-
Logfile of HijackThis v1.97.7
Hello.
Hopefully I'm not posting it in the wrong place. But can somebody take a quick look at my Log of HijackThis?
I don't think I have a problem on my home computer, but just in case.
If you see anything that I wouldn't need or something that slows down my computer, please let me know.
=============================================
Logfile of HijackThis v1.97.7
Scan saved at 12:37:19 AM, on 1/26/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
C:\Program Files\Panda Software\Panda Titanium Antivirus 2004\Pavsrv51.exe
C:\WINDOWS\System32\svchost.exe Why is it running three times?
C:\Program Files\Panda Software\Panda Titanium Antivirus 2004\AVENGINE.EXE
C:\WINDOWS\system32\ZONELABS\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Panda Software\Panda Titanium Antivirus 2004\APVXDWIN.EXE
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Panda Software\Panda Titanium Antivirus 2004\WebProxy.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\ACD Systems\ACDSee\ACDSee.exe
C:\WINDOWS\system32\CMMON32.EXE
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyServer = 212.122.167.136:80 What is this? (See below)
O2 - BHO: (no name) - {A5366673-E8CA-11D3-9CD9-0090271D075B} - C:\PROGRA~1\FLASHGET\jccatch.dll Should I delete this?
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll and this?
O4 - HKLM\..\Run: [APVXDWIN] "C:\Program Files\Panda Software\Panda Titanium Antivirus 2004\APVXDWIN.EXE" /s
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O8 - Extra context menu item: Download All by FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: Download using FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} - http://v4.windowsupdate.microsoft.co...876.8377777778
O16 - DPF: {A8658086-E6AC-4957-BC8E-8D54A7E8A790} (GDIChk Object) - http://www.microsoft.com/security/co...I/0/GDIChk.CAB
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.macromedia.com/pub...sh/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{EF686E8A-4E86-48CB-9465-B4A622EA5A21}: NameServer = 216.194.28.33 216.194.28.69
=============================================
That IP number 212.122.167.136 I traced to a Bulgarian governmental website gate-vks.government.bg Why is that?
Does my computer look protected?
Thanks for your time and help!
-
I'm always under attack by people form eastern european countries, but it tends to get blocked by my firewall and dealt with by norton. I'm not too sure about the rest, but from what I can guage it seems to be ok
-
Thanks bkclan
But do you know what it means? Maybe it's nothing serious but just a proxy that i might've used when i used to use IE? I checked, there is a different proxy that i've used last time, and it's in idle mode.
-
Yeah, it's quite likely to be a proxy. Normally .gov don't get involved in hacking and the like... :P
-
You can stop the CMMON32.EXE process if you want. none of the "***mon" processes really do anything, and it will speed your computer up by....a tiny bit.
That thing that is running 3 times... i don't know. On mine i have often noticed that it is running at least 3 times or even more. I don't think it is anything bad. Nothing bad could get into my computer anyway ^^
I always get people from Romania/Ukraine etc... pissing around and from what it looks like, they are trying to get into my computer. Don't know why, don't care, unless one day they actually manage it.
-
C:\WINDOWS\System32\svchost.exe is the Microsoft Service Host Process and should not be terminated. It's quite common for a few of them to be running at the same time.
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
Bookmarks