neuer hijack scan
Logfile of HijackThis v1.98.0
Scan saved at 14:25:14, on 09.07.2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\alg.exe
C:\Programme\AVPersonal\AVGUARD.EXE
C:\Programme\AVPersonal\AVWUPSRV.EXE
C:\WINDOWS\System32\ups.exe
C:\WINDOWS\htpatch.exe
C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\Dit.exe
C:\Programme\Microsoft Hardware\Mouse\point32.exe
C:\WINDOWS\System32\taskswitch.exe
C:\Programme\AVPersonal\AVGNT.EXE
D:\PROGRA~1\RCrawler\RCrawler.exe
D:\PROGRA~1\Xerox\CONTRO~1.0\TEXTBR~1.0\Bin\INSTAN~1.EXE
C:\WINDOWS\System32\Drivers\XWMSAPI.EXE
D:\Programme\Xerox\ControlCentre 2.0\XWCTray.exe
C:\WINDOWS\DitExp.exe
D:\Programme\ZoneAlarm\zlclient.exe
D:\Programme\Papa's Prog\TuneUp Utilities\MemOptimizer.exe
D:\Programme\a2\a2guard.exe
C:\Programme\MSN Messenger\msnmsgr.exe
D:\Programme\Kaspersky Anti-Hacker\KAVPF.exe
D:\Programme\Xerox\ControlCentre 2.0\Pagis\Monitor.exe
D:\Programme\VB6-Projekte\DesktopProjekt\Programm\Version 1.4\Desktopprogramm ver.1.4.exe
D:\Programme\ICQ\ICQ 4.0\ICQLite.exe
D:\Programme\VB6-Projekte\Kräftigungswecker\Mit Papa\Programmcodes\KPlan.exe
C:\WINDOWS\System32\ZoneLabs\vsmon.exe
C:\Programme\Internet Explorer\IEXPLORE.EXE
D:\Programme\Hijack 1.98\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.medion.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.startseite.de/searchbar
O1 - Hosts: die von Microsoft TCP/IP
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\Programme\Spybot\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programme\google\googletoolbar2.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programme\google\googletoolbar2.dll
O4 - HKLM\..\Run: [HTpatch] C:\WINDOWS\htpatch.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Dit] Dit.exe
O4 - HKLM\..\Run: [VOBRegCheck] C:\WINDOWS\System32\VOBREGCheck.exe -CheckReg
O4 - HKLM\..\Run: [POINTER] point32.exe
O4 - HKLM\..\Run: [SysUpd] C:\WINDOWS\System32\SysUpd.exe
O4 - HKLM\..\Run: [CoolSwitch] C:\WINDOWS\System32\taskswitch.exe
O4 - HKLM\..\Run: [AVGCtrl] "C:\Programme\AVPersonal\AVGNT.EXE" /min
O4 - HKLM\..\Run: [Realtime Audio Engine] mmrtkrnl.exe
O4 - HKLM\..\Run: [Registry Crawler] D:\PROGRA~1\RCrawler\RCrawler.exe -TRAYONLY
O4 - HKLM\..\Run: [InstantAccess] D:\PROGRA~1\Xerox\CONTRO~1.0\TEXTBR~1.0\Bin\INSTAN~1.EXE /h
O4 - HKLM\..\Run: [RegisterDropHandler] D:\PROGRA~1\Xerox\CONTRO~1.0\TEXTBR~1.0\Bin\REGIST~1.EXE
O4 - HKLM\..\Run: [XWMSUSBAPI] C:\WINDOWS\System32\Drivers\XWMSAPI.EXE
O4 - HKLM\..\Run: [ControlCentreTray] "D:\Programme\Xerox\ControlCentre 2.0\XWCTray.exe"
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\System32\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [Zone Labs Client] "D:\Programme\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\RunServices: [RegisterDropHandler] D:\PROGRA~1\Xerox\CONTRO~1.0\TEXTBR~1.0\Bin\REGIST~1.EXE
O4 - HKCU\..\Run: [TuneUp MemOptimizer] D:\Programme\Papa's Prog\TuneUp Utilities\MemOptimizer.exe autostart
O4 - HKCU\..\Run: [a²] "D:\Programme\a2\a2guard.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Programme\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\RunOnce: [ICQ Lite] D:\Programme\ICQ\ICQ 4.0\ICQLite.exe -trayboot
O4 - Startup: Desktopprogramm ver.1.4.lnk = D:\Programme\VB6-Projekte\DesktopProjekt\Programm\Version 1.4\Desktopprogramm ver.1.4.exe
O4 - Startup: ICQ 4.0.lnk = D:\Programme\ICQ\ICQ 4.0\ICQLite.exe
O4 - Startup: Kräftigungswecker.lnk = ?
O4 - Global Startup: Kaspersky Anti-Hacker.lnk = ?
O4 - Global Startup: Pagis-Zeitplan-Monitor.lnk = D:\Programme\Xerox\ControlCentre 2.0\Pagis\Monitor.exe
O8 - Extra context menu item: &Google Search - res://c:\programme\google\http://GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: Backward &Links - res://c:\programme\google\http://GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://c:\programme\google\http://GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Si&milar Pages - res://c:\programme\google\http://GoogleToolbar2.dll/cmsimilar.html
O9 - Extra button: ICQ 4.0 - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - D:\Programme\ICQ\ICQ 4.0\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - D:\Programme\ICQ\ICQ 4.0\ICQLite.exe
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\MSMSGS.EXE
O9 - Extra button: MedionShop - {01E9CF82-AE9D-42BA-A629-B23D51A4B86B} - http://www.medionshop.de/ (file missing) (HKCU)
O14 - IERESET.INF: START_PAGE_URL=http://www.medion.com/
O16 - DPF: {469C7080-8EC8-43A6-AD97-45848113743C} - http://akamai.downloadv3.com/binaries/IA/nethv32_EN_XP.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5C…b?1089322130125
O16 - DPF: {6CB5E471-C305-11D3-99A8-000086395495} - http://toolbar.google.com/data/de/big/1.…g/GoogleNav.cab
O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http://www.bul-online.de/scan/Msie/bitdefender.cab
O16 - DPF: {AE1C01E3-0283-11D3-9B3F-00C04F8EF466} - http://fdl.msn.com/zone/datafiles/heartbeat.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{1155BEB9-BE73-4757-9CC1-20170BC0A96A}: NameServer = 217.237.151.161 194.25.2.129