Downloaded
|
Downloaded Program FilesC:\Program Files\Media GatewayC:\Program Files\Media Gateway\MediaGateway.exe C:\WINDOWS\Downloaded Program Files\WebP2PInstaller.dll C:\WINDOWS\Downloaded Program Files\ClientAX.dll -> Spyware.180Solutions C:\WINDOWS\Downloaded Program Files\webdlg32.dll -> Spyware.SBSoft C:\WINDOWS\Downloaded Program Files\WinCtlAdX.dll -> Spyware.WinAD C:\WINDOWS\Downloaded Program Files\bridge.dll C:\WINDOWS\Downloaded Program Files\CONFLICT.19\bridge.dll C:\WINDOWS\DOWNLOADED PROGRAM FILES\CONFLICT.1\MINIBUGTRANSPORTER.DLL C:\WINDOWS\Downloaded Program Files\CONFLICT.1\MediaTicketsInstaller.INF C:\WINDOWS\Downloaded Program Files\MediaTicketsInstaller.ocx c:\WINDOWS\Downloaded Program Files\jao.dll - Trojan:Win32/Spy.Briss.H 
Spyware.Apropos - Link: Apropos-Fix
C:\WINDOWS\Downloaded Program Files\aprload.bin C:\WINDOWS\Downloaded Program Files\load.exe C:\WINDOWS\Downloaded Program Files\monpop.exe C:\WINDOWS\Downloaded Program Files\pop225.dll C:\WINDOWS\Downloaded Program Files\pophook4.dll C:\WINDOWS\Downloaded Program Files\PopSrv225.exe
Adware:Adware/InstDollars
C:\WINDOWS\Downloaded Program Files\ax_mjpeg.ocx C:\WINDOWS\DOWNLOADED PROGRAM FILES\MWSEARCH.DLL C:\WINDOWS\Downloaded Program Files\loader2.ocx C:\WINDOWS\Downloaded Program Files\UWFX5NetInstaller.exe --> winfixer c:\windows\downloaded program files\ezstub.dll --> ezula C:\WINDOWS\Downloaded Program Files\giga32.dll --> gigasearch
CWS.toolband
C:\WINDOWS\Downloaded Program Files\Toolband.dll C:\WINDOWS\Downloaded Program Files\rundlg32.dll C:\WINDOWS\Downloaded Program Files\webdlg32.dll C:\WINDOWS\Downloaded Program Files\QDow.dll --> Spyhunter C:\WINDOWS\Downloaded Program Files\UCSearch.ocx C:\WINDOWS\Downloaded Program Files\belgio_ver3.ocx - Clicker:Win32 c:\windows\downloaded program files\muldist.ocx --> MoneyTree C:\WINDOWS\Downloaded Program Files\fullgames.exe -> Dialer.Playground.b C:/WINDOWS/Downloaded Program Files/SbCIe028.dll -> Spyware.SideStep HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/SbCIe028.dll\\.Owner HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/SbCIe028.dll\\{640B39C1-D713-464F-92C3-75BD972B95EE}
Im Hijackthis sind folgende Einträge zu finden
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gigasearch.biz/?129 O2 - BHO: GStartBHO Class - {EADD3112-0CF8-444b-AC0F-EBA38E004554} - C:\WINDOWS\Downloaded Program Files\giga32.dll
Im Hijackthis sind folgende Einträge zu finden
O2 - BHO: (no name) - {029BB53A-C312-4b09-9B4F-ED57AF027B28} - C:\WINDOWS\system32\winhlp32.dll O4 - HKLM\..\Run: [system check] C:\WINDOWS\Downloaded Program Files\updater.exe O4 - HKLM\..\Run: [winhlp32.exe] C:\WINDOWS\Downloaded Program Files\winhlp32.exe
Im Hijackthis sind folgende Einträge zu finden
O4 - HKLM\..\Run: [RunDLL] rundll32.exe "C:\WINDOWS\Downloaded Program Files\bridge.dll",Load O16 - DPF: {9C691A33-7DDA-4C2F-BE4C-C176083F35CF} (brdg Class) - http://static.flingstone.com/cab/20.../bridge-c20.cab O3 - Toolbar: MWSearch Toolbar - {A6790AA5-C6C7-4BCF-A46D-0FDAC4EA90EB} - C:\WINDOWS\DOWNLOADED PROGRAM FILES\MWSEARCH.DLL O16 - DPF: {79849612-A98F-45B8-95E9-4D13C7B6B35C} (Loader2 Control) - http://static.topconverting.com/activex/loader2.ocx
W32.Mimail.A@mm, W32/Mimail@MM, Mimail, Win32.Mimail.A, W32/Mimail-A, I-Worm.Mimail
I would like to inform you about important information regarding your email address. This email address will be expiring. Please read attachment for details. Best regards, Administrator - c:\windows\videodrv.exe - eml.tmp - c:\windows\exe.tmp - zip.tmp : exe.tmp HKEY_LOCAL_MACHINE \SOFTWARE \Microsoft \Windows \CurrentVersion \Run \VideoDrviver - videodrv.exe 
foo.exe 
Lade echo.zip --> entpacken--> klicke echo.bat -->
der Texteditor wird sich öffnen--> Text abkopieren
Directory of C:\WINDOWS\Downloaded Program Files 24-03-2004 02:19 203.568 arclib.dll 18-04-2003 12:59 53.248 DiskFAU.dll 30-11-2005 10:37 268.552 PCPitstop.dll 29-11-2005 17:52 618 PCPitstop.inf 27-08-2005 13:30 5.065 swflash.inf 16-06-2005 02:08 1.223.187 vet.da1 08-06-2004 02:06 2.575.174 vet.dat 28-04-2005 08:21 745.543 vete.dll 8 File(s) 5.074.955 bytes Total Files Listed: 8 File(s) 5.074.955 bytes 0 Dir(s) 583.446.528 bytes free
HijackThis (StartupListe)
*HijackThis - Config *List also minor sections (full) -- Häkchen setzen *List empty sections (complete) -- Häkchen setzen *HijackThis - Config - MiscTools -- Generate StartupListlog *(es öffnet sich das Notepad [Texteditor], nun das KOMPLETTE Log abkopieren)
Enumerating Download Program Files:
116 [CRAVOnline Object] 117 InProcServer32 = C:\WINDOWS\Downloaded Program Files\ravonline.dll 118 CODEBASE = http://www.ravantivirus.com/scan/ravonline.cab
Im Hijackthis sind folgende Einträge zu finden
O16 - DPF: RaptisoftGameLoader - hXXX//www.miniclip.com/hamsterball/raptisoftgameloader.cab
Verzeichnis von C:\WINDOWS\Downloaded Program Files
02.10.2004 21:34 151.552 RSGameLoader.dll 
|
