Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Trojan.win32.monder.gem


  • This topic is locked This topic is locked
6 replies to this topic

#1 alsade1

alsade1

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:01:42 AM

Posted 14 May 2008 - 02:38 PM

hi there,
my conputer stuck every few minutes and iarley can write.
Deckard's System Scanner v20071014.68
Run by Sade on 2008-05-14 22:21:03
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
47: 2008-05-14 19:21:16 UTC - RP573 - Deckard's System Scanner Restore Point
46: 2008-05-13 19:02:58 UTC - RP572 - נקודת ביקורת של המערכת
45: 2008-05-12 18:02:59 UTC - RP571 - נקודת ביקורת של המערכת
44: 2008-05-11 17:03:03 UTC - RP570 - נקודת ביקורת של המערכת
43: 2008-05-10 16:12:38 UTC - RP569 - נקודת ביקורת של המערכת


-- First Restore Point --
1: 2008-03-29 14:12:52 UTC - RP527 - נקודת ביקורת של המערכת


Backed up registry hives.
Performed disk cleanup.



-- HijackThis (run as Sade.exe) ------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:23:29, on 14/05/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\HPZipm12.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\WINDOWS\system32\gsicon.exe
C:\WINDOWS\system32\dslagent.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\MSN Apps\Updater\01.02.3000.1001\he-il\msnappau.exe
C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
C:\Program Files\Common Files\Teleca Shared\CapabilityManager.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\CameraFixer.exe
C:\WINDOWS\vsnpstd.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\RALINK\Common\RaUI.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Common Files\Teleca Shared\Generic.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\DAP\DAP.EXE
C:\Documents and Settings\Sade\שולחן העבודה\תיקיה חדשה\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Sade.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe

R3 - URLSearchHook: &Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
R3 - URLSearchHook: (no name) - {9CB65206-89C4-402c-BA80-02D8C59F9B1D} - C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: (no name) - {5C060FE2-B3CA-47DD-B68E-BD1A6E297226} - C:\WINDOWS\system32\opnlmmjk.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - (no file)
O2 - BHO: Ask Search Assistant BHO - {9CB65201-89C4-402c-BA80-02D8C59F9B1D} - C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Catcher Class - {ADECBED6-0366-4377-A739-E69DFBA04663} - C:\Program Files\Moyea\FLV Downloader\MoyeaCth.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\he-il\msntb.dll
O2 - BHO: (no name) - {E85A7589-DD95-415D-900B-5CB930288066} - C:\WINDOWS\system32\hgGaxUnm.dll (file missing)
O2 - BHO: (no name) - {FE063DB1-4EC0-403e-8DD8-394C54984B2C} - (no file)
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\he-il\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\RunServices: [Microsoft Update] Sygate.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Ralink Wireless Utility.lnk = C:\Program Files\RALINK\Common\RaUI.exe
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: &יצא ל- Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Web Anti-Virus - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scieplugin.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: opnlmmjk - opnlmmjk.dll (file missing)
O22 - SharedTaskScheduler: {03413bf7-e34c-445b-bfc0-a2b127255871} - incestuously - (no file)
O23 - Service: Kaspersky Anti-Virus 6.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: PC Tools Auxiliary Service (sdauxservice) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdcoreservice) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe

--
End of file - 7761 bytes

-- HijackThis Fixed Entries (C:\PROGRA~1\TRENDM~1\HIJACK~1\backups\) -----------

backup-20080507-165658-873 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://kazaa.vmule.com/homepage.html

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R2 AegisP (AEGIS Protocol (IEEE 802.1x) v3.4.10.0) - c:\windows\system32\drivers\aegisp.sys <Not Verified; Meetinghouse Data Communications; AEGIS Client 3.4.10.0>
R3 SASENUM - c:\program files\superantispyware\sasenum.sys <Not Verified; SuperAdBlocker, Inc.; SuperAntiSpyware>

S3 snpstd (TD998) - c:\windows\system32\drivers\snpstd.sys <Not Verified; ; PC Camera driver>
S3 SynasUSB - c:\windows\system32\drivers\synasusb.sys <Not Verified; SIA Syncrosoft; USB protection device>
S3 wanusb (GlobespanVirata USB ADSL WAN Modem) - c:\windows\system32\drivers\gwausb.sys <Not Verified; GlobespanVirata Inc.; GlobespanVirata WAN ADSL USB Modem>


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

All services whitelisted.


-- Device Manager: Disabled ----------------------------------------------------

Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description: ‏‏בקר אפיק טורי אוניברסלי (USB)
Device ID: PCI\VEN_1033&DEV_00E0&SUBSYS_1043807D&REV_02\4&11CD5334&0&22F0
Manufacturer:
Name: ‏‏בקר אפיק טורי אוניברסלי (USB)
PNP Device ID: PCI\VEN_1033&DEV_00E0&SUBSYS_1043807D&REV_02\4&11CD5334&0&22F0
Service:


-- Files created between 2008-04-14 and 2008-05-14 -----------------------------

2008-05-14 15:00:41 0 d-------- C:\WINDOWS\LastGood
2008-05-11 14:58:42 0 d--hs---- C:\FOUND.000
2008-05-07 13:20:45 0 d-------- C:\VundoFix Backups
2008-05-07 10:19:13 0 d-------- C:\Program Files\Trend Micro
2008-05-05 09:43:32 0 d--hs---- C:\FOUND.077
2008-05-03 18:50:46 0 dr-h----- C:\Documents and Settings\Sade\Recent
2008-05-03 18:27:09 9511 --ahs---- C:\WINDOWS\system32\mnUxaGgh.ini2
2008-05-03 18:19:02 0 d-------- C:\Documents and Settings\Sade\Application Data\PC Tools
2008-05-03 18:08:38 0 d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-05-03 18:08:31 0 d-------- C:\Program Files\SUPERAntiSpyware
2008-05-03 18:08:31 0 d-------- C:\Documents and Settings\Sade\Application Data\SUPERAntiSpyware.com
2008-05-03 18:08:16 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-05-03 17:36:21 0 d-------- C:\Program Files\Spyware Doctor
2008-05-02 22:03:30 0 d--hs---- C:\FOUND.076
2008-05-02 21:46:44 0 d-------- C:\WINDOWS\system32\Spyware Doctor 5.5.0.204
2008-05-02 21:32:54 0 d--hs---- C:\FOUND.075
2008-04-26 18:11:38 0 d--hs---- C:\FOUND.074
2008-04-26 16:52:08 0 d--hs---- C:\FOUND.073


-- Find3M Report ---------------------------------------------------------------

2008-04-12 12:24:38 0 d-------- C:\Program Files\AskTBar
2008-04-10 09:32:04 303472 --a------ C:\WINDOWS\system32\perfh00d.dat
2008-04-10 09:32:04 540672 --a------ C:\WINDOWS\system32\perfc00d.dat
2008-03-21 20:07:00 0 d-------- C:\Program Files\Webteh
2008-03-21 20:07:00 0 d-------- C:\Documents and Settings\Sade\Application Data\BSplayer
2008-03-21 20:07:00 0 d-------- C:\Documents and Settings\Sade\Application Data\BSplayer Pro


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5C060FE2-B3CA-47DD-B68E-BD1A6E297226}]
C:\WINDOWS\system32\opnlmmjk.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E85A7589-DD95-415D-900B-5CB930288066}]
C:\WINDOWS\system32\hgGaxUnm.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/27/2004 02:53 AM]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [10/25/2006 06:58 PM]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe" []
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [02/29/2008 04:03 PM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runservices]
"Microsoft Update"=Sygate.exe

C:\Documents and Settings\All Users\š šŒ\šš\Œ\
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [13/02/2001 02:01:04]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [11/05/2005 23:23:26]
Ralink Wireless Utility.lnk - C:\Program Files\RALINK\Common\RaUI.exe [07/01/2008 17:22:04]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [12/20/2006 12:55 PM 77824]
"{5C060FE2-B3CA-47DD-B68E-BD1A6E297226}"= C:\WINDOWS\system32\opnlmmjk.dll [ ]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 04/19/2007 12:41 PM 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\opnlmmjk]
opnlmmjk.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\WINDOWS\system32\hgGaxUnm

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^תפריט התחלה^תוכניות^הפעלה^WinZip Quick Pick.lnk]
path=C:\Documents and Settings\All Users\תפריט התחלה\תוכניות\הפעלה\WinZip Quick Pick.lnk
backup=C:\WINDOWS\pss\WinZip Quick Pick.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"C:\Program Files\iTunes\iTunesHelper.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Mirabilis ICQ]
C:\PROGRA~1\ICQ\ICQNet.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"C:\Program Files\Messenger\msmsgs.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
"C:\Program Files\MSN Messenger\msnmsgr.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\qttask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Repair Registry Pro]
C:\Program Files\Repair Registry Pro\RepairRegistryPro.exe -s

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
"C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Spyware Doctor]
"C:\Program Files\Spyware Doctor\swdoctor.exe" /Q

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\zango]
"c:\program files\zango\zango.exe"




-- End of Deckard's System Scanner: finished at 2008-05-14 22:25:36 ------------

Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Professional (build 2600) SP 2.0
Architecture: X86; Language: Other (040d) - see http://preview.tinyurl.com/mhhp6

CPU 0: Intel® Pentium® 4 CPU 2.00GHz
Percentage of Memory in Use: 65%
Physical Memory (total/avail): 511.47 MiB / 174.75 MiB
Pagefile Memory (total/avail): 1249.69 MiB / 608.7 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1929.85 MiB

A: is Removable (No Media)
C: is Fixed (FAT32) - 19.52 GiB total, 4.98 GiB free.
D: is Fixed (NTFS) - 54.99 GiB total, 45.51 GiB free.
E: is CDROM (No Media)
F: is CDROM (No Media)

\\.\PHYSICALDRIVE0 - ST380011A - 74.53 GiB - 2 partitions
\PARTITION0 (bootable) - Unknown - 19.53 GiB - C:
\PARTITION1 - Extended w/Extended Int 13 - 54.99 GiB - D:



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is disabled.

AntiVirusDisableNotify is set.
FirewallDisableNotify is set.
UpdatesDisableNotify is set.
AntivirusOverride is set.
FirewallOverride is set.

AV: Kaspersky Anti-Virus 6.0 v6.0.0.299 (Kaspersky Lab)

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\\Program Files\\Skype\\Phone\\Skype.exe"="C:\\Program Files\\Skype\\Phone\\Skype.exe:*:Enabled:Skype"
"C:\\Program Files\\uTorrent\\uTorrent.exe"="C:\\Program Files\\uTorrent\\uTorrent.exe:*:Enabled:Torrent"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Sade\Application Data
CLASSPATH=.;C:\Program Files\QuickTime\QTSystem\QTJava.zip
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=YAIR-SDG7OJF0YK
ComSpec=C:\WINDOWS\system32\cmd.exe
DEFAULT_CA_NR=CA6
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Sade
LOGONSERVER=\\YAIR-SDG7OJF0YK
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\PROGRA~1\Mozilla Firefox;C:\Program Files\Mozilla Firefox;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\Common Files\Teleca Shared;C:\Program Files\QuickTime\QTSystem\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 2 Stepping 4, GenuineIntel
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=0204
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\QuickTime\QTSystem\QTJava.zip
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\Sade\LOCALS~1\Temp
TMP=C:\DOCUME~1\Sade\LOCALS~1\Temp
USERDOMAIN=YAIR-SDG7OJF0YK
USERNAME=Sade
USERPROFILE=C:\Documents and Settings\Sade
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

Sade (admin)
Administrator (new local, admin)


-- Add/Remove Programs ---------------------------------------------------------

--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
עדכון עבור Windows XP (KB894391)‎ --> "C:\WINDOWS\$NtUninstallKB894391$\spuninst\spuninst.exe"
עדכון עבור Windows XP (KB898461)‎ --> "C:\WINDOWS\$NtUninstallKB898461$\spuninst\spuninst.exe"
עדכון עבור Windows XP (KB900485)‎ --> "C:\WINDOWS\$NtUninstallKB900485$\spuninst\spuninst.exe"
עדכון עבור Windows XP (KB904942)‎ --> "C:\WINDOWS\$NtUninstallKB904942$\spuninst\spuninst.exe"
עדכון עבור Windows XP (KB908531)‎ --> "C:\WINDOWS\$NtUninstallKB908531$\spuninst\spuninst.exe"
עדכון עבור Windows XP (KB910437)‎ --> "C:\WINDOWS\$NtUninstallKB910437$\spuninst\spuninst.exe"
עדכון עבור Windows XP (KB911280)‎ --> "C:\WINDOWS\$NtUninstallKB911280$\spuninst\spuninst.exe"
עדכון עבור Windows XP (KB916595)‎ --> "C:\WINDOWS\$NtUninstallKB916595$\spuninst\spuninst.exe"
עדכון עבור Windows XP (KB920872)‎ --> "C:\WINDOWS\$NtUninstallKB920872$\spuninst\spuninst.exe"
עדכון עבור Windows XP (KB922582)‎ --> "C:\WINDOWS\$NtUninstallKB922582$\spuninst\spuninst.exe"
עדכון עבור Windows XP (KB927891)‎ --> "C:\WINDOWS\$NtUninstallKB927891$\spuninst\spuninst.exe"
עדכון עבור Windows XP (KB929338)‎ --> "C:\WINDOWS\$NtUninstallKB929338$\spuninst\spuninst.exe"
עדכון עבור Windows XP (KB930916)‎ --> "C:\WINDOWS\$NtUninstallKB930916$\spuninst\spuninst.exe"
עדכון עבור Windows XP (KB931836)‎ --> "C:\WINDOWS\$NtUninstallKB931836$\spuninst\spuninst.exe"
עדכון עבור Windows XP (KB933360)‎ --> "C:\WINDOWS\$NtUninstallKB933360$\spuninst\spuninst.exe"
עדכון עבור Windows XP (KB936357)‎ --> "C:\WINDOWS\$NtUninstallKB936357$\spuninst\spuninst.exe"
עדכון עבור Windows XP (KB938828)‎ --> "C:\WINDOWS\$NtUninstallKB938828$\spuninst\spuninst.exe"
עדכון עבור Windows XP (KB942763)‎ --> "C:\WINDOWS\$NtUninstallKB942763$\spuninst\spuninst.exe"
עדכון עבור Windows XP (KB942840)‎ --> "C:\WINDOWS\$NtUninstallKB942840$\spuninst\spuninst.exe"
עדכון עבור Windows XP (KB946627)‎ --> "C:\WINDOWS\$NtUninstallKB946627$\spuninst\spuninst.exe"
עדכון אבטחה עבור Windows XP (KB890046)‎ --> "C:\WINDOWS\$NtUninstallKB890046$\spuninst\spuninst.exe"
עדכון אבטחה עבור Windows XP (KB893756)‎ --> "C:\WINDOWS\$NtUninstallKB893756$\spuninst\spuninst.exe"
עדכון אבטחה עבור Windows XP (KB896358)‎ --> "C:\WINDOWS\$NtUninstallKB896358$\spuninst\spuninst.exe"
עדכון אבטחה עבור Windows XP (KB896423)‎ --> "C:\WINDOWS\$NtUninstallKB896423$\spuninst\spuninst.exe"
עדכון אבטחה עבור Windows XP (KB896424)‎ --> "C:\WINDOWS\$NtUninstallKB896424$\spuninst\spuninst.exe"
עדכון אבטחה עבור Windows XP (KB896428)‎ --> "C:\WINDOWS\$NtUninstallKB896428$\spuninst\spuninst.exe"
עדכון אבטחה עבור Windows XP (KB899587)‎ --> "C:\WINDOWS\$NtUninstallKB899587$\spuninst\spuninst.exe"
עדכון אבטחה עבור Windows XP (KB899589)‎ --> "C:\WINDOWS\$NtUninstallKB899589$\spuninst\spuninst.exe"
עדכון אבטחה עבור Windows XP (KB899591)‎ --> "C:\WINDOWS\$NtUninstallKB899591$\spuninst\spuninst.exe"
עדכון אבטחה עבור Windows XP (KB900725)‎ --> "C:\WINDOWS\$NtUninstallKB900725$\spuninst\spuninst.exe"
עדכון אבטחה עבור Windows XP (KB901017)‎ --> "C:\WINDOWS\$NtUninstallKB901017$\spuninst\spuninst.exe"
עדכון אבטחה עבור Windows XP (KB901214)‎ --> "C:\WINDOWS\$NtUninstallKB901214$\spuninst\spuninst.exe"
עדכון אבטחה עבור Windows XP (KB902400)‎ --> "C:\WINDOWS\$NtUninstallKB902400$\spuninst\spuninst.exe"
עדכון אבטחה עבור Windows XP (KB904706)‎ --> "C:\WINDOWS\$NtUninstallKB904706$\spuninst\spuninst.exe"
עדכון אבטחה עבור Windows XP (KB905414)‎ --> "C:\WINDOWS\$NtUninstallKB905414$\spuninst\spuninst.exe"
עדכון אבטחה עבור Windows XP (KB905749)‎ --> "C:\WINDOWS\$NtUninstallKB905749$\spuninst\spuninst.exe"
עדכון אבטחה עבור Windows XP (KB908519)‎ --> "C:\WINDOWS\$NtUninstallKB908519$\spuninst\spuninst.exe"
עדכון אבטחה עבור Windows XP (KB911562)‎ --> "C:\WINDOWS\$NtUninstallKB911562$\spuninst\spuninst.exe"
עדכון אבטחה עבור Windows XP (KB911567)‎ --> "C:\WINDOWS\$NtUninstallKB911567$\spuninst\spuninst.exe"
עדכון אבטחה עבור Windows XP (KB911927)‎ --> "C:\WINDOWS\$NtUninstallKB911927$\spuninst\spuninst.exe"
עדכון אבטחה עבור Windows XP (KB912919)‎ --> "C:\WINDOWS\$NtUninstallKB912919$\spuninst\spuninst.exe"
עדכון אבטחה עבור Windows XP (KB913580)‎ --> "C:\WINDOWS\$NtUninstallKB913580$\spuninst\spuninst.exe"
עדכון אבטחה עבור Windows XP (KB914388)‎ --> "C:\WINDOWS\$NtUninstallKB914388$\spuninst\spuninst.exe"
עדכון אבטחה עבור Windows XP (KB914389)‎ --> "C:\WINDOWS\$NtUninstallKB914389$\spuninst\spuninst.exe"
עדכון אבטחה עבור Windows XP (KB917344)‎ --> "C:\WINDOWS\$NtUninstallKB917344$\spuninst\spuninst.exe"
עדכון אבטחה עבור Windows XP (KB917422)‎ --> "C:\WINDOWS\$NtUninstallKB917422$\spuninst\spuninst.exe"
עדכון אבטחה עבור Windows XP (KB917953)‎ --> "C:\WINDOWS\$NtUninstallKB917953$\spuninst\spuninst.exe"
עדכון אבטחה עבור Windows XP (KB918118)‎ --> "C:\WINDOWS\$NtUninstallKB918118$\spuninst\spuninst.exe"
עדכון אבטחה עבור Windows XP (KB918439)‎ --> "C:\WINDOWS\$NtUninstallKB918439$\spuninst\spuninst.exe"
עדכון אבטחה עבור Windows XP (KB918899)‎ --> "C:\WINDOWS\$NtUninstallKB918899$\spuninst\spuninst.exe"
עדכון אבטחה עבור Windows XP (KB919007)‎ --> "C:\WINDOWS\$NtUninstallKB919007$\spuninst\spuninst.exe"
עדכון אבטחה עבור Windows XP (KB920213)‎ --> "C:\WINDOWS\$NtUninstallKB920213$\spuninst\spuninst.exe"
עדכון אבטחה עבור Windows XP (KB920214)‎ --> "C:\WINDOWS\$NtUninstallKB920214$\spuninst\spuninst.exe"
עדכון אבטחה עבור Windows XP (KB920670)‎ --> "C:\WINDOWS\$NtUninstallKB920670$\spuninst\spuninst.exe"
עדכון אבטחה עבור Windows XP (KB920683)‎ --> "C:\WINDOWS\$NtUninstallKB920683$\spuninst\spuninst.exe"
עדכון אבטחה עבור Windows XP (KB920685)‎ --> "C:\WINDOWS\$NtUninstallKB920685$\spuninst\spuninst.exe"
עדכון אבטחה עבור Windows XP (KB921398)‎ --> "C:\WINDOWS\$NtUninstallKB921398$\spuninst\spuninst.exe"
עדכון אבטחה עבור Windows XP (KB921503)‎ --> "C:\WINDOWS\$NtUninstallKB921503$\spuninst\spuninst.exe"
עדכון אבטחה עבור Windows XP (KB921883)‎ --> "C:\WINDOWS\$NtUninstallKB921883$\spuninst\spuninst.exe"
עדכון אבטחה עבור Windows XP (KB922616)‎ --> "C:\WINDOWS\$NtUninstallKB922616$\spuninst\spuninst.exe"
עדכון אבטחה עבור Windows XP (KB922760)‎ --> "C:\WINDOWS\$NtUninstallKB922760$\spuninst\spuninst.exe"
עדכון אבטחה עבור Windows XP (KB922819)‎ --> "C:\WINDOWS\$NtUninstallKB922819$\spuninst\spuninst.exe"
עדכון אבטחה עבור Windows XP (KB923191)‎ --> "C:\WINDOWS\$NtUninstallKB923191$\spuninst\spuninst.exe"
עדכון אבטחה עבור Windows XP (KB923414)‎ --> "C:\WINDOWS\$NtUninstallKB923414$\spuninst\spuninst.exe"
עדכון אבטחה עבור Windows XP (KB923694)‎ --> "C:\WINDOWS\$NtUninstallKB923694$\spuninst\spuninst.exe"
עדכון אבטחה עבור Windows XP (KB923980)‎ --> "C:\WINDOWS\$NtUninstallKB923980$\spuninst\spuninst.exe"
עדכון אבטחה עבור Windows XP (KB924191)‎ --> "C:\WINDOWS\$NtUninstallKB924191$\spuninst\spuninst.exe"
עדכון אבטחה עבור Windows XP (KB924270)‎ --> "C:\WINDOWS\$NtUninstallKB924270$\spuninst\spuninst.exe"
עדכון אבטחה עבור Windows XP (KB924496)‎ --> "C:\WINDOWS\$NtUninstallKB924496$\spuninst\spuninst.exe"
עדכון אבטחה עבור Windows XP (KB924667)‎ --> "C:\WINDOWS\$NtUninstallKB924667$\spuninst\spuninst.exe"
עדכון אבטחה עבור Windows XP (KB925454)‎ --> "C:\WINDOWS\$NtUninstallKB925454$\spuninst\spuninst.exe"
עדכון אבטחה עבור Windows XP (KB925486)‎ --> "C:\WINDOWS\$NtUninstallKB925486$\spuninst\spuninst.exe"
עדכון אבטחה עבור Windows XP (KB925902)‎ --> "C:\WINDOWS\$NtUninstallKB925902$\spuninst\spuninst.exe"
עדכון אבטחה עבור Windows XP (KB926255)‎ --> "C:\WINDOWS\$NtUninstallKB926255$\spuninst\spuninst.exe"
עדכון אבטחה עבור Windows XP (KB926436)‎ --> "C:\WINDOWS\$NtUninstallKB926436$\spuninst\spuninst.exe"
עדכון אבטחה עבור Windows XP (KB927779)‎ --> "C:\WINDOWS\$NtUninstallKB927779$\spuninst\spuninst.exe"
עדכון אבטחה עבור Windows XP (KB927802)‎ --> "C:\WINDOWS\$NtUninstallKB927802$\spuninst\spuninst.exe"
עדכון אבטחה עבור Windows XP (KB928255)‎ --> "C:\WINDOWS\$NtUninstallKB928255$\spuninst\spuninst.exe"
עדכון אבטחה עבור Windows XP (KB928843)‎ --> "C:\WINDOWS\$NtUninstallKB928843$\spuninst\spuninst.exe"
עדכון אבטחה עבור Windows XP (KB929123)‎ --> "C:\WINDOWS\$NtUninstallKB929123$\spuninst\spuninst.exe"
עדכון אבטחה עבור Windows XP (KB930178)‎ --> "C:\WINDOWS\$NtUninstallKB930178$\spuninst\spuninst.exe"
עדכון אבטחה עבור Windows XP (KB931261)‎ --> "C:\WINDOWS\$NtUninstallKB931261$\spuninst\spuninst.exe"
עדכון אבטחה עבור Windows XP (KB931784)‎ --> "C:\WINDOWS\$NtUninstallKB931784$\spuninst\spuninst.exe"
עדכון אבטחה עבור Windows XP (KB932168)‎ --> "C:\WINDOWS\$NtUninstallKB932168$\spuninst\spuninst.exe"
עדכון אבטחה עבור Windows XP (KB933729)‎ --> "C:\WINDOWS\$NtUninstallKB933729$\spuninst\spuninst.exe"
עדכון אבטחה עבור Windows XP (KB935839)‎ --> "C:\WINDOWS\$NtUninstallKB935839$\spuninst\spuninst.exe"
עדכון אבטחה עבור Windows XP (KB935840)‎ --> "C:\WINDOWS\$NtUninstallKB935840$\spuninst\spuninst.exe"
עדכון אבטחה עבור Windows XP (KB936021)‎ --> "C:\WINDOWS\$NtUninstallKB936021$\spuninst\spuninst.exe"
עדכון אבטחה עבור Windows XP (KB937894)‎ --> "C:\WINDOWS\$NtUninstallKB937894$\spuninst\spuninst.exe"
עדכון אבטחה עבור Windows XP (KB938127)‎ --> "C:\WINDOWS\$NtUninstallKB938127$\spuninst\spuninst.exe"
עדכון אבטחה עבור Windows XP (KB938829)‎ --> "C:\WINDOWS\$NtUninstallKB938829$\spuninst\spuninst.exe"
עדכון אבטחה עבור Windows XP (KB941202)‎ --> "C:\WINDOWS\$NtUninstallKB941202$\spuninst\spuninst.exe"
עדכון אבטחה עבור Windows XP (KB941568)‎ --> "C:\WINDOWS\$NtUninstallKB941568$\spuninst\spuninst.exe"
עדכון אבטחה עבור Windows XP (KB941644)‎ --> "C:\WINDOWS\$NtUninstallKB941644$\spuninst\spuninst.exe"
עדכון אבטחה עבור Windows XP (KB941693)‎ --> "C:\WINDOWS\$NtUninstallKB941693$\spuninst\spuninst.exe"
עדכון אבטחה עבור Windows XP (KB942615)‎ --> "C:\WINDOWS\$NtUninstallKB942615$\spuninst\spuninst.exe"
עדכון אבטחה עבור Windows XP (KB943055)‎ --> "C:\WINDOWS\$NtUninstallKB943055$\spuninst\spuninst.exe"
עדכון אבטחה עבור Windows XP (KB943460)‎ --> "C:\WINDOWS\$NtUninstallKB943460$\spuninst\spuninst.exe"
עדכון אבטחה עבור Windows XP (KB943485)‎ --> "C:\WINDOWS\$NtUninstallKB943485$\spuninst\spuninst.exe"
עדכון אבטחה עבור Windows XP (KB944338)‎ --> "C:\WINDOWS\$NtUninstallKB944338$\spuninst\spuninst.exe"
עדכון אבטחה עבור Windows XP (KB944533)‎ --> "C:\WINDOWS\$NtUninstallKB944533$\spuninst\spuninst.exe"
עדכון אבטחה עבור Windows XP (KB944653)‎ --> "C:\WINDOWS\$NtUninstallKB944653$\spuninst\spuninst.exe"
עדכון אבטחה עבור Windows XP (KB945553)‎ --> "C:\WINDOWS\$NtUninstallKB945553$\spuninst\spuninst.exe"
עדכון אבטחה עבור Windows XP (KB946026)‎ --> "C:\WINDOWS\$NtUninstallKB946026$\spuninst\spuninst.exe"
עדכון אבטחה עבור Windows XP (KB947864)‎ --> "C:\WINDOWS\$NtUninstallKB947864$\spuninst\spuninst.exe"
עדכון אבטחה עבור Windows XP (KB948590)‎ --> "C:\WINDOWS\$NtUninstallKB948590$\spuninst\spuninst.exe"
עדכון אבטחה עבור Windows XP (KB948881)‎ --> "C:\WINDOWS\$NtUninstallKB948881$\spuninst\spuninst.exe"
עדכון אבטחה עבור Windows XP‏ (KB923689) --> "C:\WINDOWS\$NtUninstallKB923689$\spuninst\spuninst.exe"
עדכון אבטחה עבור Windows XP‏ (KB941569) --> "C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Torrent --> "C:\Program Files\uTorrent\uTorrent.exe" /UNINSTALL
תיקון חם עבור Windows XP (KB914440)‎ --> "C:\WINDOWS\$NtUninstallKB914440$\spuninst\spuninst.exe"
Adobe Flash Player 9 ActiveX --> C:\WINDOWS\system32\Macromed\Flash\FlashUtil9b.exe -uninstallDelete
Adobe Photoshop Album 2.0 Starter Edition --> MsiExec.exe /I{11B569C2-4BF6-4ED0-9D17-A4273943CB24}
Adobe Reader 8.1.1 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81000000003}
Adobe Shockwave Player --> C:\WINDOWS\system32\MACROMED\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\MACROMED\SHOCKW~1\INSTALL.LOG
Advanced MP3/WMA Recorder --> C:\PROGRA~1\XAUDIO~1\ADVANC~1\UNWISE.EXE C:\PROGRA~1\XAUDIO~1\ADVANC~1\INSTALL.LOG
Apple Software Update --> MsiExec.exe /I{A50C25D7-62E9-4511-AD70-8E2DA5E79B7D}
BS.Player FREE powered by AdVantage --> "C:\Program Files\Webteh\BSplayer\uninstall.exe"
Burn4Free CD and DVD --> "C:\Program Files\Burn4Free\uninstall.exe"
CCleaner (remove only) --> "C:\Program Files\CCleaner\uninst.exe"
Disc2Phone --> MsiExec.exe /I{FFAB5ABB-8AAB-42E2-847F-1743E51E01E9}
Download Accelerator Plus (DAP) --> C:\PROGRA~1\DAP\DAPREMOVE.EXE
Ease MP3 WAV Converter 1.21 --> "C:\Program Files\easetech\mp3wavconverter\unins000.exe"
eMule --> "C:\Program Files\eMule\Uninstall.exe"
GlobespanVirata DSL Modem --> C:\Program Files\GlobespanVirata\Adsl\uninstall.exe
Google Toolbar for Internet Explorer --> MsiExec.exe /I{DBEA1034-5882-4A88-8033-81C4EF0CFA29}
Google Toolbar for Internet Explorer --> regsvr32 /u /s "c:\program files\google\googletoolbar1.dll"
Guitar Pro 5.0 --> "C:\Program Files\Guitar Pro 5\unins000.exe"
HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Windows Media Format 11 SDK (KB929399) --> "C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
HP Extended Capabilities 5.3 --> C:\Program Files\HP\Digital Imaging\ExtCapUninstall\hpzscr01.exe -datfile hpqhsc01.dat
HP Image Zone Express --> MsiExec.exe /X{FE64AE29-0883-4C70-8388-DC026019C900}
HP Imaging Device Functions 5.3 --> C:\Program Files\HP\Digital Imaging\DigitalImagingMonitor\hpzscr01.exe -datfile hpqbud01.dat
HP PSC & OfficeJet 5.3.B --> "C:\Program Files\HP\Digital Imaging\{5B79CFD1-6845-4158-9D7D-6BE89DF2C135}\setup\hpzscr01.exe" -datfile hposcr07.dat
HP Software Update --> MsiExec.exe /X{15EE79F4-4ED1-4267-9B0F-351009325D7D}
HP Solution Center & Imaging Support Tools 5.3 --> C:\Program Files\HP\Digital Imaging\eSupport\hpzscr01.exe -datfile hpqbud05.dat
iTunes --> MsiExec.exe /I{446DBFFA-4088-48E3-8932-74316BA4CAE4}
Java™ 6 Update 3 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
Java™ SE Runtime Environment 6 Update 1 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160010}
Kaspersky Anti-Virus 6.0 --> MsiExec.exe /I{75193929-9A52-4CA4-98DE-8C7296940920}
LimeWire 4.12.11 --> "C:\Program Files\LimeWire\uninstall.exe"
Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Office XP Professional עם FrontPage --> MsiExec.exe /I{9028040D-6000-11D3-8CFE-0050048383C9}
Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Moyea FLV Downloader version 1.13.0.10 --> "C:\Program Files\Moyea\FLV Downloader\unins000.exe"
Moyea FLV Player version 1.3.2.3 --> "C:\Program Files\Moyea\FLV Player\unins000.exe"
Moyea FLV to Video Converter Pro version 1.28.1.0 --> "C:\Program Files\Moyea\FLV to Video Pro\unins000.exe"
Mozilla Firefox (2.0.0.14) --> C:\PROGRA~1\Mozilla Firefox\uninstall\helper.exe
MSN Toolbar --> C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\he-il\mtbs.exe c
neroxml --> MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B}
NVIDIA Drivers --> C:\WINDOWS\system32\nvudisp.exe UninstallGUI
PowerDVD --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\CyberLink\PowerDVD\Uninst.isu"
QuickTime --> MsiExec.exe /I{50D8FFDD-90CD-4859-841F-AA1961C7767A}
Ralink Wireless LAN Card --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FAB1F336-1B7C-4057-A7BC-2922CD82A781}\setup.exe" -l0x9 -removeonly
Skype 3.6 --> MsiExec.exe /X{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}
Sony Ericsson PC Suite 1.20.224 --> MsiExec.exe /I{7689CA7A-1270-425A-9959-EB4CB25EA29A}
Spyware Doctor 5.5 --> C:\Program Files\Spyware Doctor\unins000.exe /LOG
SUPERAntiSpyware Free Edition --> MsiExec.exe /X{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}
Syncrosoft's License Control --> C:\PROGRA~1\SYNCRO~1\UNWISE.EXE C:\PROGRA~1\SYNCRO~1\INSTALL.LOG
TD998 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{57383270-6F61-4DC8-A9B8-C1745FC29F38}\Setup.exe" -l0x9
Unlock Codes Calculator (remove only) --> "C:\Program Files\Unlock Codes Calculator (by Crux)\uninst.exe"
VCRedistSetup --> MsiExec.exe /I{3921A67A-5AB1-4E48-9444-C71814CF3027}
Windows Live Messenger --> MsiExec.exe /I{426382FB-4792-44BA-8C6A-CB7C77F61F53}
Windows Live Sign-in Assistant --> MsiExec.exe /I{F652D238-5F29-42D5-BAF3-0115EF977EC2}
Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe
WinZip --> "C:\Program Files\WinZip\WINZIP32.EXE" /uninstall


-- Application Event Log -------------------------------------------------------

No Errors/Warnings found.


-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type1475 / Warning
Event Submitted/Written: 05/12/2008 04:38:36 AM
Event ID/Source: 36 / W32Time
Event Description:
The time service has not been able to synchronize the system time
for 49152 seconds because none of the time providers has been able to
provide a usable time stamp. The system clock is unsynchronized.

Event Record #/Type1454 / Error
Event Submitted/Written: 05/11/2008 03:00:11 PM
Event ID/Source: 7026 / Service Control Manager
Event Description:
The following boot-start or system-start driver(s) failed to load:
IKFileSec

Event Record #/Type1449 / Error
Event Submitted/Written: 05/11/2008 11:09:24 AM
Event ID/Source: 15005 / HTTP
Event Description:
‏‏לא ניתן לבצע איגוד לתעבורה המהווה בסיס עבור 0.0.0.0:2869. רשימת ההאזנה בלבד של פרוטוקול IP עשויה להכיל הפניה לממשק שאינו קיים במחשב זה. שדה הנתונים מכיל את מספר השגיאה.

Event Record #/Type1448 / Error
Event Submitted/Written: 05/11/2008 11:09:16 AM
Event ID/Source: 15005 / HTTP
Event Description:
‏‏לא ניתן לבצע איגוד לתעבורה המהווה בסיס עבור 0.0.0.0:2869. רשימת ההאזנה בלבד של פרוטוקול IP עשויה להכיל הפניה לממשק שאינו קיים במחשב זה. שדה הנתונים מכיל את מספר השגיאה.

Event Record #/Type1441 / Warning
Event Submitted/Written: 05/11/2008 08:40:54 AM
Event ID/Source: 1007 / Dhcp
Event Description:
Your computer has automatically configured the IP address for the Network
Card with network address 000E2ECA3718. The IP address being used is 169.254.31.217.



-- End of Deckard's System Scanner: finished at 2008-05-14 22:25:36 ------------


thnk you very much

BC AdBot (Login to Remove)

 


#2 alsade1

alsade1
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:01:42 AM

Posted 21 May 2008 - 02:53 AM

I'm sorry but i think i'm missing something here because its been a week since i add my topic and nothing happend yet, so i just wanna ask if i did something wrong during the process or its normal to wait more than a week for help?
(im not complaining i really just want to know)

#3 alsade1

alsade1
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:01:42 AM

Posted 31 May 2008 - 06:32 AM

נקודת ביקורת של המערכת-system checkpoint
‏‏בקר אפיק טורי אוניברסלי-Universal Serial Bus
עדכון עבור-update for
עדכון אבטחה עבור-security update for..

‏‏לא ניתן לבצע איגוד לתעבורה המהווה בסיס עבור 0.0.0.0:2869. רשימת ההאזנה בלבד של פרוטוקול IP עשויה להכיל הפניה לממשק שאינו קיים במחשב זה. שדה הנתונים מכיל את מספר השגיאה.-this one is too hard for me but im working on it :-)

I understood that the hebrew is a problem so here is some translatation.
hope its helpfull.
and againg, thx.

#4 Carolyn

Carolyn

    Bleepin' kitten


  • Members
  • 2,131 posts
  • OFFLINE
  •  
  • Local time:01:42 AM

Posted 04 June 2008 - 12:12 PM

Hello and Welcome to the forums!

My name is Carolyn and I'll be glad to help you with your computer problems. HijackThis logs can take some time to research, so please be patient with me. I know that you need your computer working as quickly as possible, and I will work hard to help see that it happens.

Please reply to this thread, do not start another.
Please tell me about any problems that have occurred during the fix.
Please tell me of any other symptoms you may be having as these can help also.
Please try as much as possible not to run anything while executing a fix.

As I am still in training, everything that I post to you must be checked by one of the teachers. Thus, there may be a bit of a delay between posts, but it shouldn't be too long.

If you follow these instructions, everything should go smoothly.

I am sorry that we were unable to reply to your post sooner. The forums have been very busy.

If you are still in need of assistance, please Download and Run HijackThis
Download HJTInstall.exe to your Desktop.
  • Doubleclick HJTInstall.exe to install it.
  • By default it will install to C:\Program Files\Trend Micro\HijackThis .
  • Click on Install.
  • It will create a HijackThis icon on the desktop.
  • Once installed, it will launch Hijackthis.
  • Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad.
  • Copy/Paste the log to your next reply please.
Don't use the Analyse This button, its findings are dangerous if misinterpreted.
Don't have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.


Also, please make an uninstall list using HijackThis
To access the Uninstall Manager you would do the following:

1. Start HijackThis
2. Click on the Config button
3. Click on the Misc Tools button
4. Click on the Open Uninstall Manager button.
5. Click on the Save list... button and specify where you would like to save this file. When you press Save button a notepad will open with the contents of that file. Simply copy and paste the contents of that notepad here in your next reply.

Post the fresh HijackThis log and the uninstall list in the body of your next reply.
Member of ASAP (Alliance of Security Analysis Professionals)
Posted Image

#5 Carolyn

Carolyn

    Bleepin' kitten


  • Members
  • 2,131 posts
  • OFFLINE
  •  
  • Local time:01:42 AM

Posted 06 June 2008 - 06:10 AM

Hello,

I'm afraid I have unpleasant news for you.

Your computer has multiple infections, including a rootkit. A rootkit is a set of software tools intended for concealing running processes, files or system data from the operating system.

You are strongly advised to do the following:

  • Disconnect the computer from the Internet and from any networked computers until it is cleaned.
  • Back up all your important data except programs. The programs can be reinstalled back from the original disc or from the Net.
  • Call all your banks, financial institutions, credit card companies and inform them that you may be a victim of identity theft and put a watch on your accounts. If you don't mind the hassle, change all your account numbers.
  • From a clean computer, change all your passwords (ISP login password, your email address(es) passwords, financial accounts, PayPal, eBay, Amazon, online groups and forums and any other online activities you carry out which require a username and password).
DO NOT change your passwords from this computer as the attacker will be able to get all the new passwords and transaction records.

Due to its rootkit functionality, your computer is very likely to have been compromised and there is no way that it can be trusted again. Many experts in the security community believe that once infected with this type of Trojan, the best course of action would be to do a reformat and reinstallation of the operating system (OS). However, if you do not have the resources to reinstall your OS and would like me to attempt to clean your machine, I will be happy to do so.

To help you understand more, please take some time to read the following articles:

What are rootkits from Wikipedia
Why are rootkits dangerous
How do I respond to a possible identity theft and how do I prevent it
When should do a reformat and reinstallation of my OS
Where to backup your files
How to backup your files in Windows XP
Restoring your backups

Should you have any questions, please feel free to ask.

Please let us know what you have decided to do in your next post.
Member of ASAP (Alliance of Security Analysis Professionals)
Posted Image

#6 Carolyn

Carolyn

    Bleepin' kitten


  • Members
  • 2,131 posts
  • OFFLINE
  •  
  • Local time:01:42 AM

Posted 10 June 2008 - 02:01 PM

It's been a few days. Are you still in need of assistance?
Member of ASAP (Alliance of Security Analysis Professionals)
Posted Image

#7 Carolyn

Carolyn

    Bleepin' kitten


  • Members
  • 2,131 posts
  • OFFLINE
  •  
  • Local time:01:42 AM

Posted 14 June 2008 - 10:44 AM

Due to the lack of feedback, this Topic is closed.

If you need this topic reopened, please request this by sending the moderating team
a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.
Member of ASAP (Alliance of Security Analysis Professionals)
Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users