Runtime Error - Internet-Explorer startet nicht / Taskmanager deaktiviert

Member

Beiträge: 11

#1 Hallo zusammen,

seit ein paar Tagen habe ich folgendes Problem auf meinem Laptop. Beim Versuch den Internet-Explorer bzw. Windows-Explorer zu starten, kommt die Meldung:

Runtime Error!

Programm: C:\Programme\Internet Explorer\IEXPLORE.EXE

This application has requested the Runtime to terminate it in an unusual way.
Pleas contact .......
Die gleiche Meldung kommt auch bei Windows-Explorer.

Auf dem Laptop gibt es 2 Benutzer. Die Fehlermeldung wechselt zwischen den Benutzern. Einer kann den I-Explorer aufrufen, der andere nicht.

Zusätzlich kam öfters schon beim Versuch den Taskmanager aufzurufe, die Meldung:

Der Task-Manager wurde durch den Administrator deaktiviert.

Als letztes noch folgendes merkwürdige Verhalten. Ich habe seit ein paar Tagen McAfee Virus Scan 10 installiert (rotes M in der rechten Ecke). Dieses M wird öfters von selbst schwarz (sprich deaktiviert).

Vorhin konnte ich noch nicht mal mehr auf den anderen Benutzer unter XP wechseln. Beim Versuch die Mails abzurufen, kam die Meldung: Server nicht erreichbar, aber die Netzwerkverbindung (2 Screens unten rechts zeigte Dauertraffic).

Genug geschrieben, hier kommen die Logs:

1. Hijack This

Logfile of HijackThis v1.99.1
Scan saved at 14:29:56, on 24.06.2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\System32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\Synaptics\SynTP\SynTPLpr.exe
C:\Programme\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Launch Manager\LaunchAp.exe
C:\Program Files\Launch Manager\HotkeyApp.exe
C:\Program Files\Launch Manager\CtrlVol.exe
C:\Program Files\Launch Manager\Wbutton.exe
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Programme\QuickTime\qttask.exe
C:\Programme\McAfee.com\VSO\mcvsshld.exe
C:\Programme\McAfee.com\VSO\oasclnt.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\Program Files\NETGEAR\MA521 Configuration Utility\wlancfg5.exe
c:\programme\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\winlogon.exe
C:\Programme\Internet Explorer\IEXPLORE.EXE
C:\Programme\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Downloads\# virus\hijackthis\HijackThis.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: McAfee AntiPhishing Filter - {41D68ED8-4CFF-4115-88A6-6EBB8AF19000} - c:\programme\mcafee\spamkiller\mcapfbho.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O4 - HKLM\..\Run: [SynTPLpr] C:\Programme\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Programme\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [LaunchAp] C:\Program Files\Launch Manager\LaunchAp.exe
O4 - HKLM\..\Run: [HotkeyApp] C:\Program Files\Launch Manager\HotkeyApp.exe
O4 - HKLM\..\Run: [CtrlVol] C:\Program Files\Launch Manager\CtrlVol.exe
O4 - HKLM\..\Run: [Wbutton] "C:\Program Files\Launch Manager\Wbutton.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [CloneCDTray] "C:\Programme\SlySoft\CloneCD\CloneCDTray.exe" /s
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] C:\Programme\McAfee.com\VSO\mcvsshld.exe
O4 - HKLM\..\Run: [OASClnt] C:\Programme\McAfee.com\VSO\oasclnt.exe
O4 - HKLM\..\Run: [MCAgentExe] C:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
O4 - HKLM\..\Run: [MSKDetectorExe] C:\PROGRA~1\McAfee\SPAMKI~1\MSKDetct.exe /startup
O4 - HKCU\..\Run: [MSMSGS] "C:\Programme\Messenger\msmsgs.exe" /background
O4 - Global Startup: Adobe Reader - Schnellstart.lnk = C:\Programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: MA521 Configuration Utility.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: (no name) - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\programme\mcafee\spamkiller\mcapfbho.dll
O9 - Extra 'Tools' menuitem: McAfee AntiPhishing Filter - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\programme\mcafee\spamkiller\mcapfbho.dll
O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\MSMSGS.EXE
O16 - DPF: {95BD7A59-567A-4FE1-A412-FCEC29428E42} (Toontown Installer ActiveX Control German) - http://212.185.47.24/sv1.3.14.11/ttinst-german.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: hpdj - Unknown owner - C:\DOKUME~1\Holger\LOKALE~1\Temp\hpdj.exe (file missing)
O23 - Service: hpdj3600 - Unknown owner - C:\DOKUME~1\Holger\LOKALE~1\Temp\hpdj3600.exe (file missing)
O23 - Service: License Management Service ESD - element5 - C:\Programme\Gemeinsame Dateien\element5 Shared\Service\Licence Manager ESD.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\programme\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee SpamKiller Server (MskService) - McAfee Inc. - C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Programme\TuneUp Utilities 2006\WinStylerThemeSvc.exe

2. Cleanup ausgeführt

DatFind

1.

Datentr„ger in Laufwerk C: ist Laptop_Speh
Volumeseriennummer: 9C34-8571

Verzeichnis von C:\WINDOWS\system32

22.06.2006 16:55 1.158 wpa.dbl
18.06.2006 12:03 14.848 BASSMOD.dll
09.06.2006 03:19 5.967.776 MRT.exe
26.05.2006 22:19 163.840 JGDW400.DLL
26.05.2006 15:49 1.339.904 SHDOCVW.DLL
19.05.2006 16:08 2.702.848 MSHTML.DLL
18.05.2006 08:13 458.752 jscript.dll
17.05.2006 11:23 579.888 LegitCheckControl.dll
08.05.2006 12:30 463.360 URLMON.DLL
28.04.2006 15:08 582.144 WININET.DLL
28.04.2006 10:58 12.288 JSPROXY.DLL
28.04.2006 10:57 351.744 DXTMSFT.DLL
24.04.2006 16:17 1.425.680 wmpui.dll
06.04.2006 16:15 27.648 JGPL400.DLL
03.04.2006 11:40 14.048 spmsg.dll
28.03.2006 18:59 364.068 perfh009.dat
28.03.2006 18:59 45.742 perfc009.dat
28.03.2006 18:59 371.602 perfh007.dat
28.03.2006 18:59 55.184 perfc007.dat
28.03.2006 18:59 843.576 PerfStringBackup.INI
22.03.2006 03:29 612.352 xpsp2res.dll

2.

Datentr„ger in Laufwerk C: ist Laptop_Speh
Volumeseriennummer: 9C34-8571

Verzeichnis von C:\DOKUME~1\Ute\LOKALE~1\Temp

3.

Datentr„ger in Laufwerk C: ist Laptop_Speh
Volumeseriennummer: 9C34-8571

Verzeichnis von C:\WINDOWS

24.06.2006 14:47 1.545.656 WindowsUpdate.log
24.06.2006 14:46 1.601 OEM.tmp
24.06.2006 14:45 159 wiadebug.log
24.06.2006 14:45 50 wiaservc.log
24.06.2006 14:44 0 0.log
24.06.2006 14:44 2.048 bootstat.dat
24.06.2006 14:43 32.572 SchedLgU.Txt
23.06.2006 01:01 116 NeroDigital.ini
22.06.2006 16:46 9.519 WGA.log
22.06.2006 16:46 587.826 setupapi.log
18.06.2006 12:00 737.280 iun6002.exe
17.06.2006 20:29 16.498 KB914798.log
17.06.2006 20:28 217.490 comsetup.log
17.06.2006 20:28 704.089 iis6.log
17.06.2006 20:28 31.835 tabletoc.log
17.06.2006 20:28 291.571 tsoc.log
17.06.2006 20:28 1.374 imsins.log
17.06.2006 20:28 130.084 ntdtcsetup.log
17.06.2006 20:28 9.647 KB918439-IE6SP1-20060530.145346.log
17.06.2006 20:28 108.611 netfxocm.log
17.06.2006 20:28 317.835 ocgen.log
17.06.2006 20:28 21.841 ocmsn.log
17.06.2006 20:28 30.748 msgsocm.log
17.06.2006 20:28 617.512 FaxSetup.log
17.06.2006 20:28 194.790 msmqinst.log
17.06.2006 20:28 1.374 imsins.BAK
17.06.2006 20:28 10.127 KB916281-IE6SP1-20060526.162249.log
17.06.2006 20:28 28.264 updspapi.log
17.06.2006 20:28 14.884 KB917344.log
17.06.2006 20:27 14.391 KB917953.log
17.06.2006 20:27 12.277 KB917734.log
17.06.2006 20:26 15.477 KB914389.log
16.06.2006 22:36 3.409 KB911280.log
27.05.2006 07:12 13.770 KB913580.log
13.05.2006 21:43 217.980 setupact.log
12.05.2006 22:07 15.130 KB911562.log
12.05.2006 22:07 8.034 KB912812-IE6SP1-20060322.182418.log
12.05.2006 22:06 7.268 KB911567-OE6SP1-20060316.165634.log
12.05.2006 22:06 13.337 KB908531.log
09.05.2006 10:00 17 Missing.ini
18.04.2006 00:46 3.834 ModemLog_Agere Systems AC'97 Modem.txt
17.04.2006 10:41 5.104 hpdj3600.his
17.04.2006 10:41 1.055 hpdj3600.ini

4.

Datentr„ger in Laufwerk C: ist Laptop_Speh
Volumeseriennummer: 9C34-8571

Verzeichnis von C:\

24.06.2006 14:52 0 sys.txt
24.06.2006 14:51 12.354 system.txt
24.06.2006 14:50 129 systemtemp.txt
24.06.2006 14:49 99.364 system32.txt
24.06.2006 14:44 792.723.456 pagefile.sys
15.03.2006 22:20 128.371 Maple0042.jpg
24.02.2006 23:46 11.937 hpfr3600.log
23.01.2006 21:57 261.740 ALPluginIE-1.0.2.2-setup.exe
18.01.2006 01:02 1.757.696 Montageanleitung Kronleuchter.doc

Gruss
painkiller9 8)[/b]

Dieser Beitrag wurde am 24.06.2006 um 14:53 Uhr von painkiller9 editiert.

24.06.2006, 15:57

Ehrenmitglied

Beiträge: 29434

#2 1.
Bitte nutze Gmer http://www.gmer.net/files.php . Starte es und schaue, ob es schon was meldet. Macht es das, bitte alle Fragen mit nein beantworten, auf den Reiter rootkit gehen, wiederum die Frage mit nein beantworten und mit Hilfe von copy den Bericht hier einfuegen. Meldet es so nichts, gehe auf den Reiter Rootkit und mache einen Scan. ist dieser Beendet, waehle Copy und fuege den bericht ein.

2.
poste das log vom silentrunner
http://virus-protect.org/silentrunner.html
__________
MfG Sabina

rund um die PC-Sicherheit

24.06.2006, 18:20

Member

Themenstarter

Beiträge: 11

#3 Hi,

1. Gmer hat beim ersten Lauf im unteren Fenster nichts gemeldet, deswegen hier das Log von Rootkit:

GMER 1.0.10.10122 - http://www.gmer.net
Rootkit 2006-06-24 17:47:41
Windows 5.1.2600 Service Pack 1

---- System - GMER 1.0.10 ----

SSDT a347bus.sys ZwClose
SSDT a347bus.sys ZwCreateKey
SSDT a347bus.sys ZwCreatePagingFile
SSDT a347bus.sys ZwEnumerateKey
SSDT a347bus.sys ZwEnumerateValueKey
SSDT a347bus.sys ZwOpenFile
SSDT a347bus.sys ZwOpenKey
SSDT a347bus.sys ZwQueryKey
SSDT a347bus.sys ZwQueryValueKey
SSDT a347bus.sys ZwSetSystemPowerState

---- Devices - GMER 1.0.10 ----

Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_CREATE 82BDFAD8
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_CREATE_NAMED_PIPE 82BDFAD8
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_CLOSEIRP_MJ_READ 82BDFAD8
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_WRITE 82BDFAD8
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_QUERY_INFORMATION 82BDFAD8
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SET_INFORMATION 82BDFAD8
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_QUERY_EA 82BDFAD8
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SET_EA 82BDFAD8
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_FLUSH_BUFFERS 82BDFAD8
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_QUERY_VOLUME_INFORMATION 82BDFAD8
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SET_VOLUME_INFORMATION 82BDFAD8
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_DIRECTORY_CONTROL 82BDFAD8
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_FILE_SYSTEM_CONTROL 82BDFAD8
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_DEVICE_CONTROL 82BDFAD8
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_INTERNAL_DEVICE_CONTROL 82BDFAD8
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SHUTDOWN 82BDFAD8
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_LOCK_CONTROL 82BDFAD8
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_CLEANUP 82BDFAD8
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_CREATE_MAILSLOT 82BDFAD8
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_QUERY_SECURITY 82BDFAD8
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SET_SECURITY 82BDFAD8
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_POWER 82BDFAD8
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SYSTEM_CONTROL 82BDFAD8
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_DEVICE_CHANGE 82BDFAD8
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_QUERY_QUOTA 82BDFAD8
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SET_QUOTA 82BDFAD8
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_PNP 82BDFAD8
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_PNP_POWER 82BDFAD8
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_CREATE 82BDFAD8
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_CREATE_NAMED_PIPE 82BDFAD8
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_CLOSEIRP_MJ_READ 82BDFAD8
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_WRITE 82BDFAD8
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_QUERY_INFORMATION 82BDFAD8
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SET_INFORMATION 82BDFAD8
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_QUERY_EA 82BDFAD8
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SET_EA 82BDFAD8
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_FLUSH_BUFFERS 82BDFAD8
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_QUERY_VOLUME_INFORMATION 82BDFAD8
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SET_VOLUME_INFORMATION 82BDFAD8
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_DIRECTORY_CONTROL 82BDFAD8
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_FILE_SYSTEM_CONTROL 82BDFAD8
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_DEVICE_CONTROL 82BDFAD8
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_INTERNAL_DEVICE_CONTROL 82BDFAD8
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SHUTDOWN 82BDFAD8
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_LOCK_CONTROL 82BDFAD8
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_CLEANUP 82BDFAD8
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_CREATE_MAILSLOT 82BDFAD8
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_QUERY_SECURITY 82BDFAD8
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SET_SECURITY 82BDFAD8
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_POWER 82BDFAD8
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SYSTEM_CONTROL 82BDFAD8
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_DEVICE_CHANGE 82BDFAD8
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_QUERY_QUOTA 82BDFAD8
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SET_QUOTA 82BDFAD8
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_PNP 82BDFAD8
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_PNP_POWER 82BDFAD8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_CREATE 82D1E240
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_CREATE_NAMED_PIPE 82D1E240
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_CLOSEIRP_MJ_READ 82D1E240
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_WRITE 82D1E240
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_QUERY_INFORMATION 82D1E240
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_SET_INFORMATION 82D1E240
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_QUERY_EA 82D1E240
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_SET_EA 82D1E240
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_FLUSH_BUFFERS 82D1E240
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_QUERY_VOLUME_INFORMATION 82D1E240
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_SET_VOLUME_INFORMATION 82D1E240
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_DIRECTORY_CONTROL 82D1E240
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_FILE_SYSTEM_CONTROL 82D1E240
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_DEVICE_CONTROL 82D1E240
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_INTERNAL_DEVICE_CONTROL 82D1E240
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_SHUTDOWN 82D1E240
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_LOCK_CONTROL 82D1E240
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_CLEANUP 82D1E240
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_CREATE_MAILSLOT 82D1E240
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_QUERY_SECURITY 82D1E240
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_SET_SECURITY 82D1E240
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_POWER 82D1E240
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_SYSTEM_CONTROL 82D1E240
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_DEVICE_CHANGE 82D1E240
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_QUERY_QUOTA 82D1E240
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_SET_QUOTA 82D1E240
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_PNP 82D1E240
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_PNP_POWER 82D1E240
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_CREATE 82D1E240
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_CREATE_NAMED_PIPE 82D1E240
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_CLOSEIRP_MJ_READ 82D1E240
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_WRITE 82D1E240
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_QUERY_INFORMATION 82D1E240
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_SET_INFORMATION 82D1E240
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_QUERY_EA 82D1E240
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_SET_EA 82D1E240
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_FLUSH_BUFFERS 82D1E240
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_QUERY_VOLUME_INFORMATION 82D1E240
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_SET_VOLUME_INFORMATION 82D1E240
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_DIRECTORY_CONTROL 82D1E240
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_FILE_SYSTEM_CONTROL 82D1E240
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_DEVICE_CONTROL 82D1E240
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_INTERNAL_DEVICE_CONTROL 82D1E240
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_SHUTDOWN 82D1E240
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_LOCK_CONTROL 82D1E240
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_CLEANUP 82D1E240
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_CREATE_MAILSLOT 82D1E240
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_QUERY_SECURITY 82D1E240
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_SET_SECURITY 82D1E240
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_POWER 82D1E240
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_SYSTEM_CONTROL 82D1E240
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_DEVICE_CHANGE 82D1E240
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_QUERY_QUOTA 82D1E240
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_SET_QUOTA 82D1E240
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_PNP 82D1E240
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_PNP_POWER 82D1E240
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_CREATE 82D1E240
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_CREATE_NAMED_PIPE 82D1E240
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_CLOSEIRP_MJ_READ 82D1E240
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_WRITE 82D1E240
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_QUERY_INFORMATION 82D1E240
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_SET_INFORMATION 82D1E240
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_QUERY_EA 82D1E240
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_SET_EA 82D1E240
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_FLUSH_BUFFERS 82D1E240
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_QUERY_VOLUME_INFORMATION 82D1E240
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_SET_VOLUME_INFORMATION 82D1E240
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_DIRECTORY_CONTROL 82D1E240
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_FILE_SYSTEM_CONTROL 82D1E240
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_DEVICE_CONTROL 82D1E240
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_INTERNAL_DEVICE_CONTROL 82D1E240
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_SHUTDOWN 82D1E240
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_LOCK_CONTROL 82D1E240
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_CLEANUP 82D1E240
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_CREATE_MAILSLOT 82D1E240
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_QUERY_SECURITY 82D1E240
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_SET_SECURITY 82D1E240
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_POWER 82D1E240
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_SYSTEM_CONTROL 82D1E240
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_DEVICE_CHANGE 82D1E240
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_QUERY_QUOTA 82D1E240
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_SET_QUOTA 82D1E240
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_PNP 82D1E240
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_PNP_POWER 82D1E240
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e IRP_MJ_CREATE 82D1E240
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e IRP_MJ_CREATE_NAMED_PIPE 82D1E240
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e IRP_MJ_CLOSEIRP_MJ_READ 82D1E240
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e IRP_MJ_WRITE 82D1E240
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e IRP_MJ_QUERY_INFORMATION 82D1E240
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e IRP_MJ_SET_INFORMATION 82D1E240
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e IRP_MJ_QUERY_EA 82D1E240
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e IRP_MJ_SET_EA 82D1E240
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e IRP_MJ_FLUSH_BUFFERS 82D1E240
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e IRP_MJ_QUERY_VOLUME_INFORMATION 82D1E240
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e IRP_MJ_SET_VOLUME_INFORMATION 82D1E240
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e IRP_MJ_DIRECTORY_CONTROL 82D1E240
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e IRP_MJ_FILE_SYSTEM_CONTROL 82D1E240
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e IRP_MJ_DEVICE_CONTROL 82D1E240
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e IRP_MJ_INTERNAL_DEVICE_CONTROL 82D1E240
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e IRP_MJ_SHUTDOWN 82D1E240
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e IRP_MJ_LOCK_CONTROL 82D1E240
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e IRP_MJ_CLEANUP 82D1E240
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e IRP_MJ_CREATE_MAILSLOT 82D1E240
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e IRP_MJ_QUERY_SECURITY 82D1E240
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e IRP_MJ_SET_SECURITY 82D1E240
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e IRP_MJ_POWER 82D1E240
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e IRP_MJ_SYSTEM_CONTROL 82D1E240
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e IRP_MJ_DEVICE_CHANGE 82D1E240
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e IRP_MJ_QUERY_QUOTA 82D1E240
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e IRP_MJ_SET_QUOTA 82D1E240
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e IRP_MJ_PNP 82D1E240
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e IRP_MJ_PNP_POWER 82D1E240
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_CREATE 82BDFAD8
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_CREATE_NAMED_PIPE 82BDFAD8
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_CLOSEIRP_MJ_READ 82BDFAD8
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_WRITE 82BDFAD8
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_QUERY_INFORMATION 82BDFAD8
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_SET_INFORMATION 82BDFAD8
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_QUERY_EA 82BDFAD8
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_SET_EA 82BDFAD8
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_FLUSH_BUFFERS 82BDFAD8
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_QUERY_VOLUME_INFORMATION 82BDFAD8
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_SET_VOLUME_INFORMATION 82BDFAD8
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_DIRECTORY_CONTROL 82BDFAD8
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_FILE_SYSTEM_CONTROL 82BDFAD8
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_DEVICE_CONTROL 82BDFAD8
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_INTERNAL_DEVICE_CONTROL 82BDFAD8
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_SHUTDOWN 82BDFAD8
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_LOCK_CONTROL 82BDFAD8
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_CLEANUP 82BDFAD8
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_CREATE_MAILSLOT 82BDFAD8
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_QUERY_SECURITY 82BDFAD8
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_SET_SECURITY 82BDFAD8
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_POWER 82BDFAD8
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_SYSTEM_CONTROL 82BDFAD8
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_DEVICE_CHANGE 82BDFAD8
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_QUERY_QUOTA 82BDFAD8
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_SET_QUOTA 82BDFAD8
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_PNP 82BDFAD8
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_PNP_POWER 82BDFAD8
Device \Driver\d347prt \Device\Scsi\d347prt1Port3Path0Target0Lun0 IRP_MJ_CREATE 82B9AAB0
Device \Driver\d347prt \Device\Scsi\d347prt1Port3Path0Target0Lun0 IRP_MJ_CREATE_NAMED_PIPE 82B9AAB0
Device \Driver\d347prt \Device\Scsi\d347prt1Port3Path0Target0Lun0 IRP_MJ_CLOSEIRP_MJ_READ 82B9AAB0
Device \Driver\d347prt \Device\Scsi\d347prt1Port3Path0Target0Lun0 IRP_MJ_WRITE 82B9AAB0
Device \Driver\d347prt \Device\Scsi\d347prt1Port3Path0Target0Lun0 IRP_MJ_QUERY_INFORMATION 82B9AAB0
Device \Driver\d347prt \Device\Scsi\d347prt1Port3Path0Target0Lun0 IRP_MJ_SET_INFORMATION 82B9AAB0
Device \Driver\d347prt \Device\Scsi\d347prt1Port3Path0Target0Lun0 IRP_MJ_QUERY_EA 82B9AAB0
Device \Driver\d347prt \Device\Scsi\d347prt1Port3Path0Target0Lun0 IRP_MJ_SET_EA 82B9AAB0
Device \Driver\d347prt \Device\Scsi\d347prt1Port3Path0Target0Lun0 IRP_MJ_FLUSH_BUFFERS 82B9AAB0
Device \Driver\d347prt \Device\Scsi\d347prt1Port3Path0Target0Lun0 IRP_MJ_QUERY_VOLUME_INFORMATION 82B9AAB0
Device \Driver\d347prt \Device\Scsi\d347prt1Port3Path0Target0Lun0 IRP_MJ_SET_VOLUME_INFORMATION 82B9AAB0
Device \Driver\d347prt \Device\Scsi\d347prt1Port3Path0Target0Lun0 IRP_MJ_DIRECTORY_CONTROL 82B9AAB0
Device \Driver\d347prt \Device\Scsi\d347prt1Port3Path0Target0Lun0 IRP_MJ_FILE_SYSTEM_CONTROL 82B9AAB0
Device \Driver\d347prt \Device\Scsi\d347prt1Port3Path0Target0Lun0 IRP_MJ_DEVICE_CONTROL 82B9AAB0
Device \Driver\d347prt \Device\Scsi\d347prt1Port3Path0Target0Lun0 IRP_MJ_INTERNAL_DEVICE_CONTROL 82B9AAB0
Device \Driver\d347prt \Device\Scsi\d347prt1Port3Path0Target0Lun0 IRP_MJ_SHUTDOWN 82B9AAB0
Device \Driver\d347prt \Device\Scsi\d347prt1Port3Path0Target0Lun0 IRP_MJ_LOCK_CONTROL 82B9AAB0
Device \Driver\d347prt \Device\Scsi\d347prt1Port3Path0Target0Lun0 IRP_MJ_CLEANUP 82B9AAB0
Device \Driver\d347prt \Device\Scsi\d347prt1Port3Path0Target0Lun0 IRP_MJ_CREATE_MAILSLOT 82B9AAB0
Device \Driver\d347prt \Device\Scsi\d347prt1Port3Path0Target0Lun0 IRP_MJ_QUERY_SECURITY 82B9AAB0
Device \Driver\d347prt \Device\Scsi\d347prt1Port3Path0Target0Lun0 IRP_MJ_SET_SECURITY 82B9AAB0
Device \Driver\d347prt \Device\Scsi\d347prt1Port3Path0Target0Lun0 IRP_MJ_POWER 82B9AAB0
Device \Driver\d347prt \Device\Scsi\d347prt1Port3Path0Target0Lun0 IRP_MJ_SYSTEM_CONTROL 82B9AAB0
Device \Driver\d347prt \Device\Scsi\d347prt1Port3Path0Target0Lun0 IRP_MJ_DEVICE_CHANGE 82B9AAB0
Device \Driver\d347prt \Device\Scsi\d347prt1Port3Path0Target0Lun0 IRP_MJ_QUERY_QUOTA 82B9AAB0
Device \Driver\d347prt \Device\Scsi\d347prt1Port3Path0Target0Lun0 IRP_MJ_SET_QUOTA 82B9AAB0
Device \Driver\d347prt \Device\Scsi\d347prt1Port3Path0Target0Lun0 IRP_MJ_PNP 82B9AAB0
Device \Driver\d347prt \Device\Scsi\d347prt1Port3Path0Target0Lun0 IRP_MJ_PNP_POWER 82B9AAB0
Device \Driver\a347scsi \Device\Scsi\a347scsi1Port2Path0Target0Lun0 IRP_MJ_CREATE 82CDF008
Device \Driver\a347scsi \Device\Scsi\a347scsi1Port2Path0Target0Lun0 IRP_MJ_CREATE_NAMED_PIPE 82CDF008
Device \Driver\a347scsi \Device\Scsi\a347scsi1Port2Path0Target0Lun0 IRP_MJ_CLOSEIRP_MJ_READ 82CDF008
Device \Driver\a347scsi \Device\Scsi\a347scsi1Port2Path0Target0Lun0 IRP_MJ_WRITE 82CDF008
Device \Driver\a347scsi \Device\Scsi\a347scsi1Port2Path0Target0Lun0 IRP_MJ_QUERY_INFORMATION 82CDF008
Device \Driver\a347scsi \Device\Scsi\a347scsi1Port2Path0Target0Lun0 IRP_MJ_SET_INFORMATION 82CDF008
Device \Driver\a347scsi \Device\Scsi\a347scsi1Port2Path0Target0Lun0 IRP_MJ_QUERY_EA 82CDF008
Device \Driver\a347scsi \Device\Scsi\a347scsi1Port2Path0Target0Lun0 IRP_MJ_SET_EA 82CDF008
Device \Driver\a347scsi \Device\Scsi\a347scsi1Port2Path0Target0Lun0 IRP_MJ_FLUSH_BUFFERS 82CDF008
Device \Driver\a347scsi \Device\Scsi\a347scsi1Port2Path0Target0Lun0 IRP_MJ_QUERY_VOLUME_INFORMATION 82CDF008
Device \Driver\a347scsi \Device\Scsi\a347scsi1Port2Path0Target0Lun0 IRP_MJ_SET_VOLUME_INFORMATION 82CDF008
Device \Driver\a347scsi \Device\Scsi\a347scsi1Port2Path0Target0Lun0 IRP_MJ_DIRECTORY_CONTROL 82CDF008
Device \Driver\a347scsi \Device\Scsi\a347scsi1Port2Path0Target0Lun0 IRP_MJ_FILE_SYSTEM_CONTROL 82CDF008
Device \Driver\a347scsi \Device\Scsi\a347scsi1Port2Path0Target0Lun0 IRP_MJ_DEVICE_CONTROL 82CDF008
Device \Driver\a347scsi \Device\Scsi\a347scsi1Port2Path0Target0Lun0 IRP_MJ_INTERNAL_DEVICE_CONTROL 82CDF008
Device \Driver\a347scsi \Device\Scsi\a347scsi1Port2Path0Target0Lun0 IRP_MJ_SHUTDOWN 82CDF008
Device \Driver\a347scsi \Device\Scsi\a347scsi1Port2Path0Target0Lun0 IRP_MJ_LOCK_CONTROL 82CDF008
Device \Driver\a347scsi \Device\Scsi\a347scsi1Port2Path0Target0Lun0 IRP_MJ_CLEANUP 82CDF008
Device \Driver\a347scsi \Device\Scsi\a347scsi1Port2Path0Target0Lun0 IRP_MJ_CREATE_MAILSLOT 82CDF008
Device \Driver\a347scsi \Device\Scsi\a347scsi1Port2Path0Target0Lun0 IRP_MJ_QUERY_SECURITY 82CDF008
Device \Driver\a347scsi \Device\Scsi\a347scsi1Port2Path0Target0Lun0 IRP_MJ_SET_SECURITY 82CDF008
Device \Driver\a347scsi \Device\Scsi\a347scsi1Port2Path0Target0Lun0 IRP_MJ_POWER 82CDF008
Device \Driver\a347scsi \Device\Scsi\a347scsi1Port2Path0Target0Lun0 IRP_MJ_SYSTEM_CONTROL 82CDF008
Device \Driver\a347scsi \Device\Scsi\a347scsi1Port2Path0Target0Lun0 IRP_MJ_DEVICE_CHANGE 82CDF008
Device \Driver\a347scsi \Device\Scsi\a347scsi1Port2Path0Target0Lun0 IRP_MJ_QUERY_QUOTA 82CDF008
Device \Driver\a347scsi \Device\Scsi\a347scsi1Port2Path0Target0Lun0 IRP_MJ_SET_QUOTA 82CDF008
Device \Driver\a347scsi \Device\Scsi\a347scsi1Port2Path0Target0Lun0 IRP_MJ_PNP 82CDF008
Device \Driver\a347scsi \Device\Scsi\a347scsi1Port2Path0Target0Lun0 IRP_MJ_PNP_POWER 82CDF008
Device \Driver\a347scsi \Device\Scsi\a347scsi1 IRP_MJ_CREATE 82CDF008
Device \Driver\a347scsi \Device\Scsi\a347scsi1 IRP_MJ_CREATE_NAMED_PIPE 82CDF008
Device \Driver\a347scsi \Device\Scsi\a347scsi1 IRP_MJ_CLOSEIRP_MJ_READ 82CDF008
Device \Driver\a347scsi \Device\Scsi\a347scsi1 IRP_MJ_WRITE 82CDF008
Device \Driver\a347scsi \Device\Scsi\a347scsi1 IRP_MJ_QUERY_INFORMATION 82CDF008
Device \Driver\a347scsi \Device\Scsi\a347scsi1 IRP_MJ_SET_INFORMATION 82CDF008
Device \Driver\a347scsi \Device\Scsi\a347scsi1 IRP_MJ_QUERY_EA 82CDF008
Device \Driver\a347scsi \Device\Scsi\a347scsi1 IRP_MJ_SET_EA 82CDF008
Device \Driver\a347scsi \Device\Scsi\a347scsi1 IRP_MJ_FLUSH_BUFFERS 82CDF008
Device \Driver\a347scsi \Device\Scsi\a347scsi1 IRP_MJ_QUERY_VOLUME_INFORMATION 82CDF008
Device \Driver\a347scsi \Device\Scsi\a347scsi1 IRP_MJ_SET_VOLUME_INFORMATION 82CDF008
Device \Driver\a347scsi \Device\Scsi\a347scsi1 IRP_MJ_DIRECTORY_CONTROL 82CDF008
Device \Driver\a347scsi \Device\Scsi\a347scsi1 IRP_MJ_FILE_SYSTEM_CONTROL 82CDF008
Device \Driver\a347scsi \Device\Scsi\a347scsi1 IRP_MJ_DEVICE_CONTROL 82CDF008
Device \Driver\a347scsi \Device\Scsi\a347scsi1 IRP_MJ_INTERNAL_DEVICE_CONTROL 82CDF008
Device \Driver\a347scsi \Device\Scsi\a347scsi1 IRP_MJ_SHUTDOWN 82CDF008
Device \Driver\a347scsi \Device\Scsi\a347scsi1 IRP_MJ_LOCK_CONTROL 82CDF008
Device \Driver\a347scsi \Device\Scsi\a347scsi1 IRP_MJ_CLEANUP 82CDF008
Device \Driver\a347scsi \Device\Scsi\a347scsi1 IRP_MJ_CREATE_MAILSLOT 82CDF008
Device \Driver\a347scsi \Device\Scsi\a347scsi1 IRP_MJ_QUERY_SECURITY 82CDF008
Device \Driver\a347scsi \Device\Scsi\a347scsi1 IRP_MJ_SET_SECURITY 82CDF008
Device \Driver\a347scsi \Device\Scsi\a347scsi1 IRP_MJ_POWER 82CDF008
Device \Driver\a347scsi \Device\Scsi\a347scsi1 IRP_MJ_SYSTEM_CONTROL 82CDF008
Device \Driver\a347scsi \Device\Scsi\a347scsi1 IRP_MJ_DEVICE_CHANGE 82CDF008
Device \Driver\a347scsi \Device\Scsi\a347scsi1 IRP_MJ_QUERY_QUOTA 82CDF008
Device \Driver\a347scsi \Device\Scsi\a347scsi1 IRP_MJ_SET_QUOTA 82CDF008
Device \Driver\a347scsi \Device\Scsi\a347scsi1 IRP_MJ_PNP 82CDF008
Device \Driver\a347scsi \Device\Scsi\a347scsi1 IRP_MJ_PNP_POWER 82CDF008
Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_CREATE 82B9AAB0
Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_CREATE_NAMED_PIPE 82B9AAB0
Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_CLOSEIRP_MJ_READ 82B9AAB0
Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_WRITE 82B9AAB0
Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_QUERY_INFORMATION 82B9AAB0
Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_SET_INFORMATION 82B9AAB0
Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_QUERY_EA 82B9AAB0
Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_SET_EA 82B9AAB0
Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_FLUSH_BUFFERS 82B9AAB0
Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_QUERY_VOLUME_INFORMATION 82B9AAB0
Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_SET_VOLUME_INFORMATION 82B9AAB0
Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_DIRECTORY_CONTROL 82B9AAB0
Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_FILE_SYSTEM_CONTROL 82B9AAB0
Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_DEVICE_CONTROL 82B9AAB0
Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_INTERNAL_DEVICE_CONTROL 82B9AAB0
Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_SHUTDOWN 82B9AAB0
Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_LOCK_CONTROL 82B9AAB0
Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_CLEANUP 82B9AAB0
Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_CREATE_MAILSLOT 82B9AAB0
Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_QUERY_SECURITY 82B9AAB0
Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_SET_SECURITY 82B9AAB0
Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_POWER 82B9AAB0
Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_SYSTEM_CONTROL 82B9AAB0
Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_DEVICE_CHANGE 82B9AAB0
Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_QUERY_QUOTA 82B9AAB0
Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_SET_QUOTA 82B9AAB0
Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_PNP 82B9AAB0
Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_PNP_POWER 82B9AAB0

---- Modules - GMER 1.0.10 ----

Module _________ F85B0000

---- Files - GMER 1.0.10 ----

File C:\System Volume Information\tracking.log
File C:\System Volume Information\_restore{DDAA82C5-8642-41D2-B298-8A12E58E75A9}
File C:\System Volume Information\_restore{EF92FE46-9B21-49C3-B7E8-4266AD1BD4D0}

---- EOF - GMER 1.0.10 ----

2. Silentrunner

"Silent Runners.vbs", revision 46, http://www.silentrunners.org/
Operating System: Windows XP
Output limited to non-default values, except where indicated by "{++}"

Startup items buried in registry:
---------------------------------

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"CTFMON.EXE" = "C:\WINDOWS\System32\ctfmon.exe" [MS]
"MSMSGS" = ""C:\Programme\Messenger\MSMSGS.EXE" /background" [MS]
"SpybotSD TeaTimer" = "C:\Programme\Spybot - Search & Destroy\TeaTimer.exe" ["Safer Networking Limited"]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"SynTPLpr" = "C:\Programme\Synaptics\SynTP\SynTPLpr.exe" ["Synaptics, Inc."]
"SynTPEnh" = "C:\Programme\Synaptics\SynTP\SynTPEnh.exe" ["Synaptics, Inc."]
"LaunchAp" = "C:\Program Files\Launch Manager\LaunchAp.exe" [empty string]
"HotkeyApp" = "C:\Program Files\Launch Manager\HotkeyApp.exe" ["Wistron"]
"CtrlVol" = "C:\Program Files\Launch Manager\CtrlVol.exe" [null data]
"Wbutton" = ""C:\Program Files\Launch Manager\Wbutton.exe"" [empty string]
"IgfxTray" = "C:\WINDOWS\System32\igfxtray.exe" ["Intel Corporation"]
"HotKeysCmds" = "C:\WINDOWS\System32\hkcmd.exe" ["Intel Corporation"]
"AGRSMMSG" = "AGRSMMSG.exe" ["Agere Systems"]
"CloneCDTray" = ""C:\Programme\SlySoft\CloneCD\CloneCDTray.exe" /s" ["SlySoft, Inc."]
"NeroFilterCheck" = "C:\WINDOWS\system32\NeroCheck.exe" ["Ahead Software Gmbh"]
"QuickTime Task" = ""C:\Programme\QuickTime\qttask.exe" -atboottime" ["Apple Computer, Inc."]
"VSOCheckTask" = ""C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask" ["McAfee, Inc."]
"VirusScan Online" = "C:\Programme\McAfee.com\VSO\mcvsshld.exe" ["McAfee, Inc."]
"OASClnt" = "C:\Programme\McAfee.com\VSO\oasclnt.exe" ["McAfee, Inc."]
"MCAgentExe" = "C:\PROGRA~1\mcafee.com\agent\mcagent.exe" ["McAfee, Inc"]
"MCUpdateExe" = "C:\PROGRA~1\McAfee.com\Agent\McUpdate.exe" ["McAfee, Inc"]
"MSKAGENTEXE" = "C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe" ["McAfee Inc."]
"MSKDetectorExe" = "C:\PROGRA~1\McAfee\SPAMKI~1\MSKDetct.exe /startup" ["McAfee, Inc."]

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = (no title provided)
-> {HKLM...CLSID} = "AcroIEHlprObj Class"
\InProcServer32\(Default) = "C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll" ["Adobe Systems Incorporated"]
{41D68ED8-4CFF-4115-88A6-6EBB8AF19000}\(Default) = (no title provided)
-> {HKLM...CLSID} = "McAfee AntiPhishing Filter"
\InProcServer32\(Default) = "c:\programme\mcafee\spamkiller\mcapfbho.dll" ["McAfee, Inc."]

HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "CPL-Erweiterung für Anzeigeverschiebung"
-> {HKLM...CLSID} = "CPL-Erweiterung für Anzeigeverschiebung"
\InProcServer32\(Default) = "deskpan.dll" [file not found]
"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Erweiterung für HyperTerminal-Icons"
-> {HKLM...CLSID} = "HyperTerminal Icon Ext"
\InProcServer32\(Default) = "C:\WINDOWS\System32\hticons.dll" ["Hilgraeve, Inc."]
"{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Programme\WinRAR\rarext.dll" [null data]
"{32020A01-506E-484D-A2A8-BE3CF17601C3}" = "AlcoholShellEx"
-> {HKLM...CLSID} = "AlcoholShellEx"
\InProcServer32\(Default) = "C:\PROGRA~1\ALCOHO~1\ALCOHO~1\AXShlEx.dll" ["Alcohol Soft Development Team"]
"{42042206-2D85-11D3-8CFF-005004838597}" = "Microsoft Office HTML Icon Handler"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\Programme\Microsoft Office\OFFICE11\msohev.dll" [MS]
"{906b0e6e-61ce-11d3-8ee2-0060080a7242}" = "QuickSFV Shell Extension"
-> {HKLM...CLSID} = "QuickSFV Shell Extension"
\InProcServer32\(Default) = "C:\Programme\QuickSFV\QSFVShll.dll" ["Mercedes"]
"{416651E4-9C3C-11D9-8BDE-F66BAD1E3F3A}" = "PhoneBrowser"
-> {HKLM...CLSID} = "Nokia Phone Browser"
\InProcServer32\(Default) = "C:\Programme\Nokia\Nokia PC Suite 6\PhoneBrowser.dll" ["Nokia"]
"{C0C4375A-5B72-4efe-929D-3B848C3A1E91}" = "Message View"
-> {HKLM...CLSID} = "Message View"
\InProcServer32\(Default) = "C:\Programme\Nokia\Nokia PC Suite 6\MessageView.dll" ["Nokia"]
"{00DF1F20-0849-A4D1-0239-00D0AF3E9CB0}" = "TuneUp Shredder Shell Context Menu Extension"
-> {HKLM...CLSID} = "TuneUp Shredder Shell Context Menu Extension"
\InProcServer32\(Default) = ""C:\Programme\TuneUp Utilities 2006\sdshelex.dll"" ["TuneUp Software GmbH"]

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\
INFECTION WARNING! igfxcui\DLLName = "igfxsrvc.dll" ["Intel Corporation"]

HKLM\Software\Classes\PROTOCOLS\Filter\
INFECTION WARNING! text/xml\CLSID = "{807553E5-5146-11D5-A672-00B0D022E945}"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE11\MSOXMLMF.DLL" [MS]

HKLM\Software\Classes\Folder\shellex\ColumnHandlers\
{F9DB5320-233E-11D1-9F84-707F02C10627}\(Default) = "PDF Column Info"
-> {HKLM...CLSID} = "PDF Shell Extension"
\InProcServer32\(Default) = "C:\Programme\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll" ["Adobe Systems, Inc."]

HKLM\Software\Classes\*\shellex\ContextMenuHandlers\
QuickSFV Shell Extension\(Default) = "{906b0e6e-61ce-11d3-8ee2-0060080a7242}"
-> {HKLM...CLSID} = "QuickSFV Shell Extension"
\InProcServer32\(Default) = "C:\Programme\QuickSFV\QSFVShll.dll" ["Mercedes"]
TuneUp Shredder\(Default) = "{00DF1F20-0849-A4D1-0239-00D0AF3E9CB0}"
-> {HKLM...CLSID} = "TuneUp Shredder Shell Context Menu Extension"
\InProcServer32\(Default) = ""C:\Programme\TuneUp Utilities 2006\sdshelex.dll"" ["TuneUp Software GmbH"]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Programme\WinRAR\rarext.dll" [null data]

HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\
QuickSFV Shell Extension\(Default) = "{906b0e6e-61ce-11d3-8ee2-0060080a7242}"
-> {HKLM...CLSID} = "QuickSFV Shell Extension"
\InProcServer32\(Default) = "C:\Programme\QuickSFV\QSFVShll.dll" ["Mercedes"]
TuneUp Shredder\(Default) = "{00DF1F20-0849-A4D1-0239-00D0AF3E9CB0}"
-> {HKLM...CLSID} = "TuneUp Shredder Shell Context Menu Extension"
\InProcServer32\(Default) = ""C:\Programme\TuneUp Utilities 2006\sdshelex.dll"" ["TuneUp Software GmbH"]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Programme\WinRAR\rarext.dll" [null data]

HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Programme\WinRAR\rarext.dll" [null data]

Active Desktop and Wallpaper:
-----------------------------

Active Desktop is disabled at this entry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState

HKCU\Control Panel\Desktop\
"Wallpaper" = "C:\Dokumente und Einstellungen\Holger\Eigene Dateien\# Download\IrfanView_Wallpaper.bmp"

Enabled Screen Saver:
---------------------

HKCU\Control Panel\Desktop\
"SCRNSAVE.EXE" = "C:\WINDOWS\System32\ssflwbox.scr" [MS]

Startup items in "Holger" & "All Users" startup folders:
--------------------------------------------------------

C:\Dokumente und Einstellungen\Holger\Startmenü\Programme\Autostart
"trillian" -> shortcut to: "C:\Programme\Trillian\trillian.exe" ["Cerulean Studios"]

C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart
"Adobe Reader - Schnellstart" -> shortcut to: "C:\Programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe" ["Adobe Systems Incorporated"]
"MA521 Configuration Utility" -> shortcut to: "C:\Program Files\NETGEAR\MA521 Configuration Utility\wlancfg5.exe" [empty string]

Enabled Scheduled Tasks:
------------------------

"1-Klick-Wartung" -> launches: "C:\Programme\TuneUp Utilities 2006\SystemOptimizer.exe /schedulestart" ["TuneUp Software GmbH"]

Winsock2 Service Provider DLLs:
-------------------------------

Namespace Service Providers

HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}
000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]
000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
000000000004\LibraryPath = "%SystemRoot%\System32\nwprovau.dll" [MS]

Transport Service Providers

HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}
0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
%SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 51
%SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05

Toolbars, Explorer Bars, Extensions:
------------------------------------

Toolbars

HKLM\Software\Microsoft\Internet Explorer\Toolbar\
"{BA52B914-B692-46C4-B683-905236F6F655}" = "McAfee VirusScan"
-> {HKLM...CLSID} = "McAfee VirusScan"
\InProcServer32\(Default) = "c:\progra~1\mcafee.com\vso\mcvsshl.dll" ["McAfee, Inc."]

Extensions (Tools menu items, main toolbar menu buttons)

HKLM\Software\Microsoft\Internet Explorer\Extensions\
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}\
"MenuText" = "Sun Java Konsole"
"CLSIDExtension" = "{CAFEEFAC-0015-0000-0004-ABCDEFFEDCBC}"
-> {HKLM...CLSID} = "Java Plug-in 1.5.0_04"
\InProcServer32\(Default) = "C:\Programme\Java\jre1.5.0_04\bin\npjpi150_04.dll" ["Sun Microsystems, Inc."]

{39FD89BF-D3F1-45B6-BB56-3582CCF489E1}\
"MenuText" = "McAfee AntiPhishing Filter"
"CLSIDExtension" = "{7DD73374-7187-4103-8F29-622AA25E7C40}"
-> {HKLM...CLSID} = "MyCfgDlgCmdTarget Class"
\InProcServer32\(Default) = "c:\programme\mcafee\spamkiller\mcapfbho.dll" ["McAfee, Inc."]

{92780B25-18CC-41C8-B9BE-3C9C571A8263}\
"ButtonText" = "Recherchieren"

{FB5F1910-F110-11D2-BB9E-00C04F795683}\
"ButtonText" = "Messenger"
"MenuText" = "Windows Messenger"
"Exec" = "C:\Programme\Messenger\MSMSGS.EXE" [MS]

Miscellaneous IE Hijack Points
------------------------------

HKLM\Software\Microsoft\Internet Explorer\AboutURLs\

Missing lines (compared with English-language version):
HIJACK WARNING! "TuneUp" = "file://C|/Dokumente und Einstellungen/All Users/Anwendungsdaten/TuneUp Software/Common/base.css" [file not found]

Running Services (Display Name, Service Name, Path {Service DLL}):
------------------------------------------------------------------

McAfee SpamKiller Server, MskService, "C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe" ["McAfee Inc."]
McAfee Task Scheduler, McTskshd.exe, "c:\PROGRA~1\mcafee.com\agent\mctskshd.exe" ["McAfee, Inc"]
McAfee WSC Integration, McDetect.exe, "c:\programme\mcafee.com\agent\mcdetect.exe" ["McAfee, Inc"]
McAfee.com McShield, McShield, "c:\PROGRA~1\mcafee.com\vso\mcshield.exe" ["McAfee Inc."]

----------
+ This report excludes default entries except where indicated.
+ To see *everywhere* the script checks and *everything* it finds,
launch it from a command prompt or a shortcut with the -all parameter.
+ To search all directories of local fixed drives for DESKTOP.INI
DLL launch points and all Registry CLSIDs for dormant Explorer Bars,
use the -supp parameter or answer "No" at the first message box.
---------- (total run time: 125 seconds, including 10 seconds for message boxes)

gruss
painkiller9 8)

24.06.2006, 21:33

Ehrenmitglied

Beiträge: 29434

#4 irgendwas stimmt hier nicht...aber ich finde nicht, was es ist.
schaffst du es einen Onlinescan zu machen ?
wenn ja, poste den scanbericht von kaspersky
http://virus-protect.org/onlinescan.html
__________
MfG Sabina

rund um die PC-Sicherheit

25.06.2006, 10:09

Member

Themenstarter

Beiträge: 11

#5 Hi,

hier der Report vom Onlinescan:

-------------------------------------------------------------------------------
KASPERSKY ON-LINE SCANNER REPORT
Sunday, June 25, 2006 9:55:22 AM
Operating System: Microsoft Windows XP Professional, Service Pack 1 (Build 2600)
Kaspersky On-line Scanner version: 5.0.78.0
Kaspersky Anti-Virus database last update: 25/06/2006
Kaspersky Anti-Virus database records: 190446
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: standard
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
C:\
D:\
E:\
F:\
G:\
H:\

Scan Statistics:
Total number of scanned objects: 50320
Number of viruses found: 17
Number of infected objects: 88
Number of suspicious objects: 0
Duration of the scan process: 01:10:43

Infected Object Name / Virus Name / Last Action
C:\Dokumente und Einstellungen\Holger\Anwendungsdaten\BatMail\Painkiller (Nikocity)\Inbox\MESSAGES.TBB/[From Deutsche-Bank.de Police <AccountPolice@Deutsche-Bank.de>][Date Sun, 31 Jul 2005 07:46:09 -0500]/UNNAMED/html Infected: Trojan-Spy.HTML.Bankfraud.ie skipped
C:\Dokumente und Einstellungen\Holger\Anwendungsdaten\BatMail\Painkiller (Nikocity)\Inbox\MESSAGES.TBB/[From Deutsche-Bank.de Police <AccountPolice@Deutsche-Bank.de>][Date Sun, 31 Jul 2005 07:46:09 -0500]/UNNAMED Infected: Trojan-Spy.HTML.Bankfraud.ie skipped
C:\Dokumente und Einstellungen\Holger\Anwendungsdaten\BatMail\Painkiller (Nikocity)\Inbox\MESSAGES.TBB/[From Deutsche Bank <security@deutsche-bank.de>][Date Fri, 05 Aug 2005 11:38:57 -0700]/UNNAMED/UNNAMED/UNNAMED/html Infected: Trojan-Spy.HTML.Bankfraud.ih skipped
C:\Dokumente und Einstellungen\Holger\Anwendungsdaten\BatMail\Painkiller (Nikocity)\Inbox\MESSAGES.TBB/[From Deutsche Bank <security@deutsche-bank.de>][Date Fri, 05 Aug 2005 11:38:57 -0700]/UNNAMED/UNNAMED/UNNAMED Infected: Trojan-Spy.HTML.Bankfraud.ih skipped
C:\Dokumente und Einstellungen\Holger\Anwendungsdaten\BatMail\Painkiller (Nikocity)\Inbox\MESSAGES.TBB/[From Deutsche Bank <security@deutsche-bank.de>][Date Fri, 05 Aug 2005 11:38:57 -0700]/UNNAMED/UNNAMED Infected: Trojan-Spy.HTML.Bankfraud.ih skipped
C:\Dokumente und Einstellungen\Holger\Anwendungsdaten\BatMail\Painkiller (Nikocity)\Inbox\MESSAGES.TBB/[From Deutsche Bank <security@deutsche-bank.de>][Date Fri, 05 Aug 2005 11:38:57 -0700]/UNNAMED Infected: Trojan-Spy.HTML.Bankfraud.ih skipped
C:\Dokumente und Einstellungen\Holger\Anwendungsdaten\BatMail\Painkiller (Nikocity)\Inbox\MESSAGES.TBB/[From Deutsche Bank <security@deutsche-bank.de>][Date Fri, 05 Aug 2005 17:36:50 -0700]/UNNAMED/UNNAMED/UNNAMED/html Infected: Trojan-Spy.HTML.Bankfraud.ih skipped
C:\Dokumente und Einstellungen\Holger\Anwendungsdaten\BatMail\Painkiller (Nikocity)\Inbox\MESSAGES.TBB/[From Deutsche Bank <security@deutsche-bank.de>][Date Fri, 05 Aug 2005 17:36:50 -0700]/UNNAMED/UNNAMED/UNNAMED Infected: Trojan-Spy.HTML.Bankfraud.ih skipped
C:\Dokumente und Einstellungen\Holger\Anwendungsdaten\BatMail\Painkiller (Nikocity)\Inbox\MESSAGES.TBB/[From Deutsche Bank <security@deutsche-bank.de>][Date Fri, 05 Aug 2005 17:36:50 -0700]/UNNAMED/UNNAMED Infected: Trojan-Spy.HTML.Bankfraud.ih skipped
C:\Dokumente und Einstellungen\Holger\Anwendungsdaten\BatMail\Painkiller (Nikocity)\Inbox\MESSAGES.TBB/[From Deutsche Bank <security@deutsche-bank.de>][Date Fri, 05 Aug 2005 17:36:50 -0700]/UNNAMED Infected: Trojan-Spy.HTML.Bankfraud.ih skipped
C:\Dokumente und Einstellungen\Holger\Anwendungsdaten\BatMail\Painkiller (Nikocity)\Inbox\MESSAGES.TBB/[From <mail@opodo.de>][Date Wed, 10 Aug 2005 23:38:55 -0000]/UNNAMED/rechnung.pdf.exe Infected: Trojan-Downloader.Win32.Small.bgp skipped
C:\Dokumente und Einstellungen\Holger\Anwendungsdaten\BatMail\Painkiller (Nikocity)\Inbox\MESSAGES.TBB/[From <mail@opodo.de>][Date Wed, 10 Aug 2005 23:38:55 -0000]/UNNAMED Infected: Trojan-Downloader.Win32.Small.bgp skipped
C:\Dokumente und Einstellungen\Holger\Anwendungsdaten\BatMail\Painkiller (Nikocity)\Inbox\MESSAGES.TBB/[From Deutsche Telekom AG <Rechnung-Online@t-com.net>][Date Sat, 13 Aug 2005 06:00:49 -0700]/UNNAMED/rechnung.pdf.exe Infected: Trojan-Downloader.Win32.Small.bgp skipped
C:\Dokumente und Einstellungen\Holger\Anwendungsdaten\BatMail\Painkiller (Nikocity)\Inbox\MESSAGES.TBB/[From Deutsche Telekom AG <Rechnung-Online@t-com.net>][Date Sat, 13 Aug 2005 06:00:49 -0700]/UNNAMED Infected: Trojan-Downloader.Win32.Small.bgp skipped
C:\Dokumente und Einstellungen\Holger\Anwendungsdaten\BatMail\Painkiller (Nikocity)\Inbox\MESSAGES.TBB/[From Postbank.de <AccountPolice@pastbank.com>][Date Mon, 22 Aug 2005 02:03:01 -0700]/UNNAMED/html Infected: Trojan-Spy.HTML.Bankfraud.if skipped
C:\Dokumente und Einstellungen\Holger\Anwendungsdaten\BatMail\Painkiller (Nikocity)\Inbox\MESSAGES.TBB/[From Postbank.de <AccountPolice@pastbank.com>][Date Mon, 22 Aug 2005 02:03:01 -0700]/UNNAMED Infected: Trojan-Spy.HTML.Bankfraud.if skipped
C:\Dokumente und Einstellungen\Holger\Anwendungsdaten\BatMail\Painkiller (Nikocity)\Inbox\MESSAGES.TBB/[From PostBank.de <SecurityUpdate@postbanck.net>][Date Wed, 24 Aug 2005 04:41:19 -0700]/UNNAMED/html Infected: Trojan-Spy.HTML.Bankfraud.if skipped
C:\Dokumente und Einstellungen\Holger\Anwendungsdaten\BatMail\Painkiller (Nikocity)\Inbox\MESSAGES.TBB/[From PostBank.de <SecurityUpdate@postbanck.net>][Date Wed, 24 Aug 2005 04:41:19 -0700]/UNNAMED Infected: Trojan-Spy.HTML.Bankfraud.if skipped
C:\Dokumente und Einstellungen\Holger\Anwendungsdaten\BatMail\Painkiller (Nikocity)\Inbox\MESSAGES.TBB/[From Postbank.de <AccountPolice@pastbank.de>][Date Sun, 04 Sep 2005 10:37:56 -0700]/UNNAMED/html Infected: Trojan-Spy.HTML.Bankfraud.if skipped
C:\Dokumente und Einstellungen\Holger\Anwendungsdaten\BatMail\Painkiller (Nikocity)\Inbox\MESSAGES.TBB/[From Postbank.de <AccountPolice@pastbank.de>][Date Sun, 04 Sep 2005 10:37:56 -0700]/UNNAMED Infected: Trojan-Spy.HTML.Bankfraud.if skipped
C:\Dokumente und Einstellungen\Holger\Anwendungsdaten\BatMail\Painkiller (Nikocity)\Inbox\MESSAGES.TBB/[From Deutsche Bank <ari@yahoo.co.uk>][Date Mon, 03 Oct 2005 01:57:11 +0000]/UNNAMED/UNNAMED/text Infected: Trojan-Spy.HTML.Bankfraud.kx skipped
C:\Dokumente und Einstellungen\Holger\Anwendungsdaten\BatMail\Painkiller (Nikocity)\Inbox\MESSAGES.TBB/[From Deutsche Bank <ari@yahoo.co.uk>][Date Mon, 03 Oct 2005 01:57:11 +0000]/UNNAMED/UNNAMED/html Infected: Trojan-Spy.HTML.Bankfraud.jp skipped
C:\Dokumente und Einstellungen\Holger\Anwendungsdaten\BatMail\Painkiller (Nikocity)\Inbox\MESSAGES.TBB/[From Deutsche Bank <ari@yahoo.co.uk>][Date Mon, 03 Oct 2005 01:57:11 +0000]/UNNAMED/UNNAMED Infected: Trojan-Spy.HTML.Bankfraud.jp skipped
C:\Dokumente und Einstellungen\Holger\Anwendungsdaten\BatMail\Painkiller (Nikocity)\Inbox\MESSAGES.TBB/[From Deutsche Bank <ari@yahoo.co.uk>][Date Mon, 03 Oct 2005 01:57:11 +0000]/UNNAMED Infected: Trojan-Spy.HTML.Bankfraud.jp skipped
C:\Dokumente und Einstellungen\Holger\Anwendungsdaten\BatMail\Painkiller (Nikocity)\Inbox\MESSAGES.TBB/[From douggie jameson <5buster@priest.com>][Date Sun, 16 Oct 2005 06:09:37 +0000]/UNNAMED/UNNAMED/html Infected: Trojan-Spy.HTML.Bankfraud.jf skipped
C:\Dokumente und Einstellungen\Holger\Anwendungsdaten\BatMail\Painkiller (Nikocity)\Inbox\MESSAGES.TBB/[From douggie jameson <5buster@priest.com>][Date Sun, 16 Oct 2005 06:09:37 +0000]/UNNAMED/UNNAMED Infected: Trojan-Spy.HTML.Bankfraud.jf skipped
C:\Dokumente und Einstellungen\Holger\Anwendungsdaten\BatMail\Painkiller (Nikocity)\Inbox\MESSAGES.TBB/[From douggie jameson <5buster@priest.com>][Date Sun, 16 Oct 2005 06:09:37 +0000]/UNNAMED Infected: Trojan-Spy.HTML.Bankfraud.jf skipped
C:\Dokumente und Einstellungen\Holger\Anwendungsdaten\BatMail\Painkiller (Nikocity)\Inbox\MESSAGES.TBB/[From Deutsche Bank <3bertie@gmx.net>][Date Sat, 22 Oct 2005 21:31:29 +0000]/UNNAMED/UNNAMED/text Infected: Trojan-Spy.HTML.Bankfraud.kx skipped
C:\Dokumente und Einstellungen\Holger\Anwendungsdaten\BatMail\Painkiller (Nikocity)\Inbox\MESSAGES.TBB/[From Deutsche Bank <3bertie@gmx.net>][Date Sat, 22 Oct 2005 21:31:29 +0000]/UNNAMED/UNNAMED/html Infected: Trojan-Spy.HTML.Bankfraud.jp skipped
C:\Dokumente und Einstellungen\Holger\Anwendungsdaten\BatMail\Painkiller (Nikocity)\Inbox\MESSAGES.TBB/[From Deutsche Bank <3bertie@gmx.net>][Date Sat, 22 Oct 2005 21:31:29 +0000]/UNNAMED/UNNAMED Infected: Trojan-Spy.HTML.Bankfraud.jp skipped
C:\Dokumente und Einstellungen\Holger\Anwendungsdaten\BatMail\Painkiller (Nikocity)\Inbox\MESSAGES.TBB/[From Deutsche Bank <3bertie@gmx.net>][Date Sat, 22 Oct 2005 21:31:29 +0000]/UNNAMED Infected: Trojan-Spy.HTML.Bankfraud.jp skipped
C:\Dokumente und Einstellungen\Holger\Anwendungsdaten\BatMail\Painkiller (Nikocity)\Inbox\MESSAGES.TBB/[From Deutsche Bank <lalitha@brainpod.com>][Date Tue, 01 Nov 2005 20:28:08 +0000]/UNNAMED/UNNAMED/text Infected: Trojan-Spy.HTML.Bankfraud.kx skipped
C:\Dokumente und Einstellungen\Holger\Anwendungsdaten\BatMail\Painkiller (Nikocity)\Inbox\MESSAGES.TBB/[From Deutsche Bank <lalitha@brainpod.com>][Date Tue, 01 Nov 2005 20:28:08 +0000]/UNNAMED/UNNAMED/html Infected: Trojan-Spy.HTML.Bankfraud.jp skipped
C:\Dokumente und Einstellungen\Holger\Anwendungsdaten\BatMail\Painkiller (Nikocity)\Inbox\MESSAGES.TBB/[From Deutsche Bank <lalitha@brainpod.com>][Date Tue, 01 Nov 2005 20:28:08 +0000]/UNNAMED/UNNAMED Infected: Trojan-Spy.HTML.Bankfraud.jp skipped
C:\Dokumente und Einstellungen\Holger\Anwendungsdaten\BatMail\Painkiller (Nikocity)\Inbox\MESSAGES.TBB/[From Deutsche Bank <lalitha@brainpod.com>][Date Tue, 01 Nov 2005 20:28:08 +0000]/UNNAMED Infected: Trojan-Spy.HTML.Bankfraud.jp skipped
C:\Dokumente und Einstellungen\Holger\Anwendungsdaten\BatMail\Painkiller (Nikocity)\Inbox\MESSAGES.TBB Mail: infected - 35 skipped
C:\Dokumente und Einstellungen\Ute\Anwendungsdaten\BatMail\Hemifa\Inbox\MESSAGES.TBB/[From PostBank.de <SecurityUpdate@postbanck.net>][Date Tue, 02 Aug 2005 12:43:42 -0700]/html Infected: Trojan-Spy.HTML.Bankfraud.if skipped
C:\Dokumente und Einstellungen\Ute\Anwendungsdaten\BatMail\Hemifa\Inbox\MESSAGES.TBB/[From post@postcard.com][Date Mon, 13 Feb 2006 11:55:45 +0200]/UNNAMED/html Infected: Trojan-Downloader.HTML.Agent.ae skipped
C:\Dokumente und Einstellungen\Ute\Anwendungsdaten\BatMail\Hemifa\Inbox\MESSAGES.TBB/[From post@postcard.com][Date Mon, 13 Feb 2006 11:55:45 +0200]/UNNAMED Infected: Trojan-Downloader.HTML.Agent.ae skipped
C:\Dokumente und Einstellungen\Ute\Anwendungsdaten\BatMail\Hemifa\Inbox\MESSAGES.TBB Mail: infected - 3 skipped
C:\Dokumente und Einstellungen\Ute\Anwendungsdaten\BatMail\Hemifa\Outbox\MESSAGES.TBB/[From Hemifa <hemifa@gmx.de>][Date Tue, 2 Aug 2005 21:06:53 +0200]/UNNAMED/Message.html Infected: Trojan-Spy.HTML.Bankfraud.if skipped
C:\Dokumente und Einstellungen\Ute\Anwendungsdaten\BatMail\Hemifa\Outbox\MESSAGES.TBB/[From Hemifa <hemifa@gmx.de>][Date Tue, 2 Aug 2005 21:06:53 +0200]/UNNAMED Infected: Trojan-Spy.HTML.Bankfraud.if skipped
C:\Dokumente und Einstellungen\Ute\Anwendungsdaten\BatMail\Hemifa\Outbox\MESSAGES.TBB Mail: infected - 2 skipped
C:\Dokumente und Einstellungen\Ute\Anwendungsdaten\BatMail\Hemifa\Sent\MESSAGES.TBB/[From Hemifa <hemifa@gmx.de>][Date Tue, 2 Aug 2005 21:06:53 +0200]/UNNAMED/Message.html Infected: Trojan-Spy.HTML.Bankfraud.if skipped
C:\Dokumente und Einstellungen\Ute\Anwendungsdaten\BatMail\Hemifa\Sent\MESSAGES.TBB/[From Hemifa <hemifa@gmx.de>][Date Tue, 2 Aug 2005 21:06:53 +0200]/UNNAMED Infected: Trojan-Spy.HTML.Bankfraud.if skipped
C:\Dokumente und Einstellungen\Ute\Anwendungsdaten\BatMail\Hemifa\Sent\MESSAGES.TBB Mail: infected - 2 skipped
C:\Dokumente und Einstellungen\Ute\Anwendungsdaten\BatMail\Hemifa\Trash\MESSAGES.TBB/[From gka160452@aol.com][Date Fri, 30 Jul 2004 10:12:58 +0200]/UNNAMED/your_text.pif Infected: Email-Worm.Win32.NetSky.d skipped
C:\Dokumente und Einstellungen\Ute\Anwendungsdaten\BatMail\Hemifa\Trash\MESSAGES.TBB/[From gka160452@aol.com][Date Fri, 30 Jul 2004 10:12:58 +0200]/UNNAMED Infected: Email-Worm.Win32.NetSky.d skipped
C:\Dokumente und Einstellungen\Ute\Anwendungsdaten\BatMail\Hemifa\Trash\MESSAGES.TBB/[From hilde@nhf.no][Date Mon, 2 Aug 2004 20:56:41 +0200]/UNNAMED/your_picture.pif Infected: Email-Worm.Win32.NetSky.d skipped
C:\Dokumente und Einstellungen\Ute\Anwendungsdaten\BatMail\Hemifa\Trash\MESSAGES.TBB/[From hilde@nhf.no][Date Mon, 2 Aug 2004 20:56:41 +0200]/UNNAMED Infected: Email-Worm.Win32.NetSky.d skipped
C:\Dokumente und Einstellungen\Ute\Anwendungsdaten\BatMail\Hemifa\Trash\MESSAGES.TBB/[From jan.schmidt@ju-schorndorf.de][Date Thu, 29 Jul 2004 20:45:52 +0200]/UNNAMED/all_document.pif Infected: Email-Worm.Win32.NetSky.d skipped
C:\Dokumente und Einstellungen\Ute\Anwendungsdaten\BatMail\Hemifa\Trash\MESSAGES.TBB/[From jan.schmidt@ju-schorndorf.de][Date Thu, 29 Jul 2004 20:45:52 +0200]/UNNAMED Infected: Email-Worm.Win32.NetSky.d skipped
C:\Dokumente und Einstellungen\Ute\Anwendungsdaten\BatMail\Hemifa\Trash\MESSAGES.TBB/[From julia.reidle@web.de][Date Sat, 31 Jul 2004 15:17:21 +0200]/UNNAMED/all_document.pif Infected: Email-Worm.Win32.NetSky.d skipped
C:\Dokumente und Einstellungen\Ute\Anwendungsdaten\BatMail\Hemifa\Trash\MESSAGES.TBB/[From julia.reidle@web.de][Date Sat, 31 Jul 2004 15:17:21 +0200]/UNNAMED Infected: Email-Worm.Win32.NetSky.d skipped
C:\Dokumente und Einstellungen\Ute\Anwendungsdaten\BatMail\Hemifa\Trash\MESSAGES.TBB/[From knuffel-vani@web.de][Date Sun, 1 Aug 2004 20:10:27 +0200]/UNNAMED/your_product.pif Infected: Email-Worm.Win32.NetSky.d skipped
C:\Dokumente und Einstellungen\Ute\Anwendungsdaten\BatMail\Hemifa\Trash\MESSAGES.TBB/[From knuffel-vani@web.de][Date Sun, 1 Aug 2004 20:10:27 +0200]/UNNAMED Infected: Email-Worm.Win32.NetSky.d skipped
C:\Dokumente und Einstellungen\Ute\Anwendungsdaten\BatMail\Hemifa\Trash\MESSAGES.TBB/[From webservicelamnek@aol.com][Date Thu, 5 Aug 2004 16:14:17 +0200]/UNNAMED/document.pif Infected: Email-Worm.Win32.NetSky.d skipped
C:\Dokumente und Einstellungen\Ute\Anwendungsdaten\BatMail\Hemifa\Trash\MESSAGES.TBB/[From webservicelamnek@aol.com][Date Thu, 5 Aug 2004 16:14:17 +0200]/UNNAMED Infected: Email-Worm.Win32.NetSky.d skipped
C:\Dokumente und Einstellungen\Ute\Anwendungsdaten\BatMail\Hemifa\Trash\MESSAGES.TBB/[From e-mail.heidrun.geddert@enercity.de][Date Sun, 22 Aug 2004 00:59:55 +0200]/UNNAMED/swimmingpool.zip/swimmingpool.txt.com Infected: Email-Worm.Win32.NetSky.b skipped
C:\Dokumente und Einstellungen\Ute\Anwendungsdaten\BatMail\Hemifa\Trash\MESSAGES.TBB/[From e-mail.heidrun.geddert@enercity.de][Date Sun, 22 Aug 2004 00:59:55 +0200]/UNNAMED/swimmingpool.zip Infected: Email-Worm.Win32.NetSky.b skipped
C:\Dokumente und Einstellungen\Ute\Anwendungsdaten\BatMail\Hemifa\Trash\MESSAGES.TBB/[From e-mail.heidrun.geddert@enercity.de][Date Sun, 22 Aug 2004 00:59:55 +0200]/UNNAMED Infected: Email-Worm.Win32.NetSky.b skipped
C:\Dokumente und Einstellungen\Ute\Anwendungsdaten\BatMail\Hemifa\Trash\MESSAGES.TBB/[From support-dqnlp@freemail.nl][Date Sun, 22 Aug 2004 23:03:12 +0200]/UNNAMED/textfile.txt.pif Infected: Email-Worm.Win32.NetSky.b skipped
C:\Dokumente und Einstellungen\Ute\Anwendungsdaten\BatMail\Hemifa\Trash\MESSAGES.TBB/[From support-dqnlp@freemail.nl][Date Sun, 22 Aug 2004 23:03:12 +0200]/UNNAMED Infected: Email-Worm.Win32.NetSky.b skipped
C:\Dokumente und Einstellungen\Ute\Anwendungsdaten\BatMail\Hemifa\Trash\MESSAGES.TBB/[From <direkt@postbank.de>][Date Sun, 30 Jan 2005 11:12:34 -0800]/UNNAMED/=?koi8-r?B?NC5wZGYuZXhl?= Infected: Trojan-Downloader.Win32.Small.aio skipped
C:\Dokumente und Einstellungen\Ute\Anwendungsdaten\BatMail\Hemifa\Trash\MESSAGES.TBB/[From <direkt@postbank.de>][Date Sun, 30 Jan 2005 11:12:34 -0800]/UNNAMED Infected: Trojan-Downloader.Win32.Small.aio skipped
C:\Dokumente und Einstellungen\Ute\Anwendungsdaten\BatMail\Hemifa\Trash\MESSAGES.TBB/[From <info@telekom.de>][Date Tue, 17 May 2005 12:14:19 -0700]/UNNAMED/Rechnung.zip/Rechnung.pdf.exe Infected: Trojan-Downloader.Win32.Vidlo.m skipped
C:\Dokumente und Einstellungen\Ute\Anwendungsdaten\BatMail\Hemifa\Trash\MESSAGES.TBB/[From <info@telekom.de>][Date Tue, 17 May 2005 12:14:19 -0700]/UNNAMED/Rechnung.zip Infected: Trojan-Downloader.Win32.Vidlo.m skipped
C:\Dokumente und Einstellungen\Ute\Anwendungsdaten\BatMail\Hemifa\Trash\MESSAGES.TBB/[From <info@telekom.de>][Date Tue, 17 May 2005 12:14:19 -0700]/UNNAMED Infected: Trojan-Downloader.Win32.Vidlo.m skipped
C:\Dokumente und Einstellungen\Ute\Anwendungsdaten\BatMail\Hemifa\Trash\MESSAGES.TBB/[From <info@telekom.de>][Date Tue, 17 May 2005 09:31:59 -0700]/UNNAMED/Rechnung.zip/Rechnung.pdf.exe Infected: Trojan-Downloader.Win32.Vidlo.m skipped
C:\Dokumente und Einstellungen\Ute\Anwendungsdaten\BatMail\Hemifa\Trash\MESSAGES.TBB/[From <info@telekom.de>][Date Tue, 17 May 2005 09:31:59 -0700]/UNNAMED/Rechnung.zip Infected: Trojan-Downloader.Win32.Vidlo.m skipped
C:\Dokumente und Einstellungen\Ute\Anwendungsdaten\BatMail\Hemifa\Trash\MESSAGES.TBB/[From <info@telekom.de>][Date Tue, 17 May 2005 09:31:59 -0700]/UNNAMED Infected: Trojan-Downloader.Win32.Vidlo.m skipped
C:\Dokumente und Einstellungen\Ute\Anwendungsdaten\BatMail\Hemifa\Trash\MESSAGES.TBB/[From <info@telekom.de>][Date Mon, 16 May 2005 16:17:23 -0700]/UNNAMED/Rechnung.pdf.exe Infected: Trojan-Downloader.Win32.Vidlo.m skipped
C:\Dokumente und Einstellungen\Ute\Anwendungsdaten\BatMail\Hemifa\Trash\MESSAGES.TBB/[From <info@telekom.de>][Date Mon, 16 May 2005 16:17:23 -0700]/UNNAMED Infected: Trojan-Downloader.Win32.Vidlo.m skipped
C:\Dokumente und Einstellungen\Ute\Anwendungsdaten\BatMail\Hemifa\Trash\MESSAGES.TBB/[From <info@telekom.de>][Date Mon, 16 May 2005 12:19:44 -0700]/UNNAMED/Rechnung.pdf.exe Infected: Trojan-Downloader.Win32.Vidlo.m skipped
C:\Dokumente und Einstellungen\Ute\Anwendungsdaten\BatMail\Hemifa\Trash\MESSAGES.TBB/[From <info@telekom.de>][Date Mon, 16 May 2005 12:19:44 -0700]/UNNAMED Infected: Trojan-Downloader.Win32.Vidlo.m skipped
C:\Dokumente und Einstellungen\Ute\Anwendungsdaten\BatMail\Hemifa\Trash\MESSAGES.TBB/[From <Rechnung-Online@t-com.net>][Date Tue, 24 May 2005 08:20:18 -0700]/UNNAMED/2005_05_01.PDF.exe Infected: Trojan-Dropper.Win32.Agent.mc skipped
C:\Dokumente und Einstellungen\Ute\Anwendungsdaten\BatMail\Hemifa\Trash\MESSAGES.TBB/[From <Rechnung-Online@t-com.net>][Date Tue, 24 May 2005 08:20:18 -0700]/UNNAMED Infected: Trojan-Dropper.Win32.Agent.mc skipped
C:\Dokumente und Einstellungen\Ute\Anwendungsdaten\BatMail\Hemifa\Trash\MESSAGES.TBB Mail: infected - 31 skipped
C:\Downloads\# usbstick per 22.10.04\privat\ipcscan.zip/IpcScan.exe Infected: HackTool.Win32.IpcScan.200 skipped
C:\Downloads\# usbstick per 22.10.04\privat\ipcscan.zip ZIP: infected - 1 skipped
C:\Downloads\# usbstick per 22.10.04\privat\sqlck.zip/SQLck.exe Infected: HackTool.Win32.SqlCrack skipped
C:\Downloads\# usbstick per 22.10.04\privat\sqlck.zip ZIP: infected - 1 skipped
C:\Downloads\# usbstick per 22.10.04\privat\sqlscan.zip/SQLScan/SQLScan.exe Infected: HackTool.Win32.VB.an skipped
C:\Downloads\# usbstick per 22.10.04\privat\sqlscan.zip ZIP: infected - 1 skipped
C:\Downloads\# usbstick per 22.10.04\privat\x-ray1.35.zip/xray/xray.exe Infected: HackTool.Win32.Xray.a skipped
C:\Downloads\# usbstick per 22.10.04\privat\x-ray1.35.zip ZIP: infected - 1 skipped
C:\Downloads\# usbstick per 22.10.04\privat\xray.rar/xray.exe Infected: HackTool.Win32.Xray.a skipped
C:\Downloads\# usbstick per 22.10.04\privat\xray.rar RAR: infected - 1 skipped

Scan process completed.

gruss
painkiller9 8)

25.06.2006, 11:58

Ehrenmitglied

Beiträge: 29434

#6 1.
so kann man die Mail restlos aus der Inbox zu entfernen:
1. Mail aus Inbox löschen
2. Mülleimer leeren
3. Inbox komprimieren (Datei-Menü)

Hintergrund: Die gesamte Inbox ist auf der Festplatte als eine einzige Datei abgelegt. Darin stehen alle Mails untereinander, und auch die "gelöschten" Mails bleiben stehen (nur sind sie als gelöscht markiert). Erst durch das Komprimieren werden tatsächlich Teile aus der Datei entfernt.

2.
loeschen:

C:\Downloads\# usbstick per 22.10.04\privat\ipcscan.zip
C:\Downloads\# usbstick per 22.10.04\privat\sqlck.zip
C:\Downloads\# usbstick per 22.10.04\privat\sqlscan.zip
C:\Downloads\# usbstick per 22.10.04\privat\x-ray1.35.zip
C:\Downloads\# usbstick per 22.10.04\privat\xray.rar
__________
MfG Sabina

rund um die PC-Sicherheit

28.06.2006, 12:25

Member

Themenstarter

Beiträge: 11

#7 Hallo Sabina,

ich habe die befallenen Mails gelöscht und auch die Programme ausgelagert.

Danach habe ich als Browseralternative Firefox installiert. Habe dann noch SP2 installiert (hatte ich noch nicht). Im Moment läuft das Laptop relativ ruhig. Was soll ich jetzt noch tun (Scans durchführen, Logs posten etc.) um festzustellen, ob noch irgendein Befall vorliegt.

Ich hatte McAfee wieder deinstalliert, weil ich dachte, dass das McAfee Programm auch Probleme macht. Werde es wohl aber wieder installieren, da ich dadurch im Mom keinen Virenschutz habe.

Gruss
painkiller 8)

28.06.2006, 15:49

Ehrenmitglied

Beiträge: 29434

#8 multiavtool
http://virus-protect.org/multiavtool.html
bei der Eingabe "3" im MULTIAVTOOL muss eine Internetverbindung vorhanden sein

- man muss eingeben, was gescannt werden soll
- C:\Windows\System32 dann beginnt der Scan, man sollte dann auch scannen lassen:
- C:\Windows
- C:\

* klicke "6 --> der PC wird neustarten --> suche die 3 Scanreporte in C:\AV-CLS und kopiere sie
__________
MfG Sabina

rund um die PC-Sicherheit

28.06.2006, 16:07

Member

Beiträge: 38

#9 Hallo Sabina!
Hilfe ich habe ein Problem habe ich dir auch schon gesendet aber weiß jetzt nicht in welchem Forum ich weiter schreiben soll also mein Problem ist: C:\Windows\System32\NTSWRL32.DLL
Hiiiiiilfe ich weiß nicht weiter!Was kann ich tun,Und es öffnet sich wieder mein Antivir ständig und da steht diese Fehlermeldung!

28.06.2006, 16:25

Ehrenmitglied

Beiträge: 29434

#10 nelly19

poste alle logs + den scanreport vom antivirus
http://board.protecus.de/t23188.htm
__________
MfG Sabina

rund um die PC-Sicherheit

28.06.2006, 16:43

Member

Beiträge: 38

#11 Hier der Report von AntiVir:

[WARNUNG] Die Datei konnte nicht geöffnet werden!
C:\WINDOWS\SoftwareDistribution\EventCache\{7F8A51AD-8B5E-4311-8C4A-811D1D1135B3}.bin
[WARNUNG] Die Datei konnte nicht geöffnet werden!
C:\WINDOWS\system32\ldapi32.exe
[FUND] Enthält eine Signatur des (gefährlichen) Backdoorprogrammes BDS/Cakl.D
[INFO] Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '4503a309.qua' verschoben!
C:\WINDOWS\system32\config\default
[WARNUNG] Die Datei konnte nicht geöffnet werden!

Von Hijack This:

Logfile of HijackThis v1.99.1
Scan saved at 17:52:50, on 28.06.2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\CA\SharedComponents\CA_LIC\LogWatNT.exe
C:\WINDOWS\System32\locator.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wdfmgr.exe
C:\WINDOWS\wanmpsvc.exe
C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
C:\Programme\AntiVir PersonalEdition Classic\avguard.exe
C:\Programme\AntiVir PersonalEdition Classic\sched.exe
C:\Programme\Spyware Doctor\sdhelp.exe
C:\WINDOWS\Explorer.EXE
C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Programme\Home Cinema\PowerCinema\PCMService.exe
C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\System32\vssms32.exe
C:\Programme\Logitech\SetPoint\KEM.exe
C:\Programme\Logitech\SetPoint\KHALMNPR.EXE
C:\Programme\Mozilla Firefox\firefox.exe
C:\Dokumente und Einstellungen\Wencke Dössereck\Desktop\Hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://google.icq.com/search/search_frame.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://google.icq.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.de/
R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQToolbar\toolbaru.dll
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQToolbar\toolbaru.dll
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [PCMService] "C:\Programme\Home Cinema\PowerCinema\PCMService.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\System32\PSDrvCheck.exe
O4 - HKLM\..\Run: [ICQ Lite] "C:\Programme\ICQLite\ICQLite.exe" -minimize
O4 - HKLM\..\Run: [vssms32] C:\WINDOWS\System32\vssms32.exe
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Programme\Spyware Doctor\swdoctor.exe" /Q
O4 - HKCU\..\RunOnce: [ICQ Lite] C:\Programme\ICQLite\ICQLite.exe -trayboot
O4 - Startup: WISO Bewerbung-Reminder.lnk = C:\Programme\WISO\Bewerbung 4.0\KCReminder.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Programme\Logitech\SetPoint\KEM.exe
O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\Programme\ICQToolbar\toolbaru.dll/SEARCH.HTML
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O10 - Broken Internet access because of LSP provider 'mwnsp.dll' missing
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O23 - Service: AntiVir PersonalEdition Classic Planer (AntiVirScheduler) - Avira GmbH - C:\Programme\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - AVIRA GmbH - C:\Programme\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: CA-Lizenz-Client (CA_LIC_CLNT) - Computer Associates - C:\Programme\CA\SharedComponents\CA_LIC\lic98rmt.exe
O23 - Service: CA-Lizenzserver (CA_LIC_SRVR) - Computer Associates - C:\Programme\CA\SharedComponents\CA_LIC\lic98rmtd.exe
O23 - Service: Ereignisprotokoll-Überwachung (LogWatch) - Computer Associates - C:\Programme\CA\SharedComponents\CA_LIC\LogWatNT.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Programme\Spyware Doctor\sdhelp.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe

Und nun,muss ich noch etwas jetzt machen?
:-0 Vielen Dank für die tolle Hilfe schonmal!
Weiß nicht mehr genau wie das mit dem Texteditor geht und so....

Und es kam gerade noch eine komische backdoorprogramme fehlermeldung bei antivir:--> C:\Windows\System32\ldapi32.exe

Hier das Logfile

Datentr„ger in Laufwerk C: ist BOOT
Volumeseriennummer: C8E6-AEA1

Verzeichnis von C:\DOKUME~1\WENCKE~1\LOKALE~1\Temp

28.06.2006 17:57 983 TmpICQMagic_{EC202595-1DFD-4301-A1EA-13C1E331B505}4319.html
28.06.2006 17:57 16.384 ~DF6D25.tmp
28.06.2006 17:57 16.384 ~DF5E16.tmp
28.06.2006 17:57 512 ~DF5E24.tmp
28.06.2006 16:37 691.682 _iu14D2N.tmp
23.06.2006 02:01 114 DFC5A2B2.TMP
23.01.2006 15:36 429 datFind.bat
7 Datei(en) 726.488 Bytes
0 Verzeichnis(se), 32.908.685.312 Bytes frei

edit

Verzeichnis von C:\WINDOWS\system32

28.06.2006 17:58 23.552 ntcvx32.dll
28.06.2006 16:38 16.279 ikhcore.log
27.06.2006 19:57 642.560 vssms32.exe
23.06.2006 07:48 700.032 FNTCACHE.DAT
17.06.2006 12:11 1.158 wpa.dbl
15.06.2006 23:55 778.240 divx_xx07.dll

Dieser Beitrag wurde am 28.06.2006 um 19:30 Uhr von nelly19 editiert.

28.06.2006, 23:03

Ehrenmitglied

Beiträge: 29434

#12 nelly19

Information:BackDoor.Dosia
http://virus-protect.org/virus/vssms32.html

--------------------------------------------------------------------

1.
Avenger
http://virus-protect.org/artikel/tools/avenger.html
kopiere rein:

Zitat

Files to delete:
C:\WINDOWS\system32\ldapi32.exe
C:\WINDOWS\System32\vssms32.exe
C:\WINDOWS\System32\ntcvx32.dll
C:\WINDOWS\System32\ikhcore.log
C:\WINDOWS\hkr32.asm
C:\WINDOWS\Program.EXE

Klicke die gruene AmpeL
das Script wird nun ausgeführt, dann wird der PC automatisch neustarten

**
2.
poste das log vom Avenger, was erscheint

**
3.
Start - Ausfuehren - regedit
bearbeiten - suchen - vssms32.exe

««
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
C:\\WINDOWS\\system32\\vssms32.exe" -> loeschen

»»
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
vssms32 -> loeschen

»»
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSetControl\SafeBoot

minimal.xxx -> minimal
rechtsklick auf diesen Schlusessel und umbenennen in: minimal

network.xxx -> network
rechtsklick auf diesen Schlusessel und umbenennen in: network

»»
HKEY_CURRENT_USER\Software

suche loesche :

"Denese"
"PortNo"
"Kurban"
"Password"

»»
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"AntiVirusDisableNotify"=dword:00000001 -> auf 0 stellen
"FirewallDisableNotify"=dword:00000001 -> auf 0 stellen
"AntiVirusOverride"=dword:00000001 -> auf 0 stellen
"FirewallOverride"=dword:00000001 -> auf 0 stellen

------------------------------------------------------
PC neustarten

**

4.
poste noch das log von C:\Windows und C:\
denn das fehlt, dafuer hast du andere doppelt und dreifach gepostet................
__________
MfG Sabina

rund um die PC-Sicherheit

29.06.2006, 12:50

Member

Beiträge: 38

#13 Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\eaqgsotl

*******************

Script file located at: \??\C:\WINDOWS\itlkjutk.txt
Script file opened successfully.

Script file read successfully

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

File C:\WINDOWS\system32\ldapi32.exe not found!
Deletion of file C:\WINDOWS\system32\ldapi32.exe failed!

Could not process line:
C:\WINDOWS\system32\ldapi32.exe
Status: 0xc0000034

File C:\WINDOWS\System32\vssms32.exe deleted successfully.
File C:\WINDOWS\System32\ntcvx32.dll deleted successfully.
File C:\WINDOWS\System32\ikhcore.log deleted successfully.
File C:\WINDOWS\hkr32.asm deleted successfully.

File C:\WINDOWS\Program.EXE not found!
Deletion of file C:\WINDOWS\Program.EXE failed!

Could not process line:
C:\WINDOWS\Program.EXE
Status: 0xc0000034

Completed script processing.

*******************

Finished! Terminate.

Bei dem vorletzten Schritt finde ich das in Microsoft entstehende Security Center nicht,und Somit auch nicht den Ordner Antivirus etc.
Was mach ich denn dann nun?Ohje ich und Pc :-(

----->Ich habe nochmal Ad Aware laufen lassen und es findet immer ein Object immer wieder auf neue,ich kann es irgendwie nicht entfernen!
Hier:

Ad-Aware SE Build 1.06r1
Logfile Created on

onnerstag, 29. Juni 2006 15:30:33
Created with Ad-Aware SE Personal, free for private use.
Using definitions file:SE1R113 28.06.2006
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

References detected during the scan:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
MRU List(TAC index:0):7 total references
Tracking Cookie(TAC index:3):1 total references
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Ad-Aware SE Settings
===========================
Set : Search for negligible risk entries
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep-scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan my Hosts file

Extended Ad-Aware SE Settings
===========================
Set : Unload recognized processes & modules during scan
Set : Scan registry for all users instead of current user only
Set : Always try to unload modules before deletion
Set : During removal, unload Explorer and IE if necessary
Set : Let Windows remove files in use at next reboot
Set : Delete quarantined objects after restoring
Set : Include basic Ad-Aware settings in log file
Set : Include additional Ad-Aware settings in log file
Set : Include reference summary in log file
Set : Include alternate data stream details in log file
Set : Play sound at scan completion if scan locates critical objects

29.06.2006 15:30:33 - Scan started. (Full System Scan)

MRU List Object Recognized!
Location: : software\microsoft\direct3d\mostrecentapplication
Description : most recent application to use microsoft direct3d

MRU List Object Recognized!
Location: : software\microsoft\direct3d\mostrecentapplication
Description : most recent application to use microsoft direct X

MRU List Object Recognized!
Location: : S-1-5-21-1116054189-212291442-1327323702-1006\software\microsoft\directinput\mostrecentapplication
Description : most recent application to use microsoft directinput

MRU List Object Recognized!
Location: : S-1-5-21-1116054189-212291442-1327323702-1006\software\microsoft\directinput\mostrecentapplication
Description : most recent application to use microsoft directinput

MRU List Object Recognized!
Location: : S-1-5-21-1116054189-212291442-1327323702-1006\software\microsoft\search assistant\acmru
Description : list of recent search terms used with the search assistant

MRU List Object Recognized!
Location: : S-1-5-21-1116054189-212291442-1327323702-1006\software\microsoft\windows\currentversion\applets\regedit
Description : last key accessed using the microsoft registry editor

MRU List Object Recognized!
Location: : S-1-5-21-1116054189-212291442-1327323702-1006\software\microsoft\windows\currentversion\explorer\runmru
Description : mru list for items opened in start | run

Listing running processes
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

#:1 [smss.exe]
FilePath : \SystemRoot\System32\
ProcessID : 504
ThreadCreationTime : 29.06.2006 13:14:20
BasePriority : Normal

#:2 [csrss.exe]
FilePath : \??\C:\WINDOWS\system32\
ProcessID : 544
ThreadCreationTime : 29.06.2006 13:14:21
BasePriority : Normal

#:3 [winlogon.exe]
FilePath : \??\C:\WINDOWS\system32\
ProcessID : 568
ThreadCreationTime : 29.06.2006 13:14:22
BasePriority : High

#:4 [services.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 616
ThreadCreationTime : 29.06.2006 13:14:22
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Betriebssystem Microsoft® Windows®
CompanyName : Microsoft Corporation
FileDescription : Anwendung für Dienste und Controller
InternalName : services.exe
LegalCopyright : © Microsoft Corporation. Alle Rechte vorbehalten.
OriginalFilename : services.exe

#:5 [lsass.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 628
ThreadCreationTime : 29.06.2006 13:14:22
BasePriority : Normal
FileVersion : 5.1.2600.1106 (xpsp1.020828-1920)
ProductVersion : 5.1.2600.1106
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : LSA Shell (Export Version)
InternalName : lsass.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : lsass.exe

#:6 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 800
ThreadCreationTime : 29.06.2006 13:14:23
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:7 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 876
ThreadCreationTime : 29.06.2006 13:14:23
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:8 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 968
ThreadCreationTime : 29.06.2006 13:14:24
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:9 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 988
ThreadCreationTime : 29.06.2006 13:14:24
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:10 [explorer.exe]
FilePath : C:\WINDOWS\
ProcessID : 1284
ThreadCreationTime : 29.06.2006 13:14:25
BasePriority : Normal
FileVersion : 6.00.2800.1221 (xpsp2.030511-1403)
ProductVersion : 6.00.2800.1221
ProductName : Betriebssystem Microsoft® Windows®
CompanyName : Microsoft Corporation
FileDescription : Windows Explorer
InternalName : explorer
LegalCopyright : © Microsoft Corporation. Alle Rechte vorbehalten.
OriginalFilename : EXPLORER.EXE

#:11 [spoolsv.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1352
ThreadCreationTime : 29.06.2006 13:14:25
BasePriority : Normal
FileVersion : 5.1.2600.1699 (xpsp2.050610-1533)
ProductVersion : 5.1.2600.1699
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Spooler SubSystem App
InternalName : spoolsv.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : spoolsv.exe

#:12 [atiptaxx.exe]
FilePath : C:\Programme\ATI Technologies\ATI Control Panel\
ProcessID : 1448
ThreadCreationTime : 29.06.2006 13:14:26
BasePriority : Normal
FileVersion : 6.14.10.5029
ProductVersion : 6.14.10.5029
ProductName : ATI Desktop Component
CompanyName : ATI Technologies, Inc.
FileDescription : ATI Desktop Control Panel
InternalName : Atiptaxx.exe
LegalCopyright : Copyright (C) 1998-2002 ATI Technologies Inc.
OriginalFilename : Atiptaxx.exe

#:13 [pcmservice.exe]
FilePath : C:\Programme\Home Cinema\PowerCinema\
ProcessID : 1456
ThreadCreationTime : 29.06.2006 13:14:26
BasePriority : Normal
FileVersion : 1, 0, 0, 1
ProductVersion : 1, 0, 0, 1
ProductName : PCMService Application
FileDescription : PCMService MFC Application
InternalName : PCMService
LegalCopyright : Copyright (C) 2002
OriginalFilename : PCMService.EXE

#:14 [avgnt.exe]
FilePath : C:\Programme\AntiVir PersonalEdition Classic\
ProcessID : 1464
ThreadCreationTime : 29.06.2006 13:14:26
BasePriority : Normal

#:15 [icqlite.exe]
FilePath : C:\Programme\ICQLite\
ProcessID : 1480
ThreadCreationTime : 29.06.2006 13:14:26
BasePriority : Normal
FileVersion : 20, 52, 2573, 0
ProductVersion : 20, 52, 2573, 0
ProductName : ICQLite
CompanyName : ICQ Ltd.
FileDescription : ICQLite
InternalName : ICQ Lite
LegalCopyright : Copyright (C) 2002
OriginalFilename : ICQLite.exe

#:16 [kem.exe]
FilePath : C:\Programme\Logitech\SetPoint\
ProcessID : 1496
ThreadCreationTime : 29.06.2006 13:14:26
BasePriority : Normal
FileVersion : 2.12.801
ProductVersion : 2.12.801
ProductName : SetPoint Files
CompanyName : Logitech Inc.
FileDescription : Logitech SetPoint
InternalName : SetPoint
LegalCopyright : (C) 2003 Logitech. All rights reserved.
LegalTrademarks : Logitech®, is a registered trademark of Logitech Inc.
OriginalFilename : KEM.exe
Comments : Created by the Productivity Software team

#:17 [khalmnpr.exe]
FilePath : C:\Programme\Logitech\SetPoint\
ProcessID : 1600
ThreadCreationTime : 29.06.2006 13:14:28
BasePriority : Normal
FileVersion : 2.12.735
ProductVersion : 2.12.735
ProductName : Productivity Software Common Files
CompanyName : Logitech Inc.
FileDescription : Logitech Hardware Abstraction Layer
InternalName : SetPoint
LegalCopyright : (C) 2003 Logitech. All rights reserved.
LegalTrademarks : Logitech®, MouseWare® and iTouch® are registered trademarks of Logitech Inc.
OriginalFilename : KHALMNPR.Exe
Comments : Created by the Productivity Software team

#:18 [sched.exe]
FilePath : C:\Programme\AntiVir PersonalEdition Classic\
ProcessID : 1824
ThreadCreationTime : 29.06.2006 13:14:40
BasePriority : Normal

#:19 [avguard.exe]
FilePath : C:\Programme\AntiVir PersonalEdition Classic\
ProcessID : 1836
ThreadCreationTime : 29.06.2006 13:14:40
BasePriority : Normal

#:20 [logwatnt.exe]
FilePath : C:\Programme\CA\SharedComponents\CA_LIC\
ProcessID : 1872
ThreadCreationTime : 29.06.2006 13:14:40
BasePriority : Normal
FileVersion : 1.52
ProductVersion : 1, 0, 0, 1
ProductName : Computer Associates LogWatNT
CompanyName : Computer Associates
FileDescription : LogWatNT
InternalName : LogWatNT
LegalCopyright : Copyright © 2002
OriginalFilename : LogWatNT.exe

#:21 [locator.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1896
ThreadCreationTime : 29.06.2006 13:14:40
BasePriority : Normal
FileVersion : 5.1.2600.1147 (xpsp2.021108-1929)
ProductVersion : 5.1.2600.1147
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Rpc Locator
InternalName : locator.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : locator.exe

#:22 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1916
ThreadCreationTime : 29.06.2006 13:14:40
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:23 [wdfmgr.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1940
ThreadCreationTime : 29.06.2006 13:14:40
BasePriority : Normal
FileVersion : 5.2.3790.1230 built by: dnsrv(bld4act)
ProductVersion : 5.2.3790.1230
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows User Mode Driver Manager
InternalName : WdfMgr
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : WdfMgr.exe

#:24 [wanmpsvc.exe]
FilePath : C:\WINDOWS\
ProcessID : 1992
ThreadCreationTime : 29.06.2006 13:14:40
BasePriority : Normal
FileVersion : 7, 0, 0, 2
ProductVersion : 7, 0, 0, 2
ProductName : America Online
CompanyName : America Online, Inc.
FileDescription : Wan Miniport (ATW) Service
InternalName : WanMPSvc
LegalCopyright : Copyright © 2001 America Online, Inc.
OriginalFilename : WanMPSvc.exe

#:25 [x10nets.exe]
FilePath : C:\PROGRA~1\COMMON~1\X10\Common\
ProcessID : 148
ThreadCreationTime : 29.06.2006 13:14:40
BasePriority : Normal
FileVersion : 1, 0, 0, 1
ProductVersion : 1, 0, 0, 1
ProductName : x10 Module
CompanyName : X10
FileDescription : X10 Module
InternalName : x10
LegalCopyright : Copyright 1999 X10
OriginalFilename : x10.exe

#:26 [utorrent.exe]
FilePath : C:\Programme\uTorrent\
ProcessID : 456
ThreadCreationTime : 29.06.2006 13:22:15
BasePriority : Normal

#:27 [ad-aware.exe]
FilePath : C:\Programme\Lavasoft\Ad-Aware SE Personal\
ProcessID : 860
ThreadCreationTime : 29.06.2006 13:30:17
BasePriority : Normal
FileVersion : 6.2.0.236
ProductVersion : SE 106
ProductName : Lavasoft Ad-Aware SE
CompanyName : Lavasoft Sweden
FileDescription : Ad-Aware SE Core application
InternalName : Ad-Aware.exe
LegalCopyright : Copyright © Lavasoft AB Sweden
OriginalFilename : Ad-Aware.exe
Comments : All Rights Reserved

Memory scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 7

Started registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Registry Scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 7

Started deep registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Deep registry scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 7

Started Tracking Cookie scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : wencke dössereck@rambler[2].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:3
Value : Cookie:wencke dössereck@rambler.ru/
Expires : 01.01.2008 02:00:00
LastSync : Hits:3
UseCount : 0
Hits : 3

Tracking cookie scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 1
Objects found so far: 8

Deep scanning and examining files (C

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Disk Scan Result for C:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 8

Deep scanning and examining files (D

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Disk Scan Result for D:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 8

Deep scanning and examining files (E

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Disk Scan Result for E:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 8

Performing conditional scans...
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Conditional scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 8

15:44:31 Scan Complete

Summary Of This Scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Total scanning time:00:13:58.125
Objects scanned:178085
Objects identified:1
Objects ignored:0
New critical objects:1

Dieser Beitrag wurde am 29.06.2006 um 15:50 Uhr von nelly19 editiert.

29.06.2006, 18:10

Ehrenmitglied

Beiträge: 29434

#14 du hast keine WindowsUpdates gemacht, also kein SP2 geladen, deshalb findest du die Eintraege in der Registry nicht.
Mache bitte die Windowsupdates, ich hoffe, dein XP ist legal.
dann berichte
__________
MfG Sabina

rund um die PC-Sicherheit

29.06.2006, 18:14