logfile of trend micro hijackthis v2.0.2
scan saved at 06:48:23 ص, on 02/03/2009
platform: Windows xp sp2 (winnt 5.01.2600)
msie: Internet explorer v7.00 (7.00.5730.0013)
boot mode: Normal
running processes:
C:\windows\system32\smss.exe
c:\windows\system32\winlogon.exe
c:\windows\system32\services.exe
c:\windows\system32\lsass.exe
c:\windows\system32\svchost.exe
c:\windows\system32\svchost.exe
c:\program files\intel\wireless\bin\evteng.exe
c:\program files\intel\wireless\bin\s24evmon.exe
c:\windows\system32\wltrysvc.exe
c:\windows\system32\bcmwltry.exe
c:\program files\alwil software\avast4\aswupdsv.exe
c:\program files\alwil software\avast4\ashserv.exe
c:\windows\system32\spoolsv.exe
c:\program files\widcomm\bluetooth software\bin\btwdins.exe
c:\program files\common files\microsoft shared\vs7debug\mdm.exe
c:\program files\intel\wireless\bin\regsrvc.exe
c:\windows\system32\svchost.exe
c:\windows\system32\userinit.exe
c:\program files\google\update\googleupdate.exe
c:\program files\alwil software\avast4\ashmaisv.exe
c:\program files\alwil software\avast4\ashwebsv.exe
c:\windows\explorer.exe
c:\windows\system32\igfxtray.exe
c:\windows\system32\hkcmd.exe
c:\windows\system32\igfxpers.exe
c:\windows\rthdcpl.exe
c:\program files\synaptics\syntp\syntpenh.exe
c:\program files\intel\wireless\bin\zcfgsvc.exe
c:\program files\intel\wireless\bin\ifrmewrk.exe
c:\program files\intel\wireless\bin\eouwiz.exe
c:\windows\system32\wltray.exe
c:\progra~1\launch~1\lmanager.exe
c:\program files\common files\acd systems\en\devdetect.exe
c:\docume~1\windows\locals~1\temp\rtkbtmnt.exe
c:\progra~1\alwils~1\avast4\ashdisp.exe
c:\program files\microsoft office\office12\groovemonitor.exe
c:\windows\system32\ctfmon.exe
c:\progra~1\intel\wireless\bin\dot1xcfg.exe
c:\program files\internet explorer\iexplore.exe
c:\program files\internet download manager\idman.exe
c:\program files\google\googletoolbarnotifier\googletoolbarnotifier.exe
c:\program files\internet explorer\iexplore.exe
c:\program files\software informer\softinfo.exe
c:\windows\system32\igfxext.exe
c:\program files\widcomm\bluetooth software\bttray.exe
c:\program files\microsoft office\office12\onenotem.exe
c:\windows\system32\igfxsrvc.exe
c:\program files\internet download manager\iemonitor.exe
c:\program files\yahoo!\messenger\ymsgr_tray.exe
c:\program files\windows live\messenger\msnmsgr.exe
c:\program files\windows live\messenger\usnsvc.exe
c:\windows\system32\tsgxrayj.exe
c:\docume~1\windows\locals~1\temp\15509.exe
c:\program files\internet explorer\iexplore.exe
c:\documents and settings\windows\my documents\downloads\programs\zyzoom_hijackthis.exe
r1 - hklm\software\microsoft\internet explorer\main,default_page_url =
r1 - hklm\software\microsoft\internet explorer\main,default_search_url =
r1 - hklm\software\microsoft\internet explorer\main,search bar =
r1 - hklm\software\microsoft\internet explorer\main,search page =
r0 - hklm\software\microsoft\internet explorer\main,start page =
r1 - hkcu\software\microsoft\internet explorer\searchurl,(default) =
r1 - hkcu\software\microsoft\internet connection wizard,shellnext =
r1 - hkcu\software\microsoft\windows\currentversion\internet settings,proxyoverride = local
r3 - urlsearchhook: Yahoo! Toolbar - {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\progra~1\yahoo!\companion\installs\cpn\yt.dll
r3 - urlsearchhook: Power karaoke toolbar - {3303e956-2a3a-48e0-be39-2e0ef11a2f44} - c:\program files\power_karaoke\tbpowe.dll
o2 - bho: Idm helper - {0055c089-8582-441b-a0bf-17b458c2a3a8} - c:\program files\internet download manager\idmiecc.dll
o2 - bho: &yahoo! Toolbar helper - {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\progra~1\yahoo!\companion\installs\cpn\yt.dll
o2 - bho: Power karaoke toolbar - {3303e956-2a3a-48e0-be39-2e0ef11a2f44} - c:\program files\power_karaoke\tbpowe.dll
o2 - bho: Xml module - {500bca15-57a7-4eaf-8143-8c619470b13d} - c:\windows\system32\msxml71.dll
o2 - bho: Groove gfs browser helper - {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~2\office12\gra8e1~1.dll
o2 - bho: (no name) - {7e853d72-626a-48ec-a868-ba8d5e23e045} - (no file)
o2 - bho: Google toolbar helper - {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\googletoolbar1.dll
o2 - bho: Google toolbar notifier bho - {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\3.1.807.1746\swg.dll
o2 - bho: (no name) - {c95a4e8e-816d-4655-8c79-d736da1adb6d} - (no file)
o2 - bho: Singleinstance class - {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\progra~1\yahoo!\companion\installs\cpn\ytsingleinstance.dll
o3 - toolbar: &google - {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar1.dll
o3 - toolbar: Yahoo! Toolbar - {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\progra~1\yahoo!\companion\installs\cpn\yt.dll
o3 - toolbar: Power karaoke toolbar - {3303e956-2a3a-48e0-be39-2e0ef11a2f44} - c:\program files\power_karaoke\tbpowe.dll
o4 - hklm\..\run: [igfxtray] c:\windows\system32\igfxtray.exe
o4 - hklm\..\run: [igfxhkcmd] c:\windows\system32\hkcmd.exe
o4 - hklm\..\run: [igfxpers] c:\windows\system32\igfxpers.exe
o4 - hklm\..\run: [rthdcpl] rthdcpl.exe
o4 - hklm\..\run: [skytel] skytel.exe
o4 - hklm\..\run: [alcmtr] alcmtr.exe
o4 - hklm\..\run: [azmixersel] c:\program files\realtek\installshield\azmixersel.exe
o4 - hklm\..\run: [syntpenh] c:\program files\synaptics\syntp\syntpenh.exe
o4 - hklm\..\run: [intelzeroconfig] "c:\program files\intel\wireless\bin\zcfgsvc.exe"
o4 - hklm\..\run: [intelwireless] "c:\program files\intel\wireless\bin\ifrmewrk.exe" /tf intel proset/wireless
o4 - hklm\..\run: [eouapp] "c:\program files\intel\wireless\bin\eouwiz.exe"
o4 - hklm\..\run: [inprocommwireless] c:\program files\atheros\wireless\utility\wlanutil.exe
o4 - hklm\..\run: [broadcom wireless manager ui] c:\windows\system32\wltray.exe
o4 - hklm\..\run: [lmanager] c:\progra~1\launch~1\lmanager.exe
o4 - hklm\..\run: [device detector] devdetect.exe -autorun
o4 - hklm\..\run: [avast!] c:\progra~1\alwils~1\avast4\ashdisp.exe
o4 - hklm\..\run: [comp about extra bin] c:\documents and settings\all users\application data\roam program comp about\tons download.exe
o4 - hklm\..\run: [groovemonitor] "c:\program files\microsoft office\office12\groovemonitor.exe"
o4 - hkcu\..\run: [ctfmon.exe] c:\windows\system32\ctfmon.exe
o4 - hkcu\..\run: [bgmonitor_{79662e04-7c6c-4d9f-84c7-88d8a56b10aa}] "c:\program files\common files\ahead\lib\nmbgmonitor.exe"
o4 - hkcu\..\run: [the safe] c:\docume~1\windows\applic~1\greyam~1\softwaredatefind.exe
o4 - hkcu\..\run: [idman] c:\program files\internet download manager\idman.exe /onboot
o4 - hkcu\..\run: [swg] c:\program files\google\googletoolbarnotifier\googletoolbarnotifier.exe
o4 - hkcu\..\run: [messenger (yahoo!)] "c:\program files\yahoo!\messenger\yahoomessenger.exe" -quiet
o4 - hkcu\..\run: [software informer] "c:\program files\software informer\softinfo.exe" -autorun
o4 - hkcu\..\run: [cognac] c:\docume~1\windows\locals~1\temp\15509.exe
o4 - hkus\s-1-5-19\..\run: [ctfmon.exe] c:\windows\system32\ctfmon.exe (user 'local service')
o4 - hkus\s-1-5-20\..\run: [ctfmon.exe] c:\windows\system32\ctfmon.exe (user 'network service')
o4 - hkus\s-1-5-18\..\run: [ctfmon.exe] c:\windows\system32\ctfmon.exe (user 'system')
o4 - hkus\.default\..\run: [ctfmon.exe] c:\windows\system32\ctfmon.exe (user 'default user')
o4 - startup: Onenote 2007 screen clipper and launcher.lnk = c:\program files\microsoft office\office12\onenotem.exe
o4 - global startup: Bluetooth.lnk = ?
O8 - extra context menu item: &تصدير إلى microsoft excel - res://c:\progra~1\micros~2\office11\excel.exe/3000
o8 - extra context menu item: Send to &bluetooth device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm
o8 - extra context menu item: ت&صدير إلى microsoft excel - res://c:\progra~1\micros~2\office12\excel.exe/3000
o8 - extra context menu item: تحميل الكل بواسطة internet download manager - c:\program files\internet download manager\iegetall.htm
o8 - extra context menu item: تحميل بواسطة internet download manager - c:\program files\internet download manager\ieext.htm
o8 - extra context menu item: تحميل محتوى flv بواسطة internet download manager - c:\program files\internet download manager\iegetvl.htm
o9 - extra button: إرسال إلى onenote - {2670000a-7350-4f3c-8081-5663ee0c6c49} - c:\progra~1\micros~2\office12\onbttnie.dll
o9 - extra 'tools' menuitem: إر&سال إلى onenote - {2670000a-7350-4f3c-8081-5663ee0c6c49} - c:\progra~1\micros~2\office12\onbttnie.dll
o9 - extra button: Research - {92780b25-18cc-41c8-b9be-3c9c571a8263} - c:\progra~1\micros~2\office12\refiebar.dll
o9 - extra button: @btrez.dll,-4015 - {cca281ca-c863-46ef-9331-5c8d4460577f} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
o9 - extra 'tools' menuitem: @btrez.dll,-12650 - {cca281ca-c863-46ef-9331-5c8d4460577f} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
o9 - extra button: Messenger - {fb5f1910-f110-11d2-bb9e-00c04f795683} - c:\program files\messenger\msmsgs.exe
o9 - extra 'tools' menuitem: Windows messenger - {fb5f1910-f110-11d2-bb9e-00c04f795683} - c:\program files\messenger\msmsgs.exe
o16 - dpf: {4f1e5b1a-2a80-42ca-8532-2d05cb959537} (msn photo upload tool) -
o18 - protocol: Groovelocalgws - {88fed34c-f0ca-4636-a375-3cb6248b04cd} - c:\progra~1\micros~2\office12\gr99d3~1.dll
o23 - service: Avast! Iavs4 control service (aswupdsv) - alwil software - c:\program files\alwil software\avast4\aswupdsv.exe
o23 - service: Avast! Antivirus - alwil software - c:\program files\alwil software\avast4\ashserv.exe
o23 - service: Avast! Mail scanner - alwil software - c:\program files\alwil software\avast4\ashmaisv.exe
o23 - service: Avast! Web scanner - alwil software - c:\program files\alwil software\avast4\ashwebsv.exe
o23 - service: Bluetooth service (btwdins) - broadcom corporation. - c:\program files\widcomm\bluetooth software\bin\btwdins.exe
o23 - service: Intel(r) proset/wireless event log (evteng) - intel corporation - c:\program files\intel\wireless\bin\evteng.exe
o23 - service: Google update service (gupdate1c98d187384b6fe) (gupdate1c98d187384b6fe) - google inc. - c:\program files\google\update\googleupdate.exe
o23 - service: Intel(r) proset/wireless registry service (regsrvc) - intel corporation - c:\program files\intel\wireless\bin\regsrvc.exe
o23 - service: Intel(r) proset/wireless service (s24eventmonitor) - intel corporation - c:\program files\intel\wireless\bin\s24evmon.exe
o23 - service: Broadcom wireless lan tray service (wltrysvc) - unknown owner - c:\windows\system32\wltrysvc.exe
--
end of file - 11230 bytes
