SystemLook 30.07.11 by jpshortstuff Log created at 13:41 on 09/09/2012 by KGaming Administrator - Elevation successful ========== regfind ========== Searching for "server.exe" [HKEY_CURRENT_USER\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache] "C:\Users\KGaming\Desktop\serwer\Minecraft_Server.exe"="Minecraft_Server.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\dxpServer.EXE] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\RAServer.EXE] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\SBEServer.EXE] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2D3AC5E6-D557-42EE-AB8A-F95239E9939F}\LocalServer32] @="%SystemRoot%\ehome\CreateDisc\SBEServer.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2D3AC5E6-D557-42EE-AB8A-F95239E9939F}\LocalServer32] "ServerExecutable"="%SystemRoot%\ehome\CreateDisc\SBEServer.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3B191048-B0AD-4CFE-902C-F51140AA77ED}\LocalServer32] @="%SystemRoot%\ehome\CreateDisc\SBEServer.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3B191048-B0AD-4CFE-902C-F51140AA77ED}\LocalServer32] "ServerExecutable"="%SystemRoot%\ehome\CreateDisc\SBEServer.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3C3A70A7-A468-49B9-8ADA-28E11FCCAD5D}\LocalServer32] @="C:\Windows\System32\RAServer.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{48E1B01B-5619-4898-8714-DD1897BA07B2}\LocalServer32] @="%SystemRoot%\ehome\CreateDisc\SBEServer.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{48E1B01B-5619-4898-8714-DD1897BA07B2}\LocalServer32] "ServerExecutable"="%SystemRoot%\ehome\CreateDisc\SBEServer.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{49010C18-B110-421a-9047-ADCA421CBC40}\LocalServer32] @="C:\Windows\System32\RAServer.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6570B2AA-1F63-4959-9D98-C12ABB483DFC}\LocalServer32] @="%SystemRoot%\ehome\CreateDisc\SBEServer.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6570B2AA-1F63-4959-9D98-C12ABB483DFC}\LocalServer32] "ServerExecutable"="%SystemRoot%\ehome\CreateDisc\SBEServer.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{69127644-2511-4DF5-BC6A-26178254AA40}\LocalServer32] @="C:\Windows\System32\RAServer.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b8f87e75-d1d5-446b-931c-3f61b97bca7a}\LocalServer32] @="%systemroot%\system32\DXPServer.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C0B3C446-3032-4016-926F-9BAE48BEBFBE}\LocalServer32] @="C:\Windows\System32\RAServer.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D0E55F9F-0021-42fe-A1DB-C41F5B564EFE}\LocalServer32] @="C:\Windows\System32\RAServer.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E05FDDED-C4A7-4338-80D7-7577655D5412}\LocalServer32] @="%SystemRoot%\ehome\CreateDisc\SBEServer.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E05FDDED-C4A7-4338-80D7-7577655D5412}\LocalServer32] "ServerExecutable"="%SystemRoot%\ehome\CreateDisc\SBEServer.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E62456F4-62AC-45CB-99DE-4E0F6B6062D7}\LocalServer32] @="%SystemRoot%\ehome\CreateDisc\SBEServer.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E62456F4-62AC-45CB-99DE-4E0F6B6062D7}\LocalServer32] "ServerExecutable"="%SystemRoot%\ehome\CreateDisc\SBEServer.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{A7C01D63-4403-4BE2-B1AF-6EE0A2E6A1E9}\1.0\0\win32] @="C:\Windows\System32\RAServer.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{D125EF45-965C-4BE3-8D2F-48B7CB84F648}\1.0\0\win32] @="%SystemRoot%\ehome\CreateDisc\SBEServer.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{3C3A70A7-A468-49B9-8ADA-28E11FCCAD5D}\LocalServer32] @="C:\Windows\SysWOW64\RAServer.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{49010C18-B110-421a-9047-ADCA421CBC40}\LocalServer32] @="C:\Windows\SysWOW64\RAServer.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{69127644-2511-4DF5-BC6A-26178254AA40}\LocalServer32] @="C:\Windows\SysWOW64\RAServer.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{C0B3C446-3032-4016-926F-9BAE48BEBFBE}\LocalServer32] @="C:\Windows\SysWOW64\RAServer.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D0E55F9F-0021-42fe-A1DB-C41F5B564EFE}\LocalServer32] @="C:\Windows\SysWOW64\RAServer.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\AppID\dxpServer.EXE] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\AppID\RAServer.EXE] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\AppID\SBEServer.EXE] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{A7C01D63-4403-4BE2-B1AF-6EE0A2E6A1E9}\1.0\0\win32] @="C:\Windows\System32\RAServer.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D125EF45-965C-4BE3-8D2F-48B7CB84F648}\1.0\0\win32] @="%SystemRoot%\ehome\CreateDisc\SBEServer.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Publishers\{728b8c72-0f0f-4071-9bcc-27cb3b6dacbe}] "ResourceFileName"="%SystemRoot%\system32\dxpserver.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Publishers\{728b8c72-0f0f-4071-9bcc-27cb3b6dacbe}] "MessageFileName"="%SystemRoot%\system32\dxpserver.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{MQ06UB08-05GO-A3QK-LHI0-160AJOIU43E3}] "StubPath"="C:\directory\Windows Update\HKLMCUM\install\server.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{3C3A70A7-A468-49B9-8ADA-28E11FCCAD5D}\LocalServer32] @="C:\Windows\SysWOW64\RAServer.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{49010C18-B110-421a-9047-ADCA421CBC40}\LocalServer32] @="C:\Windows\SysWOW64\RAServer.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{69127644-2511-4DF5-BC6A-26178254AA40}\LocalServer32] @="C:\Windows\SysWOW64\RAServer.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{C0B3C446-3032-4016-926F-9BAE48BEBFBE}\LocalServer32] @="C:\Windows\SysWOW64\RAServer.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{D0E55F9F-0021-42fe-A1DB-C41F5B564EFE}\LocalServer32] @="C:\Windows\SysWOW64\RAServer.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\AppID\dxpServer.EXE] [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\AppID\RAServer.EXE] [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\AppID\SBEServer.EXE] [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{A7C01D63-4403-4BE2-B1AF-6EE0A2E6A1E9}\1.0\0\win32] @="C:\Windows\System32\RAServer.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{D125EF45-965C-4BE3-8D2F-48B7CB84F648}\1.0\0\win32] @="%SystemRoot%\ehome\CreateDisc\SBEServer.exe" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SharedAccess\Defaults\FirewallPolicy\FirewallRules] "RemoteAssistance-RAServer-In-TCP-NoScope-Active"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Domain|App=%SystemRoot%\system32\raserver.exe|Name=@FirewallAPI.dll,-33011|Desc=@FirewallAPI.dll,-33014|EmbedCtxt=@FirewallAPI.dll,-33002|" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SharedAccess\Defaults\FirewallPolicy\FirewallRules] "RemoteAssistance-RAServer-Out-TCP-NoScope-Active"="v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|Profile=Domain|App=%SystemRoot%\system32\raserver.exe|Name=@FirewallAPI.dll,-33015|Desc=@FirewallAPI.dll,-33018|EmbedCtxt=@FirewallAPI.dll,-33002|" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "RemoteAssistance-RAServer-In-TCP-NoScope-Active"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Domain|App=%SystemRoot%\system32\raserver.exe|Name=@FirewallAPI.dll,-33011|Desc=@FirewallAPI.dll,-33014|EmbedCtxt=@FirewallAPI.dll,-33002|" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "RemoteAssistance-RAServer-Out-TCP-NoScope-Active"="v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|Profile=Domain|App=%SystemRoot%\system32\raserver.exe|Name=@FirewallAPI.dll,-33015|Desc=@FirewallAPI.dll,-33018|EmbedCtxt=@FirewallAPI.dll,-33002|" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\SharedAccess\Defaults\FirewallPolicy\FirewallRules] "RemoteAssistance-RAServer-In-TCP-NoScope-Active"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Domain|App=%SystemRoot%\system32\raserver.exe|Name=@FirewallAPI.dll,-33011|Desc=@FirewallAPI.dll,-33014|EmbedCtxt=@FirewallAPI.dll,-33002|" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\SharedAccess\Defaults\FirewallPolicy\FirewallRules] "RemoteAssistance-RAServer-Out-TCP-NoScope-Active"="v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|Profile=Domain|App=%SystemRoot%\system32\raserver.exe|Name=@FirewallAPI.dll,-33015|Desc=@FirewallAPI.dll,-33018|EmbedCtxt=@FirewallAPI.dll,-33002|" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "RemoteAssistance-RAServer-In-TCP-NoScope-Active"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Domain|App=%SystemRoot%\system32\raserver.exe|Name=@FirewallAPI.dll,-33011|Desc=@FirewallAPI.dll,-33014|EmbedCtxt=@FirewallAPI.dll,-33002|" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "RemoteAssistance-RAServer-Out-TCP-NoScope-Active"="v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|Profile=Domain|App=%SystemRoot%\system32\raserver.exe|Name=@FirewallAPI.dll,-33015|Desc=@FirewallAPI.dll,-33018|EmbedCtxt=@FirewallAPI.dll,-33002|" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Defaults\FirewallPolicy\FirewallRules] "RemoteAssistance-RAServer-In-TCP-NoScope-Active"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Domain|App=%SystemRoot%\system32\raserver.exe|Name=@FirewallAPI.dll,-33011|Desc=@FirewallAPI.dll,-33014|EmbedCtxt=@FirewallAPI.dll,-33002|" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Defaults\FirewallPolicy\FirewallRules] "RemoteAssistance-RAServer-Out-TCP-NoScope-Active"="v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|Profile=Domain|App=%SystemRoot%\system32\raserver.exe|Name=@FirewallAPI.dll,-33015|Desc=@FirewallAPI.dll,-33018|EmbedCtxt=@FirewallAPI.dll,-33002|" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "RemoteAssistance-RAServer-In-TCP-NoScope-Active"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Domain|App=%SystemRoot%\system32\raserver.exe|Name=@FirewallAPI.dll,-33011|Desc=@FirewallAPI.dll,-33014|EmbedCtxt=@FirewallAPI.dll,-33002|" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "RemoteAssistance-RAServer-Out-TCP-NoScope-Active"="v2.10|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|Profile=Domain|App=%SystemRoot%\system32\raserver.exe|Name=@FirewallAPI.dll,-33015|Desc=@FirewallAPI.dll,-33018|EmbedCtxt=@FirewallAPI.dll,-33002|" [HKEY_USERS\S-1-5-21-3575944021-1533753860-1483881400-1000\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache] "C:\Users\KGaming\Desktop\serwer\Minecraft_Server.exe"="Minecraft_Server.exe" [HKEY_USERS\S-1-5-21-3575944021-1533753860-1483881400-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache] "C:\Users\KGaming\Desktop\serwer\Minecraft_Server.exe"="Minecraft_Server.exe" -= EOF =-