FindIt_Nt-2k-XP

Startseite |

Gästebuch |

Kontakt |

Protecus.de Forum |

Virus Weltkarte

FindIt_Nt-2k-XP

Topics

FindIt_Nt-2k-XP http://computercops.biz/zx/Zupe/Find%20It%20NT-2K-XP.zip

Finditnt2000xp.zip http://www.thatcomputerguy.us/downloads/finditnt2000xp.zip

Doppelklick find.bat --> output.txt

warte, bis der Scan beendet ist und sich er Texteditor öffnet.

Beispiel:
Warning! This utility will find legitimate files in addition to malware.

------- System Files in System32 Directory -------

Directory of C:\WINDOWS\System32

20-01-2006 13:13 5 AuxDrv32ds_g.ods
11-09-2005 17:28 dllcache
1 File(s) 5 bytes
1 Dir(s) 566.185.984 bytes free

------- Hidden Files in System32 Directory -------

findit9xme

http://www.thatcomputerguy.us/downloads/findit9xme.zip

Link: FindIt
FindIt NT-2K-XP
FindIt 9x-ME

Beispiel:
Starte den Texteditor und kopiere den folgenden Text hinein
Speichern als fixnotify.reg
abspeichern unter "Alle Dateien"

REGEDIT4

[-HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crcab]
[-HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wdvd]

------- System Files in System32 Directory -------
Warning! This utility will find legitimate files in addition to malware.
Do not remove anything unless you are sure you know what you're doing.

Directory of C:\WINDOWS\System32

08-08-2005 10:01 DIR dllcache
0 File(s) 0 bytes
1 Dir(s) 112.693.248 bytes free

------- Hidden Files in System32 Directory -------

------- System Files in System Directory -------

Volume in drive C has no label.
Volume Serial Number is 38FD-EEA4
Directory of C:\WINDOWS\System

Volume in drive C has no label.
Volume Serial Number is 38FD-EEA4
Directory of C:\WINDOWS\System32

08-08-2005 10:01 dllcache

---------- Files Named "Guard" -------------

------- Hidden Files in System Directory -------

Volume in drive C has no label.
Volume Serial Number is 38FD-EEA4
Directory of C:\WINDOWS\System

---------------- User Agent ------------

REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]

One or more CON code pages invalid for given keyboard code

No matches found.

------------------ Locate.com Results ------------------
One or more CON code pages invalid for given keyboard code

No matches found.

------------ Strings.exe Qoologic Results ------------

-------------- Strings.exe Aspack Results -------------

----------------- HKLM Run Key ------------------

-------------- Strings.exe Umonitor Results -------------
-------------- Strings.exe Umonitor Results -------------

REGEDIT4 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SmcService"="C:\\PROGRA~1\\Sygate\\SPF\\smc.exe -startgui"
"gcasServ"="\"C:\\Program Files\\Microsoft AntiSpyware\\gcasServ.exe\""
"AVGCtrl"="C:\\Program Files\\AVPersonal\\AVGNT.EXE /min"