مشكله مع trojan

euge4ever · 20 يناير 2010

السلام عليكم
ارجو الساعده
عندما اشغل الابتوب تظهر لي رساله من eset nodفيروس 20/01/2010 21:24:18 Startup scanner operating memory Operating memory Win32/Olmarik trojan

20/01/2010 21:18:44 Startup scanner operating memory Operating memory Win32/Olmarik trojan unable to clean dark-PC\dark
20/01/2010 21:16:12 Startup scanner operating memory Operating memory Win32/Olmarik trojan unable to clean dark-PC\dark
مع العلم اني حاولت ازالة الفيرس بستخدام
ولاكن لم اجد الفبرس عملت ديب سكان ماظهر شيء Loaris Trojan Remover
ارجو المساعده بسرعه لو سمحتم و شكرا

عـاشـق وهـم · 20 يناير 2010

حمل هذا البرنامج

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي

بعدها اغلق جميع البرامج وخصوصا الانترنت اكسبلورر والماسنجر
شغل البرنامج ==> واضغط على
Do a system scan and save log
لحظات .. ويظهر لك تقرير داخل المفكرة==> انسخه والصقه بردك القادم

euge4ever · 20 يناير 2010

تفضل
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:49:34, on 20/01/2010
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18865)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\Program Files\IDT\WDM\sttray.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\VerbAce Research\VerbAce-Pro\VerbAce-Pro.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE
C:\Windows\system32\Macromed\Flash\FlashUtil10c.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Users\dark\Desktop\Zyzoom_HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {EEE6C35D-6118-11DC-9C72-001320C79847} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\program files\video convert master\codec\real\rpbrowserrecordplugin.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: SWEETIE - {EEE6C35C-6118-11DC-9C72-001320C79847} - (no file)
O3 - Toolbar: SweetIM Toolbar for Internet Explorer - {EEE6C35B-6118-11DC-9C72-001320C79847} - (no file)
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [UCam_Menu] "C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\YouCam" update "Software\CyberLink\YouCam\2.0"
O4 - HKLM\..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [Loaris Trojan Remover] "C:\Program Files\Loaris Trojan Remover\TrojanRemover.exe" 0
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - Global Startup: VerbAce-Pro Startup Agent.lnk = C:\Program Files\VerbAce Research\VerbAce-Pro\VerbAce-Pro.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: EI??? ??C ?? C??I??E - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &EI??? ??C ?? Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O13 - Gopher Prefix:
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) -

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي

O16 - DPF: {BD8667B7-38D8-4C77-B580-18C3E146372C} -

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) -

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} -

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_e2247046\aestsrv.exe
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: Com4QLBEx - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: HP Service (hpsrv) - Hewlett-Packard Corporation - C:\Windows\system32\Hpservice.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: QuickPlay Background Capture Service (QBCS) (QPCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
O23 - Service: QuickPlay Task Scheduler (QTS) (QPSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Audio Service (STacSV) - IDT, Inc. - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_e2247046\STacSV.exe
--
End of file - 8312 bytes

عـاشـق وهـم · 20 يناير 2010

احذف هالقيم

O2 - BHO: SWEETIE - {EEE6C35C-6118-11DC-9C72-001320C79847} - (no file)

O3 - Toolbar: SweetIM Toolbar for Internet Explorer - {EEE6C35B-6118-11DC-9C72-001320C79847} - (no file)

طريقة الحذف لمستخدمي الفيستا و 7

بعدها اذهب الى اضافة وازالة البرامج واحذف التولبار الموجود عندك (toolbar)>> ممكن ما يكون موجود
ثم نظف جهازك بهذه الاداة

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي

.

Technology G!rl · 20 يناير 2010

بعد حذف القيــم..

عطل برامج الحماية عن العمل
ثم
حمل الاداة التالية واحفظها على سطح المكتب

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي

عند تشغيلها بتظهر لك رسالة ,, اضغط على >> Yes
بعدها بتظهر لك رساله ثانيه ,, اضغط على >> Yes
اثناء الفحص ممكن يعاد تشغيل الجهاز
وبعد اعادة التشغيل ,, سوف تبدأ الاداة بالفحص مرره ثانيه
لا تقم بتشغيل اي برنامج ،، ومهما طالت عملية الفحص انتظر حتى تنتهي
انتظر حتى يظهر لك تقرير ،،انسخه والصقه بمشاركتك القادمة

-------------------------------------------------------------------------------

شرح تعطيل النود

الشرح مقدم من

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي

كلك يمين على شعار النود امام الساعة
واختر كما الصورة

euge4ever · 20 يناير 2010

تفضل يالغالي
ComboFix 10-01-19.08 - dark 21/01/2010 0:02.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1256.971.1033.18.3068.2282 [GMT 4:00]
Running from: c:\users\dark\Desktop\ComboFix.exe
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
* Resident AV is active
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\$recycle.bin\S-1-5-21-1624494241-2443125726-4129371530-500
c:\users\dark\AppData\Roaming\inst.exe
c:\windows\system32\lowsec
Infected copy of c:\windows\system32\DRIVERS\iaStor.sys was found and disinfected
Restored copy from - Kitty ate it

.
((((((((((((((((((((((((( Files Created from 2009-12-20 to 2010-01-20 )))))))))))))))))))))))))))))))
.
2010-01-20 07:04 . 2010-01-20 08:07 -------- d-----w- c:\program files\Loaris Trojan Remover
2010-01-20 03:52 . 2010-01-20 03:52 -------- d-----w- c:\users\dark\AppData\Local\ESET
2010-01-19 19:11 . 2010-01-19 23:50 -------- d-----w- c:\programdata\avg9
2010-01-19 19:11 . 2010-01-19 19:11 -------- d-----w- c:\program files\AVG
2010-01-19 16:04 . 2010-01-20 07:00 -------- d-----w- c:\program files\GridinSoft Trojan Killer
2010-01-18 19:06 . 2006-06-19 08:01 69632 ----a-w- c:\windows\system32\ztvcabinet.dll
2010-01-18 19:06 . 2006-05-25 10:52 162304 ----a-w- c:\windows\system32\ztvunrar36.dll
2010-01-18 19:06 . 2005-08-25 20:50 77312 ----a-w- c:\windows\system32\ztvunace26.dll
2010-01-18 19:06 . 2003-02-02 15:06 153088 ----a-w- c:\windows\system32\unrar3.dll
2010-01-18 19:06 . 2002-03-05 20:00 75264 ----a-w- c:\windows\system32\unacev2.dll
2010-01-18 17:31 . 2010-01-18 17:31 -------- d-----w- c:\program files\Free PDF to Word Doc Converter
2010-01-15 23:33 . 2010-01-18 19:13 -------- d-sh--w- c:\users\dark\AppData\Roaming\lowsec
2010-01-14 20:43 . 2004-03-29 12:23 90112 ----a-w- c:\windows\unvise32.exe
2010-01-14 20:43 . 2010-01-14 21:22 -------- d-----w- C:\AiroWizard
2010-01-14 20:38 . 2010-01-14 20:38 -------- d-----w- c:\program files\Network Stumbler
2010-01-14 16:59 . 1999-09-10 11:06 5600 ----a-w- c:\windows\system\winaspi.dll
2010-01-14 16:59 . 1999-09-10 11:06 4672 ----a-w- c:\windows\system\wowpost.exe
2010-01-14 16:59 . 1999-09-10 11:06 45056 ----a-w- c:\windows\system32\wnaspi32.dll
2010-01-14 16:59 . 1999-09-10 11:06 25244 ----a-w- c:\windows\system32\drivers\aspi32.sys
2010-01-14 14:51 . 2010-01-14 15:53 -------- d-----w- c:\users\dark\AppData\Local\Deployment
2010-01-14 14:51 . 2010-01-14 14:51 -------- d-----w- c:\users\dark\AppData\Local\Apps
2010-01-13 14:56 . 2009-10-19 13:38 156672 ----a-w- c:\windows\system32\t2embed.dll
2010-01-13 14:56 . 2009-10-19 13:35 72704 ----a-w- c:\windows\system32\fontsub.dll
2009-12-27 14:30 . 2009-12-27 14:30 -------- d-----w- c:\program files\Microsoft.NET
2009-12-27 14:25 . 2009-12-27 14:25 -------- d-----w- c:\program files\Microsoft Visual Studio 8
2009-12-27 14:10 . 2009-12-27 14:10 -------- d-----w- c:\users\dark\AppData\Local\Seven Zip
2009-12-22 09:00 . 2009-12-22 09:00 -------- d-----w- c:\program files\ExtractNow
2009-12-21 22:43 . 2009-12-21 22:44 -------- d-----w- c:\program files\TVPlayerClassic
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-20 20:12 . 2009-08-12 00:43 48544 ----a-w- c:\programdata\nvModes.dat
2010-01-20 20:11 . 2009-08-12 00:30 1076 ----a-w- c:\windows\bthservsdp.dat
2010-01-20 08:08 . 2009-08-12 18:30 -------- d-----w- c:\program files\Microsoft Silverlight
2010-01-19 23:56 . 2009-08-11 22:59 -------- d-----w- c:\program files\ESET
2010-01-18 22:46 . 2009-08-12 12:03 -------- d-----w- c:\users\dark\AppData\Roaming\uTorrent
2010-01-18 18:15 . 2008-07-02 18:12 -------- d-----w- c:\program files\Common Files\Adobe
2010-01-14 20:42 . 2009-09-18 14:21 680 ----a-w- c:\users\dark\AppData\Local\d3d9caps.dat
2010-01-14 16:19 . 2009-09-15 18:50 -------- d-----w- c:\users\dark\AppData\Roaming\vlc
2010-01-14 07:12 . 2009-10-03 00:54 181120 ------w- c:\windows\system32\MpSigStub.exe
2010-01-13 21:30 . 2008-07-02 18:08 -------- d-----w- c:\programdata\Microsoft Help
2010-01-13 21:30 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-01-03 12:34 . 2009-12-19 09:17 -------- d-----w- c:\program files\Hotspot Shield
2009-12-27 19:49 . 2009-08-11 17:12 103424 ----a-w- c:\users\dark\AppData\Local\GDIPFONTCACHEV1.DAT
2009-12-27 14:31 . 2006-11-02 12:37 -------- d-----w- c:\program files\MSBuild
2009-12-21 23:39 . 2009-11-25 19:33 -------- d-----w- c:\programdata\Kaspersky Lab
2009-12-16 18:19 . 2009-12-16 18:19 39776 ----a-w- c:\windows\system32\drivers\epfwwfp.sys
2009-12-16 18:18 . 2009-12-16 18:18 32584 ----a-w- c:\windows\system32\drivers\epfwndis.sys
2009-12-16 18:18 . 2009-12-16 18:18 133976 ----a-w- c:\windows\system32\drivers\epfw.sys
2009-12-16 18:18 . 2009-12-16 18:18 114984 ----a-w- c:\windows\system32\drivers\ehdrv.sys
2009-12-16 18:17 . 2009-12-16 18:17 131976 ----a-w- c:\windows\system32\drivers\eamonm.sys
2009-12-12 20:17 . 2009-12-12 20:17 402952 ----a-w- c:\users\dark\AppData\Roaming\Real\RealPlayer\setup\AU_setup11.exe
2009-12-08 17:41 . 2009-12-08 17:41 -------- d-----w- c:\program files\Common Files\Sony Shared
2009-12-08 17:41 . 2009-11-12 15:53 -------- d-----w- c:\program files\Sony
2009-12-08 17:20 . 2009-11-12 15:50 -------- d-----w- c:\users\dark\AppData\Roaming\Sony
2009-12-07 22:20 . 2009-12-02 23:07 -------- d-----w- c:\programdata\TuneUp Software
2009-12-07 22:20 . 2009-12-07 22:20 -------- d-sh--w- c:\programdata\{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC}
2009-12-07 09:31 . 2009-08-11 17:05 -------- d-----w- c:\users\dark\AppData\Roaming\Hewlett-Packard
2009-12-03 19:50 . 2009-11-12 15:53 10134 ----a-r- c:\users\dark\AppData\Roaming\Microsoft\Installer\{0E532C84-4275-41B3-9D81-D4A1A20D8EE7}\ARPPRODUCTICON.exe
2009-12-03 19:50 . 2009-12-03 19:50 -------- d-----w- c:\programdata\Sony Corporation
2009-12-03 19:49 . 2009-12-03 19:49 -------- d-----w- c:\users\dark\AppData\Roaming\Sony Setup
2009-12-03 19:49 . 2009-12-03 19:49 -------- d-----w- c:\program files\Sony Setup
2009-12-02 23:06 . 2009-12-02 23:06 -------- d-sh--w- c:\programdata\{55A29068-F2CE-456C-9148-C869879E2357}
2009-11-27 11:54 . 2009-11-27 11:54 -------- d-----w- c:\program files\Common Files\Apple
2009-11-27 11:54 . 2009-10-07 23:03 -------- d-----w- c:\programdata\Apple Computer
2009-11-22 22:07 . 2009-11-22 22:07 -------- d-----w- c:\users\dark\AppData\Roaming\HP
2009-11-22 22:07 . 2009-08-12 00:47 -------- d-----w- c:\programdata\CyberLink
2009-11-22 22:07 . 2009-11-22 22:07 -------- d-----w- c:\programdata\HP
2009-11-22 22:07 . 2009-08-12 13:32 -------- d-----w- c:\users\dark\AppData\Roaming\CyberLink
2009-11-21 06:40 . 2009-12-10 18:16 916480 ----a-w- c:\windows\system32\wininet.dll
2009-11-21 06:34 . 2009-12-10 18:16 71680 ----a-w- c:\windows\system32\iesetup.dll
2009-11-21 06:34 . 2009-12-10 18:16 109056 ----a-w- c:\windows\system32\iesysprep.dll
2009-11-21 04:59 . 2009-12-10 18:16 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2009-11-12 21:42 . 2009-11-12 21:42 32768 ----a-w- c:\windows\system32\drivers\taphss.sys
2009-11-09 12:31 . 2009-12-12 14:41 24064 ----a-w- c:\windows\system32\nshhttp.dll
2009-11-09 12:30 . 2009-12-12 14:41 30720 ----a-w- c:\windows\system32\httpapi.dll
2009-11-09 10:36 . 2009-12-12 14:41 411648 ----a-w- c:\windows\system32\drivers\http.sys
2009-11-07 18:36 . 2009-08-19 15:46 47360 ----a-w- c:\users\dark\AppData\Roaming\pcouffin.sys
2009-11-07 18:36 . 2009-08-19 15:46 47360 ----a-w- c:\users\dark\AppData\Roaming\pcouffin.sys
2009-10-30 11:38 . 2006-11-02 10:25 665600 ----a-w- c:\windows\inf\drvindex.dat
2009-10-29 09:17 . 2009-11-25 16:39 2048 ----a-w- c:\windows\system32\tzres.dll
2008-07-02 15:47 . 2008-07-02 15:47 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Loaris Trojan Remover"="c:\program files\Loaris Trojan Remover\TrojanRemover.exe" [2009-05-09 3183104]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2009-12-16 2136760]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"UCam_Menu"="c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2007-12-24 222504]
"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2009-07-21 458844]
"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-11-20 488752]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-12-11 948672]
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
VerbAce-Pro Startup Agent.lnk - c:\program files\VerbAce Research\VerbAce-Pro\VerbAce-Pro.exe [2009-8-24 606208]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
backup=c:\windows\pss\Adobe Gamma Loader.lnk.CommonStartup
backupExtension=.CommonStartup
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bluetooth.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
backup=c:\windows\pss\Bluetooth.lnk.CommonStartup
backupExtension=.CommonStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2008-10-25 07:44 31072 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IAAnotif]
2008-04-16 00:54 178712 ----a-w- c:\program files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroCheck]
2001-07-09 07:50 155648 ----a-w- c:\windows\System32\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2009-07-23 11:39 13797920 ----a-w- c:\windows\System32\nvcpl.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OnScreenDisplay]
2007-11-02 01:42 554288 ----a-w- c:\program files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QlbCtrl.exe]
2008-03-14 15:45 202032 ----a-w- c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QPService]
2008-04-24 06:51 468264 ----a-w- c:\program files\HP\QuickPlay\QPService.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-11-10 19:08 417792 ----a-w- c:\program files\Video Convert Master\codec\quicktime\QTTask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2009-10-11 00:17 149280 ----a-w- c:\program files\Java\jre6\bin\jusched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SweetIM]
2009-10-20 09:59 111928 ----a-r- c:\program files\SweetIM\Messenger\SweetIM.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
2008-03-27 22:05 1045800 ----a-w- c:\program files\Synaptics\SynTP\SynTPEnh.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2009-12-12 20:24 198160 ----a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WindowsWelcomeCenter]
2009-04-11 06:28 2153472 ----a-w- c:\windows\System32\oobefldr.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"HP Health Check Scheduler"=c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
"HP Software Update"=c:\program files\Hp\HP Software Update\HPWuSchd2.exe
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" -osboot
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):ee,0c,60,6c,90,34,ca,01
R1 ehdrv;ehdrv;c:\windows\System32\drivers\ehdrv.sys [16/12/2009 22:18 114984]
R2 {22D78859-9CE9-4B77-BF18-AC83E81A9263};{22D78859-9CE9-4B77-BF18-AC83E81A9263};c:\program files\HP\QuickPlay\000.fcl [02/07/2008 21:22 39408]
R2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt.inf_e2247046\AEstSrv.exe [02/03/2009 18:43 81920]
R2 eamonm;eamonm;c:\windows\System32\drivers\eamonm.sys [16/12/2009 22:17 131976]
R2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [16/12/2009 22:18 806000]
R2 epfwwfp;epfwwfp;c:\windows\System32\drivers\epfwwfp.sys [16/12/2009 22:19 39776]
R2 ezSharedSvc;Easybits Shared Services for Windows;c:\windows\system32\svchost.exe -k netsvcs [21/01/2008 06:23 21504]
R2 hpsrv;HP Service;c:\windows\System32\hpservice.exe [19/03/2008 03:24 19456]
R3 enecir;ENE CIR Receiver;c:\windows\System32\drivers\enecir.sys [24/01/2008 17:23 52736]
R3 JMCR;JMCR;c:\windows\System32\drivers\jmcr.sys [01/04/2008 15:14 81296]
R3 NETw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\System32\drivers\NETw5v32.sys [17/11/2008 15:40 3668480]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\System32\drivers\nvhda32v.sys [21/08/2009 20:24 66592]
S3 Com4QLBEx;Com4QLBEx;c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [02/07/2008 21:29 193840]
S3 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [21/01/2008 06:23 21504]
S4 Recovery Service for Windows;Recovery Service for Windows;c:\windows\SMINST\BLService.exe [02/07/2008 22:25 341328]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
ezSharedSvc
.
Contents of the 'Scheduled Tasks' folder
2010-01-12 c:\windows\Tasks\HPCeeScheduleFordark.job
- c:\program files\hewlett-packard\sdp\ceement\HPCEE.exe [2008-07-02 22:14]
2010-01-20 c:\windows\Tasks\User_Feed_Synchronization-{5BF145A1-9E6B-428F-8B60-06EF5E0B904B}.job
- c:\windows\system32\msfeedssync.exe [2009-12-10 04:59]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.co.uk/
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_ae&c=83&bd=Pavilion&pf=cnnb
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
.
- - - - ORPHANS REMOVED - - - -
URLSearchHooks-{EEE6C35D-6118-11DC-9C72-001320C79847} - (no file)
WebBrowser-{EEE6C35B-6118-11DC-9C72-001320C79847} - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
MSConfigStartUp-GridinSoft Trojan Killer - c:\program files\GridinSoft Trojan Killer\trojankiller.exe
MSConfigStartUp-nod32kui - c:\program files\Eset\nod32kui.exe
AddRemove-Agere Systems Soft Modem - c:\windows\agrsmdel
AddRemove-HijackThis - c:\program files\Loaris Trojan Remover\HijackThis.exe

**************************************************************************
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files:
**************************************************************************
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\{22D78859-9CE9-4B77-BF18-AC83E81A9263}]
"ImagePath"="\??\c:\program files\HP\QuickPlay\000.fcl"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_USERS\S-1-5-21-1624494241-2443125726-4129371530-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.032\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Picture Frame Manager.032"
[HKEY_USERS\S-1-5-21-1624494241-2443125726-4129371530-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.abr\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Picture Frame Manager.abr"
[HKEY_USERS\S-1-5-21-1624494241-2443125726-4129371530-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.arw\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Picture Frame Manager.arw"
[HKEY_USERS\S-1-5-21-1624494241-2443125726-4129371530-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bay\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Picture Frame Manager.bay"
[HKEY_USERS\S-1-5-21-1624494241-2443125726-4129371530-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bmp\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Picture Frame Manager.bmp"
[HKEY_USERS\S-1-5-21-1624494241-2443125726-4129371530-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cr2\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Picture Frame Manager.cr2"
[HKEY_USERS\S-1-5-21-1624494241-2443125726-4129371530-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.crw\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Picture Frame Manager.crw"
[HKEY_USERS\S-1-5-21-1624494241-2443125726-4129371530-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cs1\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Picture Frame Manager.cs1"
[HKEY_USERS\S-1-5-21-1624494241-2443125726-4129371530-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dcr\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Picture Frame Manager.dcr"
[HKEY_USERS\S-1-5-21-1624494241-2443125726-4129371530-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dcx\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Picture Frame Manager.dcx"
[HKEY_USERS\S-1-5-21-1624494241-2443125726-4129371530-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dib\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Picture Frame Manager.dib"
[HKEY_USERS\S-1-5-21-1624494241-2443125726-4129371530-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dng\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Picture Frame Manager.dng"
[HKEY_USERS\S-1-5-21-1624494241-2443125726-4129371530-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.emf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Picture Frame Manager.emf"
[HKEY_USERS\S-1-5-21-1624494241-2443125726-4129371530-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.erf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Picture Frame Manager.erf"
[HKEY_USERS\S-1-5-21-1624494241-2443125726-4129371530-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.fff\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Picture Frame Manager.fff"
[HKEY_USERS\S-1-5-21-1624494241-2443125726-4129371530-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.fpx\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Picture Frame Manager.fpx"
[HKEY_USERS\S-1-5-21-1624494241-2443125726-4129371530-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.gif\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Picture Frame Manager.gif"
[HKEY_USERS\S-1-5-21-1624494241-2443125726-4129371530-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.hdr\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Picture Frame Manager.hdr"
[HKEY_USERS\S-1-5-21-1624494241-2443125726-4129371530-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.j2c\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Picture Frame Manager.j2c"
[HKEY_USERS\S-1-5-21-1624494241-2443125726-4129371530-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.j2k\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Picture Frame Manager.j2k"
[HKEY_USERS\S-1-5-21-1624494241-2443125726-4129371530-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jbr\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Picture Frame Manager.jbr"
[HKEY_USERS\S-1-5-21-1624494241-2443125726-4129371530-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jfif\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Picture Frame Manager.jfif"
[HKEY_USERS\S-1-5-21-1624494241-2443125726-4129371530-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jif\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Picture Frame Manager.jif"
[HKEY_USERS\S-1-5-21-1624494241-2443125726-4129371530-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jp2\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Picture Frame Manager.jp2"
[HKEY_USERS\S-1-5-21-1624494241-2443125726-4129371530-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpc\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Picture Frame Manager.jpc"
[HKEY_USERS\S-1-5-21-1624494241-2443125726-4129371530-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpe\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Picture Frame Manager.jpe"
[HKEY_USERS\S-1-5-21-1624494241-2443125726-4129371530-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpeg\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Picture Frame Manager.jpeg"
[HKEY_USERS\S-1-5-21-1624494241-2443125726-4129371530-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpg\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Picture Frame Manager.jpg"
[HKEY_USERS\S-1-5-21-1624494241-2443125726-4129371530-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpk\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Picture Frame Manager.jpk"
[HKEY_USERS\S-1-5-21-1624494241-2443125726-4129371530-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpx\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Picture Frame Manager.jpx"
[HKEY_USERS\S-1-5-21-1624494241-2443125726-4129371530-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.kdc\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Picture Frame Manager.kdc"
[HKEY_USERS\S-1-5-21-1624494241-2443125726-4129371530-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mef\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Picture Frame Manager.mef"
[HKEY_USERS\S-1-5-21-1624494241-2443125726-4129371530-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mos\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Picture Frame Manager.mos"
[HKEY_USERS\S-1-5-21-1624494241-2443125726-4129371530-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mrw\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Picture Frame Manager.mrw"
[HKEY_USERS\S-1-5-21-1624494241-2443125726-4129371530-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.nef\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Picture Frame Manager.nef"
[HKEY_USERS\S-1-5-21-1624494241-2443125726-4129371530-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.orf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Picture Frame Manager.orf"
[HKEY_USERS\S-1-5-21-1624494241-2443125726-4129371530-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pbr\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Picture Frame Manager.pbr"
[HKEY_USERS\S-1-5-21-1624494241-2443125726-4129371530-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pcd\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Picture Frame Manager.pcd"
[HKEY_USERS\S-1-5-21-1624494241-2443125726-4129371530-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pcx\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Picture Frame Manager.pcx"
[HKEY_USERS\S-1-5-21-1624494241-2443125726-4129371530-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pef\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Picture Frame Manager.pef"
[HKEY_USERS\S-1-5-21-1624494241-2443125726-4129371530-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pic\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Picture Frame Manager.pic"
[HKEY_USERS\S-1-5-21-1624494241-2443125726-4129371530-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.png\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Picture Frame Manager.png"
[HKEY_USERS\S-1-5-21-1624494241-2443125726-4129371530-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.psd\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Picture Frame Manager.psd"
[HKEY_USERS\S-1-5-21-1624494241-2443125726-4129371530-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.raf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Picture Frame Manager.raf"
[HKEY_USERS\S-1-5-21-1624494241-2443125726-4129371530-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.raw\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Picture Frame Manager.raw"
[HKEY_USERS\S-1-5-21-1624494241-2443125726-4129371530-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rle\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Picture Frame Manager.rle"
[HKEY_USERS\S-1-5-21-1624494241-2443125726-4129371530-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rw2\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Picture Frame Manager.rw2"
[HKEY_USERS\S-1-5-21-1624494241-2443125726-4129371530-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sr2\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Picture Frame Manager.sr2"
[HKEY_USERS\S-1-5-21-1624494241-2443125726-4129371530-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.srf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Picture Frame Manager.srf"
[HKEY_USERS\S-1-5-21-1624494241-2443125726-4129371530-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tga\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Picture Frame Manager.tga"
[HKEY_USERS\S-1-5-21-1624494241-2443125726-4129371530-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.thm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Picture Frame Manager.thm"
[HKEY_USERS\S-1-5-21-1624494241-2443125726-4129371530-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tif\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Picture Frame Manager.tif"
[HKEY_USERS\S-1-5-21-1624494241-2443125726-4129371530-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tiff\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Picture Frame Manager.tiff"
[HKEY_USERS\S-1-5-21-1624494241-2443125726-4129371530-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wbm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Picture Frame Manager.wbm"
[HKEY_USERS\S-1-5-21-1624494241-2443125726-4129371530-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wbmp\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Picture Frame Manager.wbmp"
[HKEY_USERS\S-1-5-21-1624494241-2443125726-4129371530-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Picture Frame Manager.wmf"
[HKEY_USERS\S-1-5-21-1624494241-2443125726-4129371530-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xif\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Picture Frame Manager.xif"
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'Explorer.exe'(5728)
c:\windows\system32\btncopy.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\windows\System32\DriverStore\FileRepository\stwrt.inf_e2247046\STacSV.exe
c:\windows\system32\agrsmsvc.exe
c:\program files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
c:\program files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
c:\program files\HP\QuickPlay\Kernel\TV\QPSched.exe
c:\program files\CyberLink\Shared Files\RichVideo.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\windows\system32\nvvsvc.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\system32\conime.exe
c:\program files\Hewlett-Packard\HP Health Check\hphc_service.exe
c:\\?\c:\windows\system32\wbem\WMIADAP.EXE
c:\windows\servicing\TrustedInstaller.exe
.
**************************************************************************
.
Completion time: 2010-01-21 00:19:19 - machine was rebooted
ComboFix-quarantined-files.txt 2010-01-20 20:19
Pre-Run: 76,518,469,632 bytes free
Post-Run: 76,507,967,488 bytes free
- - End Of File - - 8D8E3E4A676A6098961E2252F290CA0E

Technology G!rl · 20 يناير 2010

بعد ذلك استخدم

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي

وارفق تقرير طبعاً في مشاركتك
موفق

euge4ever · 21 يناير 2010

تفضل
Malwarebytes' Anti-Malware 1.44
Database version: 3604
Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18865
21/01/2010 01:28:05
mbam-log-2010-01-21 (01-28-05).txt
Scan type: Full Scan (C:\|D:\|E:\|F:\|)
Objects scanned: 293112
Time elapsed: 48 minute(s), 51 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 7
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{19127ad2-394b-70f5-c650-b97867baa1f7} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{19127ad2-394b-70f5-c650-b97867baa1f7} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{43bf8cd1-c5d5-2230-7bb2-98f22c2b7dc6} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{3446af26-b8d7-199b-4cfc-6fd764ca5c9f} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{19127ad2-394b-70f5-c650-b97867baa1f7} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{43bf8cd1-c5d5-2230-7bb2-98f22c2b7dc6} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{3446af26-b8d7-199b-4cfc-6fd764ca5c9f} (Backdoor.Bot) -> Quarantined and deleted successfully.
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
D:\مجلد جديد\MAGIX\Ringtone_Maker_2_silver\hdx4reg.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.

Technology G!rl · 21 يناير 2010

ممتاز تم اكتشاف اصابات في جهازك ,,

الآن إعمل التالي أيضاً

حمل الاداة التالية واتبع الشرح لعمل تقرير ورفعه

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي

اعمل كما الصورة لبدء الفحص

ثم اعمل التالي لحفظ ملف التقرير

بعد حفظه قم بضغط الملف >>>

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي

وارفع الملف هنا

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي

-----------------------------------------------------------------

euge4ever · 21 يناير 2010

هذا الرابط تفضلي

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي

Technology G!rl · 21 يناير 2010

تفضل أخي

حمل الملف هذا

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي

وطبق علـيه هذا الشرح ,,,

وبالماوس دبل كلك على الملف ... بعدها راح يفتح لك واجهة الاداة

اعمل كما بالشرح ...

بعدها اعد تشغيل جهازك

عـاشـق وهـم · 21 يناير 2010

بعدها ارفق تقرير

الهاجيك جديد

عـاشـق وهـم · 21 يناير 2010

تكنو

اسف

:b:

.

Technology G!rl · 21 يناير 2010

اووبس

ياليت تشيل مشاركتك عشان لايتلخبط هههههه

عـاشـق وهـم · 21 يناير 2010

Technology G!rl · 21 يناير 2010

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي

k:

Technology G!rl · 21 يناير 2010

اخوي تابع موضوعك هذا ليش فتحت موضوع جديد!!

euge4ever · 21 يناير 2010

اسف حاولت احذفه بس مااعرف كيف

euge4ever · 21 يناير 2010

تفضلو التقرير
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:40:45, on 21/01/2010
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18865)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\Program Files\IDT\WDM\sttray.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\VerbAce Research\VerbAce-Pro\VerbAce-Pro.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\Macromed\Flash\FlashUtil10c.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\dark\Desktop\Zyzoom_HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\program files\video convert master\codec\real\rpbrowserrecordplugin.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [UCam_Menu] "C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\YouCam" update "Software\CyberLink\YouCam\2.0"
O4 - HKLM\..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [Loaris Trojan Remover] "C:\Program Files\Loaris Trojan Remover\TrojanRemover.exe" 0
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - Global Startup: VerbAce-Pro Startup Agent.lnk = C:\Program Files\VerbAce Research\VerbAce-Pro\VerbAce-Pro.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) -

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) -

يجب عليك تسجيل الدخول أو التسجيل لمشاهدة الرابط المخفي

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_e2247046\aestsrv.exe
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: Com4QLBEx - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: HP Service (hpsrv) - Hewlett-Packard Corporation - C:\Windows\system32\Hpservice.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: QuickPlay Background Capture Service (QBCS) (QPCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
O23 - Service: QuickPlay Task Scheduler (QTS) (QPSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Audio Service (STacSV) - IDT, Inc. - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_e2247046\STacSV.exe
--
End of file - 6816 bytes

برنامج Avast Premium Security 24.12.9725 تفعيل بسيريال مدة 680 يوم​

زيزوومي جديد

زيزوومى محترف

توقيع : عـاشـق وهـم

زيزوومي جديد

زيزوومى محترف

توقيع : عـاشـق وهـم

زيزوومى محترف

توقيع : Technology G!rl

زيزوومي جديد

زيزوومى محترف

توقيع : Technology G!rl

زيزوومي جديد

زيزوومى محترف

توقيع : Technology G!rl

زيزوومي جديد

زيزوومى محترف

توقيع : Technology G!rl

زيزوومى محترف

توقيع : عـاشـق وهـم

زيزوومى محترف

توقيع : عـاشـق وهـم

زيزوومى محترف

توقيع : Technology G!rl

زيزوومى محترف

توقيع : عـاشـق وهـم

زيزوومى محترف

توقيع : Technology G!rl

زيزوومى محترف

توقيع : Technology G!rl

زيزوومي جديد

زيزوومي جديد

برنامج Avast Premium Security 24.12.9725 تفعيل بسيريال مدة 680 يوم