Home » Spyware & Browser Hijacker Support Forum » Startseite immer wieder Home Search » Themenansicht
Startseite immer wieder Home Search |
||
|---|---|---|
| #0
| ||
|
30.01.2005, 18:57
Member
Beiträge: 17 |
||
 
|
|
|
|
30.01.2005, 18:59
Ehrenmitglied
 Beiträge: 29434 |
#47
Hallo@wolkenlos
Bitte nun alles weitere abarbeiten __________ MfG Sabina rund um die PC-Sicherheit Dieser Beitrag wurde am 30.01.2005 um 18:59 Uhr von Sabina editiert.
|
|
|
|
|
|
|
30.01.2005, 19:46
Member
Beiträge: 17 |
#48
Hallo Sabina,
leider komme ich jetzt nicht mehr so recht voran. <HKEY_LOCAL_MACHINE>Software>Microsoft>Windows>CurrentVersion>Run loesche: load32 = "%System%\netda.exe" Unter diesem Pfad finde ich in der Registry nur : C:\WINDOWS\atljr.exe "C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe" C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb03.exe C:\Programme\Gemeinsame Dateien\Symantec Shared\cfgwiz.exe /GUID NIS /CMDLINE "REBOOT" "C:\Programme\QuickTime\qttask.exe" -atboottime C:\Programme\Gemeinsame Dateien\Symantec Shared\Security Center\UsrPrmpt.exe C:\Programme\Java\j2re1.4.2_04\bin\jusched.exe C:\PROGRA~1\SYMNET~1\SNDMon.exe C:\Programme\Norton Internet Security\UrlLstCk.exe <HKEY_LOCAL_MACHINE>Software>Microsoft>Windows>CurrentVersion>Explorer>Shell Folders\Startup = loesche: %System%\netdb.exe hier finde ich nur : C:\Dokumente und Einstellungen\All Users.WINDOWS\Startmenü\Programme\Verwaltung C:\Dokumente und Einstellungen\All Users.WINDOWS\Anwendungsdaten C:\Dokumente und Einstellungen\All Users.WINDOWS\Desktop C:\Dokumente und Einstellungen\All Users.WINDOWS\Dokumente C:\Dokumente und Einstellungen\All Users.WINDOWS\Favoriten C:\Dokumente und Einstellungen\All Users.WINDOWS\Startmenü\Programme C:\Dokumente und Einstellungen\All Users.WINDOWS\Startmenü C:\Dokumente und Einstellungen\All Users.WINDOWS\Startmenü\Programme\Autostart C:\Dokumente und Einstellungen\All Users.WINDOWS\Vorlagen C:\Dokumente und Einstellungen\All Users.WINDOWS\Dokumente\Eigene Musik C:\Dokumente und Einstellungen\All Users.WINDOWS\Dokumente\Eigene Bilder C:\Dokumente und Einstellungen\All Users.WINDOWS\Dokumente\Eigene Videos C:\Dokumente und Einstellungen\Christoph.KUNSTHAND-LAP\Eigene Dateien\ <HKEY_LOCAL_MACHINE>Software>Microsoft>Windows NT>CurrentVersion>Winlogon Shell = "explorer.exe loesche: %System%\netdc.exe" HIER DENKE ICH HABE ICH DIE RICHTIGE GEFUNDEN : explorer.exe C:\WINDOWS\system32\netdc.exe Was soll ich jetzt tun ? Bitte hilf mir weiter. MfG, Christoph |
|
|
|
|
|
|
30.01.2005, 20:11
Member
Beiträge: 17 |
#49
Hallo Sabina,
Ich habe im Registrierungs-Editor auch den Arbeitsplatz makiert und unter Bearbeiten > suchen " netda.exe " und " netdb.exe " gesucht, auch hier wurde er nicht fündig. Ist es möglich, das ich diese Einträge nicht habe ? "netdc.exe" hat beim suchen den gleichen Eintrag gefunden wie ich : explorer.exe C:\WINDOWS\system32\netdc.exe Soll ich nur den löschen und mit den anderen Punkten die du mir erklärtest weitermachen ? Besten Dank, Christoph |
|
|
|
|
|
|
30.01.2005, 21:00
Ehrenmitglied
Beiträge: 29434 |
#50
Hallo@wolkenlos
Das zuerst angewendete Tool hat schon Malware aus der Registry geloescht. <HKEY_LOCAL_MACHINE>Software>Microsoft>Windows>CurrentVersion>Run loesche: <C:\WINDOWS\system32\netdc.exe <C:\WINDOWS\atljr.exe <HKEY_LOCAL_MACHINE>Software>Microsoft>Windows NT>CurrentVersion>Winlogon Shell = "explorer.exe loeschen: C:\WINDOWS\system32\netdc.exe <HKEY_LOCAL_MACHINE>Software>Microsoft>Windows>CurrentVersion>Explorer>Shell Folders\Startup = loesche: netdb.exe Wenn du weiteres nicht findest, dann schliesse die Registry und arbeite alles weitere ab. __________ MfG Sabina rund um die PC-Sicherheit Dieser Beitrag wurde am 30.01.2005 um 21:05 Uhr von Sabina editiert.
|
|
|
|
|
|
|
31.01.2005, 15:51
Member
Beiträge: 17 |
#51
Hallo Sabina,
hier ist der Report vom Antivir. Leider habe ich C:\Dokumente und Einstellungen\user\Lokale Einstellungen\Temporary Internet Files\Content.IE5\---> gelöscht ( auch die index.dat )befor ich deine Anleitung gelesen habe. Ist das schlimm ? Erstellungsdatum der Reportdatei: Montag, 31. Jänner 2005 15:44 AntiVir®/XP (2000 + NT) Personal Edition v6.29.00.03 vom 13.12.2004 VDF-Datei v6.29.0.87 (0) vom 28.01.2005 Dieses Programm ist nur für den PRIVATEN EINSATZ bestimmt. Jede andere Verwendung ist NICHT gestattet. Informationen über kommerzielle Versionen von AntiVir erhalten Sie bei: www.antivir.de. Es wird nach 96527 Viren bzw. unerwünschten Programmen gesucht. Lizenznehmer: AntiVir Personal Edition Seriennummer: 0000149996-ADJIE-0001 FUSE: Grundlizenz Bitte tragen Sie in dieses Formular den Rechnerstandort und den zuständigen Ansprechpartner mit Telefonnummer ein: Name ___________________________________________ Straße ___________________________________________ PLZ/Ort ___________________________________________ Telefon/Fax ___________________________________________ EMail ___________________________________________ Plattform: Windows NT Workstation Windows-Version: 5.1 Build 2600 (Service Pack 2) Benutzername: Christoph Prozessor: Pentium Arbeitsspeicher: 261616 KB frei Versionsinformationen: AVWIN.DLL : v6.29.00.03 524328 13.12.2004 11:45:58 AVEWIN32.DLL : v6.29.0.8 791040 18.01.2005 15:27:32 AVGNT.EXE : v6.28.00.02 127016 08.11.2004 08:12:44 AVGUARD.EXE : v6.29.00.03 241704 17.11.2004 14:44:04 GUARDMSG.DLL : v6.28.00.02 98344 30.09.2004 08:10:44 AVGCMSG.DLL : v6.28.00.02 266280 08.11.2004 08:12:44 AVGNTDD.SYS : v6.29.00.02 32560 10.12.2004 12:46:28 AVPACK32.DLL : v6, 28, 0, 4 303144 28.10.2004 10:37:46 AVGETVER.DLL : v6.22.00.00 24576 30.09.2004 08:10:40 AVWIN.DLL : v6.29.00.03 524328 13.12.2004 11:45:58 AVSHLEXT.DLL : v6.22.00.00 57344 30.09.2004 08:10:42 AVSched32.EXE : v6.29.00.00 110632 19.11.2004 12:04:14 AVSched32.DLL : v6.28.00.01 122880 30.09.2004 08:10:42 AVREG.DLL : v6.27.00.01 41000 30.09.2004 08:10:42 AVRep.DLL : v6.29.00.85 913448 28.01.2005 09:42:32 INETUPD.EXE : v6.29.00.02 262203 23.11.2004 12:51:52 INETUPD.DLL : v6.29.00.02 159815 23.11.2004 12:51:52 CTL3D32.DLL : v2.31.000 27136 02.04.2003 13:00:00 MFC42.DLL : v6.02.4131.0 1028096 04.08.2004 08:57:24 MSVCRT.DLL : v7.0.2600.2180 (xpsp_sp2_rtm.0408 MSVCRT.DLL : v7.0.2600.2180 343040 04.08.2004 08:57:28 CTL3DV2.DLL : Keine Information Konfigurationsdaten: Name der Konfigurationsdatei: C:\Programme\AVPersonal\AVWIN.INI Name der Reportdatei: C:\Programme\AVPersonal\LOGFILES\AVWIN.LOG Startpfad: C:\Programme\AVPersonal Kommandozeile: Startmodus: Selbsttest Modus der Reportdatei: [ ] Kein Report erstellen [X] Report überschreiben [ ] Neuen Report anhängen Daten in Reportdatei: [X] Infizierte Dateien [ ] Infizierte Dateien mit Pfaden [ ] Alle durchsuchten Dateien [ ] Komplette Information Reportdatei kürzen: [ ] Reportdatei kürzen Warnungen im Report: [X] Zugriffsfehler/Datei gesperrt [X] Falsche Dateigröße im Verzeichnis [X] Falsche Erstellungszeit im Verzeichnis [ ] COM-Datei zu groß [X] Ungültige Startadresse [X] Ungültiger EXE-Header [X] Möglicherweise beschädigt Kurzreport: [X] Kurzreport erstellen Ausgabedatei: AVWIN.ACT Maximale Anzahl Einträge: 100 Wo zu suchen ist: [X] Speicher [X] Bootsektor Suchlaufwerke [ ] Unbekannte Bootsektoren melden [X] Alle Dateien [ ] Programmdateien Reaktion bei Fund: [X] Reparieren mit Rückfrage [ ] Reparieren ohne Rückfrage [ ] Löschen mit Rückfrage [ ] Löschen ohne Rückfrage [ ] Nur in Logdatei aufzeichnen [X] Akustische Warnung Reaktion bei defekten Dateien: [X] Löschen mit Rückfrage [ ] Löschen ohne Rückfrage [ ] Ignorieren Reaktion bei defekten Dateien: [X] Nicht verändern [ ] Aktuelle Systemzeit [ ] Datum korrigieren Drag&Drop-Einstellungen: [X] Unterverzeichnisse durchsuchen Profil-Einstellungen: [X] Unterverzeichnisse durchsuchen Einstellungen der Archive [X] Archive durchsuchen [X] Alle Archive-Typen Diverse Optionen: Temporärer Pfad: %TEMP% -> C:\DOKUME~1\CHRIST~1.KUN\LOKALE~1\Temp [X] Virulente Dateien überschreiben [ ] Leerlaufzeit entdecken [X] Stoppen der Prüfung zulassen [ ] AVWin®/NT Guard beim Systemstart laden Allgemeine Einstellungen: [X] Einstellungen beim Beenden speichern Priorität: mittel Initialisierung OK Speichertest OK Master-Bootsektor von Festplatte HD0 OK Bootsektor von Laufwerk C: OK Systemdateien boot.ini OK bootfont.bin OK hiberfil.sys OK IO.SYS OK MSDOS.SYS OK NTDETECT.COM OK ntldr OK pagefile.sys OK Systemtest: OK Selbsttest: OK MfG, wolkenlos |
|
|
|
|
|
|
31.01.2005, 16:12
Member
Beiträge: 17 |
#52
Hallo Sabina,
sicherheitshalber poste ich dir auch das Ergebniss des ClearProg 1.4.1. IE - Cookies 2 Cookies 364 Byte IE - Cache 371 Files 8,114 MB IE - History 94 Entries 176,2 KB IE - URLs 8 Entries ------ IE - auto-complete-entries 59 Entries ------ ------------------------------------------------------------------------ Number of deleted files: 534 Entries/Files Number of deleted filesize: 8,287 MB (8.689.462 Byte) |
|
|
|
|
|
|
31.01.2005, 16:54
Member
Beiträge: 17 |
#53
Hallo Sabina,
habe jetzt beim 1. scan von Ad-ware 46 infizierte gefunden und die in Quarantäne geschickt. Ich hoffe das war richtig. Bitte gib mir bescheid. Scan nach dem Neustart poste ich dir in kürze. Ad-Aware SE Build 1.05 Logfile Created on:Montag, 31. Jänner 2005 16:18:33 Created with Ad-Aware SE Personal, free for private use. Using definitions file:SE1R26 25.01.2005 »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» References detected during the scan: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» BlazeFind(TAC index:5):4 total references BuddyLinks(TAC index:5):2 total references CoolWebSearch(TAC index:10):19 total references istbar.dotcomToolbar(TAC index:5):2 total references istbar(TAC index:6):3 total references Possible Browser Hijack attempt(TAC index:3):4 total references Win32.Dialer.Saristar(TAC index:7):9 total references Win32.Trojan.ByteVerify.A(TAC index:8):3 total references »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Ad-Aware SE Settings =========================== Set : Search for negligible risk entries Set : Safe mode (always request confirmation) Set : Scan active processes Set : Scan registry Set : Deep-scan registry Set : Scan my IE Favorites for banned URLs Set : Scan my Hosts file Extended Ad-Aware SE Settings =========================== Set : Unload recognized processes & modules during scan Set : Scan registry for all users instead of current user only Set : Always try to unload modules before deletion Set : During removal, unload Explorer and IE if necessary Set : Let Windows remove files in use at next reboot Set : Delete quarantined objects after restoring Set : Include basic Ad-Aware settings in log file Set : Include additional Ad-Aware settings in log file Set : Include reference summary in log file Set : Include alternate data stream details in log file Set : Play sound at scan completion if scan locates critical objects 31.01.2005 16:18:33 - Scan started. (Full System Scan) Listing running processes »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» #:1 [smss.exe] FilePath : \SystemRoot\System32\ ProcessID : 704 ThreadCreationTime : 31.01.2005 14:34:47 BasePriority : Normal #:2 [csrss.exe] FilePath : \??\C:\WINDOWS\system32\ ProcessID : 752 ThreadCreationTime : 31.01.2005 14:34:50 BasePriority : Normal #:3 [winlogon.exe] FilePath : \??\C:\WINDOWS\system32\ ProcessID : 776 ThreadCreationTime : 31.01.2005 14:34:50 BasePriority : High #:4 [services.exe] FilePath : C:\WINDOWS\system32\ ProcessID : 820 ThreadCreationTime : 31.01.2005 14:34:51 BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.1.2600.2180 ProductName : Betriebssystem Microsoft® Windows® CompanyName : Microsoft Corporation FileDescription : Anwendung für Dienste und Controller InternalName : services.exe LegalCopyright : © Microsoft Corporation. Alle Rechte vorbehalten. OriginalFilename : services.exe #:5 [lsass.exe] FilePath : C:\WINDOWS\system32\ ProcessID : 832 ThreadCreationTime : 31.01.2005 14:34:51 BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.1.2600.2180 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : LSA Shell (Export Version) InternalName : lsass.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : lsass.exe #:6 [svchost.exe] FilePath : C:\WINDOWS\system32\ ProcessID : 988 ThreadCreationTime : 31.01.2005 14:34:52 BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.1.2600.2180 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Generic Host Process for Win32 Services InternalName : svchost.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : svchost.exe #:7 [svchost.exe] FilePath : C:\WINDOWS\system32\ ProcessID : 1052 ThreadCreationTime : 31.01.2005 14:34:52 BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.1.2600.2180 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Generic Host Process for Win32 Services InternalName : svchost.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : svchost.exe #:8 [svchost.exe] FilePath : C:\WINDOWS\System32\ ProcessID : 1116 ThreadCreationTime : 31.01.2005 14:34:53 BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.1.2600.2180 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Generic Host Process for Win32 Services InternalName : svchost.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : svchost.exe #:9 [svchost.exe] FilePath : C:\WINDOWS\System32\ ProcessID : 1168 ThreadCreationTime : 31.01.2005 14:34:53 BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.1.2600.2180 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Generic Host Process for Win32 Services InternalName : svchost.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : svchost.exe #:10 [svchost.exe] FilePath : C:\WINDOWS\System32\ ProcessID : 1268 ThreadCreationTime : 31.01.2005 14:34:54 BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.1.2600.2180 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Generic Host Process for Win32 Services InternalName : svchost.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : svchost.exe #:11 [spoolsv.exe] FilePath : C:\WINDOWS\system32\ ProcessID : 1404 ThreadCreationTime : 31.01.2005 14:34:56 BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.1.2600.2180 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Spooler SubSystem App InternalName : spoolsv.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : spoolsv.exe #:12 [explorer.exe] FilePath : C:\WINDOWS\ ProcessID : 1516 ThreadCreationTime : 31.01.2005 14:34:56 BasePriority : Normal FileVersion : 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 6.00.2900.2180 ProductName : Betriebssystem Microsoft® Windows® CompanyName : Microsoft Corporation FileDescription : Windows Explorer InternalName : explorer LegalCopyright : © Microsoft Corporation. Alle Rechte vorbehalten. OriginalFilename : EXPLORER.EXE #:13 [ccapp.exe] FilePath : C:\Programme\Gemeinsame Dateien\Symantec Shared\ ProcessID : 1656 ThreadCreationTime : 31.01.2005 14:34:59 BasePriority : Normal FileVersion : 2.1.3.4 ProductVersion : 2.1.3.4 ProductName : Common Client CompanyName : Symantec Corporation FileDescription : Common Client User Session InternalName : ccApp LegalCopyright : Copyright (c) 2000-2003 Symantec Corporation. All rights reserved. OriginalFilename : ccApp.exe #:14 [jusched.exe] FilePath : C:\Programme\Java\j2re1.4.2_04\bin\ ProcessID : 1692 ThreadCreationTime : 31.01.2005 14:34:59 BasePriority : Normal #:15 [qttask.exe] FilePath : C:\Programme\QuickTime\ ProcessID : 1732 ThreadCreationTime : 31.01.2005 14:35:00 BasePriority : Normal FileVersion : 6.5.1 ProductVersion : QuickTime 6.5.1 ProductName : QuickTime CompanyName : Apple Computer, Inc. InternalName : QuickTime Task LegalCopyright : © Apple Computer, Inc. 2001-2004 OriginalFilename : QTTask.exe #:16 [ctfmon.exe] FilePath : C:\WINDOWS\system32\ ProcessID : 1764 ThreadCreationTime : 31.01.2005 14:35:00 BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.1.2600.2180 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : CTF Loader InternalName : CTFMON LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : CTFMON.EXE #:17 [msmsgs.exe] FilePath : C:\Programme\Messenger\ ProcessID : 1788 ThreadCreationTime : 31.01.2005 14:35:00 BasePriority : Normal FileVersion : 4.7.3000 ProductVersion : Version 4.7.3000 ProductName : Messenger CompanyName : Microsoft Corporation FileDescription : Windows Messenger InternalName : msmsgs LegalCopyright : Copyright (c) Microsoft Corporation 2004 LegalTrademarks : Microsoft(R) is a registered trademark of Microsoft Corporation in the U.S. and/or other countries. OriginalFilename : msmsgs.exe #:18 [config.exe] FilePath : C:\Programme\NETGEAR\MA401 Wireless PC Card\ ProcessID : 1856 ThreadCreationTime : 31.01.2005 14:35:01 BasePriority : Normal FileVersion : 4.06.4.7 CompanyName : Neesus Datacom Inc. FileDescription : Configuration Utility for Intersil driver LegalCopyright : © Neesus Datacom Inc., 1997-2000 OriginalFilename : Config.exe #:19 [avwupsrv.exe] FilePath : C:\Programme\AVPersonal\ ProcessID : 2024 ThreadCreationTime : 31.01.2005 14:35:04 BasePriority : Normal #:20 [ccproxy.exe] FilePath : C:\Programme\Gemeinsame Dateien\Symantec Shared\ ProcessID : 128 ThreadCreationTime : 31.01.2005 14:35:04 BasePriority : Normal FileVersion : 2.1.3.4 ProductVersion : 2.1.3.4 ProductName : Common Client CompanyName : Symantec Corporation FileDescription : Common Client Network Proxy Service InternalName : ccProxy LegalCopyright : Copyright (c) 2000-2003 Symantec Corporation. All rights reserved. OriginalFilename : ccProxy.exe #:21 [ccsetmgr.exe] FilePath : C:\Programme\Gemeinsame Dateien\Symantec Shared\ ProcessID : 188 ThreadCreationTime : 31.01.2005 14:35:05 BasePriority : Normal FileVersion : 2.1.3.4 ProductVersion : 2.1.3.4 ProductName : Common Client CompanyName : Symantec Corporation FileDescription : Common Client Settings Manager Service InternalName : ccSetMgr LegalCopyright : Copyright (c) 2000-2003 Symantec Corporation. All rights reserved. OriginalFilename : ccSetMgr.exe #:22 [navapsvc.exe] FilePath : C:\Programme\Norton Internet Security\Norton AntiVirus\ ProcessID : 224 ThreadCreationTime : 31.01.2005 14:35:06 BasePriority : Normal FileVersion : 10.00.2 ProductVersion : 10.00.2 ProductName : Norton AntiVirus CompanyName : Symantec Corporation FileDescription : Norton AntiVirus Auto-Protect Service InternalName : NAVAPSVC LegalCopyright : Norton AntiVirus 2004 for Windows 98/ME/2000/XP Copyright (c) 2003 Symantec Corporation. All rights reserved. OriginalFilename : NAVAPSVC.EXE #:23 [savscan.exe] FilePath : C:\Programme\Norton Internet Security\Norton AntiVirus\ ProcessID : 472 ThreadCreationTime : 31.01.2005 14:35:10 BasePriority : Normal FileVersion : 9.2.1.14 ProductVersion : 9.2 ProductName : Symantec AntiVirus AutoProtect CompanyName : Symantec Corporation FileDescription : Symantec AntiVirus Scanner InternalName : SAVSCAN LegalCopyright : Copyright (c) 2003 Symantec Corporation OriginalFilename : SAVSCAN.EXE #:24 [sndsrvc.exe] FilePath : C:\Programme\Gemeinsame Dateien\Symantec Shared\ ProcessID : 560 ThreadCreationTime : 31.01.2005 14:35:11 BasePriority : Normal FileVersion : 5.4.3.11 ProductVersion : 5.4 ProductName : Symantec Security Drivers CompanyName : Symantec Corporation FileDescription : Network Driver Service InternalName : SndSrvc LegalCopyright : Copyright 2002, 2003, 2004 Symantec Corporation OriginalFilename : SndSrvc.exe #:25 [svchost.exe] FilePath : C:\WINDOWS\System32\ ProcessID : 620 ThreadCreationTime : 31.01.2005 14:35:12 BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.1.2600.2180 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Generic Host Process for Win32 Services InternalName : svchost.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : svchost.exe #:26 [wdfmgr.exe] FilePath : C:\WINDOWS\System32\ ProcessID : 720 ThreadCreationTime : 31.01.2005 14:35:13 BasePriority : Normal FileVersion : 5.2.3790.1230 built by: DNSRV(bld4act) ProductVersion : 5.2.3790.1230 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Windows User Mode Driver Manager InternalName : WdfMgr LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : WdfMgr.exe #:27 [ccevtmgr.exe] FilePath : C:\Programme\Gemeinsame Dateien\Symantec Shared\ ProcessID : 948 ThreadCreationTime : 31.01.2005 14:35:13 BasePriority : Normal FileVersion : 2.1.3.4 ProductVersion : 2.1.3.4 ProductName : Common Client CompanyName : Symantec Corporation FileDescription : Common Client Event Manager Service InternalName : ccEvtMgr LegalCopyright : Copyright (c) 2000-2003 Symantec Corporation. All rights reserved. OriginalFilename : ccEvtMgr.exe #:28 [symwsc.exe] FilePath : C:\Programme\Gemeinsame Dateien\Symantec Shared\Security Center\ ProcessID : 1484 ThreadCreationTime : 31.01.2005 14:35:14 BasePriority : Normal FileVersion : 2005.1.2.20 ProductVersion : 2005.1 ProductName : Norton Security Center CompanyName : Symantec Corporation FileDescription : Norton Security Center Service InternalName : SymWSC.exe LegalCopyright : Copyright (c) 1997-2004 Symantec Corporation OriginalFilename : SymWSC.exe #:29 [alg.exe] FilePath : C:\WINDOWS\System32\ ProcessID : 2648 ThreadCreationTime : 31.01.2005 14:35:37 BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.1.2600.2180 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Application Layer Gateway Service InternalName : ALG.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : ALG.exe #:30 [iexplore.exe] FilePath : C:\Programme\Internet Explorer\ ProcessID : 1816 ThreadCreationTime : 31.01.2005 14:43:56 BasePriority : Normal FileVersion : 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 6.00.2900.2180 ProductName : Betriebssystem Microsoft® Windows® CompanyName : Microsoft Corporation FileDescription : Internet Explorer InternalName : iexplore LegalCopyright : © Microsoft Corporation. Alle Rechte vorbehalten. OriginalFilename : IEXPLORE.EXE #:31 [ad-aware.exe] FilePath : C:\PROGRA~1\Lavasoft\AD-AWA~1\ ProcessID : 3932 ThreadCreationTime : 31.01.2005 15:18:13 BasePriority : Normal FileVersion : 6.2.0.206 ProductVersion : VI.Second Edition ProductName : Lavasoft Ad-Aware SE CompanyName : Lavasoft Sweden FileDescription : Ad-Aware SE Core application InternalName : Ad-Aware.exe LegalCopyright : Copyright © Lavasoft Sweden OriginalFilename : Ad-Aware.exe Comments : All Rights Reserved #:32 [hh.exe] FilePath : C:\WINDOWS\ ProcessID : 3524 ThreadCreationTime : 31.01.2005 15:18:13 BasePriority : Normal FileVersion : 5.2.3790.1159 (dnsrv.040209-1620) ProductVersion : 5.2.3790.1159 ProductName : HTML Help CompanyName : Microsoft Corporation FileDescription : Microsoft® HTML Help Executable InternalName : HH 1.41 LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : HH.exe Memory scan result: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 0 Objects found so far: 0 Started registry scan »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» BlazeFind Object Recognized! Type : Regkey Data : Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\classes\syncroadx.installer BlazeFind Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\classes\syncroadx.installer Value : BuddyLinks Object Recognized! Type : Regkey Data : Category : Malware Comment : Rootkey : HKEY_CLASSES_ROOT Object : clsid\{7d39a396-cbb8-4739-b97c-83faa4682e00} BuddyLinks Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_CLASSES_ROOT Object : clsid\{7d39a396-cbb8-4739-b97c-83faa4682e00} Value : CoolWebSearch Object Recognized! Type : Regkey Data : Category : Malware Comment : Rootkey : HKEY_CLASSES_ROOT Object : clsid\{676575dd-4d46-911d-8037-9b10d6ee8bb5} istbar.dotcomToolbar Object Recognized! Type : Regkey Data : Category : Data Miner Comment : Rootkey : HKEY_CLASSES_ROOT Object : interface\{9388907f-82f5-434d-a941-bb802c6dd7c1} istbar.dotcomToolbar Object Recognized! Type : RegValue Data : Category : Data Miner Comment : Rootkey : HKEY_CLASSES_ROOT Object : interface\{9388907f-82f5-434d-a941-bb802c6dd7c1} Value : istbar Object Recognized! Type : Regkey Data : Category : Malware Comment : Rootkey : HKEY_CLASSES_ROOT Object : typelib\{308a04d3-084d-43aa-a3e6-0d12bcca3ce6} Win32.Dialer.Saristar Object Recognized! Type : Regkey Data : Category : Malware Comment : Rootkey : HKEY_CLASSES_ROOT Object : saristar.saristar.1 Win32.Dialer.Saristar Object Recognized! Type : Regkey Data : Category : Malware Comment : Rootkey : HKEY_CLASSES_ROOT Object : saristar.saristar Win32.Dialer.Saristar Object Recognized! Type : Regkey Data : Category : Malware Comment : Rootkey : HKEY_CLASSES_ROOT Object : appid\{90a52f00-64ac-4dc6-9d7d-4516670275d0} Win32.Dialer.Saristar Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_CLASSES_ROOT Object : appid\{90a52f00-64ac-4dc6-9d7d-4516670275d0} Value : Win32.Dialer.Saristar Object Recognized! Type : Regkey Data : Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\saristar\uid Win32.Dialer.Saristar Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\saristar\uid Value : Win32.Trojan.ByteVerify.A Object Recognized! Type : Regkey Data : Category : Malware Comment : Rootkey : HKEY_CLASSES_ROOT Object : interface\{22b3b001-82cb-4977-96e2-d55cebadce38} Win32.Trojan.ByteVerify.A Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_CLASSES_ROOT Object : interface\{22b3b001-82cb-4977-96e2-d55cebadce38} Value : Win32.Trojan.ByteVerify.A Object Recognized! Type : Regkey Data : Category : Malware Comment : Rootkey : HKEY_CLASSES_ROOT Object : typelib\{59e961b9-9acf-44fc-9bf5-003470cc2534} Registry Scan result: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 17 Objects found so far: 17 Started deep registry scan »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Deep registry scan result: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 0 Objects found so far: 17 Started Tracking Cookie scan »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Tracking cookie scan result: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 0 Objects found so far: 17 Deep scanning and examining files (C  »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» CoolWebSearch Object Recognized! Type : File Data : hamcp.log Category : Malware Comment : Object : C:\WINDOWS\ CoolWebSearch Object Recognized! Type : File Data : kcxvl.log Category : Malware Comment : Object : C:\WINDOWS\ CoolWebSearch Object Recognized! Type : File Data : ltgpn.dat Category : Malware Comment : Object : C:\WINDOWS\ CoolWebSearch Object Recognized! Type : File Data : pffoa.txt Category : Malware Comment : Object : C:\WINDOWS\ CoolWebSearch Object Recognized! Type : File Data : ppocu.log Category : Malware Comment : Object : C:\WINDOWS\ CoolWebSearch Object Recognized! Type : File Data : hcnzv.dat Category : Malware Comment : Object : C:\WINDOWS\system32\ CoolWebSearch Object Recognized! Type : File Data : hphhw.log Category : Malware Comment : Object : C:\WINDOWS\system32\ CoolWebSearch Object Recognized! Type : File Data : seysk.dat Category : Malware Comment : Object : C:\WINDOWS\system32\ CoolWebSearch Object Recognized! Type : File Data : tsokl.txt Category : Malware Comment : Object : C:\WINDOWS\system32\ CoolWebSearch Object Recognized! Type : File Data : vtuxz.dat Category : Malware Comment : Object : C:\WINDOWS\system32\ CoolWebSearch Object Recognized! Type : File Data : yvyqv.log Category : Malware Comment : Object : C:\WINDOWS\system32\ CoolWebSearch Object Recognized! Type : File Data : zyigw.log Category : Malware Comment : Object : C:\WINDOWS\system32\ CoolWebSearch Object Recognized! Type : File Data : twupd.txt Category : Malware Comment : Object : C:\WINDOWS\ Disk Scan Result for C:\ »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 0 Objects found so far: 30 Deep scanning and examining files (E »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Disk Scan Result for E:\ »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 0 Objects found so far: 30 Deep scanning and examining files (F »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Disk Scan Result for F:\ »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 0 Objects found so far: 30 Scanning Hosts file...... Hosts file location:"C:\WINDOWS\system32\drivers\etc\hosts". »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Hosts file scan result: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» 1 entries scanned. New critical objects:0 Objects found so far: 30 Possible Browser Hijack attempt Object Recognized! Type : File Data : Only sex website.url Category : Misc Comment : Problematic URL discovered: http://www.onlysex.ws/ Object : C:\Dokumente und Einstellungen\Christoph.KUNSTHAND-LAP\Favoriten\ Possible Browser Hijack attempt Object Recognized! Type : File Data : Search the web.url Category : Misc Comment : Problematic URL discovered: http://www.lookfor.cc/ Object : C:\Dokumente und Einstellungen\Christoph.KUNSTHAND-LAP\Favoriten\ Possible Browser Hijack attempt Object Recognized! Type : File Data : Seven days of free porn.url Category : Misc Comment : Problematic URL discovered: http://www.7days.ws/ Object : C:\Dokumente und Einstellungen\Christoph.KUNSTHAND-LAP\Favoriten\ Performing conditional scans... »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» BlazeFind Object Recognized! Type : Regkey Data : Category : Malware Comment : Rootkey : HKEY_CLASSES_ROOT Object : aspfile\persistenthandler BlazeFind Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_CLASSES_ROOT Object : aspfile\persistenthandler Value : CoolWebSearch Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_CURRENT_USER Object : software\microsoft\internet explorer\main Value : Enable Browser Extensions CoolWebSearch Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_CURRENT_USER Object : software\microsoft\internet explorer\main Value : Use Custom Search URL CoolWebSearch Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\microsoft\internet explorer\main Value : Use Search Asst CoolWebSearch Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\microsoft Value : set CoolWebSearch Object Recognized! Type : RegData Data : Category : Malware Comment : PROXY ENABLED - CHECK PROXY SETTINGS - Check this item if you do not use a proxy server - If a proxy server is in use, its settings in your Internet Options need to be verified. Rootkey : HKEY_CURRENT_USER Object : software\microsoft\windows\currentversion\internet settings Value : ProxyEnable Data : istbar Object Recognized! Type : Regkey Data : Category : Malware Comment : Rootkey : HKEY_CLASSES_ROOT Object : interface\{d128e6c8-6ae7-4ecd-939e-e2e6ca7d035d} istbar Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_CLASSES_ROOT Object : interface\{d128e6c8-6ae7-4ecd-939e-e2e6ca7d035d} Value : Win32.Dialer.Saristar Object Recognized! Type : Regkey Data : Category : Malware Comment : Rootkey : HKEY_CLASSES_ROOT Object : appid\saristar.dll Win32.Dialer.Saristar Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_CLASSES_ROOT Object : appid\saristar.dll Value : AppID Win32.Dialer.Saristar Object Recognized! Type : Regkey Data : Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\saristar Possible Browser Hijack attempt Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_CLASSES_ROOT Object : protocols\handler\ms-its Value : CLSID0 Conditional scan result: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 13 Objects found so far: 46 16:37:50 Scan Complete Summary Of This Scan »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Total scanning time:00:19:17.84 Objects scanned:116533 Objects identified:46 Objects ignored:0 New critical objects:46 MfG, wolkenlos |
|
|
|
|
|
|
31.01.2005, 18:00
Member
Beiträge: 17 |
#54
Hallo Sabina,
hier das SafeLog von Ad-ware, es wurden 29 Objecte gefunden. Sie sind in Negligible Objects, gehören sie angehackt und in Quarantine gesteckt ? Ad-Aware SE Build 1.05 Logfile Created on:Montag, 31. Jänner 2005 17:32:31 Created with Ad-Aware SE Personal, free for private use. Using definitions file:SE1R26 25.01.2005 »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» References detected during the scan: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» MRU List(TAC index:0):29 total references »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Ad-Aware SE Settings =========================== Set : Search for negligible risk entries Set : Safe mode (always request confirmation) Set : Scan active processes Set : Scan registry Set : Deep-scan registry Set : Scan my IE Favorites for banned URLs Set : Scan my Hosts file Extended Ad-Aware SE Settings =========================== Set : Unload recognized processes & modules during scan Set : Scan registry for all users instead of current user only Set : Always try to unload modules before deletion Set : During removal, unload Explorer and IE if necessary Set : Let Windows remove files in use at next reboot Set : Delete quarantined objects after restoring Set : Include basic Ad-Aware settings in log file Set : Include additional Ad-Aware settings in log file Set : Include reference summary in log file Set : Include alternate data stream details in log file Set : Play sound at scan completion if scan locates critical objects 31.01.2005 17:32:31 - Scan started. (Full System Scan) MRU List Object Recognized! Location: : S-1-5-21-1645522239-436374069-1060284298-1003\software\microsoft\windows\currentversion\applets\wordpad\recent file list Description : list of recent files opened using wordpad MRU List Object Recognized! Location: : S-1-5-21-1645522239-436374069-1060284298-1003\software\microsoft\windows\currentversion\applets\paint\recent file list Description : list of files recently opened using microsoft paint MRU List Object Recognized! Location: : S-1-5-21-1645522239-436374069-1060284298-1003\software\microsoft\windows\currentversion\explorer\runmru Description : mru list for items opened in start | run MRU List Object Recognized! Location: : S-1-5-21-1645522239-436374069-1060284298-1003\software\microsoft\search assistant\acmru Description : list of recent search terms used with the search assistant MRU List Object Recognized! Location: : S-1-5-21-1645522239-436374069-1060284298-1003\software\microsoft\windows\currentversion\explorer\comdlg32\opensavemru Description : list of recently saved files, stored according to file extension MRU List Object Recognized! Location: : S-1-5-21-1645522239-436374069-1060284298-1003\software\microsoft\windows\currentversion\explorer\comdlg32\lastvisitedmru Description : list of recent programs opened MRU List Object Recognized! Location: : S-1-5-21-1645522239-436374069-1060284298-1003\software\microsoft\windows\currentversion\explorer\recentdocs Description : list of recent documents opened MRU List Object Recognized! Location: : S-1-5-21-1645522239-436374069-1060284298-1003\software\microsoft\office\9.0\excel\recent files Description : list of recent files used by microsoft excel MRU List Object Recognized! Location: : S-1-5-21-1645522239-436374069-1060284298-1003\software\microsoft\mediaplayer\player\recentfilelist Description : list of recently used files in microsoft windows media player MRU List Object Recognized! Location: : S-1-5-21-1645522239-436374069-1060284298-1003\software\microsoft\internet explorer\main Description : last save directory used in microsoft internet explorer MRU List Object Recognized! Location: : S-1-5-21-1645522239-436374069-1060284298-1003\software\microsoft\internet explorer Description : last download directory used in microsoft internet explorer MRU List Object Recognized! Location: : software\microsoft\directdraw\mostrecentapplication Description : most recent application to use microsoft directdraw MRU List Object Recognized! Location: : S-1-5-21-1645522239-436374069-1060284298-1003\software\microsoft\microsoft management console\recent file list Description : list of recent snap-ins used in the microsoft management console MRU List Object Recognized! Location: : S-1-5-21-1645522239-436374069-1060284298-1003\software\microsoft\mediaplayer\preferences Description : last cd record path used in microsoft windows media player MRU List Object Recognized! Location: : S-1-5-21-1645522239-436374069-1060284298-1003\software\microsoft\frontpage\editor\insert hyperlink\recently used urls Description : list of recently used urls in microsoft frontpage MRU List Object Recognized! Location: : S-1-5-21-1645522239-436374069-1060284298-1003\software\microsoft\mediaplayer\player\settings Description : last open directory used in jasc paint shop pro MRU List Object Recognized! Location: : software\microsoft\direct3d\mostrecentapplication Description : most recent application to use microsoft direct3d MRU List Object Recognized! Location: : S-1-5-21-1645522239-436374069-1060284298-1003\software\microsoft\mediaplayer\preferences Description : last playlist index loaded in microsoft windows media player MRU List Object Recognized! Location: : S-1-5-21-1645522239-436374069-1060284298-1003\software\microsoft\windows\currentversion\applets\regedit Description : last key accessed using the microsoft registry editor MRU List Object Recognized! Location: : S-1-5-21-1645522239-436374069-1060284298-1003\software\microsoft\frontpage\explorer\frontpage explorer\recent web list Description : list of recently used webs in microsoft frontpage MRU List Object Recognized! Location: : S-1-5-21-1645522239-436374069-1060284298-1003\software\microsoft\mediaplayer\preferences Description : last playlist loaded in microsoft windows media player MRU List Object Recognized! Location: : S-1-5-21-1645522239-436374069-1060284298-1003\software\microsoft\frontpage\explorer\navigation\mrulist Description : list for the navigation feature of microsoft frontpage MRU List Object Recognized! Location: : S-1-5-21-1645522239-436374069-1060284298-1003\software\microsoft\frontpage\explorer\frontpage explorer\recent page list Description : list of recently used pages in microsoft frontpage MRU List Object Recognized! Location: : S-1-5-21-1645522239-436374069-1060284298-1003\software\microsoft\frontpage\explorer\frontpage explorer\recent file list Description : list of recently used files in microsoft frontpage MRU List Object Recognized! Location: : software\microsoft\direct3d\mostrecentapplication Description : most recent application to use microsoft direct X MRU List Object Recognized! Location: : .DEFAULT\software\microsoft\windows media\wmsdk\general Description : windows media sdk MRU List Object Recognized! Location: : S-1-5-18\software\microsoft\windows media\wmsdk\general Description : windows media sdk MRU List Object Recognized! Location: : S-1-5-21-1645522239-436374069-1060284298-1003\software\microsoft\windows media\wmsdk\general Description : windows media sdk MRU List Object Recognized! Location: : C:\Dokumente und Einstellungen\Christoph.KUNSTHAND-LAP\recent Description : list of recently opened documents Listing running processes »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» #:1 [smss.exe] FilePath : \SystemRoot\System32\ ProcessID : 704 ThreadCreationTime : 31.01.2005 15:57:30 BasePriority : Normal #:2 [csrss.exe] FilePath : \??\C:\WINDOWS\system32\ ProcessID : 752 ThreadCreationTime : 31.01.2005 15:57:33 BasePriority : Normal #:3 [winlogon.exe] FilePath : \??\C:\WINDOWS\system32\ ProcessID : 776 ThreadCreationTime : 31.01.2005 15:57:34 BasePriority : High #:4 [services.exe] FilePath : C:\WINDOWS\system32\ ProcessID : 820 ThreadCreationTime : 31.01.2005 15:57:35 BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.1.2600.2180 ProductName : Betriebssystem Microsoft® Windows® CompanyName : Microsoft Corporation FileDescription : Anwendung für Dienste und Controller InternalName : services.exe LegalCopyright : © Microsoft Corporation. Alle Rechte vorbehalten. OriginalFilename : services.exe #:5 [lsass.exe] FilePath : C:\WINDOWS\system32\ ProcessID : 832 ThreadCreationTime : 31.01.2005 15:57:35 BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.1.2600.2180 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : LSA Shell (Export Version) InternalName : lsass.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : lsass.exe #:6 [svchost.exe] FilePath : C:\WINDOWS\system32\ ProcessID : 1004 ThreadCreationTime : 31.01.2005 15:57:36 BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.1.2600.2180 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Generic Host Process for Win32 Services InternalName : svchost.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : svchost.exe #:7 [svchost.exe] FilePath : C:\WINDOWS\system32\ ProcessID : 1068 ThreadCreationTime : 31.01.2005 15:57:36 BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.1.2600.2180 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Generic Host Process for Win32 Services InternalName : svchost.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : svchost.exe #:8 [svchost.exe] FilePath : C:\WINDOWS\System32\ ProcessID : 1132 ThreadCreationTime : 31.01.2005 15:57:36 BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.1.2600.2180 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Generic Host Process for Win32 Services InternalName : svchost.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : svchost.exe #:9 [svchost.exe] FilePath : C:\WINDOWS\System32\ ProcessID : 1180 ThreadCreationTime : 31.01.2005 15:57:37 BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.1.2600.2180 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Generic Host Process for Win32 Services InternalName : svchost.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : svchost.exe #:10 [svchost.exe] FilePath : C:\WINDOWS\System32\ ProcessID : 1280 ThreadCreationTime : 31.01.2005 15:57:38 BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.1.2600.2180 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Generic Host Process for Win32 Services InternalName : svchost.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : svchost.exe #:11 [spoolsv.exe] FilePath : C:\WINDOWS\system32\ ProcessID : 1424 ThreadCreationTime : 31.01.2005 15:57:39 BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.1.2600.2180 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Spooler SubSystem App InternalName : spoolsv.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : spoolsv.exe #:12 [explorer.exe] FilePath : C:\WINDOWS\ ProcessID : 1520 ThreadCreationTime : 31.01.2005 15:57:40 BasePriority : Normal FileVersion : 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 6.00.2900.2180 ProductName : Betriebssystem Microsoft® Windows® CompanyName : Microsoft Corporation FileDescription : Windows Explorer InternalName : explorer LegalCopyright : © Microsoft Corporation. Alle Rechte vorbehalten. OriginalFilename : EXPLORER.EXE #:13 [ccapp.exe] FilePath : C:\Programme\Gemeinsame Dateien\Symantec Shared\ ProcessID : 1676 ThreadCreationTime : 31.01.2005 15:57:42 BasePriority : Normal FileVersion : 2.1.3.4 ProductVersion : 2.1.3.4 ProductName : Common Client CompanyName : Symantec Corporation FileDescription : Common Client User Session InternalName : ccApp LegalCopyright : Copyright (c) 2000-2003 Symantec Corporation. All rights reserved. OriginalFilename : ccApp.exe #:14 [jusched.exe] FilePath : C:\Programme\Java\j2re1.4.2_04\bin\ ProcessID : 1712 ThreadCreationTime : 31.01.2005 15:57:42 BasePriority : Normal #:15 [qttask.exe] FilePath : C:\Programme\QuickTime\ ProcessID : 1740 ThreadCreationTime : 31.01.2005 15:57:43 BasePriority : Normal FileVersion : 6.5.1 ProductVersion : QuickTime 6.5.1 ProductName : QuickTime CompanyName : Apple Computer, Inc. InternalName : QuickTime Task LegalCopyright : © Apple Computer, Inc. 2001-2004 OriginalFilename : QTTask.exe #:16 [ctfmon.exe] FilePath : C:\WINDOWS\system32\ ProcessID : 1768 ThreadCreationTime : 31.01.2005 15:57:43 BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.1.2600.2180 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : CTF Loader InternalName : CTFMON LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : CTFMON.EXE #:17 [msmsgs.exe] FilePath : C:\Programme\Messenger\ ProcessID : 1776 ThreadCreationTime : 31.01.2005 15:57:43 BasePriority : Normal FileVersion : 4.7.3000 ProductVersion : Version 4.7.3000 ProductName : Messenger CompanyName : Microsoft Corporation FileDescription : Windows Messenger InternalName : msmsgs LegalCopyright : Copyright (c) Microsoft Corporation 2004 LegalTrademarks : Microsoft(R) is a registered trademark of Microsoft Corporation in the U.S. and/or other countries. OriginalFilename : msmsgs.exe #:18 [config.exe] FilePath : C:\Programme\NETGEAR\MA401 Wireless PC Card\ ProcessID : 1848 ThreadCreationTime : 31.01.2005 15:57:43 BasePriority : Normal FileVersion : 4.06.4.7 CompanyName : Neesus Datacom Inc. FileDescription : Configuration Utility for Intersil driver LegalCopyright : © Neesus Datacom Inc., 1997-2000 OriginalFilename : Config.exe #:19 [avwupsrv.exe] FilePath : C:\Programme\AVPersonal\ ProcessID : 172 ThreadCreationTime : 31.01.2005 15:57:47 BasePriority : Normal #:20 [ccproxy.exe] FilePath : C:\Programme\Gemeinsame Dateien\Symantec Shared\ ProcessID : 188 ThreadCreationTime : 31.01.2005 15:57:47 BasePriority : Normal FileVersion : 2.1.3.4 ProductVersion : 2.1.3.4 ProductName : Common Client CompanyName : Symantec Corporation FileDescription : Common Client Network Proxy Service InternalName : ccProxy LegalCopyright : Copyright (c) 2000-2003 Symantec Corporation. All rights reserved. OriginalFilename : ccProxy.exe #:21 [ccsetmgr.exe] FilePath : C:\Programme\Gemeinsame Dateien\Symantec Shared\ ProcessID : 224 ThreadCreationTime : 31.01.2005 15:57:47 BasePriority : Normal FileVersion : 2.1.3.4 ProductVersion : 2.1.3.4 ProductName : Common Client CompanyName : Symantec Corporation FileDescription : Common Client Settings Manager Service InternalName : ccSetMgr LegalCopyright : Copyright (c) 2000-2003 Symantec Corporation. All rights reserved. OriginalFilename : ccSetMgr.exe #:22 [navapsvc.exe] FilePath : C:\Programme\Norton Internet Security\Norton AntiVirus\ ProcessID : 260 ThreadCreationTime : 31.01.2005 15:57:48 BasePriority : Normal FileVersion : 10.00.2 ProductVersion : 10.00.2 ProductName : Norton AntiVirus CompanyName : Symantec Corporation FileDescription : Norton AntiVirus Auto-Protect Service InternalName : NAVAPSVC LegalCopyright : Norton AntiVirus 2004 for Windows 98/ME/2000/XP Copyright (c) 2003 Symantec Corporation. All rights reserved. OriginalFilename : NAVAPSVC.EXE #:23 [savscan.exe] FilePath : C:\Programme\Norton Internet Security\Norton AntiVirus\ ProcessID : 376 ThreadCreationTime : 31.01.2005 15:57:48 BasePriority : Normal FileVersion : 9.2.1.14 ProductVersion : 9.2 ProductName : Symantec AntiVirus AutoProtect CompanyName : Symantec Corporation FileDescription : Symantec AntiVirus Scanner InternalName : SAVSCAN LegalCopyright : Copyright (c) 2003 Symantec Corporation OriginalFilename : SAVSCAN.EXE #:24 [sndsrvc.exe] FilePath : C:\Programme\Gemeinsame Dateien\Symantec Shared\ ProcessID : 576 ThreadCreationTime : 31.01.2005 15:57:51 BasePriority : Normal FileVersion : 5.4.3.11 ProductVersion : 5.4 ProductName : Symantec Security Drivers CompanyName : Symantec Corporation FileDescription : Network Driver Service InternalName : SndSrvc LegalCopyright : Copyright 2002, 2003, 2004 Symantec Corporation OriginalFilename : SndSrvc.exe #:25 [svchost.exe] FilePath : C:\WINDOWS\System32\ ProcessID : 724 ThreadCreationTime : 31.01.2005 15:57:53 BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.1.2600.2180 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Generic Host Process for Win32 Services InternalName : svchost.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : svchost.exe #:26 [wdfmgr.exe] FilePath : C:\WINDOWS\System32\ ProcessID : 736 ThreadCreationTime : 31.01.2005 15:57:53 BasePriority : Normal FileVersion : 5.2.3790.1230 built by: DNSRV(bld4act) ProductVersion : 5.2.3790.1230 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Windows User Mode Driver Manager InternalName : WdfMgr LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : WdfMgr.exe #:27 [ccevtmgr.exe] FilePath : C:\Programme\Gemeinsame Dateien\Symantec Shared\ ProcessID : 1104 ThreadCreationTime : 31.01.2005 15:57:54 BasePriority : Normal FileVersion : 2.1.3.4 ProductVersion : 2.1.3.4 ProductName : Common Client CompanyName : Symantec Corporation FileDescription : Common Client Event Manager Service InternalName : ccEvtMgr LegalCopyright : Copyright (c) 2000-2003 Symantec Corporation. All rights reserved. OriginalFilename : ccEvtMgr.exe #:28 [symwsc.exe] FilePath : C:\Programme\Gemeinsame Dateien\Symantec Shared\Security Center\ ProcessID : 960 ThreadCreationTime : 31.01.2005 15:57:55 BasePriority : Normal FileVersion : 2005.1.2.20 ProductVersion : 2005.1 ProductName : Norton Security Center CompanyName : Symantec Corporation FileDescription : Norton Security Center Service InternalName : SymWSC.exe LegalCopyright : Copyright (c) 1997-2004 Symantec Corporation OriginalFilename : SymWSC.exe #:29 [alg.exe] FilePath : C:\WINDOWS\System32\ ProcessID : 2600 ThreadCreationTime : 31.01.2005 15:58:17 BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.1.2600.2180 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Application Layer Gateway Service InternalName : ALG.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : ALG.exe #:30 [ad-aware.exe] FilePath : C:\Programme\Lavasoft\Ad-Aware SE Personal\ ProcessID : 3868 ThreadCreationTime : 31.01.2005 16:30:33 BasePriority : Normal FileVersion : 6.2.0.206 ProductVersion : VI.Second Edition ProductName : Lavasoft Ad-Aware SE CompanyName : Lavasoft Sweden FileDescription : Ad-Aware SE Core application InternalName : Ad-Aware.exe LegalCopyright : Copyright © Lavasoft Sweden OriginalFilename : Ad-Aware.exe Comments : All Rights Reserved Memory scan result: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 0 Objects found so far: 29 Started registry scan »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Registry Scan result: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 0 Objects found so far: 29 Started deep registry scan »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Deep registry scan result: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 0 Objects found so far: 29 Started Tracking Cookie scan »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Tracking cookie scan result: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 0 Objects found so far: 29 Deep scanning and examining files (C »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Disk Scan Result for C:\ »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 0 Objects found so far: 29 Deep scanning and examining files (E »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Disk Scan Result for E:\ »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 0 Objects found so far: 29 Deep scanning and examining files (F »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Disk Scan Result for F:\ »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 0 Objects found so far: 29 Scanning Hosts file...... Hosts file location:"C:\WINDOWS\system32\drivers\etc\hosts". »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Hosts file scan result: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» 1 entries scanned. New critical objects:0 Objects found so far: 29 Performing conditional scans... »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Conditional scan result: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 0 Objects found so far: 29 17:51:25 Scan Complete Summary Of This Scan »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Total scanning time:00:18:53.760 Objects scanned:115972 Objects identified:0 Objects ignored:0 New critical objects:0 MfG, Wolkenlos |
|
|
|
|
|
|
31.01.2005, 18:18
Member
Beiträge: 17 |
#55
Hallo Sabina,
Ich habe, wie du sicher gesehen hast bereits mehrere Postings eingestellt, da ich mir wünsche das auch wirklich alles klappt und du ja die Fähigkeit hast dies alles zu überprüfen. Jetzt klappt alles wieder wie geschmiert. Bitte sei aber so nett und sage mir was ich mit all den Sachen machen soll, die ich für diese ganze Reperatur downgeloadet habe machen soll. Was soll ich löschen und was nicht ? Ich habe noch meinen Symantec am Rechner und nun auch Antivir - da das Symantec Abo vor wenigen Tagen ablief und Antivir wesentlich mehr Viren fand als Symantec, möchte ich wissen ob ich Symantec löschen kann. Muss ich Antivir noch irgendwie konfigurieren ? Wie kann ich mich besser schützen als bisher ? Muss ich ausser dem wmplayer noch etwas aktuallisieren, zB.: SP 2 oder anderes ? Soll ich alle meine Passwörter ändern ? Wie sicher bin ich zur Zeit ? Ich hoffe das du die Zeit findest mir diese Fragen zu beantworten und mir einige Tips geben kannst. Für alles was du bisher für mich getan hast danke ich dir recht herzlich und hoffe das du noch vielen Usern so toll helfen kannst wie mir. Bist du hier im eigenen Auftrag unterwegs oder arbeitest du für board.protecus.de ? Gibt es ein Spendenkonto wo mann seinem Dank ausdruck verleihen darf ? MfG, Wolkenlos alias Christoph |
|
|
|
|
|
|
01.02.2005, 12:00
Ehrenmitglied
Beiträge: 29434 |
#56
Hallo@wolkenlos
Poste bitte das neue Log vom HijackThis vom Antivirus hast du NICHT das Scann-Log gepostet--> mache das bitte noch <Den Antivirus kannst du beibehalten.--> jeden Tag updaten !!!! konfiguriere im Scanner + im Guard (der aktiviert sein sollte) [X] Speicher [X] Bootsektor Suchlaufwerke [ ] Unbekannte Bootsektoren melden [X] Alle Dateien [ ] Programmdateien <du solltest SP2 laden (besorge dir eine PC-Zeitschrift, die das SP2 auf CD hat, so musst du nicht nach jeder Neuinstallation hunderte von MB laden.) #Patches, Service Packs und Tools (XP) http://www.rz.uni-freiburg.de/pc/sys/winxp/index.php <surfe nicht mehr mit dem IE #Alternativbrowser zum IE Firefox http://www.mozilla-europe.org/de/ Opera http://www.opera7.de/ Dienste daktivieren #Windows-Dienste abschalten"! http://www.dingens.org/ #TuneUp2004 (30 Tage free) http://www.tuneup.de/products/tuneup-utilities/ Cleanup repair -->TuneUp Diskcleaner Cleanup repair -->Registry Cleaner Defragmentierungs-Option (inzwischen keine anderen Anwendungen offen haben) arbeitsplatz--> lokaler datenträger--> rechtsklick--> eigenschaften--> extras--> jetzt defragmentieren Die Tools solltest du behalten . __________ MfG Sabina rund um die PC-Sicherheit Dieser Beitrag wurde am 01.02.2005 um 12:06 Uhr von Sabina editiert.
|
|
|
|
|
|
|
02.02.2005, 10:51
Member
Beiträge: 17 |
#57
Hallo Sabina,
hier das neue Log vom HijackThis. Logfile of HijackThis v1.99.0 Scan saved at 10:49:12, on 02.02.2005 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe C:\Programme\Java\j2re1.4.2_04\bin\jusched.exe C:\Programme\QuickTime\qttask.exe C:\WINDOWS\system32\ctfmon.exe C:\Programme\Messenger\msmsgs.exe C:\Programme\NETGEAR\MA401 Wireless PC Card\Config.exe C:\Programme\AVPersonal\AVWUPSRV.EXE C:\Programme\Gemeinsame Dateien\Symantec Shared\ccProxy.exe C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSetMgr.exe C:\Programme\Norton Internet Security\Norton AntiVirus\navapsvc.exe C:\Programme\Norton Internet Security\Norton AntiVirus\SAVScan.exe C:\Programme\Gemeinsame Dateien\Symantec Shared\SNDSrvc.exe C:\WINDOWS\System32\svchost.exe C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe C:\Programme\Gemeinsame Dateien\Symantec Shared\Security Center\SymWSC.exe C:\Programme\Internet Explorer\iexplore.exe C:\Programme\hijackthis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.de/ O2 - BHO: (no name) - {0CB47655-F1F9-0848-D574-0B1EABE280A8} - C:\WINDOWS\system32\adddw32.dll (file missing) O2 - BHO: (no name) - {3C8F8ED0-7873-97D9-7C38-50E4064ACB99} - C:\WINDOWS\mfcxd32.dll (file missing) O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Programme\Norton Internet Security\Norton AntiVirus\NavShExt.dll O2 - BHO: (no name) - {CF61C703-8551-6D49-A399-05F1680E205B} - C:\WINDOWS\system32\crcn32.dll (file missing) O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programme\Norton Internet Security\Norton AntiVirus\NavShExt.dll O4 - HKLM\..\Run: [ccApp] "C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [IS CfgWiz] C:\Programme\Gemeinsame Dateien\Symantec Shared\cfgwiz.exe /GUID NIS /CMDLINE "REBOOT" O4 - HKLM\..\Run: [URLLSTCK.exe] C:\Programme\Norton Internet Security\UrlLstCk.exe O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb03.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programme\Java\j2re1.4.2_04\bin\jusched.exe O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Programme\Gemeinsame Dateien\Symantec Shared\Security Center\UsrPrmpt.exe O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Programme\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe O4 - Global Startup: Configuration Utility.lnk = C:\Programme\NETGEAR\MA401 Wireless PC Card\Config.exe O4 - Global Startup: Microsoft Office.lnk = C:\Programme\Microsoft Office\Office\OSA9.EXE O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\j2re1.4.2_04\bin\npjpi142_04.dll O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\j2re1.4.2_04\bin\npjpi142_04.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{243B080D-87D2-4C22-BE9B-B12DA69C3C38}: NameServer = 195.3.96.67,195.3.96.68 O17 - HKLM\System\CCS\Services\Tcpip\..\{D4BCF77D-8E72-4C2E-A864-616123D7F8D2}: NameServer = 195.3.96.67 195.3.96.68 O17 - HKLM\System\CS1\Services\Tcpip\..\{243B080D-87D2-4C22-BE9B-B12DA69C3C38}: NameServer = 195.3.96.67,195.3.96.68 O23 - Service: AntiVir Service - H+BEDV Datentechnik GmbH - C:\Programme\AVPersonal\AVGUARD.EXE O23 - Service: AntiVir Update - H+BEDV Datentechnik GmbH, Germany - C:\Programme\AVPersonal\AVWUPSRV.EXE O23 - Service: Symantec Event Manager - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Network Proxy - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccProxy.exe O23 - Service: Symantec Password Validation - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSetMgr.exe O23 - Service: Norton AntiVirus Auto-Protect-Dienst - Symantec Corporation - C:\Programme\Norton Internet Security\Norton AntiVirus\navapsvc.exe O23 - Service: SAVScan - Symantec Corporation - C:\Programme\Norton Internet Security\Norton AntiVirus\SAVScan.exe O23 - Service: ScriptBlocking Service - Symantec Corporation - C:\PROGRA~1\GEMEIN~1\SYMANT~1\SCRIPT~1\SBServ.exe O23 - Service: Symantec Network Drivers Service - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\SNDSrvc.exe O23 - Service: SymWMI Service - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\Security Center\SymWSC.exe MfG, Wolkenlos |
|
|
|
|
|
|
02.02.2005, 12:01
Member
Beiträge: 17 |
#58
Hallo Sabina,
Bitte sag mir wie ich vom Antivirus das Scann-Log erstellen kann. Ich finde nur die Einstellung Report oder Kurzreport. Abermals vielen Dank, Wolkenlos |
|
|
|
|
|
|
02.02.2005, 13:54
Ehrenmitglied
Beiträge: 29434 |
#59
Hallo@wolkenlos
Das Log vom Antivirus findest du unter "Report" --------------------------------------------------------------------------- Download Registry Search Tool : http://www.billsway.com/vbspage/vbsfiles/RegSrch.zip Doppelklick:regsrch.vbs kopiere rein: {3C8F8ED0-7873-97D9-7C38-50E4064ACB99} Press 'OK' warten, bis die Suche beendet ist. (Ergebnis bitte posten) {CF61C703-8551-6D49-A399-05F1680E205B} Press 'OK' warten, bis die Suche beendet ist. (Ergebnis bitte posten) #öffne das HijackThis-->> Button "scan" -->> Häkchen setzen -->> Button "Fix checked" -->> PC neustarten O2 - BHO: (no name) - {3C8F8ED0-7873-97D9-7C38-50E4064ACB99} - C:\WINDOWS\mfcxd32.dll (file missing) O2 - BHO: (no name) - {CF61C703-8551-6D49-A399-05F1680E205B} - C:\WINDOWS\system32\crcn32.dll (file missing) PC neustarten loesche mit der Killbox: C:\WINDOWS\system32\crcn32.dll C:\WINDOWS\mfcxd32.dll dann poste das neue Log vom HijackThis __________ MfG Sabina rund um die PC-Sicherheit Dieser Beitrag wurde am 02.02.2005 um 13:55 Uhr von Sabina editiert.
|
|
|
|
|
|
|
02.02.2005, 14:25
Member
Beiträge: 17 |
#60
Hallo Sabina,
Also das müsste doch das Log sein, aber ich habe es schon vom ersten scan von Antivir gepostet, bitte siehe auf dieser Seite weiter oben. Hier das neue von heute : Die anderen Schritte arbeite ich jetzt dann durch. Erstellungsdatum der Reportdatei: Mittwoch, 02. Februar 2005 14:14 AntiVir®/XP (2000 + NT) Personal Edition v6.29.00.03 vom 13.12.2004 VDF-Datei v6.29.0.95 (0) vom 01.02.2005 Dieses Programm ist nur für den PRIVATEN EINSATZ bestimmt. Jede andere Verwendung ist NICHT gestattet. Informationen über kommerzielle Versionen von AntiVir erhalten Sie bei: www.antivir.de. Es wird nach 96782 Viren bzw. unerwünschten Programmen gesucht. Lizenznehmer: AntiVir Personal Edition Seriennummer: 0000149996-ADJIE-0001 FUSE: Grundlizenz Bitte tragen Sie in dieses Formular den Rechnerstandort und den zuständigen Ansprechpartner mit Telefonnummer ein: Name ___________________________________________ Straße ___________________________________________ PLZ/Ort ___________________________________________ Telefon/Fax ___________________________________________ EMail ___________________________________________ Plattform: Windows NT Workstation Windows-Version: 5.1 Build 2600 (Service Pack 2) Benutzername: Christoph Prozessor: Pentium Arbeitsspeicher: 261616 KB frei Versionsinformationen: AVWIN.DLL : v6.29.00.03 524328 13.12.2004 11:45:58 AVEWIN32.DLL : v6.29.0.8 791040 18.01.2005 15:27:32 AVGNT.EXE : v6.28.00.02 127016 08.11.2004 08:12:44 AVGUARD.EXE : v6.29.00.03 241704 17.11.2004 14:44:04 GUARDMSG.DLL : v6.28.00.02 98344 30.09.2004 08:10:44 AVGCMSG.DLL : v6.28.00.02 266280 08.11.2004 08:12:44 AVGNTDD.SYS : v6.29.00.02 32560 10.12.2004 12:46:28 AVPACK32.DLL : v6, 28, 0, 4 303144 28.10.2004 10:37:46 AVGETVER.DLL : v6.22.00.00 24576 30.09.2004 08:10:40 AVWIN.DLL : v6.29.00.03 524328 13.12.2004 11:45:58 AVSHLEXT.DLL : v6.22.00.00 57344 30.09.2004 08:10:42 AVSched32.EXE : v6.29.00.00 110632 19.11.2004 12:04:14 AVSched32.DLL : v6.28.00.01 122880 30.09.2004 08:10:42 AVREG.DLL : v6.27.00.01 41000 30.09.2004 08:10:42 AVRep.DLL : v6.29.00.89 921640 02.02.2005 10:59:34 INETUPD.EXE : v6.29.00.02 262203 23.11.2004 12:51:52 INETUPD.DLL : v6.29.00.02 159815 23.11.2004 12:51:52 CTL3D32.DLL : v2.31.000 27136 02.04.2003 13:00:00 MFC42.DLL : v6.02.4131.0 1028096 04.08.2004 08:57:24 MSVCRT.DLL : v7.0.2600.2180 (xpsp_sp2_rtm.0408 MSVCRT.DLL : v7.0.2600.2180 343040 04.08.2004 08:57:28 CTL3DV2.DLL : Keine Information Konfigurationsdaten: Name der Konfigurationsdatei: C:\Programme\AVPersonal\AVWIN.INI Name der Reportdatei: C:\Programme\AVPersonal\LOGFILES\AVWIN.LOG Startpfad: C:\Programme\AVPersonal Kommandozeile: Startmodus: Selbsttest Modus der Reportdatei: [ ] Kein Report erstellen [X] Report überschreiben [ ] Neuen Report anhängen Daten in Reportdatei: [X] Infizierte Dateien [ ] Infizierte Dateien mit Pfaden [ ] Alle durchsuchten Dateien [ ] Komplette Information Reportdatei kürzen: [ ] Reportdatei kürzen Warnungen im Report: [X] Zugriffsfehler/Datei gesperrt [X] Falsche Dateigröße im Verzeichnis [X] Falsche Erstellungszeit im Verzeichnis [ ] COM-Datei zu groß [X] Ungültige Startadresse [X] Ungültiger EXE-Header [X] Möglicherweise beschädigt Kurzreport: [X] Kurzreport erstellen Ausgabedatei: AVWIN.ACT Maximale Anzahl Einträge: 100 Wo zu suchen ist: [X] Speicher [X] Bootsektor Suchlaufwerke [ ] Unbekannte Bootsektoren melden [X] Alle Dateien [ ] Programmdateien Reaktion bei Fund: [X] Reparieren mit Rückfrage [ ] Reparieren ohne Rückfrage [ ] Löschen mit Rückfrage [ ] Löschen ohne Rückfrage [ ] Nur in Logdatei aufzeichnen [X] Akustische Warnung Reaktion bei defekten Dateien: [X] Löschen mit Rückfrage [ ] Löschen ohne Rückfrage [ ] Ignorieren Reaktion bei defekten Dateien: [X] Nicht verändern [ ] Aktuelle Systemzeit [ ] Datum korrigieren Drag&Drop-Einstellungen: [X] Unterverzeichnisse durchsuchen Profil-Einstellungen: [X] Unterverzeichnisse durchsuchen Einstellungen der Archive [X] Archive durchsuchen [X] Alle Archive-Typen Diverse Optionen: Temporärer Pfad: %TEMP% -> C:\DOKUME~1\CHRIST~1.KUN\LOKALE~1\Temp [X] Virulente Dateien überschreiben [ ] Leerlaufzeit entdecken [X] Stoppen der Prüfung zulassen [ ] AVWin®/NT Guard beim Systemstart laden Allgemeine Einstellungen: [X] Einstellungen beim Beenden speichern Priorität: mittel Initialisierung OK Speichertest OK Master-Bootsektor von Festplatte HD0 OK Bootsektor von Laufwerk C: OK Systemdateien boot.ini OK bootfont.bin OK hiberfil.sys OK IO.SYS OK MSDOS.SYS OK NTDETECT.COM OK ntldr OK pagefile.sys OK Systemtest: OK Selbsttest: OK MfG, Wolkenlos |
|
|
|
|
|
Um auf dieses Thema zu ANTWORTEN
bitte erst » hier kostenlos registrieren!!
bitte erst » hier kostenlos registrieren!!
Folgende Themen könnten Dich auch interessieren:
Copyright © 2024, Protecus.de - Protecus Team - Impressum / Mediadaten
Dich sollte mann heilig sprechen, du bist anscheinend immer daran anderen Usern zu helfen. DANKE
Also nun habe ich alle Ergebnisse des Registry Search Tool hier her kopiert.
Nun mache ich alle anderen Schritte, die du mir so schön erklärt hast.
Bitte teil mir mit wie es weitergeht und wie ich mich besser schützen kann.
Mein Symantec Antivirus und Internet Security Abo lief erst vor wenigen Tagen aus. Hätte es mich auch bei einem gültigen Abo erwischt ? Was empfiehlst du ?
Vielen Dank
Christoph alias wolkenlos
REGEDIT4
; RegSrch.vbs © Bill James
; Registry search results for string "{10000000-1000-0000-1000-000000000000}" 30.01.2005 18:18:39
; NOTE: This file will be deleted when you close WordPad.
; You must manually save this file to a new location if you want to refer to it again later.
; (If you save the file with a .reg extension, you can use it to restore any Registry changes you make to these values.)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{10000000-1000-0000-1000-000000000000}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{10000000-1000-0000-1000-000000000000}\Contains]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{10000000-1000-0000-1000-000000000000}\DownloadInformation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{10000000-1000-0000-1000-000000000000}\InstalledVersion]
REGEDIT4
; RegSrch.vbs © Bill James
; Registry search results for string "{BEF0FEBD-F78A-41EC-772B-449A98822845}" 30.01.2005 18:21:07
; NOTE: This file will be deleted when you close WordPad.
; You must manually save this file to a new location if you want to refer to it again later.
; (If you save the file with a .reg extension, you can use it to restore any Registry changes you make to these values.)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BEF0FEBD-F78A-41EC-772B-449A98822845}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BEF0FEBD-F78A-41EC-772B-449A98822845}\Data]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BEF0FEBD-F78A-41EC-772B-449A98822845}\Data\MD]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BEF0FEBD-F78A-41EC-772B-449A98822845}\InprocServer32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks]
"{BEF0FEBD-F78A-41EC-772B-449A98822845}"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BEF0FEBD-F78A-41EC-772B-449A98822845}]
[HKEY_USERS\S-1-5-21-1645522239-436374069-1060284298-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{BEF0FEBD-F78A-41EC-772B-449A98822845}]
[HKEY_USERS\S-1-5-21-1645522239-436374069-1060284298-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{BEF0FEBD-F78A-41EC-772B-449A98822845}\iexplore]
REGEDIT4
; RegSrch.vbs © Bill James
; Registry search results for string "{11111111-1111-1111-1111-111111111123}" 30.01.2005 18:23:58
; NOTE: This file will be deleted when you close WordPad.
; You must manually save this file to a new location if you want to refer to it again later.
; (If you save the file with a .reg extension, you can use it to restore any Registry changes you make to these values.)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{11111111-1111-1111-1111-111111111123}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{11111111-1111-1111-1111-111111111123}\Contains]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{11111111-1111-1111-1111-111111111123}\DownloadInformation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{11111111-1111-1111-1111-111111111123}\InstalledVersion]
REGEDIT4
; RegSrch.vbs © Bill James
; Registry search results for string "{11111111-1111-1111-1111-111111111157}" 30.01.2005 18:25:51
; NOTE: This file will be deleted when you close WordPad.
; You must manually save this file to a new location if you want to refer to it again later.
; (If you save the file with a .reg extension, you can use it to restore any Registry changes you make to these values.)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{11111111-1111-1111-1111-111111111157}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{11111111-1111-1111-1111-111111111157}\Contains]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{11111111-1111-1111-1111-111111111157}\DownloadInformation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{11111111-1111-1111-1111-111111111157}\InstalledVersion]
REGEDIT4
; RegSrch.vbs © Bill James
; Registry search results for string "{11111111-1111-1111-1111-111111111237}" 30.01.2005 18:27:40
; NOTE: This file will be deleted when you close WordPad.
; You must manually save this file to a new location if you want to refer to it again later.
; (If you save the file with a .reg extension, you can use it to restore any Registry changes you make to these values.)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{11111111-1111-1111-1111-111111111237}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{11111111-1111-1111-1111-111111111237}\Contains]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{11111111-1111-1111-1111-111111111237}\DownloadInformation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{11111111-1111-1111-1111-111111111237}\InstalledVersion]
REGEDIT4
; RegSrch.vbs © Bill James
; Registry search results for string "{15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6}" 30.01.2005 18:29:26
; NOTE: This file will be deleted when you close WordPad.
; You must manually save this file to a new location if you want to refer to it again later.
; (If you save the file with a .reg extension, you can use it to restore any Registry changes you make to these values.)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SyncroAdX.Installer\CLSID]
@="{15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WinServAdX.Installer\CLSID]
@="{15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6}\Contains]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6}\Contains\Files]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6}\DownloadInformation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6}\InstalledVersion]
REGEDIT4
; RegSrch.vbs © Bill James
; Registry search results for string "{1ABDE199-A442-322C-A85C-51F5594E458E}" 30.01.2005 18:33:29
; NOTE: This file will be deleted when you close WordPad.
; You must manually save this file to a new location if you want to refer to it again later.
; (If you save the file with a .reg extension, you can use it to restore any Registry changes you make to these values.)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{1ABDE199-A442-322C-A85C-51F5594E458E}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{1ABDE199-A442-322C-A85C-51F5594E458E}\Contains]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{1ABDE199-A442-322C-A85C-51F5594E458E}\DownloadInformation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{1ABDE199-A442-322C-A85C-51F5594E458E}\InstalledVersion]
REGEDIT4
; RegSrch.vbs © Bill James
; Registry search results for string "{2048B51E-8D74-4762-82CE-B48CF545EEEA}" 30.01.2005 18:35:37
; NOTE: This file will be deleted when you close WordPad.
; You must manually save this file to a new location if you want to refer to it again later.
; (If you save the file with a .reg extension, you can use it to restore any Registry changes you make to these values.)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{2048B51E-8D74-4762-82CE-B48CF545EEEA}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{2048B51E-8D74-4762-82CE-B48CF545EEEA}\Contains]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{2048B51E-8D74-4762-82CE-B48CF545EEEA}\Contains\Files]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{2048B51E-8D74-4762-82CE-B48CF545EEEA}\DownloadInformation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{2048B51E-8D74-4762-82CE-B48CF545EEEA}\InstalledVersion]
REGEDIT4
; RegSrch.vbs © Bill James
; Registry search results for string "{30CE93AE-4987-483C-9ABE-F2BD5301AB70}" 30.01.2005 18:37:37
; NOTE: This file will be deleted when you close WordPad.
; You must manually save this file to a new location if you want to refer to it again later.
; (If you save the file with a .reg extension, you can use it to restore any Registry changes you make to these values.)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{30CE93AE-4987-483C-9ABE-F2BD5301AB70}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{30CE93AE-4987-483C-9ABE-F2BD5301AB70}\Contains]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{30CE93AE-4987-483C-9ABE-F2BD5301AB70}\DownloadInformation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{30CE93AE-4987-483C-9ABE-F2BD5301AB70}\InstalledVersion]
REGEDIT4
; RegSrch.vbs © Bill James
; Registry search results for string "{42F2D240-B23C-11D6-8C73-70A05DC10000}" 30.01.2005 18:39:52
; NOTE: This file will be deleted when you close WordPad.
; You must manually save this file to a new location if you want to refer to it again later.
; (If you save the file with a .reg extension, you can use it to restore any Registry changes you make to these values.)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{42F2D240-B23C-11D6-8C73-70A05DC10000}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{42F2D240-B23C-11D6-8C73-70A05DC10000}\Contains]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{42F2D240-B23C-11D6-8C73-70A05DC10000}\DownloadInformation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{42F2D240-B23C-11D6-8C73-70A05DC10000}\InstalledVersion]
REGEDIT4
; RegSrch.vbs © Bill James
; Registry search results for string "{55D1CB01-8B97-2EF7-1265-75585EEFC32C}" 30.01.2005 18:41:32
; NOTE: This file will be deleted when you close WordPad.
; You must manually save this file to a new location if you want to refer to it again later.
; (If you save the file with a .reg extension, you can use it to restore any Registry changes you make to these values.)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{55D1CB01-8B97-2EF7-1265-75585EEFC32C}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{55D1CB01-8B97-2EF7-1265-75585EEFC32C}\Contains]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{55D1CB01-8B97-2EF7-1265-75585EEFC32C}\DownloadInformation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{55D1CB01-8B97-2EF7-1265-75585EEFC32C}\InstalledVersion]
REGEDIT4
; RegSrch.vbs © Bill James
; Registry search results for string "{9EB320CE-BE1D-4304-A081-4B4665414BEF}" 30.01.2005 18:43:09
; NOTE: This file will be deleted when you close WordPad.
; You must manually save this file to a new location if you want to refer to it again later.
; (If you save the file with a .reg extension, you can use it to restore any Registry changes you make to these values.)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{9EB320CE-BE1D-4304-A081-4B4665414BEF}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{9EB320CE-BE1D-4304-A081-4B4665414BEF}\Contains]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{9EB320CE-BE1D-4304-A081-4B4665414BEF}\Contains\Files]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{9EB320CE-BE1D-4304-A081-4B4665414BEF}\DownloadInformation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{9EB320CE-BE1D-4304-A081-4B4665414BEF}\InstalledVersion]
REGEDIT4
; RegSrch.vbs © Bill James
; Registry search results for string "{F0BC061F-DAF9-4533-8011-53BCB4C10307}" 30.01.2005 18:44:59
; NOTE: This file will be deleted when you close WordPad.
; You must manually save this file to a new location if you want to refer to it again later.
; (If you save the file with a .reg extension, you can use it to restore any Registry changes you make to these values.)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F0BC061F-DAF9-4533-8011-53BCB4C10307}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F0BC061F-DAF9-4533-8011-53BCB4C10307}\Control]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F0BC061F-DAF9-4533-8011-53BCB4C10307}\Implemented Categories]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F0BC061F-DAF9-4533-8011-53BCB4C10307}\Implemented Categories\{7DD95801-9882-11CF-9FA9-00AA006C42C4}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F0BC061F-DAF9-4533-8011-53BCB4C10307}\Implemented Categories\{7DD95802-9882-11CF-9FA9-00AA006C42C4}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F0BC061F-DAF9-4533-8011-53BCB4C10307}\InprocServer32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F0BC061F-DAF9-4533-8011-53BCB4C10307}\MiscStatus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F0BC061F-DAF9-4533-8011-53BCB4C10307}\MiscStatus\1]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F0BC061F-DAF9-4533-8011-53BCB4C10307}\ProgID]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F0BC061F-DAF9-4533-8011-53BCB4C10307}\ToolboxBitmap32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F0BC061F-DAF9-4533-8011-53BCB4C10307}\TypeLib]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F0BC061F-DAF9-4533-8011-53BCB4C10307}\Version]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\InstallationsAssistent.1\CLSID]
@="{F0BC061F-DAF9-4533-8011-53BCB4C10307}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{F0BC061F-DAF9-4533-8011-53BCB4C10307}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{F0BC061F-DAF9-4533-8011-53BCB4C10307}\Contains]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{F0BC061F-DAF9-4533-8011-53BCB4C10307}\Contains\Files]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{F0BC061F-DAF9-4533-8011-53BCB4C10307}\DownloadInformation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{F0BC061F-DAF9-4533-8011-53BCB4C10307}\InstalledVersion]