| |
Entry |
|
Kind
(Safe, Nasty, Unknown) |
|
Description |
|
Tip |
| |
Help us to keep this free service online! Please
give us a small donation via PayPal. |
|
| |
Logfile of HijackThis v1.99.0 |
|
Safe. |
|
Shows the version of HijackThis an.
The newest version is: v1.99.0! |
|
This should be the newest version.
(v1.99.0) |
| |
 |
A newer version of service pack is available.
Service packs increase the safety of your system. Visit Microsoft's
windowsupdate site to download the newest version of the service
pack. |
| |
Platform: Windows XP SP1 (WinNT 5.01.2600) |
|
 |
|
|
|
|
| |
MSIE: Internet Explorer v6.00 SP1
(6.00.2800.1106) |
|
Safe. |
|
Shows the version of your Internet
Explorer. Newest Version is: 6.00.2800.1106! |
|
This should be the newest version.
(6.00.2800.1106) |
| |
C:\WINDOWS\System32\smss.exe |
|
Safe. |
|
running process.
(smss.exe)
Systemprozess - Anwendung, die benutzt wird um Sitzungen zu
starten, verwalten und lцschen. |
|
|
| |
C:\WINDOWS\system32\winlogon.exe |
|
Safe. |
|
running process.
(winlogon.exe)
Systemprozess - Windows Login Routine |
|
|
| |
C:\WINDOWS\system32\services.exe |
|
Safe. |
|
running process.
(services.exe)
Systemprozess - Verwaltet die Systemdienste. |
|
|
| |
C:\WINDOWS\system32\lsass.exe |
|
Safe. |
|
running process.
(lsass.exe)
Systemprozess |
|
|
| |
C:\WINDOWS\system32\svchost.exe |
|
Safe. |
|
running process.
(svchost.exe)
Systemprozess - Allgemeiner Hostprozessname fьr
Dienste. |
|
|
| |
C:\WINDOWS\System32\svchost.exe |
|
Safe. |
|
running process.
(svchost.exe)
Systemprozess - Allgemeiner Hostprozessname fьr
Dienste. |
|
|
| |
C:\WINDOWS\system32\spoolsv.exe |
|
Safe. |
|
running process.
(spoolsv.exe)
Systemprozess |
|
|
| |
C:\Program Files\Kaspersky Lab\Kaspersky
Anti-Virus for Workstation\avpcc.exe |
|
Safe. |
|
running process.
(avpcc.exe)
Kaspersky-Control-Center |
|
Possibly nasty!
According to our database this process runs normally in
c:\programme\kaspersky lab\kaspersky anti-virus personal\! Check if you
know this process and arrange a viruscheck where required. |
| |
C:\Program Files\Kaspersky Lab\Kaspersky
Anti-Virus for Workstation\avpm.exe |
|
Safe. |
|
running process.
(avpm.exe)
Kaspersky(/Escan)-Antivirus-Monitor |
|
|
| |
C:\WINDOWS\System32\nvsvc32.exe |
|
Safe. |
|
running process.
(nvsvc32.exe)
NVIDIA graphics card driver |
|
Not dangerous, but unnecessary.
|
| |
C:\WINDOWS\SOUNDMAN.EXE |
|
Safe. |
|
running process.
(SOUNDMAN.EXE)
|
|
|
| |
C:\Program Files\Kaspersky Lab\Kaspersky
Anti-Virus for Workstation\avpcc.exe |
|
Safe. |
|
running process.
(avpcc.exe)
Kaspersky-Control-Center |
|
Possibly nasty!
According to our database this process runs normally in
c:\programme\kaspersky lab\kaspersky anti-virus personal\! Check if you
know this process and arrange a viruscheck where required. |
| |
C:\WINDOWS\System32\RUNDLL32.EXE |
|
Safe. |
|
running process.
(RUNDLL32.EXE)
RUNDLL32 is the Microsoft Windows program that loads
DLLs into memory so that they can be used by specific programs or by
Windows. |
|
|
| |
C:\Program Files\Messenger\msmsgs.exe |
|
Safe. |
|
running process. (msmsgs.exe)
MSN
Messenger |
|
|
| |
C:\WINDOWS\System32\ctfmon.exe |
|
Safe. |
|
running process. (ctfmon.exe)
|
|
|
| |
C:\WINDOWS\System32\rundll32.exe |
|
Safe. |
|
running process.
(rundll32.exe)
RUNDLL32 is the Microsoft Windows program that loads
DLLs into memory so that they can be used by specific programs or by
Windows. |
|
|
| |
C:\WINDOWS\explorer.exe |
|
Safe. |
|
running process.
(explorer.exe)
Systemprozess fьr Desktop und Taskleiste. |
|
|
| |
C:\Program Files\Internet
Explorer\IEXPLORE.EXE |
|
Safe. |
|
running process.
(IEXPLORE.EXE)
Internet Explorer - Wir empfehlen einen sichereren
alternativen Browser zu verwenden. (z.B. Firefox) |
|
|
| |
C:\Documents and Settings\User\Local
Settings\Temp\Временная папка 1 для
hijackthis_199_148.zip\HijackThis.exe |
|
Safe. |
|
running process.
(HijackThis.exe)
Tool, mit dem sie dieses Logfile erzeugt haben. |
|
Remember that Hijackthis must be run
in an own folder. Only if Hijackthis run in an own folder it will create
backups! |
| |
R0 - HKCU\Software\Microsoft\Internet
Explorer\Main,Start Page = http://www.rambler.ru/ |
|
Nasty |
|
This entry should be fixed by
HijackThis! |
|
This entry should be fixed by
HijackThis! |
| |
R0 - HKCU\Software\Microsoft\Internet
Explorer\Toolbar,LinksFolderName = Ссылки |
|
Safe. |
|
This page has been identified as
safe. |
|
|
| |
O2 - BHO: AcroIEHlprObj Class -
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -
d:\Reader\ActiveX\AcroIEHelper.ocx |
|
Safe. |
|
Entries found in this registry zone
are potentially nasty. This application
([06849E9F-C8D7-4D59-B87D-784B7D6BE0B3] - Result:
06849E9F-C8D7-4D59-B87D-784B7D6BE0B3) has been checked. Hit rate: 99 % |
|
|
| |
O3 - Toolbar: &Радио -
{8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx |
|
Safe. |
|
Entries found in this registry zone
are potentially nasty. This application
([8E718888-423F-11D2-876E-00A0C9082467] - Result:
8E718888-423F-11D2-876E-00A0C9082467) has been checked. If the name is
made up of random letters, found in the folder 'Application Data' and the
kind is 'Unknown' , it should be fixed. Hit rate: 99
% |
|
|
| |
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE |
|
Safe. |
|
System Tray icon for the Realtek AC97
Audio Sound Manager for AC97 onboard audio. Available via Start ->
Settings-> Control Panel
Hit rate: 40 % (result) |
|
Not dangerous, but unnecessary. |
| |
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE
C:\WINDOWS\System32\NvCpl.dll,NvStartup |
|
Safe. |
|
Part of NVidia
Hit rate: 99 % (result) |
|
|
| |
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install |
|
Safe. |
|
Application that allows a users to
have 32 virtual desktops, get a desktop larger than the viewable area of
the monitor, divide the display across more than one monitor, manage
applications, and many more features.
Hit rate: 99
% (result) |
|
|
| |
O4 - HKLM\..\Run: [AVPCC] "C:\Program
Files\Kaspersky Lab\Kaspersky Anti-Virus for Workstation\avpcc.exe"
/wait |
|
Unknown |
|
Hit rate: -1
% (result) |
|
Unknown application. |
| |
O4 - HKLM\..\Run: [WinampAgent]
"D:\Winamp3\winampa.exe" |
|
Safe. |
|
Loads the System Tray icon for the
WinAmp media player. Can be used to mantain file associations so programs
like QuickTime and RealPlayer don t take over as default player for
various media types. Available via Start -> Programs
Hit rate:
71 % (result) |
|
|
| |
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE
C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit |
|
Safe. |
|
Part of NVidia
Hit rate: 65 % (result) |
|
|
| |
O4 - HKCU\..\Run: [MSMSGS] "C:\Program
Files\Messenger\msmsgs.exe" /background |
|
Safe. |
|
Windows Messenger utility. If you
don\'t use Windows Messenger, this can be annoying. Available via Start
-> Programs. Go to Windows Messenger > Tools > Options >
Preferences and uncheck "Run this program when Windows starts"
Hit
rate: 99 % (result) |
|
|
| |
O4 - HKCU\..\Run: [ctfmon.exe]
C:\WINDOWS\System32\ctfmon.exe |
|
Safe. |
|
CTFMon is involved with the
language/alternative input services in Office XP. CTFMON.exe will continue
to put itself back into MSConfig when you run the Office XP apps as long
as the Text Services and Speech applets in the Control Panel are enabled.
Not required if you don\'t need these features. For more info on ctfmon
see here. CTFMON can be disabled from Control Panel, Text & Speech
Services
Hit rate: 99 % (result) |
|
|
| |
O8 - Extra context menu item: Add to filterlist
(WebWasher) - http://-Web.Washer-/ie_add |
|
Safe. |
|
The entry Add to filterlist
(WebWasher) has been identified as safe. |
|
If the entry 'Add to
filterlist (WebWasher) ' is not needed anymore, it should be
fixed. |
| |
O8 - Extra context menu item: Download with
Go!Zilla - file://D:\PROGRA~1\Go!Zilla\download-with-gozilla.html |
|
Safe. |
|
The entry Download with Go!Zilla has
been identified as safe. |
|
If the entry 'Download with
Go!Zilla ' is not needed anymore, it should be fixed. |
| |
O9 - Extra button: Related -
{c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm |
|
Safe. |
|
The entry Related has been identified
as safe. |
|
If the entry 'Related
' is not needed anymore, it should be fixed. |
| |
O9 - Extra 'Tools' menuitem: Show &Related
Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} -
C:\WINDOWS\web\related.htm |
|
Safe. |
|
The entry Show &Related Links has
been identified as safe. |
|
If the entry 'Show
&Related Links ' is not needed anymore, it should be
fixed. |
| |
O12 - Plugin for .spop: C:\Program
Files\Internet Explorer\Plugins\NPDocBox.dll |
|
Safe. |
|
Most of the entries present in this
registry area are safe. Only OnFlow adds an unwanted plugins can be found
here. OnFlow-Plugins have the following extension *.ofb. |
|
|
| |
O16 - DPF:
{0E8D0700-75DF-11D3-8B4A-0008C7450C4A} (DjVuCtl Class) -
http://www.lizardtech.com/download/files/win/djvuplugin/en_US/DjVuControl_en_US.
cab |
|
Possibly nasty |
|
Unknown ActiveX-Objects, or
ActiveX-Objects from unknown sites should always be fixed. If the name of
the ActiveX-Object or the URL contains the words 'dialer', 'casino', 'free
plugin' etc, it should be fixed! |
|
Check if you know this site and fix
it if you do not. |
| |
O16 - DPF:
{6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -
http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_
site.cab?1106543847187 |
|
Safe. |
|
This entry has been identified as
safe. |
|
|
| |
O16 - DPF:
{90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup
Player) -
http://www.lizardtech.com/download/files/win/expressview/webinstall/isetup.cab |
|
Nasty |
|
This entry is possibly nasty. |
|
Should be fixed. |
| |
O23 - Service: AVP Control Centre Service -
Kaspersky Labs. - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus for
Workstation\avpcc.exe |
|
Safe. |
|
These entries shows all services
which are not from Microsoft. Often malware is starting as a systemservice
and it's not easy to detect it. |
|
This service (avpcc.exe) was
identified as a good one. |
| |
O23 - Service: Журнал событий - Корпорация
Майкрософт - C:\WINDOWS\system32\services.exe |
|
Safe. |
|
These entries shows all services
which are not from Microsoft. Often malware is starting as a systemservice
and it's not easy to detect it. |
|
This service (services.exe) was
identified as a good one. |
| |
O23 - Service: Служба COM записи компакт-дисков
IMAPI - Корпорация Майкрософт - C:\WINDOWS\System32\imapi.exe |
|
Safe. |
|
These entries shows all services
which are not from Microsoft. Often malware is starting as a systemservice
and it's not easy to detect it. |
|
This service (imapi.exe) was
identified as a good one. |
| |
O23 - Service: KAV Monitor Service - Kaspersky
Labs. - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus for
Workstation\avpm.exe |
|
Safe. |
|
These entries shows all services
which are not from Microsoft. Often malware is starting as a systemservice
and it's not easy to detect it. |
|
This service (avpm.exe) was
identified as a good one. |
| |
O23 - Service: NetMeeting Remote Desktop Sharing
- Корпорация Майкрософт - C:\WINDOWS\System32\mnmsrvc.exe |
|
Safe. |
|
These entries shows all services
which are not from Microsoft. Often malware is starting as a systemservice
and it's not easy to detect it. |
|
This service (mnmsrvc.exe) was
identified as a good one. |
| |
O23 - Service: Служба сетевого DDE - Корпорация
Майкрософт - C:\WINDOWS\system32\netdde.exe |
|
Safe. |
|
These entries shows all services
which are not from Microsoft. Often malware is starting as a systemservice
and it's not easy to detect it. |
|
This service (netdde.exe) was
identified as a good one. |
| |
O23 - Service: Диспетчер сетевого DDE -
Корпорация Майкрософт - C:\WINDOWS\system32\netdde.exe |
|
Safe. |
|
These entries shows all services
which are not from Microsoft. Often malware is starting as a systemservice
and it's not easy to detect it. |
|
This service (netdde.exe) was
identified as a good one. |
| |
O23 - Service: NVIDIA Display Driver Service -
NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe |
|
Safe. |
|
These entries shows all services
which are not from Microsoft. Often malware is starting as a systemservice
and it's not easy to detect it. |
|
This service (nvsvc32.exe) was
identified as a good one. |
| |
O23 - Service: Plug and Play - Корпорация
Майкрософт - C:\WINDOWS\system32\services.exe |
|
Safe. |
|
These entries shows all services
which are not from Microsoft. Often malware is starting as a systemservice
and it's not easy to detect it. |
|
This service (services.exe) was
identified as a good one. |
| |
O23 - Service: Диспетчер сеанса справки для
удаленного рабочего стола - Корпорация Майкрософт -
C:\WINDOWS\system32\sessmgr.exe |
|
Safe. |
|
These entries shows all services
which are not from Microsoft. Often malware is starting as a systemservice
and it's not easy to detect it. |
|
This service (sessmgr.exe) was
identified as a good one. |
| |
O23 - Service: Модуль поддержки смарт-карт -
Корпорация Майкрософт - C:\WINDOWS\System32\SCardSvr.exe |
|
Safe. |
|
These entries shows all services
which are not from Microsoft. Often malware is starting as a systemservice
and it's not easy to detect it. |
|
This service (SCardSvr.exe) was
identified as a good one. |
| |
O23 - Service: Смарт-карты - Корпорация
Майкрософт - C:\WINDOWS\System32\SCardSvr.exe |
|
Safe. |
|
These entries shows all services
which are not from Microsoft. Often malware is starting as a systemservice
and it's not easy to detect it. |
|
This service (SCardSvr.exe) was
identified as a good one. |
| |
O23 - Service: Журналы и оповещения
производительности - Корпорация Майкрософт -
C:\WINDOWS\system32\smlogsvc.exe |
|
Unknown |
|
These entries shows all services
which are not from Microsoft. Often malware is starting as a systemservice
and it's not easy to detect it. |
|
Unknown service. (smlogsvc.exe) |
| |
O23 - Service: Теневое копирование тома -
Корпорация Майкрософт - C:\WINDOWS\System32\vssvc.exe |
|
Safe. |
|
These entries shows all services
which are not from Microsoft. Often malware is starting as a systemservice
and it's not easy to detect it. |
|
This service (vssvc.exe) was
identified as a good one. |
| |
O23 - Service: Адаптер производительности WMI -
Корпорация Майкрософт - C:\WINDOWS\System32\wbem\wmiapsrv.exe |
|
Safe. |
|
These entries shows all services
which are not from Microsoft. Often malware is starting as a systemservice
and it's not easy to detect it. |
|
This service (wmiapsrv.exe) was
identified as a good one. |
| |
|
No active firewall was found on your system or
the firewall you use is unknown to us. If you donґt use a firewall you
should download and install one or activate windows xpґs own one. In case
you got questions or you want us to add the firewall you use to our
database, contact us at our forum http://www.hijackthis.de/forum/forumdisplay.php?f=10&guestlanguageid=4 |
| |
2 Nasty Save analysis ( NOTICE: Your analysis will only be
saved for 3 days.) You should save this file on your hard disk
drive. (right click -> save target as) |