Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

skype-soft.com url blocked at startup


  • Please log in to reply
27 replies to this topic

#1 liorshwa

liorshwa

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:05:56 AM

Posted 16 October 2015 - 04:31 AM

i started my pc and when i got to the desktop the following notification appeared:

 

http://srv1.jpg.co.il/4/5620c2945bc9c.jpg

 

i logged off and logged back in and it appeared again

 

As i understand -  if it appears every time i start my pc there must be a proccess that tries to reach this url and then it is blocked by my antivirus (ESET v8)

 

what should i do?

 

UPDATE:

if someone did not understand me correctly - this message appears as is without the need of me to access something - i didn't try to access this url through a web browser, it just appears when i get to the desktop.

also i scanned with malwarebytes and it removed some PUM keys and one PUM file but it didn't help.


Edited by liorshwa, 16 October 2015 - 10:35 AM.


BC AdBot (Login to Remove)

 


#2 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,683 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:56 PM

Posted 16 October 2015 - 11:51 AM

Hi liorshwa :)

My name is Aura and I'll be assisting you with your issue. ESET products will indeed block Skype-Soft.com, as shown in the VirusTotal report of the URL.

https://www.virustotal.com/fr/url/04d9e2bde704d509810a9930f2c3afbc159ec36271738de2c04f2c767a4bbf79/analysis/1445014201/

You most likely have a program or service on startup which attempts to connect to that address, let's see what it could be. Follow the instructions below please.

3Al62Pm.pngMiniToolBox
  • Download MiniToolBox and move the executable file to your Desktop;
  • Right-click on MiniToolBox.exe and select Spcusrh.pngRun as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users);
  • Check the following options:
    • Flush DNS;
    • Report IE Proxy Settings;
    • Reset IE Proxy Settings;
    • Report FF Proxy Settings;
    • Reset FF Proxy Settings;
    • List content of Hosts;
    • List IP Configuration;
    • List Last 10 Event Viewer Errors;
    • List Installed Programs;
    • List Devices - Only Problems;
    • List Users, Partitions and Memory size;
      B8oLpa3.png
  • Once this is done, click on Go and wait for the scan to complete;
  • Once the scan is complete, a log will open. Please copy/paste the content of the output log in your next reply;

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#3 liorshwa

liorshwa
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:05:56 AM

Posted 16 October 2015 - 12:38 PM

MiniToolBox Log:

 

 

MiniToolBox by Farbar  Version: 25-07-2015 01
Ran by User (administrator) on 16-10-2015 at 20:36:47
Running from "C:\Users\User\Desktop"
Microsoft Windows 10 Pro  (X64)
Model: To be filled by O.E.M. Manufacturer: Gigabyte Technology Co., Ltd.
Boot Mode: Normal
***************************************************************************
 
========================= Flush DNS: ===================================
 
Windows IP Configuration
 
Successfully flushed the DNS Resolver Cache.
 
========================= IE Proxy Settings: ============================== 
 
Proxy is not enabled.
No Proxy Server is set.
 
"Reset IE Proxy Settings": IE Proxy Settings were reset.
========================= Hosts content: =================================
 
 
0.0.0.0 vortex.data.microsoft.com 
0.0.0.0 vortex-win.data.microsoft.com 
0.0.0.0 telecommand.telemetry.microsoft.com 
0.0.0.0 telecommand.telemetry.microsoft.com.nsatc.net 
0.0.0.0 oca.telemetry.microsoft.com 
0.0.0.0 sqm.telemetry.microsoft.com 
0.0.0.0 sqm.telemetry.microsoft.com.nsatc.net 
0.0.0.0 watson.telemetry.microsoft.com 
0.0.0.0 watson.telemetry.microsoft.com.nsatc.net 
0.0.0.0 redir.metaservices.microsoft.com 
0.0.0.0 choice.microsoft.com 
0.0.0.0 choice.microsoft.com.nsatc.net 
0.0.0.0 wes.df.telemetry.microsoft.com 
0.0.0.0 services.wes.df.telemetry.microsoft.com 
0.0.0.0 sqm.df.telemetry.microsoft.com 
0.0.0.0 telemetry.microsoft.com 
0.0.0.0 watson.ppe.telemetry.microsoft.com 
0.0.0.0 telemetry.appex.bing.net 
0.0.0.0 telemetry.urs.microsoft.com 
0.0.0.0 telemetry.appex.bing.net:443 
0.0.0.0 settings-sandbox.data.microsoft.com 
0.0.0.0 survey.watson.microsoft.com 
0.0.0.0 watson.live.com 
0.0.0.0 watson.microsoft.com 
0.0.0.0 statsfe2.ws.microsoft.com 
0.0.0.0 corpext.msitadfs.glbdns2.microsoft.com 
0.0.0.0 compatexchange.cloudapp.net 
0.0.0.0 a-0001.a-msedge.net 
0.0.0.0 statsfe2.update.microsoft.com.akadns.net 
0.0.0.0 sls.update.microsoft.com.akadns.net 
0.0.0.0 fe2.update.microsoft.com.akadns.net 
0.0.0.0 diagnostics.support.microsoft.com 
0.0.0.0 corp.sts.microsoft.com 
0.0.0.0 statsfe1.ws.microsoft.com 
0.0.0.0 feedback.windows.com 
0.0.0.0 feedback.microsoft-hohm.com 
0.0.0.0 feedback.search.microsoft.com 
0.0.0.0 rad.msn.com 
0.0.0.0 preview.msn.com 
0.0.0.0 ad.doubleclick.net 
0.0.0.0 ads.msn.com 
0.0.0.0 ads1.msads.net 
0.0.0.0 ads1.msn.com 
0.0.0.0 a.ads1.msn.com 
0.0.0.0 a.ads2.msn.com 
0.0.0.0 adnexus.net 
0.0.0.0 adnxs.com 
0.0.0.0 az361816.vo.msecnd.net 
0.0.0.0 az512334.vo.msecnd.net 
0.0.0.0 ssw.live.com 
0.0.0.0 ca.telemetry.microsoft.com 
0.0.0.0 i1.services.social.microsoft.com 
0.0.0.0 i1.services.social.microsoft.com.nsatc.net 
0.0.0.0 df.telemetry.microsoft.com 
0.0.0.0 reports.wes.df.telemetry.microsoft.com 
0.0.0.0 cs1.wpc.v0cdn.net 
0.0.0.0 vortex-sandbox.data.microsoft.com 
0.0.0.0 oca.telemetry.microsoft.com.nsatc.net 
0.0.0.0 pre.footprintpredict.com 
0.0.0.0 spynet2.microsoft.com 
0.0.0.0 spynetalt.microsoft.com 
0.0.0.0 fe3.delivery.dsp.mp.microsoft.com.nsatc.net 
 
 
========================= IP Configuration: ================================
 
Qualcomm Atheros AR7015 Wireless Network Adapter = Wi-Fi (Connected)
Realtek PCIe GBE Family Controller = Ethernet (Media disconnected)
 
 
# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4
 
reset
set global
add route prefix=111.221.29.177/32 interface="iftype0_0" nexthop=0.0.0.0 metric=1 publish=Yes
add route prefix=111.221.29.253/32 interface="iftype0_0" nexthop=0.0.0.0 metric=1 publish=Yes
add route prefix=131.253.40.37/32 interface="iftype0_0" nexthop=0.0.0.0 metric=1 publish=Yes
add route prefix=134.170.30.202/32 interface="iftype0_0" nexthop=0.0.0.0 metric=1 publish=Yes
add route prefix=134.170.115.60/32 interface="iftype0_0" nexthop=0.0.0.0 metric=1 publish=Yes
add route prefix=134.170.165.248/32 interface="iftype0_0" nexthop=0.0.0.0 metric=1 publish=Yes
add route prefix=134.170.165.253/32 interface="iftype0_0" nexthop=0.0.0.0 metric=1 publish=Yes
add route prefix=134.170.185.70/32 interface="iftype0_0" nexthop=0.0.0.0 metric=1 publish=Yes
add route prefix=137.116.81.24/32 interface="iftype0_0" nexthop=0.0.0.0 metric=1 publish=Yes
add route prefix=137.117.235.16/32 interface="iftype0_0" nexthop=0.0.0.0 metric=1 publish=Yes
add route prefix=157.55.129.21/32 interface="iftype0_0" nexthop=0.0.0.0 metric=1 publish=Yes
add route prefix=157.55.133.204/32 interface="iftype0_0" nexthop=0.0.0.0 metric=1 publish=Yes
add route prefix=157.56.121.89/32 interface="iftype0_0" nexthop=0.0.0.0 metric=1 publish=Yes
add route prefix=157.56.91.77/32 interface="iftype0_0" nexthop=0.0.0.0 metric=1 publish=Yes
add route prefix=168.63.108.233/32 interface="iftype0_0" nexthop=0.0.0.0 metric=1 publish=Yes
add route prefix=191.232.139.254/32 interface="iftype0_0" nexthop=0.0.0.0 metric=1 publish=Yes
add route prefix=191.232.80.58/32 interface="iftype0_0" nexthop=0.0.0.0 metric=1 publish=Yes
add route prefix=191.232.80.62/32 interface="iftype0_0" nexthop=0.0.0.0 metric=1 publish=Yes
add route prefix=191.237.208.126/32 interface="iftype0_0" nexthop=0.0.0.0 metric=1 publish=Yes
add route prefix=204.79.197.200/32 interface="iftype0_0" nexthop=0.0.0.0 metric=1 publish=Yes
add route prefix=207.46.101.29/32 interface="iftype0_0" nexthop=0.0.0.0 metric=1 publish=Yes
add route prefix=207.46.114.58/32 interface="iftype0_0" nexthop=0.0.0.0 metric=1 publish=Yes
add route prefix=207.46.223.94/32 interface="iftype0_0" nexthop=0.0.0.0 metric=1 publish=Yes
add route prefix=207.68.166.254/32 interface="iftype0_0" nexthop=0.0.0.0 metric=1 publish=Yes
add route prefix=212.30.134.204/32 interface="iftype0_0" nexthop=0.0.0.0 metric=1 publish=Yes
add route prefix=212.30.134.205/32 interface="iftype0_0" nexthop=0.0.0.0 metric=1 publish=Yes
add route prefix=23.102.21.4/32 interface="iftype0_0" nexthop=0.0.0.0 metric=1 publish=Yes
add route prefix=23.99.10.11/32 interface="iftype0_0" nexthop=0.0.0.0 metric=1 publish=Yes
add route prefix=23.218.212.69/32 interface="iftype0_0" nexthop=0.0.0.0 metric=1 publish=Yes
add route prefix=64.4.54.22/32 interface="iftype0_0" nexthop=0.0.0.0 metric=1 publish=Yes
add route prefix=64.4.54.32/32 interface="iftype0_0" nexthop=0.0.0.0 metric=1 publish=Yes
add route prefix=64.4.6.100/32 interface="iftype0_0" nexthop=0.0.0.0 metric=1 publish=Yes
add route prefix=65.39.117.230/32 interface="iftype0_0" nexthop=0.0.0.0 metric=1 publish=Yes
add route prefix=65.52.100.11/32 interface="iftype0_0" nexthop=0.0.0.0 metric=1 publish=Yes
add route prefix=65.52.100.7/32 interface="iftype0_0" nexthop=0.0.0.0 metric=1 publish=Yes
add route prefix=65.52.100.9/32 interface="iftype0_0" nexthop=0.0.0.0 metric=1 publish=Yes
add route prefix=65.52.100.91/32 interface="iftype0_0" nexthop=0.0.0.0 metric=1 publish=Yes
add route prefix=65.52.100.92/32 interface="iftype0_0" nexthop=0.0.0.0 metric=1 publish=Yes
add route prefix=65.52.100.93/32 interface="iftype0_0" nexthop=0.0.0.0 metric=1 publish=Yes
add route prefix=65.52.100.94/32 interface="iftype0_0" nexthop=0.0.0.0 metric=1 publish=Yes
add route prefix=65.52.108.29/32 interface="iftype0_0" nexthop=0.0.0.0 metric=1 publish=Yes
add route prefix=65.55.108.23/32 interface="iftype0_0" nexthop=0.0.0.0 metric=1 publish=Yes
add route prefix=65.55.138.114/32 interface="iftype0_0" nexthop=0.0.0.0 metric=1 publish=Yes
add route prefix=65.55.138.126/32 interface="iftype0_0" nexthop=0.0.0.0 metric=1 publish=Yes
add route prefix=65.55.138.186/32 interface="iftype0_0" nexthop=0.0.0.0 metric=1 publish=Yes
add route prefix=65.55.252.63/32 interface="iftype0_0" nexthop=0.0.0.0 metric=1 publish=Yes
add route prefix=65.55.252.71/32 interface="iftype0_0" nexthop=0.0.0.0 metric=1 publish=Yes
add route prefix=65.55.252.92/32 interface="iftype0_0" nexthop=0.0.0.0 metric=1 publish=Yes
add route prefix=65.55.252.93/32 interface="iftype0_0" nexthop=0.0.0.0 metric=1 publish=Yes
add route prefix=65.55.29.238/32 interface="iftype0_0" nexthop=0.0.0.0 metric=1 publish=Yes
add route prefix=65.55.39.10/32 interface="iftype0_0" nexthop=0.0.0.0 metric=1 publish=Yes
add route prefix=191.232.139.2/32 interface="iftype0_0" nexthop=0.0.0.0 metric=1 publish=Yes
 
 
popd
# End of IPv4 configuration
 
 
 
Windows IP Configuration
 
   Host Name . . . . . . . . . . . . : DESKTOP-BAKDBKI
   Primary Dns Suffix  . . . . . . . : 
   Node Type . . . . . . . . . . . . : Hybrid
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No
 
Ethernet adapter Ethernet:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Realtek PCIe GBE Family Controller
   Physical Address. . . . . . . . . : 94-DE-80-6D-F3-6D
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
 
Wireless LAN adapter Wi-Fi:
 
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Qualcomm Atheros AR7015 Wireless Network Adapter
   Physical Address. . . . . . . . . : B0-48-7A-8E-6F-1C
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   Link-local IPv6 Address . . . . . : fe80::e153:8a9e:8832:e6d2%2(Preferred) 
   IPv4 Address. . . . . . . . . . . : 192.168.1.11(Preferred) 
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Lease Obtained. . . . . . . . . . : �������� 16 ������� 2015 15:17:50
   Lease Expires . . . . . . . . . . : �������� 16 ������� 2015 21:18:05
   Default Gateway . . . . . . . . . : 192.168.1.1
   DHCP Server . . . . . . . . . . . : 192.168.1.1
   DHCPv6 IAID . . . . . . . . . . . : 128993402
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-1D-A0-96-FE-94-DE-80-6D-F3-6D
   DNS Servers . . . . . . . . . . . : 212.143.0.1
                                       194.90.0.1
   NetBIOS over Tcpip. . . . . . . . : Enabled
 
Tunnel adapter isatap.{043DFF01-4607-4A3C-A37E-BD954DE31D06}:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
 
Tunnel adapter Teredo Tunneling Pseudo-Interface:
 
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
   IPv6 Address. . . . . . . . . . . : 2001:0:9d38:6abd:3064:210e:aabf:7704(Preferred) 
   Link-local IPv6 Address . . . . . : fe80::3064:210e:aabf:7704%5(Preferred) 
   Default Gateway . . . . . . . . . : ::
   DHCPv6 IAID . . . . . . . . . . . : 234881024
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-1D-A0-96-FE-94-DE-80-6D-F3-6D
   NetBIOS over Tcpip. . . . . . . . : Disabled
Server:  UnKnown
Address:  212.143.0.1
 
Name:    google.com
Addresses:  2a00:1450:4013:c01::8b
 173.194.65.113
 173.194.65.139
 173.194.65.101
 173.194.65.102
 173.194.65.100
 173.194.65.138
 
 
Pinging google.com [173.194.65.113] with 32 bytes of data:
Reply from 173.194.65.113: bytes=32 time=78ms TTL=43
Reply from 173.194.65.113: bytes=32 time=79ms TTL=43
 
Ping statistics for 173.194.65.113:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 78ms, Maximum = 79ms, Average = 78ms
Server:  UnKnown
Address:  212.143.0.1
 
Name:    yahoo.com
Addresses:  2001:4998:58:c02::a9
 2001:4998:c:a06::2:4008
 2001:4998:44:204::a7
 98.139.183.24
 98.138.253.109
 206.190.36.45
 
 
Pinging yahoo.com [98.139.183.24] with 32 bytes of data:
Reply from 98.139.183.24: bytes=32 time=175ms TTL=46
Reply from 98.139.183.24: bytes=32 time=168ms TTL=46
 
Ping statistics for 98.139.183.24:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 168ms, Maximum = 175ms, Average = 171ms
 
Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
 
Ping statistics for 127.0.0.1:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
  6...94 de 80 6d f3 6d ......Realtek PCIe GBE Family Controller
  2...b0 48 7a 8e 6f 1c ......Qualcomm Atheros AR7015 Wireless Network Adapter
  1...........................Software Loopback Interface 1
  3...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
  5...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
===========================================================================
 
IPv4 Route Table
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0      192.168.1.1     192.168.1.11     25
        127.0.0.0        255.0.0.0         On-link         127.0.0.1    306
        127.0.0.1  255.255.255.255         On-link         127.0.0.1    306
  127.255.255.255  255.255.255.255         On-link         127.0.0.1    306
      192.168.1.0    255.255.255.0         On-link      192.168.1.11    281
     192.168.1.11  255.255.255.255         On-link      192.168.1.11    281
    192.168.1.255  255.255.255.255         On-link      192.168.1.11    281
        224.0.0.0        240.0.0.0         On-link         127.0.0.1    306
        224.0.0.0        240.0.0.0         On-link      192.168.1.11    281
  255.255.255.255  255.255.255.255         On-link         127.0.0.1    306
  255.255.255.255  255.255.255.255         On-link      192.168.1.11    281
===========================================================================
Persistent Routes:
  Network Address          Netmask  Gateway Address  Metric
   111.221.29.177  255.255.255.255         On-link        1
   111.221.29.253  255.255.255.255         On-link        1
    131.253.40.37  255.255.255.255         On-link        1
   134.170.30.202  255.255.255.255         On-link        1
   134.170.115.60  255.255.255.255         On-link        1
  134.170.165.248  255.255.255.255         On-link        1
  134.170.165.253  255.255.255.255         On-link        1
   134.170.185.70  255.255.255.255         On-link        1
    137.116.81.24  255.255.255.255         On-link        1
   137.117.235.16  255.255.255.255         On-link        1
    157.55.129.21  255.255.255.255         On-link        1
   157.55.133.204  255.255.255.255         On-link        1
    157.56.121.89  255.255.255.255         On-link        1
     157.56.91.77  255.255.255.255         On-link        1
   168.63.108.233  255.255.255.255         On-link        1
  191.232.139.254  255.255.255.255         On-link        1
    191.232.80.58  255.255.255.255         On-link        1
    191.232.80.62  255.255.255.255         On-link        1
  191.237.208.126  255.255.255.255         On-link        1
   204.79.197.200  255.255.255.255         On-link        1
    207.46.101.29  255.255.255.255         On-link        1
    207.46.114.58  255.255.255.255         On-link        1
    207.46.223.94  255.255.255.255         On-link        1
   207.68.166.254  255.255.255.255         On-link        1
   212.30.134.204  255.255.255.255         On-link        1
   212.30.134.205  255.255.255.255         On-link        1
      23.102.21.4  255.255.255.255         On-link        1
      23.99.10.11  255.255.255.255         On-link        1
    23.218.212.69  255.255.255.255         On-link        1
       64.4.54.22  255.255.255.255         On-link        1
       64.4.54.32  255.255.255.255         On-link        1
       64.4.6.100  255.255.255.255         On-link        1
    65.39.117.230  255.255.255.255         On-link        1
     65.52.100.11  255.255.255.255         On-link        1
      65.52.100.7  255.255.255.255         On-link        1
      65.52.100.9  255.255.255.255         On-link        1
     65.52.100.91  255.255.255.255         On-link        1
     65.52.100.92  255.255.255.255         On-link        1
     65.52.100.93  255.255.255.255         On-link        1
     65.52.100.94  255.255.255.255         On-link        1
     65.52.108.29  255.255.255.255         On-link        1
     65.55.108.23  255.255.255.255         On-link        1
    65.55.138.114  255.255.255.255         On-link        1
    65.55.138.126  255.255.255.255         On-link        1
    65.55.138.186  255.255.255.255         On-link        1
     65.55.252.63  255.255.255.255         On-link        1
     65.55.252.71  255.255.255.255         On-link        1
     65.55.252.92  255.255.255.255         On-link        1
     65.55.252.93  255.255.255.255         On-link        1
     65.55.29.238  255.255.255.255         On-link        1
      65.55.39.10  255.255.255.255         On-link        1
    191.232.139.2  255.255.255.255         On-link        1
===========================================================================
 
IPv6 Route Table
===========================================================================
Active Routes:
 If Metric Network Destination      Gateway
  5    306 ::/0                     On-link
  1    306 ::1/128                  On-link
  5    306 2001::/32                On-link
  5    306 2001:0:9d38:6abd:3064:210e:aabf:7704/128
                                    On-link
  2    281 fe80::/64                On-link
  5    306 fe80::/64                On-link
  5    306 fe80::3064:210e:aabf:7704/128
                                    On-link
  2    281 fe80::e153:8a9e:8832:e6d2/128
                                    On-link
  1    306 ff00::/8                 On-link
  2    281 ff00::/8                 On-link
  5    306 ff00::/8                 On-link
===========================================================================
Persistent Routes:
  None
 
========================= Event log errors: ===============================
 
Application errors:
==================
Error: (10/16/2015 03:18:52 PM) (Source: Application Error) (User: )
Description: ‏‏שם יישום שחלות בו תקלות: ShellExperienceHost.exe, גירסה: 10.0.10240.16515, חותמת זמן: 0x55fa599a
שם מודול שחלות בו תקלות: StartUI.dll, גירסה: 10.0.10240.16515, חותמת זמן: 0x55fa5463
קוד חריגה: 0xc0000005
היסט תקלה: 0x00000000000368c3
מזהה תהליך שחלות בו תקלות: 0x374
שעת ההפעלה של היישום שחלות בו תקלות: 0xShellExperienceHost.exe0
נתיב היישום שחלות בו תקלות: ShellExperienceHost.exe1
נתיב המודול שחלות בו תקלות: ShellExperienceHost.exe2
מזהה דוח: ShellExperienceHost.exe3
שם מלא של החבילה שחלות בה תקלות: ShellExperienceHost.exe4
מזהה יישום יחסי לחבילה שחלות בה תקלות: ShellExperienceHost.exe5
 
Error: (10/16/2015 03:18:50 PM) (Source: Application Error) (User: )
Description: ‏‏שם יישום שחלות בו תקלות: ShellExperienceHost.exe, גירסה: 10.0.10240.16515, חותמת זמן: 0x55fa599a
שם מודול שחלות בו תקלות: StartUI.dll, גירסה: 10.0.10240.16515, חותמת זמן: 0x55fa5463
קוד חריגה: 0xc0000005
היסט תקלה: 0x00000000000368c3
מזהה תהליך שחלות בו תקלות: 0x9f8
שעת ההפעלה של היישום שחלות בו תקלות: 0xShellExperienceHost.exe0
נתיב היישום שחלות בו תקלות: ShellExperienceHost.exe1
נתיב המודול שחלות בו תקלות: ShellExperienceHost.exe2
מזהה דוח: ShellExperienceHost.exe3
שם מלא של החבילה שחלות בה תקלות: ShellExperienceHost.exe4
מזהה יישום יחסי לחבילה שחלות בה תקלות: ShellExperienceHost.exe5
 
Error: (10/16/2015 03:18:48 PM) (Source: Application Error) (User: )
Description: ‏‏שם יישום שחלות בו תקלות: ShellExperienceHost.exe, גירסה: 10.0.10240.16515, חותמת זמן: 0x55fa599a
שם מודול שחלות בו תקלות: StartUI.dll, גירסה: 10.0.10240.16515, חותמת זמן: 0x55fa5463
קוד חריגה: 0xc0000005
היסט תקלה: 0x00000000000368c3
מזהה תהליך שחלות בו תקלות: 0x15c
שעת ההפעלה של היישום שחלות בו תקלות: 0xShellExperienceHost.exe0
נתיב היישום שחלות בו תקלות: ShellExperienceHost.exe1
נתיב המודול שחלות בו תקלות: ShellExperienceHost.exe2
מזהה דוח: ShellExperienceHost.exe3
שם מלא של החבילה שחלות בה תקלות: ShellExperienceHost.exe4
מזהה יישום יחסי לחבילה שחלות בה תקלות: ShellExperienceHost.exe5
 
Error: (10/16/2015 03:18:45 PM) (Source: Application Error) (User: )
Description: ‏‏שם יישום שחלות בו תקלות: ShellExperienceHost.exe, גירסה: 10.0.10240.16515, חותמת זמן: 0x55fa599a
שם מודול שחלות בו תקלות: StartUI.dll, גירסה: 10.0.10240.16515, חותמת זמן: 0x55fa5463
קוד חריגה: 0xc0000005
היסט תקלה: 0x00000000000368c3
מזהה תהליך שחלות בו תקלות: 0xc58
שעת ההפעלה של היישום שחלות בו תקלות: 0xShellExperienceHost.exe0
נתיב היישום שחלות בו תקלות: ShellExperienceHost.exe1
נתיב המודול שחלות בו תקלות: ShellExperienceHost.exe2
מזהה דוח: ShellExperienceHost.exe3
שם מלא של החבילה שחלות בה תקלות: ShellExperienceHost.exe4
מזהה יישום יחסי לחבילה שחלות בה תקלות: ShellExperienceHost.exe5
 
Error: (10/16/2015 03:18:40 PM) (Source: Application Error) (User: )
Description: ‏‏שם יישום שחלות בו תקלות: ShellExperienceHost.exe, גירסה: 10.0.10240.16515, חותמת זמן: 0x55fa599a
שם מודול שחלות בו תקלות: StartUI.dll, גירסה: 10.0.10240.16515, חותמת זמן: 0x55fa5463
קוד חריגה: 0xc0000005
היסט תקלה: 0x00000000000368c3
מזהה תהליך שחלות בו תקלות: 0x1060
שעת ההפעלה של היישום שחלות בו תקלות: 0xShellExperienceHost.exe0
נתיב היישום שחלות בו תקלות: ShellExperienceHost.exe1
נתיב המודול שחלות בו תקלות: ShellExperienceHost.exe2
מזהה דוח: ShellExperienceHost.exe3
שם מלא של החבילה שחלות בה תקלות: ShellExperienceHost.exe4
מזהה יישום יחסי לחבילה שחלות בה תקלות: ShellExperienceHost.exe5
 
Error: (10/16/2015 03:15:29 PM) (Source: Microsoft-Windows-Immersive-Shell) (User: DESKTOP-BAKDBKI)
Description: ‏‏הפעלת האפליקציה Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI נכשלה עם שגיאה: -2144927141 עיין ביומן הרישום Microsoft-Windows-TWinUI/Operational לקבלת מידע נוסף.
 
Error: (10/16/2015 12:18:36 PM) (Source: Application Error) (User: )
Description: ‏‏שם יישום שחלות בו תקלות: ShellExperienceHost.exe, גירסה: 10.0.10240.16515, חותמת זמן: 0x55fa599a
שם מודול שחלות בו תקלות: StartUI.dll, גירסה: 10.0.10240.16515, חותמת זמן: 0x55fa5463
קוד חריגה: 0xc0000005
היסט תקלה: 0x00000000000368c3
מזהה תהליך שחלות בו תקלות: 0xdf4
שעת ההפעלה של היישום שחלות בו תקלות: 0xShellExperienceHost.exe0
נתיב היישום שחלות בו תקלות: ShellExperienceHost.exe1
נתיב המודול שחלות בו תקלות: ShellExperienceHost.exe2
מזהה דוח: ShellExperienceHost.exe3
שם מלא של החבילה שחלות בה תקלות: ShellExperienceHost.exe4
מזהה יישום יחסי לחבילה שחלות בה תקלות: ShellExperienceHost.exe5
 
Error: (10/16/2015 12:18:34 PM) (Source: Application Error) (User: )
Description: ‏‏שם יישום שחלות בו תקלות: ShellExperienceHost.exe, גירסה: 10.0.10240.16515, חותמת זמן: 0x55fa599a
שם מודול שחלות בו תקלות: StartUI.dll, גירסה: 10.0.10240.16515, חותמת זמן: 0x55fa5463
קוד חריגה: 0xc0000005
היסט תקלה: 0x00000000000368c3
מזהה תהליך שחלות בו תקלות: 0x1264
שעת ההפעלה של היישום שחלות בו תקלות: 0xShellExperienceHost.exe0
נתיב היישום שחלות בו תקלות: ShellExperienceHost.exe1
נתיב המודול שחלות בו תקלות: ShellExperienceHost.exe2
מזהה דוח: ShellExperienceHost.exe3
שם מלא של החבילה שחלות בה תקלות: ShellExperienceHost.exe4
מזהה יישום יחסי לחבילה שחלות בה תקלות: ShellExperienceHost.exe5
 
Error: (10/16/2015 10:31:27 AM) (Source: Application Error) (User: )
Description: ‏‏שם יישום שחלות בו תקלות: ShellExperienceHost.exe, גירסה: 10.0.10240.16515, חותמת זמן: 0x55fa599a
שם מודול שחלות בו תקלות: StartUI.dll, גירסה: 10.0.10240.16515, חותמת זמן: 0x55fa5463
קוד חריגה: 0xc0000005
היסט תקלה: 0x00000000000368c3
מזהה תהליך שחלות בו תקלות: 0x864
שעת ההפעלה של היישום שחלות בו תקלות: 0xShellExperienceHost.exe0
נתיב היישום שחלות בו תקלות: ShellExperienceHost.exe1
נתיב המודול שחלות בו תקלות: ShellExperienceHost.exe2
מזהה דוח: ShellExperienceHost.exe3
שם מלא של החבילה שחלות בה תקלות: ShellExperienceHost.exe4
מזהה יישום יחסי לחבילה שחלות בה תקלות: ShellExperienceHost.exe5
 
Error: (10/16/2015 10:31:24 AM) (Source: Application Error) (User: )
Description: ‏‏שם יישום שחלות בו תקלות: ShellExperienceHost.exe, גירסה: 10.0.10240.16515, חותמת זמן: 0x55fa599a
שם מודול שחלות בו תקלות: StartUI.dll, גירסה: 10.0.10240.16515, חותמת זמן: 0x55fa5463
קוד חריגה: 0xc0000005
היסט תקלה: 0x00000000000368c3
מזהה תהליך שחלות בו תקלות: 0x1718
שעת ההפעלה של היישום שחלות בו תקלות: 0xShellExperienceHost.exe0
נתיב היישום שחלות בו תקלות: ShellExperienceHost.exe1
נתיב המודול שחלות בו תקלות: ShellExperienceHost.exe2
מזהה דוח: ShellExperienceHost.exe3
שם מלא של החבילה שחלות בה תקלות: ShellExperienceHost.exe4
מזהה יישום יחסי לחבילה שחלות בה תקלות: ShellExperienceHost.exe5
 
 
System errors:
=============
Error: (10/16/2015 08:30:49 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (User: NT AUTHORITY)
Description: ‏‏ההתקנה נכשלה: Windows נכשל בהתקנת העדכון הבא עם שגיאה 0x80246007: Movies & TV.
 
Error: (10/16/2015 08:30:45 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (User: NT AUTHORITY)
Description: ‏‏ההתקנה נכשלה: Windows נכשל בהתקנת העדכון הבא עם שגיאה 0x80246007: Pel·lícules i programes.
 
Error: (10/16/2015 05:58:37 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)UnavailableUnavailable
 
Error: (10/16/2015 03:32:48 PM) (Source: DCOM) (User: DESKTOP-BAKDBKI)
Description: machine-defaultLocalActivation{C2F03A33-21F5-47FA-B4BB-156362A2F239}{316CDED5-E4AE-4B15-9113-7055D84DCC97}DESKTOP-BAKDBKIUserS-1-5-21-4056199070-3445924891-576867103-1001LocalHost (Using LRPC)Microsoft.WindowsStore_2015.10.5.0_x64__8wekyb3d8bbweS-1-15-2-1609473798-1231923017-684268153-4268514328-882773646-2760585773-1760938157
 
Error: (10/16/2015 03:15:29 PM) (Source: DCOM) (User: DESKTOP-BAKDBKI)
Description: CortanaUI.AppXd4tad4d57t4wtdbnnmb8v2xtzym8c1n8.mca
 
Error: (10/16/2015 03:15:26 PM) (Source: Service Control Manager) (User: )
Description: ‏‏השירות Sync Host_Session3 הסתיים באופן בלתי צפוי. אירוע זה התרחש בפעם ה- 1. פעולת התיקון הבאה תינקט תוך 10000 אלפיות שניה: הפעל מחדש את השירות.
 
Error: (10/16/2015 11:46:56 AM) (Source: DCOM) (User: DESKTOP-BAKDBKI)
Description: {9A4948D9-13FC-4FAC-B60A-FBA6EE0FB11C}
 
Error: (10/16/2015 11:46:54 AM) (Source: Service Control Manager) (User: )
Description: ‏‏השירות Sync Host_Session1 הסתיים באופן בלתי צפוי. אירוע זה התרחש בפעם ה- 1. פעולת התיקון הבאה תינקט תוך 10000 אלפיות שניה: הפעל מחדש את השירות.
 
Error: (10/15/2015 11:47:16 PM) (Source: Service Control Manager) (User: )
Description: ‏‏השירות Sync Host_Session1 הסתיים באופן בלתי צפוי. אירוע זה התרחש בפעם ה- 1. פעולת התיקון הבאה תינקט תוך 10000 אלפיות שניה: הפעל מחדש את השירות.
 
Error: (10/15/2015 02:06:15 PM) (Source: DCOM) (User: DESKTOP-BAKDBKI)
Description: machine-defaultLocalActivation{C2F03A33-21F5-47FA-B4BB-156362A2F239}{316CDED5-E4AE-4B15-9113-7055D84DCC97}DESKTOP-BAKDBKIUserS-1-5-21-4056199070-3445924891-576867103-1001LocalHost (Using LRPC)Microsoft.WindowsStore_2015.10.5.0_x64__8wekyb3d8bbweS-1-15-2-1609473798-1231923017-684268153-4268514328-882773646-2760585773-1760938157
 
 
Microsoft Office Sessions:
=========================
Error: (10/16/2015 03:18:52 PM) (Source: Application Error)(User: )
Description: ShellExperienceHost.exe10.0.10240.1651555fa599aStartUI.dll10.0.10240.1651555fa5463c000000500000000000368c337401d1080cd1f36a78C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exeC:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\StartUI.dll6b16e0df-49ad-489d-abfd-e16c2e3b4ff1Microsoft.Windows.ShellExperienceHost_10.0.10240.16384_neutral_neutral_cw5n1h2txyewyApp
 
Error: (10/16/2015 03:18:50 PM) (Source: Application Error)(User: )
Description: ShellExperienceHost.exe10.0.10240.1651555fa599aStartUI.dll10.0.10240.1651555fa5463c000000500000000000368c39f801d1080cd0912ba7C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exeC:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\StartUI.dllca03b410-48a2-46a9-b6f7-019b9b3711b6Microsoft.Windows.ShellExperienceHost_10.0.10240.16384_neutral_neutral_cw5n1h2txyewyApp
 
Error: (10/16/2015 03:18:48 PM) (Source: Application Error)(User: )
Description: ShellExperienceHost.exe10.0.10240.1651555fa599aStartUI.dll10.0.10240.1651555fa5463c000000500000000000368c315c01d1080ccf31df4bC:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exeC:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\StartUI.dll8906de2a-607f-4f04-b071-955f4074520eMicrosoft.Windows.ShellExperienceHost_10.0.10240.16384_neutral_neutral_cw5n1h2txyewyApp
 
Error: (10/16/2015 03:18:45 PM) (Source: Application Error)(User: )
Description: ShellExperienceHost.exe10.0.10240.1651555fa599aStartUI.dll10.0.10240.1651555fa5463c000000500000000000368c3c5801d1080ccdbaedc2C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exeC:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\StartUI.dllc2239d11-3bee-4266-9c13-a558cee20eb1Microsoft.Windows.ShellExperienceHost_10.0.10240.16384_neutral_neutral_cw5n1h2txyewyApp
 
Error: (10/16/2015 03:18:40 PM) (Source: Application Error)(User: )
Description: ShellExperienceHost.exe10.0.10240.1651555fa599aStartUI.dll10.0.10240.1651555fa5463c000000500000000000368c3106001d1080cc78806b3C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exeC:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\StartUI.dll9ae757af-dc88-4c7b-a1ca-c65cbf6b4931Microsoft.Windows.ShellExperienceHost_10.0.10240.16384_neutral_neutral_cw5n1h2txyewyApp
 
Error: (10/16/2015 03:15:29 PM) (Source: Microsoft-Windows-Immersive-Shell)(User: DESKTOP-BAKDBKI)
Description: Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI-2144927141
 
Error: (10/16/2015 12:18:36 PM) (Source: Application Error)(User: )
Description: ShellExperienceHost.exe10.0.10240.1651555fa599aStartUI.dll10.0.10240.1651555fa5463c000000500000000000368c3df401d107f3a347360aC:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exeC:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\StartUI.dll20616c6a-ed46-4167-8ce6-12b76c832acaMicrosoft.Windows.ShellExperienceHost_10.0.10240.16384_neutral_neutral_cw5n1h2txyewyApp
 
Error: (10/16/2015 12:18:34 PM) (Source: Application Error)(User: )
Description: ShellExperienceHost.exe10.0.10240.1651555fa599aStartUI.dll10.0.10240.1651555fa5463c000000500000000000368c3126401d107f3a19ced05C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exeC:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\StartUI.dll4217cc18-4a09-460d-89ea-590b91519efbMicrosoft.Windows.ShellExperienceHost_10.0.10240.16384_neutral_neutral_cw5n1h2txyewyApp
 
Error: (10/16/2015 10:31:27 AM) (Source: Application Error)(User: )
Description: ShellExperienceHost.exe10.0.10240.1651555fa599aStartUI.dll10.0.10240.1651555fa5463c000000500000000000368c386401d107e4aad265d1C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exeC:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\StartUI.dll7ea3abf5-54e8-41f4-bfa3-43977b11be12Microsoft.Windows.ShellExperienceHost_10.0.10240.16384_neutral_neutral_cw5n1h2txyewyApp
 
Error: (10/16/2015 10:31:24 AM) (Source: Application Error)(User: )
Description: ShellExperienceHost.exe10.0.10240.1651555fa599aStartUI.dll10.0.10240.1651555fa5463c000000500000000000368c3171801d107e4a976643eC:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exeC:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\StartUI.dll8ce8b21b-841d-45b0-a775-4ee75aac79b8Microsoft.Windows.ShellExperienceHost_10.0.10240.16384_neutral_neutral_cw5n1h2txyewyApp
 
 
=========================== Installed Programs ============================
 
µTorrent (HKCU\...\uTorrent) (Version: 3.4.5.41202 - BitTorrent Inc.)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 19.0.0.190 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.2 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.2.0.162 - Adobe Systems, Inc.)
Audacity 2.1.1 (HKLM-x32\...\Audacity®_is1) (Version: 2.1.1 - Audacity Team)
CCleaner (HKLM\...\CCleaner) (Version: 5.10 - Piriform)
DAEMON Tools Lite (HKLM\...\DAEMON Tools Lite) (Version: 10.1.0.0074 - Disc Soft Ltd)
ESET NOD32 Antivirus (HKLM\...\{5F2AE448-CD4B-40BD-B245-5F0CD06A09B0}) (Version: 8.0.319.0 - ESET, spol s r. o.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 45.0.2454.101 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.28.15 - Google Inc.) Hidden
ImgBurn (HKLM-x32\...\ImgBurn) (Version: 2.5.8.0 - LIGHTNING UK!)
Java 8 Update 60 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418060F0}) (Version: 8.0.600.27 - Oracle Corporation)
Java 8 Update 60 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218060F0}) (Version: 8.0.600.27 - Oracle Corporation)
Keep Talking and Nobody Explodes (HKLM-x32\...\{5F313C69-E37D-4A3B-8A48-3D36C768517B}_is1) (Version: 1.0 - Steel Crate Games)
LAME v3.99.3 (for Windows) (HKLM-x32\...\LAME_is1) (Version:  - )
Mad Max v.1.0.1.1 (HKLM-x32\...\Mad Max_is1) (Version:  - )
Malwarebytes Anti-Malware version 2.2.0.1024 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes)
Microsoft Office Professional Plus 2016 (HKLM\...\Office16.PROPLUS) (Version: 16.0.4266.1001 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40728.0 - Microsoft Corporation)
Microsoft Visio Professional 2016 (HKLM\...\Office16.VISPRO) (Version: 16.0.4266.1001 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
NVIDIA מנהל ההתקן עבור שמע בתקן HD 1.3.34.3 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.34.3 - NVIDIA Corporation)
NVIDIA מנהל התקן עבור נתונים גרפיים 355.98 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 355.98 - NVIDIA Corporation)
NVIDIA תכנת PhysX מערכת 9.15.0428 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.15.0428 - NVIDIA Corporation)
Outils de vérification linguistique 2016 de Microsoft Office - Français (HKLM\...\{90160000-001F-040C-1000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7572 - Realtek Semiconductor Corp.)
Revo Uninstaller Pro 3.1.4 (HKLM\...\{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1) (Version: 3.1.4 - VS Revo Group, Ltd.)
Saints Row Gat Out of Hell version Saints Row Gat Out of Hell (HKLM-x32\...\Saints Row Gat Out of Hell_is1) (Version: Saints Row Gat Out of Hell - )
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.51.0 - SAMSUNG Electronics Co., Ltd.)
Skype™ 7.12 (HKLM-x32\...\{6A0549A9-1B96-498C-ACBC-3943001FEB19}) (Version: 7.12.101 - Skype Technologies S.A.)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Stranded Deep (HKLM-x32\...\Steam App 313120) (Version:  - Beam Team Games)
swMSM (HKLM-x32\...\{612C34C7-5E90-47D8-9B5C-0F717DD82726}) (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
VLC media player (HKLM\...\VLC media player) (Version: 2.2.1 - VideoLAN)
WinRAR 5.00 (64-סיביות) (HKLM\...\WinRAR archiver) (Version: 5.00.0 - win.rar GmbH)
Средства проверки правописания Microsoft Office 2016 — русский (HKLM\...\{90160000-001F-0419-1000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
כלי ההגהה של Microsoft Office 2016 - עברית (HKLM\...\{90160000-001F-040D-1000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
לוח הבקרה של NVIDIA 355.98 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel) (Version: 355.98 - NVIDIA Corporation) Hidden
 
========================= Memory info: ===================================
 
Percentage of memory in use: 45%
Total physical RAM: 4041.7 MB
Available physical RAM: 2213.71 MB
Total Virtual: 4745.7 MB
Available Virtual: 2770.66 MB
 
========================= Partitions: =====================================
 
1 Drive c: () (Fixed) (Total:116.7 GB) (Free:88.17 GB) NTFS
2 Drive d: () (Fixed) (Total:348.57 GB) (Free:189.48 GB) NTFS
 
========================= Users: ========================================
 
User accounts for \\DESKTOP-BAKDBKI
 
Administrator            DefaultAccount           Guest                    
User                     
 
 
**** End of log ****


#4 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,683 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:56 PM

Posted 16 October 2015 - 12:43 PM

All the programs you have installed are legitimate. Your network configuration is interesting however, did you use a program like DoNotSpy10, or else to tweak your Windows 10 for more privacy?

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#5 liorshwa

liorshwa
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:05:56 AM

Posted 16 October 2015 - 01:05 PM

yes i did use destroy windows 10 spying, but i am using windows 10 for almost 2 month now and the message appeared only yesterday, after i installed a game called "keep talking and nobody explodes" but i don't know if the game could relate to skype-soft.com in some way or another!?


Edited by liorshwa, 16 October 2015 - 01:06 PM.


#6 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,683 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:56 PM

Posted 16 October 2015 - 01:06 PM

That website is blocked at work, so I cannot go on it and see what it's about. Did you download the game from the official website? Did it install anything else (like pre-checked offers)?

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#7 liorshwa

liorshwa
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:05:56 AM

Posted 16 October 2015 - 01:19 PM

yes it's the official legit copy and it didn't had any third-party app offers as long as i remember-  should i try tto remove it and see if it helps?

also do you recommend using Revo uninstaller?



#8 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,683 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:56 PM

Posted 16 October 2015 - 01:20 PM

I use Revo Uninstaller and recommend it when someone cannot uninstall a program. And yes, I would try to uninstall the game, then restart your computer and see if ESET still blocks a connection to Skype-Soft.

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#9 liorshwa

liorshwa
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:05:56 AM

Posted 16 October 2015 - 01:35 PM

my problem is not that it's blocking the site.

my problem is WHY it is blocking the site when i don't ask it to.

ok ill try to uninstall and update the post in a few.



#10 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,683 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:56 PM

Posted 16 October 2015 - 01:40 PM

my problem is WHY it is blocking the site when i don't ask it to.


Saw the VirusTotal URL I posted? You see that ESET blocks that URL by default because it consider it malicious. It doesn't need to ask your permission to block it since they consider it a threat. It's not like a PUP which most of time is "user dependant". It's like if ESET was blocking Ramnit or Virut and asking you before what you want to do with it. Obviously you want ESET to block it and delete it as soon as possible, and not let it run on your system. If you don't want ESET to block Skype-Soft.com, you can always add it to ESET's exception list.

http://www.eset.sg/html/167/631/

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#11 liorshwa

liorshwa
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:05:56 AM

Posted 16 October 2015 - 01:48 PM

i know that, but usualy it should block something when i try to access it and its malicious , but this time i didn't do anything and didn't try to access this url,  it just gets blocked everytime i get to the desktop so it means some other proccess is trying to access it and not ME!



#12 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,683 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:56 PM

Posted 16 October 2015 - 01:51 PM

It's not unusual for a process or service to want to access to a URL, domain or IP. It's entirely normal. ESET doesn't give information about the process or program that tries to access the URL? Kaspersky, Malwarebytes, avast!, etc. all do.

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#13 liorshwa

liorshwa
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:05:56 AM

Posted 16 October 2015 - 01:55 PM

NO thats the problem - i wish it would have given me some type of info to work with, but i get NOTHING except frusturation and worries Lol



#14 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,683 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:56 PM

Posted 16 October 2015 - 01:57 PM

We could also use TCPView to see which process is looking to connect to that URL. This being said, I imagine that the uninstall didn't work?

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#15 liorshwa

liorshwa
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:05:56 AM

Posted 16 October 2015 - 02:00 PM

sorry i didn't mention that - no it didn't work

how do i use tcpview






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users