Trojaner-Board - Großes Problem mit W32.Myzor.FK@yf

Trojaner-Board (https://www.trojaner-board.de/)

- Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)

- - Großes Problem mit W32.Myzor.FK@yf (https://www.trojaner-board.de/45403-grosses-problem-w32-myzor-fk-yf.html)

Hannibal252

03.11.2007 13:59

Großes Problem mit W32.Myzor.FK@yf

Habe mir bereits andere Beiträge durchgelesen aber da Checke ich ehrlich gesagt nix.
Ich habe nicht so viel Ahnung von Viren. Jedesmal wenn ich den IE öffnen will, öffnet sich auch so ne scheiß Security Toolbar 7.1 und verlang von mir irgendwelche dateien runter zu laden.
Ich habe mir dann mal Smidfrautfix runter geladen (so wies im anderen Thread steht und die suche durchgeführt) Was soll ich jetzt machen ?

[EDIT]
Ich habe jetzt im abgesicherten Modus versucht mit dem Programm den Virus weg zu bekommen.

Ich Poste hier mal die Rapport datei vor und nach dem Vorgang:

Vorher:
SmitFraudFix v2.246

Scan done at 14:01:46,73, 03.11.2007
Run from C:\Users\Rafael\Desktop\SmitfraudFix
OS: Microsoft Windows [Version 6.0.6000] - Windows_NT
The filesystem type is NTFS
Fix run in normal mode

»»»»»»»»»»»»»»»»»»»»»»»» Process

C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
C:\Program Files\Norton Save and Restore\Agent\VProSvc.exe
C:\Windows\system32\svchost.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Windows\system32\stacsv.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
C:\Program Files\sony\VAIO Event Service\VESMgr.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
C:\Program Files\sony\VAIO Event Service\VESMgrSub.exe
C:\Program Files\Video Add-on\icthis.exe
C:\Program Files\Video Add-on\isfmntr.exe
C:\Program Files\Video Add-on\icmntr.exe
C:\Program Files\Video Add-on\isfmm.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\sony\VAIO Camera Utility\VCUServe.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\sony\ISB Utility\ISBMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Norton Save and Restore\Agent\VProTray.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\acrotray.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe
C:\Windows\System32\mobsync.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe
C:\Program Files\Sony\VAIO Update 3\VAIOUpdt.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\Windows\System32\alg.exe
C:\Program Files\Apoint\ApMsgFwd.exe
C:\Program Files\Apoint\Apntex.exe
C:\Windows\system32\conime.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Program Files\Internet Explorer\IEUser.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe

»»»»»»»»»»»»»»»»»»»»»»»» hosts

»»»»»»»»»»»»»»»»»»»»»»»» C:\

»»»»»»»»»»»»»»»»»»»»»»»» C:\Windows

»»»»»»»»»»»»»»»»»»»»»»»» C:\Windows\system

»»»»»»»»»»»»»»»»»»»»»»»» C:\Windows\Web

»»»»»»»»»»»»»»»»»»»»»»»» C:\Windows\system32

»»»»»»»»»»»»»»»»»»»»»»»» C:\Windows\system32\LogFiles

»»»»»»»»»»»»»»»»»»»»»»»» C:\Users\Rafael

»»»»»»»»»»»»»»»»»»»»»»»» C:\Users\Rafael\Application Data

»»»»»»»»»»»»»»»»»»»»»»»» Start Menu

»»»»»»»»»»»»»»»»»»»»»»»» C:\Users\Rafael\FAVORI~1

C:\Users\Rafael\FAVORI~1\Online Security Test.url FOUND !

»»»»»»»»»»»»»»»»»»»»»»»» Desktop

C:\Users\Public\Desktop\Online Security Guide.url FOUND !
C:\Users\Public\Desktop\Security Troubleshooting.url FOUND !

»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files

C:\Program Files\Video Add-on\ FOUND !

»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys

»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components

»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""
"LoadAppInit_DLLs"=dword:00000000

»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"="kdlgz.exe"

kdlgz.exe detected !

»»»»»»»»»»»»»»»»»»»»»»»» Rustock

»»»»»»»»»»»»»»»»»»»»»»»» DNS

Your computer may be victim of a DNS Hijack: 85.255.x.x detected !

Description: Intel(R) PRO/Wireless 3945ABG Network Connection
DNS Server Search Order: 85.255.113.118
DNS Server Search Order: 85.255.112.101

HKLM\SYSTEM\CCS\Services\Tcpip\..\{031ECDCD-A5F4-4794-9D2F-271ADE06D3F4}: DhcpNameServer=192.168.2.1
HKLM\SYSTEM\CCS\Services\Tcpip\..\{031ECDCD-A5F4-4794-9D2F-271ADE06D3F4}: NameServer=85.255.113.118,85.255.112.101
HKLM\SYSTEM\CCS\Services\Tcpip\..\{8E80C5B2-5D8D-484A-879A-B879F3B4F847}: NameServer=85.255.113.118,85.255.112.101
HKLM\SYSTEM\CCS\Services\Tcpip\..\{920B322A-E7C9-4528-9995-B0F9EABDB1CD}: DhcpNameServer=85.255.113.118,85.255.112.101
HKLM\SYSTEM\CCS\Services\Tcpip\..\{920B322A-E7C9-4528-9995-B0F9EABDB1CD}: NameServer=85.255.113.118,85.255.112.101
HKLM\SYSTEM\CS1\Services\Tcpip\..\{031ECDCD-A5F4-4794-9D2F-271ADE06D3F4}: DhcpNameServer=192.168.2.1
HKLM\SYSTEM\CS1\Services\Tcpip\..\{031ECDCD-A5F4-4794-9D2F-271ADE06D3F4}: NameServer=85.255.113.118,85.255.112.101
HKLM\SYSTEM\CS1\Services\Tcpip\..\{8E80C5B2-5D8D-484A-879A-B879F3B4F847}: NameServer=85.255.113.118,85.255.112.101
HKLM\SYSTEM\CS1\Services\Tcpip\..\{920B322A-E7C9-4528-9995-B0F9EABDB1CD}: DhcpNameServer=85.255.113.118,85.255.112.101
HKLM\SYSTEM\CS1\Services\Tcpip\..\{920B322A-E7C9-4528-9995-B0F9EABDB1CD}: NameServer=85.255.113.118,85.255.112.101
HKLM\SYSTEM\CS3\Services\Tcpip\..\{031ECDCD-A5F4-4794-9D2F-271ADE06D3F4}: DhcpNameServer=192.168.2.1
HKLM\SYSTEM\CS3\Services\Tcpip\..\{031ECDCD-A5F4-4794-9D2F-271ADE06D3F4}: NameServer=85.255.113.118,85.255.112.101
HKLM\SYSTEM\CS3\Services\Tcpip\..\{8E80C5B2-5D8D-484A-879A-B879F3B4F847}: NameServer=85.255.113.118,85.255.112.101
HKLM\SYSTEM\CS3\Services\Tcpip\..\{920B322A-E7C9-4528-9995-B0F9EABDB1CD}: DhcpNameServer=85.255.113.118,85.255.112.101
HKLM\SYSTEM\CS3\Services\Tcpip\..\{920B322A-E7C9-4528-9995-B0F9EABDB1CD}: NameServer=85.255.113.118,85.255.112.101
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.2.1
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: NameServer=85.255.113.118 85.255.112.101
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.2.1
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: NameServer=85.255.113.118 85.255.112.101
HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=192.168.2.1
HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: NameServer=85.255.113.118 85.255.112.101

»»»»»»»»»»»»»»»»»»»»»»»» Scanning for wininet.dll infection

»»»»»»»»»»»»»»»»»»»»»»»» End

Und nachher:

SmitFraudFix v2.246

Scan done at 14:21:17,13, 03.11.2007
Run from C:\Users\Rafael\Desktop\SmitfraudFix
OS: Microsoft Windows [Version 6.0.6000] - Windows_NT
The filesystem type is NTFS
Fix run in safe mode

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» Killing process

»»»»»»»»»»»»»»»»»»»»»»»» hosts

127.0.0.1 localhost
::1 localhost

»»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix

S!Ri's WS2Fix: LSP not Found.

»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

GenericRenosFix by S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files

»»»»»»»»»»»»»»»»»»»»»»»» DNS

HKLM\SYSTEM\CCS\Services\Tcpip\..\{031ECDCD-A5F4-4794-9D2F-271ADE06D3F4}: DhcpNameServer=192.168.2.1
HKLM\SYSTEM\CCS\Services\Tcpip\..\{031ECDCD-A5F4-4794-9D2F-271ADE06D3F4}: NameServer=85.255.113.118,85.255.112.101
HKLM\SYSTEM\CCS\Services\Tcpip\..\{8E80C5B2-5D8D-484A-879A-B879F3B4F847}: NameServer=85.255.113.118,85.255.112.101
HKLM\SYSTEM\CCS\Services\Tcpip\..\{920B322A-E7C9-4528-9995-B0F9EABDB1CD}: DhcpNameServer=85.255.113.118,85.255.112.101
HKLM\SYSTEM\CCS\Services\Tcpip\..\{920B322A-E7C9-4528-9995-B0F9EABDB1CD}: NameServer=85.255.113.118,85.255.112.101
HKLM\SYSTEM\CS1\Services\Tcpip\..\{031ECDCD-A5F4-4794-9D2F-271ADE06D3F4}: DhcpNameServer=192.168.2.1
HKLM\SYSTEM\CS1\Services\Tcpip\..\{031ECDCD-A5F4-4794-9D2F-271ADE06D3F4}: NameServer=85.255.113.118,85.255.112.101
HKLM\SYSTEM\CS1\Services\Tcpip\..\{8E80C5B2-5D8D-484A-879A-B879F3B4F847}: NameServer=85.255.113.118,85.255.112.101
HKLM\SYSTEM\CS1\Services\Tcpip\..\{920B322A-E7C9-4528-9995-B0F9EABDB1CD}: DhcpNameServer=85.255.113.118,85.255.112.101
HKLM\SYSTEM\CS1\Services\Tcpip\..\{920B322A-E7C9-4528-9995-B0F9EABDB1CD}: NameServer=85.255.113.118,85.255.112.101
HKLM\SYSTEM\CS3\Services\Tcpip\..\{031ECDCD-A5F4-4794-9D2F-271ADE06D3F4}: DhcpNameServer=192.168.2.1
HKLM\SYSTEM\CS3\Services\Tcpip\..\{031ECDCD-A5F4-4794-9D2F-271ADE06D3F4}: NameServer=85.255.113.118,85.255.112.101
HKLM\SYSTEM\CS3\Services\Tcpip\..\{8E80C5B2-5D8D-484A-879A-B879F3B4F847}: NameServer=85.255.113.118,85.255.112.101
HKLM\SYSTEM\CS3\Services\Tcpip\..\{920B322A-E7C9-4528-9995-B0F9EABDB1CD}: DhcpNameServer=85.255.113.118,85.255.112.101
HKLM\SYSTEM\CS3\Services\Tcpip\..\{920B322A-E7C9-4528-9995-B0F9EABDB1CD}: NameServer=85.255.113.118,85.255.112.101
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.2.1
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: NameServer=85.255.113.118 85.255.112.101
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.2.1
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: NameServer=85.255.113.118 85.255.112.101
HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=192.168.2.1
HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: NameServer=85.255.113.118 85.255.112.101

»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files

»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"="kdlgz.exe"

»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

Registry Cleaning done.

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

Hab ich jetzt Glück gehabt oder hab ich den Virus immernoch drauf? Jedenfalls kommt dieses Security Toolbar 7.1 beim IE nicht mehr.
Bitte um Rückantwort
Danke!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» Reboot

»»»»»»»»»»»»»»»»»»»»»»»» End

Sunny

03.11.2007 14:36

http://www.smiliegenerator.de/s33/smilies-25934.png

Als erstes brauchen wir mehr Informationen zu deinem System, arbeite dazu folgende Anleitungen ab, denn dein System scheint ziemlich vermüllt zu sein:

Anleitung SmitfraudFix:

Lade dir dieses Tool -> SmitfraudFix
-Starte es dann und lass das System durchsuchen und bereinigen. (Option 2)

http://www.castlecops.com/zx/sjpritch25/Fix01b.jpg

-Poste danach wie in der Anleitung beschrieben, das Ergebnis des Scans

Erstellung eines Hijacklog

-Hier gibt es das Tool -> HijackThis
(nur diese Version benutzen, nicht die BETA-Version!)
-Suche die Datei HiJackThis.exe und benenne sie um in 'This.exe'
(Klick rechte Maustaste -> umbenennen)
-Starte nun mit Doppelklick auf This.exe
-Klicke auf den rot markierten Button Do a system scan and save a log file
-Nach dem Scan öffnet sich ein Editor Fenster, kopiere nun dieses Logfile ab und füge es in deinen Beitrag im Forum mit ein)

MWAV (eScan) - Free Antivirus

-Lies dir folgende Anleitung genau durch und arbeite sie ab
-> Anleitung eScan
Wichtig: Poste im Anschluss das Ergebnis mit Hilfe der *find.bat'.
(rechte Maustaste auf den LINK 'find.bat' , dann "Ziel Speichern unter" -> Desktop)

Hannibal252

03.11.2007 15:37

Danke für die Begrüßung und den Post: Habe alles so gemacht wies verlangt wurde.

1.
SmitFraudFix v2.246

Scan done at 15:01:58,96, 03.11.2007
Run from C:\Users\Rafael\Desktop\SmitfraudFix
OS: Microsoft Windows [Version 6.0.6000] - Windows_NT
The filesystem type is NTFS
Fix run in safe mode

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» Killing process

»»»»»»»»»»»»»»»»»»»»»»»» hosts

127.0.0.1 localhost
::1 localhost

»»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix

S!Ri's WS2Fix: LSP not Found.

»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

GenericRenosFix by S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files

»»»»»»»»»»»»»»»»»»»»»»»» DNS

HKLM\SYSTEM\CCS\Services\Tcpip\..\{031ECDCD-A5F4-4794-9D2F-271ADE06D3F4}: DhcpNameServer=192.168.2.1
HKLM\SYSTEM\CCS\Services\Tcpip\..\{031ECDCD-A5F4-4794-9D2F-271ADE06D3F4}: NameServer=85.255.113.118,85.255.112.101
HKLM\SYSTEM\CCS\Services\Tcpip\..\{8E80C5B2-5D8D-484A-879A-B879F3B4F847}: NameServer=85.255.113.118,85.255.112.101
HKLM\SYSTEM\CCS\Services\Tcpip\..\{920B322A-E7C9-4528-9995-B0F9EABDB1CD}: DhcpNameServer=85.255.113.118,85.255.112.101
HKLM\SYSTEM\CCS\Services\Tcpip\..\{920B322A-E7C9-4528-9995-B0F9EABDB1CD}: NameServer=85.255.113.118,85.255.112.101
HKLM\SYSTEM\CS1\Services\Tcpip\..\{031ECDCD-A5F4-4794-9D2F-271ADE06D3F4}: DhcpNameServer=192.168.2.1
HKLM\SYSTEM\CS1\Services\Tcpip\..\{031ECDCD-A5F4-4794-9D2F-271ADE06D3F4}: NameServer=85.255.113.118,85.255.112.101
HKLM\SYSTEM\CS1\Services\Tcpip\..\{8E80C5B2-5D8D-484A-879A-B879F3B4F847}: NameServer=85.255.113.118,85.255.112.101
HKLM\SYSTEM\CS1\Services\Tcpip\..\{920B322A-E7C9-4528-9995-B0F9EABDB1CD}: DhcpNameServer=85.255.113.118,85.255.112.101
HKLM\SYSTEM\CS1\Services\Tcpip\..\{920B322A-E7C9-4528-9995-B0F9EABDB1CD}: NameServer=85.255.113.118,85.255.112.101
HKLM\SYSTEM\CS3\Services\Tcpip\..\{031ECDCD-A5F4-4794-9D2F-271ADE06D3F4}: DhcpNameServer=192.168.2.1
HKLM\SYSTEM\CS3\Services\Tcpip\..\{031ECDCD-A5F4-4794-9D2F-271ADE06D3F4}: NameServer=85.255.113.118,85.255.112.101
HKLM\SYSTEM\CS3\Services\Tcpip\..\{8E80C5B2-5D8D-484A-879A-B879F3B4F847}: NameServer=85.255.113.118,85.255.112.101
HKLM\SYSTEM\CS3\Services\Tcpip\..\{920B322A-E7C9-4528-9995-B0F9EABDB1CD}: DhcpNameServer=85.255.113.118,85.255.112.101
HKLM\SYSTEM\CS3\Services\Tcpip\..\{920B322A-E7C9-4528-9995-B0F9EABDB1CD}: NameServer=85.255.113.118,85.255.112.101
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.2.1
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: NameServer=85.255.113.118 85.255.112.101
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.2.1
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: NameServer=85.255.113.118 85.255.112.101
HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=192.168.2.1
HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: NameServer=85.255.113.118 85.255.112.101

»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files

»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"="kdlgz.exe"

»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

Registry Cleaning done.

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» Reboot

»»»»»»»»»»»»»»»»»»»»»»»» End

2. Logfile of HijackThis v1.99.1
Scan saved at 15:08:35, on 03.11.2007
Platform: Unknown Windows (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16546)

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\rundll32.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\sony\VAIO Camera Utility\VCUServe.exe
C:\Program Files\sony\ISB Utility\ISBMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Windows\System32\mobsync.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Norton Save and Restore\Agent\VProTray.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\acrotray.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Users\Rafael\Desktop\hijackthis\This.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.club-vaio.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
O1 - Hosts: ::1 localhost
O2 - BHO: XTTBPos00 - {055FD26D-3A88-4e15-963D-DC8493744B1D} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
O2 - BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\NppBho.dll
O2 - BHO: (no name) - {43BF8E0C-886D-4103-8DDB-2DFE0E8A0168} - C:\Program Files\Video Add-on\isfmdl.dll (file missing)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\PROGRA~1\GOOGLE~1\BAE.dll
O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\PROGRA~1\FlashFXP\IEFlash.dll
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\UIBHO.dll
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [VAIOCameraUtility] "C:\Program Files\Sony\VAIO Camera Utility\VCUServe.exe"
O4 - HKLM\..\Run: [ISBMgr.exe] "C:\Program Files\Sony\ISB Utility\ISBMgr.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"
O4 - HKLM\..\Run: [Norton Save and Restore 2.0] "C:\Program Files\Norton Save and Restore\Agent\VProTray.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Windows\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [Power2GoExpress] "C:\Program Files\Home Cinema\Power2Go\Power2GoExpress.exe" /Startup
O4 - HKCU\..\Run: [EyeBatch 2.1 Update Setup for All Users] C:\ProgramData\{DB82D04C-8FC1-489B-81AA-BE54061CEF97}\EBInstall.exe /updatesetup
O4 - Startup: OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: Bluetooth Manager.lnk = ?
O8 - Extra context menu item: An vorhandenes PDF anfügen - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Ausgewählte Verknüpfungen in Adobe PDF konvertieren - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Ausgewählte Verknüpfungen in vorhandene PDF-Datei konvertieren - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Auswahl in Adobe PDF konvertieren - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Auswahl in vorhandene PDF-Datei konvertieren - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: In Adobe PDF konvertieren - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Verknüpfungsziel in Adobe PDF konvertieren - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Verknüpfungsziel in vorhandene PDF-Datei konvertieren - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nlaapi.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\napinsp.dll
O11 - Options group: [INTERNATIONAL] International*
O13 - Gopher Prefix:
O17 - HKLM\System\CCS\Services\Tcpip\..\{031ECDCD-A5F4-4794-9D2F-271ADE06D3F4}: NameServer = 85.255.113.118,85.255.112.101
O17 - HKLM\System\CCS\Services\Tcpip\..\{8E80C5B2-5D8D-484A-879A-B879F3B4F847}: NameServer = 85.255.113.118,85.255.112.101
O17 - HKLM\System\CCS\Services\Tcpip\..\{920B322A-E7C9-4528-9995-B0F9EABDB1CD}: NameServer = 85.255.113.118,85.255.112.101
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.113.118 85.255.112.101
O17 - HKLM\System\CS1\Services\Tcpip\..\{031ECDCD-A5F4-4794-9D2F-271ADE06D3F4}: NameServer = 85.255.113.118,85.255.112.101
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.113.118 85.255.112.101
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~3\Office12\GR99D3~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - Winlogon Notify: VESWinlogon - C:\Windows\SYSTEM32\VESWinlogon.dll
O23 - Service: Adobe Active File Monitor V5 (AdobeActiveFileMonitor5.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
O23 - Service: AntiVir PersonalEdition Classic Planer (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Automatisches LiveUpdate - Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: @%SystemRoot%\ehome\ehstart.dll,-101 (ehstart) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Symantec IS Kennwortprüfung (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe
O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: LiveUpdate Notice Service - Unknown owner - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifEng.dll (file missing)
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AvLib\MSCSPTISRV.exe
O23 - Service: SQL Server (VAIO_VEDB) (MSSQL$VAIO_VEDB) - Unknown owner - C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sVAIO_VEDB (file missing)
O23 - Service: Norton Save and Restore - Symantec Corporation - C:\Program Files\Norton Save and Restore\Agent\VProSvc.exe
O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Common Files\Sony Shared\AvLib\PACSPTISVR.exe
O23 - Service: @%SystemRoot%\system32\qwave.dll,-1 (QWAVE) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: @%SystemRoot%\system32\seclogon.dll,-7001 (seclogon) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: SonicStage Back-End Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AvLib\SsBeSvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AvLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AvLib\SSScsiSV.exe
O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\Windows\system32\stacsv.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
O23 - Service: VAIO Entertainment TV Device Arbitration Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe
O23 - Service: VAIO Event Service - Sony Corporation - C:\Program Files\sony\VAIO Event Service\VESMgr.exe
O23 - Service: VAIO Media Integrated Server (VAIOMediaPlatform-IntegratedServer-AppServer) - Sony Corporation - C:\Program Files\sony\VAIO Media Integrated Server\VMISrv.exe
O23 - Service: VAIO Media Integrated Server (HTTP) (VAIOMediaPlatform-IntegratedServer-HTTP) - Unknown owner - C:\Program Files\sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe" /Service=VAIOMediaPlatform-IntegratedServer-HTTP /RegRoot="SOFTWARE\Sony Corporation\VAIO Media Platform\2.0" /RegExt="Applications\IntegratedServer\HTTP (file missing)
O23 - Service: VAIO Media Integrated Server (UPnP) (VAIOMediaPlatform-IntegratedServer-UPnP) - Sony Corporation - C:\Program Files\sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Media Gateway Server (VAIOMediaPlatform-Mobile-Gateway) - Unknown owner - C:\Program Files\sony\VAIO Media Integrated Server\Platform\VmGateway.exe" /Service=VAIOMediaPlatform-Mobile-Gateway /RegRoot="SOFTWARE\Sony Corporation\VAIO Media Platform\2.0" /RegExt="\Addons\Packages\Mobile\Gateway" /DisplayName="VAIO Media Gateway Server (file missing)
O23 - Service: VAIO Media Content Collection (VAIOMediaPlatform-UCLS-AppServer) - Sony Corporation - C:\Program Files\sony\VAIO Media Integrated Server\UCLS.exe
O23 - Service: VAIO Media Content Collection (HTTP) (VAIOMediaPlatform-UCLS-HTTP) - Unknown owner - C:\Program Files\sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe" /Service=VAIOMediaPlatform-UCLS-HTTP /RegRoot="SOFTWARE\Sony Corporation\VAIO Media Platform\2.0" /RegExt="\Applications\UCLS\HTTP (file missing)
O23 - Service: VAIO Media Content Collection (UPnP) (VAIOMediaPlatform-UCLS-UPnP) - Sony Corporation - C:\Program Files\sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Entertainment UPnP Client Adapter (Vcsw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
O23 - Service: VAIO Entertainment Database Service (VzCdbSvc) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
O23 - Service: VAIO Entertainment File Import Service (VzFw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - %ProgramFiles%\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

3.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Header
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
find.bat Version 2007.06.16.01

Microsoft Windows [Version 6.0.6000]
Bootmodus: NETWORK

eScan Version: 9.5.1
Sprache: German
Virus-Datenbank Datum: 11/3/2007

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Infektionsmeldungen
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

~~~~~~~~~~~
Dateien
~~~~~~~~~~~
~~~~ Infected files
~~~~~~~~~~~
~~~~~~~~~~~
~~~~ Tagged files
~~~~~~~~~~~
~~~~~~~~~~~
~~~~ Offending files
~~~~~~~~~~~
~~~~~~~~~~~
Ordner
~~~~~~~~~~~
~~~~~~~~~~~
Registry
~~~~~~~~~~~

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Diverses
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~
Prozesse und Module
~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~
Scanfehler
~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~
Hosts-Datei
~~~~~~~~~~~~~~~~~~~~~~
DataBasePath: %SystemRoot%\System32\drivers\etc
Zeilen die nicht dem Standard entsprechen:
C:\Windows\System32\drivers\etc\hosts :
C:\Windows\System32\drivers\etc\hosts :::1 localhost
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Statistiken:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan-Optionen
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Specherüberprüfung: Aktiviert
Registry Überprüfung: Aktiviert
System-Ordner Überprüfung: Aktiviert
Überprüfung der Systembereiche: Deaktiviert
Überprüfung der Dienste: Aktiviert
Überprüfung der Festplatten: Deaktiviert
Überprüfung aller Festplatten :Aktiviert

Batchstart: 15:36:00,10
Batchende: 15:36:02,36

Hoffe das ich jetzt eine Antwort darauf bekomme, ob ich noch Viren auf dem Notebook habe.
mfg Hannibal

Sunny

03.11.2007 15:41

DNS-Einträge entfernen:

Achtung:
Solltest du Probleme mit deiner Internet Verbindung bekommen:
Systemsteuerung > wähle Netzwerk und Internet Verbindungen oder mach einen
Doppelklick auf Netzwerk-Verbindungen > Klick mit der rechten Maustaste
auf Default Connection (Normale Verindung), das ist normalerweise die
örtliche Umgebung, Kabel oder DSL Verbindung > Klick mit der linken
Maustaste auf Eigenschaften > Doppelklick auf Internet Protocol (TCP/IP) >
wähle den Knopf der dafür steht, dass die DNS Verbindung automatisch
aufrecht erhalten wird > zweimal auf "OK" klicken > den Rechner neu
starten (Diese Einstellungen sind nicht auf allen Systemen gleich oder
vorhanden)

-Lade dir Fixwareout.exe herunter und speichere es auf dem Desktop.
-installiere das Tool und achte darauf das "Run fixit" aktiviert ist.
-klicke nun auf "Finish", der Scan wird starten und bald wirst du aufgefordert
einen Neustart durchzuführen, tu dieses. (der Neustart wird sich dann etwas verzögern, das ist normal!)
-achte nun auf die Hinweise die gegeben werden

Fixe nun mit HijackThis folgende Einträge im Logfile:

Zitat:

O17 - HKLM\System\CCS\Services\Tcpip\..\{031ECDCD-A5F4-4794-9D2F-271ADE06D3F4}: NameServer = 85.255.113.118,85.255.112.101
O17 - HKLM\System\CCS\Services\Tcpip\..\{8E80C5B2-5D8D-484A-879A-B879F3B4F847}: NameServer = 85.255.113.118,85.255.112.101
O17 - HKLM\System\CCS\Services\Tcpip\..\{920B322A-E7C9-4528-9995-B0F9EABDB1CD}: NameServer = 85.255.113.118,85.255.112.101
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.113.118 85.255.112.101
O17 - HKLM\System\CS1\Services\Tcpip\..\{031ECDCD-A5F4-4794-9D2F-271ADE06D3F4}: NameServer = 85.255.113.118,85.255.112.101
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.113.118 85.255.112.101

Dateien Online überprüfen lassen:

* Suche die Seite Virtustotal auf, klicke auf den Button „Durchsuchen“ und suche folgende Datei/Dateien:
(lass auch die versteckten Dateien anzeigen!)

Zitat:

C:\ProgramData\{DB82D04C-8FC1-489B-81AA-BE54061CEF97}\EBInstall.exe

Lade nun nacheinander jede/alle Datei/Dateien hoch, und warte bis der Scan vorbei ist. (kann bis zu 2 Minuten dauern.)
* Poste im Anschluss das Ergebnis der Auswertung, alles abkopieren und in einen Beitrag einfügen.
(Wichtig: Auch die Größenangabe sowie den HASH mit kopieren!)

Hannibal252

03.11.2007 16:03

Sobald ich die Instalation des Fixwareout durchgeführt habe und Run Fixit aktiviert ist erscheind folgendes im schwarzen Fenster:

Unsupported Windows Version

Sunny

03.11.2007 16:07

Zitat:

Zitat von Hannibal252 (Beitrag 302955)

Sobald ich die Instalation des Fixwareout durchgeführt habe und Run Fixit aktiviert ist erscheind folgendes im schwarzen Fenster:

Unsupported Windows Version

Oh Mist .. :schmoll: hab jetzt erst gesehen das du VISTA benutzt.
Moment, dafür muss ich erst eine Lösung suchen .. ..

Hannibal252

04.11.2007 16:40

Wars das jetzt oder muss ich noch was machen?
Hoffe es gibt ne Lösung dafür auch wenn ich Vista User bin^^

Sunny

04.11.2007 17:34

Zitat:

Zitat von Hannibal252 (Beitrag 303088)

Wars das jetzt oder muss ich noch was machen?
Hoffe es gibt ne Lösung dafür auch wenn ich Vista User bin^^

Eine direkte Lösung für VISTA gibt es noch nicht, momentan ist es so, das alle Daten (Pakete) die gesendet werden in das Internet über einen ausländischen Server geleitet werden!

Diese DNS-Umleitung lässt sich normalerweise durch ein bestimmtes Programm entfernen, dieses läuft aber nicht unter VISTA.

Zuerst solltest du dich als Admin anmelden um alle Funktionen & Rechte zu nutzen, eventuell wird es auc Notwendig UAC zu deaktivieren.

Sie mal in den Interneteinstellungen nach, unter dem des TCP/IP-Protokolls, dort sollte alles auf automatisch IP beziehen aktiviert sein, lösche alle Einträge welche mit 85.255.x.x anfangen!

Ich selbst habe leider kein VISTA, daher kann ich dich nur in die richtige Richtung schubsen... :schmoll:

Hannibal252

04.11.2007 17:47

So habe jetzt TCP/IP auf automatik gestellt. Jetzt steht darunter Folgende DNS Server Verwenden: 85.255.113.118 und 85.255.113.101

Soll ich diese öschen und auch die DNS-Server auf automatik stellen ?

Sunny

04.11.2007 18:03

Zitat:

Zitat von Hannibal252 (Beitrag 303099)

Genau das ist die IP-Adresse auf welche deine Daten umgeleitet werden! ;)
Lösch alle Einträge raus welche mit 85.255.x.x beginnen, und alles auf automatisch stellen.

Poste dann im Anschluss ein neues Hijacklog, und führe auf jeden Fall die anderen Scans aus.

Bitte das System nicht neu starten! Wichtig!

Hannibal252

04.11.2007 18:10

Hier das hijackthis

Logfile of HijackThis v1.99.1
Scan saved at 18:08:35, on 04.11.2007
Platform: Unknown Windows (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16546)

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\sony\VAIO Camera Utility\VCUServe.exe
C:\Program Files\sony\ISB Utility\ISBMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Norton Save and Restore\Agent\VProTray.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\acrotray.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\Users\Rafael\Desktop\NOTFALL Virus\hijackthis\This.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Club VAIO | Home
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
O1 - Hosts: ::1 localhost
O2 - BHO: XTTBPos00 - {055FD26D-3A88-4e15-963D-DC8493744B1D} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
O2 - BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\NppBho.dll
O2 - BHO: (no name) - {43BF8E0C-886D-4103-8DDB-2DFE0E8A0168} - C:\Program Files\Video Add-on\isfmdl.dll (file missing)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\PROGRA~1\GOOGLE~1\BAE.dll
O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\PROGRA~1\FlashFXP\IEFlash.dll
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\UIBHO.dll
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [VAIOCameraUtility] "C:\Program Files\Sony\VAIO Camera Utility\VCUServe.exe"
O4 - HKLM\..\Run: [ISBMgr.exe] "C:\Program Files\Sony\ISB Utility\ISBMgr.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"
O4 - HKLM\..\Run: [Norton Save and Restore 2.0] "C:\Program Files\Norton Save and Restore\Agent\VProTray.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Windows\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - Startup: OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: Bluetooth Manager.lnk = ?
O8 - Extra context menu item: An vorhandenes PDF anfügen - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Ausgewählte Verknüpfungen in Adobe PDF konvertieren - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Ausgewählte Verknüpfungen in vorhandene PDF-Datei konvertieren - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Auswahl in Adobe PDF konvertieren - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Auswahl in vorhandene PDF-Datei konvertieren - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: In Adobe PDF konvertieren - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Verknüpfungsziel in Adobe PDF konvertieren - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Verknüpfungsziel in vorhandene PDF-Datei konvertieren - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nlaapi.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\napinsp.dll
O11 - Options group: [INTERNATIONAL] International*
O13 - Gopher Prefix:
O17 - HKLM\System\CCS\Services\Tcpip\..\{920B322A-E7C9-4528-9995-B0F9EABDB1CD}: NameServer = 85.255.113.118,85.255.112.101
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.113.118 85.255.112.101
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.113.118 85.255.112.101
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~3\Office12\GR99D3~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - Winlogon Notify: VESWinlogon - C:\Windows\SYSTEM32\VESWinlogon.dll
O23 - Service: Adobe Active File Monitor V5 (AdobeActiveFileMonitor5.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
O23 - Service: AntiVir PersonalEdition Classic Planer (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Automatisches LiveUpdate - Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: @%SystemRoot%\ehome\ehstart.dll,-101 (ehstart) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Symantec IS Kennwortprüfung (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe
O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: LiveUpdate Notice Service - Unknown owner - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifEng.dll (file missing)
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AvLib\MSCSPTISRV.exe
O23 - Service: SQL Server (VAIO_VEDB) (MSSQL$VAIO_VEDB) - Unknown owner - C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sVAIO_VEDB (file missing)
O23 - Service: Norton Save and Restore - Symantec Corporation - C:\Program Files\Norton Save and Restore\Agent\VProSvc.exe
O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Common Files\Sony Shared\AvLib\PACSPTISVR.exe
O23 - Service: @%SystemRoot%\system32\qwave.dll,-1 (QWAVE) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: @%SystemRoot%\system32\seclogon.dll,-7001 (seclogon) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: SonicStage Back-End Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AvLib\SsBeSvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AvLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AvLib\SSScsiSV.exe
O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\Windows\system32\stacsv.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
O23 - Service: VAIO Entertainment TV Device Arbitration Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe
O23 - Service: VAIO Event Service - Sony Corporation - C:\Program Files\sony\VAIO Event Service\VESMgr.exe
O23 - Service: VAIO Media Integrated Server (VAIOMediaPlatform-IntegratedServer-AppServer) - Sony Corporation - C:\Program Files\sony\VAIO Media Integrated Server\VMISrv.exe
O23 - Service: VAIO Media Integrated Server (HTTP) (VAIOMediaPlatform-IntegratedServer-HTTP) - Unknown owner - C:\Program Files\sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe" /Service=VAIOMediaPlatform-IntegratedServer-HTTP /RegRoot="SOFTWARE\Sony Corporation\VAIO Media Platform\2.0" /RegExt="Applications\IntegratedServer\HTTP (file missing)
O23 - Service: VAIO Media Integrated Server (UPnP) (VAIOMediaPlatform-IntegratedServer-UPnP) - Sony Corporation - C:\Program Files\sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Media Gateway Server (VAIOMediaPlatform-Mobile-Gateway) - Unknown owner - C:\Program Files\sony\VAIO Media Integrated Server\Platform\VmGateway.exe" /Service=VAIOMediaPlatform-Mobile-Gateway /RegRoot="SOFTWARE\Sony Corporation\VAIO Media Platform\2.0" /RegExt="\Addons\Packages\Mobile\Gateway" /DisplayName="VAIO Media Gateway Server (file missing)
O23 - Service: VAIO Media Content Collection (VAIOMediaPlatform-UCLS-AppServer) - Sony Corporation - C:\Program Files\sony\VAIO Media Integrated Server\UCLS.exe
O23 - Service: VAIO Media Content Collection (HTTP) (VAIOMediaPlatform-UCLS-HTTP) - Unknown owner - C:\Program Files\sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe" /Service=VAIOMediaPlatform-UCLS-HTTP /RegRoot="SOFTWARE\Sony Corporation\VAIO Media Platform\2.0" /RegExt="\Applications\UCLS\HTTP (file missing)
O23 - Service: VAIO Media Content Collection (UPnP) (VAIOMediaPlatform-UCLS-UPnP) - Sony Corporation - C:\Program Files\sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Entertainment UPnP Client Adapter (Vcsw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
O23 - Service: VAIO Entertainment Database Service (VzCdbSvc) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
O23 - Service: VAIO Entertainment File Import Service (VzFw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - %ProgramFiles%\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

Leider kam dein Beitrag mit dem systemneustart zu spät. Habs schon gemacht. Beim Hochfahren erschien der Bluescreen und ne Fehlermeldung.

[EDIT] Ist es normal das mein Windows Explorer ständig abstürzt? [/EDIT]

Habe auch schon eine Datei bei VirusTotal hochgeladen. Hier das Ergebnis:

Datei EBInstall.dat empfangen 2007.11.04 18:16:53 (CET)
Antivirus Version letzte aktualisierung Ergebnis
AhnLab-V3 2007.11.3.0 2007.11.02 -
AntiVir 7.6.0.30 2007.11.02 -
Authentium 4.93.8 2007.11.03 -
Avast 4.7.1074.0 2007.11.04 -
AVG 7.5.0.503 2007.11.04 -
BitDefender 7.2 2007.11.04 -
CAT-QuickHeal 9.00 2007.11.03 -
ClamAV 0.91.2 2007.11.04 -
DrWeb 4.44.0.09170 2007.11.04 -
eSafe 7.0.15.0 2007.10.28 -
eTrust-Vet 31.2.5264 2007.11.02 -
Ewido 4.0 2007.11.04 -
FileAdvisor 1 2007.11.04 -
Fortinet 3.11.0.0 2007.10.19 -
F-Prot 4.4.2.54 2007.11.03 -
F-Secure 6.70.13030.0 2007.11.04 -
Ikarus T3.1.1.12 2007.11.04 -
Kaspersky 7.0.0.125 2007.11.04 -
McAfee 5155 2007.11.02 -
Microsoft 1.2908 2007.11.04 -
NOD32v2 2636 2007.11.03 -
Norman 5.80.02 2007.11.02 -
Panda 9.0.0.4 2007.11.04 -
Prevx1 V2 2007.11.04 -
Rising 20.16.62.00 2007.11.04 -
Sophos 4.23.0 2007.11.04 -
Sunbelt 2.2.907.0 2007.11.02 -
Symantec 10 2007.11.04 -
TheHacker 6.2.9.110 2007.10.27 -
VBA32 3.12.2.4 2007.11.03 -
VirusBuster 4.3.26:9 2007.11.03 -
Webwasher-Gateway 6.6.1 2007.11.02 -

weitere Informationen
File size: 280 bytes
MD5: 5ebce09a6b0f2f6120d38e30bc616b96
SHA1: 1a55085dd06b454b5e051445888fd2747a0aab4a

Sunny

04.11.2007 18:32

Such bitte nun nochmal in den Interneteinstellungen ob die Einträge mit 85.255.x.x wieder vorhanden sind!

Wenn ja herauslöschen, und dann das hier ausführen:

RootkitRevealer scannen lassen

* Lade RootkitRevealer runter und entpacke das Archiv in einen eigenen Ordner, z.B. C:\programme\rootkitrevealer.
* Starte in diesem Ordner RootkitReavealer.exe. Alle anderen Programme schließen.
* Starte durch Klick auf "Scan".
* Wenn der Scan fertig ist das Logfile mit File -> Save abspeichern.

Gmer scannen lassen

* Lade dir Gmer von dieser Seite runter und entpacke es auf deinen Desktop.
* Starte gmer.exe und gehe zum Tab Rootkit. Alle anderen Programme sollen geschlossen sein.
* Stelle sicher, daß in der Leiste rechts alles von "System" bis "ADS" angehakt ist (Wichtig: "Show all" darf nicht angehakt sein) und starte den Scan mit "Scan". Mache nichts am Computer während der Scan läuft.
* Wenn der Scan fertig ist klicke auf "Copy" um das Log in die Zwischenablage zu kopieren. Mit "Ok" wird Gmer beendet.
* Füge das Log aus der Zwischenablage in deine Antwort hier ein.

Ich hoffe das zumindest eines der Programme unter VISTA läuft... :schmoll:

Hannibal252

04.11.2007 18:44

DIe Einträge waren nicht da. Ich habe trotzdem diesen Scan gemacht aber das Programm hat sich zum Schluss selbst geschlossen und ich musste mich neu anmelden.
Den Hijackthis hab ich übrigens gemacht nachdem ich gesehen habe, dass da keine eiträge mehr sind.

[EDIT]
Habe geschafft den Scan zu beenden, ABER ich kann die datei nicht abspeichern weil sie auf einem Interaktiven Dienstdialog erfolgt und dabei fehler auftretten.

Sunny

04.11.2007 19:20

Zitat:

Zitat von Hannibal252 (Beitrag 303112)

DIe Einträge waren nicht da.

Also aus dem letzten Logfile sind sie noch ersichtlich:

Zitat:

O17 - HKLM\System\CCS\Services\Tcpip\..\{920B322A-E7C9-4528-9995-B0F9EABDB1CD}: NameServer = 85.255.113.118,85.255.112.101
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.113.118 85.255.112.101
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.113.118 85.255.112.101

Was meinst du damit, welchen Scan?

Zitat:

Ich habe trotzdem diesen Scan gemacht aber das Programm hat sich zum Schluss selbst geschlossen und ich musste mich neu anmelden.

[EDIT]
Habe geschafft den Scan zu beenden, ABER ich kann die datei nicht abspeichern weil sie auf einem Interaktiven Dienstdialog erfolgt und dabei fehler auftretten.

Meinst du die Überprüfung mit den Rootkitscannern?

Hannibal252

04.11.2007 19:38

Ich habs geschaft mit diesem Gmer Programm n Scan vorzunehmen. Doch der ist zu lang. Der Passt hier nicht rein -.-

Zu den einträgen in den Internetoptionen. Da Steht definitiv nix mehr von dieser DNS. Ich habe keine Ahnung wo das her kommen soll.

Sunny

04.11.2007 19:44

Zitat:

Zitat von Hannibal252 (Beitrag 303125)

Ich habs geschaft mit diesem Gmer Programm n Scan vorzunehmen. Doch der ist zu lang. Der Passt hier nicht rein -.-

Dann teile den Report auf 2-3 Beiträge auf, ich suche mir das dann zusammen. ;)

Zitat:

Zu den einträgen in den Internetoptionen. Da Steht definitiv nix mehr von dieser DNS. Ich habe keine Ahnung wo das her kommen soll.

Diese Einträge kommen von dem Trojaner, dieser hat eine zusätzlich Verbindung bzw. Umleitung eingerichtet.
Meist ist der o.g. Trojaner mit Rootkit-Technologie ausgestattet und versteckt sich tief im System.

Es wird sehr schwierig dieses wieder zu entfernen, unter XP würde das schneller gehen, aber unter VISTA ist es für alle Helfer hier an Board noch Neuland. :schmoll:

Hannibal252

04.11.2007 19:50

Hmm und was kan das jetzt genau anrichten?

Hier der scan. Muss ihn in 5 Teile teilen.

GMER 1.0.13.12551 - http://www.gmer.net
Rootkit scan 2007-11-04 19:39:14
Windows 6.0.6000

---- System - GMER 1.0.13 ----
SSDT 9C4B41E0 ZwAlertResumeThread
SSDT A1291460 ZwAlertThread
SSDT 8E021320 ZwAllocateVirtualMemory
SSDT 8888EF30 ZwConnectPort
SSDT 9F7EEE28 ZwCreateMutant
SSDT 8E021368 ZwCreateThread
SSDT A1223B20 ZwFreeVirtualMemory
SSDT 9877D428 ZwImpersonateAnonymousToken
SSDT 9C5EC090 ZwImpersonateThread
SSDT 9AD88EB8 ZwMapViewOfSection
SSDT 9C51E070 ZwOpenEvent
SSDT 9AB58190 ZwOpenProcess
SSDT 9AC71A68 ZwOpenProcessToken
SSDT 9AB58195 ZwOpenThread
SSDT 9F7D4608 ZwOpenThreadToken
SSDT 9F6808B8 ZwResumeThread
SSDT A122A3F8 ZwSetContextThread
SSDT 9AD88D60 ZwSetInformationProcess
SSDT 9F7D44B0 ZwSetInformationThread
SSDT 9C40EDE0 ZwSuspendProcess
SSDT 9AD1CDC8 ZwSuspendThread
SSDT 8890ED90 ZwTerminateProcess
SSDT A122BEC0 ZwTerminateThread
SSDT 9AC0EA98 ZwUnmapViewOfSection
SSDT 8E021290 ZwWriteVirtualMemory

---- Kernel code sections - GMER 1.0.13 ----

? C:\Windows\System32\Drivers\sptd.sys Der Prozess kann nicht auf die Datei zugreifen, da sie von einem anderen Prozess verwendet wird.
.text USBPORT.SYS!DllUnload 8B9F2ACF 5 Bytes JMP 861F11C8
? C:\Windows\system32\Drivers\RKREVEAL150.SYS Das System kann die angegebene Datei nicht finden.

---- Kernel IAT/EAT - GMER 1.0.13 ----

IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortUchar] [8071A61E] \SystemRoot\System32\Drivers\sptd.sys
IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortUchar] [80719AD4] \SystemRoot\System32\Drivers\sptd.sys
IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortBufferUshort] [8071A748] \SystemRoot\System32\Drivers\sptd.sys
IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortUshort] [80719B9C] \SystemRoot\System32\Drivers\sptd.sys
IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortBufferUshort] [80719C1A] \SystemRoot\System32\Drivers\sptd.sys
IAT \SystemRoot\system32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [8072EACA] \SystemRoot\System32\Drivers\sptd.sys

---- User IAT/EAT - GMER 1.0.13 ----

IAT C:\Windows\System32\rundll32.exe[4524] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [6FE74618] C:\Windows\system32\ShimEng.dll
IAT C:\Windows\System32\rundll32.exe[4524] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [6FE74618] C:\Windows\system32\ShimEng.dll
IAT C:\Windows\System32\rundll32.exe[4524] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [6FE74618] C:\Windows\system32\ShimEng.dll
IAT C:\Windows\System32\rundll32.exe[4524] @ C:\Windows\system32\RPCRT4.dll [KERNEL32.dll!GetProcAddress] [6FE74618] C:\Windows\system32\ShimEng.dll
IAT C:\Windows\System32\rundll32.exe[4524] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetProcAddress] [6FE74618] C:\Windows\system32\ShimEng.dll
IAT C:\Windows\System32\rundll32.exe[4524] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [6FE74618] C:\Windows\system32\ShimEng.dll
IAT C:\Windows\System32\rundll32.exe[4524] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!CreateProcessW] [6F3B1923] C:\Windows\AppPatch\AcLayers.DLL
IAT C:\Windows\System32\rundll32.exe[4524] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!GetProcAddress] [6FE74618] C:\Windows\system32\ShimEng.dll
IAT C:\Windows\System32\rundll32.exe[4524] @ C:\Windows\System32\USERENV.dll [KERNEL32.dll!GetProcAddress] [6FE74618] C:\Windows\system32\ShimEng.dll
IAT C:\Windows\System32\rundll32.exe[4524] @ C:\Windows\System32\Secur32.dll [KERNEL32.dll!GetProcAddress] [6FE74618] C:\Windows\system32\ShimEng.dll
IAT C:\Windows\System32\rundll32.exe[4524] @ C:\Windows\system32\WS2_32.dll [KERNEL32.dll!GetProcAddress] [6FE74618] C:\Windows\system32\ShimEng.dll
IAT C:\Windows\System32\rundll32.exe[4524] @ C:\Windows\System32\SAMLIB.dll [KERNEL32.dll!GetProcAddress] [6FE74618] C:\Windows\system32\ShimEng.dll
IAT C:\Windows\System32\rundll32.exe[4768] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [6FE74618] C:\Windows\system32\ShimEng.dll
IAT C:\Windows\System32\rundll32.exe[4768] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [6FE74618] C:\Windows\system32\ShimEng.dll
IAT C:\Windows\System32\rundll32.exe[4768] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [6FE74618] C:\Windows\system32\ShimEng.dll
IAT C:\Windows\System32\rundll32.exe[4768] @ C:\Windows\system32\RPCRT4.dll [KERNEL32.dll!GetProcAddress] [6FE74618] C:\Windows\system32\ShimEng.dll
IAT C:\Windows\System32\rundll32.exe[4768] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetProcAddress] [6FE74618] C:\Windows\system32\ShimEng.dll
IAT C:\Windows\System32\rundll32.exe[4768] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [6FE74618] C:\Windows\system32\ShimEng.dll
IAT C:\Windows\System32\rundll32.exe[4768] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!CreateProcessW] [6F3B1923] C:\Windows\AppPatch\AcLayers.DLL
IAT C:\Windows\System32\rundll32.exe[4768] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!GetProcAddress] [6FE74618] C:\Windows\system32\ShimEng.dll
IAT C:\Windows\System32\rundll32.exe[4768] @ C:\Windows\System32\USERENV.dll [KERNEL32.dll!GetProcAddress] [6FE74618] C:\Windows\system32\ShimEng.dll
IAT C:\Windows\System32\rundll32.exe[4768] @ C:\Windows\System32\Secur32.dll [KERNEL32.dll!GetProcAddress] [6FE74618] C:\Windows\system32\ShimEng.dll
IAT C:\Windows\System32\rundll32.exe[4768] @ C:\Windows\system32\WS2_32.dll [KERNEL32.dll!GetProcAddress] [6FE74618] C:\Windows\system32\ShimEng.dll
IAT C:\Windows\System32\rundll32.exe[4768] @ C:\Windows\system32\NETAPI32.dll [KERNEL32.dll!GetProcAddress] [6FE74618] C:\Windows\system32\ShimEng.dll
IAT C:\Users\Rafael\Desktop\gmer\gmer.exe[6772] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!CopyFileW] [6C5E88F6] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Users\Rafael\Desktop\gmer\gmer.exe[6772] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!MoveFileW] [6C5E8B2F] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Users\Rafael\Desktop\gmer\gmer.exe[6772] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!DeleteFileW] [6C5E8A65] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Users\Rafael\Desktop\gmer\gmer.exe[6772] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!CreateFileW] [6C5EA391] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Users\Rafael\Desktop\gmer\gmer.exe[6772] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [6FE74618] C:\Windows\system32\ShimEng.dll
IAT C:\Users\Rafael\Desktop\gmer\gmer.exe[6772] @ C:\Windows\system32\USER32.dll [ADVAPI32.dll!RegOpenKeyExW] [6C5E9815] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Users\Rafael\Desktop\gmer\gmer.exe[6772] @ C:\Windows\system32\USER32.dll [ADVAPI32.dll!RegCreateKeyExW] [6C5E9639] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Users\Rafael\Desktop\gmer\gmer.exe[6772] @ C:\Windows\system32\USER32.dll [ADVAPI32.dll!RegSetValueExW] [6C5E9BA7] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Users\Rafael\Desktop\gmer\gmer.exe[6772] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!CopyFileW] [6C5E88F6] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Users\Rafael\Desktop\gmer\gmer.exe[6772] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [6FE74618] C:\Windows\system32\ShimEng.dll
IAT C:\Users\Rafael\Desktop\gmer\gmer.exe[6772] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!CreateFileW] [6C5EA391] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Users\Rafael\Desktop\gmer\gmer.exe[6772] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!DeleteFileW] [6C5E8A65] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Users\Rafael\Desktop\gmer\gmer.exe[6772] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [6FE74618] C:\Windows\system32\ShimEng.dll
IAT C:\Users\Rafael\Desktop\gmer\gmer.exe[6772] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!OpenFile] [6C5E8C84] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Users\Rafael\Desktop\gmer\gmer.exe[6772] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!CopyFileW] [6C5E88F6] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Users\Rafael\Desktop\gmer\gmer.exe[6772] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!DeleteFileW] [6C5E8A65] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Users\Rafael\Desktop\gmer\gmer.exe[6772] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!MoveFileW] [6C5E8B2F] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Users\Rafael\Desktop\gmer\gmer.exe[6772] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!CreateFileW] [6C5EA391] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Users\Rafael\Desktop\gmer\gmer.exe[6772] @ C:\Windows\system32\RPCRT4.dll [KERNEL32.dll!CreateFileW] [6C5EA391] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Users\Rafael\Desktop\gmer\gmer.exe[6772] @ C:\Windows\system32\RPCRT4.dll [KERNEL32.dll!GetProcAddress] [6FE74618] C:\Windows\system32\ShimEng.dll
IAT C:\Users\Rafael\Desktop\gmer\gmer.exe[6772] @ C:\Windows\system32\RPCRT4.dll [ADVAPI32.dll!RegCreateKeyExA] [6C5E952A] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Users\Rafael\Desktop\gmer\gmer.exe[6772] @ C:\Windows\system32\RPCRT4.dll [ADVAPI32.dll!RegSetValueExA] [6C5E9AFB] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Users\Rafael\Desktop\gmer\gmer.exe[6772] @ C:\Windows\system32\RPCRT4.dll [ADVAPI32.dll!RegOpenKeyExA] [6C5E9741] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Users\Rafael\Desktop\gmer\gmer.exe[6772] @ C:\Windows\system32\RPCRT4.dll [ADVAPI32.dll!RegOpenKeyExW] [6C5E9815] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Users\Rafael\Desktop\gmer\gmer.exe[6772] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!CreateProcessW] [6C5E2E2C] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Users\Rafael\Desktop\gmer\gmer.exe[6772] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!DeleteFileW] [6C5E8A65] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Users\Rafael\Desktop\gmer\gmer.exe[6772] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!GetFileAttributesExW] [6C5E2C16] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Users\Rafael\Desktop\gmer\gmer.exe[6772] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!CreateFileW] [6C5EA391] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Users\Rafael\Desktop\gmer\gmer.exe[6772] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!GetFileAttributesW] [6C5E2A18] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Users\Rafael\Desktop\gmer\gmer.exe[6772] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!GetProcAddress] [6FE74618] C:\Windows\system32\ShimEng.dll
IAT C:\Users\Rafael\Desktop\gmer\gmer.exe[6772] @ C:\Windows\system32\ole32.dll [ADVAPI32.dll!AccessCheck] [6C5E883A] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Users\Rafael\Desktop\gmer\gmer.exe[6772] @ C:\Windows\system32\ole32.dll [ADVAPI32.dll!RegSetValueW] [6C5E9A53] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Users\Rafael\Desktop\gmer\gmer.exe[6772] @ C:\Windows\system32\ole32.dll [ADVAPI32.dll!RegDeleteValueW] [6C5E9CF9] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Users\Rafael\Desktop\gmer\gmer.exe[6772] @ C:\Windows\system32\ole32.dll [ADVAPI32.dll!RegOpenKeyExW] [6C5E9815] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Users\Rafael\Desktop\gmer\gmer.exe[6772] @ C:\Windows\system32\ole32.dll [ADVAPI32.dll!RegSetValueExW] [6C5E9BA7] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Users\Rafael\Desktop\gmer\gmer.exe[6772] @ C:\Windows\system32\ole32.dll [ADVAPI32.dll!RegCreateKeyExW] [6C5E9639] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Users\Rafael\Desktop\gmer\gmer.exe[6772] @ C:\Windows\system32\ole32.dll [ADVAPI32.dll!RegOpenKeyExA] [6C5E9741] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Users\Rafael\Desktop\gmer\gmer.exe[6772] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!DeleteFileW] [6C5E8A65] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Users\Rafael\Desktop\gmer\gmer.exe[6772] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!SetFileAttributesW] [6C5E8FA6] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Users\Rafael\Desktop\gmer\gmer.exe[6772] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!CreateFileW] [6C5EA391] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Users\Rafael\Desktop\gmer\gmer.exe[6772] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!SetFileAttributesA] [6C5E8F4E] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Users\Rafael\Desktop\gmer\gmer.exe[6772] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!CreateFileA] [6C5EA275] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Users\Rafael\Desktop\gmer\gmer.exe[6772] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [6FE74618] C:\Windows\system32\ShimEng.dll
IAT C:\Users\Rafael\Desktop\gmer\gmer.exe[6772] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegSetValueExA] [6C5E9AFB] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Users\Rafael\Desktop\gmer\gmer.exe[6772] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegCreateKeyExA] [6C5E952A] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Users\Rafael\Desktop\gmer\gmer.exe[6772] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegOpenKeyExA] [6C5E9741] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Users\Rafael\Desktop\gmer\gmer.exe[6772] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegDeleteValueA] [6C5E9C57] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Users\Rafael\Desktop\gmer\gmer.exe[6772] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegCreateKeyExW] [6C5E9639] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Users\Rafael\Desktop\gmer\gmer.exe[6772] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegOpenKeyExW] [6C5E9815] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Users\Rafael\Desktop\gmer\gmer.exe[6772] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegSetValueExW] [6C5E9BA7] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Users\Rafael\Desktop\gmer\gmer.exe[6772] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegDeleteValueW] [6C5E9CF9] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Users\Rafael\Desktop\gmer\gmer.exe[6772] @ C:\Windows\system32\NETAPI32.dll [ADVAPI32.dll!RegSetValueExW] [6C5E9BA7] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Users\Rafael\Desktop\gmer\gmer.exe[6772] @ C:\Windows\system32\NETAPI32.dll [ADVAPI32.dll!SetFileSecurityW] [6C5E9DF4] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Users\Rafael\Desktop\gmer\gmer.exe[6772] @ C:\Windows\system32\NETAPI32.dll [ADVAPI32.dll!RegOpenKeyExA] [6C5E9741] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Users\Rafael\Desktop\gmer\gmer.exe[6772] @ C:\Windows\system32\NETAPI32.dll [ADVAPI32.dll!RegCreateKeyExW] [6C5E9639] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Users\Rafael\Desktop\gmer\gmer.exe[6772] @ C:\Windows\system32\NETAPI32.dll [ADVAPI32.dll!RegOpenKeyExW] [6C5E9815] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Users\Rafael\Desktop\gmer\gmer.exe[6772] @ C:\Windows\system32\NETAPI32.dll [ADVAPI32.dll!AccessCheck] [6C5E883A] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Users\Rafael\Desktop\gmer\gmer.exe[6772] @ C:\Windows\system32\NETAPI32.dll [KERNEL32.dll!CreateFileW] [6C5EA391] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Users\Rafael\Desktop\gmer\gmer.exe[6772] @ C:\Windows\system32\NETAPI32.dll [KERNEL32.dll!MoveFileExW] [6C5E8C14] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Users\Rafael\Desktop\gmer\gmer.exe[6772] @ C:\Windows\system32\NETAPI32.dll [KERNEL32.dll!GetProcAddress] [6FE74618] C:\Windows\system32\ShimEng.dll
IAT C:\Users\Rafael\Desktop\gmer\gmer.exe[6772] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!CopyFileW] [6C5E88F6] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Users\Rafael\Desktop\gmer\gmer.exe[6772] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!MoveFileW] [6C5E8B2F] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Users\Rafael\Desktop\gmer\gmer.exe[6772] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!DeleteFileW] [6C5E8A65] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Users\Rafael\Desktop\gmer\gmer.exe[6772] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!SetFileAttributesW] [6C5E8FA6] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Users\Rafael\Desktop\gmer\gmer.exe[6772] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!MoveFileExW] [6C5E8C14] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Users\Rafael\Desktop\gmer\gmer.exe[6772] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetProcAddress] [6FE74618] C:\Windows\system32\ShimEng.dll
IAT C:\Users\Rafael\Desktop\gmer\gmer.exe[6772] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!CreateFileW] [6C5EA391] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Users\Rafael\Desktop\gmer\gmer.exe[6772] @ C:\Windows\system32\SHELL32.dll [ADVAPI32.dll!RegOpenKeyExW] [6C5E9815] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Users\Rafael\Desktop\gmer\gmer.exe[6772] @ C:\Windows\system32\SHELL32.dll [ADVAPI32.dll!RegSetValueExW] [6C5E9BA7] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Users\Rafael\Desktop\gmer\gmer.exe[6772] @ C:\Windows\system32\SHELL32.dll [ADVAPI32.dll!RegCreateKeyExW] [6C5E9639] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Users\Rafael\Desktop\gmer\gmer.exe[6772] @ C:\Windows\system32\SHELL32.dll [ADVAPI32.dll!RegDeleteValueW] [6C5E9CF9] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Users\Rafael\Desktop\gmer\gmer.exe[6772] @ C:\Windows\system32\SHELL32.dll [ADVAPI32.dll!RegSetValueW] [6C5E9A53] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Users\Rafael\Desktop\gmer\gmer.exe[6772] @ C:\Windows\system32\SHELL32.dll [ADVAPI32.dll!RegCreateKeyW] [6C5E9498] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Users\Rafael\Desktop\gmer\gmer.exe[6772] @ C:\Windows\system32\SHELL32.dll [ADVAPI32.dll!SetFileSecurityW] [6C5E9DF4] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Users\Rafael\Desktop\gmer\gmer.exe[6772] @ C:\Windows\system32\SHELL32.dll [ADVAPI32.dll!AccessCheck] [6C5E883A] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Users\Rafael\Desktop\gmer\gmer.exe[6772] @ C:\Windows\system32\SHELL32.dll [ADVAPI32.dll!RegOpenKeyExA] [6C5E9741] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Users\Rafael\Desktop\gmer\gmer.exe[6772] @ C:\Windows\system32\USERENV.dll [KERNEL32.dll!PrivCopyFileExW] [6C5E8EEA] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Users\Rafael\Desktop\gmer\gmer.exe[6772] @ C:\Windows\system32\USERENV.dll [KERNEL32.dll!MoveFileExW] [6C5E8C14] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Users\Rafael\Desktop\gmer\gmer.exe[6772] @ C:\Windows\system32\USERENV.dll [KERNEL32.dll!DeleteFileW] [6C5E8A65] C:\Windows\AppPatch\AcGenral.DLL

Hannibal252

04.11.2007 19:51

IAT C:\Users\Rafael\Desktop\gmer\gmer.exe[6772] @ C:\Windows\system32\USERENV.dll [KERNEL32.dll!GetProcAddress] [6FE74618] C:\Windows\system32\ShimEng.dll
IAT C:\Users\Rafael\Desktop\gmer\gmer.exe[6772] @ C:\Windows\system32\USERENV.dll [KERNEL32.dll!CreateFileW] [6C5EA391] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Users\Rafael\Desktop\gmer\gmer.exe[6772] @ C:\Windows\system32\USERENV.dll [KERNEL32.dll!SetFileAttributesW] [6C5E8FA6] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Users\Rafael\Desktop\gmer\gmer.exe[6772] @ C:\Windows\system32\USERENV.dll [ADVAPI32.dll!SetFileSecurityW] [6C5E9DF4] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Users\Rafael\Desktop\gmer\gmer.exe[6772] @ C:\Windows\system32\USERENV.dll [ADVAPI32.dll!RegCreateKeyExW] [6C5E9639] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Users\Rafael\Desktop\gmer\gmer.exe[6772] @ C:\Windows\system32\USERENV.dll [ADVAPI32.dll!RegSetValueExW] [6C5E9BA7] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Users\Rafael\Desktop\gmer\gmer.exe[6772] @ C:\Windows\system32\USERENV.dll [ADVAPI32.dll!RegOpenKeyExW] [6C5E9815] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Users\Rafael\Desktop\gmer\gmer.exe[6772] @ C:\Windows\system32\Secur32.dll [KERNEL32.dll!CreateFileW] [6C5EA391] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Users\Rafael\Desktop\gmer\gmer.exe[6772] @ C:\Windows\system32\Secur32.dll [KERNEL32.dll!GetProcAddress] [6FE74618] C:\Windows\system32\ShimEng.dll
IAT C:\Users\Rafael\Desktop\gmer\gmer.exe[6772] @ C:\Windows\system32\Secur32.dll [ADVAPI32.dll!RegCreateKeyExW] [6C5E9639] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Users\Rafael\Desktop\gmer\gmer.exe[6772] @ C:\Windows\system32\Secur32.dll [ADVAPI32.dll!RegSetValueExW] [6C5E9BA7] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Users\Rafael\Desktop\gmer\gmer.exe[6772] @ C:\Windows\system32\Secur32.dll [ADVAPI32.dll!RegOpenKeyExW] [6C5E9815] C:\Windows\AppPatch\AcGenral.DLL

Device \FileSystem\Ntfs \Ntfs IRP_MJ_CREATE 84A581E8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_CLOSE 84A581E8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_READ 84A581E8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_WRITE 84A581E8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_INFORMATION 84A581E8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_SET_INFORMATION 84A581E8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_EA 84A581E8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_SET_EA 84A581E8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_FLUSH_BUFFERS 84A581E8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_VOLUME_INFORMATION 84A581E8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_SET_VOLUME_INFORMATION 84A581E8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_DIRECTORY_CONTROL 84A581E8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_FILE_SYSTEM_CONTROL 84A581E8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_DEVICE_CONTROL 84A581E8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_SHUTDOWN 84A581E8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_LOCK_CONTROL 84A581E8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_CLEANUP 84A581E8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_SECURITY 84A581E8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_SET_SECURITY 84A581E8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_QUOTA 84A581E8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_SET_QUOTA 84A581E8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_PNP 84A581E8

AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CREATE [8288BB02] symsnap.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CREATE_NAMED_PIPE [8288BB02] symsnap.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CLOSE [8288BB02] symsnap.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_READ [8288BB02] symsnap.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_WRITE [8288BB02] symsnap.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_INFORMATION [8288BB02] symsnap.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_INFORMATION [8288BB02] symsnap.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_EA [8288BB02] symsnap.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_EA [8288BB02] symsnap.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_FLUSH_BUFFERS [8288BB02] symsnap.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_VOLUME_INFORMATION [8288BB02] symsnap.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_VOLUME_INFORMATION [8288BB02] symsnap.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_DIRECTORY_CONTROL [8288BB02] symsnap.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_FILE_SYSTEM_CONTROL [8288BB02] symsnap.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_DEVICE_CONTROL [8288BB02] symsnap.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_INTERNAL_DEVICE_CONTROL [8288BB02] symsnap.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SHUTDOWN [8288BB02] symsnap.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_LOCK_CONTROL [8288BB02] symsnap.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CLEANUP [8288BB02] symsnap.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CREATE_MAILSLOT [8288BB02] symsnap.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_SECURITY [8288BB02] symsnap.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_SECURITY [8288BB02] symsnap.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_POWER [8288BB02] symsnap.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SYSTEM_CONTROL [8288BB02] symsnap.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_DEVICE_CHANGE [8288BB02] symsnap.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_QUOTA [8288BB02] symsnap.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_QUOTA [8288BB02] symsnap.sys
AttachedDevice \Driver\volsnap \Device\HarddiskVolumeShadowCopy1 IRP_MJ_CREATE [8288BB02] symsnap.sys
AttachedDevice \Driver\volsnap \Device\HarddiskVolumeShadowCopy1 IRP_MJ_CREATE_NAMED_PIPE [8288BB02] symsnap.sys
AttachedDevice \Driver\volsnap \Device\HarddiskVolumeShadowCopy1 IRP_MJ_CLOSE [8288BB02] symsnap.sys
AttachedDevice \Driver\volsnap \Device\HarddiskVolumeShadowCopy1 IRP_MJ_READ [8288BB02] symsnap.sys
AttachedDevice \Driver\volsnap \Device\HarddiskVolumeShadowCopy1 IRP_MJ_WRITE [8288BB02] symsnap.sys
AttachedDevice \Driver\volsnap \Device\HarddiskVolumeShadowCopy1 IRP_MJ_QUERY_INFORMATION [8288BB02] symsnap.sys
AttachedDevice \Driver\volsnap \Device\HarddiskVolumeShadowCopy1 IRP_MJ_SET_INFORMATION [8288BB02] symsnap.sys
AttachedDevice \Driver\volsnap \Device\HarddiskVolumeShadowCopy1 IRP_MJ_QUERY_EA [8288BB02] symsnap.sys
AttachedDevice \Driver\volsnap \Device\HarddiskVolumeShadowCopy1 IRP_MJ_SET_EA [8288BB02] symsnap.sys
AttachedDevice \Driver\volsnap \Device\HarddiskVolumeShadowCopy1 IRP_MJ_FLUSH_BUFFERS [8288BB02] symsnap.sys
AttachedDevice \Driver\volsnap \Device\HarddiskVolumeShadowCopy1 IRP_MJ_QUERY_VOLUME_INFORMATION [8288BB02] symsnap.sys
AttachedDevice \Driver\volsnap \Device\HarddiskVolumeShadowCopy1 IRP_MJ_SET_VOLUME_INFORMATION [8288BB02] symsnap.sys
AttachedDevice \Driver\volsnap \Device\HarddiskVolumeShadowCopy1 IRP_MJ_DIRECTORY_CONTROL [8288BB02] symsnap.sys
AttachedDevice \Driver\volsnap \Device\HarddiskVolumeShadowCopy1 IRP_MJ_FILE_SYSTEM_CONTROL [8288BB02] symsnap.sys
AttachedDevice \Driver\volsnap \Device\HarddiskVolumeShadowCopy1 IRP_MJ_DEVICE_CONTROL [8288BB02] symsnap.sys
AttachedDevice \Driver\volsnap \Device\HarddiskVolumeShadowCopy1 IRP_MJ_INTERNAL_DEVICE_CONTROL [8288BB02] symsnap.sys
AttachedDevice \Driver\volsnap \Device\HarddiskVolumeShadowCopy1 IRP_MJ_SHUTDOWN [8288BB02] symsnap.sys
AttachedDevice \Driver\volsnap \Device\HarddiskVolumeShadowCopy1 IRP_MJ_LOCK_CONTROL [8288BB02] symsnap.sys
AttachedDevice \Driver\volsnap \Device\HarddiskVolumeShadowCopy1 IRP_MJ_CLEANUP [8288BB02] symsnap.sys
AttachedDevice \Driver\volsnap \Device\HarddiskVolumeShadowCopy1 IRP_MJ_CREATE_MAILSLOT [8288BB02] symsnap.sys
AttachedDevice \Driver\volsnap \Device\HarddiskVolumeShadowCopy1 IRP_MJ_QUERY_SECURITY [8288BB02] symsnap.sys
AttachedDevice \Driver\volsnap \Device\HarddiskVolumeShadowCopy1 IRP_MJ_SET_SECURITY [8288BB02] symsnap.sys
AttachedDevice \Driver\volsnap \Device\HarddiskVolumeShadowCopy1 IRP_MJ_POWER [8288BB02] symsnap.sys
AttachedDevice \Driver\volsnap \Device\HarddiskVolumeShadowCopy1 IRP_MJ_SYSTEM_CONTROL [8288BB02] symsnap.sys
AttachedDevice \Driver\volsnap \Device\HarddiskVolumeShadowCopy1 IRP_MJ_DEVICE_CHANGE [8288BB02] symsnap.sys
AttachedDevice \Driver\volsnap \Device\HarddiskVolumeShadowCopy1 IRP_MJ_QUERY_QUOTA [8288BB02] symsnap.sys
AttachedDevice \Driver\volsnap \Device\HarddiskVolumeShadowCopy1 IRP_MJ_SET_QUOTA [8288BB02] symsnap.sys
AttachedDevice \Driver\volsnap \Device\HarddiskVolumeShadowCopy2 IRP_MJ_CREATE [8288BB02] symsnap.sys
AttachedDevice \Driver\volsnap \Device\HarddiskVolumeShadowCopy2 IRP_MJ_CREATE_NAMED_PIPE [8288BB02] symsnap.sys
AttachedDevice \Driver\volsnap \Device\HarddiskVolumeShadowCopy2 IRP_MJ_CLOSE [8288BB02] symsnap.sys
AttachedDevice \Driver\volsnap \Device\HarddiskVolumeShadowCopy2 IRP_MJ_READ [8288BB02] symsnap.sys
AttachedDevice \Driver\volsnap \Device\HarddiskVolumeShadowCopy2 IRP_MJ_WRITE [8288BB02] symsnap.sys
AttachedDevice \Driver\volsnap \Device\HarddiskVolumeShadowCopy2 IRP_MJ_QUERY_INFORMATION [8288BB02] symsnap.sys
AttachedDevice \Driver\volsnap \Device\HarddiskVolumeShadowCopy2 IRP_MJ_SET_INFORMATION [8288BB02] symsnap.sys
AttachedDevice \Driver\volsnap \Device\HarddiskVolumeShadowCopy2 IRP_MJ_QUERY_EA [8288BB02] symsnap.sys
AttachedDevice \Driver\volsnap \Device\HarddiskVolumeShadowCopy2 IRP_MJ_SET_EA [8288BB02] symsnap.sys
AttachedDevice \Driver\volsnap \Device\HarddiskVolumeShadowCopy2 IRP_MJ_FLUSH_BUFFERS [8288BB02] symsnap.sys
AttachedDevice \Driver\volsnap \Device\HarddiskVolumeShadowCopy2 IRP_MJ_QUERY_VOLUME_INFORMATION [8288BB02] symsnap.sys
AttachedDevice \Driver\volsnap \Device\HarddiskVolumeShadowCopy2 IRP_MJ_SET_VOLUME_INFORMATION [8288BB02] symsnap.sys
AttachedDevice \Driver\volsnap \Device\HarddiskVolumeShadowCopy2 IRP_MJ_DIRECTORY_CONTROL [8288BB02] symsnap.sys
AttachedDevice \Driver\volsnap \Device\HarddiskVolumeShadowCopy2 IRP_MJ_FILE_SYSTEM_CONTROL [8288BB02] symsnap.sys
AttachedDevice \Driver\volsnap \Device\HarddiskVolumeShadowCopy2 IRP_MJ_DEVICE_CONTROL [8288BB02] symsnap.sys
AttachedDevice \Driver\volsnap \Device\HarddiskVolumeShadowCopy2 IRP_MJ_INTERNAL_DEVICE_CONTROL [8288BB02] symsnap.sys
AttachedDevice \Driver\volsnap \Device\HarddiskVolumeShadowCopy2 IRP_MJ_SHUTDOWN [8288BB02] symsnap.sys
AttachedDevice \Driver\volsnap \Device\HarddiskVolumeShadowCopy2 IRP_MJ_LOCK_CONTROL [8288BB02] symsnap.sys
AttachedDevice \Driver\volsnap \Device\HarddiskVolumeShadowCopy2 IRP_MJ_CLEANUP [8288BB02] symsnap.sys
AttachedDevice \Driver\volsnap \Device\HarddiskVolumeShadowCopy2 IRP_MJ_CREATE_MAILSLOT [8288BB02] symsnap.sys
AttachedDevice \Driver\volsnap \Device\HarddiskVolumeShadowCopy2 IRP_MJ_QUERY_SECURITY [8288BB02] symsnap.sys
AttachedDevice \Driver\volsnap \Device\HarddiskVolumeShadowCopy2 IRP_MJ_SET_SECURITY [8288BB02] symsnap.sys
AttachedDevice \Driver\volsnap \Device\HarddiskVolumeShadowCopy2 IRP_MJ_POWER [8288BB02] symsnap.sys
AttachedDevice \Driver\volsnap \Device\HarddiskVolumeShadowCopy2 IRP_MJ_SYSTEM_CONTROL [8288BB02] symsnap.sys
AttachedDevice \Driver\volsnap \Device\HarddiskVolumeShadowCopy2 IRP_MJ_DEVICE_CHANGE [8288BB02] symsnap.sys
AttachedDevice \Driver\volsnap \Device\HarddiskVolumeShadowCopy2 IRP_MJ_QUERY_QUOTA [8288BB02] symsnap.sys
AttachedDevice \Driver\volsnap \Device\HarddiskVolumeShadowCopy2 IRP_MJ_SET_QUOTA [8288BB02] symsnap.sys

Device \Driver\volmgr \Device\VolMgrControl IRP_MJ_CREATE 84A531E8
Device \Driver\volmgr \Device\VolMgrControl IRP_MJ_READ 84A531E8
Device \Driver\volmgr \Device\VolMgrControl IRP_MJ_WRITE 84A531E8
Device \Driver\volmgr \Device\VolMgrControl IRP_MJ_FLUSH_BUFFERS 84A531E8
Device \Driver\volmgr \Device\VolMgrControl IRP_MJ_DEVICE_CONTROL 84A531E8
Device \Driver\volmgr \Device\VolMgrControl IRP_MJ_INTERNAL_DEVICE_CONTROL 84A531E8
Device \Driver\volmgr \Device\VolMgrControl IRP_MJ_SHUTDOWN 84A531E8
Device \Driver\volmgr \Device\VolMgrControl IRP_MJ_CLEANUP 84A531E8
Device \Driver\volmgr \Device\VolMgrControl IRP_MJ_POWER 84A531E8
Device \Driver\volmgr \Device\VolMgrControl IRP_MJ_SYSTEM_CONTROL 84A531E8
Device \Driver\volmgr \Device\VolMgrControl IRP_MJ_PNP 84A531E8

AttachedDevice \Driver\volsnap \Device\HarddiskVolumeShadowCopy3 IRP_MJ_CREATE [8288BB02] symsnap.sys
AttachedDevice \Driver\volsnap \Device\HarddiskVolumeShadowCopy3 IRP_MJ_CREATE_NAMED_PIPE [8288BB02] symsnap.sys
AttachedDevice \Driver\volsnap \Device\HarddiskVolumeShadowCopy3 IRP_MJ_CLOSE [8288BB02] symsnap.sys
AttachedDevice \Driver\volsnap \Device\HarddiskVolumeShadowCopy3 IRP_MJ_READ [8288BB02] symsnap.sys
AttachedDevice \Driver\volsnap \Device\HarddiskVolumeShadowCopy3 IRP_MJ_WRITE [8288BB02] symsnap.sys
AttachedDevice \Driver\volsnap \Device\HarddiskVolumeShadowCopy3 IRP_MJ_QUERY_INFORMATION [8288BB02] symsnap.sys
AttachedDevice \Driver\volsnap \Device\HarddiskVolumeShadowCopy3 IRP_MJ_SET_INFORMATION [8288BB02] symsnap.sys
AttachedDevice \Driver\volsnap \Device\HarddiskVolumeShadowCopy3 IRP_MJ_QUERY_EA [8288BB02] symsnap.sys
AttachedDevice \Driver\volsnap \Device\HarddiskVolumeShadowCopy3 IRP_MJ_SET_EA [8288BB02] symsnap.sys
AttachedDevice \Driver\volsnap \Device\HarddiskVolumeShadowCopy3 IRP_MJ_FLUSH_BUFFERS [8288BB02] symsnap.sys

Hannibal252

04.11.2007 19:52

AttachedDevice \Driver\volsnap \Device\HarddiskVolumeShadowCopy3 IRP_MJ_QUERY_VOLUME_INFORMATION [8288BB02] symsnap.sys
AttachedDevice \Driver\volsnap \Device\HarddiskVolumeShadowCopy3 IRP_MJ_SET_VOLUME_INFORMATION [8288BB02] symsnap.sys
AttachedDevice \Driver\volsnap \Device\HarddiskVolumeShadowCopy3 IRP_MJ_DIRECTORY_CONTROL [8288BB02] symsnap.sys
AttachedDevice \Driver\volsnap \Device\HarddiskVolumeShadowCopy3 IRP_MJ_FILE_SYSTEM_CONTROL [8288BB02] symsnap.sys
AttachedDevice \Driver\volsnap \Device\HarddiskVolumeShadowCopy3 IRP_MJ_DEVICE_CONTROL [8288BB02] symsnap.sys
AttachedDevice \Driver\volsnap \Device\HarddiskVolumeShadowCopy3 IRP_MJ_INTERNAL_DEVICE_CONTROL [8288BB02] symsnap.sys
AttachedDevice \Driver\volsnap \Device\HarddiskVolumeShadowCopy3 IRP_MJ_SHUTDOWN [8288BB02] symsnap.sys
AttachedDevice \Driver\volsnap \Device\HarddiskVolumeShadowCopy3 IRP_MJ_LOCK_CONTROL [8288BB02] symsnap.sys
AttachedDevice \Driver\volsnap \Device\HarddiskVolumeShadowCopy3 IRP_MJ_CLEANUP [8288BB02] symsnap.sys
AttachedDevice \Driver\volsnap \Device\HarddiskVolumeShadowCopy3 IRP_MJ_CREATE_MAILSLOT [8288BB02] symsnap.sys
AttachedDevice \Driver\volsnap \Device\HarddiskVolumeShadowCopy3 IRP_MJ_QUERY_SECURITY [8288BB02] symsnap.sys
AttachedDevice \Driver\volsnap \Device\HarddiskVolumeShadowCopy3 IRP_MJ_SET_SECURITY [8288BB02] symsnap.sys
AttachedDevice \Driver\volsnap \Device\HarddiskVolumeShadowCopy3 IRP_MJ_POWER [8288BB02] symsnap.sys
AttachedDevice \Driver\volsnap \Device\HarddiskVolumeShadowCopy3 IRP_MJ_SYSTEM_CONTROL [8288BB02] symsnap.sys
AttachedDevice \Driver\volsnap \Device\HarddiskVolumeShadowCopy3 IRP_MJ_DEVICE_CHANGE [8288BB02] symsnap.sys
AttachedDevice \Driver\volsnap \Device\HarddiskVolumeShadowCopy3 IRP_MJ_QUERY_QUOTA [8288BB02] symsnap.sys
AttachedDevice \Driver\volsnap \Device\HarddiskVolumeShadowCopy3 IRP_MJ_SET_QUOTA [8288BB02] symsnap.sys
AttachedDevice \Driver\volsnap \Device\HarddiskVolumeShadowCopy4 IRP_MJ_CREATE [8288BB02] symsnap.sys
AttachedDevice \Driver\volsnap \Device\HarddiskVolumeShadowCopy4 IRP_MJ_CREATE_NAMED_PIPE [8288BB02] symsnap.sys
AttachedDevice \Driver\volsnap \Device\HarddiskVolumeShadowCopy4 IRP_MJ_CLOSE [8288BB02] symsnap.sys
AttachedDevice \Driver\volsnap \Device\HarddiskVolumeShadowCopy4 IRP_MJ_READ [8288BB02] symsnap.sys
AttachedDevice \Driver\volsnap \Device\HarddiskVolumeShadowCopy4 IRP_MJ_WRITE [8288BB02] symsnap.sys
AttachedDevice \Driver\volsnap \Device\HarddiskVolumeShadowCopy4 IRP_MJ_QUERY_INFORMATION [8288BB02] symsnap.sys
AttachedDevice \Driver\volsnap \Device\HarddiskVolumeShadowCopy4 IRP_MJ_SET_INFORMATION [8288BB02] symsnap.sys
AttachedDevice \Driver\volsnap \Device\HarddiskVolumeShadowCopy4 IRP_MJ_QUERY_EA [8288BB02] symsnap.sys
AttachedDevice \Driver\volsnap \Device\HarddiskVolumeShadowCopy4 IRP_MJ_SET_EA [8288BB02] symsnap.sys
AttachedDevice \Driver\volsnap \Device\HarddiskVolumeShadowCopy4 IRP_MJ_FLUSH_BUFFERS [8288BB02] symsnap.sys
AttachedDevice \Driver\volsnap \Device\HarddiskVolumeShadowCopy4 IRP_MJ_QUERY_VOLUME_INFORMATION [8288BB02] symsnap.sys
AttachedDevice \Driver\volsnap \Device\HarddiskVolumeShadowCopy4 IRP_MJ_SET_VOLUME_INFORMATION [8288BB02] symsnap.sys
AttachedDevice \Driver\volsnap \Device\HarddiskVolumeShadowCopy4 IRP_MJ_DIRECTORY_CONTROL [8288BB02] symsnap.sys
AttachedDevice \Driver\volsnap \Device\HarddiskVolumeShadowCopy4 IRP_MJ_FILE_SYSTEM_CONTROL [8288BB02] symsnap.sys
AttachedDevice \Driver\volsnap \Device\HarddiskVolumeShadowCopy4 IRP_MJ_DEVICE_CONTROL [8288BB02] symsnap.sys
AttachedDevice \Driver\volsnap \Device\HarddiskVolumeShadowCopy4 IRP_MJ_INTERNAL_DEVICE_CONTROL [8288BB02] symsnap.sys
AttachedDevice \Driver\volsnap \Device\HarddiskVolumeShadowCopy4 IRP_MJ_SHUTDOWN [8288BB02] symsnap.sys
AttachedDevice \Driver\volsnap \Device\HarddiskVolumeShadowCopy4 IRP_MJ_LOCK_CONTROL [8288BB02] symsnap.sys
AttachedDevice \Driver\volsnap \Device\HarddiskVolumeShadowCopy4 IRP_MJ_CLEANUP [8288BB02] symsnap.sys
AttachedDevice \Driver\volsnap \Device\HarddiskVolumeShadowCopy4 IRP_MJ_CREATE_MAILSLOT [8288BB02] symsnap.sys
AttachedDevice \Driver\volsnap \Device\HarddiskVolumeShadowCopy4 IRP_MJ_QUERY_SECURITY [8288BB02] symsnap.sys
AttachedDevice \Driver\volsnap \Device\HarddiskVolumeShadowCopy4 IRP_MJ_SET_SECURITY [8288BB02] symsnap.sys
AttachedDevice \Driver\volsnap \Device\HarddiskVolumeShadowCopy4 IRP_MJ_POWER [8288BB02] symsnap.sys
AttachedDevice \Driver\volsnap \Device\HarddiskVolumeShadowCopy4 IRP_MJ_SYSTEM_CONTROL [8288BB02] symsnap.sys
AttachedDevice \Driver\volsnap \Device\HarddiskVolumeShadowCopy4 IRP_MJ_DEVICE_CHANGE [8288BB02] symsnap.sys
AttachedDevice \Driver\volsnap \Device\HarddiskVolumeShadowCopy4 IRP_MJ_QUERY_QUOTA [8288BB02] symsnap.sys
AttachedDevice \Driver\volsnap \Device\HarddiskVolumeShadowCopy4 IRP_MJ_SET_QUOTA [8288BB02] symsnap.sys

Device \Driver\usbuhci \Device\USBPDO-0 IRP_MJ_CREATE 870AE1E8
Device \Driver\usbuhci \Device\USBPDO-0 IRP_MJ_CLOSE 870AE1E8
Device \Driver\usbuhci \Device\USBPDO-0 IRP_MJ_DEVICE_CONTROL 870AE1E8
Device \Driver\usbuhci \Device\USBPDO-0 IRP_MJ_INTERNAL_DEVICE_CONTROL 870AE1E8
Device \Driver\usbuhci \Device\USBPDO-0 IRP_MJ_POWER 870AE1E8
Device \Driver\usbuhci \Device\USBPDO-0 IRP_MJ_SYSTEM_CONTROL 870AE1E8
Device \Driver\usbuhci \Device\USBPDO-0 IRP_MJ_PNP 870AE1E8

AttachedDevice \Driver\volsnap \Device\HarddiskVolumeShadowCopy5 IRP_MJ_CREATE [8288BB02] symsnap.sys
AttachedDevice \Driver\volsnap \Device\HarddiskVolumeShadowCopy5 IRP_MJ_CREATE_NAMED_PIPE [8288BB02] symsnap.sys
AttachedDevice \Driver\volsnap \Device\HarddiskVolumeShadowCopy5 IRP_MJ_CLOSE [8288BB02] symsnap.sys
AttachedDevice \Driver\volsnap \Device\HarddiskVolumeShadowCopy5 IRP_MJ_READ [8288BB02] symsnap.sys
AttachedDevice \Driver\volsnap \Device\HarddiskVolumeShadowCopy5 IRP_MJ_WRITE [8288BB02] symsnap.sys
AttachedDevice \Driver\volsnap \Device\HarddiskVolumeShadowCopy5 IRP_MJ_QUERY_INFORMATION [8288BB02] symsnap.sys
AttachedDevice \Driver\volsnap \Device\HarddiskVolumeShadowCopy5 IRP_MJ_SET_INFORMATION [8288BB02] symsnap.sys
AttachedDevice \Driver\volsnap \Device\HarddiskVolumeShadowCopy5 IRP_MJ_QUERY_EA [8288BB02] symsnap.sys
AttachedDevice \Driver\volsnap \Device\HarddiskVolumeShadowCopy5 IRP_MJ_SET_EA [8288BB02] symsnap.sys
AttachedDevice \Driver\volsnap \Device\HarddiskVolumeShadowCopy5 IRP_MJ_FLUSH_BUFFERS [8288BB02] symsnap.sys
AttachedDevice \Driver\volsnap \Device\HarddiskVolumeShadowCopy5 IRP_MJ_QUERY_VOLUME_INFORMATION [8288BB02] symsnap.sys
AttachedDevice \Driver\volsnap \Device\HarddiskVolumeShadowCopy5 IRP_MJ_SET_VOLUME_INFORMATION [8288BB02] symsnap.sys
AttachedDevice \Driver\volsnap \Device\HarddiskVolumeShadowCopy5 IRP_MJ_DIRECTORY_CONTROL [8288BB02] symsnap.sys
AttachedDevice \Driver\volsnap \Device\HarddiskVolumeShadowCopy5 IRP_MJ_FILE_SYSTEM_CONTROL [8288BB02] symsnap.sys
AttachedDevice \Driver\volsnap \Device\HarddiskVolumeShadowCopy5 IRP_MJ_DEVICE_CONTROL [8288BB02] symsnap.sys
AttachedDevice \Driver\volsnap \Device\HarddiskVolumeShadowCopy5 IRP_MJ_INTERNAL_DEVICE_CONTROL [8288BB02] symsnap.sys
AttachedDevice \Driver\volsnap \Device\HarddiskVolumeShadowCopy5 IRP_MJ_SHUTDOWN [8288BB02] symsnap.sys
AttachedDevice \Driver\volsnap \Device\HarddiskVolumeShadowCopy5 IRP_MJ_LOCK_CONTROL [8288BB02] symsnap.sys
AttachedDevice \Driver\volsnap \Device\HarddiskVolumeShadowCopy5 IRP_MJ_CLEANUP [8288BB02] symsnap.sys
AttachedDevice \Driver\volsnap \Device\HarddiskVolumeShadowCopy5 IRP_MJ_CREATE_MAILSLOT [8288BB02] symsnap.sys
AttachedDevice \Driver\volsnap \Device\HarddiskVolumeShadowCopy5 IRP_MJ_QUERY_SECURITY [8288BB02] symsnap.sys
AttachedDevice \Driver\volsnap \Device\HarddiskVolumeShadowCopy5 IRP_MJ_SET_SECURITY [8288BB02] symsnap.sys
AttachedDevice \Driver\volsnap \Device\HarddiskVolumeShadowCopy5 IRP_MJ_POWER [8288BB02] symsnap.sys
AttachedDevice \Driver\volsnap \Device\HarddiskVolumeShadowCopy5 IRP_MJ_SYSTEM_CONTROL [8288BB02] symsnap.sys
AttachedDevice \Driver\volsnap \Device\HarddiskVolumeShadowCopy5 IRP_MJ_DEVICE_CHANGE [8288BB02] symsnap.sys
AttachedDevice \Driver\volsnap \Device\HarddiskVolumeShadowCopy5 IRP_MJ_QUERY_QUOTA [8288BB02] symsnap.sys
AttachedDevice \Driver\volsnap \Device\HarddiskVolumeShadowCopy5 IRP_MJ_SET_QUOTA [8288BB02] symsnap.sys

Device \Driver\usbuhci \Device\USBPDO-1 IRP_MJ_CREATE 870AE1E8
Device \Driver\usbuhci \Device\USBPDO-1 IRP_MJ_CLOSE 870AE1E8
Device \Driver\usbuhci \Device\USBPDO-1 IRP_MJ_DEVICE_CONTROL 870AE1E8
Device \Driver\usbuhci \Device\USBPDO-1 IRP_MJ_INTERNAL_DEVICE_CONTROL 870AE1E8
Device \Driver\usbuhci \Device\USBPDO-1 IRP_MJ_POWER 870AE1E8
Device \Driver\usbuhci \Device\USBPDO-1 IRP_MJ_SYSTEM_CONTROL 870AE1E8
Device \Driver\usbuhci \Device\USBPDO-1 IRP_MJ_PNP 870AE1E8

AttachedDevice \Driver\volsnap \Device\HarddiskVolumeShadowCopy6 IRP_MJ_CREATE [8288BB02] symsnap.sys
AttachedDevice \Driver\volsnap \Device\HarddiskVolumeShadowCopy6 IRP_MJ_CREATE_NAMED_PIPE [8288BB02] symsnap.sys
AttachedDevice \Driver\volsnap \Device\HarddiskVolumeShadowCopy6 IRP_MJ_CLOSE [8288BB02] symsnap.sys
AttachedDevice \Driver\volsnap \Device\HarddiskVolumeShadowCopy6 IRP_MJ_READ [8288BB02] symsnap.sys
AttachedDevice \Driver\volsnap \Device\HarddiskVolumeShadowCopy6 IRP_MJ_WRITE [8288BB02] symsnap.sys
AttachedDevice \Driver\volsnap \Device\HarddiskVolumeShadowCopy6 IRP_MJ_QUERY_INFORMATION [8288BB02] symsnap.sys
AttachedDevice \Driver\volsnap \Device\HarddiskVolumeShadowCopy6 IRP_MJ_SET_INFORMATION [8288BB02] symsnap.sys
AttachedDevice \Driver\volsnap \Device\HarddiskVolumeShadowCopy6 IRP_MJ_QUERY_EA [8288BB02] symsnap.sys
AttachedDevice \Driver\volsnap \Device\HarddiskVolumeShadowCopy6 IRP_MJ_SET_EA [8288BB02] symsnap.sys
AttachedDevice \Driver\volsnap \Device\HarddiskVolumeShadowCopy6 IRP_MJ_FLUSH_BUFFERS [8288BB02] symsnap.sys
AttachedDevice \Driver\volsnap \Device\HarddiskVolumeShadowCopy6 IRP_MJ_QUERY_VOLUME_INFORMATION [8288BB02] symsnap.sys
AttachedDevice \Driver\volsnap \Device\HarddiskVolumeShadowCopy6 IRP_MJ_SET_VOLUME_INFORMATION [8288BB02] symsnap.sys
AttachedDevice \Driver\volsnap \Device\HarddiskVolumeShadowCopy6 IRP_MJ_DIRECTORY_CONTROL [8288BB02] symsnap.sys
AttachedDevice \Driver\volsnap \Device\HarddiskVolumeShadowCopy6 IRP_MJ_FILE_SYSTEM_CONTROL [8288BB02] symsnap.sys
AttachedDevice \Driver\volsnap \Device\HarddiskVolumeShadowCopy6 IRP_MJ_DEVICE_CONTROL [8288BB02] symsnap.sys
AttachedDevice \Driver\volsnap \Device\HarddiskVolumeShadowCopy6 IRP_MJ_INTERNAL_DEVICE_CONTROL [8288BB02] symsnap.sys
AttachedDevice \Driver\volsnap \Device\HarddiskVolumeShadowCopy6 IRP_MJ_SHUTDOWN [8288BB02] symsnap.sys
AttachedDevice \Driver\volsnap \Device\HarddiskVolumeShadowCopy6 IRP_MJ_LOCK_CONTROL [8288BB02] symsnap.sys
AttachedDevice \Driver\volsnap \Device\HarddiskVolumeShadowCopy6 IRP_MJ_CLEANUP [8288BB02] symsnap.sys
AttachedDevice \Driver\volsnap \Device\HarddiskVolumeShadowCopy6 IRP_MJ_CREATE_MAILSLOT [8288BB02] symsnap.sys
AttachedDevice \Driver\volsnap \Device\HarddiskVolumeShadowCopy6 IRP_MJ_QUERY_SECURITY [8288BB02] symsnap.sys
AttachedDevice \Driver\volsnap \Device\HarddiskVolumeShadowCopy6 IRP_MJ_SET_SECURITY [8288BB02] symsnap.sys
AttachedDevice \Driver\volsnap \Device\HarddiskVolumeShadowCopy6 IRP_MJ_POWER [8288BB02] symsnap.sys
AttachedDevice \Driver\volsnap \Device\HarddiskVolumeShadowCopy6 IRP_MJ_SYSTEM_CONTROL [8288BB02] symsnap.sys
AttachedDevice \Driver\volsnap \Device\HarddiskVolumeShadowCopy6 IRP_MJ_DEVICE_CHANGE [8288BB02] symsnap.sys
AttachedDevice \Driver\volsnap \Device\HarddiskVolumeShadowCopy6 IRP_MJ_QUERY_QUOTA [8288BB02] symsnap.sys
AttachedDevice \Driver\volsnap \Device\HarddiskVolumeShadowCopy6 IRP_MJ_SET_QUOTA [8288BB02] symsnap.sys

Device \Driver\usbehci \Device\USBPDO-2 IRP_MJ_CREATE 870727A0
Device \Driver\usbehci \Device\USBPDO-2 IRP_MJ_CLOSE 870727A0
Device \Driver\usbehci \Device\USBPDO-2 IRP_MJ_DEVICE_CONTROL 870727A0
Device \Driver\usbehci \Device\USBPDO-2 IRP_MJ_INTERNAL_DEVICE_CONTROL 870727A0
Device \Driver\usbehci \Device\USBPDO-2 IRP_MJ_POWER 870727A0
Device \Driver\usbehci \Device\USBPDO-2 IRP_MJ_SYSTEM_CONTROL 870727A0
Device \Driver\usbehci \Device\USBPDO-2 IRP_MJ_PNP 870727A0

AttachedDevice \Driver\volsnap \Device\HarddiskVolumeShadowCopy7 IRP_MJ_CREATE [8288BB02] symsnap.sys
AttachedDevice \Driver\volsnap \Device\HarddiskVolumeShadowCopy7 IRP_MJ_CREATE_NAMED_PIPE [8288BB02] symsnap.sys
AttachedDevice \Driver\volsnap \Device\HarddiskVolumeShadowCopy7 IRP_MJ_CLOSE [8288BB02] symsnap.sys
AttachedDevice \Driver\volsnap \Device\HarddiskVolumeShadowCopy7 IRP_MJ_READ [8288BB02] symsnap.sys
AttachedDevice \Driver\volsnap \Device\HarddiskVolumeShadowCopy7 IRP_MJ_WRITE [8288BB02] symsnap.sys
AttachedDevice \Driver\volsnap \Device\HarddiskVolumeShadowCopy7 IRP_MJ_QUERY_INFORMATION [8288BB02] symsnap.sys
AttachedDevice \Driver\volsnap \Device\HarddiskVolumeShadowCopy7 IRP_MJ_SET_INFORMATION [8288BB02] symsnap.sys
AttachedDevice \Driver\volsnap \Device\HarddiskVolumeShadowCopy7 IRP_MJ_QUERY_EA [8288BB02] symsnap.sys
AttachedDevice \Driver\volsnap \Device\HarddiskVolumeShadowCopy7 IRP_MJ_SET_EA [8288BB02] symsnap.sys
AttachedDevice \Driver\volsnap \Device\HarddiskVolumeShadowCopy7 IRP_MJ_FLUSH_BUFFERS [8288BB02] symsnap.sys
AttachedDevice \Driver\volsnap \Device\HarddiskVolumeShadowCopy7 IRP_MJ_QUERY_VOLUME_INFORMATION [8288BB02] symsnap.sys
AttachedDevice \Driver\volsnap \Device\HarddiskVolumeShadowCopy7 IRP_MJ_SET_VOLUME_INFORMATION [8288BB02] symsnap.sys
AttachedDevice \Driver\volsnap \Device\HarddiskVolumeShadowCopy7 IRP_MJ_DIRECTORY_CONTROL [8288BB02] symsnap.sys
AttachedDevice \Driver\volsnap \Device\HarddiskVolumeShadowCopy7 IRP_MJ_FILE_SYSTEM_CONTROL [8288BB02] symsnap.sys
AttachedDevice \Driver\volsnap \Device\HarddiskVolumeShadowCopy7 IRP_MJ_DEVICE_CONTROL [8288BB02] symsnap.sys
AttachedDevice \Driver\volsnap \Device\HarddiskVolumeShadowCopy7 IRP_MJ_INTERNAL_DEVICE_CONTROL [8288BB02] symsnap.sys
AttachedDevice \Driver\volsnap \Device\HarddiskVolumeShadowCopy7 IRP_MJ_SHUTDOWN [8288BB02] symsnap.sys

Hannibal252

04.11.2007 19:54

AttachedDevice \Driver\volsnap \Device\HarddiskVolumeShadowCopy7 IRP_MJ_LOCK_CONTROL [8288BB02] symsnap.sys
AttachedDevice \Driver\volsnap \Device\HarddiskVolumeShadowCopy7 IRP_MJ_CLEANUP [8288BB02] symsnap.sys
AttachedDevice \Driver\volsnap \Device\HarddiskVolumeShadowCopy7 IRP_MJ_CREATE_MAILSLOT [8288BB02] symsnap.sys
AttachedDevice \Driver\volsnap \Device\HarddiskVolumeShadowCopy7 IRP_MJ_QUERY_SECURITY [8288BB02] symsnap.sys
AttachedDevice \Driver\volsnap \Device\HarddiskVolumeShadowCopy7 IRP_MJ_SET_SECURITY [8288BB02] symsnap.sys
AttachedDevice \Driver\volsnap \Device\HarddiskVolumeShadowCopy7 IRP_MJ_POWER [8288BB02] symsnap.sys
AttachedDevice \Driver\volsnap \Device\HarddiskVolumeShadowCopy7 IRP_MJ_SYSTEM_CONTROL [8288BB02] symsnap.sys
AttachedDevice \Driver\volsnap \Device\HarddiskVolumeShadowCopy7 IRP_MJ_DEVICE_CHANGE [8288BB02] symsnap.sys
AttachedDevice \Driver\volsnap \Device\HarddiskVolumeShadowCopy7 IRP_MJ_QUERY_QUOTA [8288BB02] symsnap.sys
AttachedDevice \Driver\volsnap \Device\HarddiskVolumeShadowCopy7 IRP_MJ_SET_QUOTA [8288BB02] symsnap.sys

Device \Driver\usbuhci \Device\USBPDO-3 IRP_MJ_CREATE 870AE1E8
Device \Driver\usbuhci \Device\USBPDO-3 IRP_MJ_CLOSE 870AE1E8
Device \Driver\usbuhci \Device\USBPDO-3 IRP_MJ_DEVICE_CONTROL 870AE1E8
Device \Driver\usbuhci \Device\USBPDO-3 IRP_MJ_INTERNAL_DEVICE_CONTROL 870AE1E8
Device \Driver\usbuhci \Device\USBPDO-3 IRP_MJ_POWER 870AE1E8
Device \Driver\usbuhci \Device\USBPDO-3 IRP_MJ_SYSTEM_CONTROL 870AE1E8
Device \Driver\usbuhci \Device\USBPDO-3 IRP_MJ_PNP 870AE1E8

AttachedDevice \Driver\volsnap \Device\HarddiskVolumeShadowCopy8 IRP_MJ_CREATE [8288BB02] symsnap.sys
AttachedDevice \Driver\volsnap \Device\HarddiskVolumeShadowCopy8 IRP_MJ_CREATE_NAMED_PIPE [8288BB02] symsnap.sys
AttachedDevice \Driver\volsnap \Device\HarddiskVolumeShadowCopy8 IRP_MJ_CLOSE [8288BB02] symsnap.sys
AttachedDevice \Driver\volsnap \Device\HarddiskVolumeShadowCopy8 IRP_MJ_READ [8288BB02] symsnap.sys
AttachedDevice \Driver\volsnap \Device\HarddiskVolumeShadowCopy8 IRP_MJ_WRITE [8288BB02] symsnap.sys
AttachedDevice \Driver\volsnap \Device\HarddiskVolumeShadowCopy8 IRP_MJ_QUERY_INFORMATION [8288BB02] symsnap.sys
AttachedDevice \Driver\volsnap \Device\HarddiskVolumeShadowCopy8 IRP_MJ_SET_INFORMATION [8288BB02] symsnap.sys
AttachedDevice \Driver\volsnap \Device\HarddiskVolumeShadowCopy8 IRP_MJ_QUERY_EA [8288BB02] symsnap.sys
AttachedDevice \Driver\volsnap \Device\HarddiskVolumeShadowCopy8 IRP_MJ_SET_EA [8288BB02] symsnap.sys
AttachedDevice \Driver\volsnap \Device\HarddiskVolumeShadowCopy8 IRP_MJ_FLUSH_BUFFERS [8288BB02] symsnap.sys
AttachedDevice \Driver\volsnap \Device\HarddiskVolumeShadowCopy8 IRP_MJ_QUERY_VOLUME_INFORMATION [8288BB02] symsnap.sys
AttachedDevice \Driver\volsnap \Device\HarddiskVolumeShadowCopy8 IRP_MJ_SET_VOLUME_INFORMATION [8288BB02] symsnap.sys
AttachedDevice \Driver\volsnap \Device\HarddiskVolumeShadowCopy8 IRP_MJ_DIRECTORY_CONTROL [8288BB02] symsnap.sys
AttachedDevice \Driver\volsnap \Device\HarddiskVolumeShadowCopy8 IRP_MJ_FILE_SYSTEM_CONTROL [8288BB02] symsnap.sys
AttachedDevice \Driver\volsnap \Device\HarddiskVolumeShadowCopy8 IRP_MJ_DEVICE_CONTROL [8288BB02] symsnap.sys
AttachedDevice \Driver\volsnap \Device\HarddiskVolumeShadowCopy8 IRP_MJ_INTERNAL_DEVICE_CONTROL [8288BB02] symsnap.sys
AttachedDevice \Driver\volsnap \Device\HarddiskVolumeShadowCopy8 IRP_MJ_SHUTDOWN [8288BB02] symsnap.sys
AttachedDevice \Driver\volsnap \Device\HarddiskVolumeShadowCopy8 IRP_MJ_LOCK_CONTROL [8288BB02] symsnap.sys
AttachedDevice \Driver\volsnap \Device\HarddiskVolumeShadowCopy8 IRP_MJ_CLEANUP [8288BB02] symsnap.sys
AttachedDevice \Driver\volsnap \Device\HarddiskVolumeShadowCopy8 IRP_MJ_CREATE_MAILSLOT [8288BB02] symsnap.sys
AttachedDevice \Driver\volsnap \Device\HarddiskVolumeShadowCopy8 IRP_MJ_QUERY_SECURITY [8288BB02] symsnap.sys
AttachedDevice \Driver\volsnap \Device\HarddiskVolumeShadowCopy8 IRP_MJ_SET_SECURITY [8288BB02] symsnap.sys
AttachedDevice \Driver\volsnap \Device\HarddiskVolumeShadowCopy8 IRP_MJ_POWER [8288BB02] symsnap.sys
AttachedDevice \Driver\volsnap \Device\HarddiskVolumeShadowCopy8 IRP_MJ_SYSTEM_CONTROL [8288BB02] symsnap.sys
AttachedDevice \Driver\volsnap \Device\HarddiskVolumeShadowCopy8 IRP_MJ_DEVICE_CHANGE [8288BB02] symsnap.sys
AttachedDevice \Driver\volsnap \Device\HarddiskVolumeShadowCopy8 IRP_MJ_QUERY_QUOTA [8288BB02] symsnap.sys
AttachedDevice \Driver\volsnap \Device\HarddiskVolumeShadowCopy8 IRP_MJ_SET_QUOTA [8288BB02] symsnap.sys

Device \Driver\usbuhci \Device\USBPDO-4 IRP_MJ_CREATE 870AE1E8
Device \Driver\usbuhci \Device\USBPDO-4 IRP_MJ_CLOSE 870AE1E8
Device \Driver\usbuhci \Device\USBPDO-4 IRP_MJ_DEVICE_CONTROL 870AE1E8
Device \Driver\usbuhci \Device\USBPDO-4 IRP_MJ_INTERNAL_DEVICE_CONTROL 870AE1E8
Device \Driver\usbuhci \Device\USBPDO-4 IRP_MJ_POWER 870AE1E8
Device \Driver\usbuhci \Device\USBPDO-4 IRP_MJ_SYSTEM_CONTROL 870AE1E8
Device \Driver\usbuhci \Device\USBPDO-4 IRP_MJ_PNP 870AE1E8

AttachedDevice \Driver\volsnap \Device\HarddiskVolumeShadowCopy9 IRP_MJ_CREATE [8288BB02] symsnap.sys
AttachedDevice \Driver\volsnap \Device\HarddiskVolumeShadowCopy9 IRP_MJ_CREATE_NAMED_PIPE [8288BB02] symsnap.sys
AttachedDevice \Driver\volsnap \Device\HarddiskVolumeShadowCopy9 IRP_MJ_CLOSE [8288BB02] symsnap.sys
AttachedDevice \Driver\volsnap \Device\HarddiskVolumeShadowCopy9 IRP_MJ_READ [8288BB02] symsnap.sys
AttachedDevice \Driver\volsnap \Device\HarddiskVolumeShadowCopy9 IRP_MJ_WRITE [8288BB02] symsnap.sys
AttachedDevice \Driver\volsnap \Device\HarddiskVolumeShadowCopy9 IRP_MJ_QUERY_INFORMATION [8288BB02] symsnap.sys
AttachedDevice \Driver\volsnap \Device\HarddiskVolumeShadowCopy9 IRP_MJ_SET_INFORMATION [8288BB02] symsnap.sys
AttachedDevice \Driver\volsnap \Device\HarddiskVolumeShadowCopy9 IRP_MJ_QUERY_EA [8288BB02] symsnap.sys
AttachedDevice \Driver\volsnap \Device\HarddiskVolumeShadowCopy9 IRP_MJ_SET_EA [8288BB02] symsnap.sys
AttachedDevice \Driver\volsnap \Device\HarddiskVolumeShadowCopy9 IRP_MJ_FLUSH_BUFFERS [8288BB02] symsnap.sys
AttachedDevice \Driver\volsnap \Device\HarddiskVolumeShadowCopy9 IRP_MJ_QUERY_VOLUME_INFORMATION [8288BB02] symsnap.sys
AttachedDevice \Driver\volsnap \Device\HarddiskVolumeShadowCopy9 IRP_MJ_SET_VOLUME_INFORMATION [8288BB02] symsnap.sys
AttachedDevice \Driver\volsnap \Device\HarddiskVolumeShadowCopy9 IRP_MJ_DIRECTORY_CONTROL [8288BB02] symsnap.sys
AttachedDevice \Driver\volsnap \Device\HarddiskVolumeShadowCopy9 IRP_MJ_FILE_SYSTEM_CONTROL [8288BB02] symsnap.sys
AttachedDevice \Driver\volsnap \Device\HarddiskVolumeShadowCopy9 IRP_MJ_DEVICE_CONTROL [8288BB02] symsnap.sys
AttachedDevice \Driver\volsnap \Device\HarddiskVolumeShadowCopy9 IRP_MJ_INTERNAL_DEVICE_CONTROL [8288BB02] symsnap.sys
AttachedDevice \Driver\volsnap \Device\HarddiskVolumeShadowCopy9 IRP_MJ_SHUTDOWN [8288BB02] symsnap.sys
AttachedDevice \Driver\volsnap \Device\HarddiskVolumeShadowCopy9 IRP_MJ_LOCK_CONTROL [8288BB02] symsnap.sys
AttachedDevice \Driver\volsnap \Device\HarddiskVolumeShadowCopy9 IRP_MJ_CLEANUP [8288BB02] symsnap.sys
AttachedDevice \Driver\volsnap \Device\HarddiskVolumeShadowCopy9 IRP_MJ_CREATE_MAILSLOT [8288BB02] symsnap.sys
AttachedDevice \Driver\volsnap \Device\HarddiskVolumeShadowCopy9 IRP_MJ_QUERY_SECURITY [8288BB02] symsnap.sys
AttachedDevice \Driver\volsnap \Device\HarddiskVolumeShadowCopy9 IRP_MJ_SET_SECURITY [8288BB02] symsnap.sys
AttachedDevice \Driver\volsnap \Device\HarddiskVolumeShadowCopy9 IRP_MJ_POWER [8288BB02] symsnap.sys
AttachedDevice \Driver\volsnap \Device\HarddiskVolumeShadowCopy9 IRP_MJ_SYSTEM_CONTROL [8288BB02] symsnap.sys
AttachedDevice \Driver\volsnap \Device\HarddiskVolumeShadowCopy9 IRP_MJ_DEVICE_CHANGE [8288BB02] symsnap.sys
AttachedDevice \Driver\volsnap \Device\HarddiskVolumeShadowCopy9 IRP_MJ_QUERY_QUOTA [8288BB02] symsnap.sys
AttachedDevice \Driver\volsnap \Device\HarddiskVolumeShadowCopy9 IRP_MJ_SET_QUOTA [8288BB02] symsnap.sys
AttachedDevice \Driver\tdx \Device\Tcp IRP_MJ_CREATE [8D4251D0] SYMTDI.SYS
AttachedDevice \Driver\tdx \Device\Tcp IRP_MJ_CREATE_NAMED_PIPE [8D4251D0] SYMTDI.SYS
AttachedDevice \Driver\tdx \Device\Tcp IRP_MJ_CLOSE [8D4251D0] SYMTDI.SYS
AttachedDevice \Driver\tdx \Device\Tcp IRP_MJ_READ [8D4251D0] SYMTDI.SYS
AttachedDevice \Driver\tdx \Device\Tcp IRP_MJ_WRITE [8D4251D0] SYMTDI.SYS
AttachedDevice \Driver\tdx \Device\Tcp IRP_MJ_QUERY_INFORMATION [8D4251D0] SYMTDI.SYS
AttachedDevice \Driver\tdx \Device\Tcp IRP_MJ_SET_INFORMATION [8D4251D0] SYMTDI.SYS
AttachedDevice \Driver\tdx \Device\Tcp IRP_MJ_QUERY_EA [8D4251D0] SYMTDI.SYS
AttachedDevice \Driver\tdx \Device\Tcp IRP_MJ_SET_EA [8D4251D0] SYMTDI.SYS
AttachedDevice \Driver\tdx \Device\Tcp IRP_MJ_FLUSH_BUFFERS [8D4251D0] SYMTDI.SYS
AttachedDevice \Driver\tdx \Device\Tcp IRP_MJ_QUERY_VOLUME_INFORMATION [8D4251D0] SYMTDI.SYS
AttachedDevice \Driver\tdx \Device\Tcp IRP_MJ_SET_VOLUME_INFORMATION [8D4251D0] SYMTDI.SYS
AttachedDevice \Driver\tdx \Device\Tcp IRP_MJ_DIRECTORY_CONTROL [8D4251D0] SYMTDI.SYS
AttachedDevice \Driver\tdx \Device\Tcp IRP_MJ_FILE_SYSTEM_CONTROL [8D4251D0] SYMTDI.SYS
AttachedDevice \Driver\tdx \Device\Tcp IRP_MJ_DEVICE_CONTROL [8D4251D0] SYMTDI.SYS
AttachedDevice \Driver\tdx \Device\Tcp IRP_MJ_INTERNAL_DEVICE_CONTROL [8D4251D0] SYMTDI.SYS
AttachedDevice \Driver\tdx \Device\Tcp IRP_MJ_SHUTDOWN [8D4251D0] SYMTDI.SYS
AttachedDevice \Driver\tdx \Device\Tcp IRP_MJ_LOCK_CONTROL [8D4251D0] SYMTDI.SYS
AttachedDevice \Driver\tdx \Device\Tcp IRP_MJ_CLEANUP [8D4251D0] SYMTDI.SYS
AttachedDevice \Driver\tdx \Device\Tcp IRP_MJ_CREATE_MAILSLOT [8D4251D0] SYMTDI.SYS
AttachedDevice \Driver\tdx \Device\Tcp IRP_MJ_QUERY_SECURITY [8D4251D0] SYMTDI.SYS
AttachedDevice \Driver\tdx \Device\Tcp IRP_MJ_SET_SECURITY [8D4251D0] SYMTDI.SYS
AttachedDevice \Driver\tdx \Device\Tcp IRP_MJ_POWER [8D4251D0] SYMTDI.SYS
AttachedDevice \Driver\tdx \Device\Tcp IRP_MJ_SYSTEM_CONTROL [8D4251D0] SYMTDI.SYS
AttachedDevice \Driver\tdx \Device\Tcp IRP_MJ_DEVICE_CHANGE [8D4251D0] SYMTDI.SYS
AttachedDevice \Driver\tdx \Device\Tcp IRP_MJ_QUERY_QUOTA [8D4251D0] SYMTDI.SYS
AttachedDevice \Driver\tdx \Device\Tcp IRP_MJ_SET_QUOTA [8D4251D0] SYMTDI.SYS

Device \Driver\usbuhci \Device\USBPDO-5 IRP_MJ_CREATE 870AE1E8
Device \Driver\usbuhci \Device\USBPDO-5 IRP_MJ_CLOSE 870AE1E8
Device \Driver\usbuhci \Device\USBPDO-5 IRP_MJ_DEVICE_CONTROL 870AE1E8
Device \Driver\usbuhci \Device\USBPDO-5 IRP_MJ_INTERNAL_DEVICE_CONTROL 870AE1E8
Device \Driver\usbuhci \Device\USBPDO-5 IRP_MJ_POWER 870AE1E8
Device \Driver\usbuhci \Device\USBPDO-5 IRP_MJ_SYSTEM_CONTROL 870AE1E8
Device \Driver\usbuhci \Device\USBPDO-5 IRP_MJ_PNP 870AE1E8
Device \Driver\usbehci \Device\USBPDO-6 IRP_MJ_CREATE 870727A0
Device \Driver\usbehci \Device\USBPDO-6 IRP_MJ_CLOSE 870727A0
Device \Driver\usbehci \Device\USBPDO-6 IRP_MJ_DEVICE_CONTROL 870727A0
Device \Driver\usbehci \Device\USBPDO-6 IRP_MJ_INTERNAL_DEVICE_CONTROL 870727A0
Device \Driver\usbehci \Device\USBPDO-6 IRP_MJ_POWER 870727A0
Device \Driver\usbehci \Device\USBPDO-6 IRP_MJ_SYSTEM_CONTROL 870727A0
Device \Driver\usbehci \Device\USBPDO-6 IRP_MJ_PNP 870727A0
Device \Driver\volmgr \Device\HarddiskVolume1 IRP_MJ_CREATE 84A531E8
Device \Driver\volmgr \Device\HarddiskVolume1 IRP_MJ_READ 84A531E8
Device \Driver\volmgr \Device\HarddiskVolume1 IRP_MJ_WRITE 84A531E8
Device \Driver\volmgr \Device\HarddiskVolume1 IRP_MJ_FLUSH_BUFFERS 84A531E8
Device \Driver\volmgr \Device\HarddiskVolume1 IRP_MJ_DEVICE_CONTROL 84A531E8
Device \Driver\volmgr \Device\HarddiskVolume1 IRP_MJ_INTERNAL_DEVICE_CONTROL 84A531E8
Device \Driver\volmgr \Device\HarddiskVolume1 IRP_MJ_SHUTDOWN 84A531E8
Device \Driver\volmgr \Device\HarddiskVolume1 IRP_MJ_CLEANUP 84A531E8
Device \Driver\volmgr \Device\HarddiskVolume1 IRP_MJ_POWER 84A531E8
Device \Driver\volmgr \Device\HarddiskVolume1 IRP_MJ_SYSTEM_CONTROL 84A531E8
Device \Driver\volmgr \Device\HarddiskVolume1 IRP_MJ_PNP 84A531E8
Device \Driver\volmgr \Device\HarddiskVolume2 IRP_MJ_CREATE 84A531E8
Device \Driver\volmgr \Device\HarddiskVolume2 IRP_MJ_READ 84A531E8
Device \Driver\volmgr \Device\HarddiskVolume2 IRP_MJ_WRITE 84A531E8
Device \Driver\volmgr \Device\HarddiskVolume2 IRP_MJ_FLUSH_BUFFERS 84A531E8
Device \Driver\volmgr \Device\HarddiskVolume2 IRP_MJ_DEVICE_CONTROL 84A531E8
Device \Driver\volmgr \Device\HarddiskVolume2 IRP_MJ_INTERNAL_DEVICE_CONTROL 84A531E8

Hannibal252

04.11.2007 19:56

Device \Driver\volmgr \Device\HarddiskVolume2 IRP_MJ_SHUTDOWN 84A531E8
Device \Driver\volmgr \Device\HarddiskVolume2 IRP_MJ_CLEANUP 84A531E8
Device \Driver\volmgr \Device\HarddiskVolume2 IRP_MJ_POWER 84A531E8
Device \Driver\volmgr \Device\HarddiskVolume2 IRP_MJ_SYSTEM_CONTROL 84A531E8
Device \Driver\volmgr \Device\HarddiskVolume2 IRP_MJ_PNP 84A531E8
Device \Driver\cdrom \Device\CdRom0 IRP_MJ_CREATE 871DB1E8
Device \Driver\cdrom \Device\CdRom0 IRP_MJ_CLOSE 871DB1E8
Device \Driver\cdrom \Device\CdRom0 IRP_MJ_READ 871DB1E8
Device \Driver\cdrom \Device\CdRom0 IRP_MJ_WRITE 871DB1E8
Device \Driver\cdrom \Device\CdRom0 IRP_MJ_FLUSH_BUFFERS 871DB1E8
Device \Driver\cdrom \Device\CdRom0 IRP_MJ_DEVICE_CONTROL 871DB1E8
Device \Driver\cdrom \Device\CdRom0 IRP_MJ_INTERNAL_DEVICE_CONTROL 871DB1E8
Device \Driver\cdrom \Device\CdRom0 IRP_MJ_SHUTDOWN 871DB1E8
Device \Driver\cdrom \Device\CdRom0 IRP_MJ_POWER 871DB1E8
Device \Driver\cdrom \Device\CdRom0 IRP_MJ_SYSTEM_CONTROL 871DB1E8
Device \Driver\cdrom \Device\CdRom0 IRP_MJ_PNP 871DB1E8
Device \Driver\volmgr \Device\HarddiskVolume3 IRP_MJ_CREATE 84A531E8
Device \Driver\volmgr \Device\HarddiskVolume3 IRP_MJ_READ 84A531E8
Device \Driver\volmgr \Device\HarddiskVolume3 IRP_MJ_WRITE 84A531E8
Device \Driver\volmgr \Device\HarddiskVolume3 IRP_MJ_FLUSH_BUFFERS 84A531E8
Device \Driver\volmgr \Device\HarddiskVolume3 IRP_MJ_DEVICE_CONTROL 84A531E8
Device \Driver\volmgr \Device\HarddiskVolume3 IRP_MJ_INTERNAL_DEVICE_CONTROL 84A531E8
Device \Driver\volmgr \Device\HarddiskVolume3 IRP_MJ_SHUTDOWN 84A531E8
Device \Driver\volmgr \Device\HarddiskVolume3 IRP_MJ_CLEANUP 84A531E8
Device \Driver\volmgr \Device\HarddiskVolume3 IRP_MJ_POWER 84A531E8
Device \Driver\volmgr \Device\HarddiskVolume3 IRP_MJ_SYSTEM_CONTROL 84A531E8
Device \Driver\volmgr \Device\HarddiskVolume3 IRP_MJ_PNP 84A531E8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-0 IRP_MJ_CREATE 84A571E8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-0 IRP_MJ_CLOSE 84A571E8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-0 IRP_MJ_DEVICE_CONTROL 84A571E8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-0 IRP_MJ_INTERNAL_DEVICE_CONTROL 84A571E8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-0 IRP_MJ_POWER 84A571E8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-0 IRP_MJ_SYSTEM_CONTROL 84A571E8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-0 IRP_MJ_PNP 84A571E8
Device \Driver\iaStor \Device\Ide\iaStor0 IRP_MJ_CREATE 84A561E8
Device \Driver\iaStor \Device\Ide\iaStor0 IRP_MJ_CLOSE 84A561E8
Device \Driver\iaStor \Device\Ide\iaStor0 IRP_MJ_DEVICE_CONTROL 84A561E8
Device \Driver\iaStor \Device\Ide\iaStor0 IRP_MJ_INTERNAL_DEVICE_CONTROL 84A561E8
Device \Driver\iaStor \Device\Ide\iaStor0 IRP_MJ_POWER 84A561E8
Device \Driver\iaStor \Device\Ide\iaStor0 IRP_MJ_SYSTEM_CONTROL 84A561E8
Device \Driver\iaStor \Device\Ide\iaStor0 IRP_MJ_PNP 84A561E8
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_CREATE 84A571E8
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_CLOSE 84A571E8
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_DEVICE_CONTROL 84A571E8
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_INTERNAL_DEVICE_CONTROL 84A571E8
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_POWER 84A571E8
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_SYSTEM_CONTROL 84A571E8
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_PNP 84A571E8
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_CREATE 84A571E8
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_CLOSE 84A571E8
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_DEVICE_CONTROL 84A571E8
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_INTERNAL_DEVICE_CONTROL 84A571E8
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_POWER 84A571E8
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_SYSTEM_CONTROL 84A571E8
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_PNP 84A571E8
Device \Driver\iaStor \Device\Ide\IAAStorageDevice-0 IRP_MJ_CREATE 84A561E8
Device \Driver\iaStor \Device\Ide\IAAStorageDevice-0 IRP_MJ_CLOSE 84A561E8
Device \Driver\iaStor \Device\Ide\IAAStorageDevice-0 IRP_MJ_DEVICE_CONTROL 84A561E8
Device \Driver\iaStor \Device\Ide\IAAStorageDevice-0 IRP_MJ_INTERNAL_DEVICE_CONTROL 84A561E8
Device \Driver\iaStor \Device\Ide\IAAStorageDevice-0 IRP_MJ_POWER 84A561E8
Device \Driver\iaStor \Device\Ide\IAAStorageDevice-0 IRP_MJ_SYSTEM_CONTROL 84A561E8
Device \Driver\iaStor \Device\Ide\IAAStorageDevice-0 IRP_MJ_PNP 84A561E8
Device \Driver\volmgr \Device\HarddiskVolume4 IRP_MJ_CREATE 84A531E8
Device \Driver\volmgr \Device\HarddiskVolume4 IRP_MJ_READ 84A531E8
Device \Driver\volmgr \Device\HarddiskVolume4 IRP_MJ_WRITE 84A531E8
Device \Driver\volmgr \Device\HarddiskVolume4 IRP_MJ_FLUSH_BUFFERS 84A531E8
Device \Driver\volmgr \Device\HarddiskVolume4 IRP_MJ_DEVICE_CONTROL 84A531E8
Device \Driver\volmgr \Device\HarddiskVolume4 IRP_MJ_INTERNAL_DEVICE_CONTROL 84A531E8
Device \Driver\volmgr \Device\HarddiskVolume4 IRP_MJ_SHUTDOWN 84A531E8
Device \Driver\volmgr \Device\HarddiskVolume4 IRP_MJ_CLEANUP 84A531E8
Device \Driver\volmgr \Device\HarddiskVolume4 IRP_MJ_POWER 84A531E8
Device \Driver\volmgr \Device\HarddiskVolume4 IRP_MJ_SYSTEM_CONTROL 84A531E8
Device \Driver\volmgr \Device\HarddiskVolume4 IRP_MJ_PNP 84A531E8

AttachedDevice \Driver\volsnap \Device\HarddiskVolumeShadowCopy10 IRP_MJ_CREATE [8288BB02] symsnap.sys
AttachedDevice \Driver\volsnap \Device\HarddiskVolumeShadowCopy10 IRP_MJ_CREATE_NAMED_PIPE [8288BB02] symsnap.sys
AttachedDevice \Driver\volsnap \Device\HarddiskVolumeShadowCopy10 IRP_MJ_CLOSE [8288BB02] symsnap.sys
AttachedDevice \Driver\volsnap \Device\HarddiskVolumeShadowCopy10 IRP_MJ_READ [8288BB02] symsnap.sys
AttachedDevice \Driver\volsnap \Device\HarddiskVolumeShadowCopy10 IRP_MJ_WRITE [8288BB02] symsnap.sys
AttachedDevice \Driver\volsnap \Device\HarddiskVolumeShadowCopy10 IRP_MJ_QUERY_INFORMATION [8288BB02] symsnap.sys
AttachedDevice \Driver\volsnap \Device\HarddiskVolumeShadowCopy10 IRP_MJ_SET_INFORMATION [8288BB02] symsnap.sys
AttachedDevice \Driver\volsnap \Device\HarddiskVolumeShadowCopy10 IRP_MJ_QUERY_EA [8288BB02] symsnap.sys
AttachedDevice \Driver\volsnap \Device\HarddiskVolumeShadowCopy10 IRP_MJ_SET_EA [8288BB02] symsnap.sys
AttachedDevice \Driver\volsnap \Device\HarddiskVolumeShadowCopy10 IRP_MJ_FLUSH_BUFFERS [8288BB02] symsnap.sys
AttachedDevice \Driver\volsnap \Device\HarddiskVolumeShadowCopy10 IRP_MJ_QUERY_VOLUME_INFORMATION [8288BB02] symsnap.sys
AttachedDevice \Driver\volsnap \Device\HarddiskVolumeShadowCopy10 IRP_MJ_SET_VOLUME_INFORMATION [8288BB02] symsnap.sys
AttachedDevice \Driver\volsnap \Device\HarddiskVolumeShadowCopy10 IRP_MJ_DIRECTORY_CONTROL [8288BB02] symsnap.sys
AttachedDevice \Driver\volsnap \Device\HarddiskVolumeShadowCopy10 IRP_MJ_FILE_SYSTEM_CONTROL [8288BB02] symsnap.sys
AttachedDevice \Driver\volsnap \Device\HarddiskVolumeShadowCopy10 IRP_MJ_DEVICE_CONTROL [8288BB02] symsnap.sys
AttachedDevice \Driver\volsnap \Device\HarddiskVolumeShadowCopy10 IRP_MJ_INTERNAL_DEVICE_CONTROL [8288BB02] symsnap.sys
AttachedDevice \Driver\volsnap \Device\HarddiskVolumeShadowCopy10 IRP_MJ_SHUTDOWN [8288BB02] symsnap.sys
AttachedDevice \Driver\volsnap \Device\HarddiskVolumeShadowCopy10 IRP_MJ_LOCK_CONTROL [8288BB02] symsnap.sys
AttachedDevice \Driver\volsnap \Device\HarddiskVolumeShadowCopy10 IRP_MJ_CLEANUP [8288BB02] symsnap.sys
AttachedDevice \Driver\volsnap \Device\HarddiskVolumeShadowCopy10 IRP_MJ_CREATE_MAILSLOT [8288BB02] symsnap.sys
AttachedDevice \Driver\volsnap \Device\HarddiskVolumeShadowCopy10 IRP_MJ_QUERY_SECURITY [8288BB02] symsnap.sys
AttachedDevice \Driver\volsnap \Device\HarddiskVolumeShadowCopy10 IRP_MJ_SET_SECURITY [8288BB02] symsnap.sys
AttachedDevice \Driver\volsnap \Device\HarddiskVolumeShadowCopy10 IRP_MJ_POWER [8288BB02] symsnap.sys
AttachedDevice \Driver\volsnap \Device\HarddiskVolumeShadowCopy10 IRP_MJ_SYSTEM_CONTROL [8288BB02] symsnap.sys
AttachedDevice \Driver\volsnap \Device\HarddiskVolumeShadowCopy10 IRP_MJ_DEVICE_CHANGE [8288BB02] symsnap.sys
AttachedDevice \Driver\volsnap \Device\HarddiskVolumeShadowCopy10 IRP_MJ_QUERY_QUOTA [8288BB02] symsnap.sys
AttachedDevice \Driver\volsnap \Device\HarddiskVolumeShadowCopy10 IRP_MJ_SET_QUOTA [8288BB02] symsnap.sys

Device \Driver\netbt \Device\NetBt_Wins_Export IRP_MJ_CREATE 887C31E8
Device \Driver\netbt \Device\NetBt_Wins_Export IRP_MJ_CLOSE 887C31E8
Device \Driver\netbt \Device\NetBt_Wins_Export IRP_MJ_DEVICE_CONTROL 887C31E8
Device \Driver\netbt \Device\NetBt_Wins_Export IRP_MJ_INTERNAL_DEVICE_CONTROL 887C31E8
Device \Driver\netbt \Device\NetBt_Wins_Export IRP_MJ_CLEANUP 887C31E8
Device \Driver\netbt \Device\NetBt_Wins_Export IRP_MJ_PNP 887C31E8
Device \Driver\netbt \Device\NetBT_Tcpip_{920B322A-E7C9-4528-9995-B0F9EABDB1CD} IRP_MJ_CREATE 887C31E8
Device \Driver\netbt \Device\NetBT_Tcpip_{920B322A-E7C9-4528-9995-B0F9EABDB1CD} IRP_MJ_CLOSE 887C31E8
Device \Driver\netbt \Device\NetBT_Tcpip_{920B322A-E7C9-4528-9995-B0F9EABDB1CD} IRP_MJ_DEVICE_CONTROL 887C31E8
Device \Driver\netbt \Device\NetBT_Tcpip_{920B322A-E7C9-4528-9995-B0F9EABDB1CD} IRP_MJ_INTERNAL_DEVICE_CONTROL 887C31E8
Device \Driver\netbt \Device\NetBT_Tcpip_{920B322A-E7C9-4528-9995-B0F9EABDB1CD} IRP_MJ_CLEANUP 887C31E8
Device \Driver\netbt \Device\NetBT_Tcpip_{920B322A-E7C9-4528-9995-B0F9EABDB1CD} IRP_MJ_PNP 887C31E8
Device \Driver\iScsiPrt \Device\RaidPort0 IRP_MJ_CREATE 871741E8
Device \Driver\iScsiPrt \Device\RaidPort0 IRP_MJ_CLOSE 871741E8
Device \Driver\iScsiPrt \Device\RaidPort0 IRP_MJ_DEVICE_CONTROL 871741E8
Device \Driver\iScsiPrt \Device\RaidPort0 IRP_MJ_INTERNAL_DEVICE_CONTROL 871741E8
Device \Driver\iScsiPrt \Device\RaidPort0 IRP_MJ_POWER 871741E8
Device \Driver\iScsiPrt \Device\RaidPort0 IRP_MJ_SYSTEM_CONTROL 871741E8
Device \Driver\iScsiPrt \Device\RaidPort0 IRP_MJ_PNP 871741E8

AttachedDevice \Driver\tdx \Device\Udp IRP_MJ_CREATE [8D4251D0] SYMTDI.SYS
AttachedDevice \Driver\tdx \Device\Udp IRP_MJ_CREATE_NAMED_PIPE [8D4251D0] SYMTDI.SYS
AttachedDevice \Driver\tdx \Device\Udp IRP_MJ_CLOSE [8D4251D0] SYMTDI.SYS
AttachedDevice \Driver\tdx \Device\Udp IRP_MJ_READ [8D4251D0] SYMTDI.SYS
AttachedDevice \Driver\tdx \Device\Udp IRP_MJ_WRITE [8D4251D0] SYMTDI.SYS
AttachedDevice \Driver\tdx \Device\Udp IRP_MJ_QUERY_INFORMATION [8D4251D0] SYMTDI.SYS
AttachedDevice \Driver\tdx \Device\Udp IRP_MJ_SET_INFORMATION [8D4251D0] SYMTDI.SYS
AttachedDevice \Driver\tdx \Device\Udp IRP_MJ_QUERY_EA [8D4251D0] SYMTDI.SYS
AttachedDevice \Driver\tdx \Device\Udp IRP_MJ_SET_EA [8D4251D0] SYMTDI.SYS
AttachedDevice \Driver\tdx \Device\Udp IRP_MJ_FLUSH_BUFFERS [8D4251D0] SYMTDI.SYS
AttachedDevice \Driver\tdx \Device\Udp IRP_MJ_QUERY_VOLUME_INFORMATION [8D4251D0] SYMTDI.SYS
AttachedDevice \Driver\tdx \Device\Udp IRP_MJ_SET_VOLUME_INFORMATION [8D4251D0] SYMTDI.SYS
AttachedDevice \Driver\tdx \Device\Udp IRP_MJ_DIRECTORY_CONTROL [8D4251D0] SYMTDI.SYS
AttachedDevice \Driver\tdx \Device\Udp IRP_MJ_FILE_SYSTEM_CONTROL [8D4251D0] SYMTDI.SYS
AttachedDevice \Driver\tdx \Device\Udp IRP_MJ_DEVICE_CONTROL [8D4251D0] SYMTDI.SYS
AttachedDevice \Driver\tdx \Device\Udp IRP_MJ_INTERNAL_DEVICE_CONTROL [8D4251D0] SYMTDI.SYS
AttachedDevice \Driver\tdx \Device\Udp IRP_MJ_SHUTDOWN [8D4251D0] SYMTDI.SYS

Hannibal252

04.11.2007 19:57

So das is der letze Teil.

AttachedDevice \Driver\tdx \Device\Udp IRP_MJ_LOCK_CONTROL [8D4251D0] SYMTDI.SYS
AttachedDevice \Driver\tdx \Device\Udp IRP_MJ_CLEANUP [8D4251D0] SYMTDI.SYS
AttachedDevice \Driver\tdx \Device\Udp IRP_MJ_CREATE_MAILSLOT [8D4251D0] SYMTDI.SYS
AttachedDevice \Driver\tdx \Device\Udp IRP_MJ_QUERY_SECURITY [8D4251D0] SYMTDI.SYS
AttachedDevice \Driver\tdx \Device\Udp IRP_MJ_SET_SECURITY [8D4251D0] SYMTDI.SYS
AttachedDevice \Driver\tdx \Device\Udp IRP_MJ_POWER [8D4251D0] SYMTDI.SYS
AttachedDevice \Driver\tdx \Device\Udp IRP_MJ_SYSTEM_CONTROL [8D4251D0] SYMTDI.SYS
AttachedDevice \Driver\tdx \Device\Udp IRP_MJ_DEVICE_CHANGE [8D4251D0] SYMTDI.SYS
AttachedDevice \Driver\tdx \Device\Udp IRP_MJ_QUERY_QUOTA [8D4251D0] SYMTDI.SYS
AttachedDevice \Driver\tdx \Device\Udp IRP_MJ_SET_QUOTA [8D4251D0] SYMTDI.SYS

Device \Driver\usbuhci \Device\USBFDO-0 IRP_MJ_CREATE 870AE1E8
Device \Driver\usbuhci \Device\USBFDO-0 IRP_MJ_CLOSE 870AE1E8
Device \Driver\usbuhci \Device\USBFDO-0 IRP_MJ_DEVICE_CONTROL 870AE1E8
Device \Driver\usbuhci \Device\USBFDO-0 IRP_MJ_INTERNAL_DEVICE_CONTROL 870AE1E8
Device \Driver\usbuhci \Device\USBFDO-0 IRP_MJ_POWER 870AE1E8
Device \Driver\usbuhci \Device\USBFDO-0 IRP_MJ_SYSTEM_CONTROL 870AE1E8
Device \Driver\usbuhci \Device\USBFDO-0 IRP_MJ_PNP 870AE1E8
Device \Driver\netbt \Device\NetBT_Tcpip_{031ECDCD-A5F4-4794-9D2F-271ADE06D3F4} IRP_MJ_CREATE 887C31E8
Device \Driver\netbt \Device\NetBT_Tcpip_{031ECDCD-A5F4-4794-9D2F-271ADE06D3F4} IRP_MJ_CLOSE 887C31E8
Device \Driver\netbt \Device\NetBT_Tcpip_{031ECDCD-A5F4-4794-9D2F-271ADE06D3F4} IRP_MJ_DEVICE_CONTROL 887C31E8
Device \Driver\netbt \Device\NetBT_Tcpip_{031ECDCD-A5F4-4794-9D2F-271ADE06D3F4} IRP_MJ_INTERNAL_DEVICE_CONTROL 887C31E8
Device \Driver\netbt \Device\NetBT_Tcpip_{031ECDCD-A5F4-4794-9D2F-271ADE06D3F4} IRP_MJ_CLEANUP 887C31E8
Device \Driver\netbt \Device\NetBT_Tcpip_{031ECDCD-A5F4-4794-9D2F-271ADE06D3F4} IRP_MJ_PNP 887C31E8
Device \Driver\usbuhci \Device\USBFDO-1 IRP_MJ_CREATE 870AE1E8
Device \Driver\usbuhci \Device\USBFDO-1 IRP_MJ_CLOSE 870AE1E8
Device \Driver\usbuhci \Device\USBFDO-1 IRP_MJ_DEVICE_CONTROL 870AE1E8
Device \Driver\usbuhci \Device\USBFDO-1 IRP_MJ_INTERNAL_DEVICE_CONTROL 870AE1E8
Device \Driver\usbuhci \Device\USBFDO-1 IRP_MJ_POWER 870AE1E8
Device \Driver\usbuhci \Device\USBFDO-1 IRP_MJ_SYSTEM_CONTROL 870AE1E8
Device \Driver\usbuhci \Device\USBFDO-1 IRP_MJ_PNP 870AE1E8
Device \Driver\usbehci \Device\USBFDO-2 IRP_MJ_CREATE 870727A0
Device \Driver\usbehci \Device\USBFDO-2 IRP_MJ_CLOSE 870727A0
Device \Driver\usbehci \Device\USBFDO-2 IRP_MJ_DEVICE_CONTROL 870727A0
Device \Driver\usbehci \Device\USBFDO-2 IRP_MJ_INTERNAL_DEVICE_CONTROL 870727A0
Device \Driver\usbehci \Device\USBFDO-2 IRP_MJ_POWER 870727A0
Device \Driver\usbehci \Device\USBFDO-2 IRP_MJ_SYSTEM_CONTROL 870727A0
Device \Driver\usbehci \Device\USBFDO-2 IRP_MJ_PNP 870727A0
Device \Driver\usbuhci \Device\USBFDO-3 IRP_MJ_CREATE 870AE1E8
Device \Driver\usbuhci \Device\USBFDO-3 IRP_MJ_CLOSE 870AE1E8
Device \Driver\usbuhci \Device\USBFDO-3 IRP_MJ_DEVICE_CONTROL 870AE1E8
Device \Driver\usbuhci \Device\USBFDO-3 IRP_MJ_INTERNAL_DEVICE_CONTROL 870AE1E8
Device \Driver\usbuhci \Device\USBFDO-3 IRP_MJ_POWER 870AE1E8
Device \Driver\usbuhci \Device\USBFDO-3 IRP_MJ_SYSTEM_CONTROL 870AE1E8
Device \Driver\usbuhci \Device\USBFDO-3 IRP_MJ_PNP 870AE1E8
Device \Driver\usbuhci \Device\USBFDO-4 IRP_MJ_CREATE 870AE1E8
Device \Driver\usbuhci \Device\USBFDO-4 IRP_MJ_CLOSE 870AE1E8
Device \Driver\usbuhci \Device\USBFDO-4 IRP_MJ_DEVICE_CONTROL 870AE1E8
Device \Driver\usbuhci \Device\USBFDO-4 IRP_MJ_INTERNAL_DEVICE_CONTROL 870AE1E8
Device \Driver\usbuhci \Device\USBFDO-4 IRP_MJ_POWER 870AE1E8
Device \Driver\usbuhci \Device\USBFDO-4 IRP_MJ_SYSTEM_CONTROL 870AE1E8
Device \Driver\usbuhci \Device\USBFDO-4 IRP_MJ_PNP 870AE1E8
Device \Driver\usbuhci \Device\USBFDO-5 IRP_MJ_CREATE 870AE1E8
Device \Driver\usbuhci \Device\USBFDO-5 IRP_MJ_CLOSE 870AE1E8
Device \Driver\usbuhci \Device\USBFDO-5 IRP_MJ_DEVICE_CONTROL 870AE1E8
Device \Driver\usbuhci \Device\USBFDO-5 IRP_MJ_INTERNAL_DEVICE_CONTROL 870AE1E8
Device \Driver\usbuhci \Device\USBFDO-5 IRP_MJ_POWER 870AE1E8
Device \Driver\usbuhci \Device\USBFDO-5 IRP_MJ_SYSTEM_CONTROL 870AE1E8
Device \Driver\usbuhci \Device\USBFDO-5 IRP_MJ_PNP 870AE1E8
Device \Driver\usbehci \Device\USBFDO-6 IRP_MJ_CREATE 870727A0
Device \Driver\usbehci \Device\USBFDO-6 IRP_MJ_CLOSE 870727A0
Device \Driver\usbehci \Device\USBFDO-6 IRP_MJ_DEVICE_CONTROL 870727A0
Device \Driver\usbehci \Device\USBFDO-6 IRP_MJ_INTERNAL_DEVICE_CONTROL 870727A0
Device \Driver\usbehci \Device\USBFDO-6 IRP_MJ_POWER 870727A0
Device \Driver\usbehci \Device\USBFDO-6 IRP_MJ_SYSTEM_CONTROL 870727A0
Device \Driver\usbehci \Device\USBFDO-6 IRP_MJ_PNP 870727A0

---- EOF - GMER 1.0.13 ----

Sunny

04.11.2007 20:24

Hannibal, seit wann tritt denn das Problem auf mit den falschen Links bei Google?

Ich habe nun in 2 anderen Foren "Kollegen" um Rat gebeten, keiner konnte mir genaueres zu deinem Problem sagen bzw. helfen! :schmoll:

Es gibt die Möglichkeit einer Systemwiederherstellung, d.h. dein System sieht dann so aus wie es an diesem Tag (automatisch!) abgesichert wurde.
Somit würde dein Problem eventuell gelöst werden.

Hannibal252

04.11.2007 20:41

Zitat:

Zitat von [Gc]Sunny (Beitrag 303152)

Hannibal, seit wann tritt denn das Problem auf mit den falschen Links bei Google?

welche falschen Links bei Google ? oO

Ich habe gerade n HiJackthis für Vista gefunden. Könnte das mein Problem lösen ?

Sunny

04.11.2007 20:52

Zitat:

Zitat von Hannibal252 (Beitrag 303156)

welche falschen Links bei Google ? oO

Sorry, falscher Thread!

Zitat:

Ich habe gerade n HiJackthis für Vista gefunden. Könnte das mein Problem lösen ?

Du meinst sicherlich die Version 2.0.2... versuch es mal ... ;)
Jedoch wird diese auch die DNS-Umleitung erkennen.
Und leider auch nicht bereinigen/entfernen. :schmoll:

Hannibal252

04.11.2007 20:57

da steht das ich das manuell entfernen muss. Dazu soll ich in Notepad C:\Windows\System32\drivers\etc\hosts öffnen und die linien finden die Hijackthis mir angegeben hat und diese löschen.

Sunny

04.11.2007 20:59

Zitat:

Zitat von Hannibal252 (Beitrag 303161)

da steht das ich das manuell entfernen muss. Dazu soll ich in Notepad C:\Windows\System32\drivers\etc\hosts öffnen und die linien finden die Hijackthis mir angegeben hat und diese löschen.

Mach das mal bitte, in der hosts Datei werden diese Daten immer gespeichert:

es darf unter dem Beispiel Text nur das stehen:

Zitat:

127.0.0.1 localhost

Hannibal252

04.11.2007 21:04

bei mir steht folgendes unter dem beispieltext:

127.0.0.1 localhost
::1 localhost

Wenn ich die untere Zele lösche und neu speichern will meint der PC aber dass die datei nicht gespeichert werden kann. Ich soll dateipfad und namen überprüfen -.-

Sunny

04.11.2007 21:09

Zitat:

Zitat von Hannibal252 (Beitrag 303166)

Also bei allen XP-Windows-Versionen steht nur der erste Eintrag drinnen, was der 2.te zu bedeuten hat kann ich dir leider nicht sagen. :mad:
Wichtig ist eigentlich nur das dort nichts mit 85.255.x.x steht!

Ansonsten versuch mal eine Systemwiederherstellung, das wäre das einzige was mir dazu jetzt noch einfällt.
Fakt ist: Die DNS-Umleitung muss raus, deine Verbindung wird so abgefangen und (eventuell!) missbraucht, und die gesamte Geschwindigkeit nimmt auch mit der Zeit ab.

Hannibal252

04.11.2007 21:12

Dann bleibt wohl oder übel keine andere Möglichkeit.
Trotzdem danke die Hilfe hier ist wirklich gut. Dafür hast du n dickes Lob verdient ;)
mfg Hannibal

PS ich melde mich nach der Systemwiederherstellung wieder.

Hannibal252

04.11.2007 22:49

Systemwiederhergestellt:

Hier nochmal ne Logdatei.
Jetzt muss es doch weg sein xD Oder ?

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:46:09, on 04.11.2007
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16386)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\conime.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\sony\VAIO Camera Utility\VCUServe.exe
C:\Program Files\sony\ISB Utility\ISBMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Apoint\ApMsgFwd.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\wuauclt.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.club-vaio.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.club-vaio.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\NppBho.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\PROGRA~1\GOOGLE~1\BAE.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\UIBHO.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [VAIOCameraUtility] "C:\Program Files\Sony\VAIO Camera Utility\VCUServe.exe"
O4 - HKLM\..\Run: [ISBMgr.exe] "C:\Program Files\Sony\ISB Utility\ISBMgr.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [IS CfgWiz] "C:\Program Files\Common Files\Symantec Shared\OPC\{31011D49-D90C-4da0-878B-78D28AD507AF}\cltUIStb.exe" /MODULE CfgWiz /GUID {BC8D3EAF-F864-4d4b-AB4D-B3D0C32E2840} /MODE CfgWiz /CMDLINE "REBOOT"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"
O4 - HKLM\..\Run: [Norton Save and Restore 2.0] "C:\Program Files\Norton Save and Restore\Agent\VProTray.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETZWERKDIENST')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O23 - Service: Automatisches LiveUpdate - Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Symantec IS Kennwortprüfung (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton Save and Restore - Symantec Corporation - C:\Program Files\Norton Save and Restore\Agent\VProSvc.exe
O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\Windows\system32\stacsv.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: VAIO Entertainment TV Device Arbitration Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe
O23 - Service: VAIO Event Service - Sony Corporation - C:\Program Files\sony\VAIO Event Service\VESMgr.exe
O23 - Service: VAIO Entertainment UPnP Client Adapter (Vcsw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
O23 - Service: VAIO Entertainment Database Service (VzCdbSvc) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
O23 - Service: VAIO Entertainment File Import Service (VzFw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 7542 bytes

Alle Zeitangaben in WEZ +1. Es ist jetzt 13:03 Uhr.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131