Home » Viren, Trojaner & Malware Forum » Backdoor/Ciadoor 13, Sytemwiederherstellung geht nicht... :( » Themenansicht

Backdoor/Ciadoor 13, Sytemwiederherstellung geht nicht... :(

Thema ist geschlossen!
Thema ist geschlossen!
#0
18.07.2006, 14:56
Marsel
Member

Themenstarter

Beiträge: 34
#31 Sorry Sabina... War nicht so gemeint. ;) Dachte bloß nach den anderen schnellen Antworten das es diesmal och so schnell geht...


So. Alle Werte waren so bereits so eingestellt wie hier oben beschrieben. Hab mich ja schon vorher informiert und manche Registry-Veränderung angewandt.

Aber leider geht das immer noch nicht. ;) Kann man da nichts mehr machen?


Und nochmal zurück zu der Frage: IST JETZT ALLES SOWEIT BEREINIGT?


Und hier der Scan-Report:

GMER 1.0.10.10122 - http://www.gmer.net
Rootkit 2006-07-18 15:14:43
Windows 5.1.2600 Service Pack 2


---- System - GMER 1.0.10 ----

SSDT a347bus.sys ZwClose
SSDT a347bus.sys ZwCreateKey
SSDT a347bus.sys ZwCreatePagingFile
SSDT a347bus.sys ZwEnumerateKey
SSDT a347bus.sys ZwEnumerateValueKey
SSDT a347bus.sys ZwOpenKey
SSDT \??\C:\Programme\ewido anti-spyware 4.0\guard.sys ZwOpenProcess
SSDT a347bus.sys ZwQueryKey
SSDT a347bus.sys ZwQueryValueKey
SSDT a347bus.sys ZwSetSystemPowerState
SSDT sptd.sys ZwSetValueKey
SSDT \??\C:\Programme\ewido anti-spyware 4.0\guard.sys ZwTerminateProcess

---- Devices - GMER 1.0.10 ----

Device \FileSystem\Ntfs \Ntfs IRP_MJ_CREATE 833D0940
Device \Driver\NetBT \Device\NetBT_Tcpip_{0D71D18C-0871-4F46-AA39-F271C30AD494} IRP_MJ_CREATE 82C1F8D8
Device \Driver\prodrv06 \Device\ProDrv06 IRP_MJ_CREATE E2030828
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_CREATE 833D3C78
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_CREATE 82FA5980
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_CREATE_NAMED_PIPE 82FA5980
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_CLOSEIRP_MJ_READ 82FA5980
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_WRITE 82FA5980
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_QUERY_INFORMATION 82FA5980
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SET_INFORMATION 82FA5980
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_QUERY_EA 82FA5980
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SET_EA 82FA5980
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_FLUSH_BUFFERS 82FA5980
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_QUERY_VOLUME_INFORMATION 82FA5980
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SET_VOLUME_INFORMATION 82FA5980
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_DIRECTORY_CONTROL 82FA5980
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_FILE_SYSTEM_CONTROL 82FA5980
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_DEVICE_CONTROL 82FA5980
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_INTERNAL_DEVICE_CONTROL 82FA5980
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SHUTDOWN 82FA5980
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_LOCK_CONTROL 82FA5980
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_CLEANUP 82FA5980
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_CREATE_MAILSLOT 82FA5980
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_QUERY_SECURITY 82FA5980
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SET_SECURITY 82FA5980
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_POWER 82FA5980
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SYSTEM_CONTROL 82FA5980
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_DEVICE_CHANGE 82FA5980
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_QUERY_QUOTA 82FA5980
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SET_QUOTA 82FA5980
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_PNP 82FA5980
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_PNP_POWER 82FA5980
Device \Driver\USBSTOR \Device\000000a4 IRP_MJ_CREATE 82B6DEB0
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_CREATE 82BEBEB0
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_CREATE_NAMED_PIPE 82BEBEB0
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_CLOSEIRP_MJ_READ 82BEBEB0
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_WRITE 83086108
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_QUERY_INFORMATION 82BEBEB0
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_SET_INFORMATION 82BEBEB0
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_QUERY_EA 82BEBEB0
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_SET_EA 82BEBEB0
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_FLUSH_BUFFERS 82BEBEB0
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_QUERY_VOLUME_INFORMATION 82BEBEB0
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_SET_VOLUME_INFORMATION 82BEBEB0
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_DIRECTORY_CONTROL 82BEBEB0
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_FILE_SYSTEM_CONTROL 82BEBEB0
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_DEVICE_CONTROL 82BEBEB0
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_INTERNAL_DEVICE_CONTROL 82BEBEB0
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_SHUTDOWN 82BEBEB0
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_LOCK_CONTROL 82BEBEB0
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_CLEANUP 82BEBEB0
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_CREATE_MAILSLOT 82BEBEB0
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_QUERY_SECURITY 82BEBEB0
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_SET_SECURITY 82BEBEB0
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_POWER 82BEBEB0
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_SYSTEM_CONTROL 82BEBEB0
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_DEVICE_CHANGE 82BEBEB0
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_QUERY_QUOTA 82BEBEB0
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_SET_QUOTA 82BEBEB0
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_PNP 82BEBEB0
Device \Driver\USBSTOR \Device\000000a5 IRP_MJ_CREATE 82B6DEB0
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-17 IRP_MJ_CREATE 8332BC88
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-17 IRP_MJ_CREATE_NAMED_PIPE 8332BC88
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-17 IRP_MJ_CLOSEIRP_MJ_READ 8332BC88
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-17 IRP_MJ_WRITE 8332BC88
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-17 IRP_MJ_QUERY_INFORMATION 8332BC88
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-17 IRP_MJ_SET_INFORMATION 8332BC88
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-17 IRP_MJ_QUERY_EA 8332BC88
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-17 IRP_MJ_SET_EA 8332BC88
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-17 IRP_MJ_FLUSH_BUFFERS 8332BC88
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-17 IRP_MJ_QUERY_VOLUME_INFORMATION 8332BC88
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-17 IRP_MJ_SET_VOLUME_INFORMATION 8332BC88
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-17 IRP_MJ_DIRECTORY_CONTROL 8332BC88
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-17 IRP_MJ_FILE_SYSTEM_CONTROL 8332BC88
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-17 IRP_MJ_DEVICE_CONTROL 8332BC88
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-17 IRP_MJ_INTERNAL_DEVICE_CONTROL 8332BC88
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-17 IRP_MJ_SHUTDOWN 8332BC88
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-17 IRP_MJ_LOCK_CONTROL 8332BC88
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-17 IRP_MJ_CLEANUP 8332BC88
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-17 IRP_MJ_CREATE_MAILSLOT 8332BC88
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-17 IRP_MJ_QUERY_SECURITY 8332BC88
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-17 IRP_MJ_SET_SECURITY 8332BC88
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-17 IRP_MJ_POWER 8332BC88
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-17 IRP_MJ_SYSTEM_CONTROL 8332BC88
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-17 IRP_MJ_DEVICE_CHANGE 8332BC88
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-17 IRP_MJ_QUERY_QUOTA 8332BC88
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-17 IRP_MJ_SET_QUOTA 8332BC88
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-17 IRP_MJ_PNP 8332BC88
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-17 IRP_MJ_PNP_POWER 8332BC88
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_CREATE 8332BC88
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_CREATE_NAMED_PIPE 8332BC88
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_CLOSEIRP_MJ_READ 8332BC88
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_WRITE 8332BC88
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_QUERY_INFORMATION 8332BC88
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_SET_INFORMATION 8332BC88
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_QUERY_EA 8332BC88
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_SET_EA 8332BC88
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_FLUSH_BUFFERS 8332BC88
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_QUERY_VOLUME_INFORMATION 8332BC88
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_SET_VOLUME_INFORMATION 8332BC88
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_DIRECTORY_CONTROL 8332BC88
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_FILE_SYSTEM_CONTROL 8332BC88
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_DEVICE_CONTROL 8332BC88
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_INTERNAL_DEVICE_CONTROL 8332BC88
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_SHUTDOWN 8332BC88
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_LOCK_CONTROL 8332BC88
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_CLEANUP 8332BC88
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_CREATE_MAILSLOT 8332BC88
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_QUERY_SECURITY 8332BC88
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_SET_SECURITY 8332BC88
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_POWER 8332BC88
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_SYSTEM_CONTROL 8332BC88
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_DEVICE_CHANGE 8332BC88
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_QUERY_QUOTA 8332BC88
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_SET_QUOTA 8332BC88
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_PNP 8332BC88
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_PNP_POWER 8332BC88
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_CREATE 8332BC88
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_CREATE_NAMED_PIPE 8332BC88
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_CLOSEIRP_MJ_READ 8332BC88
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_WRITE 8332BC88
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_QUERY_INFORMATION 8332BC88
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_SET_INFORMATION 8332BC88
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_QUERY_EA 8332BC88
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_SET_EA 8332BC88
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_FLUSH_BUFFERS 8332BC88
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_QUERY_VOLUME_INFORMATION 8332BC88
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_SET_VOLUME_INFORMATION 8332BC88
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_DIRECTORY_CONTROL 8332BC88
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_FILE_SYSTEM_CONTROL 8332BC88
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_DEVICE_CONTROL 8332BC88
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_INTERNAL_DEVICE_CONTROL 8332BC88
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_SHUTDOWN 8332BC88
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_LOCK_CONTROL 8332BC88
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_CLEANUP 8332BC88
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_CREATE_MAILSLOT 8332BC88
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_QUERY_SECURITY 8332BC88
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_SET_SECURITY 8332BC88
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_POWER 8332BC88
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_SYSTEM_CONTROL 8332BC88
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_DEVICE_CHANGE 8332BC88
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_QUERY_QUOTA 8332BC88
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_SET_QUOTA 8332BC88
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_PNP 8332BC88
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_PNP_POWER 8332BC88
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_CREATE 8332BC88
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_CREATE_NAMED_PIPE 8332BC88
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_CLOSEIRP_MJ_READ 8332BC88
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_WRITE 8332BC88
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_QUERY_INFORMATION 8332BC88
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_SET_INFORMATION 8332BC88
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_QUERY_EA 8332BC88
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_SET_EA 8332BC88
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_FLUSH_BUFFERS 8332BC88
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_QUERY_VOLUME_INFORMATION 8332BC88
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_SET_VOLUME_INFORMATION 8332BC88
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_DIRECTORY_CONTROL 8332BC88
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_FILE_SYSTEM_CONTROL 8332BC88
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_DEVICE_CONTROL 8332BC88
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_INTERNAL_DEVICE_CONTROL 8332BC88
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_SHUTDOWN 8332BC88
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_LOCK_CONTROL 8332BC88
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_CLEANUP 8332BC88
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_CREATE_MAILSLOT 8332BC88
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_QUERY_SECURITY 8332BC88
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_SET_SECURITY 8332BC88
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_POWER 8332BC88
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_SYSTEM_CONTROL 8332BC88
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_DEVICE_CHANGE 8332BC88
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_QUERY_QUOTA 8332BC88
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_SET_QUOTA 8332BC88
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_PNP 8332BC88
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_PNP_POWER 8332BC88
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-f IRP_MJ_CREATE 8332BC88
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-f IRP_MJ_CREATE_NAMED_PIPE 8332BC88
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-f IRP_MJ_CLOSEIRP_MJ_READ 8332BC88
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-f IRP_MJ_WRITE 8332BC88
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-f IRP_MJ_QUERY_INFORMATION 8332BC88
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-f IRP_MJ_SET_INFORMATION 8332BC88
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-f IRP_MJ_QUERY_EA 8332BC88
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-f IRP_MJ_SET_EA 8332BC88
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-f IRP_MJ_FLUSH_BUFFERS 8332BC88
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-f IRP_MJ_QUERY_VOLUME_INFORMATION 8332BC88
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-f IRP_MJ_SET_VOLUME_INFORMATION 8332BC88
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-f IRP_MJ_DIRECTORY_CONTROL 8332BC88
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-f IRP_MJ_FILE_SYSTEM_CONTROL 8332BC88
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-f IRP_MJ_DEVICE_CONTROL 8332BC88
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-f IRP_MJ_INTERNAL_DEVICE_CONTROL 8332BC88
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-f IRP_MJ_SHUTDOWN 8332BC88
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-f IRP_MJ_LOCK_CONTROL 8332BC88
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-f IRP_MJ_CLEANUP 8332BC88
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-f IRP_MJ_CREATE_MAILSLOT 8332BC88
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-f IRP_MJ_QUERY_SECURITY 8332BC88
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-f IRP_MJ_SET_SECURITY 8332BC88
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-f IRP_MJ_POWER 8332BC88
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-f IRP_MJ_SYSTEM_CONTROL 8332BC88
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-f IRP_MJ_DEVICE_CHANGE 8332BC88
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-f IRP_MJ_QUERY_QUOTA 8332BC88
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-f IRP_MJ_SET_QUOTA 8332BC88
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-f IRP_MJ_PNP 8332BC88
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-f IRP_MJ_PNP_POWER 8332BC88
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_CREATE 82FA5980
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_CREATE_NAMED_PIPE 82FA5980
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_CLOSEIRP_MJ_READ 82FA5980
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_WRITE 82FA5980
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_QUERY_INFORMATION 82FA5980
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SET_INFORMATION 82FA5980
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_QUERY_EA 82FA5980
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SET_EA 82FA5980
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_FLUSH_BUFFERS 82FA5980
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_QUERY_VOLUME_INFORMATION 82FA5980
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SET_VOLUME_INFORMATION 82FA5980
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_DIRECTORY_CONTROL 82FA5980
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_FILE_SYSTEM_CONTROL 82FA5980
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_DEVICE_CONTROL 82FA5980
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_INTERNAL_DEVICE_CONTROL 82FA5980
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SHUTDOWN 82FA5980
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_LOCK_CONTROL 82FA5980
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_CLEANUP 82FA5980
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_CREATE_MAILSLOT 82FA5980
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_QUERY_SECURITY 82FA5980
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SET_SECURITY 82FA5980
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_POWER 82FA5980
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SYSTEM_CONTROL 82FA5980
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_DEVICE_CHANGE 82FA5980
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_QUERY_QUOTA 82FA5980
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SET_QUOTA 82FA5980
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_PNP 82FA5980
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_PNP_POWER 82FA5980
Device \Driver\USBSTOR \Device\000000a6 IRP_MJ_CREATE 82B6DEB0
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_CREATE 82FA5980
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_CREATE_NAMED_PIPE 82FA5980
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_CLOSEIRP_MJ_READ 82FA5980
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_WRITE 82FA5980
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_QUERY_INFORMATION 82FA5980
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_SET_INFORMATION 82FA5980
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_QUERY_EA 82FA5980
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_SET_EA 82FA5980
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_FLUSH_BUFFERS 82FA5980
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_QUERY_VOLUME_INFORMATION 82FA5980
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_SET_VOLUME_INFORMATION 82FA5980
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_DIRECTORY_CONTROL 82FA5980
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_FILE_SYSTEM_CONTROL 82FA5980
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_DEVICE_CONTROL 82FA5980
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_INTERNAL_DEVICE_CONTROL 82FA5980
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_SHUTDOWN 82FA5980
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_LOCK_CONTROL 82FA5980
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_CLEANUP 82FA5980
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_CREATE_MAILSLOT 82FA5980
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_QUERY_SECURITY 82FA5980
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_SET_SECURITY 82FA5980
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_POWER 82FA5980
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_SYSTEM_CONTROL 82FA5980
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_DEVICE_CHANGE 82FA5980
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_QUERY_QUOTA 82FA5980
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_SET_QUOTA 82FA5980
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_PNP 82FA5980
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_PNP_POWER 82FA5980
Device \Driver\00000065 \Device\00000081 IRP_MJ_SYSTEM_CONTROL [F8790EA8] sptd.sys
Device \Driver\00000065 \Device\00000081 IRP_MJ_DEVICE_CHANGE [F87A4A70] sptd.sys
Device \Driver\00000065 \Device\00000081 IRP_MJ_PNP_POWER [F879D728] sptd.sys
Device \Driver\prohlp02 \Device\ProHlp02 IRP_MJ_CREATE E18FD850
Device \Driver\NetBT \Device\NetBt_Wins_Export IRP_MJ_CREATE 82C1F8D8
Device \Driver\NetBT \Device\NetbiosSmb IRP_MJ_CREATE 82C1F8D8
Device \Driver\Disk \Device\Harddisk0\DR0 IRP_MJ_CREATE 833D0BF8
Device \Driver\Disk \Device\Harddisk1\DR2 IRP_MJ_CREATE 833D0BF8
Device \Driver\Disk \Device\Harddisk1\DP(1)0-0+4 IRP_MJ_CREATE 833D0BF8
Device \Driver\Disk \Device\Harddisk2\DR3 IRP_MJ_CREATE 833D0BF8
Device \Driver\Disk \Device\Harddisk2\DP(1)0-0+5 IRP_MJ_CREATE 833D0BF8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_CREATE 82BE9360
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_CREATE_NAMED_PIPE 82BE9360
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_CLOSEIRP_MJ_READ 82BE9360
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_WRITE 82BEA250
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_QUERY_INFORMATION 82BE9360
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SET_INFORMATION 82BE9360
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_QUERY_EA 82BE9360
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SET_EA 82BE9360
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_FLUSH_BUFFERS 82BE9360
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_QUERY_VOLUME_INFORMATION 82BE9360
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SET_VOLUME_INFORMATION 82BE9360
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_DIRECTORY_CONTROL 82BE9360
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_FILE_SYSTEM_CONTROL 82BE9360
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_DEVICE_CONTROL 82BE9360
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_INTERNAL_DEVICE_CONTROL 82BE9360
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SHUTDOWN 82BE9360
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_LOCK_CONTROL 82BE9360
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_CLEANUP 82BE9360
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_CREATE_MAILSLOT 82BE9360
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_QUERY_SECURITY 82BE9360
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SET_SECURITY 82BE9360
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_POWER 82BE9360
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SYSTEM_CONTROL 82BE9360
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_DEVICE_CHANGE 82BE9360
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_QUERY_QUOTA 82BE9360
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SET_QUOTA 82BE9360
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_PNP 82BE9360
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_PNP_POWER 82BE9360
Device \Driver\NetBT \Device\NetBT_Tcpip_{EC773A3C-F304-4620-B375-D1CB22A8691A} IRP_MJ_CREATE 82C1F8D8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_CREATE 82BE9360
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_CREATE_NAMED_PIPE 82BE9360
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_CLOSEIRP_MJ_READ 82BE9360
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_WRITE 82BEA250
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_QUERY_INFORMATION 82BE9360
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SET_INFORMATION 82BE9360
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_QUERY_EA 82BE9360
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SET_EA 82BE9360
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_FLUSH_BUFFERS 82BE9360
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_QUERY_VOLUME_INFORMATION 82BE9360
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SET_VOLUME_INFORMATION 82BE9360
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_DIRECTORY_CONTROL 82BE9360
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_FILE_SYSTEM_CONTROL 82BE9360
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_DEVICE_CONTROL 82BE9360
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_INTERNAL_DEVICE_CONTROL 82BE9360
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SHUTDOWN 82BE9360
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_LOCK_CONTROL 82BE9360
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_CLEANUP 82BE9360
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_CREATE_MAILSLOT 82BE9360
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_QUERY_SECURITY 82BE9360
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SET_SECURITY 82BE9360
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_POWER 82BE9360
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SYSTEM_CONTROL 82BE9360
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_DEVICE_CHANGE 82BE9360
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_QUERY_QUOTA 82BE9360
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SET_QUOTA 82BE9360
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_PNP 82BE9360
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_PNP_POWER 82BE9360
Device \FileSystem\Npfs \Device\NamedPipe IRP_MJ_CREATE 82C24EB0
Device \FileSystem\Npfs \Device\NamedPipe IRP_MJ_CREATE_NAMED_PIPE 82C24EB0
Device \FileSystem\Npfs \Device\NamedPipe IRP_MJ_CLOSEIRP_MJ_READ 82C24EB0
Device \FileSystem\Npfs \Device\NamedPipe IRP_MJ_WRITE 82F002B0
Device \FileSystem\Npfs \Device\NamedPipe IRP_MJ_QUERY_INFORMATION 82C24EB0
Device \FileSystem\Npfs \Device\NamedPipe IRP_MJ_SET_INFORMATION 82C24EB0
Device \FileSystem\Npfs \Device\NamedPipe IRP_MJ_QUERY_EA 82C24EB0
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_CREATE 833D3C78
Device \FileSystem\Msfs \Device\Mailslot IRP_MJ_CREATE 82BE2EB0
Device \Driver\dtscsi \Device\Scsi\dtscsi1Port2Path0Target0Lun0 IRP_MJ_CREATE 82FC9008
Device \Driver\dtscsi \Device\Scsi\dtscsi1Port2Path0Target0Lun0 IRP_MJ_CREATE_NAMED_PIPE 82FC9008
Device \Driver\dtscsi \Device\Scsi\dtscsi1Port2Path0Target0Lun0 IRP_MJ_CLOSEIRP_MJ_READ 82FC9008
Device \Driver\dtscsi \Device\Scsi\dtscsi1Port2Path0Target0Lun0 IRP_MJ_WRITE 82FC9008
Device \Driver\dtscsi \Device\Scsi\dtscsi1Port2Path0Target0Lun0 IRP_MJ_QUERY_INFORMATION 82FC9008
Device \Driver\dtscsi \Device\Scsi\dtscsi1Port2Path0Target0Lun0 IRP_MJ_SET_INFORMATION 82FC9008
Device \Driver\dtscsi \Device\Scsi\dtscsi1Port2Path0Target0Lun0 IRP_MJ_QUERY_EA 82FC9008
Device \Driver\dtscsi \Device\Scsi\dtscsi1Port2Path0Target0Lun0 IRP_MJ_SET_EA 82FC9008
Device \Driver\dtscsi \Device\Scsi\dtscsi1Port2Path0Target0Lun0 IRP_MJ_FLUSH_BUFFERS 82FC9008
Device \Driver\dtscsi \Device\Scsi\dtscsi1Port2Path0Target0Lun0 IRP_MJ_QUERY_VOLUME_INFORMATION 82FC9008
Device \Driver\dtscsi \Device\Scsi\dtscsi1Port2Path0Target0Lun0 IRP_MJ_SET_VOLUME_INFORMATION 82FC9008
Device \Driver\dtscsi \Device\Scsi\dtscsi1Port2Path0Target0Lun0 IRP_MJ_DIRECTORY_CONTROL 82FC9008
Device \Driver\dtscsi \Device\Scsi\dtscsi1Port2Path0Target0Lun0 IRP_MJ_FILE_SYSTEM_CONTROL 82FC9008
Device \Driver\dtscsi \Device\Scsi\dtscsi1Port2Path0Target0Lun0 IRP_MJ_DEVICE_CONTROL 82FC9008
Device \Driver\dtscsi \Device\Scsi\dtscsi1Port2Path0Target0Lun0 IRP_MJ_INTERNAL_DEVICE_CONTROL 82FC9008
Device \Driver\dtscsi \Device\Scsi\dtscsi1Port2Path0Target0Lun0 IRP_MJ_SHUTDOWN 82FC9008
Device \Driver\dtscsi \Device\Scsi\dtscsi1Port2Path0Target0Lun0 IRP_MJ_LOCK_CONTROL 82FC9008
Device \Driver\dtscsi \Device\Scsi\dtscsi1Port2Path0Target0Lun0 IRP_MJ_CLEANUP 82FC9008
Device \Driver\dtscsi \Device\Scsi\dtscsi1Port2Path0Target0Lun0 IRP_MJ_CREATE_MAILSLOT 82FC9008
Device \Driver\dtscsi \Device\Scsi\dtscsi1Port2Path0Target0Lun0 IRP_MJ_QUERY_SECURITY 82FC9008
Device \Driver\dtscsi \Device\Scsi\dtscsi1Port2Path0Target0Lun0 IRP_MJ_SET_SECURITY 82FC9008
Device \Driver\dtscsi \Device\Scsi\dtscsi1Port2Path0Target0Lun0 IRP_MJ_POWER 82FC9008
Device \Driver\dtscsi \Device\Scsi\dtscsi1Port2Path0Target0Lun0 IRP_MJ_SYSTEM_CONTROL 82FC9008
Device \Driver\dtscsi \Device\Scsi\dtscsi1Port2Path0Target0Lun0 IRP_MJ_DEVICE_CHANGE 82FC9008
Device \Driver\dtscsi \Device\Scsi\dtscsi1Port2Path0Target0Lun0 IRP_MJ_QUERY_QUOTA 82FC9008
Device \Driver\dtscsi \Device\Scsi\dtscsi1Port2Path0Target0Lun0 IRP_MJ_SET_QUOTA 82FC9008
Device \Driver\dtscsi \Device\Scsi\dtscsi1Port2Path0Target0Lun0 IRP_MJ_PNP 82FC9008
Device \Driver\dtscsi \Device\Scsi\dtscsi1Port2Path0Target0Lun0 IRP_MJ_PNP_POWER 82FC9008
Device \Driver\a347scsi \Device\Scsi\a347scsi1 IRP_MJ_CREATE 833D0EB0
Device \Driver\dtscsi \Device\Scsi\dtscsi1 IRP_MJ_CREATE 82FC9008
Device \Driver\dtscsi \Device\Scsi\dtscsi1 IRP_MJ_CREATE_NAMED_PIPE 82FC9008
Device \Driver\dtscsi \Device\Scsi\dtscsi1 IRP_MJ_CLOSEIRP_MJ_READ 82FC9008
Device \Driver\dtscsi \Device\Scsi\dtscsi1 IRP_MJ_WRITE 82FC9008
Device \Driver\dtscsi \Device\Scsi\dtscsi1 IRP_MJ_QUERY_INFORMATION 82FC9008
Device \Driver\dtscsi \Device\Scsi\dtscsi1 IRP_MJ_SET_INFORMATION 82FC9008
Device \Driver\dtscsi \Device\Scsi\dtscsi1 IRP_MJ_QUERY_EA 82FC9008
Device \Driver\dtscsi \Device\Scsi\dtscsi1 IRP_MJ_SET_EA 82FC9008
Device \Driver\dtscsi \Device\Scsi\dtscsi1 IRP_MJ_FLUSH_BUFFERS 82FC9008
Device \Driver\dtscsi \Device\Scsi\dtscsi1 IRP_MJ_QUERY_VOLUME_INFORMATION 82FC9008
Device \Driver\dtscsi \Device\Scsi\dtscsi1 IRP_MJ_SET_VOLUME_INFORMATION 82FC9008
Device \Driver\dtscsi \Device\Scsi\dtscsi1 IRP_MJ_DIRECTORY_CONTROL 82FC9008
Device \Driver\dtscsi \Device\Scsi\dtscsi1 IRP_MJ_FILE_SYSTEM_CONTROL 82FC9008
Device \Driver\dtscsi \Device\Scsi\dtscsi1 IRP_MJ_DEVICE_CONTROL 82FC9008
Device \Driver\dtscsi \Device\Scsi\dtscsi1 IRP_MJ_INTERNAL_DEVICE_CONTROL 82FC9008
Device \Driver\dtscsi \Device\Scsi\dtscsi1 IRP_MJ_SHUTDOWN 82FC9008
Device \Driver\dtscsi \Device\Scsi\dtscsi1 IRP_MJ_LOCK_CONTROL 82FC9008
Device \Driver\dtscsi \Device\Scsi\dtscsi1 IRP_MJ_CLEANUP 82FC9008
Device \Driver\dtscsi \Device\Scsi\dtscsi1 IRP_MJ_CREATE_MAILSLOT 82FC9008
Device \Driver\dtscsi \Device\Scsi\dtscsi1 IRP_MJ_QUERY_SECURITY 82FC9008
Device \Driver\dtscsi \Device\Scsi\dtscsi1 IRP_MJ_SET_SECURITY 82FC9008
Device \Driver\dtscsi \Device\Scsi\dtscsi1 IRP_MJ_POWER 82FC9008
Device \Driver\dtscsi \Device\Scsi\dtscsi1 IRP_MJ_SYSTEM_CONTROL 82FC9008
Device \Driver\dtscsi \Device\Scsi\dtscsi1 IRP_MJ_DEVICE_CHANGE 82FC9008
Device \Driver\dtscsi \Device\Scsi\dtscsi1 IRP_MJ_QUERY_QUOTA 82FC9008
Device \Driver\dtscsi \Device\Scsi\dtscsi1 IRP_MJ_SET_QUOTA 82FC9008
Device \Driver\dtscsi \Device\Scsi\dtscsi1 IRP_MJ_PNP 82FC9008
Device \Driver\dtscsi \Device\Scsi\dtscsi1 IRP_MJ_PNP_POWER 82FC9008
Device \FileSystem\Cdfs \Cdfs IRP_MJ_CREATE 82FF9588

---- Modules - GMER 1.0.10 ----

Module _________ F86B6000

---- Registry - GMER 1.0.10 ----

Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\System@OOSAFEERASE02.00.00.01MSWINDOWS 04972D85C43A5CD37102F1639C9587778EAF03DD1AFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC
9E127BECC74CFEBC9E127BECC74C8EDD5E5BE2F6E6679DB7CE019D40AA5C8EDD5E5BE2F6E667FEBC9E127BECC74C4A2F969C1707C
BF812D447DEB0871BD084CDD58FB3B96596CF53478BD2ADF8F74095D0E330799316510474A3921966908F325BA06E495CA4C541135E3E
87BBD17FE10D032A140F98DAE1F3538409E2C3254851CC0E81D2C3D00980458F4C639530BC769942BA34C18A754FF60A6F74E47899BCA8FBC637C81AD3317A36518C110F10692E8B536A77528C417DFA61EF104FF354
28F2856EA9DA91F71D7371C435EC0CF928EDCA0F42B735393682FE1F8884E607A686294E81E3F3E0B1DD0B92142D246ED3238F73CE54
C5DAD6A0E641B206C8F46319A5A10E96EFA81E5D026DE4C88EC1613A175DED555
4FC7AA93D871A553270FEE46D27B36C40412FB13B40854AC5A165155884947BBE2C1C452C976C0A808481F4FC937970E44E936
B23EB75D38A7058EBCD97DB9BA4A69F6FDF8C7A4D5
4ECD3ACD08C89409CAC5EF0A6C4D719DF4596C8F7368020E96249F688723B5E939946BEEBADB39071E687FBB99275628B6B600BDA75630636044100DBCE488F
E7AF0AB4D10669282A406B99D211398B9ADF5BE37E5E89DD776917031193DE453D07B56C8C184261562
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\System@OODEFRAG08.00.00.01WORKSTATION 319639EA09D39DB4EEF373104B8289F8B5D5C645D73BAEDEC1BCA4D8D44299AB84909B5593EA8133925F963C437A0F8
320ED299FB5E4B465089873872ED4102268840C234880E828CB9F7ECDE6572C70E56EDCE6B4F70F3EDA325BF33F78A
8AD1C558091907D360BD1AB63C066A8D583D785F9
F1F047E19E430D74EFAAE6590F827A3412B6A152C98111C0C056CF0376EBF25A4A657B57AAF03E9C06762C99F722FE244B6BFC
A5C1D9F054342F042FF5BA8D223175101CFD357074728BAAE88FA602931540F59E4AFEFCA12ECD5
1592480BEB21B64D35FA48562E1A53B95C8705E3787FEAC4631A83980717B711506FEBC9E127BECC74CFEBC9E127BECC74CFE
BC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74C8EDD5E5BE2F6E6675D575E7D6A3B98085D575E7D6A3B9808FEBC9E127B
ECC74C2BEA303C088BF0B66A4ECBA9C6E0C9FC18
705173F1FC7C4000E3BB9E9CBD2193D2553FD1055370F804F98915D6F02D287709D69DC40AD8667BC54C2F652EC0E79719AB87EF
65544C2A3ED2613A234D244EFA8D7E91CBA80323EB36C7DBC16FA94CDEA2FB0F10CEBED93BE7EE7313810D6AFEEBD5394386E33148C3A9DC842CF8B8EF618F5C06E3DB89B39CDEB
83B73810E707AA8CE56E2D9536FD159F862CB74173BBD6A046070B69F8F5999747BA226EAD255BD1ACD81B8AC9C5421752FF6C21

---- EOF - GMER 1.0.10 ----


(Hab ein paar Zeilensprünge reingemacht)
Dieser Beitrag wurde am 18.07.2006 um 15:25 Uhr von Marsel editiert.
Seitenanfang Seitenende
18.07.2006, 16:14
Sabina
Ehrenmitglied
Avatar Sabina

Beiträge: 29434
#32 laden anwenden und berichte, was rot erscheint
http://virus-protect.org/artikel/tools/icesword.html
__________
MfG Sabina

rund um die PC-Sicherheit
Seitenanfang Seitenende
19.07.2006, 10:03
Marsel
Member

Themenstarter

Beiträge: 34
#33 So.

Bei SSDT:

a347bus.sys: NtCreateKey
a347bus.sys: NtCreatePagingFile
a347bus.sys: NtEnumerateKey
a347bus.sys: NtEnumerateValue
a347bus.sys: NtOpenKey
\??\C:\Programme\ewido anti-spyware 4.0\guard.sys: NtOpenProcess
a347bus.sys: NtQueryKey
a347bus.sys: NtQueryValueKey
a347bus.sys: NtSetSystemPowerState
sptd.sys: NtSetValueKey
\??\C:\Programme\ewido anti-spyware 4.0\guard.sys: NtTerminateProcess



Hier nochma ein paar Ports (nur falls du was enddeckst):

Port£º

Protocol Local Address Foreign Address State PID PathName
TCP 127.0.0.1 : 1061 127.0.0.1 : 1086 ESTABLISHED 3520 C:\Programme\ICQLite\ICQLite.exe
TCP 127.0.0.1 : 1086 127.0.0.1 : 1061 ESTABLISHED 3520 C:\Programme\ICQLite\ICQLite.exe
TCP 127.0.0.1 : 18350 127.0.0.1 : 1114 ESTABLISHED 968 C:\Programme\AntiVir PersonalEdition Classic\avguard.exe
TCP 127.0.0.1 : 1114 127.0.0.1 : 18350 ESTABLISHED 2484 C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe
TCP 192.168.178.21 : 1066 205.188.8.77 : 5190 ESTABLISHED 3520 C:\Programme\ICQLite\ICQLite.exe
TCP 192.168.178.21 : 21495 192.168.178.1 : 49000 TIME_WAIT 0 ----
TCP 192.168.178.21 : 47291 192.168.178.1 : 49000 TIME_WAIT 0 ----
TCP 192.168.178.21 : 60715 192.168.178.1 : 49000 TIME_WAIT 0 ----
TCP 192.168.178.21 : 1728 192.168.178.1 : 49000 TIME_WAIT 0 ----
TCP 192.168.178.21 : 7236 192.168.178.1 : 49000 TIME_WAIT 0 ----
TCP 192.168.178.21 : 18400 192.168.178.1 : 49000 TIME_WAIT 0 ----
TCP 192.168.178.21 : 23776 192.168.178.1 : 49000 TIME_WAIT 0 ----
TCP 192.168.178.21 : 23416 192.168.178.1 : 49000 TIME_WAIT 0 ----
TCP 192.168.178.21 : 33148 192.168.178.1 : 49000 TIME_WAIT 0 ----
TCP 192.168.178.21 : 35060 192.168.178.1 : 49000 TIME_WAIT 0 ----
TCP 192.168.178.21 : 4417 192.168.178.1 : 49000 TIME_WAIT 0 ----
TCP 192.168.178.21 : 15485 192.168.178.1 : 49000 TIME_WAIT 0 ----
TCP 192.168.178.21 : 39229 192.168.178.1 : 49000 TIME_WAIT 0 ----
TCP 192.168.178.21 : 44569 192.168.178.1 : 49000 TIME_WAIT 0 ----
TCP 192.168.178.21 : 51869 192.168.178.1 : 49000 TIME_WAIT 0 ----
TCP 192.168.178.21 : 55953 192.168.178.1 : 49000 TIME_WAIT 0 ----
TCP 192.168.178.21 : 61061 192.168.178.1 : 49000 TIME_WAIT 0 ----
TCP 192.168.178.21 : 9746 192.168.178.1 : 49000 TIME_WAIT 0 ----
TCP 192.168.178.21 : 13710 192.168.178.1 : 49000 TIME_WAIT 0 ----
TCP 192.168.178.21 : 47954 192.168.178.1 : 49000 TIME_WAIT 0 ----
TCP 192.168.178.21 : 139 0.0.0.0 : 0 LISTENING 4 NT OS Kernel
TCP 0.0.0.0 : 7 0.0.0.0 : 0 LISTENING 632 C:\WINDOWS\system32\tcpsvcs.exe
TCP 0.0.0.0 : 445 0.0.0.0 : 0 LISTENING 4 NT OS Kernel
TCP 0.0.0.0 : 135 0.0.0.0 : 0 LISTENING 1172 C:\WINDOWS\system32\svchost.exe
TCP 0.0.0.0 : 19 0.0.0.0 : 0 LISTENING 632 C:\WINDOWS\system32\tcpsvcs.exe
TCP 0.0.0.0 : 18350 0.0.0.0 : 0 LISTENING 968 C:\Programme\AntiVir PersonalEdition Classic\avguard.exe
TCP 127.0.0.1 : 1030 0.0.0.0 : 0 LISTENING 2488 C:\WINDOWS\system32\alg.exe
TCP 127.0.0.1 : 1061 0.0.0.0 : 0 LISTENING 3520 C:\Programme\ICQLite\ICQLite.exe
TCP 0.0.0.0 : 9 0.0.0.0 : 0 LISTENING 632 C:\WINDOWS\system32\tcpsvcs.exe
TCP 0.0.0.0 : 50300 0.0.0.0 : 0 LISTENING 464 C:\WINDOWS\system32\oodag.exe
TCP 0.0.0.0 : 13 0.0.0.0 : 0 LISTENING 632 C:\WINDOWS\system32\tcpsvcs.exe
TCP 0.0.0.0 : 17 0.0.0.0 : 0 LISTENING 632 C:\WINDOWS\system32\tcpsvcs.exe
UDP 0.0.0.0 : 19 * : * 632 C:\WINDOWS\system32\tcpsvcs.exe
UDP 192.168.178.21 : 1900 * : * 1320 C:\WINDOWS\system32\svchost.exe
UDP 127.0.0.1 : 1273 * : * 328 C:\Programme\Windows Media Player\wmplayer.exe
UDP 192.168.178.21 : 520 * : * 1212 C:\WINDOWS\system32\svchost.exe
UDP 0.0.0.0 : 1039 * : * 1260 C:\WINDOWS\system32\svchost.exe
UDP 0.0.0.0 : 500 * : * 932 C:\WINDOWS\system32\lsass.exe
UDP 192.168.178.21 : 59519 * : * 1212 C:\WINDOWS\system32\svchost.exe
UDP 0.0.0.0 : 3544 * : * 1212 C:\WINDOWS\system32\svchost.exe
UDP 192.168.178.21 : 137 * : * 4 NT OS Kernel
UDP 192.168.178.21 : 1056 * : * 1212 C:\WINDOWS\system32\svchost.exe
UDP 0.0.0.0 : 9 * : * 632 C:\WINDOWS\system32\tcpsvcs.exe
UDP 127.0.0.1 : 123 * : * 1212 C:\WINDOWS\system32\svchost.exe
UDP 0.0.0.0 : 13 * : * 632 C:\WINDOWS\system32\tcpsvcs.exe
UDP 0.0.0.0 : 17 * : * 632 C:\WINDOWS\system32\tcpsvcs.exe
UDP 0.0.0.0 : 1064 * : * 1260 C:\WINDOWS\system32\svchost.exe
UDP 192.168.178.21 : 138 * : * 4 NT OS Kernel
UDP 0.0.0.0 : 161 * : * 684 C:\WINDOWS\system32\snmp.exe
UDP 127.0.0.1 : 1062 * : * 3520 C:\Programme\ICQLite\ICQLite.exe
UDP 127.0.0.1 : 1128 * : * 3148 C:\Programme\Internet Explorer\iexplore.exe
UDP 192.168.178.21 : 123 * : * 1212 C:\WINDOWS\system32\svchost.exe
UDP 0.0.0.0 : 1057 * : * 1212 C:\WINDOWS\system32\svchost.exe
UDP 0.0.0.0 : 1154 * : * 1260 C:\WINDOWS\system32\svchost.exe
UDP 127.0.0.1 : 1900 * : * 1320 C:\WINDOWS\system32\svchost.exe
UDP 0.0.0.0 : 4500 * : * 932 C:\WINDOWS\system32\lsass.exe
UDP 0.0.0.0 : 7 * : * 632 C:\WINDOWS\system32\tcpsvcs.exe
UDP 0.0.0.0 : 445 * : * 4 NT OS Kernel
RAW --- --- --- 4 NT OS Kernel
RAW --- --- --- 4 NT OS Kernel
RAW --- --- --- 4 NT OS Kernel
RAW --- --- --- 4 NT OS Kernel
RAW --- --- --- 4 NT OS Kernel
RAW --- --- --- 932 C:\WINDOWS\system32\lsass.exe
Seitenanfang Seitenende
19.07.2006, 12:20
Sabina
Ehrenmitglied
Avatar Sabina

Beiträge: 29434
#34 ich finde nichts mehr, wende noch mal die tipps an, um die systemwiederherstellung zu aktivieren (siehe oben)
__________
MfG Sabina

rund um die PC-Sicherheit
Seitenanfang Seitenende
19.07.2006, 12:25
Marsel
Member

Themenstarter

Beiträge: 34
#35 Naja.... Ist jetzt alles bösartige soweit erstmal entfernt?

Das mit der SW kriege ich schon irgendwie noch hin...

ECHT FETTES LOB!!!!! DANKE!!!!!!!

Oder soll ich nochma alles mit ewido scannen und hier posten?
_________________________________________________________________


Hab nochmal svhost gescannt (bei VirusTotal):

STATUS: FINISHEDComplete scanning result of "svhost.exe", received in VirusTotal at 07.19.2006, 17:54:20 (CET).

Antivirus Version Update Result
AntiVir n - no virus found
Authentium n - no virus found
Avast n - no virus found
AVG n - no virus found
BitDefender n - no virus found
CAT-QuickHeal n - no virus found
ClamAV n - no virus found
DrWeb n - no virus found
eTrust-InoculateIT n - no virus found
eTrust-Vet n - no virus found
Ewido n - no virus found
Fortinet n - no virus found
F-Prot n - no virus found
F-Prot4 n - no virus found
Ikarus n - no virus found
Kaspersky n - no virus found
McAfee n - no virus found
Microsoft n - no virus found
NOD32v2 n - no virus found
Norman n - no virus found
Panda n - no virus found
Sophos n - no virus found
Symantec n - no virus found
TheHacker n - no virus found
UNA n - no virus found
VBA32 n - no virus found
VirusBuster n - no virus found



_______________________________________________________________

Ich hab die Systemwiederherstellung dank Chris4You wieder zum laufen gekriegt. Bin echt dankbar dafür!

Hier der Weg (für alle anderen die das gleiche Problem haben):

Zitat

Im Windows-Ordner gibt es einen Ordner inf.
Such darin mal die Datei sr.inf
Rechtsklick drauf und installieren anwählen.

Wahrscheinlich wird Windows dann nach der Installations-CD fragen.
Pfad evtl. anpassen, auf CD den Ordner i386 auswählen, Datei sr.sy_ wird zusehen sein.

Windows installiert dann die Systemwiederherstellung (SystemRestore) und zugehörige Dateien von CD neu.
_______________________________________________________________

Ist jetzt alles wieder gut?

Könnte ich ma bitte nur eine kurze Antwort kriegen? (nicht böse gemeint)

SABINA???

MfG Marcel
Dieser Beitrag wurde am 21.07.2006 um 00:26 Uhr von Marsel editiert.
Seitenanfang Seitenende
21.07.2006, 02:07
Sabina
Ehrenmitglied
Avatar Sabina

Beiträge: 29434
#36 svhost.exeist auf jeden fall ein Virus
[nicht zu verwechseln mit...svchost.exe ] (wo hast du das gefunden ?
__________
MfG Sabina

rund um die PC-Sicherheit
Seitenanfang Seitenende
21.07.2006, 10:56
Marsel
Member

Themenstarter

Beiträge: 34
#37 Also. Ich habe beide irgendwie nochmal gescannt mit VirusTotal. Aber er hat nichts auffälliges gefunden. Beide waren im system32-Ordner... Soweit ich mich entsinnen kann... ;)

Ein Scan-Durchlauf hab ich oauch nochmal mit Ewido gemacht. Er hat kein Backdoor/Ciadoor und kein Ardamax (Keylogger) gefunden....


Hab nochmal "svchost.exe" bei der Windows-Suche eingegeben (aber nur im Windows-Ordner):

C:\WINDOWS\$NtServicePackUninstall$
C:\WINDOWS\ServicePackFiles\i386 (wobei das ein Ordner ist von der Windows XP SP2 den ich mir rüberkopiert habe, damit ich nicht immer die CD bei einigen Sachen einlegen muss)
Dieser Beitrag wurde am 21.07.2006 um 11:01 Uhr von Marsel editiert.
Seitenanfang Seitenende
21.07.2006, 11:06
Sabina
Ehrenmitglied
Avatar Sabina

Beiträge: 29434
#38

Zitat

Also. Ich habe beide irgendwie nochmal gescannt mit VirusTotal. Aber er hat nichts auffälliges gefunden.
das hat nichts zu bedeuten, denn svhost.exe (nicht verwechseln mit svchost.exe !!!!) ist keine WindowsDatei und wird, falls du mal nach googelst, als Virus/Backdoor erkannt.
__________
MfG Sabina

rund um die PC-Sicherheit
Seitenanfang Seitenende
21.07.2006, 11:13
Marsel
Member

Themenstarter

Beiträge: 34
#39 Achso. svhost.exe ist ein Virus. Oben klang es wie svchost.exe sei ein Virus. Muss ich mal gucken.

Was soll ich tun um das herauszufinden ob das ein Virus ist?

Hab nochmal gesucht (im Windows-Ordner) und diese Datei nicht gefunden... ;) Da frage ich mich wie ich sie gescannt habe...
Dieser Beitrag wurde am 21.07.2006 um 11:17 Uhr von Marsel editiert.
Seitenanfang Seitenende
21.07.2006, 11:16
Sabina
Ehrenmitglied
Avatar Sabina

Beiträge: 29434
#40 suchfunktion von windows ;)

svhost.exe
__________
MfG Sabina

rund um die PC-Sicherheit
Seitenanfang Seitenende
21.07.2006, 11:18
Marsel
Member

Themenstarter

Beiträge: 34
#41 Alles oder eicht nur der Windows-Ordner? Weil dort findet er nichts...
Und in der Registry auch nicht...
Dieser Beitrag wurde am 21.07.2006 um 11:27 Uhr von Marsel editiert.
Seitenanfang Seitenende
21.07.2006, 11:39
Sabina
Ehrenmitglied
Avatar Sabina

Beiträge: 29434
#42 na dann ist ja gut, ich habe mich nur gewundert, dass du diese Datei mit virustotal hast scannen lassen..................
such mal svhost.exe mit diesem Proggie:
http://virus-protect.org/artikel/tools/agentransack.html
__________
MfG Sabina

rund um die PC-Sicherheit
Seitenanfang Seitenende
21.07.2006, 11:51
Marsel
Member

Themenstarter

Beiträge: 34
#43 Das ist das einzige was er gefunden hat.


C:\Dokumente und Einstellungen\Marcel Raven\Lokale Einstellungen\Temporary Internet Files\Content.IE5\4L4D8PG3\svhost_exe[1].htm (27 KB, 21.07.2006 11:22:04)

Soll ich das löschen?
Dieser Beitrag wurde am 21.07.2006 um 12:13 Uhr von Marsel editiert.
Seitenanfang Seitenende
21.07.2006, 12:24
Sabina
Ehrenmitglied
Avatar Sabina

Beiträge: 29434
#44 C:\Dokumente und Einstellungen\Marcel Raven\Lokale Einstellungen\Temporary Internet Files\Content.IE5\4L4D8PG3 <--loeschen
__________
MfG Sabina

rund um die PC-Sicherheit
Seitenanfang Seitenende
21.07.2006, 12:35
Marsel
Member

Themenstarter

Beiträge: 34
#45 Lässt sich nicht löschen.... Is denke ich auch nur eine Seite wo ich mal svhost.exe bei Google eingegeben habe (wie du mir es vorgeschlagen hast)...

Also einfach die Internetdateien löschen reicht, oder?


So... Also ist mein Computer von diesem Virus befreit, ja?
Seitenanfang Seitenende
Um auf dieses Thema zu ANTWORTEN
bitte erst » hier kostenlos registrieren!!

Folgende Themen könnten Dich auch interessieren:
Seite(n): 1234