وها هو التقرير لأحد الأجهزة.. طبعا تم التقاط هذه الصور من نفس الجهاز الذي أخذت منه التقرير..
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 03:37:51 ص, on 21/09/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\Program Files\HyperTechnologies\Deep Freeze\DfServEx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\mduaeyk.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\DOCUME~1\Moon\LOCALS~1\Temp\4.gif
C:\DOCUME~1\Moon\LOCALS~1\Temp\5.gif
C:\DOCUME~1\Moon\LOCALS~1\Temp\14.gif
C:\DOCUME~1\Moon\LOCALS~1\Temp\18.gif
C:\DOCUME~1\Moon\LOCALS~1\Temp\7.gif
C:\DOCUME~1\Moon\LOCALS~1\Temp\9.gif
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
O1 - Hosts: 127.1 localhost
O1 - Hosts: 127.1 vt0r48p760.cn
O1 - Hosts: 127.1
O1 - Hosts: 127.1
O1 - Hosts: 127.1 po.uc-us.cn
O1 - Hosts: 127.1 219.139.83.20
O1 - Hosts: 127.1
O1 - Hosts: 127.1
O1 - Hosts: 127.1 219.153.71.185
O1 - Hosts: 127.1 59.34.148.68
O1 - Hosts: 127.1 208.43.165.86
O1 - Hosts: 127.1 208.43.166.171
O1 - Hosts: 127.1 219.153.71.185
O1 - Hosts: 127.1 61.164.140.39
O1 - Hosts: 127.1
O1 - Hosts: 127.1 cwk1237.3322.org
O1 - Hosts: 127.1
O1 - Hosts: 127.1 munchkin.marketo.net
O1 - Hosts: 127.1 post.marketo.net
O1 - Hosts: 127.1
O1 - Hosts: 127.1
O1 - Hosts: 127.1
O1 - Hosts: 127.1 facaizhifuok.cn
O1 - Hosts: 127.1
O1 - Hosts: 127.1 a.woaigan.com
O1 - Hosts: 127.1 b.woaigan.com
O1 - Hosts: 127.1 xxx.usxx.info
O1 - Hosts: 127.1 alenxya.1122mb.com
O1 - Hosts: 127.1
O1 - Hosts: 127.1 972se.com
O1 - Hosts: 127.1 pic.03wyt.com
O1 - Hosts: 127.1 d.03wyt.com
O1 - Hosts: 127.1 xs.03wyt.com
O1 - Hosts: 127.1
O1 - Hosts: 127.1 8jse.net
O1 - Hosts: 127.1
O1 - Hosts: 127.1
O1 - Hosts: 127.1
O1 - Hosts: 127.1
O1 - Hosts: 127.1
O1 - Hosts: 127.1
O1 - Hosts: 127.1 1aa1aa.com
O1 - Hosts: 127.1 xx.avno3.com
O1 - Hosts: 127.1 xxx.avno5.com
O1 - Hosts: 127.1
O1 - Hosts: 127.1 avno7.com
O1 - Hosts: 127.1 ok.avno4.com
O1 - Hosts: 127.1 ok.avno5.com
O1 - Hosts: 127.1 ok.avno6.com
O1 - Hosts: 127.1 ok.avno7.com
O1 - Hosts: 127.1 ok.avno9.com
O1 - Hosts: 127.1 avno1.com
O1 - Hosts: 127.1 avno3.com
O1 - Hosts: 127.1 avno4.com
O1 - Hosts: 127.1 aikanav.com
O1 - Hosts: 127.1 link.selink.org
O1 - Hosts: 127.1
O1 - Hosts: 127.1 avno6.com
O1 - Hosts: 127.1 4.chibbs.info
O1 - Hosts: 127.1 bbs.chibbs.info
O1 - Hosts: 127.1 aa.ss99.biz
O1 - Hosts: 127.1 se.ss99.biz
O1 - Hosts: 127.1 aa.sxlk.net
O1 - Hosts: 127.1 se.sxlk99.com
O1 - Hosts: 127.1
O1 - Hosts: 127.1 88xj.net
O1 - Hosts: 127.1
O1 - Hosts: 127.1 99xj.net
O1 - Hosts: 127.1
O1 - Hosts: 127.1 91semi.com
O1 - Hosts: 127.1 haobaidu.1122mb.com
O1 - Hosts: 127.1 xiao777.za.pl
O1 - Hosts: 127.1 ccavo6.avno6.com
O1 - Hosts: 127.1 a.sxlk99.com
O1 - Hosts: 127.1
O1 - Hosts: 127.1
O1 - Hosts: 127.1
O1 - Hosts: 127.1 php-1.cn
O1 - Hosts: 127.1
O1 - Hosts: 127.1 php-2.cn
O1 - Hosts: 127.1 php-3.cn
O1 - Hosts: 127.1 php-4.cn
O1 - Hosts: 127.1 php-5.cn
O1 - Hosts: 127.1 php-6.cn
O1 - Hosts: 127.1 php-7.cn
O1 - Hosts: 127.1 php-8.cn
O1 - Hosts: 127.1 php-9.cn
O1 - Hosts: 127.1 php-10.cn
O1 - Hosts: 127.1 php-11.cn
O1 - Hosts: 127.1 k.5x2x.com
O1 - Hosts: 127.1 a.5x2x.com
O1 - Hosts: 127.1 202.108.23.205
O1 - Hosts: 127.1 60.190.218.21
O1 - Hosts: 127.1 121.14.154.195
O1 - Hosts: 127.1 218.30.82.201
O1 - Hosts: 127.1 59.34.198.48
O1 - Hosts: 127.1 121.14.154.216
O1 - Hosts: 127.1 219.152.120.237
O1 - Hosts: 127.1 121.14.154.184
O1 - Hosts: 127.1 125.67.67.201
O1 - Hosts: 127.1 222.168.102.12
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: ThunderAdvise - {97421D0D-E07F-40DF-8F07-99597B9585AD} - C:\WINDOWS\Downloaded Program Files\ThunderAdvise.dll
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [3PMmUpdate] rundll32 "C:\WINDOWS\Update.dll",Main
O4 - HKLM\..\Run: [HBService32] System.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: &تصدير إلى Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: بحث - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\wrm32.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wrm32.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{2C32965F-632E-48FE-88BB-3F42D9A08B90}: NameServer = 192.168.15.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{2C32965F-632E-48FE-88BB-3F42D9A08B90}: NameServer = 192.168.15.1
O20 - AppInit_DLLs: mduaey.dll eskisl.dll lensch.dll micsus.dll cupops.dll jolndyo.dll johandy.dll aotoppt.dll pewire.dll comboaus.dll catower.dll wllame.dll
O20 - Winlogon Notify: DfLogon - C:\WINDOWS\SYSTEM32\LogonDll.dll
O21 - SSODL: msnmsg - {DA191DE0-AA86-4ED0-4B87-293D48B2AE99} - C:\Program Files\Messenger\msgmr.dll
O21 - SSODL: sysocmgr - {DA1DE019-A6A8-ED40-4B87-248B2A93DE99} - C:\WINDOWS\sysocmgr.dll
O21 - SSODL: ozfqrolw.dll - {434FA69C-5F0A-42e1-82B8-10AF2C8E53C6} - C:\WINDOWS\system32\ywftzqmu.dll
O21 - SSODL: ejayqkzx.dll - {EB9660D8-E1CD-4ff0-B4A9-00CD907F928A} - C:\WINDOWS\system32\bhzyjree.dll
O21 - SSODL: hbgkeiby.dll - {71A78CD4-E470-4a18-8457-E0E0283DD507} - C:\WINDOWS\system32\leywftil.dll
O21 - SSODL: avicapwm.dll - {6B9FEAD7-4319-4312-AB05-D8C9CD255BFE} - C:\WINDOWS\system32\avicapwm.dll
O21 - SSODL: evasilcl.dll - {F0930A2F-D971-4828-8209-B7DFD266ED44} - C:\WINDOWS\system32\rruhqmto.dll
O21 - SSODL: lparodxw.dll - {D3112B69-A745-4805-874E-ABD480EA1299} - C:\WINDOWS\system32\ymqztovj.dll
O21 - SSODL: lelxqaom.dll - {2CB77746-8ECC-40ca-8217-10CA8BE5EFC8} - C:\WINDOWS\system32\ijhxpqzq.dll
O21 - SSODL: ThunderAdvise - {97421D0D-E07F-40DF-8F07-99597B9585AD} - C:\WINDOWS\Downloaded Program Files\ThunderAdvise.dll
O21 - SSODL: ywftzqmu.dll - {434FA69C-5F0A-42e1-82B8-10AF2C8E53C6} - C:\WINDOWS\system32\ywftzqmu.dll
O21 - SSODL: bhzyjree.dll - {EB9660D8-E1CD-4ff0-B4A9-00CD907F928A} - C:\WINDOWS\system32\bhzyjree.dll
O21 - SSODL: leywftil.dll - {71A78CD4-E470-4a18-8457-E0E0283DD507} - C:\WINDOWS\system32\leywftil.dll
O21 - SSODL: rruhqmto.dll - {F0930A2F-D971-4828-8209-B7DFD266ED44} - C:\WINDOWS\system32\rruhqmto.dll
O21 - SSODL: ymqztovj.dll - {D3112B69-A745-4805-874E-ABD480EA1299} - C:\WINDOWS\system32\ymqztovj.dll
O21 - SSODL: ijhxpqzq.dll - {2CB77746-8ECC-40ca-8217-10CA8BE5EFC8} - C:\WINDOWS\system32\ijhxpqzq.dll
O23 - Service: DFServEx - Hyper Technologies Inc. - C:\Program Files\HyperTechnologies\Deep Freeze\DfServEx.exe
--
End of file - 8538 bytes
