (--A-) (b6ffa83b91d78a0369fe0e15e4dba69c) (Created)
C:\Program Files\NoVirusThanks\Hijack Hunter\nhdrv.sys (4608 bytes) (NoVirusThanks Company Srl) (27/2/2014 4:11:57 PM) (--A-) (8f40312ac7b0f3d0246fe52105e4f1d7) (Created)
C:\DOCUME~1\INTEL\LOCALS~1\Temp\~e5d141.tmp (46080 bytes) (Macrovision Europe Ltd.) (26/2/2014 9:09:44 PM) (--A-) (a19804b45575151100c3de28ddeba2fe) (Created)
C:\DOCUME~1\INTEL\LOCALS~1\Temp\fullpackage_temp1393491848\QQBrowser.exe (131640 bytes) (Tencent Inc.) (20/2/2014 3:37:08 AM) (--A-) (2eee15b1927eadff45013e94b0cb0d94) (Created)
C:\DOCUME~1\INTEL\LOCALS~1\Temp\fullpackage_temp1393491848\QQBrowserFrame.dll (100864 bytes) (Skytech Co., Ltd.) (20/2/2014 3:37:08 AM) (--A-) (9e343ae10f8b2f8c75b957e065d004d4) (Created)
C:\DOCUME~1\INTEL\LOCALS~1\Temp\fullpackage_temp1393491848\UninstallManager.exe (1746944 bytes) (Unknown) (20/2/2014 3:37:08 AM) (--A-) (429f53abfbc1d36dae1d3137ec448183) (Created)
C:\DOCUME~1\INTEL\LOCALS~1\Temp\fullpackage_temp1393491848\tmp\wpm.exe (501904 bytes) (Cherished Technololgy LIMITED) (27/2/2014 12:18:02 AM) (--A-) (3fe10e8516db3f29817b03c5a446a3da) (Created)

  • Hidden files in suspicious folders
  • Suspicious Registry Keys
  • Suspicious folders
  • Drivers


C:\WINDOWS\system32\drivers\agrsm.sys (AgereSoftModem) (Agere Systems Soft Modem) (Agere Systems) (1cfeba39fc613e45b49d3eddfbcda289)
C:\WINDOWS\system32\drivers\athw.sys (AR5416) (Atheros AR5008 Wireless Network Adapter Service) (Atheros Communications, Inc.) (0297af4b89769159058b996c21218421)
C:\WINDOWS\\system32\drivers\bkavauto.sys (BkavAuto) (BkavAuto) (Unknown) (62141247395efbf8bcd031ef0d93c8c9)
C:\WINDOWS\system32\drivers\bkavcorelib.sys (BkavCoreLib) (BkavCoreLib) (Bk@v Corporation) (521f828d946270a9a742743084597dcb)
C:\WINDOWS\system32\drivers\bkavsd.sys (BkavSD) (BkavSD) (Bk@v Corporation) (1348e3f2339b84b410b89fe5a5e8edf3)
C:\WINDOWS\\system32\drivers\bkavsr.sys (BkavSR) (BkavSR) (Bk@v Corporation) (c0ad26ecf09290d4495536da8d40a2a2)
c:\windows\system32\drivers\cdac15ba.sys (CdaC15BA) (CdaC15BA) (Macrovision Europe Ltd) (f76cb7259aa575cc53f3996bc6b68c18)
C:\WINDOWS\system32\drivers\hdaudbus.sys (HDAudBus) (Microsoft UAA Bus Driver for High Definition Audio) (Windows (R) Server 2003 DDK provider) (3fcc124b6e08ee0e9351f717dd136939)
C:\WINDOWS\system32\drivers\igxpmp32.sys (ialm) (ialm) (Intel Corporation) (c56fc0970b453e68eba1c78ae36185a8)
C:\WINDOWS\system32\drivers\rtkhdaud.sys (IntcAzAudAddService) (Service for Realtek HD Audio (WDM)) (Realtek Semiconductor Corp.) (c73a4a48fbb3d00c7dbc6fe4f5e3675f)
c:\program files\ultraiso\drivers\isodrive.sys (ISODrive) (ISO DVD/CD-ROM Device Driver) (EZB Systems, Inc.) (2f03ceb28307983f3b36216d35ffa5aa)
C:\WINDOWS\system32\drivers\kbfiltr.sys (kbfiltr) (Keyboard Filter) (Unknown) (cc2a86d7bbf14977340dca61bbcba771)
C:\WINDOWS\system32\drivers\atkacpi.sys (MTsensor) (ATK0100 ACPI UTILITY) (ATK0100) (97affa9d95ffe20eee6229bc6be166cf)
C:\WINDOWS\system32\drivers\pxhelp20.sys (PxHelp20) (PxHelp20) (Sonic Solutions) (d86b4a68565e444d76457f14172c875a)
C:\WINDOWS\system32\drivers\rimserial.sys (RimVSerPort) (RIM Virtual Serial Port v2) (Research in Motion Ltd) (d9b34325ee5df78b8f28a3de9f577c7d)
C:\WINDOWS\system32\drivers\rkdtyrbt.sys (RkDtyrBt) (RkDtyrBt) (BK@V) (50972d1eb8d9c213d636a76d3c716665)
C:\WINDOWS\system32\drivers\rspndr.sys (rspndr) (Link-Layer Topology Discovery Responder) (Microsoft Corporation) (0e11b35e972796042044bc27ce13b065)
C:\WINDOWS\system32\drivers\rtenicxp.sys (RTLE8023xp) (Realtek 10/100/1000 PCI-E NIC Family NDIS XP Driver) (Realtek Semiconductor Corporation) (89619ef503f949fae09252a8b883ee11)
C:\WINDOWS\system32\drivers\secdrv.sys (Secdrv) (Secdrv) (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) (07f7f501ad50de2ba2d5842d9b6d6155)
C:\WINDOWS\system32\drivers\snp2uvc.sys (SNP2UVC) (USB2.0 PC Camera (SNP2UVC)) (Unknown) (85da7b2a2f248c8c69d7d0a526342683)
C:\WINDOWS\system32\drivers\syslib.sys (SysLib) (SysLib) (Unknown) (d3674c2181adeac250338bf50457a348)
C:\WINDOWS\system32\drivers\syslib0.sys (SysLib0) (SysLib0) (Bk@v Corporation) (e513bdbb68155bc72c60613cd106122b)
C:\WINDOWS\system32\drivers\syslib1.sys (SysLib1) (SysLib1) (Bk@v Corporation) (513c892877920bd1ff8b28542af50f45)
C:\WINDOWS\system32\drivers\syslib2.sys (SysLib2) (SysLib2) (Bk@v Corporation) (02eba2aae3ee58d3ba1e851373a370c5)
C:\WINDOWS\system32\drivers\syslib3.sys (SysLib3) (SysLib3) (Bk@v Corporation) (5c63a75bc5a4bc39c9a99c14bd92035d)
C:\WINDOWS\system32\drivers\syslib4.sys (SysLib4) (SysLib4) (Bk@v Corporation) (571fc74a292b260419786986af84210b)
C:\WINDOWS\system32\drivers\syslib5.sys (SysLib5) (SysLib5) (Bk@v Corporation) (ab5bd73b9a3f0c995e30ff7046e88a25)
C:\WINDOWS\system32\drivers\syslib6.sys (SysLib6) (SysLib6) (Bk@v Corporation) (3d3417cc6da3f8133007add3ca3c2d76)
C:\WINDOWS\system32\drivers\syslib7.sys (SysLib7) (SysLib7) (Bk@v Corporation) (b25de6b6feabb7c3586235b6f97a09df)
C:\WINDOWS\system32\drivers\wsimd.sys (WSIMD) (wsimd Service) (Atheros Communications, Inc.) (21ac4f228f3d36876a42277c76a766c0)
C:\WINDOWS\system32\drivers\wudfpf.sys (WudfPf) (Windows Driver Foundation - User-mode Driver Framework Platform Driver) (Microsoft Corporation) (f15feafffbb3644ccc80c5da584e6311)

  • Drivers -> FSFilter Anti-Virus
  • Services


c:\windows\system32\acs.exe (ACS) (Atheros Configuration Service) (Atheros) (3b8b1bdf87166fd146644e88df67442b)
c:\program files\asus\asus data security manager\adsmsrv.exe (ADSMService) (ADSM Service) (Unknown) (609a6f49b6af0f25837f8a0edddb0745)
c:\windows\system32\agrsmsvc.exe (AgereModemAudio) (Agere Modem Call Progress Audio) (Agere Systems) (efbc44fbd75e4f80bd927aebf6e7eade)
c:\windows\system32\ati2evxx.exe (Ati HotKey Poller) (Ati HotKey Poller) (ATI Technologies Inc.) (e4f45e3b56003b41e7c7863f79f4c108)
c:\windows\system32\bkavservice.exe (BkavService) (BkavService) (Bk@v Corporation) (a8aa6cb54ef95f2dadf337b5df8def2c)
c:\program files\bkavpro\system\bkavsystemservice.exe (BkavSystemService) (BkavSystemService) (Bk@v Corporation) (f2022088075482f8e25bf339188c482d)
c:\windows\system32\bluproservice.exe (BluProService) (BluProService) (Bk@v Corporation) (2ca0c641331e2fcfe5c67d710e984a31)
c:\windows\system32\drivers\cdac11ba.exe (C-DillaCdaC11BA) (C-DillaCdaC11BA) (Macrovision) (9bdbda21d3ba8e374fd06a405be10215)
c:\documents and settings\all users\application data\datacardservice\hwdeviceservice.exe (HWDeviceService.exe) (HWDeviceService.exe) (Unknown) (e956c0614367d4106a4411f151d494a5)
c:\program files\java\jre6\bin\jqs.exe (JavaQuickStarterService) (Java Quick Starter) (Sun Microsystems, Inc.) (126a16f569122ae00ad3d12ef831d651)
c:\program files\common files\microsoft shared\vs7debug\mdm.exe (MDM) (Machine Debug Manager) (Microsoft Corporation) (11f714f85530a2bd134074dc30e99fca)
c:\program files\cyberlink\shared files\richvideo.exe (RichVideo) (Cyberlink RichVideo Service(CRVS)) (Unknown) (bd517c7fb119997effbe39d5e4b37b05)
c:\program files\teamviewer\version8\teamviewer_service.exe (TeamViewer8) (TeamViewer 8) (TeamViewer GmbH) (d723929aa980cead6b9c4433faf3fd74)
c:\program files\yahoo!\softwareupdate\yahooauservice.exe (YahooAUService) (Yahoo! Updater) (Yahoo! Inc.) (dd0042f0c3b606a6a8b92d49afb18ad6)
c:\documents and settings\all users\application data\wpm\wprotectmanager.exe (Wpm) (Wpm Service) (Cherished Technololgy LIMITED) (3fe10e8516db3f29817b03c5a446a3da)

  • ServiceDll
  • Unknown files in Winsock LSP
  • Unknown files in CLSID


C:\WINDOWS\system32\CWANAL~1.OCX (1056768 bytes) (National Instruments) (12/11/2013 1:47:12 PM) (--A-) (03363f7c4bd42f2538d99d37b2f2e214)
C:\WINDOWS\system32\cwas.ocx (1381880 bytes) (National Instruments) (12/11/2013 1:47:12 PM) (--A-) (77b52864e1f34cd0d12239554c3ef6b6)
C:\WINDOWS\system32\NTGraph.ocx (376832 bytes) (Nikolai Teofilov) (12/11/2013 1:47:12 PM) (--A-) (dd5099fb3b9c6c478f2632bc97288eaf)
C:\WINDOWS\system32\ImagXpr7.dll (476320 bytes) (Pegasus Imaging Corp.) (26/7/2004 4:16:10 PM) (--A-) (8f03fd1c3bd8f6b575e6cf5e0e89ff13)
C:\WINDOWS\system32\cwui.ocx (2366016 bytes) (National Instruments) (12/11/2013 1:47:12 PM) (--A-) (1b453235aa6d59c7299648968037bb6c)
C:\WINDOWS\system32\igfxsrvc.exe (256536 bytes) (Intel Corporation) (20/1/2009 1:59:20 PM) (--AR) (2c02f78f9cfd93fde3b4273b2ecfb162)
C:\WINDOWS\system32\IPTests.dll (262216 bytes) (Unknown) (21/12/2008 12:10:58 PM) (--A-) (c17b7c8002db094289bcd0fd128c8e9c)
C:\WINDOWS\system32\hypertrm.dll (347136 bytes) (Hilgraeve, Inc.) (16/11/2008 8:33:32 PM) (--A-) (ac2836f7991e1cf35ee291abfd6c8ae8)
C:\WINDOWS\system32\ir50_32.dll (755200 bytes) (Intel Corporation) (3/8/2004 10:56:44 PM) (--A-) (603cc77b5e5f7977de2abfba50cd6854)
C:\WINDOWS\system32\VSFLEX3.OCX (225280 bytes) (VideoSoft) (5/1/1999 5:30:02 PM) (--A-) (c758ebc719c0d07b1b0e251c77f11bfd)
C:\WINDOWS\system32\AcSignExt.dll (177768 bytes) (Autodesk) (4/3/2006 12:55:56 PM) (--A-) (1c6ce3cabed2647dd8eb9dff70880250)
C:\WINDOWS\system32\IGFXEXPS.DLL (24576 bytes) (Intel Corporation) (20/1/2009 1:59:21 PM) (--AR) (092cae63d9c87077bb7a869161e554e2)
C:\WINDOWS\Downloaded Program Files\isusweb.dll (475816 bytes) (Macrovision Corporation) (30/8/2007 10:50:50 AM) (--A-) (d95bc25b9638c14e46b3fc5672892794)
C:\WINDOWS\system32\ir41_32.ax (848384 bytes) (Intel Corporation) (3/8/2004 10:56:58 PM) (--A-) (b106530542c5920edb040a288bd300ab)
C:\WINDOWS\system32\ZingPlay\WEBACT~1.OCX (239072 bytes) (Vinagame JSC) (17/1/2011 1:26:28 PM) (--A-) (43cda17d23cbd0383307fb5adc8bba7f)
C:\WINDOWS\system32\cw3dgrph.ocx (1989328 bytes) (National Instruments) (12/11/2013 1:47:12 PM) (--A-) (111be8828c74ad7707034056681a7aeb)
C:\WINDOWS\system32\acelpdec.ax (61952 bytes) (Sipro Lab Telecom Inc.) (23/8/2001 11:00:00 AM) (--A-) (d0a33c77354a6f12ccd8034e4429a30d)
C:\WINDOWS\system32\igfxdo.dll (135168 bytes) (Intel Corporation) (20/1/2009 1:59:20 PM) (--AR) (c0452cb9992c90f4870044cb39fdd1e8)
C:\WINDOWS\system32\l3codeca.acm (290816 bytes) (Fraunhofer Institut Integrierte Schaltungen IIS) (3/8/2004 10:56:12 PM) (--A-) (3a4c25b718268d8c18757312fca936a7)
C:\WINDOWS\DOWNLO~1\dwusplay.dll (29616 bytes) (InstallShield Software Corporation) (30/6/2006 12:00:06 PM) (--A-) (8ce7705cb43b03bb7970b04087c7758f)
C:\WINDOWS\system32\hticons.dll (44544 bytes) (Hilgraeve, Inc.) (16/11/2008 8:34:00 PM) (--A-) (f759a6e14403bc3d7a55ccad1b8f7b4a)
C:\WINDOWS\system32\igfxdev.dll (217088 bytes) (Intel Corporation) (20/1/2009 1:59:20 PM) (--AR) (2c37394d8c3a01702836eab7406cc4e2)
C:\WINDOWS\system32\RTCOM\RTCOMDLL.dll (266240 bytes) (Unknown) (17/11/2008 10:34:48 AM) (--A-) (bd47529c036933881b6d651d6a046e38)
C:\WINDOWS\system32\iac25_32.ax (199680 bytes) (Intel Corporation) (3/8/2004 10:56:58 PM) (--A-) (6580e3ec7593c0621a91387aab419524)
C:\WINDOWS\system32\atiexdxx.dll (73728 bytes) (ATI Technologies Inc.) (11/10/2005 10:56:14 AM) (--AR) (0d9c0f277cba472c7693d54c26b2713a)
C:\WINDOWS\system32\deployJava1.dll (423656 bytes) (Sun Microsystems, Inc.) (14/2/2014 6:42:33 PM) (--A-) (0686cd90e881f84a2950951a305443e7)
C:\WINDOWS\system32\RTCOM\RTLCPAPI.dll (131072 bytes) (Unknown) (17/11/2008 10:34:49 AM) (--A-) (05229a9335934a9414c9ee1696b11f2c)

  • TCP Connections


svchost.exe -> 0.0.0.0:3389 -> 0.0.0.0:39134 -> LISTENING
N/A -> 10.176.236.89:139 -> 0.0.0.0:36988 -> LISTENING
firefox.exe -> 10.176.236.89:1927 -> 206.190.37.188:80 -> FIN_WAIT_1
firefox.exe -> 10.176.236.89:1932 -> 206.190.37.188:80 -> FIN_WAIT_1
firefox.exe -> 10.176.236.89:1940 -> 206.190.37.188:80 -> FIN_WAIT_1
firefox.exe -> 10.176.236.89:1942 -> 208.71.44.31:80 -> FIN_WAIT_1
firefox.exe -> 10.176.236.89:2007 -> 23.32.248.72:80 -> FIN_WAIT_1
BkavUtil.exe -> 10.176.236.89:2070 -> 123.30.212.42:80 -> ESTABLISHED
N/A -> 10.176.236.89:2084 -> 68.142.253.31:443 -> TIME_WAIT
firefox.exe -> 10.176.236.89:2096 -> 96.7.101.231:80 -> FIN_WAIT_1
Auto_TQTK_GaCon.exe -> 10.176.236.89:2104 -> 123.30.168.166:80 -> FIN_WAIT_2
N/A -> 10.176.236.89:2107 -> 208.71.44.31:443 -> TIME_WAIT
firefox.exe -> 10.176.236.89:2185 -> 23.32.248.72:80 -> ESTABLISHED
Auto_TQTK_GaCon.exe -> 10.176.236.89:2267 -> 123.30.168.166:80 -> ESTABLISHED
N/A -> 10.176.236.89:2273 -> 58.26.185.32:80 -> TIME_WAIT
N/A -> 10.176.236.89:2275 -> 74.201.85.20:80 -> TIME_WAIT
N/A -> 10.176.236.89:2277 -> 68.67.176.5:80 -> TIME_WAIT
N/A -> 10.176.236.89:2289 -> 123.30.172.135:80 -> TIME_WAIT
N/A -> 10.176.236.89:2290 -> 74.125.224.185:80 -> TIME_WAIT
N/A -> 10.176.236.89:2291 -> 74.125.239.25:80 -> TIME_WAIT
N/A -> 10.176.236.89:2293 -> 199.115.117.17:80 -> TIME_WAIT
N/A -> 10.176.236.89:2294 -> 199.115.117.17:80 -> TIME_WAIT
N/A -> 10.176.236.89:2297 -> 174.129.226.45:80 -> TIME_WAIT
N/A -> 10.176.236.89:2298 -> 199.115.117.17:80 -> TIME_WAIT
N/A -> 10.176.236.89:2299 -> 199.115.117.17:80 -> TIME_WAIT
N/A -> 10.176.236.89:2300 -> 174.129.226.45:80 -> TIME_WAIT
N/A -> 10.176.236.89:2301 -> 199.115.117.17:80 -> TIME_WAIT
N/A -> 10.176.236.89:2302 -> 199.115.117.17:80 -> TIME_WAIT
N/A -> 10.176.236.89:2303 -> 199.115.117.17:80 -> TIME_WAIT
N/A -> 10.176.236.89:2308 -> 174.129.226.45:80 -> TIME_WAIT
N/A -> 10.176.236.89:2309 -> 199.115.117.17:80 -> TIME_WAIT
N/A -> 10.176.236.89:2310 -> 199.115.117.17:80 -> TIME_WAIT
N/A -> 10.176.236.89:2312 -> 199.115.117.17:80 -> TIME_WAIT
N/A -> 10.176.236.89:2313 -> 199.115.117.17:80 -> TIME_WAIT
N/A -> 10.176.236.89:2317 -> 174.129.216.123:80 -> TIME_WAIT
firefox.exe -> 10.176.236.89:2322 -> 206.190.37.188:443 -> ESTABLISHED
firefox.exe -> 10.176.236.89:2324 -> 23.209.203.120:443 -> ESTABLISHED
firefox.exe -> 10.176.236.89:2325 -> 208.71.44.31:443 -> ESTABLISHED
firefox.exe -> 10.176.236.89:2326 -> 208.71.44.31:443 -> ESTABLISHED
N/A -> 10.176.236.89:2327 -> 208.71.44.31:443 -> TIME_WAIT
N/A -> 10.176.236.89:2328 -> 208.71.44.31:443 -> TIME_WAIT
N/A -> 10.176.236.89:2329 -> 208.71.44.31:443 -> TIME_WAIT
firefox.exe -> 10.176.236.89:2344 -> 118.214.83.181:443 -> ESTABLISHED
Auto_TQTK_GaCon.exe -> 10.176.236.89:2354 -> 123.30.168.166:80 -> ESTABLISHED
N/A -> 10.176.236.89:2357 -> 216.115.100.102:443 -> TIME_WAIT
N/A -> 10.176.236.89:2358 -> 216.115.100.102:443 -> TIME_WAIT
firefox.exe -> 10.176.236.89:2363 -> 216.39.55.12:443 -> ESTABLISHED
firefox.exe -> 10.176.236.89:2364 -> 216.39.55.12:443 -> ESTABLISHED
N/A -> 10.176.236.89:2367 -> 216.115.100.102:443 -> TIME_WAIT
N/A -> 10.176.236.89:2368 -> 216.115.100.102:443 -> TIME_WAIT
Auto_TQTK_GaCon.exe -> 10.176.236.89:2371 -> 128.30.52.37:80 -> ESTABLISHED
Auto_TQTK_GaCon.exe -> 10.176.236.89:2372 -> 128.30.52.37:80 -> ESTABLISHED
firefox.exe -> 10.176.236.89:2378 -> 123.30.172.135:80 -> ESTABLISHED
firefox.exe -> 10.176.236.89:2379 -> 123.30.172.135:80 -> ESTABLISHED
firefox.exe -> 10.176.236.89:2380 -> 123.30.172.135:80 -> ESTABLISHED
firefox.exe -> 10.176.236.89:2381 -> 123.30.172.135:80 -> ESTABLISHED
firefox.exe -> 10.176.236.89:2382 -> 123.30.172.135:80 -> ESTABLISHED
firefox.exe -> 10.176.236.89:2383 -> 123.30.172.135:80 -> ESTABLISHED
firefox.exe -> 10.176.236.89:2384 -> 74.125.224.185:80 -> SYN_SENT
firefox.exe -> 10.176.236.89:2385 -> 74.125.239.25:80 -> SYN_SENT
firefox.exe -> 127.0.0.1:4401 -> 127.0.0.1:4402 -> ESTABLISHED
firefox.exe -> 127.0.0.1:4402 -> 127.0.0.1:4401 -> ESTABLISHED
jqs.exe -> 127.0.0.1:5152 -> 0.0.0.0:35034 -> LISTENING
jqs.exe -> 127.0.0.1:5152 -> 127.0.0.1:4299 -> CLOSE_WAIT
TeamViewer_Service.exe -> 127.0.0.1:5939 -> 0.0.0.0:49305 -> LISTENING

  • UDP Connections


lsass.exe -> 0.0.0.0:500 -> *.*
svchost.exe -> 0.0.0.0:1032 -> *.*
svchost.exe -> 0.0.0.0:1091 -> *.*
svchost.exe -> 0.0.0.0:1109 -> *.*
svchost.exe -> 0.0.0.0:1146 -> *.*
svchost.exe -> 0.0.0.0:1147 -> *.*
svchost.exe -> 0.0.0.0:1148 -> *.*
svchost.exe -> 0.0.0.0:1149 -> *.*
lsass.exe -> 0.0.0.0:4500 -> *.*
svchost.exe -> 10.176.236.89:123 -> *.*
N/A -> 10.176.236.89:137 -> *.*
N/A -> 10.176.236.89:138 -> *.*
svchost.exe -> 10.176.236.89:1900 -> *.*
svchost.exe -> 127.0.0.1:123 -> *.*
acs.exe -> 127.0.0.1:1025 -> *.*
acs.exe -> 127.0.0.1:1026 -> *.*
Auto_TQTK_GaCon.exe -> 127.0.0.1:1034 -> *.*
svchost.exe -> 127.0.0.1:1900 -> *.*
NhacCuaTui.exe -> 127.0.0.1:4231 -> *.*
acs.exe -> 127.0.0.1:9877 -> *.*
acs.exe -> 127.0.0.1:9977 -> *.*

  • Hosts file
  • Ring3 API Hooks


C:\WINDOWS\Explorer.EXE -> ADVAPI32.DLL->RegSetValueW -> BkavFirewallEngine.dll -> IAT
C:\WINDOWS\Explorer.EXE -> ADVAPI32.DLL->RegSetValueExW -> BkavFirewallEngine.dll -> IAT
C:\WINDOWS\Explorer.EXE -> ADVAPI32.DLL->RegDeleteValueW -> BkavFirewallEngine.dll -> IAT
C:\WINDOWS\Explorer.EXE -> KERNEL32.DLL->LoadLibraryExA -> BkavFirewallEngine.dll -> IAT
C:\WINDOWS\Explorer.EXE -> KERNEL32.DLL->LoadLibraryExW -> BkavFirewallEngine.dll -> IAT
C:\WINDOWS\Explorer.EXE -> KERNEL32.DLL->LoadLibraryA -> BkavFirewallEngine.dll -> IAT
C:\WINDOWS\Explorer.EXE -> KERNEL32.DLL->CreateProcessW -> BkavFirewallEngine.dll -> IAT
C:\WINDOWS\Explorer.EXE -> KERNEL32.DLL->CreateFileW -> BkavFirewallEngine.dll -> IAT
C:\WINDOWS\Explorer.EXE -> KERNEL32.DLL->LoadLibraryW -> BkavFirewallEngine.dll -> IAT
C:\WINDOWS\Explorer.EXE -> KERNEL32.DLL->GetProcAddress -> BkavFirewallEngine.dll -> IAT
C:\WINDOWS\Explorer.EXE -> USER32.DLL->SendMessageW -> BkavFirewallEngine.dll -> IAT
C:\WINDOWS\Explorer.EXE -> USER32.DLL->PostMessageW -> BkavFirewallEngine.dll -> IAT

  • Kernel Mode Info
[SSDT] NtAllocateVirtualMemory -> 0xA7C8C2B0 -> 0x805A791A -> BkavSD.sys
[SSDT] NtClose -> 0xA7C90770 -> 0x805BB2F0 -> BkavSD.sys
[SSDT] NtCreateFile -> 0xA7C908C0 -> 0x80577F8E -> BkavSD.sys
[SSDT] NtCreateKey -> 0xA7C90250 -> 0x8062252E -> BkavSD.sys
[SSDT] NtCreateThread -> 0xA7C8BE00 -> 0x805CFCBE -> BkavSD.sys
[SSDT] NtDebugActiveProcess -> 0xA7C8BD00 -> 0x806415B2 -> BkavSD.sys
[SSDT] NtDeleteKey -> 0xA7C900E0 -> 0x806229BE -> BkavSD.sys
[SSDT] NtDeleteValueKey -> 0xA7C90090 -> 0x80622B8E -> BkavSD.sys
[SSDT] NtDuplicateObject -> 0xA7C8BEA0 -> 0x805BCCCC -> BkavSD.sys
[SSDT] NtLoadDriver -> 0xA7C8BBF0 -> 0x80582FD6 -> BkavSD.sys
[SSDT] NtMapViewOfSection -> 0xA7C8BC20 -> 0x805B0E0A -> BkavSD.sys
[SSDT] NtOpenFile -> 0xA7C90850 -> 0x8057908C -> BkavSD.sys
[SSDT] NtProtectVirtualMemory -> 0xA7C8BCA0 -> 0x805B71DE -> BkavSD.sys
[SSDT] NtQueueApcThread -> 0xA7C8BBB0 -> 0x805CFF1C -> BkavSD.sys
[SSDT] NtRenameKey -> 0xA7C90040 -> 0x80621F54 -> BkavSD.sys
[SSDT] NtRequestWaitReplyPort -> 0xA7C904D0 -> 0x805A1BD6 -> BkavSD.sys
[SSDT] NtSetContextThread -> 0xA7C8C3A0 -> 0x805D03E0 -> BkavSD.sys
[SSDT] NtSetInformationFile -> 0xA7C90970 -> 0x80579F1A -> BkavSD.sys
[SSDT] NtSetValueKey -> 0xA7C902C0 -> 0x80620BEE -> BkavSD.sys
[SSDT] NtSuspendProcess -> 0xA7C8BF30 -> 0x805D36CA -> BkavSD.sys
[SSDT] NtSuspendThread -> 0xA7C8C4A0 -> 0x805D353C -> BkavSD.sys
[SSDT] NtTerminateProcess -> 0xA7C8C5F0 -> 0x805D162A -> BkavSD.sys
[SSDT] NtTerminateThread -> 0xA7C8C520 -> 0x805D1824 -> BkavSD.sys
[SSDT] NtWriteFile -> 0xA7C907B0 -> 0x8057BDFC -> BkavSD.sys
[SSDT] NtWriteVirtualMemory -> 0xA7C8C310 -> 0x805B3198 -> BkavSD.sys

---
Finish [ 0:16:1 ]


bolzano_1989

  • Administrator
  • Thank You
  • -Given: 542
  • -Receive: 840
  • Posts: 4634
  • Karma: +0/-0

Triệu chứng hay vấn đề bạn gặp trong máy tính của bạn là gì?
Bạn chụp hình hay miêu tả kỹ hơn giùm mình. Bạn có thể gửi log Autoruns đã có hướng dẫn trên diễn đàn để mình hỗ trợ bạn ;) .
I hear and I may forget, I see and I remember, I do and I understand...
CMC InfoSec hỗ trợ khách hàng 24/7 qua đường dây nóng: 1900 571 244
CMCiS Fan Club: http://goo.gl/pnIHl
Trợ giúp diệt virus gửi tin nhắn Yahoo: http://goo.gl/MWzFT
CMC InfoSec FB: http://goo.gl/WZlbg
Các hiện tượng đặc trưng biểu hiện máy tính bị lây nhiễm virus: http://goo.gl/XOnBi
Nếu bạn có các kĩ năng Reverse Code Engineering và muốn đóng góp cho forum thì gửi tin nhắn riêng cho mình nhé.

Diễn đàn chính