13galadriel | 23.11.2008 21:46 | Hallo,
Danke für die hilfe, die host datei habe ich schon geändert.
hier die abgearbeiteten schritte:
1) für die C:\WINDOWS\system32\nsgA8.dll datei: Code:
Antivirus Version letzte aktualisierung Ergebnis
AhnLab-V3 2008.11.21.0 2008.11.23 -
AntiVir 7.9.0.35 2008.11.23 -
Authentium 5.1.0.4 2008.11.22 -
Avast 4.8.1281.0 2008.11.22 -
AVG 8.0.0.199 2008.11.23 -
BitDefender 7.2 2008.11.23 -
CAT-QuickHeal 10.00 2008.11.21 -
ClamAV 0.94.1 2008.11.23 -
DrWeb 4.44.0.09170 2008.11.23 -
eSafe 7.0.17.0 2008.11.23 -
eTrust-Vet 31.6.6221 2008.11.21 -
Ewido 4.0 2008.11.23 -
F-Prot 4.4.4.56 2008.11.22 -
F-Secure 8.0.14332.0 2008.11.23 -
Fortinet 3.117.0.0 2008.11.23 -
GData 19 2008.11.23 -
Ikarus T3.1.1.45.0 2008.11.23 AdWare.Win32.MxLiveMedia
K7AntiVirus 7.10.531 2008.11.22 -
Kaspersky 7.0.0.125 2008.11.23 -
McAfee 5443 2008.11.23 -
McAfee+Artemis 5443 2008.11.23 -
Microsoft 1.4104 2008.11.23 Adware:Win32/MxLiveMedia
NOD32 3632 2008.11.21 -
Norman 5.80.02 2008.11.22 -
Panda 9.0.0.4 2008.11.23 -
PCTools 4.4.2.0 2008.11.23 -
Prevx1 V2 2008.11.23 Adware
Rising 21.04.62.00 2008.11.23 -
SecureWeb-Gateway 6.7.6 2008.11.23 -
Sophos 4.35.0 2008.11.23 -
Sunbelt 3.1.1823.2 2008.11.22 -
Symantec 10 2008.11.23 -
TheHacker 6.3.1.1.160 2008.11.23 -
TrendMicro 8.700.0.1004 2008.11.22 -
VBA32 3.12.8.9 2008.11.22 -
ViRobot 2008.11.18.1474 2008.11.18 -
VirusBuster 4.5.11.0 2008.11.23 Adware.Adrotator.Gen.2
weitere Informationen
File size: 555008 bytes
MD5...: 361e30650beba9a23ba69b287193de0a
SHA1..: 9c71f0ff3a455ef874fc98d1a23deb39e098560e
SHA256: 624a635f7f23ca9d8cbed349b8a16838461732b41c50be2283ea853438f9eae1
SHA512: 948e9020a53f9e615cb96f11fb611f1341bf6fade56655cf48ae0271959e0e4c
ded16b9de6cb847c6cb06f3e8e58ff31ac8febebb3f323a96c28e0c1818753d8
PEiD..: -
TrID..: File type identification
DirectShow filter (77.7%)
Win32 Executable MS Visual C++ (generic) (14.5%)
Win32 Executable Generic (3.2%)
Win32 Dynamic Link Library (generic) (2.9%)
Generic Win/DOS Executable (0.7%)
PEInfo: PE Structure information
( base data )
entrypointaddress.: 0x10047b11
timedatestamp.....: 0x490748f1 (Tue Oct 28 17:16:33 2008)
machinetype.......: 0x14c (I386)
( 5 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x69383 0x69400 6.76 237102c549f5f86c34e83d74e6cad4f5
.rdata 0x6b000 0x136da 0x13800 4.85 6acac2965a8134830ce3f7098b17144b
.data 0x7f000 0x4efc 0x1800 3.68 eb26aa7c21b340ac0db60735523df18f
.rsrc 0x84000 0x4a0 0x600 4.54 74d9fe786082b42abeecaa5bed867691
.reloc 0x85000 0x889a 0x8a00 5.92 c71ecc578e3bd386fcfe0ef12721d5b3
( 10 imports )
> SHLWAPI.dll: StrStrIW, UrlGetPartW, UrlEscapeW, PathMatchSpecW, UrlUnescapeW, StrCmpIW
> KERNEL32.dll: GetCommandLineA, CompareStringW, CompareStringA, InterlockedIncrement, InterlockedDecrement, EnterCriticalSection, DeleteCriticalSection, GetProcAddress, LoadLibraryA, MultiByteToWideChar, GetDriveTypeA, GetProcessHeap, SetEndOfFile, CreateFileA, GetModuleHandleA, GetTimeZoneInformation, SetStdHandle, WriteConsoleW, GetConsoleOutputCP, WriteConsoleA, InitializeCriticalSectionAndSpinCount, GetStringTypeW, GetStringTypeA, GetLocaleInfoA, GetCurrentDirectoryA, SetFilePointer, GetDateFormatA, GetTimeFormatA, IsValidCodePage, GetOEMCP, GetACP, FlushFileBuffers, GetConsoleMode, GetConsoleCP, ReadFile, WriteFile, GetCurrentProcessId, GetTickCount, QueryPerformanceCounter, GetEnvironmentStringsW, FreeEnvironmentStringsW, GetEnvironmentStrings, FreeEnvironmentStringsA, GetFullPathNameW, InitializeCriticalSection, LeaveCriticalSection, FreeLibrary, WideCharToMultiByte, CreateMutexW, WaitForSingleObject, ReleaseMutex, CloseHandle, Sleep, GetModuleFileNameA, GetStartupInfoA, GetFileType, GetStdHandle, SetHandleCount, HeapReAlloc, VirtualAlloc, TerminateProcess, GetCurrentProcess, UnhandledExceptionFilter, SetUnhandledExceptionFilter, IsDebuggerPresent, GetLastError, HeapFree, GetCurrentThreadId, SetEnvironmentVariableA, GetSystemTimeAsFileTime, ExitThread, CreateThread, FindClose, FileTimeToSystemTime, FileTimeToLocalFileTime, GetDriveTypeW, FindFirstFileW, RaiseException, RtlUnwind, LCMapStringA, LCMapStringW, GetCPInfo, HeapAlloc, GetModuleHandleW, TlsGetValue, TlsAlloc, TlsSetValue, TlsFree, SetLastError, HeapSize, ExitProcess, HeapCreate, HeapDestroy, VirtualFree
> USER32.dll: GetWindowLongW, wsprintfW, SetWindowTextW, SetWindowPos, SetWindowLongW, EnumChildWindows, RealGetWindowClassW, GetWindowTextW, SendMessageW, CallWindowProcW
> ole32.dll: CoUninitialize, CoCreateInstance, CoTaskMemFree, CoInitialize
> OLEAUT32.dll: -, -, -, -, -, -, -, -, -, -, -, -, -, -
> WS2_32.dll: -
> RPCRT4.dll: UuidToStringW, RpcStringFreeW
> urlmon.dll: UrlMkGetSessionOption
> imagehlp.dll: MapAndLoad, UnMapAndLoad
> SHELL32.dll: SHCreateDirectoryExW
( 4 exports )
DllCanUnloadNow, DllGetClassObject, DllRegisterServer, DllUnregisterServer
Prevx info: http://info.prevx.com/aboutprogramtext.asp?PX5=F34A282900ACA7AE789008BCA64C6200F80BB198 für die C:\Programme\bxNewFolder\bxNewFolder.dll Code:
Antivirus Version letzte aktualisierung Ergebnis
AhnLab-V3 2008.11.21.0 2008.11.23 -
AntiVir 7.9.0.35 2008.11.23 -
Authentium 5.1.0.4 2008.11.22 -
Avast 4.8.1281.0 2008.11.22 -
AVG 8.0.0.199 2008.11.23 -
BitDefender 7.2 2008.11.23 -
CAT-QuickHeal 10.00 2008.11.21 -
ClamAV 0.94.1 2008.11.23 -
DrWeb 4.44.0.09170 2008.11.23 -
eSafe 7.0.17.0 2008.11.23 Suspicious File
eTrust-Vet 31.6.6221 2008.11.21 -
Ewido 4.0 2008.11.23 -
F-Prot 4.4.4.56 2008.11.22 -
F-Secure 8.0.14332.0 2008.11.23 -
Fortinet 3.117.0.0 2008.11.23 -
GData 19 2008.11.23 -
Ikarus T3.1.1.45.0 2008.11.23 -
K7AntiVirus 7.10.531 2008.11.22 -
Kaspersky 7.0.0.125 2008.11.23 -
McAfee 5443 2008.11.23 -
McAfee+Artemis 5443 2008.11.23 -
Microsoft 1.4104 2008.11.23 -
NOD32 3632 2008.11.21 -
Norman 5.80.02 2008.11.22 -
Panda 9.0.0.4 2008.11.23 -
PCTools 4.4.2.0 2008.11.23 -
Prevx1 V2 2008.11.23 -
Rising 21.04.62.00 2008.11.23 -
SecureWeb-Gateway 6.7.6 2008.11.23 -
Sophos 4.35.0 2008.11.23 -
Sunbelt 3.1.1823.2 2008.11.22 -
Symantec 10 2008.11.23 -
TheHacker 6.3.1.1.160 2008.11.23 -
TrendMicro 8.700.0.1004 2008.11.22 -
VBA32 3.12.8.9 2008.11.22 -
ViRobot 2008.11.18.1474 2008.11.18 -
VirusBuster 4.5.11.0 2008.11.23 -
weitere Informationen
File size: 191488 bytes
MD5...: bfe5ca69ca7b71d18c7de0bcdc3ba626
SHA1..: ddce3521c30b8bdc61c11292eea7537a7e3b90f8
SHA256: 9080b11b96a64ebe04c460be51060d20d0b7923f301b4ef4f570ff9da0ec2ee1
SHA512: def956e848edc1a0dd609b36a7d798c2b8e1eaf896b4dbe79ab9922438f9c69c
6186b0129baaa4b1613fe46927c3af52072839e04a9e8e67b6dc0011c3164465
PEiD..: ASPack v2.12
TrID..: File type identification
Win32 Executable Generic (58.3%)
Win16/32 Executable Delphi generic (14.1%)
Generic Win/DOS Executable (13.7%)
DOS Executable Generic (13.6%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
PEInfo: PE Structure information
( base data )
entrypointaddress.: 0x46f001
timedatestamp.....: 0x2a425e19 (Fri Jun 19 22:22:17 1992)
machinetype.......: 0x14c (I386)
( 9 sections )
name viradd virsiz rawdsiz ntrpy md5
CODE 0x1000 0x58000 0x24800 8.00 dfff83e22ba22c1aa3e70a2b80d9268e
DATA 0x59000 0x1000 0x800 7.00 6c2953cb113db9885d17783a0959913e
BSS 0x5a000 0x1000 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e
.idata 0x5b000 0x3000 0xe00 7.72 f9a0ccb584742e750bca04c22d205ed4
.edata 0x5e000 0x1000 0x200 1.96 08ec433a5077c9df57602c421ae9e3ee
.reloc 0x5f000 0x7000 0x3c00 7.95 d05dce0a11f7ff0653c1eb2edf10a9d8
.rsrc 0x66000 0x9000 0x3800 6.65 bf449073a522b23ee6dc71b4d70694b9
.aspack 0x6f000 0x2000 0x1400 5.66 0deaebe52677e02bf8a104347069e0b6
.adata 0x71000 0x1000 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e
( 12 imports )
> kernel32.dll: GetProcAddress, GetModuleHandleA, LoadLibraryA
> user32.dll: GetKeyboardType
> advapi32.dll: RegQueryValueExA
> oleaut32.dll: VariantChangeTypeEx
> advapi32.dll: RegSetValueExA
> gdi32.dll: UnrealizeObject
> user32.dll: WindowFromPoint
> ole32.dll: CoTaskMemFree
> oleaut32.dll: CreateErrorInfo
> comctl32.dll: ImageList_SetIconSize
> shell32.dll: ShellExecuteA
> shell32.dll: SHGetPathFromIDListA
( 4 exports )
DllCanUnloadNow, DllGetClassObject, DllRegisterServer, DllUnregisterServer
packers (Kaspersky): ASPack
packers (F-Prot): Aspack für C:\WINDOWS\system32\tqrcawwxfu.dll Code:
Antivirus Version letzte aktualisierung Ergebnis
AhnLab-V3 2008.11.21.0 2008.11.23 -
AntiVir 7.9.0.35 2008.11.23 -
Authentium 5.1.0.4 2008.11.22 W32/AdRotator.B.gen!Eldorado
Avast 4.8.1281.0 2008.11.22 -
AVG 8.0.0.199 2008.11.23 -
BitDefender 7.2 2008.11.23 Generic.Adw.Rotator.F68A437D
CAT-QuickHeal 10.00 2008.11.21 -
ClamAV 0.94.1 2008.11.23 Adware.AdRotator-10
DrWeb 4.44.0.09170 2008.11.23 -
eSafe 7.0.17.0 2008.11.23 -
eTrust-Vet 31.6.6221 2008.11.21 Win32/AdClicker
Ewido 4.0 2008.11.23 -
F-Prot 4.4.4.56 2008.11.22 W32/AdRotator.B.gen!Eldorado
F-Secure 8.0.14332.0 2008.11.23 Trojan-Clicker.Win32.Agent.fid
Fortinet 3.117.0.0 2008.11.23 Adware/AdClicker
GData 19 2008.11.23 Generic.Adw.Rotator.F68A437D
Ikarus T3.1.1.45.0 2008.11.23 Generic.Adw.Rotator
K7AntiVirus 7.10.531 2008.11.22 -
Kaspersky 7.0.0.125 2008.11.23 Trojan-Clicker.Win32.Agent.fid
McAfee 5443 2008.11.23 AdClicker-GI
McAfee+Artemis 5443 2008.11.23 AdClicker-GI
Microsoft 1.4104 2008.11.23 Adware:Win32/AdRotator
NOD32 3632 2008.11.21 -
Norman 5.80.02 2008.11.22 -
Panda 9.0.0.4 2008.11.23 -
PCTools 4.4.2.0 2008.11.23 -
Prevx1 V2 2008.11.23 -
Rising 21.04.62.00 2008.11.23 -
SecureWeb-Gateway 6.7.6 2008.11.23 Trojan.Click.LooksLike.Agent
Sophos 4.35.0 2008.11.23 SuperiorAds
Sunbelt 3.1.1823.2 2008.11.22 -
Symantec 10 2008.11.23 -
TheHacker 6.3.1.1.160 2008.11.23 -
TrendMicro 8.700.0.1004 2008.11.22 -
VBA32 3.12.8.9 2008.11.22 -
ViRobot 2008.11.18.1474 2008.11.18 Trojan.Win32.Clicker.190976
VirusBuster 4.5.11.0 2008.11.23 -
weitere Informationen
File size: 190976 bytes
MD5...: e22552e451048ad49117dd50fac322f4
SHA1..: 29db41c3aa2846090571a5efbfe20281a619956e
SHA256: 6aa697922097ca59a1d797673599a2b5ff658f9ef51219db3b7621ed7c7d9d51
SHA512: 10d297ce5d9b8f53ebd5896fd52eac69dda77b02eb2a4321a78423b82b92737e
927c1c9e83a9dab50538c6c5e58a11e791b4b0addd42c2a6e0a298adb0190bb3
PEiD..: -
TrID..: File type identification
Win32 Executable MS Visual C++ (generic) (65.2%)
Win32 Executable Generic (14.7%)
Win32 Dynamic Link Library (generic) (13.1%)
Generic Win/DOS Executable (3.4%)
DOS Executable Generic (3.4%)
PEInfo: PE Structure information
( base data )
entrypointaddress.: 0x10013a08
timedatestamp.....: 0x4909e15e (Thu Oct 30 16:31:26 2008)
machinetype.......: 0x14c (I386)
( 5 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x23150 0x23200 6.61 1a4096ba47a2bd7e0c9bc4b70e93f0f9
.rdata 0x25000 0x6d8b 0x6e00 5.41 20b9e2a0b3ce3de239f800f83d51c9d2
.data 0x2c000 0x33c4 0x1800 3.92 b5cecfc9a6cbf56a13c4d5ec5436339c
.rsrc 0x30000 0x34c 0x400 4.67 751dd3003ee54422d2ca82ad2956b370
.reloc 0x31000 0x28e4 0x2a00 4.96 20ed6d728a0b8bf51944ed3165354565
( 8 imports )
> RPCRT4.dll: UuidToStringW, RpcStringFreeW
> VERSION.dll: VerQueryValueW, GetFileVersionInfoSizeW, GetFileVersionInfoW
> SHLWAPI.dll: StrCmpIW, StrStrIW, PathStripPathW, UrlEscapeW, SHDeleteKeyW
> KERNEL32.dll: ExitThread, WaitForSingleObject, CreateThread, Sleep, GetModuleFileNameW, OpenMutexW, GetSystemTime, CreateEventW, OpenProcess, CreateMutexW, GetLastError, InterlockedIncrement, InterlockedDecrement, lstrcmpW, GetTickCount, SystemTimeToFileTime, GetLocalTime, LocalFree, LoadLibraryA, FreeLibrary, ExpandEnvironmentStringsW, WideCharToMultiByte, MultiByteToWideChar, GetTempFileNameW, GetEnvironmentVariableW, LocalAlloc, VirtualQuery, GetVolumeInformationW, LoadLibraryW, GetSystemInfo, GetStringTypeW, GetStringTypeA, LCMapStringA, GetLocaleInfoA, InitializeCriticalSectionAndSpinCount, GetConsoleMode, GetConsoleCP, SetFilePointer, HeapReAlloc, VirtualAlloc, GetSystemTimeAsFileTime, GetCurrentProcessId, QueryPerformanceCounter, VirtualFree, HeapDestroy, HeapCreate, GetEnvironmentStringsW, FreeEnvironmentStringsW, GetEnvironmentStrings, FreeEnvironmentStringsA, GetStartupInfoA, GetProcAddress, CreateProcessW, CloseHandle, SetEvent, LeaveCriticalSection, EnterCriticalSection, DeleteCriticalSection, InitializeCriticalSection, lstrlenW, SetStdHandle, WriteConsoleA, GetConsoleOutputCP, WriteConsoleW, CreateFileA, FlushFileBuffers, GetWindowsDirectoryW, GetFileType, SetHandleCount, LCMapStringW, IsValidCodePage, GetOEMCP, GetACP, GetCPInfo, GetModuleFileNameA, GetStdHandle, WriteFile, ExitProcess, HeapSize, GetModuleHandleA, SetLastError, TlsFree, TlsSetValue, RaiseException, TerminateProcess, GetCurrentProcess, UnhandledExceptionFilter, SetUnhandledExceptionFilter, IsDebuggerPresent, RtlUnwind, GetCurrentThreadId, GetCommandLineA, HeapFree, HeapAlloc, GetModuleHandleW, TlsGetValue, TlsAlloc
> USER32.dll: GetWindowTextW, EnumChildWindows, RealGetWindowClassW, CallWindowProcW, SetWindowLongW, GetWindowThreadProcessId, SetActiveWindow, SendMessageW, GetPropW, RemovePropW, SetWindowTextW, SetPropW, IntersectRect, InflateRect, ClientToScreen, MsgWaitForMultipleObjects, PeekMessageW, TranslateMessage, DispatchMessageW, GetClassNameW, PostMessageW, OffsetRect
> ADVAPI32.dll: CryptCreateHash, CryptGetHashParam, ConvertStringSecurityDescriptorToSecurityDescriptorW, GetSecurityDescriptorSacl, SetSecurityInfo, CryptGenRandom, CryptAcquireContextW, CryptHashData, CryptDestroyHash, CryptReleaseContext, RegQueryValueExW, RegCreateKeyW, RegCreateKeyExW, RegSetValueW, RegDeleteValueW, RegOpenKeyExW, RegSetValueExW, RegCloseKey
> ole32.dll: CoInitializeEx, CoCreateInstance, CoTaskMemFree, CoUninitialize
> OLEAUT32.dll: -, -, -, -, -, -, -, -, -, -, -
( 4 exports )
DllCanUnloadNow, DllGetClassObject, DllRegisterServer, DllUnregisterServer
CWSandbox info: http://research.sunbelt-software.com/partnerresource/MD5.aspx?md5=e22552e451048ad49117dd50fac322f4 |