|
Analyzing...
|
File Name: adwcleaner_5.109.exe
SHA1: 747c5223ceb32c417933b420aeb715874f47136a
MD5: 02e3d69ed1f80f04a4098889c7d633a7
First Seen Date: 2016-04-04 20:48:13.308157 ( )
Number of Clients Seen: 10
Last Analysis Date: 2016-04-08 14:59:28.604178 ( )
Human Expert Analysis Date: 2016-04-05 10:09:34.005534 ( )Human Expert Analysis Result: Clean
Analysis Summary
| Analysis Type | Date | Verdict | |
|---|---|---|---|
| Signature Based Detection | 2016-04-08 14:59:28.604178 | Clean | |
| Static Analysis Overall Verdict | 2016-04-08 14:59:28.604178 | Highly Suspicious | |
| Dynamic Analysis Overall Verdict | 2016-04-08 14:59:28.604178 | No Threat Found | help |
| Human Expert Analysis Overall Verdict | 2016-04-05 10:09:34.005534 | Clean | |
Static Analysis
| Static Analysis Overall Verdict | Result |
|---|---|
| Highly Suspicious |
| Detector | Result | |
|---|---|---|
| Optional Header LoaderFlags field is valued illegal | Clean | |
| Non-ascii or empty section names detected | Clean | |
| Illegal size of optional Header | Clean | |
| Packer detection on signature database | Unknown | help |
| Based on the sections entropy check! file is possibly packed | Suspicious | |
| Timestamp value suspicious | Clean | |
| Header Checksum is zero! | Clean | |
| Enrty point is outside the 1st(.code) section! Binary is possibly packed | Suspicious | |
| Optional Header NumberOfRvaAndSizes field is valued illegal | Clean | |
| Anti-vm present | Clean | |
| The Size Of Raw data is valued illegal! Binary might crash your disassembler/debugger | Clean | |
| TLS callback functions array detected | Clean | |
Packer detection on signature database
UPX v0.89.6 - v1.02 / v1.05 -v1.24 -> Markus & Laszlo [overlay]
Dynamic Analysis
| Dynamic Analysis Overall Verdict | Result |
|---|---|
| No Threat Found | help |
| Suspicious Behaviors | |
|---|---|
| Creates a child process | |
| Reads memory of another process | |
| Writes to address space of another process | |
| Uses a function clandestinely | |
| Logs user key strokes | |
| Downloads data from internet | |
| Opens a file in a system directory | |
| Has no visible windows | |
Behavioral Information
cc000c
Kernel32.dll
kernel32.dll
ADVAPI32.dll
API-MS-Win-Security-LSALookup-L1-1-0.dll
CRYPTBASE.dll
comctl32.dll
wiatrace.dll
C:\Windows\system32\kernel32.dll
API-MS-Win-Security-SDDL-L1-1-0.dll
C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18834_none_72d38c5186679d48\gdiplus.dll
HPScanUI.dll
SHFOLDER
ole32.dll
propsys.dll
ntmarta.dll
SHELL32.dll
API-MS-Win-Core-LocalRegistry-L1-1-0.dll
C:\Windows\System32\shdocvw.dll
PROPSYS.dll
OLEAUT32.dll
C:\Users\win7\AppData\Local\Temp\nsqA4CE.tmp\TvGetVersion.dll
UxTheme.dll
C:\Windows\system32\ole32.dll
C:\Windows\syswow64\MSCTF.dll
OLEAUT32.DLL
C:\Users\win7\AppData\Local\Temp\nsqA4CE.tmp\UserInfo.dll
RichEd20
C:\Users\win7\AppData\Local\Temp\nsqA4CE.tmp\System.dll
C:\Users\win7\AppData\Local\Temp\nsqA4CE.tmp\InstallOptions.dll
C:\Users\win7\AppData\Local\Temp\nsqA4CE.tmp\linker.dll
C:\sample
imm32.dll
C:\sampleENU.dll
C:\sampleLOC.dll
uxtheme.dll
shell32.dll
C:\Users\win7\AppData\Local\Temp\is-A1JUV.tmp\_isetup\_shfoldr.dll
shfolder.dll
Rstrtmgr.dll
C:\Windows\SysWOW64\bcryptprimitives.dll
IMM32.dll
C:\Windows\system32\imageres.dll
C:\Windows\system32\shell32.dll
C:\Windows\system32\shlwapi.dll
olepro32.dll
urlmon.dll
user32.dll
version.dll
C:\Users\win7\AppData\Local\Temp\Opera_installer_2016441029529.dll
dbghelp.dll
ntdll.dll
advapi32.dll
powrprof.dll
psapi.dll
C:\Windows\SysWOW64\ntdll.dll
C:\Windows\syswow64\kernel32.dll
C:\Windows\syswow64\KERNELBASE.dll
C:\CFVS_HookDll.dll
C:\Windows\syswow64\WS2_32.dll
C:\Windows\syswow64\msvcrt.dll
C:\Windows\syswow64\RPCRT4.dll
C:\Windows\syswow64\SspiCli.dll
C:\Windows\syswow64\CRYPTBASE.dll
C:\Windows\SysWOW64\sechost.dll
C:\Windows\syswow64\NSI.dll
C:\Windows\syswow64\urlmon.dll
C:\Windows\syswow64\api-ms-win-downlevel-ole32-l1-1-0.dll
C:\Windows\syswow64\ole32.DLL
C:\Windows\syswow64\GDI32.dll
C:\Windows\syswow64\USER32.dll
C:\Windows\syswow64\ADVAPI32.dll
C:\Windows\syswow64\LPK.dll
C:\Windows\syswow64\USP10.dll
C:\Windows\syswow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
C:\Windows\syswow64\shlwapi.DLL
C:\Windows\syswow64\api-ms-win-downlevel-advapi32-l1-1-0.dll
C:\Windows\syswow64\api-ms-win-downlevel-user32-l1-1-0.dll
C:\Windows\syswow64\api-ms-win-downlevel-version-l1-1-0.dll
C:\Windows\system32\version.DLL
C:\Windows\syswow64\api-ms-win-downlevel-normaliz-l1-1-0.dll
C:\Windows\syswow64\normaliz.DLL
C:\Windows\syswow64\iertutil.dll
C:\Windows\syswow64\WININET.dll
C:\Windows\syswow64\USERENV.dll
C:\Windows\syswow64\profapi.dll
C:\Windows\system32\DNSAPI.dll
C:\Windows\system32\IMM32.DLL
C:\Users\win7\AppData\Local\Temp\Opera_installer_2016441027310.dll
C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d\COMCTL32.dll
C:\Windows\system32\MSIMG32.dll
C:\Windows\syswow64\PSAPI.DLL
C:\Windows\system32\WINMM.dll
C:\Windows\syswow64\OLEAUT32.dll
C:\Windows\system32\Secur32.dll
C:\Windows\syswow64\CRYPT32.dll
C:\Windows\syswow64\MSASN1.dll
C:\Windows\syswow64\WINTRUST.dll
C:\Windows\syswow64\SHELL32.dll
C:\Windows\system32\apphelp.dll
C:\Windows\system32\ntmarta.dll
C:\Windows\syswow64\WLDAP32.dll
C:\Windows\system32\Msftedit.dll
C:\Windows\system32\UxTheme.dll
C:\Windows\system32\WindowsCodecs.dll
C:\Windows\system32\api-ms-win-downlevel-advapi32-l2-1-0.dll
C:\Windows\system32\mswsock.dll
C:\Windows\System32\wship6.dll
C:\Windows\system32\IPHLPAPI.DLL
C:\Windows\system32\WINNSI.DLL
C:\Windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
C:\Windows\syswow64\CLBCatQ.DLL
C:\Windows\System32\netprofm.dll
C:\Windows\System32\nlaapi.dll
C:\Windows\System32\wshtcpip.dll
C:\Windows\system32\dhcpcsvc6.DLL
C:\Windows\system32\rasadhlp.dll
C:\Windows\system32\dhcpcsvc.DLL
C:\Windows\system32\CRYPTSP.dll
C:\Windows\system32\rsaenh.dll
C:\Windows\system32\RpcRtRemote.dll
C:\Windows\System32\npmproxy.dll
C:\Windows\System32\fwpuclnt.dll
C:\Windows\system32\credssp.dll
C:\Windows\SysWOW64\schannel.dll
C:\Windows\system32\ncrypt.dll
C:\Windows\system32\bcrypt.dll
C:\Windows\system32\GPAPI.dll
C:\Windows\system32\cryptnet.dll
C:\Windows\system32\SensApi.dll
C:\Windows\system32\WINHTTP.dll
C:\Windows\system32\webio.dll
C:\Windows\syswow64\CFGMGR32.dll
Secur32.dll
api-ms-win-downlevel-advapi32-l2-1-0.dll
api-ms-win-downlevel-ole32-l1-1-0.dll
WS2_32.dll
winhttp.dll
CRYPT32.dll
USERENV.dll
IPHLPAPI.DLL
api-ms-win-downlevel-shlwapi-l2-1-0.dll
DNSAPI.dll
dhcpcsvc.DLL
Comctl32.dll
C:\Windows\system32\ws2_32
secur32.dll
ncrypt.dll
WINTRUST.dll
CRYPTSP.dll
USER32.dll
cryptnet.dll
SensApi.dll
SHLWAPI.dll
WINHTTP.dll
SspiCli.dll
RPCRT4.dll
NSI.dll
CFGMGR32.dll
profapi.dll
API-MS-WIN-Service-Management-L1-1-0.dll
API-MS-WIN-Service-winsvc-L1-1-0.dll
C:\Users\win7\AppData\Local\Temp\nsu6F18.tmp\OCSetupHlp.dll
RichEd20.dll
C:\Users\win7\AppData\Local\Temp\nsu6F18.tmp\System.dll
C:\Users\win7\AppData\Local\Temp\nsu6F18.tmp\skinnedbutton.dll
C:\Users\win7\AppData\Local\Temp\nsu6F18.tmp\nsDialogs.dll
C:\Users\win7\AppData\Local\Temp\nsu6F18.tmp\NSISdl.dll
imageres.dll
C:\Windows\SysWOW64\ieframe.dll
iertutil.dll
api-ms-win-core-synch-l1-2-0
kernel32
api-ms-win-core-fibers-l1-1-1
advapi32
api-ms-win-core-localization-l1-2-1
api-ms-win-appmodel-runtime-l1-1-1
ext-ms-win-kernel32-package-current-l1-1-0
shlwapi.dll
msimg32.dll
DUser.dll
C:\Windows\system32\DUser.dll
dwmapi.dll
C:\Windows\system32\xmllite.dll
KERNEL32.DLL
COMCTL32.dll
GDI32.dll
gdiplus.dll
WININET.dll
riched32.dll
SXS.DLL
OLEAUT32
C:\Windows\system32\twext.dll
C:\Windows\system32\zipfldr.dll
C:\Windows\system32\ntshrui.dll
srvcli.dll
cscapi.dll
slc.dll
C:\Windows\system32\syncui.dll
C:\Windows\system32\acppage.dll
WindowsCodecs.dll
C:\Windows\system32\EhStorShell.dll
c:\windows\system32\imageres.dll
C:\Windows\system32\DSOUND.dll
FCText
C:\Windows\system32\MSCOREE.DLL
API-MS-WIN-DOWNLEVEL-SHLWAPI-L1-1-0.DLL
C:\Windows\system32\sfc.dll
SETUPAPI.dll
DEVRTL.dll
C:\Users\win7\AppData\Local\Temp\VSDC317.tmp\DotNetFX\dotnetchk.exe
VERSION.dll
C:\Windows\SysWOW64\msi.dll
C:\Users\win7\AppData\Local\Temp\is-CHSL6.tmp\_isetup\_shfoldr.dll
RICHED20.DLL
KERNEL32.dll
comdlg32.dll
ws2_32.dll
inetmib1.dll
snmpapi.dll
rpcrt4.dll
libpq81.dll
libpq.dll
RICHED32.DLL
winspool.drv
Shell32.dll
IEFRAME.dll
ADVAPI32.DLL
C:\msfte.dll
C:\msTracer.dll
Msidle.dll
WINSTA.dll
ETDFavorite.dll
ETDApix.dll
ETDCmds.dll
PSAPI.DLL
setupapi.dll
msdmo.dll
msvfw32.dll
msrle32.dll
msvidc32.dll
msyuv.dll
iyuv_32.dll
tsbyuv.dll
iccvid.dll
msacm32.dll
imaadp32.acm
msg711.acm
msgsm32.acm
msadp32.acm
COMCTL32
KERNEL32
OLEACCRC.DLL
gdi32.dll
oleacc.dll
oleaut32.dll
wininet.dll
winmm.dll
C:\Windows\System32\msxml3r.dll
netutils.dll
riched20.dll
atiadlxx.dll
atiadlxy.dll
C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
mscoree.dll
ntdll
C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dll
C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsec.dll
mscorsec.dll
WINTRUST.DLL
imagehlp.dll
bcrypt.dll
API-MS-WIN-Service-Management-L2-1-0.dll
COMCTL32.DLL
C:\WBDJA44I.DLL
lsm.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\drivers\pacer.sys
fwpuclnt.dll
pnrpsvc.dll
C:\Windows\system32\pnrpsvc.dll
AzRoles.dll
fxsresm.dll
cscsvc.dll
C:\Windows\system32\cscsvc.dll
C:\Windows\system32\iphlpsvc.dll
C:\Windows\system32\umpo.dll
HTTPAPI.DLL
NetLogon.dll
drt.dll
C:\Windows\system32\drivers\ndis.sys
C:\Windows\system32\advapi32.dll
PeerDistSvc.dll
C:\Windows\system32\PeerDistSvc.dll
WsmRes.dll
tbssvc.dll
C:\Windows\system32\tbssvc.dll
SHELL32.DLL
C:\Users\win7\AppData\Local\Temp\is-HKLV5.tmp\sample.ENU
C:\Users\win7\AppData\Local\Temp\is-HKLV5.tmp\sample.EN
COMDLG32.dll
MPR.dll
WINMM.dll
WSOCK32.dll
msvcrt.dll
Advapi32.dll
C:\Windows\system32\asycfilt.dll
C:\Windows\system32\regedit.exe
C:\Users\win7\AppData\Local\Temp\Uninstall.ico
C:\Users\win7\AppData\Local\Temp\Cleaning.ico
C:\Users\win7\AppData\Local\Temp\Scan.ico
C:\Users\win7\AppData\Local\Temp\Report.ico
C:\Users\win7\AppData\Local\Temp\Uninstall.bat
ProgramFilesDir
Disable
DataFilePath
Plane1
Plane2
Plane3
Plane4
Plane5
Plane6
Plane7
Plane8
Plane9
Plane10
Plane11
Plane12
Plane13
Plane14
Plane15
Plane16
NoRun
NoDrives
RestrictRun
NoNetConnectDisconnect
NoRecentDocsHistory
NoClose
ImageState
ProcessID
EnablePrivateObjectHeap
ContextLimit
ObjectLimit
IdentifierLimit
CommonFilesDir
RegisteredOwner
RegisteredOrganization
WaitToKillServiceTimeout
CurrentType
C:\sample
C:\Windows\SysWOW64\ntdll.dll
C:\Windows\syswow64\kernel32.dll
C:\Windows\syswow64\KERNELBASE.dll
C:\CFVS_HookDll.dll
C:\Windows\syswow64\WS2_32.dll
C:\Windows\syswow64\msvcrt.dll
C:\Windows\syswow64\RPCRT4.dll
C:\Windows\syswow64\SspiCli.dll
C:\Windows\syswow64\CRYPTBASE.dll
C:\Windows\SysWOW64\sechost.dll
C:\Windows\syswow64\NSI.dll
C:\Windows\syswow64\urlmon.dll
C:\Windows\syswow64\api-ms-win-downlevel-ole32-l1-1-0.dll
C:\Windows\syswow64\ole32.DLL
C:\Windows\syswow64\GDI32.dll
C:\Windows\syswow64\USER32.dll
C:\Windows\syswow64\ADVAPI32.dll
C:\Windows\syswow64\LPK.dll
C:\Windows\syswow64\USP10.dll
C:\Windows\syswow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
C:\Windows\syswow64\shlwapi.DLL
C:\Windows\syswow64\api-ms-win-downlevel-advapi32-l1-1-0.dll
C:\Windows\syswow64\api-ms-win-downlevel-user32-l1-1-0.dll
C:\Windows\syswow64\api-ms-win-downlevel-version-l1-1-0.dll
C:\Windows\system32\version.DLL
C:\Windows\syswow64\api-ms-win-downlevel-normaliz-l1-1-0.dll
C:\Windows\syswow64\normaliz.DLL
C:\Windows\syswow64\iertutil.dll
C:\Windows\syswow64\WININET.dll
C:\Windows\syswow64\USERENV.dll
C:\Windows\syswow64\profapi.dll
C:\Windows\system32\DNSAPI.dll
C:\Windows\system32\IMM32.DLL
C:\Windows\syswow64\MSCTF.dll
C:\Users\win7\AppData\Local\Temp\Opera_installer_2016441027310.dll
C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d\COMCTL32.dll
C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18834_none_72d38c5186679d48\gdiplus.dll
C:\Windows\system32\MSIMG32.dll
C:\Windows\syswow64\PSAPI.DLL
C:\Windows\system32\WINMM.dll
C:\Windows\syswow64\OLEAUT32.dll
C:\Windows\system32\Secur32.dll
C:\Windows\syswow64\CRYPT32.dll
C:\Windows\syswow64\MSASN1.dll
C:\Windows\syswow64\WINTRUST.dll
C:\Windows\syswow64\SHELL32.dll
C:\Windows\system32\apphelp.dll
C:\Windows\system32\ntmarta.dll
C:\Windows\syswow64\WLDAP32.dll
C:\Windows\system32\Msftedit.dll
C:\Windows\system32\UxTheme.dll
C:\Windows\system32\WindowsCodecs.dll
C:\Windows\system32\api-ms-win-downlevel-advapi32-l2-1-0.dll
C:\Windows\system32\mswsock.dll
C:\Windows\System32\wship6.dll
C:\Windows\system32\IPHLPAPI.DLL
C:\Windows\system32\WINNSI.DLL
C:\Windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
C:\Windows\syswow64\CLBCatQ.DLL
C:\Windows\System32\netprofm.dll
C:\Windows\System32\nlaapi.dll
C:\Windows\System32\wshtcpip.dll
C:\Windows\system32\dhcpcsvc6.DLL
C:\Windows\system32\rasadhlp.dll
C:\Windows\system32\dhcpcsvc.DLL
C:\Windows\system32\CRYPTSP.dll
C:\Windows\system32\rsaenh.dll
C:\Windows\system32\RpcRtRemote.dll
C:\Windows\System32\npmproxy.dll
C:\Windows\System32\fwpuclnt.dll
C:\Windows\system32\credssp.dll
C:\Windows\SysWOW64\schannel.dll
C:\Windows\system32\ncrypt.dll
C:\Windows\system32\bcrypt.dll
C:\Windows\SysWOW64\bcryptprimitives.dll
C:\Windows\system32\GPAPI.dll
C:\Windows\system32\cryptnet.dll
C:\Windows\system32\SensApi.dll
C:\Windows\system32\WINHTTP.dll
C:\Windows\system32\webio.dll
C:\Windows\syswow64\CFGMGR32.dll
SyncMode5
FEATURE_CLIENTAUTHCERTFILTER
FromCacheTimeout
SecureProtocols
DisableKeepAlive
IdnEnabled
PreConnectLimit
PreResolveLimit
SqmHttpStreamRandomUploadPoolSize
CacheMode
EnableHttp1_1
ProxyHttp1.1
EnableNegotiate
DisableBasicOverClearChannel
ClientAuthBuiltInUI
DisableReadRange
SocketSendBufferLength
SocketReceiveBufferLength
KeepAliveTimeout
MaxHttpRedirects
MaxConnectionsPerServer
MaxConnectionsPer1_0Server
MaxConnectionsPerProxy
ServerInfoTimeout
ConnectTimeOut
ConnectRetries
SendTimeOut
ReceiveTimeOut
DisableNTLMPreAuth
ScavengeCacheLowerBound
CertCacheNoValidate
ScavengeCacheFileLifeTime
ScavengeCacheFileLimit
HttpDefaultExpiryTimeSecs
FtpDefaultExpiryTimeSecs
LeashLegacyCookies
SendExtraCRLF
WpadSearchAllDomains
DontUseDNSLoadBalancing
ShareCredsWithWinHttp
DnsCacheEnabled
DnsCacheEntries
DnsCacheTimeout
WarnOnPost
WarnAlwaysOnPost
WarnOnZoneCrossing
WarnOnBadCertRecving
WarnOnPostRedirect
AlwaysDrainOnRedirect
WarnOnHTTPSToHTTPRedirect
TcpAutotuning
BadProxyExpiresTime
FrameTabWindow
FrameMerging
SessionMerging
AdminTabProcs
TabProcGrowth
AutoProxyDetectType
WpadOverride
DisableBranchCache
UseFirstAvailable
CombineFalseStartData
DisableFalseStartBlocklist
EnforceP3PValidity
DuoProtocols
EnableSpdyDebugAsserts
DefaultConnectionSettings
SystemSetupInProgress
ProxyEnable
ProxyServer
ProxyOverride
AutoConfigURL
AutoDetect
SavedLegacySettings
WpadDecision
WpadDecisionTime
WpadExpirationDays
WpadDecisionReason
WpadDhcp
WpadDns
WpadDetectedUrl
UserContextLockCount
UserContextListCount
CreateUriCacheSize
EnablePunycode
ShortcutBehavior
MS Shell Dlg 2
Start Page
DefaultScope
<NULL>
Compatible
Version
Platform
DisableSecuritySettingsCheck
AppData
Startup
Desktop
My Pictures
Local AppData
EnableUTF8
COM+Enabled
JITDebug
Win31FileSystem
Install
InstallRoot
SpecialFoldersCacheSize
InstallerLocation
TrapPollTimeMilliSecs
SystemBiosVersion
SystemBiosDate
{K7C0DB872A3F777C0}
{0C9AF4CA87294C6F7}
FoflpDat
{IC9AF4CA87294C6F7}
Tahoma
DEPOff
DropLocation
InterfaceLanguage
HideCaptionMenu
ControlState
DefaultVideoFrame
KeepAspectRatio
CompMonDeskARDiff
Volume
Balance
Mute
LoopNum
Loop
Rewind
Zoom
DSVidRen
RMVidRen
QTVidRen
APSurfaceUsage
VMRSyncFix
DX9Resizer
VMR9MixerMode
VMRMixerYUV
AudioRendererType
AutoloadAudio
AutoloadSubtitles
EnableWorkerThreadForOpening
ReportFailedPins
AllowMultipleInstances
TitleBarTextStyle
TitleBarTextTitle
OnTop
TrayIcon
AutoZoom
FullScreenCtrls
FullScreenCtrlsTimeOut
FullScreenMonitor
PreventMinimize
AssociatedWithIcon
LastOpenDir
FullscreenRes
ExitFullscreenAtTheEnd
RememberWindowPos
RememberWindowSize
SnapToDesktopEdges
AspectRatioX
AspectRatioY
KeepHistory
LastWindowRect
LastWindowType
DVDPath
UseDVDPath
MenuLang
AudioLang
SubtitlesLang
AutoSpeakerConf
SPDefaultStyle
SPOverridePlacement
SPHorPos
SPVerPos
SPCSize
SPCMaxRes
SubDelayInterval
SPCPow2Tex
EnableSubtitles
EnableAudioSwitcher
EnableAudioTimeShift
AudioTimeShift
DownSampleTo441
CustomChannelMapping
SpeakerToChannelMapping
AudioNormalize
AudioNormalizeRecover
AudioBoost
Enabled
SourceType
IntRealMedia
RealMediaFPS
Preset0
CommandMod0
WinLircAddr
UseWinLirc
UICEAddr
UseUICE
UseGlobalMedia
DisableXPToolbars
UseWMASFReader
JumpDistS
JumpDistM
JumpDistL
FreeWindowResizing
NotifyMSN2
NotifyGTSdll
RtspHandler
RtspFileExtFirst
Windows Media file
Windows Media Audio file
Video file
Audio file
MPEG Media file
MPEG Audio file
DVD file
DVD Audio file
MP3 Format Sound
MIDI file
Indeo Video file
AIFF Format Sound
AU Format Sound
Ogg Media file
Ogg Vorbis Audio file
CD Audio Track
FLIC file
DVD2AVI Project file
MPEG4 file
MPEG4 Audio file
Matroska Media file
Matroska Audio file
Smacker/Bink Media file
ratdvd file
RoQ Media file
Real Media file
Real Audio file
Real Script file
Dirac Video file
DirectShow Media file
Musepack file
FLAC Audio file
ALAC Audio file
Flash Video file
Shockwave Flash file
Quicktime file
Playlist file
Other
SrcFilters
TraFilters
DXVAFilters
FFmpegFilters
LogoFile
LogoID2
LogoExt
HideCDROMsSubMenu
Priority
LaunchFullScreen
EnableWebServer
WebServerPort
WebServerPrintDebugIfo
WebServerUseCompression
WebServerLocalhostOnly
WebRoot
WebDefIndex
WebServerCGI
SnapShotPath
SnapShotExt
ThumbRows
ThumbCols
ThumbWidth
ISDb
0
D3DFullScreen
MonitorAutoRefreshRate
Color Brightness
Color Contrast
Color Hue
Color Saturation
Shaders List
EVRBuffers
Show OSD
Remember DVD Pos
DVD Position 0
DVD Position 1
DVD Position 2
DVD Position 3
DVD Position 4
DVD Position 5
DVD Position 6
DVD Position 7
DVD Position 8
DVD Position 9
DVD Position 10
DVD Position 11
DVD Position 12
DVD Position 13
DVD Position 14
DVD Position 15
DVD Position 16
DVD Position 17
DVD Position 18
DVD Position 19
Remember File Pos
File Name 0
File Position 0
File Name 1
File Position 1
File Name 2
File Position 2
File Name 3
File Position 3
File Name 4
File Position 4
File Name 5
File Position 5
File Name 6
File Position 6
File Name 7
File Position 7
File Name 8
File Position 8
File Name 9
File Position 9
File Name 10
File Position 10
File Name 11
File Position 11
File Name 12
File Position 12
File Name 13
File Position 13
File Name 14
File Position 14
File Name 15
File Position 15
File Name 16
File Position 16
File Name 17
File Position 17
File Name 18
File Position 18
File Name 19
File Position 19
LastFullScreen
Combine
DockState
Visible
sizeHorzCX
sizeHorzCY
sizeVertCX
sizeVertCY
sizeFloatCX
sizeFloatCY
RememberPlaylistItems
vidc.mrle
vidc.msvc
vidc.uyvy
vidc.yuy2
vidc.yvyu
vidc.iyuv
vidc.i420
vidc.yvu9
vidc.cvid
Seed
GlitchInstrumentation
ClassManagerFlags
FriendlyName
DisplayName
NoPCMConverter
Priority1
VidBuffers
AudBuffers
VidOutput
AudOutput
VidPreview
AudPreview
FileFormat
FileName
SepAudio
DockPosX
DockPosY
CLRLoadLogDir
OnlyUseLatestCLR
NoGuiFromShim
GCStressStart
GCStressStartAtJit
DisableConfigCache
CacheLocation
DownloadCacheQuotaInKB
EnableLog
LoggingLevel
ForceLog
LogFailures
VersioningLog
LogResourceBinds
UseLegacyIdentityFormat
DisableMSIPeek
NoClientChecks
DevOverrideEnable
LatestIndex
NIUsageMask
ILUsageMask
ConfigMask
ConfigString
MVID
EvalationData
Status
ILDependencies
NIDependencies
MissingDependencies
Modules
SIG
LastModTime
mscorlib
File1
File2
File3
File4
File5
PreviewPages
Bars
ScreenCX
ScreenCY
Licensed
Counter
CurrentVersion
Default Impersonation Level
Default Namespace
SwapMouseButtons
InstallLanguage
PrivacyAdvanced
SOFTWARE\OEM\Identity Card
Software\Microsoft\RestartManager\Session0000
SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings
Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
Software\Microsoft\Windows\CurrentVersion\Internet Settings
Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad
{69DC4768-446B-4F82-A6B0-63966A243064}
52-54-00-12-35-02
System\CurrentControlSet\Control\SecurityProviders\Schannel
Software\Classes\CLSID\{F67F4C79-31E0-4b8b-A631-C0D1D83B23B1}
Software\Microsoft\Windows Script\Settings
SOFTWARE\CheckPoint\ZoneAlarm\Installed
Software\Microsoft\RFC1156Agent\CurrentVersion\Parameters
Software\Licenses
CLSID\{477A9A4C-5103-5A20-91C8-F9BCD665CD4A}
InprocServer32
SOFTWARE\Microsoft\MpSigStub
Gabest
Media Player Classic
Settings
Filters\0000
Settings\PnSPresets
Commands2
FileFormats
Internal Filters
Shaders
Software\Gabest\Media Player Classic
ToolBars\Subresync
ToolBars\Subresync\State-SCBar-0
ToolBars\Playlist
ToolBars\Playlist\State-SCBar-0
Software\Microsoft\ActiveMovie\devenum
{33D9A760-90C8-11D0-BD43-00A0C911CE86}
Software\Microsoft\ActiveMovie\devenum\{33D9A760-90C8-11D0-BD43-00A0C911CE86}\mrle
Software\Microsoft\ActiveMovie\devenum\{33D9A760-90C8-11D0-BD43-00A0C911CE86}\msvc
Software\Microsoft\ActiveMovie\devenum\{33D9A760-90C8-11D0-BD43-00A0C911CE86}\uyvy
Software\Microsoft\ActiveMovie\devenum\{33D9A760-90C8-11D0-BD43-00A0C911CE86}\yuy2
Software\Microsoft\ActiveMovie\devenum\{33D9A760-90C8-11D0-BD43-00A0C911CE86}\yvyu
Software\Microsoft\ActiveMovie\devenum\{33D9A760-90C8-11D0-BD43-00A0C911CE86}\iyuv
Software\Microsoft\ActiveMovie\devenum\{33D9A760-90C8-11D0-BD43-00A0C911CE86}\i420
Software\Microsoft\ActiveMovie\devenum\{33D9A760-90C8-11D0-BD43-00A0C911CE86}\yvu9
Software\Microsoft\ActiveMovie\devenum\{33D9A760-90C8-11D0-BD43-00A0C911CE86}\cvid
Capture\{33D9A760-90C8-11D0-BD43-00A0C911CE86}
Software\Microsoft\Multimedia\Audio Compression Manager\
MSACM
Priority v4.00
{33D9A761-90C8-11D0-BD43-00A0C911CE86}
Software\Microsoft\ActiveMovie\devenum\{33D9A761-90C8-11D0-BD43-00A0C911CE86}\1PCM
Software\Microsoft\ActiveMovie\devenum\{33D9A761-90C8-11D0-BD43-00A0C911CE86}\17IMA ADPCM
Software\Microsoft\ActiveMovie\devenum\{33D9A761-90C8-11D0-BD43-00A0C911CE86}\6CCITT A-Law
Software\Microsoft\ActiveMovie\devenum\{33D9A761-90C8-11D0-BD43-00A0C911CE86}\7CCITT u-Law
Software\Microsoft\ActiveMovie\devenum\{33D9A761-90C8-11D0-BD43-00A0C911CE86}\49GSM 6.10
Software\Microsoft\ActiveMovie\devenum\{33D9A761-90C8-11D0-BD43-00A0C911CE86}\2Microsoft ADPCM
Capture\{33D9A761-90C8-11D0-BD43-00A0C911CE86}
Capture
ToolBars\Capture Settings
ToolBars\Capture Settings\State-SCBar-0
ToolBars\Shader Editor
ToolBars\Shader Editor\State-SCBar-0
SOFTWARE\Synaptics\SynTPEnh\ZoneConfig\Defaults\3FVertical Scrolling
SOFTWARE\Synaptics\SynTPEnh\ZoneConfig\Defaults\Plugin Zone
SOFTWARE\Synaptics\SynTPEnh\ZoneConfig\Defaults\Twist
SOFTWARE\Synaptics\SynTPEnh\ZoneConfig\Defaults\Free Twist
SOFTWARE\ASUS\ASUS Smart Gesture
Software\Microsoft\Fusion\GACChangeNotification\Default
ASI Software
Whisper 32
Recent File List
Toolbar\Toolbar-Summary
Software\ASI Software\Whisper 32\1.0
software\TOSHIBA\swtos
SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\P3P\History
C:\Windows\system32\rsaenh.dll
C:\Windows\Debug\WIA\wiatrace.log
C:\
C:\Users\win7\AppData\Local\Microsoft\Windows\Caches\cversions.1.db
C:\Users\win7\AppData\Local\Microsoft\Windows\Caches\{AFBF9F1A-8EE8-4C77-AF34-C647E37CA0D9}.1.ver0x0000000000000008.db
C:\Users\desktop.ini
C:\Users
C:\Users\win7
C:\Users\win7\AppData
C:\Users\win7\AppData\Local
C:\Users\win7\AppData\Local\Temp
C:\Users\win7\Searches\desktop.ini
C:\Users\win7\Videos\desktop.ini
C:\Users\win7\Contacts\desktop.ini
C:\Users\win7\Favorites\desktop.ini
C:\Users\win7\Downloads\desktop.ini
C:\Users\win7\Links\desktop.ini
C:\Users\win7\Saved Games\desktop.ini
\??\C:\Windows\System32\shdocvw.dll
C:\Users\win7\AppData\Local\Temp\TeamViewer\TeamViewer_.exe
C:\Users\win7\AppData\Local\Temp\nsaA4BD.tmp
C:\Users\win7\AppData\Local\Temp\nsqA4CE.tmp\TvGetVersion.dll
C:\Users\win7\AppData\Local\Temp\nsqA4CE.tmp\UserInfo.dll
C:\Windows\Fonts\staticcache.dat
C:\Users\win7\AppData\Local\Temp\nsqA4CE.tmp\ioSpecial.ini
C:\Users\win7\AppData\Local\Temp\nsqA4CE.tmp\modern-wizard.bmp
C:\Users\win7\AppData\Local\Temp\nsqA4CE.tmp\Lizenz_TeamViewer_EN_unicode.txt
C:\Users\win7\AppData\Local\Temp\nsqA4CE.tmp\System.dll
C:\Users\win7\AppData\Local\Temp\nsqA4CE.tmp\host_unicode.ini
C:\Users\win7\AppData\Local\Temp\nsqA4CE.tmp\start_unicode.ini
C:\Users\win7\AppData\Local\Temp\nsqA4CE.tmp\advanced_unicode.ini
C:\Users\win7\AppData\Local\Temp\nsqA4CE.tmp\environment_unicode.ini
C:\Users\win7\AppData\Local\Temp\nsqA4CE.tmp\vpn_unicode.ini
C:\Users\win7\AppData\Local\Temp\nsqA4CE.tmp\license_unicode.ini
C:\Users\win7\AppData\Local\Temp\nsqA4CE.tmp\security_unicode.ini
C:\Users\win7\AppData\Local\Temp\nsqA4CE.tmp\InstallOptions.dll
C:\Users\win7\AppData\Local\Temp\nsqA4CE.tmp\linker.dll
C:\Windows\oem\IdentityCard\20160404-FUB-1.00.3000.9211.log
C:\Windows\oem\IdentityCard\FUB.ini
\\.\#:
\\.\PHYSICALDRIVE0
C:\sample
C:\Users\win7\AppData\Local\Temp\is-A1JUV.tmp\_isetup\_setup64.tmp
C:\Users\win7\AppData\Local\Temp\is-A1JUV.tmp\_isetup\_shfoldr.dll
C:\\cf.tew
C:\Users\win7\AppData\Local\Temp\Opera_installer_2016441029529.dll
\\.\pipe\OperaCrashReporter2484
C:\installer_prefs.json
C:\Users\win7\AppData\Local\Temp\Opera Installer\opera_installer_20160404191029.log
C:\Windows\SysWOW64\ntdll.dll
C:\Windows\syswow64\kernel32.dll
C:\Windows\syswow64\KERNELBASE.dll
C:\CFVS_HookDll.dll
C:\Windows\syswow64\WS2_32.dll
C:\Windows\syswow64\msvcrt.dll
C:\Windows\syswow64\RPCRT4.dll
C:\Windows\syswow64\SspiCli.dll
C:\Windows\syswow64\CRYPTBASE.dll
C:\Windows\SysWOW64\sechost.dll
C:\Windows\syswow64\NSI.dll
C:\Windows\syswow64\urlmon.dll
C:\Windows\syswow64\api-ms-win-downlevel-ole32-l1-1-0.dll
C:\Windows\syswow64\ole32.DLL
C:\Windows\syswow64\GDI32.dll
C:\Windows\syswow64\USER32.dll
C:\Windows\syswow64\ADVAPI32.dll
C:\Windows\syswow64\LPK.dll
C:\Windows\syswow64\USP10.dll
C:\Windows\syswow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
C:\Windows\syswow64\shlwapi.DLL
C:\Windows\syswow64\api-ms-win-downlevel-advapi32-l1-1-0.dll
C:\Windows\syswow64\api-ms-win-downlevel-user32-l1-1-0.dll
C:\Windows\syswow64\api-ms-win-downlevel-version-l1-1-0.dll
C:\Windows\system32\version.DLL
C:\Windows\syswow64\api-ms-win-downlevel-normaliz-l1-1-0.dll
C:\Windows\syswow64\normaliz.DLL
C:\Windows\syswow64\iertutil.dll
C:\Windows\syswow64\WININET.dll
C:\Windows\syswow64\USERENV.dll
C:\Windows\syswow64\profapi.dll
C:\Windows\system32\DNSAPI.dll
C:\Windows\system32\IMM32.DLL
C:\Windows\syswow64\MSCTF.dll
C:\Users\win7\AppData\Local\Temp\Opera_installer_2016441027310.dll
C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d\COMCTL32.dll
C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18834_none_72d38c5186679d48\gdiplus.dll
C:\Windows\system32\MSIMG32.dll
C:\Windows\syswow64\PSAPI.DLL
C:\Windows\system32\WINMM.dll
C:\Windows\syswow64\OLEAUT32.dll
C:\Windows\system32\Secur32.dll
C:\Windows\syswow64\CRYPT32.dll
C:\Windows\syswow64\MSASN1.dll
C:\Windows\syswow64\WINTRUST.dll
C:\Windows\syswow64\SHELL32.dll
C:\Windows\system32\apphelp.dll
C:\Windows\system32\ntmarta.dll
C:\Windows\syswow64\WLDAP32.dll
C:\Windows\system32\Msftedit.dll
C:\Windows\system32\UxTheme.dll
C:\Windows\system32\WindowsCodecs.dll
C:\Windows\system32\api-ms-win-downlevel-advapi32-l2-1-0.dll
C:\Windows\system32\mswsock.dll
C:\Windows\System32\wship6.dll
C:\Windows\system32\IPHLPAPI.DLL
C:\Windows\system32\WINNSI.DLL
C:\Windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
C:\Windows\syswow64\CLBCatQ.DLL
C:\Windows\System32\netprofm.dll
C:\Windows\System32\nlaapi.dll
C:\Windows\System32\wshtcpip.dll
C:\Windows\system32\dhcpcsvc6.DLL
C:\Windows\system32\rasadhlp.dll
C:\Windows\system32\dhcpcsvc.DLL
C:\Windows\system32\CRYPTSP.dll
C:\Windows\system32\RpcRtRemote.dll
C:\Windows\System32\npmproxy.dll
C:\Windows\System32\fwpuclnt.dll
C:\Windows\system32\credssp.dll
C:\Windows\SysWOW64\schannel.dll
C:\Windows\system32\ncrypt.dll
C:\Windows\system32\bcrypt.dll
C:\Windows\SysWOW64\bcryptprimitives.dll
C:\Windows\system32\GPAPI.dll
C:\Windows\system32\cryptnet.dll
C:\Windows\system32\SensApi.dll
C:\Windows\system32\WINHTTP.dll
C:\Windows\system32\webio.dll
C:\Windows\syswow64\CFGMGR32.dll
opera-crashlog-2484-1.txt
opera-crashlog-2484-1.dmp
C:\Users\win7\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat
\\.\Nsi
C:\Users\win7\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\57C8EDB95DF3F0AD4EE2DC2B8CFD4157
C:\Users\win7\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\57C8EDB95DF3F0AD4EE2DC2B8CFD4157
C:\Users\win7\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\EDC238BFF48A31D55A97E1E93892934B_C20E0DA2D0F89FE526E1490F4A2EE5AB
C:\Users\win7\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\EDC238BFF48A31D55A97E1E93892934B_A7467B47637944C1E4B4025C763E391F
C:\Users\win7\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\0270780F846F08BEFE0DD8112D932FEF
C:\Users\win7\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\EDC238BFF48A31D55A97E1E93892934B_C20E0DA2D0F89FE526E1490F4A2EE5AB
C:\Users\win7\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\DCE3BDBF5BDD86E2AB5B471CB90709B4_B2A071BED1997907E6BD9195B7ABA315
C:\Users\win7\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\DCE3BDBF5BDD86E2AB5B471CB90709B4_8FEDBD1A4764087EFF80FC69F2BC8D82
C:\Users\win7\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F94FD5F2AAEFDB64257601230509A4E9
C:\Users\win7\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E961199C820C769E8780DF5E0A920455
C:\Users\win7\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\DCE3BDBF5BDD86E2AB5B471CB90709B4_B2A071BED1997907E6BD9195B7ABA315
opera-crashlog-2484-1.zip
C:\Users\win7\AppData\Local\Temp\nse6F07.tmp
C:\Users\win7\AppData\Local\Temp\nsu6F18.tmp\System.dll
C:\Users\win7\AppData\Local\Temp\nsu6F18.tmp\button.bmp
C:\Users\win7\AppData\Local\Temp\nsu6F18.tmp\OCSetupHlp.dll
C:\Users\win7\AppData\Local\Temp\nsu6F18.tmp\skinnedbutton.dll
C:\Users\win7\AppData\Local\Temp\nsu6F18.tmp\nsDialogs.dll
C:\Users\win7\AppData\Local\Temp\nsu6F18.tmp\NSISdl.dll
C:\Users\win7\AppData\Roaming\{B7DF172C-FB01-4A20-8719-E6760EEAB894}/roland-versaworks-4.61.zip
\??\C:\Windows\SysWOW64\ieframe.dll
http://cdnsoft.org/get_file.php?p=25/roland-versaworks-4.61.zip&u={512063B0-7DEF-4A9A-9E9D-006C6586C678}
C:\Program Files\Internet Explorer\iexplore.exe
C:\ProgramData\48ed1695-d484-472b-bd42-582714ef1368\temp
C:\ProgramData\8f23bb0e-d21d-43d3-bd7b-a0fba15a3b5e\temp
C:\Users\win7\AppData\Roaming\Microsoft\Live Search\Notification-LiveSearch.exe
C:\Windows\SysWOW64\msscript.ocx
C:\Windows\SysWOW64\stdole2.tlb
C:\Windows\SysWOW64\shell32.dll
C:\Program Files\desktop.ini
C:\Program Files
C:\Program Files\Internet Explorer
\??\C:\Windows\system32\twext.dll
C:\Users\win7\AppData\Roaming
C:\Users\win7\AppData\Roaming\Microsoft\desktop.ini
C:\Users\win7\AppData\Roaming\Microsoft
C:\Users\win7\AppData\Roaming\Microsoft\Windows
C:\Users\win7\AppData\Roaming\Microsoft\Windows\SendTo\desktop.ini
C:\Users\win7\AppData\Roaming\Microsoft\Windows\Start Menu
C:\ProgramData
C:\ProgramData\Microsoft\desktop.ini
C:\ProgramData\Microsoft
C:\ProgramData\Microsoft\Windows
C:\Users\win7\AppData\Roaming\Microsoft\Windows\SendTo
C:\ProgramData\Microsoft\Windows\Start Menu
C:\Users\Public
C:\Users\win7\AppData\Roaming\Microsoft\Internet Explorer
C:\Users\win7\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch
\??\C:\Windows\system32\zipfldr.dll
\??\C:\Windows\system32\ntshrui.dll
\\.\PIPE\srvsvc
\??\C:\Windows\system32\syncui.dll
\??\C:\Windows\system32\acppage.dll
\??\C:\Windows\system32\EhStorShell.dll
C:\Users\win7\AppData\Local\Temp\{907A1104-E812-4b5c-959B-E4DAB37A96AB}\Install.log
/dev/urandom
C:\Users\win7\AppData\Local\Temp\VSDC317.tmp\DotNetFX\dotnetchk.exe
C:\Users\win7\AppData\Local\Temp\is-FOS5V.tmp\sample.tmp
C:\Users\win7\AppData\Local\Temp\is-CHSL6.tmp\_isetup\_RegDLL.tmp
C:\Users\win7\AppData\Local\Temp\is-CHSL6.tmp\_isetup\_setup64.tmp
C:\Users\win7\AppData\Local\Temp\is-CHSL6.tmp\_isetup\_shfoldr.dll
\\.\SCSI0:
\\.\C:
C:\Users\win7\AppData\Local\Temp\FF23EFF2.TMP
C:\Users\win7\AppData\Local\Temp\C9AF4CA87294C6F7.TMP
\\.\SIce
\\.\NTICE
\\.\SIWDEBUG
\\.\SIWVID
C:\\imagens\SinanNet.ico
C:\ProgramData\d8986107-dff3-4565-a17b-637d7c3968d3\temp
MPASDLTA.VDM
MPAVDLTA.VDM
C:\Users\win7\AppData\Roaming\Media Player Classic\default.mpcpl
msrle32.dll
msvidc32.dll
msyuv.dll
iyuv_32.dll
tsbyuv.dll
iccvid.dll
C:\sample.config
C:\ProgramData\9a4b8b26-f4e0-4529-a5b4-93ec828f7e42\temp
C:\Users\win7\AppData\Local\Temp\_MSI5166._IS
C:\sample.xml
__tmp_rar_sfx_access_check_865250
Data\Gui\Default\Flash\eula.css
Data\Gui\Default\Flash\patchnote.css
Data\Gui\Default\BundlePrefs.xml
Data\Gui\Default\Flash\Credits.xml
ConanPatcher.exe
ConanSystemTweaker.exe
dxwebsetup.exe
Data\Gui\Default\Flash\AAFeatPlanner.swf
Data\Gui\Default\Flash\AlternateLoginBrowser.swf
Data\Gui\Default\Flash\CharacterSelectionList.swf
Data\Gui\Default\Flash\Credits.swf
Data\Gui\Default\Flash\DamageInfo.swf
Data\Gui\Default\Flash\FacebookBrowser.swf
Data\Gui\Default\Flash\Factions.swf
Data\Gui\Default\Flash\Fifo.swf
Data\Gui\Default\Flash\fonts_ko.swf
__tmp_rar_sfx_access_check_865968
Data\Gui\Default\Flash\fonts_standard.swf
Data\Gui\Default\Flash\GamecodeInterface.swf
Data\Gui\Default\Flash\gfxfontlib.swf
Data\Gui\Default\Flash\GUIFramework.swf
Data\Gui\Default\Flash\GuildManagement.swf
Data\Gui\Default\Flash\ItemShop.swf
Data\Gui\Default\Flash\ItemShopBrowser.swf
Data\Gui\Default\Flash\MultiSpecsFeats.swf
Data\Gui\Default\Flash\OfflineLeveling.swf
Data\Gui\Default\Flash\Patcher.swf
Data\Gui\Default\Flash\patcherBackground.swf
Data\Gui\Default\Flash\PetitionBrowser.swf
Data\Gui\Default\Flash\PlayfieldAccess.swf
Data\Gui\Default\Flash\PlayfieldTeleportPopup.swf
Data\Gui\Default\Flash\ProgressBars.swf
Data\Gui\Default\Flash\Rankings.swf
Data\Gui\Default\Flash\RegistrationBrowser.swf
Data\Gui\Default\Flash\SocialNetwork.swf
Data\Gui\Default\Flash\Tooltip.swf
Data\text\en\00000105.tdbc
Data\text\pl\00000105.tdbc
Data\text\de\00000105.tdbc
Data\text\es\00000105.tdbc
Data\text\fr\00000105.tdbc
Data\text\ko\00000105.tdbc
Data\text\ru\00000105.tdbc
Data\text\en\00014000.tdbc
Data\text\de\00014000.tdbc
Data\text\pl\00014000.tdbc
Data\text\ko\00014000.tdbc
Data\text\fr\00014000.tdbc
Data\text\es\00014000.tdbc
Data\text\ru\00014000.tdbc
Data\text\en\00014500.tdbc
Data\text\pl\00014500.tdbc
Data\text\de\00014500.tdbc
Data\text\fr\00014500.tdbc
Data\text\es\00014500.tdbc
Data\text\ko\00014500.tdbc
Data\text\ru\00014500.tdbc
Data\text\de.tdbl
Data\text\en.tdbl
Data\text\es.tdbl
Data\text\fr.tdbl
Data\text\ko.tdbl
Data\text\pl.tdbl
Data\text\ru.tdbl
Data\Gui\Default\Flash\credits\funcomLogo.png
Data\Gui\Default\Flash\credits\logoHyborianAdventures.png
Data\Gui\Default\Flash\credits\logoRiseOfTheGodslayer.png
Data\Gui\Default\Flash\credits\logoUnchained.png
Data\Gui\Default\Flash\credits
Data\Gui\Default\Flash
Data\text\de
Data\Gui\Default
Data\text\en
Data\text\es
Data\text\fr
Data\text\ko
Data\text\pl
Data\text\ru
Data\Gui
Data\text
Data
C:\Windows\Microsoft.NET\Framework\v2.0.50727\config\machine.config
C:\Windows\Microsoft.NET\Framework\v2.0.50727\config\security.config
C:\Windows\Microsoft.NET\Framework\v2.0.50727\config\security.config.cch
C:\Windows\Microsoft.NET\Framework\v2.0.50727\config\enterprisesec.config
C:\Windows\Microsoft.NET\Framework\v2.0.50727\config\enterprisesec.config.cch
C:\Users\win7\AppData\Roaming\Microsoft\CLR Security Config\v2.0.50727.312\security.config
C:\Users\win7\AppData\Roaming\Microsoft\CLR Security Config\v2.0.50727.312\security.config.cch
C:\Windows\assembly\NativeImages_v2.0.50727_32\index1c2.dat
C:\Users\win7\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\C46E7B0F942663A1EDC8D9D6D7869173_6043FC604A395E1485AF7AC16D16B7CE
C:\Users\win7\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\C46E7B0F942663A1EDC8D9D6D7869173_DF4CA81DC775CDA9B3214BDB5B55900E
C:\Users\win7\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\40C68D5626484A90937F0752C8B950AB
C:\WBDJA44I.DLL
C:\Windows\system32\wbem\wbemdisp.TLB
C:\Users\win7\AppData\Local\Temp\autD3FA.tmp
C:\Users\win7\AppData\Local\Temp\AdwCleaner.jpg
C:\Users\win7\AppData\Local\Temp\autD40B.tmp
C:\Users\win7\AppData\Local\Temp\Cleaning.ico
C:\Users\win7\AppData\Local\Temp\autD40C.tmp
C:\Users\win7\AppData\Local\Temp\Uninstall.ico
C:\Users\win7\AppData\Local\Temp\autD41C.tmp
C:\Users\win7\AppData\Local\Temp\Scan.ico
C:\Users\win7\AppData\Local\Temp\autD41D.tmp
C:\Users\win7\AppData\Local\Temp\Report.ico
C:\Users\win7\AppData\Local\Temp\autD41E.tmp
C:\Users\win7\AppData\Local\Temp\EULA.txt
C:\Users\win7\AppData\Local\Temp\autD41F.tmp
C:\Users\win7\AppData\Local\Temp\sqlite3.dll
C:\Users\win7\AppData\Local\Temp\autD44F.tmp
C:\Users\win7\AppData\Local\Temp\libeay32.dll
C:\Users\win7\AppData\Local\Temp\autD48F.tmp
C:\Users\win7\AppData\Local\Temp\msvcr120.dll
C:\Users\win7\AppData\Local\Temp\autD4CE.tmp
C:\Users\win7\AppData\Local\Temp\adwcleanerlocal.db
C:\Users\win7\AppData\Roaming\Microsoft\Windows\Cookies\87M2RH9N.txt
C:\Users\win7\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\H0G27RVV\version[1].htm
C:\Users\win7\AppData\Local\Temp\\~DF6A5143A494AE5F7A.TMP
C:\Users\win7\AppData\Local\Temp\Uninstall.bat
Software\HP\NG\Logging
SOFTWARE\TeamViewer
Software\Microsoft\Windows\CurrentVersion
SOFTWARE
SOFTWARE\TeamViewer3
SOFTWARE\TeamViewer\Version4
SOFTWARE\TeamViewer\Version5
SOFTWARE\TeamViewer\Version5.1
SOFTWARE\TeamViewer\Version6
SOFTWARE\TeamViewer\Version7
SOFTWARE\TeamViewer\Version8
SOFTWARE\TeamViewer\Version9
SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontLink\SystemLink
SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\DataStore_V1.0
SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback
MS Shell Dlg 2
SOFTWARE\Classes\Interface\{00063001-0000-0000-C000-000000000046}
Software\Microsoft\Windows\CurrentVersion\Uninstall\TeamViewer
Tahoma
MS Shell Dlg
Software\Microsoft\Windows\CurrentVersion\Policies\Explorer
Software\Microsoft\Windows\CurrentVersion\Policies\Network
Software\Microsoft\Windows\CurrentVersion\Policies\Comdlg32
SOFTWARE\OEM\Identity Card
SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\State
Software\Microsoft\WBEM\CIMOM
SOFTWARE\Microsoft\Windows NT\CurrentVersion
System\CurrentControlSet\Control
Software\Microsoft\RestartManager
MS Sans Serif
Verdana
Software\Microsoft\Windows\CurrentVersion\Uninstall\{E31045B4-9DB5-9EBD-44DF-BD4E6CFD40DF}_is1
Software\Borland\Locales
Software\Borland\Delphi\Locales
CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32
Software\Borland\Delphi
Software\Borland\C++Builder
Software\CodeGear\BDS
Software\Embarcadero\BDS
Software\Borland\BDS
Software\Microsoft\Windows NT\CurrentVersion
Software\Microsoft\Windows NT\CurrentVersion\MiniDumpAuxiliaryDlls
Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl
Software\Microsoft\Internet Explorer\Main\FeatureControl
FEATURE_HTTP_USERNAME_PASSWORD_DISABLE
Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache
RETRY_HEADERONLYPOST_ONCONNECTIONRESET
FEATURE_MIME_HANDLING
FEATURE_BYPASS_CACHE_FOR_CREDPOLICY_KB936611
FEATURE_IGNORE_MAPPINGS_FOR_CREDPOLICY
FEATURE_INCLUDE_PORT_IN_SPN_KB908209
FEATURE_BUFFERBREAKING_818408
FEATURE_SKIP_POST_RETRY_ON_INTERNETWRITEFILE_KB895954
FEATURE_FIX_CHUNKED_PROXY_SCRIPT_DOWNLOAD_KB843289
FEATURE_USE_CNAME_FOR_SPN_KB911149
FEATURE_PERMIT_CACHE_FOR_AUTHENTICATED_FTP_KB910274
FEATURE_DISABLE_UNICODE_HANDLE_CLOSING_CALLBACK
FEATURE_DISALLOW_NULL_IN_RESPONSE_HEADERS
FEATURE_DIGEST_NO_EXTRAS_IN_URI
FEATURE_ENABLE_PASSPORT_SESSION_STORE_KB948608
FEATURE_EXCLUDE_INVALID_CLIENT_CERT_KB929477
FEATURE_USE_UTF8_FOR_BASIC_AUTH_KB967545
FEATURE_RETURN_FAILED_CONNECT_CONTENT_KB942615
FEATURE_PRESERVE_SPACES_IN_FILENAMES_KB952730
FEATURE_ENABLE_PROXY_CACHE_REFRESH_KB2983228
Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings
Software\Microsoft\Windows\CurrentVersion\Internet Settings
Software\Policies
Software
Software\Policies\Microsoft\Internet Explorer
SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings
SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache
SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache
FEATURE_DISABLE_NOTIFY_UNVERIFIED_SPN_KB2385266
FEATURE_COMPAT_USE_CONNECTION_BASED_NEGOTIATE_AUTH_KB2151543
FEATURE_SCH_SEND_AUX_RECORD_KB_2618444
Software\Microsoft\Internet Explorer\Main
Software\Policies\Microsoft\Internet Explorer\Main
Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad
Software\Policies\Microsoft\PeerDist\Service
Software\Microsoft\Windows NT\CurrentVersion\PeerDist\Service
Content
Cookies
History
System\Setup
{69DC4768-446B-4F82-A6B0-63966A243064}
System\CurrentControlSet\Control\Class\{4d36e972-e325-11ce-bfc1-08002be10318}
SOFTWARE\OpenCandy\sdk
Software\Classes\CLSID\{F67F4C79-31E0-4b8b-A631-C0D1D83B23B1}
Arial
System
FEATURE_ALLOW_REVERSE_SOLIDUS_IN_USERINFO_KB932562
Software\Policies\Microsoft\Internet Explorer\TabbedBrowsing
Software\Microsoft\Internet Explorer\TabbedBrowsing
SOFTWARE\Classes\CLSID\{F83D1872-D9FF-47F8-B5A0-49CC51E24EE8}
SOFTWARE\MiddleRush
SOFTWARE\SearchWindowResults
Software\CodeGear\Locales
SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes
System\CurrentControlSet\Control\Keyboard Layouts\041F0409
System\CurrentControlSet\Control\Keyboard Layouts\04090409
SOFTWARE\Mozilla\Mozilla Firefox
SOFTWARE\Apple Computer
Applications\Opera.exe\shell\open\command
ChromeHTML\shell\open\command
SOFTWARE\Microsoft\Silverlight
Software\Microsoft\Notification de cadeaux MSN
Software\Microsoft\Internet Explorer\SearchScopes
Software\Microsoft\Internet Explorer\SearchScopes\{9D5BD211-422C-4164-9298-BB4186A30F31}
PROTOCOLS\Name-Space Handler\
PROTOCOLS\Name-Space Handler\http\
PROTOCOLS\Name-Space Handler\*\
FEATURE_BROWSER_EMULATION
SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent
Microsoft\Windows\CurrentVersion\Internet Settings\User Agent
Pre Platform
Post Platform
FEATURE_MAXCONNECTIONSPERSERVER
FEATURE_MAXCONNECTIONSPER1_0SERVER
FEATURE_URLMON_IQDA_SIZE
SOFTWARE\Microsoft\Windows\CurrentVersion\UrlMon Settings
FEATURE_IGNORE_POLICIES_ZONEMAP_IF_ESC_ENABLED_KB918915
FEATURE_ZONES_CHECK_ZONEMAP_POLICY_KB941001
Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Microsoft\Internet Explorer\Security
Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\
FEATURE_LOCALMACHINE_LOCKDOWN
Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders
SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings
SOFTWARE\Microsoft\Windows\CurrentVersion\Parental Controls\users\S-1-5-21-3979321414-2393373014-2172761192-1000
SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\IEXPLORE.EXE
SOFTWARE\Microsoft\Internet Explorer
SOFTWARE\Microsoft\Windows Script\Features
Software\Microsoft\COM3
FEATURE_SHOW_CERT_WARNINGS_ON_POST_FROM_ISTREAM_KB2894776
Software\Microsoft\Windows\CurrentVersion\Explorer\KindMap
Software\Microsoft\Windows\CurrentVersion\PropertySystem\PropertyHandlers\.ZFSendToTarget
Software\Microsoft\Windows\CurrentVersion\Explorer\CommandStore
ShareCommands\shell
Software\Microsoft\Windows\CurrentVersion\PropertySystem\PropertyHandlers\.exe
SYSTEM\CurrentControlSet\Control\FileSystem
Jane's Combat Simulations
SOFTWARE\CheckPoint\ZoneAlarm\Installed
SOFTWARE\Microsoft\OLEAUT
Software\Microsoft\Windows\CurrentVersion\Setup
system\CurrentControlSet\control\NetworkProvider\HwOrder
SOFTWARE\Microsoft\CTF\Compatibility\sample
Software\Microsoft\CTF\TIP\{0000897b-83df-4b96-be07-0fb58b01c4a4}\LanguageProfile\0x00000000\{0001bea3-ed56-483d-a2e2-aeae25577436}
SOFTWARE\Microsoft\CTF\TIP\
{0000897b-83df-4b96-be07-0fb58b01c4a4}\Category\Category\{534C48C1-0607-4098-A521-4FC899C73E90}
{03B5835F-F03C-411B-9CE2-AA23E1171E36}\Category\Category\{534C48C1-0607-4098-A521-4FC899C73E90}
{07EB03D6-B001-41DF-9192-BF9B841EE71F}\Category\Category\{534C48C1-0607-4098-A521-4FC899C73E90}
{3697C5FA-60DD-4B56-92D4-74A569205C16}\Category\Category\{534C48C1-0607-4098-A521-4FC899C73E90}
{531FDEBF-9B4C-4A43-A2AA-960E8FCDC732}\Category\Category\{534C48C1-0607-4098-A521-4FC899C73E90}
{78CB5B0E-26ED-4FCC-854C-77E8F3D1AA80}\Category\Category\{534C48C1-0607-4098-A521-4FC899C73E90}
{81D4E9C9-1D3B-41BC-9E6C-4B40BF79E35E}\Category\Category\{534C48C1-0607-4098-A521-4FC899C73E90}
{8613E14C-D0C0-4161-AC0F-1DD2563286BC}\Category\Category\{534C48C1-0607-4098-A521-4FC899C73E90}
{A028AE76-01B1-46C2-99C4-ACD9858AE02F}\Category\Category\{534C48C1-0607-4098-A521-4FC899C73E90}
{AE6BE008-07FB-400D-8BEB-337A64F7051F}\Category\Category\{534C48C1-0607-4098-A521-4FC899C73E90}
{C1EE01F2-B3B6-4A6A-9DDD-E988C088EC82}\Category\Category\{534C48C1-0607-4098-A521-4FC899C73E90}
{DCBD6FA8-032F-11D3-B5B1-00C04FC324A1}\Category\Category\{534C48C1-0607-4098-A521-4FC899C73E90}
{E429B25A-E5D3-4D1F-9BE3-0C608477E3A1}\Category\Category\{534C48C1-0607-4098-A521-4FC899C73E90}
{F25E9F57-2FC8-4EB3-A41A-CCE5F08541E6}\Category\Category\{534C48C1-0607-4098-A521-4FC899C73E90}
{F89E9E58-BD2F-4008-9AC2-0F816C09F4EE}\Category\Category\{534C48C1-0607-4098-A521-4FC899C73E90}
Keyboard Layout\Toggle
Software\Microsoft\CTF\DirectSwitchHotkeys
SOFTWARE\Microsoft\CTF\
Software\Microsoft\CTF\LayoutIcon\0409\0000041f
SOFTWARE\Microsoft\CTF\KnownClasses
Software\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions
{0139D44E-6AFE-49F2-8690-3DAFCAE6FFB8}
PropertyBag
Software\Microsoft\Windows\CurrentVersion\Explorer
SessionInfo\1
KnownFolders
Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders
SOFTWARE\Microsoft\Windows\CurrentVersion\ShellCompatibility\Applications\sample
CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder
Software\Microsoft\Windows\CurrentVersion\Explorer\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder
Software\Microsoft\Windows\CurrentVersion\Policies\NonEnum
Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume
{babe9b11-0f98-11e5-b301-806e6f6e6963}\
Drive\shellex\FolderExtensions
Drive\shellex\FolderExtensions\{fbeb8a05-beee-4442-804e-409d6c4515e9}
Software\Policies\Microsoft\Windows\Explorer
<NULL>
Advanced
Software\Microsoft\Windows\Shell\RegisteredApplications\UrlAssociations\Directory\OpenWithProgids
Software\Microsoft\Windows\Shell\Associations\UrlAssociations\Directory
Directory
CurVer
ShellEx\IconHandler
Folder
AllFilesystemObjects
DocObject
BrowseInPlace
Clsid
CLSID\{1F486A52-3CB1-48FD-8F50-B8DC300D9F9D}
InprocServer32
Software\Microsoft\OLE
TreatAs
System\CurrentControlSet\Services\LDAP
{B4BFCC3A-DB2C-424C-B029-7FE99A87C641}
{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}
{3EB685DB-65F9-4CF6-A03A-E3EF65729F3D}
{C4AA340D-F20F-4863-AFEF-F87EF2E6BA25}
{B97D20BB-F46A-4C97-BA10-5E3608430854}
{A77F5D77-2E2B-44C3-A6A2-ABA601054A51}
{52A4F021-7B75-48A9-9F6B-4B87A210BC8F}
SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\PCFriendly
SOFTWARE\InterActual Technologies\Common
SOFTWARE\InterActual Technologies\PCFriendly\Video
SOFTWARE\DVDPLAYR
SOFTWARE\InterActual DVD Player
SOFTWARE\InterActual Technologies\PCFriendly\Install
SOFTWARE\InterActual Technologies\PCFriendly\Internet
SOFTWARE\InterActual Technologies\PCFriendly\Main
SOFTWARE\InterActual Technologies\PCFriendly\Products
SOFTWARE\InterActual Technologies\PCFriendly\UserLogging
SOFTWARE\InterActual Technologies\PCFriendly
SOFTWARE\InterActual Technologies
Software\Microsoft\Rpc
Software\Policies\Microsoft\Windows NT\Rpc
{babe9b14-0f98-11e5-b301-806e6f6e6963}\
{babe9b10-0f98-11e5-b301-806e6f6e6963}\
SOFTWARE\Microsoft\NET Framework Setup\NDP\v2.0.50727
Software\Microsoft\.NETFramework\Policy\
v2.0
Software\Microsoft\.NETFramework
Upgrades
Standards
AppPatch
FEATURE_INITIALIZE_URLACTION_SHELLEXECUTE_TO_ALLOW_KB936610
FEATURE_ZONES_DEFAULT_DRIVE_INTRANET_KB941000
FEATURE_PROTOCOL_LOCKDOWN
Software\Microsoft\Internet Explorer
Software\Microsoft\Windows\CurrentVersion\Installer
Microsoft Sans Serif
Software\Microsoft\Windows\CurrentVersion\Uninstall\DVD Flick_is1
Software\Licenses
Hardware\Description\System
CLSID\{477A9A4C-5103-5A20-91C8-F9BCD665CD4A}
CLSID
{023A36FC-E9D5-419E-824A-CDC66A116E84}
Software\The Silicon Realms Toolworks\Armadillo
{18907f3b-9afb-4f87-b764-f9a4e16a21b8}
{0cbb5037-f2b2-4b38-8cbc-895cec57db03}
{0A14D3FF-EC53-450f-AA30-FFBC55BE26A2}
{1B57B2A1-E763-4676-9064-297F1B413632}
{0000051A-0000-0010-8000-00AA006D2EA4}
{01FA60A0-BBFF-11D0-8825-00A0C903B83C}
{00f20eb5-8fd6-4d9d-b75e-36801766c8f1}
Software\Microsoft\Windows NT\CurrentVersion\FontSubstitutes
FEATURE_ENABLESAFESEARCHPATH_KB963027
SOFTWARE\OpenVPN
Software\Nilings\OpenVPN-GUI
Software\Microsoft\Windows Search
Gathering Manager
SOFTWARE\CashKitten
SOFTWARE\Microsoft\MpSigStub
SOFTWARE\Microsoft\DirectX
software
SOFTWARE\Classes\CLSID\{FE750200-B72E-11d9-829B-0050DA1A72D3}\ServerBinary
Software\Microsoft\ActiveMovie\devenum
Software\Microsoft\ActiveMovie\devenum\{33D9A760-90C8-11D0-BD43-00A0C911CE86}
{33D9A760-90C8-11D0-BD43-00A0C911CE86}\Instance
DV Video Encoder
MJPEG Compressor
Software\Microsoft\Windows NT\CurrentVersion\VFW
Software\Microsoft\Windows NT\CurrentVersion\DRIVERS32
Software\Microsoft\Windows NT\CurrentVersion\Installable Compressors
SOFTWARE\Debug\quartz.dll
Software\Microsoft\Multimedia\ActiveMovie Filters\MPEG Decoder
{33D9A760-90C8-11D0-BD43-00A0C911CE86}
cvid
i420
iyuv
mrle
msvc
uyvy
yuy2
yvu9
yvyu
CLSID\{33D9A760-90C8-11D0-BD43-00A0C911CE86}\Instance\DV Video Encoder
CLSID\{33D9A760-90C8-11D0-BD43-00A0C911CE86}\Instance\MJPEG Compressor
Software\Microsoft\ActiveMovie\devenum\{33D9A760-90C8-11D0-BD43-00A0C911CE86}\cvid
Software\Microsoft\ActiveMovie\devenum\{33D9A760-90C8-11D0-BD43-00A0C911CE86}\i420
Software\Microsoft\ActiveMovie\devenum\{33D9A760-90C8-11D0-BD43-00A0C911CE86}\iyuv
Software\Microsoft\ActiveMovie\devenum\{33D9A760-90C8-11D0-BD43-00A0C911CE86}\mrle
Software\Microsoft\ActiveMovie\devenum\{33D9A760-90C8-11D0-BD43-00A0C911CE86}\msvc
Software\Microsoft\ActiveMovie\devenum\{33D9A761-90C8-11D0-BD43-00A0C911CE86}
{33D9A761-90C8-11D0-BD43-00A0C911CE86}\Instance
System\CurrentControlSet\Control\MediaResources\acm
{33D9A761-90C8-11D0-BD43-00A0C911CE86}
17IMA ADPCM
1PCM
2Microsoft ADPCM
49GSM 6.10
6CCITT A-Law
7CCITT u-Law
Software\Microsoft\ActiveMovie\devenum\{33D9A761-90C8-11D0-BD43-00A0C911CE86}\17IMA ADPCM
Software\Microsoft\ActiveMovie\devenum\{33D9A761-90C8-11D0-BD43-00A0C911CE86}\1PCM
Software\Microsoft\ActiveMovie\devenum\{33D9A761-90C8-11D0-BD43-00A0C911CE86}\2Microsoft ADPCM
Software\Microsoft\ActiveMovie\devenum\{33D9A761-90C8-11D0-BD43-00A0C911CE86}\49GSM 6.10
Software\Microsoft\ActiveMovie\devenum\{33D9A761-90C8-11D0-BD43-00A0C911CE86}\6CCITT A-Law
Software\Microsoft\ActiveMovie\devenum\{33D9A761-90C8-11D0-BD43-00A0C911CE86}\7CCITT u-Law
CLSID\{8cae96b7-85b1-4605-b23c-17ff5262b296}
CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{8cae96b7-85b1-4605-b23c-17ff5262b296}
Software\Microsoft\.NETFramework\Policy\Standards
v4.0.30319
Software\Microsoft\.NETFramework\Policy\Upgrades
SOFTWARE\SearchKnow
Software\InstallShield\ISWI\7.0\SetupExeLog
SOFTWARE\ATI\ACE\SETTINGS\CLI
SOFTWARE\ATI\ACE\PACKAGES\CORE-STATIC
v2.0.50727
Software\Microsoft\Fusion
Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\sample
Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options
Software\Microsoft\.NETFramework\Security\Policy\Extensions\NamedPermissionSets
Internet
LocalIntranet
Software\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-21-3979321414-2393373014-2172761192-1000
Software\Microsoft\.NETFramework\v2.0.50727\Security\Policy
Software\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32
index1c2
NI\181938c6\7950e2c5
NI\181938c6\7950e2c5\16
IL\7950e2c5\4b5f28af\5f
Software\Microsoft\Cryptography\Wintrust\Config
Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks
Software\ASI Software\Whisper 32\1.0
SOFTWARE\EPSON\STM3
Software\Wilson WindowWare\Settings\WWW-PROD\WB44I
Software\Wilson WindowWare\Settings\WWWBATCH\MAIN
SOFTWARE\Microsoft\Windows NT\CurrentVersion\Perflib\009\
Software\Toshiba\swtos
Software\Microsoft\Windows\CurrentVersion\Setup\State
Software\Toshiba\ToshibaImage
Software\Microsoft\Wbem\Scripting
software\TOSHIBA\swtos
Software\Microsoft\Windows\CurrentVersion\Uninstall\{6D35DF2D-7523-4CB6-9E8F-A1660D9F8637}_is1
Control Panel\Mouse
Software\AutoIt v3\AutoIt
SYSTEM\CurrentControlSet\Control\Nls\Language
toolslib.net
sample[1696]RegValuesLock
sample[1696]ExtMonitorLock
Global\HP_SCAN_APP_MUTEX_
Global\WIATRACE_MUTEX
<NULL>
t "TeamViewer_Win32_Instance_Mutex"
TeamViewer_Win32_Instance_Mutex
Acer_IdentityCard_FUB_GUID_For_Single_Instance
Local\RstrMgr3887CAB8-533F-4C85-B0DC-3E5639F8D511
Local\RstrMgr-3887CAB8-533F-4C85-B0DC-3E5639F8D511-Session0000
CRemoteProcApiCalls::m_bShowLoadingScreen
CRemoteProcApiCalls::m_nMaxLoadingScreenOffers
CSDKApi::m_bSkipAllOffersTriggered
CSDKApi::m_bDeclineOfferTriggered
CSDKApi::m_bShowSkipAllButton
CSDKApi::m_bShowDeclineButton
Global\223CEB62-A2BC-4E33-BA9B-FCAC6DAAB1BE
m_wndDummyAPIMsgWindow
CTrackingCalls::m_bIsRunningFromReboot
CSDKApi::GetTimeMSFromStartup
CSDKApi::DevModeMessage
CSDKApi::m_strClientSessionID
CAPIMessageWindow::m_arrayProcIds
CRequestManager::m_aRequestPools
DEFINED_LoadSDKDLL
Global\426F00E8-A1B3-4EB2-8FF8-0950920F5D6E
DEFINED_SetCmdLineValuesW
DEFINED_SetNoCandy
DEFINED_GetNoCandy
DEFINED_Shutdown
Global\MiddleRush
Global\SearchWindowResults
{33E05CA6-6F74-4C4F-AC71-919B44BAC224}
Local\ZonesCacheCounterMutex
Local\ZonesLockedCacheCounterMutex
_SHuassist.mtx
ZA INSTALL
dvdflick_setup_mutex
RAL3BBEAAA4
3BBEAAA4::WK
Local\WinSpl64To32Mutex_22d24_0_3000
Global\CashKitten
{1B83E195-C3B4-4f8c-94FF-B1257EC9147C}
MediaPlayerClassicW
eed3bd3a-a1ad-4e99-987b-d7cb3fcfa7f0 - S-1-5-21-3979321414-2393373014-2172761192-1000
AMResourceMutex3
Ysafido Jyepqitl
Global\SearchKnow
.NET CLR Data_Perf_Library_Lock_PID_bac
.NET CLR Networking_Perf_Library_Lock_PID_bac
.NET Data Provider for Oracle_Perf_Library_Lock_PID_bac
.NET Data Provider for SqlServer_Perf_Library_Lock_PID_bac
.NETFramework_Perf_Library_Lock_PID_bac
BITS_Perf_Library_Lock_PID_bac
ESENT_Perf_Library_Lock_PID_bac
Lsa_Perf_Library_Lock_PID_bac
MSDTC_Perf_Library_Lock_PID_bac
MSDTC Bridge 3.0.0.0_Perf_Library_Lock_PID_bac
MSSCNTRS_Perf_Library_Lock_PID_bac
PerfDisk_Perf_Library_Lock_PID_bac
PerfNet_Perf_Library_Lock_PID_bac
PerfOS_Perf_Library_Lock_PID_bac
PerfProc_Perf_Library_Lock_PID_bac
rdyboost_Perf_Library_Lock_PID_bac
RemoteAccess_Perf_Library_Lock_PID_bac
ServiceModelEndpoint 3.0.0.0_Perf_Library_Lock_PID_bac
ServiceModelOperation 3.0.0.0_Perf_Library_Lock_PID_bac
ServiceModelService 3.0.0.0_Perf_Library_Lock_PID_bac
SMSvcHost 3.0.0.0_Perf_Library_Lock_PID_bac
Spooler_Perf_Library_Lock_PID_bac
TapiSrv_Perf_Library_Lock_PID_bac
Tcpip_Perf_Library_Lock_PID_bac
TermService_Perf_Library_Lock_PID_bac
UGatherer_Perf_Library_Lock_PID_bac
UGTHRSVC_Perf_Library_Lock_PID_bac
usbhub_Perf_Library_Lock_PID_bac
Windows Workflow Foundation 3.0.0.0_Perf_Library_Lock_PID_bac
WmiApRpl_Perf_Library_Lock_PID_bac
WSearchIdxPi_Perf_Library_Lock_PID_bac
Global\LOADPERF_MUTEX
Lajxe Pomulocn
Local\MSCTF.Asm.MutexDefault1
DefaultTabtip-MainUI
Global\MiddleRush
Global\SearchWindowResults
dvdflick_setup_mutex
DVD Flick
898::DA29D97020
3BBEAAA4:SIMULATEEXPIRED
Global\CashKitten
{1B83E195-C3B4-4f8c-94FF-B1257EC9147C}
Global\SearchKnow
Global\CLR_CASOFF_MUTEX
"C:\Program Files\Internet Explorer\iexplore.exe" http://cdnsoft.org/get_file.php?p=25/roland-versaworks-4.61.zip&u={512063B0-7DEF-4A9A-9E9D-006C6586C678}
"C:\IntegrityCheck.exe"
"C:\sample" --writer
"C:\Users\win7\AppData\Local\Temp\VSDC317.tmp\DotNetFX\dotnetchk.exe"
C:\Windows\splwow64.exe 12288
MpSigStub.exe /program "C:\sample"
"MOM"
C:\Users\win7\AppData\Local\Temp\Uninstall.bat
C:\Windows\system32\cmd.exe /c ping -n 2 localhost > nul & del /q /f "C:\sample"
C:\Windows\SysWOW64\sti.dll
C:\sample
C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.18834_none_72d38c5186679d48\gdiplus.dll
C:\Users\win7\AppData\Local\Temp\TeamViewer\TeamViewer_.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Users\win7\AppData\Local\Tem
C:\Windows\syswow64\MSCTF.dll
C:\Windows\syswow64\USER32.dll
C:\Windows\system32\RichEd20.DLL
C:\DLL_Loader.exe
C:\Users\win7\AppData\Local\Temp\is-SJ3RJ.tmp\sample.tmp
C:\Windows\syswow64\KERNELBASE.dll
C:\Windows\syswow64\kernel32.dll
C:\Windows\SysWOW64\ntdll.dll
C:\Windows\syswow64\msvcrt.dll
C:\Windows\SysWOW64\schannel.dll
C:\Windows\system32\cryptnet.dll
C:\Windows\syswow64\CRYPT32.dll
C:\Windows\SysWOW64\RunDll32.exe
C:\Windows\SysWOW64\RunDll32.ex
C:\Windows\SysWOW64\RichEd20.dll
C:\Users\win7\AppData\Local\Temp\nsu6F18.tmp\OCSetupHlp.dll
C:\Windows\SysWOW64\ieframe.dll
C:\Windows\system32\DUser.dll
C:\Windows\syswow64\shlwapi.DLL
C:\Windows\system32\RICHED20.dll
C:\Windows\system32\twext.dll
C:\Windows\system32\propsys.dll
C:\Windows\system32\zipfldr.dll
C:\Windows\system32\ntshrui.dll
C:\Windows\system32\syncui.dll
C:\Windows\system32\acppage.dll
C:\Windows\system32\EhStorShell.dll
C:\Windows\system32\DSOUND.dll
C:\Users\win7\AppData\Local\Temp\VSDC317.tmp\DotNetFX\dotnetchk.exe
C:\Windows\system32\MSCOREE.DLL
C:\Windows\system32\PROPSYS.dll
C:\Users\win7\AppData\Local\Temp\is-FOS5V.tmp\sample.tmp
C:\Windows\system32\RICHED20.DLL
C:\Windows\system32\IEFRAME.dll
C:\Windows\SysWOW64\quartz.dll
C:\Windows\system32\msrle32.dll
C:\Windows\system32\msvidc32.dll
C:\Windows\system32\msyuv.dll
C:\Windows\system32\iyuv_32.dll
C:\Windows\system32\tsbyuv.dll
C:\Windows\system32\iccvid.dll
C:\Windows\system32\msacm32.dll
C:\Windows\SYSTEM32\MSCOREE.DLL
C:\Windows\System32\msxml3.dll
C:\Windows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_d08cc06a442b34fc\MSVCR80.dll
C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
C:\Windows\system32\RichEd20.dll
C:\WBDJA44I.DLL
C:\Users\win7\AppData\Local\Temp\is-HKLV5.tmp\sample.tmp
C:\Users\win7\AppData\Local\Temp\nsvA49D.tmp
C:\Users\win7\AppData\Local\Temp\nsqA4CE.tmp
C:\Users\win7\Desktop\desktop.ini
C:\Users\win7\AppData\Local\Temp\Opera Installer\opera_installer_20160404191029.log
C:\Users\win7\AppData\Local\Temp\nsp6EF7.tmp
C:\Users\win7\AppData\Local\Temp\nsu6F18.tmp
C:\Users\win7\AppData\Roaming\{B7DF172C-FB01-4A20-8719-E6760EEAB894}/roland-versaworks-4.61.zip
C:\Users\win7\AppData\Local\Temp\nsu6F18.tmp\button.bmp
C:\Users\win7\AppData\Local\Temp\nsu6F18.tmp\nsDialogs.dll
C:\Users\win7\AppData\Local\Temp\nsu6F18.tmp\NSISdl.dll
C:\Users\win7\AppData\Local\Temp\nsu6F18.tmp\OCSetupHlp.dll
C:\Users\win7\AppData\Local\Temp\nsu6F18.tmp\skinnedbutton.dll
C:\Users\win7\AppData\Local\Temp\nsu6F18.tmp\System.dll
C:\Users\win7\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Outil de notification Live Search.lnk
C:\Users\win7\AppData\Roaming\Microsoft\Live Search\Notification-LiveSearch.exe
C:\Users\win7\AppData\Roaming\Microsoft\Live Search\Mise-a-jour-LiveSearch.exe
C:\Users\win7\AppData\Roaming\Microsoft\Live Search\Suppression-Live-Search.exe
C:\Users\win7\AppData\Local\Temp\{907A1104-E812-4b5c-959B-E4DAB37A96AB}
C:\Users\Public\Desktop\PCFriendly DVD.lnk
C:\Program Files\Common Files\System\msadc\handler.reg
C:\Program Files\Common Files\System\msadc\handsafe.reg
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\NonCritical_x64_d473a376adfb18a7b165c5e3c26de43cd8bccb_cab_07087674\DMI7607.tmp.log.xml
C:\Python27\Lib\site-packages\setuptools\script.tmpl
C:\Users\Default\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms
C:\Users\Default\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms
C:\Users\win7\AppData\Local\Microsoft\Windows\UsrClass.dat{11d129ea-0f9a-11e5-851a-080027f0a770}.TMContainer00000000000000000001.regtrans-ms
C:\Users\win7\AppData\Local\Microsoft\Windows\UsrClass.dat{11d129ea-0f9a-11e5-851a-080027f0a770}.TMContainer00000000000000000002.regtrans-ms
C:\Users\win7\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms
C:\Users\win7\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms
C:\Windows\assembly\GAC_MSIL\System.Web.RegularExpressions
C:\Windows\assembly\GAC_MSIL\System.Web.RegularExpressions\2.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll
C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web.RegularE#
C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web.RegularE#\4b4500ebe72a7270bf31546d2013f3cb\System.Web.RegularExpressions.ni.dll
C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP586B.tmp
C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAPE0E8.tmp
C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAPFD42.tmp
C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Web.RegularE#
C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Web.RegularE#\326659f7fee9e0c4235e096efc0eec9c\System.Web.RegularExpressions.ni.dll
C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAP14E8.tmp
C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAP4816.tmp
C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAP5D6B.tmp
C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAPE0FB.tmp
C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAPE3E8.tmp
ini
C:\Users\win7\AppData\Local\Temp\_MSI5166._IS
__tmp_rar_sfx_access_check_865250
__tmp_rar_sfx_access_check_865968
C:\Windows\system32\ConanPatcher.exe
C:\Users\win7\AppData\Local\Temp\autD3FA.tmp
C:\Users\win7\AppData\Local\Temp\autD40B.tmp
C:\Users\win7\AppData\Local\Temp\autD40C.tmp
C:\Users\win7\AppData\Local\Temp\autD41C.tmp
C:\Users\win7\AppData\Local\Temp\autD41D.tmp
C:\Users\win7\AppData\Local\Temp\autD41E.tmp
C:\Users\win7\AppData\Local\Temp\autD41F.tmp
C:\Users\win7\AppData\Local\Temp\autD44F.tmp
C:\Users\win7\AppData\Local\Temp\autD48F.tmp
C:\Users\win7\AppData\Local\Temp\autD4CE.tmp
C:\Users\win7\AppData\Local\Temp\~DF6A5143A494AE5F7A.TMP
GetAsyncKeyState
WriteProcessMemory
CreateRemoteThread
CreateProcessA
ShellExecuteW
ShellExecuteExW
ShellExecuteExA
IsDebuggerPresent
OpenProcess
ReadProcessMemory
CreateProcessW
InternetReadFile
ShellExecuteA
Precise Detectors Analysis Results
No Detector Result Received
Advance Heuristics
No Advanced Heuristic Analysis Result Received
Human Expert Analysis Results
Analysis Start Date: 2016-04-05 09:26:33.604118 ( )
Analysis End Date: 2016-04-05 10:09:34.005534 ( )
File Upload Date: 2016-04-05 08:45:19.003555 ( )
Update Date: 2016-04-05 10:09:34.005570 ( )
Human Expert Analyst Feedback: Adwcleaner-Safe
Verdict: Clean
Additional File Information
| Property | Value |
|---|
| Name | Virtual Address | Virtual Size | Raw Size | Entropy | MD5 |
|---|