من فضلك قم بتحديث الصفحة لمشاهدة المحتوى المخفي
السلام عليكم ورحمة الله وبركاته
هذا تقرير جهازي فهل جهازي مصاب ؟
logfile of trend micro hijackthis v2.0.2
scan saved at 11:40:40 م, on 31/01/2009
platform: Windows xp sp2 (winnt 5.01.2600)
msie: Internet explorer v6.00 sp2 (6.00.2900.2180)
boot mode: Normal
running processes:
C:\windows\system32\smss.exe
c:\windows\system32\winlogon.exe
c:\windows\system32\services.exe
c:\windows\system32\lsass.exe
c:\windows\system32\svchost.exe
c:\windows\system32\svchost.exe
c:\windows\system32\spoolsv.exe
c:\windows\explorer.exe
c:\program files\java\jre1.5.0_03\bin\jusched.exe
c:\program files\common files\real\update_ob\realsched.exe
c:\windows\sm56hlpr.exe
c:\program files\cyberlink\powerdvd\pdvdserv.exe
c:\program files\lg_fwupdate\fwupdate.exe
c:\program files\nero\nero 7\incd\nbhgui.exe
c:\program files\nero\nero 7\incd\incd.exe
c:\windows\rthdcpl.exe
c:\windows\fixcamera.exe
c:\windows\tsnp325.exe
c:\windows\vsnp325.exe
c:\windows\system32\ctfmon.exe
c:\program files\google\googletoolbarnotifier\1.2.1128.5462\googletoolbarnotifier.exe
c:\docume~1\user\locals~1\temp\a.exe
c:\docume~1\user\locals~1\temp\~tmpf.exe
c:\program files\nero\nero 7\incd\incdsrv.exe
c:\program files\cyberlink\shared files\richvideo.exe
c:\windows\system32\svchost.exe
c:\program files\yahoo!\messenger\ymsgr_tray.exe
c:\windows\system32\wuauclt.exe
c:\program files\trend micro\hijackthis\hijackthis.exe
r1 - hkcu\software\microsoft\windows\currentversion\internet settings,proxyserver = 127.0.0.1:4001
r3 - urlsearchhook: Defaultsearchhook class - {c94e154b-1459-4a47-966b-4b843befc7db} - c:\program files\asksearch\bin\defaultsearch.dll
o2 - bho: Askbar bho - {201f27d4-3704-41d6-89c1-aa35e39143ed} - c:\program files\askbardis\bar\bin\askbar.dll
o2 - bho: Realplayer download and record plugin for internet explorer - {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
o2 - bho: Xml module - {500bca15-57a7-4eaf-8143-8c619470b13d} - c:\windows\system32\msxml71.dll
o2 - bho: (no name) - {7e853d72-626a-48ec-a868-ba8d5e23e045} - (no file)
o2 - bho: Windows live sign-in helper - {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\windowslivelogin.dll
o2 - bho: Google toolbar helper - {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\googletoolbar2.dll
o3 - toolbar: &google - {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar2.dll
o3 - toolbar: Ask toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - c:\program files\askbardis\bar\bin\askbar.dll
o4 - hklm\..\run: [sunjavaupdatesched] c:\program files\java\jre1.5.0_03\bin\jusched.exe
o4 - hklm\..\run: [tkbellexe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
o4 - hklm\..\run: [smserial] sm56hlpr.exe
o4 - hklm\..\run: [remotecontrol] "c:\program files\cyberlink\powerdvd\pdvdserv.exe"
o4 - hklm\..\run: [languageshortcut] "c:\program files\cyberlink\powerdvd\language\language.exe"
o4 - hklm\..\run: [lgoddfu] "c:\program files\lg_fwupdate\fwupdate.exe" blrun
o4 - hklm\..\run: [nerofiltercheck] c:\program files\common files\ahead\lib\nerocheck.exe
o4 - hklm\..\run: [securdisc] c:\program files\nero\nero 7\incd\nbhgui.exe
o4 - hklm\..\run: [incd] c:\program files\nero\nero 7\incd\incd.exe
o4 - hklm\..\run: [rthdcpl] rthdcpl.exe
o4 - hklm\..\run: [skytel] skytel.exe
o4 - hklm\..\run: [alcmtr] alcmtr.exe
o4 - hklm\..\run: [fixcamera] c:\windows\fixcamera.exe
o4 - hklm\..\run: [tsnp325] c:\windows\tsnp325.exe
o4 - hklm\..\run: [snp325] c:\windows\vsnp325.exe
o4 - hkcu\..\run: [ctfmon.exe] c:\windows\system32\ctfmon.exe
o4 - hkcu\..\run: [amva] c:\windows\system32\amvo.exe
o4 - hkcu\..\run: [yahoo! Pager] "c:\program files\yahoo!\messenger\yahoomessenger.exe" -quiet
o4 - hkcu\..\run: [uniblue registrybooster 2009] c:\program files\uniblue\registrybooster\registrybooster.exe /s
o4 - hkcu\..\run: [swg] c:\program files\google\googletoolbarnotifier\1.2.1128.5462\googletoolbarnotifier.exe
o4 - hkcu\..\run: [msfox] c:\docume~1\user\locals~1\temp\a.exe
o4 - hkcu\..\run: [cognac] c:\docume~1\user\locals~1\temp\a.exe
o4 - hkus\s-1-5-19\..\run: [ctfmon.exe] c:\windows\system32\ctfmon.exe (user 'local service')
o4 - hkus\s-1-5-20\..\run: [ctfmon.exe] c:\windows\system32\ctfmon.exe (user 'network service')
o4 - hkus\s-1-5-18\..\run: [ctfmon.exe] c:\windows\system32\ctfmon.exe (user 'system')
o4 - hkus\.default\..\run: [ctfmon.exe] c:\windows\system32\ctfmon.exe (user 'default user')
o8 - extra context menu item: E&xport to microsoft excel - res://c:\progra~1\micros~2\office11\excel.exe/3000
o9 - extra button: (no name) - {08b0e5c0-4fcb-11cf-aaa5-00401c608501} - c:\program files\java\jre1.5.0_03\bin\npjpi150_03.dll
o9 - extra 'tools' menuitem: Sun java console - {08b0e5c0-4fcb-11cf-aaa5-00401c608501} - c:\program files\java\jre1.5.0_03\bin\npjpi150_03.dll
o9 - extra button: Research - {92780b25-18cc-41c8-b9be-3c9c571a8263} - c:\progra~1\micros~2\office11\refiebar.dll
o9 - extra button: Messenger - {fb5f1910-f110-11d2-bb9e-00c04f795683} - c:\program files\messenger\msmsgs.exe
o9 - extra 'tools' menuitem: Windows messenger - {fb5f1910-f110-11d2-bb9e-00c04f795683} - c:\program files\messenger\msmsgs.exe
o23 - service: Google updater service (gusvc) - google - c:\program files\google\common\google updater\googleupdaterservice.exe
o23 - service: Incd helper (incdsrv) - nero ag - c:\program files\nero\nero 7\incd\incdsrv.exe
o23 - service: Nbservice - nero ag - c:\program files\nero\nero 7\nero backitup\nbservice.exe
o23 - service: Nmindexingservice - nero ag - c:\program files\common files\ahead\lib\nmindexingservice.exe
o23 - service: Cyberlink richvideo service(crvs) (richvideo) - unknown owner - c:\program files\cyberlink\shared files\richvideo.exe
--
end of file - 5847 bytes
عندك مفاتيح مصابه ...
والافضل فتح موضوع بقسم الصيانه ... كما اسلفت بردي السابق
