[code] OTScanIt logfile created on: 7.8.2008 21:43:28 OTScanIt by OldTimer - Version 1.0.16.2 Folder = C:\Documents and Settings\Saša Lekan\Desktop\OTScanIt Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 6.0.2900.2180) Locale: 00000424 | Country: Slovenia | Language: SLV | Date Format: d.M.yyyy 511,48 Mb Total Physical Memory | 170,50 Mb Available Physical Memory | 33,33% Memory free 1,22 Gb Paging File | 0,90 Gb Available in Paging File | 73,46% Paging File free Paging file location(s): C:\pagefile.sys 768 1536; %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 111,75 Gb Total Space | 77,29 Gb Free Space | 69,16% Space Free | Partition Type: NTFS Drive D: | 298,08 Gb Total Space | 125,24 Gb Free Space | 42,01% Space Free | Partition Type: NTFS E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: SASA Current User Name: Saša Lekan Logged in as Administrator. Current Boot Mode: Normal Scan Mode: All users [Processes - Non-Microsoft Only] aawservice.exe -> %ProgramFiles%\Lavasoft\Ad-Aware\aawservice.exe -> Lavasoft [Ver = 7,1,0,12 | Size = 611664 bytes | Modified Date = 14.6.2008 11:14:20 | Attr = ] pdvdserv.exe -> %ProgramFiles%\CyberLink\PowerDVD\PDVDServ.exe -> Cyberlink Corp. [Ver = 5.00.0910 | Size = 30208 bytes | Modified Date = 7.12.2005 23:57:00 | Attr = ] sm56hlpr.exe -> %SystemRoot%\sm56hlpr.exe -> Motorola Inc. [Ver = 6.08.01 | Size = 569344 bytes | Modified Date = 29.6.2004 18:42:16 | Attr = R ] avp.exe -> %ProgramFiles%\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe -> Kaspersky Lab [Ver = 8.0.0.357 | Size = 201992 bytes | Modified Date = 25.4.2008 18:21:30 | Attr = ] avp.exe -> %ProgramFiles%\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe -> Kaspersky Lab [Ver = 8.0.0.357 | Size = 201992 bytes | Modified Date = 25.4.2008 18:21:30 | Attr = ] pcsuite.exe -> %ProgramFiles%\Nokia\Nokia PC Suite 6\PCSuite.exe -> Nokia [Ver = 6, 86, 29, 12 | Size = 1079808 bytes | Modified Date = 16.4.2008 12:53:46 | Attr = ] pcsync2.exe -> %ProgramFiles%\Nokia\Nokia PC Suite 6\PcSync2.exe -> Time Information Services Ltd. [Ver = 2.00 (633) | Size = 1232896 bytes | Modified Date = 26.3.2008 18:41:50 | Attr = ] nvsvc32.exe -> %SystemRoot%\system32\nvsvc32.exe -> NVIDIA Corporation [Ver = 6.14.10.9371 | Size = 159810 bytes | Modified Date = 22.10.2006 13:22:00 | Attr = ] hpzipm12.exe -> %SystemRoot%\system32\HPZipm12.exe -> HP [Ver = 9, 0, 0, 0 | Size = 69632 bytes | Modified Date = 29.9.2004 13:14:36 | Attr = ] richvideo.exe -> %ProgramFiles%\CyberLink\Shared files\RichVideo.exe -> [Ver = 1.1.0808 | Size = 167936 bytes | Modified Date = 8.8.2005 14:54:00 | Attr = ] servicelayer.exe -> %ProgramFiles%\PC Connectivity Solution\ServiceLayer.exe -> Nokia. [Ver = 7, 0, 8, 0 | Size = 430592 bytes | Modified Date = 7.4.2008 9:17:30 | Attr = ] nclusbsrv.exe -> %ProgramFiles%\PC Connectivity Solution\Transports\NclUSBSrv.exe -> [Ver = 7, 0, 4, 0 | Size = 130560 bytes | Modified Date = 10.3.2008 9:58:18 | Attr = ] nclrssrv.exe -> %ProgramFiles%\PC Connectivity Solution\Transports\NclRSSrv.exe -> [Ver = 7, 0, 1, 0 | Size = 120320 bytes | Modified Date = 22.2.2008 9:11:02 | Attr = ] mpapi3s.exe -> %CommonProgramFiles%\Nokia\MPAPI\MPAPI3s.exe -> Nokia Corporation [Ver = 6.86.162.0 | Size = 474624 bytes | Modified Date = 19.3.2008 15:24:20 | Attr = ] firefox.exe -> %ProgramFiles%\Mozilla Firefox\firefox.exe -> Mozilla Corporation [Ver = 1.8.1.16: 2008070205 | Size = 7667312 bytes | Modified Date = 16.7.2008 23:49:41 | Attr = ] otscanit.exe -> %UserProfile%\Desktop\OTScanIt\OTScanIt.exe -> OldTimer Tools [Ver = 1.0.16.2 | Size = 397312 bytes | Modified Date = 12.7.2008 9:29:54 | Attr = ] [Win32 Services - Non-Microsoft Only] (aawservice) Lavasoft Ad-Aware Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Lavasoft\Ad-Aware\aawservice.exe -> Lavasoft [Ver = 7,1,0,12 | Size = 611664 bytes | Modified Date = 14.6.2008 11:14:20 | Attr = ] (AVP) Kaspersky Anti-Virus [Win32_Own | Auto | Running] -> %ProgramFiles%\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe -> Kaspersky Lab [Ver = 8.0.0.357 | Size = 201992 bytes | Modified Date = 25.4.2008 18:21:30 | Attr = ] (dmadmin) Logical Disk Manager Administrative Service [Win32_Shared | On_Demand | Stopped] -> %SystemRoot%\system32\dmadmin.exe -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 224768 bytes | Modified Date = 4.8.2004 1:56:50 | Attr = ] (gusvc) Google Updater Service [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Google\Common\Google Updater\GoogleUpdaterService.exe -> Google [Ver = 2.0.734.29932.beta | Size = 138168 bytes | Modified Date = 16.3.2007 20:36:37 | Attr = ] (IDriverT) InstallDriver Table Manager [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\InstallShield\Driver\11\Intel 32\IDriverT.exe -> Macrovision Corporation [Ver = 11.00.28844 | Size = 69632 bytes | Modified Date = 4.4.2005 0:41:10 | Attr = ] (NVSvc) NVIDIA Display Driver Service [Win32_Own | Auto | Running] -> %SystemRoot%\system32\nvsvc32.exe -> NVIDIA Corporation [Ver = 6.14.10.9371 | Size = 159810 bytes | Modified Date = 22.10.2006 13:22:00 | Attr = ] (Pml Driver HPZ12) Pml Driver HPZ12 [Win32_Own | Auto | Running] -> %SystemRoot%\system32\HPZipm12.exe -> HP [Ver = 9, 0, 0, 0 | Size = 69632 bytes | Modified Date = 29.9.2004 13:14:36 | Attr = ] (RichVideo) Cyberlink RichVideo Service(CRVS) [Win32_Own | Auto | Running] -> %ProgramFiles%\CyberLink\Shared files\RichVideo.exe -> [Ver = 1.1.0808 | Size = 167936 bytes | Modified Date = 8.8.2005 14:54:00 | Attr = ] (ServiceLayer) ServiceLayer [Win32_Own | On_Demand | Running] -> %ProgramFiles%\PC Connectivity Solution\ServiceLayer.exe -> Nokia. [Ver = 7, 0, 8, 0 | Size = 430592 bytes | Modified Date = 7.4.2008 9:17:30 | Attr = ] [Registry - Non-Microsoft Only] < Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> AVP -> %ProgramFiles%\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe ["C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe"] -> Kaspersky Lab [Ver = 8.0.0.357 | Size = 201992 bytes | Modified Date = 25.4.2008 18:21:30 | Attr = ] LanguageShortcut -> %ProgramFiles%\CyberLink\PowerDVD\Language\Language.exe ["C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"] -> [Ver = 1, 0, 1613, 0 | Size = 49152 bytes | Modified Date = 13.4.2006 12:09:00 | Attr = ] NeroFilterCheck -> %SystemRoot%\system32\NeroCheck.exe [C:\WINDOWS\system32\NeroCheck.exe] -> Ahead Software Gmbh [Ver = 1, 0, 0, 2 | Size = 155648 bytes | Modified Date = 9.7.2001 12:50:42 | Attr = ] NvCplDaemon -> %SystemRoot%\system32\nvcpl.dll [RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup] -> NVIDIA Corporation [Ver = 6.14.10.9371 | Size = 7700480 bytes | Modified Date = 22.10.2006 13:22:00 | Attr = ] NvMediaCenter -> %SystemRoot%\system32\nvmctray.dll [RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit] -> NVIDIA Corporation [Ver = 6.14.10.9371 | Size = 86016 bytes | Modified Date = 22.10.2006 13:22:00 | Attr = ] nwiz -> %SystemRoot%\system32\nwiz.exe [nwiz.exe /install] -> [Ver = | Size = 1622016 bytes | Modified Date = 22.10.2006 13:22:00 | Attr = ] RemoteControl -> %ProgramFiles%\CyberLink\PowerDVD\PDVDServ.exe ["C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"] -> Cyberlink Corp. [Ver = 5.00.0910 | Size = 30208 bytes | Modified Date = 7.12.2005 23:57:00 | Attr = ] SMSERIAL -> %SystemRoot%\sm56hlpr.exe [sm56hlpr.exe] -> Motorola Inc. [Ver = 6.08.01 | Size = 569344 bytes | Modified Date = 29.6.2004 18:42:16 | Attr = R ] < Run [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> Nokia.PCSync -> %ProgramFiles%\Nokia\Nokia PC Suite 6\PcSync2.exe ["C:\Program Files\Nokia\Nokia PC Suite 6\PCSync2.exe" /NoDialog] -> Time Information Services Ltd. [Ver = 2.00 (633) | Size = 1232896 bytes | Modified Date = 26.3.2008 18:41:50 | Attr = ] PC Suite Tray -> %ProgramFiles%\Nokia\Nokia PC Suite 6\PCSuite.exe ["C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe" -onlytray] -> Nokia [Ver = 6, 86, 29, 12 | Size = 1079808 bytes | Modified Date = 16.4.2008 12:53:46 | Attr = ] < Run [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> Nokia.PCSync -> %ProgramFiles%\Nokia\Nokia PC Suite 6\PcSync2.exe ["C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" /NoDialog] -> Time Information Services Ltd. [Ver = 2.00 (633) | Size = 1232896 bytes | Modified Date = 26.3.2008 18:41:50 | Attr = ] < Run [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> Nokia.PCSync -> %ProgramFiles%\Nokia\Nokia PC Suite 6\PcSync2.exe ["C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" /NoDialog] -> Time Information Services Ltd. [Ver = 2.00 (633) | Size = 1232896 bytes | Modified Date = 26.3.2008 18:41:50 | Attr = ] < Run [HKEY_USERS\S-1-5-21-507921405-1409082233-725345543-1003\] > -> HKEY_USERS\S-1-5-21-507921405-1409082233-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> Nokia.PCSync -> %ProgramFiles%\Nokia\Nokia PC Suite 6\PcSync2.exe ["C:\Program Files\Nokia\Nokia PC Suite 6\PCSync2.exe" /NoDialog] -> Time Information Services Ltd. [Ver = 2.00 (633) | Size = 1232896 bytes | Modified Date = 26.3.2008 18:41:50 | Attr = ] PC Suite Tray -> %ProgramFiles%\Nokia\Nokia PC Suite 6\PCSuite.exe ["C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe" -onlytray] -> Nokia [Ver = 6, 86, 29, 12 | Size = 1079808 bytes | Modified Date = 16.4.2008 12:53:46 | Attr = ] < Administrator Startup Folder > -> C:\Documents and Settings\Administrator\Start Menu\Programs\Startup -> < All Users Startup Folder > -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup -> < Default User Startup Folder > -> C:\Documents and Settings\Default User\Start Menu\Programs\Startup -> < Saša Lekan Startup Folder > -> C:\Documents and Settings\Saša Lekan\Start Menu\Programs\Startup -> < AppInit_DLLs [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs -> *AppInit_DLLs* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls -> C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd.dll -> %ProgramFiles%\Kaspersky Lab\Kaspersky Anti-Virus 2009\mzvkbd.dll -> Kaspersky Lab [Ver = 8.0.0.370 | Size = 83208 bytes | Modified Date = 7.8.2008 10:07:36 | Attr = ] *MultiFile Done* -> -> < ShellExecuteHooks [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks -> {53FE12C2-4429-488F-847B-7B285F8F6778} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [] -> File not found < SecurityProviders [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders -> < Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> *Shell* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell -> Explorer.exe -> %SystemRoot%\explorer.exe -> Microsoft Corporation [Ver = 6.00.2900.3156 (xpsp_sp2_gdr.070613-1234) | Size = 1033216 bytes | Modified Date = 13.6.2007 12:23:07 | Attr = ] *MultiFile Done* -> -> *UserInit* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit -> C:\WINDOWS\system32\userinit.exe -> %SystemRoot%\system32\userinit.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 24576 bytes | Modified Date = 4.8.2004 1:56:58 | Attr = ] *MultiFile Done* -> -> *UIHost* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UIHost -> logonui.exe -> %SystemRoot%\system32\logonui.exe -> Microsoft Corporation [Ver = 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) | Size = 514560 bytes | Modified Date = 4.8.2004 1:56:52 | Attr = ] *MultiFile Done* -> -> *VMApplet* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet -> rundll32 shell32 -> %SystemRoot%\system32\shell32.dll -> Microsoft Corporation [Ver = 6.00.2900.3241 (xpsp_sp2_gdr.071025-1248) | Size = 8454656 bytes | Modified Date = 26.10.2007 5:36:51 | Attr = ] Control_RunDLL "sysdm.cpl" -> %SystemRoot%\system32\sysdm.cpl -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 298496 bytes | Modified Date = 4.8.2004 1:56:58 | Attr = ] *MultiFile Done* -> -> < Winlogon settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> < Winlogon settings [HKEY_USERS\.DEFAULT] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> < Winlogon settings [HKEY_USERS\S-1-5-18] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> < Winlogon settings [HKEY_USERS\S-1-5-19] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> < Winlogon settings [HKEY_USERS\S-1-5-20] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> < Winlogon settings [HKEY_USERS\S-1-5-21-507921405-1409082233-725345543-1003] > -> HKEY_USERS\S-1-5-21-507921405-1409082233-725345543-1003\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> < Winlogon\Notify settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ -> klogon -> %SystemRoot%\system32\klogon.dll -> Kaspersky Lab [Ver = 8.0.0.357 | Size = 206088 bytes | Modified Date = 25.4.2008 18:22:24 | Attr = ] WgaLogon -> -> File not found < CurrentVersion Policy Settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{BDEADF00-C265-11D0-BCED-00A0C90AB50F} -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} -> 1073741857 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{0DF44EAA-FF21-4412-828E-260A8728E7F1} -> 32 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\dontdisplaylastusername -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticecaption -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticetext -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\shutdownwithoutlogon -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\undockwithoutlogon -> 1 -> < CurrentVersion Policy Settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ComDlg32\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 -> < CurrentVersion Policy Settings [HKEY_USERS\.DEFAULT] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 -> < CurrentVersion Policy Settings [HKEY_USERS\S-1-5-18] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 -> < CurrentVersion Policy Settings [HKEY_USERS\S-1-5-19] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 -> < CurrentVersion Policy Settings [HKEY_USERS\S-1-5-20] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 -> < CurrentVersion Policy Settings [HKEY_USERS\S-1-5-21-507921405-1409082233-725345543-1003] > -> HKEY_USERS\S-1-5-21-507921405-1409082233-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> HKEY_USERS\S-1-5-21-507921405-1409082233-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> -> HKEY_USERS\S-1-5-21-507921405-1409082233-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ComDlg32\ -> -> HKEY_USERS\S-1-5-21-507921405-1409082233-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> HKEY_USERS\S-1-5-21-507921405-1409082233-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 -> < CDROM Autorun Settings > [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\ -> -> *DependOnGroup* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\DependOnGroup -> SCSI miniport -> -> File not found *MultiFile Done* -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\ErrorControl -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Group -> SCSI CDROM Class -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Start -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Tag -> 2 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Type -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\DisplayName -> CD-ROM Driver -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\ImagePath -> %SystemRoot%\system32\drivers\cdrom.sys [system32\DRIVERS\cdrom.sys] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 49536 bytes | Modified Date = 3.8.2004 23:59:54 | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun -> 1 -> *AutoRunAlwaysDisable* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRunAlwaysDisable -> NEC MBR-7 -> -> File not found NEC MBR-7.4 -> -> File not found PIONEER CHANGR DRM-1804X -> -> File not found PIONEER CD-ROM DRM-6324X -> -> File not found PIONEER CD-ROM DRM-624X -> -> File not found TORiSAN CD-ROM CDR_C36 -> -> File not found *MultiFile Done* -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\Enum\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\Enum\\0 -> IDE\CdRomLITE-ON_LTR-52327S______________________QS08____\5&381b986f&0&0.0.0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\Enum\\Count -> 3 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\Enum\\NextInstance -> 3 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\Enum\\1 -> IDE\CdRom_NEC_DVD_RW_ND-3520A____________________1.04____\5&381b986f&0&0.1.0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\Enum\\2 -> SCSI\CdRom&Ven_MC7209J&Prod_QIA506S&Rev_1.0\5&36c148f7&0&000 -> < Drives - Autoruns > -> -> AUTOEXEC.BAT [] -> %SystemDrive%\AUTOEXEC.BAT [ NTFS ] -> [Ver = | Size = 0 bytes | Modified Date = 16.3.2007 19:11:00 | Attr = ] < HOSTS File > (257725 bytes) -> C:\WINDOWS\System32\drivers\etc\Hosts -> < Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> -> HKEY_LOCAL_MACHINE\: Main\\Default_Page_URL -> http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome -> HKEY_LOCAL_MACHINE\: Main\\Default_Search_URL -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> HKEY_LOCAL_MACHINE\: Main\\Local Page -> %SystemRoot%\system32\blank.htm -> HKEY_LOCAL_MACHINE\: Main\\Search Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> HKEY_LOCAL_MACHINE\: Main\\Start Page -> http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home -> HKEY_LOCAL_MACHINE\: Search\\CustomizeSearch -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm -> HKEY_LOCAL_MACHINE\: Search\\SearchAssistant -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm -> < Internet Explorer Settings [HKEY_CURRENT_USER\] > -> -> HKEY_CURRENT_USER\: Main\\Local Page -> C:\WINDOWS\system32\blank.htm -> HKEY_CURRENT_USER\: Main\\Search Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> HKEY_CURRENT_USER\: Main\\Start Page -> http://www.google.si/ -> HKEY_CURRENT_USER\: ProxyEnable -> 0 -> < Internet Explorer Settings [HKEY_USERS\.DEFAULT\] > -> -> HKEY_USERS\.DEFAULT\: ProxyEnable -> 0 -> < Internet Explorer Settings [HKEY_USERS\S-1-5-18\] > -> -> HKEY_USERS\S-1-5-18\: ProxyEnable -> 0 -> < Internet Explorer Settings [HKEY_USERS\S-1-5-19\] > -> -> < Internet Explorer Settings [HKEY_USERS\S-1-5-20\] > -> -> < Internet Explorer Settings [HKEY_USERS\S-1-5-21-507921405-1409082233-725345543-1003\] > -> -> HKEY_USERS\S-1-5-21-507921405-1409082233-725345543-1003\: Main\\Local Page -> C:\WINDOWS\system32\blank.htm -> HKEY_USERS\S-1-5-21-507921405-1409082233-725345543-1003\: Main\\Search Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> HKEY_USERS\S-1-5-21-507921405-1409082233-725345543-1003\: Main\\Start Page -> http://www.google.si/ -> HKEY_USERS\S-1-5-21-507921405-1409082233-725345543-1003\: ProxyEnable -> 0 -> < Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 4718 domain(s) found. -> 43 domain(s) and sub-domain(s) not assigned to a zone. < Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 77 range(s) found. -> < Trusted Sites Domains [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 4733 domain(s) found. -> 45 domain(s) and sub-domain(s) not assigned to a zone. < Trusted Sites Ranges [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 77 range(s) found. -> < Trusted Sites Domains [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 4733 domain(s) found. -> 45 domain(s) and sub-domain(s) not assigned to a zone. < Trusted Sites Ranges [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 77 range(s) found. -> < Trusted Sites Domains [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 4733 domain(s) found. -> 45 domain(s) and sub-domain(s) not assigned to a zone. < Trusted Sites Ranges [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 77 range(s) found. -> < Trusted Sites Domains [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 4722 domain(s) found. -> 48 domain(s) and sub-domain(s) not assigned to a zone. < Trusted Sites Ranges [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 77 range(s) found. -> < Trusted Sites Domains [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 4722 domain(s) found. -> 48 domain(s) and sub-domain(s) not assigned to a zone. < Trusted Sites Ranges [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 77 range(s) found. -> < Trusted Sites Domains [HKEY_USERS\S-1-5-21-507921405-1409082233-725345543-1003\] > -> HKEY_USERS\S-1-5-21-507921405-1409082233-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_USERS\S-1-5-21-507921405-1409082233-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 4733 domain(s) found. -> 45 domain(s) and sub-domain(s) not assigned to a zone. < Trusted Sites Ranges [HKEY_USERS\S-1-5-21-507921405-1409082233-725345543-1003\] > -> HKEY_USERS\S-1-5-21-507921405-1409082233-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_USERS\S-1-5-21-507921405-1409082233-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 77 range(s) found. -> < BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ -> {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [AcroIEHlprObj Class] -> Adobe Systems Incorporated [Ver = 7.0.5.2005092300 | Size = 63136 bytes | Modified Date = 24.9.2005 7:12:08 | Attr = ] {3049C3E9-B461-4BC5-8870-4C09146192CA} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Real\RealPlayer\rpbrowserrecordplugin.dll [RealPlayer Download and Record Plugin for Internet Explorer] -> RealPlayer [Ver = 1.0.1.57 | Size = 308856 bytes | Modified Date = 17.6.2008 21:32:13 | Attr = ] {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Kaspersky Lab\Kaspersky Anti-Virus 2009\ievkbd.dll [IEVkbdBHO Class] -> Kaspersky Lab [Ver = 8.0.0.369 | Size = 62728 bytes | Modified Date = 7.8.2008 10:07:36 | Attr = ] {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.6.0_07\bin\ssv.dll [SSVHelper Class] -> Sun Microsystems, Inc. [Ver = 6.0.70.6 | Size = 509328 bytes | Modified Date = 10.6.2008 4:27:02 | Attr = ] {AA58ED58-01DD-4d91-8333-CF10577473F7} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Google\GoogleToolbar1.dll [Google Toolbar Helper] -> Google Inc. [Ver = 4, 0, 1601, 5904 | Size = 2411584 bytes | Modified Date = 16.3.2007 20:36:36 | Attr = R ] < Internet Explorer ToolBars [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar -> {2318C2B1-4965-11d4-9B18-009027A5CD4F} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Google\GoogleToolbar1.dll [&Google] -> Google Inc. [Ver = 4, 0, 1601, 5904 | Size = 2411584 bytes | Modified Date = 16.3.2007 20:36:36 | Attr = R ] < Internet Explorer ToolBars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ -> WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Google\GoogleToolbar1.dll [&Google] -> Google Inc. [Ver = 4, 0, 1601, 5904 | Size = 2411584 bytes | Modified Date = 16.3.2007 20:36:36 | Attr = R ] < Internet Explorer ToolBars [HKEY_USERS\S-1-5-21-507921405-1409082233-725345543-1003\] > -> HKEY_USERS\S-1-5-21-507921405-1409082233-725345543-1003\Software\Microsoft\Internet Explorer\Toolbar\ -> WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Google\GoogleToolbar1.dll [&Google] -> Google Inc. [Ver = 4, 0, 1601, 5904 | Size = 2411584 bytes | Modified Date = 16.3.2007 20:36:36 | Attr = R ] < Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ -> {08B0E5C0-4FCB-11CF-AAA5-00401C608501}:{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.6.0_07\bin\npjpi160_07.dll [Sun Java Console] -> Sun Microsystems, Inc. [Ver = 6.0.70.6 | Size = 132496 bytes | Modified Date = 10.6.2008 4:27:02 | Attr = ] {08B0E5C0-4FCB-11CF-AAA5-00401C608501}:{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC} [HKEY_CURRENT_USER] -> %ProgramFiles%\Java\jre1.6.0_07\bin\ssv.dll [Sun Java Console] -> Sun Microsystems, Inc. [Ver = 6.0.70.6 | Size = 509328 bytes | Modified Date = 10.6.2008 4:27:02 | Attr = ] {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E}:BandCLSID -> %ProgramFiles%\Kaspersky Lab\Kaspersky Anti-Virus 2009\SCIEPlgn.dll [Web traffic protection statistics] -> Kaspersky Lab [Ver = 8.0.0.357 | Size = 222472 bytes | Modified Date = 25.4.2008 18:22:54 | Attr = ] {FB5F1910-F110-11d2-BB9E-00C04F795683}:Exec -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> File not found < Internet Explorer Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\ -> CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.6.0_07\bin\npjpi160_07.dll [Sun Java Console] -> Sun Microsystems, Inc. [Ver = 6.0.70.6 | Size = 132496 bytes | Modified Date = 10.6.2008 4:27:02 | Attr = ] CmdMapping\\{1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Kaspersky Lab\Kaspersky Anti-Virus 2009\SCIEPlgn.dll [Web traffic protection statistics] -> Kaspersky Lab [Ver = 8.0.0.357 | Size = 222472 bytes | Modified Date = 25.4.2008 18:22:54 | Attr = ] CmdMapping\\{219C3416-8CB2-491a-A3C7-D9FCDDC9D600} [HKEY_LOCAL_MACHINE] -> [Reg Error: Key does not exist or could not be opened.] -> File not found CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> File not found < Internet Explorer Menu Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\ -> I&zvoz v Microsoft Excel -> %SystemDrive%\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE -> File not found < Internet Explorer Extensions [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Extensions\ -> CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.6.0_07\bin\npjpi160_07.dll [Sun Java Console] -> Sun Microsystems, Inc. [Ver = 6.0.70.6 | Size = 132496 bytes | Modified Date = 10.6.2008 4:27:02 | Attr = ] CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> File not found < Internet Explorer Menu Extensions [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\MenuExt\ -> I&zvoz v Microsoft Excel -> %SystemDrive%\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE -> File not found < Internet Explorer Extensions [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Extensions\ -> CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.6.0_07\bin\npjpi160_07.dll [Sun Java Console] -> Sun Microsystems, Inc. [Ver = 6.0.70.6 | Size = 132496 bytes | Modified Date = 10.6.2008 4:27:02 | Attr = ] CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> File not found < Internet Explorer Menu Extensions [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\MenuExt\ -> I&zvoz v Microsoft Excel -> %SystemDrive%\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE -> File not found < Internet Explorer Extensions [HKEY_USERS\S-1-5-21-507921405-1409082233-725345543-1003\] > -> HKEY_USERS\S-1-5-21-507921405-1409082233-725345543-1003\Software\Microsoft\Internet Explorer\Extensions\ -> CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.6.0_07\bin\npjpi160_07.dll [Sun Java Console] -> Sun Microsystems, Inc. [Ver = 6.0.70.6 | Size = 132496 bytes | Modified Date = 10.6.2008 4:27:02 | Attr = ] CmdMapping\\{1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Kaspersky Lab\Kaspersky Anti-Virus 2009\SCIEPlgn.dll [Web traffic protection statistics] -> Kaspersky Lab [Ver = 8.0.0.357 | Size = 222472 bytes | Modified Date = 25.4.2008 18:22:54 | Attr = ] CmdMapping\\{219C3416-8CB2-491a-A3C7-D9FCDDC9D600} [HKEY_LOCAL_MACHINE] -> [Reg Error: Key does not exist or could not be opened.] -> File not found CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> File not found < Internet Explorer Menu Extensions [HKEY_USERS\S-1-5-21-507921405-1409082233-725345543-1003\] > -> HKEY_USERS\S-1-5-21-507921405-1409082233-725345543-1003\Software\Microsoft\Internet Explorer\MenuExt\ -> I&zvoz v Microsoft Excel -> %SystemDrive%\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE -> File not found < Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ -> PluginsPageFriendlyName -> Microsoft ActiveX Gallery -> PluginsPage -> http://activex.microsoft.com/controls/find.asp?ext=%s&mime=%s -> < User Agent Post Platform [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform -> SV1 -> -> < DNS Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ -> {C2237E39-B725-40E8-A3C5-3E671CCC0902} -> () -> {DB1F648D-EFD0-4781-9D9A-0A895FA6EFBC} -> (VIA Rhine II Fast Ethernet Adapter) -> < Protocol Handlers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ -> ipp: [HKEY_LOCAL_MACHINE] -> No CLSID value msdaipp: [HKEY_LOCAL_MACHINE] -> No CLSID value < Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ -> {5C051655-FCD5-4969-9182-770EA5AA5565}[HKEY_LOCAL_MACHINE] -> http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab[Reg Error: Key does not exist or could not be opened.] -> {8AD9C840-044E-11D1-B3E9-00805F499D93}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab[Java Plug-in 1.6.0_07] -> {C3F79A2B-B9B4-4A66-B012-3EE46475B072}[HKEY_LOCAL_MACHINE] -> http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab[Reg Error: Key does not exist or could not be opened.] -> {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab[Java Plug-in 1.6.0_03] -> {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab[Java Plug-in 1.6.0_05] -> {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab[Java Plug-in 1.6.0_07] -> {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab[Java Plug-in 1.6.0_07] -> {D27CDB6E-AE6D-11CF-96B8-444553540000}[HKEY_LOCAL_MACHINE] -> http://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab[Shockwave Flash Object] -> < Module Usage Keys [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\ -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/MessengerStatsPAClient.dll\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/MessengerStatsPAClient.dll\\.Owner -> {C3F79A2B-B9B4-4A66-B012-3EE46475B072} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/MessengerStatsPAClient.dll\\{C3F79A2B-B9B4-4A66-B012-3EE46475B072} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/SolitaireShowdown.dll\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/SolitaireShowdown.dll\\.Owner -> {5C051655-FCD5-4969-9182-770EA5AA5565} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/SolitaireShowdown.dll\\{5C051655-FCD5-4969-9182-770EA5AA5565} -> -> [Registry - Additional Scans - Non-Microsoft Only] < BotCheck > -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\DefaultLaunchPermission -> [Binary data over 100 bytes] -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\MachineLaunchRestriction -> [Binary data over 100 bytes] -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\MachineAccessRestriction -> [Binary data over 100 bytes] -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\EnableDCOM -> N -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{A50398B8-9075-4FBF-A7A1-456BF21937AD} -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{AD65A69D-3831-40D7-9629-9B0B50A93843} -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{0040D221-54A1-11D1-9DE0-006097042D69} -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{2A6D72F1-6E7E-4702-B99C-E40D3DED33C3} -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\NONREDIST\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\NONREDIST\\System.EnterpriseServices.Thunk.dll -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirstRunDisabled -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\AntiVirusDisableNotify -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirewallDisableNotify -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\UpdatesDisableNotify -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\AntiVirusOverride -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirewallOverride -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus\\DisableMonitoring -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus\\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall\ -> -> Reg Error: Key HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\ not found. -> -> Reg Error: Key HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\ not found. -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\ -> -> *Authentication Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Authentication Packages -> msv1_0 -> %SystemRoot%\system32\msv1_0.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 129536 bytes | Modified Date = 4.8.2004 1:56:44 | Attr = ] C:\WINDOWS\system32\rqRhEvtS -> -> File not found *MultiFile Done* -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Bounds -> 0 [binary data] -> *Security Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Security Packages -> kerberos -> %SystemRoot%\system32\kerberos.dll -> Microsoft Corporation [Ver = 5.1.2600.2698 (xpsp_sp2_gdr.050614-1522) | Size = 295936 bytes | Modified Date = 15.6.2005 19:49:30 | Attr = ] msv1_0 -> %SystemRoot%\system32\msv1_0.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 129536 bytes | Modified Date = 4.8.2004 1:56:44 | Attr = ] schannel -> %SystemRoot%\system32\schannel.dll -> Microsoft Corporation [Ver = 5.1.2600.3126 (xpsp_sp2_gdr.070425-0226) | Size = 144896 bytes | Modified Date = 25.4.2007 16:21:15 | Attr = ] wdigest -> %SystemRoot%\system32\wdigest.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 49152 bytes | Modified Date = 4.8.2004 1:56:48 | Attr = ] *MultiFile Done* -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\ImpersonatePrivilegeUpgradeToolHasRun -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\LsaPid -> 1108 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\SecureBoot -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\auditbaseobjects -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\crashonauditfail -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\disabledomaincreds -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\everyoneincludesanonymous -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\fipsalgorithmpolicy -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\forceguest -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\fullprivilegeauditing -> [binary data] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\limitblankpassworduse -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\lmcompatibilitylevel -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\nodefaultadminowner -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\nolmhash -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\restrictanonymous -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\restrictanonymoussam -> 1 -> *Notification Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Notification Packages -> scecli -> %SystemRoot%\system32\scecli.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 180224 bytes | Modified Date = 4.8.2004 1:56:46 | Attr = ] *MultiFile Done* -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\ -> -> *ProviderOrder* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\\ProviderOrder -> Windows NT Access Provider -> -> File not found *MultiFile Done* -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\Windows NT Access Provider\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\Windows NT Access Provider\\ProviderPath -> %SystemRoot%\system32\ntmarta.dll [%SystemRoot%\system32\ntmarta.dll] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 118784 bytes | Modified Date = 4.8.2004 1:56:46 | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\PerUserAuditing\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\PerUserAuditing\System\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Data\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Data\\Pattern -> 5F 5E 85 7C D6 03 14 7D 96 F5 E0 F9 EA 24 38 F1 38 33 38 39 38 64 66 65 00 FD 07 00 69 46 00 00 34 FA 07 00 56 82 7C 75 20 FA 07 00 40 FD 07 00 4C FD 07 00 10 46 A7 E0 ED DD 89 26 74 DB 11 83 [binary data] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\GBG\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\GBG\\GrafBlumGroup -> 9F B9 4F 8B 49 D0 FD B6 3C [binary data] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\JD\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\JD\\Lookup -> 59 FB 03 7E 90 39 [binary data] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\Domains\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\SidCache\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0\\Auth132 -> %SystemRoot%\system32\iissuba.dll [IISSUBA] -> Microsoft Corporation [Ver = 6.0.2600.0 (xpclient.010817-1148) | Size = 9216 bytes | Modified Date = 23.8.2001 14:00:00 | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0\\ntlmminclientsec -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0\\ntlmminserversec -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Skew1\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Skew1\\SkewMatrix -> ED 59 49 C3 97 44 D7 BF 0D FC F2 59 13 C2 59 A6 [binary data] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\Passport1.4\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\Passport1.4\\SSOURL -> http://www.passport.com -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\\Time -> 00 86 B2 E4 F2 67 C7 01 [binary data] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Name -> Digest -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Comment -> Digest SSPI Authentication Package -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Capabilities -> 16464 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\RpcId -> 65535 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Version -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\TokenSize -> 65535 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Time -> 00 C6 58 87 B5 79 C4 01 [binary data] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Type -> 49 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Name -> DPA -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Comment -> DPA Security Package -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Capabilities -> 55 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\RpcId -> 17 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Version -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\TokenSize -> 768 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Time -> 00 C6 58 87 B5 79 C4 01 [binary data] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Type -> 49 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Name -> MSN -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Comment -> MSN Security Package -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Capabilities -> 55 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\RpcId -> 18 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Version -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\TokenSize -> 768 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Time -> 00 C6 58 87 B5 79 C4 01 [binary data] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Type -> 49 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DependOnGroup -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DependOnService -> Netman;WinMgmt; -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Description -> Provides network address translation, addressing, name resolution and/or intrusion prevention services for a home or small office network. -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DisplayName -> Windows Firewall/Internet Connection Sharing (ICS) -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ErrorControl -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ImagePath -> %SystemRoot%\system32\svchost.exe [%SystemRoot%\system32\svchost.exe -k netsvcs] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 4.8.2004 1:56:58 | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ObjectName -> LocalSystem -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Start -> 2 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Type -> 32 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch\\Epoch -> 13045 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\\ServiceDll -> %SystemRoot%\system32\ipnathlp.dll [%SystemRoot%\System32\ipnathlp.dll] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 331264 bytes | Modified Date = 4.8.2004 1:56:44 | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\%windir%\system32\sessmgr.exe -> %SystemRoot%\system32\sessmgr.exe [%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 140800 bytes | Modified Date = 4.8.2004 1:56:58 | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\C:\Program Files\Windows Live\Messenger\msnmsgr.exe -> %ProgramFiles%\Windows Live\Messenger\msnmsgr.exe [C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger] -> Microsoft Corporation [Ver = 8.5.1302.1018 | Size = 5724184 bytes | Modified Date = 18.10.2007 12:34:58 | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\C:\Program Files\Windows Live\Messenger\livecall.exe -> %ProgramFiles%\Windows Live\Messenger\livecall.exe [C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)] -> Microsoft Corporation [Ver = 1.5.204.0 | Size = 304488 bytes | Modified Date = 2.10.2007 18:18:24 | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\%windir%\system32\sessmgr.exe -> %SystemRoot%\system32\sessmgr.exe [%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 140800 bytes | Modified Date = 4.8.2004 1:56:58 | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe -> %ProgramFiles%\HP\Digital Imaging\bin\hpqtra08.exe [C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe] -> Hewlett-Packard Co. [Ver = 53.0.13.000 | Size = 282624 bytes | Modified Date = 12.5.2005 0:23:26 | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe -> %ProgramFiles%\HP\Digital Imaging\bin\hpqste08.exe [C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe] -> Hewlett-Packard Co. [Ver = 53.0.13.000 | Size = 204800 bytes | Modified Date = 12.5.2005 1:40:38 | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe -> %ProgramFiles%\HP\Digital Imaging\bin\hpofxm08.exe [C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe] -> Hewlett-Packard Co. [Ver = 50.0.206.000 | Size = 225280 bytes | Modified Date = 24.5.2005 3:17:46 | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe -> %ProgramFiles%\HP\Digital Imaging\bin\hposfx08.exe [C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe] -> Hewlett-Packard Co. [Ver = 50.0.206.000 | Size = 40960 bytes | Modified Date = 24.5.2005 3:18:00 | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\HP\Digital Imaging\bin\hposid01.exe -> %ProgramFiles%\HP\Digital Imaging\bin\hposid01.exe [C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe] -> Hewlett-Packard Co. [Ver = 50.0.206.000 | Size = 81920 bytes | Modified Date = 24.5.2005 3:13:32 | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe -> %ProgramFiles%\HP\Digital Imaging\bin\hpqscnvw.exe [C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe:*:Enabled:hpqscnvw.exe] -> [Ver = 3, 2, 0,941 | Size = 200704 bytes | Modified Date = 12.5.2005 11:06:08 | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe -> %ProgramFiles%\HP\Digital Imaging\bin\hpqkygrp.exe [C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe] -> Hewlett-Packard [Ver = 5.1.0.941 | Size = 1081344 bytes | Modified Date = 12.5.2005 8:28:02 | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe -> %ProgramFiles%\HP\Digital Imaging\bin\hpqCopy.exe [C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe:*:Enabled:hpqcopy.exe] -> Hewlett-Packard Co. [Ver = 50.0.206.000 | Size = 172032 bytes | Modified Date = 24.5.2005 3:42:00 | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe -> %ProgramFiles%\HP\Digital Imaging\bin\hpfccopy.exe [C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe:*:Enabled:hpfccopy.exe] -> Hewlett-Packard [Ver = 2.4 | Size = 151635 bytes | Modified Date = 12.5.2005 9:34:58 | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe -> %ProgramFiles%\HP\Digital Imaging\bin\hpzwiz01.exe [C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe] -> Hewlett-Packard Co. [Ver = 50.0.206.000 | Size = 458752 bytes | Modified Date = 24.5.2005 3:18:52 | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe -> %ProgramFiles%\HP\Digital Imaging\Unload\HpqPhUnl.exe [C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe:*:Enabled:hpqphunl.exe] -> [Ver = 5.0.0.247 | Size = 417792 bytes | Modified Date = 15.3.2005 16:12:10 | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe -> %ProgramFiles%\HP\Digital Imaging\Unload\HpqDIA.exe [C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe:*:Enabled:hpqdia.exe] -> [Ver = 5.0.0.247 | Size = 704512 bytes | Modified Date = 15.3.2005 16:17:50 | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe -> %ProgramFiles%\HP\Digital Imaging\bin\hpoews01.exe [C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe] -> Hewlett-Packard Co. [Ver = 50.0.206.000 | Size = 57344 bytes | Modified Date = 24.5.2005 3:34:36 | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Messenger\msmsgs.exe -> %ProgramFiles%\Messenger\msmsgs.exe [C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger] -> File not found HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\uTorrent\utorrent.exe -> %SystemDrive%\uTorrent\utorrent.exe [C:\uTorrent\utorrent.exe:*:Enabled:µTorrent] -> [Ver = | Size = 177152 bytes | Modified Date = 22.3.2007 21:04:01 | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\eMule\emule.exe -> %SystemDrive%\eMule\emule.exe [C:\eMule\emule.exe:*:Enabled:eMule] -> http://www.emule-project.net [Ver = 0.47.0 Unicode | Size = 4857856 bytes | Modified Date = 26.1.2006 18:21:45 | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\WINDOWS\system\lsass.exe -> %SystemRoot%\system\lsass.exe [C:\WINDOWS\system\lsass.exe:*:Enabled:Messenger Sharing] -> File not found HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\DOCUME~1\SAALEK~1\LOCALS~1\Temp\Rar$DI01.359\picture052.JPG-www.photoshack.com -> %SystemDrive%\DOCUME~1\SAALEK~1\LOCALS~1\Temp\Rar$DI01.359\picture052.JPG-www.photoshack.com [C:\DOCUME~1\SAALEK~1\LOCALS~1\Temp\Rar$DI01.359\picture052.JPG-www.photoshack.com:*:Enabled:Messenger Sharing] -> File not found HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\DOCUME~1\SAALEK~1\LOCALS~1\Temp\Rar$DI02.687\picture052.JPG-www.photoshack.com -> %SystemDrive%\DOCUME~1\SAALEK~1\LOCALS~1\Temp\Rar$DI02.687\picture052.JPG-www.photoshack.com [C:\DOCUME~1\SAALEK~1\LOCALS~1\Temp\Rar$DI02.687\picture052.JPG-www.photoshack.com:*:Enabled:Messenger Sharing] -> File not found HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\D:\picture052.JPG-www.photoshack.com -> D:\picture052.JPG-www.photoshack.com [D:\picture052.JPG-www.photoshack.com:*:Enabled:Messenger Sharing] -> File not found HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Skype\Phone\Skype.exe -> %ProgramFiles%\Skype\Phone\Skype.exe [C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype] -> [Ver = | Size = 20036648 bytes | Modified Date = 21.7.2006 13:06:24 | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\JetBrains\IntelliJ IDEA 7.0.1\bin\idea.exe -> %ProgramFiles%\JetBrains\IntelliJ IDEA 7.0.1\bin\idea.exe [C:\Program Files\JetBrains\IntelliJ IDEA 7.0.1\bin\idea.exe:*:Enabled:idea] -> JetBrains s.r.o [Ver = 7.0.0.7364 | Size = 547736 bytes | Modified Date = 22.10.2007 16:47:28 | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Joost\xulrunner\tvprunner.exe -> %ProgramFiles%\Joost\xulrunner\tvprunner.exe [C:\Program Files\Joost\xulrunner\tvprunner.exe:*:Enabled:tvprunner] -> File not found HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Java\jdk1.6.0_03\bin\java.exe -> %ProgramFiles%\Java\jdk1.6.0_03\bin\java.exe [C:\Program Files\Java\jdk1.6.0_03\bin\java.exe:*:Enabled:Java(TM) Platform SE binary] -> Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 135168 bytes | Modified Date = 24.9.2007 23:13:02 | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Wolfram Research\Mathematica\5.2\Mathematica.exe -> %ProgramFiles%\Wolfram Research\Mathematica\5.2\Mathematica.exe [C:\Program Files\Wolfram Research\Mathematica\5.2\Mathematica.exe:*:Enabled:Mathematica 5.2 for Students] -> Wolfram Research, Inc. [Ver = 5, 2, 0, 0 | Size = 110592 bytes | Modified Date = 20.6.2005 21:17:08 | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Wolfram Research\Mathematica\5.2\MathKernel.exe -> %ProgramFiles%\Wolfram Research\Mathematica\5.2\MathKernel.exe [C:\Program Files\Wolfram Research\Mathematica\5.2\MathKernel.exe:*:Enabled:Mathematica 5.2 for Students Kernel] -> Wolfram Research, Inc. [Ver = 5, 2, 0, 0 | Size = 106496 bytes | Modified Date = 21.6.2005 0:02:34 | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Wolfram Research\Mathematica\5.2\math.exe -> %ProgramFiles%\Wolfram Research\Mathematica\5.2\math.exe [C:\Program Files\Wolfram Research\Mathematica\5.2\math.exe:*:Enabled:math.exe] -> [Ver = | Size = 65536 bytes | Modified Date = 21.6.2005 0:01:58 | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Eclipse\eclipse\eclipse.exe -> %SystemDrive%\Eclipse\eclipse\eclipse.exe [C:\Eclipse\eclipse\eclipse.exe:*:Enabled:eclipse] -> [Ver = | Size = 57344 bytes | Modified Date = 21.2.2008 21:18:32 | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\WINDOWS\system32\mmc.exe -> %SystemRoot%\system32\mmc.exe [C:\WINDOWS\system32\mmc.exe:*:Disabled:Microsoft Management Console] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 815104 bytes | Modified Date = 4.8.2004 1:56:52 | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\WINDOWS\system32\lExplore.exe -> %SystemRoot%\system32\lExplore.exe [C:\WINDOWS\system32\lExplore.exe:*:Disabled:lExplore] -> File not found HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE -> %ProgramFiles%\Microsoft Office\Office12\OUTLOOK.EXE [C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook] -> Microsoft Corporation [Ver = 12.0.4518.1014 | Size = 12813096 bytes | Modified Date = 27.10.2006 15:16:48 | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Microsoft Office\Office12\GROOVE.EXE -> %ProgramFiles%\Microsoft Office\Office12\GROOVE.EXE [C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove] -> Microsoft Corporation [Ver = 12.0.4518.1014 | Size = 338216 bytes | Modified Date = 27.10.2006 15:37:44 | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE -> %ProgramFiles%\Microsoft Office\Office12\ONENOTE.EXE [C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote] -> Microsoft Corporation [Ver = 12.0.4518.1014 | Size = 1018664 bytes | Modified Date = 27.10.2006 15:03:04 | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Windows Live\Messenger\msnmsgr.exe -> %ProgramFiles%\Windows Live\Messenger\msnmsgr.exe [C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger] -> Microsoft Corporation [Ver = 8.5.1302.1018 | Size = 5724184 bytes | Modified Date = 18.10.2007 12:34:58 | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Windows Live\Messenger\livecall.exe -> %ProgramFiles%\Windows Live\Messenger\livecall.exe [C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)] -> Microsoft Corporation [Ver = 1.5.204.0 | Size = 304488 bytes | Modified Date = 2.10.2007 18:18:24 | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files\Kaspersky Anti-Virus 2009\english\setup.exe -> %AllUsersProfile%\Application Data\Kaspersky Lab Setup Files\Kaspersky Anti-Virus 2009\english\setup.exe [C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files\Kaspersky Anti-Virus 2009\english\setup.exe:*:Enabled:Kaspersky Anti-Virus 2009 Setup] -> Kaspersky Lab [Ver = 8.0.0.357 | Size = 70976 bytes | Modified Date = 25.4.2008 16:49:34 | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\\ServiceUpgrade -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\InterfacesUnfirewalledAtUpdate\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\InterfacesUnfirewalledAtUpdate\\All -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\0 -> Root\LEGACY_SHAREDACCESS\0000 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\Count -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\NextInstance -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Type -> 32 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Start -> 4 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ErrorControl -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ImagePath -> %SystemRoot%\system32\svchost.exe [%systemroot%\system32\svchost.exe -k netsvcs] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 4.8.2004 1:56:58 | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\DisplayName -> Automatic Updates -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ObjectName -> LocalSystem -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Description -> Enables the download and installation of Windows updates. If this service is disabled, this computer will not be able to use the Automatic Updates feature or the Windows Update Web site. -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Parameters\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Parameters\\ServiceDll -> %SystemRoot%\system32\wuauserv.dll [C:\WINDOWS\system32\wuauserv.dll] -> Microsoft Corporation [Ver = 5.4.3790.2180 (xpsp_sp2_rtm.040803-2158) | Size = 6656 bytes | Modified Date = 4.8.2004 1:56:48 | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Security\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Security\\Security -> [Binary data over 100 bytes] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\0 -> Root\LEGACY_WUAUSERV\0000 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\Count -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\NextInstance -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\Description -> Enables remote users to modify registry settings on this computer. If this service is stopped, the registry can be modified only by users on this computer. If this service is disabled, any services that explicitly depend on it will fail to start. -> *DependOnService* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\DependOnService -> RPCSS -> %SystemRoot%\system32\rpcss.dll -> Microsoft Corporation [Ver = 5.1.2600.2726 (xpsp_sp2_gdr.050725-1528) | Size = 397824 bytes | Modified Date = 26.7.2005 6:39:49 | Attr = ] *MultiFile Done* -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\DisplayName -> Remote Registry -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\ErrorControl -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\ImagePath -> %SystemRoot%\system32\svchost.exe [%SystemRoot%\system32\svchost.exe -k LocalService] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 4.8.2004 1:56:58 | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\ObjectName -> NT AUTHORITY\LocalService -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\Group -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\Start -> 2 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\Type -> 32 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\FailureActions -> 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 E0 AD 08 00 01 00 00 00 E8 03 00 00 [binary data] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Parameters\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Parameters\\ServiceDll -> %SystemRoot%\system32\regsvc.dll [%SystemRoot%\system32\regsvc.dll] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 59904 bytes | Modified Date = 4.8.2004 1:56:46 | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Security\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Security\\Security -> [Binary data over 100 bytes] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Enum\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Enum\\0 -> Root\LEGACY_REMOTEREGISTRY\0000 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Enum\\Count -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Enum\\NextInstance -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\Type -> 16 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\Start -> 4 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\ErrorControl -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\ImagePath -> %SystemRoot%\system32\tlntsvr.exe [C:\WINDOWS\system32\tlntsvr.exe] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 73216 bytes | Modified Date = 4.8.2004 1:56:58 | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\DisplayName -> Telnet -> *DependOnService* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\DependOnService -> RPCSS -> %SystemRoot%\system32\rpcss.dll -> Microsoft Corporation [Ver = 5.1.2600.2726 (xpsp_sp2_gdr.050725-1528) | Size = 397824 bytes | Modified Date = 26.7.2005 6:39:49 | Attr = ] TCPIP -> -> File not found NTLMSSP -> -> File not found *MultiFile Done* -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\DependOnGroup -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\ObjectName -> LocalSystem -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\Description -> Enables a remote user to log on to this computer and run programs, and supports various TCP/IP Telnet clients, including UNIX-based and Windows-based computers. If this service is stopped, remote user access to programs might be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start. -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\Security\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\Security\\Security -> [Binary data over 100 bytes] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Hardware Profiles\Current\Software\Microsoft\windows\CurrentVersion\Internet Settings\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Hardware Profiles\Current\Software\Microsoft\windows\CurrentVersion\Internet Settings\\ProxyEnable -> 0 -> < Desktop Components > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\ -> 0 -> [Key] -> 0 -> FriendlyName = My Current Home Page -> 0 -> Source = About:Home -> 0 -> SubscribedURL = About:Home -> < Disabled MSConfig Folder Items [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\ -> C:^Documents and Settings^Saša Lekan^Start Menu^Programs^Startup^OpenOffice.org 2.4.lnk -> %ProgramFiles%\OpenOffice.org 2.4\program\quickstart.exe -> [Ver = | Size = 393216 bytes | Modified Date = 16.3.2008 17:54:44 | Attr = ] < Disabled MSConfig Registry Items [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ -> BM97edd23f hkey=HKLM key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> %SystemRoot%\system32\kqynxulf.DLL -> File not found DAEMON Tools hkey=HKCU key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> %ProgramFiles%\DAEMON Tools\daemon.exe -> DT Soft Ltd. [Ver = 4.08.0.0 | Size = 157592 bytes | Modified Date = 12.11.2006 12:48:46 | Attr = ] HP Software Update hkey=HKLM key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> %ProgramFiles%\HP\HP Software Update\hpwuSchd2.exe -> Hewlett-Packard Co. [Ver = 53.0.13.000 | Size = 49152 bytes | Modified Date = 12.5.2005 0:12:54 | Attr = ] PC Suite Tray hkey=HKCU key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> %ProgramFiles%\Nokia\Nokia PC Suite 6\PCSuite.exe -> Nokia [Ver = 6, 86, 29, 12 | Size = 1079808 bytes | Modified Date = 16.4.2008 12:53:46 | Attr = ] SunJavaUpdateSched hkey=HKLM key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> %ProgramFiles%\Java\jre1.6.0_07\bin\jusched.exe -> Sun Microsystems, Inc. [Ver = 6.0.70.6 | Size = 144784 bytes | Modified Date = 10.6.2008 4:27:04 | Attr = ] TkBellExe hkey=HKLM key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> %CommonProgramFiles%\Real\Update_OB\realsched.exe -> RealNetworks, Inc. [Ver = 0.1.1.45 | Size = 185896 bytes | Modified Date = 17.6.2008 21:32:00 | Attr = ] [Files/Folders - Created Within 90 days] 'MRE.xls -> %SystemDrive%\'MRE.xls -> [Ver = | Size = 166400 bytes | Created Date = 1.7.2008 11:37:51 | Attr = ] CamStudio20.exe -> %SystemDrive%\CamStudio20.exe -> [Ver = | Size = 1364995 bytes | Created Date = 31.7.2008 10:27:44 | Attr = ] CamStudioCodec10.exe -> %SystemDrive%\CamStudioCodec10.exe -> (c) 2003 RenderSoft Software [Ver = 1.0 | Size = 328407 bytes | Created Date = 31.7.2008 10:28:01 | Attr = ] CVInstructions_sl_SI.pdf -> %SystemDrive%\CVInstructions_sl_SI.pdf -> [Ver = | Size = 218670 bytes | Created Date = 20.6.2008 15:10:51 | Attr = ] Deckard -> %SystemDrive%\Deckard -> [Folder | Created Date = 3.8.2008 15:40:18 | Attr = ] EDGE -> %SystemDrive%\EDGE -> [Folder | Created Date = 18.6.2008 19:28:51 | Attr = R ] FRI cenik-2007-2008-sprejet-14.06..pdf -> %SystemDrive%\FRI cenik-2007-2008-sprejet-14.06..pdf -> [Ver = | Size = 194492 bytes | Created Date = 23.6.2008 20:51:30 | Attr = ] hiberfil.sys -> %SystemDrive%\hiberfil.sys -> [Ver = | Size = 536399872 bytes | Created Date = 7.8.2008 19:27:32 | Attr = HS] HTML vaje -> %SystemDrive%\HTML vaje -> [Folder | Created Date = 12.6.2008 15:58:32 | Attr = ] Microsoft Office 2007 Enterprise(no serial or activation required)+magic iso with crack-johonievision -> %SystemDrive%\Microsoft Office 2007 Enterprise(no serial or activation required)+magic iso with crack-johonievision -> [Folder | Created Date = 2.7.2008 12:13:21 | Attr = ] Moj življenjepis.odt -> %SystemDrive%\Moj življenjepis.odt -> [Ver = | Size = 23606 bytes | Created Date = 20.6.2008 19:46:17 | Attr = ] Obrazec_Prijavni list_vprašalnik.doc -> %SystemDrive%\Obrazec_Prijavni list_vprašalnik.doc -> [Ver = | Size = 202240 bytes | Created Date = 18.6.2008 14:32:48 | Attr = ] Programas -> %SystemDrive%\Programas -> [Folder | Created Date = 1.8.2008 10:45:01 | Attr = ] taskmanager17.exe -> %SystemDrive%\taskmanager17.exe -> [Ver = | Size = 1693024 bytes | Created Date = 21.6.2008 19:30:24 | Attr = ] Vprasalnik-1.doc -> %SystemDrive%\Vprasalnik-1.doc -> [Ver = | Size = 158720 bytes | Created Date = 18.6.2008 17:49:37 | Attr = ] VundoFix Backups -> %SystemDrive%\VundoFix Backups -> [Folder | Created Date = 4.8.2008 19:34:43 | Attr = ] _OTMoveIt -> %SystemDrive%\_OTMoveIt -> [Folder | Created Date = 7.8.2008 21:35:48 | Attr = ] Življenjepis - Atlantis.pdf -> %SystemDrive%\Življenjepis - Atlantis.pdf -> [Ver = | Size = 96053 bytes | Created Date = 24.6.2008 16:52:06 | Attr = ] Življenjepis slovenski 1.doc -> %SystemDrive%\Življenjepis slovenski 1.doc -> [Ver = | Size = 108032 bytes | Created Date = 20.6.2008 18:46:49 | Attr = ] Življenjepis slovenski.doc -> %SystemDrive%\Življenjepis slovenski.doc -> [Ver = | Size = 109056 bytes | Created Date = 20.6.2008 15:09:56 | Attr = ] Življenjepis-CV.doc -> %SystemDrive%\Življenjepis-CV.doc -> [Ver = | Size = 40448 bytes | Created Date = 20.6.2008 14:59:28 | Attr = ] Življenjepis.pdf -> %SystemDrive%\Življenjepis.pdf -> [Ver = | Size = 96011 bytes | Created Date = 20.6.2008 19:39:48 | Attr = ] ccdcmb.sys -> %SystemRoot%\System32\drivers\ccdcmb.sys -> Nokia [Ver = 6.86.4.5 | Size = 16896 bytes | Created Date = 16.5.2008 11:13:20 | Attr = ] ccdcmbo.sys -> %SystemRoot%\System32\drivers\ccdcmbo.sys -> Nokia [Ver = 6.86.4.5 | Size = 19328 bytes | Created Date = 16.5.2008 11:13:21 | Attr = ] fidbox.dat -> %SystemRoot%\System32\drivers\fidbox.dat -> [Ver = | Size = 4089376 bytes | Created Date = 7.8.2008 9:57:46 | Attr = HS] fidbox.idx -> %SystemRoot%\System32\drivers\fidbox.idx -> [Ver = | Size = 34076 bytes | Created Date = 7.8.2008 9:57:46 | Attr = HS] fidbox2.dat -> %SystemRoot%\System32\drivers\fidbox2.dat -> [Ver = | Size = 335904 bytes | Created Date = 7.8.2008 9:57:46 | Attr = HS] fidbox2.idx -> %SystemRoot%\System32\drivers\fidbox2.idx -> [Ver = | Size = 2228 bytes | Created Date = 7.8.2008 9:57:46 | Attr = HS] klick.dat -> %SystemRoot%\System32\drivers\klick.dat -> [Ver = | Size = 87855 bytes | Created Date = 7.8.2008 9:58:31 | Attr = ] klif.sys -> %SystemRoot%\System32\drivers\klif.sys -> Kaspersky Lab [Ver = 8.0.0.190 | Size = 187920 bytes | Created Date = 7.8.2008 9:57:27 | Attr = ] klin.dat -> %SystemRoot%\System32\drivers\klin.dat -> [Ver = | Size = 96976 bytes | Created Date = 7.8.2008 9:58:31 | Attr = ] MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf -> %SystemRoot%\System32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf -> [Ver = | Size = 0 bytes | Created Date = 15.6.2008 21:16:34 | Attr = H ] Msft_Kernel_ccdcmb_01005.Wdf -> %SystemRoot%\System32\drivers\Msft_Kernel_ccdcmb_01005.Wdf -> [Ver = | Size = 0 bytes | Created Date = 15.6.2008 21:16:36 | Attr = H ] pccsmcfd.sys -> %SystemRoot%\System32\drivers\pccsmcfd.sys -> Nokia [Ver = 6.85.3.0 | Size = 21632 bytes | Created Date = 16.5.2008 11:13:55 | Attr = ] usbser_lowerflt.sys -> %SystemRoot%\System32\drivers\usbser_lowerflt.sys -> Windows (R) Codename Longhorn DDK provider [Ver = 6.0.6000.16386 built by: WinDDK | Size = 8064 bytes | Created Date = 16.5.2008 11:13:22 | Attr = ] usbser_lowerfltj.sys -> %SystemRoot%\System32\drivers\usbser_lowerfltj.sys -> Windows (R) Codename Longhorn DDK provider [Ver = 6.0.6000.16386 built by: WinDDK | Size = 8064 bytes | Created Date = 16.5.2008 11:13:23 | Attr = ] camcodec.dll -> %SystemRoot%\System32\camcodec.dll -> RenderSoft Software. [Ver = 1.0.0 | Size = 51200 bytes | Created Date = 31.7.2008 10:29:25 | Attr = ] camcodec.ico -> %SystemRoot%\System32\camcodec.ico -> [Ver = | Size = 1078 bytes | Created Date = 31.7.2008 10:29:25 | Attr = ] java.exe -> %SystemRoot%\System32\java.exe -> Sun Microsystems, Inc. [Ver = 6.0.70.6 | Size = 135168 bytes | Created Date = 3.8.2008 15:34:15 | Attr = ] javaw.exe -> %SystemRoot%\System32\javaw.exe -> Sun Microsystems, Inc. [Ver = 6.0.70.6 | Size = 135168 bytes | Created Date = 3.8.2008 15:34:15 | Attr = ] javaws.exe -> %SystemRoot%\System32\javaws.exe -> Sun Microsystems, Inc. [Ver = 6.0.70.6 | Size = 139264 bytes | Created Date = 3.8.2008 15:34:15 | Attr = ] kuqhlsqp.ini -> %SystemRoot%\System32\kuqhlsqp.ini -> [Ver = | Size = 1488274 bytes | Created Date = 1.8.2008 20:46:22 | Attr = HS] lsdelete.exe -> %SystemRoot%\System32\lsdelete.exe -> [Ver = | Size = 12632 bytes | Created Date = 16.5.2008 11:58:04 | Attr = ] nmwcdcocls.dll -> %SystemRoot%\System32\nmwcdcocls.dll -> Nokia [Ver = 6.86.4.5 | Size = 95744 bytes | Created Date = 16.5.2008 11:13:20 | Attr = ] omnafiqc.ini -> %SystemRoot%\System32\omnafiqc.ini -> [Ver = | Size = 1488034 bytes | Created Date = 1.8.2008 11:34:28 | Attr = HS] pncrt.dll -> %SystemRoot%\System32\pncrt.dll -> Real Networks, Inc [Ver = 6.0.0.0 | Size = 278528 bytes | Created Date = 17.6.2008 21:32:01 | Attr = ] pndx5016.dll -> %SystemRoot%\System32\pndx5016.dll -> RealNetworks, Inc. [Ver = 5.0.0.0 | Size = 6656 bytes | Created Date = 17.6.2008 21:32:03 | Attr = ] pndx5032.dll -> %SystemRoot%\System32\pndx5032.dll -> RealNetworks, Inc. [Ver = 5.0.0.0 | Size = 5632 bytes | Created Date = 17.6.2008 21:32:03 | Attr = ] rmoc3260.dll -> %SystemRoot%\System32\rmoc3260.dll -> RealNetworks, Inc. [Ver = 6.0.10.50 | Size = 185944 bytes | Created Date = 17.6.2008 21:32:09 | Attr = ] slsjuxek.ini -> %SystemRoot%\System32\slsjuxek.ini -> [Ver = | Size = 1487906 bytes | Created Date = 3.8.2008 20:46:58 | Attr = HS] unins000.dat -> %SystemRoot%\System32\unins000.dat -> [Ver = | Size = 1073 bytes | Created Date = 31.7.2008 10:29:25 | Attr = ] unins000.exe -> %SystemRoot%\System32\unins000.exe -> [Ver = 51.49.0.0 | Size = 695578 bytes | Created Date = 31.7.2008 10:29:25 | Attr = ] BM97edd23f.xml -> %SystemRoot%\BM97edd23f.xml -> [Ver = | Size = 110446 bytes | Created Date = 1.8.2008 11:32:43 | Attr = ] CSC -> %SystemRoot%\CSC -> [Folder | Created Date = 5.8.2008 12:40:01 | Attr = HS] 3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ERDNT -> %SystemRoot%\ERDNT -> [Folder | Created Date = 3.8.2008 15:42:39 | Attr = ] RegisteredPackages -> %SystemRoot%\RegisteredPackages -> [Folder | Created Date = 14.6.2008 12:47:59 | Attr = ] [Files Created - Additional Folder Scans - Non-Microsoft Only] ESET -> %AllUsersProfile%\Application Data\ESET -> [Folder | Created Date = 1.8.2008 10:33:34 | Attr = ] Kaspersky Lab -> %AllUsersProfile%\Application Data\Kaspersky Lab -> [Folder | Created Date = 7.8.2008 9:57:46 | Attr = ] Kaspersky Lab Setup Files -> %AllUsersProfile%\Application Data\Kaspersky Lab Setup Files -> [Folder | Created Date = 7.8.2008 9:51:49 | Attr = ] Lavasoft -> %AllUsersProfile%\Application Data\Lavasoft -> [Folder | Created Date = 14.6.2008 11:04:54 | Attr = ] Microsoft Help -> %AllUsersProfile%\Application Data\Microsoft Help -> [Folder | Created Date = 2.7.2008 12:23:21 | Attr = ] SecTaskMan -> %AllUsersProfile%\Application Data\SecTaskMan -> [Folder | Created Date = 21.6.2008 19:31:20 | Attr = ] gtk-2.0 -> %AppData%\gtk-2.0 -> [Folder | Created Date = 14.5.2008 23:09:48 | Attr = ] Opera -> %AppData%\Opera -> [Folder | Created Date = 21.6.2008 18:01:11 | Attr = ] Real -> %AppData%\Real -> [Folder | Created Date = 17.6.2008 21:31:57 | Attr = ] ESET -> %UserProfile%\Local Settings\Application Data\ESET -> [Folder | Created Date = 1.8.2008 11:38:55 | Attr = ] IconCache.db -> %UserProfile%\Local Settings\Application Data\IconCache.db -> [Ver = | Size = 2698154 bytes | Created Date = 19.6.2008 13:36:03 | Attr = H ] Microsoft Help -> %UserProfile%\Local Settings\Application Data\Microsoft Help -> [Folder | Created Date = 2.7.2008 12:23:30 | Attr = ] Opera -> %UserProfile%\Local Settings\Application Data\Opera -> [Folder | Created Date = 21.6.2008 18:01:11 | Attr = ] My Pictures -> %AllUsersProfile%\Documents\My Pictures -> [Folder | Created Date = 30.6.2008 17:21:36 | Attr = R ] 'MRE avgust in september.xls -> %UserProfile%\My Documents\'MRE avgust in september.xls -> [Ver = | Size = 112640 bytes | Created Date = 11.7.2008 17:23:08 | Attr = ] AGENCIJA SONČEK.docx -> %UserProfile%\My Documents\AGENCIJA SONČEK.docx -> [Ver = | Size = 12779 bytes | Created Date = 6.8.2008 15:53:26 | Attr = ] CenikStoritevULza2008-2009.xlsx -> %UserProfile%\My Documents\CenikStoritevULza2008-2009.xlsx -> [Ver = | Size = 29275 bytes | Created Date = 26.7.2008 10:06:10 | Attr = ] christina1.jpg -> %UserProfile%\My Documents\christina1.jpg -> [Ver = | Size = 89255 bytes | Created Date = 28.6.2008 14:36:57 | Attr = ] dog_pencil_drawing.jpg -> %UserProfile%\My Documents\dog_pencil_drawing.jpg -> [Ver = | Size = 50741 bytes | Created Date = 28.6.2008 14:34:04 | Attr = ] draw.jpg -> %UserProfile%\My Documents\draw.jpg -> [Ver = | Size = 54056 bytes | Created Date = 28.6.2008 15:13:52 | Attr = ] Družina Smoradek.docx -> %UserProfile%\My Documents\Družina Smoradek.docx -> [Ver = | Size = 10883 bytes | Created Date = 6.8.2008 20:27:11 | Attr = ] IBD katalog.pdf -> %UserProfile%\My Documents\IBD katalog.pdf -> [Ver = | Size = 3457806 bytes | Created Date = 15.7.2008 23:22:48 | Attr = ] jessicasimpson.jpg -> %UserProfile%\My Documents\jessicasimpson.jpg -> [Ver = | Size = 68797 bytes | Created Date = 28.6.2008 14:36:27 | Attr = ] My Digital Editions -> %UserProfile%\My Documents\My Digital Editions -> [Folder | Created Date = 26.5.2008 10:40:37 | Attr = ] nam ne gre tako slabo.xls -> %UserProfile%\My Documents\nam ne gre tako slabo.xls -> [Ver = | Size = 19456 bytes | Created Date = 10.5.2008 0:45:26 | Attr = ] Nove Ikone -> %UserProfile%\My Documents\Nove Ikone -> [Folder | Created Date = 29.6.2008 0:49:25 | Attr = ] OneNote Notebooks -> %UserProfile%\My Documents\OneNote Notebooks -> [Folder | Created Date = 2.7.2008 13:10:28 | Attr = ] POSTOPEK IZDELAVE Z IBD GELI.docx -> %UserProfile%\My Documents\POSTOPEK IZDELAVE Z IBD GELI.docx -> [Ver = | Size = 18655 bytes | Created Date = 15.7.2008 23:14:18 | Attr = ] Recept.odt -> %UserProfile%\My Documents\Recept.odt -> [Ver = | Size = 17971 bytes | Created Date = 27.5.2008 14:47:37 | Attr = ] Vodno mesto Atlantis.docx -> %UserProfile%\My Documents\Vodno mesto Atlantis.docx -> [Ver = | Size = 29511 bytes | Created Date = 7.7.2008 19:29:06 | Attr = ] Če bi vse človeštvo skrčili na vas s.ppt -> %UserProfile%\My Documents\Če bi vse človeštvo skrčili na vas s.ppt -> [Ver = | Size = 2464768 bytes | Created Date = 10.5.2008 0:45:03 | Attr = ] Ad-Aware.lnk -> %AllUsersProfile%\Desktop\Ad-Aware.lnk -> [Ver = | Size = 1735 bytes | Created Date = 14.6.2008 11:05:11 | Attr = ] CamStudio.lnk -> %AllUsersProfile%\Desktop\CamStudio.lnk -> [Ver = | Size = 689 bytes | Created Date = 31.7.2008 10:28:47 | Attr = ] Nokia PC Suite.lnk -> %AllUsersProfile%\Desktop\Nokia PC Suite.lnk -> [Ver = | Size = 2341 bytes | Created Date = 16.5.2008 11:15:12 | Attr = ] Opera.lnk -> %AllUsersProfile%\Desktop\Opera.lnk -> [Ver = | Size = 592 bytes | Created Date = 21.6.2008 18:00:47 | Attr = ] CCleaner.lnk -> %UserProfile%\Desktop\CCleaner.lnk -> [Ver = | Size = 1548 bytes | Created Date = 5.8.2008 12:16:38 | Attr = ] dss.exe -> %UserProfile%\Desktop\dss.exe -> [Ver = 3, 2, 8, 1 | Size = 686630 bytes | Created Date = 3.8.2008 15:38:17 | Attr = ] GIMP 2.lnk -> %UserProfile%\Desktop\GIMP 2.lnk -> [Ver = | Size = 1726 bytes | Created Date = 14.5.2008 22:58:43 | Attr = ] HijackThis.lnk -> %UserProfile%\Desktop\HijackThis.lnk -> [Ver = | Size = 846 bytes | Created Date = 7.8.2008 19:38:44 | Attr = ] kav8.0.0.357en.exe -> %UserProfile%\Desktop\kav8.0.0.357en.exe -> Kaspersky Lab [Ver = 8.0.0.357 | Size = 29333704 bytes | Created Date = 7.8.2008 1:00:36 | Attr = ] OTMoveIt2.exe -> %UserProfile%\Desktop\OTMoveIt2.exe -> OldTimer Tools [Ver = 1.0.4.3 | Size = 291840 bytes | Created Date = 7.8.2008 21:33:24 | Attr = ] OTScanIt -> %UserProfile%\Desktop\OTScanIt -> [Folder | Created Date = 7.8.2008 21:39:46 | Attr = ] OTScanIt.exe -> %UserProfile%\Desktop\OTScanIt.exe -> [Ver = | Size = 568477 bytes | Created Date = 7.8.2008 21:38:21 | Attr = ] Spybot - Search & Destroy.lnk -> %UserProfile%\Desktop\Spybot - Search & Destroy.lnk -> [Ver = | Size = 933 bytes | Created Date = 7.8.2008 17:54:22 | Attr = ] VundoFix.exe -> %UserProfile%\Desktop\VundoFix.exe -> Atribune.org [Ver = 7.00.0006 | Size = 119808 bytes | Created Date = 4.8.2008 19:17:37 | Attr = ] OneNote 2007 Screen Clipper and Launcher.lnk -> %UserProfile%\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk -> [Ver = | Size = 947 bytes | Created Date = 2.7.2008 13:10:27 | Attr = ] DESIGNER -> %CommonProgramFiles%\DESIGNER -> [Folder | Created Date = 2.7.2008 12:32:12 | Attr = ] Nokia -> %CommonProgramFiles%\Nokia -> [Folder | Created Date = 16.5.2008 11:15:03 | Attr = ] PCSuite -> %CommonProgramFiles%\PCSuite -> [Folder | Created Date = 16.5.2008 11:15:03 | Attr = ] Real -> %CommonProgramFiles%\Real -> [Folder | Created Date = 17.6.2008 21:31:58 | Attr = ] Wise Installation Wizard -> %CommonProgramFiles%\Wise Installation Wizard -> [Folder | Created Date = 14.6.2008 11:03:12 | Attr = ] xing shared -> %CommonProgramFiles%\xing shared -> [Folder | Created Date = 17.6.2008 21:32:15 | Attr = ] CamStudio -> %ProgramFiles%\CamStudio -> [Folder | Created Date = 31.7.2008 10:28:37 | Attr = ] CCleaner -> %ProgramFiles%\CCleaner -> [Folder | Created Date = 5.8.2008 12:16:38 | Attr = ] GIMP-2.0 -> %ProgramFiles%\GIMP-2.0 -> [Folder | Created Date = 14.5.2008 22:58:06 | Attr = ] Kaspersky Lab -> %ProgramFiles%\Kaspersky Lab -> [Folder | Created Date = 7.8.2008 9:57:46 | Attr = ] MagicISO -> %ProgramFiles%\MagicISO -> [Folder | Created Date = 2.7.2008 12:51:46 | Attr = ] Microsoft Works -> %ProgramFiles%\Microsoft Works -> [Folder | Created Date = 2.7.2008 12:33:05 | Attr = ] Microsoft.NET -> %ProgramFiles%\Microsoft.NET -> [Folder | Created Date = 2.7.2008 12:31:04 | Attr = ] MSBuild -> %ProgramFiles%\MSBuild -> [Folder | Created Date = 2.7.2008 12:32:50 | Attr = ] Opera -> %ProgramFiles%\Opera -> [Folder | Created Date = 21.6.2008 18:00:37 | Attr = ] PC Connectivity Solution -> %ProgramFiles%\PC Connectivity Solution -> [Folder | Created Date = 16.5.2008 11:13:47 | Attr = ] Real -> %ProgramFiles%\Real -> [Folder | Created Date = 17.6.2008 21:32:01 | Attr = ] Security Task Manager -> %ProgramFiles%\Security Task Manager -> [Folder | Created Date = 21.6.2008 19:31:08 | Attr = ] Trend Micro -> %ProgramFiles%\Trend Micro -> [Folder | Created Date = 7.8.2008 19:38:44 | Attr = ] [Files/Folders - Modified Within 90 days] 'MRE.xls -> %SystemDrive%\'MRE.xls -> [Ver = | Size = 166400 bytes | Modified Date = 1.7.2008 11:51:04 | Attr = ] boot.ini -> %SystemDrive%\boot.ini -> [Ver = | Size = 211 bytes | Modified Date = 4.8.2008 21:31:58 | Attr = HS] CamStudio20.exe -> %SystemDrive%\CamStudio20.exe -> [Ver = | Size = 1364995 bytes | Modified Date = 31.7.2008 10:27:44 | Attr = ] CamStudioCodec10.exe -> %SystemDrive%\CamStudioCodec10.exe -> (c) 2003 RenderSoft Software [Ver = 1.0 | Size = 328407 bytes | Modified Date = 31.7.2008 10:28:01 | Attr = ] CVInstructions_sl_SI.pdf -> %SystemDrive%\CVInstructions_sl_SI.pdf -> [Ver = | Size = 218670 bytes | Modified Date = 20.6.2008 15:10:51 | Attr = ] Deckard -> %SystemDrive%\Deckard -> [Folder | Modified Date = 3.8.2008 15:40:18 | Attr = ] Documents and Settings -> %SystemDrive%\Documents and Settings -> [Folder | Modified Date = 7.8.2008 0:08:16 | Attr = ] DVD Shrink 3.2.0.15 -> %SystemDrive%\DVD Shrink 3.2.0.15 -> [Folder | Modified Date = 29.6.2008 18:41:30 | Attr = ] Eclipse -> %SystemDrive%\Eclipse -> [Folder | Modified Date = 29.6.2008 18:37:32 | Attr = R ] EDGE -> %SystemDrive%\EDGE -> [Folder | Modified Date = 29.6.2008 18:35:47 | Attr = R ] eMule -> %SystemDrive%\eMule -> [Folder | Modified Date = 6.8.2008 22:37:26 | Attr = R ] FRI cenik-2007-2008-sprejet-14.06..pdf -> %SystemDrive%\FRI cenik-2007-2008-sprejet-14.06..pdf -> [Ver = | Size = 194492 bytes | Modified Date = 23.6.2008 20:51:31 | Attr = ] hiberfil.sys -> %SystemDrive%\hiberfil.sys -> [Ver = | Size = 536399872 bytes | Modified Date = 7.8.2008 19:30:55 | Attr = HS] HTML vaje -> %SystemDrive%\HTML vaje -> [Folder | Modified Date = 12.6.2008 15:58:55 | Attr = ] Java -> %SystemDrive%\Java -> [Folder | Modified Date = 29.6.2008 1:10:44 | Attr = R ] Latex-vaje -> %SystemDrive%\Latex-vaje -> [Folder | Modified Date = 12.6.2008 16:04:13 | Attr = ] Microsoft Office 2007 Enterprise(no serial or activation required)+magic iso with crack-johonievision -> %SystemDrive%\Microsoft Office 2007 Enterprise(no serial or activation required)+magic iso with crack-johonievision -> [Folder | Modified Date = 2.7.2008 12:59:15 | Attr = ] Moj življenjepis.odt -> %SystemDrive%\Moj življenjepis.odt -> [Ver = | Size = 23606 bytes | Modified Date = 24.6.2008 17:31:10 | Attr = ] Obrazec_Prijavni list_vprašalnik.doc -> %SystemDrive%\Obrazec_Prijavni list_vprašalnik.doc -> [Ver = | Size = 202240 bytes | Modified Date = 18.6.2008 15:37:24 | Attr = ] Program Files -> %ProgramFiles% -> [Folder | Modified Date = 7.8.2008 19:38:44 | Attr = R ] Programas -> %SystemDrive%\Programas -> [Folder | Modified Date = 1.8.2008 10:45:01 | Attr = ] taskmanager17.exe -> %SystemDrive%\taskmanager17.exe -> [Ver = | Size = 1693024 bytes | Modified Date = 21.6.2008 19:30:24 | Attr = ] Vprasalnik-1.doc -> %SystemDrive%\Vprasalnik-1.doc -> [Ver = | Size = 158720 bytes | Modified Date = 19.6.2008 17:05:53 | Attr = ] VundoFix Backups -> %SystemDrive%\VundoFix Backups -> [Folder | Modified Date = 7.8.2008 18:42:25 | Attr = ] WINDOWS -> %SystemRoot% -> [Folder | Modified Date = 7.8.2008 19:28:00 | Attr = ] _OTMoveIt -> %SystemDrive%\_OTMoveIt -> [Folder | Modified Date = 7.8.2008 21:35:48 | Attr = ] Življenjepis - Atlantis.pdf -> %SystemDrive%\Življenjepis - Atlantis.pdf -> [Ver = | Size = 96053 bytes | Modified Date = 24.6.2008 16:52:07 | Attr = ] Življenjepis slovenski 1.doc -> %SystemDrive%\Življenjepis slovenski 1.doc -> [Ver = | Size = 108032 bytes | Modified Date = 20.6.2008 19:45:52 | Attr = ] Življenjepis slovenski.doc -> %SystemDrive%\Življenjepis slovenski.doc -> [Ver = | Size = 109056 bytes | Modified Date = 20.6.2008 18:40:42 | Attr = ] Življenjepis-CV.doc -> %SystemDrive%\Življenjepis-CV.doc -> [Ver = | Size = 40448 bytes | Modified Date = 20.6.2008 14:59:29 | Attr = ] Življenjepis.pdf -> %SystemDrive%\Življenjepis.pdf -> [Ver = | Size = 96011 bytes | Modified Date = 20.6.2008 19:39:48 | Attr = ] etc -> %SystemRoot%\System32\drivers\etc -> [Folder | Modified Date = 7.8.2008 17:59:43 | Attr = ] hosts -> %SystemRoot%\System32\drivers\etc\hosts -> [Ver = | Size = 257725 bytes | Modified Date = 7.8.2008 17:59:43 | Attr = R ] fidbox.dat -> %SystemRoot%\System32\drivers\fidbox.dat -> [Ver = | Size = 4089376 bytes | Modified Date = 7.8.2008 19:30:01 | Attr = HS] fidbox.idx -> %SystemRoot%\System32\drivers\fidbox.idx -> [Ver = | Size = 34076 bytes | Modified Date = 7.8.2008 19:30:01 | Attr = HS] fidbox2.dat -> %SystemRoot%\System32\drivers\fidbox2.dat -> [Ver = | Size = 335904 bytes | Modified Date = 7.8.2008 21:40:14 | Attr = HS] fidbox2.idx -> %SystemRoot%\System32\drivers\fidbox2.idx -> [Ver = | Size = 2228 bytes | Modified Date = 7.8.2008 21:40:13 | Attr = HS] klick.dat -> %SystemRoot%\System32\drivers\klick.dat -> [Ver = | Size = 87855 bytes | Modified Date = 7.8.2008 10:07:34 | Attr = ] klif.sys -> %SystemRoot%\System32\drivers\klif.sys -> Kaspersky Lab [Ver = 8.0.0.190 | Size = 187920 bytes | Modified Date = 7.8.2008 10:07:36 | Attr = ] klin.dat -> %SystemRoot%\System32\drivers\klin.dat -> [Ver = | Size = 96976 bytes | Modified Date = 7.8.2008 10:07:34 | Attr = ] MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf -> %SystemRoot%\System32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf -> [Ver = | Size = 0 bytes | Modified Date = 15.6.2008 21:16:34 | Attr = H ] Msft_Kernel_ccdcmb_01005.Wdf -> %SystemRoot%\System32\drivers\Msft_Kernel_ccdcmb_01005.Wdf -> [Ver = | Size = 0 bytes | Modified Date = 15.6.2008 21:16:36 | Attr = H ] camcodec.ico -> %SystemRoot%\System32\camcodec.ico -> [Ver = | Size = 1078 bytes | Modified Date = 9.7.2008 11:44:00 | Attr = ] CatRoot2 -> %SystemRoot%\System32\CatRoot2 -> [Folder | Modified Date = 7.8.2008 19:34:30 | Attr = ] 1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> cdplayer.exe.manifest -> %SystemRoot%\System32\cdplayer.exe.manifest -> [Ver = | Size = 749 bytes | Modified Date = 30.6.2008 17:21:36 | Attr = RH ] config -> %SystemRoot%\System32\config -> [Folder | Modified Date = 2.7.2008 12:35:58 | Attr = ] dllcache -> %SystemRoot%\System32\dllcache -> [Folder | Modified Date = 15.6.2008 21:16:44 | Attr = RHS] drivers -> %SystemRoot%\System32\drivers -> [Folder | Modified Date = 7.8.2008 10:07:36 | Attr = ] DRVSTORE -> %SystemRoot%\System32\DRVSTORE -> [Folder | Modified Date = 16.5.2008 11:15:34 | Attr = ] FNTCACHE.DAT -> %SystemRoot%\System32\FNTCACHE.DAT -> [Ver = | Size = 341832 bytes | Modified Date = 2.7.2008 12:46:38 | Attr = ] java.exe -> %SystemRoot%\System32\java.exe -> Sun Microsystems, Inc. [Ver = 6.0.70.6 | Size = 135168 bytes | Modified Date = 10.6.2008 1:21:01 | Attr = ] javacpl.cpl -> %SystemRoot%\System32\javacpl.cpl -> Sun Microsystems, Inc. [Ver = 6.0.70.6 | Size = 73728 bytes | Modified Date = 10.6.2008 2:32:34 | Attr = ] javaw.exe -> %SystemRoot%\System32\javaw.exe -> Sun Microsystems, Inc. [Ver = 6.0.70.6 | Size = 135168 bytes | Modified Date = 10.6.2008 1:21:04 | Attr = ] javaws.exe -> %SystemRoot%\System32\javaws.exe -> Sun Microsystems, Inc. [Ver = 6.0.70.6 | Size = 139264 bytes | Modified Date = 10.6.2008 2:32:34 | Attr = ] kuqhlsqp.ini -> %SystemRoot%\System32\kuqhlsqp.ini -> [Ver = | Size = 1488274 bytes | Modified Date = 2.8.2008 20:45:55 | Attr = HS] lsdelete.exe -> %SystemRoot%\System32\lsdelete.exe -> [Ver = | Size = 12632 bytes | Modified Date = 16.5.2008 11:58:04 | Attr = ] ncpa.cpl.manifest -> %SystemRoot%\System32\ncpa.cpl.manifest -> [Ver = | Size = 749 bytes | Modified Date = 30.6.2008 17:21:36 | Attr = RH ] nvapps.xml -> %SystemRoot%\System32\nvapps.xml -> [Ver = | Size = 88566 bytes | Modified Date = 7.8.2008 21:38:26 | Attr = ] nwc.cpl.manifest -> %SystemRoot%\System32\nwc.cpl.manifest -> [Ver = | Size = 749 bytes | Modified Date = 30.6.2008 17:21:36 | Attr = RH ] omnafiqc.ini -> %SystemRoot%\System32\omnafiqc.ini -> [Ver = | Size = 1488034 bytes | Modified Date = 1.8.2008 20:32:07 | Attr = HS] pncrt.dll -> %SystemRoot%\System32\pncrt.dll -> Real Networks, Inc [Ver = 6.0.0.0 | Size = 278528 bytes | Modified Date = 17.6.2008 21:32:01 | Attr = ] pndx5016.dll -> %SystemRoot%\System32\pndx5016.dll -> RealNetworks, Inc. [Ver = 5.0.0.0 | Size = 6656 bytes | Modified Date = 17.6.2008 21:32:03 | Attr = ] pndx5032.dll -> %SystemRoot%\System32\pndx5032.dll -> RealNetworks, Inc. [Ver = 5.0.0.0 | Size = 5632 bytes | Modified Date = 17.6.2008 21:32:03 | Attr = ] rmoc3260.dll -> %SystemRoot%\System32\rmoc3260.dll -> RealNetworks, Inc. [Ver = 6.0.10.50 | Size = 185944 bytes | Modified Date = 17.6.2008 21:32:09 | Attr = ] sapi.cpl.manifest -> %SystemRoot%\System32\sapi.cpl.manifest -> [Ver = | Size = 749 bytes | Modified Date = 30.6.2008 17:21:36 | Attr = RH ] slsjuxek.ini -> %SystemRoot%\System32\slsjuxek.ini -> [Ver = | Size = 1487906 bytes | Modified Date = 4.8.2008 1:46:16 | Attr = HS] unins000.dat -> %SystemRoot%\System32\unins000.dat -> [Ver = | Size = 1073 bytes | Modified Date = 31.7.2008 10:29:25 | Attr = ] unins000.exe -> %SystemRoot%\System32\unins000.exe -> [Ver = 51.49.0.0 | Size = 695578 bytes | Modified Date = 31.7.2008 10:28:58 | Attr = ] wpa.dbl -> %SystemRoot%\System32\wpa.dbl -> [Ver = | Size = 2206 bytes | Modified Date = 1.8.2008 10:15:21 | Attr = ] wuaucpl.cpl.manifest -> %SystemRoot%\System32\wuaucpl.cpl.manifest -> [Ver = | Size = 749 bytes | Modified Date = 30.6.2008 17:21:36 | Attr = RH ] BM97edd23f.xml -> %SystemRoot%\BM97edd23f.xml -> [Ver = | Size = 110446 bytes | Modified Date = 4.8.2008 19:12:34 | Attr = ] bootstat.dat -> %SystemRoot%\bootstat.dat -> [Ver = | Size = 2048 bytes | Modified Date = 7.8.2008 19:31:04 | Attr = S] CSC -> %SystemRoot%\CSC -> [Folder | Modified Date = 5.8.2008 12:40:01 | Attr = HS] 3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> Debug -> %SystemRoot%\Debug -> [Folder | Modified Date = 5.8.2008 12:27:38 | Attr = ] Downloaded Program Files -> %SystemRoot%\Downloaded Program Files -> [Folder | Modified Date = 3.8.2008 16:09:42 | Attr = S] ERDNT -> %SystemRoot%\ERDNT -> [Folder | Modified Date = 3.8.2008 15:42:39 | Attr = ] Fonts -> %SystemRoot%\Fonts -> [Folder | Modified Date = 2.7.2008 12:31:30 | Attr = R S] Help -> %SystemRoot%\Help -> [Folder | Modified Date = 2.7.2008 12:28:57 | Attr = ] inf -> %SystemRoot%\inf -> [Folder | Modified Date = 7.8.2008 9:58:15 | Attr = H ] Installer -> %SystemRoot%\Installer -> [Folder | Modified Date = 7.8.2008 9:58:36 | Attr = HS] Minidump -> %SystemRoot%\Minidump -> [Folder | Modified Date = 5.8.2008 12:27:38 | Attr = ] NeroDigital.ini -> %SystemRoot%\NeroDigital.ini -> [Ver = | Size = 202 bytes | Modified Date = 7.8.2008 20:10:39 | Attr = ] Prefetch -> %SystemRoot%\Prefetch -> [Folder | Modified Date = 7.8.2008 19:35:06 | Attr = ] RegisteredPackages -> %SystemRoot%\RegisteredPackages -> [Folder | Modified Date = 14.6.2008 12:48:40 | Attr = ] security -> %SystemRoot%\security -> [Folder | Modified Date = 1.8.2008 14:37:23 | Attr = ] SHELLNEW -> %SystemRoot%\SHELLNEW -> [Folder | Modified Date = 2.7.2008 12:42:14 | Attr = ] system.ini -> %SystemRoot%\system.ini -> [Ver = | Size = 227 bytes | Modified Date = 4.8.2008 21:31:57 | Attr = ] system32 -> %SystemRoot%\system32 -> [Folder | Modified Date = 7.8.2008 9:58:02 | Attr = ] Temp -> %SystemRoot%\Temp -> [Folder | Modified Date = 7.8.2008 21:39:28 | Attr = ] win.ini -> %SystemRoot%\win.ini -> [Ver = | Size = 634 bytes | Modified Date = 4.8.2008 21:31:57 | Attr = ] WindowsShell.Manifest -> %SystemRoot%\WindowsShell.Manifest -> [Ver = | Size = 749 bytes | Modified Date = 30.6.2008 17:21:36 | Attr = RH ] Wininit.ini -> %SystemRoot%\Wininit.ini -> [Ver = | Size = 139 bytes | Modified Date = 7.8.2008 18:30:15 | Attr = ] WMSysPr9.prx -> %SystemRoot%\WMSysPr9.prx -> [Ver = | Size = 316640 bytes | Modified Date = 14.6.2008 12:48:29 | Attr = ] SA.DAT -> %SystemRoot%\tasks\SA.DAT -> [Ver = | Size = 6 bytes | Modified Date = 7.8.2008 19:31:24 | Attr = H ] C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\ -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader -> [Folder | Modified Date = 16.3.2007 19:29:33 | Attr = ] qmgr0.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat -> [Ver = | Size = 7892 bytes | Modified Date = 3.8.2008 15:30:35 | Attr = ] qmgr1.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat -> [Ver = | Size = 9018 bytes | Modified Date = 3.8.2008 15:30:34 | Attr = ] C:\Documents and Settings\All Users\Application Data\Microsoft\OFFICE\DATA\ -> C:\Documents and Settings\All Users\Application Data\Microsoft\OFFICE\DATA -> [Folder | Modified Date = 2.7.2008 13:02:39 | Attr = ] opa11.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\OFFICE\DATA\opa11.dat -> [Ver = | Size = 8206 bytes | Modified Date = 16.3.2007 20:42:16 | Attr = ] opa12.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\OFFICE\DATA\opa12.dat -> [Ver = | Size = 8206 bytes | Modified Date = 2.7.2008 13:02:39 | Attr = ] [Files Modified - Additional Folder Scans - Non-Microsoft Only] ESET -> %AllUsersProfile%\Application Data\ESET -> [Folder | Modified Date = 1.8.2008 10:33:34 | Attr = ] Installations -> %AllUsersProfile%\Application Data\Installations -> [Folder | Modified Date = 16.5.2008 11:11:57 | Attr = ] Kaspersky Lab -> %AllUsersProfile%\Application Data\Kaspersky Lab -> [Folder | Modified Date = 7.8.2008 19:32:25 | Attr = ] Kaspersky Lab Setup Files -> %AllUsersProfile%\Application Data\Kaspersky Lab Setup Files -> [Folder | Modified Date = 7.8.2008 9:51:49 | Attr = ] Lavasoft -> %AllUsersProfile%\Application Data\Lavasoft -> [Folder | Modified Date = 14.6.2008 11:13:45 | Attr = ] Microsoft Help -> %AllUsersProfile%\Application Data\Microsoft Help -> [Folder | Modified Date = 2.7.2008 12:42:40 | Attr = ] SecTaskMan -> %AllUsersProfile%\Application Data\SecTaskMan -> [Folder | Modified Date = 7.8.2008 19:10:18 | Attr = ] Spybot - Search & Destroy -> %AllUsersProfile%\Application Data\Spybot - Search & Destroy -> [Folder | Modified Date = 7.8.2008 17:48:17 | Attr = ] gtk-2.0 -> %AppData%\gtk-2.0 -> [Folder | Modified Date = 16.5.2008 13:12:58 | Attr = ] Lavasoft -> %AppData%\Lavasoft -> [Folder | Modified Date = 14.6.2008 11:05:39 | Attr = ] Microsoft -> %AppData%\Microsoft -> [Folder | Modified Date = 9.7.2008 22:08:07 | Attr = S] OpenOffice.org2 -> %AppData%\OpenOffice.org2 -> [Folder | Modified Date = 25.6.2008 23:43:26 | Attr = ] Opera -> %AppData%\Opera -> [Folder | Modified Date = 21.6.2008 18:01:11 | Attr = ] Real -> %AppData%\Real -> [Folder | Modified Date = 13.7.2008 12:41:42 | Attr = ] uTorrent -> %AppData%\uTorrent -> [Folder | Modified Date = 14.6.2008 15:29:32 | Attr = ] DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> %UserProfile%\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> [Ver = | Size = 201216 bytes | Modified Date = 7.8.2008 20:10:39 | Attr = ] ESET -> %UserProfile%\Local Settings\Application Data\ESET -> [Folder | Modified Date = 1.8.2008 11:38:55 | Attr = ] GDIPFONTCACHEV1.DAT -> %UserProfile%\Local Settings\Application Data\GDIPFONTCACHEV1.DAT -> [Ver = | Size = 97304 bytes | Modified Date = 5.7.2008 19:03:58 | Attr = ] IconCache.db -> %UserProfile%\Local Settings\Application Data\IconCache.db -> [Ver = | Size = 2698154 bytes | Modified Date = 7.8.2008 19:29:36 | Attr = H ] Microsoft -> %UserProfile%\Local Settings\Application Data\Microsoft -> [Folder | Modified Date = 4.8.2008 19:24:15 | Attr = ] Microsoft Help -> %UserProfile%\Local Settings\Application Data\Microsoft Help -> [Folder | Modified Date = 2.7.2008 12:23:30 | Attr = ] Opera -> %UserProfile%\Local Settings\Application Data\Opera -> [Folder | Modified Date = 21.6.2008 18:01:11 | Attr = ] 0000026C.LCS -> %AllUsersProfile%\Documents\0000026C.LCS -> [Ver = | Size = 4096 bytes | Modified Date = 23.6.2008 11:19:14 | Attr = ] My Pictures -> %AllUsersProfile%\Documents\My Pictures -> [Folder | Modified Date = 30.6.2008 17:21:36 | Attr = R ] 'MRE avgust in september.xls -> %UserProfile%\My Documents\'MRE avgust in september.xls -> [Ver = | Size = 112640 bytes | Modified Date = 11.7.2008 18:04:49 | Attr = ] AGENCIJA SONČEK.docx -> %UserProfile%\My Documents\AGENCIJA SONČEK.docx -> [Ver = | Size = 12779 bytes | Modified Date = 6.8.2008 20:22:03 | Attr = ] CenikStoritevULza2008-2009.xlsx -> %UserProfile%\My Documents\CenikStoritevULza2008-2009.xlsx -> [Ver = | Size = 29275 bytes | Modified Date = 26.7.2008 10:06:11 | Attr = ] christina1.jpg -> %UserProfile%\My Documents\christina1.jpg -> [Ver = | Size = 89255 bytes | Modified Date = 28.6.2008 14:36:57 | Attr = ] dog_pencil_drawing.jpg -> %UserProfile%\My Documents\dog_pencil_drawing.jpg -> [Ver = | Size = 50741 bytes | Modified Date = 28.6.2008 14:34:04 | Attr = ] Downloads -> %UserProfile%\My Documents\Downloads -> [Folder | Modified Date = 14.6.2008 13:52:57 | Attr = ] draw.jpg -> %UserProfile%\My Documents\draw.jpg -> [Ver = | Size = 54056 bytes | Modified Date = 28.6.2008 15:13:52 | Attr = ] Družina Smoradek.docx -> %UserProfile%\My Documents\Družina Smoradek.docx -> [Ver = | Size = 10883 bytes | Modified Date = 6.8.2008 21:03:40 | Attr = ] IBD katalog.pdf -> %UserProfile%\My Documents\IBD katalog.pdf -> [Ver = | Size = 3457806 bytes | Modified Date = 15.7.2008 23:22:49 | Attr = ] jessicasimpson.jpg -> %UserProfile%\My Documents\jessicasimpson.jpg -> [Ver = | Size = 68797 bytes | Modified Date = 28.6.2008 14:36:27 | Attr = ] Moje mape za izmenjevanje.lnk -> %UserProfile%\My Documents\Moje mape za izmenjevanje.lnk -> [Ver = | Size = 576 bytes | Modified Date = 6.8.2008 21:25:04 | Attr = ] Moje prejete datoteke -> %UserProfile%\My Documents\Moje prejete datoteke -> [Folder | Modified Date = 6.6.2008 19:20:17 | Attr = ] My Digital Editions -> %UserProfile%\My Documents\My Digital Editions -> [Folder | Modified Date = 26.5.2008 10:40:37 | Attr = ] My Pictures -> %UserProfile%\My Documents\My Pictures -> [Folder | Modified Date = 22.7.2008 21:17:36 | Attr = R ] Nove Ikone -> %UserProfile%\My Documents\Nove Ikone -> [Folder | Modified Date = 29.6.2008 20:01:00 | Attr = ] OneNote Notebooks -> %UserProfile%\My Documents\OneNote Notebooks -> [Folder | Modified Date = 2.7.2008 13:10:29 | Attr = ] POSTOPEK IZDELAVE Z IBD GELI.docx -> %UserProfile%\My Documents\POSTOPEK IZDELAVE Z IBD GELI.docx -> [Ver = | Size = 18655 bytes | Modified Date = 15.7.2008 23:14:19 | Attr = ] Recept.odt -> %UserProfile%\My Documents\Recept.odt -> [Ver = | Size = 17971 bytes | Modified Date = 27.5.2008 14:47:44 | Attr = ] Vodno mesto Atlantis.docx -> %UserProfile%\My Documents\Vodno mesto Atlantis.docx -> [Ver = | Size = 29511 bytes | Modified Date = 7.7.2008 19:29:06 | Attr = ] Če bi vse človeštvo skrčili na vas s.ppt -> %UserProfile%\My Documents\Če bi vse človeštvo skrčili na vas s.ppt -> [Ver = | Size = 2464768 bytes | Modified Date = 10.5.2008 1:57:17 | Attr = ] Ad-Aware.lnk -> %AllUsersProfile%\Desktop\Ad-Aware.lnk -> [Ver = | Size = 1735 bytes | Modified Date = 29.6.2008 14:48:19 | Attr = ] Adobe Reader 7.0.lnk -> %AllUsersProfile%\Desktop\Adobe Reader 7.0.lnk -> [Ver = | Size = 1728 bytes | Modified Date = 29.6.2008 14:47:12 | Attr = ] ADSL.lnk -> %AllUsersProfile%\Desktop\ADSL.lnk -> [Ver = | Size = 1466 bytes | Modified Date = 29.6.2008 0:55:40 | Attr = ] CamStudio.lnk -> %AllUsersProfile%\Desktop\CamStudio.lnk -> [Ver = | Size = 689 bytes | Modified Date = 31.7.2008 10:28:47 | Attr = ] Mozilla Firefox.lnk -> %AllUsersProfile%\Desktop\Mozilla Firefox.lnk -> [Ver = | Size = 1658 bytes | Modified Date = 29.6.2008 0:53:08 | Attr = ] Nero CD_DVD Zapisovalec.lnk -> %AllUsersProfile%\Desktop\Nero CD_DVD Zapisovalec.lnk -> [Ver = | Size = 2205 bytes | Modified Date = 29.6.2008 14:50:16 | Attr = ] Nokia PC Suite.lnk -> %AllUsersProfile%\Desktop\Nokia PC Suite.lnk -> [Ver = | Size = 2341 bytes | Modified Date = 15.6.2008 21:23:34 | Attr = ] Notepad++.lnk -> %AllUsersProfile%\Desktop\Notepad++.lnk -> [Ver = | Size = 1628 bytes | Modified Date = 29.6.2008 0:54:27 | Attr = ] Opera.lnk -> %AllUsersProfile%\Desktop\Opera.lnk -> [Ver = | Size = 592 bytes | Modified Date = 6.7.2008 10:49:23 | Attr = ] Pošta Windows Live .lnk -> %AllUsersProfile%\Desktop\Pošta Windows Live .lnk -> [Ver = | Size = 1835 bytes | Modified Date = 29.6.2008 14:49:37 | Attr = ] Tomb Raider - Anniversary.lnk -> %AllUsersProfile%\Desktop\Tomb Raider - Anniversary.lnk -> [Ver = | Size = 1734 bytes | Modified Date = 29.6.2008 0:51:12 | Attr = ] Winamp.lnk -> %AllUsersProfile%\Desktop\Winamp.lnk -> [Ver = | Size = 730 bytes | Modified Date = 29.6.2008 1:07:10 | Attr = ] Windows Live Messenger .lnk -> %AllUsersProfile%\Desktop\Windows Live Messenger .lnk -> [Ver = | Size = 1831 bytes | Modified Date = 6.8.2008 15:57:44 | Attr = ] CCleaner.lnk -> %UserProfile%\Desktop\CCleaner.lnk -> [Ver = | Size = 1548 bytes | Modified Date = 5.8.2008 12:16:38 | Attr = ] dss.exe -> %UserProfile%\Desktop\dss.exe -> [Ver = 3, 2, 8, 1 | Size = 686630 bytes | Modified Date = 3.8.2008 15:38:17 | Attr = ] GIMP 2.lnk -> %UserProfile%\Desktop\GIMP 2.lnk -> [Ver = | Size = 1726 bytes | Modified Date = 29.6.2008 14:47:27 | Attr = ] HijackThis.lnk -> %UserProfile%\Desktop\HijackThis.lnk -> [Ver = | Size = 846 bytes | Modified Date = 7.8.2008 19:38:44 | Attr = ] kav8.0.0.357en.exe -> %UserProfile%\Desktop\kav8.0.0.357en.exe -> Kaspersky Lab [Ver = 8.0.0.357 | Size = 29333704 bytes | Modified Date = 7.8.2008 9:47:48 | Attr = ] Microsoft Office -> %UserProfile%\Desktop\Microsoft Office -> [Folder | Modified Date = 2.7.2008 13:20:33 | Attr = R ] OTMoveIt2.exe -> %UserProfile%\Desktop\OTMoveIt2.exe -> OldTimer Tools [Ver = 1.0.4.3 | Size = 291840 bytes | Modified Date = 7.8.2008 21:33:07 | Attr = ] OTScanIt -> %UserProfile%\Desktop\OTScanIt -> [Folder | Modified Date = 7.8.2008 21:39:46 | Attr = ] OTScanIt.exe -> %UserProfile%\Desktop\OTScanIt.exe -> [Ver = | Size = 568477 bytes | Modified Date = 7.8.2008 21:38:14 | Attr = ] Raziskovalec.lnk -> %UserProfile%\Desktop\Raziskovalec.lnk -> [Ver = | Size = 344 bytes | Modified Date = 29.6.2008 20:18:01 | Attr = ] Spybot - Search & Destroy.lnk -> %UserProfile%\Desktop\Spybot - Search & Destroy.lnk -> [Ver = | Size = 933 bytes | Modified Date = 7.8.2008 17:54:22 | Attr = ] VundoFix.exe -> %UserProfile%\Desktop\VundoFix.exe -> Atribune.org [Ver = 7.00.0006 | Size = 119808 bytes | Modified Date = 4.8.2008 19:17:37 | Attr = ] OneNote 2007 Screen Clipper and Launcher.lnk -> %UserProfile%\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk -> [Ver = | Size = 947 bytes | Modified Date = 2.7.2008 13:10:27 | Attr = ] DESIGNER -> %CommonProgramFiles%\DESIGNER -> [Folder | Modified Date = 2.7.2008 12:32:12 | Attr = ] Microsoft Shared -> %CommonProgramFiles%\Microsoft Shared -> [Folder | Modified Date = 2.7.2008 12:42:54 | Attr = ] Nokia -> %CommonProgramFiles%\Nokia -> [Folder | Modified Date = 16.5.2008 11:15:05 | Attr = ] PCSuite -> %CommonProgramFiles%\PCSuite -> [Folder | Modified Date = 16.5.2008 11:15:04 | Attr = ] Real -> %CommonProgramFiles%\Real -> [Folder | Modified Date = 17.6.2008 21:32:12 | Attr = ] System -> %CommonProgramFiles%\System -> [Folder | Modified Date = 2.7.2008 12:41:55 | Attr = ] Wise Installation Wizard -> %CommonProgramFiles%\Wise Installation Wizard -> [Folder | Modified Date = 14.6.2008 11:03:12 | Attr = ] xing shared -> %CommonProgramFiles%\xing shared -> [Folder | Modified Date = 17.6.2008 21:32:15 | Attr = ] < End of report > [/code]