Hacker-Attacke + Trojaner

Mr.Vain · 17.01.2009, 13:22

Bitte mal folgendes bei VirusTotal - Free Online Virus and Malware Scan hochladen

Code:

ATTFilter

C:\Windows\PLFSetI.exe
C:\Program Files\Common Files\SPBA\homefus2.dll

Ergebnisse bitte posten.

temon · 17.01.2009, 13:32

Zitat:

Zitat von Mr.Vain

Bitte mal folgendes bei VirusTotal - Free Online Virus and Malware Scan hochladen

Code:

ATTFilter

C:\Windows\PLFSetI.exe
C:\Program Files\Common Files\SPBA\homefus2.dll

Ergebnisse bitte posten.

Das Erste:
Die Datei wurde bereits analysiert:
MD5: 2ac7f8b8bf0d5d327a3a2a00453222c4
First received: 2008.03.30 09:02:28 (CET)
Datum 2009.01.16 15:40:38 (CET) [<1D]
Ergebnisse 0/35
Permalink: analisis/f3e407f216007331af4c067fa6daf040

Hier die ANALYSE

Datei PLFSetI.exe empfangen 2009.01.17 13:29:40 (CET)
Antivirus Version letzte aktualisierung Ergebnis
a-squared 4.0.0.73 2009.01.17 -
AhnLab-V3 2009.1.15.0 2009.01.16 -
AntiVir 7.9.0.55 2009.01.16 -
Authentium 5.1.0.4 2009.01.16 -
Avast 4.8.1281.0 2009.01.16 -
AVG 8.0.0.229 2009.01.16 -
BitDefender 7.2 2009.01.17 -
CAT-QuickHeal 10.00 2009.01.17 -
ClamAV 0.94.1 2009.01.17 -
Comodo 934 2009.01.17 -
DrWeb 4.44.0.09170 2009.01.17 -
eSafe 7.0.17.0 2009.01.15 -
eTrust-Vet 31.6.6312 2009.01.17 -
F-Prot 4.4.4.56 2009.01.16 -
F-Secure 8.0.14470.0 2009.01.17 -
Fortinet 3.117.0.0 2009.01.15 -
GData 19 2009.01.17 -
Ikarus T3.1.1.45.0 2009.01.17 -
K7AntiVirus 7.10.594 2009.01.17 -
Kaspersky 7.0.0.125 2009.01.17 -
McAfee 5497 2009.01.16 -
McAfee+Artemis 5497 2009.01.16 -
Microsoft 1.4205 2009.01.17 -
NOD32 3773 2009.01.17 -
Norman 5.93.01 2009.01.16 -
nProtect 2009.1.8.0 2009.01.16 -
Panda 9.5.1.2 2009.01.17 -
PCTools 4.4.2.0 2009.01.17 -
Prevx1 V2 2009.01.17 -
Rising 21.12.52.00 2009.01.17 -
SecureWeb-Gateway 6.7.6 2009.01.16 -
Sophos 4.37.0 2009.01.17 -
Sunbelt 3.2.1835.2 2009.01.16 -
Symantec 10 2009.01.17 -
TheHacker 6.3.1.5.221 2009.01.17 -
TrendMicro 8.700.0.1004 2009.01.16 -
VBA32 3.12.8.10 2009.01.16 -
ViRobot 2009.1.17.1563 2009.01.17 -
VirusBuster 4.5.11.0 2009.01.16 -
weitere Informationen
File size: 200704 bytes
MD5...: 2ac7f8b8bf0d5d327a3a2a00453222c4
SHA1..: 801b48d7d5739038a7f293dbbf215431f77d8ee9
SHA256: f71b6cfa7f4ae2a13c8ddf296631ef26c72e7c0387d88b9701577dae133ec583
SHA512: d6c16fe3f6a556643f1db7963d1f544a91b7aecc9cbd2d63efffc8234e00d7f9 a87a31e887319c35a67412d3bce6b8854568e36ba5f9f9c58d26d31fc75292ba 
ssdeep: 3072:hBb0sexGRc3ZKmKxtAEjZoHLGIMAP0GV7UIJeIZ4yIy8o8bgCR8Z

Bc3ZK AEjkGIFAjyC 
PEiD..: Armadillo v1.71
TrID..: File type identification Win64 Executable Generic (54.6%) Win32 Executable MS Visual C++ (generic) (24.0%) Windows Screen Saver (8.3%) Win32 Executable Generic (5.4%) Win32 Dynamic Link Library (generic) (4.8%)
PEInfo: PE Structure information ( base data ) entrypointaddress.: 0x409fe0 timedatestamp.....: 0x471d62d0 (Tue Oct 23 02:56:16 2007) machinetype.......: 0x14c (I386) ( 4 sections ) name viradd virsiz rawdsiz ntrpy md5 .text 0x1000 0x2059f 0x21000 6.52 16d16d5b03dbdba19ce7a207a8c4b332 .rdata 0x22000 0x8720 0x9000 4.58 b67e7269fb7e03bb992b809f7b8b656e .data 0x2b000 0x6348 0x3000 3.24 7180e1b25d7c9c8c1461a09f8479ffd6 .rsrc 0x32000 0x2490 0x3000 3.86 8fd26e728f6382b0e527cb04d7230d00 ( 11 imports ) > KERNEL32.dll: GetStartupInfoA, GetCommandLineA, ExitProcess, TerminateProcess, HeapFree, HeapAlloc, RaiseException, HeapReAlloc, HeapSize, GetACP, GetTimeZoneInformation, LCMapStringA, LCMapStringW, UnhandledExceptionFilter, FreeEnvironmentStringsA, FreeEnvironmentStringsW, GetEnvironmentStrings, GetEnvironmentStringsW, SetHandleCount, RtlUnwind, GetFileType, HeapDestroy, HeapCreate, VirtualFree, VirtualAlloc, IsBadWritePtr, SetUnhandledExceptionFilter, GetStringTypeA, GetStringTypeW, IsBadReadPtr, IsBadCodePtr, SetStdHandle, CompareStringA, CompareStringW, SetEnvironmentVariableA, FormatMessageA, GetProfileStringA, GetTickCount, FileTimeToLocalFileTime, FileTimeToSystemTime, SetErrorMode, GetFileTime, GetFileSize, GetFileAttributesA, GetOEMCP, GetCPInfo, SizeofResource, GetProcessVersion, WritePrivateProfileStringA, GlobalFlags, TlsGetValue, LocalReAlloc, TlsSetValue, EnterCriticalSection, GlobalReAlloc, LeaveCriticalSection, TlsFree, GlobalHandle, DeleteCriticalSection, TlsAlloc, InitializeCriticalSection, LocalFree, LocalAlloc, GetThreadLocale, GetFullPathNameA, lstrcpynA, GetVolumeInformationA, FindFirstFileA, FindClose, SetEndOfFile, UnlockFile, LockFile, FlushFileBuffers, SetFilePointer, WriteFile, ReadFile, CreateFileA, GetCurrentProcess, DuplicateHandle, GetLastError, MulDiv, SetLastError, MultiByteToWideChar, lstrlenA, InterlockedIncrement, InterlockedDecrement, LoadLibraryA, FreeLibrary, GetVersion, lstrcatA, GlobalGetAtomNameA, GlobalAddAtomA, GlobalFindAtomA, lstrcpyA, GetModuleHandleA, GetProcAddress, GlobalUnlock, GlobalFree, LockResource, FindResourceA, LoadResource, CloseHandle, GetModuleFileNameA, GlobalLock, GlobalAlloc, GlobalDeleteAtom, lstrcmpA, lstrcmpiA, GetCurrentThread, GetCurrentThreadId, lstrcpyW, WideCharToMultiByte, GetWindowsDirectoryA, Sleep, GetStdHandle, GetSystemDefaultLCID > USER32.dll: SetRect, GetNextDlgGroupItem, MessageBeep, InvalidateRect, InflateRect, RegisterClipboardFormatA, PostThreadMessageA, GetSysColor, SetFocus, AdjustWindowRectEx, ScreenToClient, CopyRect, GetTopWindow, IsChild, GetCapture, WinHelpA, wsprintfA, GetClassInfoA, RegisterClassA, GetMenu, GetMenuItemCount, GetSubMenu, GetMenuItemID, GetWindowTextLengthA, GetWindowTextA, GetDlgCtrlID, DefWindowProcA, CreateWindowExA, GetClassLongA, SetPropA, UnhookWindowsHookEx, GetPropA, CallWindowProcA, RemovePropA, CopyAcceleratorTableA, GetMessagePos, GetClassNameA, SetForegroundWindow, SetWindowLongA, RegisterWindowMessageA, OffsetRect, IntersectRect, SystemParametersInfoA, GetWindowPlacement, GetWindowRect, MapDialogRect, SetWindowPos, GetWindow, SetWindowContextHelpId, EndDialog, SetActiveWindow, IsWindow, CreateDialogIndirectParamA, GetDlgItem, GetMenuCheckMarkDimensions, LoadBitmapA, GetMenuState, ModifyMenuA, SetMenuItemBitmaps, CheckMenuItem, EnableMenuItem, GetFocus, GetNextDlgTabItem, GetMessageA, TranslateMessage, DispatchMessageA, GetActiveWindow, GetKeyState, CallNextHookEx, ValidateRect, IsWindowVisible, PeekMessageA, GetCursorPos, LoadIconA, SendMessageA, AppendMenuA, UnregisterClassA, HideCaret, ShowCaret, ExcludeUpdateRgn, DrawFocusRect, SetWindowsHookExA, GetParent, GetLastActivePopup, IsWindowEnabled, GetWindowLongA, MessageBoxA, SetCursor, PostQuitMessage, PostMessageA, EnableWindow, IsIconic, GetSystemMetrics, CharNextA, GetSysColorBrush, GetMessageTime, GetClientRect, DrawIcon, DefDlgProcA, IsWindowUnicode, GetSystemMenu, GetDesktopWindow, LoadCursorA, CharUpperA, GrayStringA, DrawTextA, TabbedTextOutA, EndPaint, BeginPaint, GetWindowDC, ReleaseDC, GetDC, ClientToScreen, DestroyMenu, LoadStringA, ShowWindow, MoveWindow, SetWindowTextA, IsDialogMessageA, MapWindowPoints, UpdateWindow, DestroyWindow, PtInRect, GetForegroundWindow, SendDlgItemMessageA > GDI32.dll: SetMapMode, SetViewportOrgEx, OffsetViewportOrgEx, SetViewportExtEx, ScaleViewportExtEx, SetWindowExtEx, ScaleWindowExtEx, IntersectClipRect, DeleteObject, GetDeviceCaps, GetViewportExtEx, GetWindowExtEx, CreateSolidBrush, PtVisible, RectVisible, TextOutA, ExtTextOutA, Escape, GetTextColor, GetBkColor, DPtoLP, LPtoDP, GetMapMode, PatBlt, SetBkMode, GetStockObject, SelectObject, RestoreDC, SaveDC, DeleteDC, GetObjectA, SetBkColor, SetTextColor, GetClipBox, CreateDIBitmap, GetTextExtentPointA, BitBlt, CreateCompatibleDC, CreateBitmap > comdlg32.dll: GetFileTitleA > WINSPOOL.DRV: ClosePrinter, DocumentPropertiesA, OpenPrinterA > ADVAPI32.dll: RegCloseKey, RegSetValueExA, RegCreateKeyExA, RegQueryValueExA, RegOpenKeyExA > COMCTL32.dll: - > oledlg.dll: - > ole32.dll: CoFreeUnusedLibraries, OleUninitialize, CoTaskMemAlloc, CoTaskMemFree, CreateILockBytesOnHGlobal, StgCreateDocfileOnILockBytes, StgOpenStorageOnILockBytes, CoGetClassObject, CLSIDFromString, CLSIDFromProgID, CoCreateInstance, CoInitialize, CoUninitialize, CoRegisterMessageFilter, CoRevokeClassObject, OleFlushClipboard, OleIsCurrentClipboard, OleInitialize > OLEPRO32.DLL: - > OLEAUT32.dll: -, -, -, -, -, -, -, -, - ( 0 exports ) 
CWSandbox info: <a href='http://research.sunbelt-software.com/partnerresource/MD5.aspx?md5=2ac7f8b8bf0d5d327a3a2a00453222c4' target='_blank'>http://research.sunbelt-software.com/partnerresource/MD5.aspx?md5=2ac7f8b8bf0d5d327a3a2a00453222c4</a>

Antivirus Version letzte aktualisierung Ergebnis
a-squared 4.0.0.73 2009.01.17 -
AhnLab-V3 2009.1.15.0 2009.01.16 -
AntiVir 7.9.0.55 2009.01.16 -
Authentium 5.1.0.4 2009.01.16 -
Avast 4.8.1281.0 2009.01.16 -
AVG 8.0.0.229 2009.01.16 -
BitDefender 7.2 2009.01.17 -
CAT-QuickHeal 10.00 2009.01.17 -
ClamAV 0.94.1 2009.01.17 -
Comodo 934 2009.01.17 -
DrWeb 4.44.0.09170 2009.01.17 -
eSafe 7.0.17.0 2009.01.15 -
eTrust-Vet 31.6.6312 2009.01.17 -
F-Prot 4.4.4.56 2009.01.16 -
F-Secure 8.0.14470.0 2009.01.17 -
Fortinet 3.117.0.0 2009.01.15 -
GData 19 2009.01.17 -
Ikarus T3.1.1.45.0 2009.01.17 -
K7AntiVirus 7.10.594 2009.01.17 -
Kaspersky 7.0.0.125 2009.01.17 -
McAfee 5497 2009.01.16 -
McAfee+Artemis 5497 2009.01.16 -
Microsoft 1.4205 2009.01.17 -
NOD32 3773 2009.01.17 -
Norman 5.93.01 2009.01.16 -
nProtect 2009.1.8.0 2009.01.16 -
Panda 9.5.1.2 2009.01.17 -
PCTools 4.4.2.0 2009.01.17 -
Prevx1 V2 2009.01.17 -
Rising 21.12.52.00 2009.01.17 -
SecureWeb-Gateway 6.7.6 2009.01.16 -
Sophos 4.37.0 2009.01.17 -
Sunbelt 3.2.1835.2 2009.01.16 -
Symantec 10 2009.01.17 -
TheHacker 6.3.1.5.221 2009.01.17 -
TrendMicro 8.700.0.1004 2009.01.16 -
VBA32 3.12.8.10 2009.01.16 -
ViRobot 2009.1.17.1563 2009.01.17 -
VirusBuster 4.5.11.0 2009.01.16 -

weitere Informationen
File size: 200704 bytes
MD5...: 2ac7f8b8bf0d5d327a3a2a00453222c4
SHA1..: 801b48d7d5739038a7f293dbbf215431f77d8ee9
SHA256: f71b6cfa7f4ae2a13c8ddf296631ef26c72e7c0387d88b9701577dae133ec583
SHA512: d6c16fe3f6a556643f1db7963d1f544a91b7aecc9cbd2d63efffc8234e00d7f9 a87a31e887319c35a67412d3bce6b8854568e36ba5f9f9c58d26d31fc75292ba 
ssdeep: 3072:hBb0sexGRc3ZKmKxtAEjZoHLGIMAP0GV7UIJeIZ4yIy8o8bgCR8Z

Bc3ZK AEjkGIFAjyC 
PEiD..: Armadillo v1.71
TrID..: File type identification Win64 Executable Generic (54.6%) Win32 Executable MS Visual C++ (generic) (24.0%) Windows Screen Saver (8.3%) Win32 Executable Generic (5.4%) Win32 Dynamic Link Library (generic) (4.8%)
PEInfo: PE Structure information ( base data ) entrypointaddress.: 0x409fe0 timedatestamp.....: 0x471d62d0 (Tue Oct 23 02:56:16 2007) machinetype.......: 0x14c (I386) ( 4 sections ) name viradd virsiz rawdsiz ntrpy md5 .text 0x1000 0x2059f 0x21000 6.52 16d16d5b03dbdba19ce7a207a8c4b332 .rdata 0x22000 0x8720 0x9000 4.58 b67e7269fb7e03bb992b809f7b8b656e .data 0x2b000 0x6348 0x3000 3.24 7180e1b25d7c9c8c1461a09f8479ffd6 .rsrc 0x32000 0x2490 0x3000 3.86 8fd26e728f6382b0e527cb04d7230d00 ( 11 imports ) > KERNEL32.dll: GetStartupInfoA, GetCommandLineA, ExitProcess, TerminateProcess, HeapFree, HeapAlloc, RaiseException, HeapReAlloc, HeapSize, GetACP, GetTimeZoneInformation, LCMapStringA, LCMapStringW, UnhandledExceptionFilter, FreeEnvironmentStringsA, FreeEnvironmentStringsW, GetEnvironmentStrings, GetEnvironmentStringsW, SetHandleCount, RtlUnwind, GetFileType, HeapDestroy, HeapCreate, VirtualFree, VirtualAlloc, IsBadWritePtr, SetUnhandledExceptionFilter, GetStringTypeA, GetStringTypeW, IsBadReadPtr, IsBadCodePtr, SetStdHandle, CompareStringA, CompareStringW, SetEnvironmentVariableA, FormatMessageA, GetProfileStringA, GetTickCount, FileTimeToLocalFileTime, FileTimeToSystemTime, SetErrorMode, GetFileTime, GetFileSize, GetFileAttributesA, GetOEMCP, GetCPInfo, SizeofResource, GetProcessVersion, WritePrivateProfileStringA, GlobalFlags, TlsGetValue, LocalReAlloc, TlsSetValue, EnterCriticalSection, GlobalReAlloc, LeaveCriticalSection, TlsFree, GlobalHandle, DeleteCriticalSection, TlsAlloc, InitializeCriticalSection, LocalFree, LocalAlloc, GetThreadLocale, GetFullPathNameA, lstrcpynA, GetVolumeInformationA, FindFirstFileA, FindClose, SetEndOfFile, UnlockFile, LockFile, FlushFileBuffers, SetFilePointer, WriteFile, ReadFile, CreateFileA, GetCurrentProcess, DuplicateHandle, GetLastError, MulDiv, SetLastError, MultiByteToWideChar, lstrlenA, InterlockedIncrement, InterlockedDecrement, LoadLibraryA, FreeLibrary, GetVersion, lstrcatA, GlobalGetAtomNameA, GlobalAddAtomA, GlobalFindAtomA, lstrcpyA, GetModuleHandleA, GetProcAddress, GlobalUnlock, GlobalFree, LockResource, FindResourceA, LoadResource, CloseHandle, GetModuleFileNameA, GlobalLock, GlobalAlloc, GlobalDeleteAtom, lstrcmpA, lstrcmpiA, GetCurrentThread, GetCurrentThreadId, lstrcpyW, WideCharToMultiByte, GetWindowsDirectoryA, Sleep, GetStdHandle, GetSystemDefaultLCID > USER32.dll: SetRect, GetNextDlgGroupItem, MessageBeep, InvalidateRect, InflateRect, RegisterClipboardFormatA, PostThreadMessageA, GetSysColor, SetFocus, AdjustWindowRectEx, ScreenToClient, CopyRect, GetTopWindow, IsChild, GetCapture, WinHelpA, wsprintfA, GetClassInfoA, RegisterClassA, GetMenu, GetMenuItemCount, GetSubMenu, GetMenuItemID, GetWindowTextLengthA, GetWindowTextA, GetDlgCtrlID, DefWindowProcA, CreateWindowExA, GetClassLongA, SetPropA, UnhookWindowsHookEx, GetPropA, CallWindowProcA, RemovePropA, CopyAcceleratorTableA, GetMessagePos, GetClassNameA, SetForegroundWindow, SetWindowLongA, RegisterWindowMessageA, OffsetRect, IntersectRect, SystemParametersInfoA, GetWindowPlacement, GetWindowRect, MapDialogRect, SetWindowPos, GetWindow, SetWindowContextHelpId, EndDialog, SetActiveWindow, IsWindow, CreateDialogIndirectParamA, GetDlgItem, GetMenuCheckMarkDimensions, LoadBitmapA, GetMenuState, ModifyMenuA, SetMenuItemBitmaps, CheckMenuItem, EnableMenuItem, GetFocus, GetNextDlgTabItem, GetMessageA, TranslateMessage, DispatchMessageA, GetActiveWindow, GetKeyState, CallNextHookEx, ValidateRect, IsWindowVisible, PeekMessageA, GetCursorPos, LoadIconA, SendMessageA, AppendMenuA, UnregisterClassA, HideCaret, ShowCaret, ExcludeUpdateRgn, DrawFocusRect, SetWindowsHookExA, GetParent, GetLastActivePopup, IsWindowEnabled, GetWindowLongA, MessageBoxA, SetCursor, PostQuitMessage, PostMessageA, EnableWindow, IsIconic, GetSystemMetrics, CharNextA, GetSysColorBrush, GetMessageTime, GetClientRect, DrawIcon, DefDlgProcA, IsWindowUnicode, GetSystemMenu, GetDesktopWindow, LoadCursorA, CharUpperA, GrayStringA, DrawTextA, TabbedTextOutA, EndPaint, BeginPaint, GetWindowDC, ReleaseDC, GetDC, ClientToScreen, DestroyMenu, LoadStringA, ShowWindow, MoveWindow, SetWindowTextA, IsDialogMessageA, MapWindowPoints, UpdateWindow, DestroyWindow, PtInRect, GetForegroundWindow, SendDlgItemMessageA > GDI32.dll: SetMapMode, SetViewportOrgEx, OffsetViewportOrgEx, SetViewportExtEx, ScaleViewportExtEx, SetWindowExtEx, ScaleWindowExtEx, IntersectClipRect, DeleteObject, GetDeviceCaps, GetViewportExtEx, GetWindowExtEx, CreateSolidBrush, PtVisible, RectVisible, TextOutA, ExtTextOutA, Escape, GetTextColor, GetBkColor, DPtoLP, LPtoDP, GetMapMode, PatBlt, SetBkMode, GetStockObject, SelectObject, RestoreDC, SaveDC, DeleteDC, GetObjectA, SetBkColor, SetTextColor, GetClipBox, CreateDIBitmap, GetTextExtentPointA, BitBlt, CreateCompatibleDC, CreateBitmap > comdlg32.dll: GetFileTitleA > WINSPOOL.DRV: ClosePrinter, DocumentPropertiesA, OpenPrinterA > ADVAPI32.dll: RegCloseKey, RegSetValueExA, RegCreateKeyExA, RegQueryValueExA, RegOpenKeyExA > COMCTL32.dll: - > oledlg.dll: - > ole32.dll: CoFreeUnusedLibraries, OleUninitialize, CoTaskMemAlloc, CoTaskMemFree, CreateILockBytesOnHGlobal, StgCreateDocfileOnILockBytes, StgOpenStorageOnILockBytes, CoGetClassObject, CLSIDFromString, CLSIDFromProgID, CoCreateInstance, CoInitialize, CoUninitialize, CoRegisterMessageFilter, CoRevokeClassObject, OleFlushClipboard, OleIsCurrentClipboard, OleInitialize > OLEPRO32.DLL: - > OLEAUT32.dll: -, -, -, -, -, -, -, -, - ( 0 exports ) 
CWSandbox info: <a href='http://research.sunbelt-software.com/partnerresource/MD5.aspx?md5=2ac7f8b8bf0d5d327a3a2a00453222c4' target='_blank'>http://research.sunbelt-software.com/partnerresource/MD5.aspx?md5=2ac7f8b8bf0d5d327a3a2a00453222c4</a>

temon · 17.01.2009, 13:35

Zitat:

Zitat von Mr.Vain

Bitte mal folgendes bei VirusTotal - Free Online Virus and Malware Scan hochladen

Code:

ATTFilter

C:\Windows\PLFSetI.exe
C:\Program Files\Common Files\SPBA\homefus2.dll

Ergebnisse bitte posten.

das Zweite:
MD5: 2b997108ddea8d324be558a72a5cc8ab
First received: -
Datum 2009.01.11 15:50:57 (CET) [>5D]
Ergebnisse 0/38
Permalink: analisis/1aa5b37973f93999a379230a0972dac1

Die Analyse:

Datei homefus2.dll empfangen 2009.01.17 13:33:56 (CET)
Antivirus Version letzte aktualisierung Ergebnis
a-squared 4.0.0.73 2009.01.17 -
AhnLab-V3 2009.1.15.0 2009.01.16 -
AntiVir 7.9.0.55 2009.01.16 -
Authentium 5.1.0.4 2009.01.16 -
Avast 4.8.1281.0 2009.01.16 -
AVG 8.0.0.229 2009.01.16 -
BitDefender 7.2 2009.01.17 -
CAT-QuickHeal 10.00 2009.01.17 -
ClamAV 0.94.1 2009.01.17 -
Comodo 934 2009.01.17 -
DrWeb 4.44.0.09170 2009.01.17 -
eSafe 7.0.17.0 2009.01.15 -
eTrust-Vet 31.6.6312 2009.01.17 -
F-Prot 4.4.4.56 2009.01.16 -
F-Secure 8.0.14470.0 2009.01.17 -
Fortinet 3.117.0.0 2009.01.15 -
GData 19 2009.01.17 -
Ikarus T3.1.1.45.0 2009.01.17 -
K7AntiVirus 7.10.594 2009.01.17 -
Kaspersky 7.0.0.125 2009.01.17 -
McAfee 5497 2009.01.16 -
McAfee+Artemis 5497 2009.01.16 -
Microsoft 1.4205 2009.01.17 -
NOD32 3773 2009.01.17 -
Norman 5.93.01 2009.01.16 -
nProtect 2009.1.8.0 2009.01.16 -
Panda 9.5.1.2 2009.01.17 -
PCTools 4.4.2.0 2009.01.17 -
Prevx1 V2 2009.01.17 -
Rising 21.12.52.00 2009.01.17 -
SecureWeb-Gateway 6.7.6 2009.01.16 -
Sophos 4.37.0 2009.01.17 -
Sunbelt 3.2.1835.2 2009.01.16 -
Symantec 10 2009.01.17 -
TheHacker 6.3.1.5.221 2009.01.17 -
TrendMicro 8.700.0.1004 2009.01.16 -
VBA32 3.12.8.10 2009.01.16 -
ViRobot 2009.1.17.1563 2009.01.17 -
VirusBuster 4.5.11.0 2009.01.16 -
weitere Informationen
File size: 567560 bytes
MD5...: 2b997108ddea8d324be558a72a5cc8ab
SHA1..: 55a9d8b7c2b35bb248109a8514d9535ca9554c37
SHA256: d41962b91fe55ef89514e83ce11ab18cc30eed2d6cd5fbfeddac22d0b613756e
SHA512: 4ab7752c1866657e5408657106a8e63d1f49678827656fe6622a0f1f076458fb 9fa24a2513aba4bf2b51ac0e88d1760a719f80d50f33042a7c7e819087023993 
ssdeep: 12288:kzm8WlKxvrwDKX+YmncyVi66CHESU4HvA:kS8Z55Gcoi6NkSU7 
PEiD..: -
TrID..: File type identification Win32 Executable MS Visual C++ (generic) (65.2%) Win32 Executable Generic (14.7%) Win32 Dynamic Link Library (generic) (13.1%) Generic Win/DOS Executable (3.4%) DOS Executable Generic (3.4%)
PEInfo: PE Structure information ( base data ) entrypointaddress.: 0x31291cb8 timedatestamp.....: 0x47e90b0c (Tue Mar 25 14:24:12 2008) machinetype.......: 0x14c (I386) ( 6 sections ) name viradd virsiz rawdsiz ntrpy md5 .text 0x1000 0x25228 0x25400 6.55 68552808f50f530c66d67da51cf1694b .rdata 0x27000 0x1de0d 0x1e000 4.38 e6d0686f2a2c91e8b757a5796719a1d3 .data 0x45000 0x3ba0 0x3600 4.52 e88421d5926f7a003640171157bcadef .HKT 0x49000 0xc 0x200 0.00 bf619eac0cdf3f68d496ea9344137e8b .rsrc 0x4a000 0x3cd90 0x3ce00 7.94 56cebb92cdcaf9b11176f5a326cb5676 .reloc 0x87000 0x5562 0x5600 5.75 0507d19b79abd669d574b94216f6f0b0 ( 13 imports ) > KERNEL32.dll: CreateFileW, GetSystemDirectoryW, MulDiv, GetComputerNameW, LoadLibraryA, AddAtomW, CreateMutexW, CreateEventW, OpenEventW, FindAtomW, ResetEvent, QueryPerformanceCounter, IsDebuggerPresent, SetUnhandledExceptionFilter, GetFileSize, TerminateProcess, VirtualAlloc, VirtualFree, IsProcessorFeaturePresent, InterlockedCompareExchange, GetVersionExA, GetThreadLocale, GetLocaleInfoA, GetACP, InterlockedExchange, GetProcessHeap, HeapAlloc, HeapFree, ReadFile, UnhandledExceptionFilter, WaitForSingleObject, GetCurrentProcessId, DeleteAtom, CallNamedPipeW, GetLocaleInfoW, SetEvent, LocalFree, CloseHandle, GetCurrentProcess, FlushInstructionCache, GetVersionExW, FindResourceExW, LockResource, Sleep, FindResourceW, LoadResource, SizeofResource, FreeLibrary, lstrcmpiW, InterlockedDecrement, InterlockedIncrement, lstrlenW, GetModuleHandleA, LoadLibraryExW, GetCurrentThreadId, OutputDebugStringA, LoadLibraryW, DeleteCriticalSection, InitializeCriticalSection, LeaveCriticalSection, EnterCriticalSection, RaiseException, MultiByteToWideChar, GetModuleFileNameW, GetLastError, GetUserDefaultLangID, SetLastError, GetTickCount, GetVersion, GetFileAttributesW, GetProcAddress, GetModuleHandleW, GetSystemTimeAsFileTime, LocalAlloc > USER32.dll: GetWindowRect, BringWindowToTop, SetWindowPos, GetDlgItem, OpenDesktopW, UnregisterClassA, ExitWindowsEx, SetWindowLongW, DestroyWindow, GetParent, BeginPaint, EndPaint, CharNextW, EnableWindow, DrawIconEx, CreateIconIndirect, DrawTextW, GetDC, SystemParametersInfoW, GetKeyboardLayout, GetKeyboardLayoutNameW, GetKeyboardLayoutList, MessageBoxW, RegisterWindowMessageW, EnumDesktopWindows, IsWindowVisible, SetThreadDesktop, EndDialog, SetWindowTextW, CreateWindowExW, SetTimer, GetDlgItemTextW, ScreenToClient, SetFocus, LoadImageW, DispatchMessageW, TranslateMessage, GetActiveWindow, AttachThreadInput, GetWindowThreadProcessId, GetForegroundWindow, SendInput, GetThreadDesktop, SetCursorPos, GetCursorPos, ReleaseDC, keybd_event, EnumChildWindows, EnumWindows, CloseDesktop, MapWindowPoints, GetWindow, MoveWindow, FillRect, GetClientRect, GetWindowLongW, KillTimer, SendMessageW, DestroyIcon, GetSysColor, PostMessageW, DefWindowProcW, GetSystemMetrics, SetForegroundWindow, DialogBoxIndirectParamW, CreateDialogIndirectParamW, IsWindow, SetDlgItemTextW, SetActiveWindow, RedrawWindow, ShowWindow, InvalidateRect, FindWindowW, CallWindowProcW > GDI32.dll: GetDeviceCaps, SetBkMode, CreateFontIndirectW, CreateCompatibleDC, CreateCompatibleBitmap, CreateBitmap, DeleteObject, SelectObject, SetBkColor, SetTextColor, ExtTextOutW, GetStockObject, PatBlt, DeleteDC, CreateSolidBrush > ADVAPI32.dll: RegQueryValueExW, InitiateSystemShutdownExW, ConvertStringSidToSidW, EqualSid, ConvertSidToStringSidW, GetTokenInformation, AllocateAndInitializeSid, FreeSid, RegNotifyChangeKeyValue, OpenProcessToken, LookupPrivilegeValueW, AdjustTokenPrivileges, LookupAccountSidW, GetSidSubAuthorityCount, GetSidLengthRequired, GetSidIdentifierAuthority, InitializeSid, RegCloseKey, RegOpenKeyExW, RegDeleteKeyW, RegDeleteValueW, RegCreateKeyExW, RegSetValueExW, RegQueryInfoKeyW, RegEnumKeyExW, LogonUserW, ImpersonateLoggedOnUser, RevertToSelf, GetSidSubAuthority, LookupAccountNameW > SHELL32.dll: ExtractIconExW > IMM32.dll: ImmGetIMEFileNameW, ImmIsIME > RPCRT4.dll: UuidCreate > gdiplus.dll: GdiplusStartup, GdiplusShutdown > NETAPI32.dll: NetUserChangePassword, NetApiBufferFree, NetUserModalsGet > Secur32.dll: LsaCallAuthenticationPackage, LsaRegisterLogonProcess, LsaLookupAuthenticationPackage > ole32.dll: CoTaskMemAlloc, CoTaskMemFree, CoCreateInstance, CoTaskMemRealloc > OLEAUT32.dll: - > MSVCR80.dll: __clean_type_info_names_internal, _crt_debugger_hook, __type_info_dtor_internal_method@type_info@@QAEXXZ, __CppXcptFilter, _adjust_fdiv, _amsg_exit, _initterm_e, _initterm, _encoded_null, _malloc_crt, _decode_pointer, _onexit, _lock, _encode_pointer, __dllonexit, _unlock, _except_handler4_common, _terminate@@YAXXZ, fwrite, _wfopen, fseek, fgetpos, fread, fclose, _wtoi, swscanf, wcsstr, strcpy, _wcsicmp, wcstoul, memcpy, _wcsupr, _vsnwprintf, wcscspn, wcsspn, wcscat, __0exception@std@@QAE@XZ, __0exception@std@@QAE@ABV01@@Z, memmove_s, strlen, __1exception@std@@UAE@XZ, _what@exception@std@@UBEPBDXZ, __0exception@std@@QAE@ABQBD@Z, _invalid_parameter_noinfo, _purecall, wcscmp, _mbslen, _recalloc, wcsncpy_s, memcpy_s, malloc, __CxxFrameHandler3, __2@YAPAXI@Z, _CxxThrowException, memset, free, wcsncpy, wcscpy, wcslen, wcsrchr, ___V@YAXPAX@Z, __3@YAXPAX@Z ( 12 exports ) InitializeChangeNotifyS, LockEventS, LogoffEventS, LogonEventS, Module_GetStaticList_2_ql2, Module_IsUnlocked_2_ql2, PasswordChangeNotifyS, PasswordFilterS, ShellStartEventS, ShutdownEventS, StartupEventS, UnlockEventS 

Antivirus Version letzte aktualisierung Ergebnis
a-squared 4.0.0.73 2009.01.17 -
AhnLab-V3 2009.1.15.0 2009.01.16 -
AntiVir 7.9.0.55 2009.01.16 -
Authentium 5.1.0.4 2009.01.16 -
Avast 4.8.1281.0 2009.01.16 -
AVG 8.0.0.229 2009.01.16 -
BitDefender 7.2 2009.01.17 -
CAT-QuickHeal 10.00 2009.01.17 -
ClamAV 0.94.1 2009.01.17 -
Comodo 934 2009.01.17 -
DrWeb 4.44.0.09170 2009.01.17 -
eSafe 7.0.17.0 2009.01.15 -
eTrust-Vet 31.6.6312 2009.01.17 -
F-Prot 4.4.4.56 2009.01.16 -
F-Secure 8.0.14470.0 2009.01.17 -
Fortinet 3.117.0.0 2009.01.15 -
GData 19 2009.01.17 -
Ikarus T3.1.1.45.0 2009.01.17 -
K7AntiVirus 7.10.594 2009.01.17 -
Kaspersky 7.0.0.125 2009.01.17 -
McAfee 5497 2009.01.16 -
McAfee+Artemis 5497 2009.01.16 -
Microsoft 1.4205 2009.01.17 -
NOD32 3773 2009.01.17 -
Norman 5.93.01 2009.01.16 -
nProtect 2009.1.8.0 2009.01.16 -
Panda 9.5.1.2 2009.01.17 -
PCTools 4.4.2.0 2009.01.17 -
Prevx1 V2 2009.01.17 -
Rising 21.12.52.00 2009.01.17 -
SecureWeb-Gateway 6.7.6 2009.01.16 -
Sophos 4.37.0 2009.01.17 -
Sunbelt 3.2.1835.2 2009.01.16 -
Symantec 10 2009.01.17 -
TheHacker 6.3.1.5.221 2009.01.17 -
TrendMicro 8.700.0.1004 2009.01.16 -
VBA32 3.12.8.10 2009.01.16 -
ViRobot 2009.1.17.1563 2009.01.17 -
VirusBuster 4.5.11.0 2009.01.16 -

weitere Informationen
File size: 567560 bytes
MD5...: 2b997108ddea8d324be558a72a5cc8ab
SHA1..: 55a9d8b7c2b35bb248109a8514d9535ca9554c37
SHA256: d41962b91fe55ef89514e83ce11ab18cc30eed2d6cd5fbfeddac22d0b613756e
SHA512: 4ab7752c1866657e5408657106a8e63d1f49678827656fe6622a0f1f076458fb 9fa24a2513aba4bf2b51ac0e88d1760a719f80d50f33042a7c7e819087023993 
ssdeep: 12288:kzm8WlKxvrwDKX+YmncyVi66CHESU4HvA:kS8Z55Gcoi6NkSU7 
PEiD..: -
TrID..: File type identification Win32 Executable MS Visual C++ (generic) (65.2%) Win32 Executable Generic (14.7%) Win32 Dynamic Link Library (generic) (13.1%) Generic Win/DOS Executable (3.4%) DOS Executable Generic (3.4%)
PEInfo: PE Structure information ( base data ) entrypointaddress.: 0x31291cb8 timedatestamp.....: 0x47e90b0c (Tue Mar 25 14:24:12 2008) machinetype.......: 0x14c (I386) ( 6 sections ) name viradd virsiz rawdsiz ntrpy md5 .text 0x1000 0x25228 0x25400 6.55 68552808f50f530c66d67da51cf1694b .rdata 0x27000 0x1de0d 0x1e000 4.38 e6d0686f2a2c91e8b757a5796719a1d3 .data 0x45000 0x3ba0 0x3600 4.52 e88421d5926f7a003640171157bcadef .HKT 0x49000 0xc 0x200 0.00 bf619eac0cdf3f68d496ea9344137e8b .rsrc 0x4a000 0x3cd90 0x3ce00 7.94 56cebb92cdcaf9b11176f5a326cb5676 .reloc 0x87000 0x5562 0x5600 5.75 0507d19b79abd669d574b94216f6f0b0 ( 13 imports ) > KERNEL32.dll: CreateFileW, GetSystemDirectoryW, MulDiv, GetComputerNameW, LoadLibraryA, AddAtomW, CreateMutexW, CreateEventW, OpenEventW, FindAtomW, ResetEvent, QueryPerformanceCounter, IsDebuggerPresent, SetUnhandledExceptionFilter, GetFileSize, TerminateProcess, VirtualAlloc, VirtualFree, IsProcessorFeaturePresent, InterlockedCompareExchange, GetVersionExA, GetThreadLocale, GetLocaleInfoA, GetACP, InterlockedExchange, GetProcessHeap, HeapAlloc, HeapFree, ReadFile, UnhandledExceptionFilter, WaitForSingleObject, GetCurrentProcessId, DeleteAtom, CallNamedPipeW, GetLocaleInfoW, SetEvent, LocalFree, CloseHandle, GetCurrentProcess, FlushInstructionCache, GetVersionExW, FindResourceExW, LockResource, Sleep, FindResourceW, LoadResource, SizeofResource, FreeLibrary, lstrcmpiW, InterlockedDecrement, InterlockedIncrement, lstrlenW, GetModuleHandleA, LoadLibraryExW, GetCurrentThreadId, OutputDebugStringA, LoadLibraryW, DeleteCriticalSection, InitializeCriticalSection, LeaveCriticalSection, EnterCriticalSection, RaiseException, MultiByteToWideChar, GetModuleFileNameW, GetLastError, GetUserDefaultLangID, SetLastError, GetTickCount, GetVersion, GetFileAttributesW, GetProcAddress, GetModuleHandleW, GetSystemTimeAsFileTime, LocalAlloc > USER32.dll: GetWindowRect, BringWindowToTop, SetWindowPos, GetDlgItem, OpenDesktopW, UnregisterClassA, ExitWindowsEx, SetWindowLongW, DestroyWindow, GetParent, BeginPaint, EndPaint, CharNextW, EnableWindow, DrawIconEx, CreateIconIndirect, DrawTextW, GetDC, SystemParametersInfoW, GetKeyboardLayout, GetKeyboardLayoutNameW, GetKeyboardLayoutList, MessageBoxW, RegisterWindowMessageW, EnumDesktopWindows, IsWindowVisible, SetThreadDesktop, EndDialog, SetWindowTextW, CreateWindowExW, SetTimer, GetDlgItemTextW, ScreenToClient, SetFocus, LoadImageW, DispatchMessageW, TranslateMessage, GetActiveWindow, AttachThreadInput, GetWindowThreadProcessId, GetForegroundWindow, SendInput, GetThreadDesktop, SetCursorPos, GetCursorPos, ReleaseDC, keybd_event, EnumChildWindows, EnumWindows, CloseDesktop, MapWindowPoints, GetWindow, MoveWindow, FillRect, GetClientRect, GetWindowLongW, KillTimer, SendMessageW, DestroyIcon, GetSysColor, PostMessageW, DefWindowProcW, GetSystemMetrics, SetForegroundWindow, DialogBoxIndirectParamW, CreateDialogIndirectParamW, IsWindow, SetDlgItemTextW, SetActiveWindow, RedrawWindow, ShowWindow, InvalidateRect, FindWindowW, CallWindowProcW > GDI32.dll: GetDeviceCaps, SetBkMode, CreateFontIndirectW, CreateCompatibleDC, CreateCompatibleBitmap, CreateBitmap, DeleteObject, SelectObject, SetBkColor, SetTextColor, ExtTextOutW, GetStockObject, PatBlt, DeleteDC, CreateSolidBrush > ADVAPI32.dll: RegQueryValueExW, InitiateSystemShutdownExW, ConvertStringSidToSidW, EqualSid, ConvertSidToStringSidW, GetTokenInformation, AllocateAndInitializeSid, FreeSid, RegNotifyChangeKeyValue, OpenProcessToken, LookupPrivilegeValueW, AdjustTokenPrivileges, LookupAccountSidW, GetSidSubAuthorityCount, GetSidLengthRequired, GetSidIdentifierAuthority, InitializeSid, RegCloseKey, RegOpenKeyExW, RegDeleteKeyW, RegDeleteValueW, RegCreateKeyExW, RegSetValueExW, RegQueryInfoKeyW, RegEnumKeyExW, LogonUserW, ImpersonateLoggedOnUser, RevertToSelf, GetSidSubAuthority, LookupAccountNameW > SHELL32.dll: ExtractIconExW > IMM32.dll: ImmGetIMEFileNameW, ImmIsIME > RPCRT4.dll: UuidCreate > gdiplus.dll: GdiplusStartup, GdiplusShutdown > NETAPI32.dll: NetUserChangePassword, NetApiBufferFree, NetUserModalsGet > Secur32.dll: LsaCallAuthenticationPackage, LsaRegisterLogonProcess, LsaLookupAuthenticationPackage > ole32.dll: CoTaskMemAlloc, CoTaskMemFree, CoCreateInstance, CoTaskMemRealloc > OLEAUT32.dll: - > MSVCR80.dll: __clean_type_info_names_internal, _crt_debugger_hook, __type_info_dtor_internal_method@type_info@@QAEXXZ, __CppXcptFilter, _adjust_fdiv, _amsg_exit, _initterm_e, _initterm, _encoded_null, _malloc_crt, _decode_pointer, _onexit, _lock, _encode_pointer, __dllonexit, _unlock, _except_handler4_common, _terminate@@YAXXZ, fwrite, _wfopen, fseek, fgetpos, fread, fclose, _wtoi, swscanf, wcsstr, strcpy, _wcsicmp, wcstoul, memcpy, _wcsupr, _vsnwprintf, wcscspn, wcsspn, wcscat, __0exception@std@@QAE@XZ, __0exception@std@@QAE@ABV01@@Z, memmove_s, strlen, __1exception@std@@UAE@XZ, _what@exception@std@@UBEPBDXZ, __0exception@std@@QAE@ABQBD@Z, _invalid_parameter_noinfo, _purecall, wcscmp, _mbslen, _recalloc, wcsncpy_s, memcpy_s, malloc, __CxxFrameHandler3, __2@YAPAXI@Z, _CxxThrowException, memset, free, wcsncpy, wcscpy, wcslen, wcsrchr, ___V@YAXPAX@Z, __3@YAXPAX@Z ( 12 exports ) InitializeChangeNotifyS, LockEventS, LogoffEventS, LogonEventS, Module_GetStaticList_2_ql2, Module_IsUnlocked_2_ql2, PasswordChangeNotifyS, PasswordFilterS, ShellStartEventS, ShutdownEventS, StartupEventS, UnlockEventS

temon · 17.01.2009, 13:50

Habe die 2 Dateien über Kaspersky online Scanner gescannt. Beide Ergebnisse sehen so aus:
Bekannte Viren: 1636047 Updated: 17-01-2009
Größe der Datei (Kb): 196 Viren-Korpus: 0
Datei: 1 Warnungen: 0
Archive: 0 Verdächtigt: 0

temon · 17.01.2009, 14:33

Habe einen PORT`s Scan gemacht.
Ihr Scan-Ergebnis

Ihr System antwortet nicht auf ICMP-Pakete.
Port Name Status Erläuterung
25 smtp gefiltert Mail-Server (SMTP)
53 domain gefiltert DNS
80 www gefiltert Web-Server
135 loc-srv gefiltert MS-RPC
137 netbios-ns gefiltert NetBIOS Name Service
138 netbios-dgm gefiltert NetBIOS Datagram Service
139 netbios-ssn gefiltert NetBIOS Session Service
443 https gefiltert Web Server (HTTPS)
445 microsoft-ds gefiltert SMB over TCP
1214 kazaa gefiltert Kazaa Standard-Port
1433 ms-sql-s gefiltert MS SQL Server
1900 nicht reserviert gefiltert Universal PnP
3389 nicht reserviert gefiltert MS Terminal Services
4662 nicht reserviert gefiltert Standard-Port eDonkey
5800 nicht reserviert gefiltert VNC via HTTP
5900 nicht reserviert gefiltert VNC
6667 ircd gefiltert IRC Server
6881 nicht reserviert gefiltert Bittorrent Standard-Port

Kazzaa , IRC, bit torrent.
Sowas habe ich nie genutzt!!!!!!!!!!!!!!!!!!!!

Mr.Vain · 17.01.2009, 14:34

Gut dann sind diese Dateien recht sauber

Jetzt wäre ein Anti Viren Scan und ein Scan mit Malwarebytes Anti-Malware nicht schlecht

temon · 17.01.2009, 17:24

ok der Scan dauerte um die 2,5 Stunden. nichts gefunden!
Malwarebytes' Anti-Malware 1.33
Datenbank Version: 1659
Windows 6.0.6001 Service Pack 1

17.01.2009 17:22:59
mbam-log-2009-01-17 (17-22-59).txt

Scan-Methode: Vollständiger Scan (C:\|D:\|)
Durchsuchte Objekte: 131274
Laufzeit: 2 hour(s), 37 minute(s), 16 second(s)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)

Mr.Vain · 17.01.2009, 17:30

Gut ich denke mal das wäre es dann gewesen mit dem Virus

Kommen sonst noch Meldungen oder verhält sich dein PC komisch?

temon · 17.01.2009, 18:01

Zitat:

Zitat von Mr.Vain

Gut ich denke mal das wäre es dann gewesen mit dem Virus

Kommen sonst noch Meldungen oder verhält sich dein PC komisch?

Also bis jetzt hatte ich nichts auffälliges gehabt. Nur das sich mein Antivirus Programm nach jedem Neustart ausschaltet. Sonst nichts.
Werde jetzt öfters scannen mit Antivirus , Spybot und natürlich UPDATES.

So Danke vielmals für die Hilfe.

Letze Frage noch. Der Virus konnte doch nicht auf meine D: Festplatte rüberspringen?
Oder andere PC`s die am DSL- Router Angeschloßen haben? ist es möglich?

mit Xp formatieren da hätte ich keine Probleme mit

Hacker-Attacke + Trojaner

Plagegeister aller Art und deren Bekämpfung: Hacker-Attacke + Trojaner