API tools faq
paste
Advertisement
Guest User

Untitled

a guest
Nov 29th, 2015
107
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 73.11 KB | None | 0 0
raw download clone embed print report
  1. OTL logfile created on: 30/11/2015 6:08:49 - Run 1
  2. OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Galu\Downloads\Programs
  3. Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
  4. Internet Explorer (Version = 8.0.7600.16385)
  5. Locale: 00000421 | Country: Indonesia | Language: IND | Date Format: dd/MM/yyyy
  6.  
  7. 2,92 Gb Total Physical Memory | 0,96 Gb Available Physical Memory | 32,87% Memory free
  8. 5,84 Gb Paging File | 3,33 Gb Available in Paging File | 57,03% Paging File free
  9. Paging file location(s): ?:\pagefile.sys [binary data]
  10.  
  11. %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
  12. Drive C: | 80,17 Gb Total Space | 18,93 Gb Free Space | 23,61% Space Free | Partition Type: NTFS
  13. Drive D: | 178,81 Gb Total Space | 62,12 Gb Free Space | 34,74% Space Free | Partition Type: FAT32
  14. Drive E: | 39,06 Gb Total Space | 7,11 Gb Free Space | 18,20% Space Free | Partition Type: NTFS
  15.  
  16. Computer Name: GALU-PC | User Name: Galu | Logged in as Administrator.
  17. Boot Mode: Normal | Scan Mode: Current user | Quick Scan
  18. Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
  19.  
  20. [color=#E56717]========== Processes (SafeList) ==========[/color]
  21.  
  22. PRC - [2015/11/30 06:08:09 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Galu\Downloads\Programs\OTL.exe
  23. PRC - [2015/11/07 20:51:53 | 000,392,872 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
  24. PRC - [2015/10/28 18:49:06 | 000,082,128 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
  25. PRC - [2015/08/28 19:35:34 | 003,907,152 | ---- | M] (Tonec Inc.) -- C:\Program Files\Internet Download Manager\IDMan.exe
  26. PRC - [2015/07/02 04:49:24 | 005,515,496 | ---- | M] (Avast Software s.r.o.) -- C:\Program Files\AVAST Software\Avast\avastui.exe
  27. PRC - [2015/07/02 04:27:30 | 000,343,336 | ---- | M] (Avast Software s.r.o.) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
  28. PRC - [2015/06/03 13:47:25 | 000,358,848 | ---- | M] (Elex do Brasil Participações Ltda) -- C:\Program Files\Elex-tech\YAC\iSafeTray.exe
  29. PRC - [2015/06/03 13:41:35 | 000,118,048 | ---- | M] (Elex do Brasil Participações Ltda) -- C:\Program Files\Elex-tech\YAC\iSafeSvc.exe
  30. PRC - [2015/06/03 13:41:28 | 000,118,048 | ---- | M] (Elex do Brasil Participações Ltda) -- C:\Program Files\Elex-tech\YAC\iSafeSvc2.exe
  31. PRC - [2015/03/12 20:17:52 | 001,394,112 | ---- | M] (http://lucky-tab.com/) -- C:\Program Files\LuckyTab\LuckyTab.exe
  32. PRC - [2015/02/12 04:38:18 | 001,675,264 | ---- | M] (Smadsoft) -- C:\Program Files\Smadav\SMΔRTP.exe
  33. PRC - [2013/12/18 10:01:06 | 001,947,448 | ---- | M] (TuneUp Software) -- C:\Program Files\TuneUp Utilities 2014\TuneUpUtilitiesApp32.exe
  34. PRC - [2013/12/18 10:01:04 | 001,742,136 | ---- | M] (TuneUp Software) -- C:\Program Files\TuneUp Utilities 2014\TuneUpUtilitiesService32.exe
  35. PRC - [2013/10/07 09:42:26 | 000,069,640 | ---- | M] (Nalpeiron Ltd.) -- C:\Windows\System32\NLSSRV32.EXE
  36. PRC - [2013/10/07 09:42:16 | 000,197,128 | ---- | M] (Nitro PDF Software) -- C:\Program Files\Nitro\Pro 9\NitroPDFDriverService9.exe
  37. PRC - [2010/05/21 16:52:24 | 001,271,088 | ---- | M] (SRS Labs, Inc.) -- C:\Program Files\SRS Labs\SRS Premium Sound Control Panel\SRSPremiumPanel.exe
  38. PRC - [2010/03/10 14:26:48 | 000,189,728 | ---- | M] (Protexis Inc.) -- c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
  39. PRC - [2010/02/05 10:05:08 | 000,182,912 | ---- | M] (ASUS) -- C:\Program Files\ASUS\ATK Package\ATK Hotkey\HControl.exe
  40. PRC - [2010/02/04 14:05:32 | 007,350,912 | ---- | M] (ASUS) -- C:\Program Files\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
  41. PRC - [2010/01/22 08:01:30 | 000,372,736 | ---- | M] (AMD) -- C:\Windows\System32\atieclxx.exe
  42. PRC - [2010/01/22 08:01:00 | 000,172,032 | ---- | M] (AMD) -- C:\Windows\System32\atiesrxx.exe
  43. PRC - [2010/01/05 13:59:12 | 000,170,624 | ---- | M] (ASUS) -- C:\Program Files\ASUS\ATK Package\ATK Media\DMedia.exe
  44. PRC - [2009/12/15 10:39:38 | 000,096,896 | ---- | M] (ASUS) -- C:\Program Files\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
  45. PRC - [2009/11/27 15:50:36 | 001,269,528 | ---- | M] () -- C:\Program Files\USB Safely Remove\USBSafelyRemove.exe
  46. PRC - [2009/11/26 08:59:56 | 000,261,456 | ---- | M] () -- C:\Program Files\USB Safely Remove\USBSRService.exe
  47. PRC - [2009/09/30 19:33:08 | 000,262,144 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
  48. PRC - [2009/09/30 10:53:30 | 000,498,560 | ---- | M] (ELAN Microelectronic Corp.) -- C:\Program Files\Elantech\ETDCtrl.exe
  49. PRC - [2009/07/24 10:32:50 | 001,593,344 | ---- | M] () -- C:\Program Files\ASUS\Wireless Console 3\wcourier.exe
  50. PRC - [2009/07/14 08:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
  51. PRC - [2009/07/14 08:14:30 | 000,014,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\regsvr32.exe
  52. PRC - [2009/07/14 08:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
  53. PRC - [2009/06/19 10:29:42 | 000,105,016 | ---- | M] (ASUS) -- C:\Program Files\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
  54. PRC - [2009/06/19 10:29:26 | 002,488,888 | ---- | M] (ASUS) -- C:\Program Files\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe
  55. PRC - [2009/06/15 17:30:42 | 000,084,536 | ---- | M] (ASUS) -- C:\Program Files\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
  56. PRC - [2008/12/22 17:15:34 | 000,174,648 | ---- | M] (ASUS) -- C:\Program Files\ASUS\ATK Package\ATK Hotkey\WDC.exe
  57. PRC - [2008/09/26 19:03:34 | 000,188,416 | ---- | M] (Atheros Communications, Inc.) -- C:\Program Files\Jumpstart\jswpbapi.exe
  58. PRC - [2008/08/13 21:00:08 | 000,113,208 | ---- | M] (ASUS) -- C:\Program Files\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe
  59. PRC - [2007/11/30 11:20:44 | 000,051,768 | ---- | M] () -- C:\Program Files\ASUS\ASUS Live Update\ALU.exe
  60.  
  61.  
  62. [color=#E56717]========== Modules (No Company Name) ==========[/color]
  63.  
  64. MOD - [2015/11/07 09:31:45 | 016,825,520 | ---- | M] () -- C:\Windows\System32\Macromed\Flash\NPSWF32_15_0_0_152.dll
  65. MOD - [2015/07/02 04:27:45 | 040,540,672 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\libcef.dll
  66. MOD - [2015/07/02 04:27:36 | 000,104,400 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\log.dll
  67. MOD - [2015/07/02 04:27:31 | 000,081,728 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
  68. MOD - [2015/06/03 13:41:45 | 000,065,696 | ---- | M] () -- C:\Program Files\Elex-tech\YAC\zlib1.dll
  69. MOD - [2015/06/03 13:41:36 | 000,179,200 | ---- | M] () -- C:\Program Files\Elex-tech\YAC\libpng.dll
  70. MOD - [2015/02/12 04:38:18 | 001,675,264 | ---- | M] () -- C:\Program Files\Smadav\SM?RTP.exe
  71. MOD - [2010/01/21 01:34:10 | 008,793,952 | ---- | M] () -- C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
  72. MOD - [2010/01/09 20:18:18 | 004,254,560 | ---- | M] () -- C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
  73. MOD - [2009/11/27 15:50:36 | 001,269,528 | ---- | M] () -- C:\Program Files\USB Safely Remove\USBSafelyRemove.exe
  74. MOD - [2009/07/24 10:32:50 | 001,593,344 | ---- | M] () -- C:\Program Files\ASUS\Wireless Console 3\wcourier.exe
  75. MOD - [2009/07/14 08:16:20 | 000,206,336 | ---- | M] () -- \\?\C:\Windows\System32\ws2_32.dll
  76. MOD - [2009/07/14 08:16:19 | 000,348,672 | ---- | M] () -- \\?\C:\Windows\System32\winhttp.dll
  77. MOD - [2009/07/14 08:15:12 | 000,269,824 | ---- | M] () -- \\?\C:\Windows\System32\dnsapi.dll
  78. MOD - [2007/11/30 11:20:44 | 000,051,768 | ---- | M] () -- C:\Program Files\ASUS\ASUS Live Update\ALU.exe
  79.  
  80.  
  81. [color=#E56717]========== Services (SafeList) ==========[/color]
  82.  
  83. SRV - [2015/11/07 20:51:50 | 000,147,624 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
  84. SRV - [2015/10/28 18:49:06 | 000,082,128 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
  85. SRV - [2015/07/02 04:27:30 | 000,343,336 | ---- | M] (Avast Software s.r.o.) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
  86. SRV - [2015/07/02 04:27:04 | 003,207,800 | ---- | M] (Avast Software) [On_Demand | Stopped] -- C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe -- (AvastVBoxSvc)
  87. SRV - [2015/06/03 13:41:35 | 000,118,048 | ---- | M] (Elex do Brasil Participações Ltda) [Auto | Running] -- C:\Program Files\Elex-tech\YAC\iSafeSvc.exe -- (iSafeService)
  88. SRV - [2014/07/04 04:24:43 | 000,759,688 | ---- | M] () [Auto | Stopped] -- C:\ProgramData\IePluginServices\PluginService.exe -- (IePluginServices)
  89. SRV - [2013/12/18 10:01:04 | 001,742,136 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Program Files\TuneUp Utilities 2014\TuneUpUtilitiesService32.exe -- (TuneUp.UtilitiesSvc)
  90. SRV - [2013/10/07 09:42:26 | 000,069,640 | ---- | M] (Nalpeiron Ltd.) [Auto | Running] -- C:\Windows\System32\NLSSRV32.EXE -- (nlsX86cc)
  91. SRV - [2013/10/07 09:42:16 | 000,197,128 | ---- | M] (Nitro PDF Software) [Auto | Running] -- C:\Program Files\Nitro\Pro 9\NitroPDFDriverService9.exe -- (NitroDriverReadSpool9)
  92. SRV - [2013/03/01 08:48:58 | 000,118,520 | ---- | M] (Riverbed Technology, Inc.) [On_Demand | Stopped] -- C:\Program Files\WinPcap\rpcapd.exe -- (rpcapd)
  93. SRV - [2011/02/14 20:01:26 | 000,008,192 | ---- | M] () [Auto | Stopped] -- C:\Windows\System32\srvany.exe -- (KMService)
  94. SRV - [2010/08/20 09:55:14 | 000,320,888 | ---- | M] (BUFFALO INC.) [Disabled | Stopped] -- C:\Program Files\BUFFALO\Backup_Utility\BUService.exe -- (BFBackupUtilityService)
  95. SRV - [2010/04/28 11:17:26 | 000,247,160 | ---- | M] (BUFFALO INC.) [Disabled | Stopped] -- C:\Program Files\BUFFALO\Backup_Utility\BUVSSService.exe -- (BFBackupUtilityVSSService)
  96. SRV - [2010/03/10 14:26:48 | 000,189,728 | ---- | M] (Protexis Inc.) [Auto | Running] -- c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2)
  97. SRV - [2010/01/22 08:01:00 | 000,172,032 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility)
  98. SRV - [2010/01/21 17:51:12 | 030,963,576 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service)
  99. SRV - [2009/12/15 10:39:38 | 000,096,896 | ---- | M] (ASUS) [Auto | Running] -- C:\Program Files\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe -- (ATKGFNEXSrv)
  100. SRV - [2009/11/26 08:59:56 | 000,261,456 | ---- | M] () [Auto | Running] -- C:\Program Files\USB Safely Remove\USBSRService.exe -- (USBSafelyRemoveService)
  101. SRV - [2009/09/30 19:33:08 | 000,262,144 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS)
  102. SRV - [2009/09/17 11:33:20 | 000,283,264 | ---- | M] (ASUSTeK Computer Inc.) [Auto | Stopped] -- C:\Windows\System32\FBAgent.exe -- (AFBAgent)
  103. SRV - [2009/07/14 08:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
  104. SRV - [2009/07/14 08:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
  105. SRV - [2009/07/14 08:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
  106. SRV - [2009/06/15 17:30:42 | 000,084,536 | ---- | M] (ASUS) [Auto | Running] -- C:\Program Files\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe -- (ASLDRService)
  107. SRV - [2008/09/26 19:03:34 | 000,188,416 | ---- | M] (Atheros Communications, Inc.) [Auto | Running] -- C:\Program Files\Jumpstart\jswpbapi.exe -- (jswpbapi)
  108. SRV - [2008/09/26 19:02:28 | 000,954,368 | ---- | M] (Atheros Communications, Inc.) [On_Demand | Stopped] -- C:\Program Files\Jumpstart\jswpsapi.exe -- (jswpsapi)
  109.  
  110.  
  111. [color=#E56717]========== Driver Services (SafeList) ==========[/color]
  112.  
  113. DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\PCTINDIS5.SYS -- (PCTINDIS5)
  114. DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\Baidu Security\PC Faster\4.0.0.0\PCFApiUtil.sys -- (PCFApiUtil)
  115. DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ew_jubusenum.sys -- (huawei_enumerator)
  116. DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ewusbnet.sys -- (ewusbnet)
  117. DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ewusbwwan.sys -- (ewusbmbb)
  118. DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ew_hwusbdev.sys -- (ew_hwusbdev)
  119. DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\CT_TCT_U_USBSER.sys -- (CT_TCT_U_USBSER)
  120. DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\BprotectEx.sys -- (BprotectEx)
  121. DRV - File not found [Kernel | System | Stopped] -- C:\Windows\System32\drivers\Bprotect.sys -- (Bprotect)
  122. DRV - File not found [Kernel | System | Stopped] -- C:\Windows\System32\drivers\bndef.sys -- (Bndef)
  123. DRV - File not found [Kernel | System | Stopped] -- System32\drivers\bnbasex.sys -- (Bnbase)
  124. DRV - File not found [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\BHipsEx.sys -- (BHipsEx)
  125. DRV - File not found [Kernel | Boot | Stopped] -- System32\drivers\Bhbase.sys -- (Bhbase)
  126. DRV - File not found [File_System | System | Stopped] -- C:\Windows\System32\drivers\Bfmon.sys -- (Bfmon)
  127. DRV - File not found [File_System | System | Stopped] -- C:\Windows\System32\drivers\Bfilter.sys -- (Bfilter)
  128. DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\Galu\AppData\Local\Temp\ALSysIO.sys -- (ALSysIO)
  129. DRV - [2015/07/02 04:49:24 | 000,428,120 | ---- | M] (Avast Software s.r.o.) [File_System | System | Running] -- C:\Windows\System32\drivers\aswsp.sys -- (aswSP)
  130. DRV - [2015/07/02 04:27:51 | 000,209,048 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\drivers\aswVmm.sys -- (aswVmm)
  131. DRV - [2015/07/02 04:27:51 | 000,106,912 | ---- | M] (Avast Software s.r.o.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\aswStm.sys -- (aswStm)
  132. DRV - [2015/07/02 04:27:50 | 000,081,728 | ---- | M] (Avast Software s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr2.sys -- (aswRdr)
  133. DRV - [2015/07/02 04:27:50 | 000,074,976 | ---- | M] (Avast Software s.r.o.) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
  134. DRV - [2015/07/02 04:27:50 | 000,049,904 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\drivers\aswRvrt.sys -- (aswRvrt)
  135. DRV - [2015/07/02 04:27:50 | 000,024,144 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\aswHwid.sys -- (aswHwid)
  136. DRV - [2015/07/02 04:27:13 | 000,787,760 | ---- | M] (Avast Software s.r.o.) [File_System | System | Running] -- C:\Windows\System32\drivers\aswSnx.sys -- (aswSnx)
  137. DRV - [2015/07/02 04:27:04 | 000,220,752 | ---- | M] (Avast Software) [Kernel | Auto | Running] -- C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys -- (VBoxAswDrv)
  138. DRV - [2015/06/12 09:00:58 | 000,123,968 | ---- | M] (Tonec Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\idmwfp.sys -- (IDMWFP)
  139. DRV - [2015/06/03 13:46:51 | 000,226,024 | ---- | M] (Elex do Brasil Participações Ltda) [File_System | System | Running] -- C:\Program Files\Elex-tech\YAC\iSafeKrnl.sys -- (iSafeKrnl)
  140. DRV - [2015/06/03 13:46:51 | 000,096,424 | ---- | M] (Elex do Brasil Participações Ltda) [Kernel | System | Running] -- C:\Program Files\Elex-tech\YAC\iSafeKrnlKit.sys -- (iSafeKrnlKit)
  141. DRV - [2015/06/03 13:46:51 | 000,048,784 | ---- | M] (Elex do Brasil Participações Ltda) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\iSafeKrnlBoot.sys -- (iSafeKrnlBoot)
  142. DRV - [2015/06/03 13:46:51 | 000,043,536 | ---- | M] (Elex do Brasil Participações Ltda) [File_System | System | Running] -- C:\Program Files\Elex-tech\YAC\iSafeKrnlMon.sys -- (iSafeKrnlMon)
  143. DRV - [2015/06/03 13:46:40 | 000,071,744 | ---- | M] (Elex do Brasil Participações Ltda) [Kernel | System | Running] -- C:\Program Files\Elex-tech\YAC\iSafeKrnlR3.sys -- (iSafeKrnlR3)
  144. DRV - [2015/04/17 09:43:55 | 000,044,712 | ---- | M] (Elex do Brasil Participações Ltda) [Kernel | System | Running] -- C:\Windows\System32\drivers\iSafeNetFilter.sys -- (iSafeNetFilter)
  145. DRV - [2014/09/04 21:26:05 | 000,243,128 | ---- | M] (Disc Soft Ltd) [Kernel | System | Running] -- C:\Windows\System32\drivers\dtsoftbus01.sys -- (dtsoftbus01)
  146. DRV - [2013/12/16 14:34:30 | 000,012,320 | ---- | M] (TuneUp Software) [Kernel | On_Demand | Running] -- C:\Program Files\TuneUp Utilities 2014\TuneUpUtilitiesDriver32.sys -- (TuneUpUtilitiesDrv)
  147. DRV - [2013/03/01 08:48:42 | 000,036,600 | ---- | M] (Riverbed Technology, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\npf.sys -- (NPF)
  148. DRV - [2013/02/09 09:57:21 | 000,026,504 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\swmsflt.sys -- (swmsflt)
  149. DRV - [2011/06/27 01:37:12 | 002,191,872 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
  150. DRV - [2010/07/05 02:51:26 | 000,004,096 | ---- | M] () [Kernel | Unavailable | Unknown] -- C:\Program Files\Unlocker\UnlockerDriver5.sys -- (UnlockerDriver5)
  151. DRV - [2010/02/25 10:27:00 | 000,098,928 | ---- | M] (JMicron Technology Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\JME.sys -- (JME)
  152. DRV - [2010/01/29 05:33:30 | 000,100,352 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AtiHdmi.sys -- (AtiHdmiService)
  153. DRV - [2010/01/22 08:12:40 | 005,191,680 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atipmdag.sys -- (amdkmdag)
  154. DRV - [2010/01/22 07:07:42 | 000,125,440 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmpag.sys -- (amdkmdap)
  155. DRV - [2009/12/15 14:41:30 | 000,268,912 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\SRS_SSCFilter_i386.sys -- (SRS_SSCFilter)
  156. DRV - [2009/09/17 12:54:14 | 000,041,088 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HECI.sys -- (HECI)
  157. DRV - [2009/08/19 06:23:28 | 000,119,408 | ---- | M] (JMicron Technology Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\jmcr.sys -- (JMCR)
  158. DRV - [2009/08/12 10:37:32 | 001,759,872 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\snp2uvc.sys -- (SNP2UVC)
  159. DRV - [2009/07/28 09:41:06 | 000,104,704 | ---- | M] (ZTEMT Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CT_ZTEMT_U_USBSER.sys -- (ztemtusbser)
  160. DRV - [2009/07/21 08:29:40 | 000,013,880 | ---- | M] ( ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\kbfiltr.sys -- (kbfiltr)
  161. DRV - [2009/07/14 08:19:10 | 000,175,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus)
  162. DRV - [2009/07/14 08:19:10 | 000,040,896 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
  163. DRV - [2009/07/14 08:19:10 | 000,028,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc)
  164. DRV - [2009/07/14 06:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp)
  165. DRV - [2009/07/14 06:51:11 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
  166. DRV - [2009/07/14 06:28:47 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap)
  167. DRV - [2009/07/14 06:28:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID)
  168. DRV - [2009/07/02 17:36:10 | 000,013,880 | ---- | M] (ASUS) [Kernel | Auto | Running] -- C:\Program Files\ASUS\ATK Package\ATKGFNEX\ASMMAP.sys -- (ASMMAP)
  169. DRV - [2009/05/13 09:06:48 | 000,014,392 | ---- | M] (ASUS) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ATKACPI.sys -- (MTsensor)
  170. DRV - [2008/05/23 17:25:42 | 000,131,000 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\WimFltr.sys -- (WimFltr)
  171. DRV - [2008/05/15 03:28:44 | 000,020,384 | ---- | M] (Atheros Communications, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\jswpslwf.sys -- (jswpslwf)
  172. DRV - [2008/05/06 16:06:00 | 000,011,520 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\wdcsam.sys -- (WDC_SAM)
  173. DRV - [2008/01/10 16:59:44 | 000,142,976 | ---- | M] (Sierra Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\swumx80.sys -- (SWUMX80)
  174. DRV - [2008/01/10 16:58:48 | 000,165,248 | ---- | M] (Sierra Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\swnc8u80.sys -- (SWNC8U80)
  175. DRV - [2007/08/24 19:44:54 | 000,101,504 | R--- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbmdm.sys -- (hwdatacard)
  176. DRV - [2005/01/14 23:14:07 | 000,047,616 | ---- | M] (Protection Technology) [Kernel | Boot | Stopped] -- C:\Windows\System32\drivers\sfdrv01.sys -- (sfdrv01)
  177. DRV - [2004/12/03 17:20:41 | 000,020,544 | ---- | M] (Protection Technology) [Kernel | Boot | Stopped] -- C:\Windows\System32\drivers\sfsync02.sys -- (sfsync02)
  178. DRV - [2004/10/28 17:47:59 | 000,006,656 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\sfhlp02.sys -- (sfhlp02)
  179.  
  180.  
  181. [color=#E56717]========== Standard Registry (SafeList) ==========[/color]
  182.  
  183.  
  184. [color=#E56717]========== Internet Explorer ==========[/color]
  185.  
  186. IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.delta-homes.com/?type=hp&ts=1419332295&from=wpm12233&uid=ST9320325AS_6VD5HBA1XXXX6VD5HBA1
  187. IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://isearch.omiga-plus.com/web/?type=ds&ts=1404422580&from=adks&uid=ST9320325AS_6VD5HBA1XXXX6VD5HBA1&q={searchTerms}
  188. IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://isearch.omiga-plus.com/web/?type=ds&ts=1404422580&from=adks&uid=ST9320325AS_6VD5HBA1XXXX6VD5HBA1&q={searchTerms}
  189. IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages =
  190. IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.delta-homes.com/?type=hp&ts=1419332295&from=wpm12233&uid=ST9320325AS_6VD5HBA1XXXX6VD5HBA1
  191. IE - HKLM\..\SearchScopes,DefaultScope = {33BB0A4E-99AF-4226-BDF6-49120163DE86}
  192. IE - HKLM\..\SearchScopes\{01bd49d7-c76b-4310-8beb-14d7e5f322c6}: "URL" = http://search.easylifeapp.com/?q={searchTerms}&pid=377&src=ie2&r=2013/03/04&hid=3327981695&lg=EN&cc=ID
  193. IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
  194. IE - HKLM\..\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}: "URL" = http://isearch.omiga-plus.com/web/?type=ds&ts=1404422580&from=adks&uid=ST9320325AS_6VD5HBA1XXXX6VD5HBA1&q={searchTerms}
  195. IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2405280
  196. IE - HKLM\..\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}: "URL" = http://websearch.a-searchpage.info/?l=1&q={searchTerms}&pid=298&r=2013/06/02&hid=3327981695&lg=EN&cc=ID&unqvl=18
  197. IE - HKLM\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = http://search.sweetim.com/search.asp?src=6&q={searchTerms}
  198.  
  199. IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,bProtector Start Page = http://search.babylon.com/?affID=112555&tt=270912_ctrl2_3912_1&babsrc=HP_ss&mntrId=c6197fe2000000000000000000000000
  200. IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,BrowserMngr Start Page = http://search.babylon.com/?affID=112555&tt=270912_ctrl2_3912_1&babsrc=HP_ss&mntrId=c6197fe2000000000000000000000000
  201. IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.delta-homes.com/?type=hp&ts=1419332295&from=wpm12233&uid=ST9320325AS_6VD5HBA1XXXX6VD5HBA1
  202. IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.delta-homes.com/web/?type=ds&ts=1419332295&from=wpm12233&uid=ST9320325AS_6VD5HBA1XXXX6VD5HBA1&q={searchTerms}
  203. IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,DefaultNetworkProfile = 65333288
  204. IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar =
  205. IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://search.delta-homes.com/web/?type=ds&ts=1419332295&from=wpm12233&uid=ST9320325AS_6VD5HBA1XXXX6VD5HBA1&q={searchTerms}
  206. IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages =
  207. IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.delta-homes.com/?type=hp&ts=1419332295&from=wpm12233&uid=ST9320325AS_6VD5HBA1XXXX6VD5HBA1
  208. IE - HKCU\..\URLSearchHook: {414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3} - No CLSID value found
  209. IE - HKCU\..\URLSearchHook: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - No CLSID value found
  210. IE - HKCU\..\URLSearchHook: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - No CLSID value found
  211. IE - HKCU\..\SearchScopes,bProtectorDefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
  212. IE - HKCU\..\SearchScopes,BrowserMngrDefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
  213. IE - HKCU\..\SearchScopes,DefaultScope = {33BB0A4E-99AF-4226-BDF6-49120163DE86}
  214. IE - HKCU\..\SearchScopes\{01bd49d7-c76b-4310-8beb-14d7e5f322c6}: "URL" = http://search.easylifeapp.com/?q={searchTerms}&pid=377&src=ie2&r=2013/03/04&hid=3327981695&lg=EN&cc=ID
  215. IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
  216. IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylon.com/?q={searchTerms}&affID=112555&tt=270912_ctrl2_3912_1&babsrc=SP_ss&mntrId=c6197fe2000000000000000000000000
  217. IE - HKCU\..\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}: "URL" = http://search.delta-homes.com/web/?type=ds&ts=1432810207&z=4abf91d49922251b3b314ebg2z5c9oab1g9e9o6gbe&from=wpm05283&uid=ST9320325AS_6VD5HBA1XXXX6VD5HBA1&q={searchTerms}
  218. IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2405280
  219. IE - HKCU\..\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}: "URL" = http://websearch.a-searchpage.info/?l=1&q={searchTerms}&pid=298&r=2013/06/02&hid=3327981695&lg=EN&cc=ID&unqvl=18
  220. IE - HKCU\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = http://search.sweetim.com/search.asp?src=6&q={searchTerms}
  221. IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
  222. IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 10.254.*.*;elearning-djp;<local>
  223.  
  224. [color=#E56717]========== FireFox ==========[/color]
  225.  
  226. FF - prefs.js..browser.search.countryCode: "ID"
  227. FF - prefs.js..browser.search.region: "ID"
  228. FF - prefs.js..browser.search.searchengine.alias: ""
  229. FF - prefs.js..browser.search.searchengine.iconURL: "http://www.v9.com/favicon.ico?t=1"
  230. FF - prefs.js..browser.search.searchengine.name: "V9 "
  231. FF - prefs.js..browser.search.searchengine.ref: ""
  232. FF - prefs.js..browser.search.searchengine.ts: "1447052183"
  233. FF - prefs.js..browser.search.searchengine.type: ""
  234. FF - prefs.js..browser.search.searchengine.uid: "st9320325as_6vd5hba1xxxx6vd5hba1"
  235. FF - prefs.js..browser.search.searchengine.url: "http://www.v9.com/web?type=ds&ts=1447052183&from=zzgbkk123&uid=st9320325as_6vd5hba1xxxx6vd5hba1&z=f9b6eb2bf3d24b96243eaa8g8z4z8m1e5waobgcbfq&q={searchTerms}"
  236. FF - prefs.js..extensions.enabledAddons: mozilla_cc2%40internetdownloadmanager.com:6.23.19
  237. FF - prefs.js..extensions.enabledAddons: wrc%40avast.com:10.2.0.187
  238. FF - prefs.js..extensions.enabledAddons: adblockpopups%40jessehakanen.net:0.9.1
  239. FF - prefs.js..extensions.enabledAddons: %7Bc36177c0-224a-11da-8cd6-0800200c9a91%7D:3.9.85
  240. FF - prefs.js..extensions.enabledAddons: %7BCAFEEFAC-0017-0000-0000-ABCDEFFEDCBA%7D:7.0
  241. FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:42.0
  242. FF - prefs.js..network.proxy.type: 4
  243. FF - user.js - File not found
  244.  
  245. FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_15_0_0_152.dll ()
  246. FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw_1213153.dll (Adobe Systems, Inc.)
  247. FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
  248. FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
  249. FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
  250. FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
  251. FF - HKLM\Software\MozillaPlugins\@nitropdf.com/NitroPDF: C:\Program Files\Nitro\Pro 9\npnitromozilla.dll (Nitro PDF)
  252. FF - HKLM\Software\MozillaPlugins\@pages.tvunetworks.com/WebPlayer: C:\Windows\system32\TVUAx\npTVUAx.dll (TVU networks)
  253. FF - HKLM\Software\MozillaPlugins\@RIM.com/WebSLLauncher,version=1.0: C:\Program Files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()
  254. FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.28.15\npGoogleUpdate3.dll (Google Inc.)
  255. FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.28.15\npGoogleUpdate3.dll (Google Inc.)
  256. FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
  257.  
  258. FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2015/07/02 04:27:56 | 000,000,000 | ---D | M]
  259. FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\faststartff@gmail.com: C:\Users\Galu\AppData\Roaming\Mozilla\Firefox\Profiles\vkwv1ggd.default\extensions\faststartff@gmail.com
  260. FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\detgdp@gmail.com: C:\Users\Galu\AppData\Roaming\Mozilla\Firefox\Profiles\kok1hbav.default\extensions\detgdp@gmail.com
  261. FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\quick_searchff@gmail.com: C:\Users\Galu\AppData\Roaming\Mozilla\Firefox\Profiles\lqpm8kah.default-1426618261060\extensions\quick_searchff@gmail.com
  262. FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\sweetsearch@gmail.com: C:\Users\Galu\AppData\Roaming\Mozilla\Firefox\Profiles\lqpm8kah.default-1426618261060\extensions\sweetsearch@gmail.com
  263. FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\arthurj8283@gmail.com: C:\Users\Galu\AppData\Roaming\Mozilla\Firefox\Profiles\8e2d0m3s.default\extensions\arthurj8283@gmail.com [2015/11/09 14:38:38 | 000,000,000 | ---D | M]
  264. FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\mozilla_cc2@internetdownloadmanager.com: C:\Program Files\Internet Download Manager\idmmzcc2.xpi [2015/08/14 17:36:02 | 000,029,742 | ---- | M] ()
  265. FF - HKEY_CURRENT_USER\software\mozilla\SeaMonkey\Extensions\\mozilla_cc@internetdownloadmanager.com: C:\Users\Galu\AppData\Roaming\IDM\idmmzcc5 [2015/09/05 16:34:14 | 000,000,000 | ---D | M]
  266.  
  267. [2015/11/07 10:27:05 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Galu\AppData\Roaming\Mozilla\Extensions
  268. [2015/11/09 14:38:38 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Galu\AppData\Roaming\Mozilla\Firefox\Profiles\8e2d0m3s.default\extensions
  269. [2015/11/09 14:38:38 | 000,000,000 | ---D | M] (xRocket Toolbar) -- C:\Users\Galu\AppData\Roaming\Mozilla\Firefox\Profiles\8e2d0m3s.default\extensions\arthurj8283@gmail.com
  270. [2015/11/08 19:39:08 | 000,419,152 | ---- | M] () (No name found) -- C:\Users\Galu\AppData\Roaming\Mozilla\Firefox\Profiles\8e2d0m3s.default\extensions\client@anonymox.net.xpi
  271. [2015/11/07 20:51:02 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions
  272. [2015/11/07 20:52:01 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
  273. [2015/11/07 20:51:01 | 000,000,000 | ---D | M] (Tweak Network) -- C:\Program Files\Mozilla Firefox\browser\extensions\{DAD0F81A-CF67-4eed-98D6-26F6E47274CA}
  274. [2015/11/07 20:50:54 | 000,000,000 | ---D | M] ("Xmarks") -- C:\Program Files\Mozilla Firefox\browser\extensions\foxmarks@kei.com
  275. [2015/11/07 20:51:01 | 000,000,000 | ---D | M] (FoxyProxy Standard) -- C:\Program Files\Mozilla Firefox\browser\extensions\foxyproxy@eric.h.jung
  276. [2015/07/02 04:27:56 | 000,000,000 | ---D | M] ("Avast Online Security") -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF
  277. [2015/08/14 17:36:02 | 000,029,742 | ---- | M] () (No name found) -- C:\PROGRAM FILES\INTERNET DOWNLOAD MANAGER\IDMMZCC2.XPI
  278. [2014/04/02 08:17:34 | 000,102,696 | ---- | M] () (No name found) -- C:\PROGRAM FILES\MOZILLA FIREFOX\BROWSER\EXTENSIONS\{C36177C0-224A-11DA-8CD6-0800200C9A91}.XPI
  279. [2012/02/15 17:54:18 | 000,006,902 | ---- | M] () (No name found) -- C:\PROGRAM FILES\MOZILLA FIREFOX\BROWSER\EXTENSIONS\{CAFEEFAC-0017-0000-0000-ABCDEFFEDCBA}.XPI
  280. [2013/11/02 14:17:02 | 000,128,676 | ---- | M] () (No name found) -- C:\PROGRAM FILES\MOZILLA FIREFOX\BROWSER\EXTENSIONS\ADBLOCKPOPUPS@JESSEHAKANEN.NET.XPI
  281.  
  282. O1 HOSTS File: ([2013/12/02 20:10:07 | 000,000,586 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
  283. O2 - BHO: (IDM integration (IDMIEHlprObj Class)) - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll (Internet Download Manager, Tonec Inc.)
  284. O2 - BHO: (Speed Test 127) - {11C8C9C0-D918-44C0-8B5E-D297DA42F2C7} - C:\Program Files\Speed Test 127\ScriptHost.dll (BestOffers)
  285. O2 - BHO: (no name) - {2EECD738-5844-4a99-B4B6-146BF802613B} - No CLSID value found.
  286. O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
  287. O2 - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (Avast Software s.r.o.)
  288. O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
  289. O3 - HKLM\..\Toolbar: (no name) - {98889811-442D-49dd-99D7-DC866BE87DBC} - No CLSID value found.
  290. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {414B6D9D-4A95-4E8D-B5B1-149DD2D93BB3} - No CLSID value found.
  291. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {88C7F2AA-F93F-432C-8F0E-B7D85967A527} - No CLSID value found.
  292. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EEE6C35B-6118-11DC-9C72-001320C79847} - No CLSID value found.
  293. O4 - HKLM..\Run: [] Reg Error: Value error. File not found
  294. O4 - HKLM..\Run: [ATKMEDIA] C:\Program Files\ASUS\ATK Package\ATK Media\DMedia.exe (ASUS)
  295. O4 - HKLM..\Run: [ATKOSD2] C:\Program Files\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe (ASUS)
  296. O4 - HKLM..\Run: [AvastUI.exe] C:\Program Files\AVAST Software\Avast\AvastUI.exe (Avast Software s.r.o.)
  297. O4 - HKLM..\Run: [ETDWare] C:\Program Files\Elantech\ETDCtrl.exe (ELAN Microelectronic Corp.)
  298. O4 - HKLM..\Run: [HControlUser] C:\Program Files\ASUS\ATK Package\ATK Hotkey\HControlUser.exe (ASUS)
  299. O4 - HKCU..\Run: [] Reg Error: Value error. File not found
  300. O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files\Daemon Tools\DAEMON Tools Lite\DTLite.exe (Disc Soft Ltd)
  301. O4 - HKCU..\Run: [USB Safely Remove] C:\Program Files\USB Safely Remove\USBSafelyRemove.exe ()
  302. O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: TaskbarNoNotification = 1
  303. O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAHealth = 1
  304. O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: 1134868281 = C:\ProgramData\mszbjzre.exe ()
  305. O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: = Reg Error: Value error. File not found
  306. O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
  307. O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
  308. O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
  309. O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
  310. O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: SoftwareSASGeneration = 1
  311. O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: TaskbarNoNotification = 1
  312. O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAHealth = 1
  313. O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
  314. O8 - Extra context menu item: Download all links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm ()
  315. O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm ()
  316. O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
  317. O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
  318. O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
  319. O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
  320. O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
  321. O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
  322. O13 - gopher Prefix: missing
  323. O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
  324. O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0B96739E-1336-4F2D-908A-E849540744A5}: NameServer = 192.168.1.1,222.124.204.34
  325. O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{32F3231D-5AF3-449C-A306-A3C7023D1F0E}: DhcpNameServer = 192.168.1.1
  326. O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
  327. O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
  328. O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
  329. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
  330. O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
  331. O32 - HKLM CDRom: AutoRun - 1
  332. O32 - AutoRun File - [2009/06/11 04:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
  333. O32 - AutoRun File - [2009/12/11 08:51:00 | 000,000,000 | ---D | M] - D:\AUTORUN_.INF -- [ FAT32 ]
  334. O33 - MountPoints2\{085c62b0-b1fd-11e1-92ad-20cf30484784}\Shell - "" = AutoRun
  335. O33 - MountPoints2\{085c62b0-b1fd-11e1-92ad-20cf30484784}\Shell\AutoRun\command - "" = G:\AutoRun.exe
  336. O33 - MountPoints2\{091f8584-5da1-11e1-8a96-20cf30484784}\Shell - "" = AutoRun
  337. O33 - MountPoints2\{091f8584-5da1-11e1-8a96-20cf30484784}\Shell\AutoRun\command - "" = G:\AutoRun.exe
  338. O33 - MountPoints2\{091f8594-5da1-11e1-8a96-20cf30484784}\Shell - "" = AutoRun
  339. O33 - MountPoints2\{091f8594-5da1-11e1-8a96-20cf30484784}\Shell\AutoRun\command - "" = G:\AutoRun.exe
  340. O33 - MountPoints2\{13a18c7f-bc08-11e1-97d5-20cf30484784}\Shell - "" = AutoRun
  341. O33 - MountPoints2\{13a18c7f-bc08-11e1-97d5-20cf30484784}\Shell\AutoRun\command - "" = G:\AutoRun.exe
  342. O33 - MountPoints2\{13a18c84-bc08-11e1-97d5-20cf30484784}\Shell - "" = AutoRun
  343. O33 - MountPoints2\{13a18c84-bc08-11e1-97d5-20cf30484784}\Shell\AutoRun\command - "" = G:\AutoRun.exe
  344. O33 - MountPoints2\{1ae23c2e-e66e-11e0-9a42-20cf30484784}\Shell - "" = AutoRun
  345. O33 - MountPoints2\{1ae23c2e-e66e-11e0-9a42-20cf30484784}\Shell\AutoRun\command - "" = G:\AutoRun.exe
  346. O33 - MountPoints2\{1ae23c3d-e66e-11e0-9a42-20cf30484784}\Shell - "" = AutoRun
  347. O33 - MountPoints2\{1ae23c3d-e66e-11e0-9a42-20cf30484784}\Shell\AutoRun\command - "" = G:\AutoRun.exe
  348. O33 - MountPoints2\{1ae23c5a-e66e-11e0-9a42-20cf30484784}\Shell - "" = AutoRun
  349. O33 - MountPoints2\{1ae23c5a-e66e-11e0-9a42-20cf30484784}\Shell\AutoRun\command - "" = G:\AutoRun.exe
  350. O33 - MountPoints2\{1dc74181-d9c1-11e0-9da2-20cf30484784}\Shell - "" = AutoRun
  351. O33 - MountPoints2\{1dc74181-d9c1-11e0-9da2-20cf30484784}\Shell\AutoRun\command - "" = G:\AutoRun.exe
  352. O33 - MountPoints2\{1dc7418f-d9c1-11e0-9da2-20cf30484784}\Shell - "" = AutoRun
  353. O33 - MountPoints2\{1dc7418f-d9c1-11e0-9da2-20cf30484784}\Shell\AutoRun\command - "" = G:\AutoRun.exe
  354. O33 - MountPoints2\{1e387379-338d-11e0-9944-20cf30484784}\Shell - "" = AutoRun
  355. O33 - MountPoints2\{1e387379-338d-11e0-9944-20cf30484784}\Shell\AutoRun\command - "" = G:\Setup.exe /Auto
  356. O33 - MountPoints2\{32fbf619-7244-11e2-90e9-20cf30484784}\Shell - "" = AutoRun
  357. O33 - MountPoints2\{32fbf619-7244-11e2-90e9-20cf30484784}\Shell\AutoRun\command - "" = H:\WIN\setup.exe
  358. O33 - MountPoints2\{4371c044-8919-11e2-90f1-20cf30484784}\Shell - "" = AutoRun
  359. O33 - MountPoints2\{4371c044-8919-11e2-90f1-20cf30484784}\Shell\AutoRun\command - "" = G:\AutoRun.exe
  360. O33 - MountPoints2\{4794ee9b-29de-11e0-b350-20cf30484784}\Shell - "" = AutoRun
  361. O33 - MountPoints2\{4794ee9b-29de-11e0-b350-20cf30484784}\Shell\AutoRun\command - "" = H:\LaunchU3.exe -a
  362. O33 - MountPoints2\{492e196b-ef98-11e0-99f9-001e101f2a27}\Shell - "" = AutoRun
  363. O33 - MountPoints2\{492e196b-ef98-11e0-99f9-001e101f2a27}\Shell\AutoRun\command - "" = G:\AutoRun.exe
  364. O33 - MountPoints2\{525e15ba-9a76-11e2-b75c-20cf30484784}\Shell - "" = AutoRun
  365. O33 - MountPoints2\{525e15ba-9a76-11e2-b75c-20cf30484784}\Shell\AutoRun\command - "" = G:\Windows\CHECK\DriveNavigator.exe
  366. O33 - MountPoints2\{531be41d-e06c-11e1-abee-001e101fb45e}\Shell - "" = AutoRun
  367. O33 - MountPoints2\{531be41d-e06c-11e1-abee-001e101fb45e}\Shell\AutoRun\command - "" = G:\AutoRun.exe
  368. O33 - MountPoints2\{531be432-e06c-11e1-abee-20cf30484784}\Shell - "" = AutoRun
  369. O33 - MountPoints2\{531be432-e06c-11e1-abee-20cf30484784}\Shell\AutoRun\command - "" = G:\AutoRun.exe
  370. O33 - MountPoints2\{5415588b-e1c7-11e1-ab8e-20cf30484784}\Shell - "" = AutoRun
  371. O33 - MountPoints2\{5415588b-e1c7-11e1-ab8e-20cf30484784}\Shell\AutoRun\command - "" = G:\AutoRun.exe
  372. O33 - MountPoints2\{5415589a-e1c7-11e1-ab8e-20cf30484784}\Shell - "" = AutoRun
  373. O33 - MountPoints2\{5415589a-e1c7-11e1-ab8e-20cf30484784}\Shell\AutoRun\command - "" = G:\AutoRun.exe
  374. O33 - MountPoints2\{5c5e33ee-bdd3-11e1-8e72-001e101f1ed9}\Shell - "" = AutoRun
  375. O33 - MountPoints2\{5c5e33ee-bdd3-11e1-8e72-001e101f1ed9}\Shell\AutoRun\command - "" = G:\AutoRun.exe
  376. O33 - MountPoints2\{5c5e33fd-bdd3-11e1-8e72-20cf30484784}\Shell - "" = AutoRun
  377. O33 - MountPoints2\{5c5e33fd-bdd3-11e1-8e72-20cf30484784}\Shell\AutoRun\command - "" = H:\AutoRun.exe
  378. O33 - MountPoints2\{7ab78c6b-c14f-11e1-abfa-20cf30484784}\Shell - "" = AutoRun
  379. O33 - MountPoints2\{7ab78c6b-c14f-11e1-abfa-20cf30484784}\Shell\AutoRun\command - "" = G:\AutoRun.exe
  380. O33 - MountPoints2\{7faf5705-2483-11e0-a458-20cf30484784}\Shell - "" = AutoRun
  381. O33 - MountPoints2\{7faf5705-2483-11e0-a458-20cf30484784}\Shell\AutoRun\command - "" = G:\AutoRun.exe
  382. O33 - MountPoints2\{86ab8a21-23bf-11e1-9541-001e101f79c9}\Shell - "" = AutoRun
  383. O33 - MountPoints2\{86ab8a21-23bf-11e1-9541-001e101f79c9}\Shell\AutoRun\command - "" = I:\7sinsLauncher.exe
  384. O33 - MountPoints2\{86b4e784-e658-11e0-99c9-001e101f57d0}\Shell - "" = AutoRun
  385. O33 - MountPoints2\{86b4e784-e658-11e0-99c9-001e101f57d0}\Shell\AutoRun\command - "" = G:\AutoRun.exe
  386. O33 - MountPoints2\{86b4e7a1-e658-11e0-99c9-001e101f57d0}\Shell - "" = AutoRun
  387. O33 - MountPoints2\{86b4e7a1-e658-11e0-99c9-001e101f57d0}\Shell\AutoRun\command - "" = G:\AutoRun.exe
  388. O33 - MountPoints2\{99f54f1c-e196-11e1-8e9b-001e101f50a4}\Shell - "" = AutoRun
  389. O33 - MountPoints2\{99f54f1c-e196-11e1-8e9b-001e101f50a4}\Shell\AutoRun\command - "" = G:\AutoRun.exe
  390. O33 - MountPoints2\{99f54f21-e196-11e1-8e9b-20cf30484784}\Shell - "" = AutoRun
  391. O33 - MountPoints2\{99f54f21-e196-11e1-8e9b-20cf30484784}\Shell\AutoRun\command - "" = G:\AutoRun.exe
  392. O33 - MountPoints2\{9e818423-e65a-11e0-b970-20cf30484784}\Shell - "" = AutoRun
  393. O33 - MountPoints2\{9e818423-e65a-11e0-b970-20cf30484784}\Shell\AutoRun\command - "" = G:\AutoRun.exe
  394. O33 - MountPoints2\{9e818440-e65a-11e0-b970-20cf30484784}\Shell - "" = AutoRun
  395. O33 - MountPoints2\{9e818440-e65a-11e0-b970-20cf30484784}\Shell\AutoRun\command - "" = G:\AutoRun.exe
  396. O33 - MountPoints2\{9e818452-e65a-11e0-b970-20cf30484784}\Shell - "" = AutoRun
  397. O33 - MountPoints2\{9e818452-e65a-11e0-b970-20cf30484784}\Shell\AutoRun\command - "" = G:\AutoRun.exe
  398. O33 - MountPoints2\{9e818460-e65a-11e0-b970-20cf30484784}\Shell - "" = AutoRun
  399. O33 - MountPoints2\{9e818460-e65a-11e0-b970-20cf30484784}\Shell\AutoRun\command - "" = G:\AutoRun.exe
  400. O33 - MountPoints2\{a0de8c3c-bac0-11e1-93fe-001e101f8ed0}\Shell - "" = AutoRun
  401. O33 - MountPoints2\{a0de8c3c-bac0-11e1-93fe-001e101f8ed0}\Shell\AutoRun\command - "" = G:\AutoRun.exe
  402. O33 - MountPoints2\{a0de8c40-bac0-11e1-93fe-001e101f8ed0}\Shell - "" = AutoRun
  403. O33 - MountPoints2\{a0de8c40-bac0-11e1-93fe-001e101f8ed0}\Shell\AutoRun\command - "" = G:\AutoRun.exe
  404. O33 - MountPoints2\{addcf63a-8af5-11e2-94e0-20cf30484784}\Shell - "" = AutoRun
  405. O33 - MountPoints2\{addcf63a-8af5-11e2-94e0-20cf30484784}\Shell\AutoRun\command - "" = G:\AutoRun.exe
  406. O33 - MountPoints2\{addcf63c-8af5-11e2-94e0-20cf30484784}\Shell - "" = AutoRun
  407. O33 - MountPoints2\{addcf63c-8af5-11e2-94e0-20cf30484784}\Shell\AutoRun\command - "" = G:\AutoRun.exe
  408. O33 - MountPoints2\{b38ca111-247e-11e0-8985-806e6f6e6963}\Shell - "" = AutoRun
  409. O33 - MountPoints2\{b38ca111-247e-11e0-8985-806e6f6e6963}\Shell\AutoRun\command - "" = F:\InstAll.exe
  410. O33 - MountPoints2\{b38ca140-247e-11e0-8985-df875ce88747}\Shell - "" = AutoRun
  411. O33 - MountPoints2\{b38ca140-247e-11e0-8985-df875ce88747}\Shell\AutoRun\command - "" = H:\LaunchU3.exe -a
  412. O33 - MountPoints2\{b66447bd-93ab-11e2-9040-20cf30484784}\Shell - "" = AutoRun
  413. O33 - MountPoints2\{b66447bd-93ab-11e2-9040-20cf30484784}\Shell\AutoRun\command - "" = G:\AutoRun.exe
  414. O33 - MountPoints2\{baa1fdff-3352-11e0-8a8b-20cf30484784}\Shell - "" = AutoRun
  415. O33 - MountPoints2\{baa1fdff-3352-11e0-8a8b-20cf30484784}\Shell\AutoRun\command - "" = H:\LaunchU3.exe -a
  416. O33 - MountPoints2\{bff518ba-e65e-11e0-9e24-001e101f82a0}\Shell - "" = AutoRun
  417. O33 - MountPoints2\{bff518ba-e65e-11e0-9e24-001e101f82a0}\Shell\AutoRun\command - "" = G:\AutoRun.exe
  418. O33 - MountPoints2\{c402e07f-e0ec-11e1-ab32-20cf30484784}\Shell - "" = AutoRun
  419. O33 - MountPoints2\{c402e07f-e0ec-11e1-ab32-20cf30484784}\Shell\AutoRun\command - "" = G:\AutoRun.exe
  420. O33 - MountPoints2\{c402e0a3-e0ec-11e1-ab32-20cf30484784}\Shell - "" = AutoRun
  421. O33 - MountPoints2\{c402e0a3-e0ec-11e1-ab32-20cf30484784}\Shell\AutoRun\command - "" = G:\AutoRun.exe
  422. O33 - MountPoints2\{c505420c-e1c0-11e1-af99-20cf30484784}\Shell - "" = AutoRun
  423. O33 - MountPoints2\{c505420c-e1c0-11e1-af99-20cf30484784}\Shell\AutoRun\command - "" = G:\AutoRun.exe
  424. O33 - MountPoints2\{c7a57338-1fea-11e3-be95-20cf30484784}\Shell - "" = AutoRun
  425. O33 - MountPoints2\{c7a57338-1fea-11e3-be95-20cf30484784}\Shell\AutoRun\command - "" = G:\AutoRun.exe
  426. O33 - MountPoints2\{caafe87a-e668-11e0-9da7-20cf30484784}\Shell - "" = AutoRun
  427. O33 - MountPoints2\{caafe87a-e668-11e0-9da7-20cf30484784}\Shell\AutoRun\command - "" = G:\AutoRun.exe
  428. O33 - MountPoints2\{dd25b016-d550-11e1-8fa4-20cf30484784}\Shell - "" = AutoRun
  429. O33 - MountPoints2\{dd25b016-d550-11e1-8fa4-20cf30484784}\Shell\AutoRun\command - "" = H:\AutoRun.exe
  430. O33 - MountPoints2\{e1efbd6c-24d2-11e3-bacb-20cf30484784}\Shell - "" = AutoRun
  431. O33 - MountPoints2\{e1efbd6c-24d2-11e3-bacb-20cf30484784}\Shell\AutoRun\command - "" = G:\AutoRun.exe
  432. O33 - MountPoints2\{e40d606d-e679-11e0-99ce-20cf30484784}\Shell - "" = AutoRun
  433. O33 - MountPoints2\{e40d606d-e679-11e0-99ce-20cf30484784}\Shell\AutoRun\command - "" = G:\AutoRun.exe
  434. O33 - MountPoints2\{ed91e2b9-a0bf-11e1-9528-20cf30484784}\Shell - "" = AutoRun
  435. O33 - MountPoints2\{ed91e2b9-a0bf-11e1-9528-20cf30484784}\Shell\AutoRun\command - "" = G:\AutoRun.exe
  436. O33 - MountPoints2\{ee448011-3efd-11e1-9488-001e101fabdd}\Shell - "" = AutoRun
  437. O33 - MountPoints2\{ee448011-3efd-11e1-9488-001e101fabdd}\Shell\AutoRun\command - "" = G:\Setup.exe /Auto
  438. O33 - MountPoints2\{fb445209-e669-11e0-99b3-20cf30484784}\Shell - "" = AutoRun
  439. O33 - MountPoints2\{fb445209-e669-11e0-99b3-20cf30484784}\Shell\AutoRun\command - "" = G:\AutoRun.exe
  440. O33 - MountPoints2\{fee6bda3-dc81-11e1-931e-001e101faa49}\Shell - "" = AutoRun
  441. O33 - MountPoints2\{fee6bda3-dc81-11e1-931e-001e101faa49}\Shell\AutoRun\command - "" = G:\AutoRun.exe
  442. O33 - MountPoints2\{fee6bdaf-dc81-11e1-931e-001e101faa49}\Shell - "" = AutoRun
  443. O33 - MountPoints2\{fee6bdaf-dc81-11e1-931e-001e101faa49}\Shell\AutoRun\command - "" = G:\AutoRun.exe
  444. O33 - MountPoints2\G\Shell - "" = AutoRun
  445. O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\AutoRun.exe
  446. O34 - HKLM BootExecute: (autocheck autochk *)
  447. O35 - HKLM\..comfile [open] -- "%1" %*
  448. O35 - HKLM\..exefile [open] -- "%1" %*
  449. O37 - HKLM\...com [@ = comfile] -- "%1" %*
  450. O37 - HKLM\...exe [@ = exefile] -- "%1" %*
  451. O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
  452. O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
  453. O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
  454.  
  455. [color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]
  456.  
  457. [2015/11/28 09:42:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Attribute Changer
  458. [2015/11/28 09:42:15 | 000,000,000 | ---D | C] -- C:\Program Files\Attribute Changer
  459. [2015/11/28 09:22:38 | 000,000,000 | ---D | C] -- C:\Users\Galu\AppData\Local\HHD Software
  460. [2015/11/28 09:22:38 | 000,000,000 | ---D | C] -- C:\Users\Galu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HHD Hex Editor Neo
  461. [2015/11/26 20:37:21 | 000,000,000 | ---D | C] -- C:\Users\Galu\AppData\Roaming\5ba22
  462. [2015/11/26 06:39:32 | 000,000,000 | -HSD | C] -- C:\Config.Msi
  463. [2015/11/24 07:23:07 | 000,000,000 | ---D | C] -- C:\Users\Galu\AppData\Local\16671
  464. [2015/11/24 07:01:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Books Downloader
  465. [2015/11/23 08:06:57 | 000,000,000 | ---D | C] -- C:\Users\Galu\AppData\Roaming\Psiphon3
  466. [2015/11/22 07:44:52 | 000,000,000 | ---D | C] -- C:\Users\Galu\Desktop\Tutorial Cara Membobol Password Wifi WPA-WPA2 Melalui WPS - AREA KOST NETWORK_files
  467. [2015/11/22 07:38:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinPcap
  468. [2015/11/22 07:38:16 | 000,000,000 | ---D | C] -- C:\Program Files\WinPcap
  469. [2015/11/22 07:37:03 | 000,020,384 | ---- | C] (Atheros Communications, Inc.) -- C:\Windows\System32\drivers\jswpslwf.sys
  470. [2015/11/22 07:36:50 | 000,000,000 | ---D | C] -- C:\Program Files\Jumpstart
  471. [2015/11/22 07:36:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Atheros
  472. [2015/11/22 07:36:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Atheros
  473. [2015/11/07 20:50:46 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
  474. [2015/11/07 10:27:04 | 000,000,000 | ---D | C] -- C:\Users\Galu\AppData\Roaming\Mozilla
  475. [2015/11/07 09:29:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla
  476. [2015/11/07 09:29:40 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Maintenance Service
  477. [2006/09/16 16:14:29 | 000,140,800 | ---- | C] (Microsoft Corporation) -- C:\Program Files\setup.exe
  478. [6 C:\Program Files\*.tmp files -> C:\Program Files\*.tmp -> ]
  479.  
  480. [color=#E56717]========== Files - Modified Within 30 Days ==========[/color]
  481.  
  482. [2015/11/30 06:13:04 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
  483. [2015/11/30 05:37:00 | 000,001,000 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
  484. [2015/11/29 21:37:00 | 000,000,996 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
  485. [2015/11/29 16:47:28 | 000,016,624 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
  486. [2015/11/29 16:47:28 | 000,016,624 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
  487. [2015/11/29 16:41:24 | 000,000,198 | ---- | M] () -- C:\Windows\tasks\AutoKMS.job
  488. [2015/11/29 16:41:23 | 000,000,202 | ---- | M] () -- C:\Windows\tasks\AutoKMSDaily.job
  489. [2015/11/29 16:41:13 | 000,078,848 | ---- | M] () -- C:\Windows\KMSEmulator.exe
  490. [2015/11/29 16:41:08 | 000,000,358 | ---- | M] () -- C:\Windows\tasks\AmiUpdXp.job
  491. [2015/11/29 16:39:51 | 000,065,536 | ---- | M] () -- C:\Windows\System32\Ikeext.etl
  492. [2015/11/29 16:39:29 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
  493. [2015/11/29 16:39:22 | 2351,063,040 | -HS- | M] () -- C:\hiberfil.sys
  494. [2015/11/29 06:02:41 | 000,655,590 | ---- | M] () -- C:\Windows\System32\perfh009.dat
  495. [2015/11/29 06:02:41 | 000,121,932 | ---- | M] () -- C:\Windows\System32\perfc009.dat
  496. [2015/11/28 09:22:53 | 000,002,235 | ---- | M] () -- C:\Users\Galu\Application Data\Microsoft\Internet Explorer\Quick Launch\Hex Editor Neo.lnk
  497. [2015/11/28 09:22:53 | 000,002,233 | ---- | M] () -- C:\Users\Galu\Desktop\Hex Editor Neo.lnk
  498. [2015/11/28 09:04:00 | 003,887,478 | ---- | M] () -- C:\Users\Galu\Desktop\P_20151128_090400.jpg
  499. [2015/11/27 06:49:43 | 000,045,681 | ---- | M] () -- C:\HELP_YOUR_FILES.PNG
  500. [2015/11/27 06:48:28 | 000,045,681 | ---- | M] () -- C:\Users\Public\Documents\HELP_YOUR_FILES.PNG
  501. [2015/11/27 06:48:17 | 000,045,681 | ---- | M] () -- C:\Users\Galu\HELP_YOUR_FILES.PNG
  502. [2015/11/26 22:47:29 | 000,045,681 | ---- | M] () -- C:\Users\Galu\Documents\HELP_YOUR_FILES.PNG
  503. [2015/11/26 22:47:29 | 000,000,588 | ---- | M] () -- C:\Users\Galu\Documents\pr6aa.p6z3k
  504. [2015/11/26 22:47:29 | 000,000,556 | ---- | M] () -- C:\Users\Galu\Documents\2t05s9r6t.lst6
  505. [2015/11/26 22:47:29 | 000,000,524 | ---- | M] () -- C:\Users\Galu\Documents\iaeh59s.b47y5
  506. [2015/11/26 22:47:29 | 000,000,524 | ---- | M] () -- C:\Users\Galu\Documents\9lywi6tra.9y2
  507. [2015/11/26 22:47:29 | 000,000,492 | ---- | M] () -- C:\Users\Galu\Documents\e8n9zd.u4ro
  508. [2015/11/26 22:47:28 | 000,000,572 | ---- | M] () -- C:\Users\Galu\Documents\p90f18q0.0o5
  509. [2015/11/26 22:47:28 | 000,000,540 | ---- | M] () -- C:\Users\Galu\Documents\dp511e3.nzf9z
  510. [2015/11/26 22:47:28 | 000,000,492 | ---- | M] () -- C:\Users\Galu\Documents\w18sgc.66qp
  511. [2015/11/26 22:47:15 | 000,000,524 | ---- | M] () -- C:\Users\Galu\Documents\r7s29by.3ixd9
  512. [2015/11/26 22:47:14 | 000,215,116 | ---- | M] () -- C:\Users\Galu\Documents\a5alm.86un
  513. [2015/11/26 22:47:14 | 000,031,548 | ---- | M] () -- C:\Users\Galu\Documents\hrx88o6.x7
  514. [2015/11/26 22:47:14 | 000,004,188 | ---- | M] () -- C:\Users\Galu\Documents\27w9878v7g.5h1
  515. [2015/11/26 22:47:13 | 000,013,596 | ---- | M] () -- C:\Users\Galu\Documents\2cx92j.ilx74
  516. [2015/11/26 22:47:00 | 000,000,796 | ---- | M] () -- C:\Users\Galu\Documents\d638p3.5skw
  517. [2015/11/26 22:44:39 | 000,015,532 | ---- | M] () -- C:\Users\Galu\Documents\83s6lf.z3ao
  518. [2015/11/26 22:44:35 | 004,557,532 | ---- | M] () -- C:\Users\Galu\Documents\lat3lh.d6
  519. [2015/11/26 22:38:57 | 000,013,100 | ---- | M] () -- C:\Users\Galu\Documents\7c18ergteq.f2ac
  520. [2015/11/26 22:38:56 | 000,017,996 | ---- | M] () -- C:\Users\Galu\Documents\mbjsm3ha.iu4i
  521. [2015/11/26 22:38:01 | 000,015,900 | ---- | M] () -- C:\Users\Galu\Documents\141c9gtc.3gn
  522. [2015/11/26 22:37:54 | 001,315,156 | ---- | M] () -- C:\Users\Galu\Documents\he34g.1o5yi
  523. [2015/11/26 22:37:54 | 000,014,380 | ---- | M] () -- C:\Users\Galu\Documents\4r45xv.fyq0
  524. [2015/11/26 22:37:53 | 000,054,844 | ---- | M] () -- C:\Users\Galu\Documents\tticnfe8i.x8q6a
  525. [2015/11/26 22:37:51 | 000,019,324 | ---- | M] () -- C:\Users\Galu\Documents\3mjdsoma6.u2
  526. [2015/11/26 22:37:51 | 000,015,372 | ---- | M] () -- C:\Users\Galu\Documents\8gl2k2.1xq
  527. [2015/11/26 22:37:50 | 001,380,724 | ---- | M] () -- C:\Users\Galu\Documents\o27n4c.2e6
  528. [2015/11/26 22:37:43 | 000,047,740 | ---- | M] () -- C:\Users\Galu\Documents\65nidbm15k.c47h
  529. [2015/11/26 22:37:42 | 001,298,772 | ---- | M] () -- C:\Users\Galu\Documents\z01604.h7b6
  530. [2015/11/26 22:37:41 | 000,000,364 | ---- | M] () -- C:\Users\Galu\Documents\m2em7.nf8n
  531. [2015/11/26 22:37:40 | 000,014,332 | ---- | M] () -- C:\Users\Galu\Documents\n8rae.a1lob
  532. [2015/11/26 22:35:34 | 000,091,484 | ---- | M] () -- C:\Users\Galu\Documents\2319awg.32
  533. [2015/11/26 22:35:24 | 000,008,828 | ---- | M] () -- C:\Users\Galu\Documents\p6eoz.ky6
  534. [2015/11/26 22:35:24 | 000,000,700 | ---- | M] () -- C:\Users\Galu\Documents\vnyxv5c95.c5vme
  535. [2015/11/26 22:35:12 | 000,017,564 | ---- | M] () -- C:\Users\Galu\Documents\70nw1.37a4
  536. [2015/11/26 22:35:11 | 000,016,188 | ---- | M] () -- C:\Users\Galu\Documents\t68zbjoc8.2yn47
  537. [2015/11/26 22:28:15 | 000,018,684 | ---- | M] () -- C:\Users\Galu\Documents\dumk9831f6.r5
  538. [2015/11/26 22:28:15 | 000,010,172 | ---- | M] () -- C:\Users\Galu\Documents\4la9v.x792r
  539. [2015/11/26 22:10:42 | 000,003,068 | ---- | M] () -- C:\Users\Galu\Documents\66i6vaj.d0
  540. [2015/11/26 21:04:53 | 000,045,681 | ---- | M] () -- C:\Users\Galu\AppData\Roaming\HELP_YOUR_FILES.PNG
  541. [2015/11/26 20:53:10 | 000,045,681 | ---- | M] () -- C:\Users\Galu\AppData\Local\HELP_YOUR_FILES.PNG
  542. [2015/11/26 20:47:56 | 000,045,681 | ---- | M] () -- C:\ProgramData\HELP_YOUR_FILES.PNG
  543. [2015/11/26 20:37:45 | 002,851,616 | ---- | M] () -- C:\h37bnzn.1nk
  544. [2015/11/26 20:37:44 | 000,203,644 | ---- | M] () -- C:\xlft0ntz.20jm
  545. [2015/11/26 20:37:43 | 000,091,484 | ---- | M] () -- C:\aosv753ok.1z
  546. [2015/11/26 20:37:42 | 000,094,252 | ---- | M] () -- C:\ebkx8rd5.hc6
  547. [2015/11/26 20:37:42 | 000,008,524 | ---- | M] () -- C:\e041x.d502
  548. [2015/11/26 20:37:40 | 000,063,814 | ---- | M] () -- C:\Users\Galu\AppData\Roaming\bafef9c0fd
  549. [2015/11/24 07:01:23 | 000,001,022 | ---- | M] () -- C:\Users\Public\Desktop\Google Books Downloader.lnk
  550. [2015/11/23 07:30:35 | 000,002,567 | ---- | M] () -- C:\Windows\System32\ServiceFilter.ini
  551. [2015/11/22 07:45:13 | 000,617,854 | ---- | M] () -- C:\Users\Galu\Desktop\Tutorial Cara Membobol Password Wifi WPA-WPA2 Melalui WPS - AREA KOST NETWORK.htm
  552. [2015/11/22 07:38:58 | 000,000,882 | ---- | M] () -- C:\Users\Public\Desktop\Jumpstart.lnk
  553. [2015/11/21 17:28:23 | 000,131,584 | ---- | M] () -- C:\Users\Galu\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
  554. [6 C:\Program Files\*.tmp files -> C:\Program Files\*.tmp -> ]
  555.  
  556. [color=#E56717]========== Files Created - No Company Name ==========[/color]
  557.  
  558. [2015/11/28 10:30:52 | 003,887,478 | ---- | C] () -- C:\Users\Galu\Desktop\P_20151128_090400.jpg
  559. [2015/11/28 09:22:53 | 000,002,235 | ---- | C] () -- C:\Users\Galu\Application Data\Microsoft\Internet Explorer\Quick Launch\Hex Editor Neo.lnk
  560. [2015/11/28 09:22:53 | 000,002,233 | ---- | C] () -- C:\Users\Galu\Desktop\Hex Editor Neo.lnk
  561. [2015/11/27 06:49:43 | 000,045,681 | ---- | C] () -- C:\HELP_YOUR_FILES.PNG
  562. [2015/11/27 06:48:28 | 000,045,681 | ---- | C] () -- C:\Users\Public\Documents\HELP_YOUR_FILES.PNG
  563. [2015/11/27 06:48:17 | 000,045,681 | ---- | C] () -- C:\Users\Galu\HELP_YOUR_FILES.PNG
  564. [2015/11/26 22:47:29 | 000,045,681 | ---- | C] () -- C:\Users\Galu\Documents\HELP_YOUR_FILES.PNG
  565. [2015/11/26 22:47:29 | 000,000,588 | ---- | C] () -- C:\Users\Galu\Documents\pr6aa.p6z3k
  566. [2015/11/26 22:47:29 | 000,000,556 | ---- | C] () -- C:\Users\Galu\Documents\2t05s9r6t.lst6
  567. [2015/11/26 22:47:29 | 000,000,524 | ---- | C] () -- C:\Users\Galu\Documents\iaeh59s.b47y5
  568. [2015/11/26 22:47:29 | 000,000,524 | ---- | C] () -- C:\Users\Galu\Documents\9lywi6tra.9y2
  569. [2015/11/26 22:47:29 | 000,000,492 | ---- | C] () -- C:\Users\Galu\Documents\e8n9zd.u4ro
  570. [2015/11/26 22:47:28 | 000,000,572 | ---- | C] () -- C:\Users\Galu\Documents\p90f18q0.0o5
  571. [2015/11/26 22:47:28 | 000,000,540 | ---- | C] () -- C:\Users\Galu\Documents\dp511e3.nzf9z
  572. [2015/11/26 22:47:28 | 000,000,492 | ---- | C] () -- C:\Users\Galu\Documents\w18sgc.66qp
  573. [2015/11/26 22:47:14 | 000,215,116 | ---- | C] () -- C:\Users\Galu\Documents\a5alm.86un
  574. [2015/11/26 22:47:14 | 000,031,548 | ---- | C] () -- C:\Users\Galu\Documents\hrx88o6.x7
  575. [2015/11/26 22:47:14 | 000,004,188 | ---- | C] () -- C:\Users\Galu\Documents\27w9878v7g.5h1
  576. [2015/11/26 22:47:14 | 000,000,524 | ---- | C] () -- C:\Users\Galu\Documents\r7s29by.3ixd9
  577. [2015/11/26 22:47:13 | 000,013,596 | ---- | C] () -- C:\Users\Galu\Documents\2cx92j.ilx74
  578. [2015/11/26 22:47:00 | 000,000,796 | ---- | C] () -- C:\Users\Galu\Documents\d638p3.5skw
  579. [2015/11/26 22:44:39 | 000,015,532 | ---- | C] () -- C:\Users\Galu\Documents\83s6lf.z3ao
  580. [2015/11/26 22:44:33 | 004,557,532 | ---- | C] () -- C:\Users\Galu\Documents\lat3lh.d6
  581. [2015/11/26 22:38:57 | 000,013,100 | ---- | C] () -- C:\Users\Galu\Documents\7c18ergteq.f2ac
  582. [2015/11/26 22:38:56 | 000,017,996 | ---- | C] () -- C:\Users\Galu\Documents\mbjsm3ha.iu4i
  583. [2015/11/26 22:38:01 | 000,015,900 | ---- | C] () -- C:\Users\Galu\Documents\141c9gtc.3gn
  584. [2015/11/26 22:37:54 | 000,014,380 | ---- | C] () -- C:\Users\Galu\Documents\4r45xv.fyq0
  585. [2015/11/26 22:37:53 | 001,315,156 | ---- | C] () -- C:\Users\Galu\Documents\he34g.1o5yi
  586. [2015/11/26 22:37:53 | 000,054,844 | ---- | C] () -- C:\Users\Galu\Documents\tticnfe8i.x8q6a
  587. [2015/11/26 22:37:51 | 000,019,324 | ---- | C] () -- C:\Users\Galu\Documents\3mjdsoma6.u2
  588. [2015/11/26 22:37:51 | 000,015,372 | ---- | C] () -- C:\Users\Galu\Documents\8gl2k2.1xq
  589. [2015/11/26 22:37:49 | 001,380,724 | ---- | C] () -- C:\Users\Galu\Documents\o27n4c.2e6
  590. [2015/11/26 22:37:42 | 000,047,740 | ---- | C] () -- C:\Users\Galu\Documents\65nidbm15k.c47h
  591. [2015/11/26 22:37:41 | 001,298,772 | ---- | C] () -- C:\Users\Galu\Documents\z01604.h7b6
  592. [2015/11/26 22:37:41 | 000,000,364 | ---- | C] () -- C:\Users\Galu\Documents\m2em7.nf8n
  593. [2015/11/26 22:37:40 | 000,014,332 | ---- | C] () -- C:\Users\Galu\Documents\n8rae.a1lob
  594. [2015/11/26 22:35:34 | 000,091,484 | ---- | C] () -- C:\Users\Galu\Documents\2319awg.32
  595. [2015/11/26 22:35:24 | 000,008,828 | ---- | C] () -- C:\Users\Galu\Documents\p6eoz.ky6
  596. [2015/11/26 22:35:24 | 000,000,700 | ---- | C] () -- C:\Users\Galu\Documents\vnyxv5c95.c5vme
  597. [2015/11/26 22:35:12 | 000,017,564 | ---- | C] () -- C:\Users\Galu\Documents\70nw1.37a4
  598. [2015/11/26 22:35:11 | 000,016,188 | ---- | C] () -- C:\Users\Galu\Documents\t68zbjoc8.2yn47
  599. [2015/11/26 22:28:15 | 000,018,684 | ---- | C] () -- C:\Users\Galu\Documents\dumk9831f6.r5
  600. [2015/11/26 22:28:15 | 000,010,172 | ---- | C] () -- C:\Users\Galu\Documents\4la9v.x792r
  601. [2015/11/26 22:10:42 | 000,003,068 | ---- | C] () -- C:\Users\Galu\Documents\66i6vaj.d0
  602. [2015/11/26 21:09:00 | 000,000,830 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
  603. [2015/11/26 21:04:53 | 000,045,681 | ---- | C] () -- C:\Users\Galu\AppData\Roaming\HELP_YOUR_FILES.PNG
  604. [2015/11/26 20:53:10 | 000,045,681 | ---- | C] () -- C:\Users\Galu\AppData\Local\HELP_YOUR_FILES.PNG
  605. [2015/11/26 20:47:56 | 000,045,681 | ---- | C] () -- C:\ProgramData\HELP_YOUR_FILES.PNG
  606. [2015/11/26 20:37:44 | 002,851,616 | ---- | C] () -- C:\h37bnzn.1nk
  607. [2015/11/26 20:37:43 | 000,203,644 | ---- | C] () -- C:\xlft0ntz.20jm
  608. [2015/11/26 20:37:43 | 000,091,484 | ---- | C] () -- C:\aosv753ok.1z
  609. [2015/11/26 20:37:42 | 000,094,252 | ---- | C] () -- C:\ebkx8rd5.hc6
  610. [2015/11/26 20:37:42 | 000,008,524 | ---- | C] () -- C:\e041x.d502
  611. [2015/11/26 20:37:40 | 000,063,814 | ---- | C] () -- C:\Users\Galu\AppData\Roaming\bafef9c0fd
  612. [2015/11/24 07:23:07 | 000,000,358 | ---- | C] () -- C:\Windows\tasks\AmiUpdXp.job
  613. [2015/11/24 07:01:23 | 000,001,022 | ---- | C] () -- C:\Users\Public\Desktop\Google Books Downloader.lnk
  614. [2015/11/22 07:45:12 | 000,617,854 | ---- | C] () -- C:\Users\Galu\Desktop\Tutorial Cara Membobol Password Wifi WPA-WPA2 Melalui WPS - AREA KOST NETWORK.htm
  615. [2015/11/22 07:36:50 | 000,000,882 | ---- | C] () -- C:\Users\Public\Desktop\Jumpstart.lnk
  616. [2015/11/07 09:17:57 | 000,001,081 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
  617. [2014/11/16 05:43:51 | 000,001,064 | ---- | C] () -- C:\Windows\System32\---Tumis sawi putih yg simple-},-url_v9as2---https--_-_s.ytimg.com-_yts-_swfbin-_player-vflAvLNCc-_cps.swf-}},-foot--- -u003cscript-u003eytimg.preload(--https----_---_r8---sn-2uuxa3vh-jb3d.googl.mp4.lnk
  618. [2014/10/12 10:06:33 | 000,530,096 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
  619. [2014/08/18 06:14:32 | 000,000,042 | ---- | C] () -- C:\Windows\System32\config.ini
  620. [2014/07/16 04:44:06 | 000,024,144 | ---- | C] () -- C:\Windows\System32\drivers\aswHwid.sys
  621. [2014/07/16 04:26:54 | 000,209,048 | ---- | C] () -- C:\Windows\System32\drivers\aswVmm.sys
  622. [2014/07/16 04:26:50 | 000,049,904 | ---- | C] () -- C:\Windows\System32\drivers\aswRvrt.sys
  623. [2014/07/06 12:58:05 | 000,000,010 | ---- | C] () -- C:\Windows\popcinfo.dat
  624. [2014/06/07 22:29:07 | 000,009,808 | ---- | C] () -- C:\Users\Galu\AppData\Roaming\BabMaint.exe
  625. [2014/05/25 19:16:06 | 000,005,812 | ---- | C] () -- C:\Windows\ws2help.dll
  626. [2014/05/25 19:16:06 | 000,000,012 | ---- | C] () -- C:\Windows\explorer.exe.local
  627. [2014/02/27 21:21:49 | 000,000,209 | ---- | C] () -- C:\Windows\ODBCINST.INI
  628. [2014/02/26 22:18:26 | 000,000,389 | ---- | C] () -- C:\Windows\ODBC.INI
  629. [2013/11/16 06:47:09 | 147,368,448 | ---- | C] () -- C:\Program Files\Toefl.msi
  630. [2013/01/08 08:42:58 | 000,000,359 | ---- | C] () -- C:\Users\Galu\DE37E047.pnach
  631. [2012/08/11 08:02:34 | 004,575,066 | ---- | C] () -- C:\Users\Galu\codelist1.inf
  632. [2011/09/22 09:00:37 | 000,047,109 | -H-- | C] () -- C:\Users\Galu\userdiff.sav
  633. [2011/06/10 01:52:23 | 000,000,600 | ---- | C] () -- C:\Users\Galu\PUTTY.RND
  634. [2011/03/23 05:51:48 | 000,007,605 | ---- | C] () -- C:\Users\Galu\AppData\Local\resmon.resmoncfg
  635. [2011/02/11 10:40:14 | 000,008,194 | ---- | C] () -- C:\Users\Galu\AppData\Local\atrans.7
  636. [2011/01/25 07:22:19 | 000,131,584 | ---- | C] () -- C:\Users\Galu\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
  637. [2009/07/14 06:31:52 | 000,084,480 | -HS- | C] () -- C:\ProgramData\mszbjzre.exe
  638. [2006/09/16 16:14:32 | 001,880,140 | ---- | C] () -- C:\Program Files\Anti NetCut.CAB
  639.  
  640. [color=#E56717]========== ZeroAccess Check ==========[/color]
  641.  
  642. [2009/07/14 11:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
  643.  
  644. [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
  645.  
  646. [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
  647.  
  648. [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
  649. "" = %SystemRoot%\system32\shell32.dll -- [2009/07/14 08:16:14 | 012,866,560 | ---- | M] (Microsoft Corporation)
  650. "ThreadingModel" = Apartment
  651.  
  652. [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
  653. "" = %systemroot%\system32\wbem\fastprox.dll -- [2009/07/14 08:15:20 | 000,605,696 | ---- | M] (Microsoft Corporation)
  654. "ThreadingModel" = Free
  655.  
  656. [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
  657. "" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/14 08:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
  658. "ThreadingModel" = Both
  659.  
  660. [color=#E56717]========== LOP Check ==========[/color]
  661.  
  662. [2015/11/27 11:45:07 | 000,000,000 | ---D | M] -- C:\Users\Galu\AppData\Roaming\5ba22
  663. [2011/11/24 20:24:03 | 000,000,000 | ---D | M] -- C:\Users\Galu\AppData\Roaming\adma
  664. [2015/11/26 20:53:56 | 000,000,000 | ---D | M] -- C:\Users\Galu\AppData\Roaming\AVAST Software
  665. [2014/06/07 22:29:07 | 000,000,000 | ---D | M] -- C:\Users\Galu\AppData\Roaming\BabSolution
  666. [2011/06/11 08:58:04 | 000,000,000 | ---D | M] -- C:\Users\Galu\AppData\Roaming\BUFFALO
  667. [2015/01/20 05:25:39 | 000,000,000 | ---D | M] -- C:\Users\Galu\AppData\Roaming\CrystalIdea Software
  668. [2014/08/11 20:06:37 | 000,000,000 | ---D | M] -- C:\Users\Galu\AppData\Roaming\DAEMON Tools Lite
  669. [2015/11/29 10:02:25 | 000,000,000 | ---D | M] -- C:\Users\Galu\AppData\Roaming\DMCache
  670. [2014/06/24 19:24:16 | 000,000,000 | ---D | M] -- C:\Users\Galu\AppData\Roaming\Downloaded Installations
  671. [2015/06/09 10:41:51 | 000,000,000 | ---D | M] -- C:\Users\Galu\AppData\Roaming\eCyber
  672. [2015/11/26 21:01:27 | 000,000,000 | ---D | M] -- C:\Users\Galu\AppData\Roaming\EleFun Games
  673. [2015/06/05 06:24:06 | 000,000,000 | ---D | M] -- C:\Users\Galu\AppData\Roaming\Elex-tech
  674. [2011/12/14 21:43:02 | 000,000,000 | ---D | M] -- C:\Users\Galu\AppData\Roaming\ESET
  675. [2015/03/12 20:21:58 | 000,000,000 | ---D | M] -- C:\Users\Galu\AppData\Roaming\FAA88080-1426166517-81DF-27A7-20CF30484784
  676. [2014/06/07 20:18:50 | 000,000,000 | ---D | M] -- C:\Users\Galu\AppData\Roaming\Floodlight Games
  677. [2012/08/10 21:31:25 | 000,000,000 | ---D | M] -- C:\Users\Galu\AppData\Roaming\fltk.org
  678. [2015/11/26 21:01:28 | 000,000,000 | ---D | M] -- C:\Users\Galu\AppData\Roaming\foobar2000
  679. [2011/08/15 03:37:21 | 000,000,000 | ---D | M] -- C:\Users\Galu\AppData\Roaming\GameHouse
  680. [2011/06/07 13:59:15 | 000,000,000 | ---D | M] -- C:\Users\Galu\AppData\Roaming\GetRightToGo
  681. [2015/11/28 09:11:17 | 000,000,000 | ---D | M] -- C:\Users\Galu\AppData\Roaming\IDM
  682. [2015/11/26 21:03:49 | 000,000,000 | ---D | M] -- C:\Users\Galu\AppData\Roaming\Mobipocket
  683. [2015/01/30 19:03:32 | 000,000,000 | ---D | M] -- C:\Users\Galu\AppData\Roaming\MPC-HC
  684. [2015/11/26 21:04:03 | 000,000,000 | ---D | M] -- C:\Users\Galu\AppData\Roaming\Nitro
  685. [2014/06/30 19:03:56 | 000,000,000 | ---D | M] -- C:\Users\Galu\AppData\Roaming\Nitro PDF
  686. [2015/11/26 21:04:09 | 000,000,000 | ---D | M] -- C:\Users\Galu\AppData\Roaming\Opera Software
  687. [2014/05/13 07:07:16 | 000,000,000 | ---D | M] -- C:\Users\Galu\AppData\Roaming\PerformerSoft
  688. [2015/11/26 21:04:14 | 000,000,000 | ---D | M] -- C:\Users\Galu\AppData\Roaming\PlayFirst
  689. [2012/04/28 11:36:07 | 000,000,000 | ---D | M] -- C:\Users\Galu\AppData\Roaming\Progeny
  690. [2015/11/23 08:10:36 | 000,000,000 | ---D | M] -- C:\Users\Galu\AppData\Roaming\Psiphon3
  691. [2015/11/26 21:04:16 | 000,000,000 | ---D | M] -- C:\Users\Galu\AppData\Roaming\Publish Providers
  692. [2013/10/22 21:13:38 | 000,000,000 | ---D | M] -- C:\Users\Galu\AppData\Roaming\QuickStoresToolbar
  693. [2011/03/30 05:34:20 | 000,000,000 | ---D | M] -- C:\Users\Galu\AppData\Roaming\RapidTyping
  694. [2015/11/26 21:04:19 | 000,000,000 | ---D | M] -- C:\Users\Galu\AppData\Roaming\Rovio
  695. [2015/11/26 21:04:32 | 000,000,000 | ---D | M] -- C:\Users\Galu\AppData\Roaming\Sierra Wireless
  696. [2015/02/12 04:38:13 | 000,000,000 | ---D | M] -- C:\Users\Galu\AppData\Roaming\Smadav
  697. [2012/04/28 20:50:22 | 000,000,000 | ---D | M] -- C:\Users\Galu\AppData\Roaming\SmartDraw
  698. [2013/05/10 13:11:12 | 000,000,000 | ---D | M] -- C:\Users\Galu\AppData\Roaming\SolidDocuments
  699. [2015/11/26 21:04:37 | 000,000,000 | ---D | M] -- C:\Users\Galu\AppData\Roaming\Sony
  700. [2014/05/11 14:24:49 | 000,000,000 | ---D | M] -- C:\Users\Galu\AppData\Roaming\speedtest127
  701. [2011/12/13 04:54:34 | 000,000,000 | ---D | M] -- C:\Users\Galu\AppData\Roaming\SPORE
  702. [2011/05/30 09:30:12 | 000,000,000 | ---D | M] -- C:\Users\Galu\AppData\Roaming\Super-Cow
  703. [2012/06/20 06:07:34 | 000,000,000 | ---D | M] -- C:\Users\Galu\AppData\Roaming\SuperPump
  704. [2015/11/26 21:04:38 | 000,000,000 | ---D | M] -- C:\Users\Galu\AppData\Roaming\SystemUpdaterApp
  705. [2014/06/28 16:30:06 | 000,000,000 | ---D | M] -- C:\Users\Galu\AppData\Roaming\TeraCopy
  706. [2012/10/19 19:18:31 | 000,000,000 | ---D | M] -- C:\Users\Galu\AppData\Roaming\Thinstall
  707. [2014/10/12 08:22:03 | 000,000,000 | ---D | M] -- C:\Users\Galu\AppData\Roaming\TuneUp Software
  708. [2011/10/20 10:00:58 | 000,000,000 | ---D | M] -- C:\Users\Galu\AppData\Roaming\USBSafelyRemove
  709. [2011/12/15 09:34:27 | 000,000,000 | ---D | M] -- C:\Users\Galu\AppData\Roaming\USBSafelyRemove 1
  710. [2015/03/12 20:21:58 | 000,000,000 | ---D | M] -- C:\Users\Galu\AppData\Roaming\VOPackage
  711. [2015/11/26 21:04:46 | 000,000,000 | ---D | M] -- C:\Users\Galu\AppData\Roaming\Wildfire
  712. [2015/08/27 05:31:22 | 000,000,000 | ---D | M] -- C:\Users\Galu\AppData\Roaming\WinZipper
  713. [2015/07/14 08:07:39 | 000,000,000 | ---D | M] -- C:\Users\Galu\AppData\Roaming\Wireshark
  714. [2012/09/30 07:25:14 | 000,000,000 | ---D | M] -- C:\Users\Galu\AppData\Roaming\YourFileDownloader
  715. [2015/11/26 21:04:53 | 000,000,000 | ---D | M] -- C:\Users\Galu\AppData\Roaming\ZTEMTUI
  716.  
  717. [color=#E56717]========== Purity Check ==========[/color]
  718.  
  719.  
  720.  
  721. [color=#E56717]========== Files - Unicode (All) ==========[/color]
  722. [2015/11/26 22:38:00 | 000,000,000 | ---D | M](C:\Users\Galu\Documents\KenhNgheNhac.Net Jung Yong Hwa (C.N. Blue) - ?? ???? ???? ?? (Banmal Song)) -- C:\Users\Galu\Documents\KenhNgheNhac.Net Jung Yong Hwa (C.N. Blue) - 처음 사랑하는 연인들을 위해 (Banmal Song)
  723. [2011/01/21 03:56:21 | 000,000,000 | ---D | C](C:\Users\Galu\Documents\KenhNgheNhac.Net Jung Yong Hwa (C.N. Blue) - ?? ???? ???? ?? (Banmal Song)) -- C:\Users\Galu\Documents\KenhNgheNhac.Net Jung Yong Hwa (C.N. Blue) - 처음 사랑하는 연인들을 위해 (Banmal Song)
  724.  
  725. [color=#E56717]========== Alternate Data Streams ==========[/color]
  726.  
  727. @Alternate Data Stream - 740232 bytes -> C:\Users\Galu\AppData\Roaming\desktop.ini:init
  728. @Alternate Data Stream - 192 bytes -> C:\Windows:nlsPreferences
  729. @Alternate Data Stream - 141 bytes -> C:\ProgramData\TEMP:63238B95
  730. @Alternate Data Stream - 138 bytes -> C:\ProgramData\TEMP:525730C8
  731. @Alternate Data Stream - 134 bytes -> C:\ProgramData\TEMP:373E1720
  732. @Alternate Data Stream - 132 bytes -> C:\ProgramData\TEMP:24051EFF
  733. @Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:8C35AEA7
  734.  
  735. < End of report >
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!