Backdoor.CIADoor.13 |
||
|---|---|---|
| #0
| ||
|
24.09.2006, 20:59
Ehrenmitglied
 Beiträge: 29434 |
||
 
|
|
|
|
24.09.2006, 22:18
Member
Beiträge: 14 |
#62
Ja, der ist weg. Hab eben nochmal gesucht, nichts gefunden.
Gelöscht.  Ist mein PC damit wieder sauber? |
|
|
|
|
|
|
25.09.2006, 11:09
Ehrenmitglied
Beiträge: 29434 |
#63
wenn die Virenscanner nichts mehr finden - ist alles sauber
 __________ MfG Sabina rund um die PC-Sicherheit |
|
|
|
|
|
|
25.09.2006, 16:30
Member
Beiträge: 14 |
#64
Nichts gefunden
Super, ganz, ganz großes Danke für die Hilfe!!  Edit: Hallo, sorry, dass ich wieder hier bin... Ich wusste leider nicht, wo ich denn nun hinposten soll, aber könntest du bitte den Ewido-scan mal anschauen, Sabina, und mir sagen, ob das schlimm ist? wido anti-spyware online scanner http://www.ewido.net __________________________________________________ Name: TrackingCookie.Doubleclick Path: C:\Dokumente und Einstellungen\Marion Hientz\Cookies\marion hientz@doubleclick[1].txt Risk: Medium Name: TrackingCookie.Ivwbox Path: C:\Dokumente und Einstellungen\Marion Hientz\Cookies\marion hientz@ivwbox[1].txt Risk: Medium Name: TrackingCookie.2o7 Path: C:\Dokumente und Einstellungen\Marion Hientz\Cookies\marion hientz@msnportal.112.2o7[1].txt Risk: Medium Name: TrackingCookie.Komtrack Path: :mozilla.11:C:\Dokumente und Einstellungen\Marion Hientz\Anwendungsdaten\Mozilla\Firefox\Profiles\6sh8g4cv.default\cookies.txt Risk: Medium Name: TrackingCookie.Komtrack Path: :mozilla.12:C:\Dokumente und Einstellungen\Marion Hientz\Anwendungsdaten\Mozilla\Firefox\Profiles\6sh8g4cv.default\cookies.txt Risk: Medium Name: TrackingCookie.Addcontrol Path: :mozilla.17:C:\Dokumente und Einstellungen\Marion Hientz\Anwendungsdaten\Mozilla\Firefox\Profiles\6sh8g4cv.default\cookies.txt Risk: Medium Name: Downloader.Agent.uj Path: C:\RECYCLER\S-1-5-21-1202660629-2139871995-725345543-1003\Dc1.zip/avenger/CSROV.EXE Risk: High Name: Trojan.Small.fb Path: C:\RECYCLER\S-1-5-21-1202660629-2139871995-725345543-1003\Dc1.zip/avenger/DMYMR.EXE Risk: High Name: Backdoor.Delf.co Path: C:\RECYCLER\S-1-5-21-1202660629-2139871995-725345543-1003\Dc3.zip/avenger/PViever/pviever.exe Risk: High Dieser Beitrag wurde am 25.09.2006 um 22:28 Uhr von Caillean editiert.
|
|
|
|
|
|
|
26.09.2006, 00:41
Ehrenmitglied
Beiträge: 29434 |
#65
1.
leere den papierkorb 2. Avenger Zitat Files to delete: __________ MfG Sabina rund um die PC-Sicherheit |
|
|
|
|
|
|
26.09.2006, 17:45
Member
Beiträge: 14 |
#66
Logfile of The Avenger version 1, by Swandog46
Running from registry key: \Registry\Machine\System\CurrentControlSet\Services\gmbkfybo ******************* Script file located at: \??\C:\WINDOWS\system32\wwcvcwph.txt Script file opened successfully. Script file read successfully Backups directory opened successfully at C:\Avenger ******************* Beginning to process script file: File C:\RECYCLER\S-1-5-21-1202660629-2139871995-725345543-1003\Dc3.zip not found! Deletion of file C:\RECYCLER\S-1-5-21-1202660629-2139871995-725345543-1003\Dc3.zip failed! Could not process line: C:\RECYCLER\S-1-5-21-1202660629-2139871995-725345543-1003\Dc3.zip Status: 0xc0000034 File C:\RECYCLER\S-1-5-21-1202660629-2139871995-725345543-1003\Dc1.zip not found! Deletion of file C:\RECYCLER\S-1-5-21-1202660629-2139871995-725345543-1003\Dc1.zip failed! Could not process line: C:\RECYCLER\S-1-5-21-1202660629-2139871995-725345543-1003\Dc1.zip Status: 0xc0000034 Folder C:\RECYCLER\S-1-5-21-1202660629-2139871995-725345543-1003\Dc3.zip not found! Deletion of folder C:\RECYCLER\S-1-5-21-1202660629-2139871995-725345543-1003\Dc3.zip failed! Could not process line: C:\RECYCLER\S-1-5-21-1202660629-2139871995-725345543-1003\Dc3.zip Status: 0xc0000034 Folder C:\RECYCLER\S-1-5-21-1202660629-2139871995-725345543-1003\Dc1.zip not found! Deletion of folder C:\RECYCLER\S-1-5-21-1202660629-2139871995-725345543-1003\Dc1.zip failed! Could not process line: C:\RECYCLER\S-1-5-21-1202660629-2139871995-725345543-1003\Dc1.zip Status: 0xc0000034 Completed script processing. ******************* Finished! Terminate. |
|
|
|
|
|
|
26.09.2006, 23:31
Ehrenmitglied
Beiträge: 29434 |
||
|
|
|
|
|
27.09.2006, 16:25
Member
Beiträge: 14 |
#68
Ja super, hat nur noch Cookies gefunden^^ Danke!!!
|
|
|
|
|
|
|
27.09.2006, 16:55
...neu hier
Beiträge: 3 |
#69
Hi leute
 hab auch das problem mit dem Virus Ciadoor hab mal was vondem gelöscht aber ka guckt mal need help REGEDIT4 ; Registry Search 2.0 by Bobbi Flekman © 2005 ; Version: 2.0.1.0 ; Results at 27.09.2006 15:49:37 for strings: ; 'scvhost' ; Strings excluded from search: ; (None) ; Search in: ; Registry Keys Registry Values Registry Data ; HKEY_LOCAL_MACHINE HKEY_USERS [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Generic Host Process] "item"="scvhost" "command"="C:\\WINDOWS\\System32\\scvhost.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Load] "item"="scvhost" "command"="C:\\WINDOWS\\System32\\scvhost.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Run] "item"="scvhost" "command"="C:\\WINDOWS\\System32\\scvhost.exe" ; End Of The Log... UND !! Logfile of HijackThis v1.99.1 Scan saved at 16:54:42, on 27.09.2006 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSetMgr.exe C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe C:\Programme\Gemeinsame Dateien\Symantec Shared\CCPD-LC\symlcsvc.exe C:\WINDOWS\Explorer.exe C:\WINDOWS\system32\spoolsv.exe C:\Programme\MSN Messenger\msnmsgr.exe C:\Programme\Spyware Doctor\sdhelp.exe C:\Dokumente und Einstellungen\ICQLite\ICQLite.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\wdfmgr.exe C:\Programme\Winamp\winamp.exe C:\PROGRA~1\SPYWAR~1\swdoctor.exe C:\Programme\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe C:\Programme\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe C:\Programme\Internet Explorer\iexplore.exe C:\Dokumente und Einstellungen\Webaaa\Desktop\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.forum35.de/ R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R3 - URLSearchHook: (no name) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - (no file) F2 - REG:system.ini: Shell=Explorer.exe O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.5.0_07\bin\ssv.dll O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Programme\Norton AntiVirus\NavShExt.dll (file missing) O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programme\google\googletoolbar1.dll O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programme\google\googletoolbar1.dll O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto O4 - HKLM\..\Run: [kav] "C:\Programme\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe" O4 - HKCU\..\Run: [msnmsgr] "C:\Programme\MSN Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [Spyware Doctor] "C:\Programme\Spyware Doctor\swdoctor.exe" /Q O4 - HKCU\..\RunOnce: [ICQ Lite] C:\Dokumente und Einstellungen\ICQLite\ICQLite.exe -trayboot O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\Programme\ICQToolbar\toolbaru.dll/SEARCH.HTML O8 - Extra context menu item: Easy-WebPrint - Drucken - res://C:\Programme\Canon\Easy-WebPrint\Resource.dll/RC_Print.html O8 - Extra context menu item: Easy-WebPrint - Schnelldruck - res://C:\Programme\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html O8 - Extra context menu item: Easy-WebPrint - Vorschau - res://C:\Programme\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html O8 - Extra context menu item: Easy-WebPrint - Zu Druckliste hinzufügen - res://C:\Programme\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_07\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_07\bin\ssv.dll O9 - Extra button: Web-Anti-Virus - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Programme\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scieplugin.dll O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Dokumente und Einstellungen\ICQLite\ICQLite.exe O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Dokumente und Einstellungen\ICQLite\ICQLite.exe O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - http://www.symantec.com/techsupp/asa/ctrl/LSSupCtl.cab O16 - DPF: {3451DEDE-631F-421C-8127-FD793AFC6CC8} (ActiveDataInfo Class) - http://www.symantec.com/techsupp/asa/ctrl/SymAData.cab O16 - DPF: {44990200-3C9D-426D-81DF-AAB636FA4345} (Symantec SmartIssue) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsi.cab O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} (Symantec Script Runner Class) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsr.cab O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing) O20 - Winlogon Notify: klogon - C:\WINDOWS\System32\klogon.dll O23 - Service: Kaspersky Anti-Virus 6.0 (AVP) - Unknown owner - C:\Programme\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe" -r (file missing) O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSetMgr.exe O23 - Service: Norton AntiVirus Auto-Protect-Dienst (navapsvc) - Unknown owner - C:\Programme\Norton AntiVirus\navapsvc.exe (file missing) O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Unknown owner - C:\Programme\Norton AntiVirus\IWP\NPFMntor.exe (file missing) O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\Security Console\NSCSRVCE.EXE O23 - Service: Symantec AVScan (SAVScan) - Unknown owner - C:\Programme\Norton AntiVirus\SAVScan.exe (file missing) O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Programme\Spyware Doctor\sdhelp.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\SNDSrvc.exe O23 - Service: SPBBCSvc - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\SPBBC\SPBBCSvc.exe O23 - Service: Symantec Core LC - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\CCPD-LC\symlcsvc.exe O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Programme\TuneUp Utilities 2006\WinStylerThemeSvc.exe O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe |
|
|
|
|
|
|
28.09.2006, 12:21
Ehrenmitglied
Beiträge: 29434 |
#70
KingWeber
«« gehe in die registry Start - Ausfuehren - regedit bearbeiten - suchen - scvhost loesche alle scvhost raus (siehe oben die Ergebnisse von regsearch) «« HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System DisableTaskMgr = "dword:00000001" --> auf 0 (oder den ganzen Schlüssel löschen) «« HKEY_CURRENT_USER\Software\Microsoft\Windows\System\DisableCMD (Ohne den Schlüssel Policies) Wenn du jetzt im rechten Fenster einen Wert namens DisableCMD findest, lösche ihn. Spätestens nach einem Neustart sollte die Eingabeaufforderung wieder verfügbar sein PC neustarten «« stelle den CleanUp genauso ein, wie hier angegeben: http://virus-protect.org/cleanup.html «« Kopiere diese 4 Textdateien ab . (rechtsklick mit der Maus -> den Text markieren -> kopieren -> einfügen) Sie sind nach Datum geordnet. (kopiere nur die letzten 3 Monate ab) http://virus-protect.org/datfindbat.html __________ MfG Sabina rund um die PC-Sicherheit |
|
|
|
|
|
|
01.10.2006, 22:24
...neu hier
Beiträge: 3 |
#71
ok
temp : 01.10.2006 22:11 16.384 Perflib_Perfdata_2c0.dat 01.10.2006 22:09 978 TmpICQMagic_{05736BBE-C20F-4F10-A6DE-4DB1E3564B0E}27785.html 01.10.2006 22:04 16.384 ~DFE139.tmp 01.10.2006 22:04 16.384 ~DFE112.tmp 01.10.2006 22:04 16.384 ~DFE0EF.tmp 01.10.2006 22:04 16.384 ~DFE0CC.tmp 01.10.2006 21:55 983 TmpICQMagic_{EC202595-1DFD-4301-A1EA-13C1E331B505}721.html 01.10.2006 21:04 19.246 MSI85022.LOG 01.10.2006 21:04 19.246 MSI85021.LOG 01.10.2006 21:04 19.246 MSI85020.LOG 01.10.2006 21:04 284 MSI8501f.LOG 01.10.2006 21:04 284 MSI8501e.LOG 01.10.2006 20:59 19.248 MSI3dd07.LOG 01.10.2006 20:59 19.248 MSI3dd06.LOG 01.10.2006 20:59 284 MSI3dd05.LOG 01.10.2006 20:59 284 MSI3dd04.LOG 01.10.2006 18:35 16.384 ~DF4CF5.tmp 01.10.2006 18:35 16.384 ~DFAED8.tmp 30.09.2006 21:59 19.248 MSI707d1.LOG 30.09.2006 21:59 19.248 MSI707d0.LOG 30.09.2006 21:59 19.248 MSI707cf.LOG 30.09.2006 21:59 19.248 MSI707ce.LOG 30.09.2006 21:59 19.248 MSI707cd.LOG 30.09.2006 21:58 19.248 MSI707cc.LOG 30.09.2006 21:58 19.248 MSI707cb.LOG 30.09.2006 21:58 19.248 MSI707ca.LOG 30.09.2006 21:58 284 MSI707c9.LOG 30.09.2006 21:58 284 MSI707c8.LOG 30.09.2006 21:58 19.248 MSI6bcba.LOG 30.09.2006 21:58 19.248 MSI6bcb9.LOG 30.09.2006 21:58 19.248 MSI6bcb8.LOG 30.09.2006 21:58 284 MSI6bcb7.LOG 30.09.2006 21:58 284 MSI6bcb6.LOG 30.09.2006 21:58 284 MSI6bcb5.LOG 30.09.2006 21:53 16.384 ~DF5A66.tmp 30.09.2006 21:53 16.384 ~DF4775.tmp 30.09.2006 20:00 4.592 SIntfIcn.ani 30.09.2006 20:00 24.516 SIntfNT.dll 30.09.2006 20:00 12.067 SIntf16.dll 30.09.2006 20:00 19.924 SIntf32.dll 30.09.2006 20:00 36.864 CmdLineExt02.dll 29.09.2006 20:13 16.384 ~DFCB42.tmp 29.09.2006 20:13 16.384 ~DFB602.tmp 29.09.2006 18:38 16.384 ~DF6730.tmp 29.09.2006 18:38 16.384 ~DF57CF.tmp 28.09.2006 22:49 16.384 ~DF8A68.tmp 28.09.2006 22:49 16.384 ~DF8A45.tmp 28.09.2006 22:49 16.384 ~DF89FF.tmp 28.09.2006 22:49 16.384 ~DF8A22.tmp 28.09.2006 18:44 16.384 ~DFA733.tmp 28.09.2006 18:44 16.384 ~DF9443.tmp 28.09.2006 16:41 16.384 ~DF79D.tmp 28.09.2006 16:41 16.384 ~DF3ED0.tmp 27.09.2006 23:02 16.384 ~DFE26A.tmp 27.09.2006 23:02 16.384 ~DFE1FF.tmp 27.09.2006 23:02 16.384 ~DFE247.tmp 27.09.2006 23:02 16.384 ~DFE222.tmp 27.09.2006 21:20 19.248 MSI703e5.LOG 27.09.2006 21:20 19.248 MSI703e4.LOG 27.09.2006 21:20 19.248 MSI703e3.LOG 27.09.2006 21:20 284 MSI703e2.LOG 27.09.2006 18:08 25.870 275D93.dmp 27.09.2006 18:08 0 WER6.tmp 27.09.2006 17:38 19.360 MSIbad64.LOG 27.09.2006 17:38 19.360 MSIbad63.LOG 27.09.2006 17:38 284 MSIbad62.LOG 27.09.2006 17:38 284 MSIbad61.LOG 27.09.2006 17:28 16.384 ~DF408F.tmp 27.09.2006 17:28 16.384 ~DF28DF.tmp 27.09.2006 17:24 19.248 MSIaafe6.LOG 27.09.2006 17:24 19.248 MSIaafe5.LOG 27.09.2006 17:24 284 MSIaafe4.LOG 27.09.2006 17:24 284 MSIaafe3.LOG 27.09.2006 15:28 16.384 ~DF7E96.tmp 27.09.2006 15:28 16.384 ~DFEA80.tmp 26.09.2006 23:11 207.983 $$$26.html 26.09.2006 23:08 19.248 MSI969fe.LOG 26.09.2006 23:08 19.248 MSI969fd.LOG 26.09.2006 23:08 19.248 MSI969fc.LOG 26.09.2006 23:08 284 MSI969fb.LOG 26.09.2006 23:08 284 MSI969fa.LOG 26.09.2006 23:08 284 MSI969f9.LOG 26.09.2006 23:06 19.248 MSI7568f.LOG 26.09.2006 23:06 19.248 MSI7568e.LOG 26.09.2006 23:06 19.248 MSI7568d.LOG 26.09.2006 23:06 284 MSI7568c.LOG 26.09.2006 23:06 284 MSI7568b.LOG 26.09.2006 23:06 284 MSI7568a.LOG 26.09.2006 23:04 19.262 MSI3367a.LOG 26.09.2006 23:04 19.262 MSI33679.LOG 26.09.2006 23:04 19.262 MSI33678.LOG 26.09.2006 23:02 19.340 MSI33677.LOG 26.09.2006 23:02 19.340 MSI33676.LOG 26.09.2006 23:02 19.340 MSI33675.LOG 26.09.2006 23:02 284 MSI33674.LOG 26.09.2006 23:02 284 MSI33673.LOG 26.09.2006 23:02 284 MSI33672.LOG 26.09.2006 20:27 19.248 MSI5f6fb.LOG 26.09.2006 20:27 19.248 MSI5f6fa.LOG 26.09.2006 20:27 19.248 MSI5f6f9.LOG 26.09.2006 20:27 284 MSI5f6f8.LOG 26.09.2006 20:27 284 MSI5f6f7.LOG 26.09.2006 20:27 284 MSI5f6f6.LOG 26.09.2006 14:07 1.029.658 gtb1.tmp.cab 26.09.2006 06:10 127 DFC5A2B2.TMP 15.09.2006 16:06 14.520 java_install_reg.log 14.09.2006 19:41 10.538 control.xml 07.09.2006 21:44 1.324.838 tmp-1.xpi 07.09.2006 19:30 793.172 tmp.xpi 04.09.2006 14:21 3.146 Word 2002 Setup(0002).txt 04.09.2006 14:21 226 Word 2002 Setup(0002)_Task(0001).txt 04.09.2006 14:16 3.274 Word 2002 Setup(0001).txt 04.09.2006 14:15 226 Word 2002 Setup(0001)_Task(0001).txt 04.09.2006 14:14 46.590 offcln10.log 04.09.2006 14:09 3.249 AutoRoute 2004 Setup(0001).txt 04.09.2006 14:09 226 AutoRoute 2004 Setup(0001)_Task(0001).txt 01.09.2006 17:39 802.595 hamachi-update-1.0.0.61.exe 28.08.2006 20:50 31 searchurl_de_de.txt 24.08.2006 00:06 282.624 b0d10cae295b383bac8f8a9536a0c45e.exe 16.08.2006 23:15 3.658 SNDSetup60.log 16.08.2006 23:15 241.020 SND_MSI_U_6.0.0.99.log 16.08.2006 23:15 4.521 SNDunin.log 16.08.2006 23:15 22.726 SYMEVENT.LOG 16.08.2006 23:14 8.408 IDSinst.LOG 16.08.2006 23:14 330.306 SND_MSI_I_6.0.4.402.log 16.08.2006 23:09 5.413.928 Norton AntiVirus 2006 8-16-2006 23h7m1s.log 16.08.2006 23:09 124 AVRES_OPTRF_LiveUpdate.dat 16.08.2006 23:08 124 SSALiveUpdate.dat 16.08.2006 23:08 9.294 CLTDIST.log 16.08.2006 23:07 172 AVSTELiveUpdate.dat 16.08.2006 23:06 448 PreScan.log 16.08.2006 23:02 2.605.028 Norton AntiVirus 2006 8-16-2006 22h57m41s.log 16.08.2006 23:01 934.586 system.nfo 16.08.2006 22:59 233 url.txt 16.08.2006 22:31 0 xx11 16.08.2006 22:31 0 xx10 16.08.2006 22:31 0 xx7 16.08.2006 22:31 0 xx8 16.08.2006 22:31 0 xx9 09.08.2006 22:40 0 xx4 09.08.2006 22:40 0 xx6 09.08.2006 22:40 0 xx3 09.08.2006 22:40 0 xx2 09.08.2006 22:40 0 xx5 09.08.2006 15:30 19.735 jusched.log 04.08.2006 18:51 939 jupdate1.5.0.xml 24.07.2006 15:38 200 RN8.htm 19.07.2006 22:50 31.980 browserview-1838464.htm 17.07.2006 20:10 0 1.11.2.5464.deDE 15.07.2006 19:16 1.487.872 InstallRtc.msi 07.07.2006 20:07 0 1.11.1.5462.deDE 03.07.2006 23:28 30.807 TWAIN.LOG 03.07.2006 23:28 4 Twain001.Mtx 03.07.2006 23:28 156 Twunk001.MTX 03.07.2006 23:08 0 Twunk002.MTX 03.07.2006 23:04 3.372 MS429.LOG 03.07.2006 23:03 0 52e477.mst 03.07.2006 23:03 0 52e476.mst 28.06.2006 23:15 0 1.11.0.5428.deDE 24.06.2006 11:56 9.109.584 TU2006TrialDE.exe 23.06.2006 14:23 30.389 browserview-eb4d78.htm 22.06.2006 17:43 2.244 browserview-eb4d30.htm 20.06.2006 13:22 2.244 browserview-eb4910.htm 19.06.2006 21:35 12.472 browserview-eb4818.htm 19.06.2006 17:38 2.244 browserview-eb4b50.htm 17.06.2006 14:39 0 DFAD5A.dmp 16.06.2006 15:20 2.244 browserview-eb46c8.htm 16.06.2006 14:23 13.650 browserview-eb4e18.htm 15.06.2006 23:05 2.244 browserview-eb25e0.htm 14.06.2006 21:01 12.467 browserview-fef9d8.htm 12.06.2006 18:06 180.224 5840.rra WINDOWS : 01.10.2006 22:11 0 0.log 01.10.2006 22:11 1.230.586 WindowsUpdate.log 01.10.2006 22:10 159 wiadebug.log 01.10.2006 22:10 50 wiaservc.log 01.10.2006 22:10 2.048 bootstat.dat 01.10.2006 22:09 32.592 SchedLgU.Txt 30.09.2006 18:32 3.922 ModemLog_Creatix V.9X DSP Data Fax Modem.txt 29.09.2006 19:25 227 system.tmp 29.09.2006 19:25 472 win.tmp 29.09.2006 19:25 227 system.ini 29.09.2006 19:25 472 win.ini 26.09.2006 16:33 294.900 ntbtlog.txt 26.09.2006 16:33 110.565 setupapi.log 26.09.2006 16:33 196.047 setupact.log 12.09.2006 17:06 50 cdplayer.ini 07.09.2006 21:44 3.408 mozver.dat 07.09.2006 19:30 0 nsreg.dat 04.09.2006 14:15 400 ODBC.INI 16.08.2006 23:06 2.641 iis6.log 16.08.2006 23:06 19.815 comsetup.log 16.08.2006 23:06 10.733 KB893803v2.log 16.08.2006 23:06 10.249 ntdtcsetup.log 16.08.2006 23:06 13.055 tsoc.log 16.08.2006 23:06 1.374 imsins.log 16.08.2006 23:06 21.628 ocgen.log 16.08.2006 23:06 1.489 ocmsn.log 16.08.2006 23:06 1.484 msgsocm.log 16.08.2006 23:06 23.934 FaxSetup.log 09.08.2006 23:03 1.504.394 setupapi.log.0.old 25.07.2006 02:15 62.937 War3Unin.dat 25.07.2006 02:08 2.829 War3Unin.pif 25.07.2006 02:08 139.264 War3Unin.exe 13.07.2006 23:02 10 ABC3D.SN 03.07.2006 23:03 516 MAXLINK.INI 23.06.2006 18:21 160.383 DirectX.log 12.06.2006 18:24 427 nsw.log 12.06.2006 18:06 1.219 chipset.log 11.06.2006 20:37 11.200 Windows Update.log 09.06.2006 15:30 14.875 wmsetup.log 09.06.2006 15:30 316.640 WMSysPr9.prx 09.06.2006 14:19 1.355 imsins.BAK 09.06.2006 14:17 3.810 Q323183.log 09.06.2006 13:59 829 OEWABLog.txt 09.06.2006 13:59 838.791 setuplog.txt 09.06.2006 07:50 0 Sti_Trace.log 09.06.2006 07:49 1.348 regopt.log 09.06.2006 07:48 0 setuperr.log 09.06.2006 06:56 8.192 REGLOCS.OLD 09.06.2006 06:54 0 control.ini 09.06.2006 06:54 299.552 WMSysPrx.prx 09.06.2006 06:54 4.161 ODBCINST.INI 09.06.2006 06:53 749 WindowsShell.Manifest 09.06.2006 06:51 36 vb.ini 09.06.2006 06:51 37 vbaddin.ini 09.06.2006 06:51 128 DtcInstall.log 09.06.2006 06:51 1.060 sessmgr.setup.log C 01.10.2006 22:20 0 sys.txt 01.10.2006 22:20 4.941 windows.txt 01.10.2006 22:19 4.941 system.txt 01.10.2006 22:19 9.746 temp.txt 01.10.2006 22:18 9.746 systemtemp.txt 01.10.2006 22:18 89.163 system32.txt 01.10.2006 22:10 1.610.612.736 pagefile.sys 29.09.2006 19:25 194 boot.ini 07.09.2006 19:19 1.765 icqclient.log 09.06.2006 06:54 0 CONFIG.SYS 09.06.2006 06:54 0 AUTOEXEC.BAT 09.06.2006 06:54 0 MSDOS.SYS 09.06.2006 06:54 0 IO.SYS system 32 01.10.2006 22:10 41.706 ikhcore.log 28.09.2006 16:41 141.240 FNTCACHE.DAT 07.09.2006 19:37 124.688 MSWINSCK.OCX 03.09.2006 19:41 2.206 wpa.dbl 16.08.2006 23:03 555.199 ckl009.dat 16.08.2006 22:41 6.315 SysPr.prx 16.08.2006 22:33 51.733 plugin1.dat 09.08.2006 15:25 50.257 nvapps.xml 07.08.2006 16:02 534.208 SymNeti.dll 07.08.2006 16:02 161.472 SymRedir.dll 09.06.2006 15:41 6.961 jupdate-1.5.0_07-b03.log 09.06.2006 15:38 34.064 lhacm.acm 09.06.2006 14:17 311.604 perfh009.dat 09.06.2006 14:17 39.992 perfc009.dat 09.06.2006 14:17 316.594 perfh007.dat 09.06.2006 14:17 48.156 perfc007.dat 09.06.2006 14:17 723.744 PerfStringBackup.INI 09.06.2006 13:59 25.065 wmpscheme.xml 09.06.2006 07:50 0 h323log.txt 09.06.2006 06:55 302 $winnt$.inf 09.06.2006 06:54 2.951 CONFIG.NT 09.06.2006 06:54 16.832 amcompat.tlb 09.06.2006 06:54 23.392 nscompat.tlb 09.06.2006 06:53 488 WindowsLogon.manifest 09.06.2006 06:53 488 logonui.exe.manifest 09.06.2006 06:53 749 cdplayer.exe.manifest 09.06.2006 06:53 749 nwc.cpl.manifest 09.06.2006 06:53 749 ncpa.cpl.manifest 09.06.2006 06:53 749 wuaucpl.cpl.manifest 09.06.2006 06:53 749 sapi.cpl.manifest 09.06.2006 06:52 21.740 emptyregdb.dat |
|
|
|
|
|
|
02.10.2006, 01:02
Ehrenmitglied
Beiträge: 29434 |
#72
KingWeber
in den beiden dat-Dateien sind alle revelanten Daten von deinem Rechner usw. abgespeichert... sie werden an den besitzer vom Backdoor weitergeleitet...du kannst sie mal mit dem Texteditor oeffnen und reinschauen, bevor du sie loeschst Avenger http://virus-protect.org/artikel/tools/avenger.html kopiere rein Zitat Files to delete:Klicke die gruene Ampel das Script wird nun ausgeführt, dann wird der PC automatisch neustarten ** loesche das backup vom avenger unter c:\Avenger\backup.zip ** Start - Programme - Zubehör - Systemprogramme - Datenträgerbereinigung - Click:Temporäre Internet Files/Temporäre Internet Dateien, o.k. - Click:Temporäre Dateien, o.k ** scanne, stelle dann alles auf remove und poste den report http://virus-protect.org/counterspy.html __________ MfG Sabina rund um die PC-Sicherheit |
|
|
|
|
|
|
02.10.2006, 12:53
...neu hier
Beiträge: 1 |
#73
Wollte nur erwähnen, das ein Neuaufsetzen des Systems notwendig ist!!!! Bei CIADoor, der wird zur zeit auf sämtlichen .ddl Seiten mitgeschickt und wenn man sich DVDFab runterlädt (so wie bei mir)!!! Ist Schei... hartnäckig das Ding
|
|
|
|
|
|
|
02.10.2006, 15:30
...neu hier
Beiträge: 3 |
#74
Infected registry entries detected
HKEY_CLASSES_ROOT\typelib\{905d0df2-3a0a-4d94-853c-54a12a745905} HKEY_CLASSES_ROOT\typelib\{905d0df2-3a0a-4d94-853c-54a12a745905}\1.0\0\win32 C:\Programme\BearShare\RunMSC.dll HKEY_CLASSES_ROOT\typelib\{905d0df2-3a0a-4d94-853c-54a12a745905}\1.0\FLAGS 0 HKEY_CLASSES_ROOT\typelib\{905d0df2-3a0a-4d94-853c-54a12a745905}\1.0\HELPDIR C:\Programme\BearShare\ HKEY_CLASSES_ROOT\typelib\{905d0df2-3a0a-4d94-853c-54a12a745905}\1.0 RunMSC 1.0 Type Library HKEY_CURRENT_USER\appevents\eventlabels\bearsharechatnotifymsg HKEY_CURRENT_USER\appevents\eventlabels\bearsharechatnotifymsg Chat Message Waiting HKEY_CURRENT_USER\appevents\schemes\apps\bearshare HKEY_CURRENT_USER\appevents\schemes\apps\bearshare\BearShareChatNotifyMsg\.Current C:\Programme\BearShare\sounds\notify.wav HKEY_CURRENT_USER\appevents\schemes\apps\bearshare\BearShareChatNotifyMsg HKEY_CURRENT_USER\appevents\schemes\apps\bearshare BearShare HKEY_CLASSES_ROOT\CLSID\{558EC983-BEDB-9168-B2DE-31DBF0EE543E} HKEY_CLASSES_ROOT\CLSID\{558EC983-BEDB-9168-B2DE-31DBF0EE543E}\InprocServer32 C:\PROGRA~1\Canon\EASY-P~1\BJEZFLDR.DLL HKEY_CLASSES_ROOT\CLSID\{558EC983-BEDB-9168-B2DE-31DBF0EE543E}\InprocServer32 ThreadingModel Apartment HKEY_CLASSES_ROOT\CLSID\{558EC983-BEDB-9168-B2DE-31DBF0EE543E} CnTreeViewPropPage Class HKEY_CLASSES_ROOT\CLSID\{558EC983-BEDB-9168-B2DE-31DBF0EE543E} sryXsraHwTl `MSb{Ve[WJj^rXEsWB_i|ZlgNSjI HKEY_CLASSES_ROOT\CLSID\{558EC983-BEDB-9168-B2DE-31DBF0EE543E} qHWp ogzXMq}MLLzIxhOrZW[~WHfOzPwUn HKEY_CLASSES_ROOT\CLSID\{558EC983-BEDB-9168-B2DE-31DBF0EE543E} jojhgsvszkyvj dGoo\R]lPwLFCnM^MMnIuexAQ}Z HKEY_CLASSES_ROOT\CLSID\{558EC983-BEDB-9168-B2DE-31DBF0EE543E} JkrlazDtX mrLas[IUTpycv_vvMpnV^KEy\qWSte HKEY_CLASSES_ROOT\CLSID\{558EC983-BEDB-9168-B2DE-31DBF0EE543E} JpepwfunraO _RFWp@j}uMF_[R}ZTuq]oDkaoWjdzd HKEY_CLASSES_ROOT\CLSID\{558EC983-BEDB-9168-B2DE-31DBF0EE543E} cbzrU PyIq]]p`u{moExJB HKEY_CLASSES_ROOT\CLSID\{558EC983-BEDB-9168-B2DE-31DBF0EE543E} vKXpyePjlPy KRXM^SYNNESFb~AyuOT^aRfvnBqRse[ HKEY_CLASSES_ROOT\CLSID\{558EC983-BEDB-9168-B2DE-31DBF0EE543E} Cyrvxvrtxc wDweLF\\VvkaElFebx]}jQhl\LHEGdX HKEY_CLASSES_ROOT\CLSID\{558EC983-BEDB-9168-B2DE-31DBF0EE543E} GOyfnBfKdYuz TQDSdVp|QSNZZskPqluXmtx HKEY_CLASSES_ROOT\CLSID\{558EC983-BEDB-9168-B2DE-31DBF0EE543E} NsvsT T{IHusgwvPF}c~|ZKw|fWURqX HKEY_CLASSES_ROOT\CLSID\{558EC983-BEDB-9168-B2DE-31DBF0EE543E} keeD SRKYYSDGnAPl`MWE HKEY_CLASSES_ROOT\CLSID\{558EC983-BEDB-9168-B2DE-31DBF0EE543E} PLmVypusha KzAIEV]qmRWDkumyBvD}Mr}sa HKEY_CLASSES_ROOT\CLSID\{558EC983-BEDB-9168-B2DE-31DBF0EE543E} jaWamtwzQd ps\tzxKoGRlg@Ydx MyGlobalSearch.Toolbar Potentially Unwanted Program more information... Details: MyGlobalSearch.Toolbar is an IE plugin with its own Search Field. Status: Ignored Infected files detected c:\programme\myglobalsearch\bar\history\search Infected registry entries detected HKEY_LOCAL_MACHINE\SOFTWARE\MyGlobalSearch HKEY_LOCAL_MACHINE\SOFTWARE\MyGlobalSearch\bar pid IK HKEY_LOCAL_MACHINE\SOFTWARE\MyGlobalSearch\bar Dir C:\Programme\MyGlobalSearch\bar\ HKEY_LOCAL_MACHINE\SOFTWARE\MyGlobalSearch\bar CurInstall 1 HKEY_LOCAL_MACHINE\SOFTWARE\MyGlobalSearch\bar sr 16 HKEY_LOCAL_MACHINE\SOFTWARE\MyGlobalSearch\bar pl 7 HKEY_LOCAL_MACHINE\SOFTWARE\MyGlobalSearch\bar Id D6EF6167-1ADD-4424-B46D-B48A9DD19026 HKEY_LOCAL_MACHINE\SOFTWARE\MyGlobalSearch\bar CacheDir C:\Programme\MyGlobalSearch\bar\Cache\ HKEY_LOCAL_MACHINE\SOFTWARE\MyGlobalSearch\bar HistoryDir C:\Programme\MyGlobalSearch\bar\History\ HKEY_LOCAL_MACHINE\SOFTWARE\MyGlobalSearch\bar SettingsDir C:\Programme\MyGlobalSearch\bar\Settings\ HKEY_LOCAL_MACHINE\SOFTWARE\MyGlobalSearch\bar ConfigDateStamp 2006082809 HKEY_LOCAL_MACHINE\SOFTWARE\MyGlobalSearch\bar Flags 530 Zango.Toolbar Toolbar more information... Details: Zango.Toolbar is an adware application that installs a browser helper object, (BHO), in the form of a toolbar. Status: Quarantined Infected files detected c:\dokumente und einstellungen\all users\startmenü\programme\zango\go to library.url c:\dokumente und einstellungen\all users\startmenü\programme\zango\uninstall zango instructions.lnk c:\dokumente und einstellungen\all users\startmenü\programme\zango\zango customer support.url Zango.SearchAssistant Adware (General) more information... Details: Zango Search Assistant opens new browser windows showing websites based on the previous websites you visit. Status: Quarantined Infected files detected c:\dokumente und einstellungen\all users\startmenü\programme\zango\uninstall zango instructions.lnk c:\programme\mozilla firefox\plugins\npclntax.dll Infected registry entries detected HKEY_CLASSES_ROOT\zangohook.SABHO HKEY_CLASSES_ROOT\zangohook.SABHO\CLSID {56F1D444-11BF-4879-A12B-79CF0177F038} HKEY_CLASSES_ROOT\zangohook.SABHO\CurVer zangohook.SABHO.1 HKEY_CLASSES_ROOT\zangohook.SABHO Zango Search Assistant Helper HKEY_CLASSES_ROOT\zangohook.SABHO.1 HKEY_CLASSES_ROOT\zangohook.SABHO.1\CLSID {56F1D444-11BF-4879-A12B-79CF0177F038} HKEY_CLASSES_ROOT\zangohook.SABHO.1 Zango Search Assistant Helper Trojan Horse Trojan more information... Status: Quarantined Infected files detected c:\windows\system32\syspr.prx Zango.CommonElements Adware (General) more information... Details: Zango.CommonElements is a collection of traces that are found in multiple adware programs from 180solutions / Zango. Status: Quarantined Infected registry entries detected HKEY_CURRENT_USER\Software\zango HKEY_CURRENT_USER\Software\zango last_conn_h 29808674 HKEY_CURRENT_USER\Software\zango last_conn_l -252405300 HKEY_CURRENT_USER\Software\zango we 2 HKEY_CURRENT_USER\Software\zango cdata 01zM8fY4Pjz%2f2eU5ykwF2WKD4i7vOGf68ZAm01xPGNy3gRrwg5yCweqAgVctm%2b%2bHrHyyVbCqMA28GyUdV7TLQQwPYJNobfxpZwP8D6Iqd%2bLZmgTu%2fw%2fNv9nrsrSnWJeVYYOVwmomfWl5YZRa9aY516%2fRYAPdq4woflQ%2bRS6T2a5tVuk89bGADwPruQ%2f%2fAh2fYeC HKEY_CURRENT_USER\Software\zango TimeOffset -25190 HKEY_CURRENT_USER\Software\zango keyword_updating_ver 990 HKEY_CURRENT_USER\Software\zango geourl_current_version 12 HKEY_CURRENT_USER\Software\zango geourl_last_full_version 12 HKEY_CURRENT_USER\Software\zango keyword_last_chunk 21 HKEY_CURRENT_USER\Software\zango actionurl_current_version 579 HKEY_CURRENT_USER\Software\zango actionurl_last_full_version 579 HKEY_CLASSES_ROOT\CLSID\{99410CDE-6F16-42ce-9D49-3807F78F0287} HKEY_CLASSES_ROOT\CLSID\{99410CDE-6F16-42ce-9D49-3807F78F0287}\InprocServer32 C:\WINDOWS\Downloaded Program Files\ClientAX.dll HKEY_CLASSES_ROOT\CLSID\{99410CDE-6F16-42ce-9D49-3807F78F0287}\InprocServer32 ThreadingModel Apartment HKEY_CLASSES_ROOT\CLSID\{99410CDE-6F16-42ce-9D49-3807F78F0287}\MiscStatus\1 132497 HKEY_CLASSES_ROOT\CLSID\{99410CDE-6F16-42ce-9D49-3807F78F0287}\MiscStatus 0 HKEY_CLASSES_ROOT\CLSID\{99410CDE-6F16-42ce-9D49-3807F78F0287}\ProgID ClientAX.ClientInstaller.1 HKEY_CLASSES_ROOT\CLSID\{99410CDE-6F16-42ce-9D49-3807F78F0287}\ToolboxBitmap32 C:\WINDOWS\Downloaded Program Files\ClientAX.dll, 101 HKEY_CLASSES_ROOT\CLSID\{99410CDE-6F16-42ce-9D49-3807F78F0287}\TypeLib {5B6689B5-C2D4-4dc7-BFD1-24AC17E5FCDA} HKEY_CLASSES_ROOT\CLSID\{99410CDE-6F16-42ce-9D49-3807F78F0287}\Version 1.0 HKEY_CLASSES_ROOT\CLSID\{99410CDE-6F16-42ce-9D49-3807F78F0287}\VersionIndependentProgID ClientAX.ClientInstaller HKEY_CLASSES_ROOT\CLSID\{99410CDE-6F16-42ce-9D49-3807F78F0287} ClientInstaller Class HKEY_LOCAL_MACHINE\SOFTWARE\zango HKEY_LOCAL_MACHINE\SOFTWARE\zango umt 013C52E6C96DCC0FA615CA3E716F85F1F54BE684C74F76A38E8D48B54198D4C410 HKEY_LOCAL_MACHINE\SOFTWARE\zango duid 3C52E6C96DCC0FA615CA3E716F85F1F54BE684C74F76A38E8D48B54198D4C410 HKEY_LOCAL_MACHINE\SOFTWARE\zango partner_id 501631924 HKEY_LOCAL_MACHINE\SOFTWARE\zango product_id 364678 HKEY_LOCAL_MACHINE\SOFTWARE\zango cvf HKEY_CLASSES_ROOT\TypeLib\{5B6689B5-C2D4-4DC7-BFD1-24AC17E5FCDA} HKEY_CLASSES_ROOT\TypeLib\{5B6689B5-C2D4-4DC7-BFD1-24AC17E5FCDA}\1.0\0\win32 C:\WINDOWS\Downloaded Program Files\ClientAX.dll HKEY_CLASSES_ROOT\TypeLib\{5B6689B5-C2D4-4DC7-BFD1-24AC17E5FCDA}\1.0\FLAGS 0 HKEY_CLASSES_ROOT\TypeLib\{5B6689B5-C2D4-4DC7-BFD1-24AC17E5FCDA}\1.0\HELPDIR C:\WINDOWS\Downloaded Program Files\ HKEY_CLASSES_ROOT\TypeLib\{5B6689B5-C2D4-4DC7-BFD1-24AC17E5FCDA}\1.0 ClientAX 1.0 Type Library HKEY_CLASSES_ROOT\Interface\{DDEA2E1D-8555-45E5-AF09-EC9AA4EA27AD} HKEY_CLASSES_ROOT\Interface\{DDEA2E1D-8555-45E5-AF09-EC9AA4EA27AD}\ProxyStubClsid {00020424-0000-0000-C000-000000000046} HKEY_CLASSES_ROOT\Interface\{DDEA2E1D-8555-45E5-AF09-EC9AA4EA27AD}\ProxyStubClsid32 {00020424-0000-0000-C000-000000000046} HKEY_CLASSES_ROOT\Interface\{DDEA2E1D-8555-45E5-AF09-EC9AA4EA27AD}\TypeLib {5B6689B5-C2D4-4DC7-BFD1-24AC17E5FCDA} HKEY_CLASSES_ROOT\Interface\{DDEA2E1D-8555-45E5-AF09-EC9AA4EA27AD}\TypeLib Version 1.0 HKEY_CLASSES_ROOT\Interface\{DDEA2E1D-8555-45E5-AF09-EC9AA4EA27AD} IClientInstaller HKEY_CLASSES_ROOT\CLSID\{0AC49246-419B-4EE0-8917-8818DAAD6A4E} HKEY_CLASSES_ROOT\CLSID\{0AC49246-419B-4EE0-8917-8818DAAD6A4E}\InprocServer32 C:\WINDOWS\Downloaded Program Files\ClientAX.dll HKEY_CLASSES_ROOT\CLSID\{0AC49246-419B-4EE0-8917-8818DAAD6A4E}\InprocServer32 ThreadingModel Apartment HKEY_CLASSES_ROOT\CLSID\{0AC49246-419B-4EE0-8917-8818DAAD6A4E}\MiscStatus\1 132497 HKEY_CLASSES_ROOT\CLSID\{0AC49246-419B-4EE0-8917-8818DAAD6A4E}\MiscStatus 0 HKEY_CLASSES_ROOT\CLSID\{0AC49246-419B-4EE0-8917-8818DAAD6A4E}\ProgID ClientAX.RequiredComponent.1 HKEY_CLASSES_ROOT\CLSID\{0AC49246-419B-4EE0-8917-8818DAAD6A4E}\ToolboxBitmap32 C:\WINDOWS\Downloaded Program Files\ClientAX.dll, 101 HKEY_CLASSES_ROOT\CLSID\{0AC49246-419B-4EE0-8917-8818DAAD6A4E}\TypeLib {5B6689B5-C2D4-4dc7-BFD1-24AC17E5FCDA} HKEY_CLASSES_ROOT\CLSID\{0AC49246-419B-4EE0-8917-8818DAAD6A4E}\Version 1.0 HKEY_CLASSES_ROOT\CLSID\{0AC49246-419B-4EE0-8917-8818DAAD6A4E}\VersionIndependentProgID ClientAX.RequiredComponent HKEY_CLASSES_ROOT\CLSID\{0AC49246-419B-4EE0-8917-8818DAAD6A4E} RequiredComponent Class HKEY_CLASSES_ROOT\Interface\{2B0ECEAC-F597-4858-A542-D966B49055B9} HKEY_CLASSES_ROOT\Interface\{2B0ECEAC-F597-4858-A542-D966B49055B9}\ProxyStubClsid {00020424-0000-0000-C000-000000000046} HKEY_CLASSES_ROOT\Interface\{2B0ECEAC-F597-4858-A542-D966B49055B9}\ProxyStubClsid32 {00020424-0000-0000-C000-000000000046} HKEY_CLASSES_ROOT\Interface\{2B0ECEAC-F597-4858-A542-D966B49055B9}\TypeLib {5B6689B5-C2D4-4DC7-BFD1-24AC17E5FCDA} HKEY_CLASSES_ROOT\Interface\{2B0ECEAC-F597-4858-A542-D966B49055B9}\TypeLib Version 1.0 HKEY_CLASSES_ROOT\Interface\{2B0ECEAC-F597-4858-A542-D966B49055B9} IClientInstaller2 HKEY_CLASSES_ROOT\Interface\{F1F1E775-1B21-454D-8D38-7C16519969E5} HKEY_CLASSES_ROOT\Interface\{F1F1E775-1B21-454D-8D38-7C16519969E5}\ProxyStubClsid {00020424-0000-0000-C000-000000000046} HKEY_CLASSES_ROOT\Interface\{F1F1E775-1B21-454D-8D38-7C16519969E5}\ProxyStubClsid32 {00020424-0000-0000-C000-000000000046} HKEY_CLASSES_ROOT\Interface\{F1F1E775-1B21-454D-8D38-7C16519969E5}\TypeLib {5B6689B5-C2D4-4DC7-BFD1-24AC17E5FCDA} HKEY_CLASSES_ROOT\Interface\{F1F1E775-1B21-454D-8D38-7C16519969E5}\TypeLib Version 1.0 HKEY_CLASSES_ROOT\Interface\{F1F1E775-1B21-454D-8D38-7C16519969E5} IRequiredComponent HKEY_CLASSES_ROOT\ClientAX.RequiredComponent HKEY_CLASSES_ROOT\ClientAX.RequiredComponent\CLSID {0AC49246-419B-4EE0-8917-8818DAAD6A4E} HKEY_CLASSES_ROOT\ClientAX.RequiredComponent\CurVer ClientAX.RequiredComponent.1 HKEY_CLASSES_ROOT\ClientAX.RequiredComponent RequiredComponent Class HKEY_CLASSES_ROOT\ClientAX.RequiredComponent.1 HKEY_CLASSES_ROOT\ClientAX.RequiredComponent.1\CLSID {0AC49246-419B-4EE0-8917-8818DAAD6A4E} HKEY_CLASSES_ROOT\ClientAX.RequiredComponent.1 RequiredComponent Class HKEY_CLASSES_ROOT\ClientAX.ZangoClientAX HKEY_CLASSES_ROOT\ClientAX.ZangoClientAX\CLSID {51CF80DC-A309-4735-BB11-EF18BF4E3AD9} HKEY_CLASSES_ROOT\ClientAX.ZangoClientAX\CurVer ClientAX.ZangoClientAX.1 HKEY_CLASSES_ROOT\ClientAX.ZangoClientAX ZangoClientAX Class HKEY_CLASSES_ROOT\ClientAX.ZangoClientAX.1 HKEY_CLASSES_ROOT\ClientAX.ZangoClientAX.1\CLSID {51CF80DC-A309-4735-BB11-EF18BF4E3AD9} HKEY_CLASSES_ROOT\ClientAX.ZangoClientAX.1 ZangoClientAX Class HKEY_CLASSES_ROOT\CLSID\{51CF80DC-A309-4735-BB11-EF18BF4E3AD9} HKEY_CLASSES_ROOT\CLSID\{51CF80DC-A309-4735-BB11-EF18BF4E3AD9}\InprocServer32 C:\WINDOWS\Downloaded Program Files\ClientAX.dll HKEY_CLASSES_ROOT\CLSID\{51CF80DC-A309-4735-BB11-EF18BF4E3AD9}\InprocServer32 ThreadingModel Apartment HKEY_CLASSES_ROOT\CLSID\{51CF80DC-A309-4735-BB11-EF18BF4E3AD9}\MiscStatus\1 132497 HKEY_CLASSES_ROOT\CLSID\{51CF80DC-A309-4735-BB11-EF18BF4E3AD9}\MiscStatus 0 HKEY_CLASSES_ROOT\CLSID\{51CF80DC-A309-4735-BB11-EF18BF4E3AD9}\ProgID ClientAX.ZangoClientAX.1 HKEY_CLASSES_ROOT\CLSID\{51CF80DC-A309-4735-BB11-EF18BF4E3AD9}\ToolboxBitmap32 C:\WINDOWS\Downloaded Program Files\ClientAX.dll, 101 HKEY_CLASSES_ROOT\CLSID\{51CF80DC-A309-4735-BB11-EF18BF4E3AD9}\TypeLib {5B6689B5-C2D4-4dc7-BFD1-24AC17E5FCDA} HKEY_CLASSES_ROOT\CLSID\{51CF80DC-A309-4735-BB11-EF18BF4E3AD9}\Version 1.0 HKEY_CLASSES_ROOT\CLSID\{51CF80DC-A309-4735-BB11-EF18BF4E3AD9}\VersionIndependentProgID ClientAX.ZangoClientAX HKEY_CLASSES_ROOT\CLSID\{51CF80DC-A309-4735-BB11-EF18BF4E3AD9} ZangoClientAX Class HKEY_CLASSES_ROOT\Interface\{6C092742-10FE-4DB2-988D-FC71948DE70C} HKEY_CLASSES_ROOT\Interface\{6C092742-10FE-4DB2-988D-FC71948DE70C}\ProxyStubClsid {00020424-0000-0000-C000-000000000046} HKEY_CLASSES_ROOT\Interface\{6C092742-10FE-4DB2-988D-FC71948DE70C}\ProxyStubClsid32 {00020424-0000-0000-C000-000000000046} HKEY_CLASSES_ROOT\Interface\{6C092742-10FE-4DB2-988D-FC71948DE70C}\TypeLib {5B6689B5-C2D4-4DC7-BFD1-24AC17E5FCDA} HKEY_CLASSES_ROOT\Interface\{6C092742-10FE-4DB2-988D-FC71948DE70C}\TypeLib Version 1.0 HKEY_CLASSES_ROOT\Interface\{6C092742-10FE-4DB2-988D-FC71948DE70C} ISeekmoClientAX HKEY_CLASSES_ROOT\Interface\{7FA8976F-D00C-4E98-8729-A66569233FB5} HKEY_CLASSES_ROOT\Interface\{7FA8976F-D00C-4E98-8729-A66569233FB5}\ProxyStubClsid {00020424-0000-0000-C000-000000000046} HKEY_CLASSES_ROOT\Interface\{7FA8976F-D00C-4E98-8729-A66569233FB5}\ProxyStubClsid32 {00020424-0000-0000-C000-000000000046} HKEY_CLASSES_ROOT\Interface\{7FA8976F-D00C-4E98-8729-A66569233FB5}\TypeLib {5B6689B5-C2D4-4DC7-BFD1-24AC17E5FCDA} HKEY_CLASSES_ROOT\Interface\{7FA8976F-D00C-4E98-8729-A66569233FB5}\TypeLib Version 1.0 HKEY_CLASSES_ROOT\Interface\{7FA8976F-D00C-4E98-8729-A66569233FB5} IZangoClientAX HKEY_CLASSES_ROOT\TypeLib\{8BE3FABA-7468-4851-B97C-0750AF2B908E} HKEY_CLASSES_ROOT\TypeLib\{8BE3FABA-7468-4851-B97C-0750AF2B908E}\1.0\0\win32 c:\programme\zango\zangohook.dll HKEY_CLASSES_ROOT\TypeLib\{8BE3FABA-7468-4851-B97C-0750AF2B908E}\1.0\FLAGS 0 HKEY_CLASSES_ROOT\TypeLib\{8BE3FABA-7468-4851-B97C-0750AF2B908E}\1.0\HELPDIR c:\programme\zango\ HKEY_CLASSES_ROOT\TypeLib\{8BE3FABA-7468-4851-B97C-0750AF2B908E}\1.0 Searach Assistant Helper 1.0 Type Library HKEY_CLASSES_ROOT\ClientAX.ClientInstaller.1 HKEY_CLASSES_ROOT\ClientAX.ClientInstaller.1\CLSID {99410CDE-6F16-42ce-9D49-3807F78F0287} HKEY_CLASSES_ROOT\ClientAX.ClientInstaller.1 ClientInstaller Class HKEY_CLASSES_ROOT\ClientAX.ClientInstaller HKEY_CLASSES_ROOT\ClientAX.ClientInstaller\CLSID {99410CDE-6F16-42ce-9D49-3807F78F0287} HKEY_CLASSES_ROOT\ClientAX.ClientInstaller\CurVer ClientAX.ClientInstaller.1 HKEY_CLASSES_ROOT\ClientAX.ClientInstaller ClientInstaller Class HKEY_CLASSES_ROOT\CLSID\{F31A5D11-BF0B-4A4E-90AF-274F2090AAA6} HKEY_CLASSES_ROOT\CLSID\{F31A5D11-BF0B-4A4E-90AF-274F2090AAA6}\InprocServer32 C:\WINDOWS\Downloaded Program Files\ClientAX.dll HKEY_CLASSES_ROOT\CLSID\{F31A5D11-BF0B-4A4E-90AF-274F2090AAA6}\InprocServer32 ThreadingModel Apartment HKEY_CLASSES_ROOT\CLSID\{F31A5D11-BF0B-4A4E-90AF-274F2090AAA6}\ProgID LMgr180.WMDRMAx.1 HKEY_CLASSES_ROOT\CLSID\{F31A5D11-BF0B-4A4E-90AF-274F2090AAA6}\TypeLib {5B6689B5-C2D4-4dc7-BFD1-24AC17E5FCDA} HKEY_CLASSES_ROOT\CLSID\{F31A5D11-BF0B-4A4E-90AF-274F2090AAA6}\VersionIndependentProgID LMgr180.WMDRMAx HKEY_CLASSES_ROOT\CLSID\{F31A5D11-BF0B-4A4E-90AF-274F2090AAA6} WMDRMAx Class HKEY_CLASSES_ROOT\Interface\{A16650A9-B065-40EC-BBD1-F8D370D17FB1} HKEY_CLASSES_ROOT\Interface\{A16650A9-B065-40EC-BBD1-F8D370D17FB1}\ProxyStubClsid {00020424-0000-0000-C000-000000000046} HKEY_CLASSES_ROOT\Interface\{A16650A9-B065-40EC-BBD1-F8D370D17FB1}\ProxyStubClsid32 {00020424-0000-0000-C000-000000000046} HKEY_CLASSES_ROOT\Interface\{A16650A9-B065-40EC-BBD1-F8D370D17FB1}\TypeLib {5B6689B5-C2D4-4DC7-BFD1-24AC17E5FCDA} HKEY_CLASSES_ROOT\Interface\{A16650A9-B065-40EC-BBD1-F8D370D17FB1}\TypeLib Version 1.0 HKEY_CLASSES_ROOT\Interface\{A16650A9-B065-40EC-BBD1-F8D370D17FB1} ILicenseInstaller HKEY_CLASSES_ROOT\Interface\{BDDDF1A5-51A9-4F51-B38D-4CD0AD831B31} HKEY_CLASSES_ROOT\Interface\{BDDDF1A5-51A9-4F51-B38D-4CD0AD831B31}\ProxyStubClsid {00020424-0000-0000-C000-000000000046} HKEY_CLASSES_ROOT\Interface\{BDDDF1A5-51A9-4F51-B38D-4CD0AD831B31}\ProxyStubClsid32 {00020424-0000-0000-C000-000000000046} HKEY_CLASSES_ROOT\Interface\{BDDDF1A5-51A9-4F51-B38D-4CD0AD831B31}\TypeLib {5B6689B5-C2D4-4DC7-BFD1-24AC17E5FCDA} HKEY_CLASSES_ROOT\Interface\{BDDDF1A5-51A9-4F51-B38D-4CD0AD831B31}\TypeLib Version 1.0 HKEY_CLASSES_ROOT\Interface\{BDDDF1A5-51A9-4F51-B38D-4CD0AD831B31} IWMDRMAx HKEY_CLASSES_ROOT\Interface\{E43DFAA6-8C16-4519-B022-8792408505A4} HKEY_CLASSES_ROOT\Interface\{E43DFAA6-8C16-4519-B022-8792408505A4}\ProxyStubClsid {00020424-0000-0000-C000-000000000046} HKEY_CLASSES_ROOT\Interface\{E43DFAA6-8C16-4519-B022-8792408505A4}\ProxyStubClsid32 {00020424-0000-0000-C000-000000000046} HKEY_CLASSES_ROOT\Interface\{E43DFAA6-8C16-4519-B022-8792408505A4}\TypeLib {5B6689B5-C2D4-4DC7-BFD1-24AC17E5FCDA} HKEY_CLASSES_ROOT\Interface\{E43DFAA6-8C16-4519-B022-8792408505A4}\TypeLib Version 1.0 HKEY_CLASSES_ROOT\Interface\{E43DFAA6-8C16-4519-B022-8792408505A4} IInstantiator HKEY_CLASSES_ROOT\LMgr180.WMDRMAx HKEY_CLASSES_ROOT\LMgr180.WMDRMAx\CLSID {F31A5D11-BF0B-4A4E-90AF-274F2090AAA6} HKEY_CLASSES_ROOT\LMgr180.WMDRMAx\CurVer LMgr180.WMDRMAx.1 HKEY_CLASSES_ROOT\LMgr180.WMDRMAx WMDRMAx Class HKEY_CLASSES_ROOT\LMgr180.WMDRMAx.1 HKEY_CLASSES_ROOT\LMgr180.WMDRMAx.1\CLSID {F31A5D11-BF0B-4A4E-90AF-274F2090AAA6} HKEY_CLASSES_ROOT\LMgr180.WMDRMAx.1 WMDRMAx Class WhenU.Save Adware (General) more information... Details: WhenU.SaveNow is an adware application that displays pop-up advertising on the desktop in response to users' web browsing. Status: Quarantined Infected registry entries detected HKEY_CLASSES_ROOT\runmsc.loader.1\clsid HKEY_CLASSES_ROOT\runmsc.loader.1\clsid {9F95F736-0F62-4214-A4B4-CAA6738D4C07} HKEY_CLASSES_ROOT\runmsc.loader\clsid HKEY_CLASSES_ROOT\runmsc.loader\clsid {9F95F736-0F62-4214-A4B4-CAA6738D4C07} HKEY_CLASSES_ROOT\runmsc.loader\curver HKEY_CLASSES_ROOT\runmsc.loader\curver RunMSC.Loader.1 HKEY_CLASSES_ROOT\interface\{c285d18d-43a2-4aef-83fb-bf280e660a97} HKEY_CLASSES_ROOT\interface\{c285d18d-43a2-4aef-83fb-bf280e660a97}\ProxyStubClsid {00020424-0000-0000-C000-000000000046} HKEY_CLASSES_ROOT\interface\{c285d18d-43a2-4aef-83fb-bf280e660a97}\ProxyStubClsid32 {00020424-0000-0000-C000-000000000046} HKEY_CLASSES_ROOT\interface\{c285d18d-43a2-4aef-83fb-bf280e660a97}\TypeLib {905D0DF2-3A0A-4D94-853C-54A12A745905} HKEY_CLASSES_ROOT\interface\{c285d18d-43a2-4aef-83fb-bf280e660a97}\TypeLib Version 1.0 HKEY_CLASSES_ROOT\interface\{c285d18d-43a2-4aef-83fb-bf280e660a97} ILoader HKEY_CLASSES_ROOT\clsid\{9f95f736-0f62-4214-a4b4-caa6738d4c07} HKEY_CLASSES_ROOT\clsid\{9f95f736-0f62-4214-a4b4-caa6738d4c07}\InprocServer32 C:\Programme\BearShare\RunMSC.dll HKEY_CLASSES_ROOT\clsid\{9f95f736-0f62-4214-a4b4-caa6738d4c07}\InprocServer32 ThreadingModel Apartment HKEY_CLASSES_ROOT\clsid\{9f95f736-0f62-4214-a4b4-caa6738d4c07}\ProgID RunMSC.Loader.1 HKEY_CLASSES_ROOT\clsid\{9f95f736-0f62-4214-a4b4-caa6738d4c07}\TypeLib {905D0DF2-3A0A-4D94-853C-54A12A745905} HKEY_CLASSES_ROOT\clsid\{9f95f736-0f62-4214-a4b4-caa6738d4c07}\VersionIndependentProgID RunMSC.Loader HKEY_CLASSES_ROOT\clsid\{9f95f736-0f62-4214-a4b4-caa6738d4c07} Loader Class Bifrost RAT more information... Details: Bifrost fwb+ is an advanced Remote Administration Tool that allows user to remotely control computers that are behind firewalls and routers. Status: Quarantined Infected registry entries detected HKEY_LOCAL_MACHINE\SOFTWARE\Wget HKEY_LOCAL_MACHINE\SOFTWARE\Wget nck HKEY_CURRENT_USER\Software\Wget HKEY_CURRENT_USER\Software\Wget klg HKEY_CURRENT_USER\Software\Wget plg1 Cookie: ad.yieldmanager Cookie (General) more information... Details: Cookies are small "data tags" that web sites store on PCs in order to recognize unique visitors. Cookies are used to identify returning visitors who have registered for special services; to measure and analyze visitors' use of web site features; to count Status: Deleted Infected cookies detected c:\dokumente und einstellungen\webaaa\cookies\webaaa@ad.yieldmanager[1].txt Cookie: Advertising.com Cookie (General) more information... Details: Cookies are small "data tags" that web sites store on PCs in order to recognize unique visitors. Cookies are used to identify returning visitors who have registered for special services; to measure and analyze visitors' use of web site features; to count Status: Deleted Infected cookies detected c:\dokumente und einstellungen\webaaa\cookies\webaaa@advertising[1].txt Cookie: ATDMT.com Cookie (General) more information... Details: Cookies are small "data tags" that web sites store on PCs in order to recognize unique visitors. Cookies are used to identify returning visitors who have registered for special services; to measure and analyze visitors' use of web site features; to count Status: Deleted Infected cookies detected c:\dokumente und einstellungen\webaaa\cookies\webaaa@atdmt[2].txt Cookie: CGI-Bin Cookie (General) more information... Details: Cookies are small "data tags" that web sites store on PCs in order to recognize unique visitors. Cookies are used to identify returning visitors who have registered for special services; to measure and analyze visitors' use of web site features; to count Status: Deleted Infected cookies detected c:\dokumente und einstellungen\webaaa\cookies\webaaa@cgi-bin[1].txt c:\dokumente und einstellungen\webaaa\cookies\webaaa@cgi-bin[2].txt Cookie: dedmazai.com Cookie (General) more information... Details: Cookies are small "data tags" that web sites store on PCs in order to recognize unique visitors. Cookies are used to identify returning visitors who have registered for special services; to measure and analyze visitors' use of web site features; to count Status: Deleted Infected cookies detected c:\dokumente und einstellungen\webaaa\cookies\webaaa@counter2.sextracker[1].txt Cookie: DoubleClick Cookie (General) more information... Details: Cookies are small "data tags" that web sites store on PCs in order to recognize unique visitors. Cookies are used to identify returning visitors who have registered for special services; to measure and analyze visitors' use of web site features; to count Status: Deleted Infected cookies detected c:\dokumente und einstellungen\webaaa\cookies\webaaa@doubleclick[1].txt Cookie: Hitbox.com Cookie (General) more information... Details: Cookies are small "data tags" that web sites store on PCs in order to recognize unique visitors. Cookies are used to identify returning visitors who have registered for special services; to measure and analyze visitors' use of web site features; to count Status: Deleted Infected cookies detected c:\dokumente und einstellungen\webaaa\cookies\webaaa@hitbox[2].txt Cookie: QuestionMarket.com Cookie (General) more information... Details: Cookies are small "data tags" that web sites store on PCs in order to recognize unique visitors. Cookies are used to identify returning visitors who have registered for special services; to measure and analyze visitors' use of web site features; to count Status: Deleted Infected cookies detected c:\dokumente und einstellungen\webaaa\cookies\webaaa@questionmarket[2].txt Cookie: BS.Serving-Sys Cookie (General) more information... Details: Cookies are small "data tags" that web sites store on PCs in order to recognize unique visitors. Cookies are used to identify returning visitors who have registered for special services; to measure and analyze visitors' use of web site features; to count Status: Deleted Infected cookies detected c:\dokumente und einstellungen\webaaa\cookies\webaaa@serving-sys[2].txt Cookie: SexList.com Cookie (General) more information... Details: Cookies are small "data tags" that web sites store on PCs in order to recognize unique visitors. Cookies are used to identify returning visitors who have registered for special services; to measure and analyze visitors' use of web site features; to count Status: Deleted Infected cookies detected c:\dokumente und einstellungen\webaaa\cookies\webaaa@sexlist[1].txt Cookie: SexTracker.com Cookie (General) more information... Details: Cookies are small "data tags" that web sites store on PCs in order to recognize unique visitors. Cookies are used to identify returning visitors who have registered for special services; to measure and analyze visitors' use of web site features; to count Status: Deleted Infected cookies detected c:\dokumente und einstellungen\webaaa\cookies\webaaa@sextracker[1].txt Cookie: statcounter.com Cookie (General) more information... Details: Cookies are small "data tags" that web sites store on PCs in order to recognize unique visitors. Cookies are used to identify returning visitors who have registered for special services; to measure and analyze visitors' use of web site features; to count Status: Deleted Infected cookies detected c:\dokumente und einstellungen\webaaa\cookies\webaaa@statcounter[1].txt Cookie: Radar Spy Cookie (General) more information... Details: Cookies are small "data tags" that web sites store on PCs in order to recognize unique visitors. Cookies are used to identify returning visitors who have registered for special services; to measure and analyze visitors' use of web site features; to count Status: Deleted Infected cookies detected c:\dokumente und einstellungen\webaaa\cookies\webaaa@tradedoubler[1].txt Cookie: Weborama Cookie (General) more information... Details: Cookies are small "data tags" that web sites store on PCs in order to recognize unique visitors. Cookies are used to identify returning visitors who have registered for special services; to measure and analyze visitors' use of web site features; to count Status: Deleted Infected cookies detected c:\dokumente und einstellungen\webaaa\cookies\webaaa@weborama[2].txt |
|
|
|
|
|
|
02.10.2006, 19:02
Ehrenmitglied
Beiträge: 29434 |
#75
KingWeber
wir machen es mal so: ich moechte kein ignored oder quarantaene sehen ... scanne noch mal und stelle alls auf remove, alles, was der counterspy anzeigt, gehoert nicht auf ein sauberes system. dann poste den neuen scanreport .... dann sehen wir weiter, was den backdoor betrifft __________ MfG Sabina rund um die PC-Sicherheit |
|
|
|
|
|
Um auf dieses Thema zu ANTWORTEN
bitte erst » hier kostenlos registrieren!!
bitte erst » hier kostenlos registrieren!!
Folgende Themen könnten Dich auch interessieren:
Copyright © 2024, Protecus.de - Protecus Team - Impressum / Mediadaten
hast du auch den Eintrag aus der Registry geloescht bekommen ?
__________
MfG Sabina
rund um die PC-Sicherheit