Trojan.win32.monder.gem

Welcome to Bleeping Computer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.
Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

BleepingComputer.com > Security > HijackThis Logs and Virus/Trojan/Spyware/Malware Removal

Forum Guidelines

Read this topic before posting a log.

DO NOT post a ComboFix log unless requested to.

Only members of the HijackThis Team or Moderators are allowed to help people with logs. Anyone else should refrain from posting to another user's log.

When posting a log please put the type of infection you have in the topic title. IE: Winfixer, Virtumonde, WinTools, WebSearch, Home Search Assistant, etc.

Do not bump your topic. We try to resolve logs on a first come/first served basis. By bumping your log you will be pushed back in line due to the new date of your bump.

Trojan.win32.monder.gem

Options

alsade1 View Member Profile	May 14 2008, 02:38 PM Post #1
New Member Group: Members Posts: 5 Joined: 14-May 08 Member No.: 208,960	hi there, my conputer stuck every few minutes and iarley can write. Deckard's System Scanner v20071014.68 Run by Sade on 2008-05-14 22:21:03 Computer is in Normal Mode. -------------------------------------------------------------------------------- -- System Restore -------------------------------------------------------------- Successfully created a Deckard's System Scanner Restore Point. -- Last 5 Restore Point(s) -- 47: 2008-05-14 19:21:16 UTC - RP573 - Deckard's System Scanner Restore Point 46: 2008-05-13 19:02:58 UTC - RP572 - נקודת ביקורת של המערכת 45: 2008-05-12 18:02:59 UTC - RP571 - נקודת ביקורת של המערכת 44: 2008-05-11 17:03:03 UTC - RP570 - נקודת ביקורת של המערכת 43: 2008-05-10 16:12:38 UTC - RP569 - נקודת ביקורת של המערכת -- First Restore Point -- 1: 2008-03-29 14:12:52 UTC - RP527 - נקודת ביקורת של המערכת Backed up registry hives. Performed disk cleanup. -- HijackThis (run as Sade.exe) ------------------------------------------------ Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 22:23:29, on 14/05/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\System32\HPZipm12.exe C:\Program Files\Spyware Doctor\pctsAuxs.exe C:\Program Files\Spyware Doctor\pctsSvc.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Spyware Doctor\pctsTray.exe C:\WINDOWS\system32\gsicon.exe C:\WINDOWS\system32\dslagent.exe C:\Program Files\HP\HP Software Update\HPWuSchd2.exe C:\Program Files\MSN Apps\Updater\01.02.3000.1001\he-il\msnappau.exe C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe C:\Program Files\Common Files\Teleca Shared\CapabilityManager.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe C:\WINDOWS\CameraFixer.exe C:\WINDOWS\vsnpstd.exe C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\Program Files\RALINK\Common\RaUI.exe C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe C:\Program Files\Common Files\Teleca Shared\Generic.exe C:\Program Files\iPod\bin\iPodService.exe C:\WINDOWS\System32\alg.exe C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\DAP\DAP.EXE C:\Documents and Settings\Sade\שולחן העבודה\תיקיה חדשה\dss.exe C:\PROGRA~1\TRENDM~1\HIJACK~1\Sade.exe C:\WINDOWS\System32\wbem\wmiprvse.exe R3 - URLSearchHook: &Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) R3 - URLSearchHook: (no name) - {9CB65206-89C4-402c-BA80-02D8C59F9B1D} - C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O2 - BHO: (no name) - {5C060FE2-B3CA-47DD-B68E-BD1A6E297226} - C:\WINDOWS\system32\opnlmmjk.dll (file missing) O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - (no file) O2 - BHO: Ask Search Assistant BHO - {9CB65201-89C4-402c-BA80-02D8C59F9B1D} - C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O2 - BHO: Catcher Class - {ADECBED6-0366-4377-A739-E69DFBA04663} - C:\Program Files\Moyea\FLV Downloader\MoyeaCth.dll O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\he-il\msntb.dll O2 - BHO: (no name) - {E85A7589-DD95-415D-900B-5CB930288066} - C:\WINDOWS\system32\hgGaxUnm.dll (file missing) O2 - BHO: (no name) - {FE063DB1-4EC0-403e-8DD8-394C54984B2C} - (no file) O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\he-il\msntb.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O4 - HKLM\..\RunServices: [Microsoft Update] Sygate.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe" O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE') O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O4 - Global Startup: Ralink Wireless Utility.lnk = C:\Program Files\RALINK\Common\RaUI.exe O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm O8 - Extra context menu item: &יצא ל- Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: Web Anti-Virus - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scieplugin.dll O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll O20 - Winlogon Notify: opnlmmjk - opnlmmjk.dll (file missing) O22 - SharedTaskScheduler: {03413bf7-e34c-445b-bfc0-a2b127255871} - incestuously - (no file) O23 - Service: Kaspersky Anti-Virus 6.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe O23 - Service: PC Tools Auxiliary Service (sdauxservice) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe O23 - Service: PC Tools Security Service (sdcoreservice) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe -- End of file - 7761 bytes -- HijackThis Fixed Entries (C:\PROGRA~1\TRENDM~1\HIJACK~1\backups\) ----------- backup-20080507-165658-873 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://kazaa.vmule.com/homepage.html -- File Associations ----------------------------------------------------------- All associations okay. -- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------- R2 AegisP (AEGIS Protocol (IEEE 802.1x) v3.4.10.0) - c:\windows\system32\drivers\aegisp.sys <Not Verified; Meetinghouse Data Communications; AEGIS Client 3.4.10.0> R3 SASENUM - c:\program files\superantispyware\sasenum.sys <Not Verified; SuperAdBlocker, Inc.; SuperAntiSpyware> S3 snpstd (TD998) - c:\windows\system32\drivers\snpstd.sys <Not Verified; ; PC Camera driver> S3 SynasUSB - c:\windows\system32\drivers\synasusb.sys <Not Verified; SIA Syncrosoft; USB protection device> S3 wanusb (GlobespanVirata USB ADSL WAN Modem) - c:\windows\system32\drivers\gwausb.sys <Not Verified; GlobespanVirata Inc.; GlobespanVirata WAN ADSL USB Modem> -- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled -------------------- All services whitelisted. -- Device Manager: Disabled ---------------------------------------------------- Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318} Description: ‏‏בקר אפיק טורי אוניברסלי (USB) Device ID: PCI\VEN_1033&DEV_00E0&SUBSYS_1043807D&REV_02\4&11CD5334&0&22F0 Manufacturer: Name: ‏‏בקר אפיק טורי אוניברסלי (USB) PNP Device ID: PCI\VEN_1033&DEV_00E0&SUBSYS_1043807D&REV_02\4&11CD5334&0&22F0 Service: -- Files created between 2008-04-14 and 2008-05-14 ----------------------------- 2008-05-14 15:00:41 0 d-------- C:\WINDOWS\LastGood 2008-05-11 14:58:42 0 d--hs---- C:\FOUND.000 2008-05-07 13:20:45 0 d-------- C:\VundoFix Backups 2008-05-07 10:19:13 0 d-------- C:\Program Files\Trend Micro 2008-05-05 09:43:32 0 d--hs---- C:\FOUND.077 2008-05-03 18:50:46 0 dr-h----- C:\Documents and Settings\Sade\Recent 2008-05-03 18:27:09 9511 --ahs---- C:\WINDOWS\system32\mnUxaGgh.ini2 2008-05-03 18:19:02 0 d-------- C:\Documents and Settings\Sade\Application Data\PC Tools 2008-05-03 18:08:38 0 d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com 2008-05-03 18:08:31 0 d-------- C:\Program Files\SUPERAntiSpyware 2008-05-03 18:08:31 0 d-------- C:\Documents and Settings\Sade\Application Data\SUPERAntiSpyware.com 2008-05-03 18:08:16 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard 2008-05-03 17:36:21 0 d-------- C:\Program Files\Spyware Doctor 2008-05-02 22:03:30 0 d--hs---- C:\FOUND.076 2008-05-02 21:46:44 0 d-------- C:\WINDOWS\system32\Spyware Doctor 5.5.0.204 2008-05-02 21:32:54 0 d--hs---- C:\FOUND.075 2008-04-26 18:11:38 0 d--hs---- C:\FOUND.074 2008-04-26 16:52:08 0 d--hs---- C:\FOUND.073 -- Find3M Report --------------------------------------------------------------- 2008-04-12 12:24:38 0 d-------- C:\Program Files\AskTBar 2008-04-10 09:32:04 303472 --a------ C:\WINDOWS\system32\perfh00d.dat 2008-04-10 09:32:04 540672 --a------ C:\WINDOWS\system32\perfc00d.dat 2008-03-21 20:07:00 0 d-------- C:\Program Files\Webteh 2008-03-21 20:07:00 0 d-------- C:\Documents and Settings\Sade\Application Data\BSplayer 2008-03-21 20:07:00 0 d-------- C:\Documents and Settings\Sade\Application Data\BSplayer Pro -- Registry Dump --------------------------------------------------------------- Note empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5C060FE2-B3CA-47DD-B68E-BD1A6E297226}] C:\WINDOWS\system32\opnlmmjk.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E85A7589-DD95-415D-900B-5CB930288066}] C:\WINDOWS\system32\hgGaxUnm.dll [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/27/2004 02:53 AM] "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [10/25/2006 06:58 PM] "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe" [] "SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [02/29/2008 04:03 PM] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runservices] "Microsoft Update"=Sygate.exe C:\Documents and Settings\All Users\š”˜‰ˆ „š‡Œ„\š…‹‰…š\„”’Œ„\ Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [13/02/2001 02:01:04] HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [11/05/2005 23:23:26] Ralink Wireless Utility.lnk - C:\Program Files\RALINK\Common\RaUI.exe [07/01/2008 17:22:04] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [12/20/2006 12:55 PM 77824] "{5C060FE2-B3CA-47DD-B68E-BD1A6E297226}"= C:\WINDOWS\system32\opnlmmjk.dll [ ] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 04/19/2007 12:41 PM 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\opnlmmjk] opnlmmjk.dll [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] "Authentication Packages"= msv1_0 C:\WINDOWS\system32\hgGaxUnm [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}] @="Volume shadow copy" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^תפריט התחלה^תוכניות^הפעלה^WinZip Quick Pick.lnk] path=C:\Documents and Settings\All Users\תפריט התחלה\תוכניות\הפעלה\WinZip Quick Pick.lnk backup=C:\WINDOWS\pss\WinZip Quick Pick.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Mirabilis ICQ] C:\PROGRA~1\ICQ\ICQNet.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Repair Registry Pro] C:\Program Files\Repair Registry Pro\RepairRegistryPro.exe -s [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\zango] "c:\program files\zango\zango.exe" -- End of Deckard's System Scanner: finished at 2008-05-14 22:25:36 ------------ Deckard's System Scanner v20071014.68 Extra logfile - please post this as an attachment with your post. -------------------------------------------------------------------------------- -- System Information ---------------------------------------------------------- Microsoft Windows XP Professional (build 2600) SP 2.0 Architecture: X86; Language: Other (040d) - see http://preview.tinyurl.com/mhhp6 CPU 0: Intel® Pentium® 4 CPU 2.00GHz Percentage of Memory in Use: 65% Physical Memory (total/avail): 511.47 MiB / 174.75 MiB Pagefile Memory (total/avail): 1249.69 MiB / 608.7 MiB Virtual Memory (total/avail): 2047.88 MiB / 1929.85 MiB A: is Removable (No Media) C: is Fixed (FAT32) - 19.52 GiB total, 4.98 GiB free. D: is Fixed (NTFS) - 54.99 GiB total, 45.51 GiB free. E: is CDROM (No Media) F: is CDROM (No Media) \\.\PHYSICALDRIVE0 - ST380011A - 74.53 GiB - 2 partitions \PARTITION0 (bootable) - Unknown - 19.53 GiB - C: \PARTITION1 - Extended w/Extended Int 13 - 54.99 GiB - D: -- Security Center ------------------------------------------------------------- AUOptions is scheduled to auto-install. Windows Internal Firewall is disabled. AntiVirusDisableNotify is set. FirewallDisableNotify is set. UpdatesDisableNotify is set. AntivirusOverride is set. FirewallOverride is set. AV: Kaspersky Anti-Virus 6.0 v6.0.0.299 (Kaspersky Lab) [HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe::enabled:@xpsp2res.dll,-22019" "%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe::Enabled:@xpsp3res.dll,-20000" "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe::Enabled:Windows Live Messenger 8.1" "C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe::Enabled:Windows Live Messenger 8.1 (Phone)" [HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe::enabled:@xpsp2res.dll,-22019" "C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe::Enabled:Windows Messenger" "C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe::Enabled:iTunes" "%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe::Enabled:@xpsp3res.dll,-20000" "C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe::Enabled:LimeWire" "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe::Enabled:Windows Live Messenger 8.1" "C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe::Enabled:Windows Live Messenger 8.1 (Phone)" "C:\\Program Files\\Skype\\Phone\\Skype.exe"="C:\\Program Files\\Skype\\Phone\\Skype.exe::Enabled:Skype" "C:\\Program Files\\uTorrent\\uTorrent.exe"="C:\\Program Files\\uTorrent\\uTorrent.exe::Enabled:µTorrent" -- Environment Variables ------------------------------------------------------- ALLUSERSPROFILE=C:\Documents and Settings\All Users APPDATA=C:\Documents and Settings\Sade\Application Data CLASSPATH=.;C:\Program Files\QuickTime\QTSystem\QTJava.zip CLIENTNAME=Console CommonProgramFiles=C:\Program Files\Common Files COMPUTERNAME=YAIR-SDG7OJF0YK ComSpec=C:\WINDOWS\system32\cmd.exe DEFAULT_CA_NR=CA6 FP_NO_HOST_CHECK=NO HOMEDRIVE=C: HOMEPATH=\Documents and Settings\Sade LOGONSERVER=\\YAIR-SDG7OJF0YK NUMBER_OF_PROCESSORS=1 OS=Windows_NT Path=C:\PROGRA~1\Mozilla Firefox;C:\Program Files\Mozilla Firefox;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\Common Files\Teleca Shared;C:\Program Files\QuickTime\QTSystem\ PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH PROCESSOR_ARCHITECTURE=x86 PROCESSOR_IDENTIFIER=x86 Family 15 Model 2 Stepping 4, GenuineIntel PROCESSOR_LEVEL=15 PROCESSOR_REVISION=0204 ProgramFiles=C:\Program Files PROMPT=$P$G QTJAVA=C:\Program Files\QuickTime\QTSystem\QTJava.zip SESSIONNAME=Console SystemDrive=C: SystemRoot=C:\WINDOWS TEMP=C:\DOCUME~1\Sade\LOCALS~1\Temp TMP=C:\DOCUME~1\Sade\LOCALS~1\Temp USERDOMAIN=YAIR-SDG7OJF0YK USERNAME=Sade USERPROFILE=C:\Documents and Settings\Sade windir=C:\WINDOWS -- User Profiles --------------------------------------------------------------- Sade (admin)* Administrator (new local, admin) -- Add/Remove Programs --------------------------------------------------------- --> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf עדכון עבור Windows XP (KB894391)‎ --> "C:\WINDOWS\$NtUninstallKB894391$\spuninst\spuninst.exe" עדכון עבור Windows XP (KB898461)‎ --> "C:\WINDOWS\$NtUninstallKB898461$\spuninst\spuninst.exe" עדכון עבור Windows XP (KB900485)‎ --> "C:\WINDOWS\$NtUninstallKB900485$\spuninst\spuninst.exe" עדכון עבור Windows XP (KB904942)‎ --> "C:\WINDOWS\$NtUninstallKB904942$\spuninst\spuninst.exe" עדכון עבור Windows XP (KB908531)‎ --> "C:\WINDOWS\$NtUninstallKB908531$\spuninst\spuninst.exe" עדכון עבור Windows XP (KB910437)‎ --> "C:\WINDOWS\$NtUninstallKB910437$\spuninst\spuninst.exe" עדכון עבור Windows XP (KB911280)‎ --> "C:\WINDOWS\$NtUninstallKB911280$\spuninst\spuninst.exe" עדכון עבור Windows XP (KB916595)‎ --> "C:\WINDOWS\$NtUninstallKB916595$\spuninst\spuninst.exe" עדכון עבור Windows XP (KB920872)‎ --> "C:\WINDOWS\$NtUninstallKB920872$\spuninst\spuninst.exe" עדכון עבור Windows XP (KB922582)‎ --> "C:\WINDOWS\$NtUninstallKB922582$\spuninst\spuninst.exe" עדכון עבור Windows XP (KB927891)‎ --> "C:\WINDOWS\$NtUninstallKB927891$\spuninst\spuninst.exe" עדכון עבור Windows XP (KB929338)‎ --> "C:\WINDOWS\$NtUninstallKB929338$\spuninst\spuninst.exe" עדכון עבור Windows XP (KB930916)‎ --> "C:\WINDOWS\$NtUninstallKB930916$\spuninst\spuninst.exe" עדכון עבור Windows XP (KB931836)‎ --> "C:\WINDOWS\$NtUninstallKB931836$\spuninst\spuninst.exe" עדכון עבור Windows XP (KB933360)‎ --> "C:\WINDOWS\$NtUninstallKB933360$\spuninst\spuninst.exe" עדכון עבור Windows XP (KB936357)‎ --> "C:\WINDOWS\$NtUninstallKB936357$\spuninst\spuninst.exe" עדכון עבור Windows XP (KB938828)‎ --> "C:\WINDOWS\$NtUninstallKB938828$\spuninst\spuninst.exe" עדכון עבור Windows XP (KB942763)‎ --> "C:\WINDOWS\$NtUninstallKB942763$\spuninst\spuninst.exe" עדכון עבור Windows XP (KB942840)‎ --> "C:\WINDOWS\$NtUninstallKB942840$\spuninst\spuninst.exe" עדכון עבור Windows XP (KB946627)‎ --> "C:\WINDOWS\$NtUninstallKB946627$\spuninst\spuninst.exe" עדכון אבטחה עבור Windows XP (KB890046)‎ --> "C:\WINDOWS\$NtUninstallKB890046$\spuninst\spuninst.exe" עדכון אבטחה עבור Windows XP (KB893756)‎ --> "C:\WINDOWS\$NtUninstallKB893756$\spuninst\spuninst.exe" עדכון אבטחה עבור Windows XP (KB896358)‎ --> "C:\WINDOWS\$NtUninstallKB896358$\spuninst\spuninst.exe" עדכון אבטחה עבור Windows XP (KB896423)‎ --> "C:\WINDOWS\$NtUninstallKB896423$\spuninst\spuninst.exe" עדכון אבטחה עבור Windows XP (KB896424)‎ --> "C:\WINDOWS\$NtUninstallKB896424$\spuninst\spuninst.exe" עדכון אבטחה עבור Windows XP (KB896428)‎ --> "C:\WINDOWS\$NtUninstallKB896428$\spuninst\spuninst.exe" עדכון אבטחה עבור Windows XP (KB899587)‎ --> "C:\WINDOWS\$NtUninstallKB899587$\spuninst\spuninst.exe" עדכון אבטחה עבור Windows XP (KB899589)‎ --> "C:\WINDOWS\$NtUninstallKB899589$\spuninst\spuninst.exe" עדכון אבטחה עבור Windows XP (KB899591)‎ --> "C:\WINDOWS\$NtUninstallKB899591$\spuninst\spuninst.exe" עדכון אבטחה עבור Windows XP (KB900725)‎ --> "C:\WINDOWS\$NtUninstallKB900725$\spuninst\spuninst.exe" עדכון אבטחה עבור Windows XP (KB901017)‎ --> "C:\WINDOWS\$NtUninstallKB901017$\spuninst\spuninst.exe" עדכון אבטחה עבור Windows XP (KB901214)‎ --> "C:\WINDOWS\$NtUninstallKB901214$\spuninst\spuninst.exe" עדכון אבטחה עבור Windows XP (KB902400)‎ --> "C:\WINDOWS\$NtUninstallKB902400$\spuninst\spuninst.exe" עדכון אבטחה עבור Windows XP (KB904706)‎ --> "C:\WINDOWS\$NtUninstallKB904706$\spuninst\spuninst.exe" עדכון אבטחה עבור Windows XP (KB905414)‎ --> "C:\WINDOWS\$NtUninstallKB905414$\spuninst\spuninst.exe" עדכון אבטחה עבור Windows XP (KB905749)‎ --> "C:\WINDOWS\$NtUninstallKB905749$\spuninst\spuninst.exe" עדכון אבטחה עבור Windows XP (KB908519)‎ --> "C:\WINDOWS\$NtUninstallKB908519$\spuninst\spuninst.exe" עדכון אבטחה עבור Windows XP (KB911562)‎ --> "C:\WINDOWS\$NtUninstallKB911562$\spuninst\spuninst.exe" עדכון אבטחה עבור Windows XP (KB911567)‎ --> "C:\WINDOWS\$NtUninstallKB911567$\spuninst\spuninst.exe" עדכון אבטחה עבור Windows XP (KB911927)‎ --> "C:\WINDOWS\$NtUninstallKB911927$\spuninst\spuninst.exe" עדכון אבטחה עבור Windows XP (KB912919)‎ --> "C:\WINDOWS\$NtUninstallKB912919$\spuninst\spuninst.exe" עדכון אבטחה עבור Windows XP (KB913580)‎ --> "C:\WINDOWS\$NtUninstallKB913580$\spuninst\spuninst.exe" עדכון אבטחה עבור Windows XP (KB914388)‎ --> "C:\WINDOWS\$NtUninstallKB914388$\spuninst\spuninst.exe" עדכון אבטחה עבור Windows XP (KB914389)‎ --> "C:\WINDOWS\$NtUninstallKB914389$\spuninst\spuninst.exe" עדכון אבטחה עבור Windows XP (KB917344)‎ --> "C:\WINDOWS\$NtUninstallKB917344$\spuninst\spuninst.exe" עדכון אבטחה עבור Windows XP (KB917422)‎ --> "C:\WINDOWS\$NtUninstallKB917422$\spuninst\spuninst.exe" עדכון אבטחה עבור Windows XP (KB917953)‎ --> "C:\WINDOWS\$NtUninstallKB917953$\spuninst\spuninst.exe" עדכון אבטחה עבור Windows XP (KB918118)‎ --> "C:\WINDOWS\$NtUninstallKB918118$\spuninst\spuninst.exe" עדכון אבטחה עבור Windows XP (KB918439)‎ --> "C:\WINDOWS\$NtUninstallKB918439$\spuninst\spuninst.exe" עדכון אבטחה עבור Windows XP (KB918899)‎ --> "C:\WINDOWS\$NtUninstallKB918899$\spuninst\spuninst.exe" עדכון אבטחה עבור Windows XP (KB919007)‎ --> "C:\WINDOWS\$NtUninstallKB919007$\spuninst\spuninst.exe" עדכון אבטחה עבור Windows XP (KB920213)‎ --> "C:\WINDOWS\$NtUninstallKB920213$\spuninst\spuninst.exe" עדכון אבטחה עבור Windows XP (KB920214)‎ --> "C:\WINDOWS\$NtUninstallKB920214$\spuninst\spuninst.exe" עדכון אבטחה עבור Windows XP (KB920670)‎ --> "C:\WINDOWS\$NtUninstallKB920670$\spuninst\spuninst.exe" עדכון אבטחה עבור Windows XP (KB920683)‎ --> "C:\WINDOWS\$NtUninstallKB920683$\spuninst\spuninst.exe" עדכון אבטחה עבור Windows XP (KB920685)‎ --> "C:\WINDOWS\$NtUninstallKB920685$\spuninst\spuninst.exe" עדכון אבטחה עבור Windows XP (KB921398)‎ --> "C:\WINDOWS\$NtUninstallKB921398$\spuninst\spuninst.exe" עדכון אבטחה עבור Windows XP (KB921503)‎ --> "C:\WINDOWS\$NtUninstallKB921503$\spuninst\spuninst.exe" עדכון אבטחה עבור Windows XP (KB921883)‎ --> "C:\WINDOWS\$NtUninstallKB921883$\spuninst\spuninst.exe" עדכון אבטחה עבור Windows XP (KB922616)‎ --> "C:\WINDOWS\$NtUninstallKB922616$\spuninst\spuninst.exe" עדכון אבטחה עבור Windows XP (KB922760)‎ --> "C:\WINDOWS\$NtUninstallKB922760$\spuninst\spuninst.exe" עדכון אבטחה עבור Windows XP (KB922819)‎ --> "C:\WINDOWS\$NtUninstallKB922819$\spuninst\spuninst.exe" עדכון אבטחה עבור Windows XP (KB923191)‎ --> "C:\WINDOWS\$NtUninstallKB923191$\spuninst\spuninst.exe" עדכון אבטחה עבור Windows XP (KB923414)‎ --> "C:\WINDOWS\$NtUninstallKB923414$\spuninst\spuninst.exe" עדכון אבטחה עבור Windows XP (KB923694)‎ --> "C:\WINDOWS\$NtUninstallKB923694$\spuninst\spuninst.exe" עדכון אבטחה עבור Windows XP (KB923980)‎ --> "C:\WINDOWS\$NtUninstallKB923980$\spuninst\spuninst.exe" עדכון אבטחה עבור Windows XP (KB924191)‎ --> "C:\WINDOWS\$NtUninstallKB924191$\spuninst\spuninst.exe" עדכון אבטחה עבור Windows XP (KB924270)‎ --> "C:\WINDOWS\$NtUninstallKB924270$\spuninst\spuninst.exe" עדכון אבטחה עבור Windows XP (KB924496)‎ --> "C:\WINDOWS\$NtUninstallKB924496$\spuninst\spuninst.exe" עדכון אבטחה עבור Windows XP (KB924667)‎ --> "C:\WINDOWS\$NtUninstallKB924667$\spuninst\spuninst.exe" עדכון אבטחה עבור Windows XP (KB925454)‎ --> "C:\WINDOWS\$NtUninstallKB925454$\spuninst\spuninst.exe" עדכון אבטחה עבור Windows XP (KB925486)‎ --> "C:\WINDOWS\$NtUninstallKB925486$\spuninst\spuninst.exe" עדכון אבטחה עבור Windows XP (KB925902)‎ --> "C:\WINDOWS\$NtUninstallKB925902$\spuninst\spuninst.exe" עדכון אבטחה עבור Windows XP (KB926255)‎ --> "C:\WINDOWS\$NtUninstallKB926255$\spuninst\spuninst.exe" עדכון אבטחה עבור Windows XP (KB926436)‎ --> "C:\WINDOWS\$NtUninstallKB926436$\spuninst\spuninst.exe" עדכון אבטחה עבור Windows XP (KB927779)‎ --> "C:\WINDOWS\$NtUninstallKB927779$\spuninst\spuninst.exe" עדכון אבטחה עבור Windows XP (KB927802)‎ --> "C:\WINDOWS\$NtUninstallKB927802$\spuninst\spuninst.exe" עדכון אבטחה עבור Windows XP (KB928255)‎ --> "C:\WINDOWS\$NtUninstallKB928255$\spuninst\spuninst.exe" עדכון אבטחה עבור Windows XP (KB928843)‎ --> "C:\WINDOWS\$NtUninstallKB928843$\spuninst\spuninst.exe" עדכון אבטחה עבור Windows XP (KB929123)‎ --> "C:\WINDOWS\$NtUninstallKB929123$\spuninst\spuninst.exe" עדכון אבטחה עבור Windows XP (KB930178)‎ --> "C:\WINDOWS\$NtUninstallKB930178$\spuninst\spuninst.exe" עדכון אבטחה עבור Windows XP (KB931261)‎ --> "C:\WINDOWS\$NtUninstallKB931261$\spuninst\spuninst.exe" עדכון אבטחה עבור Windows XP (KB931784)‎ --> "C:\WINDOWS\$NtUninstallKB931784$\spuninst\spuninst.exe" עדכון אבטחה עבור Windows XP (KB932168)‎ --> "C:\WINDOWS\$NtUninstallKB932168$\spuninst\spuninst.exe" עדכון אבטחה עבור Windows XP (KB933729)‎ --> "C:\WINDOWS\$NtUninstallKB933729$\spuninst\spuninst.exe" עדכון אבטחה עבור Windows XP (KB935839)‎ --> "C:\WINDOWS\$NtUninstallKB935839$\spuninst\spuninst.exe" עדכון אבטחה עבור Windows XP (KB935840)‎ --> "C:\WINDOWS\$NtUninstallKB935840$\spuninst\spuninst.exe" עדכון אבטחה עבור Windows XP (KB936021)‎ --> "C:\WINDOWS\$NtUninstallKB936021$\spuninst\spuninst.exe" עדכון אבטחה עבור Windows XP (KB937894)‎ --> "C:\WINDOWS\$NtUninstallKB937894$\spuninst\spuninst.exe" עדכון אבטחה עבור Windows XP (KB938127)‎ --> "C:\WINDOWS\$NtUninstallKB938127$\spuninst\spuninst.exe" עדכון אבטחה עבור Windows XP (KB938829)‎ --> "C:\WINDOWS\$NtUninstallKB938829$\spuninst\spuninst.exe" עדכון אבטחה עבור Windows XP (KB941202)‎ --> "C:\WINDOWS\$NtUninstallKB941202$\spuninst\spuninst.exe" עדכון אבטחה עבור Windows XP (KB941568)‎ --> "C:\WINDOWS\$NtUninstallKB941568$\spuninst\spuninst.exe" עדכון אבטחה עבור Windows XP (KB941644)‎ --> "C:\WINDOWS\$NtUninstallKB941644$\spuninst\spuninst.exe" עדכון אבטחה עבור Windows XP (KB941693)‎ --> "C:\WINDOWS\$NtUninstallKB941693$\spuninst\spuninst.exe" עדכון אבטחה עבור Windows XP (KB942615)‎ --> "C:\WINDOWS\$NtUninstallKB942615$\spuninst\spuninst.exe" עדכון אבטחה עבור Windows XP (KB943055)‎ --> "C:\WINDOWS\$NtUninstallKB943055$\spuninst\spuninst.exe" עדכון אבטחה עבור Windows XP (KB943460)‎ --> "C:\WINDOWS\$NtUninstallKB943460$\spuninst\spuninst.exe" עדכון אבטחה עבור Windows XP (KB943485)‎ --> "C:\WINDOWS\$NtUninstallKB943485$\spuninst\spuninst.exe" עדכון אבטחה עבור Windows XP (KB944338)‎ --> "C:\WINDOWS\$NtUninstallKB944338$\spuninst\spuninst.exe" עדכון אבטחה עבור Windows XP (KB944533)‎ --> "C:\WINDOWS\$NtUninstallKB944533$\spuninst\spuninst.exe" עדכון אבטחה עבור Windows XP (KB944653)‎ --> "C:\WINDOWS\$NtUninstallKB944653$\spuninst\spuninst.exe" עדכון אבטחה עבור Windows XP (KB945553)‎ --> "C:\WINDOWS\$NtUninstallKB945553$\spuninst\spuninst.exe" עדכון אבטחה עבור Windows XP (KB946026)‎ --> "C:\WINDOWS\$NtUninstallKB946026$\spuninst\spuninst.exe" עדכון אבטחה עבור Windows XP (KB947864)‎ --> "C:\WINDOWS\$NtUninstallKB947864$\spuninst\spuninst.exe" עדכון אבטחה עבור Windows XP (KB948590)‎ --> "C:\WINDOWS\$NtUninstallKB948590$\spuninst\spuninst.exe" עדכון אבטחה עבור Windows XP (KB948881)‎ --> "C:\WINDOWS\$NtUninstallKB948881$\spuninst\spuninst.exe" עדכון אבטחה עבור Windows XP‏ (KB923689) --> "C:\WINDOWS\$NtUninstallKB923689$\spuninst\spuninst.exe" עדכון אבטחה עבור Windows XP‏ (KB941569) --> "C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe" µTorrent --> "C:\Program Files\uTorrent\uTorrent.exe" /UNINSTALL תיקון חם עבור Windows XP (KB914440)‎ --> "C:\WINDOWS\$NtUninstallKB914440$\spuninst\spuninst.exe" Adobe Flash Player 9 ActiveX --> C:\WINDOWS\system32\Macromed\Flash\FlashUtil9b.exe -uninstallDelete Adobe Photoshop Album 2.0 Starter Edition --> MsiExec.exe /I{11B569C2-4BF6-4ED0-9D17-A4273943CB24} Adobe Reader 8.1.1 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81000000003} Adobe Shockwave Player --> C:\WINDOWS\system32\MACROMED\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\MACROMED\SHOCKW~1\INSTALL.LOG Advanced MP3/WMA Recorder --> C:\PROGRA~1\XAUDIO~1\ADVANC~1\UNWISE.EXE C:\PROGRA~1\XAUDIO~1\ADVANC~1\INSTALL.LOG Apple Software Update --> MsiExec.exe /I{A50C25D7-62E9-4511-AD70-8E2DA5E79B7D} BS.Player FREE powered by AdVantage --> "C:\Program Files\Webteh\BSplayer\uninstall.exe" Burn4Free CD and DVD --> "C:\Program Files\Burn4Free\uninstall.exe" CCleaner (remove only) --> "C:\Program Files\CCleaner\uninst.exe" Disc2Phone --> MsiExec.exe /I{FFAB5ABB-8AAB-42E2-847F-1743E51E01E9} Download Accelerator Plus (DAP) --> C:\PROGRA~1\DAP\DAPREMOVE.EXE Ease MP3 WAV Converter 1.21 --> "C:\Program Files\easetech\mp3wavconverter\unins000.exe" eMule --> "C:\Program Files\eMule\Uninstall.exe" GlobespanVirata DSL Modem --> C:\Program Files\GlobespanVirata\Adsl\uninstall.exe Google Toolbar for Internet Explorer --> MsiExec.exe /I{DBEA1034-5882-4A88-8033-81C4EF0CFA29} Google Toolbar for Internet Explorer --> regsvr32 /u /s "c:\program files\google\googletoolbar1.dll" Guitar Pro 5.0 --> "C:\Program Files\Guitar Pro 5\unins000.exe" HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall Hotfix for Windows Media Format 11 SDK (KB929399) --> "C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe" HP Extended Capabilities 5.3 --> C:\Program Files\HP\Digital Imaging\ExtCapUninstall\hpzscr01.exe -datfile hpqhsc01.dat HP Image Zone Express --> MsiExec.exe /X{FE64AE29-0883-4C70-8388-DC026019C900} HP Imaging Device Functions 5.3 --> C:\Program Files\HP\Digital Imaging\DigitalImagingMonitor\hpzscr01.exe -datfile hpqbud01.dat HP PSC & OfficeJet 5.3.B --> "C:\Program Files\HP\Digital Imaging\{5B79CFD1-6845-4158-9D7D-6BE89DF2C135}\setup\hpzscr01.exe" -datfile hposcr07.dat HP Software Update --> MsiExec.exe /X{15EE79F4-4ED1-4267-9B0F-351009325D7D} HP Solution Center & Imaging Support Tools 5.3 --> C:\Program Files\HP\Digital Imaging\eSupport\hpzscr01.exe -datfile hpqbud05.dat iTunes --> MsiExec.exe /I{446DBFFA-4088-48E3-8932-74316BA4CAE4} Java™ 6 Update 3 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030} Java™ SE Runtime Environment 6 Update 1 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160010} Kaspersky Anti-Virus 6.0 --> MsiExec.exe /I{75193929-9A52-4CA4-98DE-8C7296940920} LimeWire 4.12.11 --> "C:\Program Files\LimeWire\uninstall.exe" Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe" Microsoft Office XP Professional עם FrontPage --> MsiExec.exe /I{9028040D-6000-11D3-8CFE-0050048383C9} Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe" Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d} Moyea FLV Downloader version 1.13.0.10 --> "C:\Program Files\Moyea\FLV Downloader\unins000.exe" Moyea FLV Player version 1.3.2.3 --> "C:\Program Files\Moyea\FLV Player\unins000.exe" Moyea FLV to Video Converter Pro version 1.28.1.0 --> "C:\Program Files\Moyea\FLV to Video Pro\unins000.exe" Mozilla Firefox (2.0.0.14) --> C:\PROGRA~1\Mozilla Firefox\uninstall\helper.exe MSN Toolbar --> C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\he-il\mtbs.exe c neroxml --> MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B} NVIDIA Drivers --> C:\WINDOWS\system32\nvudisp.exe UninstallGUI PowerDVD --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\CyberLink\PowerDVD\Uninst.isu" QuickTime --> MsiExec.exe /I{50D8FFDD-90CD-4859-841F-AA1961C7767A} Ralink Wireless LAN Card --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FAB1F336-1B7C-4057-A7BC-2922CD82A781}\setup.exe" -l0x9 -removeonly Skype™ 3.6 --> MsiExec.exe /X{5C82DAE5-6EB0-4374-9254-BE3319BA4E82} Sony Ericsson PC Suite 1.20.224 --> MsiExec.exe /I{7689CA7A-1270-425A-9959-EB4CB25EA29A} Spyware Doctor 5.5 --> C:\Program Files\Spyware Doctor\unins000.exe /LOG SUPERAntiSpyware Free Edition --> MsiExec.exe /X{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA} Syncrosoft's License Control --> C:\PROGRA~1\SYNCRO~1\UNWISE.EXE C:\PROGRA~1\SYNCRO~1\INSTALL.LOG TD998 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{57383270-6F61-4DC8-A9B8-C1745FC29F38}\Setup.exe" -l0x9 Unlock Codes Calculator (remove only) --> "C:\Program Files\Unlock Codes Calculator (by Crux)\uninst.exe" VCRedistSetup --> MsiExec.exe /I{3921A67A-5AB1-4E48-9444-C71814CF3027} Windows Live Messenger --> MsiExec.exe /I{426382FB-4792-44BA-8C6A-CB7C77F61F53} Windows Live Sign-in Assistant --> MsiExec.exe /I{F652D238-5F29-42D5-BAF3-0115EF977EC2} Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe" WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe WinZip --> "C:\Program Files\WinZip\WINZIP32.EXE" /uninstall -- Application Event Log ------------------------------------------------------- No Errors/Warnings found. -- Security Event Log ---------------------------------------------------------- No Errors/Warnings found. -- System Event Log ------------------------------------------------------------ Event Record #/Type1475 / Warning Event Submitted/Written: 05/12/2008 04:38:36 AM Event ID/Source: 36 / W32Time Event Description: The time service has not been able to synchronize the system time for 49152 seconds because none of the time providers has been able to provide a usable time stamp. The system clock is unsynchronized. Event Record #/Type1454 / Error Event Submitted/Written: 05/11/2008 03:00:11 PM Event ID/Source: 7026 / Service Control Manager Event Description: The following boot-start or system-start driver(s) failed to load: IKFileSec Event Record #/Type1449 / Error Event Submitted/Written: 05/11/2008 11:09:24 AM Event ID/Source: 15005 / HTTP Event Description: ‏‏לא ניתן לבצע איגוד לתעבורה המהווה בסיס עבור 0.0.0.0:2869. רשימת ההאזנה בלבד של פרוטוקול IP עשויה להכיל הפניה לממשק שאינו קיים במחשב זה. שדה הנתונים מכיל את מספר השגיאה. Event Record #/Type1448 / Error Event Submitted/Written: 05/11/2008 11:09:16 AM Event ID/Source: 15005 / HTTP Event Description: ‏‏לא ניתן לבצע איגוד לתעבורה המהווה בסיס עבור 0.0.0.0:2869. רשימת ההאזנה בלבד של פרוטוקול IP עשויה להכיל הפניה לממשק שאינו קיים במחשב זה. שדה הנתונים מכיל את מספר השגיאה. Event Record #/Type1441 / Warning Event Submitted/Written: 05/11/2008 08:40:54 AM Event ID/Source: 1007 / Dhcp Event Description: Your computer has automatically configured the IP address for the Network Card with network address 000E2ECA3718. The IP address being used is 169.254.31.217. -- End of Deckard's System Scanner: finished at 2008-05-14 22:25:36 ------------ thnk you very much

alsade1 View Member Profile	May 21 2008, 02:53 AM Post #2
New Member Group: Members Posts: 5 Joined: 14-May 08 Member No.: 208,960	I'm sorry but i think i'm missing something here because its been a week since i add my topic and nothing happend yet, so i just wanna ask if i did something wrong during the process or its normal to wait more than a week for help? (im not complaining i really just want to know)

alsade1 View Member Profile	May 31 2008, 06:32 AM Post #3
New Member Group: Members Posts: 5 Joined: 14-May 08 Member No.: 208,960	נקודת ביקורת של המערכת-system checkpoint ‏‏בקר אפיק טורי אוניברסלי-Universal Serial Bus עדכון עבור-update for עדכון אבטחה עבור-security update for.. ‏‏לא ניתן לבצע איגוד לתעבורה המהווה בסיס עבור 0.0.0.0:2869. רשימת ההאזנה בלבד של פרוטוקול IP עשויה להכיל הפניה לממשק שאינו קיים במחשב זה. שדה הנתונים מכיל את מספר השגיאה.-this one is too hard for me but im working on it :-) I understood that the hebrew is a problem so here is some translatation. hope its helpfull. and againg, thx.

Carolyn View Member Profile	Jun 4 2008, 12:12 PM Post #4
Bleepin' kitten Group: HJT Team Coach Posts: 2,001 Joined: 12-July 07 Member No.: 143,177	Hello and Welcome to the forums! My name is Carolyn and I'll be glad to help you with your computer problems. HijackThis logs can take some time to research, so please be patient with me. I know that you need your computer working as quickly as possible, and I will work hard to help see that it happens. Please reply to this thread, do not start another. Please tell me about any problems that have occurred during the fix. Please tell me of any other symptoms you may be having as these can help also. Please try as much as possible not to run anything while executing a fix. As I am still in training, everything that I post to you must be checked by one of the teachers. Thus, there may be a bit of a delay between posts, but it shouldn't be too long. If you follow these instructions, everything should go smoothly. I am sorry that we were unable to reply to your post sooner. The forums have been very busy. If you are still in need of assistance, please Download and Run HijackThis Download HJTInstall.exe to your Desktop. Doubleclick HJTInstall.exe to install it. By default it will install to C:\Program Files\Trend Micro\HijackThis . Click on Install. It will create a HijackThis icon on the desktop. Once installed, it will launch Hijackthis. Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad. Copy/Paste the log to your next reply please. Don't use the Analyse This button, its findings are dangerous if misinterpreted. Don't have Hijackthis fix anything yet. Most of what it finds will be harmless or even required. Also, please make an uninstall list using HijackThis To access the Uninstall Manager you would do the following: 1. Start HijackThis 2. Click on the Config button 3. Click on the Misc Tools button 4. Click on the Open Uninstall Manager button. 5. Click on the Save list... button and specify where you would like to save this file. When you press Save button a notepad will open with the contents of that file. Simply copy and paste the contents of that notepad here in your next reply. Post the fresh HijackThis log and the uninstall list in the body of your next reply. -------------------- Member of ASAP (Alliance of Security Analysis Professionals)

Carolyn View Member Profile	Jun 6 2008, 06:10 AM Post #5
Bleepin' kitten Group: HJT Team Coach Posts: 2,001 Joined: 12-July 07 Member No.: 143,177	Hello, I'm afraid I have unpleasant news for you. Your computer has multiple infections, including a rootkit. A rootkit is a set of software tools intended for concealing running processes, files or system data from the operating system. You are strongly advised to do the following: Disconnect the computer from the Internet and from any networked computers until it is cleaned. Back up all your important data except programs. The programs can be reinstalled back from the original disc or from the Net. Call all your banks, financial institutions, credit card companies and inform them that you may be a victim of identity theft and put a watch on your accounts. If you don't mind the hassle, change all your account numbers. From a clean computer, change all your passwords (ISP login password, your email address(es) passwords, financial accounts, PayPal, eBay, Amazon, online groups and forums and any other online activities you carry out which require a username and password). DO NOT change your passwords from this computer as the attacker will be able to get all the new passwords and transaction records. Due to its rootkit functionality, your computer is very likely to have been compromised and there is no way that it can be trusted again. Many experts in the security community believe that once infected with this type of Trojan, the best course of action would be to do a reformat and reinstallation of the operating system (OS). However, if you do not have the resources to reinstall your OS and would like me to attempt to clean your machine, I will be happy to do so. To help you understand more, please take some time to read the following articles: What are rootkits from Wikipedia Why are rootkits dangerous How do I respond to a possible identity theft and how do I prevent it When should do a reformat and reinstallation of my OS Where to backup your files How to backup your files in Windows XP Restoring your backups Should you have any questions, please feel free to ask. Please let us know what you have decided to do in your next post. -------------------- Member of ASAP (Alliance of Security Analysis Professionals)

Carolyn View Member Profile	Jun 10 2008, 02:01 PM Post #6
Bleepin' kitten Group: HJT Team Coach Posts: 2,001 Joined: 12-July 07 Member No.: 143,177	It's been a few days. Are you still in need of assistance? -------------------- Member of ASAP (Alliance of Security Analysis Professionals)

Carolyn View Member Profile	Jun 14 2008, 10:44 AM Post #7
Bleepin' kitten Group: HJT Team Coach Posts: 2,001 Joined: 12-July 07 Member No.: 143,177	Due to the lack of feedback, this Topic is closed. If you need this topic reopened, please request this by sending the moderating team a PM with the address of the thread. This applies only to the original topic starter. Everyone else please begin a New Topic. -------------------- Member of ASAP (Alliance of Security Analysis Professionals)

« Next Oldest · HijackThis Logs and Virus/Trojan/Spyware/Malware Removal · Next Newest »

1 User(s) are reading this topic (1 Guests and 0 Anonymous Users)

0 Members:

Display Mode: Standard · Switch to: Linear+ · Switch to: Outline

Track this topic · Email this topic · Print this topic · Subscribe to this forum

Lo-Fi Version

Time is now: 8th November 2009 - 12:16 AM

Advertise \| About Us \| Terms of Use \| Privacy Policy \| Contact Us \| Site Map \| Chat \| Tutorials \| Uninstall List
Discussion Forums \| The Computer Glossary \| Resources \| RSS Feeds \| Startups \| The File Database \| Virus Removal Guides