Trojan:Win32/Vundo.gen!Y Log-File

triade · 01.01.2009, 14:11

Hi,
habe seid neuesten diesen kack trojaner, habe mich im forum ein bisschen erkundigt und mir gleich ein log file machen lassen.
Hier ist er, ich hoffe jmd versteht dieses chaos ..

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:03:11, on 01.01.2009
Platform: Windows Vista SP1, v.668 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.17052)
Boot mode: Normal

Running processes:
C:\Windows\System32\smss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Windows\System32\LEXBCES.EXE
C:\Windows\System32\LEXPPS.EXE
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Common Files\Intel\IntelDH\NMS\Support\IntelHCTAgent.exe
C:\Program Files\Intel\IntelDH\CCU\CCU_TrayIcon.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
C:\Program Files\CyberLink\MagicSports\Kernel\MagicSports\MSPMirage.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Intel\IntelDH\CCU\CCU_Engine.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\avmwlanstick\FRITZWLANMini.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Packard Bell\SetUpMyPC\SmpSys.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Windows\System32\rundll32.exe
C:\Users\Admin\AppData\Roaming\Twain\Twain.exe
C:\Program Files\Intel\IntelDH\CCU\AlertService.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\S.A.D\CyberGhost VPN\CGVPNCliService.exe
C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Program Files\Common Files\Intel\IntelDH\NMS\NMSCore\NMSCore.exe
C:\Windows\system32\PnkBstrA.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\qualitymanager.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe
C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe
C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe
C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe
C:\Program Files\Spyware Doctor\pctsGui.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe
C:\Windows\system32\rundll32.exe
C:\Program Files\Winamp\winamp.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Spyware Doctor\update.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\Admin\Desktop\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://format.packardbell.com/cgi-bin/redirect/?country=IT&range=AD&phase=8&key=IESTART
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://format.packardbell.com/cgi-bin/redirect/?country=IT&range=AD&phase=8&key=IESTART
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Winamp Search Class - {57BCA5FA-5DBB-45a2-B558-1755C3F6253B} - C:\Program Files\Winamp Toolbar\winamptb.dll
O1 - Hosts: ::1 localhost
O2 - BHO: Supporto di collegamento per Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O2 - BHO: Winamp Toolbar Loader - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll
O2 - BHO: Videoraptor_WebRipPlugin Class - {3C0372C2-04C3-4100-BAB1-1D42C552BC48} - C:\Program Files\RapidSolution\Videoraptor\plugins\IE\VR_WebRipIePlugin.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Google\Google_BAE\BAE.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Mostra barra degli strumenti di Norton - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\UIBHO.dll
O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll
O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [NMSSupport] "C:\Program Files\Common Files\Intel\IntelDH\NMS\Support\IntelHCTAgent.exe" /startup
O4 - HKLM\..\Run: [CCUTRAYICON] C:\Program Files\Intel\IntelDH\CCU\CCU_TrayIcon.exe
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
O4 - HKLM\..\Run: [MSPService] C:\Program Files\CyberLink\MagicSports\Kernel\MagicSports\MSPMirage.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [toolbar_eula_launcher] C:\Program Files\Packard Bell\GOOGLE_EULA\EULALauncher.exe
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [SetPoint] C:\Program Files\Logitech\SetPoint\SetPoint.EXE
O4 - HKLM\..\Run: [Skytel] Skytel.exe
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [AVMWlanClient] C:\Program Files\avmwlanstick\FRITZWLANMini.exe
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [SmpcSys] C:\Program Files\Packard Bell\SetUpMyPC\SmpSys.exe
O4 - HKCU\..\Run: [Orb] "C:\Program Files\Winamp Remote\bin\OrbTray.exe" /background
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [cmds] rundll32.exe C:\Users\Admin\AppData\Local\Temp\opnmNFya.dll,c
O4 - HKCU\..\Run: [Twain] C:\Users\Admin\AppData\Roaming\Twain\Twain.exe
O4 - HKCU\..\Run: [58899817] rundll32.exe "C:\Users\Admin\AppData\Local\Temp\ngdnstnn.dll",b
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-21-3108998199-4280871441-2711142247-1000\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'IUSR_NMPR')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Winamp Search - C:\ProgramData\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing)
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O13 - Gopher Prefix:
O18 - Protocol: bw+0 - {75F69AA8-6D15-43F4-B884-B9F537F2A55D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {75F69AA8-6D15-43F4-B884-B9F537F2A55D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {75F69AA8-6D15-43F4-B884-B9F537F2A55D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {75F69AA8-6D15-43F4-B884-B9F537F2A55D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {75F69AA8-6D15-43F4-B884-B9F537F2A55D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {75F69AA8-6D15-43F4-B884-B9F537F2A55D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {75F69AA8-6D15-43F4-B884-B9F537F2A55D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {75F69AA8-6D15-43F4-B884-B9F537F2A55D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {75F69AA8-6D15-43F4-B884-B9F537F2A55D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {75F69AA8-6D15-43F4-B884-B9F537F2A55D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {75F69AA8-6D15-43F4-B884-B9F537F2A55D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {75F69AA8-6D15-43F4-B884-B9F537F2A55D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {75F69AA8-6D15-43F4-B884-B9F537F2A55D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {75F69AA8-6D15-43F4-B884-B9F537F2A55D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {75F69AA8-6D15-43F4-B884-B9F537F2A55D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {75F69AA8-6D15-43F4-B884-B9F537F2A55D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {75F69AA8-6D15-43F4-B884-B9F537F2A55D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {75F69AA8-6D15-43F4-B884-B9F537F2A55D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {75F69AA8-6D15-43F4-B884-B9F537F2A55D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {75F69AA8-6D15-43F4-B884-B9F537F2A55D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {75F69AA8-6D15-43F4-B884-B9F537F2A55D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {75F69AA8-6D15-43F4-B884-B9F537F2A55D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {75F69AA8-6D15-43F4-B884-B9F537F2A55D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {75F69AA8-6D15-43F4-B884-B9F537F2A55D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {75F69AA8-6D15-43F4-B884-B9F537F2A55D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {75F69AA8-6D15-43F4-B884-B9F537F2A55D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {75F69AA8-6D15-43F4-B884-B9F537F2A55D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {75F69AA8-6D15-43F4-B884-B9F537F2A55D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {75F69AA8-6D15-43F4-B884-B9F537F2A55D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {75F69AA8-6D15-43F4-B884-B9F537F2A55D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {75F69AA8-6D15-43F4-B884-B9F537F2A55D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {75F69AA8-6D15-43F4-B884-B9F537F2A55D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {75F69AA8-6D15-43F4-B884-B9F537F2A55D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {75F69AA8-6D15-43F4-B884-B9F537F2A55D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {75F69AA8-6D15-43F4-B884-B9F537F2A55D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {75F69AA8-6D15-43F4-B884-B9F537F2A55D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {75F69AA8-6D15-43F4-B884-B9F537F2A55D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {75F69AA8-6D15-43F4-B884-B9F537F2A55D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {75F69AA8-6D15-43F4-B884-B9F537F2A55D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {75F69AA8-6D15-43F4-B884-B9F537F2A55D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {75F69AA8-6D15-43F4-B884-B9F537F2A55D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {75F69AA8-6D15-43F4-B884-B9F537F2A55D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {75F69AA8-6D15-43F4-B884-B9F537F2A55D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {75F69AA8-6D15-43F4-B884-B9F537F2A55D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {75F69AA8-6D15-43F4-B884-B9F537F2A55D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {75F69AA8-6D15-43F4-B884-B9F537F2A55D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {75F69AA8-6D15-43F4-B884-B9F537F2A55D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {75F69AA8-6D15-43F4-B884-B9F537F2A55D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {75F69AA8-6D15-43F4-B884-B9F537F2A55D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {75F69AA8-6D15-43F4-B884-B9F537F2A55D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {75F69AA8-6D15-43F4-B884-B9F537F2A55D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {75F69AA8-6D15-43F4-B884-B9F537F2A55D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {75F69AA8-6D15-43F4-B884-B9F537F2A55D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {75F69AA8-6D15-43F4-B884-B9F537F2A55D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {75F69AA8-6D15-43F4-B884-B9F537F2A55D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {75F69AA8-6D15-43F4-B884-B9F537F2A55D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {75F69AA8-6D15-43F4-B884-B9F537F2A55D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {75F69AA8-6D15-43F4-B884-B9F537F2A55D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {75F69AA8-6D15-43F4-B884-B9F537F2A55D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {75F69AA8-6D15-43F4-B884-B9F537F2A55D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {75F69AA8-6D15-43F4-B884-B9F537F2A55D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {75F69AA8-6D15-43F4-B884-B9F537F2A55D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {75F69AA8-6D15-43F4-B884-B9F537F2A55D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {75F69AA8-6D15-43F4-B884-B9F537F2A55D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {75F69AA8-6D15-43F4-B884-B9F537F2A55D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {75F69AA8-6D15-43F4-B884-B9F537F2A55D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {75F69AA8-6D15-43F4-B884-B9F537F2A55D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {75F69AA8-6D15-43F4-B884-B9F537F2A55D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {75F69AA8-6D15-43F4-B884-B9F537F2A55D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {75F69AA8-6D15-43F4-B884-B9F537F2A55D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {75F69AA8-6D15-43F4-B884-B9F537F2A55D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {75F69AA8-6D15-43F4-B884-B9F537F2A55D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {75F69AA8-6D15-43F4-B884-B9F537F2A55D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {75F69AA8-6D15-43F4-B884-B9F537F2A55D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {75F69AA8-6D15-43F4-B884-B9F537F2A55D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {75F69AA8-6D15-43F4-B884-B9F537F2A55D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {75F69AA8-6D15-43F4-B884-B9F537F2A55D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

triade · 01.01.2009, 14:12

O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Intel(R) Alert Service (AlertService) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\CCU\AlertService.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour-Dienst (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: ccEvtMgr - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: ccSetMgr - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: CyberGhost VPN Client (CGVPNCliSrvc) - mobile concepts GmbH - C:\Program Files\S.A.D\CyberGhost VPN\CGVPNCliService.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Intel(R) DHTrace Controller (DHTRACE) - Intel(R) Corporation - C:\Program Files\Common Files\Intel\IntelDH\bin\DHTraceController.exe
O23 - Service: DQLWinService - Unknown owner - C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel(R) Software Services Manager (ISSM) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\Windows\System32\LEXBCES.EXE
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: Intel(R) Viiv(TM) Media Server (M1 Server) - Unknown owner - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe
O23 - Service: Intel(R) Application Tracker (MCLServiceATL) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe
O23 - Service: Intel(R) NMSCore (NMSCore) - Intel(R) Corporation - C:\Program Files\Common Files\Intel\IntelDH\NMS\NMSCore\NMSCore.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: Intel(R) Quality Manager (QualityManager) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\qualitymanager.exe
O23 - Service: Intel(R) Remoting Service (Remote UI Service) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

--
End of file - 29266 bytes

MfG
Triade

triade · 01.01.2009, 14:29

hab jetzt im systemstart nach paar komischen sachen gesucht und hab was gefunden,
58899817, so hieß die anwendung, die aus der datei ngdnstnn.dll kam,
hab diese datei dann gleich scannen lassen und dies ist dabei rausgekommen:

Antivirus Version letzte aktualisierung Ergebnis
a-squared 4.0.0.73 2009.01.01 Trojan.Vundo!IK
AhnLab-V3 2008.12.31.0 2008.12.31 -
AntiVir 7.9.0.45 2008.12.31 TR/Crypt.XPACK.Gen
Authentium 5.1.0.4 2009.01.01 -
Avast 4.8.1281.0 2009.01.01 -
AVG 8.0.0.199 2008.12.31 -
BitDefender 7.2 2009.01.01 -
CAT-QuickHeal 10.00 2009.01.01 -
ClamAV 0.94.1 2009.01.01 -
Comodo 854 2008.12.31 -
DrWeb 4.44.0.09170 2009.01.01 -
eTrust-Vet 31.6.6286 2008.12.31 Win32/VundoCryptorE
Ewido 4.0 2008.12.31 -
F-Prot 4.4.4.56 2009.01.01 -
F-Secure 8.0.14470.0 2009.01.01 -
Fortinet 3.117.0.0 2009.01.01 -
GData 19 2009.01.01 -
Ikarus T3.1.1.45.0 2009.01.01 Trojan.Vundo
K7AntiVirus 7.10.572 2008.12.31 -
Kaspersky 7.0.0.125 2009.01.01 -
McAfee 5480 2008.12.31 -
McAfee+Artemis 5480 2008.12.31 Generic!Artemis
Microsoft 1.4205 2009.01.01 Trojan:Win32/Vundo.gen!Y
NOD32 3729 2009.01.01 -
Norman 5.80.02 2009.01.01 -
Panda 9.0.0.4 2009.01.01 -
PCTools 4.4.2.0 2009.01.01 -
Prevx1 V2 2009.01.01 Malicious Software
Rising 21.10.22.00 2008.12.31 Trojan.Win32.VUNDO.cgm
SecureWeb-Gateway 6.7.6 2008.12.31 Trojan.Crypt.XPACK.Gen
Sophos 4.37.0 2009.01.01 -
Sunbelt 3.2.1809.2 2008.12.22 -
Symantec 10 2009.01.01 Trojan.Vundo
TheHacker 6.3.1.4.202 2008.12.30 -
TrendMicro 8.700.0.1004 2009.01.01 -
VBA32 3.12.8.10 2008.12.30 -
ViRobot 2008.12.30.1540 2008.12.31 -
VirusBuster 4.5.11.0 2008.12.31 -

weitere Informationen
File size: 90112 bytes
MD5...: 31214493720564b5f531720bb8d281de
SHA1..: fc9d3db8af69eccd3114abc12e75c1e4dc43f4c8
SHA256: f819afd2bb52f1cb5a41a5726f74f96f6238c9801000e56b3c9c0afb69b5962d
SHA512: 9d5cc7cd0933387cffe81f566930af6d67b1d5101299356bafe4765cb3bbb9be
58a3c5dd2125cf44ec571be009b093d32650a603eaff1180e64c68d8564affbf
ssdeep: 1536:M4Z6tEk8Y2tfIrBwQQReDAOq8QVQXdW2uwLneXSStBa1WiEldnouy8dd:JZ
9kcSwQWyAOq8QVQs2nLKe1WRHoutdd
PEiD..: -
TrID..: File type identification
UPX compressed Win32 Executable (39.5%)
Win32 EXE Yoda's Crypter (34.3%)
Win32 Executable Generic (11.0%)
Win32 Dynamic Link Library (generic) (9.8%)
Generic Win/DOS Executable (2.5%)
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x10022770
timedatestamp.....: 0x490aa057 (Fri Oct 31 06:06:15 2008)
machinetype.......: 0x14c (I386)

( 3 sections )
name viradd virsiz rawdsiz ntrpy md5
UPX0 0x1000 0xd000 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e
UPX1 0xe000 0x16000 0x15400 7.99 814a759299d9d2e5086a1fe76ef79ded
.rsrc 0x24000 0x1000 0x800 2.96 ed1cc99c53cb440d040ed05001e42552

( 3 imports )
> KERNEL32.DLL: LoadLibraryA, GetProcAddress, VirtualProtect, VirtualAlloc, VirtualFree
> advapi32.dll: RegEnumKeyA
> user32.dll: SetCursor

( 4 exports )
lxtub, vtdmg, xptcupl, xylutxzr
Prevx info: <a href='http://info.prevx.com/aboutprogramtext.asp?PX5=7D3183A7002946BD606101566F011A0072B05390' target='_blank'>http://info.prevx.com/aboutprogramtext.asp?PX5=7D3183A7002946BD606101566F011A0072B05390</a>
packers (Kaspersky): UPX
packers (F-Prot): UPX_LZMA

triade · 01.01.2009, 14:33

scheisse, hab wieder was im systemstart gefunden, werde dies auch deaktivieren!

Name: Twain
Datei: Twain.exe
Log:

Antivirus Version letzte aktualisierung Ergebnis
a-squared 4.0.0.73 2009.01.01 -
AhnLab-V3 2008.12.31.0 2008.12.31 -
AntiVir 7.9.0.45 2008.12.31 TR/Agent.aycx
Authentium 5.1.0.4 2009.01.01 -
Avast 4.8.1281.0 2009.01.01 -
AVG 8.0.0.199 2008.12.31 Agent.AQIN
BitDefender 7.2 2009.01.01 -
CAT-QuickHeal 10.00 2009.01.01 Trojan.Agent.aycx
ClamAV 0.94.1 2009.01.01 -
Comodo 854 2008.12.31 TrojWare.Win32.Agent.aycx
DrWeb 4.44.0.09170 2009.01.01 -
eTrust-Vet 31.6.6286 2008.12.31 -
Ewido 4.0 2008.12.31 -
F-Prot 4.4.4.56 2009.01.01 -
F-Secure 8.0.14470.0 2009.01.01 Trojan.Win32.Agent.aycx
Fortinet 3.117.0.0 2009.01.01 W32/Agent.AYCX!tr
GData 19 2009.01.01 -
Ikarus T3.1.1.45.0 2009.01.01 -
K7AntiVirus 7.10.572 2008.12.31 Trojan.Win32.Agent.aycx
Kaspersky 7.0.0.125 2009.01.01 Trojan.Win32.Agent.aycx
McAfee 5480 2008.12.31 Downloader-VD
McAfee+Artemis 5480 2008.12.31 Downloader-VD
Microsoft 1.4205 2009.01.01 -
NOD32 3729 2009.01.01 probably a variant of Win32/TrojanDownloader.Agent
Norman 5.80.02 2009.01.01 W32/Agent.KBFM
Panda 9.0.0.4 2009.01.01 Trj/Downloader.MDW
PCTools 4.4.2.0 2009.01.01 -
Prevx1 V2 2009.01.01 Fraudulent Security Program
Rising 21.10.22.00 2008.12.31 -
SecureWeb-Gateway 6.7.6 2008.12.31 Trojan.Agent.aycx
Sophos 4.37.0 2009.01.01 Mal/Generic-A
Sunbelt 3.2.1809.2 2008.12.22 -
Symantec 10 2009.01.01 Downloader
TheHacker 6.3.1.4.202 2008.12.30 -
TrendMicro 8.700.0.1004 2009.01.01 TROJ_AGENT.ACDY
VBA32 3.12.8.10 2008.12.30 Trojan.Win32.Agent.aycx
ViRobot 2008.12.30.1540 2008.12.31 -
VirusBuster 4.5.11.0 2008.12.31 -
weitere Informationen
File size: 61952 bytes
MD5...: c7272c861110197ad42b079f8b1fd194
SHA1..: db776ece13cf5e82921e810a5f1fa822275bbf31
SHA256: ac8429bf5a95b31f5b45ad9057e10312f2a34950bffdb777b6522fa17b1bc3df
SHA512: 0d5770e542d50d55653a47718b3c47d6abbecc90dddff0fcf263f6f1971b6f89
959316f47e97c2e85da3c75711628b0158bc3848c1279812b678f1251290d875
ssdeep: 768:U+UsEkSJDh2u2xlA8VivHdGvvB4iI5Ol6D3AGyjtjw5f2arh7Ttd8cDA:30J
DYVyCI5w5M5ueBccDA
PEiD..: -
TrID..: File type identification
Win32 Executable MS Visual C++ (generic) (65.2%)
Win32 Executable Generic (14.7%)
Win32 Dynamic Link Library (generic) (13.1%)
Generic Win/DOS Executable (3.4%)
DOS Executable Generic (3.4%)
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x403a8d
timedatestamp.....: 0x4948d5a0 (Wed Dec 17 10:34:08 2008)
machinetype.......: 0x14c (I386)

( 4 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x9b56 0x9c00 6.55 c3e8099a701142f9f06bbf5617646d74
.rdata 0xb000 0x2d0a 0x2e00 5.35 bf9503f4515d833c5eec7e46bcb71c79
.data 0xe000 0x1998 0xe00 2.55 8933b85b699cc89f296e41e3fe152132
.reloc 0x10000 0x1584 0x1600 4.09 8b6a3a7e54cffd9db8dfdb1efea68c28

( 8 imports )
> DNSAPI.dll: DnsFree, DnsQuery_A
> WININET.dll: InternetCheckConnectionA
> KERNEL32.dll: lstrcpynA, SetErrorMode, Process32First, WaitForSingleObject, FlushViewOfFile, GetSystemDefaultLCID, GetTickCount, GetWindowsDirectoryA, WideCharToMultiByte, GetVolumeInformationA, Sleep, MapViewOfFile, MultiByteToWideChar, lstrlenW, GetLastError, Process32Next, CreateFileMappingA, GetModuleFileNameA, CreateMutexA, CreateToolhelp32Snapshot, CloseHandle, lstrcpyA, GetLocaleInfoA, CreateFileA, lstrcatA, RtlUnwind, GetStringTypeW, GetStringTypeA, GetCurrentProcessId, QueryPerformanceCounter, GetFileType, SetHandleCount, GetEnvironmentStringsW, FreeEnvironmentStringsW, GetEnvironmentStrings, FreeEnvironmentStringsA, GetSystemTimeAsFileTime, HeapFree, GetModuleHandleW, GetProcAddress, ExitProcess, GetCommandLineA, GetStartupInfoA, TerminateProcess, GetCurrentProcess, UnhandledExceptionFilter, SetUnhandledExceptionFilter, IsDebuggerPresent, GetCPInfo, InterlockedIncrement, InterlockedDecrement, GetACP, GetOEMCP, IsValidCodePage, TlsGetValue, TlsAlloc, TlsSetValue, TlsFree, SetLastError, GetCurrentThreadId, HeapAlloc, LCMapStringA, LCMapStringW, HeapCreate, VirtualFree, DeleteCriticalSection, LeaveCriticalSection, EnterCriticalSection, VirtualAlloc, HeapReAlloc, HeapSize, WriteFile, GetStdHandle, LoadLibraryA, InitializeCriticalSectionAndSpinCount, RaiseException
> USER32.dll: GetCursorPos, wsprintfA
> ADVAPI32.dll: RegQueryValueExA, RegOpenKeyExA, RegCloseKey, RegOpenKeyA
> SHELL32.dll: SHGetSpecialFolderPathA
> ole32.dll: CoUninitialize, CoCreateInstance, CoInitialize
> OLEAUT32.dll: -, -, -, -, -, -, -, -, -

triade · 01.01.2009, 14:36

omg, das hört ja nie auf, hab wieder einen gefunden!!!

Name: cmds
Datei: opnmNFya.dll
Log:

Antivirus Version letzte aktualisierung Ergebnis
a-squared 4.0.0.73 2009.01.01 Trojan.Vundo!IK
AhnLab-V3 2008.12.31.0 2008.12.31 -
AntiVir 7.9.0.45 2008.12.31 TR/Crypt.XPACK.Gen
Authentium 5.1.0.4 2009.01.01 -
Avast 4.8.1281.0 2009.01.01 -
AVG 8.0.0.199 2008.12.31 Generic12.AIEW
BitDefender 7.2 2009.01.01 Trojan.Generic.1269362
CAT-QuickHeal 10.00 2009.01.01 -
ClamAV 0.94.1 2009.01.01 -
Comodo 854 2008.12.31 -
DrWeb 4.44.0.09170 2009.01.01 Trojan.Packed.213
eTrust-Vet 31.6.6286 2008.12.31 Win32/VundoCryptorE
Ewido 4.0 2008.12.31 -
F-Prot 4.4.4.56 2009.01.01 -
F-Secure 8.0.14470.0 2009.01.01 -
Fortinet 3.117.0.0 2009.01.01 -
GData 19 2009.01.01 Trojan.Generic.1269362
Ikarus T3.1.1.45.0 2009.01.01 Trojan.Vundo
K7AntiVirus 7.10.572 2008.12.31 -
Kaspersky 7.0.0.125 2009.01.01 Trojan.Win32.Monder.aggz
McAfee 5480 2008.12.31 -
McAfee+Artemis 5480 2008.12.31 -
Microsoft 1.4205 2009.01.01 Trojan:Win32/Vundo.D
NOD32 3729 2009.01.01 -
Norman 5.80.02 2009.01.01 W32/Smalltroj.KBHU
Panda 9.0.0.4 2009.01.01 -
PCTools 4.4.2.0 2009.01.01 -
Prevx1 V2 2009.01.01 -
Rising 21.10.22.00 2008.12.31 Trojan.Win32.VUNDO.cgm
SecureWeb-Gateway 6.7.6 2008.12.31 Trojan.Crypt.XPACK.Gen
Sophos 4.37.0 2009.01.01 SuperJuan
Sunbelt 3.2.1809.2 2008.12.22 -
Symantec 10 2009.01.01 -
TheHacker 6.3.1.4.202 2008.12.30 -
TrendMicro 8.700.0.1004 2009.01.01 -
VBA32 3.12.8.10 2008.12.30 -
ViRobot 2008.12.30.1540 2008.12.31 -
VirusBuster 4.5.11.0 2008.12.31 -
weitere Informationen
File size: 287744 bytes
MD5...: c1967610f872ef30d8b29398d8b14f08
SHA1..: a022b3d9a45ff8d0f943caf9e01b9c41e4079e8e
SHA256: f8b51231577c17b2d7546a221354bf70eda9e25f846f43241fc0c2c8127932d4
SHA512: 8057ff6225a5b1dc10ea9d05255015e18311821b159f68e5c84550f701ae9728
4b530dd1a901edc3b081555bf441c84737f8455104835b5aebb2a25ffd263a1e
ssdeep: 6144:d8rOrIu4NMkksUQRiM/4zkg/bnsZb9vP6eUkHUaBKHshUFoSu:d5IA/QRId
/QDUknGFoSu
PEiD..: -
TrID..: File type identification
UPX compressed Win32 Executable (39.5%)
Win32 EXE Yoda's Crypter (34.3%)
Win32 Executable Generic (11.0%)
Win32 Dynamic Link Library (generic) (9.8%)
Generic Win/DOS Executable (2.5%)
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x100a0b20
timedatestamp.....: 0x4907fcdb (Wed Oct 29 06:04:11 2008)
machinetype.......: 0x14c (I386)

( 3 sections )
name viradd virsiz rawdsiz ntrpy md5
UPX0 0x1000 0x5b000 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e
UPX1 0x5c000 0x46000 0x45800 8.00 12d0265d98a13ea733fec6c1ec6bf4ef
.rsrc 0xa2000 0x1000 0x800 5.37 a69f7de1c5bd8d1e9cacf1845368b989

( 3 imports )
> KERNEL32.DLL: LoadLibraryA, GetProcAddress, VirtualProtect, VirtualAlloc, VirtualFree
> advapi32.dll: RegLoadKeyA
> user32.dll: GetMessageA

( 2 exports )
fwor, nieb

Trojan:Win32/Vundo.gen!Y Log-File

Mülltonne: Trojan:Win32/Vundo.gen!Y Log-File