Trojan.Hiloti canters.dll

Dieses Thema im Forum "Viren, Würmer, Spyware" wurde erstellt von 1886, 28.04.2011.

  1. 1886

    1886 Neuer Benutzer

    Dabei seit:
    27.04.2010
    Beiträge:
    19
    Zustimmungen:
    0
    Hi Leute

    ich hab mir den Trojaner Hiloti auf einer "canters.dll" in der AppData geholt. Hab den dann mit malwarebytes entfernt. Nun zeigte es mir beim Systemstart an, dass nicht auf diese canters.dll zugegriffen werden kann. Sie wurde wohl gelöscht. Ist diese dll wichtig? Habe bisher noch keine Auswirkungen bemerkt...

    Hier noch der mwb log:

    Malwarebytes' Anti-Malware 1.50.1.1100
    Malwarebytes : Free anti-malware, anti-virus and spyware removal download

    Datenbank Version: 6462

    Windows 6.1.7600
    Internet Explorer 8.0.7600.16385

    28.04.2011 15:02:49
    mbam-log-2011-04-28 (15-02-49).txt

    Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
    Durchsuchte Objekte: 399286
    Laufzeit: 49 Minute(n), 54 Sekunde(n)

    Infizierte Speicherprozesse: 0
    Infizierte Speichermodule: 1
    Infizierte Registrierungsschlüssel: 0
    Infizierte Registrierungswerte: 1
    Infizierte Dateiobjekte der Registrierung: 1
    Infizierte Verzeichnisse: 0
    Infizierte Dateien: 45

    Infizierte Speicherprozesse:
    (Keine bösartigen Objekte gefunden)

    Infizierte Speichermodule:
    c:\Users\Reton\AppData\Local\canters.dll (Trojan.Hiloti) -> Delete on reboot.

    Infizierte Registrierungsschlüssel:
    (Keine bösartigen Objekte gefunden)

    Infizierte Registrierungswerte:
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Qvuyalolacihi (Trojan.Hiloti) -> Value: Qvuyalolacihi -> Delete on reboot.

    Infizierte Dateiobjekte der Registrierung:
    HKEY_CLASSES_ROOT\regfile\shell\open\command\(default) (Broken.OpenCommand) -> Bad: ("regedit.exe" "%1") Good: (regedit.exe "%1") -> Quarantined and deleted successfully.

    Infizierte Verzeichnisse:
    (Keine bösartigen Objekte gefunden)

    Infizierte Dateien:
    c:\Users\Reton\AppData\Local\canters.dll (Trojan.Hiloti) -> Delete on reboot.
    c:\Users\Reton\AppData\Local\Temp\err.log26779927 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    c:\Users\Reton\AppData\Local\Temp\D62.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
    c:\Users\Reton\AppData\Local\Temp\setup2092087876.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    c:\Users\Reton\AppData\Local\Temp\setup2143820272.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    c:\Users\Reton\AppData\Local\Temp\setup2324131248.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    c:\Users\Reton\AppData\Local\Temp\setup2822761740.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    c:\Users\Reton\AppData\Local\Temp\setup2913807856.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    c:\Users\Reton\AppData\Local\Temp\setup3006737768.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    c:\Users\Reton\AppData\Local\Temp\setup3111574472.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    c:\Users\Reton\AppData\Local\Temp\setup3224040852.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    c:\Users\Reton\AppData\Local\Temp\setup4022361832.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    c:\Users\Reton\AppData\Local\Temp\setup4176132584.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    c:\Users\Reton\AppData\Local\Temp\setup4280528844.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    c:\Users\Reton\AppData\Local\Temp\setup467115152.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    c:\Users\Reton\AppData\Local\Temp\setup1136830276.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    c:\Users\Reton\AppData\Local\Temp\setup1449008728.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    c:\Users\Reton\AppData\Local\Temp\setup1559471136.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    c:\Users\Reton\AppData\Local\Temp\setup1575112596.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    c:\Users\Reton\AppData\Local\Temp\setup876161160.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    c:\Users\Reton\AppData\Local\Temp\setup902872096.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    c:\Users\Reton\AppData\Local\Temp\setup995095936.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    c:\Users\Reton\AppData\Local\Temp\sewomxarnc.exe (Trojan.Hiloti) -> Quarantined and deleted successfully.
    c:\Users\Reton\AppData\Local\Temp\setup3295947552.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    c:\Users\Reton\AppData\Local\Temp\setup3326981432.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    c:\Users\Reton\AppData\Local\Temp\setup3343634272.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    c:\Users\Reton\AppData\Local\Temp\setup3347462584.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    c:\Users\Reton\AppData\Local\Temp\setup3361795096.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    c:\Users\Reton\AppData\Local\Temp\setup3403461760.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    c:\Users\Reton\AppData\Local\Temp\setup3599757896.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    c:\Users\Reton\AppData\Local\Temp\setup3727441056.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    c:\Users\Reton\AppData\Local\Temp\setup3821798824.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    c:\Users\Reton\AppData\Local\Temp\setup3862896584.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    c:\Users\Reton\AppData\Local\Temp\setup3890544272.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    c:\Users\Reton\AppData\Local\Temp\setup1709147836.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    c:\Users\Reton\AppData\Local\Temp\setup1819256696.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    c:\Users\Reton\AppData\Local\Temp\setup1923769116.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    c:\Users\Reton\AppData\Local\Temp\setup2003486864.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    c:\Users\Reton\AppData\Local\Temp\setup2037497256.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    c:\Users\Reton\AppData\Local\Temp\setup517188120.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    c:\Users\Reton\AppData\Local\Temp\setup663820692.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    c:\Users\Reton\AppData\Local\Temp\setup710411288.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    c:\Users\Reton\AppData\Local\Temp\setup799270512.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    c:\Users\Reton\AppData\Local\Temp\setup1686130340.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    c:\Users\Reton\AppData\Local\Temp\setup3229576800.exe (Trojan.Agent) -> Quarantined and deleted successfully.

    danke im voraus für eure Hilfe
     
  2. AdMan

    schau mal hier: Windows-Wartungs-Tool. Viele Probleme lassen sich damit einfach beheben. Oftmals ist der PC dann auch schneller!
    Registrieren bzw. einloggen, um diese und auch andere Anzeigen zu deaktivieren.
  3. #2 Leonixx, 28.04.2011
    Leonixx

    Leonixx
    Moderator

    Dabei seit:
    17.10.2007
    Beiträge:
    18.903
    Zustimmungen:
    0
    Ort:
    NIX DO
    Ist klar. Der Schädling hat sich tief ins System eingeschlichen und diese .dll installiert, damit beim Start der Schädling geladen wird.

    RSIT anwenden wie im Link in meiner Signatur. Logfiles posten wie beschrieben.

    Start, Ausführen, msconfig eingeben, unter Systemstart nachschauen, ob die dll dort plaziert wurde.
     
  4. #3 1886, 29.04.2011
    Zuletzt bearbeitet: 29.04.2011
    1886

    1886 Neuer Benutzer

    Dabei seit:
    27.04.2010
    Beiträge:
    19
    Zustimmungen:
    0
    Ok hab die beiden Logs angehängt. Im Systemstart hab ich nichts gefunden.

    EDIT: Die Meldung kommt jetzt auch beim Start nichtmehr. War denn diese Datei selbst der Trojaner? Ich hab eigentlich gedacht, der hat sich auf einer Datei von meinem PC eingenistet. Aber wenn das so ist ist das Problem jetzt eigentlich gelöst oder? Malwarebytes findet auch nix mehr.
     

    Anhänge:

    • info.txt
      Dateigröße:
      37,4 KB
      Aufrufe:
      10
    • log.txt
      Dateigröße:
      28,7 KB
      Aufrufe:
      6
  5. #4 Leonixx, 29.04.2011
    Leonixx

    Leonixx
    Moderator

    Dabei seit:
    17.10.2007
    Beiträge:
    18.903
    Zustimmungen:
    0
    Ort:
    NIX DO
    Dies Datei bei Virustotal prüfen lassen. Anleitung in meiner Sig. Poste Ergebnis.
    C:\Windows\patchw32.dll
     
  6. 1886

    1886 Neuer Benutzer

    Dabei seit:
    27.04.2010
    Beiträge:
    19
    Zustimmungen:
    0
    Additional information
    Show all
    MD5 : 3f30e7d132d62476db9ba5ebb0f7b902
    SHA1 : de83f87fcf06d5e468dc7cb5ac74a52baa0c9f07
    SHA256: 9d8a1abb2023068ba8c02a8e65046d2f8a0d77c6f2d63edf9690f3763d20d45b
    ssdeep: 6144:BzuSU6//FNSJHurd930aGssW7VAE0OxaEAiSKLvnxYm7aB8n:BzAk9NSJHmUW7VD7xxLvn
    File size : 197120 bytes
    First seen: 2009-05-15 00:04:17
    Last seen : 2011-05-01 08:13:34
    TrID:
    Win32 Executable MS Visual C++ (generic) (65.1%)
    Win32 Executable Generic (14.7%)
    Win32 Dynamic Link Library (generic) (13.1%)
    Generic Win/DOS Executable (3.4%)
    DOS Executable Generic (3.4%)
    sigcheck:
    publisher....: Pocket Soft, Inc.
    copyright....: (C) Copyright Pocket Soft, Inc., 2002. All Rights Reserved.
    product......: RTPatch
    description..: RTPatch Executable
    original name: n/a
    internal name:
    file version.: 6.50
    comments.....: n/a
    signers......: -
    signing date.: -
    verified.....: Unsigned
    PEInfo: PE structure information

    [[ basic data ]]
    entrypointaddress: 0x20528
    timedatestamp....: 0x3C7D11B5 (Wed Feb 27 17:04:53 2002)
    machinetype......: 0x14c (I386)

    [[ 8 section(s) ]]
    name, viradd, virsiz, rawdsiz, ntropy, md5
    .text, 0x1000, 0x26C1A, 0x26E00, 6.43, e0e7252d72d3ad4958ea614deb1e57a2
    .bss, 0x28000, 0x48F4, 0x0, 0.00, d41d8cd98f00b204e9800998ecf8427e
    .rdata, 0x2D000, 0xE1, 0x200, 2.94, 2feedda6d28c1504d21b4445f73155c7
    .data, 0x2E000, 0x2F7C, 0x3000, 4.34, 1da4729f76e5192b2260932674f8f5ff
    .idata, 0x31000, 0x10BE, 0x1200, 5.27, aa185f974cde9fc961ecbf522557a03e
    .edata, 0x33000, 0x19C, 0x200, 4.44, fea988816c8bff8427463acb38cc4038
    .rsrc, 0x34000, 0x1838, 0x1A00, 5.34, 38b343cba444aca2f47bf7b478a3f87b
    .reloc, 0x36000, 0x2E7E, 0x3000, 6.57, e08c3c338b835b3dd76bbcd855ecf8ef

    [[ 5 import(s) ]]
    USER32.dll: LoadStringA, OemToCharA, wsprintfA, TranslateMessage, PeekMessageA, DispatchMessageA, DdeDisconnect, CharToOemA, DdeUninitialize, DdeFreeStringHandle, DdeClientTransaction, DdeCreateDataHandle, DdeInitializeA, DdeConnect, DdeCreateStringHandleA, wvsprintfA
    ADVAPI32.dll: RegOpenKeyExW, RegQueryInfoKeyA, RegEnumValueA, RegEnumKeyA, RegEnumValueW, RegSetValueExW, RegEnumKeyW, RegDeleteValueA, RegDeleteValueW, RegQueryValueExW, RegOpenKeyExA, RegCreateKeyExW, RegDeleteKeyA, RegDeleteKeyW, RegEnumKeyExA, SetFileSecurityW, GetFileSecurityW, RegCloseKey, RegSetValueExA, RegCreateKeyExA, RegQueryValueExA
    ole32.dll: CoUninitialize, CoInitialize
    VERSION.dll: GetFileVersionInfoSizeW, GetFileVersionInfoA, GetFileVersionInfoW, GetFileVersionInfoSizeA, VerQueryValueA
    KERNEL32.dll: GetLocalTime, WriteProfileSectionA, GetPrivateProfileStringA, WriteFile, GetSystemTime, VirtualAlloc, VirtualFree, FlushFileBuffers, CreateDirectoryA, GetLogicalDrives, ReadFile, DeleteFileW, GetFileType, MoveFileW, GetDriveTypeW, GetCommandLineA, GetCurrentProcessId, GetCPInfo, GetOEMCP, GetACP, GetTimeZoneInformation, GetStartupInfoA, GlobalFree, GlobalAlloc, MulDiv, GetVersion, FreeLibrary, GetDriveTypeA, GetProcAddress, LoadLibraryA, SetEndOfFile, SetFilePointer, CloseHandle, UnmapViewOfFile, MapViewOfFile, CreateFileMappingA, GetFileSize, CreateFileA, GetWindowsDirectoryA, GetShortPathNameA, GetFullPathNameA, MoveFileExW, MoveFileExA, CopyFileA, GetFileAttributesA, GetModuleFileNameA, MoveFileA, SetEnvironmentVariableA, GetTempPathA, SetErrorMode, CreateMutexA, SetFileApisToANSI, ReleaseMutex, AreFileApisANSI, WaitForSingleObject, GetVolumeInformationA, GetDiskFreeSpaceA, GetSystemDirectoryA, WideCharToMultiByte, GetProfileSectionA, GetPrivateProfileSectionA, GetProfileStringA, FindFirstFileW, SetStdHandle, DeleteFileA, SetFileAttributesA, WriteProfileStringA, FileTimeToSystemTime, WritePrivateProfileStringA, WritePrivateProfileSectionA, WriteProfileStringW, WritePrivateProfileStringW, CopyFileW, GetExitCodeProcess, CreateProcessA, lstrcmpiA, GetLastError, CreateFileW, GetSystemInfo, LockResource, LoadResource, FindResourceA, SetFileApisToOEM, MultiByteToWideChar, GetFullPathNameW, FindClose, FindNextFileW, RaiseException, FindFirstFileA, FindNextFileA, GetModuleHandleA, FileTimeToLocalFileTime, LocalFileTimeToFileTime, SystemTimeToFileTime, SetFileAttributesW, SetFileTime, GetFileAttributesW, GetShortPathNameW, SetCurrentDirectoryA, GetStdHandle, CreateDirectoryW, RtlUnwind, RemoveDirectoryW, RemoveDirectoryA, GetCurrentDirectoryA, ExitProcess, SetCurrentDirectoryW, SetEnvironmentVariableW, GetCurrentDirectoryW, GetEnvironmentStrings

    [[ 13 export(s) ]]
    RTPBatSvr, RTPRegSvr, RTPRenSvr, RTPatchApply32@12, RTPatchApply32NoCall, RTPatchEnumPatches@12, RTPatchSetAttribGet@8, RTPatchSetAttribSet@8, RTPatchSetCreate@8, RTPatchSetDelete@8, RTPatchSetDirWalk@8, RTPatchSetOpen@8, RTPatchSetRename@8
    ExifTool:
    file metadata
    CharacterSet: Windows, Latin1
    CodeSize: 159232
    CompanyName: Pocket Soft, Inc.
    EntryPoint: 0x20528
    FileDescription: RTPatch Executable
    FileFlagsMask: 0x0000
    FileOS: Win32
    FileSize: 192 kB
    FileSubtype: 0
    FileType: Win32 DLL
    FileVersion: 6.5
    FileVersionNumber: 6.50.0.0
    ImageVersion: 0.0
    InitializedDataSize: 36864
    InternalName:
    LanguageCode: English (U.S.)
    LegalCopyright: (C) Copyright Pocket Soft, Inc., 2002. All Rights Reserved.
    LinkerVersion: 2.55
    MIMEType: application/octet-stream
    MachineType: Intel 386 or later, and compatibles
    OSVersion: 1.0
    ObjectFileType: Dynamic link library
    PEType: PE32
    ProductName: RTPatch
    ProductVersion: 6.5
    ProductVersionNumber: 6.50.0.0
    Subsystem: Windows GUI
    SubsystemVersion: 4.0
    TimeStamp: 2002:02:27 18:04:53+01:00
    UninitializedDataSize: 18944


    Am Anfang hatte es da noch eine Liste mit Antiviren Programmen, alle mit einem "-" bei Result.
     
  7. #6 Leonixx, 01.05.2011
    Leonixx

    Leonixx
    Moderator

    Dabei seit:
    17.10.2007
    Beiträge:
    18.903
    Zustimmungen:
    0
    Ort:
    NIX DO
    Auf view last report klicken bzw. auch das was bei den AV Scannern angezeigt wird.
     
  8. 1886

    1886 Neuer Benutzer

    Dabei seit:
    27.04.2010
    Beiträge:
    19
    Zustimmungen:
    0
    Oke hier der Bericht inkl. AV Scanner:

    Antivirus Version Last Update Result
    AhnLab-V3 2011.05.01.00 2011.04.30 -
    AntiVir 7.11.7.92 2011.04.30 -
    Antiy-AVL 2.0.3.7 2011.05.01 -
    Avast 4.8.1351.0 2011.04.30 -
    Avast5 5.0.677.0 2011.04.30 -
    AVG 10.0.0.1190 2011.04.30 -
    BitDefender 7.2 2011.05.01 -
    CAT-QuickHeal 11.00 2011.04.30 -
    ClamAV 0.97.0.0 2011.05.01 -
    Commtouch 5.3.2.6 2011.05.01 -
    Comodo 8536 2011.05.01 -
    DrWeb 5.0.2.03300 2011.05.01 -
    Emsisoft 5.1.0.5 2011.05.01 -
    eSafe 7.0.17.0 2011.04.28 -
    eTrust-Vet 36.1.8299 2011.04.29 -
    F-Prot 4.6.2.117 2011.05.01 -
    F-Secure 9.0.16440.0 2011.05.01 -
    Fortinet 4.2.257.0 2011.05.01 -
    GData 22 2011.05.01 -
    Ikarus T3.1.1.103.0 2011.05.01 -
    Jiangmin 13.0.900 2011.04.30 -
    K7AntiVirus 9.98.4527 2011.04.30 -
    Kaspersky 9.0.0.837 2011.05.01 -
    McAfee 5.400.0.1158 2011.05.01 -
    McAfee-GW-Edition 2010.1D 2011.04.30 -
    Microsoft 1.6802 2011.05.01 -
    NOD32 6084 2011.05.01 -
    Norman 6.07.07 2011.05.01 -
    Panda 10.0.3.5 2011.04.30 -
    PCTools 7.0.3.5 2011.04.29 -
    Prevx 3.0 2011.05.01 -
    Rising 23.55.04.03 2011.04.29 -
    Sophos 4.64.0 2011.05.01 -
    SUPERAntiSpyware 4.40.0.1006 2011.05.01 -
    Symantec 20101.3.2.89 2011.05.01 -
    TheHacker 6.7.0.1.184 2011.04.30 -
    TrendMicro 9.200.0.1012 2011.05.01 -
    TrendMicro-HouseCall 9.200.0.1012 2011.05.01 -
    VBA32 3.12.16.0 2011.04.29 -
    VIPRE 9167 2011.05.01 -
    ViRobot 2011.4.30.4439 2011.04.30 -
    VirusBuster 13.6.329.0 2011.04.30 -
    Additional information
    Show all
    MD5 : 3f30e7d132d62476db9ba5ebb0f7b902
    SHA1 : de83f87fcf06d5e468dc7cb5ac74a52baa0c9f07
    SHA256: 9d8a1abb2023068ba8c02a8e65046d2f8a0d77c6f2d63edf9690f3763d20d45b
    ssdeep: 6144:BzuSU6//FNSJHurd930aGssW7VAE0OxaEAiSKLvnxYm7aB8n:BzAk9NSJHmUW7VD7xxLvn
    File size : 197120 bytes
    First seen: 2009-05-15 00:04:17
    Last seen : 2011-05-01 08:13:34
    Magic: PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
    TrID:
    Win32 Executable MS Visual C++ (generic) (65.1%)
    Win32 Executable Generic (14.7%)
    Win32 Dynamic Link Library (generic) (13.1%)
    Generic Win/DOS Executable (3.4%)
    DOS Executable Generic (3.4%)
    sigcheck:
    publisher....: Pocket Soft, Inc.
    copyright....: (C) Copyright Pocket Soft, Inc., 2002. All Rights Reserved.
    product......: RTPatch
    description..: RTPatch Executable
    original name: n/a
    internal name:
    file version.: 6.50
    comments.....: n/a
    signers......: -
    signing date.: -
    verified.....: Unsigned
    PEiD: -
    PEInfo: PE structure information

    [[ basic data ]]
    entrypointaddress: 0x20528
    timedatestamp....: 0x3C7D11B5 (Wed Feb 27 17:04:53 2002)
    machinetype......: 0x14C (Intel I386)

    [[ 8 section(s) ]]
    name, viradd, virsiz, rawdsiz, ntropy, md5
    .text, 0x1000, 0x26C1A, 0x26E00, 6.43, e0e7252d72d3ad4958ea614deb1e57a2
    .bss, 0x28000, 0x48F4, 0x0, 0.0, d41d8cd98f00b204e9800998ecf8427e
    .rdata, 0x2D000, 0xE1, 0x200, 2.94, 2feedda6d28c1504d21b4445f73155c7
    .data, 0x2E000, 0x2F7C, 0x3000, 4.34, 1da4729f76e5192b2260932674f8f5ff
    .idata, 0x31000, 0x10BE, 0x1200, 5.27, aa185f974cde9fc961ecbf522557a03e
    .edata, 0x33000, 0x19C, 0x200, 4.44, fea988816c8bff8427463acb38cc4038
    .rsrc, 0x34000, 0x1838, 0x1A00, 5.34, 38b343cba444aca2f47bf7b478a3f87b
    .reloc, 0x36000, 0x2E7E, 0x3000, 6.57, e08c3c338b835b3dd76bbcd855ecf8ef

    [[ 5 import(s) ]]
    advapi32.dll: RegOpenKeyExW, RegQueryInfoKeyA, RegEnumValueA, RegEnumKeyA, RegEnumValueW, RegSetValueExW, RegEnumKeyW, RegDeleteValueA, RegDeleteValueW, RegQueryValueExW, RegOpenKeyExA, RegCreateKeyExW, RegDeleteKeyA, RegDeleteKeyW, RegEnumKeyExA, SetFileSecurityW, GetFileSecurityW, RegCloseKey, RegSetValueExA, RegCreateKeyExA, RegQueryValueExA
    kernel32.dll: GetLocalTime, WriteProfileSectionA, GetPrivateProfileStringA, WriteFile, GetSystemTime, VirtualAlloc, VirtualFree, FlushFileBuffers, CreateDirectoryA, GetLogicalDrives, ReadFile, DeleteFileW, GetFileType, MoveFileW, GetDriveTypeW, GetCommandLineA, GetCurrentProcessId, GetCPInfo, GetOEMCP, GetACP, GetTimeZoneInformation, GetStartupInfoA, GlobalFree, GlobalAlloc, MulDiv, GetVersion, FreeLibrary, GetDriveTypeA, GetProcAddress, LoadLibraryA, SetEndOfFile, SetFilePointer, CloseHandle, UnmapViewOfFile, MapViewOfFile, CreateFileMappingA, GetFileSize, CreateFileA, GetWindowsDirectoryA, GetShortPathNameA, GetFullPathNameA, MoveFileExW, MoveFileExA, CopyFileA, GetFileAttributesA, GetModuleFileNameA, MoveFileA, SetEnvironmentVariableA, GetTempPathA, SetErrorMode, CreateMutexA, SetFileApisToANSI, ReleaseMutex, AreFileApisANSI, WaitForSingleObject, GetVolumeInformationA, GetDiskFreeSpaceA, GetSystemDirectoryA, WideCharToMultiByte, GetProfileSectionA, GetPrivateProfileSectionA, GetProfileStringA, FindFirstFileW, SetStdHandle, DeleteFileA, SetFileAttributesA, WriteProfileStringA, FileTimeToSystemTime, WritePrivateProfileStringA, WritePrivateProfileSectionA, WriteProfileStringW, WritePrivateProfileStringW, CopyFileW, GetExitCodeProcess, CreateProcessA, lstrcmpiA, GetLastError, CreateFileW, GetSystemInfo, LockResource, LoadResource, FindResourceA, SetFileApisToOEM, MultiByteToWideChar, GetFullPathNameW, FindClose, FindNextFileW, RaiseException, FindFirstFileA, FindNextFileA, GetModuleHandleA, FileTimeToLocalFileTime, LocalFileTimeToFileTime, SystemTimeToFileTime, SetFileAttributesW, SetFileTime, GetFileAttributesW, GetShortPathNameW, SetCurrentDirectoryA, GetStdHandle, CreateDirectoryW, RtlUnwind, RemoveDirectoryW, RemoveDirectoryA, GetCurrentDirectoryA, ExitProcess, SetCurrentDirectoryW, SetEnvironmentVariableW, GetCurrentDirectoryW, GetEnvironmentStrings
    ole32.dll: CoUninitialize, CoInitialize
    user32.dll: LoadStringA, OemToCharA, wsprintfA, TranslateMessage, PeekMessageA, DispatchMessageA, DdeDisconnect, CharToOemA, DdeUninitialize, DdeFreeStringHandle, DdeClientTransaction, DdeCreateDataHandle, DdeInitializeA, DdeConnect, DdeCreateStringHandleA, wvsprintfA
    version.dll: GetFileVersionInfoSizeW, GetFileVersionInfoA, GetFileVersionInfoW, GetFileVersionInfoSizeA, VerQueryValueA

    [[ 13 export(s) ]]
    RTPBatSvr, RTPRegSvr, RTPRenSvr, RTPatchApply32@12, RTPatchApply32NoCall, RTPatchEnumPatches@12, RTPatchSetAttribGet@8, RTPatchSetAttribSet@8, RTPatchSetCreate@8, RTPatchSetDelete@8, RTPatchSetDirWalk@8, RTPatchSetOpen@8, RTPatchSetRename@8
    ThreatExpert:
    ThreatExpert Report
    ExifTool:
    file metadata
    CharacterSet: Windows, Latin1
    CodeSize: 159232
    CompanyName: Pocket Soft, Inc.
    EntryPoint: 0x20528
    FileDescription: RTPatch Executable
    FileFlagsMask: 0x0000
    FileOS: Win32
    FileSize: 192 kB
    FileSubtype: 0
    FileType: Win32 DLL
    FileVersion: 6.5
    FileVersionNumber: 6.50.0.0
    ImageVersion: 0.0
    InitializedDataSize: 36864
    InternalName:
    LanguageCode: English (U.S.)
    LegalCopyright: (C) Copyright Pocket Soft, Inc., 2002. All Rights Reserved.
    LinkerVersion: 2.55
    MIMEType: application/octet-stream
    MachineType: Intel 386 or later, and compatibles
    OSVersion: 1.0
    ObjectFileType: Dynamic link library
    PEType: PE32
    ProductName: RTPatch
    ProductVersion: 6.5
    ProductVersionNumber: 6.50.0.0
    Subsystem: Windows GUI
    SubsystemVersion: 4.0
    TimeStamp: 2002:02:27 18:04:53+01:00
    UninitializedDataSize: 18944
    RDS: NSRL Reference Data Set

    Intuit Inc.
    QuickBooks Pro 2008, 2008: patchw32.dll
    QuickBooks Premier 2008, 2008: patchw32.dll
    QuickBooks Simple Start 2008, 2008: patchw32.dll
    QuickBooks Standard Payroll, 2007: patchw32.dll
    QuickBooks Contractor 2008, 2008: patchw32.dll
    QuickBooks Invoice Manager, 2007: patchw32.dll
    QuickBooks Premier Edition 2006, 2006: patchw32.dll
    Quickbooks Pro 2007, 2007: patchw32.dll
    QuickBooks Accountant 2008, 2008: patchw32.dll
    QuickBook Premier Edition 2006, 2006: patchw32.dll
    QuickBooks Premier Professional Services Edition, 2005: patchw32.dll
    QuickBooks Simple Start Edition 2006, 2006: patchw32.dll
    QuickBooks Manufacturing & Wholesale 2008, 2008: patchw32.dll
    QuickBooks Nonprofit 2008, 2008: patchw32.dll
    QuickBooks Professional Services 2008, 2008: patchw32.dll
    QuickBooks Pro Edition 2006, 2006: patchw32.dll

    Microsoft
    Age of Empires 3, na: patchw32.dll
    Age of Mythology, NA: PATCHW32.DLL

    Microsoft Game Studios
    Age of Mythology, 2007: PATCHW32.DLL
    Age of Empires III, 3: patchw32.dll



    Die Site zeigt übrigens an dass von der Datei schon ein Log aus dem Jahr 2009 vorhanden ist. Ich hab die Site aber noch nie vorher benutzt...
     
  9. #8 Leonixx, 01.05.2011
    Leonixx

    Leonixx
    Moderator

    Dabei seit:
    17.10.2007
    Beiträge:
    18.903
    Zustimmungen:
    0
    Ort:
    NIX DO
  10. AdMan

    Es ist generell erstmal empfehlenswert alle ggf. veralteten oder fehlerhaften Treiber zu scannen und auf neue zu aktualisieren. Hier kannst du einen Treiber-Scanner downloaden. Das erspart oftmals viel Ärger und hilft gegen diverse Probleme.
    Registrieren bzw. einloggen, um diese und auch andere Anzeigen zu deaktivieren.
  11. 1886

    1886 Neuer Benutzer

    Dabei seit:
    27.04.2010
    Beiträge:
    19
    Zustimmungen:
    0
    ESETSmartInstaller@High as downloader log:
    all ok
    # version=7
    # OnlineScannerApp.exe=1.0.0.1
    # OnlineScanner.ocx=1.0.0.6427
    # api_version=3.0.2
    # EOSSerial=0e5c1122577f3649814c0c82a010fc72
    # end=finished
    # remove_checked=true
    # archives_checked=false
    # unwanted_checked=true
    # unsafe_checked=false
    # antistealth_checked=true
    # utc_time=2011-05-03 10:51:45
    # local_time=2011-05-03 12:51:45 (+0100, Mitteleuropäische Sommerzeit)
    # country="Switzerland"
    # lang=1033
    # osver=6.1.7601 NT Service Pack 1
    # compatibility_mode=512 16777215 100 0 177118 177118 0 0
    # compatibility_mode=1797 16775165 100 94 1153 79930497 0 0
    # compatibility_mode=5893 16776573 100 94 89585 56046381 0 0
    # compatibility_mode=8192 67108863 100 0 245 245 0 0
    # scanned=271166
    # found=1
    # cleaned=1
    # scan_time=4715
    C:\Users\Reton\Saved Games\PC\F.E.A.R\Keygen\Keygen for F.E.A.R.exe probably a variant of Win32/Agent.ECGGPHP trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
     
  12. #10 stockcarpilot, 03.05.2011
    stockcarpilot

    stockcarpilot
    Moderator

    Dabei seit:
    20.06.2008
    Beiträge:
    4.123
    Zustimmungen:
    6
    Ort:
    NRW
    Hallo

    Du weißt schon, das Keygeneratoren oft Schädlinge mit sich bringen:(

    Gruß stockcarpilot
     
Thema:

Trojan.Hiloti canters.dll