| BobbyDigital | 04.12.2009 13:13 |
Kein Internet mit IE8 nach searchsettings und mybrowserbar.com Verseuchung
Hallo!
Ich habe seit kurzem das Problem, dass ich mit dem IE8 nicht mehr ins Internet komme oder aber die Seiten total defekt dargestellt werden. Mit Safari gehts komischer weise.
Hatte anfangs das Problem, dass sich beim öffnen einer Seite immer mehrere Seiten aufgingen mit w*w.mybrowserbar.com. Außerdem war ein searchsettings Kram installiert.
Hier mal meine HiJacklog: Code:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:56:54, on 4.12.2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Programme\AVG\AVG9\avgchsvx.exe
C:\Programme\AVG\AVG9\avgrsx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\Explorer.EXE
C:\Programme\Microsoft Hardware\Keyboard\type32.exe
C:\Programme\Microsoft Hardware\Mouse\point32.exe
C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
C:\Programme\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Programme\Canon\MyPrinter\BJMyPrt.exe
C:\Programme\ScanSoft\OmniPageSE4\OpwareSE4.exe
C:\Programme\Nero\Nero 7\Nero BackItUp\NBKeyScan.exe
C:\Programme\Nero\Nero 7\InCD\NBHGui.exe
C:\Programme\Nero\Nero 7\InCD\InCD.exe
C:\Programme\CyberLink\PowerDVD\PDVDServ.exe
C:\Programme\iTunes\iTunesHelper.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\PROGRA~1\AVG\AVG9\avgtray.exe
C:\Programme\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\Gemeinsame Dateien\LightScribe\LightScribeControlPanel.exe
C:\Programme\Messenger\msmsgs.exe
C:\Programme\Kabelloser Labtec-Desktop\MagicKey.exe
C:\Programme\OpenOffice.org 2.0\program\soffice.exe
C:\Programme\Kabelloser Labtec-Desktop\MulMouse.exe
C:\Programme\OpenOffice.org 2.0\program\soffice.BIN
C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Programme\AVG\AVG9\avgwdsvc.exe
C:\Programme\Bonjour\mDNSResponder.exe
C:\Programme\Internet Explorer\iexplore.exe
C:\Programme\Nero\Nero 7\InCD\InCDsrv.exe
C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe
C:\Programme\Kabelloser Labtec-Desktop\OSD.EXE
C:\WINDOWS\system32\IoctlSvc.exe
C:\Programme\AVG\AVG9\avgnsx.exe
C:\Programme\CyberLink\Shared Files\RichVideo.exe
C:\Programme\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\WINDOWS\system32\svchost.exe
C:\Programme\AVG\AVG9\avgemc.exe
C:\Programme\Trend Micro\HijackThis\HijackThis.exe
C:\Programme\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Programme\iPod\bin\iPodService.exe
C:\Programme\Internet Explorer\iexplore.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = h**p://www.google.de/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = h**p://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = h**p://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = h**p://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = h**p://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - (no file)
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Programme\AVG\AVG9\avgssie.dll
O4 - HKLM\..\Run: [IntelliType] "C:\Programme\Microsoft Hardware\Keyboard\type32.exe"
O4 - HKLM\..\Run: [POINTER] point32.exe
O4 - HKLM\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Programme\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [CanonSolutionMenu] C:\Programme\Canon\SolutionMenu\CNSLMAIN.exe /logon
O4 - HKLM\..\Run: [CanonMyPrinter] C:\Programme\Canon\MyPrinter\BJMyPrt.exe /logon
O4 - HKLM\..\Run: [OpwareSE4] "C:\Programme\ScanSoft\OmniPageSE4\OpwareSE4.exe"
O4 - HKLM\..\Run: [NBKeyScan] "C:\Programme\Nero\Nero 7\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Programme\Gemeinsame Dateien\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [SecurDisc] C:\Programme\Nero\Nero 7\InCD\NBHGui.exe
O4 - HKLM\..\Run: [InCD] C:\Programme\Nero\Nero 7\InCD\InCD.exe
O4 - HKLM\..\Run: [RemoteControl] C:\Programme\CyberLink\PowerDVD\PDVDServ.exe
O4 - HKLM\..\Run: [LanguageShortcut] C:\Programme\CyberLink\PowerDVD\Language\Language.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programme\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [StartCCC] "C:\Programme\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Programme\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Programme\Gemeinsame Dateien\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [MSMSGS] "C:\Programme\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: OpenOffice.org 2.0.lnk = C:\Programme\OpenOffice.org 2.0\program\quickstart.exe
O4 - Global Startup: Kabellosen Labtec-Desktop aktivieren.lnk = C:\Programme\Kabelloser Labtec-Desktop\MagicKey.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1135042158718
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Programme\AVG\AVG9\avgpp.dll
O20 - AppInit_DLLs: winmm.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Free E-mail Scanner (avg9emc) - AVG Technologies CZ, s.r.o. - C:\Programme\AVG\AVG9\avgemc.exe
O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Programme\AVG\AVG9\avgwdsvc.exe
O23 - Service: Bonjour-Dienst (Bonjour Service) - Apple Inc. - C:\Programme\Bonjour\mDNSResponder.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Programme\Nero\Nero 7\InCD\InCDsrv.exe
O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Programme\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Programme\Gemeinsame Dateien\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: NBService - Nero AG - C:\Programme\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMIndexingService.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Programme\Gemeinsame Dateien\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Programme\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Shellhardwareerkennung ShellHWDetectionNtmsSvc (ShellHWDetectionNtmsSvc) - Unknown owner - C:\WINDOWS\system32\6to4svcu.exe (file missing)
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Programme\Gemeinsame Dateien\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Programme\Gemeinsame Dateien\Sony Shared\AVLib\SSScsiSV.exe
--
End of file - 9094 bytes
Hier noch die von Spybot: Code:
--- Search result list ---
CoolWWWSearch.SmartSearch: [SBI $098DEE34] Ausführbare Datei (Datei, fixed)
c:\AutoRun.exe
Properties.size=0
Properties.md5=D41D8CD98F00B204E9800998ECF8427E
Fraud.AntivirusPlus: [SBI $1A7A9522] Browser helper object (Registrierungsdatenbank-Schlüssel, fixed)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D032570A-5F63-4812-A094-87D007C23012}
Microsoft.WindowsSecurityCenter.AntiVirusOverride: [SBI $3604910C] Einstellungen (Registrierungsdatenbank-Änderung, fixed)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusOverride
--- Spybot - Search & Destroy version: 1.6.2 (build: 20090126) ---
2009-01-26 blindman.exe (1.0.0.8)
2009-01-26 SDFiles.exe (1.6.1.7)
2009-01-26 SDMain.exe (1.0.0.6)
2009-01-26 SDUpdate.exe (1.6.0.12)
2009-01-26 SpybotSD.exe (1.6.2.46)
2009-03-05 TeaTimer.exe (1.6.6.32)
2009-12-04 unins000.exe (51.49.0.0)
2009-01-26 Update.exe (1.6.0.7)
2009-11-04 advcheck.dll (1.6.5.20)
2007-04-02 aports.dll (2.1.0.0)
2008-06-14 DelZip179.dll (1.79.11.1)
2009-01-26 SDHelper.dll (1.6.2.14)
2008-06-19 sqlite3.dll
2009-01-26 Tools.dll (2.1.6.10)
2009-01-16 UninsSrv.dll (1.0.0.0)
2009-10-08 Includes\Adware.sbi (*)
2009-11-24 Includes\AdwareC.sbi (*)
2009-01-22 Includes\Cookies.sbi (*)
2009-11-03 Includes\Dialer.sbi (*)
2009-11-24 Includes\DialerC.sbi (*)
2009-01-22 Includes\HeavyDuty.sbi (*)
2009-05-26 Includes\Hijackers.sbi (*)
2009-11-24 Includes\HijackersC.sbi (*)
2009-10-20 Includes\Keyloggers.sbi (*)
2009-11-24 Includes\KeyloggersC.sbi (*)
2004-11-29 Includes\LSP.sbi (*)
2009-11-24 Includes\Malware.sbi (*)
2009-12-01 Includes\MalwareC.sbi (*)
2009-03-25 Includes\PUPS.sbi (*)
2009-11-24 Includes\PUPSC.sbi (*)
2009-01-22 Includes\Revision.sbi (*)
2009-01-13 Includes\Security.sbi (*)
2009-11-24 Includes\SecurityC.sbi (*)
2008-06-03 Includes\Spybots.sbi (*)
2008-06-03 Includes\SpybotsC.sbi (*)
2009-11-03 Includes\Spyware.sbi (*)
2009-11-24 Includes\SpywareC.sbi (*)
2009-06-08 Includes\Tracks.uti
2009-12-02 Includes\Trojans.sbi (*)
2009-12-02 Includes\TrojansC.sbi (*)
2008-03-04 Plugins\Chai.dll
2008-03-05 Plugins\Fennel.dll
2008-02-26 Plugins\Mate.dll
2007-12-24 Plugins\TCPIPAddress.dll
--- System information ---
Windows XP (Build: 2600) Service Pack 3 (5.1.2600)
/ MSXML4SP2: Security update for MSXML4 SP2 (KB936181)
/ MSXML4SP2: Security update for MSXML4 SP2 (KB954430)
/ MSXML4SP2: Security update for MSXML4 SP2 (KB973688)
/ Windows Media Encoder: Sicherheitsupdate für Windows Media Encoder (KB954156)
/ Windows Media Player: Sicherheitsupdate für Windows Media Player (KB952069)
/ Windows Media Player: Sicherheitsupdate für Windows Media Player (KB954155)
/ Windows Media Player: Sicherheitsupdate für Windows Media Player (KB968816)
/ Windows Media Player: Sicherheitsupdate für Windows Media Player (KB973540)
/ Windows Media Player 10: Sicherheitsupdate für Windows Media Player 10 (KB936782)
/ Windows XP: Sicherheitsupdate für Windows XP (KB941569)
/ Windows XP / SP0: Sicherheitsupdate für Windows Internet Explorer 8 (KB974455)
/ Windows XP / SP0: Update für Windows Internet Explorer 8 (KB975364)
/ Windows XP / SP3: Windows XP Service Pack 3
/ Windows XP / SP4: Sicherheitsupdate für Windows XP (KB923561)
/ Windows XP / SP4: Sicherheitsupdate für Windows XP (KB946648)
/ Windows XP / SP4: Sicherheitsupdate für Windows XP (KB950762)
/ Windows XP / SP4: Sicherheitsupdate für Windows XP (KB950974)
/ Windows XP / SP4: Sicherheitsupdate für Windows XP (KB951066)
/ Windows XP / SP4: Sicherheitsupdate für Windows XP (KB951376-v2)
/ Windows XP / SP4: Sicherheitsupdate für Windows XP (KB951748)
/ Windows XP / SP4: Update für Windows XP (KB951978)
/ Windows XP / SP4: Sicherheitsupdate für Windows XP (KB952004)
/ Windows XP / SP4: Hotfix für Windows XP (KB952287)
/ Windows XP / SP4: Sicherheitsupdate für Windows XP (KB952954)
/ Windows XP / SP4: Sicherheitsupdate für Windows XP (KB954459)
/ Windows XP / SP4: Sicherheitsupdate für Windows XP (KB955069)
/ Windows XP / SP4: Sicherheitsupdate für Windows XP (KB956572)
/ Windows XP / SP4: Sicherheitsupdate für Windows XP (KB956744)
/ Windows XP / SP4: Sicherheitsupdate für Windows XP (KB956802)
/ Windows XP / SP4: Sicherheitsupdate für Windows XP (KB956803)
/ Windows XP / SP4: Sicherheitsupdate für Windows XP (KB956844)
/ Windows XP / SP4: Sicherheitsupdate für Windows XP (KB957097)
/ Windows XP / SP4: Sicherheitsupdate für Windows XP (KB958644)
/ Windows XP / SP4: Sicherheitsupdate für Windows XP (KB958687)
/ Windows XP / SP4: Sicherheitsupdate für Windows XP (KB958869)
/ Windows XP / SP4: Sicherheitsupdate für Windows XP (KB959426)
/ Windows XP / SP4: Sicherheitsupdate für Windows XP (KB960225)
/ Windows XP / SP4: Sicherheitsupdate für Windows XP (KB960803)
/ Windows XP / SP4: Sicherheitsupdate für Windows XP (KB960859)
/ Windows XP / SP4: Hotfix für Windows XP (KB961118)
/ Windows XP / SP4: Sicherheitsupdate für Windows XP (KB961371-v2)
/ Windows XP / SP4: Sicherheitsupdate für Windows XP (KB961501)
/ Windows XP / SP4: Update für Windows XP (KB967715)
/ Windows XP / SP4: Update für Windows XP (KB968389)
/ Windows XP / SP4: Sicherheitsupdate für Windows XP (KB969059)
/ Windows XP / SP4: Sicherheitsupdate für Windows XP (KB969947)
/ Windows XP / SP4: Sicherheitsupdate für Windows XP (KB970238)
/ Windows XP / SP4: Sicherheitsupdate für Windows XP (KB971486)
/ Windows XP / SP4: Sicherheitsupdate für Windows XP (KB971557)
/ Windows XP / SP4: Sicherheitsupdate für Windows XP (KB971633)
/ Windows XP / SP4: Sicherheitsupdate für Windows XP (KB971657)
/ Windows XP / SP4: Sicherheitsupdate für Windows XP (KB973354)
/ Windows XP / SP4: Sicherheitsupdate für Windows XP (KB973507)
/ Windows XP / SP4: Update für Windows XP (KB973687)
/ Windows XP / SP4: Update für Windows XP (KB973815)
/ Windows XP / SP4: Sicherheitsupdate für Windows XP (KB973869)
/ Windows XP / SP4: Sicherheitsupdate für Windows XP (KB974112)
/ Windows XP / SP4: Sicherheitsupdate für Windows XP (KB974571)
/ Windows XP / SP4: Sicherheitsupdate für Windows XP (KB975025)
/ Windows XP / SP4: Sicherheitsupdate für Windows XP (KB975467)
/ Windows XP / SP4: Hotfix für Windows XP (KB976098-v2)
--- Startup entries list ---
Located: HK_LM:Run, Adobe Photo Downloader
command: "C:\Programme\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
file: C:\Programme\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
size: 57344
MD5: 57657B09D386137C7501367985B9741E
Located: HK_LM:Run, AVG9_TRAY
command: C:\PROGRA~1\AVG\AVG9\avgtray.exe
file: C:\PROGRA~1\AVG\AVG9\avgtray.exe
size: 2020120
MD5: D102BC95374CB55F225F53B5B9E423DA
Located: HK_LM:Run, CanonMyPrinter
command: C:\Programme\Canon\MyPrinter\BJMyPrt.exe /logon
file: C:\Programme\Canon\MyPrinter\BJMyPrt.exe
size: 1603152
MD5: 2F0F0E6AA6F5874E13E792996077138B
Located: HK_LM:Run, CanonSolutionMenu
command: C:\Programme\Canon\SolutionMenu\CNSLMAIN.exe /logon
file: C:\Programme\Canon\SolutionMenu\CNSLMAIN.exe
size: 644696
MD5: FEDB6110D3E0A7EFE6996F93CD8C48E7
Located: HK_LM:Run, InCD
command: C:\Programme\Nero\Nero 7\InCD\InCD.exe
file: C:\Programme\Nero\Nero 7\InCD\InCD.exe
size: 1057064
MD5: FCBD73089E866436D7689D16F3F12655
Located: HK_LM:Run, IntelliType
command: "C:\Programme\Microsoft Hardware\Keyboard\type32.exe"
file: C:\Programme\Microsoft Hardware\Keyboard\type32.exe
size: 94208
MD5: B5ECA5948D7F8EAA00333231F33EA31A
Located: HK_LM:Run, iTunesHelper
command: "C:\Programme\iTunes\iTunesHelper.exe"
file: C:\Programme\iTunes\iTunesHelper.exe
size: 305440
MD5: 819892199645F33A680E50F1D5271879
Located: HK_LM:Run, LanguageShortcut
command: C:\Programme\CyberLink\PowerDVD\Language\Language.exe
file: C:\Programme\CyberLink\PowerDVD\Language\Language.exe
size: 52256
MD5: A4E85BDA66CF4DE8070D6F744D181C12
Located: HK_LM:Run, NBKeyScan
command: "C:\Programme\Nero\Nero 7\Nero BackItUp\NBKeyScan.exe"
file: C:\Programme\Nero\Nero 7\Nero BackItUp\NBKeyScan.exe
size: 1377576
MD5: 61EC6D00419715C04A4C331E14665162
Located: HK_LM:Run, NeroFilterCheck
command: C:\Programme\Gemeinsame Dateien\Ahead\Lib\NeroCheck.exe
file: C:\Programme\Gemeinsame Dateien\Ahead\Lib\NeroCheck.exe
size: 153136
MD5: 8112D0DACAE746290FC87B3A980FA719
Located: HK_LM:Run, OpwareSE4
command: "C:\Programme\ScanSoft\OmniPageSE4\OpwareSE4.exe"
file: C:\Programme\ScanSoft\OmniPageSE4\OpwareSE4.exe
size: 79400
MD5: F8D427DAE2984A4968E2D1CB53634784
Located: HK_LM:Run, POINTER
command: point32.exe
file: point32.exe
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: HK_LM:Run, QuickTime Task
command: "C:\Programme\QuickTime\QTTask.exe" -atboottime
file: C:\Programme\QuickTime\QTTask.exe
size: 417792
MD5: 8CBD57D84729DEBEE1E83CB5FA3E3D7A
Located: HK_LM:Run, RemoteControl
command: C:\Programme\CyberLink\PowerDVD\PDVDServ.exe
file: C:\Programme\CyberLink\PowerDVD\PDVDServ.exe
size: 71216
MD5: B2B2FE2671DD98A322B0AD7079C0B2B2
Located: HK_LM:Run, SecurDisc
command: C:\Programme\Nero\Nero 7\InCD\NBHGui.exe
file: C:\Programme\Nero\Nero 7\InCD\NBHGui.exe
size: 1629480
MD5: 0EE862458136E47213B2D17F035729A9
Located: HK_LM:Run, SoundMan
command: SOUNDMAN.EXE
file: C:\WINDOWS\SOUNDMAN.EXE
size: 90112
MD5: 82D8578CB09F4ED668DDD76525D6C1B7
Located: HK_LM:Run, SsAAD.exe
command: C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
file: C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
size: 81920
MD5: D728A3BE3BBB48F7DF4D847D0CF70BB9
Located: HK_LM:Run, StartCCC
command: "C:\Programme\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
file: C:\Programme\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
size: 98304
MD5: CB11BC2EA1231B792F51A54C5BCB600C
Located: HK_LM:RunOnce, Malwarebytes' Anti-Malware
command: C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
file: C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe
size: 420176
MD5: EA8A17919A85D8EDD532B68BFA0781DA
Located: HK_CU:Run, CTFMON.EXE
where: .DEFAULT...
command: C:\WINDOWS\system32\CTFMON.EXE
file: C:\WINDOWS\system32\CTFMON.EXE
size: 15360
MD5: 01B4E6E990B6C5EA8856D96C7FD044B2
Located: HK_CU:Run, CTFMON.EXE
where: S-1-5-19...
command: C:\WINDOWS\system32\CTFMON.EXE
file: C:\WINDOWS\system32\CTFMON.EXE
size: 15360
MD5: 01B4E6E990B6C5EA8856D96C7FD044B2
Located: HK_CU:Run, CTFMON.EXE
where: S-1-5-20...
command: C:\WINDOWS\system32\CTFMON.EXE
file: C:\WINDOWS\system32\CTFMON.EXE
size: 15360
MD5: 01B4E6E990B6C5EA8856D96C7FD044B2
Located: HK_CU:Run, CTFMON.EXE
where: S-1-5-21-1409082233-448539723-725345543-1004...
command: C:\WINDOWS\system32\ctfmon.exe
file: C:\WINDOWS\system32\ctfmon.exe
size: 15360
MD5: 01B4E6E990B6C5EA8856D96C7FD044B2
Located: HK_CU:Run, MSMSGS
where: S-1-5-21-1409082233-448539723-725345543-1004...
command: "C:\Programme\Messenger\msmsgs.exe" /background
file: C:\Programme\Messenger\msmsgs.exe
size: 1695232
MD5: E2AA953ED6A296B6BF399A783B32CCDE
Located: HK_CU:Run, SpybotSD TeaTimer
where: S-1-5-21-1409082233-448539723-725345543-1004...
command: C:\Programme\Spybot - Search & Destroy\TeaTimer.exe
file: C:\Programme\Spybot - Search & Destroy\TeaTimer.exe
size: 2260480
MD5: 390679F7A217A5E73D756276C40AE887
Located: HK_CU:Run, swg
where: S-1-5-21-1409082233-448539723-725345543-1004...
command: "C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
file: C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: HK_CU:Run, updateMgr
where: S-1-5-21-1409082233-448539723-725345543-1004...
command: "C:\Programme\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8 -reboot 1
file: C:\Programme\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe
size: 313472
MD5: 43F3F6D33C793089A7C32B45DA16094B
Located: HK_CU:Run, CTFMON.EXE
where: S-1-5-21-1409082233-448539723-725345543-1005...
command: C:\WINDOWS\system32\ctfmon.exe
file: C:\WINDOWS\system32\ctfmon.exe
size: 15360
MD5: 01B4E6E990B6C5EA8856D96C7FD044B2
Located: HK_CU:Run, EA Core
where: S-1-5-21-1409082233-448539723-725345543-1005...
command: "C:\Programme\Electronic Arts\EADM\Core.exe" -silent
file: C:\Programme\Electronic Arts\EADM\Core.exe
size: 3338240
MD5: 03DB79BDEFC469351271562D59E53A74
Located: HK_CU:Run, Google Update
where: S-1-5-21-1409082233-448539723-725345543-1005...
command: "C:\Dokumente und Einstellungen\Felix Kaller\Lokale Einstellungen\Anwendungsdaten\Google\Update\GoogleUpdate.exe" /c
file: C:\Dokumente und Einstellungen\Felix Kaller\Lokale Einstellungen\Anwendungsdaten\Google\Update\GoogleUpdate.exe
size: 133104
MD5: 626A24ED1228580B9518C01930936DF9
Located: HK_CU:Run, LightScribe Control Panel
where: S-1-5-21-1409082233-448539723-725345543-1005...
command: C:\Programme\Gemeinsame Dateien\LightScribe\LightScribeControlPanel.exe -hidden
file: C:\Programme\Gemeinsame Dateien\LightScribe\LightScribeControlPanel.exe
size: 2295072
MD5: 7DDA1C6A69EEE517B034EB4E7324B067
Located: HK_CU:Run, MSMSGS
where: S-1-5-21-1409082233-448539723-725345543-1005...
command: "C:\Programme\Messenger\msmsgs.exe" /background
file: C:\Programme\Messenger\msmsgs.exe
size: 1695232
MD5: E2AA953ED6A296B6BF399A783B32CCDE
Located: HK_CU:Run, swg
where: S-1-5-21-1409082233-448539723-725345543-1005...
command: "C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
file: C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: HK_CU:RunOnce, Shockwave Updater
where: S-1-5-21-1409082233-448539723-725345543-1005...
command: C:\WINDOWS\system32\Adobe\Shockwave 11\SwHelper_1150596.exe -Update -1150596 -"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB6; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)" -"http://www8.agame.com/games/shockwave/p/power_driving/power_driving_spielen_com.htm"
file:
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: HK_CU:Run, CTFMON.EXE
where: S-1-5-21-1409082233-448539723-725345543-1006...
command: C:\WINDOWS\system32\ctfmon.exe
file: C:\WINDOWS\system32\ctfmon.exe
size: 15360
MD5: 01B4E6E990B6C5EA8856D96C7FD044B2
Located: HK_CU:Run, LightScribe Control Panel
where: S-1-5-21-1409082233-448539723-725345543-1006...
command: C:\Programme\Gemeinsame Dateien\LightScribe\LightScribeControlPanel.exe -hidden
file: C:\Programme\Gemeinsame Dateien\LightScribe\LightScribeControlPanel.exe
size: 2295072
MD5: 7DDA1C6A69EEE517B034EB4E7324B067
Located: HK_CU:Run, MSMSGS
where: S-1-5-21-1409082233-448539723-725345543-1006...
command: "C:\Programme\Messenger\msmsgs.exe" /background
file: C:\Programme\Messenger\msmsgs.exe
size: 1695232
MD5: E2AA953ED6A296B6BF399A783B32CCDE
Located: HK_CU:Run, CTFMON.EXE
where: S-1-5-21-1409082233-448539723-725345543-1007...
command: C:\WINDOWS\system32\ctfmon.exe
file: C:\WINDOWS\system32\ctfmon.exe
size: 15360
MD5: 01B4E6E990B6C5EA8856D96C7FD044B2
Located: HK_CU:Run, LightScribe Control Panel
where: S-1-5-21-1409082233-448539723-725345543-1007...
command: C:\Programme\Gemeinsame Dateien\LightScribe\LightScribeControlPanel.exe -hidden
file: C:\Programme\Gemeinsame Dateien\LightScribe\LightScribeControlPanel.exe
size: 2295072
MD5: 7DDA1C6A69EEE517B034EB4E7324B067
Located: HK_CU:Run, CTFMON.EXE
where: S-1-5-21-1409082233-448539723-725345543-1008...
command: C:\WINDOWS\system32\ctfmon.exe
file: C:\WINDOWS\system32\ctfmon.exe
size: 15360
MD5: 01B4E6E990B6C5EA8856D96C7FD044B2
Located: HK_CU:Run, LightScribe Control Panel
where: S-1-5-21-1409082233-448539723-725345543-1008...
command: C:\Programme\Gemeinsame Dateien\LightScribe\LightScribeControlPanel.exe -hidden
file: C:\Programme\Gemeinsame Dateien\LightScribe\LightScribeControlPanel.exe
size: 2295072
MD5: 7DDA1C6A69EEE517B034EB4E7324B067
Located: HK_CU:Run, swg
where: S-1-5-21-1409082233-448539723-725345543-1008...
command: "C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
file: C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: HK_CU:Run, CTFMON.EXE
where: S-1-5-21-1409082233-448539723-725345543-1009...
command: C:\WINDOWS\system32\ctfmon.exe
file: C:\WINDOWS\system32\ctfmon.exe
size: 15360
MD5: 01B4E6E990B6C5EA8856D96C7FD044B2
Located: HK_CU:Run, LightScribe Control Panel
where: S-1-5-21-1409082233-448539723-725345543-1009...
command: C:\Programme\Gemeinsame Dateien\LightScribe\LightScribeControlPanel.exe -hidden
file: C:\Programme\Gemeinsame Dateien\LightScribe\LightScribeControlPanel.exe
size: 2295072
MD5: 7DDA1C6A69EEE517B034EB4E7324B067
Located: HK_CU:Run, CTFMON.EXE
where: S-1-5-18...
command: C:\WINDOWS\system32\CTFMON.EXE
file: C:\WINDOWS\system32\CTFMON.EXE
size: 15360
MD5: 01B4E6E990B6C5EA8856D96C7FD044B2
Located: Startup (allgemein), Kabellosen Labtec-Desktop aktivieren.lnk
where: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart...
command: C:\Programme\Kabelloser Labtec-Desktop\MagicKey.exe
file: C:\Programme\Kabelloser Labtec-Desktop\MagicKey.exe
size: 258048
MD5: 16CDC77415303F87FD617C5AAF9348C7
Located: Startup (Benutzer), Xfire.lnk
where: C:\Dokumente und Einstellungen\Dietmar\Startmenü\Programme\Autostart...
command: C:\Programme\Xfire\Xfire.exe
file: C:\Programme\Xfire\Xfire.exe
size: 1183744
MD5: 4130FA494315CE05B22AB6599F081B45
Located: Startup (Benutzer), OpenOffice.org 2.0.lnk
where: C:\Dokumente und Einstellungen\Felix Kaller\Startmenü\Programme\Autostart...
command: C:\Programme\OpenOffice.org 2.0\program\quickstart.exe
file: C:\Programme\OpenOffice.org 2.0\program\quickstart.exe
size: 61440
MD5: 7AD01EEF5A7689DA15D8597BF5790884
Located: Startup (Benutzer), OpenOffice.org 2.0.lnk
where: C:\Dokumente und Einstellungen\Manfred Kaller\Startmenü\Programme\Autostart...
command: C:\Programme\OpenOffice.org 2.0\program\quickstart.exe
file: C:\Programme\OpenOffice.org 2.0\program\quickstart.exe
size: 61440
MD5: 7AD01EEF5A7689DA15D8597BF5790884
Located: Startup (deaktiviert), Adobe Reader - Schnellstart (DISABLED)
command: C:\PROGRA~1\Adobe\ACROBA~1.0\Reader\READER~1.EXE
file: C:\PROGRA~1\Adobe\ACROBA~1.0\Reader\READER~1.EXE
size: 29696
MD5: 43362B96870CE8649F4F2EC893DA93F0
Located: WinLogon, AtiExtEvent
command: Ati2evxx.dll
file: Ati2evxx.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: WinLogon, avgrsstarter
command: avgrsstx.dll
file: avgrsstx.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: WinLogon, crypt32chain
command: crypt32.dll
file: crypt32.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: WinLogon, cryptnet
command: cryptnet.dll
file: cryptnet.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: WinLogon, cscdll
command: cscdll.dll
file: cscdll.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: WinLogon, dimsntfy
command: %SystemRoot%\System32\dimsntfy.dll
file: %SystemRoot%\System32\dimsntfy.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: WinLogon, ScCertProp
command: wlnotify.dll
file: wlnotify.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: WinLogon, Schedule
command: wlnotify.dll
file: wlnotify.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: WinLogon, sclgntfy
command: sclgntfy.dll
file: sclgntfy.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: WinLogon, SensLogn
command: WlNotify.dll
file: WlNotify.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: WinLogon, termsrv
command: wlnotify.dll
file: wlnotify.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: WinLogon, wlballoon
command: wlnotify.dll
file: wlnotify.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
--- Browser helper object list ---
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Adobe PDF Reader Link Helper)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name: Adobe PDF Reader Link Helper
description: Adobe Acrobat reader
classification: Legitimate
known filename: AcroIEhelper.ocx<br>AcroIEhelper.dll
info link: http://www.adobe.com/products/acrobat/readstep2.html
info source: TonyKlein
{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} (WormRadar.com IESiteBlocker.NavFilter)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name: WormRadar.com IESiteBlocker.NavFilter
CLSID name: AVG Safe Search
Path: C:\Programme\AVG\AVG9\
Long name: avgssie.dll
Short name:
Date (created): 4.12.2009 08:49:04
Date (last access): 4.12.2009 09:49:42
Date (last write): 4.12.2009 08:49:04
Filesize: 1475864
Attributes: archive
MD5: DEC7B0C26A64C278A8C8756AC16F5CD1
CRC32: B2DA33B6
Version: 9.0.0.701
--- ActiveX list ---
{166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control)
DPF name:
CLSID name: Shockwave ActiveX Control
Installer: C:\WINDOWS\Downloaded Program Files\swdir.inf
Codebase: http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
description: Macromedia ShockWave Flash Player 7
classification: Legitimate
known filename: SWDIR.DLL
info link:
info source: Patrick M. Kolla
Path: C:\WINDOWS\system32\Adobe\Director\
Long name: SwDir.dll
Short name:
Date (created): 29.4.2009 11:29:00
Date (last access): 4.12.2009 08:40:44
Date (last write): 29.4.2009 11:29:00
Filesize: 202168
Attributes: archive
MD5: 1B3A14C57997CC19974BA9F2BE5BD543
CRC32: D43621A2
Version: 11.5.0.596
{17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool)
DPF name:
CLSID name: Windows Genuine Advantage Validation Tool
Installer: C:\WINDOWS\Downloaded Program Files\LegitCheckControl.inf
Codebase: http://go.microsoft.com/fwlink/?linkid=39204
description:
classification: Legitimate
known filename: LegitCheckControl.DLL
info link:
info source: Safer Networking Ltd.
Path: C:\WINDOWS\system32\
Long name: LegitCheckControl.DLL
Short name: LEGITC~1.DLL
Date (created): 12.7.2005 18:04:22
Date (last access): 4.12.2009 09:33:20
Date (last write): 4.11.2005 16:27:24
Filesize: 534280
Attributes: archive
MD5: EC5FE860DD51ABB348B6C6C9EEAD4146
CRC32: 1FD27DDB
Version: 1.4.389.0
{6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class)
DPF name:
CLSID name: WUWebControl Class
Installer: C:\WINDOWS\Downloaded Program Files\wuweb.inf
Codebase: http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1135042158718
description:
classification: Legitimate
known filename: wuweb.dll
info link:
info source: Safer Networking Ltd.
Path: C:\WINDOWS\system32\
Long name: wuweb.dll
Short name:
Date (created): 20.12.2005 02:16:38
Date (last access): 4.12.2009 09:33:28
Date (last write): 6.8.2009 19:24:18
Filesize: 209632
Attributes: archive
MD5: 033AF4CE25B6D871F0DE2C982658E049
CRC32: 2C204902
Version: 7.4.7600.226
{8FFBE65D-2C9C-4669-84BD-5829DC0B603C} ()
DPF name:
CLSID name:
Installer: C:\WINDOWS\Downloaded Program Files\erma.inf
Codebase: http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
description:
classification: Open for discussion
known filename:
info link:
info source: Safer Networking Ltd.
{D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object)
DPF name:
CLSID name: Shockwave Flash Object
Installer: C:\WINDOWS\Downloaded Program Files\swflash.inf
Codebase: http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
description: Macromedia Shockwave Flash Player
classification: Legitimate
known filename:
info link:
info source: Patrick M. Kolla
Path: C:\WINDOWS\system32\Macromed\Flash\
Long name: Flash10b.ocx
Short name:
Date (created): 3.2.2009 03:07:18
Date (last access): 4.12.2009 08:40:08
Date (last write): 3.2.2009 03:07:18
Filesize: 3866528
Attributes: readonly archive
MD5: 8AFC17155ED5AB60B7C52D7F553D579C
CRC32: 0FBC13F3
Version: 10.0.22.87
--- Process list ---
PID: 0 ( 0) [System]
PID: 568 ( 4) \SystemRoot\System32\smss.exe
size: 50688
PID: 620 ( 568) \??\C:\WINDOWS\system32\csrss.exe
size: 6144
PID: 660 ( 568) \??\C:\WINDOWS\system32\winlogon.exe
size: 513024
PID: 704 ( 660) C:\WINDOWS\system32\services.exe
size: 111104
MD5: A3EDBE9053889FB24AB22492472B39DC
PID: 716 ( 660) C:\WINDOWS\system32\lsass.exe
size: 13312
MD5: AFB8261B56CBA0D86AEB6DF682AF9785
PID: 880 ( 704) C:\WINDOWS\system32\Ati2evxx.exe
size: 602112
MD5: 8AEBB5658DA114D47CB80FCBE3B331C6
PID: 896 ( 704) C:\WINDOWS\system32\svchost.exe
size: 14336
MD5: 4FBC75B74479C7A6F829E0CA19DF3366
PID: 980 ( 704) C:\WINDOWS\system32\svchost.exe
size: 14336
MD5: 4FBC75B74479C7A6F829E0CA19DF3366
PID: 1076 ( 704) C:\WINDOWS\System32\svchost.exe
size: 14336
MD5: 4FBC75B74479C7A6F829E0CA19DF3366
PID: 1144 ( 704) C:\WINDOWS\system32\svchost.exe
size: 14336
MD5: 4FBC75B74479C7A6F829E0CA19DF3366
PID: 1260 ( 660) C:\WINDOWS\system32\Ati2evxx.exe
size: 602112
MD5: 8AEBB5658DA114D47CB80FCBE3B331C6
PID: 1284 ( 704) C:\WINDOWS\system32\svchost.exe
size: 14336
MD5: 4FBC75B74479C7A6F829E0CA19DF3366
PID: 1320 ( 660) C:\Programme\AVG\AVG9\avgchsvx.exe
size: 1055000
MD5: 5BB7141D64039953C82CF1BFAC0072C8
PID: 1372 ( 660) C:\Programme\AVG\AVG9\avgrsx.exe
size: 502040
MD5: DBBB93865A083F0F510ADDC66696AD29
PID: 1496 ( 704) C:\WINDOWS\system32\spoolsv.exe
size: 57856
MD5: 39356A9CDB6753A6D13A4072A9F5A4BB
PID: 1832 (1372) C:\Programme\AVG\AVG9\avgcsrvx.exe
size: 702744
MD5: 64B2872A01F80FD3EC5E3AE111451DB0
PID: 1892 (1812) C:\WINDOWS\Explorer.EXE
size: 1036800
MD5: 418045A93CD87A352098AB7DABE1B53E
PID: 588 (1892) C:\Programme\Microsoft Hardware\Keyboard\type32.exe
size: 94208
MD5: B5ECA5948D7F8EAA00333231F33EA31A
PID: 108 (1892) C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
size: 81920
MD5: D728A3BE3BBB48F7DF4D847D0CF70BB9
PID: 1344 (1892) C:\Programme\ScanSoft\OmniPageSE4\OpwareSE4.exe
size: 79400
MD5: F8D427DAE2984A4968E2D1CB53634784
PID: 1540 (1892) C:\Programme\Nero\Nero 7\InCD\NBHGui.exe
size: 1629480
MD5: 0EE862458136E47213B2D17F035729A9
PID: 1516 (1892) C:\Programme\Nero\Nero 7\InCD\InCD.exe
size: 1057064
MD5: FCBD73089E866436D7689D16F3F12655
PID: 1632 (1892) C:\Programme\CyberLink\PowerDVD\PDVDServ.exe
size: 71216
MD5: B2B2FE2671DD98A322B0AD7079C0B2B2
PID: 1872 (1892) C:\Programme\iTunes\iTunesHelper.exe
size: 305440
MD5: 819892199645F33A680E50F1D5271879
PID: 1688 (1892) C:\WINDOWS\SOUNDMAN.EXE
size: 90112
MD5: 82D8578CB09F4ED668DDD76525D6C1B7
PID: 1228 ( 704) C:\WINDOWS\system32\svchost.exe
size: 14336
MD5: 4FBC75B74479C7A6F829E0CA19DF3366
PID: 452 (1892) C:\PROGRA~1\AVG\AVG9\avgtray.exe
size: 2020120
MD5: D102BC95374CB55F225F53B5B9E423DA
PID: 500 (1892) C:\WINDOWS\system32\ctfmon.exe
size: 15360
MD5: 01B4E6E990B6C5EA8856D96C7FD044B2
PID: 488 (1932) C:\Programme\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
size: 65536
MD5: E7704CBF568815C1CAA6E513387BD3F2
PID: 624 ( 704) C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
size: 144672
MD5: 4B5AE15E5C73EB4DC8DBEC2788230D41
PID: 920 ( 704) C:\Programme\AVG\AVG9\avgwdsvc.exe
size: 285392
MD5: 7E7B5FA964F578ACD655E8BEEAE2A5CA
PID: 1440 ( 704) C:\Programme\Bonjour\mDNSResponder.exe
size: 238888
MD5: 3F56903E124E820AEECE6D471583C6C1
PID: 1100 ( 704) C:\Programme\Nero\Nero 7\InCD\InCDsrv.exe
size: 1554728
MD5: 067020BB8ABF1F6B80361051B2806C90
PID: 2148 ( 704) C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe
size: 79136
MD5: CCAD2AAE36E24346488B0F54A049DE78
PID: 2252 ( 704) C:\WINDOWS\system32\IoctlSvc.exe
size: 53248
MD5: D597E8D5C35CC41D76DE5DD6EDA2AFA1
PID: 2380 ( 704) C:\Programme\CyberLink\Shared Files\RichVideo.exe
size: 272024
MD5: 06A49B7BDC36CFBF97DD90804F833369
PID: 2752 ( 704) C:\WINDOWS\system32\svchost.exe
size: 14336
MD5: 4FBC75B74479C7A6F829E0CA19DF3366
PID: 2768 ( 920) C:\Programme\AVG\AVG9\avgnsx.exe
size: 600344
MD5: 6C216BE97AF3D998FC2A2CC30CF6645D
PID: 2928 ( 704) C:\Programme\AVG\AVG9\avgemc.exe
size: 906520
MD5: C34AB3B34ACC0260EBFEAB2827D99C45
PID: 3284 ( 488) C:\Programme\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
size: 65536
MD5: 74EF310FAC89341CE2897B7F2C4A7B0F
PID: 3304 (2928) C:\Programme\AVG\AVG9\avgcsrvx.exe
size: 702744
MD5: 64B2872A01F80FD3EC5E3AE111451DB0
PID: 3856 ( 704) C:\Programme\iPod\bin\iPodService.exe
size: 545568
MD5: DC434081FBFD27C719473CB0CCE8DECA
PID: 1016 ( 704) C:\WINDOWS\System32\alg.exe
size: 44544
MD5: 190CD73D4984F94D823F9444980513E5
PID: 2468 (2452) C:\Programme\AVG\AVG9\avgscanx.exe
size: 744728
MD5: 07739693E63514E1A43D1ACB6FAB89E9
PID: 412 (2468) C:\Programme\AVG\AVG9\avgcsrvx.exe
size: 702744
MD5: 64B2872A01F80FD3EC5E3AE111451DB0
PID: 3480 (1892) C:\Programme\Spybot - Search & Destroy\SpybotSD.exe
size: 5365592
MD5: 0477C2F9171599CA5BC3307FDFBA8D89
PID: 2236 (1892) C:\Programme\Malwarebytes' Anti-Malware\mbam.exe
size: 1312080
MD5: C5FCC0B761069FABD59E41B7C3280DDF
PID: 3120 ( 452) C:\Programme\AVG\AVG9\avgui.exe
size: 4029208
MD5: F2D2F8C686F489D3646A5B6C634F0A6D
PID: 4 ( 0) System
--- Browser start & search pages list ---
Spybot - Search & Destroy browser pages report, 4.12.2009 10:40:18
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Local Page
C:\WINDOWS\system32\blank.htm
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Search Page
http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Start Page
http://www.google.de/
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Local Page
C:\WINDOWS\system32\blank.htm
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Search Page
http://go.microsoft.com/fwlink/?LinkId=54896
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Start Page
http://go.microsoft.com/fwlink/?LinkId=69157
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Page_URL
http://go.microsoft.com/fwlink/?LinkId=69157
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Search_URL
http://go.microsoft.com/fwlink/?LinkId=54896
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\SearchAssistant
http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\CustomizeSearch
http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
--- Winsock Layered Service Provider list ---
Protocol 0: MSAFD Tcpip [TCP/IP]
GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IP protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip[*]
Protocol 1: MSAFD Tcpip [UDP/IP]
GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IP protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip[*]
Protocol 2: MSAFD Tcpip [RAW/IP]
GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IP protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip[*]
Protocol 3: RSVP UDP Service Provider
GUID: {9D60A9E0-337A-11D0-BD88-0000C082E69A}
Filename: %SystemRoot%\system32\rsvpsp.dll
Description: Microsoft Windows NT/2k/XP RVSP
DB filename: %SystemRoot%\system32\rsvpsp.dll
DB protocol: RSVP * Service Provider
Protocol 4: RSVP TCP Service Provider
GUID: {9D60A9E0-337A-11D0-BD88-0000C082E69A}
Filename: %SystemRoot%\system32\rsvpsp.dll
Description: Microsoft Windows NT/2k/XP RVSP
DB filename: %SystemRoot%\system32\rsvpsp.dll
DB protocol: RSVP * Service Provider
Protocol 5: MSAFD NetBIOS [\Device\NetBT_Tcpip_{39B2A5A0-0534-4A3D-96D8-3B687A082AB7}] SEQPACKET 0
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 6: MSAFD NetBIOS [\Device\NetBT_Tcpip_{39B2A5A0-0534-4A3D-96D8-3B687A082AB7}] DATAGRAM 0
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 7: MSAFD NetBIOS [\Device\NetBT_Tcpip_{06E64D18-C6DF-40C5-8E3D-7D3300238509}] SEQPACKET 1
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 8: MSAFD NetBIOS [\Device\NetBT_Tcpip_{06E64D18-C6DF-40C5-8E3D-7D3300238509}] DATAGRAM 1
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 9: MSAFD NetBIOS [\Device\NetBT_Tcpip_{7E673AED-E897-41C4-9F85-FB8628FBD028}] SEQPACKET 2
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 10: MSAFD NetBIOS [\Device\NetBT_Tcpip_{7E673AED-E897-41C4-9F85-FB8628FBD028}] DATAGRAM 2
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 11: MSAFD NetBIOS [\Device\NetBT_Tcpip_{276C724D-E754-4386-8522-03E8F56F9A0D}] SEQPACKET 3
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 12: MSAFD NetBIOS [\Device\NetBT_Tcpip_{276C724D-E754-4386-8522-03E8F56F9A0D}] DATAGRAM 3
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 13: MSAFD NetBIOS [\Device\NetBT_Tcpip_{A57AA34E-4138-4B3F-83AF-FE4AA4F01CF4}] SEQPACKET 4
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 14: MSAFD NetBIOS [\Device\NetBT_Tcpip_{A57AA34E-4138-4B3F-83AF-FE4AA4F01CF4}] DATAGRAM 4
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Namespace Provider 0: mdnsNSP
GUID: {B600E6E9-553B-4A19-8696-335E5C896153}
Filename: C:\Programme\Bonjour\mdnsNSP.dll
Description: Apple Rendezvous protocol
DB filename: %ProgramFiles%\Rendezvous\bin\mdnsNSP.dll
DB protocol: mdnsNSP
Namespace Provider 1: TCP/IP
GUID: {22059D40-7E9E-11CF-AE5A-00AA00A7112B}
Filename: %SystemRoot%\System32\mswsock.dll
Description: Microsoft Windows NT/2k/XP TCP/IP name space provider
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: TCP/IP
Namespace Provider 2: NTDS
GUID: {3B2637EE-E580-11CF-A555-00C04FD8D4AC}
Filename: %SystemRoot%\System32\winrnr.dll
Description: Microsoft Windows NT/2k/XP name space provider
DB filename: %SystemRoot%\system32\winrnr.dll
DB protocol: NTDS
Namespace Provider 3: NLA-Namespace
GUID: {6642243A-3BA8-4AA6-BAA5-2E0BD71FDD83}
Filename: %SystemRoot%\System32\mswsock.dll
Description: Microsoft Windows NT/2k/XP name space provider
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: NLA-Namespace
Ich hoffe es kann jemand etwas ausfindig machen.
Habe übrigens mal WinsockXPfix drüberlaufen lassen, aber ohne Veränderung. |
