Trojaner-Board
Seite 2 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   system infiziert? (https://www.trojaner-board.de/86356-system-infiziert.html)

parmenion 23.05.2010 20:55
GMER log:

Code:
GMER 1.0.15.15281 - hxxp://www.gmer.net
Rootkit scan 2010-05-23 21:51:45
Windows 5.1.2600 Service Pack 2
Running: 4myw1nfg.exe; Driver: C:\DOKUME~1\MILENA\LOKALE~1\Temp\afaiikog.sys


---- System - GMER 1.0.15 ----

SSDT            82282630                                                                                                            ZwAssignProcessToJobObject
SSDT            spqr.sys                                                                                                            ZwCreateKey [0xF84230E0]
SSDT            spqr.sys                                                                                                            ZwEnumerateKey [0xF843BDA4]
SSDT            spqr.sys                                                                                                            ZwEnumerateValueKey [0xF843C132]
SSDT            spqr.sys                                                                                                            ZwOpenKey [0xF84230C0]
SSDT            82281A60                                                                                                            ZwOpenProcess
SSDT            82281E80                                                                                                            ZwOpenThread
SSDT            spqr.sys                                                                                                            ZwQueryKey [0xF843C20A]
SSDT            spqr.sys                                                                                                            ZwQueryValueKey [0xF843C08A]
SSDT            spqr.sys                                                                                                            ZwSetValueKey [0xF843C29C]
SSDT            82282460                                                                                                            ZwSuspendProcess
SSDT            82282280                                                                                                            ZwSuspendThread
SSDT            82281C90                                                                                                            ZwTerminateProcess
SSDT            822820B0                                                                                                            ZwTerminateThread

INT 0x62        ?                                                                                                                  823E0BF8
INT 0x63        ?                                                                                                                  81FD7F00
INT 0x82        ?                                                                                                                  823E0BF8
INT 0xA4        ?                                                                                                                  81FD7F00
INT 0xB4        ?                                                                                                                  81FD7F00

---- Kernel code sections - GMER 1.0.15 ----

?              spqr.sys                                                                                                            Das System kann die angegebene Datei nicht finden. !
.text          USBPORT.SYS!DllUnload                                                                                              F7B9F62C 5 Bytes  JMP 81FD74E0
.text          as22tuia.SYS                                                                                                        F7B4E386 35 Bytes  [00, 00, 00, 00, 00, 00, 20, ...]
.text          as22tuia.SYS                                                                                                        F7B4E3AA 24 Bytes  [00, 00, 00, 00, 00, 00, 00, ...]
.text          as22tuia.SYS                                                                                                        F7B4E3C4 3 Bytes  [00, 80, 02]
.text          as22tuia.SYS                                                                                                        F7B4E3C9 1 Byte  [30]
.text          as22tuia.SYS                                                                                                        F7B4E3C9 11 Bytes  [30, 00, 00, 00, 5E, 02, 00, ...] {XOR [EAX], AL; ADD [EAX], AL; POP ESI; ADD AL, [EAX]; ADD [EAX], AL; ADD [EAX], AL}
.text          ...                                                                                                               

---- User code sections - GMER 1.0.15 ----

.text          C:\Programme\Mozilla Firefox\firefox.exe[2704] ntdll.dll!LdrLoadDll                                                7C925CD3 5 Bytes  JMP 004013F0 C:\Programme\Mozilla Firefox\firefox.exe (Firefox/Mozilla Corporation)
.text          C:\Programme\ESET\ESET NOD32 Antivirus\ekrn.exe[4000] kernel32.dll!SetUnhandledExceptionFilter                      7C844915 4 Bytes  [C2, 04, 00, 00]

---- Kernel IAT/EAT - GMER 1.0.15 ----

IAT            \WINXP\System32\Drivers\SCSIPORT.SYS[ntoskrnl.exe!DbgBreakPoint]                                                    823742D8
IAT            pci.sys[ntoskrnl.exe!IoDetachDevice]                                                                                [F844EDDC] spqr.sys
IAT            pci.sys[ntoskrnl.exe!IoAttachDeviceToDeviceStack]                                                                  [F844EE30] spqr.sys
IAT            atapi.sys[HAL.dll!READ_PORT_UCHAR]                                                                                  [F8424042] spqr.sys
IAT            atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT]                                                                          [F842413E] spqr.sys
IAT            atapi.sys[HAL.dll!READ_PORT_USHORT]                                                                                [F84240C0] spqr.sys
IAT            atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT]                                                                        [F8424800] spqr.sys
IAT            atapi.sys[HAL.dll!WRITE_PORT_UCHAR]                                                                                [F84246D6] spqr.sys
IAT            \SystemRoot\system32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR]                                                  [F8433B90] spqr.sys
IAT            \SystemRoot\system32\DRIVERS\USBPORT.SYS[ntoskrnl.exe!DbgBreakPoint]                                                81FD75E0
IAT            \SystemRoot\System32\Drivers\as22tuia.SYS[ntoskrnl.exe!RtlInitUnicodeString]                                        00021483
IAT            \SystemRoot\System32\Drivers\as22tuia.SYS[ntoskrnl.exe!swprintf]                                                    01B05E00
IAT            \SystemRoot\System32\Drivers\as22tuia.SYS[ntoskrnl.exe!KeSetEvent]                                                  5DE58B5B
IAT            \SystemRoot\System32\Drivers\as22tuia.SYS[ntoskrnl.exe!IoCreateSymbolicLink]                                        7E8366C3
IAT            \SystemRoot\System32\Drivers\as22tuia.SYS[ntoskrnl.exe!IoGetConfigurationInformation]                              0F740028
IAT            \SystemRoot\System32\Drivers\as22tuia.SYS[ntoskrnl.exe!IoDeleteSymbolicLink]                                        89320C8D
IAT            \SystemRoot\System32\Drivers\as22tuia.SYS[ntoskrnl.exe!MmFreeMappingAddress]                                        00022C8B
IAT            \SystemRoot\System32\Drivers\as22tuia.SYS[ntoskrnl.exe!IoFreeErrorLogEntry]                                        46B70F00
IAT            \SystemRoot\System32\Drivers\as22tuia.SYS[ntoskrnl.exe!IoDisconnectInterrupt]                                      66D00328
IAT            \SystemRoot\System32\Drivers\as22tuia.SYS[ntoskrnl.exe!MmUnmapIoSpace]                                              002A7E83
IAT            \SystemRoot\System32\Drivers\as22tuia.SYS[ntoskrnl.exe!ObReferenceObjectByPointer]                                  0C8D1574
IAT            \SystemRoot\System32\Drivers\as22tuia.SYS[ntoskrnl.exe!IofCompleteRequest]                                          288B8932
IAT            \SystemRoot\System32\Drivers\as22tuia.SYS[ntoskrnl.exe!RtlCompareUnicodeString]                                    0F000002
IAT            \SystemRoot\System32\Drivers\as22tuia.SYS[ntoskrnl.exe!IofCallDriver]                                              832A46B7
IAT            \SystemRoot\System32\Drivers\as22tuia.SYS[ntoskrnl.exe!MmAllocateMappingAddress]                                    E08303C0
IAT            \SystemRoot\System32\Drivers\as22tuia.SYS[ntoskrnl.exe!IoAllocateErrorLogEntry]                                    66D003FC
IAT            \SystemRoot\System32\Drivers\as22tuia.SYS[ntoskrnl.exe!IoConnectInterrupt]                                          002C7E83
IAT            \SystemRoot\System32\Drivers\as22tuia.SYS[ntoskrnl.exe!IoDetachDevice]                                              0C8D1E74
IAT            \SystemRoot\System32\Drivers\as22tuia.SYS[ntoskrnl.exe!KeWaitForSingleObject]                                      248B8932
IAT            \SystemRoot\System32\Drivers\as22tuia.SYS[ntoskrnl.exe!KeInitializeEvent]                                          8A000002
IAT            \SystemRoot\System32\Drivers\as22tuia.SYS[ntoskrnl.exe!RtlAnsiStringToUnicodeString]                                83880846
IAT            \SystemRoot\System32\Drivers\as22tuia.SYS[ntoskrnl.exe!RtlInitAnsiString]                                          000001C4
IAT            \SystemRoot\System32\Drivers\as22tuia.SYS[ntoskrnl.exe!IoBuildDeviceIoControlRequest]                              2C4EB70F
IAT            \SystemRoot\System32\Drivers\as22tuia.SYS[ntoskrnl.exe!IoQueueWorkItem]                                            8303C183
IAT            \SystemRoot\System32\Drivers\as22tuia.SYS[ntoskrnl.exe!MmMapIoSpace]                                                D103FCE1
IAT            \SystemRoot\System32\Drivers\as22tuia.SYS[ntoskrnl.exe!IoInvalidateDeviceRelations]                                2E7E8366
IAT            \SystemRoot\System32\Drivers\as22tuia.SYS[ntoskrnl.exe!IoReportDetectedDevice]                                      8D1C7400
IAT            \SystemRoot\System32\Drivers\as22tuia.SYS[ntoskrnl.exe!IoReportResourceForDetection]                                83893204
IAT            \SystemRoot\System32\Drivers\as22tuia.SYS[ntoskrnl.exe!RtlxAnsiStringToUnicodeSize]                                0000021C
IAT            \SystemRoot\System32\Drivers\as22tuia.SYS[ntoskrnl.exe!NlsMbCodePageTag]                                            2E4EB70F
IAT            \SystemRoot\System32\Drivers\as22tuia.SYS[ntoskrnl.exe!PoRequestPowerIrp]                                          02208B89
IAT            \SystemRoot\System32\Drivers\as22tuia.SYS[ntoskrnl.exe!KeInsertByKeyDeviceQueue]                                    B70F0000
IAT            \SystemRoot\System32\Drivers\as22tuia.SYS[ntoskrnl.exe!PoRegisterDeviceForIdleDetection]                            E0C12E46
IAT            \SystemRoot\System32\Drivers\as22tuia.SYS[ntoskrnl.exe!sprintf]                                                    03D00304
IAT            \SystemRoot\System32\Drivers\as22tuia.SYS[ntoskrnl.exe!MmMapLockedPagesSpecifyCache]                                10B389F2
IAT            \SystemRoot\System32\Drivers\as22tuia.SYS[ntoskrnl.exe!ObfDereferenceObject]                                        80000002
IAT            \SystemRoot\System32\Drivers\as22tuia.SYS[ntoskrnl.exe!IoGetAttachedDeviceReference]                                0975013E
IAT            \SystemRoot\System32\Drivers\as22tuia.SYS[ntoskrnl.exe!IoInvalidateDeviceState]                                    1BD2E853
IAT            \SystemRoot\System32\Drivers\as22tuia.SYS[ntoskrnl.exe!ZwClose]                                                    C4830000
IAT            \SystemRoot\System32\Drivers\as22tuia.SYS[ntoskrnl.exe!ObReferenceObjectByHandle]                                  B05E5F04
IAT            \SystemRoot\System32\Drivers\as22tuia.SYS[ntoskrnl.exe!ZwCreateDirectoryObject]                                    E58B5B01
IAT            \SystemRoot\System32\Drivers\as22tuia.SYS[ntoskrnl.exe!IoBuildSynchronousFsdRequest]                                CCCCC35D
IAT            \SystemRoot\System32\Drivers\as22tuia.SYS[ntoskrnl.exe!PoStartNextPowerIrp]                                        CCCCCCCC
IAT            \SystemRoot\System32\Drivers\as22tuia.SYS[ntoskrnl.exe!PoCallDriver]                                                53EC8B55
IAT            \SystemRoot\System32\Drivers\as22tuia.SYS[ntoskrnl.exe!IoCreateDevice]                                              08758B56
IAT            \SystemRoot\System32\Drivers\as22tuia.SYS[ntoskrnl.exe!IoAllocateDriverObjectExtension]                            0218BE83
IAT            \SystemRoot\System32\Drivers\as22tuia.SYS[ntoskrnl.exe!RtlQueryRegistryValues]                                      57000000
IAT            \SystemRoot\System32\Drivers\as22tuia.SYS[ntoskrnl.exe!ZwOpenKey]                                                  45C60674
IAT            \SystemRoot\System32\Drivers\as22tuia.SYS[ntoskrnl.exe!RtlFreeUnicodeString]                                        1EEB010B
IAT            \SystemRoot\System32\Drivers\as22tuia.SYS[ntoskrnl.exe!IoStartTimer]                                                0210868B
IAT            \SystemRoot\System32\Drivers\as22tuia.SYS[ntoskrnl.exe!KeInitializeTimer]                                          C0850000
IAT            \SystemRoot\System32\Drivers\as22tuia.SYS[ntoskrnl.exe!IoInitializeTimer]                                          808A1074
IAT            \SystemRoot\System32\Drivers\as22tuia.SYS[ntoskrnl.exe!KeInitializeDpc]                                            00000804
IAT            \SystemRoot\System32\Drivers\as22tuia.SYS[ntoskrnl.exe!KeInitializeSpinLock]                                        A03CF024
IAT            \SystemRoot\System32\Drivers\as22tuia.SYS[ntoskrnl.exe!IoInitializeIrp]                                            0B45950F
IAT            \SystemRoot\System32\Drivers\as22tuia.SYS[ntoskrnl.exe!ZwCreateKey]                                                45C604EB
IAT            \SystemRoot\System32\Drivers\as22tuia.SYS[ntoskrnl.exe!RtlAppendUnicodeStringToString]                              458A000B
IAT            \SystemRoot\System32\Drivers\as22tuia.SYS[ntoskrnl.exe!RtlIntegerToUnicodeString]                                  88C0840B
IAT            \SystemRoot\System32\Drivers\as22tuia.SYS[ntoskrnl.exe!ZwSetValueKey]                                              840F0946
IAT            \SystemRoot\System32\Drivers\as22tuia.SYS[ntoskrnl.exe!KeInsertQueueDpc]                                            000000C1
IAT            \SystemRoot\System32\Drivers\as22tuia.SYS[ntoskrnl.exe!KefAcquireSpinLockAtDpcLevel]                                14B30E8B
IAT            \SystemRoot\System32\Drivers\as22tuia.SYS[ntoskrnl.exe!IoStartPacket]                                              1C8A86C6
IAT            \SystemRoot\System32\Drivers\as22tuia.SYS[ntoskrnl.exe!KefReleaseSpinLockFromDpcLevel]                              88010000
IAT            \SystemRoot\System32\Drivers\as22tuia.SYS[ntoskrnl.exe!IoBuildAsynchronousFsdRequest]                              001C8D9E
IAT            \SystemRoot\System32\Drivers\as22tuia.SYS[ntoskrnl.exe!IoFreeMdl]                                                  A99E8800
IAT            \SystemRoot\System32\Drivers\as22tuia.SYS[ntoskrnl.exe!MmUnlockPages]                                              C600001C
IAT            \SystemRoot\System32\Drivers\as22tuia.SYS[ntoskrnl.exe!IoWriteErrorLogEntry]                                        001C8E86
IAT            \SystemRoot\System32\Drivers\as22tuia.SYS[ntoskrnl.exe!KeRemoveByKeyDeviceQueue]                                    86C60100
IAT            \SystemRoot\System32\Drivers\as22tuia.SYS[ntoskrnl.exe!MmMapLockedPagesWithReservedMapping]                        00001CAA
IAT            \SystemRoot\System32\Drivers\as22tuia.SYS[ntoskrnl.exe!MmUnmapReservedMapping]                                      70518B01
IAT            \SystemRoot\System32\Drivers\as22tuia.SYS[ntoskrnl.exe!KeSynchronizeExecution]                                      8D52006A
IAT            \SystemRoot\System32\Drivers\as22tuia.SYS[ntoskrnl.exe!IoStartNextPacket]                                          001C9086
IAT            \SystemRoot\System32\Drivers\as22tuia.SYS[ntoskrnl.exe!KeBugCheckEx]                                                E5E85000
IAT            \SystemRoot\System32\Drivers\as22tuia.SYS[ntoskrnl.exe!KeRemoveDeviceQueue]                                        8B000023
IAT            \SystemRoot\System32\Drivers\as22tuia.SYS[ntoskrnl.exe!KeSetTimer]                                                  70518B0E
IAT            \SystemRoot\System32\Drivers\as22tuia.SYS[ntoskrnl.exe!KeCancelTimer]                                              8D52016A
IAT            \SystemRoot\System32\Drivers\as22tuia.SYS[ntoskrnl.exe!_allmul]                                                    001CAC86
IAT            \SystemRoot\System32\Drivers\as22tuia.SYS[ntoskrnl.exe!MmProbeAndLockPages]                                        D1E85000
IAT            \SystemRoot\System32\Drivers\as22tuia.SYS[ntoskrnl.exe!_except_handler3]                                            8B000023
IAT            \SystemRoot\System32\Drivers\as22tuia.SYS[ntoskrnl.exe!PoSetPowerState]                                            18C4830E
IAT            \SystemRoot\System32\Drivers\as22tuia.SYS[ntoskrnl.exe!IoOpenDeviceRegistryKey]                                    1C959E88
IAT            \SystemRoot\System32\Drivers\as22tuia.SYS[ntoskrnl.exe!RtlWriteRegistryValue]                                      9E880000
IAT            \SystemRoot\System32\Drivers\as22tuia.SYS[ntoskrnl.exe!_aulldiv]                                                    00001CB1
IAT            \SystemRoot\System32\Drivers\as22tuia.SYS[ntoskrnl.exe!strstr]                                                      0E798366
IAT            \SystemRoot\System32\Drivers\as22tuia.SYS[ntoskrnl.exe!_strupr]                                                    74AAB000
IAT            \SystemRoot\System32\Drivers\as22tuia.SYS[ntoskrnl.exe!KeQuerySystemTime]                                          8986C636
IAT            \SystemRoot\System32\Drivers\as22tuia.SYS[ntoskrnl.exe!IoWMIRegistrationControl]                                    1A00001C
IAT            \SystemRoot\System32\Drivers\as22tuia.SYS[ntoskrnl.exe!KeTickCount]                                                1C8B86C6
IAT            \SystemRoot\System32\Drivers\as22tuia.SYS[ntoskrnl.exe!IoAttachDeviceToDeviceStack]                                C6020000
IAT            \SystemRoot\System32\Drivers\as22tuia.SYS[ntoskrnl.exe!IoDeleteDevice]                                              001C9686
IAT            \SystemRoot\System32\Drivers\as22tuia.SYS[ntoskrnl.exe!ExAllocatePoolWithTag]                                      86C60200
IAT            \SystemRoot\System32\Drivers\as22tuia.SYS[ntoskrnl.exe!IoAllocateWorkItem]                                          00001CB2
IAT            \SystemRoot\System32\Drivers\as22tuia.SYS[ntoskrnl.exe!IoAllocateIrp]                                              9D9E8802
IAT            \SystemRoot\System32\Drivers\as22tuia.SYS[ntoskrnl.exe!IoAllocateMdl]                                              8800001C
IAT            \SystemRoot\System32\Drivers\as22tuia.SYS[ntoskrnl.exe!MmBuildMdlForNonPagedPool]                                  001CB99E
IAT            \SystemRoot\System32\Drivers\as22tuia.SYS[ntoskrnl.exe!MmLockPagableDataSection]                                    9E868800
IAT            \SystemRoot\System32\Drivers\as22tuia.SYS[ntoskrnl.exe!IoGetDriverObjectExtension]                                  8800001C
IAT            \SystemRoot\System32\Drivers\as22tuia.SYS[ntoskrnl.exe!MmUnlockPagableImageSection]                                001CBA86
IAT            \SystemRoot\System32\Drivers\as22tuia.SYS[ntoskrnl.exe!ExFreePoolWithTag]                                          C61AEB00
IAT            \SystemRoot\System32\Drivers\as22tuia.SYS[ntoskrnl.exe!IoFreeIrp]                                                  001C8986
IAT            \SystemRoot\System32\Drivers\as22tuia.SYS[ntoskrnl.exe!IoFreeWorkItem]                                              86C61200
IAT            \SystemRoot\System32\Drivers\as22tuia.SYS[ntoskrnl.exe!InitSafeBootMode]                                            00001C8B
IAT            \SystemRoot\System32\Drivers\as22tuia.SYS[ntoskrnl.exe!RtlCompareMemory]                                            96868801
IAT            \SystemRoot\System32\Drivers\as22tuia.SYS[ntoskrnl.exe!RtlCopyUnicodeString]                                        8800001C
IAT            \SystemRoot\System32\Drivers\as22tuia.SYS[ntoskrnl.exe!memmove]                                                    001CB286
IAT            \SystemRoot\System32\Drivers\as22tuia.SYS[ntoskrnl.exe!MmHighestUserAddress]                                        88968B00
IAT            \SystemRoot\System32\Drivers\as22tuia.SYS[HAL.dll!KfAcquireSpinLock]                                                0C8D1C46
IAT            \SystemRoot\System32\Drivers\as22tuia.SYS[HAL.dll!READ_PORT_UCHAR]                                                  B48B8932
IAT            \SystemRoot\System32\Drivers\as22tuia.SYS[HAL.dll!KeGetCurrentIrql]                                                89000001
IAT            \SystemRoot\System32\Drivers\as22tuia.SYS[HAL.dll!KfRaiseIrql]                                                      0001C083
IAT            \SystemRoot\System32\Drivers\as22tuia.SYS[HAL.dll!KfLowerIrql]                                                      24468B00
IAT            \SystemRoot\System32\Drivers\as22tuia.SYS[HAL.dll!HalGetInterruptVector]                                            89820C8D
IAT            \SystemRoot\System32\Drivers\as22tuia.SYS[HAL.dll!HalTranslateBusAddress]                                          D18BF84D
IAT            \SystemRoot\System32\Drivers\as22tuia.SYS[HAL.dll!KeStallExecutionProcessor]                                        860F1639
IAT            \SystemRoot\System32\Drivers\as22tuia.SYS[HAL.dll!KfReleaseSpinLock]                                                000000BD
IAT            \SystemRoot\System32\Drivers\as22tuia.SYS[HAL.dll!READ_PORT_BUFFER_USHORT]                                          020CB389
IAT            \SystemRoot\System32\Drivers\as22tuia.SYS[HAL.dll!READ_PORT_USHORT]                                                83660000
IAT            \SystemRoot\System32\Drivers\as22tuia.SYS[HAL.dll!WRITE_PORT_BUFFER_USHORT]                                        7400067E
IAT            \SystemRoot\System32\Drivers\as22tuia.SYS[HAL.dll!WRITE_PORT_UCHAR]                                                89D60320
IAT            \SystemRoot\System32\Drivers\as22tuia.SYS[WMILIB.SYS!WmiSystemControl]                                              8D168B00
IAT            \SystemRoot\System32\Drivers\as22tuia.SYS[WMILIB.SYS!WmiCompleteRequest]                                            F0003284

---- Devices - GMER 1.0.15 ----

Device          \FileSystem\Ntfs \Ntfs                                                                                              823DF1F8

AttachedDevice  \FileSystem\Ntfs \Ntfs                                                                                              eamon.sys (Amon monitor/ESET)

Device          \Driver\sptd \Device\4227874988                                                                                    spqr.sys
Device          \Driver\usbohci \Device\USBPDO-0                                                                                    81FCD1F8
Device          \Driver\dmio \Device\DmControl\DmIoDaemon                                                                          823721F8
Device          \Driver\dmio \Device\DmControl\DmConfig                                                                            823721F8
Device          \Driver\dmio \Device\DmControl\DmPnP                                                                                823721F8
Device          \Driver\dmio \Device\DmControl\DmInfo                                                                              823721F8
Device          \Driver\usbohci \Device\USBPDO-1                                                                                    81FCD1F8
Device          \Driver\PCI_PNP2488 \Device\00000039                                                                                spqr.sys
Device          \Driver\usbehci \Device\USBPDO-2                                                                                    8218A1F8

AttachedDevice  \Driver\Tcpip \Device\Tcp                                                                                          epfwtdir.sys (ESET Antivirus Network Redirector/ESET)

Device          \Driver\Ftdisk \Device\HarddiskVolume1                                                                              823E11F8
Device          \Driver\Cdrom \Device\CdRom0                                                                                        822311F8
Device          \Driver\Cdrom \Device\CdRom1                                                                                        822311F8
Device          \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-17                                                                        823E01F8
Device          \Driver\atapi \Device\Ide\IdePort0                                                                                  823E01F8
Device          \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3                                                                        823E01F8
Device          \Driver\atapi \Device\Ide\IdePort1                                                                                  823E01F8
Device          \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-f                                                                        823E01F8
Device          \Driver\Cdrom \Device\CdRom2                                                                                        822311F8
Device          \Driver\NetBT \Device\NetBt_Wins_Export                                                                            821361F8
Device          \Driver\NetBT \Device\NetbiosSmb                                                                                    821361F8
Device          \Driver\usbohci \Device\USBFDO-0                                                                                    81FCD1F8
Device          \Driver\usbohci \Device\USBFDO-1                                                                                    81FCD1F8
Device          \FileSystem\MRxSmb \Device\LanmanDatagramReceiver                                                                  821B11F8
Device          \Driver\usbehci \Device\USBFDO-2                                                                                    8218A1F8
Device          \FileSystem\MRxSmb \Device\LanmanRedirector                                                                        821B11F8
Device          \Driver\Ftdisk \Device\FtControl                                                                                    823E11F8
Device          \Driver\NetBT \Device\NetBT_Tcpip_{D20F6B86-A4AE-4242-B9E1-450432B7378F}                                            821361F8
Device          \Driver\as22tuia \Device\Scsi\as22tuia1Port2Path0Target0Lun0                                                        8211F1F8
Device          \Driver\as22tuia \Device\Scsi\as22tuia1                                                                            8211F1F8
Device          \FileSystem\Cdfs \Cdfs                                                                                              81FCE1F8

---- Threads - GMER 1.0.15 ----

Thread          System [4:3876]                                                                                                    82280790

---- Registry - GMER 1.0.15 ----

Reg            HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1                                                                  771343423
Reg            HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2                                                                  285507792
Reg            HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0                                                                  1
Reg            HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC                                   
Reg            HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0                                C:\Programme\DAEMON Tools Lite\
Reg            HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0                                0x00 0x00 0x00 0x00 ...
Reg            HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0                                0
Reg            HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12                              0xA9 0x25 0xB5 0x6E ...
Reg            HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001                         
Reg            HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0                        0x20 0x01 0x00 0x00 ...
Reg            HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12                    0xBE 0x9C 0xE9 0x14 ...
Reg            HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0                     
Reg            HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12                0xD4 0x2A 0x97 0x2D ...
Reg            HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)               
Reg            HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0                                    C:\Programme\DAEMON Tools Lite\
Reg            HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0                                    0x00 0x00 0x00 0x00 ...
Reg            HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0                                    0
Reg            HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12                                  0x54 0x27 0x31 0x30 ...
Reg            HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)     
Reg            HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0                            0x20 0x01 0x00 0x00 ...
Reg            HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12                        0xBE 0x9C 0xE9 0x14 ...
Reg            HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet) 
Reg            HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12                    0xD4 0x2A 0x97 0x2D ...

---- EOF - GMER 1.0.15 ----

MalwareHero 23.05.2010 21:38
Lade dir rootrepeal runter:
http://ad13.geekstogo.com/RootRepeal.zip

Alle Programme schliessen
rootrepeal entpacken, klicke "rootrepeal.exe" gehe unten auf der Leiste auf "Report" klicke "Scan" klicke alle Scankästchen/alternativen an, klicke C:\. >scan. Speichere das Log nach dem Scan ab und kopiere es hier rein.

parmenion 23.05.2010 22:01
rootrepeal log:

Zitat:
ROOTREPEAL (c) AD, 2007-2009
==================================================
Scan Start Time: 2010/05/23 22:57
Program Version: Version 1.3.5.0
Windows Version: Windows XP SP2
==================================================

Drivers
-------------------
Name: ACPI.sys
Image Path: ACPI.sys
Address: 0xF83DB000 Size: 188800 File Visible: - Signed: -
Status: -

Name: ACPI_HAL
Image Path: \Driver\ACPI_HAL
Address: 0x804D7000 Size: 2189184 File Visible: - Signed: -
Status: -

Name: afaiikog.sys
Image Path: C:\DOKUME~1\MIRIAM\LOKALE~1\Temp\afaiikog.sys
Address: 0xBA124000 Size: 93056 File Visible: No Signed: -
Status: -

Name: AFD
Image Path: \Driver\AFD
Address: 0xF886E000 Size: 26624 File Visible: No Signed: -
Status: Hidden from the Windows API!

Name: afd.sys
Image Path: C:\WINXP\System32\drivers\afd.sys
Address: 0xEB8DE000 Size: 138368 File Visible: - Signed: -
Status: -

Name: amdk7.sys
Image Path: C:\WINXP\system32\DRIVERS\amdk7.sys
Address: 0xF8726000 Size: 41472 File Visible: - Signed: -
Status: -

Name: as22tuia.SYS
Image Path: C:\WINXP\System32\Drivers\as22tuia.SYS
Address: 0xF7B4E000 Size: 233472 File Visible: - Signed: -
Status: -

Name: atapi.sys
Image Path: atapi.sys
Address: 0xF836D000 Size: 98304 File Visible: - Signed: -
Status: -

Name: atapi.sys
Image Path: atapi.sys
Address: 0x00000000 Size: 0 File Visible: - Signed: -
Status: -

Name: ati2dvag.dll
Image Path: C:\WINXP\System32\ati2dvag.dll
Address: 0xBF9D8000 Size: 389120 File Visible: - Signed: -
Status: -

Name: ati2mtag.sys
Image Path: C:\WINXP\system32\DRIVERS\ati2mtag.sys
Address: 0xF7C74000 Size: 720896 File Visible: - Signed: -
Status: -

Name: ati3d2ag.dll
Image Path: C:\WINXP\System32\ati3d2ag.dll
Address: 0xBFA37000 Size: 1048576 File Visible: - Signed: -
Status: -

Name: ATMFD.DLL
Image Path: C:\WINXP\System32\ATMFD.DLL
Address: 0xBFFA0000 Size: 286720 File Visible: - Signed: -
Status: -

Name: audstub.sys
Image Path: C:\WINXP\system32\DRIVERS\audstub.sys
Address: 0xF8BF6000 Size: 3072 File Visible: - Signed: -
Status: -

Name: Beep.SYS
Image Path: C:\WINXP\System32\Drivers\Beep.SYS
Address: 0xF8A7A000 Size: 4224 File Visible: - Signed: -
Status: -

Name: BOOTVID.dll
Image Path: C:\WINXP\system32\BOOTVID.dll
Address: 0xF8946000 Size: 12288 File Visible: - Signed: -
Status: -

Name: Cdfs.SYS
Image Path: C:\WINXP\System32\Drivers\Cdfs.SYS
Address: 0xF86A6000 Size: 63744 File Visible: - Signed: -
Status: -

Name: cdrom.sys
Image Path: C:\WINXP\system32\DRIVERS\cdrom.sys
Address: 0xF8746000 Size: 49536 File Visible: - Signed: -
Status: -

Name: CLASSPNP.SYS
Image Path: C:\WINXP\system32\DRIVERS\CLASSPNP.SYS
Address: 0xF8576000 Size: 53248 File Visible: - Signed: -
Status: -

Name: cmuda.sys
Image Path: C:\WINXP\system32\drivers\cmuda.sys
Address: 0xF7BCE000 Size: 451520 File Visible: - Signed: -
Status: -

Name: disk.sys
Image Path: disk.sys
Address: 0xF8566000 Size: 36352 File Visible: - Signed: -
Status: -

Name: dmio.sys
Image Path: dmio.sys
Address: 0xF8385000 Size: 154112 File Visible: - Signed: -
Status: -

Name: dmload.sys
Image Path: dmload.sys
Address: 0xF8A3A000 Size: 5888 File Visible: - Signed: -
Status: -

Name: drmk.sys
Image Path: C:\WINXP\system32\drivers\drmk.sys
Address: 0xF8776000 Size: 61440 File Visible: - Signed: -
Status: -

Name: dump_atapi.sys
Image Path: C:\WINXP\System32\Drivers\dump_atapi.sys
Address: 0xF81E7000 Size: 98304 File Visible: No Signed: -
Status: -

Name: dump_WMILIB.SYS
Image Path: C:\WINXP\System32\Drivers\dump_WMILIB.SYS
Address: 0xF8A84000 Size: 8192 File Visible: No Signed: -
Status: -

Name: Dxapi.sys
Image Path: C:\WINXP\System32\drivers\Dxapi.sys
Address: 0xEB9B4000 Size: 12288 File Visible: - Signed: -
Status: -

Name: dxg.sys
Image Path: C:\WINXP\System32\drivers\dxg.sys
Address: 0xBF9C6000 Size: 73728 File Visible: - Signed: -
Status: -

Name: dxgthk.sys
Image Path: C:\WINXP\System32\drivers\dxgthk.sys
Address: 0xF8B1D000 Size: 4096 File Visible: - Signed: -
Status: -

Name: eamon.sys
Image Path: C:\WINXP\system32\DRIVERS\eamon.sys
Address: 0xBA1ED000 Size: 770048 File Visible: - Signed: -
Status: -

Name: ehdrv.sys
Image Path: C:\WINXP\system32\DRIVERS\ehdrv.sys
Address: 0xBA3B4000 Size: 118784 File Visible: - Signed: -
Status: -

Name: epfwtdir.sys
Image Path: C:\WINXP\system32\DRIVERS\epfwtdir.sys
Address: 0xBA2D3000 Size: 102400 File Visible: - Signed: -
Status: -

Name: fdc.sys
Image Path: C:\WINXP\system32\DRIVERS\fdc.sys
Address: 0xF88C6000 Size: 27392 File Visible: - Signed: -
Status: -

Name: Fips.SYS
Image Path: C:\WINXP\System32\Drivers\Fips.SYS
Address: 0xF8666000 Size: 35072 File Visible: - Signed: -
Status: -

Name: fltMgr.sys
Image Path: fltMgr.sys
Address: 0xF834D000 Size: 128768 File Visible: - Signed: -
Status: -

Name: Fs_Rec.SYS
Image Path: C:\WINXP\System32\Drivers\Fs_Rec.SYS
Address: 0xF8A78000 Size: 7936 File Visible: - Signed: -
Status: -

Name: ftdisk.sys
Image Path: ftdisk.sys
Address: 0xF83AB000 Size: 126336 File Visible: - Signed: -
Status: -

Name: gagp30kx.sys
Image Path: gagp30kx.sys
Address: 0xF8586000 Size: 46464 File Visible: - Signed: -
Status: -

Name: gameenum.sys
Image Path: C:\WINXP\system32\DRIVERS\gameenum.sys
Address: 0xF8227000 Size: 10624 File Visible: - Signed: -
Status: -

Name: GEARAspiWDM.sys
Image Path: C:\WINXP\system32\DRIVERS\GEARAspiWDM.sys
Address: 0xF883E000 Size: 21120 File Visible: - Signed: -
Status: -

Name: hal.dll
Image Path: C:\WINXP\system32\hal.dll
Address: 0x806EE000 Size: 131968 File Visible: - Signed: -
Status: -

Name: HIDCLASS.SYS
Image Path: C:\WINXP\system32\DRIVERS\HIDCLASS.SYS
Address: 0xF8696000 Size: 36864 File Visible: - Signed: -
Status: -

Name: HIDPARSE.SYS
Image Path: C:\WINXP\system32\DRIVERS\HIDPARSE.SYS
Address: 0xF893E000 Size: 28672 File Visible: - Signed: -
Status: -

Name: hidusb.sys
Image Path: C:\WINXP\system32\DRIVERS\hidusb.sys
Address: 0xEB9D4000 Size: 9600 File Visible: - Signed: -
Status: -

Name: HTTP.sys
Image Path: C:\WINXP\System32\Drivers\HTTP.sys
Address: 0xBA8D3000 Size: 265728 File Visible: - Signed: -
Status: -

Name: i8042prt.sys
Image Path: C:\WINXP\system32\DRIVERS\i8042prt.sys
Address: 0xF8736000 Size: 53248 File Visible: - Signed: -
Status: -

Name: imapi.sys
Image Path: C:\WINXP\system32\DRIVERS\imapi.sys
Address: 0xF8766000 Size: 41856 File Visible: - Signed: -
Status: -

Name: ipnat.sys
Image Path: C:\WINXP\system32\DRIVERS\ipnat.sys
Address: 0xEB822000 Size: 134912 File Visible: - Signed: -
Status: -

Name: ipsec.sys
Image Path: C:\WINXP\system32\DRIVERS\ipsec.sys
Address: 0xEB981000 Size: 74752 File Visible: - Signed: -
Status: -

Name: isapnp.sys
Image Path: isapnp.sys
Address: 0xF8536000 Size: 36224 File Visible: - Signed: -
Status: -

Name: kbdclass.sys
Image Path: C:\WINXP\system32\DRIVERS\kbdclass.sys
Address: 0xF8836000 Size: 25216 File Visible: - Signed: -
Status: -

Name: KDCOM.DLL
Image Path: C:\WINXP\system32\KDCOM.DLL
Address: 0xF8A36000 Size: 8192 File Visible: - Signed: -
Status: -

Name: kmixer.sys
Image Path: C:\WINXP\system32\drivers\kmixer.sys
Address: 0xBA13B000 Size: 171776 File Visible: - Signed: -
Status: -

Name: ks.sys
Image Path: C:\WINXP\system32\DRIVERS\ks.sys
Address: 0xF7C3D000 Size: 143360 File Visible: - Signed: -
Status: -

Name: KSecDD.sys
Image Path: KSecDD.sys
Address: 0xF8324000 Size: 92544 File Visible: - Signed: -
Status: -

Name: mbamswissarmy.sys
Image Path: C:\WINXP\system32\drivers\mbamswissarmy.sys
Address: 0xF888E000 Size: 32768 File Visible: - Signed: -
Status: -

Name: mnmdd.SYS
Image Path: C:\WINXP\System32\Drivers\mnmdd.SYS
Address: 0xF8A7C000 Size: 4224 File Visible: - Signed: -
Status: -

Name: mouclass.sys
Image Path: C:\WINXP\system32\DRIVERS\mouclass.sys
Address: 0xF88E6000 Size: 23552 File Visible: - Signed: -
Status: -

Name: mouhid.sys
Image Path: C:\WINXP\system32\DRIVERS\mouhid.sys
Address: 0xEB9D0000 Size: 12288 File Visible: - Signed: -
Status: -

Name: MountMgr.sys
Image Path: MountMgr.sys
Address: 0xF8546000 Size: 42240 File Visible: - Signed: -
Status: -

Name: mrxdav.sys
Image Path: C:\WINXP\system32\DRIVERS\mrxdav.sys
Address: 0xF7DD5000 Size: 181248 File Visible: - Signed: -
Status: -

Name: mrxsmb.sys
Image Path: C:\WINXP\system32\DRIVERS\mrxsmb.sys
Address: 0xEB843000 Size: 457216 File Visible: - Signed: -
Status: -

Name: Msfs.SYS
Image Path: C:\WINXP\System32\Drivers\Msfs.SYS
Address: 0xF890E000 Size: 19072 File Visible: - Signed: -
Status: -

Name: msgpc.sys
Image Path: C:\WINXP\system32\DRIVERS\msgpc.sys
Address: 0xF85D6000 Size: 35072 File Visible: - Signed: -
Status: -

Name: mssmbios.sys
Image Path: C:\WINXP\system32\DRIVERS\mssmbios.sys
Address: 0xF8207000 Size: 15488 File Visible: - Signed: -
Status: -

Name: Mup.sys
Image Path: Mup.sys
Address: 0xF824F000 Size: 107904 File Visible: - Signed: -
Status: -

Name: NDIS.sys
Image Path: NDIS.sys
Address: 0xF826A000 Size: 182912 File Visible: - Signed: -
Status: -

Name: ndistapi.sys
Image Path: C:\WINXP\system32\DRIVERS\ndistapi.sys
Address: 0xF8223000 Size: 9600 File Visible: - Signed: -
Status: -

Name: ndisuio.sys
Image Path: C:\WINXP\system32\DRIVERS\ndisuio.sys
Address: 0xF8113000 Size: 12928 File Visible: - Signed: -
Status: -

Name: ndiswan.sys
Image Path: C:\WINXP\system32\DRIVERS\ndiswan.sys
Address: 0xF7B12000 Size: 91776 File Visible: - Signed: -
Status: -

Name: NDProxy.SYS
Image Path: C:\WINXP\System32\Drivers\NDProxy.SYS
Address: 0xF8626000 Size: 38016 File Visible: - Signed: -
Status: -

Name: netbios.sys
Image Path: C:\WINXP\system32\DRIVERS\netbios.sys
Address: 0xF8656000 Size: 34560 File Visible: - Signed: -
Status: -

Name: netbt.sys
Image Path: C:\WINXP\system32\DRIVERS\netbt.sys
Address: 0xEB900000 Size: 162816 File Visible: - Signed: -
Status: -

Name: Npfs.SYS
Image Path: C:\WINXP\System32\Drivers\Npfs.SYS
Address: 0xF8916000 Size: 30848 File Visible: - Signed: -
Status: -

Name: Ntfs.sys
Image Path: Ntfs.sys
Address: 0xF8297000 Size: 574976 File Visible: - Signed: -
Status: -

Name: ntoskrnl.exe
Image Path: C:\WINXP\system32\ntoskrnl.exe
Address: 0x804D7000 Size: 2189184 File Visible: - Signed: -
Status: -

Name: Null.SYS
Image Path: C:\WINXP\System32\Drivers\Null.SYS
Address: 0xF8C4D000 Size: 2944 File Visible: - Signed: -
Status: -

Name: parport.sys
Image Path: C:\WINXP\system32\DRIVERS\parport.sys
Address: 0xF7B29000 Size: 80384 File Visible: - Signed: -
Status: -

Name: PartMgr.sys
Image Path: PartMgr.sys
Address: 0xF87BE000 Size: 18688 File Visible: - Signed: -
Status: -

Name: ParVdm.SYS
Image Path: C:\WINXP\System32\Drivers\ParVdm.SYS
Address: 0xF8A5A000 Size: 7040 File Visible: - Signed: -
Status: -

Name: pci.sys
Image Path: pci.sys
Address: 0xF83CA000 Size: 68224 File Visible: - Signed: -
Status: -

Name: PCI_PNP2488
Image Path: \Driver\PCI_PNP2488
Address: 0x00000000 Size: 0 File Visible: No Signed: -
Status: -

Name: pciide.sys
Image Path: pciide.sys
Address: 0xF8AFE000 Size: 3328 File Visible: - Signed: -
Status: -

Name: PCIIDEX.SYS
Image Path: C:\WINXP\system32\DRIVERS\PCIIDEX.SYS
Address: 0xF87B6000 Size: 28672 File Visible: - Signed: -
Status: -

Name: PnpManager
Image Path: \Driver\PnpManager
Address: 0x804D7000 Size: 2189184 File Visible: - Signed: -
Status: -

Name: portcls.sys
Image Path: C:\WINXP\system32\drivers\portcls.sys
Address: 0xF7BAA000 Size: 147456 File Visible: - Signed: -
Status: -

Name: psched.sys
Image Path: C:\WINXP\system32\DRIVERS\psched.sys
Address: 0xF7B01000 Size: 69120 File Visible: - Signed: -
Status: -

Name: ptilink.sys
Image Path: C:\WINXP\system32\DRIVERS\ptilink.sys
Address: 0xF88D6000 Size: 17792 File Visible: - Signed: -
Status: -

Name: rasacd.sys
Image Path: C:\WINXP\system32\DRIVERS\rasacd.sys
Address: 0xF89F6000 Size: 8832 File Visible: - Signed: -
Status: -

Name: rasl2tp.sys
Image Path: C:\WINXP\system32\DRIVERS\rasl2tp.sys
Address: 0xF87A6000 Size: 51328 File Visible: - Signed: -
Status: -

Name: raspppoe.sys
Image Path: C:\WINXP\system32\DRIVERS\raspppoe.sys
Address: 0xF85B6000 Size: 41472 File Visible: - Signed: -
Status: -

Name: raspptp.sys
Image Path: C:\WINXP\system32\DRIVERS\raspptp.sys
Address: 0xF85C6000 Size: 48384 File Visible: - Signed: -
Status: -

Name: raspti.sys
Image Path: C:\WINXP\system32\DRIVERS\raspti.sys
Address: 0xF88DE000 Size: 16512 File Visible: - Signed: -
Status: -

Name: RAW
Image Path: \FileSystem\RAW
Address: 0x804D7000 Size: 2189184 File Visible: - Signed: -
Status: -

Name: rdbss.sys
Image Path: C:\WINXP\system32\DRIVERS\rdbss.sys
Address: 0xEB8B3000 Size: 174592 File Visible: - Signed: -
Status: -

Name: RDPCDD.sys
Image Path: C:\WINXP\System32\DRIVERS\RDPCDD.sys
Address: 0xF8A7E000 Size: 4224 File Visible: - Signed: -
Status: -

Name: rdpdr.sys
Image Path: C:\WINXP\system32\DRIVERS\rdpdr.sys
Address: 0xF7AD0000 Size: 196864 File Visible: - Signed: -
Status: -

Name: redbook.sys
Image Path: C:\WINXP\system32\DRIVERS\redbook.sys
Address: 0xF8756000 Size: 57600 File Visible: - Signed: -
Status: -

Name: rootrepeal.sys
Image Path: C:\WINXP\system32\drivers\rootrepeal.sys
Address: 0xF7F7F000 Size: 49152 File Visible: No Signed: -
Status: -

Name: SCSIPORT.SYS
Image Path: C:\WINXP\System32\Drivers\SCSIPORT.SYS
Address: 0xF840A000 Size: 98304 File Visible: - Signed: -
Status: -

Name: serenum.sys
Image Path: C:\WINXP\system32\DRIVERS\serenum.sys
Address: 0xF822B000 Size: 15488 File Visible: - Signed: -
Status: -

Name: serial.sys
Image Path: C:\WINXP\system32\DRIVERS\serial.sys
Address: 0xF7B3D000 Size: 65920 File Visible: - Signed: -
Status: -

Name: SISAGPX.sys
Image Path: SISAGPX.sys
Address: 0xF87C6000 Size: 30848 File Visible: - Signed: -
Status: -

Name: sisnic.sys
Image Path: C:\WINXP\system32\DRIVERS\sisnic.sys
Address: 0xF8856000 Size: 32256 File Visible: - Signed: -
Status: -

Name: spqr.sys
Image Path: spqr.sys
Address: 0xF8422000 Size: 995328 File Visible: No Signed: -
Status: -

Name: sptd
Image Path: \Driver\sptd
Address: 0x00000000 Size: 0 File Visible: No Signed: -
Status: -

Name: sr.sys
Image Path: sr.sys
Address: 0xF833B000 Size: 73472 File Visible: - Signed: -
Status: -

Name: srv.sys
Image Path: C:\WINXP\system32\DRIVERS\srv.sys
Address: 0xBACD4000 Size: 352640 File Visible: - Signed: -
Status: -

Name: swenum.sys
Image Path: C:\WINXP\system32\DRIVERS\swenum.sys
Address: 0xF8A66000 Size: 4352 File Visible: - Signed: -
Status: -

Name: sysaudio.sys
Image Path: C:\WINXP\system32\drivers\sysaudio.sys
Address: 0xF8047000 Size: 60800 File Visible: - Signed: -
Status: -

Name: tcpip.sys
Image Path: C:\WINXP\system32\DRIVERS\tcpip.sys
Address: 0xEB928000 Size: 360960 File Visible: - Signed: -
Status: -

Name: TDI.SYS
Image Path: C:\WINXP\system32\DRIVERS\TDI.SYS
Address: 0xF88CE000 Size: 20480 File Visible: - Signed: -
Status: -

Name: termdd.sys
Image Path: C:\WINXP\system32\DRIVERS\termdd.sys
Address: 0xF85E6000 Size: 40704 File Visible: - Signed: -
Status: -

Name: update.sys
Image Path: C:\WINXP\system32\DRIVERS\update.sys
Address: 0xF7A9C000 Size: 209408 File Visible: - Signed: -
Status: -

Name: USBD.SYS
Image Path: C:\WINXP\system32\DRIVERS\USBD.SYS
Address: 0xF8A6C000 Size: 8192 File Visible: - Signed: -
Status: -

Name: usbehci.sys
Image Path: C:\WINXP\system32\DRIVERS\usbehci.sys
Address: 0xF884E000 Size: 26624 File Visible: - Signed: -
Status: -

Name: usbhub.sys
Image Path: C:\WINXP\system32\DRIVERS\usbhub.sys
Address: 0xF8636000 Size: 57600 File Visible: - Signed: -
Status: -

Name: usbohci.sys
Image Path: C:\WINXP\system32\DRIVERS\usbohci.sys
Address: 0xF8846000 Size: 17024 File Visible: - Signed: -
Status: -

Name: USBPORT.SYS
Image Path: C:\WINXP\system32\DRIVERS\USBPORT.SYS
Address: 0xF7B87000 Size: 143360 File Visible: - Signed: -
Status: -

Name: vga.sys
Image Path: C:\WINXP\System32\drivers\vga.sys
Address: 0xF8906000 Size: 20992 File Visible: - Signed: -
Status: -

Name: VIDEOPRT.SYS
Image Path: C:\WINXP\system32\DRIVERS\VIDEOPRT.SYS
Address: 0xF7C60000 Size: 81920 File Visible: - Signed: -
Status: -

Name: VolSnap.sys
Image Path: VolSnap.sys
Address: 0xF8556000 Size: 53760 File Visible: - Signed: -
Status: -

Name: wanarp.sys
Image Path: C:\WINXP\system32\DRIVERS\wanarp.sys
Address: 0xF8676000 Size: 34560 File Visible: - Signed: -
Status: -

Name: watchdog.sys
Image Path: C:\WINXP\System32\watchdog.sys
Address: 0xF87F6000 Size: 20480 File Visible: - Signed: -
Status: -

Name: wdmaud.sys
Image Path: C:\WINXP\system32\drivers\wdmaud.sys
Address: 0xF7E02000 Size: 82944 File Visible: - Signed: -
Status: -

Name: Win32k
Image Path: \Driver\Win32k
Address: 0xBF800000 Size: 1859584 File Visible: - Signed: -
Status: -

Name: win32k.sys
Image Path: C:\WINXP\System32\win32k.sys
Address: 0xBF800000 Size: 1859584 File Visible: - Signed: -
Status: -

Name: WMILIB.SYS
Image Path: C:\WINXP\System32\Drivers\WMILIB.SYS
Address: 0xF8A38000 Size: 8192 File Visible: - Signed: -
Status: -

Name: WMIxWDM
Image Path: \Driver\WMIxWDM
Address: 0x804D7000 Size: 2189184 File Visible: - Signed: -
Status: -

parmenion 23.05.2010 22:53
Zitat:
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Datenbank Version: 4133

Windows 5.1.2600 Service Pack 2
Internet Explorer 7.0.5730.13

23.05.2010 23:46:27
mbam-log-2010-05-23 (23-46-27).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|)
Durchsuchte Objekte: 176155
Laufzeit: 1 Stunde(n), 41 Minute(n), 32 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 3

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
C:\System Volume Information\_restore{66D30DAC-A4F1-4FB0-8B76-B893C276D33B}\RP20\A0006148.exe (Malware.Packer) -> No action taken.
C:\System Volume Information\_restore{66D30DAC-A4F1-4FB0-8B76-B893C276D33B}\RP20\A0006270.exe (PUP.KeyLogger) -> No action taken.
C:\System Volume Information\_restore{66D30DAC-A4F1-4FB0-8B76-B893C276D33B}\RP43\A0020096.exe (Trojan.Agent.CK) -> No action taken.
sieht nicht so gut aus, oder?

MalwareHero 24.05.2010 00:43
Zitat:
Zitat von parmenion (Beitrag 527911)
sieht nicht so gut aus, oder?
> Lösche die Fünde von Malwarebytes. Ankreuzen und "Entferne Auswahl".

> Öffne RootRepeal. Unter "Drivers" klicke "Scan" und finde den Driver Eintrag: as22tuia.SYS
Rechtsklick auf den Eintrag as22tuia.SYS > wähle "Dump File" Speichere die Kopie des Files auf deinem Desktop als "ass22tuia.sys."
Besuche diese Seite: VirusTotal - Kostenloser online Viren- und Malwarescanner
und lade den File "ass22tuia.sys" von deinem Desktop hoch und poste das Log der Überprüfung dann hier.


> Hast du beim Rootrepeal Scan gleich nach dem Öffnen auf Scan geklickt? Folge der Anleitung:
Erst auf Report (unten im Fenster) gehen. Siehe Anleitung RootRepeal in meinem letzten Thread. Kreuze alle Scankästchen an ausser "Drivers". Poste das Log.

> Lade dir NormanMalwareCleaner von hier runter:
Norman | Norman Malware Cleaner
mache einen Scan (Du must Administratorrechte besitzen)
und poste das Log, das auf deinem Desktop abgelegt wird.

lg.

parmenion 24.05.2010 08:44
virustotal.com log:

Zitat:
Antivirus Version letzte aktualisierung Ergebnis
a-squared 4.5.0.50 2010.05.10 -
AhnLab-V3 2010.05.23.00 2010.05.22 -
AntiVir 8.2.1.242 2010.05.23 -
Antiy-AVL 2.0.3.7 2010.05.24 -
Authentium 5.2.0.5 2010.05.23 -
Avast 4.8.1351.0 2010.05.23 -
Avast5 5.0.332.0 2010.05.23 -
AVG 9.0.0.787 2010.05.23 -
BitDefender 7.2 2010.05.24 -
CAT-QuickHeal 10.00 2010.05.24 -
ClamAV 0.96.0.3-git 2010.05.22 -
Comodo 4930 2010.05.24 -
DrWeb 5.0.2.03300 2010.05.24 -
eSafe 7.0.17.0 2010.05.23 -
eTrust-Vet 35.2.7503 2010.05.21 -
F-Prot 4.6.0.103 2010.05.23 -
F-Secure 9.0.15370.0 2010.05.24 -
Fortinet 4.1.133.0 2010.05.23 -
GData 21 2010.05.24 -
Ikarus T3.1.1.84.0 2010.05.24 -
Jiangmin 13.0.900 2010.05.22 -
Kaspersky 7.0.0.125 2010.05.24 -
McAfee 5.400.0.1158 2010.05.24 -
McAfee-GW-Edition 2010.1 2010.05.23 -
Microsoft 1.5802 2010.05.24 -
NOD32 5139 2010.05.23 -
Norman 6.04.12 2010.05.23 -
nProtect 2010-05-23.01 2010.05.23 -
Panda 10.0.2.7 2010.05.23 -
PCTools 7.0.3.5 2010.05.24 -
Prevx 3.0 2010.05.24 -
Rising 22.49.00.02 2010.05.24 -
Sophos 4.53.0 2010.05.24 -
Sunbelt 6346 2010.05.24 -
Symantec 20101.1.0.89 2010.05.24 -
TheHacker 6.5.2.0.286 2010.05.24 -
TrendMicro 9.120.0.1004 2010.05.24 -
TrendMicro-HouseCall 9.120.0.1004 2010.05.24 -
VBA32 3.12.12.5 2010.05.22 -
ViRobot 2010.5.20.2326 2010.05.24 -
VirusBuster 5.0.27.0 2010.05.23 -
weitere Informationen
File size: 233472 bytes
MD5...: 05106b59ea210e7c9247400221d6f1a8
SHA1..: ae1c7dda813b67ee49983769a5ee25891d747e12
SHA256: 91784d377d392b738e8be194a3c77f888fff2933110f5822020faa44abc3194b
ssdeep: 3072:LShW8gYQ59tHN2WdMGrOuFtUpVIGc/oiMqqDt+7u8l/eKOlwxlH04KrS+T9
ds:2hWlJ9ttFvOuEsohqqDtb2/JQ4r8K
PEiD..: -
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x2b6d8
timedatestamp.....: 0x4a5cf4c9 (Tue Jul 14 21:12:41 2009)
machinetype.......: 0x14c (I386)

( 8 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x231f0 0x23200 6.70 2f553ae30abc172e360f4bcebb99e010
.data 0x25000 0x2ff8 0x2600 3.21 d5beb0e360479ce61575a9ca1d2c9df0
PAGE 0x28000 0x2e15 0x3000 4.77 8f625bafee17e7f4f1032d21359d5468
INIT 0x2b000 0xd2c 0xe00 0.00 b4202f7fe985b9648b4676e6f70832bd
.rsrc 0x2c000 0x330 0x400 0.00 0f343b0931126a20f133d67c2b018a3b
.dt0 0x2d000 0x107c 0x1200 0.84 7ea01842f5cc62f59f735e2d53bce28a
.dt1 0x2f000 0x752b 0x7600 6.19 2c128057e492802b06a073e52febb694
.reloc 0x37000 0x2000 0x2000 7.95 5d236ac5afd9c336e5da1e263363cd33

( 0 imports )

( 0 exports )
RDS...: NSRL Reference Data Set
-
pdfid.: -
trid..: Clipper DOS Executable (33.3%)
Generic Win/DOS Executable (33.0%)
DOS Executable Generic (33.0%)
VXD Driver (0.5%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.1%)
Symantec Reputation Network: Suspicious.Insight hxxp://www.symantec.com/security_response/writeup.jsp?docid=2010-021223-0550-99
sigcheck:
publisher....: n/a
copyright....: n/a
product......: n/a
description..: n/a
original name: n/a
internal name: n/a
file version.: n/a
comments.....: n/a
signers......: -
signing date.: -
verified.....: Unsigned

parmenion 24.05.2010 08:47
malwarecleaner hab ich abgebrochen weil er einfach dateien gelöscht hat die garnicht infiziert sein können!

MalwareHero 24.05.2010 14:41
Zitat:
Zitat von parmenion (Beitrag 527950)
malwarecleaner hab ich abgebrochen weil er einfach dateien gelöscht hat die garnicht infiziert sein können!
Norman ist 100% vertrauenswürdig. Dann nehme Dr.Web, der verschiebt nur die Fünde:
http://www.trojaner-board.de/59299-a...eb-cureit.html

> Vollständige log von RootRepeal noch nachholen, wie unten beschrieben, ausser "Drivers"

Log posten.

parmenion 24.05.2010 15:45
rootrepeal log:

Zitat:
ROOTREPEAL (c) AD, 2007-2009
==================================================
Scan Start Time: 2010/05/24 16:28
Program Version: Version 1.3.5.0
Windows Version: Windows XP SP2
==================================================

Hidden/Locked Files
-------------------
Path: C:\hiberfil.sys
Status: Locked to the Windows API!

Path: C:\RootRepeal report 05-24-10 (16-27-54).txt
Status: Visible to the Windows API, but not on disk.

Path: C:\WINXP\Temp\HTTEF9C.tmp
Status: Invisible to the Windows API!

Path: C:\WINXP\Temp\HTTF012.tmp
Status: Visible to the Windows API, but not on disk.

Path: c:\dokumente und einstellungen\milena\lokale einstellungen\temp\flaf013.tmp
Status: Size mismatch (API: 24485888, Raw: 23701752)

SSDT
-------------------
#: 019 Function Name: NtAssignProcessToJobObject
Status: Hooked by "<unknown>" at address 0x82282630

#: 041 Function Name: NtCreateKey
Status: Hooked by "spqr.sys" at address 0xf84230e0

#: 071 Function Name: NtEnumerateKey
Status: Hooked by "spqr.sys" at address 0xf843bda4

#: 073 Function Name: NtEnumerateValueKey
Status: Hooked by "spqr.sys" at address 0xf843c132

#: 119 Function Name: NtOpenKey
Status: Hooked by "spqr.sys" at address 0xf84230c0

#: 122 Function Name: NtOpenProcess
Status: Hooked by "<unknown>" at address 0x82281a60

#: 128 Function Name: NtOpenThread
Status: Hooked by "<unknown>" at address 0x82281e80

#: 160 Function Name: NtQueryKey
Status: Hooked by "spqr.sys" at address 0xf843c20a

#: 177 Function Name: NtQueryValueKey
Status: Hooked by "spqr.sys" at address 0xf843c08a

#: 247 Function Name: NtSetValueKey
Status: Hooked by "spqr.sys" at address 0xf843c29c

#: 253 Function Name: NtSuspendProcess
Status: Hooked by "<unknown>" at address 0x82282460

#: 254 Function Name: NtSuspendThread
Status: Hooked by "<unknown>" at address 0x82282280

#: 257 Function Name: NtTerminateProcess
Status: Hooked by "<unknown>" at address 0x82281c90

#: 258 Function Name: NtTerminateThread
Status: Hooked by "<unknown>" at address 0x822820b0

Stealth Objects
-------------------
Object: Hidden Code [ETHREAD: 0x821a0c50]
Process: System Address: 0x82280790 Size: 1000

Object: Hidden Code [Driver: Ntfs, IRP_MJ_CREATE]
Process: System Address: 0x823df1f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_CLOSE]
Process: System Address: 0x823df1f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_READ]
Process: System Address: 0x823df1f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_WRITE]
Process: System Address: 0x823df1f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_INFORMATION]
Process: System Address: 0x823df1f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_INFORMATION]
Process: System Address: 0x823df1f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_EA]
Process: System Address: 0x823df1f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_EA]
Process: System Address: 0x823df1f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_FLUSH_BUFFERS]
Process: System Address: 0x823df1f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_VOLUME_INFORMATION]
Process: System Address: 0x823df1f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_VOLUME_INFORMATION]
Process: System Address: 0x823df1f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_DIRECTORY_CONTROL]
Process: System Address: 0x823df1f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_FILE_SYSTEM_CONTROL]
Process: System Address: 0x823df1f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x823df1f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SHUTDOWN]
Process: System Address: 0x823df1f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_LOCK_CONTROL]
Process: System Address: 0x823df1f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_CLEANUP]
Process: System Address: 0x823df1f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_SECURITY]
Process: System Address: 0x823df1f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_SECURITY]
Process: System Address: 0x823df1f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_QUOTA]
Process: System Address: 0x823df1f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_QUOTA]
Process: System Address: 0x823df1f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_PNP]
Process: System Address: 0x823df1f8 Size: 121

Object: Hidden Code [Driver: , IRP_MJ_CREATE]
Process: System Address: 0x8211f1f8 Size: 121

Object: Hidden Code [Driver: , IRP_MJ_CLOSE]
Process: System Address: 0x8211f1f8 Size: 121

Object: Hidden Code [Driver: , IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x8211f1f8 Size: 121

Object: Hidden Code [Driver: , IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x8211f1f8 Size: 121

Object: Hidden Code [Driver: , IRP_MJ_POWER]
Process: System Address: 0x8211f1f8 Size: 121

Object: Hidden Code [Driver: , IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x8211f1f8 Size: 121

Object: Hidden Code [Driver: , IRP_MJ_PNP]
Process: System Address: 0x8211f1f8 Size: 121

Object: Hidden Code [Driver: Cdrom, IRP_MJ_CREATE]
Process: System Address: 0x822311f8 Size: 121

Object: Hidden Code [Driver: Cdrom, IRP_MJ_CLOSE]
Process: System Address: 0x822311f8 Size: 121

Object: Hidden Code [Driver: Cdrom, IRP_MJ_READ]
Process: System Address: 0x822311f8 Size: 121

Object: Hidden Code [Driver: Cdrom, IRP_MJ_WRITE]
Process: System Address: 0x822311f8 Size: 121

Object: Hidden Code [Driver: Cdrom, IRP_MJ_FLUSH_BUFFERS]
Process: System Address: 0x822311f8 Size: 121

Object: Hidden Code [Driver: Cdrom, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x822311f8 Size: 121

Object: Hidden Code [Driver: Cdrom, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x822311f8 Size: 121

Object: Hidden Code [Driver: Cdrom, IRP_MJ_SHUTDOWN]
Process: System Address: 0x822311f8 Size: 121

Object: Hidden Code [Driver: Cdrom, IRP_MJ_POWER]
Process: System Address: 0x822311f8 Size: 121

Object: Hidden Code [Driver: Cdrom, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x822311f8 Size: 121

Object: Hidden Code [Driver: Cdrom, IRP_MJ_PNP]
Process: System Address: 0x822311f8 Size: 121

Object: Hidden Code [Driver: atapi, IRP_MJ_CREATE]
Process: System Address: 0x823e01f8 Size: 121

Object: Hidden Code [Driver: atapi, IRP_MJ_CLOSE]
Process: System Address: 0x823e01f8 Size: 121

Object: Hidden Code [Driver: atapi, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x823e01f8 Size: 121

Object: Hidden Code [Driver: atapi, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x823e01f8 Size: 121

Object: Hidden Code [Driver: atapi, IRP_MJ_POWER]
Process: System Address: 0x823e01f8 Size: 121

Object: Hidden Code [Driver: atapi, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x823e01f8 Size: 121

Object: Hidden Code [Driver: atapi, IRP_MJ_PNP]
Process: System Address: 0x823e01f8 Size: 121

Object: Hidden Code [Driver: dmio, IRP_MJ_CREATE]
Process: System Address: 0x823721f8 Size: 121

Object: Hidden Code [Driver: dmio, IRP_MJ_CLOSE]
Process: System Address: 0x823721f8 Size: 121

Object: Hidden Code [Driver: dmio, IRP_MJ_READ]
Process: System Address: 0x823721f8 Size: 121

Object: Hidden Code [Driver: dmio, IRP_MJ_WRITE]
Process: System Address: 0x823721f8 Size: 121

Object: Hidden Code [Driver: dmio, IRP_MJ_FLUSH_BUFFERS]
Process: System Address: 0x823721f8 Size: 121

Object: Hidden Code [Driver: dmio, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x823721f8 Size: 121

Object: Hidden Code [Driver: dmio, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x823721f8 Size: 121

Object: Hidden Code [Driver: dmio, IRP_MJ_SHUTDOWN]
Process: System Address: 0x823721f8 Size: 121

Object: Hidden Code [Driver: dmio, IRP_MJ_POWER]
Process: System Address: 0x823721f8 Size: 121

Object: Hidden Code [Driver: dmio, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x823721f8 Size: 121

Object: Hidden Code [Driver: dmio, IRP_MJ_PNP]
Process: System Address: 0x823721f8 Size: 121

Object: Hidden Code [Driver: usbohci, IRP_MJ_CREATE]
Process: System Address: 0x81fcd1f8 Size: 121

Object: Hidden Code [Driver: usbohci, IRP_MJ_CLOSE]
Process: System Address: 0x81fcd1f8 Size: 121

Object: Hidden Code [Driver: usbohci, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x81fcd1f8 Size: 121

Object: Hidden Code [Driver: usbohci, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x81fcd1f8 Size: 121

Object: Hidden Code [Driver: usbohci, IRP_MJ_POWER]
Process: System Address: 0x81fcd1f8 Size: 121

Object: Hidden Code [Driver: usbohci, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x81fcd1f8 Size: 121

Object: Hidden Code [Driver: usbohci, IRP_MJ_PNP]
Process: System Address: 0x81fcd1f8 Size: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_CREATE]
Process: System Address: 0x823e11f8 Size: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_READ]
Process: System Address: 0x823e11f8 Size: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_WRITE]
Process: System Address: 0x823e11f8 Size: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_FLUSH_BUFFERS]
Process: System Address: 0x823e11f8 Size: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x823e11f8 Size: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x823e11f8 Size: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_SHUTDOWN]
Process: System Address: 0x823e11f8 Size: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_CLEANUP]
Process: System Address: 0x823e11f8 Size: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_POWER]
Process: System Address: 0x823e11f8 Size: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x823e11f8 Size: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_PNP]
Process: System Address: 0x823e11f8 Size: 121

Object: Hidden Code [Driver: NetBT, IRP_MJ_CREATE]
Process: System Address: 0x821361f8 Size: 121

Object: Hidden Code [Driver: NetBT, IRP_MJ_CLOSE]
Process: System Address: 0x821361f8 Size: 121

Object: Hidden Code [Driver: NetBT, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x821361f8 Size: 121

Object: Hidden Code [Driver: NetBT, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x821361f8 Size: 121

Object: Hidden Code [Driver: NetBT, IRP_MJ_CLEANUP]
Process: System Address: 0x821361f8 Size: 121

Object: Hidden Code [Driver: NetBT, IRP_MJ_PNP]
Process: System Address: 0x821361f8 Size: 121

Object: Hidden Code [Driver: usbehci, IRP_MJ_CREATE]
Process: System Address: 0x8218a1f8 Size: 121

Object: Hidden Code [Driver: usbehci, IRP_MJ_CLOSE]
Process: System Address: 0x8218a1f8 Size: 121

Object: Hidden Code [Driver: usbehci, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x8218a1f8 Size: 121

Object: Hidden Code [Driver: usbehci, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x8218a1f8 Size: 121

Object: Hidden Code [Driver: usbehci, IRP_MJ_POWER]
Process: System Address: 0x8218a1f8 Size: 121

Object: Hidden Code [Driver: usbehci, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x8218a1f8 Size: 121

Object: Hidden Code [Driver: usbehci, IRP_MJ_PNP]
Process: System Address: 0x8218a1f8 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_CREATE]
Process: System Address: 0x821b11f8 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_CREATE_NAMED_PIPE]
Process: System Address: 0x821b11f8 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_CLOSE]
Process: System Address: 0x821b11f8 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_READ]
Process: System Address: 0x821b11f8 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_WRITE]
Process: System Address: 0x821b11f8 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_QUERY_INFORMATION]
Process: System Address: 0x821b11f8 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SET_INFORMATION]
Process: System Address: 0x821b11f8 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_QUERY_EA]
Process: System Address: 0x821b11f8 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SET_EA]
Process: System Address: 0x821b11f8 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_FLUSH_BUFFERS]
Process: System Address: 0x821b11f8 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_QUERY_VOLUME_INFORMATION]
Process: System Address: 0x821b11f8 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SET_VOLUME_INFORMATION]
Process: System Address: 0x821b11f8 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_DIRECTORY_CONTROL]
Process: System Address: 0x821b11f8 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_FILE_SYSTEM_CONTROL]
Process: System Address: 0x821b11f8 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x821b11f8 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x821b11f8 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SHUTDOWN]
Process: System Address: 0x821b11f8 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_LOCK_CONTROL]
Process: System Address: 0x821b11f8 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_CLEANUP]
Process: System Address: 0x821b11f8 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_CREATE_MAILSLOT]
Process: System Address: 0x821b11f8 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_QUERY_SECURITY]
Process: System Address: 0x821b11f8 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SET_SECURITY]
Process: System Address: 0x821b11f8 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_POWER]
Process: System Address: 0x821b11f8 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x821b11f8 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_DEVICE_CHANGE]
Process: System Address: 0x821b11f8 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_QUERY_QUOTA]
Process: System Address: 0x821b11f8 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SET_QUOTA]
Process: System Address: 0x821b11f8 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_PNP]
Process: System Address: 0x821b11f8 Size: 121

Object: Hidden Code [Driver: Mup, IRP_MJ_CREATE]
Process: System Address: 0x81fce1f8 Size: 121

Object: Hidden Code [Driver: Mup, IRP_MJ_CLOSE]
Process: System Address: 0x81fce1f8 Size: 121

Object: Hidden Code [Driver: Mup, IRP_MJ_READ]
Process: System Address: 0x81fce1f8 Size: 121

Object: Hidden Code [Driver: Mup, IRP_MJ_QUERY_INFORMATION]
Process: System Address: 0x81fce1f8 Size: 121

Object: Hidden Code [Driver: Mup, IRP_MJ_SET_INFORMATION]
Process: System Address: 0x81fce1f8 Size: 121

Object: Hidden Code [Driver: Mup, IRP_MJ_QUERY_VOLUME_INFORMATION]
Process: System Address: 0x81fce1f8 Size: 121

Object: Hidden Code [Driver: Mup, IRP_MJ_DIRECTORY_CONTROL]
Process: System Address: 0x81fce1f8 Size: 121

Object: Hidden Code [Driver: Mup, IRP_MJ_FILE_SYSTEM_CONTROL]
Process: System Address: 0x81fce1f8 Size: 121

Object: Hidden Code [Driver: Mup, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x81fce1f8 Size: 121

Object: Hidden Code [Driver: Mup, IRP_MJ_SHUTDOWN]
Process: System Address: 0x81fce1f8 Size: 121

Object: Hidden Code [Driver: Mup, IRP_MJ_LOCK_CONTROL]
Process: System Address: 0x81fce1f8 Size: 121

Object: Hidden Code [Driver: Mup, IRP_MJ_CLEANUP]
Process: System Address: 0x81fce1f8 Size: 121

Object: Hidden Code [Driver: Mup, IRP_MJ_PNP]
Process: System Address: 0x81fce1f8 Size: 121

==EOF==

parmenion 24.05.2010 16:54
die txt. datei ist zu groß darum hab ich sie als zip. gepackt

MalwareHero 24.05.2010 17:28
Zitat:
Zitat von parmenion (Beitrag 528042)
die txt. datei ist zu groß darum hab ich sie als zip. gepackt
Mache den Kompletten Scan mit Dr.Web. Der Schnelle Scan sagt hier zuwenig aus.


Alle Zeitangaben in WEZ +1. Es ist jetzt 17:39 Uhr.
Seite 2 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19