بطيء وتعليق بالجهاز + نقرير هاجيك

أذكريني

أذكريني

زيزوومى فعال
إنضم
8 يوليو 2009
المشاركات
205
مستوى التفاعل
30
النقاط
260
الإقامة
1
غير متصل
السلام علكم والرحمة
صباح الخير

عندي تعليق وثقل بالجهاز عجيب كل شوي يطلع عباره لا يستجيب

مع العلم اني سويت فورمات ولا تغير شيء فاتمنى اجد الحد

وشاكر لكم

وهذا تقرير هاجيك

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 04:17:23 ص, on 10/07/09
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18248)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtProc.exe
C:\Program Files\PC Connectivity Solution\Transports\NclToBTSrv.exe
C:\Program Files\AFAQ Wireless\AFAQ Wireless.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\explorer.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtblfs.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\ievkbd.dll
O2 - BHO: مساعد تسجيل الدخول إلى Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: link filter bho - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll
O3 - Toolbar: &Save Flash - {4064EA35-578D-4073-A834-C96D82CBCF40} - C:\Program Files\Save Flash\SaveFlash.dll
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe"
O4 - HKLM\..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe -hide
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O8 - Extra context menu item: أضافة إلى مانع الأعلانات - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\ie_banner_deny.htm
O9 - Extra button: &Virtual keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll
O9 - Extra button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll
O13 - Gopher Prefix:
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) -
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O17 - HKLM\System\CCS\Services\Tcpip\..\{1B0B9168-38B0-416F-B960-283829B9C19C}: NameServer = 84.235.6.58 84.235.7.58
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd.dll,C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll,C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe
O23 - Service: Hotspot Shield Service (HotspotShieldService) - Unknown owner - C:\Program Files\Hotspot Shield\bin\openvpnas.exe
O23 - Service: Norton Ghost - Unknown owner - C:\Program Files\Norton Ghost\Agent\VProSvc.exe (file missing)
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe

--
End of file - 5122 bytes​
 

ترتيب حسب التاريخ ترتيب حسب الأصوات
اخواني كرهت الجهاز ما افتح الماسنجر او المتصفح واي برنامج ثاني الا تجيني عباره لا يستجيب

حذفت الكاسبر ونزلت Avira AntiVir وسويت فحص عن طريق الساف مود

وهذا تقريرة

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي



وهذا تقرير الهاجيك


يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي


وانتظر منكم حل للعله


 
تأييد 0
احذف هذه القيمة

O17 - HKLM\System\CCS\Services\Tcpip\..\{1B0B9168-38B0-416F-B960-283829B9C19C}: NameServer =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي



طريقة الحذف


mg%20%283%29.png



mg%20%284%29.png


بعدين استخدم ها الاداة


التحميل من هنا

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي



التوافق : ويندوز اكسبي فقط




شرح الاستخدام ,,,,,,



عند تشغيل ملف الاداة تظهر لك هذه الشاشه ,, انتظر ( وتابع مع الصور )




000.png


001.png


وعند ظهور هذه الشاشه ,, اضغط على Close ليتم اعادة تشغيل جهازك (( لتكملة عملية التنظيف ))




002.png



 
التعديل الأخير بواسطة المشرف:
توقيع : سعود الشامان
تأييد 0
تم حذف القيمة

لكن النظام فيستا عندي
 
تأييد 0
نزل هالاداه وشغلها وتجاهل اي اشارة تنبيه من برنامج الحمايه


يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي




 
توقيع : سعود الشامان
تأييد 0
تأييد 0
تم تشغيل الاداه بعد حذف Avira AntiVir

وتركيب الكاسبر

وان شاء الله يتحسن الوضع

 
تأييد 0
بعد أذن الأخوان

عطني هايجاك جديد
 
توقيع : أعتز بك
تأييد 0
أعتز بك قال:
بعد أذن الأخوان

عطني هايجاك جديد
أنقر للتوسيع...


تفضل اخوي

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 04:54:28 ص, on 11/07/09
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18248)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe
C:\Program Files\PC Connectivity Solution\Transports\NclToBTSrv.exe
C:\Program Files\Nokia\Nokia PC Suite 7\OneTouchAccess.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtblfs.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\ievkbd.dll
O2 - BHO: مساعد تسجيل الدخول إلى Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: link filter bho - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll
O4 - HKLM\..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\ie_banner_deny.htm
O9 - Extra button: &Virtual keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll
O9 - Extra button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll
O13 - Gopher Prefix:
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) -
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

O17 - HKLM\System\CCS\Services\Tcpip\..\{F7F9262E-5C81-46C6-8330-0350BAAF1BE9}: NameServer = 84.23.101.84 84.23.101.85
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd.dll,C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll,C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe
O23 - Service: Hotspot Shield Service (HotspotShieldService) - Unknown owner - C:\Program Files\Hotspot Shield\bin\openvpnas.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe

--
End of file - 4887 bytes

 
تأييد 0
كيف الاوضاع عندك يالغلاا ؟؟
 
توقيع : KoNaMi
تأييد 0
konami قال:
كيف الاوضاع عندك يالغلاا ؟؟
أنقر للتوسيع...


والله يالغلا احسن من اول لكن يوم اخذت هاجيك جديد

تجمد النظام حوالي عشر دقايق لين طلع التقرير

والله يجزاكم كل الخير على تعاونكم
 
تأييد 0
اذا حدث الكاسبر نفسه يعلق ويتجمد النظام حوالي 5 دقايق

ثم يرجع لوضعه الطبيعي
 
تأييد 0
تأييد 0
هل من حل للمشكلة
 
تأييد 0
وما زال الانتظار جـاري
 
تأييد 0
اعمل الاتي اخوي

عطل برامج الحماية عن العمل
ثم
حمل الاداة التالية واحفظها على سطح المكتب
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

عند تشغيلها بتظهر لك رسالة ,, اضغط على >> Yes
بعدها بتظهر لك رساله ثانيه ,, اضغط على >> Yes
اثناء الفحص ممكن يعاد تشغيل الجهاز
وبعد اعادة التشغيل ,, سوف تبدأ الاداة بالفحص مرره ثانيه
لا تقم بتشغيل اي برنامج ،، ومهما طالت عملية الفحص انتظر حتى تنتهي
انتظر حتى يظهر لك تقرير ،،انسخه والصقه بمشاركتك القادمة

 
توقيع : KoNaMi
تأييد 0
تفضل اخوي


هذا برابط لسهولة التحليل

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي


-------------------------------------------------------------



ComboFix 09-07-13.01 - amasey 07/14/2009 12:46.1.2 - NTFSx86
Microsoft®‎ Windows Vista™ Ultimate 6.0.6001.1.1256.966.1025.18.2046.1322 [GMT 3:00]
Running from: c:\users\amasey\Desktop\ComboFix.exe
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\$recycle.bin\S-1-5-21-51003140-4199384537-3980697693-500
E:\u.exe

.
((((((((((((((((((((((((( Files Created from 2009-06-14 to 2009-07-14 )))))))))))))))))))))))))))))))
.

2009-07-14 10:12 . 2009-07-14 10:12 -------- d-----w- c:\users\amasey\AppData\Local\temp
2009-07-13 00:46 . 2007-01-22 21:26 17264 ----a-w- c:\windows\system32\drivers\hfxp2.sys
2009-07-13 00:46 . 2009-07-13 00:46 -------- d-----w- c:\program files\Hide Folders XP 2
2009-07-12 19:08 . 2009-07-12 19:08 171008 ----a-w- c:\windows\system32\GeeKz_db.dll
2009-07-12 02:48 . 2009-07-12 02:48 -------- d-----w- c:\program files\Made By albarg
2009-07-11 23:37 . 2009-07-12 02:15 -------- d-----w- c:\users\amasey\AppData\Roaming\Uniblue
2009-07-11 23:37 . 2009-03-27 09:00 2567565 -c--a-w- c:\programdata\{92E7A367-8E12-4830-AA70-29C32E331A81}\Uniblue RegistryBooster.exe
2009-07-11 23:37 . 2009-07-12 02:13 -------- d-----w- c:\program files\Uniblue
2009-07-11 23:36 . 2008-08-26 16:48 99624 -c--a-w- c:\programdata\{92E7A367-8E12-4830-AA70-29C32E331A81}\registrybooster2\7390E4F0\6383BC9B\StartRegistryBooster.exe
2009-07-11 23:36 . 2008-08-26 16:48 757760 -c--a-w- c:\programdata\{92E7A367-8E12-4830-AA70-29C32E331A81}\registrybooster2\2B86F085\6383BC9B\UBVarRB.dll
2009-07-11 23:36 . 2008-08-26 16:48 6676480 -c--a-w- c:\programdata\{92E7A367-8E12-4830-AA70-29C32E331A81}\registrybooster2\4E45A1A4\6383BC9B\RegistryBooster.dll
2009-07-11 23:36 . 2008-08-26 16:48 497496 -c--a-w- c:\programdata\{92E7A367-8E12-4830-AA70-29C32E331A81}\registrybooster2\AF01B0B\6383BC9B\XceedZip.dll
2009-07-11 23:36 . 2008-08-26 16:48 413696 -c--a-w- c:\programdata\{92E7A367-8E12-4830-AA70-29C32E331A81}\registrybooster2\52CD59C9\6383BC9B\update.dll
2009-07-11 23:36 . 2008-08-26 16:48 2019624 -c--a-w- c:\programdata\{92E7A367-8E12-4830-AA70-29C32E331A81}\registrybooster2\7CE1607E\6383BC9B\RegistryBooster.exe
2009-07-11 23:36 . 2008-08-26 16:48 111912 -c--a-w- c:\programdata\{92E7A367-8E12-4830-AA70-29C32E331A81}\registrybooster2\65B92A91\6383BC9B\KillRBProcess.exe
2009-07-11 23:19 . 2009-07-11 23:37 -------- dc-h--w- c:\programdata\{92E7A367-8E12-4830-AA70-29C32E331A81}
2009-07-11 10:06 . 2008-09-03 03:59 468992 ----a-w- c:\windows\system32\newdev.dll
2009-07-11 10:06 . 2008-09-03 03:58 74752 ----a-w- c:\windows\system32\newdev.exe
2009-07-11 10:06 . 2008-05-10 03:35 885248 ----a-w- c:\windows\system32\RacEngn.dll
2009-07-10 23:13 . 2009-07-10 23:13 932368 ----a-w- c:\programdata\Kaspersky Lab\AVP9\Data\KasFlt\Plugins\profiles-1-6.dll
2009-07-10 23:13 . 2009-07-10 23:13 678416 ----a-w- c:\programdata\Kaspersky Lab\AVP9\Data\KasFlt\Plugins\content_interpreter-1-1.dll
2009-07-10 23:13 . 2009-07-10 23:13 604688 ----a-w- c:\programdata\Kaspersky Lab\AVP9\Data\KasFlt\Plugins\gsg-3-9.dll
2009-07-10 23:13 . 2009-07-10 23:13 1096208 ----a-w- c:\programdata\Kaspersky Lab\AVP9\Data\KasFlt\Plugins\filtration-4-6.dll
2009-07-10 23:13 . 2009-07-10 23:13 522768 ----a-w- c:\programdata\Kaspersky Lab\AVP9\Data\KasFlt\Plugins\database-1-5.dll
2009-07-10 23:12 . 2009-07-10 23:12 280592 ----a-w- c:\programdata\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\rollback\patch\AutoPatches\kav9exec\9.0.0.459\sys\i386\6.0\klif.sys
2009-07-10 23:12 . 2009-07-10 23:12 128016 ----a-w- c:\programdata\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\rollback\patch\AutoPatches\kav9exec\9.0.0.459\sys\i386\kl1.sys
2009-07-10 23:11 . 2009-07-10 23:11 128016 ----a-w- c:\programdata\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav9exec\9.0.0.459\sys\i386\kl1.sys
2009-07-10 23:11 . 2009-07-10 23:11 280592 ----a-w- c:\programdata\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav9exec\9.0.0.459\sys\i386\6.0\klif.sys
2009-07-10 22:15 . 2009-07-10 22:15 604140 --sha-w- c:\windows\system32\drivers\ISwift3.dat
2009-07-10 22:13 . 2009-07-10 22:13 94643 ----a-w- c:\windows\system32\drivers\klick.dat
2009-07-10 22:13 . 2009-07-10 22:13 105395 ----a-w- c:\windows\system32\drivers\klin.dat
2009-07-10 22:12 . 2009-07-14 09:37 -------- d-----w- c:\programdata\Kaspersky Lab
2009-07-10 22:12 . 2009-07-10 22:12 -------- d-----w- c:\program files\Kaspersky Lab
2009-07-10 22:11 . 2009-07-10 22:11 -------- d-----w- c:\programdata\Kaspersky Lab Setup Files
2009-07-10 17:17 . 2009-07-14 09:40 -------- d-----w- c:\users\amasey\Tracing
2009-07-10 15:05 . 2009-07-10 15:05 -------- d--h--w- c:\windows\PIF
2009-07-10 13:33 . 2009-03-24 13:08 55640 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2009-07-10 13:33 . 2009-07-10 22:23 -------- d-----w- c:\programdata\Avira
2009-07-10 13:02 . 2009-07-10 13:03 -------- d-----w- c:\users\amasey\AppData\Local\Microsoft Games
2009-07-10 01:32 . 2009-07-10 01:42 -------- d-----w- c:\users\amasey\AppData\Roaming\QuickScan
2009-07-10 01:22 . 2009-07-10 01:22 -------- d-----w- c:\users\amasey\AppData\Local\Runscanner.net
2009-07-10 00:59 . 2009-07-10 00:59 -------- d-----w- c:\program files\Trend Micro
2009-07-10 00:18 . 2009-07-10 00:18 1107 ----a-w- c:\windows\Vista.bat
2009-07-09 11:20 . 2008-03-17 08:57 103680 ----a-w- c:\windows\system32\drivers\ewusbfake.sys
2009-07-09 11:20 . 2008-03-17 08:05 101632 ----a-w- c:\windows\system32\drivers\ewusbmdm.sys
2009-07-09 11:20 . 2008-03-16 11:47 872192 ----a-w- c:\windows\system32\drivers\mod7700.sys
2009-07-09 11:20 . 2008-01-22 12:10 100864 ----a-w- c:\windows\system32\drivers\ewusbnet.sys
2009-07-09 11:20 . 2007-08-09 01:06 23424 ----a-w- c:\windows\system32\drivers\ewdcsc.sys
2009-07-09 11:18 . 2009-07-09 11:21 -------- d-----w- c:\program files\AFAQ Wireless
2009-07-08 21:33 . 2009-07-08 21:35 2861056 ----a-w- c:\programdata\ParetoLogic\UUS2\DriverCure\Temp\Update.exe
2009-07-08 16:08 . 2009-07-08 16:08 -------- d-----w- c:\windows\system32\dllcache
2009-07-08 16:08 . 2009-07-08 16:08 -------- d-----w- c:\users\amasey\AppData\Local\Temporary Internet Files
2009-07-08 16:08 . 2009-07-08 16:08 -------- d-----w- c:\users\amasey\AppData\Local\History
2009-07-08 16:02 . 2009-07-08 16:08 -------- d-----w- c:\program files\Common Files\delet
2009-07-07 22:24 . 2009-07-12 11:09 -------- d-----w- c:\users\amasey\AppData\Roaming\PC Suite
2009-07-07 22:24 . 2009-07-07 22:27 -------- d-----w- c:\users\amasey\AppData\Roaming\Nokia
2009-07-07 22:24 . 2009-07-07 22:27 -------- d-----w- c:\programdata\PC Suite
2009-07-07 22:23 . 2009-07-07 22:23 -------- d-----w- c:\program files\Common Files\PCSuite
2009-07-07 22:23 . 2009-07-07 22:23 -------- d-----w- c:\program files\Common Files\Nokia
2009-07-07 22:22 . 2009-07-07 22:25 -------- d-----w- c:\program files\DIFX
2009-07-07 22:22 . 2008-08-26 07:26 18816 ----a-w- c:\windows\system32\drivers\pccsmcfd.sys
2009-07-07 22:19 . 2009-07-07 22:19 -------- d-----w- c:\program files\PC Connectivity Solution
2009-07-07 22:11 . 2009-02-09 05:37 91136 ----a-w- c:\windows\system32\nmwcdcls.dll
2009-07-07 22:11 . 2009-07-07 22:23 -------- d-----w- c:\program files\Nokia
2009-07-07 15:55 . 2009-07-07 15:55 28 ----a-w- c:\windows\kmcdfa2200.dat
2009-07-07 15:16 . 2009-07-07 15:16 -------- d-----w- c:\program files\Toshiba
2009-07-07 13:47 . 2009-07-07 14:02 -------- d-----w- c:\windows\$regcmp$
2009-07-06 10:38 . 2009-07-07 15:05 -------- d-----w- c:\programdata\TOSHIBA
2009-07-06 10:17 . 2009-05-25 11:50 164864 ----a-w- c:\windows\system32\drivers\Rtlh86.sys
2009-07-06 10:17 . 2009-03-05 11:54 73728 ----a-w- c:\windows\system32\RtNicProp32.dll
2009-07-06 10:17 . 2009-07-06 10:17 -------- d-----w- c:\program files\Realtek
2009-07-06 10:11 . 2009-07-06 10:11 -------- d-----w- c:\program files\Synaptics
2009-07-06 10:08 . 2006-03-08 15:58 1060424 ----a-w- c:\windows\system32\WdfCoInstaller01000.dll
2009-07-06 10:08 . 2006-10-22 16:17 179896 ----a-w- c:\windows\system32\drivers\SynTP.sys
2009-07-06 10:08 . 2006-10-22 16:16 110592 ----a-w- c:\windows\system32\SynTPCo4.dll
2009-07-06 10:08 . 2006-10-22 15:55 143360 ----a-w- c:\windows\system32\SynTPAPI.dll
2009-07-06 10:08 . 2006-10-22 15:55 196608 ----a-w- c:\windows\system32\SynCtrl.dll
2009-07-06 10:08 . 2006-10-22 15:55 163840 ----a-w- c:\windows\system32\SynCOM.dll
2009-07-06 09:54 . 2009-02-05 07:53 53248 ----a-w- c:\windows\system32\CSVer.dll
2009-07-06 09:48 . 2003-12-05 06:48 77824 ----a-w- c:\windows\system32\tosmreg.exe
2009-07-06 09:44 . 2009-07-06 09:44 -------- d-----w- c:\windows\Options
2009-07-06 09:44 . 2009-07-06 09:44 -------- d-----w- c:\users\amasey\AppData\Roaming\WinBatch
2009-07-06 07:40 . 2009-07-06 07:41 -------- d-----w- c:\users\amasey\AppData\Roaming\DriverCure
2009-07-06 07:39 . 2009-07-06 07:39 -------- d-----w- c:\programdata\ParetoLogic
2009-07-06 07:37 . 2009-07-06 07:37 -------- d-----w- c:\programdata\Downloaded Installations
2009-07-06 07:10 . 2009-07-06 07:10 -------- d-----w- c:\programdata\Messenger Plus!
2009-07-06 06:26 . 2009-07-06 08:15 -------- d-----w- c:\program files\Messenger Plus! Live
2009-07-05 22:10 . 2009-07-05 22:10 -------- d-----w- c:\program files\Add Remove Plus! 2004
2009-07-05 21:40 . 2009-07-05 21:40 -------- d-----w- c:\users\amasey\AppData\Roaming\Symantec
2009-07-05 10:58 . 2009-07-05 11:00 -------- d-----w- c:\program files\Hotspot Shield
2009-07-05 10:56 . 2009-07-05 10:56 -------- d-----w- c:\users\amasey\AppData\Local\Symantec_Corporation
2009-07-05 10:36 . 2007-03-21 17:39 1060864 ----a-w- c:\windows\system32\MFC71.DLL
2009-07-05 10:34 . 2008-01-19 16:31 15664 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2009-07-05 10:34 . 2008-01-19 16:31 109360 ----a-w- c:\windows\system32\GEARAspi.dll
2009-07-05 10:34 . 2008-01-19 17:12 128104 ----a-w- c:\windows\system32\drivers\WimFltr.sys
2009-07-05 10:34 . 2008-01-19 16:40 15088 ----a-w- c:\windows\system32\drivers\vproeventmonitor.sys
2009-07-05 10:34 . 2008-01-19 16:45 38112 ----a-w- c:\windows\system32\drivers\v2imount.sys
2009-07-05 10:34 . 2007-12-20 14:13 136416 ----a-w- c:\windows\system32\drivers\symsnap.sys
2009-07-05 10:32 . 2009-07-05 22:15 -------- d-----w- c:\programdata\Symantec
2009-07-05 09:51 . 2009-07-08 01:44 -------- d-----w- c:\program files\Save Flash
2009-07-05 08:50 . 2008-06-26 03:29 303616 ----a-w- c:\windows\system32\wmpeffects.dll
2009-07-05 08:50 . 2008-04-29 01:42 220160 ----a-w- c:\windows\system32\drivers\bthport.sys
2009-07-05 08:50 . 2008-04-29 03:54 181760 ----a-w- c:\windows\system32\fsquirt.exe
2009-07-05 08:50 . 2008-04-29 01:42 29184 ----a-w- c:\windows\system32\drivers\BTHUSB.SYS
2009-07-05 08:14 . 2009-07-04 22:52 34008688 ----a-w- c:\programdata\Installations\{3D39E775-DDDA-4327-B747-0BDC5F191331}\Nokia_PC_Suite_7_1_30_9_ara_web.exe
2009-07-05 08:13 . 2009-07-05 08:13 95232 ----a-w- c:\programdata\Installations\{3D39E775-DDDA-4327-B747-0BDC5F191331}\Installer\CommonCustomActions\pcswpcsi.exe
2009-07-05 08:13 . 2009-07-05 08:13 8192 ----a-w- c:\programdata\Installations\{3D39E775-DDDA-4327-B747-0BDC5F191331}\Installer\CommonCustomActions\UninstCCD.exe
2009-07-05 08:13 . 2009-07-05 08:13 61440 ----a-w- c:\programdata\Installations\{3D39E775-DDDA-4327-B747-0BDC5F191331}\Installer\CommonCustomActions\UninstPCSFEMsi.exe
2009-07-05 08:13 . 2009-07-05 08:13 10240 ----a-w- c:\programdata\Installations\{3D39E775-DDDA-4327-B747-0BDC5F191331}\Installer\CommonCustomActions\UninstPCS.exe
2009-07-05 06:17 . 2008-05-27 05:18 29184 ----a-w- c:\windows\system32\wsepno.dll
2009-07-05 06:14 . 2008-10-22 01:22 2048 ----a-w- c:\windows\system32\tzres.dll
2009-07-05 05:29 . 2009-06-03 23:56 675152 ----a-w- c:\windows\system32\gpprefcl.dll
2009-07-05 05:02 . 2008-06-20 01:14 97800 ----a-w- c:\windows\system32\infocardapi.dll
2009-07-05 05:02 . 2008-06-20 01:14 105016 ----a-w- c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2009-07-05 05:02 . 2008-06-20 01:14 43544 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2009-07-05 05:02 . 2008-06-20 01:14 11264 ----a-w- c:\windows\system32\icardres.dll
2009-07-05 05:02 . 2008-06-20 01:14 622080 ----a-w- c:\windows\system32\icardagt.exe
2009-07-05 05:02 . 2008-06-20 01:14 781344 ----a-w- c:\windows\system32\PresentationNative_v0300.dll
2009-07-05 05:02 . 2008-06-20 01:14 326160 ----a-w- c:\windows\system32\PresentationHost.exe
2009-07-05 04:43 . 2008-07-27 18:03 96760 ----a-w- c:\windows\system32\dfshim.dll
2009-07-05 04:43 . 2008-07-27 18:03 282112 ----a-w- c:\windows\system32\mscoree.dll
2009-07-05 04:43 . 2008-07-27 18:03 41984 ----a-w- c:\windows\system32\netfxperf.dll
2009-07-05 04:43 . 2008-07-27 18:03 158720 ----a-w- c:\windows\system32\mscorier.dll
2009-07-05 04:42 . 2008-07-27 18:03 83968 ----a-w- c:\windows\system32\mscories.dll
2009-07-05 01:16 . 2008-02-29 07:14 19000 ----a-w- c:\windows\system32\kd1394.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-13 10:45 . 2006-12-05 05:25 78446 ----a-w- c:\windows\system32\perfc001.dat
2009-07-13 10:45 . 2006-12-05 05:25 439186 ----a-w- c:\windows\system32\perfh001.dat
2009-07-12 11:08 . 2009-07-12 11:08 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf
2009-07-12 00:17 . 2009-07-12 00:17 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_00_00.Wdf
2009-07-10 23:12 . 2009-05-24 12:30 128016 ----a-w- c:\windows\system32\drivers\kl1.sys
2009-07-10 15:24 . 2009-07-04 19:08 680 ----a-w- c:\users\amasey\AppData\Local\d3d9caps.dat
2009-07-08 20:27 . 2009-07-08 20:27 2232 ----a-w- c:\windows\Java\Packages\Data\JRLRDZ53.DAT
2009-07-08 20:27 . 2009-07-08 20:27 155995 ----a-w- c:\windows\Java\Packages\VRL7HVPN.ZIP
2009-07-08 20:27 . 2009-07-08 20:27 2678 ----a-w- c:\windows\Java\Packages\Data\OV7139JN.DAT
2009-07-08 20:26 . 2009-07-08 20:26 2678 ----a-w- c:\windows\Java\Packages\Data\6TFR3DJT.DAT
2009-07-08 20:26 . 2009-07-08 20:26 2678 ----a-w- c:\windows\Java\Packages\Data\L3VPZ9BP.DAT
2009-07-08 20:26 . 2009-07-08 20:26 2678 ----a-w- c:\windows\Java\Packages\Data\0TZ57FLV.DAT
2009-07-08 20:26 . 2009-07-08 20:26 2678 ----a-w- c:\windows\Java\Packages\Data\GPZFR537.DAT
2009-07-07 22:31 . 2009-07-07 22:31 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_ccdcmb_01007.Wdf
2009-07-07 22:28 . 2009-07-07 22:28 0 ---ha-w- c:\windows\system32\drivers\Msft_User_PCCSWpdDriver_01_07_00.Wdf
2009-07-06 10:12 . 2009-07-06 10:12 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_SynTP_01000.Wdf
2009-07-05 09:09 . 2006-11-02 10:25 665600 ----a-w- c:\windows\inf\drvindex.dat
2009-07-05 08:16 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2009-07-04 21:07 . 2006-11-02 12:35 -------- d-----w- c:\program files\Windows Calendar
2009-07-04 21:07 . 2006-11-02 12:35 -------- d-----w- c:\program files\Windows Sidebar
2009-07-04 21:06 . 2006-11-02 12:35 -------- d-----w- c:\program files\Windows Photo Gallery
2009-07-04 21:06 . 2006-11-02 12:35 -------- d-----w- c:\program files\Windows Journal
2009-07-04 21:06 . 2006-11-02 12:35 -------- d-----w- c:\program files\Windows Collaboration
2009-07-04 21:06 . 2006-11-02 12:35 -------- d-----w- c:\program files\Windows Defender
2009-07-04 20:46 . 2006-11-02 10:32 101888 ----a-w- c:\windows\system32\ifxcardm.dll
2009-07-04 20:46 . 2006-11-02 10:32 82432 ----a-w- c:\windows\system32\axaltocm.dll
2009-06-04 16:00 . 2009-06-04 16:00 59992 ----a-w- c:\programdata\Kaspersky Lab Setup Files\Kaspersky Internet Security 2010 9.0.0.459\English\setup.exe
2009-05-25 02:21 . 2009-05-25 02:21 219664 ----a-w- c:\windows\system32\klogon.dll
2009-05-25 02:18 . 2009-05-25 02:18 27507 ----a-w- c:\windows\system32\drivers\klopp.dat
2009-05-16 17:59 . 2009-05-16 17:59 19472 ----a-w- c:\windows\system32\drivers\klmouflt.sys
2009-05-15 15:50 . 2009-05-15 15:50 21008 ----a-w- c:\windows\system32\drivers\klim6.sys
2009-05-11 09:47 . 2009-05-11 09:47 1302600 ----a-w- c:\windows\system32\WUDFUpdate_01007.dll
2009-04-24 16:05 . 2009-07-04 22:03 827904 ----a-w- c:\windows\system32\wininet.dll
2009-04-24 16:02 . 2009-07-04 22:03 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-04-24 13:44 . 2009-07-04 22:03 26624 ----a-w- c:\windows\system32\ieUnatt.exe
2009-06-24 13:36 . 2009-07-04 19:48 137208 ----a-w- c:\program files\mozilla firefox\components\brwsrcmp.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe" [2009-06-25 1414144]
"Uniblue RegistryBooster 2009"="c:\program files\uniblue\registrybooster\StartRegistryBooster.exe" [2008-08-26 99624]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-18 1008184]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-07-04 185896]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\KASPER~1\KASPER~1\mzvkbd.dll c:\progra~1\KASPER~1\KASPER~1\mzvkbd3.dll c:\progra~1\KASPER~1\KASPER~1\kloehk.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"SynTPEnh"=c:\program files\Synaptics\SynTP\SynTPEnh.exe
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" -osboot

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-2143931670-3997929696-873824795-1000]
"EnableNotificationsRef"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"TCP Query User{EA5CB553-3A70-4D7F-99F2-E194F899A345}c:\\programdata\\kaspersky lab setup files\\kaspersky internet security 2010 9.0.0.459\\english\\setup.exe"= UDP:c:\programdata\kaspersky lab setup files\kaspersky internet security 2010 9.0.0.459\english\setup.exe:Kaspersky Internet Security 2010 Setup
"UDP Query User{02EB5001-B099-47AB-AFB0-8BA7542591A6}c:\\programdata\\kaspersky lab setup files\\kaspersky internet security 2010 9.0.0.459\\english\\setup.exe"= TCP:c:\programdata\kaspersky lab setup files\kaspersky internet security 2010 9.0.0.459\english\setup.exe:Kaspersky Internet Security 2010 Setup

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)

R0 HFXP2;HFXP2;c:\windows\System32\drivers\hfxp2.sys [13/07/09 03:46 ص 17264]
R0 iaNvStor;Intel(R) Turbo Memory Technology NAND Controller;c:\windows\System32\drivers\iaNvStor.sys [24/03/08 08:19 ص 210432]
R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\System32\drivers\klbg.sys [15/12/08 08:41 م 33808]
R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\System32\drivers\klim6.sys [15/05/09 06:50 م 21008]
R2 Symantec SymSnap VSS Provider;Symantec SymSnap VSS Provider;c:\windows\System32\dllhost.exe [02/11/06 11:50 ص 7168]
R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\System32\drivers\klmouflt.sys [16/05/09 08:59 م 19472]
R3 NETw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\System32\drivers\NETw5v32.sys [31/03/09 09:26 ص 4232704]
S3 btnetBUs;Bluetooth PAN Bus Service;c:\windows\System32\drivers\btnetBus.sys [07/12/08 12:44 م 30088]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
mStart Page = about:blank
DPF: Microsoft XML Parser for Java - file:///C:/Windows/Java/classes/xmldso.cab
FF - ProfilePath - c:\users\amasey\AppData\Roaming\Mozilla\Firefox\Profiles\fuf69dqa.default\
FF - prefs.js: browser.search.selectedEngine - MyStart Search
FF - prefs.js: browser.startup.homepage - hxxp://mystart.hiyo.com/
FF - prefs.js: keyword.URL - hxxp://mystart.hiyo.com/?loc=ff_address&search=
FF - component: c:\program files\Mozilla Firefox\extensions\linkfilter@kaspersky.ru\components\KavLinkFilter.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.cache_size", 51200);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.ogg.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.wave.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.autoplay.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.dpi", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("geo.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

Rootkit scan 2009-07-14 13:12
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0007\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2009-07-14 13:18
ComboFix-quarantined-files.txt 2009-07-14 10:18

Pre-Run: 70,056,857,600 bytes free
Post-Run: 70,057,914,368 bytes free

341 --- E O F --- 2009-07-14 08:13

 
تأييد 0
للرفع
 
تأييد 0
up
 
تأييد 0
الحين هاجيك جديد لاهنت
 
توقيع : KoNaMi
تأييد 0
يجب تسجيل الدخول أو التسجيل كي تتمكن من الرد هنا.
عودة
أعلى