| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Viren hacken BrowserWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
07.06.2008, 14:18
| #1 |
 |  Viren hacken Browser Hallo, seid nun knapp 3 Tagen habe ich mich mit Viren die von meinem antivir gefunden werden rumzuschlagen.Wie ich in einem weiteren Thread lesen konnte bin ich mit dem Problem wohl nicht alleine...allerdings verstehe ich dort nicht genau wie ich weiterkomme deshalb ein eigener Thread: Vor einigen Tagen ereignete sich folgendes (ich versuchte mit Programmen wie Spybot Ad-Aware Antivier und HijackThis dergleichen auf die schliche zu kommen...und auch wenn derzeit keine meldungen mehr kommen funktioniert mein Browser kaum und nur bei wenigen Seiten.) In der Datei 'C:\Dokumente und Einstellungen\Jannis\Lokale Einstellungen\Temporary Internet Files\Content.IE5\3AQ9ME0S\kb713501[1]' wurde ein Virus oder unerwünschtes Programm 'TR/Lowzones.SG' [trojan] gefunden. Ausgeführte Aktion: Zugriff verweigern In der Datei 'C:\Dokumente und Einstellungen\Jannis\Lokale Einstellungen\Temp\tidqqasc.dll' wurde ein Virus oder unerwünschtes Programm 'TR/Crypt.XPACK.Gen' [trojan] gefunden. Ausgeführte Aktion: Zugriff verweigern In der Datei 'C:\WINDOWS\system32\ikjaayhe.dll' wurde ein Virus oder unerwünschtes Programm 'TR/Monder.133120' [trojan] gefunden. Ausgeführte Aktion: Zugriff verweigern und schließlich vor kurzem erneut Die Datei 'C:\System Volume Information\_restore{8A3EB537-B9A6-4FD8-AB70-A1ACD9B37645}\RP7\A0002668.dll' enthielt einen Virus oder unerwünschtes Programm 'TR/Monder.133120' [trojan]. Durchgeführte Aktion(en): Die Datei wurde ins Quarantäneverzeichnis unter dem Namen "487a5e15.qua" verschoben! Hier dann noch das Hijacklogfile: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 15:16:33, on 07.06.2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Programme\Lavasoft\Ad-Aware\aawservice.exe C:\WINDOWS\system32\spoolsv.exe C:\Programme\Avira\AntiVir PersonalEdition Classic\avguard.exe C:\Programme\Avira\AntiVir PersonalEdition Classic\sched.exe C:\WINDOWS\eHome\ehRecvr.exe C:\WINDOWS\eHome\ehSched.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\PnkBstrA.exe C:\WINDOWS\system32\PnkBstrB.exe C:\WINDOWS\system32\dllhost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\ehome\ehtray.exe C:\Programme\Java\jre1.6.0_05\bin\jusched.exe C:\Programme\Unlocker\UnlockerAssistant.exe C:\Programme\Pinnacle\Shared Files\Programs\Remote\Remoterm.exe C:\Programme\Avira\AntiVir PersonalEdition Classic\avgnt.exe C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\WINDOWS\RTHDCPL.EXE C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\ctfmon.exe C:\Programme\Skype\Phone\Skype.exe C:\Programme\Messenger\msmsgs.exe C:\Programme\Pinnacle\Shared Files\Programs\MediaCenterService\PMC.Service.Main.exe C:\Programme\ICQ6\ICQ.exe C:\Programme\Spybot - Search & Destroy\TeaTimer.exe C:\Programme\DAEMON Tools Lite\daemon.exe C:\Programme\Skype\Plugin Manager\skypePM.exe C:\Programme\Mozilla Firefox\firefox.exe C:\WINDOWS\system32\wbem\wmiapsrv.exe c:\programme\avira\antivir personaledition classic\avcenter.exe C:\Programme\Trend Micro\HijackThis\HJT2.0.2.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.daemon-search.com/startpage R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://admin/proxy.pac O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: {ff5cc4f3-c9b4-e89a-cbe4-4df846dccd47} - {74dccd64-8fd4-4ebc-a98e-4b9c3f4cc5ff} - C:\WINDOWS\system32\ikjaayhe.dll (file missing) O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.6.0_05\bin\ssv.dll O2 - BHO: (no name) - {7B84C4B5-2775-4BB4-A0EF-E8C04BCC5505} - C:\WINDOWS\system32\khfEVPHW.dll (file missing) O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programme\Java\jre1.6.0_05\bin\jusched.exe" O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg O4 - HKLM\..\Run: [Pinnacle WebUpdater] "C:\Programme\Pinnacle\Shared Files\\Programs\WebUpdater\WebUpdater.exe" -s -f=UpdateVersion.xml -url=http://cdn.pinnaclesys.com/SupportFiles O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Programme\Unlocker\UnlockerAssistant.exe" O4 - HKLM\..\Run: [PMCRemote] C:\Programme\Pinnacle\Shared Files\Programs\Remote\Remoterm.exe O4 - HKLM\..\Run: [avgnt] "C:\Programme\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [Anti-Blaxx Manager] C:\Programme\Anti-Blaxx 1.18\Anti-Blaxx.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [TkBellExe] "C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [148c9b7f] rundll32.exe "C:\WINDOWS\system32\fwisttgu.dll",b O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM\..\Run: [BM17bfa8e3] Rundll32.exe "C:\WINDOWS\system32\kylnxtxm.dll",s O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [Skype] "C:\Programme\Skype\Phone\Skype.exe" /nosplash /minimized O4 - HKCU\..\Run: [MSMSGS] "C:\Programme\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [PMCS] "C:\Programme\Pinnacle\Shared Files\\Programs\MediaCenterService\PMC.Service.Main.exe" O4 - HKCU\..\Run: [NVIDIA nTune] "C:\Programme\NVIDIA Corporation\nTune\nTuneCmd.exe" clear O4 - HKCU\..\Run: [ICQ] "C:\Programme\ICQ6\ICQ.exe" silent O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programme\Spybot - Search & Destroy\TeaTimer.exe O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Programme\DAEMON Tools Lite\daemon.exe" -autorun O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKALER DIENST') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETZWERKDIENST') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - HKUS\.DEFAULT\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'Default user') O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6\ICQ.exe O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6\ICQ.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\GEMEIN~1\Skype\SKYPE4~1.DLL O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Programme\Lavasoft\Ad-Aware\aawservice.exe O23 - Service: AntiVir PersonalEdition Classic Planer (AntiVirScheduler) - Avira GmbH - C:\Programme\Avira\AntiVir PersonalEdition Classic\sched.exe O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Programme\Avira\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Programme\WinPcap\rpcapd.exe O23 - Service: TSMService - T-Systems Nova, Berkom - C:\Programme\T-DSL SpeedManager\tsmsvc.exe -- End of file - 7589 bytes Bei weiteren benötigten Daten stehe ich sofort Rede und Antwort und ich bedanke mich im vorherrein für eure Hilfe. |
|
07.06.2008, 14:36
| #2 |
| /// Winkelfunktion /// TB-Süch-Tiger™   |  Viren hacken Browser 1.) Deaktiviere die Systemwiederherstellung.
__________________2.) Fixe mit HijackThis diese Einträge: Code:
ATTFilter O2 - BHO: {ff5cc4f3-c9b4-e89a-cbe4-4df846dccd47} - {74dccd64-8fd4-4ebc-a98e-4b9c3f4cc5ff} - C:\WINDOWS\system32\ikjaayhe.dll (file missing)
O2 - BHO: (no name) - {7B84C4B5-2775-4BB4-A0EF-E8C04BCC5505} - C:\WINDOWS\system32\khfEVPHW.dll (file missing)
O4 - HKLM\..\Run: [148c9b7f] rundll32.exe "C:\WINDOWS\system32\fwisttgu.dll",b
O4 - HKLM\..\Run: [BM17bfa8e3] Rundll32.exe "C:\WINDOWS\system32\kylnxtxm.dll",s
Code:
ATTFilter Files to delete:
C:\Dokumente und Einstellungen\Jannis\Lokale Einstellungen\Temporary Internet Files\Content.IE5\3AQ9ME0S\kb713501[1]
C:\Dokumente und Einstellungen\Jannis\Lokale Einstellungen\Temp\tidqqasc.dll
C:\WINDOWS\system32\ikjaayhe.dll
C:\WINDOWS\system32\khfEVPHW.dll
C:\WINDOWS\system32\fwisttgu.dll
C:\WINDOWS\system32\kylnxtxm.dll
4.) Poste ein Log von silentrunners 5.) Logfile mit diesem script erstellen: - Script abspeichern per Rechtsklick, speichern unter auf dem DesktopDiese listing.txt z.B. bei file-upload.net hochladen und hier verlinken, da dieses Logfile zu groß fürs Board ist.
__________________ |
|
07.06.2008, 14:58
| #3 |
| |  Viren hacken Browser Also hier das Avenger Logfile etc:
__________________Code:
ATTFilter Logfile of The Avenger Version 2.0, (c) by Swandog46 Swandog46's Public Anti-Malware Tools Platform: Windows XP ******************* Script file opened successfully. Script file read successfully. Backups directory opened successfully at C:\Avenger ******************* Beginning to process script file: Rootkit scan active. No rootkits found! Error: file "C:\Dokumente und Einstellungen\Jannis\Lokale Einstellungen\Temporary Internet Files\Content.IE5\3AQ9ME0S\kb713501[1]" not found! Deletion of file "C:\Dokumente und Einstellungen\Jannis\Lokale Einstellungen\Temporary Internet Files\Content.IE5\3AQ9ME0S\kb713501[1]" failed! Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND) --> the object does not exist Error: file "C:\Dokumente und Einstellungen\Jannis\Lokale Einstellungen\Temp\tidqqasc.dll" not found! Deletion of file "C:\Dokumente und Einstellungen\Jannis\Lokale Einstellungen\Temp\tidqqasc.dll" failed! Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND) --> the object does not exist Error: file "C:\WINDOWS\system32\ikjaayhe.dll" not found! Deletion of file "C:\WINDOWS\system32\ikjaayhe.dll" failed! Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND) --> the object does not exist Error: file "C:\WINDOWS\system32\khfEVPHW.dll" not found! Deletion of file "C:\WINDOWS\system32\khfEVPHW.dll" failed! Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND) --> the object does not exist File "C:\WINDOWS\system32\fwisttgu.dll" deleted successfully. File "C:\WINDOWS\system32\kylnxtxm.dll" deleted successfully. Completed script processing. ******************* Finished! Terminate. Geändert von Soultaker (07.06.2008 um 15:33 Uhr) |
|
07.06.2008, 15:03
| #4 |
| | Viren hacken Browser Silentrunners logfile: Code:
ATTFilter "Silent Runners.vbs", revision 58, Silent Runners - Adware? Disinfect, don't reformat! Operating System: Windows XP SP2 Output limited to non-default values, except where indicated by "{++}" Startup items buried in registry: --------------------------------- HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++} "CTFMON.EXE" = "C:\WINDOWS\system32\ctfmon.exe" [MS] "Skype" = ""C:\Programme\Skype\Phone\Skype.exe" /nosplash /minimized" ["Skype Technologies S.A."] "MSMSGS" = ""C:\Programme\Messenger\msmsgs.exe" /background" [MS] "PMCS" = ""C:\Programme\Pinnacle\Shared Files\\Programs\MediaCenterService\PMC.Service.Main.exe"" [null data] "NVIDIA nTune" = ""C:\Programme\NVIDIA Corporation\nTune\nTuneCmd.exe" clear" [file not found] "ICQ" = ""C:\Programme\ICQ6\ICQ.exe" silent" ["ICQ, Inc."] "SpybotSD TeaTimer" = "C:\Programme\Spybot - Search & Destroy\TeaTimer.exe" ["Safer Networking Limited"] "DAEMON Tools Lite" = ""C:\Programme\DAEMON Tools Lite\daemon.exe" -autorun" ["DT Soft Ltd"] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++} "ehTray" = "C:\WINDOWS\ehome\ehtray.exe" [MS] "SunJavaUpdateSched" = ""C:\Programme\Java\jre1.6.0_05\bin\jusched.exe"" ["Sun Microsystems, Inc."] "SkyTel" = "SkyTel.EXE" ["Realtek Semiconductor Corp."] "PinnacleDriverCheck" = "C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg" [empty string] "Pinnacle WebUpdater" = ""C:\Programme\Pinnacle\Shared Files\\Programs\WebUpdater\WebUpdater.exe" -s -f=UpdateVersion.xml -url=http://cdn.pinnaclesys.com/SupportFiles" [null data] "UnlockerAssistant" = ""C:\Programme\Unlocker\UnlockerAssistant.exe"" [null data] "PMCRemote" = "C:\Programme\Pinnacle\Shared Files\Programs\Remote\Remoterm.exe" ["Pinnacle Systems"] "avgnt" = ""C:\Programme\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min" ["Avira GmbH"] "NeroFilterCheck" = "C:\WINDOWS\system32\NeroCheck.exe" ["Ahead Software Gmbh"] "Anti-Blaxx Manager" = "C:\Programme\Anti-Blaxx 1.18\Anti-Blaxx.exe" [null data] "NvCplDaemon" = "RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup" [MS] "nwiz" = "nwiz.exe /install" ["NVIDIA Corporation"] "TkBellExe" = ""C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" -osboot" ["RealNetworks, Inc."] "NvMediaCenter" = "RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit" [MS] "RTHDCPL" = "RTHDCPL.EXE" ["Realtek Semiconductor Corp."] "Alcmtr" = "ALCMTR.EXE" ["Realtek Semiconductor Corp."] "BM17bfa8e3" = "Rundll32.exe "C:\WINDOWS\system32\kylnxtxm.dll",s" [MS] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = (no title provided) -> {HKLM...CLSID} = "AcroIEHlprObj Class" \InProcServer32\(Default) = "C:\Programme\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll" ["Adobe Systems Incorporated"] {53707962-6F74-2D53-2644-206D7942484F}\(Default) = (no title provided) -> {HKLM...CLSID} = "Spybot-S&D IE Protection" \InProcServer32\(Default) = "C:\PROGRA~1\SPYBOT~1\SDHelper.dll" ["Safer Networking Limited"] {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\(Default) = (no title provided) -> {HKLM...CLSID} = "SSVHelper Class" \InProcServer32\(Default) = "C:\Programme\Java\jre1.6.0_05\bin\ssv.dll" ["Sun Microsystems, Inc."] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\ "{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "CPL-Erweiterung für Anzeigeverschiebung" -> {HKLM...CLSID} = "CPL-Erweiterung für Anzeigeverschiebung" \InProcServer32\(Default) = "deskpan.dll" [file not found] "{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Erweiterung für HyperTerminal-Icons" -> {HKLM...CLSID} = "HyperTerminal Icon Ext" \InProcServer32\(Default) = "C:\WINDOWS\system32\hticons.dll" ["Hilgraeve, Inc."] "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension" -> {HKLM...CLSID} = "WinRAR" \InProcServer32\(Default) = "C:\Programme\WinRAR\rarext.dll" [null data] "{3028902F-6374-48b2-8DC6-9725E775B926}" = "IE Microsoft AutoComplete" -> {HKLM...CLSID} = "IE Microsoft AutoComplete" \InProcServer32\(Default) = "C:\WINDOWS\system32\browseui.dll" [MS] "{DDE4BEEB-DDE6-48fd-8EB5-035C09923F83}" = "UnlockerShellExtension" -> {HKLM...CLSID} = "UnlockerShellExtension" \InProcServer32\(Default) = "C:\Programme\Unlocker\UnlockerCOM.dll" [null data] "{45AC2688-0253-4ED8-97DE-B5370FA7D48A}" = "Shell Extension for Malware scanning" -> {HKLM...CLSID} = "Shell Extension for Malware scanning" \InProcServer32\(Default) = "C:\Programme\Avira\AntiVir PersonalEdition Classic\shlext.dll" ["Avira GmbH"] "{e57ce731-33e8-4c51-8354-bb4de9d215d1}" = "Universelle Plug & Play-Geräte" -> {HKLM...CLSID} = "Universelle Plug & Play-Geräte" \InProcServer32\(Default) = "C:\WINDOWS\system32\upnpui.dll" [MS] "{cc86590a-b60a-48e6-996b-41d25ed39a1e}" = "Portable Media Devices Menu" -> {HKLM...CLSID} = "Portable Media Devices Menu" \InProcServer32\(Default) = "C:\WINDOWS\system32\audiodev.dll" [MS] "{EFA24E62-B078-11d0-89E4-00C04FC9E26E}" = "History Band" -> {HKLM...CLSID} = "History Band" \InProcServer32\(Default) = "C:\WINDOWS\system32\shdocvw.dll" [MS] "{A70C977A-BF00-412C-90B7-034C51DA2439}" = "NvCpl DesktopContext Class" -> {HKLM...CLSID} = "DesktopContext Class" \InProcServer32\(Default) = "C:\WINDOWS\system32\nvcpl.dll" ["NVIDIA Corporation"] "{1CDB2949-8F65-4355-8456-263E7C208A5D}" = "Desktop Explorer" -> {HKLM...CLSID} = "Desktop Explorer" \InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"] "{1E9B04FB-F9E5-4718-997B-B8DA88302A47}" = "Desktop Explorer Menu" -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"] "{1E9B04FB-F9E5-4718-997B-B8DA88302A48}" = "nView Desktop Context Menu" -> {HKLM...CLSID} = "nView Desktop Context Menu" \InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"] "{8FF88D21-7BD0-11D1-BFB7-00AA00262A11}" = "WinAce Archiver 2.69 Context Menu Shell Extension" -> {HKLM...CLSID} = "WinAceContext Menu Extension" \InProcServer32\(Default) = "C:\Programme\WinAce\arcext.dll" [file not found] "{8FF88D25-7BD0-11D1-BFB7-00AA00262A11}" = "WinAce Archiver 2.69 DragDrop Shell Extension" -> {HKLM...CLSID} = "WinAceDrag-Drop Extension" \InProcServer32\(Default) = "C:\Programme\WinAce\arcext.dll" [file not found] "{8FF88D27-7BD0-11D1-BFB7-00AA00262A11}" = "WinAce Archiver 2.69 Context Menu Shell Extension" -> {HKLM...CLSID} = "WinAceContext Menu (Add) Extension" \InProcServer32\(Default) = "C:\Programme\WinAce\arcext.dll" [file not found] "{8FF88D23-7BD0-11D1-BFB7-00AA00262A11}" = "WinAce Archiver 2.69 Property Sheet Shell Extension" -> {HKLM...CLSID} = "WinAceProperty Sheet Extension" \InProcServer32\(Default) = "C:\Programme\WinAce\arcext.dll" [file not found] "{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4}" = "Shell Extensions for RealOne Player" -> {HKLM...CLSID} = "RealOne Player Context Menu Class" \InProcServer32\(Default) = "C:\Program Files\Real\RealPlayer\rpshell.dll" ["RealNetworks, Inc."] "{FFB699E0-306A-11d3-8BD1-00104B6F7516}" = "Play on my TV helper" -> {HKLM...CLSID} = "NVIDIA CPL Extension" \InProcServer32\(Default) = "C:\WINDOWS\system32\nvcpl.dll" ["NVIDIA Corporation"] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\ "WPDShServiceObj" = "{AAA288BA-9A4C-45B0-95D7-94D524869DB5}" -> {HKLM...CLSID} = "WPDShServiceObj Class" \InProcServer32\(Default) = "C:\WINDOWS\system32\WPDShServiceObj.dll" [MS] HKLM\SYSTEM\CurrentControlSet\Control\Lsa\ <<!>> "Authentication Packages" = "msv1_0"|"C:\WINDOWS\system32\khfEVPHW" HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\ <<!>> "BootExecute" = "autocheck autochk *"|"lsdelete" [null data] HKLM\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\ Shell Extension for Malware scanning\(Default) = "{45AC2688-0253-4ED8-97DE-B5370FA7D48A}" -> {HKLM...CLSID} = "Shell Extension for Malware scanning" \InProcServer32\(Default) = "C:\Programme\Avira\AntiVir PersonalEdition Classic\shlext.dll" ["Avira GmbH"] WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" -> {HKLM...CLSID} = "WinRAR" \InProcServer32\(Default) = "C:\Programme\WinRAR\rarext.dll" [null data] ZFAdd\(Default) = "{8FF88D27-7BD0-11D1-BFB7-00AA00262A11}" -> {HKLM...CLSID} = "WinAceContext Menu (Add) Extension" \InProcServer32\(Default) = "C:\Programme\WinAce\arcext.dll" [file not found] HKLM\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\ WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" -> {HKLM...CLSID} = "WinRAR" \InProcServer32\(Default) = "C:\Programme\WinRAR\rarext.dll" [null data] ZFAdd\(Default) = "{8FF88D27-7BD0-11D1-BFB7-00AA00262A11}" -> {HKLM...CLSID} = "WinAceContext Menu (Add) Extension" \InProcServer32\(Default) = "C:\Programme\WinAce\arcext.dll" [file not found] HKLM\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\ Shell Extension for Malware scanning\(Default) = "{45AC2688-0253-4ED8-97DE-B5370FA7D48A}" -> {HKLM...CLSID} = "Shell Extension for Malware scanning" \InProcServer32\(Default) = "C:\Programme\Avira\AntiVir PersonalEdition Classic\shlext.dll" ["Avira GmbH"] UnlockerShellExtension\(Default) = "{DDE4BEEB-DDE6-48fd-8EB5-035C09923F83}" -> {HKLM...CLSID} = "UnlockerShellExtension" \InProcServer32\(Default) = "C:\Programme\Unlocker\UnlockerCOM.dll" [null data] WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" -> {HKLM...CLSID} = "WinRAR" \InProcServer32\(Default) = "C:\Programme\WinRAR\rarext.dll" [null data] HKLM\SOFTWARE\Classes\AllFilesystemObjects\shellex\ContextMenuHandlers\ UnlockerShellExtension\(Default) = "{DDE4BEEB-DDE6-48fd-8EB5-035C09923F83}" -> {HKLM...CLSID} = "UnlockerShellExtension" \InProcServer32\(Default) = "C:\Programme\Unlocker\UnlockerCOM.dll" [null data] Group Policies {GPedit.msc branch and setting}: ----------------------------------------------- Note: detected settings may not have any effect. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\ "NoSMBalloonTip" = (REG_DWORD) dword:0x00000001 {unrecognized setting} HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ "shutdownwithoutlogon" = (REG_DWORD) dword:0x00000001 {Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options| Shutdown: Allow system to be shut down without having to log on} "undockwithoutlogon" = (REG_DWORD) dword:0x00000001 {Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options| Devices: Allow undock without having to log on} "InstallVisualStyle" = (REG_EXPAND_SZ) C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles {unrecognized setting} "InstallTheme" = (REG_EXPAND_SZ) C:\WINDOWS\Resources\Themes\Royale.theme {unrecognized setting} Active Desktop and Wallpaper: ----------------------------- Active Desktop may be disabled at this entry: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState Displayed if Active Desktop enabled and wallpaper not set by Group Policy: HKCU\Software\Microsoft\Internet Explorer\Desktop\General\ "Wallpaper" = "C:\WINDOWS\system32\config\systemprofile\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp" Displayed if Active Desktop disabled and wallpaper not set by Group Policy: HKCU\Control Panel\Desktop\ "Wallpaper" = "C:\Dokumente und Einstellungen\Jannis\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp" Enabled Screen Saver: --------------------- HKCU\Control Panel\Desktop\ "SCRNSAVE.EXE" = "C:\WINDOWS\system32\logon.scr" [MS] Windows Portable Device AutoPlay Handlers ----------------------------------------- HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\ EHomeMusicDropTarget\ "Provider" = "Media Center" "InvokeProgID" = "EHomeDropTarget.EHomeMusicDropTarget" "InvokeVerb" = "play" HKLM\SOFTWARE\Classes\EHomeDropTarget.EHomeMusicDropTarget\shell\play\DropTarget\CLSID = "{ED87EFF3-FF22-404E-B2BD-BC3841BDCB2C}" -> {HKLM...CLSID} = "EHomeMusicDropTarget Class" \InProcServer32\(Default) = "C:\WINDOWS\eHome\ehdrop.dll" [MS] EHomePhotosHandler\ "Provider" = "Media Center" "InvokeProgID" = "EHomeDropTarget.EHomePhotosHandler" "InvokeVerb" = "play" HKLM\SOFTWARE\Classes\EHomeDropTarget.EHomePhotosHandler\shell\play\DropTarget\CLSID = "{4b7601c1-d292-4902-89f4-583a5ce0c535}" -> {HKLM...CLSID} = "EHomePhotosHandler Class" \InProcServer32\(Default) = "C:\WINDOWS\eHome\ehdrop.dll" [MS] EHomeVideoDropTarget\ "Provider" = "Media Center" "InvokeProgID" = "EHomeDropTarget.EHomeVideoDropTarget" "InvokeVerb" = "play" HKLM\SOFTWARE\Classes\EHomeDropTarget.EHomeVideoDropTarget\shell\play\DropTarget\CLSID = "{A48E70A4-8E15-4465-9D85-CCE9E63F8AAB}" -> {HKLM...CLSID} = "EHomeVideoDropTarget Class" \InProcServer32\(Default) = "C:\WINDOWS\eHome\ehdrop.dll" [MS] EHomeVideosHandler\ "Provider" = "Media Center" "InvokeProgID" = "EHomeDropTarget.EHomeVideosHandler" "InvokeVerb" = "play" HKLM\SOFTWARE\Classes\EHomeDropTarget.EHomeVideosHandler\shell\play\DropTarget\CLSID = "{4f61ec50-acef-4ae7-b4c6-b19bddc0f745}" -> {HKLM...CLSID} = "EHomeVideosHandler Class" \InProcServer32\(Default) = "C:\WINDOWS\eHome\ehdrop.dll" [MS] MSWPDShellNamespaceHandler\ "Provider" = "@%SystemRoot%\System32\WPDShextRes.dll,-501" "CLSID" = "{A55803CC-4D53-404c-8557-FD63DBA95D24}" "InitCmdLine" = " " -> {HKLM...CLSID} = "WPDShextAutoplay" \LocalServer32\(Default) = "C:\WINDOWS\system32\WPDShextAutoplay.exe" [MS] NeroAutoPlay2CDAudio\ "Provider" = "Nero Express" "InvokeProgID" = "Nero.AutoPlay2" "InvokeVerb" = "HandleCDBurningOnArrival_CDAudio" HKLM\SOFTWARE\Classes\Nero.AutoPlay2\shell\HandleCDBurningOnArrival_CDAudio\command\(Default) = "C:\Programme\Ahead\nero\nero.exe /w /New:AudioCD /Drive:%L" ["Ahead Software AG"] NeroAutoPlay2CopyCD\ "Provider" = "Nero Express" "InvokeProgID" = "Nero.AutoPlay2" "InvokeVerb" = "PlayCDAudioOnArrival_CopyCD" HKLM\SOFTWARE\Classes\Nero.AutoPlay2\shell\PlayCDAudioOnArrival_CopyCD\command\(Default) = "C:\Programme\Ahead\nero\nero.exe /w /Dialog:DiscCopy /Drive:%L" ["Ahead Software AG"] NeroAutoPlay2DataDisc\ "Provider" = "Nero Express" "InvokeProgID" = "Nero.AutoPlay2" "InvokeVerb" = "HandleCDBurningOnArrival_DataDisc" HKLM\SOFTWARE\Classes\Nero.AutoPlay2\shell\HandleCDBurningOnArrival_DataDisc\command\(Default) = "C:\Programme\Ahead\nero\nero.exe /w /New:ISODisc /Drive:%L" ["Ahead Software AG"] NeroAutoPlay2LaunchNeroStartSmart\ "Provider" = "Nero StartSmart" "InvokeProgID" = "Nero.AutoPlay2" "InvokeVerb" = "HandleCDBurningOnArrival_LaunchNeroStartSmart" HKLM\SOFTWARE\Classes\Nero.AutoPlay2\shell\HandleCDBurningOnArrival_LaunchNeroStartSmart\command\(Default) = "C:\Programme\Ahead\Nero StartSmart\NeroStartSmart.exe /AutoPlay /Drive:%L" ["Ahead Software AG"] NeroAutoPlay2VideoCapture\ "Provider" = "NeroVision Express SE" "ProgID" = "Shell.HWEventHandlerShellExecute" "InitCmdLine" = ""C:\Programme\Ahead\NeroVision\NeroVision.exe" /New:VideoCapture" HKLM\SOFTWARE\Classes\Shell.HWEventHandlerShellExecute\CLSID\(Default) = "{FFB8655F-81B9-4fce-B89C-9A6BA76D13E7}" -> {HKLM...CLSID} = "ShellExecute HW Event Handler" \LocalServer32\(Default) = "rundll32.exe shell32.dll,SHCreateLocalServerRunDll {FFB8655F-81B9-4fce-B89C-9A6BA76D13E7}" [MS] RPCDBurningOnArrival\ "Provider" = "RealPlayer" "InvokeProgID" = "RealPlayer.CDBurn.6" "InvokeVerb" = "open" HKCU\Software\Classes\RealPlayer.CDBurn.6\shell\open\command\(Default) = ""C:\Program Files\Real\RealPlayer\RealPlay.exe" /burn "%1"" ["RealNetworks, Inc."] RPDeviceOnArrival\ "Provider" = "RealPlayer" "ProgID" = "RealPlayer.HWEventHandler" HKLM\SOFTWARE\Classes\RealPlayer.HWEventHandler\CLSID\(Default) = "{67E76F1D-BDE2-4052-913C-2752366192D2}" -> {HKLM...CLSID} = "RealNetworks Scheduler" \LocalServer32\(Default) = ""C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" -autoplay" ["RealNetworks, Inc."] RPPlayCDAudioOnArrival\ "Provider" = "RealPlayer" "InvokeProgID" = "RealPlayer.AudioCD.6" "InvokeVerb" = "play" HKCU\Software\Classes\RealPlayer.AudioCD.6\shell\play\command\(Default) = ""C:\Program Files\Real\RealPlayer\RealPlay.exe" /play %1 " ["RealNetworks, Inc."] RPPlayDVDMovieOnArrival\ "Provider" = "RealPlayer" "InvokeProgID" = "RealPlayer.DVD.6" "InvokeVerb" = "play" HKCU\Software\Classes\RealPlayer.DVD.6\shell\play\command\(Default) = ""C:\Program Files\Real\RealPlayer\RealPlay.exe" /dvd %1 " ["RealNetworks, Inc."] RPPlayMediaOnArrival\ "Provider" = "RealPlayer" "InvokeProgID" = "RealPlayer.AutoPlay.6" "InvokeVerb" = "open" HKCU\Software\Classes\RealPlayer.AutoPlay.6\shell\open\command\(Default) = ""C:\Program Files\Real\RealPlayer\RealPlay.exe" /autoplay "%1"" ["RealNetworks, Inc."] Winsock2 Service Provider DLLs: ------------------------------- Namespace Service Providers HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++} 000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS] 000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS] 000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS] Transport Service Providers HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++} 0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range: %SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 17 %SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05 Toolbars, Explorer Bars, Extensions: ------------------------------------ Explorer Bars HKLM\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\ HKLM\SOFTWARE\Classes\CLSID\{99996159-755D-4D62-AB84-F2B0082EBDFC}\(Default) = "PMC Taskbar" Implemented Categories\{00021494-0000-0000-C000-000000000046}\ [horizontal bar] InProcServer32\(Default) = "mscoree.dll" [MS] Extensions (Tools menu items, main toolbar menu buttons) HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\ {08B0E5C0-4FCB-11CF-AAA5-00401C608501}\ "MenuText" = "Sun Java Konsole" "CLSIDExtension" = "{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBC}" -> {HKCU...CLSID} = "Java Plug-in 1.6.0_05" \InProcServer32\(Default) = "C:\Programme\Java\jre1.6.0_05\bin\ssv.dll" ["Sun Microsystems, Inc."] -> {HKLM...CLSID} = "Java Plug-in 1.6.0_05" \InProcServer32\(Default) = "C:\Programme\Java\jre1.6.0_05\bin\npjpi160_05.dll" ["Sun Microsystems, Inc."] {DFB852A3-47F8-48C4-A200-58CAB36FD2A2}\ "MenuText" = "Spybot - Search & Destroy Configuration" "CLSIDExtension" = "{53707962-6F74-2D53-2644-206D7942484F}" -> {HKLM...CLSID} = "Spybot-S&D IE Protection" \InProcServer32\(Default) = "C:\PROGRA~1\SPYBOT~1\SDHelper.dll" ["Safer Networking Limited"] {E2E2DD38-D088-4134-82B7-F2BA38496583}\ "MenuText" = "@xpsp3res.dll,-20001" "Exec" = "%windir%\Network Diagnostic\xpnetdiag.exe" [MS] {E59EB121-F339-4851-A3BA-FE49C35617C2}\ "ButtonText" = "ICQ6" "MenuText" = "ICQ6" "Exec" = "C:\Programme\ICQ6\ICQ.exe" ["ICQ, Inc."] {FB5F1910-F110-11D2-BB9E-00C04F795683}\ "ButtonText" = "Messenger" "MenuText" = "Windows Messenger" "Exec" = "C:\Programme\Messenger\msmsgs.exe" [MS] Miscellaneous IE Hijack Points ------------------------------ HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs\ <<H>> "PostNotCached" = "res://ieframe.dll/repost.htm" [MS] <<H>> "NoAdd-ons" = "res://ieframe.dll/noaddon.htm" [MS] <<H>> "NoAdd-onsInfo" = "res://ieframe.dll/noaddoninfo.htm" [MS] <<H>> "SecurityRisk" = "res://ieframe.dll/securityatrisk.htm" [MS] <<H>> "Tabs" = "res://ieframe.dll/tabswelcome.htm" [MS] Running Services (Display Name, Service Name, Path {Service DLL}): ------------------------------------------------------------------ AntiVir PersonalEdition Classic Guard, AntiVirService, ""C:\Programme\Avira\AntiVir PersonalEdition Classic\avguard.exe"" ["Avira GmbH"] AntiVir PersonalEdition Classic Planer, AntiVirScheduler, ""C:\Programme\Avira\AntiVir PersonalEdition Classic\sched.exe"" ["Avira GmbH"] Lavasoft Ad-Aware Service, aawservice, "C:\Programme\Lavasoft\Ad-Aware\aawservice.exe" ["Lavasoft"] Media Center Extender Service, McrdSvc, "C:\WINDOWS\ehome\mcrdsvc.exe" [MS] Media Center Receiver Service, ehRecvr, "C:\WINDOWS\eHome\ehRecvr.exe" [MS] Media Center-Planerdienst, ehSched, "C:\WINDOWS\eHome\ehSched.exe" [MS] NVIDIA Display Driver Service, NVSvc, "C:\WINDOWS\system32\nvsvc32.exe" ["NVIDIA Corporation"] PnkBstrA, PnkBstrA, "C:\WINDOWS\system32\PnkBstrA.exe" [null data] PnkBstrB, PnkBstrB, "C:\WINDOWS\system32\PnkBstrB.exe" [null data] WMI-Leistungsadapter, WmiApSrv, "C:\WINDOWS\system32\wbem\wmiapsrv.exe" [MS] ---------- (launch time: 2008-06-07 16:02:00) <<!>>: Suspicious data at a malware launch point. <<H>>: Suspicious data at a browser hijack point. + This report excludes default entries except where indicated. + To see *everywhere* the script checks and *everything* it finds, launch it from a command prompt or a shortcut with the -all parameter. + To search all directories of local fixed drives for DESKTOP.INI DLL launch points, use the -supp parameter or answer "No" at the first message box and "Yes" at the second message box. ---------- (total run time: 23 seconds, including 3 seconds for message boxes) Geändert von Soultaker (07.06.2008 um 15:33 Uhr) |
|
07.06.2008, 15:08
| #5 |
| | Viren hacken Browser |
|
07.06.2008, 15:09
| #6 |
| /// Winkelfunktion /// TB-Süch-Tiger™ |  Viren hacken Browser Kannst Du das bitte editieren? Logfiles sollten möglichst in Codetags gepostet werden. Warum ist hier begründet.
__________________ --> Viren hacken Browser |
|
07.06.2008, 15:18
| #7 |
| | Viren hacken Browser wie meinst du das ? ich versteh nich ganz was ich nu machen soll xD |
|
07.06.2008, 15:24
| #8 |
| /// Winkelfunktion /// TB-Süch-Tiger™ |  Viren hacken Browser Es gibt da die Code-Tags, wenn ein Text mit solchen umschlossen ist sieht das so aus: Code:
ATTFilter Dieser text ist mit Code-tags umschlossen
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
07.06.2008, 15:34
| #9 |
| | Viren hacken Browser also so?-------------> siehe unten |
|
07.06.2008, 15:36
| #10 |
| /// Winkelfunktion /// TB-Süch-Tiger™ |  Viren hacken Browser Danke. Das ist sehr viel übersichtlicher! 
__________________ Logfiles bitte immer in CODE-Tags posten |
|
07.06.2008, 15:41
| #11 |
| /// Winkelfunktion /// TB-Süch-Tiger™ |  Viren hacken Browser Äh, hast Du das Listing irgndwie editiert? Da fehlen nämlich einige Verzeichnisauflistungen... 
__________________ Logfiles bitte immer in CODE-Tags posten |
|
07.06.2008, 16:28
| #12 |
| | Viren hacken Browser öhm 1. nein? O_o 2.Welches meinst du ich kanns nochma psoten |
|
07.06.2008, 16:37
| #13 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Viren hacken Browser Lass das listing.cmd bitte nchmal durchlaufen und poste die neue listing.txt (über file-upload wieder)
__________________ Logfiles bitte immer in CODE-Tags posten |
|
07.06.2008, 16:44
| #14 |
| | Viren hacken Browser |
|
07.06.2008, 16:47
| #15 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Viren hacken Browser Nun sollte es richtig sein. Ich erkenn es schon an der Dateigröße  (das 1.: ca. 60 KB das neue ca. 180 KB)
__________________ Logfiles bitte immer in CODE-Tags posten |
|
| Themen zu Viren hacken Browser |
| ad-aware, adobe, antivir, avira, bho, browse, browser, content.ie5, einstellungen, firefox, hacken, hijack, hijackthis, hkus\s-1-5-18, internet, internet explorer, locker, mozilla, mozilla firefox, problem, quara, rundll, software, system, tr/crypt.xpack.ge, tr/crypt.xpack.gen, tr/crypt.xpack.gen', tr/crypt.xpack.gen' [trojan], trojan, viren, virus, windows, windows xp |
Linear-Darstellung
