Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Regedit and taskmgr disabled + false chrome with ads


  • This topic is locked This topic is locked
12 replies to this topic

#1 Suleski_n

Suleski_n

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:10:12 PM

Posted 23 February 2018 - 12:09 PM

I've tried using gpedit.msc and gpupdate but it didn't fix the problem with regedit and taskmgr. The chrome is in a weird location and it gives ads. Here are the FRST and Addition logs.

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 21.02.2018
Ran by pc (administrator) on PC-PC (23-02-2018 17:58:12)
Running from C:\Users\pc\Downloads
Loaded Profiles: pc (Available Profiles: pc)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: "C:\Program Files (x86)\Bookness\Application\chrome.exe" "%1")
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(ATI Technologies Inc.) C:\Windows\System32\Ati2evxx.exe
(Andrea Electronics Corporation) C:\Windows\System32\AEADISRV.EXE
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(ATI Technologies Inc.) C:\Windows\System32\Ati2evxx.exe
(BitTorrent Inc.) C:\Users\pc\AppData\Roaming\BitTorrent\BitTorrent.exe
() C:\Program Files\ACD Systems\ACDSee Pro\8.0\ACDSeeCommanderPro8.exe
(Disc Soft Ltd) C:\Program Files\DAEMON Tools Lite\DTAgent.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Disc Soft Ltd) C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe
(BitTorrent Inc.) C:\Users\pc\AppData\Roaming\BitTorrent\updates\7.10.0_43917\bittorrentie.exe
(BitTorrent Inc.) C:\Users\pc\AppData\Roaming\BitTorrent\updates\7.10.0_43917\bittorrentie.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor\McChHost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [91520 2010-03-13] (Microsoft Corporation)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2017-09-05] (Oracle Corporation)
HKU\S-1-5-21-2178471484-2396107894-907308686-1000\...\Run: [BitTorrent] => C:\Users\pc\AppData\Roaming\BitTorrent\BitTorrent.exe [2220232 2017-07-01] (BitTorrent Inc.)
HKU\S-1-5-21-2178471484-2396107894-907308686-1000\...\Run: [ACDSeeCommanderPro8] => C:\Program Files\ACD Systems\ACDSee Pro\8.0\ACDSeeCommanderPro8.exe [2136072 2014-09-19] ()
HKU\S-1-5-21-2178471484-2396107894-907308686-1000\...\Run: [DAEMON Tools Lite Automount] => C:\Program Files\DAEMON Tools Lite\DTAgent.exe [5263040 2018-02-12] (Disc Soft Ltd)
HKU\S-1-5-21-2178471484-2396107894-907308686-1000\...\Policies\system: [DisableTaskMgr] 1
HKU\S-1-5-21-2178471484-2396107894-907308686-1000\...\Policies\system: [DisableRegistryTools] 1
AlternateShell:
GroupPolicy: Restriction - Chrome <==== ATTENTION
GroupPolicy\User: Restriction <==== ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{76C1CF97-EEF1-4D24-99C4-58CD4D5945FF}: [DhcpNameServer] 192.168.1.1

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-2178471484-2396107894-907308686-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKU\S-1-5-21-2178471484-2396107894-907308686-1000 -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL =
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2012-10-01] (Microsoft Corporation)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2010-03-25] (Microsoft Corporation)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_151\bin\ssv.dll [2017-10-19] (Oracle Corporation)
BHO: McAfee WebAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2018-01-19] (McAfee, Inc.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL [2012-10-01] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2012-10-01] (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_151\bin\jp2ssv.dll [2017-10-19] (Oracle Corporation)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [2012-10-01] (Microsoft Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2010-03-25] (Microsoft Corporation)
BHO-x32: McAfee WebAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2018-01-19] (McAfee, Inc.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL [2012-10-01] (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2012-10-01] (Microsoft Corporation)
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2018-01-19] (McAfee, Inc.)
Handler-x32: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2018-01-19] (McAfee, Inc.)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2012-10-01] (Microsoft Corporation)
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2018-01-19] (McAfee, Inc.)
Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2018-01-19] (McAfee, Inc.)

FireFox:
========
FF DefaultProfile: 3o1cy6xm.default
FF ProfilePath: C:\Users\pc\AppData\Roaming\Firefox\Firefox\naweriweentcofise\Profiles\3o1cy6xm.default\Profiles\3o1cy6xm.default [not found] <==== ATTENTION
FF ProfilePath: C:\Users\pc\AppData\Roaming\Mozilla\Firefox\Profiles\3o1cy6xm.default [2018-02-23]
FF Homepage: Mozilla\Firefox\Profiles\3o1cy6xm.default -> google.com/
FF Extension: (Video AdBlock) - C:\Users\pc\AppData\Roaming\Mozilla\Firefox\Profiles\3o1cy6xm.default\Extensions\{7b8a500a-a464-4624-bd4f-73eaafe0f766} [2016-09-23] [Legacy]
FF Extension: (Adblock Plus) - C:\Users\pc\AppData\Roaming\Mozilla\Firefox\Profiles\3o1cy6xm.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2017-12-12]
FF Extension: (Greasemonkey) - C:\Users\pc\AppData\Roaming\Mozilla\Firefox\Profiles\3o1cy6xm.default\Extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi [2018-01-21]
FF ProfilePath: C:\Users\pc\AppData\Roaming\Firefox\Firefox\Profiles\3o1cy6xm.default [2017-03-14] <==== ATTENTION
FF Extension: (English (US) Language Pack) - C:\Users\pc\AppData\Roaming\Firefox\Firefox\Profiles\3o1cy6xm.default\Extensions\langpack-en-US@firefox.mozilla.org.xpi [2017-03-05] [Legacy]
FF Extension: (Video AdBlock) - C:\Users\pc\AppData\Roaming\Firefox\Firefox\Profiles\3o1cy6xm.default\Extensions\{7b8a500a-a464-4624-bd4f-73eaafe0f766} [2016-09-23] [Legacy]
FF Extension: (Adblock Plus) - C:\Users\pc\AppData\Roaming\Firefox\Firefox\Profiles\3o1cy6xm.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-11-23] [Legacy]
FF Extension: (Greasemonkey) - C:\Users\pc\AppData\Roaming\Firefox\Firefox\Profiles\3o1cy6xm.default\Extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi [2017-03-06] [Legacy]
FF SearchPlugin: C:\Users\pc\AppData\Roaming\Firefox\Firefox\Profiles\3o1cy6xm.default\searchplugins\startsearch.xml [2017-03-03]
FF HKLM\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor\e10ssaffplg.xpi
FF Extension: (No Name) - C:\Program Files (x86)\McAfee\SiteAdvisor\e10ssaffplg.xpi [2017-12-07]
FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor\e10ssaffplg.xpi
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_28_0_0_161.dll [2018-02-10] ()
FF Plugin: @java.com/DTPlugin,version=11.151.2 -> C:\Program Files\Java\jre1.8.0_151\bin\dtplugin\npDeployJava1.dll [2017-10-19] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.151.2 -> C:\Program Files\Java\jre1.8.0_151\bin\plugin2\npjp2.dll [2017-10-19] (Oracle Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~2\Office15\NPSPWRAP.DLL [2012-10-01] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_28_0_0_161.dll [2018-02-10] ()
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2012-10-01] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL [2012-10-01] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-16] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-16] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [No File]

Chrome:
=======
CHR DefaultProfile: Profile 1
CHR HomePage: Profile 1 -> hxxp://www.trotux.com/?z=468298e7b2970c75d0eb86fg1zam7o2oageq9bdt2o&from=epf1&uid=MAXTORXSTM3250820AS_6QE06C1DXXXX6QE06C1D&type=hp
CHR StartupUrls: Profile 1 -> "hxxp://www.trotux.com/?z=468298e7b2970c75d0eb86fg1zam7o2oageq9bdt2o&from=epf1&uid=MAXTORXSTM3250820AS_6QE06C1DXXXX6QE06C1D&type=hp"
CHR Profile: C:\Users\pc\AppData\Local\Google\Chrome\User Data\Default [2017-11-11]
CHR Extension: (No Name) - C:\Users\pc\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-09-21]
CHR Extension: (No Name) - C:\Users\pc\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-09-22]
CHR Extension: (No Name) - C:\Users\pc\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-09-22]
CHR Extension: (No Name) - C:\Users\pc\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-09-22]
CHR Extension: (Adblock Plus) - C:\Users\pc\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2016-09-22]
CHR Extension: (No Name) - C:\Users\pc\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-09-21]
CHR Extension: (No Name) - C:\Users\pc\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-09-22]
CHR Extension: (Arabic) - C:\Users\pc\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2016-10-16]
CHR Extension: (Video Ad Blocker Plus) - C:\Users\pc\AppData\Local\Google\Chrome\User Data\Default\Extensions\hegneaniplmfjcmohoclabblbahcbjoe [2016-09-22]
CHR Extension: (Chrome Web Store Payments) - C:\Users\pc\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-09-21]
CHR Extension: (No Name) - C:\Users\pc\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-09-22]
CHR Extension: (Chrome Media Router) - C:\Users\pc\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-09-22]
CHR Profile: C:\Users\pc\AppData\Local\Google\Chrome\User Data\Profile 1 [2017-12-30]
CHR Extension: (Google Slides) - C:\Users\pc\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-02-08]
CHR Extension: (Google Docs) - C:\Users\pc\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake [2017-02-08]
CHR Extension: (Google Drive) - C:\Users\pc\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-02-08]
CHR Extension: (YouTube) - C:\Users\pc\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-02-08]
CHR Extension: (Adblock Plus) - C:\Users\pc\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2017-03-22]
CHR Extension: (Google Sheets) - C:\Users\pc\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-02-08]
CHR Extension: (McAfee® WebAdvisor) - C:\Users\pc\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\fheoggkfdfchfphceeifdbepaooicaho [2017-03-20]
CHR Extension: (Google Docs Offline) - C:\Users\pc\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-02-09]
CHR Extension: (AdBlock) - C:\Users\pc\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2017-04-17]
CHR Extension: (Chrome Web Store Payments) - C:\Users\pc\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-03-15]
CHR Extension: (Gmail) - C:\Users\pc\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-02-08]
CHR Extension: (Chrome Media Router) - C:\Users\pc\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-04-27]
CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - hxxp://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-2178471484-2396107894-907308686-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [hegneaniplmfjcmohoclabblbahcbjoe] - hxxp://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - hxxp://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [hegneaniplmfjcmohoclabblbahcbjoe] - hxxp://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AEADIFilters; C:\Windows\system32\AEADISRV.EXE [111616 2009-06-05] (Andrea Electronics Corporation)
R2 APPLE_svr; C:\ProgramData\Apple Computer\iTunes\iPodDevices.dll [482304 2017-02-13] () [File not signed]
S4 ByteFenceService; C:\Program Files\ByteFence\ByteFenceService.exe [150936 2018-01-08] (Byte Technologies LLC)
R3 Disc Soft Lite Bus Service; C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe [3480768 2018-02-12] (Disc Soft Ltd)
S4 McAfee SiteAdvisor Service; C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe [604312 2018-01-19] (McAfee, Inc.)
S4 McComponentHostService; C:\Program Files\McAfee Security Scan\3.11.681\McCHSvc.exe [404376 2018-02-04] (McAfee, Inc.)
R2 MCSvc; C:\ProgramData\PreEmptive Solutions\Common\LAC\sos\1.1.4322__2.3.0.2.dll [345600 2016-11-21] () [File not signed]
S4 rtop; C:\Program Files\ByteFence\rtop\bin\rtop_svc.exe [302920 2018-02-15] ()
S4 UleadBurningHelper; C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe [118784 2004-12-13] (Ulead Systems, Inc.) [File not signed]
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2016-02-14] (Microsoft Corporation)
R2 WinInstallSvc; C:\ProgramData\Microsoft\AppV\Setup\Integrator.dll [105984 2017-05-08] () [File not signed] <==== ATTENTION

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation) <==== ATTENTION (no ServiceDLL)
R3 dtlitescsibus; C:\Windows\System32\DRIVERS\dtlitescsibus.sys [30264 2018-02-15] (Disc Soft Ltd)
R3 dtliteusbbus; C:\Windows\System32\DRIVERS\dtliteusbbus.sys [47672 2018-02-15] (Disc Soft Ltd)
S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [192216 2017-11-18] (Malwarebytes)
S3 mfesapsn; C:\Program Files (x86)\McAfee\SiteAdvisor\x64\mfesapsn.sys [111608 2017-02-14] (McAfee, Inc.)
R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [15680 2006-11-01] ()
R3 Serenum; C:\Windows\System32\DRIVERS\nuvserenum.sys [23552 2014-01-12] (Windows ® Win 7 DDK provider)
R3 Serial; C:\Windows\System32\DRIVERS\nuvserial.sys [86016 2014-01-12] (Nuvoton Technology Corp.)
S3 WFLR6654; C:\Windows\System32\drivers\wfeaglxt.sys [433024 2007-01-19] (Leadtek Research Inc.) [File not signed]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S1 p1481556716am; \??\C:\Users\pc\AppData\Local\Temp\bk8287.tmp\p1481556716am.sys [X] <==== ATTENTION

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-02-23 17:58 - 2018-02-23 17:59 - 000019339 _____ C:\Users\pc\Downloads\FRST.txt
2018-02-23 17:57 - 2018-02-23 17:58 - 000000000 ____D C:\FRST
2018-02-23 17:57 - 2018-02-23 17:57 - 002403328 _____ (Farbar) C:\Users\pc\Downloads\FRST64.exe
2018-02-23 17:13 - 2018-02-23 17:13 - 000000258 __RSH C:\ProgramData\ntuser.pol
2018-02-23 17:10 - 2001-08-23 13:00 - 000034871 _____ C:\Windows\system32\gpedit.msc
2018-02-23 17:08 - 2018-02-23 17:16 - 000000000 ____D C:\Windows\SysWOW64\GroupPolicy
2018-02-23 17:08 - 2018-02-23 17:08 - 000707354 _____ C:\Windows\unins000.exe
2018-02-23 17:08 - 2018-02-23 17:08 - 000001525 _____ C:\Windows\unins000.dat
2018-02-23 17:08 - 2018-02-23 17:08 - 000000000 ____D C:\Windows\SysWOW64\GPBAK
2018-02-23 17:08 - 2008-04-14 02:11 - 000295936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appmgr.dll
2018-02-23 17:08 - 2001-08-23 13:00 - 000034871 _____ C:\Windows\SysWOW64\gpedit.msc
2018-02-23 17:07 - 2018-02-23 17:07 - 000000000 ____D C:\Users\pc\Downloads\add_gpedit_msc_by_jwils876-d3kh6vm
2018-02-23 17:05 - 2018-02-23 17:05 - 000875012 _____ C:\Users\pc\Downloads\add_gpedit_msc_by_jwils876-d3kh6vm.zip
2018-02-23 16:53 - 2018-02-23 16:53 - 005660720 _____ (Swearware) C:\Users\pc\Downloads\ComboFix(1).exe
2018-02-23 16:49 - 2018-02-23 17:31 - 000236444 _____ C:\Windows\ntbtlog.txt
2018-02-23 16:39 - 2018-02-23 16:39 - 000000000 ____D C:\Windows\pss
2018-02-22 22:41 - 2018-02-22 22:41 - 000025614 _____ C:\ComboFix.txt
2018-02-22 22:36 - 2018-02-22 22:36 - 000103140 __RSH C:\rsxq.exe
2018-02-22 22:36 - 2018-02-22 22:36 - 000103140 __RSH C:\klolj.pif
2018-02-22 22:19 - 2018-02-22 22:20 - 005660720 ____R (Swearware) C:\Users\pc\Downloads\ComboFix.exe
2018-02-22 22:14 - 2018-02-23 17:51 - 000000000 ____D C:\Users\pc\AppData\LocalLow\BitTorrent
2018-02-22 21:43 - 2018-02-22 22:41 - 000000000 ____D C:\Qoobox
2018-02-22 21:43 - 2011-06-26 07:45 - 000256000 _____ C:\Windows\PEV.exe
2018-02-22 21:43 - 2010-11-07 18:20 - 000208896 _____ C:\Windows\MBR.exe
2018-02-22 21:43 - 2009-04-20 05:56 - 000060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2018-02-22 21:43 - 2000-08-31 01:00 - 000518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2018-02-22 21:43 - 2000-08-31 01:00 - 000406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2018-02-22 21:43 - 2000-08-31 01:00 - 000098816 _____ C:\Windows\sed.exe
2018-02-22 21:43 - 2000-08-31 01:00 - 000080412 _____ C:\Windows\grep.exe
2018-02-22 21:43 - 2000-08-31 01:00 - 000068096 _____ C:\Windows\zip.exe
2018-02-22 21:42 - 2018-02-22 22:00 - 000000000 ____D C:\Windows\erdnt
2018-02-22 11:55 - 2018-02-22 11:55 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\League of Legends
2018-02-22 11:54 - 2018-02-22 11:54 - 000000000 ____D C:\Riot Games
2018-02-19 22:46 - 2018-02-19 22:46 - 000000000 ____D C:\ProgramData\iWin Games
2018-02-19 22:08 - 2018-02-19 22:08 - 000000000 ____D C:\Users\pc\AppData\Local\UGMgames
2018-02-19 22:07 - 2018-02-22 19:01 - 000000000 ____D C:\Users\pc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\iWin Games
2018-02-19 22:06 - 2018-02-19 22:06 - 000000000 ____D C:\Users\pc\AppData\Local\GamesManager
2018-02-19 22:01 - 2018-02-19 22:01 - 000116552 _____ (iWin inc.) C:\Users\pc\Downloads\mystery-case-files-return-to-ravenhearstSetup.exe
2018-02-19 17:44 - 2018-02-19 17:44 - 000000000 ____D C:\Users\pc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Mystery Case Files - Dire Grove Collector Edition
2018-02-19 17:41 - 2018-02-19 17:41 - 000000000 ____D C:\Program Files (x86)\FishBone Games
2018-02-16 17:33 - 2018-02-16 17:42 - 000000000 ____D C:\Users\pc\Desktop\LJUBA SLIKE
2018-02-16 14:12 - 2018-02-16 14:12 - 000059713 _____ C:\Windows\SysWOW64\stub.json
2018-02-15 23:19 - 2018-02-15 23:19 - 000000000 ____D C:\ProgramData\ByteFence
2018-02-15 23:17 - 2018-02-19 17:46 - 000000000 ____D C:\Users\pc\AppData\Roaming\Big Fish Games
2018-02-15 23:17 - 2018-02-15 23:17 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MCF 7 - 13th Skull
2018-02-15 23:16 - 2018-02-15 23:17 - 000000000 ____D C:\Program Files (x86)\MCF 7 - 13th Skull
2018-02-15 23:14 - 2018-02-15 23:14 - 000000000 ____D C:\Users\Public\Documents\Catch!
2018-02-15 23:12 - 2018-02-15 23:12 - 000000000 ____D C:\Users\Public\Documents\Daemon Tools Images
2018-02-15 23:11 - 2018-02-15 23:11 - 000000000 ____D C:\Users\pc\AppData\Local\Disc_Soft_Ltd
2018-02-15 23:10 - 2018-02-15 23:12 - 000047672 _____ (Disc Soft Ltd) C:\Windows\system32\Drivers\dtliteusbbus.sys
2018-02-15 23:06 - 2018-02-15 23:07 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ByteFence Anti-Malware
2018-02-15 23:06 - 2018-02-15 23:06 - 000003348 _____ C:\Windows\System32\Tasks\ByteFence
2018-02-15 23:05 - 2018-02-22 21:32 - 000000000 ____D C:\Program Files\ByteFence
2018-02-15 23:05 - 2018-02-15 23:15 - 000000000 ____D C:\Users\pc\AppData\Roaming\DAEMON Tools Lite
2018-02-15 23:05 - 2018-02-15 23:08 - 000030264 _____ (Disc Soft Ltd) C:\Windows\system32\Drivers\dtlitescsibus.sys
2018-02-15 23:05 - 2018-02-15 23:05 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DAEMON Tools Lite
2018-02-15 23:04 - 2018-02-15 23:10 - 000000000 ____D C:\Program Files\DAEMON Tools Lite
2018-02-15 23:04 - 2018-02-15 23:04 - 000000000 ____D C:\ProgramData\DAEMON Tools Lite
2018-02-15 23:02 - 2018-02-15 23:02 - 000791712 _____ (Disc Soft Ltd.) C:\Users\pc\Downloads\DTLiteInstaller.exe
2018-02-14 16:50 - 2016-05-20 13:29 - 000000000 ____D C:\Users\pc\Desktop\IGG-MysteCase.Files.7.13th.Skull.Multi5
2018-02-14 16:13 - 2018-02-14 16:49 - 782248985 _____ C:\Users\pc\Downloads\IGG-MysteCase.Files.7.13th.Skull.Multi5.rar
2018-02-10 15:09 - 2018-02-13 16:36 - 000000000 ____D C:\ProgramData\McAfee Security Scan
2018-02-10 15:09 - 2018-02-10 15:09 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus
2018-01-28 13:59 - 2018-01-28 13:59 - 000000000 ____D C:\Users\pc\AppData\OICE_15_974FA576_32C1D314_1A06
2018-01-26 19:43 - 2018-02-02 17:18 - 000000000 ____D C:\Users\pc\Desktop\Pinterest

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-02-23 17:57 - 2016-10-25 11:38 - 000000237 _____ C:\Users\Public\Documents\temp.dat
2018-02-23 17:56 - 2017-03-20 19:38 - 000000000 ____D C:\Users\pc\AppData\Roaming\BitTorrent
2018-02-23 17:51 - 2016-11-21 10:36 - 000000000 ____D C:\Users\pc\AppData\LocalLow\Mozilla
2018-02-23 17:51 - 2009-07-14 06:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2018-02-23 17:27 - 2009-07-14 05:45 - 000028128 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2018-02-23 17:27 - 2009-07-14 05:45 - 000028128 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2018-02-23 17:21 - 2016-11-12 16:17 - 000000258 __RSH C:\Users\pc\ntuser.pol
2018-02-23 17:21 - 2016-09-21 15:03 - 000000000 ____D C:\Users\pc
2018-02-22 22:36 - 2009-07-14 03:34 - 000000251 _____ C:\Windows\system.ini
2018-02-22 21:31 - 2016-09-22 10:43 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2018-02-15 23:13 - 2009-07-14 04:20 - 000000000 ____D C:\Windows\inf
2018-02-14 16:13 - 2017-02-13 12:20 - 000002184 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2018-02-14 16:13 - 2017-02-13 12:20 - 000002143 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2018-02-12 14:33 - 2016-09-21 15:17 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2018-02-11 18:12 - 2017-06-02 22:34 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox
2018-02-10 16:31 - 2017-11-05 11:32 - 000803328 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2018-02-10 16:31 - 2017-11-05 11:32 - 000144896 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2018-02-10 16:31 - 2017-11-05 11:32 - 000004324 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2018-02-10 16:31 - 2017-11-05 11:32 - 000000000 ____D C:\Windows\SysWOW64\Macromed
2018-02-10 16:31 - 2017-11-05 11:32 - 000000000 ____D C:\Windows\system32\Macromed
2018-02-10 15:09 - 2017-11-05 12:12 - 000000000 ____D C:\Program Files\McAfee Security Scan
2018-02-10 15:09 - 2017-11-05 11:33 - 000001964 _____ C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
2018-01-26 19:32 - 2017-03-20 19:39 - 000000000 ____D C:\Program Files (x86)\McAfee

==================== Files in the root of some directories =======

2017-01-25 14:42 - 2017-04-12 10:01 - 000000408 _____ () C:\Program Files (x86)\metadata
2017-01-25 14:42 - 2017-05-08 18:45 - 000000040 _____ () C:\Program Files (x86)\settings.dat
2016-10-16 15:55 - 2016-10-16 15:55 - 000140288 _____ () C:\Users\pc\AppData\Roaming\Installer.dat
2016-10-16 15:56 - 2016-10-16 15:56 - 000018432 _____ () C:\Users\pc\AppData\Roaming\Main.dat

Some files in TEMP:
====================
2018-02-23 17:54 - 2018-02-23 17:54 - 000000000 _____ () C:\Users\pc\AppData\Local\Temp\tpdg.exe
2018-02-23 17:54 - 2018-02-23 17:54 - 000000000 _____ () C:\Users\pc\AppData\Local\Temp\winhpvwos.exe
2018-02-23 17:54 - 2018-02-23 17:54 - 000000000 _____ () C:\Users\pc\AppData\Local\Temp\winogsrld.exe
2018-02-23 17:55 - 2018-02-23 17:55 - 000000000 _____ () C:\Users\pc\AppData\Local\Temp\winsatk.exe

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2018-02-17 00:02

==================== End of FRST.txt ============================

 

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 21.02.2018
Ran by pc (23-02-2018 17:59:48)
Running from C:\Users\pc\Downloads
Windows 7 Home Premium Service Pack 1 (X64) (2016-09-21 14:03:01)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-2178471484-2396107894-907308686-500 - Administrator - Disabled)
Guest (S-1-5-21-2178471484-2396107894-907308686-501 - Limited - Disabled)
pc (S-1-5-21-2178471484-2396107894-907308686-1000 - Administrator - Enabled) => C:\Users\pc

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

ACDSee Pro 8 (64-bit) (HKLM\...\{F84CE839-8CDD-4DC1-9A05-FA93BEA8B63D}) (Version: 8.0.0.262 - ACD Systems International Inc.)
Adobe Flash Player 28 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 28.0.0.161 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
amuleC (HKLM-x32\...\{0F7B5011-72EC-493D-A7BF-546591047E8E}) (Version: 1.0.2 - amuleC) <==== ATTENTION
amuleC (HKLM-x32\...\{418DDAC3-E16C-47C2-B5FE-4FBCAB0E10D0}) (Version: 1.0.0 - amuleC) <==== ATTENTION
amulesw (HKLM-x32\...\{13D7C2E9-08E7-4889-94FF-87E707184E53}) (Version: 1.0.7 - amules) <==== ATTENTION
Ashampoo Burning Studio 16 (HKLM-x32\...\{91B33C97-A730-69CE-7A4F-4ADF378BB993}_is1) (Version: 16.0.4 - Ashampoo GmbH & Co. KG)
ASIO4ALL (HKLM-x32\...\ASIO4ALL) (Version: 2.12 - Michael Tippach)
BitTorrent (HKU\S-1-5-21-2178471484-2396107894-907308686-1000\...\BitTorrent) (Version: 7.10.0.43917 - BitTorrent Inc.)
ByteFence Anti-Malware (HKLM-x32\...\ByteFence) (Version: 3.18.0.0 - Byte Technologies LLC) <==== ATTENTION
Chromium Updater version v2 (HKLM-x32\...\{18E74282-D641-47F7-94DB-6A0EBD1E55EA}_is1) (Version: v2 - logicPwn)
DAEMON Tools Lite (HKLM\...\DAEMON Tools Lite) (Version: 10.7.1.0341 - Disc Soft Ltd)
deskapp (HKLM-x32\...\{1A89491D-6C6D-4AD4-BE98-21F19E4A967B}) (Version: 1.0.8 - deskapp) <==== ATTENTION
Far Cry (HKLM-x32\...\GOGPACKFARCRY_is1) (Version: 2.0.0.9 - GOG.com)
FL Studio 12 (HKLM-x32\...\FL Studio 12) (Version:  - Image-Line)
FL Studio 9 (HKLM-x32\...\FL Studio 9) (Version:  - Image-Line)
FL Studio ASIO (HKLM-x32\...\FL Studio ASIO) (Version:  - Image-Line)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 64.0.3282.167 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.7 - Google Inc.) Hidden
gpedt.msc 1.0 (HKLM-x32\...\{10B9C608-BF7C-4CCF-A658-C01D969DCA21}_is1) (Version:  - Richard)
Hamsterball Free Trial (HKLM-x32\...\Hamsterball Free Trial_is1) (Version:  - Raptisoft)
Hamsterball Gold 2.18 (HKLM-x32\...\Hamsterball Gold_is1) (Version:  - Raptisoft)
Hard Disk Sentinel (HKLM-x32\...\Hard Disk Sentinel_is1) (Version:  - HDS)
Hardcore (HKLM-x32\...\Hardcore) (Version:  - Image-Line)
IL Download Manager (HKLM-x32\...\IL Download Manager) (Version:  - Image-Line)
Java 8 Update 151 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180151F0}) (Version: 8.0.1510.12 - Oracle Corporation)
K-Lite Codec Pack 12.3.5 Standard (HKLM-x32\...\KLiteCodecPack_is1) (Version: 12.3.5 - KLCP)
League of Legends (HKLM-x32\...\League of Legends 1.0) (Version: 1.0 - Riot Games, Inc)
Lemonade Tycoon (HKLM-x32\...\Lemonade Tycoon) (Version: 32.0.0.0 - Shockwave.com)
Lemonade Tycoon Deluxe (HKLM-x32\...\Lemonade Tycoon Deluxe) (Version:  - )
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.11.681.1 - McAfee, Inc.)
McAfee WebAdvisor (HKLM-x32\...\{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}) (Version: 4.0.163 - McAfee, Inc.)
MCF 7 - 13th Skull version 1.0 (HKLM-x32\...\{39DFB313-8584-4148-82C4-E5F45C9D51A3}_is1) (Version: 1.0 - Big Fish Games, Inc.)
Microsoft .NET Framework 4.6.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01590 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUS) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Professional Plus 2013 (HKLM\...\Office15.PROPLUS) (Version: 15.0.4420.1017 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Mozilla Firefox 58.0.2 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 58.0.2 (x86 en-US)) (Version: 58.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 58.0.2.6611 - Mozilla)
Mystery Case Files - Dire Grove Collector Edition (HKLM-x32\...\Mystery Case Files - Dire Grove Collector Edition1.0) (Version: 1.0 - FishBone Games)
Outils de vérification linguistique 2013 de Microsoft Office - Français (HKLM\...\{90150000-001F-040C-1000-0000000FF1CE}) (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
PoiZone (HKLM-x32\...\PoiZone) (Version:  - Image-Line)
Sawer (HKLM-x32\...\Sawer) (Version:  - Image-Line)
Skype™ 7.33 (HKLM-x32\...\{3B7E914A-93D5-4A29-92BB-AF8C3F66C431}) (Version: 7.33.104 - Skype Technologies S.A.)
Toxic Biohazard (HKLM-x32\...\Toxic Biohazard) (Version:  - Image-Line)
WavePad Sound Editor (HKLM-x32\...\WavePad) (Version: 6.55 - NCH Software)
Winamp (HKLM-x32\...\Winamp) (Version: 5.666  - Nullsoft, Inc)
WinRAR 5.40 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.40.0 - win.rar GmbH)
WinSnare (HKLM-x32\...\{623E5902-DD76-4739-853D-16EC184C7B23}) (Version: 4.3.1 - WinSnare) <==== ATTENTION

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

HKU\S-1-5-21-2178471484-2396107894-907308686-1000\...\ChromeHTML: -> C:\Program Files (x86)\Bookness\Application\chrome.exe (Google Inc.) <==== ATTENTION
ShellIconOverlayIdentifiers: [KzShlobj] -> {AAA0C5B8-933F-4200-93AD-B143D7FFF9F2} =>  -> No File
ContextMenuHandlers1: [KuaiZipShlExt] -> {6ADF19E3-77A3-4395-ADB4-9FD7D351EB3E} =>  -> No File
ContextMenuHandlers1: [ContextMenuExt] -> {6ADF19E3-77A3-4395-ADB4-9FD7D351EB3E} =>  -> No File
ContextMenuHandlers1: [PicaViewCtxMenuShlExt] -> {F3CBBA61-EE3F-4D6D-B1C6-B3474E579936} => C:\Program Files\Common Files\ACD Systems\PicaView\ACDSeePV.dll [2014-09-19] (ACD Systems International Inc.)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2016-08-14] (Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2016-08-14] (Alexander Roshal)
ContextMenuHandlers2: [KuaiZipShlExt] -> {6ADF19E3-77A3-4395-ADB4-9FD7D351EB3E} =>  -> No File
ContextMenuHandlers2: [DaemonShellExtDriveLite] -> {C06369D6-E77D-4626-9656-1256312BD576} => C:\Program Files\DAEMON Tools Lite\DTShl64.dll [2018-02-12] (Disc Soft Ltd)
ContextMenuHandlers3: [DaemonShellExtImageLite] -> {1D1B5D7B-0FC9-452E-902C-12BACD4FBC20} => C:\Program Files\DAEMON Tools Lite\DTShl64.dll [2018-02-12] (Disc Soft Ltd)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamext.dll [2016-03-10] (Malwarebytes)
ContextMenuHandlers4: [KuaiZipShlExt] -> {6ADF19E3-77A3-4395-ADB4-9FD7D351EB3E} =>  -> No File
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamext.dll [2016-03-10] (Malwarebytes)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2016-08-14] (Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2016-08-14] (Alexander Roshal)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {501D855A-666A-4AC3-8FCC-079B4B4390DB} - System32\Tasks\AutoKMS => C:\Windows\AutoKMS\AutoKMS.exe
Task: {5852230D-4797-49EB-93A4-35D6ADAC3728} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2012-10-01] (Microsoft Corporation)
Task: {606EDDD2-F8B3-4581-9162-F0FD95157C9C} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2012-10-01] (Microsoft Corporation)
Task: {66295A8A-81F5-4865-B177-C7824346C4C8} - System32\Tasks\{AA829463-9661-4EC0-9E14-FED2D1986DA8} => C:\Windows\system32\pcalua.exe -a "C:\Program Files (x86)\Common Files\Transwarm\uninstall.exe" -c shuz -f "C:\Program Files (x86)\Common Files\Transwarm\uninstall.dat" -a uninstallme 8169D39A-4297-4D7D-8BF3-5AF64CCA4D9D DeviceId=d91836c9-bb4c-96d7-f0c8-347c2cd13184 BarcodeId=50027003 ChannelId=3 DistributerName=APSnapdoAMRev
Task: {7F9EA7BA-FE79-4882-8F4F-27888402226F} - System32\Tasks\GoogleUpdateTaskMachineCore1d2c1b6d1484876 => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-09-21] (Google Inc.)
Task: {A00D91A4-B024-4CE4-8DB4-BD44E2248F9E} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2018-02-10] (Adobe Systems Incorporated)
Task: {B1BE2B7A-1B68-4750-B063-070B25BF452D} - System32\Tasks\db66fb0661a3d0c2a460619494d6f006 => rundll32.exe "C:\Program Files (x86)\MSBuild\67qvnj.dll",e62dc6c6547f46bda862da2d05af6862 <==== ATTENTION
Task: {C4F5B583-4088-44D5-BE3E-E1F44475270B} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-09-21] (Google Inc.)
Task: {CE89080E-8E3B-4A94-B8DD-AC435A0290CA} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [2012-10-01] (Microsoft Corporation)
Task: {D31A45DB-874D-45A8-8F25-942914C1C83A} - System32\Tasks\ByteFence => C:\Program Files\ByteFence\ByteFence.exe <==== ATTENTION
Task: {D933B596-89AB-4F27-BC92-2F9BF02EB816} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
Task: {F8314A7A-52EC-4673-BFBB-CEF974C941DD} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-09-21] (Google Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


Shortcut: C:\Users\pc\Favorites\NCH Software Download Site.lnk -> hxxp://www.nch.com.au/index.htm
Shortcut: C:\Users\pc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Image-Line\FL Studio 9\Additional\SynthMaker website.lnk -> hxxp://www.synthmaker.co.uk
Shortcut: C:\Users\pc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Intеrnеt Ехрlоrеr (Nо Аdd-оns).lnk -> C:\Users\pc\AppData\Roaming\HPSewil\SewilStarter2.exe (No File) <==== Cyrillic
Shortcut: C:\Users\pc\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk -> C:\Program Files (x86)\Bookness\Application\chrome.exe (Google Inc.)
Shortcut: C:\Users\pc\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk -> C:\Program Files (x86)\Bookness\Application\chrome.exe (Google Inc.)
Shortcut: C:\Users\pc\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Google Chrome.lnk -> C:\Program Files (x86)\Bookness\Application\chrome.exe (Google Inc.)
Shortcut: C:\Users\pc\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\ed1ff51614c1136e\Google Chrome.lnk -> C:\Program Files (x86)\Bookness\Application\chrome.exe (Google Inc.)
Shortcut: C:\Users\pc\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\69639df789022856\Google Chrome.lnk -> C:\Program Files (x86)\Bookness\Application\chrome.exe (Google Inc.)
Shortcut: C:\Users\pc\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\57c1b4227860d00a\Google Chrome.lnk -> C:\Program Files (x86)\Bookness\Application\chrome.exe (Google Inc.)
Shortcut: C:\Users\pc\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\4c93bcbcf5741ed5\Google Chrome.lnk -> C:\Program Files (x86)\Bookness\Application\chrome.exe (Google Inc.)
Shortcut: C:\Users\pc\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\360c22b137d62ce9\Google Chrome.lnk -> C:\Program Files (x86)\Bookness\Application\chrome.exe (Google Inc.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Моzillа Firеfох.lnk -> C:\Users\pc\AppData\Roaming\HPSewil\SewilStarter2.exe (No File) <==== Cyrillic

ShortcutWithArgument: C:\Users\pc\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\c1d1c5711b1e8409\Google Chrome.lnk -> C:\Program Files (x86)\Bookness\Application\chrome.exe (Google Inc.) -> --profile-directory="Profile 1"

==================== Loaded Modules (Whitelisted) ==============

2012-10-01 19:36 - 2012-10-01 19:36 - 006522480 _____ () C:\Program Files\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2010-01-30 01:40 - 2010-01-30 01:40 - 004254560 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2010-03-24 20:38 - 2010-03-24 20:38 - 008794976 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2014-09-19 22:56 - 2014-09-19 22:56 - 002136072 _____ () C:\Program Files\ACD Systems\ACDSee Pro\8.0\ACDSeeCommanderPro8.exe
2018-02-15 23:07 - 2018-02-15 23:07 - 004474880 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_64\DiscSoft.NET.Common\814b04b35cad9b2d112348ca720f44a9\DiscSoft.NET.Common.ni.dll
2017-02-13 12:20 - 2017-02-13 08:16 - 000482304 _____ () c:\programdata\apple computer\itunes\ipoddevices.dll
2016-11-21 14:35 - 2016-11-21 04:32 - 000345600 _____ () c:\programdata\preemptive solutions\common\lac\sos\1.1.4322__2.3.0.2.dll
2012-10-01 19:37 - 2012-10-01 19:37 - 006522480 _____ () C:\Program Files (x86)\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2010-01-30 01:41 - 2010-01-30 01:41 - 004254560 _____ () C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2010-03-24 20:17 - 2010-03-24 20:17 - 008794464 _____ () C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2017-05-08 19:45 - 2017-05-08 07:27 - 000105984 _____ () c:\programdata\microsoft\appv\setup\integrator.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot => "AlternateShell"=""

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

HKU\S-1-5-21-2178471484-2396107894-907308686-1000\Software\Classes\regfile: regedit.exe "%1" <==== ATTENTION

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 03:34 - 2018-02-23 16:37 - 000001306 _____ C:\Windows\system32\Drivers\etc\hosts

127.0.0.1       localhost
0.0.0.0 0.0.0.0 # fix for traceroute and netstat display anomaly
0.0.0.0 tracking.opencandy.com.s3.amazonaws.com
0.0.0.0 media.opencandy.com
0.0.0.0 cdn.opencandy.com
0.0.0.0 tracking.opencandy.com
0.0.0.0 api.opencandy.com
0.0.0.0 api.recommendedsw.com
0.0.0.0 rp.yefeneri2.com
0.0.0.0 os.yefeneri2.com
0.0.0.0 os2.yefeneri2.com
0.0.0.0 installer.betterinstaller.com
0.0.0.0 installer.filebulldog.com
0.0.0.0 d3oxtn1x3b8d7i.cloudfront.net
0.0.0.0 inno.bisrv.com
0.0.0.0 nsis.bisrv.com
0.0.0.0 cdn.file2desktop.com
0.0.0.0 cdn.goateastcach.us
0.0.0.0 cdn.guttastatdk.us
0.0.0.0 cdn.inskinmedia.com
0.0.0.0 cdn.insta.oibundles2.com
0.0.0.0 cdn.insta.playbryte.com
0.0.0.0 cdn.llogetfastcach.us
0.0.0.0 cdn.montiera.com
0.0.0.0 cdn.msdwnld.com
0.0.0.0 cdn.mypcbackup.com
0.0.0.0 cdn.ppdownload.com
0.0.0.0 cdn.riceateastcach.us
0.0.0.0 cdn.shyapotato.us
0.0.0.0 cdn.solimba.com

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2178471484-2396107894-907308686-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\pc\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 0)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

MSCONFIG\Services: ByteFenceService => 2
MSCONFIG\Services: ed2kidle => 2
MSCONFIG\Services: FirefoxU => 2
MSCONFIG\Services: Gubed_WMI => 2
MSCONFIG\Services: McAfee SiteAdvisor Service => 2
MSCONFIG\Services: McComponentHostService => 3
MSCONFIG\Services: rtop => 2
MSCONFIG\Services: UleadBurningHelper => 2
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk => C:\Windows\pss\McAfee Security Scan Plus.lnk.CommonStartup
MSCONFIG\startupreg: ACDSeeCommanderPro8 => C:\Program Files\ACD Systems\ACDSee Pro\8.0\ACDSeeCommanderPro8.exe
MSCONFIG\startupreg: ACPW08EN => "C:\Program Files\ACD Systems\ACDSee Pro\8.0\acdIDInTouch2.exe"
MSCONFIG\startupreg: SoundMAXPnP => C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe
MSCONFIG\startupreg: SSMaker2 => "C:\Users\pc\AppData\Roaming\ScreenMaker2\SSMaker.exe"
MSCONFIG\startupreg: WinFast Schedule => C:\Program Files (x86)\WinFast\WFTVFM\WFWIZ.exe

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{DF35A5F8-F7B2-4D6B-914C-41421A7C8A97}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{B83F6F02-0930-44AE-8302-977C98AE31AF}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{57F5B024-E15C-4D10-AE06-8B3079901716}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{27E7DA4F-4C3A-48D3-9143-793605E5DF71}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{57F11D67-B155-4DCA-B116-4655E5B2D335}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{04798F5F-8C05-4DAC-B5BF-800278C7A886}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{25CADDDB-2F21-4138-A0BF-85429F8D7D83}] => (Allow) C:\Program Files (x86)\Winamp\winamp.exe
FirewallRules: [{3E05298D-FE10-4412-929E-5A2333D1FC3A}] => (Allow) C:\Program Files (x86)\Winamp\winamp.exe
FirewallRules: [TCP Query User{BC4A8BB2-9974-4275-B45D-7EDAD9841475}C:\users\pc\appdata\local\temp\is-2io1r.tmp\download\minithunderplatform.exe] => (Block) C:\users\pc\appdata\local\temp\is-2io1r.tmp\download\minithunderplatform.exe
FirewallRules: [UDP Query User{315CC1E8-D201-4E20-A135-E788A2534821}C:\users\pc\appdata\local\temp\is-2io1r.tmp\download\minithunderplatform.exe] => (Block) C:\users\pc\appdata\local\temp\is-2io1r.tmp\download\minithunderplatform.exe
FirewallRules: [{10A275C0-F5E8-48D4-A524-64D9279EFBA8}] => (Allow) C:\Users\pc\AppData\Local\Temp\is-2IO1R.tmp\download\MiniThunderPlatform.exe
FirewallRules: [{B88AAFE0-C606-4AF6-AF81-A2313E3C8084}] => (Allow) C:\Users\pc\AppData\Local\Temp\00012253\inst_buychannel_37.exe
FirewallRules: [{925C0D6F-59E7-4A64-809C-E8BFCB4481E2}] => (Allow) C:\Users\pc\AppData\Local\Temp\00012253\inst_buychannel_37.exe
FirewallRules: [{BDD37019-109E-470E-9BDB-9F0CF7E7CEC4}] => (Allow) C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe
FirewallRules: [{1BDB7E56-D543-4B69-8990-07A39D1B7C32}] => (Allow) C:\Program Files (x86)\GreatMaker\MaohaWiFi\MaohaWifiSvr.exe
FirewallRules: [{EA871448-44D0-46EA-94F6-031D91742A33}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{AE57391D-41F5-4401-BEF5-00E4CB0577AD}] => (Allow) C:\Torrentex\Torrentex.exe
FirewallRules: [{78C73B60-6D9D-459F-9B5C-8017AAA0C637}] => (Allow) C:\Torrentex\Torrentex.exe
FirewallRules: [Torrentex-In-TCP] => (Allow) C:\Torrentex\Torrentex.exe
FirewallRules: [Torrentex-In-UDP] => (Allow) C:\Torrentex\Torrentex.exe
FirewallRules: [{6284197F-E01B-4DD9-A76B-3A3E6F723456}] => (Allow) C:\Program Files (x86)\Firefox\bin\FirefoxUpdate.exe
FirewallRules: [{44D9F2F3-9EBC-4756-8B33-A8E51626276E}] => (Allow) C:\Program Files (x86)\Firefox\Firefox.exe
FirewallRules: [{787C4115-576C-484C-938C-BAAEFF907835}] => (Allow) C:\Users\pc\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{BC876A06-D6A2-4791-AA16-63BA39DC93A7}] => (Allow) C:\Users\pc\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{2BFA7491-9DB8-4465-BEEC-53A07673BA27}] => (Allow) C:\Users\pc\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{53C6FD3C-65D5-4C98-AA85-694663980C8C}] => (Allow) C:\Users\pc\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{1395820D-8191-4A38-90A6-0F2444D377C7}] => (Allow) C:\Users\pc\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{CBB37770-920C-4FDA-A72D-167F709B12C6}] => (Allow) C:\Users\pc\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{0F188A8D-911F-4A12-B6DD-FC734A5F9A16}] => (Allow) C:\Program Files (x86)\Bookness\Application\chrome.exe
FirewallRules: [TCP Query User{D46B15B0-B0D6-46C9-94A9-2B145237304E}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{9C52F98B-44F8-4FB0-9303-6D0E04CB0418}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [{9F7128E9-40AB-4429-9517-5391C633D259}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{ED69C255-C606-4052-9B71-D8AE3545B619}] => (Allow) C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe
FirewallRules: [TCP Query User{616C042F-4E46-48D3-8C53-E2AAF31A1774}C:\program files (x86)\fishbone games\mystery case files - dire grove collector edition\mcf6.exe] => (Block) C:\program files (x86)\fishbone games\mystery case files - dire grove collector edition\mcf6.exe
FirewallRules: [UDP Query User{D9B4F98A-869A-46E4-A588-D2F035D56D24}C:\program files (x86)\fishbone games\mystery case files - dire grove collector edition\mcf6.exe] => (Block) C:\program files (x86)\fishbone games\mystery case files - dire grove collector edition\mcf6.exe
FirewallRules: [TCP Query User{97548897-9EA3-432F-A8E9-81A9E942D916}C:\program files (x86)\mcafee\siteadvisor\saui.exe] => (Block) C:\program files (x86)\mcafee\siteadvisor\saui.exe
FirewallRules: [UDP Query User{23188FBB-AEDD-4D29-920E-690ED79941AE}C:\program files (x86)\mcafee\siteadvisor\saui.exe] => (Block) C:\program files (x86)\mcafee\siteadvisor\saui.exe
FirewallRules: [TCP Query User{50F97E39-EA84-4F66-B80C-821A58CA1B5D}C:\program files\bytefence\rslggr.exe] => (Block) C:\program files\bytefence\rslggr.exe
FirewallRules: [UDP Query User{BF751178-937E-46D4-B976-A406592CAE57}C:\program files\bytefence\rslggr.exe] => (Block) C:\program files\bytefence\rslggr.exe
FirewallRules: [TCP Query User{33D07AA2-AE0F-4B99-ACDF-0DAFC563FB47}E:\mystery case files ravenhearst\ravenhearst.exe] => (Block) E:\mystery case files ravenhearst\ravenhearst.exe
FirewallRules: [UDP Query User{363F30C5-DD67-48BA-9261-D460E598BD72}E:\mystery case files ravenhearst\ravenhearst.exe] => (Block) E:\mystery case files ravenhearst\ravenhearst.exe
FirewallRules: [TCP Query User{E25B0CD7-B9F3-4F59-9E31-C72355CF4EC3}C:\program files\bytefence\rtop\bin\rtop_bg.exe] => (Block) C:\program files\bytefence\rtop\bin\rtop_bg.exe
FirewallRules: [UDP Query User{3759DCBD-0CB4-4FAB-9B66-1689F357ED1C}C:\program files\bytefence\rtop\bin\rtop_bg.exe] => (Block) C:\program files\bytefence\rtop\bin\rtop_bg.exe
FirewallRules: [TCP Query User{BBCC949D-0501-4569-8642-26A70491F4FC}C:\program files (x86)\common files\java\java update\jusched.exe] => (Block) C:\program files (x86)\common files\java\java update\jusched.exe
FirewallRules: [UDP Query User{7ED3DE75-D8CD-4EBB-A555-DA34EB6A9B61}C:\program files (x86)\common files\java\java update\jusched.exe] => (Block) C:\program files (x86)\common files\java\java update\jusched.exe
FirewallRules: [TCP Query User{DC92D2D4-02EB-42B1-A32D-319058E2DE5B}C:\gog games\far cry\bin32\fxc.exe] => (Block) C:\gog games\far cry\bin32\fxc.exe
FirewallRules: [UDP Query User{EC49762F-790B-442F-988C-F29217F2F72B}C:\gog games\far cry\bin32\fxc.exe] => (Block) C:\gog games\far cry\bin32\fxc.exe
FirewallRules: [TCP Query User{C2929713-CA56-49D8-8498-BB0AE488729A}C:\program files (x86)\raptisoft\hamsterball\unins000.exe] => (Block) C:\program files (x86)\raptisoft\hamsterball\unins000.exe
FirewallRules: [UDP Query User{E750966E-9AF1-4E66-B415-7A0E679BDD38}C:\program files (x86)\raptisoft\hamsterball\unins000.exe] => (Block) C:\program files (x86)\raptisoft\hamsterball\unins000.exe
FirewallRules: [TCP Query User{06A1AFBC-4CFA-4E25-8B81-93DD83FF6440}C:\windows\syswow64\rundll32.exe] => (Block) C:\windows\syswow64\rundll32.exe
FirewallRules: [UDP Query User{97FE18C8-4209-4051-8128-280E845889CF}C:\windows\syswow64\rundll32.exe] => (Block) C:\windows\syswow64\rundll32.exe
StandardProfile\AuthorizedApplications: [C:\Users\pc\AppData\Roaming\BitTorrent\BitTorrent.exe] => Enabled:ipsec
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\McAfee\SiteAdvisor\saUI.exe] => Enabled:ipsec

==================== Restore Points =========================

15-02-2018 23:09:09 Device Driver Package Install: Disc Soft Ltd Storage controllers
15-02-2018 23:12:51 Device Driver Package Install: Disc Soft Ltd Universal Serial Bus controllers
17-02-2018 04:57:35 Windows Update
22-02-2018 11:54:15 Installed DirectX
22-02-2018 21:30:11 Removed Java 8 Update 151

==================== Faulty Device Manager Devices =============

Name:
Description:
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: p1481556716am
Description: p1481556716am
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: p1481556716am
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.


==================== Event log errors: =========================

Application errors:
==================
Error: (02/23/2018 05:52:51 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (02/23/2018 05:41:56 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4110) (User: )
Description: Failed to add certificate to Third-Party Root Certification Authorities store with error: Access is denied.

Error: (02/23/2018 05:33:26 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (02/23/2018 05:21:14 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (02/23/2018 05:12:13 PM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: )
Description: Event-ID 0

Error: (02/23/2018 05:02:58 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (02/23/2018 05:01:54 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4110) (User: )
Description: Failed to add certificate to Third-Party Root Certification Authorities store with error: Access is denied.

Error: (02/23/2018 04:53:43 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.


System errors:
=============
Error: (02/23/2018 05:51:13 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
p1481556716am

Error: (02/23/2018 05:33:38 PM) (Source: DCOM) (EventID: 10005) (User: )
Description: DCOM got error "1084" attempting to start the service Disc Soft Lite Bus Service with arguments "" in order to run the server:
{1BB2CAF7-8881-4CE8-B16A-3CA37C7C6F33}

Error: (02/23/2018 05:32:03 PM) (Source: DCOM) (EventID: 10005) (User: )
Description: DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server:
{9E175B6D-F52A-11D8-B9A5-505054503030}

Error: (02/23/2018 05:32:03 PM) (Source: DCOM) (EventID: 10005) (User: )
Description: DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server:
{7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

Error: (02/23/2018 05:32:01 PM) (Source: DCOM) (EventID: 10005) (User: )
Description: DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server:
{1BE1F766-5536-11D1-B726-00C04FB926AF}

Error: (02/23/2018 05:31:50 PM) (Source: DCOM) (EventID: 10005) (User: )
Description: DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server:
{DD522ACC-F821-461A-A407-50B198B896DC}

Error: (02/23/2018 05:31:49 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
discache
p1481556716am
spldr
Wanarpv6

Error: (02/23/2018 05:30:30 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
p1481556716am


CodeIntegrity:
===================================

Date: 2018-02-23 17:51:02.402
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\wfeaglxt.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2018-02-23 17:51:02.356
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\wfeaglxt.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2018-02-23 17:30:18.480
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\wfeaglxt.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2018-02-23 17:30:18.434
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\wfeaglxt.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2018-02-23 17:28:00.574
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\wfeaglxt.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2018-02-23 17:28:00.543
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\wfeaglxt.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2018-02-23 17:19:28.385
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\wfeaglxt.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2018-02-23 17:19:28.338
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\wfeaglxt.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

==================== Memory info ===========================

Processor: Intel® Pentium® Dual CPU E2180 @ 2.00GHz
Percentage of memory in use: 88%
Total physical RAM: 1535.18 MB
Available physical RAM: 180.9 MB
Total Virtual: 3070.36 MB
Available Virtual: 1284.16 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:146 GB) (Free:61.57 GB) NTFS
Drive e: (New Volume) (Fixed) (Total:151.6 GB) (Free:100.19 GB) NTFS
Drive f: (mcf7) (CDROM) (Total:0.71 GB) (Free:0 GB) CDFS

\\?\Volume{eb0f0dba-804d-11e6-9633-806e6f6e6963}\ (System Reserved) (Fixed) (Total:0.49 GB) (Free:0.44 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 298.1 GB) (Disk ID: 87977C50)
Partition 1: (Active) - (Size=500 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=146 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=151.6 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================



BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 39,936 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:05:12 PM

Posted 23 February 2018 - 02:10 PM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Remove these programs in bold via the Control Panel > Programs > Programs and Features.
amuleC (HKLM-x32\...\{0F7B5011-72EC-493D-A7BF-546591047E8E}) (Version: 1.0.2 - amuleC) <==== ATTENTION
amuleC (HKLM-x32\...\{418DDAC3-E16C-47C2-B5FE-4FBCAB0E10D0}) (Version: 1.0.0 - amuleC) <==== ATTENTION
amulesw (HKLM-x32\...\{13D7C2E9-08E7-4889-94FF-87E707184E53}) (Version: 1.0.7 - amules) <==== ATTENTION
ByteFence Anti-Malware (HKLM-x32\...\ByteFence) (Version: 3.18.0.0 - Byte Technologies LLC) <==== ATTENTION
deskapp (HKLM-x32\...\{1A89491D-6C6D-4AD4-BE98-21F19E4A967B}) (Version: 1.0.8 - deskapp) <==== ATTENTION
WinSnare (HKLM-x32\...\{623E5902-DD76-4739-853D-16EC184C7B23}) (Version: 4.3.1 - WinSnare) <==== ATTENTION
---

Press the Windows key + r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.
Please copy the entire contents of the code box below to the a new file.
 
start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

HKU\S-1-5-21-2178471484-2396107894-907308686-1000\...\Policies\system: [DisableTaskMgr] 1
GroupPolicy: Restriction - Chrome <==== ATTENTION
GroupPolicy\User: Restriction <==== ATTENTION
SearchScopes: HKU\S-1-5-21-2178471484-2396107894-907308686-1000 -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL =
FF ProfilePath: C:\Users\pc\AppData\Roaming\Firefox\Firefox\naweriweentcofise\Profiles\3o1cy6xm.default\Profiles\3o1cy6xm.default [not found] <==== ATTENTION
FF Extension: (Video AdBlock) - C:\Users\pc\AppData\Roaming\Mozilla\Firefox\Profiles\3o1cy6xm.default\Extensions\{7b8a500a-a464-4624-bd4f-73eaafe0f766} [2016-09-23] [Legacy]
FF Extension: (Video AdBlock) - C:\Users\pc\AppData\Roaming\Firefox\Firefox\Profiles\3o1cy6xm.default\Extensions\{7b8a500a-a464-4624-bd4f-73eaafe0f766} [2016-09-23] [Legacy]
FF SearchPlugin: C:\Users\pc\AppData\Roaming\Firefox\Firefox\Profiles\3o1cy6xm.default\searchplugins\startsearch.xml [2017-03-03]
CHR HomePage: Profile 1 -> hxxp://www.trotux.com/?z=468298e7b2970c75d0eb86fg1zam7o2oageq9bdt2o&from=epf1&uid=MAXTORXSTM3250820AS_6QE06C1DXXXX6QE06C1D&type=hp
CHR StartupUrls: Profile 1 -> "hxxp://www.trotux.com/?z=468298e7b2970c75d0eb86fg1zam7o2oageq9bdt2o&from=epf1&uid=MAXTORXSTM3250820AS_6QE06C1DXXXX6QE06C1D&type=hp"
CHR Extension: (Video Ad Blocker Plus) - C:\Users\pc\AppData\Local\Google\Chrome\User Data\Default\Extensions\hegneaniplmfjcmohoclabblbahcbjoe [2016-09-22]
CHR HKU\S-1-5-21-2178471484-2396107894-907308686-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [hegneaniplmfjcmohoclabblbahcbjoe] - hxxp://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [hegneaniplmfjcmohoclabblbahcbjoe] - hxxp://clients2.google.com/service/update2/crx
S4 ByteFenceService; C:\Program Files\ByteFence\ByteFenceService.exe [150936 2018-01-08] (Byte Technologies LLC)
S4 rtop; C:\Program Files\ByteFence\rtop\bin\rtop_svc.exe [302920 2018-02-15] ()
R2 WinInstallSvc; C:\ProgramData\Microsoft\AppV\Setup\Integrator.dll [105984 2017-05-08] () [File not signed] <==== ATTENTION
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S1 p1481556716am; \??\C:\Users\pc\AppData\Local\Temp\bk8287.tmp\p1481556716am.sys [X] <==== ATTENTION



ShellIconOverlayIdentifiers: [KzShlobj] -> {AAA0C5B8-933F-4200-93AD-B143D7FFF9F2} =>  -> No File
ContextMenuHandlers1: [KuaiZipShlExt] -> {6ADF19E3-77A3-4395-ADB4-9FD7D351EB3E} =>  -> No File
ContextMenuHandlers1: [ContextMenuExt] -> {6ADF19E3-77A3-4395-ADB4-9FD7D351EB3E} =>  -> No File
ContextMenuHandlers2: [KuaiZipShlExt] -> {6ADF19E3-77A3-4395-ADB4-9FD7D351EB3E} =>  -> No File
ContextMenuHandlers4: [KuaiZipShlExt] -> {6ADF19E3-77A3-4395-ADB4-9FD7D351EB3E} =>  -> No File
Task: {501D855A-666A-4AC3-8FCC-079B4B4390DB} - System32\Tasks\AutoKMS => C:\Windows\AutoKMS\AutoKMS.exe
Task: {B1BE2B7A-1B68-4750-B063-070B25BF452D} - System32\Tasks\db66fb0661a3d0c2a460619494d6f006 => rundll32.exe "C:\Program Files (x86)\MSBuild\67qvnj.dll",e62dc6c6547f46bda862da2d05af6862 <==== ATTENTION
Task: {D31A45DB-874D-45A8-8F25-942914C1C83A} - System32\Tasks\ByteFence => C:\Program Files\ByteFence\ByteFence.exe <==== ATTENTION
Shortcut: C:\Users\pc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Int?rn?t ???l?r?r (N? ?dd-?ns).lnk -> C:\Users\pc\AppData\Roaming\HPSewil\SewilStarter2.exe (No File) <==== Cyrillic
Shortcut: C:\Users\pc\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk -> C:\Program Files (x86)\Bookness\Application\chrome.exe (Google Inc.)
Shortcut: C:\Users\pc\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk -> C:\Program Files (x86)\Bookness\Application\chrome.exe (Google Inc.)
Shortcut: C:\Users\pc\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Google Chrome.lnk -> C:\Program Files (x86)\Bookness\Application\chrome.exe (Google Inc.)
Shortcut: C:\Users\pc\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\ed1ff51614c1136e\Google Chrome.lnk -> C:\Program Files (x86)\Bookness\Application\chrome.exe (Google Inc.)
Shortcut: C:\Users\pc\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\69639df789022856\Google Chrome.lnk -> C:\Program Files (x86)\Bookness\Application\chrome.exe (Google Inc.)
Shortcut: C:\Users\pc\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\57c1b4227860d00a\Google Chrome.lnk -> C:\Program Files (x86)\Bookness\Application\chrome.exe (Google Inc.)
Shortcut: C:\Users\pc\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\4c93bcbcf5741ed5\Google Chrome.lnk -> C:\Program Files (x86)\Bookness\Application\chrome.exe (Google Inc.)
Shortcut: C:\Users\pc\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User 360c22b137d62ce9\Google Chrome.lnk -> C:\Program Files (x86)\Bookness\Application\chrome.exe (Google Inc.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\??zill? Fir?f??.lnk -> C:\Users\pc\AppData\Roaming\HPSewil\SewilStarter2.exe (No File) <==== Cyrillic
ShortcutWithArgument: C:\Users\pc\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\c1d1c5711b1e8409\Google Chrome.lnk -> C:\Program Files (x86)\Bookness\Application\chrome.exe (Google Inc.) -> --profile-directory="Profile 1"
HKU\S-1-5-21-2178471484-2396107894-907308686-1000\Software\Classes\regfile: regedit.exe "%1" <==== ATTENTION
MSCONFIG\startupreg: SSMaker2 => "C:\Users\pc\AppData\Roaming\ScreenMaker2\SSMaker.exe"
FirewallRules: [{BDD37019-109E-470E-9BDB-9F0CF7E7CEC4}] => (Allow) C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe
FirewallRules: [{1BDB7E56-D543-4B69-8990-07A39D1B7C32}] => (Allow) C:\Program Files (x86)\GreatMaker\MaohaWiFi\MaohaWifiSvr.exe
FirewallRules: [{6284197F-E01B-4DD9-A76B-3A3E6F723456}] => (Allow) C:\Program Files (x86)\Firefox\bin\FirefoxUpdate.exe
FirewallRules: [TCP Query User{E25B0CD7-B9F3-4F59-9E31-C72355CF4EC3}C:\program files\bytefence\rtop\bin\rtop_bg.exe] => (Block) C:\program files\bytefence\rtop\bin\rtop_bg.exe
FirewallRules: [UDP Query User{3759DCBD-0CB4-4FAB-9B66-1689F357ED1C}C:\program files\bytefence\rtop\bin\rtop_bg.exe] => (Block) C:\program files\bytefence\rtop\bin\rtop_bg.exe

C:\Program Files\ByteFence
C:\ProgramData\Microsoft\AppV\Setup\Integrator.dll
C:\Windows\AutoKMS
C:\Windows\System32\Tasks\db66fb0661a3d0c2a460619494d6f006
C:\Program Files (x86)\MSBuild
C:\Program Files (x86)\Bookness
C:\Users\pc\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\c1d1c5711b1e8409

2018-02-23 17:54 - 2018-02-23 17:54 - 000000000 _____ () C:\Users\pc\AppData\Local\Temp\tpdg.exe
2018-02-23 17:54 - 2018-02-23 17:54 - 000000000 _____ () C:\Users\pc\AppData\Local\Temp\winhpvwos.exe
2018-02-23 17:54 - 2018-02-23 17:54 - 000000000 _____ () C:\Users\pc\AppData\Local\Temp\winogsrld.exe
2018-02-23 17:55 - 2018-02-23 17:55 - 000000000 _____ () C:\Users\pc\AppData\Local\Temp\winsatk.exe

End
Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

Reset Chrome...
Open Google Chrome, click on menu icon google-chrome-setting-icon.png or the 3 vertical dots located right side top of the google chrome.
 
Click "Settings" then "Show advanced settings" at the bottom of the screen.
 
Click "Reset browser settings" button.
 
Restart Chrome.
====

Get the latest version of Malwarebytes and run it.
Please download Malwarebytes Anti-Malware from here
  • Right-click on the MBAM icon and select Run as administrator to run the tool.
  • Click Yes to accept any security warnings that may appear.
  • Once the MBAM dashboard opens, on the right detail pane click on the word "Current" under the Scan Status to update the tool database.
  • On the left menu pane click the Settings tab, and then select the Protection tab on the top.
  • Under the Scan Options, turn on the button Scan for rootkits and Scan within archives.
  • Click the Scan tab on the right detail pane, select Threat Scan and click the Start Scan button
  • Note: The scan may take some time to finish, so please be patient.
  • If potential threats are detected, ensure to checkmark all the listed items, and click the Quarantine Selected button.
  • While still on the Scan tab, click the View Report button, and in the window that opens click the Export button, select Text file (*.txt), and save the log to your Desktop.
  • The log can also be viewed by clicking the log to select it, then clicking the View Report button.
Please post the log for my review.

Note: If asked to restart the computer, please do so immediately.
===

:step2:
Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the LogFile button and the report will open in Notepad.
IMPORTANT
  • If you click the Clean button all items listed in the report will be removed.
If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Check off the element(s) you wish to keep.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleanerCx.txt (x is a number).
===

Please post the logs and let me know what problem persists.

#3 Suleski_n

Suleski_n
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:10:12 PM

Posted 25 February 2018 - 02:11 PM

I couldn't remove the following programs from list:

amuleC (HKLM-x32\...\{0F7B5011-72EC-493D-A7BF-546591047E8E}) (Version: 1.0.2 - amuleC) <==== ATTENTION
amuleC (HKLM-x32\...\{418DDAC3-E16C-47C2-B5FE-4FBCAB0E10D0}) (Version: 1.0.0 - amuleC) <==== ATTENTION
amulesw (HKLM-x32\...\{13D7C2E9-08E7-4889-94FF-87E707184E53}) (Version: 1.0.7 - amules) <==== ATTENTION

When i try to do it, it says that the feature i'm trying to use is on a network resource that is unavailable.

Fixlog.txt

Fix result of Farbar Recovery Scan Tool (x64) Version: 21.02.2018
Ran by pc (23-02-2018 21:35:51) Run:1
Running from C:\Users\pc\Downloads
Loaded Profiles: pc (Available Profiles: pc)
Boot Mode: Normal
==============================================

fixlist content:
*****************
start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

HKU\S-1-5-21-2178471484-2396107894-907308686-1000\...\Policies\system: [DisableTaskMgr] 1
GroupPolicy: Restriction - Chrome <==== ATTENTION
GroupPolicy\User: Restriction <==== ATTENTION
SearchScopes: HKU\S-1-5-21-2178471484-2396107894-907308686-1000 -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL =
FF ProfilePath: C:\Users\pc\AppData\Roaming\Firefox\Firefox\naweriweentcofise\Profiles\3o1cy6xm.default\Profiles\3o1cy6xm.default [not found] <==== ATTENTION
FF Extension: (Video AdBlock) - C:\Users\pc\AppData\Roaming\Mozilla\Firefox\Profiles\3o1cy6xm.default\Extensions\{7b8a500a-a464-4624-bd4f-73eaafe0f766} [2016-09-23] [Legacy]
FF Extension: (Video AdBlock) - C:\Users\pc\AppData\Roaming\Firefox\Firefox\Profiles\3o1cy6xm.default\Extensions\{7b8a500a-a464-4624-bd4f-73eaafe0f766} [2016-09-23] [Legacy]
FF SearchPlugin: C:\Users\pc\AppData\Roaming\Firefox\Firefox\Profiles\3o1cy6xm.default\searchplugins\startsearch.xml [2017-03-03]
CHR HomePage: Profile 1 -> hxxp://www.trotux.com/?z=468298e7b2970c75d0eb86fg1zam7o2oageq9bdt2o&from=epf1&uid=MAXTORXSTM3250820AS_6QE06C1DXXXX6QE06C1D&type=hp
CHR StartupUrls: Profile 1 -> "hxxp://www.trotux.com/?z=468298e7b2970c75d0eb86fg1zam7o2oageq9bdt2o&from=epf1&uid=MAXTORXSTM3250820AS_6QE06C1DXXXX6QE06C1D&type=hp"
CHR Extension: (Video Ad Blocker Plus) - C:\Users\pc\AppData\Local\Google\Chrome\User Data\Default\Extensions\hegneaniplmfjcmohoclabblbahcbjoe [2016-09-22]
CHR HKU\S-1-5-21-2178471484-2396107894-907308686-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [hegneaniplmfjcmohoclabblbahcbjoe] - hxxp://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [hegneaniplmfjcmohoclabblbahcbjoe] - hxxp://clients2.google.com/service/update2/crx
S4 ByteFenceService; C:\Program Files\ByteFence\ByteFenceService.exe [150936 2018-01-08] (Byte Technologies LLC)
S4 rtop; C:\Program Files\ByteFence\rtop\bin\rtop_svc.exe [302920 2018-02-15] ()
R2 WinInstallSvc; C:\ProgramData\Microsoft\AppV\Setup\Integrator.dll [105984 2017-05-08] () [File not signed] <==== ATTENTION
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S1 p1481556716am; \??\C:\Users\pc\AppData\Local\Temp\bk8287.tmp\p1481556716am.sys [X] <==== ATTENTION



ShellIconOverlayIdentifiers: [KzShlobj] -> {AAA0C5B8-933F-4200-93AD-B143D7FFF9F2} =>  -> No File
ContextMenuHandlers1: [KuaiZipShlExt] -> {6ADF19E3-77A3-4395-ADB4-9FD7D351EB3E} =>  -> No File
ContextMenuHandlers1: [ContextMenuExt] -> {6ADF19E3-77A3-4395-ADB4-9FD7D351EB3E} =>  -> No File
ContextMenuHandlers2: [KuaiZipShlExt] -> {6ADF19E3-77A3-4395-ADB4-9FD7D351EB3E} =>  -> No File
ContextMenuHandlers4: [KuaiZipShlExt] -> {6ADF19E3-77A3-4395-ADB4-9FD7D351EB3E} =>  -> No File
Task: {501D855A-666A-4AC3-8FCC-079B4B4390DB} - System32\Tasks\AutoKMS => C:\Windows\AutoKMS\AutoKMS.exe
Task: {B1BE2B7A-1B68-4750-B063-070B25BF452D} - System32\Tasks\db66fb0661a3d0c2a460619494d6f006 => rundll32.exe "C:\Program Files (x86)\MSBuild\67qvnj.dll",e62dc6c6547f46bda862da2d05af6862 <==== ATTENTION
Task: {D31A45DB-874D-45A8-8F25-942914C1C83A} - System32\Tasks\ByteFence => C:\Program Files\ByteFence\ByteFence.exe <==== ATTENTION
Shortcut: C:\Users\pc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Int?rn?t ???l?r?r (N? ?dd-?ns).lnk -> C:\Users\pc\AppData\Roaming\HPSewil\SewilStarter2.exe (No File) <==== Cyrillic
Shortcut: C:\Users\pc\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk -> C:\Program Files (x86)\Bookness\Application\chrome.exe (Google Inc.)
Shortcut: C:\Users\pc\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk -> C:\Program Files (x86)\Bookness\Application\chrome.exe (Google Inc.)
Shortcut: C:\Users\pc\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Google Chrome.lnk -> C:\Program Files (x86)\Bookness\Application\chrome.exe (Google Inc.)
Shortcut: C:\Users\pc\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\ed1ff51614c1136e\Google Chrome.lnk -> C:\Program Files (x86)\Bookness\Application\chrome.exe (Google Inc.)
Shortcut: C:\Users\pc\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\69639df789022856\Google Chrome.lnk -> C:\Program Files (x86)\Bookness\Application\chrome.exe (Google Inc.)
Shortcut: C:\Users\pc\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\57c1b4227860d00a\Google Chrome.lnk -> C:\Program Files (x86)\Bookness\Application\chrome.exe (Google Inc.)
Shortcut: C:\Users\pc\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\4c93bcbcf5741ed5\Google Chrome.lnk -> C:\Program Files (x86)\Bookness\Application\chrome.exe (Google Inc.)
Shortcut: C:\Users\pc\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User 360c22b137d62ce9\Google Chrome.lnk -> C:\Program Files (x86)\Bookness\Application\chrome.exe (Google Inc.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\??zill? Fir?f??.lnk -> C:\Users\pc\AppData\Roaming\HPSewil\SewilStarter2.exe (No File) <==== Cyrillic
ShortcutWithArgument: C:\Users\pc\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\c1d1c5711b1e8409\Google Chrome.lnk -> C:\Program Files (x86)\Bookness\Application\chrome.exe (Google Inc.) -> --profile-directory="Profile 1"
HKU\S-1-5-21-2178471484-2396107894-907308686-1000\Software\Classes\regfile: regedit.exe "%1" <==== ATTENTION
MSCONFIG\startupreg: SSMaker2 => "C:\Users\pc\AppData\Roaming\ScreenMaker2\SSMaker.exe"
FirewallRules: [{BDD37019-109E-470E-9BDB-9F0CF7E7CEC4}] => (Allow) C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe
FirewallRules: [{1BDB7E56-D543-4B69-8990-07A39D1B7C32}] => (Allow) C:\Program Files (x86)\GreatMaker\MaohaWiFi\MaohaWifiSvr.exe
FirewallRules: [{6284197F-E01B-4DD9-A76B-3A3E6F723456}] => (Allow) C:\Program Files (x86)\Firefox\bin\FirefoxUpdate.exe
FirewallRules: [TCP Query User{E25B0CD7-B9F3-4F59-9E31-C72355CF4EC3}C:\program files\bytefence\rtop\bin\rtop_bg.exe] => (Block) C:\program files\bytefence\rtop\bin\rtop_bg.exe
FirewallRules: [UDP Query User{3759DCBD-0CB4-4FAB-9B66-1689F357ED1C}C:\program files\bytefence\rtop\bin\rtop_bg.exe] => (Block) C:\program files\bytefence\rtop\bin\rtop_bg.exe

C:\Program Files\ByteFence
C:\ProgramData\Microsoft\AppV\Setup\Integrator.dll
C:\Windows\AutoKMS
C:\Windows\System32\Tasks\db66fb0661a3d0c2a460619494d6f006
C:\Program Files (x86)\MSBuild
C:\Program Files (x86)\Bookness
C:\Users\pc\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\c1d1c5711b1e8409

2018-02-23 17:54 - 2018-02-23 17:54 - 000000000 _____ () C:\Users\pc\AppData\Local\Temp\tpdg.exe
2018-02-23 17:54 - 2018-02-23 17:54 - 000000000 _____ () C:\Users\pc\AppData\Local\Temp\winhpvwos.exe
2018-02-23 17:54 - 2018-02-23 17:54 - 000000000 _____ () C:\Users\pc\AppData\Local\Temp\winogsrld.exe
2018-02-23 17:55 - 2018-02-23 17:55 - 000000000 _____ () C:\Users\pc\AppData\Local\Temp\winsatk.exe

End
*****************

Restore point was successfully created.
Processes closed successfully.
"HKU\S-1-5-21-2178471484-2396107894-907308686-1000\Software\Microsoft\Windows\CurrentVersion\Policies\system\\DisableTaskMgr" => removed successfully
C:\Windows\system32\GroupPolicy\Machine => moved successfully
C:\Windows\system32\GroupPolicy\GPT.ini => moved successfully
C:\Windows\SysWOW64\GroupPolicy\GPT.ini => moved successfully
C:\Windows\system32\GroupPolicy\User => moved successfully
"HKU\S-1-5-21-2178471484-2396107894-907308686-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope" => removed successfully
C:\Users\pc\AppData\Roaming\Firefox\Firefox\naweriweentcofise\Profiles\3o1cy6xm.default\Profiles\3o1cy6xm.default => path removed successfully
C:\Users\pc\AppData\Roaming\Firefox\Firefox\naweriweentcofise\Profiles\3o1cy6xm.default\Profiles\3o1cy6xm.default => path removed successfully
C:\Users\pc\AppData\Roaming\Firefox\Firefox\naweriweentcofise\Profiles\3o1cy6xm.default\Profiles\3o1cy6xm.default => path removed successfully
C:\Users\pc\AppData\Roaming\Mozilla\Firefox\Profiles\3o1cy6xm.default\Extensions\{7b8a500a-a464-4624-bd4f-73eaafe0f766} => moved successfully
C:\Users\pc\AppData\Roaming\Mozilla\Firefox\Profiles\3o1cy6xm.default\Extensions\{7b8a500a-a464-4624-bd4f-73eaafe0f766} => path removed successfully
C:\Users\pc\AppData\Roaming\Firefox\Firefox\Profiles\3o1cy6xm.default\Extensions\{7b8a500a-a464-4624-bd4f-73eaafe0f766} => moved successfully
C:\Users\pc\AppData\Roaming\Firefox\Firefox\Profiles\3o1cy6xm.default\Extensions\{7b8a500a-a464-4624-bd4f-73eaafe0f766} => path removed successfully
C:\Users\pc\AppData\Roaming\Firefox\Firefox\Profiles\3o1cy6xm.default\searchplugins\startsearch.xml => moved successfully
"Chrome HomePage" => removed successfully
"Chrome StartupUrls" => removed successfully
CHR Extension: (Video Ad Blocker Plus) - C:\Users\pc\AppData\Local\Google\Chrome\User Data\Default\Extensions\hegneaniplmfjcmohoclabblbahcbjoe [2016-09-22] => Error: No automatic fix found for this entry.
"HKU\S-1-5-21-2178471484-2396107894-907308686-1000\SOFTWARE\Google\Chrome\Extensions\hegneaniplmfjcmohoclabblbahcbjoe" => removed successfully
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\hegneaniplmfjcmohoclabblbahcbjoe" => removed successfully
"HKLM\System\CurrentControlSet\Services\ByteFenceService" => removed successfully
ByteFenceService => service removed successfully
"HKLM\System\CurrentControlSet\Services\rtop" => removed successfully
rtop => service removed successfully
"HKLM\System\CurrentControlSet\Services\WinInstallSvc" => removed successfully
WinInstallSvc => service removed successfully
"HKLM\System\CurrentControlSet\Services\catchme" => removed successfully
catchme => service removed successfully
"HKLM\System\CurrentControlSet\Services\p1481556716am" => removed successfully
p1481556716am => service removed successfully
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\KzShlobj" => removed successfully
HKLM\Software\Classes\CLSID\{AAA0C5B8-933F-4200-93AD-B143D7FFF9F2} => key not found
HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\KuaiZipShlExt => invalid subkey removed.
HKLM\Software\Classes\CLSID\{6ADF19E3-77A3-4395-ADB4-9FD7D351EB3E} => key not found
"HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\ContextMenuExt" => removed successfully
HKLM\Software\Classes\CLSID\{6ADF19E3-77A3-4395-ADB4-9FD7D351EB3E} => key not found
HKLM\Software\Classes\Drive\ShellEx\ContextMenuHandlers\KuaiZipShlExt => invalid subkey removed.
HKLM\Software\Classes\CLSID\{6ADF19E3-77A3-4395-ADB4-9FD7D351EB3E} => key not found
HKLM\Software\Classes\Directory\ShellEx\ContextMenuHandlers\KuaiZipShlExt => invalid subkey removed.
HKLM\Software\Classes\CLSID\{6ADF19E3-77A3-4395-ADB4-9FD7D351EB3E} => key not found
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{501D855A-666A-4AC3-8FCC-079B4B4390DB}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{501D855A-666A-4AC3-8FCC-079B4B4390DB}" => removed successfully
C:\Windows\System32\Tasks\AutoKMS => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\AutoKMS" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B1BE2B7A-1B68-4750-B063-070B25BF452D}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B1BE2B7A-1B68-4750-B063-070B25BF452D}" => removed successfully
C:\Windows\System32\Tasks\db66fb0661a3d0c2a460619494d6f006 => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\db66fb0661a3d0c2a460619494d6f006" => removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{D31A45DB-874D-45A8-8F25-942914C1C83A} => could not remove key. ErrorCode1: 0x00000002
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D31A45DB-874D-45A8-8F25-942914C1C83A} => could not remove key. ErrorCode1: 0x00000002
C:\Windows\System32\Tasks\ByteFence => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ByteFence => could not remove key. ErrorCode1: 0x00000002
"C:\Users\pc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Int?rn?t ???l?r?r (N? ?dd-?ns).lnk" => Could not move.
"C:\Users\pc\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk" => Could not move.
"C:\Users\pc\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk" => Could not move.
"C:\Users\pc\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Google Chrome.lnk" => Could not move.
"C:\Users\pc\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\ed1ff51614c1136e\Google Chrome.lnk" => Could not move.
"C:\Users\pc\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\69639df789022856\Google Chrome.lnk" => Could not move.
"C:\Users\pc\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\57c1b4227860d00a\Google Chrome.lnk" => Could not move.
"C:\Users\pc\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\4c93bcbcf5741ed5\Google Chrome.lnk" => Could not move.
"C:\Users\pc\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User 360c22b137d62ce9\Google Chrome.lnk" => not found
"C:\ProgramData\Microsoft\Windows\Start Menu\Programs\??zill? Fir?f??.lnk" => Could not move.
C:\Users\pc\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\c1d1c5711b1e8409\Google Chrome.lnk => Shortcut argument removed successfully
"HKU\S-1-5-21-2178471484-2396107894-907308686-1000\Software\Classes\regfile" => removed successfully
"HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SSMaker2" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{BDD37019-109E-470E-9BDB-9F0CF7E7CEC4}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{1BDB7E56-D543-4B69-8990-07A39D1B7C32}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{6284197F-E01B-4DD9-A76B-3A3E6F723456}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{E25B0CD7-B9F3-4F59-9E31-C72355CF4EC3}C:\program files\bytefence\rtop\bin\rtop_bg.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{3759DCBD-0CB4-4FAB-9B66-1689F357ED1C}C:\program files\bytefence\rtop\bin\rtop_bg.exe" => removed successfully
C:\Program Files\ByteFence => moved successfully
C:\ProgramData\Microsoft\AppV\Setup\Integrator.dll => moved successfully
C:\Windows\AutoKMS => moved successfully
"C:\Windows\System32\Tasks\db66fb0661a3d0c2a460619494d6f006" => not found
C:\Program Files (x86)\MSBuild => moved successfully
C:\Program Files (x86)\Bookness => moved successfully
C:\Users\pc\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\c1d1c5711b1e8409 => moved successfully
"C:\Users\pc\AppData\Local\Temp\tpdg.exe" => not found
"C:\Users\pc\AppData\Local\Temp\winhpvwos.exe" => not found
"C:\Users\pc\AppData\Local\Temp\winogsrld.exe" => not found
"C:\Users\pc\AppData\Local\Temp\winsatk.exe" => not found

=========== EmptyTemp: ==========

BITS transfer queue => 0 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 17022178 B
Java, Flash, Steam htmlcache => 5293 B
Windows/system/drivers => 4798119 B
Edge => 0 B
Chrome => 1109240773 B
Firefox => 413907158 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Users => 0 B
Default => 0 B
Public => 0 B
ProgramData => 0 B
systemprofile => 16832 B
systemprofile32 => 97528771 B
LocalService => 0 B
NetworkService => 107750 B
pc => 454560172 B

RecycleBin => 0 B
EmptyTemp: => 2 GB temporary data Removed.

================================

Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 24-02-2018 12:39:15)


Result of scheduled keys to remove after reboot:

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{D31A45DB-874D-45A8-8F25-942914C1C83A}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D31A45DB-874D-45A8-8F25-942914C1C83A}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ByteFence" => removed successfully

==== End of Fixlog 12:39:15 ====



#4 Suleski_n

Suleski_n
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:10:12 PM

Posted 25 February 2018 - 02:25 PM

Malwarebytes log was too long to post as text, so here is a file: Attached File  log.txt   937.91KB   2 downloads

 

And AdwCleaner log:

 

# AdwCleaner 7.0.8.0 - Logfile created on Sun Feb 25 16:45:31 2018
# Updated on 2018/08/02 by Malwarebytes
# Database: 02-23-2018.2
# Running on Windows 7 Home Premium (X64)
# Mode: scan
# Support: https://www.malwarebytes.com/support

***** [ Services ] *****

Adware.Elex, MCSvc
PUP.Optional.Legacy, APPLE_svr


***** [ Folders ] *****

Adware.Elex, C:\Program Files (x86)\Elex-tech
Adware.Elex, C:\Users\pc\AppData\Roaming\Elex-tech
Adware.Elex, C:\Program Files (x86)\amuleC
PUP.Optional.Legacy, C:\Users\pc\AppData\Roaming\Firefox
PUP.Optional.Legacy, C:\ProgramData\iwin games
PUP.Optional.Legacy, C:\ProgramData\Application Data\iwin games
PUP.Optional.Legacy, C:\Users\All Users\iwin games
PUP.Optional.Legacy, C:\Users\pc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\iwin games
PUP.Optional.Legacy, C:\Users\pc\Downloads\Torrentex
PUP.Optional.Legacy, C:\ProgramData\Tencent
PUP.Optional.Legacy, C:\ProgramData\Application Data\Tencent
PUP.Optional.Legacy, C:\Windows\System32\config\systemprofile\AppData\Roaming\Tencent
PUP.Optional.Legacy, C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Tencent
PUP.Optional.Legacy, C:\Users\All Users\Tencent
PUP.Optional.Legacy, C:\Users\pc\AppData\Roaming\Softlink
PUP.Optional.Legacy, C:\Program Files (x86)\YouKu
PUP.Optional.Legacy, C:\Users\pc\AppData\Roaming\aMule
PUP.Optional.UCBrowser, C:\Users\pc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\UC浏览器
PUP.Optional.ByteFence, C:\ProgramData\ByteFence
PUP.Optional.ByteFence, C:\ProgramData\Application Data\ByteFence
PUP.Optional.ByteFence, C:\Users\All Users\ByteFence
PUP.Optional.ByteFence, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ByteFence Anti-Malware
PUP.Optional.Elex, C:\Program Files (x86)\UvConverter
Adware.OnlineIO, C:\Program Files (x86)\Microleaves


***** [ Files ] *****

PUP.Optional.Legacy, C:\Windows\System32\chtbrkg.dll
PUP.Optional.Legacy, C:\Windows\SysWOW64\chtbrkg.dll
PUP.Optional.Legacy, C:\Users\pc\AppData\Roaming\Installer.dat
PUP.Optional.Legacy, C:\Users\All Users\Documents\report.dat
PUP.Optional.Legacy, C:\Users\Public\Documents\report.dat
PUP.Optional.Legacy, C:\Users\All Users\Documents\temp.dat
PUP.Optional.Legacy, C:\Users\Public\Documents\temp.dat
PUP.Optional.Legacy, C:\Users\All Users\Documents\cc.ini
PUP.Optional.Legacy, C:\Users\Public\Documents\cc.ini
PUP.Optional.Legacy, C:\Users\All Users\Documents\cfg.ini
PUP.Optional.Legacy, C:\Users\Public\Documents\cfg.ini
PUP.Optional.Legacy, C:\ProgramData\Apple Computer\iTunes\iPodDevices.dll
PUP.Optional.Legacy, C:\Windows\SysNative\log\iSafeKrnlCall.log
PUP.Optional.Legacy, C:\TOSTACK
PUP.Optional.Legacy, C:\Users\pc\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\UC浏览器.lnk
PUP.Optional.Legacy, C:\Users\pc\AppData\Roaming\Microsoft\Windows\Start Menu\¿ìѹ.lnk
PUP.Optional.Legacy, C:\Users\pc\AppData\Roaming\Mozilla\Firefox\Profiles\3o1cy6xm.default\invalidprefs.js


***** [ DLL ] *****

No malicious DLLs found.

***** [ WMI ] *****

No malicious WMI found.

***** [ Shortcuts ] *****

No malicious shortcuts found.

***** [ Tasks ] *****

No malicious tasks found.

***** [ Registry ] *****

Adware.Elex, [Key] - HKLM\SOFTWARE\Elex-tech
Adware.Elex, [Key] - HKU\S-1-5-21-2178471484-2396107894-907308686-1000\Software\deskapp
Adware.Elex, [Key] - HKCU\Software\deskapp
Adware.Elex, [Key] - HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\services
Adware.Ghokswa, [Key] - HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\services
PUP.Optional.Legacy, [Key] - HKCU\Software\Microsoft\Internet Explorer\DOMStorage\yeabests.cc
PUP.Optional.Legacy, [Key] - HKCU\Software\Microsoft\Internet Explorer\DOMStorage\yeabests.cc
PUP.Optional.Legacy, [Key] - HKU\.DEFAULT\Software\UpgSvr
PUP.Optional.Legacy, [Key] - HKU\S-1-5-21-2178471484-2396107894-907308686-1000\Software\UpgSvr
PUP.Optional.Legacy, [Key] - HKU\S-1-5-18\Software\UpgSvr
PUP.Optional.Legacy, [Key] - HKCU\Software\UpgSvr
PUP.Optional.Legacy, [Key] - HKU\S-1-5-21-2178471484-2396107894-907308686-1000\Software\PopWnd
PUP.Optional.Legacy, [Key] - HKCU\Software\PopWnd
PUP.Optional.Legacy, [Key] - HKU\S-1-5-21-2178471484-2396107894-907308686-1000\Software\APN PIP
PUP.Optional.Legacy, [Key] - HKCU\Software\APN PIP
PUP.Optional.Legacy, [Key] - HKU\S-1-5-21-2178471484-2396107894-907308686-1000\Software\AutoTime
PUP.Optional.Legacy, [Key] - HKCU\Software\AutoTime
PUP.Optional.Legacy, [Key] - HKU\S-1-5-21-2178471484-2396107894-907308686-1000\Software\SNDA
PUP.Optional.Legacy, [Key] - HKCU\Software\SNDA
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\InterHop
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\mylucky123Software
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\amule-custom
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\InterSect Alliance
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\CLSID\{35F4BB37-03C5-41DE-85AF-7C301390C7EC}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\AppID\{3E0DB45B-9FCC-4064-B48C-080BD03A99A4}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\AppID\{C81BED3B-31BD-491F-813D-78EFC2638CE1}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\AppID\{9CC34070-3A38-4C7A-89CB-EF8177EF07A1}
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\F4D5720ABAFF24A489478B171B4CACD3
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\Installer\Features\F4D5720ABAFF24A489478B171B4CACD3
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\Installer\Products\F4D5720ABAFF24A489478B171B4CACD3
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\F39E5917C417B4041A46F88010121C6E
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\Installer\Features\F39E5917C417B4041A46F88010121C6E
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\Installer\Products\F39E5917C417B4041A46F88010121C6E
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\services
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\UCBrowser.exe
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Microsoft\MediaPlayer\ShimInclusionList\UCBrowser.exe
PUP.Optional.Legacy, [Value] - HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost | kuaizipupdatesvc
PUP.Optional.Legacy, [Value] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved | KuaiZip Shell Extension
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\AppID\QZipShell.DLL
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\*\shell\ByteFence File Scan
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\Directory\shell\ByteFence Folder Scan
PUP.Optional.Legacy, [Value] - HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost | ArcherGroupEx
PUP.Optional.Legacy, [Value] - HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost | WinSAPSvc
PUP.Optional.Legacy, [Value] - HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost | GubedZLGroupEx
PUP.Optional.Legacy, [Key] - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\UCBrowser.exe
PUP.Optional.Legacy, [Value] - HKCU\SOFTWARE\Classes\.htm\OpenWithProgids | UCHTML.AssocFile.HTM
PUP.Optional.Legacy, [Value] - HKCU\SOFTWARE\Classes\.html\OpenWithProgids | UCHTML.AssocFile.HTML
PUP.Optional.Legacy, [Value] - HKCU\SOFTWARE\Classes\.mht\OpenWithProgids | UCHTML.AssocFile.MHT
PUP.Optional.Legacy, [Value] - HKCU\SOFTWARE\Classes\.shtm\OpenWithProgids | UCHTML.AssocFile.SHTM
PUP.Optional.Legacy, [Value] - HKCU\SOFTWARE\Classes\.shtml\OpenWithProgids | UCHTML.AssocFile.SHTML
PUP.Optional.Legacy, [Value] - HKCU\SOFTWARE\Classes\.webp\OpenWithProgids | UCHTML.AssocFile.WEBP
PUP.Optional.Legacy, [Value] - HKCU\SOFTWARE\Classes\.xht\OpenWithProgids | UCHTML.AssocFile.XHT
PUP.Optional.Legacy, [Value] - HKCU\SOFTWARE\Classes\.xhtml\OpenWithProgids | UCHTML.AssocFile.XHTML
PUP.Optional.Legacy, [Value] - HKLM\SOFTWARE\Classes\.htm\OpenWithProgids | UCHTML.AssocFile.HTM
PUP.Optional.Legacy, [Value] - HKLM\SOFTWARE\Classes\.html\OpenWithProgids | UCHTML.AssocFile.HTML
PUP.Optional.Legacy, [Value] - HKLM\SOFTWARE\Classes\.mht\OpenWithProgids | UCHTML.AssocFile.MHT
PUP.Optional.Legacy, [Value] - HKLM\SOFTWARE\Classes\.shtm\OpenWithProgids | UCHTML.AssocFile.SHTM
PUP.Optional.Legacy, [Value] - HKLM\SOFTWARE\Classes\.shtml\OpenWithProgids | UCHTML.AssocFile.SHTML
PUP.Optional.Legacy, [Value] - HKLM\SOFTWARE\Classes\.webp\OpenWithProgids | UCHTML.AssocFile.WEBP
PUP.Optional.Legacy, [Value] - HKLM\SOFTWARE\Classes\.xht\OpenWithProgids | UCHTML.AssocFile.XHT
PUP.Optional.Legacy, [Value] - HKLM\SOFTWARE\Classes\.xhtml\OpenWithProgids | UCHTML.AssocFile.XHTML
PUP.Optional.Legacy, [Value] - HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost | GubZLGroEx
PUP.Optional.Legacy, [Key] - HKLM\SYSTEM\CurrentControlSet\Control\iSafeKrnlBoot
PUP.Optional.SlimCleanerPlus, [Key] - HKCU\Software\Microsoft\Internet Explorer\DOMStorage\castplatform.com
PUP.Optional.SlimCleanerPlus, [Key] - HKCU\Software\Microsoft\Internet Explorer\DOMStorage\cdn.castplatform.com
PUP.Optional.ByteFence, [Key] - HKLM\SOFTWARE\ByteFence
PUP.Optional.ByteFence, [Key] - HKU\.DEFAULT\Software\ByteFence
PUP.Optional.ByteFence, [Key] - HKU\S-1-5-21-2178471484-2396107894-907308686-1000\Software\ByteFence
PUP.Optional.ByteFence, [Key] - HKU\S-1-5-18\Software\ByteFence
PUP.Optional.ByteFence, [Key] - HKCU\Software\ByteFence
PUP.Optional.ByteFence, [Key] - HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application
PUP.Optional.ByteFence, [Key] - HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\services
PUP.Optional.ByteFence, [Key] - HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application
PUP.Optional.ByteFence, [Key] - HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\services
PUP.Optional.ByteFence, [Value] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION | ByteFence.exe
PUP.Optional.ByteFence, [Key] - HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Reason\ReasonByteFence
PUP.Optional.ScreenShot, [Key] - HKLM\SOFTWARE\ScreenShot
PUP.Optional.Downloader, [Key] - HKU\S-1-5-21-2178471484-2396107894-907308686-1000\Software\dlr
PUP.Optional.Downloader, [Key] - HKCU\Software\dlr
PUP.Optional.Elex, [Key] - HKLM\SOFTWARE\UvConverter
Adware.FileTour, [Key] - HKU\S-1-5-21-2178471484-2396107894-907308686-1000\Software\Installer
Adware.FileTour, [Key] - HKCU\Software\Installer
Adware.OnlineIO, [Key] - HKLM\SOFTWARE\Microleaves
PUP.Optional.WinSnare, [Value] - HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost | WINSNARE
PUP.Optional.YTAdBlocker, [Key] - HKLM\SOFTWARE\Classes\CLSID\{D42C3A49-ABAF-464B-BBCE-991C3DD395E8}
PUP.Optional.Microleaves, [Value] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders | C:\Program Files (x86)\Microleaves\
PUP.Adware.Heuristic, [Key] - HKLM\SOFTWARE\Classes\UCHTML
PUP.Adware.Heuristic, [Key] - HKLM\SOFTWARE\Classes\UCHTML.AssocFile.CRX
PUP.Adware.Heuristic, [Key] - HKLM\SOFTWARE\Classes\UCHTML.AssocFile.HTM
PUP.Adware.Heuristic, [Key] - HKLM\SOFTWARE\Classes\UCHTML.AssocFile.HTML
PUP.Adware.Heuristic, [Key] - HKLM\SOFTWARE\Classes\UCHTML.AssocFile.MHT
PUP.Adware.Heuristic, [Key] - HKLM\SOFTWARE\Classes\UCHTML.AssocFile.SHTM
PUP.Adware.Heuristic, [Key] - HKLM\SOFTWARE\Classes\UCHTML.AssocFile.SHTML
PUP.Adware.Heuristic, [Key] - HKLM\SOFTWARE\Classes\UCHTML.AssocFile.WEBP
PUP.Adware.Heuristic, [Key] - HKLM\SOFTWARE\Classes\UCHTML.AssocFile.XHT
PUP.Adware.Heuristic, [Key] - HKLM\SOFTWARE\Classes\UCHTML.AssocFile.XHTML


***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries.

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries.

*************************

C:/AdwCleaner/AdwCleaner[S0].txt - [38280 B] - [2017/3/1 21:28:16]


########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt ##########



#5 nasdaq

nasdaq

  • Malware Response Team
  • 39,936 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:05:12 PM

Posted 25 February 2018 - 02:30 PM

Hi,

Did you remove everything that was identified by the AdwCleaner program?

If not please do.

Restart the computer normally after.

It it's still there then run this script.

Lets see what we can find in the Registry.

Farbar Recovery Scan Tool (FRST) - Registry Search
Follow the instructions below to download and execute a Registry search on your system with FRST, and provide the log in your next reply.
  • Right-click on the executable and select Run as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users);
  • Accept the disclaimer by clicking on Yes, and FRST will then do a back-up of your Registry which should take a few seconds;
  • In the Search text area, copy and paste the following:
amule
  • Once done, click on the Search Registry button and wait for FRST to finish the search;
  • On completion, a log will open in Notepad. Copy and paste its content in your next reply;
How is the computer running?

#6 Suleski_n

Suleski_n
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:10:12 PM

Posted 25 February 2018 - 02:45 PM

Hi

 

I did remove everything that was identified by the AdwCleaner.

 

Here's the log you've asked for:

 

Farbar Recovery Scan Tool (x64) Version: 21.02.2018
Ran by pc (25-02-2018 20:39:19)
Running from C:\Users\pc\Downloads
Boot Mode: Normal

================== Search Registry: "amule" ===========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files (x86)\amuleC\locale\pt_PT\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files (x86)\amuleC\locale\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files (x86)\amuleC\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files (x86)\amuleC\locale\et_EE\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files (x86)\amuleC\locale\el\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files (x86)\amuleC\locale\ca\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files (x86)\amuleC\skins\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Users\pc\AppData\Roaming\aMule\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files (x86)\amuleC\locale\de\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files (x86)\amuleC\locale\cs\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files (x86)\amuleC\locale\he\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files (x86)\amuleC\locale\eu\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files (x86)\amuleC\locale\it_CH\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files (x86)\amuleC\docs\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files (x86)\amuleC\locale\it\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files (x86)\amuleC\locale\uk\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files (x86)\amuleC\locale\ar\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files (x86)\amuleC\locale\fr\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files (x86)\amuleC\locale\sq\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files (x86)\amuleC\locale\hu\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files (x86)\amuleC\locale\gl\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files (x86)\amuleC\locale\tr\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files (x86)\amuleC\locale\pt_BR\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files (x86)\amuleC\locale\zh_CN\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files (x86)\amuleC\locale\pl\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files (x86)\amuleC\locale\ko_KR\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files (x86)\amuleC\locale\fi\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files (x86)\amuleC\locale\zh_TW\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files (x86)\amuleC\locale\hr\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files (x86)\amuleC\locale\bg\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files (x86)\amuleC\locale\nn\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files (x86)\amuleC\locale\lt\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files (x86)\amuleC\locale\ru\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files (x86)\amuleC\locale\sv\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files (x86)\amuleC\locale\da\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files (x86)\amuleC\locale\es\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files (x86)\amuleC\locale\nl\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files (x86)\amuleC\locale\ast\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files (x86)\amuleC\locale\ja\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files (x86)\amuleC\locale\en_GB\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files (x86)\amuleC\locale\sl\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Users\pc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\amuleC\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files (x86)\amuleCexx\locale\pt_PT\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files (x86)\amuleCexx\locale\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files (x86)\amuleCexx\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files (x86)\amuleCexx\locale\et_EE\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files (x86)\amuleCexx\locale\el\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files (x86)\amuleCexx\locale\ca\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files (x86)\amuleCexx\skins\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files (x86)\amuleCexx\locale\de\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files (x86)\amuleCexx\locale\cs\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files (x86)\amuleCexx\locale\he\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files (x86)\amuleCexx\locale\eu\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files (x86)\amuleCexx\locale\it_CH\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files (x86)\amuleCexx\docs\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files (x86)\amuleCexx\locale\it\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files (x86)\amuleCexx\locale\uk\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files (x86)\amuleCexx\locale\ar\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files (x86)\amuleCexx\locale\fr\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files (x86)\amuleCexx\locale\sq\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files (x86)\amuleCexx\locale\hu\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files (x86)\amuleCexx\locale\gl\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files (x86)\amuleCexx\locale\tr\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files (x86)\amuleCexx\locale\pt_BR\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files (x86)\amuleCexx\locale\zh_CN\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files (x86)\amuleCexx\locale\pl\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files (x86)\amuleCexx\locale\ko_KR\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files (x86)\amuleCexx\locale\fi\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files (x86)\amuleCexx\locale\zh_TW\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files (x86)\amuleCexx\locale\hr\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files (x86)\amuleCexx\locale\bg\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files (x86)\amuleCexx\locale\nn\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files (x86)\amuleCexx\locale\lt\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files (x86)\amuleCexx\locale\ru\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files (x86)\amuleCexx\locale\sv\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files (x86)\amuleCexx\locale\da\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files (x86)\amuleCexx\locale\es\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files (x86)\amuleCexx\locale\nl\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files (x86)\amuleCexx\locale\ast\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files (x86)\amuleCexx\locale\ja\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files (x86)\amuleCexx\locale\en_GB\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files (x86)\amuleCexx\locale\sl\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files (x86)\amulell\locale\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files (x86)\amulell\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files (x86)\amulell\skins\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files (x86)\amulell\docs\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files (x86)\amulell\locale\pt_PT\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files (x86)\amulell\locale\et_EE\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files (x86)\amulell\locale\el\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files (x86)\amulell\locale\ca\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files (x86)\amulell\locale\de\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files (x86)\amulell\locale\cs\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files (x86)\amulell\locale\he\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files (x86)\amulell\locale\eu\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files (x86)\amulell\locale\it_CH\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files (x86)\amulell\locale\it\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files (x86)\amulell\locale\uk\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files (x86)\amulell\locale\ar\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files (x86)\amulell\locale\fr\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files (x86)\amulell\locale\sq\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files (x86)\amulell\locale\hu\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files (x86)\amulell\locale\gl\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files (x86)\amulell\locale\tr\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files (x86)\amulell\locale\pt_BR\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files (x86)\amulell\locale\zh_CN\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files (x86)\amulell\locale\pl\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files (x86)\amulell\locale\ko_KR\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files (x86)\amulell\locale\fi\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files (x86)\amulell\locale\zh_TW\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files (x86)\amulell\locale\hr\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files (x86)\amulell\locale\bg\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files (x86)\amulell\locale\nn\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files (x86)\amulell\locale\lt\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files (x86)\amulell\locale\ru\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files (x86)\amulell\locale\sv\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files (x86)\amulell\locale\da\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files (x86)\amulell\locale\es\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files (x86)\amulell\locale\nl\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files (x86)\amulell\locale\ast\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files (x86)\amulell\locale\ja\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files (x86)\amulell\locale\en_GB\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files (x86)\amulell\locale\sl\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2178471484-2396107894-907308686-1000\Components\00FB9A59E46A0042C6C43899455D31A3]
"9E2C7D317E80988449FF787E7081E435"="C:\Program Files (x86)\amulell\locale\bg\amule.mo"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2178471484-2396107894-907308686-1000\Components\01B073A6003D63EC39E08DE13EF88278]
"9E2C7D317E80988449FF787E7081E435"="C:\Program Files (x86)\amulell\locale\hu\amule.mo"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2178471484-2396107894-907308686-1000\Components\060D751A7FF798DD00AAE63CE6664476]
"3CADD814C61E2C745BEFF4CBBAE0010D"="C:\Program Files (x86)\amuleC\locale\bg\amule.mo"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2178471484-2396107894-907308686-1000\Components\082CBC1624F4F577FABB6085B30F82D4]
"9E2C7D317E80988449FF787E7081E435"="C:\Program Files (x86)\amulell\skins\gnome.zip"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2178471484-2396107894-907308686-1000\Components\08C0CB0C9E6B1448779547A130ED9D7E]
"1105B7F0CE27D3947AFB45561940E7E8"="C:\Program Files (x86)\amuleCexx\locale\da\amule.mo"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2178471484-2396107894-907308686-1000\Components\091417CD589D17BFFE41F439404564A2]
"3CADD814C61E2C745BEFF4CBBAE0010D"="C:\Users\pc\AppData\Roaming\aMule\logfile"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2178471484-2396107894-907308686-1000\Components\091417CD589D17BFFE41F439404564A2]
"1105B7F0CE27D3947AFB45561940E7E8"="C:\Users\pc\AppData\Roaming\aMule\logfile"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2178471484-2396107894-907308686-1000\Components\091417CD589D17BFFE41F439404564A2]
"9E2C7D317E80988449FF787E7081E435"="C:\Users\pc\AppData\Roaming\aMule\logfile"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2178471484-2396107894-907308686-1000\Components\0C1117DF2309A338CAFBBAA59C858566]
"1105B7F0CE27D3947AFB45561940E7E8"="C:\Program Files (x86)\amuleCexx\amule.ico"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2178471484-2396107894-907308686-1000\Components\0DB094E3D3FC375DEA5959621DDAB55D]
"9E2C7D317E80988449FF787E7081E435"="C:\Program Files (x86)\amulell\docs\license.txt"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2178471484-2396107894-907308686-1000\Components\0F5DD0F1AE6D03A9B5A60E110D68FD30]
"1105B7F0CE27D3947AFB45561940E7E8"="C:\Program Files (x86)\amuleCexx\locale\ru\amule.mo"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2178471484-2396107894-907308686-1000\Components\108C423F27E9E59339070C3E0848764C]
"1105B7F0CE27D3947AFB45561940E7E8"="C:\Program Files (x86)\amuleCexx\locale\en_GB\amule.mo"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2178471484-2396107894-907308686-1000\Components\12F269434CD04347156389953D1DC64B]
"1105B7F0CE27D3947AFB45561940E7E8"="C:\Program Files (x86)\amuleCexx\locale\zh_TW\amule.mo"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2178471484-2396107894-907308686-1000\Components\14AC73E838CA508220E997A0C303214E]
"3CADD814C61E2C745BEFF4CBBAE0010D"="C:\Program Files (x86)\amuleC\locale\sv\amule.mo"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2178471484-2396107894-907308686-1000\Components\152B60BF4F9231CDE271DC54A6C5D500]
"9E2C7D317E80988449FF787E7081E435"="C:\Program Files (x86)\amulell\skins\tango.zip"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2178471484-2396107894-907308686-1000\Components\165A471FE150385B060A42DAC67B9EBD]
"1105B7F0CE27D3947AFB45561940E7E8"="C:\Program Files (x86)\amuleCexx\aMule.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2178471484-2396107894-907308686-1000\Components\16C0F30491F3E7610D9FF0694E9EBD90]
"3CADD814C61E2C745BEFF4CBBAE0010D"="C:\Users\pc\AppData\Roaming\aMule\cryptkey.dat"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2178471484-2396107894-907308686-1000\Components\16C0F30491F3E7610D9FF0694E9EBD90]
"1105B7F0CE27D3947AFB45561940E7E8"="C:\Users\pc\AppData\Roaming\aMule\cryptkey.dat"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2178471484-2396107894-907308686-1000\Components\16C0F30491F3E7610D9FF0694E9EBD90]
"9E2C7D317E80988449FF787E7081E435"="C:\Users\pc\AppData\Roaming\aMule\cryptkey.dat"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2178471484-2396107894-907308686-1000\Components\17188DA978F61B77564880F79AEBF522]
"1105B7F0CE27D3947AFB45561940E7E8"="C:\Program Files (x86)\amuleCexx\locale\it\amule.mo"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2178471484-2396107894-907308686-1000\Components\198E3650D1831A8556649DFEEBED0FCC]
"9E2C7D317E80988449FF787E7081E435"="C:\Program Files (x86)\amulell\locale\it\amule.mo"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2178471484-2396107894-907308686-1000\Components\1AB32D8C4BC484AA05F677A2C7E95DE6]
"3CADD814C61E2C745BEFF4CBBAE0010D"="C:\Program Files (x86)\amuleC\ed2k.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2178471484-2396107894-907308686-1000\Components\1ABB78DAF5D90FBAA30D85E6791B4C28]
"1105B7F0CE27D3947AFB45561940E7E8"="C:\Program Files (x86)\amuleCexx\skins\kde4.zip"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2178471484-2396107894-907308686-1000\Components\1B2166C8AEBF6C21BBF76062785B96C6]
"9E2C7D317E80988449FF787E7081E435"="C:\Program Files (x86)\amulell\locale\tr\amule.mo"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2178471484-2396107894-907308686-1000\Components\1B5529CE4CFF33C3C28771946D56C7BE]
"1105B7F0CE27D3947AFB45561940E7E8"="C:\Program Files (x86)\amuleCexx\skins\xfce.zip"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2178471484-2396107894-907308686-1000\Components\1B56275EDF932276BE64060476D7D110]
"3CADD814C61E2C745BEFF4CBBAE0010D"="C:\Users\pc\AppData\Roaming\aMule\ipfilter.dat"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2178471484-2396107894-907308686-1000\Components\1B56275EDF932276BE64060476D7D110]
"1105B7F0CE27D3947AFB45561940E7E8"="C:\Users\pc\AppData\Roaming\aMule\ipfilter.dat"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2178471484-2396107894-907308686-1000\Components\1B56275EDF932276BE64060476D7D110]
"9E2C7D317E80988449FF787E7081E435"="C:\Users\pc\AppData\Roaming\aMule\ipfilter.dat"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2178471484-2396107894-907308686-1000\Components\1B98FE5440C41FFFD2E848794B0C6E60]
"3CADD814C61E2C745BEFF4CBBAE0010D"="C:\Program Files (x86)\amuleC\locale\es\amule.mo"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2178471484-2396107894-907308686-1000\Components\1BEF55793A2778645E7F98A6267D0A43]
"1105B7F0CE27D3947AFB45561940E7E8"="C:\Program Files (x86)\amuleCexx\locale\eu\amule.mo"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2178471484-2396107894-907308686-1000\Components\1C4FCC05E26D3D02DB2392F85EFCA39D]
"9E2C7D317E80988449FF787E7081E435"="C:\Program Files (x86)\amulell\skins\xfce.zip"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2178471484-2396107894-907308686-1000\Components\1D0BB1728E8D917114BE816894E404D5]
"1105B7F0CE27D3947AFB45561940E7E8"="C:\Program Files (x86)\amuleCexx\locale\pl\amule.mo"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2178471484-2396107894-907308686-1000\Components\1EB0D09D105CABCB19CAA60EF650CDF2]
"3CADD814C61E2C745BEFF4CBBAE0010D"="C:\Users\pc\AppData\Roaming\aMule\clients.met"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2178471484-2396107894-907308686-1000\Components\1EB0D09D105CABCB19CAA60EF650CDF2]
"1105B7F0CE27D3947AFB45561940E7E8"="C:\Users\pc\AppData\Roaming\aMule\clients.met"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2178471484-2396107894-907308686-1000\Components\1EB0D09D105CABCB19CAA60EF650CDF2]
"9E2C7D317E80988449FF787E7081E435"="C:\Users\pc\AppData\Roaming\aMule\clients.met"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2178471484-2396107894-907308686-1000\Components\1F24CDC7D37DDD94E5E64A6DAA0FF8A2]
"1105B7F0CE27D3947AFB45561940E7E8"="C:\Program Files (x86)\amuleCexx\docs\TODO"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2178471484-2396107894-907308686-1000\Components\201BBF441F3AF77DCE7849159F9FC225]
"3CADD814C61E2C745BEFF4CBBAE0010D"="C:\Program Files (x86)\amuleC\locale\he\amule.mo"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2178471484-2396107894-907308686-1000\Components\2265783AB350FF6FBF0A6FCB7FFC3EBA]
"3CADD814C61E2C745BEFF4CBBAE0010D"="C:\Program Files (x86)\amuleC\skins\priscilla.zip"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2178471484-2396107894-907308686-1000\Components\26639C04B5A8C83570A8BD92ECD74F1E]
"3CADD814C61E2C745BEFF4CBBAE0010D"="C:\Users\pc\AppData\Roaming\aMule\known2_64.met"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2178471484-2396107894-907308686-1000\Components\26639C04B5A8C83570A8BD92ECD74F1E]
"1105B7F0CE27D3947AFB45561940E7E8"="C:\Users\pc\AppData\Roaming\aMule\known2_64.met"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2178471484-2396107894-907308686-1000\Components\26639C04B5A8C83570A8BD92ECD74F1E]
"9E2C7D317E80988449FF787E7081E435"="C:\Users\pc\AppData\Roaming\aMule\known2_64.met"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2178471484-2396107894-907308686-1000\Components\2D11F5121422BEB4CB500641E5B0932C]
"9E2C7D317E80988449FF787E7081E435"="C:\Program Files (x86)\amulell\locale\it_CH\amule.mo"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2178471484-2396107894-907308686-1000\Components\2DEFCBA638B65D330E8ADCC3D8F154C5]
"3CADD814C61E2C745BEFF4CBBAE0010D"="C:\Users\pc\AppData\Roaming\aMule\preferences.dat"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2178471484-2396107894-907308686-1000\Components\2DEFCBA638B65D330E8ADCC3D8F154C5]
"1105B7F0CE27D3947AFB45561940E7E8"="C:\Users\pc\AppData\Roaming\aMule\preferences.dat"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2178471484-2396107894-907308686-1000\Components\2DEFCBA638B65D330E8ADCC3D8F154C5]
"9E2C7D317E80988449FF787E7081E435"="C:\Users\pc\AppData\Roaming\aMule\preferences.dat"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2178471484-2396107894-907308686-1000\Components\324A05D04A902FD34138AD1212A22F91]
"1105B7F0CE27D3947AFB45561940E7E8"="C:\Program Files (x86)\amuleCexx\skins\gnome.zip"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2178471484-2396107894-907308686-1000\Components\33B587F08FFBE3323D7CC3A6E0FDE748]
"3CADD814C61E2C745BEFF4CBBAE0010D"="C:\Program Files (x86)\amuleC\locale\it_CH\amule.mo"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2178471484-2396107894-907308686-1000\Components\39B832E952465E62E1A26678129CD85C]
"9E2C7D317E80988449FF787E7081E435"="C:\Program Files (x86)\amulell\locale\ko_KR\amule.mo"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2178471484-2396107894-907308686-1000\Components\3DD38CDF50F9BA8942AB0C19B7BC76C3]
"3CADD814C61E2C745BEFF4CBBAE0010D"="C:\Program Files (x86)\amuleC\skins\kde4.zip"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2178471484-2396107894-907308686-1000\Components\3EF64958B490A8A813D6FAA9797F3CBB]
"3CADD814C61E2C745BEFF4CBBAE0010D"="C:\Users\pc\AppData\Roaming\aMule\emfriends.met"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2178471484-2396107894-907308686-1000\Components\3EF64958B490A8A813D6FAA9797F3CBB]
"1105B7F0CE27D3947AFB45561940E7E8"="C:\Users\pc\AppData\Roaming\aMule\emfriends.met"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2178471484-2396107894-907308686-1000\Components\3EF64958B490A8A813D6FAA9797F3CBB]
"9E2C7D317E80988449FF787E7081E435"="C:\Users\pc\AppData\Roaming\aMule\emfriends.met"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2178471484-2396107894-907308686-1000\Components\3FA0B9F059A54820CB27CBFAF052050B]
"1105B7F0CE27D3947AFB45561940E7E8"="C:\Program Files (x86)\amuleCexx\locale\ja\amule.mo"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2178471484-2396107894-907308686-1000\Components\42CD96D6C2D937962FE7ACC8B63D4E19]
"3CADD814C61E2C745BEFF4CBBAE0010D"="C:\Program Files (x86)\amuleC\locale\gl\amule.mo"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2178471484-2396107894-907308686-1000\Components\44E10F7B65FFBDC6F2C7EC961CC4E6FF]
"3CADD814C61E2C745BEFF4CBBAE0010D"="C:\Program Files (x86)\amuleC\skins\Mac_Gray.zip"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2178471484-2396107894-907308686-1000\Components\47777C87A7B3477ECA4466B00713FB4D]
"3CADD814C61E2C745BEFF4CBBAE0010D"="C:\Program Files (x86)\amuleC\docs\TODO"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2178471484-2396107894-907308686-1000\Components\480C9464A59DAC010EE8C2F8DE76BF89]
"9E2C7D317E80988449FF787E7081E435"="C:\Program Files (x86)\amulell\locale\nl\amule.mo"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2178471484-2396107894-907308686-1000\Components\483D712C01576A1009B4191E5E66C3DF]
"9E2C7D317E80988449FF787E7081E435"="C:\Program Files (x86)\amulell\locale\el\amule.mo"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2178471484-2396107894-907308686-1000\Components\489FF9682EB57A84615966EBA1FC39F8]
"9E2C7D317E80988449FF787E7081E435"="C:\Program Files (x86)\amulell\docs\amulesig.txt"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2178471484-2396107894-907308686-1000\Components\48AFA3CEAA852FD44C1A8D0E9A4E67A2]
"3CADD814C61E2C745BEFF4CBBAE0010D"="C:\Program Files (x86)\amuleC\docs\README.txt"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2178471484-2396107894-907308686-1000\Components\48FEE1B6A36C5DD1621E27E7FDB5D7C1]
"3CADD814C61E2C745BEFF4CBBAE0010D"="C:\Program Files (x86)\amuleC\aMule.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2178471484-2396107894-907308686-1000\Components\4B1A85EE0B1113F03A43F3633FC1097E]
"3CADD814C61E2C745BEFF4CBBAE0010D"="C:\Program Files (x86)\amuleC\locale\et_EE\amule.mo"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2178471484-2396107894-907308686-1000\Components\4C1B6FF423138DF0B78456F96D528F47]
"9E2C7D317E80988449FF787E7081E435"="C:\Program Files (x86)\amulell\docs\TODO"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2178471484-2396107894-907308686-1000\Components\50C3E8F161115450BC95D4A867239412]
"3CADD814C61E2C745BEFF4CBBAE0010D"="C:\Program Files (x86)\amuleC\amule.ico"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2178471484-2396107894-907308686-1000\Components\52CF5F71D2CA50F19B0B5B5B94FB083E]
"3CADD814C61E2C745BEFF4CBBAE0010D"="C:\Users\pc\AppData\Roaming\aMule\shareddir.dat"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2178471484-2396107894-907308686-1000\Components\52CF5F71D2CA50F19B0B5B5B94FB083E]
"1105B7F0CE27D3947AFB45561940E7E8"="C:\Users\pc\AppData\Roaming\aMule\shareddir.dat"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2178471484-2396107894-907308686-1000\Components\52CF5F71D2CA50F19B0B5B5B94FB083E]
"9E2C7D317E80988449FF787E7081E435"="C:\Users\pc\AppData\Roaming\aMule\shareddir.dat"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2178471484-2396107894-907308686-1000\Components\52D75EA87C85BB8A4C0BAC60630A2B6C]
"9E2C7D317E80988449FF787E7081E435"="C:\Program Files (x86)\amulell\locale\pt_BR\amule.mo"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2178471484-2396107894-907308686-1000\Components\5463491B4A5EB719724C1F03181EC411]
"3CADD814C61E2C745BEFF4CBBAE0010D"="C:\Program Files (x86)\amuleC\docs\amulesig.txt"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2178471484-2396107894-907308686-1000\Components\568C92DEE3477E4779A6890429FBD64A]
"9E2C7D317E80988449FF787E7081E435"="C:\Program Files (x86)\amulell\locale\da\amule.mo"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2178471484-2396107894-907308686-1000\Components\57B055120139CB95AF199D0A322754B9]
"3CADD814C61E2C745BEFF4CBBAE0010D"="C:\Program Files (x86)\amuleC\locale\ja\amule.mo"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2178471484-2396107894-907308686-1000\Components\59B4D207395CA9C5CE97266E0E7FACA7]
"9E2C7D317E80988449FF787E7081E435"="C:\Program Files (x86)\amulell\locale\hr\amule.mo"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2178471484-2396107894-907308686-1000\Components\5A0C62E5E28110ECD79357EC7B28CE06]
"3CADD814C61E2C745BEFF4CBBAE0010D"="C:\Users\pc\AppData\Roaming\aMule\known.met"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2178471484-2396107894-907308686-1000\Components\5A0C62E5E28110ECD79357EC7B28CE06]
"1105B7F0CE27D3947AFB45561940E7E8"="C:\Users\pc\AppData\Roaming\aMule\known.met"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2178471484-2396107894-907308686-1000\Components\5A0C62E5E28110ECD79357EC7B28CE06]
"9E2C7D317E80988449FF787E7081E435"="C:\Users\pc\AppData\Roaming\aMule\known.met"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2178471484-2396107894-907308686-1000\Components\5CF89A9EE955742B4ECD8C43467A6A16]
"1105B7F0CE27D3947AFB45561940E7E8"="C:\Program Files (x86)\amuleCexx\docs\EC_Protocol.txt"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2178471484-2396107894-907308686-1000\Components\5D392A9BA37FE0D9702757B546DA5F3D]
"1105B7F0CE27D3947AFB45561940E7E8"="C:\Program Files (x86)\amuleCexx\locale\tr\amule.mo"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2178471484-2396107894-907308686-1000\Components\5DB9B9FDCF29176B4A3E145BD7B90B2F]
"3CADD814C61E2C745BEFF4CBBAE0010D"="C:\Users\pc\AppData\Roaming\aMule\lastversion"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2178471484-2396107894-907308686-1000\Components\5DB9B9FDCF29176B4A3E145BD7B90B2F]
"1105B7F0CE27D3947AFB45561940E7E8"="C:\Users\pc\AppData\Roaming\aMule\lastversion"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2178471484-2396107894-907308686-1000\Components\5DB9B9FDCF29176B4A3E145BD7B90B2F]
"9E2C7D317E80988449FF787E7081E435"="C:\Users\pc\AppData\Roaming\aMule\lastversion"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2178471484-2396107894-907308686-1000\Components\5DE463530DC0651778083E7889C1BFF4]
"9E2C7D317E80988449FF787E7081E435"="C:\Program Files (x86)\amulell\locale\nn\amule.mo"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2178471484-2396107894-907308686-1000\Components\5EE356F4C55B21C26C9E01200E6F3518]
"3CADD814C61E2C745BEFF4CBBAE0010D"="C:\Program Files (x86)\amuleC\locale\tr\amule.mo"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2178471484-2396107894-907308686-1000\Components\60A6B9D192517F997EB8BBE414BE44A4]
"9E2C7D317E80988449FF787E7081E435"="C:\Program Files (x86)\amulell\docs\Changelog.txt"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2178471484-2396107894-907308686-1000\Components\623AA854AD18C033FC89E8D2A6F235DC]
"9E2C7D317E80988449FF787E7081E435"="C:\Program Files (x86)\amulell\locale\he\amule.mo"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2178471484-2396107894-907308686-1000\Components\640E8EC1CBCD74CCCBCFEE356E57250C]
"1105B7F0CE27D3947AFB45561940E7E8"="C:\Program Files (x86)\amuleCexx\locale\ar\amule.mo"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2178471484-2396107894-907308686-1000\Components\656ED6D414C0D18CEDB2711BF6150B15]
"1105B7F0CE27D3947AFB45561940E7E8"="C:\Program Files (x86)\amuleCexx\docs\AUTHORS.txt"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2178471484-2396107894-907308686-1000\Components\66A3A12EC88C6762A5951FC8D056D507]
"3CADD814C61E2C745BEFF4CBBAE0010D"="C:\Users\pc\AppData\Roaming\aMule\server.met"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2178471484-2396107894-907308686-1000\Components\66A3A12EC88C6762A5951FC8D056D507]
"1105B7F0CE27D3947AFB45561940E7E8"="C:\Users\pc\AppData\Roaming\aMule\server.met"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2178471484-2396107894-907308686-1000\Components\66A3A12EC88C6762A5951FC8D056D507]
"9E2C7D317E80988449FF787E7081E435"="C:\Users\pc\AppData\Roaming\aMule\server.met"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2178471484-2396107894-907308686-1000\Components\67418ACCF1E3018F5C1F2737C9536FD5]
"3CADD814C61E2C745BEFF4CBBAE0010D"="C:\Program Files (x86)\amuleC\locale\cs\amule.mo"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2178471484-2396107894-907308686-1000\Components\6822919D0E3B274AFFE3EBD123E4C72A]
"9E2C7D317E80988449FF787E7081E435"="C:\Program Files (x86)\amulell\docs\EC_Protocol.txt"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2178471484-2396107894-907308686-1000\Components\69A01FE53B6DA6BB0E5F6FB289FEF68A]
"1105B7F0CE27D3947AFB45561940E7E8"="C:\Program Files (x86)\amuleCexx\locale\de\amule.mo"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2178471484-2396107894-907308686-1000\Components\6A2C63A4EC815D44007110049B8686FD]
"3CADD814C61E2C745BEFF4CBBAE0010D"="C:\Program Files (x86)\amuleC\locale\zh_CN\amule.mo"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2178471484-2396107894-907308686-1000\Components\6BEF29B8BFF602C1B1F1886B0F1EFA28]
"3CADD814C61E2C745BEFF4CBBAE0010D"="C:\Program Files (x86)\amuleC\locale\sq\amule.mo"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2178471484-2396107894-907308686-1000\Components\6C6AB7CB79E3D229DE777A573FC17D89]
"9E2C7D317E80988449FF787E7081E435"="C:\Program Files (x86)\amulell\skins\Mac_Gray.zip"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2178471484-2396107894-907308686-1000\Components\6C84BCCB56C80E904F168AC72BA0CC8F]
"3CADD814C61E2C745BEFF4CBBAE0010D"="C:\Program Files (x86)\amuleC\locale\ca\amule.mo"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2178471484-2396107894-907308686-1000\Components\6E92991B0D1B91BE81642769533653FA]
"3CADD814C61E2C745BEFF4CBBAE0010D"="C:\Program Files (x86)\amuleC\locale\nl\amule.mo"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2178471484-2396107894-907308686-1000\Components\6EFCBDC344AA9F15619F8B7ADC56A5D4]
"1105B7F0CE27D3947AFB45561940E7E8"="C:\Program Files (x86)\amuleCexx\locale\lt\amule.mo"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2178471484-2396107894-907308686-1000\Components\70434D3C4FA666EB7439DF38E713B8D2]
"9E2C7D317E80988449FF787E7081E435"="C:\Program Files (x86)\amulell\locale\ca\amule.mo"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2178471484-2396107894-907308686-1000\Components\70C1C830667C0EE1C797D207F49AD5E5]
"1105B7F0CE27D3947AFB45561940E7E8"="C:\Program Files (x86)\amuleCexx\locale\el\amule.mo"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2178471484-2396107894-907308686-1000\Components\74F2B29EFB65B577B4675F78982F7F58]
"1105B7F0CE27D3947AFB45561940E7E8"="C:\Program Files (x86)\amuleCexx\locale\ca\amule.mo"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2178471484-2396107894-907308686-1000\Components\754482911FA1F704F90B510BA510C808]
"1105B7F0CE27D3947AFB45561940E7E8"="C:\Program Files (x86)\amuleCexx\locale\nl\amule.mo"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2178471484-2396107894-907308686-1000\Components\75489DB7067AD2FB6CEB32263D085370]
"3CADD814C61E2C745BEFF4CBBAE0010D"="C:\Users\pc\AppData\Roaming\aMule\amule.conf"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2178471484-2396107894-907308686-1000\Components\75489DB7067AD2FB6CEB32263D085370]
"1105B7F0CE27D3947AFB45561940E7E8"="C:\Users\pc\AppData\Roaming\aMule\amule.conf"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2178471484-2396107894-907308686-1000\Components\75489DB7067AD2FB6CEB32263D085370]
"9E2C7D317E80988449FF787E7081E435"="C:\Users\pc\AppData\Roaming\aMule\amule.conf"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2178471484-2396107894-907308686-1000\Components\7731FAE3BBD65BE51A642DD7BDA60661]
"1105B7F0CE27D3947AFB45561940E7E8"="C:\Program Files (x86)\amuleCexx\locale\hr\amule.mo"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2178471484-2396107894-907308686-1000\Components\77A0A046F0C2B5BAC70F676F11D6A1ED]
"3CADD814C61E2C745BEFF4CBBAE0010D"="C:\Program Files (x86)\amuleC\docs\EC_Protocol.txt"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2178471484-2396107894-907308686-1000\Components\77E94499FE3CD0E89F7E97E69A55969C]
"1105B7F0CE27D3947AFB45561940E7E8"="C:\Program Files (x86)\amuleCexx\locale\ko_KR\amule.mo"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2178471484-2396107894-907308686-1000\Components\78E8D611AB94F90B015773F6FC1C0BF5]
"9E2C7D317E80988449FF787E7081E435"="C:\Program Files (x86)\amulell\skins\kde4.zip"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2178471484-2396107894-907308686-1000\Components\79F184906D5FAA2837E31036276D3520]
"3CADD814C61E2C745BEFF4CBBAE0010D"="C:\Program Files (x86)\amuleC\locale\hu\amule.mo"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2178471484-2396107894-907308686-1000\Components\7AB3CF5644132D0B6E3CE72A8BB3D37A]
"3CADD814C61E2C745BEFF4CBBAE0010D"="C:\Program Files (x86)\amuleC\locale\it\amule.mo"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2178471484-2396107894-907308686-1000\Components\7AE6D610B524BB34CF870C6A9E00C3D0]
"9E2C7D317E80988449FF787E7081E435"="C:\Program Files (x86)\amulell\locale\zh_CN\amule.mo"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2178471484-2396107894-907308686-1000\Components\7C1DEB23D24CFFE42995C48A6E0DB5A8]
"1105B7F0CE27D3947AFB45561940E7E8"="C:\Program Files (x86)\amuleCexx\ed2k.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2178471484-2396107894-907308686-1000\Components\7CCB6916A580264A45D9ADA27470B8F7]
"9E2C7D317E80988449FF787E7081E435"="C:\Program Files (x86)\amulell\docs\README.txt"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2178471484-2396107894-907308686-1000\Components\7EE8936B0344A484FD8827F5B221C3D9]
"1105B7F0CE27D3947AFB45561940E7E8"="C:\Program Files (x86)\amuleCexx\locale\ast\amule.mo"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2178471484-2396107894-907308686-1000\Components\80E98FD9D994195F9413549D0CDE0A48]
"1105B7F0CE27D3947AFB45561940E7E8"="C:\Program Files (x86)\amuleCexx\locale\hu\amule.mo"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2178471484-2396107894-907308686-1000\Components\819F2BBA6DFF9D152436A978134779FA]
"3CADD814C61E2C745BEFF4CBBAE0010D"="C:\Program Files (x86)\amuleC\locale\ko_KR\amule.mo"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2178471484-2396107894-907308686-1000\Components\82858434C9522BF95A52B85AF7CAF8B4]
"1105B7F0CE27D3947AFB45561940E7E8"="C:\Program Files (x86)\amuleCexx\locale\nn\amule.mo"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2178471484-2396107894-907308686-1000\Components\832036B32D5536B9504F08E96CF150BD]
"1105B7F0CE27D3947AFB45561940E7E8"="C:\Program Files (x86)\amuleCexx\skins\priscilla.zip"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2178471484-2396107894-907308686-1000\Components\84087AD75FAD9040F39B752C5791A389]
"9E2C7D317E80988449FF787E7081E435"="C:\Program Files (x86)\amulell\locale\ast\amule.mo"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2178471484-2396107894-907308686-1000\Components\8444413BBB23CA86DEF4B0DFE8DBBFE0]
"9E2C7D317E80988449FF787E7081E435"="C:\Program Files (x86)\amulell\locale\pt_PT\amule.mo"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2178471484-2396107894-907308686-1000\Components\84D706D7A34527F07695465EB1755364]
"3CADD814C61E2C745BEFF4CBBAE0010D"="C:\Program Files (x86)\amuleC\docs\Changelog.txt"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2178471484-2396107894-907308686-1000\Components\8649C6E61720F5E9611756CD5ADB918C]
"3CADD814C61E2C745BEFF4CBBAE0010D"="C:\Program Files (x86)\amuleC\locale\fi\amule.mo"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2178471484-2396107894-907308686-1000\Components\89E14BADC7B29D43C64B37EF177F4B4A]
"9E2C7D317E80988449FF787E7081E435"="C:\Program Files (x86)\amulell\docs\AUTHORS.txt"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2178471484-2396107894-907308686-1000\Components\8A715DF4C2D69FD6359321DFE0BA6FBA]
"9E2C7D317E80988449FF787E7081E435"="C:\Program Files (x86)\amulell\locale\ja\amule.mo"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2178471484-2396107894-907308686-1000\Components\8F9591228DBDE90972A342FB1C2DE654]
"1105B7F0CE27D3947AFB45561940E7E8"="C:\Program Files (x86)\amuleCexx\locale\it_CH\amule.mo"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2178471484-2396107894-907308686-1000\Components\936563F2143659636BFE2EDB99D72560]
"3CADD814C61E2C745BEFF4CBBAE0010D"="C:\Program Files (x86)\amuleC\locale\da\amule.mo"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2178471484-2396107894-907308686-1000\Components\9451BB29A111BD1481D6364B1A102882]
"1105B7F0CE27D3947AFB45561940E7E8"="C:\Program Files (x86)\amuleCexx\skins\Mac_Gray.zip"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2178471484-2396107894-907308686-1000\Components\94CE0AF6E5E5EC775388942C15558DFC]
"3CADD814C61E2C745BEFF4CBBAE0010D"="C:\Program Files (x86)\amuleC\locale\pt_BR\amule.mo"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2178471484-2396107894-907308686-1000\Components\94F58F8380F9C2C272A877E8789EF27A]
"1105B7F0CE27D3947AFB45561940E7E8"="C:\Program Files (x86)\amuleCexx\locale\uk\amule.mo"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2178471484-2396107894-907308686-1000\Components\95AAC9F702F4DE0D6D5F7A1B64E1CB19]
"1105B7F0CE27D3947AFB45561940E7E8"="C:\Program Files (x86)\amuleCexx\locale\pt_PT\amule.mo"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2178471484-2396107894-907308686-1000\Components\9730A8FEF7B5D1FDD07154A3D97AE544]
"1105B7F0CE27D3947AFB45561940E7E8"="C:\Program Files (x86)\amuleCexx\locale\sl\amule.mo"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2178471484-2396107894-907308686-1000\Components\976739163F59336088C747E7846E52FE]
"3CADD814C61E2C745BEFF4CBBAE0010D"="C:\Program Files (x86)\amuleC\locale\en_GB\amule.mo"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2178471484-2396107894-907308686-1000\Components\9A06B67C5B71E0229D9DB3DA9F413DCE]
"3CADD814C61E2C745BEFF4CBBAE0010D"="C:\Program Files (x86)\amuleC\locale\el\amule.mo"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2178471484-2396107894-907308686-1000\Components\9A6455FDD581C76AD09A05E628B3C3D7]
"3CADD814C61E2C745BEFF4CBBAE0010D"="C:\Program Files (x86)\amuleC\locale\ru\amule.mo"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2178471484-2396107894-907308686-1000\Components\9A7393D03D5504AABA95BC63FF69FC90]
"3CADD814C61E2C745BEFF4CBBAE0010D"="C:\Program Files (x86)\amuleC\locale\pl\amule.mo"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2178471484-2396107894-907308686-1000\Components\9C120315A7156580960C9F262D9AE4D6]
"9E2C7D317E80988449FF787E7081E435"="C:\Program Files (x86)\amulell\locale\zh_TW\amule.mo"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2178471484-2396107894-907308686-1000\Components\9CF2CFE615B5F0D8A197A03F6773E210]
"1105B7F0CE27D3947AFB45561940E7E8"="C:\Program Files (x86)\amuleCexx\skins\tango.zip"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2178471484-2396107894-907308686-1000\Components\9F3600890788BC092D45407A1FE60E45]
"3CADD814C61E2C745BEFF4CBBAE0010D"="C:\Program Files (x86)\amuleC\skins\tango.zip"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2178471484-2396107894-907308686-1000\Components\9FD83729CF1244BCE8419A4A2E34F935]
"9E2C7D317E80988449FF787E7081E435"="C:\Program Files (x86)\amulell\locale\eu\amule.mo"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2178471484-2396107894-907308686-1000\Components\A028A52D5EB21E87F5CF688AF2DAF526]
"9E2C7D317E80988449FF787E7081E435"="C:\Program Files (x86)\amulell\locale\gl\amule.mo"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2178471484-2396107894-907308686-1000\Components\A033566AE8736F429AA751222CC12B44]
"9E2C7D317E80988449FF787E7081E435"="C:\Program Files (x86)\amulell\locale\fi\amule.mo"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2178471484-2396107894-907308686-1000\Components\A10F67DDF71B685DA5131EA3147961B7]
"3CADD814C61E2C745BEFF4CBBAE0010D"="C:\Program Files (x86)\amuleC\locale\de\amule.mo"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2178471484-2396107894-907308686-1000\Components\A18938C1B189405A26B533F56B311843]
"3CADD814C61E2C745BEFF4CBBAE0010D"="C:\Program Files (x86)\amuleC\locale\fr\amule.mo"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2178471484-2396107894-907308686-1000\Components\A4174B2F749380D522F84E050D97B8AC]
"3CADD814C61E2C745BEFF4CBBAE0010D"="C:\Program Files (x86)\amuleC\locale\uk\amule.mo"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2178471484-2396107894-907308686-1000\Components\A58702048FD4B5E1601464717325024F]
"9E2C7D317E80988449FF787E7081E435"="C:\Program Files (x86)\amulell\locale\es\amule.mo"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2178471484-2396107894-907308686-1000\Components\A60204715FE6CAB2231791F32FB34902]
"1105B7F0CE27D3947AFB45561940E7E8"="C:\Program Files (x86)\amuleCexx\locale\pt_BR\amule.mo"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2178471484-2396107894-907308686-1000\Components\A60DF2E93D729BE982FDE4F8ABB51590]
"9E2C7D317E80988449FF787E7081E435"="C:\Program Files (x86)\amulell\locale\cs\amule.mo"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2178471484-2396107894-907308686-1000\Components\A6FD944439514B463EF2C54C11F2892D]
"9E2C7D317E80988449FF787E7081E435"="C:\Program Files (x86)\amulell\locale\uk\amule.mo"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2178471484-2396107894-907308686-1000\Components\A8D65762DB264D5B790028D4ECE066D5]
"3CADD814C61E2C745BEFF4CBBAE0010D"="C:\Program Files (x86)\amuleC\docs\AUTHORS.txt"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2178471484-2396107894-907308686-1000\Components\A9E69FED7C7E48F3D322AD5272341DF5]
"3CADD814C61E2C745BEFF4CBBAE0010D"="C:\Program Files (x86)\amuleC\locale\sl\amule.mo"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2178471484-2396107894-907308686-1000\Components\AA83220C91139C325CDF299BBE817882]
"9E2C7D317E80988449FF787E7081E435"="C:\Program Files (x86)\amulell\locale\en_GB\amule.mo"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2178471484-2396107894-907308686-1000\Components\ACDE2121DCC5556D8FA69FD102E14D20]
"3CADD814C61E2C745BEFF4CBBAE0010D"="C:\Program Files (x86)\amuleC\locale\nn\amule.mo"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2178471484-2396107894-907308686-1000\Components\AF27465CAF64CC1DB5585E950BF1F843]
"3CADD814C61E2C745BEFF4CBBAE0010D"="C:\Program Files (x86)\amuleC\skins\xfce.zip"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2178471484-2396107894-907308686-1000\Components\B59D45F82EC4E083616592C040073FEF]
"1105B7F0CE27D3947AFB45561940E7E8"="C:\Program Files (x86)\amuleCexx\locale\bg\amule.mo"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2178471484-2396107894-907308686-1000\Components\B77DC5046FE0E6D4932558910C506F88]
"1105B7F0CE27D3947AFB45561940E7E8"="C:\Program Files (x86)\amuleCexx\docs\Changelog.txt"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2178471484-2396107894-907308686-1000\Components\B8674F69426F4A88974AE11F8A59F5F3]
"1105B7F0CE27D3947AFB45561940E7E8"="C:\Program Files (x86)\amuleCexx\locale\cs\amule.mo"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2178471484-2396107894-907308686-1000\Components\BAEF8399D9CFCFA616C6B0C64AF60C16]
"1105B7F0CE27D3947AFB45561940E7E8"="C:\Program Files (x86)\amuleCexx\locale\es\amule.mo"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2178471484-2396107894-907308686-1000\Components\BCA4CCCFE1F41DBC7605BC0A93EAD6F0]
"3CADD814C61E2C745BEFF4CBBAE0010D"="C:\Program Files (x86)\amuleC\locale\ar\amule.mo"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2178471484-2396107894-907308686-1000\Components\BF0CE81A33CCB1A2518767758D99D655]
"1105B7F0CE27D3947AFB45561940E7E8"="C:\Program Files (x86)\amuleCexx\locale\he\amule.mo"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2178471484-2396107894-907308686-1000\Components\C174F15F9C2F6D4214F74A26D3108E50]
"3CADD814C61E2C745BEFF4CBBAE0010D"="C:\Program Files (x86)\amuleC\locale\lt\amule.mo"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2178471484-2396107894-907308686-1000\Components\C1B5968B4C82B2661E34AF2A68058696]
"1105B7F0CE27D3947AFB45561940E7E8"="C:\Program Files (x86)\amuleCexx\locale\fr\amule.mo"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2178471484-2396107894-907308686-1000\Components\C6B931DD3D04EA7D9238F4FF242355F3]
"1105B7F0CE27D3947AFB45561940E7E8"="C:\Program Files (x86)\amuleCexx\locale\fi\amule.mo"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2178471484-2396107894-907308686-1000\Components\C8B86376095CDD569DD101CF2FA2D196]
"3CADD814C61E2C745BEFF4CBBAE0010D"="C:\Program Files (x86)\amuleC\docs\license.txt"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2178471484-2396107894-907308686-1000\Components\CAA001FE75617B055C4D2B81B8984E00]
"9E2C7D317E80988449FF787E7081E435"="C:\Program Files (x86)\amulell\amule.ico"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2178471484-2396107894-907308686-1000\Components\CAC65E90569958BBDDA55C65C7F5100F]
"1105B7F0CE27D3947AFB45561940E7E8"="C:\Program Files (x86)\amuleCexx\locale\gl\amule.mo"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2178471484-2396107894-907308686-1000\Components\CC03EA3D08E42F86ED079BAB3C967826]
"9E2C7D317E80988449FF787E7081E435"="C:\Program Files (x86)\amulell\locale\sl\amule.mo"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2178471484-2396107894-907308686-1000\Components\CC844DEBFBB2770DCD5F712A3C7A32EB]
"9E2C7D317E80988449FF787E7081E435"="C:\Program Files (x86)\amulell\locale\ru\amule.mo"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2178471484-2396107894-907308686-1000\Components\D1CE104F33C8640A85F6AC40271FBE73]
"9E2C7D317E80988449FF787E7081E435"="C:\Program Files (x86)\amulell\locale\de\amule.mo"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2178471484-2396107894-907308686-1000\Components\D3460F28FA578D2A1F716B671B9A9BD8]
"1105B7F0CE27D3947AFB45561940E7E8"="C:\Program Files (x86)\amuleCexx\docs\README.txt"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2178471484-2396107894-907308686-1000\Components\D4DA7B0A862EAEAF5B5A20D1569CBEE9]
"9E2C7D317E80988449FF787E7081E435"="C:\Program Files (x86)\amulell\locale\et_EE\amule.mo"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2178471484-2396107894-907308686-1000\Components\D7C740408CE4573BD9AFFBBFFC0DDD78]
"3CADD814C61E2C745BEFF4CBBAE0010D"="C:\Program Files (x86)\amuleC\locale\eu\amule.mo"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2178471484-2396107894-907308686-1000\Components\D8FE111C03170812A1DE9A6A4D3F6540]
"1105B7F0CE27D3947AFB45561940E7E8"="C:\Program Files (x86)\amuleCexx\locale\zh_CN\amule.mo"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2178471484-2396107894-907308686-1000\Components\DA384045381CC5FB13A77880B39ACA97]
"1105B7F0CE27D3947AFB45561940E7E8"="C:\Program Files (x86)\amuleCexx\docs\amulesig.txt"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2178471484-2396107894-907308686-1000\Components\DA672C1F8A60E5C77A2F68EB862B0EE8]
"9E2C7D317E80988449FF787E7081E435"="C:\Program Files (x86)\amulell\locale\lt\amule.mo"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2178471484-2396107894-907308686-1000\Components\DA6A123DF677AA1061E700E2F232A1D6]
"3CADD814C61E2C745BEFF4CBBAE0010D"="C:\Program Files (x86)\amuleC\locale\ast\amule.mo"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2178471484-2396107894-907308686-1000\Components\E50392B6F15C7FA25BAE2682F7C4C6C7]
"1105B7F0CE27D3947AFB45561940E7E8"="C:\Program Files (x86)\amuleCexx\docs\license.txt"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2178471484-2396107894-907308686-1000\Components\E6934B32BCD5B02564B85A2A8A260C30]
"9E2C7D317E80988449FF787E7081E435"="C:\Program Files (x86)\amulell\skins\priscilla.zip"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2178471484-2396107894-907308686-1000\Components\E72E6EE9DDC855685C1331401EE3E2CE]
"3CADD814C61E2C745BEFF4CBBAE0010D"="C:\Program Files (x86)\amuleC\locale\hr\amule.mo"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2178471484-2396107894-907308686-1000\Components\E7572BFA3711FDB94A06C0F84D622FEB]
"9E2C7D317E80988449FF787E7081E435"="C:\Program Files (x86)\amulell\locale\fr\amule.mo"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2178471484-2396107894-907308686-1000\Components\E776B9D4EC304733C04B28C6FC8CFC99]
"3CADD814C61E2C745BEFF4CBBAE0010D"="C:\Program Files (x86)\amuleC\skins\gnome.zip"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2178471484-2396107894-907308686-1000\Components\EA341A350898696EFF10B853EF61C269]
"3CADD814C61E2C745BEFF4CBBAE0010D"="C:\Program Files (x86)\amuleC\locale\zh_TW\amule.mo"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2178471484-2396107894-907308686-1000\Components\EC58C1A791539A283BC4CEAFBBE5EBEA]
"9E2C7D317E80988449FF787E7081E435"="C:\Program Files (x86)\amulell\locale\ar\amule.mo"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2178471484-2396107894-907308686-1000\Components\F09B0616DD97AD2DE5A717C8BD176E70]
"3CADD814C61E2C745BEFF4CBBAE0010D"="C:\Users\pc\AppData\Roaming\aMule\ipfilter_static.dat"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2178471484-2396107894-907308686-1000\Components\F09B0616DD97AD2DE5A717C8BD176E70]
"1105B7F0CE27D3947AFB45561940E7E8"="C:\Users\pc\AppData\Roaming\aMule\ipfilter_static.dat"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2178471484-2396107894-907308686-1000\Components\F09B0616DD97AD2DE5A717C8BD176E70]
"9E2C7D317E80988449FF787E7081E435"="C:\Users\pc\AppData\Roaming\aMule\ipfilter_static.dat"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2178471484-2396107894-907308686-1000\Components\F32566D2C1A15D258CD2886A5FE65611]
"3CADD814C61E2C745BEFF4CBBAE0010D"="C:\Program Files (x86)\amuleC\locale\pt_PT\amule.mo"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2178471484-2396107894-907308686-1000\Components\F5D002F98143E39BDC996B45A981C7C2]
"1105B7F0CE27D3947AFB45561940E7E8"="C:\Program Files (x86)\amuleCexx\locale\sv\amule.mo"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2178471484-2396107894-907308686-1000\Components\F629260C821E12D456DCAE8DDD4C4E52]
"9E2C7D317E80988449FF787E7081E435"="C:\Program Files (x86)\amulell\locale\pl\amule.mo"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2178471484-2396107894-907308686-1000\Components\FB54B6CC9133372D530D430B7F816746]
"9E2C7D317E80988449FF787E7081E435"="C:\Program Files (x86)\amulell\locale\sv\amule.mo"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2178471484-2396107894-907308686-1000\Components\FB7B04075506DD09A90A2B0C62379E18]
"9E2C7D317E80988449FF787E7081E435"="C:\Program Files (x86)\amulell\aMule.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2178471484-2396107894-907308686-1000\Components\FC5B0AFA3F8DC6E87532B6553C4631E6]
"1105B7F0CE27D3947AFB45561940E7E8"="C:\Program Files (x86)\amuleCexx\locale\sq\amule.mo"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2178471484-2396107894-907308686-1000\Components\FCB70C623D79B82E0F9820426A9ECAE2]
"9E2C7D317E80988449FF787E7081E435"="C:\Program Files (x86)\amulell\locale\sq\amule.mo"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2178471484-2396107894-907308686-1000\Components\FD9F6724258846A65BC453A2094557A1]
"1105B7F0CE27D3947AFB45561940E7E8"="C:\Program Files (x86)\amuleCexx\locale\et_EE\amule.mo"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2178471484-2396107894-907308686-1000\Components\FFBEEEB0471E7357333F9EFBDC442B05]
"9E2C7D317E80988449FF787E7081E435"="C:\Program Files (x86)\amulell\ed2k.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2178471484-2396107894-907308686-1000\Products\1105B7F0CE27D3947AFB45561940E7E8\InstallProperties]
"Contact"="amuleC"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2178471484-2396107894-907308686-1000\Products\1105B7F0CE27D3947AFB45561940E7E8\InstallProperties]
"Publisher"="amuleC"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2178471484-2396107894-907308686-1000\Products\1105B7F0CE27D3947AFB45561940E7E8\InstallProperties]
"DisplayName"="amuleC"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2178471484-2396107894-907308686-1000\Products\3CADD814C61E2C745BEFF4CBBAE0010D\InstallProperties]
"Contact"="amuleC"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2178471484-2396107894-907308686-1000\Products\3CADD814C61E2C745BEFF4CBBAE0010D\InstallProperties]
"Publisher"="amuleC"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2178471484-2396107894-907308686-1000\Products\3CADD814C61E2C745BEFF4CBBAE0010D\InstallProperties]
"DisplayName"="amuleC"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2178471484-2396107894-907308686-1000\Products\9E2C7D317E80988449FF787E7081E435\InstallProperties]
"Contact"="amuleC"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2178471484-2396107894-907308686-1000\Products\9E2C7D317E80988449FF787E7081E435\InstallProperties]
"Publisher"="amules"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-2178471484-2396107894-907308686-1000\Products\9E2C7D317E80988449FF787E7081E435\InstallProperties]
"DisplayName"="amulesw"
[HKEY_USERS\S-1-5-21-2178471484-2396107894-907308686-1000\Software\Microsoft\Installer\Products\1105B7F0CE27D3947AFB45561940E7E8]
"ProductName"="amuleC"
[HKEY_USERS\S-1-5-21-2178471484-2396107894-907308686-1000\Software\Microsoft\Installer\Products\1105B7F0CE27D3947AFB45561940E7E8\SourceList]
"PackageName"="amule.msi"
[HKEY_USERS\S-1-5-21-2178471484-2396107894-907308686-1000\Software\Microsoft\Installer\Products\3CADD814C61E2C745BEFF4CBBAE0010D]
"ProductName"="amuleC"
[HKEY_USERS\S-1-5-21-2178471484-2396107894-907308686-1000\Software\Microsoft\Installer\Products\3CADD814C61E2C745BEFF4CBBAE0010D\SourceList]
"PackageName"="amuleins.msi"
[HKEY_USERS\S-1-5-21-2178471484-2396107894-907308686-1000\Software\Microsoft\Installer\Products\9E2C7D317E80988449FF787E7081E435]
"ProductName"="amulesw"
[HKEY_USERS\S-1-5-21-2178471484-2396107894-907308686-1000\Software\Microsoft\Installer\Products\9E2C7D317E80988449FF787E7081E435\SourceList]
"PackageName"="amule.msi"

====== End of Search ======

 

 

Well , computer runs fine when i'm doing simple tasks but kinda slowly when i try to play games etc.



#7 nasdaq

nasdaq

  • Malware Response Team
  • 39,936 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:05:12 PM

Posted 26 February 2018 - 09:20 AM

Before I suggest anything to remove I want to find out if some remant folders are still present

Please run the Farbar Recovery Scan Tool. Enter FindFolder: amule;amule*;*amule* in the Search Box and hit the File Search button.
Post the content of the Search.txt in your next reply.

==
 

kinda slowly when i try to play games etc.


Flush your DNS and let me know if the the problem persists.

Press the windows key Press the Windows key + r on your keyboard at the same time. This will open the RUN BOX.+ r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.
Please copy the entire contents of the code box below to the a new file.
 
start


CreateRestorePoint:
CloseProcesses:

cmd: ipconfig /flushdns
cmd: IPCONFIG /release
cmd: IPCONFIG /renew

Reboot:

End
Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

#8 Suleski_n

Suleski_n
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:10:12 PM

Posted 26 February 2018 - 11:25 AM

Search.txt

 

Farbar Recovery Scan Tool (x64) Version: 21.02.2018
Ran by pc (26-02-2018 17:04:52)
Running from C:\Users\pc\Downloads
Boot Mode: Normal

================== Search Files: "FindFolder: amule;amule*;*amule*" =============


====== End of Search ======

 

And the fixlog :

 

Fix result of Farbar Recovery Scan Tool (x64) Version: 21.02.2018
Ran by pc (26-02-2018 17:13:59) Run:2
Running from C:\Users\pc\Downloads
Loaded Profiles: pc (Available Profiles: pc)
Boot Mode: Normal
==============================================

fixlist content:
*****************
start


CreateRestorePoint:
CloseProcesses:

cmd: ipconfig /flushdns
cmd: IPCONFIG /release
cmd: IPCONFIG /renew

Reboot:

End
*****************

Restore point was successfully created.
Processes closed successfully.

========= ipconfig /flushdns =========


Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========= End of CMD: =========


========= IPCONFIG /release =========


Windows IP Configuration


Ethernet adapter Local Area Connection:

   Connection-specific DNS Suffix  . :
   Link-local IPv6 Address . . . . . : fe80::1c18:d00f:71db:22bc%11
   Default Gateway . . . . . . . . . :

========= End of CMD: =========


========= IPCONFIG /renew =========


Windows IP Configuration


Ethernet adapter Local Area Connection:

   Connection-specific DNS Suffix  . :
   Link-local IPv6 Address . . . . . : fe80::1c18:d00f:71db:22bc%11
   IPv4 Address. . . . . . . . . . . : 192.168.1.102
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Default Gateway . . . . . . . . . : 192.168.1.1

========= End of CMD: =========



The system needed a reboot.

==== End of Fixlog 17:14:55 ====

 

Computer still runs slowly .



#9 nasdaq

nasdaq

  • Malware Response Team
  • 39,936 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:05:12 PM

Posted 26 February 2018 - 01:49 PM

Hi,

Is it a Syncing issue?
Are you Syncing Chrome with other devices.
To remove it you will have to reset the Sync in Chrome.

Read this article and proceed.

Chrome Secure Preferences detection always comes back
https://forums.malwarebytes.com/topic/214325-chrome-secure-preferences-detection-always-comes-back/
<<<>>>


--RogueKiller--
  • Download & SAVE to your Desktop Download RogueKiller
  • Quit all programs that you may have started.
  • Please disconnect any USB or external drives from the computer before you run this scan!
  • For Vista or above, right-click the program file and select "Run as Administrator"
  • Accept the user agreements.
  • Execute the scan and wait until it has finished.
  • If a Windows opens to explain what [PUM's] are, read about it.
  • Click the RoguKiller icon on your taksbar to return to the report.
  • Click open the Report
  • Click Export TXT button
  • Save the file as ReportRogue.txt
  • Click the Remove button to delete the items in RED
  • Click Finish and close the program.
  • Locate the ReportRogue.txt file on your Desktop and copy/paste the contents in your next.
=======

#10 Suleski_n

Suleski_n
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:10:12 PM

Posted 26 February 2018 - 03:38 PM

=========================================================
===                                                   ===
===              RogueKiller Changelog                ===
===                                                   ===
=========================================================
-------------------
- Adlice Software -
-------------------

V12.12.5 02/19/2018
=================
- Added detections

V12.12.4 02/12/2018
=================
- Added detections

V12.12.3 02/05/2018
=================
- Added detections

V12.12.2 01/29/2018
=================
- Added detections

V12.12.1 01/22/2018
=================
- Fixed possible crash in PE parser
- Added detections

V12.12.0 01/15/2018
=================
- Fixed possible hang while processing file MD5
- Fixed Chrome extension removal
- Fixed Chrome configuration removal
- Added detections

V12.11.32 01/08/2018
=================
- Added detections

V12.11.31 01/02/2018
=================
- Added detections

V12.11.30 12/26/2017
=================
- Added detections

V12.11.29 12/18/2017
=================
- Added detections
- Fixed Windows Defender FP

V12.11.28 12/11/2017
=================
- Added detections

V12.11.27 12/04/2017
=================
- Fixed potential issue with "device not found, insert disk" messages
- Added detections

V12.11.26 11/27/2017
=================
- Added detections

V12.11.25 11/20/2017
=================
- Added detections

V12.11.24 11/13/2017
=================
- Added detections

V12.11.23 11/06/2017
=================
- Added detections

V12.11.22 10/30/2017
=================
- Added detections

V12.11.21 10/23/2017
=================
- Added detections
- Updated translations
- Fixed a bug in JSON export

V12.11.20 10/16/2017
=================
- Added detections

V12.11.19 10/09/2017
=================
- Added detections

V12.11.18 10/02/2017
=================
- Added detections

V12.11.17 09/25/2017
=================
- Added detections
- Updated translations

V12.11.16 09/18/2017
=================
- Added detections

V12.11.15 09/18/2017
=================
- Added detections

V12.11.14 09/11/2017
=================
- Added detections

V12.11.13 09/04/2017
=================
- Added detections
- Added msiexec handler to pathparser

V12.11.12 08/28/2017
=================
- Added detections

V12.11.11 08/21/2017
=================
- Added detections
- Dutch translation update

V12.11.10 08/14/2017
=================
- Added detections
- Fixed issue with uploader (please note this will apply to next update)

V12.11.9 08/03/2017
=================
- Added detections
- Fixed POST requests with proxy
- Fixed Upload timeout (crash upload/support form)

V12.11.8 07/24/2017
=================
- Fixed proxy persitence in Free mode
- Fixed a bug in MalPE
- Added detections
- Updated translations

V12.11.7 07/17/2017
=================
- Added detections
- Added Proxy configuration

V12.11.6 07/10/2017
=================
- Added detections

V12.11.5 07/03/2017
=================
- Added detections

V12.11.4 06/26/2017
=================
- Added detections

V12.11.3 06/19/2017
=================
- Added detections
- Minor fixes

V12.11.2 06/12/2017
=================
- Added detections

V12.11.1 06/04/2017
=================
- Added detections
- Fixed possible bug in MalPE scanner
- Forced VT mitigation for MalPE scanner to avoid FPs

V12.11.0 05/29/2017
=================
- Added detections
- NEW! MalPE module (BETA)
- NEW! RogueKillerAdmin V2 compatible
- DEPRECATED: RogueKillerAdmin V1

V12.10.10 05/22/2017
=================
- Added detections

V12.10.9 05/15/2017
=================
- Added detections

V12.10.8 05/08/2017
=================
- Added detections
- Fixed a bug in settings where Offline registry setting wasn't saved

V12.10.7 05/01/2017
=================
- Added detections
- Fixed a possible crash in COM module
- Fixed a possible crash in Path parser

V12.10.6 04/24/2017
=================
- Added detections
- Updated translations

V12.10.5 04/18/2017
=================
- Added detections

V12.10.4 04/10/2017
=================
- Added detections

V12.10.3 04/03/2017
=================
- Added detections

V12.10.2 03/27/2017
=================
- Added detections

V12.10.1 03/20/2017
=================
- Added detections

V12.10.0 03/13/2017
=================
- Added detections
- Now using common translations
- Fixed UI error where the "Pause" button was not reset after a scan
- Fixed a bug in the MBR scan
- Fixed minor bugs

V12.9.9 02/27/2017
=================
- Added detections
- Added warning when no element is selected prior to removal
- Fixed a bug in detection labels
- Fixed a bug in VT module

V12.9.8 02/21/2017
=================
- Added detections

V12.9.7 02/06/2017
=================
- Added detections
- Updated translations

V12.9.6 01/30/2017
=================
- Added detections

V12.9.5 01/23/2017
=================
- Added detections

V12.9.4 01/16/2017
=================
- Fixed FP on Mozilla Maintenance Service

V12.9.3 01/16/2017
=================
- Added detections
- Fixed licensing machine ID

V12.9.2 01/09/2017
=================
- Added detections
- Fixed critical bug in File module leading to a crash when scanning big files (> 2GB)

V12.9.1 01/02/2017
=================
- Added detections
- Various fixes

V12.9.0 12/26/2016
=================
- Added detections
- Signatures reorganization with YaraEditor database
- Donation text rewording
- Fixed big files scan
- Switched Yara fast mode ON
- Fixed tasks working dir recognition

V12.8.6 12/19/2016
=================
- Added detections

V12.8.5 12/12/2016
=================
- Added detections

V12.8.4 12/05/2016
=================
- Added detections
- RogueKillerDLL 1.0.3
- Fixed a bug in licensing, where it was impossible to remove license if about to expire

V12.8.3 11/28/2016
=================
- Added detections

V12.8.2 11/21/2016
=================
- Added detections
- Updated translations

V12.8.1 11/14/2016
=================
- Added detections
- Fixed update page translations
- Fixed eula page translations
- Fixed machine identification method

V12.8.0 11/07/2016
=================
- Added detections
- NEW! Chrome configuration scanner
- Added Print Providers scanner

V12.7.5 10/31/2016
=================
- Added detections
- Fixed COM crash on some machine at initialization
- Added Svchost path parser and service scanner
- New telemetry
- Fixed hidden tasks not being scanned

V12.7.4 10/24/2016
=================
- Added detections
- Fixed COM init/close implementation, that led to a hang on Windows XP
- Improved path parsing security
- Now path parser is able to scan for powershell EncodedData payloads

V12.7.3 10/17/2016
=================
- Added detections
- Updated translations
- Fixed bugs in task scanner prenventing from scanning entirely and removing tasks
- Fixed a bug with exit button
- Now installer has complete version number

V12.7.2 10/15/2016
=================
- Emergency fix for ADS false positive

V12.7.1 10/10/2016
=================
- Added detections

V12.7.0 10/03/2016
=================
- Added detections
- Improved filesystem scanner
- Improved telemetry
- Added winsock scanner
- Fixed a bug in installer
- Fixed installer error messages translations

V12.6.4 09/26/2016
=================
- Added detections
- Fixed a bug in disk serial read

V12.6.3 09/19/2016
=================
- Added detections
- NEW! Firewall rules scanner

V12.6.2 09/12/2016
=================
- Added detections
- Fixed a bug in LNK cleanup
- Added powershell path parser

V12.6.1 09/06/2016
=================
- Fixed missing resources (leading to a crash)

V12.6.0 09/05/2016
=================
- Added detections
- Updated translations
- Fixed a bug where patched files were not fixed on removal
- Added warning when license is expired or about to expire
- NEW! WMI Scanner

V12.5.2 08/29/2016
=================
- Added detections
- Updated translations

V12.5.1 08/22/2016
=================
- Fixed a bug in Yara module

V12.5.0 08/22/2016
=================
- Added detections
- Added file exclusion for forged files
- Fixed a bug where big files were detected as VT.Unknown
- Updated scanner to use Yara 3.5: https://github.com/VirusTotal/yara/releases/tag/v3.5.0
- Fixed (Yara 3.5): Processes scan doesn't use all memory/cpu
- Improvements (Yara 3.5): Scan is faster

V12.4.4 08/16/2016
=================
- Added detections
- Updated translations

V12.4.3 08/08/2016
=================
- Added detections

V12.4.2 08/01/2016
=================
- Added detections

V12.4.1 07/28/2016
=================
- Added detections
- Shortcuts scanner now cleans them instead of removing

V12.4.0 07/18/2016
=================
- Added detections
- Added Feed fallback (no more blank thing when website is slow)
- Added Shortcuts scanner
- Added Tasks scanner (by name/path)
- Updated translations
- Moved IRP scan to expert mode
- Fixed a bug where LNK pointed by tasks where not resolved
- Added registry Classes scanner
- (Premium) Added -noremove switch, to ignore detections

V12.3.8 07/11/2016
=================
- Added detections
- New feed version, with licensing filtering
- Registry scanner enhancement: Now stops the service before removing a service key
- Fixed a bug where Processes files were marked as missing
- Fixed VT score display

V12.3.7 07/04/2016
=================
- Added detections
- Updated internal links
- Updated translations

V12.3.6 06/27/2016
=================
- Fixed a bug leading to app being quit when a message is closed while in tray.
- Now displaying warnings on "Expert settings" turned on.

V12.3.5 06/22/2016
=================
- Fixed all links, now using a file provider API.

V12.3.4 06/20/2016
=================
- Added detections
- Added folder children exclusion scanner rule
- Signatures normlization
- Fixed a bug leading to hosts file not being scanned

V12.3.3 06/13/2016
=================
- Added detections
- Updated translations
- Fixed a bug where HTML reports were'nt readable on Chrome

V12.3.2 06/06/2016
=================
- Added detections
- Fixed possible crash on Intel files scan
- Refactor of marketing page
- Fixed a bug in VirusTotal upload leading to files not being sent for analysis
- Minor UI improvments

V12.3.1 05/30/2016
=================
- Added detections
- Updated translations

V12.3.0 05/22/2016
=================
- Added detections
- NEW! (Premium) Themes
- NEW! Clear theme
- NEW! Naked theme
- NEW! Dark theme
- Modified stats payload
- Update form: Now displays a warning when Updater is not present
- Update form: Now opens direct link to setup for Premium user in case Updater not present

V12.2.1 05/16/2016
=================
- Added detections
- Fixed transfer progress reset
- Updated translations
- Fixed UI hangs bug in old GUI

V12.2.0 05/10/2016
=================
- Added detections
- Updated translations
- Fixed a bug preventing from starting the scan on machines with 1 CPU
- Added a Quit button (useful when you want to skip close to tray)
- Fixed links in About tab
- Fixed check for updates (was not showing outdated when update arrives after the program is started)

V12.1.6 05/09/2016
=================
- Added detections
- Updated translations
- Improvement of path parsing module, added "cmd start x" method.

V12.1.5 05/02/2016
=================
- Added detections
- Update form now shows changelog
- Fixed RKAdmin link in updater

V12.1.4 04/25/2016
=================
- Added detections
- Fixed forged files dump to VT
- Now displays a warning when using wrong bits version
- Now shows GeoIP results
- Fixed an issue in updater where RogueKillerCMD wasn't recognized

V12.1.3 04/18/2016
=================
- Added detections
- Updated translations
- Fixed default check state in installer
- Fixed a bug that allowed check state modification of non-removable items
- Updater now uses cloud link
- Feed now uses cloud link
- Fixed a bug in GeoIP module
- Fixed a potential crash in MBR reading

V12.1.2 04/11/2016
=================
- Added detections
- Updated translations

V12.1.1 04/04/2016
=================
- Added detections
- Updated translations
- Now file replacements are made with sfc.exe on Vista+
- Added button to remove trial
- Fixed a bug in Chrome scanner preventing the scan from starting

V12.1.0 03/29/2016
=================
- Added detections
- NEW! Tools menu
- NEW! Hosts File Tools menu (Premium)
- Updated translations
- Fixed a bug in context menu actions

V12.0.3 03/21/2016
=================
- Added detections
- Added indonesian language
- Added more translators names
- Fixed a bug in AutoStart/AutoDelete
- Fixed a bug preventing to quit on Update
- Added a link to Lost license form

V12.0.2 03/14/2016
=================
- Added detections
- Added crash dump form
- Fixed a bug that showed steps not supposed to run
- Updated translations / Fixed typos
- Added Data column in scan results
- Fixed Autoscan
- Fixed Autoremove
- Now scan progress live detection shows in red when an item is detected
- Fixed a bug that led to driver state being wrong in reports

V12.0.1 03/07/2016
=================
- New user interface
- Added detections

V11.0.14 02/29/2016
=================
- moved driver loading at the beginning of the scan
- introducing expert mode
- processes no longer killed during scan (killed at removal, on demand)
- moved IAT scanning into expert mode
- core preparation for V12
- Added detections

V11.0.13 02/22/2016
=================
- moved signatures loading at the beginning of the scan
- core preparation for V12
- Added detections

V11.0.12 02/15/2016
=================
- Added detections
- Fixed a bug in Files module
- Fixed a bug in Web module

V11.0.11 02/08/2016
=================
- Added detections

V11.0.10 02/01/2016
=================
- Added detections
- Updated translations

V11.0.9 01/25/2016
=================
- Added detections
- Updater 2.1
- Updater can now serves installable version
- Updater can now skip licensing page if already registered

V11.0.8 01/19/2016
=================
- Added detections
- TrueSight v2.0.2 (fixed digital certificate for SHA1)
- Added Turkish language
- Updated translations

V11.0.7 01/11/2016
=================
- Added detections
- Added ADS whitelisting/blacklisting

V11.0.6 01/04/2016
=================
- Added detections
- Using new licensing API

V11.0.5 12/28/2015
=================
- Added detections
- Now setup will verify license key when entered

V11.0.4 12/20/2015
=================
- Added detections

V11.0.3 12/14/2015
=================
- Added detections
- Added translations in setup
- Updated translations

V11.0.2 12/07/2015
=================
- Fixed a bug in Buffer search

V11.0.1 12/07/2015
=================
- Added detections
- Fixed a possible bug in scanner
- Fixed a possible issue in COM module

V11.0.0 11/30/2015
=================
- Added rating link in marketing window
- Now detects ADS (Alternate Data Streams)
- Qt 5.5
- Moved Prescan into Scan
- Now IAT scan is able to scan Microsoft Edge
- Better hooks report for kernel hooks
- Truesight v2
- Now kernel hooks are scanned on userland
- Fixed a bug in COM module
- Added software keys detection
- Added registry path signatures
- Added detections

V10.11.7 11/23/2015
=================
- Added detections
- Fixed a possible hang issue on HTTP calls (timeout broken)
- setup improvments, ability to deploy both version (32/64 bits)
- setup improvments, banner and translations
- fixed a possible crash in junctions data parsing

V10.11.6 11/16/2015
=================
- Added detections
- Fixed a bug that closed the app when closing child window when minimized in tray
- added -reportpath command line parameter
- UI tweaks

V10.11.5 11/09/2015
=================
- Added detections

V10.11.4 11/02/2015
=================
- Added detections
- Fixed a bug in licensing engine, leading to a lost of configuration sometimes.
- Fixed a bug in processes module where main module was not good
- Fixed a bug in processes module where Updater was crashing if a very long command line was passed

V10.11.3 10/26/2015
=================
- Added detections
- Added warning when driver is not loaded
- Fixed Microsoft Security Client as legit parent for svchost
- (Premium) Added Premium label in reports
- Updated translations
- (Premium) Added information for external scanner (tab in settings)
- (Premium) Now application closes in tray and persist
- (Premium) Now able to start a scan from the tray icon
- Fixed a bug where services/windows were not scanned
- Fixed a bug where filesystem was not properly scanned

V10.11.2 10/20/2015
=================
- Fixed a crash in Buffer module
- Moved rebranding to Premium Technician

V10.11.1 10/19/2015
=================
- Added detections
- Moved rebranding to Premium documented features
- Fixed an issue with IAT scan progress (progress reset after process scan)
- Updated translations
- NEW! (Premium Technician) Added an option to limit time validity of portable config files
- Improved performance of filesystem scanner (scan is now much faster)
- Whitelisted Chrome sandbox IAT hooks
- Added timeout for file shortcut resolution (improves performance of filesystem scanner)

V10.11.0 10/12/2015
=================
- Added detections
- Added filter on VirusTotal internal submit (no user file)
- Improved shellcode module detection in inline hooks module
- Fixed memory growth while scanning filesystem
- IAT scan is now much faster because only scanning windows DLLs table
- Table-based hooks have cleaner display in logs (module!export)
- Fixed a bug in modules enumeration on 64 bits
- Excluded wow64cpu enter from inline hooks detection
- Now inline hooks architecture detection relies on import module architecture instead of process
- RogueKillerCMD: Added -dont_ask switch (to eliminate all user interactions and use default actions)

V10.10.9 10/05/2015
=================
- Fixed bug in Disk module
- Fixed bug in IAT parser

V10.10.8 10/05/2015
=================
- Added detections
- Now Updater restarts application using same command line parameters

V10.10.7 09/28/2015
=================
- Added detections

V10.10.6 09/21/2015
=================
- Added detections
- Fixed bug in Disk module
- New social icons
- RogueKillerCMD: Added build number, licensing state

V10.10.5 09/14/2015
=================
- Added detections

V10.10.4 09/04/2015
=================
- Added detections
- Updated links
- (Premium) Added notification when license is about to expire
- Fixed bug in Disks module

V10.10.3 08/31/2015
=================
- Added detections
- Now all legit antirootkit entries are hidden
- fixed a bug in Process module
- internal reorganization

V10.10.2 08/24/2015
=================
- Added Detections
- NEW! Added Processes list to json report
- NEW! (Premium) Added -vtupload yes/no command line parameter
- Updated EULA to reflect licensing terms
- Updated translations
- Added help button in "?" menu
- Fixed way of reading disk serial
- Fixed a bug in VT scanner

V10.10.1 08/17/2015
=================
- Added detections
- (Premium) Added message when Updater is not present and program is outdated
- Updated translations
- Added link to public Trello board
- Added version check in about form
- NEW! VirusTotal choice for upload
- NEW! (Premium) VirusTotal choice setting
- Fixed automatic updates when Updater is not present
- NEW! EULA will show up again if a new version is present
- Extended injection signature search to 4 sections (instead of 1), to better identify injection code.
- Now infection urls for antirootkit point to non technical posts
- Resized main and about forms
- (Premium) Added more information in licensing server check
- (Premium) Prepared for annual subscription switch

V10.10.0 08/11/2015
=================
- Added detections
- Compatibility with Windows10
- Added error message when key has wrong pattern
- Updated translations
- NEW! File Scanner is more aggressive, and will search in a lot more locations
- Fixed a bug in honey module
- Fixed a bug in logging module

V10.9.4 07/30/2015
=================
- Added detections
- Fixed file scan when path contains unicode characters
- Fixed offline licensing issue (License was not recognized when no internet available). Now once registered (with internet on) it works offline.
- NEW! (Premium) Tray icon phase 1.

V10.9.3 07/21/2015
=================
- Fixed a crash when scanning Digital Certificate of some files
- Fixed a FP when LNK files have unicode characters in path (OneNote 2010 - Capture d??cran et lancement.lnk)

V10.9.2 07/20/2015
=================
- Added detections
- NEW! HTML reports
- NEW! HTML Open button
- NEW! TXT Open button
- NEW! HTML log setting + command line parameter
- Fixed timeout for Curl operations (max 5 seconds)
- NEW! signature database is now pre-compiled, will load much faster
- Updated Yara engine to 3.4
- Refactored Digisig engine, better performances
- Added more information in Json log for killed processes
- Fixed a bug where x64 processes names are not found when using x86 version
- Fixed path whitelist priority on VT blacklist (processes scanner)
- Updated translations
- Fixed an issue where Floppy drives become very noisy during scan

V10.9.1 07/09/2015
=================
- Added detections
- NEW! Added Open Text button in Json log viewer.
- NEW! Korean language
- Updated translations
- Fixed Scan randomly performed.
- NEW! Command line parameter: -reportformat [txt|json]
- NEW! Report format setting
- Merged Txt report generation with Txt export

V10.9.0 07/06/2015
=================
- Separate database for RogueKillerCMD / Updater
- NEW! Updater is now generic (cannot be used by double click anymore, takes command line)
- NEW! RogueKillerCMD can now use automatic updates
- NEW! RogueKillerCMD has now a version check
- NEW! RogueKiller has now accessibility (JAWS compatibility)
- Added detections
- -autodelete implicit has been removed from -hide
- Fixed a bug in RogueKillerCMD where command line isn't handled correctly
- NEW! RogueKiller now uses JSON as root format for reporting
- NEW! RogueKiller can open JSON logs into a new window
- NEW! JSON logs can be exported in RAW text format
- Updated translations
- NEW! setup now embeds RogueKillerCMD
- Fixed a bug in tasks scanner
- Fixed certificate timestamp

V10.8.7 06/29/2015
=================
- Removed AV.Killer definition (too many FPs)
- Fixed a bug in mstring module, leading to infinite loop in certain circumstances
- Now tasks scanner scans arguments too
- Added detections

V10.8.6 06/22/2015
=================
- Adjusted AV.Killer definition

V10.8.5 06/22/2015
=================
- Added detections
- NEW! External Scanner
- Fixed a bug in Process Scanner
- Fixed a bug in File Search
- Fixed a bug in Registry Scanner
- Now process paths are expanded
- Fixed a bug in VT module
- Fixed a bug in -autoscan

V10.8.4 06/16/2015
=================
- Added Skype to exclusions for RunPE detections

V10.8.3 06/15/2015
=================
- Added detections
- NEW! RunPE heuristic detection
- (Premium) Removed Paypal/Premium images
- Refactored settings form
- NEW! (Premium) -autoupdate command line parameter + setting
- Updated translations
- Fixed a bug in VT module
- Fixed a bug in WebServer (Not starting sometimes)

V10.8.2 06/09/2015
=================
- Using Licensing 2.0
- Added detections

V10.8.1 06/03/2015
=================
- Fixed a bug in Licensing
- Fixed a bug in VirusTotal module
- Now portable license generated file is read-only
- Added GUI indicators when using portable license
- Added detections
- Extension checker optimizations

V10.8.0 06/01/2015
=================
- Updated database
- Fixed a bug in reporting
- Disabled PUM.DesktopIcons (too confusing, and not critical)
- Disabled PUM.Orphan (too confusing, not critical)
- Better unit testing
- Initialization optimizations
- Updated translations
- NEW! (Premium) Web service
- NEW! Web service /info url (get version info)
- NEW! Web service /scan/new url (start new scan)
- NEW! Web service /scan/status url (get scan status)
- NEW! Web service /report/last url (get last report)
- NEW! (Premium) -pupismalware command line parameter + setting
- NEW! (Premium) -pumismalware command line parameter + setting
- Reverted portable fixed location in rk_config.ini
- Fixed error message when too many instances
- Setup now adds RogueKiller bin folder to %PATH%
- Updated userland certificate
- NEW! Promotional nag.

V10.7.0 05/25/2015
=================
- New configuration module, not compatible with old one. Able to use read-only medium for portable license.
- NEW! no more rk_config.ini for technician license.
- NEW! command line parameter: -portable-license
- Updated languages

V10.6.5 05/20/2015
=================
- Fixed a bug with KnownDLLs detection when value name starts with underscore (_)

V10.6.4 05/18/2015
=================
- NEW! Preferred language is now saved
- Added detections
- Fixed processes scan aggressiveness
- NEW! Logo can now be rebranded (Please contact us)
- Fixed a bug in Extensions Checked
- Fixed a bug in CLSID scanner
- Fixed Orphan detection level + vendor name => PUM.Orphan
- Fixed License fallback state
- Added new autostart locations
- Added Transfert progressbar

V10.6.3 05/11/2015
=================
- Added detections
- Fixed a bug in File Search module
- Increased feed rotation time
- Better UI information
- Deactivated VT IP scan (too many FPs)

V10.6.2 05/04/2015
=================
- NEW! Breaking news banner
- External libs update + optimizations (Zlib, SQLite, udis86)
- Fixed a bug in Tab navigation

V10.6.1 04/27/2015
=================
- Now VT file scan has minimum/maximum size
- Refactored PUP/PUM classification to be clearer and more consistent
- Fixed VT file scanner scanning LNK files instead of target
- Now VT unknown s classified as PUP
- Now VT cache has outdated date (fixed to 5 days)
- Now VT scanner rescans pending items at initialization
- Added detections

V10.6.0 04/20/2015
=================
- Added detections
- Moved version check before Prescan
- Fixed a bug in IAT scanner, where call stack was not recorded correctly
- Fixed a bug in IAT scanner, where unknown module was not displayed
- Fixed a bug in RogueKiller OLD GUI, where config file was not read properly
- Fixed ShowLegitHooks command/setting
- Fixed slow UI when a lot of entries are added to a table
- Fixed a bad items insertion when sorting was enabled
- Fixed a bug in MBR (GPT) module
- Fixed missing Premium info when internet access is broken
- Fixed a bug in libcurl library (X64)
- Added new method to detect IAT inline hooks
- NEW! VT Scan on registry, tasks, files, mbr, web browsers and antirootkit scans.
- NEW! VT scan no more in beta
- NEW! VT scan now scans all processes
- NEW! VT scan has local caching

V10.5.10 04/13/2015
=================
- Added detections
- Now can register Premium with command line parameter: -register <email> <key>
- Now displays remaining activations for Premium
- All communications are now using SSL (HTTPS)
- RogueKillerCMD: Added better colors
- RogueKillerCMD: Now can recognize RogueKiller's command line parameters

V10.5.9 04/07/2015
=================
- Added detections
- Now logs are sorted by date
- Now can attach last log even if a scan was not performed in the same session
- Fixed a bug where registration form cannot upload last report
- Removed Post Delete message asking for Premium buying when a user is already registered
- Now file scanner shows unscanned files (for progression), so that software doesn't give an impress of being stuck

V10.5.8 03/30/2015
=================
- Added detections
- Fixed a bug where config isn't reset after removing the license.
- Fixed NoPop configuration bug
- Added all command line parameters in Settings
- Updated translations
- Now registration Id/Key are trimmed to avoid copying/writing spaces before/after them (and have wrong key error message)
- Fixed updater now recognizing License on Windows 8 (now needs admin rights to be launched).
- Updated EULA to reflect VirusTotal integration rules.

V10.5.7 03/22/2015
=================
- Fixed a crash when starting the application

V10.5.6 03/21/2015
=================
- Added detections
- Fixed bug forbidding technician licenses to use command line
- Added Persian translation
- Fixed a possible hang on service termination
- Added progress text on progressbar during the scan
- NEW! VT scan on Processes (beta, only premium, disabled by default)
- NEW! VT scan on Services (beta, only premium, disabled by default)
- RogueKillerCMD : removed tutorial opening in case of an infection

V10.5.5 03/16/2015
=================
- Added detections
- PREMIUM: Added more settings options
- Unhidden premium options, added Nag message
- Updated translations
- Moved Scan choices to settings

V10.5.4 03/12/2015
=================
- Added detections
- Added credits for translators (About)
- Now service scanner is aware of ServiceDll path
- Updated translations
- Now Premium registration email is trimmed (remove spaces before and after the email)

V10.5.3 03/10/2015
=================
- Fixed a bug in Path module where all shortened path were not properly expanded (Ex: LogMe~ => LogMeIn Rescue Applet)

V10.5.2 03/09/2015
=================
- PREMIUM: Technician License can now use portable config file
- Added Premium logo
- Fixed a bug when opening website

V10.5.1 03/05/2015
=================
- Using new licensing system
- Added detections

V10.5.0 03/01/2015
=================
- NEW! Now RogueKiller is available with an installer
- PREMIUM: Separate updater
- PREMIUM: Trial of 30 days per machine
- Added detections
- Fixed a crash in jansson library

V10.4.3 02/23/2015
=================
- Added detections

V10.4.2 02/23/2015
=================
- Added detections

V10.4.1 02/19/2015
=================
- Added detections

V10.4.0 02/18/2015
=================
- Uniformization of whitelists/blacklists (we dropped a lot of detections, this can lead to false positives...
...but they will be fixed as people report them)
- Fixed a bug in LNK signature detection
- Fixed a buf in Time module
- NEW! Better CLSID scanner
- NEW! Now MBR scanner is EFI compatible
- Updated italian translation
- Fixed a bug in Path module

V10.3.0 02/16/2015
=================
- Added detections
- New command line flag: -showlegithooks (Shows legit hooks that are normally hidden)
- Big improvements in the IAT hooks engine; Preparation of refactoring for the kernel hooks.
- Big improvements in Extension Checker module
- NEW! Arabic translation
- Updated translations
- Updated Yara engine to 3.3

V10.2.0 01/19/2015
=================
- Added detections
- Updated Italian translation
- Added German translation
- Added Chinese traditional translation
- Fixed a bug in Registry scanner where .DEFAULT hive is not scanned
- Added MBR signature for FinFisher
- Added MBR signature for TDL4
- Added MBR signature for Rovnix
- Fixed some bugs in MBR scanner
- Improved low level disk access library
- Added VBR (Volume Boot Record) scanner

V10.1.2 01/06/2015
=================
- Added detections
- Updated Spanish translation
- Added Italian translation
- Added hook signatures engine

V10.1.1 12/23/2014
=================
- Added detections
- PREMIUM: Added settings form
- PREMIUM: Added MBR Scan setting
- PREMIUM: Added Honey Scan setting
- PREMIUM: Added Antirootkit Scan setting
- PREMIUM: Added Open website setting
- Added Dutch translation
- Added Italian translation
- Added sanity check for website opening

V10.1.0 12/11/2014
=================
- Added detections
- Fixed mbamservice false positive

V10.0.9 12/08/2014
=================
- Fixed Xpaj false positive with DiskCryptor MBR
- Added DiskCryptor MBR signature
- Added detections
- TrueSight 1.0.4: Better shellcode module detection
- IAT Hooks: Better shellcode module detection

V10.0.8 11/20/2014
=================
- Added detections
- Fixed bug of processes not killed
- Now process memory is scanned before path scan

V10.0.7 11/20/2014
=================
- Now process pages are scanned for whitelist
- Updated Yara engine
- Added detections
- Reverted some command line to free version: -nodriver -nokill -nopop -nothirdparty

V10.0.6 11/12/2014
=================
- Fixed a bug in Process module (not enough rights to get process path)
- Fixed a bug in AV whitelist detection
- Added detections

V10.0.5 11/11/2014
=================
- Now AV processes are whitelisted
- Added language separator for "Your language here"
- Added Injected process heuristic detection
- Fixed bad Zeus signature
- More aggressive against Poweliks processes
- Added detections
- Updated links

V10.0.4 10/29/2014
=================
- Added link to translations in language menu
- Added Delay IAT in PE module
- Added Delay IAT hooks in antirootkit
- Now IAT hooks are printed to UI as they are scanned
- Removed ctfmon from sensitive processes
- Now detects Zeus variants
- Now informative texts are not elided
- Better choices (currency/amount) for Paypal form
- Removed unused resources
- Improvements in quarantine module
- Now DNS entries show country IP in text report
- PREMIUM: Added quarantine handler
- Added detections

V10.0.3 10/22/2014
=================
- New user-agent: Now sends extended vendor names for real time monitoring
- Added detections

V10.0.2 10/16/2014
=================
- Added detection of services hidden from SCM and from registry
- Dropped command line support in free version
- Removed EAT hooks (useless)
- Improved IAT hooks scanner (now scans all modules instead of main module)
- Fixed a bug in driver library (driver could not load under certain circumstances)
- Added Czech translation
- Added tooltip with detection level (for colorblind people)
- Added detections

V10.0.1 10/10/2014
=================
- Improvements in Process library
- Added COM integrity check to disable COM calls when server is corrupted (Poweliks)
- Fixed Poweliks rule
- Added detections
- Fixed Bug in registry module
- Fixed a bug in logging

V10.0.0 10/08/2014
=================
- Major UI changes
- Added support for future Premium version
- Added support for ShellIconOverlayIdentifiers and ShellServiceObjectDelayLoad  keys
- Now CLSIDs are scanned for path and memory
- Added detections

V9.3.0 10/06/2014
=================
- New Rules engine. Easier to maintain, more robust.
- Fixed a lot of bugs in Scanner engines.
- Added detections

V9.2.13 09/25/2014
=================
- Fixed a bug in registry module introduced in 9.2.12
- Fixed a bug in process engine that forbids svchost processes to be killed
- Added detections

V9.2.12 09/23/2014
=================
- TrueSight: 1.0.3: Fixed a Kernel stack overflow leading to a BSoD
- Better handling of multistring registry value/key names (ZeroAccess/Poweliks)
- Added Poweliks detections
- Added detections

V9.2.11 09/18/2014
=================
- Added detection to new Poweliks variant
- Fixed a bug of infinite wait when COM objects are broken

V9.2.10 09/09/2014
=================
- Fixed a bug in Yara scanner
- Fixed a bug in language module
- Fixed a crash dump uploader (due to surlatoile.org move to https)
- Added service binary path in report

V9.2.9 09/01/2014
=================
- Updated Yara to 3.1.0
- Added detections
- Firefox PUM.HomePage is using domain whitelist

V9.2.8 08/15/2014
=================
- Added detections

V9.2.7 08/15/2014
=================
- Added scan of Search Page/Start Page for Internet Explorer
- Added scan of Start Page for Firefox
- TrueSight 1.0.2: Process Kill
- TrueSight 1.0.2: Registry key Kill
- TrueSight 1.0.2: File Kill
- RogueKiller: Implementation of new Truesight features
- RogueKillerCMD: Implementation of new Truesight features


V9.2.6 08/07/2014
=================
- Removed a ZeroAccess false detection
- Fixed a bug in registry module (introduced in 9.2.5)

V9.2.5 08/07/2014
=================
- Fixed a bug in registry module (poweliks/zeroaccess trick)
- Fixed a bug in command line parsing
- RogueKillerCMD: Added registry value/subkey removal by index
- Added detections

V9.2.4 07/24/2014
=================
- Added detections
- Added Key present rule
- Added Value data rule
- Updated Yara
- Fixed a bug in file search module
- Fixed a bug in honey file module
- Fixed string limit in path module
- RogueKillerCMD: Registry Kill

V9.2.3 07/14/2014
=================
- Fixed a bug in file module
- Added detections

V9.2.2 07/11/2014
=================
- Fixed a bug in task scanner
- Fixed a bug in path parser
- Fixed a bug in registry module
- Fixed a bug in install module
- Unknown MBRs are dumped in %programdata%/RogueKiller/Debug
- Added detections

V9.2.1 07/09/2014
=================
- Fixed a bug in logging
- Fixed unicode hosts file read/write
- Fixed empty hosts lines scan
- Truesight 1.0.1
- Truesight now suspends TDL4 threads before MBR fix
- Removed debug messages from Truesight
- Fixed pcalua detection in task scanner
- Added links

V9.2.0 07/07/2014
=================
- Truesight 1.0 (no more in beta)
- Truesight loads in X64
- Truesight rewriten from scratch (increased stability, code compatibility)
- Truesight now detects Filters (regular, reverse)
- Added detections
- Added translations
- Fixed regression about vendor url opening
- Fixed bug about duplicate registry entries on x86

V9.1.0 06/23/2014
=================
- Added detections
- Fixed a problem of ProgramFiles/ProgramFilesX86/ProgrameFilesW6432 var env parsing
- Binaries are now digitally signed.
- updated translations


V9.0.3 06/17/2014
=================
- Fixed encoding bug in quarantine handler
- Fixed crash window opening when no dump is available
- Fixed duplicated files in common startup folder on XP
- Detection of WinPE. Now LivePE/LiveUSB scan is faster and more accurate.
- Fixed reboot query
- Improved replacement method
- Fixed DNS whitelisting
- Added Zekos signatures
- Now file replacement engine looks for same file version before replacing.
- Fixed a bug in startup honey module
- Fixed a bug in mbr module
- Added detections


V9.0.2 06/04/2014
=================
- Fixed a bug in registry scanner
- Fixed a bug in Buffer lib
- Added chrome extensions removal
- Fixed service repair
- Added single instance mutex
- Fixed a bug when trying to quit
- Added detections
- Added Necurs link
- Added pathparser special rules (rundll32, wscript)
- Fixed a bug in file parsing
- Fixed a bug in Honey module


V9.0.1 06/02/2014
=================
- Fixed a bug in logging
- Fixed a bug in File lib
- Fixed a bug in GUI
- Optimizations in String parser
- Added detections
- Fixed a bug in addons detection
- Fixed a bug in forged file detection
- Fixed a bug in service scanner
- Now malware hooks are Orange

V9.0.0 05/29/2014
=================
- Fixed bugs

V9.0.0 beta 3 05/26/2014
=================
- CLI commands -nodriver -autoscan -autodelete -autoquit -autoeula -hideui
- Added detections
- Fixed EULA
- Added service repair
- Added check for updates
- Changed driver icon
- Added reboot notification
- Added pending detections notification on quit

V9.0.0 beta 2 05/23/2014
=================
- Fixed a bug in MBR log
- Fixed a bug in Service log
- Fixed a bug in log (RTL characters removed, ZeroAccess)
- Replaced SUSP PATH label by Suspicious.Path
- Removed Chrome.exe IAT/EAT scan
- Fixed 3 bugs in IEAT/EAT display (process is displayed / legit entries are hidden / fixed size of function in console display)
- Now suspicious services registry keys are not prechecked (to avoid confusion with true malware)
- Disabled Forged files removal (except if contains malware signature), due to some false positives
- Fixed a bug in Registry subkey removal (ZeroAccess)
- Fixed a bug in File replacement (added ACL copy before replace, Zekos)
- Fixed a bug in ListView sorting (was too slow)
- Added detections

V9.0.0 beta 1 05/22/2014
=================
- Added crash handler window
- Reports are now translated
- Added missing translations
- Added hover event for Facebook / Paypal links
- Added fancy Facebook button
- Replaced old icons by high res icons
- Added detections
- Fixed a bug in ComManager

V9.0.0 alpha5 05/21/2014
=================
- Brand new high res icon! (thanks nfn678 from deviantart.com)
- Now sending statistics to adlice.com webserver database
- PUM color detection is now Dark Gray
- Added web browser scan
- Added stop button (during scan only)

V9.0.0 alpha4 05/20/2014
=================
- Added context menu select/unselect all
- replaced old MBR display by a listview
- added MBR scan
- fixed carriage return bug in reports
- fixed bad driver decryption
- added Hooks scanner

V9.0.0 alpha3 05/19/2014
=================
- Fixed a bug when exiting with file menu
- Added hosts fix button (hosts tab)
- Fixed window names bug (massive false positive)
- Added true version number comparison for version checker
- Fixed elided text bug
- Added report footer
- Now general progressbar is used as progression
- Now displays fine progression
- Added file scanner

V9.0.0 alpha2 05/16/2014
=================
- Fixed a crash in Yara scanner on some processes
- Fixed a bug in Hidden processes detection
- Fixed a bug in report module, prescan results were removed from reports
- Fixed display bug (wrong X64 display in title)
- Fixed crash handler, now crash dumps will be located in %ProgramData%/RogueKiller/Debug
- Fixed display bug. After removal, status of items was not updated.
- Added Hosts file support
- Added Hosts file line removal
- Removed Proxy, DNS and Shortcut buttons/tabs

V9.0.0 alpha1 05/14/2014
=================
- Rewritten engine from scratch ( RKSdk V1 )
- Moved to Yara scanner
- Fixed a lot of bugs

V8.8.14 03/26/2014
=================
- Fixed a bug in PE parser
- Optimizations
- Added detections

V8.8.13 03/25/2014
=================
- Optimizations
- Prepare for 8.9.0
- NEW! Now scans IAT/EAT on x64 operating systems
- NEW! Now scans non-PE files (example: .bat)
- Addded detections

V8.8.12 03/20/2014
=================
- Optimizations
- Prepare for 8.9.0
- Added Thanks for Downloading Url at first use.
- Fixed bug in MBR fix
- Fixed progressbar behavior

V8.8.11 03/14/2014
=================
- Optimizations
- Added lot of PUP detections
- file path are elided in console

V8.8.10 02/28/2014
=================
- Added detections
- Changed links
- Fixed a bug in File library
- RogueKillerCMD 0.1.3
    * Added service list
    * Added service kill

V8.8.9 02/24/2014
=================
- Added double check for current version
- Added double post for autofeedback
- Changed sur-la-toile.com domain for new one surlatoile.org (fixed statistics and version check)


V8.8.8 02/19/2014
=================
- URL are now localized
- Fixed tree process creation deadlock


V8.8.7 02/11/2014
=================
- Fixed bugs in Hidden process detection
- Added traces for killed processes check bug.


V8.8.6 02/07/2014
=================
- ACLs management improvement
- Fixed FP in hook module
- NEW! Google Chrome extensions are listed [Removal not supported yet]
- Fixed Zekos FP with Zanga.exe
- Fixed forum link in report


V8.8.5 02/03/2014
=================
- Added debug trace for dllhost issue
- Added rogue detections
- Fixed duplicates in Firefox Addons list
- Added extensions.json / extensions.sqlite in the firefox watch list
- Now kills firefox before removing extensions

V8.8.4 01/27/2014
=================
- Added ACL module.
- Fixed bug with ACLs when replacing patched file [Black Screen - Zekos]
- Restored Zekos signatures

V8.8.3 01/24/2014
=================
- NEW! Extension removal for IE / Firefox (context menu)
- Neutralized Zekos signatures to avoid black screen at replacement. [To be fixed]

V8.8.2 01/17/2014
=================
- NEW! Miuref detection and removal
- Added Zekos x64 detection
- Fixed a bug in honey module
- Fixed a bug in core module
- Fixed a bug in driver module

V8.8.1 01/14/2014
=================
- Fixed bug in registry module
- Fixed a bug in file module
- NEW! Zekos detection and removal.

V8.8.0 12/27/2013
=================
- NEW! web browser addons are listed (Internet Explorer | Firefox )
- NEW! Cryptolocker pattern
- NEW! Killed process verifier. If some processes remain, they are killed by their whole tree.
- Added detections

V8.7.13 12/18/2013
=================
- Translated Paypal Icon
- Fixed a bug in GUI lib
- Added PUP pattern
- Fixed a bug in File lib (ZeroAccess detection)
- Added addons tab

V8.7.12 12/16/2013
=================
- Windows 8.1 detection
- Fixed bug in Shortcut mode
- Refactoring of File lib
- Added detections
- RogueKillerCMD 0.1.2
    * Added process list

V8.7.11 12/04/2013
=================
- Fixed a bug in UI lib

V8.7.10 12/04/2013
=================
- Added detections
- RogueKillerCMD 0.1.1
    * Fixed DLL dependencies

V8.7.9 11/25/2013
=================
- Fixed a bug in regex parsing
- Optimization of regex
- Added 2 new methods for registry Read/Write
- NEW! Honey module now uses the Win32 API Offline method (Safer)
- Fixed a bug in script cleanup
- Fixed a bug in mbr module
- Added detections
- Added Error code for MBR read
- Removed ROGUE ST detection for registry values


V8.7.8 11/14/2013
=================
- NEW! Added Zlib compression for crash dump sending
- Improvement of args handler

V8.7.7 11/11/2013
=================
- NEW! new banner
- Fixed bugs in Registry module
- Fixed bug in PeParser
- Added progress window for crash report uploading
- Now collecting FUll dumps [This can be long, be patient!]


V8.7.6 10/28/2013
=================
- Changed crash feedback for sending crash dump instead of custom crash logs
- Fixed bug in PeParser


V8.7.5 10/22/2013
=================
- Added useragent in debug log sending
- NEW! Geoloc for proxy / DNS IPs
- Fixed bug on TaskMan value
- NEW! -report_output and -hide switches
- NEW! Stop button


V8.7.4 10/16/2013
=================
- Added COUNTRY in user agent of statistic module


V8.7.3 10/15/2013
=================
- NEW! Detection/Removal of generic name mismatches in registry key/values (API fool trick -Rootkit)
- Fixed a bug in HiveReader module
- Fixed a bug in Pattern module


V8.7.2 10/10/2013
=================
- Fixed memory leak in sigcheck
- Fixed bug in PeParser
- Fixed bug in File module
- Added RECYCLER suspicious path (DorkBot)
- Added TaskManager key monitoring


V8.7.1 10/03/2013
=================
- Fixed bugs in PeParser
- Fixed bug in IAT/ETA hooks
- NEW! Listview sorting


V8.7.0 09/30/2013
=================
- NEW! Scan IAT/ETA of sensible processes
- NEW! Filesystem userland antirootkit
- Added colors to differenciate type of objects
- Added Romanian language
- Fixed bug in file deletion
- Fixed bugs in Pe parser
- Optimizations: Com library
- Fixed bug in GUI library
- Added detections


V8.6.12 09/18/2013
=================
- Added detections
- Added MBR infos
- Added PUM label, and more consitent colors
- Fixed a bug in MBR module


V8.6.11 09/11/2013
=================
- Fixed a crash a startup on x64 OS


V8.6.10 09/09/2013
=================
- Fixed a bug in PeParser
- TrueSight 0.9.1


V8.6.9 09/03/2013
=================
- Fixed a bug in PeParser
- Added Export parsing
- Fixed a bug in SSDT parsing
- Added detections


V8.6.8 09/02/2013
=================
- Fixed a bug in peParser
- Truesight v0.9


----- Now Date in english format


V8.6.7 27/08/2013
=================
- Fixed display issue
- Fixed problem in Registry module
- Added Rogue.AntiSpy-LSP pattern (Live Security Professional)
- Added detections


V8.6.6 19/08/2013
=================
- NEW! Ability to resize the application (but still flickering when resized...)
- Fixed display issue in safe mode
- Removed Hosts scan if file is bigger than 1MB
- Added detections
- Fixed bug in removal


V8.6.5 04/08/2013
=================
- NEW! Added support for new ZeroAccess variant (RTL)
- NEW! Added AutoRun value support in PE mode
- Fixed bug for rebooting query
- Fixed bug in file/folder deletion
- Removed unauthorized characters in report
- Updated links


V8.6.4 29/07/2013
=================
- Fixed display bugs
- Added tab icons
- NEW! One scan can allow user to trigger each option once (Delete, HostsFix, DNSFix, ProxyFix)
- Fixed bug in DLL module
- Modified Honey display in report
- Fixed bugs in PeParser
- Fixed bug in file parser
- Added detections
- Database queries switched to UNICODE


V8.6.3 17/07/2013
=================
- Added detections
- Fixed bugs
- Added crash feedback link into crash window


V8.6.2 02/07/2013
=================
- Modified links
- Fixed bugs
- Added Turkish translation
- Added switches -autoscan, -autoaccepteula, -autoquit and -autodelete for automation of the flow
- NEW! Minidump writting for DEBUG version (in cas of crash)


V8.6.1 17/06/2013
=================
- Fixed bugs
- Improved filename parsing


V8.6.0 14/06/2013
=================
- Changelog in English
- Rewrited whole engine
- NEW! Added icons in lists
- NEW! Added colors for Hosts lines detection
- Report: Splitted in object coherency (Tasks, Startup folders, registry)
- NEW! Honey module (previous PE module rewriten from scratch)
- NEW! .ini file for configuration storing
- NEW! Firefox malware detection module
- Added signatures
- Added ZeroAccess infection => Windows Defender repair
- Added disclaimer on Shortcut fix option
- Added hosts malicious lines identification in report
- Translations updated
- Added drivers to the patched files list to check
- Added service repair option (Tools/Repair services)
- Added Aho-Corasick algorithm for fast signature matching. Improved signature finding speed.
- NEW! Opera module - Added Proxy configuration


V8.5.4 18/03/2013
=================
- D?tection de lignes malicieuses Hosts file
- Ajout de signatures


V8.5.3 13/03/2013
=================
- Correction de bugs
- Ajout de signatures


V8.5.2 23/02/2013
=================
- D?placement des signatures MBR dans la base de donn?es
- Correction de bugs


V8.5.1 12/02/2013
=================
- MAJ d?tection Necurs.A
- MAJ base de donn?es
- Correction d'un bug dans le module database


V8.5.0 08/02/2013
=================
- Meilleure prise en charge de ZeroAccess

V8.4.4 01/02/2013
=================
- Langue Italien
- Langue Polonais
- Langue Cor?en
- Module PE: Correction de bugs
- Module Reg: correction d'un bug
- Detection ZeroAccess - Am?liorations


V8.4.3 08/01/2013
=================
- Langue Russe
- Module PE: Ajout des dossiers de d?marrage
- Module PE: Am?liorations diverses

V8.4.2 31/12/2012
=================
- Am?lioration du module PE


V8.4.1 23/12/2012
=================
- Correction d'un bug dans le module PE
- Correction d'un bug dans le module Files
- Correction d'un bug dans le module Hive
- Langue Spanish
- Dell MBR


V8.4.0 11/12/2012
=================
- Optimisations de code pour passage en x64
- Version x64 disponible
- correction d'un bug dans le module Tasks
- correction d'un bug dans le module Hooks

V8.3.2 07/12/2012
=================
- correction d'un bug dans le module startup
- correction d'un bug dans le module patched
- Correction d'un bug dans le module ntreg
- Possibilit? de d?senregistrer un service (ntreg) si impossibilit? de supprimer en mode RAW
- Prise en charge du MBR Fix pour TDL4 (Thanks XdeadCode)
- d?tection Root.MBR Alipop
- D?tection Root.MBR Mebroot
- D?tection Root.MBR Plite


V8.3.1 20/11/2012
=================
- R?organisation du traitement


V8.3.0 17/11/2012
=================
- Migration de la base de donn?es
- Correction de bugs
- Bouton facebook

V8.2.3 07/11/2012
=================
- Preparation ? SQLite
- Optimisation module parsing
- Correction d'un bug de d?tection du chemin process x64
- WL dll
HPStatusBL.dll
- Correction d'un bug dans le module Crypt
- WL
Screenpresso.exe

V8.2.2 03/11/2012
=================
- Window BL
Micorsoft Essential Security Pro 2013
Windows 8 Defender 2013
- BL
MESP.exe
- Ajout d'une whitelist par chemin
- Corection d'un bug dans le module blacklist
- Modification du lien FR tutoriel
- Traduction N?erlandais
- Ajout de la date et du mode dans le nom du rapport
- Executable pack? UPX
- driver WL
sbhips.sys */ SunBelt */
d347bus.sys /* Daemon tools*/
- WL
Windir/VPro500.exe
windir/*np325.exe
- BL particular
Windir\\syswow64\\config\\systemprofile\\AppData\\Local\\{********-****-****-****-************}\\@
Windir\\syswow64\\config\\systemprofile\\AppData\\Local\\{********-****-****-****-************}\\U
Windir\\syswow64\\config\\systemprofile\\AppData\\Local\\{********-****-****-****-************}\\n
Windir\\syswow64\\config\\systemprofile\\AppData\\Local\\{********-****-****-****-************}\\L

V8.2.1 29/10/2012
=================
- DNS WL
24.222.0.95
- Driver WL
avgtpx86.sys /*AVG*/
regguard.sys /*RegRun*/
- Whitelist
cdloader2.exe
magicJack.exe
AmazonCloudDrive.exe
V0220Mon.exe
msnotif.exe
LGMLauncher.exe
Communicator.exe
- Correction d'un bug dans le module debug
- Modifications du module d'importance
- Adaptation du driver pour Windows 8
- R?cup?ration des noms d'API SSDT en userland (compatibilit? Win8)


V8.2.0 22/10/2012
=================
- Truesight v0.7
- Fix langue German
- Divers corrections de bugs
- Whitelist
sys32/pcalua.exe
LogMeInSystray.exe
Dashlane.exe
- DNS Whitelist
86.64.145.14*
129.250.35.251
- Driver WL
SbFw.sys /*GFI Software*/
- Window BL
File Restore (FakeHDD)    


V8.1.1 01/10/2012
=================
- Traduction Chinois traditionnel
- correction de bugs mineurs
- ajout de couleurs sur les listviews pour diff?rencier les type de d?tection
- correction d'un bug dans le module Blacklist
- Window BL
XP Defender 2013
Vista Defender 2013
Win 7 Defender 2013


V8.1.0 28/09/2012
=================
- Support du changement de langue au runtime
- correction d'un bug dans le module processes
- ajout d'un bouchon MBR (pour les tests)
- ajout d'un lien "website" dans l'ent?te du rapport

V8.0.5 23/09/2012
=================
- gestion des switchs de lancement
- ajout du switch "-nodriver" qui emp?che le chargement du driver
- ajout du switch "-nokill" qui emp?che le kill de processus (certains processus provoquent un BSOD au kill, il vaut mieux attaquer leur cl? de registre)
- ajout d'une cat?gorie "Extern Hive" dans le rapport => Listing des ruches externes trouv?es
- correction d'un bug dans le module Extern hives
- correction de bugs


V8.0.4 19/09/2012
=================
- Encryption des fichiers en quarantaine (Utiliser Cryptonic avec la cl? "RogueKiller" pour d?chiffrer)
- optimisation du module WEB
- Ajout de la suppression hors API lorsqu'une cl? est prot?g?e
- Correction d'un bug dans le module HiveReader
- Suppression de la v?rification des cl?s LEGACY (pas utilis?)
- Dll whitelist
adawarebp.dll
SkyDriveShell.dll


V8.0.3 13/09/2012
=================
- Correction d'un bug dans le module HiveReader
- Correction d'un bug dans le module Registry
- Correction d'un bug dans le module File ASSO
- Correction d'un bug dans le module Proxy FF
- Prise en charge des rootkits maxSST (fix d?sactiv? car non test?)
- Deactivation of "Patched" module (not really used, to many false positives)
- Whitelist DLL
tv_w32.dll
- Whitelist
%Windir%/HelpPane.exe
TeamViewer.exe
tv_w32.exe
TeamViewer_Desktop.exe
ibsvc.exe


V8.0.2 31/08/2012
=================
- Fichiers particuliers
\\RECYCLER\\[ANYFOLDER]\\$********************************\\n
\\RECYCLER\\[ANYFOLDER]\\$********************************\\@
\\RECYCLER\\[ANYFOLDER]\\$********************************\\L
\\RECYCLER\\[ANYFOLDER]\\$********************************\\U
\\$recycle.bin\\[ANYFOLDER]\\$********************************\\n
\\$recycle.bin\\[ANYFOLDER]\\$********************************\\@
\\$recycle.bin\\[ANYFOLDER]\\$********************************\\L
\\$recycle.bin\\[ANYFOLDER]\\$********************************\\U
- Incproc HJ
{fbeb8a05-beee-4442-804e-409d6c4515e9}
{5839fca9-774d-42a1-acda-d6a79037f57f}
- Blacklist
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%.exe


V8.0.1 30/08/2012
=================
- Correction de bugs
- Whitelist
c2c_service.exe
SkyDrive.exe
procexp.exe
- Driver WL
RapportCerberus$ (trusteer)
- Truesight v0.6
Surveillance de DriverEntryIO
- Ajout patterns pour blacklist (GENDARMERIE)
install_0_msi.exe
hleo32.exe
regsrv64.exe
msconfig.dat
hos32.exe

V8.0.0 26/08/2012
=================
- [[Ramaniement de Code]]
- Surveillance de la cl? HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\services\\Tcpip\\Parameters : DataBasePath (HOSTS)
- Am?liorations diverses
- Ajout d'un cartouche d'information sur l'infection
- Refonte de certaines fenetres
- Whitelist
StatBar.exe
%windir%\^^Service.exe
%sys32%\iac25_32.ax

V7.6.6 10/08/2012
=================
- Recherche de fichiers de remplacement en cas de fichiers patch?s.
- Remplacement des fichiers patch?s en mode SUPPRESSION

V7.6.5 03/08/2012
=================
- Correction d'un bug dans le module peParser (PE x64)
- Ajout signature
ZeroAccess (services.exe x64)
- Windows BL
Live Security Platinum

V7.6.4 17/07/2012
=================
- Ajout d'une blacklist pour valeurs de registre
- BlacklistValue
Update (GENDARMERIE)
- Ajout patterns pour blacklist (GENDARMERIE)
fest0r_ot.exe
Schnarch.exe
- Whitelist DLL
cleanup.dll (MBAM)
- Windows BL
File Recovery


V7.6.3 08/07/2012
=================
- Correction d'un bug dans le module HiveReader (gestion valeurs de registre unicode)
- Ajout patterns pour blacklist (GENDARMERIE)
roper0dun.exe
rasmxs.exe
SCardDlg.exe
TapiSysprep.exe
0_0u_l.exe
glom0_og.exe


V7.6.2 02/07/2012
=================
- Ajout d'un module de kill / relaunch de processus englobant la suppression de fichiers particuliers
(explorer.exe est tu? / r?activ?)
- Correction d'un bug dans la d?tection des fichiers particuliers
- Surveillance de la cl? : HKCR\\CLSID\\{42aedc87-2188-41fd-b9a3-0c966feabec1}\\InprocServer32 (ZeroAccess)
- Blacklist
sys32 / n
- Part files blacklist
windows\\Installer\\{********-****-****-****-************}\\L
localAppdata\\{********-****-****-****-************}\\L
sys32\\config\\systemprofile\\Local Settings\\Application Data\\{********-****-****-****-************}\\L
sys32\\config\\systemprofile\\Local Settings\\Application Data\\{********-****-****-****-************}\\U
sys32\\config\\systemprofile\\Local Settings\\Application Data\\{********-****-****-****-************}\\@
sys32\\config\\systemprofile\\Local Settings\\Application Data\\{********-****-****-****-************}\\n


V7.6.1 28/06/2012
=================
- R?ctivation du module de recherche de signatures
- Ajout d'un module de v?rification des fichiers syst?mes (ASLR + recherche de signatures)
- V?rification du fichier services.exe
- Ajout signature
ZeroAccess (services.exe)
- Correction de bugs (module Window)
- Ajout patterns pour blacklist (GENDARMERIE)
er_00_0_l.exe
- Correction de bugs


V7.6.0 26/06/2012
=================
- Ajout d'un contract utilisateur (EULA)
- Modification du module Particular files pour prise en compte des raisons de suppression + comparaison par masque
- Part files blacklist
windows\\Installer\\{********-****-****-****-************}\\n
windows\\Installer\\{********-****-****-****-************}\\@
windows\\Installer\\{********-****-****-****-************}\\U
localAppdata\\{********-****-****-****-************}\\n
localAppdata"\\{********-****-****-****-************}\\@
windows\\Assembly\\GAC\\Desktop.ini
windows\\Assembly\\GAC_32\\Desktop.ini
windows\\Assembly\\GAC_64\\Desktop.ini
- Drivers WL
avgidsshimx.sys (AVG)


V7.5.4 07/06/2012
=================
- Surveillance de la cl? : HKCR\\CLSID\\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\\InprocServer32 (ZeroAccess)
- Ajout programdata dans chemins sensibles
- Ajout patterns pour blacklist (GENDARMERIE)
pkg0u.exe
pkg_0ll.exe
WinzipArchiver.exe
TarArchiver.exe
Smoerrebroe.exe
tpl_0_c.exe
RarArchiverWin.exe

V7.5.3 05/06/2012
=================
- Am?lioration de l'interface
- Revue des traductions
- Mise ? jour de la detection ZeroAccess (Sirefef)
- Ajout patterns pour blacklist (GENDARMERIE)
krussel3.exe
AMD_cpx.exe
Apple_Store.exe
cs8v0k.exe


V7.5.2 30/05/2012
=================
- Correction d'un bug faisant apparaitre une popup
- Am?lioration du module de redirection des chemins
- Whitelist
SpotifyWebHelper
%windows%/ALCMTR.exe
- Ajout patterns pour blacklist (GENDARMERIE)
ArchiverforWin.exe
game_client.exe
WinArchiver.exe


V7.5.1 28/05/2012
=================
- Am?lioration du module de comparaison par masque
- Surveillance de HKLM\\SYSTEM\\ControlSet001\\Control\\SafeBoot : AlternateShell
- Surveillance du registre x64 pour la cl? SHELL
- Ajout patterns pour blacklist (GENDARMERIE)
k8h0pp.exe
temp##.exe
ServiceVBOX.exe
%sys32%/%%%%%%%%%%%%%%%%%%%%.exe


V7.5.0 24/05/2012
=================
- Ajout de la possibilit? d'utiliser RogueKiller sous environnement PE.
- Possibilit? de scanner les ruches windows en branchement externe du DD.
- Correction d'un bug dans ntreg
- Ajout bureau dans suspect paths
- Ajout patterns pour blacklist (GENDARMERIE)
k8h00.exe
VboxServs.exe


V7.4.5 18/05/2012
=================
- Int?gration librairie ntreg
- Ajout patterns pour blacklist (GENDARMERIE)
ch8l0.exe
p0j99p.exe
spoolsrv.exe
FSnapshot_x86.exe
BSI.bund.exe
GboxService.exe
InfoServices_a.exe
ksprskylabs1.exe


V7.4.4 08/05/2012
=================
- D?tection de Xpaj (bootkit)
- Ajout de patterns de d?tection GENDARMERIE
ms.exe
#{1}.#{12+}.exe
wpbt#{1}.dl{2}
hnszs#{1}.exe
ms*****.bat
ram_reserver64.exe
itunes_service#{2}.exe
syncservicex86.exe
EPUhelpers.exe
DNS_Servicex86.exe
kitre#{1}.exe


V7.4.3 04/05/2012
=================
- Mise en place des patterns pour d?tection des processus, cl?s RUN, SHELL, Startup
- Correction d'un bug dans le module HiveReader
- Optimisations de code
- TrueSight : Securisation du code


V7.4.2 03/05/2012
=================
- Correction d'un bug dans le module HiveReader


V7.4.1 02/05/2012
=================
- Whitelist
E_FATIHJL.EXE
- Ajout du pattern GEMA
- Ajout du pattern GENDARMERIE
- Correction d'un bug dans le module readMBR
- Correction d'un bug dans le module SSDT


V7.4.0 01/05/2012
=================
- Correction d'un bug dans le module debug
- Ajout du module ExceptionHandler => gestion automatique des plantages (en partie).
Quand un crash survient, une fen?tre s'ouvre et propose ? l'utilisateur de l'envoyer automatiquement.
- Window BL
Data Recovery (FakeHDD)
- Support des langues:
Allemand


V7.3.4 27/04/2012
=================
- Ajout du module SigCheck, permettant la recherche de signatures dans les fichiers binaires.
=> Recherche de signatures dans les processus
- Correction d'un bug dans le module readMBR (r?organisation de la priorit? des signatures)
- Correctifs dans les resources de langue.


V7.3.3 22/04/2012
=================
- Prise en compte de la valeur Start_TrackProgs (Programmes r?cents menu d?marrer)
- Correction d'un bug dans le module HiveReader
- Modification des ACLs avant v?rification des cl? RUN (bug virus Gendarmerie)
- Support des langues:
Grec
Portugais


V7.3.2 20/03/2012
=================
- [13/04/2012] Correction de bugs
- [03/04/2012] Window BL
SMART HDD
- [23/03/2012] Ajout lien vers Security Shield (blog)
- [22/03/2012] Module Debug - Second ajout
- [22/03/2012] Module statistique => Activation de plusieurs langages.
- [21/03/2012] Ajout progressBar (permet de savoir si un scan est en cours)
- [21/03/2012] Activation des styles visual
- [21/03/2012] Module Debug - Premier ajout
- [21/03/2012] Correction d'un bug
- [21/03/2012] Window Blacklist
System Shield
Security Shield
- Correction d'un bug dans le module startup
- Ajout de la surveillance du dossier "Common Startup"
- TrueSight v0.5 : Optimisations de code
- MAJ langue Czech / Slovak
- Ajout checkbox "AntiRootkit" qui d?sactive les fonctionnalit?s du module TrueSight


V7.3.1 10/03/2012
=================
- Correction d'un bug dans le module faked
- Ajout d'une checkbox pour d?sactiver le module faked (le scan prend du temps)
- Whitelist
Skype.exe
FixCamera.exe
firefox.exe
plugin-container.exe
- Driver WL
Crypto.sys /*SafeNet*/
mfehidk.sys /*McAfee*/
wpsdrvnt.sys /*Symantec*/    


V7.3.0 08/03/2012
=================
- TrueSight v0.4
- Possibilit? de fixer les hooks inline.
- TrueSight : D?tection des hooks IRP (Major et Inline) sur un driver donn? -> Atapi.sys
- Possibilit? de fixer les hooks IRP inline (peut g?n?rer un BSOD dans certains cas, cette fonction reste ? am?liorer. A utiliser uniquement en dernier recours).
- Ajout d'un messagebox demandant confirmation si aucune suppression n'a ?t? effectu?e
- TrueSight : Bypass des fonctions du driver pour Windows 8 (pas compatible pour le moment)
- TrueSight : Optimisations de code
- Detection de Windows 8
- Correction d'un bug dans le module HiveReader (valeur / cl?s avec accents)
- Ajout d'un module de d?tection des fichiers FAKED (exp?rimental)
-> Appliqu? sur sys32/drivers
- Correction d'un bug dans le module SHELL
- Correction d'un bug dans le module STARTUP
- Correction d'un bug dans le module WEB
- Module Startup : Possibilit? de voir les dossiers de toutes les sessions (au lieu de la courante)
- Surveillance de la cl? HKCU\...\Advanced : Start_ShowRun


V7.2.1 29/02/2012
=================
- TrueSight v0.3
- Detection des hooks inline (fonctions SSDT seulement)
- Correction d'un bug dans le module HiveReader
- Driver WL
avipbb.sys /*Avira*/
avkmgr.sys /*Avira*/
- Window BL
Smart Fortress 2012
Windows Shield Tool
Windows PRO Scanner
Windows Basic Antivirus
Windows Stability Guard
Windows Firewall Constructor

V7.2.0 27/02/2012
=================
- Ajout d'une option FixMBR dans l'onglet MBR. Cette option devient disponible si une infection MBR est trouv?e.
- Possibilit? de fixer le bootstrap MBR avec un MBR standard (XP, Vista ,Seven)
- Ajout d'un module de lecture directe des ruches => d?tection cl?s / valeurs cach?es de l'API
- d?tection MBR Toshiba
- d?tection MBR Lenovo
- d?tection MBR Standard
- d?tection MBR KIWI Image system
- Whitelist
Spotify.exe
jusched.exe (global)
- Window BL
Windows Functionality Checker
Windows Smart Warden
Home Malware Cleaner
Windows Smart Partner
Antivirus Protection
Windows Telemetry Center
Windows Perfomance Catalyst
Strong Malware Defender

V7.1.0 15/02/2012
=================
- Passage du code en logique UNICODE (au lieu de ANSI)
- Correction de bugs
- Ajout du support des langues:
Czech
Slovak
- Mise ? jour des d?tections MBR whistler/sinowal
- d?tection MBR myBIOS
- D?tection des MBR flood?s par NOP
- Blacklist window
Security Scanner
Internet Security
Internet Security 2012
- Rogue ProgFile
\\PCSpeed Service\\
\\everyclear\\
- Blacklist
gema.exe

V7.0.4 08/02/2012
=================
- Ajout d'une checkbox pour d?sactiver le scan MBR (choix utilisateur)
- Correction d'un bug d'affichage faisant disparaitre les boutons dans certaines basses r?solutions d'?cran


V7.0.3 06/02/2012
=================
- Modification du module LL2 => moins d'erreur d'acc?s, notemment sur les OS x64
- Correction d'un bug dans le workflow des modes secondaires
- Blacklist
InetAccelerator.exe (Gendarmerie2)

V7.0.2 30/01/2012
=================
- Correction de bugs d'affichages (retours ? la ligne en trop) dans l'?dition du rapport
- Correction dans le module MBR => taille des partitions actualis? (1ko = 1024 octets)
- Whitelist
adawarebp.exe
DropBox.exe
- Rogue ProgFiles
\\BoanCatch\\
\\pcupgrade\\
\\best-pc\\
\\PCMaster Antispyware\\
\\InfoSeven\\
\\comdoumi\\
- Ajout pattern Rogue.ViusDoctor, Rogue.Zaxar
- Window BL
Antivirus Smart Protection
Malware Protection Center


V7.0.1 28/01/2012
=================
- Correction d'un bug dans le module MBR => Type de partitions actualis?s
- Correction d'un bug dans le module MBR => Calcul des tailles de partition actualis?
- Passage ? 5 PhysicalDrive Max
- Ajout du nom des disques physiques


V7.0.0 26/01/2012
=================
- Passage en mode GUI


V6.2.4 12/01/2012
=================
[24/01/2012] - Ajout de cl?s Advance:  Start_ShowMyDocs Start_ShowRecentDocs Start_ShowUser
Start_ShowMyPics Start_ShowMyGames Start_ShowMyMusic Start_ShowControlPanel Start_ShowDownloads
Start_ShowVideos Start_ShowHelp Start_ShowPrinters Start_ShowSetProgramAccessAndDefaults
[23/01/2012] - Correction d'un bug dans le module MBR
[23/01/2012] - Correction d'un bug dans le module TASKS
[23/01/2012] - Window BL : Smart Protection 2012
[16/01/2012] - Prise en charge des dlls lanc?es depuis un raccourci startup (virus Gendarmerie)
[16/01/2012] - Correction d'un bug dans le module checkPath
- Ajout HKEY_USERS\\Software\\Classes\\pezfile\\shell\\open\\command
- Ajout HKEY_USERS\\Software\\Classes\\.exe\\shell\\open\\command
- Ajout HKEY_USERS\\Software\\Classes\\exefile\\shell\\open\\command
- Correction d'un bug dans le module de sauvegarde REG
- Ajout de l'option a : WhyIGotInfected? => ouverture de la page de WIGI
- Ouverture de liens vers les manips du blogspot en fonction de l'infection detect?e (ZeroAccess, FakeRean)


V6.2.3 09/01/2012
=================
- Whitelist
smad.exe
- Whitelist Dll
BatInfEx.dll
BatLogEx.dll
- Driver Whitelist
hookcentre.sys /*Gdata*/
- Window Blacklist
System Check
- Rogue ProgFiles
\\InfoSafe\\
\\CleanerCom\\
\\MicroVaccine\\
\\PC-Spider\\
\\CYAK\\
\\PcVirusDoctor\\
\\VDoctor Professional\\
\\CheckSpeed\\

V6.2.2 31/12/2011
=================
- Detection MBR Code TestDisk
- Detection MBR Code HP tatou?
- Detection MBR Code Whistler
- Distinction entre Vista / 7 MBR Code
- Detection MBR Code Linux
- Correction d'un bug dans le module de backup REG


V6.2.1 28/12/2011
=================
- Detection MBR codes XP et Vista/7
- Detection MBR codes MaxSS / TDL4 / PiHar
- Modification du module MBR (prise en compte de plusieurs PhysicalDrive)
- Whitelist DLL
%sys32%/LogiLDA.dll
panda_url_filtering.dll
nsMouselib.dll
msconf.dll
- Whitelist
B2CNotiAgent.exe
HpSAUpgrade.exe
HPSFUpdater.exe
panda_url_filtering.exe
MpSigStub.exe
dplaysvr.exe
realplayerent_config.exe
- rogue ProgFiles
\\info-manager\\
- Window BL
Security Monitor

V6.2.0 12/12/2011
=================
- Ajout d'un module de d?tection des screensavers : HKEY_CURRENT_USER\\Control Panel\\Desktop : SCRNSAVE.EXE
- Mise ? jour du pattern ZeroAccess (d?tection du FS $NtUninstallKB / consrv.dll)
- Ajout de mot-cl?s d'importance dans les rapports (redirection des logs au niveau du serveur PHP)
- Ajout du pattern statistique Root.MBR
- Ajout check du MBR (LL2) + activation du module
- Dump des MBR trouv?s dans la quarantaine
- Modification de la fin du script => possibilit? de garder le notepad ouvert
- Correction de bugs
- Rogue ProgFiles
\\datasave\\
\\sweeperlab\\
\\virussecurity\\
\\ProtectCop\\
\\HomeBoan\\
\\SmartSafer\\
- Whitelist
pccntupd.exe
pull.exe
RapportService.exe
HWDeviceService.exe
windir\v0330mon.exe
- Driver Whitelist
uphcleanhlp.sys /*WinXP (?)*/
FireTDI.sys /*Mac Afee*/    
fslx.sys /*Symantec*/
savonaccesscontrol.sys /*Sophos*/    
ShldDrv.sys /*Panda*/
bdrsDrv.sys /*BitDefender*/
- WhitelistDLL
rooksbas.dll
- Blacklist
%sys32/sysrunc.exe


V6.1.12 02/12/2011
=================
- Ajout check du MBR (User / LL1) --> d?sactiv? pour tests
- Ajout pattern Rogue.AntiSpy-AH
- Window Blacklist
XP Antispyware 2012
XP Antivirus 2012
XP Security 2012
XP Antispyware 2012
XP Home Security 2012
XP Internet Security 2012
Vista Antispyware 2012
Vista Antivirus 2012
Vista Security 2012
Vista Home Security 2012
Vista Internet Security 2012
Win 7 Antispyware 2012
Win 7 Antivirus 2012
Win 7 Security 2012
Win 7 Home Security 2012
Win 7 Internet Security 2012


V6.1.11 30/11/2011
=================
- Ajout d'un module de chargement direct du driver (plus efficace)
- d?sactivation du module "LOCKED"
- Window Blacklist
BlueFlare Antivirus
Wolfram Antivirus
OpenCloud Security
Malware Protection
Spyware Protection
Cloud Protection
Guard Online
AV Guard Online
Cloud AV 2012
- Rogue ProgFiles
\\NDoctorCom\\
\\perfectcare\\
\\privacyup\\
\\PowerPC\\
\\CleanCatch\\
- blacklist
Cloud AV 2012v121.exe


V6.1.10 18/11/2011
=================
- Ajout d'un module de r?cup?ration des donn?es des pr?c?dents scans (PREVRUN)
- Rogue ProgFiles
sweeperlab
VirusSecurity
- Blacklist
AV Protection 2011v121.exe
- Window Blacklist
AV Protection 2011

V6.1.9 16/11/2011
=================
- Ajout d'un module de v?rification des fen?tres windows ouvertes
- Ajout d'un module de r?sidu des process (pour registre)
- Correction de bugs
- Window Blacklist
System Fix
Privacy Protection
AV Security 2012
System Restore
System Security  2011
AV Protection Online
Security Sphere 2012
- Driver WL
pxrts.sys /*PrevX real time scanner*/
guard.sys /*AVG 7*/    
- Whitelist
%windows%\wanmpsvc.exe
%windows%\*snpstd$
%windows%\sttray.exe
%windows\lclock.exe
%windows\ATKKBService.exe
MessageCheck.exe
%windows\UpdReg.EXE
uUACTokenSvc.exe
GameXNGO.exe
- Whitelist DLL
LC.dll
npSkypeChromePlugin.dll
- Whitelist DNS
4.2.2.$


V6.1.8 14/11/2011
=================
- Ajout Pattern: PrivacyProtection
- Correction de bugs
- Ajout cl? : HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced : Start_ShowMyComputer
- Ajout cl? : HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced : Start_ShowSearch
- Whitelist
netsession_win.exe
SetWallpaper.cmd
TUAutoReactivator32.exe
%windows%\VM_STI.EXE
%windows%\ZSSnp211.EXE
%windows%\Domino.EXE
FacebookUpdate.exe
googletalkplugin.exe
%windows%\SiSUSBrg.exe
lsnfier.exe
%windows%\Imgtask.exe
mediaget.exe
%windows%\AutoKMS.exe
%windows%\mixer.exe
- Driver WL
SandBox.sys /*Sandboxy*/
RapportPG.sys /*Trusteer (Report)*/    
sbaphd.sys /*Sunbelt*/
PavProc.sys /*Panda antivirus*/        
PavSRK.sys /*Panda antivirus*/    
- Dll WL
KeyboardOnlineTray.dll
mcdvd_32.dll
- Blacklist
AV Security 2012v121.exe


V6.1.7 05/11/2011
=================
- Am?lioration du module statistique (Patterns ZeroAccess, Fake HDD, Rogue ProgFiles)
- Correction de bugs
- Ajout d'un module de gestion de la reflection du registre (x64)
- am?lioration du backup en .reg (prend en charge les cl?s au lieu des valeurs seulement)
- Rogue ProgFile
\\PatchUp_Plus\\
\\NVirusKorea\\
\\ProtectCode\\
\\CoreScan\\
\\AntiAvoid\\
\\IPRIVACY\\
\\ProtectKeep\\
\\AnyCop\\
\\windowpc\\
- Whitelist
arservice.exe
supprim? kmservice.exe (crack pour Office 2010)
- Whitelist DLL
IadHide5.dll


V6.1.6 01/11/2011
=================
- Ajout d'un module statistique (connexion base de donn?e SLT)
- DNS whitelist:
8.8.4.$
- Correction de bugs
- Whitelist :
windows\BCMSMMSG.exe
windows\*snp2***.exe
windows\stsystra.exe
windows\qmc.exe
windows\cthelper.exe
windows\ALCXMNTR.EXE
sys32\ANIWConnService.exe
sys32\PSDrvCheck.exe
rnupgagent.exe
googletalk.exe
E_FATICDL.EXE
- Drivers WL:
OADriver.sys /*Online armor*/
sp_rsdrv2.sys /*Spyware terminator*/
cmdguard.sys /*Comodo IS*/    
SYMEVENT.SYS /*Symantec*/
SASKUTIL.SYS /*SUPER Antispyware*/
PSINProc.sys /*Panda Security*/     
- Whitelist DLL
migrate.dll
OIExt.dll
BthAuthenticationTime.dll
NativeHelpNotifier.dll


V6.1.5 29/10/2011
=================
- Ajout d'un module de v?rification en ligne du num?ro de versio
- Ajout d'un module d'envoi automatique des rapports ? l'adresse du d?veloppeur (pour am?lioration de l'outil)
- Drivers WL:
fshs.sys /*F-Secure Orange AV*/
- Rogue ProgFiles
\\boankorea\\
\\FastScan\\

V6.1.4 22/10/2011
=================
- Rogue ProgFiles
\\VirusScan\\
\\pcspeedup\\
- Drivers WL:
ehdrv.sys /*ESET Helper Driver*/
- Whitelist
AVGIDSMonitor.exe    
- Ajustement de la d?tection dans le module RANDOMNAME



V6.1.3 14/10/2011
=================

- TrueSight v0.2
- Correction de bugs
- R?arrangement du code
- Ajout backup des suppressions registre en .reg
- Ajout d'un module de d?tection des noms al?atoires
- Blacklist
sys32\lvvm.exe
crss.exe (Cloud Protection)
- Rogue ProgFiles
\\realcleaner\\

V6.1.2 07/10/2011
=================

- Drivers WL:
PCTCore.sys /*PCTools*/
bdselfpr.sys /*Bitdefender*/
- Kill des processus v?rouill?s
- WellKnown processes
audiodg.exe
- Rogue ProgFiles
\\vaccinecom\\
\\PCPlusSecurity\\
- WellKnown WL
sys32\ctfmon.exe
sys32\lsm.exe
sys32\SearchIndexer.exe
sys32\sppsvc.exe
sys32\SearchProtocolHost.exe
sys32\SearchFilterHost.exe
sys32\mctadmin.exe
sys32\dllhost.exe
sys32\alg.exe
sys32\wscntfy.exe
sys32\notepad.exe
sys32\wuauclt.exe
sys32\userinit.exe
sys32\msdtc.exe
windows\agrsmmsg.exe
- Whitelist dll
nvsysrot.dll


V6.X.X XX/XX/XXXX (Version repous?e)
=================
- Module de suppression de cl?s (recursif) par appel direct
- chargement du driver en mode BOOT antagoniste si bloqu?
- Detection de cl?s de registres cach?es du SCM
- Ajout chemin sensible %sysroot% pour processus
- Ajout d'un module de detection des noms long -processus et cl?s- (Guard Online / OpenCloud / ...)


V6.1.1 28/09/2011
=================
- Correction d'un bug dans le chargement / d?chargement du driver
- Supprim? messages debug
- TrueSight v0.1
- Ajout driver Whitelist avec masque
- Ajout blacklistPath dans recherche des services
- Drivers WL:
unknown /*Unknown*/
vsdatant.sys /*ZoneAlarm*/
procguard.sys /*ProcGuard*/
aswSP.sys /*Avast*/
aswSnx.sys /*Avast*/
PCTAppEvent.sys /*PCToolsFirewallPlus*/
sp**.sys /*Daemon tools*/
AVGIDSShim.Sys /*AVG*/
- Rogues progFiles
\\HelpPrivacy\\
\\InfoBoan\\
\\windowsliveprotect\\
\\DrBoan\\
\\Privacyi\\
\\Micropop\\
- Service Blacklist
MPopService


V6.1.0 22/09/2011
=================
- R?cup?ration des vrais adresses de la SSDT
- Ajout option 7 (restauration de la SSDT par index) : OPTION CACHEE car dangereuse. A utiliser sur demande d'un helper
- module TrueSight : Restauration SSDT
- module TrueSight : Kill par appel direct aux APIs NT (DrvNtTerminate)


V6.0.0 21/09/2011
=================
- Ajout d'un driver embarqu? dans les ressources
- Chargement du driver TrueSight (x86 seulement)
- Recherche des Hooks SSDT
- Recherche des Hooks Shadow SSDT


V5.3.5 21/09/2011
=================
- WhitelistDLL
LVPrcInj01.dll
- Whitelist
kmservice.exe
- Rogues ProgFiles
\\BoanCop\\
\\cleancert\\
\\VIHunter\\


V5.3.4 30/08/2011
=================
- Correction d'un bug dans la detection de la whitelist (masque)
- Ajout module de restauration des icones du bureau (SHELL)
- Ajout module de restauration de la barre des t?ches (SHELL)
- Ajout d'un mutex pour emp?cher le lancement de plusieurs instances
- Rogues ProgFiles
\\PrivacyBoho\\
\\SafePrivacy\\
\\BoanClear\\
- Whitelist
BR040286.exe


V5.3.3 18/08/2011
=================
- Ajout d'un module de d?tection de fichiers / dossiers particuliers
- Blacklist Particular:
%Appdata%\Adobe\shed
%Appdata%\Adobe\plugs
- Dll Whitelist
rpchrome$
MSVC^71.dll
- Rogue ProgFile
\\errordoctor\\
- GUID
{19090308-636D-4E9B-A1CE-A647B6F794BF} //Wolfram antivirus



V5.3.2 18/08/2011
=================
- Meilleure prise en charge du x64
--> Ajout des variables d'env SysWow64 / Program Files (x86)
--> Ajout de la restauration de Program Files (x86) dans le mode 6
- Optimisation de code
- WellKnownProcess:
varEnv.syswow64\\svchost.exe
- Whitelist:
nclaunch.exe


V5.3.1 06/08/2011
=================
- Ajout d'un module de surveillance des cl?s manquantes
- Ajout des cl?s manquantes:
HKEY_CLASSES_ROOT\\exefile\\shell\\open\\command" => default : "%1" %*
- Rogue ProgFile:
\\PrivacyCode\\
\\InfoGuard\\
\\DefenseVirus\\
\\PatchUp_Plus\\
- Whitelist dll:
btmshell.dll
mkil.dll

V5.3.0 01/08/2011
=================
- Detection des d?tournements des noms syst?me
- Le programme est maintenant capable de tuer un process de 6 mani?res diff?rentes
Cel? permet de contourner les protections de pas mal de malwares

- Service Blacklist:
wxpdrivers
srvsysdriver32
srvbtcclient
srviecheck

- Rogue progFiles
\\MacroVirus\\
\\DualVaccine\\
\\CodeScan\\


V5.2.9 31/07/2011
=================
- Service Blacklist:
Windows_Update

- Dll Whitelist
MSVCP71.dll

- Whitelist
alcwzrd.exe
PLFset^.exe


V5.2.8 23/07/2011
=================
- Ajout v?rification des .exe dans dossier d?marrage
- Dll Whitelist
Dropbox$
PLFSet.dll
-Whitelist
vsnp2uvc.exe
- Rogue progFiles
\\Clear2PC\\
\\PCMedic\\
\\boanking\\
- ajout BlackList
<user>\startupFolder\csrss.exe


V5.2.7 30/06/2011
=================
- Correction de bugs (RegCloseKey)
- Correction de bugs provoquant un ?cran noir apr?s passge de OTL (au reboot)


V5.2.6 23/06/2011
=================
- Ajout de la surveillance de la ligne:
HKEY_CLASSES_ROOT\.exe => default


V5.2.5 23/06/2011
=================
Correction de bugs majeurs faisant planter l'appli


V5.2.4 22/06/2011
=================
Rogue ProgFiles:
-\\privacyalpha\\
-\\basicprivacy\\
-\\MicroPC\\
-Whitelist
Bginfo.exe
PLFsetL.exe
- Ajout suppression ACL pour les cl?s Shell


V5.2.3 16/06/2011
=================
- Blacklist
%ProgramFiles%\csrss.exe
%ProgramFiles\conhost.exe
- Service blacklist
QTUpdate
- Rogue ProgFiles
-\\Milestone Antivirus\\


V5.2.2 05/06/2011
=================
- Ajout d'infos sur les lecteurs pour le mode 6
- Correction de bugs faisant planter les modes 6/1/2


V5.2.1 02/06/2011
=================
- Correction de bugs faisant planter le module Task Scheduler 2.0
- Raports sur le bureau quelque soit le repertoire de lancement de l'application


V5.2.0 01/06/2011
=================
- Blacklist service
cdfss
wcscd
- Prise en charge des cl?s
Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\Run
HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\ShellServiceObjectDelayLoad
HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\SharedTaskScheduler
HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Browser Helper Objects
HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Ext\\Stats
- V?rification et kill des DLL malicieuses charg?es sous explorer.exe
- Ajout du kill des dll explorer.exe dans les r?sidues
- Ajout d'un module d'exploration des GUID (Si un GUID est connu, on retrouve le chemin de la DLL malicieuse
et on l'ajoute ? la BlackList dynamique)
- Prise en charge du dossier Common Startup


V5.1.9 29/05/2011
=================
- Rogue ProgFile:
\\vaccineu\\
- Affichage des icones User / Poste de travail / Corbeille sur le bureau
Hijack : WarnOnHTTPSToHTTPRedirect
- Whitelist
soundman.exe
- Blacklist
wuaucldt.exe


V5.1.8 27/05/2011
=================
- Correction de bugs dans le mode 6
- Ajout des librairies dans la mode 6


V5.1.7 26/05/2011
=================
- Correction de bugs dans le mode 6
- Whitelist:
mhotkey.exe
mmkeybd.exe
dit.exe
LxrAutorun.exe
sw2#.exe
Screenpresso.exe


V5.1.6 21/05/2011
=================
- Rogue ProgFile
\\\Error Fix\\
- Whitelist
OEM0#Mon.exe
vVx#000.exe


V5.1.5 20/05/2011
=================
- Correction d'un bug majeur du mode 6
- Whitelist
RtHDVCpl.exe


V5.1.4 16/05/2011
=================
- Prise en charge de la sauvegarde effectu?e par Windows Recovery (Option 6)
- Whitelist:
RtHDVCpl.exe
googlecrashhandler.exe
megakeyupdater.exe
zHotkey.exe
ASScrProlog.exe
ASScrPro.exe


V5.1.3 13/05/2011
=================
- Ajout de chemins dans les repertoires sensibles:
%SystemDrive% / Windows
%System Drive% / Documents and settings / <user>
- Policy:
HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer -> NoDesktop
- Rogues PF:
\\Ifkpr\\
\\AntiDefend\\
- WhiteList:
vVX1000.exe
regedit.exe
        


V5.1.2 13/05/2011
=================
- Correction d'un bug dans le module rundll32
- Rogue progFile
\\selfprivacy\\
\\PrivacyKey\\


V5.1.1 05/05/2011
=================
- Correction de bugs faisant planter le module Task Scheduler 2.0
- Correction d'un bug de fausse d?tection dans le module RUNDLL32 (RUN) -> report? dans 4.3.12


V5.1.0 02/05/2011
=================
- Prise en charge du Task Scheduler 2.0 (Vista / Seven)
- Rogue progFile
\\PrivacyView\\


V5.0.0 30/04/2011
=================
- Migration d'IDE


V4.3.12 30/04/2011
==================
- Ajout ACCESS_DENIED dans rapports
- Ajout date p?remption de l'ex?cutable, avec message d'avertissement si > 3 jours
- Whitelist
RockMeltUpdate.exe


V4.3.11 25/04/2011
==================
- Grosses optimisations (Rapidit? du scan x4)
- Whitelist
OctoshapeClient.exe
- Rogue progFile
\\PC2Safe\\


V4.3.10 24/04/2011
=================
- Rogue progFile
\\Boan119\\
\\VaccineCore\\
\\Antivirus Clean 2011\\
- Ajout cl? : FIREFOX.EXE\\shell\\safemode\\command
- Ajout whitelist:
ereg.$ (Dragon naturally speaking)
- Correction bug module Shell
- Whitelist DNS:
62.251.229.237
- Blacklist
sys32\\windupdt\\winupdate.exe
- Whitelist:
Rsystems Support.exe
- DllWhitelist:
bthprops.cpl
-WellKnownProcess:
dwm.exe
wininit.exe

V4.3.9 16/04/2011
=================
- DllWhitelist:
"csnp2uvc.dll"
"gcswf32.dll"
"rpchromebrowserrecordhelper.dll"
- Ajout whitelist:
OrangeInside.exe
- Rogue progFile
\\Error Repair Professional\\
- Correction bug module WhitelistDLL
- Ajout de la date de la version
- Ajout d'un mode (0) pour quitter. Le programme se relance automatiquement ? la fin.
Il convient donc de choisir le mode 0 pour fermer le programme



V4.3.8 09/04/2011
=================
- Ajout d'un module de reconnaissance de processes connus (explorer.exe, etc..)
- Optimisations
- Ajout d'un module de reconnaissance des dlls charg?es en 04 sous rundll32
- Rogue progFile
\\HomeClean\\
\\BoanSupport\\
- DllWhitelist:
"oobefldr.dll" "nvsvc.dll" "NvCpl.dll"
"NvMcTray.dll" "nview.dll" "srclient.dll"
"dr25svc.dll" "cmicnfg.dll" "ksrun.dll"
"sbavmon.dll" "dlbttime.dll" "ftutil2.dll"
"nvclock.dll" "nvhotkey.dll" "nvmctray.dll"
"p17.dll" "spirun.dll" "p17rune.dll"
"ptipbmf.dll" "ulutil2.dll" "sispower.dll"
"wf2kcpl.dll" "zsscheduler.dll" "apphelp.dll"
"advpack.dll" "sti_ci.dll" "ASTSVCC.dll"
"LXBUtime.dll" "p0**0pin.dll"
- Purge rogues ProgFile
- Correction bugs (Language anglais, kill svchost.exe)
- Ajout module de restauration des param?tres du centre de s?curit?
- Ajout whitelist:
clavier.exe


V4.3.7 04/04/2011
=================
- Ajout d'un module de reconnaissance MD5 pour les process, les dll et les cl?s RUN
- MD5 Blacklist:
2eb8bf9d3fad4cb9e26a1ae184a65816 //AntivirusPlus "random.dll"


V4.3.6 29/03/2011
=================
- AJout module Association de fichiers StartMenuInternet (Firefox, IE, Opera)
- Rogue Program files
\\ADSTOP\\
\\SystemDefender\\
- DNS Whitelist
90.0.0.38


V4.3.5 29/03/2011
=================
- Ajout du disque local syst?me dans l'option 6
- Ajout du repertoire CurrentUser dans l'option 6
- Am?lioration de l'algorithme, gain de rapidit? (option 6)
- Ajout des modules de surveillance UAC: "ConsentPromptBehaviorAdmin" , "ConsentPromptBehaviorUser" , "EnableLUA"
- Ajout de module de r?paration du fond d'?cran.
- Rogue Program files
\\vaccinescan\\
- Whitelist DNS
199.243.213.* (Canada)


V4.3.4 26/03/2011
=================
- Ajout des removable devices dans l'option 6, sauf lecteur disquette.
- Ajout des repertoires Ma musique, Mes videos, Mes images
- Correction bug sur la r?cup?ration des chemins Mes videos.


V4.3.3 24/03/2011
=================
- Ajout module de v?rification de l'activation de la restauration syst?me
- Modification du syst?me WL/BL => Ajout de plusieurs chemins possible
- Ajout des disques locaux (Sauf syst?me) pour le mode 6.
- DNS Whitelist
86.64.145.145 (NEUF)
84.103.237.145 (NEUF)
- Whitelist
Dropbox.exe
LBubble Dock.exe


V4.3.2 16/03/2011
=================
- Ajout d'un module pour neutraliser les liens dans les rapports (fichiers Hosts principalement)
- Correction d'un bug g?n?rant des FPs dans le module de services
- Rogue PF
\\ProPrivacy\\
\\antiguard\\
- Whitelist
rockmeltcrashhandler.exe
rockmelt.exe
- WhitelistDNS
195.235.96.90 (DNS Espagnol)
195.235.113.3 (DNS Espagnol)

V4.3.1 14/03/2011
=================
- Ajout d'un module pour la restauration des fichiers pass?s en "cach?" par le rogue Windows diagnostic (option 6)
- Ajout whitelist:
IMVUQualityAgent.exe
- Suppression du checkPath pour les services (trop de FPs)


V4.3.0 10/03/2011
=================
- Refonte des Whitelist/Blacklist, ajout de chemins (permet de dire qu'un fichier est blacklist? sauf dans un certain repertoire, etc...)
- Correction d'un bug causant des probl?mes d'affichage dans le module de langue englais


V4.2.1 09/03/2011
=================
- Correction d'un bug faisant planter le module de langue
- Prise en charge Quarantaine pour les modules RUN/Services/Tasks/Startup Folder/Residus
- Ajout Whitelist:
isuspm.exe (Install Shield Update manager)


V4.2.0 07/03/2011
=================
- Modification du syst?me de rapports:
Les rapports ne s'ajoutent plus au fichier RKreport.txt, mais ? des fichiers distincts ? chaque lancement, nomm? suivant la norme: RKreport[NUMERO].txt
Le r?capitulatif de tous les fichiers disponibles s'affiche ? la fin du rapport.
- Whitelist DNS: 81.253.149.$


V4.1.1 07/03/2011
=================
- Correction d'un bug dans la detection des chemins de fichiers, entra?nant la non d?tection de certaines cl?s de registre avec espaces.
- Ajout rogue program files:
\\ZeroVaccine\\


V4.1.0 04/03/2011
=================
- Correction de bugs
- Ajout d'une traduction Fran?ais/Anglais selon la langue du PC


V4.0.1 28/02/2011
=================
- Correction de bugs (refonte du systeme de parsing des cl?s de registre)
- Ajout de surveillance des cl?s RunOnce, RunServices, RunOnceEx, RunServiceOnce pour toutes les sessions.
Des rogues comme System tool peuvent maintenant ?tre supprim?s depuis une session saine.
- Rogue Program files:
\\pcvaccine\\


V4.0.0 23/02/2011
=================
- Refonte du moteur avec passage du C au C++
- Modification de l'affichage des rapports, plus d'infos.
- Ajout blacklist
sdra64.exe
- Rogue program files
\\specialguard\\


V3.10.3 21/02/2011
==================
- Ajout des modules de surveillance Associations de fichiers:
HKEY_LOCAL_MACHINE\Software\\Classes\\pezfile\\shell\\open\\command
HKEY_LOCAL_MACHINE\Software\\Classes\\.exe\\shell\\open\\command
HKEY_LOCAL_MACHINE\Software\\Classes\\exefile\\shell\\open\\command
HKEY_CURRENT_USER\Software\\Classes\\exefile\\shell\\open\\command
- Ajout blacklist
eksplorasi.exe


V3.10.2 17/02/2011
==================
- Ajout d'une mise en quarantaine pour les process tu?s (pas encore pour les DLL et les r?sidus)
La quarantaine se trouve ? la racine de l'ex?cutable (RK_Quarantine) et comprends:
* Les fichiers au format -> Nom_de_lexe.exe.vir
* un fichier texte (QuarantineReport.txt) comprenant le r?capitulatif par date des suppression, ainsi que les chemins d'origine.
Demander ce rapport en cas de faux positif pour restaurer (? la main) les fichiers d?plac?s par erreur.
- Ajout module HKEY_USERS (cl? Winlogon/Windows) pour surveiller les cl?s Shell et Load des autres sessions du PC
- Ajout surveillance proxy sur HKLM
- Ajout Association fichiers EXE: HKEY_CLASSES_ROOT\\exefile\\shell\\open\\command
- Rogue Program Files
\\McAVG\\
\\AVGT\\



V3.10.1 16/02/2011
==================
- Ajout module HKEY_USERS (cl? RUN) pour surveiller les cl?s RUN d'autres sessions.
- Correction bug CheckPath
- Ajout surveillance du chemin des fichiers Services
- Ajout surveillance cl? ProxyEnable (Module Proxy)
- Rogue Program Files
\\PrivacyHidden\\
\\SafeCare\\


V3.10.0 11/02/2011
==================
- Ajout module de d?tection rootkits (sommaire)
=> BruteForce PIDs + v?rification Blacklist / WhiteList
- Ajout ouverture UAC au lancement (pour mode admin)
- R?organisation DNS Blackist => Comparaison par masque
- Rogues program files
"\\eoRezo\\"
"\\homevaccine\\"
"\\smartscan\\"



V3.9.0 01/02/2011
=================
- Migration des modules Proxy et DNS dans des options distinctes. (options 4 et 5)
- Ajout BlackList:
printer.exe (EasySpywareCleaner)
ctfmona.exe (EasySpywareCleaner)
xpupdate.exe (EasySpywareCleaner)
- Rogue Program Files:
\\EasySpywareCleaner\\
- Correction Bug sur module Shell, qui emp?chait la detection des cl?s "Load"


V3.8.5 31/01/2011
=================
- Ajout module de reconnaissance du mode de d?marrage (Normal, Mode sans ?chec avec / sans prise en charge r?seau)
- Ajout reconnaissance du nom de la session courante
- Ajout DNS WhiteList: "74.118.212.1","74.118.212.2", "192.168.10.1", "15.243.128.51","15.243.160.51", "193.95.75.10","193.95.75.13"
- Rogue Program Files:
\\MyPCCheck\\

- Ajout WhiteList:
autologin.exe



V3.8.4 29/01/2011
=================
- Ajout module de reconnaissance des DNS malicieux
- Ajout WhiteList DNS: http://www.commentcamarche.net/faq/1496-serveurs-dns-des-principaux-fai
- 74.118.212.1,74.118.212.2,192.168.10.1,156.154.70.22,156.154.71.22
- Ajout Whtelist
little transparency.exe
SmpSys.exe
- Changement Icone


V3.8.3 27/01/2011
=================
- Ajout module de d?tection de lancement automatique de raccourcis dans le dossier Startup
(C:\Documents and Settings\<USER>\Menu D?marrer\Programmes\D?marrage)

- Ajout rogues program files:
\\liveboan\\
\\security119\\
\\PrivacyInfo\\
\\MegaVaccine\\
\\WebVaccine\\
\\Smart Security\\


V3.8.2 27/01/2011
=================
- Correction de bugs
- Ajout rogues program files:
\\PC Security 2011\\
\\Best Spyware Scanner\\
\\AVP2009\\
\\RegGenie\\

- Ajout WhiteList
e_s$$**$.exe (Epson Driver)



V3.8.1 20/01/2011
=================
- Modification de code
- Correction de bugs


V3.8.0 19/01/2011
=================
-Ajout module de d?tection des rogues dans program files
-Modif module DLL pour d?tection chemin sensibles/program files
-Ajout blacklist:
avsubengine.exe (VaccineClean)
uninst_$ (Rogue.multiple)
-Ajout rogues program files:
\\VaccineClean\\
\\easyvaccine\\
\\PCoptimizer 2010\\
\\PrivacyRight\\
\\wisevaccine\\
\\privacyguard 2010\\
\\v2accine2010\\
\\NewVC\\
\\ddosclean\\
\\vaccineprogram\\
\\SpyCare\\
\\pcclearplus\\
\\CleanV\\
\\uservaccine\\
\\powercare\\
\\protect_one\\
\\QScan\\
\\ScanZero\\
\\searchguard\\
\\safetyboan\\
\\BestBoan\\
\\DataProtect\\
\\????????????\\
\\adsafer\\
\\AntiProtect\\
\\cleanscan\\
\\New2Clean\\
\\IDBoan\\
\\Scan119\\
\\????????\\
\\Vkiller\\
\\infosecret\\
\\VaccineLab\\
\\RegistryClever\\
\\VaccineData\\
\\infohold\\
\\Internetvaccine\\
\\keycop\\
\\k-security\\
\\eClean3.0\\
\\RealVaccine\\


V3.7.4 13/01/2011
=================
- Modification module HOSTS -> affichage des 20 premi?res lignes seulement
(simplifie la lecture du rapport)
- Modification du module de detection du type d'user
- Ajout whitelist:
Smax4.exe


V3.7.3 09/01/2011
=================
- Modification du module HOSTS (Ajout d'un fixACL et d'un fixAttributes, qui permettent la modif du fichier)
- Correction d'un bug g?n?rant des faux positifs dans le module HijackInitDLL


V3.7.2 08/01/2011
=================
- Ajout module de surveillance des AppInitDLL (chargement de dll au d?marrage de windows dans explorer)
- Renseignement du mode de lancement de l'appli (Admin - NOT Admin)
- Ajout blacklist
SM***.exe
SM****.exe
SM****_$.exe


V3.7.1 07/01/2011
=================
- Correction d'un bug cr?ant des faux positifs dans le module de masque
- Modification du module "inkillable" => meilleurs r?sultats, surtout sous Vista/seven
- Ajout blacklist:
sw2#.exe
Fullremove.exe

-Service Blacklist
sst#


V3.7.0 05/01/2011
=================
- Ajout module de detection Hijack WBEM (famille Antivirus 2010)


V3.6.1 28/12/2010
=================
- Ajout blacklist:
*****_##$.exe (Internet Security suite)


V3.6.0 28/12/2010
=================
- Ajout d'un module de surveillance du fichier HOSTS
- Ajout d'un mode permettant de restaurer un HOSTS sain


V3.5.2 27/12/2010
=================
- Ajout de la surveillance de la ligne
HKEY_CURRENT_USER\\Software\\Microsoft\\Windows NT\\CurrentVersion\\Windows -> Load

- Ajout Blacklist:
!^!^!#####.exe (System tool)


V3.5.1 18/12/2010
=================
- Correction d'un bug emp?chant la suppression de cl?s de registre poss?dant +2 niveaux de sous-cl?s


V3.5.0 13/12/2010
=================
- Modification du module de modif des ACLs, prise en charge de Vista / Seven
(Merci ? Egwene et Eric_71)


V3.4.0 11/12/2010
=================
- Ajout d'un module pour rendre le process inkillable! :)
(du moins hormis l'utilisateur, et les applis ayant SE_DEBUG)


V3.3.0 11/12/2010
=================
- Ajout d'un module de suppression des LEGACY
(Ne marche que sous XP pour le moment)
- Ajout d'un module de modification des ACL, avec resatauration apr?s le scan/modif des cl?s (merci ? Egwene)
- Correction d'un bug de d?tection des chemins sensibles (Appli~1 = Appdata)

V3.2.1 01/12/2010
=================
- Correction d'un bug qui faisait planter le module running services
- service blacklist:
vbma**** (Antivirus Action)


V3.2.0 20/11/2010
=================
- Modification et activation du module des taches planifi?es.
Bas? sur la blacklist, et les r?sidus en m?moire.


V3.1.0 20/11/2010
=================
- Ajout de module de scan 04
RunServices
RunOnceEx

- Blacklist
windowstmsystem.exe
microsoftspeech.exe
mbamzlib.exe
sshnas$
Zludo*.exe
Zjuje*.exe

- Service
SSHNAS

V3.0.1 14/11/2010
=================
- Ajout de service Blacklist
Follower

- Ajout de cl?s Blacklist
netc.exe
nnmmnnsys.exe


V3.0.0 14/11/2010
=================
- Hijack Policies
NoFolderOptions

- Correction d'un bug qui faisait planter le module de recherche RUN


V2.9.0 14/11/2010
=================
- Ajout d'un module de Shell Spawning (Hijack du lancement des .Exe)
pezfile
.exe


V2.8.0 13/11/2010
=================
- Ajout de module de d?tection des Hijack Policies
DisableTaskMgr
DisableRegistryTools
DisableCMD

V2.7.1 12/11/2010
=================
- Correction d'un bug faisant planter le module IFEO
(d?bordement de tableau)


V2.7.0 11/11/2010
=================
- Ajout module proxy Firefox


V2.6.0 05/11/2010
=================
- Ajout module de reconnaissance des dll charg?es sous rundll32
- Ajout module de kill des dll trouv?es dans les r?sidus
- Services Blacklist:
kxtoykoc (smart defragmenter)
jvfrhmo (think point)

V2.5.0 05/11/2010
=================
- Ajout module Image File Execution Options
- Ajout module taches planifi?es (? completer)


V2.4.0 05/11/2010
=================
- Ajout description dans les propri?t?s.


V2.4.0 30/10/2010
=================
- Ajout d'un module de scan des r?sidue
(process dont la cl? de registre ? ?t? supprim?e, mais qui n'ont pas ?t? tu?s,
car seul la valeur de la cl? de registre permet de les identifier)
- Ajout Date/Heure dans le rapport
- Correction d'un faux positif sur les noms de fichier contenant "temp"


V2.3.1 30/10/2010
=================
- Ajout recherche Blacklist pour les valeurs de registre
- BlackList:
MK**.exe (Antimalware Doctor)
MK***.exe (Antimalware Doctor)
uPc+MV$.exe (Antimalware Doctor)

- WhiteList:
Chrome.exe (se lance dans Appdata)

- Ouverture automatique du rapport ? la fin
- Message invitant ? passer le mode 2 si des infections
ont ?t? trouv?es dans le registre



V2.3.0 22/10/2010
=================
- refonte du module de scan svchost (?l?vation des privil?ges)
-> plus besoin des taskkill et tasklist

- Ajout d'un module de scan des services en cours d'ex?cution (autres
que svchost)


V2.2.0 21/10/2010
=================
- Ajout currentcontrolset003
- remaniement du code


V2.1.0 20/10/2010
=================
- Ajout d'un module de comparaison g?rant les masques
- Ajout de rogue

SM***_****.exe (Smart Engine)


V2.0.0 20/10/2010
=================
- Ajout d'un module de scan des services svchost
-> on tue le service si celui ci est suspect

Ce module ne fonctionne pas nativement sous XP home.
il faut t?l?charger 2 ex?cutables et les placer ? la racine de RogueKiller


V1.8.0 19/10/2010
=================
- Ajout d'un module de scan des services (CurrentControlSet, ControlSet001, 002)

- Ajout de services ? la liste noire:

userinit (Antivirus 2010)


V1.7.1 19/10/2010
=================

- Ajout de quelques process en WhiteList

flux.exe
RtkBtMnt.exe
GoogleUpdate.exe


V1.7.0 18/10/2010
=================
- Ajout d'un module de suppression des proxy

V1.6.0 18/10/2010
=================
- refonte de la recherche de processus.
-> Purge des Blacklist / WhiteList
-> Scan bas? sur l'emplacement du process en priorit? pour une plus grande rapidit?

- Ajout? le repertoire "Bureau/Desktop" comme dossier sensible
- Ajout? chemin des fichiers tu?s (Sauf security Tools) dans le rapport


V1.5.0 18/10/2010
=================
- Ajout d'un scan de la cl? Shell

rogue Thinkpoint pris en charge

BlackList
Hotfix.exe
Desktop Security 2010.exe


WhiteList:
GoogleUpdate.exe
chrome.exe
GoogleCrashHandler.exe
flux.exe
Ati2evxx.exe
spoolsv.exe




V1.4.0 14/10/2010
=================
- Ajout d'un choix de mode pour le registre
mode scan: ne supprime pas les cl?s de registre trouv?es
mode remove: supprime les cl?s de registre trouv?es

Cela permet de voir d'?ventuels faux positifs et rassurer les personnes
qui ne veulent pas toucher au registre, et seulement tuer le processus infectieux


V1.3.0 14/10/2010
=================
- Ramaniement du code, optimisations.
Arrangement modulaire


V1.2.0 12/10/2010
=================
- Am?lioration du module de d?tection des cl?s RUN/RUNONCE infectieuse
d?tection des fichiers / chemin de mani?re plus pr?cise
moins de faux positifs, ciblage plus facile.

- Passage en "Append" du fichier RKreport.txt (au lieu de w+)
ce qui permet de ne pas ?craser les rapports pr?c?dents en cas de multiples
ex?cutions ? la suite
(le rapport est donc une superposition ant?-chronologique des diff?rents rapports)



V1.1.2 10/10/2010
=================
- Ajout d?tection OS et affichage dans le rapport

Desktop Security 2010.exe
flash_player_installer.exe

Whitelist:
rundll32.exe


V1.1.1 08/10/2010
=================

avp32.exe (Peak Protection)
user.exe (Peak Protection)
system.exe (Peak Protection)
svc.exe
load.exe (Antivirus studio 2010)
securitycenter.exe (Antivirus studio 2010)
securityhelper.exe (Antivirus studio 2010)
AntiVirus Studio 2010.exe (Antivirus studio 2010)


V1.1.0 04/10/2010
=================
- Ajout d'un module de suppression des cl?s RUN/RUNONCE en fonction
de la liste noire/liste blanche et des filtres dossiers habituels
- Optimisations
- Ajout d'un icone programme
- Ajout de quelques process Koobface:

ld15.exe
ld16.exe
andy133.exe


V1.0.3 01/10/2010
=================
- Ajout d'un module tuant les applications tournant sous "\Application Data\"
ou un de ses sous-dossiers
- Ajout d'un module tuant les applications tournant sous "\Temp\"
ou un de ses sous-dossiers


V1.0.2 01/10/2010
=================
- Passage en priorit? Haute au d?marrage du processus
(plus grande part CPU pour le scan, donc moins de chances de se faire killer)


V1.0.1 01/10/2010
=================
- Ajout d'une whitelist minimaliste pour acc?l?rer la recherche

[System Process]
System
smss.exe
csrss.exe
wininit.exe
winlogon.exe
services.exe
lsass.exe
lsm.exe
svchost.exe
dwm.exe
explorer.exe
ctfmon.exe
dllhost.exe
alg.exe
conhost.exe
taskhost.exe
sched.exe
Locator.exe
jusched.exe



V1.0 30/09/2010
===============
- Rogue Security Tools
module de d?tection des noms compos?s uniquement de chiffres

- Ajout de rogues plus anciens:
 
ccagent.exe (Control center)
ccmain.exe
richtx64.exe (Data Protection)
asr64_ldm.exe (Dr Guard)
diskperfxp.exe (User Protection)
davclnt.exe (Digital Protection)
avp.exe
digprot.exe
datprot.exe (Data Protection)
ave.exe


- Changelog SmitfraudFix jusqu'? November 06, 2008

winupdate.exe
AVR09.exe
msa.exe
ld09.exe
mediacodec.exe
pp10.exe
SYSDLL.exe
SYS32DLL.exe
DL32.exe
pcdefender.exe
svchost_32.exe
asasa.exe
syst.exe
msctrl.exe
msavsc.exe
msscan.exe
msiemon.exe
msfw.exe
msctrl.exe
msavsc.exe
msscan.exe
msiemon.exe
msfw.exe
setup2.exe
AntivirusXP.exe
ld03.exe
pp06.exe
userload.exe
rs32net.exe
renus2008.exe
sysrc32.exe
svchostw.exe
ld01.exe
ld02.exe
pp2.exe
dll32.exe
winagent.exe
systeminit.exe
sysguard.exe
avrlabs.exe
AnvTrgr.exe
msiconf.exe
VirTrigger.exe
VirusTriggerBin.exe
svhost.exe
reged.exe
spoolsystem.exe
syscert.exe
sysexplorer.exe
wsc32x.exe

 



#11 nasdaq

nasdaq

  • Malware Response Team
  • 39,936 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:05:12 PM

Posted 27 February 2018 - 07:55 AM



Hi,

I wanted to see the ReportRogue.txt not the changelog.

Please post it.

Any change on you side?

#12 nasdaq

nasdaq

  • Malware Response Team
  • 39,936 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:05:12 PM

Posted 05 March 2018 - 08:40 AM

Are you still with me?

#13 Suleski_n

Suleski_n
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:10:12 PM

Posted 05 March 2018 - 02:43 PM

Hi nasdaq,

 

Sorry for not responding in a while. Problem seems to be solved pc runs smoothly and task manager can be opened again.

Thank you for all help and sorry again for not replying :D






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users