Virus auf PC " Secutity warning"

27.01.2010, 16:52

KingK

Member

Themenstarter

Beiträge: 68

#31 ROOTREPEAL (c) AD, 2007-2009
==================================================
Scan Start Time: 2010/01/27 16:41
Program Version: Version 1.3.5.0
Windows Version: Windows XP SP3
==================================================

Drivers
-------------------
Name:
Image Path:
Address: 0xF7359000 Size: 98304 File Visible: No Signed: -
Status: -

Name:
Image Path:
Address: 0x00000000 Size: 0 File Visible: No Signed: -
Status: -

Name: dump_atapi.sys
Image Path: C:\WINDOWS\System32\Drivers\dump_atapi.sys
Address: 0xF3738000 Size: 98304 File Visible: No Signed: -
Status: -

Name: dump_WMILIB.SYS
Image Path: C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS
Address: 0xF7B1E000 Size: 8192 File Visible: No Signed: -
Status: -

Name: PCI_PNP8824
Image Path: \Driver\PCI_PNP8824
Address: 0x00000000 Size: 0 File Visible: No Signed: -
Status: -

Name: rootrepeal.sys
Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys
Address: 0xB99DE000 Size: 49152 File Visible: No Signed: -
Status: -

Name: spoo.sys
Image Path: spoo.sys
Address: 0xF740F000 Size: 1048576 File Visible: No Signed: -
Status: -

Name: sptd
Image Path: \Driver\sptd
Address: 0x00000000 Size: 0 File Visible: No Signed: -
Status: -

Hidden/Locked Files
-------------------
Path: C:\hiberfil.sys
Status: Locked to the Windows API!

Path: c:\windows\temp\sqlite_3uy9rvgnzgkbfnc
Status: Allocation size mismatch (API: 4096, Raw: 0)

SSDT
-------------------
#: 025 Function Name: NtClose
Status: Hooked by "vax347b.sys" at address 0xf73aebb8

#: 041 Function Name: NtCreateKey
Status: Hooked by "vax347b.sys" at address 0xf73aeb70

#: 045 Function Name: NtCreatePagingFile
Status: Hooked by "vax347b.sys" at address 0xf73a2c70

#: 071 Function Name: NtEnumerateKey
Status: Hooked by "vax347b.sys" at address 0xf73a34fe

#: 073 Function Name: NtEnumerateValueKey
Status: Hooked by "vax347b.sys" at address 0xf73aecb0

#: 119 Function Name: NtOpenKey
Status: Hooked by "vax347b.sys" at address 0xf73aeb34

#: 160 Function Name: NtQueryKey
Status: Hooked by "vax347b.sys" at address 0xf73a351e

#: 177 Function Name: NtQueryValueKey
Status: Hooked by "vax347b.sys" at address 0xf73aec06

#: 241 Function Name: NtSetSystemPowerState
Status: Hooked by "vax347b.sys" at address 0xf73ae450

#: 247 Function Name: NtSetValueKey
Status: Hooked by "spoo.sys" at address 0xf742f19a

Stealth Objects
-------------------
Object: Hidden Code [Driver: Ntfs, IRP_MJ_CREATE]
Process: System Address: 0x873651f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_CLOSE]
Process: System Address: 0x873651f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_READ]
Process: System Address: 0x873651f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_WRITE]
Process: System Address: 0x873651f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_INFORMATION]
Process: System Address: 0x873651f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_INFORMATION]
Process: System Address: 0x873651f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_EA]
Process: System Address: 0x873651f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_EA]
Process: System Address: 0x873651f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_FLUSH_BUFFERS]
Process: System Address: 0x873651f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_VOLUME_INFORMATION]
Process: System Address: 0x873651f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_VOLUME_INFORMATION]
Process: System Address: 0x873651f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_DIRECTORY_CONTROL]
Process: System Address: 0x873651f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_FILE_SYSTEM_CONTROL]
Process: System Address: 0x873651f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x873651f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SHUTDOWN]
Process: System Address: 0x873651f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_LOCK_CONTROL]
Process: System Address: 0x873651f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_CLEANUP]
Process: System Address: 0x873651f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_SECURITY]
Process: System Address: 0x873651f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_SECURITY]
Process: System Address: 0x873651f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_QUOTA]
Process: System Address: 0x873651f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_QUOTA]
Process: System Address: 0x873651f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_PNP]
Process: System Address: 0x873651f8 Size: 121

Object: Hidden Code [Driver: Fastfat, IRP_MJ_CREATE]
Process: System Address: 0x87085500 Size: 121

Object: Hidden Code [Driver: Fastfat, IRP_MJ_CLOSE]
Process: System Address: 0x87085500 Size: 121

Object: Hidden Code [Driver: Fastfat, IRP_MJ_READ]
Process: System Address: 0x870ee5c0 Size: 11

Object: Hidden Code [Driver: Fastfat, IRP_MJ_WRITE]
Process: System Address: 0x87085500 Size: 121

Object: Hidden Code [Driver: Fastfat, IRP_MJ_QUERY_INFORMATION]
Process: System Address: 0x87085500 Size: 121

Object: Hidden Code [Driver: Fastfat, IRP_MJ_SET_INFORMATION]
Process: System Address: 0x87085500 Size: 121

Object: Hidden Code [Driver: Fastfat, IRP_MJ_QUERY_EA]
Process: System Address: 0x87085500 Size: 121

Object: Hidden Code [Driver: Fastfat, IRP_MJ_SET_EA]
Process: System Address: 0x87085500 Size: 121

Object: Hidden Code [Driver: Fastfat, IRP_MJ_FLUSH_BUFFERS]
Process: System Address: 0x87085500 Size: 121

Object: Hidden Code [Driver: Fastfat, IRP_MJ_QUERY_VOLUME_INFORMATION]
Process: System Address: 0x87085500 Size: 121

Object: Hidden Code [Driver: Fastfat, IRP_MJ_SET_VOLUME_INFORMATION]
Process: System Address: 0x87085500 Size: 121

Object: Hidden Code [Driver: Fastfat, IRP_MJ_DIRECTORY_CONTROL]
Process: System Address: 0x87085500 Size: 121

Object: Hidden Code [Driver: Fastfat, IRP_MJ_FILE_SYSTEM_CONTROL]
Process: System Address: 0x87085500 Size: 121

Object: Hidden Code [Driver: Fastfat, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x87085500 Size: 121

Object: Hidden Code [Driver: Fastfat, IRP_MJ_SHUTDOWN]
Process: System Address: 0x87085500 Size: 121

Object: Hidden Code [Driver: Fastfat, IRP_MJ_LOCK_CONTROL]
Process: System Address: 0x87085500 Size: 121

Object: Hidden Code [Driver: Fastfat, IRP_MJ_CLEANUP]
Process: System Address: 0x87085500 Size: 121

Object: Hidden Code [Driver: Fastfat, IRP_MJ_PNP]
Process: System Address: 0x87085500 Size: 121

Object: Hidden Code [Driver: atapi, IRP_MJ_CREATE]
Process: System Address: 0x86f30528 Size: 99

Object: Hidden Code [Driver: atapi, IRP_MJ_CREATE_NAMED_PIPE]
Process: System Address: 0x86f30528 Size: 99

Object: Hidden Code [Driver: atapi, IRP_MJ_CLOSE]
Process: System Address: 0x86f30528 Size: 99

Object: Hidden Code [Driver: atapi, IRP_MJ_READ]
Process: System Address: 0x86f30528 Size: 99

Object: Hidden Code [Driver: atapi, IRP_MJ_WRITE]
Process: System Address: 0x86f30528 Size: 99

Object: Hidden Code [Driver: atapi, IRP_MJ_QUERY_INFORMATION]
Process: System Address: 0x86f30528 Size: 99

Object: Hidden Code [Driver: atapi, IRP_MJ_SET_INFORMATION]
Process: System Address: 0x86f30528 Size: 99

Object: Hidden Code [Driver: atapi, IRP_MJ_QUERY_EA]
Process: System Address: 0x86f30528 Size: 99

Object: Hidden Code [Driver: atapi, IRP_MJ_SET_EA]
Process: System Address: 0x86f30528 Size: 99

Object: Hidden Code [Driver: atapi, IRP_MJ_FLUSH_BUFFERS]
Process: System Address: 0x86f30528 Size: 99

Object: Hidden Code [Driver: atapi, IRP_MJ_QUERY_VOLUME_INFORMATION]
Process: System Address: 0x86f30528 Size: 99

Object: Hidden Code [Driver: atapi, IRP_MJ_SET_VOLUME_INFORMATION]
Process: System Address: 0x86f30528 Size: 99

Object: Hidden Code [Driver: atapi, IRP_MJ_DIRECTORY_CONTROL]
Process: System Address: 0x86f30528 Size: 99

Object: Hidden Code [Driver: atapi, IRP_MJ_FILE_SYSTEM_CONTROL]
Process: System Address: 0x86f30528 Size: 99

Object: Hidden Code [Driver: atapi, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x86f30528 Size: 99

Object: Hidden Code [Driver: atapi, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x86f30528 Size: 99

Object: Hidden Code [Driver: atapi, IRP_MJ_SHUTDOWN]
Process: System Address: 0x86f30528 Size: 99

Object: Hidden Code [Driver: atapi, IRP_MJ_LOCK_CONTROL]
Process: System Address: 0x86f30528 Size: 99

Object: Hidden Code [Driver: atapi, IRP_MJ_CLEANUP]
Process: System Address: 0x86f30528 Size: 99

Object: Hidden Code [Driver: atapi, IRP_MJ_CREATE_MAILSLOT]
Process: System Address: 0x86f30528 Size: 99

Object: Hidden Code [Driver: atapi, IRP_MJ_QUERY_SECURITY]
Process: System Address: 0x86f30528 Size: 99

Object: Hidden Code [Driver: atapi, IRP_MJ_SET_SECURITY]
Process: System Address: 0x86f30528 Size: 99

Object: Hidden Code [Driver: atapi, IRP_MJ_POWER]
Process: System Address: 0x86f30528 Size: 99

Object: Hidden Code [Driver: atapi, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x86f30528 Size: 99

Object: Hidden Code [Driver: atapi, IRP_MJ_DEVICE_CHANGE]
Process: System Address: 0x86f30528 Size: 99

Object: Hidden Code [Driver: atapi, IRP_MJ_QUERY_QUOTA]
Process: System Address: 0x86f30528 Size: 99

Object: Hidden Code [Driver: atapi, IRP_MJ_SET_QUOTA]
Process: System Address: 0x86f30528 Size: 99

Object: Hidden Code [Driver: atapi, IRP_MJ_PNP]
Process: System Address: 0x86f30528 Size: 99

Object: Hidden Code [Driver: Cdrom, IRP_MJ_CREATE]
Process: System Address: 0x86f15b30 Size: 99

Object: Hidden Code [Driver: Cdrom, IRP_MJ_CREATE_NAMED_PIPE]
Process: System Address: 0x86f15b30 Size: 99

Object: Hidden Code [Driver: Cdrom, IRP_MJ_CLOSE]
Process: System Address: 0x86f15b30 Size: 99

Object: Hidden Code [Driver: Cdrom, IRP_MJ_READ]
Process: System Address: 0x86f15b30 Size: 99

Object: Hidden Code [Driver: Cdrom, IRP_MJ_WRITE]
Process: System Address: 0x86f15b30 Size: 99

Object: Hidden Code [Driver: Cdrom, IRP_MJ_QUERY_INFORMATION]
Process: System Address: 0x86f15b30 Size: 99

Object: Hidden Code [Driver: Cdrom, IRP_MJ_SET_INFORMATION]
Process: System Address: 0x86f15b30 Size: 99

Object: Hidden Code [Driver: Cdrom, IRP_MJ_QUERY_EA]
Process: System Address: 0x86f15b30 Size: 99

Object: Hidden Code [Driver: Cdrom, IRP_MJ_SET_EA]
Process: System Address: 0x86f15b30 Size: 99

Object: Hidden Code [Driver: Cdrom, IRP_MJ_FLUSH_BUFFERS]
Process: System Address: 0x86f15b30 Size: 99

Object: Hidden Code [Driver: Cdrom, IRP_MJ_QUERY_VOLUME_INFORMATION]
Process: System Address: 0x86f15b30 Size: 99

Object: Hidden Code [Driver: Cdrom, IRP_MJ_SET_VOLUME_INFORMATION]
Process: System Address: 0x86f15b30 Size: 99

Object: Hidden Code [Driver: Cdrom, IRP_MJ_DIRECTORY_CONTROL]
Process: System Address: 0x86f15b30 Size: 99

Object: Hidden Code [Driver: Cdrom, IRP_MJ_FILE_SYSTEM_CONTROL]
Process: System Address: 0x86f15b30 Size: 99

Object: Hidden Code [Driver: Cdrom, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x86f15b30 Size: 99

Object: Hidden Code [Driver: Cdrom, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x86f15b30 Size: 99

Object: Hidden Code [Driver: Cdrom, IRP_MJ_SHUTDOWN]
Process: System Address: 0x86f15b30 Size: 99

Object: Hidden Code [Driver: Cdrom, IRP_MJ_LOCK_CONTROL]
Process: System Address: 0x86f15b30 Size: 99

Object: Hidden Code [Driver: Cdrom, IRP_MJ_CLEANUP]
Process: System Address: 0x86f15b30 Size: 99

Object: Hidden Code [Driver: Cdrom, IRP_MJ_CREATE_MAILSLOT]
Process: System Address: 0x86f15b30 Size: 99

Object: Hidden Code [Driver: Cdrom, IRP_MJ_QUERY_SECURITY]
Process: System Address: 0x86f15b30 Size: 99

Object: Hidden Code [Driver: Cdrom, IRP_MJ_SET_SECURITY]
Process: System Address: 0x86f15b30 Size: 99

Object: Hidden Code [Driver: Cdrom, IRP_MJ_POWER]
Process: System Address: 0x86f15b30 Size: 99

Object: Hidden Code [Driver: Cdrom, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x86f15b30 Size: 99

Object: Hidden Code [Driver: Cdrom, IRP_MJ_DEVICE_CHANGE]
Process: System Address: 0x86f15b30 Size: 99

Object: Hidden Code [Driver: Cdrom, IRP_MJ_QUERY_QUOTA]
Process: System Address: 0x86f15b30 Size: 99

Object: Hidden Code [Driver: Cdrom, IRP_MJ_SET_QUOTA]
Process: System Address: 0x86f15b30 Size: 99

Object: Hidden Code [Driver: Cdrom, IRP_MJ_PNP]
Process: System Address: 0x86f15b30 Size: 99

Object: Hidden Code [Driver: usbuhci, IRP_MJ_CREATE]
Process: System Address: 0x8706d468 Size: 121

Object: Hidden Code [Driver: usbuhci, IRP_MJ_CLOSE]
Process: System Address: 0x8706d468 Size: 121

Object: Hidden Code [Driver: usbuhci, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x8706d468 Size: 121

Object: Hidden Code [Driver: usbuhci, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x8706d468 Size: 121

Object: Hidden Code [Driver: usbuhci, IRP_MJ_POWER]
Process: System Address: 0x8706d468 Size: 121

Object: Hidden Code [Driver: usbuhci, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x8706d468 Size: 121

Object: Hidden Code [Driver: usbuhci, IRP_MJ_PNP]
Process: System Address: 0x8706d468 Size: 121

Object: Hidden Code [Driver: av3chzumࠅఅ瑎獆횈⣈, IRP_MJ_CREATE]
Process: System Address: 0x86ce8430 Size: 99

Object: Hidden Code [Driver: av3chzumࠅఅ瑎獆횈⣈, IRP_MJ_CREATE_NAMED_PIPE]
Process: System Address: 0x86ce8430 Size: 99

Object: Hidden Code [Driver: av3chzumࠅఅ瑎獆횈⣈, IRP_MJ_CLOSE]
Process: System Address: 0x86ce8430 Size: 99

Object: Hidden Code [Driver: av3chzumࠅఅ瑎獆횈⣈, IRP_MJ_READ]
Process: System Address: 0x86ce8430 Size: 99

Object: Hidden Code [Driver: av3chzumࠅఅ瑎獆횈⣈, IRP_MJ_WRITE]
Process: System Address: 0x86ce8430 Size: 99

Object: Hidden Code [Driver: av3chzumࠅఅ瑎獆횈⣈, IRP_MJ_QUERY_INFORMATION]
Process: System Address: 0x86ce8430 Size: 99

Object: Hidden Code [Driver: av3chzumࠅఅ瑎獆횈⣈, IRP_MJ_SET_INFORMATION]
Process: System Address: 0x86ce8430 Size: 99

Object: Hidden Code [Driver: av3chzumࠅఅ瑎獆횈⣈, IRP_MJ_QUERY_EA]
Process: System Address: 0x86ce8430 Size: 99

Object: Hidden Code [Driver: av3chzumࠅఅ瑎獆횈⣈, IRP_MJ_SET_EA]
Process: System Address: 0x86ce8430 Size: 99

Object: Hidden Code [Driver: av3chzumࠅఅ瑎獆횈⣈, IRP_MJ_FLUSH_BUFFERS]
Process: System Address: 0x86ce8430 Size: 99

Object: Hidden Code [Driver: av3chzumࠅఅ瑎獆횈⣈, IRP_MJ_QUERY_VOLUME_INFORMATION]
Process: System Address: 0x86ce8430 Size: 99

Object: Hidden Code [Driver: av3chzumࠅఅ瑎獆횈⣈, IRP_MJ_SET_VOLUME_INFORMATION]
Process: System Address: 0x86ce8430 Size: 99

Object: Hidden Code [Driver: av3chzumࠅఅ瑎獆횈⣈, IRP_MJ_DIRECTORY_CONTROL]
Process: System Address: 0x86ce8430 Size: 99

Object: Hidden Code [Driver: av3chzumࠅఅ瑎獆횈⣈, IRP_MJ_FILE_SYSTEM_CONTROL]
Process: System Address: 0x86ce8430 Size: 99

Object: Hidden Code [Driver: av3chzumࠅఅ瑎獆횈⣈, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x86ce8430 Size: 99

Object: Hidden Code [Driver: av3chzumࠅఅ瑎獆횈⣈, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x86ce8430 Size: 99

Object: Hidden Code [Driver: av3chzumࠅఅ瑎獆횈⣈, IRP_MJ_SHUTDOWN]
Process: System Address: 0x86ce8430 Size: 99

Object: Hidden Code [Driver: av3chzumࠅఅ瑎獆횈⣈, IRP_MJ_LOCK_CONTROL]
Process: System Address: 0x86ce8430 Size: 99

Object: Hidden Code [Driver: av3chzumࠅఅ瑎獆횈⣈, IRP_MJ_CLEANUP]
Process: System Address: 0x86ce8430 Size: 99

Object: Hidden Code [Driver: av3chzumࠅఅ瑎獆횈⣈, IRP_MJ_CREATE_MAILSLOT]
Process: System Address: 0x86ce8430 Size: 99

Object: Hidden Code [Driver: av3chzumࠅఅ瑎獆횈⣈, IRP_MJ_QUERY_SECURITY]
Process: System Address: 0x86ce8430 Size: 99

Object: Hidden Code [Driver: av3chzumࠅఅ瑎獆횈⣈, IRP_MJ_SET_SECURITY]
Process: System Address: 0x86ce8430 Size: 99

Object: Hidden Code [Driver: av3chzumࠅఅ瑎獆횈⣈, IRP_MJ_POWER]
Process: System Address: 0x86ce8430 Size: 99

Object: Hidden Code [Driver: av3chzumࠅఅ瑎獆횈⣈, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x86ce8430 Size: 99

Object: Hidden Code [Driver: av3chzumࠅఅ瑎獆횈⣈, IRP_MJ_DEVICE_CHANGE]
Process: System Address: 0x86ce8430 Size: 99

Object: Hidden Code [Driver: av3chzumࠅఅ瑎獆횈⣈, IRP_MJ_QUERY_QUOTA]
Process: System Address: 0x86ce8430 Size: 99

Object: Hidden Code [Driver: av3chzumࠅఅ瑎獆횈⣈, IRP_MJ_SET_QUOTA]
Process: System Address: 0x86ce8430 Size: 99

Object: Hidden Code [Driver: av3chzumࠅఅ瑎獆횈⣈, IRP_MJ_PNP]
Process: System Address: 0x86ce8430 Size: 99

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_CREATE]
Process: System Address: 0x873671f8 Size: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_READ]
Process: System Address: 0x873671f8 Size: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_WRITE]
Process: System Address: 0x873671f8 Size: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_FLUSH_BUFFERS]
Process: System Address: 0x873671f8 Size: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x873671f8 Size: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x873671f8 Size: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_SHUTDOWN]
Process: System Address: 0x873671f8 Size: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_CLEANUP]
Process: System Address: 0x873671f8 Size: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_POWER]
Process: System Address: 0x873671f8 Size: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x873671f8 Size: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_PNP]
Process: System Address: 0x873671f8 Size: 121

Object: Hidden Code [Driver: vax347s, IRP_MJ_CREATE]
Process: System Address: 0x86e3bb40 Size: 99

Object: Hidden Code [Driver: vax347s, IRP_MJ_CREATE_NAMED_PIPE]
Process: System Address: 0x86e3bb40 Size: 99

Object: Hidden Code [Driver: vax347s, IRP_MJ_CLOSE]
Process: System Address: 0x86e3bb40 Size: 99

Object: Hidden Code [Driver: vax347s, IRP_MJ_READ]
Process: System Address: 0x86e3bb40 Size: 99

Object: Hidden Code [Driver: vax347s, IRP_MJ_WRITE]
Process: System Address: 0x86e3bb40 Size: 99

Object: Hidden Code [Driver: vax347s, IRP_MJ_QUERY_INFORMATION]
Process: System Address: 0x86e3bb40 Size: 99

Object: Hidden Code [Driver: vax347s, IRP_MJ_SET_INFORMATION]
Process: System Address: 0x86e3bb40 Size: 99

Object: Hidden Code [Driver: vax347s, IRP_MJ_QUERY_EA]
Process: System Address: 0x86e3bb40 Size: 99

Object: Hidden Code [Driver: vax347s, IRP_MJ_SET_EA]
Process: System Address: 0x86e3bb40 Size: 99

Object: Hidden Code [Driver: vax347s, IRP_MJ_FLUSH_BUFFERS]
Process: System Address: 0x86e3bb40 Size: 99

Object: Hidden Code [Driver: vax347s, IRP_MJ_QUERY_VOLUME_INFORMATION]
Process: System Address: 0x86e3bb40 Size: 99

Object: Hidden Code [Driver: vax347s, IRP_MJ_SET_VOLUME_INFORMATION]
Process: System Address: 0x86e3bb40 Size: 99

Object: Hidden Code [Driver: vax347s, IRP_MJ_DIRECTORY_CONTROL]
Process: System Address: 0x86e3bb40 Size: 99

Object: Hidden Code [Driver: vax347s, IRP_MJ_FILE_SYSTEM_CONTROL]
Process: System Address: 0x86e3bb40 Size: 99

Object: Hidden Code [Driver: vax347s, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x86e3bb40 Size: 99

Object: Hidden Code [Driver: vax347s, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x86e3bb40 Size: 99

Object: Hidden Code [Driver: vax347s, IRP_MJ_SHUTDOWN]
Process: System Address: 0x86e3bb40 Size: 99

Object: Hidden Code [Driver: vax347s, IRP_MJ_LOCK_CONTROL]
Process: System Address: 0x86e3bb40 Size: 99

Object: Hidden Code [Driver: vax347s, IRP_MJ_CLEANUP]
Process: System Address: 0x86e3bb40 Size: 99

Object: Hidden Code [Driver: vax347s, IRP_MJ_CREATE_MAILSLOT]
Process: System Address: 0x86e3bb40 Size: 99

Object: Hidden Code [Driver: vax347s, IRP_MJ_QUERY_SECURITY]
Process: System Address: 0x86e3bb40 Size: 99

Object: Hidden Code [Driver: vax347s, IRP_MJ_SET_SECURITY]
Process: System Address: 0x86e3bb40 Size: 99

Object: Hidden Code [Driver: vax347s, IRP_MJ_POWER]
Process: System Address: 0x86e3bb40 Size: 99

Object: Hidden Code [Driver: vax347s, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x86e3bb40 Size: 99

Object: Hidden Code [Driver: vax347s, IRP_MJ_DEVICE_CHANGE]
Process: System Address: 0x86e3bb40 Size: 99

Object: Hidden Code [Driver: vax347s, IRP_MJ_QUERY_QUOTA]
Process: System Address: 0x86e3bb40 Size: 99

Object: Hidden Code [Driver: vax347s, IRP_MJ_SET_QUOTA]
Process: System Address: 0x86e3bb40 Size: 99

Object: Hidden Code [Driver: vax347s, IRP_MJ_PNP]
Process: System Address: 0x86e3bb40 Size: 99

Object: Hidden Code [Driver: NetBT, IRP_MJ_CREATE]
Process: System Address: 0x86f461f8 Size: 121

Object: Hidden Code [Driver: NetBT, IRP_MJ_CLOSE]
Process: System Address: 0x86f461f8 Size: 121

Object: Hidden Code [Driver: NetBT, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x86f461f8 Size: 121

Object: Hidden Code [Driver: NetBT, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x86f461f8 Size: 121

Object: Hidden Code [Driver: NetBT, IRP_MJ_CLEANUP]
Process: System Address: 0x86f461f8 Size: 121

Object: Hidden Code [Driver: NetBT, IRP_MJ_PNP]
Process: System Address: 0x86f461f8 Size: 121

Object: Hidden Code [Driver: usbehci, IRP_MJ_CREATE]
Process: System Address: 0x87088500 Size: 121

Object: Hidden Code [Driver: usbehci, IRP_MJ_CLOSE]
Process: System Address: 0x87088500 Size: 121

Object: Hidden Code [Driver: usbehci, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x87088500 Size: 121

Object: Hidden Code [Driver: usbehci, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x87088500 Size: 121

Object: Hidden Code [Driver: usbehci, IRP_MJ_POWER]
Process: System Address: 0x87088500 Size: 121

Object: Hidden Code [Driver: usbehci, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x87088500 Size: 121

Object: Hidden Code [Driver: usbehci, IRP_MJ_PNP]
Process: System Address: 0x87088500 Size: 121

Object: Hidden Code [Driver: Rdbss, IRP_MJ_READ]
Process: System Address: 0x86c9e250 Size: 11

Object: Hidden Code [Driver: Srv, IRP_MJ_READ]
Process: System Address: 0x8672b0b8 Size: 11

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_CREATE]
Process: System Address: 0x86d12500 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_CREATE_NAMED_PIPE]
Process: System Address: 0x86d12500 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_CLOSE]
Process: System Address: 0x86d12500 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_READ]
Process: System Address: 0x870dcfb0 Size: 11

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_WRITE]
Process: System Address: 0x86d12500 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_QUERY_INFORMATION]
Process: System Address: 0x86d12500 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SET_INFORMATION]
Process: System Address: 0x86d12500 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_QUERY_EA]
Process: System Address: 0x86d12500 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SET_EA]
Process: System Address: 0x86d12500 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_FLUSH_BUFFERS]
Process: System Address: 0x86d12500 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_QUERY_VOLUME_INFORMATION]
Process: System Address: 0x86d12500 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SET_VOLUME_INFORMATION]
Process: System Address: 0x86d12500 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_DIRECTORY_CONTROL]
Process: System Address: 0x86d12500 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_FILE_SYSTEM_CONTROL]
Process: System Address: 0x86d12500 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x86d12500 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x86d12500 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SHUTDOWN]
Process: System Address: 0x86d12500 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_LOCK_CONTROL]
Process: System Address: 0x86d12500 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_CLEANUP]
Process: System Address: 0x86d12500 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_CREATE_MAILSLOT]
Process: System Address: 0x86d12500 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_QUERY_SECURITY]
Process: System Address: 0x86d12500 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SET_SECURITY]
Process: System Address: 0x86d12500 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_POWER]
Process: System Address: 0x86d12500 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x86d12500 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_DEVICE_CHANGE]
Process: System Address: 0x86d12500 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_QUERY_QUOTA]
Process: System Address: 0x86d12500 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SET_QUOTA]
Process: System Address: 0x86d12500 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_PNP]
Process: System Address: 0x86d12500 Size: 121

Object: Hidden Code [Driver: Quar, IRP_MJ_READ]
Process: System Address: 0x86fedeb8 Size: 11

Object: Hidden Code [Driver: Msfsࠅ఍晌⁳髨귐귘, IRP_MJ_READ]
Process: System Address: 0x86feb0f8 Size: 11

Object: Hidden Code [Driver: Fs_Rec, IRP_MJ_READ]
Process: System Address: 0x86fed6b8 Size: 11

Object: Hidden Code [Driver: Cdfsࠅఏ灇敦官, IRP_MJ_CREATE]
Process: System Address: 0x86d3c1f8 Size: 121

Object: Hidden Code [Driver: Cdfsࠅఏ灇敦官, IRP_MJ_CLOSE]
Process: System Address: 0x86d3c1f8 Size: 121

Object: Hidden Code [Driver: Cdfsࠅఏ灇敦官, IRP_MJ_READ]
Process: System Address: 0x86954890 Size: 11

Object: Hidden Code [Driver: Cdfsࠅఏ灇敦官, IRP_MJ_QUERY_INFORMATION]
Process: System Address: 0x86d3c1f8 Size: 121

Object: Hidden Code [Driver: Cdfsࠅఏ灇敦官, IRP_MJ_SET_INFORMATION]
Process: System Address: 0x86d3c1f8 Size: 121

Object: Hidden Code [Driver: Cdfsࠅఏ灇敦官, IRP_MJ_QUERY_VOLUME_INFORMATION]
Process: System Address: 0x86d3c1f8 Size: 121

Object: Hidden Code [Driver: Cdfsࠅఏ灇敦官, IRP_MJ_DIRECTORY_CONTROL]
Process: System Address: 0x86d3c1f8 Size: 121

Object: Hidden Code [Driver: Cdfsࠅఏ灇敦官, IRP_MJ_FILE_SYSTEM_CONTROL]
Process: System Address: 0x86d3c1f8 Size: 121

Object: Hidden Code [Driver: Cdfsࠅఏ灇敦官, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x86d3c1f8 Size: 121

Object: Hidden Code [Driver: Cdfsࠅఏ灇敦官, IRP_MJ_SHUTDOWN]
Process: System Address: 0x86d3c1f8 Size: 121

Object: Hidden Code [Driver: Cdfsࠅఏ灇敦官, IRP_MJ_LOCK_CONTROL]
Process: System Address: 0x86d3c1f8 Size: 121

Object: Hidden Code [Driver: Cdfsࠅఏ灇敦官, IRP_MJ_CLEANUP]
Process: System Address: 0x86d3c1f8 Size: 121

Object: Hidden Code [Driver: Cdfsࠅఏ灇敦官, IRP_MJ_PNP]
Process: System Address: 0x86d3c1f8 Size: 121

==EOF==

28.01.2010, 03:20

Swisstreasure

Moderator

Beiträge: 5694

#32 Schritt 1

Scan mit SystemLook

Lade SystemLook von jpshortstuff von einem der folgenden Spiegel herunter und speichere das Tool auf dem Desktop.

Download Mirror #1 - Download Mirror #2

• Doppelklick auf die SystemLook.exe, um das Tool zu starten.
Vista-User mit Rechtsklick und als Administrator starten.
• Kopiere den Inhalt der folgenden Codebox in das Textfeld des Tools:

Code

:dir
c:\windows\temp\sqlite_3uy9rvgnzgkbfnc

:filefind
sqlite_3uy9rvgnzgkbfnc

:regfind
sqlite_3uy9rvgnzgkbfnc

• Klicke nun auf den Button Look, um den Scan zu starten.
• Wenn der Suchlauf beendet ist, wird sich Dein Editor mit den Ergebnissen öffnen, diese hier in den Thread posten.
• Die Ergebnisse werden auf dem Desktop als SystemLook.txt gespeichert.

Schritt 2

F-Secure Onlinescanner
Bitte während der Online-Scans evtl. vorhandene externe Festplatten einschalten! Bitte während der Scans alle Hintergrundwächter (Anti-Virus-Programm, Firewall, Skriptblocking und ähnliches) abstellen und nicht vergessen, alles hinterher wieder einzuschalten.
• Unterstützte Betriebssysteme: Windows 2000, Windows XP und Windows Vista (32bit)
• Bitte den Internet Explorer unbedingt mit Rechtsklick auf das Icon und als Administrator starten.
• Einen Haken bei "I have read and accepted the license terms".
• Den Button "Install" drücken.
• IE-User müssen die Installation des ActiveX Elements erlauben und auf "Installieren" klicken.
• Firefox-User müssen die Installation des Firefox Addons erlauben und anschließend den Firefox neu starten.
• Den Button "Start" drücken.
• "Full Scan" einstellen und den Button "Start" drücken.
• Die Signaturen werden heruntergeladen.
• Der Scan beginnt automatisch.
• Scanende (Finish).
• Bei Funden benutze => Automatische Bereinigung (Automatically)
• und klicke auf den Button "Next".
• Bericht anzeigen, indem Du auf den Button "Full report" klickst.
• Menü => Datei => Seite speichern unter
• Dateityp auf Textdatei umstellen und
• auf dem Desktop als f-secure.txtspeichern.
• Log hier posten.Deinstallation
• Firefox:
Addon über Extras => F-Secure deinstallieren.
• Internet Explorer:
mit HJT folgenden Eintrag fixen:
O16 - DPF: {BDBDE413-7B1C-4V68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3)

Bestehen noch Probleme?

02.02.2010, 00:13

KingK

Member

Themenstarter

Beiträge: 68

#33 SystemLook v1.0 by jpshortstuff (11.01.10)
Log created at 00:13 on 02/02/2010 by Kefel (Administrator - Elevation successful)

========== dir ==========

c:\windows\temp\sqlite_3uy9rvgnzgkbfnc - Unable to find folder.

========== filefind ==========

Searching for "sqlite_3uy9rvgnzgkbfnc"
No files found.

========== regfind ==========

Searching for "sqlite_3uy9rvgnzgkbfnc"
No data found.

-=End Of File=-

02.02.2010, 15:51

Swisstreasure

Moderator

Beiträge: 5694

#34 Und was meint FSecure?

Um auf dieses Thema zu ANTWORTEN
bitte erst » hier kostenlos registrieren!!

Folgende Themen könnten Dich auch interessieren:

Seite(n): 1 2 3