Home » Viren, Trojaner & Malware Forum » Rootkit Revealer » Themenansicht

Rootkit Revealer
#0
05.12.2007, 16:48
soegel
Member

Beiträge: 62
#1 Hallo, ich habe grade mal den Rootkit Revealer v1.7 durchlaufenlassen, und er hat eine Menge gefunden.
Was habe ich jetzt zu befürchten bzw. soll ich mit den gefundenen Dateien und Reg-einträgen tun?

und noch eine kleine Frage: Reicht die WINDOWS Firewall aus?

Hier noch die HijackThis-Log:

Logfile of HijackThis v1.99.1
Scan saved at 16:44:13, on 05.12.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Zitat

Running processes:
E:\WINDOWS\System32\smss.exe
E:\WINDOWS\system32\winlogon.exe
E:\WINDOWS\system32\services.exe
E:\WINDOWS\system32\lsass.exe
E:\WINDOWS\system32\Ati2evxx.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\System32\svchost.exe
E:\WINDOWS\system32\spoolsv.exe
F:\PROGZ\AntiVir PersonalEdition Classic\sched.exe
F:\PROGZ\AntiVir PersonalEdition Classic\avguard.exe
E:\WINDOWS\system32\PnkBstrA.exe
E:\WINDOWS\system32\Ati2evxx.exe
E:\WINDOWS\Explorer.EXE
E:\WINDOWS\system32\svchost.exe
F:\PROGZ\AntiVir PersonalEdition Classic\avgnt.exe
E:\Programme\ATI Technologies\ATI.ACE\cli.exe
E:\WINDOWS\system32\ctfmon.exe
E:\WINDOWS\system32\wscntfy.exe
E:\Programme\ATI Technologies\ATI.ACE\cli.exe
E:\Programme\ATI Technologies\ATI.ACE\cli.exe
F:\MISC\SETUPS\Anti Virus und Firewall\RootKit Revealer\RootkitRevealer.exe
F:\PROGZ\Spybot - Search & Destroy\SpybotSD.exe
F:\PROGZ\ICQ6\ICQ.exe
F:\PROGZ\Mozilla Firefox\firefox.exe
F:\PROGZ\HiJack This\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://google.icq.com/search/search_frame.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://google.icq.com
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - E:\Programme\Java\jre1.6.0_01\bin\ssv.dll
O4 - HKLM\..\Run: [avgnt] "F:\PROGZ\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [ATICCC] "E:\Programme\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKCU\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://F:\PROGZ\OFFICE~1\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Open with BitPump - F:\PROGZ\BitPump\ieint.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Programme\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Programme\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - F:\PROGZ\ICQLite\ICQLite.exe (file missing)
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - F:\PROGZ\ICQLite\ICQLite.exe (file missing)
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - F:\PROGZ\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - F:\PROGZ\ICQ6\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Programme\Messenger\msmsgs.exe
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O23 - Service: Adobe LM Service - Unknown owner - E:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AntiVir PersonalEdition Classic Planer (AntiVirScheduler) - Avira GmbH - F:\PROGZ\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - F:\PROGZ\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - E:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - E:\WINDOWS\system32\ati2sgag.exe
O23 - Service: PnkBstrA - Unknown owner - E:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: XOHGGPWCX - Sysinternals - www.sysinternals.com - E:\DOKUME~1\SOEGEL~1.BIE\LOKALE~1\Temp\XOHGGPWCX.exe
thx soegel
Dieser Beitrag wurde am 05.12.2007 um 17:03 Uhr von soegel editiert.
Seitenanfang Seitenende
06.12.2007, 16:52
Chris4You
Member
Avatar Chris4You

Beiträge: 694
#2 Hi,

der Rootkit Revealer ist sehr detailliert, d. h. man muss genau wissen was man macht! Er meldet z. B. Reg-0-Keys etc. Daher würde ich die Finger davon lassen, irgendetwas zu löschen. Benutze gmer und lass den mal prüfen und poste das Log:
http://virus-protect.org/artikel/tools/gmer.html

chris
Seitenanfang Seitenende
06.12.2007, 18:41
soegel
Member

Themenstarter

Beiträge: 62
#3 Also in der Anleitung steht ja man soll das posten, was gleich nach dem start des programms angezeigt wird. das wäre das hier:

Zitat

GMER 1.0.13.12551 - http://www.gmer.net
Rootkit scan 2007-12-06 17:55:36
Windows 5.1.2600 Service Pack 2


---- System - GMER 1.0.13 ----

SSDT sptd.sys ZwEnumerateKey
SSDT sptd.sys ZwEnumerateValueKey

Device \FileSystem\Ntfs \Ntfs IRP_MJ_CREATE 823910E8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_CLOSE 823910E8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_READ 823910E8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_WRITE 823910E8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_INFORMATION 823910E8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_SET_INFORMATION 823910E8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_EA 823910E8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_SET_EA 823910E8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_FLUSH_BUFFERS 823910E8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_VOLUME_INFORMATION 823910E8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_SET_VOLUME_INFORMATION 823910E8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_DIRECTORY_CONTROL 823910E8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_FILE_SYSTEM_CONTROL 823910E8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_DEVICE_CONTROL 823910E8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_SHUTDOWN 823910E8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_LOCK_CONTROL 823910E8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_CLEANUP 823910E8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_SECURITY 823910E8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_SET_SECURITY 823910E8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_QUOTA 823910E8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_SET_QUOTA 823910E8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_PNP 823910E8

AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CREATE [F967BF70] fltMgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CREATE_NAMED_PIPE [F967BF70] fltMgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CLOSE [F966FF08] fltMgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_READ [F966FF08] fltMgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_WRITE [F966FF08] fltMgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_INFORMATION [F966FF08] fltMgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_INFORMATION [F966FF08] fltMgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_EA [F966FF08] fltMgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_EA [F966FF08] fltMgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_FLUSH_BUFFERS [F966FF08] fltMgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_VOLUME_INFORMATION [F966FF08] fltMgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_VOLUME_INFORMATION [F966FF08] fltMgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_DIRECTORY_CONTROL [F966FF08] fltMgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_FILE_SYSTEM_CONTROL [F967C160] fltMgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_DEVICE_CONTROL [F966FF08] fltMgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_INTERNAL_DEVICE_CONTROL [F966FF08] fltMgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SHUTDOWN [F966FF08] fltMgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_LOCK_CONTROL [F966FF08] fltMgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CLEANUP [F966FF08] fltMgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CREATE_MAILSLOT [F967BF70] fltMgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_SECURITY [F966FF08] fltMgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_SECURITY [F966FF08] fltMgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_POWER [F966FF08] fltMgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SYSTEM_CONTROL [F966FF08] fltMgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_DEVICE_CHANGE [F966FF08] fltMgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_QUOTA [F966FF08] fltMgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_QUOTA [F966FF08] fltMgr.sys

---- EOF - GMER 1.0.13 ----
bei einem vollständigen scan ist mein rechner dann hängen geblieben, so dass ich netzschalter benutzen musste. ich bin mir fast sicher das es am scan lag, da ich solche hartnäckigen Aufh änger sonst eußerst selten hab...

Am anfang des scans wurde das hier gefunden, ist aber durch den absturz unvollständig:






Zitat

GMER 1.0.13.12551 - http://www.gmer.net
Rootkit scan 2007-12-06 18:40:15
Windows 5.1.2600 Service Pack 2


---- System - GMER 1.0.13 ----

SSDT sptd.sys ZwCreateKey
SSDT F9E9C384 ZwCreateThread
SSDT sptd.sys ZwEnumerateKey
SSDT sptd.sys ZwEnumerateValueKey
SSDT sptd.sys ZwOpenKey
SSDT F9E9C370 ZwOpenProcess
SSDT F9E9C375 ZwOpenThread
SSDT sptd.sys ZwQueryKey
SSDT sptd.sys ZwQueryValueKey
SSDT sptd.sys ZwSetValueKey
SSDT F9E9C37F ZwTerminateProcess
SSDT F9E9C37A ZwWriteVirtualMemory

---- Kernel code sections - GMER 1.0.13 ----

? E:\WINDOWS\system32\drivers\sptd.sys Der Prozess kann nicht auf die Datei zugreifen, da sie von einem anderen Prozess verwendet wird.
? E:\WINDOWS\System32\Drivers\SPTD8845.SYS Der Prozess kann nicht auf die Datei zugreifen, da sie von einem anderen Prozess verwendet wird.
? E:\WINDOWS\System32\Drivers\dtscsi.sys Der Prozess kann nicht auf die Datei zugreifen, da sie von einem anderen Prozess verwendet wird.

---- Kernel IAT/EAT - GMER 1.0.13 ----

IAT pci.sys[ntoskrnl.exe!IoDetachDevice] [F974EDB2] sptd.sys
IAT pci.sys[ntoskrnl.exe!IoAttachDeviceToDeviceStack] [F976471E] sptd.sys
IAT ftdisk.sys[ntoskrnl.exe!IoGetAttachedDeviceReference] [F974F3B2] sptd.sys
IAT ftdisk.sys[ntoskrnl.exe!IoGetDeviceObjectPointer] [F974F2B6] sptd.sys
IAT ftdisk.sys[ntoskrnl.exe!IofCallDriver] [F974F482] sptd.sys
IAT dmio.sys[ntoskrnl.exe!IofCallDriver] [F974F482] sptd.sys
IAT dmio.sys[ntoskrnl.exe!IoGetAttachedDeviceReference] [F974F3B2] sptd.sys
IAT dmio.sys[ntoskrnl.exe!IoGetDeviceObjectPointer] [F974F2B6] sptd.sys
IAT PartMgr.sys[ntoskrnl.exe!IoAttachDeviceToDeviceStack] [F9764032] sptd.sys
IAT PartMgr.sys[ntoskrnl.exe!IoDetachDevice] [F974EF6E] sptd.sys
IAT atapi.sys[ntoskrnl.exe!IofCompleteRequest] [F9763C76] sptd.sys
IAT atapi.sys[ntoskrnl.exe!IoConnectInterrupt] [F974EE06] sptd.sys
IAT atapi.sys[HAL.dll!READ_PORT_UCHAR] [F9741A32] sptd.sys
IAT atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT] [F9741B6E] sptd.sys
IAT atapi.sys[HAL.dll!READ_PORT_USHORT] [F9741AF6] sptd.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT] [F97426CC] sptd.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_UCHAR] [F97425A2] sptd.sys
IAT disk.sys[ntoskrnl.exe!IoAttachDeviceToDeviceStack] [F9764864] sptd.sys
IAT \WINDOWS\system32\DRIVERS\CLASSPNP.SYS[ntoskrnl.exe!IoDetachDevice] [F9753F78] sptd.sys
IAT \SystemRoot\system32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [F9763C82] sptd.sys
IAT \SystemRoot\system32\DRIVERS\cdrom.sys[ntoskrnl.exe!IoAttachDeviceToDeviceStack] [F9764864] sptd.sys
IAT \SystemRoot\system32\DRIVERS\USBPORT.SYS[ntoskrnl.exe!IofCompleteRequest] [F9763C76] sptd.sys
IAT \SystemRoot\system32\DRIVERS\rdbss.sys[ntoskrnl.exe!IofCallDriver] [F9741020] sptd.sys
IAT \SystemRoot\system32\DRIVERS\mrxsmb.sys[ntoskrnl.exe!IofCallDriver] [F9741020] sptd.sys

Device \FileSystem\Ntfs \Ntfs IRP_MJ_CREATE 82393EB0
Device \FileSystem\Ntfs \Ntfs IRP_MJ_CLOSE 82393EB0
Device \FileSystem\Ntfs \Ntfs IRP_MJ_READ 82393EB0
Device \FileSystem\Ntfs \Ntfs IRP_MJ_WRITE 82393EB0
Device \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_INFORMATION 82393EB0
Device \FileSystem\Ntfs \Ntfs IRP_MJ_SET_INFORMATION 82393EB0
Device \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_EA 82393EB0
Device \FileSystem\Ntfs \Ntfs IRP_MJ_SET_EA 82393EB0
Device \FileSystem\Ntfs \Ntfs IRP_MJ_FLUSH_BUFFERS 82393EB0
Device \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_VOLUME_INFORMATION 82393EB0
Device \FileSystem\Ntfs \Ntfs IRP_MJ_SET_VOLUME_INFORMATION 82393EB0
Device \FileSystem\Ntfs \Ntfs IRP_MJ_DIRECTORY_CONTROL 82393EB0
Device \FileSystem\Ntfs \Ntfs IRP_MJ_FILE_SYSTEM_CONTROL 82393EB0
Device \FileSystem\Ntfs \Ntfs IRP_MJ_DEVICE_CONTROL 82393EB0
Device \FileSystem\Ntfs \Ntfs IRP_MJ_SHUTDOWN 82393EB0
Device \FileSystem\Ntfs \Ntfs IRP_MJ_LOCK_CONTROL 82393EB0
Device \FileSystem\Ntfs \Ntfs IRP_MJ_CLEANUP 82393EB0
Device \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_SECURITY 82393EB0
Device \FileSystem\Ntfs \Ntfs IRP_MJ_SET_SECURITY 82393EB0
Device \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_QUOTA 82393EB0
Device \FileSystem\Ntfs \Ntfs IRP_MJ_SET_QUOTA 82393EB0
Device \FileSystem\Ntfs \Ntfs IRP_MJ_PNP 82393EB0

AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CREATE [F967BF70] fltMgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CREATE_NAMED_PIPE [F967BF70] fltMgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CLOSE [F966FF08] fltMgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_READ [F966FF08] fltMgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_WRITE [F966FF08] fltMgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_INFORMATION [F966FF08] fltMgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_INFORMATION [F966FF08] fltMgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_EA [F966FF08] fltMgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_EA [F966FF08] fltMgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_FLUSH_BUFFERS [F966FF08] fltMgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_VOLUME_INFORMATION [F966FF08] fltMgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_VOLUME_INFORMATION [F966FF08] fltMgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_DIRECTORY_CONTROL [F966FF08] fltMgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_FILE_SYSTEM_CONTROL [F967C160] fltMgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_DEVICE_CONTROL [F966FF08] fltMgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_INTERNAL_DEVICE_CONTROL [F966FF08] fltMgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SHUTDOWN [F966FF08] fltMgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_LOCK_CONTROL [F966FF08] fltMgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CLEANUP [F966FF08] fltMgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CREATE_MAILSLOT [F967BF70] fltMgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_SECURITY [F966FF08] fltMgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_SECURITY [F966FF08] fltMgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_POWER [F966FF08] fltMgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SYSTEM_CONTROL [F966FF08] fltMgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_DEVICE_CHANGE [F966FF08] fltMgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_QUOTA [F966FF08] fltMgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_QUOTA [F966FF08] fltMgr.sys

Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_CREATE 823DF6E0
Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_CLOSE 823DF6E0
Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_READ 823DF6E0
Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_WRITE 823DF6E0
Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_FLUSH_BUFFERS 823DF6E0
Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_DEVICE_CONTROL 823DF6E0
Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_INTERNAL_DEVICE_CONTROL 823DF6E0
Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_SHUTDOWN 823DF6E0
Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_POWER 823DF6E0
Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_SYSTEM_CONTROL 823DF6E0
Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_PNP 823DF6E0
Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_CREATE 823DF6E0
Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_CLOSE 823DF6E0
Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_READ 823DF6E0
Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_WRITE 823DF6E0
Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_FLUSH_BUFFERS 823DF6E0
Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_DEVICE_CONTROL 823DF6E0
Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_INTERNAL_DEVICE_CONTROL 823DF6E0
Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_SHUTDOWN 823DF6E0
Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_POWER 823DF6E0
Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_SYSTEM_CONTROL 823DF6E0
Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_PNP 823DF6E0
Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_CREATE 823DF6E0
Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_CLOSE 823DF6E0
Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_READ 823DF6E0
Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_WRITE 823DF6E0
Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_FLUSH_BUFFERS 823DF6E0
Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_DEVICE_CONTROL 823DF6E0
Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_INTERNAL_DEVICE_CONTROL 823DF6E0
Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_SHUTDOWN 823DF6E0
Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_POWER 823DF6E0
Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_SYSTEM_CONTROL 823DF6E0
Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_PNP 823DF6E0
Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_CREATE 823DF6E0
Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_CLOSE 823DF6E0
Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_READ 823DF6E0
Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_WRITE 823DF6E0
Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_FLUSH_BUFFERS 823DF6E0
Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_DEVICE_CONTROL 823DF6E0
Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_INTERNAL_DEVICE_CONTROL 823DF6E0
Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_SHUTDOWN 823DF6E0
Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_POWER 823DF6E0
Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_SYSTEM_CONTROL 823DF6E0
Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_PNP 823DF6E0
Device \Driver\00000160 \Device\00000045 IRP_MJ_POWER [F974CEA8] sptd.sys
Device \Driver\00000160 \Device\00000045 IRP_MJ_SYSTEM_CONTROL [F9760A70] sptd.sys
Device \Driver\00000160 \Device\00000045 IRP_MJ_PNP [F9759728] sptd.sys
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_CREATE 823DF918
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_READ 823DF918
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_WRITE 823DF918
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_FLUSH_BUFFERS 823DF918
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_DEVICE_CONTROL 823DF918
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_INTERNAL_DEVICE_CONTROL 823DF918
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_SHUTDOWN 823DF918
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_CLEANUP 823DF918
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_POWER 823DF918
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_SYSTEM_CONTROL 823DF918
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_PNP 823DF918
Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_CREATE 823DF918
Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_READ 823DF918
Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_WRITE 823DF918
Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_FLUSH_BUFFERS 823DF918
Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_DEVICE_CONTROL 823DF918
Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_INTERNAL_DEVICE_CONTROL 823DF918
Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_SHUTDOWN 823DF918
Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_CLEANUP 823DF918
Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_POWER 823DF918
Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_SYSTEM_CONTROL 823DF918
Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_PNP 823DF918
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_CREATE 8226B0E8
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_CLOSE 8226B0E8
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_READ 8226B0E8
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_WRITE 8226B0E8
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_FLUSH_BUFFERS 8226B0E8
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_DEVICE_CONTROL 8226B0E8
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_INTERNAL_DEVICE_CONTROL 8226B0E8
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SHUTDOWN 8226B0E8
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_POWER 8226B0E8
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SYSTEM_CONTROL 8226B0E8
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_PNP 8226B0E8
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_CREATE 822070E8
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_CREATE_NAMED_PIPE 822070E8
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_CLOSE 822070E8
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_READ 822070E8
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_WRITE 822070E8
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_QUERY_INFORMATION 822070E8
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_SET_INFORMATION 822070E8
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_QUERY_EA 822070E8
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_SET_EA 822070E8
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_FLUSH_BUFFERS 822070E8
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_QUERY_VOLUME_INFORMATION 822070E8
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_SET_VOLUME_INFORMATION 822070E8
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_DIRECTORY_CONTROL 822070E8
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_FILE_SYSTEM_CONTROL 822070E8
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_DEVICE_CONTROL 822070E8
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_INTERNAL_DEVICE_CONTROL 822070E8
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_SHUTDOWN 822070E8
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_LOCK_CONTROL 822070E8
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_CLEANUP 822070E8
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_CREATE_MAILSLOT 822070E8
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_QUERY_SECURITY 822070E8
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_SET_SECURITY 822070E8
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_POWER 822070E8
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_SYSTEM_CONTROL 822070E8
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_DEVICE_CHANGE 822070E8
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_QUERY_QUOTA 822070E8
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_SET_QUOTA 822070E8
Device \Driver\Ftdisk \Device\HarddiskVolume3 IRP_MJ_CREATE 823DF918
Device \Driver\Ftdisk \Device\HarddiskVolume3 IRP_MJ_READ 823DF918
Device \Driver\Ftdisk \Device\HarddiskVolume3 IRP_MJ_WRITE 823DF918
Device \Driver\Ftdisk \Device\HarddiskVolume3 IRP_MJ_FLUSH_BUFFERS 823DF918
Device \Driver\Ftdisk \Device\HarddiskVolume3 IRP_MJ_DEVICE_CONTROL 823DF918
Device \Driver\Ftdisk \Device\HarddiskVolume3 IRP_MJ_INTERNAL_DEVICE_CONTROL 823DF918
Device \Driver\Ftdisk \Device\HarddiskVolume3 IRP_MJ_SHUTDOWN 823DF918
Device \Driver\Ftdisk \Device\HarddiskVolume3 IRP_MJ_CLEANUP 823DF918
Device \Driver\Ftdisk \Device\HarddiskVolume3 IRP_MJ_POWER 823DF918
Device \Driver\Ftdisk \Device\HarddiskVolume3 IRP_MJ_SYSTEM_CONTROL 823DF918
Device \Driver\Ftdisk \Device\HarddiskVolume3 IRP_MJ_PNP 823DF918
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_CREATE 8226B0E8
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_CLOSE 8226B0E8
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_READ 8226B0E8
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_WRITE 8226B0E8
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_FLUSH_BUFFERS 8226B0E8
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_DEVICE_CONTROL 8226B0E8
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_INTERNAL_DEVICE_CONTROL 8226B0E8
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SHUTDOWN 8226B0E8
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_POWER 8226B0E8
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SYSTEM_CONTROL 8226B0E8
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_PNP 8226B0E8
Device \Driver\Ftdisk \Device\HarddiskVolume4 IRP_MJ_CREATE 823DF918
Device \Driver\Ftdisk \Device\HarddiskVolume4 IRP_MJ_READ 823DF918
Device \Driver\Ftdisk \Device\HarddiskVolume4 IRP_MJ_WRITE 823DF918
Device \Driver\Ftdisk \Device\HarddiskVolume4 IRP_MJ_FLUSH_BUFFERS 823DF918
Device \Driver\Ftdisk \Device\HarddiskVolume4 IRP_MJ_DEVICE_CONTROL 823DF918
Device \Driver\Ftdisk \Device\HarddiskVolume4 IRP_MJ_INTERNAL_DEVICE_CONTROL 823DF918
Device \Driver\Ftdisk \Device\HarddiskVolume4 IRP_MJ_SHUTDOWN 823DF918
Device \Driver\Ftdisk \Device\HarddiskVolume4 IRP_MJ_CLEANUP 823DF918
Device \Driver\Ftdisk \Device\HarddiskVolume4 IRP_MJ_POWER 823DF918
Device \Driver\Ftdisk \Device\HarddiskVolume4 IRP_MJ_SYSTEM_CONTROL 823DF918
Device \Driver\Ftdisk \Device\HarddiskVolume4 IRP_MJ_PNP 823DF918
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_CREATE 8226B0E8
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_CLOSE 8226B0E8
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_READ 8226B0E8
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_WRITE 8226B0E8
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_FLUSH_BUFFERS 8226B0E8
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_DEVICE_CONTROL 8226B0E8
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_INTERNAL_DEVICE_CONTROL 8226B0E8
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_SHUTDOWN 8226B0E8
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_POWER 8226B0E8
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_SYSTEM_CONTROL 8226B0E8
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_PNP 8226B0E8
Device \Driver\Cdrom \Device\CdRom3 IRP_MJ_CREATE 8226B0E8
Device \Driver\Cdrom \Device\CdRom3 IRP_MJ_CLOSE 8226B0E8
Device \Driver\Cdrom \Device\CdRom3 IRP_MJ_READ 8226B0E8
Device \Driver\Cdrom \Device\CdRom3 IRP_MJ_WRITE 8226B0E8
Device \Driver\Cdrom \Device\CdRom3 IRP_MJ_FLUSH_BUFFERS 8226B0E8
Device \Driver\Cdrom \Device\CdRom3 IRP_MJ_DEVICE_CONTROL 8226B0E8
Device \Driver\Cdrom \Device\CdRom3 IRP_MJ_INTERNAL_DEVICE_CONTROL 8226B0E8
Device \Driver\Cdrom \Device\CdRom3 IRP_MJ_SHUTDOWN 8226B0E8
Device \Driver\Cdrom \Device\CdRom3 IRP_MJ_POWER 8226B0E8
Device \Driver\Cdrom \Device\CdRom3 IRP_MJ_SYSTEM_CONTROL 8226B0E8
Device \Driver\Cdrom \Device\CdRom3 IRP_MJ_PNP 8226B0E8
Device \Driver\Cdrom \Device\CdRom4 IRP_MJ_CREATE 8226B0E8
Device \Driver\Cdrom \Device\CdRom4 IRP_MJ_CLOSE 8226B0E8
Device \Driver\Cdrom \Device\CdRom4 IRP_MJ_READ 8226B0E8
Device \Driver\Cdrom \Device\CdRom4 IRP_MJ_WRITE 8226B0E8
Device \Driver\Cdrom \Device\CdRom4 IRP_MJ_FLUSH_BUFFERS 8226B0E8
Device \Driver\Cdrom \Device\CdRom4 IRP_MJ_DEVICE_CONTROL 8226B0E8
Device \Driver\Cdrom \Device\CdRom4 IRP_MJ_INTERNAL_DEVICE_CONTROL 8226B0E8
Device \Driver\Cdrom \Device\CdRom4 IRP_MJ_SHUTDOWN 8226B0E8
Device \Driver\Cdrom \Device\CdRom4 IRP_MJ_POWER 8226B0E8
Device \Driver\Cdrom \Device\CdRom4 IRP_MJ_SYSTEM_CONTROL 8226B0E8
Device \Driver\Cdrom \Device\CdRom4 IRP_MJ_PNP 8226B0E8
Device \Driver\NetBT \Device\NetBt_Wins_Export IRP_MJ_CREATE 821F4A28
Device \Driver\NetBT \Device\NetBt_Wins_Export IRP_MJ_CLOSE 821F4A28
Device \Driver\NetBT \Device\NetBt_Wins_Export IRP_MJ_DEVICE_CONTROL 821F4A28
Device \Driver\NetBT \Device\NetBt_Wins_Export IRP_MJ_INTERNAL_DEVICE_CONTROL 821F4A28
Device \Driver\NetBT \Device\NetBt_Wins_Export IRP_MJ_CLEANUP 821F4A28
Device \Driver\NetBT \Device\NetBt_Wins_Export IRP_MJ_PNP 821F4A28
Device \Driver\NetBT \Device\NetbiosSmb IRP_MJ_CREATE 821F4A28
Device \Driver\NetBT \Device\NetbiosSmb IRP_MJ_CLOSE 821F4A28
Device \Driver\NetBT \Device\NetbiosSmb IRP_MJ_DEVICE_CONTROL 821F4A28
Device \Driver\NetBT \Device\NetbiosSmb IRP_MJ_INTERNAL_DEVICE_CONTROL 821F4A28
Device \Driver\NetBT \Device\NetbiosSmb IRP_MJ_CLEANUP 821F4A28
Device \Driver\NetBT \Device\NetbiosSmb IRP_MJ_PNP 821F4A28
Device \Driver\Disk \Device\Harddisk0\DR0 IRP_MJ_CREATE 823930E8
Device \Driver\Disk \Device\Harddisk0\DR0 IRP_MJ_CLOSE 823930E8
Device \Driver\Disk \Device\Harddisk0\DR0 IRP_MJ_READ 823930E8
Device \Driver\Disk \Device\Harddisk0\DR0 IRP_MJ_WRITE 823930E8
Device \Driver\Disk \Device\Harddisk0\DR0 IRP_MJ_FLUSH_BUFFERS 823930E8
Device \Driver\Disk \Device\Harddisk0\DR0 IRP_MJ_DEVICE_CONTROL 823930E8
Device \Driver\Disk \Device\Harddisk0\DR0 IRP_MJ_INTERNAL_DEVICE_CONTROL 823930E8
Device \Driver\Disk \Device\Harddisk0\DR0 IRP_MJ_SHUTDOWN 823930E8
Device \Driver\Disk \Device\Harddisk0\DR0 IRP_MJ_POWER 823930E8
Device \Driver\Disk \Device\Harddisk0\DR0 IRP_MJ_SYSTEM_CONTROL 823930E8
Device \Driver\Disk \Device\Harddisk0\DR0 IRP_MJ_PNP 823930E8
Device \Driver\Disk \Device\Harddisk1\DR1 IRP_MJ_CREATE 823930E8
Device \Driver\Disk \Device\Harddisk1\DR1 IRP_MJ_CLOSE 823930E8
Device \Driver\Disk \Device\Harddisk1\DR1 IRP_MJ_READ 823930E8
Device \Driver\Disk \Device\Harddisk1\DR1 IRP_MJ_WRITE 823930E8
Device \Driver\Disk \Device\Harddisk1\DR1 IRP_MJ_FLUSH_BUFFERS 823930E8
Device \Driver\Disk \Device\Harddisk1\DR1 IRP_MJ_DEVICE_CONTROL 823930E8
Device \Driver\Disk \Device\Harddisk1\DR1 IRP_MJ_INTERNAL_DEVICE_CONTROL 823930E8
Device \Driver\Disk \Device\Harddisk1\DR1 IRP_MJ_SHUTDOWN 823930E8
Device \Driver\Disk \Device\Harddisk1\DR1 IRP_MJ_POWER 823930E8
Device \Driver\Disk \Device\Harddisk1\DR1 IRP_MJ_SYSTEM_CONTROL 823930E8
Device \Driver\Disk \Device\Harddisk1\DR1 IRP_MJ_PNP 823930E8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_CREATE 8218C660
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_CREATE_NAMED_PIPE 8218C660
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_CLOSE 8218C660
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_READ 8218C660
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_WRITE 8218C660
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_QUERY_INFORMATION 8218C660
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SET_INFORMATION 8218C660
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_QUERY_EA 8218C660
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SET_EA 8218C660
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_FLUSH_BUFFERS 8218C660
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_QUERY_VOLUME_INFORMATION 8218C660
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SET_VOLUME_INFORMATION 8218C660
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_DIRECTORY_CONTROL 8218C660
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_FILE_SYSTEM_CONTROL 8218C660
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_DEVICE_CONTROL 8218C660
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_INTERNAL_DEVICE_CONTROL 8218C660
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SHUTDOWN 8218C660
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_LOCK_CONTROL 8218C660
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_CLEANUP 8218C660
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_CREATE_MAILSLOT 8218C660
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_QUERY_SECURITY 8218C660
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SET_SECURITY 8218C660
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_POWER 8218C660
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SYSTEM_CONTROL 8218C660
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_DEVICE_CHANGE 8218C660
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_QUERY_QUOTA 8218C660
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SET_QUOTA 8218C660
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_PNP 8218C660
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_CREATE 8218C660
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_CREATE_NAMED_PIPE 8218C660
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_CLOSE 8218C660
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_READ 8218C660
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_WRITE 8218C660
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_QUERY_INFORMATION 8218C660
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SET_INFORMATION 8218C660
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_QUERY_EA 8218C660
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SET_EA 8218C660
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_FLUSH_BUFFERS 8218C660
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_QUERY_VOLUME_INFORMATION 8218C660
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SET_VOLUME_INFORMATION 8218C660
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_DIRECTORY_CONTROL 8218C660
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_FILE_SYSTEM_CONTROL 8218C660
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_DEVICE_CONTROL 8218C660
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_INTERNAL_DEVICE_CONTROL 8218C660
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SHUTDOWN 8218C660
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_LOCK_CONTROL 8218C660
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_CLEANUP 8218C660
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_CREATE_MAILSLOT 8218C660
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_QUERY_SECURITY 8218C660
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SET_SECURITY 8218C660
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_POWER 8218C660
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SYSTEM_CONTROL 8218C660
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_DEVICE_CHANGE 8218C660
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_QUERY_QUOTA 8218C660
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SET_QUOTA 8218C660
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_PNP 8218C660
Device \FileSystem\Npfs \Device\NamedPipe IRP_MJ_CREATE 821E2EB0
Device \FileSystem\Npfs \Device\NamedPipe IRP_MJ_CREATE_NAMED_PIPE 821E2EB0
Device \FileSystem\Npfs \Device\NamedPipe IRP_MJ_CLOSE 821E2EB0
Device \FileSystem\Npfs \Device\NamedPipe IRP_MJ_READ 821E2EB0
Device \FileSystem\Npfs \Device\NamedPipe IRP_MJ_WRITE 821E2EB0
Device \FileSystem\Npfs \Device\NamedPipe IRP_MJ_QUERY_INFORMATION 821E2EB0
Device \FileSystem\Npfs \Device\NamedPipe IRP_MJ_SET_INFORMATION 821E2EB0
Device \FileSystem\Npfs \Device\NamedPipe IRP_MJ_FLUSH_BUFFERS 821E2EB0
Device \FileSystem\Npfs \Device\NamedPipe IRP_MJ_QUERY_VOLUME_INFORMATION 821E2EB0
Device \FileSystem\Npfs \Device\NamedPipe IRP_MJ_DIRECTORY_CONTROL 821E2EB0
Device \FileSystem\Npfs \Device\NamedPipe IRP_MJ_FILE_SYSTEM_CONTROL 821E2EB0
Device \FileSystem\Npfs \Device\NamedPipe IRP_MJ_CLEANUP 821E2EB0
Device \FileSystem\Npfs \Device\NamedPipe IRP_MJ_QUERY_SECURITY 821E2EB0
Device \FileSystem\Npfs \Device\NamedPipe IRP_MJ_SET_SECURITY 821E2EB0
Device \Driver\NetBT \Device\NetBT_Tcpip_{FA2BFDB2-9DAE-4151-B357-92B0EFFAB99F} IRP_MJ_CREATE 821F4A28
Device \Driver\NetBT \Device\NetBT_Tcpip_{FA2BFDB2-9DAE-4151-B357-92B0EFFAB99F} IRP_MJ_CLOSE 821F4A28
Device \Driver\NetBT \Device\NetBT_Tcpip_{FA2BFDB2-9DAE-4151-B357-92B0EFFAB99F} IRP_MJ_DEVICE_CONTROL 821F4A28
Device \Driver\NetBT \Device\NetBT_Tcpip_{FA2BFDB2-9DAE-4151-B357-92B0EFFAB99F} IRP_MJ_INTERNAL_DEVICE_CONTROL 821F4A28
Device \Driver\NetBT \Device\NetBT_Tcpip_{FA2BFDB2-9DAE-4151-B357-92B0EFFAB99F} IRP_MJ_CLEANUP 821F4A28
Device \Driver\NetBT \Device\NetBT_Tcpip_{FA2BFDB2-9DAE-4151-B357-92B0EFFAB99F} IRP_MJ_PNP 821F4A28
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_CREATE 823DF918
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_READ 823DF918
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_WRITE 823DF918
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_FLUSH_BUFFERS 823DF918
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_DEVICE_CONTROL 823DF918
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_INTERNAL_DEVICE_CONTROL 823DF918
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_SHUTDOWN 823DF918
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_CLEANUP 823DF918
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_POWER 823DF918
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_SYSTEM_CONTROL 823DF918
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_PNP 823DF918
Device \FileSystem\Msfs \Device\Mailslot IRP_MJ_CREATE 821FEAE0
Device \FileSystem\Msfs \Device\Mailslot IRP_MJ_CLOSE 821FEAE0
Device \FileSystem\Msfs \Device\Mailslot IRP_MJ_READ 821FEAE0
Device \FileSystem\Msfs \Device\Mailslot IRP_MJ_WRITE 821FEAE0
Device \FileSystem\Msfs \Device\Mailslot IRP_MJ_QUERY_INFORMATION 821FEAE0
Device \FileSystem\Msfs \Device\Mailslot IRP_MJ_SET_INFORMATION 821FEAE0
Device \FileSystem\Msfs \Device\Mailslot IRP_MJ_QUERY_VOLUME_INFORMATION 821FEAE0
Device \FileSystem\Msfs \Device\Mailslot IRP_MJ_DIRECTORY_CONTROL 821FEAE0
Device \FileSystem\Msfs \Device\Mailslot IRP_MJ_FILE_SYSTEM_CONTROL 821FEAE0
Device \FileSystem\Msfs \Device\Mailslot IRP_MJ_CLEANUP 821FEAE0
Device \FileSystem\Msfs \Device\Mailslot IRP_MJ_CREATE_MAILSLOT 821FEAE0
Device \FileSystem\Msfs \Device\Mailslot IRP_MJ_QUERY_SECURITY 821FEAE0
Device \FileSystem\Msfs \Device\Mailslot IRP_MJ_SET_SECURITY 821FEAE0
Device \Driver\dtscsi \Device\Scsi\dtscsi1Port2Path0Target1Lun0 IRP_MJ_CREATE 821D5A20
Device \Driver\dtscsi \Device\Scsi\dtscsi1Port2Path0Target1Lun0 IRP_MJ_CLOSE 821D5A20
Device \Driver\dtscsi \Device\Scsi\dtscsi1Port2Path0Target1Lun0 IRP_MJ_DEVICE_CONTROL 821D5A20
Device \Driver\dtscsi \Device\Scsi\dtscsi1Port2Path0Target1Lun0 IRP_MJ_INTERNAL_DEVICE_CONTROL 821D5A20
Device \Driver\dtscsi \Device\Scsi\dtscsi1Port2Path0Target1Lun0 IRP_MJ_POWER 821D5A20
Device \Driver\dtscsi \Device\Scsi\dtscsi1Port2Path0Target1Lun0 IRP_MJ_SYSTEM_CONTROL 821D5A20
Device \Driver\dtscsi \Device\Scsi\dtscsi1Port2Path0Target1Lun0 IRP_MJ_PNP 821D5A20
Device \Driver\dtscsi \Device\Scsi\dtscsi1Port2Path0Target0Lun0 IRP_MJ_CREATE 821D5A20
Device \Driver\dtscsi \Device\Scsi\dtscsi1Port2Path0Target0Lun0 IRP_MJ_CLOSE 821D5A20
Device \Driver\dtscsi \Device\Scsi\dtscsi1Port2Path0Target0Lun0 IRP_MJ_DEVICE_CONTROL 821D5A20
Device \Driver\dtscsi \Device\Scsi\dtscsi1Port2Path0Target0Lun0 IRP_MJ_INTERNAL_DEVICE_CONTROL 821D5A20
Device \Driver\dtscsi \Device\Scsi\dtscsi1Port2Path0Target0Lun0 IRP_MJ_POWER 821D5A20
Device \Driver\dtscsi \Device\Scsi\dtscsi1Port2Path0Target0Lun0 IRP_MJ_SYSTEM_CONTROL 821D5A20
Device \Driver\dtscsi \Device\Scsi\dtscsi1Port2Path0Target0Lun0 IRP_MJ_PNP 821D5A20
Device \Driver\dtscsi \Device\Scsi\dtscsi1Port2Path0Target2Lun0 IRP_MJ_CREATE 821D5A20
Device \Driver\dtscsi \Device\Scsi\dtscsi1Port2Path0Target2Lun0 IRP_MJ_CLOSE 821D5A20
Device \Driver\dtscsi \Device\Scsi\dtscsi1Port2Path0Target2Lun0 IRP_MJ_DEVICE_CONTROL 821D5A20
Device \Driver\dtscsi \Device\Scsi\dtscsi1Port2Path0Target2Lun0 IRP_MJ_INTERNAL_DEVICE_CONTROL 821D5A20
Device \Driver\dtscsi \Device\Scsi\dtscsi1Port2Path0Target2Lun0 IRP_MJ_POWER 821D5A20
Device \Driver\dtscsi \Device\Scsi\dtscsi1Port2Path0Target2Lun0 IRP_MJ_SYSTEM_CONTROL 821D5A20
Device \Driver\dtscsi \Device\Scsi\dtscsi1Port2Path0Target2Lun0 IRP_MJ_PNP 821D5A20
Device \Driver\dtscsi \Device\Scsi\dtscsi1 IRP_MJ_CREATE 821D5A20
Device \Driver\dtscsi \Device\Scsi\dtscsi1 IRP_MJ_CLOSE 821D5A20
Device \Driver\dtscsi \Device\Scsi\dtscsi1 IRP_MJ_DEVICE_CONTROL 821D5A20
Device \Driver\dtscsi \Device\Scsi\dtscsi1 IRP_MJ_INTERNAL_DEVICE_CONTROL 821D5A20
Device \Driver\dtscsi \Device\Scsi\dtscsi1 IRP_MJ_POWER 821D5A20
Device \Driver\dtscsi \Device\Scsi\dtscsi1 IRP_MJ_SYSTEM_CONTROL 821D5A20
Device \Driver\dtscsi \Device\Scsi\dtscsi1 IRP_MJ_PNP 821D5A20
Device \Driver\dtscsi \Device\Scsi\dtscsi1Port2Path0Target3Lun0 IRP_MJ_CREATE 821D5A20
Device \Driver\dtscsi \Device\Scsi\dtscsi1Port2Path0Target3Lun0 IRP_MJ_CLOSE 821D5A20
Device \Driver\dtscsi \Device\Scsi\dtscsi1Port2Path0Target3Lun0 IRP_MJ_DEVICE_CONTROL 821D5A20
Device \Driver\dtscsi \Device\Scsi\dtscsi1Port2Path0Target3Lun0 IRP_MJ_INTERNAL_DEVICE_CONTROL 821D5A20
Device \Driver\dtscsi \Device\Scsi\dtscsi1Port2Path0Target3Lun0 IRP_MJ_POWER 821D5A20
Device \Driver\dtscsi \Device\Scsi\dtscsi1Port2Path0Target3Lun0 IRP_MJ_SYSTEM_CONTROL 821D5A20
Device \Driver\dtscsi \Device\Scsi\dtscsi1Port2Path0Target3Lun0 IRP_MJ_PNP 821D5A20
Device \FileSystem\Cdfs \Cdfs IRP_MJ_CREATE 8216FDB8
Device \FileSystem\Cdfs \Cdfs IRP_MJ_CLOSE 8216FDB8
Device \FileSystem\Cdfs \Cdfs IRP_MJ_READ 8216FDB8
Device \FileSystem\Cdfs \Cdfs IRP_MJ_QUERY_INFORMATION 8216FDB8
Device \FileSystem\Cdfs \Cdfs IRP_MJ_SET_INFORMATION 8216FDB8
Device \FileSystem\Cdfs \Cdfs IRP_MJ_QUERY_VOLUME_INFORMATION 8216FDB8
Device \FileSystem\Cdfs \Cdfs IRP_MJ_DIRECTORY_CONTROL 8216FDB8
Device \FileSystem\Cdfs \Cdfs IRP_MJ_FILE_SYSTEM_CONTROL 8216FDB8
Device \FileSystem\Cdfs \Cdfs IRP_MJ_DEVICE_CONTROL 8216FDB8
Device \FileSystem\Cdfs \Cdfs IRP_MJ_SHUTDOWN 8216FDB8
Device \FileSystem\Cdfs \Cdfs IRP_MJ_LOCK_CONTROL 8216FDB8
Device \FileSystem\Cdfs \Cdfs IRP_MJ_CLEANUP 8216FDB8
Device \FileSystem\Cdfs \Cdfs IRP_MJ_PNP 8216FDB8

---- EOF - GMER 1.0.13 ----
[b]bei dem scan waren alle häckchen aktiviert.

hat der absturz vllt. damit was zu tun?
Seitenanfang Seitenende
07.12.2007, 07:45
Chris4You
Member
Avatar Chris4You

Beiträge: 694
#4 Hi,

mal gaaaanz langsam:

Zur gefundenen Datei flgMgr.sys

Zitat

Charakteristik: Die Datei fltmgr.sys befindet sich im Ordner C:\Windows\System32\drivers. Bekannte Dateigrößen unter Windows XP sind 124800 bytes (73% aller Vorkommen), 128896 bytes, 136912 bytes.
Dieser Treiber führt Systemfunktionen auf niedriger Hardware-Ebene aus (z.B. zur Ansteuerung von Grafikkarte oder Drucker). Die Anwendung hat kein sichtbares Fenster. Diese Datei ist von Microsoft und vertrauenswürdig. Deshalb bewerten wir diese Datei zu 1% als gefährlich.
-> Prüfe die Datei bei virustotal!

Die Dateien
sptd.sys
dtscsi.sys
sptd9149.sys
F9E9C375.....
gehören zu den Daemon-Tools und können zu Problemen führen,
daher ggf. deinstallieren!
Falls Du kein Daemon-Tool installiert hast, die Dateien ebenfalls bei Virustotal prüfen lassen..

virustotal
Oben auf der Seite --> auf Durchsuchen klicken --> Datei aussuchen (oder gleich die Datei mit korrektem Pfad einkopieren) --> Doppelklick auf die zu prüfende Datei --> klick auf "Send"... jetzt abwarten - dann mit der rechten Maustaste den Text markieren -> kopieren - einfügen
http://www.virustotal.com/flash/index_en.html

Zitat

C:\Windows\System32\drivers\fltmgr.sys
Bisher daher eigentlich nichts gefährliches...


Zur Frage nach der Windowsfirewall, besser als keine, schlechter als andere z. B. Sygate, Zonealarm etc.. Daher würde ich auf eine andere gehen, siehe Empfehlungen hier:
http://board.protecus.de/f2.htm

chris
Seitenanfang Seitenende
10.12.2007, 14:22
soegel
Member

Themenstarter

Beiträge: 62
#5 Die Datei wurde bereits analysiert:
MD5: 157754f0df355a9e0a6f54721914f9c6
Datum 2007.12.05 00:32:01 (CET) [>5D]
Ergebnisse 0/32
Permalink: resultado.html?d4eea3bf83747201e5ce474bfcc2af7a

gibt es denn ein alternatives emulierungsprogramm, dessen dateien nicht zu Problemen führen?
Seitenanfang Seitenende
10.12.2007, 16:45
Chris4You
Member
Avatar Chris4You

Beiträge: 694
#6 Hi,

das entzieht sich leider meiner Kenntnis, frage mal bei der Hardwareabteilung nach... (http://board.protecus.de/f5.htm)

chris
Seitenanfang Seitenende
10.12.2007, 19:29
soegel
Member

Themenstarter

Beiträge: 62
#7 habe ich getan, vielen Dank bis hier hin

soegel
Seitenanfang Seitenende
Um auf dieses Thema zu ANTWORTEN
bitte erst » hier kostenlos registrieren!!

Folgende Themen könnten Dich auch interessieren:
Seite(n): 1