logfile of trend micro hijackthis v2.0.2
scan saved at 02:11:46 م, on 07/11/2008
platform: Windows xp sp3 (winnt 5.01.2600)
msie: Internet explorer v7.00 (7.00.6000.16674)
boot mode: Normal
running processes:
C:\windows\system32\smss.exe
c:\windows\system32\winlogon.exe
c:\windows\system32\services.exe
c:\windows\system32\lsass.exe
c:\windows\system32\ibmpmsvc.exe
c:\windows\system32\svchost.exe
c:\windows\system32\svchost.exe
c:\windows\system32\svchost.exe
c:\windows\system32\spoolsv.exe
c:\windows\explorer.exe
c:\windows\system32\igfxtray.exe
c:\windows\system32\hkcmd.exe
c:\windows\system32\igfxsrvc.exe
c:\windows\system32\igfxpers.exe
c:\windows\system32\rundll32.exe
c:\program files\common files\real\update_ob\realsched.exe
c:\program files\eset\eset nod32 antivirus\egui.exe
c:\windows\emmon.exe
c:\windows\system32\cap3rsk.exe
c:\windows\system32\ctfmon.exe
c:\program files\messenger\msmsgs.exe
c:\windows\system32\cnab4rpk.exe
c:\program files\msn messenger\msnmsgr.exe
c:\program files\nokia\nokia pc suite 7\pcsuite.exe
c:\program files\nokia\nokia pc suite 7\pcsync2.exe
c:\windows\system32\spool\drivers\w32x86\3\cap3lak.exe
c:\windows\system32\spool\drivers\w32x86\3\cap3swk.exe
c:\program files\digital line detect\dlg.exe
c:\program files\eset\eset nod32 antivirus\ekrn.exe
c:\program files\hotspot shield\bin\openvpnas.exe
c:\program files\common files\microsoft shared\vs7debug\mdm.exe
c:\windows\system32\svchost.exe
c:\program files\common files\ulead systems\dvd\ulcdrsvr.exe
c:\program files\internet explorer\iexplore.exe
c:\program files\pc connectivity solution\servicelayer.exe
c:\program files\common files\nokia\mpapi\mpapi3s.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\svchost.exe
c:\program files\msn messenger\msnmsgr.exe
c:\program files\msn messenger\usnsvc.exe
c:\program files\pc connectivity solution\transports\nclusbsrv.exe
c:\program files\pc connectivity solution\transports\nclrssrv.exe
c:\program files\pc connectivity solution\transports\nclmsbtsrv.exe
c:\documents and settings\خالد\local settings\temporary internet files\.ie5\yko5htfz\zyzoom_hijackthis[1].exe
r0 - hkcu\software\microsoft\internet explorer\main,start page =
r1 - hklm\software\microsoft\internet explorer\main,default_page_url =
r1 - hklm\software\microsoft\internet explorer\main,default_search_url =
r1 - hklm\software\microsoft\internet explorer\main,search page =
r0 - hklm\software\microsoft\internet explorer\main,start page =
r3 - urlsearchhook: Yahoo! Toolbar - {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
r3 - urlsearchhook: Netassistantbho class - {e38fa08e-f56a-4169-abf5-5c71e3c153a1} - c:\program files\my.freeze.com netassistant\netassistant.dll
o2 - bho: Yahoo! Toolbar helper - {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
o2 - bho: Adobe pdf reader link helper - {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\acroiehelper.dll
o2 - bho: Smartshopper - {2ba1c226-ec1b-4471-a65f-d0688ac6ee3a} - c:\program files\smartshopper\bin\2.5.0\smrtshpr.dll
o2 - bho: Realplayer download and record plugin for internet explorer - {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
o2 - bho: (no name) - {7e853d72-626a-48ec-a868-ba8d5e23e045} - (no file)
o2 - bho: Netassistantbho - {e38fa08e-f56a-4169-abf5-5c71e3c153a1} - c:\program files\my.freeze.com netassistant\netassistant.dll
o3 - toolbar: Freshdownload bar - {ed0e8ca5-42fb-4b18-997b-769e0408e79d} - c:\progra~1\freshd~1\freshd~1\fdiebar.dll (file missing)
o3 - toolbar: Yahoo! Toolbar - {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
o4 - hklm\..\run: [igfxtray] c:\windows\system32\igfxtray.exe
o4 - hklm\..\run: [hotkeyscmds] c:\windows\system32\hkcmd.exe
o4 - hklm\..\run: [persistence] c:\windows\system32\igfxpers.exe
o4 - hklm\..\run: [bluetoothauthenticationagent] rundll32.exe bthprops.cpl,,bluetoothauthenticationagent
o4 - hklm\..\run: [tkbellexe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
o4 - hklm\..\run: [cap3on] c:\windows\system32\spool\drivers\w32x86\3\cap3onn.exe
o4 - hklm\..\run: [egui] "c:\program files\eset\eset nod32 antivirus\egui.exe" /hide /waitservice
o4 - hklm\..\run: [emmon] emmon.exe
o4 - hklm\..\run: [uvs10 preload] c:\program files\ulead systems\ulead videostudio se dvd\uvpl.exe
o4 - hkcu\..\run: [ctfmon.exe] c:\windows\system32\ctfmon.exe
o4 - hkcu\..\run: [messengerplus3] "c:\program files\messengerplus! 3\msgplus.exe" /winstart
o4 - hkcu\..\run: [msmsgs] "c:\program files\messenger\msmsgs.exe" /background
o4 - hkcu\..\run: [bibcomp] c:\docume~1\244e~1\applic~1\antesa~1\audio balm help.exe
o4 - hkcu\..\run: [msnmsgr] "c:\program files\msn messenger\msnmsgr.exe" /background
o4 - hkcu\..\run: [pc suite tray] "c:\program files\nokia\nokia pc suite 7\pcsuite.exe" -onlytray
o4 - hkcu\..\run: [weather] c:\program files\aws\weatherbug\weather.exe 1
o4 - hkcu\..\run: [nokia.pcsync] "c:\program files\nokia\nokia pc suite 7\pcsync2.exe" /nodialog
o4 - hkus\s-1-5-19\..\run: [ctfmon.exe] c:\windows\system32\ctfmon.exe (user 'local service')
o4 - hkus\s-1-5-20\..\run: [ctfmon.exe] c:\windows\system32\ctfmon.exe (user 'network service')
o4 - hkus\s-1-5-18\..\run: [ctfmon.exe] c:\windows\system32\ctfmon.exe (user 'system')
o4 - hkus\.default\..\run: [ctfmon.exe] c:\windows\system32\ctfmon.exe (user 'default user')
o4 - global startup: Adobe reader speed launch.lnk = c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe
o4 - global startup: Canon laser shot lbp-1120 status lnk = c:\windows\system32\spool\drivers\w32x86\3\cap3lak.exe
o4 - global startup: Digital line detect.lnk = c:\program files\digital line detect\dlg.exe
o8 - extra context menu item: E&xport to microsoft excel - res://c:\progra~1\micros~2\office11\excel.exe/3000
o9 - extra button: Smartshopper - compare product prices - {3cc3d8fe-f0e0-4dd1-a69a-8c56bcc7bebf} - c:\program files\smartshopper\bin\2.5.0\smrtshpr.dll
o9 - extra button: Smartshopper - compare travel rates - {3cc3d8fe-f0e0-4dd1-a69a-8c56bcc7bec0} - c:\program files\smartshopper\bin\2.5.0\smrtshpr.dll
o9 - extra button: Freshdownload - {58df01a7-6a4d-4e0c-8558-2ce1f9ee46a8} - c:\program files\freshdevices\freshdownload\fd.exe (file missing)
o9 - extra button: Research - {92780b25-18cc-41c8-b9be-3c9c571a8263} - c:\progra~1\micros~2\office11\refiebar.dll
o9 - extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - c:\windows\network diagnostic\xpnetdiag.exe
o9 - extra 'tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - c:\windows\network diagnostic\xpnetdiag.exe
o9 - extra button: Messenger - {fb5f1910-f110-11d2-bb9e-00c04f795683} - c:\program files\messenger\msmsgs.exe
o9 - extra 'tools' menuitem: Windows messenger - {fb5f1910-f110-11d2-bb9e-00c04f795683} - c:\program files\messenger\msmsgs.exe
o16 - dpf: {6414512b-b978-451d-a0d8-fcfdf33e833c} (wuwebcontrol class) -
o23 - service: Eset http server (ehttpsrv) - eset - c:\program files\eset\eset nod32 antivirus\ehttpsrv.exe
o23 - service: Eset service (ekrn) - eset - c:\program files\eset\eset nod32 antivirus\ekrn.exe
o23 - service: Hotspot shield service (hotspotshieldservice) - unknown owner - c:\program files\hotspot shield\bin\openvpnas.exe
o23 - service: Thinkpad pm service (ibmpmsvc) - lenovo - c:\windows\system32\ibmpmsvc.exe
o23 - service: Servicelayer - nokia. - c:\program files\pc connectivity solution\servicelayer.exe
o23 - service: Ulead burning helper (uleadburninghelper) - ulead systems, inc. - c:\program files\common files\ulead systems\dvd\ulcdrsvr.exe
--
end of file - 8195 bytes
