Logfile of HijackThis v1.99.1 Scan saved at 21:10:55, on 27.04.2006 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Programme\AntiVirenKit 2004\AVKService.exe C:\WINDOWS\Explorer.EXE C:\Programme\AntiVirenKit 2004\AVKWCtl.exe C:\WINDOWS\System32\DVDRAMSV.exe C:\WINDOWS\System32\atmclk.exe C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe C:\Programme\HP\hpcoretech\hpcmpmgr.exe C:\Programme\Hewlett-Packard\HP Software Update\HPWuSchd2.exe C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe C:\Programme\D-Tools\daemon.exe C:\Programme\T-Eumex KommunikationsCenter\strtfx.exe C:\Programme\T-Eumex KommunikationsCenter\sndml.exe C:\PROGRA~2\B'SCLI~1\Win2K\BSCLIP.exe C:\Programme\CyberLink\PowerDVD\PDVDServ.exe C:\Programme\ICQLite\ICQLite.exe C:\WINDOWS\System32\ctfmon.exe C:\Programme\T-Eumex KommunikationsCenter\TrayLaunch.exe C:\Programme\Gemeinsame Dateien\Ahead\lib\NMBgMonitor.exe C:\Programme\Google\Google Desktop Search\GoogleDesktop.exe C:\Programme\CyberLink DVD Solution\Multimedia Launcher\PowerBar.exe C:\Programme\Telekom\T-Eumex 520PC\Capictrl.exe C:\Programme\Telekom\T-Eumex 520PC\HNetCtrl.exe C:\WINDOWS\system32\RAMASST.exe C:\Programme\ArcorOnline\Arcor.exe C:\Programme\OpenOffice.org 2.0\program\soffice.exe C:\Programme\OpenOffice.org 2.0\program\soffice.BIN C:\Programme\Google\Google Desktop Search\GoogleDesktopIndex.exe C:\Programme\Google\Google Desktop Search\GoogleDesktopCrawl.exe C:\WINDOWS\System32\dcomcfg.exe C:\Programme\Internet Explorer\iexplore.exe G:\progs\hijackthis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.arcor.de R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.arcor.de R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.arcor.de R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.arcor.de R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.arcor.de R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Arcor AG & Co. KG O2 - BHO: Nothing - {b0398eca-0bcd-4645-8261-5e9dc70248d0} - C:\WINDOWS\System32\hp84F.tmp O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programme\google\googletoolbar2.dll O3 - Toolbar: SecurityToolbar - {736b5468-bdad-41be-92d0-22ae2ddf7bcb} - C:\Programme\Security Toolbar\Security Toolbar.dll O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe O4 - HKLM\..\Run: [HP Component Manager] "C:\Programme\HP\hpcoretech\hpcmpmgr.exe" O4 - HKLM\..\Run: [HP Software Update] C:\Programme\Hewlett-Packard\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [DeviceDiscovery] C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Programme\D-Tools\daemon.exe" -lang 1033 O4 - HKLM\..\Run: [strtfx] "C:\Programme\T-Eumex KommunikationsCenter\strtfx.exe" O4 - HKLM\..\Run: [sndml] "C:\Programme\T-Eumex KommunikationsCenter\sndml.exe" O4 - HKLM\..\Run: [B'sCLiP] C:\PROGRA~2\B'SCLI~1\Win2K\BSCLIP.exe O4 - HKLM\..\Run: [RemoteControl] C:\Programme\CyberLink\PowerDVD\PDVDServ.exe O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\System32\NeroCheck.exe O4 - HKLM\..\Run: [ICQ Lite] C:\Programme\ICQLite\ICQLite.exe -minimize O4 - HKLM\..\Run: [Error Nuker] C:\Programme\Error Nuker\bin\ErrorNuker.exe autostart O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe O4 - HKCU\..\Run: [LauncherStart] "C:\Programme\T-Eumex KommunikationsCenter\TrayLaunch.exe" O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programme\Gemeinsame Dateien\Ahead\lib\NMBgMonitor.exe" O4 - HKCU\..\Run: [Google Desktop Search] "C:\Programme\Google\Google Desktop Search\GoogleDesktop.exe" /startup O4 - HKCU\..\Run: [PowerBar] "C:\Programme\CyberLink DVD Solution\Multimedia Launcher\PowerBar.exe" /AtBootTime O4 - HKCU\..\RunOnce: [ICQ Lite] C:\Programme\ICQLite\ICQLite.exe -trayboot O4 - Startup: Arcor Online.lnk = C:\Programme\ArcorOnline\Arcor.exe O4 - Startup: OpenOffice.org 2.0.lnk = C:\Programme\OpenOffice.org 2.0\program\quickstart.exe O4 - Global Startup: CAPIControl.lnk = ? O4 - Global Startup: HomeNet Control.lnk = ? O4 - Global Startup: Microsoft Office.lnk = C:\Programme\Microsoft Office\Office\OSA9.EXE O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe O8 - Extra context menu item: &Google-Suche - res://c:\programme\google\GoogleToolbar2.dll/cmsearch.html O8 - Extra context menu item: &Ins Deutsche übersetzen - res://c:\programme\google\GoogleToolbar2.dll/cmwordtrans.html O8 - Extra context menu item: Im Cache gespeicherte Seite - res://c:\programme\google\GoogleToolbar2.dll/cmcache.html O8 - Extra context menu item: Verweisseiten - res://c:\programme\google\GoogleToolbar2.dll/cmbacklinks.html O8 - Extra context menu item: Ähnliche Seiten - res://c:\programme\google\GoogleToolbar2.dll/cmsimilar.html O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe O9 - Extra button: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Programme\PartyGaming.Net\PartyPokerNet\RunPF.exe (file missing) O9 - Extra 'Tools' menuitem: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Programme\PartyGaming.Net\PartyPokerNet\RunPF.exe (file missing) O17 - HKLM\System\CCS\Services\Tcpip\..\{081B1776-63B5-4E60-8468-831F701D85A6}: NameServer = 195.50.140.114 195.50.140.252 O17 - HKLM\System\CCS\Services\Tcpip\..\{BCF81129-AEB7-47A1-8C3F-546D919770A3}: NameServer = 192.168.0.1 O17 - HKLM\System\CS1\Services\Tcpip\..\{081B1776-63B5-4E60-8468-831F701D85A6}: NameServer = 195.50.140.114 195.50.140.252 O18 - Protocol: haufereader - {39198710-62F7-42CD-9458-069843FA5D32} - C:\Programme\Haufe\HaufeReader\HRInstmon.dll O23 - Service: AVK Service (AVKService) - Unknown owner - C:\Programme\AntiVirenKit 2004\AVKService.exe O23 - Service: AVK Wächter (AVKWCtl) - Unknown owner - C:\Programme\AntiVirenKit 2004\AVKWCtl.exe O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\System32\DVDRAMSV.exe