Hupigon13, Win32.Delf.uv - Antivir und Hijackthis gehen nicht

phaos · 02.06.2009, 17:50

Hallo Chris,

zunächst die Auswertung von Virustotal:

Prüfung von Virustotal:

- C:\Windows\system32\AgCPanelFrenchb.exe  INternal server error

- Datei MemeoBackgroundService.exe empfangen 2009.03.09 16:01:06 (UTC)
Status: Beendet
Ergebnis: 0/38 (0.00%)
Filter
Drucken der Ergebnisse Antivirus Version letzte aktualisierung Ergebnis
a-squared 4.0.0.101 2009.03.09 -
AhnLab-V3 5.0.0.2 2009.02.27 -
AntiVir 7.9.0.107 2009.03.09 -
Authentium 5.1.0.4 2009.03.08 -
Avast 4.8.1335.0 2009.03.09 -
AVG 8.0.0.237 2009.03.09 -
BitDefender 7.2 2009.03.09 -
CAT-QuickHeal 10.00 2009.03.09 -
ClamAV 0.94.1 2009.03.06 -
Comodo 1039 2009.03.09 -
DrWeb 4.44.0.09170 2009.03.09 -
eSafe 7.0.17.0 2009.03.09 -
eTrust-Vet 31.6.6386 2009.03.06 -
F-Prot 4.4.4.56 2009.03.08 -
F-Secure 8.0.14470.0 2009.03.09 -
Fortinet 3.117.0.0 2009.03.09 -
GData 19 2009.03.09 -
Ikarus T3.1.1.45.0 2009.03.09 -
K7AntiVirus 7.10.664 2009.03.09 -
Kaspersky 7.0.0.125 2009.03.09 -
McAfee 5547 2009.03.08 -
McAfee+Artemis 5547 2009.03.08 -
Microsoft 1.4405 2009.03.09 -
NOD32 3921 2009.03.09 -
Norman 6.00.06 2009.03.06 -
nProtect 2009.1.8.0 2009.03.09 -
Panda 10.0.0.10 2009.03.09 -
PCTools 4.4.2.0 2009.03.09 -
Prevx1 V2 2009.03.09 -
Rising 21.20.02.00 2009.03.09 -
SecureWeb-Gateway 6.7.6 2009.03.09 -
Sophos 4.39.0 2009.03.09 -
Sunbelt 3.2.1858.2 2009.03.08 -
Symantec 1.4.4.12 2009.03.09 -
TheHacker 6.3.3.0.277 2009.03.09 -
TrendMicro 8.700.0.1004 2009.03.09 -
ViRobot 2009.3.9.1641 2009.03.09 -
VirusBuster 4.5.11.0 2009.03.09 -
weitere Informationen
File size: 25824 bytes
MD5 : ed6235c93981d8658fa433092a809303
SHA1 : 8dbcb53fcb1c59e05bc1989c461da83e00a27590
SHA256: da61f67f5ddb731920e087484298c6c2a4cad872b648f28f75ec8fbe3fe8d88f
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x365E
timedatestamp.....: 0x48EA636C (Mon Oct 6 21:13:48 2008)
machinetype.......: 0x14C (Intel I386)

( 3 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x2000 0x1664 0x2000 4.04 69eedbf3f6114e54de1d49e46bbe8f00
.rsrc 0x4000 0x3B0 0x1000 0.97 64361d258a0cca538dbc9741ea146c4e
.reloc 0x6000 0xC 0x1000 0.01 7bc88186bd13ccc3a4ae424983d9513a

( 0 imports )

( 0 exports )
TrID : File type identification
Win64 Executable Generic (85.4%)
Win32 Executable Generic (8.5%)
Win16/32 Executable Delphi generic (2.0%)
Generic Win/DOS Executable (1.9%)
DOS Executable Generic (1.9%)
ssdeep: 192:TDUMjo+xqu654r7L5f/Zw0dx1MHWlbUjhsb2yowJL/aMjGwP7rMiR7+ebMKtMKUj:TDUMjbxq5c7L5XRdIQ4jhq2YJLWmtb2j
PEiD : -
RDS : NSRL Reference Data Set

- Datei Macromedia_Licensing.exe empfangen 2009.05.27 12:05:08 (UTC)
Status: Beendet
Ergebnis: 0/35 (0.00%)
Filter
Drucken der Ergebnisse Antivirus Version letzte aktualisierung Ergebnis
a-squared 4.0.0.101 2009.05.27 -
AhnLab-V3 5.0.0.2 2009.05.27 -
AntiVir 7.9.0.168 2009.05.27 -
Antiy-AVL 2.0.3.1 2009.05.27 -
Authentium 5.1.2.4 2009.05.27 -
Avast 4.8.1335.0 2009.05.26 -
BitDefender 7.2 2009.05.27 -
CAT-QuickHeal 10.00 2009.05.27 -
ClamAV 0.94.1 2009.05.27 -
Comodo 1203 2009.05.26 -
eSafe 7.0.17.0 2009.05.27 -
eTrust-Vet 31.6.6524 2009.05.27 -
F-Prot 4.4.4.56 2009.05.27 -
GData 19 2009.05.27 -
Ikarus T3.1.1.57.0 2009.05.27 -
K7AntiVirus 7.10.745 2009.05.26 -
Kaspersky 7.0.0.125 2009.05.27 -
McAfee 5627 2009.05.26 -
McAfee+Artemis 5627 2009.05.26 -
McAfee-GW-Edition 6.7.6 2009.05.27 -
Microsoft 1.4701 2009.05.27 -
NOD32 4108 2009.05.27 -
Norman 6.01.05 2009.05.26 -
nProtect 2009.1.8.0 2009.05.27 -
Panda 10.0.0.14 2009.05.26 -
PCTools 4.4.2.0 2009.05.21 -
Prevx 3.0 2009.05.27 -
Rising 21.31.21.00 2009.05.27 -
Sophos 4.42.0 2009.05.27 -
Sunbelt 3.2.1858.2 2009.05.27 -
Symantec 1.4.4.12 2009.05.27 -
TheHacker 6.3.4.3.332 2009.05.26 -
TrendMicro 8.950.0.1092 2009.05.27 -
ViRobot 2009.5.27.1757 2009.05.27 -
VirusBuster 4.6.5.0 2009.05.26 -
weitere Informationen
File size: 68096 bytes
MD5 : 04d3a71875699098af856ee5f9f72ac3
SHA1 : 33e1a9fa46e14f1b18865be4de0f62271687ba91
SHA256: b7eb995882cb2f4fe24f9df516583c428840e878d5416965196ba2e2c5943edb
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x4AC0
timedatestamp.....: 0x3FFBDAC2 (Wed Jan 7 11:09:06 2004)
machinetype.......: 0x14C (Intel I386)

( 4 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0xB526 0xB600 6.62 4780c0778a6efd2f7679079c924bae6a
.rdata 0xD000 0x14D8 0x1600 5.26 4a676530334aaf67698db04c23c381d1
.data 0xF000 0x4CC8 0x3600 1.53 5babcb5864ef60a8716def6459fdda0e
.rsrc 0x14000 0x248 0x400 2.03 882edf91479ee55186688d7f35f651c4

( 3 imports )

> advapi32.dll: RegDeleteValueA, QueryServiceConfigA, RegEnumKeyExA, RegCloseKey, RegOpenKeyExA, RegisterEventSourceA, ReportEventA, RegDeleteKeyA, SetServiceStatus, RegisterServiceCtrlHandlerA, DeregisterEventSource, OpenServiceA, CloseServiceHandle, OpenSCManagerA, SetSecurityDescriptorDacl, StartServiceCtrlDispatcherA, InitializeSecurityDescriptor, RegSetValueExA, GetLengthSid, RegCreateKeyExA, QueryServiceStatus, OpenServiceW, StartServiceW, RegQueryValueExA, OpenSCManagerW
> kernel32.dll: ConnectNamedPipe, FindClose, FindNextFileA, FindFirstFileA, CreateDirectoryA, GetProcAddress, LeaveCriticalSection, EnterCriticalSection, WaitForSingleObject, WaitForMultipleObjectsEx, ReleaseMutex, QueryDosDeviceA, CreateFileW, GetExitCodeThread, GetModuleHandleA, lstrcpyW, lstrlenW, QueryDosDeviceW, SetWaitableTimer, CreateWaitableTimerA, DisconnectNamedPipe, GetOverlappedResult, GetTickCount, SetEvent, ResumeThread, SuspendThread, CreateEventA, InitializeCriticalSection, LoadLibraryA, CreateThread, CreateMutexA, CreateNamedPipeA, WriteFile, FreeLibrary, WaitForSingleObjectEx, GetSystemDirectoryA, GetVersionExA, GetLastError, lstrlenA, SetFilePointer, ReadFile, OpenProcess, DeviceIoControl, TlsAlloc, CloseHandle, CreateFileA, SetLastError, SetEnvironmentVariableA, CompareStringA, FlushFileBuffers, GetStringTypeW, GetStringTypeA, HeapFree, HeapAlloc, RtlUnwind, InterlockedDecrement, InterlockedIncrement, GetTimeZoneInformation, GetSystemTime, GetLocalTime, GetCommandLineA, GetVersion, ExitProcess, GetModuleFileNameA, GetEnvironmentVariableA, HeapDestroy, HeapCreate, VirtualFree, VirtualAlloc, HeapReAlloc, IsBadWritePtr, DeleteCriticalSection, TerminateProcess, GetCurrentProcess, HeapSize, GetCurrentThreadId, TlsSetValue, CompareStringW, GetStdHandle, TlsGetValue, WideCharToMultiByte, MultiByteToWideChar, LCMapStringA, LCMapStringW, UnhandledExceptionFilter, FreeEnvironmentStringsA, FreeEnvironmentStringsW, GetEnvironmentStrings, GetEnvironmentStringsW, SetHandleCount, GetFileType, GetStartupInfoA, SetUnhandledExceptionFilter, IsBadReadPtr, IsBadCodePtr, GetCPInfo, GetACP, GetOEMCP, SetStdHandle
> user32.dll: wsprintfA, DestroyWindow, DispatchMessageA, TranslateMessage, GetMessageA, CreateWindowExA, RegisterClassA, DefWindowProcA

( 0 exports )
TrID : File type identification
Win64 Executable Generic (59.6%)
Win32 Executable MS Visual C++ (generic) (26.2%)
Win32 Executable Generic (5.9%)
Win32 Dynamic Link Library (generic) (5.2%)
Generic Win/DOS Executable (1.3%)
ssdeep: 1536:exJBQsGcBTJwKogS+Oiag8yTzxeroxhs:8Ji9McgSzTg8yTzxeroxhs
PEiD : Armadillo v1.71
RDS : NSRL Reference Data Set

Datei CF15184.exe empfangen 2009.04.29 12:53:18 (UTC)
Status: Beendet
Ergebnis: 0/40 (0.00%)
Filter
Drucken der Ergebnisse Antivirus Version letzte aktualisierung Ergebnis
a-squared 4.0.0.101 2009.04.29 -
AhnLab-V3 5.0.0.2 2009.04.29 -
AntiVir 7.9.0.156 2009.04.29 -
Antiy-AVL 2.0.3.1 2009.04.29 -
Authentium 5.1.2.4 2009.04.29 -
Avast 4.8.1335.0 2009.04.28 -
AVG 8.5.0.287 2009.04.29 -
BitDefender 7.2 2009.04.29 -
CAT-QuickHeal 10.00 2009.04.29 -
ClamAV 0.94.1 2009.04.29 -
Comodo 1141 2009.04.29 -
DrWeb 4.44.0.09170 2009.04.29 -
eSafe 7.0.17.0 2009.04.27 -
eTrust-Vet 31.6.6482 2009.04.29 -
F-Prot 4.4.4.56 2009.04.29 -
F-Secure 8.0.14470.0 2009.04.29 -
Fortinet 3.117.0.0 2009.04.29 -
GData 19 2009.04.29 -
Ikarus T3.1.1.49.0 2009.04.29 -
K7AntiVirus 7.10.719 2009.04.29 -
Kaspersky 7.0.0.125 2009.04.29 -
McAfee 5599 2009.04.28 -
McAfee+Artemis 5599 2009.04.28 -
McAfee-GW-Edition 6.7.6 2009.04.29 -
Microsoft 1.4602 2009.04.29 -
NOD32 4042 2009.04.29 -
Norman 6.00.06 2009.04.28 -
nProtect 2009.1.8.0 2009.04.29 -
Panda 10.0.0.14 2009.04.28 -
PCTools 4.4.2.0 2009.04.29 -
Prevx1 3.0 2009.04.29 -
Rising 21.27.22.00 2009.04.29 -
Sophos 4.41.0 2009.04.29 -
Sunbelt 3.2.1858.2 2009.04.28 -
Symantec 1.4.4.12 2009.04.29 -
TheHacker 6.3.4.1.317 2009.04.29 -
TrendMicro 8.950.0.1092 2009.04.29 -
VBA32 3.12.10.3 2009.04.29 -
ViRobot 2009.4.29.1715 2009.04.29 -
VirusBuster 4.6.5.0 2009.04.28 -
weitere Informationen
File size: 401920 bytes
MD5 : 5c0105e6265558b4ebda18b635d26500
SHA1 : 2c166211f44866ec9243373809faad1ab3532e81
SHA256: 8c044a53182c568942851a5bd636c4658cb6c1785fe692aa552c5aa7ff32faab
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x5046
timedatestamp.....: 0x48025BAF (Sun Apr 13 21:14:55 2008)
machinetype.......: 0x14C (Intel I386)

( 3 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x1F620 0x1F800 6.58 074a19da2eb2f1166671c2e2747967cd
.data 0x21000 0x1CA24 0x1CA00 0.17 ac08e12c2ca9c0b872b354378edde336
.rsrc 0x3E000 0x25AA0 0x25C00 3.87 3bc81433cf5354e1c22400c381af5a22

( 0 imports )

( 0 exports )
TrID : File type identification
Win32 Executable MS Visual C++ (generic) (65.2%)
Win32 Executable Generic (14.7%)
Win32 Dynamic Link Library (generic) (13.1%)
Generic Win/DOS Executable (3.4%)
DOS Executable Generic (3.4%)
ThreatExpert: http://www.threatexpert.com/report.aspx?md5=5c0105e6265558b4ebda18b635d26500
ssdeep: 3072:NhRx1S315oF8opcnD1hOOrWGzN2lcR2u8JnxIbU+qwlTMbxrCsmqwju5HeEUcWj2:bkF5oXpcFb5DRsNxIbUNaM9+KNGA
PEiD : -
RDS : NSRL Reference Data Set
-

Datei CF15184.exe empfangen 2009.04.29 12:53:18 (UTC)
Status: Beendet
Ergebnis: 0/40 (0.00%)
Filter
Drucken der Ergebnisse Antivirus Version letzte aktualisierung Ergebnis
a-squared 4.0.0.101 2009.04.29 -
AhnLab-V3 5.0.0.2 2009.04.29 -
AntiVir 7.9.0.156 2009.04.29 -
Antiy-AVL 2.0.3.1 2009.04.29 -
Authentium 5.1.2.4 2009.04.29 -
Avast 4.8.1335.0 2009.04.28 -
AVG 8.5.0.287 2009.04.29 -
BitDefender 7.2 2009.04.29 -
CAT-QuickHeal 10.00 2009.04.29 -
ClamAV 0.94.1 2009.04.29 -
Comodo 1141 2009.04.29 -
DrWeb 4.44.0.09170 2009.04.29 -
eSafe 7.0.17.0 2009.04.27 -
eTrust-Vet 31.6.6482 2009.04.29 -
F-Prot 4.4.4.56 2009.04.29 -
F-Secure 8.0.14470.0 2009.04.29 -
Fortinet 3.117.0.0 2009.04.29 -
GData 19 2009.04.29 -
Ikarus T3.1.1.49.0 2009.04.29 -
K7AntiVirus 7.10.719 2009.04.29 -
Kaspersky 7.0.0.125 2009.04.29 -
McAfee 5599 2009.04.28 -
McAfee+Artemis 5599 2009.04.28 -
McAfee-GW-Edition 6.7.6 2009.04.29 -
Microsoft 1.4602 2009.04.29 -
NOD32 4042 2009.04.29 -
Norman 6.00.06 2009.04.28 -
nProtect 2009.1.8.0 2009.04.29 -
Panda 10.0.0.14 2009.04.28 -
PCTools 4.4.2.0 2009.04.29 -
Prevx1 3.0 2009.04.29 -
Rising 21.27.22.00 2009.04.29 -
Sophos 4.41.0 2009.04.29 -
Sunbelt 3.2.1858.2 2009.04.28 -
Symantec 1.4.4.12 2009.04.29 -
TheHacker 6.3.4.1.317 2009.04.29 -
TrendMicro 8.950.0.1092 2009.04.29 -
VBA32 3.12.10.3 2009.04.29 -
ViRobot 2009.4.29.1715 2009.04.29 -
VirusBuster 4.6.5.0 2009.04.28 -
weitere Informationen
File size: 401920 bytes
MD5 : 5c0105e6265558b4ebda18b635d26500
SHA1 : 2c166211f44866ec9243373809faad1ab3532e81
SHA256: 8c044a53182c568942851a5bd636c4658cb6c1785fe692aa552c5aa7ff32faab
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x5046
timedatestamp.....: 0x48025BAF (Sun Apr 13 21:14:55 2008)
machinetype.......: 0x14C (Intel I386)

( 3 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x1F620 0x1F800 6.58 074a19da2eb2f1166671c2e2747967cd
.data 0x21000 0x1CA24 0x1CA00 0.17 ac08e12c2ca9c0b872b354378edde336
.rsrc 0x3E000 0x25AA0 0x25C00 3.87 3bc81433cf5354e1c22400c381af5a22

( 0 imports )

( 0 exports )
TrID : File type identification
Win32 Executable MS Visual C++ (generic) (65.2%)
Win32 Executable Generic (14.7%)
Win32 Dynamic Link Library (generic) (13.1%)
Generic Win/DOS Executable (3.4%)
DOS Executable Generic (3.4%)
ThreatExpert: http://www.threatexpert.com/report.aspx?md5=5c0105e6265558b4ebda18b635d26500
ssdeep: 3072:NhRx1S315oF8opcnD1hOOrWGzN2lcR2u8JnxIbU+qwlTMbxrCsmqwju5HeEUcWj2:bkF5oXpcFb5DRsNxIbUNaM9+KNGA
PEiD : -
RDS : NSRL Reference Data Set

Datei CF15184.exe empfangen 2009.04.29 12:53:18 (UTC)
Status: Beendet
Ergebnis: 0/40 (0.00%)
Filter
Drucken der Ergebnisse Antivirus Version letzte aktualisierung Ergebnis
a-squared 4.0.0.101 2009.04.29 -
AhnLab-V3 5.0.0.2 2009.04.29 -
AntiVir 7.9.0.156 2009.04.29 -
Antiy-AVL 2.0.3.1 2009.04.29 -
Authentium 5.1.2.4 2009.04.29 -
Avast 4.8.1335.0 2009.04.28 -
AVG 8.5.0.287 2009.04.29 -
BitDefender 7.2 2009.04.29 -
CAT-QuickHeal 10.00 2009.04.29 -
ClamAV 0.94.1 2009.04.29 -
Comodo 1141 2009.04.29 -
DrWeb 4.44.0.09170 2009.04.29 -
eSafe 7.0.17.0 2009.04.27 -
eTrust-Vet 31.6.6482 2009.04.29 -
F-Prot 4.4.4.56 2009.04.29 -
F-Secure 8.0.14470.0 2009.04.29 -
Fortinet 3.117.0.0 2009.04.29 -
GData 19 2009.04.29 -
Ikarus T3.1.1.49.0 2009.04.29 -
K7AntiVirus 7.10.719 2009.04.29 -
Kaspersky 7.0.0.125 2009.04.29 -
McAfee 5599 2009.04.28 -
McAfee+Artemis 5599 2009.04.28 -
McAfee-GW-Edition 6.7.6 2009.04.29 -
Microsoft 1.4602 2009.04.29 -
NOD32 4042 2009.04.29 -
Norman 6.00.06 2009.04.28 -
nProtect 2009.1.8.0 2009.04.29 -
Panda 10.0.0.14 2009.04.28 -
PCTools 4.4.2.0 2009.04.29 -
Prevx1 3.0 2009.04.29 -
Rising 21.27.22.00 2009.04.29 -
Sophos 4.41.0 2009.04.29 -
Sunbelt 3.2.1858.2 2009.04.28 -
Symantec 1.4.4.12 2009.04.29 -
TheHacker 6.3.4.1.317 2009.04.29 -
TrendMicro 8.950.0.1092 2009.04.29 -
VBA32 3.12.10.3 2009.04.29 -
ViRobot 2009.4.29.1715 2009.04.29 -
VirusBuster 4.6.5.0 2009.04.28 -
weitere Informationen
File size: 401920 bytes
MD5 : 5c0105e6265558b4ebda18b635d26500
SHA1 : 2c166211f44866ec9243373809faad1ab3532e81
SHA256: 8c044a53182c568942851a5bd636c4658cb6c1785fe692aa552c5aa7ff32faab
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x5046
timedatestamp.....: 0x48025BAF (Sun Apr 13 21:14:55 2008)
machinetype.......: 0x14C (Intel I386)

( 3 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x1F620 0x1F800 6.58 074a19da2eb2f1166671c2e2747967cd
.data 0x21000 0x1CA24 0x1CA00 0.17 ac08e12c2ca9c0b872b354378edde336
.rsrc 0x3E000 0x25AA0 0x25C00 3.87 3bc81433cf5354e1c22400c381af5a22

( 0 imports )

( 0 exports )
TrID : File type identification
Win32 Executable MS Visual C++ (generic) (65.2%)
Win32 Executable Generic (14.7%)
Win32 Dynamic Link Library (generic) (13.1%)
Generic Win/DOS Executable (3.4%)
DOS Executable Generic (3.4%)
ThreatExpert: http://www.threatexpert.com/report.aspx?md5=5c0105e6265558b4ebda18b635d26500
ssdeep: 3072:NhRx1S315oF8opcnD1hOOrWGzN2lcR2u8JnxIbU+qwlTMbxrCsmqwju5HeEUcWj2:bkF5oXpcFb5DRsNxIbUNaM9+KNGA
PEiD : -
RDS : NSRL Reference Data Set
-

Datei CF15195.exe empfangen 2009.06.02 12:17:26 (UTC)
Status: Beendet
Ergebnis: 0/40 (0%)
Filter
Drucken der Ergebnisse Antivirus Version letzte aktualisierung Ergebnis
a-squared 4.0.0.101 2009.06.02 -
AhnLab-V3 5.0.0.2 2009.06.02 -
AntiVir 7.9.0.180 2009.06.02 -
Antiy-AVL 2.0.3.1 2009.06.02 -
Authentium 5.1.2.4 2009.06.02 -
Avast 4.8.1335.0 2009.06.01 -
AVG 8.5.0.339 2009.06.02 -
BitDefender 7.2 2009.06.02 -
CAT-QuickHeal 10.00 2009.06.02 -
ClamAV 0.94.1 2009.06.02 -
Comodo 1233 2009.06.02 -
DrWeb 5.0.0.12182 2009.06.02 -
eSafe 7.0.17.0 2009.06.01 -
eTrust-Vet 31.6.6535 2009.06.02 -
F-Prot 4.4.4.56 2009.06.02 -
F-Secure 8.0.14470.0 2009.06.02 -
Fortinet 3.117.0.0 2009.06.02 -
GData 19 2009.06.02 -
Ikarus T3.1.1.57.0 2009.06.02 -
K7AntiVirus 7.10.749 2009.05.29 -
Kaspersky 7.0.0.125 2009.06.02 -
McAfee 5633 2009.06.01 -
McAfee+Artemis 5633 2009.06.01 -
McAfee-GW-Edition 6.7.6 2009.05.29 -
Microsoft 1.4701 2009.06.02 -
NOD32 4122 2009.06.02 -
Norman 6.01.05 2009.06.01 -
nProtect 2009.1.8.0 2009.06.02 -
Panda 10.0.0.14 2009.06.01 -
PCTools 4.4.2.0 2009.06.02 -
Prevx 3.0 2009.06.02 -
Rising 21.32.13.00 2009.06.02 -
Sophos 4.42.0 2009.06.02 -
Sunbelt 3.2.1858.2 2009.06.02 -
Symantec 1.4.4.12 2009.06.02 -
TheHacker 6.3.4.3.335 2009.06.01 -
TrendMicro 8.950.0.1092 2009.06.02 -
VBA32 3.12.10.6 2009.06.02 -
ViRobot 2009.6.2.1765 2009.06.02 -
VirusBuster 4.6.5.0 2009.06.01 -
weitere Informationen
File size: 401920 bytes
MD5...: 5c0105e6265558b4ebda18b635d26500
SHA1..: 2c166211f44866ec9243373809faad1ab3532e81
SHA256: 8c044a53182c568942851a5bd636c4658cb6c1785fe692aa552c5aa7ff32faab
ssdeep: -
PEiD..: -
TrID..: File type identification
Win32 Executable MS Visual C++ (generic) (65.2%)
Win32 Executable Generic (14.7%)
Win32 Dynamic Link Library (generic) (13.1%)
Generic Win/DOS Executable (3.4%)
DOS Executable Generic (3.4%)
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x5046
timedatestamp.....: 0x48025baf (Sun Apr 13 19:14:55 2008)
machinetype.......: 0x14c (I386)

( 3 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x1f620 0x1f800 6.58 074a19da2eb2f1166671c2e2747967cd
.data 0x21000 0x1ca24 0x1ca00 0.17 ac08e12c2ca9c0b872b354378edde336
.rsrc 0x3e000 0x25aa0 0x25c00 3.87 3bc81433cf5354e1c22400c381af5a22

( 3 imports )
> KERNEL32.dll: FlushConsoleInputBuffer, LoadLibraryA, InterlockedExchange, FreeLibrary, LocalAlloc, GetVDMCurrentDirectories, CmdBatNotification, GetModuleHandleA, SetUnhandledExceptionFilter, UnhandledExceptionFilter, GetCurrentProcess, GetSystemTimeAsFileTime, GetCurrentProcessId, GetTickCount, QueryPerformanceCounter, GetThreadLocale, GetDiskFreeSpaceExW, CompareFileTime, RemoveDirectoryW, GetCurrentDirectoryW, SetCurrentDirectoryW, TerminateProcess, WaitForSingleObject, GetExitCodeProcess, CopyFileW, SetFileAttributesW, DeleteFileW, SetFileTime, CreateDirectoryW, FillConsoleOutputAttribute, SetConsoleTextAttribute, ScrollConsoleScreenBufferW, FormatMessageW, DuplicateHandle, FlushFileBuffers, HeapReAlloc, HeapSize, GetFileAttributesExW, LocalFree, GetDriveTypeW, InitializeCriticalSection, SetConsoleCtrlHandler, GetWindowsDirectoryW, GetConsoleTitleW, GetModuleFileNameW, GetVersion, EnterCriticalSection, LeaveCriticalSection, ExpandEnvironmentStringsW, SearchPathW, WriteFile, GetVolumeInformationW, SetLastError, MoveFileW, SetConsoleTitleW, MoveFileExW, GetBinaryTypeW, GetFileAttributesW, GetCurrentThreadId, CreateProcessW, LoadLibraryW, ReadProcessMemory, SetErrorMode, GetConsoleMode, SetConsoleMode, VirtualAlloc, VirtualFree, SetEnvironmentVariableW, GetEnvironmentVariableW, GetCommandLineW, GetEnvironmentStringsW, GetLocalTime, GetTimeFormatW, FileTimeToLocalFileTime, GetDateFormatW, GetLastError, CloseHandle, SetThreadLocale, GetProcAddress, GetModuleHandleW, SetFilePointer, lstrcmpW, lstrcmpiW, HeapAlloc, GetProcessHeap, HeapFree, MultiByteToWideChar, ReadFile, WriteConsoleW, FillConsoleOutputCharacterW, SetConsoleCursorPosition, ReadConsoleW, GetConsoleScreenBufferInfo, GetStdHandle, GetFileType, VirtualQuery, RaiseException, GetCPInfo, GetConsoleOutputCP, WideCharToMultiByte, GetFileSize, CreateFileW, FindClose, FindNextFileW, FindFirstFileW, GetFullPathNameW, GetUserDefaultLCID, GetLocaleInfoW, SetLocalTime, SystemTimeToFileTime, GetSystemTime, FileTimeToSystemTime
> msvcrt.dll: __p__fmode, __p__commode, _adjust_fdiv, __setusermatherr, _initterm, __getmainargs, __initenv, _cexit, _XcptFilter, _exit, _c_exit, calloc, _wcslwr, qsort, _vsnwprintf, wcsstr, _dup2, _dup, _open_osfhandle, _close, swscanf, _ultoa, _pipe, _seh_longjmp_unwind, _setmode, wcsncmp, iswxdigit, fflush, exit, _wtol, time, srand, __set_app_type, wcsrchr, malloc, free, wcstoul, _errno, iswalpha, printf, rand, swprintf, _iob, fprintf, towlower, realloc, setlocale, _snwprintf, wcscat, _wcsupr, wcsncpy, _wpopen, fgets, _pclose, memmove, wcschr, iswspace, _tell, longjmp, wcscmp, _wcsnicmp, _wcsicmp, wcstol, iswdigit, _getch, _get_osfhandle, _controlfp, _setjmp3, _except_handler3, wcscpy, wcslen, wcsspn, towupper
> USER32.dll: GetUserObjectInformationW, GetThreadDesktop, MessageBeep, GetProcessWindowStation

( 0 exports )
PDFiD.: -
RDS...: NSRL Reference Data Set
-
ThreatExpert info: <a href='http://www.threatexpert.com/report.aspx?md5=5c0105e6265558b4ebda18b635d26500' target='_blank'>http://www.threatexpert.com/report.aspx?md5=5c0105e6265558b4ebda18b635d26500</a>

phaos · 02.06.2009, 17:52

Fortsetzung 1:
Datei CF25532.exe empfangen 2009.06.02 12:20:54 (UTC)
Status: Beendet
Ergebnis: 0/40 (0%)
Filter
Drucken der Ergebnisse Antivirus Version letzte aktualisierung Ergebnis
a-squared 4.0.0.101 2009.06.02 -
AhnLab-V3 5.0.0.2 2009.06.02 -
AntiVir 7.9.0.180 2009.06.02 -
Antiy-AVL 2.0.3.1 2009.06.02 -
Authentium 5.1.2.4 2009.06.02 -
Avast 4.8.1335.0 2009.06.01 -
AVG 8.5.0.339 2009.06.02 -
BitDefender 7.2 2009.06.02 -
CAT-QuickHeal 10.00 2009.06.02 -
ClamAV 0.94.1 2009.06.02 -
Comodo 1233 2009.06.02 -
DrWeb 5.0.0.12182 2009.06.02 -
eSafe 7.0.17.0 2009.06.01 -
eTrust-Vet 31.6.6535 2009.06.02 -
F-Prot 4.4.4.56 2009.06.02 -
F-Secure 8.0.14470.0 2009.06.02 -
Fortinet 3.117.0.0 2009.06.02 -
GData 19 2009.06.02 -
Ikarus T3.1.1.57.0 2009.06.02 -
K7AntiVirus 7.10.749 2009.05.29 -
Kaspersky 7.0.0.125 2009.06.02 -
McAfee 5633 2009.06.01 -
McAfee+Artemis 5633 2009.06.01 -
McAfee-GW-Edition 6.7.6 2009.05.29 -
Microsoft 1.4701 2009.06.02 -
NOD32 4122 2009.06.02 -
Norman 6.01.05 2009.06.01 -
nProtect 2009.1.8.0 2009.06.02 -
Panda 10.0.0.14 2009.06.01 -
PCTools 4.4.2.0 2009.06.02 -
Prevx 3.0 2009.06.02 -
Rising 21.32.13.00 2009.06.02 -
Sophos 4.42.0 2009.06.02 -
Sunbelt 3.2.1858.2 2009.06.02 -
Symantec 1.4.4.12 2009.06.02 -
TheHacker 6.3.4.3.335 2009.06.01 -
TrendMicro 8.950.0.1092 2009.06.02 -
VBA32 3.12.10.6 2009.06.02 -
ViRobot 2009.6.2.1765 2009.06.02 -
VirusBuster 4.6.5.0 2009.06.01 -
weitere Informationen
File size: 401920 bytes
MD5...: 5c0105e6265558b4ebda18b635d26500
SHA1..: 2c166211f44866ec9243373809faad1ab3532e81
SHA256: 8c044a53182c568942851a5bd636c4658cb6c1785fe692aa552c5aa7ff32faab
ssdeep: -
PEiD..: -
TrID..: File type identification
Win32 Executable MS Visual C++ (generic) (65.2%)
Win32 Executable Generic (14.7%)
Win32 Dynamic Link Library (generic) (13.1%)
Generic Win/DOS Executable (3.4%)
DOS Executable Generic (3.4%)
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x5046
timedatestamp.....: 0x48025baf (Sun Apr 13 19:14:55 2008)
machinetype.......: 0x14c (I386)

( 3 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x1f620 0x1f800 6.58 074a19da2eb2f1166671c2e2747967cd
.data 0x21000 0x1ca24 0x1ca00 0.17 ac08e12c2ca9c0b872b354378edde336
.rsrc 0x3e000 0x25aa0 0x25c00 3.87 3bc81433cf5354e1c22400c381af5a22

( 3 imports )
> KERNEL32.dll: FlushConsoleInputBuffer, LoadLibraryA, InterlockedExchange, FreeLibrary, LocalAlloc, GetVDMCurrentDirectories, CmdBatNotification, GetModuleHandleA, SetUnhandledExceptionFilter, UnhandledExceptionFilter, GetCurrentProcess, GetSystemTimeAsFileTime, GetCurrentProcessId, GetTickCount, QueryPerformanceCounter, GetThreadLocale, GetDiskFreeSpaceExW, CompareFileTime, RemoveDirectoryW, GetCurrentDirectoryW, SetCurrentDirectoryW, TerminateProcess, WaitForSingleObject, GetExitCodeProcess, CopyFileW, SetFileAttributesW, DeleteFileW, SetFileTime, CreateDirectoryW, FillConsoleOutputAttribute, SetConsoleTextAttribute, ScrollConsoleScreenBufferW, FormatMessageW, DuplicateHandle, FlushFileBuffers, HeapReAlloc, HeapSize, GetFileAttributesExW, LocalFree, GetDriveTypeW, InitializeCriticalSection, SetConsoleCtrlHandler, GetWindowsDirectoryW, GetConsoleTitleW, GetModuleFileNameW, GetVersion, EnterCriticalSection, LeaveCriticalSection, ExpandEnvironmentStringsW, SearchPathW, WriteFile, GetVolumeInformationW, SetLastError, MoveFileW, SetConsoleTitleW, MoveFileExW, GetBinaryTypeW, GetFileAttributesW, GetCurrentThreadId, CreateProcessW, LoadLibraryW, ReadProcessMemory, SetErrorMode, GetConsoleMode, SetConsoleMode, VirtualAlloc, VirtualFree, SetEnvironmentVariableW, GetEnvironmentVariableW, GetCommandLineW, GetEnvironmentStringsW, GetLocalTime, GetTimeFormatW, FileTimeToLocalFileTime, GetDateFormatW, GetLastError, CloseHandle, SetThreadLocale, GetProcAddress, GetModuleHandleW, SetFilePointer, lstrcmpW, lstrcmpiW, HeapAlloc, GetProcessHeap, HeapFree, MultiByteToWideChar, ReadFile, WriteConsoleW, FillConsoleOutputCharacterW, SetConsoleCursorPosition, ReadConsoleW, GetConsoleScreenBufferInfo, GetStdHandle, GetFileType, VirtualQuery, RaiseException, GetCPInfo, GetConsoleOutputCP, WideCharToMultiByte, GetFileSize, CreateFileW, FindClose, FindNextFileW, FindFirstFileW, GetFullPathNameW, GetUserDefaultLCID, GetLocaleInfoW, SetLocalTime, SystemTimeToFileTime, GetSystemTime, FileTimeToSystemTime
> msvcrt.dll: __p__fmode, __p__commode, _adjust_fdiv, __setusermatherr, _initterm, __getmainargs, __initenv, _cexit, _XcptFilter, _exit, _c_exit, calloc, _wcslwr, qsort, _vsnwprintf, wcsstr, _dup2, _dup, _open_osfhandle, _close, swscanf, _ultoa, _pipe, _seh_longjmp_unwind, _setmode, wcsncmp, iswxdigit, fflush, exit, _wtol, time, srand, __set_app_type, wcsrchr, malloc, free, wcstoul, _errno, iswalpha, printf, rand, swprintf, _iob, fprintf, towlower, realloc, setlocale, _snwprintf, wcscat, _wcsupr, wcsncpy, _wpopen, fgets, _pclose, memmove, wcschr, iswspace, _tell, longjmp, wcscmp, _wcsnicmp, _wcsicmp, wcstol, iswdigit, _getch, _get_osfhandle, _controlfp, _setjmp3, _except_handler3, wcscpy, wcslen, wcsspn, towupper
> USER32.dll: GetUserObjectInformationW, GetThreadDesktop, MessageBeep, GetProcessWindowStation

( 0 exports )
PDFiD.: -
RDS...: NSRL Reference Data Set
-
ThreatExpert info: <a href='http://www.threatexpert.com/report.aspx?md5=5c0105e6265558b4ebda18b635d26500' target='_blank'>http://www.threatexpert.com/report.aspx?md5=5c0105e6265558b4ebda18b635d26500</a>

Datei CF28377.exe empfangen 2009.06.02 12:23:22 (UTC)
Status: Beendet
Ergebnis: 0/40 (0%)
Filter
Drucken der Ergebnisse Antivirus Version letzte aktualisierung Ergebnis
a-squared 4.0.0.101 2009.06.02 -
AhnLab-V3 5.0.0.2 2009.06.02 -
AntiVir 7.9.0.180 2009.06.02 -
Antiy-AVL 2.0.3.1 2009.06.02 -
Authentium 5.1.2.4 2009.06.02 -
Avast 4.8.1335.0 2009.06.01 -
AVG 8.5.0.339 2009.06.02 -
BitDefender 7.2 2009.06.02 -
CAT-QuickHeal 10.00 2009.06.02 -
ClamAV 0.94.1 2009.06.02 -
Comodo 1233 2009.06.02 -
DrWeb 5.0.0.12182 2009.06.02 -
eSafe 7.0.17.0 2009.06.01 -
eTrust-Vet 31.6.6535 2009.06.02 -
F-Prot 4.4.4.56 2009.06.02 -
F-Secure 8.0.14470.0 2009.06.02 -
Fortinet 3.117.0.0 2009.06.02 -
GData 19 2009.06.02 -
Ikarus T3.1.1.57.0 2009.06.02 -
K7AntiVirus 7.10.749 2009.05.29 -
Kaspersky 7.0.0.125 2009.06.02 -
McAfee 5633 2009.06.01 -
McAfee+Artemis 5633 2009.06.01 -
McAfee-GW-Edition 6.7.6 2009.05.29 -
Microsoft 1.4701 2009.06.02 -
NOD32 4122 2009.06.02 -
Norman 6.01.05 2009.06.01 -
nProtect 2009.1.8.0 2009.06.02 -
Panda 10.0.0.14 2009.06.01 -
PCTools 4.4.2.0 2009.06.02 -
Prevx 3.0 2009.06.02 -
Rising 21.32.13.00 2009.06.02 -
Sophos 4.42.0 2009.06.02 -
Sunbelt 3.2.1858.2 2009.06.02 -
Symantec 1.4.4.12 2009.06.02 -
TheHacker 6.3.4.3.335 2009.06.01 -
TrendMicro 8.950.0.1092 2009.06.02 -
VBA32 3.12.10.6 2009.06.02 -
ViRobot 2009.6.2.1765 2009.06.02 -
VirusBuster 4.6.5.0 2009.06.01 -
weitere Informationen
File size: 401920 bytes
MD5...: 5c0105e6265558b4ebda18b635d26500
SHA1..: 2c166211f44866ec9243373809faad1ab3532e81
SHA256: 8c044a53182c568942851a5bd636c4658cb6c1785fe692aa552c5aa7ff32faab
ssdeep: -
PEiD..: -
TrID..: File type identification
Win32 Executable MS Visual C++ (generic) (65.2%)
Win32 Executable Generic (14.7%)
Win32 Dynamic Link Library (generic) (13.1%)
Generic Win/DOS Executable (3.4%)
DOS Executable Generic (3.4%)
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x5046
timedatestamp.....: 0x48025baf (Sun Apr 13 19:14:55 2008)
machinetype.......: 0x14c (I386)

( 3 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x1f620 0x1f800 6.58 074a19da2eb2f1166671c2e2747967cd
.data 0x21000 0x1ca24 0x1ca00 0.17 ac08e12c2ca9c0b872b354378edde336
.rsrc 0x3e000 0x25aa0 0x25c00 3.87 3bc81433cf5354e1c22400c381af5a22

( 3 imports )
> KERNEL32.dll: FlushConsoleInputBuffer, LoadLibraryA, InterlockedExchange, FreeLibrary, LocalAlloc, GetVDMCurrentDirectories, CmdBatNotification, GetModuleHandleA, SetUnhandledExceptionFilter, UnhandledExceptionFilter, GetCurrentProcess, GetSystemTimeAsFileTime, GetCurrentProcessId, GetTickCount, QueryPerformanceCounter, GetThreadLocale, GetDiskFreeSpaceExW, CompareFileTime, RemoveDirectoryW, GetCurrentDirectoryW, SetCurrentDirectoryW, TerminateProcess, WaitForSingleObject, GetExitCodeProcess, CopyFileW, SetFileAttributesW, DeleteFileW, SetFileTime, CreateDirectoryW, FillConsoleOutputAttribute, SetConsoleTextAttribute, ScrollConsoleScreenBufferW, FormatMessageW, DuplicateHandle, FlushFileBuffers, HeapReAlloc, HeapSize, GetFileAttributesExW, LocalFree, GetDriveTypeW, InitializeCriticalSection, SetConsoleCtrlHandler, GetWindowsDirectoryW, GetConsoleTitleW, GetModuleFileNameW, GetVersion, EnterCriticalSection, LeaveCriticalSection, ExpandEnvironmentStringsW, SearchPathW, WriteFile, GetVolumeInformationW, SetLastError, MoveFileW, SetConsoleTitleW, MoveFileExW, GetBinaryTypeW, GetFileAttributesW, GetCurrentThreadId, CreateProcessW, LoadLibraryW, ReadProcessMemory, SetErrorMode, GetConsoleMode, SetConsoleMode, VirtualAlloc, VirtualFree, SetEnvironmentVariableW, GetEnvironmentVariableW, GetCommandLineW, GetEnvironmentStringsW, GetLocalTime, GetTimeFormatW, FileTimeToLocalFileTime, GetDateFormatW, GetLastError, CloseHandle, SetThreadLocale, GetProcAddress, GetModuleHandleW, SetFilePointer, lstrcmpW, lstrcmpiW, HeapAlloc, GetProcessHeap, HeapFree, MultiByteToWideChar, ReadFile, WriteConsoleW, FillConsoleOutputCharacterW, SetConsoleCursorPosition, ReadConsoleW, GetConsoleScreenBufferInfo, GetStdHandle, GetFileType, VirtualQuery, RaiseException, GetCPInfo, GetConsoleOutputCP, WideCharToMultiByte, GetFileSize, CreateFileW, FindClose, FindNextFileW, FindFirstFileW, GetFullPathNameW, GetUserDefaultLCID, GetLocaleInfoW, SetLocalTime, SystemTimeToFileTime, GetSystemTime, FileTimeToSystemTime
> msvcrt.dll: __p__fmode, __p__commode, _adjust_fdiv, __setusermatherr, _initterm, __getmainargs, __initenv, _cexit, _XcptFilter, _exit, _c_exit, calloc, _wcslwr, qsort, _vsnwprintf, wcsstr, _dup2, _dup, _open_osfhandle, _close, swscanf, _ultoa, _pipe, _seh_longjmp_unwind, _setmode, wcsncmp, iswxdigit, fflush, exit, _wtol, time, srand, __set_app_type, wcsrchr, malloc, free, wcstoul, _errno, iswalpha, printf, rand, swprintf, _iob, fprintf, towlower, realloc, setlocale, _snwprintf, wcscat, _wcsupr, wcsncpy, _wpopen, fgets, _pclose, memmove, wcschr, iswspace, _tell, longjmp, wcscmp, _wcsnicmp, _wcsicmp, wcstol, iswdigit, _getch, _get_osfhandle, _controlfp, _setjmp3, _except_handler3, wcscpy, wcslen, wcsspn, towupper
> USER32.dll: GetUserObjectInformationW, GetThreadDesktop, MessageBeep, GetProcessWindowStation

( 0 exports )
PDFiD.: -
RDS...: NSRL Reference Data Set
-
ThreatExpert info: <a href='http://www.threatexpert.com/report.aspx?md5=5c0105e6265558b4ebda18b635d26500' target='_blank'>http://www.threatexpert.com/report.aspx?md5=5c0105e6265558b4ebda18b635d26500</a>

Datei CF29905.exe empfangen 2009.06.02 15:22:10 (UTC)
Status: Beendet
Ergebnis: 0/40 (0%)
Filter
Drucken der Ergebnisse Antivirus Version letzte aktualisierung Ergebnis
a-squared 4.0.0.101 2009.06.02 -
AhnLab-V3 5.0.0.2 2009.06.02 -
AntiVir 7.9.0.180 2009.06.02 -
Antiy-AVL 2.0.3.1 2009.06.02 -
Authentium 5.1.2.4 2009.06.02 -
Avast 4.8.1335.0 2009.06.01 -
AVG 8.5.0.339 2009.06.02 -
BitDefender 7.2 2009.06.02 -
CAT-QuickHeal 10.00 2009.06.02 -
ClamAV 0.94.1 2009.06.02 -
Comodo 1236 2009.06.02 -
DrWeb 5.0.0.12182 2009.06.02 -
eSafe 7.0.17.0 2009.06.02 -
eTrust-Vet 31.6.6535 2009.06.02 -
F-Prot 4.4.4.56 2009.06.02 -
F-Secure 8.0.14470.0 2009.06.02 -
Fortinet 3.117.0.0 2009.06.02 -
GData 19 2009.06.02 -
Ikarus T3.1.1.57.0 2009.06.02 -
K7AntiVirus 7.10.752 2009.06.02 -
Kaspersky 7.0.0.125 2009.06.02 -
McAfee 5634 2009.06.02 -
McAfee+Artemis 5633 2009.06.01 -
McAfee-GW-Edition 6.7.6 2009.05.29 -
Microsoft 1.4701 2009.06.02 -
NOD32 4123 2009.06.02 -
Norman 6.01.05 2009.06.02 -
nProtect 2009.1.8.0 2009.06.02 -
Panda 10.0.0.14 2009.06.01 -
PCTools 4.4.2.0 2009.06.02 -
Prevx 3.0 2009.06.02 -
Rising 21.32.14.00 2009.06.02 -
Sophos 4.42.0 2009.06.02 -
Sunbelt 3.2.1858.2 2009.06.02 -
Symantec 1.4.4.12 2009.06.02 -
TheHacker 6.3.4.3.335 2009.06.01 -
TrendMicro 8.950.0.1092 2009.06.02 -
VBA32 3.12.10.6 2009.06.02 -
ViRobot 2009.6.2.1765 2009.06.02 -
VirusBuster 4.6.5.0 2009.06.02 -
weitere Informationen
File size: 401920 bytes
MD5...: 5c0105e6265558b4ebda18b635d26500
SHA1..: 2c166211f44866ec9243373809faad1ab3532e81
SHA256: 8c044a53182c568942851a5bd636c4658cb6c1785fe692aa552c5aa7ff32faab
ssdeep: -
PEiD..: -
TrID..: File type identification
Win32 Executable MS Visual C++ (generic) (65.2%)
Win32 Executable Generic (14.7%)
Win32 Dynamic Link Library (generic) (13.1%)
Generic Win/DOS Executable (3.4%)
DOS Executable Generic (3.4%)
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x5046
timedatestamp.....: 0x48025baf (Sun Apr 13 19:14:55 2008)
machinetype.......: 0x14c (I386)

( 3 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x1f620 0x1f800 6.58 074a19da2eb2f1166671c2e2747967cd
.data 0x21000 0x1ca24 0x1ca00 0.17 ac08e12c2ca9c0b872b354378edde336
.rsrc 0x3e000 0x25aa0 0x25c00 3.87 3bc81433cf5354e1c22400c381af5a22

( 3 imports )
> KERNEL32.dll: FlushConsoleInputBuffer, LoadLibraryA, InterlockedExchange, FreeLibrary, LocalAlloc, GetVDMCurrentDirectories, CmdBatNotification, GetModuleHandleA, SetUnhandledExceptionFilter, UnhandledExceptionFilter, GetCurrentProcess, GetSystemTimeAsFileTime, GetCurrentProcessId, GetTickCount, QueryPerformanceCounter, GetThreadLocale, GetDiskFreeSpaceExW, CompareFileTime, RemoveDirectoryW, GetCurrentDirectoryW, SetCurrentDirectoryW, TerminateProcess, WaitForSingleObject, GetExitCodeProcess, CopyFileW, SetFileAttributesW, DeleteFileW, SetFileTime, CreateDirectoryW, FillConsoleOutputAttribute, SetConsoleTextAttribute, ScrollConsoleScreenBufferW, FormatMessageW, DuplicateHandle, FlushFileBuffers, HeapReAlloc, HeapSize, GetFileAttributesExW, LocalFree, GetDriveTypeW, InitializeCriticalSection, SetConsoleCtrlHandler, GetWindowsDirectoryW, GetConsoleTitleW, GetModuleFileNameW, GetVersion, EnterCriticalSection, LeaveCriticalSection, ExpandEnvironmentStringsW, SearchPathW, WriteFile, GetVolumeInformationW, SetLastError, MoveFileW, SetConsoleTitleW, MoveFileExW, GetBinaryTypeW, GetFileAttributesW, GetCurrentThreadId, CreateProcessW, LoadLibraryW, ReadProcessMemory, SetErrorMode, GetConsoleMode, SetConsoleMode, VirtualAlloc, VirtualFree, SetEnvironmentVariableW, GetEnvironmentVariableW, GetCommandLineW, GetEnvironmentStringsW, GetLocalTime, GetTimeFormatW, FileTimeToLocalFileTime, GetDateFormatW, GetLastError, CloseHandle, SetThreadLocale, GetProcAddress, GetModuleHandleW, SetFilePointer, lstrcmpW, lstrcmpiW, HeapAlloc, GetProcessHeap, HeapFree, MultiByteToWideChar, ReadFile, WriteConsoleW, FillConsoleOutputCharacterW, SetConsoleCursorPosition, ReadConsoleW, GetConsoleScreenBufferInfo, GetStdHandle, GetFileType, VirtualQuery, RaiseException, GetCPInfo, GetConsoleOutputCP, WideCharToMultiByte, GetFileSize, CreateFileW, FindClose, FindNextFileW, FindFirstFileW, GetFullPathNameW, GetUserDefaultLCID, GetLocaleInfoW, SetLocalTime, SystemTimeToFileTime, GetSystemTime, FileTimeToSystemTime
> msvcrt.dll: __p__fmode, __p__commode, _adjust_fdiv, __setusermatherr, _initterm, __getmainargs, __initenv, _cexit, _XcptFilter, _exit, _c_exit, calloc, _wcslwr, qsort, _vsnwprintf, wcsstr, _dup2, _dup, _open_osfhandle, _close, swscanf, _ultoa, _pipe, _seh_longjmp_unwind, _setmode, wcsncmp, iswxdigit, fflush, exit, _wtol, time, srand, __set_app_type, wcsrchr, malloc, free, wcstoul, _errno, iswalpha, printf, rand, swprintf, _iob, fprintf, towlower, realloc, setlocale, _snwprintf, wcscat, _wcsupr, wcsncpy, _wpopen, fgets, _pclose, memmove, wcschr, iswspace, _tell, longjmp, wcscmp, _wcsnicmp, _wcsicmp, wcstol, iswdigit, _getch, _get_osfhandle, _controlfp, _setjmp3, _except_handler3, wcscpy, wcslen, wcsspn, towupper
> USER32.dll: GetUserObjectInformationW, GetThreadDesktop, MessageBeep, GetProcessWindowStation

( 0 exports )
PDFiD.: -
RDS...: NSRL Reference Data Set
-

Datei CF29905.exe empfangen 2009.06.02 15:26:05 (UTC)
Status: Beendet
Ergebnis: 0/40 (0%)
Filter
Drucken der Ergebnisse Antivirus Version letzte aktualisierung Ergebnis
a-squared 4.0.0.101 2009.06.02 -
AhnLab-V3 5.0.0.2 2009.06.02 -
AntiVir 7.9.0.180 2009.06.02 -
Antiy-AVL 2.0.3.1 2009.06.02 -
Authentium 5.1.2.4 2009.06.02 -
Avast 4.8.1335.0 2009.06.01 -
AVG 8.5.0.339 2009.06.02 -
BitDefender 7.2 2009.06.02 -
CAT-QuickHeal 10.00 2009.06.02 -
ClamAV 0.94.1 2009.06.02 -
Comodo 1236 2009.06.02 -
DrWeb 5.0.0.12182 2009.06.02 -
eSafe 7.0.17.0 2009.06.02 -
eTrust-Vet 31.6.6535 2009.06.02 -
F-Prot 4.4.4.56 2009.06.02 -
F-Secure 8.0.14470.0 2009.06.02 -
Fortinet 3.117.0.0 2009.06.02 -
GData 19 2009.06.02 -
Ikarus T3.1.1.57.0 2009.06.02 -
K7AntiVirus 7.10.752 2009.06.02 -
Kaspersky 7.0.0.125 2009.06.02 -
McAfee 5634 2009.06.02 -
McAfee+Artemis 5633 2009.06.01 -
McAfee-GW-Edition 6.7.6 2009.05.29 -
Microsoft 1.4701 2009.06.02 -
NOD32 4123 2009.06.02 -
Norman 6.01.05 2009.06.02 -
nProtect 2009.1.8.0 2009.06.02 -
Panda 10.0.0.14 2009.06.01 -
PCTools 4.4.2.0 2009.06.02 -
Prevx 3.0 2009.06.02 -
Rising 21.32.14.00 2009.06.02 -
Sophos 4.42.0 2009.06.02 -
Sunbelt 3.2.1858.2 2009.06.02 -
Symantec 1.4.4.12 2009.06.02 -
TheHacker 6.3.4.3.335 2009.06.01 -
TrendMicro 8.950.0.1092 2009.06.02 -
VBA32 3.12.10.6 2009.06.02 -
ViRobot 2009.6.2.1765 2009.06.02 -
VirusBuster 4.6.5.0 2009.06.02 -
weitere Informationen
File size: 401920 bytes
MD5...: 5c0105e6265558b4ebda18b635d26500
SHA1..: 2c166211f44866ec9243373809faad1ab3532e81
SHA256: 8c044a53182c568942851a5bd636c4658cb6c1785fe692aa552c5aa7ff32faab
ssdeep: -
PEiD..: -
TrID..: File type identification
Win32 Executable MS Visual C++ (generic) (65.2%)
Win32 Executable Generic (14.7%)
Win32 Dynamic Link Library (generic) (13.1%)
Generic Win/DOS Executable (3.4%)
DOS Executable Generic (3.4%)
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x5046
timedatestamp.....: 0x48025baf (Sun Apr 13 19:14:55 2008)
machinetype.......: 0x14c (I386)

( 3 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x1f620 0x1f800 6.58 074a19da2eb2f1166671c2e2747967cd
.data 0x21000 0x1ca24 0x1ca00 0.17 ac08e12c2ca9c0b872b354378edde336
.rsrc 0x3e000 0x25aa0 0x25c00 3.87 3bc81433cf5354e1c22400c381af5a22

( 3 imports )
> KERNEL32.dll: FlushConsoleInputBuffer, LoadLibraryA, InterlockedExchange, FreeLibrary, LocalAlloc, GetVDMCurrentDirectories, CmdBatNotification, GetModuleHandleA, SetUnhandledExceptionFilter, UnhandledExceptionFilter, GetCurrentProcess, GetSystemTimeAsFileTime, GetCurrentProcessId, GetTickCount, QueryPerformanceCounter, GetThreadLocale, GetDiskFreeSpaceExW, CompareFileTime, RemoveDirectoryW, GetCurrentDirectoryW, SetCurrentDirectoryW, TerminateProcess, WaitForSingleObject, GetExitCodeProcess, CopyFileW, SetFileAttributesW, DeleteFileW, SetFileTime, CreateDirectoryW, FillConsoleOutputAttribute, SetConsoleTextAttribute, ScrollConsoleScreenBufferW, FormatMessageW, DuplicateHandle, FlushFileBuffers, HeapReAlloc, HeapSize, GetFileAttributesExW, LocalFree, GetDriveTypeW, InitializeCriticalSection, SetConsoleCtrlHandler, GetWindowsDirectoryW, GetConsoleTitleW, GetModuleFileNameW, GetVersion, EnterCriticalSection, LeaveCriticalSection, ExpandEnvironmentStringsW, SearchPathW, WriteFile, GetVolumeInformationW, SetLastError, MoveFileW, SetConsoleTitleW, MoveFileExW, GetBinaryTypeW, GetFileAttributesW, GetCurrentThreadId, CreateProcessW, LoadLibraryW, ReadProcessMemory, SetErrorMode, GetConsoleMode, SetConsoleMode, VirtualAlloc, VirtualFree, SetEnvironmentVariableW, GetEnvironmentVariableW, GetCommandLineW, GetEnvironmentStringsW, GetLocalTime, GetTimeFormatW, FileTimeToLocalFileTime, GetDateFormatW, GetLastError, CloseHandle, SetThreadLocale, GetProcAddress, GetModuleHandleW, SetFilePointer, lstrcmpW, lstrcmpiW, HeapAlloc, GetProcessHeap, HeapFree, MultiByteToWideChar, ReadFile, WriteConsoleW, FillConsoleOutputCharacterW, SetConsoleCursorPosition, ReadConsoleW, GetConsoleScreenBufferInfo, GetStdHandle, GetFileType, VirtualQuery, RaiseException, GetCPInfo, GetConsoleOutputCP, WideCharToMultiByte, GetFileSize, CreateFileW, FindClose, FindNextFileW, FindFirstFileW, GetFullPathNameW, GetUserDefaultLCID, GetLocaleInfoW, SetLocalTime, SystemTimeToFileTime, GetSystemTime, FileTimeToSystemTime
> msvcrt.dll: __p__fmode, __p__commode, _adjust_fdiv, __setusermatherr, _initterm, __getmainargs, __initenv, _cexit, _XcptFilter, _exit, _c_exit, calloc, _wcslwr, qsort, _vsnwprintf, wcsstr, _dup2, _dup, _open_osfhandle, _close, swscanf, _ultoa, _pipe, _seh_longjmp_unwind, _setmode, wcsncmp, iswxdigit, fflush, exit, _wtol, time, srand, __set_app_type, wcsrchr, malloc, free, wcstoul, _errno, iswalpha, printf, rand, swprintf, _iob, fprintf, towlower, realloc, setlocale, _snwprintf, wcscat, _wcsupr, wcsncpy, _wpopen, fgets, _pclose, memmove, wcschr, iswspace, _tell, longjmp, wcscmp, _wcsnicmp, _wcsicmp, wcstol, iswdigit, _getch, _get_osfhandle, _controlfp, _setjmp3, _except_handler3, wcscpy, wcslen, wcsspn, towupper
> USER32.dll: GetUserObjectInformationW, GetThreadDesktop, MessageBeep, GetProcessWindowStation

( 0 exports )
PDFiD.: -
RDS...: NSRL Reference Data Set
-

phaos · 02.06.2009, 17:56

Fortsetzung 2:

Datei CF31822.exe empfangen 2009.06.02 15:28:14 (UTC)
Status: Beendet
Ergebnis: 0/39 (0%)
Filter
Drucken der Ergebnisse Antivirus Version letzte aktualisierung Ergebnis
a-squared 4.0.0.101 2009.06.02 -
AhnLab-V3 5.0.0.2 2009.06.02 -
AntiVir 7.9.0.180 2009.06.02 -
Antiy-AVL 2.0.3.1 2009.06.02 -
Authentium 5.1.2.4 2009.06.02 -
Avast 4.8.1335.0 2009.06.01 -
AVG 8.5.0.339 2009.06.02 -
BitDefender 7.2 2009.06.02 -
CAT-QuickHeal 10.00 2009.06.02 -
ClamAV 0.94.1 2009.06.02 -
Comodo 1236 2009.06.02 -
DrWeb 5.0.0.12182 2009.06.02 -
eSafe 7.0.17.0 2009.06.02 -
eTrust-Vet 31.6.6535 2009.06.02 -
F-Prot 4.4.4.56 2009.06.02 -
F-Secure 8.0.14470.0 2009.06.02 -
Fortinet 3.117.0.0 2009.06.02 -
GData 19 2009.06.02 -
Ikarus T3.1.1.57.0 2009.06.02 -
K7AntiVirus 7.10.752 2009.06.02 -
Kaspersky 7.0.0.125 2009.06.02 -
McAfee 5634 2009.06.02 -
McAfee+Artemis 5633 2009.06.01 -
McAfee-GW-Edition 6.7.6 2009.05.29 -
Microsoft 1.4701 2009.06.02 -
NOD32 4123 2009.06.02 -
Norman 6.01.05 2009.06.02 -
nProtect 2009.1.8.0 2009.06.02 -
Panda 10.0.0.14 2009.06.01 -
PCTools 4.4.2.0 2009.06.02 -
Prevx 3.0 2009.06.02 -
Rising 21.32.14.00 2009.06.02 -
Sophos 4.42.0 2009.06.02 -
Sunbelt 3.2.1858.2 2009.06.02 -
Symantec 1.4.4.12 2009.06.02 -
TheHacker 6.3.4.3.335 2009.06.01 -
TrendMicro 8.950.0.1092 2009.06.02 -
VBA32 3.12.10.6 2009.06.02 -
ViRobot 2009.6.2.1765 2009.06.02 -
weitere Informationen
File size: 401920 bytes
MD5...: 5c0105e6265558b4ebda18b635d26500
SHA1..: 2c166211f44866ec9243373809faad1ab3532e81
SHA256: 8c044a53182c568942851a5bd636c4658cb6c1785fe692aa552c5aa7ff32faab
ssdeep: -
PEiD..: -
TrID..: File type identification
Win32 Executable MS Visual C++ (generic) (65.2%)
Win32 Executable Generic (14.7%)
Win32 Dynamic Link Library (generic) (13.1%)
Generic Win/DOS Executable (3.4%)
DOS Executable Generic (3.4%)
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x5046
timedatestamp.....: 0x48025baf (Sun Apr 13 19:14:55 2008)
machinetype.......: 0x14c (I386)

( 3 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x1f620 0x1f800 6.58 074a19da2eb2f1166671c2e2747967cd
.data 0x21000 0x1ca24 0x1ca00 0.17 ac08e12c2ca9c0b872b354378edde336
.rsrc 0x3e000 0x25aa0 0x25c00 3.87 3bc81433cf5354e1c22400c381af5a22

( 3 imports )
> KERNEL32.dll: FlushConsoleInputBuffer, LoadLibraryA, InterlockedExchange, FreeLibrary, LocalAlloc, GetVDMCurrentDirectories, CmdBatNotification, GetModuleHandleA, SetUnhandledExceptionFilter, UnhandledExceptionFilter, GetCurrentProcess, GetSystemTimeAsFileTime, GetCurrentProcessId, GetTickCount, QueryPerformanceCounter, GetThreadLocale, GetDiskFreeSpaceExW, CompareFileTime, RemoveDirectoryW, GetCurrentDirectoryW, SetCurrentDirectoryW, TerminateProcess, WaitForSingleObject, GetExitCodeProcess, CopyFileW, SetFileAttributesW, DeleteFileW, SetFileTime, CreateDirectoryW, FillConsoleOutputAttribute, SetConsoleTextAttribute, ScrollConsoleScreenBufferW, FormatMessageW, DuplicateHandle, FlushFileBuffers, HeapReAlloc, HeapSize, GetFileAttributesExW, LocalFree, GetDriveTypeW, InitializeCriticalSection, SetConsoleCtrlHandler, GetWindowsDirectoryW, GetConsoleTitleW, GetModuleFileNameW, GetVersion, EnterCriticalSection, LeaveCriticalSection, ExpandEnvironmentStringsW, SearchPathW, WriteFile, GetVolumeInformationW, SetLastError, MoveFileW, SetConsoleTitleW, MoveFileExW, GetBinaryTypeW, GetFileAttributesW, GetCurrentThreadId, CreateProcessW, LoadLibraryW, ReadProcessMemory, SetErrorMode, GetConsoleMode, SetConsoleMode, VirtualAlloc, VirtualFree, SetEnvironmentVariableW, GetEnvironmentVariableW, GetCommandLineW, GetEnvironmentStringsW, GetLocalTime, GetTimeFormatW, FileTimeToLocalFileTime, GetDateFormatW, GetLastError, CloseHandle, SetThreadLocale, GetProcAddress, GetModuleHandleW, SetFilePointer, lstrcmpW, lstrcmpiW, HeapAlloc, GetProcessHeap, HeapFree, MultiByteToWideChar, ReadFile, WriteConsoleW, FillConsoleOutputCharacterW, SetConsoleCursorPosition, ReadConsoleW, GetConsoleScreenBufferInfo, GetStdHandle, GetFileType, VirtualQuery, RaiseException, GetCPInfo, GetConsoleOutputCP, WideCharToMultiByte, GetFileSize, CreateFileW, FindClose, FindNextFileW, FindFirstFileW, GetFullPathNameW, GetUserDefaultLCID, GetLocaleInfoW, SetLocalTime, SystemTimeToFileTime, GetSystemTime, FileTimeToSystemTime
> msvcrt.dll: __p__fmode, __p__commode, _adjust_fdiv, __setusermatherr, _initterm, __getmainargs, __initenv, _cexit, _XcptFilter, _exit, _c_exit, calloc, _wcslwr, qsort, _vsnwprintf, wcsstr, _dup2, _dup, _open_osfhandle, _close, swscanf, _ultoa, _pipe, _seh_longjmp_unwind, _setmode, wcsncmp, iswxdigit, fflush, exit, _wtol, time, srand, __set_app_type, wcsrchr, malloc, free, wcstoul, _errno, iswalpha, printf, rand, swprintf, _iob, fprintf, towlower, realloc, setlocale, _snwprintf, wcscat, _wcsupr, wcsncpy, _wpopen, fgets, _pclose, memmove, wcschr, iswspace, _tell, longjmp, wcscmp, _wcsnicmp, _wcsicmp, wcstol, iswdigit, _getch, _get_osfhandle, _controlfp, _setjmp3, _except_handler3, wcscpy, wcslen, wcsspn, towupper
> USER32.dll: GetUserObjectInformationW, GetThreadDesktop, MessageBeep, GetProcessWindowStation

( 0 exports )
PDFiD.: -
RDS...: NSRL Reference Data Set

Datei CF32321.exe empfangen 2009.06.02 15:30:34 (UTC)
Status: Beendet
Ergebnis: 0/39 (0%)
Filter
Drucken der Ergebnisse Antivirus Version letzte aktualisierung Ergebnis
a-squared 4.0.0.101 2009.06.02 -
AhnLab-V3 5.0.0.2 2009.06.02 -
AntiVir 7.9.0.180 2009.06.02 -
Antiy-AVL 2.0.3.1 2009.06.02 -
Authentium 5.1.2.4 2009.06.02 -
Avast 4.8.1335.0 2009.06.01 -
AVG 8.5.0.339 2009.06.02 -
CAT-QuickHeal 10.00 2009.06.02 -
ClamAV 0.94.1 2009.06.02 -
Comodo 1236 2009.06.02 -
DrWeb 5.0.0.12182 2009.06.02 -
eSafe 7.0.17.0 2009.06.02 -
eTrust-Vet 31.6.6535 2009.06.02 -
F-Prot 4.4.4.56 2009.06.02 -
F-Secure 8.0.14470.0 2009.06.02 -
Fortinet 3.117.0.0 2009.06.02 -
GData 19 2009.06.02 -
Ikarus T3.1.1.57.0 2009.06.02 -
K7AntiVirus 7.10.752 2009.06.02 -
Kaspersky 7.0.0.125 2009.06.02 -
McAfee 5634 2009.06.02 -
McAfee+Artemis 5633 2009.06.01 -
McAfee-GW-Edition 6.7.6 2009.05.29 -
Microsoft 1.4701 2009.06.02 -
NOD32 4123 2009.06.02 -
Norman 6.01.05 2009.06.02 -
nProtect 2009.1.8.0 2009.06.02 -
Panda 10.0.0.14 2009.06.01 -
PCTools 4.4.2.0 2009.06.02 -
Prevx 3.0 2009.06.02 -
Rising 21.32.14.00 2009.06.02 -
Sophos 4.42.0 2009.06.02 -
Sunbelt 3.2.1858.2 2009.06.02 -
Symantec 1.4.4.12 2009.06.02 -
TheHacker 6.3.4.3.335 2009.06.01 -
TrendMicro 8.950.0.1092 2009.06.02 -
VBA32 3.12.10.6 2009.06.02 -
ViRobot 2009.6.2.1765 2009.06.02 -
VirusBuster 4.6.5.0 2009.06.02 -
weitere Informationen
File size: 401920 bytes
MD5...: 5c0105e6265558b4ebda18b635d26500
SHA1..: 2c166211f44866ec9243373809faad1ab3532e81
SHA256: 8c044a53182c568942851a5bd636c4658cb6c1785fe692aa552c5aa7ff32faab
ssdeep: -
PEiD..: -
TrID..: File type identification
Win32 Executable MS Visual C++ (generic) (65.2%)
Win32 Executable Generic (14.7%)
Win32 Dynamic Link Library (generic) (13.1%)
Generic Win/DOS Executable (3.4%)
DOS Executable Generic (3.4%)
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x5046
timedatestamp.....: 0x48025baf (Sun Apr 13 19:14:55 2008)
machinetype.......: 0x14c (I386)

( 3 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x1f620 0x1f800 6.58 074a19da2eb2f1166671c2e2747967cd
.data 0x21000 0x1ca24 0x1ca00 0.17 ac08e12c2ca9c0b872b354378edde336
.rsrc 0x3e000 0x25aa0 0x25c00 3.87 3bc81433cf5354e1c22400c381af5a22

( 3 imports )
> KERNEL32.dll: FlushConsoleInputBuffer, LoadLibraryA, InterlockedExchange, FreeLibrary, LocalAlloc, GetVDMCurrentDirectories, CmdBatNotification, GetModuleHandleA, SetUnhandledExceptionFilter, UnhandledExceptionFilter, GetCurrentProcess, GetSystemTimeAsFileTime, GetCurrentProcessId, GetTickCount, QueryPerformanceCounter, GetThreadLocale, GetDiskFreeSpaceExW, CompareFileTime, RemoveDirectoryW, GetCurrentDirectoryW, SetCurrentDirectoryW, TerminateProcess, WaitForSingleObject, GetExitCodeProcess, CopyFileW, SetFileAttributesW, DeleteFileW, SetFileTime, CreateDirectoryW, FillConsoleOutputAttribute, SetConsoleTextAttribute, ScrollConsoleScreenBufferW, FormatMessageW, DuplicateHandle, FlushFileBuffers, HeapReAlloc, HeapSize, GetFileAttributesExW, LocalFree, GetDriveTypeW, InitializeCriticalSection, SetConsoleCtrlHandler, GetWindowsDirectoryW, GetConsoleTitleW, GetModuleFileNameW, GetVersion, EnterCriticalSection, LeaveCriticalSection, ExpandEnvironmentStringsW, SearchPathW, WriteFile, GetVolumeInformationW, SetLastError, MoveFileW, SetConsoleTitleW, MoveFileExW, GetBinaryTypeW, GetFileAttributesW, GetCurrentThreadId, CreateProcessW, LoadLibraryW, ReadProcessMemory, SetErrorMode, GetConsoleMode, SetConsoleMode, VirtualAlloc, VirtualFree, SetEnvironmentVariableW, GetEnvironmentVariableW, GetCommandLineW, GetEnvironmentStringsW, GetLocalTime, GetTimeFormatW, FileTimeToLocalFileTime, GetDateFormatW, GetLastError, CloseHandle, SetThreadLocale, GetProcAddress, GetModuleHandleW, SetFilePointer, lstrcmpW, lstrcmpiW, HeapAlloc, GetProcessHeap, HeapFree, MultiByteToWideChar, ReadFile, WriteConsoleW, FillConsoleOutputCharacterW, SetConsoleCursorPosition, ReadConsoleW, GetConsoleScreenBufferInfo, GetStdHandle, GetFileType, VirtualQuery, RaiseException, GetCPInfo, GetConsoleOutputCP, WideCharToMultiByte, GetFileSize, CreateFileW, FindClose, FindNextFileW, FindFirstFileW, GetFullPathNameW, GetUserDefaultLCID, GetLocaleInfoW, SetLocalTime, SystemTimeToFileTime, GetSystemTime, FileTimeToSystemTime
> msvcrt.dll: __p__fmode, __p__commode, _adjust_fdiv, __setusermatherr, _initterm, __getmainargs, __initenv, _cexit, _XcptFilter, _exit, _c_exit, calloc, _wcslwr, qsort, _vsnwprintf, wcsstr, _dup2, _dup, _open_osfhandle, _close, swscanf, _ultoa, _pipe, _seh_longjmp_unwind, _setmode, wcsncmp, iswxdigit, fflush, exit, _wtol, time, srand, __set_app_type, wcsrchr, malloc, free, wcstoul, _errno, iswalpha, printf, rand, swprintf, _iob, fprintf, towlower, realloc, setlocale, _snwprintf, wcscat, _wcsupr, wcsncpy, _wpopen, fgets, _pclose, memmove, wcschr, iswspace, _tell, longjmp, wcscmp, _wcsnicmp, _wcsicmp, wcstol, iswdigit, _getch, _get_osfhandle, _controlfp, _setjmp3, _except_handler3, wcscpy, wcslen, wcsspn, towupper
> USER32.dll: GetUserObjectInformationW, GetThreadDesktop, MessageBeep, GetProcessWindowStation

( 0 exports )
PDFiD.: -
RDS...: NSRL Reference Data Set
-
ThreatExpert info: <a href='http://www.threatexpert.com/report.aspx?md5=5c0105e6265558b4ebda18b635d26500' target='_blank'>http://www.threatexpert.com/report.aspx?md5=5c0105e6265558b4ebda18b635d26500</a>

Eine Datei konnte nicht hochgeladen werden:
- C:\Windows\system32\AgCPanelFrenchb.exe
Es erschien die Meldung "Internal Serval Error" und man solle den webmaster kontaktieren,was ich aber noch nicht gemacht hab. Die Datei ist als versteckt/unsichtbar gekennzeichnet und ich kann sie nicht kopieren, weil sie in Benutzung sei.

Diese Datei konnte ich nicht finden:
C:\WINDOWS\system32\drivers\aq3kruqc.sys

phaos · 02.06.2009, 17:59

Fortsetzung 3:

Nun folgt das Avengerlog:

Logfile of The Avenger Version 2.0, (c) by Swandog46
http://swandog46.geekstogo.com

Platform: Windows XP

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.
No rootkits found!

File "C:\Programme\Search Settings\kb127\SearchSettings.dll" deleted successfully.
Folder "C:\Programme\Search Settings\kb127" deleted successfully.
Folder "C:\Programme\Search Settings" deleted successfully.

Completed script processing.

*******************

Finished! Terminate.

Dann das HJ-log nach dem Fixen der angebenen Einträge:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:20:06, on 02.06.2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16827)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\SYSTEM32\ati2sgag.exe
C:\WINDOWS\system32\AgCPanelFrenchb.exe
C:\WINDOWS\system32\svchost.exe
C:\Programme\avmwlanstick\WlanNetService.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Programme\Cisco Systems\VPN Client\cvpnd.exe
C:\WINDOWS\System32\oodag.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Programme\Sandboxie\SbieSvc.exe
C:\Programme\Seagate\Sync\SeaSyncServices.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\Programme\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe
C:\Programme\WZCBDL Service\WZCBDLS.exe
C:\WINDOWS\system32\fxssvc.exe
C:\Programme\D-Link\Air USB Utility\AirCFG.exe
C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Programme\avmwlanstick\wlangui.exe
C:\Programme\Western Digital\WD Drive Manager\WDBtnMgrUI.exe
C:\Programme\WD\WD Anywhere Backup\MemeoLauncher2.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Dokumente und Einstellungen\Michael Schultheis\Desktop\prüfung.com

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = www.google.de
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.de
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.de/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.de
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.de
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.de
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.de
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = www.google.de
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = www.google.de
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = www.google.de
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = www.google.de
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = fritz.box
R3 - URLSearchHook: (no name) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - (no file)
O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Programme\Orbitdownloader\orbitcth.dll
O2 - BHO: flashget2 urlcatch - {1F364306-AA45-47B5-9F9D-39A8B94E7EF1} - C:\Programme\FlashGet Network\FlashGet universal\ComDlls\bhoCATCH.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.6.0_05\bin\ssv.dll
O3 - Toolbar: Grab Pro - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Programme\Orbitdownloader\GrabPro.dll
O4 - HKLM\..\Run: [D-Link Air USB Utility] C:\Programme\D-Link\Air USB Utility\AirCFG.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [SpybotSnD] "C:\Programme\Spybot - Search & Destroy\SpybotSD.exe"
O4 - HKLM\..\Run: [AVMWlanClient] C:\Programme\avmwlanstick\wlangui.exe
O4 - HKLM\..\Run: [WD Drive Manager] C:\Programme\Western Digital\WD Drive Manager\WDBtnMgrUI.exe
O4 - HKLM\..\Run: [WD Anywhere Backup] C:\Programme\WD\WD Anywhere Backup\MemeoLauncher2.exe --silent
O4 - HKCU\..\Run: [HDDHealth] H:\HDD Health\hddhealth.exe -wl
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Adobe Reader - Schnellstart.lnk.disabled
O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm
O8 - Extra context menu item: &Download All by FlashGet - C:\Programme\FlashGet Network\FlashGet universal\ComDlls\Bhoall.htm
O8 - Extra context menu item: &Download by FlashGet - C:\Programme\FlashGet Network\FlashGet universal\ComDlls\Bholink.htm
O8 - Extra context menu item: &Download by Orbit - res://C:\Programme\Orbitdownloader\orbitmxt.dll/201
O8 - Extra context menu item: &Grab video by Orbit - res://C:\Programme\Orbitdownloader\orbitmxt.dll/204
O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Programme\Orbitdownloader\orbitmxt.dll/203
O8 - Extra context menu item: Down&load all by Orbit - res://C:\Programme\Orbitdownloader\orbitmxt.dll/202
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Programme\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Programme\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1088778804203
O16 - DPF: {814EA0DA-E0D9-4AA4-833C-A1A6D38E79E9} (DASWebDownload Class) - http://das.microsoft.com/activate/cab/x86/i486/NTANSI/retail/DASAct.cab
O16 - DPF: {8FA9D107-547B-4DBC-9D88-FABD891EDB0A} (shizmoo Class) - http://playroom.icq.com/odyssey_web11.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{DCABE8A3-616C-4193-A970-E9382778410C}: NameServer = 192.168.0.1
O18 - Protocol: talkto - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O23 - Service: Avira Upgrade Service (antivirupgradeservice) - Unknown owner - C:\DOKUME~1\MICHAE~1\LOKALE~1\Temp\AVSETUP_4a1a9fb9\basic\avupgsvc.exe (file missing)
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\SYSTEM32\ati2sgag.exe
O23 - Service: ATI Smart ATIusnsvc (ATIusnsvc) - Unknown owner - C:\WINDOWS\system32\AgCPanelFrenchb.exe
O23 - Service: AVM WLAN Connection Service - AVM Berlin - C:\Programme\avmwlanstick\WlanNetService.exe
O23 - Service: Intelligenter Hintergrundübertragungsdienst (BITS) - Unknown owner - C:\WINDOWS\
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Programme\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Programme\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Programme\Gemeinsame Dateien\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: MemeoBackgroundService - Memeo - C:\Programme\WD\WD Anywhere Backup\MemeoBackgroundService.exe
O23 - Service: NBService - Nero AG - C:\Programme\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMIndexingService.exe
O23 - Service: Intel(R) NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\System32\NMSSvc.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\System32\oodag.exe
O23 - Service: Sandboxie Service (SbieSvc) - tzuk - C:\Programme\Sandboxie\SbieSvc.exe
O23 - Service: Seagate Sync Service - Seagate Technology LLC - C:\Programme\Seagate\Sync\SeaSyncServices.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\SNDSrvc.exe
O23 - Service: WD Drive Manager Service (WDBtnMgrSvc.exe) - WDC - C:\Programme\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe
O23 - Service: Automatische Updates (wuauserv) - Unknown owner - C:\WINDOWS\
O23 - Service: WZCBDL Service (WZCBDLService) - D-Link - C:\Programme\WZCBDL Service\WZCBDLS.exe

--
End of file - 9170 bytes

Combofix nochmal runtergeladen und so starten versucht, aber er warnt mich wieder sofort, es sei noch Avira-Wächter aktiv.

Vg,
Michael

phaos · 02.06.2009, 18:15

Ach so, wenn ich irgendwas im abgesicherten Modus laufen lassen muss, dann sag bitte, bisher hab ich das immer im normalen gemacht, weiß ja nicht, ob das wichtig ist.

Vg

Chris4You · 02.06.2009, 20:31

Hi,

hast Du mit HJ wie angegeben die Einträge gefixt?

Hardcore:
Start->Ausführen->cmd
Dort reinschreiben:
sc stop "AntiVirScheduler" (Enter-Taste drücken, dann so weiter machen ;o)
sc delete "AntiVirScheduler"
sc stop "AntiVirService"
sc delete "AntiVirService"
sc stop "AntiVirUpgradeService"
sc delete "AntiVirUpgradeService"

Lösche dann das Avira-Directory in C:\Programme\Avira...

Rechner neu starten...

Fixe dann die Einträge mit HJ noch mal (siehe vorangegangenes Posting)

Damit wird Avira gestoppt und dann gelöscht...

Dann probiere bitte noch mal combofix, ev. im abgesicherten Modus (F8 beim Booten)
Wenn er immer noch Avira meldet dann:
http://forum.avira.com/wbb/index.php...threadid=13095

Gmer:
http://www.trojaner-board.de/74908-a...t-scanner.html
Den Downloadlink findest Du links oben (www.gmer.net/files), dort dann
auf den Button "Download EXE", dabei wird ein zufälliger Name generiert (den und den Pfad wo Du sie gespeichert hast bitte merken).
Starte GMER und schaue, ob es schon was meldet. Macht es das, bitte alle Fragen mit "nein" beantworten, auf den Reiter "rootkit" gehen, wiederum die Frage mit "nein" beantworten und mit Hilfe von copy den Bericht in den Thread einfügen. Meldet es so nichts, gehe auf den Reiter Rootkit und mache einen Scan. ist dieser beendet, wähle Copy und füge den Bericht ein.

chris
Ps.: Bin morgen den ganzen Tag unterwegs, daher nicht erreichbar...
Das Teil hat einiges "umgebogen"...

S2 ATIusnsvc;ATI Smart ATIusnsvc; C:\WINDOWS\system32\AgCPanelFrenchb.exe [2009-05-19 53248]
Hast Du am 19.05. die Treiber der ATI-Grafikarte upgedatet... Dazu findet sich absolut nichts, das ist normalerweise kein gutes Zeichen...

Notfalls gehen wir dann von aussen auf den Rechner:
(Wenn Du eine ATI-Grafikkarte hast, geht die AIR-BootCD leider nicht, daher

G Data-Rettungs-CD, Größe ca. 110 MB:
http://www.gdata.de/typo3conf/ext/da....php?docID=826
Runterladen und dann auf CD brennen, von CD booten (im Bios die Bootreihenfolge umstellen, gilt auch für AVIRA)....

phaos · 03.06.2009, 10:41

So, hallo,
Die angebenen HJ-Dinger hatte ich schon beim letzten Mal gefixt, hab nochmal nachgesehen, drei von denen waren wieder da, hab ich nochmal gefixt.
Trotzdem, COmbofix macht immer noch FEhlermeldung, auch im abgesichterten Modus. Ich hab mal nachgesehen, ich hab einen Combofix-Ordner unter C. Wenn ich das combofix \u unter ausführen eingebe, geht der aber nicht weg, sondern es öffnet sich auch dieses Fenster von Combofix mit der Warnung. Mach ich was falsch?
Habe versucht auch nach der Avira-Seite vorzugehen, aber ohne Erfolg. Ich kann übrigens im normalen Modus nicht die Registry aufrufen, im abgesicherten gehts.
Habe GMER runtergeladen und laufen lassen. Nach der ersten Meldung hat er dann abgebrochen, weil du ja gesagt hast, ich soll nein klicken. Soll er keinen kompletten Scan machen? Hier ist das Log was bis dahin erstellt wurde:

GMER 1.0.15.14972 - http://www.gmer.net
Rootkit scan 2009-06-03 10:50:48
Windows 5.1.2600 Service Pack 3

---- System - GMER 1.0.15 ----

SSDT sptd.sys ZwEnumerateKey [0xF756CE2C]
SSDT sptd.sys ZwEnumerateValueKey [0xF756D1BA]

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs 761caa00.sys
Device \FileSystem\Ntfs \Ntfs 873641E8
Device \FileSystem\Fastfat \Fat 86FB57A0

AttachedDevice \Driver\Tcpip \Device\Ip SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Ip 761caa00.sys
AttachedDevice \Driver\Tcpip \Device\Tcp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Tcp 761caa00.sys
AttachedDevice \Driver\Tcpip \Device\Udp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Udp 761caa00.sys
AttachedDevice \Driver\Tcpip \Device\RawIp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\RawIp 761caa00.sys

---- Services - GMER 1.0.15 ----

Service C:\WINDOWS\System32\drivers\761caa00.sys (*** hidden *** ) [SYSTEM] 761caa00 <-- ROOTKIT !!!

---- EOF - GMER 1.0.15 ----

An ein Update von ATI kann ich mich nicht erinnern, zumindest hab ich aktiv keins durchgeführt, automatisch weiß ich natürlich nich.

Das mit der RettungsCD hab ich noch nicht durchgeführt, müsstest du mir nochmal genau erklären, was du mit der Bootreihenfolge meinst.

Danke, Michael

Hupigon13, Win32.Delf.uv - Antivir und Hijackthis gehen nicht

Plagegeister aller Art und deren Bekämpfung: Hupigon13, Win32.Delf.uv - Antivir und Hijackthis gehen nicht