Fehlermeldung beim Boot + Hijack Logfile Auswertung |
||
---|---|---|
#0
| ||
18.08.2007, 01:25
...neu hier
Beiträge: 7 |
||
|
||
18.08.2007, 07:13
Member
Beiträge: 62 |
#2
Hallo
Zitat Platform: Windows XP SP1 (WinNT 5.01.2600)Ohne SP2 zu surfen ist ein bisschen leichtsinnig. ;-) Beschädigte Systemdateien kannst du so reparieren. Start/Ausführen/cmd/ Kommandozeile sfc /scannow eingeben und Windows Original CD bereithalten. Gruss __________ *virustotal* *escan* |
|
|
||
18.08.2007, 13:13
...neu hier
Themenstarter Beiträge: 7 |
#3
ja, aber lt. google hab ich ein größeres Problem .
http://www.google.de/search?hl=de&q=winsys16_070307.dll&btnG=Google-Suche&meta= |
|
|
||
18.08.2007, 20:08
Member
Beiträge: 62 |
#4
Hallo,
ja, du hast ein größeres Problem. Bitte escan laufen lassen (Link in meiner Signatur) und poste hier das logfile. Dann sehen wir weiter. Gruss Felixx __________ *virustotal* *escan* |
|
|
||
20.08.2007, 14:02
...neu hier
Themenstarter Beiträge: 7 |
#5
starting as "C:\bases\findmwav.bat"
---------- C:\RESULTS.TXT Mon Aug 20 00:59:27 2007 => File C:\Dokumente und Einstellungen\Phil\Desktop\NetPumper-1.50-setup-0165.exe//data0079 infected by "Trojan.Win32.Obfuscated.en" Virus! Action Taken: No Action Taken. Mon Aug 20 01:37:02 2007 => File C:\Dokumente und Einstellungen\Phil\Desktop\NetPumper-1.50-setup-0165.exe//data0079 infected by "Trojan.Win32.Obfuscated.en" Virus! Action Taken: No Action Taken. Mon Aug 20 02:26:09 2007 => File C:\Programme\Creative\SBAudigy2ZS\Surround Mixer\eizmvbsm.dll//UPX infected by "Trojan-PSW.Win32.Agent.jy" Virus! Action Taken: No Action Taken. Mon Aug 20 02:26:09 2007 => File C:\Programme\Creative\SBAudigy2ZS\Surround Mixer\fflgplxc.dll//UPX infected by "Trojan-PSW.Win32.Agent.jy" Virus! Action Taken: No Action Taken. Mon Aug 20 02:26:12 2007 => File C:\Programme\Creative\SBAudigy2ZS\Surround Mixer\rigbhgwn.dll//UPX infected by "Trojan-PSW.Win32.Agent.jy" Virus! Action Taken: No Action Taken. Mon Aug 20 02:26:14 2007 => File C:\Programme\Creative\SBAudigy2ZS\Surround Mixer\uljoayog.dll//UPX infected by "Trojan-PSW.Win32.Agent.jy" Virus! Action Taken: No Action Taken. Mon Aug 20 04:40:43 2007 => File E:\Tools , Programme\norton\NAV\External\NORTON\NAVAPW32.exe infected by "Exe.Corrupted" Virus! Action Taken: No Action Taken. Mon Aug 20 04:41:53 2007 => File E:\Tools , Programme\norton\Norton.Antivirus.2004.PRO\NAV\EXTERNAL\NORTON\NAVAPW32.EXE infected by "Exe.Corrupted" Virus! Action Taken: No Action Taken. Mon Aug 20 06:21:07 2007 => File Z:\Programme\mIRC\logs\QuakeNet\De_Ja_VU.log infected by "IRC-Worm.Win32.Small.g" Virus! Action Taken: No Action Taken. Mon Aug 20 00:43:08 2007 => File C:\PROGRA~1\BEARSH~2\MediaBar.dll tagged as "not-a-virus:AdWare.Win32.Mostofate.aa". Action Taken: No Action Taken. Mon Aug 20 00:43:10 2007 => File C:\PROGRA~1\BEARSH~2\MediaBar.dll tagged as "not-a-virus:AdWare.Win32.Mostofate.aa". Action Taken: No Action Taken. Mon Aug 20 01:45:08 2007 => File C:\Dokumente und Einstellungen\Phil\Eigene Dateien\ICQ\XXX-XXX-XXX\yoyo_XXX-XXX-XXX\mspass.zip/mspass.exe tagged as "not-a-virusSWTool.Win32.Messen.106". No Action Taken. Mon Aug 20 01:45:10 2007 => File C:\Dokumente und Einstellungen\Phil\Eigene Dateien\ICQ\XXX-XXX-XXX\yoyo_XXX-XXX-XXX\SetupRevelationV2.exe//WISE0012.BIN tagged as "not-a-virusSWTool.Win32.SnadBoy.2011". No Action Taken. Mon Aug 20 01:46:50 2007 => File C:\Dokumente und Einstellungen\Phil\Eigene Dateien\ICQ Lite\XXX-XXX-XXX\yoyo_XXX-XXX-XXX\mspass.zip/mspass.exe tagged as "not-a-virusSWTool.Win32.Messen.106". No Action Taken. Mon Aug 20 01:46:51 2007 => File C:\Dokumente und Einstellungen\Phil\Eigene Dateien\ICQ Lite\XXX-XXX-XXX\yoyo_XXX-XXX-XXX\SetupRevelationV2.exe//WISE0012.BIN tagged as "not-a-virusSWTool.Win32.SnadBoy.2011". No Action Taken. Mon Aug 20 01:54:09 2007 => File C:\Program Files\mIRC\mirc.exe tagged as "not-a-virus:Client-IRC.Win32.mIRC.617". No Action Taken. Mon Aug 20 02:15:04 2007 => File C:\Programme\BearShare MediaBar\MediaBar.dll tagged as "not-a-virus:AdWare.Win32.Mostofate.aa". Action Taken: No Action Taken. Mon Aug 20 02:55:46 2007 => File C:\Programme\SnadBoy's Revelation v2\Revelation.exe tagged as "not-a-virusSWTool.Win32.SnadBoy.2011". No Action Taken. Mon Aug 20 02:55:46 2007 => File C:\Programme\SnadBoy's Revelation v2\RevelationHelper.dll tagged as "not-a-virusSWTool.Win32.SnadBoy.2011". No Action Taken. Mon Aug 20 04:18:04 2007 => File E:\Eigene Dateien\Installer\girc421_430.exe//stream//data0008 tagged as "not-a-virus:Client-IRC.Win32.mIRC.614". No Action Taken. Mon Aug 20 04:18:08 2007 => File E:\Eigene Dateien\Installer\girc432.exe//stream//data0009 tagged as "not-a-virus:Client-IRC.Win32.mIRC.616". No Action Taken. Mon Aug 20 04:18:27 2007 => File E:\Eigene Dateien\Installer\mirc616.exe//data0001.bin tagged as "not-a-virus:Client-IRC.Win32.mIRC.616". No Action Taken. Mon Aug 20 04:18:54 2007 => File E:\Eigene Dateien\Installer\netpumper-1.20.1-setup.exe//data0081/Sync.exe tagged as "not-a-virus:AdWare.Win32.SaveNow.v". Action Taken: No Action Taken. Mon Aug 20 04:24:34 2007 => File E:\Eigene Dateien\Krims Krams\girc430.exe//stream//data0009 tagged as "not-a-virus:Client-IRC.Win32.mIRC.614". No Action Taken. Mon Aug 20 04:24:52 2007 => File E:\Eigene Dateien\Krims Krams\netpumper-1[1].20.1-setup.exe//data0081/Sync.exe tagged as "not-a-virus:AdWare.Win32.SaveNow.v". Action Taken: No Action Taken. Mon Aug 20 04:34:01 2007 => File E:\System Volume Information\_restore{C65102B4-1CCA-48FD-86F8-DDF5638EC7F2}\RP699\A0761994.exe//stream//data0008 tagged as "not-a-virus:Client-IRC.Win32.mIRC.614". No Action Taken. Mon Aug 20 04:34:06 2007 => File E:\System Volume Information\_restore{C65102B4-1CCA-48FD-86F8-DDF5638EC7F2}\RP699\A0761995.exe//stream//data0009 tagged as "not-a-virus:Client-IRC.Win32.mIRC.616". No Action Taken. Mon Aug 20 04:34:22 2007 => File E:\System Volume Information\_restore{C65102B4-1CCA-48FD-86F8-DDF5638EC7F2}\RP699\A0762000.exe//data0001.bin tagged as "not-a-virus:Client-IRC.Win32.mIRC.616". No Action Taken. Mon Aug 20 04:34:49 2007 => File E:\System Volume Information\_restore{C65102B4-1CCA-48FD-86F8-DDF5638EC7F2}\RP699\A0762002.exe//data0081/Sync.exe tagged as "not-a-virus:AdWare.Win32.SaveNow.v". Action Taken: No Action Taken. Mon Aug 20 04:38:39 2007 => File E:\System Volume Information\_restore{C65102B4-1CCA-48FD-86F8-DDF5638EC7F2}\RP699\A0762255.exe//stream//data0009 tagged as "not-a-virus:Client-IRC.Win32.mIRC.614". No Action Taken. Mon Aug 20 04:38:44 2007 => File E:\System Volume Information\_restore{C65102B4-1CCA-48FD-86F8-DDF5638EC7F2}\RP699\A0762256.exe//data0081/Sync.exe tagged as "not-a-virus:AdWare.Win32.SaveNow.v". Action Taken: No Action Taken. Mon Aug 20 04:49:41 2007 => File Z:\Eigene Dateien\Installer\girc421_430.exe//stream//data0008 tagged as "not-a-virus:Client-IRC.Win32.mIRC.614". No Action Taken. Mon Aug 20 04:49:46 2007 => File Z:\Eigene Dateien\Installer\girc432.exe//stream//data0009 tagged as "not-a-virus:Client-IRC.Win32.mIRC.616". No Action Taken. Mon Aug 20 04:49:55 2007 => File Z:\Eigene Dateien\Installer\mirc616.exe//data0001.bin tagged as "not-a-virus:Client-IRC.Win32.mIRC.616". No Action Taken. Mon Aug 20 04:50:22 2007 => File Z:\Eigene Dateien\Installer\netpumper-1.20.1-setup.exe//data0081/Sync.exe tagged as "not-a-virus:AdWare.Win32.SaveNow.v". Action Taken: No Action Taken. Mon Aug 20 04:55:21 2007 => File Z:\Eigene Dateien\Krims Krams\girc430.exe//stream//data0009 tagged as "not-a-virus:Client-IRC.Win32.mIRC.614". No Action Taken. Mon Aug 20 04:55:31 2007 => File Z:\Eigene Dateien\Krims Krams\netpumper-1[1].20.1-setup.exe//data0081/Sync.exe tagged as "not-a-virus:AdWare.Win32.SaveNow.v". Action Taken: No Action Taken. Mon Aug 20 05:59:07 2007 => File Z:\mIRC6.178\mirc.exe tagged as "not-a-virus:Client-IRC.Win32.mIRC.617". No Action Taken. Mon Aug 20 06:21:23 2007 => File Z:\Programme\mIRC\mirc.exe tagged as "not-a-virus:Client-IRC.Win32.mIRC.617". No Action Taken. Mon Aug 20 06:23:36 2007 => File Z:\System Volume Information\_restore{C65102B4-1CCA-48FD-86F8-DDF5638EC7F2}\RP699\A0757201.exe//stream//data0009 tagged as "not-a-virus:Client-IRC.Win32.mIRC.616". No Action Taken. Mon Aug 20 06:23:38 2007 => File Z:\System Volume Information\_restore{C65102B4-1CCA-48FD-86F8-DDF5638EC7F2}\RP699\A0757208.exe//stream//data0008 tagged as "not-a-virus:Client-IRC.Win32.mIRC.614". No Action Taken. Mon Aug 20 01:05:58 2007 => System found infected with video activex access Trojan ({7e853d72-626a-48ec-a868-ba8d5e23e045})! Action taken: No Action Taken. Mon Aug 20 01:05:59 2007 => System found infected with whenu.savenow Spyware/Adware ({c285d18d-43a2-4aef-83fb-bf280e660a97})! Action taken: No Action Taken. Mon Aug 20 01:06:35 2007 => System found infected with spypal Spyware/Adware (C:\WINDOWS\system32\gdiplus.dll)! Action taken: No Action Taken. Mon Aug 20 01:06:35 2007 => System found infected with savenow Adware (C:\WINDOWS\system32\unrar.dll)! Action taken: No Action Taken. Mon Aug 20 01:06:01 2007 => Offending Key found: HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\netpumper_is1 !!! Mon Aug 20 01:06:02 2007 => Offending Key found: HKLM\Software\magnet !!! Mon Aug 20 01:06:02 2007 => Offending Key found: HKLM\Software\ptech !!! Mon Aug 20 01:06:02 2007 => Offending Key found: HKCU\Software\netpumper !!! Mon Aug 20 01:06:02 2007 => Offending Key found: HKCU\software\microsoft\internet explorer\menuext\download with netpumper !!! Mon Aug 20 01:06:02 2007 => Offending Key found: HKCU\software\microsoft\windows\currentversion\explorer\menuorder\start menu2\programs\netpumper !!! Mon Aug 20 01:06:03 2007 => Offending Key found: HKCU\\magnet !!! Mon Aug 20 01:06:07 2007 => Offending Folder found: C:\Dokumente und Einstellungen\Phil\Anwendungsdaten\icq\bart\1024 Mon Aug 20 01:06:09 2007 => Offending Folder found: C:\Dokumente und Einstellungen\Phil\Anwendungsdaten\netpumper Mon Aug 20 01:06:24 2007 => Offending Folder found: C:\Dokumente und Einstellungen\Phil\Anwendungsdaten\sopcast\adv Mon Aug 20 01:06:27 2007 => Offending Folder found: C:\Dokumente und Einstellungen\Phil\Eigene Dateien\icq\XXX-XXX-XXX\böcki_104686182\autos Mon Aug 20 01:06:28 2007 => Offending Folder found: C:\Dokumente und Einstellungen\Phil\Eigene Dateien\icq lite\XXX-XXX-XXX\böcki_104686182\autos Mon Aug 20 01:06:32 2007 => Offending Folder found: C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\cyberlink\powerdvd\ipower\images\hd Mon Aug 20 01:06:33 2007 => Offending Folder found: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\netpumper Mon Aug 20 01:06:33 2007 => Offending Folder found: C:\Dokumente und Einstellungen\All Users\Startmenü\programme\netpumper Mon Aug 20 01:06:34 2007 => Offending Folder found: C:\Dokumente und Einstellungen\Phil\Eigene Dateien\icq\XXX-XXX-XXX\böcki_104686182\autos Mon Aug 20 01:06:34 2007 => Offending Folder found: C:\Dokumente und Einstellungen\Phil\Eigene Dateien\icq lite\XXX-XXX-XXX\böcki_104686182\autos Mon Aug 20 01:06:35 2007 => Offending file found: C:\WINDOWS\system32\gdiplus.dll Mon Aug 20 01:06:35 2007 => Offending file found: C:\WINDOWS\system32\unrar.dll Mon Aug 20 01:06:01 2007 => Object "netpumper Spyware/Adware" found in File System! Action Taken: No Action Taken. Mon Aug 20 01:06:02 2007 => Object "grokster Spyware/Adware" found in File System! Action Taken: No Action Taken. Mon Aug 20 01:06:02 2007 => Object "prutect Spyware/Adware" found in File System! Action Taken: No Action Taken. Mon Aug 20 01:06:02 2007 => Object "netpumper Spyware/Adware" found in File System! Action Taken: No Action Taken. Mon Aug 20 01:06:02 2007 => Object "netpumper Spyware/Adware" found in File System! Action Taken: No Action Taken. Mon Aug 20 01:06:02 2007 => Object "netpumper Spyware/Adware" found in File System! Action Taken: No Action Taken. Mon Aug 20 01:06:03 2007 => Object "grokster Spyware/Adware" found in File System! Action Taken: No Action Taken. Mon Aug 20 01:06:07 2007 => Object "smitfraud Browser Hijacker" found in File System! Action Taken: No Action Taken. Mon Aug 20 01:06:09 2007 => Object "netpumper Spyware/Adware" found in File System! Action Taken: No Action Taken. Mon Aug 20 01:06:24 2007 => Object "titanshield antispyware Corrupted Adware/Spyware" found in File System! Action Taken: No Action Taken. Mon Aug 20 01:06:27 2007 => Object "gohip Spyware/Adware" found in File System! Action Taken: No Action Taken. Mon Aug 20 01:06:28 2007 => Object "gohip Spyware/Adware" found in File System! Action Taken: No Action Taken. Mon Aug 20 01:06:32 2007 => Object "wareout Adware" found in File System! Action Taken: No Action Taken. Mon Aug 20 01:06:33 2007 => Object "netpumper Spyware/Adware" found in File System! Action Taken: No Action Taken. Mon Aug 20 01:06:33 2007 => Object "netpumper Spyware/Adware" found in File System! Action Taken: No Action Taken. Mon Aug 20 01:06:34 2007 => Object "gohip Spyware/Adware" found in File System! Action Taken: No Action Taken. Mon Aug 20 01:06:34 2007 => Object "gohip Spyware/Adware" found in File System! Action Taken: No Action Taken. Mon Aug 20 06:58:42 2007 => Total Objects Scanned: 170393 Mon Aug 20 06:58:42 2007 => Total Critical Objects: 62 Mon Aug 20 06:58:42 2007 => Total Disinfected Objects: 0 Mon Aug 20 06:58:43 2007 => Total Objects Renamed: 0 Mon Aug 20 06:58:43 2007 => Total Deleted Objects: 0 Mon Aug 20 00:34:39 2007 => Virus Database Date: 8/18/2007 Mon Aug 20 00:34:39 2007 => Virus Database Count: 384790 Mon Aug 20 00:35:10 2007 => Virus Database Date: 8/20/2007 Mon Aug 20 00:35:10 2007 => Virus Database Count: 385258 Mon Aug 20 00:41:31 2007 => Virus Database Date: 8/20/2007 Mon Aug 20 00:41:31 2007 => Virus Database Count: 385258 Mon Aug 20 06:58:43 2007 => Virus Database Date: 8/20/2007 Mon Aug 20 06:58:43 2007 => Virus Database Count: 385258 Mon Aug 20 13:50:13 2007 => Virus Database Date: 8/20/2007 Mon Aug 20 13:50:13 2007 => Virus Database Count: 385258 |
|
|
||
20.08.2007, 14:39
Member
Beiträge: 694 |
#6
Hi,
gibt nicht viel was Du ausgelassen hast... Bitte das hier abarbeiten: http://board.protecus.de/t23188.htm - Erstellen eines Hijackthis-Logfiles (kannst Du weglassen, haben ja schon eins) - CleanUp (temporaeren Dateien loeschen) - Combofix Counterspy scanne und poste den scanreport (stelle vorher alles auf "remove") http://virus-protect.org/counterspy.html Danach noch mal bitte ein HJ-Log... chris |
|
|
||
20.08.2007, 20:22
...neu hier
Themenstarter Beiträge: 7 |
#7
hm von counterspy kp hab da keinen report gesehen nur sone ellen lange logfile , aber die war zu lang ich poste dann jez nochma den neuen HJ :
Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 20:20:38, on 20.08.2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\System32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\spoolsv.exe C:\Programme\AntiVir PersonalEdition Premium\avguard.exe C:\Programme\Lavasoft\Ad-Aware 2007\aawservice.exe C:\WINDOWS\Explorer.EXE C:\Programme\AntiVir PersonalEdition Premium\sched.exe C:\Programme\AntiVir PersonalEdition Premium\avesvc.exe C:\WINDOWS\System32\bgsvcgen.exe C:\WINDOWS\System32\CTsvcCDA.exe C:\Programme\Firebird\Firebird_1_5\bin\fbguard.exe C:\WINDOWS\System32\NMSSvc.exe C:\Programme\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe C:\WINDOWS\System32\MsPMSPSv.exe C:\Programme\AntiVir PersonalEdition Premium\avmailc.exe C:\Programme\Firebird\Firebird_1_5\bin\fbserver.exe C:\Programme\PTBSync\PTBSync.exe C:\Programme\Logitech\iTouch\iTouch.exe C:\Programme\AntiVir PersonalEdition Premium\avgnt.exe C:\Programme\MSN Messenger\msnmsgr.exe C:\Programme\Microsoft ActiveSync\wcescomm.exe C:\PROGRA~1\MICROS~3\rapimgr.exe C:\WINDOWS\System32\svchost.exe C:\Programme\MSN Messenger\usnsvc.exe C:\Programme\ICQ6\ICQ.exe C:\Programme\Sunbelt Software\CounterSpy\SBCSSvc.exe C:\Programme\Sunbelt Software\CounterSpy\SBCSTray.exe Z:\Programme\mIRC\mirc.exe C:\Programme\ATI Technologies\ATI.ACE\cli.exe C:\Programme\ATI Technologies\ATI.ACE\cli.exe C:\Programme\Sunbelt Software\CounterSpy\CounterSpy.exe c:\progra~1\window~2\wmplayer.exe C:\Programme\WinRAR\WinRAR.exe C:\DOKUME~1\Phil\LOKALE~1\Temp\Rar$EX00.906\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.live.com R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.de/0SEDEDE/SAOS01?FORM=TOOLBR R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll O2 - BHO: XTTBPos00 - {055FD26D-3A88-4e15-963D-DC8493744B1D} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Programme\BitComet\tools\BitCometBHO_1.1.3.28.dll O2 - BHO: Canon Easy Web Print Helper - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Programme\Canon\Easy-WebPrint\EWPBrowseLoader.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.5.0_06\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Alcohol Toolbar Helper - {8126A4A5-BFD3-46FE-BBDF-BFB5CF78E489} - C:\Programme\Alcohol Toolbar\v3.2.0.0\Alcohol_Toolbar.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: XBTP01621 - {9EBBE90B-282E-4c39-8A7E-120749169F0F} - C:\PROGRA~1\BEARSH~2\MediaBar.dll O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programme\Windows Live Toolbar\msntb.dll O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Programme\Canon\Easy-WebPrint\Toolband.dll O3 - Toolbar: Alcohol Toolbar - {ED4BD629-C1B6-4399-8A34-02CCAA921DC9} - C:\Programme\Alcohol Toolbar\v3.2.0.0\Alcohol_Toolbar.dll O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programme\Windows Live Toolbar\msntb.dll O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE O4 - HKLM\..\Run: [ATICCC] "C:\Programme\ATI Technologies\ATI.ACE\CLIStart.exe" O4 - HKLM\..\Run: [PTBSync] C:\Programme\PTBSync\PTBSync.exe /Start O4 - HKLM\..\Run: [zBrowser Launcher] C:\Programme\Logitech\iTouch\iTouch.exe O4 - HKLM\..\Run: [avgnt] "C:\Programme\AntiVir PersonalEdition Premium\avgnt.exe" /min O4 - HKLM\..\Run: [SBCSTray] C:\Programme\Sunbelt Software\CounterSpy\SBCSTray.exe O4 - HKCU\..\Run: [msnmsgr] "C:\Programme\MSN Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Programme\Microsoft ActiveSync\wcescomm.exe" O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Programme\Alcohol Soft\Alcohol 120\axcmd.exe" /automount O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOKALER DIENST') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETZWERKDIENST') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\Programme\ICQToolbar\toolbaru.dll/SEARCH.HTML O8 - Extra context menu item: &Windows Live Search - res://C:\Programme\Windows Live Toolbar\msntb.dll/search.htm O8 - Extra context menu item: Download all links using BitComet - res://C:\Programme\BitComet\BitComet.exe/AddAllLink.htm O8 - Extra context menu item: Download all videos using BitComet - res://C:\Programme\BitComet\BitComet.exe/AddVideo.htm O8 - Extra context menu item: Download link using &BitComet - res://C:\Programme\BitComet\BitComet.exe/AddLink.htm O8 - Extra context menu item: Easy-WebPrint - Drucken - res://C:\Programme\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html O8 - Extra context menu item: Easy-WebPrint - Schnelldruck - res://C:\Programme\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html O8 - Extra context menu item: Easy-WebPrint - Vorschau - res://C:\Programme\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html O8 - Extra context menu item: Easy-WebPrint - Zu Druckliste hinzufügen - res://C:\Programme\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra button: Absolute Poker - {13C1DBF6-7535-495c-91F6-8C13714ED485} - C:\Dokumente und Einstellungen\Phil\Startmenü\Programme\Absolute Poker\Absolute Poker.lnk O9 - Extra 'Tools' menuitem: Absolute Poker - {13C1DBF6-7535-495c-91F6-8C13714ED485} - C:\Dokumente und Einstellungen\Phil\Startmenü\Programme\Absolute Poker\Absolute Poker.lnk O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll O9 - Extra 'Tools' menuitem: Mobilen Favoriten erstellen... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll O9 - Extra button: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Poker\Titan Poker\casino.exe O9 - Extra 'Tools' menuitem: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Poker\Titan Poker\casino.exe O9 - Extra button: UltimateBet - {94148DB5-B42D-4915-95DA-2CBB4F7095BF} - C:\Programme\UltimateBet\UltimateBet.exe O9 - Extra 'Tools' menuitem: UltimateBet - {94148DB5-B42D-4915-95DA-2CBB4F7095BF} - C:\Programme\UltimateBet\UltimateBet.exe O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6\ICQ.exe O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6\ICQ.exe O9 - Extra button: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Programme\PartyGaming.Net\PartyPokerNet\RunPF.exe O9 - Extra 'Tools' menuitem: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Programme\PartyGaming.Net\PartyPokerNet\RunPF.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O9 - Extra button: Klicke hier um das Projekt xp-AntiSpy zu unterstützen - {0e921e80-267a-42aa-aee4-60b9a1222a44} - C:\Programme\xp-AntiSpy\sponsoring\sponsor.html (HKCU) O9 - Extra 'Tools' menuitem: Unterstützung für xp-AntiSpy - {0e921e80-267a-42aa-aee4-60b9a1222a44} - C:\Programme\xp-AntiSpy\sponsoring\sponsor.html (HKCU) O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/DE-DE/a-UNO1/GAME_UNO1.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1161564966625 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1178141481031 O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Programme\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: Adobe LM Service - Unknown owner - C:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: AntiVir PersonalEdition Premium MailGuard (AntiVirMailService) - Avira GmbH - C:\Programme\AntiVir PersonalEdition Premium\avmailc.exe O23 - Service: AntiVir PersonalEdition Premium Scheduler (AntiVirScheduler) - Avira GmbH - C:\Programme\AntiVir PersonalEdition Premium\sched.exe O23 - Service: AntiVir PersonalEdition Premium Guard (AntiVirService) - Avira GmbH - C:\Programme\AntiVir PersonalEdition Premium\avguard.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: AntiVir PersonalEdition Premium MailGuard helper service (AVEService) - Avira GmbH - C:\Programme\AntiVir PersonalEdition Premium\avesvc.exe O23 - Service: B's Recorder GOLD Library General Service (bgsvcgen) - B.H.A Corporation - C:\WINDOWS\System32\bgsvcgen.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe O23 - Service: Firebird Guardian - DefaultInstance (FirebirdGuardianDefaultInstance) - The Firebird Project - C:\Programme\Firebird\Firebird_1_5\bin\fbguard.exe O23 - Service: Firebird Server - DefaultInstance (FirebirdServerDefaultInstance) - The Firebird Project - C:\Programme\Firebird\Firebird_1_5\bin\fbserver.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Inc. - C:\Programme\iPod\bin\iPodService.exe O23 - Service: NBService - Nero AG - C:\Programme\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: Intel(R) NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\System32\NMSSvc.exe O23 - Service: Sunbelt CounterSpy Antispyware (SBCSSvc) - Sunbelt Software - C:\Programme\Sunbelt Software\CounterSpy\SBCSSvc.exe O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Programme\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe -- End of file - 11978 bytes |
|
|
||
21.08.2007, 07:37
Member
Beiträge: 694 |
#8
Hi,
Du solltest Bearshare und Partypoker entfernen, beide bringen Adware mit... O2 - BHO: XBTP01621 - {9EBBE90B-282E-4c39-8A7E-120749169F0F} - C:\PROGRA~1\BEARSH~2\MediaBar.dll O9 - Extra button: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Programme\PartyGaming.Net\PartyPokerNet\RunPF.exe O9 - Extra 'Tools' menuitem: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Programme\PartyGaming.Net\PartyPokerNet\RunPF.exe ... Dann sollten wir die Systemwiederherstellung noch säubern: Wenn der Rechner einwandfrei läuft abschließend alle Systemwiederherstellungspunkte löschen (das sind die: C:\System Volume Information\_restore - Dateien die gefunden wurden, d.h. der Trojaner wurde mit gesichert und wenn Du auf einen Restorepunkt zurück gehen solltest, dann ist er wieder da). Arbeitsplatz ->rechte Maus -> Eigenschaften -> Systemwiederherstellung -> anhaken: "Systemwiederherstellung auf allen Laufwerken deaktivieren" -> Übernehmen -> Sicherheitsabfrage OK -> Fenster mit OK schliessen -> neu Booten; Dann das gleiche nochmal nur das Häkchen entfernen (dann läuft sie wieder). Einen ersten Restorepunkt setzten: Start->Programme->Zubehör->Systemprogramme->Systemwiederherstellung->einen Wiederherstellungspunkt erstellen->weiter, Beschreibung ausdenken->Erstellen Chris |
|
|
||
21.08.2007, 13:55
...neu hier
Themenstarter Beiträge: 7 |
#9
Alles klar fettes danke
|
|
|
||
21.08.2007, 14:09
Member
Beiträge: 694 |
#10
Hi,
dadurch dass das Log von Counterspy fehlt, ist unklar was alles gelöscht wurde und was noch da ist.... Lass ihn noch mal laufen und hänge das log als Attachment an... Chris |
|
|
||
ich hab hijack laufen lassen + online auswertung und hab das "böse" gefixt, aber das hat nicht geholfen ich kopier euch mal meine aktuelle Logfile und hoffe auf Hilfe
Tyvm
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:10:13, on 12.08.2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\AntiVir PersonalEdition Premium\avguard.exe
C:\Programme\AntiVir PersonalEdition Premium\sched.exe
C:\Programme\AntiVir PersonalEdition Premium\avesvc.exe
C:\WINDOWS\System32\bgsvcgen.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Programme\Firebird\Firebird_1_5\bin\fbguard.exe
C:\WINDOWS\System32\NMSSvc.exe
C:\Programme\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Programme\AntiVir PersonalEdition Premium\avmailc.exe
C:\Programme\Firebird\Firebird_1_5\bin\fbserver.exe
C:\WINDOWS\System32\WgaTray.exe
C:\WINDOWS\Explorer.EXE
C:\Programme\PTBSync\PTBSync.exe
C:\Programme\Logitech\iTouch\iTouch.exe
C:\Programme\AntiVir PersonalEdition Premium\avgnt.exe
C:\Programme\Microsoft ActiveSync\wcescomm.exe
C:\PROGRA~1\MICROS~3\rapimgr.exe
C:\Programme\MSN Messenger\usnsvc.exe
C:\Programme\ICQ6\ICQ.exe
C:\WINDOWS\System32\svchost.exe
C:\DOKUME~1\Phil\LOKALE~1\Temp\Rar$EX00.907\HijackThis.exe
C:\Programme\Opera\Opera.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.de/0SEDEDE/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.de/0SEDEDE/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.live.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hao8.cc
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.de/0SEDEDE/SAOS01?FORM=TOOLBR
R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,rundll32.exe C:\WINDOWS\System32\winsys16_070307.dll start
O2 - BHO: XTTBPos00 - {055FD26D-3A88-4e15-963D-DC8493744B1D} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Programme\BitComet\tools\BitCometBHO_1.1.3.28.dll
O2 - BHO: Canon Easy Web Print Helper - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Programme\Canon\Easy-WebPrint\EWPBrowseLoader.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Alcohol Toolbar Helper - {8126A4A5-BFD3-46FE-BBDF-BFB5CF78E489} - C:\Programme\Alcohol Toolbar\v3.2.0.0\Alcohol_Toolbar.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: XBTP01621 - {9EBBE90B-282E-4c39-8A7E-120749169F0F} - C:\PROGRA~1\BEARSH~2\MediaBar.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programme\Windows Live Toolbar\msntb.dll
O2 - BHO: WMHlprObj Class - {F5824EFB-728A-4726-A5A5-85A68B20EDC3} - C:\PROGRA~2\CNNIC\Cdn\wmhlpr.dll (file missing)
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
O3 - Toolbar: BearShare MediaBar - {B7D3E479-CC68-42B5-A338-938ECE35F419} - C:\Programme\BearShare MediaBar\MediaBar.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Programme\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Alcohol Toolbar - {ED4BD629-C1B6-4399-8A34-02CCAA921DC9} - C:\Programme\Alcohol Toolbar\v3.2.0.0\Alcohol_Toolbar.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programme\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [ATICCC] "C:\Programme\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [PTBSync] C:\Programme\PTBSync\PTBSync.exe /Start
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Programme\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [avgnt] "C:\Programme\AntiVir PersonalEdition Premium\avgnt.exe" /min
O4 - HKCU\..\Run: [msnmsgr] "C:\Programme\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Programme\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Programme\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\Programme\ICQToolbar\toolbaru.dll/SEARCH.HTML
O8 - Extra context menu item: &Windows Live Search - res://C:\Programme\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Download all links using BitComet - res://C:\Programme\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: Download all videos using BitComet - res://C:\Programme\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: Download link using &BitComet - res://C:\Programme\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: Download with NetPumper - C:\Programme\NetPumper\AddUrl.htm
O8 - Extra context menu item: Easy-WebPrint - Drucken - res://C:\Programme\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html
O8 - Extra context menu item: Easy-WebPrint - Schnelldruck - res://C:\Programme\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint - Vorschau - res://C:\Programme\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint - Zu Druckliste hinzufügen - res://C:\Programme\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Absolute Poker - {13C1DBF6-7535-495c-91F6-8C13714ED485} - C:\Dokumente und Einstellungen\Phil\Startmenü\Programme\Absolute Poker\Absolute Poker.lnk
O9 - Extra 'Tools' menuitem: Absolute Poker - {13C1DBF6-7535-495c-91F6-8C13714ED485} - C:\Dokumente und Einstellungen\Phil\Startmenü\Programme\Absolute Poker\Absolute Poker.lnk
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra 'Tools' menuitem: Mobilen Favoriten erstellen... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Poker\Titan Poker\casino.exe
O9 - Extra 'Tools' menuitem: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Poker\Titan Poker\casino.exe
O9 - Extra button: Chinese Navigation - {5C3853CF-C7E0-4946-B3FA-1ABDB6F48108} - C:\PROGRA~2\CNNIC\Cdn\cdnuc.exe (file missing)
O9 - Extra 'Tools' menuitem: Chinese Navigation - {5C3853CF-C7E0-4946-B3FA-1ABDB6F48108} - C:\PROGRA~2\CNNIC\Cdn\cdnuc.exe (file missing)
O9 - Extra button: UltimateBet - {94148DB5-B42D-4915-95DA-2CBB4F7095BF} - C:\Programme\UltimateBet\UltimateBet.exe
O9 - Extra 'Tools' menuitem: UltimateBet - {94148DB5-B42D-4915-95DA-2CBB4F7095BF} - C:\Programme\UltimateBet\UltimateBet.exe
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6\ICQ.exe
O9 - Extra button: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Programme\PartyGaming.Net\PartyPokerNet\RunPF.exe
O9 - Extra 'Tools' menuitem: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Programme\PartyGaming.Net\PartyPokerNet\RunPF.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\MSMSGS.EXE
O9 - Extra button: Klicke hier um das Projekt xp-AntiSpy zu unterstützen - {0e921e80-267a-42aa-aee4-60b9a1222a44} - C:\Programme\xp-AntiSpy\sponsoring\sponsor.html (HKCU)
O9 - Extra 'Tools' menuitem: Unterstützung für xp-AntiSpy - {0e921e80-267a-42aa-aee4-60b9a1222a44} - C:\Programme\xp-AntiSpy\sponsoring\sponsor.html (HKCU)
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/DE-DE/a-UNO1/GAME_UNO1.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1161564966625
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1178141481031
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O23 - Service: Adobe LM Service - Unknown owner - C:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AntiVir PersonalEdition Premium MailGuard (AntiVirMailService) - Avira GmbH - C:\Programme\AntiVir PersonalEdition Premium\avmailc.exe
O23 - Service: AntiVir PersonalEdition Premium Scheduler (AntiVirScheduler) - Avira GmbH - C:\Programme\AntiVir PersonalEdition Premium\sched.exe
O23 - Service: AntiVir PersonalEdition Premium Guard (AntiVirService) - Avira GmbH - C:\Programme\AntiVir PersonalEdition Premium\avguard.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AntiVir PersonalEdition Premium MailGuard helper service (AVEService) - Avira GmbH - C:\Programme\AntiVir PersonalEdition Premium\avesvc.exe
O23 - Service: B's Recorder GOLD Library General Service (bgsvcgen) - B.H.A Corporation - C:\WINDOWS\System32\bgsvcgen.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: Firebird Guardian - DefaultInstance (FirebirdGuardianDefaultInstance) - The Firebird Project - C:\Programme\Firebird\Firebird_1_5\bin\fbguard.exe
O23 - Service: Firebird Server - DefaultInstance (FirebirdServerDefaultInstance) - The Firebird Project - C:\Programme\Firebird\Firebird_1_5\bin\fbserver.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Programme\iPod\bin\iPodService.exe
O23 - Service: NBService - Nero AG - C:\Programme\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: Intel(R) NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\System32\NMSSvc.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Programme\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
--
End of file - 12454 bytes