Carthago Posted June 1, 2005 Share Posted June 1, 2005 Hello, I post this Hijackthis log and hope to find out some more about it, and if all is safe. Logfile of HijackThis v1.99.1Scan saved at 9:01:34, on 1-6-2005 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Ahead\InCD\InCDsrv.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\PROGRA~1\Maxtor\OneTouch\Utils\OneTouch.exe C:\WINDOWS\MXOALDR.EXE C:\Program Files\CA\eTrust PestPatrol\PPActiveDetection.exe C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe C:\Program Files\Common Files\Ulead Systems\AutoDetector\monitor.exe C:\Program Files\Microsoft AntiSpyware\gcasServ.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Spamihilator\spamihilator.exe C:\Program Files\Ashampoo\Ashampoo UnInstaller Platinum Suite\UIWatcher.exe C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe C:\Program Files\Dantz\Retrospect\retrorun.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Winamp\winamp.exe C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe C:\WINDOWS\system32\ZoneLabs\vsmon.exe C:\WINDOWS\system32\ZoneLabs\isafe.exe C:\PROGRA~1\ZONELA~1\ZONEAL~1\MAILFR~1\mantispm.exe C:\Documents and Settings\Ferry\Bureaublad\hijackthis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = c:\WINDOWS\PCHEALTH\HELPCTR\System\panels\blank.htm R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = c:\WINDOWS\PCHEALTH\HELPCTR\System\panels\blank.htm R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file) O2 - BHO: Acronis Popup Blocker - {E24AD748-155E-4254-B674-4EDF86E7E1DF} - C:\PROGRA~1\Acronis\PRIVAC~1\Blocker.dll O4 - HKLM\..\Run: [MaxtorOneTouch] C:\PROGRA~1\Maxtor\OneTouch\Utils\OneTouch.exe O4 - HKLM\..\Run: [MXO Auto Loader] C:\WINDOWS\MXOALDR.EXE O4 - HKLM\..\Run: [eTrustPPAP] "C:\Program Files\CA\eTrust PestPatrol\PPActiveDetection.exe" O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe" O4 - HKLM\..\Run: [ulead AutoDetector v2] C:\Program Files\Common Files\Ulead Systems\AutoDetector\monitor.exe O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe" O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [spamihilator] "C:\Program Files\Spamihilator\spamihilator.exe" O4 - HKCU\..\Run: [uIWatcher] C:\Program Files\Ashampoo\Ashampoo UnInstaller Platinum Suite\UIWatcher.exe O4 - HKCU\..\Run: [CCleaner] "C:\Program Files\CCleaner\CCleaner.exe" /AUTO O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: Acronis Pop-up Blocker - {2E071ADC-ADF8-4b4b-8ACB-EDC49E6D45A2} - C:\PROGRA~1\Acronis\PRIVAC~1\Blocker.dll O9 - Extra 'Tools' menuitem: Acronis Pop-up Blocker - {2E071ADC-ADF8-4b4b-8ACB-EDC49E6D45A2} - C:\PROGRA~1\Acronis\PRIVAC~1\Blocker.dll O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\Designing\WinHTTrack\WinHTTrackIEBar.dll O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\Designing\WinHTTrack\WinHTTrackIEBar.dll O9 - Extra button: Onderzoekscentrum - {9455301C-CF6B-11D3-A266-00C04F689C50} - C:\Program Files\Common Files\Microsoft Shared\Encarta Researcher\EROPROJ.DLL O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe O23 - Service: CA ISafe (CAISafe) - Computer Associates International, Inc. - C:\WINDOWS\system32\ZoneLabs\isafe.exe O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe O23 - Service: iPod-service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Retrospect Launcher (RetroLauncher) - Dantz Development Corporation - C:\Program Files\Dantz\Retrospect\retrorun.exe O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe On my system I also have EE (Evidence Eliminator) and they show a minimum list in their help files. My list is huge compairing theirs'. When needed some more information just post the question. Hope anybody can help. Link to comment Share on other sites More sharing options...
Tarun Posted June 1, 2005 Share Posted June 1, 2005 Looks clean to me, only thing that can be done is some optional optimizations. Link to comment Share on other sites More sharing options...
Carthago Posted June 1, 2005 Author Share Posted June 1, 2005 Looks clean to me, only thing that can be done is some optional optimizations. <{POST_SNAPBACK}> Thanks for looking at it. What optional optimizations you thinking about? Link to comment Share on other sites More sharing options...
Tarun Posted June 1, 2005 Share Posted June 1, 2005 Thanks for looking at it. What optional optimizations you thinking about? <{POST_SNAPBACK}> These are all optional. Generated by Tarun's HijackThis Converter. Changed registry value. Safe to remove: R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = c:\WINDOWS\PCHEALTH\HELPCTR\System\panels\blank.htm R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = c:\WINDOWS\PCHEALTH\HELPCTR\System\panels\blank.htm R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen Enumeration of existing IE's BHO's. Safe to remove: O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file) O2 - BHO: Acronis Popup Blocker - {E24AD748-155E-4254-B674-4EDF86E7E1DF} - C:\PROGRA~1\Acronis\PRIVAC~1\Blocker.dll Enumeration of suspicious auto-loading registry entries. Safe to remove: O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe" O4 - HKLM\..\Run: [ulead AutoDetector v2] C:\Program Files\Common Files\Ulead Systems\AutoDetector\monitor.exe O4 - HKCU\..\Run: [spamihilator] "C:\Program Files\Spamihilator\spamihilator.exe" O4 - HKCU\..\Run: [uIWatcher] C:\Program Files\Ashampoo\Ashampoo UnInstaller Platinum Suite\UIWatcher.exe Disabling of "Internet Options" Main tab with Policies. Safe to remove: O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present Extra "Tools" menu items and buttons. Safe to remove: O9 - Extra button: Acronis Pop-up Blocker - {2E071ADC-ADF8-4b4b-8ACB-EDC49E6D45A2} - C:\PROGRA~1\Acronis\PRIVAC~1\Blocker.dll O9 - Extra 'Tools' menuitem: Acronis Pop-up Blocker - {2E071ADC-ADF8-4b4b-8ACB-EDC49E6D45A2} - C:\PROGRA~1\Acronis\PRIVAC~1\Blocker.dll O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\Designing\WinHTTrack\WinHTTrackIEBar.dll O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\Designing\WinHTTrack\WinHTTrackIEBar.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe You use Firefox, no need for the popup blocker. Plus IE 6 has one built in with SP2. Have you considered getting Thunderbird for your email client? Blocks spam and more so you can get rid of that Spamihilator. Link to comment Share on other sites More sharing options...
Carthago Posted June 2, 2005 Author Share Posted June 2, 2005 Again thanks for the reply and the answers. In fact I am using Firebird already but love spamihilator becaue of its results. I not tried the spam option in Firebird till now. Is it that good as spamihilator? Today i will work on the list and see the result. thanks again. Link to comment Share on other sites More sharing options...
Tarun Posted June 2, 2005 Share Posted June 2, 2005 Again thanks for the reply and the answers. In fact I am using Firebird already but love spamihilator becaue of its results. I not tried the spam option in Firebird till now. Is it that good as spamihilator? Today i will work on the list and see the result. thanks again. <{POST_SNAPBACK}> All I know is what I've read. That it works and it works well. I'm careful not to give out my real e-mail address or enter it anywhere I don't trust. So I quite literally never get spam. Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now