Logfile of HijackThis v1.99.1
Scan saved at 21:42:59, on 12.08.2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\Sygate\SPF\smc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\Launch Manager\CtrlVol.exe
C:\Programme\Launch Manager\Wbutton.exe
C:\WINDOWS\system32\atiptaxx.exe
C:\Programme\Synaptics\SynTP\SynTPLpr.exe
C:\Programme\Synaptics\SynTP\SynTPEnh.exe
C:\Programme\Launch Manager\LaunchAp.exe
C:\Programme\Launch Manager\HotkeyApp.exe
C:\Programme\Java\j2re1.4.2_04\bin\jusched.exe
C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe
C:\Programme\AVPersonal\AVGNT.EXE
C:\Programme\Microsoft AntiSpyware\gcasDtServ.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\Programme\AVPersonal\AVWUPSRV.EXE
C:\PROGRA~1\Agnitum\OUTPOS~1.0\outpost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\Internet Explorer\iexplore.exe
C:\Programme\AVPersonal\AVGUARD.EXE
C:\Programme\Outlook Express\msimn.exe
C:\Programme\Internet Explorer\iexplore.exe
C:\Downloads\hijackthis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,(Default) =
h**p://www.google.de
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,(Default) =
h**p://www.google.de
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet
Settings,ProxyServer = localhost:4001
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
- C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: T3ToolbarHelper Class -
{164E93C4-09BF-4647-9E0B-D5FBB1D35E63} -
C:\PROGRA~1\DASRTL~1\DASOER~1.DLL
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} -
C:\Programme\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} -
C:\PROGRA~1\FlashGet\jccatch.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} -
C:\Programme\MSN Apps\MSN Toolbar\01.02.4000.1001\de\msntb.dll
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} -
C:\PROGRA~1\FlashGet\fgiebar.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} -
C:\Programme\MSN Apps\MSN Toolbar\01.02.4000.1001\de\msntb.dll
O3 - Toolbar: DasÖrtliche Such-Leiste -
{6E5B18CB-0EB6-4461-88B8-33B4683613D5} -
C:\PROGRA~1\DASRTL~1\DASOER~1.DLL
O4 - HKLM\..\Run: [CtrlVol] C:\Programme\Launch Manager\CtrlVol.exe
O4 - HKLM\..\Run: [Wbutton] "C:\Programme\Launch Manager\Wbutton.exe"
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Programme\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Programme\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Programme\Microsoft
Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [Tweak UI] RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp
O4 - HKLM\..\Run: [LaunchAp] C:\Programme\Launch Manager\LaunchAp.exe
O4 - HKLM\..\Run: [HotkeyApp] C:\Programme\Launch Manager\HotkeyApp.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [SunJavaUpdateSched]
C:\Programme\Java\j2re1.4.2_04\bin\jusched.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Programme\Gemeinsame
Dateien\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [AVGCtrl] "C:\Programme\AVPersonal\AVGNT.EXE" /min
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\System32\qttask.exe"
-atboottime
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [gcasServ] "C:\Programme\Microsoft
AntiSpyware\gcasServ.exe"
O4 - Startup: tiscali (2).lnk = ?
O8 - Extra context menu item: &Add animation to IncrediMail Style Box -
C:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm
O8 - Extra context menu item: Alles mit FlashGet laden -
C:\Programme\FlashGet\jc_all.htm
O8 - Extra context menu item: Mit FlashGet laden -
C:\Programme\FlashGet\jc_link.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -
C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole -
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: concept/design's onlineTV -
{6349A3C3-5F9A-4CF6-B96C-9B6B0BDCD7D7} -
C:\Programme\onlineTV\onlineTV.exe
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} -
C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet -
{D6E814A0-E0C5-11d4-8D29-0050BA6940E3} -
C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -
C:\Programme\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger -
{FB5F1910-F110-11d2-BB9E-00C04F795683} -
C:\Programme\Messenger\msmsgs.exe (file missing)
O14 - IERESET.INF: START_PAGE_URL=h**p://www.freenet.de
O16 - DPF: {27FA5271-12D2-43E3-9424-365A43236EE7} (PIXACO upload
plugin) -
h**p://www.pixaco.de/static/download/iedropupload.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} -
h**p://a1540.g.akamai.net/7/1540/52/2002...nfo.apple.com/d
ribnif/de/win/QuickTimeInstaller.exe
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl
Class) -
h**p://tools.ebayimg.com/eps/wl/activex/...l_v1-0-3-24.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} -
h**p://207.188.7.150/07796d5dafe56213e01...RdxIE601_de.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class)
-
h**p://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/clie
nt/wuweb_site.cab?1095639359650
O16 - DPF: {92CA8ACC-4E99-4A2A-93F1-B2C5CADC8613} (OPInstall Control) -
h**p://a14.g.akamai.net/f/14/7141/144000s/download.opistat.com/opistat/
activex/opinstall_gr_4.1.0.18.cab
O16 - DPF: {A031D222-B496-11D2-9CC8-00105A10AAF6} -
h**p://62.39.141.134/tools/FlipsideWebLauncherControl.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF}
(MsnMessengerSetupDownloadControl Class) -
h**p://messenger.msn.com/download/msnmessengersetupdownloader.cab
O16 - DPF: {B3E0F81F-73F8-470B-A56B-D895EFF19260} (ATLF3D Class) -
h**p://www.famous3d.com/viewer/latest/axf3d.cab
O16 - DPF: {E855A2D4-987E-4F3B-A51C-64D10A7E2479} (EPSImageControl
Class) - h**p://tools.ebayimg.com/eps/activex/EPSControl_v1-0-3-0.cab
O16 - DPF: {FDC847F8-DA70-4442-8072-FF883F34D14A} -
h**p://toolbar.dasoertliche-marketing.de/toolbar/normal/download/DasOer
tlicheSuchLeiste.cab
O17 -
HKLM\System\CCS\Services\Tcpip\..\{03D2850D-8550-470E-B26B-1B62D8A38E70
}: NameServer = 192.168.122.252,192.168.122.253
O17 -
HKLM\System\CCS\Services\Tcpip\..\{B5EEB6E7-B266-4BC4-824D-038AF3F7A0CD
}: NameServer = 195.247.247.195 62.27.27.62
O17 -
HKLM\System\CS1\Services\Tcpip\..\{03D2850D-8550-470E-B26B-1B62D8A38E70
}: NameServer = 192.168.122.252,192.168.122.253
O17 -
HKLM\System\CS2\Services\Tcpip\..\{03D2850D-8550-470E-B26B-1B62D8A38E70
}: NameServer = 192.168.122.252,192.168.122.253
O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik
GmbH - C:\Programme\AVPersonal\AVGUARD.EXE
O23 - Service: Ati HotKey Poller - Unknown owner -
C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH,
Germany - C:\Programme\AVPersonal\AVWUPSRV.EXE
O23 - Service: AVM FRITZ!web Routing Service (de_serv) - AVM Berlin -
C:\Programme\Gemeinsame Dateien\AVM\de_serv.exe
O23 - Service: Outpost Firewall Service (OutpostFirewall) - Agnitum -
C:\PROGRA~1\Agnitum\OUTPOS~1.0\outpost.exe
O23 - Service: Sygate Personal Firewall Pro (SmcService) - Sygate
Technologies, Inc. - C:\Programme\Sygate\SPF\smc.exe
O23 - Service: xControlCOM - Siemens - C:\Programme\T-Sinus 721\T-Sinus
721 PC\xControlCOM.exe
