Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Trojan Horse Generic 10.VPD, was tun?

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 18.05.2008, 12:46   #1
Butzl
 
Trojan Horse Generic 10.VPD, was tun? - Standard

Trojan Horse Generic 10.VPD, was tun?



Hallo zusammen,

mein Virenscan hat auf meinem Rechner den Trojaner "Trojan Horse Generic 10.VPD" gefunden, außerdem wurden die Dateien kernel32.dll, shell32.dll und ntoskrnl.dll verändert.

Was muss ich tun oder muss hier alles plattgemacht und neuinstalliert werden?
Im Folgenden habe ich noch das Log von HijackThis:

Code:
ATTFilter
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:26:34, on 18.05.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Programme\Intel\Wireless\Bin\EvtEng.exe
C:\Programme\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Programme\Cisco Systems\VPN Client\cvpnd.exe
C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe
C:\Programme\Intel\Wireless\Bin\OProtSvc.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Programme\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\Programme\Apoint2K\Apoint.exe
C:\PROGRA~1\LAUNCH~1\CPLBCL53.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe
C:\Programme\Intel\Wireless\Bin\ifrmewrk.exe
C:\Programme\Intel\Wireless\Bin\EOUWiz.exe
C:\Programme\Java\jre1.6.0_02\bin\jusched.exe
C:\Programme\QuickTime\QTTask.exe
C:\Programme\Winamp\winampa.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\Apoint2K\Apntex.exe
C:\Programme\Fujitsu Siemens\WinManager\WinManager.exe
C:\WINDOWS\system32\wuauclt.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgwb.dat
C:\PROGRA~1\Grisoft\AVGFRE~1\avgvv.exe
C:\Programme\Alice\Signup\AliceCnn.exe
C:\Programme\Mozilla Firefox\firefox.exe
C:\Programme\Java\jre1.6.0_02\bin\jucheck.exe
C:\Programme\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = h**p://alice.aol.de
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = h**p://alice.aol.de
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = h**p://www.arcor.de
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = h**p://www.arcor.de
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = h**p://alice.aol.de
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = h**p://global.acer.com/
R3 - URLSearchHook: Winamp Search Class - {57BCA5FA-5DBB-45a2-B558-1755C3F6253B} - C:\Programme\Winamp Toolbar\winamptb.dll
O2 - BHO: HelperObject Class - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Programme\TechSmith\SnagIt 7\SnagItBHO.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Winamp Toolbar Loader - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Programme\Winamp Toolbar\winamptb.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.6.0_02\bin\ssv.dll
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Programme\TechSmith\SnagIt 7\SnagItIEAddin.dll
O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Programme\Winamp Toolbar\winamptb.dll
O4 - HKLM\..\Run: [LaunchApp] Alaunch
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [Apoint] C:\Programme\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\CPLBCL53.EXE
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [TkBellExe] "C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [EumexInst] "E:\Setup.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programme\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [IntelWireless] C:\Programme\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [EOUApp] C:\Programme\Intel\Wireless\Bin\EOUWiz.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programme\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [WinampAgent] C:\Programme\Winamp\winampa.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User '?')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User '?')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User '?')
O4 - HKUS\S-1-5-21-1110412475-4168701361-813958858-1009\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User '?')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User '?')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = C:\Programme\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: VPN Client.lnk = ?
O4 - Global Startup: WinManager.lnk = C:\Programme\Fujitsu Siemens\WinManager\WinManager.exe
O8 - Extra context menu item: &Winamp Search - C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
O8 - Extra context menu item: Edit with &XML Spy - C:\Programme\Altova\xmlspy\spy.htm
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra button: Edit with XML Spy - {2222EF56-F49E-4d07-A14E-8D2B08766958} - C:\Programme\Altova\xmlspy\spy.htm (HKCU)
O9 - Extra 'Tools' menuitem: Edit with XML Spy - {2222EF56-F49E-4d07-A14E-8D2B08766958} - C:\Programme\Altova\xmlspy\spy.htm (HKCU)
O17 - HKLM\System\CCS\Services\Tcpip\..\{6F37B9E3-676B-44B9-BCD4-D2E8A7EDB42D}: NameServer = 213.191.74.18 62.109.123.196
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Programme\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: EvtEng - Intel Corporation - C:\Programme\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: iPod Service (iPodService) - Unknown owner - C:\Programme\iPod\bin\iPodService.exe (file missing)
O23 - Service: OwnershipProtocol - Intel Corporation - C:\Programme\Intel\Wireless\Bin\OProtSvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Programme\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation  - C:\Programme\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Apache Tomcat (Tomcat5) - Apache Software Foundation - C:\Programme\Apache\Tomcat50\bin\tomcat5.exe

--
End of file - 7578 bytes
         
Würde mich sehr über eine Hilfe freuen!

Vielen Dank,

Sandra

Alt 18.05.2008, 13:12   #2
myrtille
/// TB-Ausbilder
 
Trojan Horse Generic 10.VPD, was tun? - Standard

Trojan Horse Generic 10.VPD, was tun?



Hi,

Das Log sieht soweit sauber aus.
Daher ist es wichtig, dass du:
a) Erstmal sagst wie das Programm heißt, dass du benutzt und dir den Virus meldet
b) du uns sagst wo der Downloader gefunden wurde
c) du die GENAUEN Fundmeldungen postest.
d) du die gesamten Pfade der Dateien angibst... kernel32.dll kann von Windows sein, muss aber nicht. Das hängt davon ob in welchem Ordner sie liegt.

Lade bitte außerdem noch die veränderten Dateien
Zitat:
kernel32.dll, shell32.dll und ntoskrnl.dll
bei virustotal hoch und poste die Ergebnisse hier.
(Wenn du die Datei hochlädst und oben auf der Seite Die Datei wurde bereits analysiert: erscheint. Klicke bitte unten auf den Link neben Permalink: und poste den Inhalt der erscheinenden Seite.)

lg myrtille
__________________

__________________

Alt 18.05.2008, 14:12   #3
Butzl
 
Trojan Horse Generic 10.VPD, was tun? - Standard

Trojan Horse Generic 10.VPD, was tun?



Virusprogramm: AVG 7.5.0.506

Das ist, was das Programm zu diesem Virus ausgibt:

Object Path: C:\Dokumente und Einstellungen\All Users\Dokumente\
Object name: lyx-1.4.1_win32_setup_v1.exe
Discovery: Trojan Horse Generic 10.VPD
File Size: 8.4 MB

Pfade zu Dateien:
C:\WINDOWS\system32\kernel32.dll
C:\WINDOWS\system32\shell32.dll
C:\WINDOWS\system32\ntoskrnl.dll

Die Auswertung von VirusTotal sind sehr lang, soll ich die einzeln schicken?

Gruss,

Sandra
__________________

Alt 18.05.2008, 14:42   #4
Butzl
 
Trojan Horse Generic 10.VPD, was tun? - Standard

Trojan Horse Generic 10.VPD, was tun?



Kurzer Nachtrag:

die letzte Datei ist eine .exe und keine .dll:

C:\WINDOWS\system32\ntoskrnl.exe

Alt 18.05.2008, 14:49   #5
myrtille
/// TB-Ausbilder
 
Trojan Horse Generic 10.VPD, was tun? - Standard

Trojan Horse Generic 10.VPD, was tun?



Hi,
ja poste die Auswertungen bitte nacheinander. Lass auch die bemängelte Datei
Zitat:
C:\Dokumente und Einstellungen\All Users\Dokumente\lyx-1.4.1_win32_setup_v1.exe
bei virustotal auswerten.

Kennst du die Datei? Hast du sie ausgeführt? Stammt sie von einer Webseite? Hast du den Link noch?

lg myrtille

__________________
Anfragen per Email, Profil- oder privater Nachricht werden ignoriert!
Hilfe gibts NUR im Forum!


Wer nach 24 Stunden keine weitere Antwort von mir bekommen hat, schickt bitte eine PM

Spelling mistakes? Never, but keybaord malfunctions constantly!

Alt 18.05.2008, 15:15   #6
Butzl
 
Trojan Horse Generic 10.VPD, was tun? - Standard

Trojan Horse Generic 10.VPD, was tun?



1. Auswertung kernel32.dll
Code:
ATTFilter
Keine Ergebnisse bei den Virenprogrammen
File size: 1058304 bytes
MD5...: 8eea8280a1e0e794edfccad3721c7cab
SHA1..: fc0460baa69f17dabc752ef5995c98866062cfc2
SHA256: b86323d11389c2c13492ffabdef46c1afcc49cb19f62926a5f33b55fe521b7c2
SHA512: 35e142cfd8286ebb86d1e68b10cd881acbb823c7ed746ebcc3f530ed41ff5a97
c81eb7f16d8eabc09760e7a9a4680745fa66849e2756d5a9088c1eba2b05a2ff
PEiD..: -
PEInfo: PE Structure information
( base data )
entrypointaddress.: 0x7c80b5ae
timedatestamp.....: 0x46239be1 (Mon Apr 16 15:53:05 2007)
machinetype.......: 0x14c (I386)
( 4 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x82111 0x82200 6.67 7a5d54edc093ecf62412b0810215b7b1
.data 0x84000 0x43a0 0x2400 0.59 812f89bacee15996f8a2ae3eab48f42b
.rsrc 0x89000 0x77ec8 0x78000 3.46 388fc64ca1c58d76010e7b96d6c976a1
.reloc 0x101000 0x5bec 0x5c00 6.64 99c4e30af015bfb0ecf448d27654df37
( 1 imports )
> ntdll.dll: _wcsnicmp, NtFsControlFile, NtCreateFile, RtlAllocateHeap, 
RtlFreeHeap, NtOpenFile, NtQueryInformationFile, NtQueryEaFile, 
RtlLengthSecurityDescriptor, NtQuerySecurityObject, NtSetEaFile, 
NtSetSecurityObject, NtSetInformationFile, CsrClientCallServer, 
NtDeviceIoControlFile, NtClose, RtlInitUnicodeString, wcscspn, 
RtlUnicodeToMultiByteSize, wcslen, _memicmp, memmove, NtQueryValueKey, 
NtOpenKey, NtFlushKey, NtSetValueKey, NtCreateKey, RtlNtStatusToDosError,
 RtlFreeUnicodeString, RtlDnsHostNameToComputerName, wcsncpy, 
RtlUnicodeStringToAnsiString, RtlxUnicodeStringToAnsiSize, 
NlsMbCodePageTag, RtlAnsiStringToUnicodeString, RtlInitAnsiString, 
RtlCreateUnicodeStringFromAsciiz, wcschr, wcsstr, RtlPrefixString, _wcsicmp,
 RtlGetFullPathName_U, RtlGetCurrentDirectory_U, NtQueryInformationProcess
, RtlUnicodeStringToOemString, RtlReleasePebLock, RtlEqualUnicodeString, 
RtlAcquirePebLock, RtlFreeAnsiString, RtlSetCurrentDirectory_U, 
RtlTimeToTimeFields, NtSetSystemTime, RtlTimeFieldsToTime, 
NtQuerySystemInformation, RtlSetTimeZoneInformation, 
NtSetSystemInformation, RtlCutoverTimeToSystemTime, _allmul, DbgBreakPoint, RtlFreeSid, RtlSetDaclSecurityDescriptor, 
RtlCreateSecurityDescriptor, RtlAddAccessAllowedAce, RtlCreateAcl, 
RtlLengthSid, RtlAllocateAndInitializeSid, DbgPrint, NtOpenProcess, 
CsrGetProcessId, DbgUiDebugActiveProcess, DbgUiConnectToDbg, 
DbgUiIssueRemoteBreakin, NtSetInformationDebugObject, 
DbgUiGetThreadDebugObject, NtQueryInformationThread, 
DbgUiConvertStateChangeStructure, DbgUiWaitStateChange, DbgUiContinue, 
DbgUiStopDebugging, RtlDosPathNameToNtPathName_U, 
RtlIsDosDeviceName_U, RtlCreateAtomTable, NtAddAtom, 
RtlAddAtomToAtomTable, NtFindAtom, RtlLookupAtomInAtomTable, 
NtDeleteAtom, RtlDeleteAtomFromAtomTable, NtQueryInformationAtom, 
RtlQueryAtomInAtomTable, RtlOemStringToUnicodeString, 
RtlMultiByteToUnicodeN, RtlUnicodeToMultiByteN, RtlMultiByteToUnicodeSize, 
RtlPrefixUnicodeString, RtlLeaveCriticalSection, RtlEnterCriticalSection, 
NtEnumerateValueKey, RtlIsTextUnicode, NtReadFile, NtAllocateVirtualMemory
, NtUnlockFile, NtLockFile, RtlAppendUnicodeStringToString, 
RtlAppendUnicodeToString, RtlCopyUnicodeString, NtFreeVirtualMemory, 
NtWriteFile, RtlCreateUnicodeString, RtlFormatCurrentUserKeyPath, 
RtlGetLongestNtPathLength, NtDuplicateObject, NtQueryKey, 
NtEnumerateKey, NtDeleteValueKey, RtlEqualString, CsrFreeCaptureBuffer, 
CsrCaptureMessageString, CsrAllocateCaptureBuffer, strncpy, 
RtlCharToInteger, RtlUpcaseUnicodeChar, RtlUpcaseUnicodeString, 
CsrAllocateMessagePointer, NtQueryObject, wcscmp, RtlCompareMemory, 
NtQueryDirectoryObject, NtQuerySymbolicLinkObject, 
NtOpenSymbolicLinkObject, NtOpenDirectoryObject, NtCreateIoCompletion, 
NtSetIoCompletion, NtRemoveIoCompletion, NtSetInformationProcess, 
NtQueryDirectoryFile, RtlDeleteCriticalSection, NtNotifyChangeDirectoryFile, 
NtWaitForSingleObject, RtlInitializeCriticalSection, 
NtQueryVolumeInformationFile, NtFlushBuffersFile, 
RtlDeactivateActivationContextUnsafeFast, 
RtlActivateActivationContextUnsafeFast, NtCancelIoFile, NtReadFileScatter, 
NtWriteFileGather, wcscpy, NtOpenSection, NtMapViewOfSection, 
NtFlushVirtualMemory, RtlFlushSecureMemoryCache, NtUnmapViewOfSection, 
NtCreateSection, NtQueryFullAttributesFile, swprintf, NtQueryAttributesFile, 
RtlDetermineDosPathNameType_U, NtRaiseHardError, 
NtQuerySystemEnvironmentValueEx, RtlGUIDFromString, 
NtSetSystemEnvironmentValueEx, RtlInitString, RtlUnlockHeap, 
RtlSetUserValueHeap, RtlFreeHandle, RtlAllocateHandle, RtlLockHeap, 
RtlSizeHeap, RtlGetUserInfoHeap, RtlReAllocateHeap, RtlIsValidHandle, 
RtlCompactHeap, RtlImageNtHeader, NtProtectVirtualMemory, 
NtQueryVirtualMemory, NtLockVirtualMemory, NtUnlockVirtualMemory, 
NtFlushInstructionCache, NtAllocateUserPhysicalPages, 
NtFreeUserPhysicalPages, NtMapUserPhysicalPages, 
NtMapUserPhysicalPagesScatter, NtGetWriteWatch, NtResetWriteWatch, 
NtSetInformationObject, CsrNewThread, CsrClientConnectToServer, 
RtlCreateTagHeap, LdrSetDllManifestProber, RtlSetThreadPoolStartFunc, 
RtlEncodePointer, _stricmp, wcscat, RtlCreateHeap, RtlDestroyHeap, 
RtlExtendHeap, RtlQueryTagHeap, RtlUsageHeap, RtlValidateHeap, 
RtlGetProcessHeaps, RtlWalkHeap, RtlSetHeapInformation, 
RtlQueryHeapInformation, RtlInitializeHandleTable, 
RtlExtendedLargeIntegerDivide, NtCreateMailslotFile, RtlFormatMessage, 
RtlFindMessage, LdrUnloadDll, LdrUnloadAlternateResourceModule, 
LdrDisableThreadCalloutsForDll, strchr, LdrGetDllHandle, LdrUnlockLoaderLock, 
LdrAddRefDll, RtlComputePrivatizedDllName_U, RtlPcToFileHeader, 
LdrLockLoaderLock, RtlGetVersion, RtlVerifyVersionInfo, 
LdrEnumerateLoadedModules, RtlUnicodeStringToInteger, 
LdrLoadAlternateResourceModule, RtlDosApplyFileIsolationRedirection_Ustr, 
LdrLoadDll, LdrGetProcedureAddress, LdrFindResource_U, LdrAccessResource, 
LdrFindResourceDirectory_U, RtlImageDirectoryEntryToData, _strcmpi, 
NtSetInformationThread, NtOpenThreadToken, NtCreateNamedPipeFile, 
RtlDefaultNpAcl, RtlDosSearchPath_Ustr, RtlInitUnicodeStringEx, 
RtlQueryEnvironmentVariable_U, RtlAnsiCharToUnicodeChar, RtlIntegerToChar,
 NtSetVolumeInformationFile, RtlIsNameLegalDOS8Dot3, 
NtQueryPerformanceCounter, sprintf, NtPowerInformation, NtInitiatePowerAction, NtSetThreadExecutionState, 
NtRequestWakeupLatency, NtGetDevicePowerState, 
NtIsSystemResumeAutomatic, NtRequestDeviceWakeup, 
NtCancelDeviceWakeupRequest, NtWriteVirtualMemory, LdrShutdownProcess, 
NtTerminateProcess, RtlRaiseStatus, RtlSetEnvironmentVariable, 
RtlExpandEnvironmentStrings_U, NtReadVirtualMemory, 
RtlCompareUnicodeString, RtlQueryRegistryValues, NtCreateJobSet, 
NtCreateJobObject, NtIsProcessInJob, RtlEqualSid, RtlSubAuthoritySid, 
RtlInitializeSid, NtQueryInformationToken, NtOpenProcessToken
NtResumeThread, NtAssignProcessToJobObject, 
CsrCaptureMessageMultiUnicodeStringsInPlace, NtCreateThread
NtCreateProcessEx, LdrQueryImageFileExecutionOptions, 
RtlDestroyEnvironment, NtQuerySection, NtQueryInformationJobObject, 
RtlGetNativeSystemInformation, RtlxAnsiStringToUnicodeSize, NtOpenEvent, 
NtQueryEvent, NtTerminateThread, wcsrchr, NlsMbOemCodePageTag, 
RtlxUnicodeStringToOemSize, NtAdjustPrivilegesToken, RtlImpersonateSelf, 
wcsncmp, RtlDestroyProcessParameters, RtlCreateProcessParameters, 
RtlInitializeCriticalSectionAndSpinCount, NtSetEvent, NtClearEvent, 
NtPulseEvent, NtCreateSemaphore, NtOpenSemaphore, NtReleaseSemaphore, 
NtCreateMutant, NtOpenMutant, NtReleaseMutant
NtSignalAndWaitForSingleObject, NtWaitForMultipleObjects, NtDelayExecution
, NtCreateTimer, NtOpenTimer, NtSetTimer, NtCancelTimer, NtCreateEvent, 
RtlCopyLuid, strrchr, _vsnwprintf, RtlReleaseActivationContext, 
RtlActivateActivationContextEx, RtlQueryInformationActivationContext, 
NtOpenThread, LdrShutdownThread, RtlFreeThreadActivationContextStack, 
NtGetContextThread, NtSetContextThread, NtSuspendThread, 
RtlRaiseException, RtlDecodePointer, towlower, RtlClearBits, 
RtlFindClearBitsAndSet, RtlAreBitsSet, NtQueueApcThread, NtYieldExecution, 
RtlRegisterWait, RtlDeregisterWait, RtlDeregisterWaitEx, RtlQueueWorkItem, 
RtlSetIoCompletionCallback, RtlCreateTimerQueue, RtlCreateTimer, 
RtlUpdateTimer, RtlDeleteTimer, RtlDeleteTimerQueueEx, 
CsrIdentifyAlertableThread, RtlApplicationVerifierStop, _alloca_probe, 
RtlDestroyQueryDebugBuffer, RtlQueryProcessDebugInformation, 
RtlCreateQueryDebugBuffer, RtlCreateEnvironment, RtlFreeOemString, strstr, 
toupper, isdigit, atol, tolower, NtOpenJobObject, NtTerminateJobObject, 
NtSetInformationJobObject, RtlAddRefActivationContext, 
RtlZombifyActivationContext, RtlActivateActivationContext, 
RtlDeactivateActivationContext, RtlGetActiveActivationContext, DbgPrintEx, 
LdrDestroyOutOfProcessImage, LdrAccessOutOfProcessResource, 
LdrFindCreateProcessManifest, LdrCreateOutOfProcessImage, 
RtlNtStatusToDosErrorNoTeb, RtlpApplyLengthFunction, 
RtlGetLengthWithoutLastFullDosOrNtPathElement, RtlpEnsureBufferSize, 
RtlMultiAppendUnicodeStringBuffer, _snwprintf, RtlCreateActivationContext
RtlFindActivationContextSectionString, RtlFindActivationContextSectionGuid, 
_allshl, RtlNtPathNameToDosPathName, RtlUnhandledExceptionFilter
CsrCaptureMessageBuffer, NtQueryInstallUILanguage, 
NtQueryDefaultUILanguage, wcspbrk, RtlOpenCurrentUser, 
RtlGetDaclSecurityDescriptor, NtCreateDirectoryObject, _wcslwr, _wtol
RtlIntegerToUnicodeString, NtQueryDefaultLocale, _strlwr, RtlUnwind
         

Alt 18.05.2008, 15:18   #7
Butzl
 
Trojan Horse Generic 10.VPD, was tun? - Standard

Trojan Horse Generic 10.VPD, was tun?



Weiter Auswertung kernel32.dll:

( 949 exports )
ActivateActCtx, AddAtomA, AddAtomW, AddConsoleAliasA, AddConsoleAliasW, AddLocalAlternateComputerNameA, AddLocalAlternateComputerNameW, AddRefActCtx, AddVectoredExceptionHandler, AllocConsole, AllocateUserPhysicalPages, AreFileApisANSI, AssignProcessToJobObject, AttachConsole, BackupRead, BackupSeek, BackupWrite, BaseCheckAppcompatCache, BaseCleanupAppcompatCache, BaseCleanupAppcompatCacheSupport, BaseDumpAppcompatCache, BaseFlushAppcompatCache, BaseInitAppcompatCache, BaseInitAppcompatCacheSupport, BaseProcessInitPostImport, BaseQueryModuleData, BaseUpdateAppcompatCache, BasepCheckWinSaferRestrictions, Beep, BeginUpdateResourceA, BeginUpdateResourceW, BindIoCompletionCallback, BuildCommDCBA, BuildCommDCBAndTimeoutsA, BuildCommDCBAndTimeoutsW, BuildCommDCBW, CallNamedPipeA, CallNamedPipeW, CancelDeviceWakeupRequest, CancelIo, CancelTimerQueueTimer, CancelWaitableTimer, ChangeTimerQueueTimer, CheckNameLegalDOS8Dot3A, CheckNameLegalDOS8Dot3W, CheckRemoteDebuggerPresent, ClearCommBreak, ClearCommError, CloseConsoleHandle, CloseHandle, CloseProfileUserMapping, CmdBatNotification, CommConfigDialogA, CommConfigDialogW, CompareFileTime, CompareStringA, CompareStringW, ConnectNamedPipe, ConsoleMenuControl, ContinueDebugEvent, ConvertDefaultLocale, ConvertFiberToThread, ConvertThreadToFiber, CopyFileA, CopyFileExA, CopyFileExW, CopyFileW, CopyLZFile, CreateActCtxA, CreateActCtxW, CreateConsoleScreenBuffer, CreateDirectoryA, CreateDirectoryExA, CreateDirectoryExW, CreateDirectoryW, CreateEventA, CreateEventW, CreateFiber, CreateFiberEx, CreateFileA, CreateFileMappingA, CreateFileMappingW, CreateFileW, CreateHardLinkA, CreateHardLinkW, CreateIoCompletionPort, CreateJobObjectA, CreateJobObjectW, CreateJobSet, CreateMailslotA, CreateMailslotW, CreateMemoryResourceNotification, CreateMutexA, CreateMutexW, CreateNamedPipeA, CreateNamedPipeW, CreateNlsSecurityDescriptor, CreatePipe, CreateProcessA, CreateProcessInternalA, CreateProcessInternalW, CreateProcessInternalWSecure, CreateProcessW, CreateRemoteThread, CreateSemaphoreA, CreateSemaphoreW, CreateSocketHandle, CreateTapePartition, CreateThread, CreateTimerQueue, CreateTimerQueueTimer, CreateToolhelp32Snapshot, CreateVirtualBuffer, CreateWaitableTimerA, CreateWaitableTimerW, DeactivateActCtx, DebugActiveProcess, DebugActiveProcessStop, DebugBreak, DebugBreakProcess, DebugSetProcessKillOnExit, DecodePointer, DecodeSystemPointer, DefineDosDeviceA, DefineDosDeviceW, DelayLoadFailureHook, DeleteAtom, DeleteCriticalSection, DeleteFiber, DeleteFileA, DeleteFileW, DeleteTimerQueue, DeleteTimerQueueEx, DeleteTimerQueueTimer, DeleteVolumeMountPointA, DeleteVolumeMountPointW, DeviceIoControl, DisableThreadLibraryCalls, DisconnectNamedPipe, DnsHostnameToComputerNameA, DnsHostnameToComputerNameW, DosDateTimeToFileTime, DosPathToSessionPathA, DosPathToSessionPathW, DuplicateConsoleHandle, DuplicateHandle, EncodePointer, EncodeSystemPointer, EndUpdateResourceA, EndUpdateResourceW, EnterCriticalSection, EnumCalendarInfoA, EnumCalendarInfoExA, EnumCalendarInfoExW, EnumCalendarInfoW, EnumDateFormatsA, EnumDateFormatsExA, EnumDateFormatsExW, EnumDateFormatsW, EnumLanguageGroupLocalesA, EnumLanguageGroupLocalesW, EnumResourceLanguagesA, EnumResourceLanguagesW, EnumResourceNamesA, EnumResourceNamesW, EnumResourceTypesA, EnumResourceTypesW, EnumSystemCodePagesA, EnumSystemCodePagesW, EnumSystemGeoID, EnumSystemLanguageGroupsA, EnumSystemLanguageGroupsW, EnumSystemLocalesA, EnumSystemLocalesW, EnumTimeFormatsA, EnumTimeFormatsW, EnumUILanguagesA, EnumUILanguagesW, EnumerateLocalComputerNamesA, EnumerateLocalComputerNamesW, EraseTape, EscapeCommFunction, ExitProcess, ExitThread, ExitVDM, ExpandEnvironmentStringsA, ExpandEnvironmentStringsW, ExpungeConsoleCommandHistoryA, ExpungeConsoleCommandHistoryW, ExtendVirtualBuffer, FatalAppExitA, FatalAppExitW, FatalExit, FileTimeToDosDateTime, FileTimeToLocalFileTime, FileTimeToSystemTime, FillConsoleOutputAttribute, FillConsoleOutputCharacterA, FillConsoleOutputCharacterW, FindActCtxSectionGuid, FindActCtxSectionStringA, FindActCtxSectionStringW, FindAtomA, FindAtomW, FindClose, FindCloseChangeNotification, FindFirstChangeNotificationA, FindFirstChangeNotificationW, FindFirstFileA, FindFirstFileExA, FindFirstFileExW, FindFirstFileW, FindFirstVolumeA, FindFirstVolumeMountPointA, FindFirstVolumeMountPointW, FindFirstVolumeW, FindNextChangeNotification, FindNextFileA, FindNextFileW, FindNextVolumeA, FindNextVolumeMountPointA, FindNextVolumeMountPointW, FindNextVolumeW, FindResourceA, FindResourceExA, FindResourceExW, FindResourceW, FindVolumeClose, FindVolumeMountPointClose, FlushConsoleInputBuffer, FlushFileBuffers, FlushInstructionCache, FlushViewOfFile, FoldStringA, FoldStringW, FormatMessageA, FormatMessageW, FreeConsole, FreeEnvironmentStringsA, FreeEnvironmentStringsW, FreeLibrary, FreeLibraryAndExitThread, FreeResource, FreeUserPhysicalPages, FreeVirtualBuffer, GenerateConsoleCtrlEvent, GetACP, GetAtomNameA, GetAtomNameW, GetBinaryType, GetBinaryTypeA, GetBinaryTypeW, GetCPFileNameFromRegistry, GetCPInfo, GetCPInfoExA, GetCPInfoExW, GetCalendarInfoA, GetCalendarInfoW, GetComPlusPackageInstallStatus, GetCommConfig, GetCommMask, GetCommModemStatus, GetCommProperties, GetCommState, GetCommTimeouts, GetCommandLineA, GetCommandLineW, GetCompressedFileSizeA, GetCompressedFileSizeW, GetComputerNameA, GetComputerNameExA, GetComputerNameExW, GetComputerNameW, GetConsoleAliasA, GetConsoleAliasExesA, GetConsoleAliasExesLengthA, GetConsoleAliasExesLengthW, GetConsoleAliasExesW, GetConsoleAliasW, GetConsoleAliasesA, GetConsoleAliasesLengthA, GetConsoleAliasesLengthW, GetConsoleAliasesW, GetConsoleCP, GetConsoleCharType, GetConsoleCommandHistoryA, GetConsoleCommandHistoryLengthA, GetConsoleCommandHistoryLengthW, GetConsoleCommandHistoryW, GetConsoleCursorInfo, GetConsoleCursorMode, GetConsoleDisplayMode, GetConsoleFontInfo, GetConsoleFontSize, GetConsoleHardwareState, GetConsoleInputExeNameA, GetConsoleInputExeNameW, GetConsoleInputWaitHandle, GetConsoleKeyboardLayoutNameA, GetConsoleKeyboardLayoutNameW, GetConsoleMode, GetConsoleNlsMode, GetConsoleOutputCP, GetConsoleProcessList, GetConsoleScreenBufferInfo, GetConsoleSelectionInfo, GetConsoleTitleA, GetConsoleTitleW, GetConsoleWindow, GetCurrencyFormatA, GetCurrencyFormatW, GetCurrentActCtx, GetCurrentConsoleFont, GetCurrentDirectoryA, GetCurrentDirectoryW, GetCurrentProcess, GetCurrentProcessId, GetCurrentThread, GetCurrentThreadId, GetDateFormatA, GetDateFormatW, GetDefaultCommConfigA, GetDefaultCommConfigW, GetDefaultSortkeySize, GetDevicePowerState, GetDiskFreeSpaceA, GetDiskFreeSpaceExA, GetDiskFreeSpaceExW, GetDiskFreeSpaceW, GetDllDirectoryA, GetDllDirectoryW, GetDriveTypeA, GetDriveTypeW, GetEnvironmentStrings, GetEnvironmentStringsA, GetEnvironmentStringsW, GetEnvironmentVariableA, GetEnvironmentVariableW, GetExitCodeProcess, GetExitCodeThread, GetExpandedNameA, GetExpandedNameW, GetFileAttributesA, GetFileAttributesExA, GetFileAttributesExW, GetFileAttributesW, GetFileInformationByHandle, GetFileSize, GetFileSizeEx, GetFileTime, GetFileType, GetFirmwareEnvironmentVariableA, GetFirmwareEnvironmentVariableW, GetFullPathNameA, GetFullPathNameW, GetGeoInfoA, GetGeoInfoW, GetHandleContext, GetHandleInformation, GetLargestConsoleWindowSize, GetLastError, GetLinguistLangSize, GetLocalTime, GetLocaleInfoA, GetLocaleInfoW, GetLogicalDriveStringsA, GetLogicalDriveStringsW, GetLogicalDrives, GetLongPathNameA, GetLongPathNameW, GetMailslotInfo, GetModuleFileNameA, GetModuleFileNameW, GetModuleHandleA, GetModuleHandleExA, GetModuleHandleExW, GetModuleHandleW, GetNamedPipeHandleStateA, GetNamedPipeHandleStateW, GetNamedPipeInfo, GetNativeSystemInfo, GetNextVDMCommand, GetNlsSectionName, GetNumaAvailableMemory, GetNumaAvailableMemoryNode, GetNumaHighestNodeNumber, GetNumaNodeProcessorMask, GetNumaProcessorMap, GetNumaProcessorNode, GetNumberFormatA, GetNumberFormatW, GetNumberOfConsoleFonts, GetNumberOfConsoleInputEvents, GetNumberOfConsoleMouseButtons, GetOEMCP, GetOverlappedResult, GetPriorityClass, GetPrivateProfileIntA, GetPrivateProfileIntW, GetPrivateProfileSectionA, GetPrivateProfileSectionNamesA, GetPrivateProfileSectionNamesW, GetPrivateProfileSectionW, GetPrivateProfileStringA, GetPrivateProfileStringW, GetPrivateProfileStructA, GetPrivateProfileStructW, GetProcAddress, GetProcessAffinityMask, GetProcessHandleCount, GetProcessHeap, GetProcessHeaps, GetProcessId, GetProcessIoCounters, GetProcessPriorityBoost, GetProcessShutdownParameters, GetProcessTimes, GetProcessVersion, GetProcessWorkingSetSize, GetProfileIntA, GetProfileIntW, GetProfileSectionA, GetProfileSectionW, GetProfileStringA, GetProfileStringW, GetQueuedCompletionStatus, GetShortPathNameA, GetShortPathNameW, GetStartupInfoA, GetStartupInfoW, GetStdHandle, GetStringTypeA, GetStringTypeExA, GetStringTypeExW, GetStringTypeW, GetSystemDefaultLCID, GetSystemDefaultLangID, GetSystemDefaultUILanguage, GetSystemDirectoryA, GetSystemDirectoryW, GetSystemInfo, GetSystemPowerStatus, GetSystemRegistryQuota, GetSystemTime, GetSystemTimeAdjustment, GetSystemTimeAsFileTime, GetSystemTimes, GetSystemWindowsDirectoryA, GetSystemWindowsDirectoryW, GetSystemWow64DirectoryA, GetSystemWow64DirectoryW, GetTapeParameters, GetTapePosition, GetTapeStatus, GetTempFileNameA, GetTempFileNameW, GetTempPathA, GetTempPathW, GetThreadContext, GetThreadIOPendingFlag, GetThreadLocale, GetThreadPriority, GetThreadPriorityBoost, GetThreadSelectorEntry, GetThreadTimes, GetTickCount, GetTimeFormatA, GetTimeFormatW, GetTimeZoneInformation, GetUserDefaultLCID, GetUserDefaultLangID, GetUserDefaultUILanguage, GetUserGeoID, GetVDMCurrentDirectories, GetVersion, GetVersionExA, GetVersionExW, GetVolumeInformationA, GetVolumeInformationW, GetVolumeNameForVolumeMountPointA, GetVolumeNameForVolumeMountPointW, GetVolumePathNameA, GetVolumePathNameW, GetVolumePathNamesForVolumeNameA, GetVolumePathNamesForVolumeNameW, GetWindowsDirectoryA, GetWindowsDirectoryW, GetWriteWatch, GlobalAddAtomA, GlobalAddAtomW, GlobalAlloc, GlobalCompact, GlobalDeleteAtom, GlobalFindAtomA, GlobalFindAtomW, GlobalFix, GlobalFlags, GlobalFree, GlobalGetAtomNameA, GlobalGetAtomNameW, GlobalHandle, GlobalLock, GlobalMemoryStatus, GlobalMemoryStatusEx, GlobalReAlloc, GlobalSize, GlobalUnWire, GlobalUnfix, GlobalUnlock, GlobalWire, Heap32First, Heap32ListFirst, Heap32ListNext, Heap32Next, HeapAlloc, HeapCompact, HeapCreate, HeapCreateTagsW, HeapDestroy, HeapExtend, HeapFree, HeapLock, HeapQueryInformation, HeapQueryTagW, HeapReAlloc, HeapSetInformation, HeapSize, HeapSummary, HeapUnlock, HeapUsage, HeapValidate, HeapWalk, InitAtomTable, InitializeCriticalSection, InitializeCriticalSectionAndSpinCount, InitializeSListHead, InterlockedCompareExchange, InterlockedDecrement, InterlockedExchange, InterlockedExchangeAdd, InterlockedFlushSList, InterlockedIncrement, InterlockedPopEntrySList, InterlockedPushEntrySList, InvalidateConsoleDIBits, IsBadCodePtr, IsBadHugeReadPtr, IsBadHugeWritePtr, IsBadReadPtr, IsBadStringPtrA, IsBadStringPtrW, IsBadWritePtr, IsDBCSLeadByte, IsDBCSLeadByteEx, IsDebuggerPresent, IsProcessInJob, IsProcessorFeaturePresent, IsSystemResumeAutomatic, IsValidCodePage, IsValidLanguageGroup, IsValidLocale, IsValidUILanguage, IsWow64Process, LCMapStringA, LCMapStringW, LZClose, LZCloseFile, LZCopy, LZCreateFileW, LZDone, LZInit, LZOpenFileA, LZOpenFileW, LZRead, LZSeek, LZStart, LeaveCriticalSection, LoadLibraryA, LoadLibraryExA, LoadLibraryExW, LoadLibraryW, LoadModule, LoadResource, LocalAlloc, LocalCompact, LocalFileTimeToFileTime, LocalFlags, LocalFree, LocalHandle, LocalLock, LocalReAlloc, LocalShrink, LocalSize, LocalUnlock, LockFile, LockFileEx, LockResource, MapUserPhysicalPages, MapUserPhysicalPagesScatter, MapViewOfFile, MapViewOfFileEx, Module32First, Module32FirstW, Module32Next, Module32NextW, MoveFileA, MoveFileExA, MoveFileExW, MoveFileW, MoveFileWithProgressA, MoveFileWithProgressW, MulDiv, MultiByteToWideChar, NlsConvertIntegerToString, NlsGetCacheUpdateCount, NlsResetProcessLocale, NumaVirtualQueryNode, OpenConsoleW, OpenDataFile, OpenEventA, OpenEventW, OpenFile, OpenFileMappingA, OpenFileMappingW, OpenJobObjectA, OpenJobObjectW, OpenMutexA, OpenMutexW, OpenProcess, OpenProfileUserMapping, OpenSemaphoreA, OpenSemaphoreW, OpenThread, OpenWaitableTimerA, OpenWaitableTimerW, OutputDebugStringA, OutputDebugStringW, PeekConsoleInputA, PeekConsoleInputW, PeekNamedPipe, PostQueuedCompletionStatus, PrepareTape, PrivCopyFileExW, PrivMoveFileIdentityW, Process32First, Process32FirstW, Process32Next, Process32NextW, ProcessIdToSessionId, PulseEvent, PurgeComm, QueryActCtxW, QueryDepthSList, QueryDosDeviceA, QueryDosDeviceW, QueryInformationJobObject, QueryMemoryResourceNotification, QueryPerformanceCounter, QueryPerformanceFrequency, QueryWin31IniFilesMappedToRegistry, QueueUserAPC, QueueUserWorkItem, RaiseException, ReadConsoleA, ReadConsoleInputA, ReadConsoleInputExA, ReadConsoleInputExW, ReadConsoleInputW, ReadConsoleOutputA, ReadConsoleOutputAttribute, ReadConsoleOutputCharacterA, ReadConsoleOutputCharacterW, ReadConsoleOutputW, ReadConsoleW, ReadDirectoryChangesW, ReadFile, ReadFileEx, ReadFileScatter, ReadProcessMemory, RegisterConsoleIME, RegisterConsoleOS2, RegisterConsoleVDM, RegisterWaitForInputIdle, RegisterWaitForSingleObject, RegisterWaitForSingleObjectEx, RegisterWowBaseHandlers, RegisterWowExec, ReleaseActCtx, ReleaseMutex, ReleaseSemaphore, RemoveDirectoryA, RemoveDirectoryW, RemoveLocalAlternateComputerNameA, RemoveLocalAlternateComputerNameW, RemoveVectoredExceptionHandler, ReplaceFile, ReplaceFileA, ReplaceFileW, RequestDeviceWakeup, RequestWakeupLatency, ResetEvent, ResetWriteWatch, RestoreLastError, ResumeThread, RtlCaptureContext, RtlCaptureStackBackTrace, RtlFillMemory, RtlMoveMemory, RtlUnwind, RtlZeroMemory, ScrollConsoleScreenBufferA, ScrollConsoleScreenBufferW, SearchPathA, SearchPathW, SetCPGlobal, SetCalendarInfoA, SetCalendarInfoW, SetClientTimeZoneInformation, SetComPlusPackageInstallStatus, SetCommBreak, SetCommConfig, SetCommMask, SetCommState, SetCommTimeouts, SetComputerNameA, SetComputerNameExA, SetComputerNameExW, SetComputerNameW, SetConsoleActiveScreenBuffer, SetConsoleCP, SetConsoleCommandHistoryMode, SetConsoleCtrlHandler, SetConsoleCursor, SetConsoleCursorInfo, SetConsoleCursorMode, SetConsoleCursorPosition, SetConsoleDisplayMode, SetConsoleFont, SetConsoleHardwareState, SetConsoleIcon, SetConsoleInputExeNameA, SetConsoleInputExeNameW, SetConsoleKeyShortcuts, SetConsoleLocalEUDC, SetConsoleMaximumWindowSize, SetConsoleMenuClose, SetConsoleMode, SetConsoleNlsMode, SetConsoleNumberOfCommandsA, SetConsoleNumberOfCommandsW, SetConsoleOS2OemFormat, SetConsoleOutputCP, SetConsolePalette, SetConsoleScreenBufferSize, SetConsoleTextAttribute, SetConsoleTitleA, SetConsoleTitleW, SetConsoleWindowInfo, SetCriticalSectionSpinCount, SetCurrentDirectoryA, SetCurrentDirectoryW, SetDefaultCommConfigA, SetDefaultCommConfigW, SetDllDirectoryA, SetDllDirectoryW, SetEndOfFile, SetEnvironmentVariableA, SetEnvironmentVariableW, SetErrorMode, SetEvent, SetFileApisToANSI, SetFileApisToOEM, SetFileAttributesA, SetFileAttributesW, SetFilePointer, SetFilePointerEx, SetFileShortNameA, SetFileShortNameW, SetFileTime, SetFileValidData, SetFirmwareEnvironmentVariableA, SetFirmwareEnvironmentVariableW, SetHandleContext, SetHandleCount, SetHandleInformation, SetInformationJobObject, SetLastConsoleEventActive, SetLastError, SetLocalPrimaryComputerNameA, SetLocalPrimaryComputerNameW, SetLocalTime, SetLocaleInfoA, SetLocaleInfoW, SetMailslotInfo, SetMessageWaitingIndicator, SetNamedPipeHandleState, SetPriorityClass, SetProcessAffinityMask, SetProcessPriorityBoost, SetProcessShutdownParameters, SetProcessWorkingSetSize, SetStdHandle, SetSystemPowerState, SetSystemTime, SetSystemTimeAdjustment, SetTapeParameters, SetTapePosition, SetTermsrvAppInstallMode, SetThreadAffinityMask, SetThreadContext, SetThreadExecutionState, SetThreadIdealProcessor, SetThreadLocale, SetThreadPriority, SetThreadPriorityBoost, SetThreadUILanguage, SetTimeZoneInformation, SetTimerQueueTimer, SetUnhandledExceptionFilter, SetUserGeoID, SetVDMCurrentDirectories, SetVolumeLabelA, SetVolumeLabelW, SetVolumeMountPointA, SetVolumeMountPointW, SetWaitableTimer, SetupComm, ShowConsoleCursor, SignalObjectAndWait, SizeofResource, Sleep, SleepEx, SuspendThread, SwitchToFiber, SwitchToThread, SystemTimeToFileTime, SystemTimeToTzSpecificLocalTime, TerminateJobObject, TerminateProcess, TerminateThread, TermsrvAppInstallMode, Thread32First, Thread32Next, TlsAlloc, TlsFree, TlsGetValue, TlsSetValue, Toolhelp32ReadProcessMemory, TransactNamedPipe, TransmitCommChar, TrimVirtualBuffer, TryEnterCriticalSection, TzSpecificLocalTimeToSystemTime, UTRegister, UTUnRegister, UnhandledExceptionFilter, UnlockFile, UnlockFileEx, UnmapViewOfFile, UnregisterConsoleIME, UnregisterWait, UnregisterWaitEx, UpdateResourceA, UpdateResourceW, VDMConsoleOperation, VDMOperationStarted, ValidateLCType, ValidateLocale, VerLanguageNameA, VerLanguageNameW, VerSetConditionMask, VerifyConsoleIoHandle, VerifyVersionInfoA, VerifyVersionInfoW, VirtualAlloc, VirtualAllocEx, VirtualBufferExceptionHandler, VirtualFree, VirtualFreeEx, VirtualLock, VirtualProtect, VirtualProtectEx, VirtualQuery, VirtualQueryEx, VirtualUnlock, WTSGetActiveConsoleSessionId, WaitCommEvent, WaitForDebugEvent, WaitForMultipleObjects, WaitForMultipleObjectsEx, WaitForSingleObject, WaitForSingleObjectEx, WaitNamedPipeA, WaitNamedPipeW, WideCharToMultiByte, WinExec, WriteConsoleA, WriteConsoleInputA, WriteConsoleInputVDMA, WriteConsoleInputVDMW, WriteConsoleInputW, WriteConsoleOutputA, WriteConsoleOutputAttribute, WriteConsoleOutputCharacterA, WriteConsoleOutputCharacterW, WriteConsoleOutputW, WriteConsoleW, WriteFile, WriteFileEx, WriteFileGather, WritePrivateProfileSectionA, WritePrivateProfileSectionW, WritePrivateProfileStringA, WritePrivateProfileStringW, WritePrivateProfileStructA, WritePrivateProfileStructW, WriteProcessMemory, WriteProfileSectionA, WriteProfileSectionW, WriteProfileStringA, WriteProfileStringW, WriteTapemark, ZombifyActCtx, _hread, _hwrite, _lclose, _lcreat, _llseek, _lopen, _lread, _lwrite, lstrcat, lstrcatA, lstrcatW, lstrcmp, lstrcmpA, lstrcmpW, lstrcmpi, lstrcmpiA, lstrcmpiW, lstrcpy, lstrcpyA, lstrcpyW, lstrcpyn, lstrcpynA, lstrcpynW, lstrlen, lstrlenA,lstrlenW

Alt 18.05.2008, 15:21   #8
Butzl
 
Trojan Horse Generic 10.VPD, was tun? - Standard

Trojan Horse Generic 10.VPD, was tun?



Auswertung shell32.dll:

Code:
ATTFilter
Antivirus 	Version 	letzte aktualisierung 	Ergebnis
AhnLab-V3 	2008.3.4.0 	2008.03.07 	-
AntiVir 	7.6.0.73 	2008.03.07 	-
Authentium 	4.93.8 	2008.03.07 	-
Avast 	4.7.1098.0 	2008.03.07 	-
AVG 	7.5.0.516 	2008.03.08 	-
BitDefender 	7.2 	2008.03.08 	-
CAT-QuickHeal 	9.50 	2008.03.08 	-
ClamAV 	0.92.1 	2008.03.08 	-
DrWeb 	4.44.0.09170 	2008.03.08 	-
eSafe 	7.0.15.0 	2008.03.06 	-
eTrust-Vet 	31.3.5597 	2008.03.07 	-
Ewido 	4.0 	2008.03.08 	-
F-Prot 	4.4.2.54 	2008.03.08 	-
F-Secure 	6.70.13260.0 	2008.03.08 	-
FileAdvisor 	1 	2008.03.08 	-
Fortinet 	3.14.0.0 	2008.03.08 	-
Ikarus 	T3.1.1.20 	2008.03.08 	-
Kaspersky 	7.0.0.125 	2008.03.08 	-
McAfee 	5247 	2008.03.07 	-
Microsoft 	1.3301 	2008.03.07 	-
NOD32v2 	2931 	2008.03.08 	-
Norman 	5.80.02 	2008.03.07 	-
Panda 	9.0.0.4 	2008.03.08 	-
Prevx1 	V2 	2008.03.08 	-
Rising 	20.34.52.00 	2008.03.08 	-
Sophos 	4.27.0 	2008.03.08 	-
Sunbelt 	3.0.930.0 	2008.03.05 	-
Symantec 	10 	2008.03.08 	-
TheHacker 	6.2.92.238 	2008.03.08 	-
VBA32 	3.12.6.2 	2008.03.05 	-
VirusBuster 	4.3.26:9 	2008.03.07 	-
Webwasher-Gateway 	6.6.2 	2008.03.08 	-
weitere Informationen
File size: 8495616 bytes
MD5: f49209a27f4987ce58168f8ec4e93e17
SHA1: f6d2b36a7135d03ad24dfd1e45b80745b23e5f00
PEiD: -
         

Alt 18.05.2008, 15:31   #9
Butzl
 
Trojan Horse Generic 10.VPD, was tun? - Standard

Trojan Horse Generic 10.VPD, was tun?



Hier gehts weiter mit der ntoskrnl.exe (nicht ntoskrnl.dll):

Code:
ATTFilter
Antivirus 	Version 	letzte aktualisierung 	Ergebnis
AhnLab-V3 	2008.5.16.0 	2008.05.16 	-
AntiVir 	7.8.0.19 	2008.05.17 	-
Authentium 	5.1.0.4 	2008.05.17 	-
Avast 	4.8.1195.0 	2008.05.17 	-
AVG 	7.5.0.516 	2008.05.16 	-
BitDefender 	7.2 	2008.05.17 	-
CAT-QuickHeal 	9.50 	2008.05.17 	-
ClamAV 	0.92.1 	2008.05.17 	-
DrWeb 	4.44.0.09170 	2008.05.17 	-
eSafe 	7.0.15.0 	2008.05.16 	-
eTrust-Vet 	31.4.5796 	2008.05.16 	-
Ewido 	4.0 	2008.05.14 	-
F-Prot 	4.4.2.54 	2008.05.16 	-
F-Secure 	6.70.13260.0 	2008.05.17 	-
Fortinet 	3.14.0.0 	2008.05.17 	-
GData 	2.0.7306.1023 	2008.05.17 	-
Ikarus 	T3.1.1.26.0 	2008.05.17 	-
Kaspersky 	7.0.0.125 	2008.05.17 	-
McAfee 	5297 	2008.05.17 	-
Microsoft 	1.3408 	2008.05.13 	-
NOD32v2 	3106 	2008.05.16 	-
Norman 	5.80.02 	2008.05.16 	-
Panda 	9.0.0.4 	2008.05.17 	-
Prevx1 	V2 	2008.05.17 	-
Rising 	20.44.52.00 	2008.05.17 	-
Sophos 	4.29.0 	2008.05.17 	-
Sunbelt 	3.0.1123.1 	2008.05.17 	-
Symantec 	10 	2008.05.17 	-
TheHacker 	6.2.92.311 	2008.05.15 	-
VBA32 	3.12.6.6 	2008.05.17 	-
VirusBuster 	4.3.26:9 	2008.05.16 	-
Webwasher-Gateway 	6.6.2 	2008.05.17 	-
weitere Informationen
File size: 2182656 bytes
MD5...: 2804b72eb675cd43df7994ae4685b894
SHA1..: 4537f42e7cc05b5ed9c2e8f89177e6f4465c968d
SHA256: e087e71b2615e362c78939a2ebc99d73a15c9b8161c88a1e82f2792cd7b87056
SHA512: 2023a7fe7cd9d87f4e7d558bf6516e3d78ee1f306d7176b3aca8ee9ff19e9557
29651401083a400a4920fc34ca3b8d630639346bea11783ac86efe0ae6dc91da
PEiD..: -
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x5d55ce
timedatestamp.....: 0x45e54711 (Wed Feb 28 09:10:41 2007)
machinetype.......: 0x14c (I386)

( 21 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x580 0x719e1 0x71a00 6.62 57d36bc8ba8d45ecc6b8667921c8e894
POOLMI 0x71f80 0x12b3 0x1300 6.33 5c84474ee7358adc7dd2f4f4dc1922d5
MISYSPTE 0x73280 0x700 0x700 6.27 f652fa0c4cb20f967cfa26bc8652c232
POOLCODE 0x73980 0x15a0 0x1600 6.40 91ff6c6045b9028a42d131db914385b2
.data 0x74f80 0x16ca0 0x16d00 0.46 418d3b39d0940bee373b0007cb758540
PAGE 0x8bc80 0xf8e0c 0xf8e80 6.65 0bd8ca099e01a8a2ea836c37cfddd898
PAGELK 0x184b00 0xe359 0xe380 6.73 639cfba96de315d8a3376c31524cfeff
PAGEVRFY 0x192e80 0xf1cd 0xf200 6.69 be26ed409a4678bfb448d4cd10f43d90
PAGEWMI 0x1a2080 0x17fd 0x1800 6.47 d0f165045712f92a4b73fa66790e865d
PAGEKD 0x1a3880 0x4052 0x4080 6.50 47d66edd4fb143d3480a5d2270dbd79d
PAGESPEC 0x1a7900 0xc43 0xc80 6.33 4ee0d907ea989af7a7c3603d13b7b37e
PAGEHDLS 0x1a8580 0x1dd8 0x1e00 6.27 54cf8bdf56a419d4a8e9871842ce4449
.edata 0x1aa380 0xb55d 0xb580 6.02 f1f14a925c719b578cfb48b34099ddff
PAGEDATA 0x1b5900 0x1558 0x1580 2.72 428b630c17eb3b4ca83fa093a314d2bf
PAGEKD 0x1b6e80 0xc021 0xc080 0.00 a232d40b84ef18bece78659b97c6d79d
PAGECONS 0x1c2f00 0x18c 0x200 2.25 55b19e2f30c97318e03aefe5df653355
PAGEVRFC 0x1c3100 0x3449 0x3480 5.25 a5c37ded2d25d14ea31f2739c965f3cd
PAGEVRFD 0x1c6580 0x648 0x680 2.74 6e289d0f6c38982d4c9fbf48d60ded65
INIT 0x1c6c00 0x2d728 0x2d780 6.52 779977d46dfc1ca2fa7aaa9170519cde
.rsrc 0x1f4380 0x11050 0x11080 5.37 8754106c358325b40e342bcae67446e2
.reloc 0x205400 0xf984 0xfa00 6.78 bae902f271b60925f22cb866c5aaa12b

( 3 imports )
> BOOTVID.dll: VidInitialize, VidDisplayString, VidSetTextColor, VidSolidColorFill, VidBitBlt, VidBufferToScreenBlt, VidScreenToBufferBlt, VidResetDisplay, VidCleanUp, VidSetScrollRegion
> HAL.dll: HalReportResourceUsage, HalAllProcessorsStarted, HalQueryRealTimeClock, HalAllocateAdapterChannel, KeStallExecutionProcessor, HalTranslateBusAddress, KfReleaseSpinLock, KfAcquireSpinLock, HalGetBusDataByOffset, HalSetBusDataByOffset, KeQueryPerformanceCounter, HalReturnToFirmware, READ_PORT_UCHAR, READ_PORT_USHORT, READ_PORT_ULONG, WRITE_PORT_UCHAR, WRITE_PORT_USHORT, WRITE_PORT_ULONG, HalInitializeProcessor, HalCalibratePerformanceCounter, HalSetRealTimeClock, HalHandleNMI, HalBeginSystemInterrupt, HalEndSystemInterrupt, KeRaiseIrqlToSynchLevel, KeAcquireInStackQueuedSpinLockRaiseToSynch, HalInitSystem, HalDisableSystemInterrupt, HalEnableSystemInterrupt, KeRaiseIrql, KeLowerIrql, HalClearSoftwareInterrupt, KeReleaseSpinLock, KeAcquireSpinLock, ExTryToAcquireFastMutex, KeAcquireSpinLockRaiseToSynch, KeFlushWriteBuffer, HalProcessorIdle, HalReadDmaCounter, IoMapTransfer, IoFreeMapRegisters, IoFreeAdapterChannel, IoFlushAdapterBuffers, HalFreeCommonBuffer, HalAllocateCommonBuffer, HalAllocateCrashDumpRegisters, HalGetAdapter, HalSetTimeIncrement, HalGetEnvironmentVariable, HalSetEnvironmentVariable, KfRaiseIrql, HalGetInterruptVector, KeGetCurrentIrql, HalRequestSoftwareInterrupt, KeAcquireInStackQueuedSpinLock, KeReleaseInStackQueuedSpinLock, ExAcquireFastMutex, ExReleaseFastMutex, KeRaiseIrqlToDpcLevel, HalSystemVectorDispatchEntry, KfLowerIrql, HalStartProfileInterrupt, HalSetProfileInterval, HalStopProfileInterrupt
> KDCOM.dll: KdD0Transition, KdD3Transition, KdRestore, KdReceivePacket, KdDebuggerInitialize0, KdSave, KdDebuggerInitialize1, KdSendPacket

( 1485 exports )
CcCanIWrite, CcCopyRead, CcCopyWrite, CcDeferWrite, CcFastCopyRead, CcFastCopyWrite, CcFastMdlReadWait, CcFastReadNotPossible, CcFastReadWait, CcFlushCache, CcGetDirtyPages, CcGetFileObjectFromBcb, CcGetFileObjectFromSectionPtrs, CcGetFlushedValidData, CcGetLsnForFileObject, CcInitializeCacheMap, CcIsThereDirtyData, CcMapData, CcMdlRead, CcMdlReadComplete, CcMdlWriteAbort, CcMdlWriteComplete, CcPinMappedData, CcPinRead, CcPrepareMdlWrite, CcPreparePinWrite, CcPurgeCacheSection, CcRemapBcb, CcRepinBcb, CcScheduleReadAhead, CcSetAdditionalCacheAttributes, CcSetBcbOwnerPointer, CcSetDirtyPageThreshold, CcSetDirtyPinnedData, CcSetFileSizes, CcSetLogHandleForFile, CcSetReadAheadGranularity, CcUninitializeCacheMap, CcUnpinData, CcUnpinDataForThread, CcUnpinRepinnedBcb, CcWaitForCurrentLazyWriterActivity, CcZeroData, CmRegisterCallback, CmUnRegisterCallback, DbgBreakPoint, DbgBreakPointWithStatus, DbgLoadImageSymbols, DbgPrint, DbgPrintEx, DbgPrintReturnControlC, DbgPrompt, DbgQueryDebugFilterState, DbgSetDebugFilterState, ExAcquireFastMutexUnsafe, ExAcquireResourceExclusiveLite, ExAcquireResourceSharedLite, ExAcquireRundownProtection, ExAcquireRundownProtectionEx, ExAcquireSharedStarveExclusive, ExAcquireSharedWaitForExclusive, ExAllocateFromPagedLookasideList, ExAllocatePool, ExAllocatePoolWithQuota, ExAllocatePoolWithQuotaTag, ExAllocatePoolWithTag, ExAllocatePoolWithTagPriority, ExConvertExclusiveToSharedLite, ExCreateCallback, ExDeleteNPagedLookasideList, ExDeletePagedLookasideList, ExDeleteResourceLite, ExDesktopObjectType, ExDisableResourceBoostLite, ExEnumHandleTable, ExEventObjectType, ExExtendZone, ExFreePool, ExFreePoolWithTag, ExFreeToPagedLookasideList, ExGetCurrentProcessorCounts, ExGetCurrentProcessorCpuUsage, ExGetExclusiveWaiterCount, ExGetPreviousMode, ExGetSharedWaiterCount, ExInitializeNPagedLookasideList, ExInitializePagedLookasideList, ExInitializeResourceLite, ExInitializeRundownProtection, ExInitializeZone, ExInterlockedAddLargeInteger, ExInterlockedAddLargeStatistic, ExInterlockedAddUlong, ExInterlockedCompareExchange64, ExInterlockedDecrementLong, ExInterlockedExchangeUlong, ExInterlockedExtendZone, ExInterlockedFlushSList, ExInterlockedIncrementLong, ExInterlockedInsertHeadList, ExInterlockedInsertTailList, ExInterlockedPopEntryList, ExInterlockedPopEntrySList, ExInterlockedPushEntryList, ExInterlockedPushEntrySList, ExInterlockedRemoveHeadList, ExIsProcessorFeaturePresent, ExIsResourceAcquiredExclusiveLite, ExIsResourceAcquiredSharedLite, ExLocalTimeToSystemTime, ExNotifyCallback, ExQueryPoolBlockSize, ExQueueWorkItem, ExRaiseAccessViolation, ExRaiseDatatypeMisalignment, ExRaiseException, ExRaiseHardError, ExRaiseStatus, ExReInitializeRundownProtection, ExRegisterCallback, ExReinitializeResourceLite, ExReleaseFastMutexUnsafe, ExReleaseResourceForThreadLite, ExReleaseResourceLite, ExReleaseRundownProtection, ExReleaseRundownProtectionEx, ExRundownCompleted, ExSemaphoreObjectType, ExSetResourceOwnerPointer, ExSetTimerResolution, ExSystemExceptionFilter, ExSystemTimeToLocalTime, ExUnregisterCallback, ExUuidCreate, ExVerifySuite, ExWaitForRundownProtectionRelease, ExWindowStationObjectType, ExfAcquirePushLockExclusive, ExfAcquirePushLockShared, ExfInterlockedAddUlong, ExfInterlockedCompareExchange64, ExfInterlockedInsertHeadList, ExfInterlockedInsertTailList, ExfInterlockedPopEntryList, ExfInterlockedPushEntryList, ExfInterlockedRemoveHeadList, ExfReleasePushLock, Exfi386InterlockedDecrementLong, Exfi386InterlockedExchangeUlong, Exfi386InterlockedIncrementLong, Exi386InterlockedDecrementLong, Exi386InterlockedExchangeUlong, Exi386InterlockedIncrementLong, FsRtlAcquireFileExclusive, FsRtlAddLargeMcbEntry, FsRtlAddMcbEntry, FsRtlAddToTunnelCache, FsRtlAllocateFileLock, FsRtlAllocatePool, FsRtlAllocatePoolWithQuota, FsRtlAllocatePoolWithQuotaTag, FsRtlAllocatePoolWithTag, FsRtlAllocateResource, FsRtlAreNamesEqual, FsRtlBalanceReads, FsRtlCheckLockForReadAccess, FsRtlCheckLockForWriteAccess, FsRtlCheckOplock, FsRtlCopyRead, FsRtlCopyWrite, FsRtlCreateSectionForDataScan, FsRtlCurrentBatchOplock, FsRtlDeleteKeyFromTunnelCache, FsRtlDeleteTunnelCache, FsRtlDeregisterUncProvider, FsRtlDissectDbcs, FsRtlDissectName, FsRtlDoesDbcsContainWildCards, FsRtlDoesNameContainWildCards, FsRtlFastCheckLockForRead, FsRtlFastCheckLockForWrite, FsRtlFastUnlockAll, FsRtlFastUnlockAllByKey, FsRtlFastUnlockSingle, FsRtlFindInTunnelCache, FsRtlFreeFileLock, FsRtlGetFileSize, FsRtlGetNextFileLock, FsRtlGetNextLargeMcbEntry, FsRtlGetNextMcbEntry, FsRtlIncrementCcFastReadNoWait, FsRtlIncrementCcFastReadNotPossible, FsRtlIncrementCcFastReadResourceMiss, FsRtlIncrementCcFastReadWait, FsRtlInitializeFileLock, FsRtlInitializeLargeMcb, FsRtlInitializeMcb, FsRtlInitializeOplock, FsRtlInitializeTunnelCache, FsRtlInsertPerFileObjectContext, FsRtlInsertPerStreamContext, FsRtlIsDbcsInExpression, FsRtlIsFatDbcsLegal, FsRtlIsHpfsDbcsLegal, FsRtlIsNameInExpression, FsRtlIsNtstatusExpected, FsRtlIsPagingFile, FsRtlIsTotalDeviceFailure, FsRtlLegalAnsiCharacterArray, FsRtlLookupLargeMcbEntry, FsRtlLookupLastLargeMcbEntry, FsRtlLookupLastLargeMcbEntryAndIndex, FsRtlLookupLastMcbEntry, FsRtlLookupMcbEntry, FsRtlLookupPerFileObjectContext, FsRtlLookupPerStreamContextInternal, FsRtlMdlRead, FsRtlMdlReadComplete, FsRtlMdlReadCompleteDev, FsRtlMdlReadDev, FsRtlMdlWriteComplete, FsRtlMdlWriteCompleteDev, FsRtlNormalizeNtstatus, FsRtlNotifyChangeDirectory, FsRtlNotifyCleanup, FsRtlNotifyFilterChangeDirectory, FsRtlNotifyFilterReportChange, FsRtlNotifyFullChangeDirectory, FsRtlNotifyFullReportChange, FsRtlNotifyInitializeSync, FsRtlNotifyReportChange, FsRtlNotifyUninitializeSync, FsRtlNotifyVolumeEvent, FsRtlNumberOfRunsInLargeMcb, FsRtlNumberOfRunsInMcb, FsRtlOplockFsctrl, FsRtlOplockIsFastIoPossible, FsRtlPostPagingFileStackOverflow, FsRtlPostStackOverflow, FsRtlPrepareMdlWrite, FsRtlPrepareMdlWriteDev, FsRtlPrivateLock, FsRtlProcessFileLock, FsRtlRegisterFileSystemFilterCallbacks, FsRtlRegisterUncProvider, FsRtlReleaseFile, FsRtlRemoveLargeMcbEntry, FsRtlRemoveMcbEntry, FsRtlRemovePerFileObjectContext, FsRtlRemovePerStreamContext, FsRtlResetLargeMcb, FsRtlSplitLargeMcb, FsRtlSyncVolumes, FsRtlTeardownPerStreamContexts, FsRtlTruncateLargeMcb, FsRtlTruncateMcb, FsRtlUninitializeFileLock, FsRtlUninitializeLargeMcb, FsRtlUninitializeMcb, FsRtlUninitializeOplock, HalDispatchTable, HalExamineMBR, HalPrivateDispatchTable, HeadlessDispatch, InbvAcquireDisplayOwnership, InbvCheckDisplayOwnership, InbvDisplayString, InbvEnableBootDriver, InbvEnableDisplayString, InbvInstallDisplayStringFilter, InbvIsBootDriverInstalled, InbvNotifyDisplayOwnershipLost, InbvResetDisplay, InbvSetScrollRegion, InbvSetTextColor, InbvSolidColorFill, InitSafeBootMode, InterlockedCompareExchange,
         

Alt 18.05.2008, 16:22   #10
Butzl
 
Trojan Horse Generic 10.VPD, was tun? - Standard

Trojan Horse Generic 10.VPD, was tun?



Auswertung lyx-1.4.1_win32_setup_v1.exe:

Code:
ATTFilter
Antivirus 	Version 	letzte aktualisierung 	Ergebnis
AhnLab-V3	2008.5.10.0	2008.05.13	-
AntiVir	7.8.0.17	2008.05.13	-
Authentium	5.1.0.4	2008.05.14	-
Avast	4.8.1169.0	2008.05.12	-
AVG	7.5.0.516	2008.05.13	-
BitDefender	7.2	2008.05.08	-
CAT-QuickHeal	9.50	2008.05.12	-
ClamAV	0.92.1	2008.05.13	-
DrWeb	4.44.0.09170	2008.05.13	-
eSafe	7.0.15.0	2008.05.12	-
eTrust-Vet	31.4.5784	2008.05.13	-
Ewido	4.0	2008.05.13	-
F-Prot	4.4.2.54	2008.05.13	-
F-Secure	6.70.13260.0	2008.05.13	-
Fortinet	3.14.0.0	2008.05.13	-
GData	2.0.7306.1023	2008.05.14	-
Ikarus	T3.1.1.26.0	2008.05.13	-
Kaspersky	7.0.0.125	2008.05.13	-
McAfee	5293	2008.05.12	-
Microsoft	1.3408	2008.05.13	-
NOD32v2	3095	2008.05.13	-
Norman	5.80.02	2008.05.09	-
Panda	9.0.0.4	2008.05.12	-
Prevx1	V2	2008.05.18	Malicious Software
Rising	20.44.12.00	2008.05.13	-
Sophos	4.29.0	2008.05.13	-
Sunbelt	3.0.1114.0	2008.05.12	-
Symantec	10	2008.05.13	-
TheHacker	6.2.92.309	2008.05.13	-
VBA32	3.12.6.6	2008.05.13	-
VirusBuster	4.3.26:9	2008.05.12	-
Webwasher-Gateway	6.6.2	2008.05.13	-
weitere Informationen
File size: 8813106 bytes
MD5...: 8c57536d93b08000719c4b153642feac
SHA1..: 3ccde443b072ee9a003e64c2b128e14ff8c7e9eb
SHA256: ec9370be3bff636a7034c20cac825bbed31d9e3880019140e16540e90aaeb0c9
SHA512: 2b5d7851ad6031e520280fadb3be9d6f3a0fecdb4395df037e45b386e8bd6833
eec40866a35c44f4b852515241bd10db399f4fc463387b76e2815ef1ebeddac1
PEiD..: -
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x403137
timedatestamp.....: 0x4436a86e (Fri Apr 07 17:59:10 2006)
machinetype.......: 0x14c (I386)

( 5 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x5874 0x5a00 6.39 79e0c9546f9b938bb7f605623114f805
.rdata 0x7000 0x10f2 0x1200 5.06 91271e85c1048ae5a465a5a9d34af29f
.data 0x9000 0x1b3f4 0x400 5.07 3dbf52131f08fdb4f69eeddf57a5a444
.ndata 0x25000 0xf000 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e
.rsrc 0x34000 0x3bb8 0x3c00 3.98 58a45b3fdaeee7e818c8681abe75a51d

( 8 imports )
> KERNEL32.dll: CloseHandle, SetFileTime, CompareFileTime, SearchPathA, GetShortPathNameA, GetFullPathNameA, MoveFileA, SetCurrentDirectoryA, GetFileAttributesA, GetLastError, CreateDirectoryA, SetFileAttributesA, Sleep, GetFileSize, GetModuleFileNameA, GetTickCount, GetCurrentProcess, lstrcmpiA, ExitProcess, GetCommandLineA, GetWindowsDirectoryA, GetTempPathA, lstrcpynA, GetDiskFreeSpaceA, GlobalUnlock, GlobalLock, CreateThread, CreateProcessA, RemoveDirectoryA, CreateFileA, GetTempFileNameA, lstrlenA, lstrcatA, GetSystemDirectoryA, lstrcmpA, GetEnvironmentVariableA, ExpandEnvironmentStringsA, GlobalFree, GlobalAlloc, WaitForSingleObject, GetExitCodeProcess, SetErrorMode, GetModuleHandleA, LoadLibraryA, GetProcAddress, FreeLibrary, MultiByteToWideChar, WritePrivateProfileStringA, GetPrivateProfileStringA, WriteFile, ReadFile, MulDiv, SetFilePointer, FindClose, FindNextFileA, FindFirstFileA, DeleteFileA, CopyFileA
> USER32.dll: ScreenToClient, GetWindowRect, SetClassLongA, IsWindowEnabled, SetWindowPos, GetSysColor, GetWindowLongA, SetCursor, LoadCursorA, CheckDlgButton, GetMessagePos, LoadBitmapA, CallWindowProcA, IsWindowVisible, CloseClipboard, SetClipboardData, EmptyClipboard, OpenClipboard, EndDialog, AppendMenuA, CreatePopupMenu, GetSystemMetrics, SetDlgItemTextA, GetDlgItemTextA, MessageBoxA, CharPrevA, DispatchMessageA, PeekMessageA, CreateDialogParamA, DestroyWindow, SetTimer, SetWindowTextA, PostQuitMessage, SetForegroundWindow, wsprintfA, SendMessageTimeoutA, FindWindowExA, RegisterClassA, SystemParametersInfoA, CreateWindowExA, GetClassInfoA, DialogBoxParamA, CharNextA, TrackPopupMenu, ExitWindowsEx, IsWindow, GetDlgItem, SetWindowLongA, LoadImageA, GetDC, EnableWindow, InvalidateRect, SendMessageA, DefWindowProcA, BeginPaint, GetClientRect, FillRect, DrawTextA, EndPaint, ShowWindow
> GDI32.dll: SetBkColor, GetDeviceCaps, DeleteObject, CreateBrushIndirect, CreateFontIndirectA, SetBkMode, SetTextColor, SelectObject
> SHELL32.dll: SHGetMalloc, SHGetPathFromIDListA, SHBrowseForFolderA, SHGetFileInfoA, ShellExecuteA, SHFileOperationA, SHGetSpecialFolderLocation
> ADVAPI32.dll: RegQueryValueExA, RegSetValueExA, RegEnumKeyA, RegEnumValueA, RegOpenKeyExA, RegDeleteKeyA, RegDeleteValueA, RegCloseKey, RegCreateKeyExA
> COMCTL32.dll: ImageList_AddMasked, ImageList_Destroy, -, ImageList_Create
> ole32.dll: OleInitialize, OleUninitialize, CoCreateInstance
> VERSION.dll: GetFileVersionInfoSizeA, GetFileVersionInfoA, VerQueryValueA

( 0 exports )
Prevx info: h**p://info.prevx.com/aboutprogramtext.asp?PX5=2E03D43B32D9E2017A8C86CA3437E00068DB14A7
         

Alt 18.05.2008, 16:23   #11
Butzl
 
Trojan Horse Generic 10.VPD, was tun? - Standard

Trojan Horse Generic 10.VPD, was tun?



Zu Deinen Fragen:

Habe in letzter Zeit nichts heruntergeladen, muss aber auch sagen, dass ich schon lange keinen vollständigen Virenscan durchgeführt habe, so dass es sein kann, dass der Troraner schon länger da ist.

DIe Datei ist wohl zum Ausführen von lyx (Textverarbeitungsprogramm), aber keine Ahnung, wo ich das mal runtergeladen habe.

Habe diese Datei auch sicherlich seit sehr langem nicht mehr ausgeführt, aber wohl irgendwann schon mal.

Hilft das denn alles? Wie gehe ich weiter vor?

Gruss,

Sandra

Alt 18.05.2008, 16:40   #12
myrtille
/// TB-Ausbilder
 
Trojan Horse Generic 10.VPD, was tun? - Standard

Trojan Horse Generic 10.VPD, was tun?



Hi,

ich seh da nichts bedenkliches. Die 3 veränderten Dateien gehören zu Windows. Veränderungen an diesen Dateien können zum Beispiel bei einem Microsoftupdate geschehen.

Die Dateien sind jedoch mit der Größe und dem MD5 (=eindeutige Zeichenfolge zur Erkennung von Dateien) als Microsoftdateien bekannt.

Interessant ist folgendes:
Zitat:
Auswertung lyx-1.4.1_win32_setup_v1.exe:

Antivirus Version letzte aktualisierung Ergebnis
AhnLab-V3 2008.5.10.0 2008.05.13 -
AntiVir 7.8.0.17 2008.05.13 -
Authentium 5.1.0.4 2008.05.14 -
Avast 4.8.1169.0 2008.05.12 -
AVG 7.5.0.516 2008.05.13 -
BitDefender 7.2 2008.05.08 -
CAT-QuickHeal 9.50 2008.05.12 -
ClamAV 0.92.1 2008.05.13 -
Hier findet AVG nichts in der bei dir bemängelten Datei. Ich denke, auch weil sonst kein Programm etwas in der Datei findet, das es sich um einen Fehlalrm von AVG handelt und du nicht infiziert bist.
Von wann sind denn deine Signaturen?
Wird die Datei immernoch bemängelt, nachdem du deine Signaturen aktualisiert hast?

lg myrtille
__________________
Anfragen per Email, Profil- oder privater Nachricht werden ignoriert!
Hilfe gibts NUR im Forum!


Wer nach 24 Stunden keine weitere Antwort von mir bekommen hat, schickt bitte eine PM

Spelling mistakes? Never, but keybaord malfunctions constantly!

Alt 18.05.2008, 18:48   #13
Butzl
 
Trojan Horse Generic 10.VPD, was tun? - Standard

Trojan Horse Generic 10.VPD, was tun?



Hallo,

ja, nachdem ich ein Update gemacht habe, wurde an der Datei nichts mehr gefunden. Na ja...Fehlalarm...besser so .

Vielen Dank Dir für Deine Hilfe!

Viele Grüße,

Sandra

Alt 18.05.2008, 19:06   #14
myrtille
/// TB-Ausbilder
 
Trojan Horse Generic 10.VPD, was tun? - Standard

Trojan Horse Generic 10.VPD, was tun?



Hi

Definitiv besser so als andersrum.

Du könntest noch 2 Sachen tun:

Zum einen unter Start->Systemsteuerung->Software deine bisherigen Javainstallationen deinstallieren und die aktuelle Version von sun installieren.
Außerdem könntest du noch auf den InternetExplorer 7 aktualieren. Selbst wenn du den IE nicht nutzt ist es empfehlenswert den IE regelmäßig zu aktualisieren, da er aline Systemkomponente ist.

lg myrtille
__________________
Anfragen per Email, Profil- oder privater Nachricht werden ignoriert!
Hilfe gibts NUR im Forum!


Wer nach 24 Stunden keine weitere Antwort von mir bekommen hat, schickt bitte eine PM

Spelling mistakes? Never, but keybaord malfunctions constantly!

Alt 18.05.2008, 19:46   #15
Butzl
 
Trojan Horse Generic 10.VPD, was tun? - Standard

Trojan Horse Generic 10.VPD, was tun?



Ok, danke für die Tipps!

Schönen Abend noch,

Sandra

Antwort

Themen zu Trojan Horse Generic 10.VPD, was tun?
.dll, adobe, alert, bho, einstellungen, excel, explorer, firefox, generic, hijack, hijackthis, hkus\s-1-5-18, internet, internet explorer, launch, log, monitor, mozilla, mozilla firefox, programme, scan, shell32.dll, software, system, trojan, trojaner, urlsearchhook, was tun, windows, windows xp



Ähnliche Themen: Trojan Horse Generic 10.VPD, was tun?


  1. Trojan.GenericKD.2269178 (B) + Trojan.Generic.13051484 (B) + Trojan.Generic.12905642 (B)
    Log-Analyse und Auswertung - 10.04.2015 (12)
  2. Trojan Horse und Trojan.Zlob entfernen
    Plagegeister aller Art und deren Bekämpfung - 16.06.2010 (5)
  3. Trojan Horse generic 16.amtr
    Plagegeister aller Art und deren Bekämpfung - 30.01.2010 (27)
  4. Trojan horse Generic 14. DYJ
    Plagegeister aller Art und deren Bekämpfung - 04.08.2009 (3)
  5. Trojan Horse
    Mülltonne - 29.01.2008 (0)
  6. Trojan.Vundo und Trojan Horse
    Log-Analyse und Auswertung - 27.10.2007 (9)
  7. Trojan Horse gefunden: ldpinch trojan
    Mülltonne - 23.10.2007 (0)
  8. Trojan Horse Entfernen
    Plagegeister aller Art und deren Bekämpfung - 09.07.2007 (1)
  9. trojan horse
    Plagegeister aller Art und deren Bekämpfung - 09.07.2007 (23)
  10. trojan horse
    Plagegeister aller Art und deren Bekämpfung - 08.07.2007 (4)
  11. Norton blockiert Trojan.Vundo bzw. Trojan Horse
    Plagegeister aller Art und deren Bekämpfung - 01.07.2007 (2)
  12. Trojan Horse Collected.11.B & Generic 4
    Mülltonne - 17.06.2007 (0)
  13. HILFE Trojan Horse Generic. YIF nicht löschbar
    Plagegeister aller Art und deren Bekämpfung - 24.07.2006 (2)
  14. Trojan Horse PSW.Generic
    Plagegeister aller Art und deren Bekämpfung - 07.12.2005 (1)
  15. HILFE!!! Trojan horse Generic.GM
    Plagegeister aller Art und deren Bekämpfung - 29.09.2005 (1)
  16. st.exe Trojan Horse
    Log-Analyse und Auswertung - 24.03.2005 (1)
  17. Trojan Horse in bhrw.dll HELP !!
    Log-Analyse und Auswertung - 24.01.2005 (2)

Zum Thema Trojan Horse Generic 10.VPD, was tun? - Hallo zusammen, mein Virenscan hat auf meinem Rechner den Trojaner "Trojan Horse Generic 10.VPD" gefunden, außerdem wurden die Dateien kernel32.dll, shell32.dll und ntoskrnl.dll verändert. Was muss ich tun oder muss - Trojan Horse Generic 10.VPD, was tun?...
Archiv
Du betrachtest: Trojan Horse Generic 10.VPD, was tun? auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.