منتديات المجاوشي - تقريري هايجاك ورن سكنر

بسم الله الرحمن الرحيم
السلام عليكم ورحمه الله وبركاته

كل عام وانتم بخير
جزاكم الله خيرا
القاء نظره على التقارير المرفقه
لانني اصبت بشكوك حيال الجهاز
بارك الله فيكم

تقرير الهايجاك

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:26:45 AM, on 8/7/2011
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\Program Files\Real\RealPlayer\update\realsched.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\WINDOWS\system32\svchost.exe
C:\Documents and Settings\All Users\Application

Data\DatacardService\HWDeviceService.exe
C:\Program Files\Malwarebytes' Anti-

Malware\mbamservice.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Documents and Settings\All Users\Application Data\Zain

Broadband\OnlineUpdate\ouc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\HP\Digital Imaging\Smart Web

Printing\hpswp_clipbook.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\WINDOWS\explorer.exe
C:\Zyzoom_Forum_Tools\zyzoom.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 -

HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet

Settings,ProxyOverride = local
O1 - Hosts: 65.54.239.80 messenger.hotmail.com
O1 - Hosts: 65.54.239.80 dp.msnmessenger.akadns.net
O1 - Hosts: 65.54.239.80 messenger.hotmail.com
O1 - Hosts: 65.54.239.80 dp.msnmessenger.akadns.net
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-

17B458C2A3A8} - C:\Program Files\Internet Download

Manager\IDMIECC.dll
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09

-768834316C61} - C:\Program Files\HP\Digital

Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596

-FA578C2EBDC3} - C:\Program Files\Common

Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for

Internet Explorer - {3049C3E9-B461-4BC5-8870-

4C09146192CA} - C:\Documents and Settings\All

Users\Application

Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrow serrec

ordplugin.dll
O2 - BHO: ????? ????? ?????? ??? Windows Live - {9030D464-

4C02-4ABF-8ECC-5164760863C6} - C:\Program

Files\Common Files\Microsoft Shared\Windows

Live\WindowsLiveLogin.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-

BDC2-0E72E116A856} - C:\Program Files\HP\Digital

Imaging\Smart Web Printing\hpswp_BHO.dll
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart

Security\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE

C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [TkBellExe] "C:\Program

Files\Real\RealPlayer\update\realsched.exe" -osboot
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows

Live\Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE]

C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE]

C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: تحميل الكل بواسطة Internet

Download Manager - C:\Program Files\Internet Download

Manager\IEGetAll.htm
O8 - Extra context menu item: تحميل بواسطة Internet Download

Manager - C:\Program Files\Internet Download

Manager\IEExt.htm
O9 - Extra button: Show or hide HP Smart Web Printing -

{DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program

Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-

BB9E-00C04F795683} - C:\Program

Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger -

{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program

Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{0C6F4B4F-

2C83-49BE-84C2-18AFF6088D87}: NameServer =

208.67.220.220,204.74.101.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{39D901E5-

FE39-4EEB-A72B-3223D20DFA65}: NameServer =

208.67.220.220,204.74.101.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{6226212F-

48F3-4B73-9650-619F82CEBC23}: NameServer =

208.67.220.220,204.74.101.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{82210903-

74DC-4E13-80DE-1CC6F843BF20}: NameServer =

196.27.0.53 196.27.0.230
O17 - HKLM\System\CCS\Services\Tcpip\..\{C1B1A6C8-

737B-4370-BA69-E740B8297E80}: NameServer =

208.67.220.220,204.74.101.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{0C6F4B4F-

2C83-49BE-84C2-18AFF6088D87}: NameServer =

208.67.220.220,204.74.101.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{0C6F4B4F-

2C83-49BE-84C2-18AFF6088D87}: NameServer =

208.67.220.220,204.74.101.1
O23 - Service: Eset Trial Reset (.EsetTrialReset) - Unknown

owner - C:\WINDOWS\reset.exe (file missing)
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET -

C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program

Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: HWDeviceService.exe - Unknown owner -

C:\Documents and Settings\All Users\Application

Data\DatacardService\HWDeviceService.exe
O23 - Service: MBAMService - Malwarebytes Corporation -

C:\Program Files\Malwarebytes' Anti-

Malware\mbamservice.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA

Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Zain Broadband. OUC (Zain Broadband.

RunOuc) - Unknown owner - C:\Program Files\Zain

Broadband\UpdateDog\ouc.exe

--
End of file - 5611 bytes

وتقرير رن سكنر

تحميل الملف run.rar من هنا

الموضوع الأساسي: تقريري هايجاك ورن سكنر
المصدر: زيزوووم للأمن والحماية

أكثر...