Jump to content


Photo

Can somene check my Hijackthis log please?


  • This topic is locked This topic is locked
1 reply to this topic

#1 dbat

dbat

    Member

  • New Member
  • Pip
  • 2 posts

Posted 13 July 2004 - 12:57 PM

Logfile of HijackThis v1.98.0
Scan saved at 10:58:08 AM, on 7/13/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
D:\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\spoolsv.exe
D:\CachemanXP\CachemanXP.exe
D:\Kerio\Personal Firewall 4\kpf4ss.exe
D:\Kerio\Personal Firewall 4\kpf4gui.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
D:\NetLimiter\NetLimiter.exe
D:\Ahead\InCD\InCD.exe
D:\Motherboard Monitor 5\MBM5.EXE
D:\SpywareGuard\sgbhp.exe
C:\WINDOWS\explorer.exe
D:\Kerio\Personal Firewall 4\kpf4gui.exe
D:\Azureus\Azureus.exe
C:\Program Files\Java\j2re1.4.2_04\bin\javaw.exe
D:\AVPersonal\AVWUPSRV.EXE
D:\AVPersonal\AVGUARD.EXE
D:\AVPersonal\AVGNT.EXE
D:\DC++\DCPlusPlus.exe
D:\MOZILLA.ORG\MOZILLA\MOZILLA.EXE
J:\ProgPatch etc\HijackThis.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
O4 - HKLM\..\Run: [NvMixerTray] C:\Program Files\NVIDIA Corporation\NvMixer\NvMixerTray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [NetLimiter] D:\NetLimiter\NetLimiter.exe /s
O4 - HKLM\..\Run: [InCD] D:\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [MBM 5] "D:\Motherboard Monitor 5\MBM5.EXE"
O4 - HKLM\..\Run: [AVGCtrl] "D:\AVPersonal\AVGNT.EXE" /min
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - D:\AIM\aim.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{2BD70681-5992-4DD1-A63C-EED6E1BEED55}: NameServer = 204.127.199.8,63.240.76.198
O17 - HKLM\System\CCS\Services\Tcpip\..\{96FC1721-C7A0-4380-B991-622E69AFFE71}: NameServer = 192.168.1.3
O17 - HKLM\System\CS1\Services\Tcpip\..\{2BD70681-5992-4DD1-A63C-EED6E1BEED55}: NameServer = 204.127.199.8,63.240.76.198
O17 - HKLM\System\CS2\Services\Tcpip\..\{2BD70681-5992-4DD1-A63C-EED6E1BEED55}: NameServer = 204.127.199.8,63.240.76.198
O18 - Protocol hijack: about - {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - %SYSTEMROOT%\SYSTEM32\MSHTML.DLL


I'm really suspicous about the 018 one. Thanks in advance.

Edited by dbat, 13 July 2004 - 01:09 PM.


#2 dbat

dbat

    Member

  • New Member
  • Pip
  • 2 posts

Posted 13 July 2004 - 11:21 PM

Could someone respond please? Thanks in advance.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

Member of ASAP and UNITE
Support SpywareInfo Forum - click the button