Thread: Infected
View Single Post
  #8 (permalink)  
Old 26-05-2005, 08:32 PM
Tib Tib is offline
Newbie
D-A-L Newbie
  
Join Date: Dec 2004
Posts: 14
Tib Is a beginner here at D-A-L
Re: Infected
Logfile of HijackThis v1.99.1
Scan saved at 21:29:54, on 2005-05-26
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\System32\Ati2evxx.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\Ati2evxx.exe
D:\WINDOWS\Explorer.EXE
D:\WINDOWS\system32\spoolsv.exe
D:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
D:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
D:\PROGRA~1\Grisoft\AVG7\avgcc.exe
D:\PROGRA~1\Grisoft\AVG7\avgemc.exe
D:\Program Files\Messenger\msmsgs.exe
D:\Program Files\Internet Explorer\iexplore.exe
D:\WINDOWS\System32\wuauclt.exe
D:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\2cf41f1db14bc8f414e16e1555b77108\update\update. exe
D:\WINDOWS\System32\wuauclt.exe
D:\Program Files\Internet Explorer\iexplore.exe
D:\HJT\hijackthis.exe

F2 - REG:system.ini: UserInit=userinit.exe,setup32.exe
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - D:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
O4 - HKLM\..\Run: [Media Access] D:\Program Files\Media Access\MediaAccK.exe
O4 - HKLM\..\Run: [AVG7_CC] D:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] D:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O4 - HKLM\..\Run: [Compaq Service Drivers] systeminfos.exe
O4 - HKLM\..\Run: [MSN MMISSENGER] mssmmspgr.exe
O4 - HKLM\..\RunServices: [Compaq Service Drivers] systeminfos.exe
O4 - HKLM\..\RunServices: [MSN MMISSENGER] mssmmspgr.exe
O4 - HKCU\..\Run: [MSMSGS] "D:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Compaq Service Drivers] systeminfos.exe
O4 - HKCU\..\RunServices: [Compaq Service Drivers] systeminfos.exe
O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windupdates.com/cab/Me...ridge-c139.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.co...?1117053644171
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2...ll/xscan53.cab
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = FOO
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: SearchList = FOO
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = FOO
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - D:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - D:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - D:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - D:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: Mouse Hardware Sync (mousehs) - Unknown owner - D:\WINDOWS\System32\mousehs.exe (file missing)
O23 - Service: RadClock - Unknown owner - D:\WINDOWS\system32\RadClock.exe

Now i can Alt+ctrl+del and get SP2 ^^
Reply With Quote