logfile of trend micro hijackthis v2.0.2
scan saved at 8:35:06 am, on 1/6/2002
platform: Windows xp sp2 (winnt 5.01.2600)
msie: Internet explorer v6.00 sp2 (6.00.2900.2180)
boot mode: Normal
running processes:
D:\windows\system32\smss.exe
d:\windows\system32\winlogon.exe
d:\windows\system32\services.exe
d:\windows\system32\lsass.exe
d:\windows\system32\svchost.exe
d:\windows\system32\svchost.exe
d:\windows\explorer.exe
d:\windows\system32\spoolsv.exe
d:\windows\system32\ssvichosst.exe
d:\program files\analog devices\soundmax\smagent.exe
d:\program files\internet explorer\iexplore.exe
d:\windows\system32\wscntfy.exe
d:\windows\system32\wgatray.exe
h:\org\zyzoom_hijackthis.exe
r0 - hkcu\software\microsoft\internet explorer\main,start page = about:blank
f2 - reg:system.ini: Shell=explorer.exe ssvichosst.exe
o2 - bho: Ievkbdbho - {59273ab4-e7d3-40f9-a1a8-6fa9cca1862c} - d:\program files\kaspersky lab\kaspersky internet security 2009\ievkbd.dll
o4 - hklm\..\run: [avp] "d:\program files\kaspersky lab\kaspersky internet security 2009\avp.exe"
o4 - hklm\..\run: [msconfig] d:\windows\pchealth\helpctr\binaries\msconfig.exe /auto
o4 - hkcu\..\run: [yahoo messengger] d:\windows\system32\ssvichosst.exe
o4 - hkus\s-1-5-19\..\run: [ctfmon.exe] d:\windows\system32\ctfmon.exe (user 'local service')
o4 - hkus\s-1-5-19\..\runonce: [nlsf] cmd.exe /c move /y "%systemroot%\system32\syssetub.dll" "%systemroot%\system32\syssetup.dll" (user 'local service')
o4 - hkus\s-1-5-20\..\run: [ctfmon.exe] d:\windows\system32\ctfmon.exe (user 'network service')
o4 - hkus\s-1-5-20\..\runonce: [nlsf] cmd.exe /c move /y "%systemroot%\system32\syssetub.dll" "%systemroot%\system32\syssetup.dll" (user 'network service')
o4 - hkus\s-1-5-18\..\run: [ctfmon.exe] d:\windows\system32\ctfmon.exe (user 'system')
o4 - hkus\s-1-5-18\..\runonce: [nlsf] cmd.exe /c move /y "%systemroot%\system32\syssetub.dll" "%systemroot%\system32\syssetup.dll" (user 'system')
o4 - hkus\.default\..\run: [ctfmon.exe] d:\windows\system32\ctfmon.exe (user 'default user')
o4 - hkus\.default\..\runonce: [nlsf] cmd.exe /c move /y "%systemroot%\system32\syssetub.dll" "%systemroot%\system32\syssetup.dll" (user 'default user')
o7 - hkcu\software\microsoft\windows\currentversion\policies\system, disableregedit=1
o8 - extra context menu item: E&xport to microsoft excel - res://d:\progra~1\micros~1\office11\excel.exe/3000
o9 - extra button: Web traffic protection statistics - {1f460357-8a94-4d71-9ca3-aa4acf32ed8e} - d:\program files\kaspersky lab\kaspersky internet security 2009\scieplgn.dll
o9 - extra button: Research - {92780b25-18cc-41c8-b9be-3c9c571a8263} - d:\progra~1\micros~1\office11\refiebar.dll
o9 - extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - d:\windows\network diagnostic\xpnetdiag.exe
o9 - extra 'tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - d:\windows\network diagnostic\xpnetdiag.exe
o10 - unknown file in winsock lsp: D:\windows\system32\nwprovau.dll
o20 - appinit_dlls: D:\progra~1\kasper~1\kasper~1\mzvkbd.dll,d:\progra~1\kasper~1\kasper~1\mzvkbd3.dll,d:\progra~1\kasper~1\kasper~1\adialhk.dll,d:\progra~1\kasper~1\kasper~1\kloehk.dll
o23 - service: Soundmax agent service (soundmax agent service (default)) - analog devices, inc. - d:\program files\analog devices\soundmax\smagent.exe
--
end of file - 3408 bytes
