fheydbueyj.exe im Autostart. Was ist das?

p3ng · 21.10.2010, 12:01

Root repeal log:
Drivers:

Code:

ATTFilter

ROOTREPEAL (c) AD, 2007-2009
==================================================
Scan Start Time:        2010/10/20 17:02
Program Version:        Version 1.3.5.0
Windows Version:        Windows XP SP3
==================================================

Drivers
-------------------
Name: aaquiu3r.SYS
Image Path: C:\WINDOWS\System32\Drivers\aaquiu3r.SYS
Address: 0xB8432000    Size: 229376    File Visible: -    Signed: -
Status: -

Name: ACPI.sys
Image Path: ACPI.sys
Address: 0xB9E5F000    Size: 188800    File Visible: -    Signed: -
Status: -

Name: ACPI_HAL
Image Path: \Driver\ACPI_HAL
Address: 0x804D7000    Size: 2154496    File Visible: -    Signed: -
Status: -

Name: afd.sys
Image Path: C:\WINDOWS\System32\drivers\afd.sys
Address: 0xA5DA8000    Size: 138112    File Visible: -    Signed: -
Status: -

Name: atapi.sys
Image Path: atapi.sys
Address: 0xB9DF1000    Size: 98304    File Visible: -    Signed: -
Status: -

Name: atapi.sys
Image Path: atapi.sys
Address: 0x00000000    Size: 0    File Visible: -    Signed: -
Status: -

Name: ati2cqag.dll
Image Path: C:\WINDOWS\System32\ati2cqag.dll
Address: 0xBF06A000    Size: 577536    File Visible: -    Signed: -
Status: -

Name: ati2dvag.dll
Image Path: C:\WINDOWS\System32\ati2dvag.dll
Address: 0xBF019000    Size: 331776    File Visible: -    Signed: -
Status: -

Name: ati2mtag.sys
Image Path: C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
Address: 0xB8501000    Size: 5455872    File Visible: -    Signed: -
Status: -

Name: ati3duag.dll
Image Path: C:\WINDOWS\System32\ati3duag.dll
Address: 0xBF1B4000    Size: 4120576    File Visible: -    Signed: -
Status: -

Name: atikvmag.dll
Image Path: C:\WINDOWS\System32\atikvmag.dll
Address: 0xBF0F7000    Size: 471040    File Visible: -    Signed: -
Status: -

Name: atiok3x2.dll
Image Path: C:\WINDOWS\System32\atiok3x2.dll
Address: 0xBF16A000    Size: 303104    File Visible: -    Signed: -
Status: -

Name: ativvaxx.dll
Image Path: C:\WINDOWS\System32\ativvaxx.dll
Address: 0xBF9C3000    Size: 2498560    File Visible: -    Signed: -
Status: -

Name: ATMFD.DLL
Image Path: C:\WINDOWS\System32\ATMFD.DLL
Address: 0xBFFA0000    Size: 286720    File Visible: -    Signed: -
Status: -

Name: avgio.sys
Image Path: D:\Programme\Avira\AntiVir Desktop\avgio.sys
Address: 0xA224B000    Size: 6144    File Visible: -    Signed: -
Status: -

Name: avgntflt.sys
Image Path: C:\WINDOWS\system32\DRIVERS\avgntflt.sys
Address: 0x9E1E5000    Size: 81920    File Visible: -    Signed: -
Status: -

Name: avipbb.sys
Image Path: C:\WINDOWS\system32\DRIVERS\avipbb.sys
Address: 0xA0E06000    Size: 114688    File Visible: -    Signed: -
Status: -

Name: Beep.SYS
Image Path: C:\WINDOWS\System32\Drivers\Beep.SYS
Address: 0xBA5C4000    Size: 4224    File Visible: -    Signed: -
Status: -

Name: BOOTVID.dll
Image Path: C:\WINDOWS\system32\BOOTVID.dll
Address: 0xBA4B8000    Size: 12288    File Visible: -    Signed: -
Status: -

Name: camfilt2.sys
Image Path: C:\WINDOWS\system32\DRIVERS\camfilt2.sys
Address: 0xA040A000    Size: 94720    File Visible: -    Signed: -
Status: -

Name: Cdfs.SYS
Image Path: C:\WINDOWS\System32\Drivers\Cdfs.SYS
Address: 0xA1536000    Size: 63744    File Visible: -    Signed: -
Status: -

Name: cdrom.sys
Image Path: C:\WINDOWS\system32\DRIVERS\cdrom.sys
Address: 0xBA2F8000    Size: 62976    File Visible: -    Signed: -
Status: -

Name: CLASSPNP.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\CLASSPNP.SYS
Address: 0xBA0F8000    Size: 53248    File Visible: -    Signed: -
Status: -

Name: disk.sys
Image Path: disk.sys
Address: 0xBA0E8000    Size: 36352    File Visible: -    Signed: -
Status: -

Name: dmio.sys
Image Path: dmio.sys
Address: 0xB9E09000    Size: 154112    File Visible: -    Signed: -
Status: -

Name: dmload.sys
Image Path: dmload.sys
Address: 0xBA5AC000    Size: 5888    File Visible: -    Signed: -
Status: -

Name: drmk.sys
Image Path: C:\WINDOWS\system32\drivers\drmk.sys
Address: 0xBA1F8000    Size: 61440    File Visible: -    Signed: -
Status: -

Name: dump_diskdump.sys
Image Path: C:\WINDOWS\System32\Drivers\dump_diskdump.sys
Address: 0xA1AE8000    Size: 16384    File Visible: No    Signed: -
Status: -

Name: dump_JRAID.sys
Image Path: C:\WINDOWS\System32\Drivers\dump_JRAID.sys
Address: 0xA1506000    Size: 45056    File Visible: No    Signed: -
Status: -

Name: Dxapi.sys
Image Path: C:\WINDOWS\System32\drivers\Dxapi.sys
Address: 0xA109A000    Size: 12288    File Visible: -    Signed: -
Status: -

Name: dxg.sys
Image Path: C:\WINDOWS\System32\drivers\dxg.sys
Address: 0xBF000000    Size: 73728    File Visible: -    Signed: -
Status: -

Name: dxgthk.sys
Image Path: C:\WINDOWS\System32\drivers\dxgthk.sys
Address: 0xA10DE000    Size: 4096    File Visible: -    Signed: -
Status: -

Name: fdc.sys
Image Path: C:\WINDOWS\system32\DRIVERS\fdc.sys
Address: 0xBA448000    Size: 27392    File Visible: -    Signed: -
Status: -

Name: Fips.SYS
Image Path: C:\WINDOWS\System32\Drivers\Fips.SYS
Address: 0xA86B9000    Size: 44672    File Visible: -    Signed: -
Status: -

Name: flpydisk.sys
Image Path: C:\WINDOWS\system32\DRIVERS\flpydisk.sys
Address: 0xA8C12000    Size: 20480    File Visible: -    Signed: -
Status: -

Name: fltmgr.sys
Image Path: fltmgr.sys
Address: 0xB9DD1000    Size: 129792    File Visible: -    Signed: -
Status: -

Name: Fs_Rec.SYS
Image Path: C:\WINDOWS\System32\Drivers\Fs_Rec.SYS
Address: 0xBA5C2000    Size: 7936    File Visible: -    Signed: -
Status: -

Name: ftdisk.sys
Image Path: ftdisk.sys
Address: 0xB9E2F000    Size: 126336    File Visible: -    Signed: -
Status: -

Name: hal.dll
Image Path: C:\WINDOWS\system32\hal.dll
Address: 0x806E5000    Size: 134400    File Visible: -    Signed: -
Status: -

Name: HDAudBus.sys
Image Path: C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
Address: 0xB84C5000    Size: 163840    File Visible: -    Signed: -
Status: -

Name: HIDCLASS.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\HIDCLASS.SYS
Address: 0xA82D6000    Size: 36864    File Visible: -    Signed: -
Status: -

Name: HIDPARSE.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\HIDPARSE.SYS
Address: 0xA8BFA000    Size: 28672    File Visible: -    Signed: -
Status: -

Name: hidusb.sys
Image Path: C:\WINDOWS\system32\DRIVERS\hidusb.sys
Address: 0xA8950000    Size: 10368    File Visible: -    Signed: -
Status: -

Name: HTTP.sys
Image Path: C:\WINDOWS\System32\Drivers\HTTP.sys
Address: 0x9D493000    Size: 264832    File Visible: -    Signed: -
Status: -

Name: i8042prt.sys
Image Path: C:\WINDOWS\system32\DRIVERS\i8042prt.sys
Address: 0xBA168000    Size: 52992    File Visible: -    Signed: -
Status: -

Name: imapi.sys
Image Path: C:\WINDOWS\system32\DRIVERS\imapi.sys
Address: 0xBA2E8000    Size: 42112    File Visible: -    Signed: -
Status: -

Name: intelppm.sys
Image Path: C:\WINDOWS\system32\DRIVERS\intelppm.sys
Address: 0xBA2D8000    Size: 40448    File Visible: -    Signed: -
Status: -

Name: ipnat.sys
Image Path: C:\WINDOWS\system32\DRIVERS\ipnat.sys
Address: 0xA5DCA000    Size: 152832    File Visible: -    Signed: -
Status: -

Name: ipsec.sys
Image Path: C:\WINDOWS\system32\DRIVERS\ipsec.sys
Address: 0xA5EDE000    Size: 75264    File Visible: -    Signed: -
Status: -

Name: isapnp.sys
Image Path: isapnp.sys
Address: 0xBA0A8000    Size: 37632    File Visible: -    Signed: -
Status: -

Name: JGOGO.sys
Image Path: JGOGO.sys
Address: 0xBA5AE000    Size: 6912    File Visible: -    Signed: -
Status: -

Name: jraid.sys
Image Path: jraid.sys
Address: 0xBA0D8000    Size: 44928    File Visible: -    Signed: -
Status: -

Name: kbdclass.sys
Image Path: C:\WINDOWS\system32\DRIVERS\kbdclass.sys
Address: 0xBA450000    Size: 25216    File Visible: -    Signed: -
Status: -

Name: KDCOM.DLL
Image Path: C:\WINDOWS\system32\KDCOM.DLL
Address: 0xBA5A8000    Size: 8192    File Visible: -    Signed: -
Status: -

Name: ks.sys
Image Path: C:\WINDOWS\system32\DRIVERS\ks.sys
Address: 0xB847E000    Size: 143360    File Visible: -    Signed: -
Status: -

Name: KSecDD.sys
Image Path: KSecDD.sys
Address: 0xB9DA8000    Size: 92288    File Visible: -    Signed: -
Status: -

Name: Lbd.sys
Image Path: Lbd.sys
Address: 0xBA108000    Size: 57600    File Visible: -    Signed: -
Status: -

Name: LGDispDrv.dll
Image Path: C:\WINDOWS\System32\LGDispDrv.dll
Address: 0xBF012000    Size: 28672    File Visible: -    Signed: -
Status: -

Name: mnmdd.SYS
Image Path: C:\WINDOWS\System32\Drivers\mnmdd.SYS
Address: 0xBA5C6000    Size: 4224    File Visible: -    Signed: -
Status: -

Name: mouclass.sys
Image Path: C:\WINDOWS\system32\DRIVERS\mouclass.sys
Address: 0xBA3A0000    Size: 23552    File Visible: -    Signed: -
Status: -

Name: mouhid.sys
Image Path: C:\WINDOWS\system32\DRIVERS\mouhid.sys
Address: 0xA898E000    Size: 12288    File Visible: -    Signed: -
Status: -

Name: MountMgr.sys
Image Path: MountMgr.sys
Address: 0xBA0B8000    Size: 42368    File Visible: -    Signed: -
Status: -

Name: mrxdav.sys
Image Path: C:\WINDOWS\system32\DRIVERS\mrxdav.sys
Address: 0x9E0C8000    Size: 180608    File Visible: -    Signed: -
Status: -

Name: mrxsmb.sys
Image Path: C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
Address: 0xA5D0D000    Size: 456576    File Visible: -    Signed: -
Status: -

Name: Msfs.SYS
Image Path: C:\WINDOWS\System32\Drivers\Msfs.SYS
Address: 0xA9156000    Size: 19072    File Visible: -    Signed: -
Status: -

Name: msgpc.sys
Image Path: C:\WINDOWS\system32\DRIVERS\msgpc.sys
Address: 0xB8AA5000    Size: 35072    File Visible: -    Signed: -
Status: -

Name: mssmbios.sys
Image Path: C:\WINDOWS\system32\DRIVERS\mssmbios.sys
Address: 0xBA56C000    Size: 15488    File Visible: -    Signed: -
Status: -

Name: Mup.sys
Image Path: Mup.sys
Address: 0xB9CD4000    Size: 105344    File Visible: -    Signed: -
Status: -

Name: NDIS.sys
Image Path: NDIS.sys
Address: 0xB9CEE000    Size: 182656    File Visible: -    Signed: -
Status: -

Name: ndistapi.sys
Image Path: C:\WINDOWS\system32\DRIVERS\ndistapi.sys
Address: 0xB963F000    Size: 10112    File Visible: -    Signed: -
Status: -

Name: ndisuio.sys
Image Path: C:\WINDOWS\system32\DRIVERS\ndisuio.sys
Address: 0xA22B7000    Size: 14592    File Visible: -    Signed: -
Status: -

Name: ndiswan.sys
Image Path: C:\WINDOWS\system32\DRIVERS\ndiswan.sys
Address: 0xB841B000    Size: 91520    File Visible: -    Signed: -
Status: -

Name: NDProxy.SYS
Image Path: C:\WINDOWS\System32\Drivers\NDProxy.SYS
Address: 0xBA1E8000    Size: 40576    File Visible: -    Signed: -
Status: -

Name: netbios.sys
Image Path: C:\WINDOWS\system32\DRIVERS\netbios.sys
Address: 0xA86C9000    Size: 34688    File Visible: -    Signed: -
Status: -

Name: netbt.sys
Image Path: C:\WINDOWS\system32\DRIVERS\netbt.sys
Address: 0xA5DF0000    Size: 162816    File Visible: -    Signed: -
Status: -

Name: Npfs.SYS
Image Path: C:\WINDOWS\System32\Drivers\Npfs.SYS
Address: 0xA88F3000    Size: 30848    File Visible: -    Signed: -
Status: -

Name: Ntfs.sys
Image Path: Ntfs.sys
Address: 0xB9D1B000    Size: 574976    File Visible: -    Signed: -
Status: -

Name: ntkrnlpa.exe
Image Path: C:\WINDOWS\system32\ntkrnlpa.exe
Address: 0x804D7000    Size: 2154496    File Visible: -    Signed: -
Status: -

Name: Null.SYS
Image Path: C:\WINDOWS\System32\Drivers\Null.SYS
Address: 0xA8250000    Size: 2944    File Visible: -    Signed: -
Status: -

Name: parport.sys
Image Path: C:\WINDOWS\system32\DRIVERS\parport.sys
Address: 0xB846A000    Size: 80384    File Visible: -    Signed: -
Status: -

Name: PartMgr.sys
Image Path: PartMgr.sys
Address: 0xBA330000    Size: 19712    File Visible: -    Signed: -
Status: -

Name: ParVdm.SYS
Image Path: C:\WINDOWS\System32\Drivers\ParVdm.SYS
Address: 0xA2241000    Size: 7040    File Visible: -    Signed: -
Status: -

Name: pci.sys
Image Path: pci.sys
Address: 0xB9E4E000    Size: 68224    File Visible: -    Signed: -
Status: -

Name: PCI_PNP0042
Image Path: \Driver\PCI_PNP0042
Address: 0x00000000    Size: 0    File Visible: No    Signed: -
Status: -

Name: pciide.sys
Image Path: pciide.sys
Address: 0xBA670000    Size: 3328    File Visible: -    Signed: -
Status: -

Name: PCIIDEX.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\PCIIDEX.SYS
Address: 0xBA328000    Size: 28672    File Visible: -    Signed: -
Status: -

Name: PnpManager
Image Path: \Driver\PnpManager
Address: 0x804D7000    Size: 2154496    File Visible: -    Signed: -
Status: -

Name: portcls.sys
Image Path: C:\WINDOWS\system32\drivers\portcls.sys
Address: 0xAAF8F000    Size: 147456    File Visible: -    Signed: -
Status: -

Name: psched.sys
Image Path: C:\WINDOWS\system32\DRIVERS\psched.sys
Address: 0xB840A000    Size: 69120    File Visible: -    Signed: -
Status: -

Name: ptilink.sys
Image Path: C:\WINDOWS\system32\DRIVERS\ptilink.sys
Address: 0xBA3C8000    Size: 17792    File Visible: -    Signed: -
Status: -

Name: PxHelp20.sys
Image Path: PxHelp20.sys
Address: 0xBA118000    Size: 35712    File Visible: -    Signed: -
Status: -

Name: rasacd.sys
Image Path: C:\WINDOWS\system32\DRIVERS\rasacd.sys
Address: 0xA898A000    Size: 8832    File Visible: -    Signed: -
Status: -

Name: rasl2tp.sys
Image Path: C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
Address: 0xBA178000    Size: 51328    File Visible: -    Signed: -
Status: -

Name: raspppoe.sys
Image Path: C:\WINDOWS\system32\DRIVERS\raspppoe.sys
Address: 0xBA188000    Size: 41472    File Visible: -    Signed: -
Status: -

Name: raspptp.sys
Image Path: C:\WINDOWS\system32\DRIVERS\raspptp.sys
Address: 0xB8AB5000    Size: 48384    File Visible: -    Signed: -
Status: -

Name: raspti.sys
Image Path: C:\WINDOWS\system32\DRIVERS\raspti.sys
Address: 0xBA3D8000    Size: 16512    File Visible: -    Signed: -
Status: -

Name: RAW
Image Path: \FileSystem\RAW
Address: 0x804D7000    Size: 2154496    File Visible: -    Signed: -
Status: -

Name: rdbss.sys
Image Path: C:\WINDOWS\system32\DRIVERS\rdbss.sys
Address: 0xA5D7D000    Size: 175744    File Visible: -    Signed: -
Status: -

Name: RDPCDD.sys
Image Path: C:\WINDOWS\System32\DRIVERS\RDPCDD.sys
Address: 0xBA5C8000    Size: 4224    File Visible: -    Signed: -
Status: -

Name: rdpdr.sys
Image Path: C:\WINDOWS\system32\DRIVERS\rdpdr.sys
Address: 0xB82B7000    Size: 196224    File Visible: -    Signed: -
Status: -

Name: redbook.sys
Image Path: C:\WINDOWS\system32\DRIVERS\redbook.sys
Address: 0xBA308000    Size: 57728    File Visible: -    Signed: -
Status: -

Name: rootrepeal.sys
Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys
Address: 0x9D57F000    Size: 49152    File Visible: No    Signed: -
Status: -

Name: RtkHDAud.sys
Image Path: C:\WINDOWS\system32\drivers\RtkHDAud.sys
Address: 0xAAFB3000    Size: 4919296    File Visible: -    Signed: -
Status: -

Name: RTL8139.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\RTL8139.SYS
Address: 0xBA440000    Size: 20992    File Visible: -    Signed: -
Status: -

Name: SCSIPORT.SYS
Image Path: C:\WINDOWS\System32\Drivers\SCSIPORT.SYS
Address: 0xB9E8E000    Size: 98304    File Visible: -    Signed: -
Status: -

Name: serenum.sys
Image Path: C:\WINDOWS\system32\DRIVERS\serenum.sys
Address: 0xBA55C000    Size: 15744    File Visible: -    Signed: -
Status: -

Name: serial.sys
Image Path: C:\WINDOWS\system32\DRIVERS\serial.sys
Address: 0xBA158000    Size: 65536    File Visible: -    Signed: -
Status: -

Name: snpstd3.sys
Image Path: C:\WINDOWS\system32\DRIVERS\snpstd3.sys
Address: 0xA0422000    Size: 10371072    File Visible: -    Signed: -
Status: -

Name: spry.sys
Image Path: spry.sys
Address: 0xB9EA6000    Size: 1052672    File Visible: No    Signed: -
Status: -

Name: sptd
Image Path: \Driver\sptd
Address: 0x00000000    Size: 0    File Visible: No    Signed: -
Status: -

Name: sr.sys
Image Path: sr.sys
Address: 0xB9DBF000    Size: 73472    File Visible: -    Signed: -
Status: -

Name: srv.sys
Image Path: C:\WINDOWS\system32\DRIVERS\srv.sys
Address: 0x9DDB9000    Size: 334848    File Visible: -    Signed: -
Status: -

Name: ssmdrv.sys
Image Path: C:\WINDOWS\system32\DRIVERS\ssmdrv.sys
Address: 0xA88EB000    Size: 23040    File Visible: -    Signed: -
Status: -

Name: STREAM.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\STREAM.SYS
Address: 0xA1526000    Size: 53248    File Visible: -    Signed: -
Status: -

Name: swenum.sys
Image Path: C:\WINDOWS\system32\DRIVERS\swenum.sys
Address: 0xBA5F2000    Size: 4352    File Visible: -    Signed: -
Status: -

Name: sysaudio.sys
Image Path: C:\WINDOWS\system32\drivers\sysaudio.sys
Address: 0xA940A000    Size: 60800    File Visible: -    Signed: -
Status: -

Name: tcpip.sys
Image Path: C:\WINDOWS\system32\DRIVERS\tcpip.sys
Address: 0xA5E18000    Size: 361344    File Visible: -    Signed: -
Status: -

Name: TDI.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\TDI.SYS
Address: 0xBA340000    Size: 20480    File Visible: -    Signed: -
Status: -

Name: termdd.sys
Image Path: C:\WINDOWS\system32\DRIVERS\termdd.sys
Address: 0xB8A75000    Size: 40704    File Visible: -    Signed: -
Status: -

Name: update.sys
Image Path: C:\WINDOWS\system32\DRIVERS\update.sys
Address: 0xB8259000    Size: 384768    File Visible: -    Signed: -
Status: -

Name: usbaudio.sys
Image Path: C:\WINDOWS\system32\drivers\usbaudio.sys
Address: 0xA1516000    Size: 60032    File Visible: -    Signed: -
Status: -

Name: usbccgp.sys
Image Path: C:\WINDOWS\system32\DRIVERS\usbccgp.sys
Address: 0xA1675000    Size: 32128    File Visible: -    Signed: -
Status: -

Name: USBD.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\USBD.SYS
Address: 0xBA5FE000    Size: 8192    File Visible: -    Signed: -
Status: -

Name: usbehci.sys
Image Path: C:\WINDOWS\system32\DRIVERS\usbehci.sys
Address: 0xBA438000    Size: 30208    File Visible: -    Signed: -
Status: -

Name: usbhub.sys
Image Path: C:\WINDOWS\system32\DRIVERS\usbhub.sys
Address: 0xB81D1000    Size: 59520    File Visible: -    Signed: -
Status: -

Name: USBPORT.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\USBPORT.SYS
Address: 0xB84A1000    Size: 147456    File Visible: -    Signed: -
Status: -

Name: usbuhci.sys
Image Path: C:\WINDOWS\system32\DRIVERS\usbuhci.sys
Address: 0xBA430000    Size: 20608    File Visible: -    Signed: -
Status: -

Name: vga.sys
Image Path: C:\WINDOWS\System32\drivers\vga.sys
Address: 0xA915E000    Size: 20992    File Visible: -    Signed: -
Status: -

Name: VIDEOPRT.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\VIDEOPRT.SYS
Address: 0xB84ED000    Size: 81920    File Visible: -    Signed: -
Status: -

Name: VolSnap.sys
Image Path: VolSnap.sys
Address: 0xBA0C8000    Size: 53760    File Visible: -    Signed: -
Status: -

Name: wanarp.sys
Image Path: C:\WINDOWS\system32\DRIVERS\wanarp.sys
Address: 0xA86D9000    Size: 34560    File Visible: -    Signed: -
Status: -

Name: watchdog.sys
Image Path: C:\WINDOWS\System32\watchdog.sys
Address: 0xA1665000    Size: 20480    File Visible: -    Signed: -
Status: -

Name: wdmaud.sys
Image Path: C:\WINDOWS\system32\drivers\wdmaud.sys
Address: 0x9E08B000    Size: 83072    File Visible: -    Signed: -
Status: -

Name: Win32k
Image Path: \Driver\Win32k
Address: 0xBF800000    Size: 1847296    File Visible: -    Signed: -
Status: -

Name: win32k.sys
Image Path: C:\WINDOWS\System32\win32k.sys
Address: 0xBF800000    Size: 1847296    File Visible: -    Signed: -
Status: -

Name: WMILIB.SYS
Image Path: C:\WINDOWS\System32\Drivers\WMILIB.SYS
Address: 0xBA5AA000    Size: 8192    File Visible: -    Signed: -
Status: -

Name: WMIxWDM
Image Path: \Driver\WMIxWDM
Address: 0x804D7000    Size: 2154496    File Visible: -    Signed: -
Status: -

Stealth Objects:

Code:

ATTFilter

ROOTREPEAL (c) AD, 2007-2009
==================================================
Scan Start Time:        2010/10/20 17:02
Program Version:        Version 1.3.5.0
Windows Version:        Windows XP SP3
==================================================

Stealth Objects
-------------------
Object: Hidden Code [Driver: Ntfs, IRP_MJ_CREATE]
Process: System    Address: 0x8b1151f8    Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_CLOSE]
Process: System    Address: 0x8b1151f8    Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_READ]
Process: System    Address: 0x8b1151f8    Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_WRITE]
Process: System    Address: 0x8b1151f8    Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_INFORMATION]
Process: System    Address: 0x8b1151f8    Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_INFORMATION]
Process: System    Address: 0x8b1151f8    Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_EA]
Process: System    Address: 0x8b1151f8    Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_EA]
Process: System    Address: 0x8b1151f8    Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_FLUSH_BUFFERS]
Process: System    Address: 0x8b1151f8    Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_VOLUME_INFORMATION]
Process: System    Address: 0x8b1151f8    Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_VOLUME_INFORMATION]
Process: System    Address: 0x8b1151f8    Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_DIRECTORY_CONTROL]
Process: System    Address: 0x8b1151f8    Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_FILE_SYSTEM_CONTROL]
Process: System    Address: 0x8b1151f8    Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_DEVICE_CONTROL]
Process: System    Address: 0x8b1151f8    Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SHUTDOWN]
Process: System    Address: 0x8b1151f8    Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_LOCK_CONTROL]
Process: System    Address: 0x8b1151f8    Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_CLEANUP]
Process: System    Address: 0x8b1151f8    Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_SECURITY]
Process: System    Address: 0x8b1151f8    Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_SECURITY]
Process: System    Address: 0x8b1151f8    Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_QUOTA]
Process: System    Address: 0x8b1151f8    Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_QUOTA]
Process: System    Address: 0x8b1151f8    Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_PNP]
Process: System    Address: 0x8b1151f8    Size: 121

Object: Hidden Code [Driver: aaquiu3rࠅఇ牐牣,䥸謕물맦물맦맦맦, IRP_MJ_CREATE]
Process: System    Address: 0x8ade31f8    Size: 121

Object: Hidden Code [Driver: aaquiu3rࠅఇ牐牣,䥸謕물맦물맦맦맦, IRP_MJ_CLOSE]
Process: System    Address: 0x8ade31f8    Size: 121

Object: Hidden Code [Driver: aaquiu3rࠅఇ牐牣,䥸謕물맦물맦맦맦, IRP_MJ_DEVICE_CONTROL]
Process: System    Address: 0x8ade31f8    Size: 121

Object: Hidden Code [Driver: aaquiu3rࠅఇ牐牣,䥸謕물맦물맦맦맦, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System    Address: 0x8ade31f8    Size: 121

Object: Hidden Code [Driver: aaquiu3rࠅఇ牐牣,䥸謕물맦물맦맦맦, IRP_MJ_POWER]
Process: System    Address: 0x8ade31f8    Size: 121

Object: Hidden Code [Driver: aaquiu3rࠅఇ牐牣,䥸謕물맦물맦맦맦, IRP_MJ_SYSTEM_CONTROL]
Process: System    Address: 0x8ade31f8    Size: 121

Object: Hidden Code [Driver: aaquiu3rࠅఇ牐牣,䥸謕물맦물맦맦맦, IRP_MJ_PNP]
Process: System    Address: 0x8ade31f8    Size: 121

Object: Hidden Code [Driver: Cdrom, IRP_MJ_CREATE]
Process: System    Address: 0x8ae8b1f8    Size: 121

Object: Hidden Code [Driver: Cdrom, IRP_MJ_CLOSE]
Process: System    Address: 0x8ae8b1f8    Size: 121

Object: Hidden Code [Driver: Cdrom, IRP_MJ_READ]
Process: System    Address: 0x8ae8b1f8    Size: 121

Object: Hidden Code [Driver: Cdrom, IRP_MJ_WRITE]
Process: System    Address: 0x8ae8b1f8    Size: 121

Object: Hidden Code [Driver: Cdrom, IRP_MJ_FLUSH_BUFFERS]
Process: System    Address: 0x8ae8b1f8    Size: 121

Object: Hidden Code [Driver: Cdrom, IRP_MJ_DEVICE_CONTROL]
Process: System    Address: 0x8ae8b1f8    Size: 121

Object: Hidden Code [Driver: Cdrom, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System    Address: 0x8ae8b1f8    Size: 121

Object: Hidden Code [Driver: Cdrom, IRP_MJ_SHUTDOWN]
Process: System    Address: 0x8ae8b1f8    Size: 121

Object: Hidden Code [Driver: Cdrom, IRP_MJ_POWER]
Process: System    Address: 0x8ae8b1f8    Size: 121

Object: Hidden Code [Driver: Cdrom, IRP_MJ_SYSTEM_CONTROL]
Process: System    Address: 0x8ae8b1f8    Size: 121

Object: Hidden Code [Driver: Cdrom, IRP_MJ_PNP]
Process: System    Address: 0x8ae8b1f8    Size: 121

Object: Hidden Code [Driver: JRAID, IRP_MJ_CREATE]
Process: System    Address: 0x8b1161f8    Size: 121

Object: Hidden Code [Driver: JRAID, IRP_MJ_CLOSE]
Process: System    Address: 0x8b1161f8    Size: 121

Object: Hidden Code [Driver: JRAID, IRP_MJ_DEVICE_CONTROL]
Process: System    Address: 0x8b1161f8    Size: 121

Object: Hidden Code [Driver: JRAID, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System    Address: 0x8b1161f8    Size: 121

Object: Hidden Code [Driver: JRAID, IRP_MJ_POWER]
Process: System    Address: 0x8b1161f8    Size: 121

Object: Hidden Code [Driver: JRAID, IRP_MJ_SYSTEM_CONTROL]
Process: System    Address: 0x8b1161f8    Size: 121

Object: Hidden Code [Driver: JRAID, IRP_MJ_PNP]
Process: System    Address: 0x8b1161f8    Size: 121

Object: Hidden Code [Driver: dmio, IRP_MJ_CREATE]
Process: System    Address: 0x8b1171f8    Size: 121

Object: Hidden Code [Driver: dmio, IRP_MJ_CLOSE]
Process: System    Address: 0x8b1171f8    Size: 121

Object: Hidden Code [Driver: dmio, IRP_MJ_READ]
Process: System    Address: 0x8b1171f8    Size: 121

Object: Hidden Code [Driver: dmio, IRP_MJ_WRITE]
Process: System    Address: 0x8b1171f8    Size: 121

Object: Hidden Code [Driver: dmio, IRP_MJ_FLUSH_BUFFERS]
Process: System    Address: 0x8b1171f8    Size: 121

Object: Hidden Code [Driver: dmio, IRP_MJ_DEVICE_CONTROL]
Process: System    Address: 0x8b1171f8    Size: 121

Object: Hidden Code [Driver: dmio, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System    Address: 0x8b1171f8    Size: 121

Object: Hidden Code [Driver: dmio, IRP_MJ_SHUTDOWN]
Process: System    Address: 0x8b1171f8    Size: 121

Object: Hidden Code [Driver: dmio, IRP_MJ_POWER]
Process: System    Address: 0x8b1171f8    Size: 121

Object: Hidden Code [Driver: dmio, IRP_MJ_SYSTEM_CONTROL]
Process: System    Address: 0x8b1171f8    Size: 121

Object: Hidden Code [Driver: dmio, IRP_MJ_PNP]
Process: System    Address: 0x8b1171f8    Size: 121

Object: Hidden Code [Driver: usbuhci, IRP_MJ_CREATE]
Process: System    Address: 0x8aedc1f8    Size: 121

Object: Hidden Code [Driver: usbuhci, IRP_MJ_CLOSE]
Process: System    Address: 0x8aedc1f8    Size: 121

Object: Hidden Code [Driver: usbuhci, IRP_MJ_DEVICE_CONTROL]
Process: System    Address: 0x8aedc1f8    Size: 121

Object: Hidden Code [Driver: usbuhci, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System    Address: 0x8aedc1f8    Size: 121

Object: Hidden Code [Driver: usbuhci, IRP_MJ_POWER]
Process: System    Address: 0x8aedc1f8    Size: 121

Object: Hidden Code [Driver: usbuhci, IRP_MJ_SYSTEM_CONTROL]
Process: System    Address: 0x8aedc1f8    Size: 121

Object: Hidden Code [Driver: usbuhci, IRP_MJ_PNP]
Process: System    Address: 0x8aedc1f8    Size: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_CREATE]
Process: System    Address: 0x8b18a1f8    Size: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_READ]
Process: System    Address: 0x8b18a1f8    Size: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_WRITE]
Process: System    Address: 0x8b18a1f8    Size: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_FLUSH_BUFFERS]
Process: System    Address: 0x8b18a1f8    Size: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_DEVICE_CONTROL]
Process: System    Address: 0x8b18a1f8    Size: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System    Address: 0x8b18a1f8    Size: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_SHUTDOWN]
Process: System    Address: 0x8b18a1f8    Size: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_CLEANUP]
Process: System    Address: 0x8b18a1f8    Size: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_POWER]
Process: System    Address: 0x8b18a1f8    Size: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_SYSTEM_CONTROL]
Process: System    Address: 0x8b18a1f8    Size: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_PNP]
Process: System    Address: 0x8b18a1f8    Size: 121

Object: Hidden Code [Driver: NetBT, IRP_MJ_CREATE]
Process: System    Address: 0x8a39f1f8    Size: 121

Object: Hidden Code [Driver: NetBT, IRP_MJ_CLOSE]
Process: System    Address: 0x8a39f1f8    Size: 121

Object: Hidden Code [Driver: NetBT, IRP_MJ_DEVICE_CONTROL]
Process: System    Address: 0x8a39f1f8    Size: 121

Object: Hidden Code [Driver: NetBT, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System    Address: 0x8a39f1f8    Size: 121

Object: Hidden Code [Driver: NetBT, IRP_MJ_CLEANUP]
Process: System    Address: 0x8a39f1f8    Size: 121

Object: Hidden Code [Driver: NetBT, IRP_MJ_PNP]
Process: System    Address: 0x8a39f1f8    Size: 121

Object: Hidden Code [Driver: usbehci, IRP_MJ_CREATE]
Process: System    Address: 0x8aea7500    Size: 121

Object: Hidden Code [Driver: usbehci, IRP_MJ_CLOSE]
Process: System    Address: 0x8aea7500    Size: 121

Object: Hidden Code [Driver: usbehci, IRP_MJ_DEVICE_CONTROL]
Process: System    Address: 0x8aea7500    Size: 121

Object: Hidden Code [Driver: usbehci, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System    Address: 0x8aea7500    Size: 121

Object: Hidden Code [Driver: usbehci, IRP_MJ_POWER]
Process: System    Address: 0x8aea7500    Size: 121

Object: Hidden Code [Driver: usbehci, IRP_MJ_SYSTEM_CONTROL]
Process: System    Address: 0x8aea7500    Size: 121

Object: Hidden Code [Driver: usbehci, IRP_MJ_PNP]
Process: System    Address: 0x8aea7500    Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_CREATE]
Process: System    Address: 0x8a3941f8    Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_CREATE_NAMED_PIPE]
Process: System    Address: 0x8a3941f8    Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_CLOSE]
Process: System    Address: 0x8a3941f8    Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_READ]
Process: System    Address: 0x8a3941f8    Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_WRITE]
Process: System    Address: 0x8a3941f8    Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_QUERY_INFORMATION]
Process: System    Address: 0x8a3941f8    Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SET_INFORMATION]
Process: System    Address: 0x8a3941f8    Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_QUERY_EA]
Process: System    Address: 0x8a3941f8    Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SET_EA]
Process: System    Address: 0x8a3941f8    Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_FLUSH_BUFFERS]
Process: System    Address: 0x8a3941f8    Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_QUERY_VOLUME_INFORMATION]
Process: System    Address: 0x8a3941f8    Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SET_VOLUME_INFORMATION]
Process: System    Address: 0x8a3941f8    Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_DIRECTORY_CONTROL]
Process: System    Address: 0x8a3941f8    Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_FILE_SYSTEM_CONTROL]
Process: System    Address: 0x8a3941f8    Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_DEVICE_CONTROL]
Process: System    Address: 0x8a3941f8    Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System    Address: 0x8a3941f8    Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SHUTDOWN]
Process: System    Address: 0x8a3941f8    Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_LOCK_CONTROL]
Process: System    Address: 0x8a3941f8    Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_CLEANUP]
Process: System    Address: 0x8a3941f8    Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_CREATE_MAILSLOT]
Process: System    Address: 0x8a3941f8    Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_QUERY_SECURITY]
Process: System    Address: 0x8a3941f8    Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SET_SECURITY]
Process: System    Address: 0x8a3941f8    Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_POWER]
Process: System    Address: 0x8a3941f8    Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SYSTEM_CONTROL]
Process: System    Address: 0x8a3941f8    Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_DEVICE_CHANGE]
Process: System    Address: 0x8a3941f8    Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_QUERY_QUOTA]
Process: System    Address: 0x8a3941f8    Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SET_QUOTA]
Process: System    Address: 0x8a3941f8    Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_PNP]
Process: System    Address: 0x8a3941f8    Size: 121

Object: Hidden Code [Driver: CdfsЅఆ䵃嗘㠠仠仠䀀Ŧ䀀, IRP_MJ_CREATE]
Process: System    Address: 0x8adc8500    Size: 121

Object: Hidden Code [Driver: CdfsЅఆ䵃嗘㠠仠仠䀀Ŧ䀀, IRP_MJ_CLOSE]
Process: System    Address: 0x8adc8500    Size: 121

Object: Hidden Code [Driver: CdfsЅఆ䵃嗘㠠仠仠䀀Ŧ䀀, IRP_MJ_READ]
Process: System    Address: 0x8adc8500    Size: 121

Object: Hidden Code [Driver: CdfsЅఆ䵃嗘㠠仠仠䀀Ŧ䀀, IRP_MJ_QUERY_INFORMATION]
Process: System    Address: 0x8adc8500    Size: 121

Object: Hidden Code [Driver: CdfsЅఆ䵃嗘㠠仠仠䀀Ŧ䀀, IRP_MJ_SET_INFORMATION]
Process: System    Address: 0x8adc8500    Size: 121

Object: Hidden Code [Driver: CdfsЅఆ䵃嗘㠠仠仠䀀Ŧ䀀, IRP_MJ_QUERY_VOLUME_INFORMATION]
Process: System    Address: 0x8adc8500    Size: 121

Object: Hidden Code [Driver: CdfsЅఆ䵃嗘㠠仠仠䀀Ŧ䀀, IRP_MJ_DIRECTORY_CONTROL]
Process: System    Address: 0x8adc8500    Size: 121

Object: Hidden Code [Driver: CdfsЅఆ䵃嗘㠠仠仠䀀Ŧ䀀, IRP_MJ_FILE_SYSTEM_CONTROL]
Process: System    Address: 0x8adc8500    Size: 121

Object: Hidden Code [Driver: CdfsЅఆ䵃嗘㠠仠仠䀀Ŧ䀀, IRP_MJ_DEVICE_CONTROL]
Process: System    Address: 0x8adc8500    Size: 121

Object: Hidden Code [Driver: CdfsЅఆ䵃嗘㠠仠仠䀀Ŧ䀀, IRP_MJ_SHUTDOWN]
Process: System    Address: 0x8adc8500    Size: 121

Object: Hidden Code [Driver: CdfsЅఆ䵃嗘㠠仠仠䀀Ŧ䀀, IRP_MJ_LOCK_CONTROL]
Process: System    Address: 0x8adc8500    Size: 121

Object: Hidden Code [Driver: CdfsЅఆ䵃嗘㠠仠仠䀀Ŧ䀀, IRP_MJ_CLEANUP]
Process: System    Address: 0x8adc8500    Size: 121

Object: Hidden Code [Driver: CdfsЅఆ䵃嗘㠠仠仠䀀Ŧ䀀, IRP_MJ_PNP]
Process: System    Address: 0x8adc8500    Size: 121

Hidden Services:

Code:

ATTFilter

ROOTREPEAL (c) AD, 2007-2009
==================================================
Scan Start Time:        2010/10/20 17:03
Program Version:        Version 1.3.5.0
Windows Version:        Windows XP SP3
==================================================

Hidden Services
-------------------

kira · 21.10.2010, 12:36

→ besuche die Seite von virustotal und die Datei/en aus Codebox bitte prüfen lassen - inklusive Dateigröße und Name, MD5 und SHA1 auch mitkopieren:
→ Tipps für die Suche nach Dateien

Code:

ATTFilter

C:\fheydbueyj.exe
C:\DOKUME~1\ADMINI~1\LOKALE~1\Temp\Hvh.exe

→ Klicke auf "Durchsuchen"
→ Suche die Datei auf deinem Rechner→ Doppelklick auf die zu prüfende Datei (oder kopiere den Inhalt ab aus der Codebox)
→ "Senden der Datei" und Warte, bis der Scandurchlauf aller Virenscanner beendet ist
→ das Ergebnis wie Du es bekommst (NICHT AUSLASSEN!) da reinkoperen (inklusive <geprüfter Dateiname> + Dateigröße und Name, MD5 und SHA1)

** Beispiel - das zu postende Logfile von Virustotal soll so wie hier aussehen Also nicht auslassen, sondern wie Du es bekommst da reinkopieren!:

Code:

ATTFilter

Datei <hier kommt die Dateiname> empfangen 2009.xx.xx xx:xx:xx (CET)
Antivirus	Version	letzte aktualisierung	Ergebnis
a-squared	4.0.0.73	2009.01.28	-
AhnLab-V3	5.0.0.2	2009.01.28	-
AntiVir	7.9.0.60	2009.01.28	-
Authentium	5.1.0.4	2009.01.27	-

...über 40 Virenscannern...also Geduld!!

p3ng · 21.10.2010, 13:08

Hallo,
die Suche nach der Datei C:\fheydbueyj.exe ergab folgendes:

Code:

ATTFilter

 0 VT Community user(s) with a total of 0 reputation credit(s) say(s) this sample is goodware. 0 VT Community user(s) with a total of 0 reputation credit(s) say(s) this sample is malware.
File name:
config.bin
Submission date:
2010-10-21 11:43:25 (UTC)
Current status:
queued (#1) queued (#1) analysing finished
Result:
0/ 43 (0.0%)
    
VT Community

not reviewed
 Safety score: - 
Compact
Print results
Antivirus     Version     Last Update     Result
AhnLab-V3    2010.10.21.02    2010.10.21    -
AntiVir    7.10.13.13    2010.10.21    -
Antiy-AVL    2.0.3.7    2010.10.21    -
Authentium    5.2.0.5    2010.10.21    -
Avast    4.8.1351.0    2010.10.21    -
Avast5    5.0.594.0    2010.10.21    -
AVG    9.0.0.851    2010.10.21    -
BitDefender    7.2    2010.10.21    -
CAT-QuickHeal    11.00    2010.10.21    -
ClamAV    0.96.2.0-git    2010.10.21    -
Comodo    6463    2010.10.21    -
DrWeb    5.0.2.03300    2010.10.21    -
Emsisoft    5.0.0.50    2010.10.21    -
eSafe    7.0.17.0    2010.10.20    -
eTrust-Vet    36.1.7924    2010.10.21    -
F-Prot    4.6.2.117    2010.10.20    -
F-Secure    9.0.16160.0    2010.10.21    -
Fortinet    4.2.249.0    2010.10.21    -
GData    21    2010.10.21    -
Ikarus    T3.1.1.90.0    2010.10.21    -
Jiangmin    13.0.900    2010.10.21    -
K7AntiVirus    9.66.2798    2010.10.20    -
Kaspersky    7.0.0.125    2010.10.21    -
McAfee    5.400.0.1158    2010.10.21    -
McAfee-GW-Edition    2010.1C    2010.10.21    -
Microsoft    1.6301    2010.10.21    -
NOD32    5550    2010.10.21    -
Norman    6.06.10    2010.10.21    -
nProtect    2010-10-21.01    2010.10.21    -
Panda    10.0.2.7    2010.10.21    -
PCTools    7.0.3.5    2010.10.21    -
Prevx    3.0    2010.10.21    -
Rising    22.70.02.05    2010.10.21    -
Sophos    4.58.0    2010.10.21    -
Sunbelt    7109    2010.10.21    -
SUPERAntiSpyware    4.40.0.1006    2010.10.21    -
Symantec    20101.2.0.161    2010.10.21    -
TheHacker    6.7.0.1.063    2010.10.20    -
TrendMicro    9.120.0.1004    2010.10.21    -
TrendMicro-HouseCall    9.120.0.1004    2010.10.21    -
VBA32    3.12.14.1    2010.10.21    -
ViRobot    2010.10.21.4104    2010.10.21    -
VirusBuster    12.69.9.0    2010.10.20    -
Additional information
Show all
MD5   : cf8424d9769581c43ca09f32ecadba5a
SHA1  : 59abde0f2b08463e5064edeaca5d9855469b7d4c
SHA256: 3301ddda2b6178f599fa380ead9ab82e283badb9436e3910de3a3d4036bc6de3
ssdeep: 3072:/XP+TFpo9Pi+K57mNN+q5Vb9yp7gkzoqLWt:+Fp6PGaR5VbK8rqLO
File size : 124556 bytes
First seen: 2010-10-15 12:47:00
Last seen : 2010-10-21 11:43:25
TrID:
Unknown!
sigcheck:
publisher....: n/a
copyright....: n/a
product......: n/a
description..: n/a
original name: n/a
internal name: n/a
file version.: n/a
comments.....: n/a
signers......: -
signing date.: -
verified.....: Unsigned

VT Community

Die Suche nach der Datei unter folgendem Pfad C:\DOKUME~1\ADMINI~1\LOKALE~1\Temp\Hvh.exe
ergab keine Ergebnisse. ...aber ich glaube die wurde schonmal von Antivir entdeckt und gelöscht. Oder ist sie noch da?

Danke erstmal für die schnelle Reaktion!

kira · 21.10.2010, 13:21

Punkt 2. gemacht?:-> http://www.trojaner-board.de/91967-f...tml#post580137

21.10.2010, 13:21	#4
kira /// Helfer-Team	fheydbueyj.exe im Autostart. Was ist das? Punkt 2. gemacht?:-> http://www.trojaner-board.de/91967-f...tml#post580137

fheydbueyj.exe im Autostart. Was ist das?

Plagegeister aller Art und deren Bekämpfung: fheydbueyj.exe im Autostart. Was ist das?