AV Security Suite Antimalware- was noch? Hallo, hier wieder alle Infos:
1. Gmer
GMER Logfile:
GMER Logfile:
Code:
Alles auswählen Aufklappen ATTFilter
GMER 1.0.15.15281 - hxxp://www.gmer.net
Rootkit scan 2010-07-15 20:45:53
Windows 5.1.2600 Service Pack 3
Running: gmer.exe; Driver: C:\DOKUME~1\MARIE~1.BAL\LOKALE~1\Temp\pxtdqpog.sys
---- System - GMER 1.0.15 ----
SSDT Lbd.sys (Boot Driver/Lavasoft AB) ZwCreateKey [0xF885687E]
SSDT sptd.sys ZwEnumerateKey [0xF870484C]
SSDT sptd.sys ZwEnumerateValueKey [0xF8704BEC]
SSDT sptd.sys ZwOpenKey [0xF86FF090]
SSDT sptd.sys ZwQueryKey [0xF8704CC4]
SSDT sptd.sys ZwQueryValueKey [0xF8704B44]
SSDT Lbd.sys (Boot Driver/Lavasoft AB) ZwSetValueKey [0xF8856BFE]
---- Kernel code sections - GMER 1.0.15 ----
? jcwwarnm.sys Das System kann die angegebene Datei nicht finden. !
? C:\WINDOWS\system32\drivers\sptd.sys Der Prozess kann nicht auf die Datei zugreifen, da sie von einem anderen Prozess verwendet wird.
.text C:\WINDOWS\System32\DRIVERS\nv4_mini.sys section is writeable [0xF7DE3340, 0xFD01F, 0xF8000020]
.text USBPORT.SYS!DllUnload F7DC38AC 5 Bytes JMP 831FB960
.text C:\WINDOWS\System32\drivers\SSHDRV86.sys section is writeable [0xF69D3000, 0x26354, 0xE8000020]
.pklstb C:\WINDOWS\System32\drivers\SSHDRV86.sys entry point in ".pklstb" section [0xF6A08000]
.relo2 C:\WINDOWS\System32\drivers\SSHDRV86.sys unknown last section [0xF6A1F000, 0x8E, 0x42000040]
.text C:\WINDOWS\System32\nv4_disp.dll section is writeable [0xBF012300, 0x235FC0, 0xF8000020]
.text C:\WINDOWS\System32\drivers\hardlock.sys section is writeable [0xF41B8400, 0x4C904, 0xE0000020]
.protectÿÿÿÿhardlockentry point in ".protectÿÿÿÿhardlockentry point in ".protectÿÿÿÿhardlockentry point in ".p" section [0xF421CA20] C:\WINDOWS\System32\drivers\hardlock.sys entry point in ".protectÿÿÿÿhardlockentry point in ".protectÿÿÿÿhardlockentry point in ".p" section [0xF421CA20]
.protectÿÿÿÿhardlockunknown last code section [0xF421C800, 0x548B, 0xE0000020] C:\WINDOWS\System32\drivers\hardlock.sys unknown last code section [0xF421C800, 0x548B, 0xE0000020]
.text C:\WINDOWS\System32\DRIVERS\litsgt.sys section is writeable [0xF4172300, 0x1F510, 0xE8000020]
---- Kernel IAT/EAT - GMER 1.0.15 ----
IAT \WINDOWS\System32\Drivers\SCSIPORT.SYS[ntoskrnl.exe!IoConnectInterrupt] [F8713580] sptd.sys
IAT pci.sys[ntoskrnl.exe!IoDetachDevice] [F871352C] sptd.sys
IAT pci.sys[ntoskrnl.exe!IoAttachDeviceToDeviceStack] [F872DAB8] sptd.sys
IAT atapi.sys[ntoskrnl.exe!IoConnectInterrupt] [F8713580] sptd.sys
IAT atapi.sys[HAL.dll!READ_PORT_UCHAR] [F86FFABA] sptd.sys
IAT atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT] [F86FFC00] sptd.sys
IAT atapi.sys[HAL.dll!READ_PORT_USHORT] [F86FFB82] sptd.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT] [F870072E] sptd.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_UCHAR] [F8700604] sptd.sys
IAT \SystemRoot\System32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [F8712B9A] sptd.sys
---- Devices - GMER 1.0.15 ----
Device \FileSystem\Ntfs \Ntfs 833661D8
Device \FileSystem\Fastfat \FatCdrom 83177600
Device \Driver\usbuhci \Device\USBPDO-0 831FA1D8
Device \Driver\dmio \Device\DmControl\DmIoDaemon 833D51D8
Device \Driver\dmio \Device\DmControl\DmConfig 833D51D8
Device \Driver\dmio \Device\DmControl\DmPnP 833D51D8
Device \Driver\dmio \Device\DmControl\DmInfo 833D51D8
Device \Driver\usbuhci \Device\USBPDO-1 831FA1D8
Device \Driver\NetBT \Device\NetBT_Tcpip_{C6F9D222-67B7-4520-9E86-F604831D9E73} 83147980
Device \Driver\Ftdisk \Device\HarddiskVolume1 833681D8
Device \Driver\Ftdisk \Device\HarddiskVolume2 833681D8
Device \Driver\Cdrom \Device\CdRom0 83104980
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 [F8634B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdePort0 [F8634B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdePort1 [F8634B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e [F8634B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\NetBT \Device\NetBt_Wins_Export 83147980
Device \Driver\NetBT \Device\NetbiosSmb 83147980
Device \Driver\usbuhci \Device\USBFDO-0 831FA1D8
Device \Driver\usbuhci \Device\USBFDO-1 831FA1D8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 8309E8E8
Device \FileSystem\MRxSmb \Device\LanmanRedirector 8309E8E8
Device \Driver\Ftdisk \Device\FtControl 833681D8
Device \FileSystem\Fastfat \Fat 83177600
AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
Device \FileSystem\Cdfs \Cdfs 82F7E378
---- Registry - GMER 1.0.15 ----
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 -146420503
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 -916502386
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0xA9 0x02 0xA8 0x4A ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0xA9 0x02 0xA8 0x4A ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Programme\Alcohol 120\
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0xA9 0x02 0xA8 0x4A ...
---- EOF - GMER 1.0.15 ----
--- --- ---
--- --- ---
[/code]
2. rootrepeal
hidden
Code:
Alles auswählen Aufklappen ATTFilter
ROOTREPEAL (c) AD, 2007-2009
==================================================
Scan Start Time: 2010/07/15 21:03
Program Version: Version 1.3.5.0
Windows Version: Windows XP SP3
==================================================
Drivers
-------------------
Name: 00000099
Image Path: \Driver\00000099
Address: 0x00000000 Size: 0 File Visible: No Signed: -
Status: -
Name: ac97intc.sys
Image Path: C:\WINDOWS\system32\drivers\ac97intc.sys
Address: 0xF7D2D000 Size: 96256 File Visible: - Signed: -
Status: -
Name: ACPI.sys
Image Path: ACPI.sys
Address: 0xF86B7000 Size: 188800 File Visible: - Signed: -
Status: -
Name: ACPI_HAL
Image Path: \Driver\ACPI_HAL
Address: 0x804D7000 Size: 2192256 File Visible: - Signed: -
Status: -
Name: ACPIEC.sys
Image Path: ACPIEC.sys
Address: 0xF8C12000 Size: 12160 File Visible: - Signed: -
Status: -
Name: afd.sys
Image Path: C:\WINDOWS\System32\drivers\afd.sys
Address: 0xF68FC000 Size: 138496 File Visible: - Signed: -
Status: -
Name: agp440.sys
Image Path: agp440.sys
Address: 0xF8866000 Size: 42368 File Visible: - Signed: -
Status: -
Name: ASPI32.SYS
Image Path: C:\WINDOWS\System32\Drivers\ASPI32.SYS
Address: 0xF8BCE000 Size: 16512 File Visible: - Signed: -
Status: -
Name: atapi.sys
Image Path: atapi.sys
Address: 0xF862B000 Size: 98304 File Visible: - Signed: -
Status: -
Name: atapi.sys
Image Path: atapi.sys
Address: 0x00000000 Size: 0 File Visible: - Signed: -
Status: -
Name: ATMFD.DLL
Image Path: C:\WINDOWS\System32\ATMFD.DLL
Address: 0xBFFA0000 Size: 286720 File Visible: - Signed: -
Status: -
Name: aucbcfg.sys
Image Path: C:\WINDOWS\system32\DRIVERS\aucbcfg.sys
Address: 0xF8D26000 Size: 5088 File Visible: - Signed: -
Status: -
Name: audstub.sys
Image Path: C:\WINDOWS\System32\DRIVERS\audstub.sys
Address: 0xF8DCE000 Size: 3072 File Visible: - Signed: -
Status: -
Name: avgio.sys
Image Path: C:\Programme\Avira\AntiVir Desktop\avgio.sys
Address: 0xF8D74000 Size: 6144 File Visible: - Signed: -
Status: -
Name: avgntflt.sys
Image Path: C:\WINDOWS\system32\DRIVERS\avgntflt.sys
Address: 0xF44F7000 Size: 81920 File Visible: - Signed: -
Status: -
Name: BATTC.SYS
Image Path: C:\WINDOWS\System32\DRIVERS\BATTC.SYS
Address: 0xF8C0E000 Size: 16384 File Visible: - Signed: -
Status: -
Name: Beep.SYS
Image Path: C:\WINDOWS\System32\Drivers\Beep.SYS
Address: 0xF8D6E000 Size: 4224 File Visible: - Signed: -
Status: -
Name: BOOTVID.dll
Image Path: C:\WINDOWS\system32\BOOTVID.dll
Address: 0xF8C06000 Size: 12288 File Visible: - Signed: -
Status: -
Name: Cdfs.SYS
Image Path: C:\WINDOWS\System32\Drivers\Cdfs.SYS
Address: 0xF89A6000 Size: 63744 File Visible: - Signed: -
Status: -
Name: cdrom.sys
Image Path: C:\WINDOWS\System32\DRIVERS\cdrom.sys
Address: 0xF7F17000 Size: 62976 File Visible: - Signed: -
Status: -
Name: CLASSPNP.SYS
Image Path: C:\WINDOWS\System32\DRIVERS\CLASSPNP.SYS
Address: 0xF8846000 Size: 53248 File Visible: - Signed: -
Status: -
Name: CmBatt.sys
Image Path: C:\WINDOWS\System32\DRIVERS\CmBatt.sys
Address: 0xF8CDE000 Size: 13952 File Visible: - Signed: -
Status: -
Name: compbatt.sys
Image Path: compbatt.sys
Address: 0xF8C0A000 Size: 10240 File Visible: - Signed: -
Status: -
Name: disk.sys
Image Path: disk.sys
Address: 0xF8836000 Size: 36352 File Visible: - Signed: -
Status: -
Name: dmio.sys
Image Path: dmio.sys
Address: 0xF8643000 Size: 154112 File Visible: - Signed: -
Status: -
Name: dmload.sys
Image Path: dmload.sys
Address: 0xF8CFC000 Size: 5888 File Visible: - Signed: -
Status: -
Name: drmk.sys
Image Path: C:\WINDOWS\system32\drivers\drmk.sys
Address: 0xF88A6000 Size: 61440 File Visible: - Signed: -
Status: -
Name: dump_atapi.sys
Image Path: C:\WINDOWS\System32\Drivers\dump_atapi.sys
Address: 0xF67FB000 Size: 98304 File Visible: No Signed: -
Status: -
Name: dump_WMILIB.SYS
Image Path: C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS
Address: 0xF8D76000 Size: 8192 File Visible: No Signed: -
Status: -
Name: Dxapi.sys
Image Path: C:\WINDOWS\System32\drivers\Dxapi.sys
Address: 0xF7A3C000 Size: 12288 File Visible: - Signed: -
Status: -
Name: dxg.sys
Image Path: C:\WINDOWS\System32\drivers\dxg.sys
Address: 0xBF000000 Size: 73728 File Visible: - Signed: -
Status: -
Name: dxgthk.sys
Image Path: C:\WINDOWS\System32\drivers\dxgthk.sys
Address: 0xF8E4F000 Size: 4096 File Visible: - Signed: -
Status: -
Name: el90xbc5.sys
Image Path: C:\WINDOWS\System32\DRIVERS\el90xbc5.sys
Address: 0xF7D9A000 Size: 66560 File Visible: - Signed: -
Status: -
Name: Fastfat.SYS
Image Path: C:\WINDOWS\System32\Drivers\Fastfat.SYS
Address: 0xF4194000 Size: 143744 File Visible: - Signed: -
Status: -
Name: fdc.sys
Image Path: C:\WINDOWS\System32\DRIVERS\fdc.sys
Address: 0xF8B46000 Size: 27392 File Visible: - Signed: -
Status: -
Name: Fips.SYS
Image Path: C:\WINDOWS\System32\Drivers\Fips.SYS
Address: 0xF8976000 Size: 44672 File Visible: - Signed: -
Status: -
Name: flpydisk.sys
Image Path: C:\WINDOWS\System32\DRIVERS\flpydisk.sys
Address: 0xF8B8E000 Size: 20480 File Visible: - Signed: -
Status: -
Name: fltmgr.sys
Image Path: fltmgr.sys
Address: 0xF860B000 Size: 129792 File Visible: - Signed: -
Status: -
Name: Fs_Rec.SYS
Image Path: C:\WINDOWS\System32\Drivers\Fs_Rec.SYS
Address: 0xF8D6C000 Size: 7936 File Visible: - Signed: -
Status: -
Name: ftdisk.sys
Image Path: ftdisk.sys
Address: 0xF8669000 Size: 126336 File Visible: - Signed: -
Status: -
Name: GEARAspiWDM.sys
Image Path: C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
Address: 0xF8B4E000 Size: 21120 File Visible: - Signed: -
Status: -
Name: hal.dll
Image Path: C:\WINDOWS\system32\hal.dll
Address: 0x806EF000 Size: 81152 File Visible: - Signed: -
Status: -
Name: hardlock.sys
Image Path: C:\WINDOWS\System32\drivers\hardlock.sys
Address: 0xF41B8000 Size: 433664 File Visible: - Signed: -
Status: -
Name: HIDCLASS.SYS
Image Path: C:\WINDOWS\System32\DRIVERS\HIDCLASS.SYS
Address: 0xF89B6000 Size: 36864 File Visible: - Signed: -
Status: -
Name: HIDPARSE.SYS
Image Path: C:\WINDOWS\System32\DRIVERS\HIDPARSE.SYS
Address: 0xF8B9E000 Size: 28672 File Visible: - Signed: -
Status: -
Name: hidusb.sys
Image Path: C:\WINDOWS\System32\DRIVERS\hidusb.sys
Address: 0xF7B2B000 Size: 10368 File Visible: - Signed: -
Status: -
Name: HSF_CNXT.sys
Image Path: C:\WINDOWS\System32\DRIVERS\HSF_CNXT.sys
Address: 0xF7B4F000 Size: 569088 File Visible: - Signed: -
Status: -
Name: HSF_DP.sys
Image Path: C:\WINDOWS\System32\DRIVERS\HSF_DP.sys
Address: 0xF7BDA000 Size: 1091936 File Visible: - Signed: -
Status: -
Name: HSFHWICH.sys
Image Path: C:\WINDOWS\System32\DRIVERS\HSFHWICH.sys
Address: 0xF7CE5000 Size: 144832 File Visible: - Signed: -
Status: -
Name: HTTP.sys
Image Path: C:\WINDOWS\System32\Drivers\HTTP.sys
Address: 0xF3A9B000 Size: 265728 File Visible: - Signed: -
Status: -
Name: i8042prt.sys
Image Path: C:\WINDOWS\System32\DRIVERS\i8042prt.sys
Address: 0xF7F57000 Size: 52992 File Visible: - Signed: -
Status: -
Name: imapi.sys
Image Path: C:\WINDOWS\System32\DRIVERS\imapi.sys
Address: 0xF7F27000 Size: 42112 File Visible: - Signed: -
Status: -
Name: intelide.sys
Image Path: intelide.sys
Address: 0xF8CFA000 Size: 5504 File Visible: - Signed: -
Status: -
Name: intelppm.sys
Image Path: C:\WINDOWS\System32\DRIVERS\intelppm.sys
Address: 0xF7F67000 Size: 40448 File Visible: - Signed: -
Status: -
Name: ipnat.sys
Image Path: C:\WINDOWS\System32\DRIVERS\ipnat.sys
Address: 0xF6813000 Size: 152832 File Visible: - Signed: -
Status: -
Name: ipsec.sys
Image Path: C:\WINDOWS\System32\DRIVERS\ipsec.sys
Address: 0xF699F000 Size: 75264 File Visible: - Signed: -
Status: -
Name: isapnp.sys
Image Path: isapnp.sys
Address: 0xF8806000 Size: 37632 File Visible: - Signed: -
Status: -
Name: jcwwarnm.sys
Image Path: jcwwarnm.sys
Address: 0xF87F6000 Size: 54016 File Visible: No Signed: -
Status: -
Name: kbdclass.sys
Image Path: C:\WINDOWS\System32\DRIVERS\kbdclass.sys
Address: 0xF8B36000 Size: 25216 File Visible: - Signed: -
Status: -
Name: KDCOM.DLL
Image Path: C:\WINDOWS\system32\KDCOM.DLL
Address: 0xF8CF6000 Size: 8192 File Visible: - Signed: -
Status: -
Name: kmixer.sys
Image Path: C:\WINDOWS\system32\drivers\kmixer.sys
Address: 0xF3076000 Size: 172416 File Visible: - Signed: -
Status: -
Name: ks.sys
Image Path: C:\WINDOWS\System32\DRIVERS\ks.sys
Address: 0xF7D45000 Size: 143360 File Visible: - Signed: -
Status: -
Name: KSecDD.sys
Image Path: KSecDD.sys
Address: 0xF85E2000 Size: 92928 File Visible: - Signed: -
Status: -
Name: L8042Pr2.sys
Image Path: C:\WINDOWS\System32\DRIVERS\L8042Pr2.sys
Address: 0xF7F47000 Size: 45984 File Visible: - Signed: -
Status: -
Name: Lbd.sys
Image Path: Lbd.sys
Address: 0xF8856000 Size: 57600 File Visible: - Signed: -
Status: -
Name: LHidFlt2.sys
Image Path: C:\WINDOWS\System32\DRIVERS\LHidFlt2.sys
Address: 0xF8BD6000 Size: 20992 File Visible: - Signed: -
Status: -
Name: litsgt.sys
Image Path: C:\WINDOWS\System32\DRIVERS\litsgt.sys
Address: 0xF4172000 Size: 137344 File Visible: - Signed: -
Status: -
Name: LKbdFlt2.sys
Image Path: C:\WINDOWS\System32\DRIVERS\LKbdFlt2.sys
Address: 0xF8D2C000 Size: 5248 File Visible: - Signed: -
Status: -
Name: LMouFlt2.sys
Image Path: C:\WINDOWS\System32\DRIVERS\LMouFlt2.sys
Address: 0xF7F37000 Size: 60384 File Visible: - Signed: -
Status: -
Name: mdmxsdk.sys
Image Path: C:\WINDOWS\System32\DRIVERS\mdmxsdk.sys
Address: 0xF4357000 Size: 8768 File Visible: - Signed: -
Status: -
Name: mnmdd.SYS
Image Path: C:\WINDOWS\System32\Drivers\mnmdd.SYS
Address: 0xF8D70000 Size: 4224 File Visible: - Signed: -
Status: -
Name: Modem.SYS
Image Path: C:\WINDOWS\System32\Drivers\Modem.SYS
Address: 0xF8B56000 Size: 30336 File Visible: - Signed: -
Status: -
Name: mouclass.sys
Image Path: C:\WINDOWS\System32\DRIVERS\mouclass.sys
Address: 0xF8B3E000 Size: 23552 File Visible: - Signed: -
Status: -
Name: mouhid.sys
Image Path: C:\WINDOWS\System32\DRIVERS\mouhid.sys
Address: 0xF7B27000 Size: 12288 File Visible: - Signed: -
Status: -
Name: MountMgr.sys
Image Path: MountMgr.sys
Address: 0xF8816000 Size: 42368 File Visible: - Signed: -
Status: -
Name: mrxdav.sys
Image Path: C:\WINDOWS\System32\DRIVERS\mrxdav.sys
Address: 0xF4312000 Size: 180608 File Visible: - Signed: -
Status: -
Name: mrxsmb.sys
Image Path: C:\WINDOWS\System32\DRIVERS\mrxsmb.sys
Address: 0xF6839000 Size: 455680 File Visible: - Signed: -
Status: -
Name: Msfs.SYS
Image Path: C:\WINDOWS\System32\Drivers\Msfs.SYS
Address: 0xF8BAE000 Size: 19072 File Visible: - Signed: -
Status: -
Name: msgpc.sys
Image Path: C:\WINDOWS\System32\DRIVERS\msgpc.sys
Address: 0xF88E6000 Size: 35072 File Visible: - Signed: -
Status: -
Name: mssmbios.sys
Image Path: C:\WINDOWS\System32\DRIVERS\mssmbios.sys
Address: 0xF84BD000 Size: 15488 File Visible: - Signed: -
Status: -
Name: Mup.sys
Image Path: Mup.sys
Address: 0xF850E000 Size: 105344 File Visible: - Signed: -
Status: -
Name: NDIS.sys
Image Path: NDIS.sys
Address: 0xF8528000 Size: 182656 File Visible: - Signed: -
Status: -
Name: ndistapi.sys
Image Path: C:\WINDOWS\System32\DRIVERS\ndistapi.sys
Address: 0xF8CE6000 Size: 10112 File Visible: - Signed: -
Status: -
Name: ndisuio.sys
Image Path: C:\WINDOWS\System32\DRIVERS\ndisuio.sys
Address: 0xF4533000 Size: 14592 File Visible: - Signed: -
Status: -
Name: ndiswan.sys
Image Path: C:\WINDOWS\System32\DRIVERS\ndiswan.sys
Address: 0xF7B10000 Size: 91520 File Visible: - Signed: -
Status: -
Name: NDProxy.SYS
Image Path: C:\WINDOWS\System32\Drivers\NDProxy.SYS
Address: 0xF8916000 Size: 40576 File Visible: - Signed: -
Status: -
Name: netbios.sys
Image Path: C:\WINDOWS\System32\DRIVERS\netbios.sys
Address: 0xF8956000 Size: 34688 File Visible: - Signed: -
Status: -
Name: netbt.sys
Image Path: C:\WINDOWS\System32\DRIVERS\netbt.sys
Address: 0xF691E000 Size: 162816 File Visible: - Signed: -
Status: -
Name: Npfs.SYS
Image Path: C:\WINDOWS\System32\Drivers\Npfs.SYS
Address: 0xF8BB6000 Size: 30848 File Visible: - Signed: -
Status: -
Name: Ntfs.sys
Image Path: Ntfs.sys
Address: 0xF8555000 Size: 574976 File Visible: - Signed: -
Status: -
Name: ntoskrnl.exe
Image Path: C:\WINDOWS\system32\ntoskrnl.exe
Address: 0x804D7000 Size: 2192256 File Visible: - Signed: -
Status: -
Name: Null.SYS
Image Path: C:\WINDOWS\System32\Drivers\Null.SYS
Address: 0xF8DF6000 Size: 2944 File Visible: - Signed: -
Status: -
Name: nv4_disp.dll
Image Path: C:\WINDOWS\System32\nv4_disp.dll
Address: 0xBF012000 Size: 3346432 File Visible: - Signed: -
Status: -
Name: nv4_mini.sys
Image Path: C:\WINDOWS\System32\DRIVERS\nv4_mini.sys
Address: 0xF7DE3000 Size: 1260928 File Visible: - Signed: -
Status: -
Name: omci.sys
Image Path: C:\WINDOWS\system32\DRIVERS\omci.sys
Address: 0xF8B7E000 Size: 17088 File Visible: - Signed: -
Status: -
Name: OPRGHDLR.SYS
Image Path: C:\WINDOWS\System32\DRIVERS\OPRGHDLR.SYS
Address: 0xF8DBE000 Size: 4096 File Visible: - Signed: -
Status: -
Name: parport.sys
Image Path: C:\WINDOWS\System32\DRIVERS\parport.sys
Address: 0xF7D68000 Size: 80384 File Visible: - Signed: -
Status: -
Name: PartMgr.sys
Image Path: PartMgr.sys
Address: 0xF8A7E000 Size: 19712 File Visible: - Signed: -
Status: -
Name: ParVdm.SYS
Image Path: C:\WINDOWS\System32\Drivers\ParVdm.SYS
Address: 0xF8D22000 Size: 7040 File Visible: - Signed: -
Status: -
Name: pci.sys
Image Path: pci.sys
Address: 0xF86A6000 Size: 68224 File Visible: - Signed: -
Status: -
Name: PCIIDEX.SYS
Image Path: C:\WINDOWS\System32\DRIVERS\PCIIDEX.SYS
Address: 0xF8A76000 Size: 28672 File Visible: - Signed: -
Status: -
Name: pcmcia.sys
Image Path: C:\WINDOWS\System32\DRIVERS\pcmcia.sys
Address: 0xF7D7C000 Size: 120576 File Visible: - Signed: -
Status: -
Name: PnpManager
Image Path: \Driver\PnpManager
Address: 0x804D7000 Size: 2192256 File Visible: - Signed: -
Status: -
Name: portcls.sys
Image Path: C:\WINDOWS\system32\drivers\portcls.sys
Address: 0xF7D09000 Size: 147456 File Visible: - Signed: -
Status: -
Name: psched.sys
Image Path: C:\WINDOWS\System32\DRIVERS\psched.sys
Address: 0xF7AD6000 Size: 69120 File Visible: - Signed: -
Status: -
Name: ptilink.sys
Image Path: C:\WINDOWS\System32\DRIVERS\ptilink.sys
Address: 0xF8B6E000 Size: 17792 File Visible: - Signed: -
Status: -
Name: pxtdqpog.sys
Image Path: C:\DOKUME~1\MARIE~1.BAL\LOKALE~1\Temp\pxtdqpog.sys
Address: 0xF30A1000 Size: 93056 File Visible: No Signed: -
Status: -
Name: rasacd.sys
Image Path: C:\WINDOWS\System32\DRIVERS\rasacd.sys
Address: 0xF8CCE000 Size: 8832 File Visible: - Signed: -
Status: -
Name: rasl2tp.sys
Image Path: C:\WINDOWS\System32\DRIVERS\rasl2tp.sys
Address: 0xF88B6000 Size: 51328 File Visible: - Signed: -
Status: -
Name: raspppoe.sys
Image Path: C:\WINDOWS\System32\DRIVERS\raspppoe.sys
Address: 0xF88C6000 Size: 41472 File Visible: - Signed: -
Status: -
Name: raspptp.sys
Image Path: C:\WINDOWS\System32\DRIVERS\raspptp.sys
Address: 0xF88D6000 Size: 48384 File Visible: - Signed: -
Status: -
Name: raspti.sys
Image Path: C:\WINDOWS\System32\DRIVERS\raspti.sys
Address: 0xF8B76000 Size: 16512 File Visible: - Signed: -
Status: -
Name: RAW
Image Path: \FileSystem\RAW
Address: 0x804D7000 Size: 2192256 File Visible: - Signed: -
Status: -
Name: rdbss.sys
Image Path: C:\WINDOWS\System32\DRIVERS\rdbss.sys
Address: 0xF68D1000 Size: 175744 File Visible: - Signed: -
Status: -
Name: RDPCDD.sys
Image Path: C:\WINDOWS\System32\DRIVERS\RDPCDD.sys
Address: 0xF8D72000 Size: 4224 File Visible: - Signed: -
Status: -
Name: rdpdr.sys
Image Path: C:\WINDOWS\System32\DRIVERS\rdpdr.sys
Address: 0xF7AA6000 Size: 196224 File Visible: - Signed: -
Status: -
Name: redbook.sys
Image Path: C:\WINDOWS\System32\DRIVERS\redbook.sys
Address: 0xF8896000 Size: 57728 File Visible: - Signed: -
Status: -
Name: rootrepeal.sys
Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys
Address: 0xF3D23000 Size: 49152 File Visible: No Signed: -
Status: -
Name: SCSIPORT.SYS
Image Path: C:\WINDOWS\System32\Drivers\SCSIPORT.SYS
Address: 0xF86E6000 Size: 98304 File Visible: - Signed: -
Status: -
Name: sptd.sys
Image Path: sptd.sys
Address: 0xF86FE000 Size: 880640 File Visible: - Signed: -
Status: -
Name: sr.sys
Image Path: sr.sys
Address: 0xF85F9000 Size: 73472 File Visible: - Signed: -
Status: -
Name: srv.sys
Image Path: C:\WINDOWS\System32\DRIVERS\srv.sys
Address: 0xF40F3000 Size: 353792 File Visible: - Signed: -
Status: -
Name: SSHDRV61.sys
Image Path: C:\WINDOWS\System32\drivers\SSHDRV61.sys
Address: 0xF8946000 Size: 53248 File Visible: - Signed: -
Status: -
Name: SSHDRV86.sys
Image Path: C:\WINDOWS\System32\drivers\SSHDRV86.sys
Address: 0xF69D2000 Size: 319488 File Visible: - Signed: -
Status: -
Name: ssmdrv.sys
Image Path: C:\WINDOWS\system32\DRIVERS\ssmdrv.sys
Address: 0xF8BC6000 Size: 23040 File Visible: - Signed: -
Status: -
Name: strmdisp.sys
Image Path: C:\WINDOWS\System32\DRIVERS\strmdisp.sys
Address: 0xF8B06000 Size: 21280 File Visible: - Signed: -
Status: -
Name: swenum.sys
Image Path: C:\WINDOWS\System32\DRIVERS\swenum.sys
Address: 0xF8D34000 Size: 4352 File Visible: - Signed: -
Status: -
Name: sysaudio.sys
Image Path: C:\WINDOWS\system32\drivers\sysaudio.sys
Address: 0xF3F3B000 Size: 60800 File Visible: - Signed: -
Status: -
Name: tansgt.sys
Image Path: C:\WINDOWS\System32\DRIVERS\tansgt.sys
Address: 0xF416A000 Size: 12032 File Visible: - Signed: -
Status: -
Name: tcpip.sys
Image Path: C:\WINDOWS\System32\DRIVERS\tcpip.sys
Address: 0xF6946000 Size: 361600 File Visible: - Signed: -
Status: -
Name: TDI.SYS
Image Path: C:\WINDOWS\System32\DRIVERS\TDI.SYS
Address: 0xF8B5E000 Size: 20480 File Visible: - Signed: -
Status: -
Name: termdd.sys
Image Path: C:\WINDOWS\System32\DRIVERS\termdd.sys
Address: 0xF88F6000 Size: 40704 File Visible: - Signed: -
Status: -
Name: update.sys
Image Path: C:\WINDOWS\System32\DRIVERS\update.sys
Address: 0xF7A48000 Size: 384768 File Visible: - Signed: -
Status: -
Name: USBD.SYS
Image Path: C:\WINDOWS\System32\DRIVERS\USBD.SYS
Address: 0xF8D48000 Size: 8192 File Visible: - Signed: -
Status: -
Name: usbhub.sys
Image Path: C:\WINDOWS\System32\DRIVERS\usbhub.sys
Address: 0xF8926000 Size: 59520 File Visible: - Signed: -
Status: -
Name: USBPORT.SYS
Image Path: C:\WINDOWS\System32\DRIVERS\USBPORT.SYS
Address: 0xF7DAB000 Size: 147456 File Visible: - Signed: -
Status: -
Name: usbuhci.sys
Image Path: C:\WINDOWS\System32\DRIVERS\usbuhci.sys
Address: 0xF8B26000 Size: 20608 File Visible: - Signed: -
Status: -
Name: vga.sys
Image Path: C:\WINDOWS\System32\drivers\vga.sys
Address: 0xF8BA6000 Size: 20992 File Visible: - Signed: -
Status: -
Name: VIDEOPRT.SYS
Image Path: C:\WINDOWS\System32\DRIVERS\VIDEOPRT.SYS
Address: 0xF7DCF000 Size: 81920 File Visible: - Signed: -
Status: -
Name: VolSnap.sys
Image Path: VolSnap.sys
Address: 0xF8826000 Size: 53760 File Visible: - Signed: -
Status: -
Name: wanarp.sys
Image Path: C:\WINDOWS\System32\DRIVERS\wanarp.sys
Address: 0xF8A06000 Size: 34560 File Visible: - Signed: -
Status: -
Name: watchdog.sys
Image Path: C:\WINDOWS\System32\watchdog.sys
Address: 0xF8BEE000 Size: 20480 File Visible: - Signed: -
Status: -
Name: wdmaud.sys
Image Path: C:\WINDOWS\system32\drivers\wdmaud.sys
Address: 0xF3D96000 Size: 83072 File Visible: - Signed: -
Status: -
Name: Win32k
Image Path: \Driver\Win32k
Address: 0xBF800000 Size: 1851392 File Visible: - Signed: -
Status: -
Name: win32k.sys
Image Path: C:\WINDOWS\System32\win32k.sys
Address: 0xBF800000 Size: 1851392 File Visible: - Signed: -
Status: -
Name: WMILIB.SYS
Image Path: C:\WINDOWS\System32\Drivers\WMILIB.SYS
Address: 0xF8CF8000 Size: 8192 File Visible: - Signed: -
Status: -
Name: WMIxWDM
Image Path: \Driver\WMIxWDM
Address: 0x804D7000 Size: 2192256 File Visible: - Signed: -
Status: -
stealth
Code:
Alles auswählen Aufklappen ATTFilter
ROOTREPEAL (c) AD, 2007-2009
==================================================
Scan Start Time: 2010/07/15 21:03
Program Version: Version 1.3.5.0
Windows Version: Windows XP SP3
==================================================
Stealth Objects
-------------------
Object: Hidden Code [Driver: Ntfs, IRP_MJ_CREATE]
Process: System Address: 0x833661d8 Size: 463
Object: Hidden Code [Driver: Ntfs, IRP_MJ_CLOSE]
Process: System Address: 0x833661d8 Size: 463
Object: Hidden Code [Driver: Ntfs, IRP_MJ_READ]
Process: System Address: 0x833661d8 Size: 463
Object: Hidden Code [Driver: Ntfs, IRP_MJ_WRITE]
Process: System Address: 0x833661d8 Size: 463
Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_INFORMATION]
Process: System Address: 0x833661d8 Size: 463
Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_INFORMATION]
Process: System Address: 0x833661d8 Size: 463
Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_EA]
Process: System Address: 0x833661d8 Size: 463
Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_EA]
Process: System Address: 0x833661d8 Size: 463
Object: Hidden Code [Driver: Ntfs, IRP_MJ_FLUSH_BUFFERS]
Process: System Address: 0x833661d8 Size: 463
Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_VOLUME_INFORMATION]
Process: System Address: 0x833661d8 Size: 463
Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_VOLUME_INFORMATION]
Process: System Address: 0x833661d8 Size: 463
Object: Hidden Code [Driver: Ntfs, IRP_MJ_DIRECTORY_CONTROL]
Process: System Address: 0x833661d8 Size: 463
Object: Hidden Code [Driver: Ntfs, IRP_MJ_FILE_SYSTEM_CONTROL]
Process: System Address: 0x833661d8 Size: 463
Object: Hidden Code [Driver: Ntfs, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x833661d8 Size: 463
Object: Hidden Code [Driver: Ntfs, IRP_MJ_SHUTDOWN]
Process: System Address: 0x833661d8 Size: 463
Object: Hidden Code [Driver: Ntfs, IRP_MJ_LOCK_CONTROL]
Process: System Address: 0x833661d8 Size: 463
Object: Hidden Code [Driver: Ntfs, IRP_MJ_CLEANUP]
Process: System Address: 0x833661d8 Size: 463
Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_SECURITY]
Process: System Address: 0x833661d8 Size: 463
Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_SECURITY]
Process: System Address: 0x833661d8 Size: 463
Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_QUOTA]
Process: System Address: 0x833661d8 Size: 463
Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_QUOTA]
Process: System Address: 0x833661d8 Size: 463
Object: Hidden Code [Driver: Ntfs, IRP_MJ_PNP]
Process: System Address: 0x833661d8 Size: 463
Object: Hidden Code [Driver: Fastfat, IRP_MJ_CREATE]
Process: System Address: 0x83177600 Size: 463
Object: Hidden Code [Driver: Fastfat, IRP_MJ_CLOSE]
Process: System Address: 0x83177600 Size: 463
Object: Hidden Code [Driver: Fastfat, IRP_MJ_READ]
Process: System Address: 0x83177600 Size: 463
Object: Hidden Code [Driver: Fastfat, IRP_MJ_WRITE]
Process: System Address: 0x83177600 Size: 463
Object: Hidden Code [Driver: Fastfat, IRP_MJ_QUERY_INFORMATION]
Process: System Address: 0x83177600 Size: 463
Object: Hidden Code [Driver: Fastfat, IRP_MJ_SET_INFORMATION]
Process: System Address: 0x83177600 Size: 463
Object: Hidden Code [Driver: Fastfat, IRP_MJ_QUERY_EA]
Process: System Address: 0x83177600 Size: 463
Object: Hidden Code [Driver: Fastfat, IRP_MJ_SET_EA]
Process: System Address: 0x83177600 Size: 463
Object: Hidden Code [Driver: Fastfat, IRP_MJ_FLUSH_BUFFERS]
Process: System Address: 0x83177600 Size: 463
Object: Hidden Code [Driver: Fastfat, IRP_MJ_QUERY_VOLUME_INFORMATION]
Process: System Address: 0x83177600 Size: 463
Object: Hidden Code [Driver: Fastfat, IRP_MJ_SET_VOLUME_INFORMATION]
Process: System Address: 0x83177600 Size: 463
Object: Hidden Code [Driver: Fastfat, IRP_MJ_DIRECTORY_CONTROL]
Process: System Address: 0x83177600 Size: 463
Object: Hidden Code [Driver: Fastfat, IRP_MJ_FILE_SYSTEM_CONTROL]
Process: System Address: 0x83177600 Size: 463
Object: Hidden Code [Driver: Fastfat, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x83177600 Size: 463
Object: Hidden Code [Driver: Fastfat, IRP_MJ_SHUTDOWN]
Process: System Address: 0x83177600 Size: 463
Object: Hidden Code [Driver: Fastfat, IRP_MJ_LOCK_CONTROL]
Process: System Address: 0x83177600 Size: 463
Object: Hidden Code [Driver: Fastfat, IRP_MJ_CLEANUP]
Process: System Address: 0x83177600 Size: 463
Object: Hidden Code [Driver: Fastfat, IRP_MJ_PNP]
Process: System Address: 0x83177600 Size: 463
Object: Hidden Code [Driver: Cdrom, IRP_MJ_CREATE]
Process: System Address: 0x83104980 Size: 463
Object: Hidden Code [Driver: Cdrom, IRP_MJ_CLOSE]
Process: System Address: 0x83104980 Size: 463
Object: Hidden Code [Driver: Cdrom, IRP_MJ_READ]
Process: System Address: 0x83104980 Size: 463
Object: Hidden Code [Driver: Cdrom, IRP_MJ_WRITE]
Process: System Address: 0x83104980 Size: 463
Object: Hidden Code [Driver: Cdrom, IRP_MJ_FLUSH_BUFFERS]
Process: System Address: 0x83104980 Size: 463
Object: Hidden Code [Driver: Cdrom, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x83104980 Size: 463
Object: Hidden Code [Driver: Cdrom, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x83104980 Size: 463
Object: Hidden Code [Driver: Cdrom, IRP_MJ_SHUTDOWN]
Process: System Address: 0x83104980 Size: 463
Object: Hidden Code [Driver: Cdrom, IRP_MJ_POWER]
Process: System Address: 0x83104980 Size: 463
Object: Hidden Code [Driver: Cdrom, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x83104980 Size: 463
Object: Hidden Code [Driver: Cdrom, IRP_MJ_PNP]
Process: System Address: 0x83104980 Size: 463
Object: Hidden Code [Driver: dmio, IRP_MJ_CREATE]
Process: System Address: 0x833d51d8 Size: 463
Object: Hidden Code [Driver: dmio, IRP_MJ_CLOSE]
Process: System Address: 0x833d51d8 Size: 463
Object: Hidden Code [Driver: dmio, IRP_MJ_READ]
Process: System Address: 0x833d51d8 Size: 463
Object: Hidden Code [Driver: dmio, IRP_MJ_WRITE]
Process: System Address: 0x833d51d8 Size: 463
Object: Hidden Code [Driver: dmio, IRP_MJ_FLUSH_BUFFERS]
Process: System Address: 0x833d51d8 Size: 463
Object: Hidden Code [Driver: dmio, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x833d51d8 Size: 463
Object: Hidden Code [Driver: dmio, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x833d51d8 Size: 463
Object: Hidden Code [Driver: dmio, IRP_MJ_SHUTDOWN]
Process: System Address: 0x833d51d8 Size: 463
Object: Hidden Code [Driver: dmio, IRP_MJ_POWER]
Process: System Address: 0x833d51d8 Size: 463
Object: Hidden Code [Driver: dmio, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x833d51d8 Size: 463
Object: Hidden Code [Driver: dmio, IRP_MJ_PNP]
Process: System Address: 0x833d51d8 Size: 463
Object: Hidden Code [Driver: usbuhci, IRP_MJ_CREATE]
Process: System Address: 0x831fa1d8 Size: 463
Object: Hidden Code [Driver: usbuhci, IRP_MJ_CLOSE]
Process: System Address: 0x831fa1d8 Size: 463
Object: Hidden Code [Driver: usbuhci, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x831fa1d8 Size: 463
Object: Hidden Code [Driver: usbuhci, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x831fa1d8 Size: 463
Object: Hidden Code [Driver: usbuhci, IRP_MJ_POWER]
Process: System Address: 0x831fa1d8 Size: 463
Object: Hidden Code [Driver: usbuhci, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x831fa1d8 Size: 463
Object: Hidden Code [Driver: usbuhci, IRP_MJ_PNP]
Process: System Address: 0x831fa1d8 Size: 463
Object: Hidden Code [Driver: Ftdisk, IRP_MJ_CREATE]
Process: System Address: 0x833681d8 Size: 463
Object: Hidden Code [Driver: Ftdisk, IRP_MJ_READ]
Process: System Address: 0x833681d8 Size: 463
Object: Hidden Code [Driver: Ftdisk, IRP_MJ_WRITE]
Process: System Address: 0x833681d8 Size: 463
Object: Hidden Code [Driver: Ftdisk, IRP_MJ_FLUSH_BUFFERS]
Process: System Address: 0x833681d8 Size: 463
Object: Hidden Code [Driver: Ftdisk, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x833681d8 Size: 463
Object: Hidden Code [Driver: Ftdisk, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x833681d8 Size: 463
Object: Hidden Code [Driver: Ftdisk, IRP_MJ_SHUTDOWN]
Process: System Address: 0x833681d8 Size: 463
Object: Hidden Code [Driver: Ftdisk, IRP_MJ_CLEANUP]
Process: System Address: 0x833681d8 Size: 463
Object: Hidden Code [Driver: Ftdisk, IRP_MJ_POWER]
Process: System Address: 0x833681d8 Size: 463
Object: Hidden Code [Driver: Ftdisk, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x833681d8 Size: 463
Object: Hidden Code [Driver: Ftdisk, IRP_MJ_PNP]
Process: System Address: 0x833681d8 Size: 463
Object: Hidden Code [Driver: NetBT, IRP_MJ_CREATE]
Process: System Address: 0x83147980 Size: 463
Object: Hidden Code [Driver: NetBT, IRP_MJ_CLOSE]
Process: System Address: 0x83147980 Size: 463
Object: Hidden Code [Driver: NetBT, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x83147980 Size: 463
Object: Hidden Code [Driver: NetBT, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x83147980 Size: 463
Object: Hidden Code [Driver: NetBT, IRP_MJ_CLEANUP]
Process: System Address: 0x83147980 Size: 463
Object: Hidden Code [Driver: NetBT, IRP_MJ_PNP]
Process: System Address: 0x83147980 Size: 463
Object: Hidden Code [Driver: MRxSmb, IRP_MJ_CREATE]
Process: System Address: 0x8309e8e8 Size: 463
Object: Hidden Code [Driver: MRxSmb, IRP_MJ_CREATE_NAMED_PIPE]
Process: System Address: 0x8309e8e8 Size: 463
Object: Hidden Code [Driver: MRxSmb, IRP_MJ_CLOSE]
Process: System Address: 0x8309e8e8 Size: 463
Object: Hidden Code [Driver: MRxSmb, IRP_MJ_READ]
Process: System Address: 0x8309e8e8 Size: 463
Object: Hidden Code [Driver: MRxSmb, IRP_MJ_WRITE]
Process: System Address: 0x8309e8e8 Size: 463
Object: Hidden Code [Driver: MRxSmb, IRP_MJ_QUERY_INFORMATION]
Process: System Address: 0x8309e8e8 Size: 463
Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SET_INFORMATION]
Process: System Address: 0x8309e8e8 Size: 463
Object: Hidden Code [Driver: MRxSmb, IRP_MJ_QUERY_EA]
Process: System Address: 0x8309e8e8 Size: 463
Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SET_EA]
Process: System Address: 0x8309e8e8 Size: 463
Object: Hidden Code [Driver: MRxSmb, IRP_MJ_FLUSH_BUFFERS]
Process: System Address: 0x8309e8e8 Size: 463
Object: Hidden Code [Driver: MRxSmb, IRP_MJ_QUERY_VOLUME_INFORMATION]
Process: System Address: 0x8309e8e8 Size: 463
Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SET_VOLUME_INFORMATION]
Process: System Address: 0x8309e8e8 Size: 463
Object: Hidden Code [Driver: MRxSmb, IRP_MJ_DIRECTORY_CONTROL]
Process: System Address: 0x8309e8e8 Size: 463
Object: Hidden Code [Driver: MRxSmb, IRP_MJ_FILE_SYSTEM_CONTROL]
Process: System Address: 0x8309e8e8 Size: 463
Object: Hidden Code [Driver: MRxSmb, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x8309e8e8 Size: 463
Object: Hidden Code [Driver: MRxSmb, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x8309e8e8 Size: 463
Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SHUTDOWN]
Process: System Address: 0x8309e8e8 Size: 463
Object: Hidden Code [Driver: MRxSmb, IRP_MJ_LOCK_CONTROL]
Process: System Address: 0x8309e8e8 Size: 463
Object: Hidden Code [Driver: MRxSmb, IRP_MJ_CLEANUP]
Process: System Address: 0x8309e8e8 Size: 463
Object: Hidden Code [Driver: MRxSmb, IRP_MJ_CREATE_MAILSLOT]
Process: System Address: 0x8309e8e8 Size: 463
Object: Hidden Code [Driver: MRxSmb, IRP_MJ_QUERY_SECURITY]
Process: System Address: 0x8309e8e8 Size: 463
Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SET_SECURITY]
Process: System Address: 0x8309e8e8 Size: 463
Object: Hidden Code [Driver: MRxSmb, IRP_MJ_POWER]
Process: System Address: 0x8309e8e8 Size: 463
Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x8309e8e8 Size: 463
Object: Hidden Code [Driver: MRxSmb, IRP_MJ_DEVICE_CHANGE]
Process: System Address: 0x8309e8e8 Size: 463
Object: Hidden Code [Driver: MRxSmb, IRP_MJ_QUERY_QUOTA]
Process: System Address: 0x8309e8e8 Size: 463
Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SET_QUOTA]
Process: System Address: 0x8309e8e8 Size: 463
Object: Hidden Code [Driver: MRxSmb, IRP_MJ_PNP]
Process: System Address: 0x8309e8e8 Size: 463
Object: Hidden Code [Driver: Cdfsȅఅ瑁䅭��쀚�܁ListBo, IRP_MJ_CREATE]
Process: System Address: 0x82f7e378 Size: 463
Object: Hidden Code [Driver: Cdfsȅఅ瑁䅭��쀚�܁ListBo, IRP_MJ_CLOSE]
Process: System Address: 0x82f7e378 Size: 463
Object: Hidden Code [Driver: Cdfsȅఅ瑁䅭��쀚�܁ListBo, IRP_MJ_READ]
Process: System Address: 0x82f7e378 Size: 463
Object: Hidden Code [Driver: Cdfsȅఅ瑁䅭��쀚�܁ListBo, IRP_MJ_QUERY_INFORMATION]
Process: System Address: 0x82f7e378 Size: 463
Object: Hidden Code [Driver: Cdfsȅఅ瑁䅭��쀚�܁ListBo, IRP_MJ_SET_INFORMATION]
Process: System Address: 0x82f7e378 Size: 463
Object: Hidden Code [Driver: Cdfsȅఅ瑁䅭��쀚�܁ListBo, IRP_MJ_QUERY_VOLUME_INFORMATION]
Process: System Address: 0x82f7e378 Size: 463
Object: Hidden Code [Driver: Cdfsȅఅ瑁䅭��쀚�܁ListBo, IRP_MJ_DIRECTORY_CONTROL]
Process: System Address: 0x82f7e378 Size: 463
Object: Hidden Code [Driver: Cdfsȅఅ瑁䅭��쀚�܁ListBo, IRP_MJ_FILE_SYSTEM_CONTROL]
Process: System Address: 0x82f7e378 Size: 463
Object: Hidden Code [Driver: Cdfsȅఅ瑁䅭��쀚�܁ListBo, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x82f7e378 Size: 463
Object: Hidden Code [Driver: Cdfsȅఅ瑁䅭��쀚�܁ListBo, IRP_MJ_SHUTDOWN]
Process: System Address: 0x82f7e378 Size: 463
Object: Hidden Code [Driver: Cdfsȅఅ瑁䅭��쀚�܁ListBo, IRP_MJ_LOCK_CONTROL]
Process: System Address: 0x82f7e378 Size: 463
Object: Hidden Code [Driver: Cdfsȅఅ瑁䅭��쀚�܁ListBo, IRP_MJ_CLEANUP]
Process: System Address: 0x82f7e378 Size: 463
Object: Hidden Code [Driver: Cdfsȅఅ瑁䅭��쀚�܁ListBo, IRP_MJ_PNP]
Process: System Address: 0x82f7e378 Size: 463
Bei Hidden kam eine Fehlermeldung :-(
3. bin mir keiner schuld bewusst.......
4. erledigt
5.
Code:
Alles auswählen Aufklappen ATTFilter
File yahoo_1_ received on 2010.07.15 15:59:08 (UTC)
Current status: finished
Result: 8/38 (21.05%)
Compact Compact
Print results Print results
Antivirus Version Last Update Result
a-squared 5.0.0.31 2010.07.15 Trojan.JS.FakeSpypro!IK
AhnLab-V3 2010.07.15.01 2010.07.15 -
AntiVir 8.2.4.10 2010.07.15 -
Antiy-AVL 2.0.3.7 2010.07.15 -
Authentium 5.2.0.5 2010.07.15 -
Avast 4.8.1351.0 2010.07.15 -
Avast5 5.0.332.0 2010.07.15 -
BitDefender 7.2 2010.07.15 Trojan.FakeAV.KZQ
CAT-QuickHeal 11.00 2010.07.15 -
ClamAV 0.96.0.3-git 2010.07.15 -
Comodo 5438 2010.07.15 -
eTrust-Vet 36.1.7710 2010.07.15 HTML/FakeAlert.BHB
F-Prot 4.6.1.107 2010.07.15 -
Fortinet 4.1.143.0 2010.07.15 -
GData 21 2010.07.15 Trojan.FakeAV.KZQ
Ikarus T3.1.1.84.0 2010.07.15 Trojan.JS.FakeSpypro
Jiangmin 13.0.900 2010.07.15 -
Kaspersky 7.0.0.125 2010.07.15 -
McAfee 5.400.0.1158 2010.07.15 -
McAfee-GW-Edition 2010.1 2010.07.15 -
Microsoft 1.5902 2010.07.15 Trojan:JS/FakeSpypro
NOD32 5281 2010.07.15 -
Norman 6.05.11 2010.07.15 -
nProtect 2010-07-15.02 2010.07.15 Trojan.FakeAV.KZQ
Panda 10.0.2.7 2010.07.15 -
PCTools 7.0.3.5 2010.07.15 -
Prevx 3.0 2010.07.15 -
Rising 22.56.03.04 2010.07.15 -
Sophos 4.55.0 2010.07.15 Mal/FakeAvHm-A
Sunbelt 6587 2010.07.15 -
SUPERAntiSpyware 4.40.0.1006 2010.07.15 -
Symantec 20101.1.1.7 2010.07.15 -
TheHacker 6.5.2.1.316 2010.07.15 -
TrendMicro 9.120.0.1004 2010.07.15 -
TrendMicro-HouseCall 9.120.0.1004 2010.07.15 -
VBA32 3.12.12.6 2010.07.15 -
ViRobot 2010.7.12.3932 2010.07.15 -
VirusBuster 5.0.27.0 2010.07.14 -
Additional information
File size: 2716 bytes
MD5 : a5d202d140c48986bae5a927c053b16d
SHA1 : b88ce11f4d69356ac71c23b59eee631b435b5541
SHA256: 999272c7ff116aa898b5942f706c6bf460d31445f4053a5256424d75bb688391
TrID : File type identification
HyperText Markup Language with DOCTYPE (80.6%)
HyperText Markup Language (19.3%)
ssdeep: 48:yGMHyjuA1gPcPFxH/qBfCccADIZDEoxbBZDnrc:LMHIYqca/8oRk
sigcheck: publisher....: n/a
copyright....: n/a
product......: n/a
description..: n/a
original name: n/a
internal name: n/a
file version.: n/a
comments.....: n/a
signers......: -
signing date.: -
verified.....: Unsigned
PEiD : -
RDS : NSRL Reference Data Set
ewipihax.dll
Code:
Alles auswählen Aufklappen ATTFilter
File yahoo_1_ received on 2010.07.15 15:59:08 (UTC)
Current status: finished
Result: 8/38 (21.05%)
Compact Compact
Print results Print results
Antivirus Version Last Update Result
a-squared 5.0.0.31 2010.07.15 Trojan.JS.FakeSpypro!IK
AhnLab-V3 2010.07.15.01 2010.07.15 -
AntiVir 8.2.4.10 2010.07.15 -
Antiy-AVL 2.0.3.7 2010.07.15 -
Authentium 5.2.0.5 2010.07.15 -
Avast 4.8.1351.0 2010.07.15 -
Avast5 5.0.332.0 2010.07.15 -
BitDefender 7.2 2010.07.15 Trojan.FakeAV.KZQ
CAT-QuickHeal 11.00 2010.07.15 -
ClamAV 0.96.0.3-git 2010.07.15 -
Comodo 5438 2010.07.15 -
eTrust-Vet 36.1.7710 2010.07.15 HTML/FakeAlert.BHB
F-Prot 4.6.1.107 2010.07.15 -
Fortinet 4.1.143.0 2010.07.15 -
GData 21 2010.07.15 Trojan.FakeAV.KZQ
Ikarus T3.1.1.84.0 2010.07.15 Trojan.JS.FakeSpypro
Jiangmin 13.0.900 2010.07.15 -
Kaspersky 7.0.0.125 2010.07.15 -
McAfee 5.400.0.1158 2010.07.15 -
McAfee-GW-Edition 2010.1 2010.07.15 -
Microsoft 1.5902 2010.07.15 Trojan:JS/FakeSpypro
NOD32 5281 2010.07.15 -
Norman 6.05.11 2010.07.15 -
nProtect 2010-07-15.02 2010.07.15 Trojan.FakeAV.KZQ
Panda 10.0.2.7 2010.07.15 -
PCTools 7.0.3.5 2010.07.15 -
Prevx 3.0 2010.07.15 -
Rising 22.56.03.04 2010.07.15 -
Sophos 4.55.0 2010.07.15 Mal/FakeAvHm-A
Sunbelt 6587 2010.07.15 -
SUPERAntiSpyware 4.40.0.1006 2010.07.15 -
Symantec 20101.1.1.7 2010.07.15 -
TheHacker 6.5.2.1.316 2010.07.15 -
TrendMicro 9.120.0.1004 2010.07.15 -
TrendMicro-HouseCall 9.120.0.1004 2010.07.15 -
VBA32 3.12.12.6 2010.07.15 -
ViRobot 2010.7.12.3932 2010.07.15 -
VirusBuster 5.0.27.0 2010.07.14 -
Additional information
File size: 2716 bytes
MD5 : a5d202d140c48986bae5a927c053b16d
SHA1 : b88ce11f4d69356ac71c23b59eee631b435b5541
SHA256: 999272c7ff116aa898b5942f706c6bf460d31445f4053a5256424d75bb688391
TrID : File type identification
HyperText Markup Language with DOCTYPE (80.6%)
HyperText Markup Language (19.3%)
ssdeep: 48:yGMHyjuA1gPcPFxH/qBfCccADIZDEoxbBZDnrc:LMHIYqca/8oRk
sigcheck: publisher....: n/a
copyright....: n/a
product......: n/a
description..: n/a
original name: n/a
internal name: n/a
file version.: n/a
comments.....: n/a
signers......: -
signing date.: -
verified.....: Unsigned
PEiD : -
RDS : NSRL Reference Data Set
-
apukatiyuwaxo.dll
Code:
Alles auswählen Aufklappen ATTFilter
File yahoo_1_ received on 2010.07.15 15:59:08 (UTC)
Current status: finished
Result: 8/38 (21.05%)
Compact Compact
Print results Print results
Antivirus Version Last Update Result
a-squared 5.0.0.31 2010.07.15 Trojan.JS.FakeSpypro!IK
AhnLab-V3 2010.07.15.01 2010.07.15 -
AntiVir 8.2.4.10 2010.07.15 -
Antiy-AVL 2.0.3.7 2010.07.15 -
Authentium 5.2.0.5 2010.07.15 -
Avast 4.8.1351.0 2010.07.15 -
Avast5 5.0.332.0 2010.07.15 -
BitDefender 7.2 2010.07.15 Trojan.FakeAV.KZQ
CAT-QuickHeal 11.00 2010.07.15 -
ClamAV 0.96.0.3-git 2010.07.15 -
Comodo 5438 2010.07.15 -
eTrust-Vet 36.1.7710 2010.07.15 HTML/FakeAlert.BHB
F-Prot 4.6.1.107 2010.07.15 -
Fortinet 4.1.143.0 2010.07.15 -
GData 21 2010.07.15 Trojan.FakeAV.KZQ
Ikarus T3.1.1.84.0 2010.07.15 Trojan.JS.FakeSpypro
Jiangmin 13.0.900 2010.07.15 -
Kaspersky 7.0.0.125 2010.07.15 -
McAfee 5.400.0.1158 2010.07.15 -
McAfee-GW-Edition 2010.1 2010.07.15 -
Microsoft 1.5902 2010.07.15 Trojan:JS/FakeSpypro
NOD32 5281 2010.07.15 -
Norman 6.05.11 2010.07.15 -
nProtect 2010-07-15.02 2010.07.15 Trojan.FakeAV.KZQ
Panda 10.0.2.7 2010.07.15 -
PCTools 7.0.3.5 2010.07.15 -
Prevx 3.0 2010.07.15 -
Rising 22.56.03.04 2010.07.15 -
Sophos 4.55.0 2010.07.15 Mal/FakeAvHm-A
Sunbelt 6587 2010.07.15 -
SUPERAntiSpyware 4.40.0.1006 2010.07.15 -
Symantec 20101.1.1.7 2010.07.15 -
TheHacker 6.5.2.1.316 2010.07.15 -
TrendMicro 9.120.0.1004 2010.07.15 -
TrendMicro-HouseCall 9.120.0.1004 2010.07.15 -
VBA32 3.12.12.6 2010.07.15 -
ViRobot 2010.7.12.3932 2010.07.15 -
VirusBuster 5.0.27.0 2010.07.14 -
Additional information
File size: 2716 bytes
MD5 : a5d202d140c48986bae5a927c053b16d
SHA1 : b88ce11f4d69356ac71c23b59eee631b435b5541
SHA256: 999272c7ff116aa898b5942f706c6bf460d31445f4053a5256424d75bb688391
TrID : File type identification
HyperText Markup Language with DOCTYPE (80.6%)
HyperText Markup Language (19.3%)
ssdeep: 48:yGMHyjuA1gPcPFxH/qBfCccADIZDEoxbBZDnrc:LMHIYqca/8oRk
sigcheck: publisher....: n/a
copyright....: n/a
product......: n/a
description..: n/a
original name: n/a
internal name: n/a
file version.: n/a
comments.....: n/a
signers......: -
signing date.: -
verified.....: Unsigned
PEiD : -
RDS : NSRL Reference Data Set
efibebax.dll
Code:
Alles auswählen Aufklappen ATTFilter
File yahoo_1_ received on 2010.07.15 15:59:08 (UTC)
Current status: finished
Result: 8/38 (21.05%)
Compact Compact
Print results Print results
Antivirus Version Last Update Result
a-squared 5.0.0.31 2010.07.15 Trojan.JS.FakeSpypro!IK
AhnLab-V3 2010.07.15.01 2010.07.15 -
AntiVir 8.2.4.10 2010.07.15 -
Antiy-AVL 2.0.3.7 2010.07.15 -
Authentium 5.2.0.5 2010.07.15 -
Avast 4.8.1351.0 2010.07.15 -
Avast5 5.0.332.0 2010.07.15 -
BitDefender 7.2 2010.07.15 Trojan.FakeAV.KZQ
CAT-QuickHeal 11.00 2010.07.15 -
ClamAV 0.96.0.3-git 2010.07.15 -
Comodo 5438 2010.07.15 -
eTrust-Vet 36.1.7710 2010.07.15 HTML/FakeAlert.BHB
F-Prot 4.6.1.107 2010.07.15 -
Fortinet 4.1.143.0 2010.07.15 -
GData 21 2010.07.15 Trojan.FakeAV.KZQ
Ikarus T3.1.1.84.0 2010.07.15 Trojan.JS.FakeSpypro
Jiangmin 13.0.900 2010.07.15 -
Kaspersky 7.0.0.125 2010.07.15 -
McAfee 5.400.0.1158 2010.07.15 -
McAfee-GW-Edition 2010.1 2010.07.15 -
Microsoft 1.5902 2010.07.15 Trojan:JS/FakeSpypro
NOD32 5281 2010.07.15 -
Norman 6.05.11 2010.07.15 -
nProtect 2010-07-15.02 2010.07.15 Trojan.FakeAV.KZQ
Panda 10.0.2.7 2010.07.15 -
PCTools 7.0.3.5 2010.07.15 -
Prevx 3.0 2010.07.15 -
Rising 22.56.03.04 2010.07.15 -
Sophos 4.55.0 2010.07.15 Mal/FakeAvHm-A
Sunbelt 6587 2010.07.15 -
SUPERAntiSpyware 4.40.0.1006 2010.07.15 -
Symantec 20101.1.1.7 2010.07.15 -
TheHacker 6.5.2.1.316 2010.07.15 -
TrendMicro 9.120.0.1004 2010.07.15 -
TrendMicro-HouseCall 9.120.0.1004 2010.07.15 -
VBA32 3.12.12.6 2010.07.15 -
ViRobot 2010.7.12.3932 2010.07.15 -
VirusBuster 5.0.27.0 2010.07.14 -
Additional information
File size: 2716 bytes
MD5 : a5d202d140c48986bae5a927c053b16d
SHA1 : b88ce11f4d69356ac71c23b59eee631b435b5541
SHA256: 999272c7ff116aa898b5942f706c6bf460d31445f4053a5256424d75bb688391
TrID : File type identification
HyperText Markup Language with DOCTYPE (80.6%)
HyperText Markup Language (19.3%)
ssdeep: 48:yGMHyjuA1gPcPFxH/qBfCccADIZDEoxbBZDnrc:LMHIYqca/8oRk
sigcheck: publisher....: n/a
copyright....: n/a
product......: n/a
description..: n/a
original name: n/a
internal name: n/a
file version.: n/a
comments.....: n/a
signers......: -
signing date.: -
verified.....: Unsigned
PEiD : -
RDS : NSRL Reference Data Set
igiyovox.dll
Code:
Alles auswählen Aufklappen ATTFilter
File yahoo_1_ received on 2010.07.15 15:59:08 (UTC)
Current status: finished
Result: 8/38 (21.05%)
Compact Compact
Print results Print results
Antivirus Version Last Update Result
a-squared 5.0.0.31 2010.07.15 Trojan.JS.FakeSpypro!IK
AhnLab-V3 2010.07.15.01 2010.07.15 -
AntiVir 8.2.4.10 2010.07.15 -
Antiy-AVL 2.0.3.7 2010.07.15 -
Authentium 5.2.0.5 2010.07.15 -
Avast 4.8.1351.0 2010.07.15 -
Avast5 5.0.332.0 2010.07.15 -
BitDefender 7.2 2010.07.15 Trojan.FakeAV.KZQ
CAT-QuickHeal 11.00 2010.07.15 -
ClamAV 0.96.0.3-git 2010.07.15 -
Comodo 5438 2010.07.15 -
eTrust-Vet 36.1.7710 2010.07.15 HTML/FakeAlert.BHB
F-Prot 4.6.1.107 2010.07.15 -
Fortinet 4.1.143.0 2010.07.15 -
GData 21 2010.07.15 Trojan.FakeAV.KZQ
Ikarus T3.1.1.84.0 2010.07.15 Trojan.JS.FakeSpypro
Jiangmin 13.0.900 2010.07.15 -
Kaspersky 7.0.0.125 2010.07.15 -
McAfee 5.400.0.1158 2010.07.15 -
McAfee-GW-Edition 2010.1 2010.07.15 -
Microsoft 1.5902 2010.07.15 Trojan:JS/FakeSpypro
NOD32 5281 2010.07.15 -
Norman 6.05.11 2010.07.15 -
nProtect 2010-07-15.02 2010.07.15 Trojan.FakeAV.KZQ
Panda 10.0.2.7 2010.07.15 -
PCTools 7.0.3.5 2010.07.15 -
Prevx 3.0 2010.07.15 -
Rising 22.56.03.04 2010.07.15 -
Sophos 4.55.0 2010.07.15 Mal/FakeAvHm-A
Sunbelt 6587 2010.07.15 -
SUPERAntiSpyware 4.40.0.1006 2010.07.15 -
Symantec 20101.1.1.7 2010.07.15 -
TheHacker 6.5.2.1.316 2010.07.15 -
TrendMicro 9.120.0.1004 2010.07.15 -
TrendMicro-HouseCall 9.120.0.1004 2010.07.15 -
VBA32 3.12.12.6 2010.07.15 -
ViRobot 2010.7.12.3932 2010.07.15 -
VirusBuster 5.0.27.0 2010.07.14 -
Additional information
File size: 2716 bytes
MD5 : a5d202d140c48986bae5a927c053b16d
SHA1 : b88ce11f4d69356ac71c23b59eee631b435b5541
SHA256: 999272c7ff116aa898b5942f706c6bf460d31445f4053a5256424d75bb688391
TrID : File type identification
HyperText Markup Language with DOCTYPE (80.6%)
HyperText Markup Language (19.3%)
ssdeep: 48:yGMHyjuA1gPcPFxH/qBfCccADIZDEoxbBZDnrc:LMHIYqca/8oRk
sigcheck: publisher....: n/a
copyright....: n/a
product......: n/a
description..: n/a
original name: n/a
internal name: n/a
file version.: n/a
comments.....: n/a
signers......: -
signing date.: -
verified.....: Unsigned
PEiD : -
RDS : NSRL Reference Data Set
izecoqaf.dll
Code:
Alles auswählen Aufklappen ATTFilter
File yahoo_1_ received on 2010.07.15 15:59:08 (UTC)
Current status: finished
Result: 8/38 (21.05%)
Compact Compact
Print results Print results
Antivirus Version Last Update Result
a-squared 5.0.0.31 2010.07.15 Trojan.JS.FakeSpypro!IK
AhnLab-V3 2010.07.15.01 2010.07.15 -
AntiVir 8.2.4.10 2010.07.15 -
Antiy-AVL 2.0.3.7 2010.07.15 -
Authentium 5.2.0.5 2010.07.15 -
Avast 4.8.1351.0 2010.07.15 -
Avast5 5.0.332.0 2010.07.15 -
BitDefender 7.2 2010.07.15 Trojan.FakeAV.KZQ
CAT-QuickHeal 11.00 2010.07.15 -
ClamAV 0.96.0.3-git 2010.07.15 -
Comodo 5438 2010.07.15 -
eTrust-Vet 36.1.7710 2010.07.15 HTML/FakeAlert.BHB
F-Prot 4.6.1.107 2010.07.15 -
Fortinet 4.1.143.0 2010.07.15 -
GData 21 2010.07.15 Trojan.FakeAV.KZQ
Ikarus T3.1.1.84.0 2010.07.15 Trojan.JS.FakeSpypro
Jiangmin 13.0.900 2010.07.15 -
Kaspersky 7.0.0.125 2010.07.15 -
McAfee 5.400.0.1158 2010.07.15 -
McAfee-GW-Edition 2010.1 2010.07.15 -
Microsoft 1.5902 2010.07.15 Trojan:JS/FakeSpypro
NOD32 5281 2010.07.15 -
Norman 6.05.11 2010.07.15 -
nProtect 2010-07-15.02 2010.07.15 Trojan.FakeAV.KZQ
Panda 10.0.2.7 2010.07.15 -
PCTools 7.0.3.5 2010.07.15 -
Prevx 3.0 2010.07.15 -
Rising 22.56.03.04 2010.07.15 -
Sophos 4.55.0 2010.07.15 Mal/FakeAvHm-A
Sunbelt 6587 2010.07.15 -
SUPERAntiSpyware 4.40.0.1006 2010.07.15 -
Symantec 20101.1.1.7 2010.07.15 -
TheHacker 6.5.2.1.316 2010.07.15 -
TrendMicro 9.120.0.1004 2010.07.15 -
TrendMicro-HouseCall 9.120.0.1004 2010.07.15 -
VBA32 3.12.12.6 2010.07.15 -
ViRobot 2010.7.12.3932 2010.07.15 -
VirusBuster 5.0.27.0 2010.07.14 -
Additional information
File size: 2716 bytes
MD5 : a5d202d140c48986bae5a927c053b16d
SHA1 : b88ce11f4d69356ac71c23b59eee631b435b5541
SHA256: 999272c7ff116aa898b5942f706c6bf460d31445f4053a5256424d75bb688391
TrID : File type identification
HyperText Markup Language with DOCTYPE (80.6%)
HyperText Markup Language (19.3%)
ssdeep: 48:yGMHyjuA1gPcPFxH/qBfCccADIZDEoxbBZDnrc:LMHIYqca/8oRk
sigcheck: publisher....: n/a
copyright....: n/a
product......: n/a
description..: n/a
original name: n/a
internal name: n/a
file version.: n/a
comments.....: n/a
signers......: -
signing date.: -
verified.....: Unsigned
PEiD : -
RDS : NSRL Reference Data Set
eqawinaqa.dll
Code:
Alles auswählen Aufklappen ATTFilter
File yahoo_1_ received on 2010.07.15 15:59:08 (UTC)
Current status: finished
Result: 8/38 (21.05%)
Compact Compact
Print results Print results
Antivirus Version Last Update Result
a-squared 5.0.0.31 2010.07.15 Trojan.JS.FakeSpypro!IK
AhnLab-V3 2010.07.15.01 2010.07.15 -
AntiVir 8.2.4.10 2010.07.15 -
Antiy-AVL 2.0.3.7 2010.07.15 -
Authentium 5.2.0.5 2010.07.15 -
Avast 4.8.1351.0 2010.07.15 -
Avast5 5.0.332.0 2010.07.15 -
BitDefender 7.2 2010.07.15 Trojan.FakeAV.KZQ
CAT-QuickHeal 11.00 2010.07.15 -
ClamAV 0.96.0.3-git 2010.07.15 -
Comodo 5438 2010.07.15 -
eTrust-Vet 36.1.7710 2010.07.15 HTML/FakeAlert.BHB
F-Prot 4.6.1.107 2010.07.15 -
Fortinet 4.1.143.0 2010.07.15 -
GData 21 2010.07.15 Trojan.FakeAV.KZQ
Ikarus T3.1.1.84.0 2010.07.15 Trojan.JS.FakeSpypro
Jiangmin 13.0.900 2010.07.15 -
Kaspersky 7.0.0.125 2010.07.15 -
McAfee 5.400.0.1158 2010.07.15 -
McAfee-GW-Edition 2010.1 2010.07.15 -
Microsoft 1.5902 2010.07.15 Trojan:JS/FakeSpypro
NOD32 5281 2010.07.15 -
Norman 6.05.11 2010.07.15 -
nProtect 2010-07-15.02 2010.07.15 Trojan.FakeAV.KZQ
Panda 10.0.2.7 2010.07.15 -
PCTools 7.0.3.5 2010.07.15 -
Prevx 3.0 2010.07.15 -
Rising 22.56.03.04 2010.07.15 -
Sophos 4.55.0 2010.07.15 Mal/FakeAvHm-A
Sunbelt 6587 2010.07.15 -
SUPERAntiSpyware 4.40.0.1006 2010.07.15 -
Symantec 20101.1.1.7 2010.07.15 -
TheHacker 6.5.2.1.316 2010.07.15 -
TrendMicro 9.120.0.1004 2010.07.15 -
TrendMicro-HouseCall 9.120.0.1004 2010.07.15 -
VBA32 3.12.12.6 2010.07.15 -
ViRobot 2010.7.12.3932 2010.07.15 -
VirusBuster 5.0.27.0 2010.07.14 -
Additional information
File size: 2716 bytes
MD5 : a5d202d140c48986bae5a927c053b16d
SHA1 : b88ce11f4d69356ac71c23b59eee631b435b5541
SHA256: 999272c7ff116aa898b5942f706c6bf460d31445f4053a5256424d75bb688391
TrID : File type identification
HyperText Markup Language with DOCTYPE (80.6%)
HyperText Markup Language (19.3%)
ssdeep: 48:yGMHyjuA1gPcPFxH/qBfCccADIZDEoxbBZDnrc:LMHIYqca/8oRk
sigcheck: publisher....: n/a
copyright....: n/a
product......: n/a
description..: n/a
original name: n/a
internal name: n/a
file version.: n/a
comments.....: n/a
signers......: -
signing date.: -
verified.....: Unsigned
PEiD : -
RDS : NSRL Reference Data Set
ayiyiyim.dll
Code:
Alles auswählen Aufklappen ATTFilter
File yahoo_1_ received on 2010.07.15 15:59:08 (UTC)
Current status: finished
Result: 8/38 (21.05%)
Compact Compact
Print results Print results
Antivirus Version Last Update Result
a-squared 5.0.0.31 2010.07.15 Trojan.JS.FakeSpypro!IK
AhnLab-V3 2010.07.15.01 2010.07.15 -
AntiVir 8.2.4.10 2010.07.15 -
Antiy-AVL 2.0.3.7 2010.07.15 -
Authentium 5.2.0.5 2010.07.15 -
Avast 4.8.1351.0 2010.07.15 -
Avast5 5.0.332.0 2010.07.15 -
BitDefender 7.2 2010.07.15 Trojan.FakeAV.KZQ
CAT-QuickHeal 11.00 2010.07.15 -
ClamAV 0.96.0.3-git 2010.07.15 -
Comodo 5438 2010.07.15 -
eTrust-Vet 36.1.7710 2010.07.15 HTML/FakeAlert.BHB
F-Prot 4.6.1.107 2010.07.15 -
Fortinet 4.1.143.0 2010.07.15 -
GData 21 2010.07.15 Trojan.FakeAV.KZQ
Ikarus T3.1.1.84.0 2010.07.15 Trojan.JS.FakeSpypro
Jiangmin 13.0.900 2010.07.15 -
Kaspersky 7.0.0.125 2010.07.15 -
McAfee 5.400.0.1158 2010.07.15 -
McAfee-GW-Edition 2010.1 2010.07.15 -
Microsoft 1.5902 2010.07.15 Trojan:JS/FakeSpypro
NOD32 5281 2010.07.15 -
Norman 6.05.11 2010.07.15 -
nProtect 2010-07-15.02 2010.07.15 Trojan.FakeAV.KZQ
Panda 10.0.2.7 2010.07.15 -
PCTools 7.0.3.5 2010.07.15 -
Prevx 3.0 2010.07.15 -
Rising 22.56.03.04 2010.07.15 -
Sophos 4.55.0 2010.07.15 Mal/FakeAvHm-A
Sunbelt 6587 2010.07.15 -
SUPERAntiSpyware 4.40.0.1006 2010.07.15 -
Symantec 20101.1.1.7 2010.07.15 -
TheHacker 6.5.2.1.316 2010.07.15 -
TrendMicro 9.120.0.1004 2010.07.15 -
TrendMicro-HouseCall 9.120.0.1004 2010.07.15 -
VBA32 3.12.12.6 2010.07.15 -
ViRobot 2010.7.12.3932 2010.07.15 -
VirusBuster 5.0.27.0 2010.07.14 -
Additional information
File size: 2716 bytes
MD5 : a5d202d140c48986bae5a927c053b16d
SHA1 : b88ce11f4d69356ac71c23b59eee631b435b5541
SHA256: 999272c7ff116aa898b5942f706c6bf460d31445f4053a5256424d75bb688391
TrID : File type identification
HyperText Markup Language with DOCTYPE (80.6%)
HyperText Markup Language (19.3%)
ssdeep: 48:yGMHyjuA1gPcPFxH/qBfCccADIZDEoxbBZDnrc:LMHIYqca/8oRk
sigcheck: publisher....: n/a
copyright....: n/a
product......: n/a
description..: n/a
original name: n/a
internal name: n/a
file version.: n/a
comments.....: n/a
signers......: -
signing date.: -
verified.....: Unsigned
PEiD : -
RDS : NSRL Reference Data Set
-
Der Rest ist verschwunden, weil ich vor deiner antwort das antimalware habe laufen lassen. diesmal mit update und vollscan. die gefundenen objekte habe ich volley gelöscht.
danke & grüße
caruso2010
Baum-Darstellung