Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   RKIT/DVD.Settec.DLL, mstoc.exe, hadl.dll, WildTangent (https://www.trojaner-board.de/65626-rkit-dvd-settec-dll-mstoc-exe-hadl-dll-wildtangent.html)

psychoaki 02.12.2008 11:03
RKIT/DVD.Settec.DLL, mstoc.exe, hadl.dll, WildTangent
 
Hallo,

kurz nach dem Starten meldet Antivir auf dem Laptop meiner Freundin, dass folgende Dateien eine "RKIT/DVD.Settec.DLL" Signatur aufweisen könnten:

C:windows\system32\mstoc.exe
C:windows\system32\hadl.dll

Es kommen zig Meldungen von Antivir. Spybot findet immer ein Problem namens WildTangent. Da wir relative PC "Amateure" sind, hoffe ich, dass jemand uns helfen kann. Mir wurde ja schon vor ein paar Tagen geholfen. Das wäre super. Hier ist jedenfalls das HiJackThis logfile.

Code:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:43:59 AM, on 12/2/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Google\Google Talk\googletalk.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\mqsvc.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\WINDOWS\system32\mqtgsvc.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\HJThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=64&bd=pavilion&pf=laptop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*hxxp://www.yahoo.com/ext/search/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*hxxp://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=64&bd=pavilion&pf=laptop
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = hxxp://www.mpi-muelheim.mpg.de/lenk/proxy.pac
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 134.147.134.254:8080
O2 - BHO: (no name) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: SciFinder Scholar Bar - {4e16a8fb-0521-46d1-aa2c-d0fc7abf6af9} - mscoree.dll (file missing)
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [MsmqIntCert] regsvr32 /s mqrt.dll
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] CHDAudPropShortcut.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [RecGuard] C:\Windows\SMINST\RecGuard.exe
O4 - HKLM\..\Run: [Reminder] C:\Windows\CREATOR\Remind_XP.exe
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [googletalk] "C:\Program Files\Google\Google Talk\googletalk.exe" /autostart
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKLM\..\Policies\Explorer\Run: [SystemManager] C:\WINDOWS\system32\mstoc.exe
O4 - S-1-5-18 Startup: Vongo Tray.lnk = C:\Program Files\Vongo\Tray.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: Vongo Tray.lnk = C:\Program Files\Vongo\Tray.exe (User 'Default user')
O4 - .DEFAULT User Startup: Vongo Tray.lnk = C:\Program Files\Vongo\Tray.exe (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: Add to Windows &Live Favorites - hxxxp://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=hxxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=64&bd=pavilion&pf=laptop
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = mpi-muelheim.mpg.de
O17 - HKLM\Software\..\Telephony: DomainName = mpi-muelheim.mpg.de
O17 - HKLM\System\CCS\Services\Tcpip\..\{FF3F09E6-E424-490E-88CD-A505D3A5EBA5}: NameServer = 172.17.70.121
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = mpi-muelheim.mpg.de
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = mpi-muelheim.mpg.de
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: Domain = mpi-muelheim.mpg.de
O23 - Service: AddFiltr - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

--
End of file - 9119 bytes
Vielen Dank im voraus!

PS: Ich habe die Dateien noch nicht auf VirusTotal checken lassen, da ich nicht weiß ob es ratsam ist, mit dem Rechner so in Internet zu gehen...

psychoaki 02.12.2008 11:52
ok, ich habe es dann nun doch auf virustotal checken lassen. hier kommt der report
Code:
File hadl.dll received on 12.02.2008 10:17:30 (CET)
Current status: finished
Result: 22/37 (59.46%)
Compact Compact
Print results Print results
Antivirus        Version        Last Update        Result
AhnLab-V3        2008.12.2.0        2008.12.02        Win-AppCare/Hiderun.356352
AntiVir        7.9.0.36        2008.12.02        RKIT/DVD.Settec.DLL
Authentium        5.1.0.4        2008.12.02        -
Avast        4.8.1281.0        2008.12.01        Win32:Trojan-gen {Other}
AVG        8.0.0.199        2008.12.02        BackDoor.Generic7.NJR
BitDefender        7.2        2008.12.02        Spyware.Dvd.Settec.DLL
CAT-QuickHeal        10.00        2008.12.02        -
ClamAV        0.94.1        2008.12.02        -
DrWeb        4.44.0.09170        2008.12.02        -
eSafe        7.0.17.0        2008.11.30        -
eTrust-Vet        31.6.6238        2008.12.02        -
Ewido        4.0        2008.12.01        Rootkit.Settec
F-Prot        4.4.4.56        2008.12.01        -
F-Secure        8.0.14332.0        2008.12.02        Rootkit:W32/Settec.A
Fortinet        3.117.0.0        2008.12.02        Misc/Settec
GData        19        2008.12.02        Spyware.Dvd.Settec.DLL
Ikarus        T3.1.1.45.0        2008.12.02        Virus.Win32.Trojan
K7AntiVirus        7.10.539        2008.12.01        Trojan.Win32.Malware.1
Kaspersky        7.0.0.125        2008.12.02        -
McAfee        5451        2008.12.01        potentially unwanted program Settec
McAfee+Artemis        5451        2008.12.01        potentially unwanted program Settec
Microsoft        1.4104        2008.12.02        Program:Win32/Settec
NOD32        3656        2008.12.02        Win32/Rootkit.Settec
Norman        5.80.02        2008.12.01        -
Panda        9.0.0.4        2008.12.02        Application/Settec.A
PCTools        4.4.2.0        2008.12.01        Rootkit.Inject.B
Prevx1        V2        2008.12.02        -
Rising        21.06.10.00        2008.12.02        -
SecureWeb-Gateway        6.7.6        2008.12.02        Rootkit.DVD.Settec.DLL
Sophos        4.36.0        2008.12.02        -
Sunbelt        3.1.1832.2        2008.12.01        Settec
Symantec        10        2008.12.02        SecurityRisk.Settec
TheHacker        6.3.1.2.171        2008.12.02        -
TrendMicro        8.700.0.1004        2008.12.02        -
VBA32        3.12.8.9        2008.12.01        Win32.Rootkit.Settec
ViRobot        2008.12.2.1496        2008.12.02        -
VirusBuster        4.5.11.0        2008.12.01        Rootkit.Inject.B
Additional information
File size: 356352 bytes
MD5...: 9b845d8fc0b7e9f7ac5659ca6ba7e079
SHA1..: 936c0547ca085dec303fdd6320b4636fe52557a2
SHA256: 8e192642411275fb957b4f3017b993dfbbf74e5f7447eb3688860e9894d179f7
SHA512: b7b032ff416ed148a3bd8dd01eb283543d7fd8e1b4ec7a0bd7f0ed348abc967d
78c2c14e20d8c2918b652d36f098366ce59f5a97d3931101e91ebabb16c66456
ssdeep: 1536:eDDZeRuB2pxtTtv1M/BnfbbT8wQ9JGOoQWdSb9ma:eDDw9onTbT9Q9JGOoQ
WdS5r
PEiD..: Armadillo v1.xx - v2.xx
TrID..: File type identification
Win32 Executable MS Visual C++ (generic) (65.2%)
Win32 Executable Generic (14.7%)
Win32 Dynamic Link Library (generic) (13.1%)
Generic Win/DOS Executable (3.4%)
DOS Executable Generic (3.4%)
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x10004a59
timedatestamp.....: 0x43658975 (Mon Oct 31 03:03:17 2005)
machinetype.......: 0x14c (I386)

( 6 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0xa6fa 0xb000 6.43 e06bee78e7cef23c60df5b1c73f661ef
.rdata 0xc000 0x21b7 0x3000 3.97 1dff1b67443746a9faaa1e44aa4ae1e0
.data 0xf000 0x564c 0x4000 2.56 d20c3cb91c0cdafeaf8fa62ca5728236
Shared 0x15000 0x40980 0x41000 0.00 db2e0a12d13d552ee33e601e5dd2c54a
.rsrc 0x56000 0x328 0x1000 0.83 3b5ea0ac2780bca99ad3ab6e2b2eda0f
.reloc 0x57000 0x1918 0x2000 3.88 fe2f9ed1328576b1098ee44c20f8591f

( 3 imports )
> KERNEL32.dll: FreeLibrary, GetProcAddress, LoadLibraryA, GetCurrentProcess, VirtualProtect, FlushInstructionCache, SetLastError, GetStdHandle, GetVersionExA, CloseHandle, Module32First, CreateToolhelp32Snapshot, Process32Next, Process32First, GetUserDefaultLangID, SetEvent, Sleep, CreateThread, GetCurrentProcessId, WideCharToMultiByte, TerminateThread, GetModuleHandleA, GetSystemDirectoryA, ResetEvent, WaitForSingleObject, GetLastError, DeviceIoControl, CreateEventA, CreateFileA, GetModuleFileNameA, DisableThreadLibraryCalls, GetStringTypeW, GetStringTypeA, LCMapStringW, LCMapStringA, MultiByteToWideChar, RtlUnwind, GetCommandLineA, GetVersion, HeapFree, HeapAlloc, GetCurrentThreadId, TlsSetValue, TlsAlloc, TlsFree, TlsGetValue, EnterCriticalSection, LeaveCriticalSection, InitializeCriticalSection, ReadFile, SetFilePointer, ExitProcess, TerminateProcess, SetHandleCount, GetFileType, GetStartupInfoA, DeleteCriticalSection, FreeEnvironmentStringsA, FreeEnvironmentStringsW, GetEnvironmentStrings, GetEnvironmentStringsW, GetEnvironmentVariableA, HeapDestroy, HeapCreate, VirtualFree, WriteFile, VirtualAlloc, HeapReAlloc, IsBadWritePtr, SetUnhandledExceptionFilter, IsBadReadPtr, IsBadCodePtr, SetStdHandle, FlushFileBuffers, InterlockedDecrement, InterlockedIncrement, GetCPInfo, GetACP, GetOEMCP, SetEndOfFile
> USER32.dll: wsprintfA, FindWindowA, SendMessageA, UnhookWindowsHookEx, SetWindowsHookExA, CallNextHookEx
> VERSION.dll: GetFileVersionInfoA, GetFileVersionInfoSizeA, VerQueryValueA

( 5 exports )
__InjectDllAll, __RemoveDllAll, __SetProtectedProcess, __StartProtect, __StopProtect
CWSandbox info: hxxp://research.sunbelt-software.com/partnerresource/MD5.aspx?md5=9b845d8fc0b7e9f7ac5659ca6ba7e079
Und die mstoc.exe, die aber von virustotal einen neuen namen erhielt

Code:
File efsysadu.exe received on 12.02.2008 10:47:51 (CET)
Current status: finished
Result: 23/37 (62.16%)
Compact Compact
Print results Print results
Antivirus        Version        Last Update        Result
AhnLab-V3        2008.12.2.0        2008.12.02        Win-AppCare/Hiderun.827392
AntiVir        7.9.0.36        2008.12.02        RKIT/DVD.Settec.1
Authentium        5.1.0.4        2008.12.02        -
Avast        4.8.1281.0        2008.12.01        Win32:Trojan-gen {Other}
AVG        8.0.0.199        2008.12.02        BackDoor.Generic7.MRM
BitDefender        7.2        2008.12.02        Spyware.Dvd.Settec.DLL
CAT-QuickHeal        10.00        2008.12.02        -
ClamAV        0.94.1        2008.12.02        Trojan.Rootkit.Settec
DrWeb        4.44.0.09170        2008.12.02        Trojan.Inject.239
eSafe        7.0.17.0        2008.11.30        -
eTrust-Vet        31.6.6238        2008.12.02        -
Ewido        4.0        2008.12.01        Rootkit.Settec
F-Prot        4.4.4.56        2008.12.01        -
F-Secure        8.0.14332.0        2008.12.02        Rootkit:W32/Settec.A
Fortinet        3.117.0.0        2008.12.02        Misc/Settec
GData        19        2008.12.02        Spyware.Dvd.Settec.DLL
Ikarus        T3.1.1.45.0        2008.12.02        Virus.Win32.Trojan
K7AntiVirus        7.10.539        2008.12.01        -
Kaspersky        7.0.0.125        2008.12.02        -
McAfee        5451        2008.12.01        potentially unwanted program Settec
McAfee+Artemis        5451        2008.12.01        potentially unwanted program Settec
Microsoft        1.4104        2008.12.02        Program:Win32/Settec
NOD32        3656        2008.12.02        Win32/Rootkit.Settec
Norman        5.80.02        2008.12.01        -
Panda        9.0.0.4        2008.12.02        Application/Settec.A
PCTools        4.4.2.0        2008.12.01        Rootkit.Inject.A
Prevx1        V2        2008.12.02        -
Rising        21.06.12.00        2008.12.02        -
SecureWeb-Gateway        6.7.6        2008.12.02        Rootkit.DVD.Settec.DLL
Sophos        4.36.0        2008.12.02        -
Sunbelt        3.1.1832.2        2008.12.01        Settec
Symantec        10        2008.12.02        SecurityRisk.Settec
TheHacker        6.3.1.2.171        2008.12.02        -
TrendMicro        8.700.0.1004        2008.12.02        -
VBA32        3.12.8.9        2008.12.01        Win32.Rootkit.Settec
ViRobot        2008.12.2.1496        2008.12.02        -
VirusBuster        4.5.11.0        2008.12.01        Rootkit.Inject.A
Additional information
File size: 827392 bytes
MD5...: 4e7797f813c10cb172b3f219638c8114
SHA1..: 4b7e5d37875d48d1cf5a82ad1ba77fd93e8bc971
SHA256: 96668bab6c3a7ef994650782011f7234b9ba17238c9e5b105405a1de9bcfe663
SHA512: d1dc0e8c7aae003d5f9c470d889c45278fd50c8a66cb08937db15f78f1654404
03ce20e886e71957680ac75b1f28f1bc6f8706aa9e4988b3970645d14ed08e65
ssdeep: 3072:DK1YsgB+lXj+M+jr5dXWdBqJHoZl8ZhX7/YZpZDDw9onTbT9Q9JGOoQWdS5
rHqfN:DK1YF+lXSfvtZhX7loPT9QrH
PEiD..: Armadillo v1.71
TrID..: File type identification
Win64 Executable Generic (54.6%)
Win32 Executable MS Visual C++ (generic) (24.0%)
Windows Screen Saver (8.3%)
Win32 Executable Generic (5.4%)
Win32 Dynamic Link Library (generic) (4.8%)
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x405b83
timedatestamp.....: 0x4365899b (Mon Oct 31 03:03:55 2005)
machinetype.......: 0x14c (I386)

( 4 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x18e52 0x19000 6.59 03220af00ecce1224eb0d4aaf49c6014
.rdata 0x1a000 0x52e0 0x6000 4.32 c5c5b4f0fe0df661b02d64496055b4c4
.data 0x20000 0x7adc 0x4000 2.56 4af1be3d81d9080ad4f5d9a792a5e25e
.rsrc 0x28000 0xa59f0 0xa6000 1.48 5bee4178837d16cd92dfbe71b3032c35

( 9 imports )
> VERSION.dll: GetFileVersionInfoA, GetFileVersionInfoSizeA, VerQueryValueA
> WINMM.dll: mciSendCommandA
> KERNEL32.dll: GetFullPathNameA, LocalAlloc, InitializeCriticalSection, TlsAlloc, DeleteCriticalSection, GlobalHandle, TlsFree, LeaveCriticalSection, GlobalReAlloc, EnterCriticalSection, TlsSetValue, LocalReAlloc, TlsGetValue, GlobalFlags, WritePrivateProfileStringA, GetProcessVersion, SetErrorMode, FileTimeToSystemTime, FileTimeToLocalFileTime, GetCPInfo, GetOEMCP, RtlUnwind, GetStartupInfoA, GetCommandLineA, ExitProcess, TerminateProcess, HeapFree, HeapAlloc, RaiseException, HeapReAlloc, HeapSize, GetACP, GetVolumeInformationA, UnhandledExceptionFilter, FreeEnvironmentStringsA, FreeEnvironmentStringsW, GetEnvironmentStrings, GetEnvironmentStringsW, SetHandleCount, GetStdHandle, GetFileType, GetEnvironmentVariableA, HeapDestroy, HeapCreate, VirtualFree, VirtualAlloc, IsBadWritePtr, LCMapStringA, LCMapStringW, GetStringTypeA, GetStringTypeW, SetUnhandledExceptionFilter, IsBadReadPtr, IsBadCodePtr, SetStdHandle, CompareStringA, CompareStringW, SetEnvironmentVariableA, MoveFileA, CloseHandle, ReleaseMutex, GetLastError, SetEndOfFile, UnlockFile, LockFile, FlushFileBuffers, SetFilePointer, ReadFile, DuplicateHandle, MulDiv, SetLastError, GetVersion, lstrcatA, GlobalGetAtomNameA, GlobalAddAtomA, GlobalFindAtomA, lstrcpyA, FindFirstFileA, FindClose, lstrcpynA, GetFileTime, GetFileSize, GetFileAttributesA, LocalFree, lstrlenA, InterlockedDecrement, InterlockedIncrement, GlobalUnlock, GlobalFree, CreateMutexA, GlobalLock, GlobalAlloc, GlobalDeleteAtom, GetProcAddress, lstrcmpA, lstrcmpiA, GetCurrentThread, GetCurrentThreadId, CreateEventA, WaitForSingleObject, GetLogicalDrives, WideCharToMultiByte, MultiByteToWideChar, GetComputerNameA, FreeLibrary, GetCurrentProcess, SystemTimeToFileTime, SetFileTime, CreateProcessA, FindResourceA, LoadResource, LockResource, SizeofResource, WriteFile, LoadLibraryA, SetFileAttributesA, DeleteFileA, GetSystemTime, GetVersionExA, GetWindowsDirectoryA, GetModuleFileNameA, GetTempPathA, GetCurrentProcessId, GetDriveTypeA, CreateFileA, DeviceIoControl, GetModuleHandleA, GetTimeZoneInformation
> USER32.dll: GetCapture, GetTopWindow, CopyRect, AdjustWindowRectEx, SetFocus, GetSysColor, MapWindowPoints, SendDlgItemMessageA, UpdateWindow, IsDialogMessageA, SetWindowTextA, ShowWindow, ClientToScreen, GetDC, ReleaseDC, BeginPaint, EndPaint, TabbedTextOutA, DrawTextA, GrayStringA, CharUpperA, LoadCursorA, GetClassNameA, PtInRect, GetSysColorBrush, LoadStringA, DestroyMenu, WinHelpA, GetSubMenu, GetMenuItemID, GetWindowTextA, GetDlgCtrlID, CreateWindowExA, GetClassLongA, SetPropA, UnhookWindowsHookEx, GetPropA, CallWindowProcA, RemovePropA, DefWindowProcA, GetMessageTime, GetMessagePos, GetForegroundWindow, SetForegroundWindow, GetWindow, SetWindowLongA, SetWindowPos, RegisterWindowMessageA, SystemParametersInfoA, GetWindowPlacement, GetWindowRect, EndDialog, UnregisterClassA, IsWindow, DestroyWindow, GetDlgItem, GetMenuCheckMarkDimensions, GetMenuState, ModifyMenuA, SetMenuItemBitmaps, CheckMenuItem, EnableMenuItem, GetFocus, GetNextDlgTabItem, GetMessageA, TranslateMessage, DispatchMessageA, GetActiveWindow, GetKeyState, CallNextHookEx, ValidateRect, IsWindowVisible, PeekMessageA, GetCursorPos, SetWindowsHookExA, GetParent, GetLastActivePopup, IsWindowEnabled, GetWindowLongA, MessageBoxA, SetCursor, PostMessageA, FindWindowA, EnableWindow, KillTimer, SetTimer, IsIconic, GetSystemMetrics, GetClientRect, wsprintfA, GetClassInfoA, DrawIcon, SendMessageA, PostQuitMessage, RegisterClassA, GetMenuItemCount, GetMenu, LoadIconA, CreateDialogIndirectParamA, LoadBitmapA, SetActiveWindow
> GDI32.dll: GetClipBox, SetTextColor, SetBkColor, GetObjectA, DeleteDC, SaveDC, RestoreDC, SelectObject, GetStockObject, SetMapMode, SetViewportOrgEx, OffsetViewportOrgEx, SetViewportExtEx, ScaleViewportExtEx, SetWindowExtEx, ScaleWindowExtEx, DeleteObject, GetDeviceCaps, PtVisible, RectVisible, TextOutA, ExtTextOutA, Escape, CreateBitmap
> comdlg32.dll: GetFileTitleA
> WINSPOOL.DRV: OpenPrinterA, ClosePrinter, DocumentPropertiesA
> ADVAPI32.dll: RegCreateKeyExA, RegCloseKey, RegCreateKeyA, RegSetValueExA, RegOpenKeyExA
> COMCTL32.dll: -

( 0 exports )
ThreatExpert info: hxxp://www.threatexpert.com/report.aspx?md5=4e7797f813c10cb172b3f219638c8114
CWSandbox info: hxxp://research.sunbelt-software.com/partnerresource/MD5.aspx?md5=4e7797f813c10cb172b3f219638c8114
Bin wirklich alles andere als ein Experte, aber es sieht nicht gut aus, oder?

Chris4You 02.12.2008 12:41
Hi,

-> http://www.heise.de/newsticker/DVD-Kopiersperre-Alpha-DVD-Update-oder-Uninstaller--/meldung/71115

Bitte noch MAM&Prevx:
Malwarebytes Antimalware (MAM).
Anleitung&Download hier: http://www.trojaner-board.de/51187-malwarebytes-anti-malware.html
Fullscan und alles bereinigen lassen! Log posten.

Prevx:
http://www.prevx.com/freescan.asp

chris

manu158 02.12.2008 14:56
[edit]
bitte eröffne, wie jeder andere hier auch, für dein problem einen eigenen beitrag
nur so wird sichergestellt, das jedem user übersichtlich und individuell geholfen werden kann

danke
GUA
http://www.smilies.4-user.de/include...lie_be_027.gif
[/edit]

psychoaki 02.12.2008 15:20
Hallo,

bei mir scheint wieder alles in Ordnung zu sein. Ich habe mir den Uninstaller heruntergeladen, dann noch einmal alles mit Antivir, und den anderen beiden obigen Programmen durchsuchen lassen (antivir hat auch ein paar sachen gefunden und geloescht), dann reboot und wieder mit antivir checken lassen. Jetzt findet auch antivir nichts mehr.

Danke

Hero14 03.12.2008 13:45
[edit]
bitte eröffne, wie jeder andere hier auch, für dein problem einen eigenen beitrag
nur so wird sichergestellt, das jedem user übersichtlich und individuell geholfen werden kann

danke
GUA
http://www.smilies.4-user.de/include...lie_be_027.gif
[/edit]

terrortrick 03.12.2008 17:02
Spaminator


Alle Zeitangaben in WEZ +1. Es ist jetzt 17:30 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55