FB keylogger
Napsal: 02 úno 2015 09:36
http://www.zive.sk/clanok/102075/facebo ... ne-klavesy
Mate niekto vzorku alebo link?
Mate niekto vzorku alebo link?
yup
hxxps://goo.gl/3D0fpa
Stránka 1 z 1
Re: FB keylogger
Napsal: 02 úno 2015 12:06
Re: FB keylogger
Napsal: 02 úno 2015 12:26
vdaka 
Re: FB keylogger
Napsal: 02 úno 2015 13:44
Pred restartom po spusteni:
Kód: Vybrat vše
'virus' changes
Total Uninstall, 2.2.2015 13:08:19
My Computer
===============
File System
===============
(FOLDER) C:\Documents and Settings\Admin
(*)(FILE) ntuser.dat.LOG
13:04 02.02.15 1024 bytes ==> 13:05 02.02.15 1024 bytes
(FOLDER) C:\Documents and Settings\Admin\Cookies
(*)(FILE) index.dat
18:15 11.12.14 16384 bytes ==> 13:05 02.02.15 16384 bytes
(FOLDER) C:\Documents and Settings\Admin\Data aplikací
(+)(FILE) arsiv.exe = 13:06 02.02.15 31990778 bytes
(+)(FILE) Chromium.exe = 13:05 02.02.15 687701 bytes
(+)(FILE) ok.txt = 13:05 02.02.15 9 bytes
(+)(FILE) setting = 13:06 02.02.15 28 bytes
(+)(FOLDER) C:\Documents and Settings\Admin\Data aplikací\browser
(+)(FILE) chrome.exe = 11:29 23.07.13 844752 bytes
(+)(FOLDER) C:\Documents and Settings\Admin\Data aplikací\browser\30.0.1573.2
(+)(FILE) resources.pak = 09:38 23.07.13 5819064 bytes
(+)(FILE) libpeerconnection.dll = 11:28 23.07.13 2109904 bytes
(+)(FILE) icudt.dll = 11:28 23.07.13 9962960 bytes
(+)(FILE) chrome_100_percent.pak = 09:38 23.07.13 955340 bytes
(+)(FILE) chrome.dll = 11:28 23.07.13 47550416 bytes
(+)(FOLDER) C:\Documents and Settings\Admin\Data aplikací\browser\30.0.1573.2\Locales
(+)(FILE) zh-TW.pak = 09:38 23.07.13 217708 bytes
(+)(FILE) zh-TW.dll = 11:29 23.07.13 9680 bytes
(+)(FILE) zh-CN.pak = 09:38 23.07.13 216898 bytes
(+)(FILE) zh-CN.dll = 11:29 23.07.13 9680 bytes
(+)(FILE) vi.pak = 09:38 23.07.13 303157 bytes
(+)(FILE) vi.dll = 11:29 23.07.13 9680 bytes
(+)(FILE) uk.pak = 09:38 23.07.13 409339 bytes
(+)(FILE) uk.dll = 11:28 23.07.13 9680 bytes
(+)(FILE) tr.pak = 09:38 23.07.13 262957 bytes
(+)(FILE) tr.dll = 11:28 23.07.13 10192 bytes
(+)(FILE) th.pak = 09:38 23.07.13 530947 bytes
(+)(FILE) th.dll = 11:28 23.07.13 9680 bytes
(+)(FILE) te.pak = 09:38 23.07.13 573753 bytes
(+)(FILE) te.dll = 11:28 23.07.13 10192 bytes
(+)(FILE) ta.pak = 09:38 23.07.13 616537 bytes
(+)(FILE) ta.dll = 11:28 23.07.13 10192 bytes
(+)(FILE) sw.pak = 09:38 23.07.13 221514 bytes
(+)(FILE) sw.dll = 11:28 23.07.13 10192 bytes
(+)(FILE) sv.pak = 09:38 23.07.13 243320 bytes
(+)(FILE) sv.dll = 11:28 23.07.13 9680 bytes
(+)(FILE) sr.pak = 09:38 23.07.13 399434 bytes
(+)(FILE) sr.dll = 11:28 23.07.13 9680 bytes
(+)(FILE) sl.pak = 09:38 23.07.13 244773 bytes
(+)(FILE) sl.dll = 11:28 23.07.13 10192 bytes
(+)(FILE) sk.pak = 09:38 23.07.13 275493 bytes
(+)(FILE) sk.dll = 11:28 23.07.13 10192 bytes
(+)(FILE) ru.pak = 09:38 23.07.13 411197 bytes
(+)(FILE) ru.dll = 11:28 23.07.13 9680 bytes
(+)(FILE) ro.pak = 09:38 23.07.13 272995 bytes
(+)(FILE) ro.dll = 11:28 23.07.13 10192 bytes
(+)(FILE) pt-PT.pak = 09:38 23.07.13 262145 bytes
(+)(FILE) pt-PT.dll = 11:28 23.07.13 10192 bytes
(+)(FILE) pt-BR.pak = 09:38 23.07.13 256405 bytes
(+)(FILE) pt-BR.dll = 11:28 23.07.13 10192 bytes
(+)(FILE) pl.pak = 09:38 23.07.13 263269 bytes
(+)(FILE) pl.dll = 11:28 23.07.13 10192 bytes
(+)(FILE) nl.pak = 09:38 23.07.13 256771 bytes
(+)(FILE) nl.dll = 11:28 23.07.13 10192 bytes
(+)(FILE) nb.pak = 09:38 23.07.13 240781 bytes
(+)(FILE) nb.dll = 11:28 23.07.13 9680 bytes
(+)(FILE) ms.pak = 09:38 23.07.13 197210 bytes
(+)(FILE) ms.dll = 11:28 23.07.13 9680 bytes
(+)(FILE) mr.pak = 09:38 23.07.13 522104 bytes
(+)(FILE) mr.dll = 11:28 23.07.13 9680 bytes
(+)(FILE) ml.pak = 09:38 23.07.13 685245 bytes
(+)(FILE) ml.dll = 11:28 23.07.13 10192 bytes
(+)(FILE) lv.pak = 09:38 23.07.13 264128 bytes
(+)(FILE) lv.dll = 11:28 23.07.13 9680 bytes
(+)(FILE) lt.pak = 09:38 23.07.13 260286 bytes
(+)(FILE) lt.dll = 11:28 23.07.13 10192 bytes
(+)(FILE) ko.pak = 09:38 23.07.13 267886 bytes
(+)(FILE) ko.dll = 11:28 23.07.13 9680 bytes
(+)(FILE) kn.pak = 09:38 23.07.13 590349 bytes
(+)(FILE) kn.dll = 11:28 23.07.13 10192 bytes
(+)(FILE) ja.pak = 09:38 23.07.13 316482 bytes
(+)(FILE) ja.dll = 11:28 23.07.13 9680 bytes
(+)(FILE) it.pak = 09:38 23.07.13 259486 bytes
(+)(FILE) it.dll = 11:28 23.07.13 10192 bytes
(+)(FILE) id.pak = 09:38 23.07.13 240009 bytes
(+)(FILE) id.dll = 11:28 23.07.13 10192 bytes
(+)(FILE) hu.pak = 09:38 23.07.13 277289 bytes
(+)(FILE) hu.dll = 11:28 23.07.13 10192 bytes
(+)(FILE) hr.pak = 09:38 23.07.13 249310 bytes
(+)(FILE) hr.dll = 11:28 23.07.13 10192 bytes
(+)(FILE) hi.pak = 09:38 23.07.13 531671 bytes
(+)(FILE) hi.dll = 11:28 23.07.13 10192 bytes
(+)(FILE) he.pak = 09:38 23.07.13 298676 bytes
(+)(FILE) he.dll = 11:28 23.07.13 9680 bytes
(+)(FILE) gu.pak = 09:38 23.07.13 515327 bytes
(+)(FILE) gu.dll = 11:28 23.07.13 9680 bytes
(+)(FILE) fr.pak = 09:38 23.07.13 280002 bytes
(+)(FILE) fr.dll = 11:28 23.07.13 10192 bytes
(+)(FILE) fil.pak = 09:38 23.07.13 269742 bytes
(+)(FILE) fil.dll = 11:28 23.07.13 10192 bytes
(+)(FILE) fi.pak = 09:38 23.07.13 249345 bytes
(+)(FILE) fi.dll = 11:28 23.07.13 9680 bytes
(+)(FILE) fa.pak = 09:38 23.07.13 369511 bytes
(+)(FILE) fa.dll = 11:28 23.07.13 9680 bytes
(+)(FILE) et.pak = 09:38 23.07.13 233330 bytes
(+)(FILE) et.dll = 11:28 23.07.13 9680 bytes
(+)(FILE) es.pak = 09:38 23.07.13 270941 bytes
(+)(FILE) es.dll = 11:28 23.07.13 10192 bytes
(+)(FILE) es-419.pak = 09:38 23.07.13 265797 bytes
(+)(FILE) es-419.dll = 11:28 23.07.13 10192 bytes
(+)(FILE) en-US.pak = 09:38 23.07.13 223864 bytes
(+)(FILE) en-US.dll = 11:28 23.07.13 9680 bytes
(+)(FILE) en-GB.pak = 09:38 23.07.13 223737 bytes
(+)(FILE) en-GB.dll = 11:28 23.07.13 9680 bytes
(+)(FILE) el.pak = 09:38 23.07.13 471429 bytes
(+)(FILE) el.dll = 11:28 23.07.13 10192 bytes
(+)(FILE) de.pak = 09:38 23.07.13 226285 bytes
(+)(FILE) de.dll = 11:28 23.07.13 10192 bytes
(+)(FILE) da.pak = 09:38 23.07.13 241491 bytes
(+)(FILE) da.dll = 11:28 23.07.13 10192 bytes
(+)(FILE) cs.pak = 09:38 23.07.13 265869 bytes
(+)(FILE) cs.dll = 11:28 23.07.13 10192 bytes
(+)(FILE) ca.pak = 09:38 23.07.13 265180 bytes
(+)(FILE) ca.dll = 11:28 23.07.13 10192 bytes
(+)(FILE) bn.pak = 09:38 23.07.13 542053 bytes
(+)(FILE) bn.dll = 11:28 23.07.13 9680 bytes
(+)(FILE) bg.pak = 09:38 23.07.13 433134 bytes
(+)(FILE) bg.dll = 11:28 23.07.13 10192 bytes
(+)(FILE) ar.pak = 09:38 23.07.13 348317 bytes
(+)(FILE) ar.dll = 11:28 23.07.13 9680 bytes
(+)(FILE) am.pak = 09:38 23.07.13 360131 bytes
(+)(FILE) am.dll = 11:28 23.07.13 9680 bytes
(+)(FOLDER) C:\Documents and Settings\Admin\Data aplikací\browser\30.0.1573.2\PepperFlash
(+)(FILE) pepflashplayer.dll = 01:57 06.11.14 14910280 bytes
(+)(FILE) manifest.json = 01:34 06.11.14 2044 bytes
(FOLDER) C:\Documents and Settings\Admin\Data aplikací\Mozilla\Firefox\Profiles\y4wy1pwn.default
(*)(FILE) cert8.db
13:49 06.10.13 65536 bytes ==> 13:06 02.02.15 65536 bytes
(*)(FILE) cookies.sqlite-wal
13:04 02.02.15 56624 bytes ==> 13:06 02.02.15 65008 bytes
(*)(FILE) places.sqlite
13:04 02.02.15 10485760 bytes ==> 13:06 02.02.15 10485760 bytes
(*)(FILE) places.sqlite-journal
13:04 02.02.15 0 bytes ==> 13:06 02.02.15 0 bytes
(*)(FILE) webappsstore.sqlite
13:04 02.02.15 23552 bytes ==> 13:06 02.02.15 23552 bytes
(-)(FILE) parent.lock = 13:02 02.02.15 0 bytes
(+)(FOLDER) C:\Documents and Settings\Admin\Local Settings\Application Data
(+)(FOLDER) C:\Documents and Settings\Admin\Local Settings\Application Data\Google
(+)(FOLDER) C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome
(+)(FOLDER) C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\User Data
(+)(FOLDER) C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\User Data\Default
(+)(FILE) Preferences = 13:06 02.02.15 2130 bytes
(+)(FOLDER) C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions
(+)(FOLDER) C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\imaagnoaminmoocmildbehbehcnendga
(+)(FILE) bg.txt = 13:05 02.02.15 1637 bytes
(FOLDER) C:\Documents and Settings\Admin\Local Settings\Data aplikací\Mozilla\Firefox\Profiles\y4wy1pwn.default
(+)(FILE) urlclassifier3.sqlite-journal = 13:06 02.02.15 16071776 bytes
(*)(FILE) urlclassifier3.sqlite
13:49 06.10.13 64372736 bytes ==> 13:06 02.02.15 64372736 bytes
(FOLDER) C:\Documents and Settings\Admin\Local Settings\Data aplikací\Mozilla\Firefox\Profiles\y4wy1pwn.default\Cache
(*)(FILE) _CACHE_001_
13:02 02.02.15 75592 bytes ==> 13:06 02.02.15 75592 bytes
(*)(FILE) _CACHE_002_
13:02 02.02.15 208131 bytes ==> 13:06 02.02.15 208131 bytes
(*)(FILE) _CACHE_003_
13:02 02.02.15 1067070 bytes ==> 13:06 02.02.15 1067070 bytes
(FOLDER) C:\Documents and Settings\Admin\Local Settings\History\History.IE5
(*)(FILE) index.dat
18:15 11.12.14 16384 bytes ==> 13:05 02.02.15 16384 bytes
(FOLDER) C:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5
(*)(FILE) index.dat
18:15 11.12.14 32768 bytes ==> 13:05 02.02.15 32768 bytes
(FOLDER) C:\Documents and Settings\Admin\Plocha
(+)(FILE) Google Chrome.lnk = 13:06 02.02.15 791 bytes
(+)(FOLDER) C:\Program Files\Google
(+)(FOLDER) C:\Program Files\Google\Chrome
(+)(FOLDER) C:\Program Files\Google\Chrome\Application
(+)(FILE) chrome.exe = 11:29 23.07.13 844752 bytes
(+)(FOLDER) C:\Program Files\Google\Chrome\Application\30.0.1573.2
(+)(FILE) resources.pak = 09:38 23.07.13 5819064 bytes
(+)(FILE) libpeerconnection.dll = 11:28 23.07.13 2109904 bytes
(+)(FILE) icudt.dll = 11:28 23.07.13 9962960 bytes
(+)(FILE) chrome_100_percent.pak = 09:38 23.07.13 955340 bytes
(+)(FILE) chrome.dll = 11:28 23.07.13 47550416 bytes
(+)(FOLDER) C:\Program Files\Google\Chrome\Application\30.0.1573.2\Locales
(+)(FILE) zh-TW.pak = 09:38 23.07.13 217708 bytes
(+)(FILE) zh-TW.dll = 11:29 23.07.13 9680 bytes
(+)(FILE) zh-CN.pak = 09:38 23.07.13 216898 bytes
(+)(FILE) zh-CN.dll = 11:29 23.07.13 9680 bytes
(+)(FILE) vi.pak = 09:38 23.07.13 303157 bytes
(+)(FILE) vi.dll = 11:29 23.07.13 9680 bytes
(+)(FILE) uk.pak = 09:38 23.07.13 409339 bytes
(+)(FILE) uk.dll = 11:28 23.07.13 9680 bytes
(+)(FILE) tr.pak = 09:38 23.07.13 262957 bytes
(+)(FILE) tr.dll = 11:28 23.07.13 10192 bytes
(+)(FILE) th.pak = 09:38 23.07.13 530947 bytes
(+)(FILE) th.dll = 11:28 23.07.13 9680 bytes
(+)(FILE) te.pak = 09:38 23.07.13 573753 bytes
(+)(FILE) te.dll = 11:28 23.07.13 10192 bytes
(+)(FILE) ta.pak = 09:38 23.07.13 616537 bytes
(+)(FILE) ta.dll = 11:28 23.07.13 10192 bytes
(+)(FILE) sw.pak = 09:38 23.07.13 221514 bytes
(+)(FILE) sw.dll = 11:28 23.07.13 10192 bytes
(+)(FILE) sv.pak = 09:38 23.07.13 243320 bytes
(+)(FILE) sv.dll = 11:28 23.07.13 9680 bytes
(+)(FILE) sr.pak = 09:38 23.07.13 399434 bytes
(+)(FILE) sr.dll = 11:28 23.07.13 9680 bytes
(+)(FILE) sl.pak = 09:38 23.07.13 244773 bytes
(+)(FILE) sl.dll = 11:28 23.07.13 10192 bytes
(+)(FILE) sk.pak = 09:38 23.07.13 275493 bytes
(+)(FILE) sk.dll = 11:28 23.07.13 10192 bytes
(+)(FILE) ru.pak = 09:38 23.07.13 411197 bytes
(+)(FILE) ru.dll = 11:28 23.07.13 9680 bytes
(+)(FILE) ro.pak = 09:38 23.07.13 272995 bytes
(+)(FILE) ro.dll = 11:28 23.07.13 10192 bytes
(+)(FILE) pt-PT.pak = 09:38 23.07.13 262145 bytes
(+)(FILE) pt-PT.dll = 11:28 23.07.13 10192 bytes
(+)(FILE) pt-BR.pak = 09:38 23.07.13 256405 bytes
(+)(FILE) pt-BR.dll = 11:28 23.07.13 10192 bytes
(+)(FILE) pl.pak = 09:38 23.07.13 263269 bytes
(+)(FILE) pl.dll = 11:28 23.07.13 10192 bytes
(+)(FILE) nl.pak = 09:38 23.07.13 256771 bytes
(+)(FILE) nl.dll = 11:28 23.07.13 10192 bytes
(+)(FILE) nb.pak = 09:38 23.07.13 240781 bytes
(+)(FILE) nb.dll = 11:28 23.07.13 9680 bytes
(+)(FILE) ms.pak = 09:38 23.07.13 197210 bytes
(+)(FILE) ms.dll = 11:28 23.07.13 9680 bytes
(+)(FILE) mr.pak = 09:38 23.07.13 522104 bytes
(+)(FILE) mr.dll = 11:28 23.07.13 9680 bytes
(+)(FILE) ml.pak = 09:38 23.07.13 685245 bytes
(+)(FILE) ml.dll = 11:28 23.07.13 10192 bytes
(+)(FILE) lv.pak = 09:38 23.07.13 264128 bytes
(+)(FILE) lv.dll = 11:28 23.07.13 9680 bytes
(+)(FILE) lt.pak = 09:38 23.07.13 260286 bytes
(+)(FILE) lt.dll = 11:28 23.07.13 10192 bytes
(+)(FILE) ko.pak = 09:38 23.07.13 267886 bytes
(+)(FILE) ko.dll = 11:28 23.07.13 9680 bytes
(+)(FILE) kn.pak = 09:38 23.07.13 590349 bytes
(+)(FILE) kn.dll = 11:28 23.07.13 10192 bytes
(+)(FILE) ja.pak = 09:38 23.07.13 316482 bytes
(+)(FILE) ja.dll = 11:28 23.07.13 9680 bytes
(+)(FILE) it.pak = 09:38 23.07.13 259486 bytes
(+)(FILE) it.dll = 11:28 23.07.13 10192 bytes
(+)(FILE) id.pak = 09:38 23.07.13 240009 bytes
(+)(FILE) id.dll = 11:28 23.07.13 10192 bytes
(+)(FILE) hu.pak = 09:38 23.07.13 277289 bytes
(+)(FILE) hu.dll = 11:28 23.07.13 10192 bytes
(+)(FILE) hr.pak = 09:38 23.07.13 249310 bytes
(+)(FILE) hr.dll = 11:28 23.07.13 10192 bytes
(+)(FILE) hi.pak = 09:38 23.07.13 531671 bytes
(+)(FILE) hi.dll = 11:28 23.07.13 10192 bytes
(+)(FILE) he.pak = 09:38 23.07.13 298676 bytes
(+)(FILE) he.dll = 11:28 23.07.13 9680 bytes
(+)(FILE) gu.pak = 09:38 23.07.13 515327 bytes
(+)(FILE) gu.dll = 11:28 23.07.13 9680 bytes
(+)(FILE) fr.pak = 09:38 23.07.13 280002 bytes
(+)(FILE) fr.dll = 11:28 23.07.13 10192 bytes
(+)(FILE) fil.pak = 09:38 23.07.13 269742 bytes
(+)(FILE) fil.dll = 11:28 23.07.13 10192 bytes
(+)(FILE) fi.pak = 09:38 23.07.13 249345 bytes
(+)(FILE) fi.dll = 11:28 23.07.13 9680 bytes
(+)(FILE) fa.pak = 09:38 23.07.13 369511 bytes
(+)(FILE) fa.dll = 11:28 23.07.13 9680 bytes
(+)(FILE) et.pak = 09:38 23.07.13 233330 bytes
(+)(FILE) et.dll = 11:28 23.07.13 9680 bytes
(+)(FILE) es.pak = 09:38 23.07.13 270941 bytes
(+)(FILE) es.dll = 11:28 23.07.13 10192 bytes
(+)(FILE) es-419.pak = 09:38 23.07.13 265797 bytes
(+)(FILE) es-419.dll = 11:28 23.07.13 10192 bytes
(+)(FILE) en-US.pak = 09:38 23.07.13 223864 bytes
(+)(FILE) en-US.dll = 11:28 23.07.13 9680 bytes
(+)(FILE) en-GB.pak = 09:38 23.07.13 223737 bytes
(+)(FILE) en-GB.dll = 11:28 23.07.13 9680 bytes
(+)(FILE) el.pak = 09:38 23.07.13 471429 bytes
(+)(FILE) el.dll = 11:28 23.07.13 10192 bytes
(+)(FILE) de.pak = 09:38 23.07.13 226285 bytes
(+)(FILE) de.dll = 11:28 23.07.13 10192 bytes
(+)(FILE) da.pak = 09:38 23.07.13 241491 bytes
(+)(FILE) da.dll = 11:28 23.07.13 10192 bytes
(+)(FILE) cs.pak = 09:38 23.07.13 265869 bytes
(+)(FILE) cs.dll = 11:28 23.07.13 10192 bytes
(+)(FILE) ca.pak = 09:38 23.07.13 265180 bytes
(+)(FILE) ca.dll = 11:28 23.07.13 10192 bytes
(+)(FILE) bn.pak = 09:38 23.07.13 542053 bytes
(+)(FILE) bn.dll = 11:28 23.07.13 9680 bytes
(+)(FILE) bg.pak = 09:38 23.07.13 433134 bytes
(+)(FILE) bg.dll = 11:28 23.07.13 10192 bytes
(+)(FILE) ar.pak = 09:38 23.07.13 348317 bytes
(+)(FILE) ar.dll = 11:28 23.07.13 9680 bytes
(+)(FILE) am.pak = 09:38 23.07.13 360131 bytes
(+)(FILE) am.dll = 11:28 23.07.13 9680 bytes
(+)(FOLDER) C:\Program Files\Google\Chrome\Application\30.0.1573.2\PepperFlash
(+)(FILE) pepflashplayer.dll = 01:57 06.11.14 14910280 bytes
(+)(FILE) manifest.json = 01:34 06.11.14 2044 bytes
(FOLDER) C:\Program Files\Mozilla Firefox
(*)(FILE) firefox.exe
03:13 20.02.11 912344 bytes ==> 01:37 30.12.14 36864 bytes
(FOLDER) C:\WINDOWS\Debug\UserMode
(*)(FILE) userenv.log
13:02 02.02.15 28888 bytes ==> 13:05 02.02.15 29504 bytes
(FOLDER) C:\WINDOWS\Prefetch
(+)(FILE) ARSIV.EXE-21FE7176.pf = 13:06 02.02.15 49524 bytes
(+)(FILE) CHROME.EXE-06157C0F.pf = 13:06 02.02.15 3710 bytes
(+)(FILE) CHROMIUM.EXE-0BFCD993.pf = 13:06 02.02.15 22516 bytes
(+)(FILE) INSTALL_FLASHPLAYER14X32_X64M-0B143FE7.pf = 13:05 02.02.15 13662 bytes
(+)(FILE) TASKKILL.EXE-0A8306E3.pf = 13:06 02.02.15 11672 bytes
(+)(FILE) WGET.EXE-30EF1D83.pf = 13:06 02.02.15 7178 bytes
(*)(FILE) FIREFOX.EXE-28641590.pf
13:48 06.10.13 71296 bytes ==> 13:06 02.02.15 74116 bytes
(*)(FILE) WMIADAP.EXE-2DF425B2.pf
19:34 12.06.14 23204 bytes ==> 13:06 02.02.15 22732 bytes
(*)(FILE) WMIPRVSE.EXE-28F301A9.pf
13:03 02.02.15 31080 bytes ==> 13:07 02.02.15 31246 bytes
(FOLDER) C:\WINDOWS\system32
(*)(FILE) perfc005.dat
19:33 12.06.14 69244 bytes ==> 13:06 02.02.15 69244 bytes
(*)(FILE) perfc009.dat
19:33 12.06.14 59108 bytes ==> 13:06 02.02.15 59108 bytes
(*)(FILE) perfh005.dat
19:33 12.06.14 390468 bytes ==> 13:06 02.02.15 390468 bytes
(*)(FILE) perfh009.dat
19:33 12.06.14 393000 bytes ==> 13:06 02.02.15 393000 bytes
(*)(FILE) PerfStringBackup.INI
19:33 12.06.14 921110 bytes ==> 13:06 02.02.15 921110 bytes
(FOLDER) C:\WINDOWS\system32\config
(*)(FILE) software.LOG
13:03 02.02.15 1024 bytes ==> 13:07 02.02.15 1024 bytes
(*)(FILE) system.LOG
13:03 02.02.15 1024 bytes ==> 13:07 02.02.15 1024 bytes
(FOLDER) C:\WINDOWS\system32\drivers\etc
(*)(FILE) hosts
13:00 25.10.01 737 bytes ==> 13:06 02.02.15 796 bytes
(FOLDER) C:\WINDOWS\system32\wbem\Logs
(*)(FILE) WinMgmt.log
19:33 12.06.14 54 bytes ==> 13:06 02.02.15 108 bytes
(*)(FILE) wmiprov.log
13:04 02.02.15 10081 bytes ==> 13:07 02.02.15 10744 bytes
(FOLDER) C:\WINDOWS\system32\wbem\Performance
(*)(FILE) WmiApRpl.h
19:33 12.06.14 614 bytes ==> 13:06 02.02.15 614 bytes
(*)(FILE) WmiApRpl.ini
19:33 12.06.14 4580 bytes ==> 13:06 02.02.15 4580 bytes
Registry
===============
(REG KEY) HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\RNG
(*)(REG VAL) Seed
..F.~.4.|.......%..W..N....Q...hY...#.W........;.f-..K.r,6...AD.D..:.%..2.yd..sW ==> ...o...*..N...5..S...>...c.a..P..7^...]+..2p+....mY}.n]r.J....~..bW.G.~......5..
(REG KEY) HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\WDM\DREDGE
(+)(REG VAL) c:\windows\system32\DNSAPI.dll[MofResource] = 'LowDateTime:-196687872,HighDateTime:29449556***Binary mof compiled successfully'
(*)(REG VAL) C:\WINDOWS\System32\advapi32.dll[MofResourceName]
'LowDateTime:1443573760,HighDateTime:29449565***Binary mof compiled successfully' ==> 'LowDateTime:-196687872,HighDateTime:29449556***Binary mof compiled successfully'
(*)(REG VAL) C:\WINDOWS\system32\drivers\ac97intc.sys[MofResourceName]
'LowDateTime:-1018068480,HighDateTime:29435754***Binary mof compiled successfully' ==> 'LowDateTime:1636637184,HighDateTime:29435746***Binary mof compiled successfully'
(*)(REG VAL) C:\WINDOWS\System32\DRIVERS\ACPI.sys[ACPIMOFResource]
'LowDateTime:1443573760,HighDateTime:29449565***Binary mof compiled successfully' ==> 'LowDateTime:-196687872,HighDateTime:29449556***Binary mof compiled successfully'
(*)(REG VAL) C:\WINDOWS\System32\Drivers\battc.sys[BATTCWMI]
'LowDateTime:1847356672,HighDateTime:29435768***Binary mof compiled successfully' ==> 'LowDateTime:207095040,HighDateTime:29435760***Binary mof compiled successfully'
(*)(REG VAL) C:\WINDOWS\System32\DRIVERS\pcntpci5.sys[NdisMofResource]
'LowDateTime:-1943101184,HighDateTime:29435753***Binary mof compiled successfully' ==> 'LowDateTime:711604480,HighDateTime:29435745***Binary mof compiled successfully'
(*)(REG VAL) C:\WINDOWS\system32\kerberos.dll[MOF_RESOURCE]
'LowDateTime:1443573760,HighDateTime:29449565***Binary mof compiled successfully' ==> 'LowDateTime:-196687872,HighDateTime:29449556***Binary mof compiled successfully'
(*)(REG VAL) C:\WINDOWS\system32\lsass.exe[LsaMofResource]
'LowDateTime:1443573760,HighDateTime:29449565***Binary mof compiled successfully' ==> 'LowDateTime:-196687872,HighDateTime:29449556***Binary mof compiled successfully'
(*)(REG VAL) C:\WINDOWS\system32\msv1_0.dll[MofResource]
'LowDateTime:1443573760,HighDateTime:29449565***Binary mof compiled successfully' ==> 'LowDateTime:-196687872,HighDateTime:29449556***Binary mof compiled successfully'
(*)(REG VAL) C:\WINDOWS\system32\spoolsv.exe[Spooler]
'LowDateTime:1443573760,HighDateTime:29449565***Binary mof compiled successfully' ==> 'LowDateTime:-196687872,HighDateTime:29449556***Binary mof compiled successfully'
(REG KEY) HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system
(+)(REG VAL) EnableLUA = 0
(+)(REG KEY) HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Google
(+)(REG KEY) HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Google\Update
(+)(REG VAL) UpdateDefault = 0
(REG KEY) HKEY_USERS\S-1-5-21-583907252-854245398-1957994488-1003\SessionInformation
(*)(REG VAL) ProgramCount
4 ==> 3
(REG KEY) HKEY_USERS\S-1-5-21-583907252-854245398-1957994488-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
(*)(REG VAL) SavedLegacySettings
<...J............................A`..................... ==> <...M............................A`.....................
(REG KEY) HKEY_USERS\S-1-5-21-583907252-854245398-1957994488-1003\Software\Microsoft\Windows\CurrentVersion\Run
(+)(REG VAL) Google Chromium = '"C:\Documents and Settings\Admin\Data aplikací\Chromium.exe"'
(REG KEY) HKEY_CURRENT_USER\SessionInformation
(*)(REG VAL) ProgramCount
4 ==> 3
(REG KEY) HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
(*)(REG VAL) SavedLegacySettings
<...J............................A`..................... ==> <...M............................A`.....................
(REG KEY) HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
(+)(REG VAL) Google Chromium = '"C:\Documents and Settings\Admin\Data aplikací\Chromium.exe"'
Re: FB keylogger
Napsal: 02 úno 2015 13:44
po restarte
Kód: Vybrat vše
'virus 2' zmýnýn
Total Uninstall, 2.2.2015 13:13:23
Tento poŔÝtaŔ
===============
SystÚm soubor¨
===============
(SLOÄKA) C:\Documents and Settings\Admin
(*)(SOUBOR) ntuser.dat
18:15 11.12.14 1310720 bytes ==> 13:11 02.02.15 1310720 bytes
(*)(SOUBOR) ntuser.dat.LOG
13:08 02.02.15 1024 bytes ==> 13:12 02.02.15 1024 bytes
(*)(SOUBOR) ntuser.ini
18:15 11.12.14 180 bytes ==> 13:11 02.02.15 180 bytes
(SLOÄKA) C:\Documents and Settings\Admin\Cookies
(*)(SOUBOR) index.dat
13:08 02.02.15 16384 bytes ==> 13:12 02.02.15 16384 bytes
(SLOÄKA) C:\Documents and Settings\Admin\Data aplikacÝ
(*)(SOUBOR) ok.txt
13:05 02.02.15 9 bytes ==> 13:12 02.02.15 9 bytes
(SLOÄKA) C:\Documents and Settings\Admin\Data aplikacÝ\GHISLER
(*)(SOUBOR) WINCMD.INI
13:01 02.02.15 7692 bytes ==> 13:11 02.02.15 7925 bytes
(SLOÄKA) C:\Documents and Settings\Admin\Local Settings
(*)(SOUBOR) desktop.ini
13:01 02.02.15 62 bytes ==> 13:12 02.02.15 62 bytes
(SLOÄKA) C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\User Data\Default
(*)(SOUBOR) Preferences
13:06 02.02.15 2130 bytes ==> 13:12 02.02.15 2130 bytes
(+)(SLOÄKA) C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\bkjepcheljelmhajnpjbadfglfchocfm
(+)(SOUBOR) bg.txt = 13:12 02.02.15 1637 bytes
(-)(SLOÄKA) C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\imaagnoaminmoocmildbehbehcnendga
(-)(SOUBOR) bg.txt = 13:05 02.02.15 1637 bytes
(SLOÄKA) C:\Documents and Settings\Admin\Local Settings\Data aplikacÝ
(*)(SOUBOR) IconCache.db
19:02 20.11.14 2694528 bytes ==> 13:11 02.02.15 2695464 bytes
(SLOÄKA) C:\Documents and Settings\Admin\Local Settings\Data aplikacÝ\Microsoft\Windows
(*)(SOUBOR) UsrClass.dat
18:15 11.12.14 262144 bytes ==> 13:11 02.02.15 262144 bytes
(*)(SOUBOR) UsrClass.dat.LOG
13:03 02.02.15 1024 bytes ==> 13:12 02.02.15 1024 bytes
(SLOÄKA) C:\Documents and Settings\Admin\Local Settings\History\History.IE5
(*)(SOUBOR) index.dat
13:08 02.02.15 32768 bytes ==> 13:12 02.02.15 32768 bytes
(SLOÄKA) C:\Documents and Settings\Admin\Local Settings\Temp
(+)(SOUBOR) Perflib_Perfdata_658.dat = 13:12 02.02.15 16384 bytes
(-)(SOUBOR) Perflib_Perfdata_3e0.dat = 13:04 02.02.15 16384 bytes
(-)(SOUBOR) Perflib_Perfdata_d4.dat = 13:01 02.02.15 16384 bytes
(SLOÄKA) C:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5
(*)(SOUBOR) index.dat
13:08 02.02.15 32768 bytes ==> 13:12 02.02.15 32768 bytes
(SLOÄKA) C:\Documents and Settings\LocalService
(*)(SOUBOR) NTUSER.DAT
18:15 11.12.14 237568 bytes ==> 13:11 02.02.15 237568 bytes
(*)(SOUBOR) ntuser.dat.LOG
13:03 02.02.15 1024 bytes ==> 13:12 02.02.15 1024 bytes
(SLOÄKA) C:\Documents and Settings\LocalService\Cookies
(*)(SOUBOR) index.dat
13:02 02.02.15 16384 bytes ==> 13:12 02.02.15 16384 bytes
(SLOÄKA) C:\Documents and Settings\LocalService\Local Settings
(*)(SOUBOR) desktop.ini
13:01 02.02.15 62 bytes ==> 13:12 02.02.15 62 bytes
(SLOÄKA) C:\Documents and Settings\LocalService\Local Settings\Data aplikacÝ\Microsoft\Windows
(*)(SOUBOR) UsrClass.dat
18:15 11.12.14 8192 bytes ==> 13:11 02.02.15 8192 bytes
(*)(SOUBOR) UsrClass.dat.LOG
13:03 02.02.15 1024 bytes ==> 13:12 02.02.15 1024 bytes
(SLOÄKA) C:\Documents and Settings\LocalService\Local Settings\History\History.IE5
(*)(SOUBOR) index.dat
13:02 02.02.15 16384 bytes ==> 13:12 02.02.15 16384 bytes
(SLOÄKA) C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5
(*)(SOUBOR) index.dat
13:02 02.02.15 32768 bytes ==> 13:12 02.02.15 32768 bytes
(SLOÄKA) C:\Documents and Settings\NetworkService
(*)(SOUBOR) NTUSER.DAT
18:15 11.12.14 237568 bytes ==> 13:11 02.02.15 237568 bytes
(*)(SOUBOR) ntuser.dat.LOG
13:03 02.02.15 1024 bytes ==> 13:12 02.02.15 1024 bytes
(SLOÄKA) C:\Documents and Settings\NetworkService\Local Settings
(*)(SOUBOR) desktop.ini
13:01 02.02.15 62 bytes ==> 13:12 02.02.15 62 bytes
(SLOÄKA) C:\Documents and Settings\NetworkService\Local Settings\Data aplikacÝ\Microsoft\Windows
(*)(SOUBOR) UsrClass.dat
18:15 11.12.14 8192 bytes ==> 13:11 02.02.15 8192 bytes
(*)(SOUBOR) UsrClass.dat.LOG
13:03 02.02.15 1024 bytes ==> 13:12 02.02.15 1024 bytes
(SLOÄKA) C:\WINDOWS
(*)(SOUBOR) 0.log
13:02 02.02.15 0 bytes ==> 13:12 02.02.15 0 bytes
(*)(SOUBOR) bootstat.dat
13:01 02.02.15 2048 bytes ==> 13:12 02.02.15 2048 bytes
(*)(SOUBOR) SchedLgU.Txt
18:15 11.12.14 26260 bytes ==> 13:11 02.02.15 26366 bytes
(SLOÄKA) C:\WINDOWS\Debug
(*)(SOUBOR) oakley.log
13:02 02.02.15 0 bytes ==> 13:12 02.02.15 0 bytes
(*)(SOUBOR) oakley.log.sav
18:14 11.12.14 0 bytes ==> 13:02 02.02.15 0 bytes
(*)(SOUBOR) PASSWD.LOG
13:01 02.02.15 0 bytes ==> 13:12 02.02.15 0 bytes
(SLOÄKA) C:\WINDOWS\Debug\UserMode
(*)(SOUBOR) userenv.log
13:05 02.02.15 29504 bytes ==> 13:12 02.02.15 33978 bytes
(SLOÄKA) C:\WINDOWS\Prefetch
(*)(SOUBOR) FIREFOX.EXE-28641590.pf
13:06 02.02.15 74116 bytes ==> 13:11 02.02.15 74120 bytes
(*)(SOUBOR) CHROME.EXE-06157C0F.pf
13:06 02.02.15 3710 bytes ==> 13:11 02.02.15 3710 bytes
(*)(SOUBOR) INSTALL_FLASHPLAYER14X32_X64M-0B143FE7.pf
13:05 02.02.15 13662 bytes ==> 13:11 02.02.15 13292 bytes
(SLOÄKA) C:\WINDOWS\system32\config
(*)(SOUBOR) AppEvent.Evt
18:15 11.12.14 196608 bytes ==> 13:11 02.02.15 196608 bytes
(*)(SOUBOR) default
18:15 11.12.14 524288 bytes ==> 13:11 02.02.15 524288 bytes
(*)(SOUBOR) default.LOG
13:03 02.02.15 1024 bytes ==> 13:12 02.02.15 1024 bytes
(*)(SOUBOR) SAM
18:15 11.12.14 24576 bytes ==> 13:11 02.02.15 24576 bytes
(*)(SOUBOR) SAM.LOG
13:01 02.02.15 1024 bytes ==> 13:12 02.02.15 1024 bytes
(*)(SOUBOR) SECURITY
13:03 02.02.15 262144 bytes ==> 13:11 02.02.15 262144 bytes
(*)(SOUBOR) SECURITY.LOG
13:03 02.02.15 1024 bytes ==> 13:12 02.02.15 1024 bytes
(*)(SOUBOR) software
18:15 11.12.14 9437184 bytes ==> 13:11 02.02.15 9437184 bytes
(*)(SOUBOR) software.LOG
13:07 02.02.15 1024 bytes ==> 13:12 02.02.15 1024 bytes
(*)(SOUBOR) SysEvent.Evt
18:15 11.12.14 393216 bytes ==> 13:11 02.02.15 393216 bytes
(*)(SOUBOR) system
13:02 02.02.15 2621440 bytes ==> 13:12 02.02.15 2621440 bytes
(*)(SOUBOR) system.LOG
13:07 02.02.15 1024 bytes ==> 13:12 02.02.15 1024 bytes
(SLOÄKA) C:\WINDOWS\system32\wbem\Logs
(*)(SOUBOR) wmiprov.log
13:08 02.02.15 10889 bytes ==> 13:12 02.02.15 11015 bytes
(SLOÄKA) C:\WINDOWS\system32\wbem\Repository\FS
(*)(SOUBOR) INDEX.MAP
13:03 02.02.15 744 bytes ==> 13:12 02.02.15 744 bytes
(*)(SOUBOR) OBJECTS.MAP
13:03 02.02.15 4540 bytes ==> 13:12 02.02.15 4540 bytes
(SLOÄKA) C:\WINDOWS\Tasks
(*)(SOUBOR) SA.DAT
13:01 02.02.15 6 bytes ==> 13:12 02.02.15 6 bytes
Registr
===============
(REG KEY) HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0
(*)(REG VAL) ~MHz
1610 ==> 1659
(REG KEY) HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\RNG
(*)(REG VAL) Seed
...o...*..N...5..S...>...c.a..P..7^...]+..2p+....mY}.n]r.J....~..bW.G.~......5.. ==> .KL..h.2..V.O|.]?..........+ ..~...i..a...)+%yYqy6....G..$..*{Q..5_......V.23..=
(+)(REG KEY) HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EventSystem\{26c409cc-ae86-11d1-b616-00805fc79216}\Subscriptions\{21132759-A996-4B55-AF4D-B165BD0B9CEE}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000}
(+)(REG VAL) SubscriberApplicationID = '{00000000-0000-0000-0000-000000000000}'
(+)(REG VAL) SubscriberPartitionID = '{00000000-0000-0000-0000-000000000000}'
(+)(REG VAL) EventClassApplicationID = '{00000000-0000-0000-0000-000000000000}'
(+)(REG VAL) EventClassPartitionID = '{00000000-0000-0000-0000-000000000000}'
(+)(REG VAL) InterfaceID = '{9171F2F2-E6F8-445B-91C5-504BF41D1D07}'
(+)(REG VAL) Enabled = -1
(+)(REG VAL) OwnerSID = 'S-1-5-18'
(+)(REG VAL) PerUser = -1
(+)(REG VAL) MethodName = 'Freeze'
(+)(REG VAL) EventClassID = '{FAF53CC4-BD73-4E36-83F1-2B23F46E513E}'
(+)(REG VAL) SubscriptionName = '{939ADEBB-5386-45D8-859B-34ABE0439320}'
(+)(REG VAL) SubscriptionID = '{21132759-A996-4B55-AF4D-B165BD0B9CEE}'
(+)(REG VAL) Active = 1
(+)(REG KEY) HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EventSystem\{26c409cc-ae86-11d1-b616-00805fc79216}\Subscriptions\{44D8D1CF-FA63-4712-B769-BB74AAFDA8DB}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000}
(+)(REG VAL) SubscriberApplicationID = '{00000000-0000-0000-0000-000000000000}'
(+)(REG VAL) SubscriberPartitionID = '{00000000-0000-0000-0000-000000000000}'
(+)(REG VAL) EventClassApplicationID = '{00000000-0000-0000-0000-000000000000}'
(+)(REG VAL) EventClassPartitionID = '{00000000-0000-0000-0000-000000000000}'
(+)(REG VAL) InterfaceID = '{9171F2F2-E6F8-445B-91C5-504BF41D1D07}'
(+)(REG VAL) Enabled = -1
(+)(REG VAL) OwnerSID = 'S-1-5-18'
(+)(REG VAL) PerUser = -1
(+)(REG VAL) MethodName = 'Thaw'
(+)(REG VAL) EventClassID = '{FAF53CC4-BD73-4E36-83F1-2B23F46E513E}'
(+)(REG VAL) SubscriptionName = '{939ADEBB-5386-45D8-859B-34ABE0439320}'
(+)(REG VAL) SubscriptionID = '{44D8D1CF-FA63-4712-B769-BB74AAFDA8DB}'
(+)(REG VAL) Active = 1
(+)(REG KEY) HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EventSystem\{26c409cc-ae86-11d1-b616-00805fc79216}\Subscriptions\{45C8F12A-16DA-4016-9567-020366837FFF}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000}
(+)(REG VAL) SubscriberApplicationID = '{00000000-0000-0000-0000-000000000000}'
(+)(REG VAL) SubscriberPartitionID = '{00000000-0000-0000-0000-000000000000}'
(+)(REG VAL) EventClassApplicationID = '{00000000-0000-0000-0000-000000000000}'
(+)(REG VAL) EventClassPartitionID = '{00000000-0000-0000-0000-000000000000}'
(+)(REG VAL) InterfaceID = '{9171F2F2-E6F8-445B-91C5-504BF41D1D07}'
(+)(REG VAL) Enabled = -1
(+)(REG VAL) OwnerSID = 'S-1-5-18'
(+)(REG VAL) PerUser = -1
(+)(REG VAL) MethodName = 'PrepareForSnapshot'
(+)(REG VAL) EventClassID = '{FAF53CC4-BD73-4E36-83F1-2B23F46E513E}'
(+)(REG VAL) SubscriptionName = '{939ADEBB-5386-45D8-859B-34ABE0439320}'
(+)(REG VAL) SubscriptionID = '{45C8F12A-16DA-4016-9567-020366837FFF}'
(+)(REG VAL) Active = 1
(+)(REG KEY) HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EventSystem\{26c409cc-ae86-11d1-b616-00805fc79216}\Subscriptions\{51F49420-DAD6-48AD-96F9-E0FFA12DCDDB}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000}
(+)(REG VAL) SubscriberApplicationID = '{00000000-0000-0000-0000-000000000000}'
(+)(REG VAL) SubscriberPartitionID = '{00000000-0000-0000-0000-000000000000}'
(+)(REG VAL) EventClassApplicationID = '{00000000-0000-0000-0000-000000000000}'
(+)(REG VAL) EventClassPartitionID = '{00000000-0000-0000-0000-000000000000}'
(+)(REG VAL) InterfaceID = '{9171F2F2-E6F8-445B-91C5-504BF41D1D07}'
(+)(REG VAL) Enabled = -1
(+)(REG VAL) OwnerSID = 'S-1-5-18'
(+)(REG VAL) PerUser = -1
(+)(REG VAL) MethodName = 'BackupComplete'
(+)(REG VAL) EventClassID = '{FAF53CC4-BD73-4E36-83F1-2B23F46E513E}'
(+)(REG VAL) SubscriptionName = '{939ADEBB-5386-45D8-859B-34ABE0439320}'
(+)(REG VAL) SubscriptionID = '{51F49420-DAD6-48AD-96F9-E0FFA12DCDDB}'
(+)(REG VAL) Active = 1
(+)(REG KEY) HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EventSystem\{26c409cc-ae86-11d1-b616-00805fc79216}\Subscriptions\{571FC088-6D35-4428-AB6D-8FEE2685D620}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000}
(+)(REG VAL) SubscriberApplicationID = '{00000000-0000-0000-0000-000000000000}'
(+)(REG VAL) SubscriberPartitionID = '{00000000-0000-0000-0000-000000000000}'
(+)(REG VAL) EventClassApplicationID = '{00000000-0000-0000-0000-000000000000}'
(+)(REG VAL) EventClassPartitionID = '{00000000-0000-0000-0000-000000000000}'
(+)(REG VAL) InterfaceID = '{9171F2F2-E6F8-445B-91C5-504BF41D1D07}'
(+)(REG VAL) Enabled = -1
(+)(REG VAL) OwnerSID = 'S-1-5-18'
(+)(REG VAL) PerUser = -1
(+)(REG VAL) MethodName = 'PrepareForBackup'
(+)(REG VAL) EventClassID = '{FAF53CC4-BD73-4E36-83F1-2B23F46E513E}'
(+)(REG VAL) SubscriptionName = '{939ADEBB-5386-45D8-859B-34ABE0439320}'
(+)(REG VAL) SubscriptionID = '{571FC088-6D35-4428-AB6D-8FEE2685D620}'
(+)(REG VAL) Active = 1
(+)(REG KEY) HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EventSystem\{26c409cc-ae86-11d1-b616-00805fc79216}\Subscriptions\{9A1B58D2-22DC-4623-9297-B023A4C8C07A}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000}
(+)(REG VAL) SubscriberApplicationID = '{00000000-0000-0000-0000-000000000000}'
(+)(REG VAL) SubscriberPartitionID = '{00000000-0000-0000-0000-000000000000}'
(+)(REG VAL) EventClassApplicationID = '{00000000-0000-0000-0000-000000000000}'
(+)(REG VAL) EventClassPartitionID = '{00000000-0000-0000-0000-000000000000}'
(+)(REG VAL) InterfaceID = '{9171F2F2-E6F8-445B-91C5-504BF41D1D07}'
(+)(REG VAL) Enabled = -1
(+)(REG VAL) OwnerSID = 'S-1-5-18'
(+)(REG VAL) PerUser = -1
(+)(REG VAL) MethodName = 'PostRestore'
(+)(REG VAL) EventClassID = '{FAF53CC4-BD73-4E36-83F1-2B23F46E513E}'
(+)(REG VAL) SubscriptionName = '{939ADEBB-5386-45D8-859B-34ABE0439320}'
(+)(REG VAL) SubscriptionID = '{9A1B58D2-22DC-4623-9297-B023A4C8C07A}'
(+)(REG VAL) Active = 1
(+)(REG KEY) HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EventSystem\{26c409cc-ae86-11d1-b616-00805fc79216}\Subscriptions\{AEDB5442-AE4F-4CF2-94F2-9034E61DB718}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000}
(+)(REG VAL) SubscriberApplicationID = '{00000000-0000-0000-0000-000000000000}'
(+)(REG VAL) SubscriberPartitionID = '{00000000-0000-0000-0000-000000000000}'
(+)(REG VAL) EventClassApplicationID = '{00000000-0000-0000-0000-000000000000}'
(+)(REG VAL) EventClassPartitionID = '{00000000-0000-0000-0000-000000000000}'
(+)(REG VAL) InterfaceID = '{9171F2F2-E6F8-445B-91C5-504BF41D1D07}'
(+)(REG VAL) Enabled = -1
(+)(REG VAL) OwnerSID = 'S-1-5-18'
(+)(REG VAL) PerUser = -1
(+)(REG VAL) MethodName = 'RequestWriterInfo'
(+)(REG VAL) EventClassID = '{FAF53CC4-BD73-4E36-83F1-2B23F46E513E}'
(+)(REG VAL) SubscriptionName = '{939ADEBB-5386-45D8-859B-34ABE0439320}'
(+)(REG VAL) SubscriptionID = '{AEDB5442-AE4F-4CF2-94F2-9034E61DB718}'
(+)(REG VAL) Active = 1
(+)(REG KEY) HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EventSystem\{26c409cc-ae86-11d1-b616-00805fc79216}\Subscriptions\{D4E167D7-FAF1-44A9-9E35-679312E36AF6}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000}
(+)(REG VAL) SubscriberApplicationID = '{00000000-0000-0000-0000-000000000000}'
(+)(REG VAL) SubscriberPartitionID = '{00000000-0000-0000-0000-000000000000}'
(+)(REG VAL) EventClassApplicationID = '{00000000-0000-0000-0000-000000000000}'
(+)(REG VAL) EventClassPartitionID = '{00000000-0000-0000-0000-000000000000}'
(+)(REG VAL) InterfaceID = '{9171F2F2-E6F8-445B-91C5-504BF41D1D07}'
(+)(REG VAL) Enabled = -1
(+)(REG VAL) OwnerSID = 'S-1-5-18'
(+)(REG VAL) PerUser = -1
(+)(REG VAL) MethodName = 'Abort'
(+)(REG VAL) EventClassID = '{FAF53CC4-BD73-4E36-83F1-2B23F46E513E}'
(+)(REG VAL) SubscriptionName = '{939ADEBB-5386-45D8-859B-34ABE0439320}'
(+)(REG VAL) SubscriptionID = '{D4E167D7-FAF1-44A9-9E35-679312E36AF6}'
(+)(REG VAL) Active = 1
(-)(REG KEY) HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EventSystem\{26c409cc-ae86-11d1-b616-00805fc79216}\Subscriptions\{0C42C8CD-2B69-4F4A-B92D-BF0BBDCBB691}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000}
(-)(REG VAL) SubscriberApplicationID = '{00000000-0000-0000-0000-000000000000}'
(-)(REG VAL) SubscriberPartitionID = '{00000000-0000-0000-0000-000000000000}'
(-)(REG VAL) EventClassApplicationID = '{00000000-0000-0000-0000-000000000000}'
(-)(REG VAL) EventClassPartitionID = '{00000000-0000-0000-0000-000000000000}'
(-)(REG VAL) InterfaceID = '{9171F2F2-E6F8-445B-91C5-504BF41D1D07}'
(-)(REG VAL) Enabled = -1
(-)(REG VAL) OwnerSID = 'S-1-5-18'
(-)(REG VAL) PerUser = -1
(-)(REG VAL) MethodName = 'Abort'
(-)(REG VAL) EventClassID = '{FAF53CC4-BD73-4E36-83F1-2B23F46E513E}'
(-)(REG VAL) SubscriptionName = '{CEFB1C20-65A5-4995-91E9-C675B9AD4922}'
(-)(REG VAL) SubscriptionID = '{0C42C8CD-2B69-4F4A-B92D-BF0BBDCBB691}'
(-)(REG VAL) Active = 1
(-)(REG KEY) HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EventSystem\{26c409cc-ae86-11d1-b616-00805fc79216}\Subscriptions\{1940E919-CA68-47AC-9690-A7398E2B3A56}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000}
(-)(REG VAL) SubscriberApplicationID = '{00000000-0000-0000-0000-000000000000}'
(-)(REG VAL) SubscriberPartitionID = '{00000000-0000-0000-0000-000000000000}'
(-)(REG VAL) EventClassApplicationID = '{00000000-0000-0000-0000-000000000000}'
(-)(REG VAL) EventClassPartitionID = '{00000000-0000-0000-0000-000000000000}'
(-)(REG VAL) InterfaceID = '{9171F2F2-E6F8-445B-91C5-504BF41D1D07}'
(-)(REG VAL) Enabled = -1
(-)(REG VAL) OwnerSID = 'S-1-5-18'
(-)(REG VAL) PerUser = -1
(-)(REG VAL) MethodName = 'Freeze'
(-)(REG VAL) EventClassID = '{FAF53CC4-BD73-4E36-83F1-2B23F46E513E}'
(-)(REG VAL) SubscriptionName = '{CEFB1C20-65A5-4995-91E9-C675B9AD4922}'
(-)(REG VAL) SubscriptionID = '{1940E919-CA68-47AC-9690-A7398E2B3A56}'
(-)(REG VAL) Active = 1
(-)(REG KEY) HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EventSystem\{26c409cc-ae86-11d1-b616-00805fc79216}\Subscriptions\{1E394833-D583-404E-9DC5-55D35981C424}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000}
(-)(REG VAL) SubscriberApplicationID = '{00000000-0000-0000-0000-000000000000}'
(-)(REG VAL) SubscriberPartitionID = '{00000000-0000-0000-0000-000000000000}'
(-)(REG VAL) EventClassApplicationID = '{00000000-0000-0000-0000-000000000000}'
(-)(REG VAL) EventClassPartitionID = '{00000000-0000-0000-0000-000000000000}'
(-)(REG VAL) InterfaceID = '{9171F2F2-E6F8-445B-91C5-504BF41D1D07}'
(-)(REG VAL) Enabled = -1
(-)(REG VAL) OwnerSID = 'S-1-5-18'
(-)(REG VAL) PerUser = -1
(-)(REG VAL) MethodName = 'PrepareForSnapshot'
(-)(REG VAL) EventClassID = '{FAF53CC4-BD73-4E36-83F1-2B23F46E513E}'
(-)(REG VAL) SubscriptionName = '{CEFB1C20-65A5-4995-91E9-C675B9AD4922}'
(-)(REG VAL) SubscriptionID = '{1E394833-D583-404E-9DC5-55D35981C424}'
(-)(REG VAL) Active = 1
(-)(REG KEY) HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EventSystem\{26c409cc-ae86-11d1-b616-00805fc79216}\Subscriptions\{631A43C8-FCF2-43BD-8AA3-383082C7F170}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000}
(-)(REG VAL) SubscriberApplicationID = '{00000000-0000-0000-0000-000000000000}'
(-)(REG VAL) SubscriberPartitionID = '{00000000-0000-0000-0000-000000000000}'
(-)(REG VAL) EventClassApplicationID = '{00000000-0000-0000-0000-000000000000}'
(-)(REG VAL) EventClassPartitionID = '{00000000-0000-0000-0000-000000000000}'
(-)(REG VAL) InterfaceID = '{9171F2F2-E6F8-445B-91C5-504BF41D1D07}'
(-)(REG VAL) Enabled = -1
(-)(REG VAL) OwnerSID = 'S-1-5-18'
(-)(REG VAL) PerUser = -1
(-)(REG VAL) MethodName = 'Thaw'
(-)(REG VAL) EventClassID = '{FAF53CC4-BD73-4E36-83F1-2B23F46E513E}'
(-)(REG VAL) SubscriptionName = '{CEFB1C20-65A5-4995-91E9-C675B9AD4922}'
(-)(REG VAL) SubscriptionID = '{631A43C8-FCF2-43BD-8AA3-383082C7F170}'
(-)(REG VAL) Active = 1
(-)(REG KEY) HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EventSystem\{26c409cc-ae86-11d1-b616-00805fc79216}\Subscriptions\{86DB61CD-4D43-4E19-827C-146DFE51C458}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000}
(-)(REG VAL) SubscriberApplicationID = '{00000000-0000-0000-0000-000000000000}'
(-)(REG VAL) SubscriberPartitionID = '{00000000-0000-0000-0000-000000000000}'
(-)(REG VAL) EventClassApplicationID = '{00000000-0000-0000-0000-000000000000}'
(-)(REG VAL) EventClassPartitionID = '{00000000-0000-0000-0000-000000000000}'
(-)(REG VAL) InterfaceID = '{9171F2F2-E6F8-445B-91C5-504BF41D1D07}'
(-)(REG VAL) Enabled = -1
(-)(REG VAL) OwnerSID = 'S-1-5-18'
(-)(REG VAL) PerUser = -1
(-)(REG VAL) MethodName = 'BackupComplete'
(-)(REG VAL) EventClassID = '{FAF53CC4-BD73-4E36-83F1-2B23F46E513E}'
(-)(REG VAL) SubscriptionName = '{CEFB1C20-65A5-4995-91E9-C675B9AD4922}'
(-)(REG VAL) SubscriptionID = '{86DB61CD-4D43-4E19-827C-146DFE51C458}'
(-)(REG VAL) Active = 1
(-)(REG KEY) HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EventSystem\{26c409cc-ae86-11d1-b616-00805fc79216}\Subscriptions\{D503781F-6E8A-4A45-AC46-FF2FC8E1B805}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000}
(-)(REG VAL) SubscriberApplicationID = '{00000000-0000-0000-0000-000000000000}'
(-)(REG VAL) SubscriberPartitionID = '{00000000-0000-0000-0000-000000000000}'
(-)(REG VAL) EventClassApplicationID = '{00000000-0000-0000-0000-000000000000}'
(-)(REG VAL) EventClassPartitionID = '{00000000-0000-0000-0000-000000000000}'
(-)(REG VAL) InterfaceID = '{9171F2F2-E6F8-445B-91C5-504BF41D1D07}'
(-)(REG VAL) Enabled = -1
(-)(REG VAL) OwnerSID = 'S-1-5-18'
(-)(REG VAL) PerUser = -1
(-)(REG VAL) MethodName = 'PrepareForBackup'
(-)(REG VAL) EventClassID = '{FAF53CC4-BD73-4E36-83F1-2B23F46E513E}'
(-)(REG VAL) SubscriptionName = '{CEFB1C20-65A5-4995-91E9-C675B9AD4922}'
(-)(REG VAL) SubscriptionID = '{D503781F-6E8A-4A45-AC46-FF2FC8E1B805}'
(-)(REG VAL) Active = 1
(-)(REG KEY) HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EventSystem\{26c409cc-ae86-11d1-b616-00805fc79216}\Subscriptions\{DE31F2C6-3F39-4D06-91AB-6DA080F3595F}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000}
(-)(REG VAL) SubscriberApplicationID = '{00000000-0000-0000-0000-000000000000}'
(-)(REG VAL) SubscriberPartitionID = '{00000000-0000-0000-0000-000000000000}'
(-)(REG VAL) EventClassApplicationID = '{00000000-0000-0000-0000-000000000000}'
(-)(REG VAL) EventClassPartitionID = '{00000000-0000-0000-0000-000000000000}'
(-)(REG VAL) InterfaceID = '{9171F2F2-E6F8-445B-91C5-504BF41D1D07}'
(-)(REG VAL) Enabled = -1
(-)(REG VAL) OwnerSID = 'S-1-5-18'
(-)(REG VAL) PerUser = -1
(-)(REG VAL) MethodName = 'RequestWriterInfo'
(-)(REG VAL) EventClassID = '{FAF53CC4-BD73-4E36-83F1-2B23F46E513E}'
(-)(REG VAL) SubscriptionName = '{CEFB1C20-65A5-4995-91E9-C675B9AD4922}'
(-)(REG VAL) SubscriptionID = '{DE31F2C6-3F39-4D06-91AB-6DA080F3595F}'
(-)(REG VAL) Active = 1
(-)(REG KEY) HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EventSystem\{26c409cc-ae86-11d1-b616-00805fc79216}\Subscriptions\{FFE7CAFD-BB42-469D-A30D-3A80C102EA2D}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000}
(-)(REG VAL) SubscriberApplicationID = '{00000000-0000-0000-0000-000000000000}'
(-)(REG VAL) SubscriberPartitionID = '{00000000-0000-0000-0000-000000000000}'
(-)(REG VAL) EventClassApplicationID = '{00000000-0000-0000-0000-000000000000}'
(-)(REG VAL) EventClassPartitionID = '{00000000-0000-0000-0000-000000000000}'
(-)(REG VAL) InterfaceID = '{9171F2F2-E6F8-445B-91C5-504BF41D1D07}'
(-)(REG VAL) Enabled = -1
(-)(REG VAL) OwnerSID = 'S-1-5-18'
(-)(REG VAL) PerUser = -1
(-)(REG VAL) MethodName = 'PostRestore'
(-)(REG VAL) EventClassID = '{FAF53CC4-BD73-4E36-83F1-2B23F46E513E}'
(-)(REG VAL) SubscriptionName = '{CEFB1C20-65A5-4995-91E9-C675B9AD4922}'
(-)(REG VAL) SubscriptionID = '{FFE7CAFD-BB42-469D-A30D-3A80C102EA2D}'
(-)(REG VAL) Active = 1
(REG KEY) HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Rpc
(*)(REG VAL) UuidSequenceNumber
40855615 ==> 40855616
(REG KEY) HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM
(*)(REG VAL) ProcessID
996 ==> 988
(REG KEY) HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\TRANSPORTS\Decoupled\Server
(*)(REG VAL) CreationTime
'20150202120139.774000+000' ==> '20150202121205.156000+000'
(*)(REG VAL) MarshaledProxy
MEOW...................F............%..B....a..B....................................................................................................................................................................................................... ==> MEOW...................F...............B.......B............-..........................................................................................................................................................................................
(*)(REG VAL) ProcessIdentifier
996 ==> 988
(REG KEY) HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Group Policy\State\Machine\Extension-List\{00000000-0000-0000-0000-000000000000}
(*)(REG VAL) EndTimeHi
30424800 ==> 30424801
(*)(REG VAL) EndTimeLo
126941787 ==> 2065294928
(*)(REG VAL) StartTimeHi
30424800 ==> 30424801
(*)(REG VAL) StartTimeLo
126941787 ==> 2065294928
(REG KEY) HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Group Policy\State\S-1-5-21-583907252-854245398-1957994488-1003\Extension-List\{00000000-0000-0000-0000-000000000000}
(*)(REG VAL) EndTimeHi
30424800 ==> 30424801
(*)(REG VAL) EndTimeLo
127062960 ==> 2065294928
(*)(REG VAL) StartTimeHi
30424800 ==> 30424801
(*)(REG VAL) StartTimeLo
126941787 ==> 2065294928
(REG KEY) HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion
(*)(REG VAL) LicenseInfo
4.0.Q..%m\b..>a."......3......)7s.0U.t./\.yY.e:.|#..S..j ==> 4.0.Q..%m\b..>a."......3..._...@.Y8`M.L..t.<....W].(...{
(REG KEY) HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Prefetcher
(*)(REG VAL) ExitTime
'2014/12/11-18:15:26' ==> '2015/02/02-13:11:53'
(*)(REG VAL) StartTime
'2015/02/02-13:01:41' ==> '2015/02/02-13:12:06'
(REG KEY) HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-19
(*)(REG VAL) ProfileLoadTimeHigh
30424800 ==> 30424801
(*)(REG VAL) ProfileLoadTimeLow
15142488 ==> 1973965632
(REG KEY) HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-20
(*)(REG VAL) ProfileLoadTimeHigh
30424800 ==> 30424801
(*)(REG VAL) ProfileLoadTimeLow
11066642 ==> 1969759584
(REG KEY) HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-21-583907252-854245398-1957994488-1003
(*)(REG VAL) ProfileLoadTimeHigh
30424800 ==> 30424801
(*)(REG VAL) ProfileLoadTimeLow
18667544 ==> 1977971392
(REG KEY) HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Print\Providers
(*)(REG VAL) LogonTime
%....>.. ==> ..E..>..
(REG KEY) HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Session Manager\Memory Management\PrefetchParameters
(*)(REG VAL) VideoInitTime
831 ==> 180
(REG KEY) HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Watchdog\Display
(*)(REG VAL) ShutdownCount
83 ==> 84
(REG KEY) HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Windows
(*)(REG VAL) ShutdownTime
D!..f... ==> ...n.>..
(REG KEY) HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\ACPI\PNP0700\4&1d401fb5&0\Control
(*)(REG VAL) FilteredConfigVector
.................`.......lW...........................6......lW..lW..lW................................................................................................................................. ==> .................`.......\L.........................p.S......\L..\L..\L.................................................................................................................................
(REG KEY) HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\ACPI\PNP0A03\0\Control
(*)(REG VAL) FilteredConfigVector
............................................................................................................................................ ............................... ................................`...............................`.............................. ............................... ................................`...............................`.............................. ............................... ................................`...............................`.............................. ..............@................ ..............@.................`.........@.....................`.........@............................................................................................ ............................... ................................`...............................`.............................. ............................... ................................`...............................`.............................. ............................... ................................`...............................`.............................. ..............@................ ..............@.................`.........@.....................`.........@................ ==> ....................................................!....................................................................................... ............................... ................................`...............................`.............................. ............................... ................................`...............................`.............................. ............................... ................................`...............................`.............................. ..............@................ ..............@.................`.........@.....................`.........@............................................................................................ ............................... ................................`...............................`.............................. ............................... ................................`...............................`.............................. ............................... ................................`...............................`.............................. ..............@................ ..............@.................`.........@.....................`.........@................
(REG KEY) HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\ACPI\PNP0A03\0\Device Parameters\BiosConfig
(*)(REG VAL) DEV_03&FUN_00
".. ....@.......!...........................".. ................ ==> ".. ....@....`..!...........................".. ................
(REG KEY) HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\ACPI\PNP0F03\4&1d401fb5&0\Control
(*)(REG VAL) FilteredConfigVector
h.................<...=.Q.A............................................................................. ==> h...............YCE.I.S..CE.............................................................................
(REG KEY) HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\PCI\VEN_80EE&DEV_BEEF&SUBSYS_00000000&REV_00\3&267a616a&0&10\Control
(*)(REG VAL) FilteredConfigVector
................................................................................................................................................................................................................ ....................................................... ==> ..............................................................................................................................................................................0...............................5. .............................0.........................
(-)(REG KEY) HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_PROCEXP141\0000\Control
(-)(REG VAL) ActiveService = 'PROCEXP141'
(REG KEY) HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\{D0DF5A40-0201-4EC1-85F2-2418D87E2E73}\Parameters\Tcpip
(*)(REG VAL) LeaseObtainedTime
1422878553 ==> 1422879125
(*)(REG VAL) LeaseTerminatesTime
1422964953 ==> 1422965525
(*)(REG VAL) T1
1422921753 ==> 1422922325
(*)(REG VAL) T2
1422954153 ==> 1422954725
(REG KEY) HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Dhcp\Parameters
(*)(REG VAL) {D0DF5A40-0201-4EC1-85F2-2418D87E2E73}
6..................T....3..................T..Q....................T_/.........................T.......................T....5..................T.... ==> 6..................T....3..................T..Q....................T_/.........................T.......................T....5..................T....
(REG KEY) HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{D0DF5A40-0201-4EC1-85F2-2418D87E2E73}
(*)(REG VAL) LeaseObtainedTime
1422878553 ==> 1422879125
(*)(REG VAL) LeaseTerminatesTime
1422964953 ==> 1422965525
(*)(REG VAL) T1
1422921753 ==> 1422922325
(*)(REG VAL) T2
1422954153 ==> 1422954725
(REG KEY) HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\W32Time\TimeProviders\NtpClient
(*)(REG VAL) SpecialPollTimeRemaining
time.windows.com,7c3495d............ ==> time.windows.com,7c9eb71............
(+)(REG KEY) HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E967-E325-11CE-BFC1-08002BE10318}\0012
(+)(REG VAL) DriverDesc = 'Diskovß jednotka '
(+)(REG VAL) MatchingDeviceId = 'gendisk'
(+)(REG VAL) DriverVersion = '5.1.2535.0'
(+)(REG VAL) DriverDate = '7-1-2001'
(+)(REG VAL) DriverDateData = ..b.....
(+)(REG VAL) ProviderName = 'Microsoft'
(+)(REG VAL) InfSectionExt = '.NT'
(+)(REG VAL) InfSection = 'disk_install'
(+)(REG VAL) InfPath = 'disk.inf'
(REG KEY) HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Session Manager\Memory Management\PrefetchParameters
(*)(REG VAL) VideoInitTime
831 ==> 180
(REG KEY) HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Watchdog\Display
(*)(REG VAL) ShutdownCount
83 ==> 84
(REG KEY) HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Windows
(*)(REG VAL) ShutdownTime
D!..f... ==> ...n.>..
(REG KEY) HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\IDE\DiskVBOX_HARDDISK___________________________1.0_____\42563039343831383339332d6662666466642036
(+)(REG VAL) Class = 'DiskDrive'
(+)(REG VAL) Driver = '{4D36E967-E325-11CE-BFC1-08002BE10318}\0012'
(+)(REG VAL) FriendlyName = 'VBOX HARDDISK'
(+)(REG VAL) Mfg = '(StandardnÝ diskovÚ jednotky)'
(*)(REG VAL) ConfigFlags
1024 ==> 0
(*)(REG VAL) DeviceDesc
'VBOX HARDDISK' ==> 'Diskovß jednotka '
(REG KEY) HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\{D0DF5A40-0201-4EC1-85F2-2418D87E2E73}\Parameters\Tcpip
(*)(REG VAL) LeaseObtainedTime
1422878553 ==> 1422879125
(*)(REG VAL) LeaseTerminatesTime
1422964953 ==> 1422965525
(*)(REG VAL) T1
1422921753 ==> 1422922325
(*)(REG VAL) T2
1422954153 ==> 1422954725
(REG KEY) HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Dhcp\Parameters
(*)(REG VAL) {D0DF5A40-0201-4EC1-85F2-2418D87E2E73}
6..................T....3..................T..Q....................T_/.........................T.......................T....5..................T.... ==> 6..................T....3..................T..Q....................T_/.........................T.......................T....5..................T....
(REG KEY) HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Tcpip\Parameters\Interfaces\{D0DF5A40-0201-4EC1-85F2-2418D87E2E73}
(*)(REG VAL) LeaseObtainedTime
1422878553 ==> 1422879125
(*)(REG VAL) LeaseTerminatesTime
1422964953 ==> 1422965525
(*)(REG VAL) T1
1422921753 ==> 1422922325
(*)(REG VAL) T2
1422954153 ==> 1422954725
(REG KEY) HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\W32Time\TimeProviders\NtpClient
(*)(REG VAL) SpecialPollTimeRemaining
time.windows.com,7c3495d............ ==> time.windows.com,7c9eb71............
(REG KEY) HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Print\Providers
(*)(REG VAL) LogonTime
%....>.. ==> ..E..>..
(REG KEY) HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management\PrefetchParameters
(*)(REG VAL) VideoInitTime
831 ==> 180
(REG KEY) HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Watchdog\Display
(*)(REG VAL) ShutdownCount
83 ==> 84
(REG KEY) HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Windows
(*)(REG VAL) ShutdownTime
D!..f... ==> ...n.>..
(REG KEY) HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\ACPI\PNP0700\4&1d401fb5&0\Control
(*)(REG VAL) FilteredConfigVector
.................`.......lW...........................6......lW..lW..lW................................................................................................................................. ==> .................`.......\L.........................p.S......\L..\L..\L.................................................................................................................................
(REG KEY) HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\ACPI\PNP0A03\0\Control
(*)(REG VAL) FilteredConfigVector
............................................................................................................................................ ............................... ................................`...............................`.............................. ............................... ................................`...............................`.............................. ............................... ................................`...............................`.............................. ..............@................ ..............@.................`.........@.....................`.........@............................................................................................ ............................... ................................`...............................`.............................. ............................... ................................`...............................`.............................. ............................... ................................`...............................`.............................. ..............@................ ..............@.................`.........@.....................`.........@................ ==> ....................................................!....................................................................................... ............................... ................................`...............................`.............................. ............................... ................................`...............................`.............................. ............................... ................................`...............................`.............................. ..............@................ ..............@.................`.........@.....................`.........@............................................................................................ ............................... ................................`...............................`.............................. ............................... ................................`...............................`.............................. ............................... ................................`...............................`.............................. ..............@................ ..............@.................`.........@.....................`.........@................
(REG KEY) HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\ACPI\PNP0A03\0\Device Parameters\BiosConfig
(*)(REG VAL) DEV_03&FUN_00
".. ....@.......!...........................".. ................ ==> ".. ....@....`..!...........................".. ................
(REG KEY) HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\ACPI\PNP0F03\4&1d401fb5&0\Control
(*)(REG VAL) FilteredConfigVector
h.................<...=.Q.A............................................................................. ==> h...............YCE.I.S..CE.............................................................................
(REG KEY) HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\PCI\VEN_80EE&DEV_BEEF&SUBSYS_00000000&REV_00\3&267a616a&0&10\Control
(*)(REG VAL) FilteredConfigVector
................................................................................................................................................................................................................ ....................................................... ==> ..............................................................................................................................................................................0...............................5. .............................0.........................
(-)(REG KEY) HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_PROCEXP141\0000\Control
(-)(REG VAL) ActiveService = 'PROCEXP141'
(REG KEY) HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\{D0DF5A40-0201-4EC1-85F2-2418D87E2E73}\Parameters\Tcpip
(*)(REG VAL) LeaseObtainedTime
1422878553 ==> 1422879125
(*)(REG VAL) LeaseTerminatesTime
1422964953 ==> 1422965525
(*)(REG VAL) T1
1422921753 ==> 1422922325
(*)(REG VAL) T2
1422954153 ==> 1422954725
(REG KEY) HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Dhcp\Parameters
(*)(REG VAL) {D0DF5A40-0201-4EC1-85F2-2418D87E2E73}
6..................T....3..................T..Q....................T_/.........................T.......................T....5..................T.... ==> 6..................T....3..................T..Q....................T_/.........................T.......................T....5..................T....
(REG KEY) HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{D0DF5A40-0201-4EC1-85F2-2418D87E2E73}
(*)(REG VAL) LeaseObtainedTime
1422878553 ==> 1422879125
(*)(REG VAL) LeaseTerminatesTime
1422964953 ==> 1422965525
(*)(REG VAL) T1
1422921753 ==> 1422922325
(*)(REG VAL) T2
1422954153 ==> 1422954725
(REG KEY) HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W32Time\TimeProviders\NtpClient
(*)(REG VAL) SpecialPollTimeRemaining
time.windows.com,7c3495d............ ==> time.windows.com,7c9eb71............
(REG KEY) HKEY_USERS\S-1-5-21-583907252-854245398-1957994488-1003\SessionInformation
(*)(REG VAL) ProgramCount
3 ==> 1
(REG KEY) HKEY_USERS\S-1-5-21-583907252-854245398-1957994488-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\Discardable\PostSetup\Component Categories\{00021493-0000-0000-C000-000000000046}\Enum
(*)(REG VAL) Implementing
..................../........$.0.j...t..O..8.1h2.H.D.B|*D..x.1..hG...\....=.aN..x.......O..nbN..x.......O..ndN..x.......O..n ==> .............................$.0.j...t..O..8.1h2.H.D.B|*D..x.1..hG...\....=.aN..x.......O..nbN..x.......O..ndN..x.......O..n
(REG KEY) HKEY_USERS\S-1-5-21-583907252-854245398-1957994488-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\Discardable\PostSetup\Component Categories\{00021494-0000-0000-C000-000000000046}\Enum
(*)(REG VAL) Implementing
..................../.......%.\Mu.......O..v ==> ............................%.\Mu.......O..v
(+)(REG KEY) HKEY_USERS\S-1-5-21-583907252-854245398-1957994488-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\SessionInfo\0000000000008fc1
(+)(REG KEY) HKEY_USERS\S-1-5-21-583907252-854245398-1957994488-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\SessionInfo\0000000000008fc1\StartupHasBeenRun
(-)(REG KEY) HKEY_USERS\S-1-5-21-583907252-854245398-1957994488-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\SessionInfo\0000000000008eb5
(-)(REG KEY) HKEY_USERS\S-1-5-21-583907252-854245398-1957994488-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\SessionInfo\0000000000008eb5\StartupHasBeenRun
(REG KEY) HKEY_USERS\S-1-5-21-583907252-854245398-1957994488-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\Streams\Desktop
(*)(REG VAL) Taskbar
..................+.dW...n..O..."...........................L..................F........ ........~..e...x._;.................................P.O. .:i.....+00.../C:\...................\.1......B.[..DOCUME~1..D........BZc.E......D.o.c.u.m.e.n.t.s. .a.n.d. .S.e.t.t.i.n.g.s.....6.1......D....Admin."........B.[.E......A.d.m.i.n.....^.1......C.m..DATAAP~1..F........B.[.E....0.D.a.t.a. .a.p.l.i.k.a.c.....@shell32.dll,-21765...B.1......B.[..MICROS~1..*........B.[.B.[....M.i.c.r.o.s.o.f.t.....R.1......B.[..INTERN~1..:........B.[.B.[....I.n.t.e.r.n.e.t. .E.x.p.l.o.r.e.r.....H.1......B.[..QUICKL~1..0........B.[.B.[....Q.u.i.c.k. .L.a.u.n.c.h.......`.......X.......pikacu2...........0.8.rC..IS...s.........2..'.....0.8.rC..IS...s.........2..'...........................................Z.......L.2......B.` .TOTALCMD.lnk..0........B.`.E......T.O.T.A.L.C.M.D...l.n.k...........h.......Z.2.O....B.[ .ZOBRAZ~1.SCF..>........B.[.E......Z.o.b.r.a.z.i.t. .p.l.o.c.h.u...s.c.f...............`....................................O(hHj...x..O.......`......................................T?.2N.2S.jP .-...`............................... ==> ..................+.dW...n..O..."...........................L..................F........ .........E..>..x._;.................................P.O. .:i.....+00.../C:\...................\.1......B.[..DOCUME~1..D........BZcBF/`....D.o.c.u.m.e.n.t.s. .a.n.d. .S.e.t.t.i.n.g.s.....6.1......D....Admin."........B.[BF/`....A.d.m.i.n.....^.1......C.m..DATAAP~1..F........B.[BF/`..0.D.a.t.a. .a.p.l.i.k.a.c.....@shell32.dll,-21765...B.1......B.[..MICROS~1..*........B.[.B.[....M.i.c.r.o.s.o.f.t.....R.1......B.[..INTERN~1..:........B.[.B.[....I.n.t.e.r.n.e.t. .E.x.p.l.o.r.e.r.....H.1......B.[..QUICKL~1..0........B.[.B.[....Q.u.i.c.k. .L.a.u.n.c.h.......`.......X.......pikacu2...........0.8.rC..IS...s.........2..'.....0.8.rC..IS...s.........2..'...........................................Z.......L.2......B.` .TOTALCMD.lnk..0........B.`BF5`....T.O.T.A.L.C.M.D...l.n.k...........h.......Z.2.O....B.[ .ZOBRAZ~1.SCF..>........B.[BF5`....Z.o.b.r.a.z.i.t. .p.l.o.c.h.u...s.c.f...............`....................................O(hHj...x..O.......`......................................T?.2N.2S.jP .-...`...............................
(REG KEY) HKEY_USERS\S-1-5-21-583907252-854245398-1957994488-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count
(*)(REG VAL) HRZR_EHACNGU
........p._!.>.. ==> ...........g.>..
(*)(REG VAL) HRZR_EHACNGU:P:\Cebtenz Svyrf\Zbmvyyn Sversbk\sversbk.rkr
........@....>.. ==> ...........g.>..
(*)(REG VAL) HRZR_EHACNGU:Zbmvyyn Sversbk.yax
.............>.. ==> ...........f.>..
(*)(REG VAL) HRZR_HVFPHG
........`.Q!.>.. ==> ...........f.>..
(*)(REG VAL) HRZR_PGYFRFFVBA
0....... ==> .... ...
(REG KEY) HKEY_USERS\S-1-5-21-583907252-854245398-1957994488-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
(*)(REG VAL) SavedLegacySettings
<...M............................A`..................... ==> <...Q............................A`.....................
(REG KEY) HKEY_USERS\S-1-5-21-583907252-854245398-1957994488-1003\Software\Microsoft\Windows\Shell\Bags\1\Desktop
(*)(REG VAL) ItemPos1366x663(1)
...........................P.O. .:i.....+00.....Q......X`,. .:i.....+00............`@._d.P......./.N`..........h.S...Bi.....+00.A...Q...L.:......B.c .CCleaner.lnk..0........B.c.Dj.....C.C.l.e.a.n.e.r...l.n.k.........Q...P.:.,....B`a .DEFRAG~1.LNK..4........B`a.Di.....D.e.f.r.a.g.g.l.e.r...l.n.k.............N.:......B.d .IRFANV~1.LNK..2........B.d.Dj.....I.r.f.a.n.V.i.e.w...l.n.k.............N.:......B]d .MOZBAC~1.LNK..2........B]d.Dj.....M.o.z.B.a.c.k.u.p...l.n.k.........>...Z.:.B....B.d .MOZILL~1.LNK..>........B.dBFC`....M.o.z.i.l.l.a. .F.i.r.e.f.o.x...l.n.k.............F.:......B.d .Recuva.lnk..,........B.d.Dj.....R.e.c.u.v.a...l.n.k.........Q...N.:......CQh .TRUECR~1.LNK..2........CQh.Di.....T.r.u.e.C.r.y.p.t...l.n.k.....A.......R.:......C.t .ULTRAD~1.LNK..6........C.t.Dj.....U.l.t.r.a.D.e.f.r.a.g...l.n.k.........Q...\.:......B.d .VLCMED~1.LNK..@........B.d.Dj.....V.L.C. .m.e.d.i.a. .p.l.a.y.e.r...l.n.k.....`...Q...L.1.....1C.[0.CIVILI~1..4........B.eBF/`....C.i.v.i.l.i.z.a.t.i.o.n. .2.............v.2......B.k .ALLFRE~2.LNK..Z........B.k.Di.....A.l.l. .F.r.e.e. .D.V.D. .t.o. .A.V.I. .C.o.n.v.e.r.t.e.r...l.n.k.........Q...l.2......B.F .ALLFRE~1.LNK..P........B.F.Di.....A.l.l. .F.r.e.e. .V.i.d.e.o. .C.o.n.v.e.r.t.e.r...l.n.k.............@.2......B.e .civ2.lnk..(........B.e.Di.....c.i.v.2...l.n.k.............X.2.`...5C.. .CIVILI~1.LNK..<.......5C...Di.....C.i.v.i.l.i.z.a.t.i.o.n.I.I...l.n.k.....`.......B.2......CQD .linky.txt.*........C.I.C.I....l.i.n.k.y...t.x.t.............H.2.h.3.n>.V .procexp.exe..........B6aBF:`....p.r.o.c.e.x.p...e.x.e.....".......\.2......BRd .REVOUN~1.LNK..@........BRd.Di.....R.e.v.o. .U.n.i.n.s.t.a.l.l.e.r...l.n.k....."...Q...Z.2.z....B.d .TOTALU~1.LNK..>........B.dBFR`....T.o.t.a.l. .U.n.i.n.s.t.a.l.l...l.n.k.....`.......L.2......Bq` .TOTALCMD.lnk..0........Bq`BF8`....T.O.T.A.L.C.M.D...l.n.k.....`...>...|.2......C.{ .ZSTUPC~1.LNK..`........B.q.Di.....Z...s.t.u.p.c.e. .-. .S.t.a.r.t. .T.o.r. .B.r.o.w.s.e.r...e.x.e...l.n.k.....`...>....... ==> ...........................P.O. .:i.....+00.....Q......X`,. .:i.....+00............`@._d.P......./.N`..........h.S...Bi.....+00.A...Q...L.:......B.c .CCleaner.lnk..0........B.c.Dj.....C.C.l.e.a.n.e.r...l.n.k.........Q...P.:.,....B`a .DEFRAG~1.LNK..4........B`a.Di.....D.e.f.r.a.g.g.l.e.r...l.n.k.............N.:......B.d .IRFANV~1.LNK..2........B.d.Dj.....I.r.f.a.n.V.i.e.w...l.n.k.............N.:......B]d .MOZBAC~1.LNK..2........B]d.Dj.....M.o.z.B.a.c.k.u.p...l.n.k.........>...Z.:.B....B.d .MOZILL~1.LNK..>........B.dBFC`....M.o.z.i.l.l.a. .F.i.r.e.f.o.x...l.n.k.............F.:......B.d .Recuva.lnk..,........B.d.Dj.....R.e.c.u.v.a...l.n.k.........Q...N.:......CQh .TRUECR~1.LNK..2........CQh.Di.....T.r.u.e.C.r.y.p.t...l.n.k.....A.......R.:......C.t .ULTRAD~1.LNK..6........C.t.Dj.....U.l.t.r.a.D.e.f.r.a.g...l.n.k.........Q...\.:......B.d .VLCMED~1.LNK..@........B.d.Dj.....V.L.C. .m.e.d.i.a. .p.l.a.y.e.r...l.n.k.....`...Q...L.1.....1C.[0.CIVILI~1..4........B.eBF/`....C.i.v.i.l.i.z.a.t.i.o.n. .2.............v.2......B.k .ALLFRE~2.LNK..Z........B.k.Di.....A.l.l. .F.r.e.e. .D.V.D. .t.o. .A.V.I. .C.o.n.v.e.r.t.e.r...l.n.k.........Q...l.2......B.F .ALLFRE~1.LNK..P........B.F.Di.....A.l.l. .F.r.e.e. .V.i.d.e.o. .C.o.n.v.e.r.t.e.r...l.n.k.............@.2......B.e .civ2.lnk..(........B.e.Di.....c.i.v.2...l.n.k.............X.2.`...5C.. .CIVILI~1.LNK..<.......5C...Di.....C.i.v.i.l.i.z.a.t.i.o.n.I.I...l.n.k.........+...V.2.....BF.` .GOOGLE~1.LNK..:.......BF.`BF.`....G.o.o.g.l.e. .C.h.r.o.m.e...l.n.k.....`.......B.2......CQD .linky.txt.*........C.I.C.I....l.i.n.k.y...t.x.t.............H.2.h.3.n>.V .procexp.exe..........B6aBF:`....p.r.o.c.e.x.p...e.x.e.....".......\.2......BRd .REVOUN~1.LNK..@........BRd.Di.....R.e.v.o. .U.n.i.n.s.t.a.l.l.e.r...l.n.k....."...Q...Z.2.z....B.d .TOTALU~1.LNK..>........B.dBFR`....T.o.t.a.l. .U.n.i.n.s.t.a.l.l...l.n.k.....`.......L.2......Bq` .TOTALCMD.lnk..0........Bq`BF8`....T.O.T.A.L.C.M.D...l.n.k.....`...>...|.2......C.{ .ZSTUPC~1.LNK..`........B.q.Di.....Z...s.t.u.p.c.e. .-. .S.t.a.r.t. .T.o.r. .B.r.o.w.s.e.r...e.x.e...l.n.k.....`...>.......
(REG KEY) HKEY_USERS\S-1-5-21-583907252-854245398-1957994488-1003\Software\Sysinternals\Process Explorer
(*)(REG VAL) ProcessSortColumn
3 ==> 0
(*)(REG VAL) ShowProcessTree
0 ==> 1
(*)(REG VAL) Windowplacement
,...........................d...2.......&... ==> ,...........................d...2.......&...
(REG KEY) HKEY_CURRENT_USER\SessionInformation
(*)(REG VAL) ProgramCount
3 ==> 1
(REG KEY) HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Discardable\PostSetup\Component Categories\{00021493-0000-0000-C000-000000000046}\Enum
(*)(REG VAL) Implementing
..................../........$.0.j...t..O..8.1h2.H.D.B|*D..x.1..hG...\....=.aN..x.......O..nbN..x.......O..ndN..x.......O..n ==> .............................$.0.j...t..O..8.1h2.H.D.B|*D..x.1..hG...\....=.aN..x.......O..nbN..x.......O..ndN..x.......O..n
(REG KEY) HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Discardable\PostSetup\Component Categories\{00021494-0000-0000-C000-000000000046}\Enum
(*)(REG VAL) Implementing
..................../.......%.\Mu.......O..v ==> ............................%.\Mu.......O..v
(+)(REG KEY) HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\SessionInfo\0000000000008fc1
(+)(REG KEY) HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\SessionInfo\0000000000008fc1\StartupHasBeenRun
(-)(REG KEY) HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\SessionInfo\0000000000008eb5
(-)(REG KEY) HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\SessionInfo\0000000000008eb5\StartupHasBeenRun
(REG KEY) HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Streams\Desktop
(*)(REG VAL) Taskbar
..................+.dW...n..O..."...........................L..................F........ ........~..e...x._;.................................P.O. .:i.....+00.../C:\...................\.1......B.[..DOCUME~1..D........BZc.E......D.o.c.u.m.e.n.t.s. .a.n.d. .S.e.t.t.i.n.g.s.....6.1......D....Admin."........B.[.E......A.d.m.i.n.....^.1......C.m..DATAAP~1..F........B.[.E....0.D.a.t.a. .a.p.l.i.k.a.c.....@shell32.dll,-21765...B.1......B.[..MICROS~1..*........B.[.B.[....M.i.c.r.o.s.o.f.t.....R.1......B.[..INTERN~1..:........B.[.B.[....I.n.t.e.r.n.e.t. .E.x.p.l.o.r.e.r.....H.1......B.[..QUICKL~1..0........B.[.B.[....Q.u.i.c.k. .L.a.u.n.c.h.......`.......X.......pikacu2...........0.8.rC..IS...s.........2..'.....0.8.rC..IS...s.........2..'...........................................Z.......L.2......B.` .TOTALCMD.lnk..0........B.`.E......T.O.T.A.L.C.M.D...l.n.k...........h.......Z.2.O....B.[ .ZOBRAZ~1.SCF..>........B.[.E......Z.o.b.r.a.z.i.t. .p.l.o.c.h.u...s.c.f...............`....................................O(hHj...x..O.......`......................................T?.2N.2S.jP .-...`............................... ==> ..................+.dW...n..O..."...........................L..................F........ .........E..>..x._;.................................P.O. .:i.....+00.../C:\...................\.1......B.[..DOCUME~1..D........BZcBF/`....D.o.c.u.m.e.n.t.s. .a.n.d. .S.e.t.t.i.n.g.s.....6.1......D....Admin."........B.[BF/`....A.d.m.i.n.....^.1......C.m..DATAAP~1..F........B.[BF/`..0.D.a.t.a. .a.p.l.i.k.a.c.....@shell32.dll,-21765...B.1......B.[..MICROS~1..*........B.[.B.[....M.i.c.r.o.s.o.f.t.....R.1......B.[..INTERN~1..:........B.[.B.[....I.n.t.e.r.n.e.t. .E.x.p.l.o.r.e.r.....H.1......B.[..QUICKL~1..0........B.[.B.[....Q.u.i.c.k. .L.a.u.n.c.h.......`.......X.......pikacu2...........0.8.rC..IS...s.........2..'.....0.8.rC..IS...s.........2..'...........................................Z.......L.2......B.` .TOTALCMD.lnk..0........B.`BF5`....T.O.T.A.L.C.M.D...l.n.k...........h.......Z.2.O....B.[ .ZOBRAZ~1.SCF..>........B.[BF5`....Z.o.b.r.a.z.i.t. .p.l.o.c.h.u...s.c.f...............`....................................O(hHj...x..O.......`......................................T?.2N.2S.jP .-...`...............................
(REG KEY) HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count
(*)(REG VAL) HRZR_EHACNGU
........p._!.>.. ==> ...........g.>..
(*)(REG VAL) HRZR_EHACNGU:P:\Cebtenz Svyrf\Zbmvyyn Sversbk\sversbk.rkr
........@....>.. ==> ...........g.>..
(*)(REG VAL) HRZR_EHACNGU:Zbmvyyn Sversbk.yax
.............>.. ==> ...........f.>..
(*)(REG VAL) HRZR_HVFPHG
........`.Q!.>.. ==> ...........f.>..
(*)(REG VAL) HRZR_PGYFRFFVBA
0....... ==> .... ...
(REG KEY) HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
(*)(REG VAL) SavedLegacySettings
<...M............................A`..................... ==> <...Q............................A`.....................
(REG KEY) HKEY_CURRENT_USER\Software\Microsoft\Windows\Shell\Bags\1\Desktop
(*)(REG VAL) ItemPos1366x663(1)
...........................P.O. .:i.....+00.....Q......X`,. .:i.....+00............`@._d.P......./.N`..........h.S...Bi.....+00.A...Q...L.:......B.c .CCleaner.lnk..0........B.c.Dj.....C.C.l.e.a.n.e.r...l.n.k.........Q...P.:.,....B`a .DEFRAG~1.LNK..4........B`a.Di.....D.e.f.r.a.g.g.l.e.r...l.n.k.............N.:......B.d .IRFANV~1.LNK..2........B.d.Dj.....I.r.f.a.n.V.i.e.w...l.n.k.............N.:......B]d .MOZBAC~1.LNK..2........B]d.Dj.....M.o.z.B.a.c.k.u.p...l.n.k.........>...Z.:.B....B.d .MOZILL~1.LNK..>........B.dBFC`....M.o.z.i.l.l.a. .F.i.r.e.f.o.x...l.n.k.............F.:......B.d .Recuva.lnk..,........B.d.Dj.....R.e.c.u.v.a...l.n.k.........Q...N.:......CQh .TRUECR~1.LNK..2........CQh.Di.....T.r.u.e.C.r.y.p.t...l.n.k.....A.......R.:......C.t .ULTRAD~1.LNK..6........C.t.Dj.....U.l.t.r.a.D.e.f.r.a.g...l.n.k.........Q...\.:......B.d .VLCMED~1.LNK..@........B.d.Dj.....V.L.C. .m.e.d.i.a. .p.l.a.y.e.r...l.n.k.....`...Q...L.1.....1C.[0.CIVILI~1..4........B.eBF/`....C.i.v.i.l.i.z.a.t.i.o.n. .2.............v.2......B.k .ALLFRE~2.LNK..Z........B.k.Di.....A.l.l. .F.r.e.e. .D.V.D. .t.o. .A.V.I. .C.o.n.v.e.r.t.e.r...l.n.k.........Q...l.2......B.F .ALLFRE~1.LNK..P........B.F.Di.....A.l.l. .F.r.e.e. .V.i.d.e.o. .C.o.n.v.e.r.t.e.r...l.n.k.............@.2......B.e .civ2.lnk..(........B.e.Di.....c.i.v.2...l.n.k.............X.2.`...5C.. .CIVILI~1.LNK..<.......5C...Di.....C.i.v.i.l.i.z.a.t.i.o.n.I.I...l.n.k.....`.......B.2......CQD .linky.txt.*........C.I.C.I....l.i.n.k.y...t.x.t.............H.2.h.3.n>.V .procexp.exe..........B6aBF:`....p.r.o.c.e.x.p...e.x.e.....".......\.2......BRd .REVOUN~1.LNK..@........BRd.Di.....R.e.v.o. .U.n.i.n.s.t.a.l.l.e.r...l.n.k....."...Q...Z.2.z....B.d .TOTALU~1.LNK..>........B.dBFR`....T.o.t.a.l. .U.n.i.n.s.t.a.l.l...l.n.k.....`.......L.2......Bq` .TOTALCMD.lnk..0........Bq`BF8`....T.O.T.A.L.C.M.D...l.n.k.....`...>...|.2......C.{ .ZSTUPC~1.LNK..`........B.q.Di.....Z...s.t.u.p.c.e. .-. .S.t.a.r.t. .T.o.r. .B.r.o.w.s.e.r...e.x.e...l.n.k.....`...>....... ==> ...........................P.O. .:i.....+00.....Q......X`,. .:i.....+00............`@._d.P......./.N`..........h.S...Bi.....+00.A...Q...L.:......B.c .CCleaner.lnk..0........B.c.Dj.....C.C.l.e.a.n.e.r...l.n.k.........Q...P.:.,....B`a .DEFRAG~1.LNK..4........B`a.Di.....D.e.f.r.a.g.g.l.e.r...l.n.k.............N.:......B.d .IRFANV~1.LNK..2........B.d.Dj.....I.r.f.a.n.V.i.e.w...l.n.k.............N.:......B]d .MOZBAC~1.LNK..2........B]d.Dj.....M.o.z.B.a.c.k.u.p...l.n.k.........>...Z.:.B....B.d .MOZILL~1.LNK..>........B.dBFC`....M.o.z.i.l.l.a. .F.i.r.e.f.o.x...l.n.k.............F.:......B.d .Recuva.lnk..,........B.d.Dj.....R.e.c.u.v.a...l.n.k.........Q...N.:......CQh .TRUECR~1.LNK..2........CQh.Di.....T.r.u.e.C.r.y.p.t...l.n.k.....A.......R.:......C.t .ULTRAD~1.LNK..6........C.t.Dj.....U.l.t.r.a.D.e.f.r.a.g...l.n.k.........Q...\.:......B.d .VLCMED~1.LNK..@........B.d.Dj.....V.L.C. .m.e.d.i.a. .p.l.a.y.e.r...l.n.k.....`...Q...L.1.....1C.[0.CIVILI~1..4........B.eBF/`....C.i.v.i.l.i.z.a.t.i.o.n. .2.............v.2......B.k .ALLFRE~2.LNK..Z........B.k.Di.....A.l.l. .F.r.e.e. .D.V.D. .t.o. .A.V.I. .C.o.n.v.e.r.t.e.r...l.n.k.........Q...l.2......B.F .ALLFRE~1.LNK..P........B.F.Di.....A.l.l. .F.r.e.e. .V.i.d.e.o. .C.o.n.v.e.r.t.e.r...l.n.k.............@.2......B.e .civ2.lnk..(........B.e.Di.....c.i.v.2...l.n.k.............X.2.`...5C.. .CIVILI~1.LNK..<.......5C...Di.....C.i.v.i.l.i.z.a.t.i.o.n.I.I...l.n.k.........+...V.2.....BF.` .GOOGLE~1.LNK..:.......BF.`BF.`....G.o.o.g.l.e. .C.h.r.o.m.e...l.n.k.....`.......B.2......CQD .linky.txt.*........C.I.C.I....l.i.n.k.y...t.x.t.............H.2.h.3.n>.V .procexp.exe..........B6aBF:`....p.r.o.c.e.x.p...e.x.e.....".......\.2......BRd .REVOUN~1.LNK..@........BRd.Di.....R.e.v.o. .U.n.i.n.s.t.a.l.l.e.r...l.n.k....."...Q...Z.2.z....B.d .TOTALU~1.LNK..>........B.dBFR`....T.o.t.a.l. .U.n.i.n.s.t.a.l.l...l.n.k.....`.......L.2......Bq` .TOTALCMD.lnk..0........Bq`BF8`....T.O.T.A.L.C.M.D...l.n.k.....`...>...|.2......C.{ .ZSTUPC~1.LNK..`........B.q.Di.....Z...s.t.u.p.c.e. .-. .S.t.a.r.t. .T.o.r. .B.r.o.w.s.e.r...e.x.e...l.n.k.....`...>.......
(REG KEY) HKEY_CURRENT_USER\Software\Sysinternals\Process Explorer
(*)(REG VAL) ProcessSortColumn
3 ==> 0
(*)(REG VAL) ShowProcessTree
0 ==> 1
(*)(REG VAL) Windowplacement
,...........................d...2.......&... ==> ,...........................d...2.......&...
Re: FB keylogger
Napsal: 02 úno 2015 13:45
a FRST:
Kód: Vybrat vše
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 01-02-2015
Ran by Admin (administrator) on PIKACU2 on 02-02-2015 13:16:25
Running from e:\
Loaded Profiles: Admin (Available profiles: Admin)
Platform: Systém Microsoft Windows XP Professional (X86) OS Language: Čeština
Internet Explorer Version 6 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Oracle Corporation) C:\WINDOWS\system32\VBoxService.exe
(Oracle Corporation) C:\WINDOWS\system32\VBoxTray.exe
(Gavrila Martau) C:\Program Files\Total Uninstall\Tun.exe
() C:\Documents and Settings\Admin\Data aplikací\Chromium.exe
(Ghisler Software GmbH) C:\totalcmd\TOTALCMD.EXE
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [VBoxTray] => C:\WINDOWS\System32\VBoxTray.exe [1340848 2014-11-21] (Oracle Corporation)
HKLM\...\Run: [KernelFaultCheck] => %systemroot%\system32\dumprep 0 -k
HKU\S-1-5-21-583907252-854245398-1957994488-1003\...\Run: [Google Chromium] => C:\Documents and Settings\Admin\Data aplikací\Chromium.exe [687701 2015-02-02] ()
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
HKU\S-1-5-21-583907252-854245398-1957994488-1003\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
HKU\S-1-5-21-583907252-854245398-1957994488-1003\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
URLSearchHook: HKU\S-1-5-21-583907252-854245398-1957994488-1003 - Modul přiřazení adres URL - {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\System32\shdocvw.dll (Microsoft Corporation)
URLSearchHook: HKU\S-1-5-21-583907252-854245398-1957994488-1003 - (No Name) - {f999a48b-1950-4d81-9971-79018f807b4b} - No File
HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs,Tabs: "" <======= ATTENTION
SearchScopes: HKLM -> DefaultScope value is missing.
SearchScopes: HKU\S-1-5-21-583907252-854245398-1957994488-1003 -> {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2737658&CUI=&UM=1
Toolbar: HKLM - &Rádio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx (Microsoft Corporation)
Toolbar: HKLM - No Name - {f999a48b-1950-4d81-9971-79018f807b4b} - No File
Toolbar: HKU\S-1-5-21-583907252-854245398-1957994488-1003 -> &Adresa - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\System32\browseui.dll (Společnost Microsoft)
Handler: lid - {5C135180-9973-46D9-ABF4-148267CBB8BF} - C:\WINDOWS\System32\msvidctl.dll (Microsoft Corporation)
Handler: vnd.ms.radio - {3DA2AA3B-3D96-11D2-9BD2-204C4F4F5020} - C:\WINDOWS\System32\msdxm.ocx (Microsoft Corporation)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 95.47.178.167 8.8.8.8
FireFox:
========
FF ProfilePath: C:\Documents and Settings\Admin\Data aplikací\Mozilla\Firefox\Profiles\y4wy1pwn.default
FF DefaultSearchEngine: ICQ Search
FF SelectedSearchEngine: ICQ Search
FF Homepage: hxxp://google.sk
FF NetworkProxy: "type", 0
FF Plugin: @videolan.org/vlc,version=2.0.6 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npnul32.dll (mozilla.org)
FF Extension: Image-Show-Hide - C:\Documents and Settings\Admin\Data aplikací\Mozilla\Firefox\Profiles\y4wy1pwn.default\Extensions\{92A24891-BA14-4e89-9FFD-07FFBE4334EE} [2013-07-23]
Chrome:
=======
CHR HKLM\...\Chrome\Extension: [pmcmflmkceipgecmhoddphflfndnfbbe] - C:\DOCUME~1\Admin\LOCALS~1\Temp\tbch.crx [Not Found]
========================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
S3 SCardDrv; C:\WINDOWS\System32\SCardSvr.exe [95232 2001-10-25] (Microsoft Corporation)
R2 uploadmgr; C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll [29184 2001-10-25] (Microsoft Corporation)
R2 VBoxService; C:\WINDOWS\System32\VBoxService.exe [1535536 2014-11-21] (Oracle Corporation)
R2 WmdmPmSp; C:\WINDOWS\System32\mspmspsv.dll [47104 2001-10-25] (Microsoft Corporation)
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R3 ac97intc; C:\WINDOWS\System32\drivers\ac97intc.sys [96256 2001-08-17] (Intel Corporation)
R3 Afc; C:\WINDOWS\System32\drivers\Afc.sys [18688 2006-11-10] (Arcsoft, Inc.)
S3 Secdrv; C:\WINDOWS\System32\DRIVERS\secdrv.sys [27440 2001-10-25] ()
R0 VBoxGuest; C:\WINDOWS\System32\DRIVERS\VBoxGuest.sys [117768 2014-11-21] (Oracle Corporation)
R3 VBoxMouse; C:\WINDOWS\System32\DRIVERS\VBoxMouse.sys [100240 2014-11-21] (Oracle Corporation)
R1 VBoxSF; C:\WINDOWS\System32\drivers\VBoxSF.sys [245488 2014-11-21] (Oracle Corporation)
R3 VBoxVideo; C:\WINDOWS\System32\DRIVERS\VBoxVideo.sys [118792 2014-11-21] (Oracle Corporation)
S4 hpt3xx; No ImagePath
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-02-02 13:16 - 2015-02-02 13:16 - 00000000 ____D () C:\FRST
2015-02-02 13:06 - 2015-02-02 13:06 - 00000791 _____ () C:\Documents and Settings\Admin\Plocha\Google Chrome.lnk
2015-02-02 13:06 - 2015-02-02 13:06 - 00000028 _____ () C:\Documents and Settings\Admin\Data aplikací\setting
2015-02-02 13:06 - 2015-02-02 13:06 - 00000000 ____D () C:\Program Files\Google
2015-02-02 13:06 - 2015-02-02 13:06 - 00000000 ____D () C:\Documents and Settings\Admin\Data aplikací\browser
2015-02-02 13:05 - 2015-02-02 13:12 - 00000009 _____ () C:\Documents and Settings\Admin\Data aplikací\ok.txt
2015-02-02 13:05 - 2015-02-02 13:06 - 31990778 _____ () C:\Documents and Settings\Admin\Data aplikací\arsiv.exe
2015-02-02 13:05 - 2015-02-02 13:05 - 00687701 _____ () C:\Documents and Settings\Admin\Data aplikací\Chromium.exe
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-02-02 13:16 - 2013-07-23 12:28 - 00000000 ____D () C:\Documents and Settings\Admin\Local Settings\Temp
2015-02-02 13:13 - 2013-07-23 18:05 - 00000000 ____D () C:\temp
2015-02-02 13:12 - 2013-07-23 13:39 - 00000000 ____D () C:\Program Files\Total Uninstall
2015-02-02 13:12 - 2013-07-23 12:28 - 00000000 __RHD () C:\Documents and Settings\Admin\Data aplikací
2015-02-02 13:12 - 2013-07-23 12:13 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2015-02-02 13:11 - 2013-07-23 12:28 - 00000180 ___SH () C:\Documents and Settings\Admin\ntuser.ini
2015-02-02 13:11 - 2013-07-23 12:21 - 00026472 _____ () C:\WINDOWS\SchedLgU.Txt
2015-02-02 13:06 - 2013-07-23 13:27 - 00921110 _____ () C:\WINDOWS\System32\PerfStringBackup.INI
2015-02-02 13:06 - 2013-07-23 12:28 - 00000000 ____D () C:\Documents and Settings\Admin\Plocha
2015-02-02 13:02 - 2014-11-20 18:03 - 00037860 _____ () C:\WINDOWS\setupapi.log
2015-02-02 13:01 - 2001-10-25 13:00 - 00002184 _____ () C:\WINDOWS\System32\wpa.dbl
==================== Files in the root of some directories =======
2015-02-02 13:05 - 2015-02-02 13:06 - 31990778 _____ () C:\Documents and Settings\Admin\Data aplikací\arsiv.exe
2015-02-02 13:05 - 2015-02-02 13:05 - 0687701 _____ () C:\Documents and Settings\Admin\Data aplikací\Chromium.exe
2015-02-02 13:05 - 2015-02-02 13:12 - 0000009 _____ () C:\Documents and Settings\Admin\Data aplikací\ok.txt
2015-02-02 13:06 - 2015-02-02 13:06 - 0000028 _____ () C:\Documents and Settings\Admin\Data aplikací\setting
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\System32\winlogon.exe => File is digitally signed
C:\WINDOWS\System32\svchost.exe => File is digitally signed
C:\WINDOWS\System32\services.exe => File is digitally signed
C:\WINDOWS\System32\User32.dll => File is digitally signed
C:\WINDOWS\System32\userinit.exe => File is digitally signed
C:\WINDOWS\System32\rpcss.dll => File is digitally signed
C:\WINDOWS\System32\Drivers\volsnap.sys => File is digitally signed
==================== End Of Log ============================Re: FB keylogger
Napsal: 02 úno 2015 13:46
Mimochodom, na danom OS prestali fungovat FF, Chrome aj IE.
EDIT: po odstreleni procesu Chromium.exe je mozne spustit aspon IE
EDIT: po odstreleni procesu Chromium.exe je mozne spustit aspon IE