WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. Join 93116 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!

Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

The Internet keeps disconnecting

Started by Sapir7 , May 26 2013 12:20 AM

Please log in to reply

19 replies to this topic

#1 Sapir7

Authentic Member

Authentic Member
22 posts

Posted 26 May 2013 - 12:20 AM

My computer has been disconnecting from the internet for the last couple of months (Direct red X on the net icon in the task bar). I took it to a tech store here, but they couldn't address the issue.
Before the tech store did a few things, the internet would disconnect immediately after entering a browser, and restarting the LAN connection didn't work.
A week later (everything was fine before that), after about 2 minutes of video streaming on YouTube, the internet dcs, and when I restart the LAN connection it brings back the internet but the issue re-occurs. The tech store has no idea how to solve the issue.
My internet is running through a modem which is connected to a router. The connection is wired. My OS is W7 64-bit (Ultimate edition).
Whenever I try to use my WI-Fi on my phone, it works. Whenever I go on Safe Mode, it works as well.
So I went to msconfig and disabled every non-Microsoft services, and that has made things way better now. But the issue still remains.
I am using Kaspersky Internet Security 2013. I have ran a scan and an online scan (panda security scan). It's only found cookies.

Here are the following scan reports: OTL, Extras (OTL), HijackThis and DDS.

OTL scan:
OTL logfile created on: 26/05/2013 08:53:31 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\ספיר\Desktop
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 0000040D | Country: ישראל | Language: HEB | Date Format: dd/MM/yyyy

2.00 Gb Total Physical Memory | 1.03 Gb Available Physical Memory | 51.39% Memory free
4.00 Gb Paging File | 2.10 Gb Available in Paging File | 52.58% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 146.39 Gb Total Space | 87.40 Gb Free Space | 59.70% Space Free | Partition Type: NTFS
Drive E: | 319.27 Gb Total Space | 149.67 Gb Free Space | 46.88% Space Free | Partition Type: NTFS

Computer Name: ספיר-PC | User Name: ספיר | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\ספיר\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
PRC - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe (Kaspersky Lab ZAO)
PRC - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\klwtblfs.exe (Kaspersky Lab ZAO)

========== Modules (No Company Name) ==========

MOD - C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.94\ppGoogleNaClPluginChrome.dll ()
MOD - C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.94\PepperFlash\pepflashplayer.dll ()
MOD - C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.94\pdf.dll ()
MOD - C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.94\libglesv2.dll ()
MOD - C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.94\libegl.dll ()
MOD - C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.94\ffmpegsumo.dll ()
MOD - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\dblite.dll ()

========== Services (SafeList) ==========

SRV:64bit: - (VIAKaraokeService) -- C:\Windows\SysNative\ViakaraokeSrv.exe (VIA Technologies, Inc.)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (AVP) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe (Kaspersky Lab ZAO)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (nvUpdatusService) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (NVIDIA Corporation)
SRV - (Stereo Service) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)

========== Driver Services (SafeList) ==========

DRV:64bit: - (KLIF) -- C:\Windows\SysNative\drivers\klif.sys (Kaspersky Lab ZAO)
DRV:64bit: - (kneps) -- C:\Windows\SysNative\drivers\kneps.sys (Kaspersky Lab ZAO)
DRV:64bit: - (kltdi) -- C:\Windows\SysNative\drivers\kltdi.sys (Kaspersky Lab ZAO)
DRV:64bit: - (klmouflt) -- C:\Windows\SysNative\drivers\klmouflt.sys (Kaspersky Lab)
DRV:64bit: - (klkbdflt) -- C:\Windows\SysNative\drivers\klkbdflt.sys (Kaspersky Lab)
DRV:64bit: - (RdpVideoMiniport) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys (Microsoft Corporation)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (KLIM6) -- C:\Windows\SysNative\drivers\klim6.sys (Kaspersky Lab ZAO)
DRV:64bit: - (kl1) -- C:\Windows\SysNative\drivers\kl1.sys (Kaspersky Lab ZAO)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (VIAHdAudAddService) -- C:\Windows\SysNative\drivers\viahduaa.sys (VIA Technologies, Inc.)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek )
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)
DRV:64bit: - (IntcDAud) -- C:\Windows\SysNative\drivers\IntcDAud.sys (Intel® Corporation)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default Download Directory = C:\Users\ספיר\Desktop
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.walla.co.il/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://il.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = he-IL
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 50 EE 0D 23 14 47 CE 01 [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {1B5821AD-C75A-48DD-BDC5-FA0E2C37DFFF}
IE - HKCU\..\SearchScopes\{1B5821AD-C75A-48DD-BDC5-FA0E2C37DFFF}: "URL" = http://www.google.co...q={searchTerms}
IE - HKCU\..\SearchScopes\{9A92BE77-7AD1-4460-ABA0-3A4764B1BC22}: "URL" = http://en.wikipedia....h={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/Lync,version=15.0: C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\url_advisor@kaspersky.com: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\url_advisor@kaspersky.com [2013/05/02 12:13:00 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\virtual_keyboard@kaspersky.com: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\virtual_keyboard@kaspersky.com [2013/05/02 12:13:00 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\content_blocker@kaspersky.com: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\content_blocker@kaspersky.com [2013/05/02 12:12:59 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\anti_banner@kaspersky.com: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\anti_banner@kaspersky.com [2013/05/02 12:12:59 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\online_banking@kaspersky.com: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\online_banking@kaspersky.com [2013/05/02 12:12:59 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird

[2013/01/11 03:06:08 | 000,033,968 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = http://www.google.co...q={searchTerms}
CHR - default_search_provider: suggest_url =
CHR - homepage: http://www.walla.co.il/
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.94\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.94\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.94\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Microsoft Office 2013 (Enabled) = C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll
CHR - plugin: Microsoft Office 2013 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll
CHR - Extension: Google Docs = C:\Users\ספיר\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\
CHR - Extension: \u05DB\u05D5\u05E0\u05DF Google = C:\Users\ספיר\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Users\ספיר\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: \u05D7\u05D9\u05E4\u05D5\u05E9 Google = C:\Users\ספיר\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: Kaspersky URL Advisor = C:\Users\ספיר\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj\13.0.1.4190_0\
CHR - Extension: Safe Money = C:\Users\ספיר\AppData\Local\Google\Chrome\User Data\Default\Extensions\hakdifolhalapjijoafobooafbilfakh\13.0.1.4190_0\
CHR - Extension: Content Blocker = C:\Users\ספיר\AppData\Local\Google\Chrome\User Data\Default\Extensions\hghkgaeecgjhjkannahfamoehjmkjail\13.0.1.4190_0\
CHR - Extension: Windows Media Player Extension for HTML5 = C:\Users\ספיר\AppData\Local\Google\Chrome\User Data\Default\Extensions\hokdglbhghcebcopdbanieangmcamaak\1.0_0\
CHR - Extension: Virtual Keyboard = C:\Users\ספיר\AppData\Local\Google\Chrome\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh\13.0.1.4292_0\
CHR - Extension: Gmail = C:\Users\ספיר\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
CHR - Extension: Anti-Banner = C:\Users\ספיר\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjldcfjmnllhmgjclecdnfampinooman\13.0.1.4190_0\

O1 HOSTS File: ([2009/06/11 00:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Content Blocker Plugin) - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
O2:64bit: - BHO: (Virtual Keyboard Plugin) - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
O2:64bit: - BHO: (Safe Money Plugin) - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
O2:64bit: - BHO: (URL Advisor Plugin) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
O2 - BHO: (Content Blocker Plugin) - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
O2 - BHO: (Virtual Keyboard Plugin) - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
O2 - BHO: (Safe Money Plugin) - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office15\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Microsoft SkyDrive Pro Browser Helper) - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\PROGRA~2\MICROS~1\Office15\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (URL Advisor Plugin) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [AVP] C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe (Kaspersky Lab ZAO)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Add to Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ie_banner_deny.htm ()
O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ie_banner_deny.htm ()
O9:64bit: - Extra Button: Virtual Keyboard - {0C4CC089-D306-440D-9772-464E226F6539} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
O9:64bit: - Extra Button: URLs check - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
O9 - Extra Button: Virtual Keyboard - {0C4CC089-D306-440D-9772-464E226F6539} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
O9 - Extra Button: URLs check - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.m...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 194.90.0.1 194.90.1.5
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{AE4AE055-ECA3-4400-82BE-739FB986C220}: DhcpNameServer = 194.90.0.1 194.90.1.5
O18 - Protocol\Handler\ms-help - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{85073099-895b-11e2-81ba-bc5ff40bd5d3}\Shell - "" = AutoRun
O33 - MountPoints2\{85073099-895b-11e2-81ba-bc5ff40bd5d3}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)

Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.ac3acm - C:\Windows\SysWow64\ac3acm.acm (fccHandler)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.lameacm - C:\Windows\SysWow64\lameACM.acm (http://www.mp3dev.org/)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
Drivers32: VIDC.FFDS - C:\Windows\SysWow64\ff_vfw.dll ()
Drivers32: VIDC.XVID - C:\Windows\SysWow64\xvidvfw.dll ()
Drivers32: VIDC.YV12 - C:\Windows\SysWow64\yv12vfw.dll (www.helixcommunity.org)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2013/05/26 08:45:19 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\ספיר\Desktop\OTL.exe
[2013/05/25 03:06:04 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2013/05/25 03:06:04 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2013/05/25 03:06:02 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2013/05/25 03:06:02 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2013/05/25 03:06:02 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2013/05/25 03:06:01 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2013/05/25 03:06:01 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2013/05/25 03:06:01 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2013/05/25 03:06:01 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2013/05/25 03:06:01 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2013/05/25 03:06:00 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2013/05/25 03:06:00 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2013/05/25 03:05:58 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2013/05/25 03:05:58 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2013/05/25 03:05:58 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2013/05/24 13:41:36 | 000,000,000 | ---D | C] -- C:\Users\ספיר\AppData\Roaming\NuGet
[2013/05/24 13:30:32 | 000,265,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\dxgmms1.sys
[2013/05/24 13:30:32 | 000,144,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cdd.dll
[2013/05/24 13:30:15 | 001,930,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\authui.dll
[2013/05/24 13:30:15 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\shdocvw.dll
[2013/05/24 13:30:14 | 001,796,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\authui.dll
[2013/05/24 13:30:14 | 000,111,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\consent.exe
[2013/05/24 13:29:27 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wwanprotdim.dll
[2013/05/24 12:19:45 | 000,000,000 | --SD | C] -- C:\Windows\SysWow64\Microsoft
[2013/05/24 10:56:44 | 000,000,000 | ---D | C] -- C:\scan
[2013/05/24 10:45:36 | 000,000,000 | ---D | C] -- C:\Program Files\HitmanPro
[2013/05/24 10:45:17 | 000,000,000 | ---D | C] -- C:\ProgramData\HitmanPro
[2013/05/24 10:23:24 | 000,000,000 | ---D | C] -- C:\ProgramData\RegRun
[2013/05/24 10:22:45 | 000,000,000 | ---D | C] -- C:\Users\ספיר\Documents\RegRun2
[2013/05/24 10:12:22 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2013/05/24 01:18:17 | 000,000,000 | ---D | C] -- C:\Users\ספיר\AppData\Roaming\Malwarebytes
[2013/05/24 01:18:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013/05/24 01:18:02 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2013/05/24 01:17:36 | 000,000,000 | ---D | C] -- C:\Users\ספיר\AppData\Local\Programs
[2013/05/24 01:09:00 | 000,000,000 | ---D | C] -- C:\Program Files\Google
[2013/05/24 01:03:40 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
[2013/05/23 22:40:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Panda Security
[2013/05/19 20:10:23 | 000,000,000 | ---D | C] -- C:\Users\ספיר\Documents\הילה 1905
[2013/05/18 22:00:56 | 000,000,000 | ---D | C] -- C:\Users\ספיר\AppData\Roaming\vlc
[2013/05/18 19:28:54 | 000,000,000 | ---D | C] -- C:\Users\ספיר\AppData\Roaming\Skype
[2013/05/18 19:28:34 | 000,000,000 | R--D | C] -- C:\Program Files (x86)\Skype
[2013/05/18 19:28:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Skype
[2013/05/17 17:34:08 | 000,000,000 | ---D | C] -- C:\Users\ספיר\AppData\Roaming\DVDVideoSoft
[2013/05/17 17:34:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DVDVideoSoft
[2013/05/12 17:09:44 | 000,000,000 | ---D | C] -- C:\Users\ספיר\AppData\Roaming\Dropbox
[2013/05/10 15:45:13 | 000,000,000 | ---D | C] -- C:\Users\ספיר\Documents\תבניות מותאמות אישית של Office
[2013/05/07 18:28:40 | 000,000,000 | ---D | C] -- C:\Users\ספיר\Documents\מאמרים
[2013/05/07 14:45:22 | 000,000,000 | ---D | C] -- C:\Users\ספיר\Documents\הילה5.1
[2013/05/06 19:31:00 | 000,000,000 | ---D | C] -- C:\ProgramData\HP
[2013/05/06 19:30:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP
[2013/05/06 19:30:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\HP
[2013/05/06 19:30:16 | 000,000,000 | ---D | C] -- C:\Program Files\HP
[2013/05/06 19:28:04 | 000,000,000 | ---D | C] -- C:\Users\ספיר\AppData\Local\HP
[2013/05/06 19:11:01 | 000,057,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys
[2013/05/06 19:11:01 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys
[2013/05/06 19:11:01 | 000,015,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RdpGroupPolicyExtension.dll
[2013/05/06 19:11:01 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TsUsbRedirectionGroupPolicyExtension.dll
[2013/05/06 19:11:01 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TsUsbRedirectionGroupPolicyControl.exe
[2013/05/06 19:11:00 | 000,322,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\aaclient.dll
[2013/05/06 19:11:00 | 000,269,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\aaclient.dll
[2013/05/06 19:11:00 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpudd.dll
[2013/05/06 19:11:00 | 000,228,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpendp_winip.dll
[2013/05/06 19:11:00 | 000,192,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\rdpendp_winip.dll
[2013/05/06 19:11:00 | 000,062,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TSWbPrxy.exe
[2013/05/06 19:11:00 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MsRdpWebAccess.dll
[2013/05/06 19:11:00 | 000,046,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MsRdpWebAccess.dll
[2013/05/06 19:11:00 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tsgqec.dll
[2013/05/06 19:11:00 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TsUsbGDCoInstaller.dll
[2013/05/06 19:11:00 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tsgqec.dll
[2013/05/06 19:11:00 | 000,018,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wksprtPS.dll
[2013/05/06 19:11:00 | 000,016,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wksprtPS.dll
[2013/05/06 19:10:59 | 003,174,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcorets.dll
[2013/05/06 19:10:59 | 001,123,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mstsc.exe
[2013/05/06 19:10:59 | 001,048,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mstsc.exe
[2013/05/06 19:10:59 | 000,384,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wksprt.exe
[2013/05/06 19:10:58 | 005,773,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mstscax.dll
[2013/05/06 19:10:58 | 004,916,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mstscax.dll
[2013/05/06 19:06:10 | 002,776,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msmpeg2vdec.dll
[2013/05/06 19:06:10 | 002,284,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msmpeg2vdec.dll
[2013/05/06 19:06:10 | 000,221,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\UIAnimation.dll
[2013/05/06 19:06:10 | 000,187,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\UIAnimation.dll
[2013/05/06 19:06:07 | 000,465,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WMPhoto.dll
[2013/05/06 19:06:07 | 000,417,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WMPhoto.dll
[2013/05/06 19:06:05 | 002,565,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10warp.dll
[2013/05/06 19:06:05 | 000,194,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1.dll
[2013/05/06 19:06:05 | 000,010,752 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-advapi32-l1-1-0.dll
[2013/05/06 19:06:05 | 000,010,752 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-advapi32-l1-1-0.dll
[2013/05/06 19:06:05 | 000,009,728 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
[2013/05/06 19:06:05 | 000,009,728 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-shlwapi-l1-1-0.dll
[2013/05/06 19:06:05 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-advapi32-l2-1-0.dll
[2013/05/06 19:06:05 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-advapi32-l2-1-0.dll
[2013/05/06 19:06:05 | 000,002,560 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-normaliz-l1-1-0.dll
[2013/05/06 19:06:05 | 000,002,560 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-normaliz-l1-1-0.dll
[2013/05/06 19:06:04 | 001,887,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d11.dll
[2013/05/06 19:06:04 | 001,682,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsPrint.dll
[2013/05/06 19:06:04 | 001,504,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3d11.dll
[2013/05/06 19:06:04 | 001,238,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10.dll
[2013/05/06 19:06:04 | 001,158,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsPrint.dll
[2013/05/06 19:06:04 | 000,648,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10level9.dll
[2013/05/06 19:06:04 | 000,522,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsGdiConverter.dll
[2013/05/06 19:06:04 | 000,364,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsGdiConverter.dll
[2013/05/06 19:06:04 | 000,363,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxgi.dll
[2013/05/06 19:06:04 | 000,333,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1core.dll
[2013/05/06 19:06:04 | 000,296,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10core.dll
[2013/05/06 19:06:04 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l2-1-0.dll
[2013/05/06 19:06:04 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-shlwapi-l2-1-0.dll
[2013/05/06 19:06:04 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-ole32-l1-1-0.dll
[2013/05/06 19:06:04 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-ole32-l1-1-0.dll
[2013/05/06 19:06:04 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-user32-l1-1-0.dll
[2013/05/06 19:06:04 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-user32-l1-1-0.dll
[2013/05/06 19:06:04 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-version-l1-1-0.dll
[2013/05/06 19:06:04 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-version-l1-1-0.dll
[2013/05/06 19:06:04 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-shell32-l1-1-0.dll
[2013/05/06 19:06:04 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-shell32-l1-1-0.dll
[2013/05/06 19:06:03 | 003,928,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d2d1.dll
[2013/05/06 19:06:03 | 001,643,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DWrite.dll
[2013/05/06 19:06:03 | 001,424,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WindowsCodecs.dll
[2013/05/06 19:06:03 | 000,245,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WindowsCodecsExt.dll
[2013/05/06 19:03:48 | 001,448,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\lsasrv.dll
[2013/05/06 19:03:47 | 000,514,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\qdvd.dll
[2013/05/06 19:03:47 | 000,366,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\qdvd.dll
[2013/05/06 18:21:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Expression
[2013/05/06 18:08:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NuGet
[2013/05/06 18:05:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Merge Modules
[2013/05/06 18:04:30 | 000,000,000 | ---D | C] -- C:\Windows\symbols
[2013/05/06 18:03:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Kits
[2013/05/06 18:03:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Microsoft
[2013/05/06 18:03:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Windows Kits
[2013/05/06 18:03:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Visual Studio 2012 Express
[2013/05/06 18:02:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Visual Studio 2012
[2013/05/06 18:01:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Help Viewer
[2013/05/06 18:01:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft SDKs
[2013/05/06 18:01:15 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\1033
[2013/05/06 18:01:15 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\1033
[2013/05/06 18:00:39 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft SQL Server Compact Edition
[2013/05/06 18:00:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft SQL Server Compact Edition
[2013/05/06 17:47:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Package Cache
[2013/05/06 17:27:18 | 000,000,000 | ---D | C] -- C:\Users\ספיר\AppData\Roaming\Nero
[2013/05/06 15:47:33 | 000,226,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dhcpcore6.dll
[2013/05/06 15:47:33 | 000,193,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dhcpcore6.dll
[2013/05/06 15:47:33 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dhcpcsvc6.dll
[2013/05/06 15:47:31 | 000,245,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\OxpsConverter.exe
[2013/05/06 15:47:27 | 000,246,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netcorehc.dll
[2013/05/06 15:47:27 | 000,216,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncsi.dll
[2013/05/06 15:47:27 | 000,175,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\netcorehc.dll
[2013/05/06 15:47:27 | 000,156,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ncsi.dll
[2013/05/06 15:47:27 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\netevent.dll
[2013/05/06 15:47:27 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netevent.dll
[2013/05/06 15:47:22 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\RNDISMP.sys
[2013/05/06 15:46:38 | 000,068,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\taskhost.exe
[2013/05/05 22:28:59 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\SPReview
[2013/05/05 22:28:32 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\EventProviders
[2013/05/05 22:10:41 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2013/05/05 20:13:56 | 000,000,000 | ---D | C] -- C:\Users\ספיר\AppData\Local\Adobe
[2013/05/05 19:24:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2013/05/05 18:44:57 | 000,000,000 | ---D | C] -- C:\Users\ספיר\AppData\Roaming\Media Player Classic
[2013/05/05 18:42:05 | 000,000,000 | ---D | C] -- C:\Users\ספיר\AppData\Roaming\uTorrent
[2013/05/05 17:35:41 | 000,000,000 | ---D | C] -- C:\Users\ספיר\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SopCast
[2013/05/05 17:35:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SopCast
[2013/05/05 17:34:42 | 000,000,000 | ---D | C] -- C:\Users\ספיר\AppData\Roaming\Macromedia
[2013/05/05 17:34:42 | 000,000,000 | ---D | C] -- C:\Users\ספיר\AppData\Roaming\Adobe
[2013/05/05 17:34:14 | 000,691,592 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2013/05/05 17:34:14 | 000,071,048 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2013/05/05 17:34:13 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Macromed
[2013/05/05 17:34:12 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Macromed
[2013/05/05 11:25:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
[2013/05/05 11:24:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NVIDIA Corporation
[2013/05/05 11:22:16 | 024,796,992 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcompiler.dll
[2013/05/05 11:22:16 | 024,742,720 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvoglv64.dll
[2013/05/05 11:22:16 | 018,871,616 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvoglv32.dll
[2013/05/05 11:22:16 | 017,248,576 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcompiler.dll
[2013/05/05 11:22:16 | 015,693,120 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvd3dumx.dll
[2013/05/05 11:22:16 | 007,581,504 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuda.dll
[2013/05/05 11:22:16 | 007,041,856 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvwgf2um.dll
[2013/05/05 11:22:16 | 005,578,560 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuda.dll
[2013/05/05 11:22:16 | 002,542,912 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuvid.dll
[2013/05/05 11:22:16 | 002,458,432 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvapi.dll
[2013/05/05 11:22:16 | 002,401,088 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvid.dll
[2013/05/05 11:22:16 | 002,232,128 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuvenc.dll
[2013/05/05 11:22:16 | 002,099,520 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvenc.dll
[2013/05/05 11:22:16 | 001,533,248 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvdispco64.dll
[2013/05/05 11:22:16 | 001,454,400 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvgenco64.dll
[2013/05/05 11:22:16 | 000,068,928 | ---- | C] (Khronos Group) -- C:\Windows\SysNative\OpenCL.dll
[2013/05/05 11:22:16 | 000,061,248 | ---- | C] (Khronos Group) -- C:\Windows\SysWow64\OpenCL.dll
[2013/05/05 11:20:56 | 000,000,000 | ---D | C] -- C:\NVIDIA
[2013/05/05 11:14:52 | 000,000,000 | ---D | C] -- C:\Users\ספיר\Documents\DriverGenius
[2013/05/05 11:04:29 | 000,000,000 | ---D | C] -- C:\Users\ספיר\AppData\Roaming\WinRAR
[2013/05/05 10:52:13 | 000,000,000 | ---D | C] -- C:\Users\ספיר\AppData\Local\Diagnostics
[2013/05/02 16:36:55 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA
[2013/05/02 16:35:31 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA Corporation
[2013/05/02 16:35:26 | 000,000,000 | ---D | C] -- C:\Program Files\NVIDIA Corporation
[2013/05/02 16:35:02 | 000,011,240 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\drivers\nvBridge.kmd
[2013/05/02 16:35:00 | 013,205,312 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvd3dum.dll
[2013/05/02 16:34:55 | 002,808,128 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvapi64.dll
[2013/05/02 16:34:55 | 001,359,976 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvgenco642040.dll
[2013/05/02 16:34:52 | 001,614,440 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvdispco642090.dll
[2013/05/02 16:34:34 | 002,153,072 | ---- | C] (VIA Technologies, Inc.) -- C:\Windows\SysNative\drivers\viahduaa.sys
[2013/05/02 16:34:34 | 001,161,328 | ---- | C] (VIA Technologies, Inc.) -- C:\Windows\SysNative\ViaKaraokeApo.dll
[2013/05/02 16:34:34 | 000,993,392 | ---- | C] (VIA Technologies, Inc.) -- C:\Windows\SysNative\VIAPropPageExt.dll
[2013/05/02 16:34:34 | 000,866,304 | ---- | C] (Creative Technology Ltd.) -- C:\Windows\SysNative\VMAPO64.DLL
[2013/05/02 16:34:34 | 000,732,672 | ---- | C] (Creative Technology Ltd.) -- C:\Windows\SysWow64\VMAPO32.DLL
[2013/05/02 16:34:34 | 000,553,072 | ---- | C] (VIA Technologies, Inc.) -- C:\Windows\SysNative\VIASysFx.dll
[2013/05/02 16:34:34 | 000,202,864 | ---- | C] (VIA Technologies, Inc.) -- C:\Windows\SysNative\ViaMicArrayAPO.dll
[2013/05/02 16:34:34 | 000,116,848 | ---- | C] (VIA Technologies,Inc.) -- C:\Windows\SysNative\ViaKaraokePropPageExt.dll
[2013/05/02 16:34:34 | 000,087,152 | ---- | C] (VIA Technologies,Inc.) -- C:\Windows\SysNative\ViaMicArrayPropPageExt.dll
[2013/05/02 16:34:34 | 000,086,016 | ---- | C] (QSound Labs, Inc.) -- C:\Windows\SysNative\nQPropPageExt.dll
[2013/05/02 16:34:34 | 000,082,432 | ---- | C] (QSound Labs, Inc.) -- C:\Windows\SysNative\nQAPO.dll
[2013/05/02 16:34:34 | 000,074,240 | ---- | C] (Creative Technology Ltd.) -- C:\Windows\SysNative\VMWRP64.DLL
[2013/05/02 16:34:34 | 000,057,856 | ---- | C] (Creative Technology Ltd.) -- C:\Windows\SysNative\VMPPLD64.DLL
[2013/05/02 16:34:34 | 000,053,760 | ---- | C] (Creative Technology Ltd.) -- C:\Windows\SysNative\VMPPCN64.DLL
[2013/05/02 16:34:33 | 000,248,944 | ---- | C] (Windows ® Codename Longhorn DDK provider) -- C:\Windows\SysNative\Dts2APO.dll
[2013/05/02 16:34:33 | 000,091,760 | ---- | C] (VIA Technologies, Inc.) -- C:\Windows\SysNative\Dts2PropPageExt.dll
[2013/05/02 16:34:33 | 000,027,760 | ---- | C] (VIA Technologies, Inc.) -- C:\Windows\SysNative\ViakaraokeSrv.exe
[2013/05/02 13:57:00 | 000,000,000 | ---D | C] -- C:\Users\ספיר\Documents\תמונות דבי
[2013/05/02 13:57:00 | 000,000,000 | ---D | C] -- C:\Users\ספיר\Documents\תיקיה חדשה
[2013/05/02 13:56:59 | 000,000,000 | ---D | C] -- C:\Users\ספיר\Documents\תיקיה חdדשה
[2013/05/02 13:56:52 | 000,000,000 | ---D | C] -- C:\Users\ספיר\Documents\שנת 2012מחירים
[2013/05/02 13:56:49 | 000,000,000 | ---D | C] -- C:\Users\ספיר\Documents\שנת 2012 מיסים ב
[2013/05/02 13:56:49 | 000,000,000 | ---D | C] -- C:\Users\ספיר\Documents\שאלות שיר
[2013/05/02 13:56:49 | 000,000,000 | ---D | C] -- C:\Users\ספיר\Documents\רישום
[2013/05/02 13:56:48 | 000,000,000 | ---D | C] -- C:\Users\ספיר\Documents\קרימינולוגיה סמסטר ב
[2013/05/02 13:56:48 | 000,000,000 | ---D | C] -- C:\Users\ספיר\Documents\קרימינולוגיה סמסטר א
[2013/05/02 13:56:32 | 000,000,000 | ---D | C] -- C:\Users\ספיר\Documents\קבצים של האתר שנה א'
[2013/05/02 13:56:24 | 000,000,000 | ---D | C] -- C:\Users\ספיר\Documents\פסיכומטרי
[2013/05/02 13:56:24 | 000,000,000 | ---D | C] -- C:\Users\ספיר\Documents\ספיר להדפסה
[2013/05/02 13:56:24 | 000,000,000 | ---D | C] -- C:\Users\ספיר\Documents\סף להדפסה
[2013/05/02 13:56:24 | 000,000,000 | ---D | C] -- C:\Users\ספיר\Documents\מחירים ב
[2013/05/02 13:56:23 | 000,000,000 | ---D | C] -- C:\Users\ספיר\Documents\מחברות של OneNote
[2013/05/02 13:56:19 | 000,000,000 | ---D | C] -- C:\Users\ספיר\Documents\מור
[2013/05/02 13:56:17 | 000,000,000 | ---D | C] -- C:\Users\ספיר\Documents\מבחנים לספיר
[2013/05/02 13:56:17 | 000,000,000 | ---D | C] -- C:\Users\ספיר\Documents\מאקרו בחינה
[2013/05/02 13:56:14 | 000,000,000 | ---D | C] -- C:\Users\ספיר\Documents\מאקרו
[2013/05/02 13:56:12 | 000,000,000 | ---D | C] -- C:\Users\ספיר\Documents\הסיכומים של דיאנה המתרגול של דימה
[2013/05/02 13:56:08 | 000,000,000 | ---D | C] -- C:\Users\ספיר\Documents\הילה8
[2013/05/02 13:56:00 | 000,000,000 | ---D | C] -- C:\Users\ספיר\Documents\הילה5
[2013/05/02 13:56:00 | 000,000,000 | ---D | C] -- C:\Users\ספיר\Documents\הילה3
[2013/05/02 13:56:00 | 000,000,000 | ---D | C] -- C:\Users\ספיר\Documents\הילה2
[2013/05/02 13:56:00 | 000,000,000 | ---D | C] -- C:\Users\ספיר\Documents\הילה
[2013/05/02 13:55:59 | 000,000,000 | ---D | C] -- C:\Users\ספיר\Documents\דבי3
[2013/05/02 13:55:59 | 000,000,000 | ---D | C] -- C:\Users\ספיר\Documents\דבי2
[2013/05/02 13:55:56 | 000,000,000 | ---D | C] -- C:\Users\ספיר\Documents\דבי סמסטר ב
[2013/05/02 13:55:56 | 000,000,000 | ---D | C] -- C:\Users\ספיר\Documents\דבי
[2013/05/02 13:55:56 | 000,000,000 | ---D | C] -- C:\Users\ספיר\Documents\גיבוי
[2013/05/02 13:55:49 | 000,000,000 | ---D | C] -- C:\Users\ספיר\Documents\בעיות מדידה א1
[2013/05/02 13:55:43 | 000,000,000 | ---D | C] -- C:\Users\ספיר\Documents\בעיות מדידה א
[2013/05/02 13:55:40 | 000,000,000 | ---D | C] -- C:\Users\ספיר\Documents\אקונומטריקה מהילה זילבר
[2013/05/02 13:55:39 | 000,000,000 | ---D | C] -- C:\Users\ספיר\Documents\אקונומטריקה
[2013/05/02 13:55:39 | 000,000,000 | ---D | C] -- C:\Users\ספיר\Documents\איצקו
[2013/05/02 13:55:39 | 000,000,000 | ---D | C] -- C:\Users\ספיר\Documents\WPA Files
[2013/05/02 13:55:39 | 000,000,000 | ---D | C] -- C:\Users\ספיר\Documents\Visual Studio 2012
[2013/05/02 13:55:18 | 000,000,000 | ---D | C] -- C:\Users\ספיר\Documents\Visual Studio 2010
[2013/05/02 13:55:06 | 000,000,000 | ---D | C] -- C:\Users\ספיר\Documents\VIA_Win7-64_Win7_Vista64_Vista_XP64_XP_2K(v7700d)
[2013/05/02 13:54:49 | 000,000,000 | ---D | C] -- C:\Users\ספיר\Documents\v8700a_20100923
[2013/05/02 13:54:49 | 000,000,000 | ---D | C] -- C:\Users\ספיר\Documents\Streaming Channels
[2013/05/02 13:46:54 | 000,000,000 | ---D | C] -- C:\Users\ספיר\Documents\samsung
[2013/05/02 13:46:50 | 000,000,000 | ---D | C] -- C:\Users\ספיר\Documents\Hila - Project
[2013/05/02 13:46:49 | 000,000,000 | ---D | C] -- C:\Users\ספיר\Documents\German Audio
[2013/05/02 13:43:27 | 000,000,000 | ---D | C] -- C:\Users\ספיר\Documents\59315
[2013/05/02 13:43:19 | 000,000,000 | ---D | C] -- C:\Users\ספיר\Documents\2012-10-08 טיול בירושלים
[2013/05/02 13:43:10 | 001,283,336 | ---- | C] (Microsoft Corporation) -- C:\Users\ספיר\Documents\vs_ultimate.exe
[2013/05/02 13:43:09 | 003,252,048 | ---- | C] (Microsoft Corporation) -- C:\Users\ספיר\Documents\vcs_web.exe
[2013/05/02 12:10:52 | 000,000,000 | ---D | C] -- C:\Users\ספיר\AppData\Local\Google
[2013/05/02 12:10:06 | 000,000,000 | ---D | C] -- C:\Users\ספיר\AppData\Local\ElevatedDiagnostics
[2013/05/02 12:03:16 | 000,000,000 | R--D | C] -- C:\Users\ספיר\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
[2013/05/02 12:03:16 | 000,000,000 | R--D | C] -- C:\Users\ספיר\Searches
[2013/05/02 12:03:16 | 000,000,000 | R--D | C] -- C:\Users\ספיר\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[2013/05/02 12:03:16 | 000,000,000 | -H-D | C] -- C:\Users\ספיר\Application Data\Microsoft\Internet Explorer\Quick Launch\User Pinned
[2013/05/02 12:03:06 | 000,000,000 | ---D | C] -- C:\Users\ספיר\AppData\Roaming\Identities
[2013/05/02 12:03:02 | 000,000,000 | R--D | C] -- C:\Users\ספיר\Contacts
[2013/05/02 12:02:03 | 000,000,000 | ---D | C] -- C:\Users\ספיר\AppData\Local\VirtualStore
[2013/05/02 12:02:00 | 000,000,000 | -HSD | C] -- C:\Users\ספיר\תפריט התחלה
[2013/05/02 12:02:00 | 000,000,000 | -HSD | C] -- C:\Users\ספיר\AppData\Local\Temporary Internet Files
[2013/05/02 12:02:00 | 000,000,000 | -HSD | C] -- C:\Users\ספיר\Templates
[2013/05/02 12:02:00 | 000,000,000 | -HSD | C] -- C:\Users\ספיר\SendTo
[2013/05/02 12:02:00 | 000,000,000 | -HSD | C] -- C:\Users\ספיר\Recent
[2013/05/02 12:02:00 | 000,000,000 | -HSD | C] -- C:\Users\ספיר\PrintHood
[2013/05/02 12:02:00 | 000,000,000 | -HSD | C] -- C:\Users\ספיר\NetHood
[2013/05/02 12:02:00 | 000,000,000 | -HSD | C] -- C:\Users\ספיר\Documents\My Videos
[2013/05/02 12:02:00 | 000,000,000 | -HSD | C] -- C:\Users\ספיר\Documents\My Pictures
[2013/05/02 12:02:00 | 000,000,000 | -HSD | C] -- C:\Users\ספיר\Documents\My Music
[2013/05/02 12:02:00 | 000,000,000 | -HSD | C] -- C:\Users\ספיר\My Documents
[2013/05/02 12:02:00 | 000,000,000 | -HSD | C] -- C:\Users\ספיר\Local Settings
[2013/05/02 12:02:00 | 000,000,000 | -HSD | C] -- C:\Users\ספיר\AppData\Local\History
[2013/05/02 12:02:00 | 000,000,000 | -HSD | C] -- C:\Users\ספיר\Cookies
[2013/05/02 12:02:00 | 000,000,000 | -HSD | C] -- C:\Users\ספיר\Application Data
[2013/05/02 12:02:00 | 000,000,000 | -HSD | C] -- C:\Users\ספיר\AppData\Local\Application Data
[2013/05/02 12:01:59 | 000,000,000 | --SD | C] -- C:\Users\ספיר\AppData\Roaming\Microsoft
[2013/05/02 12:01:59 | 000,000,000 | R--D | C] -- C:\Users\ספיר\Videos
[2013/05/02 12:01:59 | 000,000,000 | R--D | C] -- C:\Users\ספיר\Saved Games
[2013/05/02 12:01:59 | 000,000,000 | R--D | C] -- C:\Users\ספיר\Pictures
[2013/05/02 12:01:59 | 000,000,000 | R--D | C] -- C:\Users\ספיר\Music
[2013/05/02 12:01:59 | 000,000,000 | R--D | C] -- C:\Users\ספיר\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
[2013/05/02 12:01:59 | 000,000,000 | R--D | C] -- C:\Users\ספיר\Links
[2013/05/02 12:01:59 | 000,000,000 | R--D | C] -- C:\Users\ספיר\Favorites
[2013/05/02 12:01:59 | 000,000,000 | R--D | C] -- C:\Users\ספיר\Downloads
[2013/05/02 12:01:59 | 000,000,000 | R--D | C] -- C:\Users\ספיר\Documents
[2013/05/02 12:01:59 | 000,000,000 | R--D | C] -- C:\Users\ספיר\Desktop
[2013/05/02 12:01:59 | 000,000,000 | R--D | C] -- C:\Users\ספיר\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
[2013/05/02 12:01:59 | 000,000,000 | -H-D | C] -- C:\Users\ספיר\AppData
[2013/05/02 12:01:59 | 000,000,000 | ---D | C] -- C:\Users\ספיר\AppData\Local\Temp
[2013/05/02 12:01:59 | 000,000,000 | ---D | C] -- C:\Users\ספיר\AppData\Local\Microsoft
[2013/05/02 12:01:59 | 000,000,000 | ---D | C] -- C:\Users\ספיר\AppData\Roaming\Media Center Programs
[2013/05/02 11:54:07 | 000,019,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\usb8023.sys
[2013/05/02 11:54:03 | 005,550,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2013/05/02 11:54:02 | 003,968,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2013/05/02 11:54:02 | 003,913,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2013/05/02 11:54:01 | 000,112,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\smss.exe
[2013/05/02 11:54:01 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\csrsrv.dll
[2013/05/02 11:54:01 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\apisetschema.dll

========== Files - Modified Within 30 Days ==========

[2013/05/26 08:45:27 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\ספיר\Desktop\OTL.exe
[2013/05/26 08:05:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/05/26 07:59:02 | 000,000,928 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/05/26 07:56:03 | 001,249,194 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/05/26 07:56:03 | 000,654,254 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/05/26 07:56:03 | 000,392,302 | ---- | M] () -- C:\Windows\SysNative\perfh00D.dat
[2013/05/26 07:56:03 | 000,122,126 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/05/26 07:56:03 | 000,084,810 | ---- | M] () -- C:\Windows\SysNative\perfc00D.dat
[2013/05/26 07:55:48 | 000,020,704 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/05/26 07:55:48 | 000,020,704 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/05/26 07:50:49 | 000,000,266 | ---- | M] () -- C:\Windows\tasks\AutoKMS.job
[2013/05/26 07:50:10 | 000,000,924 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/05/26 07:49:48 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/05/26 07:49:42 | 1609,891,840 | -HS- | M] () -- C:\hiberfil.sys
[2013/05/25 10:37:37 | 001,228,730 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2013/05/25 03:35:22 | 000,477,832 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013/05/21 15:29:36 | 000,036,253 | ---- | M] () -- C:\Users\ספיר\Documents\גליון ציונים (2).pdf
[2013/05/12 17:24:58 | 000,036,253 | ---- | M] () -- C:\Users\ספיר\Documents\גליון ציונים.pdf
[2013/05/06 22:42:38 | 000,002,751 | ---- | M] () -- C:\Users\ספיר\Desktop\Word 2013.lnk
[2013/05/06 22:41:56 | 000,002,703 | ---- | M] () -- C:\Users\ספיר\Desktop\Excel 2013.lnk
[2013/05/06 19:23:24 | 001,247,603 | ---- | M] () -- C:\Users\ספיר\Documents\2019901222-1.pdf
[2013/05/05 22:39:49 | 000,175,616 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msclmd.dll
[2013/05/05 22:39:49 | 000,152,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msclmd.dll
[2013/05/05 22:10:37 | 330,553,682 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2013/05/05 21:07:09 | 000,000,647 | ---- | M] () -- C:\Users\ספיר\Desktop\שירים.lnk
[2013/05/05 17:36:00 | 000,001,077 | ---- | M] () -- C:\Users\ספיר\Desktop\מסמכים.lnk
[2013/05/05 17:34:14 | 000,691,592 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2013/05/05 17:34:14 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2013/05/05 17:23:22 | 005,406,237 | ---- | M] () -- C:\Users\ספיר\Documents\SopCast-3.8.2.exe
[2013/05/02 12:12:56 | 000,620,128 | ---- | M] (Kaspersky Lab ZAO) -- C:\Windows\SysNative\drivers\klif.sys
[2013/05/02 12:12:56 | 000,178,448 | ---- | M] (Kaspersky Lab ZAO) -- C:\Windows\SysNative\drivers\kneps.sys
[2013/05/02 12:12:56 | 000,090,208 | ---- | M] (Kaspersky Lab ZAO) -- C:\Windows\SysNative\drivers\klflt.sys
[2013/05/02 12:12:56 | 000,055,056 | ---- | M] (Kaspersky Lab ZAO) -- C:\Windows\SysNative\drivers\kltdi.sys
[2013/05/02 12:11:02 | 000,002,279 | ---- | M] () -- C:\Users\ספיר\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2013/05/02 12:04:58 | 000,001,389 | ---- | M] () -- C:\Users\ספיר\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk

========== Files Created - No Company Name ==========

[2013/05/21 15:29:36 | 000,036,253 | ---- | C] () -- C:\Users\ספיר\Documents\גליון ציונים (2).pdf
[2013/05/12 17:24:58 | 000,036,253 | ---- | C] () -- C:\Users\ספיר\Documents\גליון ציונים.pdf
[2013/05/06 22:42:38 | 000,002,751 | ---- | C] () -- C:\Users\ספיר\Desktop\Word 2013.lnk
[2013/05/06 22:41:56 | 000,002,703 | ---- | C] () -- C:\Users\ספיר\Desktop\Excel 2013.lnk
[2013/05/06 19:23:18 | 001,247,603 | ---- | C] () -- C:\Users\ספיר\Documents\2019901222-1.pdf
[2013/05/05 22:10:37 | 330,553,682 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2013/05/05 21:07:09 | 000,000,647 | ---- | C] () -- C:\Users\ספיר\Desktop\שירים.lnk
[2013/05/05 17:36:00 | 000,001,077 | ---- | C] () -- C:\Users\ספיר\Desktop\מסמכים.lnk
[2013/05/05 17:34:17 | 000,000,830 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/05/05 17:23:12 | 005,406,237 | ---- | C] () -- C:\Users\ספיר\Documents\SopCast-3.8.2.exe
[2013/05/02 16:35:02 | 000,007,384 | ---- | C] () -- C:\Windows\SysNative\nvinfo.pb
[2013/05/02 13:43:19 | 000,459,832 | ---- | C] () -- C:\Users\ספיר\Documents\תרגיל 1 בניהולית.pdf
[2013/05/02 13:43:19 | 000,164,588 | ---- | C] () -- C:\Users\ספיר\Documents\תרשים 102.pdf
[2013/05/02 13:43:19 | 000,068,561 | ---- | C] () -- C:\Users\ספיר\Documents\תרגיל 7 תורת המחירים.pdf
[2013/05/02 13:43:19 | 000,036,311 | ---- | C] () -- C:\Users\ספיר\Documents\תרגיל 8 תורת המחירים.pdf
[2013/05/02 13:43:18 | 000,254,908 | ---- | C] () -- C:\Users\ספיר\Documents\תזרים - דוגמא מסכמת.pdf
[2013/05/02 13:43:14 | 094,910,311 | ---- | C] () -- C:\Users\ספיר\Documents\שנת 2012מחירים.rar
[2013/05/02 13:43:13 | 018,251,367 | ---- | C] () -- C:\Users\ספיר\Documents\שנת 2012.rar
[2013/05/02 13:43:12 | 016,169,271 | ---- | C] () -- C:\Users\ספיר\Documents\שנת 2012 מיסים ב.rar
[2013/05/02 13:43:12 | 000,666,823 | ---- | C] () -- C:\Users\ספיר\Documents\פיתרון ניהולית 3.pdf
[2013/05/02 13:43:12 | 000,444,984 | ---- | C] () -- C:\Users\ספיר\Documents\פיתרון תרגיל מס 5.pdf
[2013/05/02 13:43:12 | 000,063,670 | ---- | C] () -- C:\Users\ספיר\Documents\מערכת שעות.pdf
[2013/05/02 13:43:11 | 017,658,888 | ---- | C] () -- C:\Users\ספיר\Documents\מאקרו.rar
[2013/05/02 13:43:11 | 000,269,868 | ---- | C] () -- C:\Users\ספיר\Documents\ללא שם.png
[2013/05/02 13:43:11 | 000,199,561 | ---- | C] () -- C:\Users\ספיר\Documents\מאקרו 4.pdf
[2013/05/02 13:43:11 | 000,186,403 | ---- | C] () -- C:\Users\ספיר\Documents\הרשאה.pdf
[2013/05/02 13:43:10 | 006,646,150 | ---- | C] () -- C:\Users\ספיר\Documents\דיאנה סיכום דימה 10.pdf
[2013/05/02 13:43:10 | 000,410,077 | ---- | C] () -- C:\Users\ספיר\Documents\הזמנה למיטל.jpg
[2013/05/02 13:43:10 | 000,118,559 | ---- | C] () -- C:\Users\ספיר\Documents\אישור תשלום - ציון פסיכומטרי.pdf
[2013/05/02 13:43:10 | 000,082,864 | ---- | C] () -- C:\Users\ספיר\Documents\אישור תשלום-דבי.pdf
[2013/05/02 13:43:10 | 000,061,562 | ---- | C] () -- C:\Users\ספיר\Documents\xqescort1.png
[2013/05/02 13:43:10 | 000,017,022 | ---- | C] () -- C:\Users\ספיר\Documents\white-flag1.png
[2013/05/02 13:43:09 | 000,728,710 | ---- | C] () -- C:\Users\ספיר\Documents\prospect2013.pdf
[2013/05/02 13:43:09 | 000,577,333 | ---- | C] () -- C:\Users\ספיר\Documents\SETTINGS 2.png
[2013/05/02 13:43:09 | 000,450,989 | ---- | C] () -- C:\Users\ספיר\Documents\TRGIL_1_KhOH.pdf
[2013/05/02 13:43:09 | 000,318,844 | ---- | C] () -- C:\Users\ספיר\Documents\REALTEK.png
[2013/05/02 13:43:09 | 000,220,525 | ---- | C] () -- C:\Users\ספיר\Documents\Sign-up Details.png
[2013/05/02 13:43:09 | 000,066,336 | ---- | C] () -- C:\Users\ספיר\Documents\ref__.big
[2013/05/02 13:43:09 | 000,060,445 | ---- | C] () -- C:\Users\ספיר\Documents\Tswig.png
[2013/05/02 13:43:09 | 000,011,867 | ---- | C] () -- C:\Users\ספיר\Documents\reclaiming-alishan1.png
[2013/05/02 13:43:09 | 000,008,288 | ---- | C] () -- C:\Users\ספיר\Documents\sports channels.png
[2013/05/02 13:43:08 | 000,788,701 | ---- | C] () -- C:\Users\ספיר\Documents\MBHN_GMR_AM_PfTRONOT.pdf
[2013/05/02 13:43:08 | 000,435,054 | ---- | C] () -- C:\Users\ספיר\Documents\LW050V2_manual_eng.pdf
[2013/05/02 13:43:08 | 000,382,731 | ---- | C] () -- C:\Users\ספיר\Documents\orange-bill-20120625-11893880612.pdf
[2013/05/02 13:43:08 | 000,382,731 | ---- | C] () -- C:\Users\ספיר\Documents\orange-bill-20120625-11893880612 (2).pdf
[2013/05/02 13:43:08 | 000,012,581 | ---- | C] () -- C:\Users\ספיר\Documents\Maroon 5 Jagger Tab.rtf
[2013/05/02 13:43:07 | 006,111,442 | ---- | C] () -- C:\Users\ספיר\Documents\Install_Win7_7069_03212013.zip
[2013/05/02 13:43:07 | 000,800,468 | ---- | C] () -- C:\Users\ספיר\Documents\huji_horaa_keva.pdf
[2013/05/02 13:43:07 | 000,341,723 | ---- | C] () -- C:\Users\ספיר\Documents\FINAL.wma
[2013/05/02 13:43:07 | 000,276,932 | ---- | C] () -- C:\Users\ספיר\Documents\ERROR.png
[2013/05/02 13:43:07 | 000,272,816 | ---- | C] () -- C:\Users\ספיר\Documents\fulltext ____.pdf
[2013/05/02 13:43:07 | 000,141,517 | ---- | C] () -- C:\Users\ספיר\Documents\euthanasia%202004_que.pdf
[2013/05/02 13:43:07 | 000,039,424 | ---- | C] () -- C:\Users\ספיר\Documents\gfSubtitlePlayer.exe
[2013/05/02 13:43:07 | 000,026,355 | ---- | C] () -- C:\Users\ספיר\Documents\hiddenpower3.png
[2013/05/02 13:43:07 | 000,009,689 | ---- | C] () -- C:\Users\ספיר\Documents\flamethrower2.png
[2013/05/02 13:43:07 | 000,001,481 | ---- | C] () -- C:\Users\ספיר\Documents\FirstBackup.spg
[2013/05/02 13:43:06 | 000,188,102 | ---- | C] () -- C:\Users\ספיר\Documents\AdMachar.pdf
[2013/05/02 13:43:06 | 000,116,620 | ---- | C] () -- C:\Users\ספיר\Documents\confirmation.pdf
[2013/05/02 13:43:06 | 000,063,080 | ---- | C] () -- C:\Users\ספיר\Documents\bank_message_03-31-13.pdf
[2013/05/02 13:43:06 | 000,015,730 | ---- | C] () -- C:\Users\ספיר\Documents\BakashatRishum.htm
[2013/05/02 13:43:06 | 000,011,612 | ---- | C] () -- C:\Users\ספיר\Documents\alishan-in-ruins3.png
[2013/05/02 13:42:58 | 169,289,199 | ---- | C] () -- C:\Users\ספיר\Documents\50HappyBDay_New.wmv
[2013/05/02 13:42:51 | 000,032,498 | ---- | C] () -- C:\Users\ספיר\Documents\21.6.TIF
[2013/05/02 13:42:47 | 080,540,262 | ---- | C] () -- C:\Users\ספיר\Documents\20130209_205552.mp4
[2013/05/02 13:42:47 | 002,334,246 | ---- | C] () -- C:\Users\ספיר\Documents\2011-11-09 12.05.54.jpg
[2013/05/02 13:42:47 | 001,247,603 | ---- | C] () -- C:\Users\ספיר\Documents\1360860712-1.pdf
[2013/05/02 13:42:47 | 000,260,756 | ---- | C] () -- C:\Users\ספיר\Documents\10-2012-azrah.pdf
[2013/05/02 13:42:47 | 000,075,229 | ---- | C] () -- C:\Users\ספיר\Documents\10415834.jpg
[2013/05/02 12:04:58 | 000,001,389 | ---- | C] () -- C:\Users\ספיר\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2013/05/02 12:03:29 | 000,001,361 | ---- | C] () -- C:\Users\ספיר\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
[2013/05/02 12:03:22 | 000,001,395 | ---- | C] () -- C:\Users\ספיר\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[2013/05/02 12:03:19 | 000,002,279 | ---- | C] () -- C:\Users\ספיר\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2013/05/02 12:01:59 | 000,000,290 | ---- | C] () -- C:\Users\ספיר\Application Data\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk
[2013/05/02 12:01:59 | 000,000,272 | ---- | C] () -- C:\Users\ספיר\Application Data\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk
[2012/09/23 19:39:22 | 001,228,730 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/09/23 17:35:08 | 000,810,496 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2012/09/23 17:35:08 | 000,183,808 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2012/09/23 17:35:08 | 000,165,376 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2012/09/23 17:35:08 | 000,000,038 | ---- | C] () -- C:\Windows\avisplitter.ini
[2012/09/23 17:35:07 | 000,080,896 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2012/09/23 17:34:29 | 000,963,116 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin
[2012/09/23 17:34:29 | 000,213,332 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin
[2012/09/23 17:34:29 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin
[2011/10/15 00:54:52 | 000,321,856 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe

========== ZeroAccess Check ==========

[2009/07/14 07:55:00 | 000,000,227 | ---- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/02/27 08:52:56 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/02/27 07:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 04:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 15:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 04:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2013/05/12 17:09:57 | 000,000,000 | ---D | M] -- C:\Users\ספיר\AppData\Roaming\Dropbox
[2013/05/24 12:29:48 | 000,000,000 | ---D | M] -- C:\Users\ספיר\AppData\Roaming\DVDVideoSoft
[2013/05/24 13:41:36 | 000,000,000 | ---D | M] -- C:\Users\ספיר\AppData\Roaming\NuGet
[2013/05/26 08:44:51 | 000,000,000 | ---D | M] -- C:\Users\ספיר\AppData\Roaming\uTorrent

========== Purity Check ==========

========== Custom Scans ==========

< %USERPROFILE%\..|smtmp;true;true;true /FP >

< %temp%\smtmp\*.* /s > >

< MD5 for: EXPLORER.ADML >
[2009/07/14 05:30:02 | 000,003,695 | ---- | M] () MD5=7A4C7F3CB156543113596988479CAFCE -- C:\Windows\PolicyDefinitions\en-US\Explorer.adml
[2009/07/14 05:30:02 | 000,003,695 | ---- | M] () MD5=7A4C7F3CB156543113596988479CAFCE -- C:\Windows\winsxs\amd64_microsoft-windows-s..ouppolicy.resources_31bf3856ad364e35_6.1.7600.16385_en-us_7ef5713984067904\Explorer.adml
[2009/07/30 13:14:58 | 000,004,818 | ---- | M] () MD5=A870948B9C5D179FCFE259EB0628C0BD -- C:\Windows\PolicyDefinitions\he-IL\Explorer.adml
[2009/07/30 13:14:58 | 000,004,818 | ---- | M] () MD5=A870948B9C5D179FCFE259EB0628C0BD -- C:\Windows\winsxs\amd64_microsoft-windows-s..ouppolicy.resources_31bf3856ad364e35_6.1.7600.16385_he-il_6597ebbe5d6e81f9\Explorer.adml

< MD5 for: EXPLORER.ADMX >
[2009/06/10 23:53:55 | 000,003,836 | ---- | M] () MD5=AD131A834808E6AFF4A3918DE05BFCF6 -- C:\Windows\PolicyDefinitions\Explorer.admx
[2009/06/10 23:53:55 | 000,003,836 | ---- | M] () MD5=AD131A834808E6AFF4A3918DE05BFCF6 -- C:\Windows\winsxs\amd64_microsoft-windows-shell-grouppolicy_31bf3856ad364e35_6.1.7600.16385_none_71af9b5b0a86e6b7\Explorer.admx

< MD5 for: EXPLORER.EXE >
[2011/02/26 09:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_adc24107935a7e25\explorer.exe
[2011/02/26 08:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
[2009/07/14 04:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe
[2011/02/26 08:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_b8ce9756e0b786a4\explorer.exe
[2009/10/31 08:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe
[2011/02/26 08:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_b816eb59c7bb4020\explorer.exe
[2011/02/25 09:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe
[2011/02/25 09:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[2011/02/26 09:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[2010/11/20 15:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2009/08/03 09:19:07 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=700073016DAC1C3D2E7E2CE4223334B6 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe
[2011/02/25 08:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe
[2011/02/25 08:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
[2009/10/31 09:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe
[2009/08/03 08:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe
[2010/11/20 16:24:45 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe
[2009/10/31 09:38:38 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=B8EC4BD49CE8F6FC457721BFC210B67F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe
[2009/08/03 08:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe
[2009/07/14 04:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe
[2009/10/31 09:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe
[2011/02/26 09:26:45 | 002,870,784 | ---- | M] (Microsoft Corporation) MD5=E38899074D4951D31B4040E994DD7C8D -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_ae79ed04ac56c4a9\explorer.exe
[2009/08/03 09:17:37 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=F170B4A061C9E026437B193B4D571799 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe

< MD5 for: EXPLORER.EXE.MUI >
[2009/07/14 05:26:48 | 000,022,016 | ---- | M] (Microsoft Corporation) MD5=4B87EEFDC8E253F846A7DFB49A8E6C70 -- C:\Windows\en-US\explorer.exe.mui
[2009/07/14 05:26:48 | 000,022,016 | ---- | M] (Microsoft Corporation) MD5=4B87EEFDC8E253F846A7DFB49A8E6C70 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer.resources_31bf3856ad364e35_6.1.7600.16385_en-us_61e778c48d52d19b\explorer.exe.mui
[2009/07/30 13:10:50 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=5ADB7C96D5EF4ACBB949DD3441447683 -- C:\Windows\SysWOW64\he-IL\explorer.exe.mui
[2009/07/30 13:10:50 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=5ADB7C96D5EF4ACBB949DD3441447683 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer.resources_31bf3856ad364e35_6.1.7600.16385_he-il_52de9d9b9b1b9c8b\explorer.exe.mui
[2009/07/30 13:09:58 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=939AFFB80899B04AF3E92A95742C2046 -- C:\Windows\he-IL\explorer.exe.mui
[2009/07/30 13:09:58 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=939AFFB80899B04AF3E92A95742C2046 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer.resources_31bf3856ad364e35_6.1.7600.16385_he-il_4889f34966bada90\explorer.exe.mui
[2009/07/14 05:06:56 | 000,022,016 | ---- | M] (Microsoft Corporation) MD5=B9F4B1CA23D60775736059D72BA48526 -- C:\Windows\SysWOW64\en-US\explorer.exe.mui
[2009/07/14 05:06:56 | 000,022,016 | ---- | M] (Microsoft Corporation) MD5=B9F4B1CA23D60775736059D72BA48526 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer.resources_31bf3856ad364e35_6.1.7600.16385_en-us_6c3c2316c1b39396\explorer.exe.mui

< MD5 for: IEXPLORE.EXE >
[2013/03/04 15:11:31 | 000,763,424 | ---- | M] (Microsoft Corporation) MD5=0100BCF23941C83462E4A70F94C3392E -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.16464_none_0d2c5bc980874648\iexplore.exe
[2013/02/22 10:04:50 | 000,763,520 | ---- | M] (Microsoft Corporation) MD5=25B53709A37C3FD814B68EA0A92D18F9 -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.16476_none_0d238c71808d94e7\iexplore.exe
[2009/07/14 04:17:29 | 000,673,048 | ---- | M] (Microsoft Corporation) MD5=2C32E3E596CFE660353753EABEFB0540 -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7600.16385_none_19ba3f8a72d988f3\iexplore.exe
[2013/02/22 07:10:00 | 000,757,376 | ---- | M] (Microsoft Corporation) MD5=32732CEDE2A1106B736EF3D84054EE04 -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.16476_none_177836c3b4ee56e2\iexplore.exe
[2013/04/05 01:47:49 | 000,757,360 | ---- | M] (Microsoft Corporation) MD5=3F00BE80B9CEA20B7FE7363D15EDDB94 -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
[2013/04/05 01:47:49 | 000,757,360 | ---- | M] (Microsoft Corporation) MD5=3F00BE80B9CEA20B7FE7363D15EDDB94 -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.16483_none_176a65f9b4f926ce\iexplore.exe
[2013/02/22 07:10:31 | 000,757,360 | ---- | M] (Microsoft Corporation) MD5=4145E2B5663F6FACC08EFDB17B658BB2 -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.20586_none_17f703a2ce14129d\iexplore.exe
[2012/12/20 16:27:39 | 000,672,832 | ---- | M] (Microsoft Corporation) MD5=45C1FCF818565D44531007526CDEF7EF -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7600.21406_none_1a9b45378bb57c2d\iexplore.exe
[2013/03/04 15:11:34 | 000,757,280 | ---- | M] (Microsoft Corporation) MD5=698EB1E5F8C66344D97C00B5699E871D -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.16464_none_1781061bb4e80843\iexplore.exe
[2010/11/20 16:28:25 | 000,695,056 | ---- | M] (Microsoft Corporation) MD5=86257731DDB311FBC283534CC0091634 -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7601.17514_none_1196a9003b674a92\iexplore.exe
[2013/04/05 04:55:57 | 000,763,504 | ---- | M] (Microsoft Corporation) MD5=A1B0DEC3BB845C6369F97BC1A3542A07 -- C:\Program Files\Internet Explorer\iexplore.exe
[2013/04/05 04:55:57 | 000,763,504 | ---- | M] (Microsoft Corporation) MD5=A1B0DEC3BB845C6369F97BC1A3542A07 -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.16483_none_0d15bba7809864d3\iexplore.exe
[2013/02/22 10:17:45 | 000,763,520 | ---- | M] (Microsoft Corporation) MD5=B21A57AA4CB928059A0C0C58A9E77A02 -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.20586_none_0da2595099b350a2\iexplore.exe
[2013/04/05 00:55:02 | 000,757,360 | ---- | M] (Microsoft Corporation) MD5=C036AB1ED8BAC04FE4A349BA263077BB -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.20593_none_17e932d8ce1ee289\iexplore.exe
[2013/04/05 03:40:37 | 000,763,504 | ---- | M] (Microsoft Corporation) MD5=C4A4F4AD91677DA1659A9ADE63746B8B -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.20593_none_0d94888699be208e\iexplore.exe
[2010/11/20 15:22:51 | 000,673,040 | ---- | M] (Microsoft Corporation) MD5=C613E69C3B191BB02C7A191741A1D024 -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7601.17514_none_1beb53526fc80c8d\iexplore.exe
[2012/12/20 16:01:03 | 000,672,832 | ---- | M] (Microsoft Corporation) MD5=D1F65F76FA03619706C43CBEF9C1EEC3 -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7600.17197_none_19b1559e72dff6e5\iexplore.exe
[2009/07/14 04:43:43 | 000,696,600 | ---- | M] (Microsoft Corporation) MD5=F2B0D41E1D08D0B2006DF5AA2E74C81E -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7600.16385_none_0f6595383e78c6f8\iexplore.exe
[2012/12/20 17:08:37 | 000,696,384 | ---- | M] (Microsoft Corporation) MD5=F44F02FEEB5AC24C37D70BC83A578A7D -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7600.21406_none_10469ae55754ba32\iexplore.exe
[2012/12/20 17:09:06 | 000,696,384 | ---- | M] (Microsoft Corporation) MD5=FE004EA8558B9C8BF066483A3EA9FDDB -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7600.17197_none_0f5cab4c3e7f34ea\iexplore.exe

< MD5 for: IEXPLORE.EXE.MUI >
[2009/07/30 13:15:21 | 000,004,608 | ---- | M] (Microsoft Corporation) MD5=11A98A362E2FD3013313E09EDF1013C3 -- C:\Windows\winsxs\amd64_microsoft-windows-i..-optional.resources_31bf3856ad364e35_8.0.7600.16385_he-il_efb4a5344f8e10d4\iexplore.exe.mui
[2009/07/30 13:15:21 | 000,004,608 | ---- | M] (Microsoft Corporation) MD5=11A98A362E2FD3013313E09EDF1013C3 -- C:\Windows\winsxs\amd64_microsoft-windows-i..-optional.resources_31bf3856ad364e35_8.0.7601.17514_he-il_f1e5b8fc4c7c946e\iexplore.exe.mui
[2013/03/04 15:11:31 | 000,005,632 | ---- | M] (Microsoft Corporation) MD5=17FAE936C452188D05852DE8D1082013 -- C:\Program Files\Internet Explorer\en-US\iexplore.exe.mui
[2013/03/04 15:11:31 | 000,005,632 | ---- | M] (Microsoft Corporation) MD5=17FAE936C452188D05852DE8D1082013 -- C:\Windows\winsxs\amd64_microsoft-windows-i..-optional.resources_31bf3856ad364e35_9.4.8112.16421_en-us_07013012b816cb66\iexplore.exe.mui
[2013/03/04 15:11:35 | 000,005,632 | ---- | M] (Microsoft Corporation) MD5=4C71CCB3C8817185E67210856778831F -- C:\Program Files (x86)\Internet Explorer\en-US\iexplore.exe.mui
[2013/03/04 15:11:35 | 000,005,632 | ---- | M] (Microsoft Corporation) MD5=4C71CCB3C8817185E67210856778831F -- C:\Windows\winsxs\wow64_microsoft-windows-i..-optional.resources_31bf3856ad364e35_9.4.8112.16421_en-us_1155da64ec778d61\iexplore.exe.mui
[2009/07/30 13:15:21 | 000,004,608 | ---- | M] (Microsoft Corporation) MD5=671E932DFE23F136DA0D697B5DBDC76F -- C:\Windows\winsxs\wow64_microsoft-windows-i..-optional.resources_31bf3856ad364e35_8.0.7600.16385_he-il_fa094f8683eed2cf\iexplore.exe.mui
[2009/07/30 13:15:21 | 000,004,608 | ---- | M] (Microsoft Corporation) MD5=671E932DFE23F136DA0D697B5DBDC76F -- C:\Windows\winsxs\wow64_microsoft-windows-i..-optional.resources_31bf3856ad364e35_8.0.7601.17514_he-il_fc3a634e80dd5669\iexplore.exe.mui
[2013/03/04 15:13:59 | 000,005,120 | ---- | M] (Microsoft Corporation) MD5=86AC1EA9AA0683B2536A2A4834F41153 -- C:\Program Files (x86)\Internet Explorer\he-IL\iexplore.exe.mui
[2013/03/04 15:13:59 | 000,005,120 | ---- | M] (Microsoft Corporation) MD5=86AC1EA9AA0683B2536A2A4834F41153 -- C:\Windows\winsxs\wow64_microsoft-windows-i..-optional.resources_31bf3856ad364e35_9.4.8112.16421_he-il_f7f854e9c5df9656\iexplore.exe.mui
[2013/03/04 15:13:59 | 000,005,120 | ---- | M] (Microsoft Corporation) MD5=92688F55647BAA63B1FF7B13124D22D0 -- C:\Program Files\Internet Explorer\he-IL\iexplore.exe.mui
[2013/03/04 15:13:59 | 000,005,120 | ---- | M] (Microsoft Corporation) MD5=92688F55647BAA63B1FF7B13124D22D0 -- C:\Windows\winsxs\amd64_microsoft-windows-i..-optional.resources_31bf3856ad364e35_9.4.8112.16421_he-il_eda3aa97917ed45b\iexplore.exe.mui
[2009/07/14 05:29:20 | 000,005,120 | ---- | M] (Microsoft Corporation) MD5=C29BCFB504E33FEADDFA2D0183CEF62F -- C:\Windows\winsxs\amd64_microsoft-windows-i..-optional.resources_31bf3856ad364e35_8.0.7600.16385_en-us_09122aaf762607df\iexplore.exe.mui
[2009/07/14 05:29:20 | 000,005,120 | ---- | M] (Microsoft Corporation) MD5=C29BCFB504E33FEADDFA2D0183CEF62F -- C:\Windows\winsxs\amd64_microsoft-windows-i..-optional.resources_31bf3856ad364e35_8.0.7601.17514_en-us_0b433e7773148b79\iexplore.exe.mui
[2009/07/14 05:05:06 | 000,005,120 | ---- | M] (Microsoft Corporation) MD5=FBA4CD95930248053A2C3F43CA70B986 -- C:\Windows\winsxs\wow64_microsoft-windows-i..-optional.resources_31bf3856ad364e35_8.0.7600.16385_en-us_1366d501aa86c9da\iexplore.exe.mui
[2009/07/14 05:05:06 | 000,005,120 | ---- | M] (Microsoft Corporation) MD5=FBA4CD95930248053A2C3F43CA70B986 -- C:\Windows\winsxs\wow64_microsoft-windows-i..-optional.resources_31bf3856ad364e35_8.0.7601.17514_en-us_1597e8c9a7754d74\iexplore.exe.mui

< MD5 for: IEXPLORE.EXE-4B6C9213.PF >
[2013/05/25 22:29:55 | 000,350,004 | ---- | M] () MD5=AC3A1F46F2D5FFF6A440149566EDDEC7 -- C:\Windows\Prefetch\IEXPLORE.EXE-4B6C9213.pf

< MD5 for: SERVICES >
[2009/06/11 00:00:26 | 000,017,463 | ---- | M] () MD5=D9E1A01B480D961B7CF0509D597A92D6 -- C:\Windows\winsxs\amd64_microsoft-windows-w..nfrastructure-other_31bf3856ad364e35_6.1.7600.16385_none_6079f415110c0210\services

< MD5 for: SERVICES.EXE >
[2009/07/14 04:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\SysNative\services.exe
[2009/07/14 04:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe

< MD5 for: SERVICES.EXE.MUI >
[2009/07/30 13:09:15 | 000,014,848 | ---- | M] (Microsoft Corporation) MD5=507399F526A76481E3CDA23445955929 -- C:\Windows\SysNative\he-IL\services.exe.mui
[2009/07/30 13:09:15 | 000,014,848 | ---- | M] (Microsoft Corporation) MD5=507399F526A76481E3CDA23445955929 -- C:\Windows\winsxs\amd64_microsoft-windows-s..ontroller.resources_31bf3856ad364e35_6.1.7600.16385_he-il_ac94b343190e3d5d\services.exe.mui
[2009/07/14 05:25:40 | 000,017,408 | ---- | M] (Microsoft Corporation) MD5=6507BF0DC2D1F5F32493C288EAA59277 -- C:\Windows\SysNative\en-US\services.exe.mui
[2009/07/14 05:25:40 | 000,017,408 | ---- | M] (Microsoft Corporation) MD5=6507BF0DC2D1F5F32493C288EAA59277 -- C:\Windows\winsxs\amd64_microsoft-windows-s..ontroller.resources_31bf3856ad364e35_6.1.7600.16385_en-us_c5f238be3fa63468\services.exe.mui

< MD5 for: SERVICES.LNK >
[2009/07/14 07:54:05 | 000,001,288 | ---- | M] () MD5=CA0D9F4743DFF86EBAF09D763139E958 -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/14 07:54:05 | 000,001,288 | ---- | M] () MD5=CA0D9F4743DFF86EBAF09D763139E958 -- C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk

< MD5 for: SERVICES.MOF >
[2009/06/10 23:44:06 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\SysNative\wbem\services.mof
[2009/06/10 23:44:06 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.mof

< MD5 for: SERVICES.MSC >
[2009/07/30 13:11:43 | 000,092,772 | ---- | M] () MD5=12AEE29308F64C90487BD09AE283DEFA -- C:\Windows\SysNative\he-IL\services.msc
[2009/07/30 13:09:35 | 000,092,772 | ---- | M] () MD5=12AEE29308F64C90487BD09AE283DEFA -- C:\Windows\SysWOW64\he-IL\services.msc
[2009/07/30 13:11:43 | 000,092,772 | ---- | M] () MD5=12AEE29308F64C90487BD09AE283DEFA -- C:\Windows\winsxs\amd64_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_6.1.7600.16385_he-il_e6d6832eef77d750\services.msc
[2009/07/30 13:09:35 | 000,092,772 | ---- | M] () MD5=12AEE29308F64C90487BD09AE283DEFA -- C:\Windows\winsxs\x86_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_6.1.7600.16385_he-il_8ab7e7ab371a661a\services.msc
[2009/07/14 05:23:30 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\SysNative\en-US\services.msc
[2009/06/10 23:38:36 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\SysNative\services.msc
[2009/07/14 05:08:50 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\SysWOW64\en-US\services.msc
[2009/06/11 00:21:09 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\SysWOW64\services.msc
[2009/07/14 05:23:30 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\amd64_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_6.1.7600.16385_en-us_003408aa160fce5b\services.msc
[2009/06/10 23:38:36 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\amd64_microsoft-windows-servicessnapin_31bf3856ad364e35_6.1.7600.16385_none_2b58d44b5f6beb8a\services.msc
[2009/07/14 05:08:50 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\x86_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_6.1.7600.16385_en-us_a4156d265db25d25\services.msc
[2009/06/11 00:21:09 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\x86_microsoft-windows-servicessnapin_31bf3856ad364e35_6.1.7600.16385_none_cf3a38c7a70e7a54\services.msc

< MD5 for: SERVICES.PTXML >
[2009/07/13 23:16:17 | 000,001,061 | ---- | M] () MD5=640D7DD61B1CFA6C96F80F68F78CDFA7 -- C:\Windows\SysNative\wdi\perftrack\Services.ptxml
[2009/07/13 23:16:17 | 000,001,061 | ---- | M] () MD5=640D7DD61B1CFA6C96F80F68F78CDFA7 -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\Services.ptxml

< MD5 for: WINLOGON.ADML >
[2009/07/30 13:15:17 | 000,010,726 | ---- | M] () MD5=5455ACA399999E67A89F32A80622C459 -- C:\Windows\PolicyDefinitions\he-IL\WinLogon.adml
[2009/07/30 13:15:17 | 000,010,726 | ---- | M] () MD5=5455ACA399999E67A89F32A80622C459 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon-adm.resources_31bf3856ad364e35_6.1.7600.16385_he-il_d79b7db3cffb0965\WinLogon.adml
[2009/07/14 05:25:22 | 000,008,013 | ---- | M] () MD5=CED0EAD8D152B3D0F114698DE2316C5E -- C:\Windows\PolicyDefinitions\en-US\WinLogon.adml
[2009/07/14 05:25:22 | 000,008,013 | ---- | M] () MD5=CED0EAD8D152B3D0F114698DE2316C5E -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon-adm.resources_31bf3856ad364e35_6.1.7600.16385_en-us_f0f9032ef6930070\WinLogon.adml

< MD5 for: WINLOGON.ADMX >
[2009/06/11 00:04:41 | 000,005,237 | ---- | M] () MD5=89D8F50E186A16C2CED3CF36DBBC0B2C -- C:\Windows\PolicyDefinitions\WinLogon.admx
[2009/06/11 00:04:41 | 000,005,237 | ---- | M] () MD5=89D8F50E186A16C2CED3CF36DBBC0B2C -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon-adm_31bf3856ad364e35_6.1.7600.16385_none_d7024e6992f3424d\WinLogon.admx

< MD5 for: WINLOGON.EXE >
[2010/11/20 16:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe
[2010/11/20 16:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2009/07/14 04:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[2009/10/28 10:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
[2009/10/28 09:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe

< MD5 for: WINLOGON.EXE.MUI >
[2010/11/20 16:00:25 | 000,023,040 | ---- | M] (Microsoft Corporation) MD5=34C7D2E30868EDAFB191341D963ABA5F -- C:\Windows\SysNative\en-US\winlogon.exe.mui
[2010/11/20 16:00:25 | 000,023,040 | ---- | M] (Microsoft Corporation) MD5=34C7D2E30868EDAFB191341D963ABA5F -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon.resources_31bf3856ad364e35_6.1.7601.17514_en-us_291e96fa1ab5fc7b\winlogon.exe.mui
[2009/07/14 05:29:52 | 000,022,528 | ---- | M] (Microsoft Corporation) MD5=56D03B64B8C483C1D12A8E4577B3B332 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon.resources_31bf3856ad364e35_6.1.7600.16385_en-us_26ed83321dc778e1\winlogon.exe.mui
[2009/07/30 13:12:00 | 000,019,456 | ---- | M] (Microsoft Corporation) MD5=76F26903800D56903124868D889B1199 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon.resources_31bf3856ad364e35_6.1.7600.16385_he-il_0d8ffdb6f72f81d6\winlogon.exe.mui
[2010/11/20 16:28:43 | 000,019,456 | ---- | M] (Microsoft Corporation) MD5=AE1BA0A717A13CC74BC0DCDBE8BCB8B3 -- C:\Windows\SysNative\he-IL\winlogon.exe.mui
[2010/11/20 16:28:43 | 000,019,456 | ---- | M] (Microsoft Corporation) MD5=AE1BA0A717A13CC74BC0DCDBE8BCB8B3 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon.resources_31bf3856ad364e35_6.1.7601.17514_he-il_0fc1117ef41e0570\winlogon.exe.mui

< MD5 for: WINLOGON.MFL >
[2009/07/30 13:09:14 | 000,001,080 | ---- | M] () MD5=1CF45B64C606414E4569BD3CD380C078 -- C:\Windows\SysNative\wbem\he-IL\winlogon.mfl
[2009/07/30 13:09:14 | 000,001,080 | ---- | M] () MD5=1CF45B64C606414E4569BD3CD380C078 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon-mof.resources_31bf3856ad364e35_6.1.7600.16385_he-il_6b524f821267db6b\winlogon.mfl
[2009/07/14 05:27:22 | 000,001,080 | ---- | M] () MD5=2783ED50691284F7EAE6BE9729337E1A -- C:\Windows\SysNative\wbem\en-US\winlogon.mfl
[2009/07/14 05:27:22 | 000,001,080 | ---- | M] () MD5=2783ED50691284F7EAE6BE9729337E1A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon-mof.resources_31bf3856ad364e35_6.1.7600.16385_en-us_84afd4fd38ffd276\winlogon.mfl

< MD5 for: WINLOGON.MOF >
[2009/07/13 23:30:01 | 000,003,192 | ---- | M] () MD5=DF722B96F32A61783BC310FACF10240B -- C:\Windows\SysNative\wbem\winlogon.mof
[2009/07/13 23:30:01 | 000,003,192 | ---- | M] () MD5=DF722B96F32A61783BC310FACF10240B -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon-mof_31bf3856ad364e35_6.1.7600.16385_none_dc2dbb778f98e40f\winlogon.mof

< %SYSTEMDRIVE%\*.* >
[2013/05/24 10:12:21 | 000,028,650 | ---- | M] () -- C:\ComboFix.txt
[2013/05/26 07:49:42 | 1609,891,840 | -HS- | M] () -- C:\hiberfil.sys
[2013/05/26 07:49:42 | 2146,525,184 | -HS- | M] () -- C:\pagefile.sys
[2012/09/23 20:22:09 | 001,657,510 | ---- | M] () -- C:\winrar-x64-411he.exe

< %systemroot%\Fonts\*.com >
[2009/07/14 08:32:31 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
[2009/07/14 08:32:31 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
[2009/07/14 08:32:31 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
[2009/07/14 08:32:31 | 000,043,318 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2009/06/10 23:49:50 | 000,000,065 | ---- | M] () -- C:\Windows\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >

< %PROGRAMFILES%\*.* >
[2009/07/14 07:54:24 | 000,000,174 | -HS- | M] () -- C:\Program Files (x86)\desktop.ini

< %APPDATA%\Update\*.* >

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >

< %PROGRAMFILES%\bak. /s >

< %systemroot%\system32\bak. /s >

< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %systemroot%\*.config >

< %systemroot%\system32\*.db >

< %PROGRAMFILES%\Internet Explorer\*.dat >

< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2013/05/02 12:04:58 | 000,000,221 | -HS- | M] () -- C:\Users\ספיר\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini

< %USERPROFILE%\Desktop\*.exe >
[2013/05/26 08:45:27 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\ספיר\Desktop\OTL.exe

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\*.src >

< %systemroot%\install\*.* >

< %systemroot%\system32\DLL\*.* >

< %systemroot%\system32\HelpFiles\*.* >

< %systemroot%\system32\rundll\*.* >

< %systemroot%\winn32\*.* >

< %systemroot%\Java\*.* >

< %systemroot%\system32\test\*.* >

< %systemroot%\system32\Rundll32\*.* >

< %systemroot%\AppPatch\Custom\*.* >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >

< End of report >

Extras (OTL):
OTL Extras logfile created on: 26/05/2013 08:53:31 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\ספיר\Desktop
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 0000040D | Country: ישראל | Language: HEB | Date Format: dd/MM/yyyy

2.00 Gb Total Physical Memory | 1.03 Gb Available Physical Memory | 51.39% Memory free
4.00 Gb Paging File | 2.10 Gb Available in Paging File | 52.58% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 146.39 Gb Total Space | 87.40 Gb Free Space | 59.70% Space Free | Partition Type: NTFS
Drive E: | 319.27 Gb Total Space | 149.67 Gb Free Space | 46.88% Space Free | Partition Type: NTFS

Computer Name: ספיר-PC | User Name: ספיר | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

========== Authorized Applications List ==========

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0696B6A1-2FF1-4143-B41F-B7CD21E07A66}" = lport=10243 | protocol=6 | dir=in | app=system |
"{0FF617FA-119D-478F-9CF0-D2065A3CBBC8}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{16E27C7D-FF6F-43E0-A802-8D1F4C416070}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{20D64CF2-B969-4DEF-B77C-B120723E0927}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{4152A4A6-3E4F-4C6C-A948-B67AE4846122}" = rport=10243 | protocol=6 | dir=out | app=system |
"{4408DE9E-7D63-464D-B4F9-FCABB677E001}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{49C7D8E1-7041-457B-A971-B8AE9A375C85}" = rport=138 | protocol=17 | dir=out | app=system |
"{70D47117-1719-43C5-830E-026143E1CD8A}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{7379E58D-DCE4-4FBE-94C1-FFD91C9948CA}" = rport=139 | protocol=6 | dir=out | app=system |
"{75701AE3-58FD-4C04-94CF-C7F42EA39B11}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{81CA0EBF-CACC-40D4-AEB5-DEBCCAEE2E40}" = rport=137 | protocol=17 | dir=out | app=system |
"{926B8F7C-DCC4-4E2D-A809-7574604C26E4}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office15\outlook.exe |
"{93376F7F-122E-4E19-ACF7-A85A441D3F8F}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{A05A2DF8-B756-4BE7-ABAB-5917A098CCE4}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{B672703C-3673-47C5-A7F0-E109A518CCD7}" = lport=445 | protocol=6 | dir=in | app=system |
"{B82D3E7D-00B9-4BBD-A847-8A0A37357CD7}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{BCF13217-50C2-499B-B7FC-75AAF96BA554}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{BEE32CFD-6419-4792-B1F6-11C112081639}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{CDFFF006-1B7B-4AF2-9D46-F7C309201828}" = lport=138 | protocol=17 | dir=in | app=system |
"{D72E8A34-7213-4051-89AA-AE59439FB795}" = lport=2869 | protocol=6 | dir=in | app=system |
"{ECB2AA5F-F039-4D33-8667-E79985AF42B5}" = lport=139 | protocol=6 | dir=in | app=system |
"{ECDDB965-6058-4C8B-8ED0-8FD747572E5A}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{F19B2539-92DC-4CA4-AD2E-E1E52AFB7C0B}" = lport=3702 | protocol=17 | dir=in | app=e:\program files\microsoft visual studio 11.0\common7\ide\wdexpress.exe |
"{F4C38C82-33B3-405A-83BF-78C917F9838A}" = rport=445 | protocol=6 | dir=out | app=system |
"{FD7E70FB-03D1-46DA-A1A7-C8E775961BD9}" = lport=137 | protocol=17 | dir=in | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{01DCFCE5-7C21-4901-97AF-9A2A7C7ECB9F}" = protocol=17 | dir=in | app=c:\program files\hp\hp deskjet 2050 j510 series\bin\usbsetup.exe |
"{12DBDE5F-3FE4-45D5-B27C-4F80CB5B51C8}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office15\ucmapi.exe |
"{14FB9C5A-0D7B-4955-B073-D2440AD2B37B}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office15\ucmapi.exe |
"{1919ADDB-4939-47D6-820F-D052CEDBC505}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{1F1AA35E-FFD0-4250-B2FB-FC75C1D9D477}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office15\lync.exe |
"{3FC5401C-658B-471D-9C7F-C5BB7C3C71D2}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{3FCECFEC-F981-49C3-95EB-91B8A086DDCF}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office15\ucmapi.exe |
"{41E420B4-2E35-4C62-9117-654B99CF1D05}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{4752D743-5E3E-4718-A8C3-07B8E22EBA91}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{48A79D5E-2CD8-4E79-A6D3-5F407075A7E9}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{51D9129B-992B-49B7-B065-A964A0F4A6E5}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{54DA40CD-6481-43C6-9466-31575661290B}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office15\ucmapi.exe |
"{62933601-D5D5-4A2C-BF21-BA43F282D771}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{64CF1F47-2DBF-479E-BD02-DF75BB8ECAD2}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{782D976A-82BF-49CC-B3B2-14A4242ECBB9}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{7B5BCB6F-C16A-48B6-AD72-289A53FF22B2}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{8115E8A7-18C4-4B62-85E7-B867A55C9AD1}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{83873155-F215-4559-9150-4A189FB238F3}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{83B91DA6-8E0E-4B41-BEC5-886F229659B4}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{848E57C3-BCCD-4548-9E6C-476EFBCC986D}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office15\lync.exe |
"{84C3B89D-00C0-4E62-B009-2168B2C6AB16}" = protocol=6 | dir=in | app=c:\program files\hp\hp deskjet 2050 j510 series\bin\usbsetup.exe |
"{87B90752-14FE-4DC2-918E-283F6D6B35AD}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{8EBA9B50-6A73-4303-B7F6-7FD506349FC4}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{9D2EF999-52B8-4275-825D-9CE1E47A1691}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{A1074EC7-713A-46C1-8001-0E918E14DB4E}" = protocol=6 | dir=out | app=system |
"{AB544FBC-3B27-4E5B-8B31-3012412064C5}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{B49ADD15-467B-4A4E-8DA1-43B5556CF0FE}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office15\lync.exe |
"{BB2B3DDF-8009-401A-BFAF-8CAE1D8EAC97}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{C5CA56EF-4643-4F70-A59E-31C8857DA545}" = protocol=17 | dir=in | app=c:\program files (x86)\opera\opera.exe |
"{C6EF6418-15BA-49FB-B637-98CFE38E4A07}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office15\lync.exe |
"{F73E639C-7FDE-4E59-8362-10BEF968DDD4}" = protocol=6 | dir=in | app=c:\program files (x86)\opera\opera.exe |
"TCP Query User{7DAD1AE3-C692-4BFE-8D81-0BA27A627DEE}C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe" = protocol=6 | dir=in | app=c:\windows\microsoft.net\framework\v2.0.50727\vbc.exe |
"UDP Query User{31BA3552-34CF-4610-9BC4-4C6B15BD28C5}C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe" = protocol=17 | dir=in | app=c:\windows\microsoft.net\framework\v2.0.50727\vbc.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0B497B28-5243-3329-9F10-DBB18E0963E6}" = Microsoft Visual C++ 2012 x64 Debug Runtime - 11.0.51106
"{0E8670B8-3965-4930-ADA6-570348B67153}" = Microsoft SQL Server 2012 Transact-SQL ScriptDom
"{13D558FE-A863-402C-B115-160007277033}" = Microsoft SQL Server 2012 Express LocalDB
"{1AB648D7-5FDE-321E-825A-4FE93A0890F5}" = Microsoft .NET Framework 4 Extended HEB Language Pack
"{1AD147D0-BE0E-3D6C-AC11-64F6DC4163F1}" = Microsoft .NET Framework 4.5
"{27EF252D-800C-ED42-9904-459FE0046225}" = Windows Software Development Kit for Windows Store Apps DirectX x64 Remote
"{2EC3A3E2-E1EA-383D-BE76-D651C7852A05}" = Microsoft Visual Studio Team Foundation Server 2012 Object Model Language Pack - ENU
"{30B7A7A6-D519-3332-BEB3-D105EFC7389A}" = Microsoft Visual Studio 2012 Express Prerequisites x64 - ENU
"{36E619BC-A234-4EC3-849B-779A7C865A45}" = Microsoft SQL Server 2012 Data-Tier App Framework
"{3C28BFD4-90C7-3138-87EF-418DC16E9598}" = Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.51106
"{41208EF0-FA40-3824-B330-5D59B666C720}" = Microsoft Visual Studio Team Foundation Server 2012 Object Model
"{49D665A2-4C2A-476E-9AB8-FCC425F526FC}" = Microsoft SQL Server 2012 Native Client
"{5AF4E09F-5C9B-3AAF-B731-544D3DC821DD}" = Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.51106
"{5FB4C443-6BD6-1514-2717-3827D65AE6FB}" = Windows Software Development Kit DirectX x64 Remote
"{78909610-D229-459C-A936-25D92283D3FD}" = Microsoft SQL Server Compact 4.0 SP1 x64 ENU
"{90150000-0011-0000-1000-0000000FF1CE}" = Microsoft Office Professional Plus 2013
"{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{9100041B-F987-48ED-8FC4-F26FEAF4DD80}" =
"{90150000-0015-040D-1000-0000000FF1CE}" = Microsoft Access MUI (Hebrew) 2013
"{90150000-0016-040D-1000-0000000FF1CE}" = Microsoft Excel MUI (Hebrew) 2013
"{90150000-0018-040D-1000-0000000FF1CE}" = Microsoft PowerPoint MUI (Hebrew) 2013
"{90150000-0019-040D-1000-0000000FF1CE}" = Microsoft Publisher MUI (Hebrew) 2013
"{90150000-001A-040D-1000-0000000FF1CE}" = Microsoft Outlook MUI (Hebrew) 2013
"{90150000-001B-040D-1000-0000000FF1CE}" = Microsoft Word MUI (Hebrew) 2013
"{90150000-001F-0401-1000-0000000FF1CE}" = Microsoft Office Proofing Tools 2013 - اللغة العربية
"{90150000-001F-0409-1000-0000000FF1CE}" = Microsoft Office Proofing Tools 2013 - English
"{90150000-001F-040C-1000-0000000FF1CE}" = Outils de vérification linguistique 2013 de Microsoft Office - Français
"{90150000-001F-040D-1000-0000000FF1CE}" = כלי ההגהה של Microsoft Office 2013 - עברית
"{90150000-001F-0419-1000-0000000FF1CE}" = Средства проверки правописания Microsoft Office 2013 — русский
"{90150000-002C-040D-1000-0000000FF1CE}" = Microsoft Office Proofing (Hebrew) 2013
"{90150000-0044-040D-1000-0000000FF1CE}" = Microsoft InfoPath MUI (Hebrew) 2013
"{90150000-006E-040D-1000-0000000FF1CE}" = Microsoft Office Shared MUI (Hebrew) 2013
"{90150000-0090-040D-1000-0000000FF1CE}" = Microsoft DCF MUI (Hebrew) 2013
"{90150000-00A1-040D-1000-0000000FF1CE}" = Microsoft OneNote MUI (Hebrew) 2013
"{90150000-00BA-040D-1000-0000000FF1CE}" = Microsoft Groove MUI (Hebrew) 2013
"{90150000-00C1-0000-1000-0000000FF1CE}" = Microsoft Office 32-bit Components 2013
"{90150000-00C1-040D-1000-0000000FF1CE}" = Microsoft Office Shared 32-bit MUI (Hebrew) 2013
"{90150000-00E1-040D-1000-0000000FF1CE}" = Microsoft Office OSM MUI (Hebrew) 2013
"{90150000-00E2-040D-1000-0000000FF1CE}" = Microsoft Office OSM UX MUI (Hebrew) 2013
"{90150000-012B-040D-1000-0000000FF1CE}" = Microsoft Lync MUI (Hebrew) 2013
"{91150000-0011-0000-1000-0000000FF1CE}" = Microsoft Office Professional Plus 2013
"{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033" = Microsoft .NET Framework 4.5
"{98E1A452-17DA-4885-9A85-F3727884DB3A}" = תוכנה בסיסית של ההתקן HP Deskjet 2050 J510 series
"{9D573E71-1077-4C7E-B4DB-4E22A5D2B48B}" = Microsoft SQL Server 2012 Command Line Utilities
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA מנהל ההתקן עבור ‎3D Vision 285.62
"{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = לוח הבקרה של NVIDIA 285.62
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA מנהל התקן עבור נתונים גרפיים 285.62
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA מנהל ההתקן של בקר ‎3D Vision 285.62
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA תכנת PhysX System 9.11.0621
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = עדכוני NVIDIA 1.5.20
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{BEB0F91E-F2EA-48A1-B938-7857ABF2A93D}" = Microsoft SQL Server 2012 Transact-SQL Compiler Service
"{CB457D7C-D242-31CB-83C7-DDCF16418360}" = Microsoft .NET Framework 4 Client Profile HEB Language Pack
"{F1949145-EB64-4DE7-9D81-E6D27937146C}" = Microsoft System CLR Types for SQL Server 2012 (x64)
"{FA0A244E-F3C2-4589-B42A-3D522DE79A42}" = Microsoft SQL Server 2012 Management Objects (x64)
"Microsoft .NET Framework 4 Client Profile HEB Language Pack" = Microsoft .NET Framework 4 Client Profile HEB Language Pack
"Microsoft .NET Framework 4 Extended HEB Language Pack" = Microsoft .NET Framework 4 Extended HEB Language Pack
"Office15.PROPLUS" = Microsoft Office Professional Plus 2013
"Office15.PROPLUSR" = Microsoft Office Professional Plus 2013
"WinRAR archiver" = WinRAR 4.11 (64-סיביות)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{09412B73-6159-40D6-B0B9-C11B30A7531E}" = Microsoft Visual Studio 2012 Preparation
"{0C03A66F-1FF0-45F9-8D67-0D806EBFFBA1}" = Blend for Visual Studio SDK for Silverlight 5
"{1948E039-EC79-4591-951D-9867A8C14C90}" = Microsoft .NET Framework 4.5 SDK
"{1B9BBB23-65CB-3AEE-BFC6-633E7CA299FD}" = Microsoft Visual Studio Team Foundation Server 2012 Team Explorer Language Pack - ENU
"{1BE2AFE6-209E-3862-AE45-DA9D3D21BD65}" = Microsoft Visual Studio Express 2012 for Windows Desktop
"{1C997E1C-5CE9-4AF3-AAA9-DC65E6090827}" = Microsoft Expression Blend SDK for Silverlight 4
"{222C5507-AC43-388F-808E-2266EC57E043}" = Microsoft Visual Studio Express 2012 for Windows Desktop - ENU
"{23170F69-40C1-2701-0920-000001000000}" = 7-Zip 9.20
"{23176E97-26CB-C72A-19EB-BFB21AC1D15A}" = Windows Software Development Kit DirectX x86 Remote
"{2436F2A8-4B7E-4B6C-AE4E-604C84AA6A4F}" = Nero Core Components 10
"{2C0CC01A-DDBC-3AED-AF18-E741242FD727}" = Microsoft Visual Studio Ultimate 2012 XAML UI Designer enu Resources
"{30C27CAE-9266-3B47-837D-193C16EDB811}" = Microsoft Visual C++ 2012 x86 Debug Runtime - 11.0.51106
"{32136776-FE3F-453D-80DA-CDD993BDB2A3}" = Entity Framework Designer for Visual Studio 2012 - enu
"{37E53780-3944-4A6A-842F-727128E8616E}" = Blend for Visual Studio SDK for .NET 4.5
"{38FC6E9A-F719-431A-A83D-4C86D5FD6555}" = Microsoft Visual Studio 2012 Shell (Minimum) Resources
"{42F61556-29ED-8122-F39E-6F04EA5FF279}" = Windows Software Development Kit for Windows Store Apps DirectX x86 Remote
"{49402ED1-A795-4435-A745-1B781BE621A6}" = Microsoft NuGet - Visual Studio Express 2012 for Windows Desktop
"{4F2B8233-35EE-4197-8C3B-EACCBF712029}" = Microsoft SQL Server Data Tools - enu (11.1.20828.01)
"{523B2B1B-D8DB-4B41-90FF-C4D799E2758A}" = Nero ControlCenter 10 Help (CHM)
"{54DF35BD-4A36-35DA-B029-A0C083C88614}" = Google Chrome
"{555868C6-49FB-484F-BB43-8980651A1B00}" = Nero BurnRights 10 Help (CHM)
"{560985FB-4B76-4121-9189-7A2CDC7886D6}" = Kaspersky Internet Security 2013
"{5CBFF3F3-2D40-34EE-BCA5-A95BC19E400D}" = Microsoft .NET Framework 4.5 Multi-Targeting Pack
"{60D5EF2A-4E0C-2C30-38F6-59C26E134F4A}" = Windows Software Development Kit
"{6A6F1B4D-1BCE-3703-93D8-4494FB7F1280}" = Microsoft Portable Library Multi-Targeting Pack
"{6C772996-BFF3-3C8C-860B-B3D48FF05D65}" = Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.51106
"{6D6D43E5-218C-4B05-92D3-2240810F4760}" = Microsoft SQL Server 2012 T-SQL Language Service
"{6DAB46E3-D017-3E2B-85D8-F57A230384C0}" = Microsoft Visual Studio Team Foundation Server 2012 Team Explorer
"{6DFB899F-17A2-48F0-A533-ED8D6866CF38}" = Nero Control Center 10
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7A3DF2E2-CF13-44FB-A93E-F71D5381DB3F}" = HP Deskjet 2050 J510 series עזרה
"{7A5D731D-B4B3-490E-B339-75685712BAAB}" = Nero Burning ROM 10
"{7F6D7FD9-648D-4DD9-BB6E-3990C675ECA4}" = NVIDIA PhysX
"{800F484E-9D69-492D-B656-7BAA32586142}" = Microsoft Visual Studio 2012 Shell (Minimum)
"{808118B1-60D6-4DCF-8077-73A4D3D8BB54}" = Microsoft Visual C++ 2012 x86-x64 Compilers
"{820C677A-41B2-48C3-8136-FEE35A052E73}" = Microsoft Visual Studio 2012 Shell (Minimum) Interop Assemblies
"{834B6E00-F509-40F2-A677-E86261184576}" = Blend for Visual Studio Add-in for Adobe FXG Import
"{9169C939-ED01-446A-BD0C-29873BAF4E48}" = Prerequisites for SSDT
"{943CFD7D-5336-47AF-9418-E02473A5A517}" = Nero BurnRights 10
"{9B3A1C97-A361-463E-8817-444F9F88CDFE}" = Microsoft Expression Blend SDK for .NET 4
"{9B6B24BE-80E7-46C4-9FA5-B167D5E0F345}" = Nero BurningROM 10 Help (CHM)
"{A1785BD4-3486-4E7E-8074-E3FC61B8F315}" = Microsoft Visual C++ 2012 x86-x64 Compilers
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1037-7B44-A93000000001}" = Adobe Reader 9.3 - Hebrew
"{C1BE4600-7D15-3D1E-8AA2-B3241DB1D063}" = Microsoft Visual Studio Ultimate 2012 XAML UI Designer Core
"{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}" = Microsoft .NET Framework 4 Multi-Targeting Pack
"{D11F66FF-82B3-DDB8-1146-525370552BE1}" = Windows Software Development Kit for Windows Store Apps
"{D8EC110F-F88D-4DBA-B84C-C305A550B3D6}" = Microsoft Visual C++ 2012 32bit Compilers - ENU Resources
"{DA1C1761-5F4F-4332-AB9D-29EDF3F8EA0A}" = Microsoft SQL Server 2012 Management Objects
"{e0efdce9-a486-4676-8aa5-65bb08cbf34c}" = Microsoft Visual Studio Express 2012 for Windows Desktop - ENU
"{E2082604-4BA5-44BB-BBFB-AF0F3CB8C6AB}" = Microsoft System CLR Types for SQL Server 2012
"{E818AE7C-244B-4A50-9C86-C0E4A8B69159}" = Microsoft Visual Studio 2012 Tools for SQL Server Compact 4.0 SP1 ENU
"{E824E81C-80A4-3DFF-B5F9-4842A9FF5F7F}" = Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.51106
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F361FE04-789E-42F3-BBAB-E7B380AA5E06}" = Windows XP Targeting with C++
"{FAE0523E-08A4-4717-8E8E-6EC6F32CBE88}" = Microsoft SQL Server Data Tools Build Utilities - enu (11.1.20828.01)
"{FBA6F90E-36EC-4FC9-9B25-3834E3BD46A8}" = Microsoft SQL Server 2012 Data-Tier App Framework
"{FE83F463-7E61-4B18-9FA0-B94B90A0B6B9}" = Nero Burning ROM 10
"{FEB375AB-6EEC-3929-8FAF-188ED81DD8B5}" = Microsoft Help Viewer 2.0
"{FFC6E93A-B9AD-3F20-9B06-EE20E24AAEAF}" = Microsoft Visual C++ 2012 Core Libraries
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"BSPlayerf" = BS.Player FREE
"InstallWIX_{560985FB-4B76-4121-9189-7A2CDC7886D6}" = Kaspersky Internet Security 2013
"KLiteCodecPack_is1" = K-Lite Codec Pack 6.7.0 (Full)
"Microsoft Help Viewer 2.0" = Microsoft Help Viewer 2.0
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"SopCast" = SopCast 3.8.2

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 06/05/2013 13:54:24 | Computer Name = ספיר-PC | Source = .NET Runtime Optimization Service | ID = 1101
Description =

Error - 06/05/2013 13:54:25 | Computer Name = ספיר-PC | Source = .NET Runtime Optimization Service | ID = 1101
Description =

Error - 06/05/2013 13:54:26 | Computer Name = ספיר-PC | Source = .NET Runtime Optimization Service | ID = 1101
Description =

Error - 06/05/2013 13:54:26 | Computer Name = ספיר-PC | Source = .NET Runtime Optimization Service | ID = 1101
Description =

Error - 06/05/2013 13:55:28 | Computer Name = ספיר-PC | Source = .NET Runtime Optimization Service | ID = 1101
Description =

Error - 06/05/2013 13:55:28 | Computer Name = ספיר-PC | Source = .NET Runtime Optimization Service | ID = 1101
Description =

Error - 11/05/2013 11:32:07 | Computer Name = ספיר-PC | Source = Application Error | ID = 1000
Description = ‏‏יישום שחלות בו תקלות: bsplayer.exe, גירסה: 2.6.4.1073, חותמת זמן:
0x2a425e19 שם מודול שחלות בו תקלות: ntdll.dll, גירסה: 6.1.7601.17725, חותמת זמן:
0x4ec49b8f קוד חריגה: 0xc0000005 היסט תקלה: 0x00038dc9 מזהה תהליך שחלות בו תקלות:
0x9bc שעת ההפעלה של היישום שחלות בו תקלות: 0x01ce4e5c629bb4b7 נתיב היישום שחלות בו
תקלות: E:\Program Files\BSPlayer\bsplayer.exe נתיב המודול שחלות בו תקלות: C:\Windows\SysWOW64\ntdll.dll
מזהה
דוח: effa799f-ba4f-11e2-9dbc-002522645ae8

Error - 14/05/2013 16:18:04 | Computer Name = ספיר-PC | Source = Application Hang | ID = 1002
Description = ‏‏התוכנית SopCast.exe בגירסה 3.8.2.201 הפסיקה לקיים אינטראקציה עם
Windows ונסגרה. כדי לגלות אם יש מידע זמין נוסף אודות הבעיה, בדוק את היסטוריית הבעיה
בלוח הבקרה של מרכז הפעולות. מזהה תהליך: 1048 זמן התחלה: 01ce50dd177f57b6 זמן סיום:
31 נתיב יישום: E:\Program Files\SopCast\SopCast.exe מזהה דוח: 22d39563-bcd3-11e2-8478-002522645ae8

Error - 17/05/2013 12:17:59 | Computer Name = ספיר-PC | Source = .NET Runtime | ID = 1026
Description =

Error - 17/05/2013 12:18:00 | Computer Name = ספיר-PC | Source = Application Error | ID = 1000
Description = ‏‏יישום שחלות בו תקלות: Q14.exe, גירסה: 1.0.0.0, חותמת זמן: 0x51965816
שם
מודול שחלות בו תקלות: KERNELBASE.dll, גירסה: 6.1.7601.18015, חותמת זמן: 0x50b83c8a
קוד
חריגה: 0xe0434352 היסט תקלה: 0x0000c41f מזהה תהליך שחלות בו תקלות: 0x14fc שעת ההפעלה
של היישום שחלות בו תקלות: 0x01ce531a170af3a3 נתיב היישום שחלות בו תקלות: C:\Users\ספיר\Documents\Visual
Studio 2010\Projects\C7Patterns\Q14\bin\Release\Q14.exe נתיב המודול שחלות בו תקלות:
C:\Windows\syswow64\KERNELBASE.dll מזהה דוח: 5714c87d-bf0d-11e2-b19b-002522645ae8

[ System Events ]
Error - 20/05/2013 14:22:21 | Computer Name = ספיר-PC | Source = Schannel | ID = 36874
Description = ‏‏התקבלה בקשה לחיבור SSL 3.0 מיישום לקוח מרוחק, אך השרת אינו תומך
באף אחת מחבילות הצופן שבהן תומך יישום הלקוח. הבקשה לחיבור SSL נכשלה.

Error - 20/05/2013 14:22:21 | Computer Name = ספיר-PC | Source = Schannel | ID = 36888
Description = ‏‏ההתראה המכרעת הבאה נוצרה: 40. מצב השגיאה הפנימי הוא 107.

Error - 20/05/2013 14:22:21 | Computer Name = ספיר-PC | Source = Schannel | ID = 36874
Description = ‏‏התקבלה בקשה לחיבור SSL 3.0 מיישום לקוח מרוחק, אך השרת אינו תומך
באף אחת מחבילות הצופן שבהן תומך יישום הלקוח. הבקשה לחיבור SSL נכשלה.

Error - 20/05/2013 14:22:21 | Computer Name = ספיר-PC | Source = Schannel | ID = 36888
Description = ‏‏ההתראה המכרעת הבאה נוצרה: 40. מצב השגיאה הפנימי הוא 107.

Error - 20/05/2013 14:22:21 | Computer Name = ספיר-PC | Source = Schannel | ID = 36874
Description = ‏‏התקבלה בקשה לחיבור SSL 3.0 מיישום לקוח מרוחק, אך השרת אינו תומך
באף אחת מחבילות הצופן שבהן תומך יישום הלקוח. הבקשה לחיבור SSL נכשלה.

Error - 20/05/2013 14:22:21 | Computer Name = ספיר-PC | Source = Schannel | ID = 36888
Description = ‏‏ההתראה המכרעת הבאה נוצרה: 40. מצב השגיאה הפנימי הוא 107.

Error - 20/05/2013 14:22:21 | Computer Name = ספיר-PC | Source = Schannel | ID = 36874
Description = ‏‏התקבלה בקשה לחיבור SSL 3.0 מיישום לקוח מרוחק, אך השרת אינו תומך
באף אחת מחבילות הצופן שבהן תומך יישום הלקוח. הבקשה לחיבור SSL נכשלה.

Error - 20/05/2013 14:22:21 | Computer Name = ספיר-PC | Source = Schannel | ID = 36888
Description = ‏‏ההתראה המכרעת הבאה נוצרה: 40. מצב השגיאה הפנימי הוא 107.

Error - 20/05/2013 14:22:21 | Computer Name = ספיר-PC | Source = Schannel | ID = 36874
Description = ‏‏התקבלה בקשה לחיבור SSL 3.0 מיישום לקוח מרוחק, אך השרת אינו תומך
באף אחת מחבילות הצופן שבהן תומך יישום הלקוח. הבקשה לחיבור SSL נכשלה.

Error - 20/05/2013 14:22:21 | Computer Name = ספיר-PC | Source = Schannel | ID = 36888
Description = ‏‏ההתראה המכרעת הבאה נוצרה: 40. מצב השגיאה הפנימי הוא 107.

< End of report >

HijackThis:
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 09:09:18, on 26/05/2013
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16483)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\klwtblfs.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\ספיר\Desktop\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.walla.co.il/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Lync Click to Call BHO - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll
O2 - BHO: ContentBlockerBrowserHelperObject - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\ContentBlocker\ie_content_blocker_plugin.dll
O2 - BHO: VirtualKeyboardBrowserHelperObject - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll
O2 - BHO: Safe Money Plugin - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\OnlineBanking\online_banking_bho.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office15\URLREDIR.DLL
O2 - BHO: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\PROGRA~2\MICROS~1\Office15\GROOVEEX.DLL
O2 - BHO: link filter bho - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\UrlAdvisor\klwtbbho.dll
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [AVP] "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /nosplash /minimized (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [SPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft....?LinkID=122915" /build:7601 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /nosplash /minimized (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [SPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft....?LinkID=122915" /build:7601 (User 'Default user')
O8 - Extra context menu item: &ייצוא אל Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office15\EXCEL.EXE/3000
O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ie_banner_deny.htm
O8 - Extra context menu item: ש&לח אל OneNote - res://C:\PROGRA~1\MICROS~2\Office15\ONBttnIE.dll/105
O9 - Extra button: Virtual Keyboard - {0C4CC089-D306-440D-9772-464E226F6539} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll
O9 - Extra button: שלח אל OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: ש&לח אל OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIE.dll
O9 - Extra button: לחץ להתקשרות של Lync - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll
O9 - Extra 'Tools' menuitem: לחץ להתקשרות של Lync - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll
O9 - Extra button: ה&ערות מקושרות של OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: ה&ערות מקושרות של OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIELinkedNotes.dll
O9 - Extra button: URLs check - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\UrlAdvisor\klwtbbho.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.m...ash/swflash.cab
O18 - Protocol: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files (x86)\Microsoft Office\Office15\MSOSB.DLL
O18 - Filter hijack: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLL
O23 - Service: @%SystemRoot%\system32\aelupsvc.dll,-1 (AeLookupSvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: @%systemroot%\system32\appidsvc.dll,-100 (AppIDSvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%systemroot%\system32\appinfo.dll,-100 (Appinfo) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @appmgmts.dll,-3250 (AppMgmt) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\audiosrv.dll,-204 (AudioEndpointBuilder) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\audiosrv.dll,-200 (AudioSrv) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: Kaspersky Anti-Virus Service (AVP) - Kaspersky Lab ZAO - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe
O23 - Service: @%SystemRoot%\system32\AxInstSV.dll,-103 (AxInstSV) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\bdesvc.dll,-100 (BDESVC) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\bfe.dll,-1001 (BFE) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\qmgr.dll,-1000 (BITS) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%systemroot%\system32\browser.dll,-100 (Browser) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\System32\bthserv.dll,-101 (bthserv) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\System32\certprop.dll,-11 (CertPropSvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\cryptsvc.dll,-1001 (CryptSvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%systemroot%\system32\cscsvc.dll,-200 (CscService) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @oleres.dll,-5012 (DcomLaunch) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\defragsvc.dll,-101 (defragsvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\dhcpcore.dll,-100 (Dhcp) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\System32\dnsapi.dll,-101 (Dnscache) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%systemroot%\system32\dot3svc.dll,-1102 (dot3svc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%systemroot%\system32\dps.dll,-500 (DPS) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%systemroot%\system32\eapsvc.dll,-1 (EapHost) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\ehome\ehrecvr.exe,-101 (ehRecvr) - Unknown owner - C:\Windows\ehome\ehRecvr.exe
O23 - Service: @%SystemRoot%\ehome\ehsched.exe,-101 (ehSched) - Unknown owner - C:\Windows\ehome\ehsched.exe
O23 - Service: @%SystemRoot%\system32\wevtsvc.dll,-200 (eventlog) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @comres.dll,-2450 (EventSystem) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\fdPHost.dll,-100 (fdPHost) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%systemroot%\system32\fdrespub.dll,-100 (FDResPub) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%systemroot%\system32\FntCache.dll,-100 (FontCache) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @gpapi.dll,-112 (gpsvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\System32\hidserv.dll,-101 (hidserv) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\kmsvc.dll,-6 (hkmsvc) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\System32\ListSvc.dll,-100 (HomeGroupListener) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\System32\provsvc.dll,-100 (HomeGroupProvider) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\ikeext.dll,-501 (IKEEXT) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%systemroot%\system32\IPBusEnum.dll,-102 (IPBusEnum) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\iphlpsvc.dll,-500 (iphlpsvc) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2946 (KtmRm) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%systemroot%\system32\srvsvc.dll,-100 (LanmanServer) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%systemroot%\system32\wkssvc.dll,-100 (LanmanWorkstation) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\lltdres.dll,-1 (lltdsvc) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\lmhsvc.dll,-101 (lmhosts) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%systemroot%\system32\mmcss.dll,-100 (MMCSS) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\FirewallAPI.dll,-23090 (MpsSvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\iscsidsc.dll,-5000 (MSiSCSI) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\msimsg.dll,-27 (msiserver) - Unknown owner - C:\Windows\system32\msiexec.exe
O23 - Service: @%SystemRoot%\system32\qagentrt.dll,-6 (napagent) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\netman.dll,-109 (Netman) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\netprofm.dll,-202 (netprofm) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\System32\nlasvc.dll,-1 (NlaSvc) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\nsisvc.dll,-200 (nsi) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\pnrpsvc.dll,-8004 (p2pimsvc) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\p2psvc.dll,-8006 (p2psvc) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\pcasvc.dll,-1 (PcaSvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\peerdistsvc.dll,-9000 (PeerDistSvc) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%systemroot%\sysWow64\perfhost.exe,-2 (PerfHost) - Unknown owner - C:\Windows\SysWow64\perfhost.exe
O23 - Service: @%systemroot%\system32\pla.dll,-500 (pla) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\umpnpmgr.dll,-100 (PlugPlay) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\pnrpauto.dll,-8002 (PNRPAutoReg) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\pnrpsvc.dll,-8000 (PNRPsvc) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\System32\polstore.dll,-5010 (PolicyAgent) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\umpo.dll,-100 (Power) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%systemroot%\system32\profsvc.dll,-300 (ProfSvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\qwave.dll,-1 (QWAVE) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%Systemroot%\system32\rasauto.dll,-200 (RasAuto) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%Systemroot%\system32\rasmans.dll,-200 (RasMan) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @regsvc.dll,-1 (RemoteRegistry) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%windir%\system32\RpcEpMap.dll,-1001 (RpcEptMapper) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @oleres.dll,-5010 (RpcSs) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\System32\SCardSvr.dll,-1 (SCardSvr) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\schedsvc.dll,-100 (Schedule) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\System32\certprop.dll,-13 (SCPolicySvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\sdrsvc.dll,-107 (SDRSVC) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\seclogon.dll,-7001 (seclogon) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\Sens.dll,-200 (SENS) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\System32\sensrsvc.dll,-1000 (SensrSvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\System32\SessEnv.dll,-1026 (SessionEnv) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\System32\shsvcs.dll,-12288 (ShellHWDetection) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppuinotify.dll,-103 (sppuinotify) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%systemroot%\system32\ssdpsrv.dll,-100 (SSDPSRV) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\sstpsvc.dll,-200 (SstpSvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\wiaservc.dll,-9 (stisvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\System32\swprv.dll,-103 (swprv) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\sysmain.dll,-1000 (SysMain) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\TabSvc.dll,-100 (TabletInputService) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\tapisrv.dll,-10100 (TapiSrv) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\tbssvc.dll,-100 (TBS) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\System32\termsrv.dll,-268 (TermService) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\System32\themeservice.dll,-8192 (Themes) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%systemroot%\system32\mmcss.dll,-102 (THREADORDER) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\trkwks.dll,-1 (TrkWks) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\servicing\TrustedInstaller.exe,-100 (TrustedInstaller) - Unknown owner - C:\Windows\servicing\TrustedInstaller.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\umrdp.dll,-1000 (UmRdpService) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%systemroot%\system32\upnphost.dll,-213 (upnphost) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\dwm.exe,-2000 (UxSms) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\w32time.dll,-200 (W32Time) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%systemroot%\system32\wbiosrvc.dll,-100 (WbioSrvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\wcncsvc.dll,-3 (wcncsvc) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\WcsPlugInService.dll,-200 (WcsPlugInService) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%systemroot%\system32\wdi.dll,-502 (WdiServiceHost) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%systemroot%\system32\wdi.dll,-500 (WdiSystemHost) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%systemroot%\system32\webclnt.dll,-100 (WebClient) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\wecsvc.dll,-200 (Wecsvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\System32\wercplsupport.dll,-101 (wercplsupport) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\System32\wersvc.dll,-100 (WerSvc) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%ProgramFiles%\Windows Defender\MsMpRes.dll,-103 (WinDefend) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\system32\winhttp.dll,-100 (WinHttpAutoProxySvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%Systemroot%\system32\wbem\wmisvc.dll,-205 (Winmgmt) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%Systemroot%\system32\wsmsvc.dll,-101 (WinRM) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%SystemRoot%\System32\wlansvc.dll,-257 (Wlansvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: @%SystemRoot%\system32\wpcsvc.dll,-100 (WPCSvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\wpdbusenum.dll,-100 (WPDBusEnum) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\System32\wscsvc.dll,-200 (wscsvc) - Unknown owner - C:\Windows\System32\svchost.exe
O23 - Service: @%systemroot%\system32\SearchIndexer.exe,-103 (WSearch) - Unknown owner - C:\Windows\system32\SearchIndexer.exe
O23 - Service: @%systemroot%\system32\wuaueng.dll,-105 (wuauserv) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\system32\wudfsvc.dll,-1000 (wudfsvc) - Unknown owner - C:\Windows\system32\svchost.exe
O23 - Service: @%SystemRoot%\System32\wwansvc.dll,-257 (WwanSvc) - Unknown owner - C:\Windows\system32\svchost.exe

--
End of file - 23634 bytes

DDS:
.
DDS (Ver_11-03-05.01) - NTFS_AMD64
Run by ‘”‰˜ at 9:10:28.11 on Sun 05/26/2013
Internet Explorer: 9.0.8112.16421
Microsoft Windows 7 Ultimate 6.1.7601.1.1255.972.1037.18.2047.704 [GMT 3:00]
.
AV: Kaspersky Internet Security *Enabled/Updated* {C3113FBF-4BCB-4461-D78D-6EDFEC9593E5}
SP: Kaspersky Internet Security *Enabled/Updated* {7870DE5B-6DF1-4BEF-ED3D-55AD9712D958}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Kaspersky Internet Security *Enabled* {FB2ABE9A-01A4-4539-FCD2-C7EA1246D49E}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\klwtblfs.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\wbem\wmiprvse.exe
C:\Users\ספיר\Desktop\dds.scr
C:\Windows\system32\conhost.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.walla.co.il/
mWinlogon: Userinit=userinit.exe
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Lync Browser Helper: {31d09ba0-12f5-4cce-be8a-2923e76605da} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll
BHO: Content Blocker Plugin: {5564cc73-efa7-4cbf-918a-5cf7fbbfff4f} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\ContentBlocker\ie_content_blocker_plugin.dll
BHO: Virtual Keyboard Plugin: {73455575-e40c-433c-9784-c78dc7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll
BHO: Safe Money Plugin: {9e6d0d23-3d72-4a94-ae1f-2d167624e3d9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\OnlineBanking\online_banking_bho.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~1\Office15\URLREDIR.DLL
BHO: Microsoft SkyDrive Pro Browser Helper: {d0498e0a-45b7-42ae-a9aa-aba463dbd3bf} - C:\PROGRA~2\MICROS~1\Office15\GROOVEEX.DLL
BHO: URL Advisor Plugin: {e33cf602-d945-461a-83f0-819f76a199f8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\UrlAdvisor\klwtbbho.dll
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [AVP] "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe"
dRun: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /nosplash /minimized
dRunOnce: [SPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft....?LinkID=122915" /build:7601
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: &ייצוא אל Microsoft Excel - C:\PROGRA~1\MICROS~2\Office15\EXCEL.EXE/3000
IE: Add to Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ie_banner_deny.htm
IE: ש&לח אל OneNote - C:\PROGRA~1\MICROS~2\Office15\ONBttnIE.dll/105
IE: {0C4CC089-D306-440D-9772-464E226F6539} - {0BA14598-4178-4CE5-B1F1-B5C6408A3F2E} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIE.dll
IE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIELinkedNotes.dll
IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\UrlAdvisor\klwtbbho.dll
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxps://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Filter: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files (x86)\Microsoft Office\Office15\MSOSB.DLL
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.94\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
BHO-X64: Lync Browser Helper: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\Office15\OCHelper.dll
BHO-X64: Lync Click to Call BHO - No File
BHO-X64: Content Blocker Plugin: {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll
BHO-X64: ContentBlockerBrowserHelperObject - No File
BHO-X64: Virtual Keyboard Plugin: {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll
BHO-X64: VirtualKeyboardBrowserHelperObject - No File
BHO-X64: Safe Money Plugin: {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\OnlineBanking\online_banking_bho.dll
BHO-X64: Safe Money Plugin - No File
BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office15\URLREDIR.DLL
BHO-X64: URLRedirectionBHO - No File
BHO-X64: Microsoft SkyDrive Pro Browser Helper: {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\PROGRA~1\MICROS~2\Office15\GROOVEEX.DLL
BHO-X64: URL Advisor Plugin: {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\UrlAdvisor\klwtbbho.dll
BHO-X64: link filter bho - No File
mRun-x64: [IgfxTray] C:\Windows\system32\igfxtray.exe
mRun-x64: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
mRun-x64: [Persistence] C:\Windows\system32\igfxpers.exe
mRun-x64: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
.
============= SERVICES / DRIVERS ===============
.
R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;C:\Windows\System32\drivers\klim6.sys [2012-8-2 28504]
R1 kltdi;kltdi;C:\Windows\System32\drivers\kltdi.sys [2013-1-14 55056]
R1 kneps;kneps;C:\Windows\System32\drivers\kneps.sys [2012-8-13 178448]
R2 AVP;Kaspersky Anti-Virus Service;C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe [2013-1-14 356376]
R3 klkbdflt;Kaspersky Lab KLKBDFLT;C:\Windows\System32\drivers\klkbdflt.sys [2013-1-14 29016]
R3 klmouflt;Kaspersky Lab KLMOUFLT;C:\Windows\System32\drivers\klmouflt.sys [2013-1-14 29528]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2012-9-23 412264]
R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;C:\Windows\System32\drivers\viahduaa.sys [2013-5-2 2153072]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2012-7-9 104912]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2012-7-8 123856]
S3 IntcDAud;שמע תצוגה של Intel®‎‎;C:\Windows\System32\drivers\IntcDAud.sys [2012-9-23 317440]
S3 ose64;Office 64 Source Engine;C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2012-10-1 178824]
S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2012-10-1 5132888]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2013-5-6 19456]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2013-5-6 57856]
S3 WatAdminSvc;השירות 'טכנולוגיות הפעלה של Windows;C:\Windows\System32\Wat\WatAdminSvc.exe [2013-3-5 1255736]
S4 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-5-5 256904]
S4 gupdate;שירות Google Update (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-9-23 136176]
S4 gupdatem;שירות עדכון Google (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-9-23 136176]
S4 nvUpdatusService;NVIDIA Update Service Daemon;C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2013-5-5 2253120]
S4 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-10-15 381248]
S4 VIAKaraokeService;VIA Karaoke digital mixer Service;C:\Windows\System32\ViakaraokeSrv.exe [2013-5-2 27760]
.
=============== Created Last 30 ================
.
2013-05-25 00:08:57 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2013-05-25 00:08:57 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2013-05-25 00:05:59 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll
2013-05-25 00:05:58 599040 ----a-w- C:\Windows\System32\vbscript.dll
2013-05-25 00:05:57 887808 ----a-w- C:\Program Files\Internet Explorer\iedvtool.dll
2013-05-25 00:05:57 678912 ----a-w- C:\Program Files (x86)\Internet Explorer\iedvtool.dll
2013-05-25 00:05:57 499200 ----a-w- C:\Program Files\Internet Explorer\jsdbgui.dll
2013-05-25 00:05:57 387584 ----a-w- C:\Program Files (x86)\Internet Explorer\jsdbgui.dll
2013-05-24 10:41:36 -------- d-----w- C:\Users\7938~1\AppData\Roaming\NuGet
2013-05-24 10:36:14 9460464 ----a-w- C:\PROGRA~3\Microsoft\Windows Defender\Definition Updates\{863E8E9B-DD6B-4E38-B501-D9624C1A4446}\mpengine.dll
2013-05-24 10:30:32 983400 ----a-w- C:\Windows\System32\drivers\dxgkrnl.sys
2013-05-24 10:30:32 265064 ----a-w- C:\Windows\System32\drivers\dxgmms1.sys
2013-05-24 10:30:32 144384 ----a-w- C:\Windows\System32\cdd.dll
2013-05-24 10:30:15 1930752 ----a-w- C:\Windows\System32\authui.dll
2013-05-24 10:30:14 70144 ----a-w- C:\Windows\System32\appinfo.dll
2013-05-24 10:30:14 1796096 ----a-w- C:\Windows\SysWow64\authui.dll
2013-05-24 10:30:14 111448 ----a-w- C:\Windows\System32\consent.exe
2013-05-24 10:29:27 48640 ----a-w- C:\Windows\System32\wwanprotdim.dll
2013-05-24 10:29:27 230400 ----a-w- C:\Windows\System32\wwansvc.dll
2013-05-24 10:23:23 3153920 ----a-w- C:\Windows\System32\win32k.sys
2013-05-24 09:19:45 -------- d-s---w- C:\Windows\SysWow64\Microsoft
2013-05-24 07:56:44 -------- d-----w- C:\scan
2013-05-24 07:45:36 -------- d-----w- C:\Program Files\HitmanPro
2013-05-24 07:45:17 -------- d-----w- C:\PROGRA~3\HitmanPro
2013-05-24 07:23:24 -------- d-----w- C:\PROGRA~3\RegRun
2013-05-23 22:18:17 -------- d-----w- C:\Users\7938~1\AppData\Roaming\Malwarebytes
2013-05-23 22:18:05 -------- d-----w- C:\PROGRA~3\Malwarebytes
2013-05-23 22:18:02 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys
2013-05-23 22:17:36 -------- d-----w- C:\Users\7938~1\AppData\Local\Programs
2013-05-23 22:03:40 -------- d-----w- C:\PROGRA~3\AVAST Software
2013-05-23 19:40:59 -------- d-----w- C:\Program Files (x86)\Panda Security
2013-05-18 16:28:34 -------- d-----r- C:\Program Files (x86)\Skype
2013-05-17 14:34:08 -------- d-----w- C:\Users\7938~1\AppData\Roaming\DVDVideoSoft
2013-05-17 14:34:08 -------- d-----w- C:\Program Files (x86)\Common Files\DVDVideoSoft
2013-05-12 14:09:44 -------- d-----w- C:\Users\7938~1\AppData\Roaming\Dropbox
2013-05-06 16:30:30 -------- d-----w- C:\Program Files (x86)\HP
2013-05-06 16:30:16 -------- d-----w- C:\Program Files\HP
2013-05-06 16:28:04 -------- d-----w- C:\Users\7938~1\AppData\Local\HP
2013-05-06 16:10:59 384000 ----a-w- C:\Windows\System32\wksprt.exe
2013-05-06 16:10:59 3174912 ----a-w- C:\Windows\System32\rdpcorets.dll
2013-05-06 16:10:59 1123840 ----a-w- C:\Windows\System32\mstsc.exe
2013-05-06 16:10:59 1048064 ----a-w- C:\Windows\SysWow64\mstsc.exe
2013-05-06 16:10:58 5773824 ----a-w- C:\Windows\System32\mstscax.dll
2013-05-06 16:10:58 4916224 ----a-w- C:\Windows\SysWow64\mstscax.dll
2013-05-06 16:03:49 458712 ----a-w- C:\Windows\System32\drivers\cng.sys
2013-05-06 16:03:49 340992 ----a-w- C:\Windows\System32\schannel.dll
2013-05-06 16:03:49 247808 ----a-w- C:\Windows\SysWow64\schannel.dll
2013-05-06 16:03:49 154480 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
2013-05-06 16:03:48 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
2013-05-06 16:03:48 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
2013-05-06 16:03:48 1448448 ----a-w- C:\Windows\System32\lsasrv.dll
2013-05-06 16:03:47 514560 ----a-w- C:\Windows\SysWow64\qdvd.dll
2013-05-06 16:03:47 366592 ----a-w- C:\Windows\System32\qdvd.dll
2013-05-06 15:09:37 1066464 ----a-w- C:\PROGRA~3\Microsoft\WDExpress\11.0\1033\ResourceCache.dll
2013-05-06 15:08:43 -------- d-----w- C:\Program Files (x86)\NuGet
2013-05-06 15:05:33 -------- d-----w- C:\Program Files (x86)\Common Files\Merge Modules
2013-05-06 15:03:35 -------- d-----w- C:\Program Files (x86)\Common Files\Microsoft
2013-05-06 15:03:29 -------- d-----w- C:\Program Files (x86)\Windows Kits
2013-05-06 15:01:54 -------- d-----w- C:\Program Files (x86)\Microsoft Help Viewer
2013-05-06 15:01:15 -------- d-----w- C:\Windows\SysWow64\1033
2013-05-06 15:01:15 -------- d-----w- C:\Windows\System32\1033
2013-05-06 15:00:39 -------- d-----w- C:\Program Files\Microsoft SQL Server Compact Edition
2013-05-06 15:00:36 -------- d-----w- C:\Program Files (x86)\Microsoft SQL Server Compact Edition
2013-05-06 14:47:02 -------- d-----w- C:\PROGRA~3\Package Cache
2013-05-06 12:46:38 68608 ----a-w- C:\Windows\System32\taskhost.exe
2013-05-05 19:28:59 -------- d-----w- C:\Windows\System32\SPReview
2013-05-05 19:28:32 -------- d-----w- C:\Windows\System32\EventProviders
2013-05-05 17:13:56 -------- d-----w- C:\Users\7938~1\AppData\Local\Adobe
2013-05-05 16:00:38 223752 ----a-w- C:\Windows\System32\drivers\fvevol.sys
2013-05-05 15:42:05 -------- d-----w- C:\Users\7938~1\AppData\Roaming\uTorrent
2013-05-05 14:34:14 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-05-05 14:34:14 691592 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2013-05-05 08:24:11 -------- d-----w- C:\Program Files (x86)\NVIDIA Corporation
2013-05-05 08:20:56 -------- d-----w- C:\NVIDIA
2013-05-05 07:52:13 -------- d-----w- C:\Users\7938~1\AppData\Local\Diagnostics
2013-05-02 13:35:31 -------- d-----w- C:\PROGRA~3\NVIDIA Corporation
2013-05-02 13:35:26 -------- d-----w- C:\Program Files\NVIDIA Corporation
2013-05-02 13:35:02 11240 ----a-w- C:\Windows\System32\drivers\nvBridge.kmd
2013-05-02 13:35:00 13205312 ----a-w- C:\Windows\SysWow64\nvd3dum.dll
2013-05-02 09:10:52 -------- d-----w- C:\Users\7938~1\AppData\Local\Google
2013-05-02 09:10:06 -------- d-----w- C:\Users\7938~1\AppData\Local\ElevatedDiagnostics
2013-05-02 09:03:16 -------- d-----r- C:\Users\ספיר\Searches
2013-05-02 09:03:02 -------- d-----r- C:\Users\ספיר\Contacts
2013-05-02 08:54:07 19968 ----a-w- C:\Windows\System32\drivers\usb8023.sys
2013-05-02 08:54:07 1656680 ----a-w- C:\Windows\System32\drivers\ntfs.sys
2013-05-02 08:54:03 5550424 ----a-w- C:\Windows\System32\ntoskrnl.exe
2013-05-02 08:54:02 3968856 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2013-05-02 08:54:02 3913560 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2013-05-02 08:54:01 6656 ----a-w- C:\Windows\SysWow64\apisetschema.dll
2013-05-02 08:54:01 43520 ----a-w- C:\Windows\System32\csrsrv.dll
2013-05-02 08:54:01 112640 ----a-w- C:\Windows\System32\smss.exe
.
==================== Find3M ====================
.
2013-05-05 19:39:49 175616 ----a-w- C:\Windows\System32\msclmd.dll
2013-05-05 19:39:49 152576 ----a-w- C:\Windows\SysWow64\msclmd.dll
2013-05-02 09:12:56 90208 ----a-w- C:\Windows\System32\drivers\klflt.sys
2013-05-02 09:12:56 55056 ----a-w- C:\Windows\System32\drivers\kltdi.sys
2013-05-02 09:12:56 178448 ----a-w- C:\Windows\System32\drivers\kneps.sys
2013-05-01 23:06:08 278800 ------w- C:\Windows\System32\MpSigStub.exe
2013-04-13 05:49:23 135168 ----a-w- C:\Windows\apppatch\AppPatch64\AcXtrnal.dll
2013-04-13 05:49:19 350208 ----a-w- C:\Windows\apppatch\AppPatch64\AcLayers.dll
2013-04-13 05:49:19 308736 ----a-w- C:\Windows\apppatch\AppPatch64\AcGenral.dll
2013-04-13 05:49:19 111104 ----a-w- C:\Windows\apppatch\AppPatch64\acspecfc.dll
2013-04-13 04:45:16 474624 ----a-w- C:\Windows\apppatch\AcSpecfc.dll
2013-04-13 04:45:15 2176512 ----a-w- C:\Windows\apppatch\AcGenral.dll
2013-04-05 01:08:44 2312704 ----a-w- C:\Windows\System32\jscript9.dll
2013-04-05 01:00:30 1392128 ----a-w- C:\Windows\System32\wininet.dll
2013-04-05 00:59:24 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
2013-04-05 00:56:16 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2013-04-04 22:02:59 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2013-04-04 22:02:17 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2013-04-04 21:58:51 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2013-04-04 21:57:45 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll
.
============= FINISH: 9:11:20.64 ===============

Thanks for the help!

EDIT:
After disabling and re-enabling the LAN connection a few times, the computer started showing a bluescreen which appeared twice now.
The computer is acting very strange..

Edited by Sapir7, 26 May 2013 - 04:24 AM.

Advertisements

Register to Remove

#2 jeffce

Malware Guy

Authentic Member
8,693 posts

Posted 27 May 2013 - 08:30 AM

Hi and Welcome!!

My name is Jeff. I would be more than happy to take a look at your malware results logs and help you with solving any malware problems you might have. Logs can take a while to research, so please be patient and know that I am working hard to get you a clean and functional system back in your hands. I'd be grateful if you would note the following:

The fixes are specific to your problem and should only be used for the issues on this machine.
It's often worth reading through these instructions and printing them for ease of reference.
If you don't know or understand something, please don't hesitate to say or ask!! It's better to be sure and safe than sorry.
Please reply to this thread. Do not start a new topic.
If you happen to have a flash drive/thumb drive please have that ready in the event that we need to use it.
Please be sure to subscribe to the topic if you have not already done so.

IMPORTANT NOTE : Please do not delete, download or install anything unless instructed to do so.
DO NOT use any TOOLS such as Combofix or HijackThis fixes without supervision. Doing so could make your system inoperable and could require a full reinstall of your operating system and losing all your programs and data.

Having said that.... Posted Image

Let's get going!!
----------

Posted Image

Please download TDSSKiller

Double click TDSSKiller.exe
Press Start Scan but do nothing else as we are just looking for what is there.
If Malicious objects are found, select Skip by changing the Cure dropdown in the upper right.
Attach the log in your next reply
A copy of the log will be saved automatically to the root of the drive (typically C:\)

#3 Sapir7

Authentic Member

Authentic Member
22 posts

Posted 27 May 2013 - 08:47 AM

EDIT:
Does it matter if I'm on normal mode or safe mode?
Never mind. I ran the scan on both modes and there were "no threats found" :/

And thank you so much for the quick reply.

Edited by Sapir7, 27 May 2013 - 09:15 AM.

#4 jeffce

Malware Guy

Authentic Member
8,693 posts

Posted 27 May 2013 - 02:16 PM

Hi,

Unless asked to do so, please run everything from Normal Mode (if possible).

ComboFix

Download Combofix from either of the links below, and save it to your desktop.
Link 1
Link 2

**Note: It is important that it is saved directly to your desktop**
If you get a message saying "Illegal operation attempted on a registry key that has been marked for deletion", please restart your computer.

--------------------------------------------------------------------

IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here

--------------------------------------------------------------------

Right-Click and Run as Administrator on ComboFix.exe & follow the prompts.

When finished, it will produce a report for you.
Please post the C:\ComboFix.txt for further review.

#5 Sapir7

Authentic Member

Authentic Member
22 posts

Posted 27 May 2013 - 09:42 PM

ComboFix scan: ComboFix 13-05-27.02 - ספיר 05/28/2013 6:31.1.2 - x64 Microsoft Windows 7 Ultimate 6.1.7601.1.1255.972.1037.18.2047.1213 [GMT 3:00] Running from: c:\users\±??°\Desktop\ComboFix.exe AV: Kaspersky Internet Security *Disabled/Outdated* {C3113FBF-4BCB-4461-D78D-6EDFEC9593E5} FW: Kaspersky Internet Security *Disabled* {FB2ABE9A-01A4-4539-FCD2-C7EA1246D49E} SP: Kaspersky Internet Security *Disabled/Updated* {7870DE5B-6DF1-4BEF-ED3D-55AD9712D958} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} * Created a new restore point . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\windows\SysWow64\d2d1debug1.dll . . ((((((((((((((((((((((((( Files Created from 2013-04-28 to 2013-05-28 ))))))))))))))))))))))))))))))) . . 2013-05-28 03:36 . 2013-05-28 03:36 -------- d-----w- c:\users\Default\AppData\Local\temp 2013-05-25 00:08 . 2013-05-05 21:36 17818624 ----a-w- c:\windows\system32\mshtml.dll 2013-05-25 00:08 . 2013-05-05 21:16 2382848 ----a-w- c:\windows\system32\mshtml.tlb 2013-05-25 00:08 . 2013-05-05 19:12 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb 2013-05-25 00:05 . 2013-04-05 00:57 85504 ----a-w- c:\windows\system32\jsproxy.dll 2013-05-25 00:05 . 2013-04-04 22:11 1800704 ----a-w- c:\windows\SysWow64\jscript9.dll 2013-05-25 00:05 . 2013-04-05 00:55 816640 ----a-w- c:\windows\system32\jscript.dll 2013-05-25 00:05 . 2013-04-05 00:55 599040 ----a-w- c:\windows\system32\vbscript.dll 2013-05-25 00:05 . 2013-04-05 01:03 887808 ----a-w- c:\program files\Internet Explorer\iedvtool.dll 2013-05-25 00:05 . 2013-04-05 01:02 499200 ----a-w- c:\program files\Internet Explorer\jsdbgui.dll 2013-05-25 00:05 . 2013-04-04 22:05 678912 ----a-w- c:\program files (x86)\Internet Explorer\iedvtool.dll 2013-05-25 00:05 . 2013-04-04 22:04 387584 ----a-w- c:\program files (x86)\Internet Explorer\jsdbgui.dll 2013-05-25 00:05 . 2013-04-05 01:19 10926080 ----a-w- c:\windows\system32\ieframe.dll 2013-05-24 10:36 . 2013-05-13 06:37 9460464 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{863E8E9B-DD6B-4E38-B501-D9624C1A4446}\mpengine.dll 2013-05-24 10:30 . 2013-04-10 06:01 265064 ----a-w- c:\windows\system32\drivers\dxgmms1.sys 2013-05-24 10:30 . 2013-04-10 06:01 983400 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys 2013-05-24 10:30 . 2011-02-03 11:25 144384 ----a-w- c:\windows\system32\cdd.dll 2013-05-24 10:30 . 2013-02-27 05:52 14172672 ----a-w- c:\windows\system32\shell32.dll 2013-05-24 10:30 . 2013-02-27 05:52 197120 ----a-w- c:\windows\system32\shdocvw.dll 2013-05-24 10:30 . 2013-02-27 05:48 1930752 ----a-w- c:\windows\system32\authui.dll 2013-05-24 10:30 . 2013-02-27 06:02 111448 ----a-w- c:\windows\system32\consent.exe 2013-05-24 10:30 . 2013-02-27 05:47 70144 ----a-w- c:\windows\system32\appinfo.dll 2013-05-24 10:30 . 2013-02-27 04:49 1796096 ----a-w- c:\windows\SysWow64\authui.dll 2013-05-24 10:29 . 2013-03-19 05:53 48640 ----a-w- c:\windows\system32\wwanprotdim.dll 2013-05-24 10:29 . 2013-03-19 05:53 230400 ----a-w- c:\windows\system32\wwansvc.dll 2013-05-24 10:23 . 2013-04-10 03:30 3153920 ----a-w- c:\windows\system32\win32k.sys 2013-05-24 09:19 . 2013-05-24 09:19 -------- d-s---w- c:\windows\SysWow64\Microsoft 2013-05-24 07:56 . 2013-05-24 09:29 -------- d-----w- C:\scan 2013-05-24 07:45 . 2013-05-24 09:30 -------- d-----w- c:\program files\HitmanPro 2013-05-24 07:45 . 2013-05-24 08:36 -------- d-----w- c:\programdata\HitmanPro 2013-05-24 07:23 . 2013-05-24 09:29 -------- d-----w- c:\programdata\RegRun 2013-05-23 22:18 . 2013-05-23 22:18 -------- d-----w- c:\programdata\Malwarebytes 2013-05-23 22:09 . 2013-05-23 22:09 -------- d-----w- c:\program files\Google 2013-05-23 22:03 . 2013-05-23 22:06 -------- d-----w- c:\programdata\AVAST Software 2013-05-23 19:40 . 2013-05-23 19:40 -------- d-----w- c:\program files (x86)\Panda Security 2013-05-18 16:28 . 2013-05-24 09:30 -------- d-----r- c:\program files (x86)\Skype 2013-05-18 16:28 . 2013-05-18 16:28 -------- d-----w- c:\programdata\Skype 2013-05-17 14:34 . 2013-05-24 09:30 -------- d-----w- c:\program files (x86)\Common Files\DVDVideoSoft 2013-05-06 16:31 . 2013-05-06 16:33 -------- d-----w- c:\programdata\HP 2013-05-06 16:30 . 2013-05-06 16:30 -------- d-----w- c:\program files (x86)\HP 2013-05-06 16:30 . 2013-05-06 16:30 -------- d-----w- c:\program files\HP 2013-05-06 16:10 . 2012-08-23 11:14 384000 ----a-w- c:\windows\system32\wksprt.exe 2013-05-06 16:10 . 2012-08-23 10:39 1048064 ----a-w- c:\windows\SysWow64\mstsc.exe 2013-05-06 16:10 . 2012-08-23 10:22 1123840 ----a-w- c:\windows\system32\mstsc.exe 2013-05-06 16:10 . 2012-08-23 09:51 3174912 ----a-w- c:\windows\system32\rdpcorets.dll 2013-05-06 16:10 . 2012-08-23 08:19 4916224 ----a-w- c:\windows\SysWow64\mstscax.dll 2013-05-06 16:10 . 2012-08-23 08:13 5773824 ----a-w- c:\windows\system32\mstscax.dll 2013-05-06 16:03 . 2012-08-24 18:13 154480 ----a-w- c:\windows\system32\drivers\ksecpkg.sys 2013-05-06 16:03 . 2012-08-24 18:09 458712 ----a-w- c:\windows\system32\drivers\cng.sys 2013-05-06 16:03 . 2012-08-24 18:05 340992 ----a-w- c:\windows\system32\schannel.dll 2013-05-06 16:03 . 2012-08-24 16:57 247808 ----a-w- c:\windows\SysWow64\schannel.dll 2013-05-06 16:03 . 2012-08-24 18:03 1448448 ----a-w- c:\windows\system32\lsasrv.dll 2013-05-06 16:03 . 2012-08-24 16:57 22016 ----a-w- c:\windows\SysWow64\secur32.dll 2013-05-06 16:03 . 2012-08-24 16:53 96768 ----a-w- c:\windows\SysWow64\sspicli.dll 2013-05-06 16:03 . 2012-05-04 11:00 366592 ----a-w- c:\windows\system32\qdvd.dll 2013-05-06 16:03 . 2012-05-04 09:59 514560 ----a-w- c:\windows\SysWow64\qdvd.dll 2013-05-06 15:09 . 2013-05-07 16:59 1066464 ----a-w- c:\programdata\Microsoft\WDExpress\11.0\1033\ResourceCache.dll 2013-05-06 15:08 . 2013-05-06 15:08 -------- d-----w- c:\program files (x86)\NuGet 2013-05-06 15:05 . 2013-05-06 15:27 -------- d-----w- c:\program files (x86)\Common Files\Merge Modules 2013-05-06 15:04 . 2013-05-06 15:04 -------- d-----w- c:\windows\symbols 2013-05-06 15:03 . 2013-05-06 15:03 -------- d-----w- c:\program files (x86)\Common Files\Microsoft 2013-05-06 15:03 . 2013-05-06 15:03 -------- d-----w- c:\program files (x86)\Windows Kits 2013-05-06 15:01 . 2013-05-06 15:01 -------- d-----w- c:\program files (x86)\Microsoft Help Viewer 2013-05-06 15:01 . 2013-05-06 15:21 -------- d-----w- c:\program files (x86)\Microsoft SDKs 2013-05-06 15:01 . 2013-05-06 15:01 -------- d-----w- c:\windows\SysWow64\1033 2013-05-06 15:01 . 2013-05-06 15:01 -------- d-----w- c:\windows\system32\1033 2013-05-06 15:00 . 2013-05-06 15:00 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition 2013-05-06 15:00 . 2013-05-06 15:00 -------- d-----w- c:\program files (x86)\Microsoft SQL Server Compact Edition 2013-05-06 14:47 . 2013-05-07 16:58 -------- d-----w- c:\programdata\Package Cache 2013-05-06 12:46 . 2012-11-23 03:13 68608 ----a-w- c:\windows\system32\taskhost.exe 2013-05-05 19:28 . 2013-05-05 19:29 -------- d-----w- c:\windows\system32\SPReview 2013-05-05 19:28 . 2013-05-05 19:28 -------- d-----w- c:\windows\system32\EventProviders 2013-05-05 16:10 . 2013-05-05 16:10 -------- d-----w- c:\users\Default\AppData\Local\Microsoft Help 2013-05-05 16:00 . 2013-01-24 06:01 223752 ----a-w- c:\windows\system32\drivers\fvevol.sys 2013-05-05 14:34 . 2013-05-05 14:34 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2013-05-05 14:34 . 2013-05-05 14:34 691592 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2013-05-05 14:34 . 2013-05-05 14:34 -------- d-----w- c:\windows\SysWow64\Macromed 2013-05-05 14:34 . 2013-05-24 10:06 -------- d-----w- c:\windows\system32\Macromed 2013-05-05 08:24 . 2013-05-24 10:12 -------- d-----w- c:\users\UpdatusUser 2013-05-05 08:24 . 2013-05-05 08:24 -------- d-----w- c:\program files (x86)\NVIDIA Corporation 2013-05-05 08:20 . 2013-05-05 08:20 -------- d-----w- C:\NVIDIA 2013-05-02 13:36 . 2013-05-24 10:10 -------- d-----w- c:\programdata\NVIDIA 2013-05-02 13:35 . 2013-05-02 13:35 -------- d-----w- c:\programdata\NVIDIA Corporation 2013-05-02 13:35 . 2013-05-05 08:24 -------- d-----w- c:\program files\NVIDIA Corporation 2013-05-02 13:35 . 2011-01-08 03:27 11240 ----a-w- c:\windows\system32\drivers\nvBridge.kmd 2013-05-02 13:35 . 2011-10-15 08:53 13205312 ----a-w- c:\windows\SysWow64\nvd3dum.dll 2013-05-02 09:01 . 2013-05-24 10:07 -------- d-----w- c:\users\ספיר 2013-05-02 08:54 . 2013-04-12 14:45 1656680 ----a-w- c:\windows\system32\drivers\ntfs.sys 2013-05-02 08:54 . 2013-02-12 04:12 19968 ----a-w- c:\windows\system32\drivers\usb8023.sys 2013-05-02 08:54 . 2013-03-19 06:04 5550424 ----a-w- c:\windows\system32\ntoskrnl.exe 2013-05-02 08:54 . 2013-03-19 05:04 3968856 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe 2013-05-02 08:54 . 2013-03-19 05:04 3913560 ----a-w- c:\windows\SysWow64\ntoskrnl.exe 2013-05-02 08:54 . 2013-03-19 05:46 43520 ----a-w- c:\windows\system32\csrsrv.dll 2013-05-02 08:54 . 2013-03-19 04:47 6656 ----a-w- c:\windows\SysWow64\apisetschema.dll 2013-05-02 08:54 . 2013-03-19 03:06 112640 ----a-w- c:\windows\system32\smss.exe . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2013-05-25 00:09 . 2013-03-04 13:08 75016696 ----a-w- c:\windows\system32\MRT.exe 2013-05-05 19:39 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll 2013-05-05 19:39 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll 2013-05-02 09:12 . 2013-03-04 08:54 90208 ----a-w- c:\windows\system32\drivers\klflt.sys 2013-05-02 09:12 . 2013-03-04 08:54 620128 ----a-w- c:\windows\system32\drivers\klif.sys 2013-05-02 09:12 . 2013-01-14 10:53 55056 ----a-w- c:\windows\system32\drivers\kltdi.sys 2013-05-02 09:12 . 2012-08-13 14:49 178448 ----a-w- c:\windows\system32\drivers\kneps.sys 2013-05-01 23:06 . 2012-09-23 16:50 278800 ------w- c:\windows\system32\MpSigStub.exe 2013-04-13 05:49 . 2013-05-24 10:30 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll 2013-04-13 05:49 . 2013-05-24 10:30 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll 2013-04-13 05:49 . 2013-05-24 10:30 308736 ----a-w- c:\windows\apppatch\AppPatch64\AcGenral.dll 2013-04-13 05:49 . 2013-05-24 10:30 111104 ----a-w- c:\windows\apppatch\AppPatch64\acspecfc.dll 2013-04-13 04:45 . 2013-05-24 10:30 474624 ----a-w- c:\windows\apppatch\AcSpecfc.dll 2013-04-13 04:45 . 2013-05-24 10:30 2176512 ----a-w- c:\windows\apppatch\AcGenral.dll 2013-03-04 12:11 . 2013-03-04 12:11 74752 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe 2013-03-04 12:11 . 2013-03-04 12:11 161792 ----a-w- c:\windows\SysWow64\msls31.dll 2013-03-04 12:11 . 2013-03-04 12:11 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll 2013-03-04 12:11 . 2013-03-04 12:11 86528 ----a-w- c:\windows\SysWow64\iesysprep.dll 2013-03-04 12:11 . 2013-03-04 12:11 76800 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe 2013-03-04 12:11 . 2013-03-04 12:11 74752 ----a-w- c:\windows\SysWow64\iesetup.dll 2013-03-04 12:11 . 2013-03-04 12:11 63488 ----a-w- c:\windows\SysWow64\tdc.ocx 2013-03-04 12:11 . 2013-03-04 12:11 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll 2013-03-04 12:11 . 2013-03-04 12:11 367104 ----a-w- c:\windows\SysWow64\html.iec 2013-03-04 12:11 . 2013-03-04 12:11 23552 ----a-w- c:\windows\SysWow64\licmgr10.dll 2013-03-04 12:11 . 2013-03-04 12:11 152064 ----a-w- c:\windows\SysWow64\wextract.exe 2013-03-04 12:11 . 2013-03-04 12:11 150528 ----a-w- c:\windows\SysWow64\iexpress.exe 2013-03-04 12:11 . 2013-03-04 12:11 89088 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe 2013-03-04 12:11 . 2013-03-04 12:11 35840 ----a-w- c:\windows\SysWow64\imgutil.dll 2013-03-04 12:11 . 2013-03-04 12:11 222208 ----a-w- c:\windows\system32\msls31.dll 2013-03-04 12:11 . 2013-03-04 12:11 11776 ----a-w- c:\windows\SysWow64\mshta.exe 2013-03-04 12:11 . 2013-03-04 12:11 101888 ----a-w- c:\windows\SysWow64\admparse.dll 2013-03-04 12:11 . 2013-03-04 12:11 91648 ----a-w- c:\windows\system32\SetIEInstalledDate.exe 2013-03-04 12:11 . 2013-03-04 12:11 76800 ----a-w- c:\windows\system32\tdc.ocx 2013-03-04 12:11 . 2013-03-04 12:11 65024 ----a-w- c:\windows\system32\pngfilt.dll 2013-03-04 12:11 . 2013-03-04 12:11 55296 ----a-w- c:\windows\system32\msfeedsbs.dll 2013-03-04 12:11 . 2013-03-04 12:11 49664 ----a-w- c:\windows\system32\imgutil.dll 2013-03-04 12:11 . 2013-03-04 12:11 48640 ----a-w- c:\windows\system32\mshtmler.dll 2013-03-04 12:11 . 2013-03-04 12:11 452608 ----a-w- c:\windows\system32\dxtmsft.dll 2013-03-04 12:11 . 2013-03-04 12:11 448512 ----a-w- c:\windows\system32\html.iec 2013-03-04 12:11 . 2013-03-04 12:11 282112 ----a-w- c:\windows\system32\dxtrans.dll 2013-03-04 12:11 . 2013-03-04 12:11 267776 ----a-w- c:\windows\system32\ieaksie.dll 2013-03-04 12:11 . 2013-03-04 12:11 197120 ----a-w- c:\windows\system32\msrating.dll 2013-03-04 12:11 . 2013-03-04 12:11 163840 ----a-w- c:\windows\system32\ieakui.dll 2013-03-04 12:11 . 2013-03-04 12:11 160256 ----a-w- c:\windows\system32\ieakeng.dll 2013-03-04 12:11 . 2013-03-04 12:11 149504 ----a-w- c:\windows\system32\occache.dll 2013-03-04 12:11 . 2013-03-04 12:11 145920 ----a-w- c:\windows\system32\iepeers.dll 2013-03-04 12:11 . 2013-03-04 12:11 135168 ----a-w- c:\windows\system32\IEAdvpack.dll 2013-03-04 12:11 . 2013-03-04 12:11 12288 ----a-w- c:\windows\system32\mshta.exe 2013-03-04 12:11 . 2013-03-04 12:11 114176 ----a-w- c:\windows\system32\admparse.dll 2013-03-04 12:11 . 2013-03-04 12:11 111616 ----a-w- c:\windows\system32\iesysprep.dll 2013-03-04 12:11 . 2013-03-04 12:11 10752 ----a-w- c:\windows\system32\msfeedssync.exe 2013-03-04 12:11 . 2013-03-04 12:11 3695416 ----a-w- c:\windows\system32\ieapfltr.dat 2013-03-04 12:11 . 2013-03-04 12:11 89088 ----a-w- c:\windows\system32\ie4uinit.exe 2013-03-04 12:11 . 2013-03-04 12:11 85504 ----a-w- c:\windows\system32\iesetup.dll 2013-03-04 12:11 . 2013-03-04 12:11 82432 ----a-w- c:\windows\system32\icardie.dll 2013-03-04 12:11 . 2013-03-04 12:11 534528 ----a-w- c:\windows\system32\ieapfltr.dll 2013-03-04 12:11 . 2013-03-04 12:11 403248 ----a-w- c:\windows\system32\iedkcs32.dll 2013-03-04 12:11 . 2013-03-04 12:11 39936 ----a-w- c:\windows\system32\iernonce.dll 2013-03-04 12:11 . 2013-03-04 12:11 30720 ----a-w- c:\windows\system32\licmgr10.dll 2013-03-04 12:11 . 2013-03-04 12:11 249344 ----a-w- c:\windows\system32\webcheck.dll 2013-03-04 12:11 . 2013-03-04 12:11 165888 ----a-w- c:\windows\system32\iexpress.exe 2013-03-04 12:11 . 2013-03-04 12:11 160256 ----a-w- c:\windows\system32\wextract.exe 2013-03-04 12:11 . 2013-03-04 12:11 103936 ----a-w- c:\windows\system32\inseng.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)] @="{8BA85C75-763B-4103-94EB-9470F12FE0F7}" [HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}] 2013-03-19 18:31 1724600 ----a-w- c:\progra~2\MICROS~1\Office15\GROOVEEX.DLL . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)] @="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}" [HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}] 2013-03-19 18:31 1724600 ----a-w- c:\progra~2\MICROS~1\Office15\GROOVEEX.DLL . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)] @="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}" [HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}] 2013-03-19 18:31 1724600 ----a-w- c:\progra~2\MICROS~1\Office15\GROOVEEX.DLL . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-22 35760] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-12-11 948672] "AVP"="c:\program files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe" [2013-01-14 356376] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus] "DisableMonitoring"=dword:00000001 . R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2012-07-08 123856] R3 IntcDAud;שמע תצוגה של Intel®‎‎;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-10-14 317440] R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2012-10-01 178824] R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 19456] R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2012-08-23 57856] R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x] R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x] R3 WatAdminSvc;השירות 'טכנולוגיות הפעלה של Windows;c:\windows\system32\Wat\WatAdminSvc.exe [2013-03-05 1255736] R4 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-10-14 381248] R4 VIAKaraokeService;VIA Karaoke digital mixer Service;c:\windows\system32\viakaraokesrv.exe [2011-02-17 27760] S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys [2012-08-02 28504] S1 kltdi;kltdi;c:\windows\system32\DRIVERS\kltdi.sys [2013-05-02 55056] S1 kneps;kneps;c:\windows\system32\DRIVERS\kneps.sys [2013-05-02 178448] S3 klkbdflt;Kaspersky Lab KLKBDFLT;c:\windows\system32\DRIVERS\klkbdflt.sys [2013-01-14 29016] S3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\DRIVERS\klmouflt.sys [2013-01-14 29528] S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2010-11-30 412264] S3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [2011-02-17 2153072] . . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}] 2013-05-25 07:59 1165776 ----a-w- c:\program files (x86)\Google\Chrome\Application\27.0.1453.94\Installer\chrmstp.exe . Contents of the 'Scheduled Tasks' folder . 2013-05-26 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-05-05 14:34] . 2013-05-28 c:\windows\Tasks\AutoKMS.job - c:\windows\AutoKMS\AutoKMS.exe [2012-09-23 17:13] . 2013-05-28 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-09-23 14:36] . 2013-05-26 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-09-23 14:36] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)] @="{8BA85C75-763B-4103-94EB-9470F12FE0F7}" [HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}] 2013-03-19 18:27 2328760 ----a-w- c:\progra~1\MICROS~2\Office15\GROOVEEX.DLL . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)] @="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}" [HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}] 2013-03-19 18:27 2328760 ----a-w- c:\progra~1\MICROS~2\Office15\GROOVEEX.DLL . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)] @="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}" [HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}] 2013-03-19 18:27 2328760 ----a-w- c:\progra~1\MICROS~2\Office15\GROOVEEX.DLL . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-02-25 167960] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-02-25 391704] "Persistence"="c:\windows\system32\igfxpers.exe" [2011-02-25 418840] "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-02-24 11780712] . HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - LocalService FontCache . ------- Supplementary Scan ------- . uLocal Page = c:\windows\system32\blank.htm uStart Page = hxxp://www.walla.co.il/ mLocal Page = c:\windows\SysWOW64\blank.htm IE: &ייצוא אל Microsoft Excel - c:\progra~1\MICROS~2\Office15\EXCEL.EXE/3000 IE: ש&לח אל OneNote - c:\progra~1\MICROS~2\Office15\ONBttnIE.dll/105 TCP: DhcpNameServer = 194.90.0.1 194.90.1.5 Filter: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - c:\program files (x86)\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL . - - - - ORPHANS REMOVED - - - - . Wow6432Node-HKU-Default-Run-Skype - c:\program files (x86)\Skype\Phone\Skype.exe Wow6432Node-HKU-Default-RunOnce-SPReview - c:\windows\System32\SPReview\SPReview.exe . . . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_169_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_169_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_169_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_169_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_169.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.11" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_169.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_169.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_169.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Print\Forms\6* ׳*8*׀או'*] "FormKeyword"=hex:48,50,5f,36,58,38,5f,49,4e,3a,48,65,77,6c,65,74,74,2d,50,61, 63,6b,61,72,64,00 "ResourceNameID"="@hpvplres04.dll,128" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Print\Forms\ 5* ׳*7*׀או'*] "FormKeyword"=hex:48,50,5f,35,58,37,5f,49,4e,3a,48,65,77,6c,65,74,74,2d,50,61, 63,6b,61,72,64,00 "ResourceNameID"="@hpvplres04.dll,136" . Completion time: 2013-05-28 06:38:51 ComboFix-quarantined-files.txt 2013-05-28 03:38 . Pre-Run: 97,431,556,096 bytes free Post-Run: 96,823,177,216 bytes free . - - End Of File - - FACE1B2B51C75AB2136E14D3967A5033

#6 jeffce

Malware Guy

Authentic Member
8,693 posts

Posted 28 May 2013 - 09:15 AM

Hi,

Not looking too bad so far....

Posted Image

Download CKScanner by askey127 from Here & save it to your Desktop.

Right-click and Run as Administrator CKScanner.exe then click Search For Files
When the cursor hourglass disappears, click Save List To File
A message box will verify the file saved
Double-click the CKFiles.txt icon on your desktop then copy/paste the contents in your next reply

Malwarebytes

Please open Malwarebytes, update it and then run a Quick Scan. Save the log that is created for your next reply.
----------

#7 Sapir7

Authentic Member

Authentic Member
22 posts

Posted 28 May 2013 - 09:58 AM

CKscanner:
CKScanner 2.3 - Additional Security Risks - These are not necessarily bad
c:\windows\autokms\autokms.exe
scanner sequence 3.NA.11.BHAPOA
----- EOF -----

MalwareBytes:
Malwarebytes Anti-Malware (Trial) 1.75.0.1300
www.malwarebytes.org

Database version: v2013.05.28.05

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
ספיר :: ספיר-PC [administrator]

Protection: Enabled

28/05/2013 18:50:04
mbam-log-2013-05-28 (18-50-04).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 237390
Time elapsed: 3 minute(s), 28 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

It's been 2 days now that when running on normal mode, the little internet icon on the task bar doesn't connect to the internet at all. I'm currently running on safe mode.

Edited by Sapir7, 28 May 2013 - 10:11 AM.

#8 jeffce

Malware Guy

Authentic Member
8,693 posts

Posted 28 May 2013 - 12:51 PM

Please download Farbar Service Scanner and run it on the computer with the issue.

Make sure the following options are checked:
- Internet Services
- Windows Firewall
- System Restore
- Security Center
- Windows Update
- Windows Defender
- Other Services
Press "Scan".
It will create a log (FSS.txt) in the same directory the tool is run.
Please copy and paste the log to your reply.

----------

#9 Sapir7

Authentic Member

Authentic Member
22 posts

Posted 28 May 2013 - 09:25 PM

FSS:
Farbar Service Scanner Version: 25-05-2013
Ran by ספיר (administrator) on 29-05-2013 at 06:12:22
Running from "C:\Users\ספיר\Desktop"
Windows 7 Ultimate Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
There is no connection to network.
Attempt to access Google IP returned error. Google IP is unreachable
Attempt to access Google.com returned error: Other errors
Attempt to access Yahoo IP returned error. Yahoo IP is unreachable
Attempt to access Yahoo.com returned error: Other errors

Windows Firewall:
=============

Firewall Disabled Policy:
==================
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall"=DWORD:0

System Restore:
============

System Restore Disabled Policy:
========================

Action Center:
============
wscsvc Service is not running. Checking service configuration:
The start type of wscsvc service is OK.
The ImagePath of wscsvc service is OK.
The ServiceDll of wscsvc service is OK.

Windows Update:
============
wuauserv Service is not running. Checking service configuration:
The start type of wuauserv service is OK.
The ImagePath of wuauserv service is OK.
The ServiceDll of wuauserv service is OK.

Windows Autoupdate Disabled Policy:
============================

Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.

Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1

Other Services:
==============

File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\ipnathlp.dll => MD5 is legit
C:\Windows\System32\iphlpsvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit

**** End of log ****

#10 jeffce

Malware Guy

Authentic Member
8,693 posts

Posted 29 May 2013 - 08:31 AM

Hi,

I can see where there is a problem but what is causing it right now I am not sure....I don't think that it's malware luckily.

Posted Image

Download Windows Repair (all in one) from this site

Install and then run the program.

On the Start Repairs tab and click Start
Posted Image

When the Repair Options screen populates, be sure to select all items and also check Restart System When Finished.

Now press Start
----------

Check the internet connection and let me know if it is working now correctly?

Advertisements

Register to Remove

#11 Sapir7

Authentic Member

Authentic Member
22 posts

Posted 29 May 2013 - 10:44 AM

The last tool you provided didn't help :/ Upon startup, there's no internet connection. (There wasn't an internet connection for 3 days now).

#12 jeffce

Malware Guy

Authentic Member
8,693 posts

Posted 29 May 2013 - 02:02 PM

Click Start, and then click Control Panel.
Click System.
Click Device Manager and then check to see whether there are any Warning Triangles or anything else noting an error.

#13 Sapir7

Authentic Member

Authentic Member
22 posts

Posted 29 May 2013 - 09:40 PM

I also displayed hidden devices and there were no warning triangles.
However, there was 1 category called Drivers that do not correlate insert-activate (I've tried to translate this from Hebrew to English).

Edited by Sapir7, 29 May 2013 - 09:42 PM.

#14 jeffce

Malware Guy

Authentic Member
8,693 posts

Posted 30 May 2013 - 05:41 AM

Ok...let's get a couple more scans and see if anything pops up.

Download RogueKiller to your desktop

Quit all running programs
For Vista/Seven, right click -> run as administrator, for XP simply run RogueKiller.exe
There will be a pre-scan that will run automatically (this is normal)
Once the pre-scan has finished, press the Scan button
If the program is blocked, do not hesitate to try several times. If it really does not work (it could happen), rename it to winlogon.exe
Once the Scan is complete, press the Report button to generate the results.

Please post the contents of the RKreport.txt in your next Reply.

----------------

ESET Online Scanner

Go here to run an online scannner from ESET. Windows Vista/Windows 7 users will need to right click on their Internet Explorer shortcut, and select Run as Administrator

Note: For browsers other than Internet Explorer, you will be prompted to download and install esetsmartinstaller_enu.exe. Click on the link and save the file to a convenient location. Double click on it to install and a new window will open. Follow the prompts.
Turn off the real time scanner of any existing antivirus program while performing the online scan
Tick the box next to YES, I accept the Terms of Use.
Click Start
When asked, allow the activex control to install
Click Start
Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
Click on Advanced Settings, ensure the options Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
Click Scan
Wait for the scan to finish
When the scan is done, if it shows a screen that says "Threats found!", then click "List of found threats", and then click "Export to text file..."
Save that text file on your desktop. Copy and paste the contents of that log as a reply to this topic.
Close the ESET online scan, and let me know how things are now.

----------

#15 Sapir7

Authentic Member

Authentic Member
22 posts

Posted 30 May 2013 - 06:17 AM

A question regarding the ESET online scan.
I am using safe mode with networking, can I run the scan on that mode? The only way I can get the internet to work on normal mode is by using my mobile phone's internet.
So how to run it?

Thank you so much for your help so far

EDIT:

nvm hehe. I thought the ESET online scan is literally online.
I ran it on normal mode but the computer got restarted by itself (which is weird). I've managed to get a result after running it on safe mode, though.

RogueKiller:
RogueKiller V8.5.4 _x64_ [Mar 18 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.geekstogo...13-roguekiller/
Website : http://tigzy.geeksto...roguekiller.php
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : ספיר [Admin rights]
Mode : Scan -- Date : 05/30/2013 17:17:08
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 3 ¤¤¤
[TASK][SUSP PATH] {3B4C7011-9F62-48AD-9042-3BCB676D1A81} : C:\Users\ספיר\Desktop\fsbl.exe [x] -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts

127.0.0.1 localhost

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: Hitachi HDS721050CLA362 ATA Device +++++
--- User ---
[MBR] 9181738079f284b730a6009fe1c24141
[BSP] 559ea955afd6b5d72ee01f2fa42d2444 : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 101 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 208845 | Size: 149903 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 307212288 | Size: 326932 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[1]_S_05302013_02d1717.txt >>
RKreport[1]_S_05302013_02d1717.txt

ESET:
C:\Users\????\Documents\SopCast-3.8.2.exe a variant of Win32/Bundled.Toolbar.Ask.C application

Edited by Sapir7, 30 May 2013 - 11:59 AM.

Body Background

skin color theme