Mivercon Security Forum
›
HijackThis Forum
›
Submit your HijackThislog here 
please help to remove Win32/Olmarik trojan
please help to remove Win32/Olmarik trojan
|
please help to remove Win32/Olmarik trojan
|
|
16-12-2010, 12:52
Bericht: #1
|
|||
|
|||
 please help to remove Win32/Olmarik trojan
Logfile of random's system information tool 1.08 (written by random/random)
Run by Hamid at 2010-12-16 14:07:25 Microsoft Windows 7 Ultimate System drive C: has 22 GB (29%) free of 77 GB Total RAM: 2047 MB (63% free) Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 02:09:07 ب.ظ, on 16/12/2010 Platform: Windows 7 (WinNT 6.00.3504) MSIE: Internet Explorer v8.00 (8.00.7600.16385) Boot mode: Normal Running processes: C:\Windows\system32\taskhost.exe C:\Windows\system32\rdpclip.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\Unlocker\UnlockerAssistant.exe C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe C:\Program Files\A4Tech\Mouse\Amoumain.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe C:\Windows\System32\bgsmsnd.exe C:\Program Files\Internet Download Manager\IDMan.exe C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE C:\Program Files\Internet Download Manager\IEMonitor.exe C:\Windows\system32\SearchFilterHost.exe C:\Users\Hamid\Desktop\RSIT.exe C:\Program Files\trend micro\Hamid.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: pdfMachine - {56CF4856-ECB4-4e46-A897-A378821F97B9} - C:\Windows\system32\spool\DRIVERS\W32X86\3\bgstb.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL O2 - BHO: Babylon IE plugin - {9CFACCB6-2F3F-4177-94EA-0D2B72D384C1} - C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O3 - Toolbar: pdfMachine - {56CF4856-ECB4-4e46-A897-A378821F97B9} - C:\Windows\system32\spool\DRIVERS\W32X86\3\bgstb.dll O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe" O4 - HKLM\..\Run: [VirtualCloneDrive] "C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s O4 - HKLM\..\Run: [WheelMouse] C:\Program Files\A4Tech\Mouse\Amoumain.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice O4 - HKLM\..\Run: [bgsmsnd.exe] C:\Windows\system32\bgsmsnd.exe O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE') O4 - Startup: OneNote 2010 Screen Clipper and Launcher.lnk = Microsoft Office\Office14\ONENOTEM.EXE O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 O8 - Extra context menu item: Download all links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm O8 - Extra context menu item: Download FLV video content with IDM - C:\Program Files\Internet Download Manager\IEGetVL.htm O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000 O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105 O8 - Extra context menu item: Translate this web page with Babylon - res://C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/ActionTU.htm O8 - Extra context menu item: Translate with Babylon - res://C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Action.htm O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: Translate this web page with Babylon - {F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} - C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll O9 - Extra 'Tools' menuitem: Translate this web page with Babylon - {F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} - C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll O10 - Unknown file in Winsock LSP: c:\program files\vmware\vmware workstation\vsocklib.dll O10 - Unknown file in Winsock LSP: c:\program files\vmware\vmware workstation\vsocklib.dll O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{F34FBBB7-8445-45E3-8B46-0620B600314F}: NameServer = 4.2.2.4,4.2.2.3,8.8.8.8,95.38.60.64,217.218.155.105,217.218.127.105 O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GRA32A~1.DLL O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: GEARSecurity - Unknown owner - C:\Windows\System32\GEARSec.exe (file missing) O23 - Service: GenericMount Helper Service - Symantec - C:\Program Files\Norton Ghost\Shared\Drivers\GenericMountHelper.exe O23 - Service: Norton Ghost - Symantec Corporation - C:\Program Files\Norton Ghost\Agent\VProSvc.exe O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe O23 - Service: SymSnapService - Symantec - C:\Program Files\Norton Ghost\Shared\Drivers\SymSnapService.exe O23 - Service: TeamViewer 5 (TeamViewer5) - TeamViewer GmbH - C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe O23 - Service: VMware Agent Service (ufad-ws60) - VMware, Inc. - C:\Program Files\VMware\VMware Workstation\vmware-ufad.exe O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - C:\Program Files\VMware\VMware Workstation\vmware-authd.exe O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\Windows\system32\vmnetdhcp.exe O23 - Service: VMware USB Arbitration Service (VMUSBArbService) - VMware, Inc. - C:\Program Files\Common Files\VMware\USB\vmware-usbarbitrator.exe O23 - Service: VMware NAT Service - VMware, Inc. - C:\Windows\system32\vmnat.exe O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe -- End of file - 8652 bytes ======Registry dump====== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0055C089-8582-441B-A0BF-17B458C2A3A8}] IDMIEHlprObj Class - C:\Program Files\Internet Download Manager\IDMIECC.dll [2010-09-29 197984] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}] Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-06-19 75200] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{56CF4856-ECB4-4e46-A897-A378821F97B9}] pdfMachine - C:\Windows\system32\spool\DRIVERS\W32X86\3\bgstb.dll [2010-08-24 273552] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}] Groove GFS Browser Helper - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL [2010-03-25 4222864] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9CFACCB6-2F3F-4177-94EA-0D2B72D384C1}] Babylon IE plugin - C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll [2009-06-04 252304] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}] Office Document Cache Handler - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL [2010-02-28 561552] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}] Java™ Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-08-04 41760] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] {56CF4856-ECB4-4e46-A897-A378821F97B9} - pdfMachine - C:\Windows\system32\spool\DRIVERS\W32X86\3\bgstb.dll [2010-08-24 273552] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "UnlockerAssistant"=C:\Program Files\Unlocker\UnlockerAssistant.exe [2010-03-09 15872] "VirtualCloneDrive"=C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe [2009-05-27 85160] "WheelMouse"=C:\Program Files\A4Tech\Mouse\Amoumain.exe [2008-03-06 241664] "SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2010-05-14 248552] "TaskTray"= [] "egui"=C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe [2010-08-12 2215064] "bgsmsnd.exe"=C:\Windows\system32\bgsmsnd.exe [2010-08-24 214672] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "IDMan"=C:\Program Files\Internet Download Manager\IDMan.exe [2010-10-07 3249504] "Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2009-07-14 1173504] "ASRockOCTuner"= [] "ASRockIES"= [] "zASRockInstantBoot"= [] "hddled.exe"= [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acronis Scheduler2 Service] C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe [2010-09-08 390736] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM] C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2010-06-09 976832] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2010-06-20 35760] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Babylon Client] C:\Program Files\Babylon\Babylon-Pro\Babylon.exe [2010-08-11 4025744] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BCSSync] C:\Program Files\Microsoft Office\Office14\BCSSync.exe [2010-03-13 91520] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BDRegion] C:\Program Files\Cyberlink\Shared files\brs.exe [2010-08-26 75048] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Calendar] C:\Program Files\SinaPardazeshSOFT\Calendar\calendar.exe [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CloneCDTray] C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe [2009-01-30 57344] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CoolStartUp] C:\Program Files\OSTEC\CoolGram\CoolGramS.exe [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update] C:\Users\Hamid\AppData\Local\Google\Update\GoogleUpdate.exe /c [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor] C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [2006-10-26 31016] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HDAudDeck] C:\Program Files\VIA\VIAudioi\VDeck\VDeck.exe [2009-09-21 1681408] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Messenger (Yahoo!)] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe [2009-11-10 5244216] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBAgent] C:\Program Files\Nero\Nero 10\Nero BackItUp\NBAgent.exe /WinStart [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [2007-03-01 153136] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Norton Ghost 15.0] C:\Program Files\Norton Ghost\Agent\VProTray.exe [2009-10-01 2596712] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDVD9LanguageShortcut] C:\Program Files\CyberLink\PowerDVD9\Language\Language.exe [2009-04-27 50472] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] C:\Program Files\QuickTime\QTTask.exe [2010-09-08 421888] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl10] C:\Program Files\CyberLink\PowerDVD10\PDVD10Serv.exe [2010-02-03 87336] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl9] C:\Program Files\CyberLink\PowerDVD9\PDVD9Serv.exe [2009-07-06 87336] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SAOB Monitor] C:\Program Files\Acronis\OnlineBackupStandalone\TrueImageMonitor.exe [2010-09-02 2536440] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Standby] c:\Program Files\Common Files\Corel\Standby\Standby.exe [2010-03-18 105632] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam] C:\Program Files\Steam\Steam.exe [2010-11-14 1242448] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2010-10-21 202256] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TrueImageMonitor.exe] C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe [2010-09-08 5479424] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\USB Safely Remove] C:\Program Files\USB Safely Remove\USBSafelyRemove.exe /startup [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UVS12 Preload] C:\Program Files\Corel\Corel VideoStudio 12\uvPL.exe [2008-06-09 397456] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VPNClient] C:\Program Files\iPig\Client\ipigclient.exe [2007-08-17 753016] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WebcamMaxAutoRun] C:\Program Files\WebcamMax\WebcamMax.exe [2010-10-22 6046960] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinInternalSrc65] C:\Users\Hamid\Documents\w65Src.exe [2010-10-07 884852] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Server4PC.lnk] C:\PROGRA~1\TECHNI~1\bin\SERVER~1.EXE [2009-09-08 338448] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^TBS-IPdata.lnk] C:\PROGRA~1\TBSIP~1\TBS-IP~1.EXE [2009-11-16 444976] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Hamid^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Gamma.lnk] C:\PROGRA~1\COMMON~1\Adobe\CALIBR~1\ADOBEG~1.EXE [2005-03-16 113664] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Hamid^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^LimeWire On Startup.lnk] C:\PROGRA~1\LimeWire\LimeWire.exe [2010-09-30 503808] C:\Users\Hamid\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup OneNote 2010 Screen Clipper and Launcher.lnk - C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] "{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL [2010-03-25 4222864] [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders] "SecurityProviders"=credssp.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] "ConsentPromptBehaviorAdmin"=0 "ConsentPromptBehaviorUser"=3 "EnableLUA"=0 "EnableUIADesktopToggle"=0 "PromptOnSecureDesktop"=0 "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 "EnableLinkedConnections"=1 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoDriveTypeAutoRun"=145 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoDriveTypeAutoRun"=255 [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "C:\Program Files\Ketabeavval\KEtabeavval Electronic Book\ketabeavval.exe"="C:\Program Files\Ketabeavval\KEtabeavval Electronic Book\ketabeavval.exe:*:Enabled:ketabeavval" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] ======File associations====== .js - edit - C:\Windows\System32\Notepad.exe %1 .js - open - C:\Windows\System32\WScript.exe "%1" %* ======List of files/folders created in the last 3 months====== 2010-12-16 14:07:25 ----D---- C:\rsit 2010-12-16 14:07:25 ----D---- C:\Program Files\trend micro 2010-11-26 17:20:50 ----D---- C:\ProgramData\ConeXware 2010-11-26 17:18:35 ----D---- C:\Program Files\PowerArchiver 2010-11-18 17:18:50 ----A---- C:\Windows\system32\msvcr80.dll 2010-11-18 17:18:50 ----A---- C:\Windows\system32\msvcp80.dll 2010-11-18 17:18:50 ----A---- C:\Windows\system32\msvcm80.dll 2010-11-18 17:18:36 ----D---- C:\Windows\system32\system32 2010-11-18 16:19:45 ----A---- C:\Windows\system32\xvidcore.dll 2010-11-18 16:19:44 ----A---- C:\Windows\system32\xvidvfw.dll 2010-11-18 16:19:43 ----D---- C:\Program Files\Xvid 2010-11-17 20:24:11 ----D---- C:\Users\Hamid\AppData\Roaming\Apple Computer 2010-11-14 17:44:29 ----D---- C:\Program Files\Trine 2010-11-14 14:16:55 ----D---- C:\Program Files\Sid Meier's Civilization V 2010-11-14 13:50:03 ----D---- C:\Program Files\Common Files\Steam 2010-11-14 13:49:43 ----D---- C:\Program Files\Steam 2010-11-14 13:49:12 ----A---- C:\Windows\system32\XAudio2_5.dll 2010-11-14 13:49:12 ----A---- C:\Windows\system32\xactengine3_5.dll 2010-11-14 13:49:11 ----A---- C:\Windows\system32\XAPOFX1_3.dll 2010-11-14 13:49:11 ----A---- C:\Windows\system32\D3DX9_41.dll 2010-11-14 13:49:11 ----A---- C:\Windows\system32\d3dx11_42.dll 2010-11-14 13:49:11 ----A---- C:\Windows\system32\d3dx10_42.dll 2010-11-14 13:49:11 ----A---- C:\Windows\system32\d3dx10_41.dll 2010-11-14 13:49:11 ----A---- C:\Windows\system32\d3dcsx_42.dll 2010-11-14 13:49:11 ----A---- C:\Windows\system32\D3DCompiler_41.dll 2010-11-14 13:49:10 ----A---- C:\Windows\system32\XAudio2_4.dll 2010-11-14 13:49:10 ----A---- C:\Windows\system32\xactengine3_4.dll 2010-11-14 13:49:10 ----A---- C:\Windows\system32\X3DAudio1_6.dll 2010-11-14 13:49:10 ----A---- C:\Windows\system32\d3dx10_40.dll 2010-11-14 13:49:10 ----A---- C:\Windows\system32\D3DCompiler_40.dll 2010-11-14 13:49:09 ----A---- C:\Windows\system32\XAudio2_3.dll 2010-11-14 13:49:09 ----A---- C:\Windows\system32\XAudio2_2.dll 2010-11-14 13:49:09 ----A---- C:\Windows\system32\XAPOFX1_2.dll 2010-11-14 13:49:09 ----A---- C:\Windows\system32\XAPOFX1_1.dll 2010-11-14 13:49:09 ----A---- C:\Windows\system32\xactengine3_3.dll 2010-11-14 13:49:09 ----A---- C:\Windows\system32\X3DAudio1_5.dll 2010-11-14 13:49:08 ----A---- C:\Windows\system32\xactengine3_2.dll 2010-11-14 13:49:07 ----A---- C:\Windows\system32\XAudio2_1.dll 2010-11-14 13:49:07 ----A---- C:\Windows\system32\XAudio2_0.dll 2010-11-14 13:49:07 ----A---- C:\Windows\system32\XAPOFX1_0.dll 2010-11-14 13:49:07 ----A---- C:\Windows\system32\xactengine3_1.dll 2010-11-14 13:49:07 ----A---- C:\Windows\system32\X3DAudio1_4.dll 2010-11-14 13:49:07 ----A---- C:\Windows\system32\D3DX9_38.dll 2010-11-14 13:49:07 ----A---- C:\Windows\system32\d3dx10_38.dll 2010-11-14 13:49:07 ----A---- C:\Windows\system32\D3DCompiler_38.dll 2010-11-14 13:49:06 ----A---- C:\Windows\system32\xactengine3_0.dll 2010-11-14 13:49:06 ----A---- C:\Windows\system32\X3DAudio1_3.dll 2010-11-14 13:49:06 ----A---- C:\Windows\system32\D3DX9_37.dll 2010-11-14 13:49:06 ----A---- C:\Windows\system32\d3dx10_37.dll 2010-11-14 13:49:06 ----A---- C:\Windows\system32\D3DCompiler_37.dll 2010-11-07 20:58:17 ----D---- C:\Users\Hamid\AppData\Roaming\WinRAR 2010-11-07 20:16:30 ----A---- C:\Windows\system32\OpenCL.dll 2010-11-07 20:16:29 ----A---- C:\Windows\system32\nvwgf2um.dll 2010-11-07 20:16:29 ----A---- C:\Windows\system32\nvoglv32.dll 2010-11-07 20:16:28 ----A---- C:\Windows\system32\nvgenco322030.dll 2010-11-07 20:16:28 ----A---- C:\Windows\system32\nvdispco322050.dll 2010-11-07 20:16:28 ----A---- C:\Windows\system32\drivers\nvlddmkm.sys 2010-11-07 20:16:27 ----A---- C:\Windows\system32\nvdecodemft.dll 2010-11-07 20:16:27 ----A---- C:\Windows\system32\nvd3dum.dll 2010-11-07 20:16:27 ----A---- C:\Windows\system32\nvcuvid.dll 2010-11-07 20:16:26 ----A---- C:\Windows\system32\nvcuvenc.dll 2010-11-07 20:16:26 ----A---- C:\Windows\system32\nvcuda.dll 2010-11-07 20:16:24 ----A---- C:\Windows\system32\nvcompiler.dll 2010-11-07 20:16:24 ----A---- C:\Windows\system32\nvapi.dll 2010-11-06 18:01:23 ----D---- C:\Program Files\Common Files\HP 2010-11-06 18:01:21 ----D---- C:\Program Files\Common Files\Hewlett-Packard 2010-11-06 18:01:19 ----D---- C:\Program Files\Hewlett-Packard 2010-11-06 17:59:41 ----A---- C:\Windows\system32\hpz3l5ha.dll 2010-11-06 17:58:47 ----D---- C:\Program Files\HP 2010-11-06 17:58:45 ----HD---- C:\Config.Msi 2010-11-06 17:55:43 ----D---- C:\ProgramData\HP 2010-11-05 21:40:46 ----D---- C:\ProgramData\Hewlett-Packard 2010-11-04 05:29:05 ----D---- C:\Windows\.rsrc 2010-11-04 05:28:29 ----A---- C:\Windows\Model.txt 2010-11-04 05:20:50 ----D---- C:\Program Files\Universal Extractor 2010-11-03 23:57:15 ----A---- C:\Windows\NeroDigital.ini 2010-11-03 17:21:20 ----D---- C:\Windows\system32\ShellExt 2010-10-26 18:48:12 ----D---- C:\ProgramData\Downloaded Installations 2010-10-23 12:40:21 ----D---- C:\Users\Hamid\AppData\Roaming\Nero 2010-10-23 12:38:37 ----D---- C:\Program Files\Common Files\Macrovision Shared 2010-10-23 12:38:16 ----D---- C:\ProgramData\Rosetta Stone 2010-10-23 12:38:16 ----D---- C:\Program Files\Rosetta Stone 2010-10-23 12:24:35 ----A---- C:\Windows\system32\D3DCompiler_42.dll 2010-10-23 12:24:21 ----A---- C:\Windows\system32\D3DX9_40.dll 2010-10-22 19:56:22 ----D---- C:\ProgramData\Venta 2010-10-22 13:42:30 ----D---- C:\Users\Hamid\AppData\Roaming\WebcamMax 2010-10-22 13:42:30 ----D---- C:\ProgramData\WebcamMax 2010-10-22 13:41:48 ----D---- C:\Program Files\WebcamMax 2010-10-22 13:38:32 ----D---- C:\Program Files\QuickTime 2010-10-22 13:37:59 ----D---- C:\Program Files\Common Files\Apple 2010-10-21 13:49:40 ----D---- C:\Program Files\Common Files\xing shared 2010-10-21 13:49:26 ----A---- C:\Windows\system32\pncrt.dll 2010-10-21 13:35:35 ----D---- C:\Program Files\RAR Password Unlocker 2010-10-21 13:30:39 ----D---- C:\Program Files\RAR Password Recovery Magic 2010-10-21 13:28:03 ----D---- C:\archive_db 2010-10-21 13:27:07 ----D---- C:\ProgramData\explauncher 2010-10-21 13:27:06 ----D---- C:\ProgramData\launcher 2010-10-20 15:12:45 ----D---- C:\Windows\system32\Adobe 2010-10-20 14:49:51 ----D---- C:\Users\Hamid\AppData\Roaming\Aegisub 2010-10-20 14:49:20 ----D---- C:\Program Files\Aegisub 2010-10-16 12:42:20 ----A---- C:\Windows\system32\nvvsvc.exe 2010-10-16 12:42:20 ----A---- C:\Windows\system32\nvshext.dll 2010-10-16 12:42:20 ----A---- C:\Windows\system32\nvmctray.dll 2010-10-16 12:42:16 ----A---- C:\Windows\system32\nvcpl.dll 2010-10-16 12:42:12 ----A---- C:\Windows\system32\nvsvc.dll 2010-10-13 13:42:54 ----D---- C:\Program Files\Common Files\Wise Installation Wizard 2010-10-12 21:38:38 ----D---- C:\Users\Hamid\AppData\Roaming\Corel 2010-10-12 21:38:37 ----RSH---- C:\ProgramData\E0D83C115D.sys 2010-10-12 21:38:37 ----ASH---- C:\ProgramData\KGyGaAvL.sys 2010-10-12 08:11:06 ----D---- C:\ProgramData\eSellerate 2010-10-12 08:10:39 ----D---- C:\Program Files\SmartSound Software 2010-10-12 08:10:35 ----D---- C:\ProgramData\SmartSound Software Inc 2010-10-12 08:09:43 ----D---- C:\Windows\RegisteredPackages 2010-10-12 08:09:42 ----HD---- C:\Windows\msdownld.tmp 2010-10-12 08:07:15 ----D---- C:\ProgramData\Corel 2010-10-12 08:01:41 ----D---- C:\Program Files\Common Files\Protexis 2010-10-12 08:01:15 ----D---- C:\Program Files\Common Files\Corel 2010-10-12 07:59:28 ----A---- C:\Windows\system32\xactengine2_10.dll 2010-10-12 07:59:28 ----A---- C:\Windows\system32\d3dx10_36.dll 2010-10-12 07:59:28 ----A---- C:\Windows\system32\D3DCompiler_36.dll 2010-10-12 07:59:27 ----A---- C:\Windows\system32\xactengine2_9.dll 2010-10-12 07:59:27 ----A---- C:\Windows\system32\d3dx9_36.dll 2010-10-12 07:59:27 ----A---- C:\Windows\system32\d3dx9_35.dll 2010-10-12 07:59:27 ----A---- C:\Windows\system32\d3dx10_35.dll 2010-10-12 07:59:27 ----A---- C:\Windows\system32\D3DCompiler_35.dll 2010-10-12 07:59:26 ----A---- C:\Windows\system32\xactengine2_8.dll 2010-10-12 07:59:26 ----A---- C:\Windows\system32\X3DAudio1_2.dll 2010-10-12 07:59:26 ----A---- C:\Windows\system32\d3dx9_34.dll 2010-10-12 07:59:26 ----A---- C:\Windows\system32\d3dx10_34.dll 2010-10-12 07:59:26 ----A---- C:\Windows\system32\D3DCompiler_34.dll 2010-10-12 07:59:25 ----A---- C:\Windows\system32\xinput1_3.dll 2010-10-12 07:59:25 ----A---- C:\Windows\system32\xactengine2_7.dll 2010-10-12 07:59:25 ----A---- C:\Windows\system32\d3dx9_33.dll 2010-10-12 07:59:25 ----A---- C:\Windows\system32\d3dx10_33.dll 2010-10-12 07:59:25 ----A---- C:\Windows\system32\D3DCompiler_33.dll 2010-10-12 07:59:24 ----A---- C:\Windows\system32\xactengine2_6.dll 2010-10-12 07:59:24 ----A---- C:\Windows\system32\xactengine2_5.dll 2010-10-12 07:59:24 ----A---- C:\Windows\system32\xactengine2_4.dll 2010-10-12 07:59:24 ----A---- C:\Windows\system32\x3daudio1_1.dll 2010-10-12 07:59:24 ----A---- C:\Windows\system32\d3dx9_32.dll 2010-10-12 07:59:24 ----A---- C:\Windows\system32\d3dx10.dll 2010-10-12 07:59:23 ----A---- C:\Windows\system32\xinput1_2.dll 2010-10-12 07:59:23 ----A---- C:\Windows\system32\xactengine2_3.dll 2010-10-12 07:59:22 ----A---- C:\Windows\system32\xinput1_1.dll 2010-10-12 07:59:22 ----A---- C:\Windows\system32\xactengine2_2.dll 2010-10-12 07:59:22 ----A---- C:\Windows\system32\xactengine2_1.dll 2010-10-12 07:59:14 ----A---- C:\Windows\system32\xactengine2_0.dll 2010-10-12 07:59:14 ----A---- C:\Windows\system32\x3daudio1_0.dll 2010-10-12 07:59:14 ----A---- C:\Windows\system32\d3dx9_30.dll 2010-10-12 07:59:14 ----A---- C:\Windows\system32\d3dx9_29.dll 2010-10-12 07:59:12 ----A---- C:\Windows\system32\d3dx9_28.dll 2010-10-12 07:59:12 ----A---- C:\Windows\system32\d3dx9_27.dll 2010-10-12 07:59:12 ----A---- C:\Windows\system32\d3dx9_26.dll 2010-10-12 07:59:11 ----A---- C:\Windows\system32\d3dx9_25.dll 2010-10-12 07:59:11 ----A---- C:\Windows\system32\d3dx9_24.dll 2010-10-12 07:06:50 ----D---- C:\Program Files\Microsoft Synchronization Services 2010-10-12 07:06:10 ----D---- C:\Program Files\Microsoft Sync Framework 2010-10-12 07:06:10 ----D---- C:\Program Files\Microsoft SQL Server Compact Edition 2010-10-12 07:02:24 ----D---- C:\Program Files\Microsoft Analysis Services 2010-10-12 00:54:46 ----A---- C:\Windows\system32\D3DX9_42.dll 2010-10-12 00:47:53 ----D---- C:\Users\Hamid\AppData\Roaming\USBSafelyRemove 2010-10-12 00:47:37 ----D---- C:\ProgramData\USBSRService 2010-10-12 00:12:16 ----A---- C:\Windows\system32\GenSvcInst.exe 2010-10-12 00:12:16 ----A---- C:\Windows\system32\drivers\cdrbsdrv.sys 2010-10-12 00:12:15 ----A---- C:\Windows\system32\bgsvcgen.exe 2010-10-11 19:41:55 ----D---- C:\Program Files\Systerac Advanced Tools for Windows 2010-10-11 19:40:49 ----A---- C:\Windows\system32\mfc45.dll 2010-10-11 19:40:45 ----D---- C:\Users\Hamid\AppData\Roaming\iolo 2010-10-11 19:40:45 ----D---- C:\ProgramData\iolo 2010-10-11 19:38:09 ----D---- C:\Program Files\Data Doctor Recovery - SIM Card 2010-10-11 19:35:34 ----A---- C:\Windows\system32\drivers\sensorsview32.sys 2010-10-11 19:35:08 ----D---- C:\Program Files\SensorsViewPro32 2010-10-11 19:25:43 ----D---- C:\ProgramData\ESET 2010-10-11 19:12:31 ----D---- C:\Users\Hamid\AppData\Roaming\LimeWire 2010-10-11 17:36:48 ----D---- C:\Users\Hamid\AppData\Roaming\ArcSoft 2010-10-11 17:26:52 ----D---- C:\ProgramData\ArcSoft 2010-10-11 17:26:52 ----D---- C:\Program Files\Common Files\ArcSoft 2010-10-11 16:57:50 ----A---- C:\Windows\system32\unrar.dll 2010-10-11 01:18:19 ----A---- C:\Windows\Awpr.ini 2010-10-11 01:18:08 ----D---- C:\Program Files\ElcomSoft 2010-10-10 18:10:08 ----D---- C:\Program Files\Add Remove Pro 2010-10-10 16:16:26 ----D---- C:\Users\Hamid\AppData\Roaming\Media Player Classic 2010-10-10 13:01:10 ----D---- C:\Users\Hamid\AppData\Roaming\ImTOO 2010-10-09 23:01:07 ----D---- C:\Users\Hamid\AppData\Roaming\XYplorer 2010-10-09 22:52:56 ----D---- C:\Mehr 2010-10-09 19:59:37 ----D---- C:\Program Files\FlashBoot 2010-10-09 19:51:58 ----D---- C:\Temp 2010-10-09 19:48:31 ----D---- C:\Program Files\Common Files\Elecard 2010-10-09 19:48:28 ----D---- C:\Program Files\Elecard 2010-10-09 19:15:27 ----D---- C:\Users\Hamid\AppData\Roaming\Ulead Systems 2010-10-09 19:15:13 ----A---- C:\Windows\UA000106.DLL 2010-10-09 19:14:02 ----D---- C:\ProgramData\InterVideo 2010-10-09 19:14:00 ----A---- C:\Windows\system32\IVIresizeW7.dll 2010-10-09 19:14:00 ----A---- C:\Windows\system32\IVIresizePX.dll 2010-10-09 19:14:00 ----A---- C:\Windows\system32\IVIresizeP6.dll 2010-10-09 19:14:00 ----A---- C:\Windows\system32\IVIresizeM6.dll 2010-10-09 19:14:00 ----A---- C:\Windows\system32\IVIresizeA6.dll 2010-10-09 19:14:00 ----A---- C:\Windows\system32\IVIresize.dll 2010-10-09 19:13:15 ----D---- C:\Program Files\Windows Media Components 2010-10-09 19:12:22 ----D---- C:\ProgramData\Ulead Systems 2010-10-09 19:12:22 ----D---- C:\Program Files\Common Files\Ulead Systems 2010-10-09 19:10:53 ----D---- C:\Program Files\Corel 2010-10-09 18:59:27 ----D---- C:\Program Files\ArcSoft 2010-10-09 18:54:13 ----D---- C:\Users\Hamid\AppData\Roaming\B0B7774E-43DC-47EA-823A-327494AB57FC 2010-10-09 18:54:13 ----A---- C:\Windows\system32\drivers\afcdp.sys 2010-10-09 18:54:03 ----A---- C:\Windows\system32\drivers\tdrpm273.sys 2010-10-09 18:54:01 ----A---- C:\Windows\system32\drivers\timntr.sys 2010-10-09 18:49:43 ----D---- C:\Program Files\3herosoft 2010-10-09 13:40:45 ----A---- C:\Windows\UninstCool.exe 2010-10-08 17:13:55 ----D---- C:\Program Files\Common Files\BitCtrl 2010-10-08 01:24:56 ----A---- C:\Windows\system32\D3DX9_39.dll 2010-10-08 01:24:56 ----A---- C:\Windows\system32\d3dx10_39.dll 2010-10-08 01:24:56 ----A---- C:\Windows\system32\D3DCompiler_39.dll 2010-10-08 01:24:55 ----A---- C:\Windows\system32\d3dx9_31.dll 2010-10-08 01:24:31 ----D---- C:\ProgramData\PassMark 2010-10-08 01:24:30 ----D---- C:\Program Files\PerformanceTest 2010-10-07 22:35:28 ----A---- C:\Windows\system32\IS_ContextMenu.dll 2010-10-07 22:35:25 ----A---- C:\Windows\system32\iconv.dll 2010-10-07 22:35:22 ----D---- C:\Program Files\iSkysoft 2010-10-07 21:33:57 ----A---- C:\Windows\system32\nb4312316223.exe 2010-10-06 11:10:24 ----D---- C:\Program Files\Recovery Toolbox for RAR 2010-10-06 10:37:15 ----A---- C:\Windows\w32Svc.exe 2010-10-06 10:15:02 ----D---- C:\Program Files\Stellar Phoenix Zip Recovery 2010-09-29 22:26:49 ----A---- C:\Windows\system32\drivers\idmwfp.sys 2010-09-25 14:15:22 ----D---- C:\Program Files\mpeg2repair1015 2010-09-25 14:15:11 ----D---- C:\Program Files\tsMuxeR_1.10.6 2010-09-25 14:05:14 ----A---- C:\Program Files\TsRemux0212.exe 2010-09-25 13:48:26 ----D---- C:\Program Files\Common Files\Common Share 2010-09-24 18:44:53 ----D---- C:\Users\Hamid\AppData\Roaming\mkvtoolnix 2010-09-24 18:11:09 ----A---- C:\Windows\system32\libsndfile-1.dll 2010-09-24 18:10:21 ----D---- C:\Program Files\AutoMKV0984 2010-09-24 17:20:58 ----D---- C:\Windows\Sun 2010-09-24 17:20:42 ----D---- C:\ProgramData\Sun 2010-09-24 17:20:41 ----D---- C:\Program Files\Common Files\Java 2010-09-24 17:20:19 ----A---- C:\Windows\system32\javaws.exe 2010-09-24 17:20:19 ----A---- C:\Windows\system32\javaw.exe 2010-09-24 17:20:19 ----A---- C:\Windows\system32\java.exe 2010-09-24 17:20:19 ----A---- C:\Windows\system32\deployJava1.dll 2010-09-23 22:27:36 ----D---- C:\Users\Hamid\AppData\Roaming\AVI ReComp 2010-09-23 22:26:29 ----D---- C:\Program Files\AVI ReComp 2010-09-23 22:22:16 ----D---- C:\Program Files\VirtualDub-1.9.10 ======List of files/folders modified in the last 3 months====== 2010-12-16 14:08:45 ----D---- C:\Windows\Prefetch 2010-12-16 14:07:26 ----D---- C:\Windows\Temp 2010-12-16 14:07:25 ----D---- C:\Program Files 2010-12-16 14:04:03 ----D---- C:\DEHKHODA3 2010-12-16 13:59:41 ----D---- C:\ProgramData\VMware 2010-12-16 13:59:39 ----D---- C:\ProgramData\NVIDIA 2010-12-16 07:00:16 ----D---- C:\Users\Hamid\AppData\Roaming\DMCache 2010-12-15 16:07:39 ----HD---- C:\ProgramData 2010-12-15 16:07:39 ----D---- C:\Windows\system 2010-12-15 14:19:45 ----D---- C:\Users\Hamid\AppData\Roaming\vlc 2010-12-13 22:06:30 ----D---- C:\Users\Hamid\AppData\Roaming\VMware 2010-12-13 15:02:12 ----D---- C:\Windows\System32 2010-12-13 15:02:11 ----D---- C:\Windows\inf 2010-12-13 15:02:11 ----A---- C:\Windows\system32\PerfStringBackup.INI 2010-12-12 19:27:24 ----D---- C:\Program Files\Mozilla Firefox 2010-12-12 12:24:22 ----D---- C:\Windows 2010-12-11 23:30:20 ----D---- C:\Users\Hamid\AppData\Roaming\dvdcss 2010-12-11 03:30:52 ----D---- C:\Windows\system32\config 2010-12-11 03:18:51 ----SHD---- C:\System Volume Information 2010-12-09 16:03:38 ----D---- C:\Program Files\MeGUI 2010-12-09 15:35:57 ----D---- C:\Windows\system32\catroot2 2010-12-09 15:34:25 ----D---- C:\Windows\Minidump 2010-12-09 13:00:01 ----D---- C:\Windows\Tasks 2010-12-09 13:00:01 ----D---- C:\Windows\system32\Tasks 2010-12-05 14:56:52 ----A---- C:\log1.txt 2010-12-05 14:05:31 ----D---- C:\Users\Hamid\AppData\Roaming\IDM 2010-12-02 00:17:13 ----A---- C:\Windows\EurekaLog.ini 2010-12-01 00:10:25 ----A---- C:\psapi.dll 2010-11-30 17:25:22 ----RSD---- C:\Windows\Fonts 2010-11-30 01:02:42 ----D---- C:\Users\Hamid\AppData\Roaming\avidemux 2010-11-30 00:50:59 ----D---- C:\Program Files\Avidemux 2.5 2010-11-26 17:19:14 ----SHD---- C:\Windows\Installer 2010-11-25 17:23:32 ----RD---- C:\Users 2010-11-19 15:36:16 ----D---- C:\SATPROGRAM 2010-11-19 15:34:45 ----D---- C:\Windows\SoftwareDistribution 2010-11-19 15:26:33 ----D---- C:\Windows\system32\drivers\etc 2010-11-19 15:25:36 ----D---- C:\Windows\system32\drivers 2010-11-19 14:52:26 ----D---- C:\Windows\system32\NDF 2010-11-18 17:20:53 ----D---- C:\Windows\winsxs 2010-11-18 17:09:21 ----D---- C:\Program Files\Pegasys Inc 2010-11-16 21:08:28 ----D---- C:\Program Files\Common Files 2010-11-16 21:08:23 ----D---- C:\Program Files\Nero 2010-11-15 20:32:37 ----D---- C:\Users\Hamid\AppData\Roaming\TeamViewer 2010-11-14 16:42:53 ----RSD---- C:\Windows\assembly 2010-11-12 17:17:40 ----SD---- C:\Users\Hamid\AppData\Roaming\Microsoft 2010-11-10 17:25:05 ----D---- C:\Users\Hamid\AppData\Roaming\Babylon 2010-11-10 17:04:03 ----D---- C:\ProgramData\Babylon 2010-11-10 13:07:33 ----D---- C:\ProgramData\ProgDVB 2010-11-07 20:21:37 ----D---- C:\Program Files\NVIDIA Corporation 2010-11-07 20:20:28 ----D---- C:\Windows\system32\catroot 2010-11-07 20:20:25 ----D---- C:\Windows\system32\DriverStore 2010-11-06 18:01:27 ----D---- C:\Windows\twain_32 2010-10-26 14:59:02 ----D---- C:\Program Files\Google 2010-10-24 18:54:02 ----D---- C:\ProgramData\Acronis 2010-10-23 12:37:07 ----D---- C:\ProgramData\Nero 2010-10-22 13:48:24 ----D---- C:\Program Files\Winamp 2010-10-22 13:38:32 ----D---- C:\ProgramData\Apple Computer 2010-10-21 13:50:01 ----D---- C:\ProgramData\Real 2010-10-21 13:49:59 ----D---- C:\Program Files\Common Files\Real 2010-10-21 13:49:58 ----A---- C:\Windows\system32\rmoc3260.dll 2010-10-21 13:49:51 ----A---- C:\Windows\system32\pndx5032.dll 2010-10-21 13:49:51 ----A---- C:\Windows\system32\pndx5016.dll 2010-10-21 13:49:48 ----D---- C:\Program Files\Real 2010-10-21 13:49:26 ----A---- C:\Windows\system32\msvcr71.dll 2010-10-21 13:49:26 ----A---- C:\Windows\system32\msvcp71.dll 2010-10-21 13:26:56 ----DC---- C:\Windows\system32\DRVSTORE 2010-10-21 13:25:34 ----D---- C:\Program Files\Paragon Software 2010-10-21 13:23:32 ----D---- C:\Program Files\HyperSnap 6 2010-10-21 10:04:54 ----D---- C:\Program Files\7-Zip 2010-10-20 15:13:37 ----D---- C:\Users\Hamid\AppData\Roaming\Adobe 2010-10-19 01:05:07 ----A---- C:\Windows\VobEdit.INI 2010-10-19 01:04:13 ----A---- C:\Windows\IfoEdit.INI 2010-10-19 00:59:55 ----D---- C:\Program Files\SubRip_150b4 2010-10-18 23:48:12 ----A---- C:\Program Files\Txt2sup_Settings.ini 2010-10-17 18:30:56 ----D---- C:\Users\Hamid\AppData\Roaming\Vso 2010-10-13 13:29:36 ----D---- C:\Windows\system32\FxsTmp 2010-10-13 02:55:48 ----D---- C:\Users\Hamid\AppData\Roaming\Winamp 2010-10-12 08:11:10 ----HD---- C:\Program Files\InstallShield Installation Information 2010-10-12 07:59:16 ----D---- C:\Windows\Microsoft.NET 2010-10-12 07:14:09 ----D---- C:\ProgramData\Microsoft Help 2010-10-12 07:14:06 ----D---- C:\Program Files\Common Files\microsoft shared 2010-10-12 07:13:53 ----D---- C:\Windows\ShellNew 2010-10-12 07:13:32 ----A---- C:\Windows\win.ini 2010-10-12 07:07:58 ----D---- C:\Program Files\MSBuild 2010-10-12 07:06:42 ----D---- C:\Program Files\Common Files\DESIGNER 2010-10-12 07:06:11 ----D---- C:\Program Files\Microsoft Office 2010-10-12 07:06:10 ----SD---- C:\ProgramData\Microsoft 2010-10-12 07:05:23 ----D---- C:\Program Files\Microsoft Visual Studio 8 2010-10-12 00:54:44 ----D---- C:\Windows\Logs 2010-10-12 00:12:39 ----D---- C:\Users\Hamid\AppData\Roaming\Pegasys Inc 2010-10-11 19:46:45 ----D---- C:\Windows\pss 2010-10-11 19:33:06 ----D---- C:\ProgramData\CyberLink 2010-10-11 19:29:02 ----D---- C:\Program Files\CyberLink 2010-10-11 19:28:37 ----A---- C:\Windows\system32\msxml3a.dll 2010-10-11 19:25:43 ----D---- C:\Program Files\ESET 2010-10-11 19:12:12 ----D---- C:\Program Files\LimeWire 2010-10-11 17:28:42 ----D---- C:\Windows\system32\Codec 2010-10-10 18:15:42 ----D---- C:\Windows\Downloaded Program Files 2010-10-10 13:26:12 ----D---- C:\Program Files\WinRAR 2010-10-10 13:26:12 ----D---- C:\Program Files\JetAudio 2010-10-10 13:13:21 ----D---- C:\Program Files\Total Video Converter 2010-10-10 13:13:05 ----D---- C:\ProgramData\Win7codecs 2010-10-10 13:07:33 ----D---- C:\Program Files\Common Files\COWON 2010-10-10 13:05:09 ----D---- C:\Program Files\ImTOO 2010-10-09 23:01:04 ----D---- C:\Program Files\XYplorer 2010-10-09 20:03:47 ----AD---- C:\ProgramData\TEMP 2010-10-09 19:44:15 ----D---- C:\Program Files\Driver Genius 2010-10-09 19:13:58 ----D---- C:\Program Files\Common Files\InstallShield 2010-10-09 19:06:40 ----D---- C:\Windows\ehome 2010-10-09 18:53:27 ----D---- C:\Program Files\Common Files\Acronis 2010-10-09 18:52:54 ----D---- C:\Program Files\Acronis 2010-10-07 23:41:39 ----A---- C:\textm1.txt 2010-10-07 22:22:33 ----D---- C:\Program Files\Internet Download Manager 2010-10-04 15:11:55 ----D---- C:\Program Files\The KMPlayer 2010-10-01 13:23:08 ----D---- C:\Program Files\Common Files\Adobe 2010-10-01 13:22:32 ----D---- C:\ProgramData\Adobe 2010-09-24 17:20:15 ----D---- C:\Program Files\Java 2010-09-23 22:27:12 ----D---- C:\Program Files\AviSynth 2.5 2010-09-21 09:11:44 ----A---- C:\Windows\system32\bgsview.exe ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R0 hotcore3;hc3ServiceName; C:\Windows\system32\DRIVERS\hotcore3.sys [2010-01-17 40560] R0 nvstor32;nvstor32; C:\Windows\system32\DRIVERS\nvstor32.sys [2009-06-30 212000] R0 pciide;pciide; C:\Windows\system32\DRIVERS\pciide.sys [2009-07-14 12368] R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2009-07-14 173648] R0 snapman;Acronis Snapshots Manager; C:\Windows\system32\DRIVERS\snapman.sys [2010-10-09 170464] R0 symsnap;Symantec Volume Snap Shot Driver; C:\Windows\system32\DRIVERS\symsnap.sys [2009-09-21 138592] R0 tdrpman273;Acronis Try&Decide and Restore Points filter (build 273); C:\Windows\system32\DRIVERS\tdrpm273.sys [2010-10-09 752128] R0 timounter;Acronis Backup Archive Explorer; C:\Windows\system32\DRIVERS\timntr.sys [2010-10-09 600928] R1 Amfilter;A4Tech Mouse Filter Driver; C:\Windows\system32\DRIVERS\Amfilter.sys [2007-01-25 8704] R1 cdrbsdrv;cdrbsdrv; C:\Windows\system32\drivers\cdrbsdrv.sys [2010-10-12 38944] R1 CSC;@%systemroot%\system32\cscsvc.dll,-202; C:\Windows\system32\drivers\csc.sys [2009-07-14 387584] R1 ehdrv;ehdrv; C:\Windows\system32\DRIVERS\ehdrv.sys [2010-07-29 115008] R1 ElbyCDIO;ElbyCDIO Driver; C:\Windows\System32\Drivers\ElbyCDIO.sys [2009-02-17 24232] R1 oreans32;oreans32; \??\C:\Windows\system32\drivers\oreans32.sys [2010-08-12 33952] R1 tcpredir;tcpredir; \??\C:\Program Files\iPig\Client\tcpredir.sys [2007-07-19 16512] R1 Uim_IM;UIM Drive Backup Image Plugin; C:\Windows\System32\Drivers\Uim_IM.sys [2010-01-17 385544] R1 UimBus;Universal Image Mounter Controller; C:\Windows\system32\DRIVERS\UimBus.sys [2010-01-17 34392] R2 cpuz134;cpuz134; \??\C:\Windows\system32\drivers\cpuz134_x32.sys [2010-07-09 20328] R2 eamonm;eamonm; C:\Windows\system32\DRIVERS\eamonm.sys [2010-07-29 136632] R2 epfwwfpr;epfwwfpr; C:\Windows\system32\DRIVERS\epfwwfpr.sys [2010-07-29 96920] R2 hcmon;VMware hcmon; \??\C:\Windows\system32\drivers\hcmon.sys [2009-10-22 32304] R2 IDMWFP;IDMWFP; C:\Windows\system32\DRIVERS\idmwfp.sys [2010-09-30 71336] R2 mdmxsdk;mdmxsdk; C:\Windows\system32\DRIVERS\mdmxsdk.sys [2006-06-19 12672] R2 Parvdm;Parvdm; C:\Windows\system32\DRIVERS\parvdm.sys [2009-07-14 8704] R2 sensorsview32;sensorsview32; \??\C:\Windows\system32\drivers\sensorsview32.sys [2008-07-26 14416] R2 vmci;VMware vmci; \??\C:\Windows\system32\Drivers\vmci.sys [2009-10-22 70704] R2 VMnetBridge;VMware Bridge Protocol; C:\Windows\system32\DRIVERS\vmnetbridge.sys [2009-10-21 36400] R2 VMnetuserif;VMware Network Application Interface; \??\C:\Windows\system32\drivers\vmnetuserif.sys [2009-10-22 26288] R2 VMparport;VMware VMparport; \??\C:\Windows\system32\Drivers\VMparport.sys [2009-10-22 14896] R2 vmx86;VMware vmx86; \??\C:\Windows\system32\Drivers\vmx86.sys [2009-10-22 853936] R2 vstor2-ws60;Vstor2 WS60 Virtual Storage Driver; \??\C:\Program Files\VMware\VMware Workstation\vstor2-ws60.sys [2009-10-12 22448] R3 Amusbprt;A4Tech HID-compliant Mouse Driver; C:\Windows\system32\DRIVERS\Amusbprt.sys [2007-12-26 14336] R3 ElbyCDFL;ElbyCDFL; C:\Windows\System32\Drivers\ElbyCDFL.sys [2007-02-16 34760] R3 GEARAspiWDM;GearAspiWDM; C:\Windows\system32\DRIVERS\GEARAspiWDM.sys [2009-05-18 26600] R3 GenericMount;Generic Mount Driver; C:\Windows\system32\DRIVERS\GenericMount.sys [2009-09-21 46192] R3 HSF_DPV;HSF_DPV; C:\Windows\system32\DRIVERS\HSX_DPV.sys [2006-12-22 985600] R3 HSXHWBS2;HSXHWBS2; C:\Windows\system32\DRIVERS\HSXHWBS2.sys [2006-12-22 258048] R3 MODEMCSA;Unimodem Streaming Filter Device; C:\Windows\system32\drivers\MODEMCSA.sys [2009-07-14 18432] R3 MPEVirtual;Virtual MPE Decoder Adapter Driver; C:\Windows\system32\DRIVERS\MPEVirtual.sys [2008-11-07 102320] R3 NVNET;NVIDIA nForce 10/100 Mbps Ethernet ; C:\Windows\system32\DRIVERS\nvmf6232.sys [2009-04-30 287008] R3 pcouffin;VSO Software pcouffin; C:\Windows\System32\Drivers\pcouffin.sys [2010-08-11 47360] R3 RDPDR;Terminal Server Device Redirector Driver; C:\Windows\System32\drivers\rdpdr.sys [2009-07-14 133120] R3 tap0901;TAP-Win32 Adapter V9; C:\Windows\system32\DRIVERS\tap0901.sys [2009-12-12 25984] R3 tbs6920;TBS 6920 AvStream Video Capture; C:\Windows\system32\drivers\tbs6920.sys [2010-03-01 425008] R3 tbs6920vhid;TBS 6920 VHID Driver; C:\Windows\system32\drivers\tbs6920vhid.sys [2009-11-09 19760] R3 teamviewervpn;TeamViewer VPN Adapter; C:\Windows\system32\DRIVERS\teamviewervpn.sys [2009-11-09 25088] R3 VClone;VClone; C:\Windows\system32\DRIVERS\VClone.sys [2009-05-23 29696] R3 VIAHdAudAddService;VIA High Definition Audio Driver Service; C:\Windows\system32\drivers\viahduaa.sys [2009-09-17 1086976] R3 vmkbd;VMware kbd; \??\C:\Windows\system32\drivers\VMkbd.sys [2009-10-22 23216] R3 VMnetAdapter;VMware Virtual Ethernet Adapter Driver; C:\Windows\system32\DRIVERS\vmnetadapter.sys [2009-10-21 16560] R3 WDC_SAM;WD SCSI Pass Thru driver; C:\Windows\system32\DRIVERS\wdcsam.sys [2009-02-13 11520] S3 afcdp;afcdp; C:\Windows\system32\DRIVERS\afcdp.sys [2010-10-09 163232] S3 aic78xx;aic78xx; C:\Windows\system32\DRIVERS\djsvs.sys [2009-07-14 70720] S3 amdagp;AMD AGP Bus Filter Driver; C:\Windows\system32\DRIVERS\amdagp.sys [2009-07-14 53312] S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0; C:\Windows\system32\DRIVERS\b57nd60x.sys [2009-07-14 229888] S3 BthEnum;Bluetooth Enumerator Service; C:\Windows\system32\DRIVERS\BthEnum.sys [2009-07-14 34816] S3 BthPan;Bluetooth Device (Personal Area Network); C:\Windows\system32\DRIVERS\bthpan.sys [2009-07-14 93696] S3 BTHPORT;Bluetooth Port Driver; C:\Windows\System32\Drivers\BTHport.sys [2009-07-14 392704] S3 BTHUSB;Bluetooth Radio USB Driver; C:\Windows\System32\Drivers\BTHUSB.sys [2009-07-14 58880] S3 CrystalSysInfo;CrystalSysInfo; \??\C:\Program Files\MediaCoder\SysInfo.sys [2007-09-25 15152] S3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\Windows\system32\DRIVERS\nvm62x32.sys [2009-07-14 347264] S3 RFCOMM;Bluetooth Device (RFCOMM Protocol TDI); C:\Windows\system32\DRIVERS\rfcomm.sys [2009-07-14 129536] S3 s3cap;s3cap; C:\Windows\system32\DRIVERS\vms3cap.sys [2009-07-14 5632] S3 sisagp;SIS AGP Bus Filter; C:\Windows\system32\DRIVERS\sisagp.sys [2009-07-14 52304] S3 SKYNET;TechniSat DVB-PC TV Star PCI; C:\Windows\system32\DRIVERS\SkyNET.SYS [2009-09-11 507408] S3 SrvHsfPCI;SrvHsfPCI; C:\Windows\system32\DRIVERS\VSTBS23.SYS [2009-07-14 266752] S3 SrvHsfV92;SrvHsfV92; C:\Windows\system32\DRIVERS\VSTDPV3.SYS [2009-07-14 980992] S3 SrvHsfWinac;SrvHsfWinac; C:\Windows\system32\DRIVERS\VSTCNXT3.SYS [2009-07-14 661504] S3 storvsc;storvsc; C:\Windows\system32\DRIVERS\storvsc.sys [2009-07-14 28224] S3 usbscan;USB Scanner Driver; C:\Windows\system32\DRIVERS\usbscan.sys [2009-07-14 35840] S3 viaagp;VIA AGP Bus Filter; C:\Windows\system32\DRIVERS\viaagp.sys [2009-07-14 53328] S3 ViaC7;VIA C7 Processor Driver; C:\Windows\system32\DRIVERS\viac7.sys [2009-07-14 52736] S3 vmbus;@%SystemRoot%\system32\vmbusres.dll,-1000; C:\Windows\system32\DRIVERS\vmbus.sys [2009-07-14 175824] S3 VMBusHID;VMBusHID; C:\Windows\system32\DRIVERS\VMBusHID.sys [2009-07-14 17920] S3 vmusb;VMware USB Client Driver; C:\Windows\System32\Drivers\vmusb.sys [2009-10-21 31280] S3 VProEventMonitor;Symantec Event Monitor Driver; C:\Windows\system32\DRIVERS\vproeventmonitor.sys [2009-09-21 15096] ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R2 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2009-07-14 20992] R2 ekrn;ESET Service; C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe [2010-08-12 810144] R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe [2006-10-26 335872] R2 Net Driver HPZ12;Net Driver HPZ12; C:\Windows\System32\svchost.exe [2009-07-14 20992] R2 Norton Ghost;Norton Ghost; C:\Program Files\Norton Ghost\Agent\VProSvc.exe [2009-10-01 4584288] R2 NVSvc;NVIDIA Driver Helper Service; C:\Windows\system32\nvvsvc.exe [2010-10-16 600680] R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\Windows\System32\svchost.exe [2009-07-14 20992] R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service; C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2010-10-16 369256] R2 TeamViewer5;TeamViewer 5; C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe [2010-02-11 172328] R2 VMAuthdService;VMware Authorization Service; C:\Program Files\VMware\VMware Workstation\vmware-authd.exe [2009-10-22 113200] R2 VMnetDHCP;VMware DHCP Service; C:\Windows\system32\vmnetdhcp.exe [2009-10-22 334384] R2 VMUSBArbService;VMware USB Arbitration Service; C:\Program Files\Common Files\VMware\USB\vmware-usbarbitrator.exe [2009-10-22 563760] R2 VMware NAT Service;VMware NAT Service; C:\Windows\system32\vmnat.exe [2009-10-22 395824] R3 SymSnapService;SymSnapService; C:\Program Files\Norton Ghost\Shared\Drivers\SymSnapService.exe [2009-09-21 1964528] R3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2009-07-14 20992] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] S2 GEARSecurity;GEARSecurity; C:\Windows\System32\GEARSec.exe [] S3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2009-07-14 20992] S3 EhttpSrv;ESET HTTP Server; C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe [2010-08-12 33584] S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2010-10-23 655624] S3 GenericMount Helper Service;GenericMount Helper Service; C:\Program Files\Norton Ghost\Shared\Drivers\GenericMountHelper.exe [2009-09-21 1571336] S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2006-10-26 65824] S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service; C:\Program Files\Microsoft Office\Office14\GROOVE.EXE [2010-03-25 30969208] S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136] S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 149352] S3 osppsvc;Office Software Protection Platform; C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4640000] S3 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; C:\Windows\System32\svchost.exe [2009-07-14 20992] S3 Symantec SymSnap VSS Provider;Symantec SymSnap VSS Provider; C:\Windows\system32\dllhost.exe [2009-07-14 7168] S3 ufad-ws60;VMware Agent Service; C:\Program Files\VMware\VMware Workstation\vmware-ufad.exe [2009-10-12 191024] S4 AcrSch2Svc;Acronis Scheduler2 Service; C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe [2010-09-08 779960] S4 Adobe LM Service;Adobe LM Service; C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [2010-08-12 72704] S4 afcdpsrv;Acronis Nonstop Backup service; C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe [2010-10-09 3975088] S4 bgsvcgen;B's Recorder GOLD Library General Service; C:\Windows\system32\bgsvcgen.exe [2010-10-12 139264] S4 ForceWare Intelligent Application Manager (IAM);ForceWare Intelligent Application Manager (IAM); C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe [2009-04-19 387616] S4 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [] S4 hddledd;hddledd; C:\Program Files\HddLed\hddledd.exe [2007-06-02 45056] S4 NBService;NBService; C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe [2007-06-29 800040] S4 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe [2007-06-27 279848] S4 nSvcIp;ForceWare IP service; C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe [2009-04-19 178720] S4 OpenVPNService;OpenVPN Service; C:\Program Files\OpenVPN\bin\openvpnserv.exe [2009-12-12 36352] S4 PSI_SVC_2;Protexis Licensing V2; c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe [2007-07-24 185632] S4 PSPRSERV;PSPR Control Service; C:\Program Files\ElcomSoft\Proactive System Password Recovery\psprserv.exe [2008-05-29 21504] S4 Steam Client Service;Steam Client Service; C:\Program Files\Common Files\Steam\SteamService.exe [2009-07-16 316664] -----------------EOF----------------- |
|||
|
|
16-12-2010, 19:04
(Dit bericht is het laatst bewerkt op 16-12-2010 om 19:05 door miekiemoes.)
Bericht: #2
|
|||
|
|||
|
RE: please help to remove Win32/Olmarik trojan
Hi,
* Please download Malwarebytes' Anti-Malware from Here Double Click mbam-setup.exe to install the application.
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly. Also, can you tell me what this is? C:\Users\Hamid\Documents\w65Src.exe Because I see it was disabled via msconfig. Also, since it's in your Documents folder, in most cases its something you placed there. Can you upload that file for me please? Please upload it here: http://www.bleepingcomputer.com/submit-m...?channel=8 Thanks. Microsoft MVP - Consumer Security ![[Afbeelding: mvp.gif]](http://users.telenet.be/bluepatchy/miekiemoes/linksimages/mvp.gif) Director of Research @ Malwarebytes ![[Afbeelding: mbammini.png]](http://users.telenet.be/bluepatchy/miekiemoes/linksimages/mbammini.png) AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Preventie---Help! Mijn computer is traag!---Mijn Blog---Volg me op Twitter. ![[Afbeelding: MiekiemoesBlog.2.gif]](http://feeds.feedburner.com/MiekiemoesBlog.2.gif)
|
|||
|
|
16-12-2010, 20:47
Bericht: #3
|
|||
|
|||
|
RE: please help to remove Win32/Olmarik trojan
Thank You very very much. my problem had solved.
|
|||
|
|
|
16-12-2010, 20:49
Bericht: #4
|
|||
|
|||
|
RE: please help to remove Win32/Olmarik trojan
Glad I could help.
 Please read my Prevention page with lots of info and tips how to prevent this in the future. And if you want to improve speed/system performance after malware removal, take a look here. Extra note: Make sure your programs are up to date - because older versions may contain Security Leaks. To find out what programs need to be updated, please run the Secunia Software Inspector Scan. Happy Surfing again! Microsoft MVP - Consumer Security Director of Research @ Malwarebytes AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Preventie---Help! Mijn computer is traag!---Mijn Blog---Volg me op Twitter.
|
|||
|
|
|
|
Gebruikers die deze discussie lezen: 1 gast(en)