Hijack log inspect?

Logfile of HijackThis v1.99.1
Scan saved at 16:32:39, on 7.2.2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\Programme\Apoint2K\Apoint.exe
C:\PROGRA~1\LAUNCH~1\CPLBCL53.EXE
C:\Programme\Companion Suite IH\MFPrintServer.exe
C:\Programme\Microsoft AntiSpyware\gcasServ.exe
C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe
C:\Programme\Java\jre1.5.0_06\bin\jusched.exe
C:\Programme\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Programme\HDD Thermometer\HDD Thermometer.exe
C:\Programme\AnalogX\MaxMem\maxmem.exe
C:\Programme\Microsoft AntiSpyware\gcasDtServ.exe
C:\Programme\Apoint2K\Apntex.exe
C:\Programme\AntiVir PersonalEdition Classic\sched.exe
C:\Programme\AntiVir PersonalEdition Classic\avguard.exe
C:\Programme\ewido anti-malware\ewidoctrl.exe
C:\Programme\ewido anti-malware\ewidoguard.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZONELABS\vsmon.exe
C:\WINDOWS\System32\sgbxcoms.exe
C:\Programme\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\notepad.exe
C:\Dokumente und Einstellungen\Filip\Desktop\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://wwww.google.at/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://global.acer.com
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.5.0_06\bin\ssv.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM..\Run: [LaunchApp] Alaunch
O4 - HKLM..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM..\Run: [Apoint] C:\Programme\Apoint2K\Apoint.exe
O4 - HKLM..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\CPLBCL53.EXE
O4 - HKLM..\Run: [MFServices] “C:\Programme\Companion Suite IH\MFServices.exe” -n
O4 - HKLM..\Run: [MFPrintServer] “C:\Programme\Companion Suite IH\MFPrintServer.exe”
O4 - HKLM..\Run: [gcasServ] “C:\Programme\Microsoft AntiSpyware\gcasServ.exe”
O4 - HKLM..\Run: [avgnt] “C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe” /min
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programme\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM..\Run: [Zone Labs Client] C:\Programme\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKCU..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU..\Run: [RSD_HDDThermo] C:\Programme\HDD Thermometer\HDD Thermometer.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra ‘Tools’ menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_06\bin\ssv.dll
O16 - DPF: {E36C5562-C4E0-4220-BCB2-1C671E3A5916} - http://www.seagate.com/support/disc/asp/to.../npseatools.cab
O17 - HKLM\System\CCS\Services\Tcpip..{4F93C92A-3854-459D-9134-6A02D38E1152}: NameServer = 195.3.96.67,195.3.96.68
O18 - Protocol: bt2 - {1730B77B-F429-498F-9B15-4514D83C8294} - blank (file missing)
O18 - Filter: application/x-bt2 - {6E1DDCE8-76BC-4390-9488-806E8FB1AD77} - blank
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: AntiVir Scheduler (AntiVirScheduler) - H+BEDV Datentechnik GmbH - C:\Programme\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Service (AntiVirService) - H+BEDV Datentechnik GmbH - C:\Programme\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: ewido security suite control - ewido networks - C:\Programme\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Programme\ewido anti-malware\ewidoguard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Msn Service (MSNSVC) - Unknown owner - C:\WINDOWS\msnsrv.exe (file missing)
O23 - Service: sgbx_device - Sagem - C:\WINDOWS\System32\sgbxcoms.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZONELABS\vsmon.exe

I think the removal should be for:
R3 - Default URLSearchHook is missing
O18 - Protocol: bt2 - {1730B77B-F429-498F-9B15-4514D83C8294} - blank (file missing)
O18 - Filter: application/x-bt2 - {6E1DDCE8-76BC-4390-9488-806E8FB1AD77} - blank

Am I right?

Thank you.

XP SP1 ?

A newer version of service pack is available. Service packs increase the safety of your system. Visit Microsoft's windowsupdate site to download the newest version of the service pack.

I would think so, but I would look at one of the on-line analysis sites for general advice and the fact that if a file is suspicious (nasty, unknown, etc.) you can scan the file on-line.
On-line analysis of your log http://hijackthis.de/logfiles/6df985e4b45754de7108f535873190f7.html

This is the log from my friend and thank you David, but I’ve already inspected the log on-ine and run trough couple of forums with no answer.


I googled a couple of other things out of being curious but could find nothing wrong with them. :slight_smile:


The reason I like the hijackthis.de is because any suspect files can be uploaded to be scanned against a number of different scanners.

You could have him try an on-line spyware scan at http://www.spywareinfo.com/xscan.php there are others also.

Updating to SP2 and above will ultimately help with security, it will also allow for IE6 to be updated to SP2 also.

Zagor, I think these are legitimate plugins:

O18 - Filter: application/x-bt2 - {6E1DDCE8-76BC-4390-9488-806E8FB1AD77} - blank

http://castlecops.com/o18list-101.html


O18 - Protocol: bt2 - {1730B77B-F429-498F-9B15-4514D83C8294} - blank (file missing)

http://castlecops.com/o18list-100.html


Sometimes HijackThis will report “file missing” when it really isn’t.


You can go ahead and fix this line:

R3 - Default URLSearchHook is missing

I’m not sure about the rest of the log. Nothing jumps out at me. It’s getting too late for me to check the whole thing tonight though. Lot’s of foriegn stuff that may take a while to research :slight_smile:

doc

Thanks!

That appeared to be the end of my search too. So now I have a confirmation, it’s official ;D