Informationsarchiv.net > Foren-Übersicht > Computerprobleme > Online- und PC-Sicherheit
Warum kostenlos registrieren?

Nur als registriertes Mitglied hast Du vollen Zugriff auf alle Funktionen unserer Website. So kannst Du eigene Fragen stellen und hast die volle Übersicht über neue interessante Themen im Forum.
Jetzt kostenlos registrieren.

Login


Virus der von meinem rechner spam mails verschickt???????

Warnungen vor Sicherheitslücken und Hilfe beim Enfernen von Viren, Würmern und Trojanern.
Antwort erstellen

Virus der von meinem rechner spam mails verschickt???????

Beitragvon leute am 01.03.2007, 17:56

hallo zusammen,
hab da ein kleines prob. und zwar hab ich jetzt bereits zwei mal nen brief von meinem provider bekommen, es hätte klagen gegeben, ich würde von meinem pc aus spam mails verschicken. im brief ist dann auch die ip. angegeben unter der die mails verschickt würden.... diese stimmt mit meiner überein.

hab mich dann mit den jungs kurzgeschlossen, diese sagten aber nur, ich soll mal ein antiviren proggi laufen lassen und schauen was gefunden wird.

im brief wird weiter erwähnt, falls sich das prob mit den mails nicht löst würden sie mir den account sperren.

also ich habe seit ca. nem monat antivir immer am laufen. mache alle updates und den task-scan. aber der findet nie was.

gibts da irgend ein progi oder ne möglichkeit wie ich herrausfinden kann was diese spam-mails verschickt?

wäre dankbar um ne antwort.... solange ich noch ins net. kann :oops:

lg leute
leute
 
Beiträge: 12
Registriert: 12.01.2007, 10:41
Nach oben

Beitragvon Fleischer am 01.03.2007, 18:10

Ob du Spammails verschickst, kannst du schnell erkennen, indem du schaust, wieviel Daten du ins Internet schickst.

Das beste Antivirenprogramm nutzt wenig, wenn ein Schädling bereits aktiv ist. Diese Spamtrojaner nutzen häufig Rootkittechniken um sich vor AV Software zu verstecken.

Du könntest hier ein Hijackthis log einstellen und ein Scan mit Blacklight und Gmer machen. Eine Anleitung dazu kannst du hier finden:
http://www.hijackthis-forum.de/showthread.php?t=20219
Fleischer
 
Beiträge: 25
Registriert: 22.10.2004, 19:22
Nach oben

Beitragvon Ariczzz am 01.03.2007, 18:45

hijackthis-download in meiner signatur
Ariczzz
Mitarbeiter
 
Beiträge: 1634
Registriert: 06.09.2006, 16:23
Wohnort: Niederndodeleben
Nach oben

Beitragvon leute am 01.03.2007, 19:11

Logfile of HijackThis v1.99.1
Scan saved at 18:05:53, on 01.03.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Unable to get Internet Explorer version!

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Dokumente und Einstellungen\leute\Desktop\Programme\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hispeed.ch
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.hispeed.ch/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.5.0_11\bin\ssv.dll
O4 - HKLM\..\Run: [Ad Muncher] C:\Programme\Ad Muncher\AdMunch.exe /bt
O4 - HKLM\..\Run: [Verknüpfung mit der High Definition Audio-Eigenschaftenseite] HDAudPropShortcut.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programme\Java\jre1.5.0_11\bin\jusched.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [ATICCC] "C:\Programme\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [eMuleAutoStart] C:\Programme\eMule\emule.exe -AutoStart
O4 - HKCU\..\RunOnce: [MPlayer2_FixUp] C:\WINDOWS\inf\unregmp2.exe /Fixups
O8 - Extra context menu item: Block frame with Ad Muncher - http://www.admuncher.com/request_will_b ... u_ie_frame
O8 - Extra context menu item: Block image with Ad Muncher - http://www.admuncher.com/request_will_b ... u_ie_image
O8 - Extra context menu item: Block link with Ad Muncher - http://www.admuncher.com/request_will_b ... nu_ie_link
O8 - Extra context menu item: Don't filter page with Ad Muncher - http://www.admuncher.com/request_will_b ... ie_exclude
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE12\EXCEL.EXE/3000
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Report page to the Ad Muncher developers - http://www.admuncher.com/request_will_b ... _ie_report
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_11\bin\npjpi150_11.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_11\bin\npjpi150_11.dll
O9 - Extra button: Mobilen Favoriten erstellen - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Programme\Microsoft ActiveSync\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Programme\Microsoft ActiveSync\INetRepl.dll
O9 - Extra 'Tools' menuitem: Mobilen Favoriten erstellen... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Programme\Microsoft ActiveSync\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O15 - Trusted Zone: http://*.shoutcast.com
O15 - Trusted Zone: http://*.winamp.com
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resourc ... oscan8.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 8777491906
O16 - DPF: {9D190AE6-C81E-4039-8061-978EBAD10073} (F-Secure Online Scanner 3.0) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {C81B5180-AFD1-41A3-97E1-99E8D254DB98} (CSS Web Installer Class) - http://www.commandondemand.com/eval/cod/cabs/cssweb.cab
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Help\hxds.dll
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\GEMEIN~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - Winlogon Notify: rpcc - C:\WINDOWS\system32\rpcc.dll
O23 - Service: AntiVir PersonalEdition Classic Planer (AntiVirScheduler) - Avira GmbH - C:\Programme\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - AVIRA GmbH - C:\Programme\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Microsoft authenticate service (MsaSvc) - Unknown owner - C:\WINDOWS\system32\msasvc.exe (file missing)
O23 - Service: ViRobot Expert Monitoring (vrmonsvc) - Unknown owner - C:\Programme\ViRobotXP\vrmonsvc.exe (file missing)




so mal die logfile:
probs bei O23, O23, beide services und O20

kann die aber nicht entfernen mit hijackthis. nach nem neuen scan tauchen die wieder auf.
bin bereits im abgesicherten modus und hab den scan nochmal versucht, konnte sie aber nicht entfernen.

check jetzt mal mit blacklight und gmer.

meld mich wieder


so hier mal gmer:

GMER 1.0.11.11384 - http://www.gmer.net
Rootkit 2007-03-01 18:18:21
Windows 5.1.2600 Service Pack 2


---- System - GMER 1.0.11 ----

SSDT sptd.sys ZwCreateKey
SSDT sptd.sys ZwEnumerateKey
SSDT sptd.sys ZwEnumerateValueKey
SSDT sptd.sys ZwOpenKey
SSDT sptd.sys ZwQueryKey
SSDT sptd.sys ZwQueryValueKey
SSDT sptd.sys ZwSetValueKey

---- Devices - GMER 1.0.11 ----

Device \FileSystem\Ntfs \Ntfs IRP_MJ_CREATE 867CF1D8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_CLOSE 867CF1D8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_READ 867CF1D8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_WRITE 867CF1D8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_INFORMATION 867CF1D8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_SET_INFORMATION 867CF1D8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_EA 867CF1D8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_SET_EA 867CF1D8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_FLUSH_BUFFERS 867CF1D8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_VOLUME_INFORMATION 867CF1D8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_SET_VOLUME_INFORMATION 867CF1D8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_DIRECTORY_CONTROL 867CF1D8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_FILE_SYSTEM_CONTROL 867CF1D8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_DEVICE_CONTROL 867CF1D8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_SHUTDOWN 867CF1D8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_LOCK_CONTROL 867CF1D8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_CLEANUP 867CF1D8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_SECURITY 867CF1D8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_SET_SECURITY 867CF1D8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_QUOTA 867CF1D8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_SET_QUOTA 867CF1D8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_PNP 867CF1D8
Device \Driver\NetBT \Device\NetBT_Tcpip_{04A2EF92-7AB8-484F-A70E-6B5D3F552EF3} IRP_MJ_CREATE 85E24980
Device \Driver\NetBT \Device\NetBT_Tcpip_{04A2EF92-7AB8-484F-A70E-6B5D3F552EF3} IRP_MJ_CLOSE 85E24980
Device \Driver\NetBT \Device\NetBT_Tcpip_{04A2EF92-7AB8-484F-A70E-6B5D3F552EF3} IRP_MJ_DEVICE_CONTROL 85E24980
Device \Driver\NetBT \Device\NetBT_Tcpip_{04A2EF92-7AB8-484F-A70E-6B5D3F552EF3} IRP_MJ_INTERNAL_DEVICE_CONTROL 85E24980
Device \Driver\NetBT \Device\NetBT_Tcpip_{04A2EF92-7AB8-484F-A70E-6B5D3F552EF3} IRP_MJ_CLEANUP 85E24980
Device \Driver\NetBT \Device\NetBT_Tcpip_{04A2EF92-7AB8-484F-A70E-6B5D3F552EF3} IRP_MJ_PNP 85E24980
Device \Driver\usbuhci \Device\USBPDO-0 IRP_MJ_CREATE 863A71D8
Device \Driver\usbuhci \Device\USBPDO-0 IRP_MJ_CLOSE 863A71D8
Device \Driver\usbuhci \Device\USBPDO-0 IRP_MJ_DEVICE_CONTROL 863A71D8
Device \Driver\usbuhci \Device\USBPDO-0 IRP_MJ_INTERNAL_DEVICE_CONTROL 863A71D8
Device \Driver\usbuhci \Device\USBPDO-0 IRP_MJ_POWER 863A71D8
Device \Driver\usbuhci \Device\USBPDO-0 IRP_MJ_SYSTEM_CONTROL 863A71D8
Device \Driver\usbuhci \Device\USBPDO-0 IRP_MJ_PNP 863A71D8
Device \Driver\usbuhci \Device\USBPDO-1 IRP_MJ_CREATE 863A71D8
Device \Driver\usbuhci \Device\USBPDO-1 IRP_MJ_CLOSE 863A71D8
Device \Driver\usbuhci \Device\USBPDO-1 IRP_MJ_DEVICE_CONTROL 863A71D8
Device \Driver\usbuhci \Device\USBPDO-1 IRP_MJ_INTERNAL_DEVICE_CONTROL 863A71D8
Device \Driver\usbuhci \Device\USBPDO-1 IRP_MJ_POWER 863A71D8
Device \Driver\usbuhci \Device\USBPDO-1 IRP_MJ_SYSTEM_CONTROL 863A71D8
Device \Driver\usbuhci \Device\USBPDO-1 IRP_MJ_PNP 863A71D8
Device \Driver\usbuhci \Device\USBPDO-2 IRP_MJ_CREATE 863A71D8
Device \Driver\usbuhci \Device\USBPDO-2 IRP_MJ_CLOSE 863A71D8
Device \Driver\usbuhci \Device\USBPDO-2 IRP_MJ_DEVICE_CONTROL 863A71D8
Device \Driver\usbuhci \Device\USBPDO-2 IRP_MJ_INTERNAL_DEVICE_CONTROL 863A71D8
Device \Driver\usbuhci \Device\USBPDO-2 IRP_MJ_POWER 863A71D8
Device \Driver\usbuhci \Device\USBPDO-2 IRP_MJ_SYSTEM_CONTROL 863A71D8
Device \Driver\usbuhci \Device\USBPDO-2 IRP_MJ_PNP 863A71D8
Device \Driver\usbuhci \Device\USBPDO-3 IRP_MJ_CREATE 863A71D8
Device \Driver\usbuhci \Device\USBPDO-3 IRP_MJ_CLOSE 863A71D8
Device \Driver\usbuhci \Device\USBPDO-3 IRP_MJ_DEVICE_CONTROL 863A71D8
Device \Driver\usbuhci \Device\USBPDO-3 IRP_MJ_INTERNAL_DEVICE_CONTROL 863A71D8
Device \Driver\usbuhci \Device\USBPDO-3 IRP_MJ_POWER 863A71D8
Device \Driver\usbuhci \Device\USBPDO-3 IRP_MJ_SYSTEM_CONTROL 863A71D8
Device \Driver\usbuhci \Device\USBPDO-3 IRP_MJ_PNP 863A71D8
Device \Driver\usbehci \Device\USBPDO-4 IRP_MJ_CREATE 8637A1D8
Device \Driver\usbehci \Device\USBPDO-4 IRP_MJ_CLOSE 8637A1D8
Device \Driver\usbehci \Device\USBPDO-4 IRP_MJ_DEVICE_CONTROL 8637A1D8
Device \Driver\usbehci \Device\USBPDO-4 IRP_MJ_INTERNAL_DEVICE_CONTROL 8637A1D8
Device \Driver\usbehci \Device\USBPDO-4 IRP_MJ_POWER 8637A1D8
Device \Driver\usbehci \Device\USBPDO-4 IRP_MJ_SYSTEM_CONTROL 8637A1D8
Device \Driver\usbehci \Device\USBPDO-4 IRP_MJ_PNP 8637A1D8
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_CREATE 867601D8
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_READ 867601D8
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_WRITE 867601D8
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_FLUSH_BUFFERS 867601D8
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_DEVICE_CONTROL 867601D8
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_INTERNAL_DEVICE_CONTROL 867601D8
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_SHUTDOWN 867601D8
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_CLEANUP 867601D8
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_POWER 867601D8
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_SYSTEM_CONTROL 867601D8
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_PNP 867601D8
Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_CREATE 867601D8
Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_READ 867601D8
Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_WRITE 867601D8
Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_FLUSH_BUFFERS 867601D8
Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_DEVICE_CONTROL 867601D8
Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_INTERNAL_DEVICE_CONTROL 867601D8
Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_SHUTDOWN 867601D8
Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_CLEANUP 867601D8
Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_POWER 867601D8
Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_SYSTEM_CONTROL 867601D8
Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_PNP 867601D8
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_CREATE 8636D1D8
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_CLOSE 8636D1D8
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_READ 8636D1D8
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_WRITE 8636D1D8
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_FLUSH_BUFFERS 8636D1D8
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_DEVICE_CONTROL 8636D1D8
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_INTERNAL_DEVICE_CONTROL 8636D1D8
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SHUTDOWN 8636D1D8
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_POWER 8636D1D8
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SYSTEM_CONTROL 8636D1D8
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_PNP 8636D1D8
Device \Driver\Ftdisk \Device\HarddiskVolume3 IRP_MJ_CREATE 867601D8
Device \Driver\Ftdisk \Device\HarddiskVolume3 IRP_MJ_READ 867601D8
Device \Driver\Ftdisk \Device\HarddiskVolume3 IRP_MJ_WRITE 867601D8
Device \Driver\Ftdisk \Device\HarddiskVolume3 IRP_MJ_FLUSH_BUFFERS 867601D8
Device \Driver\Ftdisk \Device\HarddiskVolume3 IRP_MJ_DEVICE_CONTROL 867601D8
Device \Driver\Ftdisk \Device\HarddiskVolume3 IRP_MJ_INTERNAL_DEVICE_CONTROL 867601D8
Device \Driver\Ftdisk \Device\HarddiskVolume3 IRP_MJ_SHUTDOWN 867601D8
Device \Driver\Ftdisk \Device\HarddiskVolume3 IRP_MJ_CLEANUP 867601D8
Device \Driver\Ftdisk \Device\HarddiskVolume3 IRP_MJ_POWER 867601D8
Device \Driver\Ftdisk \Device\HarddiskVolume3 IRP_MJ_SYSTEM_CONTROL 867601D8
Device \Driver\Ftdisk \Device\HarddiskVolume3 IRP_MJ_PNP 867601D8
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_CREATE 8636D1D8
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_CLOSE 8636D1D8
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_READ 8636D1D8
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_WRITE 8636D1D8
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_FLUSH_BUFFERS 8636D1D8
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_DEVICE_CONTROL 8636D1D8
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_INTERNAL_DEVICE_CONTROL 8636D1D8
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SHUTDOWN 8636D1D8
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_POWER 8636D1D8
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SYSTEM_CONTROL 8636D1D8
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_PNP 8636D1D8
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_CREATE 867D11D8
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_CLOSE 867D11D8
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_DEVICE_CONTROL 867D11D8
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_INTERNAL_DEVICE_CONTROL 867D11D8
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_POWER 867D11D8
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_SYSTEM_CONTROL 867D11D8
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_PNP 867D11D8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_CREATE 867D11D8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_CLOSE 867D11D8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_DEVICE_CONTROL 867D11D8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_INTERNAL_DEVICE_CONTROL 867D11D8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_POWER 867D11D8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_SYSTEM_CONTROL 867D11D8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_PNP 867D11D8
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_CREATE 867D11D8
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_CLOSE 867D11D8
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_DEVICE_CONTROL 867D11D8
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_INTERNAL_DEVICE_CONTROL 867D11D8
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_POWER 867D11D8
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_SYSTEM_CONTROL 867D11D8
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_PNP 867D11D8
Device \Driver\atapi \Device\Ide\IdePort2 IRP_MJ_CREATE 867D11D8
Device \Driver\atapi \Device\Ide\IdePort2 IRP_MJ_CLOSE 867D11D8
Device \Driver\atapi \Device\Ide\IdePort2 IRP_MJ_DEVICE_CONTROL 867D11D8
Device \Driver\atapi \Device\Ide\IdePort2 IRP_MJ_INTERNAL_DEVICE_CONTROL 867D11D8
Device \Driver\atapi \Device\Ide\IdePort2 IRP_MJ_POWER 867D11D8
Device \Driver\atapi \Device\Ide\IdePort2 IRP_MJ_SYSTEM_CONTROL 867D11D8
Device \Driver\atapi \Device\Ide\IdePort2 IRP_MJ_PNP 867D11D8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_CREATE 867D11D8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_CLOSE 867D11D8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_DEVICE_CONTROL 867D11D8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_INTERNAL_DEVICE_CONTROL 867D11D8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_POWER 867D11D8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_SYSTEM_CONTROL 867D11D8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_PNP 867D11D8
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-18 IRP_MJ_CREATE 867D11D8
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-18 IRP_MJ_CLOSE 867D11D8
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-18 IRP_MJ_DEVICE_CONTROL 867D11D8
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-18 IRP_MJ_INTERNAL_DEVICE_CONTROL 867D11D8
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-18 IRP_MJ_POWER 867D11D8
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-18 IRP_MJ_SYSTEM_CONTROL 867D11D8
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-18 IRP_MJ_PNP 867D11D8
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-20 IRP_MJ_CREATE 867D11D8
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-20 IRP_MJ_CLOSE 867D11D8
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-20 IRP_MJ_DEVICE_CONTROL 867D11D8
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-20 IRP_MJ_INTERNAL_DEVICE_CONTROL 867D11D8
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-20 IRP_MJ_POWER 867D11D8
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-20 IRP_MJ_SYSTEM_CONTROL 867D11D8
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-20 IRP_MJ_PNP 867D11D8
Device \Driver\Ftdisk \Device\HarddiskVolume4 IRP_MJ_CREATE 867601D8
Device \Driver\Ftdisk \Device\HarddiskVolume4 IRP_MJ_READ 867601D8
Device \Driver\Ftdisk \Device\HarddiskVolume4 IRP_MJ_WRITE 867601D8
Device \Driver\Ftdisk \Device\HarddiskVolume4 IRP_MJ_FLUSH_BUFFERS 867601D8
Device \Driver\Ftdisk \Device\HarddiskVolume4 IRP_MJ_DEVICE_CONTROL 867601D8
Device \Driver\Ftdisk \Device\HarddiskVolume4 IRP_MJ_INTERNAL_DEVICE_CONTROL 867601D8
Device \Driver\Ftdisk \Device\HarddiskVolume4 IRP_MJ_SHUTDOWN 867601D8
Device \Driver\Ftdisk \Device\HarddiskVolume4 IRP_MJ_CLEANUP 867601D8
Device \Driver\Ftdisk \Device\HarddiskVolume4 IRP_MJ_POWER 867601D8
Device \Driver\Ftdisk \Device\HarddiskVolume4 IRP_MJ_SYSTEM_CONTROL 867601D8
Device \Driver\Ftdisk \Device\HarddiskVolume4 IRP_MJ_PNP 867601D8
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_CREATE 8636D1D8
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_CLOSE 8636D1D8
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_READ 8636D1D8
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_WRITE 8636D1D8
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_FLUSH_BUFFERS 8636D1D8
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_DEVICE_CONTROL 8636D1D8
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_INTERNAL_DEVICE_CONTROL 8636D1D8
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_SHUTDOWN 8636D1D8
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_POWER 8636D1D8
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_SYSTEM_CONTROL 8636D1D8
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_PNP 8636D1D8
Device \Driver\usbstor \Device\00000074 IRP_MJ_CREATE 85DFA328
Device \Driver\usbstor \Device\00000074 IRP_MJ_CLOSE 85DFA328
Device \Driver\usbstor \Device\00000074 IRP_MJ_READ 85DFA328
Device \Driver\usbstor \Device\00000074 IRP_MJ_WRITE 85DFA328
Device \Driver\usbstor \Device\00000074 IRP_MJ_DEVICE_CONTROL 85DFA328
Device \Driver\usbstor \Device\00000074 IRP_MJ_INTERNAL_DEVICE_CONTROL 85DFA328
Device \Driver\usbstor \Device\00000074 IRP_MJ_POWER 85DFA328
Device \Driver\usbstor \Device\00000074 IRP_MJ_SYSTEM_CONTROL 85DFA328
Device \Driver\usbstor \Device\00000074 IRP_MJ_PNP 85DFA328
Device \Driver\Cdrom \Device\CdRom3 IRP_MJ_CREATE 8636D1D8
Device \Driver\Cdrom \Device\CdRom3 IRP_MJ_CLOSE 8636D1D8
Device \Driver\Cdrom \Device\CdRom3 IRP_MJ_READ 8636D1D8
Device \Driver\Cdrom \Device\CdRom3 IRP_MJ_WRITE 8636D1D8
Device \Driver\Cdrom \Device\CdRom3 IRP_MJ_FLUSH_BUFFERS 8636D1D8
Device \Driver\Cdrom \Device\CdRom3 IRP_MJ_DEVICE_CONTROL 8636D1D8
Device \Driver\Cdrom \Device\CdRom3 IRP_MJ_INTERNAL_DEVICE_CONTROL 8636D1D8
Device \Driver\Cdrom \Device\CdRom3 IRP_MJ_SHUTDOWN 8636D1D8
Device \Driver\Cdrom \Device\CdRom3 IRP_MJ_POWER 8636D1D8
Device \Driver\Cdrom \Device\CdRom3 IRP_MJ_SYSTEM_CONTROL 8636D1D8
Device \Driver\Cdrom \Device\CdRom3 IRP_MJ_PNP 8636D1D8
Device \Driver\NetBT \Device\NetBT_Tcpip_{83C4E66B-E4F9-4E71-B8AE-8EFBB0EBB006} IRP_MJ_CREATE 85E24980
Device \Driver\NetBT \Device\NetBT_Tcpip_{83C4E66B-E4F9-4E71-B8AE-8EFBB0EBB006} IRP_MJ_CLOSE 85E24980
Device \Driver\NetBT \Device\NetBT_Tcpip_{83C4E66B-E4F9-4E71-B8AE-8EFBB0EBB006} IRP_MJ_DEVICE_CONTROL 85E24980
Device \Driver\NetBT \Device\NetBT_Tcpip_{83C4E66B-E4F9-4E71-B8AE-8EFBB0EBB006} IRP_MJ_INTERNAL_DEVICE_CONTROL 85E24980
Device \Driver\NetBT \Device\NetBT_Tcpip_{83C4E66B-E4F9-4E71-B8AE-8EFBB0EBB006} IRP_MJ_CLEANUP 85E24980
Device \Driver\NetBT \Device\NetBT_Tcpip_{83C4E66B-E4F9-4E71-B8AE-8EFBB0EBB006} IRP_MJ_PNP 85E24980
Device \Driver\usbstor \Device\00000076 IRP_MJ_CREATE 85DFA328
Device \Driver\usbstor \Device\00000076 IRP_MJ_CLOSE 85DFA328
Device \Driver\usbstor \Device\00000076 IRP_MJ_READ 85DFA328
Device \Driver\usbstor \Device\00000076 IRP_MJ_WRITE 85DFA328
Device \Driver\usbstor \Device\00000076 IRP_MJ_DEVICE_CONTROL 85DFA328
Device \Driver\usbstor \Device\00000076 IRP_MJ_INTERNAL_DEVICE_CONTROL 85DFA328
Device \Driver\usbstor \Device\00000076 IRP_MJ_POWER 85DFA328
Device \Driver\usbstor \Device\00000076 IRP_MJ_SYSTEM_CONTROL 85DFA328
Device \Driver\usbstor \Device\00000076 IRP_MJ_PNP 85DFA328
Device \Driver\NetBT \Device\NetBt_Wins_Export IRP_MJ_CREATE 85E24980
Device \Driver\NetBT \Device\NetBt_Wins_Export IRP_MJ_CLOSE 85E24980
Device \Driver\NetBT \Device\NetBt_Wins_Export IRP_MJ_DEVICE_CONTROL 85E24980
Device \Driver\NetBT \Device\NetBt_Wins_Export IRP_MJ_INTERNAL_DEVICE_CONTROL 85E24980
Device \Driver\NetBT \Device\NetBt_Wins_Export IRP_MJ_CLEANUP 85E24980
Device \Driver\NetBT \Device\NetBt_Wins_Export IRP_MJ_PNP 85E24980
Device \Driver\NetBT \Device\NetBT_Tcpip_{674D09F7-4A24-4B5F-B571-213F6F2DF05E} IRP_MJ_CREATE 85E24980
Device \Driver\NetBT \Device\NetBT_Tcpip_{674D09F7-4A24-4B5F-B571-213F6F2DF05E} IRP_MJ_CLOSE 85E24980
Device \Driver\NetBT \Device\NetBT_Tcpip_{674D09F7-4A24-4B5F-B571-213F6F2DF05E} IRP_MJ_DEVICE_CONTROL 85E24980
Device \Driver\NetBT \Device\NetBT_Tcpip_{674D09F7-4A24-4B5F-B571-213F6F2DF05E} IRP_MJ_INTERNAL_DEVICE_CONTROL 85E24980
Device \Driver\NetBT \Device\NetBT_Tcpip_{674D09F7-4A24-4B5F-B571-213F6F2DF05E} IRP_MJ_CLEANUP 85E24980
Device \Driver\NetBT \Device\NetBT_Tcpip_{674D09F7-4A24-4B5F-B571-213F6F2DF05E} IRP_MJ_PNP 85E24980
Device \Driver\00000445 \Device\0000004b IRP_MJ_POWER [F7746C7E] sptd.sys
Device \Driver\00000445 \Device\0000004b IRP_MJ_SYSTEM_CONTROL [F77602A2] sptd.sys
Device \Driver\00000445 \Device\0000004b IRP_MJ_PNP [F7761228] sptd.sys
Device \Driver\NetBT \Device\NetbiosSmb IRP_MJ_CREATE 85E24980
Device \Driver\NetBT \Device\NetbiosSmb IRP_MJ_CLOSE 85E24980
Device \Driver\NetBT \Device\NetbiosSmb IRP_MJ_DEVICE_CONTROL 85E24980
Device \Driver\NetBT \Device\NetbiosSmb IRP_MJ_INTERNAL_DEVICE_CONTROL 85E24980
Device \Driver\NetBT \Device\NetbiosSmb IRP_MJ_CLEANUP 85E24980
Device \Driver\NetBT \Device\NetbiosSmb IRP_MJ_PNP 85E24980
Device \Driver\usbuhci \Device\USBFDO-0 IRP_MJ_CREATE 863A71D8
Device \Driver\usbuhci \Device\USBFDO-0 IRP_MJ_CLOSE 863A71D8
Device \Driver\usbuhci \Device\USBFDO-0 IRP_MJ_DEVICE_CONTROL 863A71D8
Device \Driver\usbuhci \Device\USBFDO-0 IRP_MJ_INTERNAL_DEVICE_CONTROL 863A71D8
Device \Driver\usbuhci \Device\USBFDO-0 IRP_MJ_POWER 863A71D8
Device \Driver\usbuhci \Device\USBFDO-0 IRP_MJ_SYSTEM_CONTROL 863A71D8
Device \Driver\usbuhci \Device\USBFDO-0 IRP_MJ_PNP 863A71D8
Device \Driver\usbuhci \Device\USBFDO-1 IRP_MJ_CREATE 863A71D8
Device \Driver\usbuhci \Device\USBFDO-1 IRP_MJ_CLOSE 863A71D8
Device \Driver\usbuhci \Device\USBFDO-1 IRP_MJ_DEVICE_CONTROL 863A71D8
Device \Driver\usbuhci \Device\USBFDO-1 IRP_MJ_INTERNAL_DEVICE_CONTROL 863A71D8
Device \Driver\usbuhci \Device\USBFDO-1 IRP_MJ_POWER 863A71D8
Device \Driver\usbuhci \Device\USBFDO-1 IRP_MJ_SYSTEM_CONTROL 863A71D8
Device \Driver\usbuhci \Device\USBFDO-1 IRP_MJ_PNP 863A71D8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_CREATE 85E10980
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_CREATE_NAMED_PIPE 85E10980
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_CLOSE 85E10980
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_READ 85E10980
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_WRITE 85E10980
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_QUERY_INFORMATION 85E10980
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SET_INFORMATION 85E10980
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_QUERY_EA 85E10980
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SET_EA 85E10980
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_FLUSH_BUFFERS 85E10980
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_QUERY_VOLUME_INFORMATION 85E10980
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SET_VOLUME_INFORMATION 85E10980
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_DIRECTORY_CONTROL 85E10980
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_FILE_SYSTEM_CONTROL 85E10980
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_DEVICE_CONTROL 85E10980
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_INTERNAL_DEVICE_CONTROL 85E10980
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SHUTDOWN 85E10980
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_LOCK_CONTROL 85E10980
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_CLEANUP 85E10980
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_CREATE_MAILSLOT 85E10980
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_QUERY_SECURITY 85E10980
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SET_SECURITY 85E10980
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_POWER 85E10980
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SYSTEM_CONTROL 85E10980
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_DEVICE_CHANGE 85E10980
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_QUERY_QUOTA 85E10980
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SET_QUOTA 85E10980
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_PNP 85E10980
Device \Driver\usbuhci \Device\USBFDO-2 IRP_MJ_CREATE 863A71D8
Device \Driver\usbuhci \Device\USBFDO-2 IRP_MJ_CLOSE 863A71D8
Device \Driver\usbuhci \Device\USBFDO-2 IRP_MJ_DEVICE_CONTROL 863A71D8
Device \Driver\usbuhci \Device\USBFDO-2 IRP_MJ_INTERNAL_DEVICE_CONTROL 863A71D8
Device \Driver\usbuhci \Device\USBFDO-2 IRP_MJ_POWER 863A71D8
Device \Driver\usbuhci \Device\USBFDO-2 IRP_MJ_SYSTEM_CONTROL 863A71D8
Device \Driver\usbuhci \Device\USBFDO-2 IRP_MJ_PNP 863A71D8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_CREATE 85E10980
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_CREATE_NAMED_PIPE 85E10980
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_CLOSE 85E10980
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_READ 85E10980
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_WRITE 85E10980
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_QUERY_INFORMATION 85E10980
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SET_INFORMATION 85E10980
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_QUERY_EA 85E10980
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SET_EA 85E10980
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_FLUSH_BUFFERS 85E10980
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_QUERY_VOLUME_INFORMATION 85E10980
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SET_VOLUME_INFORMATION 85E10980
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_DIRECTORY_CONTROL 85E10980
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_FILE_SYSTEM_CONTROL 85E10980
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_DEVICE_CONTROL 85E10980
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_INTERNAL_DEVICE_CONTROL 85E10980
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SHUTDOWN 85E10980
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_LOCK_CONTROL 85E10980
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_CLEANUP 85E10980
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_CREATE_MAILSLOT 85E10980
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_QUERY_SECURITY 85E10980
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SET_SECURITY 85E10980
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_POWER 85E10980
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SYSTEM_CONTROL 85E10980
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_DEVICE_CHANGE 85E10980
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_QUERY_QUOTA 85E10980
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SET_QUOTA 85E10980
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_PNP 85E10980
Device \Driver\usbuhci \Device\USBFDO-3 IRP_MJ_CREATE 863A71D8
Device \Driver\usbuhci \Device\USBFDO-3 IRP_MJ_CLOSE 863A71D8
Device \Driver\usbuhci \Device\USBFDO-3 IRP_MJ_DEVICE_CONTROL 863A71D8
Device \Driver\usbuhci \Device\USBFDO-3 IRP_MJ_INTERNAL_DEVICE_CONTROL 863A71D8
Device \Driver\usbuhci \Device\USBFDO-3 IRP_MJ_POWER 863A71D8
Device \Driver\usbuhci \Device\USBFDO-3 IRP_MJ_SYSTEM_CONTROL 863A71D8
Device \Driver\usbuhci \Device\USBFDO-3 IRP_MJ_PNP 863A71D8
Device \Driver\usbehci \Device\USBFDO-4 IRP_MJ_CREATE 8637A1D8
Device \Driver\usbehci \Device\USBFDO-4 IRP_MJ_CLOSE 8637A1D8
Device \Driver\usbehci \Device\USBFDO-4 IRP_MJ_DEVICE_CONTROL 8637A1D8
Device \Driver\usbehci \Device\USBFDO-4 IRP_MJ_INTERNAL_DEVICE_CONTROL 8637A1D8
Device \Driver\usbehci \Device\USBFDO-4 IRP_MJ_POWER 8637A1D8
Device \Driver\usbehci \Device\USBFDO-4 IRP_MJ_SYSTEM_CONTROL 8637A1D8
Device \Driver\usbehci \Device\USBFDO-4 IRP_MJ_PNP 8637A1D8
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_CREATE 867601D8
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_READ 867601D8
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_WRITE 867601D8
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_FLUSH_BUFFERS 867601D8
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_DEVICE_CONTROL 867601D8
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_INTERNAL_DEVICE_CONTROL 867601D8
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_SHUTDOWN 867601D8
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_CLEANUP 867601D8
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_POWER 867601D8
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_SYSTEM_CONTROL 867601D8
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_PNP 867601D8
Device \Driver\SI3114r \Device\Scsi\SI3114r1 IRP_MJ_CREATE 867D01D8
Device \Driver\SI3114r \Device\Scsi\SI3114r1 IRP_MJ_CLOSE 867D01D8
Device \Driver\SI3114r \Device\Scsi\SI3114r1 IRP_MJ_DEVICE_CONTROL 867D01D8
Device \Driver\SI3114r \Device\Scsi\SI3114r1 IRP_MJ_INTERNAL_DEVICE_CONTROL 867D01D8
Device \Driver\SI3114r \Device\Scsi\SI3114r1 IRP_MJ_POWER 867D01D8
Device \Driver\SI3114r \Device\Scsi\SI3114r1 IRP_MJ_SYSTEM_CONTROL 867D01D8
Device \Driver\SI3114r \Device\Scsi\SI3114r1 IRP_MJ_PNP 867D01D8
Device \Driver\aip2sshm \Device\Scsi\aip2sshm1Port5Path0Target0Lun0 IRP_MJ_CREATE 863655C0
Device \Driver\aip2sshm \Device\Scsi\aip2sshm1Port5Path0Target0Lun0 IRP_MJ_CLOSE 863655C0
Device \Driver\aip2sshm \Device\Scsi\aip2sshm1Port5Path0Target0Lun0 IRP_MJ_DEVICE_CONTROL 863655C0
Device \Driver\aip2sshm \Device\Scsi\aip2sshm1Port5Path0Target0Lun0 IRP_MJ_INTERNAL_DEVICE_CONTROL 863655C0
Device \Driver\aip2sshm \Device\Scsi\aip2sshm1Port5Path0Target0Lun0 IRP_MJ_POWER 863655C0
Device \Driver\aip2sshm \Device\Scsi\aip2sshm1Port5Path0Target0Lun0 IRP_MJ_SYSTEM_CONTROL 863655C0
Device \Driver\aip2sshm \Device\Scsi\aip2sshm1Port5Path0Target0Lun0 IRP_MJ_PNP 863655C0
Device \Driver\aip2sshm \Device\Scsi\aip2sshm1 IRP_MJ_CREATE 863655C0
Device \Driver\aip2sshm \Device\Scsi\aip2sshm1 IRP_MJ_CLOSE 863655C0
Device \Driver\aip2sshm \Device\Scsi\aip2sshm1 IRP_MJ_DEVICE_CONTROL 863655C0
Device \Driver\aip2sshm \Device\Scsi\aip2sshm1 IRP_MJ_INTERNAL_DEVICE_CONTROL 863655C0
Device \Driver\aip2sshm \Device\Scsi\aip2sshm1 IRP_MJ_POWER 863655C0
Device \Driver\aip2sshm \Device\Scsi\aip2sshm1 IRP_MJ_SYSTEM_CONTROL 863655C0
Device \Driver\aip2sshm \Device\Scsi\aip2sshm1 IRP_MJ_PNP 863655C0
Device \Driver\iteraid \Device\Scsi\iteraid1 IRP_MJ_CREATE 8675F1D8
Device \Driver\iteraid \Device\Scsi\iteraid1 IRP_MJ_CLOSE 8675F1D8
Device \Driver\iteraid \Device\Scsi\iteraid1 IRP_MJ_DEVICE_CONTROL 8675F1D8
Device \Driver\iteraid \Device\Scsi\iteraid1 IRP_MJ_INTERNAL_DEVICE_CONTROL 8675F1D8
Device \Driver\iteraid \Device\Scsi\iteraid1 IRP_MJ_POWER 8675F1D8
Device \Driver\iteraid \Device\Scsi\iteraid1 IRP_MJ_SYSTEM_CONTROL 8675F1D8
Device \Driver\iteraid \Device\Scsi\iteraid1 IRP_MJ_PNP 8675F1D8
Device \Driver\iteraid \Device\Scsi\iteraid1Port3Path0Target3Lun0 IRP_MJ_CREATE 8675F1D8
Device \Driver\iteraid \Device\Scsi\iteraid1Port3Path0Target3Lun0 IRP_MJ_CLOSE 8675F1D8
Device \Driver\iteraid \Device\Scsi\iteraid1Port3Path0Target3Lun0 IRP_MJ_DEVICE_CONTROL 8675F1D8
Device \Driver\iteraid \Device\Scsi\iteraid1Port3Path0Target3Lun0 IRP_MJ_INTERNAL_DEVICE_CONTROL 8675F1D8
Device \Driver\iteraid \Device\Scsi\iteraid1Port3Path0Target3Lun0 IRP_MJ_POWER 8675F1D8
Device \Driver\iteraid \Device\Scsi\iteraid1Port3Path0Target3Lun0 IRP_MJ_SYSTEM_CONTROL 8675F1D8
Device \Driver\iteraid \Device\Scsi\iteraid1Port3Path0Target3Lun0 IRP_MJ_PNP 8675F1D8
Device \FileSystem\Cdfs \Cdfs IRP_MJ_CREATE 85D99980
Device \FileSystem\Cdfs \Cdfs IRP_MJ_CLOSE 85D99980
Device \FileSystem\Cdfs \Cdfs IRP_MJ_READ 85D99980
Device \FileSystem\Cdfs \Cdfs IRP_MJ_QUERY_INFORMATION 85D99980
Device \FileSystem\Cdfs \Cdfs IRP_MJ_SET_INFORMATION 85D99980
Device \FileSystem\Cdfs \Cdfs IRP_MJ_QUERY_VOLUME_INFORMATION 85D99980
Device \FileSystem\Cdfs \Cdfs IRP_MJ_DIRECTORY_CONTROL 85D99980
Device \FileSystem\Cdfs \Cdfs IRP_MJ_FILE_SYSTEM_CONTROL 85D99980
Device \FileSystem\Cdfs \Cdfs IRP_MJ_DEVICE_CONTROL 85D99980
Device \FileSystem\Cdfs \Cdfs IRP_MJ_SHUTDOWN 85D99980
Device \FileSystem\Cdfs \Cdfs IRP_MJ_LOCK_CONTROL 85D99980
Device \FileSystem\Cdfs \Cdfs IRP_MJ_CLEANUP 85D99980
Device \FileSystem\Cdfs \Cdfs IRP_MJ_PNP 85D99980

---- Registry - GMER 1.0.11 ----

Reg \Registry\USER\S-1-5-21-1409082233-113007714-839522115-1004\Software\SecuROM\!CAUTION! NEVER DELETE OR CHANGE ANY KEY@?? 0xBB 0x12 0xBD 0x6C ...
Reg \Registry\USER\S-1-5-21-1409082233-113007714-839522115-1004\Software\SecuROM\!CAUTION! NEVER DELETE OR CHANGE ANY KEY@?? 0x72 0x2E 0x42 0x1F ...

---- Files - GMER 1.0.11 ----

ADS C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:1B682472
ADS ...
ADS ...

---- EOF - GMER 1.0.11 ----


weiss jetzt nicht was ich machen muss mit der gmer log....
leute
 
Beiträge: 12
Registriert: 12.01.2007, 10:41
Nach oben

Beitragvon Ariczzz am 01.03.2007, 19:30

O20 - Winlogon Notify: rpcc - C:\WINDOWS\system32\rpcc.dll
O23 - Service: Microsoft authenticate service (MsaSvc) - Unknown owner - C:\WINDOWS\system32\msasvc.exe (file missing)


lade dir Avenger(siehe signatur) und kopiere rein:
Files to delete:
C:\WINDOWS\system32\rpcc.dll
C:\WINDOWS\system32\msasvc.exe


dann fixe die oben genannten einträge mit hijackthis(haken davor, fix checked)
Ariczzz
Mitarbeiter
 
Beiträge: 1634
Registriert: 06.09.2006, 16:23
Wohnort: Niederndodeleben
Nach oben

Beitragvon leute am 01.03.2007, 19:32

mmmh, also blacklight hat hier nichts "verstecktes" gefunden...

hat jemand ne ahnung wies jetzt weiter gehen soll?
leute
 
Beiträge: 12
Registriert: 12.01.2007, 10:41
Nach oben

Beitragvon Fleischer am 01.03.2007, 19:33

Das ist eine alte Version von gmer!? Mit Blacklight sollte es aber auch funktionieren.

Diese Datei ist Schuld an deinem Problem c:\windows\system32\rpcc.dll.

M*st, da war ich nicht schnell genug. :)

Nachtrag: Du solltest vorher datfindbat nutzen: http://www.virus-protect.org/datfindbat.html
sonst ist es schwer einen Vergleich zu machen, wenn die Dateien, die Avenger löscht, weg sind.
Fleischer
 
Beiträge: 25
Registriert: 22.10.2004, 19:22
Nach oben

Beitragvon leute am 01.03.2007, 19:48

so also hab den avenger laufen gelassen,
hier mal die meldung von avenger nach dem reeboot:

Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\cajvyvks

*******************

Script file located at: \??\C:\WINDOWS\tmnujhqd.txt
Script file opened successfully.

Script file read successfully

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

File C:\WINDOWS\system32\rpcc.dll deleted successfully.


File C:\WINDOWS\system32\msasvc.exe not found!
Deletion of file C:\WINDOWS\system32\msasvc.exe failed!

Could not process line:
C:\WINDOWS\system32\msasvc.exe
Status: 0xc0000034


Completed script processing.

*******************

Finished! Terminate.



danach hijackthis gestartet und gefixt was ging.

hier die neuste log:

Logfile of HijackThis v1.99.1
Scan saved at 18:44:33, on 01.03.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Unable to get Internet Explorer version!

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Programme\Ad Muncher\AdMunch.exe
C:\WINDOWS\system32\RunDll32.exe
C:\Programme\Java\jre1.5.0_11\bin\jusched.exe
C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\notepad.exe
C:\Programme\AntiVir PersonalEdition Classic\sched.exe
C:\Programme\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\system32\svchost.exe
C:\Programme\Opera\Opera.exe
C:\Dokumente und Einstellungen\leute\Desktop\Programme\HJT1991.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hispeed.ch
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.hispeed.ch/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.5.0_11\bin\ssv.dll
O4 - HKLM\..\Run: [Ad Muncher] C:\Programme\Ad Muncher\AdMunch.exe /bt
O4 - HKLM\..\Run: [Verknüpfung mit der High Definition Audio-Eigenschaftenseite] HDAudPropShortcut.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programme\Java\jre1.5.0_11\bin\jusched.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [ATICCC] "C:\Programme\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [eMuleAutoStart] C:\Programme\eMule\emule.exe -AutoStart
O8 - Extra context menu item: Block frame with Ad Muncher - http://www.admuncher.com/request_will_b ... u_ie_frame
O8 - Extra context menu item: Block image with Ad Muncher - http://www.admuncher.com/request_will_b ... u_ie_image
O8 - Extra context menu item: Block link with Ad Muncher - http://www.admuncher.com/request_will_b ... nu_ie_link
O8 - Extra context menu item: Don't filter page with Ad Muncher - http://www.admuncher.com/request_will_b ... ie_exclude
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE12\EXCEL.EXE/3000
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Report page to the Ad Muncher developers - http://www.admuncher.com/request_will_b ... _ie_report
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_11\bin\npjpi150_11.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_11\bin\npjpi150_11.dll
O9 - Extra button: Mobilen Favoriten erstellen - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Programme\Microsoft ActiveSync\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Programme\Microsoft ActiveSync\INetRepl.dll
O9 - Extra 'Tools' menuitem: Mobilen Favoriten erstellen... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Programme\Microsoft ActiveSync\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O15 - Trusted Zone: http://*.shoutcast.com
O15 - Trusted Zone: http://*.winamp.com
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resourc ... oscan8.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 8777491906
O16 - DPF: {9D190AE6-C81E-4039-8061-978EBAD10073} (F-Secure Online Scanner 3.0) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {C81B5180-AFD1-41A3-97E1-99E8D254DB98} (CSS Web Installer Class) - http://www.commandondemand.com/eval/cod/cabs/cssweb.cab
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Help\hxds.dll
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\GEMEIN~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O23 - Service: AntiVir PersonalEdition Classic Planer (AntiVirScheduler) - Avira GmbH - C:\Programme\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - AVIRA GmbH - C:\Programme\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Microsoft authenticate service (MsaSvc) - Unknown owner - C:\WINDOWS\system32\msasvc.exe (file missing)
O23 - Service: ViRobot Expert Monitoring (vrmonsvc) - Unknown owner - C:\Programme\ViRobotXP\vrmonsvc.exe (file missing)


so hab nun aber noch das prob mit msasvc.exe.

mmmh kann man ja nicht löschen wenn die file nicht existiert, oder....
leute
 
Beiträge: 12
Registriert: 12.01.2007, 10:41
Nach oben

Beitragvon Fleischer am 01.03.2007, 19:50

Ja, diese beiden Dateien existieren nicht mehr:

O23 - Service: Microsoft authenticate service (MsaSvc) - Unknown owner - C:\WINDOWS\system32\msasvc.exe (file missing)
O23 - Service: ViRobot Expert Monitoring (vrmonsvc) - Unknown owner - C:\Programme\ViRobotXP\vrmonsvc.exe (file missing)


Kann man mit einem Datfindbat Report schnell kontrollieren.
Fleischer
 
Beiträge: 25
Registriert: 22.10.2004, 19:22
Nach oben

Beitragvon leute am 01.03.2007, 19:57

mmmh datfindbat report??
keine ahnung was das ist, ist doch das selbe wie die log vom hijack oder?

und nochmal zu der mail sache, was denkt ihr, ist das problem jetzt gelöst?
leute
 
Beiträge: 12
Registriert: 12.01.2007, 10:41
Nach oben

Beitragvon Fleischer am 01.03.2007, 20:02

datfindbat= http://www.virus-protect.org/datfindbat.html

Das war zumindest ein Teil davon, nur würde ich gerne sicher gehen, wenn es um Spam geht.
Fleischer
 
Beiträge: 25
Registriert: 22.10.2004, 19:22
Nach oben

Beitragvon leute am 01.03.2007, 20:12

so also hier mal der datfindbat report:


Volume in Laufwerk C: hat keine Bezeichnung.
Volumeseriennummer: 4833-5A7C

Verzeichnis von C:\WINDOWS\system32

01.03.2007 18:42 2'422 wpa.dbl
01.03.2007 18:04 274'968 FNTCACHE.DAT
01.03.2007 00:09 9'857 jupdate-1.5.0_11-b03.log
21.02.2007 22:45 403'968 perfh009.dat
21.02.2007 22:45 63'188 perfc009.dat
21.02.2007 22:45 418'980 perfh007.dat
21.02.2007 22:45 76'006 perfc007.dat
21.02.2007 22:45 967'348 PerfStringBackup.INI
18.02.2007 11:38 34'308 BASSMOD.dll
07.02.2007 18:22 3'074 secure32.html
04.02.2007 20:29 30'720 xcopy.exe
04.02.2007 20:29 32'256 wupdmgr.exe
04.02.2007 20:29 114'688 wscript.exe
04.02.2007 20:29 13'824 wscntfy.exe
04.02.2007 20:29 5'632 write.exe
04.02.2007 20:29 32'256 wpnpinst.exe
04.02.2007 20:29 32'256 wpabaln.exe
04.02.2007 20:29 171'520 wjview.exe
04.02.2007 20:29 5'632 winver.exe
04.02.2007 20:29 11'776 winmsd.exe
04.02.2007 20:29 120'320 winmine.exe
04.02.2007 20:29 8'192 winhlp32.exe
04.02.2007 20:29 67'072 wextract.exe
04.02.2007 20:29 38'912 wdfmgr.exe
04.02.2007 20:29 51'712 w32tm.exe
04.02.2007 20:29 292'864 vssvc.exe
04.02.2007 20:29 33'792 vssadmin.exe
04.02.2007 20:29 102'912 verifier.exe
04.02.2007 20:29 28'672 verclsid.exe
04.02.2007 20:29 47'104 uwdf.exe
04.02.2007 20:29 69'632 usrshuta.exe
04.02.2007 20:29 61'440 usrprbda.exe
04.02.2007 20:29 77'824 usrmlnka.exe
04.02.2007 20:29 25'088 userinit.exe
04.02.2007 20:29 18'432 ups.exe
04.02.2007 20:29 16'896 upnpcont.exe
04.02.2007 20:29 4'096 unlodctr.exe
04.02.2007 20:29 17'920 tsshutdn.exe
04.02.2007 20:29 16'384 tskill.exe
04.02.2007 20:29 15'360 tsdiscon.exe
04.02.2007 20:29 44'544 tscupgrd.exe
04.02.2007 20:29 15'360 tscon.exe
04.02.2007 20:29 32'256 tracert6.exe
04.02.2007 20:29 12'800 tracert.exe
04.02.2007 20:29 17'408 tftp.exe
04.02.2007 20:29 78'336 telnet.exe
04.02.2007 20:29 19'456 tcpsvcs.exe
04.02.2007 20:29 13'312 tcmsetup.exe
04.02.2007 20:29 140'800 taskmgr.exe
04.02.2007 20:29 15'872 taskman.exe
04.02.2007 20:29 3'072 systray.exe
04.02.2007 20:29 108'032 sysocmgr.exe
04.02.2007 20:29 38'400 syskey.exe
04.02.2007 20:29 51'200 syncapp.exe
04.02.2007 20:29 9'216 subst.exe
04.02.2007 20:29 14'848 stimon.exe
04.02.2007 20:29 684'032 sstext3d.scr
04.02.2007 20:29 14'848 ssstars.scr
04.02.2007 20:29 610'304 sspipes.scr
04.02.2007 20:29 18'944 ssmyst.scr
04.02.2007 20:29 47'104 ssmypics.scr
04.02.2007 20:29 20'992 ssmarque.scr
04.02.2007 20:29 393'216 ssflwbox.scr
04.02.2007 20:29 19'968 ssbezier.scr
04.02.2007 20:29 708'608 ss3dfo.scr
04.02.2007 20:29 57'856 spoolsv.exe
04.02.2007 20:29 11'776 spnpinst.exe
04.02.2007 20:29 539'136 spider.exe
04.02.2007 20:29 24'576 sort.exe
04.02.2007 20:29 57'344 sol.exe
04.02.2007 20:29 94'208 smlogsvc.exe
04.02.2007 20:29 8'192 smbinst.exe
04.02.2007 20:29 26'112 skeys.exe
04.02.2007 20:29 71'168 sigverif.exe
04.02.2007 20:29 20'992 shutdown.exe
04.02.2007 20:29 78'336 shrpubw.exe
04.02.2007 20:29 42'496 shmgrate.exe
04.02.2007 20:29 15'360 shadow.exe
04.02.2007 20:29 9'728 sfc.exe
04.02.2007 20:29 23'040 setup.exe
04.02.2007 20:29 32'768 sethc.exe
04.02.2007 20:29 142'848 sessmgr.exe
04.02.2007 20:29 78'336 sdbinst.exe
04.02.2007 20:29 9'216 scrnsave.scr
04.02.2007 20:29 99'840 scardsvr.exe
04.02.2007 20:29 31'232 sc.exe
04.02.2007 20:29 13'312 savedump.exe
04.02.2007 20:29 16'384 rwinsta.exe
04.02.2007 20:29 14'336 runonce.exe
04.02.2007 20:29 16'896 runas.exe
04.02.2007 20:29 78'848 rtcshare.exe
04.02.2007 20:29 132'608 rsvp.exe
04.02.2007 20:29 49'664 rsmui.exe
04.02.2007 20:29 24'576 rsmsink.exe
04.02.2007 20:29 54'784 rsm.exe
04.02.2007 20:29 15'360 rsh.exe
04.02.2007 20:29 25'600 routemon.exe
04.02.2007 20:29 21'504 route.exe
04.02.2007 20:29 14'848 rexec.exe
04.02.2007 20:29 10'240 reset.exe
04.02.2007 20:29 12'800 replace.exe
04.02.2007 20:29 4'608 regwiz.exe
04.02.2007 20:29 12'288 regsvr32.exe
04.02.2007 20:29 33'792 regini.exe
04.02.2007 20:29 3'584 regedt32.exe
04.02.2007 20:29 53'248 reg.exe
04.02.2007 20:29 7'168 recover.exe
04.02.2007 20:29 67'072 rdshost.exe
04.02.2007 20:29 13'824 rdsaddin.exe
04.02.2007 20:29 62'464 rdpclip.exe
04.02.2007 20:29 22'528 rcp.exe
04.02.2007 20:29 57'344 rasphone.exe
04.02.2007 20:29 11'776 rasdial.exe
04.02.2007 20:29 11'776 rasautou.exe
04.02.2007 20:29 22'528 qwinsta.exe
04.02.2007 20:29 20'480 qprocess.exe
04.02.2007 20:29 17'408 qappsrv.exe
04.02.2007 20:29 9'728 proxycfg.exe
04.02.2007 20:29 50'688 proquota.exe
04.02.2007 20:29 109'568 progman.exe
04.02.2007 20:29 9'216 print.exe
04.02.2007 20:29 49'152 powercfg.exe
04.02.2007 20:29 33'792 ping6.exe
04.02.2007 20:29 18'944 ping.exe
04.02.2007 20:29 15'872 perfmon.exe
04.02.2007 20:29 15'360 pentnt.exe
04.02.2007 20:29 22'528 pathping.exe
04.02.2007 20:29 59'904 packager.exe
04.02.2007 20:29 41'984 osuninst.exe
04.02.2007 20:28 69'632 odbcconf.exe
04.02.2007 20:28 421'376 ntvdm.exe
04.02.2007 20:28 31'744 ntsd.exe
04.02.2007 20:28 80'896 nslookup.exe
04.02.2007 20:28 37'376 netstat.exe
04.02.2007 20:28 88'064 netsh.exe
04.02.2007 20:28 333'312 netsetup.exe
04.02.2007 20:28 114'176 netdde.exe
04.02.2007 20:28 124'928 net1.exe
04.02.2007 20:28 42'496 net.exe
04.02.2007 20:28 4'096 nddeapir.exe
04.02.2007 20:28 21'504 nbtstat.exe
04.02.2007 20:28 55'296 narrator.exe
04.02.2007 20:28 12'288 mstinit.exe
04.02.2007 20:28 6'656 msswchx.exe
04.02.2007 20:28 29'184 mshta.exe
04.02.2007 20:28 128'000 mshearts.exe
04.02.2007 20:28 22'528 msg.exe
04.02.2007 20:28 6'144 msdtc.exe
04.02.2007 20:28 13'824 mrinfo.exe
04.02.2007 20:28 22'016 mpnotify.exe
04.02.2007 20:28 124'928 mplay32.exe
04.02.2007 20:28 8'192 mountvol.exe
04.02.2007 20:28 32'768 mnmsrvc.exe
04.02.2007 20:28 815'616 mmc.exe
04.02.2007 20:28 52'736 migpwd.exe
04.02.2007 20:28 85'504 makecab.exe
04.02.2007 20:28 8'704 lpr.exe
04.02.2007 20:28 6'144 lpq.exe
04.02.2007 20:28 515'072 logonui.exe
04.02.2007 20:28 220'672 logon.scr
04.02.2007 20:28 15'872 logoff.exe
04.02.2007 20:28 61'440 logman.exe
04.02.2007 20:28 96'768 logagent.exe
04.02.2007 20:28 5'120 lodctr.exe
04.02.2007 20:28 75'264 locator.exe
04.02.2007 20:28 27'136 lnkstub.exe
04.02.2007 20:28 30'208 lights.exe
04.02.2007 20:28 9'728 label.exe
04.02.2007 20:28 172'032 jview.exe
04.02.2007 20:28 14'848 jdbgmgr.exe
04.02.2007 20:28 24'064 ipxroute.exe
04.02.2007 20:28 53'248 ipv6.exe
04.02.2007 20:28 46'080 ipsec6.exe
04.02.2007 20:28 58'368 ipconfig.exe
04.02.2007 20:28 150'016 imapi.exe
04.02.2007 20:28 114'688 iexpress.exe
04.02.2007 20:28 34'304 ie4uinit.exe
04.02.2007 20:28 8'704 hostname.exe
04.02.2007 20:28 16'384 help.exe
04.02.2007 20:28 61'952 Hdaudpropshortcut.exe
04.02.2007 20:28 39'424 grpconv.exe
04.02.2007 20:28 45'056 ftp.exe
04.02.2007 20:28 59'904 fsutil.exe
04.02.2007 20:28 193'024 fsquirt.exe
04.02.2007 20:28 55'808 freecell.exe
04.02.2007 20:28 7'168 forcedos.exe
04.02.2007 20:28 21'504 fontview.exe
04.02.2007 20:28 23'040 fltmc.exe
04.02.2007 20:28 3'072 fixmapi.exe
04.02.2007 20:28 9'728 finger.exe
04.02.2007 20:28 28'160 findstr.exe
04.02.2007 20:28 9'216 find.exe
04.02.2007 20:28 14'848 fc.exe
04.02.2007 20:28 45'568 extrac32.exe
04.02.2007 20:28 16'896 expand.exe
04.02.2007 20:28 9'216 eventvwr.exe
04.02.2007 20:28 195'584 eudcedit.exe
04.02.2007 20:28 39'424 esentutl.exe
04.02.2007 20:28 1'298'432 dxdiag.exe
04.02.2007 20:28 180'224 dwwin.exe
04.02.2007 20:28 17'920 dvdupgrd.exe
04.02.2007 20:28 57'856 dvdplay.exe
04.02.2007 20:28 10'752 dumprep.exe
04.02.2007 20:28 47'104 drwtsn32.exe
04.02.2007 20:28 83'456 dpvsetup.exe
04.02.2007 20:28 18'432 dpnsvr.exe
04.02.2007 20:28 30'208 dplaysvr.exe
04.02.2007 20:28 10'752 doskey.exe
04.02.2007 20:28 15'872 dmremote.exe
04.02.2007 20:28 225'280 dmadmin.exe
04.02.2007 20:28 4'608 dllhst3g.exe
04.02.2007 20:28 5'120 dllhost.exe
04.02.2007 20:26 18'432 diskperf.exe
04.02.2007 20:26 169'984 diskpart.exe
04.02.2007 20:26 85'504 diantz.exe
04.02.2007 20:26 104'960 dfrgntfs.exe
04.02.2007 20:26 82'432 dfrgfat.exe
04.02.2007 20:26 25'088 defrag.exe
04.02.2007 20:26 31'744 ddeshare.exe
04.02.2007 20:26 5'120 dcomcnfg.exe
04.02.2007 20:26 15'360 ctfmon.exe
04.02.2007 20:26 98'304 cscript.exe
04.02.2007 20:26 13'824 convert.exe
04.02.2007 20:26 27'648 conime.exe
04.02.2007 20:26 18'432 compact.exe
04.02.2007 20:26 15'872 comp.exe
04.02.2007 20:26 65'536 cmstp.exe
04.02.2007 20:26 40'960 cmmon32.exe
04.02.2007 20:26 233'472 cmirmdrv.exe
04.02.2007 20:26 47'104 cmdl32.exe
04.02.2007 20:26 49'152 clspack.exe
04.02.2007 20:26 33'280 clipsrv.exe
04.02.2007 20:26 104'448 clipbrd.exe
04.02.2007 20:26 20'480 cliconfg.exe
04.02.2007 20:26 7'680 ckcnv.exe
04.02.2007 20:26 5'632 cisvc.exe
04.02.2007 20:26 8'192 cidaemon.exe
04.02.2007 20:26 11'264 chkntfs.exe
04.02.2007 20:26 11'776 chkdsk.exe
04.02.2007 20:26 18'944 cacls.exe
04.02.2007 20:26 5'120 bootvrfy.exe
04.02.2007 20:26 4'608 bootok.exe
04.02.2007 20:26 71'680 blastcln.exe
04.02.2007 20:26 14'336 auditusr.exe
04.02.2007 20:26 11'264 attrib.exe
04.02.2007 20:26 11'264 atmadm.exe
04.02.2007 20:26 520'192 ati2sgag.exe
04.02.2007 20:26 26'112 Ati2mdxx.exe
04.02.2007 20:26 434'176 ati2evxx.exe
04.02.2007 20:26 25'600 at.exe
04.02.2007 20:26 19'968 arp.exe
04.02.2007 20:26 44'544 alg.exe
04.02.2007 20:26 98'304 ahui.exe
04.02.2007 20:26 4'096 actmovie.exe
04.02.2007 20:17 8'192 control.exe
04.02.2007 20:10 139'776 sndvol32.exe
04.02.2007 20:10 133'120 sndrec32.exe
04.02.2007 20:10 80'896 charmap.exe
04.02.2007 20:10 66'048 cleanmgr.exe
04.02.2007 20:10 437'760 wiaacmgr.exe
04.02.2007 20:10 114'688 calc.exe
04.02.2007 20:10 346'624 mspaint.exe
04.02.2007 20:10 412'672 mstsc.exe
04.02.2007 20:10 188'416 accwiz.exe
04.02.2007 20:10 32'768 odbcad32.exe
04.02.2007 20:10 78'848 msiexec.exe
04.02.2007 20:10 33'792 rundll32.exe
04.02.2007 20:10 347'136 tourstart.exe
04.02.2007 20:10 144'384 mobsync.exe
04.02.2007 20:10 50'176 utilman.exe
04.02.2007 20:10 216'576 osk.exe
04.02.2007 20:10 73'216 magnify.exe
04.02.2007 20:10 401'408 cmd.exe
04.02.2007 20:10 70'144 notepad.exe
04.02.2007 20:10 35'840 rcimlby.exe
03.02.2007 13:14 664 d3d9caps.dat
27.01.2007 19:01 108'144 CmdLineExt.dll
26.01.2007 18:09 413'696 wrap_oal.dll
26.01.2007 18:09 86'016 OpenAL32.dll
16.01.2007 23:48 9'132 jupdate-1.5.0_10-b03.log
14.01.2007 13:06 2'422 wpa.bak
14.01.2007 12:57 261 $winnt$.inf
14.01.2007 12:55 2'951 CONFIG.NT
14.01.2007 12:55 23'392 nscompat.tlb
14.01.2007 12:55 16'832 amcompat.tlb
14.01.2007 12:55 488 WindowsLogon.manifest
14.01.2007 12:55 488 logonui.exe.manifest
14.01.2007 12:54 749 nwc.cpl.manifest
14.01.2007 12:54 749 sapi.cpl.manifest
14.01.2007 12:54 749 cdplayer.exe.manifest
14.01.2007 12:54 749 wuaucpl.cpl.manifest
14.01.2007 12:54 749 ncpa.cpl.manifest
14.01.2007 12:53 21'740 emptyregdb.dat
14.01.2007 12:51 0 h323log.txt
02.01.2007 15:19 10'980'776 MRT.exe
17.12.2006 03:50 263'168 ati2dvag.dll
17.12.2006 03:44 118'784 atipdlxx.dll
17.12.2006 03:44 102'400 Oemdspif.dll
17.12.2006 03:44 42'496 ati2edxx.dll
17.12.2006 03:44 110'592 ati2evxx.dll
17.12.2006 03:42 53'248 ATIDDC.DLL
17.12.2006 03:41 307'200 atiiiexx.dll
17.12.2006 03:35 2'676'672 ati3duag.dll
17.12.2006 03:30 1'289'472 ativvaxx.dll
17.12.2006 03:30 3'107'788 ativvaxx.dat
17.12.2006 03:23 6'684'672 atioglx1.dll
17.12.2006 03:21 5'304'320 atioglxx.dll
17.12.2006 03:17 241'664 atikvmag.dll
17.12.2006 03:16 303'104 ATIDEMGR.dll
17.12.2006 03:16 17'408 atitvo32.dll
17.12.2006 03:10 315'392 ati2cqag.dll
15.12.2006 03:09 127'078 javaws.exe
15.12.2006 03:09 49'265 jpicpl32.cpl
15.12.2006 01:31 53'346 javaw.exe
15.12.2006 01:30 49'248 java.exe
12.12.2006 14:15 845'312 Smab.dll
08.12.2006 12:02 251'672 xactengine2_5.dll
07.12.2006 06:29 2'374'472 wmvcore.dll
06.12.2006 03:30 106'496 atinppt2.ax



Volume in Laufwerk C: hat keine Bezeichnung.
Volumeseriennummer: 4833-5A7C

Verzeichnis von C:\DOKUME~1\leute\LOKALE~1\Temp

01.03.2007 18:47 8'795 jusched.log
01.03.2007 18:44 16'384 ~DF5816.tmp
01.03.2007 18:26 16'384 ~DF2210.tmp
01.03.2007 17:58 15'016 adf0_appcompat.txt
01.03.2007 17:57 15'016 1116_appcompat.txt
01.03.2007 17:04 15'016 4621_appcompat.txt
01.03.2007 00:09 792 java_install_reg.log
01.03.2007 00:09 0 java_install.log
01.03.2007 00:08 1'156 jinstall.cfg
28.02.2007 22:48 152 BsSndRpt.ini
28.02.2007 22:48 197 bugsplat.log
28.02.2007 22:48 50'297 SupremeCommander5LVD1Q16.dmp
26.02.2007 17:32 123 CFGFB3.tmp
26.02.2007 06:49 73'276 ~e5.0001
23.02.2007 20:40 2 Twain001.Mtx
23.02.2007 20:40 0 Twunk002.MTX
23.02.2007 20:40 290 TWAIN.LOG
23.02.2007 20:40 156 Twunk001.MTX
23.02.2007 18:55 4'046 WcesView.log
21.02.2007 22:55 117'760 1a047604.mst
21.02.2007 22:55 117'760 312ba0ad.mst
21.02.2007 22:54 205'312 1a007f10.mst
21.02.2007 22:47 107'512 Set962.tmp
21.02.2007 22:41 89'172 SetupExe(20070221223050BF0).log
21.02.2007 22:15 12'610 SetupExe(20070221221243C60).log
21.02.2007 22:10 34'920 SetupExe(20070221200003E08).log
17.02.2007 19:20 107'512 Set406.tmp
17.02.2007 16:32 0 wlx33E.tmp
16.02.2007 21:25 16'384 ~DFA487.tmp
16.02.2007 18:04 13'592 temp.ani
16.02.2007 17:51 65'536 drm_dialogs.dll
15.02.2007 17:05 16'384 ~DF2CE8.tmp
11.02.2007 14:38 11'251'688 MSI179.tmp
11.02.2007 10:17 283 wahtmltmp00.htm
11.02.2007 09:03 151 WCESCOMM.LOG
10.02.2007 19:22 16'384 ~DFB7BD.tmp
09.02.2007 18:13 16'384 ~DF9654.tmp
09.02.2007 18:12 1'353 MCCUnInstall.log
09.02.2007 05:48 1'170 langpackSetup.log
09.02.2007 05:48 384'432 langpackMsi.log
07.02.2007 20:09 13'444 eb7b_appcompat.txt
05.02.2007 21:21 16'384 ~DF26D2.tmp
05.02.2007 20:00 16'384 ~DF26A2.tmp
05.02.2007 19:49 16'384 ~DFD7E7.tmp
05.02.2007 19:47 6'677 Report.xml
05.02.2007 19:47 7'765 MCCInstall.log
05.02.2007 19:46 3'528'482 Install.wse.exe
05.02.2007 05:27 107'512 Set2A3.tmp
04.02.2007 20:12 102'400 MCCCleanup.exe
04.02.2007 18:47 462 MSIb4f6e.LOG
03.02.2007 13:31 16'384 ~DFB243.tmp
03.02.2007 13:27 8 dbisam.lck
30.01.2007 16:25 16'384 ~DF8A26.tmp
29.01.2007 16:55 102'400 bas487.tmp
29.01.2007 16:53 102'400 bas486.tmp
29.01.2007 16:52 102'400 bas485.tmp
27.01.2007 19:01 208'896 drm_dyndata_7300013.dll
26.01.2007 18:23 25'088 12080.idx
26.01.2007 18:08 266'240 STP1E.tmp
18.01.2007 20:32 251'656 AutoDL%3FBundleId=11026_b197d946.exe
13.01.2007 06:58 450'560 _isF9A.exe
05.12.2006 00:42 82'432 12020fd.mst



Volume in Laufwerk C: hat keine Bezeichnung.
Volumeseriennummer: 4833-5A7C

Verzeichnis von C:\WINDOWS

01.03.2007 18:42 0 0.log
01.03.2007 18:42 159 wiadebug.log
01.03.2007 18:42 50 wiaservc.log
01.03.2007 18:42 2'048 bootstat.dat
01.03.2007 18:41 10'680 SchedLgU.Txt
01.03.2007 18:40 985'087 WindowsUpdate.log
01.03.2007 18:21 64'748 wmsetup.log
01.03.2007 18:12 250 gmer.ini
01.03.2007 18:12 92'914 ntbtlog.txt
01.03.2007 18:12 553'022 gmer.dll
01.03.2007 05:43 402'229 DirectX.log
28.02.2007 22:48 290'531 setupapi.log
21.02.2007 22:54 316'640 WMSysPr9.prx
21.02.2007 22:33 580 win.ini
10.02.2007 18:41 7'429 Ascd_tmp.ini
07.02.2007 19:49 26'499 VFLog.dat
04.02.2007 22:53 187'924 setupact.log
04.02.2007 20:29 288'768 winhlp32.exe
04.02.2007 20:29 25'600 twunk_32.exe
04.02.2007 20:29 15'872 TASKMAN.EXE
04.02.2007 20:24 46'080 setdebug.exe
04.02.2007 20:24 153'600 regedit.exe
04.02.2007 20:24 70'144 NOTEPAD.EXE
04.02.2007 20:24 328'704 IsUn0407.exe
04.02.2007 20:23 10'752 hh.exe
04.02.2007 20:20 53'248 bdoscandel.exe
29.01.2007 16:52 4'161 ODBCINST.INI
28.01.2007 13:59 689 DIFx.log
25.01.2007 20:03 618 eReg.dat
22.01.2007 22:18 2'510 Microsoft.MIF
22.01.2007 22:18 2'464 $_hpcst$.hpc
15.01.2007 18:12 66'516 iis6.log
15.01.2007 18:12 151'249 comsetup.log
15.01.2007 18:12 89'931 ntdtcsetup.log
15.01.2007 18:12 164'020 tsoc.log
15.01.2007 18:12 1'374 imsins.log
15.01.2007 18:12 23'457 ocmsn.log
15.01.2007 18:12 11'750 KB900485.log
15.01.2007 18:12 21'247 msgsocm.log
15.01.2007 18:12 207'141 ocgen.log
15.01.2007 18:12 419'595 FaxSetup.log
15.01.2007 18:09 47'745 KB923689.log
15.01.2007 18:09 23'732 updspapi.log
15.01.2007 18:08 1'374 imsins.BAK
15.01.2007 18:08 12'208 KB920872.log
14.01.2007 23:18 1'815'177 setupapi.log.0.old
14.01.2007 22:38 227 system.ini
14.01.2007 19:23 1'454 COM+.log
14.01.2007 19:17 5'144 KB835221.log
14.01.2007 18:12 1'550 ATIWDM.LOG
14.01.2007 17:57 19'415 KB893803v2.log
14.01.2007 15:32 28 HSoftdb.hur
14.01.2007 15:05 0 Unsetup.INI
14.01.2007 14:19 0 hosts
14.01.2007 13:37 922 spupdsvc.log
14.01.2007 13:35 57'399 KB929969.log
14.01.2007 13:35 1'187 ie7_main.log
14.01.2007 13:34 37'991 KB925398.log
14.01.2007 13:34 54'223 KB923694.log
14.01.2007 13:34 54'363 KB926255.log
14.01.2007 13:34 56'186 KB923980.log
14.01.2007 13:34 54'586 KB925454.log
14.01.2007 13:34 50'982 KB924270.log
14.01.2007 13:34 48'159 KB920213.log
14.01.2007 13:34 41'585 KB922819.log
14.01.2007 13:34 38'857 KB924191.log
14.01.2007 13:34 40'302 KB923191.log
14.01.2007 13:33