VIRY.CZ

Pomáháme v boji s počítačovou havěti!
https://forum.viry.cz:443/

Pomalý počítač po odstranění malware

https://forum.viry.cz:443/viewtopic.php?t=153603

Stránka 1 z 1

Pomalý počítač po odstranění malware

Napsal: 17 led 2018 21:55
od Cliché
Zdravím!

Na počítači byl problém s malware browserem Chrome Search Club, který jsme s pomocí návodu na netu a programu Zemana AntiMalware Free odstranili. Nicméně počítač se stále pomalu načítá, občas se sám od sebe restartuje, blue screen se často opakuje. Obrazovka, myš i klávesnice někdy zamrznou a nereagují. Též internet je pomalejší.

Předem děkuji za pomoc!
______________________________________________________________________________________________________________

Logfile of random's system information tool 1.10 (written by random/random)
Run by TDW at 2018-01-17 22:29:45
Microsoft Windows 7 Ultimate Service Pack 1
System drive C: has 214 GB (45%) free of 477 GB
Total RAM: 3575 MB (49% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 10:29:46 PM, on 17-Jan-18
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.18858)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskhost.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe
C:\Program Files\bcontrol\Bezeq.bclient.exe
C:\Program Files\Zemana AntiMalware\ZAM.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Cleaning\RSIT.exe
C:\Program Files\trend micro\TDW.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:Tabs
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Splashtop Connect SearchHook - {0F3DC9E0-C459-4a40-BCF8-747BD9322E10} - C:\Program Files\Splashtop\Splashtop Connect IE\AddressBarSearch.dll
O2 - BHO: Splashtop Connect VisualBookmark - {0E5680D1-BF44-4929-94AF-FD30D784AD1D} - C:\Program Files\Splashtop\Splashtop Connect IE\STC.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.8.0_31\bin\ssv.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre1.8.0_31\bin\jp2ssv.dll
O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe -s
O4 - HKLM\..\Run: [STCAgent] "C:\Program Files\Splashtop\Splashtop Connect IE\STCAgent.exe"
O4 - HKLM\..\Run: [ZyngaGamesAgent] "C:\Program Files\Splashtop\Splashtop Connect\ZyngaGamesAgent.exe"
O4 - HKLM\..\Run: [Logitech Download Assistant] C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
O4 - HKLM\..\Run: [NvBackend] "C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe"
O4 - HKLM\..\Run: [bcontrol] "C:\Program Files\bcontrol\Bezeq.bclient.exe"
O4 - HKLM\..\Run: [ZAM] "C:\Program Files\Zemana AntiMalware\ZAM.exe" /minimized
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra button: (no name) - {4F9FD89A-24F0-4fb7-9635-D54B3593B85B} - C:\Program Files\Splashtop\Splashtop Connect IE\STC.dll (HKCU)
O9 - Extra 'Tools' menuitem: @"C:\Program Files\Splashtop\Splashtop Connect IE\STCHelper.exe",-101 - {4F9FD89A-24F0-4fb7-9635-D54B3593B85B} - C:\Program Files\Splashtop\Splashtop Connect IE\STC.dll (HKCU)
O9 - Extra button: @"C:\Program Files\Splashtop\Splashtop Connect IE\STCHelper.exe",-103 - {9E508DD9-844C-4985-AC11-AFE5DD71E0BF} - C:\Program Files\Splashtop\Splashtop Connect IE\STC.dll (HKCU)
O9 - Extra button: (no name) - {B771147A-4CC8-450e-8AB1-7D47821751B1} - C:\Program Files\Splashtop\Splashtop Connect IE\STC.dll (HKCU)
O9 - Extra 'Tools' menuitem: @"C:\Program Files\Splashtop\Splashtop Connect IE\STCHelper.exe",-102 - {B771147A-4CC8-450e-8AB1-7D47821751B1} - C:\Program Files\Splashtop\Splashtop Connect IE\STC.dll (HKCU)
O9 - Extra button: @"C:\Program Files\Splashtop\Splashtop Connect IE\STCHelper.exe",-104 - {EB89B163-2474-4734-9E93-68B61BC5BED5} - C:\Program Files\Splashtop\Splashtop Connect IE\STC.dll (HKCU)
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O17 - HKLM\System\CCS\Services\Tcpip\..\{4F83BC11-E58F-45EB-9001-D6099356579E}: NameServer = 127.0.0.1
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 8.8.8.8,8.8.8.4
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 8.8.8.8,8.8.8.4
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 8.8.8.8,8.8.8.4
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - (no file)
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: AMD External Events Utility - AMD - C:\Windows\system32\atiesrxx.exe
O23 - Service: BUpdater Windows Service - Unknown owner - C:\Program Files\bcontrol\Bezeq.Service.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\Windows\system32\GameMon.des.exe (file missing)
O23 - Service: NVIDIA Display Container LS (NVDisplay.ContainerLocalSystem) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
O23 - Service: NVIDIA Streamer Network Service (NvStreamNetworkSvc) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
O23 - Service: NVIDIA Streamer Service (NvStreamSvc) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe
O23 - Service: Splashtop Connect Service (SCBackService) - Splashtop Inc. - C:\Program Files\Splashtop\Splashtop Connect\BackService.exe
O23 - Service: Intel(R) Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
O23 - Service: Update service - Popcorn Time - C:\Program Files\Popcorn Time\Updater.exe
O23 - Service: Splashtop Connect Firefox Software Updater Service (WCUService_STC_FF) - Unknown owner - C:\Program Files\Splashtop\Splashtop Connect Firefox Software Updater\WCUService.exe (file missing)
O23 - Service: Splashtop Connect IE Software Updater Service (WCUService_STC_IE) - Splashtop Inc. - C:\Program Files\Splashtop\Splashtop Connect IE Software Updater\WCUService.exe
O23 - Service: ZAM Controller Service (ZAMSvc) - Copyright 2017. - C:\Program Files\Zemana AntiMalware\ZAM.exe

--
End of file - 8654 bytes

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0E5680D1-BF44-4929-94AF-FD30D784AD1D}]
Splashtop Connect VisualBookmark - C:\Program Files\Splashtop\Splashtop Connect IE\STC.dll [2011-03-05 345968]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL [2013-12-19 4171480]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre1.8.0_31\bin\ssv.dll [2015-01-22 460712]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
Office Document Cache Handler - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL [2013-03-06 562904]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-01-22 172968]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"=C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [2011-06-07 10082920]
"STCAgent"=C:\Program Files\Splashtop\Splashtop Connect IE\STCAgent.exe [2011-03-05 776064]
"ZyngaGamesAgent"=C:\Program Files\Splashtop\Splashtop Connect\ZyngaGamesAgent.exe []
"Logitech Download Assistant"=C:\Windows\System32\LogiLDA.dll [2012-09-20 1425208]
"NvBackend"=C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe [2016-06-15 2398776]
"bcontrol"=C:\Program Files\bcontrol\Bezeq.bclient.exe [2017-09-12 49608]
"ZAM"=C:\Program Files\Zemana AntiMalware\ZAM.exe [2017-08-09 15775888]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BCSSync]
C:\Program Files\Microsoft Office\Office14\BCSSync.exe [2012-11-05 89184]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogMeIn Hamachi Ui]
C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe --auto-start []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OfficeSyncProcess]
C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE [2015-09-02 721504]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Optimizer Pro]
C:\Program Files\Optimizer Pro\OptProLauncher.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
C:\Program Files\Skype\Phone\Skype.exe /minimized /regrun []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\STCAgent]
C:\Program Files\Splashtop\Splashtop Connect IE\STCAgent.exe [2011-03-05 776064]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL [2013-12-19 4171480]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ESETOlmarikOlmascoCleaner]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ESETOlmarikOlmascoCleaner.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\ESETOlmarikOlmascoCleaner]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\ESETOlmarikOlmascoCleaner.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\McNaiAnn]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MCODS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{4D36E96C-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5
"ConsentPromptBehaviorUser"=3
"EnableUIADesktopToggle"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvyu"=msyuv.dll
"vidc.iyuv"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"vidc.yvu9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"vidc.cvid"=iccvid.dll
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"wave2"=wdmaud.drv
"midi2"=wdmaud.drv
"mixer2"=wdmaud.drv
"aux2"=wdmaud.drv
"wave3"=wdmaud.drv
"midi3"=wdmaud.drv
"mixer3"=wdmaud.drv
"aux3"=wdmaud.drv
"wave4"=wdmaud.drv
"midi4"=wdmaud.drv
"mixer4"=wdmaud.drv
"aux4"=wdmaud.drv
"wave5"=wdmaud.drv
"midi5"=wdmaud.drv
"mixer5"=wdmaud.drv
"aux5"=wdmaud.drv
"wave6"=wdmaud.drv
"midi6"=wdmaud.drv
"mixer6"=wdmaud.drv
"aux6"=wdmaud.drv
"wave8"=wdmaud.drv
"midi8"=wdmaud.drv
"mixer8"=wdmaud.drv
"wave7"=wdmaud.drv
"midi7"=wdmaud.drv
"mixer7"=wdmaud.drv
"wave9"=wdmaud.drv
"midi9"=wdmaud.drv
"mixer9"=wdmaud.drv

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 month======

2018-01-17 22:12:26 ----D---- C:\rsit
2018-01-17 21:39:58 ----A---- C:\Windows\system32\drivers\zam32.sys
2018-01-17 21:39:57 ----A---- C:\Windows\system32\drivers\zamguard32.sys
2018-01-17 21:39:56 ----D---- C:\Program Files\Zemana AntiMalware
2018-01-16 15:13:48 ----A---- C:\Windows\system32\FNTCACHE.DAT
2017-12-30 12:49:16 ----D---- C:\Users\TDW\AppData\Roaming\SystemProcess

======List of files/folders modified in the last 1 month======

2018-01-17 22:29:46 ----D---- C:\Program Files\trend micro
2018-01-17 22:29:45 ----D---- C:\Windows\Temp
2018-01-17 22:14:05 ----D---- C:\Windows\Prefetch
2018-01-17 22:06:46 ----D---- C:\Windows\system32\config
2018-01-17 21:55:02 ----A---- C:\Windows\system32\log.txt
2018-01-17 21:52:50 ----D---- C:\ProgramData\NVIDIA
2018-01-17 21:52:47 ----D---- C:\Windows
2018-01-17 21:50:24 ----HD---- C:\ProgramData
2018-01-17 21:50:22 ----D---- C:\Windows\system32\drivers\etc
2018-01-17 21:50:15 ----D---- C:\Windows\system32\Tasks
2018-01-17 21:39:58 ----D---- C:\Windows\system32\drivers
2018-01-17 21:39:56 ----RD---- C:\Program Files
2018-01-17 18:30:57 ----D---- C:\Users\TDW\AppData\Roaming\vlc
2018-01-16 15:52:57 ----SHD---- C:\System Volume Information
2018-01-16 15:13:48 ----D---- C:\Windows\System32
2018-01-16 15:13:45 ----SHD---- C:\Config.Msi
2018-01-15 19:33:41 ----D---- C:\Windows\system32\wdi
2018-01-14 17:26:45 ----D---- C:\Program Files\Malwarebytes Anti-Malware
2018-01-14 01:00:00 ----D---- C:\Windows\inf
2018-01-13 06:00:00 ----D---- C:\Windows\system32\LogFiles
2018-01-13 02:04:40 ----D---- C:\Windows\debug
2018-01-11 11:39:33 ----SHD---- C:\Windows\Installer
2018-01-11 11:39:31 ----D---- C:\ProgramData\Microsoft Help
2018-01-11 11:39:06 ----D---- C:\Windows\system32\MRT
2018-01-11 11:34:15 ----AC---- C:\Windows\system32\MRT-KB890830.exe
2018-01-11 11:34:03 ----AC---- C:\Windows\system32\MRT.exe
2018-01-09 18:45:02 ----A---- C:\Windows\system32\FlashPlayerApp.exe
2018-01-09 18:45:01 ----D---- C:\Windows\system32\Macromed
2017-12-30 15:44:11 ----D---- C:\Windows\system32\NDF
2017-12-30 15:40:11 ----D---- C:\Windows\Tasks
2017-12-30 15:40:11 ----D---- C:\Windows\system32\wfp
2017-12-30 15:40:09 ----D---- C:\Windows\system32\wbem
2017-12-30 15:39:22 ----HD---- C:\Windows\system32\GroupPolicy
2017-12-30 15:39:22 ----D---- C:\Windows\winsxs
2017-12-30 15:39:22 ----D---- C:\Windows\system32\DriverStore
2017-12-30 15:39:22 ----D---- C:\Windows\system32\catroot2
2017-12-30 15:39:22 ----D---- C:\Program Files\Internet Explorer
2017-12-30 15:39:16 ----D---- C:\Program Files\Google
2017-12-30 15:39:14 ----D---- C:\Windows\registration
2017-12-30 15:38:42 ----RHD---- C:\MSOCache
2017-12-30 13:10:02 ----D---- C:\Windows\SoftwareDistribution
2017-12-30 13:09:43 ----D---- C:\Windows\Minidump

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12368]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2010-11-20 173440]
R1 CSC;@%systemroot%\system32\cscsvc.dll,-202; C:\Windows\system32\drivers\csc.sys [2010-11-20 388096]
R1 vmm;Virtual Machine Monitor; \??\C:\Windows\system32\Drivers\vmm.sys [2013-03-22 229208]
R3 EtronHub3;Etron USB 3.0 Extensible Hub Driver; C:\Windows\System32\Drivers\EtronHub3.sys [2011-05-25 41600]
R3 EtronXHCI;Etron USB 3.0 Extensible Host Controller Driver; C:\Windows\System32\Drivers\EtronXHCI.sys [2011-05-25 61824]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2011-06-07 3514152]
R3 MEI;Intel(R) Management Engine Interface; C:\Windows\system32\DRIVERS\HECI.sys [2010-09-21 41088]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver; C:\Windows\system32\drivers\nvhda32v.sys [2017-11-09 192432]
R3 NvStreamKms;NvStreamKms; \??\C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [2016-06-15 27704]
R3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM); C:\Windows\system32\drivers\nvvad32v.sys [2016-04-14 50744]
R3 RDPDR;Terminal Server Device Redirector Driver; C:\Windows\System32\drivers\rdpdr.sys [2010-11-20 133632]
R3 RTL8167;Realtek 8167 NT Driver; C:\Windows\system32\DRIVERS\Rt86win7.sys [2011-05-16 391272]
R3 VPCNetS2;Virtual Machine Network Services Driver; C:\Windows\system32\DRIVERS\VMNetSrv.sys [2007-01-29 59280]
S2 Parvdm;Parvdm; C:\Windows\system32\drivers\parvdm.sys [2009-07-14 8704]
S2 sbmntr;SBMNTR; \??\C:\PROGRA~1\YTDOWN~1\sbmntr.sys []
S3 aic78xx;aic78xx; C:\Windows\system32\drivers\djsvs.sys [2009-07-14 70720]
S3 amdagp;AMD AGP Bus Filter Driver; C:\Windows\system32\drivers\amdagp.sys [2009-07-14 53312]
S3 amdkmdag;amdkmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2015-04-24 16955392]
S3 amdkmdap;amdkmdap; C:\Windows\system32\DRIVERS\atikmpag.sys [2015-04-24 472576]
S3 AndNetDiag;LGE AndroidNet USB Serial Port; C:\Windows\system32\DRIVERS\lgandnetdiag.sys []
S3 ANDNetModem;LGE AndroidNet USB Modem; C:\Windows\system32\DRIVERS\lgandnetmodem.sys []
S3 andnetndis;LGE AndroidNet NDIS Ethernet Adapter; C:\Windows\system32\DRIVERS\lgandnetndis.sys []
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service; C:\Windows\system32\drivers\AtihdW73.sys [2016-03-01 87568]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0; C:\Windows\system32\DRIVERS\b57nd60x.sys [2009-07-14 229888]
S3 Bridge;@%SystemRoot%\system32\bridgeres.dll,-3; C:\Windows\system32\DRIVERS\bridge.sys [2009-07-14 78336]
S3 BridgeMP;@%SystemRoot%\system32\bridgeres.dll,-1; C:\Windows\system32\DRIVERS\bridge.sys [2009-07-14 78336]
S3 dmvsc;dmvsc; C:\Windows\system32\drivers\dmvsc.sys [2010-11-20 62464]
S3 EagleXNt;EagleXNt; \??\C:\Windows\system32\drivers\EagleXNt.sys []
S3 ESETOlmarikOlmascoCleaner;ESET Olmarik/Olmasco Cleaner; \??\C:\Windows\system32\Drivers\ESETOlmarikOlmascoCleaner.sys [2014-05-26 126472]
S3 gdrv;gdrv; \??\C:\Windows\gdrv.sys [2012-12-05 17488]
S3 hamachi;Hamachi Network Interface; C:\Windows\system32\DRIVERS\hamachi.sys [2009-03-19 26176]
S3 massfilter;ZTE Mass Storage Filter Driver; C:\Windows\system32\drivers\massfilter.sys []
S3 mcdbus;Driver for MagicISO SCSI Host Controller; C:\Windows\system32\DRIVERS\mcdbus.sys []
S3 msloop;Microsoft Loopback Adapter Driver; C:\Windows\system32\DRIVERS\loop.sys [2009-07-14 5632]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver; C:\Windows\System32\drivers\rdpvideominiport.sys [2017-08-13 15872]
S3 s3cap;s3cap; C:\Windows\system32\drivers\vms3cap.sys [2010-11-20 5632]
S3 sisagp;SIS AGP Bus Filter; C:\Windows\system32\drivers\sisagp.sys [2009-07-14 52304]
S3 storvsc;storvsc; C:\Windows\system32\drivers\storvsc.sys [2010-11-20 28032]
S3 Synth3dVsc;Synth3dVsc; C:\Windows\System32\drivers\synth3dvsc.sys [2010-11-20 77184]
S3 terminpt;Microsoft Remote Desktop Input Driver; C:\Windows\system32\drivers\terminpt.sys [2010-11-20 25600]
S3 TsUsbFlt;@%SystemRoot%\system32\drivers\tsusbflt.sys,-1; C:\Windows\System32\drivers\tsusbflt.sys [2010-11-20 52224]
S3 TsUsbGD;Remote Desktop Generic USB Device; C:\Windows\system32\drivers\TsUsbGD.sys [2010-11-20 27264]
S3 tsusbhub;@%SystemRoot%\system32\drivers\tsusbhub.sys,-1; C:\Windows\system32\drivers\tsusbhub.sys [2010-11-20 112640]
S3 usbscan;USB Scanner Driver; C:\Windows\system32\DRIVERS\usbscan.sys [2013-07-03 36352]
S3 VGPU;VGPU; C:\Windows\System32\drivers\rdvgkmd.sys []
S3 viaagp;VIA AGP Bus Filter; C:\Windows\system32\drivers\viaagp.sys [2009-07-14 53328]
S3 ViaC7;VIA C7 Processor Driver; C:\Windows\system32\drivers\viac7.sys [2009-07-14 52736]
S3 vmbus;vmbus; C:\Windows\system32\drivers\vmbus.sys [2010-11-20 175360]
S3 VMBusHID;VMBusHID; C:\Windows\system32\drivers\VMBusHID.sys [2010-11-20 17920]
S3 WDC_SAM;WD SCSI Pass Thru driver; C:\Windows\system32\DRIVERS\wdcsam.sys [2008-05-07 11520]
S3 WinUsb;WinUsb; C:\Windows\system32\DRIVERS\WinUsb.sys [2010-11-20 35968]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe [2017-09-27 83984]
R2 AMD External Events Utility;AMD External Events Utility; C:\Windows\system32\atiesrxx.exe [2015-04-24 212992]
R2 BUpdater Windows Service;BUpdater Windows Service; C:\Program Files\bcontrol\Bezeq.Service.exe [2017-09-12 10184]
R2 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2009-07-14 20992]
R2 DiagTrack;@%SystemRoot%\system32\UtcResources.dll,-3001; C:\Windows\System32\svchost.exe [2009-07-14 20992]
R2 LMS;Intel(R) Management and Security Application Local Management Service; C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe [2010-10-06 325656]
R2 NVDisplay.ContainerLocalSystem;NVIDIA Display Container LS; C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe [2017-10-27 425408]
R2 NvStreamSvc;NVIDIA Streamer Service; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [2016-06-15 2018360]
R2 SCBackService;Splashtop Connect Service; C:\Program Files\Splashtop\Splashtop Connect\BackService.exe [2010-11-15 477000]
R2 UNS;Intel(R) Management and Security Application User Notification Service; C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-10-06 2655768]
R2 Update service;Update service; C:\Program Files\Popcorn Time\Updater.exe [2016-08-26 339968]
R2 WCUService_STC_IE;Splashtop Connect IE Software Updater Service; C:\Program Files\Splashtop\Splashtop Connect IE Software Updater\WCUService.exe [2011-03-22 497480]
R3 NvStreamNetworkSvc;NVIDIA Streamer Network Service; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe [2016-06-15 2905656]
R3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2017-04-21 107656]
S2 gupdate;Google Update Service (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2015-08-29 144200]
S2 WCUService_STC_FF;Splashtop Connect Firefox Software Updater Service; C:\Program Files\Splashtop\Splashtop Connect Firefox Software Updater\WCUService.exe []
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2018-01-09 272384]
S3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2009-07-14 20992]
S3 aspnet_state;ASP.NET State Service; C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe [2017-04-21 47224]
S3 gupdatem;Google Update Service (gupdatem); C:\Program Files\Google\Update\GoogleUpdate.exe [2015-08-29 144200]
S3 IEEtwCollectorService;@%SystemRoot%\system32\ieetwcollectorres.dll,-1000; C:\Windows\system32\IEEtwCollector.exe [2017-11-07 104960]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service; C:\Program Files\Microsoft Office\Office14\GROOVE.EXE [2013-12-19 30814400]
S3 npggsvc;nProtect GameGuard Service; C:\Windows\system32\GameMon.des [2016-02-24 4362656]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2017-09-12 159960]
S3 osppsvc;Office Software Protection Platform; C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4640000]
S3 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2012-12-04 1343400]
S4 msvsmon80;Visual Studio 2005 Remote Debugger; C:\Program Files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe [2005-09-23 2799808]
S4 NetMsmqActivator;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2017-04-21 136312]
S4 NetPipeActivator;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2017-04-21 136312]
S4 NetTcpActivator;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2017-04-21 136312]

-----------------EOF-----------------

Re: Pomalý počítač po odstranění malware

Napsal: 17 led 2018 22:05
od Rudy
Zdravím!
Jak je na tom váš oper.systém s legalitou?

Re: Pomalý počítač po odstranění malware

Napsal: 17 led 2018 22:10
od Cliché
Je legální. Po nákupu byl v počítači již předinstalován.

Re: Pomalý počítač po odstranění malware

Napsal: 18 led 2018 12:23
od Rudy
OK. Udělejte tento sken:

Stáhněte a spusťte OTL: http://oldtimer.geekstogo.com/OTL.exe . Spusťte, zaškrněte "Pro všechny uživatele", Kontrola na havěť LOP" a Kontrola na hvěť PURITY" a do dolního bílého okna zkopírujte:
CREATERESTOREPOINT

netsvcs
drivers32
savembr:0

/md5start
atapi.sys
autochk.exe
cdrom.sys
explorer.exe
hal.dll
scecli.dll
services.exe
svchost.exe
tcpip.sys
userinit.exe
winlogon.exe
/md5stop

%systemroot%*.* /U /s
%SYSTEMDRIVE%\*.exe
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\system32\drivers\*.sys /3
%systemroot%\system32\*.* /3
%SYSTEMDRIVE%\*.exe

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s

%PROGRAMFILES%\Mozilla Firefox\firefox.exe /md5
%PROGRAMFILES%\Internet Explorer\iexplore.exe /md5
%PROGRAMFILES%\Opera\opera.exe /md5
%PROGRAMFILES%\Google\Chrome\Application\chrome.exe /md5

%SystemDrive%\PhysicalMBR.bin /md5

*crack* /s
*keygen* /s
*loader* /s
a klikněte na >Prohledat<. Dejte oba logy.

Re: Pomalý počítač po odstranění malware

Napsal: 18 led 2018 20:32
od Cliché
OTL logfile created on: 18-Jan-18 9:11:53 PM - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Cleaning
Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.18860)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: dd-MMM-yy

3.49 Gb Total Physical Memory | 1.41 Gb Available Physical Memory | 40.49% Memory free
6.98 Gb Paging File | 4.89 Gb Available in Paging File | 69.99% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 465.66 Gb Total Space | 210.38 Gb Free Space | 45.18% Space Free | Partition Type: NTFS

Computer Name: USER-PC | User Name: TDW | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2018-01-03 10:56:48 | 001,367,384 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
PRC - [2017-10-27 18:36:39 | 000,425,408 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
PRC - [2017-09-27 11:27:08 | 000,083,984 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2017-09-12 14:20:58 | 000,049,608 | ---- | M] () -- C:\Program Files\bcontrol\Bezeq.bclient.exe
PRC - [2017-08-11 07:58:32 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2017-08-09 19:20:50 | 015,775,888 | ---- | M] (Copyright 2017.) -- C:\Program Files\Zemana AntiMalware\ZAM.exe
PRC - [2016-09-04 15:43:27 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Cleaning\OTL.exe
PRC - [2016-08-29 16:55:07 | 002,972,672 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2016-08-26 12:26:34 | 000,339,968 | ---- | M] (Popcorn Time) -- C:\Program Files\Popcorn Time\Updater.exe
PRC - [2016-06-15 03:14:44 | 002,398,776 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe
PRC - [2016-06-15 03:14:39 | 019,038,264 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
PRC - [2016-06-15 03:14:38 | 002,905,656 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
PRC - [2016-06-15 03:14:38 | 002,018,360 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe
PRC - [2015-04-24 09:34:00 | 000,626,688 | ---- | M] (AMD) -- C:\Windows\System32\atieclxx.exe
PRC - [2015-04-24 09:34:00 | 000,212,992 | ---- | M] (AMD) -- C:\Windows\System32\atiesrxx.exe
PRC - [2012-11-23 04:48:41 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2011-03-22 10:37:16 | 000,497,480 | ---- | M] (Splashtop Inc.) -- C:\Program Files\Splashtop\Splashtop Connect IE Software Updater\WCUService.exe
PRC - [2010-11-15 13:21:54 | 000,477,000 | ---- | M] (Splashtop Inc.) -- C:\Program Files\Splashtop\Splashtop Connect\BackService.exe
PRC - [2010-10-06 07:04:12 | 002,655,768 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
PRC - [2010-10-06 07:04:08 | 000,325,656 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe


========== Modules (No Company Name) ==========

MOD - [2018-01-03 10:56:53 | 003,062,104 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\63.0.3239.132\libglesv2.dll
MOD - [2018-01-03 10:56:53 | 000,085,848 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\63.0.3239.132\libegl.dll
MOD - [2017-09-14 12:43:05 | 002,297,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Core\bd9ff1a4363781a57e8f7392f230a203\System.Core.ni.dll
MOD - [2017-09-13 21:03:54 | 012,437,504 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\367e5b8a038ac76eba17528bb7b3688e\System.Windows.Forms.ni.dll
MOD - [2017-09-13 21:03:49 | 001,593,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\ce3c98f2bf220ef17b0cf4233cac6ceb\System.Drawing.ni.dll
MOD - [2017-09-13 21:03:42 | 005,467,648 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\77c1dc46ea139bf5e1eaa9b87ef03c7a\System.Xml.ni.dll
MOD - [2017-09-13 21:03:39 | 000,978,432 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\ad8dd536906e94c4bc9cb9b82285580b\System.Configuration.ni.dll
MOD - [2017-09-13 21:03:11 | 008,003,072 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ad92dab7f418877d6a1e0358ce35658a\System.ni.dll
MOD - [2017-09-13 21:03:07 | 011,500,544 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\9f895c66454577eff9c77442d0c84f71\mscorlib.ni.dll
MOD - [2017-09-12 14:20:58 | 000,072,648 | ---- | M] () -- C:\Program Files\bcontrol\Bezeq.Common.dll
MOD - [2017-09-12 14:20:58 | 000,049,608 | ---- | M] () -- C:\Program Files\bcontrol\Bezeq.bclient.exe
MOD - [2016-06-15 03:14:44 | 000,020,536 | ---- | M] () -- C:\Program Files\NVIDIA Corporation\Update Core\detoured.dll
MOD - [2013-09-05 00:14:10 | 004,300,456 | ---- | M] () -- C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF


========== Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- C:\Program Files\Splashtop\Splashtop Connect Firefox Software Updater\WCUService.exe -- (WCUService_STC_FF)
SRV - [2018-01-09 18:45:03 | 000,272,384 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2017-11-07 22:39:05 | 000,104,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV - [2017-10-27 18:36:39 | 000,425,408 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe -- (NVDisplay.ContainerLocalSystem)
SRV - [2017-09-27 11:27:08 | 000,083,984 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2017-09-12 14:20:58 | 000,010,184 | ---- | M] () [Auto | Stopped] -- C:\Program Files\bcontrol\Bezeq.Service.exe -- (BUpdater Windows Service)
SRV - [2017-08-09 19:20:50 | 015,775,888 | ---- | M] (Copyright 2017.) [Auto | Running] -- C:\Program Files\Zemana AntiMalware\ZAM.exe -- (ZAMSvc)
SRV - [2016-08-26 12:26:34 | 000,339,968 | ---- | M] (Popcorn Time) [Auto | Running] -- C:\Program Files\Popcorn Time\Updater.exe -- (Update service)
SRV - [2016-08-21 15:05:24 | 000,935,424 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\diagtrack.dll -- (DiagTrack)
SRV - [2016-06-15 03:14:38 | 002,905,656 | ---- | M] (NVIDIA Corporation) [On_Demand | Running] -- C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe -- (NvStreamNetworkSvc)
SRV - [2016-06-15 03:14:38 | 002,018,360 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe -- (NvStreamSvc)
SRV - [2016-02-24 09:15:00 | 004,362,656 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\System32\GameMon.des -- (npggsvc)
SRV - [2015-04-24 09:34:00 | 000,212,992 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2013-12-19 00:41:02 | 030,814,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service)
SRV - [2013-05-27 06:57:27 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2012-12-04 05:58:44 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2011-03-22 10:37:16 | 000,497,480 | ---- | M] (Splashtop Inc.) [Auto | Running] -- C:\Program Files\Splashtop\Splashtop Connect IE Software Updater\WCUService.exe -- (WCUService_STC_IE)
SRV - [2010-11-15 13:21:54 | 000,477,000 | ---- | M] (Splashtop Inc.) [Auto | Running] -- C:\Program Files\Splashtop\Splashtop Connect\BackService.exe -- (SCBackService)
SRV - [2010-10-06 07:04:12 | 002,655,768 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2010-10-06 07:04:08 | 000,325,656 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2009-07-14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009-07-14 03:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2005-09-23 07:01:16 | 002,799,808 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe -- (msvsmon80)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ZTEusbser6k.sys -- (ZTEusbser6k)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ZTEusbnmea.sys -- (ZTEusbnmea)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ZTEusbmdm6k.sys -- (ZTEusbmdm6k)
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\drivers\rdvgkmd.sys -- (VGPU)
DRV - File not found [Kernel | Auto | Stopped] -- C:\PROGRA~1\YTDOWN~1\sbmntr.sys -- (sbmntr)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\mcdbus.sys -- (mcdbus)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\massfilter.sys -- (massfilter)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\EagleXNt.sys -- (EagleXNt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\lgandnetndis.sys -- (andnetndis)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\lgandnetmodem.sys -- (ANDNetModem)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\lgandnetdiag.sys -- (AndNetDiag)
DRV - [2018-01-17 21:39:58 | 000,181,496 | ---- | M] (Zemana Ltd.) [Kernel | System | Running] -- C:\Windows\System32\drivers\zam32.sys -- (ZAM)
DRV - [2018-01-17 21:39:57 | 000,181,496 | ---- | M] (Zemana Ltd.) [Kernel | System | Running] -- C:\Windows\System32\drivers\zamguard32.sys -- (ZAM_Guard)
DRV - [2017-11-09 04:33:16 | 014,642,800 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2017-11-09 04:32:32 | 000,192,432 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvhda32v.sys -- (NVHDA)
DRV - [2017-08-13 23:35:45 | 000,015,872 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV - [2016-06-15 03:14:38 | 000,027,704 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys -- (NvStreamKms)
DRV - [2016-04-14 07:38:19 | 000,050,744 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvvad32v.sys -- (nvvad_WaveExtensible)
DRV - [2016-03-01 04:55:32 | 000,087,568 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\AtihdW73.sys -- (AtiHDAudioService)
DRV - [2015-04-24 09:34:04 | 016,955,392 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (amdkmdag)
DRV - [2015-04-24 09:34:04 | 000,472,576 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmpag.sys -- (amdkmdap)
DRV - [2014-05-26 21:38:43 | 000,126,472 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ESETOlmarikOlmascoCleaner.sys -- (ESETOlmarikOlmascoCleaner)
DRV - [2013-03-22 00:01:10 | 000,229,208 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\VMM.sys -- (vmm)
DRV - [2012-12-05 02:20:05 | 000,017,488 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\gdrv.sys -- (gdrv)
DRV - [2011-05-25 13:19:00 | 000,061,824 | ---- | M] (Etron Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\EtronXHCI.sys -- (EtronXHCI)
DRV - [2011-05-25 13:19:00 | 000,041,600 | ---- | M] (Etron Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\EtronHub3.sys -- (EtronHub3)
DRV - [2010-11-20 23:29:24 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010-11-20 23:29:03 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus)
DRV - [2010-11-20 23:29:03 | 000,112,640 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tsusbhub.sys -- (tsusbhub)
DRV - [2010-11-20 23:29:03 | 000,077,184 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Synth3dVsc.sys -- (Synth3dVsc)
DRV - [2010-11-20 23:29:03 | 000,062,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\dmvsc.sys -- (dmvsc)
DRV - [2010-11-20 23:29:03 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
DRV - [2010-11-20 23:29:03 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010-11-20 23:29:03 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc)
DRV - [2010-11-20 23:29:03 | 000,027,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV - [2010-11-20 23:29:03 | 000,025,600 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\terminpt.sys -- (terminpt)
DRV - [2010-11-20 23:29:03 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2010-11-20 23:29:03 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap)
DRV - [2010-09-21 19:59:02 | 000,041,088 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HECI.sys -- (MEI)
DRV - [2009-07-14 01:53:36 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\loop.sys -- (msloop)
DRV - [2009-07-14 01:45:33 | 000,083,456 | ---- | M] (Brother Industries Ltd.) [Kernel | System | Running] -- C:\Windows\System32\drivers\serial.sys -- (Serial)
DRV - [2009-03-19 02:35:40 | 000,026,176 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\hamachi.sys -- (hamachi)
DRV - [2008-05-07 02:06:00 | 000,011,520 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\wdcsam.sys -- (WDC_SAM)
DRV - [2007-01-29 06:20:34 | 000,059,280 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\VMNetSrv.sys -- (VPCNetS2)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1390296456-3514786238-1037386279-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:Tabs
IE - HKU\S-1-5-21-1390296456-3514786238-1037386279-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page_TIMESTAMP = DB AB 16 10 77 04 D2 01 [binary data]
IE - HKU\S-1-5-21-1390296456-3514786238-1037386279-1003\SOFTWARE\Microsoft\Internet Explorer\Main,SyncHomePage Protected - It is a violation of Windows Policy to modify. See aka.ms/browserpolicy = Reg Error: Value error.
IE - HKU\S-1-5-21-1390296456-3514786238-1037386279-1003\..\URLSearchHook: {0F3DC9E0-C459-4a40-BCF8-747BD9322E10} - C:\Program Files\Splashtop\Splashtop Connect IE\AddressBarSearch.dll (Splashtop Inc.)
IE - HKU\S-1-5-21-1390296456-3514786238-1037386279-1003\..\SearchScopes,DefaultScope = {70839579-320E-4763-A420-8468514E4F69}
IE - HKU\S-1-5-21-1390296456-3514786238-1037386279-1003\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTer ... 02&pc=UE10
IE - HKU\S-1-5-21-1390296456-3514786238-1037386279-1003\..\SearchScopes\{271B4DEB-E9E4-4842-86EF-B5255AAFB2F5}: "URL" = http://search.yahoo.com/search?p={searc ... ype=IEBDSV
IE - HKU\S-1-5-21-1390296456-3514786238-1037386279-1003\..\SearchScopes\{5AC76C24-D9F8-4e70-A2F7-A4C133AA872C}: "URL" = http://www.google.com/cse?cx=partner-pu ... earchTerms}
IE - HKU\S-1-5-21-1390296456-3514786238-1037386279-1003\..\SearchScopes\{70839579-320E-4763-A420-8468514E4F69}: "URL" = http://www.bing.com/search?q={searchTer ... ORM=IESR02
IE - HKU\S-1-5-21-1390296456-3514786238-1037386279-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1390296456-3514786238-1037386279-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>


========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=11.31.2: C:\Program Files\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=11.31.2: C:\Program Files\Java\jre1.8.0_31\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nexon.net/NxGame: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll (Nexon)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.33.7\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.33.7\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.1.3: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.1.5: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.2.1: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.2.4: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.2.6: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@citrixonline.com/appdetectorplugin: C:\Users\TDW\AppData\Local\Citrix\Plugins\104\npappdetector.dll (Citrix Online)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{4ED1F68A-5463-4931-9384-8FFF5ED91D92}: C:\Program Files\McAfee\SiteAdvisor
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird

[2016-08-21 10:21:59 | 000,000,000 | ---D | M] (No name found) -- C:\Users\TDW\AppData\Roaming\mozilla\Firefox\Profiles\aZyQ7RhB.default\extensions
[2016-08-21 10:22:01 | 000,000,000 | ---D | M] (Avira Browser Safety) -- C:\Users\TDW\AppData\Roaming\mozilla\Firefox\Profiles\aZyQ7RhB.default\extensions\abs@avira.com

O1 HOSTS File: ([2018-01-17 21:50:22 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (Splashtop Connect VisualBookmark) - {0E5680D1-BF44-4929-94AF-FD30D784AD1D} - C:\Program Files\Splashtop\Splashtop Connect IE\STC.dll (Splashtop Inc.)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.8.0_31\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre1.8.0_31\bin\jp2ssv.dll (Oracle Corporation)
O4 - HKLM..\Run: [bcontrol] C:\Program Files\bcontrol\Bezeq.bclient.exe ()
O4 - HKLM..\Run: [Logitech Download Assistant] C:\Windows\System32\LogiLDA.dll (Logitech, Inc.)
O4 - HKLM..\Run: [NvBackend] C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe (NVIDIA Corporation)
O4 - HKLM..\Run: [STCAgent] C:\Program Files\Splashtop\Splashtop Connect IE\STCAgent.exe (Splashtop Inc.)
O4 - HKLM..\Run: [ZAM] C:\Program Files\Zemana AntiMalware\ZAM.exe (Copyright 2017.)
O4 - HKLM..\Run: [ZyngaGamesAgent] "C:\Program Files\Splashtop\Splashtop Connect\ZyngaGamesAgent.exe" File not found
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\S-1-5-21-1390296456-3514786238-1037386279-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O15 - HKU\S-1-5-21-1390296456-3514786238-1037386279-1003\..Trusted Domains: tlush.gov.il ([]https in Trusted sites)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.138
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 8.8.8.8,8.8.8.4
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4F83BC11-E58F-45EB-9001-D6099356579E}: DhcpNameServer = 10.0.0.138
O18 - Protocol\Handler\skype4com - No CLSID value found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2012-04-06 04:29:53 | 000,000,020 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (aswBoot.exe /M:3de0a5a6 /dir:"C:\Program Files\AVAST Software\Avast")
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2018-01-17 22:12:26 | 000,000,000 | ---D | C] -- C:\rsit
[2018-01-17 21:39:58 | 000,181,496 | ---- | C] (Zemana Ltd.) -- C:\Windows\System32\drivers\zam32.sys
[2018-01-17 21:39:57 | 000,181,496 | ---- | C] (Zemana Ltd.) -- C:\Windows\System32\drivers\zamguard32.sys
[2018-01-17 21:39:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Zemana AntiMalware
[2018-01-17 21:39:56 | 000,000,000 | ---D | C] -- C:\Program Files\Zemana AntiMalware
[2018-01-17 21:39:46 | 000,000,000 | ---D | C] -- C:\Users\TDW\AppData\Local\Zemana
[2017-12-30 12:49:16 | 000,000,000 | ---D | C] -- C:\Users\TDW\AppData\Roaming\SystemProcess
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\TDW\Desktop\*.tmp files -> C:\Users\TDW\Desktop\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2018-01-18 21:11:21 | 000,370,632 | ---- | M] () -- C:\Windows\ZAM.krnl.trace
[2018-01-18 21:10:16 | 000,057,040 | ---- | M] () -- C:\Windows\ZAM_Guard.krnl.trace
[2018-01-18 20:45:15 | 000,000,512 | ---- | M] () -- C:\PhysicalMBR.bin
[2018-01-18 15:56:31 | 000,029,376 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2018-01-18 15:56:31 | 000,029,376 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2018-01-18 15:48:04 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2018-01-18 15:48:01 | 2811,682,816 | -HS- | M] () -- C:\hiberfil.sys
[2018-01-17 21:50:24 | 000,000,258 | RHS- | M] () -- C:\Users\TDW\ntuser.pol
[2018-01-17 21:50:24 | 000,000,258 | RHS- | M] () -- C:\ProgramData\ntuser.pol
[2018-01-17 21:50:22 | 000,000,824 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2018-01-17 21:39:58 | 000,181,496 | ---- | M] (Zemana Ltd.) -- C:\Windows\System32\drivers\zam32.sys
[2018-01-17 21:39:57 | 000,181,496 | ---- | M] (Zemana Ltd.) -- C:\Windows\System32\drivers\zamguard32.sys
[2018-01-17 21:39:57 | 000,001,892 | ---- | M] () -- C:\Users\Public\Desktop\Zemana AntiMalware.lnk
[2018-01-16 15:13:59 | 000,441,032 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2018-01-11 11:34:15 | 126,487,616 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MRT-KB890830.exe
[2018-01-09 18:45:02 | 000,803,328 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2018-01-09 18:45:02 | 000,144,896 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2018-01-09 08:46:08 | 000,002,123 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2018-01-01 09:39:04 | 000,000,000 | ---- | M] () -- C:\Users\TDW\Desktop\New Bitmap Image.bmp
[2017-12-30 15:48:34 | 000,002,223 | ---- | M] () -- C:\Users\TDW\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\TDW\Desktop\*.tmp files -> C:\Users\TDW\Desktop\*.tmp -> ]

========== Files Created - No Company Name ==========

[2018-01-18 20:45:15 | 000,000,512 | ---- | C] () -- C:\PhysicalMBR.bin
[2018-01-17 21:40:03 | 000,370,632 | ---- | C] () -- C:\Windows\ZAM.krnl.trace
[2018-01-17 21:40:03 | 000,057,040 | ---- | C] () -- C:\Windows\ZAM_Guard.krnl.trace
[2018-01-17 21:39:57 | 000,001,892 | ---- | C] () -- C:\Users\Public\Desktop\Zemana AntiMalware.lnk
[2018-01-16 15:13:48 | 000,441,032 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2018-01-01 09:39:04 | 000,000,000 | ---- | C] () -- C:\Users\TDW\Desktop\New Bitmap Image.bmp
[2017-12-30 15:48:34 | 000,002,223 | ---- | C] () -- C:\Users\TDW\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2017-12-30 15:48:34 | 000,002,135 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
[2017-12-30 15:48:34 | 000,002,123 | ---- | C] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2017-12-30 12:49:09 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2017-12-11 08:37:07 | 000,798,008 | ---- | C] () -- C:\Windows\System32\vulkan-1.dll
[2017-12-11 08:37:07 | 000,490,296 | ---- | C] () -- C:\Windows\System32\vulkaninfo.exe
[2017-09-14 01:20:30 | 000,798,008 | ---- | C] () -- C:\Windows\System32\vulkan-1-1-0-61-0.dll
[2017-09-14 01:20:14 | 000,490,296 | ---- | C] () -- C:\Windows\System32\vulkaninfo-1-1-0-61-0.exe
[2017-09-13 14:14:05 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2017-06-05 16:08:39 | 007,802,921 | ---- | C] () -- C:\Windows\System32\nvcoproc.bin
[2016-06-11 14:53:24 | 000,000,016 | ---- | C] () -- C:\ProgramData\mntemp
[2015-12-21 19:58:15 | 000,007,594 | ---- | C] () -- C:\Users\TDW\AppData\Local\Resmon.ResmonCfg
[2015-08-09 13:38:38 | 000,000,258 | RHS- | C] () -- C:\Users\TDW\ntuser.pol

========== ZeroAccess Check ==========

[2009-07-14 06:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2017-08-15 17:10:54 | 012,880,896 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010-11-20 23:29:20 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009-07-14 03:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2012-12-07 04:37:39 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Splashtop
[2015-08-16 19:07:20 | 000,000,000 | ---D | M] -- C:\Users\TDW\AppData\Roaming\.minecraft
[2015-10-19 21:35:47 | 000,000,000 | ---D | M] -- C:\Users\TDW\AppData\Roaming\Axonstall
[2017-10-30 18:25:26 | 000,000,000 | ---D | M] -- C:\Users\TDW\AppData\Roaming\BControl
[2015-11-24 22:53:12 | 000,000,000 | ---D | M] -- C:\Users\TDW\AppData\Roaming\DassaultSystemes
[2017-05-16 17:01:29 | 000,000,000 | ---D | M] -- C:\Users\TDW\AppData\Roaming\discord
[2015-11-25 00:39:49 | 000,000,000 | ---D | M] -- C:\Users\TDW\AppData\Roaming\EDrawings
[2015-12-03 17:36:41 | 000,000,000 | ---D | M] -- C:\Users\TDW\AppData\Roaming\fizzy
[2015-08-09 19:21:50 | 000,000,000 | ---D | M] -- C:\Users\TDW\AppData\Roaming\java
[2015-09-30 06:36:58 | 000,000,000 | ---D | M] -- C:\Users\TDW\AppData\Roaming\LolClient
[2017-10-06 17:46:59 | 000,000,000 | ---D | M] -- C:\Users\TDW\AppData\Roaming\MapleGlobal
[2017-12-14 05:00:30 | 000,000,000 | ---D | M] -- C:\Users\TDW\AppData\Roaming\NexonLauncher
[2017-11-19 23:23:19 | 000,000,000 | ---D | M] -- C:\Users\TDW\AppData\Roaming\Opera Software
[2017-07-13 11:30:03 | 000,000,000 | ---D | M] -- C:\Users\TDW\AppData\Roaming\Python
[2016-05-21 15:31:04 | 000,000,000 | ---D | M] -- C:\Users\TDW\AppData\Roaming\Riot Games
[2015-08-09 13:38:56 | 000,000,000 | ---D | M] -- C:\Users\TDW\AppData\Roaming\Splashtop
[2016-05-31 14:04:28 | 000,000,000 | ---D | M] -- C:\Users\TDW\AppData\Roaming\steam.transformice.com
[2017-12-30 13:06:33 | 000,000,000 | ---D | M] -- C:\Users\TDW\AppData\Roaming\SystemProcess
[2015-08-06 18:54:52 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\.minecraft
[2015-07-11 20:40:26 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\ESET
[2013-01-01 01:03:45 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\fizzy
[2015-08-06 18:52:40 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\java
[2015-03-05 10:17:46 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\LibreOffice
[2013-06-17 10:02:12 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\LolClient
[2015-04-13 15:09:59 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\MiniGet
[2014-05-21 15:30:40 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\OpenOffice
[2015-04-13 15:08:10 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Opera Software
[2013-02-02 09:53:12 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Origin
[2015-06-10 17:17:39 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\PerformerSoft
[2014-08-06 14:02:20 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Riot Games
[2013-10-09 15:41:50 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\rockbox.org
[2014-12-10 20:54:09 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\SanDisk
[2012-12-04 05:21:21 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Splashtop
[2015-02-28 20:50:49 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Transformice
[2015-08-08 21:16:46 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\uTorrent
[2015-01-19 16:37:33 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Wargaming.net

========== Purity Check ==========



========== Custom Scans ==========

< >
[2009-07-14 06:53:46 | 000,032,602 | ---- | C] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2009-07-14 06:53:47 | 000,000,006 | -H-- | C] () -- C:\Windows\Tasks\SA.DAT

< >

< MD5 for: ATAPI.SYS >
[2009-07-14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\drivers\atapi.sys
[2009-07-14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_a5025d31bee4647c\atapi.sys
[2009-07-14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_fab873f3e8a3315c\atapi.sys
[2009-07-14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_df3f92057fcbe7a7\atapi.sys
[2009-07-14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7601.18231_none_df26d4d57fdef5b0\atapi.sys
[2009-07-14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7601.22414_none_dfc9143c98e9a6c4\atapi.sys

< MD5 for: AUTOCHK.EXE >
[2010-11-20 23:29:06 | 000,668,160 | ---- | M] (Microsoft Corporation) MD5=F88A52EB62019D6A62FDD9E08034DBD8 -- C:\Windows\System32\autochk.exe
[2010-11-20 23:29:06 | 000,668,160 | ---- | M] (Microsoft Corporation) MD5=F88A52EB62019D6A62FDD9E08034DBD8 -- C:\Windows\winsxs\x86_microsoft-windows-autochk_31bf3856ad364e35_6.1.7601.17514_none_e3fb573520033bfa\autochk.exe

< MD5 for: CDROM.SYS >
[2010-11-20 23:29:03 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=BE167ED0FDB9C1FA1133953C18D5A6C9 -- C:\Windows\System32\drivers\cdrom.sys
[2010-11-20 23:29:03 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=BE167ED0FDB9C1FA1133953C18D5A6C9 -- C:\Windows\System32\DriverStore\FileRepository\cdrom.inf_x86_neutral_6381e09675524225\cdrom.sys
[2010-11-20 23:29:03 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=BE167ED0FDB9C1FA1133953C18D5A6C9 -- C:\Windows\winsxs\x86_cdrom.inf_31bf3856ad364e35_6.1.7601.17514_none_61b0c5ce02098355\cdrom.sys

< MD5 for: EXPLORER.EXE >
[2010-11-20 23:29:20 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_53bc10fdd7fe87ca\explorer.exe
[2016-08-29 16:55:07 | 002,972,672 | ---- | M] (Microsoft Corporation) MD5=6DDCA324434FFA506CF7DC4E51DB7935 -- C:\Windows\explorer.exe
[2016-08-29 16:55:07 | 002,972,672 | ---- | M] (Microsoft Corporation) MD5=6DDCA324434FFA506CF7DC4E51DB7935 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.23537_none_5432df58f129e196\explorer.exe

< MD5 for: HAL.DLL >
[2010-11-20 23:29:19 | 000,194,432 | ---- | M] (Microsoft Corporation) MD5=1BF0D4727FDB437D513CFF8A9359C050 -- C:\Windows\System32\hal.dll
[2010-11-20 23:29:19 | 000,194,432 | ---- | M] (Microsoft Corporation) MD5=1BF0D4727FDB437D513CFF8A9359C050 -- C:\Windows\winsxs\x86_microsoft-windows-hal_31bf3856ad364e35_6.1.7601.17514_none_ad305c8fb7ec5060\hal.dll

< MD5 for: SCECLI.DLL >
[2010-11-20 23:29:07 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\System32\scecli.dll
[2010-11-20 23:29:07 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_3a154c47375d881d\scecli.dll

< MD5 for: SERVICES.EXE >
[2015-04-13 05:19:24 | 000,259,072 | ---- | M] (Microsoft Corporation) MD5=0780A42DBD7D9969F9BF4A19AA4285B5 -- C:\Windows\System32\services.exe
[2015-04-13 05:19:24 | 000,259,072 | ---- | M] (Microsoft Corporation) MD5=0780A42DBD7D9969F9BF4A19AA4285B5 -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7601.18829_none_d1614ac32b8ec5cf\services.exe
[2009-07-14 03:14:36 | 000,259,072 | ---- | M] (Microsoft Corporation) MD5=5F1B6A9C35D3D5CA72D6D6FDEF9747D6 -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_cf36168b2e9c967b\services.exe
[2015-04-11 05:53:55 | 000,259,072 | ---- | M] (Microsoft Corporation) MD5=97981140500E86E5BBAD7B76BA890146 -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7601.23033_none_d1d9ee0844ba1cc2\services.exe

< MD5 for: SVCHOST.EXE >
[2015-09-21 18:04:23 | 000,893,752 | ---- | M] (MalwareBytes) MD5=0692C8163852AB5674E2EB3B36131EF3 -- C:\Users\TDW\Downloads\Chameleon\Windows\svchost.exe
[2009-07-14 03:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\System32\svchost.exe
[2009-07-14 03:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe

< MD5 for: TCPIP.SYS >
[2010-11-20 23:29:20 | 001,290,112 | ---- | M] (Microsoft Corporation) MD5=37E8FA3779668837CA9E2C36D2415949 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17514_none_b5257c3dc4a85a01\tcpip.sys
[2014-04-05 04:25:01 | 001,294,272 | ---- | M] (Microsoft Corporation) MD5=5579DD18546999F5D0EC39D018726C6B -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.18438_none_b513c4dfc4b513b9\tcpip.sys
[2013-09-07 04:06:48 | 001,309,120 | ---- | M] (Microsoft Corporation) MD5=6C4F3D92764FFA22D28061A4D9235446 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.22444_none_b58e8eb0ddde6cf1\tcpip.sys
[2017-05-30 06:39:05 | 001,309,928 | ---- | M] (Microsoft Corporation) MD5=C25848DB4A86839A7EDD1077F62AD980 -- C:\Windows\System32\drivers\tcpip.sys
[2017-05-30 06:39:05 | 001,309,928 | ---- | M] (Microsoft Corporation) MD5=C25848DB4A86839A7EDD1077F62AD980 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.23821_none_b5a11e7addd0f747\tcpip.sys
[2017-04-04 17:25:44 | 001,309,928 | ---- | M] (Microsoft Corporation) MD5=C7CF3C1D1EC800230E5FE658C77FC9CA -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.23761_none_b575dce4ddf169e4\tcpip.sys
[2016-07-07 17:20:44 | 001,309,928 | ---- | M] (Microsoft Corporation) MD5=C7E41209132B9CF084CCEA8593F61328 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.23496_none_b55a68e0de0544f5\tcpip.sys
[2013-09-08 04:07:12 | 001,294,272 | ---- | M] (Microsoft Corporation) MD5=CA59F7C570AF70BC174F477CFE2D9EE3 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.18254_none_b4fa2013c4c8ebf1\tcpip.sys
[2012-10-03 18:44:01 | 001,308,040 | ---- | M] (Microsoft Corporation) MD5=D490DD0A91B4EAC3B4EE08D11EE37C31 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.22124_none_b5a428d6ddce3d9a\tcpip.sys
[2013-11-26 13:07:37 | 001,309,632 | ---- | M] (Microsoft Corporation) MD5=DC08335B30D83FB61E9EFE6FDD09D40D -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.22525_none_b5a530b8ddcd4b8d\tcpip.sys
[2012-10-03 18:58:30 | 001,293,680 | ---- | M] (Microsoft Corporation) MD5=E23A56F843E2AEBBB209D0ACCA73C640 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17964_none_b4ef7439c4d0da52\tcpip.sys
[2014-04-05 04:16:21 | 001,310,144 | ---- | M] (Microsoft Corporation) MD5=EA47AB18E289333AB94397D77CA6E3A1 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.22648_none_b59293a4dddacc9b\tcpip.sys

< MD5 for: USERINIT.EXE >
[2010-11-20 23:29:06 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\System32\userinit.exe
[2010-11-20 23:29:06 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe

< MD5 for: WINLOGON.EXE >
[2015-09-21 18:04:24 | 000,893,752 | ---- | M] (MalwareBytes) MD5=0692C8163852AB5674E2EB3B36131EF3 -- C:\Users\TDW\Downloads\Chameleon\Windows\winlogon.exe
[2014-07-16 04:56:14 | 000,304,640 | ---- | M] (Microsoft Corporation) MD5=4F37B93C14AEE313BEC52A23AFB15C2E -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.22750_none_7224b2134c7555fa\winlogon.exe
[2014-07-17 03:39:27 | 000,304,128 | ---- | M] (Microsoft Corporation) MD5=52449FD429D6053B78AE564DEF303870 -- C:\Windows\System32\winlogon.exe
[2014-07-17 03:39:27 | 000,304,128 | ---- | M] (Microsoft Corporation) MD5=52449FD429D6053B78AE564DEF303870 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.18540_none_71a5e34e334f9d18\winlogon.exe
[2010-11-20 23:29:06 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_71ca6b0233339500\winlogon.exe
[2014-03-04 11:17:02 | 000,304,128 | ---- | M] (Microsoft Corporation) MD5=998507B046BA314CE8245364C686FA67 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.18409_none_71da23b23327143c\winlogon.exe
[2014-03-04 12:39:02 | 000,304,640 | ---- | M] (Microsoft Corporation) MD5=D53972F87D850CD2EB4B29B60CAFDD77 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.22616_none_7255f1994c4f8119\winlogon.exe

< >

< %systemroot%*.* /U /s >
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[11 C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\*.tmp files -> C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\*.tmp -> ]
[51 C:\Windows\Installer\*.tmp files -> C:\Windows\Installer\*.tmp -> ]
[1 C:\Windows\SoftwareDistribution\Download\61bfe288eb8e4176873cdcd21610e16d\*.tmp files -> C:\Windows\SoftwareDistribution\Download\61bfe288eb8e4176873cdcd21610e16d\*.tmp -> ]
[1 C:\Windows\SoftwareDistribution\Download\a92f8878ea38cac4505fcefd787bd88e\*.tmp files -> C:\Windows\SoftwareDistribution\Download\a92f8878ea38cac4505fcefd787bd88e\*.tmp -> ]

< %SYSTEMDRIVE%\*.exe >

< %ALLUSERSPROFILE%\Application Data\*. >

< %ALLUSERSPROFILE%\Application Data\*.exe /s >

< %APPDATA%\*. >
[2015-08-16 19:07:20 | 000,000,000 | ---D | M] -- C:\Users\TDW\AppData\Roaming\.minecraft
[2015-08-12 13:14:47 | 000,000,000 | ---D | M] -- C:\Users\TDW\AppData\Roaming\Adobe
[2015-10-19 21:35:47 | 000,000,000 | ---D | M] -- C:\Users\TDW\AppData\Roaming\Axonstall
[2017-10-30 18:25:26 | 000,000,000 | ---D | M] -- C:\Users\TDW\AppData\Roaming\BControl
[2015-11-24 22:53:12 | 000,000,000 | ---D | M] -- C:\Users\TDW\AppData\Roaming\DassaultSystemes
[2017-05-16 17:01:29 | 000,000,000 | ---D | M] -- C:\Users\TDW\AppData\Roaming\discord
[2015-08-17 09:17:38 | 000,000,000 | ---D | M] -- C:\Users\TDW\AppData\Roaming\dvdcss
[2015-11-25 00:39:49 | 000,000,000 | ---D | M] -- C:\Users\TDW\AppData\Roaming\EDrawings
[2015-12-03 17:36:41 | 000,000,000 | ---D | M] -- C:\Users\TDW\AppData\Roaming\fizzy
[2015-08-09 13:38:44 | 000,000,000 | ---D | M] -- C:\Users\TDW\AppData\Roaming\Identities
[2015-08-09 19:21:50 | 000,000,000 | ---D | M] -- C:\Users\TDW\AppData\Roaming\java
[2015-09-30 06:36:58 | 000,000,000 | ---D | M] -- C:\Users\TDW\AppData\Roaming\LolClient
[2013-01-04 04:26:01 | 000,000,000 | ---D | M] -- C:\Users\TDW\AppData\Roaming\Macromedia
[2017-10-06 17:46:59 | 000,000,000 | ---D | M] -- C:\Users\TDW\AppData\Roaming\MapleGlobal
[2010-11-21 02:46:50 | 000,000,000 | ---D | M] -- C:\Users\TDW\AppData\Roaming\Media Center Programs
[2016-08-09 18:44:13 | 000,000,000 | --SD | M] -- C:\Users\TDW\AppData\Roaming\Microsoft
[2016-08-21 10:21:59 | 000,000,000 | ---D | M] -- C:\Users\TDW\AppData\Roaming\Mozilla
[2017-12-14 05:00:30 | 000,000,000 | ---D | M] -- C:\Users\TDW\AppData\Roaming\NexonLauncher
[2017-06-08 11:41:35 | 000,000,000 | ---D | M] -- C:\Users\TDW\AppData\Roaming\NVIDIA
[2017-11-19 23:23:19 | 000,000,000 | ---D | M] -- C:\Users\TDW\AppData\Roaming\Opera Software
[2017-07-13 11:30:03 | 000,000,000 | ---D | M] -- C:\Users\TDW\AppData\Roaming\Python
[2016-05-21 15:31:04 | 000,000,000 | ---D | M] -- C:\Users\TDW\AppData\Roaming\Riot Games
[2017-09-25 16:17:02 | 000,000,000 | ---D | M] -- C:\Users\TDW\AppData\Roaming\Skype
[2015-11-30 22:15:29 | 000,000,000 | ---D | M] -- C:\Users\TDW\AppData\Roaming\SOLIDWORKS
[2015-11-30 22:15:29 | 000,000,000 | ---D | M] -- C:\Users\TDW\AppData\Roaming\SolidWorks 2014
[2015-08-09 13:38:56 | 000,000,000 | ---D | M] -- C:\Users\TDW\AppData\Roaming\Splashtop
[2016-05-31 14:04:28 | 000,000,000 | ---D | M] -- C:\Users\TDW\AppData\Roaming\steam.transformice.com
[2017-12-30 13:06:33 | 000,000,000 | ---D | M] -- C:\Users\TDW\AppData\Roaming\SystemProcess
[2018-01-17 18:30:57 | 000,000,000 | ---D | M] -- C:\Users\TDW\AppData\Roaming\vlc
[2015-09-29 16:53:34 | 000,000,000 | ---D | M] -- C:\Users\TDW\AppData\Roaming\WinRAR

< %APPDATA%\*.exe /s >
[2015-06-18 10:40:22 | 000,015,360 | ---- | M] () -- C:\Users\TDW\AppData\Roaming\Axonstall\AxProtector.exe
[2012-09-06 01:04:02 | 000,445,352 | ---- | M] (wyDay) -- C:\Users\TDW\AppData\Roaming\Axonstall\wyUpdate.exe

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\Tasks\*.job >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\System32\config\*.sav >

< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\system32\drivers\*.sys /3 >
[2018-01-17 21:39:58 | 000,181,496 | ---- | M] (Zemana Ltd.) -- C:\Windows\system32\drivers\zam32.sys
[2018-01-17 21:39:57 | 000,181,496 | ---- | M] (Zemana Ltd.) -- C:\Windows\system32\drivers\zamguard32.sys

< %systemroot%\system32\*.* /3 >
[2018-01-18 15:56:31 | 000,029,376 | -H-- | M] () -- C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2018-01-18 15:56:31 | 000,029,376 | -H-- | M] () -- C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2018-01-16 15:13:59 | 000,441,032 | ---- | M] () -- C:\Windows\system32\FNTCACHE.DAT
[2018-01-18 15:50:42 | 000,000,018 | ---- | M] () -- C:\Windows\system32\log.txt

< %SYSTEMDRIVE%\*.exe >

< >

< HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s >
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\Speedup DelayLoad]

< >

< %PROGRAMFILES%\Mozilla Firefox\firefox.exe /md5 >

< %PROGRAMFILES%\Internet Explorer\iexplore.exe /md5 >
[2017-11-15 02:36:38 | 000,815,296 | ---- | M] (Microsoft Corporation) MD5=9CA63C9D164E8095AB2E77D7320F1141 -- C:\Program Files\Internet Explorer\iexplore.exe

< %PROGRAMFILES%\Opera\opera.exe /md5 >

< %PROGRAMFILES%\Google\Chrome\Application\chrome.exe /md5 >
[2018-01-03 10:56:48 | 001,367,384 | ---- | M] (Google Inc.) MD5=CD10AA3AE31F69F64BD6D6F20AFF89DE -- C:\Program Files\Google\Chrome\Application\chrome.exe

< >

< %SystemDrive%\PhysicalMBR.bin /md5 >
[2018-01-18 20:45:15 | 000,000,512 | ---- | M] () MD5=1D7A138FAE50D8FB8D691F67E343D1A2 -- C:\PhysicalMBR.bin

< >

< *crack* /s >

< *keygen* /s >

< *loader* /s >
[2017-12-08 23:44:28 | 000,018,343 | ---- | M] () -- \Nexon\Nexon Launcher\bin\modules\m_loader.pyc
[2018-01-05 23:19:18 | 000,017,972 | ---- | M] () -- \Nexon\Nexon Launcher\bin\modules\apps\contenttools\downloader.pyc
[2018-01-05 01:52:16 | 000,018,032 | ---- | M] () -- \Nexon\Nexon Launcher\bin\modules\apps\contenttools\__pycache__\downloader.cpython-34.pyc
[2017-12-06 22:23:47 | 000,018,624 | ---- | M] () -- \Nexon\Nexon Launcher\bin\nexon_client\api-ms-win-core-libraryloader-l1-1-0.dll
[2009-05-23 12:38:52 | 000,061,952 | ---- | M] () -- \Program Files\Common Files\microsoft shared\VS7Debug\coloader80.dll
[2009-05-23 07:27:34 | 000,004,608 | ---- | M] () -- \Program Files\Common Files\microsoft shared\VS7Debug\coloader80.tlb
[2014-09-03 00:27:24 | 000,268,432 | ---- | M] () -- \Program Files\Common Files\microsoft shared\VSTO\10.0\VSTOLoader.dll
[2014-09-03 00:27:24 | 000,019,096 | ---- | M] () -- \Program Files\Common Files\microsoft shared\VSTO\10.0\1033\VSTOLoaderUI.dll
[2013-03-09 03:48:16 | 000,017,544 | ---- | M] () -- \Program Files\Common Files\microsoft shared\VSTO\10.0\1037\VSTOLoaderUI.dll
[2015-03-06 12:25:14 | 004,249,592 | ---- | M] () -- \Program Files\Common Files\SOLIDWORKS Installation Manager\23.0\sldimdownloader.exe
[2017-11-09 04:24:50 | 000,440,856 | ---- | M] () -- \Program Files\NVIDIA Corporation\Installer2\Display.Driver.{BD85D817-43F8-479A-ADC6-78A0A6812C9E}\nvfatbinaryloader32.dl_
[2015-08-25 20:35:19 | 000,057,592 | R--- | M] () -- \Program Files\NVIDIA Corporation\Installer2\Display.PhysX.{1E39CD98-859B-4E79-8B0C-E920EF450F69}\files\Common\PhysXLoader.dll
[2015-08-25 20:35:19 | 000,065,784 | R--- | M] () -- \Program Files\NVIDIA Corporation\Installer2\Display.PhysX.{1E39CD98-859B-4E79-8B0C-E920EF450F69}\files\Common\PhysXLoader64.dll
[2015-08-25 20:35:19 | 000,073,976 | R--- | M] () -- \Program Files\NVIDIA Corporation\Installer2\Display.PhysX.{1E39CD98-859B-4E79-8B0C-E920EF450F69}\files\Common\PhysXUpdateLoader.dll
[2015-08-25 20:35:19 | 000,090,872 | R--- | M] () -- \Program Files\NVIDIA Corporation\Installer2\Display.PhysX.{1E39CD98-859B-4E79-8B0C-E920EF450F69}\files\Common\PhysXUpdateLoader64.dll
[2015-08-25 20:35:19 | 000,057,592 | R--- | M] () -- \Program Files\NVIDIA Corporation\PhysX\Common\PhysXLoader.dll
[2015-08-25 20:35:19 | 000,073,976 | R--- | M] () -- \Program Files\NVIDIA Corporation\PhysX\Common\PhysXUpdateLoader.dll
[2017-04-07 10:26:34 | 000,018,624 | ---- | M] () -- \Riot Games\League of Legends\api-ms-win-core-libraryloader-l1-1-0.dll
[2017-04-07 10:26:34 | 000,018,624 | ---- | M] () -- \Riot Games\League of Legends\RADS\projects\league_client\releases\0.0.0.118\deploy\api-ms-win-core-libraryloader-l1-1-0.dll
[2017-04-07 10:26:34 | 000,018,624 | ---- | M] () -- \Riot Games\League of Legends\RADS\projects\league_client\releases\0.0.0.119\deploy\api-ms-win-core-libraryloader-l1-1-0.dll
[2017-12-05 14:28:50 | 000,018,624 | ---- | M] () -- \Riot Games\PBE\PBE\api-ms-win-core-libraryloader-l1-1-0.dll
[2017-12-05 14:28:50 | 000,018,624 | ---- | M] () -- \Riot Games\PBE\PBE\RADS\projects\league_client\releases\0.0.1.110\deploy\api-ms-win-core-libraryloader-l1-1-0.dll
[2017-12-05 14:28:50 | 000,018,624 | ---- | M] () -- \Riot Games\PBE\PBE\RADS\projects\league_client\releases\0.0.1.111\deploy\api-ms-win-core-libraryloader-l1-1-0.dll
[2017-10-14 21:24:37 | 000,018,624 | ---- | M] () -- \Riot Games\PBE\PBE\RADS\projects\league_client\releases\0.0.1.66\deploy\api-ms-win-core-libraryloader-l1-1-0.dll
[2017-10-14 21:24:37 | 000,018,624 | ---- | M] () -- \Riot Games\PBE\PBE\RADS\projects\league_client\releases\0.0.1.89\deploy\api-ms-win-core-libraryloader-l1-1-0.dll
[2017-10-14 21:24:37 | 000,018,624 | ---- | M] () -- \Riot Games\PBE\PBE\RADS\projects\league_client\releases\0.0.1.90\deploy\api-ms-win-core-libraryloader-l1-1-0.dll
[2015-11-24 21:59:04 | 000,001,100 | ---- | M] () -- \Users\TDW\AppData\Roaming\SOLIDWORKS\Installation Logs\2014 SP2.0\Other Logs\IMDownloaderVersion.xml
[2015-11-24 22:40:44 | 002,462,436 | ---- | M] () -- \Users\TDW\AppData\Roaming\SOLIDWORKS\Installation Logs\2014 SP2.0\Other Logs\sldIMDownloaderLog_00001.txt
[2015-11-24 20:04:17 | 000,001,100 | ---- | M] () -- \Users\TDW\AppData\Roaming\SOLIDWORKS\Installation Logs\2015 SP2.1\Other Logs\IMDownloaderVersion.xml
[2015-11-24 21:25:29 | 008,197,446 | ---- | M] () -- \Users\TDW\AppData\Roaming\SOLIDWORKS\Installation Logs\2015 SP2.1\Other Logs\sldIMDownloaderLog_00001.txt
[2015-11-24 20:04:19 | 000,001,612 | ---- | M] () -- \Users\TDW\AppData\Roaming\SOLIDWORKS\Installation Logs\Misc Logs\sldIMDownloaderLog_00001.txt
[2015-11-24 20:05:51 | 000,002,444 | ---- | M] () -- \Users\TDW\AppData\Roaming\SOLIDWORKS\Installation Logs\Misc Logs\sldIMDownloaderLog_00002.txt
[2015-11-24 21:59:07 | 000,001,612 | ---- | M] () -- \Users\TDW\AppData\Roaming\SOLIDWORKS\Installation Logs\Misc Logs\sldIMDownloaderLog_00003.txt
[2015-11-24 22:10:06 | 000,002,446 | ---- | M] () -- \Users\TDW\AppData\Roaming\SOLIDWORKS\Installation Logs\Misc Logs\sldIMDownloaderLog_00004.txt
[2016-03-22 21:58:45 | 000,001,600 | ---- | M] () -- \Users\TDW\AppData\Roaming\SOLIDWORKS\Installation Logs\Misc Logs\sldIMDownloaderLog_00005.txt
[2015-06-05 19:08:42 | 000,072,638 | ---- | M] () -- \Users\user\AppData\Local\Skype\Apps\login\images\loader.gif
[2015-06-05 19:08:42 | 000,003,032 | ---- | M] () -- \Users\user\AppData\Local\Skype\Apps\login\images\loader.png
[2015-06-05 19:08:42 | 000,006,012 | ---- | M] () -- \Users\user\AppData\Local\Skype\Apps\login\images\normal\loader_15fps.gif
[2015-06-05 19:08:42 | 000,021,956 | ---- | M] () -- \Users\user\AppData\Local\Skype\Apps\login\images\normal\loader_30fps.gif
[2015-06-05 19:08:42 | 000,009,772 | ---- | M] () -- \Users\user\AppData\Local\Skype\Apps\login\images\retina\loader@2x.png
[2012-11-19 22:13:34 | 000,000,847 | ---- | M] () -- \Users\user\AppData\Roaming\Mozilla\Firefox\extensions\{b6ac5e3c-5ceb-4e72-b451-f0e1ba983c14}\chrome\CT3225826\content\tb\al\ac\img\ajax-loader.gif
[2012-11-19 22:13:34 | 000,001,135 | ---- | M] () -- \Users\user\AppData\Roaming\Mozilla\Firefox\extensions\{b6ac5e3c-5ceb-4e72-b451-f0e1ba983c14}\chrome\CT3225826\content\tb\al\ac\img\loader-icon.png
[2012-11-19 22:13:34 | 000,003,208 | ---- | M] () -- \Users\user\AppData\Roaming\Mozilla\Firefox\extensions\{b6ac5e3c-5ceb-4e72-b451-f0e1ba983c14}\chrome\CT3225826\content\tb\al\ui\gf\img\loader.gif
[2012-11-19 22:13:34 | 000,001,849 | ---- | M] () -- \Users\user\AppData\Roaming\Mozilla\Firefox\extensions\{b6ac5e3c-5ceb-4e72-b451-f0e1ba983c14}\chrome\CT3225826\content\tb\al\wa\TWITTER\resources\ajax-loader.gif
[2013-04-11 17:54:38 | 000,197,614 | ---- | M] () -- \Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\extensions\ftdownloader3@ftdownloader.com.xpi
[2012-12-13 22:29:00 | 000,199,445 | ---- | M] () -- \Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\extensions\movie2kdownloader@movie2kdownloader.com.xpi
[2013-03-09 08:17:04 | 000,019,080 | R--- | M] () -- \Windows\Installer\$PatchCache$\Managed\00004109110000000000000000F01FEC\14.0.4763\FL_VSTOLoaderUI_dll_x86_ln.3643236F_FC70_11D3_A536_0090278A1BB8
[2010-03-25 06:12:34 | 000,018,264 | R--- | M] () -- \Windows\Installer\$PatchCache$\Managed\00004109110000000000000000F01FEC\14.0.4763\FL_VSTOLoaderUI_dll_x86_ln.3643236F_FC70_11D3_A536_0090278A1BB8.923C1899_09AE_418B_B39D_A7A9EB6A7951
[2013-03-09 08:17:04 | 000,268,440 | R--- | M] () -- \Windows\Installer\$PatchCache$\Managed\00004109110000000000000000F01FEC\14.0.4763\VSTOLoader_dll_x86.3643236F_FC70_11D3_A536_0090278A1BB8
[2010-03-25 06:12:34 | 000,249,680 | R--- | M] () -- \Windows\Installer\$PatchCache$\Managed\00004109110000000000000000F01FEC\14.0.4763\VSTOLoader_dll_x86.3643236F_FC70_11D3_A536_0090278A1BB8.923C1899_09AE_418B_B39D_A7A9EB6A7951
[2009-10-22 23:15:32 | 000,016,712 | R--- | M] () -- \Windows\Installer\$PatchCache$\Managed\00004109E600D0400000000000F01FEC\14.0.4763\FL_VSTOLoaderUI_dll_122707_122707_x86_heb.3643236F_FC70_11D3_A536_0090278A1BB8.5326715A_77CF_482B_8CA0_13476898242B
[2005-09-23 04:24:22 | 000,061,440 | R--- | M] () -- \Windows\Installer\$PatchCache$\Managed\69AE184D3132C7A489EE17D0A18F48CA\8.0.50727\FL_coloader80_dll_128691_____X86.3643236F_FC70_11D3_A536_0090278A1BB8
[2005-09-22 23:23:44 | 000,004,608 | R--- | M] () -- \Windows\Installer\$PatchCache$\Managed\69AE184D3132C7A489EE17D0A18F48CA\8.0.50727\FL_coloader80_tlb_128927_____X86.3643236F_FC70_11D3_A536_0090278A1BB8
[2017-08-11 08:19:29 | 000,003,584 | -H-- | M] () -- \Windows\System32\api-ms-win-core-libraryloader-l1-1-0.dll
[2009-07-14 03:15:12 | 000,038,400 | ---- | M] () -- \Windows\System32\dmloader.dll
[2017-11-09 04:24:50 | 000,902,312 | ---- | M] () -- \Windows\System32\nvfatbinaryLoader.dll
[2017-11-09 04:24:50 | 000,902,312 | ---- | M] () -- \Windows\System32\DriverStore\FileRepository\nv_ref_pubwu.inf_x86_neutral_8ac97f5c7e8c9343\nvfatbinaryLoader32.dll
[2015-04-13 15:10:05 | 000,003,566 | ---- | M] () -- \Windows\System32\Tasks\YTDownloader
[2015-04-13 15:10:00 | 000,003,888 | ---- | M] () -- \Windows\System32\Tasks\YTDownloaderUpd
[2009-07-14 06:54:01 | 000,003,532 | ---- | M] () -- \Windows\System32\Tasks\Microsoft\Windows\WindowsColorSystem\Calibration Loader
[2017-10-12 02:12:35 | 000,002,883 | ---- | M] () -- \Windows\winsxs\Backup\x86_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7601.23915_en-us_792a99285b62d356.manifest
[2017-10-12 02:12:35 | 000,033,000 | ---- | M] () -- \Windows\winsxs\Backup\x86_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7601.23915_en-us_792a99285b62d356_winload.exe.mui_3bc5b827
[2017-10-12 02:12:35 | 000,029,928 | ---- | M] () -- \Windows\winsxs\Backup\x86_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7601.23915_en-us_792a99285b62d356_winresume.exe.mui_ff8b5358
[2017-10-12 02:12:35 | 000,004,224 | ---- | M] () -- \Windows\winsxs\Backup\x86_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7601.23915_none_5db89954e405dd2b.manifest
[2017-10-12 02:12:35 | 000,534,600 | ---- | M] () -- \Windows\winsxs\Backup\x86_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7601.23915_none_5db89954e405dd2b_winload.exe_75835076
[2017-10-12 02:12:35 | 000,470,704 | ---- | M] () -- \Windows\winsxs\Backup\x86_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7601.23915_none_5db89954e405dd2b_winresume.exe_85cd1215
[2009-07-14 04:17:38 | 000,002,894 | ---- | M] () -- \Windows\winsxs\Backup\x86_microsoft-windows-s..ive-blackbox-loader_31bf3856ad364e35_6.1.7600.16385_none_6b097e5cb26f7a23.manifest
[2009-07-14 04:17:38 | 000,017,472 | ---- | M] () -- \Windows\winsxs\Backup\x86_microsoft-windows-s..ive-blackbox-loader_31bf3856ad364e35_6.1.7600.16385_none_6b097e5cb26f7a23_spldr.sys_98bd87a0
[2015-05-13 21:06:00 | 000,000,612 | ---- | M] () -- \Windows\winsxs\FileMaps\programdata_microsoft_diagnosis_asimovuploader_0413bca0c3dfdda4.cdf-ms
[2010-11-21 02:37:59 | 000,002,883 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7600.16385_en-us_766f102945576be4.manifest
[2015-02-03 05:16:42 | 000,002,883 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7601.18741_en-us_787ca05342610b3b.manifest
[2015-01-16 08:23:55 | 000,002,777 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7601.22923_en-us_791ddf705b6ca2f8.manifest
[2015-02-03 05:36:49 | 000,002,883 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7601.22948_en-us_790d410a5b78598d.manifest
[2015-04-27 21:04:39 | 000,002,883 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7601.23040_en-us_790516dc5b7fc217.manifest
[2015-05-25 20:11:24 | 000,002,883 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7601.23072_en-us_78e6a7ac5b964898.manifest
[2015-07-15 05:04:54 | 000,002,883 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7601.23126_en-us_7920ba565b6a1f66.manifest
[2015-07-15 19:54:31 | 000,002,883 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7601.23136_en-us_7915ea6a5b723b57.manifest
[2015-07-23 02:02:46 | 000,002,883 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7601.23142_en-us_790719565b7df1ec.manifest
[2016-01-22 08:11:44 | 000,002,883 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7601.23338_en-us_7917eeca5b706853.manifest
[2016-03-16 20:35:36 | 000,002,883 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7601.23391_en-us_78d00d3c5ba75e98.manifest
[2016-03-18 00:34:51 | 000,002,883 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7601.23392_en-us_78d10d865ba677ef.manifest
[2016-04-09 09:00:21 | 000,002,883 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7601.23418_en-us_792d90885b602d98.manifest
[2016-09-02 17:23:56 | 000,002,883 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7601.23539_en-us_7918f2e05b6f7bf8.manifest
[2016-09-09 20:06:27 | 000,002,883 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7601.23543_en-us_790821385b7cffdf.manifest
[2016-10-07 17:19:33 | 000,002,883 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7601.23569_en-us_78f8831c5b87cfcb.manifest
[2016-10-11 17:27:06 | 000,002,883 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7601.23572_en-us_78e6b12a5b963a5b.manifest
[2017-02-09 18:21:34 | 000,002,883 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7601.23677_en-us_78ebb4825b91b635.manifest
[2017-03-08 06:29:37 | 000,002,883 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7601.23714_en-us_792995125b63bfb1.manifest
[2017-04-28 02:38:59 | 000,002,883 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7601.23796_en-us_78d516465ba2d1e7.manifest
[2017-05-12 20:08:53 | 000,002,883 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7601.23807_en-us_793767c25b58ecec.manifest
[2017-07-07 17:16:58 | 000,002,883 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7601.23864_en-us_78f3875c5b8c488d.manifest
[2017-08-11 08:25:37 | 000,002,883 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7601.23889_en-us_78e2e8f65b97ff22.manifest
[2017-09-13 17:15:03 | 000,002,883 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7601.23915_en-us_792a99285b62d356.manifest
[2010-11-20 23:23:54 | 000,004,225 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7601.17514_none_5d2e241dcae8f953.manifest
[2015-02-03 05:32:58 | 000,004,224 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7601.18741_none_5d0aa07fcb041510.manifest
[2015-01-14 08:45:13 | 000,004,224 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7601.22923_none_5dabdf9ce40faccd.manifest
[2015-02-03 05:54:42 | 000,004,224 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7601.22948_none_5d9b4136e41b6362.manifest
[2015-04-27 21:17:27 | 000,004,224 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7601.23040_none_5d931708e422cbec.manifest
[2015-05-25 20:35:55 | 000,004,224 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7601.23072_none_5d74a7d8e439526d.manifest
[2015-07-15 05:25:32 | 000,004,224 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7601.23126_none_5daeba82e40d293b.manifest
[2015-07-15 20:16:39 | 000,004,224 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7601.23136_none_5da3ea96e415452c.manifest
[2015-07-23 02:23:37 | 000,004,224 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7601.23142_none_5d951982e420fbc1.manifest
[2016-01-22 08:39:54 | 000,004,224 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7601.23338_none_5da5eef6e4137228.manifest
[2016-03-16 21:02:45 | 000,004,224 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7601.23391_none_5d5e0d68e44a686d.manifest
[2016-03-18 00:51:44 | 000,004,224 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7601.23392_none_5d5f0db2e44981c4.manifest
[2016-04-09 09:16:41 | 000,004,224 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7601.23418_none_5dbb90b4e403376d.manifest
[2016-09-02 17:45:24 | 000,004,224 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7601.23539_none_5da6f30ce41285cd.manifest
[2016-09-09 20:18:49 | 000,004,224 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7601.23543_none_5d962164e42009b4.manifest
[2016-10-07 17:40:58 | 000,004,224 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7601.23569_none_5d868348e42ad9a0.manifest
[2016-10-11 17:48:17 | 000,004,224 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7601.23572_none_5d74b156e4394430.manifest
[2017-02-09 18:43:12 | 000,004,224 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7601.23677_none_5d79b4aee434c00a.manifest
[2017-03-08 06:50:24 | 000,004,224 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7601.23714_none_5db7953ee406c986.manifest
[2017-04-28 02:55:42 | 000,004,224 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7601.23796_none_5d631672e445dbbc.manifest
[2017-05-12 20:30:22 | 000,004,224 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7601.23807_none_5dc567eee3fbf6c1.manifest
[2017-07-07 17:29:10 | 000,004,224 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7601.23864_none_5d818788e42f5262.manifest
[2017-08-11 08:47:12 | 000,004,224 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7601.23889_none_5d70e922e43b08f7.manifest
[2017-09-13 17:37:34 | 000,004,224 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7601.23915_none_5db89954e405dd2b.manifest
[2009-07-14 03:52:31 | 000,002,894 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-s..ive-blackbox-loader_31bf3856ad364e35_6.1.7600.16385_none_6b097e5cb26f7a23.manifest
[2009-07-14 03:15:12 | 000,038,400 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-audio-dmusic_31bf3856ad364e35_6.1.7600.16385_none_45ca7214f0f664cb\dmloader.dll
[2009-07-14 03:03:49 | 000,003,584 | -H-- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7600.16385_none_0a884619dd2388ad\api-ms-win-core-libraryloader-l1-1-0.dll
[2012-11-30 06:45:15 | 000,003,584 | -H-- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.18015_none_0cba39e5da114d7c\api-ms-win-core-libraryloader-l1-1-0.dll
[2013-08-02 03:48:15 | 000,003,584 | -H-- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.18229_none_0cb36eedda15c917\api-ms-win-core-libraryloader-l1-1-0.dll
[2016-01-22 07:59:07 | 000,003,584 | -H-- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.19135_none_0ca4852bda219c26\api-ms-win-core-libraryloader-l1-1-0.dll
[2012-11-30 06:46:37 | 000,003,584 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.22177_none_0d04f7bcf35dc79a\api-ms-win-core-libraryloader-l1-1-0.dll
[2014-04-12 04:03:37 | 000,003,584 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.22653_none_0d169feaf3511c1f\api-ms-win-core-libraryloader-l1-1-0.dll
[2016-01-22 07:58:11 | 000,003,584 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.23338_none_0d3124baf33c851c\api-ms-win-core-libraryloader-l1-1-0.dll
[2016-03-16 20:23:40 | 000,003,584 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.23391_none_0ce9432cf3737b61\api-ms-win-core-libraryloader-l1-1-0.dll
[2016-03-18 00:24:26 | 000,003,584 | -H-- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.23392_none_0cea4376f37294b8\api-ms-win-core-libraryloader-l1-1-0.dll
[2017-03-08 06:21:54 | 000,003,584 | -H-- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.23714_none_0d42cb02f32fdc7a\api-ms-win-core-libraryloader-l1-1-0.dll
[2017-04-17 17:12:13 | 000,003,584 | -H-- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.23775_none_0d02ebc4f35f9d77\api-ms-win-core-libraryloader-l1-1-0.dll
[2017-08-11 08:19:29 | 000,003,584 | -H-- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.23889_none_0cfc1ee6f3641beb\api-ms-win-core-libraryloader-l1-1-0.dll

========== Files - Unicode (All) ==========
[2018-01-18 18:23:29 | 000,013,606 | ---- | M] ()(C:\Users\TDW\Desktop\????.docx) -- C:\Users\TDW\Desktop\מפרט.docx
[2018-01-18 18:23:22 | 000,049,931 | ---- | M] ()(C:\Users\TDW\Desktop\????.pdf) -- C:\Users\TDW\Desktop\מפרט.pdf
[2018-01-18 18:23:22 | 000,049,931 | ---- | C] ()(C:\Users\TDW\Desktop\????.pdf) -- C:\Users\TDW\Desktop\מפרט.pdf
[2018-01-18 18:18:05 | 000,013,606 | ---- | C] ()(C:\Users\TDW\Desktop\????.docx) -- C:\Users\TDW\Desktop\מפרט.docx
[2018-01-09 13:03:33 | 000,027,301 | ---- | M] ()(C:\Users\TDW\Desktop\???? ???? ?????.docx) -- C:\Users\TDW\Desktop\חומר מסכם למבחן.docx
[2018-01-09 13:03:24 | 000,348,344 | ---- | M] ()(C:\Users\TDW\Desktop\????? ?????.pdf) -- C:\Users\TDW\Desktop\סיכום למבחן.pdf
[2018-01-09 12:55:06 | 000,348,344 | ---- | C] ()(C:\Users\TDW\Desktop\????? ?????.pdf) -- C:\Users\TDW\Desktop\סיכום למבחן.pdf
[2017-12-24 14:26:08 | 000,027,301 | ---- | C] ()(C:\Users\TDW\Desktop\???? ???? ?????.docx) -- C:\Users\TDW\Desktop\חומר מסכם למבחן.docx
[2017-09-28 17:14:51 | 000,019,160 | ---- | M] ()(C:\Users\TDW\Desktop\???? ??? ?????? ???? ???.docx) -- C:\Users\TDW\Desktop\השלב הבא בפתיחת מרכז הלב.docx
[2017-09-28 17:14:50 | 000,019,160 | ---- | C] ()(C:\Users\TDW\Desktop\???? ??? ?????? ???? ???.docx) -- C:\Users\TDW\Desktop\השלב הבא בפתיחת מרכז הלב.docx
[2017-09-25 17:20:56 | 000,309,323 | ---- | M] ()(C:\Users\TDW\Desktop\???????.pdf) -- C:\Users\TDW\Desktop\השתלמות.pdf
[2017-09-25 17:20:56 | 000,309,323 | ---- | C] ()(C:\Users\TDW\Desktop\???????.pdf) -- C:\Users\TDW\Desktop\השתלמות.pdf
[2017-09-25 17:19:08 | 000,351,750 | ---- | C] ()(C:\Users\TDW\Desktop\??? ??????? ??? ??? ?????? ???.pdf) -- C:\Users\TDW\Desktop\דוח אלטשולר שחם גמל ופנסיה בעמ.pdf
[2017-09-25 17:19:03 | 000,351,750 | ---- | M] ()(C:\Users\TDW\Desktop\??? ??????? ??? ??? ?????? ???.pdf) -- C:\Users\TDW\Desktop\דוח אלטשולר שחם גמל ופנסיה בעמ.pdf
[2017-07-30 22:59:51 | 000,013,286 | ---- | M] ()(C:\Users\TDW\Documents\???? ???.docx) -- C:\Users\TDW\Documents\מבחן גמר.docx
[2017-07-30 22:59:50 | 000,013,286 | ---- | C] ()(C:\Users\TDW\Documents\???? ???.docx) -- C:\Users\TDW\Documents\מבחן גמר.docx
[2017-07-30 21:06:49 | 000,050,948 | ---- | M] ()(C:\Users\TDW\Desktop\???? ??? - ??? ?????, ?????? ?? ?????.docx) -- C:\Users\TDW\Desktop\מבחן גמר - העת החדשה, תולדות עם ישראל.docx
[2017-07-24 13:52:29 | 000,050,948 | ---- | C] ()(C:\Users\TDW\Desktop\???? ??? - ??? ?????, ?????? ?? ?????.docx) -- C:\Users\TDW\Desktop\מבחן גמר - העת החדשה, תולדות עם ישראל.docx
[2017-07-18 22:33:18 | 000,000,092 | ---- | M] ()(C:\Users\TDW\Desktop\?????? ??????.txt) -- C:\Users\TDW\Desktop\מקורות להדפסה.txt
[2017-07-18 22:33:04 | 000,000,092 | ---- | C] ()(C:\Users\TDW\Desktop\?????? ??????.txt) -- C:\Users\TDW\Desktop\מקורות להדפסה.txt
[2017-06-25 20:39:59 | 000,056,673 | ---- | M] ()(C:\Users\TDW\Desktop\???? - ????? ??? - ????? ??????? ?????.docx) -- C:\Users\TDW\Desktop\המשך - עבודת גמר - יהדות בולגריה בשואה.docx
[2017-06-19 20:35:57 | 000,094,355 | ---- | M] ()(C:\Users\TDW\Desktop\????? ?????????? - ??? ??? ?? ????.docx) -- C:\Users\TDW\Desktop\עבודה סמינריונית - רבי דוד בן חסין.docx
[2017-06-19 20:34:55 | 000,094,398 | ---- | M] ()(C:\Users\TDW\Desktop\???? ???-????, ????? ??????????-???? ????? ?? ??? ??? ?? ????.docx) -- C:\Users\TDW\Desktop\מלכה כהן-נהרי, עבודה סמינריונית-שירי חתונה של רבי דוד בן חסין.docx
[2017-06-19 20:34:54 | 000,094,398 | ---- | C] ()(C:\Users\TDW\Desktop\???? ???-????, ????? ??????????-???? ????? ?? ??? ??? ?? ????.docx) -- C:\Users\TDW\Desktop\מלכה כהן-נהרי, עבודה סמינריונית-שירי חתונה של רבי דוד בן חסין.docx
[2017-06-15 11:36:52 | 000,042,417 | ---- | M] ()(C:\Users\TDW\Desktop\????? ????? ?? ??? - ???????? ???? ?????.docx) -- C:\Users\TDW\Desktop\תיקון ראשון של אתי - סמינריון שירי חתונה.docx
[2017-06-15 11:36:51 | 000,042,417 | ---- | C] ()(C:\Users\TDW\Desktop\????? ????? ?? ??? - ???????? ???? ?????.docx) -- C:\Users\TDW\Desktop\תיקון ראשון של אתי - סמינריון שירי חתונה.docx
[2017-06-14 11:59:21 | 000,000,162 | -H-- | M] ()(C:\Users\TDW\Desktop\~$??? ?????????? - ??? ??? ?? ????.docx) -- C:\Users\TDW\Desktop\~$ודה סמינריונית - רבי דוד בן חסין.docx
[2017-06-14 11:59:21 | 000,000,162 | -H-- | C] ()(C:\Users\TDW\Desktop\~$??? ?????????? - ??? ??? ?? ????.docx) -- C:\Users\TDW\Desktop\~$ודה סמינריונית - רבי דוד בן חסין.docx
[2017-06-12 10:02:00 | 000,094,355 | ---- | C] ()(C:\Users\TDW\Desktop\????? ?????????? - ??? ??? ?? ????.docx) -- C:\Users\TDW\Desktop\עבודה סמינריונית - רבי דוד בן חסין.docx
[2017-05-23 16:04:31 | 000,025,781 | ---- | M] ()(C:\Users\TDW\Desktop\????? ??? ????? ????? ???? ?????? ?????? ?????.docx) -- C:\Users\TDW\Desktop\עבודת גמר בקורס יהדות ספרד והמזרח בתקופת השואה.docx
[2017-05-23 15:55:08 | 000,056,673 | ---- | C] ()(C:\Users\TDW\Desktop\???? - ????? ??? - ????? ??????? ?????.docx) -- C:\Users\TDW\Desktop\המשך - עבודת גמר - יהדות בולגריה בשואה.docx
[2017-05-22 10:48:46 | 000,025,781 | ---- | C] ()(C:\Users\TDW\Desktop\????? ??? ????? ????? ???? ?????? ?????? ?????.docx) -- C:\Users\TDW\Desktop\עבודת גמר בקורס יהדות ספרד והמזרח בתקופת השואה.docx
[2017-05-18 19:04:14 | 000,050,151 | ---- | M] ()(C:\Users\TDW\Desktop\????? 1 - ????? ???? - 18.5.17.docx) -- C:\Users\TDW\Desktop\טיוטה 1 - קולות נשים - 18.5.17.docx
[2017-05-18 11:51:53 | 000,017,081 | ---- | M] ()(C:\Users\TDW\Desktop\????? ?????? - ????? ????.docx) -- C:\Users\TDW\Desktop\טיוטה עדכנית - קולות נשים.docx
[2017-05-18 11:51:52 | 000,017,081 | ---- | C] ()(C:\Users\TDW\Desktop\????? ?????? - ????? ????.docx) -- C:\Users\TDW\Desktop\טיוטה עדכנית - קולות נשים.docx
[2017-05-18 11:41:48 | 000,050,151 | ---- | C] ()(C:\Users\TDW\Desktop\????? 1 - ????? ???? - 18.5.17.docx) -- C:\Users\TDW\Desktop\טיוטה 1 - קולות נשים - 18.5.17.docx
[2017-05-18 11:30:44 | 000,380,290 | ---- | M] ()(C:\Users\TDW\Documents\????.pdf) -- C:\Users\TDW\Documents\מבוא.pdf
[2017-05-18 11:29:24 | 000,380,290 | ---- | C] ()(C:\Users\TDW\Documents\????.pdf) -- C:\Users\TDW\Documents\מבוא.pdf
[2017-02-08 17:48:23 | 000,009,234 | ---- | M] ()(C:\Users\TDW\Documents\?????1.xlsx) -- C:\Users\TDW\Documents\חוברת1.xlsx
[2017-02-08 17:48:23 | 000,009,234 | ---- | C] ()(C:\Users\TDW\Documents\?????1.xlsx) -- C:\Users\TDW\Documents\חוברת1.xlsx
[2016-05-19 22:13:59 | 000,000,162 | -H-- | M] ()(C:\Users\TDW\Desktop\~$??? ???? ?????.docx) -- C:\Users\TDW\Desktop\~$ודת סיום בקורס.docx
[2016-05-19 22:13:59 | 000,000,162 | -H-- | C] ()(C:\Users\TDW\Desktop\~$??? ???? ?????.docx) -- C:\Users\TDW\Desktop\~$ודת סיום בקורס.docx
[2015-11-06 12:49:25 | 000,000,000 | --SD | M](C:\Users\TDW\Documents\?????? ??????? ???) -- C:\Users\TDW\Documents\מקורות הנתונים שלי
[2015-11-06 12:49:25 | 000,000,000 | --SD | C](C:\Users\TDW\Documents\?????? ??????? ???) -- C:\Users\TDW\Documents\מקורות הנתונים שלי
[2015-08-31 18:34:33 | 000,000,000 | ---D | M](C:\Users\TDW\Desktop\??? ??????) -- C:\Users\TDW\Desktop\אמא קורסים
[2015-06-08 20:50:52 | 000,000,000 | ---D | C](C:\Users\TDW\Desktop\??? ??????) -- C:\Users\TDW\Desktop\אמא קורסים
[2015-05-26 19:13:49 | 000,039,844 | ---- | M] ()(C:\Users\TDW\Documents\??? ????? ??????? - ????? ???? ????, ???? ???-????.docx) -- C:\Users\TDW\Documents\שות כמקור היסטורי - עבודת סיום קורס, מלכה כהן-נהרי.docx
[2015-05-20 12:01:33 | 000,039,844 | ---- | C] ()(C:\Users\TDW\Documents\??? ????? ??????? - ????? ???? ????, ???? ???-????.docx) -- C:\Users\TDW\Documents\שות כמקור היסטורי - עבודת סיום קורס, מלכה כהן-נהרי.docx
[2013-06-27 16:52:35 | 000,000,193 | ---- | M] ()(C:\Users\TDW\Documents\???? ???? ????.rtf) -- C:\Users\TDW\Documents\ססמא יאיר דואל.rtf
[2013-06-27 16:52:35 | 000,000,193 | ---- | C] ()(C:\Users\TDW\Documents\???? ???? ????.rtf) -- C:\Users\TDW\Documents\ססמא יאיר דואל.rtf
[2013-06-19 20:54:12 | 000,016,837 | ---- | M] ()(C:\Users\TDW\Documents\?????? - ????.docx) -- C:\Users\TDW\Documents\וובינר - לירז.docx
[2013-06-19 20:54:12 | 000,016,837 | ---- | C] ()(C:\Users\TDW\Documents\?????? - ????.docx) -- C:\Users\TDW\Documents\וובינר - לירז.docx
[2013-06-15 21:21:25 | 000,016,927 | ---- | M] ()(C:\Users\TDW\Documents\??????? - ???????.docx) -- C:\Users\TDW\Documents\ביקורים - תיאומים.docx
[2013-06-15 21:21:24 | 000,016,927 | ---- | C] ()(C:\Users\TDW\Documents\??????? - ???????.docx) -- C:\Users\TDW\Documents\ביקורים - תיאומים.docx

< End of report >

Re: Pomalý počítač po odstranění malware

Napsal: 18 led 2018 20:33
od Cliché
OTL Extras logfile created on: 18-Jan-18 9:11:53 PM - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Cleaning
Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.18860)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: dd-MMM-yy

3.49 Gb Total Physical Memory | 1.41 Gb Available Physical Memory | 40.49% Memory free
6.98 Gb Paging File | 4.89 Gb Available in Paging File | 69.99% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 465.66 Gb Total Space | 210.38 Gb Free Space | 45.18% Space Free | Partition Type: NTFS

Computer Name: USER-PC | User Name: TDW | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0B35DA02-7CEA-439F-AA1F-A3036ED0A6A7}" = lport=10243 | protocol=6 | dir=in | app=system |
"{0C9DEDD9-849C-45A7-8123-F83CFDC63BAA}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{1C9A111B-4695-4129-8CC3-8EC8EA1344A9}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{2025F2BF-4103-4DEC-9CF9-12F25DBB4FD4}" = lport=2869 | protocol=6 | dir=in | app=system |
"{228DB114-F1D2-414B-87A4-E4418AC150FC}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{345257F5-6C2D-4B2E-AE36-CB62C06D6B10}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{36098344-4401-4226-ACCB-DB84E6501D0C}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{3E2B6090-31F9-4137-BD9B-F9AF0ACB084E}" = lport=445 | protocol=6 | dir=in | app=system |
"{3F648397-CD08-4028-8E72-2F8C923F8FE3}" = lport=49499 | protocol=6 | dir=in | name=akamai netsession interface |
"{457678A1-C2D0-4B44-8D70-A811DD9741C4}" = rport=137 | protocol=17 | dir=out | app=system |
"{4A06A43B-D795-43A3-8964-A1B3356AE893}" = lport=5000 | protocol=17 | dir=in | name=akamai netsession interface |
"{4CD22E5A-7124-42F2-A113-47E6761F1F20}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{4DD6801B-7D12-44BC-95D5-36BAC6B5B247}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{4EC4BD35-8E36-487F-AFB8-353AE85456F2}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{58F8DD00-8789-476B-AFD6-C23B7727C26B}" = rport=139 | protocol=6 | dir=out | app=system |
"{5AD38050-823E-4976-81CB-AA3C89EE6C9B}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{6496AE51-002E-4869-AC22-F1CC2A403C76}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{73066EC1-B3A9-431F-B1B1-C04D5B2B2618}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{7EAD1E6A-CD58-4D58-BDC4-7CFFB238977A}" = lport=47995 | protocol=17 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamer.exe |
"{837D6225-5EC4-4F00-AC4A-80CE79819FE7}" = lport=35043 | protocol=6 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamer.exe |
"{8F15B0D9-6818-476F-BB33-AA927F2614BF}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{8FF836B3-EA2E-41DF-8E88-B3B4A8986FA4}" = lport=5353 | protocol=17 | dir=in | app=c:\users\tdw\appdata\local\programs\opera\48.0.2685.50\opera.exe |
"{A237AF85-07F8-4BF2-BA0E-C9C1E62A82C4}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{A3F08658-47CE-4FE9-B50D-42B0E94C9C95}" = lport=5353 | protocol=17 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamnetworkservice.exe |
"{A53B6314-015C-4D25-9C03-B6ED15C38593}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{A69BAAA5-2632-4A8E-BBCF-A2357C79A583}" = lport=47998 | protocol=17 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamuseragent.exe |
"{B154AEAE-697C-499D-99B1-88F435D14F29}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office14\outlook.exe |
"{B8C46A1F-395F-4EFC-8B49-ED9136F39D78}" = lport=137 | protocol=17 | dir=in | app=system |
"{BA6056DE-A2E4-4592-81CF-99C25EE52514}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{BAFD7EDD-7B8E-41E3-A719-40CA5E2917F2}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{BE479846-5208-46BB-891C-AD417DE3E106}" = lport=138 | protocol=17 | dir=in | app=system |
"{C1C70886-4D11-4E37-9A01-EF37D9513721}" = lport=5353 | protocol=17 | dir=in | app=c:\program files\google\chrome\application\chrome.exe |
"{C5B72CAD-AA34-424D-8441-D457B0EA3A56}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{CB13E737-06EF-44C6-9394-DE6E7652D22A}" = lport=47984 | protocol=6 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamnetworkservice.exe |
"{D32DC071-F023-4EA4-8C2E-CFD1C090CD94}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{D7AACAEB-F28A-4783-B5D7-D6A771E444B7}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{DF085BF1-A320-47FD-B849-6FF35A357742}" = lport=139 | protocol=6 | dir=in | app=system |
"{DFDC2732-4220-45C6-990E-9DACE0B1A714}" = rport=10243 | protocol=6 | dir=out | app=system |
"{ECB0DA81-DD9B-4EF9-9131-0FBC2F9D36A1}" = rport=138 | protocol=17 | dir=out | app=system |
"{F787D0CE-35AA-4EC5-9C85-2AE7ED1A3C58}" = rport=445 | protocol=6 | dir=out | app=system |
"{F9DA1587-2855-4E18-8EB2-283905232ADE}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{1161E72E-84D0-46C8-8D36-6CB1168CD77D}" = protocol=6 | dir=in | app=c:\users\tdw\appdata\roaming\systemprocess\systemprocess.exe |
"{1190EFB4-FAC0-48E6-B8EC-34AE863DD79E}" = protocol=17 | dir=in | app=c:\nexon\maplestory\nxsteam.exe |
"{1403D39D-E57C-49E4-91FE-525D857B1FD0}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{160E6E3D-36D9-425B-AF48-D2FED5F47ABE}" = protocol=17 | dir=in | app=c:\users\user\appdata\local\akamai\netsession_win.exe |
"{1A9C0D13-B33C-47D9-BA5A-D95A5007B543}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |
"{1D510134-4B25-4A05-97CD-EAA149231923}" = protocol=6 | dir=in | app=c:\users\tdw\appdata\roaming\utorrent\utorrent.exe |
"{21E48493-1F0E-48FC-8F2B-C36FC077A616}" = protocol=58 | dir=out | name=@iphlpsvc.dll,-503 |
"{2455543C-0D4F-4E15-98F1-EAF68828D708}" = protocol=17 | dir=in | app=c:\program files\popcorn time\updater.exe |
"{327AC42E-1B48-445D-8B7D-07445218482E}" = protocol=17 | dir=in | app=c:\program files\steam\bin\cef\cef.win7\steamwebhelper.exe |
"{33B30456-46EE-4A49-A2FC-9EEC18C0D45D}" = protocol=17 | dir=in | app=c:\program files\goforfiles\goforfiles.exe |
"{3E5594D9-6FB4-465E-8E28-633BAE32A90B}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{440C54CB-D868-49A4-AB38-F88DCC685AC0}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{44280504-F9B5-4DA5-820E-E2ED588A83A4}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{44700AA7-0094-4AD8-89A8-C0FD5333FE92}" = protocol=17 | dir=in | app=c:\program files\popcorn time\chromecast\node.exe |
"{44DA2AB8-EA29-4A6C-AB40-BA5CB29DB64A}" = protocol=17 | dir=in | app=c:\program files\steam\bin\steamwebhelper.exe |
"{45A41952-13F8-467B-BA5D-A6B33B9D955A}" = protocol=17 | dir=in | app=c:\users\tdw\appdata\roaming\systemprocess\systemprocess.exe |
"{476FB747-C0A0-4054-8DD2-DD6D916B7776}" = protocol=6 | dir=in | app=c:\programdata\nexonus\ngm\ngm.exe |
"{4A483A83-E6F4-4D0B-BDBB-2CD253FD5012}" = protocol=17 | dir=in | app=c:\program files\expressfiles\expressdl.exe |
"{4C1DE023-5F2D-42D7-94BB-3C1A539E6582}" = dir=in | app=c:\users\tdw\appdata\local\temp\showmypc\-showmypc\tvnserver.exe |
"{4D2FF0BA-3662-4415-AB34-F455F28AFF21}" = dir=in | app=c:\program files\dragon's prophet (game)\launcher.exe |
"{4D7E7CA4-E999-47D7-BAAB-1E673EFB84DE}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{4F7C41EE-B83E-44EC-82DE-4A24D1DD3303}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\transformice\transformice.exe |
"{4FB75942-6ED0-460F-927D-03AE31EE31C9}" = protocol=6 | dir=in | app=c:\program files\steam\steam.exe |
"{4FC1068D-72C1-4A5A-AEBD-0E46EE2EB0B0}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{5171407A-83E6-496C-ACDF-2BE5D7C038F3}" = protocol=17 | dir=in | app=c:\programdata\nexonus\ngm\ngm.exe |
"{52856F35-9218-47B0-A3B4-5C28CDB459AD}" = dir=in | app=c:\program files\dragon's prophet (game)\dp_x86.exe |
"{5474B193-AAB6-4512-ABFB-0EB207D63717}" = protocol=17 | dir=in | app=c:\users\tdw\appdata\roaming\utorrent\utorrent.exe |
"{59D69DD9-2E93-4946-A65D-4EC73D64CB5C}" = protocol=6 | dir=in | app=c:\koggames\elsword\data\x2.exe |
"{5E86803E-F45B-44E0-BD3C-69736217356C}" = protocol=6 | dir=in | app=c:\program files\popcorn time\popcorntimedesktop.exe |
"{61B8EC39-FCA2-403D-A19B-5BDE7C3F093A}" = protocol=6 | dir=in | app=c:\nexon\maplestory\nxsteam.exe |
"{666890D1-EAAF-4698-83E6-131A3D0EFC48}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{6AD27EF7-9E4B-4960-9FBD-5BB71AC45559}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{6B086C99-7F3B-4599-A5EC-6FF0E1712C5A}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\transformice\transformice.exe |
"{6B48C232-4725-4F15-970D-2B8FC37A6E59}" = protocol=6 | dir=in | app=c:\nexon\maplestory\setup.exe |
"{6C8A635A-FBAE-4814-97FC-6A2524262F55}" = protocol=17 | dir=in | app=c:\nexon\maplestory\setup.exe |
"{702D34B7-F259-494C-88CE-A7B4BD91616B}" = dir=out | app=c:\program files\dragon's prophet (game)\dp_x64.exe |
"{713F40E2-EFB5-493D-AFA1-FC1EA499578A}" = protocol=17 | dir=in | app=c:\program files\ubisoft\might & magic heroes vi - game official demo\might & magic heroes vi.exe |
"{73155B89-A6A2-4701-AEBC-AC437B8F9BD8}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{79C96A0D-C7E0-49F5-A5F0-EE3EB7D6F996}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\groove.exe |
"{7B0E9B86-A628-4EDB-9689-8C34AEBCCFAF}" = protocol=17 | dir=in | app=c:\koggames\elsword\data\x2.exe |
"{86E20E4D-DEAD-40D5-BE7C-F37D3B0317BE}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{90A61554-42FF-44ED-8A13-F990D39AF9EC}" = protocol=58 | dir=in | app=system |
"{912DDE0F-0AAA-4CAC-A66B-C98E8686B313}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\groove.exe |
"{91C57CEE-75CF-4C64-B1FC-9442060CCFA4}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\kingdom rush\kingdom rush.exe |
"{931AC6E2-E689-4F25-A82D-7D3663B92451}" = dir=out | app=c:\program files\dragon's prophet (game)\launcher.exe |
"{955260D4-5D39-43C1-A714-A01CCDCA88F7}" = protocol=6 | dir=in | app=c:\nexon\maplestory\gamelauncher.exe |
"{956C75E4-7C76-4214-ABA1-AB0077E96B92}" = protocol=17 | dir=in | app=c:\program files\expressfiles\expressfiles.exe |
"{9604DB96-52C2-428F-AA96-68A6AEBBCD36}" = protocol=17 | dir=in | app=c:\users\tdw\desktop\jonathan studies do not erase!\solidworks\solidworks\swscheduler\dtscoordinatorservice.exe |
"{9CAAE851-D8F6-42E1-BB90-0ABAD7C26E86}" = protocol=6 | dir=in | app=c:\users\tdw\desktop\jonathan studies do not erase!\solidworks\solidworks\swscheduler\dtscoordinatorservice.exe |
"{A41063BB-3E4B-465E-810F-A4CC6333B651}" = protocol=6 | dir=in | app=c:\program files\ubisoft\might & magic heroes vi - game official demo\might & magic heroes vi.exe |
"{A7BEBA25-D1DE-4FD1-AA56-68416F817169}" = protocol=17 | dir=in | app=c:\nexon\maplestory\maplestory.exe |
"{A8304BC4-8555-4E12-9F67-4CF9AB5FE248}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{A84018DC-A728-45BD-9C7D-8DAB81656A4D}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{A8C4EBBB-FEC4-4D9C-9387-0EA7BA121B76}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\kingdom rush\kingdom rush.exe |
"{A909DFE7-362C-44D3-9A4E-D2B15B27686D}" = protocol=6 | dir=in | app=c:\nexon\maplestory\etracer.exe |
"{AD9EAD9F-B1C7-4A08-AA21-66ACFDE90C74}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{ADBBCCFA-5B44-4C1C-9F38-886A090CE0A3}" = protocol=6 | dir=in | app=c:\program files\steam\bin\cef\cef.win7\steamwebhelper.exe |
"{B0698859-F5BE-419A-89C0-63A87D8EB193}" = protocol=6 | dir=in | app=c:\programdata\nexonus\ngm\ngm.exe |
"{B2E28C16-BBFD-4396-96D0-334BF3C0E18F}" = protocol=6 | dir=in | app=c:\users\user\appdata\local\akamai\netsession_win.exe |
"{B49759F6-733C-44B3-BB3C-AD427A7560B8}" = protocol=6 | dir=in | app=c:\program files\popcorn time\updater.exe |
"{BC9FE2BA-E0E5-4FD4-A038-F82BF725D5F5}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{BF4A484D-46B1-4157-9AEC-65539123A35B}" = protocol=6 | dir=in | app=c:\nexon\maplestory\maplestory.exe |
"{C0D08202-3A3B-4456-BCF2-136E83D66F41}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{C1160032-8C70-402C-A583-1CDCB7E9ADEE}" = protocol=6 | dir=in | app=c:\program files\goforfiles\goforfilesdl.exe |
"{C2C60C41-0196-4C95-9C11-F45CE470E9DC}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{C7115288-0E41-4F9A-ADAB-849F1D8B90B2}" = protocol=17 | dir=in | app=c:\program files\goforfiles\goforfilesdl.exe |
"{C9FEBD0F-E785-4CC8-BCBC-B9696EBAB524}" = protocol=17 | dir=in | app=c:\nexon\maplestory\etracer.exe |
"{CF13FBAB-BA68-4AF3-AC10-B37A1A54412C}" = protocol=6 | dir=in | app=c:\program files\expressfiles\expressfiles.exe |
"{D8322C20-68D9-4E70-AE09-C4A3B1AFA3BB}" = protocol=17 | dir=in | app=c:\program files\steam\steam.exe |
"{D891DECA-0D48-4A0F-9E9D-7F80E48012D8}" = dir=in | app=c:\program files\dragon's prophet (game)\dp_x64.exe |
"{D9BB816E-74FD-4E52-B1C5-591F1CE12E72}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |
"{DB969D94-1E87-41FA-B60C-44690562E4EB}" = protocol=6 | dir=in | app=c:\program files\popcorn time\chromecast\node.exe |
"{E018C2F5-98B4-47FC-B741-A11D5CFD01DB}" = protocol=6 | dir=in | app=c:\program files\steam\bin\steamwebhelper.exe |
"{E4D59296-D58D-4D6F-8D62-EBD7D1F1CBB3}" = dir=in | app=c:\users\tdw\appdata\local\temp\showmypc\-showmypc\smpcsetup.exe |
"{E8450F88-E969-4F5B-9D3E-C8F79A15DE93}" = protocol=6 | dir=out | app=system |
"{E990B8FF-3611-46E5-A994-9362282014EE}" = protocol=17 | dir=in | app=c:\nexon\maplestory\gamelauncher.exe |
"{EB23E3F2-7181-49B4-8B24-EB908B7EAB0E}" = protocol=17 | dir=in | app=c:\programdata\nexonus\ngm\ngm.exe |
"{F08A5D4A-08D4-48EF-9AD2-B0DBCC5CD159}" = protocol=6 | dir=in | app=c:\program files\expressfiles\expressdl.exe |
"{F29D8CEF-17A8-4B14-81A2-9A58E576D111}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{F3535524-EFF5-4BA0-ACDB-9EB7EDD5FC5A}" = protocol=6 | dir=in | app=c:\program files\goforfiles\goforfiles.exe |
"{F4C4ADA0-9CEB-4A19-8873-81343142B46C}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{F9AAB1B1-C673-4E66-8995-8EA75E3FE958}" = protocol=17 | dir=in | app=c:\program files\popcorn time\popcorntimedesktop.exe |
"{FC5BD682-8776-4355-A78D-EC7DB7342C11}" = dir=out | app=c:\program files\dragon's prophet (game)\dp_x86.exe |
"TCP Query User{0865282C-67E0-4EF7-A07F-6DBD228471AE}C:\program files\microsoft office\office14\groove.exe" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\groove.exe |
"TCP Query User{16E77583-7344-4635-BBE8-728B8386897B}C:\program files\microsoft virtual pc\virtual pc.exe" = protocol=6 | dir=in | app=c:\program files\microsoft virtual pc\virtual pc.exe |
"TCP Query User{1739FD15-A27D-4EF9-BBBF-E1BE1FB4A9B7}C:\program files\java\jre7\bin\jp2launcher.exe" = protocol=6 | dir=in | app=c:\program files\java\jre7\bin\jp2launcher.exe |
"TCP Query User{1C0DCB7A-10E6-447F-8545-2CBB5BC16137}C:\program files\counter-strike 1.6\hl.exe" = protocol=6 | dir=in | app=c:\program files\counter-strike 1.6\hl.exe |
"TCP Query User{216143FF-DB53-4A8A-867D-EBC4D4F77055}C:\games\world_of_tanks\wotlauncher.exe" = protocol=6 | dir=in | app=c:\games\world_of_tanks\wotlauncher.exe |
"TCP Query User{2B724F42-5204-4C16-9FE5-3C69A9197B00}C:\program files\counter strike - condition zero (ultimate edition)\czero.exe" = protocol=6 | dir=in | app=c:\program files\counter strike - condition zero (ultimate edition)\czero.exe |
"TCP Query User{459227DD-625D-43EF-B201-79DD05DE36BF}C:\skype\phone\skype.exe" = protocol=6 | dir=in | app=c:\skype\phone\skype.exe |
"TCP Query User{5514EF2E-B013-4401-B949-9E841FD91DA6}C:\users\user\appdata\local\akamai\netsession_win.exe" = protocol=6 | dir=in | app=c:\users\user\appdata\local\akamai\netsession_win.exe |
"TCP Query User{55B17637-3749-477B-995A-FF8863FEE236}C:\users\tdw\appdata\local\akamai\netsession_win.exe" = protocol=6 | dir=in | app=c:\users\tdw\appdata\local\akamai\netsession_win.exe |
"TCP Query User{5BB39BF8-B9D0-4162-AD00-C0A419A306B3}C:\users\tdw\eclipse\committers-neon\eclipse\eclipse.exe" = protocol=6 | dir=in | app=c:\users\tdw\eclipse\committers-neon\eclipse\eclipse.exe |
"TCP Query User{5CA6F8CF-C65C-47C3-885C-9FE1EE386B4F}C:\program files\steam\steamapps\common\terraria\terrariaserver.exe" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\terraria\terrariaserver.exe |
"TCP Query User{61469E9E-E061-4E55-8CCB-C5E4A537FEB2}C:\program files\condition zero\hl.exe" = protocol=6 | dir=in | app=c:\program files\condition zero\hl.exe |
"TCP Query User{64AF1F24-486F-4598-9FDF-400747BE6F5C}C:\program files\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe |
"TCP Query User{75151CB8-C76B-4F42-8965-FADB4EFC7475}C:\counter strike\counter strike + condition zero\condition zero\czero.exe" = protocol=6 | dir=in | app=c:\counter strike\counter strike + condition zero\condition zero\czero.exe |
"TCP Query User{7681F943-454D-4382-97AC-824978D2F632}C:\need for speed most wanted\need for speed most wanted\speed.exe" = protocol=6 | dir=in | app=c:\need for speed most wanted\need for speed most wanted\speed.exe |
"TCP Query User{83859D3F-CFBE-4A81-9963-D2D427669326}C:\riot games\league of legends\rads\projects\lol_patcher\releases\0.0.0.14\deploy\lolpatcher.exe" = protocol=6 | dir=in | app=c:\riot games\league of legends\rads\projects\lol_patcher\releases\0.0.0.14\deploy\lolpatcher.exe |
"TCP Query User{8718F9E8-BDA5-4651-8CFC-A217997C7AA6}C:\ellina\maplestory\maplestory.exe" = protocol=6 | dir=in | app=c:\ellina\maplestory\maplestory.exe |
"TCP Query User{A6B5DB0A-EF91-4C8D-936C-F40088E37BA7}C:\games\world_of_tanks\worldoftanks.exe" = protocol=6 | dir=in | app=c:\games\world_of_tanks\worldoftanks.exe |
"TCP Query User{AB70FB85-FB39-4B4C-99D9-26A0EB37E1C1}C:\users\tdw\appdata\local\akamai\netsession_win.exe" = protocol=6 | dir=in | app=c:\users\tdw\appdata\local\akamai\netsession_win.exe |
"TCP Query User{B142CA72-A039-452E-8342-5A0342A301AA}C:\program files\counter-strike 1.6\hltv.exe" = protocol=6 | dir=in | app=c:\program files\counter-strike 1.6\hltv.exe |
"TCP Query User{B2F4C0B6-31E0-48BC-BBA2-43FBA45C3D83}C:\program files\counter-strike 1.6\hl.exe" = protocol=6 | dir=in | app=c:\program files\counter-strike 1.6\hl.exe |
"TCP Query User{B47F432C-02AF-4C45-9AA7-E2B315BAEC59}C:\users\tdw\eclipse\java-mars\eclipse\eclipse.exe" = protocol=6 | dir=in | app=c:\users\tdw\eclipse\java-mars\eclipse\eclipse.exe |
"TCP Query User{B622D4A7-E930-4516-AF6F-3A37D58D036F}C:\program files\electronic arts\eadm\core.exe" = protocol=6 | dir=in | app=c:\program files\electronic arts\eadm\core.exe |
"TCP Query User{BC54475A-4EDF-4BFA-A5BF-B7A8D0D6F56B}C:\riot games\league of legends\rads\projects\lol_patcher\releases\0.0.0.14\deploy\lolpatcherux.exe" = protocol=6 | dir=in | app=c:\riot games\league of legends\rads\projects\lol_patcher\releases\0.0.0.14\deploy\lolpatcherux.exe |
"TCP Query User{C2AD23E9-AD6B-4C31-BE2F-9EC711F78482}C:\program files\condition zero\hl.exe" = protocol=6 | dir=in | app=c:\program files\condition zero\hl.exe |
"TCP Query User{CBBE9329-8871-44FD-ADAD-52681994FB9B}C:\windows\system32\javaw.exe" = protocol=6 | dir=in | app=c:\windows\system32\javaw.exe |
"TCP Query User{D8D92CF4-0D0B-4C5F-BEA8-2F4D253E1F88}C:\program files\lolreplay\lolreplay.exe" = protocol=6 | dir=in | app=c:\program files\lolreplay\lolreplay.exe |
"TCP Query User{D9939481-9819-4C01-9722-B30B6261B54C}C:\users\tdw\appdata\local\temp\hydcb5a.tmp.1471938581_permissionscopy\utorrent.exe" = protocol=6 | dir=in | app=c:\users\tdw\appdata\local\temp\hydcb5a.tmp.1471938581_permissionscopy\utorrent.exe |
"TCP Query User{DC89665F-D783-44A8-B096-5C29875324FA}C:\users\tdw\eclipse\java-mars\eclipse\eclipse.exe" = protocol=6 | dir=in | app=c:\users\tdw\eclipse\java-mars\eclipse\eclipse.exe |
"TCP Query User{E90AA60B-C647-4F7B-B7E9-99FD1D6FD717}C:\ellina\maplestory\ellinia.exe" = protocol=6 | dir=in | app=c:\ellina\maplestory\ellinia.exe |
"TCP Query User{E92FA4E6-5921-4520-8ACA-CAE9EE0E7BC4}C:\need for speed most wanted\need for speed most wanted\speed.exe" = protocol=6 | dir=in | app=c:\need for speed most wanted\need for speed most wanted\speed.exe |
"TCP Query User{F209A386-2597-4E52-AD0E-053B90DE5214}C:\program files\electronic arts\eadm\core.exe" = protocol=6 | dir=in | app=c:\program files\electronic arts\eadm\core.exe |
"TCP Query User{F69428F3-F5A5-4DAB-92D2-881C7C0892F8}C:\program files\kol halashon\kol halashon download manager\khl download manager.exe" = protocol=6 | dir=in | app=c:\program files\kol halashon\kol halashon download manager\khl download manager.exe |
"TCP Query User{F7B53B43-5723-4004-99B0-BA614294E032}C:\counter strike\counter strike + condition zero\condition zero\czero.exe" = protocol=6 | dir=in | app=c:\counter strike\counter strike + condition zero\condition zero\czero.exe |
"TCP Query User{F9249045-F62F-473F-95F3-3730449E38C5}C:\windows\system32\javaw.exe" = protocol=6 | dir=in | app=c:\windows\system32\javaw.exe |
"UDP Query User{086CBE13-6EAD-489E-91A0-E6B40B9ED532}C:\games\world_of_tanks\worldoftanks.exe" = protocol=17 | dir=in | app=c:\games\world_of_tanks\worldoftanks.exe |
"UDP Query User{09895274-21DC-451E-A716-006B6F1431F1}C:\program files\electronic arts\eadm\core.exe" = protocol=17 | dir=in | app=c:\program files\electronic arts\eadm\core.exe |
"UDP Query User{119C1548-0ACF-4806-BEAE-4089D91BF1FE}C:\windows\system32\javaw.exe" = protocol=17 | dir=in | app=c:\windows\system32\javaw.exe |
"UDP Query User{12E10154-57E1-4D56-9E61-D1758C97D30D}C:\counter strike\counter strike + condition zero\condition zero\czero.exe" = protocol=17 | dir=in | app=c:\counter strike\counter strike + condition zero\condition zero\czero.exe |
"UDP Query User{169C6FCD-08D1-4A8C-8338-50EDFFA08379}C:\program files\counter-strike 1.6\hl.exe" = protocol=17 | dir=in | app=c:\program files\counter-strike 1.6\hl.exe |
"UDP Query User{2C03B740-7D0C-4795-862F-6A0EA7604A39}C:\ellina\maplestory\maplestory.exe" = protocol=17 | dir=in | app=c:\ellina\maplestory\maplestory.exe |
"UDP Query User{30321B7A-938E-40BD-A12B-631E7E7BC8C9}C:\program files\counter strike - condition zero (ultimate edition)\czero.exe" = protocol=17 | dir=in | app=c:\program files\counter strike - condition zero (ultimate edition)\czero.exe |
"UDP Query User{30C40E46-9353-4190-B75E-FF5FD12FD931}C:\skype\phone\skype.exe" = protocol=17 | dir=in | app=c:\skype\phone\skype.exe |
"UDP Query User{33C13407-0D33-4C68-845D-D884E1192B7D}C:\users\tdw\eclipse\committers-neon\eclipse\eclipse.exe" = protocol=17 | dir=in | app=c:\users\tdw\eclipse\committers-neon\eclipse\eclipse.exe |
"UDP Query User{4294D326-FB80-4D50-9202-4CE375521E56}C:\program files\condition zero\hl.exe" = protocol=17 | dir=in | app=c:\program files\condition zero\hl.exe |
"UDP Query User{49B88382-3F0E-4EC5-8D62-BBFD14AC74D7}C:\riot games\league of legends\rads\projects\lol_patcher\releases\0.0.0.14\deploy\lolpatcher.exe" = protocol=17 | dir=in | app=c:\riot games\league of legends\rads\projects\lol_patcher\releases\0.0.0.14\deploy\lolpatcher.exe |
"UDP Query User{4ACBEF1D-167A-4EE5-BDBB-8A45E8560074}C:\riot games\league of legends\rads\projects\lol_patcher\releases\0.0.0.14\deploy\lolpatcherux.exe" = protocol=17 | dir=in | app=c:\riot games\league of legends\rads\projects\lol_patcher\releases\0.0.0.14\deploy\lolpatcherux.exe |
"UDP Query User{508CB5F9-7A96-48C6-86D0-E57AB894F692}C:\users\tdw\eclipse\java-mars\eclipse\eclipse.exe" = protocol=17 | dir=in | app=c:\users\tdw\eclipse\java-mars\eclipse\eclipse.exe |
"UDP Query User{5CE52326-3DB1-4CE9-8B85-2CD6F66A8055}C:\windows\system32\javaw.exe" = protocol=17 | dir=in | app=c:\windows\system32\javaw.exe |
"UDP Query User{5FE78AE6-8A3F-4FB7-8E26-D3A9D98D7869}C:\users\tdw\eclipse\java-mars\eclipse\eclipse.exe" = protocol=17 | dir=in | app=c:\users\tdw\eclipse\java-mars\eclipse\eclipse.exe |
"UDP Query User{61B6C7DA-C0A5-4C88-A781-39BB95630B2C}C:\need for speed most wanted\need for speed most wanted\speed.exe" = protocol=17 | dir=in | app=c:\need for speed most wanted\need for speed most wanted\speed.exe |
"UDP Query User{6655F048-8768-4375-AC30-D6901C26C12C}C:\program files\java\jre7\bin\jp2launcher.exe" = protocol=17 | dir=in | app=c:\program files\java\jre7\bin\jp2launcher.exe |
"UDP Query User{6F69BE84-9664-4057-ACB3-5B8E42CC6E97}C:\users\tdw\appdata\local\akamai\netsession_win.exe" = protocol=17 | dir=in | app=c:\users\tdw\appdata\local\akamai\netsession_win.exe |
"UDP Query User{76BA3753-1AE3-4DA8-A6E6-80A92A06F820}C:\program files\lolreplay\lolreplay.exe" = protocol=17 | dir=in | app=c:\program files\lolreplay\lolreplay.exe |
"UDP Query User{8520F0A2-71A8-431B-8311-227D4FC01AEC}C:\games\world_of_tanks\wotlauncher.exe" = protocol=17 | dir=in | app=c:\games\world_of_tanks\wotlauncher.exe |
"UDP Query User{852E557B-46DD-4778-ACC8-8D3BF8EF1584}C:\users\tdw\appdata\local\temp\hydcb5a.tmp.1471938581_permissionscopy\utorrent.exe" = protocol=17 | dir=in | app=c:\users\tdw\appdata\local\temp\hydcb5a.tmp.1471938581_permissionscopy\utorrent.exe |
"UDP Query User{8E734D45-C1B1-49C4-B5AA-1D6CE64CE0FB}C:\program files\condition zero\hl.exe" = protocol=17 | dir=in | app=c:\program files\condition zero\hl.exe |
"UDP Query User{9A1C9306-5A83-4503-805E-D98883250939}C:\ellina\maplestory\ellinia.exe" = protocol=17 | dir=in | app=c:\ellina\maplestory\ellinia.exe |
"UDP Query User{A168DDFE-C23D-4D8B-93FB-083E7157F8B2}C:\need for speed most wanted\need for speed most wanted\speed.exe" = protocol=17 | dir=in | app=c:\need for speed most wanted\need for speed most wanted\speed.exe |
"UDP Query User{A1CE00F9-AEA6-43C0-AE10-AF7F9CD9280A}C:\program files\counter-strike 1.6\hl.exe" = protocol=17 | dir=in | app=c:\program files\counter-strike 1.6\hl.exe |
"UDP Query User{A881EE44-AE2C-4231-A33D-509DD6716D7B}C:\counter strike\counter strike + condition zero\condition zero\czero.exe" = protocol=17 | dir=in | app=c:\counter strike\counter strike + condition zero\condition zero\czero.exe |
"UDP Query User{B1CE99B3-ACD0-454B-8191-780986CA869B}C:\program files\steam\steamapps\common\terraria\terrariaserver.exe" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\terraria\terrariaserver.exe |
"UDP Query User{B90E13BD-67CE-404C-83C9-A74ECF7D18F3}C:\program files\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe |
"UDP Query User{C82643D4-BF36-4E96-83D9-648813BFFE51}C:\program files\counter-strike 1.6\hltv.exe" = protocol=17 | dir=in | app=c:\program files\counter-strike 1.6\hltv.exe |
"UDP Query User{D04D3664-5A11-4B0A-858D-5C8B70B3EE17}C:\users\tdw\appdata\local\akamai\netsession_win.exe" = protocol=17 | dir=in | app=c:\users\tdw\appdata\local\akamai\netsession_win.exe |
"UDP Query User{DB16403F-9F6F-4F97-9FAD-07ADE92962F6}C:\program files\microsoft virtual pc\virtual pc.exe" = protocol=17 | dir=in | app=c:\program files\microsoft virtual pc\virtual pc.exe |
"UDP Query User{DF605539-BE6B-4221-A602-C72D7E3BDCB1}C:\program files\electronic arts\eadm\core.exe" = protocol=17 | dir=in | app=c:\program files\electronic arts\eadm\core.exe |
"UDP Query User{EA342DA3-A240-4A22-AD3C-41C59107A5CC}C:\program files\kol halashon\kol halashon download manager\khl download manager.exe" = protocol=17 | dir=in | app=c:\program files\kol halashon\kol halashon download manager\khl download manager.exe |
"UDP Query User{F1E6C7BD-F16E-4082-A773-0DD4C8A4C6AF}C:\users\user\appdata\local\akamai\netsession_win.exe" = protocol=17 | dir=in | app=c:\users\user\appdata\local\akamai\netsession_win.exe |
"UDP Query User{F35B8937-6947-4D0E-BF41-49182648257C}C:\program files\microsoft office\office14\groove.exe" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\groove.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{09DA5EE2-7E46-4DC4-96F9-BFEE50D40659}" = Citrix Online Launcher
"{1196038E-D257-43EA-9E64-097D4839A70E}_is1" = MapleGlobal version 0.03
"{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}" = Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{26A24AE4-039D-4CA4-87B4-2F83218031F0}" = Java 8 Update 31
"{2A842F3F-CE6D-3DFD-9ECB-9CC3C5150A67}" = Microsoft .NET Framework 4.7
"{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}" = Microsoft XNA Framework Redistributable 4.0
"{3215C938-0FCD-42C7-A221-51489CECA50C}_is1" = גלישה בטוחה version 4.16.13
"{3B983EFD-6E37-4AD9-9A7D-8C83E61674F7}" = Splashtop Connect IE
"{3DECD372-76A1-4483-BF10-B547790A3261}" = ON_OFF Charge B11.0110.1
"{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}" = Microsoft ASP.NET MVC 4 Runtime
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4DC59BF3-0D72-3CE8-BFEF-1E8FAF689EB0}" = Microsoft Visual Studio 2010 Tools for Office Runtime (x86)
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{5F189DF5-2D05-472B-9091-84D9848AE48B}{5837205}" = Browser faster
"{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}" = Google Update Helper
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{69BCE4AC-9572-3271-A2FB-9423BDA36A43}" = Microsoft Visual C++ 2015 x86 Additional Runtime - 14.0.24215
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{77463C86-BB3A-426E-A6C2-06B4D28C250F}" = Citrix Online Launcher
"{79BF4901-1EC4-4726-B3C2-A7859706C6E7}" = League of Legends
"{7B77622E-DE90-48EA-B2C7-227B1DE58A01}" = Adobe AIR
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{8A7CAA24-7B23-410B-A7C3-F994B0944160}" = Microsoft Virtual PC 2007
"{8F0CD7D1-42F3-4195-95CD-833578D45057}_is1" = Zemana AntiMalware
"{90120000-0070-0000-0000-4000000FF1CE}" = Microsoft Visual Basic for Applications 7.1 (x86)
"{90120000-00A4-0409-0000-0000000FF1CE}" = Microsoft Office 2003 Web Components
"{90140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0015-040D-0000-0000000FF1CE}" = Microsoft Office Access MUI (Hebrew) 2010
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0016-040D-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Hebrew) 2010
"{90140000-0017-040D-0000-0000000FF1CE}" = Microsoft Office SharePoint Designer MUI (Hebrew) 2010
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0018-040D-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Hebrew) 2010
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-0019-040D-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Hebrew) 2010
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001A-040D-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Hebrew) 2010
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001B-040D-0000-0000000FF1CE}" = Microsoft Office Word MUI (Hebrew) 2010
"{90140000-001F-0401-0000-0000000FF1CE}" = Microsoft Office Proof (Arabic) 2010
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040D-0000-0000000FF1CE}" = Microsoft Office Proof (Hebrew) 2010
"{90140000-001F-0419-0000-0000000FF1CE}" = Microsoft Office Proof (Russian) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-002C-040D-0000-0000000FF1CE}" = Microsoft Office Proofing (Hebrew) 2010
"{90140000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010
"{90140000-0044-040D-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (Hebrew) 2010
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-006E-040D-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Hebrew) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00A1-040D-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (Hebrew) 2010
"{90140000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010
"{90140000-00BA-040D-0000-0000000FF1CE}" = Microsoft Office Groove MUI (Hebrew) 2010
"{90140000-0100-040D-0000-0000000FF1CE}" = Microsoft Office O MUI (Hebrew) 2010
"{90140000-0101-040D-0000-0000000FF1CE}" = Microsoft Office X MUI (Hebrew) 2010
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033" = Microsoft .NET Framework 4.7
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{AC76BA86-0804-1033-1959-001824245926}" = Adobe Refresh Manager
"{AC76BA86-7AD7-1033-7B44-AC0F074E4100}" = Adobe Acrobat Reader DC
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Ansel" = NVIDIA Ansel
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Driver 388.13
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 388.13
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 388.13
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller Driver 352.65
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX System Software 9.15.0428
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 2.11.4.1
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_GFExperience.NvStreamSrv" = SHIELD Streaming
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD Audio Driver 1.3.35.1
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVDisplayContainer" = NVIDIA Display Container
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVDisplayContainerLS" = NVIDIA Display Container LS
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVDisplayPluginWatchdog" = NVIDIA Display Watchdog Plugin
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVDisplaySessionContainer" = NVIDIA Display Session Container
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_ShieldWirelessController" = SHIELD Wireless Controller Driver
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Update.Core" = NVIDIA Update Core
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_VirtualAudio.Driver" = NVIDIA Virtual Audio 1.2.40
"{BAB89D31-4C55-472B-8909-6CBE2CC276B1}" = Microsoft Visual Basic for Applications 7.1 (x86) English
"{BBF2AC74-720C-3CB3-8291-5E34039232FA}" = Microsoft Visual C++ 2015 x86 Minimum Runtime - 14.0.24215
"{ce085a78-074e-4823-8dc1-8a721b94b76d}" = Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005
"{D481EA96-2313-4A7C-98EE-710D1AF884AC}" = Microsoft Visual Studio 2005 Tools for Applications - ENU
"{DFBB738C-71D8-4DC5-B8D2-D65C37680E27}" = Etron USB3.0 Host Controller
"{e2803110-78b3-4664-a479-3611a381656a}" = Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215
"{EA2DB6E0-72C5-4ef9-A3A0-E6705F4A6A9E}" = Nexon Game Manager
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center
"{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}" = Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 28 ActiveX
"CCleaner" = CCleaner
"Counter-Strike 1.6" = Counter-Strike 1.6
"Google Chrome" = Google Chrome
"League of Legends 3.0.1" = League of Legends
"MapleStory" = MapleStory
"Microsoft Visual Studio 2005 Tools for Applications - ENU" = Microsoft Visual Studio 2005 Tools for Applications - ENU
"Microsoft Visual Studio 2010 Tools for Office Runtime (x86)" = Microsoft Visual Studio 2010 Tools for Office Runtime (x86)
"Nero - Burning Rom!UninstallKey" = Nero 6 Ultra Edition
"Nexon Nexon Launcher" = Nexon Launcher
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"Office14.OMUI.he-il" = Microsoft Office Language Pack 2010 - Hebrew עברית
"Office14.PROPLUS" = Microsoft Office Professional Plus 2010
"Popcorn Time_is1" = Popcorn Time
"S-161304646" = SK.Enhancer
"SP_ecec6af5" = SK.Helper 1.74
"VLC media player" = VLC media player
"VulkanRT1.0.61.0" = Vulkan Run Time Libraries 1.0.61.0
"WinRAR archiver" = WinRAR 4.11 (32-bit)

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 10-Jan-18 5:39:57 PM | Computer Name = user-PC | Source = WinMgmt | ID = 10
Description =

Error - 11-Jan-18 5:26:44 AM | Computer Name = user-PC | Source = WinMgmt | ID = 10
Description =

Error - 11-Jan-18 5:28:16 AM | Computer Name = user-PC | Source = WinMgmt | ID = 10
Description =

Error - 11-Jan-18 6:33:03 AM | Computer Name = user-PC | Source = Application Error | ID = 1000
Description = Faulting application name: LeagueClientUxRender.exe, version: 8.2.214.747,
time stamp: 0x5a55ab5f Faulting module name: LeagueClientUxRender.exe, version:
8.2.214.747, time stamp: 0x5a55ab5f Exception code: 0xc0000005 Fault offset: 0x00049001
Faulting
process id: 0xb3c Faulting application start time: 0x01d38abebd234a89 Faulting application
path: C:\Riot Games\PBE\PBE\RADS\projects\league_client\releases\0.0.1.107\deploy\LeagueClientUxRender.exe
Faulting
module path: C:\Riot Games\PBE\PBE\RADS\projects\league_client\releases\0.0.1.107\deploy\LeagueClientUxRender.exe
Report
Id: cd4fd339-f6ba-11e7-8eaa-50e549c049f3

Error - 13-Jan-18 7:18:00 AM | Computer Name = user-PC | Source = Application Error | ID = 1000
Description = Faulting application name: LeagueClientUxRender.exe, version: 8.2.214.4283,
time stamp: 0x5a58407f Faulting module name: libcef.dll, version: 3.2623.1397.0,
time stamp: 0x58a39fbe Exception code: 0xc0000005 Fault offset: 0x00206567 Faulting
process id: 0x1428 Faulting application start time: 0x01d38c5537cc83ad Faulting application
path: C:\Riot Games\PBE\PBE\RADS\projects\league_client\releases\0.0.1.109\deploy\LeagueClientUxRender.exe
Faulting
module path: C:\Riot Games\PBE\PBE\RADS\projects\league_client\releases\0.0.1.109\deploy\libcef.dll
Report
Id: 69cb2b8d-f853-11e7-8eaa-50e549c049f3

Error - 13-Jan-18 10:05:46 AM | Computer Name = user-PC | Source = Application Error | ID = 1000
Description = Faulting application name: Speed.exe, version: 0.0.0.0, time stamp:
0x438e4c8c Faulting module name: Speed.exe, version: 0.0.0.0, time stamp: 0x438e4c8c
Exception
code: 0x80000003 Fault offset: 0x003cd7c2 Faulting process id: 0x5dc Faulting application
start time: 0x01d38c75dd0b28d8 Faulting application path: C:\Need For Speed Most
Wanted\Need for Speed Most Wanted\Speed.exe Faulting module path: C:\Need For Speed
Most Wanted\Need for Speed Most Wanted\Speed.exe Report Id: d92fd9f2-f86a-11e7-8eaa-50e549c049f3

Error - 16-Jan-18 9:15:35 AM | Computer Name = user-PC | Source = WinMgmt | ID = 10
Description =

Error - 16-Jan-18 9:21:11 AM | Computer Name = user-PC | Source = WinMgmt | ID = 10
Description =

Error - 17-Jan-18 3:53:06 PM | Computer Name = user-PC | Source = WinMgmt | ID = 10
Description =

Error - 18-Jan-18 9:48:42 AM | Computer Name = user-PC | Source = WinMgmt | ID = 10
Description =

[ System Events ]
Error - 12-Jan-18 10:01:10 PM | Computer Name = user-PC | Source = volsnap | ID = 393251
Description = The shadow copies of volume C: were aborted because the shadow copy
storage failed to grow.

Error - 16-Jan-18 9:14:35 AM | Computer Name = user-PC | Source = Service Control Manager | ID = 7009
Description = A timeout was reached (30000 milliseconds) while waiting for the BUpdater
Windows Service service to connect.

Error - 16-Jan-18 9:14:35 AM | Computer Name = user-PC | Source = Service Control Manager | ID = 7000
Description = The BUpdater Windows Service service failed to start due to the following
error: %%1053

Error - 16-Jan-18 9:14:35 AM | Computer Name = user-PC | Source = Service Control Manager | ID = 7000
Description = The sbmntr service failed to start due to the following error: %%3

Error - 16-Jan-18 9:20:52 AM | Computer Name = user-PC | Source = Service Control Manager | ID = 7000
Description = The sbmntr service failed to start due to the following error: %%3

Error - 17-Jan-18 3:52:56 PM | Computer Name = user-PC | Source = Service Control Manager | ID = 7000
Description = The sbmntr service failed to start due to the following error: %%3

Error - 18-Jan-18 7:45:54 AM | Computer Name = user-PC | Source = Service Control Manager | ID = 7043
Description = The Diagnostics Tracking Service service did not shut down properly
after receiving a preshutdown control.

Error - 18-Jan-18 9:48:39 AM | Computer Name = user-PC | Source = Service Control Manager | ID = 7009
Description = A timeout was reached (30000 milliseconds) while waiting for the BUpdater
Windows Service service to connect.

Error - 18-Jan-18 9:48:39 AM | Computer Name = user-PC | Source = Service Control Manager | ID = 7000
Description = The BUpdater Windows Service service failed to start due to the following
error: %%1053

Error - 18-Jan-18 9:48:39 AM | Computer Name = user-PC | Source = Service Control Manager | ID = 7000
Description = The sbmntr service failed to start due to the following error: %%3


< End of report >

Re: Pomalý počítač po odstranění malware

Napsal: 18 led 2018 21:11
od Rudy
Spusťte znovu OTL jako správce a do bílého okna zkopírujte:
:OTL
DRV - [2018-01-17 21:39:58 | 000,181,496 | ---- | M] (Zemana Ltd.) [Kernel | System | Running] -- C:\Windows\System32\drivers\zam32.sys -- (ZAM)
DRV - [2018-01-17 21:39:57 | 000,181,496 | ---- | M] (Zemana Ltd.) [Kernel | System | Running] -- C:\Windows\System32\drivers\zamguard32.sys -- (ZAM_Guard)
IE - HKU\S-1-5-21-1390296456-3514786238-1037386279-1003\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTer ... 02&pc=UE10
IE - HKU\S-1-5-21-1390296456-3514786238-1037386279-1003\..\SearchScopes\{70839579-320E-4763-A420-8468514E4F69}: "URL" = http://www.bing.com/search?q={searchTer ... ORM=IESR02
O4 - HKLM..\Run: [ZAM] C:\Program Files\Zemana AntiMalware\ZAM.exe (Copyright 2017.)

:files
C:\Program Files\Zemana AntiMalware
C:\Windows\ZAM.krnl.trace
C:\Windows\ZAM_Guard.krnl.trace
C:\Users\Public\Desktop\Zemana AntiMalware.lnk
%windir%\system32\*.tmp.dll /s
%windir%\system32\SET*.tmp /s
%windir%\*.tmp

:commands
[EMPTYTEMP]
[EMPTYFLASH]
[RESETHOSTS]
[Purity]
[CreateRestorePoint]
Kliknete na Opravit a nechte program pracovat. Pri otazce na restart souhlaste.
Po restartu se objevi novy log, ten sem dejte.

Re: Pomalý počítač po odstranění malware

Napsal: 18 led 2018 21:28
od Cliché
All processes killed
========== OTL ==========
Error: Unable to stop service ZAM!
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ZAM deleted successfully.
C:\Windows\System32\drivers\zam32.sys moved successfully.
Service ZAM_Guard stopped successfully!
Service ZAM_Guard deleted successfully!
C:\Windows\System32\drivers\zamguard32.sys moved successfully.
Registry key HKEY_USERS\S-1-5-21-1390296456-3514786238-1037386279-1003\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_USERS\S-1-5-21-1390296456-3514786238-1037386279-1003\Software\Microsoft\Internet Explorer\SearchScopes\{70839579-320E-4763-A420-8468514E4F69}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{70839579-320E-4763-A420-8468514E4F69}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ZAM deleted successfully.
C:\Program Files\Zemana AntiMalware\ZAM.exe moved successfully.
========== FILES ==========
C:\Program Files\Zemana AntiMalware\res folder moved successfully.
C:\Program Files\Zemana AntiMalware\lang folder moved successfully.
C:\Program Files\Zemana AntiMalware folder moved successfully.
C:\Windows\ZAM.krnl.trace moved successfully.
C:\Windows\ZAM_Guard.krnl.trace moved successfully.
C:\Users\Public\Desktop\Zemana AntiMalware.lnk moved successfully.
File/Folder C:\Windows\system32\*.tmp.dll not found.
File/Folder C:\Windows\system32\SET*.tmp not found.
C:\Windows\msdownld.tmp folder moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public

User: TDW
->Temp folder emptied: 5309852 bytes
->Temporary Internet Files folder emptied: 388736 bytes
->Flash cache emptied: 296 bytes

User: user
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 16380 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 5.00 mb


[EMPTYFLASH]

User: Administrator

User: All Users

User: Default
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: Public

User: TDW
->Flash cache emptied: 0 bytes

User: user
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb

C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
Restore point Set: OTL Restore Point

OTL by OldTimer - Version 3.2.69.0 log created on 01182018_221913

Files\Folders moved on Reboot...
C:\Users\TDW\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

Re: Pomalý počítač po odstranění malware

Napsal: 18 led 2018 22:01
od Rudy
OK, smazáno. Nastala nějaká změna?

Re: Pomalý počítač po odstranění malware

Napsal: 20 led 2018 17:09
od Cliché
Situace se zlepšila a počítač se již náhodně nerestartuje a též se spouští rychleji. Děkuji za pomoc!

Re: Pomalý počítač po odstranění malware

Napsal: 20 led 2018 17:35
od Rudy
To jsem rád. Nemáte zač! :)
Všechny časy jsou v UTC+01:00
Stránka 1 z 1

Založeno na phpBB® Forum Software © phpBB Limited

Český překlad – phpBB.cz