Home » Spyware & Browser Hijacker Support Forum » Programme lassen sich einfach nicht starten !!! » Themenansicht
Programme lassen sich einfach nicht starten !!!Thema ist geschlossen! |
||
|---|---|---|
Thema ist geschlossen! |
||
| #0
| ||
|
26.07.2006, 11:33
Moderator
Beiträge: 7805 |
||
 
|
|
|
|
26.07.2006, 11:45
Ehrenmitglied
 Beiträge: 29434 |
#47
@raman
 du hast dir die Dateien schicken lassen, von Neuaufsetzen, war bis jetzt nie die rede gewesen...----------------------------------------------------------------------------------- 0. wie raman schon schrieb: Bitte nutze Gmer http://www.gmer.net/files.php . Starte es und schaue, ob es schon was meldet. Macht es das, bitte alle Fragen mit nein beantworten, auf den Reiter rootkit gehen, wiederum die Frage mit nein beantworten und mit Hilfe von copy den Bericht hier einfuegen. Meldet es so nichts, gehe auf den Reiter Rootkit und mache einen Scan. ist dieser Beendet, waehle Copy und fuege den bericht ein. 1. versuche es mal damit: http://virus-protect.org/artikel/tools/pskill.html ich habe das Tool von raman, allerdings noch nicht ausprobiert...ist auch noch nicht ins deutsche uebersetzt. dann muss es , wie raman schon sagte, einen rootkit geben und auch Eintraege in der registry.... 2. Original : http://skads.org/special/rkfiles.zip *entpacken *gehe in den abgesicherten Modus http://www.tu-berlin.de/www/software/virus/savemode.shtml *Doppelklick (Ausführen)-- rkfiles.bat -- im dos-Fenster steht : angegebener Pfad nicht gefunden ! checking the folder -- warten bis sich das DOS-Fenster schliesst (auch wenn es sehr lange dauert) --- poste C:\log.txt 3. RootkitRevealer . poste den report http://www.sysinternals.com/Utilities/RootkitRevealer.html __________ MfG Sabina rund um die PC-Sicherheit |
|
|
|
|
|
|
26.07.2006, 12:32
Member
Themenstarter Beiträge: 95 |
#48
Zitat raman posteteMeinst du zufällig diese hier: http://board.protecus.de/t13020.htm Das problem ist, dass Jotti und vt mit diesen dateien nix anfangen können ! Jotti sagt zur "GjO.exe": "The file you uploaded is 0 bytes. It is very likely a firewall or a piece of malware is prohibiting you from uploading this file" !!! Ok, ich werd erstmal meine aufträge von oben abarbeiten. __________ _____________ THX for Helping |
|
|
|
|
|
|
26.07.2006, 12:46
Moderator
Beiträge: 7805 |
#49
Das liegt daran, das diese Datei gerade gestartet ist. du kannst diese DAtei im abgesicherten Modus umbenennen, oder beendest die DAtei mit hilfe des Taskmanagers und laedst sie dann hoch.
__________ MfG Ralf SEO-Spam Hunter |
|
|
|
|
|
|
26.07.2006, 12:55
Member
Themenstarter Beiträge: 95 |
#50
Umbenennen und löschen geht auch nicht im abgesicherten modus.
Mit hochladen hab ich noch nicht geprüft. Im taskmanager werden die aber nicht als laufende prozesse angezeigt, also kann ich auch nix beenden. Hier erstmal der GMER-log: GMER 1.0.10.10122 - http://www.gmer.net Rootkit 2006-07-26 12:49:03 Windows 5.1.2600 Service Pack 1 ---- System - GMER 1.0.10 ---- SSDT \??\E:\WINDOWS\System32\drivers\klif.sys ZwClose SSDT \??\E:\WINDOWS\System32\drivers\klif.sys ZwCreateKey SSDT Vax347b.sys ZwCreatePagingFile SSDT \??\E:\WINDOWS\System32\drivers\klif.sys ZwCreateProcess SSDT \??\E:\WINDOWS\System32\drivers\klif.sys ZwCreateProcessEx SSDT \??\E:\WINDOWS\System32\drivers\klif.sys ZwCreateSection SSDT \??\E:\WINDOWS\System32\drivers\klif.sys ZwCreateSymbolicLinkObject SSDT \??\E:\WINDOWS\System32\drivers\klif.sys ZwCreateThread SSDT \??\E:\WINDOWS\System32\drivers\klif.sys ZwDeleteKey SSDT \??\E:\WINDOWS\System32\drivers\klif.sys ZwDeleteValueKey SSDT \??\E:\WINDOWS\System32\drivers\klif.sys ZwDuplicateObject SSDT \??\E:\WINDOWS\System32\drivers\klif.sys ZwEnumerateKey SSDT \??\E:\WINDOWS\System32\drivers\klif.sys ZwEnumerateValueKey SSDT \??\E:\WINDOWS\System32\drivers\klif.sys ZwFlushKey SSDT \??\E:\WINDOWS\System32\drivers\klif.sys ZwInitializeRegistry SSDT \??\E:\WINDOWS\System32\drivers\klif.sys ZwLoadKey SSDT \??\E:\WINDOWS\System32\drivers\klif.sys ZwLoadKey2 SSDT \??\E:\WINDOWS\System32\drivers\klif.sys ZwNotifyChangeKey SSDT kl1.sys ZwOpenFile SSDT \??\E:\WINDOWS\System32\drivers\klif.sys ZwOpenKey SSDT \??\E:\WINDOWS\System32\drivers\klif.sys ZwOpenProcess SSDT \??\E:\WINDOWS\System32\drivers\klif.sys ZwOpenSection SSDT \??\E:\WINDOWS\System32\drivers\klif.sys ZwQueryKey SSDT \??\E:\WINDOWS\System32\drivers\klif.sys ZwQueryMultipleValueKey SSDT \??\E:\WINDOWS\System32\drivers\klif.sys ZwQuerySystemInformation SSDT \??\E:\WINDOWS\System32\drivers\klif.sys ZwQueryValueKey SSDT \??\E:\WINDOWS\System32\drivers\klif.sys ZwReplaceKey SSDT \??\E:\WINDOWS\System32\drivers\klif.sys ZwRestoreKey SSDT \??\E:\WINDOWS\System32\drivers\klif.sys ZwResumeThread SSDT \??\E:\WINDOWS\System32\drivers\klif.sys ZwSaveKey SSDT \??\E:\WINDOWS\System32\drivers\klif.sys ZwSetContextThread SSDT \??\E:\WINDOWS\System32\drivers\klif.sys ZwSetInformationFile SSDT \??\E:\WINDOWS\System32\drivers\klif.sys ZwSetInformationKey SSDT \??\E:\WINDOWS\System32\drivers\klif.sys ZwSetInformationProcess SSDT \??\E:\WINDOWS\System32\drivers\klif.sys ZwSetSecurityObject SSDT Vax347b.sys ZwSetSystemPowerState SSDT \??\E:\WINDOWS\System32\drivers\klif.sys ZwSetValueKey SSDT \??\E:\WINDOWS\System32\drivers\klif.sys ZwSuspendThread SSDT \??\E:\WINDOWS\System32\drivers\klif.sys ZwTerminateProcess SSDT \??\E:\WINDOWS\System32\drivers\klif.sys ZwUnloadKey SSDT \??\E:\WINDOWS\System32\drivers\klif.sys ZwWriteVirtualMemory SSDT \??\E:\WINDOWS\System32\drivers\klif.sys SSDT[284] SSDT \??\E:\WINDOWS\System32\drivers\klif.sys SSDT[285] SSDT \??\E:\WINDOWS\System32\drivers\klif.sys SSDT[286] SSDT \??\E:\WINDOWS\System32\drivers\klif.sys SSDT[287] SSDT \??\E:\WINDOWS\System32\drivers\klif.sys SSDT[288] SSDT \??\E:\WINDOWS\System32\drivers\klif.sys SSDT[289] SSDT \??\E:\WINDOWS\System32\drivers\klif.sys SSDT[290] SSDT \??\E:\WINDOWS\System32\drivers\klif.sys SSDT[291] SSDT \??\E:\WINDOWS\System32\drivers\klif.sys SSDT[292] SSDT \??\E:\WINDOWS\System32\drivers\klif.sys SSDT[293] SSDT \??\E:\WINDOWS\System32\drivers\klif.sys SSDT[294] SSDT \??\E:\WINDOWS\System32\drivers\klif.sys SSDT[295] SSDT \??\E:\WINDOWS\System32\drivers\klif.sys SSDT[296] ---- Devices - GMER 1.0.10 ---- Device \FileSystem\Ntfs \Ntfs IRP_MJ_CREATE 86393E30 Device \FileSystem\Fastfat \FatCdrom IRP_MJ_CREATE 85C78630 Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_CREATE 863DE808 Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_CREATE 863DE808 Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_CREATE 863DE808 Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_CREATE 863DE808 Device \Driver\00000052 \Device\00000055 IRP_MJ_SYSTEM_CONTROL [F774AEA8] sptd.sys Device \Driver\00000052 \Device\00000055 IRP_MJ_DEVICE_CHANGE [F775EA70] sptd.sys Device \Driver\00000052 \Device\00000055 IRP_MJ_PNP_POWER [F7757728] sptd.sys Device \Driver\prodrv06 \Device\ProDrv06 IRP_MJ_CREATE E15E0008 Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_CREATE 863DEA40 Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_CREATE 863DEA40 Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_CREATE 862E8598 Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_CREATE_NAMED_PIPE 862E8598 Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_CLOSEIRP_MJ_READ 862E8598 Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_WRITE 862E8598 Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_QUERY_INFORMATION 862E8598 Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SET_INFORMATION 862E8598 Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_QUERY_EA 862E8598 Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SET_EA 862E8598 Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_FLUSH_BUFFERS 862E8598 Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_QUERY_VOLUME_INFORMATION 862E8598 Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SET_VOLUME_INFORMATION 862E8598 Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_DIRECTORY_CONTROL 862E8598 Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_FILE_SYSTEM_CONTROL 862E8598 Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_DEVICE_CONTROL 862E8598 Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_INTERNAL_DEVICE_CONTROL 862E8598 Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SHUTDOWN 862E8598 Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_LOCK_CONTROL 862E8598 Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_CLEANUP 862E8598 Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_CREATE_MAILSLOT 862E8598 Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_QUERY_SECURITY 862E8598 Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SET_SECURITY 862E8598 Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_POWER 862E8598 Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SYSTEM_CONTROL 862E8598 Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_DEVICE_CHANGE 862E8598 Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_QUERY_QUOTA 862E8598 Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SET_QUOTA 862E8598 Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_PNP 862E8598 Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_PNP_POWER 862E8598 Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_CREATE 85F4C0E8 Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_CREATE_NAMED_PIPE 85F4C0E8 Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_CLOSEIRP_MJ_READ 85F4C0E8 Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_WRITE 86044F18 Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_QUERY_INFORMATION 85F4C0E8 Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_SET_INFORMATION 85F4C0E8 Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_QUERY_EA 85F4C0E8 Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_SET_EA 85F4C0E8 Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_FLUSH_BUFFERS 85F4C0E8 Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_QUERY_VOLUME_INFORMATION 85F4C0E8 Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_SET_VOLUME_INFORMATION 85F4C0E8 Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_DIRECTORY_CONTROL 85F4C0E8 Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_FILE_SYSTEM_CONTROL 85F4C0E8 Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_DEVICE_CONTROL 85F4C0E8 Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_INTERNAL_DEVICE_CONTROL 85F4C0E8 Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_SHUTDOWN 85F4C0E8 Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_LOCK_CONTROL 85F4C0E8 Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_CLEANUP 85F4C0E8 Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_CREATE_MAILSLOT 85F4C0E8 Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_QUERY_SECURITY 85F4C0E8 Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_SET_SECURITY 85F4C0E8 Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_POWER 85F4C0E8 Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_SYSTEM_CONTROL 85F4C0E8 Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_DEVICE_CHANGE 85F4C0E8 Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_QUERY_QUOTA 85F4C0E8 Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_SET_QUOTA 85F4C0E8 Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_PNP 85F4C0E8 Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_CREATE 862E8598 Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_CREATE_NAMED_PIPE 862E8598 Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_CLOSEIRP_MJ_READ 862E8598 Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_WRITE 862E8598 Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_QUERY_INFORMATION 862E8598 Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SET_INFORMATION 862E8598 Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_QUERY_EA 862E8598 Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SET_EA 862E8598 Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_FLUSH_BUFFERS 862E8598 Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_QUERY_VOLUME_INFORMATION 862E8598 Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SET_VOLUME_INFORMATION 862E8598 Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_DIRECTORY_CONTROL 862E8598 Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_FILE_SYSTEM_CONTROL 862E8598 Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_DEVICE_CONTROL 862E8598 Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_INTERNAL_DEVICE_CONTROL 862E8598 Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SHUTDOWN 862E8598 Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_LOCK_CONTROL 862E8598 Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_CLEANUP 862E8598 Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_CREATE_MAILSLOT 862E8598 Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_QUERY_SECURITY 862E8598 Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SET_SECURITY 862E8598 Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_POWER 862E8598 Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SYSTEM_CONTROL 862E8598 Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_DEVICE_CHANGE 862E8598 Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_QUERY_QUOTA 862E8598 Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SET_QUOTA 862E8598 Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_PNP 862E8598 Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_PNP_POWER 862E8598 Device \Driver\Ftdisk \Device\HarddiskVolume3 IRP_MJ_CREATE 863DEA40 Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_CREATE 85F97258 Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_CREATE_NAMED_PIPE 85F97258 Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_CLOSEIRP_MJ_READ 85F97258 Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_WRITE 85F97258 Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_QUERY_INFORMATION 85F97258 Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_SET_INFORMATION 85F97258 Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_QUERY_EA 85F97258 Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_SET_EA 85F97258 Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_FLUSH_BUFFERS 85F97258 Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_QUERY_VOLUME_INFORMATION 85F97258 Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_SET_VOLUME_INFORMATION 85F97258 Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_DIRECTORY_CONTROL 85F97258 Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_FILE_SYSTEM_CONTROL 85F97258 Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_DEVICE_CONTROL 85F97258 Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_INTERNAL_DEVICE_CONTROL 85F97258 Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_SHUTDOWN 85F97258 Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_LOCK_CONTROL 85F97258 Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_CLEANUP 85F97258 Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_CREATE_MAILSLOT 85F97258 Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_QUERY_SECURITY 85F97258 Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_SET_SECURITY 85F97258 Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_POWER 85F97258 Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_SYSTEM_CONTROL 85F97258 Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_DEVICE_CHANGE 85F97258 Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_QUERY_QUOTA 85F97258 Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_SET_QUOTA 85F97258 Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_PNP 85F97258 Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_PNP_POWER 85F97258 Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_CREATE 85F97258 Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_CREATE_NAMED_PIPE 85F97258 Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_CLOSEIRP_MJ_READ 85F97258 Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_WRITE 85F97258 Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_QUERY_INFORMATION 85F97258 Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_SET_INFORMATION 85F97258 Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_QUERY_EA 85F97258 Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_SET_EA 85F97258 Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_FLUSH_BUFFERS 85F97258 Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_QUERY_VOLUME_INFORMATION 85F97258 Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_SET_VOLUME_INFORMATION 85F97258 Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_DIRECTORY_CONTROL 85F97258 Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_FILE_SYSTEM_CONTROL 85F97258 Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_DEVICE_CONTROL 85F97258 Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_INTERNAL_DEVICE_CONTROL 85F97258 Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_SHUTDOWN 85F97258 Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_LOCK_CONTROL 85F97258 Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_CLEANUP 85F97258 Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_CREATE_MAILSLOT 85F97258 Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_QUERY_SECURITY 85F97258 Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_SET_SECURITY 85F97258 Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_POWER 85F97258 Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_SYSTEM_CONTROL 85F97258 Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_DEVICE_CHANGE 85F97258 Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_QUERY_QUOTA 85F97258 Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_SET_QUOTA 85F97258 Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_PNP 85F97258 Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_PNP_POWER 85F97258 Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_CREATE 85F97258 Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_CREATE_NAMED_PIPE 85F97258 Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_CLOSEIRP_MJ_READ 85F97258 Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_WRITE 85F97258 Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_QUERY_INFORMATION 85F97258 Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_SET_INFORMATION 85F97258 Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_QUERY_EA 85F97258 Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_SET_EA 85F97258 Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_FLUSH_BUFFERS 85F97258 Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_QUERY_VOLUME_INFORMATION 85F97258 Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_SET_VOLUME_INFORMATION 85F97258 Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_DIRECTORY_CONTROL 85F97258 Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_FILE_SYSTEM_CONTROL 85F97258 Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_DEVICE_CONTROL 85F97258 Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_INTERNAL_DEVICE_CONTROL 85F97258 Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_SHUTDOWN 85F97258 Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_LOCK_CONTROL 85F97258 Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_CLEANUP 85F97258 Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_CREATE_MAILSLOT 85F97258 Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_QUERY_SECURITY 85F97258 Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_SET_SECURITY 85F97258 Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_POWER 85F97258 Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_SYSTEM_CONTROL 85F97258 Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_DEVICE_CHANGE 85F97258 Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_QUERY_QUOTA 85F97258 Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_SET_QUOTA 85F97258 Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_PNP 85F97258 Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_PNP_POWER 85F97258 Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_CREATE 85F97258 Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_CREATE_NAMED_PIPE 85F97258 Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_CLOSEIRP_MJ_READ 85F97258 Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_WRITE 85F97258 Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_QUERY_INFORMATION 85F97258 Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_SET_INFORMATION 85F97258 Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_QUERY_EA 85F97258 Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_SET_EA 85F97258 Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_FLUSH_BUFFERS 85F97258 Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_QUERY_VOLUME_INFORMATION 85F97258 Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_SET_VOLUME_INFORMATION 85F97258 Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_DIRECTORY_CONTROL 85F97258 Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_FILE_SYSTEM_CONTROL 85F97258 Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_DEVICE_CONTROL 85F97258 Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_INTERNAL_DEVICE_CONTROL 85F97258 Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_SHUTDOWN 85F97258 Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_LOCK_CONTROL 85F97258 Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_CLEANUP 85F97258 Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_CREATE_MAILSLOT 85F97258 Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_QUERY_SECURITY 85F97258 Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_SET_SECURITY 85F97258 Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_POWER 85F97258 Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_SYSTEM_CONTROL 85F97258 Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_DEVICE_CHANGE 85F97258 Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_QUERY_QUOTA 85F97258 Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_SET_QUOTA 85F97258 Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_PNP 85F97258 Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_PNP_POWER 85F97258 Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-18 IRP_MJ_CREATE 85F97258 Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-18 IRP_MJ_CREATE_NAMED_PIPE 85F97258 Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-18 IRP_MJ_CLOSEIRP_MJ_READ 85F97258 Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-18 IRP_MJ_WRITE 85F97258 Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-18 IRP_MJ_QUERY_INFORMATION 85F97258 Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-18 IRP_MJ_SET_INFORMATION 85F97258 Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-18 IRP_MJ_QUERY_EA 85F97258 Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-18 IRP_MJ_SET_EA 85F97258 Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-18 IRP_MJ_FLUSH_BUFFERS 85F97258 Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-18 IRP_MJ_QUERY_VOLUME_INFORMATION 85F97258 Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-18 IRP_MJ_SET_VOLUME_INFORMATION 85F97258 Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-18 IRP_MJ_DIRECTORY_CONTROL 85F97258 Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-18 IRP_MJ_FILE_SYSTEM_CONTROL 85F97258 Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-18 IRP_MJ_DEVICE_CONTROL 85F97258 Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-18 IRP_MJ_INTERNAL_DEVICE_CONTROL 85F97258 Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-18 IRP_MJ_SHUTDOWN 85F97258 Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-18 IRP_MJ_LOCK_CONTROL 85F97258 Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-18 IRP_MJ_CLEANUP 85F97258 Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-18 IRP_MJ_CREATE_MAILSLOT 85F97258 Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-18 IRP_MJ_QUERY_SECURITY 85F97258 Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-18 IRP_MJ_SET_SECURITY 85F97258 Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-18 IRP_MJ_POWER 85F97258 Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-18 IRP_MJ_SYSTEM_CONTROL 85F97258 Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-18 IRP_MJ_DEVICE_CHANGE 85F97258 Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-18 IRP_MJ_QUERY_QUOTA 85F97258 Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-18 IRP_MJ_SET_QUOTA 85F97258 Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-18 IRP_MJ_PNP 85F97258 Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-18 IRP_MJ_PNP_POWER 85F97258 Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-20 IRP_MJ_CREATE 85F97258 Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-20 IRP_MJ_CREATE_NAMED_PIPE 85F97258 Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-20 IRP_MJ_CLOSEIRP_MJ_READ 85F97258 Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-20 IRP_MJ_WRITE 85F97258 Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-20 IRP_MJ_QUERY_INFORMATION 85F97258 Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-20 IRP_MJ_SET_INFORMATION 85F97258 Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-20 IRP_MJ_QUERY_EA 85F97258 Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-20 IRP_MJ_SET_EA 85F97258 Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-20 IRP_MJ_FLUSH_BUFFERS 85F97258 Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-20 IRP_MJ_QUERY_VOLUME_INFORMATION 85F97258 Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-20 IRP_MJ_SET_VOLUME_INFORMATION 85F97258 Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-20 IRP_MJ_DIRECTORY_CONTROL 85F97258 Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-20 IRP_MJ_FILE_SYSTEM_CONTROL 85F97258 Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-20 IRP_MJ_DEVICE_CONTROL 85F97258 Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-20 IRP_MJ_INTERNAL_DEVICE_CONTROL 85F97258 Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-20 IRP_MJ_SHUTDOWN 85F97258 Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-20 IRP_MJ_LOCK_CONTROL 85F97258 Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-20 IRP_MJ_CLEANUP 85F97258 Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-20 IRP_MJ_CREATE_MAILSLOT 85F97258 Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-20 IRP_MJ_QUERY_SECURITY 85F97258 Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-20 IRP_MJ_SET_SECURITY 85F97258 Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-20 IRP_MJ_POWER 85F97258 Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-20 IRP_MJ_SYSTEM_CONTROL 85F97258 Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-20 IRP_MJ_DEVICE_CHANGE 85F97258 Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-20 IRP_MJ_QUERY_QUOTA 85F97258 Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-20 IRP_MJ_SET_QUOTA 85F97258 Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-20 IRP_MJ_PNP 85F97258 Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-20 IRP_MJ_PNP_POWER 85F97258 Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_CREATE 862E8598 Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_CREATE_NAMED_PIPE 862E8598 Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_CLOSEIRP_MJ_READ 862E8598 Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_WRITE 862E8598 Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_QUERY_INFORMATION 862E8598 Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_SET_INFORMATION 862E8598 Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_QUERY_EA 862E8598 Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_SET_EA 862E8598 Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_FLUSH_BUFFERS 862E8598 Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_QUERY_VOLUME_INFORMATION 862E8598 Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_SET_VOLUME_INFORMATION 862E8598 Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_DIRECTORY_CONTROL 862E8598 Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_FILE_SYSTEM_CONTROL 862E8598 Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_DEVICE_CONTROL 862E8598 Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_INTERNAL_DEVICE_CONTROL 862E8598 Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_SHUTDOWN 862E8598 Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_LOCK_CONTROL 862E8598 Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_CLEANUP 862E8598 Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_CREATE_MAILSLOT 862E8598 Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_QUERY_SECURITY 862E8598 Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_SET_SECURITY 862E8598 Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_POWER 862E8598 Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_SYSTEM_CONTROL 862E8598 Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_DEVICE_CHANGE 862E8598 Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_QUERY_QUOTA 862E8598 Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_SET_QUOTA 862E8598 Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_PNP 862E8598 Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_PNP_POWER 862E8598 Device \Driver\Cdrom \Device\CdRom3 IRP_MJ_CREATE 862E8598 Device \Driver\Cdrom \Device\CdRom3 IRP_MJ_CREATE_NAMED_PIPE 862E8598 Device \Driver\Cdrom \Device\CdRom3 IRP_MJ_CLOSEIRP_MJ_READ 862E8598 Device \Driver\Cdrom \Device\CdRom3 IRP_MJ_WRITE 862E8598 Device \Driver\Cdrom \Device\CdRom3 IRP_MJ_QUERY_INFORMATION 862E8598 Device \Driver\Cdrom \Device\CdRom3 IRP_MJ_SET_INFORMATION 862E8598 Device \Driver\Cdrom \Device\CdRom3 IRP_MJ_QUERY_EA 862E8598 Device \Driver\Cdrom \Device\CdRom3 IRP_MJ_SET_EA 862E8598 Device \Driver\Cdrom \Device\CdRom3 IRP_MJ_FLUSH_BUFFERS 862E8598 Device \Driver\Cdrom \Device\CdRom3 IRP_MJ_QUERY_VOLUME_INFORMATION 862E8598 Device \Driver\Cdrom \Device\CdRom3 IRP_MJ_SET_VOLUME_INFORMATION 862E8598 Device \Driver\Cdrom \Device\CdRom3 IRP_MJ_DIRECTORY_CONTROL 862E8598 Device \Driver\Cdrom \Device\CdRom3 IRP_MJ_FILE_SYSTEM_CONTROL 862E8598 Device \Driver\Cdrom \Device\CdRom3 IRP_MJ_DEVICE_CONTROL 862E8598 Device \Driver\Cdrom \Device\CdRom3 IRP_MJ_INTERNAL_DEVICE_CONTROL 862E8598 Device \Driver\Cdrom \Device\CdRom3 IRP_MJ_SHUTDOWN 862E8598 Device \Driver\Cdrom \Device\CdRom3 IRP_MJ_LOCK_CONTROL 862E8598 Device \Driver\Cdrom \Device\CdRom3 IRP_MJ_CLEANUP 862E8598 Device \Driver\Cdrom \Device\CdRom3 IRP_MJ_CREATE_MAILSLOT 862E8598 Device \Driver\Cdrom \Device\CdRom3 IRP_MJ_QUERY_SECURITY 862E8598 Device \Driver\Cdrom \Device\CdRom3 IRP_MJ_SET_SECURITY 862E8598 Device \Driver\Cdrom \Device\CdRom3 IRP_MJ_POWER 862E8598 Device \Driver\Cdrom \Device\CdRom3 IRP_MJ_SYSTEM_CONTROL 862E8598 Device \Driver\Cdrom \Device\CdRom3 IRP_MJ_DEVICE_CHANGE 862E8598 Device \Driver\Cdrom \Device\CdRom3 IRP_MJ_QUERY_QUOTA 862E8598 Device \Driver\Cdrom \Device\CdRom3 IRP_MJ_SET_QUOTA 862E8598 Device \Driver\Cdrom \Device\CdRom3 IRP_MJ_PNP 862E8598 Device \Driver\Cdrom \Device\CdRom3 IRP_MJ_PNP_POWER 862E8598 Device \Driver\prohlp02 \Device\ProHlp02 IRP_MJ_CREATE E144AF00 Device \Driver\NetBT \Device\NetBt_Wins_Export IRP_MJ_CREATE 85EB10E8 Device \Driver\NetBT \Device\NetbiosSmb IRP_MJ_CREATE 85EB10E8 Device \Driver\NetBT \Device\NetBT_Tcpip_{B0619245-FEFF-4AAC-84A3-A71D455EBDCB} IRP_MJ_CREATE 85EB10E8 Device \Driver\Disk \Device\Harddisk0\DR0 IRP_MJ_CREATE 863930E8 Device \Driver\Disk \Device\Harddisk1\DR1 IRP_MJ_CREATE 863930E8 Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_CREATE 85F2FD18 Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_CREATE_NAMED_PIPE 85F2FD18 Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_CLOSEIRP_MJ_READ 85F2FD18 Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_WRITE 85F0C238 Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_QUERY_INFORMATION 85F2FD18 Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SET_INFORMATION 85F2FD18 Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_QUERY_EA 85F2FD18 Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SET_EA 85F2FD18 Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_FLUSH_BUFFERS 85F2FD18 Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_QUERY_VOLUME_INFORMATION 85F2FD18 Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SET_VOLUME_INFORMATION 85F2FD18 Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_DIRECTORY_CONTROL 85F2FD18 Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_FILE_SYSTEM_CONTROL 85F2FD18 Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_DEVICE_CONTROL 85F2FD18 Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_INTERNAL_DEVICE_CONTROL 85F2FD18 Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SHUTDOWN 85F2FD18 Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_LOCK_CONTROL 85F2FD18 Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_CLEANUP 85F2FD18 Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_CREATE_MAILSLOT 85F2FD18 Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_QUERY_SECURITY 85F2FD18 Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SET_SECURITY 85F2FD18 Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_POWER 85F2FD18 Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SYSTEM_CONTROL 85F2FD18 Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_DEVICE_CHANGE 85F2FD18 Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_QUERY_QUOTA 85F2FD18 Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SET_QUOTA 85F2FD18 Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_PNP 85F2FD18 Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_PNP_POWER 85F2FD18 Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_CREATE 85F2FD18 Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_CREATE_NAMED_PIPE 85F2FD18 Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_CLOSEIRP_MJ_READ 85F2FD18 Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_WRITE 85F0C238 Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_QUERY_INFORMATION 85F2FD18 Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SET_INFORMATION 85F2FD18 Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_QUERY_EA 85F2FD18 Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SET_EA 85F2FD18 Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_FLUSH_BUFFERS 85F2FD18 Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_QUERY_VOLUME_INFORMATION 85F2FD18 Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SET_VOLUME_INFORMATION 85F2FD18 Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_DIRECTORY_CONTROL 85F2FD18 Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_FILE_SYSTEM_CONTROL 85F2FD18 Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_DEVICE_CONTROL 85F2FD18 Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_INTERNAL_DEVICE_CONTROL 85F2FD18 Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SHUTDOWN 85F2FD18 Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_LOCK_CONTROL 85F2FD18 Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_CLEANUP 85F2FD18 Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_CREATE_MAILSLOT 85F2FD18 Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_QUERY_SECURITY 85F2FD18 Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SET_SECURITY 85F2FD18 Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_POWER 85F2FD18 Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SYSTEM_CONTROL 85F2FD18 Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_DEVICE_CHANGE 85F2FD18 Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_QUERY_QUOTA 85F2FD18 Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SET_QUOTA 85F2FD18 Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_PNP 85F2FD18 Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_PNP_POWER 85F2FD18 Device \FileSystem\Npfs \Device\NamedPipe IRP_MJ_CREATE 85F360E8 Device \FileSystem\Npfs \Device\NamedPipe IRP_MJ_CREATE_NAMED_PIPE 85F360E8 Device \FileSystem\Npfs \Device\NamedPipe IRP_MJ_CLOSEIRP_MJ_READ 85F360E8 Device \FileSystem\Npfs \Device\NamedPipe IRP_MJ_WRITE 860912E8 Device \FileSystem\Npfs \Device\NamedPipe IRP_MJ_QUERY_INFORMATION 85F360E8 Device \FileSystem\Npfs \Device\NamedPipe IRP_MJ_SET_INFORMATION 85F360E8 Device \FileSystem\Npfs \Device\NamedPipe IRP_MJ_QUERY_EA 85F360E8 Device \Driver\Ftdisk \Device\FtControl IRP_MJ_CREATE 863DEA40 Device \FileSystem\Msfs \Device\Mailslot IRP_MJ_CREATE 861B0518 Device \Driver\dtscsi \Device\Scsi\dtscsi1Port3Path0Target1Lun0 IRP_MJ_CREATE 85ED12C0 Device \Driver\dtscsi \Device\Scsi\dtscsi1Port3Path0Target1Lun0 IRP_MJ_CREATE_NAMED_PIPE 85ED12C0 Device \Driver\dtscsi \Device\Scsi\dtscsi1Port3Path0Target1Lun0 IRP_MJ_CLOSEIRP_MJ_READ 85ED12C0 Device \Driver\dtscsi \Device\Scsi\dtscsi1Port3Path0Target1Lun0 IRP_MJ_WRITE 85ED12C0 Device \Driver\dtscsi \Device\Scsi\dtscsi1Port3Path0Target1Lun0 IRP_MJ_QUERY_INFORMATION __________ _____________ THX for Helping |
|
|
|
|
|
|
26.07.2006, 13:05
Ehrenmitglied
Beiträge: 29434 |
||
|
|
|
|
|
26.07.2006, 13:40
Member
Themenstarter Beiträge: 95 |
#52
Bei "pskill" passiert nix weiter, wenn ich das ausführe.
Bei "RootkitRevealer" kommt immer die meldung: "Unable to install RootkitRevealer service: Überlappender E/A-Vorgang wird verarbeitet" ! Hier das "rkfiles-log": E:\rkfiles PLEASE NOTE THAT ALL FILES FOUND BY THIS METHOD ARE NOT BAD FILES, THERE MIGHT BE LEGIT FILES LISTED AND PLEASE BE CAREFUL WHILE FIXING. IF YOU ARE UNSURE OF WHAT IT IS LEAVE THEM ALONE. Files Found in system Folder............ ------------------------ E:\WINDOWS\system32\ogg.dll: UPX! E:\WINDOWS\system32\ThriXXX010104Z.dll: UPX! E:\WINDOWS\system32\ThriXXX010205PNG.dll: UPX! E:\WINDOWS\system32\ThriXXX015003JP2.dll: UPX! E:\WINDOWS\system32\vorbis.dll: UPX! E:\WINDOWS\system32\dfrg.msc: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQAAAAAwGpEc213 E:\WINDOWS\system32\DivX.dll: PEC2 E:\WINDOWS\system32\dfrg.msc: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQAAAAAwGpEc213 E:\WINDOWS\system32\DivX.dll: PEC2 Files Found in all users startup Folder............ ------------------------ E:\WINDOWS\system32\ogg.dll: UPX! E:\WINDOWS\system32\ThriXXX010104Z.dll: UPX! E:\WINDOWS\system32\ThriXXX010205PNG.dll: UPX! E:\WINDOWS\system32\ThriXXX015003JP2.dll: UPX! E:\WINDOWS\system32\vorbis.dll: UPX! Files Found in all users windows Folder............ ------------------------ E:\WINDOWS\AKDeInstall.exe: UPX! Finished bye __________ _____________ THX for Helping |
|
|
|
|
|
|
26.07.2006, 13:44
Ehrenmitglied
Beiträge: 29434 |
#53
http://virus-protect.org/zip/StartDreck.zip
- entpacke es in einen extra Ordner - starte die startdreck.exe - wähle config/mark all - drücke OK - drücke Save, speichere das Log und poste den Inhalt bitte hier. __________ MfG Sabina rund um die PC-Sicherheit |
|
|
|
|
|
|
26.07.2006, 14:01
Member
Themenstarter Beiträge: 95 |
#54
Diese komische "e:\programme\tv.exe" hat mein kaspersky gestern abend beim hochfahren bemerkt und gelöscht !
hier das StartDreck-log: StartDreck (build 2.1.7 public stable) - 2006-07-26 @ 13:53:57 (GMT +02:00) Platform: Windows XP (Win NT 5.1.2600 Service Pack 1) Internet Explorer: 6.0.2800.1106 Logged in as Administrator at SCHAEFCHEN »Registry »Run Keys »Current User »Run *CTFMON.EXE=E:\WINDOWS\System32\CTFMON.EXE »RunOnce »Default User »Run *CTFMON.EXE=E:\WINDOWS\System32\CTFMON.EXE »RunOnce »Local Machine »Run *NeroFilterCheck=E:\WINDOWS\system32\NeroCheck.exe *RAM_DEFRAG= *DAEMON Tools="E:\Programme\D-Tools\daemon.exe" -lang 1033 *KernelFaultCheck=%systemroot%\system32\dumprep 0 -k *ServiceHost="E:\Programme\Java\jre1.5.0_06\bin\svchost.exe" "" *kav="E:\Programme\Kaspersky Anti-Virus 6.0\avp.exe" *RemoteControl=E:\Programme\PowerDVD\PDVDServ.exe *LanguageShortcut=E:\Programme\PowerDVD\Language\Language.exe *SunJavaUpdateSched=E:\Programme\Java\jre1.5.0_07\bin\jusched.exe *Microsoft Works Update Detection=E:\Programme\Gemeinsame Dateien\Microsoft Shared\Works Shared\WkUFind.exe +OptionalComponents +MSFS *Installed=1 +MAPI *Installed=1 *NoChange=1 +MAPI *Installed=1 *NoChange=1 »RunOnce »RunServices »RunServicesOnce »RunOnceEx »RunServicesOnceEx »File Associations (CR) +.bat *batfile="%1" %* +.com *comfile="%1" %* +.exe *exefile="%1" %* +.hta *htafile=E:\WINDOWS\System32\mshta.exe "%1" %* +.htm *FirefoxHTML=E:\PROGRA~1\MOZILL~1\FIREFOX.EXE -url "%1" +.html *FirefoxHTML=E:\PROGRA~1\MOZILL~1\FIREFOX.EXE -url "%1" +.js *JSFile=%SystemRoot%\System32\WScript.exe "%1" %* +.jse *JSEFile=%SystemRoot%\System32\WScript.exe "%1" %* +.pif *piffile="%1" %* +.reg *regfile=regedit.exe "%1" +.scr *scrfile="%1" /S +.txt *txtfile=%SystemRoot%\system32\NOTEPAD.EXE %1 +.vbs *VBSFile=%SystemRoot%\System32\WScript.exe "%1" %* +.vbe *VBEFile=%SystemRoot%\System32\WScript.exe "%1" %* +.wsh *WSHFile=%SystemRoot%\System32\WScript.exe "%1" %* +.wsf *WSFFile=%SystemRoot%\System32\WScript.exe "%1" %* +.lnk `lnkfile= [key or value does not exist] »Active Setup (LM) +Internet Explorer/>{26923b43-4d38-484f-9b9e-de460746276c} *StubPath=%systemroot%\system32\shmgrate.exe OCInstallUserConfigIE +Browseranpassungen/>{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS *StubPath=RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP +Outlook Express/>{881dd1c5-3dcf-431b-b061-f3f88e8be88a} *StubPath=%systemroot%\system32\shmgrate.exe OCInstallUserConfigOE +Microsoft Windows Media Player 6.4/{22d6f312-b0f6-11d0-94ab-0080c74c7e95} *StubPath=rundll32.exe advpack.dll,LaunchINFSection E:\WINDOWS\INF\mplayer2.inf,PerUserStub.NT +Themes Setup/{2C7339CF-2B09-4501-B3F3-F3508C9228ED} *StubPath=%SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll +Microsoft Outlook Express 6/{44BBA840-CC51-11CF-AAFA-00AA00B6015C} *StubPath="%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install +NetMeeting 3.01/{44BBA842-CC51-11CF-AAFA-00AA00B6015B} *StubPath=rundll32.exe advpack.dll,LaunchINFSection E:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT +Windows Messenger 4.7/{5945c046-1e7d-11d1-bc44-00c04fd912be} *StubPath=rundll32.exe advpack.dll,LaunchINFSection %SystemRoot%\INF\msmsgs.inf,BLC.Install.PerUser +Microsoft Windows Media Player 8/{6BF52A52-394A-11d3-B153-00C04F79FAA6} *StubPath=rundll32.exe advpack.dll,LaunchINFSection E:\WINDOWS\INF\wmp.inf,PerUserStub +Adressbuch 6/{7790769C-0471-11d2-AF11-00C04FA35D02} *StubPath="%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install +Windows Desktop-Update/{89820200-ECBD-11cf-8B85-00AA005B4340} *StubPath=regsvr32.exe /s /n /i:U shell32.dll +Internet Explorer 6/{89820200-ECBD-11cf-8B85-00AA005B4383} *StubPath=%SystemRoot%\system32\ie4uinit.exe »Browser Helper Objects (LM) »Internet Explorer »Current User *Default_Search_URL=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch *Search Bar=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch *Search Page=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch *Start Page=http://securityresponse.symantec.com/avcenter/fix_homepage »Default User *Default_Search_URL=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch *Search Bar=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch *Search Page=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch *Start Page=http://securityresponse.symantec.com/avcenter/fix_homepage »Local Machine *Default_Page_URL=http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome *Default_Search_URL=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch *Local Page=%SystemRoot%\system32\blank.htm *Search Page=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch *Start Page=http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home *CustomizeSearch=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm *SearchAssistant=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm »ShellServiceObjectDelayLoad (LM) *PostBootReminder={7849596a-48ea-486e-8937-a2a3009f31a9} `InprocServer32=%SystemRoot%\system32\SHELL32.dll *CDBurn={fbeb8a05-beee-4442-804e-409d6c4515e9} `InprocServer32=%SystemRoot%\system32\SHELL32.dll *WebCheck={E6FB5E20-DE35-11CF-9C87-00AA005127ED} `InprocServer32=%SystemRoot%\System32\webcheck.dll *SysTray={35CEC8A3-2BE6-11D2-8773-92E220524153} `InprocServer32=E:\WINDOWS\System32\stobject.dll »Special NT Values »Current User *Load= *Run= *Programs=com exe bat pif cmd *SHELL= »Default User *Load= *Run= *Programs=com exe bat pif cmd *SHELL= »Local Machine *AppInit_DLLs= *SHELL=Explorer.exe *Userinit=E:\WINDOWS\system32\userinit.exe, »Files »Autostart Folders »Current User *E:\Dokumente und Einstellungen\Administrator\Startmenü\Programme\Autostart\desktop.ini »Default User »Local Machine *E:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Adobe Reader - Schnellstart.lnk *E:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\desktop.ini *E:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Microsoft Office.lnk »INI-Files »WIN.INI\[windows] *LOAD= *RUN= »SYSTEM.INI\[boot] *SHELL=Explorer.exe »Text Files *C:\boot.ini `[boot loader] `timeout=30 `default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS `[operating systems] `multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /fastdetect *C:\msdos.sys *C:\config.sys *E:\WINDOWS\System32\config.nt `dos=high, umb `device=%SystemRoot%\system32\himem.sys `files=20 *C:\autoexec.bat *E:\WINDOWS\System32\autoexec.nt `@echo off `lh %SystemRoot%\system32\mscdexnt.exe `lh %SystemRoot%\system32\redir `lh %SystemRoot%\system32\dosx `SET BLASTER=A220 I5 D1 P330 T3 *E:\WINDOWS\wininit.ini `[Rename] `NUL=E:\DOKUME~1\SCHFCH~1\LOKALE~1\Temp\~nsu.tmp\Au_.exe *E:\WINDOWS\System32\drivers\etc\hosts `127.0.0.1 localhost »Program Files *C:\ntldr *C:\ntdetect.com *C:\io.sys *E:\WINDOWS\System32\win.com *E:\WINDOWS\explorer.exe »%PATH% Companion Files +E:\WINDOWS\System32\notepad.exe *E:\WINDOWS\NOTEPAD.EXE +E:\WINDOWS\System32\taskman.exe *E:\WINDOWS\TASKMAN.EXE +E:\WINDOWS\System32\winhlp32.exe *E:\WINDOWS\winhlp32.exe »System/Drivers »Running Processes +0=<idle> +4=<system> +464=\SystemRoot\System32\smss.exe *E:\WINDOWS\System32\ntdll.dll +516=<unkown> +540=\??\E:\WINDOWS\system32\winlogon.exe *E:\WINDOWS\System32\ntdll.dll *E:\WINDOWS\system32\kernel32.dll *E:\WINDOWS\system32\msvcrt.dll *E:\WINDOWS\system32\ADVAPI32.dll *E:\WINDOWS\system32\RPCRT4.dll *E:\WINDOWS\system32\GDI32.dll *E:\WINDOWS\system32\USER32.dll *E:\WINDOWS\system32\USERENV.dll *E:\WINDOWS\system32\NDdeApi.dll *E:\WINDOWS\system32\CRYPT32.dll *E:\WINDOWS\system32\MSASN1.dll *E:\WINDOWS\system32\Secur32.dll *E:\WINDOWS\system32\WINSTA.dll *E:\WINDOWS\system32\PROFMAP.dll *E:\WINDOWS\system32\NETAPI32.dll *E:\WINDOWS\system32\REGAPI.dll *E:\WINDOWS\system32\WS2_32.dll *E:\WINDOWS\system32\WS2HELP.dll *E:\WINDOWS\system32\AUTHZ.dll *E:\WINDOWS\system32\PSAPI.DLL *E:\WINDOWS\system32\VERSION.dll *E:\WINDOWS\system32\SETUPAPI.dll *E:\WINDOWS\System32\MSGINA.dll *E:\WINDOWS\system32\SHELL32.dll *E:\WINDOWS\system32\SHLWAPI.dll *E:\WINDOWS\system32\COMCTL32.dll *E:\WINDOWS\System32\ODBC32.dll *E:\WINDOWS\system32\comdlg32.dll *E:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.10.0_x-ww_f7fb5805\comctl32.dll *E:\WINDOWS\System32\odbcint.dll *E:\WINDOWS\System32\SHSVCS.dll *E:\WINDOWS\system32\sfc.dll *E:\WINDOWS\System32\sfc_os.dll *E:\WINDOWS\System32\WINTRUST.dll *E:\WINDOWS\system32\ole32.dll *E:\WINDOWS\system32\IMAGEHLP.dll *E:\WINDOWS\System32\WINSCARD.DLL *E:\WINDOWS\System32\WTSAPI32.dll *E:\WINDOWS\System32\WINMM.dll *E:\WINDOWS\system32\Ati2evxx.dll *E:\WINDOWS\System32\rsaenh.dll *E:\WINDOWS\system32\cscdll.dll *E:\WINDOWS\System32\klogon.dll *E:\WINDOWS\system32\OLEAUT32.dll *E:\WINDOWS\system32\WlNotify.dll *E:\WINDOWS\System32\WINSPOOL.DRV *E:\WINDOWS\system32\MPR.dll *E:\WINDOWS\System32\UxTheme.dll *E:\WINDOWS\System32\SAMLIB.dll *E:\WINDOWS\system32\msv1_0.dll *E:\WINDOWS\system32\wldap32.dll *E:\WINDOWS\System32\CLBCATQ.DLL *E:\WINDOWS\System32\COMRes.dll *E:\WINDOWS\System32\NTDSAPI.dll *E:\WINDOWS\System32\DNSAPI.dll *E:\WINDOWS\System32\cscui.dll *E:\WINDOWS\System32\NTMARTA.DLL +592=E:\WINDOWS\system32\services.exe *E:\WINDOWS\System32\ntdll.dll *E:\WINDOWS\system32\kernel32.dll *E:\WINDOWS\system32\msvcrt.dll *E:\WINDOWS\system32\ADVAPI32.dll *E:\WINDOWS\system32\RPCRT4.dll *E:\WINDOWS\system32\USER32.dll *E:\WINDOWS\system32\GDI32.dll *E:\WINDOWS\system32\USERENV.dll *E:\WINDOWS\system32\SCESRV.dll *E:\WINDOWS\system32\AUTHZ.dll *E:\WINDOWS\system32\umpnpmgr.dll *E:\WINDOWS\system32\WINSTA.dll *E:\WINDOWS\system32\NCObjAPI.DLL *E:\WINDOWS\system32\secur32.dll *E:\WINDOWS\system32\eventlog.dll *E:\WINDOWS\system32\WS2_32.dll *E:\WINDOWS\system32\WS2HELP.dll *E:\WINDOWS\system32\PSAPI.DLL *E:\WINDOWS\system32\wtsapi32.dll *E:\WINDOWS\system32\netapi32.dll +604=E:\WINDOWS\system32\lsass.exe *E:\WINDOWS\System32\ntdll.dll *E:\WINDOWS\system32\kernel32.dll *E:\WINDOWS\system32\ADVAPI32.dll *E:\WINDOWS\system32\RPCRT4.dll *E:\WINDOWS\system32\LSASRV.dll *E:\WINDOWS\system32\msvcrt.dll *E:\WINDOWS\system32\Secur32.dll *E:\WINDOWS\system32\USER32.dll *E:\WINDOWS\system32\GDI32.dll *E:\WINDOWS\system32\SAMSRV.dll *E:\WINDOWS\system32\cryptdll.dll *E:\WINDOWS\system32\DNSAPI.dll *E:\WINDOWS\system32\WS2_32.dll *E:\WINDOWS\system32\WS2HELP.dll *E:\WINDOWS\system32\MSASN1.dll *E:\WINDOWS\system32\NETAPI32.dll *E:\WINDOWS\system32\SAMLIB.dll *E:\WINDOWS\system32\MPR.dll *E:\WINDOWS\system32\NTDSAPI.dll *E:\WINDOWS\system32\WLDAP32.dll *E:\WINDOWS\system32\msprivs.dll *E:\WINDOWS\system32\kerberos.dll *E:\WINDOWS\system32\msv1_0.dll *E:\WINDOWS\system32\netlogon.dll *E:\WINDOWS\system32\w32time.dll *E:\WINDOWS\system32\MSVCP60.dll *E:\WINDOWS\system32\iphlpapi.dll *E:\WINDOWS\system32\USERENV.dll *E:\WINDOWS\system32\schannel.dll *E:\WINDOWS\system32\CRYPT32.dll *E:\WINDOWS\system32\wdigest.dll *E:\WINDOWS\System32\rsaenh.dll *E:\WINDOWS\system32\setupapi.dll *E:\WINDOWS\system32\scecli.dll *E:\WINDOWS\system32\OLEAUT32.dll *E:\WINDOWS\system32\OLE32.DLL *E:\WINDOWS\system32\shell32.dll *E:\WINDOWS\system32\SHLWAPI.dll *E:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.10.0_x-ww_f7fb5805\comctl32.dll *E:\WINDOWS\system32\comctl32.dll *E:\WINDOWS\system32\VERSION.dll +780=E:\WINDOWS\system32\svchost.exe *E:\WINDOWS\System32\ntdll.dll *E:\WINDOWS\system32\kernel32.dll *E:\WINDOWS\system32\ADVAPI32.dll *E:\WINDOWS\system32\RPCRT4.dll *E:\WINDOWS\system32\user32.dll *E:\WINDOWS\system32\GDI32.dll *e:\windows\system32\rpcss.dll *E:\WINDOWS\system32\msvcrt.dll *e:\windows\system32\WS2_32.dll *e:\windows\system32\WS2HELP.dll *e:\windows\system32\Secur32.dll *E:\WINDOWS\system32\userenv.dll *E:\WINDOWS\system32\mswsock.dll *E:\WINDOWS\System32\wshtcpip.dll *E:\WINDOWS\system32\DNSAPI.dll *E:\WINDOWS\system32\iphlpapi.dll *E:\WINDOWS\System32\winrnr.dll *E:\WINDOWS\system32\WLDAP32.dll *E:\WINDOWS\system32\rasadhlp.dll *E:\WINDOWS\system32\CLBCATQ.DLL *E:\WINDOWS\system32\ole32.dll *E:\WINDOWS\system32\OLEAUT32.dll *E:\WINDOWS\system32\COMRes.dll *E:\WINDOWS\system32\VERSION.dll *E:\WINDOWS\system32\Apphelp.dll +852=E:\WINDOWS\System32\svchost.exe *E:\WINDOWS\System32\ntdll.dll *E:\WINDOWS\system32\kernel32.dll *E:\WINDOWS\system32\ADVAPI32.dll *E:\WINDOWS\system32\RPCRT4.dll *E:\WINDOWS\system32\user32.dll *E:\WINDOWS\system32\GDI32.dll *E:\WINDOWS\system32\ole32.dll *e:\windows\system32\dhcpcsvc.dll *E:\WINDOWS\system32\msvcrt.dll *e:\windows\system32\DNSAPI.dll *e:\windows\system32\WS2_32.dll *e:\windows\system32\WS2HELP.dll *e:\windows\system32\iphlpapi.dll *e:\windows\system32\Secur32.dll *E:\WINDOWS\system32\mswsock.dll *E:\WINDOWS\System32\wshtcpip.dll *e:\windows\system32\wzcsvc.dll *e:\windows\system32\rtutils.dll *e:\windows\system32\WMI.dll *E:\WINDOWS\system32\OLEAUT32.dll *E:\WINDOWS\system32\CRYPT32.dll *E:\WINDOWS\system32\MSASN1.dll *e:\windows\system32\WTSAPI32.dll *e:\windows\system32\WINSTA.dll *E:\WINDOWS\system32\SHLWAPI.dll *e:\windows\system32\ESENT.dll *E:\WINDOWS\system32\WLDAP32.dll *e:\windows\system32\NETAPI32.dll *E:\WINDOWS\System32\rastls.dll *E:\WINDOWS\System32\ATL.DLL *E:\WINDOWS\System32\CRYPTUI.dll *E:\WINDOWS\System32\WINTRUST.dll *E:\WINDOWS\system32\IMAGEHLP.dll *E:\WINDOWS\system32\WININET.dll *E:\WINDOWS\System32\MPRAPI.dll *E:\WINDOWS\System32\ACTIVEDS.dll *E:\WINDOWS\System32\adsldpc.dll *E:\WINDOWS\System32\SAMLIB.dll *E:\WINDOWS\System32\SETUPAPI.dll *E:\WINDOWS\System32\RASAPI32.dll *E:\WINDOWS\System32\rasman.dll *E:\WINDOWS\System32\TAPI32.dll *E:\WINDOWS\System32\WINMM.dll *E:\WINDOWS\System32\SCHANNEL.dll *E:\WINDOWS\system32\USERENV.dll *E:\WINDOWS\System32\WinSCard.dll *E:\WINDOWS\system32\COMCTL32.dll *E:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.10.0_x-ww_f7fb5805\comctl32.dll *e:\windows\system32\wkssvc.dll *e:\windows\system32\NTDSAPI.dll *E:\WINDOWS\System32\raschap.dll *E:\WINDOWS\system32\msv1_0.dll *e:\windows\system32\cryptsvc.dll *e:\windows\system32\certcli.dll *e:\windows\system32\wbem\wmisvc.dll *e:\windows\system32\wbem\wbemcomn.dll *E:\WINDOWS\System32\VSSAPI.DLL *e:\windows\pchealth\helpctr\binaries\pchsvc.dll *E:\WINDOWS\System32\CLBCATQ.DLL *E:\WINDOWS\System32\COMRes.dll *E:\WINDOWS\system32\VERSION.dll *e:\windows\system32\srsvc.dll *e:\windows\system32\POWRPROF.dll *E:\WINDOWS\system32\SHELL32.dll *E:\WINDOWS\System32\es.dll *e:\windows\system32\msgsvc.dll *E:\WINDOWS\System32\NTMARTA.DLL *e:\windows\system32\srvsvc.dll *e:\windows\system32\dmserver.dll *E:\WINDOWS\System32\winspool.drv *e:\windows\system32\browser.dll *E:\WINDOWS\System32\Wbem\wbemcore.dll *E:\WINDOWS\System32\Wbem\esscli.dll *E:\WINDOWS\System32\Wbem\FastProx.dll *E:\WINDOWS\System32\wbem\wmiutils.dll *E:\WINDOWS\System32\wbem\repdrvfs.dll *E:\WINDOWS\System32\wbem\wmiprvsd.dll *E:\WINDOWS\System32\NCObjAPI.DLL *E:\WINDOWS\System32\wbem\wbemess.dll *e:\windows\system32\termsrv.dll *e:\windows\system32\ICAAPI.dll *e:\windows\system32\AUTHZ.dll *e:\windows\system32\mstlsapi.dll *E:\WINDOWS\System32\REGAPI.dll *E:\WINDOWS\System32\rsaenh.dll *e:\windows\system32\netman.dll *E:\WINDOWS\system32\NETSHELL.dll *E:\WINDOWS\system32\credui.dll *E:\WINDOWS\System32\hnetcfg.dll *E:\WINDOWS\System32\netcfgx.dll *E:\WINDOWS\System32\CLUSAPI.dll *E:\WINDOWS\System32\rasmans.dll *E:\WINDOWS\System32\Sens.dll *E:\WINDOWS\System32\WINIPSEC.DLL *E:\WINDOWS\System32\wbem\ncprov.dll +996=<unkown> +1032=<unkown> +1484=E:\WINDOWS\Explorer.EXE *E:\WINDOWS\System32\ntdll.dll *E:\WINDOWS\system32\kernel32.dll *E:\WINDOWS\system32\msvcrt.dll *E:\WINDOWS\system32\ADVAPI32.dll *E:\WINDOWS\system32\RPCRT4.dll *E:\WINDOWS\system32\GDI32.dll *E:\WINDOWS\system32\USER32.dll *E:\WINDOWS\system32\SHLWAPI.dll *E:\WINDOWS\system32\SHELL32.dll *E:\WINDOWS\system32\ole32.dll *E:\WINDOWS\system32\OLEAUT32.dll *E:\WINDOWS\System32\BROWSEUI.dll *E:\WINDOWS\System32\SHDOCVW.dll *E:\WINDOWS\System32\UxTheme.dll *E:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.10.0_x-ww_f7fb5805\comctl32.dll *E:\WINDOWS\system32\comctl32.dll *E:\WINDOWS\system32\appHelp.dll *E:\WINDOWS\System32\CLBCATQ.DLL *E:\WINDOWS\System32\COMRes.dll *E:\WINDOWS\system32\VERSION.dll *E:\WINDOWS\System32\cscui.dll *E:\WINDOWS\System32\CSCDLL.dll *E:\WINDOWS\System32\themeui.dll *E:\WINDOWS\System32\Secur32.dll *E:\WINDOWS\System32\MSIMG32.dll *E:\WINDOWS\system32\USERENV.dll *E:\WINDOWS\System32\NETAPI32.dll *E:\WINDOWS\System32\SAMLIB.dll *E:\WINDOWS\System32\LINKINFO.dll *E:\WINDOWS\System32\ntshrui.dll *E:\WINDOWS\System32\ATL.DLL *E:\WINDOWS\System32\SETUPAPI.dll *E:\WINDOWS\System32\WINSTA.dll *E:\WINDOWS\System32\browselc.dll *E:\WINDOWS\system32\urlmon.dll *E:\WINDOWS\System32\msi.dll *E:\WINDOWS\system32\WININET.dll *E:\WINDOWS\system32\CRYPT32.dll *E:\WINDOWS\system32\MSASN1.dll *E:\Programme\WinRAR\rarext.dll *E:\Programme\Kaspersky Anti-Virus 6.0\shellex.dll *E:\WINDOWS\System32\MSVCP60.dll *E:\WINDOWS\System32\WINMM.dll *E:\WINDOWS\System32\WINTRUST.dll *E:\WINDOWS\system32\IMAGEHLP.dll *E:\WINDOWS\System32\rsaenh.dll *E:\WINDOWS\system32\MPR.dll *E:\WINDOWS\System32\drprov.dll *E:\WINDOWS\System32\ntlanman.dll *E:\WINDOWS\System32\NETUI0.dll *E:\WINDOWS\System32\NETUI1.dll *E:\WINDOWS\System32\NETRAP.dll *E:\WINDOWS\System32\davclnt.dll *E:\WINDOWS\System32\MSGINA.dll *E:\WINDOWS\System32\ODBC32.dll *E:\WINDOWS\system32\comdlg32.dll *E:\WINDOWS\System32\odbcint.dll *E:\WINDOWS\System32\MLANG.dll *E:\WINDOWS\System32\mydocs.dll *E:\WINDOWS\System32\shdoclc.dll *E:\WINDOWS\System32\SXS.DLL *E:\Programme\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll +1972=E:\Programme\Gemeinsame Dateien\Microsoft Shared\Works Shared\WkUFind.exe *E:\WINDOWS\System32\ntdll.dll *E:\WINDOWS\system32\kernel32.dll *E:\WINDOWS\system32\ADVAPI32.dll *E:\WINDOWS\system32\RPCRT4.dll *E:\WINDOWS\System32\MSVCR70.dll *E:\WINDOWS\system32\user32.dll *E:\WINDOWS\system32\GDI32.dll +1832=E:\Programme\Mozilla Firefox\firefox.exe *E:\WINDOWS\System32\ntdll.dll *E:\WINDOWS\system32\kernel32.dll *E:\Programme\Mozilla Firefox\js3250.dll *E:\Programme\Mozilla Firefox\nspr4.dll *E:\WINDOWS\system32\ADVAPI32.dll *E:\WINDOWS\system32\RPCRT4.dll *E:\WINDOWS\System32\WSOCK32.dll *E:\WINDOWS\System32\WS2_32.dll *E:\WINDOWS\system32\msvcrt.dll *E:\WINDOWS\System32\WS2HELP.dll *E:\WINDOWS\System32\WINMM.dll *E:\WINDOWS\system32\USER32.dll *E:\WINDOWS\system32\GDI32.dll *E:\Programme\Mozilla Firefox\xpcom_core.dll *E:\Programme\Mozilla Firefox\plc4.dll *E:\Programme\Mozilla Firefox\plds4.dll *E:\WINDOWS\system32\SHELL32.dll *E:\WINDOWS\system32\SHLWAPI.dll *E:\WINDOWS\system32\ole32.dll *E:\WINDOWS\system32\VERSION.dll *E:\Programme\Mozilla Firefox\smime3.dll *E:\Programme\Mozilla Firefox\nss3.dll *E:\Programme\Mozilla Firefox\softokn3.dll *E:\Programme\Mozilla Firefox\ssl3.dll *E:\Programme\Mozilla Firefox\xpcom_compat.dll *E:\WINDOWS\system32\comdlg32.dll *E:\WINDOWS\WinSxS\X86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.10.0_x-ww_f7fb5805\COMCTL32.dll *E:\WINDOWS\system32\OLEAUT32.dll *E:\WINDOWS\System32\WINSPOOL.DRV *E:\WINDOWS\System32\SETUPAPI.dll *E:\WINDOWS\System32\CLBCATQ.DLL *E:\WINDOWS\System32\COMRes.dll *E:\WINDOWS\system32\mswsock.dll *E:\WINDOWS\System32\wshtcpip.dll *E:\Programme\Mozilla Firefox\components\jar50.dll *E:\WINDOWS\System32\msimtf.dll *E:\WINDOWS\System32\MSCTF.dll *E:\WINDOWS\System32\uxtheme.dll *E:\WINDOWS\System32\msimg32.dll *E:\WINDOWS\System32\DNSAPI.dll *E:\WINDOWS\System32\winrnr.dll *E:\WINDOWS\system32\WLDAP32.dll *E:\WINDOWS\System32\rasadhlp.dll *E:\WINDOWS\System32\IMM32.DLL *E:\Programme\Mozilla Firefox\nssckbi.dll *E:\WINDOWS\system32\appHelp.dll *E:\WINDOWS\System32\cscui.dll *E:\WINDOWS\System32\CSCDLL.dll *E:\WINDOWS\System32\netapi32.dll +928=E:\StartDreck\StartDreck.exe *E:\WINDOWS\System32\ntdll.dll *E:\WINDOWS\system32\kernel32.dll *E:\StartDreck\VB40032.DLL *E:\WINDOWS\system32\ADVAPI32.dll *E:\WINDOWS\system32\RPCRT4.dll *E:\WINDOWS\system32\GDI32.dll *E:\WINDOWS\system32\USER32.dll *E:\WINDOWS\System32\MSVCRT20.dll *E:\WINDOWS\system32\ole32.dll *E:\WINDOWS\system32\OLEAUT32.dll *E:\WINDOWS\system32\MSVCRT.DLL *E:\WINDOWS\System32\OLEPRO32.DLL *E:\StartDreck\VB4DE32.DLL *E:\WINDOWS\System32\CLBCATQ.DLL *E:\WINDOWS\System32\COMRes.dll *E:\WINDOWS\system32\VERSION.dll *E:\StartDreck\PSAPI.DLL »NT Services *Warndienst Alerter - on demand `binary: E:\WINDOWS\System32\svchost.exe -k LocalService *Gatewaydienst auf Anwendungsebene ALG - on demand `binary: E:\WINDOWS\System32\alg.exe *Anwendungsverwaltung AppMgmt - on demand `binary: E:\WINDOWS\system32\svchost.exe -k netsvcs *Ati HotKey Poller Ati HotKey Poller - auto `binary: E:\WINDOWS\System32\Ati2evxx.exe *ATI Smart ATI Smart - auto `binary: E:\WINDOWS\system32\ati2sgag.exe *Windows Audio AudioSrv - auto `binary: E:\WINDOWS\System32\svchost.exe -k netsvcs *Kaspersky Anti-Virus 6.0 AVP - auto `binary: "E:\Programme\Kaspersky Anti-Virus 6.0\avp.exe" -r *Intelligenter Hintergrundübertragungsdienst BITS - on demand `binary: E:\WINDOWS\System32\svchost.exe -k netsvcs *Computerbrowser Browser running auto `binary: E:\WINDOWS\System32\svchost.exe -k netsvcs *Indexdienst CiSvc - on demand `binary: E:\WINDOWS\system32\cisvc.exe *Ablagemappe ClipSrv - on demand `binary: E:\WINDOWS\system32\clipsrv.exe *COM+-Systemanwendung COMSysApp - on demand `binary: E:\WINDOWS\System32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235} *Kryptografiedienste CryptSvc running auto `binary: E:\WINDOWS\system32\svchost.exe -k netsvcs *cuM cuM - auto `binary: "E:\Programme\Tv.exe" *DHCP-Client Dhcp running auto `binary: E:\WINDOWS\System32\svchost.exe -k netsvcs *Verwaltungsdienst für die Verwaltung logischer dmadmin - on demand `Datenträger `binary: E:\WINDOWS\System32\dmadmin.exe /com *Verwaltung logischer Datenträger dmserver running auto `binary: E:\WINDOWS\System32\svchost.exe -k netsvcs *DNS-Client Dnscache running auto `binary: E:\WINDOWS\System32\svchost.exe -k NetworkService *Fehlerberichterstattungsdienst ERSvc - auto `binary: E:\WINDOWS\System32\svchost.exe -k netsvcs *Ereignisprotokoll Eventlog running auto `binary: E:\WINDOWS\system32\services.exe *COM+-Ereignissystem EventSystem - on demand `binary: E:\WINDOWS\System32\svchost.exe -k netsvcs *Kompatibilität für schnelle Benutzerumschaltung FastUserSwitchingCom - on demand `binary: E:\WINDOWS\System32\svchost.exe -k netsvcs *FileZilla Server FTP server FileZilla Server - on demand `binary: E:\Programme\FileZilla Server\FileZilla Server.exe *Hilfe und Support helpsvc running auto `binary: E:\WINDOWS\System32\svchost.exe -k netsvcs *HID Input Service HidServ - auto `binary: E:\WINDOWS\System32\svchost.exe -k netsvcs *IMAPI-CD-Brenn-COM-Dienste ImapiService - on demand `binary: E:\WINDOWS\System32\imapi.exe *Server lanmanserver running auto `binary: E:\WINDOWS\System32\svchost.exe -k netsvcs *Arbeitsstationsdienst lanmanworkstation running auto `binary: E:\WINDOWS\System32\svchost.exe -k netsvcs *TCP/IP-NetBIOS-Hilfsprogramm LmHosts running auto `binary: E:\WINDOWS\System32\svchost.exe -k LocalService *Nachrichtendienst Messenger running auto `binary: E:\WINDOWS\System32\svchost.exe -k netsvcs *NetMeeting-Remotedesktop-Freigabe mnmsrvc - on demand `binary: E:\WINDOWS\System32\mnmsrvc.exe *Distributed Transaction Coordinator MSDTC - on demand `binary: E:\WINDOWS\System32\msdtc.exe *Windows Installer MSIServer - on demand `binary: E:\WINDOWS\System32\msiexec.exe /V *Netzwerk-DDE-Dienst NetDDE - on demand `binary: E:\WINDOWS\system32\netdde.exe *Netzwerk-DDE-Serverdienst NetDDEdsdm - on demand `binary: E:\WINDOWS\system32\netdde.exe *Anmeldedienst Netlogon - on demand `binary: E:\WINDOWS\System32\lsass.exe *Netzwerkverbindungen Netman running on demand `binary: E:\WINDOWS\System32\svchost.exe -k netsvcs *NLA (Network Location Awareness) Nla - on demand `binary: E:\WINDOWS\System32\svchost.exe -k netsvcs *NT-LM-Sicherheitsdienst NtLmSsp - on demand `binary: E:\WINDOWS\System32\lsass.exe *Wechselmedien NtmsSvc - on demand `binary: E:\WINDOWS\system32\svchost.exe -k netsvcs *Plug & Play PlugPlay running auto `binary: E:\WINDOWS\system32\services.exe *IPSEC-Dienste PolicyAgent - auto `binary: E:\WINDOWS\System32\lsass.exe *Geschützter Speicher ProtectedStorage - auto `binary: E:\WINDOWS\system32\lsass.exe *Verwaltung für automatische RAS-Verbindung RasAuto - on demand `binary: E:\WINDOWS\System32\svchost.exe -k netsvcs *RAS-Verbindungsverwaltung RasMan - on demand `binary: E:\WINDOWS\System32\svchost.exe -k netsvcs *Sitzungs-Manager für Remotedesktophilfe RDSessMgr - on demand `binary: E:\WINDOWS\system32\sessmgr.exe *Routing und RAS RemoteAccess - disabled `binary: E:\WINDOWS\System32\svchost.exe -k netsvcs *Remote-Registrierung RemoteRegistry - auto `binary: E:\WINDOWS\system32\svchost.exe -k LocalService *RPC-Locator RpcLocator - on demand `binary: E:\WINDOWS\System32\locator.exe *Remoteprozeduraufruf (RPC) RpcSs running auto `binary: E:\WINDOWS\system32\svchost -k rpcss *QoS-RSVP RSVP - on demand `binary: E:\WINDOWS\System32\rsvp.exe *Sicherheitskontenverwaltung SamSs - auto `binary: E:\WINDOWS\system32\lsass.exe *Smartcard-Hilfsprogramm SCardDrv - on demand `binary: E:\WINDOWS\System32\SCardSvr.exe *Smartcard SCardSvr - on demand `binary: E:\WINDOWS\System32\SCardSvr.exe *Taskplaner Schedule - auto `binary: E:\WINDOWS\System32\svchost.exe -k netsvcs *Sekundäre Anmeldung seclogon - auto `binary: E:\WINDOWS\System32\svchost.exe -k netsvcs *Systemereignisbenachrichtigung SENS - auto `binary: E:\WINDOWS\system32\svchost.exe -k netsvcs *Internetverbindungsfirewall/Gemeinsame Nutzung SharedAccess - on demand `der Internetverbindung `binary: E:\WINDOWS\System32\svchost.exe -k netsvcs *Shellhardwareerkennung ShellHWDetection - auto `binary: E:\WINDOWS\System32\svchost.exe -k netsvcs *Druckwarteschlange Spooler - auto `binary: E:\WINDOWS\system32\spoolsv.exe *Systemwiederherstellungsdienst srservice running auto `binary: E:\WINDOWS\System32\svchost.exe -k netsvcs *SSDP-Suchdienst SSDPSRV - on demand `binary: E:\WINDOWS\System32\svchost.exe -k LocalService *StarWind iSCSI Service StarWindService - auto `binary: E:\Programme\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe *Windows-Bilderfassung (WIA) stisvc - on demand `binary: E:\WINDOWS\System32\svchost.exe -k imgsvc *StyleXPService StyleXPService - auto `binary: "E:\Programme\TGTSoft\StyleXP\StyleXPService.exe" *MS Software Shadow Copy Provider SwPrv - on demand `binary: E:\WINDOWS\System32\dllhost.exe /Processid:{10C6EE5D-5AC3-4517-B431-1A3546C70F79} *Symantec Core LC Symantec Core LC - auto `binary: "E:\Programme\Gemeinsame Dateien\Symantec Shared\CCPD-LC\symlcsvc.exe" *Leistungsdatenprotokolle und Warnungen SysmonLog - on demand `binary: E:\WINDOWS\system32\smlogsvc.exe *Telefonie TapiSrv - on demand `binary: E:\WINDOWS\System32\svchost.exe -k netsvcs *Terminaldienste TermService running on demand `binary: E:\WINDOWS\System32\svchost.exe -k netsvcs *Designs Themes - auto `binary: E:\WINDOWS\System32\svchost.exe -k netsvcs *Telnet TlntSvr - disabled `binary: E:\WINDOWS\System32\tlntsvr.exe *Überwachung verteilter Verknüpfungen (Client) TrkWks - auto `binary: E:\WINDOWS\system32\svchost.exe -k netsvcs *Upload-Manager uploadmgr running auto `binary: E:\WINDOWS\System32\svchost.exe -k netsvcs *Universeller Plug & Play-Gerätehost upnphost - on demand `binary: E:\WINDOWS\System32\svchost.exe -k LocalService *Unterbrechungsfreie Stromversorgung UPS - on demand `binary: E:\WINDOWS\System32\ups.exe *SecuROM User Access Service (V7) UserAccess7 - auto `binary: E:\WINDOWS\System32\UAService7.exe *Volumeschattenkopie VSS - on demand `binary: E:\WINDOWS\System32\vssvc.exe *Windows-Zeitgeber W32Time - auto `binary: E:\WINDOWS\System32\svchost.exe -k netsvcs *WebClient WebClient - auto `binary: E:\WINDOWS\System32\svchost.exe -k LocalService *Windows-Verwaltungsinstrumentation winmgmt running auto `binary: E:\WINDOWS\system32\svchost.exe -k netsvcs *Seriennummer der tragbaren Medien WmdmPmSp - auto `binary: E:\WINDOWS\System32\svchost.exe -k netsvcs *Treibererweiterungen für Windows-Verwaltungsins Wmi - on demand `trumentation `binary: E:\WINDOWS\System32\svchost.exe -k netsvcs *WMI-Leistungsadapter WmiApSrv - on demand `binary: E:\WINDOWS\System32\wbem\wmiapsrv.exe *Automatische Updates wuauserv - auto `binary: E:\WINDOWS\system32\svchost.exe -k netsvcs *Konfigurationsfreie drahtlose Verbindung WZCSVC running auto `binary: E:\WINDOWS\System32\svchost.exe -k netsvcs *SSP SSP - on demand `binary: E:\DOKUME~1\ADMINI~1\LOKALE~1\Temp\SSP.exe *SPDFM SPDFM - on demand `binary: E:\DOKUME~1\ADMINI~1\LOKALE~1\Temp\SPDFM.exe *YDOYWUBQIID YDOYWUBQIID - on demand `binary: E:\DOKUME~1\ADMINI~1\LOKALE~1\Temp\YDOYWUBQIID.exe *M M - on demand `binary: E:\DOKUME~1\ADMINI~1\LOKALE~1\Temp\M.exe »NT Kernel- and FS-drivers *Abiosdsk Abiosdsk - disabled `binary: *abp480n5 abp480n5 - disabled `binary: *Microsoft ACPI-Treiber ACPI running boot `binary: \SystemRoot\System32\DRIVERS\ACPI.sys *ACPIEC ACPIEC - disabled `binary: *actser actser - on demand `binary: system32\drivers\actser.sys *adpu160m adpu160m - disabled `binary: *Microsoft Kernel-Echounterdrückung aec - on demand `binary: system32\drivers\aec.sys *Umgebung für die AFD-Netzwerkunterstützung AFD running auto `binary: \SystemRoot\System32\drivers\afd.sys *Aha154x Aha154x - disabled `binary: *aic78u2 aic78u2 - disabled `binary: *aic78xx aic78xx - disabled `binary: *AliIde AliIde - disabled `binary: *amsint amsint - disabled `binary: *asc asc - disabled `binary: *asc3350p asc3350p - disabled `binary: *asc3550 asc3550 - disabled `binary: *Asynchroner RAS -Medientreiber AsyncMac - on demand `binary: System32\DRIVERS\asyncmac.sys *Standard-IDE/ESDI-Festplattencontroller atapi running boot `binary: \SystemRoot\System32\DRIVERS\atapi.sys *Atdisk Atdisk - disabled `binary: *ati2mtag ati2mtag - on demand `binary: System32\DRIVERS\ati2mtag.sys *Protokoll für ATM ARP-Client Atmarpc - on demand `binary: System32\DRIVERS\atmarpc.sys *Audiostubtreiber audstub - on demand `binary: System32\DRIVERS\audstub.sys *Beep Beep running system `binary: *cbidf2k cbidf2k - disabled `binary: *cd20xrnt cd20xrnt - disabled `binary: *Cdaudio Cdaudio - system `binary: *Cdfs Cdfs running disabled `binary: *CD-ROM-Laufwerktreiber Cdrom running system `binary: System32\DRIVERS\cdrom.sys *Changer Changer - system `binary: *CmdIde CmdIde - disabled `binary: *Cpqarray Cpqarray - disabled `binary: *dac960nt dac960nt - disabled `binary: *Laufwerktreiber Disk running boot `binary: \SystemRoot\System32\DRIVERS\disk.sys *dmboot dmboot - disabled `binary: System32\drivers\dmboot.sys *Treiber für die Verwaltung logischer Datenträge dmio running boot `r `binary: \SystemRoot\System32\drivers\dmio.sys *dmload dmload running boot `binary: \SystemRoot\System32\drivers\dmload.sys *Microsoft Kernel-DLS-Synthesizer DMusic - on demand `binary: system32\drivers\DMusic.sys *dpti2o dpti2o - disabled `binary: *Microsoft Kernel-DRM-Audioentschlüsselung drmkaud - on demand `binary: system32\drivers\drmkaud.sys *dtscsi dtscsi running on demand `binary: \SystemRoot\System32\Drivers\dtscsi.sys *Fastfat Fastfat running disabled `binary: *Diskettencontrollertreiber Fdc running on demand `binary: System32\DRIVERS\fdc.sys *Fips Fips - system `binary: *Diskettenlaufwerktreiber Flpydisk running on demand `binary: System32\DRIVERS\flpydisk.sys *Treiber für Volume-Manager Ftdisk running boot `binary: \SystemRoot\System32\DRIVERS\ftdisk.sys *Gmer Gmer - on demand `binary: System32\DRIVERS\gmer.sys *GMSIPCI GMSIPCI - on demand `binary: \??\G:\INSTALL\GMSIPCI.SYS *Standardpaketklassifizierung Gpc running on demand `binary: System32\DRIVERS\msgpc.sys *Microsoft HID Class-Treiber hidusb running on demand `binary: System32\DRIVERS\hidusb.sys *hpn hpn - disabled `binary: *i2omgmt i2omgmt - system `binary: *i2omp i2omp - disabled `binary: *i8042-Tastatur- und PS/2-Mausanschluss-Treiber i8042prt - system `binary: System32\DRIVERS\i8042prt.sys *Filtertreiber für CD-Brennen Imapi running system `binary: System32\DRIVERS\imapi.sys *ini910u ini910u - disabled `binary: *IntelIde IntelIde - disabled `binary: *Filtertreiber für IP-Verkehr IpFilterDriver - on demand `binary: System32\DRIVERS\ipfltdrv.sys *IP/IP-Tunneltreiber IpInIp - on demand `binary: System32\DRIVERS\ipinip.sys *Übersetzer für IP-Netzwerkadressen IpNat - on demand `binary: System32\DRIVERS\ipnat.sys *IPSEC-Treiber IPSec running system `binary: System32\DRIVERS\ipsec.sys *IR-Enumeratordienst IRENUM - on demand `binary: System32\DRIVERS\irenum.sys *PnP-ISA/EISA-Bus-Treiber isapnp running boot `binary: \SystemRoot\System32\DRIVERS\isapnp.sys *Tastaturklassentreiber Kbdclass running system `binary: System32\DRIVERS\kbdclass.sys *Tastatur-HID-Treiber kbdhid running system `binary: System32\DRIVERS\kbdhid.sys *kl1 kl1 - boot `binary: \SystemRoot\System32\drivers\kl1.sys *klif klif - system `binary: \??\E:\WINDOWS\System32\drivers\klif.sys *Microsoft Kernel-Waveaudiomixer kmixer - on demand `binary: system32\drivers\kmixer.sys *KSecDD KSecDD running boot `binary: *lbrtfdc lbrtfdc - system `binary: *mnmdd mnmdd - system `binary: *Modem Modem - on demand `binary: *Mausklassentreiber Mouclass running system `binary: System32\DRIVERS\mouclass.sys *Maus-HID-Treiber mouhid running on demand `binary: System32\DRIVERS\mouhid.sys *MountMgr MountMgr running boot `binary: *mraid35x mraid35x - disabled `binary: *Redirector für WebDav-Client MRxDAV - on demand `binary: System32\DRIVERS\mrxdav.sys *MRxSmb MRxSmb running system `binary: System32\DRIVERS\mrxsmb.sys *Msfs Msfs running system `binary: *Microsoft Streaming Service Proxy MSKSSRV - on demand `binary: system32\drivers\MSKSSRV.sys *Microsoft Proxy für Streaming Clock MSPCLOCK - on demand `binary: system32\drivers\MSPCLOCK.sys *Microsoft Proxy für Streaming Quality Manager MSPQM - on demand `binary: system32\drivers\MSPQM.sys *Mup Mup running boot `binary: *NDIS-Systemtreiber NDIS running boot `binary: *RAS-NDIS-TAPI-Treiber NdisTapi running on demand `binary: System32\DRIVERS\ndistapi.sys *NDIS-Benutzermodus-E/A-Protokoll Ndisuio running on demand `binary: System32\DRIVERS\ndisuio.sys *RAS-NDIS-WAN-Treiber NdisWan running on demand `binary: System32\DRIVERS\ndiswan.sys *NDIS-Proxy NDProxy running on demand `binary: *NetBIOS-Schnittstelle NetBIOS running system `binary: System32\DRIVERS\netbios.sys *NetBios über TCP/IP NetBT running system `binary: System32\DRIVERS\netbt.sys *Npfs Npfs running system `binary: *NTACCESS NTACCESS - on demand `binary: \??\G:\NTACCESS.sys *Ntfs Ntfs running disabled `binary: *Null Null running system `binary: *Service for NVIDIA(R) nForce(TM) Audio Enumerat nvax - on demand `or `binary: system32\drivers\nvax.sys *NVIDIA nForce MCP Networking Controller Driver NVENET - on demand `binary: System32\DRIVERS\NVENET.sys *Service for NVIDIA(R) nForce(TM) Audio nvnforce - on demand `binary: system32\drivers\nvapu.sys *NVIDIA nForce AGP Bus Filter nv_agp running boot `binary: \SystemRoot\System32\DRIVERS\nv_agp.sys *Filtertreiber für IPX-Verkehr NwlnkFlt - on demand `binary: System32\DRIVERS\nwlnkflt.sys *Treiber für IPX-Verkehrsweiterleitung NwlnkFwd - on demand `binary: System32\DRIVERS\nwlnkfwd.sys *Treiber für parallelen Anschluss Parport - on demand `binary: System32\DRIVERS\parport.sys *PartMgr PartMgr running boot `binary: *ParVdm ParVdm - auto `binary: *PCI Bus Driver PCI running boot `binary: \SystemRoot\System32\DRIVERS\pci.sys *PCIDump PCIDump - system `binary: *PCIIde PCIIde running boot `binary: \SystemRoot\System32\DRIVERS\pciide.sys *Pcmcia Pcmcia - disabled `binary: *Low level access layer for CD devices Pcouffin - on demand `binary: System32\Drivers\Pcouffin.sys *PDCOMP PDCOMP - on demand `binary: *PDFRAME PDFRAME - on demand `binary: *PDRELI PDRELI - on demand `binary: *PDRFRAME PDRFRAME - on demand `binary: *perc2 perc2 - disabled `binary: *perc2hib perc2hib - disabled `binary: *WAN-Miniport (PPTP) PptpMiniport running on demand `binary: System32\DRIVERS\raspptp.sys *Prozessortreiber Processor - system `binary: System32\DRIVERS\processr.sys *StarForce Protection Environment Driver v6 prodrv06 - system `binary: \SystemRoot\System32\drivers\prodrv06.sys *StarForce Protection Helper Driver v2 prohlp02 running boot `binary: \SystemRoot\System32\drivers\prohlp02.sys *StarForce Protection Synchronization Driver v1 prosync1 running boot `binary: \SystemRoot\System32\drivers\prosync1.sys *QoS-Paketplaner PSched running on demand `binary: System32\DRIVERS\psched.sys *Treiber für direkte Parallelverbindung Ptilink running on demand `binary: System32\DRIVERS\ptilink.sys *ql1080 ql1080 - disabled `binary: *Ql10wnt Ql10wnt - disabled `binary: *ql12160 ql12160 - disabled `binary: *ql1240 ql1240 - disabled `binary: *ql1280 ql1280 - disabled `binary: *Treiber für automatische RAS-Verbindung RasAcd running system `binary: System32\DRIVERS\rasacd.sys *WAN-Miniport (L2TP) Rasl2tp running on demand `binary: System32\DRIVERS\rasl2tp.sys *Remotezugriff-PPPOE-Treiber RasPppoe running on demand `binary: System32\DRIVERS\raspppoe.sys *Parallelanschluss (direkt) Raspti running on demand `binary: System32\DRIVERS\raspti.sys *Rdbss Rdbss running system `binary: System32\DRIVERS\rdbss.sys *RDPCDD RDPCDD running system `binary: System32\DRIVERS\RDPCDD.sys *Treiber für Terminalserver-Geräteumleitung rdpdr running on demand `binary: System32\DRIVERS\rdpdr.sys *RDPWD RDPWD - on demand `binary: *Filtertreiber für digitale CD-Audiowiedergabe redbook running system `binary: System32\DRIVERS\redbook.sys *NT-Treiber für Realtek RTL8139(A/B/C)-basierten rtl8139 running on demand ` PCI-Fast Ethernet-Adapter `binary: System32\DRIVERS\RTL8139.SYS *Secdrv Secdrv - auto `binary: System32\DRIVERS\secdrv.sys *Serenum-Filtertreiber serenum - on demand `binary: System32\DRIVERS\serenum.sys *Treiber für seriellen Anschluss Seri*hier nicht!* - system `binary: System32\DRIVERS\Seri*hier nicht!*.sys *SetupNTGLM7X SetupNTGLM7X - on demand `binary: \??\G:\NTGLM7X.sys *StarForce Protection Environment Driver (versio sfdrv01 running boot `n 1.x) `binary: \SystemRoot\System32\drivers\sfdrv01.sys *StarForce Protection Helper Driver sfhlp01 running boot `binary: \SystemRoot\System32\drivers\sfhlp01.sys *StarForce Protection Helper Driver (version 2.x sfhlp02 running boot `) `binary: \SystemRoot\System32\drivers\sfhlp02.sys *Sfloppy Sfloppy - system `binary: *StarForce Protection Synchronization Driver (ve sfsync02 running boot `rsion 2.x) `binary: \SystemRoot\System32\drivers\sfsync02.sys *StarForce Protection VFS Driver (version 2.x) sfvfs02 running boot `binary: \SystemRoot\System32\drivers\sfvfs02.sys *Simbad Simbad - disabled `binary: *sony_ssm.sys sony_ssm.sys - on demand `binary: \??\E:\DOKUME~1\SCHFCH~1\LOKALE~1\Temp\sony_ssm.sys *Sparrow Sparrow - disabled `binary: *Microsoft Kernel-Audiosplitter splitter - on demand `binary: system32\drivers\splitter.sys *sptd sptd running boot `binary: \SystemRoot\System32\Drivers\sptd.sys *Filtertreiber für Systemwiederherstellung sr running boot `binary: \SystemRoot\System32\DRIVERS\sr.sys *Srv Srv running on demand `binary: System32\DRIVERS\srv.sys *StyleXPHelper StyleXPHelper - system `binary: \??\E:\Programme\TGTSoft\StyleXP\StyleXPHelper.exe *Software-Bus-Treiber swenum running on demand `binary: System32\DRIVERS\swenum.sys *Microsoft Kernel GS Wavetablesynthesizer swmidi - on demand `binary: system32\drivers\swmidi.sys *symc810 symc810 - disabled `binary: *symc8xx symc8xx - disabled `binary: *symlcbrd symlcbrd - auto `binary: \??\E:\WINDOWS\System32\drivers\symlcbrd.sys *sym_hi sym_hi - disabled `binary: *sym_u3 sym_u3 - disabled `binary: *Microsoft Kernel-Systemaudiogerät sysaudio - on demand `binary: system32\drivers\sysaudio.sys *TCP/IP-Protokolltreiber Tcpip running system `binary: System32\DRIVERS\tcpip.sys *TDPIPE TDPIPE - on demand `binary: *TDTCP TDTCP - on demand `binary: *Terminal-Gerätetreiber TermDD running system `binary: System32\DRIVERS\termdd.sys *TosIde TosIde - disabled `binary: *TSP TSP - on demand `binary: \??\E:\WINDOWS\system32\drivers\klif.sys *Udfs Udfs - disabled `binary: *ultra ultra - disabled `binary: *Microcode Updatetreiber Update running on demand `binary: System32\DRIVERS\update.sys *Microsoft Standard-USB-Haupttreiber usbccgp running on demand `binary: System32\DRIVERS\usbccgp.sys *Miniporttreiber für erweiterten Microsoft USB 2 usbehci running on demand `.0-Hostcontroller `binary: System32\DRIVERS\usbehci.sys *USB2-aktivierter Hub usbhub running on demand `binary: System32\DRIVERS\usbhub.sys *Miniporttreiber für Microsoft USB Open Host-Con usbohci running on demand `troller `binary: System32\DRIVERS\usbohci.sys *Microsoft USB-Druckerklasse usbprint - on demand `binary: System32\DRIVERS\usbprint.sys *USB-Massenspeichertreiber USBSTOR - on demand `binary: System32\DRIVERS\USBSTOR.SYS *Vax347b Vax347b running boot `binary: \SystemRoot\System32\DRIVERS\Vax347b.sys *Vax347s Vax347s running boot `binary: \SystemRoot\System32\Drivers\Vax347s.sys *VgaSave VgaSave running system `binary: \SystemRoot\System32\drivers\vga.sys *ViaIde ViaIde - disabled `binary: *VolSnap VolSnap running boot `binary: *Virtual Seri*hier nicht!* Bus Enumerator vsbus running on demand `binary: System32\DRIVERS\vsb.sys *ELTIMA Virtual Seri*hier nicht!* Ports Driver Seri*hier nicht!* - on demand `binary: System32\DRIVERS\Seri*hier nicht!*.sys *RAS-IP-ARP-Treiber Wanarp - on demand `binary: System32\DRIVERS\wanarp.sys *WDICA WDICA - on demand `binary: *Treiber für Microsoft WINMM-WDM-Audiokompatibil wdmaud - on demand `ität `binary: system32\drivers\wdmaud.sys »VMM32Files (LM) »%System%\VMM32 »%System%\IOSUBSYS »Application specific »MS Office 97/8.0 STARTUP-PATH »Current User »Default User »Local Machine »ICQ NetDetect »Current User »Default User __________ _____________ THX for Helping |
|
|
|
|
|
|
26.07.2006, 14:16
Ehrenmitglied
Beiträge: 29434 |
#55
1.
http://www.f-secure.com/blacklight/ starte die Datei, nimm die Lizenzbestimmung an und waehle scan, wenn es mit dem Scan fertig ist, druecke next und danach close. Nun befindet sich im selben Ordner von Blacklight eine FSB*.TXT Datei 2. Den folgenden Text in den Editor (Start - Zubehör - Editor) kopieren und als listen.bat mit 'Speichern unter' auf dem Desktop. Gebe bei Dateityp 'Alle Dateien' an. Du solltest jetzt auf dem Desktop diese Datei finden. --> die listen.bat doppelt klicken--> kopiere den Text, der erscheint Zitat cd\3, Download Registry Search by Bobbi Flekman http://virus-protect.org/artikel/tools/regsearch.html und doppelklicken, um zu starten. in: "Enter search strings" (reinschreiben oder reinkopieren) YDOYWUBQIID in edit und klicke "Ok". Notepad wird sich oeffnen -- kopiere den Text ab und poste ihn. ist fuer mich: Zitat E:\WINDOWS\wininit.ini __________ MfG Sabina rund um die PC-Sicherheit |
|
|
|
|
|
|
26.07.2006, 14:28
Member
Themenstarter Beiträge: 95 |
#56
Zitat Sabina posteteBeim ausführen der "blbeta.exe" kommt folgende meldung: "F-Secure BlackLight could not acquire necessary privileges (SeDebugPrivilege) - Your computer settings may prevent acquiring these privileges. - A malicious program might have disabled these privileges. " Was soll ich machen ? __________ _____________ THX for Helping |
|
|
|
|
|
|
26.07.2006, 14:31
Moderator
Beiträge: 7805 |
#57
Oh! Dann musst du erst look2me destroyer nutzen, auch wenn du ihn nicht haben solltest!
 http://www.atribune.org/content/view/28/ edit Sabina Look2Me-Destroyer V1.0.5 Lade den L2Me Destroyer hier und speichere Ihn auf deinem Desktop: http://www.atribune.org/content/view/28/ 1 ) Schließe alle offenen Fenster und Doppel-klicke die Look2Me-Destroyer.exe um das Programm zu starten. 2 ) Setzte einen Haken bei run this program as a task 3 ) Es erscheint eine Nachricht in der steht, dass sich innerhalb der naechsten 10 Sekunden der Look2Me Destroyer oeffnen und schliessen wird. 4 ) Klicke auf OK 5 ) Wenn das Programm sich wieder oeffnet, auf scan for L2Me klicken. 6 ) Wenn der Scan fertig ist, auf Remove L2Me klicken. Es erscheint danach eine "Done scanning" Nachricht. Einfach auf "OK" klicken. 7) Nach Beendigung des Scans, kommt folgende Nachricht: Done removing infected files! Look2Me-Destroyer will now shutdown your compute und der PC faehrt herunter. 8 ) PC starten und den Inhalt der C:\Look2Me-Destroyer.txt __________ MfG Ralf SEO-Spam Hunter |
|
|
|
|
|
|
26.07.2006, 14:56
Member
Themenstarter Beiträge: 95 |
#58
So, hab ich gemacht:
Hier das Look2Me-log: Look2Me-Destroyer V1.0.12 Scanning for infected files..... Scan started at 26.07.2006 14:46:06 Attempting to delete infected files... Making registry repairs. Restoring Windows certificates. Replaced hosts file with default windows hosts file Restoring SeDebugPrivilege for Administratoren - Succeeded > Probiere ich jetzt wieder die "blbeta.exe". __________ _____________ THX for Helping |
|
|
|
|
|
|
26.07.2006, 15:00
Moderator
Beiträge: 7805 |
||
|
|
|
|
|
26.07.2006, 15:15
Member
Themenstarter Beiträge: 95 |
#60
Hier der Blacklight-log:
07/26/06 14:58:09 [Info]: BlackLight Engine 1.0.42 initialized 07/26/06 14:58:09 [Info]: OS: 5.1 build 2600 (Service Pack 1) 07/26/06 14:58:09 [Note]: 7019 4 07/26/06 14:58:09 [Note]: 7005 0 07/26/06 14:58:54 [Note]: 7006 0 07/26/06 14:58:54 [Note]: 7011 1432 07/26/06 14:58:56 [Note]: 7026 0 07/26/06 14:58:57 [Note]: 7026 0 07/26/06 14:59:08 [Note]: FSRAW library version 1.7.1019 07/26/06 15:00:59 [Info]: Hidden file: e:\WINDOWS\vuljq1.dll 07/26/06 15:00:59 [Note]: 7002 0 07/26/06 15:00:59 [Note]: 7003 1 07/26/06 15:00:59 [Note]: 10002 1 07/26/06 15:00:59 [Info]: Hidden file: e:\WINDOWS\vuljq1.upd 07/26/06 15:00:59 [Note]: 7002 0 07/26/06 15:00:59 [Note]: 7003 1 07/26/06 15:00:59 [Note]: 10002 1 07/26/06 15:01:00 [Info]: Hidden file: e:\WINDOWS:setupapf.log 07/26/06 15:01:00 [Note]: 7002 0 07/26/06 15:01:00 [Note]: 7003 1 07/26/06 15:02:11 [Note]: 2000 1006 07/26/06 15:02:11 [Note]: 2000 1006 07/26/06 15:02:47 [Note]: 7007 0 Hier der listen.bat-log: Volume in Laufwerk C: hat keine Bezeichnung. Volumeseriennummer: D026-4B55 Verzeichnis von C:\ Volume in Laufwerk C: hat keine Bezeichnung. Volumeseriennummer: D026-4B55 Verzeichnis von C:\ und hier der regsearch-log: REGEDIT4 ; Registry Search 2.0 by Bobbi Flekman © 2005 ; Version: 2.0.1.0 ; Results at 26.07.2006 15:10:18 for strings: ; 'ydoywubqiid' ; Strings excluded from search: ; (None) ; Search in: ; Registry Keys Registry Values Registry Data ; HKEY_LOCAL_MACHINE HKEY_USERS [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_YDOYWUBQIID] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_YDOYWUBQIID\0000] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_YDOYWUBQIID\0000] "Service"="YDOYWUBQIID" "DeviceDesc"="YDOYWUBQIID" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\YDOYWUBQIID] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\YDOYWUBQIID] ; Contents of value: ; e:\dokume~1\admini~1\lokale~1\temp\ydoywubqiid.exe "ImagePath"=hex(2):45,3a,5c,44,4f,4b,55,4d,45,7e,31,5c,41,44,4d,49,4e,49,7e,31,\ 5c,4c,4f,4b,41,4c,45,7e,31,5c,54,65,6d,70,5c,59,44,4f,59,57,55,42,51,49,49,\ 44,2e,65,78,65,00 "DisplayName"="YDOYWUBQIID" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\YDOYWUBQIID\Security] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\YDOYWUBQIID\Enum] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\YDOYWUBQIID\Enum] "0"="Root\\LEGACY_YDOYWUBQIID\\0000" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_YDOYWUBQIID] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_YDOYWUBQIID\0000] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_YDOYWUBQIID\0000] "Service"="YDOYWUBQIID" "DeviceDesc"="YDOYWUBQIID" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\YDOYWUBQIID] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\YDOYWUBQIID] ; Contents of value: ; e:\dokume~1\admini~1\lokale~1\temp\ydoywubqiid.exe "ImagePath"=hex(2):45,3a,5c,44,4f,4b,55,4d,45,7e,31,5c,41,44,4d,49,4e,49,7e,31,\ 5c,4c,4f,4b,41,4c,45,7e,31,5c,54,65,6d,70,5c,59,44,4f,59,57,55,42,51,49,49,\ 44,2e,65,78,65,00 "DisplayName"="YDOYWUBQIID" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\YDOYWUBQIID\Security] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_YDOYWUBQIID] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_YDOYWUBQIID\0000] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_YDOYWUBQIID\0000] "Service"="YDOYWUBQIID" "DeviceDesc"="YDOYWUBQIID" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\YDOYWUBQIID] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\YDOYWUBQIID] ; Contents of value: ; e:\dokume~1\admini~1\lokale~1\temp\ydoywubqiid.exe "ImagePath"=hex(2):45,3a,5c,44,4f,4b,55,4d,45,7e,31,5c,41,44,4d,49,4e,49,7e,31,\ 5c,4c,4f,4b,41,4c,45,7e,31,5c,54,65,6d,70,5c,59,44,4f,59,57,55,42,51,49,49,\ 44,2e,65,78,65,00 "DisplayName"="YDOYWUBQIID" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\YDOYWUBQIID\Security] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\YDOYWUBQIID\Enum] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\YDOYWUBQIID\Enum] "0"="Root\\LEGACY_YDOYWUBQIID\\0000" ; End Of The Log... __________ _____________ THX for Helping |
|
|
|
|
|
Um auf dieses Thema zu ANTWORTEN
bitte erst » hier kostenlos registrieren!!
bitte erst » hier kostenlos registrieren!!
Folgende Themen könnten Dich auch interessieren:
- » PC extrem langsam, Programme lassen sich nicht starten...
- » Programme lassen sich nicht starten + Popups + Disfunktion der Progs!!!
- » Norten AV und Firewall lassen sich nicht mehr starten!!!
- » CWS Shredder / Hijackthis / spybot etc. lassen sich nicht starten
- » XP-Start dauert ewig, Progs lassen sich oft nicht starten
Copyright © 2024, Protecus.de - Protecus Team - Impressum / Mediadaten
Ich suche eigentlich noch meine Aussage, in der ich zu neu Aufsetzen rate. Ich war mir sicher, das ich es geschrieben habe, finde es aber nicht mehr.....
Wenn ich das bei dieser Art von Hijacker/MAlware( wo hast du sie dir eingefangen?) richtig in Erinnerung habe, sind da noch ein bis zwei Rootkits dabei. Nutze bitte mal GMER:
http://virus-protect.org/artikel/tools/gmer.html
__________
MfG Ralf
SEO-Spam Hunter