Code:
Logfile of HijackThis v1.99.0 Safe.
Safe. Shows the version of HijackThis an. The newest version is: v1.99.0! This should be the newest version. (v1.99.0)
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Safe.
Safe. Shows the version of your Internet Explorer. Newest Version is: 6.00.2800.1106! This should be the newest version. (6.00.2800.1106)
C:\WINDOWS\SYSTEM\MSGSRV32.EXE Safe.
Safe. running process. (MSGSRV32.EXE)
Systemprozess - Windows Message Server
C:\WINDOWS\SYSTEM\MPREXE.EXE Safe.
Safe. running process. (MPREXE.EXE)
Systemprozess - Erlaubt mehr als einen Netzwerkclienten und 95, 98 oder ME einzurichten.
C:\WINDOWS\SYSTEM\MSTASK.EXE Safe.
Safe. running process. (MSTASK.EXE)
Gehört zu den Windows Powertoys von MS.
C:\WINDOWS\EXPLORER.EXE Safe.
Safe. running process. (EXPLORER.EXE)
Systemprozess für Desktop und Taskleiste.
C:\WINDOWS\TASKMON.EXE Safe.
Safe. running process. (TASKMON.EXE)
Systemprozess - Application that is used to collect information from hard disksby monitoring the most frequently used programs.
C:\WINDOWS\SYSTEM\SYSTRAY.EXE Safe.
Safe. running process. (SYSTRAY.EXE)
Systemprozess - Background application that runs the Windows system tray, which provides space to display the clock time and icons installed by other applications.
C:\WINDOWS\SYSTEM\ATIPTAAA.EXE Unknown
Unknown running process. (ATIPTAAA.EXE)
This is a unknown process.
C:\WINDOWS\SYSTEM\WMIEXE.EXE Safe.
Safe. running process. (WMIEXE.EXE)
Systemprozess - Application that gives a standard method of accessing system information, performance information, event monitors, and application monitors. The application works as a transparent task.
C:\PROGRAMME\WINZIP\WZQKPICK.EXE Safe.
Safe. running process. (WZQKPICK.EXE)
C:\WINDOWS\SYSTEM\RNAAPP.EXE Safe.
Safe. running process. (RNAAPP.EXE)
Systemprozess - Windows Dial-Up Networking application that handles dial-up modem connections.
C:\WINDOWS\SYSTEM\TAPISRV.EXE Safe.
Safe. running process. (TAPISRV.EXE)
Systemprozess - Background service that provides Windows Telephony (TAPI) Support in Windows 98 and Windows NT 4.
C:\UNZIPPED\HIJACKTHIS_199\HIJACKTHIS.EXE Safe.
Safe. running process. (HIJACKTHIS.EXE)
Tool, mit dem sie dieses Logfile erzeugt haben. Remember that Hijackthis must be run in an own folder. Only if Hijackthis run in an own folder it will create backups!
C:\PROGRAMME\FRN_INBC\FRN_INBC.EXE Unknown
Unknown running process. (FRN_INBC.EXE)
This is a unknown process.
C:\PROGRAMME\MOZILLA FIREFOX\FIREFOX.EXE Safe.
Safe. running process. (FIREFOX.EXE)
Internet Browser
R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.puh.ru/search.html Nasty
Nasty This entry should be fixed by HijackThis! This entry should be fixed by HijackThis!
R1 - HKLM\Software\Microsoft\Internet Explorer,SearchURL = http://www.puh.ru/search.html Nasty
Nasty This entry should be fixed by HijackThis! This entry should be fixed by HijackThis!
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.puh.ru/search.html Nasty
Nasty This entry should be fixed by HijackThis! This entry should be fixed by HijackThis!
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.ruserv.com Nasty
Nasty This entry should be fixed by HijackThis! This entry should be fixed by HijackThis!
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.ruserv.com Nasty
Nasty This entry should be fixed by HijackThis! This entry should be fixed by HijackThis!
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.puh.ru/search.html Nasty
Nasty This entry should be fixed by HijackThis! This entry should be fixed by HijackThis!
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.puh.ru/search.html Nasty
Nasty This entry should be fixed by HijackThis! This entry should be fixed by HijackThis!
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.ruserv.com Nasty
Nasty This entry should be fixed by HijackThis! This entry should be fixed by HijackThis!
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.ruserv.com Nasty
Nasty This entry should be fixed by HijackThis! This entry should be fixed by HijackThis!
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.tetki.ru/index5.shtml Possibly nasty
Possibly nasty This page could possibly be nasty. If you do not know the entry 'http://www.tetki.ru/index5.shtml', delete it.
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.puh.ru/search.html Nasty
Nasty This entry should be fixed by HijackThis! This entry should be fixed by HijackThis!
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.searchv.com/search.html Nasty
Nasty This entry should be fixed by HijackThis! This entry should be fixed by HijackThis!
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.puh.ru/search.html Nasty
Nasty This entry should be fixed by HijackThis! This entry should be fixed by HijackThis!
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://search.ruserv.com Nasty
Nasty This entry should be fixed by HijackThis! This entry should be fixed by HijackThis!
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = about:blank Safe.
Safe. This page has been identified as safe.
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer von 01019 FREENET Safe.
Safe. This page has been identified as safe.
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=surfproxy.freenet.de:8080 Safe.
Safe. This page has been identified as safe.
R3 - Default URLSearchHook is missing Nasty
Nasty Should be fixed if you do not know the application or if no application is mentioned. This entry should be fixed.
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAMME\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX Safe.
Safe. Entries found in this registry zone are potentially nasty. This application ([06849E9F-C8D7-4D59-B87D-784B7D6BE0B3] - Result: 06849E9F-C8D7-4D59-B87D-784B7D6BE0B3) has been checked. Hit rate: 99 %
O2 - BHO: (no name) - {CF021F40-3E14-23A5-CBA2-717177657972} - (no file) Unnecessarily
Unnecessarily Entries found in this registry zone are potentially nasty. This application ([CF021F40-3E14-23A5-CBA2-717177657972] - Result: CF021F40-3E14-23A5-CBA2-717177657972) has been checked. Hit rate: 99 % Must be fixed!
Unnecessary (deactivated) entry that can be fixed.
O2 - BHO: (no name) - {4FA8315F-BC1E-7DE6-8753-60550DA82F4E} - (no file) Unnecessarily
Unnecessarily Entries found in this registry zone are potentially nasty. This application ([4FA8315F-BC1E-7DE6-8753-60550DA82F4E] - Result: ) has been checked. Hit rate: -1 % Unknown application.
Unnecessary (deactivated) entry that can be fixed.
O2 - BHO: Cls - {CF021F40-3E14-23A5-CBA2-717765721316} - C:\WINDOWS\SYSTEM\WER1316.DLL Unknown
Unknown Entries found in this registry zone are potentially nasty. This application ([CF021F40-3E14-23A5-CBA2-717765721316] - Result: ) has been checked. Hit rate: -1 % Unknown application.
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll Safe.
Safe. Entries found in this registry zone are potentially nasty. This application ([53707962-6F74-2D53-2644-206D7942484F] - Result: 53707962-6F74-2D53-2644-206D7942484F) has been checked. Hit rate: 99 %
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX Safe.
Safe. Entries found in this registry zone are potentially nasty. This application ([8E718888-423F-11D2-876E-00A0C9082467] - Result: 8E718888-423F-11D2-876E-00A0C9082467) has been checked. If the name is made up of random letters, found in the folder 'Application Data' and the kind is 'Unknown' , it should be fixed. Hit rate: 99 %
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun Safe.
Safe.
Hit rate: 94 % (result)
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe Safe.
Safe. SystemProzess
Hit rate: 99 % (result)
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe Safe.
Safe. SYSTRAY.EXE - System Tray Services. Provides the Volume Control, PC Card Status, Power Management and other icons that reside in the System Tray (see here). SYSTRAY.EXE may be disabled if none of these services are required. It will launch as and when required if you later enable the icons. If you need these items they re available via Start -> Settings -> Control Panel
Hit rate: 99 % (result)
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme Safe.
Safe. Power management specifics such as monitor shut-off, system standby, etc. Associated with power management and is listed twice - see here. Loads your selected power scheme. May not be required - depends upon whether you modify the default Control Panel -> Power Options settings
Hit rate: 99 % (result)
O4 - HKLM\..\Run: [ATIGART] c:\ati\gart\atigart.exe Safe.
Safe. Program that checks the motherboard chipset and determines which GART driver bundle to install on ATI video cards. If you have one, once installed it shouldnt be needed
Hit rate: 67 % (result) Not dangerous, but unnecessary.
O4 - HKLM\..\Run: [AtiPTA] Atiptaaa.exe Unknown
Unknown
Hit rate: -1 % (result) Unknown application.
O4 - HKLM\..\Run: [AVGCtrl] C:\PROGRAMME\AVPERSONAL\AVGCTRL.EXE /min Safe.
Safe. Background task of the AntiVir antivirus program which scans files transparently in the background
Hit rate: 99 % (result)
O4 - HKLM\..\Run: [netsys.exe] netsys.exe Possibly nasty
Possibly nasty
Hit rate: 13 % (result) It seems that the name of this program is the same as the name of the file. In the most cases this is the result of trojans. To be sure, you should check this file.
O4 - HKLM\..\Run: [AVSCHED32] C:\PROGRAMME\AVPERSONAL\AVSCHED32.EXE /min Safe.
Safe. AntiVir anti-virus from H BDEV
Hit rate: 72 % (result)
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme Safe.
Safe. Power management specifics such as monitor shut-off, system standby, etc. Associated with power management and is listed twice - see here. Loads your selected power scheme. May not be required - depends upon whether you modify the default Control Panel -> Power Options settings
Hit rate: 99 % (result)
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe Safe.
Safe. MS Scheduling Agent displayed as a box with a stopwatch in the System Tray that is only needed if you have regular scheduled disk defragmenting, ScanDisk, etc. Required if you have regularily scheduled events such as weekly virus scans
Hit rate: 99 % (result)
O4 - Startup: GENO lite ZV Fälligkeiten.lnk = C:\WINLITE\ZAWF.EXE Unknown
Unknown
Hit rate: 8 % (result) Unknown application.
O4 - Startup: WinZip Quick Pick.lnk = C:\Programme\WinZip\WZQKPICK.EXE Safe.
Safe. Added with WinZip version 8.1. "The new WinZip Quick Pick taskbar tray icon gives you instant access to WinZip and your Zip files. Just left click the icon to open WinZip, or right click it to instantly reopen recently used Zip files, access your Favorite Zip Folders, open WinZip Help, or start WinZip itself.". You can right-click and close it - choosing to not re-load it at start-up
Hit rate: 93 % (result) Not dangerous, but unnecessary.
O12 - Plugin for .wav: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin.dll Safe.
Safe. Most of the entries present in this registry area are safe. Only OnFlow adds an unwanted plugins can be found here. OnFlow-Plugins have the following extension *.ofb.
O12 - Plugin for .mid: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin.dll Safe.
Safe. Most of the entries present in this registry area are safe. Only OnFlow adds an unwanted plugins can be found here. OnFlow-Plugins have the following extension *.ofb.
O12 - Plugin for .mov: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin.dll Safe.
Safe. Most of the entries present in this registry area are safe. Only OnFlow adds an unwanted plugins can be found here. OnFlow-Plugins have the following extension *.ofb.
O12 - Plugin for .pl: C:\PROGRA~1\INTERN~1\PLUGINS\nppdf32.dll Safe.
Safe. Most of the entries present in this registry area are safe. Only OnFlow adds an unwanted plugins can be found here. OnFlow-Plugins have the following extension *.ofb.
O16 - DPF: {00000000-663f-49e8-bdf6-f26db51c7dd5} - Nasty
Nasty This entry is possibly nasty. Should be fixed.
O16 - DPF: {95E5A0FC-6CFB-4EB6-B649-7A9AA877A7A9} (Pcksloader Control) - http://www.pckindersicherung.de/pcks/pcks.cab Possibly nasty
Possibly nasty Unknown ActiveX-Objects, or ActiveX-Objects from unknown sites should always be fixed. If the name of the ActiveX-Object or the URL contains the words 'dialer', 'casino', 'free plugin' etc, it should be fixed! Check if you know this site and fix it if you do not.
O16 - DPF: {488BAD01-798A-47CC-B723-D129A197E9A2} (Downloader Class) - http://www.downloadfreenow.com/sites/signed.cab Possibly nasty
Possibly nasty Unknown ActiveX-Objects, or ActiveX-Objects from unknown sites should always be fixed. If the name of the ActiveX-Object or the URL contains the words 'dialer', 'casino', 'free plugin' etc, it should be fixed! Check if you know this site and fix it if you do not.
O16 - DPF: {00000000-0000-0000-0000-000020030000} - http://207.234.185.217/ABoxInst.exe Nasty
Nasty This entry is possibly nasty.
