PDA

View Full Version : Virtumonde infection - How should I remove



mikikado
2008-12-09, 18:24
Hi there!

I know to it's not easy to remove virtumonde and I know I shouldn't try any cf's. So I post result list. What should I do next step?

Best regards

Michael

--- Search result list ---
Tipp des Tages: Klicken Sie auf den Balken rechts, um mehr Informationen zu sehen! ()


Virtumonde: [SBI $D510A69C] Konfigurations-Datei (Datei, nothing done)
C:\WINDOWS\system32\yymrecgy.ini

Virtumonde: [SBI $D510A69C] Konfigurations-Datei (Datei, nothing done)
C:\WINDOWS\system32\maqyadri.ini


--- Spybot - Search & Destroy version: 1.6.0 (build: 20080707) ---

2008-07-07 blindman.exe (1.0.0.8)
2008-07-07 SDFiles.exe (1.6.0.4)
2008-07-07 SDMain.exe (1.0.0.6)
2008-07-07 SDShred.exe (1.0.2.3)
2008-07-07 SDUpdate.exe (1.6.0.8)
2008-07-07 SDWinSec.exe (1.0.0.12)
2008-07-07 SpybotSD.exe (1.6.0.30)
2008-09-16 TeaTimer.exe (1.6.3.25)
2005-05-31 TeaTimer_original.exe (1.4.0.2)
2008-07-18 unins000.exe (51.49.0.0)
2008-07-07 Update.exe (1.6.0.7)
2008-10-22 advcheck.dll (1.6.2.13)
2007-04-02 aports.dll (2.1.0.0)
2008-06-14 DelZip179.dll (1.79.11.1)
2008-09-15 SDHelper.dll (1.6.2.14)
2008-06-19 sqlite3.dll
2008-07-07 Tools.dll (2.1.5.7)
2008-11-04 Includes\Adware.sbi (*)
2008-11-25 Includes\AdwareC.sbi (*)
2008-06-03 Includes\Cookies.sbi (*)
2008-09-02 Includes\Dialer.sbi (*)
2008-09-09 Includes\DialerC.sbi (*)
2008-07-23 Includes\HeavyDuty.sbi (*)
2008-11-18 Includes\Hijackers.sbi (*)
2008-11-18 Includes\HijackersC.sbi (*)
2008-09-09 Includes\Keyloggers.sbi (*)
2008-11-18 Includes\KeyloggersC.sbi (*)
2004-11-29 Includes\LSP.sbi (*)
2008-11-18 Includes\Malware.sbi (*)
2008-12-03 Includes\MalwareC.sbi (*)
2008-11-03 Includes\PUPS.sbi (*)
2008-12-02 Includes\PUPSC.sbi (*)
2007-11-07 Includes\Revision.sbi (*)
2008-06-18 Includes\Security.sbi (*)
2008-12-02 Includes\SecurityC.sbi (*)
2008-06-03 Includes\Spybots.sbi (*)
2008-06-03 Includes\SpybotsC.sbi (*)
2008-11-04 Includes\Spyware.sbi (*)
2008-12-02 Includes\SpywareC.sbi (*)
2008-06-03 Includes\Tracks.uti
2008-11-04 Includes\Trojans.sbi (*)
2008-12-02 Includes\TrojansC.sbi (*)
2008-03-04 Plugins\Chai.dll
2008-03-05 Plugins\Fennel.dll
2008-02-26 Plugins\Mate.dll
2007-12-24 Plugins\TCPIPAddress.dll



--- System information ---
Windows XP (Build: 2600) Service Pack 2 (5.1.2600)
/ .NETFramework / 1.1: Microsoft .NET Framework 1.1 Hotfix (KB928366)
/ .NETFramework / 1.1: Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
/ Internet Explorer 6 / SP1: Windows XP-Hotfix - KB912812
/ MSXML4SP2: FIX: ASP stops responding when calling Response.Redirect to another server using msxml4 sp2
/ MSXML4SP2: FIX: ASP stops responding when calling Response.Redirect to another server using msxml4 sp2
/ MSXML4SP2: Security update for MSXML4 SP2 (KB936181)
/ MSXML4SP2: Security update for MSXML4 SP2 (KB954430)
/ Outlook Express 6 / SP1: Windows XP-Hotfix - KB911567
/ Windows / SP1: Microsoft Internationalized Domain Names Mitigation APIs
/ Windows / SP1: Microsoft National Language Support Downlevel APIs
/ Windows Media Format 11 SDK: Hotfix for Windows Media Format 11 SDK (KB929399)
/ Windows Media Player 10: Sicherheitsupdate für Windows Media Player 10 (KB911565)
/ Windows Media Player 10: Sicherheitsupdate für Windows Media Player 10 (KB917734)
/ Windows Media Player 11: Sicherheitsupdate für Windows Media Player 11 (KB936782)
/ Windows Media Player 11: Hotfix für Windows Media Player 11 (KB939683)
/ Windows Media Player 11: Sicherheitsupdate für Windows Media Player 11 (KB954154)
/ Windows Media Player 6.4: Sicherheitsupdate für Windows Media Player 6.4 (KB925398)
/ Windows XP: Sicherheitsupdate für Windows XP (KB923689)
/ Windows XP: Sicherheitsupdate für Windows XP (KB941569)
/ Windows XP / SP0: Sicherheitsupdate für Windows Internet Explorer 7 (KB928090)
/ Windows XP / SP0: Sicherheitsupdate für Windows Internet Explorer 7 (KB929969)
/ Windows XP / SP0: Sicherheitsupdate für Windows Internet Explorer 7 (KB931768)
/ Windows XP / SP0: Sicherheitsupdate für Windows Internet Explorer 7 (KB938127)
/ Windows XP / SP0: Sicherheitsupdate für Windows Internet Explorer 7 (KB939653)
/ Windows XP / SP0: Sicherheitsupdate für Windows Internet Explorer 7 (KB942615)
/ Windows XP / SP0: Sicherheitsupdate für Windows Internet Explorer 7 (KB944533)
/ Windows XP / SP0: Hotfix für Windows Internet Explorer 7 (KB947864)
/ Windows XP / SP0: Sicherheitsupdate für Windows Internet Explorer 7 (KB950759)
/ Windows XP / SP0: Sicherheitsupdate für Windows Internet Explorer 7 (KB953838)
/ Windows XP / SP0: Sicherheitsupdate für Windows Internet Explorer 7 (KB956390)
/ Windows XP / SP10: Microsoft Compression Client Pack 1.0 for Windows XP
/ Windows XP / SP2: Windows XP Service Pack 2
/ Windows XP / SP3: Windows XP-Hotfix - KB873339
/ Windows XP / SP3: Windows XP-Hotfix - KB885250
/ Windows XP / SP3: Windows XP-Hotfix - KB885835
/ Windows XP / SP3: Windows XP-Hotfix - KB885836
/ Windows XP / SP3: Windows XP-Hotfix - KB885884
/ Windows XP / SP3: Windows XP-Hotfix - KB886185
/ Windows XP / SP3: Windows XP-Hotfix - KB887472
/ Windows XP / SP3: Windows XP-Hotfix - KB887742
/ Windows XP / SP3: Windows XP-Hotfix - KB888302
/ Windows XP / SP3: Sicherheitsupdate für Windows XP (KB890046)
/ Windows XP / SP3: Windows XP-Hotfix - KB890859
/ Windows XP / SP3: Windows XP-Hotfix - KB891781
/ Windows XP / SP3: Sicherheitsupdate für Windows XP (KB893756)
/ Windows XP / SP3: Windows Installer 3.1 (KB893803)
/ Windows XP / SP3: Sicherheitsupdate für Windows XP (KB896358)
/ Windows XP / SP3: Sicherheitsupdate für Windows XP (KB896422)
/ Windows XP / SP3: Sicherheitsupdate für Windows XP (KB896423)
/ Windows XP / SP3: Sicherheitsupdate für Windows XP (KB896424)
/ Windows XP / SP3: Sicherheitsupdate für Windows XP (KB896428)
/ Windows XP / SP3: Sicherheitsupdate für Windows XP (KB899587)
/ Windows XP / SP3: Sicherheitsupdate für Windows XP (KB899589)
/ Windows XP / SP3: Sicherheitsupdate für Windows XP (KB899591)
/ Windows XP / SP3: Update für Windows XP (KB900485)
/ Windows XP / SP3: Sicherheitsupdate für Windows XP (KB900725)
/ Windows XP / SP3: Sicherheitsupdate für Windows XP (KB901017)
/ Windows XP / SP3: Sicherheitsupdate für Windows XP (KB901190)
/ Windows XP / SP3: Sicherheitsupdate für Windows XP (KB901214)
/ Windows XP / SP3: Sicherheitsupdate für Windows XP (KB902400)
/ Windows XP / SP3: Sicherheitsupdate für Windows XP (KB904706)
/ Windows XP / SP3: Update für Windows XP (KB904942)
/ Windows XP / SP3: Sicherheitsupdate für Windows XP (KB905414)
/ Windows XP / SP3: Sicherheitsupdate für Windows XP (KB905749)
/ Windows XP / SP3: Sicherheitsupdate für Windows XP (KB908519)
/ Windows XP / SP3: Update für Windows XP (KB908531)
/ Windows XP / SP3: Hotfix for Windows XP (KB909394)
/ Windows XP / SP3: Update für Windows XP (KB910437)
/ Windows XP / SP3: Sicherheitsupdate für Windows XP (KB911280)
/ Windows XP / SP3: Sicherheitsupdate für Windows XP (KB911562)
/ Windows XP / SP3: Sicherheitsupdate für Windows XP (KB911567)
/ Windows XP / SP3: Sicherheitsupdate für Windows XP (KB911927)
/ Windows XP / SP3: Sicherheitsupdate für Windows XP (KB912812)
/ Windows XP / SP3: Sicherheitsupdate für Windows XP (KB912919)
/ Windows XP / SP3: Sicherheitsupdate für Windows XP (KB913446)
/ Windows XP / SP3: Sicherheitsupdate für Windows XP (KB913580)
/ Windows XP / SP3: Sicherheitsupdate für Windows XP (KB914388)
/ Windows XP / SP3: Sicherheitsupdate für Windows XP (KB914389)
/ Windows XP / SP3: Hotfix für Windows XP (KB914440)
/ Windows XP / SP3: Hotfix for Windows XP (KB915865)
/ Windows XP / SP3: Sicherheitsupdate für Windows XP (KB916281)
/ Windows XP / SP3: Update für Windows XP (KB916595)
/ Windows XP / SP3: Sicherheitsupdate für Windows XP (KB917159)
/ Windows XP / SP3: Sicherheitsupdate für Windows XP (KB917344)
/ Windows XP / SP3: Sicherheitsupdate für Windows XP (KB917422)
/ Windows XP / SP3: Sicherheitsupdate für Windows XP (KB917953)
/ Windows XP / SP3: Sicherheitsupdate für Windows XP (KB918118)
/ Windows XP / SP3: Sicherheitsupdate für Windows XP (KB918439)
/ Windows XP / SP3: Sicherheitsupdate für Windows XP (KB918899)
/ Windows XP / SP3: Sicherheitsupdate für Windows XP (KB919007)
/ Windows XP / SP3: Sicherheitsupdate für Windows XP (KB920213)
/ Windows XP / SP3: Sicherheitsupdate für Windows XP (KB920214)
/ Windows XP / SP3: Sicherheitsupdate für Windows XP (KB920670)
/ Windows XP / SP3: Sicherheitsupdate für Windows XP (KB920683)
/ Windows XP / SP3: Sicherheitsupdate für Windows XP (KB920685)
/ Windows XP / SP3: Update für Windows XP (KB920872)
/ Windows XP / SP3: Sicherheitsupdate für Windows XP (KB921398)
/ Windows XP / SP3: Sicherheitsupdate für Windows XP (KB921503)
/ Windows XP / SP3: Sicherheitsupdate für Windows XP (KB921883)
/ Windows XP / SP3: Update für Windows XP (KB922582)
/ Windows XP / SP3: Sicherheitsupdate für Windows XP (KB922616)
/ Windows XP / SP3: Sicherheitsupdate für Windows XP (KB922819)
/ Windows XP / SP3: Sicherheitsupdate für Windows XP (KB923191)
/ Windows XP / SP3: Sicherheitsupdate für Windows XP (KB923414)
/ Windows XP / SP3: Sicherheitsupdate für Windows XP (KB923694)
/ Windows XP / SP3: Sicherheitsupdate für Windows XP (KB923980)
/ Windows XP / SP3: Sicherheitsupdate für Windows XP (KB924191)
/ Windows XP / SP3: Sicherheitsupdate für Windows XP (KB924270)
/ Windows XP / SP3: Sicherheitsupdate für Windows XP (KB924496)
/ Windows XP / SP3: Sicherheitsupdate für Windows XP (KB924667)
/ Windows XP / SP3: Sicherheitsupdate für Windows XP (KB925454)
/ Windows XP / SP3: Sicherheitsupdate für Windows XP (KB925486)
/ Windows XP / SP3: Update für Windows XP (KB925720)
/ Windows XP / SP3: Sicherheitsupdate für Windows XP (KB925902)
/ Windows XP / SP3: Hotfix for Windows XP (KB926239)
/ Windows XP / SP3: Sicherheitsupdate für Windows XP (KB926247)
/ Windows XP / SP3: Sicherheitsupdate für Windows XP (KB926255)
/ Windows XP / SP3: Sicherheitsupdate für Windows XP (KB926436)
/ Windows XP / SP3: Sicherheitsupdate für Windows XP (KB927779)
/ Windows XP / SP3: Sicherheitsupdate für Windows XP (KB927802)
/ Windows XP / SP3: Update für Windows XP (KB927891)
/ Windows XP / SP3: Sicherheitsupdate für Windows XP (KB928255)
/ Windows XP / SP3: Sicherheitsupdate für Windows XP (KB928843)
/ Windows XP / SP3: Sicherheitsupdate für Windows XP (KB929123)
/ Windows XP / SP3: Update für Windows XP (KB929338)
/ Windows XP / SP3: Sicherheitsupdate für Windows XP (KB930178)
/ Windows XP / SP3: Update für Windows XP (KB930916)
/ Windows XP / SP3: Sicherheitsupdate für Windows XP (KB931261)
/ Windows XP / SP3: Sicherheitsupdate für Windows XP (KB931784)
/ Windows XP / SP3: Update für Windows XP (KB931836)
/ Windows XP / SP3: Sicherheitsupdate für Windows XP (KB932168)
/ Windows XP / SP3: Update für Windows XP (KB932823-v3)
/ Windows XP / SP3: Update für Windows XP (KB933360)
/ Windows XP / SP3: Sicherheitsupdate für Windows XP (KB933729)
/ Windows XP / SP3: Sicherheitsupdate für Windows XP (KB935839)
/ Windows XP / SP3: Sicherheitsupdate für Windows XP (KB935840)
/ Windows XP / SP3: Sicherheitsupdate für Windows XP (KB936021)
/ Windows XP / SP3: Update für Windows XP (KB936357)
/ Windows XP / SP3: Sicherheitsupdate für Windows XP (KB937894)
/ Windows XP / SP3: Update für Windows XP (KB938828)
/ Windows XP / SP3: Sicherheitsupdate für Windows XP (KB938829)
/ Windows XP / SP3: Sicherheitsupdate für Windows XP (KB941202)
/ Windows XP / SP3: Sicherheitsupdate für Windows XP (KB941568)
/ Windows XP / SP3: Sicherheitsupdate für Windows XP (KB941644)
/ Windows XP / SP3: Sicherheitsupdate für Windows XP (KB941693)
/ Windows XP / SP3: Update für Windows XP (KB942763)
/ Windows XP / SP3: Sicherheitsupdate für Windows XP (KB943055)
/ Windows XP / SP3: Sicherheitsupdate für Windows XP (KB943460)
/ Windows XP / SP3: Sicherheitsupdate für Windows XP (KB943485)
/ Windows XP / SP3: Sicherheitsupdate für Windows XP (KB944653)
/ Windows XP / SP3: Sicherheitsupdate für Windows XP (KB945553)
/ Windows XP / SP3: Sicherheitsupdate für Windows XP (KB946026)
/ Windows XP / SP3: Sicherheitsupdate für Windows XP (KB948590)
/ Windows XP / SP3: Sicherheitsupdate für Windows XP (KB948881)
/ Windows XP / SP3: Sicherheitsupdate für Windows XP (KB950749)
/ Windows XP / SP4: Sicherheitsupdate für Windows XP (KB938464)
/ Windows XP / SP4: Sicherheitsupdate für Windows XP (KB946648)
/ Windows XP / SP4: Sicherheitsupdate für Windows XP (KB950760)
/ Windows XP / SP4: Sicherheitsupdate für Windows XP (KB950762)
/ Windows XP / SP4: Sicherheitsupdate für Windows XP (KB950974)
/ Windows XP / SP4: Sicherheitsupdate für Windows XP (KB951066)
/ Windows XP / SP4: Update für Windows XP (KB951072-v2)
/ Windows XP / SP4: Sicherheitsupdate für Windows XP (KB951376)
/ Windows XP / SP4: Sicherheitsupdate für Windows XP (KB951376-v2)
/ Windows XP / SP4: Sicherheitsupdate für Windows XP (KB951698)
/ Windows XP / SP4: Sicherheitsupdate für Windows XP (KB951748)
/ Windows XP / SP4: Hotfix für Windows XP (KB952287)
/ Windows XP / SP4: Sicherheitsupdate für Windows XP (KB952954)
/ Windows XP / SP4: Sicherheitsupdate für Windows XP (KB953839)
/ Windows XP / SP4: Sicherheitsupdate für Windows XP (KB954211)
/ Windows XP / SP4: Sicherheitsupdate für Windows XP (KB955069)
/ Windows XP / SP4: Sicherheitsupdate für Windows XP (KB956391)
/ Windows XP / SP4: Sicherheitsupdate für Windows XP (KB956803)
/ Windows XP / SP4: Sicherheitsupdate für Windows XP (KB956841)
/ Windows XP / SP4: Sicherheitsupdate für Windows XP (KB957095)
/ Windows XP / SP4: Sicherheitsupdate für Windows XP (KB957097)
/ Windows XP / SP4: Sicherheitsupdate für Windows XP (KB958644)
/ XML Paper Specification Shared Components Pack 1.0: XML Paper Specification Shared Components Pack 1.0


--- Startup entries list ---
Located: HK_LM:Run, Adobe Reader Speed Launcher
command: "C:\Programme\Adobe\Reader 9.0\Reader\Reader_sl.exe"
file: C:\Programme\Adobe\Reader 9.0\Reader\Reader_sl.exe
size: 34672
MD5: 69B16C7B7746BA5C642FC05B3561FC73

Located: HK_LM:Run, AVG8_TRAY
command: C:\PROGRA~1\AVG\AVG8\avgtray.exe
file: C:\PROGRA~1\AVG\AVG8\avgtray.exe
size: 1234712
MD5: 84A91D110D27B11713C349523F4EA47F

Located: HK_LM:Run, AVMWlanClient
command: C:\Programme\avmwlanstick\wlangui.exe
file: C:\Programme\avmwlanstick\wlangui.exe
size: 1454080
MD5: AAA66F4D2B2A0382926F306C5A99440A

Located: HK_LM:Run, FinePrint Dispatcher v5
command: "C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fpdisp5a.exe" /source=HKLM
file: C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fpdisp5a.exe
size: 487424
MD5: C96D80774A096516E2095209FFA03AF1

Located: HK_LM:Run, iTunesHelper
command: "C:\Programme\iTunes\iTunesHelper.exe"
file: C:\Programme\iTunes\iTunesHelper.exe
size: 289064
MD5: 12577ED7558A642C53C959E72FF2455F

Located: HK_LM:Run, pdfFactory Pro Dispatcher v2
command: "C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fppdis2a.exe" /source=HKLM
file: C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fppdis2a.exe
size: 491520
MD5: C0687C4C8E64262E7B53EABD8D4B3E16

Located: HK_LM:Run, QuickTime Task
command: "C:\Programme\QuickTime\qttask.exe" -atboottime
file: C:\Programme\QuickTime\qttask.exe
size: 413696
MD5: F34EB5D4F145ED5FE50033CA3A41ED24

Located: HK_LM:Run, SunJavaUpdateSched
command: "C:\Programme\Java\jre1.6.0_07\bin\jusched.exe"
file: C:\Programme\Java\jre1.6.0_07\bin\jusched.exe
size: 144784
MD5: 6AB4C021FBD36DC6764924C312428D97

Located: HK_LM:Run, HP Software Update (DISABLED)
command: C:\Programme\HP\HP Software Update\HPWuSchd2.exe
file: C:\Programme\HP\HP Software Update\HPWuSchd2.exe
size: 49152
MD5: 7AF5A466CF4AECA28E3DCBCF5B6FD220

Located: HK_LM:Run, IMJPMIG8.1 (DISABLED)
command: "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
file: C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE
size: 208952
MD5: 7BBE4CF421AECC7F0226EDD75F12079F

Located: HK_LM:Run, iTunesHelper (DISABLED)
command: "C:\Programme\iTunes\iTunesHelper.exe"
file: C:\Programme\iTunes\iTunesHelper.exe
size: 289064
MD5: 12577ED7558A642C53C959E72FF2455F

Located: HK_LM:Run, KernelFaultCheck (DISABLED)
command: %systemroot%\system32\dumprep 0 -k
file: C:\WINDOWS\system32\dumprep 0 -k
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: HK_LM:Run, LClock (DISABLED)
command: C:\Programme\LClock\LClock.exe
file: C:\Programme\LClock\LClock.exe
size: 65536
MD5: 38CC541D105DCBA3D3768D6B191D9505

Located: HK_LM:Run, LexwareInfoService (DISABLED)
command: C:\Programme\Gemeinsame Dateien\Lexware\Update Manager\LxUpdateManager.exe /autostart
file: C:\Programme\Gemeinsame Dateien\Lexware\Update Manager\LxUpdateManager.exe
size: 532776
MD5: CE4AC8DF64B1E8E15CA82471F6602AA2

Located: HK_LM:Run, PHIME2002A (DISABLED)
command: C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
file: C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE
size: 455168
MD5: 024DC0F68DF5FD6AE9DD82DFBAF479D6

Located: HK_LM:Run, PHIME2002ASync (DISABLED)
command: C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
file: C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE
size: 455168
MD5: 024DC0F68DF5FD6AE9DD82DFBAF479D6

Located: HK_LM:Run, QuickTime Task (DISABLED)
command: "C:\Programme\QuickTime\qttask.exe" -atboottime
file: C:\Programme\QuickTime\qttask.exe
size: 413696
MD5: F34EB5D4F145ED5FE50033CA3A41ED24

Located: HK_LM:Run, Samsung Common SM (DISABLED)
command: "C:\WINDOWS\Samsung\ComSMMgr\ssmmgr.exe" /autorun
file: C:\WINDOWS\Samsung\ComSMMgr\ssmmgr.exe
size: 372736
MD5: FF9351B1F26EA186DC83BEA2B4175B57

Located: HK_LM:Run, SunJavaUpdateSched (DISABLED)
command: "C:\Programme\Java\jre1.5.0_11\bin\jusched.exe"
file: C:\Programme\Java\jre1.5.0_11\bin\jusched.exe
size: 75520
MD5: EDF5D27C6D244740418903626DF5741A

Located: HK_LM:Run, WinampAgent (DISABLED)
command: d:\Programme\Winamp\winampa.exe
file: d:\Programme\Winamp\winampa.exe
size: 36352
MD5: E7DEADB409CD8A4552C91ABF624F138F

Located: HK_CU:Run, DWQueuedReporting (DISABLED)
where: .DEFAULT...
command: "C:\PROGRA~1\GEMEIN~1\MICROS~1\DW\dwtrig20.exe" -t
file: C:\PROGRA~1\GEMEIN~1\MICROS~1\DW\dwtrig20.exe
size: 39264
MD5: 3992F464696B0EEFF236AEF93B1FDBD5

Located: HK_CU:Run, ctfmon.exe
where: PE_C_ADMINISTRATOR...
command: C:\WINDOWS\system32\ctfmon.exe
file: C:\WINDOWS\system32\ctfmon.exe
size: 15360
MD5: 7CE20569925DF6789C31799F0C538F29

Located: HK_CU:Run, SpybotSD TeaTimer
where: PE_C_ADMINISTRATOR...
command: C:\Programme\Spybot - Search & Destroy\TeaTimer.exe
file: C:\Programme\Spybot - Search & Destroy\TeaTimer.exe
size: 1833296
MD5: 63B3FF83B87AFCEBA89CED54695DA0F6

Located: HK_CU:RunOnce, NeroHomeFirstStart (DISABLED)
where: PE_C_ADMINISTRATOR...
command: "C:\Programme\Gemeinsame Dateien\Nero\Lib\NMFirstStart.exe"
file: C:\Programme\Gemeinsame Dateien\Nero\Lib\NMFirstStart.exe
size: 19752
MD5: ABDB4E0027FD39E254854AD710A0CCB6

Located: HK_CU:RunOnce, NeroHomeFirstStart (DISABLED)
where: PE_C_ALL USERS...
command: "C:\Programme\Gemeinsame Dateien\Nero\Lib\NMFirstStart.exe"
file: C:\Programme\Gemeinsame Dateien\Nero\Lib\NMFirstStart.exe
size: 19752
MD5: ABDB4E0027FD39E254854AD710A0CCB6

Located: HK_CU:Run, AVMUSBFernanschluss
where: S-1-5-21-1292428093-879983540-725345543-1003...
command: C:\Dokumente und Einstellungen\Master\Lokale Einstellungen\Apps\2.0\V1KG7M8V.1YQ\P5A3PRGY.RBV\frit..tion_f8d772dfbb3f7453_0002.0001_0db5bf149dd7a141\AVMAutoStart.exe
file: C:\Dokumente und Einstellungen\Master\Lokale Einstellungen\Apps\2.0\V1KG7M8V.1YQ\P5A3PRGY.RBV\frit..tion_f8d772dfbb3f7453_0002.0001_0db5bf149dd7a141\AVMAutoStart.exe
size: 139264
MD5: 0FF6609CD01BA037776433619CE5770E

Located: HK_CU:Run, ctfmon.exe
where: S-1-5-21-1292428093-879983540-725345543-1003...
command: C:\WINDOWS\system32\ctfmon.exe
file: C:\WINDOWS\system32\ctfmon.exe
size: 15360
MD5: 7CE20569925DF6789C31799F0C538F29

Located: HK_CU:Run, H/PC Connection Agent
where: S-1-5-21-1292428093-879983540-725345543-1003...
command: "C:\Programme\Microsoft ActiveSync\Wcescomm.exe"
file: C:\Programme\Microsoft ActiveSync\Wcescomm.exe
size: 1289000
MD5: 1C2863FE366B9E907AABFC6F8B6EE1A3

Located: HK_CU:Run, MSMSGS
where: S-1-5-21-1292428093-879983540-725345543-1003...
command: "C:\Programme\Messenger\msmsgs.exe" /background
file: C:\Programme\Messenger\msmsgs.exe
size: 1694208
MD5: 74E6E96C6F0E2ECA4EDBB7F7A468F259

Located: HK_CU:Run, SpybotSD TeaTimer
where: S-1-5-21-1292428093-879983540-725345543-1003...
command: C:\Programme\Spybot - Search & Destroy\TeaTimer.exe
file: C:\Programme\Spybot - Search & Destroy\TeaTimer.exe
size: 1833296
MD5: 63B3FF83B87AFCEBA89CED54695DA0F6

Located: HK_CU:Run, WMPNSCFG
where: S-1-5-21-1292428093-879983540-725345543-1003...
command: C:\Programme\Windows Media Player\WMPNSCFG.exe
file: C:\Programme\Windows Media Player\WMPNSCFG.exe
size: 204288
MD5: F22588F734FB08DEAE83F5E05BC21FFE

Located: HK_CU:RunOnce, FlashPlayerUpdate
where: S-1-5-21-1292428093-879983540-725345543-1003...
command: C:\WINDOWS\system32\Macromed\Flash\FlashUtil9e.exe
file: C:\WINDOWS\system32\Macromed\Flash\FlashUtil9e.exe
size: 218496
MD5: 55DAE09CBE5FE5E8EB2698107C18FD0D

Located: HK_CU:Run, ctfmon.exe (DISABLED)
where: S-1-5-21-1292428093-879983540-725345543-1003...
command: C:\WINDOWS\system32\ctfmon.exe
file: C:\WINDOWS\system32\ctfmon.exe
size: 15360
MD5: 7CE20569925DF6789C31799F0C538F29

Located: HK_CU:Run, MSMSGS (DISABLED)
where: S-1-5-21-1292428093-879983540-725345543-1003...
command: "C:\Programme\Messenger\msmsgs.exe" /background
file: C:\Programme\Messenger\msmsgs.exe
size: 1694208
MD5: 74E6E96C6F0E2ECA4EDBB7F7A468F259

Located: HK_CU:Run, Scribble (DISABLED)
where: S-1-5-21-1292428093-879983540-725345543-1003...
command: C:\Programme\Scribble\Scribble.exe -silent
file: C:\Programme\Scribble\Scribble.exe
size: 529744
MD5: 007287DBFCB0AD24C99B6F82C801B441

Located: HK_CU:Run, WMPNSCFG (DISABLED)
where: S-1-5-21-1292428093-879983540-725345543-1003...
command: C:\Programme\Windows Media Player\WMPNSCFG.exe
file: C:\Programme\Windows Media Player\WMPNSCFG.exe
size: 204288
MD5: F22588F734FB08DEAE83F5E05BC21FFE

Located: HK_CU:Run, DWQueuedReporting (DISABLED)
where: S-1-5-18...
command: "C:\PROGRA~1\GEMEIN~1\MICROS~1\DW\dwtrig20.exe" -t
file: C:\PROGRA~1\GEMEIN~1\MICROS~1\DW\dwtrig20.exe
size: 39264
MD5: 3992F464696B0EEFF236AEF93B1FDBD5

Located: Startup (allgemein), Corel MEDIA FOLDERS INDEXER 8.LNK (DISABLED)
where: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart...
command: D:\Corel\Graphics8\Programs\MFIndexer.exe
file: D:\Corel\Graphics8\Programs\MFIndexer.exe
size: 82944
MD5: E61933471B8376CC497C30F1CEDFB1DA

Located: Startup (allgemein), EPSON Status Monitor 3 Environment Check(2).lnk
where: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart...
command: C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV02.EXE
file: C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV02.EXE
size: 131584
MD5: 544EC70070780C4B87524F9203B57BC9

Located: Startup (allgemein), HP Digital Imaging Monitor.lnk (DISABLED)
where: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart...
command: C:\Programme\HP\Digital Imaging\bin\hpqtra08.exe
file: C:\Programme\HP\Digital Imaging\bin\hpqtra08.exe
size: 210520
MD5: F14219FC767F1383526AB423F278A8E3

Located: Startup (allgemein), Microsoft Office.lnk
where: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart...
command: D:\Programme\Microsoft Office\Office10\OSA.EXE
file: D:\Programme\Microsoft Office\Office10\OSA.EXE
size: 83360
MD5: 5BC65464354A9FD3BEAA28E18839734A

Located: WinLogon, jkhigff
command: jkhigff.dll
file: jkhigff.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!



--- Browser helper object list ---
{02478D38-C3F9-4efb-9B51-7695ECA05670} ()
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name:
description: Yahoo Companion!
classification: Legitimate
known filename: Ycomp*_*_*_*.dll
info link: http://companion.yahoo.com/
info source: TonyKlein

{18DF081C-E8AD-4283-A596-FA578C2EBDC3} (AcroIEHelperStub)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name: AcroIEHelperStub
CLSID name: Adobe PDF Link Helper
Path: C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\
Long name: AcroIEHelperShim.dll
Short name: ACROIE~2.DLL
Date (created): 11.06.2008 21:33:16
Date (last access): 09.12.2008 16:55:20
Date (last write): 11.06.2008 21:33:16
Filesize: 75128
Attributes: archive
MD5: E96C752BBA0E22330A43258FC800200E
CRC32: E5D72083
Version: 9.0.0.332

{252B1B21-127C-43D3-AACA-C21A944C97DB} ()
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name:

{2DF52D1E-95F7-41D3-A4AF-BDE0C1C2FC24} ()
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name:

{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} (WormRadar.com IESiteBlocker.NavFilter)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name: WormRadar.com IESiteBlocker.NavFilter
CLSID name: AVG Safe Search
Path: C:\Programme\AVG\AVG8\
Long name: avgssie.dll
Short name:
Date (created): 26.05.2008 17:18:04
Date (last access): 09.12.2008 16:51:50
Date (last write): 31.08.2008 14:56:46
Filesize: 455960
Attributes: archive
MD5: 19A9C541D4EE8E3471B26986D785AB4D
CRC32: 93FD7D83
Version: 8.0.0.152

{53707962-6F74-2D53-2644-206D7942484F} (Spybot-S&D IE Protection)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name: Spybot-S&D IE Protection
description: Spybot-S&D IE Browser plugin
classification: Legitimate
known filename: SDhelper.dll
info link: http://spybot.eon.net.au/
info source: Patrick M. Kolla
Path: C:\PROGRA~1\SPYBOT~1\
Long name: SDHelper.dll
Short name:
Date (created): 18.07.2008 19:23:02
Date (last access): 09.12.2008 17:13:28
Date (last write): 15.09.2008 13:25:44
Filesize: 1562960
Attributes: readonly hidden sysfile archive
MD5: 35F73F1936BDE91F1B6995510A61E7A8
CRC32: BE6A5D15
Version: 1.6.2.14

{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name: SSVHelper Class
Path: C:\Programme\Java\jre1.6.0_07\bin\
Long name: ssv.dll
Short name:
Date (created): 20.07.2008 08:14:18
Date (last access): 09.12.2008 14:41:50
Date (last write): 10.06.2008 03:27:02
Filesize: 509328
Attributes: archive
MD5: F921D875A1CBD69A6A462BA2514BC831
CRC32: 38AC9EE2
Version: 6.0.70.6

{7E853D72-626A-48EC-A868-BA8D5E23E045} ()
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name:

{828917C5-7063-459B-8607-578110BB6E88} ()
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name:

{9030D464-4C02-4ABF-8ECC-5164760863C6} (Windows Live Anmelde-Hilfsprogramm)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name: Windows Live Anmelde-Hilfsprogramm
Path: C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\
Long name: WindowsLiveLogin.dll
Short name: WINDOW~1.DLL
Date (created): 20.09.2007 10:30:18
Date (last access): 09.12.2008 16:51:50
Date (last write): 20.09.2007 10:30:18
Filesize: 328752
Attributes: archive
MD5: 59CF5BF6684AFCF906CADAD39B4214DE
CRC32: C363813C
Version: 4.200.520.1

{9A43B260-0D1F-4C87-9F89-D5039D78D5DA} ()
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name:

{C95858C3-9D90-42C3-93BF-D2BCCF527D4A} (XBTBPos42 Class)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name: XBTBPos42 Class
Path: C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{A9B9A6EC-E36C-4A97-8793-C338B719E637}\tbu17D\
Long name: peterzahlt.dll
Short name: PETERZ~1.DLL
Date (created): 27.02.2008 15:12:22
Date (last access): 09.12.2008 16:51:50
Date (last write): 30.01.2008 14:50:02
Filesize: 2359296
Attributes: archive
MD5: 45E5D3145305AAC0566AC28DB1CF1316
CRC32: EA08E42E
Version: 4.0.2.35

{DA5D08D9-3378-4427-A455-B930D64CACFB} ()
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name:

{FFFFFFA2-C40D-475D-8C91-9A9876ACFCDD} ()
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name:



--- ActiveX list ---
DirectAnimation Java Classes (DirectAnimation Java Classes)
DPF name: DirectAnimation Java Classes
CLSID name:
Installer:
Codebase: file://C:\WINDOWS\Java\classes\dajava.cab
description:
classification: Legitimate
known filename: %WINDIR%\Java\classes\dajava.cab
info link:
info source: Patrick M. Kolla

Microsoft XML Parser for Java (Microsoft XML Parser for Java)
DPF name: Microsoft XML Parser for Java
CLSID name:
Installer:
Codebase: file://C:\WINDOWS\Java\classes\xmldso.cab
description:
classification: Legitimate
known filename: %WINDIR%\Java\classes\xmldso.cab
info link:
info source: Patrick M. Kolla

{05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool)
DPF name:
CLSID name: Office Genuine Advantage Validation Tool
Installer: C:\WINDOWS\Downloaded Program Files\OGAControl.inf
Codebase: http://download.microsoft.com/download/e/7/3/e7345c16-80aa-4488-ae10-9ac6be844f99/OGAControl.cab
Path: C:\WINDOWS\system32\
Long name: OGACheckControl.DLL
Short name: OGACHE~1.DLL
Date (created): 05.03.2007 12:34:28
Date (last access): 09.12.2008 14:40:46
Date (last write): 05.03.2007 12:34:28
Filesize: 676224
Attributes: archive
MD5: B221B218126BC9409257F39837BAB90C
CRC32: 60F920AA
Version: 1.6.21.0

{162247AF-26A7-44FC-A93A-69506EA244F3} (HWTest.HWTestControl)
DPF name:
CLSID name: HWTest.HWTestControl
Installer: C:\WINDOWS\Downloaded Program Files\HWTest.INF
Codebase: http://maxdomeservice.1und1.de/de/systemcheck/HWTest.CAB
Path: C:\WINDOWS\Downloaded Program Files\
Long name: HWTEST.OCX
Short name:
Date (created): 13.07.2006 10:43:02
Date (last access): 09.12.2008 14:41:28
Date (last write): 13.07.2006 10:43:02
Filesize: 15800
Attributes: archive
MD5: 918FA74062283DB44CA1BAC3CDC53FB0
CRC32: 024C74AE
Version: 1.0.0.6

{5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module)
DPF name:
CLSID name: Windows Live Safety Center Base Module
Installer: C:\WINDOWS\Downloaded Program Files\CONFLICT.1\wlscBase.inf
Codebase: http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase8300.cab
description:
classification: Legitimate
known filename: wlscBase.dll
info link:
info source: Safer Networking Ltd.
Path: C:\WINDOWS\Downloaded Program Files\CONFLICT.1\
Long name: wlscBase.dll
Short name:
Date (created): 27.03.2007 13:25:30
Date (last access): 09.12.2008 14:41:28
Date (last write): 27.03.2007 13:25:30
Filesize: 465816
Attributes: archive
MD5: 85A9ED549078B78D6C0BE4565045F7BA
CRC32: F69A3C13
Version: 1.4.8300.1

{6B75345B-AA36-438A-BBE6-4078B4C6984D} (HpProductDetection Class)
DPF name:
CLSID name: HpProductDetection Class
Installer: C:\WINDOWS\Downloaded Program Files\setup.inf
Codebase: http://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection.cab
description:
classification: Legitimate
known filename: HPDeviceDetection.dll
info link:
info source: Safer Networking Ltd.
Path: C:\Programme\HP\Common\
Long name: HPDeviceDetection.dll
Short name: HPDEVI~1.DLL
Date (created): 28.03.2008 17:43:30
Date (last access): 02.11.2008 14:33:06
Date (last write): 28.03.2008 17:43:30
Filesize: 529712
Attributes: archive
MD5: 89C14306B7BE8BBD1F14D6F40BEC0736
CRC32: 90C876C8
Version: 4.0.9.0

{8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0)
DPF name: Java Runtime Environment 1.6.0
CLSID name: Java Plug-in 1.6.0_07
Installer:
Codebase: http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
description: Sun Java
classification: Legitimate
known filename: %PROGRAM FILES%\JabaSoft\JRE\*\Bin\npjava131.dll
info link:
info source: Patrick M. Kolla
Path: C:\Programme\Java\jre1.6.0_07\bin\
Long name: npjpi160_07.dll
Short name: NPJPI1~1.DLL
Date (created): 10.06.2008 01:32:34
Date (last access): 04.12.2008 11:33:52
Date (last write): 10.06.2008 03:27:02
Filesize: 132496
Attributes: archive
MD5: 7C83A2809E13950359189767AC9D5DB8
CRC32: 925C2A88
Version: 6.0.70.6

{8FFBE65D-2C9C-4669-84BD-5829DC0B603C} ()
DPF name:
CLSID name:
Installer: C:\WINDOWS\Downloaded Program Files\erma.inf
Codebase: http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
description:
classification: Open for discussion
known filename:
info link:
info source: Safer Networking Ltd.

{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} (Java Runtime Environment 1.6.0)
DPF name: Java Runtime Environment 1.6.0
CLSID name: Java Plug-in 1.6.0_02
Installer:
Codebase: http://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
description:
classification: Legitimate
known filename: npjpi160_02.dll
info link:
info source: Safer Networking Ltd.
Path: C:\Programme\Java\jre1.6.0_02\bin\
Long name: npjpi160_02.dll
Short name: NPJPI1~1.DLL
Date (created): 12.07.2007 01:22:38
Date (last access): 02.11.2008 15:02:20
Date (last write): 12.07.2007 03:00:36
Filesize: 132496
Attributes: archive
MD5: E3811F1A1C5063C941EC0E2766C3EA39
CRC32: AEFD3747
Version: 6.0.20.6

{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} (Java Runtime Environment 1.6.0)
DPF name: Java Runtime Environment 1.6.0
CLSID name: Java Plug-in 1.6.0_03
Installer:
Codebase: http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
Path: C:\Programme\Java\jre1.6.0_03\bin\
Long name: npjpi160_03.dll
Short name: NPJPI1~1.DLL
Date (created): 24.09.2007 22:31:44
Date (last access): 02.11.2008 15:04:58
Date (last write): 25.09.2007 00:11:34
Filesize: 132496
Attributes: archive
MD5: D6A4682A6FF41832A3F1A7AB9AE08199
CRC32: 9080B537
Version: 6.0.30.5

{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} (Java Runtime Environment 1.6.0)
DPF name: Java Runtime Environment 1.6.0
CLSID name: Java Plug-in 1.6.0_05
Installer:
Codebase: http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
Path: C:\Programme\Java\jre1.6.0_05\bin\
Long name: npjpi160_05.dll
Short name: NPJPI1~1.DLL
Date (created): 22.02.2008 02:33:32
Date (last access): 02.11.2008 15:07:38
Date (last write): 22.02.2008 04:25:20
Filesize: 132496
Attributes: archive
MD5: 4FDFB86D78994BD71CBB779A7809E9CD
CRC32: 5A0EB880
Version: 6.0.50.13

{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} (Java Runtime Environment 1.6.0)
DPF name: Java Runtime Environment 1.6.0
CLSID name: Java Plug-in 1.6.0_07
Installer:
Codebase: http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
Path: C:\Programme\Java\jre1.6.0_07\bin\
Long name: npjpi160_07.dll
Short name: NPJPI1~1.DLL
Date (created): 10.06.2008 01:32:34
Date (last access): 09.12.2008 17:13:38
Date (last write): 10.06.2008 03:27:02
Filesize: 132496
Attributes: archive
MD5: 7C83A2809E13950359189767AC9D5DB8
CRC32: 925C2A88
Version: 6.0.70.6

{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} (Java Runtime Environment 1.6.0)
DPF name: Java Runtime Environment 1.6.0
CLSID name: Java Plug-in 1.6.0_07
Installer:
Codebase: http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
description:
classification: Legitimate
known filename: npjpi150_06.dll
info link:
info source: Safer Networking Ltd.
Path: C:\Programme\Java\jre1.6.0_07\bin\
Long name: npjpi160_07.dll
Short name: NPJPI1~1.DLL
Date (created): 10.06.2008 01:32:34
Date (last access): 09.12.2008 17:13:38
Date (last write): 10.06.2008 03:27:02
Filesize: 132496
Attributes: archive
MD5: 7C83A2809E13950359189767AC9D5DB8
CRC32: 925C2A88
Version: 6.0.70.6

{CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} ()
DPF name:
CLSID name:
Installer:
Codebase:

{EBF85371-A38F-485B-B28F-0B4C82D25937} (CUpdateCtl Object)
DPF name:
CLSID name: CUpdateCtl Object
Installer:
Codebase: http://update.hpphoto.com/download/HPSWUpdate.ocx
Path: C:\WINDOWS\Downloaded Program Files\
Long name: HPSWUpdate.ocx
Short name: HPSWUP~1.OCX
Date (created): 08.10.2007 14:24:34
Date (last access): 09.12.2008 14:41:28
Date (last write): 08.10.2007 14:24:36
Filesize: 99880
Attributes: archive
MD5: 737F8E1EE81E82ADC236E321E9B011B0
CRC32: AF2A257D
Version: 1.0.0.1



--- Process list ---
PID: 0 ( 0) [System]
PID: 376 ( 4) \SystemRoot\System32\smss.exe
size: 50688
PID: 436 ( 376) \??\C:\WINDOWS\system32\csrss.exe
size: 6144
PID: 460 ( 376) \??\C:\WINDOWS\system32\winlogon.exe
size: 507392
PID: 512 ( 460) C:\WINDOWS\system32\services.exe
size: 108544
MD5: EDB6B81761BD60F32F740BBC40AFB676
PID: 524 ( 460) C:\WINDOWS\system32\lsass.exe
size: 13312
MD5: 183805EB05BCA5A1E4AAAED4D2BE3690
PID: 696 ( 512) C:\WINDOWS\system32\svchost.exe
size: 14336
MD5: 65A819B121EB6FDAB4400EA42BDFFE64
PID: 764 ( 512) C:\WINDOWS\system32\svchost.exe
size: 14336
MD5: 65A819B121EB6FDAB4400EA42BDFFE64
PID: 828 ( 512) C:\WINDOWS\System32\svchost.exe
size: 14336
MD5: 65A819B121EB6FDAB4400EA42BDFFE64
PID: 876 ( 512) C:\WINDOWS\System32\svchost.exe
size: 14336
MD5: 65A819B121EB6FDAB4400EA42BDFFE64
PID: 912 ( 512) C:\WINDOWS\System32\svchost.exe
size: 14336
MD5: 65A819B121EB6FDAB4400EA42BDFFE64
PID: 980 ( 512) C:\WINDOWS\system32\spoolsv.exe
size: 57856
MD5: DA81EC57ACD4CDC3D4C51CF3D409AF9F
PID: 1248 ( 512) C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
size: 116040
MD5: 68277BB887A67D992A81B01710AFF92A
PID: 1284 ( 512) C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
size: 231704
MD5: 9B40D378D4E521464212E878BE8216A4
PID: 1300 ( 512) C:\Programme\avmwlanstick\WlanNetService.exe
size: 356352
MD5: 9BD46C1D2F33A890B7226EDF543F18AA
PID: 1332 ( 512) C:\Programme\Bonjour\mDNSResponder.exe
size: 229376
MD5: CFD4C3352E29A8B729536648466E8DF5
PID: 1708 ( 512) C:\Programme\Gemeinsame Dateien\EPSON\eEBAPI\eEBSVC.exe
size: 90112
MD5: A0FB385B6281D694F8930C2EF85C453E
PID: 1848 ( 512) C:\WINDOWS\system32\svchost.exe
size: 14336
MD5: 65A819B121EB6FDAB4400EA42BDFFE64
PID: 1984 ( 512) C:\WINDOWS\System32\svchost.exe
size: 14336
MD5: 65A819B121EB6FDAB4400EA42BDFFE64
PID: 2012 ( 512) D:\Nero\Nero8\InCD\InCDsrv.exe
size: 1440552
MD5: B983D62CA4AC7C1B68089AE05FDE6888
PID: 364 (1940) C:\WINDOWS\Explorer.EXE
size: 1036288
MD5: 64D320C0E301EEDC5A4ADBBDC5024F7F
PID: 1036 ( 364) C:\WINDOWS\system32\ctfmon.exe
size: 15360
MD5: 7CE20569925DF6789C31799F0C538F29
PID: 1120 ( 512) C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe
size: 322120
MD5: 11F714F85530A2BD134074DC30E99FCA
PID: 1456 ( 512) C:\WINDOWS\System32\msdtc.exe
size: 6144
MD5: D059F9C7752EF461476E83180DAA5C62
PID: 1624 (1284) C:\Programme\AVG\AVG8\avgrsx.exe
size: 287000
MD5: BA1CE056CE1466CA28CE118585EA86C4
PID: 180 ( 512) D:\Nero\Nero8\Nero BackItUp\NBService.exe
size: 877864
MD5: 40D7D0A208EE863BCA8D89E299216F15
PID: 652 ( 512) D:\Nero\Nero8\InCD\NBHRegInCDSrv.exe
size: 53032
MD5: 3929C15875CC58FAA1048B231FB3E041
PID: 1068 ( 512) C:\WINDOWS\system32\IoctlSvc.exe
size: 81920
MD5: 875E4E0661F3A5994DF9E5E3A0A4F96B
PID: 1212 ( 512) C:\WINDOWS\System32\tcpsvcs.exe
size: 19456
MD5: 7A1A532F14FDE28489DC349C6E404A67
PID: 1116 ( 512) C:\WINDOWS\System32\svchost.exe
size: 14336
MD5: 65A819B121EB6FDAB4400EA42BDFFE64
PID: 576 ( 512) C:\WINDOWS\system32\mqsvc.exe
size: 4608
MD5: 0197F8913B0B5663FCE77EFA4B988F47
PID: 2516 ( 512) C:\WINDOWS\System32\alg.exe
size: 44544
MD5: 6596DD260FFDE1BDC994C1DF236307BB
PID: 2612 ( 364) C:\Programme\Java\jre1.6.0_07\bin\jusched.exe
size: 144784
MD5: 6AB4C021FBD36DC6764924C312428D97
PID: 2688 ( 364) C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fppdis2a.exe
size: 491520
MD5: C0687C4C8E64262E7B53EABD8D4B3E16
PID: 3368 ( 364) C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fpdisp5a.exe
size: 487424
MD5: C96D80774A096516E2095209FFA03AF1
PID: 3460 ( 364) C:\PROGRA~1\AVG\AVG8\avgtray.exe
size: 1234712
MD5: 84A91D110D27B11713C349523F4EA47F
PID: 3604 ( 364) C:\Programme\avmwlanstick\wlangui.exe
size: 1454080
MD5: AAA66F4D2B2A0382926F306C5A99440A
PID: 3824 ( 364) C:\Programme\iTunes\iTunesHelper.exe
size: 289064
MD5: 12577ED7558A642C53C959E72FF2455F
PID: 3940 ( 364) C:\Programme\Microsoft ActiveSync\Wcescomm.exe
size: 1289000
MD5: 1C2863FE366B9E907AABFC6F8B6EE1A3
PID: 4036 ( 696) C:\PROGRA~1\MICROS~3\rapimgr.exe
size: 199464
MD5: D186DF93996C51C2FFB1580174AC28B3
PID: 1052 ( 364) C:\Programme\Messenger\msmsgs.exe
size: 1694208
MD5: 74E6E96C6F0E2ECA4EDBB7F7A468F259
PID: 1432 ( 364) C:\Programme\Windows Media Player\WMPNSCFG.exe
size: 204288
MD5: F22588F734FB08DEAE83F5E05BC21FFE
PID: 1808 ( 512) C:\Programme\iPod\bin\iPodService.exe
size: 532264
MD5: B510D6665EA4562797187F18094A040E
PID: 2700 ( 512) C:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
size: 36864
MD5: FACECF3F75BAF3775A879D1168402270
PID: 3000 ( 980) C:\Programme\Samsung ML-2010 Series\CommonSM\ssmsrvc.exe
size: 151552
MD5: D3A942DB5DBAADFBAE7EAC7766E1FBB4
PID: 300 (3420) C:\Dokumente und Einstellungen\Master\Lokale Einstellungen\Apps\2.0\V1KG7M8V.1YQ\P5A3PRGY.RBV\frit..tion_f8d772dfbb3f7453_0002.0001_0db5bf149dd7a141\fritzbox-usb-fernanschluss.exe
size: 185656
MD5: EAF52A441EC59495DC7420DC586A2977
PID: 3220 ( 512) C:\Programme\Windows Live\installer\WLSetupSvc.exe
size: 266240
MD5: 94A85E956A065E23E0010A6A7826243B
PID: 2508 ( 512) C:\Programme\Windows Live\Messenger\usnsvc.exe
size: 98328
MD5: 9D19B042A4FD5C02195071EA2FE0C821
PID: 4848 ( 364) C:\Programme\Spybot - Search & Destroy\SpybotSD.exe
size: 4891472
MD5: 3B1B5D09D3C9C4CD39D4DB06ED7A0855
PID: 5184 ( 364) C:\Programme\Internet Explorer\IEXPLORE.EXE
size: 635848
MD5: 1F03216084447F990AE797317D0A6E70
PID: 5476 ( 696) C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WLLoginProxy.exe
size: 118336
MD5: 7FA0AA2F3DABA5BEB2C4AC1EEC054EFA
PID: 3200 ( 364) D:\Programme\Microsoft Office\OFFICE11\OUTLOOK.EXE
size: 199688
MD5: 8219160C141B505AB5C112F73405C348
PID: 2780 ( 696) D:\Programme\Duden\Duden Korrektor\DKCore.exe
size: 369368
MD5: B36752970E0E4E16A4020B6B94D4D995
PID: 3408 ( 696) D:\Programme\Microsoft Office\OFFICE11\WINWORD.EXE
size: 12313096
MD5: 65D0EADE0BB1A851B7781B0166DD842D
PID: 4 ( 0) System


--- Browser start & search pages list ---
Spybot - Search & Destroy browser pages report, 09.12.2008 17:13:45

HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Local Page
C:\WINDOWS\system32\blank.htm
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Start Page
about:blank
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Local Page
%SystemRoot%\system32\blank.htm
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Search Page
http://go.microsoft.com/fwlink/?LinkId=54896
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Start Page
http://go.microsoft.com/fwlink/?LinkId=56626&homepage=http://go.microsoft.com/fwlink/?LinkId=69157
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Page_URL
http://go.microsoft.com/fwlink/?LinkId=69157
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Search_URL
http://go.microsoft.com/fwlink/?LinkId=54896
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\SearchAssistant
http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\CustomizeSearch
http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm


--- Winsock Layered Service Provider list ---
Protocol 0: MSAFD Tcpip [TCP/IP]
GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IP protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip

Protocol 1: MSAFD Tcpip [UDP/IP]
GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IP protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip

Protocol 2: MSAFD Tcpip [RAW/IP]
GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IP protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip

Protocol 3: RSVP UDP Service Provider
GUID: {9D60A9E0-337A-11D0-BD88-0000C082E69A}
Filename: %SystemRoot%\system32\rsvpsp.dll
Description: Microsoft Windows NT/2k/XP RVSP
DB filename: %SystemRoot%\system32\rsvpsp.dll
DB protocol: RSVP * Service Provider

Protocol 4: RSVP TCP Service Provider
GUID: {9D60A9E0-337A-11D0-BD88-0000C082E69A}
Filename: %SystemRoot%\system32\rsvpsp.dll
Description: Microsoft Windows NT/2k/XP RVSP
DB filename: %SystemRoot%\system32\rsvpsp.dll
DB protocol: RSVP * Service Provider

Protocol 5: MSAFD Pgm (RDM)
GUID: {D232B479-422B-4FBE-9E5E-1FE3465E5885}
Filename: %SystemRoot%\system32\mswsock.dll

Protocol 6: MSAFD Pgm (Stream)
GUID: {D232B479-422B-4FBE-9E5E-1FE3465E5885}
Filename: %SystemRoot%\system32\mswsock.dll

Protocol 7: MSAFD NetBIOS [\Device\NetBT_Tcpip_{D7A68975-57D0-44E7-A517-A3229E36D088}] SEQPACKET 0
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 8: MSAFD NetBIOS [\Device\NetBT_Tcpip_{D7A68975-57D0-44E7-A517-A3229E36D088}] DATAGRAM 0
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 9: MSAFD NetBIOS [\Device\NetBT_Tcpip_{0696CEFC-7DAF-45B1-B835-077002F7C974}] SEQPACKET 4
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 10: MSAFD NetBIOS [\Device\NetBT_Tcpip_{0696CEFC-7DAF-45B1-B835-077002F7C974}] DATAGRAM 4
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 11: MSAFD NetBIOS [\Device\NetBT_Tcpip_{8096164E-B179-4DCC-9214-AFC4B670BB64}] SEQPACKET 1
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 12: MSAFD NetBIOS [\Device\NetBT_Tcpip_{8096164E-B179-4DCC-9214-AFC4B670BB64}] DATAGRAM 1
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 13: MSAFD NetBIOS [\Device\NetBT_Tcpip_{44CBF691-8D6F-40E6-98D7-67876C848BC7}] SEQPACKET 2
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 14: MSAFD NetBIOS [\Device\NetBT_Tcpip_{44CBF691-8D6F-40E6-98D7-67876C848BC7}] DATAGRAM 2
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Namespace Provider 0: TCP/IP
GUID: {22059D40-7E9E-11CF-AE5A-00AA00A7112B}
Filename: %SystemRoot%\System32\mswsock.dll
Description: Microsoft Windows NT/2k/XP TCP/IP name space provider
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: TCP/IP

Namespace Provider 1: NTDS
GUID: {3B2637EE-E580-11CF-A555-00C04FD8D4AC}
Filename: %SystemRoot%\System32\winrnr.dll
Description: Microsoft Windows NT/2k/XP name space provider
DB filename: %SystemRoot%\system32\winrnr.dll
DB protocol: NTDS

Namespace Provider 2: NLA-Namespace
GUID: {6642243A-3BA8-4AA6-BAA5-2E0BD71FDD83}
Filename: %SystemRoot%\System32\mswsock.dll
Description: Microsoft Windows NT/2k/XP name space provider
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: NLA-Namespace

Namespace Provider 3: mdnsNSP
GUID: {B600E6E9-553B-4A19-8696-335E5C896153}
Filename: C:\Programme\Bonjour\mdnsNSP.dll
Description: Apple Rendezvous protocol
DB filename: %ProgramFiles%\Rendezvous\bin\mdnsNSP.dll
DB protocol: mdnsNSP

mikikado
2008-12-09, 20:47
Hello there!

I'm using AVG free 8

This times I always get this message opening IE:

Resident Shield alert

Accessed file has warning

Warning!

File name: C;\Dokumente und Einstellungen\Scott\Cookies\scott@ivwbox[1].txt

Threat name: Found Tracking cookie.Ivwbox
Detectet on open.

When I click on "show details":

Process Name: C:\WINDOWS\ie7updates\k953838-IE7\iexplore.exe
Process ID: 2512

Who knows what this warnin means. is it dangerous?

When I scan with spybot there is no such a threat!

Please help

Bst regards
Michael