Logfile of HijackThis v1.99.0
Scan saved at 15:13:42, on 08.02.2005
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINME\SYSTEM\KERNEL32.DLL
C:\WINME\SYSTEM\MSGSRV32.EXE
C:\WINME\SYSTEM\mmtask.tsk
C:\WINME\SYSTEM\MPREXE.EXE
C:\WINME\SYSTEM\STIMON.EXE
C:\WINME\SYSTEM\MSTASK.EXE
C:\WINME\SYSTEM\ZONELABS\VSMON.EXE
C:\WINME\SYSTEM\ZONELABS\ISAFE.EXE
C:\WINME\EXPLORER.EXE
C:\WINME\SYSTEM\RESTORE\STMGR.EXE
C:\WINME\TASKMON.EXE
C:\PROGRAMME\ALCATEL\SPEEDTOUCH USB\DRAGDIAG.EXE
C:\PROGRAMME\3DFX INTERACTIVE\3DFX TOOLS\APPS\3DFXMAN.EXE
C:\WINME\MIXER.EXE
C:\WINME\PCTVOICE.EXE
C:\PROGRAMME\SCANSOFT\OMNIPAGESE\OPWARE32.EXE
C:\PROGRAMME\ZONE LABS\ZONEALARM\ZLCLIENT.EXE
C:\PROGRAMME\BABYLON\BABYLON.EXE
C:\PROGRAMME\RAPIDMEM\RAPIDMEM.EXE
C:\WINME\SYSTEM\MPS.EXE
C:\PROGRAMME\INCREDIMAIL\BIN\IMAPP.EXE
C:\PROGRAMME\BABYLON\utils\shlhook.exe
C:\PROGRAMME\ZONE LABS\ZONEALARM\MAILFRONTIER\MANTISPM.EXE
C:\WINME\SYSTEM\RNAAPP.EXE
C:\WINME\SYSTEM\TAPISRV.EXE
C:\TOTALCMD\TOTALCMD.EXE
C:\KAZEK\HIJACKTHIS\HIJACKTHIS.EXE
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pl/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.aon.at:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.aon.at;*.jet2web.net
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAMME\ADOBE\ACROBAT 6.0 CE\READER\ACTIVEX\ACROIEHELPER.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINME\SYSTEM\MSDXM.OCX
O4 - HKLM…\Run: [scanRegistry] C:\WINME\scanregw.exe /autorun
O4 - HKLM…\Run: [TaskMonitor] C:\WINME\taskmon.exe
O4 - HKLM…\Run: [PCHealth] C:\WINME\PCHealth\Support\PCHSchd.exe -s
O4 - HKLM…\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM…\Run: [speedTouch USB Diagnostics] “C:\Programme\Alcatel\SpeedTouch USB\Dragdiag.exe” /icon
O4 - HKLM…\Run: [3dfx Tools] rundll32.exe 3dfxCmn.dll,CMNUpdateOnBoot
O4 - HKLM…\Run: [3dfx Task Manager] “C:\Programme\3dfx Interactive\3dfx Tools\Apps\3dfxMan.exe”
O4 - HKLM…\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM…\Run: [CountrySelection] pctptt.exe
O4 - HKLM…\Run: [PCTVOICE] pctvoice.exe
O4 - HKLM…\Run: [Omnipage] C:\Programme\ScanSoft\OmniPageSE\opware32.exe
O4 - HKLM…\Run: [Zone Labs Client] “C:\Programme\Zone Labs\ZoneAlarm\zlclient.exe”
O4 - HKLM…\Run: [mps] C:\WINME\SYSTEM\mps.exe /s
O4 - HKLM…\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM…\RunServices: [*StateMgr] C:\WINME\System\Restore\StateMgr.exe
O4 - HKLM…\RunServices: [stillImageMonitor] C:\WINME\SYSTEM\STIMON.EXE
O4 - HKLM…\RunServices: [schedulingAgent] mstask.exe
O4 - HKLM…\RunServices: [TrueVector] C:\WINME\SYSTEM\ZONELABS\VSMON.EXE -service
O4 - HKLM…\RunServices: [CAISafe] C:\WINME\SYSTEM\ZoneLabs\isafe.exe
O4 - HKCU…\Run: [incrediMail] C:\PROGRA~1\INCRED~1\bin\IncMail.exe /c
O4 - HKCU…\Run: [babylon Translator] C:\PROGRAMME\BABYLON\Babylon.exe
O4 - HKCU…\Run: [WITaj!] C:\PROGRAMME\WITAJ!\WIT2000.EXE
O4 - HKCU…\Run: [NBJ] “C:\PROGRAMME\AHEAD\NERO BACKITUP\NBJ.EXE”
O4 - HKCU…\Run: [RapidMem] “C:\Programme\RapidMem\RapidMem.exe” /tray
O4 - Startup: MICROSOFT OFFICE.LNK = C:\Programme\Microsoft Office\Office10\OSA.EXE
O4 - Startup: Adobe Gamma Loader.lnk = C:\Programme\Gemeinsame Dateien\Adobe\Calibration\Adobe Gamma Loader.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Toolbars\Restrictions present
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~1\OFFICE10\EXCEL.EXE/3000
O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSEN~1\MSMSGS.EXE (file missing)
O9 - Extra ‘Tools’ menuitem: MSN Messenger Service - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSEN~1\MSMSGS.EXE (file missing)
O16 - DPF: {2F0D1DA3-F3E4-4C67-BB5C-5AFD70C1A4A5} (UDConnect Class) - http://01.sharedsource.org/html/UDConn_5.2.0.8.cab
O16 - DPF: {638AF6A2-81A1-4655-9FFA-9FC09CDE22CF} (CScanner Object) - http://www.pestscan.com/scanner/ppctlcab.cab
O16 - DPF: {2FC9A21E-2069-4E47-8235-36318989DB13} (PPSDKActiveXScanner.MainScreen) - http://www.pestscan.com/scanner/axscanner.cab
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://195.206.99.79/activex/AxisCamControl.cab