Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   Wurm oder/und Trojaner (https://www.trojaner-board.de/77427-wurm-trojaner.html)

sokrates2411 14.09.2009 08:17
Wurm oder/und Trojaner
 
Avira Antivir Premium hat beim Sytemstart folgendes gefunden: Dldr.Cutwail.L.21 und SdBot.oma Hier der Code von Trend Micro HijackThis v2.0.2: BITTE UNTERSUCHEN.Dank

Code:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 08:48:38, on 14.09.2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\Avira\AntiVir Desktop\sched.exe
C:\Programme\Avira\AntiVir Desktop\avguard.exe
C:\Programme\Avira\AntiVir Desktop\avmailc.exe
C:\Programme\Avira\AntiVir Desktop\AVWEBGRD.EXE
D:\SERVER\Apache2\bin\Apache.exe
C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Programme\Cisco Systems\VPN Client\cvpnd.exe
C:\Programme\Java\jre6\bin\jqs.exe
D:\SERVER\MYSQL\bin\mysqld-nt.exe
D:\SERVER\Apache2\bin\Apache.exe
C:\Programme\Gemeinsame Dateien\Nero\Nero BackItUp 4\NBService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\TUProgSt.exe
C:\Programme\VMware\VMware Player\vmware-authd.exe
C:\Programme\Gemeinsame Dateien\VMware\VMware Virtual Image Editing\vmount2.exe
C:\WINDOWS\system32\vmnat.exe
C:\WINDOWS\system32\fxssvc.exe
C:\WINDOWS\system32\vmnetdhcp.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Programme\Avira\AntiVir Desktop\avgnt.exe
C:\WINDOWS\system32\RunDll32.exe
C:\WINDOWS\system32\drivers\dafmgr.exe
C:\WINDOWS\system32\winulty.exe
C:\WINDOWS\system32\ctfmon.exe
D:\SERVER\Apache2\bin\ApacheMonitor.exe
C:\Programme\Cisco Systems\VPN Client\vpngui.exe
C:\Programme\WWW\MYSQL_4\bin\winmysqladmin.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\cnmsm5x.exe
C:\Programme\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = h**p://www.mildioz.at/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Yahoo! Toolbar mit Pop-Up-Blocker - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Programme\GRAPHIK\CANON_INK\Easy-WebPrint\Toolband.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [avgnt] "C:\Programme\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [Microsoft Driver Setup] C:\WINDOWS\system32\drivers\dafmgr.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [Verknüpfung mit der High Definition Audio-Eigenschaftenseite] HDAudPropShortcut.exe
O4 - HKLM\..\Run: [Windows Upgrate Utility] C:\WINDOWS\system32\winulty.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Sunbird] C:\Programme\MozillaSunbird\sunbird.exe
O4 - HKLM\..\Policies\Explorer\Run: [Microsoft Driver Setup] C:\WINDOWS\system32\drivers\dafmgr.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: BJ Status Monitor Canon i9950.lnk = C:\Dokumente und Einstellungen\***\cnmss Canon i9950 (Local).exe
O4 - Startup: WinMySQLadmin.lnk = C:\Programme\WWW\MYSQL_4\bin\winmysqladmin.exe
O4 - Global Startup: Adobe Acrobat - Schnellstart.lnk = ?
O4 - Global Startup: Monitor Apache Servers.lnk = D:\SERVER\Apache2\bin\ApacheMonitor.exe
O4 - Global Startup: VPN Client.lnk = ?
O8 - Extra context menu item: Add to AMV Convert Tool... - C:\Programme\VIDEO\AMV_CONVERT\AMVConverter\grab.html
O8 - Extra context menu item: Ausgewählte Verknüpfungen in Adobe PDF konvertieren - res://C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Ausgewählte Verknüpfungen in vorhandene PDF-Datei konvertieren - res://C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Auswahl in Adobe PDF konvertieren - res://C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Auswahl in vorhandene PDF-Datei konvertieren - res://C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: In Adobe PDF konvertieren - res://C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: In vorhandene PDF-Datei konvertieren - res://C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: MediaManager tool grab multimedia file - C:\Programme\VIDEO\AMV_CONVERT\MediaManager\grab.html
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\OFFICE\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Sothink SWF Catcher - C:\Programme\Gemeinsame Dateien\SourceTec\SWF Catcher\InternetExplorer.htm
O8 - Extra context menu item: Verknüpfungsziel in Adobe PDF konvertieren - res://C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Verknüpfungsziel in vorhandene PDF-Datei konvertieren - res://C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\acer\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\acer\INetRepl.dll
O9 - Extra 'Tools' menuitem: Mobilen Favoriten erstellen... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\acer\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Programme\Gemeinsame Dateien\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra 'Tools' menuitem: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Programme\Gemeinsame Dateien\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: eBay - Homepage - {EF79EAC5-3452-4E02-B8BD-BA4C89F1AC7A} - C:\Programme\GRAPHIK\IrfanView395\Ebay\Ebay.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - h**p://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1227080501468
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = milord.local
O17 - HKLM\Software\..\Telephony: DomainName = milord.local
O17 - HKLM\System\CCS\Services\Tcpip\..\{D1DAE929-0CBD-4CBF-9A4B-9835FA21D846}: Domain = milord.local
O17 - HKLM\System\CCS\Services\Tcpip\..\{D1DAE929-0CBD-4CBF-9A4B-9835FA21D846}: NameServer = 192.168.210.3
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = milord.local
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: SearchList = milord.local
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = milord.local
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Avira AntiVir MailGuard (AntiVirMailService) - Avira GmbH - C:\Programme\Avira\AntiVir Desktop\avmailc.exe
O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Avira GmbH - C:\Programme\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Programme\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Avira AntiVir WebGuard (AntiVirWebService) - Avira GmbH - C:\Programme\Avira\AntiVir Desktop\AVWEBGRD.EXE
O23 - Service: Apache2 - Apache Software Foundation - D:\SERVER\Apache2\bin\Apache.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Programme\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\Programme\VIDEO\Common\Database\bin\fbserver.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Programme\Ahead\InCD\InCDsrv.exe
O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Programme\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programme\Java\jre6\bin\jqs.exe
O23 - Service: MySQL - Unknown owner - D:\SERVER\MYSQL\bin\mysqld-nt (file missing)
O23 - Service: MySQL5 - Unknown owner - C:\Programme\WWW\MYSQL_5\bin\mysqld-nt (file missing)
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Programme\Gemeinsame Dateien\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: ServiceLayer - Nokia. - C:\Programme\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: TuneUp Drive Defrag-Dienst (TuneUp.Defrag) - TuneUp Software - C:\WINDOWS\System32\TuneUpDefragService.exe
O23 - Service: TuneUp Program Statistics Service (TuneUp.ProgramStatisticsSvc) - TuneUp Software - C:\WINDOWS\System32\TUProgSt.exe
O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - C:\Programme\VMware\VMware Player\vmware-authd.exe
O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\WINDOWS\system32\vmnetdhcp.exe
O23 - Service: VMware Virtual Mount Manager Extended (vmount2) - VMware, Inc. - C:\Programme\Gemeinsame Dateien\VMware\VMware Virtual Image Editing\vmount2.exe
O23 - Service: VMware NAT Service - VMware, Inc. - C:\WINDOWS\system32\vmnat.exe

--
End of file - 11972 bytes

cosinus 14.09.2009 18:30
Hallo und :hallo:

Zitat:
Avira Antivir Premium hat beim Sytemstart folgendes gefunden: Dldr.Cutwail.L.21 und SdBot.oma
Bitte immer die genauen Schädlingsnamen und Pfadangaben notieren und posten!

Stell sicher, daß Dir auch alle Dateien angezeigt werden, danach folgende Dateien (sofern diese noch existieren) bei Virustotal.com auswerten lassen und alle Ergebnisse posten, und zwar so, daß man die der einzelnen Virenscanner sehen kann. Bitte mit Dateigrößen und Prüfsummen:
Code:
C:\WINDOWS\system32\drivers\dafmgr.exe
C:\WINDOWS\system32\winulty.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\cnmsm5x.exe
Danach bitte diese Liste beachten und abarbeiten. Beim Scan mit MalwareBytes auch alle externen Speicher (ext. Platten, SD-Cards, ... mit anklemmen!!
Die Logfiles kannst Du zB alle in eine Datei zippen und auf File-Upload.net hochladen und hier verlinken, denn 1. sind manche Logfiles fürs Board nämlich zu groß und 2. kann ich mit einem Klick mir gleich alle auf einmal runterladen.

sokrates2411 15.09.2009 09:00
Habe Ergebnisse von ANTIVIR TOTAL in File.upload.net hochgeladen, soll ich jetzt die offensicht verseuchten Dateien loeschen?

cosinus 15.09.2009 09:34
Schick mir erstmal nur den Link zu den Ergebnissen oder poste diese hier. Löschen können wir immer noch.

sokrates2411 15.09.2009 09:42
Danke fuer die schnelle Antwort.
Hier der Link zu den Ergebnissen:
File-Upload.net - virus_total_pruefergebnisse.txt

Hier der Code:
Zitat:
dafmgr.exe 86016 08.09.2009 14:12 SRH C:\WINDOWS\system32\drivers\
=========================================================================================
ERGEBNIS VON VIRUS TOTAL:
Antivirus Version letzte aktualisierung Ergebnis
a-squared 4.5.0.24 2009.09.15 -
AhnLab-V3 5.0.0.2 2009.09.15 -
AntiVir 7.9.1.14 2009.09.14 -
Antiy-AVL 2.0.3.7 2009.09.15 -
Authentium 5.1.2.4 2009.09.15 -
Avast 4.8.1351.0 2009.09.14 -
AVG 8.5.0.412 2009.09.14 -
BitDefender 7.2 2009.09.15 -
CAT-QuickHeal 10.00 2009.09.14 -
ClamAV 0.94.1 2009.09.14 -
Comodo 2323 2009.09.15 -
DrWeb 5.0.0.12182 2009.09.15 -
eSafe 7.0.17.0 2009.09.14 -
eTrust-Vet 31.6.6737 2009.09.14 -
F-Prot 4.5.1.85 2009.09.14 -
F-Secure 8.0.14470.0 2009.09.15 -
Fortinet 3.120.0.0 2009.09.15 -
GData 19 2009.09.15 -
Ikarus T3.1.1.72.0 2009.09.15 -
Jiangmin 11.0.800 2009.09.15 -
K7AntiVirus 7.10.844 2009.09.14 -
Kaspersky 7.0.0.125 2009.09.15 Heur.Trojan.Generic
McAfee 5741 2009.09.14 -
McAfee+Artemis 5741 2009.09.14 Artemis!B3EB090DAD85
McAfee-GW-Edition 6.8.5 2009.09.15 -
Microsoft 1.5005 2009.09.15 -
NOD32 4425 2009.09.14 -
Norman 6.01.09 2009.09.14 W32/Malware.IOYH
nProtect 2009.1.8.0 2009.09.14 -
Panda 10.0.2.2 2009.09.14 Suspicious file
PCTools 4.4.2.0 2009.09.14 -
Prevx 3.0 2009.09.15 High Risk Cloaked Malware
Rising 21.47.11.00 2009.09.15 -
Sophos 4.45.0 2009.09.15 -
Sunbelt 3.2.1858.2 2009.09.15 -
Symantec 1.4.4.12 2009.09.15 -
TheHacker 6.3.4.4.404 2009.09.15 -
TrendMicro 8.950.0.1094 2009.09.15 -
VBA32 3.12.10.10 2009.09.14 -
ViRobot 2009.9.15.1936 2009.09.15 -
VirusBuster 4.6.5.0 2009.09.14 -
weitere Informationen
File size: 86016 bytes
MD5...: b3eb090dad859cff7dca18717dbbc55b
SHA1..: 30261bd5f5b7d56b6b969b87cea00a5b175f8a38
SHA256: fc44eb55a7190eb44c4e299b844bc1667189f6a27aea106de5d0355244ee7b75
ssdeep: 1536:243jWVQle6wq5MQT8jr11mn6xeYh6SZMDHoqtLy:2mbleLq5MQT8jhon6xR
6/oeL
PEiD..: -
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x1d5c
timedatestamp.....: 0x4aa63f4d (Tue Sep 08 11:26:05 2009)
machinetype.......: 0x14c (I386)

( 4 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x4a14 0x5000 6.31 4895aecdbec90a55218c2c65ade238f3
.rdata 0x6000 0x844 0x1000 3.33 63c1111a0a96825948f899fb4cc5250e
.data 0x7000 0xc1c 0x1000 1.92 cff10e602fb20f09ff3a1d8fa77ae679
.rsrc 0x8000 0xc064 0xd000 7.75 502ea9d5ea0815c80aa12082a0015772

( 1 imports )
> KERNEL32.dll: EnumResourceNamesA, GetProcAddress, LoadLibraryA, RtlUnwind, MultiByteToWideChar, GetModuleHandleA, GetStartupInfoA, GetCommandLineA, GetVersion, ExitProcess, HeapAlloc, HeapFree, WideCharToMultiByte, TerminateProcess, GetCurrentProcess, SetEnvironmentVariableW, SetEnvironmentVariableA, UnhandledExceptionFilter, GetModuleFileNameA, FreeEnvironmentStringsA, FreeEnvironmentStringsW, GetEnvironmentStrings, GetEnvironmentStringsW, SetHandleCount, GetStdHandle, GetFileType, HeapDestroy, HeapCreate, VirtualFree, WriteFile, VirtualAlloc, HeapReAlloc, GetCPInfo, CompareStringA, CompareStringW, GetACP, GetOEMCP, LCMapStringA, LCMapStringW, GetStringTypeA, GetStringTypeW

( 0 exports )
RDS...: NSRL Reference Data Set
-
pdfid.: -
trid..: Win32 Executable MS Visual C++ (generic) (65.2%)
Win32 Executable Generic (14.7%)
Win32 Dynamic Link Library (generic) (13.1%)
Generic Win/DOS Executable (3.4%)
DOS Executable Generic (3.4%)
<a href='http://info.prevx.com/aboutprogramtext.asp?PX5=5A9C84CC00D26DE3507701610E657600C37A7A9D' target='_blank'>http://info.prevx.com/aboutprogramtext.asp?PX5=5A9C84CC00D26DE3507701610E657600C37A7A9D</a>

winulty.exe 119808 08.09.2009 10:40 SH C:\WINDOWS\system32\
=========================================================================================
ERGEBNIS VON VIRUS TOTAL:
Antivirus Version letzte aktualisierung Ergebnis
a-squared 4.5.0.24 2009.09.15 Riskware.Win32.DelfInject!IK
AhnLab-V3 5.0.0.2 2009.09.14 -
AntiVir 7.9.1.14 2009.09.14 SPR/Tool.DelfInject.119808AX
Antiy-AVL 2.0.3.7 2009.09.15 Trojan/Win32.Buzus.gen
Authentium 5.1.2.4 2009.09.15 -
Avast 4.8.1351.0 2009.09.14 -
AVG 8.5.0.412 2009.09.14 -
BitDefender 7.2 2009.09.15 -
CAT-QuickHeal 10.00 2009.09.14 -
ClamAV 0.94.1 2009.09.14 -
Comodo 2323 2009.09.15 -
DrWeb 5.0.0.12182 2009.09.15 Win32.HLLW.Recycler.6
eSafe 7.0.17.0 2009.09.14 -
eTrust-Vet 31.6.6737 2009.09.14 Win32/DfInjectG Generic
F-Prot 4.5.1.85 2009.09.14 -
F-Secure 8.0.14470.0 2009.09.15 Trojan:W32/DelfInject.gen!H
Fortinet 3.120.0.0 2009.09.15 -
GData 19 2009.09.15 -
Ikarus T3.1.1.72.0 2009.09.15 VirTool.Win32.DelfInject
Jiangmin 11.0.800 2009.09.15 Backdoor/SdBot.nnh
K7AntiVirus 7.10.844 2009.09.14 Trojan.Win32.Malware.1
Kaspersky 7.0.0.125 2009.09.15 -
McAfee 5741 2009.09.14 -
McAfee+Artemis 5741 2009.09.14 Suspect-29!3E1325163B79
McAfee-GW-Edition 6.8.5 2009.09.15 Heuristic.LooksLike.Worm.IrcBot.B
Microsoft 1.5005 2009.09.15 VirTool:Win32/DelfInject.gen!AX
NOD32 4425 2009.09.14 a variant of Win32/Injector.XW
Norman 6.01.09 2009.09.14 -
nProtect 2009.1.8.0 2009.09.14 -
Panda 10.0.2.2 2009.09.14 Generic Malware
PCTools 4.4.2.0 2009.09.14 -
Prevx 3.0 2009.09.15 High Risk System Back Door
Rising 21.47.10.00 2009.09.15 -
Sophos 4.45.0 2009.09.15 Mal/Generic-A
Sunbelt 3.2.1858.2 2009.09.15 -
Symantec 1.4.4.12 2009.09.15 Backdoor.Trojan
TheHacker 6.3.4.4.404 2009.09.15 -
TrendMicro 8.950.0.1094 2009.09.15 -
VBA32 3.12.10.10 2009.09.14 -
ViRobot 2009.9.15.1936 2009.09.15 -
VirusBuster 4.6.5.0 2009.09.14 -
weitere Informationen
File size: 119808 bytes
MD5...: 3e1325163b791a9dcb656e024e7a916d
SHA1..: 7e38e79f57dc434d7f8ad4c6af93659923967f32
SHA256: fd2fca2f4905990d56822494de186beefa3eeb804f3397cc4184d1ea199387af
ssdeep: 3072:DrFFhMXIQ6522ZMsszELzoR1xx6i8OyYXYznUpe:PrKO2SMsfQ70i8OrX
PEiD..: -
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x4744
timedatestamp.....: 0x2a425e19 (Fri Jun 19 22:22:17 1992)
machinetype.......: 0x14c (I386)

( 8 sections )
name viradd virsiz rawdsiz ntrpy md5
CODE 0x1000 0x4968 0x4a00 6.35 3d4d18b54ffc3cd95d9a2b868aefc590
DATA 0x6000 0x168 0x200 3.34 d868635c3cf1e3866aa71340d60addab
BSS 0x7000 0xb7d 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e
.idata 0x8000 0x3f6 0x400 4.39 f763c5f42d0d6c8d10551df183ae24a4
.tls 0x9000 0x8 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e
.rdata 0xa000 0x18 0x200 0.20 9fd8d877f4c9c0001390e9e6c0c68911
.reloc 0xb000 0x5ac 0x600 6.47 95b7a878af919fd3a139012d02d23a2a
.rsrc 0xc000 0x1779c 0x17800 7.97 ddd1d1470b7e5676c800df0b93e4b383

( 5 imports )
> kernel32.dll: DeleteCriticalSection, LeaveCriticalSection, EnterCriticalSection, InitializeCriticalSection, VirtualFree, VirtualAlloc, LocalFree, LocalAlloc, GetVersion, GetCurrentThreadId, GetThreadLocale, GetStartupInfoA, GetLocaleInfoA, GetCommandLineA, FreeLibrary, ExitProcess, WriteFile, UnhandledExceptionFilter, RtlUnwind, RaiseException, GetStdHandle
> user32.dll: GetKeyboardType, MessageBoxA
> advapi32.dll: RegQueryValueExA, RegOpenKeyExA, RegCloseKey
> kernel32.dll: TlsSetValue, TlsGetValue, LocalAlloc, GetModuleHandleA
> kernel32.dll: LoadLibraryExA, GetSystemDirectoryA, FindResourceA, FindFirstFileA, FindClose, FileTimeToLocalFileTime, FileTimeToDosDateTime

( 0 exports )
RDS...: NSRL Reference Data Set
-
pdfid.: -
trid..: Win32 Executable Generic (58.3%)
Win16/32 Executable Delphi generic (14.1%)
Generic Win/DOS Executable (13.7%)
DOS Executable Generic (13.6%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
<a href='http://info.prevx.com/aboutprogramtext.asp?PX5=FEB7DF1600042BD0D41F01FFF5DD170020F3F65A' target='_blank'>http://info.prevx.com/aboutprogramtext.asp?PX5=FEB7DF1600042BD0D41F01FFF5DD170020F3F65A</a>


CNMSM5x.EXE 129024 24.12.2003 07:00 A C:\WINDOWS\system32\spool\drivers\w32x86\3\
=========================================================================================
ERGEBNIS VON VIRUS TOTAL:
Antivirus Version letzte aktualisierung Ergebnis
a-squared 4.5.0.24 2009.09.15 -
AhnLab-V3 5.0.0.2 2009.09.15 -
AntiVir 7.9.1.14 2009.09.14 -
Antiy-AVL 2.0.3.7 2009.09.15 -
Authentium 5.1.2.4 2009.09.15 -
Avast 4.8.1351.0 2009.09.14 -
AVG 8.5.0.412 2009.09.14 -
BitDefender 7.2 2009.09.15 -
CAT-QuickHeal 10.00 2009.09.14 -
ClamAV 0.94.1 2009.09.14 -
Comodo 2323 2009.09.15 -
DrWeb 5.0.0.12182 2009.09.15 -
eSafe 7.0.17.0 2009.09.14 -
eTrust-Vet 31.6.6737 2009.09.14 -
F-Prot 4.5.1.85 2009.09.14 -
F-Secure 8.0.14470.0 2009.09.15 -
Fortinet 3.120.0.0 2009.09.15 -
GData 19 2009.09.15 -
Ikarus T3.1.1.72.0 2009.09.15 -
Jiangmin 11.0.800 2009.09.15 -
K7AntiVirus 7.10.844 2009.09.14 -
Kaspersky 7.0.0.125 2009.09.15 -
McAfee 5741 2009.09.14 -
McAfee+Artemis 5741 2009.09.14 -
McAfee-GW-Edition 6.8.5 2009.09.15 -
Microsoft 1.5005 2009.09.15 -
NOD32 4425 2009.09.14 -
Norman 6.01.09 2009.09.14 -
nProtect 2009.1.8.0 2009.09.14 -
Panda 10.0.2.2 2009.09.14 -
PCTools 4.4.2.0 2009.09.14 -
Prevx 3.0 2009.09.15 -
Rising 21.47.11.00 2009.09.15 -
Sophos 4.45.0 2009.09.15 -
Sunbelt 3.2.1858.2 2009.09.15 -
Symantec 1.4.4.12 2009.09.15 -
TheHacker 6.3.4.4.404 2009.09.15 -
TrendMicro 8.950.0.1094 2009.09.15 -
VBA32 3.12.10.10 2009.09.14 -
ViRobot 2009.9.15.1936 2009.09.15 -
VirusBuster 4.6.5.0 2009.09.14 -
weitere Informationen
File size: 129024 bytes
MD5...: ad22781ea57b80d46bd7894c5f53d18d
SHA1..: 03f506fa5dc322bea8d95f9fecfce67cddbe294e
SHA256: 208d0c64f3caab99e2858616e4e6a778a874b3afbd88d547d390c73d2600d492
ssdeep: 3072:9xd3ZAZD03J7P/b/5/prpEQFZeoYW1wxS2DoqrEnbUsyqI47:9xd3OEJ7TX
9E031YAqrERf
PEiD..: -
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x189a6
timedatestamp.....: 0x3fe746ed (Mon Dec 22 19:33:01 2003)
machinetype.......: 0x14c (I386)

( 3 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x1c676 0x1c800 6.30 c44de29461591761c64015fddfcc2e27
.data 0x1e000 0x60 0x200 0.16 1a85d136ee3e16c0fc0b8da28dcd04d7
.rsrc 0x1f000 0x28e0 0x2a00 3.76 b1fd3ba732e51404431578859050aabd

( 13 imports )
> KERNEL32.dll: CopyFileW, GetEnvironmentVariableW, WideCharToMultiByte, GetSystemTime, GetTickCount, CreateMailslotW, GlobalAlloc, CancelIo, GetOverlappedResult, ResetEvent, CreateEventW, GetMailslotInfo, lstrcmpW, GetModuleHandleA, QueryPerformanceCounter, GetCurrentThreadId, GetCurrentProcessId, GetSystemTimeAsFileTime, TerminateProcess, GetCurrentProcess, SetUnhandledExceptionFilter, DeleteFileW, GetSystemDefaultLangID, IsBadWritePtr, GetPrivateProfileSectionW, WritePrivateProfileStringW, GetPrivateProfileStringW, GetFileAttributesW, SetFileAttributesW, FindFirstFileW, FindNextFileW, FindClose, RemoveDirectoryW, GetSystemWindowsDirectoryW, GlobalFree, GetStartupInfoA, VerifyVersionInfoW, VerSetConditionMask, GetVersionExW, FreeLibrary, GetProcAddress, lstrcatW, LoadLibraryW, GetSystemDirectoryW, GetModuleFileNameW, MultiByteToWideChar, GetComputerNameW, WriteFile, CreateDirectoryW, CreateFileW, GetFileSize, ReadFile, lstrcpynW, FormatMessageW, LocalFree, MulDiv, CreateProcessW, EnterCriticalSection, LeaveCriticalSection, CreateSemaphoreW, ReleaseSemaphore, WaitForSingleObject, Sleep, GetCommandLineW, lstrlenW, HeapAlloc, lstrcpyW, CreateMutexW, GetLastError, SetProcessShutdownParameters, lstrcmpiW, GetStartupInfoW, InitializeCriticalSection, CloseHandle, DeleteCriticalSection, GetProcessHeap, HeapFree
> msvcrt.dll: _adjust_fdiv, __p__commode, __setusermatherr, _initterm, __getmainargs, __p__fmode, _acmdln, exit, _cexit, _XcptFilter, _exit, _c_exit, _endthreadex, strtol, sprintf, _wmakepath, wcsstr, _wcsnicmp, wcschr, towupper, _snwprintf, wcstol, _beginthreadex, _except_handler3, _wsplitpath, wcscmp, wcsrchr, _itow, wcsncmp, wcscpy, wcsncpy, wcslen, iswctype, _wtoi, __set_app_type, _controlfp
> ADVAPI32.dll: ConvertStringSecurityDescriptorToSecurityDescriptorW, GetUserNameW, RegQueryValueExW, RegConnectRegistryW, RegOpenKeyExW, RegSetValueExW, RegCloseKey
> GDI32.dll: SelectObject, SetTextColor, SetBkMode, SetBrushOrgEx, BitBlt, CreateCompatibleDC, DeleteDC, CreateCompatibleBitmap, GetStockObject, CreateSolidBrush, CreatePatternBrush, SetTextAlign, GetObjectW, GetPixel, DeleteObject
> USER32.dll: LoadStringW, LoadImageW, CreateWindowExW, DispatchMessageW, TranslateMessage, GetMessageW, IsDialogMessageW, PostMessageW, RegisterClassExW, IsWindow, FindWindowExW, MessageBoxW, GetPropW, DestroyWindow, CreateDialogParamW, SetPropW, RemovePropW, PostQuitMessage, FlashWindow, ShowWindow, IsWindowVisible, DefWindowProcW, SetTimer, SetFocus, IsIconic, EndPaint, DrawEdge, GetSystemMetrics, GetClientRect, BeginPaint, EndDialog, KillTimer, DestroyMenu, TrackPopupMenu, GetSubMenu, LoadMenuW, SetForegroundWindow, GetCursorPos, GetMenuItemCount, EnableMenuItem, CheckMenuItem, SystemParametersInfoW, OffsetRect, AdjustWindowRectEx, GetWindowLongW, GetWindowRect, InvalidateRect, GetWindowTextW, GetClassLongW, GetMenuItemID, IsMenu, DialogBoxParamW, WinHelpW, SetWindowPos, GetMenu, GetKeyState, GetNextDlgTabItem, SetClassLongW, SetWindowLongW, SetRect, MapWindowPoints, InsertMenuW, GetMenuStringW, DrawMenuBar, DeleteMenu, SetMenu, EnableWindow, ReleaseDC, GetDC, InflateRect, CopyRect, GetDlgItem, GetParent, wsprintfW, DrawTextExW, GetSysColor, SetWindowTextW, SetDlgItemTextW, GetFocus, GetDlgCtrlID, GetDialogBaseUnits, GetWindow, GetSysColorBrush, IsWindowEnabled, CheckDlgButton, MessageBeep, GetNextDlgGroupItem, GetWindowTextLengthW, CallWindowProcW, EnumChildWindows, FillRect, DrawTextW, GetClassNameW, SetActiveWindow, AttachThreadInput, GetWindowThreadProcessId, GetForegroundWindow, GetActiveWindow, CharPrevW, CharNextW, SendMessageW
> WINSPOOL.DRV: GetPrinterDriverW, EndDocPrinter, WritePrinter, StartDocPrinterW, FindFirstPrinterChangeNotification, GetPrinterW, FreePrinterNotifyInfo, FindNextPrinterChangeNotification, EnumJobsW, FindClosePrinterChangeNotification, OpenPrinterW, SetJobW, GetJobW, EnumPortsW, GetPrinterDataW, SetPrinterDataW, ClosePrinter
> COMCTL32.dll: ImageList_Draw, ImageList_GetImageCount, ImageList_GetIconSize, ImageList_AddMasked, ImageList_Create, InitCommonControlsEx, ImageList_Destroy, -
> WSOCK32.dll: -, -, -, -, -
> SHELL32.dll: SHGetFolderPathW, Shell_NotifyIconW
> ole32.dll: CoCreateInstance, CoUninitialize, CoInitialize
> MPR.dll: WNetGetUserW
> NETAPI32.dll: NetApiBufferFree, NetRemoteTOD
> VERSION.dll: GetFileVersionInfoW, GetFileVersionInfoSizeW, VerQueryValueW

( 0 exports )
RDS...: NSRL Reference Data Set
-
pdfid.: -
ThreatExpert info: <a href='http://www.threatexpert.com/report.aspx?md5=ad22781ea57b80d46bd7894c5f53d18d' target='_blank'>http://www.threatexpert.com/report.aspx?md5=ad22781ea57b80d46bd7894c5f53d18d</a>
trid..: Win32 Executable MS Visual C++ (generic) (65.2%)
Win32 Executable Generic (14.7%)
Win32 Dynamic Link Library (generic) (13.1%)
Generic Win/DOS Executable (3.4%)
DOS Executable Generic (3.4%)

cosinus 15.09.2009 09:44
Exakt diese drei Dateien bitte hier hochladen => http://upload.trojaner-board.de/


Alle Zeitangaben in WEZ +1. Es ist jetzt 10:54 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19