مساعدة تقرير هاجيك

محروم.كوم · #1 05-04-2010, 05:40 PM

السلام عليكم

كيفكم ودي اتأكد انو جاهزي فيه ملفات تجسس والا

وهذا تقرير الهاجيك

إقتباس:
logfile of trend micro hijackthis v2.0.2
إقتباس:

scan saved at 02:33:15 م, on 02/05/2010

platform: Windows xp sp2 (winnt 5.01.2600)
msie: Internet explorer v6.00 sp2 (6.00.2900.2180)
boot mode: Normal
running processes:
C:\windows\system32\smss.exe
c:\windows\system32\winlogon.exe
c:\windows\system32\services.exe
c:\windows\system32\lsass.exe
c:\windows\system32\svchost.exe
c:\windows\system32\svchost.exe
c:\program files\intel\wireless\bin\evteng.exe
c:\program files\intel\wireless\bin\s24evmon.exe
c:\program files\intel\wireless\bin\wlkeeper.exe
c:\windows\system32\wltrysvc.exe
c:\windows\system32\bcmwltry.exe
c:\program files\avg\avg9\avgchsvx.exe
c:\program files\avg\avg9\avgrsx.exe
c:\windows\system32\spoolsv.exe
c:\program files\avg\avg9\avgcsrvx.exe
c:\program files\avg\avg9\avgwdsvc.exe
c:\program files\widcomm\bluetooth software\bin\btwdins.exe
c:\program files\common files\microsoft shared\vs7debug\mdm.exe
c:\program files\intel\wireless\bin\regsrvc.exe
c:\program files\microsoft\search enhancement pack\seaport\seaport.exe
c:\program files\avg\avg9\avgnsx.exe
c:\windows\explorer.exe
c:\program files\common files\real\update_ob\realsched.exe
c:\program files\google\google desktop search\googledesktop.exe
c:\progra~1\avg\avg9\avgtray.exe
c:\windows\system32\ctfmon.exe
c:\program files\windows live\messenger\msnmsgr.exe
c:\program files\google\google desktop search\googledesktop.exe
c:\program files\widcomm\bluetooth software\bttray.exe
c:\program files\winzip\wzqkpick.exe
c:\progra~1\widcomm\blueto~1\btstac~1.ex e
c:\windows\system32\cnab4rpk.exe
c:\windows\system32\wuauclt.exe
c:\progra~1\mobily~1\modem.exe
c:\program files\internet explorer\iexplore.exe
c:\program files\windows live\toolbar\wltuser.exe
c:\program files\trend micro\hijackthis\hijackthis.exe
r1 - hkcu\software\microsoft\internet explorer\main,search bar = http://search.live.com/sphome.aspx
r1 - hkcu\software\microsoft\internet explorer\main,search page = http://search.live.com
r0 - hklm\software\microsoft\internet explorer\search,searchassistant = http://search.live.com/sphome.aspx
r3 - urlsearchhook: Avg security toolbar bho - {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg9\toolbar\ietoolbar.dll
r3 - urlsearchhook: (no name) - {bc4ffe41-de9f-46fa-b455-aad49b9f9938} - (no file)
r3 - urlsearchhook: Sweetim toolbarurlsearchhook class - {eee6c35d-6118-11dc-9c72-001320c79847} - c:\program files\sweetim\toolbars\internet explorer\mghelper.dll
r3 - urlsearchhook: 4shared.com toolbar - {09ec805c-cb2e-4d53-b0d3-a75a428b81c7} - c:\program files\4shared.com\tb4sh1.dll
r3 - urlsearchhook: Messenger plus live saudi arabia toolbar - {9d657fd4-0328-423a-b12d-9576cd92af19} - c:\program files\messenger_plus_live_saudi_arabia\t bmess.dll
o2 - bho: 4shared.com toolbar - {09ec805c-cb2e-4d53-b0d3-a75a428b81c7} - c:\program files\4shared.com\tb4sh1.dll
o2 - bho: Realplayer download and record plugin for internet explorer - {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\realplayer\rpbrowserrecordplu gin.dll
o2 - bho: Wormradar.com iesiteblocker.navfilter - {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll
o2 - bho: Search helper - {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\sepsearchhelperie.dll
o2 - bho: مساعد تسجيل الدخول إلى windows live - {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\windowslivelogin.dll
o2 - bho: Messenger plus live saudi arabia toolbar - {9d657fd4-0328-423a-b12d-9576cd92af19} - c:\program files\messenger_plus_live_saudi_arabia\t bmess.dll
o2 - bho: Avg security toolbar bho - {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg9\toolbar\ietoolbar.dll
o2 - bho: Google toolbar helper - {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\googletoolbar_32.dll
o2 - bho: Google toolbar notifier bho - {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.4.4 525.1752\swg.dll
o2 - bho: Google dictionary compression sdch - {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_b7c5ac24219 3bb3e.dll
o2 - bho: Windows live toolbar helper - {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll
o2 - bho: Sweetie - {eee6c35c-6118-11dc-9c72-001320c79847} - c:\program files\sweetim\toolbars\internet explorer\mgtoolbarie.dll
o3 - toolbar: &windows live toolbar - {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
o3 - toolbar: Google toolbar - {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\googletoolbar_32.dll
o3 - toolbar: 4shared.com toolbar - {09ec805c-cb2e-4d53-b0d3-a75a428b81c7} - c:\program files\4shared.com\tb4sh1.dll
o3 - toolbar: Avg security toolbar - {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:\program files\avg\avg9\toolbar\ietoolbar.dll
o3 - toolbar: Messenger plus live saudi arabia toolbar - {9d657fd4-0328-423a-b12d-9576cd92af19} - c:\program files\messenger_plus_live_saudi_arabia\t bmess.dll
o4 - hklm\..\run: [tkbellexe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot

o4 - hklm\..\run: [google desktop search] "c:\program files\google\google desktop search\googledesktop.exe" /startup
o4 - hklm\..\run: [malwarebytes anti-malware (reboot)] "c:\documents and settings\dell user\desktop\malwarebytesportable\app\ma lwarebytes\mbam.exe" /runcleanupscript
o4 - hklm\..\run: [avg9_tray] c:\progra~1\avg\avg9\avgtray.exe
o4 - hkcu\..\run: [ctfmon.exe] c:\windows\system32\ctfmon.exe
o4 - hkcu\..\run: [swg] "c:\program files\google\googletoolbarnotifier\googl etoolbarnotifier.exe"
o4 - hkcu\..\run: [messengerplus3] "c:\program files\messengerplus! 3\msgplus.exe" /winstart
o4 - hkcu\..\run: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
o4 - hkus\s-1-5-18\..\run: [ctfmon.exe] c:\windows\system32\ctfmon.exe (user 'system')
o4 - hkus\.default\..\run: [ctfmon.exe] c:\windows\system32\ctfmon.exe (user 'default user')
o4 - global startup: Adobe gamma loader.lnk = c:\program files\common files\adobe\calibration\adobe gamma loader.exe
o4 - global startup: Bluetooth.lnk = ?
O4 - global startup: Winzip quick pick.lnk = c:\program files\winzip\wzqkpick.exe
o8 - extra context menu item: &download all 4shared files - c:\program files\4shared desktop\down_all.htm
o8 - extra context menu item: &download using 4shared desktop - c:\program files\4shared desktop\down_link.htm
o8 - extra context menu item: E&xport to microsoft excel - res://c:\progra~1\micros~2\office11\excel.exe/3000
o8 - extra context menu item: Send to &bluetooth device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm
o9 - extra button: تدوين هذا في المدونة - {219c3416-8cb2-491a-a3c7-d9fcddc9d600} - c:\program files\windows live\writer\writerbrowserextension.dll
o9 - extra 'tools' menuitem: &تدوين هذا في windows live writer - {219c3416-8cb2-491a-a3c7-d9fcddc9d600} - c:\program files\windows live\writer\writerbrowserextension.dll
o9 - extra button: Research - {92780b25-18cc-41c8-b9be-3c9c571a8263} - c:\progra~1\micros~2\office11\refiebar.d ll
o9 - extra button: Messenger - {fb5f1910-f110-11d2-bb9e-00c04f795683} - c:\program files\messenger\msmsgs.exe
o9 - extra 'tools' menuitem: Windows messenger - {fb5f1910-f110-11d2-bb9e-00c04f795683} - c:\program files\messenger\msmsgs.exe
o16 - dpf: {6924091f-cd97-41e1-b1d4-d9079409d413} (imcv1 control) - http://209.11.247.130/talk.cab
o17 - hklm\system\ccs\services\tcpip\..\{366f9 1b8-b2c5-41ad-91f2-36c3ee036df5}: Nameserver = 84.23.101.84 84.23.101.85
o18 - protocol: Linkscanner - {f274614c-63f8-47d5-a4d1-fbdde494f8d1} - c:\program files\avg\avg9\avgpp.dll
o20 - appinit_dlls: C:\progra~1\google\google~2\goec62~1.dll
o20 - winlogon notify: Avgrsstarter - c:\windows\system32\avgrsstx.dll
o23 - service: Avg free watchdog (avg9wd) - avg technologies cz, s.r.o. - c:\program files\avg\avg9\avgwdsvc.exe
o23 - service: Bluetooth service (btwdins) - broadcom corporation. - c:\program files\widcomm\bluetooth software\bin\btwdins.exe
o23 - service: Intel(r) proset/wireless event log (evteng) - intel corporation - c:\program files\intel\wireless\bin\evteng.exe
o23 - service: Google desktop manager 5.9.911.3589 (googledesktopmanager-110309-193829) - google - c:\program files\google\google desktop search\googledesktop.exe
o23 - service: خدمة تحديث google (gupdate1c9b8d02e4efb6a) (gupdate1c9b8d02e4efb6a) - google inc. - c:\program files\google\update\googleupdate.exe
o23 - service: Google software updater (gusvc) - google - c:\program files\google\common\google updater\googleupdaterservice.exe
o23 - service: Intel(r) proset/wireless registry service (regsrvc) - intel corporation - c:\program files\intel\wireless\bin\regsrvc.exe
o23 - service: Intel(r) proset/wireless service (s24eventmonitor) - intel corporation - c:\program files\intel\wireless\bin\s24evmon.exe
o23 - service: Messenger sharing folders usn journal reader service (usnjsvc) - unknown owner - c:\program files\windows live messenger khalid edition v5.5 arabic\usnsvc.exe (file missing)
o23 - service: Intel(r) proset/wireless sso service (wlankeeper) - intel(r) corporation - c:\program files\intel\wireless\bin\wlkeeper.exe
o23 - service: Dell wireless wlan tray service (wltrysvc) - unknown owner - c:\windows\system32\wltrysvc.exe
--
end of file - 9600 bytes

ومشكورين مقدماً
__DEFINE_LIKE_SHARE__