|
Log-Analyse und Auswertung: Ein kleiner Freund names Storage protector auf der FestplatteWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
12.02.2008, 15:54 | #1 |
| Ein kleiner Freund names Storage protector auf der Festplatte ich habe denn Trojaner "storage protector auf meiner Festlatte. das haben verschiedene Tools ausgespuckt (sorry, dass es so viel ist): das toll HijackThis fand das : Logfile of HijackThis v1.99.1 Scan saved at 15:48:56, on 12.02.2008 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Programme\AVPersonal\AVWUPSRV.EXE C:\WINDOWS\System32\nvsvc32.exe C:\WINDOWS\System32\sstray.exe C:\WINDOWS\system32\slserv.exe C:\WINDOWS\Dit.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\ZONELABS\vsmon.exe C:\Programme\iWare\iWare Mouse\3.2\lwbwheel.exe C:\PROGRA~1\ZONELA~1\ZONEAL~1\zapro.exe C:\Programme\Java\j2re1.4.2_04\bin\jusched.exe C:\Programme\AVPersonal\AVGNT.EXE C:\WINDOWS\SOUNDMAN.EXE C:\WINDOWS\System32\rundll32.exe C:\Programme\AVPersonal\AVGNT .EXE C:\WINDOWS\System32\rundll32.exe C:\Programme\iWare\iWare Mouse\3.2\lwbwheel .exe C:\Programme\Java\j2re1.4.2_04\bin\jusched .exe C:\PROGRA~1\ZONELA~1\ZONEAL~1\zapro .exe C:\Programme\Microsoft Office\Office10\WINWORD.EXE C:\WINDOWS\System32\taskmgr.exe C:\Programme\Internet Explorer\iexplore.exe C:\WINDOWS\explorer.exe C:\WINDOWS\system32\NOTEPAD.EXE C:\DOKUME~1\ALEXAN~1\LOKALE~1\Temp\Rar$EX00.421\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://de.rd.yahoo.com/customize/ycomp/defaults/sb/*http://de.docs.yahoo.com/info/ie6.html R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://de.rd.yahoo.com/customize/ycomp/defaults/sp/*http://de.yahoo.com R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.de/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.1und1.com/b1redirect R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://de.rd.yahoo.com/customize/ycomp/defaults/su/*http://de.yahoo.com R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer bereitgestellt von 1&1 Internet AG R3 - URLSearchHook: Yahoo! Toolbar mit Pop-Up-Blocker - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) F3 - REG:win.ini: load=C:\WINDOWS\System32\jkkji.exe O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O4 - HKLM\..\Run: [nForce Tray Options] sstray.exe /r O4 - HKLM\..\Run: [Dit] Dit.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [Tweak UI] RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [LWBMOUSE] C:\Programme\iWare\iWare Mouse\3.2\lwbwheel.exe O4 - HKLM\..\Run: [Zone Labs Client] C:\PROGRA~1\ZONELA~1\ZONEAL~1\zapro.exe O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\NeroCheck.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programme\Java\j2re1.4.2_04\bin\jusched.exe O4 - HKLM\..\Run: [AVGCtrl] C:\Programme\AVPersonal\AVGNT.EXE /min O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask .exe" -atboottime O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKLM\..\Run: [SpyHunter Security Suite] C:\Programme\Enigma Software Group\SpyHunter\SpyHunter3.exe O4 - HKLM\..\Run: [cFosDNT] C:\Programme\1&1 Programme\cFos\cFosDNT.exe O4 - HKLM\..\Run: [350c1e72] rundll32.exe "C:\WINDOWS\System32\wenjlgyv.dll",b O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll O14 - IERESET.INF: START_PAGE_URL=http://www.1und1.com/b1redirect O17 - HKLM\System\CCS\Services\Tcpip\..\{AB8AA59B-22FE-4B29-92DD-E9075EB2A4E8}: NameServer = 217.237.151.205 217.237.148.70 O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH - C:\Programme\AVPersonal\AVGUARD.EXE O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\Programme\AVPersonal\AVWUPSRV.EXE O23 - Service: DomainService - Unknown owner - C:\WINDOWS\System32\nlwhwnkt.exe (file missing) O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINDOWS\system32\ZONELABS\vsmon.exe ....das fand das tool find.bat:.... ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Header ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ find.bat Version 2007.06.16.01 Microsoft Windows XP [Version 5.1.2600] Bootmodus: NORMAL eScan Version: Sprache: ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Infektionsmeldungen ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~~~~~~~~~ Dateien ~~~~~~~~~~~ ~~~~ Infected files ~~~~~~~~~~~ ~~~~~~~~~~~ ~~~~ Tagged files ~~~~~~~~~~~ ~~~~~~~~~~~ ~~~~ Offending files ~~~~~~~~~~~ ~~~~~~~~~~~ Ordner ~~~~~~~~~~~ ~~~~~~~~~~~ Registry ~~~~~~~~~~~ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Diverses ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~~~~~~~~~~~~~~~~~~~~ Prozesse und Module ~~~~~~~~~~~~~~~~~~~~~~ ~~~~~~~~~~~~~~~~~~~~~~ Scanfehler ~~~~~~~~~~~~~~~~~~~~~~ ~~~~~~~~~~~~~~~~~~~~~~ Hosts-Datei ~~~~~~~~~~~~~~~~~~~~~~ DataBasePath: %SystemRoot%\System32\drivers\etc ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Statistiken: ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Scan-Optionen ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Batchstart: 15:15:27,64 Batchende: 15:15:29,40 ...und als letztes. Das Tool Silent Runners spuckte das aus: "Silent Runners.vbs", revision 55, http://www.silentrunners.org/ Operating System: Windows XP Output limited to non-default values, except where indicated by "{++}" Startup items buried in registry: --------------------------------- HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++} "nForce Tray Options" = "sstray.exe /r" ["NVIDIA Corporation"] "Dit" = "Dit.exe" [null data] "NvCplDaemon" = "RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup" [MS] "nwiz" = "nwiz.exe /install" ["NVIDIA Corporation"] "Tweak UI" = "RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp" [MS] "NeroFilterCheck" = "C:\WINDOWS\system32\NeroCheck.exe" [file not found] "LWBMOUSE" = "C:\Programme\iWare\iWare Mouse\3.2\lwbwheel.exe" [empty string] "Zone Labs Client" = "C:\PROGRA~1\ZONELA~1\ZONEAL~1\zapro.exe" ["Zone Labs Inc."] "NeroCheck" = "C:\WINDOWS\System32\NeroCheck.exe" [file not found] "SunJavaUpdateSched" = "C:\Programme\Java\j2re1.4.2_04\bin\jusched.exe" [null data] "AVGCtrl" = "C:\Programme\AVPersonal\AVGNT.EXE /min" ["H+BEDV Datentechnik GmbH"] "NvMediaCenter" = "RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit" [MS] "Cmaudio" = "RunDll32 cmicnfg.cpl,CMICtrlWnd" [MS] "SoundMan" = "SOUNDMAN.EXE" ["Realtek Semiconductor Corp."] "QuickTime Task" = ""C:\Programme\QuickTime\qttask .exe" -atboottime" ["Apple Computer, Inc."] "KernelFaultCheck" = "C:\WINDOWS\system32\dumprep 0 -k" "SpyHunter Security Suite" = "C:\Programme\Enigma Software Group\SpyHunter\SpyHunter3.exe" ["Enigma Software Group, Inc."] "cFosDNT" = "C:\Programme\1&1 Programme\cFos\cFosDNT.exe" ["cFos Software GmbH"] "350c1e72" = "rundll32.exe "C:\WINDOWS\System32\wenjlgyv.dll",b" [MS] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = (no title provided) -> {HKLM...CLSID} = "AcroIEHlprObj Class" \InProcServer32\(Default) = "C:\Programme\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx" [empty string] {2b740fc6-a01a-45e3-b5d5-ba517572631c}\(Default) = (no title provided) -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = "C:\WINDOWS\System32\fqjlpwfy.dll" [file not found] {3FFA2358-01E2-4F5A-BEA7-1CCF12350DC6}\(Default) = (no title provided) -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = "C:\WINDOWS\System32\jkkji.dll" [null data] {747908e4-dd54-408a-9389-03642297ea7c}\(Default) = "{c7ae7922-4630-9839-a804-45dd4e809747}" -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = "C:\WINDOWS\System32\yjxtqgib.dll" [null data] {A95B2816-1D7E-4561-A202-68C0DE02353A}\(Default) = (no title provided) -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = "C:\WINDOWS\System32\rlryrpxs.dll" [null data] {FA16FE06-B462-470E-9653-79C54B1871FF}\(Default) = (no title provided) -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = "C:\WINDOWS\System32\awtutuv.dll" [null data] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\ "{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "CPL-Erweiterung für Anzeigeverschiebung" -> {HKLM...CLSID} = "CPL-Erweiterung für Anzeigeverschiebung" \InProcServer32\(Default) = "deskpan.dll" [file not found] "{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Erweiterung für HyperTerminal-Icons" -> {HKLM...CLSID} = "HyperTerminal Icon Ext" \InProcServer32\(Default) = "C:\WINDOWS\System32\hticons.dll" ["Hilgraeve, Inc."] "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension" -> {HKLM...CLSID} = "WinRAR" \InProcServer32\(Default) = "C:\Programme\WinRAR\rarext.dll" [null data] "{1CDB2949-8F65-4355-8456-263E7C208A5D}" = "Desktop Explorer" -> {HKLM...CLSID} = "Desktop Explorer" \InProcServer32\(Default) = "C:\WINDOWS\System32\nvshell.dll" ["NVIDIA Corporation"] "{1E9B04FB-F9E5-4718-997B-B8DA88302A47}" = "Desktop Explorer Menu" -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = "C:\WINDOWS\System32\nvshell.dll" ["NVIDIA Corporation"] "{1E9B04FB-F9E5-4718-997B-B8DA88302A48}" = "nView Desktop Context Menu" -> {HKLM...CLSID} = "nView Desktop Context Menu" \InProcServer32\(Default) = "C:\WINDOWS\System32\nvshell.dll" ["NVIDIA Corporation"] "{42042206-2D85-11D3-8CFF-005004838597}" = "Microsoft Office HTML Icon Handler" -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = "C:\Programme\Microsoft Office\Office10\msohev.dll" [MS] "{A70C977A-BF00-412C-90B7-034C51DA2439}" = "NvCpl DesktopContext Class" -> {HKLM...CLSID} = "DesktopContext Class" \InProcServer32\(Default) = "C:\WINDOWS\System32\nvcpl.dll" ["NVIDIA Corporation"] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\ <<!>> "{FA16FE06-B462-470E-9653-79C54B1871FF}" = "*X" (unwritable string) -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = "C:\WINDOWS\System32\awtutuv.dll" [null data] HKCU\Software\Microsoft\Windows NT\CurrentVersion\Windows\ <<!>> "load" = "C:\WINDOWS\System32\jkkji.exe" [null data] HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ <<!>> awtutuv\DLLName = "awtutuv.dll" [null data] <<!>> rlryrpxs\DLLName = "rlryrpxs.dll" [null data] HKLM\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\ AntiVir/Win\(Default) = "{a7cda720-84ee-11d0-b5c0-00001b3ca278}" -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = "C:\Programme\AVPersonal\AVShlExt.DLL" ["H+BEDV Datentechnik GmbH"] WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" -> {HKLM...CLSID} = "WinRAR" \InProcServer32\(Default) = "C:\Programme\WinRAR\rarext.dll" [null data] HKLM\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\ WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" -> {HKLM...CLSID} = "WinRAR" \InProcServer32\(Default) = "C:\Programme\WinRAR\rarext.dll" [null data] HKLM\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\ AntiVir/Win\(Default) = "{a7cda720-84ee-11d0-b5c0-00001b3ca278}" -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = "C:\Programme\AVPersonal\AVShlExt.DLL" ["H+BEDV Datentechnik GmbH"] WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" -> {HKLM...CLSID} = "WinRAR" \InProcServer32\(Default) = "C:\Programme\WinRAR\rarext.dll" [null data] Group Policies {GPedit.msc branch and setting}: ----------------------------------------------- Note: detected settings may not have any effect. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ "shutdownwithoutlogon" = (REG_DWORD) dword:0x00000001 {Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options| Shutdown: Allow system to be shut down without having to log on} "undockwithoutlogon" = (REG_DWORD) dword:0x00000001 {Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options| Devices: Allow undock without having to log on} Active Desktop and Wallpaper: ----------------------------- Active Desktop may be disabled at this entry: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState Displayed if Active Desktop enabled and wallpaper not set by Group Policy: HKCU\Software\Microsoft\Internet Explorer\Desktop\General\ "Wallpaper" = "C:\Dokumente und Einstellungen\Alexander\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp" Displayed if Active Desktop disabled and wallpaper not set by Group Policy: HKCU\Control Panel\Desktop\ "Wallpaper" = "C:\Dokumente und Einstellungen\Alexander\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp" Enabled Screen Saver: --------------------- HKCU\Control Panel\Desktop\ "SCRNSAVE.EXE" = "C:\WINDOWS\System32\SSTEXT3D.SCR" [MS] Enabled Scheduled Tasks: ------------------------ "FRU Task #Hewlett-Packard#hp psc 2100 series#1085069488" -> launches: "C:\Programme\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe -I "#Hewlett-Packard#hp psc 2100 series#1085069488"" [empty string] "1-Klick-Wartung" -> launches: "C:\Programme\TuneUp Utilities 2004\SystemOptimizer.exe /schedulestart" [file not found] Winsock2 Service Provider DLLs: ------------------------------- Namespace Service Providers HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++} 000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS] 000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS] 000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS] Transport Service Providers HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++} 0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range: %SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 20 %SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05 Toolbars, Explorer Bars, Extensions: ------------------------------------ Extensions (Tools menu items, main toolbar menu buttons) HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\ {08B0E5C0-4FCB-11CF-AAA5-00401C608501}\ "MenuText" = "Sun Java Konsole" "CLSIDExtension" = "{08B0E5C0-4FCB-11CF-AAA5-00401C608501}" -> {HKLM...CLSID} = "Web Browser Applet Control" \InProcServer32\(Default) = "C:\WINDOWS\System32\msjava.dll" [MS] Miscellaneous IE Hijack Points ------------------------------ C:\WINDOWS\INF\IERESET.INF (used to "Reset Web Settings") Added lines (compared with English-language version): [Strings]: START_PAGE_URL=http://www.1und1.com/b1redirect Missing lines (compared with English-language version): [Strings]: 1 line HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs\ <<H>> "TuneUp" = "file://C|/Dokumente und Einstellungen/All Users/Anwendungsdaten/TuneUp Software/Common/base.css" [file not found] Running Services (Display Name, Service Name, Path {Service DLL}): ------------------------------------------------------------------ AntiVir Update, AVWUpSrv, ""C:\Programme\AVPersonal\AVWUPSRV.EXE"" ["H+BEDV Datentechnik GmbH, Germany"] NVIDIA Driver Helper Service, NVSvc, "C:\WINDOWS\System32\nvsvc32.exe" ["NVIDIA Corporation"] SmartLinkService, SLService, "slserv.exe" [" "] TrueVector Internet Monitor, vsmon, "C:\WINDOWS\system32\ZONELABS\vsmon.exe -service" ["Zone Labs Inc."] Print Monitors: --------------- HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors\ hpzlnt05\Driver = "hpzlnt05.dll" ["HP"] ---------- (launch time: 2008-02-12 15:16:55) <<!>>: Suspicious data at a malware launch point. <<H>>: Suspicious data at a browser hijack point. + This report excludes default entries except where indicated. + To see *everywhere* the script checks and *everything* it finds, launch it from a command prompt or a shortcut with the -all parameter. + To search all directories of local fixed drives for DESKTOP.INI DLL launch points, use the -supp parameter or answer "No" at the first message box and "Yes" at the second message box. ---------- (total run time: 510 seconds, including 3 seconds for message boxes) möchte mich von dem trojaner trennen. vielen Dank schon mal imvorraus für eure Mühe (und für das viele lesen) peter |
12.02.2008, 16:06 | #2 |
Gesperrt | Ein kleiner Freund names Storage protector auf der Festplatte Bitte nimm Smitfraudfix. (Signatur)
__________________ |
12.02.2008, 16:12 | #3 |
/// Mr. Schatten | Ein kleiner Freund names Storage protector auf der Festplatte Ich würde sagen, nimm das richtige Forum.
__________________In der Taverne wird nicht gearbeitet, auch nicht für ein altes, veraltetes Windows.
__________________ |
12.02.2008, 16:13 | #4 |
Gesperrt | Ein kleiner Freund names Storage protector auf der Festplatte @Shadow Kann man nicht verschieben? |
12.02.2008, 18:58 | #5 |
Ein kleiner Freund names Storage protector auf der Festplatte Beitrag verschoben! |
12.02.2008, 23:27 | #6 | |
| Ein kleiner Freund names Storage protector auf der FestplatteZitat:
F3 - REG:win.ini: load=C:\WINDOWS\System32\jkkji.exe O4 - HKLM\..\Run: [350c1e72] rundll32.exe "C:\WINDOWS\System32\wenjlgyv.dll",b C:\WINDOWS\System32\fqjlpwfy.dll C:\WINDOWS\System32\yjxtqgib.dll C:\WINDOWS\System32\rlryrpxs.dll C:\WINDOWS\System32\awtutuv.dll genau handelt, ist bei dem patchlevel Platform: Windows XP SP1 relativ egal. http://www.trojaner-board.de/12154-a...sicherung.html ps: warum hat dein system kein sp 2? |
Themen zu Ein kleiner Freund names Storage protector auf der Festplatte |
antivir, browser, computer, desktop, drivers, einstellungen, enigma, excel, fehler, festplatte, finds, gpedit.msc, helper, hijack, hijackthis, hosts-datei, internet, internet explorer, malware, monitor, pop-up-blocker, prozesse, realtek, registry, rundll, saver, security, security suite, shortcut, shut down, software, system, trojaner, urlsearchhook, windows, windows xp |