Infection

Krognac
Krognac
edited October 2008 in Logs analysis

Hello this is my first time at a forum but think my pc has something


Here is the hijack this log let me know and thank u for the assistance


Ok I looked at the Hijack this tutorial and this is the new log


Logfile of Trend Micro HijackThis v2.0.2


Scan saved at 11:13:56 PM, on 10/9/2008


Platform: Windows XP SP3 (WinNT 5.01.2600)


MSIE: Internet Explorer v7.00 (7.00.6000.16705)


Boot mode: Normal


Running processes:


C:WINDOWSSystem32smss.exe


C:WINDOWSsystem32winlogon.exe


C:WINDOWSsystem32services.exe


C:WINDOWSsystem32lsass.exe


C:WINDOWSsystem32svchost.exe


C:Program FilesWindows DefenderMsMpEng.exe


C:WINDOWSSystem32svchost.exe


C:WINDOWSsystem32svchost.exe


C:Program FilesCommon FilesSymantec SharedccSvcHst.exe


C:Program FilesCommon FilesSymantec SharedccProxy.exe


C:WINDOW###plorer.EXE


C:WINDOWSsystem32spoolsv.exe


C:Program FilesCommon FilesLogiShrdLVMVFMLVPrcSrv.exe


C:Program FilesAviraAntiVir PersonalEdition Classicsched.exe


C:Program FilesAviraAntiVir PersonalEdition Classicavguard.exe


C:Program FilesSymantecLiveUpdateAluSchedulerSvc.exe


C:WINDOWSsystem32cisvc.exe


C:WINDOWSeHomeehRecvr.exe


C:WINDOWSeHomeehSched.exe


C:WINDOWSSystem32svchost.exe


C:Program FilesIntelIntel Matrix Storage ManagerIaantmon.exe


C:Program FilesCommon FilesLogiShrdLVCOMSERLVComSer.exe


C:Program FilesCommon FilesMicrosoft SharedVS7DEBUGMDM.EXE


C:WINDOWSsystem32nvsvc32.exe


C:WINDOWSehomeRMSvc.exe


C:WINDOWSsystem32svchost.exe


C:WINDOWSsystem32dllhost.exe


C:Program FilesCommon FilesLogiShrdLVCOMSERLVComSer.exe


C:Program FilesCommon FilesSymantec SharedccSvcHst.exe


C:Program FilesWindows DefenderMSASCui.exe


C:Program FilesAviraAntiVir PersonalEdition Classicavgnt.exe


C:WINDOWSsystem32RUNDLL32.EXE


C:WINDOWSsystem32ctfmon.exe


C:Program FilesWindows Media PlayerWMPNSCFG.exe


C:Program FilesMozilla Firefoxfirefox.exe


C:WINDOWSsystem32cidaemon.exe


C:PROGRA~1COMMON~1SYMANT~1CCPD-LCsymlcsvc.exe


C:Program FilesTrend MicroHijackThisHijackThis.exe


R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=5070117


R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157


R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896


R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html


R0 - HKLMSoftwareMicrosoftInternet ExplorerMain,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157


R0 - HKLMSoftwareMicrosoftInternet ExplorerSearch,SearchAssistant =


R1 - HKLMSoftwareMicrosoftInternet ExplorerSearch,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=5070117


R1 - HKCUSoftwareMicrosoftInternet ExplorerSearchURL,(Default) = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com


R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:Program FilesYahoo!CompanionInstallscpn0yt.dll


R3 - URLSearchHook: (no name) - {0579B4B6-0293-4d73-B02D-5EBB0BA0F0A2} - C:Program FilesAskSBarSrchAstt1.binA2SRCHAS.DLL (file missing)


O2 - BHO: (no name) - rsion - (no file)


O2 - BHO: (no name) - XE²49E9F-C8D7-4D59-B87D-784B7D6BE0B3} - (no file)


O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:Program FilesYahoo!CompanionInstallscpn0yt.dll


O2 - BHO: Ask Search Assistant BHO - {0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2} - C:Program FilesAskSBarSrchAstt1.binA2SRCHAS.DLL (file missing)


O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:Program FilesCommon FilesAdobeAcrobatActiveXAcroIEHelperShim.dll


O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:Program FilesYahoo!Commonyiesrvc.dll


O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:Program FilesCommon FilesSymantec SharedcoSharedBrowser2.6coIEPlg.dll


O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:PROGRA~1COMMON~1SYMANT~1IDSIPSBHO.dll


O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:Program FilesJavajre1.6.0_07binssv.dll


O2 - BHO: (no name) - ÈF²J - (no file)


O2 - BHO: (no name) - ØE²497BB-D6F0-462C-B6EB-D4DAF1D92D43} - (no file)


O2 - BHO: (no name) - ˆE²3D70E-1895-11CF-8E15-001234567890} - (no file)


O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:Program FilesYahoo!CompanionInstallscpn0yt.dll


O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:Program FilesCommon FilesSymantec SharedcoSharedBrowser2.6CoIEPlg.dll


O4 - HKLM..Run: [ccApp] "C:Program FilesCommon FilesSymantec SharedccApp.exe"


O4 - HKLM..Run: [osCheck] "C:Program FilesNorton 360osCheck.exe"


O4 - HKLM..Run: [Windows Defender] "C:Program FilesWindows DefenderMSASCui.exe" -hide


O4 - HKLM..Run: [avgnt] "C:Program FilesAviraAntiVir PersonalEdition Classicavgnt.exe" /min


O4 - HKLM..Run: [Adobe Reader Speed Launcher] "C:Program FilesAdobeReader 9.0ReaderReader_sl.exe"


O4 - HKLM..Run: [NvCplDaemon] RUNDLL32.EXE C:WINDOWSsystem32NvCpl.dll,NvStartup


O4 - HKLM..Run: [nwiz] nwiz.exe /install


O4 - HKLM..Run: [NvMediaCenter] RUNDLL32.EXE C:WINDOWSsystem32NvMcTray.dll,NvTaskbarInit


O4 - HKCU..Run: [ctfmon.exe] C:WINDOWSsystem32ctfmon.exe


O4 - HKCU..Run: [Yahoo! Pager] "C:Program FilesYahoo!MessengerYahooMessenger.exe" -quiet


O4 - HKCU..Run: [WMPNSCFG] C:Program FilesWindows Media PlayerWMPNSCFG.exe


O4 - HKCU..RunOnce: [] C:Program FilesMozilla Firefoxfirefox.exe http://www.symantec.com/techsupp/servlet/P...0000e6.0000026d


O8 - Extra context menu item: &Yahoo! Search - file:///C:Program FilesYahoo!Common/ycsrch.htm


O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:PROGRA~1MI1933~1OFFICE11EXCEL.EXE/3000


O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:Program FilesYahoo!Common/ycdict.htm


O8 - Extra context menu item: Yahoo! &Maps - file:///C:Program FilesYahoo!Common/ycmap.htm


O8 - Extra context menu item: Yahoo! &SMS - file:///C:Program FilesYahoo!Common/ycsms.htm


O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:Program FilesJavajre1.6.0_07binssv.dll


O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:Program FilesJavajre1.6.0_07binssv.dll


O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:Program FilesYahoo!Commonyiesrvc.dll


O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:PROGRA~1MI1933~1OFFICE11REFIEBAR.DLL


O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)


O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:WINDOWSNetwork Diagnosticxpnetdiag.exe


O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:WINDOWSNetwork Diagnosticxpnetdiag.exe


O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Program FilesMessengermsmsgs.exe


O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Program FilesMessengermsmsgs.exe


O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1222902942906


O20 - Winlogon Notify: GoToAssist - C:Program FilesCitrixGoToAssist514G2AWinLogon.dll


O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:Program FilesAviraAntiVir PersonalEdition Classicsched.exe


O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:Program FilesAviraAntiVir PersonalEdition Classicavguard.exe


O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:Program FilesSymantecLiveUpdateAluSchedulerSvc.exe


O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:Program FilesCommon FilesSymantec SharedccSvcHst.exe


O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:Program FilesCommon FilesSymantec SharedccProxy.exe


O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:Program FilesCommon FilesSymantec SharedccSvcHst.exe


O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:Program FilesCommon FilesSymantec SharedccSvcHst.exe


O23 - Service: COM Host (comHost) - Symantec Corporation - C:Program FilesCommon FilesSymantec SharedVAScannercomHost.exe


O23 - Service: Intel® Quick Resume technology (ELService) - Intel Corporation - C:Program FilesIntelIntelDHIntel® Quick Resume Technology DriversElservice.exe


O23 - Service: GoToAssist - Citrix Online, a division of Citrix Systems, Inc. - C:Program FilesCitrixGoToAssist514g2aservice.exe


O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:Program FilesIntelIntel Matrix Storage ManagerIaantmon.exe


O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:Program FilesCommon FilesInstallShieldDriver11Intel 32IDriverT.exe


O23 - Service: LiveUpdate - Symantec Corporation - C:Program FilesSymantecLiveUpdateLuComServer_3_4.EXE


O23 - Service: LiveUpdate Notice - Symantec Corporation - C:Program FilesCommon FilesSymantec SharedccSvcHst.exe


O23 - Service: LVCOMSer - Logitech Inc. - C:Program FilesCommon FilesLogiShrdLVCOMSERLVComSer.exe


O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:Program FilesCommon FilesLogiShrdLVMVFMLVPrcSrv.exe


O23 - Service: LVSrvLauncher - Logitech Inc. - C:Program FilesCommon FilesLogiShrdSrvLnchSrvLnch.exe


O23 - Service: Media Center Extender Service (McrdSvc) - Unknown owner - C:WINDOWSehomemcrdsvc.exe (file missing)


O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:WINDOWSsystem32nvsvc32.exe


O23 - Service: Symantec Core LC - Unknown owner - C:PROGRA~1COMMON~1SYMANT~1CCPD-LCsymlcsvc.exe


--


End of file - 10463 bytes

All Time Leaders

Categories

Defenders of the month