האקספלורר שולח אותי לאתרי פורנו במקום ללינקים מחיפוש בגוגל

Logfile of HijackThis v1.99.1
Scan saved at 12:08:33, on 26/09/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\ASUS\AASP\1.00.05\aaCenter.exe
C:\Program Files\ASUS\AI Suite\AiNap\AiNap.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\ATKKBService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\DOCUME~1\RONA&E~1\LOCALS~1\Temp\Rar$EX00.813\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ynet.co.il/home/0,7340,L-8,00.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\sw g.dll
O2 - BHO: (no name) - {D61D7E1A-6613-49CA-B6F9-51DB248E209D} - C:\Program Files\Video ActiveX Access\iesplg.dll (file missing)
O3 - Toolbar: Protection Bar - {29C5A3B6-9A8D-4FA0-B5AD-3E20F4AA5C00} - C:\Program Files\Video ActiveX Access\iesbpl.dll (file missing)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [JMB36X Configure] C:\WINDOWS\system32\JMRaidTool.exe boot
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [AsusServiceProvider] C:\Program Files\ASUS\AASP\1.00.05\aaCenter.exe
O4 - HKLM\..\Run: [Ai Nap] "C:\Program Files\ASUS\AI Suite\AiNap\AiNap.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O9 - Extra button: שלח אל OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: ש&לח אל OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} (asusTek_sysctrl Class) - http://support.asus.com/common/asusTek_sys_ctrl.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{4651C20C-7D43-4554-B4FE-2DBA93E4AD4A}: NameServer = 85.255.115.117 85.255.112.204
O17 - HKLM\System\CCS\Services\Tcpip\..\{78AA8FA7-86E0-4736-9FE3-857ED3712B26}: NameServer = 85.255.115.117
O17 - HKLM\System\CCS\Services\Tcpip\..\{8D8C23CC-2CEB-49F2-85C2-944BA5700AE5}: NameServer = 85.255.115.117
O17 - HKLM\System\CCS\Services\Tcpip\..\{93CCFF0B-6D57-4B25-A894-7A03F7AF4A65}: NameServer = 85.255.115.117
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.115.117 85.255.112.204
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.115.117 85.255.112.204
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: NameServer = 85.255.115.117 85.255.112.204
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.115.117 85.255.112.204
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DL L
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

[X] - O17 - HKLM\System\CCS\Services\Tcpip\..\{4651C20C-7D43-4554-B4FE-2DBA93E4AD4A}: NameServer = 85.255.115.117 85.255.112.204 [X] - O17 - HKLM\System\CCS\Services\Tcpip\..\{78AA8FA7-86E0-4736-9FE3-857ED3712B26}: NameServer = 85.255.115.117 [X] - O17 - HKLM\System\CCS\Services\Tcpip\..\{8D8C23CC-2CEB-49F2-85C2-944BA5700AE5}: NameServer = 85.255.115.117 [X] - O17 - HKLM\System\CCS\Services\Tcpip\..\{93CCFF0B-6D57-4B25-A894-7A03F7AF4A65}: NameServer = 85.255.115.117 [X] - O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.115.117 85.255.112.204 [X] - O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.115.117 85.255.112.204 [X] - O17 - HKLM\System\CS3\Services\Tcpip\Parameters: NameServer = 85.255.115.117 85.255.112.204 [X] - O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.115.117 85.255.112.204

לוג ה REPORT :

Username "Rona & Eitan" - 09/29/2007 21:43:24 [Fixwareout edited 9/01/2007]

~~~~~ Prerun check
HKLM\SOFTWARE\~\Winlogon\ "System"="kdyux.exe"
Successfully flushed the DNS Resolver Cache.

System was rebooted successfully.

~~~~~ Postrun check
HKLM\SOFTWARE\~\Winlogon\ "system"=""
....
....
~~~~~ Misc files.
....
~~~~~ Checking for older varients.
....
~~~~~ Other
C:\WINDOWS\Temp\kdyux.ren 71242 06/13/2007
~~~~~ Current runs (hklm hkcu "run" Keys Only)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"SoundMAXPnP"="C:\\Program Files\\Analog Devices\\Core\\smax4pnp.exe"
"SoundMAX"="\"C:\\Program Files\\Analog Devices\\SoundMAX\\Smax4.exe\" /tray"
"JMB36X Configure"="C:\\WINDOWS\\system32\\JMRaidTool.exe boot"
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup"
"nwiz"="nwiz.exe /install"
"NvMediaCenter"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvMcTray.dll,NvTaskbarInit"
"AsusServiceProvider"="C:\\Program Files\\ASUS\\AASP\\1.00.05\\aaCenter.exe"
"Ai Nap"="\"C:\\Program Files\\ASUS\\AI Suite\\AiNap\\AiNap.exe\""
"GrooveMonitor"="\"C:\\Program Files\\Microsoft Office\\Office12\\GrooveMonitor.exe\""
"nod32kui"="\"C:\\Program Files\\Eset\\nod32kui.exe\" /WAITSERVICE"
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"!AVG Anti-Spyware"="\"C:\\Program Files\\Grisoft\\AVG Anti-Spyware 7.5\\avgas.exe\" /minimized"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
"H/PC Connection Agent"="\"C:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe\""
"SpywareBot"="C:\\Program Files\\SpywareBot\\SpywareBot.exe -boot"
....
Hosts file was reset, If you use a custom hosts file please replace it...
~~~~~ End report ~~~~~

לוג ה DNS

REGEDIT4

[HKEY_LOCAL_MACHINE\system\currentcontrolset\servic es\tcpip\parameters]
"NV Hostname"="sr"
"DataBasePath"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,53, 79,73,74,65,6d,\
33,32,5c,64,72,69,76,65,72,73,5c,65,74,63,00
"ForwardBroadcasts"=dword:00000000
"IPEnableRouter"=dword:00000000
"Domain"=""
"Hostname"="sr"
"SearchList"=""
"UseDomainNameDevolution"=dword:00000000
"EnableICMPRedirect"=dword:00000001
"DeadGWDetectDefault"=dword:00000001
"DontAddDefaultGatewayDefault"=dword:00000000
"EnableSecurityFilters"=dword:00000000
[HKEY_LOCAL_MACHINE\system\currentcontrolset\servic es\tcpip\parameters\Adapters]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\servic es\tcpip\parameters\Adapters\NdisWanIp]
"LLInterface"="WANARP"
"IpConfig"=hex(7):54,63,70,69,70,5c,50,61,72,61,6d,65,74,65, 72,73,5c,49,6e,74,\
65,72,66,61,63,65,73,5c,7b,33,37,35,44,37,30,43,36 ,2d,42,36,44,46,2d,34,39,\
43,37,2d,42,41,38,43,2d,32,36,37,45,34,41,39,31,34 ,37,37,35,7d,00,54,63,70,\
69,70,5c,50,61,72,61,6d,65,74,65,72,73,5c,49,6e,74 ,65,72,66,61,63,65,73,5c,\
7b,35,44,45,30,39,30,43,36,2d,43,38,46,34,2d,34,45 ,46,44,2d,39,35,33,34,2d,\
44,45,38,44,32,37,33,38,42,30,41,32,7d,00,54,63,70 ,69,70,5c,50,61,72,61,6d,\
65,74,65,72,73,5c,49,6e,74,65,72,66,61,63,65,73,5c ,7b,39,45,35,41,45,43,36,\
36,2d,46,39,36,33,2d,34,33,43,34,2d,38,39,42,41,2d ,36,33,36,32,41,37,30,30,\
46,37,41,37,7d,00,54,63,70,69,70,5c,50,61,72,61,6d ,65,74,65,72,73,5c,49,6e,\
74,65,72,66,61,63,65,73,5c,7b,34,36,35,31,43,32,30 ,43,2d,37,44,34,33,2d,34,\
35,35,34,2d,42,34,46,45,2d,32,44,42,41,39,33,45,34 ,41,44,34,41,7d,00,00
"NumInterfaces"=dword:00000004
"IpInterfaces"=hex:c6,70,5d,37,df,b6,c7,49,ba,8c,26,7e,4a,91,47, 75,c6,90,e0,5d,\
f4,c8,fd,4e,95,34,de,8d,27,38,b0,a2,66,ec,5a,9e,63 ,f9,c4,43,89,ba,63,62,a7,\
00,f7,a7,0c,c2,51,46,43,7d,54,45,b4,fe,2d,ba,93,e4 ,ad,4a
[HKEY_LOCAL_MACHINE\system\currentcontrolset\servic es\tcpip\parameters\Adapters\{78AA8FA7-86E0-4736-9FE3-857ED3712B26}]
"LLInterface"=""
"IpConfig"=hex(7):54,63,70,69,70,5c,50,61,72,61,6d,65,74,65, 72,73,5c,49,6e,74,\
65,72,66,61,63,65,73,5c,7b,37,38,41,41,38,46,41,37 ,2d,38,36,45,30,2d,34,37,\
33,36,2d,39,46,45,33,2d,38,35,37,45,44,33,37,31,32 ,42,32,36,7d,00,00
[HKEY_LOCAL_MACHINE\system\currentcontrolset\servic es\tcpip\parameters\Adapters\{8D8C23CC-2CEB-49F2-85C2-944BA5700AE5}]
"LLInterface"=""
"IpConfig"=hex(7):54,63,70,69,70,5c,50,61,72,61,6d,65,74,65, 72,73,5c,49,6e,74,\
65,72,66,61,63,65,73,5c,7b,38,44,38,43,32,33,43,43 ,2d,32,43,45,42,2d,34,39,\
46,32,2d,38,35,43,32,2d,39,34,34,42,41,35,37,30,30 ,41,45,35,7d,00,00
[HKEY_LOCAL_MACHINE\system\currentcontrolset\servic es\tcpip\parameters\Adapters\{93CCFF0B-6D57-4B25-A894-7A03F7AF4A65}]
"LLInterface"=""
"IpConfig"=hex(7):54,63,70,69,70,5c,50,61,72,61,6d,65,74,65, 72,73,5c,49,6e,74,\
65,72,66,61,63,65,73,5c,7b,39,33,43,43,46,46,30,42 ,2d,36,44,35,37,2d,34,42,\
32,35,2d,41,38,39,34,2d,37,41,30,33,46,37,41,46,34 ,41,36,35,7d,00,00
[HKEY_LOCAL_MACHINE\system\currentcontrolset\servic es\tcpip\parameters\DNSRegisteredAdapters]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\servic es\tcpip\parameters\Interfaces]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\servic es\tcpip\parameters\Interfaces\{375D70C6-B6DF-49C7-BA8C-267E4A914775}]
"UseZeroBroadcast"=dword:00000000
"EnableDHCP"=dword:00000000
"IPAddress"=hex(7):30,2e,30,2e,30,2e,30,00,00
"SubnetMask"=hex(7):30,2e,30,2e,30,2e,30,00,00
"DefaultGateway"=hex(7):00
"EnableDeadGWDetect"=dword:00000001
"DontAddDefaultGateway"=dword:00000000
"NameServer"=""
"DhcpNameServer"=""
"Domain"=""
[HKEY_LOCAL_MACHINE\system\currentcontrolset\servic es\tcpip\parameters\Interfaces\{4651C20C-7D43-4554-B4FE-2DBA93E4AD4A}]
"UseZeroBroadcast"=dword:00000000
"EnableDHCP"=dword:00000000
"IPAddress"=hex(7):30,2e,30,2e,30,2e,30,00,00
"SubnetMask"=hex(7):30,2e,30,2e,30,2e,30,00,00
"DefaultGateway"=hex(7):00
"EnableDeadGWDetect"=dword:00000001
"DontAddDefaultGateway"=dword:00000000
"NTEContextList"=hex(7):30,78,30,30,30,30,30,30,30,33,00,00
"DhcpIPAddress"="80.178.57.247"
"DhcpSubnetMask"="255.255.255.255"
"Domain"=""
"DhcpClassIdBin"=hex:
"RegistrationEnabled"=dword:00000000
"RegisterAdapterName"=dword:00000000
"NameServer"="212.116.161.40 84.95.14.250"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\servic es\tcpip\parameters\Interfaces\{5DE090C6-C8F4-4EFD-9534-DE8D2738B0A2}]
"UseZeroBroadcast"=dword:00000000
"EnableDHCP"=dword:00000000
"IPAddress"=hex(7):30,2e,30,2e,30,2e,30,00,00
"SubnetMask"=hex(7):30,2e,30,2e,30,2e,30,00,00
"DefaultGateway"=hex(7):00
"EnableDeadGWDetect"=dword:00000001
"DontAddDefaultGateway"=dword:00000000
"NTEContextList"=hex(7):00
"DhcpIPAddress"="0.0.0.0"
"DhcpSubnetMask"="0.0.0.0"
"Domain"=""
"NameServer"=""
"DhcpClassIdBin"=hex:
"RegistrationEnabled"=dword:00000000
"RegisterAdapterName"=dword:00000000
[HKEY_LOCAL_MACHINE\system\currentcontrolset\servic es\tcpip\parameters\Interfaces\{78AA8FA7-86E0-4736-9FE3-857ED3712B26}]
"UseZeroBroadcast"=dword:00000000
"EnableDeadGWDetect"=dword:00000001
"EnableDHCP"=dword:00000001
"IPAddress"=hex(7):30,2e,30,2e,30,2e,30,00,00
"SubnetMask"=hex(7):30,2e,30,2e,30,2e,30,00,00
"DefaultGateway"=hex(7):00
"DefaultGatewayMetric"=hex(7):00
"Domain"=""
"RegistrationEnabled"=dword:00000001
"RegisterAdapterName"=dword:00000000
"TCPAllowedPorts"=hex(7):30,00,00
"UDPAllowedPorts"=hex(7):30,00,00
"RawIPAllowedProtocols"=hex(7):30,00,00
"NTEContextList"=hex(7):00
"DhcpClassIdBin"=hex:
"DhcpServer"="255.255.255.255"
"Lease"=dword:00000e10
"LeaseObtainedTime"=dword:46ec1b15
"T1"=dword:46ec221d
"T2"=dword:46ec2763
"LeaseTerminatesTime"=dword:46ec2925
"IPAutoconfigurationAddress"="0.0.0.0"
"IPAutoconfigurationMask"="255.255.0.0"
"IPAutoconfigurationSeed"=dword:00000000
"AddressType"=dword:00000000
"DhcpNameServer"=""
"NameServer"=""
[HKEY_LOCAL_MACHINE\system\currentcontrolset\servic es\tcpip\parameters\Interfaces\{8D8C23CC-2CEB-49F2-85C2-944BA5700AE5}]
"UseZeroBroadcast"=dword:00000000
"EnableDeadGWDetect"=dword:00000001
"EnableDHCP"=dword:00000001
"IPAddress"=hex(7):30,2e,30,2e,30,2e,30,00,00
"SubnetMask"=hex(7):30,2e,30,2e,30,2e,30,00,00
"DefaultGateway"=hex(7):00
"DefaultGatewayMetric"=hex(7):00
"Domain"=""
"RegistrationEnabled"=dword:00000001
"RegisterAdapterName"=dword:00000000
"TCPAllowedPorts"=hex(7):30,00,00
"UDPAllowedPorts"=hex(7):30,00,00
"RawIPAllowedProtocols"=hex(7):30,00,00
"NTEContextList"=hex(7):30,78,30,30,30,30,30,30,30,32,00,00
"DhcpClassIdBin"=hex:
"DhcpServer"="255.255.255.255"
"Lease"=dword:00000000
"LeaseObtainedTime"=dword:46fceaf9
"T1"=dword:46fceaf9
"T2"=dword:46fceaf9
"LeaseTerminatesTime"=dword:7fffffff
"IPAutoconfigurationAddress"="169.254.175.80"
"IPAutoconfigurationMask"="255.255.0.0"
"IPAutoconfigurationSeed"=dword:bc1445fb
"AddressType"=dword:00000001
"NameServer"="84.95.14.250,212.116.161.38"
"DhcpIPAddress"="169.254.175.80"
"DhcpSubnetMask"="255.255.0.0"
"DhcpRetryTime"=dword:00000112
"DhcpRetryStatus"=dword:00000000
[HKEY_LOCAL_MACHINE\system\currentcontrolset\servic es\tcpip\parameters\Interfaces\{93CCFF0B-6D57-4B25-A894-7A03F7AF4A65}]
"UseZeroBroadcast"=dword:00000000
"EnableDeadGWDetect"=dword:00000001
"EnableDHCP"=dword:00000000
"IPAddress"=hex(7):30,2e,30,2e,30,2e,30,00,00
"SubnetMask"=hex(7):32,35,35,2e,30,2e,30,2e,30,00,00
"DefaultGateway"=hex(7):00
"DefaultGatewayMetric"=hex(7):00
"Domain"=""
"RegistrationEnabled"=dword:00000001
"RegisterAdapterName"=dword:00000001
"TCPAllowedPorts"=hex(7):30,00,00
"UDPAllowedPorts"=hex(7):30,00,00
"RawIPAllowedProtocols"=hex(7):30,00,00
"NTEContextList"=hex(7):30,78,30,30,30,30,30,30,30,33,00,00
"DhcpClassIdBin"=hex:
"DhcpNameServer"=""
"NameServer"=""
"DhcpIPAddress"="0.0.0.0"
"DhcpSubnetMask"="255.0.0.0"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\servic es\tcpip\parameters\Interfaces\{9E5AEC66-F963-43C4-89BA-6362A700F7A7}]
"UseZeroBroadcast"=dword:00000000
"EnableDHCP"=dword:00000000
"IPAddress"=hex(7):30,2e,30,2e,30,2e,30,00,00
"SubnetMask"=hex(7):30,2e,30,2e,30,2e,30,00,00
"DefaultGateway"=hex(7):00
"EnableDeadGWDetect"=dword:00000001
"DontAddDefaultGateway"=dword:00000000
[HKEY_LOCAL_MACHINE\system\currentcontrolset\servic es\tcpip\parameters\PersistentRoutes]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\servic es\tcpip\parameters\Winsock]
"UseDelayedAcceptance"=dword:00000000
"HelperDllName"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,53, 79,73,74,65,\
6d,33,32,5c,77,73,68,74,63,70,69,70,2e,64,6c,6c,00
"MaxSockAddrLength"=dword:00000010
"MinSockAddrLength"=dword:00000010
"Mapping"=hex:0b,00,00,00,03,00,00,00,02,00,00,00,01,00,00, 00,06,00,00,00,02,\
00,00,00,01,00,00,00,00,00,00,00,02,00,00,00,00,00 ,00,00,06,00,00,00,00,00,\
00,00,00,00,00,00,06,00,00,00,00,00,00,00,01,00,00 ,00,06,00,00,00,02,00,00,\
00,02,00,00,00,11,00,00,00,02,00,00,00,02,00,00,00 ,00,00,00,00,02,00,00,00,\
00,00,00,00,11,00,00,00,00,00,00,00,00,00,00,00,11 ,00,00,00,00,00,00,00,02,\
00,00,00,11,00,00,00,02,00,00,00,03,00,00,00,00,00 ,00,00

לוג ה HIJACKTHIS:

Logfile of HijackThis v1.99.1

Scan saved at 22:09:12, on 29/09/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\ASUS\AASP\1.00.05\aaCenter.exe
C:\Program Files\ASUS\AI Suite\AiNap\AiNap.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\SpywareBot\SpywareBot.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\WINDOWS\ATKKBService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe
C:\Documents and Settings\Rona & Eitan\Desktop\anti spy\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ynet.co.il/home/0,7340,L-8,00.html

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\sw g.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [JMB36X Configure] C:\WINDOWS\system32\JMRaidTool.exe boot
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [AsusServiceProvider] C:\Program Files\ASUS\AASP\1.00.05\aaCenter.exe
O4 - HKLM\..\Run: [Ai Nap] "C:\Program Files\ASUS\AI Suite\AiNap\AiNap.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [SpywareBot] C:\Program Files\SpywareBot\SpywareBot.exe -boot
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe
O9 - Extra button: שלח אל OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: ש&לח אל OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} (asusTek_sysctrl Class) - http://support.asus.com/common/asusTek_sys_ctrl.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{4651C20C-7D43-4554-B4FE-2DBA93E4AD4A}: NameServer = 212.116.161.40 84.95.14.250
O17 - HKLM\System\CCS\Services\Tcpip\..\{8D8C23CC-2CEB-49F2-85C2-944BA5700AE5}: NameServer = 84.95.14.250,212.116.161.38
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DL L
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

אפשרויות משלוח הודעות

אתה לא יכול לפתוח אשכולות חדשים

אתה לא יכול להגיב לאשכולות

אתה לא יכול לצרף קבצים

אתה לא יכול לערוך את ההודעות שלך

קוד vB פעיל

סמיילים פעיל

קוד [IMG] פעיל

קוד HTML כבוי

כלי אשכול	חפש באשכול זה
הצג גירסת הדפסה שלח דף זה ב E-Mail	חפש באשכול זה: חיפוש מתקדם
מצבי תצוגה	דרג אשכול זה
עבור למצב לינארי מצב כלאיים עבור למצב משורשר	דרג אשכול זה:

הדף נוצר ב 0.19 שניות עם 10 שאילתות
צור קשר - Fresh - למעלה