|
|
|
http://194.74.65.98 - BT Wholesale Redirect - HELP!
|
|
|
zippy1982
Newbie
|
3. January 2007 @ 16:18 |
Link to this message
|
Hi,
While surfing the net, either just clicking on links throughout sites, accessing favourites or going through Google, one in every about 5 pages redirects me to this http://194.74.65.98 which forces me to close that window and start again if I want to carry on browsing that website.
Can anyone help me?!?! Is this some sort of virus? I've read on the Internet about other people having problems.
Below is my Log file from HijakThis. If anyone could offer some help it would be much appreicated.
Many thanks!
Zippy
xxx
Logfile of HijackThis v1.99.1
Scan saved at 02:14:51, on 04/01/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Adobe\Adobe Photoshop CS2\Photoshop.exe
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\DOCUME~1\HP_Owner\LOCALS~1\Temp\Adobelm_Cleanup.0001
C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
C:\DOCUME~1\HP_Owner\LOCALS~1\Temp\Adobelm_Cleanup.0001
C:\HJT\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [pdfFactory Pro Dispatcher v2] "C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fppdis2a.exe" /runonce
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Fiddler - {CF819DA3-9882-4944-ADF5-6EF17ECF3C6E} - "C:\Program Files\Fiddler\Fiddler.exe" (file missing)
O9 - Extra 'Tools' menuitem: Fiddler - {CF819DA3-9882-4944-ADF5-6EF17ECF3C6E} - "C:\Program Files\Fiddler\Fiddler.exe" (file missing)
O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {01010E00-5E80-11D8-9E86-0007E96C65AE} (SupportSoft SmartIssue) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsi.cab
O16 - DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} (SupportSoft Script Runner Class) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsr.cab
O16 - DPF: {14C1B87C-3342-445F-9B5E-365FF330A3AC} (Hewlett-Packard Online Support Services) - https://h50203.www5.hp.com/HPISWeb/Customer/cabs/HPISDataManager.CAB
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} - http://www.symantec.com/techsupp/asa/ctrl/LSSupCtl.cab
O16 - DPF: {200B3EE9-7242-4EFD-B1E4-D97EE825BA53} (VerifyGMN Class) - http://h20270.www2.hp.com/ediags/gmn/ins...staller_gmn.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www.costcophotocenter.com/CostcoActivia.cab
O16 - DPF: {49232000-16E4-426C-A231-62846947304B} (SysData Class) - http://ipgweb.cce.hp.com/rdqcpc/downloads/sysinfo.cab
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - http://www.symantec.com/techsupp/asa/ctrl/SymAData.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: x-mem1 - {C3719F83-7EF8-4BA0-89B0-3360C7AFB7CC} - C:\WINDOWS\system32\wowctl2.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
This message has been edited since posting. Last time this message was edited on 3. January 2007 @ 16:20
|
Member
|
5. January 2007 @ 23:51 |
Link to this message
|
|
hmmm, sounds like either a trojan or spyware...
run grisoft... see if it says anything... i used to have a one that ran itself as INTERNET EXPLORER.exe sooo... always look out for running programs in the background that doesnt fit any description of ur own programs... i say if Grisoft doesnt pick up anything try STINGER, from McAfee- search it on google... its a small prog that doesnt need install... and if that doesnt work try getting a program that detects spy/adware... try searching Adaware... i think that was Lavasoft Adaware? any one correct me?
"Support the band- download the cd, but buy concert tickets"
|
|
janrocks
Suspended permanently
|
6. January 2007 @ 07:02 |
Link to this message
|
Dunno how this will paste..
Analyzerdetails
Logfile of HijackThis v1.99.1
Kind
This should be the newest version.
Platform: Windows XP SP2 (WinNT 5.01.2600)
Kind
Analyzerdetails
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Kind
This should be the newest version.
Visitor's assessment Analyzerdetails Check with an antivirus scanner
C:\WINDOWS\System32\smss.exe
Kind
Very safe
Very safe
This entry was classified from our visitors as good.
Visitor's assessment Analyzerdetails Check with an antivirus scanner
C:\WINDOWS\system32\winlogon.exe
Kind
Very safe
Very safe
This entry was classified from our visitors as good.
Visitor's assessment Analyzerdetails Check with an antivirus scanner
C:\WINDOWS\system32\services.exe
Kind
Safe
Safe
This entry was classified from our visitors as good.
Visitor's assessment Analyzerdetails Check with an antivirus scanner
C:\WINDOWS\system32\lsass.exe
Kind
Very safe
Very safe
This entry was classified from our visitors as good.
Visitor's assessment Analyzerdetails Check with an antivirus scanner
C:\WINDOWS\system32\svchost.exe
Kind
Safe
Safe
This entry was classified from our visitors as good.
Visitor's assessment Analyzerdetails Check with an antivirus scanner
C:\WINDOWS\System32\svchost.exe
Kind
Very safe
Very safe
This entry was classified from our visitors as good.
Visitor's assessment Analyzerdetails Check with an antivirus scanner
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
Kind
Safe
Safe
This entry was classified from our visitors as good.
Visitor's assessment Analyzerdetails Check with an antivirus scanner
C:\WINDOWS\Explorer.EXE
Kind
Very safe
Very safe
This entry was classified from our visitors as good.
Visitor's assessment Analyzerdetails Check with an antivirus scanner
C:\WINDOWS\system32\spoolsv.exe
Kind
Safe
Safe
This entry was classified from our visitors as good.
Visitor's assessment Analyzerdetails Check with an antivirus scanner
C:\HP\KBD\KBD.EXE
Kind
Safe
Safe
This is a unknown process.
This entry was classified from our visitors as good.
Visitor's assessment Analyzerdetails Check with an antivirus scanner
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
Kind
Very safe
Very safe
This entry was classified from our visitors as good.
Visitor's assessment Analyzerdetails Check with an antivirus scanner
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
Kind
Very safe
Very safe
This entry was classified from our visitors as good.
Visitor's assessment Analyzerdetails Check with an antivirus scanner
C:\Program Files\iTunes\iTunesHelper.exe
Kind
Safe
Safe
Not dangerous, but unnecessary.
Apple iTunes
Visitor's assessment Analyzerdetails Check with an antivirus scanner
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
Kind
Checks for updates for RealPlayer
Visitor's assessment Analyzerdetails Check with an antivirus scanner
C:\Program Files\MSN Messenger\MsnMsgr.Exe
Kind
Safe
Safe
This entry was classified from our visitors as good.
Visitor's assessment Analyzerdetails Check with an antivirus scanner
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
Kind
Antivirensoftware
Visitor's assessment Analyzerdetails Check with an antivirus scanner
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
Kind
Antivirensoftware
Visitor's assessment Analyzerdetails Check with an antivirus scanner
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
Kind
Antivirensoftware
Visitor's assessment Analyzerdetails Check with an antivirus scanner
C:\WINDOWS\system32\cisvc.exe
Kind
Safe
Safe
Microsoft Index Service Helper
Visitor's assessment Analyzerdetails Check with an antivirus scanner
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
Kind
Very safe
Very safe
This entry was classified from our visitors as good.
Visitor's assessment Analyzerdetails Check with an antivirus scanner
C:\WINDOWS\system32\nvsvc32.exe
Kind
Very safe
Very safe
Not dangerous, but unnecessary.
This entry was classified from our visitors as good.
Visitor's assessment Analyzerdetails Check with an antivirus scanner
C:\WINDOWS\system32\svchost.exe
Kind
Safe
Safe
This entry was classified from our visitors as good.
Visitor's assessment Analyzerdetails Check with an antivirus scanner
C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe
Kind
Grisoft AVG6
Visitor's assessment Analyzerdetails Check with an antivirus scanner
C:\Program Files\iPod\bin\iPodService.exe
Kind
Very safe
Very safe
Visitor's assessment Analyzerdetails Check with an antivirus scanner
C:\WINDOWS\system32\svchost.exe
Kind
Safe
Safe
This entry was classified from our visitors as good.
Visitor's assessment Analyzerdetails Check with an antivirus scanner
C:\WINDOWS\system32\cidaemon.exe
Kind
Safe
Safe
Indexing Service Filter Daemon
Visitor's assessment Analyzerdetails Check with an antivirus scanner
C:\Program Files\Adobe\Adobe Photoshop CS2\Photoshop.exe
Kind
Adobe Photoshop
Visitor's assessment Analyzerdetails Check with an antivirus scanner
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
Kind
Very safe
Very safe
Possibly nasty! According to our database this process runs normally in c:\programme\internet explorer\! Check if you know this process and arrange a viruscheck where required.Internet Explorer - Wir empfehlen einen sichereren alternativen Browser zu verwenden. (z.B. Firefox)
Visitor's assessment Analyzerdetails Unknown
C:\DOCUME~1\HP_Owner\LOCALS~1\Temp\Adobelm_Cleanup.0001
Kind
Visitor's assessment Analyzerdetails Check with an antivirus scanner
C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
Kind
Visitor's assessment Analyzerdetails Unknown
C:\DOCUME~1\HP_Owner\LOCALS~1\Temp\Adobelm_Cleanup.0001
Kind
Visitor's assessment Analyzerdetails Check with an antivirus scanner
C:\HJT\HijackThis.exe
Kind
Very safe
Very safe
Remember that HijackThis must be run in an own folder. Only if HijackThis run in an own folder it will create backups!Tool, mit dem sie dieses Logfile erzeugt haben. Das Programm sollte so angelegt sein ! C:\Programme\HijackThis\HijackThis.exe
Visitor's assessment Analyzerdetails
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
Kind
This page has been identified as safe.
Visitor's assessment Analyzerdetails
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
Kind
AcroIEhelper.ocx, AcroIEhelper.dll - Adobe Acrobat reader, http://www.adobe.com/products/acrobat/re adstep2.html
Visitor's assessment Analyzerdetails
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
Kind
SDhelper.dll - Spybot - Search & Destroy, http://spybot.eon.net.au/
Visitor's assessment Analyzerdetails
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
Kind
Java von SUN jre1.5.0 update 6
Visitor's assessment Analyzerdetails
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
Kind
googletoolbar.dll, googletoolbar*.dll (* = number), googletoolbar_en_*.**-big.dll, Googletoolbar_en_*.*.**-deleon.dll. - Google toolbar, http://toolbar.google.com/
Visitor's assessment Analyzerdetails
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
Kind
googletoolbar.dll, googletoolbar*.dll (* = digit), googlenav.dll, googlenav*.dll, googletoolbar_en_*.**-big.dll, googletoolbar_en_*.*.**-deleon.dll - Google Toolbar
Visitor's assessment Analyzerdetails
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
Kind
Hewlett Packard Software
Visitor's assessment Analyzerdetails
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
Kind
Safe
Safe
Unknown application.This entry was classified from our visitors as good.
Visitor's assessment Analyzerdetails Unknown
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
Kind
Unknown application.
Visitor's assessment Analyzerdetails
O4 - HKLM\..\Run: [pdfFactory Pro Dispatcher v2] "C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fppdis2a.exe" /runonce
Kind
pdfFactory Pro Dispatcher v2
Visitor's assessment Analyzerdetails
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
Kind
firewall program from Zonelabs. Pro version inlcudes other online security options
Visitor's assessment Analyzerdetails
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
Kind
Very safe
Very safe
AVG Anti-Virus 7.0 Control Center. Allows you to manage and control all AVG Anti-Virus components, settings and updates
Visitor's assessment Analyzerdetails
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
Kind
Not dangerous, but unnecessary.QuickTime
Visitor's assessment Analyzerdetails
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
Kind
Not dangerous, but unnecessary.
Visitor's assessment Analyzerdetails
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
Kind
Part of RealPlayer
Visitor's assessment Analyzerdetails
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
Kind
Microsoft s MSN Messenger 6
Visitor's assessment Analyzerdetails
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
Kind
The entry &Google Search has been identified as safe.
Visitor's assessment Analyzerdetails
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
Kind
The entry &Translate English Word has been identified as safe.
Visitor's assessment Analyzerdetails
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
Kind
The entry Backward Links has been identified as safe.
Visitor's assessment Analyzerdetails
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
Kind
The entry Cached Snapshot of Page has been identified as safe.
Visitor's assessment Analyzerdetails
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
Kind
The entry E&xport to Microsoft Excel has been identified as safe.
Visitor's assessment Analyzerdetails
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
Kind
The entry Similar Pages has been identified as safe.
Visitor's assessment Analyzerdetails
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
Kind
The entry Translate Page into English has been identified as safe.
Visitor's assessment Analyzerdetails
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
Kind
The entry has been identified as safe.
Visitor's assessment Analyzerdetails
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
Kind
The entry Sun Java Console has been identified as safe.
Visitor's assessment Analyzerdetails
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
Kind
The entry Research has been identified as safe.
Visitor's assessment Analyzerdetails
O9 - Extra button: Fiddler - {CF819DA3-9882-4944-ADF5-6EF17ECF3C6E} - "C:\Program Files\Fiddler\Fiddler.exe" (file missing)
Kind
To be fixed if the entry 'Fiddler ' is unknown.
Unnecessary (deactivated) entry that can be fixed.Unknown buttons or entries in the 'Extras'-menu should be fixed.
Visitor's assessment Analyzerdetails
O9 - Extra 'Tools' menuitem: Fiddler - {CF819DA3-9882-4944-ADF5-6EF17ECF3C6E} - "C:\Program Files\Fiddler\Fiddler.exe" (file missing)
Kind
To be fixed if the entry 'Fiddler ' is unknown.
Unnecessary (deactivated) entry that can be fixed.Unknown buttons or entries in the 'Extras'-menu should be fixed.
Visitor's assessment Analyzerdetails Unknown
O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEB utton\support.htm
Kind
To be fixed if the entry 'Connection Help ' is unknown.Unknown buttons or entries in the 'Extras'-menu should be fixed.
Visitor's assessment Analyzerdetails Unknown
O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEB utton\support.htm
Kind
To be fixed if the entry 'Connection Help ' is unknown.Unknown buttons or entries in the 'Extras'-menu should be fixed.
Visitor's assessment Analyzerdetails
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
Kind
Unnecessary (deactivated) entry that can be fixed.The entry has been identified as safe.
Visitor's assessment Analyzerdetails
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
Kind
Unnecessary (deactivated) entry that can be fixed.The entry @xpsp3res.dll, has been identified as safe.
Visitor's assessment Analyzerdetails
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
Kind
The entry Messenger has been identified as safe.
Visitor's assessment Analyzerdetails
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
Kind
The entry Windows Messenger has been identified as safe.
Visitor's assessment Analyzerdetails
O16 - DPF: {01010E00-5E80-11D8-9E86-0007E96C65AE} (SupportSoft SmartIssue) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsi.cab
Kind
This entry has been identified as safe.
Visitor's assessment Analyzerdetails
O16 - DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} (SupportSoft Script Runner Class) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsr.cab
Kind
This entry has been identified as safe.
Visitor's assessment Analyzerdetails
O16 - DPF: {14C1B87C-3342-445F-9B5E-365FF330A3AC} (Hewlett-Packard Online Support Services) - https://h50203.www5.hp.com/HPISWeb/Customer/cabs/HPISDataManager.CAB
Kind
This entry has been identified as safe.
Visitor's assessment Analyzerdetails
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
Kind
This entry has been identified as safe.
Visitor's assessment Analyzerdetails
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} - http://www.symantec.com/techsupp/asa/ctrl/LSSupCtl.cab
Kind
This entry has been identified as safe.
Visitor's assessment Analyzerdetails
O16 - DPF: {200B3EE9-7242-4EFD-B1E4-D97EE825BA53} (VerifyGMN Class) - http://h20270.www2.hp.com/ediags/gmn/ins...staller_gmn.cab
Kind
This entry has been identified as safe.
Visitor's assessment Analyzerdetails
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www.costcophotocenter.com/CostcoActivia.cab
Kind
This entry has been identified as safe.
Visitor's assessment Analyzerdetails Unknown
O16 - DPF: {49232000-16E4-426C-A231-62846947304B} (SysData Class) - http://ipgweb.cce.hp.com/rdqcpc/downloads/sysinfo.cab
Kind
Check if you know this site and fix it if you do not.Unknown ActiveX-Objects, or ActiveX-Objects from unknown sites should always be fixed. If the name of the ActiveX-Object or the URL contains the words 'dialer', 'casino', 'free plugin' etc, it should be fixed!
Visitor's assessment Analyzerdetails
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx
Kind
This entry has been identified as safe.
Visitor's assessment Analyzerdetails
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - http://www.symantec.com/techsupp/asa/ctrl/SymAData.cab
Kind
This entry has been identified as safe.
Visitor's assessment Analyzerdetails
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
Kind
This entry has been identified as safe.
Visitor's assessment Analyzerdetails
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
Kind
This entry has been identified as safe.
Visitor's assessment Analyzerdetails Unknown
O18 - Protocol: x-mem1 - {C3719F83-7EF8-4BA0-89B0-3360C7AFB7CC} - C:\WINDOWS\system32\wowctl2.dll
Kind
Visitor's assessment Analyzerdetails
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
Kind
Windows Genuine Advantage Notification
Visitor's assessment Analyzerdetails
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
Kind
Visitor's assessment Analyzerdetails
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
Kind
This service (Adobelmsvc.exe) was identified as a good one.
Visitor's assessment Analyzerdetails
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
Kind
This service (avgamsvr.exe) was identified as a good one.
Visitor's assessment Analyzerdetails
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
Kind
This service (avgupsvc.exe) was identified as a good one.
Visitor's assessment Analyzerdetails
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
Kind
This service (avgemc.exe) was identified as a good one.
Visitor's assessment Analyzerdetails
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
Kind
This service (IDriverT.exe) was identified as a good one.
Visitor's assessment Analyzerdetails
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
Kind
This service (iPodService.exe) was identified as a good one.
Visitor's assessment Analyzerdetails
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
Kind
This service (LSSrvc.exe) was identified as a good one.
Visitor's assessment Analyzerdetails
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
Kind
This service (MSCSPTISRV.exe) was identified as a good one.
Visitor's assessment Analyzerdetails
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
Kind
This service (nvsvc32.exe) was identified as a good one.
Visitor's assessment Analyzerdetails
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
Kind
This service (PACSPTISVR.exe) was identified as a good one.
Visitor's assessment Analyzerdetails
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
Kind
This service (SPTISRV.exe) was identified as a good one.
Visitor's assessment Analyzerdetails
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
Kind
This service (SSScsiSV.exe) was identified as a good one.
Visitor's assessment Analyzerdetails
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
Kind
This service (vsmon.exe) was identified as a good one.
This is interesting..something is wrong here, probable browser exploit
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
Kind
Very safe
Very safe
Possibly nasty! According to our database this process runs normally in c:\programme\internet explorer\! Check if you know this process and arrange a viruscheck where required.Internet Explorer
It's a german checker..try it yourself.
http://hijackthis.de/en#anl
This message has been edited since posting. Last time this message was edited on 6. January 2007 @ 07:10
|
|
