Trojaner TR/RKID....0.A und 0.B was kommt noch?

#1 Hab einen Trojaner eingefangen...keine ahnung woher.
Nennt sich TR/RKID.nuclear.0.A und eben sehe ich noch was von ...0.B
Hat mir AntVir als Alarm geschickt.

Weiss nicht weiter...hier mal HighJackThis log:

Logfile of HijackThis v1.99.1
Scan saved at 17:55:08, on 10.01.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Programme\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\ATKKBService.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Programme\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe
C:\Programme\Creative\SBAudigy2ZS\DVDAudio\CTDVDDet.EXE
C:\WINDOWS\CTHELPER.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\Creative\MediaSource\RemoteControl\RCMan.EXE
C:\Programme\Messenger\msmsgs.exe
C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMBgMonitor.exe
C:\PROGRA~1\Microsoft ActiveSync\wcescomm.exe
C:\WINDOWS\scvhost.exe
C:\PROGRA~1\Microsoft ActiveSync\rapimgr.exe
C:\Programme\Logitech\SetPoint\SetPoint.exe
C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMIndexStoreSvr.exe
C:\Programme\ZyXEL Technology Corporation\ZyAIR G-220 Utility\ZDWlan.exe
C:\Programme\Gemeinsame Dateien\Logitech\KhalShared\KHALMNPR.EXE
C:\Programme\Mozilla Firefox\firefox.exe
C:\Programme\AntiVir PersonalEdition Classic\avguard.exe
C:\Programme\Azureus\Azureus.exe
C:\WINDOWS\system32\ping.exe
C:\Dokumente und Einstellungen\word\Desktop\highjack\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://google.icq.com/search/search_frame.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://google.icq.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.arcor.de
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.arcor.de
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.arcor.de
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.arcor.de
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Arcor AG & Co. KG
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [AccG160] C:\PROGRA~1\WLANQU~1\AccG160.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SBDrvDet] C:\Programme\Creative\SB Drive Det\SBDrvDet.exe /r
O4 - HKLM\..\Run: [CTSysVol] C:\Programme\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [CTDVDDET] C:\Programme\Creative\SBAudigy2ZS\DVDAudio\CTDVDDet.EXE
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [WLAN Quick-Starter] "C:\Programme\WLAN Quick-Starter\WLAN Quick-Starter.exe" -update
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [avgnt] "C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [shdef] C:\WINDOWS\shdef.exe
O4 - HKLM\..\Run: [] C:\WINDOWS\scvhost.exe
O4 - HKLM\..\Run: [AntiVir] C:\WINDOWS\scvhost.exe
O4 - HKLM\..\Run: [icq lite] C:\WINDOWS\scvhost.exe
O4 - HKLM\..\Run: [msconfig] C:\WINDOWS\scvhost.exe
O4 - HKLM\..\Run: [Update Checker] C:\WINDOWS\scvhost.exe
O4 - HKLM\..\Run: [Windows Update] C:\WINDOWS\scvhost.exe
O4 - HKLM\..\RunServices: [Windows Update] C:\WINDOWS\svchost.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [RemoteCenter] C:\Programme\Creative\MediaSource\RemoteControl\RCMan.EXE
O4 - HKCU\..\Run: [MSMSGS] "C:\Programme\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\PROGRA~1\Microsoft ActiveSync\wcescomm.exe"
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Programme\Gemeinsame Dateien\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Programme\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: ZDWlan.lnk = ?
O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\Programme\ICQToolbar\toolbaru.dll/SEARCH.HTML
O8 - Extra context menu item: Ausgewählte Verknüpfungen in Adobe PDF konvertieren - res://C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Ausgewählte Verknüpfungen in vorhandene PDF-Datei konvertieren - res://C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Auswahl in Adobe PDF konvertieren - res://C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Auswahl in vorhandene PDF-Datei konvertieren - res://C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\Microsoft Office\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: In Adobe PDF konvertieren - res://C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: In vorhandene PDF-Datei konvertieren - res://C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Verknüpfungsziel in Adobe PDF konvertieren - res://C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Verknüpfungsziel in vorhandene PDF-Datei konvertieren - res://C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\Microsoft ActiveSync\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\Microsoft ActiveSync\INetRepl.dll
O9 - Extra 'Tools' menuitem: Mobilen Favoriten erstellen... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\Microsoft ActiveSync\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\Microsoft Office\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O20 - Winlogon Notify: WBSrv - C:\PROGRA~1\Stardock\Object Desktop\WindowBlinds\wbsrv.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AntiVir PersonalEdition Classic Planer (AntiVirScheduler) - Avira GmbH - C:\Programme\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - AVIRA GmbH - C:\Programme\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: NBService - Nero AG - C:\Programme\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe



Kann mir jemand weiterhelfen ???

Danke schonmal...CU
Euer Bjoern

#2 moartone

ich empfehle zu formatieren - oder willst du dich auf eine notduerftige Reinigung einlassen ?
__________
MfG Sabina

rund um die PC-Sicherheit

#3 oh...ist es doch so schlimm?

#4 1.
poste dieses log
http://virus-protect.org/artikel/tools/combofix.html

2.
Kopiere diese 6 Textdateien ab . (rechtsklick mit der Maus -> den Text markieren -> kopieren -> einfügen) Sie sind nach Datum geordnet. (kopiere nur die letzten 3 Monate ab)
http://virus-protect.org/datfindbat.html
__________
MfG Sabina

rund um die PC-Sicherheit

#5 zu 1.

word - 07-01-10 22:38:32,79 Service Pack 2
ComboFix 06.11.27 - Running from: "C:\Dokumente und Einstellungen\word\Desktop"

((((((((((((((((((((((((((((((( Files Created from 2006-12-10 to 2007-01-10 ))))))))))))))))))))))))))))))))))


2007-01-10 18:16 <DIR> d-------- C:\Programme\Electronic Arts
2007-01-10 17:43 <DIR> d-------- C:\avenger
2007-01-10 17:11 44,544 --------- C:\WINDOWS\nkit.dll
2007-01-10 17:10 841,345 --a------ C:\WINDOWS\TopDeskSetup.exe
2007-01-10 17:06 10,555,599 ---hs---- C:\WINDOWS\scvhost.exe
2007-01-10 16:43 33,952 --a------ C:\WINDOWS\system32\drivers\oreans32.sys
2007-01-10 15:46 <DIR> d-------- C:\Programme\Gothic III
2007-01-09 21:42 <DIR> d-------- C:\Dokumente und Einstellungen\word\Anwendungsdaten\Engelmann Media
2007-01-09 21:29 <DIR> d-------- C:\Programme\S.A.D
2007-01-09 19:20 271,360 --a------ C:\WINDOWS\system32\drivers\atksgt.sys
2007-01-09 19:20 18,048 --a------ C:\WINDOWS\system32\drivers\lirsgt.sys
2007-01-08 20:54 <DIR> d-------- C:\Programme\Graffiti Studio 2.0
2006-12-30 16:26 <DIR> d-------- C:\Programme\GUILD WARS
2006-12-29 18:26 <DIR> dr-h----- C:\MSOCache
2006-12-22 18:31 <DIR> d-------- C:\Programme\Emil Andersson
2006-12-22 18:06 <DIR> d-------- C:\Programme\Okoker Sudoku


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2007-01-10 22:36 -------- d-------- C:\Programme\Mozilla Firefox
2007-01-10 21:40 -------- d-------- C:\Programme\WLAN Quick-Starter
2007-01-10 18:30 -------- d-------- C:\Dokumente und Einstellungen\word\Anwendungsdaten\Azureus
2007-01-09 19:13 -------- d--h----- C:\Programme\InstallShield Installation Information
2007-01-09 19:07 -------- d-------- C:\Programme\Gemeinsame Dateien\Buhl Data Service
2007-01-06 09:19 -------- d-------- C:\Programme\WISO
2007-01-04 23:03 -------- d-------- C:\Programme\Biet-O-Matic
2007-01-03 21:38 -------- d-------- C:\Programme\AntiVir PersonalEdition Classic
2006-12-30 15:34 -------- d-------- C:\Programme\Gemeinsame Dateien\Microsoft Shared
2006-12-25 11:21 125 ---hs---- C:\Dokumente und Einstellungen\word\Anwendungsdaten\.zreglib
2006-12-22 18:37 -------- d-------- C:\Programme\Microsoft.NET
2006-12-19 18:54 -------- d-------- C:\Programme\PKR
2006-12-13 16:34 -------- d-------- C:\Programme\Internet Explorer
2006-12-13 16:33 -------- d-------- C:\Programme\Outlook Express
2006-12-13 16:33 -------- d-------- C:\Programme\Gemeinsame Dateien\System
2006-12-10 15:39 -------- d---s---- C:\Dokumente und Einstellungen\word\Anwendungsdaten\Microsoft
2006-12-07 19:55 162687 --a------ C:\WINDOWS\Audio Converter Pro Uninstaller.exe
2006-12-07 19:55 -------- d-------- C:\Programme\River Past
2006-12-07 19:55 -------- d-------- C:\Programme\Gemeinsame Dateien\River Past
2006-12-07 19:55 -------- d-------- C:\Programme\Gemeinsame Dateien
2006-12-07 19:55 -------- d-------- C:\Dokumente und Einstellungen\word\Anwendungsdaten\River Past G5
2006-12-07 18:00 -------- d-------- C:\Programme\Windows Media Player
2006-12-07 18:00 -------- d-------- C:\Programme\Windows Media Connect 2
2006-12-01 15:35 -------- d-------- C:\Dokumente und Einstellungen\word\Anwendungsdaten\DivX
2006-11-28 21:39 -------- d-------- C:\Programme\Microsoft ActiveSync
2006-11-28 17:37 38461 --a------ C:\Dokumente und Einstellungen\word\Anwendungsdaten\Microsoft Excel.ADR
2006-11-28 17:13 -------- d-------- C:\Programme\Microsoft Office
2006-11-28 17:13 -------- d-------- C:\Programme\Gemeinsame Dateien\DESIGNER
2006-11-27 22:32 -------- d-------- C:\Programme\Citrix
2006-11-27 22:32 -------- d-------- C:\Dokumente und Einstellungen\word\Anwendungsdaten\ICAClient
2006-11-18 16:31 -------- d-------- C:\Programme\EA SPORTS
2006-11-08 06:06 679424 --a------ C:\WINDOWS\system32\inetcomm.dll
2006-10-28 16:29 51032 --a------ C:\Dokumente und Einstellungen\word\Anwendungsdaten\GDIPFONTCACHEV1.DAT
2006-10-22 22:09 81920 --a------ C:\Dokumente und Einstellungen\word\Anwendungsdaten\ezpinst.exe
2006-10-22 22:09 7176 --a------ C:\Dokumente und Einstellungen\word\Anwendungsdaten\pcouffin.cat
2006-10-22 22:09 47360 --a------ C:\Dokumente und Einstellungen\word\Anwendungsdaten\pcouffin.sys
2006-10-22 22:09 33 --a------ C:\Dokumente und Einstellungen\word\Anwendungsdaten\pcouffin.log
2006-10-22 22:09 1144 --a------ C:\Dokumente und Einstellungen\word\Anwendungsdaten\pcouffin.inf
2006-10-21 15:10 2323072 --a------ C:\WINDOWS\system32\TUKernel.exe
2006-10-20 02:38 715776 --a------ C:\WINDOWS\system32\sxs.dll
2006-10-18 23:03 43008 --------- C:\WINDOWS\system32\wpdshextres.dll
2006-10-18 22:58 8704 --a------ C:\WINDOWS\system32\wdfmgr.exe
2006-10-18 22:58 8704 --a------ C:\WINDOWS\system32\uwdf.exe
2006-10-18 22:47 99840 --a------ C:\WINDOWS\system32\wmpshell.dll
2006-10-18 22:47 991744 --a------ C:\WINDOWS\system32\drmv2clt.dll
2006-10-18 22:47 937984 --a------ C:\WINDOWS\system32\WMNetMgr.dll
2006-10-18 22:47 8231936 --a------ C:\WINDOWS\system32\wmploc.dll
2006-10-18 22:47 767488 --------- C:\WINDOWS\system32\WMVSENCD.dll
2006-10-18 22:47 757248 --a------ C:\WINDOWS\system32\WMADMOD.dll
2006-10-18 22:47 7168 --a------ C:\WINDOWS\system32\asferror.dll
2006-10-18 22:47 656896 --------- C:\WINDOWS\system32\WMVXENCD.dll
2006-10-18 22:47 63488 --a------ C:\WINDOWS\system32\wpdmtpus.dll
2006-10-18 22:47 629760 --a------ C:\WINDOWS\system32\wpd_ci.dll
2006-10-18 22:47 613376 --------- C:\WINDOWS\system32\wmpmde.dll
2006-10-18 22:47 603648 --a------ C:\WINDOWS\system32\WMSPDMOD.dll
2006-10-18 22:47 542720 --a------ C:\WINDOWS\system32\blackbox.dll
2006-10-18 22:47 535040 --------- C:\WINDOWS\system32\wmdrmsdk.dll
2006-10-18 22:47 429056 --a------ C:\WINDOWS\system32\wmdrmdev.dll
2006-10-18 22:47 414208 --a------ C:\WINDOWS\system32\msscp.dll
2006-10-18 22:47 4096 --a------ C:\WINDOWS\system32\wmvdmoe2.dll
2006-10-18 22:47 4096 --a------ C:\WINDOWS\system32\wmvdmod.dll
2006-10-18 22:47 4096 --a------ C:\WINDOWS\system32\WMVADVE.DLL
2006-10-18 22:47 4096 --a------ C:\WINDOWS\system32\WMVADVD.dll
2006-10-18 22:47 4096 --a------ C:\WINDOWS\system32\wmsdmoe2.dll
2006-10-18 22:47 4096 --a------ C:\WINDOWS\system32\wmsdmod.dll
2006-10-18 22:47 4096 --a------ C:\WINDOWS\system32\wdfapi.dll
2006-10-18 22:47 4096 --a------ C:\WINDOWS\system32\MPG4DMOD.dll
2006-10-18 22:47 4096 --a------ C:\WINDOWS\system32\MP4SDMOD.dll
2006-10-18 22:47 4096 --a------ C:\WINDOWS\system32\MP43DMOD.dll
2006-10-18 22:47 37376 --a------ C:\WINDOWS\system32\wmdmps.dll
2006-10-18 22:47 35840 --a------ C:\WINDOWS\system32\wpdconns.dll
2006-10-18 22:47 356352 --a------ C:\WINDOWS\system32\wpdsp.dll
2006-10-18 22:47 348672 --a------ C:\WINDOWS\system32\wmdrmnet.dll
2006-10-18 22:47 33792 --a------ C:\WINDOWS\system32\wmdmlog.dll
2006-10-18 22:47 321536 --a------ C:\WINDOWS\system32\mswmdm.dll
2006-10-18 22:47 317440 --------- C:\WINDOWS\system32\MP4SDECD.dll
2006-10-18 22:47 314880 --a------ C:\WINDOWS\system32\wmpdxm.dll
2006-10-18 22:47 295936 --------- C:\WINDOWS\system32\wmpeffects.dll
2006-10-18 22:47 284160 --------- C:\WINDOWS\system32\PortableDeviceApi.dll
2006-10-18 22:47 276992 --a------ C:\WINDOWS\system32\audiodev.dll
2006-10-18 22:47 27136 --a------ C:\WINDOWS\system32\mspmsnsv.dll
2006-10-18 22:47 2603008 --------- C:\WINDOWS\system32\WpdShext.dll
2006-10-18 22:47 259072 --------- C:\WINDOWS\system32\MPG4DECD.dll
2006-10-18 22:47 259072 --------- C:\WINDOWS\system32\MP43DECD.dll
2006-10-18 22:47 2450944 --a------ C:\WINDOWS\system32\wmvcore.dll
2006-10-18 22:47 242688 --a------ C:\WINDOWS\system32\wmpasf.dll
2006-10-18 22:47 229376 --a------ C:\WINDOWS\system32\cewmdm.dll
2006-10-18 22:47 227328 --a------ C:\WINDOWS\system32\wmerror.dll
2006-10-18 22:47 222208 --a------ C:\WINDOWS\system32\wmasf.dll
2006-10-18 22:47 212992 --------- C:\WINDOWS\system32\MFPLAT.dll
2006-10-18 22:47 211456 --a------ C:\WINDOWS\system32\qasf.dll
2006-10-18 22:47 204288 --a------ C:\WINDOWS\system32\wmpsrcwp.dll
2006-10-18 22:47 199168 --------- C:\WINDOWS\system32\PortableDeviceWMDRM.dll
2006-10-18 22:47 179712 --a------ C:\WINDOWS\system32\msnetobj.dll
2006-10-18 22:47 175616 --a------ C:\WINDOWS\system32\mspmsp.dll
2006-10-18 22:47 166912 --------- C:\WINDOWS\system32\PortableDeviceTypes.dll
2006-10-18 22:47 1661440 --a------ C:\WINDOWS\system32\wmpencen.dll
2006-10-18 22:47 1574912 --------- C:\WINDOWS\system32\WMVENCOD.dll
2006-10-18 22:47 157184 --a------ C:\WINDOWS\system32\wmidx.dll
2006-10-18 22:47 154624 --a------ C:\WINDOWS\system32\wpdmtp.dll
2006-10-18 22:47 1543680 --------- C:\WINDOWS\system32\WMVDECOD.dll
2006-10-18 22:47 1382912 --------- C:\WINDOWS\system32\WMVSDECD.dll
2006-10-18 22:47 133632 --------- C:\WINDOWS\system32\WPDShServiceObj.dll
2006-10-18 22:47 1329152 --a------ C:\WINDOWS\system32\WMSPDMOE.dll
2006-10-18 22:47 132096 --------- C:\WINDOWS\system32\PortableDeviceWiaCompat.dll
2006-10-18 22:47 130048 --------- C:\WINDOWS\system32\wmpps.dll
2006-10-18 22:47 11264 --a------ C:\WINDOWS\system32\LAPRXY.dll
2006-10-18 22:47 1117696 --a------ C:\WINDOWS\system32\WMADMOE.dll
2006-10-18 22:47 101888 --------- C:\WINDOWS\system32\PortableDeviceClassExtension.dll
2006-10-18 21:03 100864 --a------ C:\WINDOWS\system32\logagent.exe
2006-10-18 21:00 249856 --------- C:\WINDOWS\system32\drmupgds.exe
2006-10-18 21:00 17408 --------- C:\WINDOWS\system32\wpdshextautoplay.exe
2006-10-13 13:35 65536 --a------ C:\WINDOWS\system32\nwwks.dll
2006-10-13 13:35 64000 --a------ C:\WINDOWS\system32\nwapi32.dll
2006-10-13 13:35 146432 --a------ C:\WINDOWS\system32\nwprovau.dll


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries are not shown

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
"RemoteCenter"="C:\\Programme\\Creative\\MediaSource\\RemoteControl\\RCMan.EXE"
"MSMSGS"="\"C:\\Programme\\Messenger\\msmsgs.exe\" /background"
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="\"C:\\Programme\\Gemeinsame Dateien\\Ahead\\Lib\\NMBgMonitor.exe\""
"H/PC Connection Agent"="\"C:\\PROGRA~1\\Microsoft ActiveSync\\wcescomm.exe\""

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"AccG160"="C:\\PROGRA~1\\WLANQU~1\\AccG160.exe"
"nwiz"="nwiz.exe /install"
"NvMediaCenter"="RUNDLL32.EXE C:\\WINDOWS\\System32\\NvMcTray.dll,NvTaskbarInit"
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\System32\\NvCpl.dll,NvStartup"
"SBDrvDet"="C:\\Programme\\Creative\\SB Drive Det\\SBDrvDet.exe /r"
"CTSysVol"="C:\\Programme\\Creative\\SBAudigy2ZS\\Surround Mixer\\CTSysVol.exe /r"
"CTDVDDET"="C:\\Programme\\Creative\\SBAudigy2ZS\\DVDAudio\\CTDVDDet.EXE"
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE"
"CTHelper"="CTHELPER.EXE"
"WLAN Quick-Starter"="\"C:\\Programme\\WLAN Quick-Starter\\WLAN Quick-Starter.exe\" -update"
"BluetoothAuthenticationAgent"="rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent"
"avgnt"="\"C:\\Programme\\AntiVir PersonalEdition Classic\\avgnt.exe\" /min"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000005

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="Die derzeitige Homepage"
"Flags"=dword:00000002
"Position"=hex:2c,00,00,00,00,01,00,00,00,00,00,00,00,04,00,00,e2,03,00,00,00,\
00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:04,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,ff,ff,00,00,ff,ff,00,00,ff,ff,ff,ff,ff,ff,\
ff,ff,04,00,00,00
"RestoredStateInfo"=hex:18,00,00,00,6a,02,00,00,23,00,00,00,a4,00,00,00,9a,00,\
00,00,01,00,00,00

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\System32\\CTFMON.EXE"

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\System32\\CTFMON.EXE"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
"NoSMBalloonTip"=dword:00000000
"NoSaveSettings"=dword:00000000
"NoRecentDocsHistory"=dword:00000001
"NoLowDiskSpaceChecks"=dword:00000001

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001
"SynchronousMachineGroupPolicy"=dword:00000000
"SynchronousUserGroupPolicy"=dword:00000000

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoStrCmpLogical"=dword:00000001
"LinkResolveIgnoreLinkInfo"=dword:00000000
"NoResolveSearch"=dword:00000001
"NoCDBurning"=dword:00000000

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"
"WPDShServiceObj"="{AAA288BA-9A4C-45B0-95D7-94D524869DB5}"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"mspwr"="C:\\WINDOWS\\System32\\PuXpMan.exe"
"PwrUpTweakMe"="C:\\WINDOWS\\System32\\PUXPTWKS.EXE /TWEAK"
"ISUSPM Startup"="\"C:\\Programme\\Gemeinsame Dateien\\InstallShield\\UpdateService\\isuspm.exe\" -startup"
"ISUSScheduler"="\"C:\\Programme\\Gemeinsame Dateien\\InstallShield\\UpdateService\\issch.exe\" -start"
"SunJavaUpdateSched"="C:\\Programme\\Java\\jre1.5.0_06\\bin\\jusched.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^Adobe Gamma Loader.exe.lnk]
"path"="C:\\Dokumente und Einstellungen\\All Users\\Startmenü\\Programme\\Autostart\\Adobe Gamma Loader.exe.lnk"
"backup"="C:\\WINDOWS\\pss\\Adobe Gamma Loader.exe.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\GEMEIN~1\\Adobe\\CALIBR~1\\ADOBEG~1.EXE "
"item"="Adobe Gamma Loader.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^Adobe Reader - Schnellstart.lnk]
"path"="C:\\Dokumente und Einstellungen\\All Users\\Startmenü\\Programme\\Autostart\\Adobe Reader - Schnellstart.lnk"
"backup"="C:\\WINDOWS\\pss\\Adobe Reader - Schnellstart.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\Adobe\\Acrobat 7.0\\Reader\\reader_sl.exe "
"item"="Adobe Reader - Schnellstart"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Dokumente und Einstellungen^word^Startmenü^Programme^Autostart^Mp3tag Quick Pick.lnk]
"path"="C:\\Dokumente und Einstellungen\\word\\Startmenü\\Programme\\Autostart\\Mp3tag Quick Pick.lnk"
"backup"="C:\\WINDOWS\\pss\\Mp3tag Quick Pick.lnkStartup"
"location"="Startup"
"command"="C:\\PROGRA~1\\Mp3tag\\Mp3tagQuickPick.exe "
"item"="Mp3tag Quick Pick"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Dokumente und Einstellungen^word^Startmenü^Programme^Autostart^Xfire.lnk]
"path"="C:\\Dokumente und Einstellungen\\word\\Startmenü\\Programme\\Autostart\\Xfire.lnk"
"backup"="C:\\WINDOWS\\pss\\Xfire.lnkStartup"
"location"="Startup"
"command"="C:\\PROGRA~1\\Xfire\\Xfire.exe "
"item"="Xfire"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 7.0]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Acrotray"
"hkey"="HKLM"
"command"="\"C:\\Programme\\Adobe\\Acrobat 7.0\\Distillr\\Acrotray.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ICQ Lite]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ICQLite"
"hkey"="HKLM"
"command"="\"C:\\Programme\\ICQLite\\ICQLite.exe\" -minimize"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="msmsgs"
"hkey"="HKCU"
"command"="\"C:\\Programme\\Messenger\\msmsgs.exe\" /background"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="NeroCheck"
"hkey"="HKLM"
"command"="C:\\Programme\\Gemeinsame Dateien\\Ahead\\Lib\\NeroCheck.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Skype"
"hkey"="HKCU"
"command"="\"C:\\Programme\\Skype\\Phone\\Skype.exe\" /nosplash /minimized"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="steam"
"hkey"="HKCU"
"command"="\"c:\\valve\\steam\\steam.exe\" -silent"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdReg]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="UpdReg"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\UpdReg.EXE"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Watchtower Library 2005 - Deutsche Ausgabe]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="wtlib"
"hkey"="HKCU"
"command"="C:\\Programme\\Watchtower\\Watchtower Library 2005\\x\\wtlib.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"wuauserv"=dword:00000002

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WBSrv

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"

Completion time: 07-01-10 22:39:09.89
C:\ComboFix.txt ... 07-01-10 22:39

zu 2.

10.01.2007 21:40 7.275 nvapps.xml
10.01.2007 18:30 1.072 settings.sfm
10.01.2007 18:30 1.072 settingsbkup.sfm
10.01.2007 18:30 11.564 DVCState-{00000001-00000000-00000007-00001102-00000004-20021102}.rfx
10.01.2007 18:30 32.592 BMXState-{00000001-00000000-00000007-00001102-00000004-20021102}.rfx
10.01.2007 18:30 32.592 BMXStateBkp-{00000001-00000000-00000007-00001102-00000004-20021102}.rfx
10.01.2007 18:30 32.088 BMXBkpCtrlState-{00000001-00000000-00000007-00001102-00000004-20021102}.rfx
10.01.2007 18:30 32.088 BMXCtrlState-{00000001-00000000-00000007-00001102-00000004-20021102}.rfx
09.01.2007 18:24 2.284 wpa.dbl
06.01.2007 14:33 267.800 FNTCACHE.DAT
12.12.2006 19:36 383.390 perfh009.dat
12.12.2006 19:36 53.744 perfc009.dat
12.12.2006 19:36 394.234 perfh007.dat
12.12.2006 19:36 64.622 perfc007.dat
12.12.2006 19:36 905.782 PerfStringBackup.INI
07.12.2006 18:00 16.130 spupdsvc.inf
07.12.2006 18:00 16.832 amcompat.tlb
07.12.2006 18:00 23.392 nscompat.tlb
07.12.2006 15:13 10.716.584 MRT.exe
08.11.2006 06:06 679.424 inetcomm.dll
23.10.2006 16:17 615.936 urlmon.dll
23.10.2006 16:17 1.494.528 shdocvw.dll
23.10.2006 16:17 664.576 wininet.dll
23.10.2006 16:17 474.624 shlwapi.dll
23.10.2006 16:17 146.432 msrating.dll
23.10.2006 16:17 532.480 mstime.dll
23.10.2006 16:17 448.512 mshtmled.dll
23.10.2006 16:17 3.076.096 mshtml.dll
23.10.2006 16:17 39.424 pngfilt.dll
23.10.2006 16:17 251.392 iepeers.dll
23.10.2006 16:17 16.384 jsproxy.dll
23.10.2006 16:17 1.056.256 danim.dll
23.10.2006 16:17 96.768 inseng.dll
23.10.2006 16:17 152.064 cdfview.dll
23.10.2006 16:17 1.022.976 browseui.dll
23.10.2006 16:17 357.888 dxtmsft.dll
23.10.2006 16:17 205.312 dxtrans.dll
23.10.2006 16:17 55.808 extmgr.dll
23.10.2006 12:42 123.392 xpsp3res.dll
22.10.2006 22:37 507.392 winlogon.bak
21.10.2006 15:10 2.323.072 TUKernel.exe
20.10.2006 02:38 715.776 sxs.dll
18.10.2006 23:03 43.008 wpdshextres.dll
18.10.2006 22:58 8.704 wdfmgr.exe
18.10.2006 22:58 8.704 uwdf.exe
18.10.2006 22:47 154.624 wpdmtp.dll
18.10.2006 22:47 63.488 wpdmtpus.dll
18.10.2006 22:47 2.603.008 WpdShext.dll
18.10.2006 22:47 656.896 WMVXENCD.dll
18.10.2006 22:47 767.488 WMVSENCD.dll
18.10.2006 22:47 1.382.912 WMVSDECD.dll
18.10.2006 22:47 1.574.912 WMVENCOD.dll
18.10.2006 22:47 4.096 wmvdmoe2.dll
18.10.2006 22:47 4.096 wmvdmod.dll
18.10.2006 22:47 1.543.680 WMVDECOD.dll
18.10.2006 22:47 2.450.944 wmvcore.dll
18.10.2006 22:47 4.096 WMVADVE.DLL
18.10.2006 22:47 4.096 WMVADVD.dll
18.10.2006 22:47 1.329.152 WMSPDMOE.dll
18.10.2006 22:47 603.648 WMSPDMOD.dll
18.10.2006 22:47 4.096 wmsdmoe2.dll
18.10.2006 22:47 4.096 wmsdmod.dll
18.10.2006 22:47 133.632 WPDShServiceObj.dll
18.10.2006 22:47 356.352 wpdsp.dll
18.10.2006 22:47 629.760 wpd_ci.dll
18.10.2006 22:47 2.450.944 SET4C.tmp
18.10.2006 22:47 35.840 wpdconns.dll
18.10.2006 22:47 8.231.936 wmploc.dll
18.10.2006 22:47 1.661.440 wmpencen.dll
18.10.2006 22:47 295.936 wmpeffects.dll
18.10.2006 22:47 314.880 wmpdxm.dll
18.10.2006 22:47 242.688 wmpasf.dll
18.10.2006 22:47 10.834.432 wmp.dll
18.10.2006 22:47 937.984 WMNetMgr.dll
18.10.2006 22:47 157.184 wmidx.dll
18.10.2006 22:47 227.328 wmerror.dll
18.10.2006 22:47 535.040 wmdrmsdk.dll
18.10.2006 22:47 130.048 wmpps.dll
18.10.2006 22:47 613.376 wmpmde.dll
18.10.2006 22:47 99.840 wmpshell.dll
18.10.2006 22:47 204.288 wmpsrcwp.dll
18.10.2006 22:47 348.672 wmdrmnet.dll
18.10.2006 22:47 222.208 wmasf.dll
18.10.2006 22:47 1.117.696 WMADMOE.dll
18.10.2006 22:47 757.248 WMADMOD.dll
18.10.2006 22:47 132.096 PortableDeviceWiaCompat.dll
18.10.2006 22:47 222.208 SET40.tmp
18.10.2006 22:47 101.888 PortableDeviceClassExtension.dll
18.10.2006 22:47 33.792 wmdmlog.dll
18.10.2006 22:47 37.376 wmdmps.dll
18.10.2006 22:47 199.168 PortableDeviceWMDRM.dll
18.10.2006 22:47 284.160 PortableDeviceApi.dll
18.10.2006 22:47 166.912 PortableDeviceTypes.dll
18.10.2006 22:47 211.456 qasf.dll
18.10.2006 22:47 429.056 wmdrmdev.dll
18.10.2006 22:47 4.096 wdfapi.dll
18.10.2006 22:47 27.136 mspmsnsv.dll
18.10.2006 22:47 175.616 mspmsp.dll
18.10.2006 22:47 321.536 mswmdm.dll
18.10.2006 22:47 179.712 msnetobj.dll
18.10.2006 22:47 414.208 msscp.dll
18.10.2006 22:47 11.264 LAPRXY.dll
18.10.2006 22:47 4.096 MP4SDMOD.dll
18.10.2006 22:47 4.096 MP43DMOD.dll
18.10.2006 22:47 317.440 MP4SDECD.dll
18.10.2006 22:47 4.096 MPG4DMOD.dll
18.10.2006 22:47 259.072 MPG4DECD.dll
18.10.2006 22:47 259.072 MP43DECD.dll
18.10.2006 22:47 212.992 MFPLAT.dll
18.10.2006 22:47 229.376 cewmdm.dll
18.10.2006 22:47 991.744 drmv2clt.dll
18.10.2006 22:47 542.720 blackbox.dll
18.10.2006 22:47 7.168 asferror.dll
18.10.2006 22:47 276.992 audiodev.dll
18.10.2006 21:47 2.450.944 SET1B9.tmp
18.10.2006 21:47 937.984 SET1B2.tmp
18.10.2006 21:47 222.208 SET1AD.tmp
18.10.2006 21:05 232.448 l3codecp.acm
18.10.2006 21:03 100.864 logagent.exe
18.10.2006 21:00 249.856 drmupgds.exe
18.10.2006 21:00 17.408 wpdshextautoplay.exe
13.10.2006 13:35 64.000 nwapi32.dll
13.10.2006 13:35 65.536 nwwks.dll
13.10.2006 13:35 146.432 nwprovau.dll
02.10.2006 20:04 806.912 divx_xx07.dll
02.10.2006 20:04 806.912 divx_xx0c.dll
02.10.2006 20:04 790.528 divx_xx11.dll
02.10.2006 20:04 635.486 DivX.dll
02.10.2006 17:58 24.072 uxtuneup.dll
02.10.2006 15:28 312.128 msdelta.dll

--

Datentr„ger in Laufwerk C: ist maniFEST
Volumeseriennummer: E0F2-AEFD

Verzeichnis von C:\DOKUME~1\word\LOKALE~1\Temp

10.01.2007 21:47 16.384 Perflib_Perfdata_704.dat
10.01.2007 21:41 885.440 WCESLog.log
2 Datei(en) 901.824 Bytes
0 Verzeichnis(se), 31.899.119.616 Bytes frei

--

Datentr„ger in Laufwerk C: ist maniFEST
Volumeseriennummer: E0F2-AEFD

Verzeichnis von C:\WINDOWS

10.01.2007 22:32 9 nfsc_patch.ini
10.01.2007 21:44 4.834 offlog.txt
10.01.2007 21:40 4.958.588 {00000001-00000000-00000007-00001102-00000004-20021102}.CDF
10.01.2007 21:27 159 wiadebug.log
10.01.2007 21:27 50 wiaservc.log
10.01.2007 21:27 2.048 bootstat.dat
10.01.2007 18:30 32.630 SchedLgU.Txt
10.01.2007 18:30 1.049.448 WindowsUpdate.log
10.01.2007 18:30 4.958.588 {00000001-00000000-00000007-00001102-00000004-20021102}.BAK
10.01.2007 18:16 394.705 DirectX.log
10.01.2007 17:11 44.544 nkit.dll
10.01.2007 17:11 841.345 TopDeskSetup.exe
10.01.2007 17:10 108.336 mswinsck.ocx
09.01.2007 22:10 379.418 setupapi.log
09.01.2007 21:41 674 win.ini
09.01.2007 21:41 227 system.ini
09.01.2007 19:12 750 wiso.ini
09.01.2007 19:11 263 LEXSTAT.INI
09.01.2007 19:09 2.965 tm.ini
08.01.2007 21:53 24 ES_2_D8.prf
08.01.2007 21:53 24 ES_1_D8.prf
08.01.2007 20:54 24 AM_D8.PRF
08.01.2007 17:22 114.884 wmsetup.log
06.01.2007 19:52 116 NeroDigital.ini
06.01.2007 09:19 258 BUHL.INI
26.12.2006 12:00 34 cdplayer.ini
13.12.2006 16:34 618.922 iis6.log
13.12.2006 16:34 1.393 imsins.log
13.12.2006 16:34 29.578 ocmsn.log
13.12.2006 16:34 26.252 tabletoc.log
13.12.2006 16:34 188.508 comsetup.log
13.12.2006 16:34 246.074 tsoc.log
13.12.2006 16:34 112.583 ntdtcsetup.log
13.12.2006 16:34 18.736 KB925454.log
13.12.2006 16:34 26.637 msgsocm.log
13.12.2006 16:34 36.736 medctroc.Log
13.12.2006 16:34 257.705 ocgen.log
13.12.2006 16:34 90.398 netfxocm.log
13.12.2006 16:34 525.285 FaxSetup.log
13.12.2006 16:34 169.254 msmqinst.log
13.12.2006 16:34 32.950 updspapi.log
13.12.2006 16:34 11.497 KB925398.log
13.12.2006 16:34 1.393 imsins.BAK
13.12.2006 16:33 11.355 KB926255.log
13.12.2006 16:33 11.990 KB923694.log
10.12.2006 14:38 1.187 ie7_main.log
07.12.2006 19:55 162.687 Audio Converter Pro Uninstaller.exe
07.12.2006 18:00 2.759 wmsetup10.log
07.12.2006 18:00 11.203 KB926239.log
07.12.2006 18:00 9.682 MSCompPackV1.log
07.12.2006 18:00 38.494 wmp11.log
07.12.2006 17:59 55.271 WMFDist11.log
07.12.2006 17:59 316.640 WMSysPr9.prx
07.12.2006 17:58 14.631 Wudf01000Inst.log
07.12.2006 17:32 13.475 WMFDist11Uninst.log
07.12.2006 17:20 10.840 wmp11Uninst.log
28.11.2006 21:39 7.821 KB909394.log
28.11.2006 21:39 16.264 KB894476.log
28.11.2006 17:38 748 ODBC.INI
27.11.2006 17:08 330 nsw.log
24.11.2006 19:13 12.521 setuplog.txt
14.11.2006 19:11 16.497 KB923980.log
14.11.2006 19:11 16.212 KB924270.log
14.11.2006 19:11 15.613 KB920213.log
14.11.2006 19:11 17.608 KB922760.log
08.11.2006 21:32 2.263 DXError.log
08.11.2006 14:31 10.555.599 scvhost.exe
25.10.2006 21:53 17.117 hkr32.asm

--

Datentr„ger in Laufwerk C: ist maniFEST
Volumeseriennummer: E0F2-AEFD

Verzeichnis von C:\WINDOWS\Temp

--

Datentr„ger in Laufwerk C: ist maniFEST
Volumeseriennummer: E0F2-AEFD

Verzeichnis von C:\WINDOWS\Downloaded Program Files

14.02.2006 17:11 65 desktop.ini
11.08.2005 15:30 417.792 isusweb.dll
30.06.2003 22:41 1.689 WMV9VCM.inf
25.07.2002 17:13 24.576 dwusplay.dll
25.07.2002 17:13 196.608 dwusplay.exe
5 Datei(en) 640.730 Bytes
0 Verzeichnis(se), 31.898.955.776 Bytes frei

--

Datentr„ger in Laufwerk C: ist maniFEST
Volumeseriennummer: E0F2-AEFD

Verzeichnis von C:\

10.01.2007 22:50 0 sys.txt
10.01.2007 22:50 489 down.txt
10.01.2007 22:49 112 tmp.txt
10.01.2007 22:48 13.036 system.txt
10.01.2007 22:47 348 systemtemp.txt
10.01.2007 22:45 115.272 system32.txt
10.01.2007 22:39 19.632 ComboFix.txt
10.01.2007 21:27 2.145.386.496 pagefile.sys
10.01.2007 17:31 588 avenger.txt
10.01.2007 17:30 518 yiaitnng.txt
09.01.2007 21:41 337 boot.ini
25.09.2006 19:16 60 AUTOEXEC.BAT
26.02.2006 11:14 47.564 NTDETECT.COM
26.02.2006 11:14 251.184 ntldr
14.02.2006 17:12 0 CONFIG.SYS
14.02.2006 17:12 0 IO.SYS
14.02.2006 17:12 0 MSDOS.SYS
18.08.2001 13:00 4.952 bootfont.bin
18 Datei(en) 2.145.840.588 Bytes
0 Verzeichnis(se), 31.898.951.680 Bytes frei

#6 moartone

Information: nkit.dll
http://virus-protect.org/artikel/spyware/spr4.html

_____________________________________________________

««
http://virus-protect.org/zip/gmer.zip
nutze Gmer Starte es und schaue, ob es schon was meldet. Macht es das, bitte alle Fragen mit nein beantworten, auf den Reiter rootkit gehen, wiederum die Frage mit nein beantworten und mit Hilfe von copy den Bericht hier einfuegen. Meldet es so nichts, gehe auf den Reiter Rootkit und mache einen Scan. ist dieser Beendet, wähle Copy und füge den Bericht ein.

««
Download Registry Search by Bobbi Flekman
http://virus-protect.org/artikel/tools/regsearch.html
und doppelklicken, um zu starten.
in: "Enter search strings" (reinschreiben oder reinkopieren)

shdef
scvhost
oreans32

in edit und klicke "Ok".
Notepad wird sich öffnen -- kopiere den Text ab und poste ihn.

-----------------------------------------------------------------------
Avenger
http://virus-protect.org/artikel/tools/avenger.html
kopiere rein:

Zitat

Registry values to delete:
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer|NoResolveSearch

registry keys to delete:
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\oreans32
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\oreans32
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\oreans32
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\oreans32
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_OREANS32

Files to delete:
C:\WINDOWS\nkit.dll
C:\WINDOWS\scvhost.exe
C:\WINDOWS\shdef.exe
C:\WINDOWS\hkr32.asm
C:\WINDOWS\system32\drivers\oreans32.sys

»»
scanne und poste den scanreport
http://virus-protect.org/cureit.html
__________
MfG Sabina

rund um die PC-Sicherheit

#7 hey sabina...
gefragt wurde ich gar nichts...hab einfach gescannt und hier das log:

GMER 1.0.12.12011 - http://www.gmer.net
Rootkit scan 2007-01-11 16:21:23
Windows 5.1.2600 Service Pack 2


---- System - GMER 1.0.12 ----

SSDT sptd.sys ZwCreateKey
SSDT sptd.sys ZwEnumerateKey
SSDT sptd.sys ZwEnumerateValueKey
SSDT sptd.sys ZwOpenKey
SSDT sptd.sys ZwQueryKey
SSDT sptd.sys ZwQueryValueKey
SSDT sptd.sys ZwSetValueKey

---- Kernel code sections - GMER 1.0.12 ----

.text USBPORT.SYS!DllUnload BAE6362C 5 Bytes JMP 897AF4B8

---- Devices - GMER 1.0.12 ----

Device \FileSystem\Ntfs \Ntfs IRP_MJ_CREATE 898CA1D8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_CLOSE 898CA1D8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_READ 898CA1D8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_WRITE 898CA1D8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_INFORMATION 898CA1D8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_SET_INFORMATION 898CA1D8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_EA 898CA1D8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_SET_EA 898CA1D8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_FLUSH_BUFFERS 898CA1D8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_VOLUME_INFORMATION 898CA1D8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_SET_VOLUME_INFORMATION 898CA1D8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_DIRECTORY_CONTROL 898CA1D8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_FILE_SYSTEM_CONTROL 898CA1D8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_DEVICE_CONTROL 898CA1D8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_SHUTDOWN 898CA1D8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_LOCK_CONTROL 898CA1D8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_CLEANUP 898CA1D8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_SECURITY 898CA1D8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_SET_SECURITY 898CA1D8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_QUOTA 898CA1D8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_SET_QUOTA 898CA1D8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_PNP 898CA1D8
Device \Driver\usbohci \Device\USBPDO-0 IRP_MJ_CREATE 897AE990
Device \Driver\usbohci \Device\USBPDO-0 IRP_MJ_CLOSE 897AE990
Device \Driver\usbohci \Device\USBPDO-0 IRP_MJ_DEVICE_CONTROL 897AE990
Device \Driver\usbohci \Device\USBPDO-0 IRP_MJ_INTERNAL_DEVICE_CONTROL 897AE990
Device \Driver\usbohci \Device\USBPDO-0 IRP_MJ_POWER 897AE990
Device \Driver\usbohci \Device\USBPDO-0 IRP_MJ_SYSTEM_CONTROL 897AE990
Device \Driver\usbohci \Device\USBPDO-0 IRP_MJ_PNP 897AE990
Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_CREATE 898651D8
Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_CLOSE 898651D8
Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_READ 898651D8
Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_WRITE 898651D8
Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_FLUSH_BUFFERS 898651D8
Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_DEVICE_CONTROL 898651D8
Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_INTERNAL_DEVICE_CONTROL 898651D8
Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_SHUTDOWN 898651D8
Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_POWER 898651D8
Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_SYSTEM_CONTROL 898651D8
Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_PNP 898651D8
Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_CREATE 898651D8
Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_CLOSE 898651D8
Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_READ 898651D8
Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_WRITE 898651D8
Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_FLUSH_BUFFERS 898651D8
Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_DEVICE_CONTROL 898651D8
Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_INTERNAL_DEVICE_CONTROL 898651D8
Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_SHUTDOWN 898651D8
Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_POWER 898651D8
Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_SYSTEM_CONTROL 898651D8
Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_PNP 898651D8
Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_CREATE 898651D8
Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_CLOSE 898651D8
Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_READ 898651D8
Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_WRITE 898651D8
Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_FLUSH_BUFFERS 898651D8
Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_DEVICE_CONTROL 898651D8
Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_INTERNAL_DEVICE_CONTROL 898651D8
Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_SHUTDOWN 898651D8
Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_POWER 898651D8
Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_SYSTEM_CONTROL 898651D8
Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_PNP 898651D8
Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_CREATE 898651D8
Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_CLOSE 898651D8
Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_READ 898651D8
Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_WRITE 898651D8
Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_FLUSH_BUFFERS 898651D8
Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_DEVICE_CONTROL 898651D8
Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_INTERNAL_DEVICE_CONTROL 898651D8
Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_SHUTDOWN 898651D8
Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_POWER 898651D8
Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_SYSTEM_CONTROL 898651D8
Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_PNP 898651D8
Device \Driver\dmio \Device\HarddiskDmVolumes\PhysicalDmVolumes\RawVolume1 IRP_MJ_CREATE 898651D8
Device \Driver\dmio \Device\HarddiskDmVolumes\PhysicalDmVolumes\RawVolume1 IRP_MJ_CLOSE 898651D8
Device \Driver\dmio \Device\HarddiskDmVolumes\PhysicalDmVolumes\RawVolume1 IRP_MJ_READ 898651D8
Device \Driver\dmio \Device\HarddiskDmVolumes\PhysicalDmVolumes\RawVolume1 IRP_MJ_WRITE 898651D8
Device \Driver\dmio \Device\HarddiskDmVolumes\PhysicalDmVolumes\RawVolume1 IRP_MJ_FLUSH_BUFFERS 898651D8
Device \Driver\dmio \Device\HarddiskDmVolumes\PhysicalDmVolumes\RawVolume1 IRP_MJ_DEVICE_CONTROL 898651D8
Device \Driver\dmio \Device\HarddiskDmVolumes\PhysicalDmVolumes\RawVolume1 IRP_MJ_INTERNAL_DEVICE_CONTROL 898651D8
Device \Driver\dmio \Device\HarddiskDmVolumes\PhysicalDmVolumes\RawVolume1 IRP_MJ_SHUTDOWN 898651D8
Device \Driver\dmio \Device\HarddiskDmVolumes\PhysicalDmVolumes\RawVolume1 IRP_MJ_POWER 898651D8
Device \Driver\dmio \Device\HarddiskDmVolumes\PhysicalDmVolumes\RawVolume1 IRP_MJ_SYSTEM_CONTROL 898651D8
Device \Driver\dmio \Device\HarddiskDmVolumes\PhysicalDmVolumes\RawVolume1 IRP_MJ_PNP 898651D8
Device \Driver\dmio \Device\HarddiskDmVolumes\PhysicalDmVolumes\BlockVolume1 IRP_MJ_CREATE 898651D8
Device \Driver\dmio \Device\HarddiskDmVolumes\PhysicalDmVolumes\BlockVolume1 IRP_MJ_CLOSE 898651D8
Device \Driver\dmio \Device\HarddiskDmVolumes\PhysicalDmVolumes\BlockVolume1 IRP_MJ_READ 898651D8
Device \Driver\dmio \Device\HarddiskDmVolumes\PhysicalDmVolumes\BlockVolume1 IRP_MJ_WRITE 898651D8
Device \Driver\dmio \Device\HarddiskDmVolumes\PhysicalDmVolumes\BlockVolume1 IRP_MJ_FLUSH_BUFFERS 898651D8
Device \Driver\dmio \Device\HarddiskDmVolumes\PhysicalDmVolumes\BlockVolume1 IRP_MJ_DEVICE_CONTROL 898651D8
Device \Driver\dmio \Device\HarddiskDmVolumes\PhysicalDmVolumes\BlockVolume1 IRP_MJ_INTERNAL_DEVICE_CONTROL 898651D8
Device \Driver\dmio \Device\HarddiskDmVolumes\PhysicalDmVolumes\BlockVolume1 IRP_MJ_SHUTDOWN 898651D8
Device \Driver\dmio \Device\HarddiskDmVolumes\PhysicalDmVolumes\BlockVolume1 IRP_MJ_POWER 898651D8
Device \Driver\dmio \Device\HarddiskDmVolumes\PhysicalDmVolumes\BlockVolume1 IRP_MJ_SYSTEM_CONTROL 898651D8
Device \Driver\dmio \Device\HarddiskDmVolumes\PhysicalDmVolumes\BlockVolume1 IRP_MJ_PNP 898651D8
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_CREATE 898CD1D8
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_READ 898CD1D8
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_WRITE 898CD1D8
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_FLUSH_BUFFERS 898CD1D8
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_DEVICE_CONTROL 898CD1D8
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_INTERNAL_DEVICE_CONTROL 898CD1D8
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_SHUTDOWN 898CD1D8
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_CLEANUP 898CD1D8
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_POWER 898CD1D8
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_SYSTEM_CONTROL 898CD1D8
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_PNP 898CD1D8
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_CREATE 8980E7D0
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_CLOSE 8980E7D0
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_READ 87C7DAB0
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_WRITE 8980E7D0
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_FLUSH_BUFFERS 8980E7D0
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_DEVICE_CONTROL 88288848
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_INTERNAL_DEVICE_CONTROL 8980E7D0
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SHUTDOWN 8980E7D0
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_POWER 8980E7D0
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SYSTEM_CONTROL 8980E7D0
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_PNP 8980E7D0
Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_CREATE 898CD1D8
Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_READ 898CD1D8
Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_WRITE 898CD1D8
Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_FLUSH_BUFFERS 898CD1D8
Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_DEVICE_CONTROL 898CD1D8
Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_INTERNAL_DEVICE_CONTROL 898CD1D8
Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_SHUTDOWN 898CD1D8
Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_CLEANUP 898CD1D8
Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_POWER 898CD1D8
Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_SYSTEM_CONTROL 898CD1D8
Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_PNP 898CD1D8
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_CREATE 8980E7D0
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_CLOSE 8980E7D0
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_READ 87C7DAB0
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_WRITE 8980E7D0
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_FLUSH_BUFFERS 8980E7D0
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_DEVICE_CONTROL 88288848
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_INTERNAL_DEVICE_CONTROL 8980E7D0
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SHUTDOWN 8980E7D0
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_POWER 8980E7D0
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SYSTEM_CONTROL 8980E7D0
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_PNP 8980E7D0
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_CREATE 8980E7D0
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_CLOSE 8980E7D0
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_READ 87C7DAB0
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_WRITE 8980E7D0
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_FLUSH_BUFFERS 8980E7D0
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_DEVICE_CONTROL 88288848
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_INTERNAL_DEVICE_CONTROL 8980E7D0
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_SHUTDOWN 8980E7D0
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_POWER 8980E7D0
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_SYSTEM_CONTROL 8980E7D0
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_PNP 8980E7D0
Device \Driver\nvatabus \Device\00000076 IRP_MJ_INTERNAL_DEVICE_CONTROL 87C1E968
Device \Driver\USBSTOR \Device\00000082 IRP_MJ_CREATE 87D441D8
Device \Driver\USBSTOR \Device\00000082 IRP_MJ_CLOSE 87D441D8
Device \Driver\USBSTOR \Device\00000082 IRP_MJ_READ 87D441D8
Device \Driver\USBSTOR \Device\00000082 IRP_MJ_WRITE 87D441D8
Device \Driver\USBSTOR \Device\00000082 IRP_MJ_DEVICE_CONTROL 87D441D8
Device \Driver\USBSTOR \Device\00000082 IRP_MJ_INTERNAL_DEVICE_CONTROL 87D441D8
Device \Driver\USBSTOR \Device\00000082 IRP_MJ_POWER 87D441D8
Device \Driver\USBSTOR \Device\00000082 IRP_MJ_SYSTEM_CONTROL 87D441D8
Device \Driver\USBSTOR \Device\00000082 IRP_MJ_PNP 87D441D8
Device \Driver\nvatabus \Device\00000077 IRP_MJ_INTERNAL_DEVICE_CONTROL 87C1E968
Device \Driver\NetBT \Device\NetBt_Wins_Export IRP_MJ_CREATE 87D681D8
Device \Driver\NetBT \Device\NetBt_Wins_Export IRP_MJ_CLOSE 87D681D8
Device \Driver\NetBT \Device\NetBt_Wins_Export IRP_MJ_DEVICE_CONTROL 87D681D8
Device \Driver\NetBT \Device\NetBt_Wins_Export IRP_MJ_INTERNAL_DEVICE_CONTROL 87D681D8
Device \Driver\NetBT \Device\NetBt_Wins_Export IRP_MJ_CLEANUP 87D681D8
Device \Driver\NetBT \Device\NetBt_Wins_Export IRP_MJ_PNP 87D681D8
Device \Driver\USBSTOR \Device\00000084 IRP_MJ_CREATE 87D441D8
Device \Driver\USBSTOR \Device\00000084 IRP_MJ_CLOSE 87D441D8
Device \Driver\USBSTOR \Device\00000084 IRP_MJ_READ 87D441D8
Device \Driver\USBSTOR \Device\00000084 IRP_MJ_WRITE 87D441D8
Device \Driver\USBSTOR \Device\00000084 IRP_MJ_DEVICE_CONTROL 87D441D8
Device \Driver\USBSTOR \Device\00000084 IRP_MJ_INTERNAL_DEVICE_CONTROL 87D441D8
Device \Driver\USBSTOR \Device\00000084 IRP_MJ_POWER 87D441D8
Device \Driver\USBSTOR \Device\00000084 IRP_MJ_SYSTEM_CONTROL 87D441D8
Device \Driver\USBSTOR \Device\00000084 IRP_MJ_PNP 87D441D8
Device \Driver\nvatabus \Device\00000078 IRP_MJ_INTERNAL_DEVICE_CONTROL 87C1E968
Device \Driver\NetBT \Device\NetbiosSmb IRP_MJ_CREATE 87D681D8
Device \Driver\NetBT \Device\NetbiosSmb IRP_MJ_CLOSE 87D681D8
Device \Driver\NetBT \Device\NetbiosSmb IRP_MJ_DEVICE_CONTROL 87D681D8
Device \Driver\NetBT \Device\NetbiosSmb IRP_MJ_INTERNAL_DEVICE_CONTROL 87D681D8
Device \Driver\NetBT \Device\NetbiosSmb IRP_MJ_CLEANUP 87D681D8
Device \Driver\NetBT \Device\NetbiosSmb IRP_MJ_PNP 87D681D8
Device \Driver\NetBT \Device\NetBT_Tcpip_{5F09A831-41C1-4E5D-8896-CACF5392E4AD} IRP_MJ_CREATE 87D681D8
Device \Driver\NetBT \Device\NetBT_Tcpip_{5F09A831-41C1-4E5D-8896-CACF5392E4AD} IRP_MJ_CLOSE 87D681D8
Device \Driver\NetBT \Device\NetBT_Tcpip_{5F09A831-41C1-4E5D-8896-CACF5392E4AD} IRP_MJ_DEVICE_CONTROL 87D681D8
Device \Driver\NetBT \Device\NetBT_Tcpip_{5F09A831-41C1-4E5D-8896-CACF5392E4AD} IRP_MJ_INTERNAL_DEVICE_CONTROL 87D681D8
Device \Driver\NetBT \Device\NetBT_Tcpip_{5F09A831-41C1-4E5D-8896-CACF5392E4AD} IRP_MJ_CLEANUP 87D681D8
Device \Driver\NetBT \Device\NetBT_Tcpip_{5F09A831-41C1-4E5D-8896-CACF5392E4AD} IRP_MJ_PNP 87D681D8
Device \Driver\usbohci \Device\USBFDO-0 IRP_MJ_CREATE 897AE990
Device \Driver\usbohci \Device\USBFDO-0 IRP_MJ_CLOSE 897AE990
Device \Driver\usbohci \Device\USBFDO-0 IRP_MJ_DEVICE_CONTROL 897AE990
Device \Driver\usbohci \Device\USBFDO-0 IRP_MJ_INTERNAL_DEVICE_CONTROL 897AE990
Device \Driver\usbohci \Device\USBFDO-0 IRP_MJ_POWER 897AE990
Device \Driver\usbohci \Device\USBFDO-0 IRP_MJ_SYSTEM_CONTROL 897AE990
Device \Driver\usbohci \Device\USBFDO-0 IRP_MJ_PNP 897AE990
Device \Driver\nvatabus \Device\NvAta0 IRP_MJ_INTERNAL_DEVICE_CONTROL 87C1E968
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_CREATE 87D491D8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_CREATE_NAMED_PIPE 87D491D8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_CLOSE 87D491D8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_READ 87D491D8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_WRITE 87D491D8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_QUERY_INFORMATION 87D491D8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SET_INFORMATION 87D491D8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_QUERY_EA 87D491D8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SET_EA 87D491D8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_FLUSH_BUFFERS 87D491D8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_QUERY_VOLUME_INFORMATION 87D491D8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SET_VOLUME_INFORMATION 87D491D8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_DIRECTORY_CONTROL 87D491D8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_FILE_SYSTEM_CONTROL 87D491D8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_DEVICE_CONTROL 87D491D8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_INTERNAL_DEVICE_CONTROL 87D491D8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SHUTDOWN 87D491D8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_LOCK_CONTROL 87D491D8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_CLEANUP 87D491D8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_CREATE_MAILSLOT 87D491D8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_QUERY_SECURITY 87D491D8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SET_SECURITY 87D491D8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_POWER 87D491D8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SYSTEM_CONTROL 87D491D8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_DEVICE_CHANGE 87D491D8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_QUERY_QUOTA 87D491D8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SET_QUOTA 87D491D8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_PNP 87D491D8
Device \Driver\nvatabus \Device\NvAta1 IRP_MJ_INTERNAL_DEVICE_CONTROL 87C1E968
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_CREATE 87D491D8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_CREATE_NAMED_PIPE 87D491D8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_CLOSE 87D491D8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_READ 87D491D8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_WRITE 87D491D8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_QUERY_INFORMATION 87D491D8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SET_INFORMATION 87D491D8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_QUERY_EA 87D491D8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SET_EA 87D491D8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_FLUSH_BUFFERS 87D491D8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_QUERY_VOLUME_INFORMATION 87D491D8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SET_VOLUME_INFORMATION 87D491D8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_DIRECTORY_CONTROL 87D491D8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_FILE_SYSTEM_CONTROL 87D491D8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_DEVICE_CONTROL 87D491D8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_INTERNAL_DEVICE_CONTROL 87D491D8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SHUTDOWN 87D491D8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_LOCK_CONTROL 87D491D8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_CLEANUP 87D491D8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_CREATE_MAILSLOT 87D491D8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_QUERY_SECURITY 87D491D8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SET_SECURITY 87D491D8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_POWER 87D491D8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SYSTEM_CONTROL 87D491D8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_DEVICE_CHANGE 87D491D8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_QUERY_QUOTA 87D491D8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SET_QUOTA 87D491D8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_PNP 87D491D8
Device \Driver\nvatabus \Device\NvAta2 IRP_MJ_INTERNAL_DEVICE_CONTROL 87C1E968
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_CREATE 898CD1D8
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_READ 898CD1D8
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_WRITE 898CD1D8
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_FLUSH_BUFFERS 898CD1D8
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_DEVICE_CONTROL 898CD1D8
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_INTERNAL_DEVICE_CONTROL 898CD1D8
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_SHUTDOWN 898CD1D8
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_CLEANUP 898CD1D8
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_POWER 898CD1D8
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_SYSTEM_CONTROL 898CD1D8
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_PNP 898CD1D8
Device \Driver\uscsc109 \Device\Scsi\uscsc1091 IRP_MJ_CREATE 8962E558
Device \Driver\uscsc109 \Device\Scsi\uscsc1091 IRP_MJ_CREATE_NAMED_PIPE 8962E558
Device \Driver\uscsc109 \Device\Scsi\uscsc1091 IRP_MJ_CLOSE 8962E558
Device \Driver\uscsc109 \Device\Scsi\uscsc1091 IRP_MJ_READ 8962E558
Device \Driver\uscsc109 \Device\Scsi\uscsc1091 IRP_MJ_WRITE 8962E558
Device \Driver\uscsc109 \Device\Scsi\uscsc1091 IRP_MJ_QUERY_INFORMATION 8962E558
Device \Driver\uscsc109 \Device\Scsi\uscsc1091 IRP_MJ_SET_INFORMATION 8962E558
Device \Driver\uscsc109 \Device\Scsi\uscsc1091 IRP_MJ_QUERY_EA 8962E558
Device \Driver\uscsc109 \Device\Scsi\uscsc1091 IRP_MJ_SET_EA 8962E558
Device \Driver\uscsc109 \Device\Scsi\uscsc1091 IRP_MJ_FLUSH_BUFFERS 8962E558
Device \Driver\uscsc109 \Device\Scsi\uscsc1091 IRP_MJ_QUERY_VOLUME_INFORMATION 8962E558
Device \Driver\uscsc109 \Device\Scsi\uscsc1091 IRP_MJ_SET_VOLUME_INFORMATION 8962E558
Device \Driver\uscsc109 \Device\Scsi\uscsc1091 IRP_MJ_DIRECTORY_CONTROL 8962E558
Device \Driver\uscsc109 \Device\Scsi\uscsc1091 IRP_MJ_FILE_SYSTEM_CONTROL 8962E558
Device \Driver\uscsc109 \Device\Scsi\uscsc1091 IRP_MJ_DEVICE_CONTROL 8962E558
Device \Driver\uscsc109 \Device\Scsi\uscsc1091 IRP_MJ_INTERNAL_DEVICE_CONTROL 87C71258
Device \Driver\uscsc109 \Device\Scsi\uscsc1091 IRP_MJ_SHUTDOWN 8962E558
Device \Driver\uscsc109 \Device\Scsi\uscsc1091 IRP_MJ_LOCK_CONTROL 8962E558
Device \Driver\uscsc109 \Device\Scsi\uscsc1091 IRP_MJ_CLEANUP 8962E558
Device \Driver\uscsc109 \Device\Scsi\uscsc1091 IRP_MJ_CREATE_MAILSLOT 8962E558
Device \Driver\uscsc109 \Device\Scsi\uscsc1091 IRP_MJ_QUERY_SECURITY 8962E558
Device \Driver\uscsc109 \Device\Scsi\uscsc1091 IRP_MJ_SET_SECURITY 8962E558
Device \Driver\uscsc109 \Device\Scsi\uscsc1091 IRP_MJ_POWER 8962E558
Device \Driver\uscsc109 \Device\Scsi\uscsc1091 IRP_MJ_SYSTEM_CONTROL 8962E558
Device \Driver\uscsc109 \Device\Scsi\uscsc1091 IRP_MJ_DEVICE_CHANGE 8962E558
Device \Driver\uscsc109 \Device\Scsi\uscsc1091 IRP_MJ_QUERY_QUOTA 8962E558
Device \Driver\uscsc109 \Device\Scsi\uscsc1091 IRP_MJ_SET_QUOTA 8962E558
Device \Driver\uscsc109 \Device\Scsi\uscsc1091 IRP_MJ_PNP 8962E558
Device \Driver\uscsc109 \Device\Scsi\uscsc1091Port4Path0Target4Lun0 IRP_MJ_CREATE 8962E558
Device \Driver\uscsc109 \Device\Scsi\uscsc1091Port4Path0Target4Lun0 IRP_MJ_CREATE_NAMED_PIPE 8962E558
Device \Driver\uscsc109 \Device\Scsi\uscsc1091Port4Path0Target4Lun0 IRP_MJ_CLOSE 8962E558
Device \Driver\uscsc109 \Device\Scsi\uscsc1091Port4Path0Target4Lun0 IRP_MJ_READ 8962E558
Device \Driver\uscsc109 \Device\Scsi\uscsc1091Port4Path0Target4Lun0 IRP_MJ_WRITE 8962E558
Device \Driver\uscsc109 \Device\Scsi\uscsc1091Port4Path0Target4Lun0 IRP_MJ_QUERY_INFORMATION 8962E558
Device \Driver\uscsc109 \Device\Scsi\uscsc1091Port4Path0Target4Lun0 IRP_MJ_SET_INFORMATION 8962E558
Device \Driver\uscsc109 \Device\Scsi\uscsc1091Port4Path0Target4Lun0 IRP_MJ_QUERY_EA 8962E558
Device \Driver\uscsc109 \Device\Scsi\uscsc1091Port4Path0Target4Lun0 IRP_MJ_SET_EA 8962E558
Device \Driver\uscsc109 \Device\Scsi\uscsc1091Port4Path0Target4Lun0 IRP_MJ_FLUSH_BUFFERS 8962E558
Device \Driver\uscsc109 \Device\Scsi\uscsc1091Port4Path0Target4Lun0 IRP_MJ_QUERY_VOLUME_INFORMATION 8962E558
Device \Driver\uscsc109 \Device\Scsi\uscsc1091Port4Path0Target4Lun0 IRP_MJ_SET_VOLUME_INFORMATION 8962E558
Device \Driver\uscsc109 \Device\Scsi\uscsc1091Port4Path0Target4Lun0 IRP_MJ_DIRECTORY_CONTROL 8962E558
Device \Driver\uscsc109 \Device\Scsi\uscsc1091Port4Path0Target4Lun0 IRP_MJ_FILE_SYSTEM_CONTROL 8962E558
Device \Driver\uscsc109 \Device\Scsi\uscsc1091Port4Path0Target4Lun0 IRP_MJ_DEVICE_CONTROL 8962E558
Device \Driver\uscsc109 \Device\Scsi\uscsc1091Port4Path0Target4Lun0 IRP_MJ_INTERNAL_DEVICE_CONTROL 87C71258
Device \Driver\uscsc109 \Device\Scsi\uscsc1091Port4Path0Target4Lun0 IRP_MJ_SHUTDOWN 8962E558
Device \Driver\uscsc109 \Device\Scsi\uscsc1091Port4Path0Target4Lun0 IRP_MJ_LOCK_CONTROL 8962E558
Device \Driver\uscsc109 \Device\Scsi\uscsc1091Port4Path0Target4Lun0 IRP_MJ_CLEANUP 8962E558
Device \Driver\uscsc109 \Device\Scsi\uscsc1091Port4Path0Target4Lun0 IRP_MJ_CREATE_MAILSLOT 8962E558
Device \Driver\uscsc109 \Device\Scsi\uscsc1091Port4Path0Target4Lun0 IRP_MJ_QUERY_SECURITY 8962E558
Device \Driver\uscsc109 \Device\Scsi\uscsc1091Port4Path0Target4Lun0 IRP_MJ_SET_SECURITY 8962E558
Device \Driver\uscsc109 \Device\Scsi\uscsc1091Port4Path0Target4Lun0 IRP_MJ_POWER 8962E558
Device \Driver\uscsc109 \Device\Scsi\uscsc1091Port4Path0Target4Lun0 IRP_MJ_SYSTEM_CONTROL 8962E558
Device \Driver\uscsc109 \Device\Scsi\uscsc1091Port4Path0Target4Lun0 IRP_MJ_DEVICE_CHANGE 8962E558
Device \Driver\uscsc109 \Device\Scsi\uscsc1091Port4Path0Target4Lun0 IRP_MJ_QUERY_QUOTA 8962E558
Device \Driver\uscsc109 \Device\Scsi\uscsc1091Port4Path0Target4Lun0 IRP_MJ_SET_QUOTA 8962E558
Device \Driver\uscsc109 \Device\Scsi\uscsc1091Port4Path0Target4Lun0 IRP_MJ_PNP 8962E558
Device \Driver\imagedrv \Device\Scsi\imagedrv1 IRP_MJ_CREATE 898CB1D8
Device \Driver\imagedrv \Device\Scsi\imagedrv1 IRP_MJ_CLOSE 898CB1D8
Device \Driver\imagedrv \Device\Scsi\imagedrv1 IRP_MJ_DEVICE_CONTROL 898CB1D8
Device \Driver\imagedrv \Device\Scsi\imagedrv1 IRP_MJ_INTERNAL_DEVICE_CONTROL 87C08D38
Device \Driver\imagedrv \Device\Scsi\imagedrv1 IRP_MJ_POWER 898CB1D8
Device \Driver\imagedrv \Device\Scsi\imagedrv1 IRP_MJ_SYSTEM_CONTROL 898CB1D8
Device \Driver\imagedrv \Device\Scsi\imagedrv1 IRP_MJ_PNP 898CB1D8
Device \Driver\imagedrv \Device\Scsi\imagedrv1Port3Path0Target0Lun0 IRP_MJ_CREATE 898CB1D8
Device \Driver\imagedrv \Device\Scsi\imagedrv1Port3Path0Target0Lun0 IRP_MJ_CLOSE 898CB1D8
Device \Driver\imagedrv \Device\Scsi\imagedrv1Port3Path0Target0Lun0 IRP_MJ_DEVICE_CONTROL 898CB1D8
Device \Driver\imagedrv \Device\Scsi\imagedrv1Port3Path0Target0Lun0 IRP_MJ_INTERNAL_DEVICE_CONTROL 87C08D38
Device \Driver\imagedrv \Device\Scsi\imagedrv1Port3Path0Target0Lun0 IRP_MJ_POWER 898CB1D8
Device \Driver\imagedrv \Device\Scsi\imagedrv1Port3Path0Target0Lun0 IRP_MJ_SYSTEM_CONTROL 898CB1D8
Device \Driver\imagedrv \Device\Scsi\imagedrv1Port3Path0Target0Lun0 IRP_MJ_PNP 898CB1D8
Device \FileSystem\Cdfs \Cdfs IRP_MJ_CREATE 87CD51D8
Device \FileSystem\Cdfs \Cdfs IRP_MJ_CLOSE 87CD51D8
Device \FileSystem\Cdfs \Cdfs IRP_MJ_READ 87CD51D8
Device \FileSystem\Cdfs \Cdfs IRP_MJ_QUERY_INFORMATION 87CD51D8
Device \FileSystem\Cdfs \Cdfs IRP_MJ_SET_INFORMATION 87CD51D8
Device \FileSystem\Cdfs \Cdfs IRP_MJ_QUERY_VOLUME_INFORMATION 87CD51D8
Device \FileSystem\Cdfs \Cdfs IRP_MJ_DIRECTORY_CONTROL 87CD51D8
Device \FileSystem\Cdfs \Cdfs IRP_MJ_FILE_SYSTEM_CONTROL 87CD51D8
Device \FileSystem\Cdfs \Cdfs IRP_MJ_DEVICE_CONTROL 87CD51D8
Device \FileSystem\Cdfs \Cdfs IRP_MJ_SHUTDOWN 87CD51D8
Device \FileSystem\Cdfs \Cdfs IRP_MJ_LOCK_CONTROL 87CD51D8
Device \FileSystem\Cdfs \Cdfs IRP_MJ_CLEANUP 87CD51D8
Device \FileSystem\Cdfs \Cdfs IRP_MJ_PNP 87CD51D8

---- Files - GMER 1.0.12 ----

ADS C:\WINDOWS\system32\winlogon.bak:SummaryInformation
ADS C:\WINDOWS\system32\winlogon.bak:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}

---- EOF - GMER 1.0.12 ----


Windows Registry Editor Version 5.00

; Registry Search 2.0 by Bobbi Flekman © 2005
; Version: 2.0.2.0

; Results at 11.01.2007 16:24:39 for strings:
; 'shdef
scvhost
oreans32'
; Strings excluded from search:
; 'shdef
scvhost
oreans32'
; Search in:
; Registry Keys Registry Values Registry Data
; HKEY_LOCAL_MACHINE HKEY_USERS


; End Of The Log...

--

fehlt noch avenger ...mom klappt grad nicht

#8 kopiere mal in research nur: scvhost

ps: hast du den avenger angewendet ?
__________
MfG Sabina

rund um die PC-Sicherheit

#9 ja hab ich ...hier anvenger txt:

Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\extnqdwb

*******************

Script file located at: \??\C:\WINDOWS\system32\fbopphed.txt
Script file opened successfully.

Script file read successfully

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\oreans32 deleted successfully.


Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\oreans32 not found!
Deletion of registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\oreans32 failed!

Could not process line:
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\oreans32
Status: 0xc0000034

Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\oreans32 deleted successfully.


Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\oreans32 not found!
Deletion of registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\oreans32 failed!

Could not process line:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\oreans32
Status: 0xc0000034

Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_OREANS32 deleted successfully.
File C:\WINDOWS\nkit.dll deleted successfully.
File C:\WINDOWS\scvhost.exe deleted successfully.


File C:\WINDOWS\shdef.exe not found!
Deletion of file C:\WINDOWS\shdef.exe failed!

Could not process line:
C:\WINDOWS\shdef.exe
Status: 0xc0000034

File C:\WINDOWS\hkr32.asm deleted successfully.
File C:\WINDOWS\system32\drivers\oreans32.sys deleted successfully.
Registry value HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer|NoResolveSearch deleted successfully.

Completed script processing.

*******************

Finished! Terminate.//////////////////////////////////////////


Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\eygmcgqr

*******************

Script file located at: \??\C:\WINDOWS\iuerpgik.txt
Script file opened successfully.
--

und hier noch das ergebnis von research (nur scvhost eingegeben)

Windows Registry Editor Version 5.00

; Registry Search 2.0 by Bobbi Flekman © 2005
; Version: 2.0.2.0

; Results at 11.01.2007 17:00:23 for strings:
; 'scvhost'
; Strings excluded from search:
; 'scvhost'
; Search in:
; Registry Keys Registry Values Registry Data
; HKEY_LOCAL_MACHINE HKEY_USERS


; End Of The Log...

#10 scanne mit sophos (option 6 ) und poste den scanreport
http://virus-protect.org/artikel/tools/sdfix.html

wende auch die Restore_SecurityCenter.reg an (wie auf der seite erklaert)
+
starte den rechner neu
__________
MfG Sabina

rund um die PC-Sicherheit

#11 hey sabina....dann mal los.

der report von sophos:

Sophos Anti-Virus
Version 4.13.0 [Win32/Intel]
Virus data version 4.13, January 2007
Includes detection for 208784 viruses, trojans and worms
Copyright (c) 1989-2007 Sophos Plc, www.sophos.com

System time 14:53:53, System date 12 January 2007
Command line qualifiers are: -nb --stop-scan

IDE directory is: C:\SDFix\IDE


Quick Scanning

Password protected file C:\Programme\Adobe\Acrobat 7.0\Acrobat\WebSearch\WebSearchENU.pdf
Password protected file C:\Programme\Adobe\Acrobat 7.0\Reader\Messages\DEU\RdrMsgDEU.pdf
Password protected file C:\Programme\Adobe\Acrobat 7.0\Reader\Messages\DEU\read0600win_DEUyhoo0010.pdf
Password protected file C:\Programme\Adobe\Acrobat 7.0\Reader\Messages\ENU\RdrMsgENU.pdf
Password protected file C:\Programme\Adobe\Acrobat 7.0\Reader\Messages\ENU\read0600win_ENUyhoo0010.pdf
Password protected file C:\Programme\Adobe\Acrobat 7.0\Reader\Messages\RdrMsgSplash.pdf
Password protected file C:\Programme\Adobe\Acrobat 7.0\Reader\WebSearch\WebSearchENU.pdf

2 boot sectors swept.
17813 files swept in 10 minutes and 3 seconds.
7 errors were encountered.
No viruses were discovered.
7 encrypted files were not checked.
Ending Sophos Anti-Virus.


--

die sache mit dem registry_securitycenter.reg finde ich wo?
danke und gruß

bjoern

#12 (findet man im Ordner C:\SDFix\apps)



dann starte den rechner neu

»»
poste dieses log
http://virus-protect.org/registry_stuff.html
__________
MfG Sabina

rund um die PC-Sicherheit

#13 hier der log...dieser ordner "apps" existiert bei mir nicht.

doesn't exist HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile
doesn't exist HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Policies\System
doesn't exist HKEY_LOCAL_MACHINE\SSYSTEM\CurrentControlSet\Services\windowsnetwork
doesn't exist HKEY_CURRENT_USER\SYSTEM\CurrentControlSet\Control\Lsa
doesn't exist HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate
doesn't exist HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile
-----------------------
-----------------------
REGEDIT4

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess]
"Type"=dword:00000020
"Start"=dword:00000002
"ErrorControl"=dword:00000001
"ImagePath"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,53,79,73,74,65,6d,33,\
32,5c,73,76,63,68,6f,73,74,2e,65,78,65,20,2d,6b,20,6e,65,74,73,76,63,73,00
"DisplayName"="Windows-Firewall/Gemeinsame Nutzung der Internetverbindung"
"DependOnService"=hex(7):4e,65,74,6d,61,6e,00,57,69,6e,4d,67,6d,74,00,00
"DependOnGroup"=hex(7):00
"ObjectName"="LocalSystem"
"Description"="Bietet allen Computern in Privat- und Kleinunternehmensnetzwerken Dienste für die Netzwerkadressübersetzung, Adressierung, Namensauflösung und Eindringsschutz."

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch]
"Epoch"=dword:000013c6

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters]
"ServiceDll"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,53,79,73,74,65,6d,\
33,32,5c,69,70,6e,61,74,68,6c,70,2e,64,6c,6c,00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Programme\\Microsoft ActiveSync\\rapimgr.exe"="C:\\Programme\\Microsoft ActiveSync\\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager"
"C:\\Programme\\Microsoft ActiveSync\\wcescomm.exe"="C:\\Programme\\Microsoft ActiveSync\\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager"
"C:\\Programme\\Microsoft ActiveSync\\WCESMgr.exe"="C:\\Programme\\Microsoft ActiveSync\\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP"="139:TCP:*:Enabled:@xpsp2res.dll,-22004"
"445:TCP"="445:TCP:*:Enabled:@xpsp2res.dll,-22005"
"137:UDP"="137:UDP:*:Enabled:@xpsp2res.dll,-22001"
"138:UDP"="138:UDP:*:Enabled:@xpsp2res.dll,-22002"
"26675:TCP"="26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Dokumente und Einstellungen\\word\\Desktop\\Nefarian_DE-downloader.exe"="C:\\Dokumente und Einstellungen\\word\\Desktop\\Nefarian_DE-downloader.exe:*:Enabled:Blizzard Downloader"
"C:\\Programme\\Microsoft ActiveSync\\rapimgr.exe"="C:\\Programme\\Microsoft ActiveSync\\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager"
"C:\\Programme\\Microsoft ActiveSync\\wcescomm.exe"="C:\\Programme\\Microsoft ActiveSync\\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager"
"C:\\Programme\\Microsoft ActiveSync\\WCESMgr.exe"="C:\\Programme\\Microsoft ActiveSync\\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application"
"C:\\Programme\\ICQLite\\ICQLite.exe"="C:\\Programme\\ICQLite\\ICQLite.exe:*:Enabled:ICQ Lite"
"C:\\Programme\\Skype\\Phone\\Skype.exe"="C:\\Programme\\Skype\\Phone\\Skype.exe:*:Enabled:Skype"
"C:\\Programme\\BitTorrent\\bittorrent.exe"="C:\\Programme\\BitTorrent\\bittorrent.exe:*:Enabled:BitTorrent"
"C:\\WINDOWS\\system32\\vssms32.exe"="C:\\WINDOWS\\system32\\vssms32.exe:*:Enablednode"
"C:\\Programme\\Azureus\\Azureus.exe"="C:\\Programme\\Azureus\\Azureus.exe:*:Enabled:Azureus"
"C:\\Valve\\Condition Zero\\czero.exe"="C:\\Valve\\Condition Zero\\czero.exe:*:Enabled:Condition Zero Launcher"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP"="139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004"
"445:TCP"="445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005"
"137:UDP"="137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001"
"138:UDP"="138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002"
"26675:TCP"="26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service"
"1900:UDP"="1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007"
"2869:TCP"="2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum]
"0"="Root\\LEGACY_SHAREDACCESS\\0000"
"Count"=dword:00000001
"NextInstance"=dword:00000001


[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wscsvc]
"Type"=dword:00000020
"Start"=dword:00000002
"ErrorControl"=dword:00000001
"ImagePath"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,53,79,73,74,65,6d,33,\
32,5c,73,76,63,68,6f,73,74,2e,65,78,65,20,2d,6b,20,6e,65,74,73,76,63,73,00
"DisplayName"="Sicherheitscenter"
"DependOnService"=hex(7):52,70,63,53,73,00,77,69,6e,6d,67,6d,74,00,00
"ObjectName"="LocalSystem"
"Description"="Überwacht Systemsicherheitseinstellungen und -konfigurationen."

#14 moartone

Information: vssms32.exe
http://virus-protect.org/virus/vssms32.html
______________________________________________

Gehe in die registry
Start - Ausfuehren - regedit

klicke dich durch zum Schluessel;

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSetControl\SafeBoot

minimal.xxx -> minimal
rechtsklick auf diesen Schlusessel und umbenennen in: minimal (also, die xxx muessen raus, falls sie vorhanden sind !)

network.xxx -> network
rechtsklick auf diesen Schlusessel und umbenennen in: network (also, die xxx muessen raus, falls sie vorhanden sind !)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall"=dword:00000000 - auf 1 stellen und somit die XP-Firewall aktivieren


------------------------------------------------

avenger

Zitat

Registry values to delete:
HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List|C:\WINDOWS\system32\vssms32.exe

Files to delete:
C:\WINDOWS\system32\vssms32.exe

»»
scanne und poste den scanreport
http://virus-protect.org/cureit.html

_____

was ist das (findest du auf dem Desktop) - Nefarian_DE-downloader.exe ??
__________
MfG Sabina

rund um die PC-Sicherheit

#15 hey...

also in der reg habe ich minimal. und network. umbenannnt.
hier ist der bericht von dr.web:
-----------------------------

[Prüfpfad] C:\
C:\Dokumente und Einstellungen\LocalService\NTUSER.DAT - Lesefehler
C:\Dokumente und Einstellungen\LocalService\NTUSER~1.LOG - Lesefehler
C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\Microsoft\Windows\UsrClass.dat - Lesefehler
C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\Microsoft\Windows\USRCLA~1.LOG - Lesefehler
C:\Dokumente und Einstellungen\NetworkService\NTUSER.DAT - Lesefehler
C:\Dokumente und Einstellungen\NetworkService\NTUSER~1.LOG - Lesefehler
C:\Dokumente und Einstellungen\NetworkService\Lokale Einstellungen\Anwendungsdaten\Microsoft\Windows\UsrClass.dat - Lesefehler
C:\Dokumente und Einstellungen\NetworkService\Lokale Einstellungen\Anwendungsdaten\Microsoft\Windows\USRCLA~1.LOG - Lesefehler
C:\Dokumente und Einstellungen\word\NTUSER.DAT - Lesefehler
C:\Dokumente und Einstellungen\word\NTUSER~1.LOG - Lesefehler
C:\Dokumente und Einstellungen\word\Anwendungsdaten\Mozilla\Firefox\Profiles\c3jebj6p.default\parent.lock - Lesefehler
C:\Dokumente und Einstellungen\word\Lokale Einstellungen\Anwendungsdaten\Ahead\Nero Home\bl.db-journal - Lesefehler
C:\Dokumente und Einstellungen\word\Lokale Einstellungen\Anwendungsdaten\Ahead\Nero Home\is2.db-journal - Lesefehler
C:\Dokumente und Einstellungen\word\Lokale Einstellungen\Anwendungsdaten\Microsoft\Windows\UsrClass.dat - Lesefehler
C:\Dokumente und Einstellungen\word\Lokale Einstellungen\Anwendungsdaten\Microsoft\Windows\USRCLA~1.LOG - Lesefehler
C:\Dokumente und Einstellungen\word\Lokale Einstellungen\Temp\Perflib_Perfdata_2ec.dat - Lesefehler
C:\Dokumente und Einstellungen\word\Lokale Einstellungen\Temp\~DFE181.tmp - Lesefehler
C:\Programme\WLAN Quick-Starter\WLAN Quick-Starter.exe möglicherweise infiziert mit BACKDOOR.Trojan
C:\SDFix\apps\Process.exe ist ein Hacktool Tool.Prockill
>C:\System Volume Information\_restore{554C27F2-0B61-4B60-B366-7A7C69C70BB0}\RP81\A0029404.dll>C:\System Volume Information\_restore{554C27F2-0B61-4B60-B366-7A7C69C70BB0}\RP81\A0029405.dllC:\WINDOWS\system32\config\default - Lesefehler
C:\WINDOWS\system32\config\default.LOG - Lesefehler
C:\WINDOWS\system32\config\SAM - Lesefehler
C:\WINDOWS\system32\config\SAM.LOG - Lesefehler
C:\WINDOWS\system32\config\SECURITY - Lesefehler
C:\WINDOWS\system32\config\SECURITY.LOG - Lesefehler
C:\WINDOWS\system32\config\software - Lesefehler
C:\WINDOWS\system32\config\software.LOG - Lesefehler
C:\WINDOWS\system32\config\system - Lesefehler
C:\WINDOWS\system32\config\system.LOG - Lesefehler
C:\WINDOWS\system32\drivers\sptd.sys - Lesefehler

diese nefarian exe hab ich soweit ich weiss von einem online spiel...müsste ein patch gewesen sein.

lg
bjoern