Home » Spyware & Browser Hijacker Support Forum » WinAntiVirus Pro 2006 / Spyware Quake » Themenansicht
WinAntiVirus Pro 2006 / Spyware Quake |
||
|---|---|---|
| #0
| ||
|
19.07.2006, 14:00
Ehrenmitglied
 Beiträge: 29434 |
||
 
|
|
|
|
20.07.2006, 21:49
Member
Themenstarter Beiträge: 15 |
#17
endlich wieder online
 hier der text von registry search REGEDIT4 ; Registry Search 2.0 by Bobbi Flekman © 2005 ; Version: 2.0.1.0 ; Results at 20.07.2006 21:37:48 for strings: ; 'winantivirus pro 2006' ; Strings excluded from search: ; (None) ; Search in: ; Registry Keys Registry Values Registry Data ; HKEY_LOCAL_MACHINE HKEY_USERS [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs] "C:\\Programme\\Gemeinsame Dateien\\WinAntiVirus Pro 2006\\WapCHK.dll"=dword:00000001 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "C:\\Programme\\WinAntiVirus Pro 2006\\Updater.exe"="C:\\Programme\\WinAntiVirus Pro 2006\\Updater.exe:*:Enabled:updater.exe" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "C:\\Programme\\WinAntiVirus Pro 2006\\Updater.exe"="C:\\Programme\\WinAntiVirus Pro 2006\\Updater.exe:*:Enabled:updater.exe" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "C:\\Programme\\WinAntiVirus Pro 2006\\Updater.exe"="C:\\Programme\\WinAntiVirus Pro 2006\\Updater.exe:*:Enabled:updater.exe" [HKEY_USERS\S-1-5-21-2557097379-1158229929-1469869567-500\Software\Microsoft\Windows\ShellNoRoam\MUICache] "C:\\Programme\\WinAntiVirus Pro 2006\\install.exe"="Install Application" "C:\\Programme\\WinAntiVirus Pro 2006\\VAExt.exe"="WinAntiVirus Pro 2006" "C:\\Programme\\WinAntiVirus Pro 2006\\WinAV.exe"="WinAntiVirus Pro 2006" "C:\\Programme\\WinAntiVirus Pro 2006\\CompWiz.exe"="Companion Wizard" "C:\\Programme\\WinAntiVirus Pro 2006\\fat.exe"="File Access Test Application" [HKEY_USERS\S-1-5-21-2557097379-1158229929-1469869567-500\Software\WinAntiVirus Pro 2006] [HKEY_USERS\S-1-5-21-2557097379-1158229929-1469869567-500\Software\WinAntiVirus Pro 2006\Settings] ; End Of The Log... vielen dank |
|
|
|
|
|
|
20.07.2006, 22:33
Ehrenmitglied
Beiträge: 29434 |
#18
huerlimann
Gehe in die Registry Start - Ausfuehren - regedit bearbeiten - suchen - WinAntiVirus Pro 2006 loesche alles, was oben rot angegeben ist ------------------------------------------------------------------------ Avenger http://virus-protect.org/artikel/tools/avenger.html Zitat registry keys to delete:poste den report von avenger __________ MfG Sabina rund um die PC-Sicherheit |
|
|
|
|
|
|
21.07.2006, 12:46
Member
Themenstarter Beiträge: 15 |
#19
//////////////////////////////////////////
Avenger Pre-Processor log ////////////////////////////////////////// Syntax error in line --- does not appear to be a valid registry path. Line will be ignored. Error code: 1813 Line: HKEY_CURRENT_USER\Software\WinAntiVirus Pro 2006 Syntax error in line --- does not appear to be a valid registry path. Line will be ignored. Error code: 1813 Line: HKEY_CLASSES_ROOT\WAP6.PCheck ////////////////////////////////////////// Logfile of The Avenger version 1, by Swandog46 Running from registry key: \Registry\Machine\System\CurrentControlSet\Services\olhgchrk ******************* Script file located at: plobiamm Could not open script file! Error Could not open script file! Status: 0xc000003b Abort! vielen dank |
|
|
|
|
|
|
21.07.2006, 13:03
Ehrenmitglied
Beiträge: 29434 |
#20
ich hab den avenger veraendert...versuche es noch mal
__________ MfG Sabina rund um die PC-Sicherheit |
|
|
|
|
|
|
21.07.2006, 13:11
Member
Themenstarter Beiträge: 15 |
#21
Logfile of The Avenger version 1, by Swandog46
Running from registry key: \Registry\Machine\System\CurrentControlSet\Services\lmxuwrxg ******************* Script file located at: \??\C:\Program Files\oqytlpac.txt Script file opened successfully. Script file read successfully Backups directory opened successfully at C:\Avenger ******************* Beginning to process script file: Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\FWSvc not found! Deletion of registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\FWSvc failed! Could not process line: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\FWSvc Status: 0xc0000034 Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\FWSvc not found! Deletion of registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\FWSvc failed! Could not process line: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\FWSvc Status: 0xc0000034 Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\FWSvc not found! Deletion of registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\FWSvc failed! Could not process line: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\FWSvc Status: 0xc0000034 Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\FWSvc not found! Deletion of registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\FWSvc failed! Could not process line: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\FWSvc Status: 0xc0000034 Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_FWSVC not found! Deletion of registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_FWSVC failed! Could not process line: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_FWSVC Status: 0xc0000034 Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_FWSVC not found! Deletion of registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_FWSVC failed! Could not process line: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_FWSVC Status: 0xc0000034 Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_FWSVC not found! Deletion of registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_FWSVC failed! Could not process line: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_FWSVC Status: 0xc0000034 Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_FWSVC not found! Deletion of registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_FWSVC failed! Could not process line: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_FWSVC Status: 0xc0000034 Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\FOPN not found! Deletion of registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\FOPN failed! Could not process line: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\FOPN Status: 0xc0000034 Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\FOPN not found! Deletion of registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\FOPN failed! Could not process line: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\FOPN Status: 0xc0000034 Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\FOPN not found! Deletion of registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\FOPN failed! Could not process line: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\FOPN Status: 0xc0000034 Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\FOPN not found! Deletion of registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\FOPN failed! Could not process line: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\FOPN Status: 0xc0000034 File C:\WINDOWS\system32\stera.exe deleted successfully. Could not open file C:\Programme\WinAntiVirus Pro 2006\winpgi.dll for deletion Deletion of file C:\Programme\WinAntiVirus Pro 2006\winpgi.dll failed! Could not process line: C:\Programme\WinAntiVirus Pro 2006\winpgi.dll Status: 0xc000003a Could not open file C:\Programme\WinAntiVirus Pro 2006\Updater.exe for deletion Deletion of file C:\Programme\WinAntiVirus Pro 2006\Updater.exe failed! Could not process line: C:\Programme\WinAntiVirus Pro 2006\Updater.exe Status: 0xc000003a Could not open file C:\Programme\WinAntiVirus Pro 2006\winav.exe for deletion Deletion of file C:\Programme\WinAntiVirus Pro 2006\winav.exe failed! Could not process line: C:\Programme\WinAntiVirus Pro 2006\winav.exe Status: 0xc000003a Could not open file C:\Programme\WinAntiVirus Pro 2006\WAV6COM.dll d for deletion Deletion of file C:\Programme\WinAntiVirus Pro 2006\WAV6COM.dll d failed! Could not process line: C:\Programme\WinAntiVirus Pro 2006\WAV6COM.dll d Status: 0xc000003a Could not open file C:\Programme\WinAntiVirus Pro 2006\pv.exe for deletion Deletion of file C:\Programme\WinAntiVirus Pro 2006\pv.exe failed! Could not process line: C:\Programme\WinAntiVirus Pro 2006\pv.exe Status: 0xc000003a Could not open file C:\Programme\WinAntiVirus Pro 2006\Activate.exe for deletion Deletion of file C:\Programme\WinAntiVirus Pro 2006\Activate.exe failed! Could not process line: C:\Programme\WinAntiVirus Pro 2006\Activate.exe Status: 0xc000003a Could not open file C:\Programme\WinAntiVirus Pro 2006\asmngr.dll for deletion Deletion of file C:\Programme\WinAntiVirus Pro 2006\asmngr.dll failed! Could not process line: C:\Programme\WinAntiVirus Pro 2006\asmngr.dll Status: 0xc000003a Could not open file C:\Programme\WinAntiVirus Pro 2006\avkernel.dll for deletion Deletion of file C:\Programme\WinAntiVirus Pro 2006\avkernel.dll failed! Could not process line: C:\Programme\WinAntiVirus Pro 2006\avkernel.dll Status: 0xc000003a Could not open file C:\Programme\WinAntiVirus Pro 2006\BkSites.dat for deletion Deletion of file C:\Programme\WinAntiVirus Pro 2006\BkSites.dat failed! Could not process line: C:\Programme\WinAntiVirus Pro 2006\BkSites.dat Status: 0xc000003a Could not open file C:\Programme\WinAntiVirus Pro 2006\bnlink.dat for deletion Deletion of file C:\Programme\WinAntiVirus Pro 2006\bnlink.dat failed! Could not process line: C:\Programme\WinAntiVirus Pro 2006\bnlink.dat Status: 0xc000003a Could not open file C:\Programme\WinAntiVirus Pro 2006\bpupdater.dat for deletion Deletion of file C:\Programme\WinAntiVirus Pro 2006\bpupdater.dat failed! Could not process line: C:\Programme\WinAntiVirus Pro 2006\bpupdater.dat Status: 0xc000003a Could not open file C:\Programme\WinAntiVirus Pro 2006\CompWiz.exe for deletion Deletion of file C:\Programme\WinAntiVirus Pro 2006\CompWiz.exe failed! Could not process line: C:\Programme\WinAntiVirus Pro 2006\CompWiz.exe Status: 0xc000003a Could not open file C:\Programme\WinAntiVirus Pro 2006\fat.exe for deletion Deletion of file C:\Programme\WinAntiVirus Pro 2006\fat.exe failed! Could not process line: C:\Programme\WinAntiVirus Pro 2006\fat.exe Status: 0xc000003a Could not open file C:\Programme\WinAntiVirus Pro 2006\fopn.exe for deletion Deletion of file C:\Programme\WinAntiVirus Pro 2006\fopn.exe failed! Could not process line: C:\Programme\WinAntiVirus Pro 2006\fopn.exe Status: 0xc000003a Could not open file C:\Programme\WinAntiVirus Pro 2006\fopn.sys for deletion Deletion of file C:\Programme\WinAntiVirus Pro 2006\fopn.sys failed! Could not process line: C:\Programme\WinAntiVirus Pro 2006\fopn.sys Status: 0xc000003a Could not open file C:\Programme\WinAntiVirus Pro 2006\fopnl.dll for deletion Deletion of file C:\Programme\WinAntiVirus Pro 2006\fopnl.dll failed! Could not process line: C:\Programme\WinAntiVirus Pro 2006\fopnl.dll Status: 0xc000003a Could not open file C:\Programme\WinAntiVirus Pro 2006\history.db for deletion Deletion of file C:\Programme\WinAntiVirus Pro 2006\history.db failed! Could not process line: C:\Programme\WinAntiVirus Pro 2006\history.db Status: 0xc000003a Could not open file C:\Programme\WinAntiVirus Pro 2006\IEFWBHO.dll for deletion Deletion of file C:\Programme\WinAntiVirus Pro 2006\IEFWBHO.dll failed! Could not process line: C:\Programme\WinAntiVirus Pro 2006\IEFWBHO.dll Status: 0xc000003a Could not open file C:\Programme\WinAntiVirus Pro 2006\install.exe for deletion Deletion of file C:\Programme\WinAntiVirus Pro 2006\install.exe failed! Could not process line: C:\Programme\WinAntiVirus Pro 2006\install.exe Status: 0xc000003a Could not open file C:\Programme\WinAntiVirus Pro 2006\InstHelp.exe for deletion Deletion of file C:\Programme\WinAntiVirus Pro 2006\InstHelp.exe failed! Could not process line: C:\Programme\WinAntiVirus Pro 2006\InstHelp.exe Status: 0xc000003a Could not open file C:\Programme\WinAntiVirus Pro 2006\lapv.dat for deletion Deletion of file C:\Programme\WinAntiVirus Pro 2006\lapv.dat failed! Could not process line: C:\Programme\WinAntiVirus Pro 2006\lapv.dat Status: 0xc000003a Could not open file C:\Programme\WinAntiVirus Pro 2006\License.rtf for deletion Deletion of file C:\Programme\WinAntiVirus Pro 2006\License.rtf failed! Could not process line: C:\Programme\WinAntiVirus Pro 2006\License.rtf Status: 0xc000003a Could not open file C:\Programme\WinAntiVirus Pro 2006\online.url for deletion Deletion of file C:\Programme\WinAntiVirus Pro 2006\online.url failed! Could not process line: C:\Programme\WinAntiVirus Pro 2006\online.url Status: 0xc000003a Could not open file C:\Programme\WinAntiVirus Pro 2006\PGupdater.dat for deletion Deletion of file C:\Programme\WinAntiVirus Pro 2006\PGupdater.dat failed! Could not process line: C:\Programme\WinAntiVirus Pro 2006\PGupdater.dat Status: 0xc000003a Could not open file C:\Programme\WinAntiVirus Pro 2006\phigh.bin for deletion Deletion of file C:\Programme\WinAntiVirus Pro 2006\phigh.bin failed! Could not process line: C:\Programme\WinAntiVirus Pro 2006\phigh.bin Status: 0xc000003a Could not open file C:\Programme\WinAntiVirus Pro 2006\pmedium.bin for deletion Deletion of file C:\Programme\WinAntiVirus Pro 2006\pmedium.bin failed! Could not process line: C:\Programme\WinAntiVirus Pro 2006\pmedium.bin Status: 0xc000003a Could not open file C:\Programme\WinAntiVirus Pro 2006\prc.dat for deletion Deletion of file C:\Programme\WinAntiVirus Pro 2006\prc.dat failed! Could not process line: C:\Programme\WinAntiVirus Pro 2006\prc.dat Status: 0xc000003a Could not open file C:\Programme\WinAntiVirus Pro 2006\prerules.xml for deletion Deletion of file C:\Programme\WinAntiVirus Pro 2006\prerules.xml failed! Could not process line: C:\Programme\WinAntiVirus Pro 2006\prerules.xml Status: 0xc000003a Could not open file C:\Programme\WinAntiVirus Pro 2006\ps.dat for deletion Deletion of file C:\Programme\WinAntiVirus Pro 2006\ps.dat failed! Could not process line: C:\Programme\WinAntiVirus Pro 2006\ps.dat Status: 0xc000003a Could not open file C:\Programme\WinAntiVirus Pro 2006\pv.dat for deletion Deletion of file C:\Programme\WinAntiVirus Pro 2006\pv.dat failed! Could not process line: C:\Programme\WinAntiVirus Pro 2006\pv.dat Status: 0xc000003a Could not open file C:\Programme\WinAntiVirus Pro 2006\rpt.dll for deletion Deletion of file C:\Programme\WinAntiVirus Pro 2006\rpt.dll failed! Could not process line: C:\Programme\WinAntiVirus Pro 2006\rpt.dll Status: 0xc000003a Could not open file C:\Programme\WinAntiVirus Pro 2006\RulSrv.dll for deletion Deletion of file C:\Programme\WinAntiVirus Pro 2006\RulSrv.dll failed! Could not process line: C:\Programme\WinAntiVirus Pro 2006\RulSrv.dll Status: 0xc000003a Could not open file C:\Programme\WinAntiVirus Pro 2006\settings.bin for deletion Deletion of file C:\Programme\WinAntiVirus Pro 2006\settings.bin failed! Could not process line: C:\Programme\WinAntiVirus Pro 2006\settings.bin Status: 0xc000003a Could not open file C:\Programme\WinAntiVirus Pro 2006\sqlite3.dll for deletion Deletion of file C:\Programme\WinAntiVirus Pro 2006\sqlite3.dll failed! Could not process line: C:\Programme\WinAntiVirus Pro 2006\sqlite3.dll Status: 0xc000003a Could not open file C:\Programme\WinAntiVirus Pro 2006\sr.log for deletion Deletion of file C:\Programme\WinAntiVirus Pro 2006\sr.log failed! Could not process line: C:\Programme\WinAntiVirus Pro 2006\sr.log Status: 0xc000003a Could not open file C:\Programme\WinAntiVirus Pro 2006\st.dat for deletion Deletion of file C:\Programme\WinAntiVirus Pro 2006\st.dat failed! Could not process line: C:\Programme\WinAntiVirus Pro 2006\st.dat Status: 0xc000003a Could not open file C:\Programme\WinAntiVirus Pro 2006\support.url for deletion Deletion of file C:\Programme\WinAntiVirus Pro 2006\support.url failed! Could not process line: C:\Programme\WinAntiVirus Pro 2006\support.url Status: 0xc000003a Could not open file C:\Programme\WinAntiVirus Pro 2006\unins000.dat for deletion Deletion of file C:\Programme\WinAntiVirus Pro 2006\unins000.dat failed! Could not process line: C:\Programme\WinAntiVirus Pro 2006\unins000.dat Status: 0xc000003a Could not open file C:\Programme\WinAntiVirus Pro 2006\unins000.exe for deletion Deletion of file C:\Programme\WinAntiVirus Pro 2006\unins000.exe failed! Could not process line: C:\Programme\WinAntiVirus Pro 2006\unins000.exe Status: 0xc000003a Could not open file C:\Programme\WinAntiVirus Pro 2006\uninstall.ico for deletion Deletion of file C:\Programme\WinAntiVirus Pro 2006\uninstall.ico failed! Could not process line: C:\Programme\WinAntiVirus Pro 2006\uninstall.ico Status: 0xc000003a Could not open file C:\Programme\WinAntiVirus Pro 2006\UninstallPage.html for deletion Deletion of file C:\Programme\WinAntiVirus Pro 2006\UninstallPage.html failed! Could not process line: C:\Programme\WinAntiVirus Pro 2006\UninstallPage.html Status: 0xc000003a Could not open file C:\Programme\WinAntiVirus Pro 2006\up.dat for deletion Deletion of file C:\Programme\WinAntiVirus Pro 2006\up.dat failed! Could not process line: C:\Programme\WinAntiVirus Pro 2006\up.dat Status: 0xc000003a Could not open file C:\Programme\WinAntiVirus Pro 2006\updater.dat for deletion Deletion of file C:\Programme\WinAntiVirus Pro 2006\updater.dat failed! Could not process line: C:\Programme\WinAntiVirus Pro 2006\updater.dat Status: 0xc000003a Could not open file C:\Programme\WinAntiVirus Pro 2006\VAExt.exe for deletion Deletion of file C:\Programme\WinAntiVirus Pro 2006\VAExt.exe failed! Could not process line: C:\Programme\WinAntiVirus Pro 2006\VAExt.exe Status: 0xc000003a Could not open file C:\Programme\WinAntiVirus Pro 2006\vbpv.dat for deletion Deletion of file C:\Programme\WinAntiVirus Pro 2006\vbpv.dat failed! Could not process line: C:\Programme\WinAntiVirus Pro 2006\vbpv.dat Status: 0xc000003a Could not open file C:\Programme\WinAntiVirus Pro 2006\WAupdater.dat for deletion Deletion of file C:\Programme\WinAntiVirus Pro 2006\WAupdater.dat failed! Could not process line: C:\Programme\WinAntiVirus Pro 2006\WAupdater.dat Status: 0xc000003a Could not open file C:\Programme\WinAntiVirus Pro 2006\worldmap.swf for deletion Deletion of file C:\Programme\WinAntiVirus Pro 2006\worldmap.swf failed! Could not process line: C:\Programme\WinAntiVirus Pro 2006\worldmap.swf Status: 0xc000003a Could not open file C:\Programme\Gemeinsame Dateien\WinAntiVirus Pro 2006\WapCHK.dll for deletion Deletion of file C:\Programme\Gemeinsame Dateien\WinAntiVirus Pro 2006\WapCHK.dll failed! Could not process line: C:\Programme\Gemeinsame Dateien\WinAntiVirus Pro 2006\WapCHK.dll Status: 0xc000003a Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\WinAntiVirusPro2006 not found! Deletion of registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\WinAntiVirusPro2006 failed! Status: 0xc0000034 Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\Programme\Gemeinsame Dateien\WinAntiVirus Pro 2006\WapCHK.dll not found! Deletion of registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\Programme\Gemeinsame Dateien\WinAntiVirus Pro 2006\WapCHK.dll failed! Status: 0xc0000034 Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Applications\WinAV.exe\shell not found! Deletion of registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Applications\WinAV.exe\shell failed! Status: 0xc0000034 Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Applications\WinAV.exe not found! Deletion of registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Applications\WinAV.exe failed! Status: 0xc0000034 Registry key HKEY_LOCAL_MACHINE\SOFTWARE\WinSoftware not found! Deletion of registry key HKEY_LOCAL_MACHINE\SOFTWARE\WinSoftware failed! Status: 0xc0000034 Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WA6P_is1 not found! Deletion of registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WA6P_is1 failed! Status: 0xc0000034 Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Purchased Products\WinAntiVirus Pro 2006 not found! Deletion of registry key HKEY_LOCAL_MACHINE\SOFTWARE\Purchased Products\WinAntiVirus Pro 2006 failed! Status: 0xc0000034 Registry key HKEY_LOCAL_MACHINE\SOFTWARE\SupportUninstall\WinAntiVirus Pro 2006 not found! Deletion of registry key HKEY_LOCAL_MACHINE\SOFTWARE\SupportUninstall\WinAntiVirus Pro 2006 failed! Status: 0xc0000034 Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{723D54C7-7483-4EB8-8EED-CE5B2AEA534D} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1AC5C88A-DEA7-462b-A232-04AF5CA42E7E} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2178F3FB-2560-458f-BDEE-631E2FE0DFE4} not found! Deletion of registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2178F3FB-2560-458f-BDEE-631E2FE0DFE4} failed! Status: 0xc0000034 Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B2A3156E-3332-4b47-AF5A-5B121503514F} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B646F5E2-0A48-421d-AC91-F96C92BFC17A} not found! Deletion of registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B646F5E2-0A48-421d-AC91-F96C92BFC17A} failed! Status: 0xc0000034 Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E69F0D6A-1C69-4A04-8709-5EAC2019D9BE} not found! Deletion of registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E69F0D6A-1C69-4A04-8709-5EAC2019D9BE} failed! Status: 0xc0000034 Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B5141620-C2B2-4d95-9F0F-134D99C87AB0} not found! Deletion of registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B5141620-C2B2-4d95-9F0F-134D99C87AB0} failed! Status: 0xc0000034 Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0903FECD-7F7A-4790-A819-A3CE08416732} not found! Deletion of registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0903FECD-7F7A-4790-A819-A3CE08416732} failed! Status: 0xc0000034 Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{85C99188-BEFD-4c61-A54B-5D7CB0204C1E} not found! Deletion of registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{85C99188-BEFD-4c61-A54B-5D7CB0204C1E} failed! Status: 0xc0000034 Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{B32FE740-8B67-409A-BCA8-3297263C354E} not found! Deletion of registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{B32FE740-8B67-409A-BCA8-3297263C354E} failed! Status: 0xc0000034 Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{1234890A-5E6E-4867-8136-CA6F1456B235} not found! Deletion of registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{1234890A-5E6E-4867-8136-CA6F1456B235} failed! Status: 0xc0000034 Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{732B6533-7F78-4C47-9C01-2979BA0829B9} not found! Deletion of registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{732B6533-7F78-4C47-9C01-2979BA0829B9} failed! Status: 0xc0000034 Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{FC0B8EB8-AE24-4FD6-B479-E2B464F32DA6} not found! Deletion of registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{FC0B8EB8-AE24-4FD6-B479-E2B464F32DA6} failed! Status: 0xc0000034 Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{367A86A5-D048-4785-86BE-4E2706AAFDD9} not found! Deletion of registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{367A86A5-D048-4785-86BE-4E2706AAFDD9} failed! Status: 0xc0000034 Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{2BC32EF8-BB73-4099-BB2E-0F2951B3E276} not found! Deletion of registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{2BC32EF8-BB73-4099-BB2E-0F2951B3E276} failed! Status: 0xc0000034 Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\WAVAutoPlay not found! Deletion of registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\WAVAutoPlay failed! Status: 0xc0000034 Completed script processing. ******************* Finished! Terminate. |
|
|
|
|
|
|
21.07.2006, 13:27
Ehrenmitglied
Beiträge: 29434 |
#22
noch mal:
und doppelklicken, um zu starten. in: "Enter search strings" (reinschreiben oder reinkopieren) WinAntiVirus Pro 2006 in edit und klicke "Ok". Notepad wird sich oeffnen -- kopiere den Text ab und poste ihn. __________ MfG Sabina rund um die PC-Sicherheit |
|
|
|
|
|
|
21.07.2006, 14:18
Member
Themenstarter Beiträge: 15 |
#23
REGEDIT4
; Registry Search 2.0 by Bobbi Flekman © 2005 ; Version: 2.0.1.0 ; Results at 21.07.2006 14:16:33 for strings: ; 'winantivirus pro 2006 ' ; Strings excluded from search: ; (None) ; Search in: ; Registry Keys Registry Values Registry Data ; HKEY_LOCAL_MACHINE HKEY_USERS ; End Of The Log... |
|
|
|
|
|
|
21.07.2006, 16:21
Ehrenmitglied
Beiträge: 29434 |
#24
1.
log von winpfind http://virus-protect.org/winpfind.html 2. F-Secure Online Scanner Next Generation Beta http://support.f-secure.com/enu/home/ols3.shtml 1. Klicke den Link: "F-Secure Online Scanner Next Generation Beta". 2. Du wirst aufgefordert werden, ein ActiveX-Control zu installieren 3. Installiere diese ActiveX-Komponente 4. Lies die Anleitung und klicke: "Accept" 5. Klicke "Full System Scan" 6. klicke "Show report" - kopiere den Scanreport __________ MfG Sabina rund um die PC-Sicherheit |
|
|
|
|
|
|
21.07.2006, 18:14
Member
Themenstarter Beiträge: 15 |
#25
WARNING: not all files found by this scanner are bad. Consult with a knowledgable person before proceeding.
If you see a message in the titlebar saying "Not responding..." you can ignore it. Windows somethimes displays this message due to the high volume of disk I/O. As long as the hard disk light is flashing, the program is still working properly. »»»»»»»»»»»»»»»»» Windows OS and Versions »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Product Name: Microsoft Windows XP Current Build: Service Pack 2 Current Build Number: 2600 Internet Explorer Version: 6.0.2900.2180 »»»»»»»»»»»»»»»»» Checking Selected Standard Folders »»»»»»»»»»»»»»»»»»»» Checking %SystemDrive% folder... Checking %ProgramFilesDir% folder... Checking %WinDir% folder... Checking %System% folder... PEC2 29.08.2002 03:00:00 41118 C:\WINDOWS\SYSTEM32\dfrg.msc PTech 23.05.2006 17:26:00 579888 C:\WINDOWS\SYSTEM32\LegitCheckControl.dll aspack 07.07.2006 03:21:46 6757792 C:\WINDOWS\SYSTEM32\MRT.exe aspack 04.08.2004 09:57:08 733696 C:\WINDOWS\SYSTEM32\ntdll.dll Umonitor 04.08.2004 09:57:32 686592 C:\WINDOWS\SYSTEM32\rasdlg.dll winsync 29.08.2002 03:00:00 1309184 C:\WINDOWS\SYSTEM32\wbdbase.deu PTech 23.05.2006 17:25:52 285488 C:\WINDOWS\SYSTEM32\WgaTray.exe Checking %System%\Drivers folder and sub-folders... PTech 04.08.2004 07:41:38 1309184 C:\WINDOWS\SYSTEM32\drivers\mtlstrm.sys Items found in C:\WINDOWS\SYSTEM32\drivers\etc\hosts Checking the Windows folder and sub-folders for system and hidden files within the last 60 days... 21.07.2006 13:10:08 S 2048 C:\WINDOWS\bootstat.dat 18.07.2006 19:17:24 H 54156 C:\WINDOWS\QTFont.qfn 21.07.2006 13:10:10 S 64 C:\WINDOWS\CSC\00000001 18.07.2006 12:39:26 S 64 C:\WINDOWS\CSC\00000002 02.07.2006 08:56:24 S 64 C:\WINDOWS\CSC\csc1.tmp 22.06.2006 13:18:16 S 13309 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB911280.cat 29.05.2006 18:16:04 S 23751 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB916281.cat 01.06.2006 22:28:44 S 11043 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB918439.cat 23.05.2006 17:27:00 S 7160 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\WgaNotify.cat 21.07.2006 17:19:32 H 1024 C:\WINDOWS\system32\config\default.LOG 21.07.2006 13:10:14 H 1024 C:\WINDOWS\system32\config\SAM.LOG 21.07.2006 17:10:44 H 1024 C:\WINDOWS\system32\config\SECURITY.LOG 21.07.2006 17:19:32 H 1024 C:\WINDOWS\system32\config\software.LOG 21.07.2006 16:19:08 H 1024 C:\WINDOWS\system32\config\system.LOG 15.07.2006 12:00:32 H 1024 C:\WINDOWS\system32\config\systemprofile\NTUSER.DAT.LOG 31.05.2006 16:41:32 HS 388 C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\77346723-96b9-4698-aadc-888861cf38b9 31.05.2006 16:41:32 HS 24 C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\Preferred 12.06.2006 23:28:10 HS 388 C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\User\48a5bce6-3e49-4475-af45-27469d500871 12.06.2006 23:28:10 HS 24 C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\User\Preferred 21.07.2006 13:10:12 H 6 C:\WINDOWS\Tasks\SA.DAT Checking for CPL files... Microsoft Corporation 04.08.2004 09:58:22 70656 C:\WINDOWS\SYSTEM32\access.cpl Microsoft Corporation 04.08.2004 09:58:22 555008 C:\WINDOWS\SYSTEM32\appwiz.cpl 20.12.2005 15:40:18 69632 C:\WINDOWS\SYSTEM32\av.cpl Broadcom Corporation 05.03.2003 20:23:00 376832 C:\WINDOWS\SYSTEM32\B57exp.cpl 10.05.2001 18:00:00 184832 C:\WINDOWS\SYSTEM32\bdeadmin.cpl Microsoft Corporation 04.08.2004 09:58:22 110592 C:\WINDOWS\SYSTEM32\bthprops.cpl Microsoft Corporation 04.08.2004 09:58:22 138240 C:\WINDOWS\SYSTEM32\desk.cpl Microsoft Corporation 04.08.2004 09:58:22 80384 C:\WINDOWS\SYSTEM32\firewall.cpl Microsoft Corporation 04.08.2004 09:58:22 157184 C:\WINDOWS\SYSTEM32\hdwwiz.cpl Intel Corporation 07.04.2003 00:14:30 94208 C:\WINDOWS\SYSTEM32\igfxcpl.cpl Ahead Software AG 15.09.2003 14:56:02 57344 C:\WINDOWS\SYSTEM32\ImageDrive.cpl Microsoft Corporation 04.08.2004 09:58:22 359424 C:\WINDOWS\SYSTEM32\inetcpl.cpl Microsoft Corporation 04.08.2004 09:58:22 133120 C:\WINDOWS\SYSTEM32\intl.cpl Microsoft Corporation 04.08.2004 09:58:22 381440 C:\WINDOWS\SYSTEM32\irprops.cpl Microsoft Corporation 04.08.2004 09:58:22 69632 C:\WINDOWS\SYSTEM32\joy.cpl Microsoft Corporation 29.08.2002 03:00:00 189440 C:\WINDOWS\SYSTEM32\main.cpl Microsoft Corporation 04.08.2004 09:58:22 625152 C:\WINDOWS\SYSTEM32\mmsys.cpl Microsoft Corporation 29.08.2002 03:00:00 35840 C:\WINDOWS\SYSTEM32\ncpa.cpl Microsoft Corporation 04.08.2004 09:58:22 25600 C:\WINDOWS\SYSTEM32\netsetup.cpl Microsoft Corporation 04.08.2004 09:58:22 260096 C:\WINDOWS\SYSTEM32\nusrmgr.cpl Microsoft Corporation 29.08.2002 03:00:00 38400 C:\WINDOWS\SYSTEM32\nwc.cpl Microsoft Corporation 04.08.2004 09:58:22 32768 C:\WINDOWS\SYSTEM32\odbccp32.cpl Sun Microsystems 30.11.2005 11:11:16 45175 C:\WINDOWS\SYSTEM32\plugincpl131_17.cpl Microsoft Corporation 04.08.2004 09:58:22 117248 C:\WINDOWS\SYSTEM32\powercfg.cpl Microsoft Corporation 04.08.2004 09:58:22 303104 C:\WINDOWS\SYSTEM32\sysdm.cpl Microsoft Corporation 29.08.2002 03:00:00 28160 C:\WINDOWS\SYSTEM32\telephon.cpl Microsoft Corporation 04.08.2004 09:58:22 94208 C:\WINDOWS\SYSTEM32\timedate.cpl HP Computer Corporation 03.01.2003 11:28:38 122880 C:\WINDOWS\SYSTEM32\UICONFIG.cpl Microsoft Corporation 04.08.2004 09:58:22 148480 C:\WINDOWS\SYSTEM32\wscui.cpl Microsoft Corporation 26.05.2005 04:16:22 174872 C:\WINDOWS\SYSTEM32\wuaucpl.cpl Microsoft Corporation 26.05.2005 04:16:22 174872 C:\WINDOWS\SYSTEM32\dllcache\wuaucpl.cpl Intel Corporation 07.04.2003 00:14:30 94208 C:\WINDOWS\SYSTEM32\ReinstallBackups\0010\DriverFiles\igfxcpl.cpl »»»»»»»»»»»»»»»»» Checking Selected Startup Folders »»»»»»»»»»»»»»»»»»»»» Checking files in %ALLUSERSPROFILE%\Startup folder... 01.06.2006 15:38:22 1737 C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Adobe Reader - Schnellstart.lnk 21.07.2005 12:52:38 1690 C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\cablecom assistant.lnk 02.11.2002 18:31:48 HS 84 C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\desktop.ini 23.04.2004 11:18:40 1814 C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Microsoft Office.lnk Checking files in %ALLUSERSPROFILE%\Application Data folder... 02.11.2002 18:18:58 HS 62 C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\desktop.ini 30.09.2003 19:29:52 13 C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\DirectCDUserNameD.txt 12.10.2004 16:04:10 H 196 C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\hpothb07.dat 12.10.2004 16:04:10 H 265 C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\hpothb07.tif 18.07.2006 19:17:42 1755 C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\QTSBandwidthCache Checking files in %USERPROFILE%\Startup folder... 02.11.2002 18:31:48 HS 84 C:\Dokumente und Einstellungen\Administrator\Startmenü\Programme\Autostart\desktop.ini Checking files in %USERPROFILE%\Application Data folder... 02.11.2002 18:18:58 HS 62 C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\desktop.ini 25.01.2004 18:43:36 0 C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\dm.ini 15.01.2004 15:34:14 24968 C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\GDIPFONTCACHEV1.DAT »»»»»»»»»»»»»»»»» Checking Selected Registry Keys »»»»»»»»»»»»»»»»»»»»»»» [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform] SV1 = [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved] [HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers] HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\ewido anti-spyware {8934FCEF-F5B8-468f-951F-78A921CD3920} = C:\Programme\ewido anti-spyware 4.0\context.dll HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Offline Files {750fdf0e-2a26-11d1-a3ea-080036587f03} = %SystemRoot%\System32\cscui.dll HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Open With {09799AFB-AD67-11d1-ABCD-00C04FC30936} = %SystemRoot%\system32\SHELL32.dll HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Open With EncryptionMenu {A470F8CF-A1E8-4f65-8335-227475AA5C46} = %SystemRoot%\system32\SHELL32.dll HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\ShellExtension {1AC5C88A-DEA7-462b-A232-04AF5CA42E7E} = HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Symantec.Norton.Antivirus.IEContextMenu {5345A4D5-41EB-4A2F-9616-CE1D4F6C35B2} = C:\Programme\Norton AntiVirus\NavShExt.dll HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\WinRAR {B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Programme\WinRAR\rarext.dll HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\WinZip {E0D79304-84BE-11CE-9641-444553540000} = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\{a2a9545d-a0c2-42b4-9708-a0b2badd77c8} Start Menu Pin = %SystemRoot%\system32\SHELL32.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers] HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\Symantec.Norton.Antivirus.IEContextMenu {5345A4D5-41EB-4A2F-9616-CE1D4F6C35B2} = C:\Programme\Norton AntiVirus\NavShExt.dll HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\WinRAR {B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Programme\WinRAR\rarext.dll HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\WinZip {E0D79304-84BE-11CE-9641-444553540000} = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers] HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\EncryptionMenu {A470F8CF-A1E8-4f65-8335-227475AA5C46} = %SystemRoot%\system32\SHELL32.dll HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\ewido anti-spyware {8934FCEF-F5B8-468f-951F-78A921CD3920} = C:\Programme\ewido anti-spyware 4.0\context.dll HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\Offline Files {750fdf0e-2a26-11d1-a3ea-080036587f03} = %SystemRoot%\System32\cscui.dll HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\Sharing {f81e9010-6ea4-11ce-a7ff-00aa003ca9f6} = ntshrui.dll HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\ShellExtension {1AC5C88A-DEA7-462b-A232-04AF5CA42E7E} = HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\WinRAR {B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Programme\WinRAR\rarext.dll HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\WinZip {E0D79304-84BE-11CE-9641-444553540000} = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers] HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{0D2E74C4-3C34-11d2-A27E-00C04FC30871} = %SystemRoot%\system32\SHELL32.dll HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{24F14F01-7B1C-11d1-838f-0000F80461CF} = %SystemRoot%\system32\SHELL32.dll HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{24F14F02-7B1C-11d1-838f-0000F80461CF} = %SystemRoot%\system32\SHELL32.dll HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{66742402-F9B9-11D1-A202-0000F81FEDEE} = %SystemRoot%\system32\SHELL32.dll HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{F9DB5320-233E-11D1-9F84-707F02C10627} = C:\Programme\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll [HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects] HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BDF3E430-B101-42AD-A544-FADC6B084872} CNavExtBho Class = C:\Programme\Norton AntiVirus\NavShExt.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars] HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{4D5C8C25-D075-11d0-B416-00C04FB90376} &Tipps und Tricks = %SystemRoot%\System32\shdocvw.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar] {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} = Norton AntiVirus : C:\Programme\Norton AntiVirus\NavShExt.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions] HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{92780B25-18CC-41C8-B9BE-3C9C571A8263} ButtonText = Recherchieren : HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} ButtonText = AIM : C:\Programme\AIM95\aim.exe HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{FB5F1910-F110-11d2-BB9E-00C04F795683} ButtonText = Messenger : C:\Programme\Messenger\msmsgs.exe [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{21569614-B795-46B1-85F4-E737A8DC09AD} Shell Search Band = %SystemRoot%\system32\browseui.dll HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{30D02401-6A81-11D0-8274-00C04FD5AE38} Search Band = %SystemRoot%\System32\browseui.dll HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{32683183-48a0-441b-a342-7c2a440a9478} = HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{BDEADE7F-C265-11D0-BCED-00A0C90AB50F} &Discuss = shdocvw.dll HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{EFA24E61-B078-11D0-89E4-00C04FC9E26E} Favorites Band = %SystemRoot%\System32\shdocvw.dll HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{EFA24E62-B078-11D0-89E4-00C04FC9E26E} History Band = %SystemRoot%\System32\shdocvw.dll HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{EFA24E64-B078-11D0-89E4-00C04FC9E26E} Explorer-Band = %SystemRoot%\System32\shdocvw.dll [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser {01E04581-4EEE-11D0-BFE9-00AA005B4383} = &Adresse : %SystemRoot%\System32\browseui.dll {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} = Norton AntiVirus : C:\Programme\Norton AntiVirus\NavShExt.dll HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser {01E04581-4EEE-11D0-BFE9-00AA005B4383} = &Adresse : %SystemRoot%\System32\browseui.dll {0E5CBF21-D15F-11D0-8301-00AA005B4383} = &Links : %SystemRoot%\system32\SHELL32.dll {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} = Norton AntiVirus : C:\Programme\Norton AntiVirus\NavShExt.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] IgfxTray C:\WINDOWS\System32\igfxtray.exe HotKeysCmds C:\WINDOWS\System32\hkcmd.exe Smapp C:\Programme\Analog Devices\SoundMAX\SMTray.exe DrvLsnr C:\Programme\Analog Devices\SoundMAX\DrvLsnr.exe srmclean C:\Cpqs\Scom\srmclean.exe SetRefresh C:\Programme\Compaq\SetRefresh\SetRefresh.exe CPQEASYACC C:\Programme\COMPAQ\Easy Access Button Support\StartEAK.exe Logitech Utility Logi_MwX.Exe CamMonitor C:\Programme\Hewlett-Packard\Digital Imaging\\Unload\hpqcmon.exe Share-to-Web Namespace Daemon C:\Programme\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe NeroFilterCheck C:\WINDOWS\system32\NeroCheck.exe BO1HelperStartUp C:\PROGRA~1\BUTTER~1\BO1HEL~1.EXE /partner BO1 Symantec NetDriver Monitor C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer Motive SmartBridge C:\PROGRA~1\CABLEC~1\SMARTB~1\DExec.exe 180000 C:\PROGRA~1\CABLEC~1\SMARTB~1\MotiveSB.exe ccApp "C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe" iTunesHelper "C:\Programme\iTunes\iTunesHelper.exe" QuickTime Task "C:\Programme\QuickTime\qttask.exe" -atboottime TkBellExe "C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" -osboot !ewido "C:\Programme\ewido anti-spyware 4.0\ewido.exe" /minimized SunServer C:\Programme\Sunbelt Software\CounterSpy\Consumer\sunserver.exe [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents] IMAIL Installed = 1 MAPI Installed = 1 MSFS Installed = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] updateMgr C:\Programme\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_5 -reboot 1 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\load] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\run] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies] HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\run HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ext HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ext\CLSID {17492023-C23A-453E-A040-C7C580BBF700} 1 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum {BDEADF00-C265-11D0-BCED-00A0C90AB50F} = C:\PROGRA~1\GEMEIN~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL {6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} = {0DF44EAA-FF21-4412-828E-260A8728E7F1} = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system dontdisplaylastusername 0 legalnoticecaption legalnoticetext shutdownwithoutlogon 1 undockwithoutlogon 1 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies] HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer NoDriveTypeAutoRun ß HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System DisableRegistryTools 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] PostBootReminder {7849596a-48ea-486e-8937-a2a3009f31a9} = %SystemRoot%\system32\SHELL32.dll CDBurn {fbeb8a05-beee-4442-804e-409d6c4515e9} = %SystemRoot%\system32\SHELL32.dll WebCheck {E6FB5E20-DE35-11CF-9C87-00AA005127ED} = %SystemRoot%\System32\webcheck.dll SysTray {35CEC8A3-2BE6-11D2-8773-92E220524153} = C:\WINDOWS\System32\stobject.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] UserInit = C:\WINDOWS\system32\userinit.exe, Shell = Explorer.exe System = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain = crypt32.dll HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet = cryptnet.dll HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll = cscdll.dll HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui = igfxsrvc.dll HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp = wlnotify.dll HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule = wlnotify.dll HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy = sclgntfy.dll HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn = WlNotify.dll HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv = wlnotify.dll HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon = WgaLogon.dll HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon = wlnotify.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options] HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Your Image File Name Here without a path Debugger = ntsd -d [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] AppInit_DLLs »»»»»»»»»»»»»»»»»»»»»»»» Scan Complete »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» WinPFind v1.4.1 - Log file written to "WinPFind.Txt" in the WinPFind folder. Scan completed on 21.07.2006 17:19:54 F-Secure Bericht Scanning Report Friday, July 21, 2006 17:26:26 - 18:13:36 Computer name: HHPC2 Scanning type: Scan system for viruses, rootkits, spyware Target: C:\ -------------------------------------------------------------------------------- Result: 22 malware found Email-Worm.Win32.NetSky.q (virus) C:\PROGRAMME\NORTON ANTIVIRUS\QUARANTINE\097D54A0 (Renamed & Submitted) C:\PROGRAMME\NORTON ANTIVIRUS\QUARANTINE\4B183D03 (Renamed & Submitted) Exploit.HTML.Mht (virus) C:\PROGRAMME\NORTON ANTIVIRUS\QUARANTINE\001B4948.HTM (Renamed & Submitted) C:\PROGRAMME\NORTON ANTIVIRUS\QUARANTINE\49BC2F1D.HTM (Renamed & Submitted) C:\PROGRAMME\NORTON ANTIVIRUS\QUARANTINE\7B232B1E.HTM (Submitted) C:\PROGRAMME\NORTON ANTIVIRUS\QUARANTINE\7C374EF9.HTM (Submitted) Exploit.VBS.Phel.a (virus) C:\PROGRAMME\NORTON ANTIVIRUS\QUARANTINE\65214D3C.HTM (Renamed & Submitted) Tracking Cookie (spyware) System (Disinfected) System System System System System System Trojan-Clicker.Win32.Small.kx (virus) C:\PROGRAMME\NORTON ANTIVIRUS\QUARANTINE\7A5A01A1.EXE (Renamed & Submitted) Trojan-Downloader.Win32.PurityScan.cl (virus) C:\PROGRAMME\NORTON ANTIVIRUS\QUARANTINE\66C7391E.EXE (Renamed & Submitted) Trojan-Downloader.Win32.PurityScan.cq (virus) C:\PROGRAMME\NORTON ANTIVIRUS\QUARANTINE\58E744C7.EXE (Renamed & Submitted) C:\PROGRAMME\NORTON ANTIVIRUS\QUARANTINE\70523FCF.EXE (Renamed & Submitted) C:\PROGRAMME\NORTON ANTIVIRUS\QUARANTINE\705569CB.EXE (Renamed & Submitted) Trojan-Downloader.Win32.Small.cvw (virus) C:\PROGRAMME\NORTON ANTIVIRUS\QUARANTINE\75010E84.EXE (Renamed & Submitted) Trojan-Dropper.Win32.VB.nn (virus) C:\PROGRAMME\NORTON ANTIVIRUS\QUARANTINE\131F66C8.EXE (Renamed & Submitted) WinAntiVirusPro (spyware) System (Disinfected) -------------------------------------------------------------------------------- Statistics Scanned: Files: 31399 System: 4616 Not scanned: 6 Actions: Disinfected: 2 Renamed: 12 Deleted: 0 None: 8 Submitted: 14 Files not scanned: C:\HIBERFIL.SYS C:\PAGEFILE.SYS C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT C:\PROGRAMME\GEMEINSAME DATEIEN\SYMANTEC SHARED\CCPD-LC\SYMLCRST.DLL C:\DOKUMENTE UND EINSTELLUNGEN\ADMINISTRATOR\LOKALE EINSTELLUNGEN\ANWENDUNGSDATEN\MICROSOFT\OUTLOOK\ARCHIVE.PST C:\DOKUMENTE UND EINSTELLUNGEN\ADMINISTRATOR\LOKALE EINSTELLUNGEN\ANWENDUNGSDATEN\MICROSOFT\OUTLOOK\OUTLOOK1.PST -------------------------------------------------------------------------------- Options Scanning engines: F-Secure AVP: 6.0.171, 2006-07-21 F-Secure Libra: 2.4.1, 2006-07-21 F-Secure Orion: 1.2.37, 2006-07-20 F-Secure Blacklight: 1.0.31, 0000-00-00 F-Secure Pegasus: 1.19.0, 2006-06-05 F-Secure Draco: 1.0.35, 0259-24-212 Scanning options: Scan defined files: COM EXE SYS OV? BIN SCR DLL SHS HTM HTML HTT VBS JS INF VXD DO? XL? RTF CPL WIZ HTA PP? PWZ P?T MSO PIF . ACM ASP AX CNV CSC DRV INI MDB MPD MPP MPT OBD OBT OCX PCI TLB TSP WBK WBT WPC WSH VWP WML BOO HLP TD0 TT6 MSG ASD JSE VBE WSC CHM EML PRC SHB LNK WSF {* PDF ZL? XML ZIP XXX Use Advanced heuristics -------------------------------------------------------------------------------- Copyright © 1998-2006 Product support |Send virus sample to F-Secure F-Secure assumes no responsibility for material created or published by third parties that F-Secure World Wide Web pages have a link to. Unless you have clearly stated otherwise, by submitting material to any of our servers, for example by E-mail or via our F-Secure's CGI E-mail, you agree that the material you make available may be published in the F-Secure World Wide Pages or hard-copy publications. You will reach F-Secure public web site by clicking on underlined links. While doing this, your access will be logged to our private access statistics with your domain name.This information will not be given to any third party. You agree not to take action against us in relation to material that you submit. Unless you have clearly stated otherwise, by submitting material you warrant that F-Secure may incorporate any concepts described in it in the F-Secure products/publications without liability. vielen dank
|
|
|
|
|
|
|
21.07.2006, 22:21
Ehrenmitglied
Beiträge: 29434 |
#26
huerlimann
1. gehe in die registry Start - Ausfuehren - regedit HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System DisableRegistryTools <--loeschen PC neustarten 2. Trend Micro Anti-Spyware for the Web http://virus-protect.org/onlinescan.html Zitat Ich habe "restore cleaned items" angeklickt, kam eine Meldung:+ poste das neue Log vom HijackThis __________ MfG Sabina rund um die PC-Sicherheit |
|
|
|
|
|
|
22.07.2006, 15:08
Member
Themenstarter Beiträge: 15 |
#27
Trend Micro hat beim zweiten Mal nichts mehr gefunden.
hier hijackthis Logfile of HijackThis v1.99.1 Scan saved at 15:08:02, on 22.07.2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSetMgr.exe C:\Programme\Gemeinsame Dateien\Symantec Shared\SNDSrvc.exe C:\Programme\Gemeinsame Dateien\Symantec Shared\SPBBC\SPBBCSvc.exe C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\System32\igfxtray.exe C:\WINDOWS\System32\hkcmd.exe C:\Programme\Analog Devices\SoundMAX\SMTray.exe C:\Programme\Analog Devices\SoundMAX\DrvLsnr.exe C:\Programme\COMPAQ\Easy Access Button Support\StartEAK.exe C:\Programme\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe C:\Programme\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe C:\Programme\iTunes\iTunesHelper.exe C:\Programme\QuickTime\qttask.exe C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe C:\Programme\ewido anti-spyware 4.0\ewido.exe C:\Programme\Sunbelt Software\CounterSpy\Consumer\sunserver.exe C:\Programme\Logitech\MouseWare\system\em_exec.exe C:\Programme\Cablecom Assistant\bin\cablecom_assistant.exe C:\Programme\Cablecom Assistant\bin\mpbtn.exe C:\Programme\Sunbelt Software\CounterSpy\Consumer\SunProtectionServer.exe C:\PROGRA~1\Motive\ASSTCO~1\MOTIVE~1.EXE C:\Programme\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe C:\Programme\Sunbelt Software\CounterSpy\Consumer\Thread.exe C:\Programme\Compaq\Easy Access Button Support\CPQEAKSYSTEMTRAY.EXE C:\Programme\Compaq\Easy Access Button Support\CPQEADM.EXE C:\Compaq\EAKDRV\EAUSBKBD.EXE C:\PROGRA~1\Compaq\EASYAC~1\BttnServ.exe C:\Programme\ewido anti-spyware 4.0\guard.exe C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe C:\Programme\Norton AntiVirus\navapsvc.exe C:\Programme\Norton AntiVirus\IWP\NPFMntor.exe C:\Programme\Analog Devices\SoundMAX\SMAgent.exe C:\WINDOWS\System32\svchost.exe C:\Programme\Gemeinsame Dateien\Symantec Shared\CCPD-LC\symlcsvc.exe C:\Programme\iPod\bin\iPodService.exe C:\Programme\Internet Explorer\iexplore.exe C:\PROGRA~1\CABLEC~1\SMARTB~1\MotiveSB.exe C:\Programme\Messenger\msmsgs.exe C:\Dokumente und Einstellungen\Administrator\Desktop\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ch/ R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.glueckspost.ch/ R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1 O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Programme\Norton AntiVirus\NavShExt.dll O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programme\Norton AntiVirus\NavShExt.dll O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe O4 - HKLM\..\Run: [Smapp] C:\Programme\Analog Devices\SoundMAX\SMTray.exe O4 - HKLM\..\Run: [DrvLsnr] C:\Programme\Analog Devices\SoundMAX\DrvLsnr.exe O4 - HKLM\..\Run: [srmclean] C:\Cpqs\Scom\srmclean.exe O4 - HKLM\..\Run: [SetRefresh] C:\Programme\Compaq\SetRefresh\SetRefresh.exe O4 - HKLM\..\Run: [CPQEASYACC] C:\Programme\COMPAQ\Easy Access Button Support\StartEAK.exe O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe O4 - HKLM\..\Run: [CamMonitor] C:\Programme\Hewlett-Packard\Digital Imaging\\Unload\hpqcmon.exe O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Programme\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [BO1HelperStartUp] C:\PROGRA~1\BUTTER~1\BO1HEL~1.EXE /partner BO1 O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\CABLEC~1\SMARTB~1\DExec.exe 180000 C:\PROGRA~1\CABLEC~1\SMARTB~1\MotiveSB.exe O4 - HKLM\..\Run: [ccApp] "C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [iTunesHelper] "C:\Programme\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [TkBellExe] "C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [!ewido] "C:\Programme\ewido anti-spyware 4.0\ewido.exe" /minimized O4 - HKLM\..\Run: [SunServer] C:\Programme\Sunbelt Software\CounterSpy\Consumer\sunserver.exe O4 - HKCU\..\Run: [updateMgr] C:\Programme\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_5 -reboot 1 O4 - Global Startup: Adobe Reader - Schnellstart.lnk = C:\Programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: cablecom assistant.lnk = C:\Programme\Cablecom Assistant\bin\matcli.exe O4 - Global Startup: Microsoft Office.lnk = C:\Office alt\FILES\PFILES\MSOFFICE\OFFICE10\OSA.EXE O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Programme\AIM95\aim.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O16 - DPF: ConferenceRoom Java Client - http://irc1.bluewin.ch/java/cr.cab O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://207.188.7.150/3049de866c38ac6a7606/netzip/RdxIE601_de.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1102251875265 O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab O16 - DPF: {9D190AE6-C81E-4039-8061-978EBAD10073} (F-Secure Online Scanner 3.0) - http://support.f-secure.com/ols3/fscax.cab O16 - DPF: {B1826A9F-4AA0-4510-BA77-9013E74E4B9B} - http://www.trendmicro.com/spyware-scan/as4web.cab O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} (iTunesDetector Class) - http://ax.phobos.apple.com.edgesuite.net/detection/ITDetector.cab O16 - DPF: {F00F4763-7355-4725-82F7-0DA94A256D46} (IMDownloader Class) - http://www2.incredimail.com/contents/setup/downloader/imloader.cab O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSetMgr.exe O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Programme\ewido anti-spyware 4.0\guard.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPodService - Apple Computer, Inc. - C:\Programme\iPod\bin\iPodService.exe O23 - Service: Norton AntiVirus Auto-Protect-Dienst (navapsvc) - Symantec Corporation - C:\Programme\Norton AntiVirus\navapsvc.exe O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Programme\Norton AntiVirus\IWP\NPFMntor.exe O23 - Service: SAVScan - Symantec Corporation - C:\Programme\Norton AntiVirus\SAVScan.exe O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\GEMEIN~1\SYMANT~1\SCRIPT~1\SBServ.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\SNDSrvc.exe O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Programme\Analog Devices\SoundMAX\SMAgent.exe O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\SPBBC\SPBBCSvc.exe O23 - Service: Symantec Core LC - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\CCPD-LC\symlcsvc.exe O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\Security Center\SymWSC.exe vielen dank |
|
|
|
|
|
|
22.07.2006, 15:10
Ehrenmitglied
Beiträge: 29434 |
#28
huerlimann
soweit muesste alles wieder in Ordnung sein (soweit ich das aus der Ferne beurteilen kann) Wenn wieder Probleme auftreten sollten, weisst du ja, wohin du dich wenden kannst  Hab mehr acht im Net, klicke nicht auf alles, was blinkt ................. ------------------------------------------------------------------------ Browser Firefox, stelle ihn als Standartbrowser ein) + deine Startseite http://virus-protect.org/firefox.html Der IE bleibt fuer die WindowsUpdates. __________ MfG Sabina rund um die PC-Sicherheit |
|
|
|
|
|
|
24.07.2006, 17:08
Member
Themenstarter Beiträge: 15 |
#29
Vielen vielen Dank für Deine Hilfe. War wirklich ein super Service
Hoffe nicht das es bald wieder nötig wird Danke für den Tip mit dem Firefox. Hast Du auch noch einen Tip für einen guten Spyware-Guard. Habe jetzt ja während den letzten Tagen einige heruntergeladen. Kannst Du einen von denen empfehlen als fixer Guard oder soll ich einfach von Zeit zu Zeit verschiedene durchlaufen lassen? Ich habe Norton Anti Virus installiert. Bin ich damit gut bedient gegen Viren oder hast Du einen anderen Tip für mich? Nochmals vielen Dank und alles Gute. Viele Grüsse |
|
|
|
|
|
|
24.07.2006, 17:25
Ehrenmitglied
Beiträge: 29434 |
#30
huerlimann
installiere Windows Defender - und aktiviere den Guard: http://virus-protect.org/ms.html und pass in Zukunft besser auf..nicht alle Tools halten, was sie versprechen und sind der Grund, dass dein System verseucht ist...  Das ist die neue Masche im Net, fuer unerfahrene User, man wird gewarnt, der Rechner sei infiziert, dann laedt man das ungebetene Proggie, was den Rechner nun erst wirklich infiziert und nun wird man mit PopUps bombardiert, dass man das Tool kaufen muss. So wird der User betrogen, denn er verliert Geld, muss formatieren und weiss nie, inwiefern vertrauliche Daten von seinem Rechner an die Gauner uebermittelt wurden. __________ MfG Sabina rund um die PC-Sicherheit |
|
|
|
|
|
Um auf dieses Thema zu ANTWORTEN
bitte erst » hier kostenlos registrieren!!
bitte erst » hier kostenlos registrieren!!
Folgende Themen könnten Dich auch interessieren:
Copyright © 2024, Protecus.de - Protecus Team - Impressum / Mediadaten
Download Registry Search by Bobbi Flekman
http://virus-protect.org/artikel/tools/regsearch.html
und doppelklicken, um zu starten. in: "Enter search strings" (reinschreiben oder reinkopieren)
WinAntiVirus Pro 2006
in edit und klicke "Ok".
Notepad wird sich oeffnen -- kopiere den Text ab und poste ihn.
2.
Loesche:
c:\windows\didduid.ini
C:\Dokumente und Einstellungen\Administrator\Internet Optimizer
__________
MfG Sabina
rund um die PC-Sicherheit