Adware.BookedSpace , bookedspace.dll

startseite Gastbuch Kontakt
BookedSpace
BookedSpace

BookedSpace, ruqceues.dll, Isijxkwk.dll, bookedspace.dll





Adware BookedSpace

direct32.dll , Runner.dll , bxxs5.dll
C:\Programme\FCAdvice
C:\Programme\E2G
C:\Programme\DNS\Catcher.dll
C:\Programme\AXVenore
C:\Programme\PECarlin
C:\Programme\SDVita


HijackThis

R3 - URLSearchHook: (no name) - {41333A41-8CF2-A321-D5CF-6C5A92EA5D2B} - C:\WINDOWS\ruqceues.dll
O2 - BHO: (no name) - {1A235E40-DEE6-83B5-1F9A-E9AF251DEEA7} - C:\WINDOWS\ruqceues.dll


Datfindbat

C:\WINDOWS

20.05.2006 18:17 541.807 ruqceues.dll
20.05.2006 18:17 148 ruqceues.ini
20.05.2006 18:17 148 Isijxkwk.ini
20.05.2006 18:08 458.752 Isijxkwk.dll

löschen:
C:\WINDOWS\ruqceues.dll
C:\WINDOWS\ruqceues.ini
C:\DOKUME~1\Username\LOKALE~1\Temp\A~NSISu_.exe
C:\WINDOWS\Isijxkwk.dll
C:\WINDOWS\Isijxkwk.ini

Ewido

C:\WINDOWS\Isijxkwk.dll -> Adware.BookedSpace


HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\bookedspace
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\bsx3
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\bxss5
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\bxsx5

HKEY_CLASSES_ROOT\AppID\{0DC5CD7C-F653-4417-AA43-D457BE3A9622}
HKEY_CLASSES_ROOT\AppID\{0DC5CD7C-F603-4417-AA43-D457BE3A9622}
HKEY_CLASSES_ROOT\AppID\{C3C54527-7B65-4EE9-9FE3-9BC61E9B9880}
HKEY_CLASSES_ROOT\AppID\{5CD19420-B328-47D5-A55F-1C07638EFDF8}
HKEY_CLASSES_ROOT\AppID\BookedSpace.DLL
HKEY_CLASSES_ROOT\AppID\Remanent.DLL
HKEY_CLASSES_ROOT\BookedSpace.Extension.5
HKEY_CLASSES_ROOT\BookedSpace.Extension.3
HKEY_CLASSES_ROOT\BookedSpace.Extension
HKEY_CLASSES_ROOT\Remanent.Helper
HKEY_CLASSES_ROOT\Remanent.Helper.1
HKEY_CLASSES_ROOT\CLSID\{0019C3E2-DD48-4A6D-ABCD-8D32436323D9}
HKEY_CLASSES_ROOT\CLSID\{2B3452C5-1B9A-440F-A203-F6ED0F64C895}
HKEY_CLASSES_ROOT\CLSID\{A85C4A1B-BD36-44E5-A70F-8EC347D9B24F}
HKEY_CLASSES_ROOT\TypeLib\{0DC5CD7C-F653-4417-AA43-D457BE3A9622}
HKEY_CLASSES_ROOT\TypeLib\{C3C54527-7B65-4EE9-9FE3-9BC61E9B9880}
HKEY_CLASSES_ROOT\TypeLib\{5CD19420-B328-47D5-A55F-1C07638EFDF8}
HKEY_CLASSES_ROOT\Interface\{05080E6B-A88A-4CFD-8C3D-982557670B6E}
HKEY_CLASSES_ROOT\Interface\{AE640486-0E29-4F7E-BF38-9CBE7140AEFB}
HKEY_CLASSES_ROOT\Interface\{56EBFFE6-9557-46C2-A322-DB1DF5CAF199}
HKEY_LOCAL_MACHINE\SOFTWARE\Bookedspace
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A85C4A1B-BD36-44E5-A70F-8EC347D9B24F}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2B3452C5-1B9A-440F-A203-F6ED0F64C895}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0019C3E2-DD48-4A6D-ABCD-8D32436323D9}


Adware:adware/bookedspace No disinfected C:\WINDOWS\TEMP\bs590D3.TMPbsx32
Adware:Adware/BookedSpace No disinfected C:\WINDOWS\stmmjobs.exe


spysweeper

6:59 PM: Found Adware: bookedspace
6:59 PM: HKCR\scaggy.insert\ (5 subtraces) (ID = 1347432)
6:59 PM: HKCR\scaggy.insert.1\ (3 subtraces) (ID = 1347438)
6:59 PM: HKCR\appid\scaggy.dll\ (1 subtraces) (ID = 1347442)
6:59 PM: HKCR\appid\{90a52f08-64ac-4dc6-9d7d-451667029898}\ (1 subtraces) (ID = 1347444)
6:59 PM: HKCR\typelib\{90a52f08-64ac-4dc6-9d7d-451667029898}\ (9 subtraces) (ID = 1347459)
6:59 PM: HKLM\software\zabstract\ (29 subtraces) (ID = 1347479)
6:59 PM: HKLM\software\classes\scaggy.insert\ (5 subtraces) (ID = 1347502)
6:59 PM: HKLM\software\classes\scaggy.insert.1\ (3 subtraces) (ID = 1347508)
6:59 PM: HKLM\software\classes\appid\scaggy.dll\ (1 subtraces) (ID = 1347512)
6:59 PM: HKLM\software\classes\appid\{90a52f08-64ac-4dc6-9d7d-451667029898}\ (1 subtraces) (ID = 1347514)
6:59 PM: HKLM\software\classes\typelib\{90a52f08-64ac-4dc6-9d7d-451667029898}\ (9 subtraces) (ID = 1347529)


O2 - BHO: (no name) - {0BC26DB8-37A7-40EF-ECED-8829FE796A05} - C:\WINDOWS\kordvzvo.dll

Ewido

C:\WINDOWS\jppvheyu.dll -> Adware.BookedSpace : Cleaned with backup
C:\WINDOWS\mdvnujxh.exe -> Adware.BookedSpace : Cleaned with backup
C:\WINDOWS\bxxs5.dll_tobedeleted -> Adware.BookedSpace : Cleaned with backup

C:\Documents and Settings\Me\Desktop\War on spyware\requested-files[2006-05-10_01_19].cab/C:\WINDOWS\kordvzvo.dll -> Adware.BookedSpace : Error during cleaning

C:\Documents and Settings\Me\Desktop\War on spyware\requested-files[2006-05-10_01_19].cab/C:/WINDOWS/kordvzvo.dll Infected: not-a-virus:AdWare.Win32.BookedSpace.g


anderer PC

HijackThis

R3 - URLSearchHook: (no name) - {04585545-BCB8-58AA-7DF0-3B713D59C4A5} - C:\WINDOWS\ofooihgt.dll
O2 - BHO: CExtension Object - {0019C3E2-DD48-4A6D-ABCD-8D32436323D9} - C:\WINDOWS\bxxs5.dll
O2 - BHO: (no name) - {120C5740-7408-2EF9-022A-F876FC27E10A} - C:\WINDOWS\ofooihgt.dll
O2 - BHO: CControl Object - {3643ABC2-21BF-46B9-B230-F247DB0C6FD6} - C:\Programme\E2G\IeBHOs.dll (file missing)
O3 - Toolbar: UCmore XP - The Search Accelerator - {44BE0690-5429-47f0-85BB-3FFD8020233E} - C:\Programme\TheSearchAccelerator\UCMTSAIE.dll
O4 - HKLM\..\Run: [bxxs5] RunDLL32.EXE C:\WINDOWS\bxxs5.dll,DllRun -> Adware.Bookedspace
O4 - HKLM\..\Run: [IpWins] C:\Programme\ipwins\ipwins.exe -> ClickSpring/PurityScan
O4 - HKCU\..\Run: [ctldup] C:\WINDOWS\system32\ctldup.exe
O4 - HKCU\..\RunOnce: [ctldup] C:\WINDOWS\system32\ctldup.exe
O18 - Filter: text/html - {994D478A-45D0-4DB4-AE77-288B1E346E99} - C:\Programme\FCAdvice\FCAdvice.dll -> Adware-FCHelp
O20 - AppInit_DLLs: direct32.dll,Runner.dll -> Adware-FCHelp

datfindbat

Verzeichnis von C:\WINDOWS\system32

26.05.2006 10:17 77.312 clidin.exe
25.05.2006 12:34 53.248 direct32.dll
25.05.2006 09:23 164 key.~
25.05.2006 09:23 53.248 __delete_on_reboot__direct32.dll
25.05.2006 09:23 2.120 data.~
15.02.2006 20:07 61.440 Runner.dll

E2Give Adware
d:\WINDOWS\system32\key.~
d:\WINDOWS\system32\log.~
d:\WINDOWS\system32\data.~

Verzeichnis von C:\DOKUME~1\Besitzer\LOKALE~1\Temp 
26.05.2006 11:33 4.608 nein.exe 
25.05.2006 09:23 20.480 stub_ventjj.exe 
23.05.2006 08:10 418.445 Mendoza1.exe
23.05.2006 08:10 174.667 minisetup1.exe
23.05.2006 08:10 25.088 tpaloader2.exe 
23.05.2006 14:33 2.165 browserview-e2fe58.htm
23.05.2006 08:10 59 id.id
23.05.2006 08:10 148.106 mc051706.exe
23.05.2006 08:10 418.445 Mendoza1.exe
23.05.2006 08:10 174.667 minisetup1.exe
23.05.2006 08:10 25.088 tpaloader2.exe 
19.05.2006 21:40 213.658 bs5-ventee.exe
19.05.2006 21:39 165.834 axsetup1.exe 

Verzeichnis von C:\WINDOWS 

26.05.2006 19:42 690 bsx32.ini
26.05.2006 19:38 149 ofooihgt.ini
25.05.2006 09:23 1.635 cfg32.exe 
21.05.2006 09:12 148 cxcdugyv.ini
20.05.2006 22:37 581.982 cxcdugyv.dll
20.05.2006 22:24 90.112 libbz2.dll


Killbox

C:\WINDOWS\system32\clidin.exe
C:\DOKUME~1\Username\LOKALE~1\Temp\nein.exe
C:\DOKUME~1\Username\LOKALE~1\stub_ventjj.exe
C:\DOKUME~1\Username\LOKALE~1\id.id
C:\DOKUME~1\Username\LOKALE~1\bs57.tmp
C:\DOKUME~1\Username\LOKALE~1\mc051706.exe
C:\DOKUME~1\Username\LOKALE~1\Mendoza1.exe
C:\DOKUME~1\Username\LOKALE~1\minisetup1.exe
C:\DOKUME~1\Username\LOKALE~1\tpaloader2.exe
C:\DOKUME~1\Username\LOKALE~1\bs5-ventee.exe
C:\DOKUME~1\Username\LOKALE~1\axsetup1.exe
C:\DOKUME~1\Username\LOKALE~1\browserview-e2fe00.htm
C:\DOKUME~1\Username\LOKALE~1\browserview-e2fc20.htm
C:\WINDOWS\system32\key.~
C:\WINDOWS\system32\__delete_on_reboot__direct32.dll
C:\WINDOWS\system32\data.~
C:\WINDOWS\system32\direct32.dll
C:\WINDOWS\system32\ctldup.exe

C:\Programme\ipwins\ipwins.exe

C:\Programme\FCAdvice\FCAdvice.dll
C:\Programme\FCAdvice\patterns.dat
C:\Programme\FCAdvice\uninstall.exe
C:\Programme\FCAdvice\fcadvice.exe

C:\WINDOWS\system32\Runner.dll
C:\WINDOWS\bxxs5.dll
C:\WINDOWS\bsx32.ini
C:\WINDOWS\ofooihgt.ini
C:\WINDOWS\ofooihgt.dll
C:\WINDOWS\cfg32.exe
C:\WINDOWS\cxcdugyv.ini
C:\WINDOWS\cxcdugyv.dll
C:\WINDOWS\libbz2.dll

lösche: ..deinstalliere

C:\Programme\E2G
C:\Programme\TheSearchAccelerator
C:\Programme\ipwins
C:\Programme\FCAdvice

lösche alle temporären Dateien mit CleanUp - PC neustarten
http://virus-protect.org/cleanup.html


Counterspy
http://virus-protect.org/counterspy1.html


Adware-FCHelp

C:\Programme\FCAdvice\FCAdvice.dll
C:\Programme\FCAdvice\patterns.dat
C:\Programme\FCAdvice\uninstall.exe
C:\Programme\FCAdvice\fcadvice.exe
C:\WINDOWS\system32\Runner.dll
-----------------------------------------------------
* Installer: usetup.exe (230 KB)
* %SystemDir%\runner.dll (60 KB)
* %ProgramFiles%\fcadvice\uninstall.exe (32 KB)
* %ProgramFiles%\fcadvice\patterns.dat (size and MD5 may vary)
* %ProgramFiles%\fcadvice\fcadvice.exe (268 KB)
* %ProgramFiles%\fcadvice\fcadvice.dll (92 KB)

Registry

* HKEY_CURRENT_USER\Software\FCHelp
* HKEY_CURRENT_USER\Software\FCAdvice
* HKEY_CLASSES_ROOT\TypeLib\{1B8B502E-455B-4022-BE77-FB6D9F808A18}
* HKEY_CLASSES_ROOT\PROTOCOLS\Filter\text/html/"CLSID"="{994D478A-45D0-4DB4-AE77-288B1E346E99}"
* HKEY_CLASSES_ROOT\PROTOCOLS\Filter\text/html/"(default)"="FCEngine.MimeFilter"
* HKEY_CLASSES_ROOT\CLSID\{994D478A-45D0-4DB4-AE77-288B1E346E99}
* HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows
"AppInit_DLLs"="Runner.dll"


[-HKEY_CURRENT_USER\Software\FCAdvice]
[-HKEY_CLASSES_ROOT\CLSID\{994D478A-45D0-4DB4-AE77-288B1E346E99}]
[-HKEY_CLASSES_ROOT\TypeLib\{1B8B502E-455B-4022-BE77-FB6D9F808A18}]


direct32.dll

HKCR\CLSID\{BC687D94-3EA9-47F9-9C24-12F0B59DD9DC}
(default)
"Office.MyDLL.1"

http://www.sophos.com/virusinfo/analyses/trojpwdoora.html


E2Give Adware

O2 - BHO: CControl Object - {3643ABC2-21BF-46B9-B230-F247DB0C6FD6} - C:\Programme\E2G\IeBHOs.dll

c:\programme\e2g\data19

C:\Dokumente und Einstellungen\Besitzer\Lokale Einstellungen\Temp\~DF5DDE.tmp
C:\Dokumente und Einstellungen\Besitzer\Lokale Einstellungen\Temp\~DF643D.tmp
C:\Dokumente und Einstellungen\Besitzer\Lokale Einstellungen\Temp\~DF64C8.tmp


[-HKEY_LOCAL_MACHINE\software\e2g]
[-HKEY_CLASSES_ROOT\appid\{3b99f202-145a-4e5a-ac7b-88a36910bf5e}]
[-HKEY_CLASSES_ROOT\appid\iebhos.dll]
[-HKEY_CLASSES_ROOT\iebhos.control.1]
[-HKEY_CLASSES_ROOT\iebhos.control]
[-HKEY_CLASSES_ROOT\typelib\{3b99f202-145a-4e5a-ac7b-88a36910bf5e}]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{3643abc2-21bf-46b9-b230-f247db0c6fd6}]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\e2g plugin]
[-HKEY_CLASSES_ROOT\clsid\{3643abc2-21bf-46b9-b230-f247db0c6fd6}]
[-HKEY_CLASSES_ROOT\AppID\IeBHOs.DLL AppID {3B99F202-145A-4E5A-AC7B-88A36910BF5E}]
[-HKEY_CLASSES_ROOT\TypeLib\{3B99F202-145A-4E5A-AC7B-88A36910BF5E}]


BookedSpace Browser Plug-in

c:\windows\bsx32\asi2.bsx
c:\windows\bsx32\asi5aff.bsx
c:\windows\bsx32\asissre.bsx
c:\windows\bsx32\eech1.bsx
c:\windows\bsx32\mygeek.bsx
c:\windows\bsx32\spz4.bsx
C:\Dokumente und Einstellungen\Besitzer\Lokale Einstellungen\Temp\bs5-ventee.exe


[-HKEY_CLASSES_ROOT\appid\bookedspace.dll]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Bookedspace\adware]
[-HKEY_CLASSES_ROOT\AppID\{0DC5CD7C-F653-4417-AA43-D457BE3A9622}]
[-HKEY_CLASSES_ROOT\interface\{05080e6b-a88a-4cfd-8c3d-9b2557670b6e}]
[-HKEY_CLASSES_ROOT\typelib\{0dc5cd7c-f653-4417-aa43-d457be3a9622}]
[-HKEY_CLASSES_ROOT\Interface\{05080E6B-A88A-4CFD-8C3D-9B2557670B6E}]


SearchNugget.DNSCatcher Browser Plug-in

O2 - BHO: Internet Explorer Web Content Catcher - {FFF4E223-7019-4ce7-BE03-D7D3C8CCE884} - C:\Programme\DNS\Catcher.dll

c:\programme\dns\affid.dat
c:\programme\dns\cwebpage.dll
c:\programme\dns\x.bmp
c:\programme\dns\uid.dat
c:\programme\dns\urls.dat
C:\Programme\Gemeinsame Dateien\services.exe


anderer PC

HijacktHis

O4 - HKCU\..\Run: [AXVenore] "C:\Programme\AXVenore\AXVenore.exe"
O4 - HKCU\..\Run: [PECarlin] "C:\Programme\PECarlin\PECarlin.exe"
O18 - Filter: text/html - {994D478A-45D0-4DB4-AE77-288B1E346E99} - C:\Programme\FCAdvice\FCAdvice.dll
O20 - AppInit_DLLs: Runner.dll,kmlknkin.dll,kaeilfbp.dll,SDRunner.dll,fojacofi.dll,Runner.dll,mempgede.dll,Runner.dll

datfindbat

Verzeichnis von C:\WINDOWS\system32

10.05.2006 17:44 69'632 mempgede.dll
10.05.2006 17:44 33'012 tpuninstall.exe
10.05.2006 17:43 69'632 fojacofi.dll
10.05.2006 17:43 69'632 kaeilfbp.dll
10.05.2006 17:43 69'632 kmlknkin.dll

Verzeichnis von C:\DOKUME~1\User\LOKALE~1\Temp

28.05.2006 22:14 174'667 minisetup1.exe
23.05.2006 00:45 148'106 mc051706.exe
23.05.2006 00:45 418'445 Mendoza1.exe
23.05.2006 00:45 25'088 tpaloader2.exe
23.05.2006 00:45 20'480 stub_ventjj.exe
20.05.2006 10:57 46'080 ~e5d141.tmp
11.05.2006 19:48 38'035 JLDist.exe
10.05.2006 17:44 66'817 Tspd.exe
10.05.2006 17:43 236'304 contextualapp.exe
10.05.2006 17:43 236'560 contexapp.exe
10.05.2006 17:43 156'063 minisetup2.exe
03.05.2006 00:13 69'632 Tspd.dll

Verzeichnis von C:\WINDOWS

02.06.2006 23:04 9'240 Hosts
23.05.2006 00:45 1'635 cfg32.exe
05.05.2006 23:55 9'240 b_as_Hosts
05.05.2006 23:54 2'586 regopt.log
05.05.2006 23:54 112'128 CdaC14BA.DLL
05.05.2006 23:54 30'720 CdaC13BA.EXE
05.05.2006 23:52 0 Sti_Trace.log

-----------------------------------------------

Avenger

Files to delete:
C:\WINDOWS\system32\mempgede.dll
C:\WINDOWS\system32\tpuninstall.exe
C:\WINDOWS\system32\fojacofi.dll
C:\WINDOWS\system32\kaeilfbp.dll
C:\WINDOWS\system32\kmlknkin.dll
C:\WINDOWS\system32\SDRunner.dll
C:\Dokumente und Einstellungen\User\Lokale Einstellungen\Temp\axsetup1.exe
C:\Dokumente und Einstellungen\User\Lokale Einstellungen\Temp\~ef7194.tmp
C:\Dokumente und Einstellungen\User\Lokale Einstellungen\Temp\mc051706.exe
C:\Dokumente und Einstellungen\User\Lokale Einstellungen\Temp\Mendoza1.exe
C:\Dokumente und Einstellungen\User\Lokale Einstellungen\Temp\tpaloader2.exe
C:\Dokumente und Einstellungen\User\Lokale Einstellungen\Temp\stub_ventjj.exe
C:\Dokumente und Einstellungen\User\Lokale Einstellungen\Temp\JLDist.exe
C:\Dokumente und Einstellungen\User\Lokale Einstellungen\Temp\Tspd.exe
C:\Dokumente und Einstellungen\User\Lokale Einstellungen\Temp\contextualapp.exe
C:\Dokumente und Einstellungen\User\Lokale Einstellungen\Temp\contexapp.exe
C:\Dokumente und Einstellungen\User\Lokale Einstellungen\Temp\minisetup2.exe
C:\Dokumente und Einstellungen\User\Lokale Einstellungen\Temp\minisetup1.exe
C:\Dokumente und Einstellungen\User\Lokale Einstellungen\Temp\Tspd.dll
C:\WINDOWS\Hosts
C:\WINDOWS\cfg32.exe
C:\WINDOWS\b_as_Hosts
C:\WINDOWS\regopt.log
C:\WINDOWS\CdaC14BA.DLL
C:\WINDOWS\CdaC13BA.EXE


deinstallieren:

C:\Programme\AXVenore
C:\Programme\PECarlin
C:\Programme\FCAdvice


Counterspy

ConsumerAlertSystem.CASClient Adware

C:\Avenger\axsetup1.exe
C:\Avenger\minisetup1.exe
C:\Avenger\minisetup2.exe
C:\Dokumente und Einstellungen\manu\Lokale Einstellungen\Temp\minisetup1.exe
C:\Dokumente und Einstellungen\manu\Lokale Einstellungen\Temporary Internet Files\Content.IE5\N3599HP2\minisetup1[1].exe

C:\Programme\SDVita\SDVita.exe

C:\RECYCLER\S-1-5-21-839522115-1637723038-2147167427-1004\Dc12\PECarlin.exe
C:\RECYCLER\S-1-5-21-839522115-1637723038-2147167427-1004\Dc9\AXVenore.exe

HKEY_CURRENT_USER\Software\AXVenore aid 1

----------

DealHelper Browser Plug-in

C:\Avenger\JLDist.exe

----------

Zoombar Hijacker

C:\Avenger\stub_ventjj.exe

----------------

ICanNews.CasClient Adware (General) more information...

C:\Avenger\tpuninstall.exe
C:\Avenger\Tspd.dll
C:\Avenger\Tspd.exe

---------------

Yazzle.SnowBallWars
Details: Yazzle.SnowballWars is an ad supported desktop game.
C:\Programme\Snowball Wars\uninstaller.exe

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Snowball Wars
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Snowball Wars DisplayName Snowball Wars by OIN
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Snowball Wars UninstallString C:\Programme\Snowball Wars\uninstaller.exe

--------------

FullContext.EQAdvice Adware

C:\programme\common files\misc001\mendoza.exe
C:\Avenger\contextualapp.exe
C:\Avenger\mc051706.exe
C:\Avenger\Mendoza1.exe
C:\Avenger\Runner.dll
C:\Avenger\tpaloader2.exe
C:\RECYCLER\S-1-5-21-839522115-1637723038-2147167427-1004\Dc10\FCAdvice.dll

[-HKEY_CLASSES_ROOT\CLSID\{994D478A-45D0-4DB4-AE77-288B1E346E99}]
[-HKEY_CLASSES_ROOT\TypeLib\{1B8B502E-455B-4022-BE77-FB6D9F808A18}]

HKEY_CLASSES_ROOT\TypeLib\{1B8B502E-455B-4022-BE77-FB6D9F808A18}\1.0\0\win32 C:\Programme\FCAdvice\FCAdvice.dll

--------------

Trojan.Svchostsys Trojan

Link: svchostsys

c:\programme\common files\simtest\svchostsys.bat
c:\programme\common files\simtest\sysstall.exe
c:\programme\common files\simtest\temp.txt

c:\programme\common files\svchostsys\icsharpcode.sharpziplib.dll
c:\programme\common files\svchostsys\svchostsys.exe
c:\programme\common files\svchostsys\svchostsys.exe.config
c:\programme\common files\svchostsys\svchostupdate.exe
c:\programme\common files\svchostsys\svchostupdate.exe.config
c:\programme\common files\svchostsys\version.txt


Ewido 
C:\WINDOWS\bsx32 
C:\WINDOWS\bsx32\ADVC3.bsx 
C:\WINDOWS\bsx32\BID1.bsx 
C:\WINDOWS\bsx32\BingoRoom1.bsx 
C:\WINDOWS\bsx32\CARS1.bsx 
C:\WINDOWS\bsx32\CASH2.bsx 
C:\WINDOWS\bsx32\CCS1.bsx 
C:\WINDOWS\bsx32\DEBT1.bsx 
C:\WINDOWS\bsx32\INK1.bsx 
C:\WINDOWS\bsx32\KanFinance3.bsx 
C:\WINDOWS\bsx32\MORT1.bsx 
C:\WINDOWS\bsx32\OPPS1.bsx 
C:\WINDOWS\bsx32\SPZ3.bsx 
C:\WINDOWS\bsx32\TMP1.bsx 
C:\WINDOWS\bsx32\XTFL2.bsx


bs3.dll

HijackThis

O2 - BHO: CExtension Object - {A85C4A1B-BD36-44E5-A70F-8EC347D9B24F} - C:\WINDOWS\bs3.dll
O4 - HKLM\..\Run: [Bsx3] RunDLL32.EXE C:\WINDOWS\bs3.dll,DllRun

[-HKEY_CLASSES_ROOT\appid\bookedspace.dll]
[-HKEY_CLASSES_ROOT\clsid\{a85c4a1b-bd36-44e5-a70f-8ec347d9b24f}]
[-HKEY_CLASSES_ROOT\bookedspace.extension]
[-HKEY_CLASSES_ROOT\BookedSpace.Extension.3]

Ewido 
C:\WINDOWS\bsx32 -> Adware.BookedSpace 
C:\WINDOWS\bsx32\XTFL2.bsx -> Adware.BookedSpace 
C:\WINDOWS\bsx32\ADVC3.bsx -> Adware.BookedSpace 
C:\WINDOWS\bsx32\CCS1.bsx -> Adware.BookedSpace 
C:\WINDOWS\bsx32\KanFinance3.bsx -> Adware.BookedSpace 
C:\WINDOWS\bsx32\TMP1.bsx -> Adware.BookedSpace 
C:\WINDOWS\bsx32\INK1.bsx -> Adware.BookedSpace 
C:\WINDOWS\bsx32\DEBT1.bsx -> Adware.BookedSpace 
C:\WINDOWS\bsx32\MORT1.bsx -> Adware.BookedSpace 
C:\WINDOWS\bsx32\SPZ3.bsx -> Adware.BookedSpace 
C:\WINDOWS\bsx32\CARS1.bsx -> Adware.BookedSpace 
C:\WINDOWS\bsx32\BID1.bsx -> Adware.BookedSpace 
C:\WINDOWS\bsx32\BingoRoom1.bsx -> Adware.BookedSpace 
C:\WINDOWS\bsx32\OPPS1.bsx -> Adware.BookedSpace 
C:\WINDOWS\bsx32\CASH2.bsx -> Adware.BookedSpace 
C:\WINDOWS\bsx32\TV1.bsx -> Adware.BookedSpace 
C:\WINDOWS\bsx32\CAS1.bsx -> Adware.BookedSpace 
C:\WINDOWS\bsx32\ADBN1.bsx -> Adware.BookedSpace 
C:\WINDOWS\bsx32\FAM1.bsx -> Adware.BookedSpace 
C:\WINDOWS\bsx32\EDU1.bsx -> Adware.BookedSpace 
C:\WINDOWS\bsx32\WIRE1.bsx -> Adware.BookedSpace 
C:\WINDOWS\bsx32\SPORT1.bsx -> Adware.BookedSpace 
C:\WINDOWS\bsx32\INSUR1.bsx -> Adware.BookedSpace 
C:\WINDOWS\bsx32\CARD2.bsx -> Adware.BookedSpace 
C:\WINDOWS\bsx32\OPPR2.bsx -> Adware.BookedSpace 
C:\WINDOWS\bsx32\EML1.bsx -> Adware.BookedSpace 
C:\WINDOWS\bsx32\ADVC4.bsx -> Adware.BookedSpace 
C:\WINDOWS\bsx32\AUTOS1.bsx -> Adware.BookedSpace 
C:\WINDOWS\bsx32\DATE3.bsx -> Adware.BookedSpace 
C:\WINDOWS\bsx32\FINC1.bsx -> Adware.BookedSpace 
C:\WINDOWS\bsx32\MOVS1.bsx -> Adware.BookedSpace 
C:\WINDOWS\bsx32\NEWS1.bsx -> Adware.BookedSpace 
C:\WINDOWS\bsx32\SHOP1.bsx -> Adware.BookedSpace 
C:\WINDOWS\bsx32\TECH1.bsx -> Adware.BookedSpace 
C:\WINDOWS\bsx32\WOMEN1.bsx -> Adware.BookedSpace



virus-protect.org Valid HTML 4.0 Ranking-Hits