Virtumonde! Bitte um Hilfe.

wasch · 18.08.2008, 20:12

C:\Lon\LonWorks\bin\LnsMtsSvc.exe

Code:

ATTFilter

Datei LnsMtsSvc.exe empfangen 2008.08.18 13:00:29 (CET)
Status:     Beendet   
Ergebnis: 0/36 (0%)
Antivirus	Version	letzte aktualisierung	Ergebnis
AhnLab-V3	2008.8.15.0	2008.08.18	-
AntiVir	7.8.1.19	2008.08.18	-
Authentium	5.1.0.4	2008.08.18	-
Avast	4.8.1195.0	2008.08.17	-
AVG	8.0.0.161	2008.08.18	-
BitDefender	7.2	2008.08.18	-
CAT-QuickHeal	9.50	2008.08.16	-
ClamAV	0.93.1	2008.08.18	-
DrWeb	4.44.0.09170	2008.08.18	-
eSafe	7.0.17.0	2008.08.17	-
eTrust-Vet	31.6.6035	2008.08.15	-
Ewido	4.0	2008.08.18	-
F-Prot	4.4.4.56	2008.08.18	-
F-Secure	7.60.13501.0	2008.08.18	-
Fortinet	3.14.0.0	2008.08.18	-
GData	2.0.7306.1023	2008.08.18	-
Ikarus	T3.1.1.34.0	2008.08.18	-
K7AntiVirus	7.10.417	2008.08.18	-
Kaspersky	7.0.0.125	2008.08.18	-
McAfee	5362	2008.08.15	-
Microsoft	1.3807	2008.08.18	-
NOD32v2	3364	2008.08.18	-
Norman	5.80.02	2008.08.15	-
Panda	9.0.0.4	2008.08.17	-
PCTools	4.4.2.0	2008.08.17	-
Prevx1	V2	2008.08.18	-
Rising	20.58.02.00	2008.08.18	-
Sophos	4.32.0	2008.08.18	-
Sunbelt	3.1.1546.1	2008.08.15	-
Symantec	10	2008.08.18	-
TheHacker	6.3.0.5.053	2008.08.18	-
TrendMicro	8.700.0.1004	2008.08.18	-
VBA32	3.12.8.3	2008.08.18	-
ViRobot	2008.8.18.1339	2008.08.18	-
VirusBuster	4.5.11.0	2008.08.17	-
Webwasher-Gateway	6.6.2	2008.08.18	-
weitere Informationen
File size: 57400 bytes
MD5...: 00ae40f0ddfdd769934563902652d97a
SHA1..: fc158498180d6ec40d607239037e1ee904846ad0
SHA256: a14f5b7b9eaaee49c1d66431f7cac111f86549ba201a0fbaf3d590a7f2e7127a
SHA512: f761892979f8cf534b460dc701dcf746e975a5861a18c0182015af976d59f394
8820d39dde58dd10d3b9674288379b5c942b47bda878a0fc935ad03f8d457a13
PEiD..: Armadillo v1.71
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x404678
timedatestamp.....: 0x446b7221 (Wed May 17 18:57:37 2006)
machinetype.......: 0x14c (I386)

( 4 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x396a 0x4000 5.85 86a028a8fb2358afcd7611245f3235ad
.rdata 0x5000 0x2050 0x3000 4.40 951d1f09f927ef72c1cae305b3842feb
.data 0x8000 0x84c 0x1000 1.85 e110c18322ba0389851d01a8836e0f76
.rsrc 0x9000 0x4228 0x5000 3.02 0fae66ea913674a43acabdbc2628ca34

( 6 imports ) 
> KERNEL32.dll: FreeLibrary, SizeofResource, LoadResource, FindResourceA, LoadLibraryExA, lstrcpynA, WideCharToMultiByte, InitializeCriticalSection, LoadLibraryA, lstrcpyA, lstrcatA, GetCurrentThread, GetShortPathNameA, MultiByteToWideChar, lstrlenW, GetVersion, LocalFree, ReadFile, GetCurrentProcess, OpenProcess, CreateJobObjectA, DuplicateHandle, CreateFileMappingA, CreateWaitableTimerA, CreateSemaphoreA, CreateMutexA, WriteFile, FlushFileBuffers, DisconnectNamedPipe, SetLastError, CreateNamedPipeA, ConnectNamedPipe, CloseHandle, InterlockedDecrement, GetModuleFileNameA, GetModuleHandleA, GetProcAddress, lstrlenA, GetCommandLineA, lstrcmpiA, GetLastError, GetCurrentThreadId, CreateEventA, CreateThread, SetEvent, WaitForSingleObject, TerminateThread, IsDBCSLeadByte, GetStartupInfoA
> USER32.dll: LoadStringA, MessageBoxA, GetMessageA, DispatchMessageA, PostThreadMessageA, CharNextA
> ADVAPI32.dll: ControlService, RegQueryInfoKeyA, RegEnumKeyExA, RegCreateKeyExA, RegDeleteKeyA, RegOpenKeyExA, OpenProcessToken, LookupPrivilegeValueA, PrivilegeCheck, ConvertStringSecurityDescriptorToSecurityDescriptorA, MakeAbsoluteSD, InitializeSecurityDescriptor, SetSecurityDescriptorDacl, StartServiceCtrlDispatcherA, DeleteService, CreateServiceA, RegDeleteValueA, RegSetValueExA, RegCloseKey, RegQueryValueExA, SetServiceStatus, RegisterServiceCtrlHandlerA, RegisterEventSourceA, ReportEventA, DeregisterEventSource, OpenSCManagerA, OpenServiceA, CloseServiceHandle, CopySid, GetLengthSid, SetSecurityDescriptorOwner, SetSecurityDescriptorGroup, OpenThreadToken, GetTokenInformation, RegEnumValueA
> ole32.dll: CoInitialize, CoInitializeSecurity, CoUninitialize, CoTaskMemFree, CoTaskMemRealloc, CoRegisterClassObject, CoRevokeClassObject, CoCreateInstance, CoTaskMemAlloc
> OLEAUT32.dll: -, -, -, -, -
> MSVCRT.dll: _onexit, __dllonexit, _controlfp, __set_app_type, __p__fmode, __p__commode, _adjust_fdiv, __setusermatherr, _initterm, __getmainargs, _acmdln, exit, _XcptFilter, _exit, _terminate@@YAXXZ, _except_handler3, memcmp, __2@YAPAXI@Z, realloc, malloc, free, puts, vsprintf, __CxxFrameHandler, memcpy, memset, _strnicmp, strlen, strrchr, strncmp

( 0 exports )

C:\Lon\LonWorks\bin\LdvxBroker.exe

Code:

ATTFilter

Datei LdvxBroker.exe empfangen 2008.08.18 13:04:38 (CET)
Status:     Beendet   
Ergebnis: 0/36 (0%)
Antivirus	Version	letzte aktualisierung	Ergebnis
AhnLab-V3	2008.8.15.0	2008.08.18	-
AntiVir	7.8.1.19	2008.08.18	-
Authentium	5.1.0.4	2008.08.18	-
Avast	4.8.1195.0	2008.08.17	-
AVG	8.0.0.161	2008.08.18	-
BitDefender	7.2	2008.08.18	-
CAT-QuickHeal	9.50	2008.08.16	-
ClamAV	0.93.1	2008.08.18	-
DrWeb	4.44.0.09170	2008.08.18	-
eSafe	7.0.17.0	2008.08.17	-
eTrust-Vet	31.6.6035	2008.08.15	-
Ewido	4.0	2008.08.18	-
F-Prot	4.4.4.56	2008.08.18	-
F-Secure	7.60.13501.0	2008.08.18	-
Fortinet	3.14.0.0	2008.08.18	-
GData	2.0.7306.1023	2008.08.18	-
Ikarus	T3.1.1.34.0	2008.08.18	-
K7AntiVirus	7.10.417	2008.08.18	-
Kaspersky	7.0.0.125	2008.08.18	-
McAfee	5362	2008.08.15	-
Microsoft	1.3807	2008.08.18	-
NOD32v2	3364	2008.08.18	-
Norman	5.80.02	2008.08.15	-
Panda	9.0.0.4	2008.08.17	-
PCTools	4.4.2.0	2008.08.17	-
Prevx1	V2	2008.08.18	-
Rising	20.58.02.00	2008.08.18	-
Sophos	4.32.0	2008.08.18	-
Sunbelt	3.1.1546.1	2008.08.15	-
Symantec	10	2008.08.18	-
TheHacker	6.3.0.5.053	2008.08.18	-
TrendMicro	8.700.0.1004	2008.08.18	-
VBA32	3.12.8.3	2008.08.18	-
ViRobot	2008.8.18.1339	2008.08.18	-
VirusBuster	4.5.11.0	2008.08.17	-
Webwasher-Gateway	6.6.2	2008.08.18	-
weitere Informationen
File size: 61498 bytes
MD5...: c57bd3ab5d64fd45a159a1f83bd7df43
SHA1..: 66a65f010b2af36c5b79c5aa9a260fa023e074cb
SHA256: befe85ffa88717ec3596dffb84928e7ccb85ff1ca3158f508f0b14c563536d97
SHA512: eb13d095d157960c4c33aaaf51a882bca42f962c8ee3b2775ce9180682139385
b96d6aa171b57e9f87467c5d254e5529f0e5449c49d614635545b4c7886ac3a2
PEiD..: Armadillo v1.71
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x40537e
timedatestamp.....: 0x446b7366 (Wed May 17 19:03:02 2006)
machinetype.......: 0x14c (I386)

( 4 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x47c7 0x5000 5.98 50bb8a3f2de505ea6c8d33286d905708
.rdata 0x6000 0x2b02 0x3000 5.30 f1d2b46d3cb6a0bf13f71ea8f9b0a48f
.data 0x9000 0xe5c 0x1000 3.90 b36dab220161a2507eec5d8baa532a0e
.rsrc 0xa000 0x4480 0x5000 3.17 c7912581c5c86fe1825f4e8d7b05c015

( 9 imports ) 
> LnsMtsShim.dll: CreateMutexA
> LdvxManager.dll: __0xManager@@QAE@_N@Z, __1xManager@@QAE@XZ
> LdvxLog.dll: _Open@xLog@@QAEXPBD@Z, _CreateSubKey@xRegistry@@QAEJPBDPAK@Z, _SetField@xRegistry@@QBEJPBDHK@Z, _DeleteField@xRegistry@@QBEJPBD@Z, _SetField@xRegistry@@QBEJPBD0@Z, _TraceEventV@xLog@@QBEXGJPAD@Z, _LogEventV@xLog@@QBEXGJPAD@Z, _GetDefaultLog@xLog@@SAPAV1@XZ, __1xRegistry@@QAE@XZ, _GetField@xRegistry@@QBEJPBDAA_N@Z, __0xRegistry@@QAE@PAUHKEY__@@PBD@Z, _LdvxTrace2@xLog@@QBAXGW4LdvxType@@PBDZZ, _c_sLonWorksPath@@3V_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@_STL@@@_STL@@B, _GetField@xRegistry@@QBEJPBDAAH@Z, _c_szxDriverKey@@3QBDB, _OpenSubKey@xRegistry@@QAEJPBDPAUHKEY__@@@Z, _SetTraceLevel@xLog@@QAEXE@Z, _SetTraceTypes@xLog@@QAEXW4LdvxTraceTypes@@@Z, _SetTraceCategories@xLog@@QAEXW4LdvxTraceCategories@@@Z, _SetTraceOptions@xLog@@QAEXW4LdvxTraceOptions@@@Z, _Close@xLog@@QAEXXZ, _FieldExists@xRegistry@@QBE_NPBD@Z, __BxRegistry@@QBEPAUHKEY__@@XZ
> USER32.dll: SendMessageA, ShowWindow, GetMessageA, IsWindow, IsDialogMessageA, DispatchMessageA, DestroyWindow, PostThreadMessageA, CharNextA, MessageBoxA, CreateDialogParamA, SetDlgItemTextA, GetWindowRect, UpdateWindow, LoadIconA, LoadStringA, GetDlgItem, EnableWindow, MoveWindow, SetWindowLongA
> ole32.dll: CoUninitialize, CoInitializeSecurity, CoInitializeEx, CoInitialize, CoTaskMemFree, CoTaskMemAlloc, CoTaskMemRealloc, CoRegisterClassObject, CoRevokeClassObject, CoCreateInstance
> OLEAUT32.dll: -, -, -, -, -
> KERNEL32.dll: WideCharToMultiByte, FlushInstructionCache, GetCurrentThread, EnterCriticalSection, LeaveCriticalSection, lstrcatA, lstrcpyA, LoadLibraryA, DeleteCriticalSection, HeapDestroy, InitializeCriticalSection, IsDBCSLeadByte, lstrcpynA, LoadLibraryExA, FindResourceA, LoadResource, SizeofResource, FreeLibrary, GetStartupInfoA, GetShortPathNameA, lstrlenW, GetModuleFileNameA, GetModuleHandleA, GetProcAddress, lstrlenA, MultiByteToWideChar, lstrcmpiA, GetCommandLineA, GetCurrentProcessId, OpenProcess, GetLastError, CloseHandle, GetCurrentThreadId, GetCurrentProcess, SetProcessWorkingSetSize, InterlockedDecrement
> ADVAPI32.dll: RegOpenKeyExA, GetTokenInformation, OpenThreadToken, OpenProcessToken, SetSecurityDescriptorGroup, SetSecurityDescriptorOwner, GetLengthSid, CopySid, InitializeSecurityDescriptor, SetSecurityDescriptorDacl, RegEnumValueA, RegQueryInfoKeyA, RegSetValueExA, RegEnumKeyExA, CloseServiceHandle, RegCloseKey, RegDeleteValueA, RegCreateKeyExA, RegDeleteKeyA, StartServiceCtrlDispatcherA, ControlService, DeleteService, CreateServiceA, GetUserNameA, SetSecurityInfo, SetServiceStatus, RegisterServiceCtrlHandlerA, OpenSCManagerA, OpenServiceA
> MSVCRT.dll: memmove, _onexit, __dllonexit, _controlfp, __set_app_type, __p__fmode, __p__commode, _adjust_fdiv, __setusermatherr, _initterm, __getmainargs, _acmdln, exit, _XcptFilter, _exit, __1type_info@@UAE@XZ, _terminate@@YAXXZ, _except_handler3, _itoa, strlen, __1exception@@UAE@XZ, __0exception@@QAE@XZ, strncpy, __0exception@@QAE@ABV0@@Z, _CxxThrowException, memcmp, memset, realloc, malloc, free, memcpy, __CxxFrameHandler, __2@YAPAXI@Z, _ultoa

( 0 exports )

C:\install.dat

Code:

ATTFilter

Datei install.dat empfangen 2008.08.18 13:06:24 (CET)
Status:     Beendet   
Ergebnis: 0/36 (0%)
Antivirus	Version	letzte aktualisierung	Ergebnis
AhnLab-V3	2008.8.15.0	2008.08.18	-
AntiVir	7.8.1.19	2008.08.18	-
Authentium	5.1.0.4	2008.08.18	-
Avast	4.8.1195.0	2008.08.17	-
AVG	8.0.0.161	2008.08.18	-
BitDefender	7.2	2008.08.18	-
CAT-QuickHeal	9.50	2008.08.16	-
ClamAV	0.93.1	2008.08.18	-
DrWeb	4.44.0.09170	2008.08.18	-
eSafe	7.0.17.0	2008.08.17	-
eTrust-Vet	31.6.6035	2008.08.15	-
Ewido	4.0	2008.08.18	-
F-Prot	4.4.4.56	2008.08.18	-
F-Secure	7.60.13501.0	2008.08.18	-
Fortinet	3.14.0.0	2008.08.18	-
GData	2.0.7306.1023	2008.08.18	-
Ikarus	T3.1.1.34.0	2008.08.18	-
K7AntiVirus	7.10.417	2008.08.18	-
Kaspersky	7.0.0.125	2008.08.18	-
McAfee	5362	2008.08.15	-
Microsoft	1.3807	2008.08.18	-
NOD32v2	3364	2008.08.18	-
Norman	5.80.02	2008.08.15	-
Panda	9.0.0.4	2008.08.17	-
PCTools	4.4.2.0	2008.08.17	-
Prevx1	V2	2008.08.18	-
Rising	20.58.02.00	2008.08.18	-
Sophos	4.32.0	2008.08.18	-
Sunbelt	3.1.1546.1	2008.08.15	-
Symantec	10	2008.08.18	-
TheHacker	6.3.0.5.053	2008.08.18	-
TrendMicro	8.700.0.1004	2008.08.18	-
VBA32	3.12.8.3	2008.08.18	-
ViRobot	2008.8.18.1339	2008.08.18	-
VirusBuster	4.5.11.0	2008.08.17	-
Webwasher-Gateway	6.6.2	2008.08.18	-
weitere Informationen
File size: 164 bytes
MD5...: 221459272704441f4bebf6f4fb8c83bc
SHA1..: dcbb8382b541978935b3e5cbd85ce344ba0f5cd1
SHA256: 74ca6f8e4574c7eb657736350963307edda2236d8b8b42644a2e0901efa44fc8
SHA512: 0d6559ddf464f90f0d4d0b1023e9a1c1b6fd231bb3fd675bd4e2a9b881a7edf7
2c0203833eecef436bac3e9a7d2006eaeb19e6fe12260dfbb5a6671f836247b4
PEiD..: -
PEInfo: -

C:\WINDOWS\UNINST16.EXE

Code:

ATTFilter

Datei UNINST16.EXE empfangen 2008.08.18 13:15:09 (CET)
Status:     Beendet   
Ergebnis: 0/36 (0%)
Antivirus	Version	letzte aktualisierung	Ergebnis
AhnLab-V3	2008.8.15.0	2008.08.18	-
AntiVir	7.8.1.19	2008.08.18	-
Authentium	5.1.0.4	2008.08.18	-
Avast	4.8.1195.0	2008.08.17	-
AVG	8.0.0.161	2008.08.18	-
BitDefender	7.2	2008.08.18	-
CAT-QuickHeal	9.50	2008.08.16	-
ClamAV	0.93.1	2008.08.18	-
DrWeb	4.44.0.09170	2008.08.18	-
eSafe	7.0.17.0	2008.08.17	-
eTrust-Vet	31.6.6035	2008.08.15	-
Ewido	4.0	2008.08.18	-
F-Prot	4.4.4.56	2008.08.18	-
F-Secure	7.60.13501.0	2008.08.18	-
Fortinet	3.14.0.0	2008.08.18	-
GData	2.0.7306.1023	2008.08.18	-
Ikarus	T3.1.1.34.0	2008.08.18	-
K7AntiVirus	7.10.417	2008.08.18	-
Kaspersky	7.0.0.125	2008.08.18	-
McAfee	5362	2008.08.15	-
Microsoft	1.3807	2008.08.18	-
NOD32v2	3364	2008.08.18	-
Norman	5.80.02	2008.08.15	-
Panda	9.0.0.4	2008.08.17	-
PCTools	4.4.2.0	2008.08.17	-
Prevx1	V2	2008.08.18	-
Rising	20.58.02.00	2008.08.18	-
Sophos	4.32.0	2008.08.18	-
Sunbelt	3.1.1546.1	2008.08.15	-
Symantec	10	2008.08.18	-
TheHacker	6.3.0.5.053	2008.08.18	-
TrendMicro	8.700.0.1004	2008.08.18	-
VBA32	3.12.8.3	2008.08.18	-
ViRobot	2008.8.18.1339	2008.08.18	-
VirusBuster	4.5.11.0	2008.08.17	-
Webwasher-Gateway	6.6.2	2008.08.18	-
weitere Informationen
File size: 247648 bytes
MD5...: e54fc2077196ba40d53742d2446c6a03
SHA1..: a7608956cd9d0713f8a33618656582cbd2e8ea85
SHA256: 250f18a7113e5eb745721cdb0de7196756b019b64674b830af6bdc368dc55f89
SHA512: ac156d55e7366f34a83625842b8a88bf8cbb1c3f1b05dd2d69b02bbb7f251555
4f4983111aa3bdc0d2bcece61cd1d190e677eeb061645e3c1c093377fd0ed0ab
PEiD..: -
PEInfo: -

C:\WINDOWS\system32\lhtjkiyb.exe

Code:

ATTFilter

Datei lhtjkiyb.exe empfangen 2008.08.18 13:19:32 (CET)
Status:     Beendet   
Ergebnis: 9/36 (25%)
Antivirus	Version	letzte aktualisierung	Ergebnis
AhnLab-V3	2008.8.15.0	2008.08.18	-
AntiVir	7.8.1.19	2008.08.18	-
Authentium	5.1.0.4	2008.08.18	-
Avast	4.8.1195.0	2008.08.17	-
AVG	8.0.0.161	2008.08.18	-
BitDefender	7.2	2008.08.18	MemScan:Trojan.FakeAlert.UM
CAT-QuickHeal	9.50	2008.08.16	(Suspicious) - DNAScan
ClamAV	0.93.1	2008.08.18	-
DrWeb	4.44.0.09170	2008.08.18	-
eSafe	7.0.17.0	2008.08.17	Suspicious File
eTrust-Vet	31.6.6035	2008.08.15	-
Ewido	4.0	2008.08.18	-
F-Prot	4.4.4.56	2008.08.18	-
F-Secure	7.60.13501.0	2008.08.18	-
Fortinet	3.14.0.0	2008.08.18	-
GData	2.0.7306.1023	2008.08.18	-
Ikarus	T3.1.1.34.0	2008.08.18	Trojan-Downloader.Win32.Renos.AQ
K7AntiVirus	7.10.417	2008.08.18	-
Kaspersky	7.0.0.125	2008.08.18	-
McAfee	5362	2008.08.15	-
Microsoft	1.3807	2008.08.18	TrojanDownloader:Win32/Renos.gen!AS
NOD32v2	3364	2008.08.18	a variant of Win32/TrojanDownloader.FakeAlert.GG
Norman	5.80.02	2008.08.15	Smalltroj.gen22
Panda	9.0.0.4	2008.08.17	-
PCTools	4.4.2.0	2008.08.17	-
Prevx1	V2	2008.08.18	Malicious Software
Rising	20.58.02.00	2008.08.18	-
Sophos	4.32.0	2008.08.18	Mal/EncPk-CZ
Sunbelt	3.1.1546.1	2008.08.15	-
Symantec	10	2008.08.18	-
TheHacker	6.3.0.5.053	2008.08.18	-
TrendMicro	8.700.0.1004	2008.08.18	-
VBA32	3.12.8.3	2008.08.18	-
ViRobot	2008.8.18.1339	2008.08.18	-
VirusBuster	4.5.11.0	2008.08.17	-
Webwasher-Gateway	6.6.2	2008.08.18	-
weitere Informationen
File size: 130048 bytes
MD5...: 588cbbcbd6852f8ab9be55a23f7a82e4
SHA1..: a2a8271f08bea75975ac2e91524ede31af3db705
SHA256: 3780edce32ace015f7e7792d1548a515ad4d5af31cea22fb707beef461ca8c81
SHA512: a00b7d00d74bb61a5b24c7e511936a7fb0c99484b3d2f239af5ff9c21006cb64
94616acd217bb23fa384497536353472e3ee90d78892994dc148ca12c9a60651
PEiD..: -
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x403521
timedatestamp.....: 0x48a1df24 (Tue Aug 12 19:06:12 2008)
machinetype.......: 0x14c (I386)

( 3 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x338a0 0x2600 6.43 6a159282c9d445e6b3ebfb802b668218
.rdata 0x35000 0x1b7ac 0x1ac00 8.00 548d2168bf8b64f3a5976672c136329a
.rsrc 0x51000 0x1000 0x600 7.30 f4fec41480babaab2533552314c5d691

( 0 imports ) 

( 0 exports ) 
Prevx info: http://info.prevx.com/aboutprogramtext.asp?PX5=DBF8033000DBC430FC8901D54930FE00F0FEA9AE

Virtumonde! Bitte um Hilfe.

Log-Analyse und Auswertung: Virtumonde! Bitte um Hilfe.

Virtumonde! Bitte um Hilfe.

Ähnliche Themen: Virtumonde! Bitte um Hilfe.