Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: RootRepeal

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.

Antwort
Alt 08.01.2010, 10:07   #1
Franky007
 
RootRepeal - Standard

RootRepeal



so. spybot hat im abgesicherten Modus Fraud.Malware Defense gefunden.
nun wurde leuten, die das selbe problem haben empfohlen: RootRepeal.exe auszuführen (entpackende Datei).

könnte einer das durchchecken?

ROOTREPEAL (c) AD, 2007-2009
==================================================
Scan Start Time: 2010/01/08 10:54
Program Version: Version 1.3.5.0
Windows Version: Windows Vista SP2
==================================================

Drivers
-------------------
Name: dump_atapi.sys
Image Path: C:\Windows\System32\Drivers\dump_atapi.sys
Address: 0x8E1F6000 Size: 32768 File Visible: No Signed: -
Status: -

Name: dump_dumpata.sys
Image Path: C:\Windows\System32\Drivers\dump_dumpata.sys
Address: 0x8E1EB000 Size: 45056 File Visible: No Signed: -
Status: -

Name: rootrepeal.sys
Image Path: C:\Windows\system32\drivers\rootrepeal.sys
Address: 0xA3824000 Size: 49152 File Visible: No Signed: -
Status: -

Name: spsx.sys
Image Path: C:\Windows\System32\Drivers\spsx.sys
Address: 0x80697000 Size: 995328 File Visible: No Signed: -
Status: -

Name: sptd
Image Path: \Driver\sptd
Address: 0x00000000 Size: 0 File Visible: No Signed: -
Status: -

Hidden/Locked Files
-------------------
Path: C:\hiberfil.sys
Status: Locked to the Windows API!

Path: C:\System Volume Information\{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{40aedc7f-e36c-11de-9faf-e780066ef5ae}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.4.20.microsoft.msxml2_6bd6b9abf345378f_4.20.9876.0_none_a6e4a7980e9b18a2.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.atl_1fc8b3b9a1e18e3b_8.0.50727.762_none_11ecb0ab9b2caf3c.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.21022.8_none_bcb86ed6ac711f91.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.msxml2_6bd6b9abf345378f_4.20.9876.0_none_b7e610287b2b4ea5.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.762_none_0c178a139ee2a7ed.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.mfcloc_1fc8b3b9a1e18e3b_8.0.50727.42_none_58843c41d2730d3f.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.42_none_5c4003bc63e949f6.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.openmp_1fc8b3b9a1e18e3b_8.0.50727.762_none_7b33aa7d218504d2.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.mfcloc_1fc8b3b9a1e18e3b_8.0.50727.42_none_0e9c2a8d74fd3ce6.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.atl_1fc8b3b9a1e18e3b_8.0.50727.42_none_dc990e4797f81af1.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.9.0.microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.21022.8_none_60a5df56e60dc5df.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.msxml2_6bd6b9abf345378f_4.20.9818.0_none_b7e811947b297f6d.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.flightsimulator.simconnect_67c7c14424d61b5b_10.0.61242.0_none_e079b46b85043c20.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.openmp_1fc8b3b9a1e18e3b_8.0.50727.42_none_7658964504b9f3b6.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.openmp_1fc8b3b9a1e18e3b_8.0.50727.762_none_abac38a907ee8801.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.4.20.microsoft.msxml2_6bd6b9abf345378f_4.20.9870.0_none_a6dea5dc0ea08098.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.762_none_10b2f55f9bffb8f8.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.762_none_8a14c0566bec5b24.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.42_none_db5f52fb98cb24ad.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.msxml2r_6bd6b9abf345378f_4.1.0.0_none_3658456fda6654f6.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.msxml2_6bd6b9abf345378f_4.20.9841.0_none_b7e10f227b2fceff.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.42_none_54c11df268b7c6d9.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.atl_1fc8b3b9a1e18e3b_8.0.50727.42_none_58b19c2866332652.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4053_none_d08d7da0442a985d.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.762_none_9193a620671dde41.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4053_none_516e2e610f48bda6.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.42_none_d6c3e7af9bae13a2.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.mfcloc_1fc8b3b9a1e18e3b_8.0.50727.762_none_43efccf17831d131.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.flightsimulator.simconnect_67c7c14424d61b5b_10.0.61259.0_none_55f5ecdc14f60568.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.atl_1fc8b3b9a1e18e3b_8.0.50727.762_none_8e053e8c6967ba9d.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.mfcloc_1fc8b3b9a1e18e3b_8.0.50727.762_none_8dd7dea5d5a7a18a.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.flightsimulator.simconnect_67c7c14424d61b5b_10.0.60905.0_none_dd92b94d8a196297.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.4.1.microsoft.msxml2r_6bd6b9abf345378f_4.1.1.0_none_8b7b15c031cda6db.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.4.20.microsoft.msxml2_6bd6b9abf345378f_4.20.9841.0_none_a6dfa6920e9f98fc.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.msxml2_6bd6b9abf345378f_4.20.9870.0_none_b7e00e6c7b30b69b.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.msxml2_6bd6b9abf345378f_4.1.0.0_none_6c030d6fdc86522c.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.openmp_1fc8b3b9a1e18e3b_8.0.50727.42_none_45e008191e507087.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.msxml2r_6bd6b9abf345378f_4.1.1.0_none_365945b9da656e4d.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-m..-downlevelmanifests_31bf3856ad364e35_6.0.6002.18005_none_04642e8a80bb8b27\MI2095~1.MAN
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-m..-downlevelmanifests_31bf3856ad364e35_6.0.6002.18005_none_04642e8a80bb8b27\MIC237~1.MAN
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-s..ent-sku-homepremium_31bf3856ad364e35_6.0.6002.18005_none_3d90d406f6a60fcd\SE4BA2~1.XRM
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-s..ent-sku-homepremium_31bf3856ad364e35_6.0.6002.18005_none_3d90d406f6a60fcd\SE5F3C~1.XRM
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-s..ent-sku-homepremium_31bf3856ad364e35_6.0.6002.18005_none_3d90d406f6a60fcd\SE6DB5~1.XRM
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-s..ent-sku-homepremium_31bf3856ad364e35_6.0.6002.18005_none_3d90d406f6a60fcd\SE9AEB~1.XRM
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-s..ent-sku-homepremium_31bf3856ad364e35_6.0.6002.18005_none_3d90d406f6a60fcd\SE9942~1.XRM
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-s..ent-sku-homepremium_31bf3856ad364e35_6.0.6002.18005_none_3d90d406f6a60fcd\SE3B5D~1.XRM
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-s..ent-sku-homepremium_31bf3856ad364e35_6.0.6002.18005_none_3d90d406f6a60fcd\SE54EE~1.XRM
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-s..ent-sku-homepremium_31bf3856ad364e35_6.0.6002.18005_none_3d90d406f6a60fcd\SE5DF7~1.XRM
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_policy.1.2.microsof..op.security.azroles_31bf3856ad364e35_6.0.6000.16386_none_ea83414c2e75b887\Microsoft.Interop.Security.AzRole s.config
Status: Locked to the Windows API!

Path: C:\Windows\System32\migwiz\dlmanifests\MIC237~1.MAN
Status: Locked to the Windows API!

Path: C:\Windows\System32\migwiz\dlmanifests\MI2095~1.MAN
Status: Locked to the Windows API!

Path: c:\programdata\electronic arts\eadm\cache\logs\core.html
Status: Allocation size mismatch (API: 32768, Raw: 16384)

Path: C:\Windows\assembly\GAC_32\Policy.1.2.Microsoft.Interop.Security.AzRoles\6.0.6000.16386__31bf3856ad364e35\Microsoft.Interop.Security.AzRoles.config
Status: Locked to the Windows API!

Path: C:\Windows\System32\licensing\skus\Security-Licensing-SLC-Component-SKU-HomePremium\SE3B5D~1.XRM
Status: Locked to the Windows API!

Path: C:\Windows\System32\licensing\skus\Security-Licensing-SLC-Component-SKU-HomePremium\SE5DF7~1.XRM
Status: Locked to the Windows API!

Path: C:\Windows\System32\licensing\skus\Security-Licensing-SLC-Component-SKU-HomePremium\SE9942~1.XRM
Status: Locked to the Windows API!

Path: C:\Windows\System32\licensing\skus\Security-Licensing-SLC-Component-SKU-HomePremium\SE4BA2~1.XRM
Status: Locked to the Windows API!

Path: C:\Windows\System32\licensing\skus\Security-Licensing-SLC-Component-SKU-HomePremium\SE5F3C~1.XRM
Status: Locked to the Windows API!

Path: C:\Windows\System32\licensing\skus\Security-Licensing-SLC-Component-SKU-HomePremium\SE6DB5~1.XRM
Status: Locked to the Windows API!

Path: C:\Windows\System32\licensing\skus\Security-Licensing-SLC-Component-SKU-HomePremium\SE54EE~1.XRM
Status: Locked to the Windows API!

Path: C:\Windows\System32\licensing\skus\Security-Licensing-SLC-Component-SKU-HomePremium\SE9AEB~1.XRM
Status: Locked to the Windows API!

Path: c:\users\fabian\appdata\roaming\mozilla\firefox\profiles\5c4l27bs.default\cookies.sqlite-journal
Status: Allocation size mismatch (API: 32768, Raw: 0)

Processes
-------------------
Path: System
PID: 4 Status: Locked to the Windows API!

Path: C:\Windows\System32\audiodg.exe
PID: 1240 Status: Locked to the Windows API!

Stealth Objects
-------------------
Object: Hidden Code [Driver: Ntfs, IRP_MJ_CREATE]
Process: System Address: 0x84d201f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_CLOSE]
Process: System Address: 0x84d201f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_READ]
Process: System Address: 0x84d201f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_WRITE]
Process: System Address: 0x84d201f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_INFORMATION]
Process: System Address: 0x84d201f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_INFORMATION]
Process: System Address: 0x84d201f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_EA]
Process: System Address: 0x84d201f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_EA]
Process: System Address: 0x84d201f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_FLUSH_BUFFERS]
Process: System Address: 0x84d201f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_VOLUME_INFORMATION]
Process: System Address: 0x84d201f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_VOLUME_INFORMATION]
Process: System Address: 0x84d201f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_DIRECTORY_CONTROL]
Process: System Address: 0x84d201f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_FILE_SYSTEM_CONTROL]
Process: System Address: 0x84d201f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x84d201f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SHUTDOWN]
Process: System Address: 0x84d201f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_LOCK_CONTROL]
Process: System Address: 0x84d201f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_CLEANUP]
Process: System Address: 0x84d201f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_SECURITY]
Process: System Address: 0x84d201f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_SECURITY]
Process: System Address: 0x84d201f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_QUOTA]
Process: System Address: 0x84d201f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_QUOTA]
Process: System Address: 0x84d201f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_PNP]
Process: System Address: 0x84d201f8 Size: 121

Object: Hidden Code [Driver: aqcjgt7j捅牃Ъ浍楃긘誹ᴴ蘾⯼蓫, IRP_MJ_CREATE]
Process: System Address: 0x863e0500 Size: 121

Object: Hidden Code [Driver: aqcjgt7j捅牃Ъ浍楃긘誹ᴴ蘾⯼蓫, IRP_MJ_CLOSE]
Process: System Address: 0x863e0500 Size: 121

Object: Hidden Code [Driver: aqcjgt7j捅牃Ъ浍楃긘誹ᴴ蘾⯼蓫, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x863e0500 Size: 121

Object: Hidden Code [Driver: aqcjgt7j捅牃Ъ浍楃긘誹ᴴ蘾⯼蓫, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x863e0500 Size: 121

Object: Hidden Code [Driver: aqcjgt7j捅牃Ъ浍楃긘誹ᴴ蘾⯼蓫, IRP_MJ_POWER]
Process: System Address: 0x863e0500 Size: 121

Object: Hidden Code [Driver: aqcjgt7j捅牃Ъ浍楃긘誹ᴴ蘾⯼蓫, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x863e0500 Size: 121

Object: Hidden Code [Driver: aqcjgt7j捅牃Ъ浍楃긘誹ᴴ蘾⯼蓫, IRP_MJ_PNP]
Process: System Address: 0x863e0500 Size: 121

Object: Hidden Code [Driver: cdromi, IRP_MJ_CREATE]
Process: System Address: 0x862881f8 Size: 121

Object: Hidden Code [Driver: cdromi, IRP_MJ_CLOSE]
Process: System Address: 0x862881f8 Size: 121

Object: Hidden Code [Driver: cdromi, IRP_MJ_READ]
Process: System Address: 0x862881f8 Size: 121

Object: Hidden Code [Driver: cdromi, IRP_MJ_WRITE]
Process: System Address: 0x862881f8 Size: 121

Object: Hidden Code [Driver: cdromi, IRP_MJ_FLUSH_BUFFERS]
Process: System Address: 0x862881f8 Size: 121

Object: Hidden Code [Driver: cdromi, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x862881f8 Size: 121

Object: Hidden Code [Driver: cdromi, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x862881f8 Size: 121

Object: Hidden Code [Driver: cdromi, IRP_MJ_SHUTDOWN]
Process: System Address: 0x862881f8 Size: 121

Object: Hidden Code [Driver: cdromi, IRP_MJ_POWER]
Process: System Address: 0x862881f8 Size: 121

Object: Hidden Code [Driver: cdromi, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x862881f8 Size: 121

Object: Hidden Code [Driver: cdromi, IRP_MJ_PNP]
Process: System Address: 0x862881f8 Size: 121

Object: Hidden Code [Driver: atapi, IRP_MJ_CREATE]
Process: System Address: 0x84d1f1f8 Size: 121

Object: Hidden Code [Driver: atapi, IRP_MJ_CLOSE]
Process: System Address: 0x84d1f1f8 Size: 121

Object: Hidden Code [Driver: atapi, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x84d1f1f8 Size: 121

Object: Hidden Code [Driver: atapi, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x84d1f1f8 Size: 121

Object: Hidden Code [Driver: atapi, IRP_MJ_POWER]
Process: System Address: 0x84d1f1f8 Size: 121

Object: Hidden Code [Driver: atapi, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x84d1f1f8 Size: 121

Object: Hidden Code [Driver: atapi, IRP_MJ_PNP]
Process: System Address: 0x84d1f1f8 Size: 121

Object: Hidden Code [Driver: USBSTOR, IRP_MJ_CREATE]
Process: System Address: 0x86769500 Size: 121

Object: Hidden Code [Driver: USBSTOR, IRP_MJ_CLOSE]
Process: System Address: 0x86769500 Size: 121

Object: Hidden Code [Driver: USBSTOR, IRP_MJ_READ]
Process: System Address: 0x86769500 Size: 121

Object: Hidden Code [Driver: USBSTOR, IRP_MJ_WRITE]
Process: System Address: 0x86769500 Size: 121

Object: Hidden Code [Driver: USBSTOR, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x86769500 Size: 121

Object: Hidden Code [Driver: USBSTOR, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x86769500 Size: 121

Object: Hidden Code [Driver: USBSTOR, IRP_MJ_POWER]
Process: System Address: 0x86769500 Size: 121

Object: Hidden Code [Driver: USBSTOR, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x86769500 Size: 121

Object: Hidden Code [Driver: USBSTOR, IRP_MJ_PNP]
Process: System Address: 0x86769500 Size: 121

Object: Hidden Code [Driver: usbuhci, IRP_MJ_CREATE]
Process: System Address: 0x862851f8 Size: 121

Object: Hidden Code [Driver: usbuhci, IRP_MJ_CLOSE]
Process: System Address: 0x862851f8 Size: 121

Object: Hidden Code [Driver: usbuhci, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x862851f8 Size: 121

Object: Hidden Code [Driver: usbuhci, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x862851f8 Size: 121

Object: Hidden Code [Driver: usbuhci, IRP_MJ_POWER]
Process: System Address: 0x862851f8 Size: 121

Object: Hidden Code [Driver: usbuhci, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x862851f8 Size: 121

Object: Hidden Code [Driver: usbuhci, IRP_MJ_PNP]
Process: System Address: 0x862851f8 Size: 121

Object: Hidden Code [Driver: Smb, IRP_MJ_CREATE]
Process: System Address: 0x865621f8 Size: 121

Object: Hidden Code [Driver: Smb, IRP_MJ_CLOSE]
Process: System Address: 0x865621f8 Size: 121

Object: Hidden Code [Driver: Smb, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x865621f8 Size: 121

Object: Hidden Code [Driver: Smb, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x865621f8 Size: 121

Object: Hidden Code [Driver: Smb, IRP_MJ_CLEANUP]
Process: System Address: 0x865621f8 Size: 121

Object: Hidden Code [Driver: Smb, IRP_MJ_PNP]
Process: System Address: 0x865621f8 Size: 121

Object: Hidden Code [Driver: netbt, IRP_MJ_CREATE]
Process: System Address: 0x865cf1f8 Size: 121

Object: Hidden Code [Driver: netbt, IRP_MJ_CLOSE]
Process: System Address: 0x865cf1f8 Size: 121

Object: Hidden Code [Driver: netbt, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x865cf1f8 Size: 121

Object: Hidden Code [Driver: netbt, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x865cf1f8 Size: 121

Object: Hidden Code [Driver: netbt, IRP_MJ_CLEANUP]
Process: System Address: 0x865cf1f8 Size: 121

Object: Hidden Code [Driver: netbt, IRP_MJ_PNP]
Process: System Address: 0x865cf1f8 Size: 121

Object: Hidden Code [Driver: iScsiPrtП牄幨誥赡, IRP_MJ_CREATE]
Process: System Address: 0x8631b1f8 Size: 121

Object: Hidden Code [Driver: iScsiPrtП牄幨誥赡, IRP_MJ_CLOSE]
Process: System Address: 0x8631b1f8 Size: 121

Object: Hidden Code [Driver: iScsiPrtП牄幨誥赡, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x8631b1f8 Size: 121

Object: Hidden Code [Driver: iScsiPrtП牄幨誥赡, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x8631b1f8 Size: 121

Object: Hidden Code [Driver: iScsiPrtП牄幨誥赡, IRP_MJ_POWER]
Process: System Address: 0x8631b1f8 Size: 121

Object: Hidden Code [Driver: iScsiPrtП牄幨誥赡, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x8631b1f8 Size: 121

Object: Hidden Code [Driver: iScsiPrtП牄幨誥赡, IRP_MJ_PNP]
Process: System Address: 0x8631b1f8 Size: 121

Object: Hidden Code [Driver: volmgr, IRP_MJ_CREATE]
Process: System Address: 0x84d1d1f8 Size: 121

Object: Hidden Code [Driver: volmgr, IRP_MJ_READ]
Process: System Address: 0x84d1d1f8 Size: 121

Object: Hidden Code [Driver: volmgr, IRP_MJ_WRITE]
Process: System Address: 0x84d1d1f8 Size: 121

Object: Hidden Code [Driver: volmgr, IRP_MJ_FLUSH_BUFFERS]
Process: System Address: 0x84d1d1f8 Size: 121

Object: Hidden Code [Driver: volmgr, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x84d1d1f8 Size: 121

Object: Hidden Code [Driver: volmgr, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x84d1d1f8 Size: 121

Object: Hidden Code [Driver: volmgr, IRP_MJ_SHUTDOWN]
Process: System Address: 0x84d1d1f8 Size: 121

Object: Hidden Code [Driver: volmgr, IRP_MJ_CLEANUP]
Process: System Address: 0x84d1d1f8 Size: 121

Object: Hidden Code [Driver: volmgr, IRP_MJ_POWER]
Process: System Address: 0x84d1d1f8 Size: 121

Object: Hidden Code [Driver: volmgr, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x84d1d1f8 Size: 121

Object: Hidden Code [Driver: volmgr, IRP_MJ_PNP]
Process: System Address: 0x84d1d1f8 Size: 121

Object: Hidden Code [Driver: usbehci, IRP_MJ_CREATE]
Process: System Address: 0x862821f8 Size: 121

Object: Hidden Code [Driver: usbehci, IRP_MJ_CLOSE]
Process: System Address: 0x862821f8 Size: 121

Object: Hidden Code [Driver: usbehci, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x862821f8 Size: 121

Object: Hidden Code [Driver: usbehci, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x862821f8 Size: 121

Object: Hidden Code [Driver: usbehci, IRP_MJ_POWER]
Process: System Address: 0x862821f8 Size: 121

Object: Hidden Code [Driver: usbehci, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x862821f8 Size: 121

Object: Hidden Code [Driver: usbehci, IRP_MJ_PNP]
Process: System Address: 0x862821f8 Size: 121

Object: Hidden Code [Driver: mrxsmb룸蛍Е畍捆焈œ, IRP_MJ_CREATE]
Process: System Address: 0x86cb71f8 Size: 121

Object: Hidden Code [Driver: mrxsmb룸蛍Е畍捆焈œ, IRP_MJ_CREATE_NAMED_PIPE]
Process: System Address: 0x86cb71f8 Size: 121

Object: Hidden Code [Driver: mrxsmb룸蛍Е畍捆焈œ, IRP_MJ_CLOSE]
Process: System Address: 0x86cb71f8 Size: 121

Object: Hidden Code [Driver: mrxsmb룸蛍Е畍捆焈œ, IRP_MJ_READ]
Process: System Address: 0x86cb71f8 Size: 121

Object: Hidden Code [Driver: mrxsmb룸蛍Е畍捆焈œ, IRP_MJ_WRITE]
Process: System Address: 0x86cb71f8 Size: 121

Object: Hidden Code [Driver: mrxsmb룸蛍Е畍捆焈œ, IRP_MJ_QUERY_INFORMATION]
Process: System Address: 0x86cb71f8 Size: 121

Object: Hidden Code [Driver: mrxsmb룸蛍Е畍捆焈œ, IRP_MJ_SET_INFORMATION]
Process: System Address: 0x86cb71f8 Size: 121

Object: Hidden Code [Driver: mrxsmb룸蛍Е畍捆焈œ, IRP_MJ_QUERY_EA]
Process: System Address: 0x86cb71f8 Size: 121

Object: Hidden Code [Driver: mrxsmb룸蛍Е畍捆焈œ, IRP_MJ_SET_EA]
Process: System Address: 0x86cb71f8 Size: 121

Object: Hidden Code [Driver: mrxsmb룸蛍Е畍捆焈œ, IRP_MJ_FLUSH_BUFFERS]
Process: System Address: 0x86cb71f8 Size: 121

Object: Hidden Code [Driver: mrxsmb룸蛍Е畍捆焈œ, IRP_MJ_QUERY_VOLUME_INFORMATION]
Process: System Address: 0x86cb71f8 Size: 121

Object: Hidden Code [Driver: mrxsmb룸蛍Е畍捆焈œ, IRP_MJ_SET_VOLUME_INFORMATION]
Process: System Address: 0x86cb71f8 Size: 121

Object: Hidden Code [Driver: mrxsmb룸蛍Е畍捆焈œ, IRP_MJ_DIRECTORY_CONTROL]
Process: System Address: 0x86cb71f8 Size: 121

Object: Hidden Code [Driver: mrxsmb룸蛍Е畍捆焈œ, IRP_MJ_FILE_SYSTEM_CONTROL]
Process: System Address: 0x86cb71f8 Size: 121

Object: Hidden Code [Driver: mrxsmb룸蛍Е畍捆焈œ, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x86cb71f8 Size: 121

Object: Hidden Code [Driver: mrxsmb룸蛍Е畍捆焈œ, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x86cb71f8 Size: 121

Object: Hidden Code [Driver: mrxsmb룸蛍Е畍捆焈œ, IRP_MJ_SHUTDOWN]
Process: System Address: 0x86cb71f8 Size: 121

Object: Hidden Code [Driver: mrxsmb룸蛍Е畍捆焈œ, IRP_MJ_LOCK_CONTROL]
Process: System Address: 0x86cb71f8 Size: 121

Object: Hidden Code [Driver: mrxsmb룸蛍Е畍捆焈œ, IRP_MJ_CLEANUP]
Process: System Address: 0x86cb71f8 Size: 121

Object: Hidden Code [Driver: mrxsmb룸蛍Е畍捆焈œ, IRP_MJ_CREATE_MAILSLOT]
Process: System Address: 0x86cb71f8 Size: 121

Object: Hidden Code [Driver: mrxsmb룸蛍Е畍捆焈œ, IRP_MJ_QUERY_SECURITY]
Process: System Address: 0x86cb71f8 Size: 121

Object: Hidden Code [Driver: mrxsmb룸蛍Е畍捆焈œ, IRP_MJ_SET_SECURITY]
Process: System Address: 0x86cb71f8 Size: 121

Object: Hidden Code [Driver: mrxsmb룸蛍Е畍捆焈œ, IRP_MJ_POWER]
Process: System Address: 0x86cb71f8 Size: 121

Object: Hidden Code [Driver: mrxsmb룸蛍Е畍捆焈œ, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x86cb71f8 Size: 121

Object: Hidden Code [Driver: mrxsmb룸蛍Е畍捆焈œ, IRP_MJ_DEVICE_CHANGE]
Process: System Address: 0x86cb71f8 Size: 121

Object: Hidden Code [Driver: mrxsmb룸蛍Е畍捆焈œ, IRP_MJ_QUERY_QUOTA]
Process: System Address: 0x86cb71f8 Size: 121

Object: Hidden Code [Driver: mrxsmb룸蛍Е畍捆焈œ, IRP_MJ_SET_QUOTA]
Process: System Address: 0x86cb71f8 Size: 121

Object: Hidden Code [Driver: mrxsmb룸蛍Е畍捆焈œ, IRP_MJ_PNP]
Process: System Address: 0x86cb71f8 Size: 121

Object: Hidden Code [Driver: cdfs慖⁤І癅, IRP_MJ_CREATE]
Process: System Address: 0x8754e1f8 Size: 121

Object: Hidden Code [Driver: cdfs慖⁤І癅, IRP_MJ_CLOSE]
Process: System Address: 0x8754e1f8 Size: 121

Object: Hidden Code [Driver: cdfs慖⁤І癅, IRP_MJ_READ]
Process: System Address: 0x8754e1f8 Size: 121

Object: Hidden Code [Driver: cdfs慖⁤І癅, IRP_MJ_WRITE]
Process: System Address: 0x8754e1f8 Size: 121

Object: Hidden Code [Driver: cdfs慖⁤І癅, IRP_MJ_QUERY_INFORMATION]
Process: System Address: 0x8754e1f8 Size: 121

Object: Hidden Code [Driver: cdfs慖⁤І癅, IRP_MJ_SET_INFORMATION]
Process: System Address: 0x8754e1f8 Size: 121

Object: Hidden Code [Driver: cdfs慖⁤І癅, IRP_MJ_QUERY_VOLUME_INFORMATION]
Process: System Address: 0x8754e1f8 Size: 121

Object: Hidden Code [Driver: cdfs慖⁤І癅, IRP_MJ_DIRECTORY_CONTROL]
Process: System Address: 0x8754e1f8 Size: 121

Object: Hidden Code [Driver: cdfs慖⁤І癅, IRP_MJ_FILE_SYSTEM_CONTROL]
Process: System Address: 0x8754e1f8 Size: 121

Object: Hidden Code [Driver: cdfs慖⁤І癅, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x8754e1f8 Size: 121

Object: Hidden Code [Driver: cdfs慖⁤І癅, IRP_MJ_SHUTDOWN]
Process: System Address: 0x8754e1f8 Size: 121

Object: Hidden Code [Driver: cdfs慖⁤І癅, IRP_MJ_LOCK_CONTROL]
Process: System Address: 0x8754e1f8 Size: 121

Object: Hidden Code [Driver: cdfs慖⁤І癅, IRP_MJ_CLEANUP]
Process: System Address: 0x8754e1f8 Size: 121

Object: Hidden Code [Driver: cdfs慖⁤І癅, IRP_MJ_PNP]
Process: System Address: 0x8754e1f8 Size: 121

==EOF==

Alt 10.01.2010, 13:09   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
RootRepeal - Standard

RootRepeal



Hallo und

Bitte zuerst diese Liste beachten und abarbeiten. Beim Scan mit MalwareBytes auch alle externen Speicher (ext. Platten, USB-Sticks, ... mit anklemmen!! )

Wichtig für Benutzer mit Windows Vista und Windows 7: Bitte alle Tools per Rechtsklick => Als Admin ausführen!


Die Logfiles kannst Du zB alle in eine Datei zippen und auf File-Upload.net hochladen und hier verlinken, denn 1. sind manche Logfiles fürs Board nämlich zu groß und 2. kann ich mit einem Klick mir gleich alle auf einmal runterladen.
__________________

__________________

Antwort

Themen zu RootRepeal
abgesicherten, abgesicherten modus, appdata, assembly, c:\windows, cache, code, control, datei, device, eadm, firefox, information, leute, modus, mozilla, power, problem, programdata, roaming, shutdown, spybot, start, system, system volume information, system32, version, vista, write




Zum Thema RootRepeal - so. spybot hat im abgesicherten Modus Fraud.Malware Defense gefunden. nun wurde leuten, die das selbe problem haben empfohlen: RootRepeal.exe auszuführen (entpackende Datei). könnte einer das durchchecken? ROOTREPEAL (c) AD, 2007-2009 - RootRepeal...
Archiv
Du betrachtest: RootRepeal auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.