Trojaner bei Neustart des PC´s |
||
|---|---|---|
| #0
| ||
|
27.03.2007, 23:22
...neu hier
Beiträge: 6 |
||
 
|
|
|
|
28.03.2007, 07:40
Member
 Beiträge: 694 |
#2
Hallo,
«« http://virus-protect.org/lspfix.html - hake an: "I know what Im doing" -- Remove - und lösche die newdotnet7_48.dll (eventuell musst du die dll von links nach rechts bringen) + Remove «« Download TrendMicro's Rootkit Buster - Double-click RootkitBuster.exe - TMRB.Log - hier posten http://www.trendmicro.com/ftp/products/rootkitbuster/RootkitBusterv1.6-1055.zip ------------------------------------------------------- bitte noch folgende Files posten (außer Hijackthis): Zitat http://board.protecus.de/t23188.htmGruß, Chris |
|
|
|
|
|
|
28.03.2007, 19:13
...neu hier
Themenstarter Beiträge: 6 |
#3
Zitat Chris4You posteteHallo Chris, Vielen Dank. Die Datei newdotnet7_48.dll ist nicht vorhanden. Hier nun aber die Logs: +---------------------------------------------------- | Trend Micro RootkitBuster 1.6 Beta. | Module version: 1.6.0.1052 +---------------------------------------------------- --== Dump Hidden File on C:\ ==-- No hidden files found. --== Dump Hidden Registry Value on HKLM ==-- No hidden registry entries found. --== Dump Hidden Process ==-- No hidden processes found. --== Dump Hidden Driver ==-- No hidden drivers found. --------------------------------------------------------------- Volume in Laufwerk C: hat keine Bezeichnung. Volumeseriennummer: A0C9-E2DF Verzeichnis von C:\WINDOWS\system32 28.03.2007 18:49 355.602 OODBS.lor 27.03.2007 22:40 2.206 wpa.dbl 26.03.2007 22:50 452.308 perfh009.dat 26.03.2007 22:50 66.496 perfc009.dat 26.03.2007 22:50 469.254 perfh007.dat 26.03.2007 22:50 80.142 perfc007.dat 26.03.2007 22:50 1.080.712 PerfStringBackup.INI 26.03.2007 19:26 507.392 winlogon.exe 26.03.2007 19:26 82.944 ws2_32.dll 23.03.2007 11:57 0 2_exception.nls 23.03.2007 11:14 108.144 CmdLineExt.dll 15.03.2007 18:19 1.476.992 LegitCheckControl.dll 11.03.2007 00:21 16.832 amcompat.tlb 11.03.2007 00:21 23.392 nscompat.tlb 07.03.2007 22:36 12.619.736 MRT.exe 17.02.2007 13:13 122.142 TZLog.log 10.02.2007 16:06 312.288 FNTCACHE.DAT 10.02.2007 16:05 90 spupdwxp.log 29.01.2007 10:58 60.416 tzchange.exe 25.01.2007 14:52 617.472 urlmon.dll 24.01.2007 20:27 208.896 wpcap.dll 24.01.2007 20:27 53.299 pthreadVC.dll 24.01.2007 20:27 57.344 packet.dll 23.01.2007 22:17 6.835 Clock.log 23.01.2007 22:17 3.784 ScreensaverManager.log 23.01.2007 22:17 7.170 Discovery.log 23.01.2007 22:16 10.943 Watermill.log 23.01.2007 21:30 546.304 hhctrl.ocx 04.01.2007 15:41 664.576 wininet.dll 04.01.2007 15:41 474.624 shlwapi.dll 04.01.2007 15:41 1.494.528 shdocvw.dll 04.01.2007 15:41 532.480 mstime.dll 04.01.2007 15:41 39.424 pngfilt.dll 04.01.2007 15:40 146.432 msrating.dll 04.01.2007 15:40 448.512 mshtmled.dll 04.01.2007 15:40 3.077.632 mshtml.dll 04.01.2007 15:40 96.768 inseng.dll 04.01.2007 15:40 16.384 jsproxy.dll 04.01.2007 15:40 251.392 iepeers.dll 04.01.2007 15:40 1.056.256 danim.dll 04.01.2007 15:40 357.888 dxtmsft.dll 04.01.2007 15:40 205.312 dxtrans.dll 04.01.2007 15:40 55.808 extmgr.dll 04.01.2007 15:40 152.064 cdfview.dll 04.01.2007 15:40 1.023.488 browseui.dll 04.01.2007 13:52 123.392 xpsp3res.dll 19.12.2006 23:49 135.168 shsvcs.dll 19.12.2006 23:49 8.494.592 shell32.dll 19.12.2006 20:21 2.059.904 ntkrnlpa.exe 19.12.2006 20:21 2.182.656 ntoskrnl.exe 19.12.2006 20:17 334.336 wiaservc.dll 10.12.2006 14:10 16.176 spmsg.dll 08.12.2006 13:02 251.672 xactengine2_5.dll 04.12.2006 15:21 414.720 msscp.dll 29.11.2006 14:06 3.426.072 d3dx9_32.dll 27.11.2006 16:54 433.152 riched20.dll 27.11.2006 16:54 539.136 msftedit.dll 23.11.2006 19:47 8.891 jupdate-1.5.0_09-b03.log 15.11.2006 12:38 15.128 x3daudio1_1.dll 08.11.2006 07:06 679.424 inetcomm.dll 04.11.2006 15:14 1.245.696 msxml4.dll 03.11.2006 10:56 99.840 SET372.tmp 02.11.2006 12:51 43.008 wpdshextres.dll 01.11.2006 21:17 927.504 mfc40u.dll 20.10.2006 03:38 715.776 sxs.dll 18.10.2006 22:58 8.704 wdfmgr.exe 18.10.2006 22:58 8.704 uwdf.exe 18.10.2006 22:47 356.352 wpdsp.dll 18.10.2006 22:47 656.896 WMVXENCD.dll 18.10.2006 22:47 767.488 WMVSENCD.dll 18.10.2006 22:47 629.760 wpd_ci.dll 18.10.2006 22:47 4.096 wmvdmod.dll 18.10.2006 22:47 1.543.680 WMVDECOD.dll 18.10.2006 22:47 133.632 WPDShServiceObj.dll 18.10.2006 22:47 4.096 WMVADVE.DLL 18.10.2006 22:47 4.096 WMVADVD.dll 18.10.2006 22:47 1.382.912 WMVSDECD.dll 18.10.2006 22:47 35.840 wpdconns.dll 18.10.2006 22:47 1.329.152 WMSPDMOE.dll 18.10.2006 22:47 63.488 wpdmtpus.dll 18.10.2006 22:47 1.574.912 WMVENCOD.dll 18.10.2006 22:47 603.648 WMSPDMOD.dll 18.10.2006 22:47 2.603.008 WpdShext.dll 18.10.2006 22:47 4.096 wmvdmoe2.dll 18.10.2006 22:47 4.096 wmsdmoe2.dll 18.10.2006 22:47 4.096 wmsdmod.dll 18.10.2006 22:47 2.450.944 wmvcore.dll 18.10.2006 22:47 154.624 wpdmtp.dll 18.10.2006 22:47 157.184 wmidx.dll 18.10.2006 22:47 937.984 wmnetmgr.dll 18.10.2006 22:47 535.040 wmdrmsdk.dll 18.10.2006 22:47 348.672 wmdrmnet.dll 18.10.2006 22:47 937.984 SET32A.tmp 18.10.2006 22:47 222.208 SET325.tmp 18.10.2006 22:47 211.456 qasf.dll 18.10.2006 22:47 132.096 PortableDeviceWiaCompat.dll 18.10.2006 22:47 166.912 PortableDeviceTypes.dll 18.10.2006 22:47 101.888 PortableDeviceClassExtension.dll 18.10.2006 22:47 284.160 PortableDeviceApi.dll 18.10.2006 22:47 429.056 wmdrmdev.dll 18.10.2006 22:47 37.376 wmdmps.dll 18.10.2006 22:47 33.792 wmdmlog.dll 18.10.2006 22:47 222.208 wmasf.dll 18.10.2006 22:47 1.117.696 WMADMOE.dll 18.10.2006 22:47 757.248 WMADMOD.dll 18.10.2006 22:47 4.096 wdfapi.dll 18.10.2006 22:47 199.168 PortableDeviceWMDRM.dll 18.10.2006 22:47 321.536 mswmdm.dll 18.10.2006 22:47 27.136 mspmsnsv.dll 18.10.2006 22:47 179.712 msnetobj.dll 18.10.2006 22:47 175.616 mspmsp.dll 18.10.2006 22:47 317.440 MP4SDECD.dll 18.10.2006 22:47 4.096 MP4SDMOD.dll 18.10.2006 22:47 4.096 MPG4DMOD.dll 18.10.2006 22:47 259.072 MP43DECD.dll 18.10.2006 22:47 212.992 MFPLAT.dll 18.10.2006 22:47 4.096 MP43DMOD.dll 18.10.2006 22:47 11.264 LAPRXY.dll 18.10.2006 22:47 259.072 MPG4DECD.dll 18.10.2006 22:47 542.720 blackbox.dll 18.10.2006 22:47 991.744 drmv2clt.dll 18.10.2006 22:47 229.376 cewmdm.dll 18.10.2006 22:47 276.992 audiodev.dll 18.10.2006 21:03 100.864 logagent.exe 18.10.2006 21:00 249.856 drmupgds.exe 18.10.2006 21:00 17.408 wpdshextautoplay.exe 16.10.2006 18:15 126.976 oledlg.dll 14.10.2006 10:13 981.760 mfc42u.dll 13.10.2006 14:35 65.536 nwwks.dll 13.10.2006 14:35 146.432 nwprovau.dll 13.10.2006 14:35 64.000 nwapi32.dll 12.10.2006 23:29 7.182 Christmas.log 12.10.2006 04:10 127.078 javaws.exe 12.10.2006 04:10 49.265 jpicpl32.cpl 12.10.2006 02:35 53.346 javaw.exe 12.10.2006 02:35 49.248 java.exe 02.10.2006 16:28 312.128 msdelta.dll ------------------------------------------- Volume in Laufwerk C: hat keine Bezeichnung. Volumeseriennummer: A0C9-E2DF 28.03.2007 18:55 150.960 jusched.log 28.03.2007 18:48 32.768 ~DFE1E1.tmp 28.03.2007 18:47 926 TWAIN.LOG 28.03.2007 18:47 4 Twain001.Mtx 28.03.2007 18:47 156 Twunk001.MTX 27.03.2007 09:19 409 WGANotify.settings 26.03.2007 23:59 5.832.704 ~DF2FB6.tmp 26.03.2007 19:19 0 rkzn87od.exe 26.03.2007 13:33 4.065 jupdate1.5.0.xml 25.03.2007 22:29 2.277.376 Urlaubskatalog-undo.psa 25.03.2007 22:28 64 Urlaubskatalog-undo.ldb 25.03.2007 16:55 0 0wy3D3.tmp 25.03.2007 16:46 0 xe124C.tmp 24.03.2007 19:43 0 Twunk002.MTX 24.03.2007 12:57 832 java_install_reg.log 23.03.2007 23:43 229 wecerr.txt 23.03.2007 23:43 415 FRONTPG.log 23.03.2007 22:45 0 bz2fqczw.zip 23.03.2007 22:44 0 nlm8z9ob.zip 23.03.2007 12:52 0 nmsBA4.tmp 23.03.2007 11:14 65.536 drm_dialogs.dll 23.03.2007 11:14 208.896 drm_dyndata_7310011.dll 22.03.2007 16:51 0 8dv249.tmp 22.03.2007 11:34 0 r17104D.tmp 22.03.2007 11:34 0 6b1104B.tmp 22.03.2007 11:34 0 8qu104A.tmp 22.03.2007 11:34 0 7msF35.tmp 22.03.2007 11:33 0 j0xEA7.tmp 21.03.2007 23:46 512 IH1357.tmp 21.03.2007 23:46 512 IH1323.tmp 21.03.2007 23:43 0 gy2134B.tmp 21.03.2007 23:42 0 qak1312.tmp 21.03.2007 19:29 12.818 control.xml 21.03.2007 11:23 0 pz9f5hg5.exe 21.03.2007 11:22 0 7dpB5C.tmp 21.03.2007 11:22 0 kvpB5B.tmp 21.03.2007 09:35 3.441.638 bondanime_com_sxyss-2.wmv 21.03.2007 09:33 6.591.394 bondanime_com_tlk-2.wmv 21.03.2007 09:31 2.985.227 tied_up_tanned_anime_brunette_fucked_at_bondanime.wmv 19.03.2007 23:22 0 0ou738.tmp 18.03.2007 23:03 0 fla82C.tmp 12.03.2007 11:52 0 o4enx22r.exe 12.03.2007 09:41 0 4924938q.exe 11.03.2007 16:43 0 y8m126E.tmp 11.03.2007 16:40 0 dw711E0.tmp 11.03.2007 15:39 0 flaEE9.tmp 11.03.2007 15:04 0 fla9D2.tmp 11.03.2007 14:23 3.894 qtplugin.log 10.03.2007 15:59 0 flaEDA.tmp 10.03.2007 15:25 0 stv283.tmp 08.02.2007 13:02 132.792 GLF8E0GLF8E0.EXE 20.01.2007 03:46 455.600 _is459.exe 10.05.2006 11:06 123.023 GLF903GLF903.EXE 28.01.2005 15:23 827.392 setup_wm.exe 12.10.2004 11:14 57.344 InstHelp.dll 55 Datei(en) 23.207.486 Bytes 0 Verzeichnis(se), 9.170.882.560 Bytes frei -------------------------------- Volume in Laufwerk C: hat keine Bezeichnung. Volumeseriennummer: A0C9-E2DF Verzeichnis von C:\WINDOWS 28.03.2007 18:55 1.657.100 WindowsUpdate.log 28.03.2007 18:50 0 0.log 28.03.2007 18:50 159 wiadebug.log 28.03.2007 18:50 0 wiaservc.log 28.03.2007 18:50 2.048 bootstat.dat 28.03.2007 18:48 32.626 SchedLgU.Txt 28.03.2007 18:48 7.948 resetlog.txt 27.03.2007 09:21 13.298 iis6.log 27.03.2007 09:21 4.117 comsetup.log 27.03.2007 09:21 5.642 tsoc.log 27.03.2007 09:21 1.374 imsins.log 27.03.2007 09:21 2.494 ntdtcsetup.log 27.03.2007 09:21 684 ocmsn.log 27.03.2007 09:21 622 tabletoc.log 27.03.2007 09:21 8.791 KB929399.log 27.03.2007 09:21 850 MedCtrOC.log 27.03.2007 09:21 618 msgsocm.log 27.03.2007 09:21 5.832 ocgen.log 27.03.2007 09:21 2.166 netfxocm.log 27.03.2007 09:21 12.368 FaxSetup.log 27.03.2007 09:21 3.754 msmqinst.log 27.03.2007 09:21 45.334 setupapi.log 27.03.2007 09:20 1.374 imsins.BAK 27.03.2007 09:20 11.991 KB929338.log 27.03.2007 09:18 0 setuperr.log 27.03.2007 09:18 0 setupact.log 26.03.2007 22:25 192 winamp.ini 25.03.2007 22:28 54.156 QTFont.qfn 24.03.2007 19:59 724 win.ini 24.03.2007 18:56 229 NeroDigital.ini 23.03.2007 19:02 459 IE4 Error Log.txt 23.03.2007 00:18 3.523 wmsetup.log 23.03.2007 00:18 493 wmsetup10.log 23.03.2007 00:09 198.400 DirectX.log 13.02.2007 21:37 1.409 QTFont.for 10.02.2007 16:07 1.510 OEWABLog.txt 10.02.2007 16:06 316.640 WMSysPr9.prx 09.02.2007 08:59 1.817 sbconfig.dat 23.01.2007 22:15 283 homeDVD-Fotos4_5_dlx.INI 12.12.2006 09:43 183.808 NDNuninstall7_48.exe 13.10.2006 22:14 114.754 WANM0328.JPG ------------------------------------ Volume in Laufwerk C: hat keine Bezeichnung. Volumeseriennummer: A0C9-E2DF Verzeichnis von C:\WINDOWS\Temp 28.03.2007 18:48 16.384 Perflib_Perfdata_dd0.dat 28.03.2007 11:12 255 WGAErrLog.txt 27.03.2007 22:46 409 WGANotify.settings 26.03.2007 19:13 3.608.306 IHB9E.tmp 26.03.2007 18:43 0 exp7A.tmp 25.03.2007 13:46 0 exp79.tmp 24.03.2007 12:32 0 exp78.tmp 22.03.2007 23:47 0 exp40E.tmp 21.03.2007 22:54 0 exp77.tmp 21.03.2007 19:29 9.462.149 IH20.tmp 20.03.2007 21:17 0 exp76.tmp 19.03.2007 19:11 0 exp109D.tmp 18.03.2007 18:36 0 exp1044.tmp 17.03.2007 18:28 0 exp75.tmp 15.03.2007 23:13 0 exp74.tmp 14.03.2007 10:12 0 exp7E1.tmp 13.03.2007 09:38 0 exp73.tmp 12.03.2007 09:04 0 exp72.tmp 10.03.2007 23:29 0 expCF7.tmp 09.03.2007 22:55 0 exp71.tmp 08.03.2007 22:33 0 expA04.tmp 07.03.2007 22:10 0 exp70.tmp 06.03.2007 21:33 0 exp52E.tmp 05.03.2007 20:39 0 exp6F.tmp 04.03.2007 20:12 0 exp6E.tmp 03.03.2007 20:11 0 exp6C.tmp 02.03.2007 11:56 0 expA26.tmp 01.03.2007 10:58 0 exp6B.tmp 28.02.2007 10:55 0 exp6A.tmp 27.02.2007 10:55 0 exp69.tmp 25.02.2007 09:44 0 exp68.tmp 23.02.2007 22:36 0 exp67.tmp 22.02.2007 16:22 0 exp66.tmp 21.02.2007 09:36 0 exp65.tmp 19.02.2007 13:41 0 exp98.tmp 18.02.2007 13:24 0 exp64.tmp 17.02.2007 10:52 0 exp63.tmp 15.02.2007 20:32 0 exp62.tmp 14.02.2007 19:22 0 exp61.tmp 13.02.2007 17:21 0 exp1760.tmp 11.02.2007 13:59 0 exp60.tmp 09.02.2007 21:40 0 exp5F.tmp 08.02.2007 18:30 0 exp5E.tmp 07.02.2007 17:47 0 exp5D.tmp 06.02.2007 15:46 0 exp5C.tmp 05.02.2007 11:57 0 exp5B.tmp 03.02.2007 22:23 0 exp5A.tmp 02.02.2007 10:57 0 exp59.tmp 01.02.2007 10:19 0 exp58.tmp 30.01.2007 23:30 0 exp9AD.tmp 29.01.2007 22:49 0 exp12AB.tmp 28.01.2007 22:42 0 exp615.tmp 27.01.2007 22:36 0 exp57.tmp 26.01.2007 20:42 0 exp526.tmp 25.01.2007 19:58 0 exp25D.tmp 24.01.2007 19:11 0 exp55.tmp 23.01.2007 15:38 0 exp8B6.tmp 22.01.2007 14:23 0 exp54.tmp 21.01.2007 13:20 0 exp94D.tmp 20.01.2007 13:05 0 exp53.tmp 19.01.2007 10:41 0 expC014.tmp 18.01.2007 09:43 0 exp52.tmp 17.01.2007 00:02 0 exp1C1.tmp 15.01.2007 23:03 0 exp777.tmp 14.01.2007 22:36 0 exp51.tmp 13.01.2007 21:27 0 exp19C.tmp 12.01.2007 20:28 0 exp5F2.tmp 11.01.2007 19:29 0 exp50.tmp 10.01.2007 16:54 0 exp4F.tmp 09.01.2007 14:27 0 exp56.tmp 08.01.2007 14:13 0 exp4E.tmp 07.01.2007 14:05 0 exp4D.tmp 05.01.2007 23:23 0 exp2861.tmp 04.01.2007 23:16 0 exp4DC.tmp 03.01.2007 22:46 0 exp1167.tmp 02.01.2007 22:14 0 exp1736.tmp 01.01.2007 21:44 0 expAA6.tmp 31.12.2006 21:05 0 exp803.tmp 30.12.2006 20:27 0 exp4C.tmp 29.12.2006 19:24 0 exp24A3.tmp 28.12.2006 19:24 0 exp4B.tmp 28.12.2006 18:07 0 NSF1E.tmp 27.12.2006 17:09 0 exp4A.tmp 26.12.2006 12:37 0 exp49.tmp 25.12.2006 12:29 0 exp48.tmp 23.12.2006 22:38 0 exp1329.tmp 22.12.2006 22:02 0 expF19.tmp 21.12.2006 21:06 0 exp97E.tmp 20.12.2006 20:56 0 expAC.tmp 19.12.2006 20:03 0 exp47.tmp 18.12.2006 18:10 0 exp46.tmp 17.12.2006 01:43 0 exp1AC8.tmp 16.12.2006 00:51 0 exp45.tmp 14.12.2006 21:28 0 exp43.tmp 13.12.2006 17:26 0 exp42.tmp 12.12.2006 14:26 0 exp41.tmp 11.12.2006 14:09 0 exp40.tmp 10.12.2006 10:15 0 exp3F.tmp 08.12.2006 22:59 0 exp3E.tmp 07.12.2006 18:56 0 exp3D.tmp 06.12.2006 12:41 0 exp3C.tmp 05.12.2006 08:17 0 exp3B.tmp 04.12.2006 05:20 0 exp3A.tmp 02.12.2006 23:52 0 exp18EA.tmp 01.12.2006 23:18 0 expD35.tmp 30.11.2006 23:11 0 exp2B97.tmp 29.11.2006 22:47 0 exp88F.tmp 28.11.2006 22:41 0 exp39.tmp 27.11.2006 20:32 0 exp38.tmp 26.11.2006 20:18 0 exp2C9.tmp 25.11.2006 19:30 0 exp37.tmp 24.11.2006 13:54 0 exp14ED.tmp 23.11.2006 13:51 0 exp36.tmp 22.11.2006 12:02 0 exp35.tmp 21.11.2006 10:49 0 exp34.tmp 19.11.2006 22:48 0 exp1CE0.tmp 18.11.2006 21:58 0 exp1546.tmp 17.11.2006 21:08 0 exp609.tmp 16.11.2006 20:56 0 exp33.tmp 15.11.2006 18:23 0 exp96.tmp 14.11.2006 17:31 0 exp32.tmp 12.11.2006 23:02 0 exp44.tmp 11.11.2006 22:08 0 exp31.tmp 10.11.2006 21:35 0 exp30.tmp 09.11.2006 18:28 0 exp2F.tmp 07.11.2006 23:13 0 exp2E.tmp 06.11.2006 19:06 0 exp2D.tmp 05.11.2006 15:43 0 exp2C.tmp 03.11.2006 23:01 0 exp9FD.tmp 02.11.2006 22:49 0 exp737.tmp 01.11.2006 22:46 0 exp155C.tmp 31.10.2006 22:12 0 exp2B.tmp 30.10.2006 15:57 0 exp2A.tmp 29.10.2006 00:14 0 exp29.tmp 27.10.2006 23:28 0 exp270B.tmp 26.10.2006 22:53 0 exp435.tmp 25.10.2006 22:06 0 exp28.tmp 24.10.2006 15:57 0 exp27.tmp 23.10.2006 09:47 0 exp26.tmp 21.10.2006 13:55 0 exp25.tmp 20.10.2006 09:40 0 exp24.tmp 19.10.2006 09:05 0 exp23.tmp 18.10.2006 08:05 0 exp22.tmp 16.10.2006 22:17 0 exp21.tmp 15.10.2006 19:10 0 exp177.tmp 14.10.2006 18:35 0 exp1F.tmp 13.10.2006 18:17 0 exp1E.tmp 12.10.2006 14:17 0 exp1D.tmp 11.10.2006 11:21 0 exp1AA.tmp 10.10.2006 10:38 0 expF.tmp 08.10.2006 19:47 0 exp10.tmp 06.10.2006 16:23 0 exp20.tmp 05.10.2006 08:06 0 exp1C.tmp 03.10.2006 23:29 0 exp15F3.tmp 02.10.2006 22:38 0 exp1B.tmp 01.10.2006 22:21 0 exp90E.tmp 30.09.2006 21:48 0 exp151.tmp 29.09.2006 21:14 0 exp1A.tmp 27.09.2006 11:27 0 exp19.tmp 26.09.2006 10:25 0 exp18.tmp 25.09.2006 08:50 0 exp17.tmp 24.09.2006 07:02 0 exp16.tmp 22.09.2006 20:37 0 exp6D.tmp 21.09.2006 18:18 0 exp15.tmp 20.09.2006 08:00 0 exp14.tmp 18.09.2006 22:19 0 exp13.tmp 17.09.2006 21:13 0 exp12.tmp 16.09.2006 14:21 0 exp11.tmp 168 Datei(en) 13.087.503 Bytes 0 Verzeichnis(se), 9.170.825.216 Bytes frei ------------------------- Volume in Laufwerk C: hat keine Bezeichnung. Volumeseriennummer: A0C9-E2DF Verzeichnis von C:\WINDOWS\Downloaded Program Files 14.07.2005 17:28 365 f3initialsetup1.0.0.15.inf 26.05.2005 04:19 291 wuweb.inf 17.03.2005 21:04 65 desktop.ini 08.12.2003 13:58 3.759 swflash.inf 20.01.2000 16:25 1.162 Microsoft XML Parser for Java.osd 5 Datei(en) 5.642 Bytes 0 Verzeichnis(se), 9.170.812.928 Bytes frei ---------------------------------- Volume in Laufwerk C: hat keine Bezeichnung. Volumeseriennummer: A0C9-E2DF Verzeichnis von C:\ 28.03.2007 19:04 0 sys.txt 28.03.2007 19:03 527 down.txt 28.03.2007 19:03 8.219 tmp.txt 28.03.2007 19:03 9.270 system.txt 28.03.2007 19:02 3.072 systemtemp.txt 28.03.2007 19:01 120.129 system32.txt 28.03.2007 18:49 805.306.368 pagefile.sys 27.03.2007 20:34 25.951 as.txt 10.02.2007 15:28 211 boot.ini 10.02.2007 15:18 47.564 NTDETECT.COM 10.02.2007 15:18 251.184 ntldr 22.12.2006 21:19 7.522 EyeCandyLog.txt 10.12.2006 16:44 171 ICQLite.log 09.08.2006 18:59 11.152 History_Lord1488.dat 06.06.2006 20:49 0 AdobeDebug.txt 27.03.2006 19:59 458 memory.txt 18.03.2006 23:47 192 persist.dbs 05.02.2006 20:23 2.234 mxfilerelatedcache.mxc2 23.01.2006 18:43 4.096 Thumbs.db 20.01.2006 00:20 9.077 Mosaic2.png 30.08.2005 08:19 0 BHO.log 09.08.2005 19:28 6.730 ResponseXML.log 09.08.2005 19:28 6.496 ResponseText.log 09.08.2005 19:28 1.390 Request.log 02.05.2005 15:18 104 shutdown.log 17.03.2005 21:05 0 IO.SYS 17.03.2005 21:05 0 CONFIG.SYS 17.03.2005 21:05 0 AUTOEXEC.BAT 17.03.2005 21:05 0 MSDOS.SYS 17.03.2005 20:59 194 BOOT.BKK 18.08.2001 14:00 4.952 bootfont.bin 31 Datei(en) 805.827.263 Bytes 0 Verzeichnis(se), 9.170.808.832 Bytes frei Anhang: system32.txt Dieser Beitrag wurde am 28.03.2007 um 19:25 Uhr von Lord88 editiert.
|
|
|
|
|
|
|
28.03.2007, 19:59
Moderator
Beiträge: 7805 |
#4
Im Zweifel folgende Dateien aus dem system32 Ordner an virus@protecus.de schicken
26.03.2007 19:26 507.392 winlogon.exe 26.03.2007 19:26 82.944 ws2_32.dll Wo genau findet Antivir denn RKIT/Agent.DQ.31.A und TR/Rootkit.AU.1 __________ MfG Ralf SEO-Spam Hunter |
|
|
|
|
|
|
28.03.2007, 20:14
...neu hier
Themenstarter Beiträge: 6 |
#5
Hallo,
RKIT/Agent.DQ.31.A windows\system32\drivers\IP6FW.sys und TR/Rootkit.AU.1 windows\system32\drivers\Runtime.sys Vielen Dank |
|
|
|
|
|
|
28.03.2007, 20:24
Moderator
Beiträge: 7805 |
#6
Das sind auf jeden Fall keine Fehlalarme. Wie gesagt, schicke bitte die 2 von mir genannten Dateien ein und versuche Blacklight und Gmer und poste deren Logs....
Siehe hier: http://virus-protect.org/artikel/tools/gmer.html bzw: http://virus-protect.org/artikel/tools/rootkithook.html __________ MfG Ralf SEO-Spam Hunter |
|
|
|
|
|
|
28.03.2007, 21:30
...neu hier
Themenstarter Beiträge: 6 |
#7
ok hier die neuen Logs:
GMER 1.0.12.12086 - http://www.gmer.net Rootkit scan 2007-03-28 21:16:11 Windows 5.1.2600 Service Pack 2 ---- System - GMER 1.0.12 ---- SSDT sptd.sys ZwCreateKey SSDT sptd.sys ZwEnumerateKey SSDT sptd.sys ZwEnumerateValueKey SSDT sptd.sys ZwOpenKey SSDT sptd.sys ZwQueryKey SSDT sptd.sys ZwQueryValueKey SSDT sptd.sys ZwSetValueKey ---- Kernel code sections - GMER 1.0.12 ---- ? C:\WINDOWS\system32\drivers\sptd.sys Der Prozess kann nicht auf die Datei zugreifen, da sie von einem anderen Prozess verwendet wird. ? C:\WINDOWS\System32\Drivers\SPTD0381.SYS Der Prozess kann nicht auf die Datei zugreifen, da sie von einem anderen Prozess verwendet wird. ? C:\WINDOWS\System32\Drivers\dtscsi.sys Der Prozess kann nicht auf die Datei zugreifen, da sie von einem anderen Prozess verwendet wird. ---- Devices - GMER 1.0.12 ---- Device \FileSystem\Ntfs \Ntfs IRP_MJ_CREATE 82F8F3D0 Device \FileSystem\Ntfs \Ntfs IRP_MJ_CLOSE 82F8F3D0 Device \FileSystem\Ntfs \Ntfs IRP_MJ_READ 82F8F3D0 Device \FileSystem\Ntfs \Ntfs IRP_MJ_WRITE 82F8F3D0 Device \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_INFORMATION 82F8F3D0 Device \FileSystem\Ntfs \Ntfs IRP_MJ_SET_INFORMATION 82F8F3D0 Device \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_EA 82F8F3D0 Device \FileSystem\Ntfs \Ntfs IRP_MJ_SET_EA 82F8F3D0 Device \FileSystem\Ntfs \Ntfs IRP_MJ_FLUSH_BUFFERS 82F8F3D0 Device \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_VOLUME_INFORMATION 82F8F3D0 Device \FileSystem\Ntfs \Ntfs IRP_MJ_SET_VOLUME_INFORMATION 82F8F3D0 Device \FileSystem\Ntfs \Ntfs IRP_MJ_DIRECTORY_CONTROL 82F8F3D0 Device \FileSystem\Ntfs \Ntfs IRP_MJ_FILE_SYSTEM_CONTROL 82F8F3D0 Device \FileSystem\Ntfs \Ntfs IRP_MJ_DEVICE_CONTROL 82F8F3D0 Device \FileSystem\Ntfs \Ntfs IRP_MJ_SHUTDOWN 82F8F3D0 Device \FileSystem\Ntfs \Ntfs IRP_MJ_LOCK_CONTROL 82F8F3D0 Device \FileSystem\Ntfs \Ntfs IRP_MJ_CLEANUP 82F8F3D0 Device \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_SECURITY 82F8F3D0 Device \FileSystem\Ntfs \Ntfs IRP_MJ_SET_SECURITY 82F8F3D0 Device \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_QUOTA 82F8F3D0 Device \FileSystem\Ntfs \Ntfs IRP_MJ_SET_QUOTA 82F8F3D0 Device \FileSystem\Ntfs \Ntfs IRP_MJ_PNP 82F8F3D0 Device \FileSystem\Fastfat \FatCdrom IRP_MJ_CREATE 82A63460 Device \FileSystem\Fastfat \FatCdrom IRP_MJ_CLOSE 82A63460 Device \FileSystem\Fastfat \FatCdrom IRP_MJ_READ 82A63460 Device \FileSystem\Fastfat \FatCdrom IRP_MJ_WRITE 82A63460 Device \FileSystem\Fastfat \FatCdrom IRP_MJ_QUERY_INFORMATION 82A63460 Device \FileSystem\Fastfat \FatCdrom IRP_MJ_SET_INFORMATION 82A63460 Device \FileSystem\Fastfat \FatCdrom IRP_MJ_QUERY_EA 82A63460 Device \FileSystem\Fastfat \FatCdrom IRP_MJ_SET_EA 82A63460 Device \FileSystem\Fastfat \FatCdrom IRP_MJ_FLUSH_BUFFERS 82A63460 Device \FileSystem\Fastfat \FatCdrom IRP_MJ_QUERY_VOLUME_INFORMATION 82A63460 Device \FileSystem\Fastfat \FatCdrom IRP_MJ_SET_VOLUME_INFORMATION 82A63460 Device \FileSystem\Fastfat \FatCdrom IRP_MJ_DIRECTORY_CONTROL 82A63460 Device \FileSystem\Fastfat \FatCdrom IRP_MJ_FILE_SYSTEM_CONTROL 82A63460 Device \FileSystem\Fastfat \FatCdrom IRP_MJ_DEVICE_CONTROL 82A63460 Device \FileSystem\Fastfat \FatCdrom IRP_MJ_SHUTDOWN 82A63460 Device \FileSystem\Fastfat \FatCdrom IRP_MJ_LOCK_CONTROL 82A63460 Device \FileSystem\Fastfat \FatCdrom IRP_MJ_CLEANUP 82A63460 Device \FileSystem\Fastfat \FatCdrom IRP_MJ_PNP 82A63460 Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_CREATE 82F8FEB0 Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_CLOSE 82F8FEB0 Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_READ 82F8FEB0 Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_WRITE 82F8FEB0 Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_FLUSH_BUFFERS 82F8FEB0 Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_DEVICE_CONTROL 82F8FEB0 Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_INTERNAL_DEVICE_CONTROL 82F8FEB0 Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_SHUTDOWN 82F8FEB0 Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_POWER 82F8FEB0 Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_SYSTEM_CONTROL 82F8FEB0 Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_PNP 82F8FEB0 Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_CREATE 82F8FEB0 Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_CLOSE 82F8FEB0 Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_READ 82F8FEB0 Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_WRITE 82F8FEB0 Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_FLUSH_BUFFERS 82F8FEB0 Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_DEVICE_CONTROL 82F8FEB0 Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_INTERNAL_DEVICE_CONTROL 82F8FEB0 Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_SHUTDOWN 82F8FEB0 Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_POWER 82F8FEB0 Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_SYSTEM_CONTROL 82F8FEB0 Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_PNP 82F8FEB0 Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_CREATE 82F8FEB0 Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_CLOSE 82F8FEB0 Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_READ 82F8FEB0 Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_WRITE 82F8FEB0 Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_FLUSH_BUFFERS 82F8FEB0 Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_DEVICE_CONTROL 82F8FEB0 Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_INTERNAL_DEVICE_CONTROL 82F8FEB0 Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_SHUTDOWN 82F8FEB0 Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_POWER 82F8FEB0 Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_SYSTEM_CONTROL 82F8FEB0 Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_PNP 82F8FEB0 Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_CREATE 82F8FEB0 Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_CLOSE 82F8FEB0 Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_READ 82F8FEB0 Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_WRITE 82F8FEB0 Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_FLUSH_BUFFERS 82F8FEB0 Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_DEVICE_CONTROL 82F8FEB0 Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_INTERNAL_DEVICE_CONTROL 82F8FEB0 Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_SHUTDOWN 82F8FEB0 Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_POWER 82F8FEB0 Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_SYSTEM_CONTROL 82F8FEB0 Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_PNP 82F8FEB0 Device \Driver\NetBT \Device\NetBT_Tcpip_{403562DD-AB5D-4E4C-AD13-C03FC063BE17} IRP_MJ_CREATE 82BCAEB0 Device \Driver\NetBT \Device\NetBT_Tcpip_{403562DD-AB5D-4E4C-AD13-C03FC063BE17} IRP_MJ_CLOSE 82BCAEB0 Device \Driver\NetBT \Device\NetBT_Tcpip_{403562DD-AB5D-4E4C-AD13-C03FC063BE17} IRP_MJ_DEVICE_CONTROL 82BCAEB0 Device \Driver\NetBT \Device\NetBT_Tcpip_{403562DD-AB5D-4E4C-AD13-C03FC063BE17} IRP_MJ_INTERNAL_DEVICE_CONTROL 82BCAEB0 Device \Driver\NetBT \Device\NetBT_Tcpip_{403562DD-AB5D-4E4C-AD13-C03FC063BE17} IRP_MJ_CLEANUP 82BCAEB0 Device \Driver\NetBT \Device\NetBT_Tcpip_{403562DD-AB5D-4E4C-AD13-C03FC063BE17} IRP_MJ_PNP 82BCAEB0 Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_CREATE 82FD81D0 Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_READ 82FD81D0 Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_WRITE 82FD81D0 Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_FLUSH_BUFFERS 82FD81D0 Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_DEVICE_CONTROL 82FD81D0 Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_INTERNAL_DEVICE_CONTROL 82FD81D0 Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_SHUTDOWN 82FD81D0 Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_CLEANUP 82FD81D0 Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_POWER 82FD81D0 Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_SYSTEM_CONTROL 82FD81D0 Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_PNP 82FD81D0 Device \Driver\00000054 \Device\00000058 IRP_MJ_POWER [F8651EA8] sptd.sys Device \Driver\00000054 \Device\00000058 IRP_MJ_SYSTEM_CONTROL [F8665A70] sptd.sys Device \Driver\00000054 \Device\00000058 IRP_MJ_PNP [F865E728] sptd.sys Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_CREATE 82FD81D0 Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_READ 82FD81D0 Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_WRITE 82FD81D0 Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_FLUSH_BUFFERS 82FD81D0 Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_DEVICE_CONTROL 82FD81D0 Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_INTERNAL_DEVICE_CONTROL 82FD81D0 Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_SHUTDOWN 82FD81D0 Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_CLEANUP 82FD81D0 Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_POWER 82FD81D0 Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_SYSTEM_CONTROL 82FD81D0 Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_PNP 82FD81D0 Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_CREATE 82DF1C98 Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_CLOSE 82DF1C98 Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_READ 82DF1C98 Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_WRITE 82DF1C98 Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_FLUSH_BUFFERS 82DF1C98 Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_DEVICE_CONTROL 82DF1C98 Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_INTERNAL_DEVICE_CONTROL 82DF1C98 Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SHUTDOWN 82DF1C98 Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_POWER 82DF1C98 Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SYSTEM_CONTROL 82DF1C98 Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_PNP 82DF1C98 Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_CREATE 82D590E8 Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_CREATE_NAMED_PIPE 82D590E8 Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_CLOSE 82D590E8 Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_READ 82D590E8 Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_WRITE 82D590E8 Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_QUERY_INFORMATION 82D590E8 Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_SET_INFORMATION 82D590E8 Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_QUERY_EA 82D590E8 Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_SET_EA 82D590E8 Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_FLUSH_BUFFERS 82D590E8 Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_QUERY_VOLUME_INFORMATION 82D590E8 Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_SET_VOLUME_INFORMATION 82D590E8 Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_DIRECTORY_CONTROL 82D590E8 Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_FILE_SYSTEM_CONTROL 82D590E8 Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_DEVICE_CONTROL 82D590E8 Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_INTERNAL_DEVICE_CONTROL 82D590E8 Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_SHUTDOWN 82D590E8 Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_LOCK_CONTROL 82D590E8 Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_CLEANUP 82D590E8 Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_CREATE_MAILSLOT 82D590E8 Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_QUERY_SECURITY 82D590E8 Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_SET_SECURITY 82D590E8 Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_POWER 82D590E8 Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_SYSTEM_CONTROL 82D590E8 Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_DEVICE_CHANGE 82D590E8 Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_QUERY_QUOTA 82D590E8 Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_SET_QUOTA 82D590E8 Device \Driver\Ftdisk \Device\HarddiskVolume3 IRP_MJ_CREATE 82FD81D0 Device \Driver\Ftdisk \Device\HarddiskVolume3 IRP_MJ_READ 82FD81D0 Device \Driver\Ftdisk \Device\HarddiskVolume3 IRP_MJ_WRITE 82FD81D0 Device \Driver\Ftdisk \Device\HarddiskVolume3 IRP_MJ_FLUSH_BUFFERS 82FD81D0 Device \Driver\Ftdisk \Device\HarddiskVolume3 IRP_MJ_DEVICE_CONTROL 82FD81D0 Device \Driver\Ftdisk \Device\HarddiskVolume3 IRP_MJ_INTERNAL_DEVICE_CONTROL 82FD81D0 Device \Driver\Ftdisk \Device\HarddiskVolume3 IRP_MJ_SHUTDOWN 82FD81D0 Device \Driver\Ftdisk \Device\HarddiskVolume3 IRP_MJ_CLEANUP 82FD81D0 Device \Driver\Ftdisk \Device\HarddiskVolume3 IRP_MJ_POWER 82FD81D0 Device \Driver\Ftdisk \Device\HarddiskVolume3 IRP_MJ_SYSTEM_CONTROL 82FD81D0 Device \Driver\Ftdisk \Device\HarddiskVolume3 IRP_MJ_PNP 82FD81D0 Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_CREATE 82DF1C98 Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_CLOSE 82DF1C98 Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_READ 82DF1C98 Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_WRITE 82DF1C98 Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_FLUSH_BUFFERS 82DF1C98 Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_DEVICE_CONTROL 82DF1C98 Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_INTERNAL_DEVICE_CONTROL 82DF1C98 Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SHUTDOWN 82DF1C98 Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_POWER 82DF1C98 Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SYSTEM_CONTROL 82DF1C98 Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_PNP 82DF1C98 Device \Driver\NetBT \Device\NetBT_Tcpip_{8AA98154-EF55-499D-AC8C-529FD3009438} IRP_MJ_CREATE 82BCAEB0 Device \Driver\NetBT \Device\NetBT_Tcpip_{8AA98154-EF55-499D-AC8C-529FD3009438} IRP_MJ_CLOSE 82BCAEB0 Device \Driver\NetBT \Device\NetBT_Tcpip_{8AA98154-EF55-499D-AC8C-529FD3009438} IRP_MJ_DEVICE_CONTROL 82BCAEB0 Device \Driver\NetBT \Device\NetBT_Tcpip_{8AA98154-EF55-499D-AC8C-529FD3009438} IRP_MJ_INTERNAL_DEVICE_CONTROL 82BCAEB0 Device \Driver\NetBT \Device\NetBT_Tcpip_{8AA98154-EF55-499D-AC8C-529FD3009438} IRP_MJ_CLEANUP 82BCAEB0 Device \Driver\NetBT \Device\NetBT_Tcpip_{8AA98154-EF55-499D-AC8C-529FD3009438} IRP_MJ_PNP 82BCAEB0 Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_INTERNAL_DEVICE_CONTROL [F875795C] sfsync03.sys Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_INTERNAL_DEVICE_CONTROL [F875795C] sfsync03.sys Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_INTERNAL_DEVICE_CONTROL [F875795C] sfsync03.sys Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_INTERNAL_DEVICE_CONTROL [F875795C] sfsync03.sys Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-18 IRP_MJ_INTERNAL_DEVICE_CONTROL [F875795C] sfsync03.sys Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-20 IRP_MJ_INTERNAL_DEVICE_CONTROL [F875795C] sfsync03.sys Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_CREATE 82DF1C98 Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_CLOSE 82DF1C98 Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_READ 82DF1C98 Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_WRITE 82DF1C98 Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_FLUSH_BUFFERS 82DF1C98 Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_DEVICE_CONTROL 82DF1C98 Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_INTERNAL_DEVICE_CONTROL 82DF1C98 Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_SHUTDOWN 82DF1C98 Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_POWER 82DF1C98 Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_SYSTEM_CONTROL 82DF1C98 Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_PNP 82DF1C98 Device \Driver\USBSTOR \Device\00000075 IRP_MJ_CREATE 82C3B5B8 Device \Driver\USBSTOR \Device\00000075 IRP_MJ_CLOSE 82C3B5B8 Device \Driver\USBSTOR \Device\00000075 IRP_MJ_READ 82C3B5B8 Device \Driver\USBSTOR \Device\00000075 IRP_MJ_WRITE 82C3B5B8 Device \Driver\USBSTOR \Device\00000075 IRP_MJ_DEVICE_CONTROL 82C3B5B8 Device \Driver\USBSTOR \Device\00000075 IRP_MJ_INTERNAL_DEVICE_CONTROL [F875795C] sfsync03.sys Device \Driver\USBSTOR \Device\00000075 IRP_MJ_POWER 82C3B5B8 Device \Driver\USBSTOR \Device\00000075 IRP_MJ_SYSTEM_CONTROL 82C3B5B8 Device \Driver\USBSTOR \Device\00000075 IRP_MJ_PNP 82C3B5B8 Device \Driver\USBSTOR \Device\00000076 IRP_MJ_CREATE 82C3B5B8 Device \Driver\USBSTOR \Device\00000076 IRP_MJ_CLOSE 82C3B5B8 Device \Driver\USBSTOR \Device\00000076 IRP_MJ_READ 82C3B5B8 Device \Driver\USBSTOR \Device\00000076 IRP_MJ_WRITE 82C3B5B8 Device \Driver\USBSTOR \Device\00000076 IRP_MJ_DEVICE_CONTROL 82C3B5B8 Device \Driver\USBSTOR \Device\00000076 IRP_MJ_INTERNAL_DEVICE_CONTROL [F875795C] sfsync03.sys Device \Driver\USBSTOR \Device\00000076 IRP_MJ_POWER 82C3B5B8 Device \Driver\USBSTOR \Device\00000076 IRP_MJ_SYSTEM_CONTROL 82C3B5B8 Device \Driver\USBSTOR \Device\00000076 IRP_MJ_PNP 82C3B5B8 Device \Driver\NetBT \Device\NetBt_Wins_Export IRP_MJ_CREATE 82BCAEB0 Device \Driver\NetBT \Device\NetBt_Wins_Export IRP_MJ_CLOSE 82BCAEB0 Device \Driver\NetBT \Device\NetBt_Wins_Export IRP_MJ_DEVICE_CONTROL 82BCAEB0 Device \Driver\NetBT \Device\NetBt_Wins_Export IRP_MJ_INTERNAL_DEVICE_CONTROL 82BCAEB0 Device \Driver\NetBT \Device\NetBt_Wins_Export IRP_MJ_CLEANUP 82BCAEB0 Device \Driver\NetBT \Device\NetBt_Wins_Export IRP_MJ_PNP 82BCAEB0 Device \Driver\NetBT \Device\NetbiosSmb IRP_MJ_CREATE 82BCAEB0 Device \Driver\NetBT \Device\NetbiosSmb IRP_MJ_CLOSE 82BCAEB0 Device \Driver\NetBT \Device\NetbiosSmb IRP_MJ_DEVICE_CONTROL 82BCAEB0 Device \Driver\NetBT \Device\NetbiosSmb IRP_MJ_INTERNAL_DEVICE_CONTROL 82BCAEB0 Device \Driver\NetBT \Device\NetbiosSmb IRP_MJ_CLEANUP 82BCAEB0 Device \Driver\NetBT \Device\NetbiosSmb IRP_MJ_PNP 82BCAEB0 Device \Driver\Disk \Device\Harddisk0\DR0 IRP_MJ_CREATE 82F8F688 Device \Driver\Disk \Device\Harddisk0\DR0 IRP_MJ_CLOSE 82F8F688 Device \Driver\Disk \Device\Harddisk0\DR0 IRP_MJ_READ 82F8F688 Device \Driver\Disk \Device\Harddisk0\DR0 IRP_MJ_WRITE 82F8F688 Device \Driver\Disk \Device\Harddisk0\DR0 IRP_MJ_FLUSH_BUFFERS 82F8F688 Device \Driver\Disk \Device\Harddisk0\DR0 IRP_MJ_DEVICE_CONTROL 82F8F688 Device \Driver\Disk \Device\Harddisk0\DR0 IRP_MJ_INTERNAL_DEVICE_CONTROL 82F8F688 Device \Driver\Disk \Device\Harddisk0\DR0 IRP_MJ_SHUTDOWN 82F8F688 Device \Driver\Disk \Device\Harddisk0\DR0 IRP_MJ_POWER 82F8F688 Device \Driver\Disk \Device\Harddisk0\DR0 IRP_MJ_SYSTEM_CONTROL 82F8F688 Device \Driver\Disk \Device\Harddisk0\DR0 IRP_MJ_PNP 82F8F688 Device \Driver\Disk \Device\Harddisk1\DR1 IRP_MJ_CREATE 82F8F688 Device \Driver\Disk \Device\Harddisk1\DR1 IRP_MJ_CLOSE 82F8F688 Device \Driver\Disk \Device\Harddisk1\DR1 IRP_MJ_READ 82F8F688 Device \Driver\Disk \Device\Harddisk1\DR1 IRP_MJ_WRITE 82F8F688 Device \Driver\Disk \Device\Harddisk1\DR1 IRP_MJ_FLUSH_BUFFERS 82F8F688 Device \Driver\Disk \Device\Harddisk1\DR1 IRP_MJ_DEVICE_CONTROL 82F8F688 Device \Driver\Disk \Device\Harddisk1\DR1 IRP_MJ_INTERNAL_DEVICE_CONTROL 82F8F688 Device \Driver\Disk \Device\Harddisk1\DR1 IRP_MJ_SHUTDOWN 82F8F688 Device \Driver\Disk \Device\Harddisk1\DR1 IRP_MJ_POWER 82F8F688 Device \Driver\Disk \Device\Harddisk1\DR1 IRP_MJ_SYSTEM_CONTROL 82F8F688 Device \Driver\Disk \Device\Harddisk1\DR1 IRP_MJ_PNP 82F8F688 Device \Driver\Disk \Device\Harddisk2\DR5 IRP_MJ_CREATE 82F8F688 Device \Driver\Disk \Device\Harddisk2\DR5 IRP_MJ_CLOSE 82F8F688 Device \Driver\Disk \Device\Harddisk2\DR5 IRP_MJ_READ 82F8F688 Device \Driver\Disk \Device\Harddisk2\DR5 IRP_MJ_WRITE 82F8F688 Device \Driver\Disk \Device\Harddisk2\DR5 IRP_MJ_FLUSH_BUFFERS 82F8F688 Device \Driver\Disk \Device\Harddisk2\DR5 IRP_MJ_DEVICE_CONTROL 82F8F688 Device \Driver\Disk \Device\Harddisk2\DR5 IRP_MJ_INTERNAL_DEVICE_CONTROL 82F8F688 Device \Driver\Disk \Device\Harddisk2\DR5 IRP_MJ_SHUTDOWN 82F8F688 Device \Driver\Disk \Device\Harddisk2\DR5 IRP_MJ_POWER 82F8F688 Device \Driver\Disk \Device\Harddisk2\DR5 IRP_MJ_SYSTEM_CONTROL 82F8F688 Device \Driver\Disk \Device\Harddisk2\DR5 IRP_MJ_PNP 82F8F688 Device \Driver\Disk \Device\Harddisk2\DP(1)0-0+6 IRP_MJ_CREATE 82F8F688 Device \Driver\Disk \Device\Harddisk2\DP(1)0-0+6 IRP_MJ_CLOSE 82F8F688 Device \Driver\Disk \Device\Harddisk2\DP(1)0-0+6 IRP_MJ_READ 82F8F688 Device \Driver\Disk \Device\Harddisk2\DP(1)0-0+6 IRP_MJ_WRITE 82F8F688 Device \Driver\Disk \Device\Harddisk2\DP(1)0-0+6 IRP_MJ_FLUSH_BUFFERS 82F8F688 Device \Driver\Disk \Device\Harddisk2\DP(1)0-0+6 IRP_MJ_DEVICE_CONTROL 82F8F688 Device \Driver\Disk \Device\Harddisk2\DP(1)0-0+6 IRP_MJ_INTERNAL_DEVICE_CONTROL 82F8F688 Device \Driver\Disk \Device\Harddisk2\DP(1)0-0+6 IRP_MJ_SHUTDOWN 82F8F688 Device \Driver\Disk \Device\Harddisk2\DP(1)0-0+6 IRP_MJ_POWER 82F8F688 Device \Driver\Disk \Device\Harddisk2\DP(1)0-0+6 IRP_MJ_SYSTEM_CONTROL 82F8F688 Device \Driver\Disk \Device\Harddisk2\DP(1)0-0+6 IRP_MJ_PNP 82F8F688 Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_CREATE 82D79840 Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_CREATE_NAMED_PIPE 82D79840 Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_CLOSE 82D79840 Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_READ 82D79840 Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_WRITE 82D79840 Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_QUERY_INFORMATION 82D79840 Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SET_INFORMATION 82D79840 Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_QUERY_EA 82D79840 Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SET_EA 82D79840 Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_FLUSH_BUFFERS 82D79840 Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_QUERY_VOLUME_INFORMATION 82D79840 Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SET_VOLUME_INFORMATION 82D79840 Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_DIRECTORY_CONTROL 82D79840 Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_FILE_SYSTEM_CONTROL 82D79840 Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_DEVICE_CONTROL 82D79840 Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_INTERNAL_DEVICE_CONTROL 82D79840 Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SHUTDOWN 82D79840 Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_LOCK_CONTROL 82D79840 Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_CLEANUP 82D79840 Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_CREATE_MAILSLOT 82D79840 Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_QUERY_SECURITY 82D79840 Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SET_SECURITY 82D79840 Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_POWER 82D79840 Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SYSTEM_CONTROL 82D79840 Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_DEVICE_CHANGE 82D79840 Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_QUERY_QUOTA 82D79840 Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SET_QUOTA 82D79840 Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_PNP 82D79840 Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_CREATE 82D79840 Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_CREATE_NAMED_PIPE 82D79840 Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_CLOSE 82D79840 Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_READ 82D79840 Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_WRITE 82D79840 Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_QUERY_INFORMATION 82D79840 Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SET_INFORMATION 82D79840 Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_QUERY_EA 82D79840 Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SET_EA 82D79840 Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_FLUSH_BUFFERS 82D79840 Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_QUERY_VOLUME_INFORMATION 82D79840 Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SET_VOLUME_INFORMATION 82D79840 Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_DIRECTORY_CONTROL 82D79840 Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_FILE_SYSTEM_CONTROL 82D79840 Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_DEVICE_CONTROL 82D79840 Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_INTERNAL_DEVICE_CONTROL 82D79840 Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SHUTDOWN 82D79840 Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_LOCK_CONTROL 82D79840 Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_CLEANUP 82D79840 Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_CREATE_MAILSLOT 82D79840 Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_QUERY_SECURITY 82D79840 Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SET_SECURITY 82D79840 Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_POWER 82D79840 Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SYSTEM_CONTROL 82D79840 Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_DEVICE_CHANGE 82D79840 Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_QUERY_QUOTA 82D79840 Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SET_QUOTA 82D79840 Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_PNP 82D79840 Device \FileSystem\Npfs \Device\NamedPipe IRP_MJ_CREATE 82D461D0 Device \FileSystem\Npfs \Device\NamedPipe IRP_MJ_CREATE_NAMED_PIPE 82D461D0 Device \FileSystem\Npfs \Device\NamedPipe IRP_MJ_CLOSE 82D461D0 Device \FileSystem\Npfs \Device\NamedPipe IRP_MJ_READ 82D461D0 Device \FileSystem\Npfs \Device\NamedPipe IRP_MJ_WRITE 82D461D0 Device \FileSystem\Npfs \Device\NamedPipe IRP_MJ_QUERY_INFORMATION 82D461D0 Device \FileSystem\Npfs \Device\NamedPipe IRP_MJ_SET_INFORMATION 82D461D0 Device \FileSystem\Npfs \Device\NamedPipe IRP_MJ_FLUSH_BUFFERS 82D461D0 Device \FileSystem\Npfs \Device\NamedPipe IRP_MJ_QUERY_VOLUME_INFORMATION 82D461D0 Device \FileSystem\Npfs \Device\NamedPipe IRP_MJ_DIRECTORY_CONTROL 82D461D0 Device \FileSystem\Npfs \Device\NamedPipe IRP_MJ_FILE_SYSTEM_CONTROL 82D461D0 Device \FileSystem\Npfs \Device\NamedPipe IRP_MJ_CLEANUP 82D461D0 Device \FileSystem\Npfs \Device\NamedPipe IRP_MJ_QUERY_SECURITY 82D461D0 Device \FileSystem\Npfs \Device\NamedPipe IRP_MJ_SET_SECURITY 82D461D0 Device \Driver\Ftdisk \Device\FtControl IRP_MJ_CREATE 82FD81D0 Device \Driver\Ftdisk \Device\FtControl IRP_MJ_READ 82FD81D0 Device \Driver\Ftdisk \Device\FtControl IRP_MJ_WRITE 82FD81D0 Device \Driver\Ftdisk \Device\FtControl IRP_MJ_FLUSH_BUFFERS 82FD81D0 Device \Driver\Ftdisk \Device\FtControl IRP_MJ_DEVICE_CONTROL 82FD81D0 Device \Driver\Ftdisk \Device\FtControl IRP_MJ_INTERNAL_DEVICE_CONTROL 82FD81D0 Device \Driver\Ftdisk \Device\FtControl IRP_MJ_SHUTDOWN 82FD81D0 Device \Driver\Ftdisk \Device\FtControl IRP_MJ_CLEANUP 82FD81D0 Device \Driver\Ftdisk \Device\FtControl IRP_MJ_POWER 82FD81D0 Device \Driver\Ftdisk \Device\FtControl IRP_MJ_SYSTEM_CONTROL 82FD81D0 Device \Driver\Ftdisk \Device\FtControl IRP_MJ_PNP 82FD81D0 Device \FileSystem\Msfs \Device\Mailslot IRP_MJ_CREATE 82D11918 Device \FileSystem\Msfs \Device\Mailslot IRP_MJ_CLOSE 82D11918 Device \FileSystem\Msfs \Device\Mailslot IRP_MJ_READ 82D11918 Device \FileSystem\Msfs \Device\Mailslot IRP_MJ_WRITE 82D11918 Device \FileSystem\Msfs \Device\Mailslot IRP_MJ_QUERY_INFORMATION 82D11918 Device \FileSystem\Msfs \Device\Mailslot IRP_MJ_SET_INFORMATION 82D11918 Device \FileSystem\Msfs \Device\Mailslot IRP_MJ_QUERY_VOLUME_INFORMATION 82D11918 Device \FileSystem\Msfs \Device\Mailslot IRP_MJ_DIRECTORY_CONTROL 82D11918 Device \FileSystem\Msfs \Device\Mailslot IRP_MJ_FILE_SYSTEM_CONTROL 82D11918 Device \FileSystem\Msfs \Device\Mailslot IRP_MJ_CLEANUP 82D11918 Device \FileSystem\Msfs \Device\Mailslot IRP_MJ_CREATE_MAILSLOT 82D11918 Device \FileSystem\Msfs \Device\Mailslot IRP_MJ_QUERY_SECURITY 82D11918 Device \FileSystem\Msfs \Device\Mailslot IRP_MJ_SET_SECURITY 82D11918 Device \Driver\imagedrv \Device\Scsi\imagedrv1 IRP_MJ_CREATE 82F8F940 Device \Driver\imagedrv \Device\Scsi\imagedrv1 IRP_MJ_CLOSE 82F8F940 Device \Driver\imagedrv \Device\Scsi\imagedrv1 IRP_MJ_DEVICE_CONTROL 82F8F940 Device \Driver\imagedrv \Device\Scsi\imagedrv1 IRP_MJ_INTERNAL_DEVICE_CONTROL 82F8F940 Device \Driver\imagedrv \Device\Scsi\imagedrv1 IRP_MJ_POWER 82F8F940 Device \Driver\imagedrv \Device\Scsi\imagedrv1 IRP_MJ_SYSTEM_CONTROL 82F8F940 Device \Driver\imagedrv \Device\Scsi\imagedrv1 IRP_MJ_PNP 82F8F940 Device \Driver\dtscsi \Device\Scsi\dtscsi1 IRP_MJ_CREATE 82B310E8 Device \Driver\dtscsi \Device\Scsi\dtscsi1 IRP_MJ_CLOSE 82B310E8 Device \Driver\dtscsi \Device\Scsi\dtscsi1 IRP_MJ_DEVICE_CONTROL 82B310E8 Device \Driver\dtscsi \Device\Scsi\dtscsi1 IRP_MJ_INTERNAL_DEVICE_CONTROL [F875795C] sfsync03.sys Device \Driver\dtscsi \Device\Scsi\dtscsi1 IRP_MJ_POWER 82B310E8 Device \Driver\dtscsi \Device\Scsi\dtscsi1 IRP_MJ_SYSTEM_CONTROL 82B310E8 Device \Driver\dtscsi \Device\Scsi\dtscsi1 IRP_MJ_PNP 82B310E8 Device \Driver\dtscsi \Device\Scsi\dtscsi1Port3Path0Target0Lun0 IRP_MJ_CREATE 82B310E8 Device \Driver\dtscsi \Device\Scsi\dtscsi1Port3Path0Target0Lun0 IRP_MJ_CLOSE 82B310E8 Device \Driver\dtscsi \Device\Scsi\dtscsi1Port3Path0Target0Lun0 IRP_MJ_DEVICE_CONTROL 82B310E8 Device \Driver\dtscsi \Device\Scsi\dtscsi1Port3Path0Target0Lun0 IRP_MJ_INTERNAL_DEVICE_CONTROL [F875795C] sfsync03.sys Device \Driver\dtscsi \Device\Scsi\dtscsi1Port3Path0Target0Lun0 IRP_MJ_POWER 82B310E8 Device \Driver\dtscsi \Device\Scsi\dtscsi1Port3Path0Target0Lun0 IRP_MJ_SYSTEM_CONTROL 82B310E8 Device \Driver\dtscsi \Device\Scsi\dtscsi1Port3Path0Target0Lun0 IRP_MJ_PNP 82B310E8 Device \FileSystem\Fastfat \Fat IRP_MJ_CREATE 82A63460 Device \FileSystem\Fastfat \Fat IRP_MJ_CLOSE 82A63460 Device \FileSystem\Fastfat \Fat IRP_MJ_READ 82A63460 Device \FileSystem\Fastfat \Fat IRP_MJ_WRITE 82A63460 Device \FileSystem\Fastfat \Fat IRP_MJ_QUERY_INFORMATION 82A63460 Device \FileSystem\Fastfat \Fat IRP_MJ_SET_INFORMATION 82A63460 Device \FileSystem\Fastfat \Fat IRP_MJ_QUERY_EA 82A63460 Device \FileSystem\Fastfat \Fat IRP_MJ_SET_EA 82A63460 Device \FileSystem\Fastfat \Fat IRP_MJ_FLUSH_BUFFERS 82A63460 Device \FileSystem\Fastfat \Fat IRP_MJ_QUERY_VOLUME_INFORMATION 82A63460 Device \FileSystem\Fastfat \Fat IRP_MJ_SET_VOLUME_INFORMATION 82A63460 Device \FileSystem\Fastfat \Fat IRP_MJ_DIRECTORY_CONTROL 82A63460 Device \FileSystem\Fastfat \Fat IRP_MJ_FILE_SYSTEM_CONTROL 82A63460 Device \FileSystem\Fastfat \Fat IRP_MJ_DEVICE_CONTROL 82A63460 Device \FileSystem\Fastfat \Fat IRP_MJ_SHUTDOWN 82A63460 Device \FileSystem\Fastfat \Fat IRP_MJ_LOCK_CONTROL 82A63460 Device \FileSystem\Fastfat \Fat IRP_MJ_CLEANUP 82A63460 Device \FileSystem\Fastfat \Fat IRP_MJ_PNP 82A63460 Device \FileSystem\Cdfs \Cdfs IRP_MJ_CREATE 82B452E0 Device \FileSystem\Cdfs \Cdfs IRP_MJ_CLOSE 82B452E0 Device \FileSystem\Cdfs \Cdfs IRP_MJ_READ 82B452E0 Device \FileSystem\Cdfs \Cdfs IRP_MJ_QUERY_INFORMATION 82B452E0 Device \FileSystem\Cdfs \Cdfs IRP_MJ_SET_INFORMATION 82B452E0 Device \FileSystem\Cdfs \Cdfs IRP_MJ_QUERY_VOLUME_INFORMATION 82B452E0 Device \FileSystem\Cdfs \Cdfs IRP_MJ_DIRECTORY_CONTROL 82B452E0 Device \FileSystem\Cdfs \Cdfs IRP_MJ_FILE_SYSTEM_CONTROL 82B452E0 Device \FileSystem\Cdfs \Cdfs IRP_MJ_DEVICE_CONTROL 82B452E0 Device \FileSystem\Cdfs \Cdfs IRP_MJ_SHUTDOWN 82B452E0 Device \FileSystem\Cdfs \Cdfs IRP_MJ_LOCK_CONTROL 82B452E0 Device \FileSystem\Cdfs \Cdfs IRP_MJ_CLEANUP 82B452E0 Device \FileSystem\Cdfs \Cdfs IRP_MJ_PNP 82B452E0 ---- Registry - GMER 1.0.12 ---- Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\System@OODEFRAG08.00.00.01WORKSTATION A0405C50B4BCDFDD15F34E1074AFD9C0ABEA4467D690564A0CDF0DFABCD5AF2787D3A925F1FAC7BA576BCB0214DD6BF522CFA286C0A988B6D426F42D1758B23ACA 980FB10541F72346EC01576B3702083A26A5C70EB59096E23E867C50223647AAF10335CC16F722E58BCD8AAEC3A2095D53BB00645E0FA522025DB3A51D9AD238466D 17B9C682228EE08A3AA15106704842C92580925A0455488AC364F9F044DA03FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9 E127BECC74CFEBC9E127BECC74C8EDD5E5BE2F6E6679DB7CE019D40AA5CA6A0AC4980AC7933A6A0AC4980AC7933E363723CED0E23FB7F00772CE56EB2954A0D76D B6677D74E6A118D69B3707655BA31843A54B1C6AE339F17B54EDC3E740A157C19441A4931B857CD4F4FEE504743DAB0E6BE1D92E6D863DF0992184D10BACBF30ED6 84B632FE428799C54EC348192EA9C63BC8C196379399EBFB5F3EEDF0115964465F42853EE98FEFB94057DD4B1F37A58B0EDFB40D9A206A0959449536EA3D07EB3864 E5ED0D4A4184DA68115B44B410A4ADD0BC8789E4536C8BE41108034727DA00690E758CB13F33982870C1599059304B492D4D14EAB90DE3FB715624AEB7538C70BEB 56FD4DC05589A8EE93B4F188CEC53877491CBF58533B84A86BF42F1CE176C3D7EDFD5556FDB1AFEB16E0725C9004C54897FB2A124A Reg \Registry\USER\S-1-5-21-484763869-1425521274-725345543-1003\Software\SecuROM\!CAUTION! NEVER DELETE OR CHANGE ANY KEY@??? Reg \Registry\USER\S-1-5-21-484763869-1425521274-725345543-1003\Software\SecuROM\!CAUTION! NEVER DELETE OR CHANGE ANY KEY@????? 0x2F 0x68 0x0A 0x66 ... Reg \Registry\USER\S-1-5-21-484763869-1425521274-725345543-1003\Software\SecuROM\!CAUTION! NEVER DELETE OR CHANGE ANY KEY@??? Reg \Registry\USER\S-1-5-21-484763869-1425521274-725345543-1003\Software\SecuROM\!CAUTION! NEVER DELETE OR CHANGE ANY KEY@??? Reg \Registry\USER\S-1-5-21-484763869-1425521274-725345543-1003\Software\SecuROM\!CAUTION! NEVER DELETE OR CHANGE ANY KEY@?? 0x6A 0x06 0xBF 0xD8 ... Reg \Registry\USER\S-1-5-21-484763869-1425521274-725345543-1003\Software\SecuROM\!CAUTION! NEVER DELETE OR CHANGE ANY KEY@?? 0xB8 0xEB 0x1F 0x0B ... ---- Files - GMER 1.0.12 ---- ADS C:\System Volume Information\_restore{31AEFF3B-AA12-43A3-8AD3-A20FA37AE085}\RP678\A0142419.dll:fork2 ADS C:\System Volume Information\_restore{31AEFF3B-AA12-43A3-8AD3-A20FA37AE085}\RP678\A0142438.dll:fork2 ADS C:\System Volume Information\_restore{31AEFF3B-AA12-43A3-8AD3-A20FA37AE085}\RP680\A0143438.dll:fork2 ADS C:\System Volume Information\_restore{31AEFF3B-AA12-43A3-8AD3-A20FA37AE085}\RP680\A0143473.dll:fork2 ADS C:\System Volume Information\_restore{31AEFF3B-AA12-43A3-8AD3-A20FA37AE085}\RP680\A0143495.dll:fork2 ADS C:\System Volume Information\_restore{31AEFF3B-AA12-43A3-8AD3-A20FA37AE085}\RP680\A0143519.dll:fork2 ADS C:\System Volume Information\_restore{31AEFF3B-AA12-43A3-8AD3-A20FA37AE085}\RP680\A0143540.dll:fork2 ADS C:\System Volume Information\_restore{31AEFF3B-AA12-43A3-8AD3-A20FA37AE085}\RP680\A0143557.dll:fork2 ADS C:\System Volume Information\_restore{31AEFF3B-AA12-43A3-8AD3-A20FA37AE085}\RP680\A0143572.dll:fork2 ADS C:\System Volume Information\_restore{31AEFF3B-AA12-43A3-8AD3-A20FA37AE085}\RP680\A0143604.dll:fork2 ADS C:\System Volume Information\_restore{31AEFF3B-AA12-43A3-8AD3-A20FA37AE085}\RP683\A0143839.dll:fork2 ADS ... ---- EOF - GMER 1.0.12 ---- 03/28/07 21:16:43 [Info]: BlackLight Engine 1.0.55 initialized 03/28/07 21:16:43 [Info]: OS: 5.1 build 2600 (Service Pack 2) 03/28/07 21:16:43 [Note]: 7019 4 03/28/07 21:16:43 [Note]: 7005 0 03/28/07 21:16:47 [Note]: 7006 0 03/28/07 21:16:47 [Note]: 7011 304 03/28/07 21:16:47 [Note]: 7026 |
|
|
|
|
|
|
28.03.2007, 21:40
Moderator
Beiträge: 7805 |
#8
Nimm mal den Holzhammer.
Nutze Avenger mit folgendem Script, das Log von Avenger bitte auch posten. http://virus-protect.org/artikel/tools/avenger.html Zitat Files to delete: __________ MfG Ralf SEO-Spam Hunter |
|
|
|
|
|
|
29.03.2007, 17:41
...neu hier
Themenstarter Beiträge: 6 |
#9
@raman
bevor ich dies mache, würde ich gerne wissen ob es dann sein kann das Windows nicht mehr startet? Da ich ansonsten erstmal meine Daten komplett sichern werde. Vielen Dank |
|
|
|
|
|
|
29.03.2007, 18:02
Moderator
Beiträge: 7805 |
#10
DAs "sollte" nichts zu sagen haben, aber eine Sicherung zu machen ist immer vorteilhaft! Bitte die Sicherung auf Funktionsfähigkeit pruefen!
__________ MfG Ralf SEO-Spam Hunter |
|
|
|
|
|
|
29.03.2007, 18:21
Moderator
Beiträge: 7805 |
#11
Ich habe mir gerade die Dateien angesehen, die du geschickt hattest. Die DLL ist sauber, aber die Winlogon.exe ist veraendert. Leider weiss ich noch nicht genau, was diese Veraenderung bewirkt. Im Grunde solltest du den PC neu Aufsetzen....
Zu Informationszwecken lasse nochmal Combofix den Rechner pruefen.... http://virus-protect.org/artikel/tools/combofix.html __________ MfG Ralf SEO-Spam Hunter |
|
|
|
|
|
|
29.03.2007, 18:42
...neu hier
Themenstarter Beiträge: 6 |
#12
Hi,
habe Avanger nun durchgeführt. Leider hat es nicht geholfen. Hier das Log: Logfile of The Avenger version 1, by Swandog46 Running from registry key: \Registry\Machine\System\CurrentControlSet\Services\qqvmgjim ******************* Script file located at: \??\C:\WINDOWS\scugovco.txt Script file opened successfully. Script file read successfully Backups directory opened successfully at C:\Avenger ******************* Beginning to process script file: File C:\WINDOWS\System32\drivers\ip6fw.sys deleted successfully. File C:\WINDOWS\System32\drivers\runtime.sys not found! Deletion of file C:\WINDOWS\System32\drivers\runtime.sys failed! Could not process line: C:\WINDOWS\System32\drivers\runtime.sys Status: 0xc0000034 Completed script processing. ******************* Finished! Terminate.   [/img]edit: combofix läuft bei mir leider nicht. er möchte immer auf Lw. A: zugreifen. Wenn ich die Datei direkt auf C: lege dann erscheint eine Fehlermeldung und das Programm schließt sich. Dieser Beitrag wurde am 29.03.2007 um 18:46 Uhr von Lord88 editiert.
|
|
|
|
|
|
|
29.03.2007, 19:24
Moderator
Beiträge: 7805 |
#13
Welche Fehlermeldung denn genau? Im Zweifelsfalle kannst du es im abgesicherten Modus starten...
Die funde werden nach einem neustart immer noch gemeldet? __________ MfG Ralf SEO-Spam Hunter |
|
|
|
|
|
|
29.03.2007, 20:41
Moderator
Beiträge: 7805 |
#14
Koenntest du mal schauen, ob du im System32 Ordner eine Datei mit (teil)Namen hork finden kannst?
__________ MfG Ralf SEO-Spam Hunter |
|
|
|
|
|
Um auf dieses Thema zu ANTWORTEN
bitte erst » hier kostenlos registrieren!!
bitte erst » hier kostenlos registrieren!!
Folgende Themen könnten Dich auch interessieren:
Seite(n): 1
Copyright © 2024, Protecus.de - Protecus Team - Impressum / Mediadaten
leider bekomme ich bei jedem PC Neustart folgende Meldungen von Antivir.
Gefunden: RKIT/Agent.DQ.31.A
und
TR/Rootkit.AU.1
diese werden auch immer entfernt, allerdings erscheint diese Meldung bei jedem neustart wieder.
Hier nun das Log File:
Logfile of HijackThis v1.99.1
Scan saved at 22:47:20, on 27.03.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Programme\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
C:\Programme\AntiVir PersonalEdition Classic\sched.exe
C:\Programme\AntiVir PersonalEdition Classic\avguard.exe
C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\oodag.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\UAService7.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\WgaTray.exe
C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Programme\DAEMON Tools\daemon.exe
C:\Programme\Logitech\MouseWare\system\em_exec.exe
C:\Programme\Java\jre1.5.0_09\bin\jusched.exe
C:\WINDOWS\system32\rundll32.exe
C:\Programme\Adobe\Photoshop Elements 4.0\apdproxy.exe
C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\TGTSoft\StyleXP\StyleXP.exe
C:\Programme\Gemeinsame Dateien\Ahead\lib\NMBgMonitor.exe
C:\Programme\Gemeinsame Dateien\Teleca Shared\CapabilityManager.exe
C:\WINDOWS\twain_32\A4CIS600\WATCH.exe
C:\Programme\Internet Explorer\IEXPLORE.EXE
H:\Neuer Ordner\hijackthis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = h**p://www.t-online.de/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = h**p://www.accoona.com/search?q=%s
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - (no file)
R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQToolbar\toolbaru.dll
O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - (no file)
O2 - BHO: XTTBPos00 - {055FD26D-3A88-4e15-963D-DC8493744B1D} - C:\Programme\ICQToolbar\toolbaru.dll
O2 - BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\Programme\MyWebSearch\bar\1.bin\MWSBAR.DLL
O2 - BHO: URLLink - {4A2AACF3-ADF6-11D5-98A9-00E018981B9E} - C:\Programme\NewDotNet\newdotnet7_48.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: CoTGT_BHO Class - {C333CF63-767F-4831-94AC-E683D962C63C} - C:\Programme\TGTSoft\StyleXP\TGT_BHO.dll
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQToolbar\toolbaru.dll
O4 - HKLM\..\Run: [REGSHAVE] C:\Programme\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [AtiPTA] C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\System32\NeroCheck.exe
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Programme\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programme\Java\jre1.5.0_09\bin\jusched.exe "
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Programme\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~1.DLL,ClientStartup -s
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Programme\Adobe\Photoshop Elements 4.0\apdproxy.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [STYLEXP] C:\Programme\TGTSoft\StyleXP\StyleXP.exe -Hide
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programme\Gemeinsame Dateien\Ahead\lib\NMBgMonitor.exe"
O4 - Startup: Watch.lnk = C:\WINDOWS\twain_32\A4CIS600\WATCH.exe
O4 - Global Startup: Adobe Reader - Schnellstart.lnk = C:\Programme\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Programme\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O8 - Extra context menu item: &Search - h**p://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZRxdm103YYDE
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - h**p://ak.exe.imgfarm.com/images/nocache/funwebproducts/ei/PopularScreenSaversFWBInitialSetup1.0.0.15.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - h**p://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1123703069265
O16 - DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} (Virtools WebPlayer Class) - h**p://a532.g.akamai.net/f/532/6712/4h/player.virtools.com/downloads/player/Install3.0/Installer.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{403562DD-AB5D-4E4C-AD13-C03FC063BE17}: NameServer = 192.168.**.254
O17 - HKLM\System\CCS\Services\Tcpip\..\{8AA98154-EF55-499D-AC8C-529FD3009438}: NameServer = 192.168.**.254,217.237.151.225
O17 - HKLM\System\CS1\Services\Tcpip\..\{403562DD-AB5D-4E4C-AD13-C03FC063BE17}: NameServer = 192.168.**.254
O17 - HKLM\System\CS2\Services\Tcpip\..\{403562DD-AB5D-4E4C-AD13-C03FC063BE17}: NameServer = 192.168.**.254
O17 - HKLM\System\CS3\Services\Tcpip\..\{403562DD-AB5D-4E4C-AD13-C03FC063BE17}: NameServer = 192.168.**.254
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\GEMEIN~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe Active File Monitor V4 (AdobeActiveFileMonitor4.0) - Unknown owner - C:\Programme\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
O23 - Service: AntiVir PersonalEdition Classic Planer (AntiVirScheduler) - Avira GmbH - C:\Programme\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - AVIRA GmbH - C:\Programme\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\System32\oodag.exe
O23 - Service: StyleXPService - Unknown owner - C:\Programme\TGTSoft\StyleXP\StyleXPService.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Sony DADC Austria AG. - C:\WINDOWS\System32\UAService7.exe
Vielen Dank für Eure Hilfe.
Gruß Lord