asiarunner
2010-01-24, 08:41
Hello Spybot Team.
After a scan with Spybot i found some issues. I posting here the Jijack and Spybot Log File:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:41:15, on 24.01.2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\Avast4\aswUpdSv.exe
C:\Programme\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Programme\Google\Update\1.2.183.13\GoogleCrashHandler.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Avast4\ashDisp.exe
C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Programme\Nitro PDF\Professional\NitroPDFPrinterMonitor.exe
C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe
C:\Programme\a-squared Free\a2service.exe
C:\Programme\Internet Download Manager\IDMan.exe
C:\Programme\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Programme\Java\jre6\bin\jqs.exe
C:\Programme\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Programme\CDBurnerXP\NMSAccessU.exe
C:\Programme\AvaFind\AvaFind.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Programme\S.A.D\CyberGhost VPN\CGVPNCliService.exe
C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
C:\Programme\Avast4\ashMaiSv.exe
C:\Programme\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Programme\Spybot - Search & Destroy\SpybotSD.exe
C:\Programme\Internet Download Manager\IEMonitor.exe
C:\Programme\Mozilla Firefox\3\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Programme\Safer Networking\RegAlyzer\RegAlyzer.exe
C:\Programme\WinRAR\WinRAR.exe
C:\DOKUME~1\Falk\LOKALE~1\Temp\Rar$EX00.078\RootAlyzer.exe
C:\Programme\Trend Micro\HijackThis\HijackThis.exe
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Programme\Internet Download Manager\IDMIECC.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [ATIPTA] "C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [Nitro PDF Printer Monitor] "C:\Programme\Nitro PDF\Professional\NitroPDFPrinterMonitor.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe"
O4 - HKLM\..\RunOnce: [SpybotSnD] "C:\Programme\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
O4 - HKCU\..\Run: [IDMan] C:\Programme\Internet Download Manager\IDMan.exe /onboot
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Ava Find Professional 1.5.218.lnk = C:\Programme\AvaFind\AvaFind.exe
O4 - Global Startup: Bluetooth.lnk = ?
O8 - Extra context menu item: An vorhandene PDF-Datei anfügen - res://C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Download aller Links mit IDM - C:\Programme\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download FLV-Videoinhalt mit IDM - C:\Programme\Internet Download Manager\IEGetVL.htm
O8 - Extra context menu item: Download mit IDM - C:\Programme\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: In Adobe PDF konvertieren - res://C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Linkziel an vorhandene PDF-Datei anhängen - res://C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Linkziel in Adobe PDF konvertieren - res://C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Senden an &Bluetooth - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\GEMEIN~1\Skype\SKYPE4~1.DLL
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Programme\a-squared Free\a2service.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Programme\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Programme\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Programme\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Programme\Avast4\ashWebSv.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Programme\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: CyberGhost VPN Client (CGVPNCliSrvc) - mobile concepts GmbH - C:\Programme\S.A.D\CyberGhost VPN\CGVPNCliService.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Programme\Gemeinsame Dateien\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Programme\Google\Update\GoogleUpdate.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programme\Java\jre6\bin\jqs.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Programme\Gemeinsame Dateien\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: NMSAccessU - Unknown owner - C:\Programme\CDBurnerXP\NMSAccessU.exe
O23 - Service: Wechselmedien NtmsSvcNetDDEdsdm (NtmsSvcNetDDEdsdm) - Unknown owner - C:\WINDOWS\system32\aaaamono.exe
O23 - Service: ServiceLayer - Nokia - C:\Programme\PC Connectivity Solution\ServiceLayer.exe
--
End of file - 8461 bytes
--- Search result list ---
Win32.FraudLoad.edt: [SBI $990B0E99] Type library (Registry key, fixing failed)
HKEY_CLASSES_ROOT\TypeLib\{C20EE2D6-81C3-6A08-79C5-1989DA43BC19}
Win32.Winlagons.co: [SBI $FF316C53] Data (File, fixed)
C:\WINDOWS\system32\adsldpcb.sys
Properties.size=0
Properties.md5=D41D8CD98F00B204E9800998ECF8427E
--- Spybot - Search & Destroy version: 1.6.2 (build: 20090126) ---
2009-01-26 blindman.exe (1.0.0.8)
2009-01-26 SDFiles.exe (1.6.1.7)
2009-01-26 SDMain.exe (1.0.0.6)
2009-01-26 SDShred.exe (1.0.2.5)
2009-01-26 SDUpdate.exe (1.6.0.12)
2009-01-26 SpybotSD.exe (1.6.2.46)
2009-03-05 TeaTimer.exe (1.6.6.32)
2010-01-20 unins000.exe (51.49.0.0)
2009-01-26 Update.exe (1.6.0.7)
2009-11-04 advcheck.dll (1.6.5.20)
2007-04-02 aports.dll (2.1.0.0)
2008-06-14 DelZip179.dll (1.79.11.1)
2009-01-26 SDHelper.dll (1.6.2.14)
2008-06-19 sqlite3.dll
2009-01-26 Tools.dll (2.1.6.10)
2009-01-16 UninsSrv.dll (1.0.0.0)
2009-10-08 Includes\Adware.sbi (*)
2010-01-19 Includes\AdwareC.sbi (*)
2009-01-22 Includes\Cookies.sbi (*)
2009-11-03 Includes\Dialer.sbi (*)
2010-01-19 Includes\DialerC.sbi (*)
2009-01-22 Includes\HeavyDuty.sbi (*)
2009-05-26 Includes\Hijackers.sbi (*)
2010-01-19 Includes\HijackersC.sbi (*)
2010-01-20 Includes\Keyloggers.sbi (*)
2010-01-19 Includes\KeyloggersC.sbi (*)
2004-11-29 Includes\LSP.sbi (*)
2010-01-19 Includes\Malware.sbi (*)
2010-01-19 Includes\MalwareC.sbi (*)
2009-03-25 Includes\PUPS.sbi (*)
2010-01-19 Includes\PUPSC.sbi (*)
2009-01-22 Includes\Revision.sbi (*)
2009-01-13 Includes\Security.sbi (*)
2010-01-19 Includes\SecurityC.sbi (*)
2008-06-03 Includes\Spybots.sbi (*)
2008-06-03 Includes\SpybotsC.sbi (*)
2009-11-03 Includes\Spyware.sbi (*)
2010-01-19 Includes\SpywareC.sbi (*)
2009-06-08 Includes\Tracks.uti
2009-12-08 Includes\Trojans.sbi (*)
2010-01-19 Includes\TrojansC.sbi (*)
2008-03-04 Plugins\Chai.dll
2008-03-05 Plugins\Fennel.dll
2008-02-26 Plugins\Mate.dll
2007-12-24 Plugins\TCPIPAddress.dll
--- System information ---
Windows XP (Build: 2600) Service Pack 2 (5.1.2600)
/ MSXML4SP2: Security update for MSXML4 SP2 (KB954430)
/ MSXML4SP2: Security update for MSXML4 SP2 (KB973688)
/ Windows Media Player: Sicherheitsupdate für Windows Media Player (KB952069)
/ Windows Media Player: Sicherheitsupdate für Windows Media Player (KB954155)
/ Windows Media Player: Sicherheitsupdate für Windows Media Player (KB968816)
/ Windows Media Player: Sicherheitsupdate für Windows Media Player (KB973540)
/ Windows Media Player: Sicherheitsupdate für Windows Media Player (KB973540)
--- Startup entries list ---
Located: HK_LM:Run,
command:
file:
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: HK_LM:Run, ATIPTA
command: "C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe"
file: C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe
size: 344064
MD5: 18C3A268621B200D202AD6A1C437F3A8
Located: HK_LM:Run, avast!
command: C:\PROGRA~1\Avast4\ashDisp.exe
file: C:\PROGRA~1\Avast4\ashDisp.exe
size: 81000
MD5: 0A7E9FDF3BF1980CA09FEEAC7F52EFBC
Located: HK_LM:Run, Nitro PDF Printer Monitor
command: "C:\Programme\Nitro PDF\Professional\NitroPDFPrinterMonitor.exe"
file: C:\Programme\Nitro PDF\Professional\NitroPDFPrinterMonitor.exe
size: 210208
MD5: 6555FF27D9761CBC3281B73AC579DBCB
Located: HK_LM:Run, SunJavaUpdateSched
command: "C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe"
file: C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe
size: 246504
MD5: E0D6538B62C79FCBF0B27F95FAF3208B
Located: HK_LM:RunOnce, SpybotSnD
command: "C:\Programme\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
file: C:\Programme\Spybot - Search & Destroy\SpybotSD.exe
size: 5365592
MD5: 0477C2F9171599CA5BC3307FDFBA8D89
Located: HK_CU:Run, CTFMON.EXE
where: .DEFAULT...
command: C:\WINDOWS\system32\CTFMON.EXE
file: C:\WINDOWS\system32\CTFMON.EXE
size: 15360
MD5: 7CE20569925DF6789C31799F0C538F29
Located: HK_CU:Run, CTFMON.EXE
where: S-1-5-19...
command: C:\WINDOWS\system32\CTFMON.EXE
file: C:\WINDOWS\system32\CTFMON.EXE
size: 15360
MD5: 7CE20569925DF6789C31799F0C538F29
Located: HK_CU:Run, CTFMON.EXE
where: S-1-5-20...
command: C:\WINDOWS\system32\CTFMON.EXE
file: C:\WINDOWS\system32\CTFMON.EXE
size: 15360
MD5: 7CE20569925DF6789C31799F0C538F29
Located: HK_CU:Run, IDMan
where: S-1-5-21-1454471165-1957994488-725345543-1003...
command: C:\Programme\Internet Download Manager\IDMan.exe /onboot
file: C:\Programme\Internet Download Manager\IDMan.exe
size: 3171760
MD5: 5F388BDEEC0B430FE0E8A72C118EAF71
Located: HK_CU:Run, CTFMON.EXE
where: S-1-5-18...
command: C:\WINDOWS\system32\CTFMON.EXE
file: C:\WINDOWS\system32\CTFMON.EXE
size: 15360
MD5: 7CE20569925DF6789C31799F0C538F29
Located: Startup (common), Bluetooth.lnk
where: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart...
command: C:\Programme\WIDCOMM\Bluetooth Software\BTTray.exe
file: C:\Programme\WIDCOMM\Bluetooth Software\BTTray.exe
size: 577597
MD5: 8A4A3B1A0D38284A7A1C1D576E7C6ED2
Located: Startup (user), Ava Find Professional 1.5.218.lnk
where: C:\Dokumente und Einstellungen\Falk\Startmenü\Programme\Autostart...
command: C:\Programme\AvaFind\AvaFind.exe
file: C:\Programme\AvaFind\AvaFind.exe
size: 295936
MD5: E7A2A5D5F5345364AC59ED81EDE6E713
Located: Startup (disabled), WLAN network adaptor Wireless LAN Configuration (DISABLED)
command: C:\WINDOWS\system32\wlansta.exe /CONFIGURE
file: C:\WINDOWS\system32\wlansta.exe
size: 147527
MD5: 4E7608F75E0D0C906CCB34CDD01D8700
Located: WinLogon, AtiExtEvent
command: Ati2evxx.dll
file: Ati2evxx.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: WinLogon, crypt32chain
command: crypt32.dll
file: crypt32.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: WinLogon, cryptnet
command: cryptnet.dll
file: cryptnet.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: WinLogon, cscdll
command: cscdll.dll
file: cscdll.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: WinLogon, dimsntfy
command: %SystemRoot%\System32\dimsntfy.dll
file: %SystemRoot%\System32\dimsntfy.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: WinLogon, ScCertProp
command: wlnotify.dll
file: wlnotify.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: WinLogon, Schedule
command: wlnotify.dll
file: wlnotify.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: WinLogon, sclgntfy
command: sclgntfy.dll
file: sclgntfy.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: WinLogon, SensLogn
command: WlNotify.dll
file: WlNotify.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: WinLogon, termsrv
command: wlnotify.dll
file: wlnotify.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: WinLogon, wlballoon
command: wlnotify.dll
file: wlnotify.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
--- Browser helper object list ---
{0055C089-8582-441B-A0BF-17B458C2A3A8} (IDM Helper)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name: IDM Helper
CLSID name: IDMIEHlprObj Class
description: Internet Download Manager
classification: Legitimate
known filename: IDMIECC.dll
info link:
info source: TonyKlein
Path: C:\Programme\Internet Download Manager\
Long name: IDMIECC.dll
Short name:
Date (created): 11.11.2009 21:10:32
Date (last access): 24.01.2010 12:59:16
Date (last write): 11.11.2009 21:48:32
Filesize: 173488
Attributes: archive
MD5: 27A6D46C01FD3409AB6718647EC62D20
CRC32: CBEC9EC2
Version: 5.18.5.0
{18DF081C-E8AD-4283-A596-FA578C2EBDC3} (AcroIEHelperStub)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name: AcroIEHelperStub
CLSID name: Adobe PDF Link Helper
Path: C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\
Long name: AcroIEHelperShim.dll
Short name: ACROIE~2.DLL
Date (created): 11.06.2008 22:33:16
Date (last access): 24.01.2010 12:22:30
Date (last write): 11.06.2008 22:33:16
Filesize: 75128
Attributes: archive
MD5: E96C752BBA0E22330A43258FC800200E
CRC32: E5D72083
Version: 9.0.0.332
{5C255C8A-E604-49b4-9D64-90988571CECB} ()
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name:
{9030D464-4C02-4ABF-8ECC-5164760863C6} (Windows Live Anmelde-Hilfsprogramm)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name: Windows Live Anmelde-Hilfsprogramm
Path: C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\
Long name: WindowsLiveLogin.dll
Short name: WINDOW~1.DLL
Date (created): 22.01.2009 15:41:30
Date (last access): 24.01.2010 12:55:56
Date (last write): 22.01.2009 15:41:30
Filesize: 408448
Attributes: archive
MD5: B7899C3E21B299D7A3C0DA96CAE340BD
CRC32: 288935F8
Version: 5.0.818.5
{AE7CD045-E861-484f-8273-0445EE161910} (Adobe PDF Conversion Toolbar Helper)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name: Adobe PDF Conversion Toolbar Helper
description: Adobe Acrobat
classification: Legitimate
known filename: AcroIEFavClient.dll
info link: http://www.adobe.com/products/acrobatpro/main.html
info source: TonyKlein
Path: C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\
Long name: AcroIEFavClient.dll
Short name: ACROIE~3.DLL
Date (created): 11.06.2008 22:42:44
Date (last access): 24.01.2010 12:55:56
Date (last write): 11.06.2008 22:42:44
Filesize: 345480
Attributes: archive
MD5: F2DCB030FBDD320F858871515C18C5D1
CRC32: AD54AC56
Version: 9.0.0.332
{DBC80044-A445-435b-BC74-9C25C1C588A9} (Java(tm) Plug-In 2 SSV Helper)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name: Java(tm) Plug-In 2 SSV Helper
Path: C:\Programme\Java\jre6\bin\
Long name: jp2ssv.dll
Short name:
Date (created): 11.01.2010 20:42:48
Date (last access): 24.01.2010 12:26:08
Date (last write): 11.01.2010 20:42:48
Filesize: 41760
Attributes: archive
MD5: 883EF2DD3C9F68691CE02DAAC7267D41
CRC32: C0FCD56C
Version: 6.0.180.7
{E7E6F031-17CE-4C07-BC86-EABFE594F69C} (JQSIEStartDetectorImpl)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name: JQSIEStartDetectorImpl
CLSID name: JQSIEStartDetectorImpl Class
Path: C:\Programme\Java\jre6\lib\deploy\jqs\ie\
Long name: jqs_plugin.dll
Short name: JQS_PL~1.DLL
Date (created): 11.01.2010 20:42:48
Date (last access): 24.01.2010 12:26:14
Date (last write): 11.01.2010 20:42:48
Filesize: 79648
Attributes: archive
MD5: FD60844F7DC0CF7C7AFA70B7EC6D0A7E
CRC32: 386E7BEE
Version: 6.0.180.7
{F4971EE7-DAA0-4053-9964-665D8EE6A077} (SmartSelect)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name: SmartSelect
CLSID name: SmartSelect Class
Path: C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\
Long name: AcroIEFavClient.dll
Short name: ACROIE~3.DLL
Date (created): 11.06.2008 22:42:44
Date (last access): 24.01.2010 12:55:56
Date (last write): 11.06.2008 22:42:44
Filesize: 345480
Attributes: archive
MD5: F2DCB030FBDD320F858871515C18C5D1
CRC32: AD54AC56
Version: 9.0.0.332
--- ActiveX list ---
{31435657-9980-0010-8000-00AA00389B71} ()
DPF name:
CLSID name:
Installer: C:\WINDOWS\Downloaded Program Files\wvc1dmo.inf
Codebase: http://download.microsoft.com/download/e/2/f/e2fcec4b-6c8b-48b7-adab-ab9c403a978f/wvc1dmo.cab
{6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager)
DPF name:
CLSID name: HP Download Manager
Installer: C:\WINDOWS\Downloaded Program Files\HPDEXAXO.inf
Codebase: https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
Path: C:\WINDOWS\Downloaded Program Files\
Long name: HPDEXAXO.dll
Short name:
Date (created): 18.10.2007 10:04:16
Date (last access): 24.01.2010 12:38:50
Date (last write): 18.10.2007 10:04:16
Filesize: 341296
Attributes: archive
MD5: CDE357CD3FC047F5C7D8B8345B6A42BF
CRC32: 7ABDC22F
Version: 1.0.5.1
{8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0)
DPF name: Java Runtime Environment 1.6.0
CLSID name: Java Plug-in 1.6.0_18
Installer:
Codebase: http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
description: Sun Java
classification: Legitimate
known filename: %PROGRAM FILES%\JabaSoft\JRE\*\Bin\npjava131.dll
info link:
info source: Patrick M. Kolla
Path: C:\Programme\Java\jre6\bin\
Long name: npjpi160_18.dll
Short name: NPJPI1~1.DLL
Date (created): 17.12.2009 15:02:50
Date (last access): 24.01.2010 12:26:10
Date (last write): 17.12.2009 17:14:02
Filesize: 136992
Attributes: archive
MD5: FD681B5B1CEC8B3181E63A3CC9A8C5EF
CRC32: 23BC9EDD
Version: 6.0.180.7
{CAFEEFAC-0015-0000-0012-ABCDEFFEDCBA} (Java Runtime Environment 1.5.0)
DPF name: Java Runtime Environment 1.5.0
CLSID name:
Installer:
Codebase: http://java.sun.com/update/1.5.0/jinstall-1_5_0_12-windows-i586.cab
{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} (Java Runtime Environment 1.6.0)
DPF name: Java Runtime Environment 1.6.0
CLSID name: Java Plug-in 1.6.0_18
Installer:
Codebase: http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
Path: C:\Programme\Java\jre6\bin\
Long name: npjpi160_18.dll
Short name: NPJPI1~1.DLL
Date (created): 17.12.2009 15:02:50
Date (last access): 24.01.2010 13:34:20
Date (last write): 17.12.2009 17:14:02
Filesize: 136992
Attributes: archive
MD5: FD681B5B1CEC8B3181E63A3CC9A8C5EF
CRC32: 23BC9EDD
Version: 6.0.180.7
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} (Java Runtime Environment 1.6.0)
DPF name: Java Runtime Environment 1.6.0
CLSID name: Java Plug-in 1.6.0_18
Installer:
Codebase: http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
description:
classification: Legitimate
known filename: npjpi150_06.dll
info link:
info source: Safer Networking Ltd.
Path: C:\Programme\Java\jre6\bin\
Long name: npjpi160_18.dll
Short name: NPJPI1~1.DLL
Date (created): 17.12.2009 15:02:50
Date (last access): 24.01.2010 13:34:20
Date (last write): 17.12.2009 17:14:02
Filesize: 136992
Attributes: archive
MD5: FD681B5B1CEC8B3181E63A3CC9A8C5EF
CRC32: 23BC9EDD
Version: 6.0.180.7
{E2883E8F-472F-4FB0-9522-AC9BF37916A7} ()
DPF name:
CLSID name:
Installer: C:\WINDOWS\Downloaded Program Files\gp.inf
Codebase: http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
--- Process list ---
PID: 0 ( 0) [System]
PID: 800 ( 4) \SystemRoot\System32\smss.exe
size: 50688
PID: 932 ( 800) \??\C:\WINDOWS\system32\csrss.exe
size: 6144
PID: 960 ( 800) \??\C:\WINDOWS\system32\winlogon.exe
size: 507392
PID: 1004 ( 960) C:\WINDOWS\system32\services.exe
size: 108544
MD5: EDB6B81761BD60F32F740BBC40AFB676
PID: 1016 ( 960) C:\WINDOWS\system32\lsass.exe
size: 13312
MD5: 183805EB05BCA5A1E4AAAED4D2BE3690
PID: 1168 (1004) C:\WINDOWS\system32\Ati2evxx.exe
size: 393216
MD5: ED8D753788232B81A7E8EF5D59EC3417
PID: 1184 (1004) C:\WINDOWS\system32\svchost.exe
size: 14336
MD5: 65A819B121EB6FDAB4400EA42BDFFE64
PID: 1260 (1004) C:\WINDOWS\system32\svchost.exe
size: 14336
MD5: 65A819B121EB6FDAB4400EA42BDFFE64
PID: 1300 (1004) C:\WINDOWS\System32\svchost.exe
size: 14336
MD5: 65A819B121EB6FDAB4400EA42BDFFE64
PID: 1364 (1004) C:\WINDOWS\system32\svchost.exe
size: 14336
MD5: 65A819B121EB6FDAB4400EA42BDFFE64
PID: 1492 (1004) C:\WINDOWS\system32\svchost.exe
size: 14336
MD5: 65A819B121EB6FDAB4400EA42BDFFE64
PID: 1824 (1004) C:\Programme\Avast4\aswUpdSv.exe
size: 18752
MD5: 5DEBC3519D489411073FA7E56FFB4A93
PID: 1872 (1004) C:\Programme\Avast4\ashServ.exe
size: 138680
MD5: 0AAF6B848185899CF76AE04E62EAB3D2
PID: 264 (1004) C:\WINDOWS\system32\spoolsv.exe
size: 57856
MD5: 54E7113A4BD696E430919BCAF5C65E06
PID: 584 ( 960) C:\WINDOWS\system32\Ati2evxx.exe
size: 393216
MD5: ED8D753788232B81A7E8EF5D59EC3417
PID: 688 ( 648) C:\Programme\Google\Update\1.2.183.13\GoogleCrashHandler.exe
size: 136176
MD5: 975A3190EB50EAC7AA89488233E18294
PID: 704 ( 620) C:\WINDOWS\Explorer.EXE
size: 1035264
MD5: 22FE1BE02EADDE1632E478E4125639E0
PID: 1056 ( 704) C:\PROGRA~1\Avast4\ashDisp.exe
size: 81000
MD5: 0A7E9FDF3BF1980CA09FEEAC7F52EFBC
PID: 1400 ( 704) C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe
size: 344064
MD5: 18C3A268621B200D202AD6A1C437F3A8
PID: 1476 ( 704) C:\Programme\Nitro PDF\Professional\NitroPDFPrinterMonitor.exe
size: 210208
MD5: 6555FF27D9761CBC3281B73AC579DBCB
PID: 1504 ( 704) C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe
size: 246504
MD5: E0D6538B62C79FCBF0B27F95FAF3208B
PID: 1652 (1004) C:\Programme\a-squared Free\a2service.exe
size: 1858144
MD5: 0ADFA052C927F2A214133E4DF2EF5AB0
PID: 1664 ( 704) C:\Programme\Internet Download Manager\IDMan.exe
size: 3171760
MD5: 5F388BDEEC0B430FE0E8A72C118EAF71
PID: 1736 (1004) C:\Programme\WIDCOMM\Bluetooth Software\bin\btwdins.exe
size: 258103
MD5: E3326F9E91CC32794D95164472754B43
PID: 1808 (1004) C:\Programme\Java\jre6\bin\jqs.exe
size: 153376
MD5: 77AC10DB097DFD0CD3071465B644D0AB
PID: 1964 ( 704) C:\Programme\WIDCOMM\Bluetooth Software\BTTray.exe
size: 577597
MD5: 8A4A3B1A0D38284A7A1C1D576E7C6ED2
PID: 288 (1004) C:\Programme\CDBurnerXP\NMSAccessU.exe
size: 71096
MD5: FD306FBCCE7ADB1077B709742E7148E9
PID: 440 ( 704) C:\Programme\AvaFind\AvaFind.exe
size: 295936
MD5: E7A2A5D5F5345364AC59ED81EDE6E713
PID: 560 ( 420) C:\WINDOWS\system32\svchost.exe
size: 14336
MD5: 65A819B121EB6FDAB4400EA42BDFFE64
PID: 580 (1004) C:\WINDOWS\system32\svchost.exe
size: 14336
MD5: 65A819B121EB6FDAB4400EA42BDFFE64
PID: 576 (1004) C:\Programme\S.A.D\CyberGhost VPN\CGVPNCliService.exe
size: 1940992
MD5: 97C72BC1B3CBDFAAD55906956D0E9D94
PID: 2156 (1184) C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
size: 1269844
MD5: AF38909D50B4F9B6E119C60C8F37B195
PID: 2696 (1004) C:\Programme\Avast4\ashMaiSv.exe
size: 254040
MD5: B2F564DC59B67763C73269E1A9DA7F18
PID: 2712 (1004) C:\Programme\Avast4\ashWebSv.exe
size: 352920
MD5: D86010C96ABADDA75356834D6113D37D
PID: 3224 (1004) C:\WINDOWS\system32\wbem\wmiapsrv.exe
size: 126464
MD5: 042A78FCD1ADFB0FBA9865D55C6F5CC1
PID: 3708 ( 704) C:\Programme\Spybot - Search & Destroy\SpybotSD.exe
size: 5365592
MD5: 0477C2F9171599CA5BC3307FDFBA8D89
PID: 3732 (1004) C:\WINDOWS\System32\alg.exe
size: 44544
MD5: 6596DD260FFDE1BDC994C1DF236307BB
PID: 620 (1664) C:\Programme\Internet Download Manager\IEMonitor.exe
size: 263600
MD5: 7896E733AF5A8DCE4B1C94C658AA3DF4
PID: 596 (3104) C:\Programme\Mozilla Firefox\3\firefox.exe
size: 908248
MD5: B4A8CA9A1EEEE32A4DC5D323A002ED3F
PID: 3168 (1300) C:\WINDOWS\system32\wuauclt.exe
size: 53472
MD5: 62BB79160F86CD962F312C68C6239BFD
PID: 3636 ( 704) C:\Programme\Safer Networking\RegAlyzer\RegAlyzer.exe
size: 3156208
MD5: EB62144848244C3768A855C6136289A7
PID: 3720 ( 704) C:\Programme\WinRAR\WinRAR.exe
size: 1037312
MD5: B6A214BACD0C5BE45C4D093032DD884B
PID: 3036 (3720) C:\DOKUME~1\Falk\LOKALE~1\Temp\Rar$EX00.078\RootAlyzer.exe
size: 3065008
MD5: 92B9267DC61E2556966565E1E03E7DCF
PID: 4 ( 0) System
--- Browser start & search pages list ---
Spybot - Search & Destroy browser pages report, 24.01.2010 13:34:29
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Local Page
C:\windows\system32\blank.htm
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Search Page
http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Start Page
http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Default_Search_URL
http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl\@
http://home.microsoft.com/access/autosearch.asp?p=%s
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Local Page
C:\windows\system32\blank.htm
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Search Page
http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Start Page
http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Page_URL
http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Search_URL
http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\SearchAssistant
http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\CustomizeSearch
http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
--- Winsock Layered Service Provider list ---
Protocol 0: MSAFD Tcpip [TCP/IP]
GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IP protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip
Protocol 1: MSAFD Tcpip [UDP/IP]
GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IP protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip
Protocol 2: MSAFD Tcpip [RAW/IP]
GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IP protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip
Protocol 3: RSVP UDP Service Provider
GUID: {9D60A9E0-337A-11D0-BD88-0000C082E69A}
Filename: %SystemRoot%\system32\rsvpsp.dll
Description: Microsoft Windows NT/2k/XP RVSP
DB filename: %SystemRoot%\system32\rsvpsp.dll
DB protocol: RSVP * Service Provider
Protocol 4: RSVP TCP Service Provider
GUID: {9D60A9E0-337A-11D0-BD88-0000C082E69A}
Filename: %SystemRoot%\system32\rsvpsp.dll
Description: Microsoft Windows NT/2k/XP RVSP
DB filename: %SystemRoot%\system32\rsvpsp.dll
DB protocol: RSVP * Service Provider
Protocol 5: MSAFD NetBIOS [\Device\NetBT_Tcpip_{D3516434-273B-4E6D-A521-320825E7A735}] SEQPACKET 8
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 6: MSAFD NetBIOS [\Device\NetBT_Tcpip_{D3516434-273B-4E6D-A521-320825E7A735}] DATAGRAM 8
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 7: MSAFD NetBIOS [\Device\NetBT_Tcpip_{B56E6369-1FA2-4B4D-9212-748C4ECA074D}] SEQPACKET 7
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 8: MSAFD NetBIOS [\Device\NetBT_Tcpip_{B56E6369-1FA2-4B4D-9212-748C4ECA074D}] DATAGRAM 7
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 9: MSAFD NetBIOS [\Device\NetBT_Tcpip_{6FCC0E68-0868-4699-A990-145D032B53B4}] SEQPACKET 6
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 10: MSAFD NetBIOS [\Device\NetBT_Tcpip_{6FCC0E68-0868-4699-A990-145D032B53B4}] DATAGRAM 6
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 11: MSAFD NetBIOS [\Device\NetBT_Tcpip_{D810E892-166E-44EC-8C1E-27F3FFE30F0E}] SEQPACKET 5
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 12: MSAFD NetBIOS [\Device\NetBT_Tcpip_{D810E892-166E-44EC-8C1E-27F3FFE30F0E}] DATAGRAM 5
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 13: MSAFD NetBIOS [\Device\NetBT_Tcpip_{B3C0712A-B86B-4F46-B583-0424DAA53677}] SEQPACKET 4
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 14: MSAFD NetBIOS [\Device\NetBT_Tcpip_{B3C0712A-B86B-4F46-B583-0424DAA53677}] DATAGRAM 4
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 15: MSAFD NetBIOS [\Device\NetBT_Tcpip_{12682195-65CA-44F6-A3EB-B8B342D8C490}] SEQPACKET 0
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 16: MSAFD NetBIOS [\Device\NetBT_Tcpip_{12682195-65CA-44F6-A3EB-B8B342D8C490}] DATAGRAM 0
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 17: MSAFD NetBIOS [\Device\NetBT_Tcpip_{C5359403-B36B-4DE6-BDFC-293F98DD21BA}] SEQPACKET 1
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 18: MSAFD NetBIOS [\Device\NetBT_Tcpip_{C5359403-B36B-4DE6-BDFC-293F98DD21BA}] DATAGRAM 1
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 19: MSAFD NetBIOS [\Device\NetBT_Tcpip_{271DF33F-8BBE-40EA-95D0-2C38C11CE322}] SEQPACKET 2
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 20: MSAFD NetBIOS [\Device\NetBT_Tcpip_{271DF33F-8BBE-40EA-95D0-2C38C11CE322}] DATAGRAM 2
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 21: MSAFD NetBIOS [\Device\NetBT_Tcpip_{4AEA63E7-D098-4C06-9A50-12044BEE1922}] SEQPACKET 3
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 22: MSAFD NetBIOS [\Device\NetBT_Tcpip_{4AEA63E7-D098-4C06-9A50-12044BEE1922}] DATAGRAM 3
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Namespace Provider 0: TCP/IP
GUID: {22059D40-7E9E-11CF-AE5A-00AA00A7112B}
Filename: %SystemRoot%\System32\mswsock.dll
Description: Microsoft Windows NT/2k/XP TCP/IP name space provider
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: TCP/IP
Namespace Provider 1: NTDS
GUID: {3B2637EE-E580-11CF-A555-00C04FD8D4AC}
Filename: %SystemRoot%\System32\winrnr.dll
Description: Microsoft Windows NT/2k/XP name space provider
DB filename: %SystemRoot%\system32\winrnr.dll
DB protocol: NTDS
Namespace Provider 2: NLA-Namespace
GUID: {6642243A-3BA8-4AA6-BAA5-2E0BD71FDD83}
Filename: %SystemRoot%\System32\mswsock.dll
Description: Microsoft Windows NT/2k/XP name space provider
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: NLA-Namespace
Spybot is not able to delete this entrys. Also after a reboot. Only the Win32.Winlagons.co he say, it is fixed. But after reboot, Spyboot found it again.
=================
"BEFORE you POST"(READ this Procedure BEFORE Requesting Assistance) (http://forums.spybot.info/showthread.php?t=288)
After a scan with Spybot i found some issues. I posting here the Jijack and Spybot Log File:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:41:15, on 24.01.2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\Avast4\aswUpdSv.exe
C:\Programme\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Programme\Google\Update\1.2.183.13\GoogleCrashHandler.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Avast4\ashDisp.exe
C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Programme\Nitro PDF\Professional\NitroPDFPrinterMonitor.exe
C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe
C:\Programme\a-squared Free\a2service.exe
C:\Programme\Internet Download Manager\IDMan.exe
C:\Programme\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Programme\Java\jre6\bin\jqs.exe
C:\Programme\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Programme\CDBurnerXP\NMSAccessU.exe
C:\Programme\AvaFind\AvaFind.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Programme\S.A.D\CyberGhost VPN\CGVPNCliService.exe
C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
C:\Programme\Avast4\ashMaiSv.exe
C:\Programme\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Programme\Spybot - Search & Destroy\SpybotSD.exe
C:\Programme\Internet Download Manager\IEMonitor.exe
C:\Programme\Mozilla Firefox\3\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Programme\Safer Networking\RegAlyzer\RegAlyzer.exe
C:\Programme\WinRAR\WinRAR.exe
C:\DOKUME~1\Falk\LOKALE~1\Temp\Rar$EX00.078\RootAlyzer.exe
C:\Programme\Trend Micro\HijackThis\HijackThis.exe
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Programme\Internet Download Manager\IDMIECC.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [ATIPTA] "C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [Nitro PDF Printer Monitor] "C:\Programme\Nitro PDF\Professional\NitroPDFPrinterMonitor.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe"
O4 - HKLM\..\RunOnce: [SpybotSnD] "C:\Programme\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
O4 - HKCU\..\Run: [IDMan] C:\Programme\Internet Download Manager\IDMan.exe /onboot
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Ava Find Professional 1.5.218.lnk = C:\Programme\AvaFind\AvaFind.exe
O4 - Global Startup: Bluetooth.lnk = ?
O8 - Extra context menu item: An vorhandene PDF-Datei anfügen - res://C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Download aller Links mit IDM - C:\Programme\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download FLV-Videoinhalt mit IDM - C:\Programme\Internet Download Manager\IEGetVL.htm
O8 - Extra context menu item: Download mit IDM - C:\Programme\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: In Adobe PDF konvertieren - res://C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Linkziel an vorhandene PDF-Datei anhängen - res://C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Linkziel in Adobe PDF konvertieren - res://C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Senden an &Bluetooth - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\GEMEIN~1\Skype\SKYPE4~1.DLL
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Programme\a-squared Free\a2service.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Programme\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Programme\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Programme\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Programme\Avast4\ashWebSv.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Programme\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: CyberGhost VPN Client (CGVPNCliSrvc) - mobile concepts GmbH - C:\Programme\S.A.D\CyberGhost VPN\CGVPNCliService.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Programme\Gemeinsame Dateien\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Programme\Google\Update\GoogleUpdate.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programme\Java\jre6\bin\jqs.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Programme\Gemeinsame Dateien\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: NMSAccessU - Unknown owner - C:\Programme\CDBurnerXP\NMSAccessU.exe
O23 - Service: Wechselmedien NtmsSvcNetDDEdsdm (NtmsSvcNetDDEdsdm) - Unknown owner - C:\WINDOWS\system32\aaaamono.exe
O23 - Service: ServiceLayer - Nokia - C:\Programme\PC Connectivity Solution\ServiceLayer.exe
--
End of file - 8461 bytes
--- Search result list ---
Win32.FraudLoad.edt: [SBI $990B0E99] Type library (Registry key, fixing failed)
HKEY_CLASSES_ROOT\TypeLib\{C20EE2D6-81C3-6A08-79C5-1989DA43BC19}
Win32.Winlagons.co: [SBI $FF316C53] Data (File, fixed)
C:\WINDOWS\system32\adsldpcb.sys
Properties.size=0
Properties.md5=D41D8CD98F00B204E9800998ECF8427E
--- Spybot - Search & Destroy version: 1.6.2 (build: 20090126) ---
2009-01-26 blindman.exe (1.0.0.8)
2009-01-26 SDFiles.exe (1.6.1.7)
2009-01-26 SDMain.exe (1.0.0.6)
2009-01-26 SDShred.exe (1.0.2.5)
2009-01-26 SDUpdate.exe (1.6.0.12)
2009-01-26 SpybotSD.exe (1.6.2.46)
2009-03-05 TeaTimer.exe (1.6.6.32)
2010-01-20 unins000.exe (51.49.0.0)
2009-01-26 Update.exe (1.6.0.7)
2009-11-04 advcheck.dll (1.6.5.20)
2007-04-02 aports.dll (2.1.0.0)
2008-06-14 DelZip179.dll (1.79.11.1)
2009-01-26 SDHelper.dll (1.6.2.14)
2008-06-19 sqlite3.dll
2009-01-26 Tools.dll (2.1.6.10)
2009-01-16 UninsSrv.dll (1.0.0.0)
2009-10-08 Includes\Adware.sbi (*)
2010-01-19 Includes\AdwareC.sbi (*)
2009-01-22 Includes\Cookies.sbi (*)
2009-11-03 Includes\Dialer.sbi (*)
2010-01-19 Includes\DialerC.sbi (*)
2009-01-22 Includes\HeavyDuty.sbi (*)
2009-05-26 Includes\Hijackers.sbi (*)
2010-01-19 Includes\HijackersC.sbi (*)
2010-01-20 Includes\Keyloggers.sbi (*)
2010-01-19 Includes\KeyloggersC.sbi (*)
2004-11-29 Includes\LSP.sbi (*)
2010-01-19 Includes\Malware.sbi (*)
2010-01-19 Includes\MalwareC.sbi (*)
2009-03-25 Includes\PUPS.sbi (*)
2010-01-19 Includes\PUPSC.sbi (*)
2009-01-22 Includes\Revision.sbi (*)
2009-01-13 Includes\Security.sbi (*)
2010-01-19 Includes\SecurityC.sbi (*)
2008-06-03 Includes\Spybots.sbi (*)
2008-06-03 Includes\SpybotsC.sbi (*)
2009-11-03 Includes\Spyware.sbi (*)
2010-01-19 Includes\SpywareC.sbi (*)
2009-06-08 Includes\Tracks.uti
2009-12-08 Includes\Trojans.sbi (*)
2010-01-19 Includes\TrojansC.sbi (*)
2008-03-04 Plugins\Chai.dll
2008-03-05 Plugins\Fennel.dll
2008-02-26 Plugins\Mate.dll
2007-12-24 Plugins\TCPIPAddress.dll
--- System information ---
Windows XP (Build: 2600) Service Pack 2 (5.1.2600)
/ MSXML4SP2: Security update for MSXML4 SP2 (KB954430)
/ MSXML4SP2: Security update for MSXML4 SP2 (KB973688)
/ Windows Media Player: Sicherheitsupdate für Windows Media Player (KB952069)
/ Windows Media Player: Sicherheitsupdate für Windows Media Player (KB954155)
/ Windows Media Player: Sicherheitsupdate für Windows Media Player (KB968816)
/ Windows Media Player: Sicherheitsupdate für Windows Media Player (KB973540)
/ Windows Media Player: Sicherheitsupdate für Windows Media Player (KB973540)
--- Startup entries list ---
Located: HK_LM:Run,
command:
file:
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: HK_LM:Run, ATIPTA
command: "C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe"
file: C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe
size: 344064
MD5: 18C3A268621B200D202AD6A1C437F3A8
Located: HK_LM:Run, avast!
command: C:\PROGRA~1\Avast4\ashDisp.exe
file: C:\PROGRA~1\Avast4\ashDisp.exe
size: 81000
MD5: 0A7E9FDF3BF1980CA09FEEAC7F52EFBC
Located: HK_LM:Run, Nitro PDF Printer Monitor
command: "C:\Programme\Nitro PDF\Professional\NitroPDFPrinterMonitor.exe"
file: C:\Programme\Nitro PDF\Professional\NitroPDFPrinterMonitor.exe
size: 210208
MD5: 6555FF27D9761CBC3281B73AC579DBCB
Located: HK_LM:Run, SunJavaUpdateSched
command: "C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe"
file: C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe
size: 246504
MD5: E0D6538B62C79FCBF0B27F95FAF3208B
Located: HK_LM:RunOnce, SpybotSnD
command: "C:\Programme\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
file: C:\Programme\Spybot - Search & Destroy\SpybotSD.exe
size: 5365592
MD5: 0477C2F9171599CA5BC3307FDFBA8D89
Located: HK_CU:Run, CTFMON.EXE
where: .DEFAULT...
command: C:\WINDOWS\system32\CTFMON.EXE
file: C:\WINDOWS\system32\CTFMON.EXE
size: 15360
MD5: 7CE20569925DF6789C31799F0C538F29
Located: HK_CU:Run, CTFMON.EXE
where: S-1-5-19...
command: C:\WINDOWS\system32\CTFMON.EXE
file: C:\WINDOWS\system32\CTFMON.EXE
size: 15360
MD5: 7CE20569925DF6789C31799F0C538F29
Located: HK_CU:Run, CTFMON.EXE
where: S-1-5-20...
command: C:\WINDOWS\system32\CTFMON.EXE
file: C:\WINDOWS\system32\CTFMON.EXE
size: 15360
MD5: 7CE20569925DF6789C31799F0C538F29
Located: HK_CU:Run, IDMan
where: S-1-5-21-1454471165-1957994488-725345543-1003...
command: C:\Programme\Internet Download Manager\IDMan.exe /onboot
file: C:\Programme\Internet Download Manager\IDMan.exe
size: 3171760
MD5: 5F388BDEEC0B430FE0E8A72C118EAF71
Located: HK_CU:Run, CTFMON.EXE
where: S-1-5-18...
command: C:\WINDOWS\system32\CTFMON.EXE
file: C:\WINDOWS\system32\CTFMON.EXE
size: 15360
MD5: 7CE20569925DF6789C31799F0C538F29
Located: Startup (common), Bluetooth.lnk
where: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart...
command: C:\Programme\WIDCOMM\Bluetooth Software\BTTray.exe
file: C:\Programme\WIDCOMM\Bluetooth Software\BTTray.exe
size: 577597
MD5: 8A4A3B1A0D38284A7A1C1D576E7C6ED2
Located: Startup (user), Ava Find Professional 1.5.218.lnk
where: C:\Dokumente und Einstellungen\Falk\Startmenü\Programme\Autostart...
command: C:\Programme\AvaFind\AvaFind.exe
file: C:\Programme\AvaFind\AvaFind.exe
size: 295936
MD5: E7A2A5D5F5345364AC59ED81EDE6E713
Located: Startup (disabled), WLAN network adaptor Wireless LAN Configuration (DISABLED)
command: C:\WINDOWS\system32\wlansta.exe /CONFIGURE
file: C:\WINDOWS\system32\wlansta.exe
size: 147527
MD5: 4E7608F75E0D0C906CCB34CDD01D8700
Located: WinLogon, AtiExtEvent
command: Ati2evxx.dll
file: Ati2evxx.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: WinLogon, crypt32chain
command: crypt32.dll
file: crypt32.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: WinLogon, cryptnet
command: cryptnet.dll
file: cryptnet.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: WinLogon, cscdll
command: cscdll.dll
file: cscdll.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: WinLogon, dimsntfy
command: %SystemRoot%\System32\dimsntfy.dll
file: %SystemRoot%\System32\dimsntfy.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: WinLogon, ScCertProp
command: wlnotify.dll
file: wlnotify.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: WinLogon, Schedule
command: wlnotify.dll
file: wlnotify.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: WinLogon, sclgntfy
command: sclgntfy.dll
file: sclgntfy.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: WinLogon, SensLogn
command: WlNotify.dll
file: WlNotify.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: WinLogon, termsrv
command: wlnotify.dll
file: wlnotify.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: WinLogon, wlballoon
command: wlnotify.dll
file: wlnotify.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
--- Browser helper object list ---
{0055C089-8582-441B-A0BF-17B458C2A3A8} (IDM Helper)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name: IDM Helper
CLSID name: IDMIEHlprObj Class
description: Internet Download Manager
classification: Legitimate
known filename: IDMIECC.dll
info link:
info source: TonyKlein
Path: C:\Programme\Internet Download Manager\
Long name: IDMIECC.dll
Short name:
Date (created): 11.11.2009 21:10:32
Date (last access): 24.01.2010 12:59:16
Date (last write): 11.11.2009 21:48:32
Filesize: 173488
Attributes: archive
MD5: 27A6D46C01FD3409AB6718647EC62D20
CRC32: CBEC9EC2
Version: 5.18.5.0
{18DF081C-E8AD-4283-A596-FA578C2EBDC3} (AcroIEHelperStub)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name: AcroIEHelperStub
CLSID name: Adobe PDF Link Helper
Path: C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\
Long name: AcroIEHelperShim.dll
Short name: ACROIE~2.DLL
Date (created): 11.06.2008 22:33:16
Date (last access): 24.01.2010 12:22:30
Date (last write): 11.06.2008 22:33:16
Filesize: 75128
Attributes: archive
MD5: E96C752BBA0E22330A43258FC800200E
CRC32: E5D72083
Version: 9.0.0.332
{5C255C8A-E604-49b4-9D64-90988571CECB} ()
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name:
{9030D464-4C02-4ABF-8ECC-5164760863C6} (Windows Live Anmelde-Hilfsprogramm)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name: Windows Live Anmelde-Hilfsprogramm
Path: C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\
Long name: WindowsLiveLogin.dll
Short name: WINDOW~1.DLL
Date (created): 22.01.2009 15:41:30
Date (last access): 24.01.2010 12:55:56
Date (last write): 22.01.2009 15:41:30
Filesize: 408448
Attributes: archive
MD5: B7899C3E21B299D7A3C0DA96CAE340BD
CRC32: 288935F8
Version: 5.0.818.5
{AE7CD045-E861-484f-8273-0445EE161910} (Adobe PDF Conversion Toolbar Helper)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name: Adobe PDF Conversion Toolbar Helper
description: Adobe Acrobat
classification: Legitimate
known filename: AcroIEFavClient.dll
info link: http://www.adobe.com/products/acrobatpro/main.html
info source: TonyKlein
Path: C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\
Long name: AcroIEFavClient.dll
Short name: ACROIE~3.DLL
Date (created): 11.06.2008 22:42:44
Date (last access): 24.01.2010 12:55:56
Date (last write): 11.06.2008 22:42:44
Filesize: 345480
Attributes: archive
MD5: F2DCB030FBDD320F858871515C18C5D1
CRC32: AD54AC56
Version: 9.0.0.332
{DBC80044-A445-435b-BC74-9C25C1C588A9} (Java(tm) Plug-In 2 SSV Helper)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name: Java(tm) Plug-In 2 SSV Helper
Path: C:\Programme\Java\jre6\bin\
Long name: jp2ssv.dll
Short name:
Date (created): 11.01.2010 20:42:48
Date (last access): 24.01.2010 12:26:08
Date (last write): 11.01.2010 20:42:48
Filesize: 41760
Attributes: archive
MD5: 883EF2DD3C9F68691CE02DAAC7267D41
CRC32: C0FCD56C
Version: 6.0.180.7
{E7E6F031-17CE-4C07-BC86-EABFE594F69C} (JQSIEStartDetectorImpl)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name: JQSIEStartDetectorImpl
CLSID name: JQSIEStartDetectorImpl Class
Path: C:\Programme\Java\jre6\lib\deploy\jqs\ie\
Long name: jqs_plugin.dll
Short name: JQS_PL~1.DLL
Date (created): 11.01.2010 20:42:48
Date (last access): 24.01.2010 12:26:14
Date (last write): 11.01.2010 20:42:48
Filesize: 79648
Attributes: archive
MD5: FD60844F7DC0CF7C7AFA70B7EC6D0A7E
CRC32: 386E7BEE
Version: 6.0.180.7
{F4971EE7-DAA0-4053-9964-665D8EE6A077} (SmartSelect)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name: SmartSelect
CLSID name: SmartSelect Class
Path: C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\
Long name: AcroIEFavClient.dll
Short name: ACROIE~3.DLL
Date (created): 11.06.2008 22:42:44
Date (last access): 24.01.2010 12:55:56
Date (last write): 11.06.2008 22:42:44
Filesize: 345480
Attributes: archive
MD5: F2DCB030FBDD320F858871515C18C5D1
CRC32: AD54AC56
Version: 9.0.0.332
--- ActiveX list ---
{31435657-9980-0010-8000-00AA00389B71} ()
DPF name:
CLSID name:
Installer: C:\WINDOWS\Downloaded Program Files\wvc1dmo.inf
Codebase: http://download.microsoft.com/download/e/2/f/e2fcec4b-6c8b-48b7-adab-ab9c403a978f/wvc1dmo.cab
{6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager)
DPF name:
CLSID name: HP Download Manager
Installer: C:\WINDOWS\Downloaded Program Files\HPDEXAXO.inf
Codebase: https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
Path: C:\WINDOWS\Downloaded Program Files\
Long name: HPDEXAXO.dll
Short name:
Date (created): 18.10.2007 10:04:16
Date (last access): 24.01.2010 12:38:50
Date (last write): 18.10.2007 10:04:16
Filesize: 341296
Attributes: archive
MD5: CDE357CD3FC047F5C7D8B8345B6A42BF
CRC32: 7ABDC22F
Version: 1.0.5.1
{8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0)
DPF name: Java Runtime Environment 1.6.0
CLSID name: Java Plug-in 1.6.0_18
Installer:
Codebase: http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
description: Sun Java
classification: Legitimate
known filename: %PROGRAM FILES%\JabaSoft\JRE\*\Bin\npjava131.dll
info link:
info source: Patrick M. Kolla
Path: C:\Programme\Java\jre6\bin\
Long name: npjpi160_18.dll
Short name: NPJPI1~1.DLL
Date (created): 17.12.2009 15:02:50
Date (last access): 24.01.2010 12:26:10
Date (last write): 17.12.2009 17:14:02
Filesize: 136992
Attributes: archive
MD5: FD681B5B1CEC8B3181E63A3CC9A8C5EF
CRC32: 23BC9EDD
Version: 6.0.180.7
{CAFEEFAC-0015-0000-0012-ABCDEFFEDCBA} (Java Runtime Environment 1.5.0)
DPF name: Java Runtime Environment 1.5.0
CLSID name:
Installer:
Codebase: http://java.sun.com/update/1.5.0/jinstall-1_5_0_12-windows-i586.cab
{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} (Java Runtime Environment 1.6.0)
DPF name: Java Runtime Environment 1.6.0
CLSID name: Java Plug-in 1.6.0_18
Installer:
Codebase: http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
Path: C:\Programme\Java\jre6\bin\
Long name: npjpi160_18.dll
Short name: NPJPI1~1.DLL
Date (created): 17.12.2009 15:02:50
Date (last access): 24.01.2010 13:34:20
Date (last write): 17.12.2009 17:14:02
Filesize: 136992
Attributes: archive
MD5: FD681B5B1CEC8B3181E63A3CC9A8C5EF
CRC32: 23BC9EDD
Version: 6.0.180.7
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} (Java Runtime Environment 1.6.0)
DPF name: Java Runtime Environment 1.6.0
CLSID name: Java Plug-in 1.6.0_18
Installer:
Codebase: http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
description:
classification: Legitimate
known filename: npjpi150_06.dll
info link:
info source: Safer Networking Ltd.
Path: C:\Programme\Java\jre6\bin\
Long name: npjpi160_18.dll
Short name: NPJPI1~1.DLL
Date (created): 17.12.2009 15:02:50
Date (last access): 24.01.2010 13:34:20
Date (last write): 17.12.2009 17:14:02
Filesize: 136992
Attributes: archive
MD5: FD681B5B1CEC8B3181E63A3CC9A8C5EF
CRC32: 23BC9EDD
Version: 6.0.180.7
{E2883E8F-472F-4FB0-9522-AC9BF37916A7} ()
DPF name:
CLSID name:
Installer: C:\WINDOWS\Downloaded Program Files\gp.inf
Codebase: http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
--- Process list ---
PID: 0 ( 0) [System]
PID: 800 ( 4) \SystemRoot\System32\smss.exe
size: 50688
PID: 932 ( 800) \??\C:\WINDOWS\system32\csrss.exe
size: 6144
PID: 960 ( 800) \??\C:\WINDOWS\system32\winlogon.exe
size: 507392
PID: 1004 ( 960) C:\WINDOWS\system32\services.exe
size: 108544
MD5: EDB6B81761BD60F32F740BBC40AFB676
PID: 1016 ( 960) C:\WINDOWS\system32\lsass.exe
size: 13312
MD5: 183805EB05BCA5A1E4AAAED4D2BE3690
PID: 1168 (1004) C:\WINDOWS\system32\Ati2evxx.exe
size: 393216
MD5: ED8D753788232B81A7E8EF5D59EC3417
PID: 1184 (1004) C:\WINDOWS\system32\svchost.exe
size: 14336
MD5: 65A819B121EB6FDAB4400EA42BDFFE64
PID: 1260 (1004) C:\WINDOWS\system32\svchost.exe
size: 14336
MD5: 65A819B121EB6FDAB4400EA42BDFFE64
PID: 1300 (1004) C:\WINDOWS\System32\svchost.exe
size: 14336
MD5: 65A819B121EB6FDAB4400EA42BDFFE64
PID: 1364 (1004) C:\WINDOWS\system32\svchost.exe
size: 14336
MD5: 65A819B121EB6FDAB4400EA42BDFFE64
PID: 1492 (1004) C:\WINDOWS\system32\svchost.exe
size: 14336
MD5: 65A819B121EB6FDAB4400EA42BDFFE64
PID: 1824 (1004) C:\Programme\Avast4\aswUpdSv.exe
size: 18752
MD5: 5DEBC3519D489411073FA7E56FFB4A93
PID: 1872 (1004) C:\Programme\Avast4\ashServ.exe
size: 138680
MD5: 0AAF6B848185899CF76AE04E62EAB3D2
PID: 264 (1004) C:\WINDOWS\system32\spoolsv.exe
size: 57856
MD5: 54E7113A4BD696E430919BCAF5C65E06
PID: 584 ( 960) C:\WINDOWS\system32\Ati2evxx.exe
size: 393216
MD5: ED8D753788232B81A7E8EF5D59EC3417
PID: 688 ( 648) C:\Programme\Google\Update\1.2.183.13\GoogleCrashHandler.exe
size: 136176
MD5: 975A3190EB50EAC7AA89488233E18294
PID: 704 ( 620) C:\WINDOWS\Explorer.EXE
size: 1035264
MD5: 22FE1BE02EADDE1632E478E4125639E0
PID: 1056 ( 704) C:\PROGRA~1\Avast4\ashDisp.exe
size: 81000
MD5: 0A7E9FDF3BF1980CA09FEEAC7F52EFBC
PID: 1400 ( 704) C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe
size: 344064
MD5: 18C3A268621B200D202AD6A1C437F3A8
PID: 1476 ( 704) C:\Programme\Nitro PDF\Professional\NitroPDFPrinterMonitor.exe
size: 210208
MD5: 6555FF27D9761CBC3281B73AC579DBCB
PID: 1504 ( 704) C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe
size: 246504
MD5: E0D6538B62C79FCBF0B27F95FAF3208B
PID: 1652 (1004) C:\Programme\a-squared Free\a2service.exe
size: 1858144
MD5: 0ADFA052C927F2A214133E4DF2EF5AB0
PID: 1664 ( 704) C:\Programme\Internet Download Manager\IDMan.exe
size: 3171760
MD5: 5F388BDEEC0B430FE0E8A72C118EAF71
PID: 1736 (1004) C:\Programme\WIDCOMM\Bluetooth Software\bin\btwdins.exe
size: 258103
MD5: E3326F9E91CC32794D95164472754B43
PID: 1808 (1004) C:\Programme\Java\jre6\bin\jqs.exe
size: 153376
MD5: 77AC10DB097DFD0CD3071465B644D0AB
PID: 1964 ( 704) C:\Programme\WIDCOMM\Bluetooth Software\BTTray.exe
size: 577597
MD5: 8A4A3B1A0D38284A7A1C1D576E7C6ED2
PID: 288 (1004) C:\Programme\CDBurnerXP\NMSAccessU.exe
size: 71096
MD5: FD306FBCCE7ADB1077B709742E7148E9
PID: 440 ( 704) C:\Programme\AvaFind\AvaFind.exe
size: 295936
MD5: E7A2A5D5F5345364AC59ED81EDE6E713
PID: 560 ( 420) C:\WINDOWS\system32\svchost.exe
size: 14336
MD5: 65A819B121EB6FDAB4400EA42BDFFE64
PID: 580 (1004) C:\WINDOWS\system32\svchost.exe
size: 14336
MD5: 65A819B121EB6FDAB4400EA42BDFFE64
PID: 576 (1004) C:\Programme\S.A.D\CyberGhost VPN\CGVPNCliService.exe
size: 1940992
MD5: 97C72BC1B3CBDFAAD55906956D0E9D94
PID: 2156 (1184) C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
size: 1269844
MD5: AF38909D50B4F9B6E119C60C8F37B195
PID: 2696 (1004) C:\Programme\Avast4\ashMaiSv.exe
size: 254040
MD5: B2F564DC59B67763C73269E1A9DA7F18
PID: 2712 (1004) C:\Programme\Avast4\ashWebSv.exe
size: 352920
MD5: D86010C96ABADDA75356834D6113D37D
PID: 3224 (1004) C:\WINDOWS\system32\wbem\wmiapsrv.exe
size: 126464
MD5: 042A78FCD1ADFB0FBA9865D55C6F5CC1
PID: 3708 ( 704) C:\Programme\Spybot - Search & Destroy\SpybotSD.exe
size: 5365592
MD5: 0477C2F9171599CA5BC3307FDFBA8D89
PID: 3732 (1004) C:\WINDOWS\System32\alg.exe
size: 44544
MD5: 6596DD260FFDE1BDC994C1DF236307BB
PID: 620 (1664) C:\Programme\Internet Download Manager\IEMonitor.exe
size: 263600
MD5: 7896E733AF5A8DCE4B1C94C658AA3DF4
PID: 596 (3104) C:\Programme\Mozilla Firefox\3\firefox.exe
size: 908248
MD5: B4A8CA9A1EEEE32A4DC5D323A002ED3F
PID: 3168 (1300) C:\WINDOWS\system32\wuauclt.exe
size: 53472
MD5: 62BB79160F86CD962F312C68C6239BFD
PID: 3636 ( 704) C:\Programme\Safer Networking\RegAlyzer\RegAlyzer.exe
size: 3156208
MD5: EB62144848244C3768A855C6136289A7
PID: 3720 ( 704) C:\Programme\WinRAR\WinRAR.exe
size: 1037312
MD5: B6A214BACD0C5BE45C4D093032DD884B
PID: 3036 (3720) C:\DOKUME~1\Falk\LOKALE~1\Temp\Rar$EX00.078\RootAlyzer.exe
size: 3065008
MD5: 92B9267DC61E2556966565E1E03E7DCF
PID: 4 ( 0) System
--- Browser start & search pages list ---
Spybot - Search & Destroy browser pages report, 24.01.2010 13:34:29
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Local Page
C:\windows\system32\blank.htm
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Search Page
http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Start Page
http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Default_Search_URL
http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl\@
http://home.microsoft.com/access/autosearch.asp?p=%s
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Local Page
C:\windows\system32\blank.htm
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Search Page
http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Start Page
http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Page_URL
http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Search_URL
http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\SearchAssistant
http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\CustomizeSearch
http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
--- Winsock Layered Service Provider list ---
Protocol 0: MSAFD Tcpip [TCP/IP]
GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IP protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip
Protocol 1: MSAFD Tcpip [UDP/IP]
GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IP protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip
Protocol 2: MSAFD Tcpip [RAW/IP]
GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IP protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip
Protocol 3: RSVP UDP Service Provider
GUID: {9D60A9E0-337A-11D0-BD88-0000C082E69A}
Filename: %SystemRoot%\system32\rsvpsp.dll
Description: Microsoft Windows NT/2k/XP RVSP
DB filename: %SystemRoot%\system32\rsvpsp.dll
DB protocol: RSVP * Service Provider
Protocol 4: RSVP TCP Service Provider
GUID: {9D60A9E0-337A-11D0-BD88-0000C082E69A}
Filename: %SystemRoot%\system32\rsvpsp.dll
Description: Microsoft Windows NT/2k/XP RVSP
DB filename: %SystemRoot%\system32\rsvpsp.dll
DB protocol: RSVP * Service Provider
Protocol 5: MSAFD NetBIOS [\Device\NetBT_Tcpip_{D3516434-273B-4E6D-A521-320825E7A735}] SEQPACKET 8
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 6: MSAFD NetBIOS [\Device\NetBT_Tcpip_{D3516434-273B-4E6D-A521-320825E7A735}] DATAGRAM 8
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 7: MSAFD NetBIOS [\Device\NetBT_Tcpip_{B56E6369-1FA2-4B4D-9212-748C4ECA074D}] SEQPACKET 7
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 8: MSAFD NetBIOS [\Device\NetBT_Tcpip_{B56E6369-1FA2-4B4D-9212-748C4ECA074D}] DATAGRAM 7
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 9: MSAFD NetBIOS [\Device\NetBT_Tcpip_{6FCC0E68-0868-4699-A990-145D032B53B4}] SEQPACKET 6
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 10: MSAFD NetBIOS [\Device\NetBT_Tcpip_{6FCC0E68-0868-4699-A990-145D032B53B4}] DATAGRAM 6
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 11: MSAFD NetBIOS [\Device\NetBT_Tcpip_{D810E892-166E-44EC-8C1E-27F3FFE30F0E}] SEQPACKET 5
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 12: MSAFD NetBIOS [\Device\NetBT_Tcpip_{D810E892-166E-44EC-8C1E-27F3FFE30F0E}] DATAGRAM 5
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 13: MSAFD NetBIOS [\Device\NetBT_Tcpip_{B3C0712A-B86B-4F46-B583-0424DAA53677}] SEQPACKET 4
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 14: MSAFD NetBIOS [\Device\NetBT_Tcpip_{B3C0712A-B86B-4F46-B583-0424DAA53677}] DATAGRAM 4
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 15: MSAFD NetBIOS [\Device\NetBT_Tcpip_{12682195-65CA-44F6-A3EB-B8B342D8C490}] SEQPACKET 0
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 16: MSAFD NetBIOS [\Device\NetBT_Tcpip_{12682195-65CA-44F6-A3EB-B8B342D8C490}] DATAGRAM 0
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 17: MSAFD NetBIOS [\Device\NetBT_Tcpip_{C5359403-B36B-4DE6-BDFC-293F98DD21BA}] SEQPACKET 1
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 18: MSAFD NetBIOS [\Device\NetBT_Tcpip_{C5359403-B36B-4DE6-BDFC-293F98DD21BA}] DATAGRAM 1
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 19: MSAFD NetBIOS [\Device\NetBT_Tcpip_{271DF33F-8BBE-40EA-95D0-2C38C11CE322}] SEQPACKET 2
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 20: MSAFD NetBIOS [\Device\NetBT_Tcpip_{271DF33F-8BBE-40EA-95D0-2C38C11CE322}] DATAGRAM 2
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 21: MSAFD NetBIOS [\Device\NetBT_Tcpip_{4AEA63E7-D098-4C06-9A50-12044BEE1922}] SEQPACKET 3
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Protocol 22: MSAFD NetBIOS [\Device\NetBT_Tcpip_{4AEA63E7-D098-4C06-9A50-12044BEE1922}] DATAGRAM 3
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *
Namespace Provider 0: TCP/IP
GUID: {22059D40-7E9E-11CF-AE5A-00AA00A7112B}
Filename: %SystemRoot%\System32\mswsock.dll
Description: Microsoft Windows NT/2k/XP TCP/IP name space provider
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: TCP/IP
Namespace Provider 1: NTDS
GUID: {3B2637EE-E580-11CF-A555-00C04FD8D4AC}
Filename: %SystemRoot%\System32\winrnr.dll
Description: Microsoft Windows NT/2k/XP name space provider
DB filename: %SystemRoot%\system32\winrnr.dll
DB protocol: NTDS
Namespace Provider 2: NLA-Namespace
GUID: {6642243A-3BA8-4AA6-BAA5-2E0BD71FDD83}
Filename: %SystemRoot%\System32\mswsock.dll
Description: Microsoft Windows NT/2k/XP name space provider
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: NLA-Namespace
Spybot is not able to delete this entrys. Also after a reboot. Only the Win32.Winlagons.co he say, it is fixed. But after reboot, Spyboot found it again.
=================
"BEFORE you POST"(READ this Procedure BEFORE Requesting Assistance) (http://forums.spybot.info/showthread.php?t=288)