MAC-NETHow toNetwork SecurityVirus ProtectionSpyware ProtectionDownloadReferenceContact
 

Do more with FirefoxNEW

Hijacked Browser Analysis

4-counter.com 3721

C2.lop browser hijacker

CWShredder

Edmond.exe

Intercom.exe Spyware

MWSOEMON.EXE - MyWebSearch

SearchPage CC Spyware

Spin4Dough Spyware

Sqwire.com home page hijack
Home » Spyware Protection » Hijacked Browser Analysis » 

Logfile of HijackThis v1.97.7 - cjtf

The following entries needs attention:

R1 - HKCU \ Software \ Microsoft \ Internet Explorer \ Main,Search Bar = website: best-search.cc / search.php?v=6&aff=0
R1 - HKCU \ Software \ Microsoft \ Internet Explorer \ Main,Search Page = website: best-search.cc / index.php?v=6&aff=0
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - website: ricercaperfetta.com / (file missing)
O9 - Extra ´Tools´ menuitem: Loghi e suonerie - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - website: ricercaperfett
O14 - IERESET.INF: START_PAGE_URL=website: microsoft.com / italy / start
O14 - IERESET.INF: MS_START_PAGE_URL=website: microsoft.com / italy / start
O16 - DPF: {00000000-0000-0000-0000-000020030000} - website: pupe.ragazze-sexy.net / sesso.exe

Original log.

C: \ WINDOWS \ SYSTEM \ KERNEL32.DLL
C: \ WINDOWS \ SYSTEM \ MSGSRV32.EXE
C: \ WINDOWS \ SYSTEM \ MPREXE.EXE
C: \ WINDOWS \ SYSTEM \ mmtask.tsk
C: \ WINDOWS \ SYSTEM \ MSTASK.EXE
C: \ PROGRAMMI \ TREND PC-CILLIN 2000 \ PCCIOMON.EXE
C: \ WINDOWS \ SYSTEM \ SCVHOST.EXE
C: \ WINDOWS \ EXPLORER.EXE
C: \ WINDOWS \ TASKMON.EXE
C: \ WINDOWS \ SYSTEM \ SYSTRAY.EXE
C: \ PROGRAMMI \ TREND PC-CILLIN 2000 \ POP3TRAP.EXE
C: \ PROGRAMMI \ TREND PC-CILLIN 2000 \ WEBTRAP.EXE
C: \ PROGRAMMI \ POPUP KILLER \ POPUPKILLER.EXE
C: \ WINDOWS \ ANVSHELL.EXE
C: \ PROGRAMMI \ MICROSOFT OFFICE \ OFFICE \ 1040 \ MSOFFICE.EXE
C: \ WINDOWS \ SYSTEM \ WMIEXE.EXE
C: \ WINDOWS \ SYSTEM \ SPOOL32.EXE
C: \ WINDOWS \ SYSTEM \ RNAAPP.EXE
C: \ WINDOWS \ SYSTEM \ TAPISRV.EXE
C: \ WINDOWS \ DESKTOP \ HIJACKTHIS.EXE

R1 - HKCU \ Software \ Microsoft \ Internet Explorer \ Main,Search Bar = website: best-search.cc / search.php?v=6&aff=0
R1 - HKCU \ Software \ Microsoft \ Internet Explorer \ Main,Search Page = website: best-search.cc / index.php?v=6&aff=0
R0 - HKCU \ Software \ Microsoft \ Internet Explorer \ Main,Start Page = website: msn.it /
R0 - HKCU \ Software \ Microsoft \ Internet Explorer \ Toolbar,LinksFolderName = Collegamenti
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C: \ PROGRAMMI \ ADOBE \ ACROBAT 5.0 \ READER \ ACTIVEX \ ACROIEHELPER.OCX
O2 - BHO: (no name) - {9C691A33-7DDA-4C2F-BE4C-C176083F35CF} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C: \ WINDOWS \ SYSTEM \ MSDXM.OCX
O4 - HKLM \ .. \ Run: [TaskMonitor] C: \ WINDOWS \ taskmon.exe
O4 - HKLM \ .. \ Run: [SystemTray] SysTray.Exe
O4 - HKLM \ .. \ Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM \ .. \ Run: [pop3trap.exe] "C: \ Programmi \ Trend PC-cillin 2000 \ pop3trap.exe"
O4 - HKLM \ .. \ Run: [WebTrap.exe] "C: \ Programmi \ Trend PC-cillin 2000 \ WebTrap.exe"
O4 - HKLM \ .. \ Run: [ScanRegistry] C: \ WINDOWS \ scanregw.exe / autorun
O4 - HKLM \ .. \ Run: [PCCIOMON.EXE] "C: \ Programmi \ Trend PC-cillin 2000 \ PCCIOMON.EXE"
O4 - HKLM \ .. \ Run: [PopUpKiller] C: \ PROGRAMMI \ POPUP KILLER \ POPUPKILLER.EXE
O4 - HKLM \ .. \ Run: [anvshell] anvshell.exe
O4 - HKLM \ .. \ Run: [MSStartOptimizer] C: \ WINDOWS \ SYSTEM \ SCVHOST.EXE
O4 - HKLM \ .. \ Run: [RegCompres] C: \ WINDOWS \ SYSTEM \ REGCPM32.EXE
O4 - HKLM \ .. \ RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM \ .. \ RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM \ .. \ RunServices: [PCCIOMON.EXE] "C: \ Programmi \ Trend PC-cillin 2000 \ PCCIOMON.EXE"
O4 - HKLM \ .. \ RunServices: [MSStartOptimizer] C: \ WINDOWS \ SYSTEM \ SCVHOST.EXE
O4 - HKLM \ .. \ RunServices: [RegCompres] C: \ WINDOWS \ SYSTEM \ REGCPM32.EXE
O4 - HKCU \ .. \ Run: [ATI Launchpad] "C: \ PROGRAMMI \ ATI MULTIMEDIA \ MAIN \ LAUNCHPD.EXE"
O4 - Startup: Microsoft Office.lnk = C: \ Programmi \ Microsoft Office \ Office \ OSA9.EXE
O4 - Startup: EPSON Controllo in background.lnk = C: \ ESM2 \ STMS.exe
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - website: ricercaperfetta.com / (file missing)
O9 - Extra ´Tools´ menuitem: Loghi e suonerie - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - website: ricercaperfetta.com / (file missing)
O12 - Plugin for .spop: C: \ PROGRA~1 \ INTERN~1 \ Plugins \ NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=website: microsoft.com / italy / start
O14 - IERESET.INF: MS_START_PAGE_URL=website: microsoft.com / italy / start
O16 - DPF: {00000000-0000-0000-0000-000020030000} - website: pupe.ragazze-sexy.net / sesso.exe

commentPost your comment 
Mail this pageMail this page


© 2004-2008. All Rights Reserved.