Generic Host Process for Win32 Services beendet Internetconnection

#0
13.08.2006, 19:01
Ehrenmitglied
Avatar Sabina

Beiträge: 29434
#16 Julia-unwiss

fuer dich geht es hier weiter
http://board.protecus.de/t24794-1.htm#236330
setze unten ein Haekchen, dass du bei Antwort per Mail benachrichtigt wirst
__________
MfG Sabina

rund um die PC-Sicherheit
Seitenanfang Seitenende
13.08.2006, 19:05
Ehrenmitglied
Avatar Sabina

Beiträge: 29434
#17 DonSchmitzo

1.
das anwenden
http://virus-protect.org/windsdoorcleaner.html

2.
Start - Einstellungen - Systemsteuerung - Verwaltung - Computerverwaltung - und dann den Eintrag Dienste auswählen

Automatische Updates
Aktiviert den Download und die Installation von Windows-Updates. Wenn dieser Dienst deaktiviert wird, kann weder die automatische Updatefunktionalität noch die Windows Update-Website verwendet werden.

Ausführende Datei: \WINDOWS\System32\svchost.exe -k netsvcs
Startarten: Manuell, automatisch, deaktiviert
Standard-Einstellung: Automatisch
__________
MfG Sabina

rund um die PC-Sicherheit
Seitenanfang Seitenende
13.08.2006, 19:24
...neu hier

Beiträge: 5
#18 Im übrigen haben wir genau dasselbe Problem, seit gestern halb 10. Wir warten aber erstmal ab, ob die Problemlösungen bei den anderen funktionieren ;)
Seitenanfang Seitenende
13.08.2006, 20:18
...neu hier

Beiträge: 6
#19 Also ich habe die Q17 entfernt und auch die IPs aus meinen Internetverbindungseinstellungen. Aber das Problem besteht weiterhin, leider. ;)

Den F-Secure Scan kann nicht nicht beenden weil die Internetverbindung immer vorher abbricht.


dennoch der Bericht:

Scanning Report
Sunday, August 13, 2006 19:42:24 - 20:07:46

Computer name: CHRIS
Scanning type: Scan system for viruses, rootkits, spyware
Target: C:\ D:\ E:\ F:\ G:\ H:\
Result: 4 malware found
Possible Browser Hijack attempt (spyware)

* System

Tracking Cookie (spyware)

* System (Disinfected)
* System
* System (Submitted)

Statistics
Scanned:

* Files: 24821
* System: 3877
* Not scanned: 2

Actions:

* Disinfected: 1
* Renamed: 0
* Deleted: 0
* None: 3
* Submitted: 1

Files not scanned:

* C:\PAGEFILE.SYS
* C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT

Options
Scanning engines:

* F-Secure AVP: 6.0.171, 2006-08-13
* F-Secure Libra: 2.4.1, 2006-08-11
* F-Secure Orion: 1.2.37, 2006-08-09
* F-Secure Blacklight: 1.0.31, 0000-00-00
* F-Secure Pegasus: 1.19.0, 2006-06-05
* F-Secure Draco: 1.0.35, 2006-08-07

Scanning options:

* Scan defined files: COM EXE SYS OV? BIN SCR DLL SHS HTM HTML HTT VBS JS INF VXD DO? XL? RTF CPL WIZ HTA PP? PWZ P?T MSO PIF . ACM ASP AX CNV CSC DRV INI MDB MPD MPP MPT OBD OBT OCX PCI TLB TSP WBK WBT WPC WSH VWP WML BOO HLP TD0 TT6 MSG ASD JSE VBE WSC CHM EML PRC SHB LNK WSF {* PDF ZL? XML ZIP XXX
* Use Advanced heuristics

Copyright © 1998-2006 Product support |Send virus sample to F-Secure
F-Secure assumes no responsibility for material created or published by third parties that F-Secure World Wide Web pages have a link to. Unless you have clearly stated otherwise, by submitting material to any of our servers, for example by E-mail or via our F-Secure's CGI E-mail, you agree that the material you make available may be published in the F-Secure World Wide Pages or hard-copy publications. You will reach F-Secure public web site by clicking on underlined links. While doing this, your access will be logged to our private access statistics with your domain name.This information will not be given to any third party. You agree not to take action against us in relation to material that you submit. Unless you have clearly stated otherwise, by submitting material you warrant that F-Secure may incorporate any concepts described in it in the F-Secure products/publications without liability.






Logfile of HijackThis v1.99.1
Scan saved at 20:10:05, on 13.08.2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
D:\System\AntiVir PersonalEdition Classic\sched.exe
D:\System\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
D:\Grafik\PowerDVD\PDVDServ.exe
D:\System\Audio\SB Audigy 2\Surround Mixer\CTSysVol.exe
D:\System\Audio\SB Audigy 2\DVDAudio\CTDVDDet.EXE
C:\Programme\Microsoft IntelliType Pro\type32.exe
D:\System\Daemon Tool\daemon.exe
C:\Programme\Java\jre1.5.0_04\bin\jusched.exe
D:\System\Logitec MX510\MouseWare\system\em_exec.exe
C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe
C:\Programme\ATI Technologies\ATI.ACE\cli.exe
D:\System\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\system32\wscntfy.exe
D:\Internet\ICQLite\ICQLite.exe
E:\Adventure\World of Warcraft\BLASC\BLASC.exe
C:\Programme\Messenger\msmsgs.exe
C:\Programme\ATI Technologies\ATI.ACE\cli.exe
C:\Programme\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\system32\dwwin.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Dokumente und Einstellungen\Christian\Desktop\GHPfWS\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://google.icq.com/search/search_frame.php
R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - D:\Internet\ICQToolbar\toolbaru.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Grafik\Adobe Reader 7.0\ActiveX\AcroIEHelper.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - D:\System\Canon PIXMA 2000\Easy-WebPrint\Toolband.dll
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - D:\Internet\ICQToolbar\toolbaru.dll
O4 - HKLM\..\Run: [RemoteControl] D:\Grafik\PowerDVD\PDVDServ.exe
O4 - HKLM\..\Run: [CTSysVol] D:\System\Audio\SB Audigy 2\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [CTDVDDET] D:\System\Audio\SB Audigy 2\DVDAudio\CTDVDDet.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [type32] "C:\Programme\Microsoft IntelliType Pro\type32.exe"
O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Programme\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
O4 - HKLM\..\Run: [DAEMON Tools-1033] "D:\System\Daemon Tool\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programme\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [ATICCC] "C:\Programme\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [avgnt] "D:\System\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [ICQ Lite] "D:\Internet\ICQLite\ICQLite.exe" -minimize
O4 - HKCU\..\Run: [BLASC] "E:\Adventure\World of Warcraft\BLASC\BLASC.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Programme\Messenger\msmsgs.exe" /background
O4 - Global Startup: Adobe Reader - Schnellstart.lnk = D:\Grafik\Adobe Reader 7.0\Reader\reader_sl.exe
O4 - Global Startup: NaturalColorLoad.lnk = ?
O8 - Extra context menu item: &ICQ Toolbar Search - res://D:\Internet\ICQToolbar\toolbaru.dll/SEARCH.HTML
O8 - Extra context menu item: Easy-WebPrint - Drucken - res://D:\System\Canon PIXMA 2000\Easy-WebPrint\Resource.dll/RC_Print.html
O8 - Extra context menu item: Easy-WebPrint - Schnelldruck - res://D:\System\Canon PIXMA 2000\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint - Vorschau - res://D:\System\Canon PIXMA 2000\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint - Zu Druckliste hinzufügen - res://D:\System\Canon PIXMA 2000\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://D:\System\Office\MICROS~1\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - D:\Internet\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - D:\Internet\ICQLite\ICQLite.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O16 - DPF: {9D190AE6-C81E-4039-8061-978EBAD10073} (F-Secure Online Scanner 3.0) - http://support.f-secure.com/ols3/fscax.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{456841A3-FD86-4F5D-A904-367E62FC61EB}: NameServer = 217.237.151.115 217.237.150.188
O23 - Service: AntiVir Scheduler (AntiVirScheduler) - Avira GmbH - D:\System\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Service (AntiVirService) - AVIRA GmbH - D:\System\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Creative Service for CDROM Access - Unknown owner - C:\WINDOWS\System32\CTsvcCDA.exe (file missing)
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - D:\Audio\iPod\bin\iPodService.exe


also nächstes werde ich mir mal die Wiederherstellungspunkte anschauen. Vielleicht bringt es was das System auf letzte Woche wo ich das Prob nicht hatte zurückroll zu lassen.
Seitenanfang Seitenende
13.08.2006, 20:22
...neu hier

Beiträge: 2
#20 Ich hab das Problem auch seit gestern Abend,

ich bin jetzt 1 stunde ohne Fehler Online ich hoffe es bleibt so

Hoffe ihr findet eine lösung ;)
Seitenanfang Seitenende
13.08.2006, 20:33
...neu hier

Beiträge: 3
#21 Hallo,
vorab: bin brand-new hier und habe leider auch keine ahnung von meinem laptop, wenn´s an software, system etc. geht. Leider habe ich exakt das gleiche problem. ist das denn nun eigentlich ein virus? oder ist das jetzt schon eine total blöde frage???

also, habe die beiträge gelesen und nur wirklich wenig verstanden. habe den tipp von sabina an heima befolgt und über gmer, rootkit den scan durchgeführt. Nun habe ich das ergebnis und frage mich, wie ich das hier rein kopieren kann. und soll es dann die show all variante sein; das ist ja tierisch viel!

herzlichen dank im vorraus!!
Seitenanfang Seitenende
13.08.2006, 20:35
Ehrenmitglied
Avatar Sabina

Beiträge: 29434
#22 Graf KiZz

die Internetverbindung ist schon mal o.k. ;)

1.
Windows Worms Doors Cleaner
http://virus-protect.org/windsdoorcleaner.html

2.
scanne mit ewido und poste den scanreport
http://virus-protect.org/ewido.html
__________
MfG Sabina

rund um die PC-Sicherheit
Seitenanfang Seitenende
13.08.2006, 20:36
Ehrenmitglied
Avatar Sabina

Beiträge: 29434
#23 mysty

hast du alle WindowsUpdates geladen ? wenn nein, so hole es fix nach.
+ zusaetzlich:
http://virus-protect.org/windsdoorcleaner.html
__________
MfG Sabina

rund um die PC-Sicherheit
Seitenanfang Seitenende
13.08.2006, 20:37
Ehrenmitglied
Avatar Sabina

Beiträge: 29434
#24 ___sun___

fang erst mal mit dem Log vom HijackTHis an...........

Hijackthis
http://computercops.biz/zx/Merijn/hijackthis.zip
http://virus-protect.org/hjtkurz.html
Lade/entpacke HijackThis in einem Ordner
--> None of the above just start the program --> Save--> Savelog -->es öffnet sich der Editor
nun das KOMPLETTE Log mit rechtem Mausklick abkopieren und ins Forum mit rechtem Mausklick "einfügen"
__________
MfG Sabina

rund um die PC-Sicherheit
Seitenanfang Seitenende
13.08.2006, 21:19
...neu hier

Beiträge: 6
#25 Sabina Chef,

alle Aktion wie empfohlen ausgeführt. Melde gehorsamst folgenden Bericht:



---------------------------------------------------------
ewido anti-spyware - Scan-Bericht
---------------------------------------------------------

+ Erstellt um: 21:16:10 13.08.2006

+ Scan-Ergebnis:



C:\RECYCLER\S-1-5-21-776561741-1078081533-725345543-1003\DC2.0XE -> Downloader.Small.tc : Mit Backup gesäubert (unter Quarantäne gestellt).
C:\Dokumente und Einstellungen\Christian\Cookies\christian@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : Gesäubert.
:mozilla.18:C:\Dokumente und Einstellungen\Christian\Anwendungsdaten\Mozilla\Firefox\Profiles\5qqyyn9a.default\cookies.txt -> TrackingCookie.71i : Gesäubert.
:mozilla.44:C:\Dokumente und Einstellungen\Christian\Anwendungsdaten\Mozilla\Firefox\Profiles\5qqyyn9a.default\cookies.txt -> TrackingCookie.Adition : Gesäubert.

edit


Ob ich jetzt gut schlafen kann?
Seitenanfang Seitenende
13.08.2006, 21:40
Ehrenmitglied
Avatar Sabina

Beiträge: 29434
#26 Graf KiZz

im Grunde muesste nun alles wieder o.k. sein. ;)
ueberpruefe, wenn die Meldung wieder kommt, die Ports und kopiere den Text ab
http://virus-protect.org/artikel/tools/icesword.html
__________
MfG Sabina

rund um die PC-Sicherheit
Seitenanfang Seitenende
13.08.2006, 21:51
...neu hier

Beiträge: 3
#27 So, nachdem ich mal wieder alles runterfahren musste, wg. eben dieses Fehlers, habe ich Deine Anweisungen befolgt. Hier die Kopie:

Logfile of HijackThis v1.99.1
Scan saved at 21:39:58, on 13.08.2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\System32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\Programme\Apoint2K\Apoint.exe
C:\PROGRA~1\LAUNCH~1\CPLBCL53.EXE
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe
C:\Programme\QuickTime\qttask.exe
C:\Programme\Gemeinsame Dateien\G DATA\AVKTray\AVKTray.exe
C:\Programme\T-Online\DSL-Manager\TODslMgr.exe
C:\Programme\BearShare\BearShare.exe
C:\Programme\Java\jre1.5.0_06\bin\jusched.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Programme\Messenger\msmsgs.exe
C:\Programme\Microsoft ActiveSync\wcescomm.exe
C:\Programme\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Programme\Apoint2K\Apntex.exe
C:\PROGRA~1\MICROS~3\rapimgr.exe
C:\Programme\Gemeinsame Dateien\EPSON\EBAPI\eEBSVC.exe
C:\Programme\Gemeinsame Dateien\G DATA\AVKProxy\AVKProxy.exe
C:\Programme\AntiVirusProfiPaket\AVKService.exe
C:\Programme\AntiVirusProfiPaket\AVKWCtl.exe
C:\Programme\Cisco Systems\VPN Client\cvpnd.exe
C:\Programme\Gemeinsame Dateien\EPSON\EBAPI\SAgent2.exe
C:\Programme\T-Online\DSL-Manager\TODslSvc.exe
C:\PROGRAMME\INTERNET EXPLORER\IEXPLORE.EXE
C:\Programme\Microsoft Office\Office10\OUTLOOK.EXE
C:\Dokumente und Einstellungen\Pascale\Lokale Einstellungen\Temp\Temporäres Verzeichnis 1 für hijackthis.zip\HijackThis.exe
C:\WINDOWS\System32\svchost.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://login.1und1.de/xml/config/Login;jsessionid=C3FFB30BBB1D115ADD7CEF367D52077C.TC42b?__frame=_top
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programme\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [LaunchApp] Alaunch
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [Apoint] C:\Programme\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\CPLBCL53.EXE
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [ALDI_SUED_FotoSuite_Download] "C:\Programme\ALDI Sued Foto Service\ALDI_Foto_Service\FotoSuite.exe" /autorun
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [AVKTray] "C:\Programme\Gemeinsame Dateien\G DATA\AVKTray\AVKTray.exe"
O4 - HKLM\..\Run: [T-Online DSL-Manager] "C:\Programme\T-Online\DSL-Manager\TODslMgr.exe"
O4 - HKLM\..\Run: [BearShare] "C:\Programme\BearShare\BearShare.exe" /pause
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programme\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Programme\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Programme\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [updateMgr] "C:\Programme\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_7 -reboot 1
O4 - Global Startup: Microsoft Office.lnk = C:\Programme\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Cisco Systems VPN Client.lnk = C:\Programme\Cisco Systems\VPN Client\vpngui.exe
O4 - Global Startup: EPSON Status Monitor 3 Environment Check(2).lnk = C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV02.EXE
O4 - Global Startup: Acrobat Assistant.lnk = C:\Programme\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: Adobe Reader - Schnellstart.lnk = C:\Programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra 'Tools' menuitem: Mobilen Favoriten erstellen... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O10 - Unknown file in Winsock LSP: c:\windows\system32\spacklsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\spacklsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\spacklsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\spacklsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\spacklsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\spacklsp.dll
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/EPUWALControl_v1-0-3-12.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1143116046903
O16 - DPF: {7CD66D2D-8AB1-4F3A-9133-F7BE30A27498} - https://www.openbc.com/sync/index.cab
O16 - DPF: {88D969C0-F192-11D4-A65F-0040963251E5} (XML DOM Document 4.0) - http://cm4all01.kundenserver.de/app/static/activex/msxml4.cab
O16 - DPF: {ABC1D8DE-CAB5-4FB7-BCD0-137BAB9F09DC} (aldisued-fotos-druck_de_bilduebertragung) - http://www.aldisued-fotos-druck.de/upload/aldi_sued_bilduebertragung.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{8C44CCA6-9918-4170-A20B-47F115EA55B4}: NameServer = 217.237.151.225 217.237.150.225
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: AVKProxy - G DATA Software AG - C:\Programme\Gemeinsame Dateien\G DATA\AVKProxy\AVKProxy.exe
O23 - Service: AVK Service (AVKService) - Unknown owner - C:\Programme\AntiVirusProfiPaket\AVKService.exe
O23 - Service: AVK Wächter (AVKWCtl) - Unknown owner - C:\Programme\AntiVirusProfiPaket\AVKWCtl.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Programme\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: EpsonBidirectionalService - Unknown owner - C:\Programme\Gemeinsame Dateien\EPSON\EBAPI\eEBSVC.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Programme\Gemeinsame Dateien\EPSON\EBAPI\SAgent2.exe
O23 - Service: Pml Driver - HP - C:\WINDOWS\System32\HPHipm09.exe
O23 - Service: T-Online DSL-Manager (TODslService) - T-Systems International GmbH - C:\Programme\T-Online\DSL-Manager\TODslSvc.exe

Bin gespannt auf die Antwort.
Danke!
Seitenanfang Seitenende
13.08.2006, 22:05
...neu hier

Beiträge: 2
#28 ich hatte keine Probleme mehr nach dem Windowsupdate und bin immernoch fehlerfrei Online^^
hoffe ich konnte helfen
Seitenanfang Seitenende
13.08.2006, 23:25
Ehrenmitglied
Avatar Sabina

Beiträge: 29434
#29 ___sun___

alle WindowsUpdates laden - SP2 (falls der Rechner vorher runterfaehrt, lade SP2 von CD, wird immer wieder mal in PC.-Zeitschriften angeboten), falls dein XP das nicht erlaubt, bewege dich in Richtung Computerladen oder per Internet (mit einem anderen Rechner, klar) ...und gebe ca. 80 Euronen fuer ein XP-Home + Key aus .
Die Virenkiddies machen den guten Bill Gates noch ein bisschen reicher ;) ...oder steig um auf Linux.
+ zusaetzlich:
http://virus-protect.org/windsdoorcleaner.html

und C:\Programme\BearShare - solltest du deinstallieren........
__________
MfG Sabina

rund um die PC-Sicherheit
Seitenanfang Seitenende
14.08.2006, 00:47
...neu hier

Beiträge: 5
#30 hier mein gmer scan:

GMER 1.0.10.10122 - http://www.gmer.net
Rootkit 2006-08-13 00:43:45
Windows 5.1.2600 Service Pack 2


---- System - GMER 1.0.10 ----

SSDT \??\C:\Programme\Softwin\BitDefender9\bdrsdrv.sys ZwClose
SSDT \??\C:\Programme\Softwin\BitDefender9\bdrsdrv.sys ZwCreateKey
SSDT \??\C:\Programme\Softwin\BitDefender9\bdrsdrv.sys ZwDeleteKey
SSDT \??\C:\Programme\Softwin\BitDefender9\bdrsdrv.sys ZwDeleteValueKey
SSDT \??\C:\Programme\Softwin\BitDefender9\bdrsdrv.sys ZwEnumerateKey
SSDT \??\C:\Programme\Softwin\BitDefender9\bdrsdrv.sys ZwEnumerateValueKey
SSDT \??\C:\Programme\Softwin\BitDefender9\bdrsdrv.sys ZwFlushKey
SSDT \??\C:\Programme\Softwin\BitDefender9\bdrsdrv.sys ZwLoadKey
SSDT \??\C:\Programme\Softwin\BitDefender9\bdfsdrv.sys ZwOpenFile
SSDT \??\C:\Programme\Softwin\BitDefender9\bdrsdrv.sys ZwOpenKey
SSDT \??\C:\Programme\Softwin\BitDefender9\bdrsdrv.sys ZwQueryKey
SSDT \??\C:\Programme\Softwin\BitDefender9\bdrsdrv.sys ZwQueryValueKey
SSDT \??\C:\Programme\Softwin\BitDefender9\bdrsdrv.sys ZwSetValueKey
SSDT \??\C:\Programme\Softwin\BitDefender9\bdrsdrv.sys ZwUnloadKey

---- Devices - GMER 1.0.10 ----

Device \FileSystem\Ntfs \Ntfs IRP_MJ_CREATE 86799EB0
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_CREATE 861FE0E8
Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_CREATE 8679A9C0
Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_CREATE 8679A9C0
Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_CREATE 8679A9C0
Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_CREATE 8679A9C0
Device \Driver\nvatabus \Device\00000070 IRP_MJ_CREATE 8679A450
Device \Driver\nvatabus \Device\00000070 IRP_MJ_CREATE_NAMED_PIPE 8679A450
Device \Driver\nvatabus \Device\00000070 IRP_MJ_CLOSEIRP_MJ_READ 8679A450
Device \Driver\nvatabus \Device\00000070 IRP_MJ_WRITE 8679A450
Device \Driver\nvatabus \Device\00000070 IRP_MJ_QUERY_INFORMATION 8679A450
Device \Driver\nvatabus \Device\00000070 IRP_MJ_SET_INFORMATION 8679A450
Device \Driver\nvatabus \Device\00000070 IRP_MJ_QUERY_EA 8679A450
Device \Driver\nvatabus \Device\00000070 IRP_MJ_SET_EA 8679A450
Device \Driver\nvatabus \Device\00000070 IRP_MJ_FLUSH_BUFFERS 8679A450
Device \Driver\nvatabus \Device\00000070 IRP_MJ_QUERY_VOLUME_INFORMATION 8679A450
Device \Driver\nvatabus \Device\00000070 IRP_MJ_SET_VOLUME_INFORMATION 8679A450
Device \Driver\nvatabus \Device\00000070 IRP_MJ_DIRECTORY_CONTROL 8679A450
Device \Driver\nvatabus \Device\00000070 IRP_MJ_FILE_SYSTEM_CONTROL 8679A450
Device \Driver\nvatabus \Device\00000070 IRP_MJ_DEVICE_CONTROL 8679A450
Device \Driver\nvatabus \Device\00000070 IRP_MJ_INTERNAL_DEVICE_CONTROL 8679A450
Device \Driver\nvatabus \Device\00000070 IRP_MJ_SHUTDOWN [F786CD60] sfsync02.sys
Device \Driver\nvatabus \Device\00000070 IRP_MJ_LOCK_CONTROL 8679A450
Device \Driver\nvatabus \Device\00000070 IRP_MJ_CLEANUP 8679A450
Device \Driver\nvatabus \Device\00000070 IRP_MJ_CREATE_MAILSLOT 8679A450
Device \Driver\nvatabus \Device\00000070 IRP_MJ_QUERY_SECURITY 8679A450
Device \Driver\nvatabus \Device\00000070 IRP_MJ_SET_SECURITY 8679A450
Device \Driver\nvatabus \Device\00000070 IRP_MJ_POWER 8679A450
Device \Driver\nvatabus \Device\00000070 IRP_MJ_SYSTEM_CONTROL 8679A450
Device \Driver\nvatabus \Device\00000070 IRP_MJ_DEVICE_CHANGE 8679A450
Device \Driver\nvatabus \Device\00000070 IRP_MJ_QUERY_QUOTA 8679A450
Device \Driver\nvatabus \Device\00000070 IRP_MJ_SET_QUOTA 8679A450
Device \Driver\nvatabus \Device\00000070 IRP_MJ_PNP 8679A450
Device \Driver\nvatabus \Device\00000070 IRP_MJ_PNP_POWER 8679A450
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_CREATE 8679AC78
Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_CREATE 8679AC78
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_CREATE 86536730
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_CREATE 862EA0E8
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_CREATE_NAMED_PIPE 862EA0E8
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_CLOSEIRP_MJ_READ 862EA0E8
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_WRITE 862EA0E8
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_QUERY_INFORMATION 862EA0E8
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_SET_INFORMATION 862EA0E8
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_QUERY_EA 862EA0E8
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_SET_EA 862EA0E8
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_FLUSH_BUFFERS 862EA0E8
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_QUERY_VOLUME_INFORMATION 862EA0E8
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_SET_VOLUME_INFORMATION 862EA0E8
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_DIRECTORY_CONTROL 862EA0E8
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_FILE_SYSTEM_CONTROL 862EA0E8
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_DEVICE_CONTROL 862EA0E8
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_INTERNAL_DEVICE_CONTROL 862EA0E8
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_SHUTDOWN 862EA0E8
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_LOCK_CONTROL 862EA0E8
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_CLEANUP 862EA0E8
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_CREATE_MAILSLOT 862EA0E8
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_QUERY_SECURITY 862EA0E8
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_SET_SECURITY 862EA0E8
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_POWER 862EA0E8
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_SYSTEM_CONTROL 862EA0E8
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_DEVICE_CHANGE 862EA0E8
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_QUERY_QUOTA 862EA0E8
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_SET_QUOTA 862EA0E8
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_PNP 862EA0E8
Device \Driver\Ftdisk \Device\HarddiskVolume3 IRP_MJ_CREATE 8679AC78
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_CREATE 86536730
Device \Driver\Ftdisk \Device\HarddiskVolume4 IRP_MJ_CREATE 8679AC78
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_CREATE 86536730
Device \Driver\Cdrom \Device\CdRom3 IRP_MJ_CREATE 86536730
Device \Driver\Cdrom \Device\CdRom4 IRP_MJ_CREATE 86536730
Device \Driver\NetBT \Device\NetBt_Wins_Export IRP_MJ_CREATE 863090E8
Device \Driver\NetBT \Device\NetbiosSmb IRP_MJ_CREATE 863090E8
Device \Driver\00000040 \Device\0000004e IRP_MJ_SYSTEM_CONTROL [F7417EA8] sptd.sys
Device \Driver\00000040 \Device\0000004e IRP_MJ_DEVICE_CHANGE [F742BA70] sptd.sys
Device \Driver\00000040 \Device\0000004e IRP_MJ_PNP_POWER [F7424728] sptd.sys
Device \Driver\Disk \Device\Harddisk0\DR0 IRP_MJ_CREATE 867990E8
Device \Driver\NetBT \Device\NetBT_Tcpip_{2DE40C7C-2DB1-47BE-B994-8E759B2E8837} IRP_MJ_CREATE 863090E8
Device \Driver\Disk \Device\Harddisk1\DR1 IRP_MJ_CREATE 867990E8
Device \Driver\NetBT \Device\NetBT_Tcpip_{43358609-8686-49CA-A6BD-432AF4ED20CE} IRP_MJ_CREATE 863090E8
Device \Driver\nvatabus \Device\NvAta0 IRP_MJ_CREATE 8679A450
Device \Driver\nvatabus \Device\NvAta0 IRP_MJ_CREATE_NAMED_PIPE 8679A450
Device \Driver\nvatabus \Device\NvAta0 IRP_MJ_CLOSEIRP_MJ_READ 8679A450
Device \Driver\nvatabus \Device\NvAta0 IRP_MJ_WRITE 8679A450
Device \Driver\nvatabus \Device\NvAta0 IRP_MJ_QUERY_INFORMATION 8679A450
Device \Driver\nvatabus \Device\NvAta0 IRP_MJ_SET_INFORMATION 8679A450
Device \Driver\nvatabus \Device\NvAta0 IRP_MJ_QUERY_EA 8679A450
Device \Driver\nvatabus \Device\NvAta0 IRP_MJ_SET_EA 8679A450
Device \Driver\nvatabus \Device\NvAta0 IRP_MJ_FLUSH_BUFFERS 8679A450
Device \Driver\nvatabus \Device\NvAta0 IRP_MJ_QUERY_VOLUME_INFORMATION 8679A450
Device \Driver\nvatabus \Device\NvAta0 IRP_MJ_SET_VOLUME_INFORMATION 8679A450
Device \Driver\nvatabus \Device\NvAta0 IRP_MJ_DIRECTORY_CONTROL 8679A450
Device \Driver\nvatabus \Device\NvAta0 IRP_MJ_FILE_SYSTEM_CONTROL 8679A450
Device \Driver\nvatabus \Device\NvAta0 IRP_MJ_DEVICE_CONTROL 8679A450
Device \Driver\nvatabus \Device\NvAta0 IRP_MJ_INTERNAL_DEVICE_CONTROL 8679A450
Device \Driver\nvatabus \Device\NvAta0 IRP_MJ_SHUTDOWN [F786CD60] sfsync02.sys
Device \Driver\nvatabus \Device\NvAta0 IRP_MJ_LOCK_CONTROL 8679A450
Device \Driver\nvatabus \Device\NvAta0 IRP_MJ_CLEANUP 8679A450
Device \Driver\nvatabus \Device\NvAta0 IRP_MJ_CREATE_MAILSLOT 8679A450
Device \Driver\nvatabus \Device\NvAta0 IRP_MJ_QUERY_SECURITY 8679A450
Device \Driver\nvatabus \Device\NvAta0 IRP_MJ_SET_SECURITY 8679A450
Device \Driver\nvatabus \Device\NvAta0 IRP_MJ_POWER 8679A450
Device \Driver\nvatabus \Device\NvAta0 IRP_MJ_SYSTEM_CONTROL 8679A450
Device \Driver\nvatabus \Device\NvAta0 IRP_MJ_DEVICE_CHANGE 8679A450
Device \Driver\nvatabus \Device\NvAta0 IRP_MJ_QUERY_QUOTA 8679A450
Device \Driver\nvatabus \Device\NvAta0 IRP_MJ_SET_QUOTA 8679A450
Device \Driver\nvatabus \Device\NvAta0 IRP_MJ_PNP 8679A450
Device \Driver\nvatabus \Device\NvAta0 IRP_MJ_PNP_POWER 8679A450
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_CREATE 862BBCA0
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_CREATE_NAMED_PIPE 862BBCA0
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_CLOSEIRP_MJ_READ 862BBCA0
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_WRITE 862BBCA0
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_QUERY_INFORMATION 862BBCA0
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SET_INFORMATION 862BBCA0
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_QUERY_EA 862BBCA0
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SET_EA 862BBCA0
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_FLUSH_BUFFERS 862BBCA0
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_QUERY_VOLUME_INFORMATION 862BBCA0
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SET_VOLUME_INFORMATION 862BBCA0
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_DIRECTORY_CONTROL 862BBCA0
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_FILE_SYSTEM_CONTROL 862BBCA0
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_DEVICE_CONTROL 862BBCA0
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_INTERNAL_DEVICE_CONTROL 862BBCA0
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SHUTDOWN 862BBCA0
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_LOCK_CONTROL 862BBCA0
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_CLEANUP 862BBCA0
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_CREATE_MAILSLOT 862BBCA0
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_QUERY_SECURITY 862BBCA0
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SET_SECURITY 862BBCA0
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_POWER 862BBCA0
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SYSTEM_CONTROL 862BBCA0
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_DEVICE_CHANGE 862BBCA0
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_QUERY_QUOTA 862BBCA0
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SET_QUOTA 862BBCA0
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_PNP 862BBCA0
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_PNP_POWER 862BBCA0
Device \Driver\nvatabus \Device\0000006e IRP_MJ_CREATE 8679A450
Device \Driver\nvatabus \Device\0000006e IRP_MJ_CREATE_NAMED_PIPE 8679A450
Device \Driver\nvatabus \Device\0000006e IRP_MJ_CLOSEIRP_MJ_READ 8679A450
Device \Driver\nvatabus \Device\0000006e IRP_MJ_WRITE 8679A450
Device \Driver\nvatabus \Device\0000006e IRP_MJ_QUERY_INFORMATION 8679A450
Device \Driver\nvatabus \Device\0000006e IRP_MJ_SET_INFORMATION 8679A450
Device \Driver\nvatabus \Device\0000006e IRP_MJ_QUERY_EA 8679A450
Device \Driver\nvatabus \Device\0000006e IRP_MJ_SET_EA 8679A450
Device \Driver\nvatabus \Device\0000006e IRP_MJ_FLUSH_BUFFERS 8679A450
Device \Driver\nvatabus \Device\0000006e IRP_MJ_QUERY_VOLUME_INFORMATION 8679A450
Device \Driver\nvatabus \Device\0000006e IRP_MJ_SET_VOLUME_INFORMATION 8679A450
Device \Driver\nvatabus \Device\0000006e IRP_MJ_DIRECTORY_CONTROL 8679A450
Device \Driver\nvatabus \Device\0000006e IRP_MJ_FILE_SYSTEM_CONTROL 8679A450
Device \Driver\nvatabus \Device\0000006e IRP_MJ_DEVICE_CONTROL 8679A450
Device \Driver\nvatabus \Device\0000006e IRP_MJ_INTERNAL_DEVICE_CONTROL 8679A450
Device \Driver\nvatabus \Device\0000006e IRP_MJ_SHUTDOWN [F786CD60] sfsync02.sys
Device \Driver\nvatabus \Device\0000006e IRP_MJ_LOCK_CONTROL 8679A450
Device \Driver\nvatabus \Device\0000006e IRP_MJ_CLEANUP 8679A450
Device \Driver\nvatabus \Device\0000006e IRP_MJ_CREATE_MAILSLOT 8679A450
Device \Driver\nvatabus \Device\0000006e IRP_MJ_QUERY_SECURITY 8679A450
Device \Driver\nvatabus \Device\0000006e IRP_MJ_SET_SECURITY 8679A450
Device \Driver\nvatabus \Device\0000006e IRP_MJ_POWER 8679A450
Device \Driver\nvatabus \Device\0000006e IRP_MJ_SYSTEM_CONTROL 8679A450
Device \Driver\nvatabus \Device\0000006e IRP_MJ_DEVICE_CHANGE 8679A450
Device \Driver\nvatabus \Device\0000006e IRP_MJ_QUERY_QUOTA 8679A450
Device \Driver\nvatabus \Device\0000006e IRP_MJ_SET_QUOTA 8679A450
Device \Driver\nvatabus \Device\0000006e IRP_MJ_PNP 8679A450
Device \Driver\nvatabus \Device\0000006e IRP_MJ_PNP_POWER 8679A450
Device \Driver\nvatabus \Device\NvAta1 IRP_MJ_CREATE 8679A450
Device \Driver\nvatabus \Device\NvAta1 IRP_MJ_CREATE_NAMED_PIPE 8679A450
Device \Driver\nvatabus \Device\NvAta1 IRP_MJ_CLOSEIRP_MJ_READ 8679A450
Device \Driver\nvatabus \Device\NvAta1 IRP_MJ_WRITE 8679A450
Device \Driver\nvatabus \Device\NvAta1 IRP_MJ_QUERY_INFORMATION 8679A450
Device \Driver\nvatabus \Device\NvAta1 IRP_MJ_SET_INFORMATION 8679A450
Device \Driver\nvatabus \Device\NvAta1 IRP_MJ_QUERY_EA 8679A450
Device \Driver\nvatabus \Device\NvAta1 IRP_MJ_SET_EA 8679A450
Device \Driver\nvatabus \Device\NvAta1 IRP_MJ_FLUSH_BUFFERS 8679A450
Device \Driver\nvatabus \Device\NvAta1 IRP_MJ_QUERY_VOLUME_INFORMATION 8679A450
Device \Driver\nvatabus \Device\NvAta1 IRP_MJ_SET_VOLUME_INFORMATION 8679A450
Device \Driver\nvatabus \Device\NvAta1 IRP_MJ_DIRECTORY_CONTROL 8679A450
Device \Driver\nvatabus \Device\NvAta1 IRP_MJ_FILE_SYSTEM_CONTROL 8679A450
Device \Driver\nvatabus \Device\NvAta1 IRP_MJ_DEVICE_CONTROL 8679A450
Device \Driver\nvatabus \Device\NvAta1 IRP_MJ_INTERNAL_DEVICE_CONTROL 8679A450
Device \Driver\nvatabus \Device\NvAta1 IRP_MJ_SHUTDOWN [F786CD60] sfsync02.sys
Device \Driver\nvatabus \Device\NvAta1 IRP_MJ_LOCK_CONTROL 8679A450
Device \Driver\nvatabus \Device\NvAta1 IRP_MJ_CLEANUP 8679A450
Device \Driver\nvatabus \Device\NvAta1 IRP_MJ_CREATE_MAILSLOT 8679A450
Device \Driver\nvatabus \Device\NvAta1 IRP_MJ_QUERY_SECURITY 8679A450
Device \Driver\nvatabus \Device\NvAta1 IRP_MJ_SET_SECURITY 8679A450
Device \Driver\nvatabus \Device\NvAta1 IRP_MJ_POWER 8679A450
Device \Driver\nvatabus \Device\NvAta1 IRP_MJ_SYSTEM_CONTROL 8679A450
Device \Driver\nvatabus \Device\NvAta1 IRP_MJ_DEVICE_CHANGE 8679A450
Device \Driver\nvatabus \Device\NvAta1 IRP_MJ_QUERY_QUOTA 8679A450
Device \Driver\nvatabus \Device\NvAta1 IRP_MJ_SET_QUOTA 8679A450
Device \Driver\nvatabus \Device\NvAta1 IRP_MJ_PNP 8679A450
Device \Driver\nvatabus \Device\NvAta1 IRP_MJ_PNP_POWER 8679A450
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_CREATE 862BBCA0
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_CREATE_NAMED_PIPE 862BBCA0
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_CLOSEIRP_MJ_READ 862BBCA0
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_WRITE 862BBCA0
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_QUERY_INFORMATION 862BBCA0
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SET_INFORMATION 862BBCA0
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_QUERY_EA 862BBCA0
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SET_EA 862BBCA0
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_FLUSH_BUFFERS 862BBCA0
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_QUERY_VOLUME_INFORMATION 862BBCA0
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SET_VOLUME_INFORMATION 862BBCA0
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_DIRECTORY_CONTROL 862BBCA0
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_FILE_SYSTEM_CONTROL 862BBCA0
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_DEVICE_CONTROL 862BBCA0
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_INTERNAL_DEVICE_CONTROL 862BBCA0
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SHUTDOWN 862BBCA0
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_LOCK_CONTROL 862BBCA0
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_CLEANUP 862BBCA0
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_CREATE_MAILSLOT 862BBCA0
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_QUERY_SECURITY 862BBCA0
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SET_SECURITY 862BBCA0
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_POWER 862BBCA0
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SYSTEM_CONTROL 862BBCA0
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_DEVICE_CHANGE 862BBCA0
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_QUERY_QUOTA 862BBCA0
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SET_QUOTA 862BBCA0
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_PNP 862BBCA0
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_PNP_POWER 862BBCA0
Device \Driver\nvatabus \Device\0000006f IRP_MJ_CREATE 8679A450
Device \Driver\nvatabus \Device\0000006f IRP_MJ_CREATE_NAMED_PIPE 8679A450
Device \Driver\nvatabus \Device\0000006f IRP_MJ_CLOSEIRP_MJ_READ 8679A450
Device \Driver\nvatabus \Device\0000006f IRP_MJ_WRITE 8679A450
Device \Driver\nvatabus \Device\0000006f IRP_MJ_QUERY_INFORMATION 8679A450
Device \Driver\nvatabus \Device\0000006f IRP_MJ_SET_INFORMATION 8679A450
Device \Driver\nvatabus \Device\0000006f IRP_MJ_QUERY_EA 8679A450
Device \Driver\nvatabus \Device\0000006f IRP_MJ_SET_EA 8679A450
Device \Driver\nvatabus \Device\0000006f IRP_MJ_FLUSH_BUFFERS 8679A450
Device \Driver\nvatabus \Device\0000006f IRP_MJ_QUERY_VOLUME_INFORMATION 8679A450
Device \Driver\nvatabus \Device\0000006f IRP_MJ_SET_VOLUME_INFORMATION 8679A450
Device \Driver\nvatabus \Device\0000006f IRP_MJ_DIRECTORY_CONTROL 8679A450
Device \Driver\nvatabus \Device\0000006f IRP_MJ_FILE_SYSTEM_CONTROL 8679A450
Device \Driver\nvatabus \Device\0000006f IRP_MJ_DEVICE_CONTROL 8679A450
Device \Driver\nvatabus \Device\0000006f IRP_MJ_INTERNAL_DEVICE_CONTROL 8679A450
Device \Driver\nvatabus \Device\0000006f IRP_MJ_SHUTDOWN [F786CD60] sfsync02.sys
Device \Driver\nvatabus \Device\0000006f IRP_MJ_LOCK_CONTROL 8679A450
Device \Driver\nvatabus \Device\0000006f IRP_MJ_CLEANUP 8679A450
Device \Driver\nvatabus \Device\0000006f IRP_MJ_CREATE_MAILSLOT 8679A450
Device \Driver\nvatabus \Device\0000006f IRP_MJ_QUERY_SECURITY 8679A450
Device \Driver\nvatabus \Device\0000006f IRP_MJ_SET_SECURITY 8679A450
Device \Driver\nvatabus \Device\0000006f IRP_MJ_POWER 8679A450
Device \Driver\nvatabus \Device\0000006f IRP_MJ_SYSTEM_CONTROL 8679A450
Device \Driver\nvatabus \Device\0000006f IRP_MJ_DEVICE_CHANGE 8679A450
Device \Driver\nvatabus \Device\0000006f IRP_MJ_QUERY_QUOTA 8679A450
Device \Driver\nvatabus \Device\0000006f IRP_MJ_SET_QUOTA 8679A450
Device \Driver\nvatabus \Device\0000006f IRP_MJ_PNP 8679A450
Device \Driver\nvatabus \Device\0000006f IRP_MJ_PNP_POWER 8679A450
Device \Driver\nvatabus \Device\NvAta2 IRP_MJ_CREATE 8679A450
Device \Driver\nvatabus \Device\NvAta2 IRP_MJ_CREATE_NAMED_PIPE 8679A450
Device \Driver\nvatabus \Device\NvAta2 IRP_MJ_CLOSEIRP_MJ_READ 8679A450
Device \Driver\nvatabus \Device\NvAta2 IRP_MJ_WRITE 8679A450
Device \Driver\nvatabus \Device\NvAta2 IRP_MJ_QUERY_INFORMATION 8679A450
Device \Driver\nvatabus \Device\NvAta2 IRP_MJ_SET_INFORMATION 8679A450
Device \Driver\nvatabus \Device\NvAta2 IRP_MJ_QUERY_EA 8679A450
Device \Driver\nvatabus \Device\NvAta2 IRP_MJ_SET_EA 8679A450
Device \Driver\nvatabus \Device\NvAta2 IRP_MJ_FLUSH_BUFFERS 8679A450
Device \Driver\nvatabus \Device\NvAta2 IRP_MJ_QUERY_VOLUME_INFORMATION 8679A450
Device \Driver\nvatabus \Device\NvAta2 IRP_MJ_SET_VOLUME_INFORMATION 8679A450
Device \Driver\nvatabus \Device\NvAta2 IRP_MJ_DIRECTORY_CONTROL 8679A450
Device \Driver\nvatabus \Device\NvAta2 IRP_MJ_FILE_SYSTEM_CONTROL 8679A450
Device \Driver\nvatabus \Device\NvAta2 IRP_MJ_DEVICE_CONTROL 8679A450
Device \Driver\nvatabus \Device\NvAta2 IRP_MJ_INTERNAL_DEVICE_CONTROL 8679A450
Device \Driver\nvatabus \Device\NvAta2 IRP_MJ_SHUTDOWN [F786CD60] sfsync02.sys
Device \Driver\nvatabus \Device\NvAta2 IRP_MJ_LOCK_CONTROL 8679A450
Device \Driver\nvatabus \Device\NvAta2 IRP_MJ_CLEANUP 8679A450
Device \Driver\nvatabus \Device\NvAta2 IRP_MJ_CREATE_MAILSLOT 8679A450
Device \Driver\nvatabus \Device\NvAta2 IRP_MJ_QUERY_SECURITY 8679A450
Device \Driver\nvatabus \Device\NvAta2 IRP_MJ_SET_SECURITY 8679A450
Device \Driver\nvatabus \Device\NvAta2 IRP_MJ_POWER 8679A450
Device \Driver\nvatabus \Device\NvAta2 IRP_MJ_SYSTEM_CONTROL 8679A450
Device \Driver\nvatabus \Device\NvAta2 IRP_MJ_DEVICE_CHANGE 8679A450
Device \Driver\nvatabus \Device\NvAta2 IRP_MJ_QUERY_QUOTA 8679A450
Device \Driver\nvatabus \Device\NvAta2 IRP_MJ_SET_QUOTA 8679A450
Device \Driver\nvatabus \Device\NvAta2 IRP_MJ_PNP 8679A450
Device \Driver\nvatabus \Device\NvAta2 IRP_MJ_PNP_POWER 8679A450
Device \FileSystem\Npfs \Device\NamedPipe IRP_MJ_CREATE 861DD0E8
Device \FileSystem\Npfs \Device\NamedPipe IRP_MJ_CREATE_NAMED_PIPE 861DD0E8
Device \FileSystem\Npfs \Device\NamedPipe IRP_MJ_CLOSEIRP_MJ_READ 861DD0E8
Device \FileSystem\Npfs \Device\NamedPipe IRP_MJ_WRITE 861DD0E8
Device \FileSystem\Npfs \Device\NamedPipe IRP_MJ_QUERY_INFORMATION 861DD0E8
Device \FileSystem\Npfs \Device\NamedPipe IRP_MJ_SET_INFORMATION 861DD0E8
Device \FileSystem\Npfs \Device\NamedPipe IRP_MJ_QUERY_EA 861DD0E8
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_CREATE 8679AC78
Device \FileSystem\Msfs \Device\Mailslot IRP_MJ_CREATE 8648EEB0
Device \Driver\dtscsi \Device\Scsi\dtscsi1Port3Path0Target1Lun0 IRP_MJ_CREATE 862ED0E8
Device \Driver\dtscsi \Device\Scsi\dtscsi1Port3Path0Target1Lun0 IRP_MJ_SHUTDOWN [F786CD60] sfsync02.sys
Device \Driver\dtscsi \Device\Scsi\dtscsi1Port3Path0Target3Lun0 IRP_MJ_CREATE 862ED0E8
Device \Driver\dtscsi \Device\Scsi\dtscsi1Port3Path0Target3Lun0 IRP_MJ_SHUTDOWN [F786CD60] sfsync02.sys
Device \Driver\dtscsi \Device\Scsi\dtscsi1 IRP_MJ_CREATE 862ED0E8
Device \Driver\dtscsi \Device\Scsi\dtscsi1 IRP_MJ_SHUTDOWN [F786CD60] sfsync02.sys
Device \Driver\dtscsi \Device\Scsi\dtscsi1Port3Path0Target2Lun0 IRP_MJ_CREATE 862ED0E8
Device \Driver\dtscsi \Device\Scsi\dtscsi1Port3Path0Target2Lun0 IRP_MJ_SHUTDOWN [F786CD60] sfsync02.sys
Device \Driver\dtscsi \Device\Scsi\dtscsi1Port3Path0Target0Lun0 IRP_MJ_CREATE 862ED0E8
Device \Driver\dtscsi \Device\Scsi\dtscsi1Port3Path0Target0Lun0 IRP_MJ_SHUTDOWN [F786CD60] sfsync02.sys
Device \FileSystem\Fastfat \Fat IRP_MJ_CREATE 861FE0E8
Device \FileSystem\Cdfs \Cdfs IRP_MJ_CREATE 863BC0E8

---- Files - GMER 1.0.10 ----

File C:\System Volume Information\MountPointManagerRemoteDatabase
File C:\System Volume Information\tracking.log
File C:\System Volume Information\_restore{7E204FD8-AEB7-472B-A4A5-189A6B69A536}
File F:\System Volume Information\MountPointManagerRemoteDatabase
File F:\System Volume Information\tracking.log
File F:\System Volume Information\_restore{7E204FD8-AEB7-472B-A4A5-189A6B69A536}
File G:\System Volume Information\MountPointManagerRemoteDatabase
File G:\System Volume Information\tracking.log
File G:\System Volume Information\_restore{7E204FD8-AEB7-472B-A4A5-189A6B69A536}

---- EOF - GMER 1.0.10 ----


danke vielmals
Seitenanfang Seitenende
Um auf dieses Thema zu ANTWORTEN
bitte erst » hier kostenlos registrieren!!

Folgende Themen könnten Dich auch interessieren: