Hallo habe probleme mit euros4click

#1 Wir ihr sicher alle mit bekommen habt tauchen vermehrt die PAID4 seiten auf.
unter anderem auch euros4click, ich bin oft auf der seite spielerdaten.de wo diese popup auch auftauch.

beim letzten überprüfen und löschen der firewalleinstellung ist mir dann aufgefallen das wenn ich meinen rechner starte euros4click über ati, firefox und thunderbird ins internet verbinden will. ich habe keine ahnung wo sich etwas versteckt haben könnte was dorthin connecten will denn!!!!! ich habe sowohl virenscanner als auch antispy programme meinen rechner checken lassen und habe auch mit der such funktion die festplatten durchsucht. ohne erfolg. bei euros4click will man mir nicht helfen. die antwort war: "wir vertreiben keine ausführbaren programme hört sich nach einem trojaner an"

HAt irgenjemand von sowas schon gehört???
ich weiß nicht mehr weiter.

benutze :ad-ware
spybot
AVG
und: Kerio firewall


vielen dank

ACE

#2 Arbeite das hier ab und poste die Reports.

http://board.protecus.de/t23188.htm
__________
MfG Ralf
SEO-Spam Hunter

#3 Hallo Die erste textdatei von ComboFix



"ACE" - 2007-05-24 17:36:25 Service Pack 2
ComboFix 07-05.24.7.V - Running from: "C:\Dokumente und Einstellungen\ACE\Desktop\"


(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


"C:\WINDOWS\system32\taskmgr.com"
"C:\WINDOWS\regedit.com"


((((((((((((((((((((((((((((((( Files Created from 2007-04-05 to 2007-05-24 ))))))))))))))))))))))))))))))))))


2007-05-23 22:14 0 --a------ C:\WINDOWS\nsreg.dat
2007-05-23 21:27 125,712 --a------ C:\WINDOWS\system32\VB6DE.DLL
2007-05-23 21:00 153,600 --a------ C:\WINDOWS\R.COM
2007-05-23 21:00 140,800 --a------ C:\WINDOWS\system32\T.COM
2007-05-23 20:59 <DIR> d-------- C:\WINDOWS\CSC
2007-05-19 12:39 <DIR> d-------- C:\WINDOWS\pss
2007-05-14 20:22 <DIR> d-------- C:\DOKUME~1\ACE\ANWEND~1\Opera
2007-05-12 13:27 <DIR> d-------- C:\WINDOWS\exefld
2007-05-10 13:14 <DIR> d-------- C:\DOKUME~1\ACE\ANWEND~1\Ventrilo


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-05-20 08:35:50 -------- d-----w C:\DOKUME~1\ACE\ANWEND~1\OpenOffice.org2
2007-05-10 11:13:44 -------- d-----w C:\Programme\Gemeinsame Dateien\Wise Installation Wizard
2007-03-31 23:00:24 -------- d-----w C:\Programme\QuickTime
2007-03-25 16:09:08 -------- d-----w C:\Programme\Multi_Media_Germany
2007-03-25 15:37:47 63,778 ----a-w C:\WINDOWS\system32\perfc007.dat
2007-03-25 15:37:47 391,330 ----a-w C:\WINDOWS\system32\perfh007.dat
2007-03-22 19:39:14 -------- d-----w C:\Programme\Yahoo!


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{53707962-6F74-2D53-2644-206D7942484F}=C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2005-05-31 01:04]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}=C:\Programme\Java\jre1.6.0_01\bin\ssv.dll [2007-03-14 03:43]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"C-Media Mixer"="Mixer.exe" []
"AVG7_CC"="D:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2007-04-20 16:55]
"SunJavaUpdateSched"="C:\Programme\Java\jre1.6.0_01\bin\jusched.exe" [2007-03-14 03:43]
"ATICCC"="C:\Programme\ATI Technologies\ATI.ACE\cli.exe" [2006-01-02 17:41]
"CleanUp XP"="D:\Programme\CleanUp XP\CleanUp.exe" []

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Mozilla Thunderbird"="D:\PROGRA~1\THUNDE~1\thunderbird.exe" [2007-03-02 09:22]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"QuickTime Task"="C:\Programme\QuickTime\qttask.exe" -atboottime
"SunJavaUpdateSched"="C:\Programme\Java\jre1.5.0_10\bin\jusched.exe"
"KernelFaultCheck"=%systemroot%\system32\dumprep 0 -k
"ATICCC"="C:\Programme\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost *netsvcs*
UxTuneUp

*Newly Created Service* -PROCEXP90

Contents of the 'Scheduled Tasks' folder
2007-05-18 15:44:51 C:\WINDOWS\tasks\1-Klick-Wartung.job

********************************************************************

catchme 0.3.681 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-05-24 17:37:27
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0


********************************************************************

Completion time: 2007-05-24 17:38:07
C:\ComboFix-quarantined-files.txt ... 2007-05-24 17:37

--- E O F ---

#4 Das sieht alles nicht so schlecht aus. MAche bitte noch einen Kontrollscan mit drweb Cureit: http://freedrweb.com/?lng=de
sowie Ewido Micro: http://downloads.ewido.net/ewido_micro.exe

Reche aus dem obigen Threaqd noch ein Hijackthis log und Datfindbat Report nach.

Poste auch die Ergebnisse von den beiden Scannern, sofern sie etwas finden.
__________
MfG Ralf
SEO-Spam Hunter

#5 Hallo die textdatei von HJT


Logfile of HijackThis v1.99.1
Scan saved at 17:44:18, on 24.05.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
D:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
D:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
D:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Programme\Kerio\Personal Firewall\persfw.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Mixer.exe
D:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Programme\Java\jre1.6.0_01\bin\jusched.exe
C:\Programme\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\explorer.exe
D:\Programme\Mozilla Firefox\firefox.exe
C:\Dokumente und Einstellungen\ACE\Desktop\HJT\HijackThis.exe

O2 - BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.6.0_01\bin\ssv.dll
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [AVG7_CC] D:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programme\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [ATICCC] "C:\Programme\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [CleanUp XP] D:\Programme\CleanUp XP\CleanUp.exe -h
O4 - HKCU\..\Run: [Mozilla Thunderbird] D:\PROGRA~1\THUNDE~1\thunderbird.exe -mail
O4 - Global Startup: Adobe Reader - Schnellstart.lnk = D:\Programme\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = D:\Programme\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra button: Klicke hier um das Projekt xp-AntiSpy zu unterstützen - {0e921e80-267a-42aa-aee4-60b9a1222a44} - C:\Programme\xp-AntiSpy\sponsoring\sponsor.html (HKCU)
O9 - Extra 'Tools' menuitem: Unterstützung für xp-AntiSpy - {0e921e80-267a-42aa-aee4-60b9a1222a44} - C:\Programme\xp-AntiSpy\sponsoring\sponsor.html (HKCU)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1155975321650
O17 - HKLM\System\CCS\Services\Tcpip\..\{83403826-39FA-4E8E-99BD-208DF0134021}: NameServer = 192.168.2.1
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - D:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - D:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - D:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Kerio Personal Firewall (PersFw) - Kerio Technologies - C:\Programme\Kerio\Personal Firewall\persfw.exe






die logs von datfind.exe

1.

Volume in Laufwerk C: hat keine Bezeichnung.
Volumeseriennummer: 5458-F016

Verzeichnis von c:\

24.05.2007 17:46 0 dirdat.txt
24.05.2007 17:38 3.866 ComboFix.txt
24.05.2007 17:37 490 ComboFix-quarantined-files.txt
24.05.2007 17:11 402.653.184 pagefile.sys
20.05.2007 09:28 211 boot.ini

2.

Volume in Laufwerk C: hat keine Bezeichnung.
Volumeseriennummer: 5458-F016

Verzeichnis von C:\WINDOWS\system32

23.05.2007 18:22 2.206 wpa.dbl
22.04.2007 21:45 4.254 jupdate-1.6.0_01-b06.log
02.04.2007 14:21 428.032 swreg.exe
25.03.2007 17:37 380.486 perfh009.dat
25.03.2007 17:37 52.900 perfc009.dat
25.03.2007 17:37 391.330 perfh007.dat
25.03.2007 17:37 63.778 perfc007.dat
25.03.2007 17:37 897.954 PerfStringBackup.INI
22.03.2007 20:47 9.857 jupdate-1.5.0_11-b03.log
14.03.2007 02:04 139.264 javaws.exe
14.03.2007 02:04 69.632 javacpl.cpl
14.03.2007 00:31 135.168 javaw.exe
14.03.2007 00:31 135.168 java.exe

3.

Volume in Laufwerk C: hat keine Bezeichnung.
Volumeseriennummer: 5458-F016

Verzeichnis von C:\WINDOWS

24.05.2007 17:12 0 0.log
24.05.2007 17:11 1.126.483 WindowsUpdate.log
24.05.2007 17:11 2.048 bootstat.dat
24.05.2007 17:10 32.506 SchedLgU.Txt
23.05.2007 22:19 216 wiadebug.log
23.05.2007 21:15 50 wiaservc.log
23.05.2007 21:08 60.384 ntbtlog.txt
23.05.2007 21:03 508 win.ini
23.05.2007 21:01 26 Lic.xxx
23.05.2007 20:24 151 PhotoSnapViewer.INI
22.05.2007 19:37 87.040 catchme.exe
21.05.2007 19:11 95 winamp.ini
20.05.2007 10:08 116 NeroDigital.ini
20.05.2007 09:31 7.680 Thumbs.db
20.05.2007 09:28 227 system.ini
19.05.2007 12:59 5.997 setupapi.log
19.05.2007 12:40 120 setupact.log
18.05.2007 17:44 0 setuperr.log
16.05.2007 18:21 1.243 wmsetup.log
13.05.2007 22:43 279 wininit.ini
21.01.2007 13:52 0 Sti_Trace.log
04.01.2007 20:19 83 wwp.INI

4.

Volume in Laufwerk C: hat keine Bezeichnung.
Volumeseriennummer: 5458-F016

Verzeichnis von C:\DOKUME~1\ACE\LOKALE~1\Temp

24.05.2007 17:28 16.384 Perflib_Perfdata_500.dat
1 Datei(en) 16.384 Bytes
0 Verzeichnis(se), 902.877.184 Bytes frei


mehr logfiles sind leider nicht vorhanden

#6 Das sieht so recht normal aus. Mal schauen, was die beiden Scanner finden.
Um ein Rootkit auszuschliessen, nutze bitte auch noch gmer: http://virus-protect.org/artikel/tools/gmer.html
__________
MfG Ralf
SEO-Spam Hunter

#7 as ist alles was er ausspuckt den rest der anweisung kann ich leider nicht ausführen es öffnet sich immer wieder das selbe fenster des texeditors alle einträge sind identisch und das commandfenster schließt sich wenn sich das editor fenster öffnet


in bezug auf datfind!!!!

#8 Du meinst, Cureit, Gmer und Ewido funktionieren nicht?
__________
MfG Ralf
SEO-Spam Hunter

#9 Gmer ist gerade durchgelaufen

GMER 1.0.12.12011 - http://www.gmer.net
Rootkit scan 2007-05-24 18:35:49
Windows 5.1.2600 Service Pack 2


---- System - GMER 1.0.12 ----

SSDT \SystemRoot\system32\Drivers\fwdrv.sys ZwClose
SSDT \SystemRoot\system32\Drivers\fwdrv.sys ZwCreateFile
SSDT sptd.sys ZwCreateKey
SSDT \SystemRoot\system32\Drivers\fwdrv.sys ZwCreateProcess
SSDT \SystemRoot\system32\Drivers\fwdrv.sys ZwCreateProcessEx
SSDT \SystemRoot\system32\Drivers\fwdrv.sys ZwCreateSection
SSDT sptd.sys ZwEnumerateKey
SSDT sptd.sys ZwEnumerateValueKey
SSDT sptd.sys ZwOpenKey
SSDT sptd.sys ZwQueryKey
SSDT sptd.sys ZwQueryValueKey
SSDT sptd.sys ZwSetValueKey

---- Kernel code sections - GMER 1.0.12 ----

PAGENDSM NDIS.sys!NdisMIndicateStatus F75A9A5F 6 Bytes [ FF, 25, 28, 03, 06, EF ]
.text USBPORT.SYS!DllUnload F733B62C 5 Bytes JMP 863FC970

---- Devices - GMER 1.0.12 ----

Device \FileSystem\Ntfs \Ntfs IRP_MJ_CREATE 867D41D8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_CLOSE 867D41D8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_READ 867D41D8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_WRITE 867D41D8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_INFORMATION 867D41D8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_SET_INFORMATION 867D41D8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_EA 867D41D8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_SET_EA 867D41D8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_FLUSH_BUFFERS 867D41D8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_VOLUME_INFORMATION 867D41D8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_SET_VOLUME_INFORMATION 867D41D8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_DIRECTORY_CONTROL 867D41D8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_FILE_SYSTEM_CONTROL 867D41D8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_DEVICE_CONTROL 867D41D8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_SHUTDOWN 867D41D8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_LOCK_CONTROL 867D41D8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_CLEANUP 867D41D8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_SECURITY 867D41D8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_SET_SECURITY 867D41D8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_QUOTA 867D41D8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_SET_QUOTA 867D41D8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_PNP 867D41D8
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_CREATE 8646A990
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_CLOSE 8646A990
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_READ 8646A990
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_WRITE 8646A990
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_QUERY_INFORMATION 8646A990
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_SET_INFORMATION 8646A990
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_QUERY_EA 8646A990
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_SET_EA 8646A990
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_FLUSH_BUFFERS 8646A990
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_QUERY_VOLUME_INFORMATION 8646A990
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_SET_VOLUME_INFORMATION 8646A990
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_DIRECTORY_CONTROL 8646A990
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_FILE_SYSTEM_CONTROL 8646A990
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_DEVICE_CONTROL 8646A990
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_SHUTDOWN 8646A990
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_LOCK_CONTROL 8646A990
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_CLEANUP 8646A990
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_PNP 8646A990
Device \Driver\00000110 \Device\00000040 IRP_MJ_POWER [F7753DB6] sptd.sys
Device \Driver\00000110 \Device\00000040 IRP_MJ_SYSTEM_CONTROL [F776973C] sptd.sys
Device \Driver\00000110 \Device\00000040 IRP_MJ_PNP [F776277E] sptd.sys
Device \Driver\usbuhci \Device\USBPDO-0 IRP_MJ_CREATE 865B06F8
Device \Driver\usbuhci \Device\USBPDO-0 IRP_MJ_CLOSE 865B06F8
Device \Driver\usbuhci \Device\USBPDO-0 IRP_MJ_DEVICE_CONTROL 865B06F8
Device \Driver\usbuhci \Device\USBPDO-0 IRP_MJ_INTERNAL_DEVICE_CONTROL 865B06F8
Device \Driver\usbuhci \Device\USBPDO-0 IRP_MJ_POWER 865B06F8
Device \Driver\usbuhci \Device\USBPDO-0 IRP_MJ_SYSTEM_CONTROL 865B06F8
Device \Driver\usbuhci \Device\USBPDO-0 IRP_MJ_PNP 865B06F8
Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_CREATE 8676F1D8
Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_CLOSE 8676F1D8
Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_READ 8676F1D8
Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_WRITE 8676F1D8
Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_FLUSH_BUFFERS 8676F1D8
Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_DEVICE_CONTROL 8676F1D8
Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_INTERNAL_DEVICE_CONTROL 8676F1D8
Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_SHUTDOWN 8676F1D8
Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_POWER 8676F1D8
Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_SYSTEM_CONTROL 8676F1D8
Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_PNP 8676F1D8
Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_CREATE 8676F1D8
Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_CLOSE 8676F1D8
Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_READ 8676F1D8
Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_WRITE 8676F1D8
Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_FLUSH_BUFFERS 8676F1D8
Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_DEVICE_CONTROL 8676F1D8
Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_INTERNAL_DEVICE_CONTROL 8676F1D8
Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_SHUTDOWN 8676F1D8
Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_POWER 8676F1D8
Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_SYSTEM_CONTROL 8676F1D8
Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_PNP 8676F1D8
Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_CREATE 8676F1D8
Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_CLOSE 8676F1D8
Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_READ 8676F1D8
Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_WRITE 8676F1D8
Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_FLUSH_BUFFERS 8676F1D8
Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_DEVICE_CONTROL 8676F1D8
Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_INTERNAL_DEVICE_CONTROL 8676F1D8
Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_SHUTDOWN 8676F1D8
Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_POWER 8676F1D8
Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_SYSTEM_CONTROL 8676F1D8
Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_PNP 8676F1D8
Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_CREATE 8676F1D8
Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_CLOSE 8676F1D8
Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_READ 8676F1D8
Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_WRITE 8676F1D8
Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_FLUSH_BUFFERS 8676F1D8
Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_DEVICE_CONTROL 8676F1D8
Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_INTERNAL_DEVICE_CONTROL 8676F1D8
Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_SHUTDOWN 8676F1D8
Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_POWER 8676F1D8
Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_SYSTEM_CONTROL 8676F1D8
Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_PNP 8676F1D8
Device \Driver\usbuhci \Device\USBPDO-1 IRP_MJ_CREATE 865B06F8
Device \Driver\usbuhci \Device\USBPDO-1 IRP_MJ_CLOSE 865B06F8
Device \Driver\usbuhci \Device\USBPDO-1 IRP_MJ_DEVICE_CONTROL 865B06F8
Device \Driver\usbuhci \Device\USBPDO-1 IRP_MJ_INTERNAL_DEVICE_CONTROL 865B06F8
Device \Driver\usbuhci \Device\USBPDO-1 IRP_MJ_POWER 865B06F8
Device \Driver\usbuhci \Device\USBPDO-1 IRP_MJ_SYSTEM_CONTROL 865B06F8
Device \Driver\usbuhci \Device\USBPDO-1 IRP_MJ_PNP 865B06F8
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_CREATE 867D61D8
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_READ 867D61D8
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_WRITE 867D61D8
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_FLUSH_BUFFERS 867D61D8
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_DEVICE_CONTROL 867D61D8
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_INTERNAL_DEVICE_CONTROL 867D61D8
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_SHUTDOWN 867D61D8
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_CLEANUP 867D61D8
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_POWER 867D61D8
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_SYSTEM_CONTROL 867D61D8
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_PNP 867D61D8
Device \Driver\USBSTOR \Device\00000058 IRP_MJ_CREATE 86581450
Device \Driver\USBSTOR \Device\00000058 IRP_MJ_CLOSE 86581450
Device \Driver\USBSTOR \Device\00000058 IRP_MJ_READ 86581450
Device \Driver\USBSTOR \Device\00000058 IRP_MJ_WRITE 86581450
Device \Driver\USBSTOR \Device\00000058 IRP_MJ_DEVICE_CONTROL 86581450
Device \Driver\USBSTOR \Device\00000058 IRP_MJ_INTERNAL_DEVICE_CONTROL 86581450
Device \Driver\USBSTOR \Device\00000058 IRP_MJ_POWER 86581450
Device \Driver\USBSTOR \Device\00000058 IRP_MJ_SYSTEM_CONTROL 86581450
Device \Driver\USBSTOR \Device\00000058 IRP_MJ_PNP 86581450
Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_CREATE 867D61D8
Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_READ 867D61D8
Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_WRITE 867D61D8
Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_FLUSH_BUFFERS 867D61D8
Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_DEVICE_CONTROL 867D61D8
Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_INTERNAL_DEVICE_CONTROL 867D61D8
Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_SHUTDOWN 867D61D8
Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_CLEANUP 867D61D8
Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_POWER 867D61D8
Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_SYSTEM_CONTROL 867D61D8
Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_PNP 867D61D8
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_CREATE 8643A990
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_CLOSE 8643A990
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_READ 8643A990
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_WRITE 8643A990
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_FLUSH_BUFFERS 8643A990
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_DEVICE_CONTROL 8643A990
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_INTERNAL_DEVICE_CONTROL 8643A990
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SHUTDOWN 8643A990
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_POWER 8643A990
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SYSTEM_CONTROL 8643A990
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_PNP 8643A990
Device \Driver\USBSTOR \Device\00000059 IRP_MJ_CREATE 86581450
Device \Driver\USBSTOR \Device\00000059 IRP_MJ_CLOSE 86581450
Device \Driver\USBSTOR \Device\00000059 IRP_MJ_READ 86581450
Device \Driver\USBSTOR \Device\00000059 IRP_MJ_WRITE 86581450
Device \Driver\USBSTOR \Device\00000059 IRP_MJ_DEVICE_CONTROL 86581450
Device \Driver\USBSTOR \Device\00000059 IRP_MJ_INTERNAL_DEVICE_CONTROL 86581450
Device \Driver\USBSTOR \Device\00000059 IRP_MJ_POWER 86581450
Device \Driver\USBSTOR \Device\00000059 IRP_MJ_SYSTEM_CONTROL 86581450
Device \Driver\USBSTOR \Device\00000059 IRP_MJ_PNP 86581450
Device \Driver\Ftdisk \Device\HarddiskVolume3 IRP_MJ_CREATE 867D61D8
Device \Driver\Ftdisk \Device\HarddiskVolume3 IRP_MJ_READ 867D61D8
Device \Driver\Ftdisk \Device\HarddiskVolume3 IRP_MJ_WRITE 867D61D8
Device \Driver\Ftdisk \Device\HarddiskVolume3 IRP_MJ_FLUSH_BUFFERS 867D61D8
Device \Driver\Ftdisk \Device\HarddiskVolume3 IRP_MJ_DEVICE_CONTROL 867D61D8
Device \Driver\Ftdisk \Device\HarddiskVolume3 IRP_MJ_INTERNAL_DEVICE_CONTROL 867D61D8
Device \Driver\Ftdisk \Device\HarddiskVolume3 IRP_MJ_SHUTDOWN 867D61D8
Device \Driver\Ftdisk \Device\HarddiskVolume3 IRP_MJ_CLEANUP 867D61D8
Device \Driver\Ftdisk \Device\HarddiskVolume3 IRP_MJ_POWER 867D61D8
Device \Driver\Ftdisk \Device\HarddiskVolume3 IRP_MJ_SYSTEM_CONTROL 867D61D8
Device \Driver\Ftdisk \Device\HarddiskVolume3 IRP_MJ_PNP 867D61D8
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_CREATE 8643A990
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_CLOSE 8643A990
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_READ 8643A990
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_WRITE 8643A990
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_FLUSH_BUFFERS 8643A990
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_DEVICE_CONTROL 8643A990
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_INTERNAL_DEVICE_CONTROL 8643A990
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SHUTDOWN 8643A990
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_POWER 8643A990
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SYSTEM_CONTROL 8643A990
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_PNP 8643A990
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_CREATE 867D51D8
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_CLOSE 867D51D8
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_DEVICE_CONTROL 867D51D8
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_INTERNAL_DEVICE_CONTROL 867D51D8
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_POWER 867D51D8
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_SYSTEM_CONTROL 867D51D8
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_PNP 867D51D8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_CREATE 867D51D8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_CLOSE 867D51D8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_DEVICE_CONTROL 867D51D8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_INTERNAL_DEVICE_CONTROL 867D51D8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_POWER 867D51D8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_SYSTEM_CONTROL 867D51D8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_PNP 867D51D8
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_CREATE 867D51D8
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_CLOSE 867D51D8
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_DEVICE_CONTROL 867D51D8
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_INTERNAL_DEVICE_CONTROL 867D51D8
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_POWER 867D51D8
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_SYSTEM_CONTROL 867D51D8
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_PNP 867D51D8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_CREATE 867D51D8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_CLOSE 867D51D8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_DEVICE_CONTROL 867D51D8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_INTERNAL_DEVICE_CONTROL 867D51D8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_POWER 867D51D8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_SYSTEM_CONTROL 867D51D8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_PNP 867D51D8
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-18 IRP_MJ_CREATE 867D51D8
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-18 IRP_MJ_CLOSE 867D51D8
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-18 IRP_MJ_DEVICE_CONTROL 867D51D8
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-18 IRP_MJ_INTERNAL_DEVICE_CONTROL 867D51D8
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-18 IRP_MJ_POWER 867D51D8
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-18 IRP_MJ_SYSTEM_CONTROL 867D51D8
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-18 IRP_MJ_PNP 867D51D8
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-20 IRP_MJ_CREATE 867D51D8
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-20 IRP_MJ_CLOSE 867D51D8
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-20 IRP_MJ_DEVICE_CONTROL 867D51D8
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-20 IRP_MJ_INTERNAL_DEVICE_CONTROL 867D51D8
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-20 IRP_MJ_POWER 867D51D8
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-20 IRP_MJ_SYSTEM_CONTROL 867D51D8
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-20 IRP_MJ_PNP 867D51D8
Device \Driver\Ftdisk \Device\HarddiskVolume4 IRP_MJ_CREATE 867D61D8
Device \Driver\Ftdisk \Device\HarddiskVolume4 IRP_MJ_READ 867D61D8
Device \Driver\Ftdisk \Device\HarddiskVolume4 IRP_MJ_WRITE 867D61D8
Device \Driver\Ftdisk \Device\HarddiskVolume4 IRP_MJ_FLUSH_BUFFERS 867D61D8
Device \Driver\Ftdisk \Device\HarddiskVolume4 IRP_MJ_DEVICE_CONTROL 867D61D8
Device \Driver\Ftdisk \Device\HarddiskVolume4 IRP_MJ_INTERNAL_DEVICE_CONTROL 867D61D8
Device \Driver\Ftdisk \Device\HarddiskVolume4 IRP_MJ_SHUTDOWN 867D61D8
Device \Driver\Ftdisk \Device\HarddiskVolume4 IRP_MJ_CLEANUP 867D61D8
Device \Driver\Ftdisk \Device\HarddiskVolume4 IRP_MJ_POWER 867D61D8
Device \Driver\Ftdisk \Device\HarddiskVolume4 IRP_MJ_SYSTEM_CONTROL 867D61D8
Device \Driver\Ftdisk \Device\HarddiskVolume4 IRP_MJ_PNP 867D61D8
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_CREATE 8643A990
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_CLOSE 8643A990
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_READ 8643A990
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_WRITE 8643A990
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_FLUSH_BUFFERS 8643A990
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_DEVICE_CONTROL 8643A990
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_INTERNAL_DEVICE_CONTROL 8643A990
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_SHUTDOWN 8643A990
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_POWER 8643A990
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_SYSTEM_CONTROL 8643A990
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_PNP 8643A990
Device \Driver\NetBT \Device\NetBt_Wins_Export IRP_MJ_CREATE 8659C430
Device \Driver\NetBT \Device\NetBt_Wins_Export IRP_MJ_CLOSE 8659C430
Device \Driver\NetBT \Device\NetBt_Wins_Export IRP_MJ_DEVICE_CONTROL 8659C430
Device \Driver\NetBT \Device\NetBt_Wins_Export IRP_MJ_INTERNAL_DEVICE_CONTROL 8659C430
Device \Driver\NetBT \Device\NetBt_Wins_Export IRP_MJ_CLEANUP 8659C430
Device \Driver\NetBT \Device\NetBt_Wins_Export IRP_MJ_PNP 8659C430
Device \Driver\NetBT \Device\NetbiosSmb IRP_MJ_CREATE 8659C430
Device \Driver\NetBT \Device\NetbiosSmb IRP_MJ_CLOSE 8659C430
Device \Driver\NetBT \Device\NetbiosSmb IRP_MJ_DEVICE_CONTROL 8659C430
Device \Driver\NetBT \Device\NetbiosSmb IRP_MJ_INTERNAL_DEVICE_CONTROL 8659C430
Device \Driver\NetBT \Device\NetbiosSmb IRP_MJ_CLEANUP 8659C430
Device \Driver\NetBT \Device\NetbiosSmb IRP_MJ_PNP 8659C430
Device \Driver\NetBT \Device\NetBT_Tcpip_{83403826-39FA-4E8E-99BD-208DF0134021} IRP_MJ_CREATE 8659C430
Device \Driver\NetBT \Device\NetBT_Tcpip_{83403826-39FA-4E8E-99BD-208DF0134021} IRP_MJ_CLOSE 8659C430
Device \Driver\NetBT \Device\NetBT_Tcpip_{83403826-39FA-4E8E-99BD-208DF0134021} IRP_MJ_DEVICE_CONTROL 8659C430
Device \Driver\NetBT \Device\NetBT_Tcpip_{83403826-39FA-4E8E-99BD-208DF0134021} IRP_MJ_INTERNAL_DEVICE_CONTROL 8659C430
Device \Driver\NetBT \Device\NetBT_Tcpip_{83403826-39FA-4E8E-99BD-208DF0134021} IRP_MJ_CLEANUP 8659C430
Device \Driver\NetBT \Device\NetBT_Tcpip_{83403826-39FA-4E8E-99BD-208DF0134021} IRP_MJ_PNP 8659C430
Device \Driver\usbuhci \Device\USBFDO-0 IRP_MJ_CREATE 865B06F8
Device \Driver\usbuhci \Device\USBFDO-0 IRP_MJ_CLOSE 865B06F8
Device \Driver\usbuhci \Device\USBFDO-0 IRP_MJ_DEVICE_CONTROL 865B06F8
Device \Driver\usbuhci \Device\USBFDO-0 IRP_MJ_INTERNAL_DEVICE_CONTROL 865B06F8
Device \Driver\usbuhci \Device\USBFDO-0 IRP_MJ_POWER 865B06F8
Device \Driver\usbuhci \Device\USBFDO-0 IRP_MJ_SYSTEM_CONTROL 865B06F8
Device \Driver\usbuhci \Device\USBFDO-0 IRP_MJ_PNP 865B06F8
Device \Driver\usbuhci \Device\USBFDO-1 IRP_MJ_CREATE 865B06F8
Device \Driver\usbuhci \Device\USBFDO-1 IRP_MJ_CLOSE 865B06F8
Device \Driver\usbuhci \Device\USBFDO-1 IRP_MJ_DEVICE_CONTROL 865B06F8
Device \Driver\usbuhci \Device\USBFDO-1 IRP_MJ_INTERNAL_DEVICE_CONTROL 865B06F8
Device \Driver\usbuhci \Device\USBFDO-1 IRP_MJ_POWER 865B06F8
Device \Driver\usbuhci \Device\USBFDO-1 IRP_MJ_SYSTEM_CONTROL 865B06F8
Device \Driver\usbuhci \Device\USBFDO-1 IRP_MJ_PNP 865B06F8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_CREATE 86589990
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_CREATE_NAMED_PIPE 86589990
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_CLOSE 86589990
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_READ 86589990
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_WRITE 86589990
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_QUERY_INFORMATION 86589990
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SET_INFORMATION 86589990
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_QUERY_EA 86589990
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SET_EA 86589990
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_FLUSH_BUFFERS 86589990
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_QUERY_VOLUME_INFORMATION 86589990
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SET_VOLUME_INFORMATION 86589990
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_DIRECTORY_CONTROL 86589990
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_FILE_SYSTEM_CONTROL 86589990
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_DEVICE_CONTROL 86589990
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_INTERNAL_DEVICE_CONTROL 86589990
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SHUTDOWN 86589990
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_LOCK_CONTROL 86589990
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_CLEANUP 86589990
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_CREATE_MAILSLOT 86589990
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_QUERY_SECURITY 86589990
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SET_SECURITY 86589990
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_POWER 86589990
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SYSTEM_CONTROL 86589990
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_DEVICE_CHANGE 86589990
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_QUERY_QUOTA 86589990
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SET_QUOTA 86589990
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_PNP 86589990
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_CREATE 86589990
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_CREATE_NAMED_PIPE 86589990
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_CLOSE 86589990
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_READ 86589990
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_WRITE 86589990
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_QUERY_INFORMATION 86589990
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SET_INFORMATION 86589990
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_QUERY_EA 86589990
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SET_EA 86589990
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_FLUSH_BUFFERS 86589990
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_QUERY_VOLUME_INFORMATION 86589990
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SET_VOLUME_INFORMATION 86589990
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_DIRECTORY_CONTROL 86589990
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_FILE_SYSTEM_CONTROL 86589990
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_DEVICE_CONTROL 86589990
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_INTERNAL_DEVICE_CONTROL 86589990
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SHUTDOWN 86589990
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_LOCK_CONTROL 86589990
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_CLEANUP 86589990
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_CREATE_MAILSLOT 86589990
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_QUERY_SECURITY 86589990
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SET_SECURITY 86589990
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_POWER 86589990
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SYSTEM_CONTROL 86589990
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_DEVICE_CHANGE 86589990
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_QUERY_QUOTA 86589990
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SET_QUOTA 86589990
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_PNP 86589990
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_CREATE 867D61D8
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_READ 867D61D8
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_WRITE 867D61D8
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_FLUSH_BUFFERS 867D61D8
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_DEVICE_CONTROL 867D61D8
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_INTERNAL_DEVICE_CONTROL 867D61D8
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_SHUTDOWN 867D61D8
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_CLEANUP 867D61D8
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_POWER 867D61D8
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_SYSTEM_CONTROL 867D61D8
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_PNP 867D61D8
Device \Driver\aharps5y \Device\Scsi\aharps5y1Port2Path0Target0Lun0 IRP_MJ_CREATE 866391D8
Device \Driver\aharps5y \Device\Scsi\aharps5y1Port2Path0Target0Lun0 IRP_MJ_CLOSE 866391D8
Device \Driver\aharps5y \Device\Scsi\aharps5y1Port2Path0Target0Lun0 IRP_MJ_DEVICE_CONTROL 866391D8
Device \Driver\aharps5y \Device\Scsi\aharps5y1Port2Path0Target0Lun0 IRP_MJ_INTERNAL_DEVICE_CONTROL 866391D8
Device \Driver\aharps5y \Device\Scsi\aharps5y1Port2Path0Target0Lun0 IRP_MJ_POWER 866391D8
Device \Driver\aharps5y \Device\Scsi\aharps5y1Port2Path0Target0Lun0 IRP_MJ_SYSTEM_CONTROL 866391D8
Device \Driver\aharps5y \Device\Scsi\aharps5y1Port2Path0Target0Lun0 IRP_MJ_PNP 866391D8
Device \Driver\aharps5y \Device\Scsi\aharps5y1 IRP_MJ_CREATE 866391D8
Device \Driver\aharps5y \Device\Scsi\aharps5y1 IRP_MJ_CLOSE 866391D8
Device \Driver\aharps5y \Device\Scsi\aharps5y1 IRP_MJ_DEVICE_CONTROL 866391D8
Device \Driver\aharps5y \Device\Scsi\aharps5y1 IRP_MJ_INTERNAL_DEVICE_CONTROL 866391D8
Device \Driver\aharps5y \Device\Scsi\aharps5y1 IRP_MJ_POWER 866391D8
Device \Driver\aharps5y \Device\Scsi\aharps5y1 IRP_MJ_SYSTEM_CONTROL 866391D8
Device \Driver\aharps5y \Device\Scsi\aharps5y1 IRP_MJ_PNP 866391D8
Device \FileSystem\Fastfat \Fat IRP_MJ_CREATE 8646A990
Device \FileSystem\Fastfat \Fat IRP_MJ_CLOSE 8646A990
Device \FileSystem\Fastfat \Fat IRP_MJ_READ 8646A990
Device \FileSystem\Fastfat \Fat IRP_MJ_WRITE 8646A990
Device \FileSystem\Fastfat \Fat IRP_MJ_QUERY_INFORMATION 8646A990
Device \FileSystem\Fastfat \Fat IRP_MJ_SET_INFORMATION 8646A990
Device \FileSystem\Fastfat \Fat IRP_MJ_QUERY_EA 8646A990
Device \FileSystem\Fastfat \Fat IRP_MJ_SET_EA 8646A990
Device \FileSystem\Fastfat \Fat IRP_MJ_FLUSH_BUFFERS 8646A990
Device \FileSystem\Fastfat \Fat IRP_MJ_QUERY_VOLUME_INFORMATION 8646A990
Device \FileSystem\Fastfat \Fat IRP_MJ_SET_VOLUME_INFORMATION 8646A990
Device \FileSystem\Fastfat \Fat IRP_MJ_DIRECTORY_CONTROL 8646A990
Device \FileSystem\Fastfat \Fat IRP_MJ_FILE_SYSTEM_CONTROL 8646A990
Device \FileSystem\Fastfat \Fat IRP_MJ_DEVICE_CONTROL 8646A990
Device \FileSystem\Fastfat \Fat IRP_MJ_SHUTDOWN 8646A990
Device \FileSystem\Fastfat \Fat IRP_MJ_LOCK_CONTROL 8646A990
Device \FileSystem\Fastfat \Fat IRP_MJ_CLEANUP 8646A990
Device \FileSystem\Fastfat \Fat IRP_MJ_PNP 8646A990
Device \FileSystem\Cdfs \Cdfs IRP_MJ_CREATE 86479990
Device \FileSystem\Cdfs \Cdfs IRP_MJ_CLOSE 86479990
Device \FileSystem\Cdfs \Cdfs IRP_MJ_READ 86479990
Device \FileSystem\Cdfs \Cdfs IRP_MJ_QUERY_INFORMATION 86479990
Device \FileSystem\Cdfs \Cdfs IRP_MJ_SET_INFORMATION 86479990
Device \FileSystem\Cdfs \Cdfs IRP_MJ_QUERY_VOLUME_INFORMATION 86479990
Device \FileSystem\Cdfs \Cdfs IRP_MJ_DIRECTORY_CONTROL 86479990
Device \FileSystem\Cdfs \Cdfs IRP_MJ_FILE_SYSTEM_CONTROL 86479990
Device \FileSystem\Cdfs \Cdfs IRP_MJ_DEVICE_CONTROL 86479990
Device \FileSystem\Cdfs \Cdfs IRP_MJ_SHUTDOWN 86479990
Device \FileSystem\Cdfs \Cdfs IRP_MJ_LOCK_CONTROL 86479990
Device \FileSystem\Cdfs \Cdfs IRP_MJ_CLEANUP 86479990
Device \FileSystem\Cdfs \Cdfs IRP_MJ_PNP 86479990

---- EOF - GMER 1.0.12 ----


zu cureit und ewido war kein link oder hab ich den über sehen

ich weiß ja jetzt was ich noch drüber laufen lassen soll mach ich auch noch eben kurz


cureit hat nichts gefunden!!!!

#10 Doch, war alles in Posting Nummer 4 zu finden!
http://board.protecus.de/t29553-lastpage.htm#271519
__________
MfG Ralf
SEO-Spam Hunter

#11 Nach genauem hinsehen und nachlesen des gesamten Textes ist mir aufgefallen das ich den beitrag wohl nicht richtig gelesen hab, sorry!

bin dabei alles auszuführen was ihr gesagt habt scheint ganz gut zu laufen


DANKE für die hilfe!!!!!!!

#12 Ich sehe da auch noch nichts. Kannst du mit Hilfe von Kerio nicht ausmachen, welches Programm da eine Verbindung aufbaut?
__________
MfG Ralf
SEO-Spam Hunter

#13 AVG Anti-Spyware - Scan-Bericht
---------------------------------------------------------

Sorry das es so lange gedauert hat
ich habe mit avg antispy etwas gefundenich würde gerbne einen screenshoot anhängen eure seite verbietet es mir aber

Gruß Ace


+ Erstellt um: 21:11:28 24.05.2007

+ Scan-Ergebnis:



:mozilla.56:C:\Dokumente und Einstellungen\PJ\Anwendungsdaten\Mozilla\Firefox\Profiles\njkks9p2.default\cookies.txt -> TrackingCookie.Advertising : Keine Aktion durchgeführt.
:mozilla.57:C:\Dokumente und Einstellungen\PJ\Anwendungsdaten\Mozilla\Firefox\Profiles\njkks9p2.default\cookies.txt -> TrackingCookie.Advertising : Keine Aktion durchgeführt.
:mozilla.10:C:\Dokumente und Einstellungen\PJ\Anwendungsdaten\Mozilla\Firefox\Profiles\njkks9p2.default\cookies.txt -> TrackingCookie.Doubleclick : Keine Aktion durchgeführt.
:mozilla.55:C:\Dokumente und Einstellungen\PJ\Anwendungsdaten\Mozilla\Firefox\Profiles\njkks9p2.default\cookies.txt -> TrackingCookie.Googleadservices : Keine Aktion durchgeführt.
:mozilla.40:C:\Dokumente und Einstellungen\PJ\Anwendungsdaten\Mozilla\Firefox\Profiles\njkks9p2.default\cookies.txt -> TrackingCookie.Hitbox : Keine Aktion durchgeführt.
:mozilla.41:C:\Dokumente und Einstellungen\PJ\Anwendungsdaten\Mozilla\Firefox\Profiles\njkks9p2.default\cookies.txt -> TrackingCookie.Hitbox : Keine Aktion durchgeführt.
:mozilla.42:C:\Dokumente und Einstellungen\PJ\Anwendungsdaten\Mozilla\Firefox\Profiles\njkks9p2.default\cookies.txt -> TrackingCookie.Hitbox : Keine Aktion durchgeführt.
:mozilla.20:C:\Dokumente und Einstellungen\PJ\Anwendungsdaten\Mozilla\Firefox\Profiles\njkks9p2.default\cookies.txt -> TrackingCookie.Itrack : Keine Aktion durchgeführt.
:mozilla.17:C:\Dokumente und Einstellungen\PJ\Anwendungsdaten\Mozilla\Firefox\Profiles\njkks9p2.default\cookies.txt -> TrackingCookie.Ivwbox : Keine Aktion durchgeführt.
:mozilla.23:C:\Dokumente und Einstellungen\PJ\Anwendungsdaten\Mozilla\Firefox\Profiles\njkks9p2.default\cookies.txt -> TrackingCookie.Yieldmanager : Keine Aktion durchgeführt.
:mozilla.24:C:\Dokumente und Einstellungen\PJ\Anwendungsdaten\Mozilla\Firefox\Profiles\njkks9p2.default\cookies.txt -> TrackingCookie.Yieldmanager : Keine Aktion durchgeführt.
:mozilla.25:C:\Dokumente und Einstellungen\PJ\Anwendungsdaten\Mozilla\Firefox\Profiles\njkks9p2.default\cookies.txt -> TrackingCookie.Yieldmanager : Keine Aktion durchgeführt.
:mozilla.26:C:\Dokumente und Einstellungen\PJ\Anwendungsdaten\Mozilla\Firefox\Profiles\njkks9p2.default\cookies.txt -> TrackingCookie.Yieldmanager : Keine Aktion durchgeführt.
C:\Dokumente und Einstellungen\ACE\Eigene Dateien\Trillianalt\TrillianPro-Patch.exe -> Trojan.Delf.li : Keine Aktion durchgeführt.
D:\System Volume Information\_restore{BCEBE2DB-73E1-4357-BAAA-855CC2F15042}\RP292\A0071452.exe -> Trojan.Delf.li : Keine Aktion durchgeführt.
D:\System Volume Information\_restore{BCEBE2DB-73E1-4357-BAAA-855CC2F15042}\RP292\A0071650.exe -> Trojan.Delf.li : Keine Aktion durchgeführt.


::Berichtende

#14 Findet Drweb Cureit etwas
__________
MfG Ralf
SEO-Spam Hunter

#15 nein leider nicht

wie sieht es mit dem scrennshoot aus wie kann ich dir den zu kommen lassen