API tools faq
paste
Advertisement
Guest User

zoek 2

a guest
Mar 5th, 2016
305
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 33.95 KB | None | 0 0
raw download clone embed print report
  1.  
  2. Zoek.exe v5.0.0.1 Updated 31-December-2015
  3. Tool run by Petr on so 05.03.2016 at 22:47:16,07.
  4. Microsoft Windows 7 Home Premium 6.1.7601 Service Pack 1 x64
  5. Running in: Normal Mode Internet Access Detected
  6. Launched: C:\Users\Petr\Downloads\zoek.exe [Scan all users] [Script inserted]
  7.  
  8. ==== Older Logs ======================
  9.  
  10. C:\zoek-results2016-03-05-204349.log 67297 bytes
  11.  
  12. ==== Chromium Look ======================
  13.  
  14. Google Slides - Petr\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek
  15. Google Docs - Petr\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake
  16. Google Drive - Petr\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf
  17. YouTube - Petr\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo
  18. Google Search - Petr\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf
  19. Google Sheets - Petr\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap
  20. Google Docs Offline - Petr\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi
  21. Until AM for Chrome - Petr\AppData\Local\Google\Chrome\User Data\Default\Extensions\mjafmkicbmhcbapadecadciafbkecofl
  22. Chrome Web Store Payments - Petr\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
  23. Seznam Lištička - Rychlá volba - Petr\AppData\Local\Google\Chrome\User Data\Default\Extensions\olfeabkoenfaoljndfecamgilllcpiak
  24. Gmail - Petr\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia
  25.  
  26. ==== Chromium Fix ======================
  27.  
  28. C:\Users\Petr\AppData\Local\Google\Chrome\User Data\Default\Extensions\olfeabkoenfaoljndfecamgilllcpiak deleted successfully
  29.  
  30. ==== Silent Runners ======================
  31.  
  32. "Silent Runners.vbs", revision 69.2, http://www.silentrunners.org/
  33. Output limited to non-default values, except where indicated by "{++}"
  34.  
  35.  
  36. Startup items buried in registry:
  37. ---------------------------------
  38.  
  39. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
  40. NvBackend = "C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe" [NVIDIA Corporation]
  41. ShadowPlay = "C:\Windows\system32\rundll32.exe" C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart [MS]
  42. MSC = "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey [MS]
  43.  
  44. HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
  45.  
  46. {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\(Default) = (no title provided)
  47. -> {HKLM...CLSID} = Java(tm) Plug-In SSV Helper
  48. \InProcServer32\(Default) = [file not found]
  49. -> {HKLM...Wow...CLSID} = Java(tm) Plug-In SSV Helper
  50. \InProcServer32\(Default) = C:\Program Files (x86)\Java\jre1.8.0_66\bin\ssv.dll [Oracle Corporation]
  51.  
  52. {DBC80044-A445-435b-BC74-9C25C1C588A9}\(Default) = (no title provided)
  53. -> {HKLM...CLSID} = Java(tm) Plug-In 2 SSV Helper
  54. \InProcServer32\(Default) = [file not found]
  55. -> {HKLM...Wow...CLSID} = Java(tm) Plug-In 2 SSV Helper
  56. \InProcServer32\(Default) = C:\Program Files (x86)\Java\jre1.8.0_66\bin\jp2ssv.dll [Oracle Corporation]
  57.  
  58. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
  59.  
  60. {B41DB860-64E4-11D2-9906-E49FADC173CA} = WinRAR shell extension
  61. -> {HKLM...CLSID} = WinRAR
  62. \InProcServer32\(Default) = C:\Program Files\WinRAR\rarext.dll [Alexander Roshal]
  63.  
  64. {c5aec3ec-e812-4677-a9a7-4fee1f9aa000} = Icaros Thumbnail Provider
  65. -> {HKLM...CLSID} = Icaros Thumbnail Provider
  66. \InProcServer32\(Default) = C:\Program Files (x86)\K-Lite Codec Pack\Icaros\64-bit\IcarosThumbnailProvider.dll [Tabibito Technology]
  67.  
  68. {0C08E3BB-D10B-4CC9-B1B3-701F5BE9D6EC} = Icaros Property Handler
  69. -> {HKLM...CLSID} = Icaros Property Handler
  70. \InProcServer32\(Default) = C:\Program Files (x86)\K-Lite Codec Pack\Icaros\64-bit\IcarosPropertyHandler.dll [Tabibito Technology]
  71.  
  72. {A70C977A-BF00-412C-90B7-034C51DA2439} = NvCpl DesktopContext Class
  73. -> {HKLM...CLSID} = DesktopContext Class
  74. \InProcServer32\(Default) = C:\Program Files\NVIDIA Corporation\Display\nvui.dll [NVIDIA Corporation]
  75.  
  76. {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} = NVIDIA Play On My TV Context Menu Extension
  77. -> {HKLM...CLSID} = NVIDIA CPL Context Menu Extension
  78. \InProcServer32\(Default) = C:\Windows\system32\nvshext.dll [NVIDIA Corporation]
  79.  
  80. {09A47860-11B0-4DA5-AFA5-26D86198A780} = EPP
  81. -> {HKLM...CLSID} = (no title provided)
  82. \InProcServer32\(Default) = c:\PROGRA~1\MICROS~3\shellext.dll [MS]
  83.  
  84. {AE424E85-F6DF-4910-A6A9-438797986431} = OpenOffice Property Handler
  85. -> {HKLM...CLSID} = OpenOffice Property Handler
  86. \InProcServer32\(Default) = C:\Program Files (x86)\OpenOffice 4\program\shlxthdl\propertyhdl_x64.dll [Apache Software Foundation]
  87.  
  88. {B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF} = iTunes
  89. -> {HKLM...CLSID} = iTunes
  90. \InProcServer32\(Default) = C:\Program Files\iTunes\iTunesMiniPlayer.dll [Apple Inc.]
  91.  
  92. {2C7DDECF-7A8E-48A5-A744-8F45D20FB1A9} = Image Catalog
  93. -> {HKLM...CLSID} = Image Catalog
  94. \InProcServer32\(Default) = C:\Program Files (x86)\DAEMON Tools Pro\DTShl64.dll [DT Soft Ltd]
  95.  
  96. {A929C4CE-FD36-4270-B4F5-34ECAC5BD63C} = NvAppShExt extension
  97. -> {HKLM...CLSID} = NvAppShExt Class
  98. \InProcServer32\(Default) = C:\Windows\system32\nv3dappshext.dll [NVIDIA Corporation]
  99.  
  100. {E97DEC16-A50D-49bb-AE24-CF682282E08D} = OpenGLShExt extension
  101. -> {HKLM...CLSID} = OpenGLShExt Class
  102. \InProcServer32\(Default) = C:\Windows\system32\nv3dappshext.dll [NVIDIA Corporation]
  103.  
  104. HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
  105.  
  106. {c5aec3ec-e812-4677-a9a7-4fee1f9aa000} = Icaros Thumbnail Provider
  107. -> {HKLM...Wow...CLSID} = Icaros Thumbnail Provider
  108. \InProcServer32\(Default) = C:\Program Files (x86)\K-Lite Codec Pack\Icaros\32-bit\IcarosThumbnailProvider.dll [Tabibito Technology]
  109.  
  110. {0C08E3BB-D10B-4CC9-B1B3-701F5BE9D6EC} = Icaros Property Handler
  111. -> {HKLM...Wow...CLSID} = Icaros Property Handler
  112. \InProcServer32\(Default) = C:\Program Files (x86)\K-Lite Codec Pack\Icaros\32-bit\IcarosPropertyHandler.dll [Tabibito Technology]
  113.  
  114. {AE424E85-F6DF-4910-A6A9-438797986431} = OpenOffice Property Handler
  115. -> {HKLM...Wow...CLSID} = OpenOffice Property Handler
  116. \InProcServer32\(Default) = C:\Program Files (x86)\OpenOffice 4\program\shlxthdl\propertyhdl.dll [Apache Software Foundation]
  117.  
  118. {C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} = OpenOffice Column Handler
  119. -> {HKLM...Wow...CLSID} = (no title provided)
  120. \InProcServer32\(Default) = C:\Program Files (x86)\OpenOffice 4\program\shlxthdl\shlxthdl.dll [Apache Software Foundation]
  121.  
  122. {087B3AE3-E237-4467-B8DB-5A38AB959AC9} = OpenOffice Infotip Handler
  123. -> {HKLM...Wow...CLSID} = (no title provided)
  124. \InProcServer32\(Default) = C:\Program Files (x86)\OpenOffice 4\program\shlxthdl\shlxthdl.dll [Apache Software Foundation]
  125.  
  126. {63542C48-9552-494A-84F7-73AA6A7C99C1} = OpenOffice Property Sheet Handler
  127. -> {HKLM...Wow...CLSID} = (no title provided)
  128. \InProcServer32\(Default) = C:\Program Files (x86)\OpenOffice 4\program\shlxthdl\shlxthdl.dll [Apache Software Foundation]
  129.  
  130. {3B092F0C-7696-40E3-A80F-68D74DA84210} = OpenOffice Thumbnail Viewer
  131. -> {HKLM...Wow...CLSID} = (no title provided)
  132. \InProcServer32\(Default) = C:\Program Files (x86)\OpenOffice 4\program\shlxthdl\shlxthdl.dll [Apache Software Foundation]
  133.  
  134. {2C7DDECF-7A8E-48A5-A744-8F45D20FB1A9} = Image Catalog
  135. -> {HKLM...Wow...CLSID} = Image Catalog
  136. \InProcServer32\(Default) = C:\Program Files (x86)\DAEMON Tools Pro\DTShl32.dll [DT Soft Ltd]
  137.  
  138. HKLM\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\
  139.  
  140. DaemonShellExtImage\(Default) = {40966797-8FFE-46C8-9EF8-7003F33CCF0F}
  141. -> {HKLM...CLSID} = DaemonShellExtImage Class
  142. \InProcServer32\(Default) = C:\Program Files (x86)\DAEMON Tools Pro\DTShl64.dll [DT Soft Ltd]
  143. -> {HKLM...Wow...CLSID} = DaemonShellExtImage Class
  144. \InProcServer32\(Default) = C:\Program Files (x86)\DAEMON Tools Pro\DTShl32.dll [DT Soft Ltd]
  145.  
  146. EPP\(Default) = {09A47860-11B0-4DA5-AFA5-26D86198A780}
  147. -> {HKLM...CLSID} = (no title provided)
  148. \InProcServer32\(Default) = c:\PROGRA~1\MICROS~3\shellext.dll [MS]
  149.  
  150. WinRAR\(Default) = {B41DB860-64E4-11D2-9906-E49FADC173CA}
  151. -> {HKLM...CLSID} = WinRAR
  152. \InProcServer32\(Default) = C:\Program Files\WinRAR\rarext.dll [Alexander Roshal]
  153.  
  154. WinRAR32\(Default) = {B41DB860-8EE4-11D2-9906-E49FADC173CA}
  155. -> {HKLM...Wow...CLSID} = WinRAR
  156. \InProcServer32\(Default) = C:\Program Files\WinRAR\rarext32.dll [Alexander Roshal]
  157.  
  158. HKLM\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\
  159.  
  160. EPP\(Default) = {09A47860-11B0-4DA5-AFA5-26D86198A780}
  161. -> {HKLM...CLSID} = (no title provided)
  162. \InProcServer32\(Default) = c:\PROGRA~1\MICROS~3\shellext.dll [MS]
  163.  
  164. HKLM\SOFTWARE\Classes\Directory\Background\shellex\ContextMenuHandlers\
  165.  
  166. NvCplDesktopContext\(Default) = {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9}
  167. -> {HKLM...CLSID} = NVIDIA CPL Context Menu Extension
  168. \InProcServer32\(Default) = C:\Windows\system32\nvshext.dll [NVIDIA Corporation]
  169.  
  170. HKLM\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\
  171.  
  172. {C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}\(Default) = OpenOffice Column Handler
  173. -> {HKLM...CLSID} = (no title provided)
  174. \InProcServer32\(Default) = C:\Program Files (x86)\OpenOffice 4\program\shlxthdl\shlxthdl_x64.dll [Apache Software Foundation]
  175. -> {HKLM...Wow...CLSID} = (no title provided)
  176. \InProcServer32\(Default) = C:\Program Files (x86)\OpenOffice 4\program\shlxthdl\shlxthdl.dll [Apache Software Foundation]
  177.  
  178. HKLM\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\
  179.  
  180. WinRAR\(Default) = {B41DB860-64E4-11D2-9906-E49FADC173CA}
  181. -> {HKLM...CLSID} = WinRAR
  182. \InProcServer32\(Default) = C:\Program Files\WinRAR\rarext.dll [Alexander Roshal]
  183.  
  184. WinRAR32\(Default) = {B41DB860-8EE4-11D2-9906-E49FADC173CA}
  185. -> {HKLM...Wow...CLSID} = WinRAR
  186. \InProcServer32\(Default) = C:\Program Files\WinRAR\rarext32.dll [Alexander Roshal]
  187.  
  188. HKLM\SOFTWARE\Classes\Folder\shellex\DragDropHandlers\
  189.  
  190. WinRAR\(Default) = {B41DB860-64E4-11D2-9906-E49FADC173CA}
  191. -> {HKLM...CLSID} = WinRAR
  192. \InProcServer32\(Default) = C:\Program Files\WinRAR\rarext.dll [Alexander Roshal]
  193.  
  194. WinRAR32\(Default) = {B41DB860-8EE4-11D2-9906-E49FADC173CA}
  195. -> {HKLM...Wow...CLSID} = WinRAR
  196. \InProcServer32\(Default) = C:\Program Files\WinRAR\rarext32.dll [Alexander Roshal]
  197.  
  198.  
  199. Group Policies {GPedit.msc branch and setting}:
  200. -----------------------------------------------
  201.  
  202. Note: detected settings may not have any effect.
  203.  
  204. HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\
  205.  
  206. DisableOSUpgrade = (REG_DWORD) dword:0x00000001
  207. {unrecognized setting}
  208.  
  209.  
  210. Active Desktop and Wallpaper:
  211. -----------------------------
  212.  
  213. Active Desktop may be disabled at this entry:
  214. HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState
  215.  
  216. Displayed if Active Desktop disabled and wallpaper not set by Group Policy:
  217. HKCU\Control Panel\Desktop\
  218. Wallpaper = C:\Users\Petr\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
  219.  
  220.  
  221. Windows Portable Device AutoPlay Handlers
  222. -----------------------------------------
  223.  
  224. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\
  225.  
  226. CDBurnerXP\
  227. Provider = CDBurnerXP
  228. InvokeProgID = CDBurnerXPOpen
  229. InvokeVerb = open
  230. HKLM\SOFTWARE\Classes\CDBurnerXPOpen\shell\open\command\(Default) = "C:\Program Files\CDBurnerXP\cdbxpp.exe" /od "%1" [null data]
  231.  
  232. iTunesBurnCDOnArrival\
  233. Provider = iTunes
  234. InvokeProgID = iTunes.BurnCD
  235. InvokeVerb = burn
  236. HKLM\SOFTWARE\Classes\iTunes.BurnCD\shell\burn\command\(Default) = "C:\Program Files\iTunes\iTunes.exe" /AutoPlayBurn "%L" [Apple Inc.]
  237.  
  238. iTunesImportSongsOnArrival\
  239. Provider = iTunes
  240. InvokeProgID = iTunes.ImportSongsOnCD
  241. InvokeVerb = import
  242. HKLM\SOFTWARE\Classes\iTunes.ImportSongsOnCD\shell\import\command\(Default) = "C:\Program Files\iTunes\iTunes.exe" /AutoPlayImportSongs "%L" [Apple Inc.]
  243.  
  244. iTunesPlaySongsOnArrival\
  245. Provider = iTunes
  246. InvokeProgID = iTunes.PlaySongsOnCD
  247. InvokeVerb = play
  248. HKLM\SOFTWARE\Classes\iTunes.PlaySongsOnCD\shell\play\command\(Default) = "C:\Program Files\iTunes\iTunes.exe" /playCD "%L" [Apple Inc.]
  249.  
  250. iTunesShowSongsOnArrival\
  251. Provider = iTunes
  252. InvokeProgID = iTunes.ShowSongsOnCD
  253. InvokeVerb = showsongs
  254. HKLM\SOFTWARE\Classes\iTunes.ShowSongsOnCD\shell\showsongs\command\(Default) = "C:\Program Files\iTunes\iTunes.exe" /AutoPlayShowSongs "%L" [Apple Inc.]
  255.  
  256. MPCPlayBluRayOnArrival\
  257. Provider = Media Player Classic
  258. InvokeProgID = MediaPlayerClassic.Autorun
  259. InvokeVerb = PlayBlurayMovie
  260. HKLM\SOFTWARE\Classes\MediaPlayerClassic.Autorun\shell\PlayBlurayMovie\command\(Default) = "C:\Program Files (x86)\K-Lite Codec Pack\MPC-HC64\mpc-hc64.exe" %L\BDMV\INDEX.BDMV [MPC-HC Team]
  261.  
  262. MPCPlayCDAudioOnArrival\
  263. Provider = Media Player Classic
  264. InvokeProgID = MediaPlayerClassic.Autorun
  265. InvokeVerb = PlayCDAudio
  266. HKLM\SOFTWARE\Classes\MediaPlayerClassic.Autorun\shell\PlayCDAudio\command\(Default) = "C:\Program Files (x86)\K-Lite Codec Pack\MPC-HC64\mpc-hc64.exe" %1 /cd [MPC-HC Team]
  267.  
  268. MPCPlayDVDMovieOnArrival\
  269. Provider = Media Player Classic
  270. InvokeProgID = MediaPlayerClassic.Autorun
  271. InvokeVerb = PlayDVDMovie
  272. HKLM\SOFTWARE\Classes\MediaPlayerClassic.Autorun\shell\PlayDVDMovie\command\(Default) = "C:\Program Files (x86)\K-Lite Codec Pack\MPC-HC64\mpc-hc64.exe" %1 /dvd [MPC-HC Team]
  273.  
  274. MPCPlayMusicFilesOnArrival\
  275. Provider = Media Player Classic
  276. InvokeProgID = MediaPlayerClassic.Autorun
  277. InvokeVerb = PlayMusicFiles
  278. HKLM\SOFTWARE\Classes\MediaPlayerClassic.Autorun\shell\PlayMusicFiles\command\(Default) = "C:\Program Files (x86)\K-Lite Codec Pack\MPC-HC64\mpc-hc64.exe" %1 [MPC-HC Team]
  279.  
  280. MPCPlayVideoFilesOnArrival\
  281. Provider = Media Player Classic
  282. InvokeProgID = MediaPlayerClassic.Autorun
  283. InvokeVerb = PlayVideoFiles
  284. HKLM\SOFTWARE\Classes\MediaPlayerClassic.Autorun\shell\PlayVideoFiles\command\(Default) = "C:\Program Files (x86)\K-Lite Codec Pack\MPC-HC64\mpc-hc64.exe" %1 [MPC-HC Team]
  285.  
  286. MSPlayCDAudioOnArrival\
  287. Provider = @wmploc.dll,-6502
  288. InvokeProgID = WMP.AudioCD
  289. InvokeVerb = play
  290. HKLM\SOFTWARE\Classes\WMP.AudioCD\shell\play\command\(Default) = "C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /prefetch:3 /device:AudioCD "%L" [MS]
  291.  
  292. MSPlayDVDMovieOnArrival\
  293. Provider = @wmploc.dll,-6502
  294. InvokeProgID = WMP.DVD
  295. InvokeVerb = play
  296. HKLM\SOFTWARE\Classes\WMP.DVD\shell\play\command\(Default) = "C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /prefetch:4 /device:DVD "%L" [MS]
  297.  
  298. MSPlaySuperVideoCDMovieOnArrival\
  299. Provider = @wmploc.dll,-6502
  300. InvokeProgID = WMP.VCD
  301. InvokeVerb = play
  302. HKLM\SOFTWARE\Classes\WMP.VCD\shell\play\command\(Default) = "C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /prefetch:4 /device:VCD "%L" [MS]
  303.  
  304. MSPlayVideoCDMovieOnArrival\
  305. Provider = @wmploc.dll,-6502
  306. InvokeProgID = WMP.VCD
  307. InvokeVerb = play
  308. HKLM\SOFTWARE\Classes\WMP.VCD\shell\play\command\(Default) = "C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /prefetch:4 /device:VCD "%L" [MS]
  309.  
  310. MSWMPBurnCDOnArrival\
  311. Provider = @wmploc.dll,-6502
  312. InvokeProgID = WMP.BurnCD
  313. InvokeVerb = Burn
  314. HKLM\SOFTWARE\Classes\WMP.BurnCD\shell\Burn\Command\(Default) = "C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /prefetch:3 /Task:CDWrite /Device:"%L" [MS]
  315.  
  316. Picasa2ImportPicturesOnArrival\
  317. Provider = Picasa
  318. InvokeProgID = picasa2.autoplay
  319. InvokeVerb = import
  320. HKLM\SOFTWARE\Classes\picasa2.autoplay\shell\import\command\(Default) = "C:\Program Files (x86)\Google\Picasa3\Picasa3.exe" "%1" [Google Inc.]
  321.  
  322.  
  323. Startup items in "Petr" & "All Users" startup folders:
  324. ------------------------------------------------------
  325.  
  326. C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup {++}
  327. TP-LINK Wireless Configuration Utility -> shortcut to: C:\Program Files (x86)\TP-LINK\TP-LINK Wireless Configuration Utility\TWCU.exe -nogui [null data]
  328.  
  329.  
  330. Non-disabled Scheduled Tasks: {++}
  331. -----------------------------
  332.  
  333. C:\Windows\System32\Tasks
  334. Adobe Acrobat Update Task -> launches: C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [Adobe Systems Incorporated]
  335. GoogleUpdateTaskMachineCore -> launches: C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /c [Google Inc.]
  336. GoogleUpdateTaskMachineUA -> launches: C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /ua /installsource scheduler [Google Inc.]
  337. klcp_update -> launches: "C:\Program Files (x86)\K-Lite Codec Pack\Tools\CodecTweakTool.exe" /verysilent /update /freq=90 [null data]
  338.  
  339. C:\Windows\System32\Tasks\Apple
  340. AppleSoftwareUpdate -> launches: C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe -task [Apple Inc.]
  341.  
  342. C:\Windows\System32\Tasks\Microsoft\Microsoft Antimalware
  343. Microsoft Antimalware Scheduled Scan -> launches: C:\Program Files\Microsoft Security Client\MpCmdRun.exe Scan -ScheduleJob -RestrictPrivileges [MS]
  344.  
  345. C:\Windows\System32\Tasks\Microsoft\Windows\Active Directory Rights Management Services Client
  346. AD RMS Rights Policy Template Management (Manual) -> launches: {BF5CB148-7C77-4d8a-A53E-D81C70CF743C}
  347. -> {HKLM...CLSID} = AD RMS Rights Policy Template Management (Manual) Task Handler
  348. \InProcServer32\(Default) = C:\Windows\system32\msdrm.dll [MS]
  349. -> {HKLM...Wow...CLSID} = AD RMS Rights Policy Template Management (Manual) Task Handler
  350. \InProcServer32\(Default) = C:\Windows\system32\msdrm.dll [MS]
  351.  
  352. C:\Windows\System32\Tasks\Microsoft\Windows\Application Experience
  353. AitAgent -> launches: aitagent [MS]
  354. Microsoft Compatibility Appraiser -> launches: %windir%\system32\compattel\DiagTrackRunner.exe /UploadEtlFilesOnly [MS]
  355. ProgramDataUpdater -> launches: %windir%\system32\compattelrunner.exe -maintenance [MS]
  356.  
  357. C:\Windows\System32\Tasks\Microsoft\Windows\Autochk
  358. Proxy -> launches: %windir%\system32\rundll32.exe /d acproxy.dll,PerformAutochkOperations [MS]
  359.  
  360. C:\Windows\System32\Tasks\Microsoft\Windows\Bluetooth
  361. UninstallDeviceTask -> launches: BthUdTask.exe $(Arg0) [MS]
  362.  
  363. C:\Windows\System32\Tasks\Microsoft\Windows\CertificateServicesClient
  364. SystemTask -> launches: {58fb76b9-ac85-4e55-ac04-427593b1d060}
  365. -> {HKLM...CLSID} = Certificate Services Client Task Handler
  366. \InProcServer32\(Default) = C:\Windows\system32\dimsjob.dll [MS]
  367. -> {HKLM...Wow...CLSID} = Certificate Services Client Task Handler
  368. \InProcServer32\(Default) = C:\Windows\system32\dimsjob.dll [MS]
  369. UserTask -> launches: {58fb76b9-ac85-4e55-ac04-427593b1d060}
  370. -> {HKLM...CLSID} = Certificate Services Client Task Handler
  371. \InProcServer32\(Default) = C:\Windows\system32\dimsjob.dll [MS]
  372. -> {HKLM...Wow...CLSID} = Certificate Services Client Task Handler
  373. \InProcServer32\(Default) = C:\Windows\system32\dimsjob.dll [MS]
  374.  
  375. C:\Windows\System32\Tasks\Microsoft\Windows\Customer Experience Improvement Program
  376. Consolidator -> launches: %SystemRoot%\System32\wsqmcons.exe [MS]
  377. KernelCeipTask -> (HIDDEN!) launches: {e7ed314f-2816-4c26-aeb5-54a34d02404c}
  378. -> {HKLM...CLSID} = KernelCeipCustomHandler
  379. \InProcServer32\(Default) = C:\Windows\System32\kernelceip.dll [MS]
  380. UsbCeip -> (HIDDEN!) launches: {c27f6b1d-fe0b-45e4-9257-38799fa69bc8}
  381. -> {HKLM...CLSID} = UsbCeip
  382. \InProcServer32\(Default) = C:\Windows\System32\usbceip.dll [MS]
  383. -> {HKLM...Wow...CLSID} = UsbCeip
  384. \InProcServer32\(Default) = C:\Windows\System32\usbceip.dll [MS]
  385.  
  386. C:\Windows\System32\Tasks\Microsoft\Windows\Defrag
  387. ScheduledDefrag -> launches: %windir%\system32\defrag.exe -c [MS]
  388.  
  389. C:\Windows\System32\Tasks\Microsoft\Windows\Diagnosis
  390. Scheduled -> (HIDDEN!) launches: {c1f85ef8-bcc2-4606-bb39-70c523715eb3}
  391. -> {HKLM...CLSID} = ScheduledDiagnosticCustomHandler
  392. \InProcServer32\(Default) = C:\Windows\System32\sdiagschd.dll [MS]
  393.  
  394. C:\Windows\System32\Tasks\Microsoft\Windows\Location
  395. Notifications -> launches: %windir%\System32\LocationNotifications.exe [MS]
  396.  
  397. C:\Windows\System32\Tasks\Microsoft\Windows\Maintenance
  398. WinSAT -> launches: {A9A33436-678B-4C9C-A211-7CC38785E79D}
  399. -> {HKLM...CLSID} = WinSAT Task Manger Task
  400. \InProcServer32\(Default) = C:\Windows\system32\WinSATAPI.dll [MS]
  401. -> {HKLM...Wow...CLSID} = WinSAT Task Manger Task
  402. \InProcServer32\(Default) = C:\Windows\system32\WinSATAPI.dll [MS]
  403.  
  404. C:\Windows\System32\Tasks\Microsoft\Windows\Media Center
  405. ActivateWindowsSearch -> launches: %SystemRoot%\ehome\ehPrivJob.exe /DoActivateWindowsSearch [MS]
  406. ConfigureInternetTimeService -> launches: %SystemRoot%\ehome\ehPrivJob.exe /DoConfigureInternetTimeService [MS]
  407. DispatchRecoveryTasks -> launches: %SystemRoot%\ehome\ehPrivJob.exe /DoRecoveryTasks $(Arg0) [MS]
  408. ehDRMInit -> launches: %SystemRoot%\ehome\ehPrivJob.exe /DRMInit [MS]
  409. InstallPlayReady -> launches: %SystemRoot%\ehome\ehPrivJob.exe /InstallPlayReady $(Arg0) [MS]
  410. mcupdate -> launches: %SystemRoot%\ehome\mcupdate $(Arg0) [MS]
  411. MediaCenterRecoveryTask -> launches: %SystemRoot%\ehome\mcupdate.exe -MediaCenterRecoveryTask [MS]
  412. ObjectStoreRecoveryTask -> launches: %SystemRoot%\ehome\mcupdate.exe -ObjectStoreRecoveryTask [MS]
  413. OCURActivate -> launches: %SystemRoot%\ehome\ehPrivJob.exe /OCURActivate [MS]
  414. OCURDiscovery -> launches: %SystemRoot%\ehome\ehPrivJob.exe /OCURDiscovery $(Arg0) [MS]
  415. PBDADiscovery -> launches: %SystemRoot%\ehome\ehPrivJob.exe /PBDADiscovery [MS]
  416. PBDADiscoveryW1 -> launches: %SystemRoot%\ehome\ehPrivJob.exe /wait:7 /PBDADiscovery [MS]
  417. PBDADiscoveryW2 -> launches: %SystemRoot%\ehome\ehPrivJob.exe /wait:90 /PBDADiscovery [MS]
  418. PvrRecoveryTask -> launches: %SystemRoot%\ehome\mcupdate.exe -PvrRecoveryTask [MS]
  419. PvrScheduleTask -> launches: %SystemRoot%\ehome\mcupdate.exe -PvrSchedule [MS]
  420. RegisterSearch -> launches: %SystemRoot%\ehome\ehPrivJob.exe /DoRegisterSearch $(Arg0) [MS]
  421. ReindexSearchRoot -> launches: %SystemRoot%\ehome\ehPrivJob.exe /DoReindexSearchRoot [MS]
  422. SqlLiteRecoveryTask -> launches: %SystemRoot%\ehome\mcupdate.exe -SqlLiteRecoveryTask [MS]
  423. UpdateRecordPath -> launches: %SystemRoot%\ehome\ehPrivJob.exe /DoUpdateRecordPath $(Arg0) [MS]
  424.  
  425. C:\Windows\System32\Tasks\Microsoft\Windows\MemoryDiagnostic
  426. CorruptionDetector -> (HIDDEN!) launches: {190BA3F6-0205-4f46-B589-95C6822899D2}
  427. -> {HKLM...CLSID} = MemoryDiagnosticCustomHandler
  428. \InProcServer32\(Default) = C:\Windows\System32\memdiag.dll [MS]
  429. DecompressionFailureDetector -> (HIDDEN!) launches: {190BA3F6-0205-4f46-B589-95C6822899D2}
  430. -> {HKLM...CLSID} = MemoryDiagnosticCustomHandler
  431. \InProcServer32\(Default) = C:\Windows\System32\memdiag.dll [MS]
  432.  
  433. C:\Windows\System32\Tasks\Microsoft\Windows\MobilePC
  434. HotStart -> launches: {06DA0625-9701-43da-BFD7-FBEEA2180A1E}
  435. -> {HKLM...CLSID} = HotStart User Agent
  436. \InProcServer32\(Default) = C:\Windows\System32\HotStartUserAgent.dll [MS]
  437.  
  438. C:\Windows\System32\Tasks\Microsoft\Windows\MUI
  439. LPRemove -> launches: %windir%\system32\lpremove.exe [MS]
  440.  
  441. C:\Windows\System32\Tasks\Microsoft\Windows\Multimedia
  442. SystemSoundsService -> launches: {2DEA658F-54C1-4227-AF9B-260AB5FC3543}
  443. -> {HKLM...CLSID} = Microsoft PlaySoundService Class
  444. \InProcServer32\(Default) = C:\Windows\System32\PlaySndSrv.dll [MS]
  445. -> {HKLM...Wow...CLSID} = Microsoft PlaySoundService Class
  446. \InProcServer32\(Default) = C:\Windows\System32\PlaySndSrv.dll [MS]
  447.  
  448. C:\Windows\System32\Tasks\Microsoft\Windows\NetTrace
  449. GatherNetworkInfo -> launches: %windir%\system32\gatherNetworkInfo.vbs [null data]
  450.  
  451. C:\Windows\System32\Tasks\Microsoft\Windows\Power Efficiency Diagnostics
  452. AnalyzeSystem -> launches: %SystemRoot%\System32\powercfg.exe -energy -auto [MS]
  453.  
  454. C:\Windows\System32\Tasks\Microsoft\Windows\RAC
  455. RacTask -> (HIDDEN!) launches: {42060D27-CA53-41f5-96E4-B1E8169308A6}
  456. -> {HKLM...CLSID} = ReliabilityAnalysisCustomHandler
  457. \InProcServer32\(Default) = C:\Windows\system32\RacEngn.dll [MS]
  458. -> {HKLM...Wow...CLSID} = ReliabilityAnalysisCustomHandler
  459. \InProcServer32\(Default) = C:\Windows\system32\RacEngn.dll [MS]
  460.  
  461. C:\Windows\System32\Tasks\Microsoft\Windows\Ras
  462. MobilityManager -> launches: {c463a0fc-794f-4fdf-9201-01938ceacafa}
  463. -> {HKLM...CLSID} = RasMobilityManager
  464. \InProcServer32\(Default) = C:\Windows\system32\rasmbmgr.dll [MS]
  465.  
  466. C:\Windows\System32\Tasks\Microsoft\Windows\Registry
  467. RegIdleBackup -> (HIDDEN!) launches: {ca767aa8-9157-4604-b64b-40747123d5f2}
  468. -> {HKLM...CLSID} = RegistryIdleBackupHandler
  469. \InProcServer32\(Default) = C:\Windows\System32\regidle.dll [MS]
  470.  
  471. C:\Windows\System32\Tasks\Microsoft\Windows\RemoteAssistance
  472. RemoteAssistanceTask -> (HIDDEN!) launches: %windir%\system32\RAServer.exe /offerraupdate [MS]
  473.  
  474. C:\Windows\System32\Tasks\Microsoft\Windows\Setup\gwx
  475. launchtrayprocess -> launches: %windir%\system32\GWX\GWX.exe /tasklaunch [MS]
  476. refreshgwxconfig -> launches: %windir%\system32\GWX\GWXConfigManager.exe /RefreshConfig [MS]
  477. refreshgwxconfigandcontent -> launches: %windir%\system32\GWX\GWXConfigManager.exe /RefreshConfigAndContent [MS]
  478. refreshgwxcontent -> launches: %windir%\system32\GWX\GWXConfigManager.exe /RefreshContent [MS]
  479.  
  480. C:\Windows\System32\Tasks\Microsoft\Windows\Setup\GWXTriggers
  481. Logon-5d -> launches: %windir%\system32\GWX\GWX.exe /event:7 [MS]
  482. MachineUnlock-5d -> launches: %windir%\system32\GWX\GWX.exe /event:8 [MS]
  483. OutOfIdle-5d -> launches: %windir%\system32\GWX\GWX.exe /event:6 [MS]
  484. OutOfSleep-5d -> launches: %windir%\system32\GWX\GWX.exe /event:9 [MS]
  485. refreshgwxconfig-B -> launches: %windir%\system32\GWX\GWXConfigManager.exe /RefreshConfigAndContent [MS]
  486. Telemetry-4xd -> launches: %windir%\system32\GWX\GWX.exe /event:11 [MS]
  487. Time-5d -> launches: %windir%\system32\GWX\GWX.exe /event:10 [MS]
  488.  
  489. C:\Windows\System32\Tasks\Microsoft\Windows\SideShow
  490. GadgetManager -> launches: {FF87090D-4A9A-4f47-879B-29A80C355D61}
  491. -> {HKLM...CLSID} = GadgetsManager Class
  492. \InProcServer32\(Default) = C:\Windows\System32\AuxiliaryDisplayServices.dll [MS]
  493.  
  494. C:\Windows\System32\Tasks\Microsoft\Windows\SystemRestore
  495. SR -> launches: %windir%\system32\rundll32.exe /d srrstr.dll,ExecuteScheduledSPPCreation [MS]
  496.  
  497. C:\Windows\System32\Tasks\Microsoft\Windows\Task Manager
  498. Interactive -> (HIDDEN!) launches: {855fec53-d2e4-4999-9e87-3414e9cf0ff4}
  499. -> {HKLM...CLSID} = RunTask
  500. \InProcServer32\(Default) = C:\Windows\system32\wdc.dll [MS]
  501. -> {HKLM...Wow...CLSID} = RunTask
  502. \InProcServer32\(Default) = C:\Windows\system32\wdc.dll [MS]
  503.  
  504. C:\Windows\System32\Tasks\Microsoft\Windows\Tcpip
  505. IpAddressConflict1 -> launches: %windir%\system32\rundll32.exe ndfapi.dll,NdfRunDllDuplicateIPOffendingSystem [MS]
  506. IpAddressConflict2 -> launches: %windir%\system32\rundll32.exe ndfapi.dll,NdfRunDllDuplicateIPDefendingSystem [MS]
  507.  
  508. C:\Windows\System32\Tasks\Microsoft\Windows\TextServicesFramework
  509. MsCtfMonitor -> (HIDDEN!) launches: {01575cfe-9a55-4003-a5e1-f38d1ebdcbe1}
  510. -> {HKLM...CLSID} = MsCtfMonitor task handler
  511. \InProcServer32\(Default) = C:\Windows\system32\MsCtfMonitor.dll [MS]
  512. -> {HKLM...Wow...CLSID} = MsCtfMonitor task handler
  513. \InProcServer32\(Default) = C:\Windows\system32\MsCtfMonitor.dll [MS]
  514.  
  515. C:\Windows\System32\Tasks\Microsoft\Windows\Time Synchronization
  516. SynchronizeTime -> launches: %windir%\system32\sc.exe start w32time task_started [MS]
  517.  
  518. C:\Windows\System32\Tasks\Microsoft\Windows\UPnP
  519. UPnPHostConfig -> launches: sc.exe config upnphost start= auto [MS]
  520.  
  521. C:\Windows\System32\Tasks\Microsoft\Windows\WDI
  522. ResolutionHost -> (HIDDEN!) launches: {900be39d-6be8-461a-bc4d-b0fa71f5ecb1}
  523. -> {HKLM...CLSID} = DiagnosticInfrastructureCustomHandler
  524. \InProcServer32\(Default) = C:\Windows\System32\wdi.dll [MS]
  525. -> {HKLM...Wow...CLSID} = DiagnosticInfrastructureCustomHandler
  526. \InProcServer32\(Default) = C:\Windows\System32\wdi.dll [MS]
  527.  
  528. C:\Windows\System32\Tasks\Microsoft\Windows\Windows Error Reporting
  529. QueueReporting -> launches: %windir%\system32\wermgr.exe -queuereporting [MS]
  530.  
  531. C:\Windows\System32\Tasks\Microsoft\Windows\Windows Filtering Platform
  532. BfeOnServiceStartTypeChange -> (HIDDEN!) launches: %windir%\system32\rundll32.exe bfe.dll,BfeOnServiceStartTypeChange [MS]
  533.  
  534. C:\Windows\System32\Tasks\Microsoft\Windows\Windows Media Sharing
  535. UpdateLibrary -> launches: "%ProgramFiles%\Windows Media Player\wmpnscfg.exe" [MS]
  536.  
  537. C:\Windows\System32\Tasks\Microsoft\Windows\WindowsBackup
  538. ConfigNotification -> launches: %systemroot%\System32\sdclt.exe /CONFIGNOTIFICATION [MS]
  539.  
  540. C:\Windows\System32\Tasks\Microsoft\Windows\Wininet
  541. CacheTask -> launches: {0358b920-0ac7-461f-98f4-58e32cd89148}
  542. -> {HKLM...CLSID} = Wininet Cache task object
  543. \InProcServer32\(Default) = C:\Windows\system32\wininet.dll [MS]
  544. -> {HKLM...Wow...CLSID} = Wininet Cache task object
  545. \InProcServer32\(Default) = C:\Windows\system32\wininet.dll [MS]
  546.  
  547. C:\Windows\System32\Tasks\WPD
  548. SqmUpload_S-1-5-21-3631145020-3224763176-4093947856-1000 -> (HIDDEN!) launches: %windir%\system32\rundll32.exe portabledeviceapi.dll,#1 [MS]
  549.  
  550.  
  551. Winsock2 Service Provider DLLs:
  552. -------------------------------
  553.  
  554. Namespace Service Providers
  555.  
  556. HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}
  557. 000000000001\LibraryPath = %SystemRoot%\system32\NLAapi.dll [MS]
  558. 000000000002\LibraryPath = %SystemRoot%\system32\napinsp.dll [MS]
  559. 000000000003\LibraryPath = %SystemRoot%\system32\pnrpnsp.dll [MS]
  560. 000000000004\LibraryPath = %SystemRoot%\system32\pnrpnsp.dll [MS]
  561. 000000000005\LibraryPath = %SystemRoot%\System32\mswsock.dll [MS]
  562. 000000000006\LibraryPath = %SystemRoot%\System32\winrnr.dll [MS]
  563.  
  564. HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\ {++}
  565. 000000000001\LibraryPath = %SystemRoot%\system32\NLAapi.dll [MS]
  566. 000000000002\LibraryPath = %SystemRoot%\system32\napinsp.dll [MS]
  567. 000000000003\LibraryPath = %SystemRoot%\system32\pnrpnsp.dll [MS]
  568. 000000000004\LibraryPath = %SystemRoot%\system32\pnrpnsp.dll [MS]
  569. 000000000005\LibraryPath = %SystemRoot%\System32\mswsock.dll [MS]
  570. 000000000006\LibraryPath = %SystemRoot%\System32\winrnr.dll [MS]
  571.  
  572. Transport Service Providers
  573.  
  574. HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}
  575. 0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
  576. %SystemRoot%\system32\mswsock.dll [MS], 01 - 10
  577.  
  578. HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries64\ {++}
  579. 0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
  580. %SystemRoot%\system32\mswsock.dll [MS], 01 - 10
  581.  
  582.  
  583. Miscellaneous IE Hijack Points
  584. ------------------------------
  585.  
  586. HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs\
  587. <<H>> InPrivate = res://ieframe.dll/inprivate_win7.htm [MS]
  588.  
  589.  
  590. Running Services (Display Name, Service Name, Path {Service DLL}):
  591. ------------------------------------------------------------------
  592.  
  593. Adobe Acrobat Update Service, AdobeARMservice, "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe" [Adobe Systems Incorporated]
  594. Apple Mobile Device Service, Apple Mobile Device Service, "C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe" [Apple Inc.]
  595. Audio Service, STacSV, C:\Program Files\IDT\WDM\STacSV64.exe [IDT, Inc.]
  596. Intel(R) Management and Security Application Local Management Service, LMS, C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe [Intel Corporation]
  597. Intel(R) Management and Security Application User Notification Service, UNS, "C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe" [Intel Corporation]
  598. Intel(R) Rapid Storage Technology, IAStorDataMgrSvc, "C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe" [null data]
  599. Kontrola sˇtŘ Microsoft, NisSrv, "C:\Program Files\Microsoft Security Client\NisSrv.exe" [MS]
  600. Microsoft Antimalware Service, MsMpSvc, "C:\Program Files\Microsoft Security Client\MsMpEng.exe" [MS]
  601. NVIDIA Display Driver Service, NVSvc, "C:\Windows\system32\nvvsvc.exe" [NVIDIA Corporation]
  602. NVIDIA GeForce Experience Service, GfExperienceService, "C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe" [NVIDIA Corporation]
  603. NVIDIA Network Service, NvNetworkService, "C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe" [NVIDIA Corporation]
  604. NVIDIA Stereoscopic 3D Driver Service, Stereo Service, "C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe" [NVIDIA Corporation]
  605. NVIDIA Streamer Network Service, NvStreamNetworkSvc, "C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe" [NVIDIA Corporation]
  606. NVIDIA Streamer Service, NvStreamSvc, "C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe" [NVIDIA Corporation]
  607. PnkBstrA, PnkBstrA, C:\Windows\system32\PnkBstrA.exe [file not found]
  608.  
  609.  
  610. Safe Mode Drivers & Services (subkey name, subkey default value):
  611. -----------------------------------------------------------------
  612.  
  613. HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\
  614.  
  615. <<!>> MsMpSvc, Service
  616.  
  617. HKLM\System\CurrentControlSet\Control\SafeBoot\Network\
  618.  
  619. <<!>> Hamachi2Svc, Service
  620. <<!>> MsMpSvc, Service
  621.  
  622.  
  623. <<H>>: Suspicious data at a browser hijack point.
  624.  
  625.  
  626. ==== C:\zoek_backup content ======================
  627.  
  628. C:\zoek_backup (files=431 folders=67 48840670 bytes)
  629.  
  630. ==== EOF on so 05.03.2016 at 22:48:59,81 ======================
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!