Results 1 to 2 of 2

Thread: Hijack this log

  1. #1
    Member
    Join Date
    Jun 2012
    Posts
    3
    Points
    0

    Default Hijack this log

    Hello, i've another log to submit
    i wish to know if there are problems or it is all ok
    thanks in advance for your analisys


    ----------------------------------------------------------------------------------------------
    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 13.39.00, on 27/06/2012
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v8.00 (8.00.6001.18702)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Programmi\COMODO\COMODO Internet Security\cmdagent.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Programmi\Cobian Backup 10\cbVSCService.exe
    C:\Programmi\Panda Security\Panda Cloud Antivirus\PSANHost.exe
    C:\Documents and Settings\All Users\Dati applicazioni\Skype\Toolbars\Skype C2C Service\c2c_service.exe
    C:\Programmi\IObit\Smart Defrag 2\SmartDefrag.exe
    C:\WINDOWS\Explorer.EXE
    C:\Programmi\COMODO\COMODO Internet Security\cfp.exe
    C:\Programmi\Panda Security\Panda Cloud Antivirus\PSUNMain.exe
    C:\Documents and Settings\All Users\Dati applicazioni\Panda Security URL Filtering\Panda_URL_Filtering.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Programmi\EyeDefender\EyeDefender.exe
    C:\Programmi\Skype\Phone\Skype.exe
    C:\Programmi\BillP Studios\WinPatrol\WinPatrol.exe
    C:\Programmi\Trend Micro\HiJackThis\HiJackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Mystart
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = Google
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
    O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programmi\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    O2 - BHO: Panda Security Toolbar - {B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4} - C:\Programmi\Panda Security\Panda Security Toolbar\PandaSecurityDx.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programmi\Oracle\JavaFX 2.0 Runtime\bin\jp2ssv.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programmi\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O3 - Toolbar: Panda Security Toolbar - {B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4} - C:\Programmi\Panda Security\Panda Security Toolbar\PandaSecurityDx.dll
    O4 - HKLM\..\Run: [COMODO Internet Security] "C:\Programmi\COMODO\COMODO Internet Security\cfp.exe" -h
    O4 - HKLM\..\Run: [PSUNMain] "C:\Programmi\Panda Security\Panda Cloud Antivirus\PSUNMain.exe" /Traybar
    O4 - HKLM\..\Run: [Panda Security URL Filtering] "C:\Documents and Settings\All Users\Dati applicazioni\Panda Security URL Filtering\Panda_URL_Filtering.exe"
    O4 - HKLM\..\Run: [WinPatrol] C:\Programmi\BillP Studios\WinPatrol\winpatrol.exe -expressboot
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [EyeDefender] "C:\Programmi\EyeDefender\EyeDefender.exe" /silent
    O4 - HKCU\..\Run: [Skype] "C:\Programmi\Skype\Phone\Skype.exe" /minimized /regrun
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Startup: ERUNT AutoBackup.lnk = C:\Programmi\ERUNT\AUTOBACK.EXE
    O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
    O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programmi\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    O9 - Extra 'Tools' menuitem: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programmi\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/wind...?1214554173546
    O16 - DPF: {9b935470-ad4a-11d5-b63e-00c04faedb18} -
    O17 - HKLM\System\CCS\Services\Tcpip\..\{3247A3BD-E042-4F38-8C8F-88565DAD3EBF}: NameServer = 147.163.1.3,147.163.1.22
    O17 - HKLM\System\CCS\Services\Tcpip\..\{3F4A672A-30EC-4D06-B7D8-FD223FEFD3ED}: NameServer = 147.163.1.22,147.163.1.3
    O17 - HKLM\System\CCS\Services\Tcpip\..\{E36FEE9E-01F2-4793-9882-DD76BB58413B}: NameServer = 147.163.1.3,147.163.1.22
    O17 - HKLM\System\CS2\Services\Tcpip\..\{3247A3BD-E042-4F38-8C8F-88565DAD3EBF}: NameServer = 147.163.1.3,147.163.1.22
    O17 - HKLM\System\CS3\Services\Tcpip\..\{3247A3BD-E042-4F38-8C8F-88565DAD3EBF}: NameServer = 147.163.1.3,147.163.1.22
    O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - (no file)
    O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programmi\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FILECO~1\Skype\SKYPE4~1.DLL
    O20 - AppInit_DLLs: C:\WINDOWS\system32\guard32.dll
    O22 - SharedTaskScheduler: Precaricatore Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
    O22 - SharedTaskScheduler: Daemon di cache delle categorie di componenti - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
    O23 - Service: Apache2.2 - Apache Software Foundation - C:\Programmi\Apache Software Foundation\Apache2.2\bin\httpd.exe
    O23 - Service: AVG WatchDog (avgwd) - Unknown owner - (no file)
    O23 - Service: Cobian Backup 10 Volume Shadow Copy service (cbVSCService) - CobianSoft, Luis Cobian - C:\Programmi\Cobian Backup 10\cbVSCService.exe
    O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - COMODO - C:\Programmi\COMODO\COMODO Internet Security\cmdagent.exe
    O23 - Service: Servizio Google Update (gupdate) (gupdate) - Google Inc. - C:\Programmi\Google\Update\GoogleUpdate.exe
    O23 - Service: Servizio Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Programmi\Google\Update\GoogleUpdate.exe
    O23 - Service: MySQL - Unknown owner - C:\Programmi\MySQL\MySQL.exe (file missing)
    O23 - Service: Panda Cloud Antivirus Service (NanoServiceMain) - Panda Security, S.L. - C:\Programmi\Panda Security\Panda Cloud Antivirus\PSANHost.exe
    O23 - Service: Skype C2C Service - Skype Technologies S.A. - C:\Documents and Settings\All Users\Dati applicazioni\Skype\Toolbars\Skype C2C Service\c2c_service.exe
    O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Programmi\Skype\Updater\Updater.exe

    --
    End of file - 7777 bytes
    ----------------------------------------------------------------------------------------------

  2. #2
    Member Spyware Fighter zep516's Avatar
    Join Date
    Dec 2005
    Location
    Pittsburgh, Pa
    Posts
    7,158
    Points
    1301

    Default

    Hi gnazino70

    Are you having any issues with this computer at all?

    We need to see some information about what is happening in your machine. Please perform the following scan:
    • Download DDS by sUBs from one of the following links. Save it to your desktop.
    • Double click on the DDS icon, allow it to run.
    • A small box will open, with an explaination about the tool. No input is needed, the scan is running.
    • Notepad will open with the results.
    • Follow the instructions that pop up for posting the results.
    • Close the program window, and delete the program from your desktop.
    Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

    Information on A/V control HERE

    Joe

  3. The Following User Says Thank You to zep516 For This Useful Post: