Safe. Shows the version of HijackThis an. The newest version is: v1.99.1!
This should be the newest version. (v1.99.1)
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Safe. Shows the version of your Internet Explorer. Newest Version is: 6.00.2900.2180!
This should be the newest version. (6.00.2900.2180)
C:\WINDOWS\System32\smss.exe
Safe. This entry was classified from our visitors as good.
Click on the stars and look at the comments from our visitors, to see, why the entry was classified in such a way.
C:\WINDOWS\system32\winlogon.exe
Safe. This entry was classified from our visitors as good.
Click on the stars and look at the comments from our visitors, to see, why the entry was classified in such a way.
C:\WINDOWS\system32\services.exe
Safe. This entry was classified from our visitors as good.
Click on the stars and look at the comments from our visitors, to see, why the entry was classified in such a way.
C:\WINDOWS\system32\lsass.exe
Safe. This entry was classified from our visitors as good.
Click on the stars and look at the comments from our visitors, to see, why the entry was classified in such a way.
C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
Safe. running process. (InCDsrv.exe)
Possibly nasty! According to our database this process runs normally in c:\programme\ahead\incd! Check if you know this process and arrange a viruscheck where required.
C:\WINDOWS\system32\svchost.exe
Safe. This entry was classified from our visitors as good.
Click on the stars and look at the comments from our visitors, to see, why the entry was classified in such a way.
C:\WINDOWS\System32\svchost.exe
Safe. This entry was classified from our visitors as good.
Click on the stars and look at the comments from our visitors, to see, why the entry was classified in such a way.
C:\WINDOWS\Explorer.EXE
Safe. This entry was classified from our visitors as good.
Click on the stars and look at the comments from our visitors, to see, why the entry was classified in such a way.
C:\WINDOWS\system32\spoolsv.exe
Safe. This entry was classified from our visitors as good.
Click on the stars and look at the comments from our visitors, to see, why the entry was classified in such a way.
C:\WINDOWS\system32\CTsvcCDA.exe
Safe. running process. (CTsvcCDA.exe)
Creative Soundkarte
D:\Program Files\MKS_VIR_2006\mksmonsv.exe
Safe. running process. (mksmonsv.exe)
MKS_Vir
Possibly nasty! According to our database this process runs normally in c:\programme\mks\bin! Check if you know this process and arrange a viruscheck where required.
C:\WINDOWS\system32\RUNDLL32.EXE
Safe. running process. (RUNDLL32.EXE)
RUNDLL32 is the Microsoft Windows program that loads DLLs into memory so that they can be used by specific programs or by Windows.
C:\WINDOWS\htpatch.exe
Safe. running process. (htpatch.exe)
HTpatch.exe is related to hardware from SiS.
C:\WINDOWS\system32\CTHELPER.EXE
Safe. running process. (CTHELPER.EXE)
Tool für die Creative Soundkarte.
C:\Program Files\Nero\Nero 7\InCD\InCD.exe
Safe. running process. (InCD.exe)
Possibly nasty! According to our database this process runs normally in c:\programme\ahead\incd! Check if you know this process and arrange a viruscheck where required.
D:\Program Files\MKS_VIR_2006\mks2006.exe
Unknown running process. (mks2006.exe)
This is a unknown process.
C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe
Safe. running process. (jusched.exe)
Java Runtime
C:\WINDOWS\system32\nvsvc32.exe
Safe. This entry was classified from our visitors as good.
Click on the stars and look at the comments from our visitors, to see, why the entry was classified in such a way.
C:\Program Files\UPSMON\UPSMON.exe
Unknown running process. (UPSMON.exe)
This is a unknown process.
C:\Program Files\Lexmark 4300 Series\lxcemon.exe
Unknown running process. (lxcemon.exe)
This is a unknown process.
C:\Program Files\Lexmark 4300 Series\ezprint.exe
Safe. running process. (ezprint.exe)
Lexmark printer related
D:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe
Unknown running process. (SpywareTerminatorShield.exe)
This is a unknown process.
C:\WINDOWS\system32\svchost.exe
Safe. This entry was classified from our visitors as good.
Click on the stars and look at the comments from our visitors, to see, why the entry was classified in such a way.
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
Safe. running process. (NMBgMonitor.exe)
Nero Burning Monitor
D:\Program Files\MKS_VIR_2006\Mks_mail.exe
Unknown running process. (Mks_mail.exe)
This is a unknown process.
C:\Program Files\UPSMON\UPSMON_Service.Exe
Unknown running process. (UPSMON_Service.Exe)
This is a unknown process.
D:\Program Files\HDD Thermometer\HDD Thermometer.exe
Safe. running process. (HDDThermometer.exe)
HDD Thermometer
D:\pliki win-rar tymczasowe\Rar$EX00.250\Zegarynka.exe
Unknown running process. (Zegarynka.exe)
This is a unknown process.
C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
Safe. This entry was classified from our visitors as good.
Click on the stars and look at the comments from our visitors, to see, why the entry was classified in such a way.
C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
Unknown running process. (KodakSoftwareUpdater.exe)
This is a unknown process.
D:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
Safe. running process. (EasyShare.exe)
C:\WINDOWS\system32\MsPMSPSv.exe
Safe. running process. (MsPMSPSv.exe)
Helper service installed by Windows Media Player 7.
C:\WINDOWS\system32\lxcecoms.exe
Unknown running process. (lxcecoms.exe)
This is a unknown process.
D:\Program Files\MKS_VIR_2006\mks_scan.exe
Safe. running process. (mks_scan.exe)
MKS_Vir
Possibly nasty! According to our database this process runs normally in c:\program files\mks\bin! Check if you know this process and arrange a viruscheck where required.
C:\WINDOWS\system32\wuauclt.exe
Safe. running process. (wuauclt.exe)
Windows Update AutoUpdate Client
C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
Safe. running process. (OUTLOOK.EXE)
E-Mail Client für Windows.
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
Safe. running process. (WINWORD.EXE)
Microsoft Word
C:\Program Files\Mozilla Firefox\firefox.exe
Safe. This entry was classified from our visitors as good.
Click on the stars and look at the comments from our visitors, to see, why the entry was classified in such a way.
D:\Pobrane-Internet\Wirusy\HijackThis.exe
Safe. running process. (HijackThis.exe)
Tool, mit dem sie dieses Logfile erzeugt haben. Das Programm sollte so angelegt sein ! C:\Programme\HijackThis\HijackThis.exe
Remember that Hijackthis must be run in an own folder. Only if Hijackthis run in an own folder it will create backups!
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
Safe.
R3 - URLSearchHook: (no name) - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - (no file)
Possibly nasty Should be fixed if you do not know the application or if no application is mentioned.
Should be fixed if you do not know this application.
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
Safe. Entries found in this registry zone are potentially nasty. This application ([06849E9F-C8D7-4D59-B87D-784B7D6BE0B3] - Result: 06849E9F-C8D7-4D59-B87D-784B7D6BE0B3) has been checked. Hit rate: 100,00%
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
Safe. Entries found in this registry zone are potentially nasty. This application ([53707962-6F74-2D53-2644-206D7942484F] - Result: 53707962-6F74-2D53-2644-206D7942484F) has been checked. Hit rate: 100,00%
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
Safe. Entries found in this registry zone are potentially nasty. This application ([761497BB-D6F0-462C-B6EB-D4DAF1D92D43] - Result: 761497BB-D6F0-462C-B6EB-D4DAF1D92D43) has been checked. Hit rate: 100,00%
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
Safe. Entries found in this registry zone are potentially nasty. This application ([AA58ED58-01DD-4d91-8333-CF10577473F7] - Result: AA58ED58-01DD-4d91-8333-CF10577473F7) has been checked. Hit rate: 100,00%
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
Safe. Entries found in this registry zone are potentially nasty. This application ([2318C2B1-4965-11d4-9B18-009027A5CD4F] - Result: 2318C2B1-4965-11D4-9B18-009027A5CD4F) has been checked. Hit rate: 97,22%
O4 - HKLM…\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
Safe. This entry was classified from our visitors as good.
Click on the stars and look at the comments from our visitors, to see, why the entry was classified in such a way.
O4 - HKLM…\Run: [nwiz] nwiz.exe /install
Safe. This entry was classified from our visitors as good.
Click on the stars and look at the comments from our visitors, to see, why the entry was classified in such a way.
O4 - HKLM…\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
Safe. Part of NVidia
Hit rate: 100,00 % (result)
O4 - HKLM…\Run: [HTpatch] C:\WINDOWS\htpatch.exe
Safe. HTpatch.exe is part of the SiS AGP patch - BUT unless your processor (and motherboard) supports HyperThreading (HT) and this feature is enabled it will actually SLOW your graphics card by around 6%
Hit rate: 100,00 % (result)
O4 - HKLM…\Run: [siSUSBRG] C:\WINDOWS\SiSUSBrg.exe
Safe. SiS USB Registry Patch File - fixes the undetectable problem with SiS USB controller on Windows XP. Why is it in the startups though?
Hit rate: 100,00 % (result)
O4 - HKLM…\Run: [WINDVDPatch] CTHELPER.EXE
Safe. CTHELPER is a background task that is a plug-in manager for Creative drivers. The theory is that 3rd party manufacturers can use the CTHELPER plug-in interface to produce drivers, add-on features, and fixes that will integrate with a tighter fit with Creative’s sound drivers and utilities. Given its purpose CTHELPER would normally be classified as a “leave alone” background task. It also allows Creative speaker setup to be synchronized with Windows Control Panel speaker setting. Without it running that check box in Creative speaker setting is not functional (settings are not in sync). Unfortunately there are often problems with CTHELPER, most notably that it can use 100% of CPU time so its best left disabled unless you need it
Hit rate: 95,45 % (result)
Not dangerous, but unnecessary.
O4 - HKLM…\Run: [updReg] C:\WINDOWS\UpdReg.EXE
Safe. Reminder to register Creative Labs SoundBlaster Live! cards
Hit rate: 80,00 % (result)
Not dangerous, but unnecessary.
O4 - HKLM…\Run: [Jet Detection] “D:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe”
Safe. Added with SoundBlaster Live! or Audigy soundcards for headphone autodetection
Hit rate: 100,00 % (result)
Not dangerous, but unnecessary.
O4 - HKLM…\Run: [CTStartup] C:\Program Files\Creative\Splash Screen\CTEaxSpl.EXE /run
Safe. Splash screen with sound on every boot up. Installed with a Sound Blaster Audigy soundcard
Hit rate: 87,50 % (result)
Not dangerous, but unnecessary.
O4 - HKLM…\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
Safe. Associated with “Nero Burning Rom” CD writing software. Checks for driver issues
Hit rate: 100,00 % (result)
O4 - HKLM…\Run: [inCD] C:\Program Files\Nero\Nero 7\InCD\InCD.exe
Safe.
Hit rate: 100,00 % (result)
O4 - HKLM…\Run: [MKS_VIR_2006] D:\Program Files\MKS_VIR_2006\mks2006.exe
Unknown
Hit rate: 0,00 % (result)
Unknown application.
O4 - HKLM…\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe
Safe. Java von Sun
Hit rate: 100,00 % (result)
O4 - HKLM…\Run: [uPSMON] C:\Program Files\UPSMON\UPSMON.exe
Unknown
Hit rate: 0,00 % (result)
Unknown application.
O4 - HKLM…\Run: [lxcemon.exe] “C:\Program Files\Lexmark 4300 Series\lxcemon.exe”
Possibly nasty
Hit rate: 0,00 % (result)
It seems that the name of this program is the same as the name of the file. In the most cases this is the result of trojans. To be sure, you should check this file.
O4 - HKLM…\Run: [EzPrint] “C:\Program Files\Lexmark 4300 Series\ezprint.exe”
Safe. Lexmark printer related
Hit rate: 100,00 % (result)
O4 - HKLM…\Run: [spywareTerminator] “D:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe”
Unknown
Hit rate: 0,00 % (result)
Unknown application.
O4 - HKCU…\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] “C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe”
Unknown
Hit rate: 0,00 % (result)
Unknown application.
O4 - HKCU…\Run: [MailScanner] D:\Program Files\MKS_VIR_2006\Mks_mail.exe
Unknown
Hit rate: 0,00 % (result)
Unknown application.
O4 - HKCU…\Run: [RSD_HDDThermo] D:\Program Files\HDD Thermometer\HDD Thermometer.exe
Unknown
Hit rate: 0,00 % (result)
Unknown application.
O4 - HKCU…\Run: [Zegarynka] D:\pliki win-rar tymczasowe\Rar$EX00.250\Zegarynka.exe
Unknown
Hit rate: 0,00 % (result)
Unknown application.
O4 - HKCU…\Run: [WITaj!] D:\Program Files\WITaj!\Wit2000.exe /jeden /prywatne
Unknown
Hit rate: 0,00 % (result)
Unknown application.
O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
Safe. Sagem DSL modem related. Apparently needed to detect the modem.
Hit rate: 62,50 % (result)
O4 - Global Startup: KODAK Software Updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
Unknown
Hit rate: 0,00 % (result)
Unknown application.
O4 - Global Startup: Oprogramowanie Kodak EasyShare.lnk = D:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
Safe. Software bundled with Kodak digital cameras to manage the connection between the PC and the Camera. Can be started manually.
Hit rate: 75,86 % (result)
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
Safe. The entry &Google Search has been identified as safe.
If the entry '&Google Search ’ is not needed anymore, it should be fixed.
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
Safe. The entry &Translate English Word has been identified as safe.
If the entry '&Translate English Word ’ is not needed anymore, it should be fixed.
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
Safe. The entry Backward Links has been identified as safe.
If the entry 'Backward Links ’ is not needed anymore, it should be fixed.
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
Safe. The entry Cached Snapshot of Page has been identified as safe.
If the entry 'Cached Snapshot of Page ’ is not needed anymore, it should be fixed.
O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
Safe. The entry E&ksport do programu Microsoft Excel has been identified as safe.
If the entry 'E&ksport do programu Microsoft Excel ’ is not needed anymore, it should be fixed.
O8 - Extra context menu item: Pobierz używając Download &Express’a - D:\Program Files\Download Express\Add_Url.htm
Safe. The entry Pobierz używając Download &Express’a has been identified as safe.
If the entry 'Pobierz używając Download &Express’a ’ is not needed anymore, it should be fixed.
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
Safe. The entry Similar Pages has been identified as safe.
If the entry 'Similar Pages ’ is not needed anymore, it should be fixed.
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
Safe. The entry Translate Page into English has been identified as safe.
If the entry 'Translate Page into English ’ is not needed anymore, it should be fixed.
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
Safe. The entry has been identified as safe.
If the entry ‘’ is not needed anymore, it should be fixed.
O9 - Extra ‘Tools’ menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
Safe. The entry Sun Java Console has been identified as safe.
If the entry 'Sun Java Console ’ is not needed anymore, it should be fixed.
O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
Safe. The entry Badanie has been identified as safe.
If the entry 'Badanie ’ is not needed anymore, it should be fixed.
O10 - Unknown file in Winsock LSP: d:\program files\mks_vir_2006\mksfirewall.dll
Nasty This entry should not be fixed! Your best bet to repair it is to try the LSPFix from Cexx.org.
Check your hard disc drive with Spybot S&D from Kolla.de or LSPFix from Cexx.org.
O10 - Unknown file in Winsock LSP: d:\program files\mks_vir_2006\mksfirewall.dll
Nasty This entry should not be fixed! Your best bet to repair it is to try the LSPFix from Cexx.org.
Check your hard disc drive with Spybot S&D from Kolla.de or LSPFix from Cexx.org.
O10 - Unknown file in Winsock LSP: d:\program files\mks_vir_2006\mksfirewall.dll
Nasty This entry should not be fixed! Your best bet to repair it is to try the LSPFix from Cexx.org.
Check your hard disc drive with Spybot S&D from Kolla.de or LSPFix from Cexx.org.
O10 - Unknown file in Winsock LSP: d:\program files\mks_vir_2006\mksfirewall.dll
Nasty This entry should not be fixed! Your best bet to repair it is to try the LSPFix from Cexx.org.
Check your hard disc drive with Spybot S&D from Kolla.de or LSPFix from Cexx.org.
O10 - Unknown file in Winsock LSP: d:\program files\mks_vir_2006\mksfirewall.dll
Nasty This entry should not be fixed! Your best bet to repair it is to try the LSPFix from Cexx.org.
Check your hard disc drive with Spybot S&D from Kolla.de or LSPFix from Cexx.org.
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan … asinst.cab
Safe. This entry has been identified as safe.
O17 - HKLM\System\CCS\Services\Tcpip…{E0C02C6C-9780-4F10-B0B8-DF0EF2E37401}: NameServer = 194.204.152.34 217.98.63.164
Possibly nasty If this Domain does not belong to your ISP, or your firms network, these entries should be fixed. ‘SearchList’ entries should be fixed too.
Do you know the IP or Domain ‘194.204.152.34 217.98.63.164’? If not, fix this entry.
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
Safe. These entries shows all services which are not from Microsoft. Often malware is starting as a systemservice and it’s not easy to detect it.
This service (CTsvcCDA.exe) was identified as a good one.
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
Safe. This entry was classified from our visitors as good.
Click on the stars and look at the comments from our visitors, to see, why the entry was classified in such a way.
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
Safe. These entries shows all services which are not from Microsoft. Often malware is starting as a systemservice and it’s not easy to detect it.
This service (InCDsrv.exe) was identified as a good one.
O23 - Service: lxce_device - Lexmark International, Inc. - C:\WINDOWS\system32\lxcecoms.exe
Unknown These entries shows all services which are not from Microsoft. Often malware is starting as a systemservice and it’s not easy to detect it.
Unknown service. (lxcecoms.exe)
O23 - Service: MkS_Vir Monitor (MksVirMonSvc) - Unknown owner - D:\Program Files\MKS_VIR_2006\mksmonsv.exe
Safe. These entries shows all services which are not from Microsoft. Often malware is starting as a systemservice and it’s not easy to detect it.
This service (mksmonsv.exe) was identified as a good one.
O23 - Service: MkS_Scan - Unknown owner - D:\Program Files\MKS_VIR_2006\mks_scan.exe
Safe. These entries shows all services which are not from Microsoft. Often malware is starting as a systemservice and it’s not easy to detect it.
This service (mks_scan.exe) was identified as a good one.
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
Unknown These entries shows all services which are not from Microsoft. Often malware is starting as a systemservice and it’s not easy to detect it.
Unknown service. (NBService.exe)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
Safe. This entry was classified from our visitors as good.
Click on the stars and look at the comments from our visitors, to see, why the entry was classified in such a way.
O23 - Service: UPSMONService - Unknown owner - C:\Program Files\UPSMON\UPSMON_Service.Exe
Unknown These entries shows all services which are not from Microsoft. Often malware is starting as a systemservice and it’s not easy to detect it.
Unknown service. (UPSMON_Service.Exe)