log z hijack'a
Logfile of HijackThis v1.99.1
Safe. Shows the version of HijackThis an. The newest version is: v1.99.1!
This should be the newest version. (v1.99.1)
Platform: Windows XP Dodatek SP. 1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Possibly out of date Shows the version of your Internet Explorer. Newest Version is: 6.00.2900.2180!
The version (6.00.2800.1106) is out of date. Check Windowsupdate to update the Internet Explorer.
C:\WINDOWS\System32\smss.exe
Safe. This entry was classified from our visitors as good.
Click on the stars and look at the comments from our visitors, to see, why the entry was classified in such a way.
C:\WINDOWS\system32\winlogon.exe
Safe. This entry was classified from our visitors as good.
Click on the stars and look at the comments from our visitors, to see, why the entry was classified in such a way.
C:\WINDOWS\system32\services.exe
Safe. running process. (services.exe)
Systemprozess – Verwaltet die Systemdienste.
C:\WINDOWS\system32\lsass.exe
Safe. running process. (lsass.exe)
Systemprozess
C:\WINDOWS\system32\svchost.exe
Safe. running process. (svchost.exe)
Systemprozess – Allgemeiner Hostprozessname fr Dienste.
C:\WINDOWS\System32\svchost.exe
Safe. running process. (svchost.exe)
Systemprozess – Allgemeiner Hostprozessname fr Dienste.
C:\WINDOWS\Explorer.EXE
Safe. This entry was classified from our visitors as good.
Click on the stars and look at the comments from our visitors, to see, why the entry was classified in such a way.
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
Safe. running process. (ccEvtMgr.exe)
Event logging application
C:\WINDOWS\system32\spoolsv.exe
Safe. This entry was classified from our visitors as good.
Click on the stars and look at the comments from our visitors, to see, why the entry was classified in such a way.
C:\Program Files\Netropa\Multimedia Keyboard\nhksrv.exe
Safe. running process. (nhksrv.exe)
C:\Program Files\Norton AntiVirus\navapsvc.exe
Safe. running process. (navapsvc.exe)
Norton AntiVirus application that provides auto–protection of the system.
C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
Safe. running process. (NPROTECT.EXE)
Norton Software
C:\WINDOWS\System32\nvsvc32.exe
Safe. running process. (nvsvc32.exe)
NVIDIA graphics card driver
Not dangerous, but unnecessary.
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
Safe. This entry was classified from our visitors as good.
Click on the stars and look at the comments from our visitors, to see, why the entry was classified in such a way.
C:\WINDOWS\SOUNDMAN.EXE
Safe. running process. (SOUNDMAN.EXE)
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
Safe. running process. (ccApp.exe)
Part of Norton AntiVirus
C:\Program Files\PWN\Definicje\Bin\Starter.exe
Safe. running process. (Starter.exe)
Possibly nasty! According to our database this process runs normally in c:\windows\! Check if you know this process and arrange a viruscheck where required.
C:\Program Files\Winamp\winampa.exe
Safe. running process. (winampa.exe)
C:\WINDOWS\System32\RUNDLL32.EXE
Safe. running process. (RUNDLL32.EXE)
RUNDLL32 is the Microsoft Windows program that loads DLLs into memory so that they can be used by specific programs or by Windows.
C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
Safe. running process. (jusched.exe)
Java Runtime
C:\Program Files\Netropa\Multimedia Keyboard\MMKeybd.exe
Safe. running process. (MMKeybd.exe)
C:\WINDOWS\System32\pclt32.exe
Unknown running process. (pclt32.exe)
This is a unknown process.
C:\WINDOWS\System32\ctfmon.exe
Safe. running process. (ctfmon.exe)
C:\Program Files\Messenger\msmsgs.exe
Safe. running process. (msmsgs.exe)
MSN Messenger
C:\Program Files\WinZip\WZQKPICK.EXE
Safe. running process. (WZQKPICK.EXE)
C:\Program Files\Zone Labs\ZoneAlarm\zapro.exe
Safe. running process. (zapro.exe)
C:\Program Files\Netropa\Multimedia Keyboard\TrayMon.exe
Safe. running process. (TrayMon.exe)
C:\Program Files\Netropa\Onscreen Display\OSD.exe
Safe. running process. (OSD.exe)
C:\Program Files\Symantec\LiveUpdate\ALUNOTIFY.EXE
Unknown running process. (ALUNOTIFY.EXE)
Notification reminder for Symantecs LiveUpdate. Leave enabled unless you manually run LiveUpdate on a regular basis
This is a unknown process.
C:\Program Files\Gadu–Gadu\gg.exe
Safe. running process. (gg.exe)
Polish language Instant Messaging client
Not dangerous, but unnecessary.
C:\WINDOWS\System32\rundll32.exe
Safe. running process. (rundll32.exe)
RUNDLL32 is the Microsoft Windows program that loads DLLs into memory so that they can be used by specific programs or by Windows.
C:\Program Files\Internet Explorer\IEXPLORE.EXE
Safe. running process. (IEXPLORE.EXE)
Internet Explorer – Wir empfehlen einen sichereren alternativen Browser zu verwenden. (z.B. Firefox)
D:\_mariusz_\moje dok\rozne\HijackThis.exe
Safe. running process. (HijackThis.exe)
Tool, mit dem sie dieses Logfile erzeugt haben.
Remember that Hijackthis must be run in an own folder. Only if Hijackthis run in an own folder it will create backups!
R0 – HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pl/
Safe. This page has been identified as safe.
R0 – HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
Safe.
O2 – BHO: AcroIEHlprObj Class – {06849E9F–C8D7–4D59–B87D–784B7D6BE0B3} – C:\Program Files\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll
Safe. Entries found in this registry zone are potentially nasty. This application ([06849E9F–C8D7–4D59–B87D–784B7D6BE0B3] – Result: 06849E9F–C8D7–4D59–B87D–784B7D6BE0B3) has been checked. Hit rate: 99 %
O2 – BHO: Internet Explorer Web Content Guard – {1B77D30A–81C9–497A–8647–142F7511B1FB} – C:\Documents and Settings\Kasia\wtrwxcd4.dll
Nasty Entries found in this registry zone are potentially nasty. This application ([1B77D30A–81C9–497A–8647–142F7511B1FB] – Result: 1B77D30A–81C9–497A–8647–142F7511B1FB) has been checked. Hit rate: 99 %
Must be fixed!
O2 – BHO: CNavExtBho Class – {BDF3E430–B101–42AD–A544–FADC6B084872} – C:\Program Files\Norton AntiVirus\NavShExt.dll
Safe. Entries found in this registry zone are potentially nasty. This application ([BDF3E430–B101–42AD–A544–FADC6B084872] – Result: BDF3E430–B101–42AD–A544–FADC6B084872) has been checked. Hit rate: 99 %
O3 – Toolbar: Norton AntiVirus – {42CDD1BF–3FFB–4238–8AD1–7859DF00B1D6} – C:\Program Files\Norton AntiVirus\NavShExt.dll
Safe. Entries found in this registry zone are potentially nasty. This application ([42CDD1BF–3FFB–4238–8AD1–7859DF00B1D6] – Result: 42CDD1BF–3FFB–4238–8AD1–7859DF00B1D6) has been checked. If the name is made up of random letters, found in the folder 'Application Data' and the kind is 'Unknown' , it should be fixed. Hit rate: 99 %
O3 – Toolbar: &Radio – {8E718888–423F–11D2–876E–00A0C9082467} – C:\WINDOWS\System32\msdxm.ocx
Safe. Entries found in this registry zone are potentially nasty. This application ([8E718888–423F–11D2–876E–00A0C9082467] – Result: 8E718888–423F–11D2–876E–00A0C9082467) has been checked. If the name is made up of random letters, found in the folder 'Application Data' and the kind is 'Unknown' , it should be fixed. Hit rate: 99 %
O4 – HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
Safe. This entry was classified from our visitors as good.
Click on the stars and look at the comments from our visitors, to see, why the entry was classified in such a way.
O4 – HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
Safe. Part of NVidia
Hit rate: 99 % (result)
O4 – HKLM\..\Run: [nwiz] nwiz.exe /install
Safe. Application that allows a users to have 32 virtual desktops, get a desktop larger than the viewable area of the monitor, divide the display across more than one monitor, manage applications, and many more features.
Hit rate: 99 % (result)
O4 – HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
Safe. Part of Norton AntiVirus 2003. Auto–protect and E–mail check will not function without this
Hit rate: 99 % (result)
O4 – HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
Safe. Part of Norton AntiVirus 2003. "ccRegVfy.exe is responsible for checking the integrity of the NAV registry entries to make sure that the information has not been changed by a malicious threat or a hack"
Hit rate: 92 % (result)
O4 – HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE
Safe. Checks when you install a new version of a Norton product that you have uninstalled all previous versions. Serves as a reminder if you forget
Hit rate: 89 % (result)
Not dangerous, but unnecessary.
O4 – HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
Safe. Part of Symantec's LiveUpate (eg, Norton). Not required if you run manual upadates but probably requireD if you leave them to run automatically – hence the "U" recommendation
Hit rate: 99 % (result)
O4 – HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
Safe. Associated with "Nero Burning Rom" CD writing software. Checks for driver issues
Hit rate: 99 % (result)
O4 – HKLM\..\Run: [DemonStarter] C:\Program Files\PWN\Definicje\Bin\Starter.exe
Unknown
Hit rate: 17 % (result)
Unknown application.
O4 – HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
Safe. Loads the System Tray icon for the WinAmp media player. Can be used to mantain file associations so programs like QuickTime and RealPlayer don t take over as default player for various media types. Available via Start –> Programs
Hit rate: 71 % (result)
O4 – HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
Safe. Part of NVidia
Hit rate: 99 % (result)
O4 – HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
Safe. Java von Sun
Hit rate: 99 % (result)
O4 – HKLM\..\Run: [MULTIMEDIA KEYBOARD] C:\Program Files\Netropa\Multimedia Keyboard\MMKeybd.exe
Safe. Multimedia keyboard manager. Required if you use the additional keys. Can also be listed as Keyboard Manager
Hit rate: 82 % (result)
O4 – HKLM\..\Run: [Microsoft Update] pclt32.exe
Unknown
Hit rate: 9 % (result)
Unknown application.
O4 – HKLM\..\RunServices: [Microsoft Update] pclt32.exe
Unknown
Hit rate: 9 % (result)
Unknown application.
O4 – HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
Safe. CTFMon is involved with the language/alternative input services in Office XP. CTFMON.exe will continue to put itself back into MSConfig when you run the Office XP apps as long as the Text Services and Speech applets in the Control Panel are enabled. Not required if you don\'t need these features. For more info on ctfmon see here. CTFMON can be disabled from Control Panel, Text & Speech Services
Hit rate: 54 % (result)
O4 – HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
Safe. Windows Messenger utility. If you don\'t use Windows Messenger, this can be annoying. Available via Start –> Programs. Go to Windows Messenger > Tools > Options > Preferences and uncheck "Run this program when Windows starts"
Hit rate: 99 % (result)
O4 – HKCU\..\Run: [Gadu–Gadu] "C:\Program Files\Gadu–Gadu\gg.exe" /tray
Safe. Polish language Instant Messaging client
Hit rate: 99 % (result)
Not dangerous, but unnecessary.
O4 – HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
Safe. "Skype is free and simple software that will enable you to make free calls anywhere in the world in minutes"
Hit rate: 99 % (result)
Not dangerous, but unnecessary.
O4 – HKCU\..\Run: [Microsoft Update] pclt32.exe
Unknown
Hit rate: 9 % (result)
Unknown application.
O4 – Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
Safe.
Hit rate: 93 % (result)
O4 – Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
Safe. Added with WinZip version 8.1. "The new WinZip Quick Pick taskbar tray icon gives you instant access to WinZip and your Zip files. Just left click the icon to open WinZip, or right click it to instantly reopen recently used Zip files, access your Favorite Zip Folders, open WinZip Help, or start WinZip itself.". You can right–click and close it – choosing to not re–load it at start–up
Hit rate: 93 % (result)
Not dangerous, but unnecessary.
O4 – Global Startup: ZoneAlarm Pro.lnk = C:\Program Files\Zone Labs\ZoneAlarm\zapro.exe
Safe. Firewall program from Zonelabs – paid for version
Hit rate: 86 % (result)
O9 – Extra button: (no name) – {08B0E5C0–4FCB–11CF–AAA5–00401C608501} – C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
Safe. The entry has been identified as safe.
If the entry '' is not needed anymore, it should be fixed.
O9 – Extra 'Tools' menuitem: Sun Java Console – {08B0E5C0–4FCB–11CF–AAA5–00401C608501} – C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
Safe. The entry Sun Java Console has been identified as safe.
If the entry 'Sun Java Console ' is not needed anymore, it should be fixed.
O9 – Extra button: Tłumacz na angielski – {CCCE5D70–9AA2–40F1–9C6B–12A255F08500} – C:\Program Files\poleng\translatica\bin\win\int\browser\iepolengextension.dll (HKCU)
Possibly nasty Unknown buttons or entries in the 'Extras'–menu should be fixed.
To be fixed if the entry 'Tłumacz na angielski ' is unknown.
O9 – Extra 'Tools' menuitem: Tłumacz na angielski – {CCCE5D70–9AA2–40F1–9C6B–12A255F08500} – C:\Program Files\poleng\translatica\bin\win\int\browser\iepolengextension.dll (HKCU)
Possibly nasty Unknown buttons or entries in the 'Extras'–menu should be fixed.
To be fixed if the entry 'Tłumacz na angielski ' is unknown.
O9 – Extra button: Tłumacz na polski – {CCCE5D71–9AA2–40F1–9C6B–12A255F08500} – C:\Program Files\poleng\translatica\bin\win\int\browser\iepolengextension.dll (HKCU)
Possibly nasty Unknown buttons or entries in the 'Extras'–menu should be fixed.
To be fixed if the entry 'Tłumacz na polski ' is unknown.
O9 – Extra 'Tools' menuitem: Tłumacz na polski – {CCCE5D71–9AA2–40F1–9C6B–12A255F08500} – C:\Program Files\poleng\translatica\bin\win\int\browser\iepolengextension.dll (HKCU)
Possibly nasty Unknown buttons or entries in the 'Extras'–menu should be fixed.
To be fixed if the entry 'Tłumacz na polski ' is unknown.
O9 – Extra button: Zachowaj przetłumaczoną stronę – {CCCE5D72–9AA2–40F1–9C6B–12A255F08500} – C:\Program Files\poleng\translatica\bin\win\int\browser\iepolengextension.dll (HKCU)
Possibly nasty Unknown buttons or entries in the 'Extras'–menu should be fixed.
To be fixed if the entry 'Zachowaj przetłumaczoną stronę ' is unknown.
O9 – Extra 'Tools' menuitem: Zachowaj przetłumaczoną stronę – {CCCE5D72–9AA2–40F1–9C6B–12A255F08500} – C:\Program Files\poleng\translatica\bin\win\int\browser\iepolengextension.dll (HKCU)
Possibly nasty Unknown buttons or entries in the 'Extras'–menu should be fixed.
To be fixed if the entry 'Zachowaj przetłumaczoną stronę ' is unknown.
O16 – DPF: {01010E00–5E80–11D8–9E86–0007E96C65AE} (SupportSoft SmartIssue) – http://www.symantec.com/techsupp/asa/ctrl/tgctlsi.cab
Safe. This entry has been identified as safe.
O16 – DPF: {01012101–5E80–11D8–9E86–0007E96C65AE} (SupportSoft Script Runner Class) – http://www.symantec.com/techsupp/asa/ctrl/tgctlsr.cab
Safe. This entry has been identified as safe.
O16 – DPF: {11111111–1111–1111–1111–222222222222} – ms–its:mhtml:file://C:\nosuch.mht!http://62.111.159.90/sc12/x.chm::/open.exe
Nasty This entry is possibly nasty.
Should be fixed.
O16 – DPF: {1F2F4C9E–6F09–47BC–970D–3C54734667FE} (LSSupCtl Class) – http://www.symantec.com/techsupp/asa/ctrl/LSSupCtl.cab
Safe. This entry has been identified as safe.
O16 – DPF: {CE28D5D2–60CF–4C7D–9FE8–0F47A3308078} (ActiveDataInfo Class) – http://www.symantec.com/techsupp/asa/ctrl/SymAData.cab
Safe. This entry has been identified as safe.
O17 – HKLM\System\CCS\Services\Tcpip\..\{BCA95861–F149–4A29–8A40–089B35FCD992}: NameServer = 217.30.129.149,217.30.137.200
Possibly nasty If this Domain does not belong to your ISP, or your firms network, these entries should be fixed. 'SearchList' entries should be fixed too.
Do you know the IP or Domain '217.30.129.149,217.30.137.200'? If not, fix this entry.
O23 – Service: Symantec Event Manager (ccEvtMgr) – Symantec Corporation – C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
Safe. These entries shows all services which are not from Microsoft. Often malware is starting as a systemservice and it's not easy to detect it.
This service (ccEvtMgr.exe) was identified as a good one.
O23 – Service: Symantec Password Validation Service (ccPwdSvc) – Symantec Corporation – C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
Safe. These entries shows all services which are not from Microsoft. Often malware is starting as a systemservice and it's not easy to detect it.
This service (ccPwdSvc.exe) was identified as a good one.
O23 – Service: Norton AntiVirus Auto Protect Service (navapsvc) – Symantec Corporation – C:\Program Files\Norton AntiVirus\navapsvc.exe
Safe. These entries shows all services which are not from Microsoft. Often malware is starting as a systemservice and it's not easy to detect it.
This service (navapsvc.exe) was identified as a good one.
O23 – Service: Netropa NHK Server (nhksrv) – Unknown owner – C:\Program Files\Netropa\Multimedia Keyboard\nhksrv.exe
Safe. These entries shows all services which are not from Microsoft. Often malware is starting as a systemservice and it's not easy to detect it.
This service (nhksrv.exe) was identified as a good one.
O23 – Service: Norton Unerase Protection (NProtectService) – Symantec Corporation – C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
Safe. These entries shows all services which are not from Microsoft. Often malware is starting as a systemservice and it's not easy to detect it.
This service (NPROTECT.EXE) was identified as a good one.
O23 – Service: NVIDIA Display Driver Service (NVSvc) – NVIDIA Corporation – C:\WINDOWS\System32\nvsvc32.exe
Safe. These entries shows all services which are not from Microsoft. Often malware is starting as a systemservice and it's not easy to detect it.
This service (nvsvc32.exe) was identified as a good one.
O23 – Service: ScriptBlocking Service (SBService) – Symantec Corporation – C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
Safe. These entries shows all services which are not from Microsoft. Often malware is starting as a systemservice and it's not easy to detect it.
This service (SBServ.exe) was identified as a good one.
O23 – Service: Symantec Network Drivers Service (SNDSrvc) – Symantec Corporation – C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
Safe. These entries shows all services which are not from Microsoft. Often malware is starting as a systemservice and it's not easy to detect it.
This service (SNDSrvc.exe) was identified as a good one.
O23 – Service: TrueVector Internet Monitor (vsmon) – Zone Labs Inc. – C:\WINDOWS\system32\ZoneLabs\vsmon.exe
Safe. These entries shows all services which are not from Microsoft. Often malware is starting as a systemservice and it's not easy to detect it.
This service (vsmon.exe) was identified as a good one.
wrzucilem swojego loga do programu wczesniej wymienonego i otrzymalem wyzej wymienione to:)
co mam zrobic dalej??
Safe. Shows the version of HijackThis an. The newest version is: v1.99.1!
This should be the newest version. (v1.99.1)
Platform: Windows XP Dodatek SP. 1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Possibly out of date Shows the version of your Internet Explorer. Newest Version is: 6.00.2900.2180!
The version (6.00.2800.1106) is out of date. Check Windowsupdate to update the Internet Explorer.
C:\WINDOWS\System32\smss.exe
Safe. This entry was classified from our visitors as good.
Click on the stars and look at the comments from our visitors, to see, why the entry was classified in such a way.
C:\WINDOWS\system32\winlogon.exe
Safe. This entry was classified from our visitors as good.
Click on the stars and look at the comments from our visitors, to see, why the entry was classified in such a way.
C:\WINDOWS\system32\services.exe
Safe. running process. (services.exe)
Systemprozess – Verwaltet die Systemdienste.
C:\WINDOWS\system32\lsass.exe
Safe. running process. (lsass.exe)
Systemprozess
C:\WINDOWS\system32\svchost.exe
Safe. running process. (svchost.exe)
Systemprozess – Allgemeiner Hostprozessname fr Dienste.
C:\WINDOWS\System32\svchost.exe
Safe. running process. (svchost.exe)
Systemprozess – Allgemeiner Hostprozessname fr Dienste.
C:\WINDOWS\Explorer.EXE
Safe. This entry was classified from our visitors as good.
Click on the stars and look at the comments from our visitors, to see, why the entry was classified in such a way.
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
Safe. running process. (ccEvtMgr.exe)
Event logging application
C:\WINDOWS\system32\spoolsv.exe
Safe. This entry was classified from our visitors as good.
Click on the stars and look at the comments from our visitors, to see, why the entry was classified in such a way.
C:\Program Files\Netropa\Multimedia Keyboard\nhksrv.exe
Safe. running process. (nhksrv.exe)
C:\Program Files\Norton AntiVirus\navapsvc.exe
Safe. running process. (navapsvc.exe)
Norton AntiVirus application that provides auto–protection of the system.
C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
Safe. running process. (NPROTECT.EXE)
Norton Software
C:\WINDOWS\System32\nvsvc32.exe
Safe. running process. (nvsvc32.exe)
NVIDIA graphics card driver
Not dangerous, but unnecessary.
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
Safe. This entry was classified from our visitors as good.
Click on the stars and look at the comments from our visitors, to see, why the entry was classified in such a way.
C:\WINDOWS\SOUNDMAN.EXE
Safe. running process. (SOUNDMAN.EXE)
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
Safe. running process. (ccApp.exe)
Part of Norton AntiVirus
C:\Program Files\PWN\Definicje\Bin\Starter.exe
Safe. running process. (Starter.exe)
Possibly nasty! According to our database this process runs normally in c:\windows\! Check if you know this process and arrange a viruscheck where required.
C:\Program Files\Winamp\winampa.exe
Safe. running process. (winampa.exe)
C:\WINDOWS\System32\RUNDLL32.EXE
Safe. running process. (RUNDLL32.EXE)
RUNDLL32 is the Microsoft Windows program that loads DLLs into memory so that they can be used by specific programs or by Windows.
C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
Safe. running process. (jusched.exe)
Java Runtime
C:\Program Files\Netropa\Multimedia Keyboard\MMKeybd.exe
Safe. running process. (MMKeybd.exe)
C:\WINDOWS\System32\pclt32.exe
Unknown running process. (pclt32.exe)
This is a unknown process.
C:\WINDOWS\System32\ctfmon.exe
Safe. running process. (ctfmon.exe)
C:\Program Files\Messenger\msmsgs.exe
Safe. running process. (msmsgs.exe)
MSN Messenger
C:\Program Files\WinZip\WZQKPICK.EXE
Safe. running process. (WZQKPICK.EXE)
C:\Program Files\Zone Labs\ZoneAlarm\zapro.exe
Safe. running process. (zapro.exe)
C:\Program Files\Netropa\Multimedia Keyboard\TrayMon.exe
Safe. running process. (TrayMon.exe)
C:\Program Files\Netropa\Onscreen Display\OSD.exe
Safe. running process. (OSD.exe)
C:\Program Files\Symantec\LiveUpdate\ALUNOTIFY.EXE
Unknown running process. (ALUNOTIFY.EXE)
Notification reminder for Symantecs LiveUpdate. Leave enabled unless you manually run LiveUpdate on a regular basis
This is a unknown process.
C:\Program Files\Gadu–Gadu\gg.exe
Safe. running process. (gg.exe)
Polish language Instant Messaging client
Not dangerous, but unnecessary.
C:\WINDOWS\System32\rundll32.exe
Safe. running process. (rundll32.exe)
RUNDLL32 is the Microsoft Windows program that loads DLLs into memory so that they can be used by specific programs or by Windows.
C:\Program Files\Internet Explorer\IEXPLORE.EXE
Safe. running process. (IEXPLORE.EXE)
Internet Explorer – Wir empfehlen einen sichereren alternativen Browser zu verwenden. (z.B. Firefox)
D:\_mariusz_\moje dok\rozne\HijackThis.exe
Safe. running process. (HijackThis.exe)
Tool, mit dem sie dieses Logfile erzeugt haben.
Remember that Hijackthis must be run in an own folder. Only if Hijackthis run in an own folder it will create backups!
R0 – HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pl/
Safe. This page has been identified as safe.
R0 – HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
Safe.
O2 – BHO: AcroIEHlprObj Class – {06849E9F–C8D7–4D59–B87D–784B7D6BE0B3} – C:\Program Files\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll
Safe. Entries found in this registry zone are potentially nasty. This application ([06849E9F–C8D7–4D59–B87D–784B7D6BE0B3] – Result: 06849E9F–C8D7–4D59–B87D–784B7D6BE0B3) has been checked. Hit rate: 99 %
O2 – BHO: Internet Explorer Web Content Guard – {1B77D30A–81C9–497A–8647–142F7511B1FB} – C:\Documents and Settings\Kasia\wtrwxcd4.dll
Nasty Entries found in this registry zone are potentially nasty. This application ([1B77D30A–81C9–497A–8647–142F7511B1FB] – Result: 1B77D30A–81C9–497A–8647–142F7511B1FB) has been checked. Hit rate: 99 %
Must be fixed!
O2 – BHO: CNavExtBho Class – {BDF3E430–B101–42AD–A544–FADC6B084872} – C:\Program Files\Norton AntiVirus\NavShExt.dll
Safe. Entries found in this registry zone are potentially nasty. This application ([BDF3E430–B101–42AD–A544–FADC6B084872] – Result: BDF3E430–B101–42AD–A544–FADC6B084872) has been checked. Hit rate: 99 %
O3 – Toolbar: Norton AntiVirus – {42CDD1BF–3FFB–4238–8AD1–7859DF00B1D6} – C:\Program Files\Norton AntiVirus\NavShExt.dll
Safe. Entries found in this registry zone are potentially nasty. This application ([42CDD1BF–3FFB–4238–8AD1–7859DF00B1D6] – Result: 42CDD1BF–3FFB–4238–8AD1–7859DF00B1D6) has been checked. If the name is made up of random letters, found in the folder 'Application Data' and the kind is 'Unknown' , it should be fixed. Hit rate: 99 %
O3 – Toolbar: &Radio – {8E718888–423F–11D2–876E–00A0C9082467} – C:\WINDOWS\System32\msdxm.ocx
Safe. Entries found in this registry zone are potentially nasty. This application ([8E718888–423F–11D2–876E–00A0C9082467] – Result: 8E718888–423F–11D2–876E–00A0C9082467) has been checked. If the name is made up of random letters, found in the folder 'Application Data' and the kind is 'Unknown' , it should be fixed. Hit rate: 99 %
O4 – HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
Safe. This entry was classified from our visitors as good.
Click on the stars and look at the comments from our visitors, to see, why the entry was classified in such a way.
O4 – HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
Safe. Part of NVidia
Hit rate: 99 % (result)
O4 – HKLM\..\Run: [nwiz] nwiz.exe /install
Safe. Application that allows a users to have 32 virtual desktops, get a desktop larger than the viewable area of the monitor, divide the display across more than one monitor, manage applications, and many more features.
Hit rate: 99 % (result)
O4 – HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
Safe. Part of Norton AntiVirus 2003. Auto–protect and E–mail check will not function without this
Hit rate: 99 % (result)
O4 – HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
Safe. Part of Norton AntiVirus 2003. "ccRegVfy.exe is responsible for checking the integrity of the NAV registry entries to make sure that the information has not been changed by a malicious threat or a hack"
Hit rate: 92 % (result)
O4 – HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE
Safe. Checks when you install a new version of a Norton product that you have uninstalled all previous versions. Serves as a reminder if you forget
Hit rate: 89 % (result)
Not dangerous, but unnecessary.
O4 – HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
Safe. Part of Symantec's LiveUpate (eg, Norton). Not required if you run manual upadates but probably requireD if you leave them to run automatically – hence the "U" recommendation
Hit rate: 99 % (result)
O4 – HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
Safe. Associated with "Nero Burning Rom" CD writing software. Checks for driver issues
Hit rate: 99 % (result)
O4 – HKLM\..\Run: [DemonStarter] C:\Program Files\PWN\Definicje\Bin\Starter.exe
Unknown
Hit rate: 17 % (result)
Unknown application.
O4 – HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
Safe. Loads the System Tray icon for the WinAmp media player. Can be used to mantain file associations so programs like QuickTime and RealPlayer don t take over as default player for various media types. Available via Start –> Programs
Hit rate: 71 % (result)
O4 – HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
Safe. Part of NVidia
Hit rate: 99 % (result)
O4 – HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
Safe. Java von Sun
Hit rate: 99 % (result)
O4 – HKLM\..\Run: [MULTIMEDIA KEYBOARD] C:\Program Files\Netropa\Multimedia Keyboard\MMKeybd.exe
Safe. Multimedia keyboard manager. Required if you use the additional keys. Can also be listed as Keyboard Manager
Hit rate: 82 % (result)
O4 – HKLM\..\Run: [Microsoft Update] pclt32.exe
Unknown
Hit rate: 9 % (result)
Unknown application.
O4 – HKLM\..\RunServices: [Microsoft Update] pclt32.exe
Unknown
Hit rate: 9 % (result)
Unknown application.
O4 – HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
Safe. CTFMon is involved with the language/alternative input services in Office XP. CTFMON.exe will continue to put itself back into MSConfig when you run the Office XP apps as long as the Text Services and Speech applets in the Control Panel are enabled. Not required if you don\'t need these features. For more info on ctfmon see here. CTFMON can be disabled from Control Panel, Text & Speech Services
Hit rate: 54 % (result)
O4 – HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
Safe. Windows Messenger utility. If you don\'t use Windows Messenger, this can be annoying. Available via Start –> Programs. Go to Windows Messenger > Tools > Options > Preferences and uncheck "Run this program when Windows starts"
Hit rate: 99 % (result)
O4 – HKCU\..\Run: [Gadu–Gadu] "C:\Program Files\Gadu–Gadu\gg.exe" /tray
Safe. Polish language Instant Messaging client
Hit rate: 99 % (result)
Not dangerous, but unnecessary.
O4 – HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
Safe. "Skype is free and simple software that will enable you to make free calls anywhere in the world in minutes"
Hit rate: 99 % (result)
Not dangerous, but unnecessary.
O4 – HKCU\..\Run: [Microsoft Update] pclt32.exe
Unknown
Hit rate: 9 % (result)
Unknown application.
O4 – Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
Safe.
Hit rate: 93 % (result)
O4 – Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
Safe. Added with WinZip version 8.1. "The new WinZip Quick Pick taskbar tray icon gives you instant access to WinZip and your Zip files. Just left click the icon to open WinZip, or right click it to instantly reopen recently used Zip files, access your Favorite Zip Folders, open WinZip Help, or start WinZip itself.". You can right–click and close it – choosing to not re–load it at start–up
Hit rate: 93 % (result)
Not dangerous, but unnecessary.
O4 – Global Startup: ZoneAlarm Pro.lnk = C:\Program Files\Zone Labs\ZoneAlarm\zapro.exe
Safe. Firewall program from Zonelabs – paid for version
Hit rate: 86 % (result)
O9 – Extra button: (no name) – {08B0E5C0–4FCB–11CF–AAA5–00401C608501} – C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
Safe. The entry has been identified as safe.
If the entry '' is not needed anymore, it should be fixed.
O9 – Extra 'Tools' menuitem: Sun Java Console – {08B0E5C0–4FCB–11CF–AAA5–00401C608501} – C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
Safe. The entry Sun Java Console has been identified as safe.
If the entry 'Sun Java Console ' is not needed anymore, it should be fixed.
O9 – Extra button: Tłumacz na angielski – {CCCE5D70–9AA2–40F1–9C6B–12A255F08500} – C:\Program Files\poleng\translatica\bin\win\int\browser\iepolengextension.dll (HKCU)
Possibly nasty Unknown buttons or entries in the 'Extras'–menu should be fixed.
To be fixed if the entry 'Tłumacz na angielski ' is unknown.
O9 – Extra 'Tools' menuitem: Tłumacz na angielski – {CCCE5D70–9AA2–40F1–9C6B–12A255F08500} – C:\Program Files\poleng\translatica\bin\win\int\browser\iepolengextension.dll (HKCU)
Possibly nasty Unknown buttons or entries in the 'Extras'–menu should be fixed.
To be fixed if the entry 'Tłumacz na angielski ' is unknown.
O9 – Extra button: Tłumacz na polski – {CCCE5D71–9AA2–40F1–9C6B–12A255F08500} – C:\Program Files\poleng\translatica\bin\win\int\browser\iepolengextension.dll (HKCU)
Possibly nasty Unknown buttons or entries in the 'Extras'–menu should be fixed.
To be fixed if the entry 'Tłumacz na polski ' is unknown.
O9 – Extra 'Tools' menuitem: Tłumacz na polski – {CCCE5D71–9AA2–40F1–9C6B–12A255F08500} – C:\Program Files\poleng\translatica\bin\win\int\browser\iepolengextension.dll (HKCU)
Possibly nasty Unknown buttons or entries in the 'Extras'–menu should be fixed.
To be fixed if the entry 'Tłumacz na polski ' is unknown.
O9 – Extra button: Zachowaj przetłumaczoną stronę – {CCCE5D72–9AA2–40F1–9C6B–12A255F08500} – C:\Program Files\poleng\translatica\bin\win\int\browser\iepolengextension.dll (HKCU)
Possibly nasty Unknown buttons or entries in the 'Extras'–menu should be fixed.
To be fixed if the entry 'Zachowaj przetłumaczoną stronę ' is unknown.
O9 – Extra 'Tools' menuitem: Zachowaj przetłumaczoną stronę – {CCCE5D72–9AA2–40F1–9C6B–12A255F08500} – C:\Program Files\poleng\translatica\bin\win\int\browser\iepolengextension.dll (HKCU)
Possibly nasty Unknown buttons or entries in the 'Extras'–menu should be fixed.
To be fixed if the entry 'Zachowaj przetłumaczoną stronę ' is unknown.
O16 – DPF: {01010E00–5E80–11D8–9E86–0007E96C65AE} (SupportSoft SmartIssue) – http://www.symantec.com/techsupp/asa/ctrl/tgctlsi.cab
Safe. This entry has been identified as safe.
O16 – DPF: {01012101–5E80–11D8–9E86–0007E96C65AE} (SupportSoft Script Runner Class) – http://www.symantec.com/techsupp/asa/ctrl/tgctlsr.cab
Safe. This entry has been identified as safe.
O16 – DPF: {11111111–1111–1111–1111–222222222222} – ms–its:mhtml:file://C:\nosuch.mht!http://62.111.159.90/sc12/x.chm::/open.exe
Nasty This entry is possibly nasty.
Should be fixed.
O16 – DPF: {1F2F4C9E–6F09–47BC–970D–3C54734667FE} (LSSupCtl Class) – http://www.symantec.com/techsupp/asa/ctrl/LSSupCtl.cab
Safe. This entry has been identified as safe.
O16 – DPF: {CE28D5D2–60CF–4C7D–9FE8–0F47A3308078} (ActiveDataInfo Class) – http://www.symantec.com/techsupp/asa/ctrl/SymAData.cab
Safe. This entry has been identified as safe.
O17 – HKLM\System\CCS\Services\Tcpip\..\{BCA95861–F149–4A29–8A40–089B35FCD992}: NameServer = 217.30.129.149,217.30.137.200
Possibly nasty If this Domain does not belong to your ISP, or your firms network, these entries should be fixed. 'SearchList' entries should be fixed too.
Do you know the IP or Domain '217.30.129.149,217.30.137.200'? If not, fix this entry.
O23 – Service: Symantec Event Manager (ccEvtMgr) – Symantec Corporation – C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
Safe. These entries shows all services which are not from Microsoft. Often malware is starting as a systemservice and it's not easy to detect it.
This service (ccEvtMgr.exe) was identified as a good one.
O23 – Service: Symantec Password Validation Service (ccPwdSvc) – Symantec Corporation – C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
Safe. These entries shows all services which are not from Microsoft. Often malware is starting as a systemservice and it's not easy to detect it.
This service (ccPwdSvc.exe) was identified as a good one.
O23 – Service: Norton AntiVirus Auto Protect Service (navapsvc) – Symantec Corporation – C:\Program Files\Norton AntiVirus\navapsvc.exe
Safe. These entries shows all services which are not from Microsoft. Often malware is starting as a systemservice and it's not easy to detect it.
This service (navapsvc.exe) was identified as a good one.
O23 – Service: Netropa NHK Server (nhksrv) – Unknown owner – C:\Program Files\Netropa\Multimedia Keyboard\nhksrv.exe
Safe. These entries shows all services which are not from Microsoft. Often malware is starting as a systemservice and it's not easy to detect it.
This service (nhksrv.exe) was identified as a good one.
O23 – Service: Norton Unerase Protection (NProtectService) – Symantec Corporation – C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
Safe. These entries shows all services which are not from Microsoft. Often malware is starting as a systemservice and it's not easy to detect it.
This service (NPROTECT.EXE) was identified as a good one.
O23 – Service: NVIDIA Display Driver Service (NVSvc) – NVIDIA Corporation – C:\WINDOWS\System32\nvsvc32.exe
Safe. These entries shows all services which are not from Microsoft. Often malware is starting as a systemservice and it's not easy to detect it.
This service (nvsvc32.exe) was identified as a good one.
O23 – Service: ScriptBlocking Service (SBService) – Symantec Corporation – C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
Safe. These entries shows all services which are not from Microsoft. Often malware is starting as a systemservice and it's not easy to detect it.
This service (SBServ.exe) was identified as a good one.
O23 – Service: Symantec Network Drivers Service (SNDSrvc) – Symantec Corporation – C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
Safe. These entries shows all services which are not from Microsoft. Often malware is starting as a systemservice and it's not easy to detect it.
This service (SNDSrvc.exe) was identified as a good one.
O23 – Service: TrueVector Internet Monitor (vsmon) – Zone Labs Inc. – C:\WINDOWS\system32\ZoneLabs\vsmon.exe
Safe. These entries shows all services which are not from Microsoft. Often malware is starting as a systemservice and it's not easy to detect it.
This service (vsmon.exe) was identified as a good one.
wrzucilem swojego loga do programu wczesniej wymienonego i otrzymalem wyzej wymienione to:)
co mam zrobic dalej??
Odpowiedzi: 2
dzieki dziala
Po co przeklejasz wyniki z analizatora? Nie potrafisz z tego wyciągnąc wniosków samodzielnie?
Do usuniecia:
Przed usuwanie zamknij proces w tasku i wyłacz przywracanie.
Do usuniecia:
O2 – BHO: Internet Explorer Web Content Guard – {1B77D30A–81C9–497A–8647–142F7511B1FB} – C:\Documents and Settings\Kasia\wtrwxcd4.dll
O4 – HKLM\..\Run: [Microsoft Update] pclt32.exe
O4 – HKLM\..\RunServices: [Microsoft Update] pclt32.exe
O4 – HKCU\..\Run: [Microsoft Update] pclt32.exe
O16 – DPF: {11111111–1111–1111–1111–222222222222} – ms–its:mhtml:file://C:\nosuch.mht!http://62.111.159.90/sc12/x.chm::/open.exe
Przed usuwanie zamknij proces w tasku i wyłacz przywracanie.
Strona 1 / 1