Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Someone is constantly hacking my pc


  • This topic is locked This topic is locked
14 replies to this topic

#1 Lior77

Lior77

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:05:04 AM

Posted 04 February 2017 - 03:12 PM

I know it sounds weird, but some bad ppls I know are hacking my pc , i need your big help ,

I'm starting to think they have more than one method , maybe hardware one too.

My pc is connected to smart sony tv which is connected to cables too, and they hacked it somehow.

I think maybe they put some kind of sniffer or they just stream my screen to spy.

my hard-drive works too much and i get network lags sometimes.

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 29-01-2017
Ran by Lior (administrator) on MYPC (04-02-2017 20:00:34)
Running from C:\Users\Lior\Downloads
Loaded Profiles: Lior (Available Profiles: Lior)
Platform: Windows 7 Ultimate Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Opera)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(IObit) C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe
(SurfRight B.V.) C:\Program Files\HitmanPro\hmpsched.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\nvwirelesscontroller.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae64.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe
(Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
(IObit) C:\Program Files (x86)\IObit\IObit Malware Fighter\Pub\PubMonitor.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(IObit) C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFTips.exe
(Copyright 2017.) C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe
(Opera Software) C:\Program Files (x86)\Opera\42.0.2393.517\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\42.0.2393.517\opera_crashreporter.exe
(Opera Software) C:\Program Files (x86)\Opera\42.0.2393.517\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\42.0.2393.517\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\42.0.2393.517\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\42.0.2393.517\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\42.0.2393.517\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\42.0.2393.517\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\42.0.2393.517\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\42.0.2393.517\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\42.0.2393.517\opera.exe
() E:\Riot Games\League of Legends\RADS\projects\league_client\releases\0.0.0.49\deploy\LeagueClient.exe
() E:\Riot Games\League of Legends\RADS\projects\league_client\releases\0.0.0.49\deploy\LeagueClientUx.exe
() E:\Riot Games\League of Legends\RADS\projects\league_client\releases\0.0.0.49\deploy\LeagueClientUxHelper.exe
() E:\Riot Games\League of Legends\RADS\projects\league_client\releases\0.0.0.49\deploy\LeagueClientUxHelper.exe
(Comodo Inc.) C:\Program Files (x86)\Comodo\IceDragon\icedragon.exe
(Mozilla Corporation) C:\Program Files (x86)\Comodo\IceDragon\plugin-container.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [egui] => C:\Program Files\ESET\ESET Antivirus\egui.exe [5595848 2015-07-08] (ESET)
HKLM\...\Run: [ZAM] => C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe [14416624 2017-02-02] (Copyright 2017.)
HKLM-x32\...\Run: [IObit Malware Fighter] => C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF.exe [6004512 2017-01-11] (IObit)
HKLM\...\Policies\Explorer: [NoCDBurning] 1
HKU\S-1-5-21-581670727-4019475661-898612434-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8591272 2015-11-16] (Piriform Ltd)
HKU\S-1-5-21-581670727-4019475661-898612434-1000\...\Run: [CCleaner] => C:\Program Files\CCleaner\CCleaner64.exe [8591272 2015-11-16] (Piriform Ltd)
HKU\S-1-5-21-581670727-4019475661-898612434-1000\...\MountPoints2: {b6d83d50-a088-11e6-88d9-806e6f6e6963} - G:\ASRSetup.exe
HKU\S-1-5-21-581670727-4019475661-898612434-1000\...\MountPoints2: {c271a7c2-d59e-11e6-ab3b-d050992cb09e} - V:\Setup.exe
HKU\S-1-5-21-581670727-4019475661-898612434-1000\...\MountPoints2: {eec73ace-a782-11e6-b943-806e6f6e6963} - G:\ASRSetup.exe
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 8.8.8.8 8.8.4.4
Tcpip\..\Interfaces\{098C91C9-0029-4471-B018-56D540A4D5F2}: [DhcpNameServer] 8.8.8.8 8.8.4.4

Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2017-01-05] (Microsoft Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2017-01-02] (AVAST Software)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\URLREDIR.DLL [2017-01-05] (Microsoft Corporation)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll [2017-01-05] (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\ssv.dll [2016-11-10] (Oracle Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\root\Office16\URLREDIR.DLL [2017-01-05] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\jp2ssv.dll [2016-11-10] (Oracle Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-01-05] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-01-05] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-01-05] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-01-05] (Microsoft Corporation)

FireFox:
========
FF DefaultProfile: j098rdn4.default
FF DefaultProfile: zs33fp6t.default
FF ProfilePath: C:\Users\Lior\AppData\Roaming\Mozilla\Firefox\Profiles\j098rdn4.default [2017-02-04]
FF NetworkProxy: Mozilla\Firefox\Profiles\j098rdn4.default -> proxy_over_tls", false
FF NetworkProxy: Mozilla\Firefox\Profiles\j098rdn4.default -> type", 0
FF Extension: (Ghostery) - C:\Users\Lior\AppData\Roaming\Mozilla\Firefox\Profiles\j098rdn4.default\Extensions\firefox@ghostery.com.xpi [2017-01-04]
FF Extension: (ZenMate Security, Privacy & Unblock VPN) - C:\Users\Lior\AppData\Roaming\Mozilla\Firefox\Profiles\j098rdn4.default\Extensions\firefox@zenmate.com.xpi [2017-01-01]
FF Extension: (DuckDuckGo Plus) - C:\Users\Lior\AppData\Roaming\Mozilla\Firefox\Profiles\j098rdn4.default\Extensions\jid1-ZAdIEUB7XOzOJw@jetpack.xpi [2017-01-03]
FF Extension: (LastPass) - C:\Users\Lior\AppData\Roaming\Mozilla\Firefox\Profiles\j098rdn4.default\Extensions\support@lastpass.com [2017-01-04]
FF Extension: (Google Analytics Opt-out Browser Add-on) - C:\Users\Lior\AppData\Roaming\Mozilla\Firefox\Profiles\j098rdn4.default\Extensions\{6d96bb5e-1175-4ebf-8ab5-5f56f1c79f65}.xpi [2017-01-04]
FF ProfilePath: C:\Users\Lior\AppData\Roaming\Comodo\IceDragon\Profiles\zs33fp6t.default [2017-02-04]
FF DefaultSearchEngine: Comodo\IceDragon\Profiles\zs33fp6t.default -> Google
FF Homepage: Comodo\IceDragon\Profiles\zs33fp6t.default -> hxxps://www.google.com/
FF NetworkProxy: Comodo\IceDragon\Profiles\zs33fp6t.default -> autoconfig_url", "data:text/plain, function FindProxyForURL(url, host) {if(isInNet(host, '192.168.0.0', '255.255.0.0')) return 'DIRECT'; \nif(host == 'us1-base.cd-n.net') return 'DIRECT'; \nif(host == 'us2-base.cd-n.net') return 'DIRECT'; \nif(host == 'us3-base.cd-n.net') return 'DIRECT'; \nif(host == 'jp1-base.cd-n.net') return 'DIRECT'; \nif(host == 'de1-base.cd-n.net') return 'DIRECT'; \nif(host == 'au1-base.cd-n.net') return 'DIRECT'; \nif(host == 'ir1-base.cd-n.net') return 'DIRECT'; \nif(host == 'sg1-base.cd-n.net') return 'DIRECT'; \nif(host == 'kr1-base.cd-n.net') return 'DIRECT'; \nif(host == '127.0.0.1') return 'DIRECT'; \nif(host == 'localhost') return 'DIRECT'; \nif(host == 'de1-base.cd-n.net') return 'DIRECT'; \nreturn 'HTTPS guxdcmbqfyzdknboge4doizrgq4dimbzgi4dama.cd-n.net:443';}"
FF NetworkProxy: Comodo\IceDragon\Profiles\zs33fp6t.default -> type", 0
FF Extension: (Hoxx VPN Proxy) - C:\Users\Lior\AppData\Roaming\Comodo\IceDragon\Profiles\zs33fp6t.default\Extensions\@hoxx-vpn.xpi [2017-01-11]
FF Extension: (Firefox Hotfix) - C:\Users\Lior\AppData\Roaming\Comodo\IceDragon\Profiles\zs33fp6t.default\Extensions\firefox-hotfix@mozilla.org.xpi [2017-01-11]
FF Extension: (HTTPS Everywhere) - C:\Users\Lior\AppData\Roaming\Comodo\IceDragon\Profiles\zs33fp6t.default\Extensions\https-everywhere@eff.org.xpi [2017-02-01]
FF Extension: (360 Internet Protection) - C:\Users\Lior\AppData\Roaming\Comodo\IceDragon\Profiles\zs33fp6t.default\Extensions\WebProtection@360safe.com [2017-01-15]
FF Extension: (COMODO SecureBox) - C:\Program Files (x86)\Comodo\IceDragon\browser\features\@csb [2017-01-12] [not signed]
FF Extension: (DragAndDrop) - C:\Program Files (x86)\Comodo\IceDragon\browser\features\DnD@comodo.com [2017-01-12] [not signed]
FF Plugin-x32: @java.com/DTPlugin,version=11.111.2 -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\dtplugin\npDeployJava1.dll [2016-11-10] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.111.2 -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\plugin2\npjp2.dll [2016-11-10] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2017-01-05] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2017-01-05] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2016-09-17] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2016-09-17] (NVIDIA Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2015-09-24] (Adobe Systems Inc.)

Opera:
=======
OPR Extension: (Ghostery) - C:\Users\Lior\AppData\Roaming\Opera Software\Opera Stable\Extensions\bbkekonodcdmedgffkkbgmnnekbainbg [2017-01-14]
OPR Extension: (360 Internet Protection) - C:\Users\Lior\AppData\Roaming\Opera Software\Opera Stable\Extensions\cnpeghmjdfdmneiljeibjnemfdkojdhl [2017-01-25]
OPR Extension: (Ghostery) - C:\Users\Lior\AppData\Roaming\Opera Software\Opera Stable\Extensions\eenddkdfifnnmgbohackpefaggccbcgp [2017-01-16]
OPR Extension: (No-Script Suite Lite) - C:\Users\Lior\AppData\Roaming\Opera Software\Opera Stable\Extensions\ipiopppcaojnchgoepoemlbdccogeije [2017-02-03]
OPR Extension: (History Eraser) - C:\Users\Lior\AppData\Roaming\Opera Software\Opera Stable\Extensions\lfpoajlbkhlfoeeokbppmecpplmieedm [2017-01-16]

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [3699904 2016-12-28] (Microsoft Corporation)
S3 EaseUS Agent; C:\Program Files (x86)\EaseUS\Todo Backup\bin\Agent.exe [39616 2016-12-06] (CHENGDU YIWO Tech Development Co., Ltd)
S3 ekrn; C:\Program Files\ESET\ESET Antivirus\x86\ekrn.exe [1353720 2015-07-08] (ESET)
R2 HitmanProScheduler; C:\Program Files\HitmanPro\hmpsched.exe [135496 2016-12-28] (SurfRight B.V.)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [15720 2013-11-21] (Intel Corporation)
S3 IceDragonUpdater; C:\Program Files (x86)\Comodo\IceDragon\icedragon_updater.exe [4295320 2016-12-20] ()
R2 IMFservice; C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe [1740576 2017-01-10] (IObit)
S2 LiveUpdateSvc; C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [3046688 2016-12-16] (IObit)
R2 MbaeSvc; C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe [155088 2016-12-14] (Malwarebytes Corporation)
R2 NvContainerLocalSystem; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [458296 2016-10-25] (NVIDIA Corporation)
S3 NvContainerNetworkService; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [458296 2016-10-25] (NVIDIA Corporation)
R2 NVIDIA Wireless Controller Service; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\nvwirelesscontroller.exe [1165368 2016-10-25] (NVIDIA Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
R2 ZAMSvc; C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe [14416624 2017-02-02] (Copyright 2017.)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 AsrDrv101; C:\Windows\SysWOW64\Drivers\AsrDrv101.sys [22280 2016-11-10] (ASRock Incorporation)
R0 AsrRamDisk; C:\Windows\System32\DRIVERS\AsrRamDisk.sys [40200 2013-08-02] (ASRock Inc.)
R1 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [255240 2015-07-13] (ESET)
U5 edevmon; C:\Windows\System32\Drivers\edevmon.sys [251632 2015-07-13] (ESET)
R1 ehdrv; C:\Windows\System32\DRIVERS\ehdrv.sys [178520 2015-07-13] (ESET)
R2 epfwwfpr; C:\Windows\System32\DRIVERS\epfwwfpr.sys [168208 2015-07-13] (ESET)
S3 ESETCleanersDriver; C:\Windows\system32\Drivers\ESETCleanersDriver.sys [170280 2017-01-29] (ESET)
R1 ESProtectionDriver; C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae64.sys [77408 2016-12-14] ()
R0 EUBKMON; C:\Windows\System32\drivers\EUBKMON.sys [53240 2016-12-06] ()
R1 HWiNFO32; C:\Windows\SysWOW64\drivers\HWiNFO64A.SYS [27552 2017-02-03] (REALiX™)
R0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [28008 2013-11-21] (Intel Corporation)
S4 IMFFilter; C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\IMFFilter.sys [22208 2016-12-16] (IObit)
R3 MEIx64; C:\Windows\System32\DRIVERS\TeeDriverx64.sys [99288 2013-09-16] (Intel Corporation)
S3 netr28ux; C:\Windows\System32\DRIVERS\netr28ux.sys [2251576 2016-08-12] (MediaTek Inc.)
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [29240 2016-10-25] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [47672 2016-10-25] (NVIDIA Corporation)
S3 pwftap; C:\Windows\System32\DRIVERS\pwftap.sys [36736 2016-12-13] (The OpenVPN Project)
R2 RealWoW60; C:\Windows\System32\DRIVERS\RealWoW60.sys [39640 2014-03-06] (Windows ® Codename Longhorn DDK provider)
R3 RegFilter; C:\Program Files (x86)\IObit\IObit Malware Fighter\drivers\win7_amd64\regfilter.sys [34848 2016-12-16] (IObit.com)
S3 taphss6; C:\Windows\System32\DRIVERS\taphss6.sys [42064 2016-12-16] (Anchorfree Inc.)
R1 ZAM; C:\Windows\System32\drivers\zam64.sys [203680 2017-01-30] (Zemana Ltd.)
R1 ZAM_Guard; C:\Windows\System32\drivers\zamguard64.sys [203680 2017-01-30] (Zemana Ltd.)
U0 aswVmm; no ImagePath
S2 MBAMChameleon; \SystemRoot\system32\drivers\MBAMChameleon.sys [X]
S3 MBAMFarflt; \??\C:\Windows\system32\drivers\farflt.sys [X]
S3 MBAMProtection; \??\C:\Windows\system32\drivers\mbam.sys [X]
S3 MBAMWebProtection; \??\C:\Windows\system32\drivers\mwac.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-02-04 20:00 - 2017-02-04 20:00 - 00017158 _____ C:\Users\Lior\Downloads\FRST.txt
2017-02-04 20:00 - 2017-02-04 20:00 - 00000000 ____D C:\FRST
2017-02-04 19:59 - 2017-02-04 19:59 - 02420736 _____ (Farbar) C:\Users\Lior\Downloads\FRST64.exe
2017-02-04 19:35 - 2017-02-04 19:35 - 00758912 _____ (ESET) C:\Users\Lior\Desktop\esetuninstaller.exe
2017-02-04 19:32 - 2017-02-04 19:32 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Zemana AntiMalware
2017-02-03 01:47 - 2017-02-03 01:47 - 00027552 _____ (REALiX™) C:\Windows\SysWOW64\Drivers\HWiNFO64A.SYS
2017-02-03 01:47 - 2017-02-03 01:47 - 00002892 _____ C:\Windows\System32\Tasks\Uninstaller_Install_Lior
2017-02-03 01:47 - 2017-02-03 01:47 - 00002187 _____ C:\Users\Public\Desktop\IObit Uninstaller.lnk
2017-02-03 01:47 - 2017-02-03 01:47 - 00000000 ____D C:\Windows\Tasks\ImCleanDisabled
2017-02-03 01:47 - 2017-02-03 01:47 - 00000000 ____D C:\Windows\IObit
2017-02-03 01:47 - 2017-02-03 01:47 - 00000000 ____D C:\ProgramData\{74E9F814-C737-42CC-B721-DBBC4059367A}
2017-02-03 01:47 - 2016-03-25 14:33 - 00128288 _____ (IObit) C:\Windows\system32\IObitSmartDefragExtension.dll
2017-02-03 01:47 - 2016-03-22 11:02 - 00036288 _____ (IObit) C:\Windows\system32\SmartDefragBootTime.exe
2017-02-03 01:30 - 2017-02-03 01:30 - 03232047 _____ C:\Users\Lior\Downloads\ipscan-3.5.1-setup.exe
2017-02-03 01:30 - 2017-02-03 01:30 - 02462623 _____ () C:\Users\Lior\Downloads\ipscan-win64-3.5.1.exe
2017-02-03 01:30 - 2017-02-03 01:30 - 00000000 ____D C:\Users\Lior\.swt
2017-02-03 00:03 - 2017-02-03 00:03 - 00000037 _____ C:\Users\Lior\Desktop\New Text Document.txt
2017-02-02 00:16 - 2017-02-02 00:16 - 00028896 _____ C:\Users\Lior\Downloads\Copy of כולל תלוש דמש(1).xlsx
2017-02-02 00:15 - 2017-02-02 00:15 - 00109066 _____ C:\Users\Lior\Downloads\Copy of כולל תלוש דמש.xlsx
2017-02-01 23:57 - 2017-02-01 23:57 - 00019005 _____ C:\Users\Lior\Downloads\כולל תלוש דמש - דמ_ש .csv
2017-02-01 22:06 - 2017-02-01 22:06 - 00559985 _____ C:\Users\Lior\Downloads\דוח סוף חודש דצמבר 16.xlsx.xlsx
2017-01-30 23:58 - 2017-02-04 20:00 - 00096378 _____ C:\Windows\ZAM.krnl.trace
2017-01-30 23:58 - 2017-02-04 20:00 - 00059561 _____ C:\Windows\ZAM_Guard.krnl.trace
2017-01-30 23:58 - 2017-02-04 19:32 - 00001076 _____ C:\Users\Public\Desktop\Zemana AntiMalware.lnk
2017-01-30 23:58 - 2017-02-04 19:32 - 00000000 ____D C:\Program Files (x86)\Zemana AntiMalware
2017-01-30 23:58 - 2017-01-30 23:59 - 00203680 _____ (Zemana Ltd.) C:\Windows\system32\Drivers\zamguard64.sys
2017-01-30 23:58 - 2017-01-30 23:59 - 00203680 _____ (Zemana Ltd.) C:\Windows\system32\Drivers\zam64.sys
2017-01-30 23:58 - 2017-01-30 23:58 - 00000000 ____D C:\Users\Lior\AppData\Local\Zemana
2017-01-29 09:34 - 2017-01-29 09:34 - 00000000 ____D C:\Users\Lior\AppData\Roaming\ProductData
2017-01-29 09:33 - 2017-02-04 19:30 - 00000000 ____D C:\ProgramData\ProductData
2017-01-29 09:33 - 2017-02-04 19:30 - 00000000 ____D C:\Program Files (x86)\IObit
2017-01-29 09:33 - 2017-02-04 19:29 - 00000000 ____D C:\ProgramData\IObit
2017-01-29 09:33 - 2017-02-03 01:47 - 00000000 ____D C:\Users\Lior\AppData\Roaming\IObit
2017-01-29 09:33 - 2017-02-03 01:47 - 00000000 ____D C:\Users\Lior\AppData\LocalLow\IObit
2017-01-29 09:33 - 2017-01-29 09:33 - 00001173 _____ C:\Users\Public\Desktop\IObit Malware Fighter.lnk
2017-01-29 09:33 - 2017-01-29 09:33 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IObit Malware Fighter
2017-01-29 09:33 - 2017-01-29 09:33 - 00000000 ____D C:\ProgramData\{BE2ACE5C-32B7-4777-9BDF-ECF87CDAB705}
2017-01-29 09:31 - 2017-01-29 09:33 - 46510120 _____ (IObit ) C:\Users\Lior\Downloads\IObit-Malware-Fighter-Setup.exe
2017-01-29 09:31 - 2017-01-29 09:31 - 55566792 _____ (Malwarebytes ) C:\Users\Lior\Downloads\mb3-setup-consumer-3.0.6.1469.exe
2017-01-29 09:25 - 2017-01-29 09:25 - 00170280 _____ (ESET) C:\Windows\system32\Drivers\ESETCleanersDriver.sys
2017-01-29 09:24 - 2017-01-29 09:24 - 03138176 _____ (ESET) C:\Users\Lior\Desktop\eset_nod32_antivirus_live_installer.exe
2017-01-29 09:20 - 2017-01-29 09:20 - 11646112 _____ (ESET) C:\Users\Lior\Desktop\avremover_nt64_enu.exe
2017-01-25 07:21 - 2017-01-25 07:21 - 00040358 _____ C:\Users\Lior\Documents\cc_20170125_072148.reg
2017-01-25 07:17 - 2017-01-25 07:19 - 00000000 ____D C:\Program Files\CCleaner
2017-01-25 07:17 - 2017-01-25 07:17 - 00002780 _____ C:\Windows\System32\Tasks\CCleanerSkipUAC
2017-01-25 07:17 - 2017-01-25 07:17 - 00000822 _____ C:\Users\Public\Desktop\CCleaner.lnk
2017-01-25 07:17 - 2017-01-25 07:17 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2017-01-25 00:41 - 2017-01-25 00:44 - 00000000 ____D C:\Users\Lior\Doctor Web
2017-01-24 17:39 - 2017-01-25 07:11 - 00000000 ____D C:\Program Files (x86)\Trend Micro
2017-01-24 17:39 - 2017-01-25 06:59 - 00000000 ____D C:\Program Files\WinPcap
2017-01-24 17:38 - 2017-01-24 17:38 - 00907614 _____ C:\Users\Lior\AppData\Local\ars.cache
2017-01-24 17:38 - 2017-01-24 17:38 - 00847810 _____ C:\Users\Lior\AppData\Local\census.cache
2017-01-24 17:38 - 2017-01-24 17:38 - 00000010 _____ C:\Users\Lior\AppData\Local\sponge.last.runtime.cache
2017-01-24 17:32 - 2017-01-24 17:32 - 00000000 ____D C:\Windows\Trend Micro
2017-01-24 17:30 - 2017-01-24 17:32 - 147601344 _____ C:\Users\Lior\Desktop\cureit.exe
2017-01-24 17:30 - 2017-01-24 17:30 - 02527376 _____ (Trend Micro Inc.) C:\Users\Lior\Desktop\HousecallLauncher64.exe
2017-01-24 17:30 - 2017-01-24 17:30 - 00000036 _____ C:\Users\Lior\AppData\Local\housecall.guid.cache
2017-01-24 17:30 - 2016-08-22 21:20 - 00332512 _____ (Trend Micro Inc.) C:\Windows\system32\Drivers\tmcomm.sys
2017-01-23 14:27 - 2017-01-23 14:27 - 00000000 ____D C:\ProgramData\SWCUTemp
2017-01-23 13:36 - 2017-01-23 13:36 - 00003288 ____N C:\bootsqm.dat
2017-01-23 13:34 - 2017-01-23 13:34 - 00001743 _____ C:\Users\Lior\AppData\Local\recently-used.xbel
2017-01-23 13:30 - 2017-01-23 13:33 - 00000000 ____D C:\ProgramData\SecTaskMan
2017-01-23 13:27 - 2017-01-23 13:27 - 00009627 _____ C:\Users\Lior\Desktop\1.xml
2017-01-23 12:23 - 2017-01-23 12:23 - 27078904 _____ (Insecure.org) C:\Users\Lior\Downloads\nmap-7.40-setup.exe
2017-01-23 00:44 - 2017-01-23 00:44 - 00000000 ____D C:\Users\Lior\Downloads\New folder
2017-01-23 00:43 - 2017-01-23 00:43 - 00138968 _____ C:\Users\Lior\Downloads\עדכון מוטבים.pdf
2017-01-23 00:34 - 2017-01-23 00:34 - 00555119 _____ C:\Users\Lior\Downloads\noscript_security_suite-2.9.5.3-fx+sm.xpi
2017-01-22 22:42 - 2017-01-22 22:42 - 00000000 ____D C:\Users\Lior\AppData\Roaming\Curiolab
2017-01-22 22:41 - 2017-01-22 22:41 - 15637544 _____ (CURIOLAB S.M.B.A.) C:\Users\Lior\Downloads\ExterminateItSetup.exe
2017-01-22 21:57 - 2017-01-22 21:57 - 06547360 _____ C:\Users\Lior\Downloads\attachments (1).zip
2017-01-22 21:57 - 2017-01-22 21:57 - 00000000 ____D C:\Users\Lior\Downloads\attachments (1)
2017-01-21 21:24 - 2017-01-21 21:24 - 00469472 _____ C:\Windows\system32\FNTCACHE.DAT
2017-01-18 15:40 - 2017-01-18 15:40 - 00230980 _____ C:\Users\Lior\Downloads\ביטול כרטיס.pdf
2017-01-17 09:46 - 2017-01-17 09:46 - 00126944 _____ C:\Users\Lior\AppData\Local\GDIPFONTCACHEV1.DAT
2017-01-16 19:17 - 2015-12-11 20:57 - 01164800 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2017-01-16 19:17 - 2015-11-16 22:17 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2017-01-16 08:03 - 2017-01-16 08:03 - 00001887 _____ C:\Users\Lior\Desktop\1.cmd
2017-01-16 07:39 - 2017-01-16 07:39 - 03988944 _____ C:\Users\Lior\Downloads\adwcleaner_6.042.exe
2017-01-16 06:48 - 2017-01-16 06:48 - 00000000 _____ C:\autoexec.bat
2017-01-16 06:47 - 2017-01-16 06:47 - 03516080 _____ (Enigma Software Group USA, LLC.) C:\Users\Lior\Downloads\SpyHunter-Installer.exe
2017-01-15 23:39 - 2016-12-13 10:50 - 00036736 _____ (The OpenVPN Project) C:\Windows\system32\Drivers\pwftap.sys
2017-01-15 22:58 - 2015-01-07 05:15 - 00104896 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mup.sys
2017-01-15 22:58 - 2015-01-07 03:49 - 00310272 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdbss.sys
2017-01-15 22:56 - 2017-01-16 07:42 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
2017-01-15 22:56 - 2017-01-15 22:56 - 00002019 _____ C:\Users\Public\Desktop\Adobe Reader X.lnk
2017-01-15 22:56 - 2017-01-15 22:56 - 00000000 ____D C:\Users\Default\AppData\Roaming\Macromedia
2017-01-15 22:56 - 2017-01-15 22:56 - 00000000 ____D C:\Users\Default User\AppData\Roaming\Macromedia
2017-01-15 22:56 - 2013-09-12 04:26 - 01098752 _____ (Microsoft Corporation) C:\Windows\system32\sppobjs.dll
2017-01-15 22:56 - 2013-09-12 04:15 - 04357632 _____ (Microsoft Corporation) C:\Windows\system32\sppsvc.exe
2017-01-15 22:46 - 2017-01-25 07:01 - 00000000 ____D C:\ProgramData\360Quarant
2017-01-15 22:45 - 2017-01-25 07:11 - 00000000 ____D C:\Program Files (x86)\360
2017-01-15 22:45 - 2017-01-15 23:20 - 00000000 ____D C:\Windows\Tasks\360Disabled
2017-01-15 22:45 - 2016-12-30 09:22 - 00086248 _____ (360.cn) C:\Windows\SysWOW64\Drivers\360AvFlt.sys
2017-01-15 22:44 - 2017-01-15 22:44 - 50312112 _____ C:\Users\Lior\Downloads\360TS_Setup.exe
2017-01-15 22:44 - 2017-01-15 22:44 - 01418664 _____ (QIHU 360 SOFTWARE CO. LIMITED) C:\Users\Lior\Downloads\360TS_Setup_Mini.exe
2017-01-15 15:02 - 2017-01-15 15:20 - 1810169856 _____ C:\Users\Lior\Downloads\linuxmint-18.1-cinnamon-64bit.iso
2017-01-14 19:01 - 2017-01-28 19:56 - 00003826 _____ C:\Windows\System32\Tasks\Opera scheduled Autoupdate 1484413310
2017-01-14 19:01 - 2017-01-28 19:56 - 00000000 ____D C:\Program Files (x86)\Opera
2017-01-14 19:01 - 2017-01-14 19:01 - 00001135 _____ C:\Users\Public\Desktop\Opera.lnk
2017-01-14 19:01 - 2017-01-14 19:01 - 00001135 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk
2017-01-14 19:01 - 2017-01-14 19:01 - 00000000 ____D C:\Users\Lior\AppData\Roaming\Opera Software
2017-01-14 19:01 - 2017-01-14 19:01 - 00000000 ____D C:\Users\Lior\AppData\Local\Opera Software
2017-01-14 19:00 - 2017-01-14 19:00 - 01131672 _____ (Opera Software) C:\Users\Lior\Downloads\OperaSetup.exe
2017-01-11 23:31 - 2017-01-12 23:15 - 00001062 _____ C:\Users\Public\Desktop\Comodo IceDragon.lnk
2017-01-11 23:31 - 2017-01-11 23:31 - 00000000 ____D C:\Users\Lior\AppData\Roaming\IceDragon
2017-01-11 23:31 - 2017-01-11 23:31 - 00000000 ____D C:\Users\Lior\AppData\Roaming\Comodo
2017-01-11 23:31 - 2017-01-11 23:31 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Comodo
2017-01-11 22:44 - 2017-01-11 22:46 - 53489464 _____ (COMODO) C:\Users\Lior\Desktop\icedragonsetup.exe
2017-01-11 15:15 - 2017-01-11 15:15 - 00001331 _____ C:\Users\Public\Desktop\EaseUS Todo Backup Free 10.0.lnk
2017-01-11 15:15 - 2017-01-11 15:15 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EaseUS Todo Backup 10.0
2017-01-11 15:15 - 2016-12-06 02:45 - 00197624 _____ (CHENGDU YIWO Tech Development Co., Ltd) C:\Windows\system32\Drivers\EuFdDisk.sys
2017-01-11 15:15 - 2016-12-06 02:45 - 00066040 _____ (CHENGDU YIWO Tech Development Co., Ltd) C:\Windows\system32\Drivers\eubakup.sys
2017-01-11 15:15 - 2016-12-06 02:45 - 00053240 _____ C:\Windows\system32\Drivers\EUBKMON.sys
2017-01-11 15:15 - 2016-12-06 02:45 - 00023544 _____ (CHENGDU YIWO Tech Development Co., Ltd) C:\Windows\system32\Drivers\eudskacs.sys
2017-01-11 15:14 - 2017-01-11 15:14 - 00000000 ____D C:\Program Files (x86)\EaseUS
2017-01-11 15:14 - 2016-12-06 02:46 - 00026304 _____ (CHENGDU YIWO Tech Development Co., Ltd) C:\Windows\system32\fbnative.exe
2017-01-11 15:12 - 2017-01-11 15:14 - 120323880 _____ (CHENGDU YIWO Tech Development Co., Ltd ) C:\Users\Lior\Desktop\tb_free.exe
2017-01-11 15:02 - 2016-12-28 00:17 - 00353976 _____ (COMODO) C:\ProgramData\cmdres.dll
2017-01-11 10:02 - 2017-01-11 10:02 - 00001147 _____ C:\Users\Lior\Desktop\Security Task Manager.lnk
2017-01-10 22:59 - 2017-01-05 20:55 - 00154856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2017-01-10 22:59 - 2017-01-05 20:55 - 00095464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2017-01-10 22:59 - 2017-01-05 20:52 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2017-01-10 22:59 - 2017-01-05 20:52 - 01212928 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2017-01-10 22:59 - 2017-01-05 20:52 - 00730624 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2017-01-10 22:59 - 2017-01-05 20:52 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2017-01-10 22:59 - 2017-01-05 20:52 - 00463872 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2017-01-10 22:59 - 2017-01-05 20:52 - 00345600 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2017-01-10 22:59 - 2017-01-05 20:52 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2017-01-10 22:59 - 2017-01-05 20:52 - 00312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2017-01-10 22:59 - 2017-01-05 20:52 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2017-01-10 22:59 - 2017-01-05 20:52 - 00190464 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
2017-01-10 22:59 - 2017-01-05 20:52 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2017-01-10 22:59 - 2017-01-05 20:52 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2017-01-10 22:59 - 2017-01-05 20:52 - 00123904 _____ (Microsoft Corporation) C:\Windows\system32\bcrypt.dll
2017-01-10 22:59 - 2017-01-05 20:52 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2017-01-10 22:59 - 2017-01-05 20:52 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2017-01-10 22:59 - 2017-01-05 20:52 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2017-01-10 22:59 - 2017-01-05 20:52 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2017-01-10 22:59 - 2017-01-05 20:52 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2017-01-10 22:59 - 2017-01-05 20:52 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2017-01-10 22:59 - 2017-01-05 19:43 - 00666112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2017-01-10 22:59 - 2017-01-05 19:43 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2017-01-10 22:59 - 2017-01-05 19:43 - 00342528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2017-01-10 22:59 - 2017-01-05 19:43 - 00261120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2017-01-10 22:59 - 2017-01-05 19:43 - 00254464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2017-01-10 22:59 - 2017-01-05 19:43 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2017-01-10 22:59 - 2017-01-05 19:43 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2017-01-10 22:59 - 2017-01-05 19:43 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2017-01-10 22:59 - 2017-01-05 19:43 - 00141312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpchttp.dll
2017-01-10 22:59 - 2017-01-05 19:43 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2017-01-10 22:59 - 2017-01-05 19:43 - 00082944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bcrypt.dll
2017-01-10 22:59 - 2017-01-05 19:43 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2017-01-10 22:59 - 2017-01-05 19:43 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2017-01-10 22:59 - 2017-01-05 19:43 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2017-01-10 22:59 - 2017-01-05 19:43 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2017-01-10 22:59 - 2017-01-05 19:42 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2017-01-10 22:59 - 2017-01-05 19:32 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2017-01-10 22:59 - 2017-01-05 19:25 - 00159744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2017-01-10 22:59 - 2017-01-05 19:24 - 00291328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2017-01-10 22:59 - 2017-01-05 19:24 - 00129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2017-01-10 22:59 - 2017-01-05 19:24 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2017-01-10 22:59 - 2017-01-05 19:23 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2017-01-10 22:59 - 2017-01-05 19:19 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2017-01-10 07:48 - 2017-01-02 20:11 - 00391496 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2017-01-10 07:16 - 2017-01-10 16:59 - 00000000 ____D C:\Users\Lior\AppData\Local\NPE
2017-01-10 07:16 - 2017-01-10 07:16 - 03423928 _____ (Symantec Corporation) C:\Users\Lior\Downloads\NPE.exe
2017-01-10 06:52 - 2017-01-10 06:53 - 00371275 _____ C:\Users\Lior\Downloads\dns-changer-malware.pdf
2017-01-10 00:26 - 2017-01-10 00:26 - 00000822 _____ C:\Users\Lior\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Start Tor Browser.lnk
2017-01-10 00:26 - 2017-01-10 00:26 - 00000774 _____ C:\Users\Lior\Desktop\Start Tor Browser.lnk
2017-01-10 00:25 - 2017-01-10 00:25 - 00000000 ____D C:\Users\Lior\Desktop\Tor Browser
2017-01-10 00:23 - 2017-01-10 00:24 - 50706736 _____ C:\Users\Lior\Downloads\torbrowser-install-6.0.8_en-US.exe
2017-01-08 22:51 - 2017-01-08 22:51 - 00000000 ____D C:\Users\Lior\AppData\Local\SKIDROW
2017-01-08 22:43 - 2017-01-08 22:43 - 00000761 _____ C:\Users\Public\Desktop\Darksiders II.lnk
2017-01-08 22:43 - 2017-01-08 22:43 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\THQ
2017-01-08 22:40 - 2017-01-08 22:40 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinCDEmu
2017-01-08 22:40 - 2017-01-08 22:40 - 00000000 ____D C:\Program Files (x86)\WinCDEmu
2017-01-08 22:39 - 2017-01-08 22:39 - 01697808 _____ (Sysprogs OU) C:\Users\Lior\Downloads\WinCDEmu-4.1.exe
2017-01-07 19:23 - 2017-01-07 19:23 - 00000000 ____D C:\Users\TEMP\AppData\Local\Comodo
2017-01-07 19:16 - 2017-01-08 14:33 - 00000000 ____D C:\Users\TEMP
2017-01-06 02:08 - 2017-01-06 02:08 - 00536520 _____ (Hola Networks Ltd.) C:\Users\Lior\Downloads\Hola-Setup.exe
2017-01-06 00:46 - 2017-01-06 00:47 - 14482152 _____ (TeamViewer GmbH) C:\Users\Lior\Downloads\TeamViewer_Setup-ajmn.exe
2017-01-05 13:47 - 2017-01-05 13:47 - 00000207 _____ C:\Windows\tweaking.com-regbackup-MYPC-Windows-7-Ultimate-(64-bit).dat
2017-01-05 13:47 - 2017-01-05 13:47 - 00000000 ____D C:\RegBackup
2017-01-05 13:44 - 2017-01-05 13:44 - 00000000 ____D C:\Program Files (x86)\Tweaking.com
2017-01-05 03:40 - 2017-01-15 23:00 - 00003770 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2017-01-05 03:40 - 2017-01-15 22:47 - 00003878 _____ C:\Windows\System32\Tasks\Adobe Flash Player PPAPI Notifier
2017-01-05 03:40 - 2017-01-10 22:54 - 00802904 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2017-01-05 03:40 - 2017-01-10 22:54 - 00144472 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2017-01-05 03:40 - 2017-01-10 22:54 - 00000000 ____D C:\Windows\system32\Macromed
2017-01-05 03:39 - 2017-01-10 22:54 - 00000000 ____D C:\Windows\SysWOW64\Macromed
2017-01-05 03:39 - 2017-01-05 03:39 - 20632664 _____ (Adobe Systems Incorporated) C:\Users\Lior\Downloads\install_flash_player_ppapi.exe
2017-01-05 02:44 - 2017-01-05 02:44 - 03858824 _____ (COMODO) C:\Windows\SysWOW64\ise_installer.exe
2017-01-05 02:42 - 2017-01-11 23:31 - 00000000 ____D C:\Users\Lior\AppData\Local\Comodo
2017-01-05 02:39 - 2017-01-05 02:40 - 32645888 _____ (Tweaking.com) C:\Users\Lior\Downloads\tweaking.com_windows_repair_aio_setup.exe
2017-01-05 02:31 - 2017-01-05 02:31 - 00000000 ____D C:\Users\Lior\AppData\Local\GlassWire
2017-01-05 02:31 - 2017-01-05 02:31 - 00000000 ____D C:\ProgramData\GlassWire
2017-01-05 02:30 - 2017-01-05 02:30 - 30946988 _____ C:\Users\Lior\Downloads\GlassWire 1.2.74 + Crack [4REALTORRENTZ].zip
2017-01-05 02:30 - 2017-01-05 02:30 - 00000000 ____D C:\Users\Lior\Downloads\GlassWire 1.2.74 + Crack [4REALTORRENTZ]
2017-01-05 01:47 - 2017-01-05 01:47 - 01958816 _____ () C:\Users\Lior\Downloads\r65919en.exe
2017-01-05 01:45 - 2017-01-05 01:45 - 02118058 _____ () C:\Users\Lior\Downloads\r34551ge.exe
2017-01-05 01:28 - 2017-01-05 01:28 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\כלי Microsoft Office 2016
2017-01-05 01:25 - 2017-01-05 01:26 - 03809072 _____ (Microsoft Corporation) C:\Users\Lior\Downloads\setuplanguagepack.x86.he-il_.exe
2017-01-05 01:24 - 2017-01-05 01:24 - 05537584 _____ (Microsoft Corporation) C:\Users\Lior\Downloads\setuplanguagepack.x64.he-il_.exe

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-02-04 20:00 - 2017-01-03 18:42 - 00000000 ____D C:\ProgramData\Malwarebytes Anti-Exploit
2017-02-04 19:55 - 2016-12-28 23:26 - 00000000 ____D C:\Users\Lior\AppData\LocalLow\Mozilla
2017-02-04 19:36 - 2009-07-14 06:45 - 00021280 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-02-04 19:36 - 2009-07-14 06:45 - 00021280 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-02-04 19:34 - 2009-07-14 07:13 - 00783114 _____ C:\Windows\system32\PerfStringBackup.INI
2017-02-04 19:34 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\inf
2017-02-04 19:32 - 2016-11-02 01:15 - 00000000 ____D C:\Users\Lior
2017-02-04 19:28 - 2016-11-10 22:37 - 00000000 ____D C:\ProgramData\NVIDIA
2017-02-04 19:28 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2017-02-03 02:06 - 2016-11-16 21:53 - 00000000 ____D C:\Users\Lior\AppData\Roaming\qBittorrent
2017-01-30 21:58 - 2016-11-10 22:31 - 00000000 ____D C:\Users\Lior\AppData\Local\ElevatedDiagnostics
2017-01-25 07:01 - 2016-12-30 04:06 - 00000000 ____D C:\Program Files (x86)\Comodo
2017-01-24 01:37 - 2017-01-02 20:10 - 00000000 ____D C:\Program Files\AVAST Software
2017-01-23 23:27 - 2017-01-02 20:09 - 00000000 ____D C:\ProgramData\AVAST Software
2017-01-23 22:47 - 2016-12-30 02:14 - 00000000 ____D C:\Program Files (x86)\Nmap
2017-01-23 22:46 - 2016-12-30 02:15 - 00000000 ____D C:\Program Files\Npcap
2017-01-23 13:34 - 2016-12-30 02:15 - 00000000 ____D C:\Users\Lior\.zenmap
2017-01-18 16:30 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\system32\NDF
2017-01-17 08:43 - 2016-11-17 07:30 - 00000000 ____D C:\Windows\system32\appraiser
2017-01-17 04:46 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\tracing
2017-01-16 10:33 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\rescache
2017-01-16 07:55 - 2017-01-04 22:51 - 00000000 ____D C:\AdwCleaner
2017-01-15 23:20 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\PolicyDefinitions
2017-01-15 22:56 - 2016-12-20 14:57 - 00000000 ____D C:\Users\Lior\AppData\Local\Adobe
2017-01-15 22:56 - 2016-11-10 22:23 - 00000000 ____D C:\Users\Lior\AppData\Roaming\Adobe
2017-01-15 22:56 - 2016-11-10 22:23 - 00000000 ____D C:\ProgramData\Adobe
2017-01-15 22:56 - 2016-11-10 22:23 - 00000000 ____D C:\Program Files (x86)\Adobe
2017-01-15 22:47 - 2016-12-27 22:53 - 00000000 ____D C:\$WINDOWS.~BT
2017-01-15 22:47 - 2016-12-27 19:39 - 00003736 _____ C:\Windows\System32\Tasks\KMSAutoNet
2017-01-15 22:47 - 2016-11-24 20:19 - 00000000 ____D C:\Users\Lior\AppData\Local\CrashDumps
2017-01-15 22:47 - 2016-11-22 14:31 - 00000000 ____D C:\Users\Lior\AppData\Roaming\Skype
2017-01-15 22:47 - 2016-11-11 14:36 - 00000000 ____D C:\Users\Lior\AppData\Roaming\TeamViewer
2017-01-15 22:47 - 2016-11-10 22:23 - 00000000 ____D C:\ProgramData\Norton
2017-01-15 22:47 - 2016-11-02 11:12 - 00000000 ____D C:\Windows\Panther
2017-01-11 15:03 - 2016-12-30 04:28 - 00000000 ___HD C:\VTRoot
2017-01-11 15:03 - 2016-12-30 04:02 - 00000000 ____D C:\ProgramData\Comodo
2017-01-11 10:22 - 2016-11-10 22:22 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kloudian
2017-01-10 23:28 - 2016-12-27 00:01 - 00000000 ____D C:\Windows\system32\MRT
2017-01-10 23:26 - 2016-12-27 00:00 - 135657872 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2017-01-10 08:01 - 2016-12-28 23:03 - 00000000 ____D C:\Program Files\HitmanPro
2017-01-10 07:51 - 2017-01-02 20:11 - 00001922 _____ C:\Users\Public\Desktop\Avast Free Antivirus.lnk
2017-01-06 01:49 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\Registration
2017-01-05 01:32 - 2016-12-27 19:24 - 00000000 ___RD C:\Users\Lior\OneDrive
2017-01-05 01:32 - 2016-12-27 19:24 - 00000000 ____D C:\Program Files (x86)\Microsoft OneDrive
2017-01-05 01:32 - 2016-12-27 19:22 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2017-01-05 01:28 - 2016-12-27 19:23 - 00002200 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype for Business 2016.lnk
2017-01-05 01:28 - 2016-12-27 19:23 - 00002182 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneDrive for Business.lnk
2017-01-05 01:28 - 2016-12-27 19:23 - 00002152 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Outlook 2016.lnk
2017-01-05 01:28 - 2016-12-27 19:23 - 00002144 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Word 2016.lnk
2017-01-05 01:28 - 2016-12-27 19:23 - 00002130 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Access 2016.lnk
2017-01-05 01:28 - 2016-12-27 19:23 - 00002126 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerPoint 2016.lnk
2017-01-05 01:28 - 2016-12-27 19:23 - 00002108 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Excel 2016.lnk
2017-01-05 01:28 - 2016-12-27 19:23 - 00002104 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Publisher 2016.lnk
2017-01-05 01:28 - 2016-12-27 19:23 - 00002104 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneNote 2016.lnk
2017-01-05 01:28 - 2016-12-27 19:20 - 00000000 ____D C:\Program Files (x86)\Microsoft Office

==================== Files in the root of some directories =======

2017-01-24 17:38 - 2017-01-24 17:38 - 0907614 _____ () C:\Users\Lior\AppData\Local\ars.cache
2017-01-24 17:38 - 2017-01-24 17:38 - 0847810 _____ () C:\Users\Lior\AppData\Local\census.cache
2017-01-24 17:30 - 2017-01-24 17:30 - 0000036 _____ () C:\Users\Lior\AppData\Local\housecall.guid.cache
2017-01-23 13:34 - 2017-01-23 13:34 - 0001743 _____ () C:\Users\Lior\AppData\Local\recently-used.xbel
2016-12-29 01:36 - 2017-01-01 01:25 - 0007605 _____ () C:\Users\Lior\AppData\Local\Resmon.ResmonCfg
2017-01-24 17:38 - 2017-01-24 17:38 - 0000010 _____ () C:\Users\Lior\AppData\Local\sponge.last.runtime.cache
2016-12-30 02:15 - 2017-01-23 13:21 - 0001906 _____ () C:\Users\Lior\AppData\Local\zenmap.exe.log
2017-01-11 15:02 - 2016-12-28 00:17 - 0353976 _____ (COMODO) C:\ProgramData\cmdres.dll
2016-11-10 22:18 - 2016-11-10 22:18 - 0000000 ____H () C:\ProgramData\DP45977C.lfl

Files to move or delete:
====================
C:\ProgramData\cmdres.dll


==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-02-02 01:16

==================== End of FRST.txt ============================

 

 



BC AdBot (Login to Remove)

 


#2 olgun52

olgun52

  • Malware Response Team
  • 3,784 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:04 AM

Posted 04 February 2017 - 04:25 PM

Hello Lior77 and Welcome to the BleepingComputer. :welcome:

My name is Yılmaz and I'll help you with the cleanup of malware from your computer.

Before we move on, please read the following points carefully.

  • Please complete all steps in the specified order.
  • Even if tools don't find malware, I want you to post the logfiles anyway.
  • Please copy and paste the logfiles directly into your posts. Please do not attach them unless you are instructed to do so.
  • Read the instructions carefully. If you have problems, stop what you were doing and describe the problems you encountered as precisely as you can.
  • Don't install or uninstall software during the cleanup unless you are told to do so.
  • Ensure your external and/or USB drives are inserted during always the scan.
  • If you can't answer for the next few days, please let me know. If you haven't answered within 5 days, I am assuming that you don't need help anymore and your topic will be closed.
  • If you have illegal/cracked software, cracks, keygens, etc. on the system, please remove or uninstall them now!
  • I can not guarantee that we will find and be able to remove all malware. The cleaning process is not instant. Please continue to review my answers until I tell you that your computer is clean
  • Please reply to this thread. Do not start a new topic
  • As my first language is not English, please do not use slang or idioms. It could be hard for me to understand.
  • Please open as administrator the computer. How is open as administrator the computer?
  • Disable your AntiVirus and AntiSpyware applications, as they will interfere with our tools and the removal. If you are unsure how to do this, please refer to get help here

Thanks
 

Not the addition.txt

Addition.txt is produced only the first time FRST is run. FRST saves its logs in this location:

C:\FRST\Logs\

See if Addition.txt is saved there. If yes, please attach it.

If not, run FRST again, when the console opens check Addition.txt box only, and click scan. It should produce the Addition.txt.

I am currently reviewing your Frst logfile.I will be back with a fix for your problem as soon as possible.Please be patient with me during this time.

Sincerely
:hello:


Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#3 Lior77

Lior77
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:05:04 AM

Posted 04 February 2017 - 04:42 PM

Hey, not sure what you mean there

 

it says the addition is generated on the same location of FRST, maybe i forgot to press the attach button..

 

so here i'm attaching addition.txt anyway

 

from C:\FRST\LOGS due to your replay

 

I appreciate your kind help :)

Attached Files



#4 olgun52

olgun52

  • Malware Response Team
  • 3,784 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:04 AM

Posted 04 February 2017 - 05:38 PM

Hi Lior77,

C:\Users\Lior\Downloads\GlassWire 1.2.74 + Crack [4REALTORRENTZ].zip
C:\Users\Lior\Downloads\GlassWire 1.2.74 + Crack [4REALTORRENTZ]
C:\Windows\System32\Tasks\KMSAutoNet

 Do you use a cracked version of MS Office?  AutoKMS is a crack for Microsoft Office. Basically it means you have a pirated copy of Office and I wil not be able to continue helping unless the crack is removed. Crack keygen must remove all illegal software.

==============================================================================================

C:\Users\Lior\Desktop\New Text Document.txt
C:\Users\Lior\Downloads\Copy of כולל תלוש דמש(1).xlsx
C:\Users\Lior\Downloads\Copy of כולל תלוש דמש.xlsx
C:\Users\Lior\Downloads\כולל תלוש דמש - דמ_ש .csv
C:\Users\Lior\Downloads\דוח סוף חודש דצמבר 16.xlsx.xlsx
C:\Users\Lior\Downloads\עדכון מוטבים.pdf
C:\Users\Lior\Downloads\ביטול כרטיס.pdf

C:\Users\Lior\Desktop\1.xml
C:\Users\Lior\Desktop\1.cmd

what are these files ? Do you recognize them?

 

 


Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#5 Lior77

Lior77
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:05:04 AM

Posted 04 February 2017 - 07:28 PM

I removed the upper above files:the glasswire and the kms.

 

the kms thing is used to make the ms office acts as Trial , I'm not sure it can be called a real crack but i removed it.

 

and the other files are mine (1.cmd was used to remove some ms updates since i read these specific updates has some ms snooping in it).



#6 olgun52

olgun52

  • Malware Response Team
  • 3,784 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:04 AM

Posted 05 February 2017 - 03:44 PM

Hi Lior77,
 
Uninstall some programs:
NOTE** Because of the cleanup process some of the programs I have listed may not be in add/remove anymore this is fine just move to the next item on the list.
You can remove these programs using add/remove or you can use the free uninstaller from Revo (Revo does allot better of a job)

Programs to remove
İOBit  (Malware Fighter, Advanced SystemCare+Obit Uninstaller+LiveUpdate )
Trend Micro
Dr.Web
Curiolab

COMODO Internet Security
AVAST Software
Hitman pro
Smayntec Norton
Enigma software-SpyHunter

TeamViewer
VPN softwares
Adobe Reader X

  • Please download and install Revo Uninstaller Free
  • Double click Revo Uninstaller to run it.
  • From the list of programs double click on The Program to remove
  • When prompted if you want to uninstall click Yes.
  • Be sure the Moderate option is selected then click Next.
  • The program will run, If prompted again click Yes
  • when the built-in uninstaller is finished click on Next.
  • Once the program has searched for leftovers click Next.
  • Check/tick the bolded items only on the list then click Delete
  • when prompted click on Yes and then on next.
  • put a check on any folders that are found and select delete
  • when prompted select yes then on next
  • Once done click Finish

Also;
Opera(360 Internet Protection)
FF Extension: (Privacy & Unblock VPN)
FF Extension: (Hoxx VPN Proxy)
=================================================================================
 
Please download MiniToolBox, save it to your desktop and run it.
Checkmark the following checkboxes:

  • Flush DNS
  • Report IE Proxy Settings
  • Reset IE Proxy Settings
  • Report FF Proxy Settings
  • Reset FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Users, Partitions and Memory size.

Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.
Note: When using "Reset FF Proxy Settings" option Firefox should be closed.
==================================================================
 
Run FRST fixlist

  • Please open notepad (Start > All Programs > Accessories > Notepad)
  • Copy the entire contents of the code box below (Do not copy the word 'code') to Notepad.
  • Save it to the Desktop, and name it: fixlist.txt

CreateRestorePoint:
CloseProcesses:

HKU\S-1-5-21-581670727-4019475661-898612434-1000\...\MountPoints2: {b6d83d50-a088-11e6-88d9-806e6f6e6963} - G:\ASRSetup.exe
HKU\S-1-5-21-581670727-4019475661-898612434-1000\...\MountPoints2: {c271a7c2-d59e-11e6-ab3b-d050992cb09e} - V:\Setup.exe
HKU\S-1-5-21-581670727-4019475661-898612434-1000\...\MountPoints2: {eec73ace-a782-11e6-b943-806e6f6e6963} - G:\ASRSetup.exe
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
FF NetworkProxy: Mozilla\Firefox\Profiles\j098rdn4.default -> proxy_over_tls", false
FF NetworkProxy: Comodo\IceDragon\Profiles\zs33fp6t.default -> autoconfig_url", "data:text/plain, function FindProxyForURL(url, host) {if(isInNet(host, '192.168.0.0', '255.255.0.0')) return 'DIRECT'; \nif(host == 'us1-base.cd-n.net') return 'DIRECT'; \nif(host == 'us2-base.cd-n.net') return 'DIRECT'; \nif(host == 'us3-base.cd-n.net') return 'DIRECT'; \nif(host == 'jp1-base.cd-n.net') return 'DIRECT'; \nif(host == 'de1-base.cd-n.net') return 'DIRECT'; \nif(host == 'au1-base.cd-n.net') return 'DIRECT'; \nif(host == 'ir1-base.cd-n.net') return 'DIRECT'; \nif(host == 'sg1-base.cd-n.net') return 'DIRECT'; \nif(host == 'kr1-base.cd-n.net') return 'DIRECT'; \nif(host == '127.0.0.1') return 'DIRECT'; \nif(host == 'localhost') return 'DIRECT'; \nif(host == 'de1-base.cd-n.net') return 'DIRECT'; \nreturn 'HTTPS guxdcmbqfyzdknboge4doizrgq4dimbzgi4dama.cd-n.net:443';}"
FF NetworkProxy: Comodo\IceDragon\Profiles\zs33fp6t.default -> type", 0
FF Extension: (Hoxx VPN Proxy) - C:\Users\Lior\AppData\Roaming\Comodo\IceDragon\Profiles\zs33fp6t.default\Extensions\@hoxx-vpn.xpi 
FF Extension: (360 Internet Protection) - C:\Users\Lior\AppData\Roaming\Comodo\IceDragon\Profiles\zs33fp6t.default\Extensions\WebProtection@360safe.com [2017-01-15]
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2015-09-24] (Adobe Systems Inc.)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2017-01-02] (AVAST Software)
OPR Extension: (360 Internet Protection) - C:\Users\Lior\AppData\Roaming\Opera Software\Opera Stable\Extensions\cnpeghmjdfdmneiljeibjnemfdkojdhl [2017-01-25]
FF Extension: (ZenMate Security, Privacy & Unblock VPN) - C:\Users\Lior\AppData\Roaming\Mozilla\Firefox\Profiles\j098rdn4.default\Extensions\firefox@zenmate.com.xpi [2017-01-01]
U0 aswVmm; no ImagePath
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
C:\ProgramData\{74E9F814-C737-42CC-B721-DBBC4059367A}
2017-01-29 09:34 - 2017-01-29 09:34 - 00000000 ____D C:\Users\Lior\AppData\Roaming\ProductData
2017-01-29 09:33 - 2017-02-04 19:30 - 00000000 ____D C:\ProgramData\ProductData
R2 HitmanProScheduler; C:\Program Files\HitmanPro\hmpsched.exe [135496 2016-12-28] (SurfRight B.V.)
C:\ProgramData\{BE2ACE5C-32B7-4777-9BDF-ECF87CDAB705}
2017-01-25 00:41 - 2017-01-25 00:44 - 00000000 ____D C:\Users\Lior\Doctor Web
2017-01-24 17:39 - 2017-01-25 07:11 - 00000000 ____D C:\Program Files (x86)\Trend Micro
2017-01-24 17:38 - 2017-01-24 17:38 - 00907614 _____ C:\Users\Lior\AppData\Local\ars.cache
2017-01-24 17:38 - 2017-01-24 17:38 - 00847810 _____ C:\Users\Lior\AppData\Local\census.cache
2017-01-24 17:38 - 2017-01-24 17:38 - 00000010 _____ C:\Users\Lior\AppData\Local\sponge.last.runtime.cache
2017-01-24 17:32 - 2017-01-24 17:32 - 00000000 ____D C:\Windows\Trend Micro
2017-01-24 17:30 - 2017-01-24 17:32 - 147601344 _____ C:\Users\Lior\Desktop\cureit.exe
2017-01-24 17:30 - 2017-01-24 17:30 - 02527376 _____ (Trend Micro Inc.) C:\Users\Lior\Desktop\HousecallLauncher64.exe
2017-01-24 17:30 - 2017-01-24 17:30 - 00000036 _____ C:\Users\Lior\AppData\Local\housecall.guid.cache
2017-01-24 17:30 - 2016-08-22 21:20 - 00332512 _____ (Trend Micro Inc.) C:\Windows\system32\Drivers\tmcomm.sys
2017-01-22 22:42 - 2017-01-22 22:42 - 00000000 ____D C:\Users\Lior\AppData\Roaming\Curiolab
2017-01-22 22:41 - 2017-01-22 22:41 - 15637544 _____ (CURIOLAB S.M.B.A.) C:\Users\Lior\Downloads\ExterminateItSetup.exe
2017-01-16 06:47 - 2017-01-16 06:47 - 03516080 _____ (Enigma Software Group USA, LLC.) C:\Users\Lior\Downloads\SpyHunter-Installer.exe
2017-01-15 22:46 - 2017-01-25 07:01 - 00000000 ____D C:\ProgramData\360Quarant
2017-01-15 22:45 - 2017-01-25 07:11 - 00000000 ____D C:\Program Files (x86)\360
2017-01-15 22:45 - 2017-01-15 23:20 - 00000000 ____D C:\Windows\Tasks\360Disabled
2017-01-15 22:45 - 2016-12-30 09:22 - 00086248 _____ (360.cn) C:\Windows\SysWOW64\Drivers\360AvFlt.sys
2017-01-15 22:44 - 2017-01-15 22:44 - 50312112 _____ C:\Users\Lior\Downloads\360TS_Setup.exe
2017-01-15 22:44 - 2017-01-15 22:44 - 01418664 _____ (QIHU 360 SOFTWARE CO. LIMITED) C:\Users\Lior\Downloads\360TS_Setup_Mini.exe
2017-01-10 07:48 - 2017-01-02 20:11 - 00391496 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2017-01-10 07:16 - 2017-01-10 07:16 - 03423928 _____ (Symantec Corporation) C:\Users\Lior\Downloads\NPE.exe
2017-01-06 00:46 - 2017-01-06 00:47 - 14482152 _____ (TeamViewer GmbH) C:\Users\Lior\Downloads\TeamViewer_Setup-ajmn.exe
2017-01-24 01:37 - 2017-01-02 20:10 - 00000000 ____D C:\Program Files\AVAST Software
2017-01-23 23:27 - 2017-01-02 20:09 - 00000000 ____D C:\ProgramData\AVAST Software
C:\Windows\System32\Tasks\KMSAutoNet
2017-01-15 22:47 - 2016-11-11 14:36 - 00000000 ____D C:\Users\Lior\AppData\Roaming\TeamViewer
2017-01-15 22:47 - 2016-11-10 22:23 - 00000000 ____D C:\ProgramData\Norton
2017-01-10 08:01 - 2016-12-28 23:03 - 00000000 ____D C:\Program Files\HitmanPro
2017-01-10 07:51 - 2017-01-02 20:11 - 00001922 _____ C:\Users\Public\Desktop\Avast Free Antivirus.lnk
2016-11-10 22:18 - 2016-11-10 22:18 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
Task: {133A663F-9227-4CF1-9FEA-5F53564F17C3} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe [2017-01-28] (AVAST Software)
Task: {F0BA1728-2C04-495C-BD39-081AB58DE08D} - System32\Tasks\KMSAutoNet => C:\ProgramData\KMSAutoS\KMSAuto Net.exe
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\IMFservice => ""="Service"
MSCONFIG\Services: CmdAgent => 2
MSCONFIG\Services: cmdvirth => 3
MSCONFIG\startupreg: COMODO Internet Security => C:\Program Files\COMODO\COMODO Internet Security\cistray.exe
MSCONFIG\startupreg: IseUI => C:\Program Files (x86)\COMODO\Internet Security Essentials\vkise.exe
FirewallRules: [{AB7D91C5-A6FE-4D8F-99F3-78D6B38A7496}] => c:\program files\avast software\avast\avastsvc.exe
FirewallRules: [{1B92B889-5611-4FE7-A136-B98F88A05FC4}] => c:\program files\avast software\avast\avastsvc.exe
FirewallRules: [{25BD9D88-6513-4199-9D18-431DF6ED9C54}] => C:\Program Files (x86)\IObit\Advanced SystemCare\Surfing Protection\FFNativeMessage.exe
FirewallRules: [{57F2775D-3C6D-4D70-8355-175B2E912A57}] => C:\Program Files (x86)\IObit\Advanced SystemCare\Surfing Protection\FFNativeMessage.exe
C:\Users\Lior\Downloads\GlassWire 1.2.74 + Crack [4REALTORRENTZ].zip
C:\Users\Lior\Downloads\GlassWire 1.2.74 + Crack [4REALTORRENTZ]
C:\Windows\System32\Tasks\KMSAutoNet
R2 IMFservice; C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe [1740576 2017-01-10] (IObit)
S2 LiveUpdateSvc; C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [3046688 2016-12-16] (IObit)
Task: {2595C192-C312-4F51-93D0-66F34070428F} - System32\Tasks\Uninstaller_Install_Lior => C:\Program Files (x86)\IObit\Advanced SystemCare\IObitUninstaller.exe
Task: {2595C192-C312-4F51-93D0-66F34070428F} - System32\Tasks\Uninstaller_Install_Lior => C:\Program Files (x86)\IObit\Advanced SystemCare\IObitUninstaller.exe
CMD: netsh winsock reset all
CMD: ipconfig /flushdns
Hosts:
EmptyTemp:
Reboot:
End 

NOTICE: This script is written specifically for this computer!!!

  • Running this on another computer may cause damage to the Operating System.
  • Now, please run FRST, and press the Fix button, just once, and wait.
  • When done, the tool creates a report on the Desktop called: Fixlog.txt

>> Please post the Fixlog.txt in your reply.
======================================================

Any issue ?


Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#7 Lior77

Lior77
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:05:04 AM

Posted 06 February 2017 - 07:58 AM

I did what you wrote , here is the fixlog

 

thanks again for your huge effort to help :)

Attached Files



#8 olgun52

olgun52

  • Malware Response Team
  • 3,784 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:04 AM

Posted 06 February 2017 - 01:06 PM

Please post MiniToolBox Result.txt

Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#9 olgun52

olgun52

  • Malware Response Team
  • 3,784 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:04 AM

Posted 08 February 2017 - 11:11 AM

Are you stıll with me ?


Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#10 Lior77

Lior77
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:05:04 AM

Posted 08 February 2017 - 03:17 PM

Yeah, i'm sorry I forgot to attach this file. I attached it now.

 

the thing is I know they still do this. I think it has to do with firefox or one of the browsers,also maybe open ports?

 

I didnt remove Firefox yet, I thought its safe since its "Secured one" called Ice-Dragon by comodo - is it really safe?.

 

I have another request as well.. I'm suspecting it might be some remote desktop service or trojan  , or it could be some kind of hardware server.

 

the other possibility is its a service, can you help with disabling all the services i dont need? and one last request is I want you to help me setting up Firewall as it

 

should be if it's not too much to ask :)

 

I also know they need to get near by while I'm not around..

 

any ideas?

 

AND, I really really very appreciate your epic help! :)



#11 olgun52

olgun52

  • Malware Response Team
  • 3,784 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:04 AM

Posted 08 February 2017 - 03:55 PM

Hi again,
 
I am waiting MiniToolBox Logfile.Please post.
======================================
Ice-Dragon is Comodo software. It's safe. But you can uninstall.
----------

I think it has to do with firefox or one of the browsers,
also maybe open ports?

I have another request as well.. I'm suspecting it might be some remote desktop service or trojan  , or it could be some kind of hardware server.

Maybe. We will see

the other possibility is its a service, can you help with disabling all the services i dont need? and one last request is I want you to help me setting up Firewall as it

.Okay.

---------------------------------------------------------

Please post MiniToolBox Logfile.


Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#12 Lior77

Lior77
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:05:04 AM

Posted 09 February 2017 - 10:51 AM

Weird, i was 100% i attach Attached File  MTB.txt   24.97KB   3 downloads ed it...

.Here.



#13 olgun52

olgun52

  • Malware Response Team
  • 3,784 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:04 AM

Posted 09 February 2017 - 12:39 PM

Hi Lior77,

 

Run Combofix:

 

Please visit this webpage and read the ComboFix User's Guide:

  • Once you've read the article and are ready to use the program you can download it directly from the link below.
  • Important! - Please make sure you save combofix to your desktop and do not run it from your browser
  • Direct download link for: ComboFix.exe
  • Please make sure you disable your security applications before running ComboFix.
  • Once Combofix has completed it will produce and open a log file.  Please be patient as it can take some time to load.
  • Please attach that log file to your next reply.
  • If needed the file can be located here:  C:\combofix.txt
  • NOTE: If you receive the message "illegal operation has been attempted on a registry key that has been marked for deletion", just reboot the computer.

==============================================================
Please click Start > All Programs > Accessories > Command Prompt
Right-click Command Prompt and select: Run As Administrator
At the Command Prompt, type the following lines, one at a time, and press Enter after each.

sc config MpsSvc start= auto
Net start MpsSvc
exit

Or;
Restore Default Startup Configuration for Windows Firewall / in Windows7

Select your Windows 7 Ultimate and Service Pack 1, and then click Download
Win7_MpsSvc_Service_Startup.cmd file download

  • Save the Win7_MpsSvc_Service_Startup.cmd file
  • Run the saved file as an administrator.
  • Restart the computer.

Okay ? How is Firewall and run ?


Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#14 olgun52

olgun52

  • Malware Response Team
  • 3,784 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:04 AM

Posted 14 February 2017 - 08:45 AM

5 Day Inactivity

This is the third day since my last post. Are you still there?

If you need more time, just let me know.

If you do not post within 24 hours, this thread will be closed due to inactivity.


Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#15 olgun52

olgun52

  • Malware Response Team
  • 3,784 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:04 AM

Posted 18 February 2017 - 02:04 PM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.

Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users