Home » Viren, Trojaner & Malware Forum » Vundo.gen... bitte! » Themenansicht

Firefox Tipp: Instantfox - Quick Search Add-On!

Seite(n): 1

Antworten

Vundo.gen... bitte!

29.09.2006, 11:11

Blitzboy

Member

Beiträge: 59

#1 Hallo...

wie viele andere, suche ich auch Vundo.gen-Hilfe...

hier sind meine Logfiles...

http://www.getit-systems.de/syslogs/hijackthis.log
http://www.getit-systems.de/syslogs/ComboFix.txt
http://www.getit-systems.de/syslogs/sys.txt
http://www.getit-systems.de/syslogs/system.txt
http://www.getit-systems.de/syslogs/system32.txt
http://www.getit-systems.de/syslogs/systemtemp.txt

bin schon mal dankbar...

Zitat

Logfile of HijackThis v1.99.1
Scan saved at 10:50:38, on 29.09.2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\S24EvMon.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSetMgr.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\AntiVir PersonalEdition Classic\sched.exe
C:\Programme\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\System32\GEARSec.exe
C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Programme\Telekom\T-Fax\MPSERVIC.EXE
C:\Programme\Norton Ghost\Agent\VProSvc.exe
C:\WINDOWS\system32\RegSrvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZCfgSvc.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\1XConfig.exe
C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Programme\Intel\PROSetWireless\NCS\PROSet\PRONoMgr.exe
C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Programme\Java\jre1.5.0_08\bin\jusched.exe
C:\Programme\Telekom\T-Fax\monitr32.exe
C:\WINDOWS\system32\fxredir.exe
C:\Programme\Telekom\T-Fax\MPTBox.exe
C:\WINDOWS\system32\rundll32.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe
C:\Programme\Norton Ghost\Agent\GhostTray.exe
C:\programme\zango\zango.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\MSN Messenger\MsnMsgr.Exe
C:\Programme\Messenger\msmsgs.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Programme\Internet Explorer\IEXPLORE.EXE
C:\Dokumente und Einstellungen\�mit Yildirim\Desktop\setups\hijackthis\HijackThis.exe
C:\Programme\AntiVir PersonalEdition Classic\GUARDGUI.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gmx.de/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx
O2 - BHO: Zango Search Assistant Helper /fleok=1D8A83A5C5E315789FA575760EA83FA5EF80752B94E3D6775D7D442E39C4 - {56F1D444-11BF-4879-A12B-79CF0177F038} - c:\programme\zango\zangohook.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.5.0_08\bin\ssv.dll
O2 - BHO: (no name) - {D3B3C51E-8D11-4667-85B9-0930F519BED7} - C:\WINDOWS\system32\byxuvwt.dll
O4 - HKLM\..\Run: [avgnt] "C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [PRONoMgr.exe] C:\Programme\Intel\PROSetWireless\NCS\PROSet\PRONoMgr.exe
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programme\Java\jre1.5.0_08\bin\jusched.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [monitr32] C:\Programme\Telekom\T-Fax\monitr32.exe
O4 - HKLM\..\Run: [fxredir] C:\WINDOWS\system32\fxredir.exe
O4 - HKLM\..\Run: [MPTBox] C:\Programme\Telekom\T-Fax\MPTBox.exe
O4 - HKLM\..\Run: [ixfivgg.dll] C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\ixfivgg.dll,fivplce
O4 - HKLM\..\Run: [ccApp] "C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Norton Ghost 10.0] "C:\Programme\Norton Ghost\Agent\GhostTray.exe"
O4 - HKLM\..\Run: [zango] "c:\programme\zango\zango.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programme\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Programme\Messenger\msmsgs.exe" /background
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_08\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_08\bin\ssv.dll
O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://player.radyotvonline.com/ampx_en_dl.cab
O18 - Protocol: haufereader - {39198710-62F7-42CD-9458-069843FA5D32} - C:\Programme\Haufe\HaufeReader\HRInstmon.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: byxuvwt - C:\WINDOWS\SYSTEM32\byxuvwt.dll
O20 - Winlogon Notify: Sebring - C:\WINDOWS\system32\LgNotify.dll
O20 - Winlogon Notify: winfkm32 - C:\WINDOWS\SYSTEM32\winfkm32.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AntiVir PersonalEdition Classic Planer (AntiVirScheduler) - Avira GmbH - C:\Programme\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - AVIRA GmbH - C:\Programme\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSetMgr.exe
O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\System32\GEARSec.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Programme\Gemeinsame Dateien\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: MpService - Canon Inc - C:\Programme\Telekom\T-Fax\MPSERVIC.EXE
O23 - Service: Norton Ghost - Symantec Corporation - C:\Programme\Norton Ghost\Agent\VProSvc.exe
O23 - Service: RegSrvc - Intel Corporation - C:\WINDOWS\system32\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\WINDOWS\system32\S24EvMon.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\CCPD-LC\symlcsvc.exe

Ümit Yildirim

PS: sorry.. hab nicht daran gedacht, dass sie letzten 3 monate ausreichen... ich versuche die Daten zu minimieren...

PS2: jetzt müssten die angepasst sein...

Zitat

�mit Yildirim - 06-09-29 10:55:22,71 Service Pack 2
ComboFix 06.09.28 - Running from: "C:\Dokumente und Einstellungen\�mit Yildirim\Desktop\setups\Vundo.gen"

(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

C:\WINDOWS\system32\ishost.exe

((((((((((((((((((((((((((((((( Files Created from 2006-08-29 to 2006-09-29 ))))))))))))))))))))))))))))))))))

2006-09-29 09:33 328,704 --a------ C:\WINDOWS\IsUn0407.exe
2006-09-27 12:47 4,608 --a------ C:\WINDOWS\system32\drivers\symlcbrd.sys
2006-09-27 09:05 147,456 --a------ C:\WINDOWS\system32\vbzip10.dll
2006-09-26 17:23 93,696 --a------ C:\WINDOWS\system32\ixfivgg.dll
2006-09-26 17:23 72,704 --a------ C:\WINDOWS\system32\qdjwten.dll
2006-09-26 17:22 40,973 --------- C:\WINDOWS\system32\byxuvwt.dll
2006-09-26 17:22 15,872 --a------ C:\WINDOWS\system32\winfkm32.dll
2006-09-09 09:33 69,632 --a------ C:\WINDOWS\uinst001.exe
2006-09-04 23:37 49,152 --a------ C:\WINDOWS\system32\MPASSMON.DLL
2006-09-04 23:37 20,900 --------- C:\WINDOWS\system32\MpUpMon.dll
2006-09-04 23:36 90,112 --a------ C:\WINDOWS\system32\MpsMgr.dll
2006-09-04 23:36 81,920 --------- C:\WINDOWS\system32\mptrans.dll
2006-09-04 23:36 80,896 --a------ C:\WINDOWS\system32\lffax11n.dll
2006-09-04 23:36 77,824 --a------ C:\WINDOWS\system32\mpuabwsp.dll
2006-09-04 23:36 715,776 --a------ C:\WINDOWS\system32\Ltwvc11n.dll
2006-09-04 23:36 69,632 --a------ C:\WINDOWS\system32\mpuabmsp.dll
2006-09-04 23:36 69,632 --------- C:\WINDOWS\system32\mpsutil.dll
2006-09-04 23:36 65,536 --a------ C:\WINDOWS\system32\FxRedir.exe
2006-09-04 23:36 63,488 --a------ C:\WINDOWS\system32\ltlst11n.dll
2006-09-04 23:36 61,440 --a------ C:\WINDOWS\system32\fxIPC.dll
2006-09-04 23:36 59,392 --a------ C:\WINDOWS\system32\lfwmf11n.dll
2006-09-04 23:36 57,344 --a------ C:\WINDOWS\system32\MpActcmd.dll
2006-09-04 23:36 53,248 --a------ C:\WINDOWS\system32\netos32.dll
2006-09-04 23:36 53,248 --a------ C:\WINDOWS\system32\MpPrint.dll
2006-09-04 23:36 49,152 --a------ C:\WINDOWS\system32\ddsmal32.dll
2006-09-04 23:36 49,152 --------- C:\WINDOWS\system32\MPSRVC.DLL
2006-09-04 23:36 48,408 --------- C:\WINDOWS\system32\drivers\cis1284.sys
2006-09-04 23:36 45,056 --a------ C:\WINDOWS\system32\netsrv32.dll
2006-09-04 23:36 40,960 --a------ C:\WINDOWS\system32\MpRpSys.dll
2006-09-04 23:36 391,680 --a------ C:\WINDOWS\system32\ltkrn11n.dll
2006-09-04 23:36 36,864 --a------ C:\WINDOWS\system32\lfbmp11n.dll
2006-09-04 23:36 317,952 --a------ C:\WINDOWS\system32\UCS32P.DLL
2006-09-04 23:36 273,920 --a------ C:\WINDOWS\system32\LFCMP11n.DLL
2006-09-04 23:36 258,048 --a------ C:\WINDOWS\system32\ddssnd32.dll
2006-09-04 23:36 251,904 --a------ C:\WINDOWS\system32\LTDIS11n.dll
2006-09-04 23:36 217,088 --a------ C:\WINDOWS\system32\mpuabapi.dll
2006-09-04 23:36 208,896 --a------ C:\WINDOWS\system32\MpCseSdk.dll
2006-09-04 23:36 176,128 --a------ C:\WINDOWS\system32\mfdactif.dll
2006-09-04 23:36 176,128 --a------ C:\WINDOWS\system32\adtlws32.dll
2006-09-04 23:36 163,840 --a------ C:\WINDOWS\system32\FxEvent.dll
2006-09-04 23:36 155,648 --a------ C:\WINDOWS\system32\cisjpeg.dll
2006-09-04 23:36 145,920 --a------ C:\WINDOWS\system32\lftif11n.dll
2006-09-04 23:36 135,168 --a------ C:\WINDOWS\system32\mfcprt.dll
2006-09-04 23:36 131,072 --a------ C:\WINDOWS\system32\mp_image.dll
2006-09-04 23:36 126,976 --a------ C:\WINDOWS\system32\mpuabmgr.dll
2006-09-04 23:36 115,712 --a------ C:\WINDOWS\system32\ltfil11n.DLL
2006-09-04 23:36 102,400 --a------ C:\WINDOWS\system32\Mpassif.dll
2006-09-04 23:36 1,122,304 --a------ C:\WINDOWS\system32\MpAdtlws.dll
2006-09-04 23:35 15,104 --a------ C:\WINDOWS\system32\drivers\usbscan.sys
2006-09-04 23:33 135,168 --a------ C:\WINDOWS\system32\MPMASDLL.DLL
2006-09-04 21:11 3,328 --a------ C:\WINDOWS\system32\drivers\qv2kux.sys
2006-09-02 23:14 5,504 --------- C:\WINDOWS\system32\drivers\imagedrv.sys
2006-09-02 23:14 125,184 --------- C:\WINDOWS\system32\drivers\imagesrv.sys
2006-09-02 23:13 476,320 --------- C:\WINDOWS\system32\ImagXpr7.dll
2006-09-02 23:13 471,040 --------- C:\WINDOWS\system32\ImagXRA7.dll
2006-09-02 23:13 262,144 --------- C:\WINDOWS\system32\ImagXR7.dll
2006-09-02 23:13 155,648 --a------ C:\WINDOWS\system32\NeroCheck.exe
2006-09-02 23:13 106,496 --a------ C:\WINDOWS\system32\TwnLib20.dll
2006-09-02 23:13 1,568,768 --------- C:\WINDOWS\system32\ImagX7.dll
2006-08-30 19:59 210,944 --------- C:\WINDOWS\system32\Msvcrt10.dll
2006-08-30 19:59 101,200 --------- C:\WINDOWS\system32\pdfshell.dll
2006-08-30 19:58 306,688 --a------ C:\WINDOWS\IsUninst.exe

(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))

2006-09-29 10:54 -------- d-------- C:\Programme\Zango
2006-09-29 09:42 -------- d-------- C:\Programme\WRS
2006-09-29 09:42 -------- d-------- C:\Programme\Haufe
2006-09-28 13:06 -------- d-------- C:\Programme\CleanUp!
2006-09-27 21:23 -------- d-------- C:\Programme\BearShare
2006-09-27 12:47 -------- d-------- C:\Programme\Norton Ghost
2006-09-27 12:45 -------- d-------- C:\Programme\Gemeinsame Dateien\Symantec Shared
2006-09-27 09:55 -------- d-------- C:\Programme\Internet Explorer
2006-09-27 09:46 -------- d-------- C:\Dokumente und Einstellungen\�mit Yildirim\Anwendungsdaten\Symantec
2006-09-27 09:44 -------- d-------- C:\Programme\OpenOffice.org1.1.5
2006-09-27 09:35 -------- d-------- C:\Programme\Symantec
2006-09-27 09:35 -------- d-------- C:\Programme\Gemeinsame Dateien
2006-09-26 15:28 -------- d-------- C:\Programme\CheckIt
2006-09-20 23:13 -------- d-------- C:\Programme\Gemeinsame Dateien\Nullsoft
2006-09-20 20:26 -------- d-------- C:\Dokumente und Einstellungen\�mit Yildirim\Anwendungsdaten\Adobe
2006-09-19 23:20 -------- d-------- C:\Programme\Adobe
2006-09-19 23:15 -------- d-------- C:\Programme\Gemeinsame Dateien\Adobe
2006-09-19 23:14 -------- d-------- C:\Programme\Gemeinsame Dateien\Adobe Systems Shared
2006-09-15 16:15 -------- d-------- C:\Programme\AntiVir PersonalEdition Classic
2006-09-13 14:38 -------- d---s---- C:\Dokumente und Einstellungen\�mit Yildirim\Anwendungsdaten\Microsoft
2006-09-11 09:40 -------- d-------- C:\Programme\WinZip
2006-09-09 09:35 77 --a------ C:\Dokumente und Einstellungen\�mit Yildirim\Anwendungsdaten\sversion.ini
2006-09-04 23:36 -------- d--h----- C:\Programme\InstallShield Installation Information
2006-09-04 23:36 -------- d-------- C:\Programme\Telekom
2006-09-04 02:07 -------- d-------- C:\Programme\Macromedia
2006-09-04 02:07 -------- d-------- C:\Programme\Gemeinsame Dateien\Macromedia Shared
2006-09-04 02:07 -------- d-------- C:\Dokumente und Einstellungen\�mit Yildirim\Anwendungsdaten\Macromedia
2006-09-03 00:07 -------- d-------- C:\Dokumente und Einstellungen\�mit Yildirim\Anwendungsdaten\dvdcss
2006-09-02 23:14 -------- d-------- C:\Programme\Ahead
2006-09-02 23:13 -------- d-------- C:\Programme\Gemeinsame Dateien\Ahead
2006-08-30 19:58 -------- d-------- C:\Dokumente und Einstellungen\�mit Yildirim\Anwendungsdaten\InterTrust
2006-08-30 19:57 -------- d-------- C:\Programme\WinRAR
2006-08-27 21:15 89872 --a------ C:\WINDOWS\system32\drivers\k750mdm.sys
2006-08-27 21:15 81728 --a------ C:\WINDOWS\system32\drivers\k750mgmt.sys
2006-08-27 21:15 79488 --a------ C:\WINDOWS\system32\drivers\k750obex.sys
2006-08-27 21:15 6576 --a------ C:\WINDOWS\system32\drivers\k750mdfl.sys
2006-08-27 21:15 6144 --a------ C:\WINDOWS\system32\drivers\k750cmnt.sys
2006-08-27 21:15 6144 --a------ C:\WINDOWS\system32\drivers\k750cm.sys
2006-08-27 21:15 5744 --a------ C:\WINDOWS\system32\drivers\k750whnt.sys
2006-08-27 21:15 5744 --a------ C:\WINDOWS\system32\drivers\k750wh.sys
2006-08-27 21:15 55216 --a------ C:\WINDOWS\system32\drivers\k750bus.sys
2006-08-27 15:56 -------- d-------- C:\Dokumente und Einstellungen\�mit Yildirim\Anwendungsdaten\Skype
2006-08-24 01:24 -------- d-------- C:\Dokumente und Einstellungen\�mit Yildirim\Anwendungsdaten\vlc
2006-08-23 23:22 -------- d-------- C:\Programme\VideoLAN
2006-08-21 23:22 -------- d-------- C:\Programme\Gemeinsame Dateien\Macromedia
2006-08-20 17:43 -------- d-------- C:\Programme\mp3DirectCut
2006-08-20 14:54 -------- d-------- C:\Programme\FileZilla
2006-08-19 23:11 -------- d-------- C:\Dokumente und Einstellungen\�mit Yildirim\Anwendungsdaten\AdobeUM
2006-08-19 22:41 -------- d-------- C:\Programme\Gemeinsame Dateien\InstallShield
2006-08-19 22:20 -------- d-------- C:\Programme\Skype
2006-08-19 21:48 -------- d-------- C:\Programme\MSN Messenger
2006-08-19 14:16 -------- d-------- C:\Programme\OfficeUpdate11
2006-08-19 14:13 -------- d-------- C:\Programme\Microsoft Works
2006-08-19 14:13 -------- d-------- C:\Programme\Gemeinsame Dateien\Microsoft Shared
2006-08-19 14:01 -------- d-------- C:\Programme\Microsoft.NET
2006-08-19 13:59 -------- d-------- C:\Programme\Microsoft Visual Studio
2006-08-19 13:59 -------- d-------- C:\Programme\Microsoft Office
2006-08-19 13:59 -------- d-------- C:\Programme\Gemeinsame Dateien\DESIGNER
2006-08-19 13:58 -------- d-------- C:\Programme\Gemeinsame Dateien\System
2006-08-19 13:57 869 --a------ C:\Dokumente und Einstellungen\�mit Yildirim\Anwendungsdaten\AdobeDLM.log
2006-08-19 13:57 0 --a------ C:\Dokumente und Einstellungen\�mit Yildirim\Anwendungsdaten\dm.ini
2006-08-19 13:19 -------- d-------- C:\Dokumente und Einstellungen\�mit Yildirim\Anwendungsdaten\Sun
2006-08-19 12:40 -------- d-------- C:\Programme\Windows Media Player
2006-08-19 12:33 -------- d-------- C:\Programme\Java
2006-08-19 12:30 -------- d-------- C:\Programme\Gemeinsame Dateien\Java
2006-08-19 11:55 -------- d-------- C:\Programme\ATI Technologies
2006-08-19 11:51 870784 --a------ C:\WINDOWS\system32\ati3d1ag.dll
2006-08-19 11:51 86016 --a------ C:\WINDOWS\system32\ati2evxx.dll
2006-08-19 11:51 81920 --a------ C:\WINDOWS\system32\ATIDDC.DLL
2006-08-19 11:51 701440 --a------ C:\WINDOWS\system32\drivers\ati2mtag.sys
2006-08-19 11:51 6189056 --a------ C:\WINDOWS\system32\atioglxx.dll
2006-08-19 11:51 516768 --a------ C:\WINDOWS\system32\ativvaxx.dll
2006-08-19 11:51 397312 --a------ C:\WINDOWS\system32\ati2evxx.exe
2006-08-19 11:51 30720 --a------ C:\WINDOWS\system32\ati2edxx.dll
2006-08-19 11:51 294912 --a------ C:\WINDOWS\system32\atiiiexx.dll
2006-08-19 11:51 28672 --a------ C:\WINDOWS\system32\Ati2mdxx.exe
2006-08-19 11:51 24064 --a------ C:\WINDOWS\system32\ativcoxx.dll
2006-08-19 11:51 229376 --a------ C:\WINDOWS\system32\ati2cqag.dll
2006-08-19 11:51 201728 --a------ C:\WINDOWS\system32\ati2dvag.dll
2006-08-19 11:51 1888992 --a------ C:\WINDOWS\system32\ati3duag.dll
2006-08-19 11:51 17408 --a------ C:\WINDOWS\system32\atitvo32.dll
2006-08-19 11:51 114688 --a------ C:\WINDOWS\system32\atipdlxx.dll
2006-08-19 11:51 1057760 --a------ C:\WINDOWS\system32\ati3d2ag.dll
2006-08-19 11:51 102400 --a------ C:\WINDOWS\system32\Oemdspif.dll
2006-08-19 11:25 62 --ahs---- C:\Dokumente und Einstellungen\�mit Yildirim\Anwendungsdaten\desktop.ini
2006-08-19 11:25 -------- d-------- C:\Programme\Gemeinsame Dateien\SpeechEngines
2006-08-19 11:25 -------- d-------- C:\Programme\Gemeinsame Dateien\ODBC
2006-08-19 11:18 14037 --a------ C:\WINDOWS\system32\drivers\mdc8021x.sys
2006-08-19 11:18 -------- d-------- C:\Programme\Intel
2006-08-19 11:16 -------- d-------- C:\Programme\Realtek Sound Manager
2006-08-19 11:16 -------- d-------- C:\Programme\AvRack
2006-08-19 11:15 65536 --a------ C:\WINDOWS\system32\Audio3D.dll
2006-08-19 11:15 65536 --a------ C:\WINDOWS\system32\a3d.dll
2006-08-19 11:15 65024 --a------ C:\WINDOWS\SOUNDMAN.EXE
2006-08-19 11:15 541548 --a------ C:\WINDOWS\system32\drivers\ALCXWDM.SYS
2006-08-19 11:15 5273088 --a------ C:\WINDOWS\system32\RTLCPL.EXE
2006-08-19 11:15 391424 --a------ C:\WINDOWS\system32\drivers\ALCXSENS.SYS
2006-08-19 11:15 208896 --------- C:\WINDOWS\alcupd.exe
2006-08-19 11:15 155648 --a------ C:\WINDOWS\system32\RTLCPAPI.dll
2006-08-19 11:15 139264 --------- C:\WINDOWS\alcrmv.exe
2006-08-19 10:46 -------- d--h----- C:\Programme\Uninstall Information
2006-08-19 10:46 -------- d-------- C:\Dokumente und Einstellungen\�mit Yildirim\Anwendungsdaten\Identities
2006-08-19 10:40 -------- d-------- C:\Programme\xerox
2006-08-19 10:40 -------- d-------- C:\Programme\microsoft frontpage
2006-08-19 10:39 0 -rahs---- C:\MSDOS.SYS
2006-08-19 10:39 0 -rahs---- C:\IO.SYS
2006-08-19 10:39 0 --a------ C:\CONFIG.SYS
2006-08-19 10:39 0 --a------ C:\AUTOEXEC.BAT
2006-08-19 10:37 -------- d--h----- C:\Programme\WindowsUpdate
2006-08-19 10:37 -------- d-------- C:\Programme\Outlook Express
2006-08-19 10:37 -------- d-------- C:\Programme\Online-Dienste
2006-08-19 10:37 -------- d-------- C:\Programme\NetMeeting
2006-08-19 10:37 -------- d-------- C:\Programme\Gemeinsame Dateien\MSSoap
2006-08-19 10:37 -------- d-------- C:\Programme\Gemeinsame Dateien\Dienste
2006-08-19 10:36 -------- d-------- C:\Programme\Movie Maker
2006-08-19 10:35 -------- d-------- C:\Programme\Windows NT
2006-08-19 10:35 -------- d-------- C:\Programme\Online Services
2006-08-19 10:35 -------- d-------- C:\Programme\MSN Gaming Zone
2006-08-19 10:35 -------- d-------- C:\Programme\Messenger
2006-08-19 10:35 -------- d-------- C:\Programme\ComPlus Applications
2006-08-19 10:34 -------- d-------- C:\Programme\MSN
2006-07-29 19:32 48936 --a------ C:\WINDOWS\system32\sirenacm.dll

(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries are not shown

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\\WINDOWS\\system32\\ctfmon.exe"
"MsnMsgr"="\"C:\\Programme\\MSN Messenger\\MsnMsgr.Exe\" /background"
"MSMSGS"="\"C:\\Programme\\Messenger\\msmsgs.exe\" /background"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="\"C:\\Programme\\AntiVir PersonalEdition Classic\\avgnt.exe\" /min"
"SoundMan"="SOUNDMAN.EXE"
"PRONoMgr.exe"="C:\\Programme\\Intel\\PROSetWireless\\NCS\\PROSet\\PRONoMgr.exe"
"ATIModeChange"="Ati2mdxx.exe"
"ATIPTA"="C:\\Programme\\ATI Technologies\\ATI Control Panel\\atiptaxx.exe"
"SunJavaUpdateSched"="\"C:\\Programme\\Java\\jre1.5.0_08\\bin\\jusched.exe\""
"NeroFilterCheck"="C:\\WINDOWS\\system32\\NeroCheck.exe"
"monitr32"="C:\\Programme\\Telekom\\T-Fax\\monitr32.exe"
"fxredir"="C:\\WINDOWS\\system32\\fxredir.exe"
"MPTBox"="C:\\Programme\\Telekom\\T-Fax\\MPTBox.exe"
"ixfivgg.dll"="C:\\WINDOWS\\system32\\rundll32.exe C:\\WINDOWS\\system32\\ixfivgg.dll,fivplce"
"ccApp"="\"C:\\Programme\\Gemeinsame Dateien\\Symantec Shared\\ccApp.exe\""
"Norton Ghost 10.0"="\"C:\\Programme\\Norton Ghost\\Agent\\GhostTray.exe\""
"zango"="\"c:\\programme\\zango\\zango.exe\""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000005

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="Die derzeitige Homepage"
"Flags"=dword:00000002
"Position"=hex:2c,00,00,00,d0,01,00,00,00,00,00,00,a8,03,00,00,fc,03,00,00,00,\
00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:04,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,74,00,00,00,00,00,00,00,04,05,00,00,fc,03,\
00,00,04,00,00,40
"RestoredStateInfo"=hex:18,00,00,00,74,00,00,00,00,00,00,00,04,05,00,00,fc,03,\
00,00,01,00,00,00

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\\WINDOWS\\system32\\CTFMON.EXE"

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\\WINDOWS\\system32\\CTFMON.EXE"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
"{D3B3C51E-8D11-4667-85B9-0930F519BED7}"=""

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\Run]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\byxuvwt
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\Sebring
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winfkm32

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders
securityproviders REG_SZ msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll

Completion time: 29.09.2006 10:59:47.06
ComboFix.txt

Verzeichnis von C:\WINDOWS\system32

27.09.2006 09:05 147.456 vbzip10.dll
26.09.2006 18:46 2.206 wpa.dbl
26.09.2006 17:23 72.704 qdjwten.dll
26.09.2006 17:23 93.696 ixfivgg.dll
26.09.2006 17:22 40.973 byxuvwt.dll
26.09.2006 17:22 15.872 winfkm32.dll

Verzeichnis von C:\WINDOWS

26.08.2006 23:45 0 hosts

«

Dieser Beitrag wurde am 29.09.2006 um 11:18 Uhr von Blitzboy editiert.

29.09.2006, 13:59

Sabina

Ehrenmitglied

Beiträge: 29434

#2 Avenger
http://virus-protect.org/artikel/tools/avenger.html kopiere rein:

Zitat

registry keys to delete:
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D3B3C51E-8D11-4667-85B9-0930F519BED7}
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\byxuvwt
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winfkm32
HKEY_LOCAL_MACHINE\SOFTWARE\zango
HKEY_CURRENT_USER\SOFTWARE\zango

Files to delete:
C:\WINDOWS\hosts
C:\WINDOWS\system32\qdjwten.dll
C:\WINDOWS\system32\ixfivgg.dll
C:\WINDOWS\system32\byxuvwt.dll
C:\WINDOWS\system32\winfkm32.dll
C:\WINDOWS\Downloaded Program Files\ClientAX.dll
C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Zango\Go to Library.url
C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Zango\Uninstall Zango Instructions.lnk
C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Zango\Zango Customer Support.url

Folders to delete:
C:\Programme\Zango
C:\Programme\BearShare
C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Zango

Klicke die gruene Ampel
das Script wird nun ausgeführt, dann wird der PC automatisch neustarten

**
post das log vom avenger, was erscheint

**
öffne das HijackThis -- Button "scan" -- vor die Malware-Einträge Häkchen setzen -- Button "Fix checked" -- PC neustarten

Zitat

O2 - BHO: Zango Search Assistant Helper /fleok=1D8A83A5C5E315789FA575760EA83FA5EF80752B94E3D6775D7D442E39C4 - {56F1D444-11BF-4879-A12B-79CF0177F038} - c:\programme\zango\zangohook.dll

O2 - BHO: (no name) - {D3B3C51E-8D11-4667-85B9-0930F519BED7} - C:\WINDOWS\system32\byxuvwt.dll

O4 - HKLM\..\Run: [ixfivgg.dll] C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\ixfivgg.dll,fivplce

O4 - HKLM\..\Run: [zango] "c:\programme\zango\zango.exe"

**
Hoster.zip
http://www.funkytoad.com/download/hoster.zip
Press 'Restore Original Hosts' and press 'OK' Exit Program.

**
scanne und poste den scanreport (stelle vorher alles auf "remove"
http://virus-protect.org/counterspy.html
__________
MfG Sabina

rund um die PC-Sicherheit

29.09.2006, 19:06

Blitzboy

Member

Themenstarter

Beiträge: 59

#3 Ich hoffe, dass es das hier ist, was man benötigt.

Spyware Scan Details
Start Date: 29.09.2006 17:44:51
End Date: 29.09.2006 18:16:15
Total Time: 31 mins 24 secs

Detected spyware

BearShare P2P Program more information...
Details: BearShare is a peer-to-peer (P2P) application that allows its users to join together in a network via the Internet and share files from each other's hard drives.
Status: Ignored

Infected files detected
c:\dokumente und einstellungen\all users\startmenü\programme\bearshare.lnk
c:\dokumente und einstellungen\ümit yildirim\desktop\bearshare downloads.lnk
c:\dokumente und einstellungen\ümit yildirim\desktop\bearshare.lnk

Infected registry entries detected
HKEY_CLASSES_ROOT\gnufile
HKEY_CLASSES_ROOT\gnufile\shell\open\command "C:\Programme\BearShare\BearShare.exe" "%1"
HKEY_CLASSES_ROOT\gnufile gnutella
HKEY_CLASSES_ROOT\gnufile BrowserFlags 8
HKEY_CLASSES_ROOT\gnufile EditFlags 65536
HKEY_CLASSES_ROOT\typelib\{905d0df2-3a0a-4d94-853c-54a12a745905}
HKEY_CLASSES_ROOT\typelib\{905d0df2-3a0a-4d94-853c-54a12a745905}\1.0\0\win32 C:\Programme\BearShare\RunMSC.dll
HKEY_CLASSES_ROOT\typelib\{905d0df2-3a0a-4d94-853c-54a12a745905}\1.0\FLAGS 0
HKEY_CLASSES_ROOT\typelib\{905d0df2-3a0a-4d94-853c-54a12a745905}\1.0\HELPDIR C:\Programme\BearShare\
HKEY_CLASSES_ROOT\typelib\{905d0df2-3a0a-4d94-853c-54a12a745905}\1.0 RunMSC 1.0 Type Library
HKEY_CURRENT_USER\appevents\eventlabels\bearsharechatnotifymsg
HKEY_CURRENT_USER\appevents\eventlabels\bearsharechatnotifymsg Chat Message Waiting
HKEY_CURRENT_USER\appevents\schemes\apps\bearshare
HKEY_CURRENT_USER\appevents\schemes\apps\bearshare\BearShareChatNotifyMsg\.Current C:\Programme\BearShare\sounds\notify.wav
HKEY_CURRENT_USER\appevents\schemes\apps\bearshare\BearShareChatNotifyMsg
HKEY_CURRENT_USER\appevents\schemes\apps\bearshare BearShare
HKEY_LOCAL_MACHINE\software\bearshare
HKEY_LOCAL_MACHINE\software\bearshare InstallDir C:\Programme\BearShare
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\bearshare
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\bearshare DisplayName BearShare
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\bearshare UninstallString C:\PROGRA~1\BEARSH~1\UNWISE.EXE C:\PROGRA~1\BEARSH~1\INSTALL.LOG
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\bearshare DisplayVersion 5.2.5.6DE
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\bearshare HelpLink http://bearshare.de/Help/index.htm
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\bearshare Publisher Free Peers, Inc.
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\bearshare URLInfoAbout http://www.freepeers.com
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\bearshare DisplayIcon C:\Programme\BearShare\BearShare.exe,-128
HKEY_USERS\.default\appevents\eventlabels\bearsharechatnotifymsg
HKEY_USERS\.default\appevents\eventlabels\bearsharechatnotifymsg Chat Message Waiting
HKEY_USERS\.default\appevents\schemes\apps\bearshare
HKEY_USERS\.default\appevents\schemes\apps\bearshare\BearShareChatNotifyMsg\.Current C:\Programme\BearShare\sounds\notify.wav
HKEY_USERS\.default\appevents\schemes\apps\bearshare\BearShareChatNotifyMsg
HKEY_USERS\.default\appevents\schemes\apps\bearshare BearShare
HKEY_CLASSES_ROOT\CLSID\{558EC983-BEDB-9168-B2DE-31DBF0EE543E}
HKEY_CLASSES_ROOT\CLSID\{558EC983-BEDB-9168-B2DE-31DBF0EE543E}\RTFClassName WordPerfect6x
HKEY_CLASSES_ROOT\CLSID\{558EC983-BEDB-9168-B2DE-31DBF0EE543E}
HKEY_CLASSES_ROOT\CLSID\{558EC983-BEDB-9168-B2DE-31DBF0EE543E} aanyN TASRngVvQFYw@ACBZPBLw[
HKEY_CLASSES_ROOT\CLSID\{558EC983-BEDB-9168-B2DE-31DBF0EE543E} zjacf eGHixQ~cnKWijnX`SUf
HKEY_CLASSES_ROOT\CLSID\{558EC983-BEDB-9168-B2DE-31DBF0EE543E} iTfBcf SdBSAeBKCdAlUudQAP{GxAa
HKEY_CLASSES_ROOT\CLSID\{558EC983-BEDB-9168-B2DE-31DBF0EE543E} rlcozxtflPokm vOPdt[Kucdn\LCkDQ]Zx
HKEY_CLASSES_ROOT\CLSID\{558EC983-BEDB-9168-B2DE-31DBF0EE543E} hpptplebk oJNncpjDChZuFwHU_vPRfYElZVp
HKEY_CLASSES_ROOT\CLSID\{558EC983-BEDB-9168-B2DE-31DBF0EE543E} vbDZ CjET}FRLpmwl_HVmYmq
HKEY_CLASSES_ROOT\CLSID\{558EC983-BEDB-9168-B2DE-31DBF0EE543E} MmSbqcqgi }bvtc`nfDby~aYdiGc
HKEY_CLASSES_ROOT\CLSID\{558EC983-BEDB-9168-B2DE-31DBF0EE543E} Rebh VvksF~R@hsKSAhzUZCwrinqk^p
HKEY_CLASSES_ROOT\CLSID\{558EC983-BEDB-9168-B2DE-31DBF0EE543E} uagi [JpZvYoJA^YWLEF^u@qKqkQhCuM\
HKEY_CLASSES_ROOT\CLSID\{558EC983-BEDB-9168-B2DE-31DBF0EE543E} xzReaziY Vq@uJ{zSe[m^cUGZ_dFieK|
HKEY_CLASSES_ROOT\CLSID\{558EC983-BEDB-9168-B2DE-31DBF0EE543E} Kykejzf yzHQyo]aK\D@jKfHiTA
HKEY_CLASSES_ROOT\CLSID\{558EC983-BEDB-9168-B2DE-31DBF0EE543E} Ejjgkf S^osskD|ddLLH^{mWjyDc}M^s^pTmyj
HKEY_CLASSES_ROOT\CLSID\{558EC983-BEDB-9168-B2DE-31DBF0EE543E} vibrnvwAnogn DGt_GJbt^NXLXfe\XIx{s{q
HKEY_CLASSES_ROOT\CLSID\{558EC983-BEDB-9168-B2DE-31DBF0EE543E} oUpFRkxz \Uk{ASQVIUL^vPVHizhhbE_WX
HKEY_CLASSES_ROOT\CLSID\{558EC983-BEDB-9168-B2DE-31DBF0EE543E} BViDpuJpvlos TASRngVvQFYw@ACBZP
HKEY_CLASSES_ROOT\CLSID\{558EC983-BEDB-9168-B2DE-31DBF0EE543E} bhjvGpsorY BLw[fbHyxQ~cnKWijnX`SUfSd
HKEY_CLASSES_ROOT\CLSID\{558EC983-BEDB-9168-B2DE-31DBF0EE543E} IudvekNs BSAeBKCdAlUudQAP{GxAavOPdt[K
HKEY_CLASSES_ROOT\CLSID\{558EC983-BEDB-9168-B2DE-31DBF0EE543E} iwhiPh ucdn\LCkDQ]ZxoM~hGwp
HKEY_CLASSES_ROOT\CLSID\{558EC983-BEDB-9168-B2DE-31DBF0EE543E} afHMOi ^xcG[WL_^vYe{~LY[
HKEY_CLASSES_ROOT\CLSID\{558EC983-BEDB-9168-B2DE-31DBF0EE543E} PfpK FatueHErH|p@p^WF
HKEY_CLASSES_ROOT\CLSID\{558EC983-BEDB-9168-B2DE-31DBF0EE543E} tbqcro hlmv}mjDRQsfAWyypmxyBZHvStENouv
HKEY_CLASSES_ROOT\CLSID\{558EC983-BEDB-9168-B2DE-31DBF0EE543E} kaSsncjBajP sNf\h{hYTw|jNwwihYIpS@EH~BA
HKEY_CLASSES_ROOT\CLSID\{558EC983-BEDB-9168-B2DE-31DBF0EE543E} oveamGIvsb ~FzZakF@AG{kQCjBUyUWF
HKEY_CLASSES_ROOT\CLSID\{558EC983-BEDB-9168-B2DE-31DBF0EE543E} jdtmdfidpC UFJ[f\{\VSASHvFp@
HKEY_CLASSES_ROOT\CLSID\{558EC983-BEDB-9168-B2DE-31DBF0EE543E} pyksag urKpemPYxmaK|]w
HKEY_CLASSES_ROOT\CLSID\{558EC983-BEDB-9168-B2DE-31DBF0EE543E} dixvTKdE vLo|icUV_oVGvtDedLLB^{mW
HKEY_CLASSES_ROOT\CLSID\{558EC983-BEDB-9168-B2DE-31DBF0EE543E} UglJ jyNc}M^s^qPDibDGt_
HKEY_CLASSES_ROOT\CLSID\{558EC983-BEDB-9168-B2DE-31DBF0EE543E} ftwbphbUEH GJbt^NXLXfe\XIx{s{q\Uk{A
HKEY_CLASSES_ROOT\CLSID\{558EC983-BEDB-9168-B2DE-31DBF0EE543E} hupvo SQVIUL^tVVXizh`|sq[t
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{5F95E1AF-2620-4f15-BDF9-7FDCE4607E17}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{5F95E1AF-2620-4f15-BDF9-7FDCE4607E17} BearShare
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{5F95E1AF-2620-4f15-BDF9-7FDCE4607E17} Version 5,2,5,6
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{5F95E1AF-2620-4f15-BDF9-7FDCE4607E17} ComponentID BearShare
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{5F95E1AF-2620-4f15-BDF9-7FDCE4607E17} IsInstalled 1
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{5F95E1AF-2620-4f15-BDF9-7FDCE4607E17} Locale DE
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\BearShare
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\BearShare SlowInfoCache
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\BearShare Changed 0

Zango.CommonElements Adware (General) more information...
Details: Zango.CommonElements is a collection of traces that are found in multiple adware programs from 180solutions / Zango.
Status: Deleted

Infected registry entries detected
HKEY_CURRENT_USER\Software\zango
HKEY_CURRENT_USER\Software\zango last_conn_h 29811306
HKEY_CURRENT_USER\Software\zango last_conn_l 1879712672
HKEY_CURRENT_USER\Software\zango we 2
HKEY_CURRENT_USER\Software\zango cdata 01zM8fY4Pjz%2f2eU5ykwF2WKD4i7vOGf68ZAm01xPGNy3gRrwg5yCweqAgVctm%2b%2bHrHyyVbCqMA
28GyUdV7TLQQwPYJNobfxpZwP8D6Iqd%2bLZmgTu%2fw%2fNv9nrsrSnWJeVYYOVwmomfWl5Y
ZRa9aY516%2fRYAPdq4woflQ%2bRS6T2a5tVuk89bGADwPruQ%2f%2fAh2fYeC
HKEY_CURRENT_USER\Software\zango TimeOffset -25258
HKEY_CURRENT_USER\Software\zango geourl_current_version 12
HKEY_CURRENT_USER\Software\zango geourl_last_full_version 12
HKEY_CURRENT_USER\Software\zango actionurl_current_version 589
HKEY_CURRENT_USER\Software\zango actionurl_last_full_version 588
HKEY_CURRENT_USER\Software\zango keyword_current_version 999
HKEY_CURRENT_USER\Software\zango keyword_last_full_version 999
HKEY_CURRENT_USER\Software\zango recent_shown
HKEY_CURRENT_USER\Software\zango key_int_high 29811570
HKEY_CURRENT_USER\Software\zango key_int_low -1185653296
HKEY_CLASSES_ROOT\CLSID\{99410CDE-6F16-42ce-9D49-3807F78F0287}
HKEY_CLASSES_ROOT\CLSID\{99410CDE-6F16-42ce-9D49-3807F78F0287}\InprocServer32 C:\WINDOWS\Downloaded Program Files\ClientAX.dll
HKEY_CLASSES_ROOT\CLSID\{99410CDE-6F16-42ce-9D49-3807F78F0287}\InprocServer32 ThreadingModel Apartment
HKEY_CLASSES_ROOT\CLSID\{99410CDE-6F16-42ce-9D49-3807F78F0287}\MiscStatus\1 132497
HKEY_CLASSES_ROOT\CLSID\{99410CDE-6F16-42ce-9D49-3807F78F0287}\MiscStatus 0
HKEY_CLASSES_ROOT\CLSID\{99410CDE-6F16-42ce-9D49-3807F78F0287}\ProgID ClientAX.ClientInstaller.1
HKEY_CLASSES_ROOT\CLSID\{99410CDE-6F16-42ce-9D49-3807F78F0287}\ToolboxBitmap32 C:\WINDOWS\Downloaded Program Files\ClientAX.dll, 101
HKEY_CLASSES_ROOT\CLSID\{99410CDE-6F16-42ce-9D49-3807F78F0287}\TypeLib {5B6689B5-C2D4-4dc7-BFD1-24AC17E5FCDA}
HKEY_CLASSES_ROOT\CLSID\{99410CDE-6F16-42ce-9D49-3807F78F0287}\Version 1.0
HKEY_CLASSES_ROOT\CLSID\{99410CDE-6F16-42ce-9D49-3807F78F0287}\VersionIndependentProgID ClientAX.ClientInstaller
HKEY_CLASSES_ROOT\CLSID\{99410CDE-6F16-42ce-9D49-3807F78F0287} ClientInstaller Class
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\zango
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\zango DisplayName Zango Search Assistant
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\zango UninstallString c:\programme\zango\zango.exe /uninst_simple_init=y
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\zango DisplayIcon c:\programme\zango\zango.exe,5
HKEY_CLASSES_ROOT\TypeLib\{5B6689B5-C2D4-4DC7-BFD1-24AC17E5FCDA}
HKEY_CLASSES_ROOT\TypeLib\{5B6689B5-C2D4-4DC7-BFD1-24AC17E5FCDA}\1.0\0\win32 C:\WINDOWS\Downloaded Program Files\ClientAX.dll
HKEY_CLASSES_ROOT\TypeLib\{5B6689B5-C2D4-4DC7-BFD1-24AC17E5FCDA}\1.0\FLAGS 0
HKEY_CLASSES_ROOT\TypeLib\{5B6689B5-C2D4-4DC7-BFD1-24AC17E5FCDA}\1.0\HELPDIR C:\WINDOWS\Downloaded Program Files\
HKEY_CLASSES_ROOT\TypeLib\{5B6689B5-C2D4-4DC7-BFD1-24AC17E5FCDA}\1.0 ClientAX 1.0 Type Library
HKEY_CLASSES_ROOT\Interface\{DDEA2E1D-8555-45E5-AF09-EC9AA4EA27AD}
HKEY_CLASSES_ROOT\Interface\{DDEA2E1D-8555-45E5-AF09-EC9AA4EA27AD}\ProxyStubClsid {00020424-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\Interface\{DDEA2E1D-8555-45E5-AF09-EC9AA4EA27AD}\ProxyStubClsid32 {00020424-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\Interface\{DDEA2E1D-8555-45E5-AF09-EC9AA4EA27AD}\TypeLib {5B6689B5-C2D4-4DC7-BFD1-24AC17E5FCDA}
HKEY_CLASSES_ROOT\Interface\{DDEA2E1D-8555-45E5-AF09-EC9AA4EA27AD}\TypeLib Version 1.0
HKEY_CLASSES_ROOT\Interface\{DDEA2E1D-8555-45E5-AF09-EC9AA4EA27AD} IClientInstaller
HKEY_CLASSES_ROOT\CLSID\{0AC49246-419B-4EE0-8917-8818DAAD6A4E}
HKEY_CLASSES_ROOT\CLSID\{0AC49246-419B-4EE0-8917-8818DAAD6A4E}\InprocServer32 C:\WINDOWS\Downloaded Program Files\ClientAX.dll
HKEY_CLASSES_ROOT\CLSID\{0AC49246-419B-4EE0-8917-8818DAAD6A4E}\InprocServer32 ThreadingModel Apartment
HKEY_CLASSES_ROOT\CLSID\{0AC49246-419B-4EE0-8917-8818DAAD6A4E}\MiscStatus\1 132497
HKEY_CLASSES_ROOT\CLSID\{0AC49246-419B-4EE0-8917-8818DAAD6A4E}\MiscStatus 0
HKEY_CLASSES_ROOT\CLSID\{0AC49246-419B-4EE0-8917-8818DAAD6A4E}\ProgID ClientAX.RequiredComponent.1
HKEY_CLASSES_ROOT\CLSID\{0AC49246-419B-4EE0-8917-8818DAAD6A4E}\ToolboxBitmap32 C:\WINDOWS\Downloaded Program Files\ClientAX.dll, 101
HKEY_CLASSES_ROOT\CLSID\{0AC49246-419B-4EE0-8917-8818DAAD6A4E}\TypeLib {5B6689B5-C2D4-4dc7-BFD1-24AC17E5FCDA}
HKEY_CLASSES_ROOT\CLSID\{0AC49246-419B-4EE0-8917-8818DAAD6A4E}\Version 1.0
HKEY_CLASSES_ROOT\CLSID\{0AC49246-419B-4EE0-8917-8818DAAD6A4E}\VersionIndependentProgID ClientAX.RequiredComponent
HKEY_CLASSES_ROOT\CLSID\{0AC49246-419B-4EE0-8917-8818DAAD6A4E} RequiredComponent Class
HKEY_CLASSES_ROOT\Interface\{2B0ECEAC-F597-4858-A542-D966B49055B9}
HKEY_CLASSES_ROOT\Interface\{2B0ECEAC-F597-4858-A542-D966B49055B9}\ProxyStubClsid {00020424-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\Interface\{2B0ECEAC-F597-4858-A542-D966B49055B9}\ProxyStubClsid32 {00020424-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\Interface\{2B0ECEAC-F597-4858-A542-D966B49055B9}\TypeLib {5B6689B5-C2D4-4DC7-BFD1-24AC17E5FCDA}
HKEY_CLASSES_ROOT\Interface\{2B0ECEAC-F597-4858-A542-D966B49055B9}\TypeLib Version 1.0
HKEY_CLASSES_ROOT\Interface\{2B0ECEAC-F597-4858-A542-D966B49055B9} IClientInstaller2
HKEY_CLASSES_ROOT\Interface\{F1F1E775-1B21-454D-8D38-7C16519969E5}
HKEY_CLASSES_ROOT\Interface\{F1F1E775-1B21-454D-8D38-7C16519969E5}\ProxyStubClsid {00020424-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\Interface\{F1F1E775-1B21-454D-8D38-7C16519969E5}\ProxyStubClsid32 {00020424-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\Interface\{F1F1E775-1B21-454D-8D38-7C16519969E5}\TypeLib {5B6689B5-C2D4-4DC7-BFD1-24AC17E5FCDA}
HKEY_CLASSES_ROOT\Interface\{F1F1E775-1B21-454D-8D38-7C16519969E5}\TypeLib Version 1.0
HKEY_CLASSES_ROOT\Interface\{F1F1E775-1B21-454D-8D38-7C16519969E5} IRequiredComponent
HKEY_CLASSES_ROOT\ClientAX.RequiredComponent
HKEY_CLASSES_ROOT\ClientAX.RequiredComponent\CLSID {0AC49246-419B-4EE0-8917-8818DAAD6A4E}
HKEY_CLASSES_ROOT\ClientAX.RequiredComponent\CurVer ClientAX.RequiredComponent.1
HKEY_CLASSES_ROOT\ClientAX.RequiredComponent RequiredComponent Class
HKEY_CLASSES_ROOT\ClientAX.RequiredComponent.1
HKEY_CLASSES_ROOT\ClientAX.RequiredComponent.1\CLSID {0AC49246-419B-4EE0-8917-8818DAAD6A4E}
HKEY_CLASSES_ROOT\ClientAX.RequiredComponent.1 RequiredComponent Class
HKEY_CLASSES_ROOT\ClientAX.ZangoClientAX
HKEY_CLASSES_ROOT\ClientAX.ZangoClientAX\CLSID {51CF80DC-A309-4735-BB11-EF18BF4E3AD9}
HKEY_CLASSES_ROOT\ClientAX.ZangoClientAX\CurVer ClientAX.ZangoClientAX.1
HKEY_CLASSES_ROOT\ClientAX.ZangoClientAX ZangoClientAX Class
HKEY_CLASSES_ROOT\ClientAX.ZangoClientAX.1
HKEY_CLASSES_ROOT\ClientAX.ZangoClientAX.1\CLSID {51CF80DC-A309-4735-BB11-EF18BF4E3AD9}
HKEY_CLASSES_ROOT\ClientAX.ZangoClientAX.1 ZangoClientAX Class
HKEY_CLASSES_ROOT\CLSID\{51CF80DC-A309-4735-BB11-EF18BF4E3AD9}
HKEY_CLASSES_ROOT\CLSID\{51CF80DC-A309-4735-BB11-EF18BF4E3AD9}\InprocServer32 C:\WINDOWS\Downloaded Program Files\ClientAX.dll
HKEY_CLASSES_ROOT\CLSID\{51CF80DC-A309-4735-BB11-EF18BF4E3AD9}\InprocServer32 ThreadingModel Apartment
HKEY_CLASSES_ROOT\CLSID\{51CF80DC-A309-4735-BB11-EF18BF4E3AD9}\MiscStatus\1 132497
HKEY_CLASSES_ROOT\CLSID\{51CF80DC-A309-4735-BB11-EF18BF4E3AD9}\MiscStatus 0
HKEY_CLASSES_ROOT\CLSID\{51CF80DC-A309-4735-BB11-EF18BF4E3AD9}\ProgID ClientAX.ZangoClientAX.1
HKEY_CLASSES_ROOT\CLSID\{51CF80DC-A309-4735-BB11-EF18BF4E3AD9}\ToolboxBitmap32 C:\WINDOWS\Downloaded Program Files\ClientAX.dll, 101
HKEY_CLASSES_ROOT\CLSID\{51CF80DC-A309-4735-BB11-EF18BF4E3AD9}\TypeLib {5B6689B5-C2D4-4dc7-BFD1-24AC17E5FCDA}
HKEY_CLASSES_ROOT\CLSID\{51CF80DC-A309-4735-BB11-EF18BF4E3AD9}\Version 1.0
HKEY_CLASSES_ROOT\CLSID\{51CF80DC-A309-4735-BB11-EF18BF4E3AD9}\VersionIndependentProgID ClientAX.ZangoClientAX
HKEY_CLASSES_ROOT\CLSID\{51CF80DC-A309-4735-BB11-EF18BF4E3AD9} ZangoClientAX Class
HKEY_CLASSES_ROOT\Interface\{6C092742-10FE-4DB2-988D-FC71948DE70C}
HKEY_CLASSES_ROOT\Interface\{6C092742-10FE-4DB2-988D-FC71948DE70C}\ProxyStubClsid {00020424-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\Interface\{6C092742-10FE-4DB2-988D-FC71948DE70C}\ProxyStubClsid32 {00020424-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\Interface\{6C092742-10FE-4DB2-988D-FC71948DE70C}\TypeLib {5B6689B5-C2D4-4DC7-BFD1-24AC17E5FCDA}
HKEY_CLASSES_ROOT\Interface\{6C092742-10FE-4DB2-988D-FC71948DE70C}\TypeLib Version 1.0
HKEY_CLASSES_ROOT\Interface\{6C092742-10FE-4DB2-988D-FC71948DE70C} ISeekmoClientAX
HKEY_CLASSES_ROOT\Interface\{7FA8976F-D00C-4E98-8729-A66569233FB5}
HKEY_CLASSES_ROOT\Interface\{7FA8976F-D00C-4E98-8729-A66569233FB5}\ProxyStubClsid {00020424-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\Interface\{7FA8976F-D00C-4E98-8729-A66569233FB5}\ProxyStubClsid32 {00020424-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\Interface\{7FA8976F-D00C-4E98-8729-A66569233FB5}\TypeLib {5B6689B5-C2D4-4DC7-BFD1-24AC17E5FCDA}
HKEY_CLASSES_ROOT\Interface\{7FA8976F-D00C-4E98-8729-A66569233FB5}\TypeLib Version 1.0
HKEY_CLASSES_ROOT\Interface\{7FA8976F-D00C-4E98-8729-A66569233FB5} IZangoClientAX
HKEY_CLASSES_ROOT\ClientAX.ClientInstaller.1
HKEY_CLASSES_ROOT\ClientAX.ClientInstaller.1\CLSID {99410CDE-6F16-42ce-9D49-3807F78F0287}
HKEY_CLASSES_ROOT\ClientAX.ClientInstaller.1 ClientInstaller Class
HKEY_CLASSES_ROOT\ClientAX.ClientInstaller
HKEY_CLASSES_ROOT\ClientAX.ClientInstaller\CLSID {99410CDE-6F16-42ce-9D49-3807F78F0287}
HKEY_CLASSES_ROOT\ClientAX.ClientInstaller\CurVer ClientAX.ClientInstaller.1
HKEY_CLASSES_ROOT\ClientAX.ClientInstaller ClientInstaller Class
HKEY_CLASSES_ROOT\CLSID\{F31A5D11-BF0B-4A4E-90AF-274F2090AAA6}
HKEY_CLASSES_ROOT\CLSID\{F31A5D11-BF0B-4A4E-90AF-274F2090AAA6}\InprocServer32 C:\WINDOWS\Downloaded Program Files\ClientAX.dll
HKEY_CLASSES_ROOT\CLSID\{F31A5D11-BF0B-4A4E-90AF-274F2090AAA6}\InprocServer32 ThreadingModel Apartment
HKEY_CLASSES_ROOT\CLSID\{F31A5D11-BF0B-4A4E-90AF-274F2090AAA6}\ProgID LMgr180.WMDRMAx.1
HKEY_CLASSES_ROOT\CLSID\{F31A5D11-BF0B-4A4E-90AF-274F2090AAA6}\TypeLib {5B6689B5-C2D4-4dc7-BFD1-24AC17E5FCDA}
HKEY_CLASSES_ROOT\CLSID\{F31A5D11-BF0B-4A4E-90AF-274F2090AAA6}\VersionIndependentProgID LMgr180.WMDRMAx
HKEY_CLASSES_ROOT\CLSID\{F31A5D11-BF0B-4A4E-90AF-274F2090AAA6} WMDRMAx Class
HKEY_CLASSES_ROOT\Interface\{A16650A9-B065-40EC-BBD1-F8D370D17FB1}
HKEY_CLASSES_ROOT\Interface\{A16650A9-B065-40EC-BBD1-F8D370D17FB1}\ProxyStubClsid {00020424-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\Interface\{A16650A9-B065-40EC-BBD1-F8D370D17FB1}\ProxyStubClsid32 {00020424-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\Interface\{A16650A9-B065-40EC-BBD1-F8D370D17FB1}\TypeLib {5B6689B5-C2D4-4DC7-BFD1-24AC17E5FCDA}
HKEY_CLASSES_ROOT\Interface\{A16650A9-B065-40EC-BBD1-F8D370D17FB1}\TypeLib Version 1.0
HKEY_CLASSES_ROOT\Interface\{A16650A9-B065-40EC-BBD1-F8D370D17FB1} ILicenseInstaller
HKEY_CLASSES_ROOT\Interface\{BDDDF1A5-51A9-4F51-B38D-4CD0AD831B31}
HKEY_CLASSES_ROOT\Interface\{BDDDF1A5-51A9-4F51-B38D-4CD0AD831B31}\ProxyStubClsid {00020424-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\Interface\{BDDDF1A5-51A9-4F51-B38D-4CD0AD831B31}\ProxyStubClsid32 {00020424-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\Interface\{BDDDF1A5-51A9-4F51-B38D-4CD0AD831B31}\TypeLib {5B6689B5-C2D4-4DC7-BFD1-24AC17E5FCDA}
HKEY_CLASSES_ROOT\Interface\{BDDDF1A5-51A9-4F51-B38D-4CD0AD831B31}\TypeLib Version 1.0
HKEY_CLASSES_ROOT\Interface\{BDDDF1A5-51A9-4F51-B38D-4CD0AD831B31} IWMDRMAx
HKEY_CLASSES_ROOT\Interface\{E43DFAA6-8C16-4519-B022-8792408505A4}
HKEY_CLASSES_ROOT\Interface\{E43DFAA6-8C16-4519-B022-8792408505A4}\ProxyStubClsid {00020424-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\Interface\{E43DFAA6-8C16-4519-B022-8792408505A4}\ProxyStubClsid32 {00020424-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\Interface\{E43DFAA6-8C16-4519-B022-8792408505A4}\TypeLib {5B6689B5-C2D4-4DC7-BFD1-24AC17E5FCDA}
HKEY_CLASSES_ROOT\Interface\{E43DFAA6-8C16-4519-B022-8792408505A4}\TypeLib Version 1.0
HKEY_CLASSES_ROOT\Interface\{E43DFAA6-8C16-4519-B022-8792408505A4} IInstantiator
HKEY_CLASSES_ROOT\LMgr180.WMDRMAx
HKEY_CLASSES_ROOT\LMgr180.WMDRMAx\CLSID {F31A5D11-BF0B-4A4E-90AF-274F2090AAA6}
HKEY_CLASSES_ROOT\LMgr180.WMDRMAx\CurVer LMgr180.WMDRMAx.1
HKEY_CLASSES_ROOT\LMgr180.WMDRMAx WMDRMAx Class
HKEY_CLASSES_ROOT\LMgr180.WMDRMAx.1
HKEY_CLASSES_ROOT\LMgr180.WMDRMAx.1\CLSID {F31A5D11-BF0B-4A4E-90AF-274F2090AAA6}
HKEY_CLASSES_ROOT\LMgr180.WMDRMAx.1 WMDRMAx Class

WhenU.Save Adware (General) more information...
Details: WhenU.SaveNow is an adware application that displays pop-up advertising on the desktop in response to users' web browsing.
Status: Deleted

Infected registry entries detected
HKEY_CLASSES_ROOT\runmsc.loader.1\clsid
HKEY_CLASSES_ROOT\runmsc.loader.1\clsid {9F95F736-0F62-4214-A4B4-CAA6738D4C07}
HKEY_CLASSES_ROOT\runmsc.loader\clsid
HKEY_CLASSES_ROOT\runmsc.loader\clsid {9F95F736-0F62-4214-A4B4-CAA6738D4C07}
HKEY_CLASSES_ROOT\runmsc.loader\curver
HKEY_CLASSES_ROOT\runmsc.loader\curver RunMSC.Loader.1
HKEY_CLASSES_ROOT\wusn.1
HKEY_CLASSES_ROOT\wusn.1 WUSN_Id
HKEY_CLASSES_ROOT\interface\{c285d18d-43a2-4aef-83fb-bf280e660a97}
HKEY_CLASSES_ROOT\interface\{c285d18d-43a2-4aef-83fb-bf280e660a97}\ProxyStubClsid {00020424-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\interface\{c285d18d-43a2-4aef-83fb-bf280e660a97}\ProxyStubClsid32 {00020424-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\interface\{c285d18d-43a2-4aef-83fb-bf280e660a97}\TypeLib {905D0DF2-3A0A-4D94-853C-54A12A745905}
HKEY_CLASSES_ROOT\interface\{c285d18d-43a2-4aef-83fb-bf280e660a97}\TypeLib Version 1.0
HKEY_CLASSES_ROOT\interface\{c285d18d-43a2-4aef-83fb-bf280e660a97} ILoader
HKEY_CLASSES_ROOT\clsid\{9f95f736-0f62-4214-a4b4-caa6738d4c07}
HKEY_CLASSES_ROOT\clsid\{9f95f736-0f62-4214-a4b4-caa6738d4c07}\InprocServer32 C:\Programme\BearShare\RunMSC.dll
HKEY_CLASSES_ROOT\clsid\{9f95f736-0f62-4214-a4b4-caa6738d4c07}\InprocServer32 ThreadingModel Apartment
HKEY_CLASSES_ROOT\clsid\{9f95f736-0f62-4214-a4b4-caa6738d4c07}\ProgID RunMSC.Loader.1
HKEY_CLASSES_ROOT\clsid\{9f95f736-0f62-4214-a4b4-caa6738d4c07}\TypeLib {905D0DF2-3A0A-4D94-853C-54A12A745905}
HKEY_CLASSES_ROOT\clsid\{9f95f736-0f62-4214-a4b4-caa6738d4c07}\VersionIndependentProgID RunMSC.Loader
HKEY_CLASSES_ROOT\clsid\{9f95f736-0f62-4214-a4b4-caa6738d4c07} Loader Class

eDonkey2000 P2P Program more information...
Details: eDonkey2000 is a peer-to-peer (P2P) application that allows its users to join together in a network via the Internet and share files from each other's hard drives.
Status: Deleted

Infected registry entries detected
HKEY_CLASSES_ROOT\CLSID\{320154BB-D666-48F6-990E-172B32954620}
HKEY_CLASSES_ROOT\CLSID\{320154BB-D666-48F6-990E-172B32954620}\InProcServer32 C:\Programme\eDonkey2000\plugins\ed2kie.dll
HKEY_CLASSES_ROOT\CLSID\{320154BB-D666-48F6-990E-172B32954620}\InProcServer32 ThreadingModel Both
HKEY_CLASSES_ROOT\CLSID\{320154BB-D666-48F6-990E-172B32954620}\ProgID eD2KDownloadManager.object.1
HKEY_CLASSES_ROOT\CLSID\{320154BB-D666-48F6-990E-172B32954620}\TypeLib {379919F2-1612-45B7-B9F4-773F6D5214F5}
HKEY_CLASSES_ROOT\CLSID\{320154BB-D666-48F6-990E-172B32954620}\VersionIndependentProgID eD2KDownloadManager.object
HKEY_CLASSES_ROOT\CLSID\{320154BB-D666-48F6-990E-172B32954620} eD2K downloadManager object

WhenU.WhenUSearch Low Risk Adware more information...
Details: WhenU.WhenUSearch is a desktop search toolbar that displays links to advertised offers in response to users' surfing behavior and opens paid search results when users perform searches through the toolbar's search mechanism.
Status: Deleted

Infected registry entries detected
HKEY_CLASSES_ROOT\WUSN.1
HKEY_CLASSES_ROOT\WUSN.1 WUSN_Id

MyGlobalSearch.Toolbar Potentially Unwanted Program more information...
Details: MyGlobalSearch.Toolbar is an IE plugin with its own Search Field.
Status: Deleted

Infected registry entries detected
HKEY_LOCAL_MACHINE\SOFTWARE\MyGlobalSearch
HKEY_LOCAL_MACHINE\SOFTWARE\MyGlobalSearch\bar pid IK
HKEY_LOCAL_MACHINE\SOFTWARE\MyGlobalSearch\bar Dir C:\Programme\MyGlobalSearch\bar\
HKEY_LOCAL_MACHINE\SOFTWARE\MyGlobalSearch\bar PluginPath C:\Programme\MyGlobalSearch\bar\1.bin\
HKEY_LOCAL_MACHINE\SOFTWARE\MyGlobalSearch\bar CurInstall 1
HKEY_LOCAL_MACHINE\SOFTWARE\MyGlobalSearch\bar sr 16
HKEY_LOCAL_MACHINE\SOFTWARE\MyGlobalSearch\bar pl 7
HKEY_LOCAL_MACHINE\SOFTWARE\MyGlobalSearch\bar Id EC08AAEC-097D-4AE9-80F5-C3D3F20ACC65
HKEY_LOCAL_MACHINE\SOFTWARE\MyGlobalSearch\bar CacheDir C:\Programme\MyGlobalSearch\bar\Cache\
HKEY_LOCAL_MACHINE\SOFTWARE\MyGlobalSearch\bar HistoryDir C:\Programme\MyGlobalSearch\bar\History\
HKEY_LOCAL_MACHINE\SOFTWARE\MyGlobalSearch\bar SettingsDir C:\Programme\MyGlobalSearch\bar\Settings\
HKEY_LOCAL_MACHINE\SOFTWARE\MyGlobalSearch\bar ConfigDateStamp 2006082619
HKEY_LOCAL_MACHINE\SOFTWARE\MyGlobalSearch\bar Flags 530

Trojan.WinlogonHook.Delf.A Trojan more information...
Details: WinlogonHook.Delf.A is a backdoor trojan that gives an attacker the ability to control the infected machine without the user's knowledge.
Status: Quarantined

Infected registry entries detected
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MSSMGR
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MSSMGR Data 259636788
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MSSMGR LSTV
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MSSMGR Brnd 3020
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MSSMGR Rid 188
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MSSMGR LID 46
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MSSMGR SCLIST
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MSSMGR SSLIST
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MSSMGR BSTV
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MSSMGR MSLIST
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MSSMGR BPTV 1
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MSSMGR PSTV
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MSSMGR SSTV

DisableKey Adware (General) more information...
Status: Quarantined

Infected registry entries detected
HKEY_LOCAL_MACHINE\SOFTWARE\AdwareDisableKey3
HKEY_LOCAL_MACHINE\SOFTWARE\AdwareDisableKey3 1747516725

Cookie: Advertising.com Cookie (General) more information...
Details: Cookies are small "data tags" that web sites store on PCs in order to recognize unique visitors. Cookies are used to identify returning visitors who have registered for special services; to measure and analyze visitors' use of web site features; to count
Status: Deleted

Infected cookies detected
c:\dokumente und einstellungen\ümit yildirim\cookies\ümit yildirim@advertising[1].txt

Cookie: ATDMT.com Cookie (General) more information...
Details: Cookies are small "data tags" that web sites store on PCs in order to recognize unique visitors. Cookies are used to identify returning visitors who have registered for special services; to measure and analyze visitors' use of web site features; to count
Status: Deleted

Infected cookies detected
c:\dokumente und einstellungen\ümit yildirim\cookies\ümit yildirim@atdmt[2].txt

Cookie: Bluestreak.com Cookie (General) more information...
Details: Cookies are small "data tags" that web sites store on PCs in order to recognize unique visitors. Cookies are used to identify returning visitors who have registered for special services; to measure and analyze visitors' use of web site features; to count
Status: Deleted

Infected cookies detected
c:\dokumente und einstellungen\ümit yildirim\cookies\ümit yildirim@bluestreak[1].txt

Cookie: e-Surveiller 1.6 Cookies Cookie (General) more information...
Details: Cookies are small "data tags" that web sites store on PCs in order to recognize unique visitors. Cookies are used to identify returning visitors who have registered for special services; to measure and analyze visitors' use of web site features; to count
Status: Deleted

Infected cookies detected
c:\dokumente und einstellungen\ümit yildirim\cookies\ümit yildirim@com[1].txt

Cookie: DoubleClick Cookie (General) more information...
Details: Cookies are small "data tags" that web sites store on PCs in order to recognize unique visitors. Cookies are used to identify returning visitors who have registered for special services; to measure and analyze visitors' use of web site features; to count
Status: Deleted

Infected cookies detected
c:\dokumente und einstellungen\ümit yildirim\cookies\ümit yildirim@doubleclick[1].txt

Cookie: Mediaplex.com Cookie (General) more information...
Details: Cookies are small "data tags" that web sites store on PCs in order to recognize unique visitors. Cookies are used to identify returning visitors who have registered for special services; to measure and analyze visitors' use of web site features; to count
Status: Deleted

Infected cookies detected
c:\dokumente und einstellungen\ümit yildirim\cookies\ümit yildirim@mediaplex[1].txt

Cookie: QuestionMarket.com Cookie (General) more information...
Details: Cookies are small "data tags" that web sites store on PCs in order to recognize unique visitors. Cookies are used to identify returning visitors who have registered for special services; to measure and analyze visitors' use of web site features; to count
Status: Deleted

Infected cookies detected
c:\dokumente und einstellungen\ümit yildirim\cookies\ümit yildirim@questionmarket[2].txt

Cookie: BS.Serving-Sys Cookie (General) more information...
Details: Cookies are small "data tags" that web sites store on PCs in order to recognize unique visitors. Cookies are used to identify returning visitors who have registered for special services; to measure and analyze visitors' use of web site features; to count
Status: Deleted

Infected cookies detected
c:\dokumente und einstellungen\ümit yildirim\cookies\ümit yildirim@serving-sys[1].txt

Danke schon mal voraus.. die Meldungen sind wenigstens weniger geworden..

MfG

Ümit Yildirim

29.09.2006, 23:43

Sabina

Ehrenmitglied

Beiträge: 29434

#4 scanne noch mal, deinstalliere voher : bearshare
und poste den report
__________
MfG Sabina

rund um die PC-Sicherheit

30.09.2006, 00:30

Blitzboy

Member

Themenstarter

Beiträge: 59

#5 Spyware Scan Details
Start Date: 29.09.2006 23:55:28
End Date: 30.09.2006 00:26:07
Total Time: 30 mins 39 secs

Detected spyware

BearShare P2P Program more information...
Details: BearShare is a peer-to-peer (P2P) application that allows its users to join together in a network via the Internet and share files from each other's hard drives.
Status: Deleted

Infected files detected
c:\dokumente und einstellungen\ümit yildirim\desktop\bearshare downloads.lnk

Infected registry entries detected
HKEY_CLASSES_ROOT\gnufile
HKEY_CLASSES_ROOT\gnufile\shell\open\command "C:\Programme\BearShare\BearShare.exe" "%1"
HKEY_CLASSES_ROOT\gnufile gnutella
HKEY_CLASSES_ROOT\gnufile BrowserFlags 8
HKEY_CLASSES_ROOT\gnufile EditFlags 65536
HKEY_CLASSES_ROOT\typelib\{905d0df2-3a0a-4d94-853c-54a12a745905}
HKEY_CLASSES_ROOT\typelib\{905d0df2-3a0a-4d94-853c-54a12a745905}\1.0\0\win32 C:\Programme\BearShare\RunMSC.dll
HKEY_CLASSES_ROOT\typelib\{905d0df2-3a0a-4d94-853c-54a12a745905}\1.0\FLAGS 0
HKEY_CLASSES_ROOT\typelib\{905d0df2-3a0a-4d94-853c-54a12a745905}\1.0\HELPDIR C:\Programme\BearShare\
HKEY_CLASSES_ROOT\typelib\{905d0df2-3a0a-4d94-853c-54a12a745905}\1.0 RunMSC 1.0 Type Library
HKEY_CURRENT_USER\appevents\eventlabels\bearsharechatnotifymsg
HKEY_CURRENT_USER\appevents\eventlabels\bearsharechatnotifymsg Chat Message Waiting
HKEY_CURRENT_USER\appevents\schemes\apps\bearshare
HKEY_CURRENT_USER\appevents\schemes\apps\bearshare\BearShareChatNotifyMsg\.Current C:\Programme\BearShare\sounds\notify.wav
HKEY_CURRENT_USER\appevents\schemes\apps\bearshare\BearShareChatNotifyMsg
HKEY_CURRENT_USER\appevents\schemes\apps\bearshare BearShare
HKEY_LOCAL_MACHINE\software\bearshare
HKEY_LOCAL_MACHINE\software\bearshare InstallDir C:\Programme\BearShare
HKEY_USERS\.default\appevents\eventlabels\bearsharechatnotifymsg
HKEY_USERS\.default\appevents\eventlabels\bearsharechatnotifymsg Chat Message Waiting
HKEY_USERS\.default\appevents\schemes\apps\bearshare
HKEY_USERS\.default\appevents\schemes\apps\bearshare\BearShareChatNotifyMsg\.Current C:\Programme\BearShare\sounds\notify.wav
HKEY_USERS\.default\appevents\schemes\apps\bearshare\BearShareChatNotifyMsg
HKEY_USERS\.default\appevents\schemes\apps\bearshare BearShare
HKEY_CLASSES_ROOT\CLSID\{558EC983-BEDB-9168-B2DE-31DBF0EE543E}
HKEY_CLASSES_ROOT\CLSID\{558EC983-BEDB-9168-B2DE-31DBF0EE543E}\RTFClassName WordPerfect6x
HKEY_CLASSES_ROOT\CLSID\{558EC983-BEDB-9168-B2DE-31DBF0EE543E}
HKEY_CLASSES_ROOT\CLSID\{558EC983-BEDB-9168-B2DE-31DBF0EE543E} aanyN TASRngVvQFYw@ACBZPBLw[
HKEY_CLASSES_ROOT\CLSID\{558EC983-BEDB-9168-B2DE-31DBF0EE543E} zjacf eGHixQ~cnKWijnX`SUf
HKEY_CLASSES_ROOT\CLSID\{558EC983-BEDB-9168-B2DE-31DBF0EE543E} iTfBcf SdBSAeBKCdAlUudQAP{GxAa
HKEY_CLASSES_ROOT\CLSID\{558EC983-BEDB-9168-B2DE-31DBF0EE543E} rlcozxtflPokm vOPdt[Kucdn\LCkDQ]Zx
HKEY_CLASSES_ROOT\CLSID\{558EC983-BEDB-9168-B2DE-31DBF0EE543E} hpptplebk oJNncpjDChZuFwHU_vPRfYElZVp
HKEY_CLASSES_ROOT\CLSID\{558EC983-BEDB-9168-B2DE-31DBF0EE543E} vbDZ CjET}FRLpmwl_HVmYmq
HKEY_CLASSES_ROOT\CLSID\{558EC983-BEDB-9168-B2DE-31DBF0EE543E} MmSbqcqgi }bvtc`nfDby~aYdiGc
HKEY_CLASSES_ROOT\CLSID\{558EC983-BEDB-9168-B2DE-31DBF0EE543E} Rebh VvksF~R@hsKSAhzUZCwrinqk^p
HKEY_CLASSES_ROOT\CLSID\{558EC983-BEDB-9168-B2DE-31DBF0EE543E} uagi [JpZvYoJA^YWLEF^u@qKqkQhCuM\
HKEY_CLASSES_ROOT\CLSID\{558EC983-BEDB-9168-B2DE-31DBF0EE543E} xzReaziY Vq@uJ{zSe[m^cUGZ_dFieK|
HKEY_CLASSES_ROOT\CLSID\{558EC983-BEDB-9168-B2DE-31DBF0EE543E} Kykejzf yzHQyo]aK\D@jKfHiTA
HKEY_CLASSES_ROOT\CLSID\{558EC983-BEDB-9168-B2DE-31DBF0EE543E} Ejjgkf S^osskD|ddLLH^{mWjyDc}M^s^pTmyj
HKEY_CLASSES_ROOT\CLSID\{558EC983-BEDB-9168-B2DE-31DBF0EE543E} vibrnvwAnogn DGt_GJbt^NXLXfe\XIx{s{q
HKEY_CLASSES_ROOT\CLSID\{558EC983-BEDB-9168-B2DE-31DBF0EE543E} oUpFRkxz \Uk{ASQVIUL^vPVHizhhbE_WX
HKEY_CLASSES_ROOT\CLSID\{558EC983-BEDB-9168-B2DE-31DBF0EE543E} BViDpuJpvlos TASRngVvQFYw@ACBZP
HKEY_CLASSES_ROOT\CLSID\{558EC983-BEDB-9168-B2DE-31DBF0EE543E} bhjvGpsorY BLw[fbHyxQ~cnKWijnX`SUfSd
HKEY_CLASSES_ROOT\CLSID\{558EC983-BEDB-9168-B2DE-31DBF0EE543E} IudvekNs BSAeBKCdAlUudQAP{GxAavOPdt[K
HKEY_CLASSES_ROOT\CLSID\{558EC983-BEDB-9168-B2DE-31DBF0EE543E} iwhiPh ucdn\LCkDQ]ZxoM~hGwp
HKEY_CLASSES_ROOT\CLSID\{558EC983-BEDB-9168-B2DE-31DBF0EE543E} afHMOi ^xcG[WL_^vYe{~LY[
HKEY_CLASSES_ROOT\CLSID\{558EC983-BEDB-9168-B2DE-31DBF0EE543E} PfpK FatueHErH|p@p^WF
HKEY_CLASSES_ROOT\CLSID\{558EC983-BEDB-9168-B2DE-31DBF0EE543E} tbqcro hlmv}mjDRQsfAWyypmxyBZHvStENouv
HKEY_CLASSES_ROOT\CLSID\{558EC983-BEDB-9168-B2DE-31DBF0EE543E} kaSsncjBajP sNf\h{hYTw|jNwwihYIpS@EH~BA
HKEY_CLASSES_ROOT\CLSID\{558EC983-BEDB-9168-B2DE-31DBF0EE543E} oveamGIvsb ~FzZakF@AG{kQCjBUyUWF
HKEY_CLASSES_ROOT\CLSID\{558EC983-BEDB-9168-B2DE-31DBF0EE543E} jdtmdfidpC UFJ[f\{\VSASHvFp@
HKEY_CLASSES_ROOT\CLSID\{558EC983-BEDB-9168-B2DE-31DBF0EE543E} pyksag urKpemPYxmaK|]w
HKEY_CLASSES_ROOT\CLSID\{558EC983-BEDB-9168-B2DE-31DBF0EE543E} dixvTKdE vLo|icUV_oVGvtDedLLB^{mW
HKEY_CLASSES_ROOT\CLSID\{558EC983-BEDB-9168-B2DE-31DBF0EE543E} UglJ jyNc}M^s^qPDibDGt_
HKEY_CLASSES_ROOT\CLSID\{558EC983-BEDB-9168-B2DE-31DBF0EE543E} ftwbphbUEH GJbt^NXLXfe\XIx{s{q\Uk{A
HKEY_CLASSES_ROOT\CLSID\{558EC983-BEDB-9168-B2DE-31DBF0EE543E} hupvo SQVIUL^tVVXizh`|sq[t
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{5F95E1AF-2620-4f15-BDF9-7FDCE4607E17}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{5F95E1AF-2620-4f15-BDF9-7FDCE4607E17} BearShare
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{5F95E1AF-2620-4f15-BDF9-7FDCE4607E17} Version 5,2,5,6
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{5F95E1AF-2620-4f15-BDF9-7FDCE4607E17} ComponentID BearShare
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{5F95E1AF-2620-4f15-BDF9-7FDCE4607E17} IsInstalled 1
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{5F95E1AF-2620-4f15-BDF9-7FDCE4607E17} Locale DE

Cookie: Advertising.com Cookie (General) more information...
Details: Cookies are small "data tags" that web sites store on PCs in order to recognize unique visitors. Cookies are used to identify returning visitors who have registered for special services; to measure and analyze visitors' use of web site features; to count
Status: Deleted

Infected cookies detected
c:\dokumente und einstellungen\ümit yildirim\cookies\ümit yildirim@advertising[2].txt

Cookie: ATDMT.com Cookie (General) more information...
Details: Cookies are small "data tags" that web sites store on PCs in order to recognize unique visitors. Cookies are used to identify returning visitors who have registered for special services; to measure and analyze visitors' use of web site features; to count
Status: Deleted

Infected cookies detected
c:\dokumente und einstellungen\ümit yildirim\cookies\ümit yildirim@atdmt[2].txt

Cookie: Bluestreak.com Cookie (General) more information...
Details: Cookies are small "data tags" that web sites store on PCs in order to recognize unique visitors. Cookies are used to identify returning visitors who have registered for special services; to measure and analyze visitors' use of web site features; to count
Status: Deleted

Infected cookies detected
c:\dokumente und einstellungen\ümit yildirim\cookies\ümit yildirim@bluestreak[1].txt

Cookie: DoubleClick Cookie (General) more information...
Details: Cookies are small "data tags" that web sites store on PCs in order to recognize unique visitors. Cookies are used to identify returning visitors who have registered for special services; to measure and analyze visitors' use of web site features; to count
Status: Deleted

Infected cookies detected
c:\dokumente und einstellungen\ümit yildirim\cookies\ümit yildirim@doubleclick[1].txt

Cookie: IndexTools.com Cookie (General) more information...
Details: Cookies are small "data tags" that web sites store on PCs in order to recognize unique visitors. Cookies are used to identify returning visitors who have registered for special services; to measure and analyze visitors' use of web site features; to count
Status: Deleted

Infected cookies detected
c:\dokumente und einstellungen\ümit yildirim\cookies\ümit yildirim@indextools[2].txt

Cookie: Weborama Cookie (General) more information...
Details: Cookies are small "data tags" that web sites store on PCs in order to recognize unique visitors. Cookies are used to identify returning visitors who have registered for special services; to measure and analyze visitors' use of web site features; to count
Status: Deleted

Infected cookies detected
c:\dokumente und einstellungen\ümit yildirim\cookies\ümit yildirim@weborama[2].txt

30.09.2006, 00:47

Sabina

Ehrenmitglied

Beiträge: 29434

#6 nun muesste wieder alles in Ordnung sein...oder ?
du kannst noch onlinescans machen:
http://virus-protect.org/onlinescan.html
__________
MfG Sabina

rund um die PC-Sicherheit

30.09.2006, 01:30

Blitzboy

Member

Themenstarter

Beiträge: 59

#7 Hallo Sabina...

wie viele andere auch, bin ich dir sehr dankbar... das letzte Mal habe ich einfach mein System neu installiert.. diesmal gings auch ohne und hast mir somit sehr viel Arbeit gesparrt. Danke nochmals...

ich mach gerade einen letzten CounterSpy-check.. dann melde ich mich hier nochmals...

Danke!!!!

MfG

Ümit Yildirim

PS: Also.. es waren nur noch 5 Cockies, die harmlos waren... Danke dir...

Dieser Beitrag wurde am 30.09.2006 um 01:51 Uhr von Blitzboy editiert.

20.03.2007, 19:24

Blitzboy

Member

Themenstarter

Beiträge: 59

#8 Hallo Sabina,

ich kann kein HijackThis log speichern. Woran könnte das liegen.

Danke!!!!

21.03.2007, 15:53

Sabina

Ehrenmitglied

Beiträge: 29434

#9 versuche es mit Trend Micro HijackThis 2.00 beta
http://virus-protect.org/hjtkurz.html
__________
MfG Sabina

rund um die PC-Sicherheit

Um auf dieses Thema zu ANTWORTEN
bitte erst » hier kostenlos registrieren!!

Folgende Themen könnten Dich auch interessieren:

Seite(n): 1