| |
| |||||||
Log-Analyse und Auswertung: Trojaner entfernen (TR/Downloader.Gen, TR/Agent.job)Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
28.12.2008, 20:56
| #6 |
 |  Trojaner entfernen (TR/Downloader.Gen, TR/Agent.job) Hi Andreas, Zu 1. C:\WINDOWS\System\cisvc.exe Code:
ATTFilter Antivirus Version letzte aktualisierung Ergebnis
AhnLab-V3 2008.12.22.0 2008.12.23 -
AntiVir 7.9.0.45 2008.12.23 -
Authentium 5.1.0.4 2008.12.23 -
Avast 4.8.1281.0 2008.12.23 -
AVG 8.0.0.199 2008.12.23 -
BitDefender 7.2 2008.12.23 -
CAT-QuickHeal 10.00 2008.12.23 -
ClamAV 0.94.1 2008.12.23 -
Comodo 804 2008.12.23 -
DrWeb 4.44.0.09170 2008.12.23 -
eSafe 7.0.17.0 2008.12.23 -
eTrust-Vet 31.6.6275 2008.12.23 -
Ewido 4.0 2008.12.23 -
F-Prot 4.4.4.56 2008.12.23 -
F-Secure 8.0.14332.0 2008.12.23 -
Fortinet 3.117.0.0 2008.12.23 -
GData 19 2008.12.23 -
Ikarus T3.1.1.45.0 2008.12.23 -
K7AntiVirus 7.10.563 2008.12.23 -
Kaspersky 7.0.0.125 2008.12.23 Heur.Trojan.Generic
McAfee 5473 2008.12.23 -
McAfee+Artemis 5473 2008.12.23 -
Microsoft 1.4205 2008.12.23 TrojanDownloader:Win32/Horst.Q
NOD32 3714 2008.12.23 -
Norman 5.80.02 2008.12.23 -
Panda 9.0.0.4 2008.12.23 Suspicious file
PCTools 4.4.2.0 2008.12.23 -
Prevx1 V2 2008.12.23 Cloaked Malware
Rising 21.09.14.00 2008.12.23 -
SecureWeb-Gateway 6.7.6 2008.12.23 -
Sophos 4.37.0 2008.12.23 -
Sunbelt 3.2.1809.2 2008.12.22 -
Symantec 10 2008.12.23 -
TheHacker 6.3.1.4.195 2008.12.20 -
TrendMicro 8.700.0.1004 2008.12.23 -
VBA32 3.12.8.10 2008.12.23 -
ViRobot 2008.12.23.1532 2008.12.23 -
VirusBuster 4.5.11.0 2008.12.23 -
weitere Informationen
File size: 81920 bytes
MD5...: 53e6c9b82b2ce3c04c4b9732af701a2a
SHA1..: b655fe581b88f640f3aef30e657e74cae5a2d502
SHA256: 6df097f35fb66572254872eebf6327be88e2ea14c0ff2ae7a5e489d0faaeacef
SHA512: bf8cd1c40930c5d052dc0f9e61800c9e7867dcb5a090e4e73bdef1a813e349af
450cc18febfcbf9a9847a9c1718c69f6c8d0edeb7347307a18feedcde62cfd0e
ssdeep: 1536:ttozUQyllwFeSOrR3/ZuoY6r4Rq4GaTZB7zAQnsiut:tP4eZt3xue4UiRns
iut
PEiD..: -
TrID..: File type identification
Win32 Executable MS Visual C++ (generic) (65.2%)
Win32 Executable Generic (14.7%)
Win32 Dynamic Link Library (generic) (13.1%)
Generic Win/DOS Executable (3.4%)
DOS Executable Generic (3.4%)
PEInfo: PE Structure information
( base data )
entrypointaddress.: 0x40b396
timedatestamp.....: 0x48ef6faf (Fri Oct 10 15:07:27 2008)
machinetype.......: 0x14c (I386)
( 3 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0xfc2f 0x10000 6.29 0c7eddf1865c26650b9961c09234aa7d
.rdata 0x11000 0x1fe2 0x2000 5.47 1b702d640121ab154436ef7e891bb890
.data 0x13000 0x3798 0x1000 1.47 f15f3cc87eddbbde4f54d828668c3d60
( 6 imports )
> USER32.dll: LoadImageA
> ADVAPI32.dll: RegCloseKey, RegEnumValueA, RegGetKeySecurity, RegOpenKeyExA, RegCreateKeyExA, RegSetValueExA, RegQueryValueExA, LookupAccountSidA, GetTokenInformation, OpenProcessToken
> WS2_32.dll: -, -
> WININET.dll: InternetReadFile, HttpQueryInfoA, InternetCloseHandle, InternetOpenUrlA, InternetOpenA
> NETAPI32.dll: NetUserGetInfo, NetApiBufferFree
> KERNEL32.dll: SetEnvironmentVariableA, GetSystemInfo, VirtualProtect, GetLocaleInfoA, FlushFileBuffers, GetStringTypeW, GetStringTypeA, LCMapStringW, LCMapStringA, SetStdHandle, GetCPInfo, GetOEMCP, GetACP, GetFileTime, GetSystemDirectoryA, GetFileType, OpenProcess, GetStartupInfoA, CreateDirectoryA, GetProcessPriorityBoost, GetVolumeInformationA, OpenMutexA, CreateMutexA, CloseHandle, GetLogicalDriveStringsA, GetDriveTypeA, Sleep, GetLastError, GetLocalTime, GetShortPathNameA, GetEnvironmentVariableA, ExitProcess, SetFileAttributesA, CreateFileA, CreateProcessA, GlobalFree, CreateThread, GlobalAlloc, MultiByteToWideChar, GetModuleFileNameA, GetCurrentProcess, CopyFileA, WriteFile, RtlUnwind, GetSystemTimeAsFileTime, GetProcAddress, GetModuleHandleA, TerminateProcess, GetCommandLineA, GetVersionExA, QueryPerformanceCounter, GetTickCount, GetCurrentThreadId, GetCurrentProcessId, HeapReAlloc, HeapAlloc, HeapSize, GetStdHandle, UnhandledExceptionFilter, FreeEnvironmentStringsA, GetEnvironmentStrings, FreeEnvironmentStringsW, WideCharToMultiByte, GetEnvironmentStringsW, SetHandleCount, HeapDestroy, HeapCreate, VirtualFree, HeapFree, LoadLibraryA, InterlockedExchange, VirtualQuery, SetFilePointer, SetUnhandledExceptionFilter, IsBadReadPtr, IsBadWritePtr, IsBadCodePtr, VirtualAlloc
Code:
ATTFilter Antivirus Version letzte aktualisierung Ergebnis
AhnLab-V3 2008.12.17.3 2008.12.17 -
AntiVir 7.9.0.45 2008.12.17 -
Authentium 5.1.0.4 2008.12.17 -
Avast 4.8.1281.0 2008.12.17 -
AVG 8.0.0.199 2008.12.17 -
BitDefender 7.2 2008.12.17 -
CAT-QuickHeal 10.00 2008.12.17 -
ClamAV 0.94.1 2008.12.17 -
Comodo 771 2008.12.17 -
DrWeb 4.44.0.09170 2008.12.17 -
eSafe 7.0.17.0 2008.12.17 -
eTrust-Vet 31.6.6265 2008.12.17 -
Ewido 4.0 2008.12.17 -
F-Prot 4.4.4.56 2008.12.17 -
F-Secure 8.0.14332.0 2008.12.17 -
Fortinet 3.117.0.0 2008.12.17 -
GData 19 2008.12.17 -
Ikarus T3.1.1.45.0 2008.12.17 -
K7AntiVirus 7.10.556 2008.12.17 -
Kaspersky 7.0.0.125 2008.12.17 -
McAfee 5467 2008.12.17 -
McAfee+Artemis 5467 2008.12.17 -
Microsoft 1.4205 2008.12.17 -
NOD32 3699 2008.12.17 -
Norman 5.80.02 2008.12.17 -
Panda 9.0.0.4 2008.12.17 -
PCTools 4.4.2.0 2008.12.17 -
Prevx1 V2 2008.12.17 -
Rising 21.08.22.00 2008.12.17 -
SecureWeb-Gateway 6.7.6 2008.12.17 -
Sophos 4.37.0 2008.12.17 -
Sunbelt 3.2.1801.2 2008.12.11 -
Symantec 10 2008.12.17 -
TheHacker 6.3.1.4.190 2008.12.17 -
TrendMicro 8.700.0.1004 2008.12.17 -
VBA32 3.12.8.10 2008.12.17 -
ViRobot 2008.12.17.1523 2008.12.17 -
VirusBuster 4.5.11.0 2008.12.17 -
weitere Informationen
File size: 140800 bytes
MD5...: b198cb3b0689b10fdc4c8ccf8c3c3289
SHA1..: bc4b968b213bc87ce3ae38f73ebc828975f9df8a
SHA256: c3825263a7d5a7a1114233cee7b6c129689e81cba8fffdce964d061418165308
SHA512: 9977dc85c7f2ff3748e24b193e47ae04e8c698ff339931206012b43a32433bf5
b8e319a00e44440520c98fff86bf2be2787504b95b72076f881349fa40bbe942
ssdeep: 3072:Ubkh3VK2abS5VHwO8KdKiZuNuEJ+4PmtvCWv8v9PfmJvp5T39RKifwe8Q+T
aZ2IF:USVQO8uZUE4y/
PEiD..: -
TrID..: File type identification
Win32 Executable MS Visual C++ (generic) (65.2%)
Win32 Executable Generic (14.7%)
Win32 Dynamic Link Library (generic) (13.1%)
Generic Win/DOS Executable (3.4%)
DOS Executable Generic (3.4%)
PEInfo: PE Structure information
( base data )
entrypointaddress.: 0x1005944
timedatestamp.....: 0x48025274 (Sun Apr 13 18:35:32 2008)
machinetype.......: 0x14c (I386)
( 3 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x13f1a 0x14000 6.44 6023fb54332a750c6bd1e4e4b44ab0c5
.data 0x15000 0x170c 0x600 2.79 44a98784179a334c27cbc27b57643de2
.rsrc 0x17000 0xdbb8 0xdc00 3.81 05820a56bdfb477b87c3b8db51b46f77
( 11 imports )
> ADVAPI32.dll: RegCloseKey, RegQueryValueExW, RegOpenKeyExW, RegSetValueExW, RegCreateKeyExW, IsValidSid, AdjustTokenPrivileges, OpenThreadToken, OpenProcessToken, RegOpenKeyExA, RegQueryValueExA, LookupPrivilegeValueW
> KERNEL32.dll: GetProcessAffinityMask, OpenProcess, MultiByteToWideChar, GetThreadTimes, TerminateProcess, GetPriorityClass, lstrcmpW, SetEvent, CreateEventW, GetComputerNameW, Sleep, FreeLibrary, SetProcessAffinityMask, LoadLibraryA, QueryPerformanceCounter, GetSystemTimeAsFileTime, GetCurrentDirectoryW, SetUnhandledExceptionFilter, lstrcmpiW, GetTickCount, HeapSize, GetProcAddress, GetNumberFormatW, HeapReAlloc, lstrlenW, GetCurrentProcess, SetPriorityClass, GetCommandLineW, GetStartupInfoW, GetModuleHandleW, ExitProcess, CreateMutexW, GetCurrentProcessId, ProcessIdToSessionId, ReleaseMutex, SetProcessShutdownParameters, WaitForSingleObject, ExpandEnvironmentStringsW, CreateProcessW, GetCurrentThreadId, FormatMessageW, lstrcatW, GetVersionExW, GetLocaleInfoW, LocalAlloc, LocalFree, HeapFree, HeapAlloc, GetProcessHeap, CreateThread, CloseHandle, lstrcpynW, lstrcpyW, GetLastError, LoadLibraryW, InterlockedCompareExchange, GetVersionExA, IsBadWritePtr, SetLastError, GetCurrentThread, DelayLoadFailureHook, UnhandledExceptionFilter
> GDI32.dll: CreateFontIndirectW, GetCharWidth32W, CreateCompatibleBitmap, Rectangle, SetBkMode, SetTextColor, CreateCompatibleDC, DeleteDC, GetCurrentObject, GetObjectW, BitBlt, SelectObject, MoveToEx, LineTo, CreatePen, GetStockObject, CreateRectRgn, DeleteObject, CreateSolidBrush, CombineRgn, SetRectRgn, GetDeviceCaps, FillRgn
> USER32.dll: DestroyIcon, LoadImageW, BeginDeferWindowPos, GetMenuItemCount, EnableMenuItem, GetSystemMetrics, SetMenuItemInfoW, LoadMenuW, DestroyMenu, ExitWindowsEx, LockWorkStation, GetAsyncKeyState, SetForegroundWindow, OpenIcon, LoadAcceleratorsW, MessageBoxW, CheckDlgButton, EndDialog, GetWindowTextW, IsDlgButtonChecked, GetSubMenu, InvalidateRect, GetSysColor, MonitorFromRect, SetTimer, LoadIconW, GetThreadDesktop, GetDialogBaseUnits, KillTimer, GetDesktopWindow, DestroyWindow, MessageBeep, MoveWindow, PostQuitMessage, IsZoomed, DispatchMessageW, TranslateMessage, IsDialogMessageW, TranslateAcceleratorW, GetMessageW, CreateDialogParamW, SendMessageTimeoutW, AllowSetForegroundWindow, GetWindowThreadProcessId, FindWindowW, RegisterWindowMessageW, FillRect, DrawTextW, UpdateWindow, GetDlgCtrlID, SetFocus, CreateWindowExW, DialogBoxParamW, GetShellWindow, SetScrollPos, GetScrollInfo, IsWindow, EnableWindow, GetFocus, CharLowerBuffW, TrackPopupMenuEx, GetGuiResources, EnumWindowStationsW, GetClassLongW, IsHungAppWindow, InternalGetWindowText, IsWindowVisible, GetWindow, SetMenuDefaultItem, EnumWindows, CloseDesktop, SetThreadDesktop, OpenDesktopW, EnumDesktopsW, CloseWindowStation, SetProcessWindowStation, GetProcessWindowStation, OpenWindowStationW, CascadeWindows, TileWindows, SwitchToThisWindow, GetLastActivePopup, EndTask, PostMessageW, ShowWindowAsync, GetCursorPos, SetDlgItemTextW, GetParent, GetWindowTextLengthW, SetRect, SetCursor, LoadCursorW, GetWindowRect, DeferWindowPos, EndDeferWindowPos, GetMenuItemInfoW, IsIconic, BeginPaint, EndPaint, DrawEdge, GetForegroundWindow, GetKeyState, PostThreadMessageW, wsprintfW, GetClientRect, SetScrollInfo, ShowWindow, SetWindowPos, SetMenu, GetDlgItem, MapWindowPoints, SendMessageW, GetMenu, CheckMenuRadioItem, CheckMenuItem, DeleteMenu, LoadStringW, SetWindowTextW, GetClassInfoW, RegisterClassW, GetDC, ReleaseDC, SystemParametersInfoW, GetWindowLongW, SetWindowLongW, CallWindowProcW, DefWindowProcW, RemoveMenu, GetWindowLongA
> ntdll.dll: _chkstk, _snwprintf, RtlUnwind, _wcsicmp, NtQueryVirtualMemory, NtOpenThread, NtClose, strrchr, RtlLargeIntegerToChar, RtlAnsiStringToUnicodeString, _ui64tow, mbstowcs, memmove, NtQuerySystemInformation, wcstol, NtShutdownSystem, NtInitiatePowerAction, NtPowerInformation, RtlTimeToElapsedTimeFields
> iphlpapi.dll: GetInterfaceInfo, GetNumberOfInterfaces, NhGetInterfaceNameFromDeviceGuid, GetIfEntry
> COMCTL32.dll: -, ImageList_Remove, ImageList_ReplaceIcon, ImageList_SetIconSize, ImageList_Create, CreateStatusWindowW
> SHLWAPI.dll: StrStrIW, -, StrFormatByteSizeW, -, wnsprintfW
> SHELL32.dll: Shell_NotifyIconW, -, ShellAboutW, -, -, -, -
> Secur32.dll: GetUserNameExW
> VDMDBG.dll: VDMEnumTaskWOWEx, VDMTerminateTaskWOW
Eempty.com Code:
ATTFilter Antivirus Version letzte aktualisierung Ergebnis
AhnLab-V3 2008.12.17.3 2008.12.17 -
AntiVir 7.9.0.45 2008.12.17 -
Authentium 5.1.0.4 2008.12.17 -
Avast 4.8.1281.0 2008.12.16 -
AVG 8.0.0.199 2008.12.16 -
BitDefender 7.2 2008.12.17 -
CAT-QuickHeal 10.00 2008.12.17 -
ClamAV 0.94.1 2008.12.17 -
Comodo 764 2008.12.16 -
DrWeb 4.44.0.09170 2008.12.17 -
eSafe 7.0.17.0 2008.12.16 -
eTrust-Vet 31.6.6265 2008.12.17 -
Ewido 4.0 2008.12.16 -
F-Prot 4.4.4.56 2008.12.16 -
Fortinet 3.117.0.0 2008.12.17 -
GData 19 2008.12.17 -
Ikarus T3.1.1.45.0 2008.12.17 -
K7AntiVirus 7.10.555 2008.12.16 -
Kaspersky 7.0.0.125 2008.12.17 -
McAfee 5466 2008.12.16 -
McAfee+Artemis 5466 2008.12.16 -
Microsoft 1.4205 2008.12.17 -
NOD32 3697 2008.12.17 -
Norman 5.80.02 2008.12.16 -
Panda 9.0.0.4 2008.12.17 -
PCTools 4.4.2.0 2008.12.16 -
Rising 21.08.22.00 2008.12.17 -
SecureWeb-Gateway 6.7.6 2008.12.17 -
Sophos 4.36.0 2008.12.17 -
Sunbelt 3.2.1801.2 2008.12.11 -
Symantec 10 2008.12.17 -
TheHacker 6.3.1.4.189 2008.12.16 -
TrendMicro 8.700.0.1004 2008.12.17 -
VBA32 3.12.8.10 2008.12.16 -
ViRobot 2008.12.17.1523 2008.12.17 -
VirusBuster 4.5.11.0 2008.12.16 -
weitere Informationen
File size: 28672 bytes
MD5...: 531c58770c9c4c5c8715dc141abd4ddd
SHA1..: 592520b5c123fb1a558d3aed687c12be1a19d973
SHA256: 8c61e30b251d4756a3081ef1b70f96c90ebe5713a9966dc20721af9c4165d1e9
SHA512: aa14c3c3a62e6f9df79b2e8dc4711fede8352dab092156ae8ffbde33803b413d
90ae3d05dd2164cf111d98f1f7d4c5dc6e1e3e63956cbdd8dc39143afd069aa0
ssdeep: 384:Wg0MvVx9fzmlXUBWEYHyyBYrh6oZqWtR:LfXKTHyY+h6on
PEiD..: Armadillo v1.71
TrID..: File type identification
Win32 Executable MS Visual C++ (generic) (65.2%)
Win32 Executable Generic (14.7%)
Win32 Dynamic Link Library (generic) (13.1%)
Generic Win/DOS Executable (3.4%)
DOS Executable Generic (3.4%)
PEInfo: PE Structure information
( base data )
entrypointaddress.: 0x401010
timedatestamp.....: 0x48ef47c1 (Fri Oct 10 12:17:05 2008)
machinetype.......: 0x14c (I386)
( 4 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x288e 0x3000 5.91 198f4e38f8e14d9c5d88044d22617c84
.rdata 0x4000 0x736 0x1000 3.01 30beb8b339ff491f47a323f852d5e3c0
.data 0x5000 0x9bc 0x1000 0.87 5dd0366f742b8f20fd3b8ef03763cab4
.rsrc 0x6000 0x6a8 0x1000 2.23 1b4e4145b58e683ef4eac921fcc561f4
( 1 imports )
> KERNEL32.dll: GetModuleHandleA, GetStartupInfoA, GetCommandLineA, GetVersion, ExitProcess, TerminateProcess, GetCurrentProcess, UnhandledExceptionFilter, GetModuleFileNameA, FreeEnvironmentStringsA, FreeEnvironmentStringsW, WideCharToMultiByte, GetEnvironmentStrings, GetEnvironmentStringsW, SetHandleCount, GetStdHandle, GetFileType, HeapDestroy, HeapCreate, VirtualFree, HeapFree, RtlUnwind, WriteFile, GetCPInfo, GetACP, GetOEMCP, HeapAlloc, VirtualAlloc, HeapReAlloc, GetProcAddress, LoadLibraryA, MultiByteToWideChar, LCMapStringA, LCMapStringW, GetStringTypeA, GetStringTypeW
( 0 exports )
CWSandbox info: http://research.sunbelt-software.com/partnerresource/MD5.aspx?md5=531c58770c9c4c5c8715dc141abd4ddd
r.com Code:
ATTFilter Antivirus Version letzte aktualisierung Ergebnis
AhnLab-V3 2008.11.14.3 2008.11.16 -
AntiVir 7.9.0.31 2008.11.14 -
Authentium 5.1.0.4 2008.11.15 -
Avast 4.8.1281.0 2008.11.16 -
AVG 8.0.0.199 2008.11.16 -
BitDefender 7.2 2008.11.16 -
CAT-QuickHeal 10.00 2008.11.15 -
ClamAV 0.94.1 2008.11.15 -
DrWeb 4.44.0.09170 2008.11.16 -
eSafe 7.0.17.0 2008.11.16 -
eTrust-Vet 31.6.6210 2008.11.14 -
Ewido 4.0 2008.11.16 -
F-Prot 4.4.4.56 2008.11.15 -
F-Secure 8.0.14332.0 2008.11.16 -
Fortinet 3.117.0.0 2008.11.15 -
GData 19 2008.11.16 -
Ikarus T3.1.1.45.0 2008.11.16 -
K7AntiVirus 7.10.526 2008.11.15 -
Kaspersky 7.0.0.125 2008.11.16 -
McAfee 5435 2008.11.15 -
Microsoft 1.4104 2008.11.16 -
NOD32 3615 2008.11.15 -
Norman 5.80.02 2008.11.14 -
Panda 9.0.0.4 2008.11.16 -
PCTools 4.4.2.0 2008.11.16 -
Prevx1 V2 2008.11.16 -
Rising 21.03.42.00 2008.11.14 -
SecureWeb-Gateway 6.7.6 2008.11.16 -
Sophos 4.35.0 2008.11.16 -
Sunbelt 3.1.1801.2 2008.11.14 Trojan-Proxy.Win32.Horst.J (vf)
Symantec 10 2008.11.16 -
TheHacker 6.3.1.1.155 2008.11.15 -
TrendMicro 8.700.0.1004 2008.11.14 -
VBA32 3.12.8.9 2008.11.15 -
ViRobot 2008.11.15.1470 2008.11.15 -
VirusBuster 4.5.11.0 2008.11.16 -
weitere Informationen
File size: 153600 bytes
MD5...: ad9226bf3ced13636083bb9c76e9d2a2
SHA1..: 5192bd0e6cbbb4074172463804f8ffb0fab916e4
SHA256: 832faa57842c1bc8343ce0934f66d85fa2852ffcb16011902a67ecf9d0cd8241
SHA512: 63d140f04ade495036de8168621832bb8c4ea7b17cf46df4fcbb756bcfc51290
7cdfcb9b872032a14e960ef6be98d6b8a73cb54a44ab5fcedb6f6a637dc8418e
PEiD..: -
TrID..: File type identification
Win32 Executable MS Visual C++ (generic) (53.1%)
Windows Screen Saver (18.4%)
Win32 Executable Generic (12.0%)
Win32 Dynamic Link Library (generic) (10.6%)
Generic Win/DOS Executable (2.8%)
PEInfo: PE Structure information
( base data )
entrypointaddress.: 0x101691e
timedatestamp.....: 0x48025214 (Sun Apr 13 18:33:56 2008)
machinetype.......: 0x14c (I386)
( 3 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x17902 0x17a00 6.37 c955a3871382133757b77b2ef8713803
.data 0x19000 0x40da0 0x400 1.20 def7edb164ce2210badeb06959cdaa48
.rsrc 0x5a000 0xd510 0xd600 3.70 e285afbe730d03d7363a5527697d112a
( 14 imports )
> msvcrt.dll: __p__commode, _adjust_fdiv, __p__fmode, _initterm, __getmainargs, _acmdln, __set_app_type, _except_handler3, __setusermatherr, _controlfp, exit, _XcptFilter, _exit, _c_exit, swprintf, iswprint, wcsncpy, wcslen, wcscat, wcscpy, _purecall, iswctype, wcscmp, wcschr, wcsncmp, wcsrchr, _cexit, memmove
> ADVAPI32.dll: RegQueryValueExA, RegOpenKeyExA, InitializeSecurityDescriptor, RegDeleteValueW, InitializeAcl, SetSecurityDescriptorDacl, SetSecurityDescriptorSacl, SetSecurityDescriptorOwner, SetSecurityDescriptorGroup, GetInheritanceSourceW, LookupAccountSidW, GetSidSubAuthorityCount, GetSidSubAuthority, GetSecurityDescriptorControl, GetSecurityDescriptorOwner, GetSecurityDescriptorGroup, GetSecurityDescriptorDacl, GetSecurityDescriptorSacl, SetSecurityInfo, SetNamedSecurityInfoW, GetNamedSecurityInfoW, MapGenericMask, RegSetValueExA, RegSetValueW, RegFlushKey, RegSaveKeyW, RegRestoreKeyW, RegConnectRegistryW, RegQueryValueExW, RegCloseKey, RegOpenKeyW, RegSetValueExW, RegCreateKeyW, RegEnumValueW, RegEnumKeyW, AdjustTokenPrivileges, LookupPrivilegeValueW, OpenProcessToken, RegUnLoadKeyW, RegLoadKeyW, RegOpenKeyExW, RegQueryInfoKeyW, RegDeleteKeyW
> KERNEL32.dll: ReadFile, DeleteFileW, WriteFile, WideCharToMultiByte, CreateFileW, OutputDebugStringW, GetLastError, SetFilePointer, GetFileSize, SearchPathW, GetTimeFormatW, GetDateFormatW, GetSystemDefaultLCID, FileTimeToSystemTime, FileTimeToLocalFileTime, FreeLibrary, LoadLibraryW, MulDiv, lstrcpynW, QueryPerformanceCounter, GetTickCount, GetCurrentThreadId, GetCurrentProcessId, GetSystemTimeAsFileTime, TerminateProcess, UnhandledExceptionFilter, SetUnhandledExceptionFilter, GetModuleHandleA, GetStartupInfoA, MultiByteToWideChar, lstrcmpW, FormatMessageW, GetThreadLocale, GetModuleHandleW, ExitProcess, GetCommandLineW, GetProcessHeap, lstrcatW, LocalAlloc, GetCurrentProcess, CloseHandle, LocalFree, GetComputerNameW, lstrcmpiW, lstrlenW, lstrcpyW, LocalReAlloc, GlobalAlloc, GlobalLock, GlobalUnlock, GetProcAddress, LoadLibraryA
> GDI32.dll: GetStockObject, SetAbortProc, StartDocW, StartPage, SetViewportOrgEx, EndPage, EndDoc, AbortDoc, DeleteDC, CreateBitmap, CreatePatternBrush, PatBlt, ExcludeClipRect, SelectClipRgn, DeleteObject, SetBkColor, SetTextColor, ExtTextOutW, GetDeviceCaps, CreateFontIndirectW, SelectObject, GetTextMetricsW
> USER32.dll: SendDlgItemMessageW, SetDlgItemTextW, SetWindowLongW, DefWindowProcW, ReleaseDC, GetDC, SetScrollInfo, wsprintfW, DestroyCaret, ReleaseCapture, KillTimer, SetCaretPos, ScrollWindowEx, ShowCaret, HideCaret, InvalidateRect, CloseClipboard, SetClipboardData, EmptyClipboard, OpenClipboard, GetClipboardData, WinHelpW, EndDialog, GetWindowLongW, EndPaint, BeginPaint, CreateCaret, SetTimer, SetCapture, SetFocus, CharLowerW, GetDlgItem, DestroyMenu, TrackPopupMenuEx, IsClipboardFormatAvailable, EnableMenuItem, GetSubMenu, LoadMenuW, GetKeyState, RegisterClassW, LoadCursorW, RegisterClipboardFormatW, CheckRadioButton, SendMessageW, GetWindowTextW, GetParent, GetDlgItemTextW, IsDlgButtonChecked, GetDlgCtrlID, CallWindowProcW, GetWindowTextLengthW, GetDlgItemInt, PostQuitMessage, GetWindowPlacement, SetWindowTextW, EnableWindow, GetWindowRect, DrawMenuBar, InsertMenuItemW, DeleteMenu, SetMenuItemInfoW, GetMenu, GetMenuItemInfoW, EndDeferWindowPos, DeferWindowPos, BeginDeferWindowPos, IsIconic, DestroyIcon, LoadImageW, GetSysColor, SetCursor, ShowCursor, ShowWindow, SetWindowPlacement, CreateWindowExW, GetProcessDefaultLayout, GetMessageW, ScreenToClient, SetCursorPos, DispatchMessageW, ClientToScreen, GetDesktopWindow, LoadIconW, PostMessageW, SetMenuDefaultItem, InsertMenuW, GetMenuItemID, CheckMenuItem, UpdateWindow, RegisterClassExW, CharNextW, GetClientRect, DestroyWindow, CreateDialogParamW, CheckDlgButton, DrawAnimatedRects, IntersectRect, ModifyMenuW, GetMessagePos, TranslateMessage, TranslateAcceleratorW, LoadAcceleratorsW, SetForegroundWindow, GetLastActivePopup, BringWindowToTop, FindWindowW, LoadStringW, GetWindow, IsDialogMessageW, PeekMessageW, MessageBoxW, CharUpperBuffW, CharUpperW, IsCharAlphaNumericW, GetSystemMetrics, MoveWindow, MapWindowPoints, DialogBoxParamW, SetWindowPos, MessageBeep
> COMCTL32.dll: -, -, -, -, InitCommonControlsEx, -, -, ImageList_SetBkColor, ImageList_Create, ImageList_Destroy, -, -, ImageList_ReplaceIcon, -, -, -, -, CreateStatusWindowW
> comdlg32.dll: GetOpenFileNameW, GetSaveFileNameW, PrintDlgExW
> SHELL32.dll: ShellAboutW, DragQueryFileW, DragFinish
> AUTHZ.dll: AuthzInitializeContextFromSid, AuthzAccessCheck, AuthzFreeContext, AuthzFreeResourceManager, AuthzInitializeResourceManager
> ACLUI.dll: -
> ole32.dll: CoCreateInstance, CoUninitialize, CoInitializeEx, ReleaseStgMedium
> ulib.dll: _Resize@DSTRING@@UAEEK@Z, _Initialize@ARRAY@@QAEEKK@Z, _NewBuf@DSTRING@@UAEEK@Z, __1DSTRING@@UAE@XZ, __1OBJECT@@UAE@XZ, __0OBJECT@@IAE@XZ, _Compare@OBJECT@@UBEJPBV1@@Z, __0DSTRING@@QAE@XZ, _Initialize@WSTRING@@QAEEPBV1@KK@Z, _Strcat@WSTRING@@QAEEPBV1@@Z, __0ARRAY@@QAE@XZ, _Initialize@WSTRING@@QAEEPBGK@Z
> clb.dll: ClbAddData, ClbSetColumnWidths
> ntdll.dll: RtlFreeHeap, RtlAllocateHeap
|
| Themen zu Trojaner entfernen (TR/Downloader.Gen, TR/Agent.job) |
| acroiehelper.dll, antivir, application, auswerten, avira, bho, bonjour, canon, dsl, entfernen, error, excel, firefox, hijack, hijackthis, hkus\s-1-5-18, internet, internet explorer, magix, mozilla, notepad.exe, nt.dll, plug-in, prozesse, registry, rundll, server, software, suchlauf, svchost.exe, systemcheck, trojaner, trojaner entferne, trojaner entfernen, verweise, virus, virus gefunden, virustotal.com, windows, windows xp, windows xp sp3, xp sp3 |
Baum-Darstellung