Logfile of HijackThis v1.98.2
Possibly out of date Shows the version of HijackThis an. The newest version is: v1.99.0! Your version (v1.98.2) is out of date. Visit the manufacturers homepage to update.
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Safe. Shows the version of your Internet Explorer. Newest Version is: 6.00.2800.1106! This should be the newest version. (6.00.2900.2180)
C:\WINDOWS\System32\smss.exe
Safe. running process. (smss.exe)
Systemprozess - Anwendung, die benutzt wird um Sitzungen zu starten, verwalten und lÃÃâ€*’¶schen.
C:\WINDOWS\system32\winlogon.exe
Safe. running process. (winlogon.exe)
Systemprozess - Windows Login Routine
C:\WINDOWS\system32\services.exe
Safe. running process. (services.exe)
Systemprozess - Verwaltet die Systemdienste.
C:\WINDOWS\system32\lsass.exe
Safe. running process. (lsass.exe)
Systemprozess
C:\WINDOWS\system32\svchost.exe
Safe. running process. (svchost.exe)
Systemprozess - Allgemeiner Hostprozessname fÃÃâ€*’¼r Dienste.
C:\WINDOWS\System32\svchost.exe
Safe. running process. (svchost.exe)
Systemprozess - Allgemeiner Hostprozessname fÃÃâ€*’¼r Dienste.
C:\WINDOWS\system32\spoolsv.exe
Safe. running process. (spoolsv.exe)
Systemprozess
C:\WINDOWS\System32\nvsvc32.exe
Safe. running process. (nvsvc32.exe)
NVIDIA graphics card driver Not dangerous, but unnecessary.
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\VetMsg.exe
Safe. running process. (VetMsg.exe)
Bestandteil von eTrus Antivirus
C:\WINDOWS\Explorer.EXE
Safe. running process. (Explorer.EXE)
Systemprozess fÃÃâ€*’¼r Desktop und Taskleiste.
C:\WINDOWS\system32\RUNDLL32.EXE
Safe. running process. (RUNDLL32.EXE)
RUNDLL32 is the Microsoft Windows program that loads DLLs into memory so that they can be used by specific programs or by Windows.
C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
Safe. running process. (jusched.exe)
C:\Program Files\Logitech\iTouch\iTouch.exe
Safe. running process. (iTouch.exe)
Logitech iTouch
C:\WINDOWS\system32\rundll32.exe
Safe. running process. (rundll32.exe)
RUNDLL32 is the Microsoft Windows program that loads DLLs into memory so that they can be used by specific programs or by Windows.
C:\PROGRA~1\COMMON~1\PCSuite\DATALA~1\DATALA~1.EXE
Safe. running process. (DATALA~1.EXE)
C:\PROGRA~1\CA\ETRUST~1\ETRUST~1\VetTray.exe
Safe. running process. (VetTray.exe)
Vetantivirus
C:\Program Files\QuickTime\qttask.exe
Safe. running process. (qttask.exe)
Part of QuickTime
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger .exe
Unknown running process. (LogitechDesktopMessenger.exe)
This is a unknown process.
C:\PROGRA~1\COMMON~1\PCSuite\Services\SERVIC~1.EXE
Safe. running process. (SERVIC~1.EXE)
Nokia PC Suite
c:\progra~1\intern~1\iexplore.exe
Safe. running process. (iexplore.exe)
Internet Explorer - Wir empfehlen einen sichereren alternativen Browser zu verwenden. (z.B. Firefox)
C:\Program Files\Internet Explorer\iexplore.exe
Safe. running process. (iexplore.exe)
Internet Explorer - Wir empfehlen einen sichereren alternativen Browser zu verwenden. (z.B. Firefox)
C:\WINDOWS\system32\Whta3ue6.exe
Unknown running process. (Whta3ue6.exe)
This is a unknown process.
C:\WINDOWS\system32\KppJ3f.exe
Unknown running process. (KppJ3f.exe)
This is a unknown process.
C:\Program Files\MSN Messenger\msnmsgr.exe
Safe. running process. (msnmsgr.exe)
MSN Messenger
C:\Program Files\Mozilla Firefox\firefox.exe
Safe. running process. (firefox.exe)
Internet Browser
C:\Program Files\Internet Explorer\iexplore.exe
Safe. running process. (iexplore.exe)
Internet Explorer - Wir empfehlen einen sichereren alternativen Browser zu verwenden. (z.B. Firefox)
C:\Documents and Settings\Gareth\Desktop\HijackThis.exe
Safe. running process. (HijackThis.exe)
Tool, mit dem sie dieses Logfile erzeugt haben. Remember that Hijackthis must be run in an own folder. Only if Hijackthis run in an own folder it will create backups!
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =
http://www.cbefqvlxtrfgcq.com/27pku...OPbpmBZAVI.html
Possibly nasty This page could possibly be nasty. If you do not know the entry 'http://www.cbefqvlxtrfgcq.com/27pku...OPbpmBZAVI.html', delete it.
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.qkohrtvjuwp.info/27pkuLZ...b2NHJgozK/E.php
Possibly nasty This page could possibly be nasty. If you do not know the entry 'http://www.qkohrtvjuwp.info/27pkuLZ...b2NHJgozK/E.php', delete it.
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
Safe.
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
Safe.
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
Safe. Entries found in this registry zone are potentially nasty. This application ([06849E9F-C8D7-4D59-B87D-784B7D6BE0B3] - Result: 06849E9F-C8D7-4D59-B87D-784B7D6BE0B3) has been checked. Hit rate: 99 %
O2 - BHO: kbdcjn - {46515264-642A-D5D3-4BFF-1014300CF796} - (no file)
Unnecessarily Entries found in this registry zone are potentially nasty. This application ([46515264-642A-D5D3-4BFF-1014300CF796] - Result: ) has been checked. Hit rate: -1 % Unknown application.
Unnecessary (deactivated) entry that can be fixed.
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
Safe. Entries found in this registry zone are potentially nasty. This application ([53707962-6F74-2D53-2644-206D7942484F] - Result: 53707962-6F74-2D53-2644-206D7942484F) has been checked. Hit rate: 99 %
O2 - BHO: (no name) - {C5183ABC-EB6E-4E05-B8C9-500A16B6CF94} - (no file)
Unnecessarily Entries found in this registry zone are potentially nasty. This application ([C5183ABC-EB6E-4E05-B8C9-500A16B6CF94] - Result: C5183ABC-EB6E-4E05-B8C9-500A16B6CF94) has been checked. Hit rate: 99 % Must be fixed!
Unnecessary (deactivated) entry that can be fixed.
O2 - BHO: (no name) - {EAF74BE0-186B-4E9F-CCB8-2F1C8F93CB36} - C:\DOCUME~1\Neil\APPLIC~1\UPHOLE~1\wait road.exe
Unknown Entries found in this registry zone are potentially nasty. This application ([EAF74BE0-186B-4E9F-CCB8-2F1C8F93CB36] - Result: ) has been checked. Hit rate: -1 % Unknown application.
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
Safe. Entries found in this registry zone are potentially nasty. This application ([327C2873-E90D-4c37-AA9D-10AC9BABA46C] - Result: 327C2873-E90D-4c37-AA9D-10AC9BABA46C) has been checked. If the name is made up of random letters, found in the folder 'Application Data' and the kind is 'Unknown' , it should be fixed. Hit rate: 99 %
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
Safe. The entered application NvCplDaemon was identified: NvCpl or NvCplDaemon. Hit rate: 55 % (result)
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
Safe. The entered application NvMediaCenter was identified: NvMediaCenter. Hit rate: 99 % (result)
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
Safe. The entered application SunJavaUpdateSched was identified: SunJavaUpdateSched. Hit rate: 99 % (result)
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
Safe. The entered application zBrowser Launcher was identified: zBrowser Launcher. Hit rate: 99 % (result)
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
Safe. The entered application BluetoothAuthenticationAgent was identified: BluetoothAuthenticationAgent. Hit rate: 93 % (result)
O4 - HKLM\..\Run: [DataLayer] C:\PROGRA~1\COMMON~1\PCSuite\DATALA~1\DATALA~1.EXE
Safe. The entered application DataLayer was identified: DataLayer. Hit rate: 60 % (result)
O4 - HKLM\..\Run: [VetTray] C:\PROGRA~1\CA\ETRUST~1\ETRUST~1\VetTray.exe
Safe. The entered application VetTray was identified: VetTray. Hit rate: 86 % (result)
O4 - HKLM\..\Run: [3DD4MJ32DZNY8R] C:\WINDOWS\system32\Fsm6BY.exe
Unknown The entered application 3DD4MJ32DZNY8R was identified: None. Hit rate: 4 % (result) Unknown application.
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
Safe. The entered application QuickTime Task was identified: QuickTime Task. Hit rate: 99 % (result) Not dangerous, but unnecessary.
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger .exe
Unknown The entered application LDM was identified: None. Hit rate: -1 % (result) Unknown application.
O4 - HKCU\..\Run: [Loudstart] C:\DOCUME~1\LOCALS~1\APPLIC~1\INTERN~1\flaw team.exe
Unknown The entered application Loudstart was identified: None. Hit rate: 6 % (result) Unknown application.
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
Safe. The entered application 'Logitech Desktop Messenger.lnk (LDMConf.exe)' was identified: 'Logitech Desktop Messenger (backweb-8876480.exe, ldmconf.exe)'. Hit rate: 61 % (result) Not dangerous, but unnecessary.
O8 - Extra context menu item: Download all by Net Transport - C:\Program Files\Xi\NetTransport 2\NTAddList.html
Safe. The entry Download all by Net Transport has been identified as safe. If the entry 'Download all by Net Transport ' is not needed anymore, it should be fixed.
O8 - Extra context menu item: Download by Net Transport - C:\Program Files\Xi\NetTransport 2\NTAddLink.html
Safe. The entry Download by Net Transport has been identified as safe. If the entry 'Download by Net Transport ' is not needed anymore, it should be fixed.
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
Safe. The entry E&xport to Microsoft Excel has been identified as safe. If the entry 'E&xport to Microsoft Excel ' is not needed anymore, it should be fixed.
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
Safe. The entry Easy-WebPrint Add To Print List has been identified as safe. If the entry 'Easy-WebPrint Add To Print List ' is not needed anymore, it should be fixed.
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
Safe. The entry Easy-WebPrint High Speed Print has been identified as safe. If the entry 'Easy-WebPrint High Speed Print ' is not needed anymore, it should be fixed.
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
Safe. The entry Easy-WebPrint Preview has been identified as safe. If the entry 'Easy-WebPrint Preview ' is not needed anymore, it should be fixed.
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
Safe. The entry Easy-WebPrint Print has been identified as safe. If the entry 'Easy-WebPrint Print ' is not needed anymore, it should be fixed.
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
Safe. The entry has been identified as safe. If the entry '' is not needed anymore, it should be fixed.
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
Safe. The entry Sun Java Console has been identified as safe. If the entry 'Sun Java Console ' is not needed anymore, it should be fixed.
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
Possibly nasty Unknown buttons or entries in the 'Extras'-menu should be fixed. To be fixed if the entry 'Research ' is unknown.
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
Safe. The entry Messenger has been identified as safe. If the entry 'Messenger ' is not needed anymore, it should be fixed.
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
Safe. The entry Windows Messenger has been identified as safe. If the entry 'Windows Messenger ' is not needed anymore, it should be fixed.
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) -
http://messenger.zone.msn.com/binar...kr.cab31267.cab
Safe. This entry has been identified as safe.
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) -
http://messenger.zone.msn.com/binar...nt.cab31267.cab
Safe. This entry has been identified as safe.
O16 - DPF: {26CBF141-7D0F-46E1-AA06-718958B6E4D2} -
http://download.ebay.com/turbo_lister/UK/install.cab
Safe. This entry has been identified as safe.
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) -
http://messenger.zone.msn.com/binar...er.cab31267.cab
Safe. This entry has been identified as safe.
O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) -
http://www.cult3d.com/download/cult.cab
Safe. This entry has been identified as safe.
O16 - DPF: {48884C41-EFAC-433D-958A-9FADAC41408E} (EGamesPlugin Class) -
https://www.e-games.com.my/com/EGamesPlugin.cab
Possibly nasty Unknown ActiveX-Objects, or ActiveX-Objects from unknown sites should always be fixed. If the name of the ActiveX-Object or the URL contains the words 'dialer', 'casino', 'free plugin' etc, it should be fixed! Check if you know this site and fix it if you do not.