Downloaded
Program
Files

Downloaded Program Files

C:\Program Files\Media Gateway
C:\Program Files\Media Gateway\MediaGateway.exe

C:\WINDOWS\Downloaded Program Files\WebP2PInstaller.dll
C:\WINDOWS\Downloaded Program Files\ClientAX.dll -> Spyware.180Solutions
C:\WINDOWS\Downloaded Program Files\webdlg32.dll -> Spyware.SBSoft
C:\WINDOWS\Downloaded Program Files\WinCtlAdX.dll -> Spyware.WinAD
C:\WINDOWS\Downloaded Program Files\bridge.dll
C:\WINDOWS\Downloaded Program Files\CONFLICT.19\bridge.dll
C:\WINDOWS\DOWNLOADED PROGRAM FILES\CONFLICT.1\MINIBUGTRANSPORTER.DLL

C:\WINDOWS\Downloaded Program Files\CONFLICT.1\MediaTicketsInstaller.INF
C:\WINDOWS\Downloaded Program Files\MediaTicketsInstaller.ocx

c:\WINDOWS\Downloaded Program Files\jao.dll - Trojan:Win32/Spy.Briss.H

weiter Spyware.Apropos - Link: Apropos-Fix
C:\WINDOWS\Downloaded Program Files\aprload.bin
C:\WINDOWS\Downloaded Program Files\load.exe
C:\WINDOWS\Downloaded Program Files\monpop.exe
C:\WINDOWS\Downloaded Program Files\pop225.dll
C:\WINDOWS\Downloaded Program Files\pophook4.dll
C:\WINDOWS\Downloaded Program Files\PopSrv225.exe

weiter Adware:Adware/InstDollars
C:\WINDOWS\Downloaded Program Files\ax_mjpeg.ocx

C:\WINDOWS\DOWNLOADED PROGRAM FILES\MWSEARCH.DLL
C:\WINDOWS\Downloaded Program Files\loader2.ocx
C:\WINDOWS\Downloaded Program Files\UWFX5NetInstaller.exe --> winfixer
c:\windows\downloaded program files\ezstub.dll --> ezula
C:\WINDOWS\Downloaded Program Files\giga32.dll --> gigasearch

weiter CWS.toolband
C:\WINDOWS\Downloaded Program Files\Toolband.dll
C:\WINDOWS\Downloaded Program Files\rundlg32.dll
C:\WINDOWS\Downloaded Program Files\webdlg32.dll

C:\WINDOWS\Downloaded Program Files\QDow.dll --> Spyhunter
C:\WINDOWS\Downloaded Program Files\UCSearch.ocx
C:\WINDOWS\Downloaded Program Files\belgio_ver3.ocx - Clicker:Win32
c:\windows\downloaded program files\muldist.ocx --> MoneyTree
C:\WINDOWS\Downloaded Program Files\fullgames.exe -> Dialer.Playground.b
C:/WINDOWS/Downloaded Program Files/SbCIe028.dll -> Spyware.SideStep

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/SbCIe028.dll\\.Owner

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/SbCIe028.dll\\{640B39C1-D713-464F-92C3-75BD972B95EE}

weiter Im Hijackthis sind folgende Einträge zu finden

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gigasearch.biz/?129
O2 - BHO: GStartBHO Class - {EADD3112-0CF8-444b-AC0F-EBA38E004554} - C:\WINDOWS\Downloaded Program Files\giga32.dll

weiter Im Hijackthis sind folgende Einträge zu finden

O2 - BHO: (no name) - {029BB53A-C312-4b09-9B4F-ED57AF027B28} - C:\WINDOWS\system32\winhlp32.dll
O4 - HKLM\..\Run: [system check] C:\WINDOWS\Downloaded Program Files\updater.exe
O4 - HKLM\..\Run: [winhlp32.exe] C:\WINDOWS\Downloaded Program Files\winhlp32.exe

weiter Im Hijackthis sind folgende Einträge zu finden

O4 - HKLM\..\Run: [RunDLL] rundll32.exe "C:\WINDOWS\Downloaded Program Files\bridge.dll",Load
O16 - DPF: {9C691A33-7DDA-4C2F-BE4C-C176083F35CF} (brdg Class) - http://static.flingstone.com/cab/20.../bridge-c20.cab
O3 - Toolbar: MWSearch Toolbar - {A6790AA5-C6C7-4BCF-A46D-0FDAC4EA90EB} - C:\WINDOWS\DOWNLOADED PROGRAM FILES\MWSEARCH.DLL
O16 - DPF: {79849612-A98F-45B8-95E9-4D13C7B6B35C} (Loader2 Control) - http://static.topconverting.com/activex/loader2.ocx

weiter W32.Mimail.A@mm, W32/Mimail@MM, Mimail, Win32.Mimail.A, W32/Mimail-A, I-Worm.Mimail
E-Mail
I would like to inform you about important information regarding your
email address. This email address will be expiring.
Please read attachment for details.

Best regards, Administrator

- c:\windows\videodrv.exe
- eml.tmp
- c:\windows\exe.tmp
- zip.tmp : exe.tmp

HKEY_LOCAL_MACHINE
\SOFTWARE
\Microsoft
\Windows
\CurrentVersion
\Run
\VideoDrviver - videodrv.exe

videodrv.exe

foo.exe
foo.exe

weiter Lade echo.zip --> entpacken--> klicke echo.bat --> der Texteditor wird sich öffnen--> Text abkopieren

Directory of C:\WINDOWS\Downloaded Program Files

24-03-2004 02:19 203.568 arclib.dll
18-04-2003 12:59 53.248 DiskFAU.dll
30-11-2005 10:37 268.552 PCPitstop.dll
29-11-2005 17:52 618 PCPitstop.inf
27-08-2005 13:30 5.065 swflash.inf
16-06-2005 02:08 1.223.187 vet.da1
08-06-2004 02:06 2.575.174 vet.dat
28-04-2005 08:21 745.543 vete.dll
8 File(s) 5.074.955 bytes
Total Files Listed:
8 File(s) 5.074.955 bytes
0 Dir(s) 583.446.528 bytes free

weiter HijackThis (StartupListe)

*HijackThis - Config
*List also minor sections (full) -- Häkchen setzen
*List empty sections (complete) -- Häkchen setzen
*HijackThis - Config - MiscTools -- Generate StartupListlog
*(es öffnet sich das Notepad [Texteditor], nun das KOMPLETTE Log abkopieren)

weiter Enumerating Download Program Files:

116 [CRAVOnline Object]
117 InProcServer32 = C:\WINDOWS\Downloaded Program Files\ravonline.dll
118 CODEBASE = http://www.ravantivirus.com/scan/ravonline.cab

weiter Im Hijackthis sind folgende Einträge zu finden

O16 - DPF: RaptisoftGameLoader - hXXX//www.miniclip.com/hamsterball/raptisoftgameloader.cab

weiter Verzeichnis von C:\WINDOWS\Downloaded Program Files
02.10.2004 21:34 151.552 RSGameLoader.dll

RSGameLoader.dll





Counter-Box.de


virus-protect.org
startseite Valid HTML 4.01 Ranking-Hits antispam