logfile of trend micro hijackthis v2.0.2
scan saved at 06:23:54 ص, on 26/10/2008
platform: Windows xp sp3, v.3300 (winnt 5.01.2600)
msie: Internet explorer v6.00 sp3 (6.00.2900.3300)
boot mode: Normal
running processes:
C:\windows\system32\smss.exe
c:\windows\system32\winlogon.exe
c:\windows\system32\services.exe
c:\windows\system32\lsass.exe
c:\windows\system32\winsersec.exe
c:\windows\system32\svchost.exe
c:\windows\system32\svchost.exe
c:\windows\system32\spoolsv.exe
c:\program files\kaspersky lab\kaspersky internet security 7.0\avp.exe
c:\program files\common files\intervideo\deviceservice\devsvc.exe
c:\windows\system32\crypserv.exe
c:\program files\hotspot shield\bin\openvpnas.exe
c:\windows\system32\svchost.exe
c:\program files\common files\ulead systems\dvd\ulcdrsvr.exe
c:\windows\system32\svchost.exe
c:\program files\msn messenger\usnsvc.exe
c:\windows\explorer.exe
c:\windows\fixcamera.exe
c:\windows\vsnpstd3.exe
c:\windows\rthdcpl.exe
c:\program files\clocx\clocx.exe
c:\program files\unlocker\unlockerassistant.exe
c:\vistadriveicon\drvicon.exe
c:\windows\sdaemon.exe
c:\windows\winwd.exe
c:\windows\tsnpstd3.exe
c:\program files\kaspersky lab\kaspersky internet security 7.0\avp.exe
c:\program files\common files\real\update_ob\realsched.exe
c:\program files\rocketdock\rocketdock.exe
c:\windows\system32\ctfmon.exe
c:\program files\avafind\avafind.exe
c:\program files\internet download manager\idman.exe
c:\program files\internet download manager\iemonitor.exe
c:\program files\mozilla firefox\firefox.exe
c:\program files\windows media player\wmplayer.exe
c:\program files\winamp\winamp.exe
c:\documents and settings\administrator\desktop\hijackthis.exe
r0 - hkcu\software\microsoft\internet explorer\main,start page =
r1 - hkcu\software\microsoft\internet connection wizard,shellnext =
r1 - hkcu\software\microsoft\windows\currentversion\internet settings,proxyoverride = local
r3 - urlsearchhook: Yahoo! Toolbar - {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
r3 - urlsearchhook: (no name) - {9cb65206-89c4-402c-ba80-02d8c59f9b1d} - c:\program files\asktbar\srchastt\1.bin\a5srchas.dll
o2 - bho: Idm helper - {0055c089-8582-441b-a0bf-17b458c2a3a8} - c:\program files\internet download manager\idmiecc.dll
o2 - bho: Snagit toolbar loader - {00c6482d-c502-44c8-8409-fce54ad9c208} - c:\program files\techsmith\snagit 9\snagitbho.dll
o2 - bho: Yahoo! Toolbar helper - {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
o2 - bho: Flashget2 urlcatch - {1f364306-aa45-47b5-9f9d-39a8b94e7ef1} - c:\program files\flashget network\flashget universal\comdlls\bhocatch.dll
o2 - bho: Bitcomet clickcapture - {39f7e362-828a-4b5a-bcaf-5b79bfdfea60} - c:\program files\bitcomet\tools\bitcometbho_1.1.9.24.dll
o2 - bho: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\roboform.dll
o2 - bho: Groove gfs browser helper - {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~2\office12\gra8e1~1.dll
o2 - bho: (no name) - {7e853d72-626a-48ec-a868-ba8d5e23e045} - (no file)
o2 - bho: مساعد تسجيل الدخول إلى windows live - {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\windowslivelogin.dll
o2 - bho: Ask search assistant bho - {9cb65201-89c4-402c-ba80-02d8c59f9b1d} - c:\program files\asktbar\srchastt\1.bin\a5srchas.dll
o2 - bho: Ceventsink class - {b7154c4d-87c0-4a2c-ab64-da132bac2ee6} - c:\program files\hotspot shield\anchorfree\ie\afbho.dll
o2 - bho: Ask toolbar bho - {fe063db1-4ec0-403e-8dd8-394c54984b2c} - c:\program files\asktbar\bar\1.bin\asktbar.dll
o3 - toolbar: Yahoo! Toolbar - {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
o3 - toolbar: Snagit - {8ff5e183-abde-46eb-b09e-d2aab95cabe3} - c:\program files\techsmith\snagit 9\snagitieaddin.dll
o3 - toolbar: &roboform - {724d43a0-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\roboform.dll
o3 - toolbar: Stylertoolbar - {d2f8f919-690b-4ea2-9fa7-a203d1e04f75} - c:\program files\styler\tb\stylertb.dll
o3 - toolbar: Ask toolbar - {fe063db9-4ec0-403e-8dd8-394c54984b2c} - c:\program files\asktbar\bar\1.bin\asktbar.dll
o4 - hklm\..\run: [fixcamera] c:\windows\fixcamera.exe
o4 - hklm\..\run: [snpstd3] c:\windows\vsnpstd3.exe
o4 - hklm\..\run: [rthdcpl] rthdcpl.exe
o4 - hklm\..\run: [skytel] skytel.exe
o4 - hklm\..\run: [alcmtr] alcmtr.exe
o4 - hklm\..\run: [clocx] c:\program files\clocx\clocx.exe
o4 - hklm\..\run: [unlockerassistant] "c:\program files\unlocker\unlockerassistant.exe"
o4 - hklm\..\run: [drvicon] c:\vistadriveicon\drvicon.exe
o4 - hklm\..\run: [sdaemon] c:\windows\sdaemon.exe
o4 - hklm\..\run: [swd] c:\windows\winwd.exe
o4 - hklm\..\run: [tsnpstd3] c:\windows\tsnpstd3.exe
o4 - hklm\..\run: [avp] "c:\program files\kaspersky lab\kaspersky internet security 7.0\avp.exe"
o4 - hklm\..\run: [tkbellexe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
o4 - hkcu\..\run: [rocketdock] "c:\program files\rocketdock\rocketdock.exe"
o4 - hkcu\..\run: [ctfmon.exe] c:\windows\system32\ctfmon.exe
o4 - hkcu\..\run: [avafind] "c:\program files\avafind\avafind.exe" /minimized
o4 - hkcu\..\run: [idman] c:\program files\internet download manager\idman.exe /onboot
o4 - hkus\s-1-5-19\..\run: [ctfmon.exe] c:\windows\system32\ctfmon.exe (user 'local service')
o4 - hkus\s-1-5-19\..\runonce: [itd7] "c:\program files\steganos internet trace destructor 7\itd7.exe" -firstboot (user 'local service')
o4 - hkus\s-1-5-20\..\run: [ctfmon.exe] c:\windows\system32\ctfmon.exe (user 'network service')
o4 - hkus\s-1-5-20\..\runonce: [itd7] "c:\program files\steganos internet trace destructor 7\itd7.exe" -firstboot (user 'network service')
o4 - hkus\s-1-5-18\..\run: [ctfmon.exe] c:\windows\system32\ctfmon.exe (user 'system')
o4 - hkus\s-1-5-18\..\runonce: [itd7] "c:\program files\steganos internet trace destructor 7\itd7.exe" -firstboot (user 'system')
o4 - hkus\.default\..\run: [ctfmon.exe] c:\windows\system32\ctfmon.exe (user 'default user')
o4 - hkus\.default\..\runonce: [itd7] "c:\program files\steganos internet trace destructor 7\itd7.exe" -firstboot (user 'default user')
o8 - extra context menu item: &bitspirit حمله باستخدام
- c:\program files\bitspirit\bsurl.htm
o8 - extra context menu item: &d&ownload &with bitcomet - res://c:\program files\bitcomet\bitcomet.exe/addlink.htm
o8 - extra context menu item: &d&ownload all video with bitcomet - res://c:\program files\bitcomet\bitcomet.exe/addvideo.htm
o8 - extra context menu item: &d&ownload all with bitcomet - res://c:\program files\bitcomet\bitcomet.exe/addalllink.htm
o8 - extra context menu item: &download all by flashget - c:\program files\flashget network\flashget universal\comdlls\bhoall.htm
o8 - extra context menu item: &download by flashget - c:\program files\flashget network\flashget universal\comdlls\bholink.htm
o8 - extra context menu item: إضافة إلى مضاد الشعارات - c:\program files\kaspersky lab\kaspersky internet security 7.0\ie_banner_deny.htm
o8 - extra context menu item: ت&حميل بواسطة فلاش جيت - c:\program files\flashget network\flashget universal\comdlls\bholink.htm
o8 - extra context menu item: ت&صدير إلى microsoft excel - res://c:\progra~1\micros~2\office12\excel.exe/3000
o8 - extra context menu item: تحميل ال&كل بواسطة فلاش جيت - c:\program files\flashget network\flashget universal\comdlls\bhoall.htm
o8 - extra context menu item: تحميل الكل بـ إنترنت داونلود مانيجر - c:\program files\internet download manager\iegetall.htm
o8 - extra context menu item: تحميل بـ إنترنت داونلود مانيجر - c:\program files\internet download manager\ieext.htm
o8 - extra context menu item: تحميل محتوى فيديو (إف.إل.في) بـ إنترنت داونلود مانيجر - c:\program files\internet download manager\iegetvl.htm
o8 - extra context menu item: تخصيص القائمه - file://c:\program files\siber systems\ai roboform\roboformcomcustomizeiemenu.html
o8 - extra context menu item: حفظ النماذج - file://c:\program files\siber systems\ai roboform\roboformcomsavepass.html
o8 - extra context menu item: شريط ادوات روبوفورم - file://c:\program files\siber systems\ai roboform\roboformcomshowtoolbar.html
o8 - extra context menu item: ملئ النماذج - file://c:\program files\siber systems\ai roboform\roboformcomfillforms.html
o9 - extra button: Web anti-virus statistics - {1f460357-8a94-4d71-9ca3-aa4acf32ed8e} - c:\program files\kaspersky lab\kaspersky internet security 7.0\scieplgn.dll
o9 - extra button: إرسال إلى onenote - {2670000a-7350-4f3c-8081-5663ee0c6c49} - c:\progra~1\micros~2\office12\onbttnie.dll
o9 - extra 'tools' menuitem: إر&سال إلى onenote - {2670000a-7350-4f3c-8081-5663ee0c6c49} - c:\progra~1\micros~2\office12\onbttnie.dll
o9 - extra button: املأ النماذج - {320af880-6646-11d3-abee-c5dbf3571f46} - file://c:\program files\siber systems\ai roboform\roboformcomfillforms.html
o9 - extra 'tools' menuitem: ملئ النماذج - {320af880-6646-11d3-abee-c5dbf3571f46} - file://c:\program files\siber systems\ai roboform\roboformcomfillforms.html
o9 - extra button: حفظ - {320af880-6646-11d3-abee-c5dbf3571f49} - file://c:\program files\siber systems\ai roboform\roboformcomsavepass.html
o9 - extra 'tools' menuitem: حفظ النماذج - {320af880-6646-11d3-abee-c5dbf3571f49} - file://c:\program files\siber systems\ai roboform\roboformcomsavepass.html
o9 - extra button: Bitcomet search - {461cc20b-fb6e-4f16-8fe8-c29359db100e} - c:\program files\bitcomet\tools\bitcometbho_1.1.9.24.dll
o9 - extra button: روبوفورم - {724d43aa-0d85-11d4-9908-00400523e39a} - file://c:\program files\siber systems\ai roboform\roboformcomshowtoolbar.html
o9 - extra 'tools' menuitem: شريط ادوات روبوفورم - {724d43aa-0d85-11d4-9908-00400523e39a} - file://c:\program files\siber systems\ai roboform\roboformcomshowtoolbar.html
o9 - extra button: Research - {92780b25-18cc-41c8-b9be-3c9c571a8263} - c:\progra~1\micros~2\office12\refiebar.dll
o9 - extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - c:\windows\network diagnostic\xpnetdiag.exe
o9 - extra 'tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - c:\windows\network diagnostic\xpnetdiag.exe
o16 - dpf: {17492023-c23a-453e-a040-c7c580bbf700} (windows genuine advantage validation tool) -
o16 - dpf: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (yinststarter class) - c:\program files\yahoo!\common\yinsthelper.dll
o16 - dpf: {c3f79a2b-b9b4-4a66-b012-3ee46475b072} (messengerstatsclient class) -
o18 - protocol: Groovelocalgws - {88fed34c-f0ca-4636-a375-3cb6248b04cd} - c:\progra~1\micros~2\office12\gr99d3~1.dll
o20 - appinit_dlls: C:\progra~1\kasper~1\kasper~1.0\adialhk.dll
o20 - winlogon notify: Antiwpa - c:\windows\system32\antiwpa.dll
o23 - service: Kaspersky internet security 7.0 (avp) - kaspersky lab - c:\program files\kaspersky lab\kaspersky internet security 7.0\avp.exe
o23 - service: Capture device service - intervideo inc. - c:\program files\common files\intervideo\deviceservice\devsvc.exe
o23 - service: Crypkey license - kenonic controls ltd. - c:\windows\system32\crypserv.exe
o23 - service: Hotspot shield service (hotspotshieldservice) - unknown owner - c:\program files\hotspot shield\bin\openvpnas.exe
o23 - service: Installdriver table manager (idrivert) - macrovision corporation - c:\program files\common files\installshield\driver\11\intel 32\idrivert.exe
o23 - service: Nbservice - nero ag - c:\program files\nero\nero 7\nero backitup\nbservice.exe
o23 - service: Nmindexingservice - nero ag - c:\program files\common files\ahead\lib\nmindexingservice.exe
o23 - service: Pml driver hpz12 - hp - c:\windows\system32\hpzipm12.exe
o23 - service: Servicelayer - nokia. - c:\program files\common files\pcsuite\services\servicelayer.exe
o23 - service: Ulead burning helper (uleadburninghelper) - ulead systems, inc. - c:\program files\common files\ulead systems\dvd\ulcdrsvr.exe
o23 - service: Winser - unknown owner - c:\windows\system32\winsersec.exe
--
end of file - 12368 bytes
