OTL logfile created on: 12/08/2013 17:32:25 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\sh770\שולחן העבודה
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 0000040D | Country: ישראל | Language: HEB | Date Format: dd/MM/yyyy
1.99 Gb Total Physical Memory | 0.64 Gb Available Physical Memory | 32.14% Memory free
4.82 Gb Paging File | 3.43 Gb Available in Paging File | 71.28% Paging File free
Paging file location(s): C:\pagefile.sys 2050 2050E:\pagef [Binary data over 200 bytes]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 50.00 Gb Total Space | 11.92 Gb Free Space | 23.83% Space Free | Partition Type: NTFS
Drive D: | 100.01 Gb Total Space | 3.65 Gb Free Space | 3.65% Space Free | Partition Type: NTFS
Drive E: | 32.87 Gb Total Space | 1.95 Gb Free Space | 5.95% Space Free | Partition Type: NTFS
Drive F: | 44.26 Gb Total Space | 19.86 Gb Free Space | 44.86% Space Free | Partition Type: NTFS
Drive G: | 5.75 Gb Total Space | 5.26 Gb Free Space | 91.58% Space Free | Partition Type: NTFS
Drive W: | 931.51 Gb Total Space | 10.14 Gb Free Space | 1.09% Space Free | Partition Type: NTFS
Computer Name: CHABADGAT | User Name: sh770 | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ========== PRC - [2013/08/12 17:29:11 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\sh770\שולחן העבודה\OTL.exe
PRC - [2013/08/07 16:46:13 | 000,276,376 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2013/07/24 01:57:42 | 002,251,360 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\Winamp\winamp.exe
PRC - [2013/07/19 00:16:13 | 000,182,184 | ---- | M] (Oracle Corporation) -- C:\Program Files\Java\jre7\bin\jqs.exe
PRC - [2010/11/02 23:06:06 | 000,365,336 | ---- | M] (Kaspersky Lab ZAO) -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe
PRC - [2008/07/25 14:22:52 | 000,031,744 | ---- | M] (DiamondCS) -- C:\Program Files\ProcessGuard\DCSUserProt.exe
PRC - [2008/07/25 14:22:50 | 000,267,287 | ---- | M] (DiamondCS) -- C:\Program Files\ProcessGuard\procguard.exe
PRC - [2008/07/25 14:11:58 | 000,120,832 | ---- | M] (DiamondCS) -- C:\Program Files\ProcessGuard\pgaccount.exe
PRC - [2008/04/14 15:00:00 | 001,202,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
========== Modules (No Company Name) ========== MOD - [2013/08/11 20:58:56 | 000,119,808 | ---- | M] () -- C:\Documents and Settings\sh770\Local Settings\temp\WHECB34.tmp\winamp.lng
MOD - [2013/08/11 20:58:56 | 000,058,880 | ---- | M] () -- C:\Documents and Settings\sh770\Local Settings\temp\WHECB34.tmp\burnlib.lng
MOD - [2013/08/11 20:58:56 | 000,012,800 | ---- | M] () -- C:\Documents and Settings\sh770\Local Settings\temp\WHECB34.tmp\dsp_sps.lng
MOD - [2013/08/11 20:58:56 | 000,009,216 | ---- | M] () -- C:\Documents and Settings\sh770\Local Settings\temp\WHECB34.tmp\enc_aacplus.lng
MOD - [2013/08/11 20:58:56 | 000,005,632 | ---- | M] () -- C:\Documents and Settings\sh770\Local Settings\temp\WHECB34.tmp\enc_wma.lng
MOD - [2013/08/11 20:58:56 | 000,005,120 | ---- | M] () -- C:\Documents and Settings\sh770\Local Settings\temp\WHECB34.tmp\enc_lame.lng
MOD - [2013/08/11 20:58:56 | 000,004,096 | ---- | M] () -- C:\Documents and Settings\sh770\Local Settings\temp\WHECB34.tmp\enc_vorbis.lng
MOD - [2013/08/11 20:58:56 | 000,004,096 | ---- | M] () -- C:\Documents and Settings\sh770\Local Settings\temp\WHECB34.tmp\enc_flac.lng
MOD - [2013/08/11 20:58:56 | 000,003,584 | ---- | M] () -- C:\Documents and Settings\sh770\Local Settings\temp\WHECB34.tmp\enc_wav.lng
MOD - [2013/08/11 20:58:55 | 000,082,944 | ---- | M] () -- C:\Documents and Settings\sh770\Local Settings\temp\WHECB34.tmp\vis_avs.lng
MOD - [2013/08/11 20:58:55 | 000,033,792 | ---- | M] () -- C:\Documents and Settings\sh770\Local Settings\temp\WHECB34.tmp\ml_pmp.lng
MOD - [2013/08/11 20:58:55 | 000,015,360 | ---- | M] () -- C:\Documents and Settings\sh770\Local Settings\temp\WHECB34.tmp\out_ds.lng
MOD - [2013/08/11 20:58:55 | 000,010,752 | ---- | M] () -- C:\Documents and Settings\sh770\Local Settings\temp\WHECB34.tmp\ml_wire.lng
MOD - [2013/08/11 20:58:55 | 000,010,752 | ---- | M] () -- C:\Documents and Settings\sh770\Local Settings\temp\WHECB34.tmp\ml_playlists.lng
MOD - [2013/08/11 20:58:55 | 000,008,192 | ---- | M] () -- C:\Documents and Settings\sh770\Local Settings\temp\WHECB34.tmp\pmp_usb.lng
MOD - [2013/08/11 20:58:55 | 000,007,168 | ---- | M] () -- C:\Documents and Settings\sh770\Local Settings\temp\WHECB34.tmp\vis_nsfs.lng
MOD - [2013/08/11 20:58:55 | 000,007,168 | ---- | M] () -- C:\Documents and Settings\sh770\Local Settings\temp\WHECB34.tmp\out_wave.lng
MOD - [2013/08/11 20:58:55 | 000,007,168 | ---- | M] () -- C:\Documents and Settings\sh770\Local Settings\temp\WHECB34.tmp\ml_plg.lng
MOD - [2013/08/11 20:58:55 | 000,006,656 | ---- | M] () -- C:\Documents and Settings\sh770\Local Settings\temp\WHECB34.tmp\ml_transcode.lng
MOD - [2013/08/11 20:58:55 | 000,006,144 | ---- | M] () -- C:\Documents and Settings\sh770\Local Settings\temp\WHECB34.tmp\tagz.lng
MOD - [2013/08/11 20:58:55 | 000,006,144 | ---- | M] () -- C:\Documents and Settings\sh770\Local Settings\temp\WHECB34.tmp\pmp_ipod.lng
MOD - [2013/08/11 20:58:55 | 000,006,144 | ---- | M] () -- C:\Documents and Settings\sh770\Local Settings\temp\WHECB34.tmp\out_disk.lng
MOD - [2013/08/11 20:58:55 | 000,005,632 | ---- | M] () -- C:\Documents and Settings\sh770\Local Settings\temp\WHECB34.tmp\ml_rg.lng
MOD - [2013/08/11 20:58:55 | 000,004,096 | ---- | M] () -- C:\Documents and Settings\sh770\Local Settings\temp\WHECB34.tmp\pmp_p4s.lng
MOD - [2013/08/11 20:58:55 | 000,004,096 | ---- | M] () -- C:\Documents and Settings\sh770\Local Settings\temp\WHECB34.tmp\pmp_activesync.lng
MOD - [2013/08/11 20:58:55 | 000,003,584 | ---- | M] () -- C:\Documents and Settings\sh770\Local Settings\temp\WHECB34.tmp\pmp_njb.lng
MOD - [2013/08/11 20:58:54 | 000,043,520 | ---- | M] () -- C:\Documents and Settings\sh770\Local Settings\temp\WHECB34.tmp\ml_local.lng
MOD - [2013/08/11 20:58:54 | 000,030,720 | ---- | M] () -- C:\Documents and Settings\sh770\Local Settings\temp\WHECB34.tmp\ml_disc.lng
MOD - [2013/08/11 20:58:54 | 000,013,824 | ---- | M] () -- C:\Documents and Settings\sh770\Local Settings\temp\WHECB34.tmp\in_wm.lng
MOD - [2013/08/11 20:58:54 | 000,008,704 | ---- | M] () -- C:\Documents and Settings\sh770\Local Settings\temp\WHECB34.tmp\in_vorbis.lng
MOD - [2013/08/11 20:58:54 | 000,006,656 | ---- | M] () -- C:\Documents and Settings\sh770\Local Settings\temp\WHECB34.tmp\ml_autotag.lng
MOD - [2013/08/11 20:58:54 | 000,006,144 | ---- | M] () -- C:\Documents and Settings\sh770\Local Settings\temp\WHECB34.tmp\ml_history.lng
MOD - [2013/08/11 20:58:54 | 000,004,608 | ---- | M] () -- C:\Documents and Settings\sh770\Local Settings\temp\WHECB34.tmp\ml_online.lng
MOD - [2013/08/11 20:58:54 | 000,004,608 | ---- | M] () -- C:\Documents and Settings\sh770\Local Settings\temp\WHECB34.tmp\ml_bookmarks.lng
MOD - [2013/08/11 20:58:54 | 000,004,096 | ---- | M] () -- C:\Documents and Settings\sh770\Local Settings\temp\WHECB34.tmp\ml_dash.lng
MOD - [2013/08/11 20:58:54 | 000,004,096 | ---- | M] () -- C:\Documents and Settings\sh770\Local Settings\temp\WHECB34.tmp\in_wave.lng
MOD - [2013/08/11 20:58:54 | 000,003,584 | ---- | M] () -- C:\Documents and Settings\sh770\Local Settings\temp\WHECB34.tmp\ml_orb.lng
MOD - [2013/08/11 20:58:54 | 000,003,584 | ---- | M] () -- C:\Documents and Settings\sh770\Local Settings\temp\WHECB34.tmp\ml_nowplaying.lng
MOD - [2013/08/11 20:58:53 | 000,019,968 | ---- | M] () -- C:\Documents and Settings\sh770\Local Settings\temp\WHECB34.tmp\in_mp3.lng
MOD - [2013/08/11 20:58:53 | 000,018,432 | ---- | M] () -- C:\Documents and Settings\sh770\Local Settings\temp\WHECB34.tmp\in_midi.lng
MOD - [2013/08/11 20:58:53 | 000,017,408 | ---- | M] () -- C:\Documents and Settings\sh770\Local Settings\temp\WHECB34.tmp\in_mod.lng
MOD - [2013/08/11 20:58:53 | 000,014,336 | ---- | M] () -- C:\Documents and Settings\sh770\Local Settings\temp\WHECB34.tmp\gen_ml.lng
MOD - [2013/08/11 20:58:53 | 000,010,240 | ---- | M] () -- C:\Documents and Settings\sh770\Local Settings\temp\WHECB34.tmp\in_nsv.lng
MOD - [2013/08/11 20:58:53 | 000,009,728 | ---- | M] () -- C:\Documents and Settings\sh770\Local Settings\temp\WHECB34.tmp\in_cdda.lng
MOD - [2013/08/11 20:58:53 | 000,008,704 | ---- | M] () -- C:\Documents and Settings\sh770\Local Settings\temp\WHECB34.tmp\gen_hotkeys.lng
MOD - [2013/08/11 20:58:53 | 000,007,168 | ---- | M] () -- C:\Documents and Settings\sh770\Local Settings\temp\WHECB34.tmp\gen_tray.lng
MOD - [2013/08/11 20:58:53 | 000,006,144 | ---- | M] () -- C:\Documents and Settings\sh770\Local Settings\temp\WHECB34.tmp\in_dshow.lng
MOD - [2013/08/11 20:58:53 | 000,005,632 | ---- | M] () -- C:\Documents and Settings\sh770\Local Settings\temp\WHECB34.tmp\in_flac.lng
MOD - [2013/08/11 20:58:53 | 000,004,096 | ---- | M] () -- C:\Documents and Settings\sh770\Local Settings\temp\WHECB34.tmp\in_mp4.lng
MOD - [2013/08/11 20:58:53 | 000,003,584 | ---- | M] () -- C:\Documents and Settings\sh770\Local Settings\temp\WHECB34.tmp\in_linein.lng
MOD - [2013/08/11 20:58:52 | 000,018,432 | ---- | M] () -- C:\Documents and Settings\sh770\Local Settings\temp\WHECB34.tmp\gen_ff.lng
MOD - [2013/08/11 20:58:52 | 000,007,168 | ---- | M] () -- C:\Documents and Settings\sh770\Local Settings\temp\WHECB34.tmp\gen_crasher.lng
MOD - [2013/08/07 16:46:12 | 003,534,232 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2013/07/18 08:14:53 | 016,166,280 | ---- | M] () -- C:\Windows\system32\Macromed\Flash\NPSWF32_11_8_800_94.dll
MOD - [2013/01/15 18:59:46 | 000,106,304 | ---- | M] () -- C:\Program Files\IObit\Advanced SystemCare 6\ASCComputerMenu.dll
MOD - [2013/01/15 18:47:02 | 000,143,168 | ---- | M] () -- C:\Program Files\IObit\Advanced SystemCare 6\ASCExtMenu.dll
MOD - [2012/11/21 07:26:34 | 000,008,704 | ---- | M] () -- C:\Documents and Settings\sh770\Application Data\Mozilla\Firefox\Profiles\j07ullke.default\extensions\mintrayr@tn123.ath.cx\lib\tray_x86-msvc.dll
MOD - [2012/06/29 14:53:22 | 000,335,872 | ---- | M] () -- C:\Program Files\Winamp\Plugins\out_mixer.dll
MOD - [2012/06/29 14:53:21 | 000,869,376 | ---- | M] () -- C:\Program Files\Winamp\Plugins\gen_dropbox.dll
MOD - [2012/01/29 13:54:40 | 000,408,576 | ---- | M] () -- C:\Program Files\TeraCopy\TeraCopy.dll
MOD - [2012/01/20 11:55:04 | 000,427,520 | ---- | M] () -- C:\Program Files\TeraCopy\TeraCopyExt.dll
MOD - [2010/10/05 21:26:52 | 002,111,160 | ---- | M] () -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avzkrnl.dll
MOD - [2010/07/05 00:32:38 | 000,010,752 | ---- | M] () -- C:\Program Files\Unlocker\UnlockerCOM.dll
========== Services (SafeList) ========== SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ)
SRV - [2013/07/19 00:16:13 | 000,182,184 | ---- | M] (Oracle Corporation) [Auto | Running] -- C:\Program Files\Java\jre7\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2013/07/18 08:14:54 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/07/08 14:28:42 | 000,129,112 | ---- | M] (Sandboxie Holdings, LLC) [On_Demand | Stopped] -- C:\Program Files\Sandboxie\SbieSvc.exe -- (SbieSvc)
SRV - [2013/07/08 14:09:10 | 004,153,184 | ---- | M] (TeamViewer GmbH) [On_Demand | Stopped] -- C:\Program Files\TeamViewer\Version8\TeamViewer_Service.exe -- (TeamViewer8)
SRV - [2013/03/13 23:56:20 | 001,035,576 | ---- | M] (Crystal Rich Ltd) [On_Demand | Stopped] -- C:\Program Files\USB Safely Remove\USBSRService.exe -- (USBSafelyRemoveService)
SRV - [2013/02/26 03:28:44 | 000,357,456 | ---- | M] (VMware, Inc.) [On_Demand | Stopped] -- C:\Windows\system32\vmnetdhcp.exe -- (VMnetDHCP)
SRV - [2013/02/26 03:28:26 | 000,436,304 | ---- | M] (VMware, Inc.) [On_Demand | Stopped] -- C:\Windows\system32\vmnat.exe -- (VMware NAT Service)
SRV - [2013/02/26 02:54:34 | 013,242,960 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\VMware\VMware Workstation\vmware-hostd.exe -- (VMwareHostd)
SRV - [2013/02/26 02:30:42 | 000,087,120 | ---- | M] (VMware, Inc.) [On_Demand | Stopped] -- C:\Program Files\VMware\VMware Workstation\vmware-authd.exe -- (VMAuthdService)
SRV - [2012/10/11 17:15:28 | 000,721,048 | ---- | M] (VMware, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\VMware\USB\vmware-usbarbitrator.exe -- (VMUSBArbService)
SRV - [2012/01/05 18:42:34 | 000,075,624 | ---- | M] (Alcohol Soft Development Team) [Auto | Stopped] -- C:\Program Files\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe -- (AxAutoMntSrv)
SRV - [2010/11/02 23:06:06 | 000,365,336 | ---- | M] (Kaspersky Lab ZAO) [Auto | Running] -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe -- (AVP)
SRV - [2010/06/25 20:07:20 | 000,117,264 | ---- | M] (CACE Technologies, Inc.) [On_Demand | Stopped] -- C:\Program Files\WinPcap\rpcapd.exe -- (rpcapd)
SRV - [2010/03/18 16:47:22 | 000,035,160 | ---- | M] () [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe -- (aspnet_state)
SRV - [2009/04/21 12:59:02 | 002,869,760 | ---- | M] (Aladdin Knowledge Systems Ltd.) [On_Demand | Stopped] -- C:\Windows\system32\hasplms.exe -- (hasplms)
SRV - [2008/07/25 14:22:52 | 000,031,744 | ---- | M] (DiamondCS) [Auto | Running] -- C:\Program Files\ProcessGuard\DCSUserProt.exe -- (DCSPGSRV)
========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\VNic.sys -- (VNic)
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\Drivers\ulink.sys -- (Usblink)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\A-FF Find and Mount\slicedisk.sys -- (SliceDisk5)
DRV - File not found [Kernel | Auto | Stopped] -- System32\Drivers\Scutum50.sys -- (Scutum50)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | Boot | Unknown] -- system32\drivers\Partizan.sys -- (Partizan)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\NSNDIS5.SYS -- (NSNDIS5)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\TEMP\cpuz136\cpuz136_x32.sys -- (cpuz136)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\sh770\LOCALS~1\Temp\cpuz130\cpuz_x32.sys -- (cpuz130)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\ComboFix\catchme.sys -- (catchme)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\sh770\LOCALS~1\Temp\ALSysIO.sys -- (ALSysIO)
DRV - [2013/07/08 14:28:40 | 000,159,208 | ---- | M] (Sandboxie Holdings, LLC) [Kernel | On_Demand | Stopped] -- C:\Program Files\Sandboxie\SbieDrv.sys -- (SbieDrv)
DRV - [2013/06/24 19:13:12 | 000,158,496 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\snapman.sys -- (snapman)
DRV - [2013/05/19 14:04:42 | 000,124,504 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\system32\drivers\AnyDVD.sys -- (AnyDVD)
DRV - [2013/04/04 14:50:32 | 000,022,856 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2013/03/29 22:42:40 | 005,444,680 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService)
DRV - [2013/02/26 03:29:02 | 000,034,384 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\system32\drivers\vmnetbridge.sys -- (VMnetBridge)
DRV - [2013/02/26 03:28:26 | 000,024,272 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\system32\drivers\vmparport.sys -- (VMparport)
DRV - [2013/02/26 03:28:06 | 000,026,192 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\system32\drivers\vmnetuserif.sys -- (VMnetuserif)
DRV - [2013/02/26 03:28:04 | 000,062,416 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\system32\drivers\vmx86.sys -- (vmx86)
DRV - [2013/02/26 03:27:46 | 000,026,064 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\system32\drivers\VMkbd.sys -- (vmkbd)
DRV - [2013/02/26 03:27:46 | 000,016,664 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\system32\drivers\vmnetadapter.sys -- (VMnetAdapter)
DRV - [2012/12/20 19:11:38 | 000,026,624 | ---- | M] (wj32) [Kernel | System | Running] -- C:\Program Files\Process Hacker 2\kprocesshacker.sys -- (KProcessHacker2)
DRV - [2012/12/19 21:04:16 | 000,475,736 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- C:\Windows\system32\drivers\klif.sys -- (KLIF)
DRV - [2012/12/06 01:55:03 | 000,142,496 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2012/10/24 15:16:58 | 000,061,464 | ---- | M] (VMware, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\vsock.sys -- (vsock)
DRV - [2012/10/24 15:16:50 | 000,071,152 | ---- | M] (VMware, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\vmci.sys -- (vmci)
DRV - [2012/10/11 17:15:36 | 000,041,496 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\system32\drivers\hcmon.sys -- (hcmon)
DRV - [2012/10/11 17:15:06 | 000,031,280 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\vmusb.sys -- (vmusb)
DRV - [2012/08/01 21:13:40 | 000,033,512 | ---- | M] (AnchorFree Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\taphss.sys -- (taphss)
DRV - [2012/06/13 16:49:30 | 000,231,760 | ---- | M] (TrueCrypt Foundation) [Kernel | System | Running] -- C:\Windows\system32\drivers\truecrypt.sys -- (truecrypt)
DRV - [2012/05/02 17:50:14 | 000,259,584 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\system32\drivers\XHASP.sys -- (XHASP)
DRV - [2012/05/02 17:44:38 | 000,047,616 | ---- | M] (Aladdin Knowledge Systems) [Kernel | Auto | Running] -- C:\Windows\system32\drivers\Haspnt.sys -- (Haspnt)
DRV - [2011/08/08 21:13:10 | 000,117,584 | ---- | M] (SysProgs.org) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\BazisVirtualCDBus.sys -- (BazisVirtualCDBus)
DRV - [2011/07/12 10:36:28 | 000,022,768 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\system32\drivers\vstor2-mntapi10-shared.sys -- (vstor2-mntapi10-shared)
DRV - [2011/06/26 03:56:44 | 000,028,256 | ---- | M] (Applian Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\system32\drivers\appliand.sys -- (appliandMP)
DRV - [2011/06/26 03:56:44 | 000,028,256 | ---- | M] (Applian Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\appliand.sys -- (appliand)
DRV - [2010/09/01 16:07:24 | 000,026,624 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\tap0901.sys -- (tap0901)
DRV - [2010/08/27 16:04:42 | 000,105,344 | ---- | M] (TCT International Mobile Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\jrdusbser.sys -- (jrdusbser)
DRV - [2010/08/06 23:45:28 | 000,907,496 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\RTL8192cu.sys -- (RTL8192cu)
DRV - [2010/06/25 20:07:14 | 000,035,088 | ---- | M] (CACE Technologies, Inc.) [Kernel | Auto | Running] -- C:\Windows\system32\drivers\npf.sys -- (NPF)
DRV - [2010/06/09 17:43:52 | 000,011,352 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\system32\drivers\kl2.sys -- (kl2)
DRV - [2010/06/09 17:43:50 | 000,132,184 | ---- | M] (Kaspersky Lab ZAO) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\kl1.sys -- (KL1)
DRV - [2010/05/21 20:34:12 | 000,827,488 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\rt2870.sys -- (rt2870)
DRV - [2010/05/07 12:06:26 | 000,032,856 | ---- | M] (Kaspersky Lab ZAO) [Kernel | On_Demand | Running] -- C:\Windows\system32\drivers\klim5.sys -- (klim5)
DRV - [2010/01/29 11:40:04 | 000,082,320 | ---- | M] (EZB Systems, Inc.) [File_System | System | Running] -- C:\Program Files\UltraISO\drivers\ISODrive.sys -- (ISODrive)
DRV - [2009/12/30 11:20:56 | 000,027,064 | ---- | M] (VS Revo Group) [File_System | On_Demand | Stopped] -- C:\Windows\system32\drivers\revoflt.sys -- (Revoflt)
DRV - [2009/12/21 21:39:14 | 000,016,456 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\system32\pwdrvio.sys -- (pwdrvio)
DRV - [2009/12/21 21:39:12 | 000,011,088 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\system32\pwdspio.sys -- (pwdspio)
DRV - [2009/11/18 08:17:00 | 001,395,800 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\Monfilt.sys -- (Monfilt)
DRV - [2009/11/18 08:16:00 | 001,691,480 | ---- | M] (Creative) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\Ambfilt.sys -- (Ambfilt)
DRV - [2009/11/02 20:27:24 | 000,019,472 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\Windows\system32\drivers\klmouflt.sys -- (klmouflt)
DRV - [2009/01/16 12:42:28 | 000,352,256 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | Auto | Running] -- C:\Windows\system32\drivers\aksfridge.sys -- (aksfridge)
DRV - [2008/10/17 07:14:00 | 000,030,720 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\system32\drivers\l251x86.sys -- (AtcL002)
DRV - [2008/07/25 14:33:06 | 000,026,688 | ---- | M] (DiamondCS) [Kernel | Auto | Running] -- C:\Windows\system32\drivers\procguard.sys -- (procguard)
DRV - [2008/01/19 00:43:20 | 000,131,000 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\system32\drivers\WimFltr.sys -- (WimFltr)
DRV - [2006/11/22 10:01:48 | 000,693,760 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | Auto | Running] -- C:\Windows\system32\drivers\hardlock.sys -- (Hardlock)
DRV - [2006/10/19 03:12:16 | 000,012,664 | ---- | M] () [Kernel | System | Running] -- C:\Windows\system32\drivers\AsIO.sys -- (AsIO)
DRV - [2006/04/26 02:03:56 | 000,009,600 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\ISODisk.sys -- (ISODisk)
DRV - [2005/11/03 10:46:43 | 000,390,379 | ---- | M] (Vimicro Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\usbVM305.sys -- (ZSMC0305)
DRV - [2005/10/16 08:00:00 | 000,012,928 | ---- | M] (Bo Brantén) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\filedisk.sys -- (FileDisk)
DRV - [2004/08/13 11:56:20 | 000,005,810 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\system32\drivers\ASACPI.sys -- (MTsensor)
DRV - [2004/03/04 22:11:40 | 000,013,654 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\system32\drivers\IPSecVPN.sys -- (IPSecVPN)
DRV - [2002/12/24 21:18:56 | 000,003,712 | ---- | M] (Hitachi Global Storage Technologies) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\cfadisk.sys -- (cfadisk)
DRV - [2001/08/17 13:53:42 | 000,004,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\loop.sys -- (msloop)
========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" =
http://www.bing.com/search IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1935655697-616249376-1417001333-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-21-1935655697-616249376-1417001333-1003\..\SearchScopes,DefaultScope = {A29C6051-83AD-4B4F-ADDE-18FFC2E7AD07}
IE - HKU\S-1-5-21-1935655697-616249376-1417001333-1003\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" =
http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKU\S-1-5-21-1935655697-616249376-1417001333-1003\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" =
http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKU\S-1-5-21-1935655697-616249376-1417001333-1003\..\SearchScopes\{A29C6051-83AD-4B4F-ADDE-18FFC2E7AD07}: "URL" =
http://www.google.co.il/search?hl=iw&q={searchTerms}
IE - HKU\S-1-5-21-1935655697-616249376-1417001333-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ========== FF - prefs.js..browser.search.context.loadInBackground: true
FF - prefs.js..browser.search.defaultenginename: "׳’׳•׳’׳ ג€¢ ׳—׳™׳₪׳•׳© ׳׳•׳¦׳₪׳"
FF - prefs.js..browser.search.openintab: true
FF - prefs.js..browser.search.selectedEngine: "׳’׳•׳’׳ ג€¢ ׳—׳™׳₪׳•׳© ׳׳•׳¦׳₪׳"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "https://mail.google.com/mail/u/0/?shva=1#inbox"
FF - prefs.js..extensions.enabledAddons: add-to-searchbox%40maltekraus.de:2.0
FF - prefs.js..extensions.enabledAddons: mintrayr%40tn123.ath.cx:1.1.2
FF - prefs.js..extensions.enabledAddons: optimizegoogle%40optimizegoogle.com:0.79.1
FF - prefs.js..extensions.enabledAddons: %7Baff87fa2-a58e-4edd-b852-0a20203c1e17%7D:0.9
FF - prefs.js..extensions.enabledAddons: %7BD4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389%7D:0.9.10
FF - prefs.js..extensions.enabledAddons: support%40lastpass.com:2.0.20
FF - prefs.js..extensions.enabledAddons: %7B3d7eb24f-2740-49df-8937-200b1cc08f8a%7D:1.5.17
FF - prefs.js..extensions.enabledAddons: %7B1BC9BA34-1EED-42ca-A505-6D2F1A935BBB%7D:4.12.22.2
FF - prefs.js..extensions.enabledAddons: adblockpopups%40jessehakanen.net:0.9
FF - prefs.js..extensions.enabledAddons: %7Be4a8a97b-f2ed-450b-b12d-ee082ba24781%7D:1.11
FF - prefs.js..extensions.enabledAddons: %7Bdc572301-7619-498c-a57d-39143191b318%7D:0.4.1.1pre.130809a
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:23.0
FF - prefs.js..keyword.URL: "https://www.google.com/search?btnI=I%27m+Feeling+Lucky&ie=UTF-8&oe=UTF-8&q="
FF - prefs.js..network.proxy.autoconfig_url: "http://127.0.0.1:9151/"
FF - prefs.js..network.proxy.no_proxies_on: "127.0.0.1"
FF - prefs.js..network.proxy.socks: "127.0.0.1"
FF - prefs.js..network.proxy.socks_port: 9150
FF - prefs.js..network.proxy.socks_remote_dns: true
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_8_800_94.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw_1203133.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: C:\PROGRAM FILES\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf: C:\PROGRAM FILES\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.25.2: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.25.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL File not found
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.7: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 22.0\extensions\\Components: d:\FirefoxPortable ols\App\Firefox\components [2013/07/15 23:29:41 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 22.0\extensions\\Plugins: d:\FirefoxPortable ols\App\Firefox\plugins [2013/07/25 01:00:28 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 23.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013/08/07 16:46:00 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 23.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013/08/07 16:46:02 | 000,000,000 | ---D | M]
[2013/07/15 23:05:32 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\sh770\Application Data\Mozilla\Extensions
[2013/07/03 00:15:23 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\sh770\Application Data\Mozilla\Firefox\Profiles\filips332\extensions
[2013/07/02 18:36:39 | 000,000,000 | ---D | M] (Advanced SystemCare Surfing Protection) -- C:\Documents and Settings\sh770\Application Data\Mozilla\Firefox\Profiles\filips332\extensions\ascsurfingprotection@iobit.com
[2012/07/26 18:37:03 | 000,000,000 | ---D | M] (LastPass) -- C:\Documents and Settings\sh770\Application Data\Mozilla\Firefox\Profiles\filips332\extensions\support@lastpass.com
[2013/08/10 20:37:38 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\sh770\Application Data\Mozilla\Firefox\Profiles\j07ullke.default\extensions
[2013/06/16 20:03:19 | 000,000,000 | ---D | M] (IE Tab 2 (FF 3.6+)) -- C:\Documents and Settings\sh770\Application Data\Mozilla\Firefox\Profiles\j07ullke.default\extensions\{1BC9BA34-1EED-42ca-A505-6D2F1A935BBB}
[2013/04/17 12:34:35 | 000,000,000 | ---D | M] (Flashblock) -- C:\Documents and Settings\sh770\Application Data\Mozilla\Firefox\Profiles\j07ullke.default\extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a}
[2012/11/25 16:28:28 | 000,000,000 | ---D | M] (MinimizeToTray revived (MinTrayR)) -- C:\Documents and Settings\sh770\Application Data\Mozilla\Firefox\Profiles\j07ullke.default\extensions\mintrayr@tn123.ath.cx
[2013/02/10 22:55:30 | 000,000,000 | ---D | M] (LastPass) -- C:\Documents and Settings\sh770\Application Data\Mozilla\Firefox\Profiles\j07ullke.default\extensions\support@lastpass.com
[2013/07/02 19:55:05 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\sh770\Application Data\Mozilla\Firefox\Profiles\levitzu770\extensions
[2013/07/02 19:55:04 | 000,000,000 | ---D | M] (LastPass) -- C:\Documents and Settings\sh770\Application Data\Mozilla\Firefox\Profiles\levitzu770\extensions\support@lastpass.com
[2013/07/02 18:36:40 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\sh770\Application Data\Mozilla\Firefox\Profiles\yq1es6h8.mini\extensions
[2013/07/02 18:36:40 | 000,000,000 | ---D | M] (Advanced SystemCare Surfing Protection) -- C:\Documents and Settings\sh770\Application Data\Mozilla\Firefox\Profiles\yq1es6h8.mini\extensions\ascsurfingprotection@iobit.com
[2012/07/15 23:18:19 | 000,000,000 | ---D | M] (IE Tab Plus) -- C:\Documents and Settings\sh770\Application Data\Mozilla\Firefox\Profiles\yq1es6h8.mini\extensions\ietab@ip.cn
[2013/06/17 18:13:57 | 000,000,000 | ---D | M] (LastPass) -- C:\Documents and Settings\sh770\Application Data\Mozilla\Firefox\Profiles\yq1es6h8.mini\extensions\support@lastpass.com
[2013/07/02 18:36:41 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\sh770\Application Data\Mozilla\Firefox\Profiles\yt5kxeg9.default\extensions
[2012/07/14 23:48:18 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\sh770\Application Data\Mozilla\Firefox\Profiles\yt5kxeg9.default\extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a}
[2012/07/14 23:48:18 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\sh770\Application Data\Mozilla\Firefox\Profiles\yt5kxeg9.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}
[2012/07/14 23:48:19 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\sh770\Application Data\Mozilla\Firefox\Profiles\yt5kxeg9.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2013/07/02 18:36:41 | 000,000,000 | ---D | M] (Advanced SystemCare Surfing Protection) -- C:\Documents and Settings\sh770\Application Data\Mozilla\Firefox\Profiles\yt5kxeg9.default\extensions\ascsurfingprotection@iobit.com
[2012/07/14 23:48:15 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\sh770\Application Data\Mozilla\Firefox\Profiles\yt5kxeg9.default\extensions\mintrayr@tn123.ath.cx
[2012/07/14 23:48:16 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\sh770\Application Data\Mozilla\Firefox\Profiles\yt5kxeg9.default\extensions\support@lastpass.com
[2013/06/17 19:03:27 | 000,870,680 | ---- | M] () (No name found) -- C:\Documents and Settings\sh770\Application Data\Mozilla\Firefox\Profiles\filips332\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2013/08/04 11:37:59 | 000,119,515 | ---- | M] () (No name found) -- C:\Documents and Settings\sh770\Application Data\Mozilla\Firefox\Profiles\j07ullke.default\extensions\adblockpopups@jessehakanen.net.xpi
[2012/07/16 00:31:55 | 000,025,781 | ---- | M] () (No name found) -- C:\Documents and Settings\sh770\Application Data\Mozilla\Firefox\Profiles\j07ullke.default\extensions\add-to-searchbox@maltekraus.de.xpi
[2012/08/23 21:36:31 | 000,024,018 | ---- | M] () (No name found) -- C:\Documents and Settings\sh770\Application Data\Mozilla\Firefox\Profiles\j07ullke.default\extensions\customization@adblockplus.org.xpi
[2012/07/15 20:48:21 | 000,123,385 | ---- | M] () (No name found) -- C:\Documents and Settings\sh770\Application Data\Mozilla\Firefox\Profiles\j07ullke.default\extensions\elemhidehelper@adblockplus.org.xpi
[2012/07/15 17:20:55 | 000,236,088 | ---- | M] () (No name found) -- C:\Documents and Settings\sh770\Application Data\Mozilla\Firefox\Profiles\j07ullke.default\extensions\optimizegoogle@optimizegoogle.com.xpi
[2012/10/10 17:22:54 | 000,042,737 | ---- | M] () (No name found) -- C:\Documents and Settings\sh770\Application Data\Mozilla\Firefox\Profiles\j07ullke.default\extensions\{aff87fa2-a58e-4edd-b852-0a20203c1e17}.xpi
[2013/07/31 22:01:48 | 000,824,302 | ---- | M] () (No name found) -- C:\Documents and Settings\sh770\Application Data\Mozilla\Firefox\Profiles\j07ullke.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2012/07/15 17:20:55 | 000,434,392 | ---- | M] () (No name found) -- C:\Documents and Settings\sh770\Application Data\Mozilla\Firefox\Profiles\j07ullke.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}.xpi
[2013/08/10 20:37:38 | 000,815,640 | ---- | M] () (No name found) -- C:\Documents and Settings\sh770\Application Data\Mozilla\Firefox\Profiles\j07ullke.default\extensions\{dc572301-7619-498c-a57d-39143191b318}.xpi
[2013/08/04 11:37:59 | 000,275,449 | ---- | M] () (No name found) -- C:\Documents and Settings\sh770\Application Data\Mozilla\Firefox\Profiles\j07ullke.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi
[2013/06/12 02:13:23 | 000,402,344 | ---- | M] () (No name found) -- C:\Documents and Settings\sh770\Application Data\Mozilla\Firefox\Profiles\j07ullke.default\extensions\{f759ca51-3a91-4dd1-ae78-9db5eee9ebf0}.xpi
[2012/11/27 18:17:34 | 000,804,627 | ---- | M] () (No name found) -- C:\Documents and Settings\sh770\Application Data\Mozilla\Firefox\Profiles\levitzu770\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2012/07/15 23:08:35 | 000,123,385 | ---- | M] () (No name found) -- C:\Documents and Settings\sh770\Application Data\Mozilla\Firefox\Profiles\yq1es6h8.mini\extensions\elemhidehelper@adblockplus.org.xpi
[2013/06/17 18:22:14 | 000,870,680 | ---- | M] () (No name found) -- C:\Documents and Settings\sh770\Application Data\Mozilla\Firefox\Profiles\yq1es6h8.mini\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2012/07/12 22:43:47 | 000,025,781 | ---- | M] () (No name found) -- C:\Documents and Settings\sh770\Application Data\Mozilla\Firefox\Profiles\yt5kxeg9.default\extensions\add-to-searchbox@maltekraus.de.xpi
[2012/07/06 00:12:19 | 000,123,385 | ---- | M] () (No name found) -- C:\Documents and Settings\sh770\Application Data\Mozilla\Firefox\Profiles\yt5kxeg9.default\extensions\elemhidehelper@adblockplus.org.xpi
[2012/04/22 12:53:32 | 000,236,088 | ---- | M] () (No name found) -- C:\Documents and Settings\sh770\Application Data\Mozilla\Firefox\Profiles\yt5kxeg9.default\extensions\optimizegoogle@optimizegoogle.com.xpi
[2012/06/22 00:33:29 | 000,061,700 | ---- | M] () (No name found) -- C:\Documents and Settings\sh770\Application Data\Mozilla\Firefox\Profiles\yt5kxeg9.default\extensions\{cd617375-6743-4ee8-bac4-fbf10f35729e}.xpi
[2012/07/04 09:21:17 | 000,743,290 | ---- | M] () (No name found) -- C:\Documents and Settings\sh770\Application Data\Mozilla\Firefox\Profiles\yt5kxeg9.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2012/05/20 10:02:17 | 000,697,058 | ---- | M] () (No name found) -- C:\Documents and Settings\sh770\Application Data\Mozilla\Firefox\Profiles\yt5kxeg9.default\extensions\{dc572301-7619-498c-a57d-39143191b318}.xpi
[2012/07/08 22:29:00 | 000,324,741 | ---- | M] () (No name found) -- C:\Documents and Settings\sh770\Application Data\Mozilla\Firefox\Profiles\yt5kxeg9.default\extensions\{f759ca51-3a91-4dd1-ae78-9db5eee9ebf0}.xpi
[2012/07/15 22:30:52 | 000,002,024 | ---- | M] () -- C:\Documents and Settings\sh770\Application Data\Mozilla\Firefox\Profiles\j07ullke.default\searchplugins\---.xml
[2013/06/12 06:20:09 | 000,001,990 | ---- | M] () -- C:\Documents and Settings\sh770\Application Data\Mozilla\Firefox\Profiles\j07ullke.default\searchplugins\duckduckgo-tor.xml
[2013/07/12 00:31:38 | 000,010,316 | ---- | M] () -- C:\Documents and Settings\sh770\Application Data\Mozilla\Firefox\Profiles\j07ullke.default\searchplugins\duckduckgo.xml
[2013/02/10 01:45:59 | 000,001,635 | ---- | M] () -- C:\Documents and Settings\sh770\Application Data\Mozilla\Firefox\Profiles\j07ullke.default\searchplugins\firefox-add-ons.xml
[2012/11/25 20:05:15 | 000,005,598 | ---- | M] () -- C:\Documents and Settings\sh770\Application Data\Mozilla\Firefox\Profiles\j07ullke.default\searchplugins\google-ssl-1.xml
[2012/11/25 20:03:10 | 000,008,215 | ---- | M] () -- C:\Documents and Settings\sh770\Application Data\Mozilla\Firefox\Profiles\j07ullke.default\searchplugins\google-ssl.xml
[2013/08/11 20:43:51 | 000,001,635 | ---- | M] () -- C:\Documents and Settings\sh770\Application Data\Mozilla\Firefox\Profiles\j07ullke.default\searchplugins\ixquick-https.xml
[2013/08/11 20:43:51 | 000,005,519 | ---- | M] () -- C:\Documents and Settings\sh770\Application Data\Mozilla\Firefox\Profiles\j07ullke.default\searchplugins\startpage-https.xml
[2013/02/10 01:46:43 | 000,001,604 | ---- | M] () -- C:\Documents and Settings\sh770\Application Data\Mozilla\Firefox\Profiles\j07ullke.default\searchplugins\the-pirate-bay.xml
[2013/08/07 16:46:00 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions
[2013/08/07 16:46:14 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
O1 HOSTS File: ([2013/08/05 02:31:44 | 000,000,027 | ---- | M]) - C:\Windows\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\ievkbd.dll (Kaspersky Lab ZAO)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\klwtbbho.dll (Kaspersky Lab ZAO)
O3 - HKLM\..\Toolbar: (LastPass Toolbar) - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files\LastPass\LPToolbar.dll ()
O4 - HKLM..\Run: [!1_pgaccount] C:\Program Files\ProcessGuard\pgaccount.exe (DiamondCS)
O4 - HKLM..\Run: [AVP] C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe (Kaspersky Lab ZAO)
O4 - HKU\.DEFAULT..\Run: [SandboxieControl] C:\Program Files\Sandboxie\SbieCtrl.exe (Sandboxie Holdings, LLC)
O4 - HKU\S-1-5-18..\Run: [SandboxieControl] C:\Program Files\Sandboxie\SbieCtrl.exe (Sandboxie Holdings, LLC)
O4 - HKU\S-1-5-21-1935655697-616249376-1417001333-1003..\Run: [!1_ProcessGuard_Startup] C:\Program Files\ProcessGuard\procguard.exe (DiamondCS)
O4 - HKU\S-1-5-21-1935655697-616249376-1417001333-1003..\Run: [AlcoholAutomount] C:\Program Files\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe (Alcohol Soft Development Team)
O4 - Startup: C:\Documents and Settings\Administrator\תפריט התחלה\תוכניות\הפעלה\Install LastPass IE RunOnce.lnk = C:\Program Files\Common Files\lpuninstall.exe (LastPass)
O4 - Startup: C:\Documents and Settings\eMule_Secure\תפריט התחלה\תוכניות\הפעלה\Install LastPass IE RunOnce.lnk = C:\Program Files\Common Files\lpuninstall.exe (LastPass)
O4 - Startup: C:\Documents and Settings\Guest\תפריט התחלה\תוכניות\הפעלה\Install LastPass IE RunOnce.lnk = C:\Program Files\Common Files\lpuninstall.exe (LastPass)
O4 - Startup: C:\Documents and Settings\sh770\תפריט התחלה\תוכניות\הפעלה\Dropbox.lnk = C:\Documents and Settings\sh770\Application Data\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O4 - Startup: C:\Documents and Settings\sh770\תפריט התחלה\תוכניות\הפעלה\Mozilla Firefox.lnk = C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\NoDriveTypeAutoRun: NoDriveTypeAutoRun = 255
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1935655697-616249376-1417001333-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1935655697-616249376-1417001333-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-1935655697-616249376-1417001333-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 1
O7 - HKU\S-1-5-21-1935655697-616249376-1417001333-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSharedDocuments = 01 00 00 00 [binary data]
O7 - HKU\S-1-5-21-1935655697-616249376-1417001333-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-1935655697-616249376-1417001333-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 43 01 00 00 [binary data]
O8 - Extra context menu item: הוסף לאנטי באנר - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\ie_banner_deny.htm ()
O9 - Extra Button: &Virtual Keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\klwtbbho.dll (Kaspersky Lab ZAO)
O9 - Extra Button: LastPass - {43699cd0-e34f-11de-8a39-0800200c9a66} - C:\Program Files\LastPass\LPToolbar.dll ()
O9 - Extra 'Tools' menuitem : LastPass - {43699cd0-e34f-11de-8a39-0800200c9a66} - C:\Program Files\LastPass\LPToolbar.dll ()
O9 - Extra Button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\klwtbbho.dll (Kaspersky Lab ZAO)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700}
http://download.microsoft.com/download/ ... ontrol.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C}
http://windowsupdate.microsoft.com/wind ... 3952319953 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3}
http://www.update.microsoft.com/microso ... 2371633937 (MUWebControl Class)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968}
http://upload.facebook.com/controls/200 ... ader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {CAFEEFAC-0017-0000-0005-ABCDEFFEDCBA}
http://java.sun.com/update/1.7.0/jinsta ... s-i586.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 80.179.52.100 80.179.55.100
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E40AD9AC-0131-41E5-8124-6F69F2089729}: DhcpNameServer = 80.179.52.100 80.179.55.100
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E40AD9AC-0131-41E5-8124-6F69F2089729}: NameServer = 8.8.8.8,8.8.4.4
O18 - Protocol\Handler\cf - No CLSID value found
O18 - Protocol\Handler\mhtml - No CLSID value found
O20 - AppInit_DLLs: (C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll) - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\kloehk.dll (Kaspersky Lab ZAO)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\Windows\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\klogon: DllName - (C:\WINDOWS\system32\klogon.dll) - C:\Windows\system32\klogon.dll (Kaspersky Lab ZAO)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/03/17 02:01:48 | 000,000,000 | RHSD | M] - C:\autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2010/03/17 02:01:51 | 000,000,000 | RHSD | M] - D:\autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2010/03/17 02:01:54 | 000,000,000 | RHSD | M] - E:\autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2010/03/17 02:02:01 | 000,000,000 | RHSD | M] - F:\autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2013/07/17 15:15:53 | 000,000,000 | RHSD | M] - G:\autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2013/07/17 15:15:49 | 000,000,000 | RHSD | M] - W:\autorun.inf -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
========== Files/Folders - Created Within 30 Days ========== [2842/08/08 23:26:41 | 000,000,000 | ---D | C] -- C:\Program Files\open-in-default-browser
[2013/08/12 17:29:04 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\sh770\שולחן העבודה\OTL.exe
[2013/08/11 19:43:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\sh770\שולחן העבודה\RK_Quarantine
[2013/08/11 16:27:14 | 027,889,069 | ---- | C] (Igor Pavlov) -- C:\Documents and Settings\sh770\שולחן העבודה\tor-browser-2.3.25-11_en-US.exe
[2013/08/10 23:06:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\sh770\תפריט התחלה\תוכניות\RMPrepUSB
[2013/08/10 23:05:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\sh770\שולחן העבודה\RMPrepUSB Full v2.1.709
[2013/08/10 22:47:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\sh770\שולחן העבודה\memtest86-iso
[2013/08/10 22:42:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\sh770\שולחן העבודה\memtest86-usb.img
[2013/08/10 22:40:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\sh770\שולחן העבודה\memtest86-usb
[2013/08/10 21:45:18 | 002,237,968 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\sh770\שולחן העבודה\tdsskiller.exe
[2013/08/09 12:46:47 | 000,000,000 | ---D | C] -- d:\uTorrentPortable
[2013/08/07 17:26:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\תפריט התחלה\תוכניות\Defraggler
[2013/08/07 16:49:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\תפריט התחלה\תוכניות\TeamViewer 8
[2013/08/07 16:49:32 | 000,000,000 | ---D | C] -- C:\Program Files\TeamViewer
[2013/08/07 16:45:59 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2013/08/06 00:37:40 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2013/08/05 16:06:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\תפריט התחלה\תוכניות\CDex
[2013/08/05 16:06:03 | 000,000,000 | ---D | C] -- C:\Program Files\CDex
[2013/08/05 09:42:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\sh770\תפריט התחלה\תוכניות\CDex
[2013/08/05 09:42:33 | 000,000,000 | ---D | C] -- C:\Program Files\CDex_150
[2013/08/05 09:41:52 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2013/08/05 09:29:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\sh770\שולחן העבודה\SafeBoot
[2013/08/05 06:26:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AMMYY
[2013/08/05 01:52:31 | 000,000,000 | R--D | C] -- d:\My Videos
[2013/08/05 01:35:13 | 000,000,000 | ---D | C] -- C:\Program Files\Exact Audio Copy
[2013/08/04 22:49:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\sh770\Local Settings\Application Data\Remove Toolbar Buddy
[2013/08/04 22:48:39 | 001,140,728 | ---- | C] (Codejock Software) -- C:\WINDOWS\System32\Codejock.PropertyGrid.Unicode.v15.1.3.0908.ocx
[2013/08/04 22:48:39 | 000,587,768 | ---- | C] (Codejock Software) -- C:\WINDOWS\System32\Codejock.SkinFramework.Unicode.v15.1.3.0908.ocx
[2013/08/04 22:48:39 | 000,509,944 | ---- | C] (Codejock Software) -- C:\WINDOWS\System32\Codejock.ShortcutBar.Unicode.v15.1.3.0908.ocx
[2013/08/04 22:48:38 | 002,717,688 | ---- | C] (Codejock Software) -- C:\WINDOWS\System32\Codejock.CommandBars.Unicode.v15.1.3.0908.ocx
[2013/08/04 22:48:38 | 001,906,680 | ---- | C] (Codejock Software) -- C:\WINDOWS\System32\Codejock.Controls.Unicode.v15.1.3.0908.ocx
[2013/08/04 22:48:38 | 000,218,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\richtx32.Ocx
[2013/08/04 22:48:38 | 000,000,000 | ---D | C] -- C:\Program Files\Scorpio Software
[2013/08/04 22:48:38 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Scorpio Software
[2013/07/29 15:43:40 | 000,137,000 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MSMAPI32.OCX
[2013/07/29 15:43:38 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MSMPIDE.DLL
[2013/07/29 15:43:38 | 000,000,000 | ---D | C] -- C:\Program Files\PDFCreator
[2013/07/29 15:02:18 | 000,000,000 | -HSD | C] -- C:\WINDOWS\System32\AI_RecycleBin
[2013/07/29 15:01:30 | 000,000,000 | ---D | C] -- C:\Program Files\Soluto
[2013/07/29 14:58:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Soluto
[2013/07/27 22:16:31 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DESIGNER
[2013/07/24 23:59:05 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\sh770\UserData
[2013/07/21 21:24:07 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\MRT
[2013/07/21 14:20:01 | 000,000,000 | ---D | C] -- d:\My Music
[2013/07/19 00:16:31 | 000,263,592 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\javaws.exe
[2013/07/19 00:16:26 | 000,175,016 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\javaw.exe
[2013/07/19 00:16:26 | 000,175,016 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\java.exe
[2013/07/19 00:16:26 | 000,094,632 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\WindowsAccessBridge.dll
[2013/07/18 14:30:33 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
[2013/07/18 14:11:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\sh770\Local Settings\Application Data\Kaluach3
[2013/07/18 14:03:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\sh770\Application Data\pdfforge
[2013/07/17 13:25:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Microsoft Toolkit
[2013/07/16 00:06:48 | 000,000,000 | ---D | C] -- d:\FirefoxPortable
[2010/01/12 01:37:08 | 000,047,360 | ---- | C] (VSO Software) -- C:\Documents and Settings\sh770\Application Data\pcouffin.sys
[2009/09/17 18:26:41 | 006,221,896 | ---- | C] (LastPass) -- C:\Program Files\Common Files\lpuninstall.exe
[7 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\System32\drivers\*.tmp files -> C:\WINDOWS\System32\drivers\*.tmp -> ]
========== Files - Modified Within 30 Days ========== File not found -- C:\WINDOWS\System32\drivers\mshcmd.sys.
[2013/08/12 17:30:18 | 000,126,632 | ---- | M] () -- C:\WINDOWS\System32\pguard.dat
[2013/08/12 17:30:07 | 002,811,520 | ---- | M] () -- C:\WINDOWS\System32\pghash.dat
[2013/08/12 17:29:11 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\sh770\שולחן העבודה\OTL.exe
[2013/08/12 17:27:06 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2013/08/11 16:28:49 | 027,889,069 | ---- | M] (Igor Pavlov) -- C:\Documents and Settings\sh770\שולחן העבודה\tor-browser-2.3.25-11_en-US.exe
[2013/08/11 16:17:53 | 000,920,576 | ---- | M] () -- C:\Documents and Settings\sh770\שולחן העבודה\RogueKiller.exe
[2013/08/11 08:40:12 | 000,710,972 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2013/08/11 08:40:12 | 000,587,246 | ---- | M] () -- C:\WINDOWS\System32\perfh00d.dat
[2013/08/11 08:40:12 | 000,132,256 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2013/08/11 08:40:12 | 000,132,250 | ---- | M] () -- C:\WINDOWS\System32\perfc00d.dat
[2013/08/11 08:35:41 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2013/08/11 08:35:40 | 2138,296,320 | -HS- | M] () -- C:\hiberfil.sys
[2013/08/11 01:47:11 | 000,004,783 | ---- | M] () -- C:\menu.lst
[2013/08/11 00:58:54 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2013/08/10 22:27:11 | 000,024,176 | ---- | M] () -- C:\Documents and Settings\sh770\שולחן העבודה\417.jpg
[2013/08/10 21:45:23 | 002,237,968 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\sh770\שולחן העבודה\tdsskiller.exe
[2013/08/10 20:36:32 | 000,002,228 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2013/08/09 13:32:02 | 000,000,964 | ---- | M] () -- C:\WINDOWS\Kaluach3.INI
[2013/08/08 19:40:18 | 000,625,664 | ---- | M] () -- C:\Documents and Settings\sh770\שולחן העבודה\dds.scr
[2013/08/07 18:26:07 | 000,310,784 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2013/08/05 10:25:40 | 000,000,124 | ---- | M] () -- d:\ax_files.xml
[2013/08/05 02:31:44 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2013/08/05 01:53:13 | 000,000,248 | ---- | M] () -- d:\Ammyy_Contact_Book.bin
[2013/08/04 01:35:47 | 000,000,988 | ---- | M] () -- C:\Documents and Settings\sh770\תפריט התחלה\תוכניות\הפעלה\Dropbox.lnk
[2013/08/01 22:04:52 | 000,000,025 | ---- | M] () -- C:\WINDOWS\popcinfot.dat
[2013/07/30 19:06:13 | 000,000,600 | ---- | M] () -- C:\Documents and Settings\sh770\Application Data\winscp.rnd
[2013/07/30 12:14:29 | 000,167,274 | ---- | M] () -- C:\WinVBlock.IMG.gz
[2013/07/29 13:26:12 | 000,125,270 | ---- | M] () -- C:\Documents and Settings\sh770\שולחן העבודה\רוטשילד.png
[2013/07/28 23:03:33 | 000,001,729 | ---- | M] () -- C:\Documents and Settings\sh770\Application Data\Microsoft\Internet Explorer\Quick Launch\Process Hacker 2.lnk
[2013/07/21 11:50:11 | 000,082,021 | ---- | M] () -- C:\Documents and Settings\sh770\שולחן העבודה\3.5-5 מהלך שנת הלימודים במגזר היהודי בשנת הלימודים התשע_ד (לוח החופשות, החגים והימים המיוחדים).pdf
[2013/07/21 11:50:05 | 000,078,168 | ---- | M] () -- C:\Documents and Settings\sh770\שולחן העבודה\3.5-9 לוח החופשות בחינוך החרדי בשנה_ל התשע_ד.pdf
[2013/07/19 00:16:14 | 000,094,632 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\WindowsAccessBridge.dll
[2013/07/19 00:16:12 | 000,867,240 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\npDeployJava1.dll
[2013/07/19 00:16:12 | 000,789,416 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\deployJava1.dll
[2013/07/19 00:16:12 | 000,263,592 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\javaws.exe
[2013/07/19 00:16:12 | 000,175,016 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\javaw.exe
[2013/07/19 00:16:12 | 000,175,016 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\java.exe
[2013/07/19 00:16:12 | 000,144,896 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\javacpl.cpl
[2013/07/18 08:14:53 | 000,692,104 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
[2013/07/18 08:14:53 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2013/07/17 17:17:29 | 000,029,696 | ---- | M] () -- C:\Documents and Settings\sh770\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013/07/14 00:59:16 | 000,002,930 | ---- | M] () -- C:\WINDOWS\Sandboxie.ini
[2013/07/13 23:25:02 | 000,000,087 | ---- | M] () -- C:\Documents and Settings\sh770\שולחן העבודה\Xnet - עוגיות קוואקר בלי מרגרינה (אבל עם המון זיכרונות).URL
[2013/07/13 23:24:50 | 000,000,087 | ---- | M] () -- C:\Documents and Settings\sh770\שולחן העבודה\Xnet - עוגיות שוקולד צ'יפס ללא מרגרינה.URL
[7 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\System32\drivers\*.tmp files -> C:\WINDOWS\System32\drivers\*.tmp -> ]
========== Files Created - No Company Name ========== File not found -- C:\WINDOWS\System32\drivers\mshcmd.sys.
[2013/08/11 16:17:37 | 000,920,576 | ---- | C] () -- C:\Documents and Settings\sh770\שולחן העבודה\RogueKiller.exe
[2013/08/10 22:27:10 | 000,024,176 | ---- | C] () -- C:\Documents and Settings\sh770\שולחן העבודה\417.jpg
[2013/08/08 19:40:06 | 000,625,664 | ---- | C] () -- C:\Documents and Settings\sh770\שולחן העבודה\dds.scr
[2013/08/07 10:02:39 | 2138,296,320 | -HS- | C] () -- C:\hiberfil.sys
[2013/08/01 22:04:51 | 000,000,025 | ---- | C] () -- C:\WINDOWS\popcinfot.dat
[2013/08/01 22:03:20 | 000,000,025 | ---- | C] () -- d:\popcinfot.dat
[2013/07/30 22:20:01 | 000,216,064 | ---- | C] () -- C:\WINDOWS\System32\gcapi_dll.dll
[2013/07/30 12:14:27 | 000,167,274 | ---- | C] () -- C:\WinVBlock.IMG.gz
[2013/07/29 16:16:11 | 000,175,808 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2013/07/29 13:26:11 | 000,125,270 | ---- | C] () -- C:\Documents and Settings\sh770\שולחן העבודה\רוטשילד.png
[2013/07/21 19:36:50 | 000,000,124 | ---- | C] () -- d:\ax_files.xml
[2013/07/21 11:50:10 | 000,082,021 | ---- | C] () -- C:\Documents and Settings\sh770\שולחן העבודה\3.5-5 מהלך שנת הלימודים במגזר היהודי בשנת הלימודים התשע_ד (לוח החופשות, החגים והימים המיוחדים).pdf
[2013/07/21 11:49:56 | 000,078,168 | ---- | C] () -- C:\Documents and Settings\sh770\שולחן העבודה\3.5-9 לוח החופשות בחינוך החרדי בשנה_ל התשע_ד.pdf
[2013/07/13 23:25:02 | 000,000,087 | ---- | C] () -- C:\Documents and Settings\sh770\שולחן העבודה\Xnet - עוגיות קוואקר בלי מרגרינה (אבל עם המון זיכרונות).URL
[2013/07/13 23:24:50 | 000,000,087 | ---- | C] () -- C:\Documents and Settings\sh770\שולחן העבודה\Xnet - עוגיות שוקולד צ'יפס ללא מרגרינה.URL
[2013/06/13 17:06:06 | 000,001,024 | ---- | C] () -- C:\Documents and Settings\sh770\.rnd
[2013/05/09 19:18:44 | 000,025,816 | ---- | C] () -- C:\WINDOWS\System32\drivers\RTAIODAT.DAT
[2013/05/05 21:38:03 | 000,013,654 | ---- | C] () -- C:\WINDOWS\System32\drivers\IPSecVPN.sys
[2013/04/25 17:10:52 | 000,000,218 | ---- | C] () -- C:\Documents and Settings\sh770\.recently-used.xbel
[2013/02/07 02:04:45 | 000,000,008 | RHS- | C] () -- C:\Documents and Settings\sh770\ntuser.pol
[2012/12/27 22:25:00 | 000,302,402 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
[2012/12/19 21:05:51 | 000,116,189 | ---- | C] () -- C:\WINDOWS\System32\drivers\klin.dat
[2012/12/19 21:05:51 | 000,098,168 | ---- | C] () -- C:\WINDOWS\System32\drivers\klick.dat
[2012/09/24 06:17:01 | 000,009,600 | ---- | C] () -- C:\WINDOWS\System32\drivers\ISODisk.sys
[2012/08/21 18:28:22 | 000,000,257 | ---- | C] () -- C:\Documents and Settings\sh770\SecurityKISSTunnel.config
[2012/07/04 19:57:11 | 000,029,696 | ---- | C] () -- C:\Documents and Settings\sh770\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/07/02 18:03:11 | 000,000,085 | ---- | C] () -- C:\WINDOWS\Macro.ini
[2012/06/05 18:49:54 | 000,000,237 | ---- | C] () -- C:\Documents and Settings\sh770\.swfinfo
[2012/05/31 14:49:07 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012/05/02 17:56:21 | 000,014,208 | ---- | C] () -- C:\WINDOWS\System32\drivers\F4273C6D.bin
[2012/05/02 17:50:14 | 000,259,584 | ---- | C] () -- C:\WINDOWS\System32\drivers\XHASP.sys
[2012/05/02 17:48:53 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\hdsuinst.exe
[2012/05/02 17:44:38 | 000,000,383 | ---- | C] () -- C:\WINDOWS\System32\haspdos.sys
[2012/02/15 21:40:39 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012/02/06 22:57:38 | 000,002,930 | ---- | C] () -- C:\WINDOWS\Sandboxie.ini
[2012/01/30 18:27:29 | 000,013,931 | ---- | C] () -- C:\WINDOWS\System32\RaCoInst.dat
[2011/10/05 19:54:15 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4926.dll
[2011/04/08 01:44:24 | 000,000,600 | ---- | C] () -- C:\Documents and Settings\sh770\Application Data\winscp.rnd
[2011/03/12 23:44:45 | 000,000,040 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\.zreglib
[2010/11/03 21:50:10 | 000,000,193 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\Microsoft.SqlServer.Compact.351.32.bc
[2010/02/16 21:30:29 | 034,516,576 | ---- | C] () -- C:\Documents and Settings\sh770\ff_ppz_1266345016343.ppz
[2010/01/12 01:37:08 | 000,007,887 | ---- | C] () -- C:\Documents and Settings\sh770\Application Data\pcouffin.cat
[2010/01/12 01:37:08 | 000,001,144 | ---- | C] () -- C:\Documents and Settings\sh770\Application Data\pcouffin.inf
[2009/08/31 23:30:12 | 000,000,600 | ---- | C] () -- C:\Documents and Settings\sh770\PUTTY.RND
[2009/08/28 00:09:47 | 000,000,303 | ---- | C] () -- C:\Documents and Settings\sh770\.jupload.properties
[2009/06/16 22:05:03 | 000,000,440 | RHS- | C] () -- C:\Documents and Settings\All Users\ntuser.pol
========== ZeroAccess Check ========== [2009/06/02 16:24:21 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2009/03/03 02:11:17 | 001,499,136 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/02/09 13:53:33 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2008/04/14 15:00:00 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
========== Alternate Data Streams ========== @Alternate Data Stream - 88 bytes -> C:\Documents and Settings\sh770\שולחן העבודה\תשרי בליובביץ חלק ראשון.mp4:SummaryInformation
@Alternate Data Stream - 108 bytes -> C:\Windows:
< End of report >
OTL Extras logfile created on: 12/08/2013 17:32:25 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\sh770\שולחן העבודה
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 0000040D | Country: ישראל | Language: HEB | Date Format: dd/MM/yyyy
1.99 Gb Total Physical Memory | 0.64 Gb Available Physical Memory | 32.14% Memory free
4.82 Gb Paging File | 3.43 Gb Available in Paging File | 71.28% Paging File free
Paging file location(s): C:\pagefile.sys 2050 2050E:\pagef [Binary data over 200 bytes]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 50.00 Gb Total Space | 11.92 Gb Free Space | 23.83% Space Free | Partition Type: NTFS
Drive D: | 100.01 Gb Total Space | 3.65 Gb Free Space | 3.65% Space Free | Partition Type: NTFS
Drive E: | 32.87 Gb Total Space | 1.95 Gb Free Space | 5.95% Space Free | Partition Type: NTFS
Drive F: | 44.26 Gb Total Space | 19.86 Gb Free Space | 44.86% Space Free | Partition Type: NTFS
Drive G: | 5.75 Gb Total Space | 5.26 Gb Free Space | 91.58% Space Free | Partition Type: NTFS
Drive W: | 931.51 Gb Total Space | 10.14 Gb Free Space | 1.09% Space Free | Partition Type: NTFS
Computer Name: CHABADGAT | User Name: sh770 | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
[HKEY_USERS\S-1-5-21-1935655697-616249376-1417001333-1003\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "%1" (Mozilla Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"AntiVirusDisableNotify" = 0
"UacDisableNotify" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallDisableNotify" = 0
"FirewallOverride" = 0
"UacDisableNotify" = 0
"UpdatesDisableNotify" = 0
========== System Restore Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
"3389:TCP" = 3389:TCP:*:Disabled:@xpsp2res.dll,-22009
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"443:TCP" = 443:TCP:*:Disabled:ooVoo TCP פורט 443
"443:UDP" = 443:UDP:*:Disabled:ooVoo UDP פורט 443
"37674:TCP" = 37674:TCP:*:Disabled:ooVoo TCP פורט 37674
"37674:UDP" = 37674:UDP:*:Disabled:ooVoo UDP פורט 37674
"37675:UDP" = 37675:UDP:*:Disabled:ooVoo UDP פורט 37675
"1947:TCP" = 1947:TCP:*:Disabled:HASP SRM
"1947:UDP" = 1947:UDP:*:Disabled:HASP SRM
"3389:TCP" = 3389:TCP:*:Disabled:@xpsp2res.dll,-22009
========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\Documents and Settings\sh770\שולחן העבודה\ChromePortable\App\Chrome\chrome.exe" = C:\Documents and Settings\sh770\שולחן העבודה\ChromePortable\App\Chrome\chrome.exe:*:Enabled:Chrome -- (Google Inc.)
"C:\Program Files\Winamp\winamp.exe" = C:\Program Files\Winamp\winamp.exe:*:Enabled:Winamp -- (Nullsoft, Inc.)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Ammyy Admin\AA_v3.exe" = C:\Program Files\Ammyy Admin\AA_v3.exe:*:Disabled:Ammyy Admin -- ()
"D:\תוכנות ארכיון\eMule0.49c\emule.exe" = D:\תוכנות ארכיון\eMule0.49c\emule.exe:*:Disabled:eMule -- (
http://www.emule-project.net)
"C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files\Kaspersky Internet Security 2011 11.0.2.556\en\setup.exe" = C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files\Kaspersky Internet Security 2011 11.0.2.556\en\setup.exe:*:Disabled:Kaspersky Internet Security 2011 -- (Kaspersky Lab)
"D:\אתר\אנשי קשר ישן\MailDB chabad\MailDB.exe" = D:\אתר\אנשי קשר ישן\MailDB chabad\MailDB.exe:*:Disabled:MailDB -- (Romkal)
"C:\Windows\system32\mmc.exe" = C:\Windows\system32\mmc.exe:*:Disabled:Microsoft Management Console -- (Microsoft Corporation)
"C:\Program Files\Miranda IM\miranda32.exe" = C:\Program Files\Miranda IM\miranda32.exe:*:Disabled:Miranda IM -- ( )
"D:\תוכנות ארכיון\Skype Portable\Skype.exe" = D:\תוכנות ארכיון\Skype Portable\Skype.exe:*:Disabled:Skype -- (Skype Technologies S.A.)
"C:\Program Files\Miranda IM\SKYPE\Skype.exe" = C:\Program Files\Miranda IM\SKYPE\Skype.exe:*:Disabled:Skype -- (Skype Technologies S.A.)
"C:\Program Files\VMware\VMware Workstation\vmware-authd.exe" = C:\Program Files\VMware\VMware Workstation\vmware-authd.exe:*:Disabled:VMware Authd Service -- (VMware, Inc.)
"C:\Program Files\VMware\VMware Workstation\vmware-hostd.exe" = C:\Program Files\VMware\VMware Workstation\vmware-hostd.exe:*:Disabled:VMware Workstation Server -- ()
"C:\WINDOWS\Network Diagnostic\xpnetdiag.exe" = C:\WINDOWS\Network Diagnostic\xpnetdiag.exe:*:Disabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\WINDOWS\system32\sessmgr.exe" = C:\WINDOWS\system32\sessmgr.exe:*:Disabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\Program Files\Applian Technologies\Replay Media Catcher 5\aria2c.exe" = C:\Program Files\Applian Technologies\Replay Media Catcher 5\aria2c.exe:*:Enabled:Replay Media Catcher 5 Torrent Module -- ()
"C:\Program Files\Applian Technologies\Replay Media Catcher 5\qtCopy.exe" = C:\Program Files\Applian Technologies\Replay Media Catcher 5\qtCopy.exe:*:Enabled:Replay Media Catcher 5 QT Module -- ()
"C:\Program Files\Opera\opera.exe" = C:\Program Files\Opera\opera.exe:*:Enabled:Opera Internet Browser -- (Opera Software)
"C:\Documents and Settings\sh770\שולחן העבודה\ChromePortable\App\Chrome\chrome.exe" = C:\Documents and Settings\sh770\שולחן העבודה\ChromePortable\App\Chrome\chrome.exe:*:Enabled:Chrome -- (Google Inc.)
"C:\Program Files\Winamp\winamp.exe" = C:\Program Files\Winamp\winamp.exe:*:Enabled:Winamp -- (Nullsoft, Inc.)
"C:\Documents and Settings\sh770\Application Data\Dropbox\bin\Dropbox.exe" = C:\Documents and Settings\sh770\Application Data\Dropbox\bin\Dropbox.exe:*:Enabled:Dropbox -- (Dropbox, Inc.)
"C:\Program Files\Ammyy Admin\AA_v3.2.exe" = C:\Program Files\Ammyy Admin\AA_v3.2.exe:*:Enabled:Ammyy Admin -- ()
"C:\Program Files\TeamViewer\Version8\TeamViewer.exe" = C:\Program Files\TeamViewer\Version8\TeamViewer.exe:*:Enabled:Teamviewer Remote Control Application -- (TeamViewer GmbH)
"C:\Program Files\TeamViewer\Version8\TeamViewer_Service.exe" = C:\Program Files\TeamViewer\Version8\TeamViewer_Service.exe:*:Enabled:Teamviewer Remote Control Service -- (TeamViewer GmbH)
"C:\Documents and Settings\sh770\שולחן העבודה\uTorrentPortable\App\uTorrent\uTorrent.exe" = C:\Documents and Settings\sh770\שולחן העבודה\uTorrentPortable\App\uTorrent\uTorrent.exe:*:Enabled:µTorrent
========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{003BFBBD-6C67-419E-A24D-0DCAFC3A5249}" = tools-freebsd
"{02E89EFC-7B07-4D5A-AA03-9EC0902914EE}" = VC 9.0 Runtime
"{049D548B-B724-4E16-B55E-7B78B7A28A37}" = InstEd 1.5.12.21
"{086D343F-8E78-4AFC-81AC-D6D414AFD8AC}_is1" = Core Temp 1.0 RC4
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0A755762-EED8-47AB-A446-505766F93D43}" = Atheros Communications Inc.(R) L2 Fast Ethernet Driver
"{0D94F75A-0EA6-4951-B3AF-B145FA9E05C6}" = VMware Workstation
"{121634B0-2F4B-11D3-ADA3-00C04F52DD52}" = Windows Installer Clean Up
"{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4
"{197597A7-AD33-4898-9D8E-73066818B464}" = tools-netware
"{1E5F3CC6-D390-4393-A2AA-6CEC04F1705A}" = Image Resizer Powertoy Clone for Windows
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{2300EE96-0A41-4FAB-BD03-989EC44577A0}" = Acronis Disk Director Suite
"{2624B969-7135-4EB1-B0F6-2D8C397B45F7}_is1" = MPC-HC 1.6.8
"{26583DDE-7506-4046-9C3A-F02852537B8A}" = Splash PRO EX
"{26A24AE4-039D-4CA4-87B4-2F83217025FF}" = Java 7 Update 25
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{4448ABF6-786D-4C3D-A49D-7BB237E6DD17}" = Foxit PDF IFilter
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.1
"{55A41219-9B22-4098-BAE7-AE289B3C569A}_is1" = Panda USB Vaccine 1.0.1.4
"{5DA8F6CD-C70E-39D8-8430-3D9808D6BD17}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{635A6AF2-63AF-4C1C-AF57-BDC8AF6D397D}" = UltraEdit
"{66F1F013-008F-4875-B283-5A814B820347}" = Kaspersky Internet Security 2011
"{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1" = Revo Uninstaller Pro 3.0.5
"{68880887-285F-4260-989B-8B22020D756F}" = E-GOV.IL Sign&Verify Software - AGForm toolbar
"{68EB2C37-083A-4303-B5D8-41FA67E50B8F}_is1" = Poedit
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6C9FA746-8759-4040-A436-42922CB3492E}" = VistaBootPRO 3.3
"{70C592EC-AE9B-4734-928B-676E824FB41E}" = MFC RunTime files
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{74E78471-E122-4101-8744-CEB6C5C027A0}" = Foxit PDF IFilter
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{86F4F32B-77C7-4951-B33C-05D41A8190C1}" = Microsoft RichCopy 4.0
"{879C4951-5561-324B-B0F5-AA0864C4499E}" = Microsoft .NET Framework 4 Extended HEB Language Pack
"{89B078C4-50B0-453E-BF53-3A7E6A0D85FA}" = Windows Support Tools
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8FC35EC2-F690-3417-8175-ED16EC771126}" = Microsoft .NET Framework 4 Client Profile HEB Language Pack
"{9011040D-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0020-040D-0000-0000000FF1CE}" = חבילת תאימות עבור מהדורת 2007 של מערכת Office
"{90120000-00B2-040D-0000-0000000FF1CE}" = תוספת שמירה בשם כ- PDF או XPS של Microsoft עבור תוכניות Microsoft Office 2007
"{90140000-0010-040D-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (Hebrew) 14
"{90140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{90140000-0015-040D-0000-0000000FF1CE}" = Microsoft Office Access MUI (Hebrew) 2010
"{90140000-0016-040D-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Hebrew) 2010
"{90140000-0018-040D-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Hebrew) 2010
"{90140000-0019-040D-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Hebrew) 2010
"{90140000-001A-040D-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Hebrew) 2010
"{90140000-001B-040D-0000-0000000FF1CE}" = Microsoft Office Word MUI (Hebrew) 2010
"{90140000-001F-0401-0000-0000000FF1CE}" = Microsoft Office Proof (Arabic) 2010
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040D-0000-0000000FF1CE}" = Microsoft Office Proof (Hebrew) 2010
"{90140000-001F-0419-0000-0000000FF1CE}" = Microsoft Office Proof (Russian) 2010
"{90140000-002C-040D-0000-0000000FF1CE}" = Microsoft Office Proofing (Hebrew) 2010
"{90140000-0044-040D-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (Hebrew) 2010
"{90140000-006E-040D-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Hebrew) 2010
"{90140000-00A1-040D-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (Hebrew) 2010
"{90140000-00BA-040D-0000-0000000FF1CE}" = Microsoft Office Groove MUI (Hebrew) 2010
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{961688FD-5FD8-3D21-BE82-ACB1800EBEA2}" = Microsoft .NET Framework 3.5 Language Pack SP1 - heb
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{AB1C87CB-1807-4CF0-B4C2-CEE14C18CDB4}" = tools-solaris
"{AE0F62A7-A1A2-407F-9F4C-48939BD9AD8D}" = tools-winPre2k
"{B591BD75-2811-4D09-A590-0D06E4762F34}" = Sudoku Solver V 1.3
"{B70F9EB4-1848-4060-973B-9D9952F2D5C9}" = Responsa CD19
"{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module
"{BF731945-7AAD-45E3-A202-A60C9213915C}_is1" = ISODisk 1.1
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4
"{CCF298AF-9CE1-4B26-B251-486E98A34789}" = Windows 7 USB/DVD Download Tool
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D102611A-6466-4101-A51D-51069303AC65}" = tools-linux
"{D3EE034D-5B92-4A55-AA02-2E6D0A6A96EE}" = Windows Resource Kit Tools - SubInAcl.exe
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F49C5BB6-77AF-40EA-AD40-C54FDB05803D}" = Adobe Setup
"{F5BF6AF4-DD9C-4A2C-9B66-DED3E8FD746E}" = Acronis Backup & Recovery 11.5 Bootable Media Builder
"{FB686487-C637-4EEF-BCB1-C92463F2CC05}" = Atheros Ethernet Utility
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"{FFD9383C-01D5-4897-A954-43AF599AED30}" = tools-windows
"5513-1208-7298-9440" = JDownloader 0.9
"AC3Filter_is1" = AC3Filter 2.2a
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 12.0
"Adobe_95e0cc74dbf32662d4445ac1ef67d56" = Adobe InDesign CS4
"Advanced SystemCare 6_is1" = Advanced SystemCare 6
"aignesamdeadlink_is1" = AM-DeadLink 4.5
"AnalogX DXMan" = AnalogX DXMan
"AnyDVD" = AnyDVD
"Audacity_is1" = Audacity 2.0.3
"AuthoringTool " = AuthoringTool 1.0.7
"BurnInTest_is1" = BurnInTest v7.0 Pro
"Chicken Invaders: Revenge of the Yolk (Christmas Edition)_is1" = Chicken Invaders: Revenge of the Yolk (Christmas Edition) v3.20
"CPUID CPU-Z_is1" = CPUID CPU-Z 1.63.0
"Data Access Objects (DAO) 3.5" = Data Access Objects (DAO) 3.5
"Defraggler" = Defraggler
"DiamondCS ProcessGuard_is1" = DiamondCS ProcessGuard v3.500
"Dream Aquarium" = Dream Aquarium 1.2415
"DVDSmith Movie Backup_is1" = DVDSmith Movie Backup 1.0.8
"Easy Video Splitter_is1" = Easy Video Splitter 1.28
"EasyBCD" = EasyBCD 2.2
"Exact Audio Copy" = Exact Audio Copy 1.0beta3
"FFmpeg for Audacity_is1" = FFmpeg v0.6.2 for Audacity
"FLAC" = FLAC 1.2.1b (remove only)
"FlashBoot_is1" = FlashBoot 2.1m
"FlashFXP" = FlashFXP
"Foxit PDF Editor" = Foxit PDF Editor
"Foxit Reader_is1" = Foxit Reader
"Greatis Reanimator_is1" = RegRun Reanimator
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"HijackThis" = HijackThis 2.0.4
"Icons from File_is1" = Icons from File 3.4
"InfraRecorder" = InfraRecorder
"InstallShield_{635A6AF2-63AF-4C1C-AF57-BDC8AF6D397D}" = UltraEdit
"InstallWIX_{66F1F013-008F-4875-B283-5A814B820347}" = Kaspersky Internet Security 2011
"IrfanView" = IrfanView (remove only)
"Kaluach3" = Kaluach3
"KeyTweak" = KeyTweak - Keyboard Remapper (remove only)
"LAME for Audacity_is1" = LAME v3.98.3 for Audacity
"LAME_is1" = LAME v3.99.3 (for Windows)
"LastPass" = LastPass (uninstall only)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware גירסה 1.75.0.1300
"Microsoft .NET Framework 3.5 Language Pack SP1 - heb" = ערכת שפה של Microsoft .NET Framework 3.5 SP1 - heb
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile HEB Language Pack" = Microsoft .NET Framework 4 Client Profile HEB Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft .NET Framework 4 Extended HEB Language Pack" = Microsoft .NET Framework 4 Extended HEB Language Pack
"Miranda IM" = Miranda IM 0.10.11
"Mozilla Firefox 22.0 (x86 he)" = Mozilla Firefox 22.0 (x86 he)
"Mozilla Firefox 23.0 (x86 he)" = Mozilla Firefox 23.0 (x86 he)
"Mp3 Knife_is1" = Mp3 Knife 3.2
"mp3splt-gtk" = mp3splt-gtk
"Mp3tag" = Mp3tag v2.55a
"MSTTS" = Microsoft Text-to-Speech Engine 4.0 (English)
"NirSoft BlueScreenView" = NirSoft BlueScreenView
"NirSoft VideoCacheView" = NirSoft VideoCacheView
"NirSoft WebVideoCap" = NirSoft WebVideoCap
"NirSoft WirelessNetView" = NirSoft WirelessNetView
"nLite_is1" = nLite 1.4.9.1
"Notepad++" = Notepad++
"Office14.PROPLUS" = Microsoft Office Professional Plus 2010
"OpenSSL Light (32-bit)_is1" = OpenSSL 0.9.8k Light (32-bit)
"Opera 12.16.1860" = Opera 12.16
"PDFTK Builder_is1" = PDFTK Builder 3.5.3
"Process_Hacker2_is1" = Process Hacker 2.31 (r5355)
"Recuva" = Recuva
"Registry Workshop" = Registry Workshop
"Remove Toolbar Buddy_is1" = Remove Toolbar Buddy 6.1
"Replay Media Catcher 4" = Replay Media Catcher 4 (4.4.3)
"Replay Media Catcher 5" = Replay Media Catcher 5 (5.0.0.99)
"RMPrepUSB" = RMPrepUSB
"RollerCoaster Tycoon Setup" = Roll
"Sandboxie" = Sandboxie 4.04 (32-bit)
"SecurityKISS Tunnel_is1" = SecurityKISS Tunnel v0.3.0
"SubtitleWorkshop" = Subtitle Workshop 2.51
"SysTracer" = SysTracer v2.6
"TeamViewer 8" = TeamViewer 8
"TeraCopy_is1" = TeraCopy 2.3 beta 2
"The KMPlayer" = The KMPlayer
"Totalcmd" = Total Commander (Remove or Repair)
"TrueCrypt" = TrueCrypt
"Tweak UI 2.10" = Tweak UI
"UBCD4Win_is1" = UBCD4Win 3.60
"UltraISO_is1" = UltraISO Premium V9.52
"UnHackMe_is1" = UnHackMe 5.99 release
"Universal Extractor_is1" = Universal Extractor 1.6.1
"Unlocker" = Unlocker 1.9.2
"USB Safely Remove_is1" = USB Safely Remove 5.2
"VLC media player" = VLC media player 2.0.7
"VMware_Workstation" = VMware Workstation
"Winamp" = Winamp
"Windows Unattended CD Creator" = Windows Unattended CD Creator 1.0.2 Beta 10
"Windows Update Remover" = Windows Update Remover
"WinHex" = WinHex
"WinImage" = WinImage
"WinPcapInst" = WinPcap 4.1.2
"WinRAR archiver" = WinRAR 5.00 ביתא 5 (32-סיביות)
"winscp3_is1" = WinSCP 5.1.5
"WinUHA_is1" = WinUHA 2.0 RC1 (2005.02.27)
"Wubi" = Ubuntu
"תורת אמת - 346" = תורת אמת - 346
"תורת אמת - 347" = תורת אמת - 347
========== HKEY_USERS Uninstall List ========== [HKEY_USERS\S-1-5-21-1935655697-616249376-1417001333-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
========== Last 20 Event Log Errors ========== [ Application Events ]
Error - 11/06/2013 23:08:50 | Computer Name = CHABADGAT | Source = .NET Runtime Optimization Service | ID = 1103
Description = .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32)
- Tried to start a service that wasn't the latest version of CLR Optimization service.
Will shutdown
Error - 13/06/2013 01:33:12 | Computer Name = CHABADGAT | Source = nginx | ID = 3299
Description = E:\nginx-1.5.1\nginx.exe: could not open error log file: CreateFile()
"logs/error.log" failed (3: The system cannot find the path specified) .
[ System Events ]
Error - 08/08/2013 02:41:20 | Computer Name = CHABADGAT | Source = Service Control Manager | ID = 7000
Description = The Scutum50 NDIS Protocol Driver service failed to start due to the
following error: %%2
Error - 08/08/2013 10:44:11 | Computer Name = CHABADGAT | Source = Service Control Manager | ID = 7000
Description = The Scutum50 NDIS Protocol Driver service failed to start due to the
following error: %%2
Error - 08/08/2013 13:41:36 | Computer Name = CHABADGAT | Source = Service Control Manager | ID = 7000
Description = The Scutum50 NDIS Protocol Driver service failed to start due to the
following error: %%2
Error - 08/08/2013 13:42:02 | Computer Name = CHABADGAT | Source = Service Control Manager | ID = 7022
Description = The Kaspersky Anti-Virus Service service hung on starting.
Error - 09/08/2013 04:33:54 | Computer Name = CHABADGAT | Source = Service Control Manager | ID = 7000
Description = The Scutum50 NDIS Protocol Driver service failed to start due to the
following error: %%2
Error - 09/08/2013 04:34:07 | Computer Name = CHABADGAT | Source = Service Control Manager | ID = 7022
Description = The Kaspersky Anti-Virus Service service hung on starting.
Error - 10/08/2013 13:38:14 | Computer Name = CHABADGAT | Source = Service Control Manager | ID = 7000
Description = The Scutum50 NDIS Protocol Driver service failed to start due to the
following error: %%2
Error - 10/08/2013 13:38:26 | Computer Name = CHABADGAT | Source = Service Control Manager | ID = 7022
Description = The Kaspersky Anti-Virus Service service hung on starting.
Error - 10/08/2013 18:02:29 | Computer Name = CHABADGAT | Source = Service Control Manager | ID = 7000
Description = The Scutum50 NDIS Protocol Driver service failed to start due to the
following error: %%2
Error - 11/08/2013 01:37:20 | Computer Name = CHABADGAT | Source = Service Control Manager | ID = 7000
Description = The Scutum50 NDIS Protocol Driver service failed to start due to the
following error: %%2
< End of report >