هذا تقرير هايجاك ....هل يوجد اي اصابة
logfile of trend micro hijackthis v2.0.2
scan saved at 12:05:50 م, on 02/05/2009
platform: Windows xp sp3 (winnt 5.01.2600)
msie: Internet explorer v7.00 (7.00.6000.21020)
boot mode: Normal
running processes:
E:\windows\system32\smss.exe
e:\windows\system32\winlogon.exe
e:\windows\system32\services.exe
e:\windows\system32\lsass.exe
e:\windows\system32\ati2evxx.exe
e:\windows\system32\svchost.exe
e:\windows\system32\svchost.exe
e:\windows\system32\ati2evxx.exe
e:\windows\system32\spoolsv.exe
e:\windows\explorer.exe
e:\windows\rthdcpl.exe
e:\program files\media key\versato.exe
e:\program files\eset\eset smart security\egui.exe
e:\program files\ati technologies\ati.ace\core-static\mom.exe
e:\program files\java\jre6\bin\jusched.exe
e:\program files\common files\real\update_ob\realsched.exe
e:\windows\system32\ctfmon.exe
e:\program files\messenger\msmsgs.exe
e:\program files\internet download manager\idman.exe
e:\program files\daemon tools\daemon.exe
e:\program files\ati technologies\ati.ace\core-static\ccc.exe
e:\program files\media key\osd.exe
e:\program files\eset\eset smart security\ekrn.exe
e:\program files\hotspot shield\bin\openvpnas.exe
e:\program files\hotspot shield\hsswpr\hsssrv.exe
e:\program files\java\jre6\bin\jqs.exe
e:\windows\system32\svchost.exe
e:\program files\internet download manager\iemonitor.exe
e:\program files\windows live\messenger\msnmsgr.exe
e:\program files\windows live\messenger\usnsvc.exe
e:\program files\internet explorer\iexplore.exe
e:\program files\ares\ares.exe
c:\الاساسيه لجهاز\هايجاك\zyzoom_hijackthis.exe
r1 - hkcu\software\microsoft\internet explorer\main,search page =
r1 - hklm\software\microsoft\internet explorer\main,default_page_url =
r1 - hklm\software\microsoft\internet explorer\main,default_search_url =
r1 - hklm\software\microsoft\internet explorer\main,search page =
r0 - hklm\software\microsoft\internet explorer\main,start page =
o2 - bho: Idm helper - {0055c089-8582-441b-a0bf-17b458c2a3a8} - e:\program files\internet download manager\idmiecc.dll
o2 - bho: مساعد رابط adobe pdf reader - {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - e:\program files\common files\adobe\acrobat\activex\acroiehelper.dll
o2 - bho: Realplayer download and record plugin for internet explorer - {3049c3e9-b461-4bc5-8870-4c09146192ca} - e:\program files\real\realplayer\rpbrowserrecordplugin.dll
o2 - bho: Windows live sign-in helper - {9030d464-4c02-4abf-8ecc-5164760863c6} - e:\program files\common files\microsoft shared\windows live\windowslivelogin.dll
o2 - bho: Java(tm) plug-in 2 ssv helper - {dbc80044-a445-435b-bc74-9c25c1c588a9} - e:\program files\java\jre6\bin\jp2ssv.dll
o2 - bho: Jqsiestartdetectorimpl - {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - e:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
o4 - hklm\..\run: [rthdcpl] rthdcpl.exe
o4 - hklm\..\run: [alcmtr] alcmtr.exe
o4 - hklm\..\run: [startccc] "e:\program files\ati technologies\ati.ace\core-static\clistart.exe" msrun
o4 - hklm\..\run: [aticustomercare] "e:\program files\ati\aticustomercare\aticustomercare.exe"
o4 - hklm\..\run: [versato] e:\program files\media key\versato.exe
o4 - hklm\..\run: [egui] "e:\program files\eset\eset smart security\egui.exe" /hide /waitservice
o4 - hklm\..\run: [sunjavaupdatesched] "e:\program files\java\jre6\bin\jusched.exe"
o4 - hklm\..\run: [kernelfaultcheck] %systemroot%\system32\dumprep 0 -k
o4 - hklm\..\run: [tkbellexe] "e:\program files\common files\real\update_ob\realsched.exe" -osboot
o4 - hkcu\..\run: [ctfmon.exe] e:\windows\system32\ctfmon.exe
o4 - hkcu\..\run: [ares] "e:\program files\ares\ares.exe" -h
o4 - hkcu\..\run: [msnmsgr] "e:\program files\windows live\messenger\msnmsgr.exe" /background
o4 - hkcu\..\run: [msmsgs] "e:\program files\messenger\msmsgs.exe" /background
o4 - hkcu\..\run: [idman] e:\program files\internet download manager\idman.exe /onboot
o4 - hkcu\..\run: [daemon tools] "e:\program files\daemon tools\daemon.exe" -lang 1033
o4 - hkus\s-1-5-19\..\run: [ctfmon.exe] e:\windows\system32\ctfmon.exe (user 'local service')
o4 - hkus\s-1-5-19\..\runonce: [showdeskfix] regsvr32 /s /n /i:u shell32 (user 'local service')
o4 - hkus\s-1-5-20\..\run: [ctfmon.exe] e:\windows\system32\ctfmon.exe (user 'network service')
o4 - hkus\s-1-5-20\..\runonce: [showdeskfix] regsvr32 /s /n /i:u shell32 (user 'network service')
o4 - hkus\s-1-5-18\..\run: [ctfmon.exe] e:\windows\system32\ctfmon.exe (user 'system')
o4 - hkus\s-1-5-18\..\runonce: [showdeskfix] regsvr32 /s /n /i:u shell32 (user 'system')
o4 - hkus\.default\..\run: [ctfmon.exe] e:\windows\system32\ctfmon.exe (user 'default user')
o4 - hkus\.default\..\runonce: [showdeskfix] regsvr32 /s /n /i:u shell32 (user 'default user')
o4 - global startup: Adobe reader synchronizer.lnk = e:\program files\adobe\reader 8.0\reader\adobecollabsync.exe
o4 - global startup: سرعة تشغيل adobe reader.lnk = e:\program files\adobe\reader 8.0\reader\reader_sl.exe
o8 - extra context menu item: Flashget ت&حميل بواسطة - e:\program files\flashget network\flashget universal\comdlls\bholink.htm
o8 - extra context menu item: Flashget تحميل ال&كل بواسطة - e:\program files\flashget network\flashget universal\comdlls\bhoall.htm
o8 - extra context menu item: تحميل الكل بواسطة internet download manager - e:\program files\internet download manager\iegetall.htm
o8 - extra context menu item: تحميل بواسطة internet download manager - e:\program files\internet download manager\ieext.htm
o8 - extra context menu item: تحميل محتوى flv بواسطة internet download manager - e:\program files\internet download manager\iegetvl.htm
o9 - extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - e:\windows\network diagnostic\xpnetdiag.exe
o9 - extra 'tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - e:\windows\network diagnostic\xpnetdiag.exe
o9 - extra button: Messenger - {fb5f1910-f110-11d2-bb9e-00c04f795683} - e:\program files\messenger\msmsgs.exe
o9 - extra 'tools' menuitem: Windows messenger - {fb5f1910-f110-11d2-bb9e-00c04f795683} - e:\program files\messenger\msmsgs.exe
o23 - service: Ati hotkey poller - ati technologies inc. - e:\windows\system32\ati2evxx.exe
o23 - service: Ati smart - unknown owner - e:\windows\system32\ati2sgag.exe
o23 - service: Eset http server (ehttpsrv) - eset - e:\program files\eset\eset smart security\ehttpsrv.exe
o23 - service: Eset service (ekrn) - eset - e:\program files\eset\eset smart security\ekrn.exe
o23 - service: Symantec eraser service (erasersvc10910) - unknown owner - e:\program files\norton internet security\engine\16.5.0.135\ccsvchst.exe (file missing)
o23 - service: Hotspot shield service (hotspotshieldservice) - unknown owner - e:\program files\hotspot shield\bin\openvpnas.exe
o23 - service: Hotspot shield helper service (hsssrv) - anchorfree inc. - e:\program files\hotspot shield\hsswpr\hsssrv.exe
o23 - service: Hotspot shield tray service (hsstrayservice) - unknown owner - e:\program files\hotspot shield\bin\hsstrayservice.exe
o23 - service: Java quick starter (javaquickstarterservice) - sun microsystems, inc. - e:\program files\java\jre6\bin\jqs.exe
--
end of file - 7445 bytes
k:
