logfile of trend micro hijackthis v2.0.2
scan saved at 7:20:53 م, on 01/02/2011
platform: Windows xp sp3 (winnt 5.01.2600)
msie: Internet explorer v6.00 sp3 (6.00.2900.5512)
boot mode: Normal
running processes:
C:\windows\system32\smss.exe
c:\windows\system32\winlogon.exe
c:\windows\system32\services.exe
c:\windows\system32\lsass.exe
c:\windows\system32\svchost.exe
c:\windows\system32\svchost.exe
c:\windows\system32\spoolsv.exe
c:\program files\hotspot shield\bin\openvpnas.exe
c:\windows\explorer.exe
c:\windows\system32\svchost.exe
c:\program files\hotspot shield\hsswpr\hsssrv.exe
c:\program files\hotspot shield\bin\hsswd.exe
c:\program files\java\jre6\bin\jqs.exe
c:\program files\************' anti-malware\mbamservice.exe
c:\program files\common files\microsoft shared\vs7debug\mdm.exe
c:\windows\rthdcpl.exe
c:\windows\system32\rundll32.exe
c:\program files\adobe\reader 9.0\reader\reader_sl.exe
c:\program files\common files\java\java update\jusched.exe
c:\program files\microsoft office\office12\groovemonitor.exe
c:\program files\messenger\msmsgs.exe
c:\windows\system32\ctfmon.exe
c:\program files\internet download manager\idman.exe
c:\program files\windows live\messenger\msnmsgr.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\ioctlsvc.exe
c:\windows\system32\hpzipm12.exe
c:\windows\system32\pnkbstra.exe
c:\windows\system32\svchost.exe
c:\windows\system32\wuauclt.exe
c:\program files\internet download manager\iemonitor.exe
c:\program files\mozilla firefox\firefox.exe
c:\program files\mozilla firefox\plugin-container.exe
c:\documents and settings\administrator\سطح المكتب\سطح المكتب 2\hijackthis.exe
r1 - hkcu\software\microsoft\windows\currentversion\internet settings,proxyserver = 202.159.223.52:3128
o2 - bho: Idm helper - {0055c089-8582-441b-a0bf-17b458c2a3a8} - c:\program files\internet download manager\idmiecc.dll
o2 - bho: Adobe pdf reader link helper - {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\acroiehelper.dll
o2 - bho: Acroiehelperstub - {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\acroiehelpershim.dll
o2 - bho: Bitcomet clickcapture - {39f7e362-828a-4b5a-bcaf-5b79bfdfea60} - c:\program files\bitcomet\tools\bitcometbho_1.4.8.11.dll
o2 - bho: Ievkbdbho - {59273ab4-e7d3-40f9-a1a8-6fa9cca1862c} - c:\program files\kaspersky lab\kaspersky anti-virus 2010\ievkbd.dll
o2 - bho: Groove gfs browser helper - {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\grooveshellextensions.dll
o2 - bho: مساعد تسجيل الدخول إلى windows live - {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\windowslivelogin.dll
o2 - bho: Java(tm) plug-in 2 ssv helper - {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
o2 - bho: Link filter bho - {e33cf602-d945-461a-83f0-819f76a199f8} - c:\program files\kaspersky lab\kaspersky anti-virus 2010\klwtbbho.dll
o2 - bho: Jqsiestartdetectorimpl - {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
o2 - bho: Hotspot shield class - {f9e4a054-e9b1-4bc3-83a3-76a1ae736170} - c:\program files\hotspot shield\hssie\hssie.dll
o4 - hklm\..\run: [nvcpldaemon] rundll32.exe c:\windows\system32\nvcpl.dll,nvstartup
o4 - hklm\..\run: [skytel] skytel.exe
o4 - hklm\..\run: [rthdcpl] rthdcpl.exe
o4 - hklm\..\run: [nvmediacenter] rundll32.exe c:\windows\system32\nvmctray.dll,nvtaskbarinit
o4 - hklm\..\run: [adobe arm] "c:\program files\common files\adobe\arm\1.0\adobearm.exe"
o4 - hklm\..\run: [adobe reader speed launcher] "c:\program files\adobe\reader 9.0\reader\reader_sl.exe"
o4 - hklm\..\run: [avp] "c:\program files\kaspersky lab\kaspersky anti-virus 2010\avp.exe"
o4 - hklm\..\run: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
o4 - hklm\..\run: [sunjavaupdatesched] "c:\program files\common files\java\java update\jusched.exe"
o4 - hklm\..\run: [groovemonitor] "c:\program files\microsoft office\office12\groovemonitor.exe"
o4 - hklm\..\run: [************' anti-malware] "c:\program files\************' anti-malware\mbamgui.exe" /starttray
o4 - hkcu\..\run: [msmsgs] "c:\program files\messenger\msmsgs.exe" /background
o4 - hkcu\..\run: [ctfmon.exe] c:\windows\system32\ctfmon.exe
o4 - hkcu\..\run: [indxstoresvr_{79662e04-7c6c-4d9f-84c7-88d8a56b10aa}] "c:\program files\common files\nero\lib\nmindexstoresvr.exe" aso-616b5711-6dae-4795-a05f-39a1e5104020
o4 - hkcu\..\run: [idman] c:\program files\internet download manager\idman.exe /onboot
o4 - hkcu\..\run: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
o4 - hkus\s-1-5-18\..\run: [ctfmon.exe] c:\windows\system32\ctfmon.exe (user 'system')
o4 - hkus\.default\..\run: [ctfmon.exe] c:\windows\system32\ctfmon.exe (user 'default user')
o4 - global startup: Adobe reader speed launch.lnk = c:\program files\adobe\reader 8.0\reader\reader_sl.exe
o4 - global startup: Adobe reader synchronizer.lnk = c:\program files\adobe\reader 8.0\reader\adobecollabsync.exe
o6 - hkcu\software\policies\microsoft\internet explorer\control panel present
o6 - hklm\software\policies\microsoft\internet explorer\control panel present
o8 - extra context menu item: &تصدير إلى microsoft excel - res://c:\progra~1\micros~2\office11\excel.exe/3000
o8 - extra context menu item: Internet download manager تحميل بواسطة - c:\program files\internet download manager\ieext.htm
o8 - extra context menu item: ت&صدير إلى microsoft excel - res://c:\progra~1\micros~2\office12\excel.exe/3000
o8 - extra context menu item: تحميل الكل بواسطة internet download manager - c:\program files\internet download manager\iegetall.htm
o8 - extra context menu item: تحميل الكل بواسطة بيتكومنت - res://c:\program files\bitcomet\bitcomet.exe/addalllink.htm
o8 - extra context menu item: تحميل بواسطة بيتكومنت - res://c:\program files\bitcomet\bitcomet.exe/addlink.htm
o8 - extra context menu item: تحميل محتوى flv بواسطة internet download manager - c:\program files\internet download manager\iegetvl.htm
o9 - extra button: إرسال إلى onenote - {2670000a-7350-4f3c-8081-5663ee0c6c49} - c:\progra~1\micros~2\office12\onbttnie.dll
o9 - extra 'tools' menuitem: إر&سال إلى onenote - {2670000a-7350-4f3c-8081-5663ee0c6c49} - c:\progra~1\micros~2\office12\onbttnie.dll
o9 - extra button: &virtual keyboard - {4248fe82-7fcb-46ac-b270-339f08212110} - c:\program files\kaspersky lab\kaspersky anti-virus 2010\klwtbbho.dll
o9 - extra button: بحث - {92780b25-18cc-41c8-b9be-3c9c571a8263} - c:\progra~1\micros~2\office11\refiebar.dll
o9 - extra button: Urls c&heck - {ccf151d8-d089-449f-a5a4-d9909053f20f} - c:\program files\kaspersky lab\kaspersky anti-virus 2010\klwtbbho.dll
o9 - extra button: Messenger - {fb5f1910-f110-11d2-bb9e-00c04f795683} - c:\program files\messenger\msmsgs.exe
o9 - extra 'tools' menuitem: Windows messenger - {fb5f1910-f110-11d2-bb9e-00c04f795683} - c:\program files\messenger\msmsgs.exe
o16 - dpf: {17492023-c23a-453e-a040-c7c580bbf700} (windows genuine advantage validation tool) -
http://go.microsoft.com/fwlink/?linkid=39204
o16 - dpf: {4f1e5b1a-2a80-42ca-8532-2d05cb959537} (msn photo upload tool) -
http://gfx2.hotmail.com/mail/w3/resources/msnpupld.cab
o16 - dpf: {6414512b-b978-451d-a0d8-fcfdf33e833c} (wuwebcontrol class) -
http://www.update.microsoft.com/win...ls/en/x86/client/wuweb_site.cab?1255776175250
o16 - dpf: {e2883e8f-472f-4fb0-9522-ac9bf37916a7} -
http://platformdl.adobe.com/nos/getplusplus/1.6/gp.cab
o18 - protocol: Groovelocalgws - {88fed34c-f0ca-4636-a375-3cb6248b04cd} - c:\program files\microsoft office\office12\groovesystemservices.dll
o20 - appinit_dlls: C:\progra~1\kasper~1\kasper~2\mzvkbd3.dll
o23 - service: Avira antivir mailguard (antivirmailservice) - avira gmbh - c:\program files\avira\antivir desktop\avmailc.exe
o23 - service: Avira antivir scheduler (antivirschedulerservice) - avira gmbh - c:\program files\avira\antivir desktop\sched.exe
o23 - service: Avira antivir guard (antivirservice) - avira gmbh - c:\program files\avira\antivir desktop\avguard.exe
o23 - service: Avira antivir webguard (antivirwebservice) - avira gmbh - c:\program files\avira\antivir desktop\avwebgrd.exe
o23 - service: Kaspersky anti-virus (avp) - kaspersky lab - c:\program files\kaspersky lab\kaspersky anti-virus 2010\avp.exe
o23 - service: Flexnet licensing service - acresso software inc. - c:\program files\common files\macrovision shared\flexnet publisher\fnplicensingservice.exe
o23 - service: Hotspot shield service (hotspotshieldservice) - unknown owner - c:\program files\hotspot shield\bin\openvpnas.exe
o23 - service: Hotspot shield routing service (hsssrv) - anchorfree inc. - c:\program files\hotspot shield\hsswpr\hsssrv.exe
o23 - service: Hotspot shield tray service (hsstrayservice) - unknown owner - c:\program files\hotspot shield\bin\hsstrayservice.exe
o23 - service: Hotspot shield monitoring service (hsswd) - unknown owner - c:\program files\hotspot shield\bin\hsswd.exe
o23 - service: Java quick starter (javaquickstarterservice) - sun microsystems, inc. - c:\program files\java\jre6\bin\jqs.exe
o23 - service: Mbamservice - ************ corporation - c:\program files\************' anti-malware\mbamservice.exe
o23 - service: Nmindexingservice - unknown owner - c:\program files\common files\nero\lib\nmindexingservice.exe (file missing)
o23 - service: Nvidia display driver service (nvsvc) - nvidia corporation - c:\windows\system32\nvsvc32.exe
o23 - service: Plflash deviceiocontrol service - prolific technology inc. - c:\windows\system32\ioctlsvc.exe
o23 - service: Pml driver hpz12 - hp - c:\windows\system32\hpzipm12.exe
o23 - service: Pnkbstra - unknown owner - c:\windows\system32\pnkbstra.exe
--
end of file - 9910 bytes
