HijackThis Logfileauswertung


	HijackThis.de Security	Direct download To the authors homepage
		Direct download To the authors homepage

HijackThis log file analysis

HijackThis opens you a possibility to find and fix nasty entries on your computer easier.
Therefore it will scan special parts in the registry and on your harddisk and compare them with the default settings. If there is some abnormality detected on your computer HijackThis will save them into a logfile. In order to find out what entries are nasty and what are installed by the user, you need some background information.
A logfile is not so easy to analyze. Even for an advanced computer user. With the help of this automatic analyzer you are able to get some additional support. Just paste your complete logfile into the textbox at the bottom of this page.
Due to a few misunderstandings, I just want to make it clear that this site provides only an online analysis, and not HijackThis the program.

Service & Support
HijackThis.de Supportforum	Deutsch \| English
Forospyware.com (Spanish)	www.forospyware.com
Computerhilfen	www.computerhilfen.com

Current information

Unfortunately our services are currently affected by some major technical problems. However, they are causing a negative effect on our support board only, and not on the analyser.
Because of that the HijackThis.de Support Board is closed at the moment, but we are unable to provide you with an exact date at which the problems will be solved now. Of course, we will inform you at this position as soon as more information can be provided.

The whole team of HijackThis.de apologies for any inconveniences caused by those problems.

Log file
You can paste a logfile in this textbox or you can choose a logfile from your computer
Show the visitors ratings

Help us to keep this free service online! Please give us a small donation via PayPal.
	A newer version of service pack is available. Service packs increase the safety of your system. Visit Microsoft's windowsupdate site to download the newest version of the service pack.
	It seems that you don't use an anti-virus scanner or your scanner is not active. Only an anti-virus scanner can protect you against new viruses. You can look here for a good anti-virus scanner.
	We didn't detect any active process of a firewall on your system. Reasons maybe: (1.) You are using the windows firewall or a hardware firewall. (2.) You are using a firewall of an unknown vendor. (3.) You are using a firewall, but for unknown reasons it is disabled (4.) You don't use any firewall at all. We recommend you to use a firewall. Download and install one or activate windows xp´s own one. In case you got questions or you want us to add the firewall you use to our database, contact us at our forum.
Actions	Entry	Kind	Visitor's assessment	Information
	Logfile of HijackThis v1.99.1			This should be the newest version.
	Platform: Windows XP Dodatek SP3 (WinNT 5.01.2600)
	MSIE: Internet Explorer v7.00 (7.00.6000.20627)			This should be the newest version.
	C:\WINDOWS\System32\smss.exe		Very safe	This entry was classified from our visitors as good.
	C:\WINDOWS\system32\winlogon.exe		Very safe	This entry was classified from our visitors as good.
	C:\WINDOWS\system32\services.exe		Safe	This entry was classified from our visitors as good.
	C:\WINDOWS\system32\lsass.exe		Very safe	This entry was classified from our visitors as good.
	C:\WINDOWS\system32\nvsvc32.exe		Very safe	Not dangerous, but unnecessary. This entry was classified from our visitors as good.
	C:\WINDOWS\system32\svchost.exe		Safe	This entry was classified from our visitors as good.
	C:\WINDOWS\System32\svchost.exe		Very safe	This entry was classified from our visitors as good.
	C:\WINDOWS\system32\svchost.exe		Safe	This entry was classified from our visitors as good.
	C:\WINDOWS\system32\spoolsv.exe		Safe	This entry was classified from our visitors as good.
	C:\WINDOWS\system32\servises.exe			Nasty (2.75 / 5.00)
	C:\WINDOWS\System32\reader_s.exe		Extremely nasty	This is a unknown process. This entry was classified from our visitors as bad.
	C:\WINDOWS\system32\servises.exe			Nasty (2.75 / 5.00)
	C:\windows\ld12.exe			Nasty (2.16 / 5.00)
	C:\WINDOWS\system32\servises.exe			Nasty (2.75 / 5.00)
	C:\WINDOWS\system32\servises.exe			Nasty (2.75 / 5.00)
	C:\Documents and Settings\slawek\reader_s.exe			Nasty (1.29 / 5.00)
	C:\WINDOWS\system32\ctfmon.exe		Very safe	This entry was classified from our visitors as good.
	C:\Program Files\Java\jre6\bin\jqs.exe		Very safe	Safe (4.14 / 5.00)
	C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE		Safe	Machine Debug Manager. Used by developers.
	C:\WINDOWS\system32\HPZipm12.exe		Very safe	HP Taskbar Utility
	C:\WINDOWS\sySTEM32\SvchoSt.ExE			Systemprozess - Allgemeiner Hostprozessname für Dienste.
	C:\WINDOWS\system32\svchost.exe		Safe	This entry was classified from our visitors as good.
	C:\WINDOWS\explorer.exe		Safe	This entry was classified from our visitors as good.
	C:\WINDOWS\system32\wbem\wmiapsrv.exe		Safe	WMI Performance Adapter (WMI-Leistungsadapter-Dienst)
	C:\WINDOWS\system32\svchost.exe		Safe	This entry was classified from our visitors as good.
	C:\WINDOWS\system32\2E.tmp		Extremely nasty	This is a unknown process.
	C:\WINDOWS\system32\31.tmp			This is a unknown process.
	C:\WINDOWS\system32\NOTEPAD.EXE		Safe	This entry was classified from our visitors as good.
	C:\Documents and Settings\slawek\Pulpit\hijackthis_199\HijackThis.exe			Remember that Hijackthis must be run in an own folder. Only if Hijackthis run in an own folder it will create backups! Tool, mit dem sie dieses Logfile erzeugt haben. Das Programm sollte so angelegt sein ! C:\Programme\HijackThis\HijackThis.exe
	R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pl/		Very safe	This page has been identified as safe.
	R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157		Safe	This entry was classified from our visitors as good.
	R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896		Safe	This entry was classified from our visitors as good.
	R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896		Safe	This entry was classified from our visitors as good.
	R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157		Safe	This entry was classified from our visitors as good.
	R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =		Safe	This entry was classified from our visitors as good.
	R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =		Safe	This entry was classified from our visitors as good.
	R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =		Safe	This entry was classified from our visitors as good.
	R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =		Safe	This entry was classified from our visitors as good.
	R3 - Default URLSearchHook is missing		Neutral
	O1 - Hosts: 92.241.176.188 advanced-virus-remover2009.com			Must be fixed!
	O1 - Hosts: 92.241.176.188 www.advanced-virus-remover2009.com			Must be fixed!
	O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll		Safe	jp2ssv.dll - Sun_Java, http://java.sun.com/javase/downloads/ind ex.jsp browser plugin
	O2 - BHO: kikin Plugin - {E601996F-E400-41CA-804B-CD6373A7EEE2} - C:\Program Files\kikin\ie_kikin.dll			Safe (3.84 / 5.00)
	O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll		Very safe	jqs_plugin.dll - Java Quick Starter, https://jdk6.dev.java.net/testQS.html
	O4 - HKLM\..\Run: [reader_s] C:\WINDOWS\System32\reader_s.exe		Extremely nasty	Unknown application. This entry was classified from our visitors as bad.
	O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto		Very safe	This is an entry that appears when you uncheck an item in the Startup group, and will disappear if on the next reboot you select the option to not be reminded that you are running in Selective Startup mode
	O4 - HKLM\..\Run: [servises] C:\WINDOWS\system32\servises.exe		Extremely nasty	Nasty (1.97 / 5.00)
	O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup		Safe	Unknown application. This entry was classified from our visitors as good.
	O4 - HKLM\..\Run: [sysldtray] C:\windows\ld12.exe			Nasty (1.59 / 5.00)
	O4 - HKCU\..\Run: [Nowe Gadu-Gadu] "C:\Program Files\Nowe Gadu-Gadu\gg.exe"		Neutral	Not dangerous, but unnecessary. Polish language Instant Messaging client
	O4 - HKCU\..\Run: [servises] C:\WINDOWS\system32\servises.exe			Nasty (1.97 / 5.00)
	O4 - HKCU\..\Run: [reader_s] C:\Documents and Settings\slawek\reader_s.exe			Nasty (1.27 / 5.00)
	O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe		Safe	This entry was classified from our visitors as good.
	O4 - Startup: HideBUS.exe		Very safe	Unknown application.
	O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000			The entry E&ksport do programu Microsoft Excel has been identified as safe.
	O9 - Extra button: (no name) - {0F7195C2-6713-4d93-A1BC-DA5FA33F0A65} - C:\Program Files\kikin\ie_kikin.dll			Safe (3.84 / 5.00)
	O9 - Extra 'Tools' menuitem: My kikin - {0F7195C2-6713-4d93-A1BC-DA5FA33F0A65} - C:\Program Files\kikin\ie_kikin.dll			Safe (3.84 / 5.00)
	O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL			The entry Badanie has been identified as safe.
	O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)		Safe	This entry was classified from our visitors as good.
	O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)		Very safe	This entry was classified from our visitors as good.
	O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe		Safe	This entry was classified from our visitors as good.
	O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe		Neutral	The entry Windows Messenger has been identified as safe.
	O11 - Options group: [INTERNATIONAL] International*		Neutral
	O11 - Options group: [TABS] Tabbed Browsing		Safe
	O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab		Safe	This entry was classified from our visitors as good.
	O20 - Winlogon Notify: dimsntfy - %SystemRoot%\System32\dimsntfy.dll (file missing)		Very safe	Unnecessary (deactivated) entry that can be fixed. This entry was classified from our visitors as good.
	O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\wpdshserviceobj.dll		Neutral
	O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe		Safe	This service (AdskScSrv.exe) was identified as a good one. This entry was classified from our visitors as good.
	O23 - Service: FCI - Unknown owner - C:\WINDOWS\system32\svchost.exe:ext.exe		Nasty	Nasty (1.88 / 5.00)
	O23 - Service: Java Quick Starter (JavaQuickStarterService) - Unknown owner - C:\Program Files\Java\jre6\bin\jqs.exe" -service -config "C:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf (file missing)		Very safe	Safe (4.08 / 5.00)
	O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe		Safe	This service (nvsvc32.exe) was identified as a good one.
	O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe		Safe	This service (HPZipm12.exe) was identified as a good one. This entry was classified from our visitors as good.
Short analysis Use these tips at your own risk!