hatte vor kurzem den lirva-wurm auf meinem pc. doch nach erfolgreicher deinstallation, bekomme ich beim hochfahren des pc die meldung "die datei \RECYCLED\gAcDg951.exe (oder eine ihrer komponenten) wurde nicht gefunden. überprüfen sie...". kann das ein hinweis auf einen trojaner sein (mal ganz blöd gefragt) - die datei scheint in der autoexec.bat sehr wohl auf! außerdem fand ich in win.ini die zeile "run=hpfsched", habe auch gelesen, dass das auf einen trojaner hinweisen kann???
susi

Installiere Dir mal TrojanCheck und poste den Report der Autostart-Einträge.

Gorgo

welche einträge meinst du genau? bei autostart - standardeinträge steht nur: Office-Start.Ink und Photo Express Calendar Checker.

susi

Unter Startpunkte öffnet sich ein Pulldown-Menü, in dem die verschiedenen Autostart Methoden angezeigt werden. Einfach mal eins nach dem andren markieren und hier posten. [img]smile.gif[/img]
Eigentlich müsste der Eintrag in der Registry stehen, also fang mal damit an.

Gorgo

Da ich mich zu wenig auskenne, habe ich alles gepostet:

HKEY_CURRENT_USER Software\Microsoft\Windows\CurrentVersion\Run Taskbar Display Controls RunDLL deskcp16.dll,QUICKRES_RUNDLLENTRY
HKEY_LOCAL_MACHINE Software\Microsoft\Windows\CurrentVersion\Run ScanRegistry C:\WINDOWS\scanregw.exe /autorun
HKEY_LOCAL_MACHINE Software\Microsoft\Windows\CurrentVersion\Run TaskMonitor C:\WINDOWS\taskmon.exe
HKEY_LOCAL_MACHINE Software\Microsoft\Windows\CurrentVersion\Run SystemTray SysTray.Exe
HKEY_LOCAL_MACHINE Software\Microsoft\Windows\CurrentVersion\Run ATIGART c:\ati\gart\atigart.exe
HKEY_LOCAL_MACHINE Software\Microsoft\Windows\CurrentVersion\Run AtiPTA Atiptaaa.exe
HKEY_LOCAL_MACHINE Software\Microsoft\Windows\CurrentVersion\Run AtiCwd32 Aticwd32.exe
HKEY_LOCAL_MACHINE Software\Microsoft\Windows\CurrentVersion\Run SaitekAutoConfigure "C:\Programme\Saitek plc\Saitek Gaming Extensions\saicnfig.exe" /autorun
HKEY_LOCAL_MACHINE Software\Microsoft\Windows\CurrentVersion\Run PE2CKFNT SE C:\Programme\Ulead Systems\Ulead Photo Express 2 SE\ChkFont.exe
HKEY_LOCAL_MACHINE Software\Microsoft\Windows\CurrentVersion\Run InstantAccess C:\PROGRA~1\TEXTBR~1.0\BIN\INSTAN~1.EXE /h
HKEY_LOCAL_MACHINE Software\Microsoft\Windows\CurrentVersion\Run RegisterDropHandler C:\PROGRA~1\TEXTBR~1.0\BIN\REGIST~1.EXE
HKEY_LOCAL_MACHINE Software\Microsoft\Windows\CurrentVersion\Run SideWinderTrayV4 C:\PROGRA~1\MICROS~3\GAMECO~1\COMMON\SWTRAYV4.EXE
HKEY_LOCAL_MACHINE Software\Microsoft\Windows\CurrentVersion\Run RealTray C:\Programme\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
HKEY_LOCAL_MACHINE Software\Microsoft\Windows\CurrentVersion\Run EM_EXEC C:\PROGRA~1\LOGITECH\MOUSEW~1\SYSTEM\EM_EXEC.EXE
HKEY_LOCAL_MACHINE Software\Microsoft\Windows\CurrentVersion\Run LaunchAttuneSetup C:\WINDOWS\SYSTEM\msiexec.exe /i "D:\Corel\Graphics10\Aveo\09\01\attune.msi" /q
HKEY_LOCAL_MACHINE Software\Microsoft\Windows\CurrentVersion\Run QuickTime Task C:\WINDOWS\SYSTEM\QTTASK.EXE
HKEY_LOCAL_MACHINE Software\Microsoft\Windows\CurrentVersion\Run SpeedTouch USB Diagnostics "C:\Programme\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon
HKEY_LOCAL_MACHINE Software\Microsoft\Windows\CurrentVersion\Run LoadPowerProfile Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
HKEY_LOCAL_MACHINE Software\Microsoft\Windows\CurrentVersion\Run jservice C:\PROGRAMME\AONINFORMER\INFORMER.exe
HKEY_LOCAL_MACHINE Software\Microsoft\Windows\CurrentVersion\Run AtiQiPcl AtiQiPcl.exe
HKEY_LOCAL_MACHINE Software\Microsoft\Windows\CurrentVersion\Run AVGCtrl C:\PROGRA~1\AVPERS~1\AVGCTRL.EXE /min
HKEY_LOCAL_MACHINE Software\Microsoft\Windows\CurrentVersion\Run AT-Watch C:\Programme\Anti-Trojan-55\ATWatch.exe
HKEY_LOCAL_MACHINE Software\Microsoft\Windows\CurrentVersion\Run Anti-Trojan-Watch C:\PROGRAMME\ANTI-TROJAN-55\ATWatch.exe
HKEY_LOCAL_MACHINE Software\Microsoft\Windows\CurrentVersion\RunServices RegisterDropHandler C:\PROGRA~1\TEXTBR~1.0\BIN\REGIST~1.EXE
HKEY_LOCAL_MACHINE Software\Microsoft\Windows\CurrentVersion\RunServices LoadPowerProfile Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
HKEY_LOCAL_MACHINE Software\Microsoft\Windows\CurrentVersion\RunServices SchedulingAgent mstask.exe

Registry - Shell Spawning
Hauptschlüssel
(Rootkey) Schlüssel Wert Inhalt
HKEY_CLASSES_ROOT \exefile\shell\open\command "%1" %*
HKEY_CLASSES_ROOT \comfile\shell\open\command "%1" %*
HKEY_CLASSES_ROOT \batfile\shell\open\command "%1" %*
HKEY_CLASSES_ROOT \htafile\Shell\open\Command C:\WINDOWS\SYSTEM\MSHTA.EXE "%1" %*
HKEY_CLASSES_ROOT \piffile\shell\open\command "%1" %*

Registry - Active Setup
Hauptschlüssel
(Rootkey) Schlüssel Wert Inhalt
HKEY_LOCAL_MACHINE \Software\Microsoft\Active Setup\Installed Components\SetupcPerUser StubPath rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection SetupcPerUser 64 C:\WINDOWS\INF\setupc.inf
HKEY_LOCAL_MACHINE \Software\Microsoft\Active Setup\Installed Components\AppletsPerUser StubPath rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection AppletsPerUser 64 C:\WINDOWS\INF\applets.inf
HKEY_LOCAL_MACHINE \Software\Microsoft\Active Setup\Installed Components\FontsPerUser StubPath rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection FontsPerUser 64 C:\WINDOWS\INF\fonts.inf
HKEY_LOCAL_MACHINE \Software\Microsoft\Active Setup\Installed Components\{5A8D6EE0-3E18-11D0-821E-444553540000} StubPath rundll32.exe advpack.dll,LaunchINFSectionEx C:\WINDOWS\INF\icw.inf,PerUserStub,,36
HKEY_LOCAL_MACHINE \Software\Microsoft\Active Setup\Installed Components\PerUser_ICW_Inis StubPath rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection PerUser_ICW_Inis 0 C:\WINDOWS\INF\icw97.inf
HKEY_LOCAL_MACHINE \Software\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4383} StubPath rundll32.exe advpack.dll,UserInstStubWrapper {89820200-ECBD-11cf-8B85-00AA005B4383}
HKEY_LOCAL_MACHINE \Software\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4395} StubPath rundll32.exe advpack.dll,LaunchINFSectionEx C:\WINDOWS\SYSTEM\ie4uinit.inf,Shell.UserStub,,36
HKEY_LOCAL_MACHINE \Software\Microsoft\Active Setup\Installed Components\>PerUser_MSN_Clean StubPath C:\WINDOWS\msnmgsr1.exe
HKEY_LOCAL_MACHINE \Software\Microsoft\Active Setup\Installed Components\{CA0A4247-44BE-11d1-A005-00805F8ABE06} StubPath RunDLL setupx.dll,InstallHinfSection PowerCfg.user 0 powercfg.inf
HKEY_LOCAL_MACHINE \Software\Microsoft\Active Setup\Installed Components\PerUser_Msinfo StubPath rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection PerUser_Msinfo 64 C:\WINDOWS\INF\msinfo.inf
HKEY_LOCAL_MACHINE \Software\Microsoft\Active Setup\Installed Components\PerUser_Msinfo2 StubPath rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection PerUser_Msinfo2 64 C:\WINDOWS\INF\msinfo.inf
HKEY_LOCAL_MACHINE \Software\Microsoft\Active Setup\Installed Components\MotownMmsysPerUser StubPath rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection MotownMmsysPerUser 64 C:\WINDOWS\INF\motown.inf
HKEY_LOCAL_MACHINE \Software\Microsoft\Active Setup\Installed Components\MotownAvivideoPerUser StubPath rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection MotownAvivideoPerUser 64 C:\WINDOWS\INF\motown.inf
HKEY_LOCAL_MACHINE \Software\Microsoft\Active Setup\Installed Components\{22d6f312-b0f6-11d0-94ab-0080c74c7e95} StubPath rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\mplayer2.inf,PerUserStub
HKEY_LOCAL_MACHINE \Software\Microsoft\Active Setup\Installed Components\{2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} StubPath
HKEY_LOCAL_MACHINE \Software\Microsoft\Active Setup\Installed Components\MotownMPlayPerUser StubPath rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection MotownMPlayPerUser 64 C:\WINDOWS\INF\mplay98.inf
HKEY_LOCAL_MACHINE \Software\Microsoft\Active Setup\Installed Components\PerUser_Base StubPath rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection PerUser_Base 64 C:\WINDOWS\INF\msmail.inf
HKEY_LOCAL_MACHINE \Software\Microsoft\Active Setup\Installed Components\ShellPerUser StubPath rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection ShellPerUser 64 C:\WINDOWS\INF\shell.inf
HKEY_LOCAL_MACHINE \Software\Microsoft\Active Setup\Installed Components\Shell2PerUser StubPath rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection Shell2PerUser 64 C:\WINDOWS\INF\shell2.inf
HKEY_LOCAL_MACHINE \Software\Microsoft\Active Setup\Installed Components\PerUser_winbase_Links StubPath rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection PerUser_winbase_Links 64 C:\WINDOWS\INF\subase.inf
HKEY_LOCAL_MACHINE \Software\Microsoft\Active Setup\Installed Components\PerUser_winapps_Links StubPath rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection PerUser_winapps_Links 64 C:\WINDOWS\INF\subase.inf
HKEY_LOCAL_MACHINE \Software\Microsoft\Active Setup\Installed Components\PerUser_LinkBar_URLs StubPath C:\WINDOWS\COMMAND\sulfnbk.exe /L
HKEY_LOCAL_MACHINE \Software\Microsoft\Active Setup\Installed Components\TapiPerUser StubPath rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection TapiPerUser 64 C:\WINDOWS\INF\tapi.inf
HKEY_LOCAL_MACHINE \Software\Microsoft\Active Setup\Installed Components\{73fa19d0-2d75-11d2-995d-00c04f98bbc9} StubPath rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\webfdr16.inf,PerUserStub.Install,1
HKEY_LOCAL_MACHINE \Software\Microsoft\Active Setup\Installed Components\PerUserOldLinks StubPath rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection PerUserOldLinks 64 C:\WINDOWS\INF\appletpp.inf
HKEY_LOCAL_MACHINE \Software\Microsoft\Active Setup\Installed Components\MmoptRegisterPerUser StubPath rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection MmoptRegisterPerUser 64 C:\WINDOWS\INF\mmopt.inf
HKEY_LOCAL_MACHINE \Software\Microsoft\Active Setup\Installed Components\OlsPerUser StubPath rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection OlsPerUser 64 C:\WINDOWS\INF\ols.inf
HKEY_LOCAL_MACHINE \Software\Microsoft\Active Setup\Installed Components\OlsMsnPerUser StubPath rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection OlsMsnPerUser 64 C:\WINDOWS\INF\ols.inf
HKEY_LOCAL_MACHINE \Software\Microsoft\Active Setup\Installed Components\PerUser_Paint_Inis StubPath rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection PerUser_Paint_Inis 64 C:\WINDOWS\INF\applets.inf
HKEY_LOCAL_MACHINE \Software\Microsoft\Active Setup\Installed Components\PerUser_Calc_Inis StubPath rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection PerUser_Calc_Inis 64 C:\WINDOWS\INF\applets.inf
HKEY_LOCAL_MACHINE \Software\Microsoft\Active Setup\Installed Components\PerUser_dxxspace_Links StubPath rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection PerUser_dxxspace_Links 64 C:\WINDOWS\INF\applets1.inf
HKEY_LOCAL_MACHINE \Software\Microsoft\Active Setup\Installed Components\PerUser_CVT_Inis StubPath rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection PerUser_CVT_Inis 64 C:\WINDOWS\INF\applets1.inf
HKEY_LOCAL_MACHINE \Software\Microsoft\Active Setup\Installed Components\MotownRecPerUser StubPath rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection MotownRecPerUser 64 C:\WINDOWS\INF\motown.inf
HKEY_LOCAL_MACHINE \Software\Microsoft\Active Setup\Installed Components\PerUser_Vol StubPath rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection PerUser_Vol 64 C:\WINDOWS\INF\motown.inf
HKEY_LOCAL_MACHINE \Software\Microsoft\Active Setup\Installed Components\PerUser_MSWordPad_Inis StubPath rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection PerUser_MSWordPad_Inis 64 C:\WINDOWS\INF\wordpad.inf
HKEY_LOCAL_MACHINE \Software\Microsoft\Active Setup\Installed Components\PerUser_RNA_Inis StubPath rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection PerUser_RNA_Inis 64 C:\WINDOWS\INF\rna.inf
HKEY_LOCAL_MACHINE \Software\Microsoft\Active Setup\Installed Components\PerUser_Wingames_Inis StubPath rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection PerUser_Wingames_Inis 64 C:\WINDOWS\INF\appletpp.inf
HKEY_LOCAL_MACHINE \Software\Microsoft\Active Setup\Installed Components\PerUser_Dialer_Inis StubPath rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection PerUser_Dialer_Inis 64 C:\WINDOWS\INF\appletpp.inf
HKEY_LOCAL_MACHINE \Software\Microsoft\Active Setup\Installed Components\PerUser_CDPlayer_Inis StubPath rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection PerUser_CDPlayer_Inis 64 C:\WINDOWS\INF\mmopt.inf
HKEY_LOCAL_MACHINE \Software\Microsoft\Active Setup\Installed Components\{44BBA842-CC51-11CF-AAFA-00AA00B6015C} StubPath rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.W95
HKEY_LOCAL_MACHINE \Software\Microsoft\Active Setup\Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C} StubPath rundll32.exe advpack.dll,UserInstStubWrapper {44BBA840-CC51-11CF-AAFA-00AA00B6015C}
HKEY_LOCAL_MACHINE \Software\Microsoft\Active Setup\Installed Components\{7790769C-0471-11d2-AF11-00C04FA35D02} StubPath rundll32.exe advpack.dll,UserInstStubWrapper {7790769C-0471-11d2-AF11-00C04FA35D02}
HKEY_LOCAL_MACHINE \Software\Microsoft\Active Setup\Installed Components\OlsAolPerUser StubPath rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection OlsAolPerUser 64 C:\WINDOWS\INF\ols.inf
HKEY_LOCAL_MACHINE \Software\Microsoft\Active Setup\Installed Components\OlsCompuservePerUser StubPath rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection OlsCompuservePerUser 64 C:\WINDOWS\INF\ols.inf
HKEY_LOCAL_MACHINE \Software\Microsoft\Active Setup\Installed Components\Shell3PerUser StubPath rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection Shell3PerUser 64 C:\WINDOWS\INF\shell3.inf
HKEY_LOCAL_MACHINE \Software\Microsoft\Active Setup\Installed Components\Theme_Windows_PerUser StubPath rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection Themes_Windows_PerUser 0 C:\WINDOWS\INF\themes.inf
HKEY_LOCAL_MACHINE \Software\Microsoft\Active Setup\Installed Components\Theme_MoreWindows_PerUser StubPath rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection Themes_MoreWindows_PerUser 0 C:\WINDOWS\INF\themes.inf
HKEY_LOCAL_MACHINE \Software\Microsoft\Active Setup\Installed Components\>IEPerUser StubPath RUNDLL32.EXE IEDKCS32.DLL,BrandIE4 SIGNUP
HKEY_LOCAL_MACHINE \Software\Microsoft\Active Setup\Installed Components\PerUser_DCC_Inis StubPath rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection PerUser_DCC_Inis 64 C:\WINDOWS\INF\rna.inf
HKEY_LOCAL_MACHINE \Software\Microsoft\Active Setup\Installed Components\{11820ee0-b3c2-11d1-9948-00c04f98bbc9} StubPath
HKEY_LOCAL_MACHINE \Software\Microsoft\Active Setup\Installed Components\{23064720-c4f8-11d1-994d-00c04f98bbc9} StubPath
HKEY_LOCAL_MACHINE \Software\Microsoft\Active Setup\Installed Components\{44BBA851-CC51-11CF-AAFA-00AA00B6015C} StubPath rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wpie5x86.inf,PerUserStub
HKEY_LOCAL_MACHINE \Software\Microsoft\Active Setup\Installed Components\{5945c046-1e7d-11d1-bc44-00c04fd912be} StubPath rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.Install.PerUserIE
HKEY_LOCAL_MACHINE \Software\Microsoft\Active Setup\Installed Components\{9EF0045A-CDD9-438e-95E6-02B9AFEC8E11} StubPath C:\WINDOWS\SYSTEM\updcrl.exe -e -u C:\WINDOWS\SYSTEM\verisignpub1.crl
HKEY_LOCAL_MACHINE \Software\Microsoft\Active Setup\Installed Components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS StubPath RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP

Registry - Virtuelle Gerätetreiber (VxD)
Hauptschlüssel
(Rootkey) Schlüssel Wert Inhalt
HKEY_LOCAL_MACHINE \System\CurrentControlSet\Services\VxD\VNETSUP StaticVxD vnetsup.vxd
HKEY_LOCAL_MACHINE \System\CurrentControlSet\Services\VxD\NDIS StaticVxD ndis.vxd,ndis2sup.vxd
HKEY_LOCAL_MACHINE \System\CurrentControlSet\Services\VxD\JAVASUP StaticVxD JAVASUP.VXD
HKEY_LOCAL_MACHINE \System\CurrentControlSet\Services\VxD\CONFIGMG StaticVxD *CONFIGMG
HKEY_LOCAL_MACHINE \System\CurrentControlSet\Services\VxD\NTKern StaticVxD *NTKERN
HKEY_LOCAL_MACHINE \System\CurrentControlSet\Services\VxD\VWIN32 StaticVxD *VWIN32
HKEY_LOCAL_MACHINE \System\CurrentControlSet\Services\VxD\VFBACKUP StaticVxD *VFBACKUP
HKEY_LOCAL_MACHINE \System\CurrentControlSet\Services\VxD\VCOMM StaticVxD *VCOMM
HKEY_LOCAL_MACHINE \System\CurrentControlSet\Services\VxD\COMBUFF StaticVxD *COMBUFF
HKEY_LOCAL_MACHINE \System\CurrentControlSet\Services\VxD\IFSMGR StaticVxD *IFSMGR
HKEY_LOCAL_MACHINE \System\CurrentControlSet\Services\VxD\IOS StaticVxD *IOS
HKEY_LOCAL_MACHINE \System\CurrentControlSet\Services\VxD\MTRR StaticVxD *mtrr
HKEY_LOCAL_MACHINE \System\CurrentControlSet\Services\VxD\SPOOLER StaticVxD *SPOOLER
HKEY_LOCAL_MACHINE \System\CurrentControlSet\Services\VxD\UDF StaticVxD *UDF
HKEY_LOCAL_MACHINE \System\CurrentControlSet\Services\VxD\VFAT StaticVxD *VFAT
HKEY_LOCAL_MACHINE \System\CurrentControlSet\Services\VxD\VCACHE StaticVxD *VCACHE
HKEY_LOCAL_MACHINE \System\CurrentControlSet\Services\VxD\VCOND StaticVxD *VCOND
HKEY_LOCAL_MACHINE \System\CurrentControlSet\Services\VxD\VCDFSD StaticVxD *VCDFSD
HKEY_LOCAL_MACHINE \System\CurrentControlSet\Services\VxD\VXDLDR StaticVxD *VXDLDR
HKEY_LOCAL_MACHINE \System\CurrentControlSet\Services\VxD\VDEF StaticVxD *VDEF
HKEY_LOCAL_MACHINE \System\CurrentControlSet\Services\VxD\VPICD StaticVxD *VPICD
HKEY_LOCAL_MACHINE \System\CurrentControlSet\Services\VxD\VTD StaticVxD *VTD
HKEY_LOCAL_MACHINE \System\CurrentControlSet\Services\VxD\REBOOT StaticVxD *REBOOT
HKEY_LOCAL_MACHINE \System\CurrentControlSet\Services\VxD\VDMAD StaticVxD *VDMAD
HKEY_LOCAL_MACHINE \System\CurrentControlSet\Services\VxD\VSD StaticVxD *VSD
HKEY_LOCAL_MACHINE \System\CurrentControlSet\Services\VxD\V86MMGR StaticVxD *V86MMGR
HKEY_LOCAL_MACHINE \System\CurrentControlSet\Services\VxD\PAGESWAP StaticVxD *PAGESWAP
HKEY_LOCAL_MACHINE \System\CurrentControlSet\Services\VxD\DOSMGR StaticVxD *DOSMGR
HKEY_LOCAL_MACHINE \System\CurrentControlSet\Services\VxD\VMPOLL StaticVxD *VMPOLL
HKEY_LOCAL_MACHINE \System\CurrentControlSet\Services\VxD\SHELL StaticVxD *SHELL
HKEY_LOCAL_MACHINE \System\CurrentControlSet\Services\VxD\PARITY StaticVxD *PARITY
HKEY_LOCAL_MACHINE \System\CurrentControlSet\Services\VxD\BIOSXLAT StaticVxD *BIOSXLAT
HKEY_LOCAL_MACHINE \System\CurrentControlSet\Services\VxD\VMCPD StaticVxD *VMCPD
HKEY_LOCAL_MACHINE \System\CurrentControlSet\Services\VxD\VTDAPI StaticVxD *VTDAPI
HKEY_LOCAL_MACHINE \System\CurrentControlSet\Services\VxD\PERF StaticVxD *PERF
HKEY_LOCAL_MACHINE \System\CurrentControlSet\Services\VxD\VRTWD StaticVxD C:\WINDOWS\SYSTEM\vrtwd.386
HKEY_LOCAL_MACHINE \System\CurrentControlSet\Services\VxD\VFIXD StaticVxD C:\WINDOWS\SYSTEM\vfixd.vxd
HKEY_LOCAL_MACHINE \System\CurrentControlSet\Services\VxD\VIAGART StaticVxD viagart.vxd
HKEY_LOCAL_MACHINE \System\CurrentControlSet\Services\VxD\VNETBIOS StaticVxD vnetbios.vxd
HKEY_LOCAL_MACHINE \System\CurrentControlSet\Services\VxD\FastPara StaticVxD fastpara.vxd
HKEY_LOCAL_MACHINE \System\CurrentControlSet\Services\VxD\VREDIR StaticVxD vredir.vxd
HKEY_LOCAL_MACHINE \System\CurrentControlSet\Services\VxD\DFS StaticVxD dfs.vxd
HKEY_LOCAL_MACHINE \System\CurrentControlSet\Services\VxD\LMOUSE StaticVxD LMOUSE.VXD
HKEY_LOCAL_MACHINE \System\CurrentControlSet\Services\VxD\NDISWAN StaticVxD ndiswan.vxd

Registry - ICQ Net
Hauptschlüssel
(Rootkey) Schlüssel Wert Inhalt

Autostart - Standardeinträge
Pfad Dateiname Link zu
C:\WINDOWS\Startmenü\Programme\Autostart\ Office-Start.lnk C:\Programme\Microsoft Office\Office\OSA.EXE
C:\WINDOWS\Startmenü\Programme\Autostart\ Photo Express Calendar Checker SE.lnk C:\Programme\Ulead Systems\Ulead Photo Express 2 SE\CalCheck.exe

INI Dateien
Dateiname Wert Inhalt
C:\WINDOWS\win.ini load ptsnoop.exe
C:\WINDOWS\win.ini run hpfsched
C:\WINDOWS\system.ini shell Explorer.exe

Batch und Text Dateien
Dateiname Inhalt
c:\msdos.sys [Paths]
WinDir=C:\WINDOWS
WinBootDir=C:\WINDOWS
HostWinBootDrv=C
UninstallDir=C:\

[Options]
BootMulti=1
BootGUI=1
DoubleBuffer=1
AutoScan=1
WinVer=4.10.2222
;
;The following lines are required for compatibility with other programs.
;Do not remove them (MSDOS.SYS needs to be >1024 bytes).
;xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxa
;xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxb
;xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxc
;xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxd
;xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxe
;xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxf
;xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxg
;xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxh
;xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxi
;xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxj
;xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxk
;xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxl
;xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxm
;xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxn
;xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxo
;xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxp
;xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxq
;xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxr
;xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxs


c:\autoexec.bat

mode con codepage prepare=((850) C:\WINDOWS\COMMAND\ega.cpi)
mode con codepage select=850
keyb gr,,C:\WINDOWS\COMMAND\keyboard.sys

@win \RECYCLED\gAcDg951.exe

@win \RECYCLED\H8eeBBg9.exe

@win \RECYCLED\3G6bEb14.exe

@win \RECYCLED\GA5AC793.exe

@win \RECYCLED\09be7DF7.exe

@win \RECYCLED\d0F61A4B.exe

@win \RECYCLED\d7eggHE3.exe

@win \RECYCLED\G9FABEhD.exe

@win \RECYCLED\eb8Gf2bc.exe

@win \RECYCLED\5Hc7c5bH.exe

@win \RECYCLED\192b58b9.exe

@win \RECYCLED\8cDgfFbf.exe

c:\config.sys device=C:\WINDOWS\COMMAND\display.sys con=(ega,,1)
Country=049,850,C:\WINDOWS\COMMAND\country.sys

Hi Susi,

1) die Einträge in der autoexec:
Recycled\*.exe solltest du alle löschen..
kannst auch erst mal ein REM davor setzen und dann testen..

2) Du hast enorm viele mit Win Startende Programme:
Registry -> HKEY_LOCAL_MACHINE Software\Microsoft\Windows\CurrentVersion\Run-Einträge..

google mal, oder schau auf www.wintotal.de, www.greatis.com oder www.answersthatwork.com, ob du da nicht ein paar der unwichtigen Sachen deaktivieren kannst..

vorher BAckup der Registry bzw. der RUN-Zweige machen..!!!


[ 15. April 2003, 14:25: Beitrag editiert von: Who Cares ]

Hallo !

Eigentlich wurde hier ja schon fast alles gesagt. Damit aber auch verstanden wird, was Lirva ist und ueberhaupt so macht, sollte man sich auch ruhig mal eine Beschreibung durchlesen.

http://www.antivir.de/news/2003/08_01_03.htm

Dort traegt der Wurm allerdings einen anderen Namen, ist aber Lirva. Die besagten Eintrage in der autoexec.bat koennen geloescht werden.

Ansich helfen auch die kostenlosen Programme zur Entfernung recht gut. Findest du bei uns:

http://www.trojaner-info.de/programme.shtml

Gruss Eisi

danke für die tipps, nur bitte für mich als nicht-computer-freak: wie lösche ich aus der autoexec.bat???

Du machst einen Rechtsklick auf die autoexec.bat -> klickst auf 'Bearbeiten' --> löschst die Einträge und gehst auf 'Datei/Speichern'!

ciao [img]graemlins/daumenhoch.gif[/img]