Pop up fenster öffnen sich ständig.

Hey Jungs!

Ich weiß nicht, ob ich die virtuelle Schweine Grippe oder was ich mir
hier eingefangen habe... .

Die Syntome sind folgende:
Es öffnet sich ungefähr alle 15Minuten ein Pop up fenser mit irgendeiner Werbung. Ganz gleich, ob ich mit irgendeinem Browser im internet bin oder nicht.

Antivir findet nichts mehr und CCleaner hats auch nicht beseitigt.
Was kann ich tun?

 

Könnte es sein, dass du auch einen Computer hast, auf dem ein Betriebssystem installiert ist?

 

Zum Beispiel die Stickies lesen, die in diesem Forum ganz oben angepinnt sind?

Also wurde was gefunden, oder ?

 

@N.P.
hallo,
bitte poste die fundmeldungen(antivir, ansicht, übersicht, ereignisse).
*
http://download.bleepingcomputer.com/sUBs/dds.scr
auf den desktop herunterladen und ausführen.

es öffnen sich zwei logs, dds.txt und attach.txt.

im dds.txt-fenster drückst du strg+a, strg+c und fügst den bericht mittels strg+v in diesen thread ein.

 

Sorry jungs, klar habe ich ein Betriebssystem... auf meinem Rechner läuft win XP.

Ja, Antivir findet ab und an mal nen Virus... wenn der beseitigt ist, ändert das aber nichts.

Hier das dds.txt


DDS (Ver_09-12-01.01) - NTFSx86
Run by niklas at 15:30:29,00 on 03.01.2010
Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 1.6.0_16
Microsoft Windows XP Home Edition 5.1.2600.3.1252.49.1031.18.2046.1316 [GMT 1:00]

AV: AntiVir Desktop *On-access scanning enabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\Avira\AntiVir Desktop\sched.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Programme\Avira\AntiVir Desktop\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\Windows Live\Messenger\msnmsgr.exe
C:\Programme\Skype\Phone\Skype.exe
C:\Programme\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe
C:\Programme\Steam\Steam.exe
C:\Dokumente und Einstellungen\niklas\Music\lst.exe
C:\Programme\Skype\Plugin Manager\skypePM.exe
C:\WINDOWS\System32\svchost.exe -k Akamai
C:\Programme\Avira\AntiVir Desktop\avguard.exe
C:\Programme\Gigabyte\EasySaver\ESSVR.EXE
C:\Programme\Java\jre6\bin\jqs.exe
C:\Programme\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\WINDOWS\system32\wuauclt.exe
C:\Programme\Windows Live\Contacts\wlcomm.exe
C:\PROGRA~1\MICROS~2\OFFICE11\OUTLOOK.EXE
C:\Programme\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Programme\Mozilla Firefox\firefox.exe
C:\Dokumente und Einstellungen\niklas\Eigene Dateien\Downloads\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2431245
uURLSearchHooks: DeviceVM Url Search Hook: {0063bf63-bfff-4b8f-9d26-4267df7f17dd} - c:\windows\system32\dvmurl.dll
uURLSearchHooks: softonic-de3 Toolbar: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - c:\programme\softonic-de3\tbsoft.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\programme\gemeinsame dateien\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: BrowserHelper Class: {8a9d74f9-560b-4fe7-abeb-3b2e638e5cd6} - c:\programme\sgpsa\SearchAssistant.dll
BHO: Windows Live Anmelde-Hilfsprogramm: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\programme\gemeinsame dateien\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: softonic-de3 Toolbar: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - c:\programme\softonic-de3\tbsoft.dll
BHO: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\programme\ask.com\GenericAskToolbar.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\programme\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\programme\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: Search Assistant: {f0626a63-410b-45e2-99a1-3f2475b2d695} - c:\programme\sgpsa\BHO.dll
BHO: Fast Browser Search Toolbar Helper: {fcbccb87-9224-4b8d-b117-f56d924beb18} - c:\programme\fast browser search\ie\FBStoolbar.dll
TB: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\programme\ask.com\GenericAskToolbar.dll
TB: softonic-de3 Toolbar: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - c:\programme\softonic-de3\tbsoft.dll
TB: Fast Browser Search Toolbar: {1bb22d38-a411-4b13-a746-c2a4f4ec7344} - c:\programme\fast browser search\ie\FBStoolbar.dll
uRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe
uRun: [PlayNC Launcher]
uRun: [msnmsgr] "c:\programme\windows live\messenger\msnmsgr.exe" /background
uRun: [Skype] "c:\programme\skype\phone\Skype.exe" /nosplash /minimized
uRun: [Sony Ericsson PC Suite] "c:\programme\sony ericsson\sony ericsson pc suite\SEPCSuite.exe" /systray /nologon
uRun: [Steam] "c:\programme\steam\Steam.exe" -silent
uRun: [System] c:\dokumente und einstellungen\niklas\music\lst.exe
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [Alcmtr] ALCMTR.EXE
mRun: [avgnt] "c:\programme\avira\antivir desktop\avgnt.exe" /min
mRun: [QuickTime Task] "c:\programme\quicktime\QTTask.exe" -atboottime
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
IE: Nach Microsoft &Excel exportieren - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\programme\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
DPF: {5D6F45B3-9043-443D-A792-115447494D24} - hxxp://messenger.zone.msn.com/MessengerGamesContent/GameContent/de/uno1/GAME_UNO1.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\gemein~1\skype\SKYPE4~1.DLL
Notify: AtiExtEvent - Ati2evxx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

================= FIREFOX ===================

FF - ProfilePath - c:\dokume~1\niklas\anwend~1\mozilla\firefox\profiles\53duzsjg.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.fastbrowsersearch.com/results/results.aspx?s=DEF&v=19&q=
FF - prefs.js: browser.search.selectedEngine - Fast Browser Search
FF - prefs.js: browser.startup.homepage - hxxp://www.google.de/
FF - prefs.js: keyword.URL - hxxp://www.fastbrowsersearch.com/results/results.aspx?s=NAUS&v=19&tid={9F4EDA36-8C58-A9FC-85F0-20D7F83AD6B4}&q=
FF - component: c:\dokumente und einstellungen\niklas\anwendungsdaten\mozilla\firefox\profiles\53duzsjg.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
FF - component: c:\dokumente und einstellungen\niklas\anwendungsdaten\mozilla\firefox\profiles\53duzsjg.default\extensions\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}\components\FFExternalAlert.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\programme\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - truec:\programme\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);

============= SERVICES / DRIVERS ===============

R1 avgio;avgio;c:\programme\avira\antivir desktop\avgio.sys [2009-10-9 11608]
R2 Akamai;Akamai NetSession Interface;c:\windows\system32\svchost.exe -k Akamai [2008-4-14 14336]
R2 AntiVirSchedulerService;Avira AntiVir Planer;c:\programme\avira\antivir desktop\sched.exe [2009-10-9 108289]
R2 AntiVirService;Avira AntiVir Guard;c:\programme\avira\antivir desktop\avguard.exe [2009-10-9 185089]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2009-10-9 56816]
R2 ES lite Service;ES lite Service for program management.;c:\programme\gigabyte\easysaver\essvr.exe [2009-10-9 68136]
R2 OMSI download service;Sony Ericsson OMSI download service;c:\programme\sony ericsson\sony ericsson pc suite\SupServ.exe [2009-11-15 90112]
R3 seehcri;Sony Ericsson seehcri Device Driver;c:\windows\system32\drivers\seehcri.sys [2009-11-15 27632]
S3 backdoor;backdoor;\??\c:\dokume~1\niklas\lokale~1\temp\backdoor.sys --> c:\dokume~1\niklas\lokale~1\temp\backdoor.sys [?]
S3 RTCore32;RTCore32;\??\e:\check\benchmarks\cpu\cpu tester\rtcore32.sys --> e:\check\benchmarks\cpu\cpu tester\RTCore32.sys [?]
S3 s0017bus;Sony Ericsson Device 0017 driver (WDM);c:\windows\system32\drivers\s0017bus.sys [2009-10-15 90536]
S3 s0017mdfl;Sony Ericsson Device 0017 USB WMC Modem Filter;c:\windows\system32\drivers\s0017mdfl.sys [2009-10-15 15016]
S3 s0017mdm;Sony Ericsson Device 0017 USB WMC Modem Driver;c:\windows\system32\drivers\s0017mdm.sys [2009-10-15 122152]
S3 s0017mgmt;Sony Ericsson Device 0017 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s0017mgmt.sys [2009-10-15 115496]
S3 s0017nd5;Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (NDIS);c:\windows\system32\drivers\s0017nd5.sys [2009-10-15 25768]
S3 s0017obex;Sony Ericsson Device 0017 USB WMC OBEX Interface;c:\windows\system32\drivers\s0017obex.sys [2009-10-15 111912]
S3 s0017unic;Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (WDM);c:\windows\system32\drivers\s0017unic.sys [2009-10-15 117672]

=============== Created Last 30 ================

2009-12-27 15:25:07 0 d-----w- c:\programme\CCleaner
2009-12-25 01:39:07 0 d-----w- c:\programme\gemeinsame dateien\Akamai
2009-12-24 13:44:34 0 d-----w- c:\programme\Trend Micro
2009-12-23 19:03:34 0 d-----w- c:\dokume~1\niklas\anwend~1\PhotoFiltre
2009-12-23 18:53:03 0 d-----w- c:\programme\PhotoScape
2009-12-21 21:52:21 0 d-----w- c:\programme\gemeinsame dateien\Apple
2009-12-20 02:50:29 0 d-----w- c:\programme\Pivot Stickfigure Animator
2009-12-18 20:28:21 0 d-----w- c:\programme\Left 4 Dead 2
2009-12-12 17:03:04 0 d-----w- c:\programme\buffed
2009-12-12 16:00:27 0 d-----w- c:\programme\WolfQuest
2009-12-12 15:42:04 0 d-----w- c:\programme\Activision
2009-12-11 13:31:52 4706 ----a-w- c:\windows\system32\PerfStringBackup.TMP
2009-12-05 15:03:38 0 d-----w- c:\programme\VideoLAN
2009-12-05 09:28:24 0 d-----w- c:\programme\Guitar Pro 5

==================== Find3M ====================

2010-01-03 13:59:10 16608 ----a-w- c:\windows\gdrv.sys
2009-12-11 23:35:00 71864 ----a-w- c:\windows\system32\perfc007.dat
2009-12-11 23:35:00 372708 ----a-w- c:\windows\system32\perfh007.dat
2009-12-08 14:01:09 56816 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2009-11-15 09:13:35 148736 ----a-w- c:\dokume~1\alluse~1\anwend~1\hpe6.dll
2009-11-07 23:43:55 25280 ----a-w- c:\windows\system32\drivers\hamachi.sys
2009-11-07 16:50:11 107888 ----a-w- c:\windows\system32\CmdLineExt.dll
2009-11-04 16:15:30 4423168 ----a-w- c:\windows\system32\drivers\ati2mtag.sys
2009-11-04 15:45:14 479232 ----a-w- c:\windows\system32\ATIDEMGX.dll
2009-11-04 15:44:14 300032 ----a-w- c:\windows\system32\ati2dvag.dll
2009-11-04 15:29:44 204800 ----a-w- c:\windows\system32\atipdlxx.dll
2009-11-04 15:29:28 155648 ----a-w- c:\windows\system32\Oemdspif.dll
2009-11-04 15:29:16 26112 ----a-w- c:\windows\system32\Ati2mdxx.exe
2009-11-04 15:29:08 43520 ----a-w- c:\windows\system32\ati2edxx.dll
2009-11-04 15:28:54 155648 ----a-w- c:\windows\system32\ati2evxx.dll
2009-11-04 15:28:16 311296 ----a-w- c:\windows\system32\atiiiexx.dll
2009-11-04 15:27:40 602112 ----a-w- c:\windows\system32\ati2evxx.exe
2009-11-04 15:26:18 53248 ----a-w- c:\windows\system32\ATIDDC.DLL
2009-11-04 15:18:50 3518304 ----a-w- c:\windows\system32\ati3duag.dll
2009-11-04 15:17:48 13000704 ----a-w- c:\windows\system32\atioglxx.dll
2009-11-04 15:05:10 2135680 ----a-w- c:\windows\system32\ativvaxx.dll
2009-11-04 15:04:46 887724 ----a-w- c:\windows\system32\ativva6x.dat
2009-11-04 14:51:08 65024 ----a-w- c:\windows\system32\atimpc32.dll
2009-11-04 14:51:08 65024 ----a-w- c:\windows\system32\amdpcom32.dll
2009-11-04 14:47:16 565248 ----a-w- c:\windows\system32\atikvmag.dll
2009-11-04 14:46:58 45056 ----a-w- c:\windows\system32\aticalrt.dll
2009-11-04 14:46:44 45056 ----a-w- c:\windows\system32\aticalcl.dll
2009-11-04 14:45:30 172032 ----a-w- c:\windows\system32\atiadlxx.dll
2009-11-04 14:45:08 3526656 ----a-w- c:\windows\system32\aticaldd.dll
2009-11-04 14:45:04 17408 ----a-w- c:\windows\system32\atitvo32.dll
2009-11-04 14:44:48 397312 ----a-w- c:\windows\system32\atiok3x2.dll
2009-11-04 14:44:20 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll
2009-11-04 14:39:26 638976 ----a-w- c:\windows\system32\ati2cqag.dll
2009-10-29 05:24:35 672768 ----a-w- c:\windows\system32\wininet.dll
2009-10-21 05:38:36 75776 ----a-w- c:\windows\system32\strmfilt.dll
2009-10-21 05:38:36 25088 ----a-w- c:\windows\system32\httpapi.dll
2009-10-20 16:00:53 189104 ----a-w- c:\windows\system32\PnkBstrB.exe
2009-10-20 16:00:43 75064 ----a-w- c:\windows\system32\PnkBstrA.exe
2009-10-13 10:32:34 271360 ----a-w- c:\windows\system32\oakley.dll
2009-10-12 22:12:11 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-10-12 13:38:18 79872 ----a-w- c:\windows\system32\raschap.dll
2009-10-12 13:38:18 150528 ----a-w- c:\windows\system32\rastls.dll
2009-10-09 16:09:23 21740 ----a-w- c:\windows\system32\emptyregdb.dat

============= FINISH: 15:30:43,90 ===============

 

noch einmal: bitte poste die fundmeldungen von antivir.
kannst du beispielseiten bzgl. der werbung(unklickbar) posten?

c:\programme\sgpsa\SearchAssistant.dll
c:\programme\sgpsa\BHO.dll
c:\programme\fast browser search\ie\FBStoolbar.dll
c:\dokumente und einstellungen\niklas\music\lst.exe
c:\dokume~1\niklas\lokale~1\temp\backdoor.sys

hier http://www.virustotal.com/de/ auswerten lassen und die ergebnisse posten.

http://www.trojaner-board.de/51187-anleitung-malwarebytes-anti-malware.html
anwenden, das log posten, funde vorerst nicht löschen.

 

Das steht doch alles in dem von dir gewünschten Log drinn, was willst du ddenn noch?

 

???
ich kann im dds-log die fundmeldungen nicht entdecken.

 

Warum verlangst du dann einen solchen Log?

 

weil Boston es normalerweise deuten kann

 

Hätte ich ja auch gedacht, aber:

 

So, ich arbeite jetzt alles einmal ab.
Antivirfunberichte reiche ich nach, wenn Antivir etwas findet.

http://www.virustotal.com/de/ auswertung:

c:\programme\sgpsa\SearchAssistant.dll Hier sagt er 1 Ergebnis

Antivirus Version letzte aktualisierung Ergebnis
a-squared 4.5.0.46 2010.01.03 -
AhnLab-V3 5.0.0.2 2010.01.02 -
AntiVir 7.9.1.122 2009.12.31 -
Antiy-AVL 2.0.3.7 2009.12.31 -
Authentium 5.2.0.5 2010.01.03 -
Avast 4.8.1351.0 2010.01.03 -
AVG 8.5.0.430 2010.01.03 -
BitDefender 7.2 2010.01.03 -
CAT-QuickHeal 10.00 2010.01.02 -
ClamAV 0.94.1 2010.01.03 -
Comodo 3457 2010.01.03 -
DrWeb 5.0.1.12222 2010.01.03 -
eSafe 7.0.17.0 2010.01.03 -
eTrust-Vet 35.1.7210 2010.01.01 -
F-Prot 4.5.1.85 2010.01.03 -
F-Secure 9.0.15370.0 2010.01.03 -
Fortinet 4.0.14.0 2010.01.02 -
GData 19 2010.01.03 -
Ikarus T3.1.1.79.0 2009.12.31 -
Jiangmin 13.0.900 2010.01.03 -
K7AntiVirus 7.10.936 2010.01.02 -
Kaspersky 7.0.0.125 2010.01.03 -
McAfee 5850 2010.01.03 -
McAfee+Artemis 5850 2010.01.03 -
McAfee-GW-Edition 6.8.5 2010.01.01 -
Microsoft 1.5302 2010.01.03 -
NOD32 4740 2010.01.03 -
Norman 6.04.03 2009.12.31 -
nProtect 2009.1.8.0 2010.01.03 -
Panda 10.0.2.2 2010.01.03 -
PCTools 7.0.3.5 2010.01.03 -
Prevx 3.0 2010.01.03 Medium Risk Malware
Rising 22.28.03.04 2009.12.31 -
Sophos 4.49.0 2010.01.03 -
Sunbelt 3.2.1858.2 2010.01.03 -
TheHacker 6.5.0.3.129 2010.01.03 -
TrendMicro 9.120.0.1004 2010.01.03 -
VBA32 3.12.12.1 2010.01.01 -
ViRobot 2009.12.31.2118 2009.12.31 -
VirusBuster 5.0.21.0 2010.01.03 -
weitere Informationen
File size: 123904 bytes
MD5...: 5e58968f209a4e038d42905699e145d5
SHA1..: e34d8d84aa45252a13e78290d544713c742c399f
SHA256: 5b722efbf0cd6c9d8973ea252ef32643cd4d64c64d30dc2db9157e397e1aae85
ssdeep: 3072:Ypo0HOWHbXEKWCY6AbpmEgcazh5I9vei:rirEKa6AbAR/zw
PEiD..: -
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x9c2c
timedatestamp.....: 0x4ad726af (Thu Oct 15 13:42:07 2009)
machinetype.......: 0x14c (I386)

( 6 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x133f7 0x13400 6.56 db0210b106cf765e918427714b10a0e3
.rdata 0x15000 0x5341 0x5400 5.01 6b1e5e4f0236e1002031145e325185aa
.data 0x1b000 0x387c 0x1c00 4.18 9e72fcf8d555f4099034e587db2c6790
.SHAREDM 0x1f000 0x328 0x400 0.00 0f343b0931126a20f133d67c2b018a3b
.rsrc 0x20000 0x126c 0x1400 4.89 1f6cdaf9c6fe1dc69d7b51a04731a7e9
.reloc 0x22000 0x2240 0x2400 4.76 b1452cabd713b63309c1156400a7f984

( 6 imports )
> urlmon.dll: IsValidURL
> KERNEL32.dll: FindResourceExW, GetLastError, GetProcAddress, GetModuleHandleW, lstrcmpiW, InterlockedIncrement, InterlockedDecrement, EnterCriticalSection, LeaveCriticalSection, GetModuleFileNameW, FreeLibrary, FindResourceW, LoadLibraryExW, SetThreadLocale, GetThreadLocale, HeapDestroy, HeapAlloc, HeapFree, HeapReAlloc, HeapSize, GetProcessHeap, FlushFileBuffers, LoadResource, LockResource, SizeofResource, DeleteCriticalSection, InitializeCriticalSection, RaiseException, lstrlenW, MultiByteToWideChar, GetCurrentThreadId, CloseHandle, CreateFileA, WriteConsoleW, GetConsoleOutputCP, WriteConsoleA, SetStdHandle, GetStringTypeW, GetStringTypeA, LCMapStringW, LCMapStringA, RtlUnwind, VirtualProtect, VirtualAlloc, GetSystemInfo, VirtualQuery, GetCommandLineA, TerminateProcess, GetCurrentProcess, UnhandledExceptionFilter, SetUnhandledExceptionFilter, IsDebuggerPresent, VirtualFree, HeapCreate, Sleep, ExitProcess, WriteFile, GetStdHandle, GetModuleFileNameA, TlsGetValue, TlsAlloc, TlsSetValue, TlsFree, SetLastError, GetCPInfo, GetACP, GetOEMCP, IsValidCodePage, SetHandleCount, GetFileType, GetStartupInfoA, FreeEnvironmentStringsA, GetEnvironmentStrings, FreeEnvironmentStringsW, WideCharToMultiByte, GetEnvironmentStringsW, QueryPerformanceCounter, GetTickCount, GetCurrentProcessId, GetSystemTimeAsFileTime, InitializeCriticalSectionAndSpinCount, LoadLibraryA, SetFilePointer, GetConsoleCP, GetConsoleMode, GetLocaleInfoA
> USER32.dll: CharNextW
> ADVAPI32.dll: RegEnumKeyExW, RegQueryInfoKeyW, RegSetValueExW, RegOpenKeyExW, RegCreateKeyExW, RegCloseKey, RegDeleteValueW, RegDeleteKeyW, RegQueryValueExW
> ole32.dll: CoTaskMemFree, CoTaskMemRealloc, CoTaskMemAlloc, CoCreateInstance, StringFromGUID2
> OLEAUT32.dll: -, -, -, -, -, -, -, -, -

( 5 exports )
DllCanUnloadNow, DllGetClassObject, DllInstall, DllRegisterServer, DllUnregisterServer
RDS...: NSRL Reference Data Set
-
sigcheck:
publisher....: Make The Web Better, LLC
copyright....: Make The Web Better, LLC. All rights reserved.
product......: n/a
description..: n/a
original name: SearchAssistant.dll
internal name: SearchAssistant.dll
file version.: 1.0.0.1
comments.....: n/a
signers......: -
signing date.: -
verified.....: Unsigned
pdfid.: -
trid..: Win64 Executable Generic (59.6&#37
Win32 Executable MS Visual C++ (generic) (26.2%)
Win32 Executable Generic (5.9%)
Win32 Dynamic Link Library (generic) (5.2%)
Generic Win/DOS Executable (1.3%)
<a href='http://info.prevx.com/aboutprogramtext.asp?PX5=CFB921A400F91298E4B101A1864A240017F63F90' target='_blank'>http://info.prevx.com/aboutprogramtext.asp?PX5=CFB921A400F91298E4B101A1864A240017F63F90</a>




c:\programme\sgpsa\BHO.dll Kein Ergebnis
Antivirus Version letzte aktualisierung Ergebnis
a-squared 4.5.0.46 2010.01.03 -
AhnLab-V3 5.0.0.2 2010.01.02 -
AntiVir 7.9.1.122 2009.12.31 -
Antiy-AVL 2.0.3.7 2009.12.31 -
Authentium 5.2.0.5 2010.01.03 -
Avast 4.8.1351.0 2010.01.03 -
AVG 8.5.0.430 2010.01.03 -
BitDefender 7.2 2010.01.03 -
CAT-QuickHeal 10.00 2010.01.02 -
ClamAV 0.94.1 2010.01.03 -
Comodo 3457 2010.01.03 -
DrWeb 5.0.1.12222 2010.01.03 -
eSafe 7.0.17.0 2010.01.03 -
eTrust-Vet 35.1.7210 2010.01.01 -
F-Prot 4.5.1.85 2010.01.03 -
F-Secure 9.0.15370.0 2010.01.03 -
Fortinet 4.0.14.0 2010.01.02 -
GData 19 2010.01.03 -
Ikarus T3.1.1.79.0 2009.12.31 -
K7AntiVirus 7.10.936 2010.01.02 -
Kaspersky 7.0.0.125 2010.01.03 -
McAfee 5850 2010.01.03 -
McAfee+Artemis 5850 2010.01.03 -
McAfee-GW-Edition 6.8.5 2010.01.01 -
Microsoft 1.5302 2010.01.03 -
NOD32 4740 2010.01.03 -
Norman 6.04.03 2009.12.31 -
nProtect 2009.1.8.0 2010.01.03 -
Panda 10.0.2.2 2010.01.03 -
PCTools 7.0.3.5 2010.01.03 -
Prevx 3.0 2010.01.03 -
Rising 22.28.03.04 2009.12.31 -
Sophos 4.49.0 2010.01.03 -
Sunbelt 3.2.1858.2 2010.01.03 -
TheHacker 6.5.0.3.129 2010.01.03 -
TrendMicro 9.120.0.1004 2010.01.03 -
VBA32 3.12.12.1 2010.01.01 -
ViRobot 2009.12.31.2118 2009.12.31 -
VirusBuster 5.0.21.0 2010.01.03 -
weitere Informationen
File size: 293376 bytes
MD5...: 42c3f423dbeb6db37c5f73172e61828f
SHA1..: 15b7bba97d0a5c435937cb3ddf53da5131a07173
SHA256: 0195c2d950cb7fa90204e8eb82c47d9aaf94843e6e4ea632ed07eb420ebd3d98
ssdeep: 6144:Wi9XsZxFhthVYb3ThpV81rubaz8f6/QWPxOsKe9XI8nEeyaSJG:jXsZxFht
hVYb3T61Cez8f6/QWPxOa9X4
PEiD..: -
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x26183
timedatestamp.....: 0x4af45dc2 (Fri Nov 06 17:32:50 2009)
machinetype.......: 0x14c (I386)

( 5 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x341af 0x34200 6.35 87740afef883452dc1365636e1414217
.rdata 0x36000 0xc9fb 0xca00 4.63 d6c42bc8e542327567d05a0896e5b99c
.data 0x43000 0x3ee0 0x2200 4.22 df7e7bfc3a99a95aacfe4680c9b59e18
.rsrc 0x47000 0x11b8 0x1200 4.71 5cfa45406ace94a1a13577f2cb18cde9
.reloc 0x49000 0x35e2 0x3600 5.90 b580cff89bba7d4655cce4f2b3148bbe

( 6 imports )
> KERNEL32.dll: LoadLibraryExW, lstrcmpiW, RaiseException, EnterCriticalSection, LeaveCriticalSection, InterlockedIncrement, InterlockedDecrement, DeleteCriticalSection, InitializeCriticalSection, WideCharToMultiByte, lstrlenA, DebugBreak, OutputDebugStringW, WaitForSingleObject, CreateMutexW, CloseHandle, ReleaseMutex, OpenFileMappingW, UnmapViewOfFile, MapViewOfFile, CreateFileMappingW, GetSystemTime, GetCurrentThreadId, FindResourceW, GetVersionExW, GetProcessHeap, SetEndOfFile, CreateFileA, CreateFileW, SetStdHandle, WriteConsoleW, GetConsoleOutputCP, WriteConsoleA, GetLocaleInfoW, LoadLibraryA, InitializeCriticalSectionAndSpinCount, GetStringTypeW, GetStringTypeA, IsValidLocale, EnumSystemLocalesA, GetLocaleInfoA, GetUserDefaultLCID, LoadResource, SizeofResource, MultiByteToWideChar, FreeLibrary, GetLastError, GetModuleFileNameW, lstrlenW, GetModuleHandleW, GetProcAddress, GetThreadLocale, GetCurrentProcessId, SetThreadLocale, GetTickCount, QueryPerformanceCounter, GetEnvironmentStringsW, FreeEnvironmentStringsW, GetEnvironmentStrings, FreeEnvironmentStringsA, FlushFileBuffers, SetFilePointer, ReadFile, GetStartupInfoA, GetFileType, SetHandleCount, GetConsoleMode, GetConsoleCP, GetModuleFileNameA, Sleep, HeapFree, RtlUnwind, HeapAlloc, VirtualProtect, VirtualAlloc, GetSystemInfo, VirtualQuery, GetSystemTimeAsFileTime, TerminateProcess, GetCurrentProcess, UnhandledExceptionFilter, SetUnhandledExceptionFilter, IsDebuggerPresent, GetCommandLineA, LCMapStringA, LCMapStringW, GetCPInfo, GetACP, GetOEMCP, IsValidCodePage, TlsGetValue, TlsAlloc, TlsSetValue, TlsFree, SetLastError, HeapCreate, HeapDestroy, VirtualFree, HeapReAlloc, HeapSize, ExitProcess, WriteFile, GetStdHandle
> USER32.dll: CharNextW, GetClassNameW, IsWindowVisible, GetForegroundWindow, LoadStringW, FindWindowExW, EnumChildWindows, PostThreadMessageW, PostMessageW, UnhookWindowsHookEx, SetWindowsHookExW, CallNextHookEx, SetWindowLongW, GetWindowTextW, SendMessageTimeoutW, CallWindowProcW, GetParent, wvsprintfW, CharLowerW, GetWindowThreadProcessId
> ADVAPI32.dll: SetSecurityDescriptorDacl, RegQueryValueExW, RegSetValueExW, RegEnumKeyExW, RegCreateKeyExW, RegDeleteValueW, RegOpenKeyExW, RegCloseKey, RegDeleteKeyW, RegQueryInfoKeyW, InitializeSecurityDescriptor
> ole32.dll: CoTaskMemAlloc, CoTaskMemRealloc, CoTaskMemFree, CoCreateInstance, StringFromGUID2
> OLEAUT32.dll: -, -, -, -, -, -, -, -, -
> WININET.dll: InternetCheckConnectionW

( 7 exports )
_InitH@@YAXHHH@Z, _UnhookH@@YAXH@Z, DllCanUnloadNow, DllGetClassObject, DllInstall, DllRegisterServer, DllUnregisterServer
RDS...: NSRL Reference Data Set
-
pdfid.: -
trid..: Windows OCX File (68.1%)
Win32 Executable MS Visual C++ (generic) (20.7%)
Win32 Executable Generic (4.7%)
Win32 Dynamic Link Library (generic) (4.1%)
Generic Win/DOS Executable (1.1%)
sigcheck:
publisher....: MTWB
copyright....: (c) MTWB. All rights reserved.
product......: MTWB
description..: n/a
original name: BHO.dll
internal name: BHO.dll
file version.: 8, 6, 0, 0
comments.....: n/a
signers......: -
signing date.: -
verified.....: Unsigned
c:\programme\fast browser search\ie\FBStoolbar.dll Ergebnis: 4/40 (10%)
Antivirus Version letzte aktualisierung Ergebnis
a-squared 4.5.0.46 2010.01.03 -
AhnLab-V3 5.0.0.2 2010.01.02 -
AntiVir 7.9.1.122 2009.12.31 -
Antiy-AVL 2.0.3.7 2009.12.31 -
Authentium 5.2.0.5 2010.01.03 W32/Softomate.A.gen!Eldorado
Avast 4.8.1351.0 2010.01.03 -
AVG 8.5.0.430 2010.01.03 -
BitDefender 7.2 2010.01.03 -
CAT-QuickHeal 10.00 2010.01.02 -
ClamAV 0.94.1 2010.01.03 -
Comodo 3457 2010.01.03 -
DrWeb 5.0.1.12222 2010.01.03 -
eSafe 7.0.17.0 2010.01.03 -
eTrust-Vet 35.1.7210 2010.01.01 -
F-Prot 4.5.1.85 2010.01.03 W32/Softomate.A.gen!Eldorado
F-Secure 9.0.15370.0 2010.01.03 -
Fortinet 4.0.14.0 2010.01.02 -
GData 19 2010.01.03 -
Ikarus T3.1.1.79.0 2009.12.31 -
Jiangmin 13.0.900 2010.01.03 -
K7AntiVirus 7.10.936 2010.01.02 -
Kaspersky 7.0.0.125 2010.01.03 -
McAfee 5850 2010.01.03 -
McAfee+Artemis 5850 2010.01.03 -
McAfee-GW-Edition 6.8.5 2010.01.01 -
Microsoft 1.5302 2010.01.03 -
NOD32 4740 2010.01.03 -
Norman 6.04.03 2009.12.31 -
nProtect 2009.1.8.0 2010.01.03 -
Panda 10.0.2.2 2010.01.03 -
PCTools 7.0.3.5 2010.01.03 Spyware.Mywebtattoo
Prevx 3.0 2010.01.03 -
Rising 22.28.03.04 2009.12.31 -
Sophos 4.49.0 2010.01.03 -
Sunbelt 3.2.1858.2 2010.01.03 Fast Browser Search
TheHacker 6.5.0.3.129 2010.01.03 -
TrendMicro 9.120.0.1004 2010.01.03 -
VBA32 3.12.12.1 2010.01.01 -
ViRobot 2009.12.31.2118 2009.12.31 -
VirusBuster 5.0.21.0 2010.01.03 -
weitere Informationen
File size: 2602368 bytes
MD5...: 8cb093b68730f8fc989b3ec80277965a
SHA1..: 87f0a66278eec66b2735875c7a0fd6023709eb04
SHA256: dcb6229ff1f43e416921f12fecda175d5fcaefacd8ca1d658360bc32930905d1
ssdeep: 49152:UoSiL4xopy33gEArolAcKpVMf1qT4TLBK:zSiLDpyH+rolAcYVus
PEiD..: -
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x175adf
timedatestamp.....: 0x4a82ccea (Wed Aug 12 14:08:42 2009)
machinetype.......: 0x14c (I386)

( 6 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x1b8e7e 0x1b9000 6.36 5d06e7df717cb0292da083c73d915e99
.rdata 0x1ba000 0x60ad0 0x60c00 5.19 4ed6322ca3726af6dd3467cf51ace6b0
.data 0x21b000 0xbb20 0x9200 4.61 a75a368f74cc1df6a09fae1a2b0d182b
.SHARED 0x227000 0x3f7e4 0x3f800 0.00 e01f4c7aabe5e0782ed3299a1bf1e876
.rsrc 0x267000 0x5450 0x5600 4.80 11b413c613a2b952308740674a815576
.reloc 0x26d000 0x11cb8 0x11e00 6.58 6e2476ea64e88e46d38fa63252f4e637

( 13 imports )
> WININET.dll: FtpSetCurrentDirectoryW, FtpCreateDirectoryW, InternetConnectW, InternetOpenW, FindFirstUrlCacheEntryW, InternetWriteFile, FtpOpenFileW, FindCloseUrlCache, FindNextUrlCacheEntryW, DeleteUrlCacheEntryW, InternetCloseHandle
> SHLWAPI.dll: PathFileExistsW, PathRemoveFileSpecW
> RPCRT4.dll: UuidCreate, UuidToStringW, RpcStringFreeW
> WINMM.dll: PlaySoundW
> dbghelp.dll: SymSetOptions, SymGetOptions, SymGetSymFromAddr, SymGetModuleBase, SymGetLineFromAddr, SymFunctionTableAccess, StackWalk, MiniDumpWriteDump, SymInitialize, SymLoadModule, SymCleanup
> VERSION.dll: VerQueryValueW, GetFileVersionInfoSizeW, GetFileVersionInfoW
> IPHLPAPI.DLL: GetAdaptersInfo
> KERNEL32.dll: GetProcAddress, GetFileAttributesW, GetVersion, GetCurrentThreadId, RaiseException, FlushInstructionCache, GetCurrentProcess, InterlockedIncrement, lstrlenW, EnterCriticalSection, LeaveCriticalSection, LoadLibraryA, GetVersionExW, GetCurrentThread, HeapFree, HeapAlloc, GetProcessHeap, CreateDirectoryW, GetTempPathW, SetCurrentDirectoryW, GlobalUnlock, GlobalLock, GlobalAlloc, lstrlenA, DebugBreak, OutputDebugStringW, MultiByteToWideChar, lstrcmpW, MulDiv, IsBadCodePtr, SetUnhandledExceptionFilter, IsBadWritePtr, GetCurrentProcessId, lstrcpynW, FormatMessageW, IsBadReadPtr, ReadProcessMemory, CreateFileW, CloseHandle, OpenProcess, WideCharToMultiByte, InitializeCriticalSection, FreeLibrary, SizeofResource, LoadResource, FindResourceW, LoadLibraryExW, lstrcmpiW, DeleteCriticalSection, WaitForSingleObject, SetEvent, CreateEventW, ResumeThread, ResetEvent, TerminateThread, CreateThread, CopyFileW, VerLanguageNameW, ReadFile, GetFileSize, DeleteFileW, RemoveDirectoryW, GetModuleFileNameW, CreateFileA, GetTempPathA, GetModuleHandleW, GetLongPathNameW, TerminateProcess, Process32NextW, Module32NextW, Module32FirstW, Process32FirstW, CreateToolhelp32Snapshot, GetFullPathNameW, FindFirstFileW, lstrcpyW, FindNextFileW, FindClose, GlobalFree, GlobalReAlloc, lstrcatW, WriteProcessMemory, DisableThreadLibraryCalls, MoveFileExW, ReleaseMutex, CreateMutexW, OpenMutexW, FindResourceExW, GetUserDefaultLangID, Sleep, MapViewOfFile, CreateFileMappingW, OpenFileMappingW, UnmapViewOfFile, LocalFree, LocalAlloc, FileTimeToSystemTime, SetFilePointer, GetFileInformationByHandle, SystemTimeToFileTime, GetLocalTime, GetTickCount, LockResource, GlobalSize, InterlockedExchange, UnhandledExceptionFilter, IsDebuggerPresent, ExitProcess, GetStdHandle, GetModuleFileNameA, TlsGetValue, TlsAlloc, TlsSetValue, TlsFree, GetConsoleCP, GetConsoleMode, SetHandleCount, GetFileType, GetStartupInfoA, FlushFileBuffers, FatalAppExitA, HeapSize, HeapCreate, HeapDestroy, GetCPInfo, GetACP, LoadLibraryW, OutputDebugStringA, GetLastError, SetLastError, InterlockedDecrement, MoveFileW, GetModuleHandleA, GetOEMCP, IsValidCodePage, LCMapStringW, GetTimeZoneInformation, FreeEnvironmentStringsA, GetEnvironmentStrings, FreeEnvironmentStringsW, GetEnvironmentStringsW, QueryPerformanceCounter, SetConsoleCtrlHandler, InitializeCriticalSectionAndSpinCount, GetLocaleInfoW, GetLocaleInfoA, SetStdHandle, HeapReAlloc, WriteConsoleA, GetConsoleOutputCP, WriteConsoleW, LCMapStringA, InterlockedCompareExchange, IsProcessorFeaturePresent, VirtualFree, VirtualAlloc, RtlUnwind, ExitThread, GetSystemTimeAsFileTime, GetStringTypeA, GetStringTypeW, GetTimeFormatA, GetDateFormatA, GetUserDefaultLCID, EnumSystemLocalesA, IsValidLocale, CompareStringA, CompareStringW, SetEnvironmentVariableA, SetEndOfFile, WriteFile, GetCommandLineA
> USER32.dll: InsertMenuItemW, InsertMenuW, GetSubMenu, LoadMenuW, LoadMenuIndirectW, GetMenuItemInfoW, OffsetRect, WindowFromDC, GetWindowThreadProcessId, GetAsyncKeyState, GetIconInfo, SetLastErrorEx, wsprintfW, InvalidateRgn, InvalidateRect, SetCapture, ReleaseCapture, ScreenToClient, CreateAcceleratorTableW, GetDC, GetDesktopWindow, GetClassNameW, SetWindowPos, RedrawWindow, BeginPaint, FillRect, EndPaint, IsChild, SetFocus, DestroyAcceleratorTable, wvsprintfW, CharNextW, CharUpperW, CopyRect, GetWindowTextLengthW, RegisterWindowMessageW, DialogBoxIndirectParamW, SetTimer, SetMenuItemBitmaps, GetSysColor, GetSystemMetrics, CharLowerBuffW, GetActiveWindow, GetWindow, GetKeyState, OpenClipboard, EmptyClipboard, CloseClipboard, MessageBoxW, GetDlgItem, GetMessagePos, MapWindowPoints, ReleaseDC, GetWindowDC, GetClientRect, GetWindowLongW, TrackPopupMenu, UnhookWindowsHookEx, SetWindowsHookExW, EnableMenuItem, LoadImageW, SetWindowRgn, DrawFrameControl, LoadBitmapW, GetCursorPos, DefWindowProcW, CallWindowProcW, PostMessageW, SetWindowLongW, RegisterClas***W, LoadCursorW, GetClassInfoExW, LoadStringW, GetParent, ShowWindow, MoveWindow, SetWindowTextW, CreateWindowExW, SendMessageW, GetFocus, IsWindow, DestroyWindow, DestroyMenu, CreatePopupMenu, AppendMenuW, WindowFromPoint, EndMenu, DrawTextW, UnregisterClassW, GetSysColorBrush, CharLowerW, DialogBoxParamW, wsprintfA, IsWindowVisible, CallNextHookEx, SetCursor, DestroyCursor, SetDlgItemTextW, MessageBeep, EnumChildWindows, MonitorFromWindow, GetMonitorInfoW, EndDialog, EnableWindow, DrawEdge, DrawFocusRect, GetMenu, AdjustWindowRectEx, GetDlgCtrlID, IsWindowEnabled, KillTimer, UpdateWindow, PtInRect, GetCapture, SystemParametersInfoW, ClientToScreen, InflateRect, SetActiveWindow, GetWindowRect, TranslateMessage, UnregisterClassA, LoadCursorFromFileW, CharUpperBuffW, GetWindowTextW, DispatchMessageW
> GDI32.dll: GetTextExtentPoint32W, ExtTextOutW, CreateFontW, DeleteObject, FrameRgn, CreateSolidBrush, CreateRectRgnIndirect, DeleteDC, BitBlt, CreateCompatibleDC, CreateCompatibleBitmap, GetDeviceCaps, GetObjectW, GetStockObject, Rectangle, CreatePatternBrush, CreatePen, GetTextExtentPointW, GetTextMetricsW, SetBkMode, SetTextColor, SaveDC, RestoreDC, GetClipBox, SelectClipRgn, SetBkColor, CombineRgn, CreateBrushIndirect, CreateRectRgn, PatBlt, SetBrushOrgEx, CreateDIBPatternBrushPt, CreateDIBSection, GetDIBits, RealizePalette, SetDIBitsToDevice, SetStretchBltMode, ExtSelectClipRgn, StretchBlt, CreateBitmap, RectVisible, StretchDIBits, CreateFontIndirectW, SelectObject
> SHELL32.dll: SHEmptyRecycleBinW, ShellExecuteW, DragQueryFileW, SHLoadInProc, SHCreateDirectoryExW, ShellExecuteA, DoEnvironmentSubstW, SHAddToRecentDocs
> ole32.dll: CoTaskMemAlloc, CoUninitialize, CoInitialize, CoCreateInstance, OleUninitialize, CreateStreamOnHGlobal, OleInitialize, CoGetClassObject, CLSIDFromProgID, CLSIDFromString, StringFromGUID2, OleLockRunning, OleRun, CoTaskMemFree, CoTaskMemRealloc, RegisterDragDrop, ReleaseStgMedium, CoCreateGuid, CoGetInterfaceAndReleaseStream, CoMarshalInterThreadInterfaceInStream
> OLEAUT32.dll: -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -

( 42 exports )
__0CxFile@@QAE@ABV0@@Z, __0CxFile@@QAE@XZ, __0CxIOFile@@QAE@ABV0@@Z, __0CxIOFile@@QAE@PAU_iobuf@@@Z, __0CxMemFile@@QAE@ABV0@@Z, __1CxFile@@UAE@XZ, __1CxIOFile@@UAE@XZ, __1CxImage@@UAE@XZ, __4CxFile@@QAEAAV0@ABV0@@Z, __4CxIOFile@@QAEAAV0@ABV0@@Z, __4CxMemFile@@QAEAAV0@ABV0@@Z, ___7CxFile@@6B@, ___7CxIOFile@@6B@, ___7CxImage@@6B@, ___7CxMemFile@@6B@, ___FCxIOFile@@QAEXXZ, ___FCxImage@@QAEXXZ, ___FCxMemFile@@QAEXXZ, ___OCxImage@@QAEXAAV0@@Z, _Close@CxIOFile@@UAE_NXZ, _Eof@CxIOFile@@UAE_NXZ, _Error@CxIOFile@@UAEJXZ, _Flush@CxIOFile@@UAE_NXZ, _GetC@CxIOFile@@UAEJXZ, _GetS@CxIOFile@@UAEPADPADH@Z, _Open@CxIOFile@@QAE_NPB_W0@Z, _PutC@CxFile@@UAE_NE@Z, _PutC@CxIOFile@@UAE_NE@Z, _Read@CxIOFile@@UAEIPAXII@Z, _Scanf@CxIOFile@@UAEJPBDPAX@Z, _Seek@CxIOFile@@UAE_NJH@Z, _Size@CxIOFile@@UAEJXZ, _Tell@CxIOFile@@UAEJXZ, _Write@CxIOFile@@UAEIPBXII@Z, CanReload, DllCanUnloadNow, DllGetClassObject, DllRegisterServer, DllUnregisterServer, GetUpdaterAPI, MyUnregisterServer, TBStudioReg
RDS...: NSRL Reference Data Set
-
pdfid.: -
trid..: DirectShow filter (52.6%)
Windows OCX File (32.2%)
Win32 Executable MS Visual C++ (generic) (9.8%)
Win32 Executable Generic (2.2%)
Win32 Dynamic Link Library (generic) (1.9%)
sigcheck:
publisher....: n/a
copyright....: Copyright (c) 2001-2008. All rights reserved.
product......: IE Toolbar
description..: IE Toolbar Engine
original name: tbcore3.dll
internal name: tbcore3
file version.: 4, 1, 0, 41
comments.....: n/a
signers......: Make The Web Better, LLC
VeriSign Class 3 Code Signing 2004 CA
Class 3 Public Primary Certification Authority
signing date.: 3:17 PM 8/13/2009
verified.....: -
c:\dokumente und einstellungen\niklas\music\lst.exe Ergebnis: 1/40 (2.5%)
Antivirus Version letzte aktualisierung Ergebnis
a-squared 4.5.0.46 2010.01.03 -
AhnLab-V3 5.0.0.2 2010.01.02 -
AntiVir 7.9.1.122 2009.12.31 -
Antiy-AVL 2.0.3.7 2009.12.31 -
Authentium 5.2.0.5 2010.01.03 -
Avast 4.8.1351.0 2010.01.03 -
AVG 8.5.0.430 2010.01.03 -
BitDefender 7.2 2010.01.03 -
CAT-QuickHeal 10.00 2010.01.02 -
ClamAV 0.94.1 2010.01.03 -
Comodo 3457 2010.01.03 -
DrWeb 5.0.1.12222 2010.01.03 -
eSafe 7.0.17.0 2010.01.03 -
eTrust-Vet 35.1.7210 2010.01.01 -
F-Prot 4.5.1.85 2010.01.03 -
F-Secure 9.0.15370.0 2010.01.03 -
Fortinet 4.0.14.0 2010.01.02 -
GData 19 2010.01.03 -
Ikarus T3.1.1.79.0 2009.12.31 -
Jiangmin 13.0.900 2010.01.03 -
K7AntiVirus 7.10.936 2010.01.02 -
Kaspersky 7.0.0.125 2010.01.03 -
McAfee 5850 2010.01.03 -
McAfee+Artemis 5850 2010.01.03 -
McAfee-GW-Edition 6.8.5 2010.01.01 Heuristic.LooksLike.Trojan.Dldr.Piker.B
Microsoft 1.5302 2010.01.03 -
NOD32 4740 2010.01.03 -
Norman 6.04.03 2009.12.31 -
nProtect 2009.1.8.0 2010.01.03 -
Panda 10.0.2.2 2010.01.03 -
PCTools 7.0.3.5 2010.01.03 -
Prevx 3.0 2010.01.03 -
Rising 22.28.03.04 2009.12.31 -
Sophos 4.49.0 2010.01.03 -
Sunbelt 3.2.1858.2 2010.01.03 -
TheHacker 6.5.0.3.129 2010.01.03 -
TrendMicro 9.120.0.1004 2010.01.03 -
VBA32 3.12.12.1 2010.01.01 -
ViRobot 2009.12.31.2118 2009.12.31 -
VirusBuster 5.0.21.0 2010.01.03 -
weitere Informationen
File size: 120832 bytes
MD5...: 3550b39a7b394dc770ca71a075e95fc6
SHA1..: f903012214e88a08b7cfe92d0bd38a94af1968e7
SHA256: 767e2c3ec964f621bfcb4a78f5ce336eae3f0f600c456ef3e22cb1efaa7f1e65
ssdeep: 3072:97r2bCufTpFAF7pa3iSoFo/diEB99Da1/u5WzwG:1r2b3fTpFAFE2FkUEBI
u5Ww
PEiD..: -
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x1ecde
timedatestamp.....: 0x4afa8050 (Wed Nov 11 09:13:52 2009)
machinetype.......: 0x14c (I386)

( 3 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x2000 0x1cce4 0x1ce00 7.90 045aac7dbd43a40090c8c7e9a1f0afe6
.rsrc 0x20000 0x5f8 0x600 4.18 efa327c850ea3b10d990bc4d79884c21
.reloc 0x22000 0xc 0x200 0.10 e4d0bcb0e2a8e924f7ffb8fef225a6db

( 1 imports )
> mscoree.dll: _CorExeMain

( 0 exports )
RDS...: NSRL Reference Data Set
-
pdfid.: -
trid..: Generic CIL Executable (.NET, Mono, etc.) (85.3%)
Win32 Executable Generic (9.9%)
Generic Win/DOS Executable (2.3%)
DOS Executable Generic (2.3%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
sigcheck:
publisher....: Microsoft
copyright....: Copyright (c) Microsoft 2009
product......: allgemeiner fake keygen
description..: allgemeiner fake keygen
original name: allgemeiner fake keygen.exe
internal name: allgemeiner fake keygen.exe
file version.: 1.0.0.0
comments.....: n/a
signers......: -
signing date.: -
verified.....: Unsigned
c:\dokume~1\niklas\lokale~1\temp\backdoor.sys
Datei konnte nicht gefunden werden...

Malwarebytes Anti-Malware scan l&#228;uft grade, ich werde ihn noch rein editieren wenn er fertig ist

 

was heißt normalerweise?
@Hnas2
grundgütiger herrgott...du hast ja überhaupt keine ahnung von der materie.
ich möchte gerne wissen, was der hilfesuchende genau gelöscht hat.
diese gelöschten dateien sind deiner meinung nach also definitiv im dds-log zu erkennen?

 

Dort ist aber ein Root-Virus erkennbar.

 

was ist das und woran erkennst du das?

 

Hier Antivir hat was gefunden.
C:\System Volume Information\...\A0059611.exe
Enth&#228;lt Erkennungsmuster der Ad- oder Spyware ADSPY/FTat.A.2
und dann noch
C:\System Volume Information\...\A0059612.exe
Enth&#228;lt Erkennungsmuster der Ad- oder Spyware ADSPY/FTat.A.1
und ebenso
C:\System Volume Information\...\A0059613.exe
Enth&#228;lt Erkennungsmuster der Ad- oder Spyware ADSPY/FTat.A.2
und auch
C:\System Volume Information\...\A0059614.exe
Enth&#228;lt Erkennungsmuster der Ad- oder Spyware ADSPY/FTat.A.1

Hier nen Beispiel f&#252;r die Werbung
Bild Hosted bei ImagesUp.de

 

http://www.threatexpert.com/report.aspx?md5=3550b39a7b394dc770ca71a075e95fc6
damit endet mein support.

 

@ N.P.

Deaktiviere mal die Systemwiederherstellung und aktiviere sie anschließend wieder.

Gruß
Nevok

 

Okay, aber wie stelle ich die Systemwiederherstellung aus?
Ich habe grade ur keine Ahnung ;P

 

http://www.windows-tweaks.info/html/nosysrec.html