logfile of trend micro hijackthis v2.0.2
scan saved at 01:19:41 م, on 24/05/09
platform: Windows vista (winnt 6.00.1904)
msie: Internet explorer v7.00 (7.00.6000.16764)
boot mode: Normal
running processes:
C:\windows\system32\taskeng.exe
c:\windows\system32\dwm.exe
c:\windows\explorer.exe
c:\windows\system32\hkcmd.exe
c:\windows\system32\igfxpers.exe
c:\windows\system32\igfxsrvc.exe
c:\windows\system32\zcfgsvc.exe
c:\program files\common files\real\update_ob\realsched.exe
c:\windows\ehome\ehtray.exe
c:\program files\windows sidebar\sidebar.exe
c:\windows\ehome\ehmsas.exe
c:\program files\windows sidebar\sidebar.exe
c:\windows\system32\wbem\unsecapp.exe
c:\windows\system32\conime.exe
c:\program files\internet download manager\idman.exe
c:\program files\avant browser\avant.exe
c:\program files\avant browser\avant.exe
c:\users\mm\سطح المكتب\hijackthis.exe
r1 - hkcu\software\microsoft\internet explorer\main,search page =
r1 - hklm\software\microsoft\internet explorer\main,default_page_url =
r1 - hklm\software\microsoft\internet explorer\main,default_search_url =
r1 - hklm\software\microsoft\internet explorer\main,search page =
r0 - hklm\software\microsoft\internet explorer\main,start page =
r0 - hklm\software\microsoft\internet explorer\search,searchassistant =
r0 - hklm\software\microsoft\internet explorer\search,customizesearch =
r0 - hkcu\software\microsoft\internet explorer\toolbar,linksfoldername =
o1 - hosts: ::1 localhost
o2 - bho: Idm helper - {0055c089-8582-441b-a0bf-17b458c2a3a8} - c:\program files\internet download manager\idmiecc.dll
o2 - bho: Snagit toolbar loader - {00c6482d-c502-44c8-8409-fce54ad9c208} - c:\program files\techsmith\snagit 9\snagitbho.dll
o2 - bho: مساعد رابط adobe pdf reader - {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\acroiehelper.dll
o2 - bho: Realplayer download and record plugin for internet explorer - {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
o2 - bho: Groove gfs browser helper - {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\grooveshellextensions.dll
o2 - bho: Ssvhelper class - {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_07\bin\ssv.dll
o2 - bho: مساعد تسجيل الدخول إلى windows live - {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\windowslivelogin.dll
o4 - hklm\..\run: [msconfig] "c:\windows\system32\msconfig.exe" /auto
o4 - hklm\..\run: [hotkeyscmds] c:\windows\system32\hkcmd.exe
o4 - hklm\..\run: [persistence] c:\windows\system32\igfxpers.exe
o4 - hklm\..\run: [igfxtray] c:\windows\system32\igfxtray.exe
o4 - hklm\..\run: [nod32kui] "c:\program files\eset\nod32kui.exe" /waitservice
o4 - hklm\..\run: [zcfgsvc.exe] c:\windows\system32\zcfgsvc.exe
o4 - hklm\..\run: [tkbellexe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
o4 - hkcu\..\run: [ehtray.exe] c:\windows\ehome\ehtray.exe
o4 - hkcu\..\run: [sidebar] c:\program files\windows sidebar\sidebar.exe /autorun
o4 - hkus\s-1-5-18\..\run: [nokia.pcsync] c:\program files\nokia\nokia pc suite 6\pcsync2.exe /nodialog (user 'system')
o4 - hkus\.default\..\run: [nokia.pcsync] c:\program files\nokia\nokia pc suite 6\pcsync2.exe /nodialog (user 'default user')
o8 - extra context menu item: &neotrace it! - c:\progra~1\neotra~1\ntxcontext.htm
o8 - extra context menu item: ت&صدير إلى microsoft excel - res://c:\progra~1\micros~2\office12\excel.exe/3000
o8 - extra context menu item: تحميل الكل بواسطة internet download manager - c:\program files\internet download manager\iegetall.htm
o8 - extra context menu item: تحميل بواسطة internet download manager - c:\program files\internet download manager\ieext.htm
o8 - extra context menu item: تحميل محتوى flv بواسطة internet download manager - c:\program files\internet download manager\iegetvl.htm
o9 - extra button: (no name) - {08b0e5c0-4fcb-11cf-aaa5-00401c608501} - c:\progra~1\java\jre16~2.0_0\bin\ssv.dll
o9 - extra 'tools' menuitem: Sun java console - {08b0e5c0-4fcb-11cf-aaa5-00401c608501} - c:\progra~1\java\jre16~2.0_0\bin\ssv.dll
o9 - extra button: إرسال إلى onenote - {2670000a-7350-4f3c-8081-5663ee0c6c49} - c:\progra~1\micros~2\office12\onbttnie.dll
o9 - extra 'tools' menuitem: إر&سال إلى onenote - {2670000a-7350-4f3c-8081-5663ee0c6c49} - c:\progra~1\micros~2\office12\onbttnie.dll
o9 - extra button: Research - {92780b25-18cc-41c8-b9be-3c9c571a8263} - c:\progra~1\micros~2\office12\refiebar.dll
o18 - protocol: Groovelocalgws - {88fed34c-f0ca-4636-a375-3cb6248b04cd} - c:\program files\microsoft office\office12\groovesystemservices.dll
o20 - winlogon notify: !saswinlogon - c:\program files\superantispyware\saswinlo.dll
o22 - sharedtaskscheduler: Windows dreamscene - {e31004d1-a431-41b8-826f-e902f9d95c81} - c:\windows\system32\dreamscene.dll
o23 - service: Agere modem call progress audio (ageremodemaudio) - agere systems - c:\windows\system32\agrsmsvc.exe
o23 - service: Hotspot shield tray service (hsstrayservice) - unknown owner - c:\program files\hotspot shield\bin\hsstrayservice.exe (file missing)
o23 - service: Intel ncs netservice (netsvc) - intel(r) corporation - c:\program files\intel\ncs\sync\netsvc.exe
o23 - service: Nod32 kernel service (nod32krn) - eset - c:\program files\eset\nod32krn.exe
o23 - service: Cyberlink richvideo service(crvs) (richvideo) - unknown owner - c:\program files\cyberlink\shared files\richvideo.exe
o23 - service: Servicelayer - nokia. - c:\program files\pc connectivity solution\servicelayer.exe
--
end of file - 5920 bytes
