Zitat:

C:\WINDOWS\TEMP\IN1321.EXE

Lass diese Datei mal bei Virustotal.com checken.

Hier das Ergebnis von virustotal und threatexpert:
Da werde ich aber nicht schlau draus. Was sagt mir das?

Die Datei wurde bereits analysiert:

MD5: 3d4a3262f183d37dcc975d933dd732fe
First received: 2006.05.25 14:06:41 UTC
Datum 2009.09.16 10:24:03 UTC [>13D]
Ergebnisse 1/41
Permalink: analisis/a3ef116edcfefdb5fbc22f2eda07a3b93c173d0250daf1000965cf6a55d8bdee-1253096643

Datei EL291F.EXE empfangen 2009.09.16 10:24:03 (UTC)
Status: Beendet
Ergebnis: 1/41 (2.44%)


Antivirus Version letzte aktualisierung Ergebnis
a-squared 4.5.0.24 2009.09.16 -
AhnLab-V3 5.0.0.2 2009.09.16 -
AntiVir 7.9.1.18 2009.09.16 -
Antiy-AVL 2.0.3.7 2009.09.16 -
Authentium 5.1.2.4 2009.09.16 -
Avast 4.8.1351.0 2009.09.15 -
AVG 8.5.0.412 2009.09.16 -
BitDefender 7.2 2009.09.16 -
CAT-QuickHeal 10.00 2009.09.16 -
ClamAV 0.94.1 2009.09.16 -
Comodo 2335 2009.09.16 -
DrWeb 5.0.0.12182 2009.09.16 -
eSafe 7.0.17.0 2009.09.15 -
eTrust-Vet 31.6.6740 2009.09.16 -
F-Prot 4.5.1.85 2009.09.15 -
F-Secure 8.0.14470.0 2009.09.16 -
Fortinet 3.120.0.0 2009.09.16 -
GData 19 2009.09.16 -
Ikarus T3.1.1.72.0 2009.09.16 -
Jiangmin 11.0.800 2009.09.16 -
K7AntiVirus 7.10.845 2009.09.15 -
Kaspersky 7.0.0.125 2009.09.16 -
McAfee 5742 2009.09.15 -
McAfee+Artemis 5742 2009.09.15 -
McAfee-GW-Edition 6.8.5 2009.09.16 Heuristic.BehavesLike.Win32.Rootkit.H
Microsoft 1.5005 2009.09.16 -
NOD32 4429 2009.09.16 -
Norman 6.01.09 2009.09.16 -
nProtect 2009.1.8.0 2009.09.16 -
Panda 10.0.2.2 2009.09.16 -
PCTools 4.4.2.0 2009.09.14 -
Prevx 3.0 2009.09.16 -
Rising 21.47.22.00 2009.09.16 -
Sophos 4.45.0 2009.09.16 -
Sunbelt 3.2.1858.2 2009.09.16 -
Symantec 1.4.4.12 2009.09.16 -
TheHacker 6.3.4.4.404 2009.09.15 -
TrendMicro 8.950.0.1094 2009.09.16 -
VBA32 3.12.10.10 2009.09.15 -
ViRobot 2009.9.16.1939 2009.09.16 -
VirusBuster 4.6.5.0 2009.09.15 -

weitere Informationen
File size: 172099 bytes
MD5 : 3d4a3262f183d37dcc975d933dd732fe
SHA1 : 3247311c21078002cf1a635d8d2b7bce7ee0a38e
SHA256: a3ef116edcfefdb5fbc22f2eda07a3b93c173d0250daf1000965cf6a55d8bdee
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0xDEB2
timedatestamp.....: 0x43E855D9 (Tue Feb 7 09:10:01 2006)
machinetype.......: 0x14C (Intel I386)

( 4 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x1CF8A 0x1D000 6.63 1bf3020cc59b6359057b770603572919
.rdata 0x1E000 0x54C3 0x6000 4.61 82c5d5196e54ea98d2e6d0308f61cc4f
.data 0x24000 0x8CFC 0x5000 2.99 1dec71163e617005ee6deca1fe63c27b
.rsrc 0x2D000 0x508 0x1000 0.88 4100801f13f4cf5e263fef8a7634138d

( 7 imports )

> advapi32.dll: CreateServiceA, QueryServiceStatus, RegQueryValueExA, OpenSCManagerA, OpenServiceA, CloseServiceHandle, QueryServiceConfigA, RegDeleteValueA, RegSetValueExA, RegCreateKeyExA, RegOpenKeyExA, StartServiceA, RegCloseKey, InitializeSecurityDescriptor, SetSecurityDescriptorDacl, DeleteService, RegNotifyChangeKeyValue
> comctl32.dll: -
> gdi32.dll: SetBkColor, SetTextColor, GetObjectA, CreateBitmap, DeleteObject, GetDeviceCaps, DeleteDC, SaveDC, RestoreDC, SelectObject, GetStockObject, SetMapMode, SetViewportOrgEx, OffsetViewportOrgEx, SetViewportExtEx, ScaleViewportExtEx, SetWindowExtEx, ScaleWindowExtEx, GetClipBox, PtVisible, RectVisible, ExtTextOutA, Escape, TextOutA
> kernel32.dll: GetCurrentProcess, WriteFile, SetFilePointer, GetOEMCP, GetFileAttributesA, FlushFileBuffers, RtlUnwind, CreateThread, ExitThread, GetTimeZoneInformation, GetSystemTime, GetLocalTime, GetStartupInfoA, GetCommandLineA, ExitProcess, HeapAlloc, HeapFree, RaiseException, HeapSize, HeapReAlloc, GetCPInfo, GetProcessVersion, GlobalFlags, FreeEnvironmentStringsW, GetEnvironmentStrings, GetEnvironmentStringsW, SetHandleCount, GetStdHandle, GetFileType, GetEnvironmentVariableA, HeapDestroy, HeapCreate, VirtualFree, IsBadWritePtr, GetStringTypeA, GetStringTypeW, SetUnhandledExceptionFilter, IsBadReadPtr, IsBadCodePtr, SetStdHandle, CompareStringA, CompareStringW, SetEnvironmentVariableA, GetProcAddress, LoadLibraryA, GetCurrentProcessId, lstrcatA, lstrcpyA, WriteProcessMemory, ReadProcessMemory, CloseHandle, OpenProcess, GetExitCodeThread, WaitForSingleObject, GetModuleHandleA, CreateMutexA, GetLastError, GetSystemDirectoryA, TlsGetValue, ResumeThread, GlobalAlloc, LocalReAlloc, TlsSetValue, GlobalReAlloc, GlobalLock, GetACP, GlobalFree, ResetEvent, LeaveCriticalSection, GlobalHandle, GlobalUnlock, SetLastError, TlsAlloc, lstrcpynA, UnhandledExceptionFilter, FreeLibrary, SetEvent, GetCurrentThreadId, GlobalGetAtomNameA, GlobalAddAtomA, GlobalFindAtomA, GlobalDeleteAtom, lstrcmpA, MultiByteToWideChar, WideCharToMultiByte, InterlockedDecrement, InterlockedIncrement, WaitForMultipleObjects, lstrlenA, LocalAlloc, LocalFree, GetModuleFileNameA, TerminateProcess, MoveFileExA, GetVersion, VirtualAlloc, DeleteFileA, GetTickCount, GetPrivateProfileIntA, CopyFileA, CreateProcessA, Sleep, GetVersionExA, GetComputerNameA, GetTempPathA, GetTempFileNameA, DeleteCriticalSection, CreateEventA, InitializeCriticalSection, GetCurrentDirectoryA, lstrcmpiA, OpenFile, FindFirstFileA, FindNextFileA, FindClose, EnterCriticalSection, _lclose, LCMapStringA, LCMapStringW, FreeEnvironmentStringsA
> user32.dll: LoadStringA, GetNextDlgTabItem, EnableMenuItem, CheckMenuItem, MapWindowPoints, SetMenuItemBitmaps, ModifyMenuA, GetMenuState, LoadBitmapA, GetMenuCheckMarkDimensions, SetWindowTextA, IsWindowEnabled, GetClassNameA, PtInRect, ClientToScreen, GetSysColorBrush, ReleaseDC, GetDC, DestroyMenu, TabbedTextOutA, DrawTextA, GrayStringA, PeekMessageA, GetFocus, SetFocus, AdjustWindowRectEx, GetClientRect, CopyRect, GetSysColor, EnableWindow, GetTopWindow, MessageBoxA, GetParent, GetCapture, WinHelpA, GetClassInfoA, RegisterClassA, GetMenu, GetMenuItemCount, GetSubMenu, GetMenuItemID, GetDlgItem, GetWindowTextA, GetDlgCtrlID, GetKeyState, SetWindowsHookExA, CallNextHookEx, GetClassLongA, SetPropA, UnhookWindowsHookEx, RemovePropA, GetMessageTime, GetLastActivePopup, GetForegroundWindow, SetForegroundWindow, GetWindow, SetWindowPos, SystemParametersInfoA, IsIconic, GetWindowPlacement, GetWindowRect, GetSystemMetrics, SendMessageA, PostMessageA, FindWindowA, KillTimer, DestroyWindow, SetTimer, PostQuitMessage, DefWindowProcA, CreateWindowExA, ShowWindow, UpdateWindow, LoadIconA, LoadCursorA, RegisterClassExA, GetMessageA, DispatchMessageA, TranslateMessage, RegisterWindowMessageA, CallWindowProcA, GetPropA, GetWindowLongA, SetWindowLongA, GetMessagePos
> winspool.drv: OpenPrinterA, DocumentPropertiesA, ClosePrinter
> wsock32.dll: -, -, -

( 1 exports )

> __0TmProcessGuard@@QAE@KHH@Z, __0TmProcessGuard@@QAE@PBD0HH@Z, __0TmProcessGuard@@QAE@XZ, __0TmServiceGuard@@QAE@PBD00HH@Z, __0TmServiceGuard@@QAE@PBDKHH@Z, __0TmServiceGuard@@QAE@XZ, __1TmProcessGuard@@UAE@XZ, __1TmServiceGuard@@UAE@XZ, __4TmProcessGuard@@QAEXAAV0@@Z, __4TmServiceGuard@@QAEXAAV0@@Z, ___7TmProcessGuard@@6B@, ___7TmServiceGuard@@6B@, _BackupService@TmServiceGuard@@IAEXXZ, _CheckProcess@TmProcessGuard@@QAE_NAAVCStringArray@@@Z, _GetGuardInfo@TmProcessGuard@@QBEXAAKAAVCString@@1AAH2@Z, _IsIPChanged@@YA_NPBDPADH@Z, _IsMonitor@TmProcessGuard@@IBE_NXZ, _IsNTPlatform@@YA_NXZ, _IsProcessAlive@TmProcessGuard@@MAE_NXZ, _IsProcessAlive@TmServiceGuard@@MAE_NXZ, _IsRetryNow@TmProcessGuard@@IBE_NXZ, _IsTheSame@TmProcessGuard@@QBE_NABVCString@@0@Z, _IsTheSame@TmProcessGuard@@QBE_NK@Z, _IsTheSame@TmProcessGuard@@QBE_NPBV1@@Z, _IsValidProcess@TmProcessGuard@@QBE_NXZ, _QueryAllLog@TmProcessGuard@@QBEXAAVCStringArray@@@Z, _RegWatchDog_Ofc@@YA_NXZ, _RegWatchDog_Ofc_95@@YA_NXZ, _RegWatchDog_Ofc_NTRT@@YA_NXZ, _RegWatchDog_Ofc_OFCPFWSVC@@YA_NXZ, _RegWatchDog_Ofc_PCCNTMON@@YA_NXZ, _RegWatchDog_Ofc_TMLISTEN@@YA_NXZ, _ResetMonitor@TmProcessGuard@@IAEXXZ, _ResetRetryCount@TmProcessGuard@@QAEXXZ, _ResetRetryTick@TmProcessGuard@@QAEXXZ, _ResetRetryVar@TmProcessGuard@@QAEXXZ, _RetryWakeupProcess@TmProcessGuard@@MAE_NXZ, _RetryWakeupProcess@TmServiceGuard@@MAE_NXZ, _SetMonitor@TmProcessGuard@@IAEXXZ, _SetProcessID@TmProcessGuard@@QAEXK@Z, _SetRetryCountLimit@TmProcessGuard@@QAEXH@Z, _SetRetryTickLimit@TmProcessGuard@@QAEXH@Z, _StepMonitor@TmProcessGuard@@IAEXXZ, _StepRetry@TmProcessGuard@@IAEXXZ, _UnRegWatchDog_Ofc@@YA_NXZ, _UnRegWatchDog_Ofc_95@@YA_NXZ, _UnRegWatchDog_Ofc_NTRT@@YA_NXZ, _UnRegWatchDog_Ofc_OFCPFWSVC@@YA_NXZ, _UnRegWatchDog_Ofc_PCCNTMON@@YA_NXZ, _UnRegWatchDog_Ofc_TMLISTEN@@YA_NXZ, C_IsIPChanged, C_RegWatchDog_Ofc, C_RegWatchDog_Ofc_OFCPFWSVC, C_RegWatchDog_Ofc_PCCNTMON, C_RegWatchDog_Ofc_TMLISTEN, C_UnRegWatchDog_Ofc, C_UnRegWatchDog_Ofc_OFCPFWSVC, C_UnRegWatchDog_Ofc_PCCNTMON, C_UnRegWatchDog_Ofc_TMLISTEN
TrID : File type identification
Win32 Executable MS Visual C++ (generic) (65.2%)
Win32 Executable Generic (14.7%)
Win32 Dynamic Link Library (generic) (13.1%)
Generic Win/DOS Executable (3.4%)
DOS Executable Generic (3.4%)
ThreatExpert: http://www.threatexpert.com/report.aspx?md5=3d4a3262f183d37dcc975d933dd732fe
ssdeep: 3072:aiKS9TgqUYW+kXxmD7aMb2MEsFqRa7DaLjcUEoi90ye0bHJq:aiKWTgApaBsFDnatye0bHg
PEiD : Armadillo v1.71
CWSandbox: http://research.sunbelt-software.com/partnerresource/MD5.aspx?md5=3d4a3262f183d37dcc975d933dd732fe
RDS : NSRL Reference Data Set
-

Submission Summary:
Submission details:
Submission received: 22 July 2008, 05:06:59
Processing time: 4 min 10 sec
Submitted sample:
File MD5: 0x3D4A3262F183D37DCC975D933DD732FE
File SHA-1: 0x3247311C21078002CF1A635D8D2B7BCE7EE0A38E
Filesize: 172.099 bytes
Technical Details:

File System Modifications
The following file was created in the system:

# Filename(s) File Size File Hash
1 [file and pathname of the sample #1] 172.099 bytes MD5: 0x3D4A3262F183D37DCC975D933DD732FE
SHA-1: 0x3247311C21078002CF1A635D8D2B7BCE7EE0A38E

Memory Modifications
There was a new process created in the system:

Process Name Process Filename Main Module Size
[filename of the sample #1] [file and pathname of the sample #1] 188.416 bytes

Registry Modifications
The following Registry Keys were created:
HKEY_LOCAL_MACHINE\SOFTWARE\TrendMicro
HKEY_LOCAL_MACHINE\SOFTWARE\TrendMicro\OfcWatchDog
The newly created Registry Value is:
[HKEY_LOCAL_MACHINE\SOFTWARE\TrendMicro\OfcWatchDog]
OFCNT Service Name = "ntrtscan"
OFCNT Process Name = "ntrtscan.exe"
Dog Process Name = "ofcdog.exe"
Default Retry Count = 0x00000007
Default Retry Interval = 0x0000001E
Max Log = 0x00000100

Lies mal das Handbuch zu deinem Trendmicro Officescan.