Logfile of HijackThis v1.98.2
Scan saved at 20:36:26, on 09.12.2004
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\Explorer.EXE
C:\Programme\AVPersonal\AVWUPSRV.EXE
C:\WINDOWS\System32\LXSUPMON.EXE
C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe
C:\Programme\MSN Apps\Updater\01.02.3000.1001\de\msnappau.exe
C:\Dokumente und Einstellungen\MOE\Anwendungsdaten\mntr.exe
C:\WINDOWS\System32\l?ass.exe
C:\Programme\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe
C:\Programme\Mozilla Firefox\firefox.exe
C:\Dokumente und Einstellungen\MOE\Desktop\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://195.225.176.14/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://195.225.176.14/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =
http://195.225.176.14/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://195.225.176.14/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://195.225.176.14/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://195.225.176.14/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://195.225.176.14/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
http://195.225.176.14/ie
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
http://195.225.176.14/ie
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
http://195.225.176.14/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
http://195.225.176.14/
O2 - BHO: (no name) - {3D8D6626-EB40-2BEC-D503-64550DF37C1C} - C:\WINDOWS\System32\cupr.dll (file missing)
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Programme\MSN Apps\ST\01.02.3000.1002\en-xu\stmain.dll
O2 - BHO: (no name) - {E6538B7A-E782-43A6-AAFD-7F46BC806338} - C:\WINDOWS\System32\obilc.dll (file missing)
O4 - HKLM\..\Run: [LXSUPMON] C:\WINDOWS\System32\LXSUPMON.EXE RUN
O4 - HKLM\..\Run: [TkBellExe] C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe -osboot
O4 - HKLM\..\Run: [msnappau] C:\Programme\MSN Apps\Updater\01.02.3000.1001\de\msnappau.exe
O4 - HKLM\..\Run: [SearchUpgrader] C:\Programme\Common files\SearchUpgrader\SearchUpgrader.exe
O4 - HKLM\..\Run: [KAZAA] C:\Programme\KaZaA Lite\Kazaa.exe /SYSTRAY
O4 - HKCU\..\Run: [MsnMsgr] C:\Programme\MSN Messenger\MsnMsgr.Exe /background
O4 - HKCU\..\Run: [Slaa] C:\Dokumente und Einstellungen\MOE\Anwendungsdaten\mntr.exe
O4 - HKCU\..\Run: [monitor] monitor.exe
O4 - HKCU\..\Run: [Pxubm] C:\WINDOWS\System32\l?ass.exe
O8 - Extra context menu item: &Google Search - res://c:\programme\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: Im Cache gespeicherte Seite - res://c:\programme\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Verweisseiten - res://c:\programme\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Ähnliche Seiten - res://c:\programme\google\GoogleToolbar2.dll/cmsimilar.html
O15 - Trusted Zone: *.skoobidoo.com
O15 - Trusted Zone: *.windupdates.com
O16 - DPF: {4C26E1A7-5C92-4D48-A098-921005ED55C5} - ms-its:mhtml:file://c:\nosuxyz.mht!
http://213.158.119.18/auto/stoolbar.chm::/stoolbar.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) -
http://software-dl.real.com/2349a6da2aeaed9bc905/netzip/RdxIE601_de.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{EEB1DA0B-65B8-4579-8625-B2B963565984}: NameServer = 212.7.148.65 212.7.148.97