Zdravím!
Na počítači byl problém s malware browserem Chrome Search Club, který jsme s pomocí návodu na netu a programu Zemana AntiMalware Free odstranili. Nicméně počítač se stále pomalu načítá, občas se sám od sebe restartuje, blue screen se často opakuje. Obrazovka, myš i klávesnice někdy zamrznou a nereagují. Též internet je pomalejší.
Předem děkuji za pomoc!
______________________________________________________________________________________________________________
Logfile of random's system information tool 1.10 (written by random/random)
Run by TDW at 2018-01-17 22:29:45
Microsoft Windows 7 Ultimate Service Pack 1
System drive C: has 214 GB (45%) free of 477 GB
Total RAM: 3575 MB (49% free)
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 10:29:46 PM, on 17-Jan-18
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.18858)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskhost.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe
C:\Program Files\bcontrol\Bezeq.bclient.exe
C:\Program Files\Zemana AntiMalware\ZAM.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Cleaning\RSIT.exe
C:\Program Files\trend micro\TDW.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:Tabs
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Splashtop Connect SearchHook - {0F3DC9E0-C459-4a40-BCF8-747BD9322E10} - C:\Program Files\Splashtop\Splashtop Connect IE\AddressBarSearch.dll
O2 - BHO: Splashtop Connect VisualBookmark - {0E5680D1-BF44-4929-94AF-FD30D784AD1D} - C:\Program Files\Splashtop\Splashtop Connect IE\STC.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.8.0_31\bin\ssv.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre1.8.0_31\bin\jp2ssv.dll
O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe -s
O4 - HKLM\..\Run: [STCAgent] "C:\Program Files\Splashtop\Splashtop Connect IE\STCAgent.exe"
O4 - HKLM\..\Run: [ZyngaGamesAgent] "C:\Program Files\Splashtop\Splashtop Connect\ZyngaGamesAgent.exe"
O4 - HKLM\..\Run: [Logitech Download Assistant] C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
O4 - HKLM\..\Run: [NvBackend] "C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe"
O4 - HKLM\..\Run: [bcontrol] "C:\Program Files\bcontrol\Bezeq.bclient.exe"
O4 - HKLM\..\Run: [ZAM] "C:\Program Files\Zemana AntiMalware\ZAM.exe" /minimized
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra button: (no name) - {4F9FD89A-24F0-4fb7-9635-D54B3593B85B} - C:\Program Files\Splashtop\Splashtop Connect IE\STC.dll (HKCU)
O9 - Extra 'Tools' menuitem: @"C:\Program Files\Splashtop\Splashtop Connect IE\STCHelper.exe",-101 - {4F9FD89A-24F0-4fb7-9635-D54B3593B85B} - C:\Program Files\Splashtop\Splashtop Connect IE\STC.dll (HKCU)
O9 - Extra button: @"C:\Program Files\Splashtop\Splashtop Connect IE\STCHelper.exe",-103 - {9E508DD9-844C-4985-AC11-AFE5DD71E0BF} - C:\Program Files\Splashtop\Splashtop Connect IE\STC.dll (HKCU)
O9 - Extra button: (no name) - {B771147A-4CC8-450e-8AB1-7D47821751B1} - C:\Program Files\Splashtop\Splashtop Connect IE\STC.dll (HKCU)
O9 - Extra 'Tools' menuitem: @"C:\Program Files\Splashtop\Splashtop Connect IE\STCHelper.exe",-102 - {B771147A-4CC8-450e-8AB1-7D47821751B1} - C:\Program Files\Splashtop\Splashtop Connect IE\STC.dll (HKCU)
O9 - Extra button: @"C:\Program Files\Splashtop\Splashtop Connect IE\STCHelper.exe",-104 - {EB89B163-2474-4734-9E93-68B61BC5BED5} - C:\Program Files\Splashtop\Splashtop Connect IE\STC.dll (HKCU)
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O17 - HKLM\System\CCS\Services\Tcpip\..\{4F83BC11-E58F-45EB-9001-D6099356579E}: NameServer = 127.0.0.1
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 8.8.8.8,8.8.8.4
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 8.8.8.8,8.8.8.4
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 8.8.8.8,8.8.8.4
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - (no file)
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: AMD External Events Utility - AMD - C:\Windows\system32\atiesrxx.exe
O23 - Service: BUpdater Windows Service - Unknown owner - C:\Program Files\bcontrol\Bezeq.Service.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\Windows\system32\GameMon.des.exe (file missing)
O23 - Service: NVIDIA Display Container LS (NVDisplay.ContainerLocalSystem) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
O23 - Service: NVIDIA Streamer Network Service (NvStreamNetworkSvc) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
O23 - Service: NVIDIA Streamer Service (NvStreamSvc) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe
O23 - Service: Splashtop Connect Service (SCBackService) - Splashtop Inc. - C:\Program Files\Splashtop\Splashtop Connect\BackService.exe
O23 - Service: Intel(R) Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
O23 - Service: Update service - Popcorn Time - C:\Program Files\Popcorn Time\Updater.exe
O23 - Service: Splashtop Connect Firefox Software Updater Service (WCUService_STC_FF) - Unknown owner - C:\Program Files\Splashtop\Splashtop Connect Firefox Software Updater\WCUService.exe (file missing)
O23 - Service: Splashtop Connect IE Software Updater Service (WCUService_STC_IE) - Splashtop Inc. - C:\Program Files\Splashtop\Splashtop Connect IE Software Updater\WCUService.exe
O23 - Service: ZAM Controller Service (ZAMSvc) - Copyright 2017. - C:\Program Files\Zemana AntiMalware\ZAM.exe
--
End of file - 8654 bytes
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0E5680D1-BF44-4929-94AF-FD30D784AD1D}]
Splashtop Connect VisualBookmark - C:\Program Files\Splashtop\Splashtop Connect IE\STC.dll [2011-03-05 345968]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL [2013-12-19 4171480]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre1.8.0_31\bin\ssv.dll [2015-01-22 460712]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
Office Document Cache Handler - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL [2013-03-06 562904]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-01-22 172968]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"=C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [2011-06-07 10082920]
"STCAgent"=C:\Program Files\Splashtop\Splashtop Connect IE\STCAgent.exe [2011-03-05 776064]
"ZyngaGamesAgent"=C:\Program Files\Splashtop\Splashtop Connect\ZyngaGamesAgent.exe []
"Logitech Download Assistant"=C:\Windows\System32\LogiLDA.dll [2012-09-20 1425208]
"NvBackend"=C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe [2016-06-15 2398776]
"bcontrol"=C:\Program Files\bcontrol\Bezeq.bclient.exe [2017-09-12 49608]
"ZAM"=C:\Program Files\Zemana AntiMalware\ZAM.exe [2017-08-09 15775888]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BCSSync]
C:\Program Files\Microsoft Office\Office14\BCSSync.exe [2012-11-05 89184]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogMeIn Hamachi Ui]
C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe --auto-start []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OfficeSyncProcess]
C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE [2015-09-02 721504]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Optimizer Pro]
C:\Program Files\Optimizer Pro\OptProLauncher.exe []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
C:\Program Files\Skype\Phone\Skype.exe /minimized /regrun []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\STCAgent]
C:\Program Files\Splashtop\Splashtop Connect IE\STCAgent.exe [2011-03-05 776064]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL [2013-12-19 4171480]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ESETOlmarikOlmascoCleaner]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ESETOlmarikOlmascoCleaner.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\ESETOlmarikOlmascoCleaner]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\ESETOlmarikOlmascoCleaner.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\McNaiAnn]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MCODS]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{4D36E96C-E325-11CE-BFC1-08002BE10318}]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5
"ConsentPromptBehaviorUser"=3
"EnableUIADesktopToggle"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvyu"=msyuv.dll
"vidc.iyuv"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"vidc.yvu9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"vidc.cvid"=iccvid.dll
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"wave2"=wdmaud.drv
"midi2"=wdmaud.drv
"mixer2"=wdmaud.drv
"aux2"=wdmaud.drv
"wave3"=wdmaud.drv
"midi3"=wdmaud.drv
"mixer3"=wdmaud.drv
"aux3"=wdmaud.drv
"wave4"=wdmaud.drv
"midi4"=wdmaud.drv
"mixer4"=wdmaud.drv
"aux4"=wdmaud.drv
"wave5"=wdmaud.drv
"midi5"=wdmaud.drv
"mixer5"=wdmaud.drv
"aux5"=wdmaud.drv
"wave6"=wdmaud.drv
"midi6"=wdmaud.drv
"mixer6"=wdmaud.drv
"aux6"=wdmaud.drv
"wave8"=wdmaud.drv
"midi8"=wdmaud.drv
"mixer8"=wdmaud.drv
"wave7"=wdmaud.drv
"midi7"=wdmaud.drv
"mixer7"=wdmaud.drv
"wave9"=wdmaud.drv
"midi9"=wdmaud.drv
"mixer9"=wdmaud.drv
======File associations======
.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*
======List of files/folders created in the last 1 month======
2018-01-17 22:12:26 ----D---- C:\rsit
2018-01-17 21:39:58 ----A---- C:\Windows\system32\drivers\zam32.sys
2018-01-17 21:39:57 ----A---- C:\Windows\system32\drivers\zamguard32.sys
2018-01-17 21:39:56 ----D---- C:\Program Files\Zemana AntiMalware
2018-01-16 15:13:48 ----A---- C:\Windows\system32\FNTCACHE.DAT
2017-12-30 12:49:16 ----D---- C:\Users\TDW\AppData\Roaming\SystemProcess
======List of files/folders modified in the last 1 month======
2018-01-17 22:29:46 ----D---- C:\Program Files\trend micro
2018-01-17 22:29:45 ----D---- C:\Windows\Temp
2018-01-17 22:14:05 ----D---- C:\Windows\Prefetch
2018-01-17 22:06:46 ----D---- C:\Windows\system32\config
2018-01-17 21:55:02 ----A---- C:\Windows\system32\log.txt
2018-01-17 21:52:50 ----D---- C:\ProgramData\NVIDIA
2018-01-17 21:52:47 ----D---- C:\Windows
2018-01-17 21:50:24 ----HD---- C:\ProgramData
2018-01-17 21:50:22 ----D---- C:\Windows\system32\drivers\etc
2018-01-17 21:50:15 ----D---- C:\Windows\system32\Tasks
2018-01-17 21:39:58 ----D---- C:\Windows\system32\drivers
2018-01-17 21:39:56 ----RD---- C:\Program Files
2018-01-17 18:30:57 ----D---- C:\Users\TDW\AppData\Roaming\vlc
2018-01-16 15:52:57 ----SHD---- C:\System Volume Information
2018-01-16 15:13:48 ----D---- C:\Windows\System32
2018-01-16 15:13:45 ----SHD---- C:\Config.Msi
2018-01-15 19:33:41 ----D---- C:\Windows\system32\wdi
2018-01-14 17:26:45 ----D---- C:\Program Files\Malwarebytes Anti-Malware
2018-01-14 01:00:00 ----D---- C:\Windows\inf
2018-01-13 06:00:00 ----D---- C:\Windows\system32\LogFiles
2018-01-13 02:04:40 ----D---- C:\Windows\debug
2018-01-11 11:39:33 ----SHD---- C:\Windows\Installer
2018-01-11 11:39:31 ----D---- C:\ProgramData\Microsoft Help
2018-01-11 11:39:06 ----D---- C:\Windows\system32\MRT
2018-01-11 11:34:15 ----AC---- C:\Windows\system32\MRT-KB890830.exe
2018-01-11 11:34:03 ----AC---- C:\Windows\system32\MRT.exe
2018-01-09 18:45:02 ----A---- C:\Windows\system32\FlashPlayerApp.exe
2018-01-09 18:45:01 ----D---- C:\Windows\system32\Macromed
2017-12-30 15:44:11 ----D---- C:\Windows\system32\NDF
2017-12-30 15:40:11 ----D---- C:\Windows\Tasks
2017-12-30 15:40:11 ----D---- C:\Windows\system32\wfp
2017-12-30 15:40:09 ----D---- C:\Windows\system32\wbem
2017-12-30 15:39:22 ----HD---- C:\Windows\system32\GroupPolicy
2017-12-30 15:39:22 ----D---- C:\Windows\winsxs
2017-12-30 15:39:22 ----D---- C:\Windows\system32\DriverStore
2017-12-30 15:39:22 ----D---- C:\Windows\system32\catroot2
2017-12-30 15:39:22 ----D---- C:\Program Files\Internet Explorer
2017-12-30 15:39:16 ----D---- C:\Program Files\Google
2017-12-30 15:39:14 ----D---- C:\Windows\registration
2017-12-30 15:38:42 ----RHD---- C:\MSOCache
2017-12-30 13:10:02 ----D---- C:\Windows\SoftwareDistribution
2017-12-30 13:09:43 ----D---- C:\Windows\Minidump
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R0 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12368]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2010-11-20 173440]
R1 CSC;@%systemroot%\system32\cscsvc.dll,-202; C:\Windows\system32\drivers\csc.sys [2010-11-20 388096]
R1 vmm;Virtual Machine Monitor; \??\C:\Windows\system32\Drivers\vmm.sys [2013-03-22 229208]
R3 EtronHub3;Etron USB 3.0 Extensible Hub Driver; C:\Windows\System32\Drivers\EtronHub3.sys [2011-05-25 41600]
R3 EtronXHCI;Etron USB 3.0 Extensible Host Controller Driver; C:\Windows\System32\Drivers\EtronXHCI.sys [2011-05-25 61824]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2011-06-07 3514152]
R3 MEI;Intel(R) Management Engine Interface; C:\Windows\system32\DRIVERS\HECI.sys [2010-09-21 41088]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver; C:\Windows\system32\drivers\nvhda32v.sys [2017-11-09 192432]
R3 NvStreamKms;NvStreamKms; \??\C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [2016-06-15 27704]
R3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM); C:\Windows\system32\drivers\nvvad32v.sys [2016-04-14 50744]
R3 RDPDR;Terminal Server Device Redirector Driver; C:\Windows\System32\drivers\rdpdr.sys [2010-11-20 133632]
R3 RTL8167;Realtek 8167 NT Driver; C:\Windows\system32\DRIVERS\Rt86win7.sys [2011-05-16 391272]
R3 VPCNetS2;Virtual Machine Network Services Driver; C:\Windows\system32\DRIVERS\VMNetSrv.sys [2007-01-29 59280]
S2 Parvdm;Parvdm; C:\Windows\system32\drivers\parvdm.sys [2009-07-14 8704]
S2 sbmntr;SBMNTR; \??\C:\PROGRA~1\YTDOWN~1\sbmntr.sys []
S3 aic78xx;aic78xx; C:\Windows\system32\drivers\djsvs.sys [2009-07-14 70720]
S3 amdagp;AMD AGP Bus Filter Driver; C:\Windows\system32\drivers\amdagp.sys [2009-07-14 53312]
S3 amdkmdag;amdkmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2015-04-24 16955392]
S3 amdkmdap;amdkmdap; C:\Windows\system32\DRIVERS\atikmpag.sys [2015-04-24 472576]
S3 AndNetDiag;LGE AndroidNet USB Serial Port; C:\Windows\system32\DRIVERS\lgandnetdiag.sys []
S3 ANDNetModem;LGE AndroidNet USB Modem; C:\Windows\system32\DRIVERS\lgandnetmodem.sys []
S3 andnetndis;LGE AndroidNet NDIS Ethernet Adapter; C:\Windows\system32\DRIVERS\lgandnetndis.sys []
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service; C:\Windows\system32\drivers\AtihdW73.sys [2016-03-01 87568]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0; C:\Windows\system32\DRIVERS\b57nd60x.sys [2009-07-14 229888]
S3 Bridge;@%SystemRoot%\system32\bridgeres.dll,-3; C:\Windows\system32\DRIVERS\bridge.sys [2009-07-14 78336]
S3 BridgeMP;@%SystemRoot%\system32\bridgeres.dll,-1; C:\Windows\system32\DRIVERS\bridge.sys [2009-07-14 78336]
S3 dmvsc;dmvsc; C:\Windows\system32\drivers\dmvsc.sys [2010-11-20 62464]
S3 EagleXNt;EagleXNt; \??\C:\Windows\system32\drivers\EagleXNt.sys []
S3 ESETOlmarikOlmascoCleaner;ESET Olmarik/Olmasco Cleaner; \??\C:\Windows\system32\Drivers\ESETOlmarikOlmascoCleaner.sys [2014-05-26 126472]
S3 gdrv;gdrv; \??\C:\Windows\gdrv.sys [2012-12-05 17488]
S3 hamachi;Hamachi Network Interface; C:\Windows\system32\DRIVERS\hamachi.sys [2009-03-19 26176]
S3 massfilter;ZTE Mass Storage Filter Driver; C:\Windows\system32\drivers\massfilter.sys []
S3 mcdbus;Driver for MagicISO SCSI Host Controller; C:\Windows\system32\DRIVERS\mcdbus.sys []
S3 msloop;Microsoft Loopback Adapter Driver; C:\Windows\system32\DRIVERS\loop.sys [2009-07-14 5632]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver; C:\Windows\System32\drivers\rdpvideominiport.sys [2017-08-13 15872]
S3 s3cap;s3cap; C:\Windows\system32\drivers\vms3cap.sys [2010-11-20 5632]
S3 sisagp;SIS AGP Bus Filter; C:\Windows\system32\drivers\sisagp.sys [2009-07-14 52304]
S3 storvsc;storvsc; C:\Windows\system32\drivers\storvsc.sys [2010-11-20 28032]
S3 Synth3dVsc;Synth3dVsc; C:\Windows\System32\drivers\synth3dvsc.sys [2010-11-20 77184]
S3 terminpt;Microsoft Remote Desktop Input Driver; C:\Windows\system32\drivers\terminpt.sys [2010-11-20 25600]
S3 TsUsbFlt;@%SystemRoot%\system32\drivers\tsusbflt.sys,-1; C:\Windows\System32\drivers\tsusbflt.sys [2010-11-20 52224]
S3 TsUsbGD;Remote Desktop Generic USB Device; C:\Windows\system32\drivers\TsUsbGD.sys [2010-11-20 27264]
S3 tsusbhub;@%SystemRoot%\system32\drivers\tsusbhub.sys,-1; C:\Windows\system32\drivers\tsusbhub.sys [2010-11-20 112640]
S3 usbscan;USB Scanner Driver; C:\Windows\system32\DRIVERS\usbscan.sys [2013-07-03 36352]
S3 VGPU;VGPU; C:\Windows\System32\drivers\rdvgkmd.sys []
S3 viaagp;VIA AGP Bus Filter; C:\Windows\system32\drivers\viaagp.sys [2009-07-14 53328]
S3 ViaC7;VIA C7 Processor Driver; C:\Windows\system32\drivers\viac7.sys [2009-07-14 52736]
S3 vmbus;vmbus; C:\Windows\system32\drivers\vmbus.sys [2010-11-20 175360]
S3 VMBusHID;VMBusHID; C:\Windows\system32\drivers\VMBusHID.sys [2010-11-20 17920]
S3 WDC_SAM;WD SCSI Pass Thru driver; C:\Windows\system32\DRIVERS\wdcsam.sys [2008-05-07 11520]
S3 WinUsb;WinUsb; C:\Windows\system32\DRIVERS\WinUsb.sys [2010-11-20 35968]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe [2017-09-27 83984]
R2 AMD External Events Utility;AMD External Events Utility; C:\Windows\system32\atiesrxx.exe [2015-04-24 212992]
R2 BUpdater Windows Service;BUpdater Windows Service; C:\Program Files\bcontrol\Bezeq.Service.exe [2017-09-12 10184]
R2 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2009-07-14 20992]
R2 DiagTrack;@%SystemRoot%\system32\UtcResources.dll,-3001; C:\Windows\System32\svchost.exe [2009-07-14 20992]
R2 LMS;Intel(R) Management and Security Application Local Management Service; C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe [2010-10-06 325656]
R2 NVDisplay.ContainerLocalSystem;NVIDIA Display Container LS; C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe [2017-10-27 425408]
R2 NvStreamSvc;NVIDIA Streamer Service; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [2016-06-15 2018360]
R2 SCBackService;Splashtop Connect Service; C:\Program Files\Splashtop\Splashtop Connect\BackService.exe [2010-11-15 477000]
R2 UNS;Intel(R) Management and Security Application User Notification Service; C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-10-06 2655768]
R2 Update service;Update service; C:\Program Files\Popcorn Time\Updater.exe [2016-08-26 339968]
R2 WCUService_STC_IE;Splashtop Connect IE Software Updater Service; C:\Program Files\Splashtop\Splashtop Connect IE Software Updater\WCUService.exe [2011-03-22 497480]
R3 NvStreamNetworkSvc;NVIDIA Streamer Network Service; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe [2016-06-15 2905656]
R3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2017-04-21 107656]
S2 gupdate;Google Update Service (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2015-08-29 144200]
S2 WCUService_STC_FF;Splashtop Connect Firefox Software Updater Service; C:\Program Files\Splashtop\Splashtop Connect Firefox Software Updater\WCUService.exe []
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2018-01-09 272384]
S3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2009-07-14 20992]
S3 aspnet_state;ASP.NET State Service; C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe [2017-04-21 47224]
S3 gupdatem;Google Update Service (gupdatem); C:\Program Files\Google\Update\GoogleUpdate.exe [2015-08-29 144200]
S3 IEEtwCollectorService;@%SystemRoot%\system32\ieetwcollectorres.dll,-1000; C:\Windows\system32\IEEtwCollector.exe [2017-11-07 104960]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service; C:\Program Files\Microsoft Office\Office14\GROOVE.EXE [2013-12-19 30814400]
S3 npggsvc;nProtect GameGuard Service; C:\Windows\system32\GameMon.des [2016-02-24 4362656]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2017-09-12 159960]
S3 osppsvc;Office Software Protection Platform; C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4640000]
S3 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2012-12-04 1343400]
S4 msvsmon80;Visual Studio 2005 Remote Debugger; C:\Program Files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe [2005-09-23 2799808]
S4 NetMsmqActivator;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2017-04-21 136312]
S4 NetPipeActivator;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2017-04-21 136312]
S4 NetTcpActivator;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2017-04-21 136312]
-----------------EOF-----------------
Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz
Pomalý počítač po odstranění malware
Moderátor: Moderátoři
Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
-
Rudy
- Site Admin
- Příspěvky: 118275
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Pomalý počítač po odstranění malware
Zdravím!
Jak je na tom váš oper.systém s legalitou?
Jak je na tom váš oper.systém s legalitou?
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: Pomalý počítač po odstranění malware
Je legální. Po nákupu byl v počítači již předinstalován.
-
Rudy
- Site Admin
- Příspěvky: 118275
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Pomalý počítač po odstranění malware
OK. Udělejte tento sken:
Stáhněte a spusťte OTL: http://oldtimer.geekstogo.com/OTL.exe . Spusťte, zaškrněte "Pro všechny uživatele", Kontrola na havěť LOP" a Kontrola na hvěť PURITY" a do dolního bílého okna zkopírujte:
Stáhněte a spusťte OTL: http://oldtimer.geekstogo.com/OTL.exe . Spusťte, zaškrněte "Pro všechny uživatele", Kontrola na havěť LOP" a Kontrola na hvěť PURITY" a do dolního bílého okna zkopírujte:
a klikněte na >Prohledat<. Dejte oba logy.CREATERESTOREPOINT
netsvcs
drivers32
savembr:0
/md5start
atapi.sys
autochk.exe
cdrom.sys
explorer.exe
hal.dll
scecli.dll
services.exe
svchost.exe
tcpip.sys
userinit.exe
winlogon.exe
/md5stop
%systemroot%*.* /U /s
%SYSTEMDRIVE%\*.exe
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\system32\drivers\*.sys /3
%systemroot%\system32\*.* /3
%SYSTEMDRIVE%\*.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s
%PROGRAMFILES%\Mozilla Firefox\firefox.exe /md5
%PROGRAMFILES%\Internet Explorer\iexplore.exe /md5
%PROGRAMFILES%\Opera\opera.exe /md5
%PROGRAMFILES%\Google\Chrome\Application\chrome.exe /md5
%SystemDrive%\PhysicalMBR.bin /md5
*crack* /s
*keygen* /s
*loader* /s
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: Pomalý počítač po odstranění malware
OTL logfile created on: 18-Jan-18 9:11:53 PM - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Cleaning
Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.18860)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: dd-MMM-yy
3.49 Gb Total Physical Memory | 1.41 Gb Available Physical Memory | 40.49% Memory free
6.98 Gb Paging File | 4.89 Gb Available in Paging File | 69.99% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 465.66 Gb Total Space | 210.38 Gb Free Space | 45.18% Space Free | Partition Type: NTFS
Computer Name: USER-PC | User Name: TDW | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2018-01-03 10:56:48 | 001,367,384 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
PRC - [2017-10-27 18:36:39 | 000,425,408 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
PRC - [2017-09-27 11:27:08 | 000,083,984 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2017-09-12 14:20:58 | 000,049,608 | ---- | M] () -- C:\Program Files\bcontrol\Bezeq.bclient.exe
PRC - [2017-08-11 07:58:32 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2017-08-09 19:20:50 | 015,775,888 | ---- | M] (Copyright 2017.) -- C:\Program Files\Zemana AntiMalware\ZAM.exe
PRC - [2016-09-04 15:43:27 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Cleaning\OTL.exe
PRC - [2016-08-29 16:55:07 | 002,972,672 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2016-08-26 12:26:34 | 000,339,968 | ---- | M] (Popcorn Time) -- C:\Program Files\Popcorn Time\Updater.exe
PRC - [2016-06-15 03:14:44 | 002,398,776 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe
PRC - [2016-06-15 03:14:39 | 019,038,264 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
PRC - [2016-06-15 03:14:38 | 002,905,656 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
PRC - [2016-06-15 03:14:38 | 002,018,360 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe
PRC - [2015-04-24 09:34:00 | 000,626,688 | ---- | M] (AMD) -- C:\Windows\System32\atieclxx.exe
PRC - [2015-04-24 09:34:00 | 000,212,992 | ---- | M] (AMD) -- C:\Windows\System32\atiesrxx.exe
PRC - [2012-11-23 04:48:41 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2011-03-22 10:37:16 | 000,497,480 | ---- | M] (Splashtop Inc.) -- C:\Program Files\Splashtop\Splashtop Connect IE Software Updater\WCUService.exe
PRC - [2010-11-15 13:21:54 | 000,477,000 | ---- | M] (Splashtop Inc.) -- C:\Program Files\Splashtop\Splashtop Connect\BackService.exe
PRC - [2010-10-06 07:04:12 | 002,655,768 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
PRC - [2010-10-06 07:04:08 | 000,325,656 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
========== Modules (No Company Name) ==========
MOD - [2018-01-03 10:56:53 | 003,062,104 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\63.0.3239.132\libglesv2.dll
MOD - [2018-01-03 10:56:53 | 000,085,848 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\63.0.3239.132\libegl.dll
MOD - [2017-09-14 12:43:05 | 002,297,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Core\bd9ff1a4363781a57e8f7392f230a203\System.Core.ni.dll
MOD - [2017-09-13 21:03:54 | 012,437,504 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\367e5b8a038ac76eba17528bb7b3688e\System.Windows.Forms.ni.dll
MOD - [2017-09-13 21:03:49 | 001,593,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\ce3c98f2bf220ef17b0cf4233cac6ceb\System.Drawing.ni.dll
MOD - [2017-09-13 21:03:42 | 005,467,648 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\77c1dc46ea139bf5e1eaa9b87ef03c7a\System.Xml.ni.dll
MOD - [2017-09-13 21:03:39 | 000,978,432 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\ad8dd536906e94c4bc9cb9b82285580b\System.Configuration.ni.dll
MOD - [2017-09-13 21:03:11 | 008,003,072 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ad92dab7f418877d6a1e0358ce35658a\System.ni.dll
MOD - [2017-09-13 21:03:07 | 011,500,544 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\9f895c66454577eff9c77442d0c84f71\mscorlib.ni.dll
MOD - [2017-09-12 14:20:58 | 000,072,648 | ---- | M] () -- C:\Program Files\bcontrol\Bezeq.Common.dll
MOD - [2017-09-12 14:20:58 | 000,049,608 | ---- | M] () -- C:\Program Files\bcontrol\Bezeq.bclient.exe
MOD - [2016-06-15 03:14:44 | 000,020,536 | ---- | M] () -- C:\Program Files\NVIDIA Corporation\Update Core\detoured.dll
MOD - [2013-09-05 00:14:10 | 004,300,456 | ---- | M] () -- C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
========== Services (SafeList) ==========
SRV - File not found [Auto | Stopped] -- C:\Program Files\Splashtop\Splashtop Connect Firefox Software Updater\WCUService.exe -- (WCUService_STC_FF)
SRV - [2018-01-09 18:45:03 | 000,272,384 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2017-11-07 22:39:05 | 000,104,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV - [2017-10-27 18:36:39 | 000,425,408 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe -- (NVDisplay.ContainerLocalSystem)
SRV - [2017-09-27 11:27:08 | 000,083,984 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2017-09-12 14:20:58 | 000,010,184 | ---- | M] () [Auto | Stopped] -- C:\Program Files\bcontrol\Bezeq.Service.exe -- (BUpdater Windows Service)
SRV - [2017-08-09 19:20:50 | 015,775,888 | ---- | M] (Copyright 2017.) [Auto | Running] -- C:\Program Files\Zemana AntiMalware\ZAM.exe -- (ZAMSvc)
SRV - [2016-08-26 12:26:34 | 000,339,968 | ---- | M] (Popcorn Time) [Auto | Running] -- C:\Program Files\Popcorn Time\Updater.exe -- (Update service)
SRV - [2016-08-21 15:05:24 | 000,935,424 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\diagtrack.dll -- (DiagTrack)
SRV - [2016-06-15 03:14:38 | 002,905,656 | ---- | M] (NVIDIA Corporation) [On_Demand | Running] -- C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe -- (NvStreamNetworkSvc)
SRV - [2016-06-15 03:14:38 | 002,018,360 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe -- (NvStreamSvc)
SRV - [2016-02-24 09:15:00 | 004,362,656 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\System32\GameMon.des -- (npggsvc)
SRV - [2015-04-24 09:34:00 | 000,212,992 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2013-12-19 00:41:02 | 030,814,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service)
SRV - [2013-05-27 06:57:27 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2012-12-04 05:58:44 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2011-03-22 10:37:16 | 000,497,480 | ---- | M] (Splashtop Inc.) [Auto | Running] -- C:\Program Files\Splashtop\Splashtop Connect IE Software Updater\WCUService.exe -- (WCUService_STC_IE)
SRV - [2010-11-15 13:21:54 | 000,477,000 | ---- | M] (Splashtop Inc.) [Auto | Running] -- C:\Program Files\Splashtop\Splashtop Connect\BackService.exe -- (SCBackService)
SRV - [2010-10-06 07:04:12 | 002,655,768 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2010-10-06 07:04:08 | 000,325,656 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2009-07-14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009-07-14 03:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2005-09-23 07:01:16 | 002,799,808 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe -- (msvsmon80)
========== Driver Services (SafeList) ==========
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ZTEusbser6k.sys -- (ZTEusbser6k)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ZTEusbnmea.sys -- (ZTEusbnmea)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ZTEusbmdm6k.sys -- (ZTEusbmdm6k)
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\drivers\rdvgkmd.sys -- (VGPU)
DRV - File not found [Kernel | Auto | Stopped] -- C:\PROGRA~1\YTDOWN~1\sbmntr.sys -- (sbmntr)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\mcdbus.sys -- (mcdbus)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\massfilter.sys -- (massfilter)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\EagleXNt.sys -- (EagleXNt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\lgandnetndis.sys -- (andnetndis)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\lgandnetmodem.sys -- (ANDNetModem)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\lgandnetdiag.sys -- (AndNetDiag)
DRV - [2018-01-17 21:39:58 | 000,181,496 | ---- | M] (Zemana Ltd.) [Kernel | System | Running] -- C:\Windows\System32\drivers\zam32.sys -- (ZAM)
DRV - [2018-01-17 21:39:57 | 000,181,496 | ---- | M] (Zemana Ltd.) [Kernel | System | Running] -- C:\Windows\System32\drivers\zamguard32.sys -- (ZAM_Guard)
DRV - [2017-11-09 04:33:16 | 014,642,800 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2017-11-09 04:32:32 | 000,192,432 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvhda32v.sys -- (NVHDA)
DRV - [2017-08-13 23:35:45 | 000,015,872 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV - [2016-06-15 03:14:38 | 000,027,704 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys -- (NvStreamKms)
DRV - [2016-04-14 07:38:19 | 000,050,744 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvvad32v.sys -- (nvvad_WaveExtensible)
DRV - [2016-03-01 04:55:32 | 000,087,568 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\AtihdW73.sys -- (AtiHDAudioService)
DRV - [2015-04-24 09:34:04 | 016,955,392 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (amdkmdag)
DRV - [2015-04-24 09:34:04 | 000,472,576 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmpag.sys -- (amdkmdap)
DRV - [2014-05-26 21:38:43 | 000,126,472 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ESETOlmarikOlmascoCleaner.sys -- (ESETOlmarikOlmascoCleaner)
DRV - [2013-03-22 00:01:10 | 000,229,208 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\VMM.sys -- (vmm)
DRV - [2012-12-05 02:20:05 | 000,017,488 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\gdrv.sys -- (gdrv)
DRV - [2011-05-25 13:19:00 | 000,061,824 | ---- | M] (Etron Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\EtronXHCI.sys -- (EtronXHCI)
DRV - [2011-05-25 13:19:00 | 000,041,600 | ---- | M] (Etron Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\EtronHub3.sys -- (EtronHub3)
DRV - [2010-11-20 23:29:24 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010-11-20 23:29:03 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus)
DRV - [2010-11-20 23:29:03 | 000,112,640 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tsusbhub.sys -- (tsusbhub)
DRV - [2010-11-20 23:29:03 | 000,077,184 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Synth3dVsc.sys -- (Synth3dVsc)
DRV - [2010-11-20 23:29:03 | 000,062,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\dmvsc.sys -- (dmvsc)
DRV - [2010-11-20 23:29:03 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
DRV - [2010-11-20 23:29:03 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010-11-20 23:29:03 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc)
DRV - [2010-11-20 23:29:03 | 000,027,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV - [2010-11-20 23:29:03 | 000,025,600 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\terminpt.sys -- (terminpt)
DRV - [2010-11-20 23:29:03 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2010-11-20 23:29:03 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap)
DRV - [2010-09-21 19:59:02 | 000,041,088 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HECI.sys -- (MEI)
DRV - [2009-07-14 01:53:36 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\loop.sys -- (msloop)
DRV - [2009-07-14 01:45:33 | 000,083,456 | ---- | M] (Brother Industries Ltd.) [Kernel | System | Running] -- C:\Windows\System32\drivers\serial.sys -- (Serial)
DRV - [2009-03-19 02:35:40 | 000,026,176 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\hamachi.sys -- (hamachi)
DRV - [2008-05-07 02:06:00 | 000,011,520 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\wdcsam.sys -- (WDC_SAM)
DRV - [2007-01-29 06:20:34 | 000,059,280 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\VMNetSrv.sys -- (VPCNetS2)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1390296456-3514786238-1037386279-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:Tabs
IE - HKU\S-1-5-21-1390296456-3514786238-1037386279-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page_TIMESTAMP = DB AB 16 10 77 04 D2 01 [binary data]
IE - HKU\S-1-5-21-1390296456-3514786238-1037386279-1003\SOFTWARE\Microsoft\Internet Explorer\Main,SyncHomePage Protected - It is a violation of Windows Policy to modify. See aka.ms/browserpolicy = Reg Error: Value error.
IE - HKU\S-1-5-21-1390296456-3514786238-1037386279-1003\..\URLSearchHook: {0F3DC9E0-C459-4a40-BCF8-747BD9322E10} - C:\Program Files\Splashtop\Splashtop Connect IE\AddressBarSearch.dll (Splashtop Inc.)
IE - HKU\S-1-5-21-1390296456-3514786238-1037386279-1003\..\SearchScopes,DefaultScope = {70839579-320E-4763-A420-8468514E4F69}
IE - HKU\S-1-5-21-1390296456-3514786238-1037386279-1003\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTer ... 02&pc=UE10
IE - HKU\S-1-5-21-1390296456-3514786238-1037386279-1003\..\SearchScopes\{271B4DEB-E9E4-4842-86EF-B5255AAFB2F5}: "URL" = http://search.yahoo.com/search?p={searc ... ype=IEBDSV
IE - HKU\S-1-5-21-1390296456-3514786238-1037386279-1003\..\SearchScopes\{5AC76C24-D9F8-4e70-A2F7-A4C133AA872C}: "URL" = http://www.google.com/cse?cx=partner-pu ... earchTerms}
IE - HKU\S-1-5-21-1390296456-3514786238-1037386279-1003\..\SearchScopes\{70839579-320E-4763-A420-8468514E4F69}: "URL" = http://www.bing.com/search?q={searchTer ... ORM=IESR02
IE - HKU\S-1-5-21-1390296456-3514786238-1037386279-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1390296456-3514786238-1037386279-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
========== FireFox ==========
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=11.31.2: C:\Program Files\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=11.31.2: C:\Program Files\Java\jre1.8.0_31\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nexon.net/NxGame: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll (Nexon)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.33.7\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.33.7\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.1.3: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.1.5: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.2.1: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.2.4: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.2.6: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@citrixonline.com/appdetectorplugin: C:\Users\TDW\AppData\Local\Citrix\Plugins\104\npappdetector.dll (Citrix Online)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{4ED1F68A-5463-4931-9384-8FFF5ED91D92}: C:\Program Files\McAfee\SiteAdvisor
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird
[2016-08-21 10:21:59 | 000,000,000 | ---D | M] (No name found) -- C:\Users\TDW\AppData\Roaming\mozilla\Firefox\Profiles\aZyQ7RhB.default\extensions
[2016-08-21 10:22:01 | 000,000,000 | ---D | M] (Avira Browser Safety) -- C:\Users\TDW\AppData\Roaming\mozilla\Firefox\Profiles\aZyQ7RhB.default\extensions\abs@avira.com
O1 HOSTS File: ([2018-01-17 21:50:22 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (Splashtop Connect VisualBookmark) - {0E5680D1-BF44-4929-94AF-FD30D784AD1D} - C:\Program Files\Splashtop\Splashtop Connect IE\STC.dll (Splashtop Inc.)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.8.0_31\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre1.8.0_31\bin\jp2ssv.dll (Oracle Corporation)
O4 - HKLM..\Run: [bcontrol] C:\Program Files\bcontrol\Bezeq.bclient.exe ()
O4 - HKLM..\Run: [Logitech Download Assistant] C:\Windows\System32\LogiLDA.dll (Logitech, Inc.)
O4 - HKLM..\Run: [NvBackend] C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe (NVIDIA Corporation)
O4 - HKLM..\Run: [STCAgent] C:\Program Files\Splashtop\Splashtop Connect IE\STCAgent.exe (Splashtop Inc.)
O4 - HKLM..\Run: [ZAM] C:\Program Files\Zemana AntiMalware\ZAM.exe (Copyright 2017.)
O4 - HKLM..\Run: [ZyngaGamesAgent] "C:\Program Files\Splashtop\Splashtop Connect\ZyngaGamesAgent.exe" File not found
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\S-1-5-21-1390296456-3514786238-1037386279-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O15 - HKU\S-1-5-21-1390296456-3514786238-1037386279-1003\..Trusted Domains: tlush.gov.il ([]https in Trusted sites)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.138
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 8.8.8.8,8.8.8.4
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4F83BC11-E58F-45EB-9001-D6099356579E}: DhcpNameServer = 10.0.0.138
O18 - Protocol\Handler\skype4com - No CLSID value found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2012-04-06 04:29:53 | 000,000,020 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (aswBoot.exe /M:3de0a5a6 /dir:"C:\Program Files\AVAST Software\Avast")
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
========== Files/Folders - Created Within 30 Days ==========
[2018-01-17 22:12:26 | 000,000,000 | ---D | C] -- C:\rsit
[2018-01-17 21:39:58 | 000,181,496 | ---- | C] (Zemana Ltd.) -- C:\Windows\System32\drivers\zam32.sys
[2018-01-17 21:39:57 | 000,181,496 | ---- | C] (Zemana Ltd.) -- C:\Windows\System32\drivers\zamguard32.sys
[2018-01-17 21:39:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Zemana AntiMalware
[2018-01-17 21:39:56 | 000,000,000 | ---D | C] -- C:\Program Files\Zemana AntiMalware
[2018-01-17 21:39:46 | 000,000,000 | ---D | C] -- C:\Users\TDW\AppData\Local\Zemana
[2017-12-30 12:49:16 | 000,000,000 | ---D | C] -- C:\Users\TDW\AppData\Roaming\SystemProcess
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\TDW\Desktop\*.tmp files -> C:\Users\TDW\Desktop\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2018-01-18 21:11:21 | 000,370,632 | ---- | M] () -- C:\Windows\ZAM.krnl.trace
[2018-01-18 21:10:16 | 000,057,040 | ---- | M] () -- C:\Windows\ZAM_Guard.krnl.trace
[2018-01-18 20:45:15 | 000,000,512 | ---- | M] () -- C:\PhysicalMBR.bin
[2018-01-18 15:56:31 | 000,029,376 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2018-01-18 15:56:31 | 000,029,376 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2018-01-18 15:48:04 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2018-01-18 15:48:01 | 2811,682,816 | -HS- | M] () -- C:\hiberfil.sys
[2018-01-17 21:50:24 | 000,000,258 | RHS- | M] () -- C:\Users\TDW\ntuser.pol
[2018-01-17 21:50:24 | 000,000,258 | RHS- | M] () -- C:\ProgramData\ntuser.pol
[2018-01-17 21:50:22 | 000,000,824 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2018-01-17 21:39:58 | 000,181,496 | ---- | M] (Zemana Ltd.) -- C:\Windows\System32\drivers\zam32.sys
[2018-01-17 21:39:57 | 000,181,496 | ---- | M] (Zemana Ltd.) -- C:\Windows\System32\drivers\zamguard32.sys
[2018-01-17 21:39:57 | 000,001,892 | ---- | M] () -- C:\Users\Public\Desktop\Zemana AntiMalware.lnk
[2018-01-16 15:13:59 | 000,441,032 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2018-01-11 11:34:15 | 126,487,616 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MRT-KB890830.exe
[2018-01-09 18:45:02 | 000,803,328 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2018-01-09 18:45:02 | 000,144,896 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2018-01-09 08:46:08 | 000,002,123 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2018-01-01 09:39:04 | 000,000,000 | ---- | M] () -- C:\Users\TDW\Desktop\New Bitmap Image.bmp
[2017-12-30 15:48:34 | 000,002,223 | ---- | M] () -- C:\Users\TDW\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\TDW\Desktop\*.tmp files -> C:\Users\TDW\Desktop\*.tmp -> ]
========== Files Created - No Company Name ==========
[2018-01-18 20:45:15 | 000,000,512 | ---- | C] () -- C:\PhysicalMBR.bin
[2018-01-17 21:40:03 | 000,370,632 | ---- | C] () -- C:\Windows\ZAM.krnl.trace
[2018-01-17 21:40:03 | 000,057,040 | ---- | C] () -- C:\Windows\ZAM_Guard.krnl.trace
[2018-01-17 21:39:57 | 000,001,892 | ---- | C] () -- C:\Users\Public\Desktop\Zemana AntiMalware.lnk
[2018-01-16 15:13:48 | 000,441,032 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2018-01-01 09:39:04 | 000,000,000 | ---- | C] () -- C:\Users\TDW\Desktop\New Bitmap Image.bmp
[2017-12-30 15:48:34 | 000,002,223 | ---- | C] () -- C:\Users\TDW\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2017-12-30 15:48:34 | 000,002,135 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
[2017-12-30 15:48:34 | 000,002,123 | ---- | C] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2017-12-30 12:49:09 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2017-12-11 08:37:07 | 000,798,008 | ---- | C] () -- C:\Windows\System32\vulkan-1.dll
[2017-12-11 08:37:07 | 000,490,296 | ---- | C] () -- C:\Windows\System32\vulkaninfo.exe
[2017-09-14 01:20:30 | 000,798,008 | ---- | C] () -- C:\Windows\System32\vulkan-1-1-0-61-0.dll
[2017-09-14 01:20:14 | 000,490,296 | ---- | C] () -- C:\Windows\System32\vulkaninfo-1-1-0-61-0.exe
[2017-09-13 14:14:05 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2017-06-05 16:08:39 | 007,802,921 | ---- | C] () -- C:\Windows\System32\nvcoproc.bin
[2016-06-11 14:53:24 | 000,000,016 | ---- | C] () -- C:\ProgramData\mntemp
[2015-12-21 19:58:15 | 000,007,594 | ---- | C] () -- C:\Users\TDW\AppData\Local\Resmon.ResmonCfg
[2015-08-09 13:38:38 | 000,000,258 | RHS- | C] () -- C:\Users\TDW\ntuser.pol
========== ZeroAccess Check ==========
[2009-07-14 06:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2017-08-15 17:10:54 | 012,880,896 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010-11-20 23:29:20 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009-07-14 03:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
========== LOP Check ==========
[2012-12-07 04:37:39 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Splashtop
[2015-08-16 19:07:20 | 000,000,000 | ---D | M] -- C:\Users\TDW\AppData\Roaming\.minecraft
[2015-10-19 21:35:47 | 000,000,000 | ---D | M] -- C:\Users\TDW\AppData\Roaming\Axonstall
[2017-10-30 18:25:26 | 000,000,000 | ---D | M] -- C:\Users\TDW\AppData\Roaming\BControl
[2015-11-24 22:53:12 | 000,000,000 | ---D | M] -- C:\Users\TDW\AppData\Roaming\DassaultSystemes
[2017-05-16 17:01:29 | 000,000,000 | ---D | M] -- C:\Users\TDW\AppData\Roaming\discord
[2015-11-25 00:39:49 | 000,000,000 | ---D | M] -- C:\Users\TDW\AppData\Roaming\EDrawings
[2015-12-03 17:36:41 | 000,000,000 | ---D | M] -- C:\Users\TDW\AppData\Roaming\fizzy
[2015-08-09 19:21:50 | 000,000,000 | ---D | M] -- C:\Users\TDW\AppData\Roaming\java
[2015-09-30 06:36:58 | 000,000,000 | ---D | M] -- C:\Users\TDW\AppData\Roaming\LolClient
[2017-10-06 17:46:59 | 000,000,000 | ---D | M] -- C:\Users\TDW\AppData\Roaming\MapleGlobal
[2017-12-14 05:00:30 | 000,000,000 | ---D | M] -- C:\Users\TDW\AppData\Roaming\NexonLauncher
[2017-11-19 23:23:19 | 000,000,000 | ---D | M] -- C:\Users\TDW\AppData\Roaming\Opera Software
[2017-07-13 11:30:03 | 000,000,000 | ---D | M] -- C:\Users\TDW\AppData\Roaming\Python
[2016-05-21 15:31:04 | 000,000,000 | ---D | M] -- C:\Users\TDW\AppData\Roaming\Riot Games
[2015-08-09 13:38:56 | 000,000,000 | ---D | M] -- C:\Users\TDW\AppData\Roaming\Splashtop
[2016-05-31 14:04:28 | 000,000,000 | ---D | M] -- C:\Users\TDW\AppData\Roaming\steam.transformice.com
[2017-12-30 13:06:33 | 000,000,000 | ---D | M] -- C:\Users\TDW\AppData\Roaming\SystemProcess
[2015-08-06 18:54:52 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\.minecraft
[2015-07-11 20:40:26 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\ESET
[2013-01-01 01:03:45 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\fizzy
[2015-08-06 18:52:40 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\java
[2015-03-05 10:17:46 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\LibreOffice
[2013-06-17 10:02:12 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\LolClient
[2015-04-13 15:09:59 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\MiniGet
[2014-05-21 15:30:40 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\OpenOffice
[2015-04-13 15:08:10 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Opera Software
[2013-02-02 09:53:12 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Origin
[2015-06-10 17:17:39 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\PerformerSoft
[2014-08-06 14:02:20 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Riot Games
[2013-10-09 15:41:50 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\rockbox.org
[2014-12-10 20:54:09 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\SanDisk
[2012-12-04 05:21:21 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Splashtop
[2015-02-28 20:50:49 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Transformice
[2015-08-08 21:16:46 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\uTorrent
[2015-01-19 16:37:33 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Wargaming.net
========== Purity Check ==========
========== Custom Scans ==========
< >
[2009-07-14 06:53:46 | 000,032,602 | ---- | C] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2009-07-14 06:53:47 | 000,000,006 | -H-- | C] () -- C:\Windows\Tasks\SA.DAT
< >
< MD5 for: ATAPI.SYS >
[2009-07-14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\drivers\atapi.sys
[2009-07-14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_a5025d31bee4647c\atapi.sys
[2009-07-14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_fab873f3e8a3315c\atapi.sys
[2009-07-14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_df3f92057fcbe7a7\atapi.sys
[2009-07-14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7601.18231_none_df26d4d57fdef5b0\atapi.sys
[2009-07-14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7601.22414_none_dfc9143c98e9a6c4\atapi.sys
< MD5 for: AUTOCHK.EXE >
[2010-11-20 23:29:06 | 000,668,160 | ---- | M] (Microsoft Corporation) MD5=F88A52EB62019D6A62FDD9E08034DBD8 -- C:\Windows\System32\autochk.exe
[2010-11-20 23:29:06 | 000,668,160 | ---- | M] (Microsoft Corporation) MD5=F88A52EB62019D6A62FDD9E08034DBD8 -- C:\Windows\winsxs\x86_microsoft-windows-autochk_31bf3856ad364e35_6.1.7601.17514_none_e3fb573520033bfa\autochk.exe
< MD5 for: CDROM.SYS >
[2010-11-20 23:29:03 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=BE167ED0FDB9C1FA1133953C18D5A6C9 -- C:\Windows\System32\drivers\cdrom.sys
[2010-11-20 23:29:03 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=BE167ED0FDB9C1FA1133953C18D5A6C9 -- C:\Windows\System32\DriverStore\FileRepository\cdrom.inf_x86_neutral_6381e09675524225\cdrom.sys
[2010-11-20 23:29:03 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=BE167ED0FDB9C1FA1133953C18D5A6C9 -- C:\Windows\winsxs\x86_cdrom.inf_31bf3856ad364e35_6.1.7601.17514_none_61b0c5ce02098355\cdrom.sys
< MD5 for: EXPLORER.EXE >
[2010-11-20 23:29:20 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_53bc10fdd7fe87ca\explorer.exe
[2016-08-29 16:55:07 | 002,972,672 | ---- | M] (Microsoft Corporation) MD5=6DDCA324434FFA506CF7DC4E51DB7935 -- C:\Windows\explorer.exe
[2016-08-29 16:55:07 | 002,972,672 | ---- | M] (Microsoft Corporation) MD5=6DDCA324434FFA506CF7DC4E51DB7935 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.23537_none_5432df58f129e196\explorer.exe
< MD5 for: HAL.DLL >
[2010-11-20 23:29:19 | 000,194,432 | ---- | M] (Microsoft Corporation) MD5=1BF0D4727FDB437D513CFF8A9359C050 -- C:\Windows\System32\hal.dll
[2010-11-20 23:29:19 | 000,194,432 | ---- | M] (Microsoft Corporation) MD5=1BF0D4727FDB437D513CFF8A9359C050 -- C:\Windows\winsxs\x86_microsoft-windows-hal_31bf3856ad364e35_6.1.7601.17514_none_ad305c8fb7ec5060\hal.dll
< MD5 for: SCECLI.DLL >
[2010-11-20 23:29:07 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\System32\scecli.dll
[2010-11-20 23:29:07 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_3a154c47375d881d\scecli.dll
< MD5 for: SERVICES.EXE >
[2015-04-13 05:19:24 | 000,259,072 | ---- | M] (Microsoft Corporation) MD5=0780A42DBD7D9969F9BF4A19AA4285B5 -- C:\Windows\System32\services.exe
[2015-04-13 05:19:24 | 000,259,072 | ---- | M] (Microsoft Corporation) MD5=0780A42DBD7D9969F9BF4A19AA4285B5 -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7601.18829_none_d1614ac32b8ec5cf\services.exe
[2009-07-14 03:14:36 | 000,259,072 | ---- | M] (Microsoft Corporation) MD5=5F1B6A9C35D3D5CA72D6D6FDEF9747D6 -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_cf36168b2e9c967b\services.exe
[2015-04-11 05:53:55 | 000,259,072 | ---- | M] (Microsoft Corporation) MD5=97981140500E86E5BBAD7B76BA890146 -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7601.23033_none_d1d9ee0844ba1cc2\services.exe
< MD5 for: SVCHOST.EXE >
[2015-09-21 18:04:23 | 000,893,752 | ---- | M] (MalwareBytes) MD5=0692C8163852AB5674E2EB3B36131EF3 -- C:\Users\TDW\Downloads\Chameleon\Windows\svchost.exe
[2009-07-14 03:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\System32\svchost.exe
[2009-07-14 03:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe
< MD5 for: TCPIP.SYS >
[2010-11-20 23:29:20 | 001,290,112 | ---- | M] (Microsoft Corporation) MD5=37E8FA3779668837CA9E2C36D2415949 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17514_none_b5257c3dc4a85a01\tcpip.sys
[2014-04-05 04:25:01 | 001,294,272 | ---- | M] (Microsoft Corporation) MD5=5579DD18546999F5D0EC39D018726C6B -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.18438_none_b513c4dfc4b513b9\tcpip.sys
[2013-09-07 04:06:48 | 001,309,120 | ---- | M] (Microsoft Corporation) MD5=6C4F3D92764FFA22D28061A4D9235446 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.22444_none_b58e8eb0ddde6cf1\tcpip.sys
[2017-05-30 06:39:05 | 001,309,928 | ---- | M] (Microsoft Corporation) MD5=C25848DB4A86839A7EDD1077F62AD980 -- C:\Windows\System32\drivers\tcpip.sys
[2017-05-30 06:39:05 | 001,309,928 | ---- | M] (Microsoft Corporation) MD5=C25848DB4A86839A7EDD1077F62AD980 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.23821_none_b5a11e7addd0f747\tcpip.sys
[2017-04-04 17:25:44 | 001,309,928 | ---- | M] (Microsoft Corporation) MD5=C7CF3C1D1EC800230E5FE658C77FC9CA -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.23761_none_b575dce4ddf169e4\tcpip.sys
[2016-07-07 17:20:44 | 001,309,928 | ---- | M] (Microsoft Corporation) MD5=C7E41209132B9CF084CCEA8593F61328 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.23496_none_b55a68e0de0544f5\tcpip.sys
[2013-09-08 04:07:12 | 001,294,272 | ---- | M] (Microsoft Corporation) MD5=CA59F7C570AF70BC174F477CFE2D9EE3 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.18254_none_b4fa2013c4c8ebf1\tcpip.sys
[2012-10-03 18:44:01 | 001,308,040 | ---- | M] (Microsoft Corporation) MD5=D490DD0A91B4EAC3B4EE08D11EE37C31 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.22124_none_b5a428d6ddce3d9a\tcpip.sys
[2013-11-26 13:07:37 | 001,309,632 | ---- | M] (Microsoft Corporation) MD5=DC08335B30D83FB61E9EFE6FDD09D40D -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.22525_none_b5a530b8ddcd4b8d\tcpip.sys
[2012-10-03 18:58:30 | 001,293,680 | ---- | M] (Microsoft Corporation) MD5=E23A56F843E2AEBBB209D0ACCA73C640 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17964_none_b4ef7439c4d0da52\tcpip.sys
[2014-04-05 04:16:21 | 001,310,144 | ---- | M] (Microsoft Corporation) MD5=EA47AB18E289333AB94397D77CA6E3A1 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.22648_none_b59293a4dddacc9b\tcpip.sys
< MD5 for: USERINIT.EXE >
[2010-11-20 23:29:06 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\System32\userinit.exe
[2010-11-20 23:29:06 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
< MD5 for: WINLOGON.EXE >
[2015-09-21 18:04:24 | 000,893,752 | ---- | M] (MalwareBytes) MD5=0692C8163852AB5674E2EB3B36131EF3 -- C:\Users\TDW\Downloads\Chameleon\Windows\winlogon.exe
[2014-07-16 04:56:14 | 000,304,640 | ---- | M] (Microsoft Corporation) MD5=4F37B93C14AEE313BEC52A23AFB15C2E -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.22750_none_7224b2134c7555fa\winlogon.exe
[2014-07-17 03:39:27 | 000,304,128 | ---- | M] (Microsoft Corporation) MD5=52449FD429D6053B78AE564DEF303870 -- C:\Windows\System32\winlogon.exe
[2014-07-17 03:39:27 | 000,304,128 | ---- | M] (Microsoft Corporation) MD5=52449FD429D6053B78AE564DEF303870 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.18540_none_71a5e34e334f9d18\winlogon.exe
[2010-11-20 23:29:06 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_71ca6b0233339500\winlogon.exe
[2014-03-04 11:17:02 | 000,304,128 | ---- | M] (Microsoft Corporation) MD5=998507B046BA314CE8245364C686FA67 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.18409_none_71da23b23327143c\winlogon.exe
[2014-03-04 12:39:02 | 000,304,640 | ---- | M] (Microsoft Corporation) MD5=D53972F87D850CD2EB4B29B60CAFDD77 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.22616_none_7255f1994c4f8119\winlogon.exe
< >
< %systemroot%*.* /U /s >
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[11 C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\*.tmp files -> C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\*.tmp -> ]
[51 C:\Windows\Installer\*.tmp files -> C:\Windows\Installer\*.tmp -> ]
[1 C:\Windows\SoftwareDistribution\Download\61bfe288eb8e4176873cdcd21610e16d\*.tmp files -> C:\Windows\SoftwareDistribution\Download\61bfe288eb8e4176873cdcd21610e16d\*.tmp -> ]
[1 C:\Windows\SoftwareDistribution\Download\a92f8878ea38cac4505fcefd787bd88e\*.tmp files -> C:\Windows\SoftwareDistribution\Download\a92f8878ea38cac4505fcefd787bd88e\*.tmp -> ]
< %SYSTEMDRIVE%\*.exe >
< %ALLUSERSPROFILE%\Application Data\*. >
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
< %APPDATA%\*. >
[2015-08-16 19:07:20 | 000,000,000 | ---D | M] -- C:\Users\TDW\AppData\Roaming\.minecraft
[2015-08-12 13:14:47 | 000,000,000 | ---D | M] -- C:\Users\TDW\AppData\Roaming\Adobe
[2015-10-19 21:35:47 | 000,000,000 | ---D | M] -- C:\Users\TDW\AppData\Roaming\Axonstall
[2017-10-30 18:25:26 | 000,000,000 | ---D | M] -- C:\Users\TDW\AppData\Roaming\BControl
[2015-11-24 22:53:12 | 000,000,000 | ---D | M] -- C:\Users\TDW\AppData\Roaming\DassaultSystemes
[2017-05-16 17:01:29 | 000,000,000 | ---D | M] -- C:\Users\TDW\AppData\Roaming\discord
[2015-08-17 09:17:38 | 000,000,000 | ---D | M] -- C:\Users\TDW\AppData\Roaming\dvdcss
[2015-11-25 00:39:49 | 000,000,000 | ---D | M] -- C:\Users\TDW\AppData\Roaming\EDrawings
[2015-12-03 17:36:41 | 000,000,000 | ---D | M] -- C:\Users\TDW\AppData\Roaming\fizzy
[2015-08-09 13:38:44 | 000,000,000 | ---D | M] -- C:\Users\TDW\AppData\Roaming\Identities
[2015-08-09 19:21:50 | 000,000,000 | ---D | M] -- C:\Users\TDW\AppData\Roaming\java
[2015-09-30 06:36:58 | 000,000,000 | ---D | M] -- C:\Users\TDW\AppData\Roaming\LolClient
[2013-01-04 04:26:01 | 000,000,000 | ---D | M] -- C:\Users\TDW\AppData\Roaming\Macromedia
[2017-10-06 17:46:59 | 000,000,000 | ---D | M] -- C:\Users\TDW\AppData\Roaming\MapleGlobal
[2010-11-21 02:46:50 | 000,000,000 | ---D | M] -- C:\Users\TDW\AppData\Roaming\Media Center Programs
[2016-08-09 18:44:13 | 000,000,000 | --SD | M] -- C:\Users\TDW\AppData\Roaming\Microsoft
[2016-08-21 10:21:59 | 000,000,000 | ---D | M] -- C:\Users\TDW\AppData\Roaming\Mozilla
[2017-12-14 05:00:30 | 000,000,000 | ---D | M] -- C:\Users\TDW\AppData\Roaming\NexonLauncher
[2017-06-08 11:41:35 | 000,000,000 | ---D | M] -- C:\Users\TDW\AppData\Roaming\NVIDIA
[2017-11-19 23:23:19 | 000,000,000 | ---D | M] -- C:\Users\TDW\AppData\Roaming\Opera Software
[2017-07-13 11:30:03 | 000,000,000 | ---D | M] -- C:\Users\TDW\AppData\Roaming\Python
[2016-05-21 15:31:04 | 000,000,000 | ---D | M] -- C:\Users\TDW\AppData\Roaming\Riot Games
[2017-09-25 16:17:02 | 000,000,000 | ---D | M] -- C:\Users\TDW\AppData\Roaming\Skype
[2015-11-30 22:15:29 | 000,000,000 | ---D | M] -- C:\Users\TDW\AppData\Roaming\SOLIDWORKS
[2015-11-30 22:15:29 | 000,000,000 | ---D | M] -- C:\Users\TDW\AppData\Roaming\SolidWorks 2014
[2015-08-09 13:38:56 | 000,000,000 | ---D | M] -- C:\Users\TDW\AppData\Roaming\Splashtop
[2016-05-31 14:04:28 | 000,000,000 | ---D | M] -- C:\Users\TDW\AppData\Roaming\steam.transformice.com
[2017-12-30 13:06:33 | 000,000,000 | ---D | M] -- C:\Users\TDW\AppData\Roaming\SystemProcess
[2018-01-17 18:30:57 | 000,000,000 | ---D | M] -- C:\Users\TDW\AppData\Roaming\vlc
[2015-09-29 16:53:34 | 000,000,000 | ---D | M] -- C:\Users\TDW\AppData\Roaming\WinRAR
< %APPDATA%\*.exe /s >
[2015-06-18 10:40:22 | 000,015,360 | ---- | M] () -- C:\Users\TDW\AppData\Roaming\Axonstall\AxProtector.exe
[2012-09-06 01:04:02 | 000,445,352 | ---- | M] (wyDay) -- C:\Users\TDW\AppData\Roaming\Axonstall\wyUpdate.exe
< %systemroot%\*. /mp /s >
< %systemroot%\system32\*.dll /lockedfiles >
< %systemroot%\Tasks\*.job >
< %systemroot%\system32\drivers\*.sys /lockedfiles >
< %systemroot%\System32\config\*.sav >
< %systemroot%\system32\*.dll /lockedfiles >
< %systemroot%\system32\drivers\*.sys /3 >
[2018-01-17 21:39:58 | 000,181,496 | ---- | M] (Zemana Ltd.) -- C:\Windows\system32\drivers\zam32.sys
[2018-01-17 21:39:57 | 000,181,496 | ---- | M] (Zemana Ltd.) -- C:\Windows\system32\drivers\zamguard32.sys
< %systemroot%\system32\*.* /3 >
[2018-01-18 15:56:31 | 000,029,376 | -H-- | M] () -- C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2018-01-18 15:56:31 | 000,029,376 | -H-- | M] () -- C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2018-01-16 15:13:59 | 000,441,032 | ---- | M] () -- C:\Windows\system32\FNTCACHE.DAT
[2018-01-18 15:50:42 | 000,000,018 | ---- | M] () -- C:\Windows\system32\log.txt
< %SYSTEMDRIVE%\*.exe >
< >
< HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s >
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\Speedup DelayLoad]
< >
< %PROGRAMFILES%\Mozilla Firefox\firefox.exe /md5 >
< %PROGRAMFILES%\Internet Explorer\iexplore.exe /md5 >
[2017-11-15 02:36:38 | 000,815,296 | ---- | M] (Microsoft Corporation) MD5=9CA63C9D164E8095AB2E77D7320F1141 -- C:\Program Files\Internet Explorer\iexplore.exe
< %PROGRAMFILES%\Opera\opera.exe /md5 >
< %PROGRAMFILES%\Google\Chrome\Application\chrome.exe /md5 >
[2018-01-03 10:56:48 | 001,367,384 | ---- | M] (Google Inc.) MD5=CD10AA3AE31F69F64BD6D6F20AFF89DE -- C:\Program Files\Google\Chrome\Application\chrome.exe
< >
< %SystemDrive%\PhysicalMBR.bin /md5 >
[2018-01-18 20:45:15 | 000,000,512 | ---- | M] () MD5=1D7A138FAE50D8FB8D691F67E343D1A2 -- C:\PhysicalMBR.bin
< >
< *crack* /s >
< *keygen* /s >
< *loader* /s >
[2017-12-08 23:44:28 | 000,018,343 | ---- | M] () -- \Nexon\Nexon Launcher\bin\modules\m_loader.pyc
[2018-01-05 23:19:18 | 000,017,972 | ---- | M] () -- \Nexon\Nexon Launcher\bin\modules\apps\contenttools\downloader.pyc
[2018-01-05 01:52:16 | 000,018,032 | ---- | M] () -- \Nexon\Nexon Launcher\bin\modules\apps\contenttools\__pycache__\downloader.cpython-34.pyc
[2017-12-06 22:23:47 | 000,018,624 | ---- | M] () -- \Nexon\Nexon Launcher\bin\nexon_client\api-ms-win-core-libraryloader-l1-1-0.dll
[2009-05-23 12:38:52 | 000,061,952 | ---- | M] () -- \Program Files\Common Files\microsoft shared\VS7Debug\coloader80.dll
[2009-05-23 07:27:34 | 000,004,608 | ---- | M] () -- \Program Files\Common Files\microsoft shared\VS7Debug\coloader80.tlb
[2014-09-03 00:27:24 | 000,268,432 | ---- | M] () -- \Program Files\Common Files\microsoft shared\VSTO\10.0\VSTOLoader.dll
[2014-09-03 00:27:24 | 000,019,096 | ---- | M] () -- \Program Files\Common Files\microsoft shared\VSTO\10.0\1033\VSTOLoaderUI.dll
[2013-03-09 03:48:16 | 000,017,544 | ---- | M] () -- \Program Files\Common Files\microsoft shared\VSTO\10.0\1037\VSTOLoaderUI.dll
[2015-03-06 12:25:14 | 004,249,592 | ---- | M] () -- \Program Files\Common Files\SOLIDWORKS Installation Manager\23.0\sldimdownloader.exe
[2017-11-09 04:24:50 | 000,440,856 | ---- | M] () -- \Program Files\NVIDIA Corporation\Installer2\Display.Driver.{BD85D817-43F8-479A-ADC6-78A0A6812C9E}\nvfatbinaryloader32.dl_
[2015-08-25 20:35:19 | 000,057,592 | R--- | M] () -- \Program Files\NVIDIA Corporation\Installer2\Display.PhysX.{1E39CD98-859B-4E79-8B0C-E920EF450F69}\files\Common\PhysXLoader.dll
[2015-08-25 20:35:19 | 000,065,784 | R--- | M] () -- \Program Files\NVIDIA Corporation\Installer2\Display.PhysX.{1E39CD98-859B-4E79-8B0C-E920EF450F69}\files\Common\PhysXLoader64.dll
[2015-08-25 20:35:19 | 000,073,976 | R--- | M] () -- \Program Files\NVIDIA Corporation\Installer2\Display.PhysX.{1E39CD98-859B-4E79-8B0C-E920EF450F69}\files\Common\PhysXUpdateLoader.dll
[2015-08-25 20:35:19 | 000,090,872 | R--- | M] () -- \Program Files\NVIDIA Corporation\Installer2\Display.PhysX.{1E39CD98-859B-4E79-8B0C-E920EF450F69}\files\Common\PhysXUpdateLoader64.dll
[2015-08-25 20:35:19 | 000,057,592 | R--- | M] () -- \Program Files\NVIDIA Corporation\PhysX\Common\PhysXLoader.dll
[2015-08-25 20:35:19 | 000,073,976 | R--- | M] () -- \Program Files\NVIDIA Corporation\PhysX\Common\PhysXUpdateLoader.dll
[2017-04-07 10:26:34 | 000,018,624 | ---- | M] () -- \Riot Games\League of Legends\api-ms-win-core-libraryloader-l1-1-0.dll
[2017-04-07 10:26:34 | 000,018,624 | ---- | M] () -- \Riot Games\League of Legends\RADS\projects\league_client\releases\0.0.0.118\deploy\api-ms-win-core-libraryloader-l1-1-0.dll
[2017-04-07 10:26:34 | 000,018,624 | ---- | M] () -- \Riot Games\League of Legends\RADS\projects\league_client\releases\0.0.0.119\deploy\api-ms-win-core-libraryloader-l1-1-0.dll
[2017-12-05 14:28:50 | 000,018,624 | ---- | M] () -- \Riot Games\PBE\PBE\api-ms-win-core-libraryloader-l1-1-0.dll
[2017-12-05 14:28:50 | 000,018,624 | ---- | M] () -- \Riot Games\PBE\PBE\RADS\projects\league_client\releases\0.0.1.110\deploy\api-ms-win-core-libraryloader-l1-1-0.dll
[2017-12-05 14:28:50 | 000,018,624 | ---- | M] () -- \Riot Games\PBE\PBE\RADS\projects\league_client\releases\0.0.1.111\deploy\api-ms-win-core-libraryloader-l1-1-0.dll
[2017-10-14 21:24:37 | 000,018,624 | ---- | M] () -- \Riot Games\PBE\PBE\RADS\projects\league_client\releases\0.0.1.66\deploy\api-ms-win-core-libraryloader-l1-1-0.dll
[2017-10-14 21:24:37 | 000,018,624 | ---- | M] () -- \Riot Games\PBE\PBE\RADS\projects\league_client\releases\0.0.1.89\deploy\api-ms-win-core-libraryloader-l1-1-0.dll
[2017-10-14 21:24:37 | 000,018,624 | ---- | M] () -- \Riot Games\PBE\PBE\RADS\projects\league_client\releases\0.0.1.90\deploy\api-ms-win-core-libraryloader-l1-1-0.dll
[2015-11-24 21:59:04 | 000,001,100 | ---- | M] () -- \Users\TDW\AppData\Roaming\SOLIDWORKS\Installation Logs\2014 SP2.0\Other Logs\IMDownloaderVersion.xml
[2015-11-24 22:40:44 | 002,462,436 | ---- | M] () -- \Users\TDW\AppData\Roaming\SOLIDWORKS\Installation Logs\2014 SP2.0\Other Logs\sldIMDownloaderLog_00001.txt
[2015-11-24 20:04:17 | 000,001,100 | ---- | M] () -- \Users\TDW\AppData\Roaming\SOLIDWORKS\Installation Logs\2015 SP2.1\Other Logs\IMDownloaderVersion.xml
[2015-11-24 21:25:29 | 008,197,446 | ---- | M] () -- \Users\TDW\AppData\Roaming\SOLIDWORKS\Installation Logs\2015 SP2.1\Other Logs\sldIMDownloaderLog_00001.txt
[2015-11-24 20:04:19 | 000,001,612 | ---- | M] () -- \Users\TDW\AppData\Roaming\SOLIDWORKS\Installation Logs\Misc Logs\sldIMDownloaderLog_00001.txt
[2015-11-24 20:05:51 | 000,002,444 | ---- | M] () -- \Users\TDW\AppData\Roaming\SOLIDWORKS\Installation Logs\Misc Logs\sldIMDownloaderLog_00002.txt
[2015-11-24 21:59:07 | 000,001,612 | ---- | M] () -- \Users\TDW\AppData\Roaming\SOLIDWORKS\Installation Logs\Misc Logs\sldIMDownloaderLog_00003.txt
[2015-11-24 22:10:06 | 000,002,446 | ---- | M] () -- \Users\TDW\AppData\Roaming\SOLIDWORKS\Installation Logs\Misc Logs\sldIMDownloaderLog_00004.txt
[2016-03-22 21:58:45 | 000,001,600 | ---- | M] () -- \Users\TDW\AppData\Roaming\SOLIDWORKS\Installation Logs\Misc Logs\sldIMDownloaderLog_00005.txt
[2015-06-05 19:08:42 | 000,072,638 | ---- | M] () -- \Users\user\AppData\Local\Skype\Apps\login\images\loader.gif
[2015-06-05 19:08:42 | 000,003,032 | ---- | M] () -- \Users\user\AppData\Local\Skype\Apps\login\images\loader.png
[2015-06-05 19:08:42 | 000,006,012 | ---- | M] () -- \Users\user\AppData\Local\Skype\Apps\login\images\normal\loader_15fps.gif
[2015-06-05 19:08:42 | 000,021,956 | ---- | M] () -- \Users\user\AppData\Local\Skype\Apps\login\images\normal\loader_30fps.gif
[2015-06-05 19:08:42 | 000,009,772 | ---- | M] () -- \Users\user\AppData\Local\Skype\Apps\login\images\retina\loader@2x.png
[2012-11-19 22:13:34 | 000,000,847 | ---- | M] () -- \Users\user\AppData\Roaming\Mozilla\Firefox\extensions\{b6ac5e3c-5ceb-4e72-b451-f0e1ba983c14}\chrome\CT3225826\content\tb\al\ac\img\ajax-loader.gif
[2012-11-19 22:13:34 | 000,001,135 | ---- | M] () -- \Users\user\AppData\Roaming\Mozilla\Firefox\extensions\{b6ac5e3c-5ceb-4e72-b451-f0e1ba983c14}\chrome\CT3225826\content\tb\al\ac\img\loader-icon.png
[2012-11-19 22:13:34 | 000,003,208 | ---- | M] () -- \Users\user\AppData\Roaming\Mozilla\Firefox\extensions\{b6ac5e3c-5ceb-4e72-b451-f0e1ba983c14}\chrome\CT3225826\content\tb\al\ui\gf\img\loader.gif
[2012-11-19 22:13:34 | 000,001,849 | ---- | M] () -- \Users\user\AppData\Roaming\Mozilla\Firefox\extensions\{b6ac5e3c-5ceb-4e72-b451-f0e1ba983c14}\chrome\CT3225826\content\tb\al\wa\TWITTER\resources\ajax-loader.gif
[2013-04-11 17:54:38 | 000,197,614 | ---- | M] () -- \Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\extensions\ftdownloader3@ftdownloader.com.xpi
[2012-12-13 22:29:00 | 000,199,445 | ---- | M] () -- \Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\extensions\movie2kdownloader@movie2kdownloader.com.xpi
[2013-03-09 08:17:04 | 000,019,080 | R--- | M] () -- \Windows\Installer\$PatchCache$\Managed\00004109110000000000000000F01FEC\14.0.4763\FL_VSTOLoaderUI_dll_x86_ln.3643236F_FC70_11D3_A536_0090278A1BB8
[2010-03-25 06:12:34 | 000,018,264 | R--- | M] () -- \Windows\Installer\$PatchCache$\Managed\00004109110000000000000000F01FEC\14.0.4763\FL_VSTOLoaderUI_dll_x86_ln.3643236F_FC70_11D3_A536_0090278A1BB8.923C1899_09AE_418B_B39D_A7A9EB6A7951
[2013-03-09 08:17:04 | 000,268,440 | R--- | M] () -- \Windows\Installer\$PatchCache$\Managed\00004109110000000000000000F01FEC\14.0.4763\VSTOLoader_dll_x86.3643236F_FC70_11D3_A536_0090278A1BB8
[2010-03-25 06:12:34 | 000,249,680 | R--- | M] () -- \Windows\Installer\$PatchCache$\Managed\00004109110000000000000000F01FEC\14.0.4763\VSTOLoader_dll_x86.3643236F_FC70_11D3_A536_0090278A1BB8.923C1899_09AE_418B_B39D_A7A9EB6A7951
[2009-10-22 23:15:32 | 000,016,712 | R--- | M] () -- \Windows\Installer\$PatchCache$\Managed\00004109E600D0400000000000F01FEC\14.0.4763\FL_VSTOLoaderUI_dll_122707_122707_x86_heb.3643236F_FC70_11D3_A536_0090278A1BB8.5326715A_77CF_482B_8CA0_13476898242B
[2005-09-23 04:24:22 | 000,061,440 | R--- | M] () -- \Windows\Installer\$PatchCache$\Managed\69AE184D3132C7A489EE17D0A18F48CA\8.0.50727\FL_coloader80_dll_128691_____X86.3643236F_FC70_11D3_A536_0090278A1BB8
[2005-09-22 23:23:44 | 000,004,608 | R--- | M] () -- \Windows\Installer\$PatchCache$\Managed\69AE184D3132C7A489EE17D0A18F48CA\8.0.50727\FL_coloader80_tlb_128927_____X86.3643236F_FC70_11D3_A536_0090278A1BB8
[2017-08-11 08:19:29 | 000,003,584 | -H-- | M] () -- \Windows\System32\api-ms-win-core-libraryloader-l1-1-0.dll
[2009-07-14 03:15:12 | 000,038,400 | ---- | M] () -- \Windows\System32\dmloader.dll
[2017-11-09 04:24:50 | 000,902,312 | ---- | M] () -- \Windows\System32\nvfatbinaryLoader.dll
[2017-11-09 04:24:50 | 000,902,312 | ---- | M] () -- \Windows\System32\DriverStore\FileRepository\nv_ref_pubwu.inf_x86_neutral_8ac97f5c7e8c9343\nvfatbinaryLoader32.dll
[2015-04-13 15:10:05 | 000,003,566 | ---- | M] () -- \Windows\System32\Tasks\YTDownloader
[2015-04-13 15:10:00 | 000,003,888 | ---- | M] () -- \Windows\System32\Tasks\YTDownloaderUpd
[2009-07-14 06:54:01 | 000,003,532 | ---- | M] () -- \Windows\System32\Tasks\Microsoft\Windows\WindowsColorSystem\Calibration Loader
[2017-10-12 02:12:35 | 000,002,883 | ---- | M] () -- \Windows\winsxs\Backup\x86_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7601.23915_en-us_792a99285b62d356.manifest
[2017-10-12 02:12:35 | 000,033,000 | ---- | M] () -- \Windows\winsxs\Backup\x86_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7601.23915_en-us_792a99285b62d356_winload.exe.mui_3bc5b827
[2017-10-12 02:12:35 | 000,029,928 | ---- | M] () -- \Windows\winsxs\Backup\x86_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7601.23915_en-us_792a99285b62d356_winresume.exe.mui_ff8b5358
[2017-10-12 02:12:35 | 000,004,224 | ---- | M] () -- \Windows\winsxs\Backup\x86_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7601.23915_none_5db89954e405dd2b.manifest
[2017-10-12 02:12:35 | 000,534,600 | ---- | M] () -- \Windows\winsxs\Backup\x86_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7601.23915_none_5db89954e405dd2b_winload.exe_75835076
[2017-10-12 02:12:35 | 000,470,704 | ---- | M] () -- \Windows\winsxs\Backup\x86_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7601.23915_none_5db89954e405dd2b_winresume.exe_85cd1215
[2009-07-14 04:17:38 | 000,002,894 | ---- | M] () -- \Windows\winsxs\Backup\x86_microsoft-windows-s..ive-blackbox-loader_31bf3856ad364e35_6.1.7600.16385_none_6b097e5cb26f7a23.manifest
[2009-07-14 04:17:38 | 000,017,472 | ---- | M] () -- \Windows\winsxs\Backup\x86_microsoft-windows-s..ive-blackbox-loader_31bf3856ad364e35_6.1.7600.16385_none_6b097e5cb26f7a23_spldr.sys_98bd87a0
[2015-05-13 21:06:00 | 000,000,612 | ---- | M] () -- \Windows\winsxs\FileMaps\programdata_microsoft_diagnosis_asimovuploader_0413bca0c3dfdda4.cdf-ms
[2010-11-21 02:37:59 | 000,002,883 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7600.16385_en-us_766f102945576be4.manifest
[2015-02-03 05:16:42 | 000,002,883 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7601.18741_en-us_787ca05342610b3b.manifest
[2015-01-16 08:23:55 | 000,002,777 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7601.22923_en-us_791ddf705b6ca2f8.manifest
[2015-02-03 05:36:49 | 000,002,883 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7601.22948_en-us_790d410a5b78598d.manifest
[2015-04-27 21:04:39 | 000,002,883 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7601.23040_en-us_790516dc5b7fc217.manifest
[2015-05-25 20:11:24 | 000,002,883 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7601.23072_en-us_78e6a7ac5b964898.manifest
[2015-07-15 05:04:54 | 000,002,883 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7601.23126_en-us_7920ba565b6a1f66.manifest
[2015-07-15 19:54:31 | 000,002,883 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7601.23136_en-us_7915ea6a5b723b57.manifest
[2015-07-23 02:02:46 | 000,002,883 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7601.23142_en-us_790719565b7df1ec.manifest
[2016-01-22 08:11:44 | 000,002,883 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7601.23338_en-us_7917eeca5b706853.manifest
[2016-03-16 20:35:36 | 000,002,883 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7601.23391_en-us_78d00d3c5ba75e98.manifest
[2016-03-18 00:34:51 | 000,002,883 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7601.23392_en-us_78d10d865ba677ef.manifest
[2016-04-09 09:00:21 | 000,002,883 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7601.23418_en-us_792d90885b602d98.manifest
[2016-09-02 17:23:56 | 000,002,883 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7601.23539_en-us_7918f2e05b6f7bf8.manifest
[2016-09-09 20:06:27 | 000,002,883 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7601.23543_en-us_790821385b7cffdf.manifest
[2016-10-07 17:19:33 | 000,002,883 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7601.23569_en-us_78f8831c5b87cfcb.manifest
[2016-10-11 17:27:06 | 000,002,883 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7601.23572_en-us_78e6b12a5b963a5b.manifest
[2017-02-09 18:21:34 | 000,002,883 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7601.23677_en-us_78ebb4825b91b635.manifest
[2017-03-08 06:29:37 | 000,002,883 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7601.23714_en-us_792995125b63bfb1.manifest
[2017-04-28 02:38:59 | 000,002,883 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7601.23796_en-us_78d516465ba2d1e7.manifest
[2017-05-12 20:08:53 | 000,002,883 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7601.23807_en-us_793767c25b58ecec.manifest
[2017-07-07 17:16:58 | 000,002,883 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7601.23864_en-us_78f3875c5b8c488d.manifest
[2017-08-11 08:25:37 | 000,002,883 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7601.23889_en-us_78e2e8f65b97ff22.manifest
[2017-09-13 17:15:03 | 000,002,883 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7601.23915_en-us_792a99285b62d356.manifest
[2010-11-20 23:23:54 | 000,004,225 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7601.17514_none_5d2e241dcae8f953.manifest
[2015-02-03 05:32:58 | 000,004,224 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7601.18741_none_5d0aa07fcb041510.manifest
[2015-01-14 08:45:13 | 000,004,224 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7601.22923_none_5dabdf9ce40faccd.manifest
[2015-02-03 05:54:42 | 000,004,224 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7601.22948_none_5d9b4136e41b6362.manifest
[2015-04-27 21:17:27 | 000,004,224 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7601.23040_none_5d931708e422cbec.manifest
[2015-05-25 20:35:55 | 000,004,224 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7601.23072_none_5d74a7d8e439526d.manifest
[2015-07-15 05:25:32 | 000,004,224 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7601.23126_none_5daeba82e40d293b.manifest
[2015-07-15 20:16:39 | 000,004,224 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7601.23136_none_5da3ea96e415452c.manifest
[2015-07-23 02:23:37 | 000,004,224 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7601.23142_none_5d951982e420fbc1.manifest
[2016-01-22 08:39:54 | 000,004,224 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7601.23338_none_5da5eef6e4137228.manifest
[2016-03-16 21:02:45 | 000,004,224 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7601.23391_none_5d5e0d68e44a686d.manifest
[2016-03-18 00:51:44 | 000,004,224 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7601.23392_none_5d5f0db2e44981c4.manifest
[2016-04-09 09:16:41 | 000,004,224 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7601.23418_none_5dbb90b4e403376d.manifest
[2016-09-02 17:45:24 | 000,004,224 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7601.23539_none_5da6f30ce41285cd.manifest
[2016-09-09 20:18:49 | 000,004,224 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7601.23543_none_5d962164e42009b4.manifest
[2016-10-07 17:40:58 | 000,004,224 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7601.23569_none_5d868348e42ad9a0.manifest
[2016-10-11 17:48:17 | 000,004,224 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7601.23572_none_5d74b156e4394430.manifest
[2017-02-09 18:43:12 | 000,004,224 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7601.23677_none_5d79b4aee434c00a.manifest
[2017-03-08 06:50:24 | 000,004,224 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7601.23714_none_5db7953ee406c986.manifest
[2017-04-28 02:55:42 | 000,004,224 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7601.23796_none_5d631672e445dbbc.manifest
[2017-05-12 20:30:22 | 000,004,224 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7601.23807_none_5dc567eee3fbf6c1.manifest
[2017-07-07 17:29:10 | 000,004,224 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7601.23864_none_5d818788e42f5262.manifest
[2017-08-11 08:47:12 | 000,004,224 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7601.23889_none_5d70e922e43b08f7.manifest
[2017-09-13 17:37:34 | 000,004,224 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7601.23915_none_5db89954e405dd2b.manifest
[2009-07-14 03:52:31 | 000,002,894 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-s..ive-blackbox-loader_31bf3856ad364e35_6.1.7600.16385_none_6b097e5cb26f7a23.manifest
[2009-07-14 03:15:12 | 000,038,400 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-audio-dmusic_31bf3856ad364e35_6.1.7600.16385_none_45ca7214f0f664cb\dmloader.dll
[2009-07-14 03:03:49 | 000,003,584 | -H-- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7600.16385_none_0a884619dd2388ad\api-ms-win-core-libraryloader-l1-1-0.dll
[2012-11-30 06:45:15 | 000,003,584 | -H-- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.18015_none_0cba39e5da114d7c\api-ms-win-core-libraryloader-l1-1-0.dll
[2013-08-02 03:48:15 | 000,003,584 | -H-- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.18229_none_0cb36eedda15c917\api-ms-win-core-libraryloader-l1-1-0.dll
[2016-01-22 07:59:07 | 000,003,584 | -H-- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.19135_none_0ca4852bda219c26\api-ms-win-core-libraryloader-l1-1-0.dll
[2012-11-30 06:46:37 | 000,003,584 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.22177_none_0d04f7bcf35dc79a\api-ms-win-core-libraryloader-l1-1-0.dll
[2014-04-12 04:03:37 | 000,003,584 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.22653_none_0d169feaf3511c1f\api-ms-win-core-libraryloader-l1-1-0.dll
[2016-01-22 07:58:11 | 000,003,584 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.23338_none_0d3124baf33c851c\api-ms-win-core-libraryloader-l1-1-0.dll
[2016-03-16 20:23:40 | 000,003,584 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.23391_none_0ce9432cf3737b61\api-ms-win-core-libraryloader-l1-1-0.dll
[2016-03-18 00:24:26 | 000,003,584 | -H-- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.23392_none_0cea4376f37294b8\api-ms-win-core-libraryloader-l1-1-0.dll
[2017-03-08 06:21:54 | 000,003,584 | -H-- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.23714_none_0d42cb02f32fdc7a\api-ms-win-core-libraryloader-l1-1-0.dll
[2017-04-17 17:12:13 | 000,003,584 | -H-- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.23775_none_0d02ebc4f35f9d77\api-ms-win-core-libraryloader-l1-1-0.dll
[2017-08-11 08:19:29 | 000,003,584 | -H-- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.23889_none_0cfc1ee6f3641beb\api-ms-win-core-libraryloader-l1-1-0.dll
========== Files - Unicode (All) ==========
[2018-01-18 18:23:29 | 000,013,606 | ---- | M] ()(C:\Users\TDW\Desktop\????.docx) -- C:\Users\TDW\Desktop\מפרט.docx
[2018-01-18 18:23:22 | 000,049,931 | ---- | M] ()(C:\Users\TDW\Desktop\????.pdf) -- C:\Users\TDW\Desktop\מפרט.pdf
[2018-01-18 18:23:22 | 000,049,931 | ---- | C] ()(C:\Users\TDW\Desktop\????.pdf) -- C:\Users\TDW\Desktop\מפרט.pdf
[2018-01-18 18:18:05 | 000,013,606 | ---- | C] ()(C:\Users\TDW\Desktop\????.docx) -- C:\Users\TDW\Desktop\מפרט.docx
[2018-01-09 13:03:33 | 000,027,301 | ---- | M] ()(C:\Users\TDW\Desktop\???? ???? ?????.docx) -- C:\Users\TDW\Desktop\חומר מסכם למבחן.docx
[2018-01-09 13:03:24 | 000,348,344 | ---- | M] ()(C:\Users\TDW\Desktop\????? ?????.pdf) -- C:\Users\TDW\Desktop\סיכום למבחן.pdf
[2018-01-09 12:55:06 | 000,348,344 | ---- | C] ()(C:\Users\TDW\Desktop\????? ?????.pdf) -- C:\Users\TDW\Desktop\סיכום למבחן.pdf
[2017-12-24 14:26:08 | 000,027,301 | ---- | C] ()(C:\Users\TDW\Desktop\???? ???? ?????.docx) -- C:\Users\TDW\Desktop\חומר מסכם למבחן.docx
[2017-09-28 17:14:51 | 000,019,160 | ---- | M] ()(C:\Users\TDW\Desktop\???? ??? ?????? ???? ???.docx) -- C:\Users\TDW\Desktop\השלב הבא בפתיחת מרכז הלב.docx
[2017-09-28 17:14:50 | 000,019,160 | ---- | C] ()(C:\Users\TDW\Desktop\???? ??? ?????? ???? ???.docx) -- C:\Users\TDW\Desktop\השלב הבא בפתיחת מרכז הלב.docx
[2017-09-25 17:20:56 | 000,309,323 | ---- | M] ()(C:\Users\TDW\Desktop\???????.pdf) -- C:\Users\TDW\Desktop\השתלמות.pdf
[2017-09-25 17:20:56 | 000,309,323 | ---- | C] ()(C:\Users\TDW\Desktop\???????.pdf) -- C:\Users\TDW\Desktop\השתלמות.pdf
[2017-09-25 17:19:08 | 000,351,750 | ---- | C] ()(C:\Users\TDW\Desktop\??? ??????? ??? ??? ?????? ???.pdf) -- C:\Users\TDW\Desktop\דוח אלטשולר שחם גמל ופנסיה בעמ.pdf
[2017-09-25 17:19:03 | 000,351,750 | ---- | M] ()(C:\Users\TDW\Desktop\??? ??????? ??? ??? ?????? ???.pdf) -- C:\Users\TDW\Desktop\דוח אלטשולר שחם גמל ופנסיה בעמ.pdf
[2017-07-30 22:59:51 | 000,013,286 | ---- | M] ()(C:\Users\TDW\Documents\???? ???.docx) -- C:\Users\TDW\Documents\מבחן גמר.docx
[2017-07-30 22:59:50 | 000,013,286 | ---- | C] ()(C:\Users\TDW\Documents\???? ???.docx) -- C:\Users\TDW\Documents\מבחן גמר.docx
[2017-07-30 21:06:49 | 000,050,948 | ---- | M] ()(C:\Users\TDW\Desktop\???? ??? - ??? ?????, ?????? ?? ?????.docx) -- C:\Users\TDW\Desktop\מבחן גמר - העת החדשה, תולדות עם ישראל.docx
[2017-07-24 13:52:29 | 000,050,948 | ---- | C] ()(C:\Users\TDW\Desktop\???? ??? - ??? ?????, ?????? ?? ?????.docx) -- C:\Users\TDW\Desktop\מבחן גמר - העת החדשה, תולדות עם ישראל.docx
[2017-07-18 22:33:18 | 000,000,092 | ---- | M] ()(C:\Users\TDW\Desktop\?????? ??????.txt) -- C:\Users\TDW\Desktop\מקורות להדפסה.txt
[2017-07-18 22:33:04 | 000,000,092 | ---- | C] ()(C:\Users\TDW\Desktop\?????? ??????.txt) -- C:\Users\TDW\Desktop\מקורות להדפסה.txt
[2017-06-25 20:39:59 | 000,056,673 | ---- | M] ()(C:\Users\TDW\Desktop\???? - ????? ??? - ????? ??????? ?????.docx) -- C:\Users\TDW\Desktop\המשך - עבודת גמר - יהדות בולגריה בשואה.docx
[2017-06-19 20:35:57 | 000,094,355 | ---- | M] ()(C:\Users\TDW\Desktop\????? ?????????? - ??? ??? ?? ????.docx) -- C:\Users\TDW\Desktop\עבודה סמינריונית - רבי דוד בן חסין.docx
[2017-06-19 20:34:55 | 000,094,398 | ---- | M] ()(C:\Users\TDW\Desktop\???? ???-????, ????? ??????????-???? ????? ?? ??? ??? ?? ????.docx) -- C:\Users\TDW\Desktop\מלכה כהן-נהרי, עבודה סמינריונית-שירי חתונה של רבי דוד בן חסין.docx
[2017-06-19 20:34:54 | 000,094,398 | ---- | C] ()(C:\Users\TDW\Desktop\???? ???-????, ????? ??????????-???? ????? ?? ??? ??? ?? ????.docx) -- C:\Users\TDW\Desktop\מלכה כהן-נהרי, עבודה סמינריונית-שירי חתונה של רבי דוד בן חסין.docx
[2017-06-15 11:36:52 | 000,042,417 | ---- | M] ()(C:\Users\TDW\Desktop\????? ????? ?? ??? - ???????? ???? ?????.docx) -- C:\Users\TDW\Desktop\תיקון ראשון של אתי - סמינריון שירי חתונה.docx
[2017-06-15 11:36:51 | 000,042,417 | ---- | C] ()(C:\Users\TDW\Desktop\????? ????? ?? ??? - ???????? ???? ?????.docx) -- C:\Users\TDW\Desktop\תיקון ראשון של אתי - סמינריון שירי חתונה.docx
[2017-06-14 11:59:21 | 000,000,162 | -H-- | M] ()(C:\Users\TDW\Desktop\~$??? ?????????? - ??? ??? ?? ????.docx) -- C:\Users\TDW\Desktop\~$ודה סמינריונית - רבי דוד בן חסין.docx
[2017-06-14 11:59:21 | 000,000,162 | -H-- | C] ()(C:\Users\TDW\Desktop\~$??? ?????????? - ??? ??? ?? ????.docx) -- C:\Users\TDW\Desktop\~$ודה סמינריונית - רבי דוד בן חסין.docx
[2017-06-12 10:02:00 | 000,094,355 | ---- | C] ()(C:\Users\TDW\Desktop\????? ?????????? - ??? ??? ?? ????.docx) -- C:\Users\TDW\Desktop\עבודה סמינריונית - רבי דוד בן חסין.docx
[2017-05-23 16:04:31 | 000,025,781 | ---- | M] ()(C:\Users\TDW\Desktop\????? ??? ????? ????? ???? ?????? ?????? ?????.docx) -- C:\Users\TDW\Desktop\עבודת גמר בקורס יהדות ספרד והמזרח בתקופת השואה.docx
[2017-05-23 15:55:08 | 000,056,673 | ---- | C] ()(C:\Users\TDW\Desktop\???? - ????? ??? - ????? ??????? ?????.docx) -- C:\Users\TDW\Desktop\המשך - עבודת גמר - יהדות בולגריה בשואה.docx
[2017-05-22 10:48:46 | 000,025,781 | ---- | C] ()(C:\Users\TDW\Desktop\????? ??? ????? ????? ???? ?????? ?????? ?????.docx) -- C:\Users\TDW\Desktop\עבודת גמר בקורס יהדות ספרד והמזרח בתקופת השואה.docx
[2017-05-18 19:04:14 | 000,050,151 | ---- | M] ()(C:\Users\TDW\Desktop\????? 1 - ????? ???? - 18.5.17.docx) -- C:\Users\TDW\Desktop\טיוטה 1 - קולות נשים - 18.5.17.docx
[2017-05-18 11:51:53 | 000,017,081 | ---- | M] ()(C:\Users\TDW\Desktop\????? ?????? - ????? ????.docx) -- C:\Users\TDW\Desktop\טיוטה עדכנית - קולות נשים.docx
[2017-05-18 11:51:52 | 000,017,081 | ---- | C] ()(C:\Users\TDW\Desktop\????? ?????? - ????? ????.docx) -- C:\Users\TDW\Desktop\טיוטה עדכנית - קולות נשים.docx
[2017-05-18 11:41:48 | 000,050,151 | ---- | C] ()(C:\Users\TDW\Desktop\????? 1 - ????? ???? - 18.5.17.docx) -- C:\Users\TDW\Desktop\טיוטה 1 - קולות נשים - 18.5.17.docx
[2017-05-18 11:30:44 | 000,380,290 | ---- | M] ()(C:\Users\TDW\Documents\????.pdf) -- C:\Users\TDW\Documents\מבוא.pdf
[2017-05-18 11:29:24 | 000,380,290 | ---- | C] ()(C:\Users\TDW\Documents\????.pdf) -- C:\Users\TDW\Documents\מבוא.pdf
[2017-02-08 17:48:23 | 000,009,234 | ---- | M] ()(C:\Users\TDW\Documents\?????1.xlsx) -- C:\Users\TDW\Documents\חוברת1.xlsx
[2017-02-08 17:48:23 | 000,009,234 | ---- | C] ()(C:\Users\TDW\Documents\?????1.xlsx) -- C:\Users\TDW\Documents\חוברת1.xlsx
[2016-05-19 22:13:59 | 000,000,162 | -H-- | M] ()(C:\Users\TDW\Desktop\~$??? ???? ?????.docx) -- C:\Users\TDW\Desktop\~$ודת סיום בקורס.docx
[2016-05-19 22:13:59 | 000,000,162 | -H-- | C] ()(C:\Users\TDW\Desktop\~$??? ???? ?????.docx) -- C:\Users\TDW\Desktop\~$ודת סיום בקורס.docx
[2015-11-06 12:49:25 | 000,000,000 | --SD | M](C:\Users\TDW\Documents\?????? ??????? ???) -- C:\Users\TDW\Documents\מקורות הנתונים שלי
[2015-11-06 12:49:25 | 000,000,000 | --SD | C](C:\Users\TDW\Documents\?????? ??????? ???) -- C:\Users\TDW\Documents\מקורות הנתונים שלי
[2015-08-31 18:34:33 | 000,000,000 | ---D | M](C:\Users\TDW\Desktop\??? ??????) -- C:\Users\TDW\Desktop\אמא קורסים
[2015-06-08 20:50:52 | 000,000,000 | ---D | C](C:\Users\TDW\Desktop\??? ??????) -- C:\Users\TDW\Desktop\אמא קורסים
[2015-05-26 19:13:49 | 000,039,844 | ---- | M] ()(C:\Users\TDW\Documents\??? ????? ??????? - ????? ???? ????, ???? ???-????.docx) -- C:\Users\TDW\Documents\שות כמקור היסטורי - עבודת סיום קורס, מלכה כהן-נהרי.docx
[2015-05-20 12:01:33 | 000,039,844 | ---- | C] ()(C:\Users\TDW\Documents\??? ????? ??????? - ????? ???? ????, ???? ???-????.docx) -- C:\Users\TDW\Documents\שות כמקור היסטורי - עבודת סיום קורס, מלכה כהן-נהרי.docx
[2013-06-27 16:52:35 | 000,000,193 | ---- | M] ()(C:\Users\TDW\Documents\???? ???? ????.rtf) -- C:\Users\TDW\Documents\ססמא יאיר דואל.rtf
[2013-06-27 16:52:35 | 000,000,193 | ---- | C] ()(C:\Users\TDW\Documents\???? ???? ????.rtf) -- C:\Users\TDW\Documents\ססמא יאיר דואל.rtf
[2013-06-19 20:54:12 | 000,016,837 | ---- | M] ()(C:\Users\TDW\Documents\?????? - ????.docx) -- C:\Users\TDW\Documents\וובינר - לירז.docx
[2013-06-19 20:54:12 | 000,016,837 | ---- | C] ()(C:\Users\TDW\Documents\?????? - ????.docx) -- C:\Users\TDW\Documents\וובינר - לירז.docx
[2013-06-15 21:21:25 | 000,016,927 | ---- | M] ()(C:\Users\TDW\Documents\??????? - ???????.docx) -- C:\Users\TDW\Documents\ביקורים - תיאומים.docx
[2013-06-15 21:21:24 | 000,016,927 | ---- | C] ()(C:\Users\TDW\Documents\??????? - ???????.docx) -- C:\Users\TDW\Documents\ביקורים - תיאומים.docx
< End of report >
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Cleaning
Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.18860)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: dd-MMM-yy
3.49 Gb Total Physical Memory | 1.41 Gb Available Physical Memory | 40.49% Memory free
6.98 Gb Paging File | 4.89 Gb Available in Paging File | 69.99% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 465.66 Gb Total Space | 210.38 Gb Free Space | 45.18% Space Free | Partition Type: NTFS
Computer Name: USER-PC | User Name: TDW | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2018-01-03 10:56:48 | 001,367,384 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
PRC - [2017-10-27 18:36:39 | 000,425,408 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
PRC - [2017-09-27 11:27:08 | 000,083,984 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2017-09-12 14:20:58 | 000,049,608 | ---- | M] () -- C:\Program Files\bcontrol\Bezeq.bclient.exe
PRC - [2017-08-11 07:58:32 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2017-08-09 19:20:50 | 015,775,888 | ---- | M] (Copyright 2017.) -- C:\Program Files\Zemana AntiMalware\ZAM.exe
PRC - [2016-09-04 15:43:27 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Cleaning\OTL.exe
PRC - [2016-08-29 16:55:07 | 002,972,672 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2016-08-26 12:26:34 | 000,339,968 | ---- | M] (Popcorn Time) -- C:\Program Files\Popcorn Time\Updater.exe
PRC - [2016-06-15 03:14:44 | 002,398,776 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe
PRC - [2016-06-15 03:14:39 | 019,038,264 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
PRC - [2016-06-15 03:14:38 | 002,905,656 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
PRC - [2016-06-15 03:14:38 | 002,018,360 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe
PRC - [2015-04-24 09:34:00 | 000,626,688 | ---- | M] (AMD) -- C:\Windows\System32\atieclxx.exe
PRC - [2015-04-24 09:34:00 | 000,212,992 | ---- | M] (AMD) -- C:\Windows\System32\atiesrxx.exe
PRC - [2012-11-23 04:48:41 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2011-03-22 10:37:16 | 000,497,480 | ---- | M] (Splashtop Inc.) -- C:\Program Files\Splashtop\Splashtop Connect IE Software Updater\WCUService.exe
PRC - [2010-11-15 13:21:54 | 000,477,000 | ---- | M] (Splashtop Inc.) -- C:\Program Files\Splashtop\Splashtop Connect\BackService.exe
PRC - [2010-10-06 07:04:12 | 002,655,768 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
PRC - [2010-10-06 07:04:08 | 000,325,656 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
========== Modules (No Company Name) ==========
MOD - [2018-01-03 10:56:53 | 003,062,104 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\63.0.3239.132\libglesv2.dll
MOD - [2018-01-03 10:56:53 | 000,085,848 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\63.0.3239.132\libegl.dll
MOD - [2017-09-14 12:43:05 | 002,297,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Core\bd9ff1a4363781a57e8f7392f230a203\System.Core.ni.dll
MOD - [2017-09-13 21:03:54 | 012,437,504 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\367e5b8a038ac76eba17528bb7b3688e\System.Windows.Forms.ni.dll
MOD - [2017-09-13 21:03:49 | 001,593,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\ce3c98f2bf220ef17b0cf4233cac6ceb\System.Drawing.ni.dll
MOD - [2017-09-13 21:03:42 | 005,467,648 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\77c1dc46ea139bf5e1eaa9b87ef03c7a\System.Xml.ni.dll
MOD - [2017-09-13 21:03:39 | 000,978,432 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\ad8dd536906e94c4bc9cb9b82285580b\System.Configuration.ni.dll
MOD - [2017-09-13 21:03:11 | 008,003,072 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ad92dab7f418877d6a1e0358ce35658a\System.ni.dll
MOD - [2017-09-13 21:03:07 | 011,500,544 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\9f895c66454577eff9c77442d0c84f71\mscorlib.ni.dll
MOD - [2017-09-12 14:20:58 | 000,072,648 | ---- | M] () -- C:\Program Files\bcontrol\Bezeq.Common.dll
MOD - [2017-09-12 14:20:58 | 000,049,608 | ---- | M] () -- C:\Program Files\bcontrol\Bezeq.bclient.exe
MOD - [2016-06-15 03:14:44 | 000,020,536 | ---- | M] () -- C:\Program Files\NVIDIA Corporation\Update Core\detoured.dll
MOD - [2013-09-05 00:14:10 | 004,300,456 | ---- | M] () -- C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
========== Services (SafeList) ==========
SRV - File not found [Auto | Stopped] -- C:\Program Files\Splashtop\Splashtop Connect Firefox Software Updater\WCUService.exe -- (WCUService_STC_FF)
SRV - [2018-01-09 18:45:03 | 000,272,384 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2017-11-07 22:39:05 | 000,104,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV - [2017-10-27 18:36:39 | 000,425,408 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe -- (NVDisplay.ContainerLocalSystem)
SRV - [2017-09-27 11:27:08 | 000,083,984 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2017-09-12 14:20:58 | 000,010,184 | ---- | M] () [Auto | Stopped] -- C:\Program Files\bcontrol\Bezeq.Service.exe -- (BUpdater Windows Service)
SRV - [2017-08-09 19:20:50 | 015,775,888 | ---- | M] (Copyright 2017.) [Auto | Running] -- C:\Program Files\Zemana AntiMalware\ZAM.exe -- (ZAMSvc)
SRV - [2016-08-26 12:26:34 | 000,339,968 | ---- | M] (Popcorn Time) [Auto | Running] -- C:\Program Files\Popcorn Time\Updater.exe -- (Update service)
SRV - [2016-08-21 15:05:24 | 000,935,424 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\diagtrack.dll -- (DiagTrack)
SRV - [2016-06-15 03:14:38 | 002,905,656 | ---- | M] (NVIDIA Corporation) [On_Demand | Running] -- C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe -- (NvStreamNetworkSvc)
SRV - [2016-06-15 03:14:38 | 002,018,360 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe -- (NvStreamSvc)
SRV - [2016-02-24 09:15:00 | 004,362,656 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\System32\GameMon.des -- (npggsvc)
SRV - [2015-04-24 09:34:00 | 000,212,992 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2013-12-19 00:41:02 | 030,814,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service)
SRV - [2013-05-27 06:57:27 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2012-12-04 05:58:44 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2011-03-22 10:37:16 | 000,497,480 | ---- | M] (Splashtop Inc.) [Auto | Running] -- C:\Program Files\Splashtop\Splashtop Connect IE Software Updater\WCUService.exe -- (WCUService_STC_IE)
SRV - [2010-11-15 13:21:54 | 000,477,000 | ---- | M] (Splashtop Inc.) [Auto | Running] -- C:\Program Files\Splashtop\Splashtop Connect\BackService.exe -- (SCBackService)
SRV - [2010-10-06 07:04:12 | 002,655,768 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2010-10-06 07:04:08 | 000,325,656 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2009-07-14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009-07-14 03:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2005-09-23 07:01:16 | 002,799,808 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe -- (msvsmon80)
========== Driver Services (SafeList) ==========
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ZTEusbser6k.sys -- (ZTEusbser6k)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ZTEusbnmea.sys -- (ZTEusbnmea)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ZTEusbmdm6k.sys -- (ZTEusbmdm6k)
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\drivers\rdvgkmd.sys -- (VGPU)
DRV - File not found [Kernel | Auto | Stopped] -- C:\PROGRA~1\YTDOWN~1\sbmntr.sys -- (sbmntr)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\mcdbus.sys -- (mcdbus)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\massfilter.sys -- (massfilter)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\EagleXNt.sys -- (EagleXNt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\lgandnetndis.sys -- (andnetndis)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\lgandnetmodem.sys -- (ANDNetModem)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\lgandnetdiag.sys -- (AndNetDiag)
DRV - [2018-01-17 21:39:58 | 000,181,496 | ---- | M] (Zemana Ltd.) [Kernel | System | Running] -- C:\Windows\System32\drivers\zam32.sys -- (ZAM)
DRV - [2018-01-17 21:39:57 | 000,181,496 | ---- | M] (Zemana Ltd.) [Kernel | System | Running] -- C:\Windows\System32\drivers\zamguard32.sys -- (ZAM_Guard)
DRV - [2017-11-09 04:33:16 | 014,642,800 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2017-11-09 04:32:32 | 000,192,432 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvhda32v.sys -- (NVHDA)
DRV - [2017-08-13 23:35:45 | 000,015,872 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV - [2016-06-15 03:14:38 | 000,027,704 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys -- (NvStreamKms)
DRV - [2016-04-14 07:38:19 | 000,050,744 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvvad32v.sys -- (nvvad_WaveExtensible)
DRV - [2016-03-01 04:55:32 | 000,087,568 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\AtihdW73.sys -- (AtiHDAudioService)
DRV - [2015-04-24 09:34:04 | 016,955,392 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (amdkmdag)
DRV - [2015-04-24 09:34:04 | 000,472,576 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmpag.sys -- (amdkmdap)
DRV - [2014-05-26 21:38:43 | 000,126,472 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ESETOlmarikOlmascoCleaner.sys -- (ESETOlmarikOlmascoCleaner)
DRV - [2013-03-22 00:01:10 | 000,229,208 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\VMM.sys -- (vmm)
DRV - [2012-12-05 02:20:05 | 000,017,488 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\gdrv.sys -- (gdrv)
DRV - [2011-05-25 13:19:00 | 000,061,824 | ---- | M] (Etron Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\EtronXHCI.sys -- (EtronXHCI)
DRV - [2011-05-25 13:19:00 | 000,041,600 | ---- | M] (Etron Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\EtronHub3.sys -- (EtronHub3)
DRV - [2010-11-20 23:29:24 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010-11-20 23:29:03 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus)
DRV - [2010-11-20 23:29:03 | 000,112,640 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tsusbhub.sys -- (tsusbhub)
DRV - [2010-11-20 23:29:03 | 000,077,184 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Synth3dVsc.sys -- (Synth3dVsc)
DRV - [2010-11-20 23:29:03 | 000,062,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\dmvsc.sys -- (dmvsc)
DRV - [2010-11-20 23:29:03 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
DRV - [2010-11-20 23:29:03 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010-11-20 23:29:03 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc)
DRV - [2010-11-20 23:29:03 | 000,027,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV - [2010-11-20 23:29:03 | 000,025,600 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\terminpt.sys -- (terminpt)
DRV - [2010-11-20 23:29:03 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2010-11-20 23:29:03 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap)
DRV - [2010-09-21 19:59:02 | 000,041,088 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HECI.sys -- (MEI)
DRV - [2009-07-14 01:53:36 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\loop.sys -- (msloop)
DRV - [2009-07-14 01:45:33 | 000,083,456 | ---- | M] (Brother Industries Ltd.) [Kernel | System | Running] -- C:\Windows\System32\drivers\serial.sys -- (Serial)
DRV - [2009-03-19 02:35:40 | 000,026,176 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\hamachi.sys -- (hamachi)
DRV - [2008-05-07 02:06:00 | 000,011,520 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\wdcsam.sys -- (WDC_SAM)
DRV - [2007-01-29 06:20:34 | 000,059,280 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\VMNetSrv.sys -- (VPCNetS2)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1390296456-3514786238-1037386279-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:Tabs
IE - HKU\S-1-5-21-1390296456-3514786238-1037386279-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page_TIMESTAMP = DB AB 16 10 77 04 D2 01 [binary data]
IE - HKU\S-1-5-21-1390296456-3514786238-1037386279-1003\SOFTWARE\Microsoft\Internet Explorer\Main,SyncHomePage Protected - It is a violation of Windows Policy to modify. See aka.ms/browserpolicy = Reg Error: Value error.
IE - HKU\S-1-5-21-1390296456-3514786238-1037386279-1003\..\URLSearchHook: {0F3DC9E0-C459-4a40-BCF8-747BD9322E10} - C:\Program Files\Splashtop\Splashtop Connect IE\AddressBarSearch.dll (Splashtop Inc.)
IE - HKU\S-1-5-21-1390296456-3514786238-1037386279-1003\..\SearchScopes,DefaultScope = {70839579-320E-4763-A420-8468514E4F69}
IE - HKU\S-1-5-21-1390296456-3514786238-1037386279-1003\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTer ... 02&pc=UE10
IE - HKU\S-1-5-21-1390296456-3514786238-1037386279-1003\..\SearchScopes\{271B4DEB-E9E4-4842-86EF-B5255AAFB2F5}: "URL" = http://search.yahoo.com/search?p={searc ... ype=IEBDSV
IE - HKU\S-1-5-21-1390296456-3514786238-1037386279-1003\..\SearchScopes\{5AC76C24-D9F8-4e70-A2F7-A4C133AA872C}: "URL" = http://www.google.com/cse?cx=partner-pu ... earchTerms}
IE - HKU\S-1-5-21-1390296456-3514786238-1037386279-1003\..\SearchScopes\{70839579-320E-4763-A420-8468514E4F69}: "URL" = http://www.bing.com/search?q={searchTer ... ORM=IESR02
IE - HKU\S-1-5-21-1390296456-3514786238-1037386279-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1390296456-3514786238-1037386279-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
========== FireFox ==========
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=11.31.2: C:\Program Files\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=11.31.2: C:\Program Files\Java\jre1.8.0_31\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nexon.net/NxGame: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll (Nexon)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.33.7\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.33.7\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.1.3: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.1.5: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.2.1: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.2.4: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.2.6: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@citrixonline.com/appdetectorplugin: C:\Users\TDW\AppData\Local\Citrix\Plugins\104\npappdetector.dll (Citrix Online)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{4ED1F68A-5463-4931-9384-8FFF5ED91D92}: C:\Program Files\McAfee\SiteAdvisor
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird
[2016-08-21 10:21:59 | 000,000,000 | ---D | M] (No name found) -- C:\Users\TDW\AppData\Roaming\mozilla\Firefox\Profiles\aZyQ7RhB.default\extensions
[2016-08-21 10:22:01 | 000,000,000 | ---D | M] (Avira Browser Safety) -- C:\Users\TDW\AppData\Roaming\mozilla\Firefox\Profiles\aZyQ7RhB.default\extensions\abs@avira.com
O1 HOSTS File: ([2018-01-17 21:50:22 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (Splashtop Connect VisualBookmark) - {0E5680D1-BF44-4929-94AF-FD30D784AD1D} - C:\Program Files\Splashtop\Splashtop Connect IE\STC.dll (Splashtop Inc.)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.8.0_31\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre1.8.0_31\bin\jp2ssv.dll (Oracle Corporation)
O4 - HKLM..\Run: [bcontrol] C:\Program Files\bcontrol\Bezeq.bclient.exe ()
O4 - HKLM..\Run: [Logitech Download Assistant] C:\Windows\System32\LogiLDA.dll (Logitech, Inc.)
O4 - HKLM..\Run: [NvBackend] C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe (NVIDIA Corporation)
O4 - HKLM..\Run: [STCAgent] C:\Program Files\Splashtop\Splashtop Connect IE\STCAgent.exe (Splashtop Inc.)
O4 - HKLM..\Run: [ZAM] C:\Program Files\Zemana AntiMalware\ZAM.exe (Copyright 2017.)
O4 - HKLM..\Run: [ZyngaGamesAgent] "C:\Program Files\Splashtop\Splashtop Connect\ZyngaGamesAgent.exe" File not found
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\S-1-5-21-1390296456-3514786238-1037386279-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O15 - HKU\S-1-5-21-1390296456-3514786238-1037386279-1003\..Trusted Domains: tlush.gov.il ([]https in Trusted sites)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.138
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 8.8.8.8,8.8.8.4
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4F83BC11-E58F-45EB-9001-D6099356579E}: DhcpNameServer = 10.0.0.138
O18 - Protocol\Handler\skype4com - No CLSID value found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2012-04-06 04:29:53 | 000,000,020 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (aswBoot.exe /M:3de0a5a6 /dir:"C:\Program Files\AVAST Software\Avast")
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
========== Files/Folders - Created Within 30 Days ==========
[2018-01-17 22:12:26 | 000,000,000 | ---D | C] -- C:\rsit
[2018-01-17 21:39:58 | 000,181,496 | ---- | C] (Zemana Ltd.) -- C:\Windows\System32\drivers\zam32.sys
[2018-01-17 21:39:57 | 000,181,496 | ---- | C] (Zemana Ltd.) -- C:\Windows\System32\drivers\zamguard32.sys
[2018-01-17 21:39:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Zemana AntiMalware
[2018-01-17 21:39:56 | 000,000,000 | ---D | C] -- C:\Program Files\Zemana AntiMalware
[2018-01-17 21:39:46 | 000,000,000 | ---D | C] -- C:\Users\TDW\AppData\Local\Zemana
[2017-12-30 12:49:16 | 000,000,000 | ---D | C] -- C:\Users\TDW\AppData\Roaming\SystemProcess
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\TDW\Desktop\*.tmp files -> C:\Users\TDW\Desktop\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2018-01-18 21:11:21 | 000,370,632 | ---- | M] () -- C:\Windows\ZAM.krnl.trace
[2018-01-18 21:10:16 | 000,057,040 | ---- | M] () -- C:\Windows\ZAM_Guard.krnl.trace
[2018-01-18 20:45:15 | 000,000,512 | ---- | M] () -- C:\PhysicalMBR.bin
[2018-01-18 15:56:31 | 000,029,376 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2018-01-18 15:56:31 | 000,029,376 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2018-01-18 15:48:04 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2018-01-18 15:48:01 | 2811,682,816 | -HS- | M] () -- C:\hiberfil.sys
[2018-01-17 21:50:24 | 000,000,258 | RHS- | M] () -- C:\Users\TDW\ntuser.pol
[2018-01-17 21:50:24 | 000,000,258 | RHS- | M] () -- C:\ProgramData\ntuser.pol
[2018-01-17 21:50:22 | 000,000,824 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2018-01-17 21:39:58 | 000,181,496 | ---- | M] (Zemana Ltd.) -- C:\Windows\System32\drivers\zam32.sys
[2018-01-17 21:39:57 | 000,181,496 | ---- | M] (Zemana Ltd.) -- C:\Windows\System32\drivers\zamguard32.sys
[2018-01-17 21:39:57 | 000,001,892 | ---- | M] () -- C:\Users\Public\Desktop\Zemana AntiMalware.lnk
[2018-01-16 15:13:59 | 000,441,032 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2018-01-11 11:34:15 | 126,487,616 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MRT-KB890830.exe
[2018-01-09 18:45:02 | 000,803,328 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2018-01-09 18:45:02 | 000,144,896 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2018-01-09 08:46:08 | 000,002,123 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2018-01-01 09:39:04 | 000,000,000 | ---- | M] () -- C:\Users\TDW\Desktop\New Bitmap Image.bmp
[2017-12-30 15:48:34 | 000,002,223 | ---- | M] () -- C:\Users\TDW\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\TDW\Desktop\*.tmp files -> C:\Users\TDW\Desktop\*.tmp -> ]
========== Files Created - No Company Name ==========
[2018-01-18 20:45:15 | 000,000,512 | ---- | C] () -- C:\PhysicalMBR.bin
[2018-01-17 21:40:03 | 000,370,632 | ---- | C] () -- C:\Windows\ZAM.krnl.trace
[2018-01-17 21:40:03 | 000,057,040 | ---- | C] () -- C:\Windows\ZAM_Guard.krnl.trace
[2018-01-17 21:39:57 | 000,001,892 | ---- | C] () -- C:\Users\Public\Desktop\Zemana AntiMalware.lnk
[2018-01-16 15:13:48 | 000,441,032 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2018-01-01 09:39:04 | 000,000,000 | ---- | C] () -- C:\Users\TDW\Desktop\New Bitmap Image.bmp
[2017-12-30 15:48:34 | 000,002,223 | ---- | C] () -- C:\Users\TDW\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2017-12-30 15:48:34 | 000,002,135 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
[2017-12-30 15:48:34 | 000,002,123 | ---- | C] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2017-12-30 12:49:09 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2017-12-11 08:37:07 | 000,798,008 | ---- | C] () -- C:\Windows\System32\vulkan-1.dll
[2017-12-11 08:37:07 | 000,490,296 | ---- | C] () -- C:\Windows\System32\vulkaninfo.exe
[2017-09-14 01:20:30 | 000,798,008 | ---- | C] () -- C:\Windows\System32\vulkan-1-1-0-61-0.dll
[2017-09-14 01:20:14 | 000,490,296 | ---- | C] () -- C:\Windows\System32\vulkaninfo-1-1-0-61-0.exe
[2017-09-13 14:14:05 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2017-06-05 16:08:39 | 007,802,921 | ---- | C] () -- C:\Windows\System32\nvcoproc.bin
[2016-06-11 14:53:24 | 000,000,016 | ---- | C] () -- C:\ProgramData\mntemp
[2015-12-21 19:58:15 | 000,007,594 | ---- | C] () -- C:\Users\TDW\AppData\Local\Resmon.ResmonCfg
[2015-08-09 13:38:38 | 000,000,258 | RHS- | C] () -- C:\Users\TDW\ntuser.pol
========== ZeroAccess Check ==========
[2009-07-14 06:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2017-08-15 17:10:54 | 012,880,896 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010-11-20 23:29:20 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009-07-14 03:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
========== LOP Check ==========
[2012-12-07 04:37:39 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Splashtop
[2015-08-16 19:07:20 | 000,000,000 | ---D | M] -- C:\Users\TDW\AppData\Roaming\.minecraft
[2015-10-19 21:35:47 | 000,000,000 | ---D | M] -- C:\Users\TDW\AppData\Roaming\Axonstall
[2017-10-30 18:25:26 | 000,000,000 | ---D | M] -- C:\Users\TDW\AppData\Roaming\BControl
[2015-11-24 22:53:12 | 000,000,000 | ---D | M] -- C:\Users\TDW\AppData\Roaming\DassaultSystemes
[2017-05-16 17:01:29 | 000,000,000 | ---D | M] -- C:\Users\TDW\AppData\Roaming\discord
[2015-11-25 00:39:49 | 000,000,000 | ---D | M] -- C:\Users\TDW\AppData\Roaming\EDrawings
[2015-12-03 17:36:41 | 000,000,000 | ---D | M] -- C:\Users\TDW\AppData\Roaming\fizzy
[2015-08-09 19:21:50 | 000,000,000 | ---D | M] -- C:\Users\TDW\AppData\Roaming\java
[2015-09-30 06:36:58 | 000,000,000 | ---D | M] -- C:\Users\TDW\AppData\Roaming\LolClient
[2017-10-06 17:46:59 | 000,000,000 | ---D | M] -- C:\Users\TDW\AppData\Roaming\MapleGlobal
[2017-12-14 05:00:30 | 000,000,000 | ---D | M] -- C:\Users\TDW\AppData\Roaming\NexonLauncher
[2017-11-19 23:23:19 | 000,000,000 | ---D | M] -- C:\Users\TDW\AppData\Roaming\Opera Software
[2017-07-13 11:30:03 | 000,000,000 | ---D | M] -- C:\Users\TDW\AppData\Roaming\Python
[2016-05-21 15:31:04 | 000,000,000 | ---D | M] -- C:\Users\TDW\AppData\Roaming\Riot Games
[2015-08-09 13:38:56 | 000,000,000 | ---D | M] -- C:\Users\TDW\AppData\Roaming\Splashtop
[2016-05-31 14:04:28 | 000,000,000 | ---D | M] -- C:\Users\TDW\AppData\Roaming\steam.transformice.com
[2017-12-30 13:06:33 | 000,000,000 | ---D | M] -- C:\Users\TDW\AppData\Roaming\SystemProcess
[2015-08-06 18:54:52 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\.minecraft
[2015-07-11 20:40:26 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\ESET
[2013-01-01 01:03:45 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\fizzy
[2015-08-06 18:52:40 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\java
[2015-03-05 10:17:46 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\LibreOffice
[2013-06-17 10:02:12 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\LolClient
[2015-04-13 15:09:59 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\MiniGet
[2014-05-21 15:30:40 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\OpenOffice
[2015-04-13 15:08:10 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Opera Software
[2013-02-02 09:53:12 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Origin
[2015-06-10 17:17:39 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\PerformerSoft
[2014-08-06 14:02:20 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Riot Games
[2013-10-09 15:41:50 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\rockbox.org
[2014-12-10 20:54:09 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\SanDisk
[2012-12-04 05:21:21 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Splashtop
[2015-02-28 20:50:49 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Transformice
[2015-08-08 21:16:46 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\uTorrent
[2015-01-19 16:37:33 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Wargaming.net
========== Purity Check ==========
========== Custom Scans ==========
< >
[2009-07-14 06:53:46 | 000,032,602 | ---- | C] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2009-07-14 06:53:47 | 000,000,006 | -H-- | C] () -- C:\Windows\Tasks\SA.DAT
< >
< MD5 for: ATAPI.SYS >
[2009-07-14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\drivers\atapi.sys
[2009-07-14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_a5025d31bee4647c\atapi.sys
[2009-07-14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_fab873f3e8a3315c\atapi.sys
[2009-07-14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_df3f92057fcbe7a7\atapi.sys
[2009-07-14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7601.18231_none_df26d4d57fdef5b0\atapi.sys
[2009-07-14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7601.22414_none_dfc9143c98e9a6c4\atapi.sys
< MD5 for: AUTOCHK.EXE >
[2010-11-20 23:29:06 | 000,668,160 | ---- | M] (Microsoft Corporation) MD5=F88A52EB62019D6A62FDD9E08034DBD8 -- C:\Windows\System32\autochk.exe
[2010-11-20 23:29:06 | 000,668,160 | ---- | M] (Microsoft Corporation) MD5=F88A52EB62019D6A62FDD9E08034DBD8 -- C:\Windows\winsxs\x86_microsoft-windows-autochk_31bf3856ad364e35_6.1.7601.17514_none_e3fb573520033bfa\autochk.exe
< MD5 for: CDROM.SYS >
[2010-11-20 23:29:03 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=BE167ED0FDB9C1FA1133953C18D5A6C9 -- C:\Windows\System32\drivers\cdrom.sys
[2010-11-20 23:29:03 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=BE167ED0FDB9C1FA1133953C18D5A6C9 -- C:\Windows\System32\DriverStore\FileRepository\cdrom.inf_x86_neutral_6381e09675524225\cdrom.sys
[2010-11-20 23:29:03 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=BE167ED0FDB9C1FA1133953C18D5A6C9 -- C:\Windows\winsxs\x86_cdrom.inf_31bf3856ad364e35_6.1.7601.17514_none_61b0c5ce02098355\cdrom.sys
< MD5 for: EXPLORER.EXE >
[2010-11-20 23:29:20 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_53bc10fdd7fe87ca\explorer.exe
[2016-08-29 16:55:07 | 002,972,672 | ---- | M] (Microsoft Corporation) MD5=6DDCA324434FFA506CF7DC4E51DB7935 -- C:\Windows\explorer.exe
[2016-08-29 16:55:07 | 002,972,672 | ---- | M] (Microsoft Corporation) MD5=6DDCA324434FFA506CF7DC4E51DB7935 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.23537_none_5432df58f129e196\explorer.exe
< MD5 for: HAL.DLL >
[2010-11-20 23:29:19 | 000,194,432 | ---- | M] (Microsoft Corporation) MD5=1BF0D4727FDB437D513CFF8A9359C050 -- C:\Windows\System32\hal.dll
[2010-11-20 23:29:19 | 000,194,432 | ---- | M] (Microsoft Corporation) MD5=1BF0D4727FDB437D513CFF8A9359C050 -- C:\Windows\winsxs\x86_microsoft-windows-hal_31bf3856ad364e35_6.1.7601.17514_none_ad305c8fb7ec5060\hal.dll
< MD5 for: SCECLI.DLL >
[2010-11-20 23:29:07 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\System32\scecli.dll
[2010-11-20 23:29:07 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_3a154c47375d881d\scecli.dll
< MD5 for: SERVICES.EXE >
[2015-04-13 05:19:24 | 000,259,072 | ---- | M] (Microsoft Corporation) MD5=0780A42DBD7D9969F9BF4A19AA4285B5 -- C:\Windows\System32\services.exe
[2015-04-13 05:19:24 | 000,259,072 | ---- | M] (Microsoft Corporation) MD5=0780A42DBD7D9969F9BF4A19AA4285B5 -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7601.18829_none_d1614ac32b8ec5cf\services.exe
[2009-07-14 03:14:36 | 000,259,072 | ---- | M] (Microsoft Corporation) MD5=5F1B6A9C35D3D5CA72D6D6FDEF9747D6 -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_cf36168b2e9c967b\services.exe
[2015-04-11 05:53:55 | 000,259,072 | ---- | M] (Microsoft Corporation) MD5=97981140500E86E5BBAD7B76BA890146 -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7601.23033_none_d1d9ee0844ba1cc2\services.exe
< MD5 for: SVCHOST.EXE >
[2015-09-21 18:04:23 | 000,893,752 | ---- | M] (MalwareBytes) MD5=0692C8163852AB5674E2EB3B36131EF3 -- C:\Users\TDW\Downloads\Chameleon\Windows\svchost.exe
[2009-07-14 03:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\System32\svchost.exe
[2009-07-14 03:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe
< MD5 for: TCPIP.SYS >
[2010-11-20 23:29:20 | 001,290,112 | ---- | M] (Microsoft Corporation) MD5=37E8FA3779668837CA9E2C36D2415949 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17514_none_b5257c3dc4a85a01\tcpip.sys
[2014-04-05 04:25:01 | 001,294,272 | ---- | M] (Microsoft Corporation) MD5=5579DD18546999F5D0EC39D018726C6B -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.18438_none_b513c4dfc4b513b9\tcpip.sys
[2013-09-07 04:06:48 | 001,309,120 | ---- | M] (Microsoft Corporation) MD5=6C4F3D92764FFA22D28061A4D9235446 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.22444_none_b58e8eb0ddde6cf1\tcpip.sys
[2017-05-30 06:39:05 | 001,309,928 | ---- | M] (Microsoft Corporation) MD5=C25848DB4A86839A7EDD1077F62AD980 -- C:\Windows\System32\drivers\tcpip.sys
[2017-05-30 06:39:05 | 001,309,928 | ---- | M] (Microsoft Corporation) MD5=C25848DB4A86839A7EDD1077F62AD980 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.23821_none_b5a11e7addd0f747\tcpip.sys
[2017-04-04 17:25:44 | 001,309,928 | ---- | M] (Microsoft Corporation) MD5=C7CF3C1D1EC800230E5FE658C77FC9CA -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.23761_none_b575dce4ddf169e4\tcpip.sys
[2016-07-07 17:20:44 | 001,309,928 | ---- | M] (Microsoft Corporation) MD5=C7E41209132B9CF084CCEA8593F61328 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.23496_none_b55a68e0de0544f5\tcpip.sys
[2013-09-08 04:07:12 | 001,294,272 | ---- | M] (Microsoft Corporation) MD5=CA59F7C570AF70BC174F477CFE2D9EE3 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.18254_none_b4fa2013c4c8ebf1\tcpip.sys
[2012-10-03 18:44:01 | 001,308,040 | ---- | M] (Microsoft Corporation) MD5=D490DD0A91B4EAC3B4EE08D11EE37C31 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.22124_none_b5a428d6ddce3d9a\tcpip.sys
[2013-11-26 13:07:37 | 001,309,632 | ---- | M] (Microsoft Corporation) MD5=DC08335B30D83FB61E9EFE6FDD09D40D -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.22525_none_b5a530b8ddcd4b8d\tcpip.sys
[2012-10-03 18:58:30 | 001,293,680 | ---- | M] (Microsoft Corporation) MD5=E23A56F843E2AEBBB209D0ACCA73C640 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17964_none_b4ef7439c4d0da52\tcpip.sys
[2014-04-05 04:16:21 | 001,310,144 | ---- | M] (Microsoft Corporation) MD5=EA47AB18E289333AB94397D77CA6E3A1 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.22648_none_b59293a4dddacc9b\tcpip.sys
< MD5 for: USERINIT.EXE >
[2010-11-20 23:29:06 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\System32\userinit.exe
[2010-11-20 23:29:06 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
< MD5 for: WINLOGON.EXE >
[2015-09-21 18:04:24 | 000,893,752 | ---- | M] (MalwareBytes) MD5=0692C8163852AB5674E2EB3B36131EF3 -- C:\Users\TDW\Downloads\Chameleon\Windows\winlogon.exe
[2014-07-16 04:56:14 | 000,304,640 | ---- | M] (Microsoft Corporation) MD5=4F37B93C14AEE313BEC52A23AFB15C2E -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.22750_none_7224b2134c7555fa\winlogon.exe
[2014-07-17 03:39:27 | 000,304,128 | ---- | M] (Microsoft Corporation) MD5=52449FD429D6053B78AE564DEF303870 -- C:\Windows\System32\winlogon.exe
[2014-07-17 03:39:27 | 000,304,128 | ---- | M] (Microsoft Corporation) MD5=52449FD429D6053B78AE564DEF303870 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.18540_none_71a5e34e334f9d18\winlogon.exe
[2010-11-20 23:29:06 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_71ca6b0233339500\winlogon.exe
[2014-03-04 11:17:02 | 000,304,128 | ---- | M] (Microsoft Corporation) MD5=998507B046BA314CE8245364C686FA67 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.18409_none_71da23b23327143c\winlogon.exe
[2014-03-04 12:39:02 | 000,304,640 | ---- | M] (Microsoft Corporation) MD5=D53972F87D850CD2EB4B29B60CAFDD77 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.22616_none_7255f1994c4f8119\winlogon.exe
< >
< %systemroot%*.* /U /s >
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[11 C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\*.tmp files -> C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\*.tmp -> ]
[51 C:\Windows\Installer\*.tmp files -> C:\Windows\Installer\*.tmp -> ]
[1 C:\Windows\SoftwareDistribution\Download\61bfe288eb8e4176873cdcd21610e16d\*.tmp files -> C:\Windows\SoftwareDistribution\Download\61bfe288eb8e4176873cdcd21610e16d\*.tmp -> ]
[1 C:\Windows\SoftwareDistribution\Download\a92f8878ea38cac4505fcefd787bd88e\*.tmp files -> C:\Windows\SoftwareDistribution\Download\a92f8878ea38cac4505fcefd787bd88e\*.tmp -> ]
< %SYSTEMDRIVE%\*.exe >
< %ALLUSERSPROFILE%\Application Data\*. >
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
< %APPDATA%\*. >
[2015-08-16 19:07:20 | 000,000,000 | ---D | M] -- C:\Users\TDW\AppData\Roaming\.minecraft
[2015-08-12 13:14:47 | 000,000,000 | ---D | M] -- C:\Users\TDW\AppData\Roaming\Adobe
[2015-10-19 21:35:47 | 000,000,000 | ---D | M] -- C:\Users\TDW\AppData\Roaming\Axonstall
[2017-10-30 18:25:26 | 000,000,000 | ---D | M] -- C:\Users\TDW\AppData\Roaming\BControl
[2015-11-24 22:53:12 | 000,000,000 | ---D | M] -- C:\Users\TDW\AppData\Roaming\DassaultSystemes
[2017-05-16 17:01:29 | 000,000,000 | ---D | M] -- C:\Users\TDW\AppData\Roaming\discord
[2015-08-17 09:17:38 | 000,000,000 | ---D | M] -- C:\Users\TDW\AppData\Roaming\dvdcss
[2015-11-25 00:39:49 | 000,000,000 | ---D | M] -- C:\Users\TDW\AppData\Roaming\EDrawings
[2015-12-03 17:36:41 | 000,000,000 | ---D | M] -- C:\Users\TDW\AppData\Roaming\fizzy
[2015-08-09 13:38:44 | 000,000,000 | ---D | M] -- C:\Users\TDW\AppData\Roaming\Identities
[2015-08-09 19:21:50 | 000,000,000 | ---D | M] -- C:\Users\TDW\AppData\Roaming\java
[2015-09-30 06:36:58 | 000,000,000 | ---D | M] -- C:\Users\TDW\AppData\Roaming\LolClient
[2013-01-04 04:26:01 | 000,000,000 | ---D | M] -- C:\Users\TDW\AppData\Roaming\Macromedia
[2017-10-06 17:46:59 | 000,000,000 | ---D | M] -- C:\Users\TDW\AppData\Roaming\MapleGlobal
[2010-11-21 02:46:50 | 000,000,000 | ---D | M] -- C:\Users\TDW\AppData\Roaming\Media Center Programs
[2016-08-09 18:44:13 | 000,000,000 | --SD | M] -- C:\Users\TDW\AppData\Roaming\Microsoft
[2016-08-21 10:21:59 | 000,000,000 | ---D | M] -- C:\Users\TDW\AppData\Roaming\Mozilla
[2017-12-14 05:00:30 | 000,000,000 | ---D | M] -- C:\Users\TDW\AppData\Roaming\NexonLauncher
[2017-06-08 11:41:35 | 000,000,000 | ---D | M] -- C:\Users\TDW\AppData\Roaming\NVIDIA
[2017-11-19 23:23:19 | 000,000,000 | ---D | M] -- C:\Users\TDW\AppData\Roaming\Opera Software
[2017-07-13 11:30:03 | 000,000,000 | ---D | M] -- C:\Users\TDW\AppData\Roaming\Python
[2016-05-21 15:31:04 | 000,000,000 | ---D | M] -- C:\Users\TDW\AppData\Roaming\Riot Games
[2017-09-25 16:17:02 | 000,000,000 | ---D | M] -- C:\Users\TDW\AppData\Roaming\Skype
[2015-11-30 22:15:29 | 000,000,000 | ---D | M] -- C:\Users\TDW\AppData\Roaming\SOLIDWORKS
[2015-11-30 22:15:29 | 000,000,000 | ---D | M] -- C:\Users\TDW\AppData\Roaming\SolidWorks 2014
[2015-08-09 13:38:56 | 000,000,000 | ---D | M] -- C:\Users\TDW\AppData\Roaming\Splashtop
[2016-05-31 14:04:28 | 000,000,000 | ---D | M] -- C:\Users\TDW\AppData\Roaming\steam.transformice.com
[2017-12-30 13:06:33 | 000,000,000 | ---D | M] -- C:\Users\TDW\AppData\Roaming\SystemProcess
[2018-01-17 18:30:57 | 000,000,000 | ---D | M] -- C:\Users\TDW\AppData\Roaming\vlc
[2015-09-29 16:53:34 | 000,000,000 | ---D | M] -- C:\Users\TDW\AppData\Roaming\WinRAR
< %APPDATA%\*.exe /s >
[2015-06-18 10:40:22 | 000,015,360 | ---- | M] () -- C:\Users\TDW\AppData\Roaming\Axonstall\AxProtector.exe
[2012-09-06 01:04:02 | 000,445,352 | ---- | M] (wyDay) -- C:\Users\TDW\AppData\Roaming\Axonstall\wyUpdate.exe
< %systemroot%\*. /mp /s >
< %systemroot%\system32\*.dll /lockedfiles >
< %systemroot%\Tasks\*.job >
< %systemroot%\system32\drivers\*.sys /lockedfiles >
< %systemroot%\System32\config\*.sav >
< %systemroot%\system32\*.dll /lockedfiles >
< %systemroot%\system32\drivers\*.sys /3 >
[2018-01-17 21:39:58 | 000,181,496 | ---- | M] (Zemana Ltd.) -- C:\Windows\system32\drivers\zam32.sys
[2018-01-17 21:39:57 | 000,181,496 | ---- | M] (Zemana Ltd.) -- C:\Windows\system32\drivers\zamguard32.sys
< %systemroot%\system32\*.* /3 >
[2018-01-18 15:56:31 | 000,029,376 | -H-- | M] () -- C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2018-01-18 15:56:31 | 000,029,376 | -H-- | M] () -- C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2018-01-16 15:13:59 | 000,441,032 | ---- | M] () -- C:\Windows\system32\FNTCACHE.DAT
[2018-01-18 15:50:42 | 000,000,018 | ---- | M] () -- C:\Windows\system32\log.txt
< %SYSTEMDRIVE%\*.exe >
< >
< HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s >
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\Speedup DelayLoad]
< >
< %PROGRAMFILES%\Mozilla Firefox\firefox.exe /md5 >
< %PROGRAMFILES%\Internet Explorer\iexplore.exe /md5 >
[2017-11-15 02:36:38 | 000,815,296 | ---- | M] (Microsoft Corporation) MD5=9CA63C9D164E8095AB2E77D7320F1141 -- C:\Program Files\Internet Explorer\iexplore.exe
< %PROGRAMFILES%\Opera\opera.exe /md5 >
< %PROGRAMFILES%\Google\Chrome\Application\chrome.exe /md5 >
[2018-01-03 10:56:48 | 001,367,384 | ---- | M] (Google Inc.) MD5=CD10AA3AE31F69F64BD6D6F20AFF89DE -- C:\Program Files\Google\Chrome\Application\chrome.exe
< >
< %SystemDrive%\PhysicalMBR.bin /md5 >
[2018-01-18 20:45:15 | 000,000,512 | ---- | M] () MD5=1D7A138FAE50D8FB8D691F67E343D1A2 -- C:\PhysicalMBR.bin
< >
< *crack* /s >
< *keygen* /s >
< *loader* /s >
[2017-12-08 23:44:28 | 000,018,343 | ---- | M] () -- \Nexon\Nexon Launcher\bin\modules\m_loader.pyc
[2018-01-05 23:19:18 | 000,017,972 | ---- | M] () -- \Nexon\Nexon Launcher\bin\modules\apps\contenttools\downloader.pyc
[2018-01-05 01:52:16 | 000,018,032 | ---- | M] () -- \Nexon\Nexon Launcher\bin\modules\apps\contenttools\__pycache__\downloader.cpython-34.pyc
[2017-12-06 22:23:47 | 000,018,624 | ---- | M] () -- \Nexon\Nexon Launcher\bin\nexon_client\api-ms-win-core-libraryloader-l1-1-0.dll
[2009-05-23 12:38:52 | 000,061,952 | ---- | M] () -- \Program Files\Common Files\microsoft shared\VS7Debug\coloader80.dll
[2009-05-23 07:27:34 | 000,004,608 | ---- | M] () -- \Program Files\Common Files\microsoft shared\VS7Debug\coloader80.tlb
[2014-09-03 00:27:24 | 000,268,432 | ---- | M] () -- \Program Files\Common Files\microsoft shared\VSTO\10.0\VSTOLoader.dll
[2014-09-03 00:27:24 | 000,019,096 | ---- | M] () -- \Program Files\Common Files\microsoft shared\VSTO\10.0\1033\VSTOLoaderUI.dll
[2013-03-09 03:48:16 | 000,017,544 | ---- | M] () -- \Program Files\Common Files\microsoft shared\VSTO\10.0\1037\VSTOLoaderUI.dll
[2015-03-06 12:25:14 | 004,249,592 | ---- | M] () -- \Program Files\Common Files\SOLIDWORKS Installation Manager\23.0\sldimdownloader.exe
[2017-11-09 04:24:50 | 000,440,856 | ---- | M] () -- \Program Files\NVIDIA Corporation\Installer2\Display.Driver.{BD85D817-43F8-479A-ADC6-78A0A6812C9E}\nvfatbinaryloader32.dl_
[2015-08-25 20:35:19 | 000,057,592 | R--- | M] () -- \Program Files\NVIDIA Corporation\Installer2\Display.PhysX.{1E39CD98-859B-4E79-8B0C-E920EF450F69}\files\Common\PhysXLoader.dll
[2015-08-25 20:35:19 | 000,065,784 | R--- | M] () -- \Program Files\NVIDIA Corporation\Installer2\Display.PhysX.{1E39CD98-859B-4E79-8B0C-E920EF450F69}\files\Common\PhysXLoader64.dll
[2015-08-25 20:35:19 | 000,073,976 | R--- | M] () -- \Program Files\NVIDIA Corporation\Installer2\Display.PhysX.{1E39CD98-859B-4E79-8B0C-E920EF450F69}\files\Common\PhysXUpdateLoader.dll
[2015-08-25 20:35:19 | 000,090,872 | R--- | M] () -- \Program Files\NVIDIA Corporation\Installer2\Display.PhysX.{1E39CD98-859B-4E79-8B0C-E920EF450F69}\files\Common\PhysXUpdateLoader64.dll
[2015-08-25 20:35:19 | 000,057,592 | R--- | M] () -- \Program Files\NVIDIA Corporation\PhysX\Common\PhysXLoader.dll
[2015-08-25 20:35:19 | 000,073,976 | R--- | M] () -- \Program Files\NVIDIA Corporation\PhysX\Common\PhysXUpdateLoader.dll
[2017-04-07 10:26:34 | 000,018,624 | ---- | M] () -- \Riot Games\League of Legends\api-ms-win-core-libraryloader-l1-1-0.dll
[2017-04-07 10:26:34 | 000,018,624 | ---- | M] () -- \Riot Games\League of Legends\RADS\projects\league_client\releases\0.0.0.118\deploy\api-ms-win-core-libraryloader-l1-1-0.dll
[2017-04-07 10:26:34 | 000,018,624 | ---- | M] () -- \Riot Games\League of Legends\RADS\projects\league_client\releases\0.0.0.119\deploy\api-ms-win-core-libraryloader-l1-1-0.dll
[2017-12-05 14:28:50 | 000,018,624 | ---- | M] () -- \Riot Games\PBE\PBE\api-ms-win-core-libraryloader-l1-1-0.dll
[2017-12-05 14:28:50 | 000,018,624 | ---- | M] () -- \Riot Games\PBE\PBE\RADS\projects\league_client\releases\0.0.1.110\deploy\api-ms-win-core-libraryloader-l1-1-0.dll
[2017-12-05 14:28:50 | 000,018,624 | ---- | M] () -- \Riot Games\PBE\PBE\RADS\projects\league_client\releases\0.0.1.111\deploy\api-ms-win-core-libraryloader-l1-1-0.dll
[2017-10-14 21:24:37 | 000,018,624 | ---- | M] () -- \Riot Games\PBE\PBE\RADS\projects\league_client\releases\0.0.1.66\deploy\api-ms-win-core-libraryloader-l1-1-0.dll
[2017-10-14 21:24:37 | 000,018,624 | ---- | M] () -- \Riot Games\PBE\PBE\RADS\projects\league_client\releases\0.0.1.89\deploy\api-ms-win-core-libraryloader-l1-1-0.dll
[2017-10-14 21:24:37 | 000,018,624 | ---- | M] () -- \Riot Games\PBE\PBE\RADS\projects\league_client\releases\0.0.1.90\deploy\api-ms-win-core-libraryloader-l1-1-0.dll
[2015-11-24 21:59:04 | 000,001,100 | ---- | M] () -- \Users\TDW\AppData\Roaming\SOLIDWORKS\Installation Logs\2014 SP2.0\Other Logs\IMDownloaderVersion.xml
[2015-11-24 22:40:44 | 002,462,436 | ---- | M] () -- \Users\TDW\AppData\Roaming\SOLIDWORKS\Installation Logs\2014 SP2.0\Other Logs\sldIMDownloaderLog_00001.txt
[2015-11-24 20:04:17 | 000,001,100 | ---- | M] () -- \Users\TDW\AppData\Roaming\SOLIDWORKS\Installation Logs\2015 SP2.1\Other Logs\IMDownloaderVersion.xml
[2015-11-24 21:25:29 | 008,197,446 | ---- | M] () -- \Users\TDW\AppData\Roaming\SOLIDWORKS\Installation Logs\2015 SP2.1\Other Logs\sldIMDownloaderLog_00001.txt
[2015-11-24 20:04:19 | 000,001,612 | ---- | M] () -- \Users\TDW\AppData\Roaming\SOLIDWORKS\Installation Logs\Misc Logs\sldIMDownloaderLog_00001.txt
[2015-11-24 20:05:51 | 000,002,444 | ---- | M] () -- \Users\TDW\AppData\Roaming\SOLIDWORKS\Installation Logs\Misc Logs\sldIMDownloaderLog_00002.txt
[2015-11-24 21:59:07 | 000,001,612 | ---- | M] () -- \Users\TDW\AppData\Roaming\SOLIDWORKS\Installation Logs\Misc Logs\sldIMDownloaderLog_00003.txt
[2015-11-24 22:10:06 | 000,002,446 | ---- | M] () -- \Users\TDW\AppData\Roaming\SOLIDWORKS\Installation Logs\Misc Logs\sldIMDownloaderLog_00004.txt
[2016-03-22 21:58:45 | 000,001,600 | ---- | M] () -- \Users\TDW\AppData\Roaming\SOLIDWORKS\Installation Logs\Misc Logs\sldIMDownloaderLog_00005.txt
[2015-06-05 19:08:42 | 000,072,638 | ---- | M] () -- \Users\user\AppData\Local\Skype\Apps\login\images\loader.gif
[2015-06-05 19:08:42 | 000,003,032 | ---- | M] () -- \Users\user\AppData\Local\Skype\Apps\login\images\loader.png
[2015-06-05 19:08:42 | 000,006,012 | ---- | M] () -- \Users\user\AppData\Local\Skype\Apps\login\images\normal\loader_15fps.gif
[2015-06-05 19:08:42 | 000,021,956 | ---- | M] () -- \Users\user\AppData\Local\Skype\Apps\login\images\normal\loader_30fps.gif
[2015-06-05 19:08:42 | 000,009,772 | ---- | M] () -- \Users\user\AppData\Local\Skype\Apps\login\images\retina\loader@2x.png
[2012-11-19 22:13:34 | 000,000,847 | ---- | M] () -- \Users\user\AppData\Roaming\Mozilla\Firefox\extensions\{b6ac5e3c-5ceb-4e72-b451-f0e1ba983c14}\chrome\CT3225826\content\tb\al\ac\img\ajax-loader.gif
[2012-11-19 22:13:34 | 000,001,135 | ---- | M] () -- \Users\user\AppData\Roaming\Mozilla\Firefox\extensions\{b6ac5e3c-5ceb-4e72-b451-f0e1ba983c14}\chrome\CT3225826\content\tb\al\ac\img\loader-icon.png
[2012-11-19 22:13:34 | 000,003,208 | ---- | M] () -- \Users\user\AppData\Roaming\Mozilla\Firefox\extensions\{b6ac5e3c-5ceb-4e72-b451-f0e1ba983c14}\chrome\CT3225826\content\tb\al\ui\gf\img\loader.gif
[2012-11-19 22:13:34 | 000,001,849 | ---- | M] () -- \Users\user\AppData\Roaming\Mozilla\Firefox\extensions\{b6ac5e3c-5ceb-4e72-b451-f0e1ba983c14}\chrome\CT3225826\content\tb\al\wa\TWITTER\resources\ajax-loader.gif
[2013-04-11 17:54:38 | 000,197,614 | ---- | M] () -- \Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\extensions\ftdownloader3@ftdownloader.com.xpi
[2012-12-13 22:29:00 | 000,199,445 | ---- | M] () -- \Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\extensions\movie2kdownloader@movie2kdownloader.com.xpi
[2013-03-09 08:17:04 | 000,019,080 | R--- | M] () -- \Windows\Installer\$PatchCache$\Managed\00004109110000000000000000F01FEC\14.0.4763\FL_VSTOLoaderUI_dll_x86_ln.3643236F_FC70_11D3_A536_0090278A1BB8
[2010-03-25 06:12:34 | 000,018,264 | R--- | M] () -- \Windows\Installer\$PatchCache$\Managed\00004109110000000000000000F01FEC\14.0.4763\FL_VSTOLoaderUI_dll_x86_ln.3643236F_FC70_11D3_A536_0090278A1BB8.923C1899_09AE_418B_B39D_A7A9EB6A7951
[2013-03-09 08:17:04 | 000,268,440 | R--- | M] () -- \Windows\Installer\$PatchCache$\Managed\00004109110000000000000000F01FEC\14.0.4763\VSTOLoader_dll_x86.3643236F_FC70_11D3_A536_0090278A1BB8
[2010-03-25 06:12:34 | 000,249,680 | R--- | M] () -- \Windows\Installer\$PatchCache$\Managed\00004109110000000000000000F01FEC\14.0.4763\VSTOLoader_dll_x86.3643236F_FC70_11D3_A536_0090278A1BB8.923C1899_09AE_418B_B39D_A7A9EB6A7951
[2009-10-22 23:15:32 | 000,016,712 | R--- | M] () -- \Windows\Installer\$PatchCache$\Managed\00004109E600D0400000000000F01FEC\14.0.4763\FL_VSTOLoaderUI_dll_122707_122707_x86_heb.3643236F_FC70_11D3_A536_0090278A1BB8.5326715A_77CF_482B_8CA0_13476898242B
[2005-09-23 04:24:22 | 000,061,440 | R--- | M] () -- \Windows\Installer\$PatchCache$\Managed\69AE184D3132C7A489EE17D0A18F48CA\8.0.50727\FL_coloader80_dll_128691_____X86.3643236F_FC70_11D3_A536_0090278A1BB8
[2005-09-22 23:23:44 | 000,004,608 | R--- | M] () -- \Windows\Installer\$PatchCache$\Managed\69AE184D3132C7A489EE17D0A18F48CA\8.0.50727\FL_coloader80_tlb_128927_____X86.3643236F_FC70_11D3_A536_0090278A1BB8
[2017-08-11 08:19:29 | 000,003,584 | -H-- | M] () -- \Windows\System32\api-ms-win-core-libraryloader-l1-1-0.dll
[2009-07-14 03:15:12 | 000,038,400 | ---- | M] () -- \Windows\System32\dmloader.dll
[2017-11-09 04:24:50 | 000,902,312 | ---- | M] () -- \Windows\System32\nvfatbinaryLoader.dll
[2017-11-09 04:24:50 | 000,902,312 | ---- | M] () -- \Windows\System32\DriverStore\FileRepository\nv_ref_pubwu.inf_x86_neutral_8ac97f5c7e8c9343\nvfatbinaryLoader32.dll
[2015-04-13 15:10:05 | 000,003,566 | ---- | M] () -- \Windows\System32\Tasks\YTDownloader
[2015-04-13 15:10:00 | 000,003,888 | ---- | M] () -- \Windows\System32\Tasks\YTDownloaderUpd
[2009-07-14 06:54:01 | 000,003,532 | ---- | M] () -- \Windows\System32\Tasks\Microsoft\Windows\WindowsColorSystem\Calibration Loader
[2017-10-12 02:12:35 | 000,002,883 | ---- | M] () -- \Windows\winsxs\Backup\x86_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7601.23915_en-us_792a99285b62d356.manifest
[2017-10-12 02:12:35 | 000,033,000 | ---- | M] () -- \Windows\winsxs\Backup\x86_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7601.23915_en-us_792a99285b62d356_winload.exe.mui_3bc5b827
[2017-10-12 02:12:35 | 000,029,928 | ---- | M] () -- \Windows\winsxs\Backup\x86_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7601.23915_en-us_792a99285b62d356_winresume.exe.mui_ff8b5358
[2017-10-12 02:12:35 | 000,004,224 | ---- | M] () -- \Windows\winsxs\Backup\x86_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7601.23915_none_5db89954e405dd2b.manifest
[2017-10-12 02:12:35 | 000,534,600 | ---- | M] () -- \Windows\winsxs\Backup\x86_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7601.23915_none_5db89954e405dd2b_winload.exe_75835076
[2017-10-12 02:12:35 | 000,470,704 | ---- | M] () -- \Windows\winsxs\Backup\x86_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7601.23915_none_5db89954e405dd2b_winresume.exe_85cd1215
[2009-07-14 04:17:38 | 000,002,894 | ---- | M] () -- \Windows\winsxs\Backup\x86_microsoft-windows-s..ive-blackbox-loader_31bf3856ad364e35_6.1.7600.16385_none_6b097e5cb26f7a23.manifest
[2009-07-14 04:17:38 | 000,017,472 | ---- | M] () -- \Windows\winsxs\Backup\x86_microsoft-windows-s..ive-blackbox-loader_31bf3856ad364e35_6.1.7600.16385_none_6b097e5cb26f7a23_spldr.sys_98bd87a0
[2015-05-13 21:06:00 | 000,000,612 | ---- | M] () -- \Windows\winsxs\FileMaps\programdata_microsoft_diagnosis_asimovuploader_0413bca0c3dfdda4.cdf-ms
[2010-11-21 02:37:59 | 000,002,883 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7600.16385_en-us_766f102945576be4.manifest
[2015-02-03 05:16:42 | 000,002,883 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7601.18741_en-us_787ca05342610b3b.manifest
[2015-01-16 08:23:55 | 000,002,777 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7601.22923_en-us_791ddf705b6ca2f8.manifest
[2015-02-03 05:36:49 | 000,002,883 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7601.22948_en-us_790d410a5b78598d.manifest
[2015-04-27 21:04:39 | 000,002,883 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7601.23040_en-us_790516dc5b7fc217.manifest
[2015-05-25 20:11:24 | 000,002,883 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7601.23072_en-us_78e6a7ac5b964898.manifest
[2015-07-15 05:04:54 | 000,002,883 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7601.23126_en-us_7920ba565b6a1f66.manifest
[2015-07-15 19:54:31 | 000,002,883 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7601.23136_en-us_7915ea6a5b723b57.manifest
[2015-07-23 02:02:46 | 000,002,883 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7601.23142_en-us_790719565b7df1ec.manifest
[2016-01-22 08:11:44 | 000,002,883 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7601.23338_en-us_7917eeca5b706853.manifest
[2016-03-16 20:35:36 | 000,002,883 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7601.23391_en-us_78d00d3c5ba75e98.manifest
[2016-03-18 00:34:51 | 000,002,883 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7601.23392_en-us_78d10d865ba677ef.manifest
[2016-04-09 09:00:21 | 000,002,883 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7601.23418_en-us_792d90885b602d98.manifest
[2016-09-02 17:23:56 | 000,002,883 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7601.23539_en-us_7918f2e05b6f7bf8.manifest
[2016-09-09 20:06:27 | 000,002,883 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7601.23543_en-us_790821385b7cffdf.manifest
[2016-10-07 17:19:33 | 000,002,883 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7601.23569_en-us_78f8831c5b87cfcb.manifest
[2016-10-11 17:27:06 | 000,002,883 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7601.23572_en-us_78e6b12a5b963a5b.manifest
[2017-02-09 18:21:34 | 000,002,883 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7601.23677_en-us_78ebb4825b91b635.manifest
[2017-03-08 06:29:37 | 000,002,883 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7601.23714_en-us_792995125b63bfb1.manifest
[2017-04-28 02:38:59 | 000,002,883 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7601.23796_en-us_78d516465ba2d1e7.manifest
[2017-05-12 20:08:53 | 000,002,883 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7601.23807_en-us_793767c25b58ecec.manifest
[2017-07-07 17:16:58 | 000,002,883 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7601.23864_en-us_78f3875c5b8c488d.manifest
[2017-08-11 08:25:37 | 000,002,883 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7601.23889_en-us_78e2e8f65b97ff22.manifest
[2017-09-13 17:15:03 | 000,002,883 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7601.23915_en-us_792a99285b62d356.manifest
[2010-11-20 23:23:54 | 000,004,225 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7601.17514_none_5d2e241dcae8f953.manifest
[2015-02-03 05:32:58 | 000,004,224 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7601.18741_none_5d0aa07fcb041510.manifest
[2015-01-14 08:45:13 | 000,004,224 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7601.22923_none_5dabdf9ce40faccd.manifest
[2015-02-03 05:54:42 | 000,004,224 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7601.22948_none_5d9b4136e41b6362.manifest
[2015-04-27 21:17:27 | 000,004,224 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7601.23040_none_5d931708e422cbec.manifest
[2015-05-25 20:35:55 | 000,004,224 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7601.23072_none_5d74a7d8e439526d.manifest
[2015-07-15 05:25:32 | 000,004,224 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7601.23126_none_5daeba82e40d293b.manifest
[2015-07-15 20:16:39 | 000,004,224 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7601.23136_none_5da3ea96e415452c.manifest
[2015-07-23 02:23:37 | 000,004,224 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7601.23142_none_5d951982e420fbc1.manifest
[2016-01-22 08:39:54 | 000,004,224 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7601.23338_none_5da5eef6e4137228.manifest
[2016-03-16 21:02:45 | 000,004,224 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7601.23391_none_5d5e0d68e44a686d.manifest
[2016-03-18 00:51:44 | 000,004,224 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7601.23392_none_5d5f0db2e44981c4.manifest
[2016-04-09 09:16:41 | 000,004,224 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7601.23418_none_5dbb90b4e403376d.manifest
[2016-09-02 17:45:24 | 000,004,224 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7601.23539_none_5da6f30ce41285cd.manifest
[2016-09-09 20:18:49 | 000,004,224 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7601.23543_none_5d962164e42009b4.manifest
[2016-10-07 17:40:58 | 000,004,224 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7601.23569_none_5d868348e42ad9a0.manifest
[2016-10-11 17:48:17 | 000,004,224 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7601.23572_none_5d74b156e4394430.manifest
[2017-02-09 18:43:12 | 000,004,224 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7601.23677_none_5d79b4aee434c00a.manifest
[2017-03-08 06:50:24 | 000,004,224 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7601.23714_none_5db7953ee406c986.manifest
[2017-04-28 02:55:42 | 000,004,224 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7601.23796_none_5d631672e445dbbc.manifest
[2017-05-12 20:30:22 | 000,004,224 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7601.23807_none_5dc567eee3fbf6c1.manifest
[2017-07-07 17:29:10 | 000,004,224 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7601.23864_none_5d818788e42f5262.manifest
[2017-08-11 08:47:12 | 000,004,224 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7601.23889_none_5d70e922e43b08f7.manifest
[2017-09-13 17:37:34 | 000,004,224 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7601.23915_none_5db89954e405dd2b.manifest
[2009-07-14 03:52:31 | 000,002,894 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-s..ive-blackbox-loader_31bf3856ad364e35_6.1.7600.16385_none_6b097e5cb26f7a23.manifest
[2009-07-14 03:15:12 | 000,038,400 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-audio-dmusic_31bf3856ad364e35_6.1.7600.16385_none_45ca7214f0f664cb\dmloader.dll
[2009-07-14 03:03:49 | 000,003,584 | -H-- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7600.16385_none_0a884619dd2388ad\api-ms-win-core-libraryloader-l1-1-0.dll
[2012-11-30 06:45:15 | 000,003,584 | -H-- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.18015_none_0cba39e5da114d7c\api-ms-win-core-libraryloader-l1-1-0.dll
[2013-08-02 03:48:15 | 000,003,584 | -H-- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.18229_none_0cb36eedda15c917\api-ms-win-core-libraryloader-l1-1-0.dll
[2016-01-22 07:59:07 | 000,003,584 | -H-- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.19135_none_0ca4852bda219c26\api-ms-win-core-libraryloader-l1-1-0.dll
[2012-11-30 06:46:37 | 000,003,584 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.22177_none_0d04f7bcf35dc79a\api-ms-win-core-libraryloader-l1-1-0.dll
[2014-04-12 04:03:37 | 000,003,584 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.22653_none_0d169feaf3511c1f\api-ms-win-core-libraryloader-l1-1-0.dll
[2016-01-22 07:58:11 | 000,003,584 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.23338_none_0d3124baf33c851c\api-ms-win-core-libraryloader-l1-1-0.dll
[2016-03-16 20:23:40 | 000,003,584 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.23391_none_0ce9432cf3737b61\api-ms-win-core-libraryloader-l1-1-0.dll
[2016-03-18 00:24:26 | 000,003,584 | -H-- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.23392_none_0cea4376f37294b8\api-ms-win-core-libraryloader-l1-1-0.dll
[2017-03-08 06:21:54 | 000,003,584 | -H-- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.23714_none_0d42cb02f32fdc7a\api-ms-win-core-libraryloader-l1-1-0.dll
[2017-04-17 17:12:13 | 000,003,584 | -H-- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.23775_none_0d02ebc4f35f9d77\api-ms-win-core-libraryloader-l1-1-0.dll
[2017-08-11 08:19:29 | 000,003,584 | -H-- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.23889_none_0cfc1ee6f3641beb\api-ms-win-core-libraryloader-l1-1-0.dll
========== Files - Unicode (All) ==========
[2018-01-18 18:23:29 | 000,013,606 | ---- | M] ()(C:\Users\TDW\Desktop\????.docx) -- C:\Users\TDW\Desktop\מפרט.docx
[2018-01-18 18:23:22 | 000,049,931 | ---- | M] ()(C:\Users\TDW\Desktop\????.pdf) -- C:\Users\TDW\Desktop\מפרט.pdf
[2018-01-18 18:23:22 | 000,049,931 | ---- | C] ()(C:\Users\TDW\Desktop\????.pdf) -- C:\Users\TDW\Desktop\מפרט.pdf
[2018-01-18 18:18:05 | 000,013,606 | ---- | C] ()(C:\Users\TDW\Desktop\????.docx) -- C:\Users\TDW\Desktop\מפרט.docx
[2018-01-09 13:03:33 | 000,027,301 | ---- | M] ()(C:\Users\TDW\Desktop\???? ???? ?????.docx) -- C:\Users\TDW\Desktop\חומר מסכם למבחן.docx
[2018-01-09 13:03:24 | 000,348,344 | ---- | M] ()(C:\Users\TDW\Desktop\????? ?????.pdf) -- C:\Users\TDW\Desktop\סיכום למבחן.pdf
[2018-01-09 12:55:06 | 000,348,344 | ---- | C] ()(C:\Users\TDW\Desktop\????? ?????.pdf) -- C:\Users\TDW\Desktop\סיכום למבחן.pdf
[2017-12-24 14:26:08 | 000,027,301 | ---- | C] ()(C:\Users\TDW\Desktop\???? ???? ?????.docx) -- C:\Users\TDW\Desktop\חומר מסכם למבחן.docx
[2017-09-28 17:14:51 | 000,019,160 | ---- | M] ()(C:\Users\TDW\Desktop\???? ??? ?????? ???? ???.docx) -- C:\Users\TDW\Desktop\השלב הבא בפתיחת מרכז הלב.docx
[2017-09-28 17:14:50 | 000,019,160 | ---- | C] ()(C:\Users\TDW\Desktop\???? ??? ?????? ???? ???.docx) -- C:\Users\TDW\Desktop\השלב הבא בפתיחת מרכז הלב.docx
[2017-09-25 17:20:56 | 000,309,323 | ---- | M] ()(C:\Users\TDW\Desktop\???????.pdf) -- C:\Users\TDW\Desktop\השתלמות.pdf
[2017-09-25 17:20:56 | 000,309,323 | ---- | C] ()(C:\Users\TDW\Desktop\???????.pdf) -- C:\Users\TDW\Desktop\השתלמות.pdf
[2017-09-25 17:19:08 | 000,351,750 | ---- | C] ()(C:\Users\TDW\Desktop\??? ??????? ??? ??? ?????? ???.pdf) -- C:\Users\TDW\Desktop\דוח אלטשולר שחם גמל ופנסיה בעמ.pdf
[2017-09-25 17:19:03 | 000,351,750 | ---- | M] ()(C:\Users\TDW\Desktop\??? ??????? ??? ??? ?????? ???.pdf) -- C:\Users\TDW\Desktop\דוח אלטשולר שחם גמל ופנסיה בעמ.pdf
[2017-07-30 22:59:51 | 000,013,286 | ---- | M] ()(C:\Users\TDW\Documents\???? ???.docx) -- C:\Users\TDW\Documents\מבחן גמר.docx
[2017-07-30 22:59:50 | 000,013,286 | ---- | C] ()(C:\Users\TDW\Documents\???? ???.docx) -- C:\Users\TDW\Documents\מבחן גמר.docx
[2017-07-30 21:06:49 | 000,050,948 | ---- | M] ()(C:\Users\TDW\Desktop\???? ??? - ??? ?????, ?????? ?? ?????.docx) -- C:\Users\TDW\Desktop\מבחן גמר - העת החדשה, תולדות עם ישראל.docx
[2017-07-24 13:52:29 | 000,050,948 | ---- | C] ()(C:\Users\TDW\Desktop\???? ??? - ??? ?????, ?????? ?? ?????.docx) -- C:\Users\TDW\Desktop\מבחן גמר - העת החדשה, תולדות עם ישראל.docx
[2017-07-18 22:33:18 | 000,000,092 | ---- | M] ()(C:\Users\TDW\Desktop\?????? ??????.txt) -- C:\Users\TDW\Desktop\מקורות להדפסה.txt
[2017-07-18 22:33:04 | 000,000,092 | ---- | C] ()(C:\Users\TDW\Desktop\?????? ??????.txt) -- C:\Users\TDW\Desktop\מקורות להדפסה.txt
[2017-06-25 20:39:59 | 000,056,673 | ---- | M] ()(C:\Users\TDW\Desktop\???? - ????? ??? - ????? ??????? ?????.docx) -- C:\Users\TDW\Desktop\המשך - עבודת גמר - יהדות בולגריה בשואה.docx
[2017-06-19 20:35:57 | 000,094,355 | ---- | M] ()(C:\Users\TDW\Desktop\????? ?????????? - ??? ??? ?? ????.docx) -- C:\Users\TDW\Desktop\עבודה סמינריונית - רבי דוד בן חסין.docx
[2017-06-19 20:34:55 | 000,094,398 | ---- | M] ()(C:\Users\TDW\Desktop\???? ???-????, ????? ??????????-???? ????? ?? ??? ??? ?? ????.docx) -- C:\Users\TDW\Desktop\מלכה כהן-נהרי, עבודה סמינריונית-שירי חתונה של רבי דוד בן חסין.docx
[2017-06-19 20:34:54 | 000,094,398 | ---- | C] ()(C:\Users\TDW\Desktop\???? ???-????, ????? ??????????-???? ????? ?? ??? ??? ?? ????.docx) -- C:\Users\TDW\Desktop\מלכה כהן-נהרי, עבודה סמינריונית-שירי חתונה של רבי דוד בן חסין.docx
[2017-06-15 11:36:52 | 000,042,417 | ---- | M] ()(C:\Users\TDW\Desktop\????? ????? ?? ??? - ???????? ???? ?????.docx) -- C:\Users\TDW\Desktop\תיקון ראשון של אתי - סמינריון שירי חתונה.docx
[2017-06-15 11:36:51 | 000,042,417 | ---- | C] ()(C:\Users\TDW\Desktop\????? ????? ?? ??? - ???????? ???? ?????.docx) -- C:\Users\TDW\Desktop\תיקון ראשון של אתי - סמינריון שירי חתונה.docx
[2017-06-14 11:59:21 | 000,000,162 | -H-- | M] ()(C:\Users\TDW\Desktop\~$??? ?????????? - ??? ??? ?? ????.docx) -- C:\Users\TDW\Desktop\~$ודה סמינריונית - רבי דוד בן חסין.docx
[2017-06-14 11:59:21 | 000,000,162 | -H-- | C] ()(C:\Users\TDW\Desktop\~$??? ?????????? - ??? ??? ?? ????.docx) -- C:\Users\TDW\Desktop\~$ודה סמינריונית - רבי דוד בן חסין.docx
[2017-06-12 10:02:00 | 000,094,355 | ---- | C] ()(C:\Users\TDW\Desktop\????? ?????????? - ??? ??? ?? ????.docx) -- C:\Users\TDW\Desktop\עבודה סמינריונית - רבי דוד בן חסין.docx
[2017-05-23 16:04:31 | 000,025,781 | ---- | M] ()(C:\Users\TDW\Desktop\????? ??? ????? ????? ???? ?????? ?????? ?????.docx) -- C:\Users\TDW\Desktop\עבודת גמר בקורס יהדות ספרד והמזרח בתקופת השואה.docx
[2017-05-23 15:55:08 | 000,056,673 | ---- | C] ()(C:\Users\TDW\Desktop\???? - ????? ??? - ????? ??????? ?????.docx) -- C:\Users\TDW\Desktop\המשך - עבודת גמר - יהדות בולגריה בשואה.docx
[2017-05-22 10:48:46 | 000,025,781 | ---- | C] ()(C:\Users\TDW\Desktop\????? ??? ????? ????? ???? ?????? ?????? ?????.docx) -- C:\Users\TDW\Desktop\עבודת גמר בקורס יהדות ספרד והמזרח בתקופת השואה.docx
[2017-05-18 19:04:14 | 000,050,151 | ---- | M] ()(C:\Users\TDW\Desktop\????? 1 - ????? ???? - 18.5.17.docx) -- C:\Users\TDW\Desktop\טיוטה 1 - קולות נשים - 18.5.17.docx
[2017-05-18 11:51:53 | 000,017,081 | ---- | M] ()(C:\Users\TDW\Desktop\????? ?????? - ????? ????.docx) -- C:\Users\TDW\Desktop\טיוטה עדכנית - קולות נשים.docx
[2017-05-18 11:51:52 | 000,017,081 | ---- | C] ()(C:\Users\TDW\Desktop\????? ?????? - ????? ????.docx) -- C:\Users\TDW\Desktop\טיוטה עדכנית - קולות נשים.docx
[2017-05-18 11:41:48 | 000,050,151 | ---- | C] ()(C:\Users\TDW\Desktop\????? 1 - ????? ???? - 18.5.17.docx) -- C:\Users\TDW\Desktop\טיוטה 1 - קולות נשים - 18.5.17.docx
[2017-05-18 11:30:44 | 000,380,290 | ---- | M] ()(C:\Users\TDW\Documents\????.pdf) -- C:\Users\TDW\Documents\מבוא.pdf
[2017-05-18 11:29:24 | 000,380,290 | ---- | C] ()(C:\Users\TDW\Documents\????.pdf) -- C:\Users\TDW\Documents\מבוא.pdf
[2017-02-08 17:48:23 | 000,009,234 | ---- | M] ()(C:\Users\TDW\Documents\?????1.xlsx) -- C:\Users\TDW\Documents\חוברת1.xlsx
[2017-02-08 17:48:23 | 000,009,234 | ---- | C] ()(C:\Users\TDW\Documents\?????1.xlsx) -- C:\Users\TDW\Documents\חוברת1.xlsx
[2016-05-19 22:13:59 | 000,000,162 | -H-- | M] ()(C:\Users\TDW\Desktop\~$??? ???? ?????.docx) -- C:\Users\TDW\Desktop\~$ודת סיום בקורס.docx
[2016-05-19 22:13:59 | 000,000,162 | -H-- | C] ()(C:\Users\TDW\Desktop\~$??? ???? ?????.docx) -- C:\Users\TDW\Desktop\~$ודת סיום בקורס.docx
[2015-11-06 12:49:25 | 000,000,000 | --SD | M](C:\Users\TDW\Documents\?????? ??????? ???) -- C:\Users\TDW\Documents\מקורות הנתונים שלי
[2015-11-06 12:49:25 | 000,000,000 | --SD | C](C:\Users\TDW\Documents\?????? ??????? ???) -- C:\Users\TDW\Documents\מקורות הנתונים שלי
[2015-08-31 18:34:33 | 000,000,000 | ---D | M](C:\Users\TDW\Desktop\??? ??????) -- C:\Users\TDW\Desktop\אמא קורסים
[2015-06-08 20:50:52 | 000,000,000 | ---D | C](C:\Users\TDW\Desktop\??? ??????) -- C:\Users\TDW\Desktop\אמא קורסים
[2015-05-26 19:13:49 | 000,039,844 | ---- | M] ()(C:\Users\TDW\Documents\??? ????? ??????? - ????? ???? ????, ???? ???-????.docx) -- C:\Users\TDW\Documents\שות כמקור היסטורי - עבודת סיום קורס, מלכה כהן-נהרי.docx
[2015-05-20 12:01:33 | 000,039,844 | ---- | C] ()(C:\Users\TDW\Documents\??? ????? ??????? - ????? ???? ????, ???? ???-????.docx) -- C:\Users\TDW\Documents\שות כמקור היסטורי - עבודת סיום קורס, מלכה כהן-נהרי.docx
[2013-06-27 16:52:35 | 000,000,193 | ---- | M] ()(C:\Users\TDW\Documents\???? ???? ????.rtf) -- C:\Users\TDW\Documents\ססמא יאיר דואל.rtf
[2013-06-27 16:52:35 | 000,000,193 | ---- | C] ()(C:\Users\TDW\Documents\???? ???? ????.rtf) -- C:\Users\TDW\Documents\ססמא יאיר דואל.rtf
[2013-06-19 20:54:12 | 000,016,837 | ---- | M] ()(C:\Users\TDW\Documents\?????? - ????.docx) -- C:\Users\TDW\Documents\וובינר - לירז.docx
[2013-06-19 20:54:12 | 000,016,837 | ---- | C] ()(C:\Users\TDW\Documents\?????? - ????.docx) -- C:\Users\TDW\Documents\וובינר - לירז.docx
[2013-06-15 21:21:25 | 000,016,927 | ---- | M] ()(C:\Users\TDW\Documents\??????? - ???????.docx) -- C:\Users\TDW\Documents\ביקורים - תיאומים.docx
[2013-06-15 21:21:24 | 000,016,927 | ---- | C] ()(C:\Users\TDW\Documents\??????? - ???????.docx) -- C:\Users\TDW\Documents\ביקורים - תיאומים.docx
< End of report >
Re: Pomalý počítač po odstranění malware
OTL Extras logfile created on: 18-Jan-18 9:11:53 PM - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Cleaning
Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.18860)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: dd-MMM-yy
3.49 Gb Total Physical Memory | 1.41 Gb Available Physical Memory | 40.49% Memory free
6.98 Gb Paging File | 4.89 Gb Available in Paging File | 69.99% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 465.66 Gb Total Space | 210.38 Gb Free Space | 45.18% Space Free | Partition Type: NTFS
Computer Name: USER-PC | User Name: TDW | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0B35DA02-7CEA-439F-AA1F-A3036ED0A6A7}" = lport=10243 | protocol=6 | dir=in | app=system |
"{0C9DEDD9-849C-45A7-8123-F83CFDC63BAA}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{1C9A111B-4695-4129-8CC3-8EC8EA1344A9}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{2025F2BF-4103-4DEC-9CF9-12F25DBB4FD4}" = lport=2869 | protocol=6 | dir=in | app=system |
"{228DB114-F1D2-414B-87A4-E4418AC150FC}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{345257F5-6C2D-4B2E-AE36-CB62C06D6B10}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{36098344-4401-4226-ACCB-DB84E6501D0C}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{3E2B6090-31F9-4137-BD9B-F9AF0ACB084E}" = lport=445 | protocol=6 | dir=in | app=system |
"{3F648397-CD08-4028-8E72-2F8C923F8FE3}" = lport=49499 | protocol=6 | dir=in | name=akamai netsession interface |
"{457678A1-C2D0-4B44-8D70-A811DD9741C4}" = rport=137 | protocol=17 | dir=out | app=system |
"{4A06A43B-D795-43A3-8964-A1B3356AE893}" = lport=5000 | protocol=17 | dir=in | name=akamai netsession interface |
"{4CD22E5A-7124-42F2-A113-47E6761F1F20}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{4DD6801B-7D12-44BC-95D5-36BAC6B5B247}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{4EC4BD35-8E36-487F-AFB8-353AE85456F2}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{58F8DD00-8789-476B-AFD6-C23B7727C26B}" = rport=139 | protocol=6 | dir=out | app=system |
"{5AD38050-823E-4976-81CB-AA3C89EE6C9B}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{6496AE51-002E-4869-AC22-F1CC2A403C76}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{73066EC1-B3A9-431F-B1B1-C04D5B2B2618}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{7EAD1E6A-CD58-4D58-BDC4-7CFFB238977A}" = lport=47995 | protocol=17 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamer.exe |
"{837D6225-5EC4-4F00-AC4A-80CE79819FE7}" = lport=35043 | protocol=6 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamer.exe |
"{8F15B0D9-6818-476F-BB33-AA927F2614BF}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{8FF836B3-EA2E-41DF-8E88-B3B4A8986FA4}" = lport=5353 | protocol=17 | dir=in | app=c:\users\tdw\appdata\local\programs\opera\48.0.2685.50\opera.exe |
"{A237AF85-07F8-4BF2-BA0E-C9C1E62A82C4}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{A3F08658-47CE-4FE9-B50D-42B0E94C9C95}" = lport=5353 | protocol=17 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamnetworkservice.exe |
"{A53B6314-015C-4D25-9C03-B6ED15C38593}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{A69BAAA5-2632-4A8E-BBCF-A2357C79A583}" = lport=47998 | protocol=17 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamuseragent.exe |
"{B154AEAE-697C-499D-99B1-88F435D14F29}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office14\outlook.exe |
"{B8C46A1F-395F-4EFC-8B49-ED9136F39D78}" = lport=137 | protocol=17 | dir=in | app=system |
"{BA6056DE-A2E4-4592-81CF-99C25EE52514}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{BAFD7EDD-7B8E-41E3-A719-40CA5E2917F2}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{BE479846-5208-46BB-891C-AD417DE3E106}" = lport=138 | protocol=17 | dir=in | app=system |
"{C1C70886-4D11-4E37-9A01-EF37D9513721}" = lport=5353 | protocol=17 | dir=in | app=c:\program files\google\chrome\application\chrome.exe |
"{C5B72CAD-AA34-424D-8441-D457B0EA3A56}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{CB13E737-06EF-44C6-9394-DE6E7652D22A}" = lport=47984 | protocol=6 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamnetworkservice.exe |
"{D32DC071-F023-4EA4-8C2E-CFD1C090CD94}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{D7AACAEB-F28A-4783-B5D7-D6A771E444B7}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{DF085BF1-A320-47FD-B849-6FF35A357742}" = lport=139 | protocol=6 | dir=in | app=system |
"{DFDC2732-4220-45C6-990E-9DACE0B1A714}" = rport=10243 | protocol=6 | dir=out | app=system |
"{ECB0DA81-DD9B-4EF9-9131-0FBC2F9D36A1}" = rport=138 | protocol=17 | dir=out | app=system |
"{F787D0CE-35AA-4EC5-9C85-2AE7ED1A3C58}" = rport=445 | protocol=6 | dir=out | app=system |
"{F9DA1587-2855-4E18-8EB2-283905232ADE}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{1161E72E-84D0-46C8-8D36-6CB1168CD77D}" = protocol=6 | dir=in | app=c:\users\tdw\appdata\roaming\systemprocess\systemprocess.exe |
"{1190EFB4-FAC0-48E6-B8EC-34AE863DD79E}" = protocol=17 | dir=in | app=c:\nexon\maplestory\nxsteam.exe |
"{1403D39D-E57C-49E4-91FE-525D857B1FD0}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{160E6E3D-36D9-425B-AF48-D2FED5F47ABE}" = protocol=17 | dir=in | app=c:\users\user\appdata\local\akamai\netsession_win.exe |
"{1A9C0D13-B33C-47D9-BA5A-D95A5007B543}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |
"{1D510134-4B25-4A05-97CD-EAA149231923}" = protocol=6 | dir=in | app=c:\users\tdw\appdata\roaming\utorrent\utorrent.exe |
"{21E48493-1F0E-48FC-8F2B-C36FC077A616}" = protocol=58 | dir=out | name=@iphlpsvc.dll,-503 |
"{2455543C-0D4F-4E15-98F1-EAF68828D708}" = protocol=17 | dir=in | app=c:\program files\popcorn time\updater.exe |
"{327AC42E-1B48-445D-8B7D-07445218482E}" = protocol=17 | dir=in | app=c:\program files\steam\bin\cef\cef.win7\steamwebhelper.exe |
"{33B30456-46EE-4A49-A2FC-9EEC18C0D45D}" = protocol=17 | dir=in | app=c:\program files\goforfiles\goforfiles.exe |
"{3E5594D9-6FB4-465E-8E28-633BAE32A90B}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{440C54CB-D868-49A4-AB38-F88DCC685AC0}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{44280504-F9B5-4DA5-820E-E2ED588A83A4}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{44700AA7-0094-4AD8-89A8-C0FD5333FE92}" = protocol=17 | dir=in | app=c:\program files\popcorn time\chromecast\node.exe |
"{44DA2AB8-EA29-4A6C-AB40-BA5CB29DB64A}" = protocol=17 | dir=in | app=c:\program files\steam\bin\steamwebhelper.exe |
"{45A41952-13F8-467B-BA5D-A6B33B9D955A}" = protocol=17 | dir=in | app=c:\users\tdw\appdata\roaming\systemprocess\systemprocess.exe |
"{476FB747-C0A0-4054-8DD2-DD6D916B7776}" = protocol=6 | dir=in | app=c:\programdata\nexonus\ngm\ngm.exe |
"{4A483A83-E6F4-4D0B-BDBB-2CD253FD5012}" = protocol=17 | dir=in | app=c:\program files\expressfiles\expressdl.exe |
"{4C1DE023-5F2D-42D7-94BB-3C1A539E6582}" = dir=in | app=c:\users\tdw\appdata\local\temp\showmypc\-showmypc\tvnserver.exe |
"{4D2FF0BA-3662-4415-AB34-F455F28AFF21}" = dir=in | app=c:\program files\dragon's prophet (game)\launcher.exe |
"{4D7E7CA4-E999-47D7-BAAB-1E673EFB84DE}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{4F7C41EE-B83E-44EC-82DE-4A24D1DD3303}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\transformice\transformice.exe |
"{4FB75942-6ED0-460F-927D-03AE31EE31C9}" = protocol=6 | dir=in | app=c:\program files\steam\steam.exe |
"{4FC1068D-72C1-4A5A-AEBD-0E46EE2EB0B0}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{5171407A-83E6-496C-ACDF-2BE5D7C038F3}" = protocol=17 | dir=in | app=c:\programdata\nexonus\ngm\ngm.exe |
"{52856F35-9218-47B0-A3B4-5C28CDB459AD}" = dir=in | app=c:\program files\dragon's prophet (game)\dp_x86.exe |
"{5474B193-AAB6-4512-ABFB-0EB207D63717}" = protocol=17 | dir=in | app=c:\users\tdw\appdata\roaming\utorrent\utorrent.exe |
"{59D69DD9-2E93-4946-A65D-4EC73D64CB5C}" = protocol=6 | dir=in | app=c:\koggames\elsword\data\x2.exe |
"{5E86803E-F45B-44E0-BD3C-69736217356C}" = protocol=6 | dir=in | app=c:\program files\popcorn time\popcorntimedesktop.exe |
"{61B8EC39-FCA2-403D-A19B-5BDE7C3F093A}" = protocol=6 | dir=in | app=c:\nexon\maplestory\nxsteam.exe |
"{666890D1-EAAF-4698-83E6-131A3D0EFC48}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{6AD27EF7-9E4B-4960-9FBD-5BB71AC45559}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{6B086C99-7F3B-4599-A5EC-6FF0E1712C5A}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\transformice\transformice.exe |
"{6B48C232-4725-4F15-970D-2B8FC37A6E59}" = protocol=6 | dir=in | app=c:\nexon\maplestory\setup.exe |
"{6C8A635A-FBAE-4814-97FC-6A2524262F55}" = protocol=17 | dir=in | app=c:\nexon\maplestory\setup.exe |
"{702D34B7-F259-494C-88CE-A7B4BD91616B}" = dir=out | app=c:\program files\dragon's prophet (game)\dp_x64.exe |
"{713F40E2-EFB5-493D-AFA1-FC1EA499578A}" = protocol=17 | dir=in | app=c:\program files\ubisoft\might & magic heroes vi - game official demo\might & magic heroes vi.exe |
"{73155B89-A6A2-4701-AEBC-AC437B8F9BD8}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{79C96A0D-C7E0-49F5-A5F0-EE3EB7D6F996}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\groove.exe |
"{7B0E9B86-A628-4EDB-9689-8C34AEBCCFAF}" = protocol=17 | dir=in | app=c:\koggames\elsword\data\x2.exe |
"{86E20E4D-DEAD-40D5-BE7C-F37D3B0317BE}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{90A61554-42FF-44ED-8A13-F990D39AF9EC}" = protocol=58 | dir=in | app=system |
"{912DDE0F-0AAA-4CAC-A66B-C98E8686B313}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\groove.exe |
"{91C57CEE-75CF-4C64-B1FC-9442060CCFA4}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\kingdom rush\kingdom rush.exe |
"{931AC6E2-E689-4F25-A82D-7D3663B92451}" = dir=out | app=c:\program files\dragon's prophet (game)\launcher.exe |
"{955260D4-5D39-43C1-A714-A01CCDCA88F7}" = protocol=6 | dir=in | app=c:\nexon\maplestory\gamelauncher.exe |
"{956C75E4-7C76-4214-ABA1-AB0077E96B92}" = protocol=17 | dir=in | app=c:\program files\expressfiles\expressfiles.exe |
"{9604DB96-52C2-428F-AA96-68A6AEBBCD36}" = protocol=17 | dir=in | app=c:\users\tdw\desktop\jonathan studies do not erase!\solidworks\solidworks\swscheduler\dtscoordinatorservice.exe |
"{9CAAE851-D8F6-42E1-BB90-0ABAD7C26E86}" = protocol=6 | dir=in | app=c:\users\tdw\desktop\jonathan studies do not erase!\solidworks\solidworks\swscheduler\dtscoordinatorservice.exe |
"{A41063BB-3E4B-465E-810F-A4CC6333B651}" = protocol=6 | dir=in | app=c:\program files\ubisoft\might & magic heroes vi - game official demo\might & magic heroes vi.exe |
"{A7BEBA25-D1DE-4FD1-AA56-68416F817169}" = protocol=17 | dir=in | app=c:\nexon\maplestory\maplestory.exe |
"{A8304BC4-8555-4E12-9F67-4CF9AB5FE248}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{A84018DC-A728-45BD-9C7D-8DAB81656A4D}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{A8C4EBBB-FEC4-4D9C-9387-0EA7BA121B76}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\kingdom rush\kingdom rush.exe |
"{A909DFE7-362C-44D3-9A4E-D2B15B27686D}" = protocol=6 | dir=in | app=c:\nexon\maplestory\etracer.exe |
"{AD9EAD9F-B1C7-4A08-AA21-66ACFDE90C74}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{ADBBCCFA-5B44-4C1C-9F38-886A090CE0A3}" = protocol=6 | dir=in | app=c:\program files\steam\bin\cef\cef.win7\steamwebhelper.exe |
"{B0698859-F5BE-419A-89C0-63A87D8EB193}" = protocol=6 | dir=in | app=c:\programdata\nexonus\ngm\ngm.exe |
"{B2E28C16-BBFD-4396-96D0-334BF3C0E18F}" = protocol=6 | dir=in | app=c:\users\user\appdata\local\akamai\netsession_win.exe |
"{B49759F6-733C-44B3-BB3C-AD427A7560B8}" = protocol=6 | dir=in | app=c:\program files\popcorn time\updater.exe |
"{BC9FE2BA-E0E5-4FD4-A038-F82BF725D5F5}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{BF4A484D-46B1-4157-9AEC-65539123A35B}" = protocol=6 | dir=in | app=c:\nexon\maplestory\maplestory.exe |
"{C0D08202-3A3B-4456-BCF2-136E83D66F41}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{C1160032-8C70-402C-A583-1CDCB7E9ADEE}" = protocol=6 | dir=in | app=c:\program files\goforfiles\goforfilesdl.exe |
"{C2C60C41-0196-4C95-9C11-F45CE470E9DC}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{C7115288-0E41-4F9A-ADAB-849F1D8B90B2}" = protocol=17 | dir=in | app=c:\program files\goforfiles\goforfilesdl.exe |
"{C9FEBD0F-E785-4CC8-BCBC-B9696EBAB524}" = protocol=17 | dir=in | app=c:\nexon\maplestory\etracer.exe |
"{CF13FBAB-BA68-4AF3-AC10-B37A1A54412C}" = protocol=6 | dir=in | app=c:\program files\expressfiles\expressfiles.exe |
"{D8322C20-68D9-4E70-AE09-C4A3B1AFA3BB}" = protocol=17 | dir=in | app=c:\program files\steam\steam.exe |
"{D891DECA-0D48-4A0F-9E9D-7F80E48012D8}" = dir=in | app=c:\program files\dragon's prophet (game)\dp_x64.exe |
"{D9BB816E-74FD-4E52-B1C5-591F1CE12E72}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |
"{DB969D94-1E87-41FA-B60C-44690562E4EB}" = protocol=6 | dir=in | app=c:\program files\popcorn time\chromecast\node.exe |
"{E018C2F5-98B4-47FC-B741-A11D5CFD01DB}" = protocol=6 | dir=in | app=c:\program files\steam\bin\steamwebhelper.exe |
"{E4D59296-D58D-4D6F-8D62-EBD7D1F1CBB3}" = dir=in | app=c:\users\tdw\appdata\local\temp\showmypc\-showmypc\smpcsetup.exe |
"{E8450F88-E969-4F5B-9D3E-C8F79A15DE93}" = protocol=6 | dir=out | app=system |
"{E990B8FF-3611-46E5-A994-9362282014EE}" = protocol=17 | dir=in | app=c:\nexon\maplestory\gamelauncher.exe |
"{EB23E3F2-7181-49B4-8B24-EB908B7EAB0E}" = protocol=17 | dir=in | app=c:\programdata\nexonus\ngm\ngm.exe |
"{F08A5D4A-08D4-48EF-9AD2-B0DBCC5CD159}" = protocol=6 | dir=in | app=c:\program files\expressfiles\expressdl.exe |
"{F29D8CEF-17A8-4B14-81A2-9A58E576D111}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{F3535524-EFF5-4BA0-ACDB-9EB7EDD5FC5A}" = protocol=6 | dir=in | app=c:\program files\goforfiles\goforfiles.exe |
"{F4C4ADA0-9CEB-4A19-8873-81343142B46C}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{F9AAB1B1-C673-4E66-8995-8EA75E3FE958}" = protocol=17 | dir=in | app=c:\program files\popcorn time\popcorntimedesktop.exe |
"{FC5BD682-8776-4355-A78D-EC7DB7342C11}" = dir=out | app=c:\program files\dragon's prophet (game)\dp_x86.exe |
"TCP Query User{0865282C-67E0-4EF7-A07F-6DBD228471AE}C:\program files\microsoft office\office14\groove.exe" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\groove.exe |
"TCP Query User{16E77583-7344-4635-BBE8-728B8386897B}C:\program files\microsoft virtual pc\virtual pc.exe" = protocol=6 | dir=in | app=c:\program files\microsoft virtual pc\virtual pc.exe |
"TCP Query User{1739FD15-A27D-4EF9-BBBF-E1BE1FB4A9B7}C:\program files\java\jre7\bin\jp2launcher.exe" = protocol=6 | dir=in | app=c:\program files\java\jre7\bin\jp2launcher.exe |
"TCP Query User{1C0DCB7A-10E6-447F-8545-2CBB5BC16137}C:\program files\counter-strike 1.6\hl.exe" = protocol=6 | dir=in | app=c:\program files\counter-strike 1.6\hl.exe |
"TCP Query User{216143FF-DB53-4A8A-867D-EBC4D4F77055}C:\games\world_of_tanks\wotlauncher.exe" = protocol=6 | dir=in | app=c:\games\world_of_tanks\wotlauncher.exe |
"TCP Query User{2B724F42-5204-4C16-9FE5-3C69A9197B00}C:\program files\counter strike - condition zero (ultimate edition)\czero.exe" = protocol=6 | dir=in | app=c:\program files\counter strike - condition zero (ultimate edition)\czero.exe |
"TCP Query User{459227DD-625D-43EF-B201-79DD05DE36BF}C:\skype\phone\skype.exe" = protocol=6 | dir=in | app=c:\skype\phone\skype.exe |
"TCP Query User{5514EF2E-B013-4401-B949-9E841FD91DA6}C:\users\user\appdata\local\akamai\netsession_win.exe" = protocol=6 | dir=in | app=c:\users\user\appdata\local\akamai\netsession_win.exe |
"TCP Query User{55B17637-3749-477B-995A-FF8863FEE236}C:\users\tdw\appdata\local\akamai\netsession_win.exe" = protocol=6 | dir=in | app=c:\users\tdw\appdata\local\akamai\netsession_win.exe |
"TCP Query User{5BB39BF8-B9D0-4162-AD00-C0A419A306B3}C:\users\tdw\eclipse\committers-neon\eclipse\eclipse.exe" = protocol=6 | dir=in | app=c:\users\tdw\eclipse\committers-neon\eclipse\eclipse.exe |
"TCP Query User{5CA6F8CF-C65C-47C3-885C-9FE1EE386B4F}C:\program files\steam\steamapps\common\terraria\terrariaserver.exe" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\terraria\terrariaserver.exe |
"TCP Query User{61469E9E-E061-4E55-8CCB-C5E4A537FEB2}C:\program files\condition zero\hl.exe" = protocol=6 | dir=in | app=c:\program files\condition zero\hl.exe |
"TCP Query User{64AF1F24-486F-4598-9FDF-400747BE6F5C}C:\program files\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe |
"TCP Query User{75151CB8-C76B-4F42-8965-FADB4EFC7475}C:\counter strike\counter strike + condition zero\condition zero\czero.exe" = protocol=6 | dir=in | app=c:\counter strike\counter strike + condition zero\condition zero\czero.exe |
"TCP Query User{7681F943-454D-4382-97AC-824978D2F632}C:\need for speed most wanted\need for speed most wanted\speed.exe" = protocol=6 | dir=in | app=c:\need for speed most wanted\need for speed most wanted\speed.exe |
"TCP Query User{83859D3F-CFBE-4A81-9963-D2D427669326}C:\riot games\league of legends\rads\projects\lol_patcher\releases\0.0.0.14\deploy\lolpatcher.exe" = protocol=6 | dir=in | app=c:\riot games\league of legends\rads\projects\lol_patcher\releases\0.0.0.14\deploy\lolpatcher.exe |
"TCP Query User{8718F9E8-BDA5-4651-8CFC-A217997C7AA6}C:\ellina\maplestory\maplestory.exe" = protocol=6 | dir=in | app=c:\ellina\maplestory\maplestory.exe |
"TCP Query User{A6B5DB0A-EF91-4C8D-936C-F40088E37BA7}C:\games\world_of_tanks\worldoftanks.exe" = protocol=6 | dir=in | app=c:\games\world_of_tanks\worldoftanks.exe |
"TCP Query User{AB70FB85-FB39-4B4C-99D9-26A0EB37E1C1}C:\users\tdw\appdata\local\akamai\netsession_win.exe" = protocol=6 | dir=in | app=c:\users\tdw\appdata\local\akamai\netsession_win.exe |
"TCP Query User{B142CA72-A039-452E-8342-5A0342A301AA}C:\program files\counter-strike 1.6\hltv.exe" = protocol=6 | dir=in | app=c:\program files\counter-strike 1.6\hltv.exe |
"TCP Query User{B2F4C0B6-31E0-48BC-BBA2-43FBA45C3D83}C:\program files\counter-strike 1.6\hl.exe" = protocol=6 | dir=in | app=c:\program files\counter-strike 1.6\hl.exe |
"TCP Query User{B47F432C-02AF-4C45-9AA7-E2B315BAEC59}C:\users\tdw\eclipse\java-mars\eclipse\eclipse.exe" = protocol=6 | dir=in | app=c:\users\tdw\eclipse\java-mars\eclipse\eclipse.exe |
"TCP Query User{B622D4A7-E930-4516-AF6F-3A37D58D036F}C:\program files\electronic arts\eadm\core.exe" = protocol=6 | dir=in | app=c:\program files\electronic arts\eadm\core.exe |
"TCP Query User{BC54475A-4EDF-4BFA-A5BF-B7A8D0D6F56B}C:\riot games\league of legends\rads\projects\lol_patcher\releases\0.0.0.14\deploy\lolpatcherux.exe" = protocol=6 | dir=in | app=c:\riot games\league of legends\rads\projects\lol_patcher\releases\0.0.0.14\deploy\lolpatcherux.exe |
"TCP Query User{C2AD23E9-AD6B-4C31-BE2F-9EC711F78482}C:\program files\condition zero\hl.exe" = protocol=6 | dir=in | app=c:\program files\condition zero\hl.exe |
"TCP Query User{CBBE9329-8871-44FD-ADAD-52681994FB9B}C:\windows\system32\javaw.exe" = protocol=6 | dir=in | app=c:\windows\system32\javaw.exe |
"TCP Query User{D8D92CF4-0D0B-4C5F-BEA8-2F4D253E1F88}C:\program files\lolreplay\lolreplay.exe" = protocol=6 | dir=in | app=c:\program files\lolreplay\lolreplay.exe |
"TCP Query User{D9939481-9819-4C01-9722-B30B6261B54C}C:\users\tdw\appdata\local\temp\hydcb5a.tmp.1471938581_permissionscopy\utorrent.exe" = protocol=6 | dir=in | app=c:\users\tdw\appdata\local\temp\hydcb5a.tmp.1471938581_permissionscopy\utorrent.exe |
"TCP Query User{DC89665F-D783-44A8-B096-5C29875324FA}C:\users\tdw\eclipse\java-mars\eclipse\eclipse.exe" = protocol=6 | dir=in | app=c:\users\tdw\eclipse\java-mars\eclipse\eclipse.exe |
"TCP Query User{E90AA60B-C647-4F7B-B7E9-99FD1D6FD717}C:\ellina\maplestory\ellinia.exe" = protocol=6 | dir=in | app=c:\ellina\maplestory\ellinia.exe |
"TCP Query User{E92FA4E6-5921-4520-8ACA-CAE9EE0E7BC4}C:\need for speed most wanted\need for speed most wanted\speed.exe" = protocol=6 | dir=in | app=c:\need for speed most wanted\need for speed most wanted\speed.exe |
"TCP Query User{F209A386-2597-4E52-AD0E-053B90DE5214}C:\program files\electronic arts\eadm\core.exe" = protocol=6 | dir=in | app=c:\program files\electronic arts\eadm\core.exe |
"TCP Query User{F69428F3-F5A5-4DAB-92D2-881C7C0892F8}C:\program files\kol halashon\kol halashon download manager\khl download manager.exe" = protocol=6 | dir=in | app=c:\program files\kol halashon\kol halashon download manager\khl download manager.exe |
"TCP Query User{F7B53B43-5723-4004-99B0-BA614294E032}C:\counter strike\counter strike + condition zero\condition zero\czero.exe" = protocol=6 | dir=in | app=c:\counter strike\counter strike + condition zero\condition zero\czero.exe |
"TCP Query User{F9249045-F62F-473F-95F3-3730449E38C5}C:\windows\system32\javaw.exe" = protocol=6 | dir=in | app=c:\windows\system32\javaw.exe |
"UDP Query User{086CBE13-6EAD-489E-91A0-E6B40B9ED532}C:\games\world_of_tanks\worldoftanks.exe" = protocol=17 | dir=in | app=c:\games\world_of_tanks\worldoftanks.exe |
"UDP Query User{09895274-21DC-451E-A716-006B6F1431F1}C:\program files\electronic arts\eadm\core.exe" = protocol=17 | dir=in | app=c:\program files\electronic arts\eadm\core.exe |
"UDP Query User{119C1548-0ACF-4806-BEAE-4089D91BF1FE}C:\windows\system32\javaw.exe" = protocol=17 | dir=in | app=c:\windows\system32\javaw.exe |
"UDP Query User{12E10154-57E1-4D56-9E61-D1758C97D30D}C:\counter strike\counter strike + condition zero\condition zero\czero.exe" = protocol=17 | dir=in | app=c:\counter strike\counter strike + condition zero\condition zero\czero.exe |
"UDP Query User{169C6FCD-08D1-4A8C-8338-50EDFFA08379}C:\program files\counter-strike 1.6\hl.exe" = protocol=17 | dir=in | app=c:\program files\counter-strike 1.6\hl.exe |
"UDP Query User{2C03B740-7D0C-4795-862F-6A0EA7604A39}C:\ellina\maplestory\maplestory.exe" = protocol=17 | dir=in | app=c:\ellina\maplestory\maplestory.exe |
"UDP Query User{30321B7A-938E-40BD-A12B-631E7E7BC8C9}C:\program files\counter strike - condition zero (ultimate edition)\czero.exe" = protocol=17 | dir=in | app=c:\program files\counter strike - condition zero (ultimate edition)\czero.exe |
"UDP Query User{30C40E46-9353-4190-B75E-FF5FD12FD931}C:\skype\phone\skype.exe" = protocol=17 | dir=in | app=c:\skype\phone\skype.exe |
"UDP Query User{33C13407-0D33-4C68-845D-D884E1192B7D}C:\users\tdw\eclipse\committers-neon\eclipse\eclipse.exe" = protocol=17 | dir=in | app=c:\users\tdw\eclipse\committers-neon\eclipse\eclipse.exe |
"UDP Query User{4294D326-FB80-4D50-9202-4CE375521E56}C:\program files\condition zero\hl.exe" = protocol=17 | dir=in | app=c:\program files\condition zero\hl.exe |
"UDP Query User{49B88382-3F0E-4EC5-8D62-BBFD14AC74D7}C:\riot games\league of legends\rads\projects\lol_patcher\releases\0.0.0.14\deploy\lolpatcher.exe" = protocol=17 | dir=in | app=c:\riot games\league of legends\rads\projects\lol_patcher\releases\0.0.0.14\deploy\lolpatcher.exe |
"UDP Query User{4ACBEF1D-167A-4EE5-BDBB-8A45E8560074}C:\riot games\league of legends\rads\projects\lol_patcher\releases\0.0.0.14\deploy\lolpatcherux.exe" = protocol=17 | dir=in | app=c:\riot games\league of legends\rads\projects\lol_patcher\releases\0.0.0.14\deploy\lolpatcherux.exe |
"UDP Query User{508CB5F9-7A96-48C6-86D0-E57AB894F692}C:\users\tdw\eclipse\java-mars\eclipse\eclipse.exe" = protocol=17 | dir=in | app=c:\users\tdw\eclipse\java-mars\eclipse\eclipse.exe |
"UDP Query User{5CE52326-3DB1-4CE9-8B85-2CD6F66A8055}C:\windows\system32\javaw.exe" = protocol=17 | dir=in | app=c:\windows\system32\javaw.exe |
"UDP Query User{5FE78AE6-8A3F-4FB7-8E26-D3A9D98D7869}C:\users\tdw\eclipse\java-mars\eclipse\eclipse.exe" = protocol=17 | dir=in | app=c:\users\tdw\eclipse\java-mars\eclipse\eclipse.exe |
"UDP Query User{61B6C7DA-C0A5-4C88-A781-39BB95630B2C}C:\need for speed most wanted\need for speed most wanted\speed.exe" = protocol=17 | dir=in | app=c:\need for speed most wanted\need for speed most wanted\speed.exe |
"UDP Query User{6655F048-8768-4375-AC30-D6901C26C12C}C:\program files\java\jre7\bin\jp2launcher.exe" = protocol=17 | dir=in | app=c:\program files\java\jre7\bin\jp2launcher.exe |
"UDP Query User{6F69BE84-9664-4057-ACB3-5B8E42CC6E97}C:\users\tdw\appdata\local\akamai\netsession_win.exe" = protocol=17 | dir=in | app=c:\users\tdw\appdata\local\akamai\netsession_win.exe |
"UDP Query User{76BA3753-1AE3-4DA8-A6E6-80A92A06F820}C:\program files\lolreplay\lolreplay.exe" = protocol=17 | dir=in | app=c:\program files\lolreplay\lolreplay.exe |
"UDP Query User{8520F0A2-71A8-431B-8311-227D4FC01AEC}C:\games\world_of_tanks\wotlauncher.exe" = protocol=17 | dir=in | app=c:\games\world_of_tanks\wotlauncher.exe |
"UDP Query User{852E557B-46DD-4778-ACC8-8D3BF8EF1584}C:\users\tdw\appdata\local\temp\hydcb5a.tmp.1471938581_permissionscopy\utorrent.exe" = protocol=17 | dir=in | app=c:\users\tdw\appdata\local\temp\hydcb5a.tmp.1471938581_permissionscopy\utorrent.exe |
"UDP Query User{8E734D45-C1B1-49C4-B5AA-1D6CE64CE0FB}C:\program files\condition zero\hl.exe" = protocol=17 | dir=in | app=c:\program files\condition zero\hl.exe |
"UDP Query User{9A1C9306-5A83-4503-805E-D98883250939}C:\ellina\maplestory\ellinia.exe" = protocol=17 | dir=in | app=c:\ellina\maplestory\ellinia.exe |
"UDP Query User{A168DDFE-C23D-4D8B-93FB-083E7157F8B2}C:\need for speed most wanted\need for speed most wanted\speed.exe" = protocol=17 | dir=in | app=c:\need for speed most wanted\need for speed most wanted\speed.exe |
"UDP Query User{A1CE00F9-AEA6-43C0-AE10-AF7F9CD9280A}C:\program files\counter-strike 1.6\hl.exe" = protocol=17 | dir=in | app=c:\program files\counter-strike 1.6\hl.exe |
"UDP Query User{A881EE44-AE2C-4231-A33D-509DD6716D7B}C:\counter strike\counter strike + condition zero\condition zero\czero.exe" = protocol=17 | dir=in | app=c:\counter strike\counter strike + condition zero\condition zero\czero.exe |
"UDP Query User{B1CE99B3-ACD0-454B-8191-780986CA869B}C:\program files\steam\steamapps\common\terraria\terrariaserver.exe" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\terraria\terrariaserver.exe |
"UDP Query User{B90E13BD-67CE-404C-83C9-A74ECF7D18F3}C:\program files\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe |
"UDP Query User{C82643D4-BF36-4E96-83D9-648813BFFE51}C:\program files\counter-strike 1.6\hltv.exe" = protocol=17 | dir=in | app=c:\program files\counter-strike 1.6\hltv.exe |
"UDP Query User{D04D3664-5A11-4B0A-858D-5C8B70B3EE17}C:\users\tdw\appdata\local\akamai\netsession_win.exe" = protocol=17 | dir=in | app=c:\users\tdw\appdata\local\akamai\netsession_win.exe |
"UDP Query User{DB16403F-9F6F-4F97-9FAD-07ADE92962F6}C:\program files\microsoft virtual pc\virtual pc.exe" = protocol=17 | dir=in | app=c:\program files\microsoft virtual pc\virtual pc.exe |
"UDP Query User{DF605539-BE6B-4221-A602-C72D7E3BDCB1}C:\program files\electronic arts\eadm\core.exe" = protocol=17 | dir=in | app=c:\program files\electronic arts\eadm\core.exe |
"UDP Query User{EA342DA3-A240-4A22-AD3C-41C59107A5CC}C:\program files\kol halashon\kol halashon download manager\khl download manager.exe" = protocol=17 | dir=in | app=c:\program files\kol halashon\kol halashon download manager\khl download manager.exe |
"UDP Query User{F1E6C7BD-F16E-4082-A773-0DD4C8A4C6AF}C:\users\user\appdata\local\akamai\netsession_win.exe" = protocol=17 | dir=in | app=c:\users\user\appdata\local\akamai\netsession_win.exe |
"UDP Query User{F35B8937-6947-4D0E-BF41-49182648257C}C:\program files\microsoft office\office14\groove.exe" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\groove.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{09DA5EE2-7E46-4DC4-96F9-BFEE50D40659}" = Citrix Online Launcher
"{1196038E-D257-43EA-9E64-097D4839A70E}_is1" = MapleGlobal version 0.03
"{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}" = Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{26A24AE4-039D-4CA4-87B4-2F83218031F0}" = Java 8 Update 31
"{2A842F3F-CE6D-3DFD-9ECB-9CC3C5150A67}" = Microsoft .NET Framework 4.7
"{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}" = Microsoft XNA Framework Redistributable 4.0
"{3215C938-0FCD-42C7-A221-51489CECA50C}_is1" = גלישה בטוחה version 4.16.13
"{3B983EFD-6E37-4AD9-9A7D-8C83E61674F7}" = Splashtop Connect IE
"{3DECD372-76A1-4483-BF10-B547790A3261}" = ON_OFF Charge B11.0110.1
"{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}" = Microsoft ASP.NET MVC 4 Runtime
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4DC59BF3-0D72-3CE8-BFEF-1E8FAF689EB0}" = Microsoft Visual Studio 2010 Tools for Office Runtime (x86)
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{5F189DF5-2D05-472B-9091-84D9848AE48B}{5837205}" = Browser faster
"{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}" = Google Update Helper
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{69BCE4AC-9572-3271-A2FB-9423BDA36A43}" = Microsoft Visual C++ 2015 x86 Additional Runtime - 14.0.24215
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{77463C86-BB3A-426E-A6C2-06B4D28C250F}" = Citrix Online Launcher
"{79BF4901-1EC4-4726-B3C2-A7859706C6E7}" = League of Legends
"{7B77622E-DE90-48EA-B2C7-227B1DE58A01}" = Adobe AIR
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{8A7CAA24-7B23-410B-A7C3-F994B0944160}" = Microsoft Virtual PC 2007
"{8F0CD7D1-42F3-4195-95CD-833578D45057}_is1" = Zemana AntiMalware
"{90120000-0070-0000-0000-4000000FF1CE}" = Microsoft Visual Basic for Applications 7.1 (x86)
"{90120000-00A4-0409-0000-0000000FF1CE}" = Microsoft Office 2003 Web Components
"{90140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0015-040D-0000-0000000FF1CE}" = Microsoft Office Access MUI (Hebrew) 2010
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0016-040D-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Hebrew) 2010
"{90140000-0017-040D-0000-0000000FF1CE}" = Microsoft Office SharePoint Designer MUI (Hebrew) 2010
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0018-040D-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Hebrew) 2010
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-0019-040D-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Hebrew) 2010
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001A-040D-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Hebrew) 2010
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001B-040D-0000-0000000FF1CE}" = Microsoft Office Word MUI (Hebrew) 2010
"{90140000-001F-0401-0000-0000000FF1CE}" = Microsoft Office Proof (Arabic) 2010
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040D-0000-0000000FF1CE}" = Microsoft Office Proof (Hebrew) 2010
"{90140000-001F-0419-0000-0000000FF1CE}" = Microsoft Office Proof (Russian) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-002C-040D-0000-0000000FF1CE}" = Microsoft Office Proofing (Hebrew) 2010
"{90140000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010
"{90140000-0044-040D-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (Hebrew) 2010
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-006E-040D-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Hebrew) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00A1-040D-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (Hebrew) 2010
"{90140000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010
"{90140000-00BA-040D-0000-0000000FF1CE}" = Microsoft Office Groove MUI (Hebrew) 2010
"{90140000-0100-040D-0000-0000000FF1CE}" = Microsoft Office O MUI (Hebrew) 2010
"{90140000-0101-040D-0000-0000000FF1CE}" = Microsoft Office X MUI (Hebrew) 2010
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033" = Microsoft .NET Framework 4.7
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{AC76BA86-0804-1033-1959-001824245926}" = Adobe Refresh Manager
"{AC76BA86-7AD7-1033-7B44-AC0F074E4100}" = Adobe Acrobat Reader DC
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Ansel" = NVIDIA Ansel
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Driver 388.13
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 388.13
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 388.13
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller Driver 352.65
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX System Software 9.15.0428
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 2.11.4.1
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_GFExperience.NvStreamSrv" = SHIELD Streaming
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD Audio Driver 1.3.35.1
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVDisplayContainer" = NVIDIA Display Container
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVDisplayContainerLS" = NVIDIA Display Container LS
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVDisplayPluginWatchdog" = NVIDIA Display Watchdog Plugin
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVDisplaySessionContainer" = NVIDIA Display Session Container
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_ShieldWirelessController" = SHIELD Wireless Controller Driver
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Update.Core" = NVIDIA Update Core
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_VirtualAudio.Driver" = NVIDIA Virtual Audio 1.2.40
"{BAB89D31-4C55-472B-8909-6CBE2CC276B1}" = Microsoft Visual Basic for Applications 7.1 (x86) English
"{BBF2AC74-720C-3CB3-8291-5E34039232FA}" = Microsoft Visual C++ 2015 x86 Minimum Runtime - 14.0.24215
"{ce085a78-074e-4823-8dc1-8a721b94b76d}" = Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005
"{D481EA96-2313-4A7C-98EE-710D1AF884AC}" = Microsoft Visual Studio 2005 Tools for Applications - ENU
"{DFBB738C-71D8-4DC5-B8D2-D65C37680E27}" = Etron USB3.0 Host Controller
"{e2803110-78b3-4664-a479-3611a381656a}" = Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215
"{EA2DB6E0-72C5-4ef9-A3A0-E6705F4A6A9E}" = Nexon Game Manager
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center
"{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}" = Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 28 ActiveX
"CCleaner" = CCleaner
"Counter-Strike 1.6" = Counter-Strike 1.6
"Google Chrome" = Google Chrome
"League of Legends 3.0.1" = League of Legends
"MapleStory" = MapleStory
"Microsoft Visual Studio 2005 Tools for Applications - ENU" = Microsoft Visual Studio 2005 Tools for Applications - ENU
"Microsoft Visual Studio 2010 Tools for Office Runtime (x86)" = Microsoft Visual Studio 2010 Tools for Office Runtime (x86)
"Nero - Burning Rom!UninstallKey" = Nero 6 Ultra Edition
"Nexon Nexon Launcher" = Nexon Launcher
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"Office14.OMUI.he-il" = Microsoft Office Language Pack 2010 - Hebrew עברית
"Office14.PROPLUS" = Microsoft Office Professional Plus 2010
"Popcorn Time_is1" = Popcorn Time
"S-161304646" = SK.Enhancer
"SP_ecec6af5" = SK.Helper 1.74
"VLC media player" = VLC media player
"VulkanRT1.0.61.0" = Vulkan Run Time Libraries 1.0.61.0
"WinRAR archiver" = WinRAR 4.11 (32-bit)
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 10-Jan-18 5:39:57 PM | Computer Name = user-PC | Source = WinMgmt | ID = 10
Description =
Error - 11-Jan-18 5:26:44 AM | Computer Name = user-PC | Source = WinMgmt | ID = 10
Description =
Error - 11-Jan-18 5:28:16 AM | Computer Name = user-PC | Source = WinMgmt | ID = 10
Description =
Error - 11-Jan-18 6:33:03 AM | Computer Name = user-PC | Source = Application Error | ID = 1000
Description = Faulting application name: LeagueClientUxRender.exe, version: 8.2.214.747,
time stamp: 0x5a55ab5f Faulting module name: LeagueClientUxRender.exe, version:
8.2.214.747, time stamp: 0x5a55ab5f Exception code: 0xc0000005 Fault offset: 0x00049001
Faulting
process id: 0xb3c Faulting application start time: 0x01d38abebd234a89 Faulting application
path: C:\Riot Games\PBE\PBE\RADS\projects\league_client\releases\0.0.1.107\deploy\LeagueClientUxRender.exe
Faulting
module path: C:\Riot Games\PBE\PBE\RADS\projects\league_client\releases\0.0.1.107\deploy\LeagueClientUxRender.exe
Report
Id: cd4fd339-f6ba-11e7-8eaa-50e549c049f3
Error - 13-Jan-18 7:18:00 AM | Computer Name = user-PC | Source = Application Error | ID = 1000
Description = Faulting application name: LeagueClientUxRender.exe, version: 8.2.214.4283,
time stamp: 0x5a58407f Faulting module name: libcef.dll, version: 3.2623.1397.0,
time stamp: 0x58a39fbe Exception code: 0xc0000005 Fault offset: 0x00206567 Faulting
process id: 0x1428 Faulting application start time: 0x01d38c5537cc83ad Faulting application
path: C:\Riot Games\PBE\PBE\RADS\projects\league_client\releases\0.0.1.109\deploy\LeagueClientUxRender.exe
Faulting
module path: C:\Riot Games\PBE\PBE\RADS\projects\league_client\releases\0.0.1.109\deploy\libcef.dll
Report
Id: 69cb2b8d-f853-11e7-8eaa-50e549c049f3
Error - 13-Jan-18 10:05:46 AM | Computer Name = user-PC | Source = Application Error | ID = 1000
Description = Faulting application name: Speed.exe, version: 0.0.0.0, time stamp:
0x438e4c8c Faulting module name: Speed.exe, version: 0.0.0.0, time stamp: 0x438e4c8c
Exception
code: 0x80000003 Fault offset: 0x003cd7c2 Faulting process id: 0x5dc Faulting application
start time: 0x01d38c75dd0b28d8 Faulting application path: C:\Need For Speed Most
Wanted\Need for Speed Most Wanted\Speed.exe Faulting module path: C:\Need For Speed
Most Wanted\Need for Speed Most Wanted\Speed.exe Report Id: d92fd9f2-f86a-11e7-8eaa-50e549c049f3
Error - 16-Jan-18 9:15:35 AM | Computer Name = user-PC | Source = WinMgmt | ID = 10
Description =
Error - 16-Jan-18 9:21:11 AM | Computer Name = user-PC | Source = WinMgmt | ID = 10
Description =
Error - 17-Jan-18 3:53:06 PM | Computer Name = user-PC | Source = WinMgmt | ID = 10
Description =
Error - 18-Jan-18 9:48:42 AM | Computer Name = user-PC | Source = WinMgmt | ID = 10
Description =
[ System Events ]
Error - 12-Jan-18 10:01:10 PM | Computer Name = user-PC | Source = volsnap | ID = 393251
Description = The shadow copies of volume C: were aborted because the shadow copy
storage failed to grow.
Error - 16-Jan-18 9:14:35 AM | Computer Name = user-PC | Source = Service Control Manager | ID = 7009
Description = A timeout was reached (30000 milliseconds) while waiting for the BUpdater
Windows Service service to connect.
Error - 16-Jan-18 9:14:35 AM | Computer Name = user-PC | Source = Service Control Manager | ID = 7000
Description = The BUpdater Windows Service service failed to start due to the following
error: %%1053
Error - 16-Jan-18 9:14:35 AM | Computer Name = user-PC | Source = Service Control Manager | ID = 7000
Description = The sbmntr service failed to start due to the following error: %%3
Error - 16-Jan-18 9:20:52 AM | Computer Name = user-PC | Source = Service Control Manager | ID = 7000
Description = The sbmntr service failed to start due to the following error: %%3
Error - 17-Jan-18 3:52:56 PM | Computer Name = user-PC | Source = Service Control Manager | ID = 7000
Description = The sbmntr service failed to start due to the following error: %%3
Error - 18-Jan-18 7:45:54 AM | Computer Name = user-PC | Source = Service Control Manager | ID = 7043
Description = The Diagnostics Tracking Service service did not shut down properly
after receiving a preshutdown control.
Error - 18-Jan-18 9:48:39 AM | Computer Name = user-PC | Source = Service Control Manager | ID = 7009
Description = A timeout was reached (30000 milliseconds) while waiting for the BUpdater
Windows Service service to connect.
Error - 18-Jan-18 9:48:39 AM | Computer Name = user-PC | Source = Service Control Manager | ID = 7000
Description = The BUpdater Windows Service service failed to start due to the following
error: %%1053
Error - 18-Jan-18 9:48:39 AM | Computer Name = user-PC | Source = Service Control Manager | ID = 7000
Description = The sbmntr service failed to start due to the following error: %%3
< End of report >
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Cleaning
Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.18860)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: dd-MMM-yy
3.49 Gb Total Physical Memory | 1.41 Gb Available Physical Memory | 40.49% Memory free
6.98 Gb Paging File | 4.89 Gb Available in Paging File | 69.99% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 465.66 Gb Total Space | 210.38 Gb Free Space | 45.18% Space Free | Partition Type: NTFS
Computer Name: USER-PC | User Name: TDW | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0B35DA02-7CEA-439F-AA1F-A3036ED0A6A7}" = lport=10243 | protocol=6 | dir=in | app=system |
"{0C9DEDD9-849C-45A7-8123-F83CFDC63BAA}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{1C9A111B-4695-4129-8CC3-8EC8EA1344A9}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{2025F2BF-4103-4DEC-9CF9-12F25DBB4FD4}" = lport=2869 | protocol=6 | dir=in | app=system |
"{228DB114-F1D2-414B-87A4-E4418AC150FC}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{345257F5-6C2D-4B2E-AE36-CB62C06D6B10}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{36098344-4401-4226-ACCB-DB84E6501D0C}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{3E2B6090-31F9-4137-BD9B-F9AF0ACB084E}" = lport=445 | protocol=6 | dir=in | app=system |
"{3F648397-CD08-4028-8E72-2F8C923F8FE3}" = lport=49499 | protocol=6 | dir=in | name=akamai netsession interface |
"{457678A1-C2D0-4B44-8D70-A811DD9741C4}" = rport=137 | protocol=17 | dir=out | app=system |
"{4A06A43B-D795-43A3-8964-A1B3356AE893}" = lport=5000 | protocol=17 | dir=in | name=akamai netsession interface |
"{4CD22E5A-7124-42F2-A113-47E6761F1F20}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{4DD6801B-7D12-44BC-95D5-36BAC6B5B247}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{4EC4BD35-8E36-487F-AFB8-353AE85456F2}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{58F8DD00-8789-476B-AFD6-C23B7727C26B}" = rport=139 | protocol=6 | dir=out | app=system |
"{5AD38050-823E-4976-81CB-AA3C89EE6C9B}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{6496AE51-002E-4869-AC22-F1CC2A403C76}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{73066EC1-B3A9-431F-B1B1-C04D5B2B2618}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{7EAD1E6A-CD58-4D58-BDC4-7CFFB238977A}" = lport=47995 | protocol=17 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamer.exe |
"{837D6225-5EC4-4F00-AC4A-80CE79819FE7}" = lport=35043 | protocol=6 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamer.exe |
"{8F15B0D9-6818-476F-BB33-AA927F2614BF}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{8FF836B3-EA2E-41DF-8E88-B3B4A8986FA4}" = lport=5353 | protocol=17 | dir=in | app=c:\users\tdw\appdata\local\programs\opera\48.0.2685.50\opera.exe |
"{A237AF85-07F8-4BF2-BA0E-C9C1E62A82C4}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{A3F08658-47CE-4FE9-B50D-42B0E94C9C95}" = lport=5353 | protocol=17 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamnetworkservice.exe |
"{A53B6314-015C-4D25-9C03-B6ED15C38593}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{A69BAAA5-2632-4A8E-BBCF-A2357C79A583}" = lport=47998 | protocol=17 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamuseragent.exe |
"{B154AEAE-697C-499D-99B1-88F435D14F29}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office14\outlook.exe |
"{B8C46A1F-395F-4EFC-8B49-ED9136F39D78}" = lport=137 | protocol=17 | dir=in | app=system |
"{BA6056DE-A2E4-4592-81CF-99C25EE52514}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{BAFD7EDD-7B8E-41E3-A719-40CA5E2917F2}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{BE479846-5208-46BB-891C-AD417DE3E106}" = lport=138 | protocol=17 | dir=in | app=system |
"{C1C70886-4D11-4E37-9A01-EF37D9513721}" = lport=5353 | protocol=17 | dir=in | app=c:\program files\google\chrome\application\chrome.exe |
"{C5B72CAD-AA34-424D-8441-D457B0EA3A56}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{CB13E737-06EF-44C6-9394-DE6E7652D22A}" = lport=47984 | protocol=6 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamnetworkservice.exe |
"{D32DC071-F023-4EA4-8C2E-CFD1C090CD94}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{D7AACAEB-F28A-4783-B5D7-D6A771E444B7}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{DF085BF1-A320-47FD-B849-6FF35A357742}" = lport=139 | protocol=6 | dir=in | app=system |
"{DFDC2732-4220-45C6-990E-9DACE0B1A714}" = rport=10243 | protocol=6 | dir=out | app=system |
"{ECB0DA81-DD9B-4EF9-9131-0FBC2F9D36A1}" = rport=138 | protocol=17 | dir=out | app=system |
"{F787D0CE-35AA-4EC5-9C85-2AE7ED1A3C58}" = rport=445 | protocol=6 | dir=out | app=system |
"{F9DA1587-2855-4E18-8EB2-283905232ADE}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{1161E72E-84D0-46C8-8D36-6CB1168CD77D}" = protocol=6 | dir=in | app=c:\users\tdw\appdata\roaming\systemprocess\systemprocess.exe |
"{1190EFB4-FAC0-48E6-B8EC-34AE863DD79E}" = protocol=17 | dir=in | app=c:\nexon\maplestory\nxsteam.exe |
"{1403D39D-E57C-49E4-91FE-525D857B1FD0}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{160E6E3D-36D9-425B-AF48-D2FED5F47ABE}" = protocol=17 | dir=in | app=c:\users\user\appdata\local\akamai\netsession_win.exe |
"{1A9C0D13-B33C-47D9-BA5A-D95A5007B543}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |
"{1D510134-4B25-4A05-97CD-EAA149231923}" = protocol=6 | dir=in | app=c:\users\tdw\appdata\roaming\utorrent\utorrent.exe |
"{21E48493-1F0E-48FC-8F2B-C36FC077A616}" = protocol=58 | dir=out | name=@iphlpsvc.dll,-503 |
"{2455543C-0D4F-4E15-98F1-EAF68828D708}" = protocol=17 | dir=in | app=c:\program files\popcorn time\updater.exe |
"{327AC42E-1B48-445D-8B7D-07445218482E}" = protocol=17 | dir=in | app=c:\program files\steam\bin\cef\cef.win7\steamwebhelper.exe |
"{33B30456-46EE-4A49-A2FC-9EEC18C0D45D}" = protocol=17 | dir=in | app=c:\program files\goforfiles\goforfiles.exe |
"{3E5594D9-6FB4-465E-8E28-633BAE32A90B}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{440C54CB-D868-49A4-AB38-F88DCC685AC0}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{44280504-F9B5-4DA5-820E-E2ED588A83A4}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{44700AA7-0094-4AD8-89A8-C0FD5333FE92}" = protocol=17 | dir=in | app=c:\program files\popcorn time\chromecast\node.exe |
"{44DA2AB8-EA29-4A6C-AB40-BA5CB29DB64A}" = protocol=17 | dir=in | app=c:\program files\steam\bin\steamwebhelper.exe |
"{45A41952-13F8-467B-BA5D-A6B33B9D955A}" = protocol=17 | dir=in | app=c:\users\tdw\appdata\roaming\systemprocess\systemprocess.exe |
"{476FB747-C0A0-4054-8DD2-DD6D916B7776}" = protocol=6 | dir=in | app=c:\programdata\nexonus\ngm\ngm.exe |
"{4A483A83-E6F4-4D0B-BDBB-2CD253FD5012}" = protocol=17 | dir=in | app=c:\program files\expressfiles\expressdl.exe |
"{4C1DE023-5F2D-42D7-94BB-3C1A539E6582}" = dir=in | app=c:\users\tdw\appdata\local\temp\showmypc\-showmypc\tvnserver.exe |
"{4D2FF0BA-3662-4415-AB34-F455F28AFF21}" = dir=in | app=c:\program files\dragon's prophet (game)\launcher.exe |
"{4D7E7CA4-E999-47D7-BAAB-1E673EFB84DE}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{4F7C41EE-B83E-44EC-82DE-4A24D1DD3303}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\transformice\transformice.exe |
"{4FB75942-6ED0-460F-927D-03AE31EE31C9}" = protocol=6 | dir=in | app=c:\program files\steam\steam.exe |
"{4FC1068D-72C1-4A5A-AEBD-0E46EE2EB0B0}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{5171407A-83E6-496C-ACDF-2BE5D7C038F3}" = protocol=17 | dir=in | app=c:\programdata\nexonus\ngm\ngm.exe |
"{52856F35-9218-47B0-A3B4-5C28CDB459AD}" = dir=in | app=c:\program files\dragon's prophet (game)\dp_x86.exe |
"{5474B193-AAB6-4512-ABFB-0EB207D63717}" = protocol=17 | dir=in | app=c:\users\tdw\appdata\roaming\utorrent\utorrent.exe |
"{59D69DD9-2E93-4946-A65D-4EC73D64CB5C}" = protocol=6 | dir=in | app=c:\koggames\elsword\data\x2.exe |
"{5E86803E-F45B-44E0-BD3C-69736217356C}" = protocol=6 | dir=in | app=c:\program files\popcorn time\popcorntimedesktop.exe |
"{61B8EC39-FCA2-403D-A19B-5BDE7C3F093A}" = protocol=6 | dir=in | app=c:\nexon\maplestory\nxsteam.exe |
"{666890D1-EAAF-4698-83E6-131A3D0EFC48}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{6AD27EF7-9E4B-4960-9FBD-5BB71AC45559}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{6B086C99-7F3B-4599-A5EC-6FF0E1712C5A}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\transformice\transformice.exe |
"{6B48C232-4725-4F15-970D-2B8FC37A6E59}" = protocol=6 | dir=in | app=c:\nexon\maplestory\setup.exe |
"{6C8A635A-FBAE-4814-97FC-6A2524262F55}" = protocol=17 | dir=in | app=c:\nexon\maplestory\setup.exe |
"{702D34B7-F259-494C-88CE-A7B4BD91616B}" = dir=out | app=c:\program files\dragon's prophet (game)\dp_x64.exe |
"{713F40E2-EFB5-493D-AFA1-FC1EA499578A}" = protocol=17 | dir=in | app=c:\program files\ubisoft\might & magic heroes vi - game official demo\might & magic heroes vi.exe |
"{73155B89-A6A2-4701-AEBC-AC437B8F9BD8}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{79C96A0D-C7E0-49F5-A5F0-EE3EB7D6F996}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\groove.exe |
"{7B0E9B86-A628-4EDB-9689-8C34AEBCCFAF}" = protocol=17 | dir=in | app=c:\koggames\elsword\data\x2.exe |
"{86E20E4D-DEAD-40D5-BE7C-F37D3B0317BE}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{90A61554-42FF-44ED-8A13-F990D39AF9EC}" = protocol=58 | dir=in | app=system |
"{912DDE0F-0AAA-4CAC-A66B-C98E8686B313}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\groove.exe |
"{91C57CEE-75CF-4C64-B1FC-9442060CCFA4}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\kingdom rush\kingdom rush.exe |
"{931AC6E2-E689-4F25-A82D-7D3663B92451}" = dir=out | app=c:\program files\dragon's prophet (game)\launcher.exe |
"{955260D4-5D39-43C1-A714-A01CCDCA88F7}" = protocol=6 | dir=in | app=c:\nexon\maplestory\gamelauncher.exe |
"{956C75E4-7C76-4214-ABA1-AB0077E96B92}" = protocol=17 | dir=in | app=c:\program files\expressfiles\expressfiles.exe |
"{9604DB96-52C2-428F-AA96-68A6AEBBCD36}" = protocol=17 | dir=in | app=c:\users\tdw\desktop\jonathan studies do not erase!\solidworks\solidworks\swscheduler\dtscoordinatorservice.exe |
"{9CAAE851-D8F6-42E1-BB90-0ABAD7C26E86}" = protocol=6 | dir=in | app=c:\users\tdw\desktop\jonathan studies do not erase!\solidworks\solidworks\swscheduler\dtscoordinatorservice.exe |
"{A41063BB-3E4B-465E-810F-A4CC6333B651}" = protocol=6 | dir=in | app=c:\program files\ubisoft\might & magic heroes vi - game official demo\might & magic heroes vi.exe |
"{A7BEBA25-D1DE-4FD1-AA56-68416F817169}" = protocol=17 | dir=in | app=c:\nexon\maplestory\maplestory.exe |
"{A8304BC4-8555-4E12-9F67-4CF9AB5FE248}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{A84018DC-A728-45BD-9C7D-8DAB81656A4D}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{A8C4EBBB-FEC4-4D9C-9387-0EA7BA121B76}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\kingdom rush\kingdom rush.exe |
"{A909DFE7-362C-44D3-9A4E-D2B15B27686D}" = protocol=6 | dir=in | app=c:\nexon\maplestory\etracer.exe |
"{AD9EAD9F-B1C7-4A08-AA21-66ACFDE90C74}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{ADBBCCFA-5B44-4C1C-9F38-886A090CE0A3}" = protocol=6 | dir=in | app=c:\program files\steam\bin\cef\cef.win7\steamwebhelper.exe |
"{B0698859-F5BE-419A-89C0-63A87D8EB193}" = protocol=6 | dir=in | app=c:\programdata\nexonus\ngm\ngm.exe |
"{B2E28C16-BBFD-4396-96D0-334BF3C0E18F}" = protocol=6 | dir=in | app=c:\users\user\appdata\local\akamai\netsession_win.exe |
"{B49759F6-733C-44B3-BB3C-AD427A7560B8}" = protocol=6 | dir=in | app=c:\program files\popcorn time\updater.exe |
"{BC9FE2BA-E0E5-4FD4-A038-F82BF725D5F5}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{BF4A484D-46B1-4157-9AEC-65539123A35B}" = protocol=6 | dir=in | app=c:\nexon\maplestory\maplestory.exe |
"{C0D08202-3A3B-4456-BCF2-136E83D66F41}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{C1160032-8C70-402C-A583-1CDCB7E9ADEE}" = protocol=6 | dir=in | app=c:\program files\goforfiles\goforfilesdl.exe |
"{C2C60C41-0196-4C95-9C11-F45CE470E9DC}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{C7115288-0E41-4F9A-ADAB-849F1D8B90B2}" = protocol=17 | dir=in | app=c:\program files\goforfiles\goforfilesdl.exe |
"{C9FEBD0F-E785-4CC8-BCBC-B9696EBAB524}" = protocol=17 | dir=in | app=c:\nexon\maplestory\etracer.exe |
"{CF13FBAB-BA68-4AF3-AC10-B37A1A54412C}" = protocol=6 | dir=in | app=c:\program files\expressfiles\expressfiles.exe |
"{D8322C20-68D9-4E70-AE09-C4A3B1AFA3BB}" = protocol=17 | dir=in | app=c:\program files\steam\steam.exe |
"{D891DECA-0D48-4A0F-9E9D-7F80E48012D8}" = dir=in | app=c:\program files\dragon's prophet (game)\dp_x64.exe |
"{D9BB816E-74FD-4E52-B1C5-591F1CE12E72}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |
"{DB969D94-1E87-41FA-B60C-44690562E4EB}" = protocol=6 | dir=in | app=c:\program files\popcorn time\chromecast\node.exe |
"{E018C2F5-98B4-47FC-B741-A11D5CFD01DB}" = protocol=6 | dir=in | app=c:\program files\steam\bin\steamwebhelper.exe |
"{E4D59296-D58D-4D6F-8D62-EBD7D1F1CBB3}" = dir=in | app=c:\users\tdw\appdata\local\temp\showmypc\-showmypc\smpcsetup.exe |
"{E8450F88-E969-4F5B-9D3E-C8F79A15DE93}" = protocol=6 | dir=out | app=system |
"{E990B8FF-3611-46E5-A994-9362282014EE}" = protocol=17 | dir=in | app=c:\nexon\maplestory\gamelauncher.exe |
"{EB23E3F2-7181-49B4-8B24-EB908B7EAB0E}" = protocol=17 | dir=in | app=c:\programdata\nexonus\ngm\ngm.exe |
"{F08A5D4A-08D4-48EF-9AD2-B0DBCC5CD159}" = protocol=6 | dir=in | app=c:\program files\expressfiles\expressdl.exe |
"{F29D8CEF-17A8-4B14-81A2-9A58E576D111}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{F3535524-EFF5-4BA0-ACDB-9EB7EDD5FC5A}" = protocol=6 | dir=in | app=c:\program files\goforfiles\goforfiles.exe |
"{F4C4ADA0-9CEB-4A19-8873-81343142B46C}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{F9AAB1B1-C673-4E66-8995-8EA75E3FE958}" = protocol=17 | dir=in | app=c:\program files\popcorn time\popcorntimedesktop.exe |
"{FC5BD682-8776-4355-A78D-EC7DB7342C11}" = dir=out | app=c:\program files\dragon's prophet (game)\dp_x86.exe |
"TCP Query User{0865282C-67E0-4EF7-A07F-6DBD228471AE}C:\program files\microsoft office\office14\groove.exe" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\groove.exe |
"TCP Query User{16E77583-7344-4635-BBE8-728B8386897B}C:\program files\microsoft virtual pc\virtual pc.exe" = protocol=6 | dir=in | app=c:\program files\microsoft virtual pc\virtual pc.exe |
"TCP Query User{1739FD15-A27D-4EF9-BBBF-E1BE1FB4A9B7}C:\program files\java\jre7\bin\jp2launcher.exe" = protocol=6 | dir=in | app=c:\program files\java\jre7\bin\jp2launcher.exe |
"TCP Query User{1C0DCB7A-10E6-447F-8545-2CBB5BC16137}C:\program files\counter-strike 1.6\hl.exe" = protocol=6 | dir=in | app=c:\program files\counter-strike 1.6\hl.exe |
"TCP Query User{216143FF-DB53-4A8A-867D-EBC4D4F77055}C:\games\world_of_tanks\wotlauncher.exe" = protocol=6 | dir=in | app=c:\games\world_of_tanks\wotlauncher.exe |
"TCP Query User{2B724F42-5204-4C16-9FE5-3C69A9197B00}C:\program files\counter strike - condition zero (ultimate edition)\czero.exe" = protocol=6 | dir=in | app=c:\program files\counter strike - condition zero (ultimate edition)\czero.exe |
"TCP Query User{459227DD-625D-43EF-B201-79DD05DE36BF}C:\skype\phone\skype.exe" = protocol=6 | dir=in | app=c:\skype\phone\skype.exe |
"TCP Query User{5514EF2E-B013-4401-B949-9E841FD91DA6}C:\users\user\appdata\local\akamai\netsession_win.exe" = protocol=6 | dir=in | app=c:\users\user\appdata\local\akamai\netsession_win.exe |
"TCP Query User{55B17637-3749-477B-995A-FF8863FEE236}C:\users\tdw\appdata\local\akamai\netsession_win.exe" = protocol=6 | dir=in | app=c:\users\tdw\appdata\local\akamai\netsession_win.exe |
"TCP Query User{5BB39BF8-B9D0-4162-AD00-C0A419A306B3}C:\users\tdw\eclipse\committers-neon\eclipse\eclipse.exe" = protocol=6 | dir=in | app=c:\users\tdw\eclipse\committers-neon\eclipse\eclipse.exe |
"TCP Query User{5CA6F8CF-C65C-47C3-885C-9FE1EE386B4F}C:\program files\steam\steamapps\common\terraria\terrariaserver.exe" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\terraria\terrariaserver.exe |
"TCP Query User{61469E9E-E061-4E55-8CCB-C5E4A537FEB2}C:\program files\condition zero\hl.exe" = protocol=6 | dir=in | app=c:\program files\condition zero\hl.exe |
"TCP Query User{64AF1F24-486F-4598-9FDF-400747BE6F5C}C:\program files\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe |
"TCP Query User{75151CB8-C76B-4F42-8965-FADB4EFC7475}C:\counter strike\counter strike + condition zero\condition zero\czero.exe" = protocol=6 | dir=in | app=c:\counter strike\counter strike + condition zero\condition zero\czero.exe |
"TCP Query User{7681F943-454D-4382-97AC-824978D2F632}C:\need for speed most wanted\need for speed most wanted\speed.exe" = protocol=6 | dir=in | app=c:\need for speed most wanted\need for speed most wanted\speed.exe |
"TCP Query User{83859D3F-CFBE-4A81-9963-D2D427669326}C:\riot games\league of legends\rads\projects\lol_patcher\releases\0.0.0.14\deploy\lolpatcher.exe" = protocol=6 | dir=in | app=c:\riot games\league of legends\rads\projects\lol_patcher\releases\0.0.0.14\deploy\lolpatcher.exe |
"TCP Query User{8718F9E8-BDA5-4651-8CFC-A217997C7AA6}C:\ellina\maplestory\maplestory.exe" = protocol=6 | dir=in | app=c:\ellina\maplestory\maplestory.exe |
"TCP Query User{A6B5DB0A-EF91-4C8D-936C-F40088E37BA7}C:\games\world_of_tanks\worldoftanks.exe" = protocol=6 | dir=in | app=c:\games\world_of_tanks\worldoftanks.exe |
"TCP Query User{AB70FB85-FB39-4B4C-99D9-26A0EB37E1C1}C:\users\tdw\appdata\local\akamai\netsession_win.exe" = protocol=6 | dir=in | app=c:\users\tdw\appdata\local\akamai\netsession_win.exe |
"TCP Query User{B142CA72-A039-452E-8342-5A0342A301AA}C:\program files\counter-strike 1.6\hltv.exe" = protocol=6 | dir=in | app=c:\program files\counter-strike 1.6\hltv.exe |
"TCP Query User{B2F4C0B6-31E0-48BC-BBA2-43FBA45C3D83}C:\program files\counter-strike 1.6\hl.exe" = protocol=6 | dir=in | app=c:\program files\counter-strike 1.6\hl.exe |
"TCP Query User{B47F432C-02AF-4C45-9AA7-E2B315BAEC59}C:\users\tdw\eclipse\java-mars\eclipse\eclipse.exe" = protocol=6 | dir=in | app=c:\users\tdw\eclipse\java-mars\eclipse\eclipse.exe |
"TCP Query User{B622D4A7-E930-4516-AF6F-3A37D58D036F}C:\program files\electronic arts\eadm\core.exe" = protocol=6 | dir=in | app=c:\program files\electronic arts\eadm\core.exe |
"TCP Query User{BC54475A-4EDF-4BFA-A5BF-B7A8D0D6F56B}C:\riot games\league of legends\rads\projects\lol_patcher\releases\0.0.0.14\deploy\lolpatcherux.exe" = protocol=6 | dir=in | app=c:\riot games\league of legends\rads\projects\lol_patcher\releases\0.0.0.14\deploy\lolpatcherux.exe |
"TCP Query User{C2AD23E9-AD6B-4C31-BE2F-9EC711F78482}C:\program files\condition zero\hl.exe" = protocol=6 | dir=in | app=c:\program files\condition zero\hl.exe |
"TCP Query User{CBBE9329-8871-44FD-ADAD-52681994FB9B}C:\windows\system32\javaw.exe" = protocol=6 | dir=in | app=c:\windows\system32\javaw.exe |
"TCP Query User{D8D92CF4-0D0B-4C5F-BEA8-2F4D253E1F88}C:\program files\lolreplay\lolreplay.exe" = protocol=6 | dir=in | app=c:\program files\lolreplay\lolreplay.exe |
"TCP Query User{D9939481-9819-4C01-9722-B30B6261B54C}C:\users\tdw\appdata\local\temp\hydcb5a.tmp.1471938581_permissionscopy\utorrent.exe" = protocol=6 | dir=in | app=c:\users\tdw\appdata\local\temp\hydcb5a.tmp.1471938581_permissionscopy\utorrent.exe |
"TCP Query User{DC89665F-D783-44A8-B096-5C29875324FA}C:\users\tdw\eclipse\java-mars\eclipse\eclipse.exe" = protocol=6 | dir=in | app=c:\users\tdw\eclipse\java-mars\eclipse\eclipse.exe |
"TCP Query User{E90AA60B-C647-4F7B-B7E9-99FD1D6FD717}C:\ellina\maplestory\ellinia.exe" = protocol=6 | dir=in | app=c:\ellina\maplestory\ellinia.exe |
"TCP Query User{E92FA4E6-5921-4520-8ACA-CAE9EE0E7BC4}C:\need for speed most wanted\need for speed most wanted\speed.exe" = protocol=6 | dir=in | app=c:\need for speed most wanted\need for speed most wanted\speed.exe |
"TCP Query User{F209A386-2597-4E52-AD0E-053B90DE5214}C:\program files\electronic arts\eadm\core.exe" = protocol=6 | dir=in | app=c:\program files\electronic arts\eadm\core.exe |
"TCP Query User{F69428F3-F5A5-4DAB-92D2-881C7C0892F8}C:\program files\kol halashon\kol halashon download manager\khl download manager.exe" = protocol=6 | dir=in | app=c:\program files\kol halashon\kol halashon download manager\khl download manager.exe |
"TCP Query User{F7B53B43-5723-4004-99B0-BA614294E032}C:\counter strike\counter strike + condition zero\condition zero\czero.exe" = protocol=6 | dir=in | app=c:\counter strike\counter strike + condition zero\condition zero\czero.exe |
"TCP Query User{F9249045-F62F-473F-95F3-3730449E38C5}C:\windows\system32\javaw.exe" = protocol=6 | dir=in | app=c:\windows\system32\javaw.exe |
"UDP Query User{086CBE13-6EAD-489E-91A0-E6B40B9ED532}C:\games\world_of_tanks\worldoftanks.exe" = protocol=17 | dir=in | app=c:\games\world_of_tanks\worldoftanks.exe |
"UDP Query User{09895274-21DC-451E-A716-006B6F1431F1}C:\program files\electronic arts\eadm\core.exe" = protocol=17 | dir=in | app=c:\program files\electronic arts\eadm\core.exe |
"UDP Query User{119C1548-0ACF-4806-BEAE-4089D91BF1FE}C:\windows\system32\javaw.exe" = protocol=17 | dir=in | app=c:\windows\system32\javaw.exe |
"UDP Query User{12E10154-57E1-4D56-9E61-D1758C97D30D}C:\counter strike\counter strike + condition zero\condition zero\czero.exe" = protocol=17 | dir=in | app=c:\counter strike\counter strike + condition zero\condition zero\czero.exe |
"UDP Query User{169C6FCD-08D1-4A8C-8338-50EDFFA08379}C:\program files\counter-strike 1.6\hl.exe" = protocol=17 | dir=in | app=c:\program files\counter-strike 1.6\hl.exe |
"UDP Query User{2C03B740-7D0C-4795-862F-6A0EA7604A39}C:\ellina\maplestory\maplestory.exe" = protocol=17 | dir=in | app=c:\ellina\maplestory\maplestory.exe |
"UDP Query User{30321B7A-938E-40BD-A12B-631E7E7BC8C9}C:\program files\counter strike - condition zero (ultimate edition)\czero.exe" = protocol=17 | dir=in | app=c:\program files\counter strike - condition zero (ultimate edition)\czero.exe |
"UDP Query User{30C40E46-9353-4190-B75E-FF5FD12FD931}C:\skype\phone\skype.exe" = protocol=17 | dir=in | app=c:\skype\phone\skype.exe |
"UDP Query User{33C13407-0D33-4C68-845D-D884E1192B7D}C:\users\tdw\eclipse\committers-neon\eclipse\eclipse.exe" = protocol=17 | dir=in | app=c:\users\tdw\eclipse\committers-neon\eclipse\eclipse.exe |
"UDP Query User{4294D326-FB80-4D50-9202-4CE375521E56}C:\program files\condition zero\hl.exe" = protocol=17 | dir=in | app=c:\program files\condition zero\hl.exe |
"UDP Query User{49B88382-3F0E-4EC5-8D62-BBFD14AC74D7}C:\riot games\league of legends\rads\projects\lol_patcher\releases\0.0.0.14\deploy\lolpatcher.exe" = protocol=17 | dir=in | app=c:\riot games\league of legends\rads\projects\lol_patcher\releases\0.0.0.14\deploy\lolpatcher.exe |
"UDP Query User{4ACBEF1D-167A-4EE5-BDBB-8A45E8560074}C:\riot games\league of legends\rads\projects\lol_patcher\releases\0.0.0.14\deploy\lolpatcherux.exe" = protocol=17 | dir=in | app=c:\riot games\league of legends\rads\projects\lol_patcher\releases\0.0.0.14\deploy\lolpatcherux.exe |
"UDP Query User{508CB5F9-7A96-48C6-86D0-E57AB894F692}C:\users\tdw\eclipse\java-mars\eclipse\eclipse.exe" = protocol=17 | dir=in | app=c:\users\tdw\eclipse\java-mars\eclipse\eclipse.exe |
"UDP Query User{5CE52326-3DB1-4CE9-8B85-2CD6F66A8055}C:\windows\system32\javaw.exe" = protocol=17 | dir=in | app=c:\windows\system32\javaw.exe |
"UDP Query User{5FE78AE6-8A3F-4FB7-8E26-D3A9D98D7869}C:\users\tdw\eclipse\java-mars\eclipse\eclipse.exe" = protocol=17 | dir=in | app=c:\users\tdw\eclipse\java-mars\eclipse\eclipse.exe |
"UDP Query User{61B6C7DA-C0A5-4C88-A781-39BB95630B2C}C:\need for speed most wanted\need for speed most wanted\speed.exe" = protocol=17 | dir=in | app=c:\need for speed most wanted\need for speed most wanted\speed.exe |
"UDP Query User{6655F048-8768-4375-AC30-D6901C26C12C}C:\program files\java\jre7\bin\jp2launcher.exe" = protocol=17 | dir=in | app=c:\program files\java\jre7\bin\jp2launcher.exe |
"UDP Query User{6F69BE84-9664-4057-ACB3-5B8E42CC6E97}C:\users\tdw\appdata\local\akamai\netsession_win.exe" = protocol=17 | dir=in | app=c:\users\tdw\appdata\local\akamai\netsession_win.exe |
"UDP Query User{76BA3753-1AE3-4DA8-A6E6-80A92A06F820}C:\program files\lolreplay\lolreplay.exe" = protocol=17 | dir=in | app=c:\program files\lolreplay\lolreplay.exe |
"UDP Query User{8520F0A2-71A8-431B-8311-227D4FC01AEC}C:\games\world_of_tanks\wotlauncher.exe" = protocol=17 | dir=in | app=c:\games\world_of_tanks\wotlauncher.exe |
"UDP Query User{852E557B-46DD-4778-ACC8-8D3BF8EF1584}C:\users\tdw\appdata\local\temp\hydcb5a.tmp.1471938581_permissionscopy\utorrent.exe" = protocol=17 | dir=in | app=c:\users\tdw\appdata\local\temp\hydcb5a.tmp.1471938581_permissionscopy\utorrent.exe |
"UDP Query User{8E734D45-C1B1-49C4-B5AA-1D6CE64CE0FB}C:\program files\condition zero\hl.exe" = protocol=17 | dir=in | app=c:\program files\condition zero\hl.exe |
"UDP Query User{9A1C9306-5A83-4503-805E-D98883250939}C:\ellina\maplestory\ellinia.exe" = protocol=17 | dir=in | app=c:\ellina\maplestory\ellinia.exe |
"UDP Query User{A168DDFE-C23D-4D8B-93FB-083E7157F8B2}C:\need for speed most wanted\need for speed most wanted\speed.exe" = protocol=17 | dir=in | app=c:\need for speed most wanted\need for speed most wanted\speed.exe |
"UDP Query User{A1CE00F9-AEA6-43C0-AE10-AF7F9CD9280A}C:\program files\counter-strike 1.6\hl.exe" = protocol=17 | dir=in | app=c:\program files\counter-strike 1.6\hl.exe |
"UDP Query User{A881EE44-AE2C-4231-A33D-509DD6716D7B}C:\counter strike\counter strike + condition zero\condition zero\czero.exe" = protocol=17 | dir=in | app=c:\counter strike\counter strike + condition zero\condition zero\czero.exe |
"UDP Query User{B1CE99B3-ACD0-454B-8191-780986CA869B}C:\program files\steam\steamapps\common\terraria\terrariaserver.exe" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\terraria\terrariaserver.exe |
"UDP Query User{B90E13BD-67CE-404C-83C9-A74ECF7D18F3}C:\program files\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe |
"UDP Query User{C82643D4-BF36-4E96-83D9-648813BFFE51}C:\program files\counter-strike 1.6\hltv.exe" = protocol=17 | dir=in | app=c:\program files\counter-strike 1.6\hltv.exe |
"UDP Query User{D04D3664-5A11-4B0A-858D-5C8B70B3EE17}C:\users\tdw\appdata\local\akamai\netsession_win.exe" = protocol=17 | dir=in | app=c:\users\tdw\appdata\local\akamai\netsession_win.exe |
"UDP Query User{DB16403F-9F6F-4F97-9FAD-07ADE92962F6}C:\program files\microsoft virtual pc\virtual pc.exe" = protocol=17 | dir=in | app=c:\program files\microsoft virtual pc\virtual pc.exe |
"UDP Query User{DF605539-BE6B-4221-A602-C72D7E3BDCB1}C:\program files\electronic arts\eadm\core.exe" = protocol=17 | dir=in | app=c:\program files\electronic arts\eadm\core.exe |
"UDP Query User{EA342DA3-A240-4A22-AD3C-41C59107A5CC}C:\program files\kol halashon\kol halashon download manager\khl download manager.exe" = protocol=17 | dir=in | app=c:\program files\kol halashon\kol halashon download manager\khl download manager.exe |
"UDP Query User{F1E6C7BD-F16E-4082-A773-0DD4C8A4C6AF}C:\users\user\appdata\local\akamai\netsession_win.exe" = protocol=17 | dir=in | app=c:\users\user\appdata\local\akamai\netsession_win.exe |
"UDP Query User{F35B8937-6947-4D0E-BF41-49182648257C}C:\program files\microsoft office\office14\groove.exe" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\groove.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{09DA5EE2-7E46-4DC4-96F9-BFEE50D40659}" = Citrix Online Launcher
"{1196038E-D257-43EA-9E64-097D4839A70E}_is1" = MapleGlobal version 0.03
"{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}" = Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{26A24AE4-039D-4CA4-87B4-2F83218031F0}" = Java 8 Update 31
"{2A842F3F-CE6D-3DFD-9ECB-9CC3C5150A67}" = Microsoft .NET Framework 4.7
"{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}" = Microsoft XNA Framework Redistributable 4.0
"{3215C938-0FCD-42C7-A221-51489CECA50C}_is1" = גלישה בטוחה version 4.16.13
"{3B983EFD-6E37-4AD9-9A7D-8C83E61674F7}" = Splashtop Connect IE
"{3DECD372-76A1-4483-BF10-B547790A3261}" = ON_OFF Charge B11.0110.1
"{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}" = Microsoft ASP.NET MVC 4 Runtime
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4DC59BF3-0D72-3CE8-BFEF-1E8FAF689EB0}" = Microsoft Visual Studio 2010 Tools for Office Runtime (x86)
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{5F189DF5-2D05-472B-9091-84D9848AE48B}{5837205}" = Browser faster
"{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}" = Google Update Helper
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{69BCE4AC-9572-3271-A2FB-9423BDA36A43}" = Microsoft Visual C++ 2015 x86 Additional Runtime - 14.0.24215
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{77463C86-BB3A-426E-A6C2-06B4D28C250F}" = Citrix Online Launcher
"{79BF4901-1EC4-4726-B3C2-A7859706C6E7}" = League of Legends
"{7B77622E-DE90-48EA-B2C7-227B1DE58A01}" = Adobe AIR
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{8A7CAA24-7B23-410B-A7C3-F994B0944160}" = Microsoft Virtual PC 2007
"{8F0CD7D1-42F3-4195-95CD-833578D45057}_is1" = Zemana AntiMalware
"{90120000-0070-0000-0000-4000000FF1CE}" = Microsoft Visual Basic for Applications 7.1 (x86)
"{90120000-00A4-0409-0000-0000000FF1CE}" = Microsoft Office 2003 Web Components
"{90140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0015-040D-0000-0000000FF1CE}" = Microsoft Office Access MUI (Hebrew) 2010
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0016-040D-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Hebrew) 2010
"{90140000-0017-040D-0000-0000000FF1CE}" = Microsoft Office SharePoint Designer MUI (Hebrew) 2010
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0018-040D-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Hebrew) 2010
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-0019-040D-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Hebrew) 2010
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001A-040D-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Hebrew) 2010
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001B-040D-0000-0000000FF1CE}" = Microsoft Office Word MUI (Hebrew) 2010
"{90140000-001F-0401-0000-0000000FF1CE}" = Microsoft Office Proof (Arabic) 2010
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040D-0000-0000000FF1CE}" = Microsoft Office Proof (Hebrew) 2010
"{90140000-001F-0419-0000-0000000FF1CE}" = Microsoft Office Proof (Russian) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-002C-040D-0000-0000000FF1CE}" = Microsoft Office Proofing (Hebrew) 2010
"{90140000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010
"{90140000-0044-040D-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (Hebrew) 2010
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-006E-040D-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Hebrew) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00A1-040D-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (Hebrew) 2010
"{90140000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010
"{90140000-00BA-040D-0000-0000000FF1CE}" = Microsoft Office Groove MUI (Hebrew) 2010
"{90140000-0100-040D-0000-0000000FF1CE}" = Microsoft Office O MUI (Hebrew) 2010
"{90140000-0101-040D-0000-0000000FF1CE}" = Microsoft Office X MUI (Hebrew) 2010
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033" = Microsoft .NET Framework 4.7
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{AC76BA86-0804-1033-1959-001824245926}" = Adobe Refresh Manager
"{AC76BA86-7AD7-1033-7B44-AC0F074E4100}" = Adobe Acrobat Reader DC
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Ansel" = NVIDIA Ansel
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Driver 388.13
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 388.13
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 388.13
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller Driver 352.65
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX System Software 9.15.0428
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 2.11.4.1
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_GFExperience.NvStreamSrv" = SHIELD Streaming
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD Audio Driver 1.3.35.1
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVDisplayContainer" = NVIDIA Display Container
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVDisplayContainerLS" = NVIDIA Display Container LS
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVDisplayPluginWatchdog" = NVIDIA Display Watchdog Plugin
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVDisplaySessionContainer" = NVIDIA Display Session Container
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_ShieldWirelessController" = SHIELD Wireless Controller Driver
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Update.Core" = NVIDIA Update Core
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_VirtualAudio.Driver" = NVIDIA Virtual Audio 1.2.40
"{BAB89D31-4C55-472B-8909-6CBE2CC276B1}" = Microsoft Visual Basic for Applications 7.1 (x86) English
"{BBF2AC74-720C-3CB3-8291-5E34039232FA}" = Microsoft Visual C++ 2015 x86 Minimum Runtime - 14.0.24215
"{ce085a78-074e-4823-8dc1-8a721b94b76d}" = Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005
"{D481EA96-2313-4A7C-98EE-710D1AF884AC}" = Microsoft Visual Studio 2005 Tools for Applications - ENU
"{DFBB738C-71D8-4DC5-B8D2-D65C37680E27}" = Etron USB3.0 Host Controller
"{e2803110-78b3-4664-a479-3611a381656a}" = Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215
"{EA2DB6E0-72C5-4ef9-A3A0-E6705F4A6A9E}" = Nexon Game Manager
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center
"{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}" = Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 28 ActiveX
"CCleaner" = CCleaner
"Counter-Strike 1.6" = Counter-Strike 1.6
"Google Chrome" = Google Chrome
"League of Legends 3.0.1" = League of Legends
"MapleStory" = MapleStory
"Microsoft Visual Studio 2005 Tools for Applications - ENU" = Microsoft Visual Studio 2005 Tools for Applications - ENU
"Microsoft Visual Studio 2010 Tools for Office Runtime (x86)" = Microsoft Visual Studio 2010 Tools for Office Runtime (x86)
"Nero - Burning Rom!UninstallKey" = Nero 6 Ultra Edition
"Nexon Nexon Launcher" = Nexon Launcher
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"Office14.OMUI.he-il" = Microsoft Office Language Pack 2010 - Hebrew עברית
"Office14.PROPLUS" = Microsoft Office Professional Plus 2010
"Popcorn Time_is1" = Popcorn Time
"S-161304646" = SK.Enhancer
"SP_ecec6af5" = SK.Helper 1.74
"VLC media player" = VLC media player
"VulkanRT1.0.61.0" = Vulkan Run Time Libraries 1.0.61.0
"WinRAR archiver" = WinRAR 4.11 (32-bit)
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 10-Jan-18 5:39:57 PM | Computer Name = user-PC | Source = WinMgmt | ID = 10
Description =
Error - 11-Jan-18 5:26:44 AM | Computer Name = user-PC | Source = WinMgmt | ID = 10
Description =
Error - 11-Jan-18 5:28:16 AM | Computer Name = user-PC | Source = WinMgmt | ID = 10
Description =
Error - 11-Jan-18 6:33:03 AM | Computer Name = user-PC | Source = Application Error | ID = 1000
Description = Faulting application name: LeagueClientUxRender.exe, version: 8.2.214.747,
time stamp: 0x5a55ab5f Faulting module name: LeagueClientUxRender.exe, version:
8.2.214.747, time stamp: 0x5a55ab5f Exception code: 0xc0000005 Fault offset: 0x00049001
Faulting
process id: 0xb3c Faulting application start time: 0x01d38abebd234a89 Faulting application
path: C:\Riot Games\PBE\PBE\RADS\projects\league_client\releases\0.0.1.107\deploy\LeagueClientUxRender.exe
Faulting
module path: C:\Riot Games\PBE\PBE\RADS\projects\league_client\releases\0.0.1.107\deploy\LeagueClientUxRender.exe
Report
Id: cd4fd339-f6ba-11e7-8eaa-50e549c049f3
Error - 13-Jan-18 7:18:00 AM | Computer Name = user-PC | Source = Application Error | ID = 1000
Description = Faulting application name: LeagueClientUxRender.exe, version: 8.2.214.4283,
time stamp: 0x5a58407f Faulting module name: libcef.dll, version: 3.2623.1397.0,
time stamp: 0x58a39fbe Exception code: 0xc0000005 Fault offset: 0x00206567 Faulting
process id: 0x1428 Faulting application start time: 0x01d38c5537cc83ad Faulting application
path: C:\Riot Games\PBE\PBE\RADS\projects\league_client\releases\0.0.1.109\deploy\LeagueClientUxRender.exe
Faulting
module path: C:\Riot Games\PBE\PBE\RADS\projects\league_client\releases\0.0.1.109\deploy\libcef.dll
Report
Id: 69cb2b8d-f853-11e7-8eaa-50e549c049f3
Error - 13-Jan-18 10:05:46 AM | Computer Name = user-PC | Source = Application Error | ID = 1000
Description = Faulting application name: Speed.exe, version: 0.0.0.0, time stamp:
0x438e4c8c Faulting module name: Speed.exe, version: 0.0.0.0, time stamp: 0x438e4c8c
Exception
code: 0x80000003 Fault offset: 0x003cd7c2 Faulting process id: 0x5dc Faulting application
start time: 0x01d38c75dd0b28d8 Faulting application path: C:\Need For Speed Most
Wanted\Need for Speed Most Wanted\Speed.exe Faulting module path: C:\Need For Speed
Most Wanted\Need for Speed Most Wanted\Speed.exe Report Id: d92fd9f2-f86a-11e7-8eaa-50e549c049f3
Error - 16-Jan-18 9:15:35 AM | Computer Name = user-PC | Source = WinMgmt | ID = 10
Description =
Error - 16-Jan-18 9:21:11 AM | Computer Name = user-PC | Source = WinMgmt | ID = 10
Description =
Error - 17-Jan-18 3:53:06 PM | Computer Name = user-PC | Source = WinMgmt | ID = 10
Description =
Error - 18-Jan-18 9:48:42 AM | Computer Name = user-PC | Source = WinMgmt | ID = 10
Description =
[ System Events ]
Error - 12-Jan-18 10:01:10 PM | Computer Name = user-PC | Source = volsnap | ID = 393251
Description = The shadow copies of volume C: were aborted because the shadow copy
storage failed to grow.
Error - 16-Jan-18 9:14:35 AM | Computer Name = user-PC | Source = Service Control Manager | ID = 7009
Description = A timeout was reached (30000 milliseconds) while waiting for the BUpdater
Windows Service service to connect.
Error - 16-Jan-18 9:14:35 AM | Computer Name = user-PC | Source = Service Control Manager | ID = 7000
Description = The BUpdater Windows Service service failed to start due to the following
error: %%1053
Error - 16-Jan-18 9:14:35 AM | Computer Name = user-PC | Source = Service Control Manager | ID = 7000
Description = The sbmntr service failed to start due to the following error: %%3
Error - 16-Jan-18 9:20:52 AM | Computer Name = user-PC | Source = Service Control Manager | ID = 7000
Description = The sbmntr service failed to start due to the following error: %%3
Error - 17-Jan-18 3:52:56 PM | Computer Name = user-PC | Source = Service Control Manager | ID = 7000
Description = The sbmntr service failed to start due to the following error: %%3
Error - 18-Jan-18 7:45:54 AM | Computer Name = user-PC | Source = Service Control Manager | ID = 7043
Description = The Diagnostics Tracking Service service did not shut down properly
after receiving a preshutdown control.
Error - 18-Jan-18 9:48:39 AM | Computer Name = user-PC | Source = Service Control Manager | ID = 7009
Description = A timeout was reached (30000 milliseconds) while waiting for the BUpdater
Windows Service service to connect.
Error - 18-Jan-18 9:48:39 AM | Computer Name = user-PC | Source = Service Control Manager | ID = 7000
Description = The BUpdater Windows Service service failed to start due to the following
error: %%1053
Error - 18-Jan-18 9:48:39 AM | Computer Name = user-PC | Source = Service Control Manager | ID = 7000
Description = The sbmntr service failed to start due to the following error: %%3
< End of report >
-
Rudy
- Site Admin
- Příspěvky: 118275
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Pomalý počítač po odstranění malware
Spusťte znovu OTL jako správce a do bílého okna zkopírujte:
Po restartu se objevi novy log, ten sem dejte.
Kliknete na Opravit a nechte program pracovat. Pri otazce na restart souhlaste.:OTL
DRV - [2018-01-17 21:39:58 | 000,181,496 | ---- | M] (Zemana Ltd.) [Kernel | System | Running] -- C:\Windows\System32\drivers\zam32.sys -- (ZAM)
DRV - [2018-01-17 21:39:57 | 000,181,496 | ---- | M] (Zemana Ltd.) [Kernel | System | Running] -- C:\Windows\System32\drivers\zamguard32.sys -- (ZAM_Guard)
IE - HKU\S-1-5-21-1390296456-3514786238-1037386279-1003\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTer ... 02&pc=UE10
IE - HKU\S-1-5-21-1390296456-3514786238-1037386279-1003\..\SearchScopes\{70839579-320E-4763-A420-8468514E4F69}: "URL" = http://www.bing.com/search?q={searchTer ... ORM=IESR02
O4 - HKLM..\Run: [ZAM] C:\Program Files\Zemana AntiMalware\ZAM.exe (Copyright 2017.)
:files
C:\Program Files\Zemana AntiMalware
C:\Windows\ZAM.krnl.trace
C:\Windows\ZAM_Guard.krnl.trace
C:\Users\Public\Desktop\Zemana AntiMalware.lnk
%windir%\system32\*.tmp.dll /s
%windir%\system32\SET*.tmp /s
%windir%\*.tmp
:commands
[EMPTYTEMP]
[EMPTYFLASH]
[RESETHOSTS]
[Purity]
[CreateRestorePoint]
Po restartu se objevi novy log, ten sem dejte.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: Pomalý počítač po odstranění malware
All processes killed
========== OTL ==========
Error: Unable to stop service ZAM!
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ZAM deleted successfully.
C:\Windows\System32\drivers\zam32.sys moved successfully.
Service ZAM_Guard stopped successfully!
Service ZAM_Guard deleted successfully!
C:\Windows\System32\drivers\zamguard32.sys moved successfully.
Registry key HKEY_USERS\S-1-5-21-1390296456-3514786238-1037386279-1003\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_USERS\S-1-5-21-1390296456-3514786238-1037386279-1003\Software\Microsoft\Internet Explorer\SearchScopes\{70839579-320E-4763-A420-8468514E4F69}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{70839579-320E-4763-A420-8468514E4F69}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ZAM deleted successfully.
C:\Program Files\Zemana AntiMalware\ZAM.exe moved successfully.
========== FILES ==========
C:\Program Files\Zemana AntiMalware\res folder moved successfully.
C:\Program Files\Zemana AntiMalware\lang folder moved successfully.
C:\Program Files\Zemana AntiMalware folder moved successfully.
C:\Windows\ZAM.krnl.trace moved successfully.
C:\Windows\ZAM_Guard.krnl.trace moved successfully.
C:\Users\Public\Desktop\Zemana AntiMalware.lnk moved successfully.
File/Folder C:\Windows\system32\*.tmp.dll not found.
File/Folder C:\Windows\system32\SET*.tmp not found.
C:\Windows\msdownld.tmp folder moved successfully.
========== COMMANDS ==========
[EMPTYTEMP]
User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: All Users
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: Public
User: TDW
->Temp folder emptied: 5309852 bytes
->Temporary Internet Files folder emptied: 388736 bytes
->Flash cache emptied: 296 bytes
User: user
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 0 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 16380 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 5.00 mb
[EMPTYFLASH]
User: Administrator
User: All Users
User: Default
->Flash cache emptied: 0 bytes
User: Default User
->Flash cache emptied: 0 bytes
User: Public
User: TDW
->Flash cache emptied: 0 bytes
User: user
->Flash cache emptied: 0 bytes
Total Flash Files Cleaned = 0.00 mb
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
Restore point Set: OTL Restore Point
OTL by OldTimer - Version 3.2.69.0 log created on 01182018_221913
Files\Folders moved on Reboot...
C:\Users\TDW\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.
PendingFileRenameOperations files...
Registry entries deleted on Reboot...
========== OTL ==========
Error: Unable to stop service ZAM!
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ZAM deleted successfully.
C:\Windows\System32\drivers\zam32.sys moved successfully.
Service ZAM_Guard stopped successfully!
Service ZAM_Guard deleted successfully!
C:\Windows\System32\drivers\zamguard32.sys moved successfully.
Registry key HKEY_USERS\S-1-5-21-1390296456-3514786238-1037386279-1003\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_USERS\S-1-5-21-1390296456-3514786238-1037386279-1003\Software\Microsoft\Internet Explorer\SearchScopes\{70839579-320E-4763-A420-8468514E4F69}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{70839579-320E-4763-A420-8468514E4F69}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ZAM deleted successfully.
C:\Program Files\Zemana AntiMalware\ZAM.exe moved successfully.
========== FILES ==========
C:\Program Files\Zemana AntiMalware\res folder moved successfully.
C:\Program Files\Zemana AntiMalware\lang folder moved successfully.
C:\Program Files\Zemana AntiMalware folder moved successfully.
C:\Windows\ZAM.krnl.trace moved successfully.
C:\Windows\ZAM_Guard.krnl.trace moved successfully.
C:\Users\Public\Desktop\Zemana AntiMalware.lnk moved successfully.
File/Folder C:\Windows\system32\*.tmp.dll not found.
File/Folder C:\Windows\system32\SET*.tmp not found.
C:\Windows\msdownld.tmp folder moved successfully.
========== COMMANDS ==========
[EMPTYTEMP]
User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: All Users
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: Public
User: TDW
->Temp folder emptied: 5309852 bytes
->Temporary Internet Files folder emptied: 388736 bytes
->Flash cache emptied: 296 bytes
User: user
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 0 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 16380 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 5.00 mb
[EMPTYFLASH]
User: Administrator
User: All Users
User: Default
->Flash cache emptied: 0 bytes
User: Default User
->Flash cache emptied: 0 bytes
User: Public
User: TDW
->Flash cache emptied: 0 bytes
User: user
->Flash cache emptied: 0 bytes
Total Flash Files Cleaned = 0.00 mb
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
Restore point Set: OTL Restore Point
OTL by OldTimer - Version 3.2.69.0 log created on 01182018_221913
Files\Folders moved on Reboot...
C:\Users\TDW\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.
PendingFileRenameOperations files...
Registry entries deleted on Reboot...
-
Rudy
- Site Admin
- Příspěvky: 118275
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Pomalý počítač po odstranění malware
OK, smazáno. Nastala nějaká změna?
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: Pomalý počítač po odstranění malware
Situace se zlepšila a počítač se již náhodně nerestartuje a též se spouští rychleji. Děkuji za pomoc!
-
Rudy
- Site Admin
- Příspěvky: 118275
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Pomalý počítač po odstranění malware
To jsem rád. Nemáte zač! 
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Přispějete na provoz fóra?