Home » Viren, Trojaner & Malware Forum » Haxdoor und win32.agent » Themenansicht

Haxdoor und win32.agent
#0
02.07.2007, 17:13
Stulle
...neu hier

Beiträge: 5
#1 Ich hoffe ich bin hier richtig. Ich muß gestehen ich habe mich bisher noch nicht wirklich mit dem Thema Viren/Trojaner auseinander gesetzt. Ich habe AntiVir und Ad-aware installiert und dachte damit halbwegs sicher zu sein. Jetzt ist folgendes passiert: Meiner Frau wurde das Online Banking gesperrt. Heute bekam sie einen Anruf von einem Bankmenschen der meinte sie hätte einen Virus auf ihrem Rechner und erst wenn der entfernt wird, bekommt sie wieder Zugang fürs Online Banking. Sie verstand leider nur die Hälfte. Er sagte was von Haxdoor und win32.agent.
Ich habe mal danach gesucht, doch auf dem Rechner nichts gefunden. Ich habe dann mal den ganzen Kram mit datfind, hijack usw. durchgeführt und es kam folgendes raus:

"Manuel" - 2007-07-02 15:44:26 - ComboFix 07-06-27.7 - Service Pack 2 NTFS


((((((((((((((((((((((((( Files Created from 2007-06-02 to 2007-07-02 )))))))))))))))))))))))))))))))


2007-07-02 15:34 49,152 --a------ C:\WINDOWS\nircmd.exe
2007-07-02 15:10 <DIR> d-------- C:\DOKUME~1\Manuel\ANWEND~1\OpenOffice.org2
2007-07-02 09:09 <DIR> d-------- C:\DOKUME~1\Manuel\WINDOWS
2007-07-01 17:27 880,440 --a------ C:\Programme\Textilien_content.exe
2007-07-01 17:25 2,309,816 --a------ C:\Programme\Liebe_content.exe
2007-07-01 16:15 <DIR> d-------- C:\Programme\CeWe Color
2007-07-01 16:14 15,554,024 --a------ C:\Programme\Mein_CEWE_FOTOBUCH.exe
2007-06-27 17:26 <DIR> d-------- C:\DOKUME~1\Manuel\ANWEND~1\MySpace
2007-06-24 21:20 79,864 --a------ C:\Programme\MySpaceIM_Setup.exe
2007-06-24 21:20 <DIR> d-------- C:\Programme\MySpace
2007-06-24 21:20 <DIR> d-------- C:\DOKUME~1\Rita\ANWEND~1\MySpace
2007-06-21 07:07 <DIR> d-------- C:\WINDOWS\system32\SoftwareDistribution


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-06-18 16:29:04 3,392 ----a-w C:\WINDOWS\mozver.dat
2007-05-17 21:03:31 -------- d-----w C:\Programme\Picasa2
2007-05-16 15:11:44 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
2007-04-25 14:22:27 144,896 ----a-w C:\WINDOWS\system32\schannel.dll
2007-04-18 16:13:24 2,854,400 ----a-w C:\WINDOWS\system32\msi.dll
2007-04-16 20:47:36 33,624 ----a-w C:\WINDOWS\system32\wups.dll
2007-04-16 20:45:54 1,710,936 ----a-w C:\WINDOWS\system32\wuaueng.dll
2007-04-16 20:45:48 549,720 ----a-w C:\WINDOWS\system32\wuapi.dll
2007-04-16 20:45:42 325,976 ----a-w C:\WINDOWS\system32\wucltui.dll
2007-04-16 20:45:36 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll
2007-04-16 20:45:28 92,504 ----a-w C:\WINDOWS\system32\cdm.dll
2007-04-16 20:45:20 53,080 ----a-w C:\WINDOWS\system32\wuauclt.exe
2007-04-16 20:45:20 43,352 ----a-w C:\WINDOWS\system32\wups2.dll


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{53707962-6F74-2D53-2644-206D7942484F}=C:\Programme\Spybot - Search & Destroy\SDHelper.dll [2005-05-31 01:04]
{9030D464-4C02-4ABF-8ECC-5164760863C6}=C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2006-08-31 21:33]
{AA58ED58-01DD-4d91-8333-CF10577473F7}=c:\programme\google\googletoolbar4.dll [2007-01-20 00:55]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"nwiz"="nwiz.exe" [2003-09-24 18:00 C:\WINDOWS\system32\nwiz.exe]
"LTSMMSG"="LTSMMSG.exe" [2003-04-18 10:06 C:\WINDOWS\ltsmmsg.exe]
"SigmaTel StacMon"="C:\Programme\SigmaTel\SigmaTel AC97 Audio-Treiber\stacmon.exe" [2003-08-03 16:01]
"SynTPLpr"="C:\Programme\Synaptics\SynTP\SynTPLpr.exe" [2003-05-30 19:25]
"SynTPEnh"="C:\Programme\Synaptics\SynTP\SynTPEnh.exe" [2003-05-30 19:23]
"TFNF5"="TFNF5.exe" [2003-07-18 17:41 C:\WINDOWS\system32\TFNF5.exe]
"TouchED"="C:\Programme\TOSHIBA\TouchED\TouchED.Exe" [2003-03-11 15:03]
"000StTHK"="000StTHK.exe" [2001-06-23 21:28 C:\WINDOWS\system32\000StTHK.exe]
"TPSMain"="TPSMain.exe" [2003-10-02 14:20 C:\WINDOWS\system32\TPSMain.exe]
"TFncKy"="TFncKy.exe" []
"SunJavaUpdateSched"="C:\Programme\Java\j2re1.4.2_03\bin\jusched.exe" [2004-03-16 11:00]
"PRONoMgr.exe"="c:\Programme\Intel\PROSetWireless\NCS\PROSet\PRONoMgr.exe" [2003-12-10 02:36]
"avgnt"="C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe" [2007-04-20 21:28]
"iTunesHelper"="C:\Programme\iTunes\iTunesHelper.exe" [2006-06-14 16:24]
"QuickTime Task"="C:\Programme\QuickTime\qttask.exe" [2006-08-16 18:54]
"TkBellExe"="C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" [2006-08-16 19:17]
"DAEMON Tools"="C:\Programme\DAEMON Tools\daemon.exe" [2005-12-10 16:57]
"Adobe Photo Downloader"="C:\Programme\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [2007-03-16 11:45]
"Adobe Reader Speed Launcher"="C:\Programme\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 03:06]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:57]
"TOSCDSPD"="C:\Programme\TOSHIBA\TOSCDSPD\toscdspd.exe" [2003-09-15 17:04]
"SpybotSD TeaTimer"="C:\Programme\Spybot - Search & Destroy\TeaTimer.exe" [2005-05-31 01:04]
"swg"="C:\Programme\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2007-02-19 22:46]
"MySpaceIM"="C:\Programme\MySpace\IM\MySpaceIM.exe" [2007-05-30 03:34]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"MySpaceIM"=C:\Programme\MySpace\IM\MySpaceIM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\Sebring]
c:\WINDOWS\System32\LgNotify.dll


**************************************************************************

catchme 0.3.721 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-07-02 15:46:06
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Completion time: 2007-07-02 15:47:05

--- E O F ---


Logfile of HijackThis v1.99.1
Scan saved at 15:53:51, on 02.07.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\AntiVir PersonalEdition Classic\sched.exe
C:\Programme\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\RegSrvc.exe
C:\WINDOWS\LTSMMSG.exe
C:\Programme\SigmaTel\SigmaTel AC97 Audio-Treiber\stacmon.exe
C:\Programme\Synaptics\SynTP\SynTPLpr.exe
C:\Programme\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\TFNF5.exe
C:\Programme\TOSHIBA\TouchED\TouchED.Exe
C:\WINDOWS\System32\00THotkey.exe
C:\WINDOWS\system32\TPSMain.exe
C:\Programme\TOSHIBA\TOSHIBA Controls\TFncKy.exe
C:\Programme\Java\j2re1.4.2_03\bin\jusched.exe
C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe
C:\Programme\iTunes\iTunesHelper.exe
C:\Programme\QuickTime\qttask.exe
C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\Programme\iPod\bin\iPodService.exe
C:\Programme\DAEMON Tools\daemon.exe
C:\Programme\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\TOSHIBA\TOSCDSPD\toscdspd.exe
C:\Programme\Spybot - Search & Destroy\TeaTimer.exe
C:\Programme\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\Mozilla Firefox\firefox.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Programme\WinRAR\WinRAR.exe
C:\DOKUME~1\Manuel\LOKALE~1\Temp\Rar$EX01.107\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.mainz05.de/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programme\google\googletoolbar4.dll
O3 - Toolbar: Yahoo! Toolbar mit Pop-Up-Blocker - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programme\google\googletoolbar4.dll
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [LTSMMSG] LTSMMSG.exe
O4 - HKLM\..\Run: [SigmaTel StacMon] C:\Programme\SigmaTel\SigmaTel AC97 Audio-Treiber\stacmon.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Programme\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Programme\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [TFNF5] TFNF5.exe
O4 - HKLM\..\Run: [TouchED] C:\Programme\TOSHIBA\TouchED\TouchED.Exe
O4 - HKLM\..\Run: [000StTHK] 000StTHK.exe
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
O4 - HKLM\..\Run: [TFncKy] TFncKy.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programme\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [PRONoMgr.exe] c:\Programme\Intel\PROSetWireless\NCS\PROSet\PRONoMgr.exe
O4 - HKLM\..\Run: [avgnt] "C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programme\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Programme\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Programme\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programme\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [TOSCDSPD] C:\Programme\TOSHIBA\TOSCDSPD\toscdspd.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programme\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [swg] C:\Programme\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MySpaceIM] C:\Programme\MySpace\IM\MySpaceIM.exe
O4 - Startup: OpenOffice.org 2.0.lnk = C:\Programme\OpenOffice.org 2.0\program\quickstart.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1148564522000
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: Sebring - c:\WINDOWS\System32\LgNotify.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AntiVir PersonalEdition Classic Planer (AntiVirScheduler) - Avira GmbH - C:\Programme\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Programme\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Programme\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: RegSrvc - Intel Corporation - C:\WINDOWS\System32\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\WINDOWS\System32\S24EvMon.exe

.
.
Bitte nur die Eintraege der letzten 3 Monate pro Ordner posten
.
.
Volume in Laufwerk C: hat keine Bezeichnung.
Volumeseriennummer: 80FB-315E

Verzeichnis von C:\WINDOWS\system32

02.07.2007 15:06 1.158 wpa.dbl
18.06.2007 21:15 105.416 FNTCACHE.DAT
06.06.2007 08:38 15.747.032 MRT.exe
16.05.2007 17:11 683.520 inetcomm.dll
08.05.2007 10:59 3.583.488 mshtml.dll
25.04.2007 16:22 144.896 schannel.dll
25.04.2007 09:42 822.784 wininet.dll
25.04.2007 09:42 232.960 webcheck.dll
25.04.2007 09:42 1.152.000 urlmon.dll
25.04.2007 09:42 105.984 url.dll
25.04.2007 09:42 670.720 mstime.dll
25.04.2007 09:42 102.400 occache.dll
25.04.2007 09:42 193.024 msrating.dll
25.04.2007 09:42 477.696 mshtmled.dll
25.04.2007 09:41 459.264 msfeeds.dll
25.04.2007 09:41 52.224 msfeedsbs.dll
25.04.2007 09:41 1.824.768 inetcpl.cpl
25.04.2007 09:41 27.648 jsproxy.dll
25.04.2007 09:41 267.776 iertutil.dll
25.04.2007 09:41 6.058.496 ieframe.dll
25.04.2007 09:41 44.544 iernonce.dll
25.04.2007 09:41 384.512 iedkcs32.dll
25.04.2007 09:41 383.488 ieapfltr.dll
25.04.2007 09:41 153.088 ieakeng.dll
25.04.2007 09:41 230.400 ieaksie.dll
25.04.2007 09:41 132.608 extmgr.dll
25.04.2007 09:41 124.928 advpack.dll
24.04.2007 16:26 13.824 ieudinit.exe
24.04.2007 11:58 56.832 ie4uinit.exe
24.04.2007 09:34 161.792 ieakui.dll
18.04.2007 18:13 2.854.400 msi.dll
17.04.2007 11:32 2.455.488 ieapfltr.dat
16.04.2007 22:47 33.624 wups.dll
16.04.2007 22:47 30.040 wuapi.dll.mui
16.04.2007 22:47 30.040 wuaucpl.cpl.mui
16.04.2007 22:45 1.710.936 wuaueng.dll
16.04.2007 22:45 549.720 wuapi.dll
16.04.2007 22:45 325.976 wucltui.dll
16.04.2007 22:45 216.408 wuaucpl.cpl
16.04.2007 22:45 203.096 wuweb.dll
16.04.2007 22:45 92.504 cdm.dll
16.04.2007 22:45 53.080 wuauclt.exe
16.04.2007 22:45 20.824 wuaueng.dll.mui
16.04.2007 22:45 43.352 wups2.dll
16.04.2007 22:44 34.136 wucltui.dll.mui
16.04.2007 17:53 1.058.304 kernel32.dll
05.04.2007 21:15 4.154 ModemLog_ISDN Custom Config.txt
05.04.2007 21:15 4.602 ModemLog_ISDN BTX.txt
05.04.2007 21:15 4.652 ModemLog_ISDN Analog Modem (V.32bis).txt
05.04.2007 21:15 4.612 ModemLog_ISDN FAX (G3).txt
05.04.2007 21:15 4.622 ModemLog_ISDN - ISDN (X.75).txt
05.04.2007 21:15 4.624 ModemLog_ISDN Mailbox (X.75).txt
05.04.2007 21:15 4.664 ModemLog_ISDN SoftCompression X.75-V.42bis.txt
05.04.2007 21:15 4.634 ModemLog_ISDN RAS (PPP over ISDN).txt
05.04.2007 21:15 4.644 ModemLog_ISDN Internet (PPP over ISDN).txt
02.04.2007 14:21 428.032 swreg.exe
25.03.2007 15:02 62.678 perfc009.dat
25.03.2007 15:02 401.398 perfh009.dat
25.03.2007 15:02 416.044 perfh007.dat
25.03.2007 15:02 75.392 perfc007.dat
25.03.2007 15:02 966.074 PerfStringBackup.INI
17.03.2007 15:44 293.376 winsrv.dll
09.03.2007 13:51 270.336 xpsp3res.dll
08.03.2007 17:36 40.960 mf3216.dll
08.03.2007 17:36 579.072 user32.dll
08.03.2007 17:36 281.600 gdi32.dll
08.03.2007 17:32 1.843.712 win32k.sys





2041 Datei(en) 418.770.645 Bytes
0 Verzeichnis(se), 43.964.981.248 Bytes frei
.
.
.
Volume in Laufwerk C: hat keine Bezeichnung.
Volumeseriennummer: 80FB-315E

Verzeichnis von C:\DOKUME~1\Manuel\LOKALE~1\Temp

02.07.2007 17:02 100.144 datfind.txt
02.07.2007 15:52 16.384 ~DF1078.tmp
02.07.2007 15:47 5.464 log.txt
3 Datei(en) 121.992 Bytes
0 Verzeichnis(se), 43.965.009.920 Bytes frei
.
.
.
Volume in Laufwerk C: hat keine Bezeichnung.
Volumeseriennummer: 80FB-315E

Verzeichnis von C:\WINDOWS

02.07.2007 15:08 1.232.988 WindowsUpdate.log
02.07.2007 15:06 159 wiadebug.log
02.07.2007 15:06 50 wiaservc.log
02.07.2007 15:05 0 0.log
02.07.2007 15:05 2.048 bootstat.dat
02.07.2007 10:05 32.618 SchedLgU.Txt
01.07.2007 14:52 1.409 QTFont.for
01.07.2007 14:52 54.156 QTFont.qfn
29.06.2007 22:04 976.549 setupapi.log
18.06.2007 18:29 3.392 mozver.dat
13.06.2007 07:26 184.543 ntdtcsetup.log
13.06.2007 07:26 145.307 iis6.log
13.06.2007 07:26 307.180 comsetup.log
13.06.2007 07:26 351.969 tsoc.log
13.06.2007 07:26 1.374 imsins.log
13.06.2007 07:26 46.721 ocmsn.log
13.06.2007 07:26 24.073 KB929123.log
13.06.2007 07:26 439.587 ocgen.log
13.06.2007 07:26 45.316 msgsocm.log
13.06.2007 07:26 901.938 FaxSetup.log
13.06.2007 07:26 77.217 updspapi.log
13.06.2007 07:26 1.374 imsins.BAK
13.06.2007 07:26 20.895 KB935840.log
13.06.2007 07:24 20.537 KB935839.log
13.06.2007 07:24 29.387 KB933566-IE7.log
05.06.2007 05:24 87.552 catchme.exe
29.05.2007 16:46 7.598 KB927891.log
17.05.2007 10:35 17.880 KB931768-IE7.log
17.05.2007 10:33 10.665 KB930916.log
13.04.2007 23:01 16.250 KB931784.log
13.04.2007 22:59 14.606 KB931261.log
13.04.2007 22:59 14.086 KB930178.log
13.04.2007 22:59 14.697 KB932168.log
05.04.2007 21:57 13.847 KB925902.log
05.04.2007 21:12 10.473 avmw2k.log
05.04.2007 21:09 9.737 avmcoins.log
05.04.2007 21:09 310 avmadd32.log
28.03.2007 07:08 1.912 cdplayer.ini
15.03.2007 09:19 15.276 KB929338.log
14.03.2007 08:22 8.450 KB929399.log
02.03.2007 07:38 42.769 spupdsvc.log


281 Datei(en) 71.341.734 Bytes
0 Verzeichnis(se), 43.964.981.248 Bytes frei
.
.
.
Volume in Laufwerk C: hat keine Bezeichnung.
Volumeseriennummer: 80FB-315E

Verzeichnis von C:\WINDOWS\temp

02.07.2007 16:39 0 Upd2E.tmp
1 Datei(en) 0 Bytes
0 Verzeichnis(se), 43.964.993.536 Bytes frei
.
.
.
Volume in Laufwerk C: hat keine Bezeichnung.
Volumeseriennummer: 80FB-315E

Verzeichnis von C:\WINDOWS\Downloaded Program Files

27.03.2006 13:00 5.019 swflash.inf
26.05.2005 04:19 291 wuweb.inf
10.11.2003 15:01 65 desktop.ini
20.01.2000 15:25 1.162 Microsoft XML Parser for Java.osd
14.10.1997 19:52 697 DirectAnimation Java Classes.osd
5 Datei(en) 7.234 Bytes
0 Verzeichnis(se), 43.964.993.536 Bytes frei
.
.
.

Vielen Dank schon mal im Voraus für die Hilfe.
Seitenanfang Seitenende
02.07.2007, 17:22
raman
Moderator

Beiträge: 7805
#2 Es waere interessant zu wissen, woran er das mit der Infektion festmachen will. Du kannst noch einen Rootkitscan mit Blacklight und gmer machen, aber laut den geposteten Reporten ist da nichts (mehr)

http://virus-protect.org/artikel/tools/rootkithook.html
http://virus-protect.org/artikel/tools/gmer.html

Poste die beiden Reporte bitte.
__________
MfG Ralf
SEO-Spam Hunter
Seitenanfang Seitenende
02.07.2007, 18:21
Stulle
...neu hier

Themenstarter

Beiträge: 5
#3 So ich habe noch mal mit dem Bankmenschen gesprochen und der meinte sie hätten die Kontonummer meiner Frau auf einem Server in Moskau gefunden und deshalb gehen sie davon aus das sie ausspioniert wurde und sich irgendwas auf ihrem Rechner befindet. Hm keine Ahnung ob das eine unbedingt was mit dem anderen zu tun hat. Bedenklich ist es allerdings schon das ihre Kontodaten in Moskau auftauchen.


Also bei dem gmer kam das raus:

GMER 1.0.13.12551 - http://www.gmer.net
Rootkit scan 2007-07-02 17:43:23
Windows 5.1.2600 Service Pack 2


---- System - GMER 1.0.13 ----

SSDT sptd.sys ZwCreateKey
SSDT sptd.sys ZwEnumerateKey
SSDT sptd.sys ZwEnumerateValueKey
SSDT sptd.sys ZwOpenKey
SSDT sptd.sys ZwQueryKey
SSDT sptd.sys ZwQueryValueKey
SSDT sptd.sys ZwSetValueKey

---- Kernel code sections - GMER 1.0.13 ----

? C:\WINDOWS\system32\drivers\sptd.sys Der Prozess kann nicht auf die Datei zugreifen, da sie von einem anderen Prozess verwendet wird.
? C:\WINDOWS\System32\Drivers\SPTD2285.SYS Der Prozess kann nicht auf die Datei zugreifen, da sie von einem anderen Prozess verwendet wird.
? C:\WINDOWS\System32\Drivers\dtscsi.sys Der Prozess kann nicht auf die Datei zugreifen, da sie von einem anderen Prozess verwendet wird.
? C:\WINDOWS\system32\Drivers\PROCEXP90.SYS Das System kann die angegebene Datei nicht finden.

---- Kernel IAT/EAT - GMER 1.0.13 ----

IAT pci.sys[ntoskrnl.exe!IoDetachDevice] [F8451F52] sptd.sys
IAT pci.sys[ntoskrnl.exe!IoAttachDeviceToDeviceStack] [F8468658] sptd.sys
IAT ftdisk.sys[ntoskrnl.exe!IoGetAttachedDeviceReference] [F8452550] sptd.sys
IAT ftdisk.sys[ntoskrnl.exe!IoGetDeviceObjectPointer] [F8452454] sptd.sys
IAT ftdisk.sys[ntoskrnl.exe!IofCallDriver] [F8452620] sptd.sys
IAT PartMgr.sys[ntoskrnl.exe!IoAttachDeviceToDeviceStack] [F8467F6C] sptd.sys
IAT PartMgr.sys[ntoskrnl.exe!IoDetachDevice] [F845210E] sptd.sys
IAT atapi.sys[ntoskrnl.exe!IofCompleteRequest] [F8467BB0] sptd.sys
IAT atapi.sys[ntoskrnl.exe!IoConnectInterrupt] [F8451FA6] sptd.sys
IAT atapi.sys[HAL.dll!READ_PORT_UCHAR] [F8444A32] sptd.sys
IAT atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT] [F8444B6E] sptd.sys
IAT atapi.sys[HAL.dll!READ_PORT_USHORT] [F8444AF6] sptd.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT] [F84456CC] sptd.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_UCHAR] [F84455A2] sptd.sys
IAT disk.sys[ntoskrnl.exe!IoAttachDeviceToDeviceStack] [F846879E] sptd.sys
IAT \WINDOWS\System32\DRIVERS\CLASSPNP.SYS[ntoskrnl.exe!IoDetachDevice] [F84571BA] sptd.sys
IAT \SystemRoot\System32\DRIVERS\USBPORT.SYS[NTOSKRNL.EXE!IofCompleteRequest] [F8467BB0] sptd.sys
IAT \SystemRoot\System32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [F8467BBC] sptd.sys
IAT \SystemRoot\System32\DRIVERS\cdrom.sys[ntoskrnl.exe!IoAttachDeviceToDeviceStack] [F846879E] sptd.sys
IAT \SystemRoot\System32\DRIVERS\rdbss.sys[ntoskrnl.exe!IofCallDriver] [F8444020] sptd.sys
IAT \SystemRoot\System32\DRIVERS\mrxsmb.sys[ntoskrnl.exe!IofCallDriver] [F8444020] sptd.sys

---- User IAT/EAT - GMER 1.0.13 ----

IAT C:\WINDOWS\System32\RegSrvc.exe[252] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [5CF07774] C:\WINDOWS\System32\ShimEng.dll
IAT C:\WINDOWS\System32\RegSrvc.exe[252] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!GetProcAddress] [5CF07774] C:\WINDOWS\System32\ShimEng.dll
IAT C:\WINDOWS\System32\RegSrvc.exe[252] @ C:\WINDOWS\system32\RPCRT4.dll [ADVAPI32.dll!OpenServiceW] [6FDB065D] C:\WINDOWS\AppPatch\AcGenral.DLL
IAT C:\WINDOWS\System32\RegSrvc.exe[252] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [5CF07774] C:\WINDOWS\System32\ShimEng.dll
IAT C:\WINDOWS\System32\RegSrvc.exe[252] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [5CF07774] C:\WINDOWS\System32\ShimEng.dll
IAT C:\WINDOWS\System32\RegSrvc.exe[252] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetProcAddress] [5CF07774] C:\WINDOWS\System32\ShimEng.dll
IAT C:\WINDOWS\System32\RegSrvc.exe[252] @ C:\WINDOWS\system32\SHELL32.dll [ADVAPI32.dll!ControlService] [6FDB0680] C:\WINDOWS\AppPatch\AcGenral.DLL
IAT C:\WINDOWS\System32\RegSrvc.exe[252] @ C:\WINDOWS\system32\SHELL32.dll [ADVAPI32.dll!OpenServiceW] [6FDB065D] C:\WINDOWS\AppPatch\AcGenral.DLL
IAT C:\WINDOWS\System32\RegSrvc.exe[252] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!GetProcAddress] [5CF07774] C:\WINDOWS\System32\ShimEng.dll
IAT C:\WINDOWS\System32\RegSrvc.exe[252] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [5CF07774] C:\WINDOWS\System32\ShimEng.dll
IAT C:\WINDOWS\System32\RegSrvc.exe[252] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!GetProcAddress] [5CF07774] C:\WINDOWS\System32\ShimEng.dll

---- Devices - GMER 1.0.13 ----

Device \FileSystem\Ntfs \Ntfs IRP_MJ_CREATE 823DB5D0
Device \FileSystem\Ntfs \Ntfs IRP_MJ_CLOSE 823DB5D0
Device \FileSystem\Ntfs \Ntfs IRP_MJ_READ 823DB5D0
Device \FileSystem\Ntfs \Ntfs IRP_MJ_WRITE 823DB5D0
Device \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_INFORMATION 823DB5D0
Device \FileSystem\Ntfs \Ntfs IRP_MJ_SET_INFORMATION 823DB5D0
Device \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_EA 823DB5D0
Device \FileSystem\Ntfs \Ntfs IRP_MJ_SET_EA 823DB5D0
Device \FileSystem\Ntfs \Ntfs IRP_MJ_FLUSH_BUFFERS 823DB5D0
Device \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_VOLUME_INFORMATION 823DB5D0
Device \FileSystem\Ntfs \Ntfs IRP_MJ_SET_VOLUME_INFORMATION 823DB5D0
Device \FileSystem\Ntfs \Ntfs IRP_MJ_DIRECTORY_CONTROL 823DB5D0
Device \FileSystem\Ntfs \Ntfs IRP_MJ_FILE_SYSTEM_CONTROL 823DB5D0
Device \FileSystem\Ntfs \Ntfs IRP_MJ_DEVICE_CONTROL 823DB5D0
Device \FileSystem\Ntfs \Ntfs IRP_MJ_SHUTDOWN 823DB5D0
Device \FileSystem\Ntfs \Ntfs IRP_MJ_LOCK_CONTROL 823DB5D0
Device \FileSystem\Ntfs \Ntfs IRP_MJ_CLEANUP 823DB5D0
Device \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_SECURITY 823DB5D0
Device \FileSystem\Ntfs \Ntfs IRP_MJ_SET_SECURITY 823DB5D0
Device \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_QUOTA 823DB5D0
Device \FileSystem\Ntfs \Ntfs IRP_MJ_SET_QUOTA 823DB5D0
Device \FileSystem\Ntfs \Ntfs IRP_MJ_PNP 823DB5D0

AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CREATE [F83861DE] fltmgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CREATE_NAMED_PIPE [F83861DE] fltmgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CLOSE [F8379F4C] fltmgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_READ [F8379F4C] fltmgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_WRITE [F8379F4C] fltmgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_INFORMATION [F8379F4C] fltmgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_INFORMATION [F8379F4C] fltmgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_EA [F8379F4C] fltmgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_EA [F8379F4C] fltmgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_FLUSH_BUFFERS [F8379F4C] fltmgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_VOLUME_INFORMATION [F8379F4C] fltmgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_VOLUME_INFORMATION [F8379F4C] fltmgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_DIRECTORY_CONTROL [F8379F4C] fltmgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_FILE_SYSTEM_CONTROL [F8386454] fltmgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_DEVICE_CONTROL [F8379F4C] fltmgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_INTERNAL_DEVICE_CONTROL [F8379F4C] fltmgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SHUTDOWN [F8379F4C] fltmgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_LOCK_CONTROL [F8379F4C] fltmgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CLEANUP [F8379F4C] fltmgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CREATE_MAILSLOT [F83861DE] fltmgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_SECURITY [F8379F4C] fltmgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_SECURITY [F8379F4C] fltmgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_POWER [F8379F4C] fltmgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SYSTEM_CONTROL [F8379F4C] fltmgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_DEVICE_CHANGE [F8379F4C] fltmgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_QUOTA [F8379F4C] fltmgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_QUOTA [F8379F4C] fltmgr.sys
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 IRP_MJ_CREATE [F7804E30] SynTP.sys
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 IRP_MJ_CREATE_NAMED_PIPE [F7804E30] SynTP.sys
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 IRP_MJ_CLOSE [F7804E30] SynTP.sys
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 IRP_MJ_READ [F7804E30] SynTP.sys
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 IRP_MJ_WRITE [F7804E30] SynTP.sys
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 IRP_MJ_QUERY_INFORMATION [F7804E30] SynTP.sys
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 IRP_MJ_SET_INFORMATION [F7804E30] SynTP.sys
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 IRP_MJ_QUERY_EA [F7804E30] SynTP.sys
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 IRP_MJ_SET_EA [F7804E30] SynTP.sys
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 IRP_MJ_FLUSH_BUFFERS [F7804E30] SynTP.sys
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 IRP_MJ_QUERY_VOLUME_INFORMATION [F7804E30] SynTP.sys
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 IRP_MJ_SET_VOLUME_INFORMATION [F7804E30] SynTP.sys
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 IRP_MJ_DIRECTORY_CONTROL [F7804E30] SynTP.sys
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 IRP_MJ_FILE_SYSTEM_CONTROL [F7804E30] SynTP.sys
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 IRP_MJ_DEVICE_CONTROL [F7804E30] SynTP.sys
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 IRP_MJ_INTERNAL_DEVICE_CONTROL [F7804E30] SynTP.sys
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 IRP_MJ_SHUTDOWN [F7804E30] SynTP.sys
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 IRP_MJ_LOCK_CONTROL [F7804E30] SynTP.sys
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 IRP_MJ_CLEANUP [F7804E30] SynTP.sys
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 IRP_MJ_CREATE_MAILSLOT [F7804E30] SynTP.sys
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 IRP_MJ_QUERY_SECURITY [F7804E30] SynTP.sys
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 IRP_MJ_SET_SECURITY [F7804E30] SynTP.sys
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 IRP_MJ_POWER [F7804E30] SynTP.sys
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 IRP_MJ_SYSTEM_CONTROL [F7804E30] SynTP.sys
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 IRP_MJ_DEVICE_CHANGE [F7804E30] SynTP.sys
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 IRP_MJ_QUERY_QUOTA [F7804E30] SynTP.sys
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 IRP_MJ_SET_QUOTA [F7804E30] SynTP.sys
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 IRP_MJ_CREATE [F88D5B7E] mouclass.sys
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 IRP_MJ_CLOSE [F88D5D8C] mouclass.sys
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 IRP_MJ_READ [F88D699A] mouclass.sys
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 IRP_MJ_FLUSH_BUFFERS [F88D5AF6] mouclass.sys
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 IRP_MJ_DEVICE_CONTROL [F88D72C8] mouclass.sys
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 IRP_MJ_INTERNAL_DEVICE_CONTROL [F88D7086] mouclass.sys
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 IRP_MJ_CLEANUP [F88D5AB2] mouclass.sys
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 IRP_MJ_POWER [F88D7CD4] mouclass.sys
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 IRP_MJ_SYSTEM_CONTROL [F88D7790] mouclass.sys
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 IRP_MJ_CREATE [F7804E30] SynTP.sys
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 IRP_MJ_CREATE_NAMED_PIPE [F7804E30] SynTP.sys
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 IRP_MJ_CLOSE [F7804E30] SynTP.sys
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 IRP_MJ_READ [F7804E30] SynTP.sys
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 IRP_MJ_WRITE [F7804E30] SynTP.sys
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 IRP_MJ_QUERY_INFORMATION [F7804E30] SynTP.sys
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 IRP_MJ_SET_INFORMATION [F7804E30] SynTP.sys
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 IRP_MJ_QUERY_EA [F7804E30] SynTP.sys
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 IRP_MJ_SET_EA [F7804E30] SynTP.sys
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 IRP_MJ_FLUSH_BUFFERS [F7804E30] SynTP.sys
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 IRP_MJ_QUERY_VOLUME_INFORMATION [F7804E30] SynTP.sys
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 IRP_MJ_SET_VOLUME_INFORMATION [F7804E30] SynTP.sys
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 IRP_MJ_DIRECTORY_CONTROL [F7804E30] SynTP.sys
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 IRP_MJ_FILE_SYSTEM_CONTROL [F7804E30] SynTP.sys
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 IRP_MJ_DEVICE_CONTROL [F7804E30] SynTP.sys
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 IRP_MJ_INTERNAL_DEVICE_CONTROL [F7804E30] SynTP.sys
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 IRP_MJ_SHUTDOWN [F7804E30] SynTP.sys
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 IRP_MJ_LOCK_CONTROL [F7804E30] SynTP.sys
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 IRP_MJ_CLEANUP [F7804E30] SynTP.sys
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 IRP_MJ_CREATE_MAILSLOT [F7804E30] SynTP.sys
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 IRP_MJ_QUERY_SECURITY [F7804E30] SynTP.sys
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 IRP_MJ_SET_SECURITY [F7804E30] SynTP.sys
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 IRP_MJ_POWER [F7804E30] SynTP.sys
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 IRP_MJ_SYSTEM_CONTROL [F7804E30] SynTP.sys
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 IRP_MJ_DEVICE_CHANGE [F7804E30] SynTP.sys
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 IRP_MJ_QUERY_QUOTA [F7804E30] SynTP.sys
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 IRP_MJ_SET_QUOTA [F7804E30] SynTP.sys

Device \Driver\00000089 \Device\00000055 IRP_MJ_POWER [F844FF68] sptd.sys
Device \Driver\00000089 \Device\00000055 IRP_MJ_SYSTEM_CONTROL [F8464A70] sptd.sys
Device \Driver\00000089 \Device\00000055 IRP_MJ_PNP [F845D728] sptd.sys
Device \Driver\NetBT \Device\NetBT_Tcpip_{A6F47FAE-6170-4B7E-AD53-417FC735FC79} IRP_MJ_CREATE 81B48EB0
Device \Driver\NetBT \Device\NetBT_Tcpip_{A6F47FAE-6170-4B7E-AD53-417FC735FC79} IRP_MJ_CLOSE 81B48EB0
Device \Driver\NetBT \Device\NetBT_Tcpip_{A6F47FAE-6170-4B7E-AD53-417FC735FC79} IRP_MJ_DEVICE_CONTROL 81B48EB0
Device \Driver\NetBT \Device\NetBT_Tcpip_{A6F47FAE-6170-4B7E-AD53-417FC735FC79} IRP_MJ_INTERNAL_DEVICE_CONTROL 81B48EB0
Device \Driver\NetBT \Device\NetBT_Tcpip_{A6F47FAE-6170-4B7E-AD53-417FC735FC79} IRP_MJ_CLEANUP 81B48EB0
Device \Driver\NetBT \Device\NetBT_Tcpip_{A6F47FAE-6170-4B7E-AD53-417FC735FC79} IRP_MJ_PNP 81B48EB0
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_CREATE 823DBC78
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_READ 823DBC78
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_WRITE 823DBC78
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_FLUSH_BUFFERS 823DBC78
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_DEVICE_CONTROL 823DBC78
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_INTERNAL_DEVICE_CONTROL 823DBC78
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_SHUTDOWN 823DBC78
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_CLEANUP 823DBC78
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_POWER 823DBC78
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_SYSTEM_CONTROL 823DBC78
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_PNP 823DBC78
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_CREATE 821F6380
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_CLOSE 821F6380
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_READ 821F6380
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_WRITE 821F6380
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_FLUSH_BUFFERS 821F6380
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_DEVICE_CONTROL 821F6380
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_INTERNAL_DEVICE_CONTROL 821F6380
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SHUTDOWN 821F6380
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_POWER 821F6380
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SYSTEM_CONTROL 821F6380
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_PNP 821F6380
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_CREATE 81F1AEB0
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_CREATE_NAMED_PIPE 81F1AEB0
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_CLOSE 81F1AEB0
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_READ 81F1AEB0
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_WRITE 81F1AEB0
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_QUERY_INFORMATION 81F1AEB0
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_SET_INFORMATION 81F1AEB0
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_QUERY_EA 81F1AEB0
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_SET_EA 81F1AEB0
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_FLUSH_BUFFERS 81F1AEB0
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_QUERY_VOLUME_INFORMATION 81F1AEB0
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_SET_VOLUME_INFORMATION 81F1AEB0
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_DIRECTORY_CONTROL 81F1AEB0
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_FILE_SYSTEM_CONTROL 81F1AEB0
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_DEVICE_CONTROL 81F1AEB0
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_INTERNAL_DEVICE_CONTROL 81F1AEB0
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_SHUTDOWN 81F1AEB0
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_LOCK_CONTROL 81F1AEB0
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_CLEANUP 81F1AEB0
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_CREATE_MAILSLOT 81F1AEB0
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_QUERY_SECURITY 81F1AEB0
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_SET_SECURITY 81F1AEB0
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_POWER 81F1AEB0
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_SYSTEM_CONTROL 81F1AEB0
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_DEVICE_CHANGE 81F1AEB0
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_QUERY_QUOTA 81F1AEB0
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_SET_QUOTA 81F1AEB0
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_CREATE 821F6380
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_CLOSE 821F6380
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_READ 821F6380
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_WRITE 821F6380
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_FLUSH_BUFFERS 821F6380
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_DEVICE_CONTROL 821F6380
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_INTERNAL_DEVICE_CONTROL 821F6380
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SHUTDOWN 821F6380
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_POWER 821F6380
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SYSTEM_CONTROL 821F6380
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_PNP 821F6380
Device \Driver\NetBT \Device\NetBt_Wins_Export IRP_MJ_CREATE 81B48EB0
Device \Driver\NetBT \Device\NetBt_Wins_Export IRP_MJ_CLOSE 81B48EB0
Device \Driver\NetBT \Device\NetBt_Wins_Export IRP_MJ_DEVICE_CONTROL 81B48EB0
Device \Driver\NetBT \Device\NetBt_Wins_Export IRP_MJ_INTERNAL_DEVICE_CONTROL 81B48EB0
Device \Driver\NetBT \Device\NetBt_Wins_Export IRP_MJ_CLEANUP 81B48EB0
Device \Driver\NetBT \Device\NetBt_Wins_Export IRP_MJ_PNP 81B48EB0
Device \Driver\NetBT \Device\NetBT_Tcpip_{7E0BDEAB-45D0-4048-B576-066431E10455} IRP_MJ_CREATE 81B48EB0
Device \Driver\NetBT \Device\NetBT_Tcpip_{7E0BDEAB-45D0-4048-B576-066431E10455} IRP_MJ_CLOSE 81B48EB0
Device \Driver\NetBT \Device\NetBT_Tcpip_{7E0BDEAB-45D0-4048-B576-066431E10455} IRP_MJ_DEVICE_CONTROL 81B48EB0
Device \Driver\NetBT \Device\NetBT_Tcpip_{7E0BDEAB-45D0-4048-B576-066431E10455} IRP_MJ_INTERNAL_DEVICE_CONTROL 81B48EB0
Device \Driver\NetBT \Device\NetBT_Tcpip_{7E0BDEAB-45D0-4048-B576-066431E10455} IRP_MJ_CLEANUP 81B48EB0
Device \Driver\NetBT \Device\NetBT_Tcpip_{7E0BDEAB-45D0-4048-B576-066431E10455} IRP_MJ_PNP 81B48EB0
Device \Driver\NetBT \Device\NetbiosSmb IRP_MJ_CREATE 81B48EB0
Device \Driver\NetBT \Device\NetbiosSmb IRP_MJ_CLOSE 81B48EB0
Device \Driver\NetBT \Device\NetbiosSmb IRP_MJ_DEVICE_CONTROL 81B48EB0
Device \Driver\NetBT \Device\NetbiosSmb IRP_MJ_INTERNAL_DEVICE_CONTROL 81B48EB0
Device \Driver\NetBT \Device\NetbiosSmb IRP_MJ_CLEANUP 81B48EB0
Device \Driver\NetBT \Device\NetbiosSmb IRP_MJ_PNP 81B48EB0
Device \Driver\Disk \Device\Harddisk0\DR0 IRP_MJ_CREATE 823DB808
Device \Driver\Disk \Device\Harddisk0\DR0 IRP_MJ_CLOSE 823DB808
Device \Driver\Disk \Device\Harddisk0\DR0 IRP_MJ_READ 823DB808
Device \Driver\Disk \Device\Harddisk0\DR0 IRP_MJ_WRITE 823DB808
Device \Driver\Disk \Device\Harddisk0\DR0 IRP_MJ_FLUSH_BUFFERS 823DB808
Device \Driver\Disk \Device\Harddisk0\DR0 IRP_MJ_DEVICE_CONTROL 823DB808
Device \Driver\Disk \Device\Harddisk0\DR0 IRP_MJ_INTERNAL_DEVICE_CONTROL 823DB808
Device \Driver\Disk \Device\Harddisk0\DR0 IRP_MJ_SHUTDOWN 823DB808
Device \Driver\Disk \Device\Harddisk0\DR0 IRP_MJ_POWER 823DB808
Device \Driver\Disk \Device\Harddisk0\DR0 IRP_MJ_SYSTEM_CONTROL 823DB808
Device \Driver\Disk \Device\Harddisk0\DR0 IRP_MJ_PNP 823DB808
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_CREATE 81B69CF0
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_CREATE_NAMED_PIPE 81B69CF0
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_CLOSE 81B69CF0
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_READ 81B69CF0
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_WRITE 81B69CF0
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_QUERY_INFORMATION 81B69CF0
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SET_INFORMATION 81B69CF0
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_QUERY_EA 81B69CF0
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SET_EA 81B69CF0
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_FLUSH_BUFFERS 81B69CF0
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_QUERY_VOLUME_INFORMATION 81B69CF0
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SET_VOLUME_INFORMATION 81B69CF0
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_DIRECTORY_CONTROL 81B69CF0
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_FILE_SYSTEM_CONTROL 81B69CF0
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_DEVICE_CONTROL 81B69CF0
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_INTERNAL_DEVICE_CONTROL 81B69CF0
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SHUTDOWN 81B69CF0
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_LOCK_CONTROL 81B69CF0
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_CLEANUP 81B69CF0
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_CREATE_MAILSLOT 81B69CF0
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_QUERY_SECURITY 81B69CF0
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SET_SECURITY 81B69CF0
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_POWER 81B69CF0
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SYSTEM_CONTROL 81B69CF0
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_DEVICE_CHANGE 81B69CF0
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_QUERY_QUOTA 81B69CF0
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SET_QUOTA 81B69CF0
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_PNP 81B69CF0
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_CREATE 81B69CF0
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_CREATE_NAMED_PIPE 81B69CF0
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_CLOSE 81B69CF0
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_READ 81B69CF0
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_WRITE 81B69CF0
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_QUERY_INFORMATION 81B69CF0
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SET_INFORMATION 81B69CF0
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_QUERY_EA 81B69CF0
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SET_EA 81B69CF0
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_FLUSH_BUFFERS 81B69CF0
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_QUERY_VOLUME_INFORMATION 81B69CF0
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SET_VOLUME_INFORMATION 81B69CF0
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_DIRECTORY_CONTROL 81B69CF0
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_FILE_SYSTEM_CONTROL 81B69CF0
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_DEVICE_CONTROL 81B69CF0
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_INTERNAL_DEVICE_CONTROL 81B69CF0
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SHUTDOWN 81B69CF0
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_LOCK_CONTROL 81B69CF0
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_CLEANUP 81B69CF0
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_CREATE_MAILSLOT 81B69CF0
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_QUERY_SECURITY 81B69CF0
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SET_SECURITY 81B69CF0
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_POWER 81B69CF0
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SYSTEM_CONTROL 81B69CF0
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_DEVICE_CHANGE 81B69CF0
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_QUERY_QUOTA 81B69CF0
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SET_QUOTA 81B69CF0
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_PNP 81B69CF0
Device \FileSystem\Npfs \Device\NamedPipe IRP_MJ_CREATE 81B4C600
Device \FileSystem\Npfs \Device\NamedPipe IRP_MJ_CREATE_NAMED_PIPE 81B4C600
Device \FileSystem\Npfs \Device\NamedPipe IRP_MJ_CLOSE 81B4C600
Device \FileSystem\Npfs \Device\NamedPipe IRP_MJ_READ 81B4C600
Device \FileSystem\Npfs \Device\NamedPipe IRP_MJ_WRITE 81B4C600
Device \FileSystem\Npfs \Device\NamedPipe IRP_MJ_QUERY_INFORMATION 81B4C600
Device \FileSystem\Npfs \Device\NamedPipe IRP_MJ_SET_INFORMATION 81B4C600
Device \FileSystem\Npfs \Device\NamedPipe IRP_MJ_FLUSH_BUFFERS 81B4C600
Device \FileSystem\Npfs \Device\NamedPipe IRP_MJ_QUERY_VOLUME_INFORMATION 81B4C600
Device \FileSystem\Npfs \Device\NamedPipe IRP_MJ_DIRECTORY_CONTROL 81B4C600
Device \FileSystem\Npfs \Device\NamedPipe IRP_MJ_FILE_SYSTEM_CONTROL 81B4C600
Device \FileSystem\Npfs \Device\NamedPipe IRP_MJ_CLEANUP 81B4C600
Device \FileSystem\Npfs \Device\NamedPipe IRP_MJ_QUERY_SECURITY 81B4C600
Device \FileSystem\Npfs \Device\NamedPipe IRP_MJ_SET_SECURITY 81B4C600
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_CREATE 823DBC78
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_READ 823DBC78
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_WRITE 823DBC78
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_FLUSH_BUFFERS 823DBC78
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_DEVICE_CONTROL 823DBC78
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_INTERNAL_DEVICE_CONTROL 823DBC78
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_SHUTDOWN 823DBC78
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_CLEANUP 823DBC78
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_POWER 823DBC78
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_SYSTEM_CONTROL 823DBC78
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_PNP 823DBC78
Device \FileSystem\Msfs \Device\Mailslot IRP_MJ_CREATE 81ED9AA8
Device \FileSystem\Msfs \Device\Mailslot IRP_MJ_CLOSE 81ED9AA8
Device \FileSystem\Msfs \Device\Mailslot IRP_MJ_READ 81ED9AA8
Device \FileSystem\Msfs \Device\Mailslot IRP_MJ_WRITE 81ED9AA8
Device \FileSystem\Msfs \Device\Mailslot IRP_MJ_QUERY_INFORMATION 81ED9AA8
Device \FileSystem\Msfs \Device\Mailslot IRP_MJ_SET_INFORMATION 81ED9AA8
Device \FileSystem\Msfs \Device\Mailslot IRP_MJ_QUERY_VOLUME_INFORMATION 81ED9AA8
Device \FileSystem\Msfs \Device\Mailslot IRP_MJ_DIRECTORY_CONTROL 81ED9AA8
Device \FileSystem\Msfs \Device\Mailslot IRP_MJ_FILE_SYSTEM_CONTROL 81ED9AA8
Device \FileSystem\Msfs \Device\Mailslot IRP_MJ_CLEANUP 81ED9AA8
Device \FileSystem\Msfs \Device\Mailslot IRP_MJ_CREATE_MAILSLOT 81ED9AA8
Device \FileSystem\Msfs \Device\Mailslot IRP_MJ_QUERY_SECURITY 81ED9AA8
Device \FileSystem\Msfs \Device\Mailslot IRP_MJ_SET_SECURITY 81ED9AA8
Device \Driver\dtscsi \Device\Scsi\dtscsi1Port2Path0Target0Lun0 IRP_MJ_CREATE 81F81A90
Device \Driver\dtscsi \Device\Scsi\dtscsi1Port2Path0Target0Lun0 IRP_MJ_CLOSE 81F81A90
Device \Driver\dtscsi \Device\Scsi\dtscsi1Port2Path0Target0Lun0 IRP_MJ_DEVICE_CONTROL 81F81A90
Device \Driver\dtscsi \Device\Scsi\dtscsi1Port2Path0Target0Lun0 IRP_MJ_INTERNAL_DEVICE_CONTROL 81F81A90
Device \Driver\dtscsi \Device\Scsi\dtscsi1Port2Path0Target0Lun0 IRP_MJ_POWER 81F81A90
Device \Driver\dtscsi \Device\Scsi\dtscsi1Port2Path0Target0Lun0 IRP_MJ_SYSTEM_CONTROL 81F81A90
Device \Driver\dtscsi \Device\Scsi\dtscsi1Port2Path0Target0Lun0 IRP_MJ_PNP 81F81A90
Device \Driver\dtscsi \Device\Scsi\dtscsi1 IRP_MJ_CREATE 81F81A90
Device \Driver\dtscsi \Device\Scsi\dtscsi1 IRP_MJ_CLOSE 81F81A90
Device \Driver\dtscsi \Device\Scsi\dtscsi1 IRP_MJ_DEVICE_CONTROL 81F81A90
Device \Driver\dtscsi \Device\Scsi\dtscsi1 IRP_MJ_INTERNAL_DEVICE_CONTROL 81F81A90
Device \Driver\dtscsi \Device\Scsi\dtscsi1 IRP_MJ_POWER 81F81A90
Device \Driver\dtscsi \Device\Scsi\dtscsi1 IRP_MJ_SYSTEM_CONTROL 81F81A90
Device \Driver\dtscsi \Device\Scsi\dtscsi1 IRP_MJ_PNP 81F81A90
Device \FileSystem\Cdfs \Cdfs IRP_MJ_CREATE 81FF2EB0
Device \FileSystem\Cdfs \Cdfs IRP_MJ_CLOSE 81FF2EB0
Device \FileSystem\Cdfs \Cdfs IRP_MJ_READ 81FF2EB0
Device \FileSystem\Cdfs \Cdfs IRP_MJ_QUERY_INFORMATION 81FF2EB0
Device \FileSystem\Cdfs \Cdfs IRP_MJ_SET_INFORMATION 81FF2EB0
Device \FileSystem\Cdfs \Cdfs IRP_MJ_QUERY_VOLUME_INFORMATION 81FF2EB0
Device \FileSystem\Cdfs \Cdfs IRP_MJ_DIRECTORY_CONTROL 81FF2EB0
Device \FileSystem\Cdfs \Cdfs IRP_MJ_FILE_SYSTEM_CONTROL 81FF2EB0
Device \FileSystem\Cdfs \Cdfs IRP_MJ_DEVICE_CONTROL 81FF2EB0
Device \FileSystem\Cdfs \Cdfs IRP_MJ_SHUTDOWN 81FF2EB0
Device \FileSystem\Cdfs \Cdfs IRP_MJ_LOCK_CONTROL 81FF2EB0
Device \FileSystem\Cdfs \Cdfs IRP_MJ_CLEANUP 81FF2EB0
Device \FileSystem\Cdfs \Cdfs IRP_MJ_PNP 81FF2EB0

---- EOF - GMER 1.0.13 ----
Bei dem Backlight hatte ich irgendwie Probleme mit der Durchführung. Es kam als Ergebnis lediglich folgende Datei raus:

07/02/07 18:15:14 [Info]: BlackLight Engine 1.0.64 initialized
07/02/07 18:15:14 [Info]: OS: 5.1 build 2600 (Service Pack 2)
07/02/07 18:15:14 [Note]: 7019 4
07/02/07 18:15:14 [Note]: 7005 0
07/02/07 18:15:18 [Note]: 7006 0
07/02/07 18:15:18 [Note]: 7011 812
07/02/07 18:15:19 [Note]: 7026 0
07/02/07 18:15:19 [Note]: 7026 0
07/02/07 18:15:22 [Note]: FSRAW library version 1.7.1022
07/02/07 18:16:24 [Note]: 7007 0

Beim Scan hat er nichts gefunden. Habe ich was falsch gemacht?

Der Bankangestellte meinte das irgendjemand versucht hatte unerlaubt auf das Konto meiner Frau zuzugreifen. Sie müßte außerdem jetzt auch alle anderen Passwörter ändern (z.B. bei Ebay, Email usw.). Ich glaube ich rufe den Morgen mal an und lasse mir das noch mal erklären. Es war aber definitiv jemand von der Bank, da bin ich mir ganz sicher.
Vielen Dank trotzdem schon mal für die Info.
Dieser Beitrag wurde am 03.07.2007 um 12:15 Uhr von Stulle editiert.
Seitenanfang Seitenende
03.07.2007, 13:20
Argus
Ehrenmitglied
Avatar Argus

Beiträge: 6028
#4 Download CounterSpyV2.0 zum Desktop
und dopplelklick um das Program zu installieren
CounterSpy wird geupdatet
Klicke: " System scan "
Nach dem Scan muss man sich entscheiden für: *Remove --> Status: Deleted
Nur für Windows XP(32bit) - Windows Vista (32bit) - Windows 2000 (SP3+)
Note
CounterSpy hat den Nachteil --> es will sich stets updaten
Wenn man CS startet:
Would you like to enable Automatic Updates? Wähle --> No
Would you like to enable Active Protection? Wähle --> No
Would you like to join Thread? Wähle --> Yes
Häckchen entfernen bei --> Recommended

Poste ein log von Hijack This
__________
MfG Argus
Seitenanfang Seitenende
03.07.2007, 15:16
Stulle
...neu hier

Themenstarter

Beiträge: 5
#5 CounterSpy hat folgendes gefunden:

Scan History Details
Start Date: 03.07.2007 14:02:12
End Date: 03.07.2007 14:43:31
Total Time: 41 Min 19 Sec
Detected security risks

Cookie: DoubleClick Cookie (General) more information...
Details: Cookies are small "data tags" that web sites store on PCs in order to recognize unique visitors. Cookies are used to identify returning visitors who have registered for special services; to measure and analyze visitors' use of web site features; to count unique visitors to web pages; and to allow web surfers to use virtual "shopping carts." Online advertising networks use cookies to track users across web sites and to measure ad impressions and click-throughs.
Status: Ignored

Cookies detected
c:\dokumente und einstellungen\rita\cookies\rita@doubleclick[1].txt


WhenU.Save Adware (General) more information...
Details: WhenU.SaveNow is an adware application that displays pop-up advertising on the desktop in response to users' web browsing.
Status: Ignored

Files detected
C:\Programme\DAEMON Tools\SetupDTSB.exe



Hijack This:

Logfile of HijackThis v1.99.1
Scan saved at 15:13:06, on 03.07.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\AntiVir PersonalEdition Classic\sched.exe
C:\Programme\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\RegSrvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\LTSMMSG.exe
C:\Programme\SigmaTel\SigmaTel AC97 Audio-Treiber\stacmon.exe
C:\Programme\Synaptics\SynTP\SynTPLpr.exe
C:\Programme\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\TFNF5.exe
C:\WINDOWS\system32\TPSMain.exe
C:\Programme\TOSHIBA\TOSHIBA Controls\TFncKy.exe
C:\Programme\Java\j2re1.4.2_03\bin\jusched.exe
C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe
C:\Programme\iTunes\iTunesHelper.exe
C:\Programme\QuickTime\qttask.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe
C:\Programme\DAEMON Tools\daemon.exe
C:\Programme\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\iPod\bin\iPodService.exe
C:\Programme\TOSHIBA\TOSCDSPD\toscdspd.exe
C:\Programme\Spybot - Search & Destroy\TeaTimer.exe
C:\Programme\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Programme\MySpace\IM\MySpaceIM.exe
C:\Programme\WEB.DE\WEB.DE SmartDrive Manager\DAVSRV.EXE
C:\Programme\OpenOffice.org 2.0\program\soffice.exe
C:\Programme\OpenOffice.org 2.0\program\soffice.BIN
C:\WINDOWS\System32\svchost.exe
C:\Programme\Mozilla Firefox\firefox.exe
C:\Programme\Sunbelt Software\CounterSpy\CounterSpy.exe
C:\Programme\Sunbelt Software\CounterSpy\SBCSSvc.exe
C:\Programme\Sunbelt Software\CounterSpy\SBCSTray.exe
C:\Programme\WinRAR\WinRAR.exe
C:\DOKUME~1\Manuel\LOKALE~1\Temp\Rar$EX00.836\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.mainz05.de/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programme\google\googletoolbar4.dll
O3 - Toolbar: Yahoo! Toolbar mit Pop-Up-Blocker - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programme\google\googletoolbar4.dll
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [LTSMMSG] LTSMMSG.exe
O4 - HKLM\..\Run: [SigmaTel StacMon] C:\Programme\SigmaTel\SigmaTel AC97 Audio-Treiber\stacmon.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Programme\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Programme\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [TFNF5] TFNF5.exe
O4 - HKLM\..\Run: [TouchED] C:\Programme\TOSHIBA\TouchED\TouchED.Exe
O4 - HKLM\..\Run: [000StTHK] 000StTHK.exe
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
O4 - HKLM\..\Run: [TFncKy] TFncKy.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programme\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [PRONoMgr.exe] c:\Programme\Intel\PROSetWireless\NCS\PROSet\PRONoMgr.exe
O4 - HKLM\..\Run: [avgnt] "C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programme\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Programme\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Programme\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programme\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SBCSTray] C:\Programme\Sunbelt Software\CounterSpy\SBCSTray.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [TOSCDSPD] C:\Programme\TOSHIBA\TOSCDSPD\toscdspd.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programme\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [swg] C:\Programme\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MySpaceIM] C:\Programme\MySpace\IM\MySpaceIM.exe
O4 - HKCU\..\Run: [WEB.DE_WEB.DE SmartDrive Manager] "C:\Programme\WEB.DE\WEB.DE SmartDrive Manager\DAVSRV.EXE" /hide
O4 - Startup: OpenOffice.org 2.0.lnk = C:\Programme\OpenOffice.org 2.0\program\quickstart.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1148564522000
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: Sebring - c:\WINDOWS\System32\LgNotify.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AntiVir PersonalEdition Classic Planer (AntiVirScheduler) - Avira GmbH - C:\Programme\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Programme\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Programme\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: RegSrvc - Intel Corporation - C:\WINDOWS\System32\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\WINDOWS\System32\S24EvMon.exe
O23 - Service: Sunbelt CounterSpy Antispyware (SBCSSvc) - Sunbelt Software - C:\Programme\Sunbelt Software\CounterSpy\SBCSSvc.exe
Seitenanfang Seitenende
03.07.2007, 15:27
Argus
Ehrenmitglied
Avatar Argus

Beiträge: 6028
#6 Counterspy kann wieder entfernt werden

Schliesse alle Fenster und starte Hijack This
Klicke: Do a Systemscan only
Setze ein Häckchen in das Kästchen vor den genannten Eintrag bei

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)

klicke: Fix checked

Dein Internet Explorer muss geschlossen wenn Du Fix Checked klickst

Dein Java software ist veraltet,download jre-6-windows-i586.exe
Srcolle runter nach ---->Java Runtime Environment (JRE) 6u1
The Java SE Runtime Environment (JRE) allows end-users to run Java applications.
Klicke auf "Download"
Setze in haeckchen bei --->"Accept License Agreement".
Klicke “Windows Offline Installation, Multi-language” um
“jre-6-windows-i586.exe”zum Desktop zu installieren
Schliesse alle Programme auch dein Webbrowser
Ueber "Start -> Einstellungen -> Systemsteuerung -> Software
Und entferne alle aeltere versionen von Java Runtime Environment (JRE of J2SE)
Nachdem alles entfernt wurde --->Rechner neu starten
Installiere jetzt vom Desktop aus ---> “jre-6-windows-i586.exe”

Man kann noch ein scan machen mit ein Virenscanner
Download SDFix zum Desktop

Starte im abgesicherten Modus:
http://www.bsi.bund.de/av/texte/wiederher.htm

SDFix.zip entpacken
unter C:\ findet man nun den SDFix-Ordner

Doppelklick RunThis.bat
Schreibe: Y folge allen Anweisungen
Dann wird der Rechner neustarten
SDFix entfernt jetzt die gefundene Objekte
Kopiere den Inhalt des Berichts “SophosReport.txt” der jetzt auf dein Desktop steht in diesen Thread
__________
MfG Argus
Seitenanfang Seitenende
03.07.2007, 17:51
Stulle
...neu hier

Themenstarter

Beiträge: 5
#7 So habe alles durchgeführt:
Ich muß zugeben das ich nicht so wirklich alles zu 100% verstanden habe was ich in den letzten beiden Tagen gemacht habe. Kann ich jetzt zu 100% sicher sein das kein Virus/Trojaner oder ähnliches auf dem Rechner war bzw. ist?
Vielen Dank schon mal für die Hilfe!

SDFix: Version 1.89

Run by Manuel on 03.07.2007 at 17:32

Microsoft Windows XP [Version 5.1.2600]

Running From: C:\SDFix

Safe Mode:
Checking Services:






Restoring Windows Registry Values
Restoring Windows Default Hosts File
Restoring Missing Security Center Service
Restoring Missing SharedAccess Service

Rebooting...


Normal Mode:
Checking Files:

No Trojan Files Found




Removing Temp Files...

ADS Check:

Checking C:\WINDOWS
C:\WINDOWS
No streams found.

Checking C:\WINDOWS\system32
C:\WINDOWS\system32
No streams found.

Checking C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
No streams found.

Checking C:\WINDOWS\system32\ntoskrnl.exe
C:\WINDOWS\system32\ntoskrnl.exe
No streams found.



Final Check:

Remaining Services:
------------------



Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

Remaining Files:
---------------


Files with Hidden Attributes:

C:\Programme\Picasa2\setup.exe
C:\Dokumente und Einstellungen\All Users\DRM\Cache\Indiv01.tmp

Finished
Seitenanfang Seitenende
03.07.2007, 17:59
raman
Moderator

Beiträge: 7805
#8 Zu 97% kann ich dir sagen, das da zu diesem Zeitpunkt nichts ist, bzw nicht die Malware die du vermutest(Haxdoor usw)
__________
MfG Ralf
SEO-Spam Hunter
Seitenanfang Seitenende
03.07.2007, 18:36
Stulle
...neu hier

Themenstarter

Beiträge: 5
#9 Danke für die Info.
Hm und die letzten 3%?
Seitenanfang Seitenende
Um auf dieses Thema zu ANTWORTEN
bitte erst » hier kostenlos registrieren!!

Folgende Themen könnten Dich auch interessieren:
Seite(n): 1