hallo zusammen

hab inzwischen Spybot, Nod32 Taskmanager etc drüberlaufen zu lassen

es gibt eine svchost.exe wenn ich diesen prozess beende läuft alles tadellos
nur finde ich diese exe nicht im Windows/System, odner, was tun??

kA was ich noch probieren soll

bringt es was ein log zu erstellen wenn ich den prozess schon beendet habe?

gruß

WoO

hallo,bitte den pc neu starten und dann ein neues logfile erstellen,dann wenn dein system auf 100% Auslastung ist...

in welchem genauem Pfad ist die svchost.exe?


Grüsse

Welche Datei verursacht die Auslastung???

svchost.exe oder vielleicht doch:

svhost.exe, svchosts.exe, syshost.exe oder svchost2.exe

Erstelle ein HJT log wenn die Auslastung hoch ist und lasse die betreffende Datei auf Virustotal auswerten und poste den Bericht. Beachte den link aus meiner Signatur zum Suchen von Dateien..
Solltest du die Datei nicht finden, lasse bitte die ersten vier Progs dieser Anleitung laufen; poste die logs und versuche es nochmal...


Gruß

Undoreal

hallo erstmal danke für die hilfe

mein hijack log ist das hier

Logfile of HijackThis v1.99.1
Scan saved at 09:03:24, on 24.05.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\avpm.exe
C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe
C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Programme\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\Explorer.EXE
C:\Programme\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Programme\Analog Devices\SoundMAX\Smax4.exe
C:\WINDOWS\TBPanel.exe
C:\Programme\Thrustmaster\FunAccess\PSPAP.exe
C:\Programme\Java\jre1.6.0_01\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\Spybot - Search & Destroy\TeaTimer.exe
C:\Programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Programme\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\AvpM.exe
C:\WINDOWS\system32\rundll32.exe
C:\Dokumente und Einstellungen\admin\Desktop\HijackThis.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\taskmgr.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.at/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {D80C4E21-C346-4E21-8E64-20746AA20AEB} - (no file)
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Programme\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Programme\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [GAINWARD] C:\WINDOWS\TBPanel.exe /A
O4 - HKLM\..\Run: [PSPAP] C:\Programme\Thrustmaster\FunAccess\PSPAP.exe min
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programme\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [nod32kui] "C:\Programme\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programme\Spybot - Search & Destroy\TeaTimer.exe
O4 - Startup: PowerReg Scheduler.exe
O4 - Global Startup: Adobe Reader - Schnellstart.lnk = C:\Programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Kaspersky Anti-Virus Monitor.lnk = C:\Programme\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\AvpM.exe
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZNfox000
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra button: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52/20041101/qtinstall.info.apple.com/pthalo/de/win/QuickTimeInstaller.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1095921963531
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1139387790031
O16 - DPF: {88D969C0-F192-11D4-A65F-0040963251E5} (XML DOM Document 4.0) - file://C:\TempEI4\EI40_\msxml4.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab31267.cab
O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab31267.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: KAV Monitor Service (KAVMonitorService) - Unknown owner - C:\Programme\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\avpm.exe" /service (file missing)
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Unknown owner - C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Programme\Gemeinsame Dateien\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PACSPTISVR - Unknown owner - C:\Programme\Gemeinsame Dateien\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: SonicStage Back-End Service - Sony Corporation - C:\Programme\Gemeinsame Dateien\Sony Shared\AVLib\SsBeSvc.exe
O23 - Service: Sony SCSI Helper Service - Sony Corporation - C:\Programme\Gemeinsame Dateien\Sony Shared\Fsk\SonySCSIHelperService.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Programme\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Programme\Gemeinsame Dateien\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Programme\Gemeinsame Dateien\Sony Shared\AVLib\SSScsiSV.exe

Virus total sagt das hier

AhnLab-V3 2007.5.24.0 05.23.2007 no virus found
AntiVir 7.4.0.27 05.24.2007 no virus found
Authentium 4.93.8 05.23.2007 no virus found
Avast 4.7.997.0 05.24.2007 no virus found
AVG 7.5.0.467 05.23.2007 no virus found
BitDefender 7.2 05.24.2007 no virus found
CAT-QuickHeal 9.00 05.23.2007 no virus found
ClamAV devel-20070416 05.24.2007 no virus found
DrWeb 4.33 05.24.2007 no virus found
eSafe 7.0.15.0 05.21.2007 no virus found
eTrust-Vet 30.7.3658 05.24.2007 no virus found
Ewido 4.0 05.23.2007 no virus found
FileAdvisor 1 05.24.2007 no virus found
Fortinet 2.85.0.0 05.24.2007 no virus found
F-Prot 4.3.2.48 05.23.2007 no virus found
F-Secure 6.70.13030.0 05.24.2007 no virus found
Ikarus T3.1.1.8 05.24.2007 no virus found
Kaspersky 4.0.2.24 05.24.2007 no virus found
McAfee 5037 05.23.2007 no virus found
Microsoft 1.2503 05.22.2007 no virus found
NOD32v2 2287 05.23.2007 no virus found
Norman 5.80.02 05.23.2007 no virus found
Panda 9.0.0.4 05.23.2007 no virus found
Prevx1 V2 05.24.2007 no virus found
Sophos 4.17.0 05.23.2007 no virus found
Sunbelt 2.2.907.0 05.24.2007 no virus found
Symantec 10 05.24.2007 no virus found
TheHacker 6.1.6.121 05.23.2007 no virus found
VBA32 3.12.0 05.23.2007 no virus found
VirusBuster 4.3.23:9 05.23.2007 no virus found
Webwasher-Gateway 6.0.1 05.24.2007 no virus found

Aditional Information
File size: 7423 bytes
MD5: d5e1f19fcf16c385fc0b74830c43a01f
SHA1: 43809ed7033f3bd129b03b7509c9cac4f1b9eb3d

Rootkit sagt dat:

Hat nichts gefunden und das file hat er nicht gespeichert?!


laut Blacklight:

05/24/07 09:56:52 [Info]: BlackLight Engine 1.0.61 initialized
05/24/07 09:56:52 [Info]: OS: 5.1 build 2600 (Service Pack 2)
05/24/07 09:56:52 [Note]: 7019 4
05/24/07 09:56:52 [Note]: 7005 0
05/24/07 09:56:54 [Note]: 7006 0
05/24/07 09:56:54 [Note]: 7011 240
05/24/07 09:56:55 [Note]: 7026 0
05/24/07 09:56:55 [Note]: 7026 0
05/24/07 09:57:03 [Note]: FSRAW library version 1.7.1021
05/24/07 10:08:23 [Note]: 7007 0

Sophos:

nichts gefunden
Sophos Anti-Rootkit Version 1.3 (data 1.06) (c) 2006 Sophos Plc
Started logging on 24.05.2007 at 10:14:14
Stopped logging on 24.05.2007 at 10:21:40

gmer:

GMER 1.0.12.12244 - http://www.gmer.net
Rootkit scan 2007-05-24 11:07:18
Windows 5.1.2600 Service Pack 2


---- System - GMER 1.0.12 ----

SSDT \??\C:\WINDOWS\System32\Drivers\klif.sys ZwClose
SSDT sptd.sys ZwCreateKey
SSDT \??\C:\WINDOWS\System32\Drivers\klif.sys ZwCreateProcess
SSDT \??\C:\WINDOWS\System32\Drivers\klif.sys ZwCreateProcessEx
SSDT \??\C:\WINDOWS\System32\Drivers\klif.sys ZwCreateSection
SSDT sptd.sys ZwEnumerateKey
SSDT sptd.sys ZwEnumerateValueKey
SSDT sptd.sys ZwOpenKey
SSDT \??\C:\WINDOWS\System32\Drivers\klif.sys ZwOpenProcess
SSDT \??\C:\WINDOWS\System32\Drivers\klif.sys ZwQueryInformationFile
SSDT sptd.sys ZwQueryKey
SSDT sptd.sys ZwQueryValueKey
SSDT \??\C:\WINDOWS\System32\Drivers\klif.sys ZwSetInformationProcess
SSDT sptd.sys ZwSetValueKey
SSDT \??\C:\WINDOWS\System32\Drivers\klif.sys ZwTerminateProcess
SSDT \??\C:\WINDOWS\System32\Drivers\klif.sys SSDT[284]
SSDT \??\C:\WINDOWS\System32\Drivers\klif.sys SSDT[285]
SSDT \??\C:\WINDOWS\System32\Drivers\klif.sys SSDT[286]
SSDT \??\C:\WINDOWS\System32\Drivers\klif.sys SSDT[287]
SSDT \??\C:\WINDOWS\System32\Drivers\klif.sys SSDT[288]
SSDT \??\C:\WINDOWS\System32\Drivers\klif.sys SSDT[289]
SSDT \??\C:\WINDOWS\System32\Drivers\klif.sys SSDT[290]
SSDT \??\C:\WINDOWS\System32\Drivers\klif.sys SSDT[291]
SSDT \??\C:\WINDOWS\System32\Drivers\klif.sys SSDT[292]
SSDT \??\C:\WINDOWS\System32\Drivers\klif.sys SSDT[293]
SSDT \??\C:\WINDOWS\System32\Drivers\klif.sys SSDT[294]
SSDT \??\C:\WINDOWS\System32\Drivers\klif.sys SSDT[295]
SSDT \??\C:\WINDOWS\System32\Drivers\klif.sys SSDT[296]

---- Kernel code sections - GMER 1.0.12 ----

.text ntoskrnl.exe!KiDispatchInterrupt + BA 804DB92E 7 Bytes JMP F4290128 \??\C:\WINDOWS\System32\Drivers\klif.sys
? C:\WINDOWS\system32\drivers\sptd.sys Der Prozess kann nicht auf die Datei zugreifen, da sie von einem anderen Prozess verwendet wird.
? C:\WINDOWS\System32\Drivers\SPTD2301.SYS Der Prozess kann nicht auf die Datei zugreifen, da sie von einem anderen Prozess verwendet wird.
? C:\WINDOWS\System32\Drivers\dtscsi.sys Der Prozess kann nicht auf die Datei zugreifen, da sie von einem anderen Prozess verwendet wird.
? C:\WINDOWS\System32\DRIVERS\update.sys
? C:\WINDOWS\system32\Drivers\RKREVEAL150.SYS Das System kann die angegebene Datei nicht finden.
? C:\WINDOWS\system32\99.tmp Das System kann die angegebene Datei nicht finden.

---- Devices - GMER 1.0.12 ----

Device \FileSystem\Ntfs \Ntfs IRP_MJ_CREATE 82F8CE30
Device \FileSystem\Ntfs \Ntfs IRP_MJ_CLOSE 82F8CE30
Device \FileSystem\Ntfs \Ntfs IRP_MJ_READ 82F8CE30
Device \FileSystem\Ntfs \Ntfs IRP_MJ_WRITE 82F8CE30
Device \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_INFORMATION 82F8CE30
Device \FileSystem\Ntfs \Ntfs IRP_MJ_SET_INFORMATION 82F8CE30
Device \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_EA 82F8CE30
Device \FileSystem\Ntfs \Ntfs IRP_MJ_SET_EA 82F8CE30
Device \FileSystem\Ntfs \Ntfs IRP_MJ_FLUSH_BUFFERS 82F8CE30
Device \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_VOLUME_INFORMATION 82F8CE30
Device \FileSystem\Ntfs \Ntfs IRP_MJ_SET_VOLUME_INFORMATION 82F8CE30
Device \FileSystem\Ntfs \Ntfs IRP_MJ_DIRECTORY_CONTROL 82F8CE30
Device \FileSystem\Ntfs \Ntfs IRP_MJ_FILE_SYSTEM_CONTROL 82F8CE30
Device \FileSystem\Ntfs \Ntfs IRP_MJ_DEVICE_CONTROL 82F8CE30
Device \FileSystem\Ntfs \Ntfs IRP_MJ_SHUTDOWN 82F8CE30
Device \FileSystem\Ntfs \Ntfs IRP_MJ_LOCK_CONTROL 82F8CE30
Device \FileSystem\Ntfs \Ntfs IRP_MJ_CLEANUP 82F8CE30
Device \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_SECURITY 82F8CE30
Device \FileSystem\Ntfs \Ntfs IRP_MJ_SET_SECURITY 82F8CE30
Device \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_QUOTA 82F8CE30
Device \FileSystem\Ntfs \Ntfs IRP_MJ_SET_QUOTA 82F8CE30
Device \FileSystem\Ntfs \Ntfs IRP_MJ_PNP 82F8CE30
Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_CREATE 82FD7710
Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_CLOSE 82FD7710
Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_READ 82FD7710
Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_WRITE 82FD7710
Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_FLUSH_BUFFERS 82FD7710
Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_DEVICE_CONTROL 82FD7710
Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_INTERNAL_DEVICE_CONTROL 82FD7710
Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_SHUTDOWN 82FD7710
Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_POWER 82FD7710
Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_SYSTEM_CONTROL 82FD7710
Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_PNP 82FD7710
Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_CREATE 82FD7710
Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_CLOSE 82FD7710
Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_READ 82FD7710
Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_WRITE 82FD7710
Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_FLUSH_BUFFERS 82FD7710
Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_DEVICE_CONTROL 82FD7710
Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_INTERNAL_DEVICE_CONTROL 82FD7710
Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_SHUTDOWN 82FD7710
Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_POWER 82FD7710
Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_SYSTEM_CONTROL 82FD7710
Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_PNP 82FD7710
Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_CREATE 82FD7710
Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_CLOSE 82FD7710
Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_READ 82FD7710
Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_WRITE 82FD7710
Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_FLUSH_BUFFERS 82FD7710
Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_DEVICE_CONTROL 82FD7710
Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_INTERNAL_DEVICE_CONTROL 82FD7710
Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_SHUTDOWN 82FD7710
Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_POWER 82FD7710
Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_SYSTEM_CONTROL 82FD7710
Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_PNP 82FD7710
Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_CREATE 82FD7710
Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_CLOSE 82FD7710
Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_READ 82FD7710
Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_WRITE 82FD7710
Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_FLUSH_BUFFERS 82FD7710
Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_DEVICE_CONTROL 82FD7710
Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_INTERNAL_DEVICE_CONTROL 82FD7710
Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_SHUTDOWN 82FD7710
Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_POWER 82FD7710
Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_SYSTEM_CONTROL 82FD7710
Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_PNP 82FD7710
Device \Driver\NetBT \Device\NetBT_Tcpip_{6ED31B5A-C630-4AE3-A12F-A339A1F4431C} IRP_MJ_CREATE 82C4C0E8
Device \Driver\NetBT \Device\NetBT_Tcpip_{6ED31B5A-C630-4AE3-A12F-A339A1F4431C} IRP_MJ_CLOSE 82C4C0E8
Device \Driver\NetBT \Device\NetBT_Tcpip_{6ED31B5A-C630-4AE3-A12F-A339A1F4431C} IRP_MJ_DEVICE_CONTROL 82C4C0E8
Device \Driver\NetBT \Device\NetBT_Tcpip_{6ED31B5A-C630-4AE3-A12F-A339A1F4431C} IRP_MJ_INTERNAL_DEVICE_CONTROL 82C4C0E8
Device \Driver\NetBT \Device\NetBT_Tcpip_{6ED31B5A-C630-4AE3-A12F-A339A1F4431C} IRP_MJ_CLEANUP 82C4C0E8
Device \Driver\NetBT \Device\NetBT_Tcpip_{6ED31B5A-C630-4AE3-A12F-A339A1F4431C} IRP_MJ_PNP 82C4C0E8
Device \Driver\prodrv06 \Device\ProDrv06 IRP_MJ_CREATE E1950C30
Device \Driver\prodrv06 \Device\ProDrv06 IRP_MJ_CLOSE E1950C30
Device \Driver\prodrv06 \Device\ProDrv06 IRP_MJ_DEVICE_CONTROL E1950C30
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_CREATE 82FD7948
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_READ 82FD7948
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_WRITE 82FD7948
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_FLUSH_BUFFERS 82FD7948
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_DEVICE_CONTROL 82FD7948
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_INTERNAL_DEVICE_CONTROL 82FD7948
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_SHUTDOWN 82FD7948
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_CLEANUP 82FD7948
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_POWER 82FD7948
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_SYSTEM_CONTROL 82FD7948
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_PNP 82FD7948
Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_CREATE 82FD7948
Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_READ 82FD7948
Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_WRITE 82FD7948
Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_FLUSH_BUFFERS 82FD7948
Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_DEVICE_CONTROL 82FD7948
Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_INTERNAL_DEVICE_CONTROL 82FD7948
Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_SHUTDOWN 82FD7948
Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_CLEANUP 82FD7948
Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_POWER 82FD7948
Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_SYSTEM_CONTROL 82FD7948
Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_PNP 82FD7948
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_CREATE 82ABDCF0
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_CLOSE 82ABDCF0
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_READ 82ABDCF0
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_WRITE 82ABDCF0
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_FLUSH_BUFFERS 82ABDCF0
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_DEVICE_CONTROL 82ABDCF0
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_INTERNAL_DEVICE_CONTROL 82ABDCF0
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SHUTDOWN 82ABDCF0
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_POWER 82ABDCF0
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SYSTEM_CONTROL 82ABDCF0
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_PNP 82ABDCF0
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_CREATE 82CA00E8
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_CREATE_NAMED_PIPE 82CA00E8
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_CLOSE 82CA00E8
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_READ 82CA00E8
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_WRITE 82CA00E8
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_QUERY_INFORMATION 82CA00E8
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_SET_INFORMATION 82CA00E8
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_QUERY_EA 82CA00E8
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_SET_EA 82CA00E8
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_FLUSH_BUFFERS 82CA00E8
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_QUERY_VOLUME_INFORMATION 82CA00E8
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_SET_VOLUME_INFORMATION 82CA00E8
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_DIRECTORY_CONTROL 82CA00E8
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_FILE_SYSTEM_CONTROL 82CA00E8
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_DEVICE_CONTROL 82CA00E8
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_INTERNAL_DEVICE_CONTROL 82CA00E8
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_SHUTDOWN 82CA00E8
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_LOCK_CONTROL 82CA00E8
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_CLEANUP 82CA00E8
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_CREATE_MAILSLOT 82CA00E8
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_QUERY_SECURITY 82CA00E8
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_SET_SECURITY 82CA00E8
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_POWER 82CA00E8
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_SYSTEM_CONTROL 82CA00E8
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_DEVICE_CHANGE 82CA00E8
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_QUERY_QUOTA 82CA00E8
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_SET_QUOTA 82CA00E8
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_CREATE 82ABDCF0
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_CLOSE 82ABDCF0
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_READ 82ABDCF0
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_WRITE 82ABDCF0
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_FLUSH_BUFFERS 82ABDCF0
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_DEVICE_CONTROL 82ABDCF0
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_INTERNAL_DEVICE_CONTROL 82ABDCF0
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SHUTDOWN 82ABDCF0
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_POWER 82ABDCF0
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SYSTEM_CONTROL 82ABDCF0
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_PNP 82ABDCF0
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_INTERNAL_DEVICE_CONTROL [F7A6A661] prosync1.sys

gmer 2ter teil

Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_INTERNAL_DEVICE_CONTROL [F7A6A661] prosync1.sys
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_INTERNAL_DEVICE_CONTROL [F7A6A661] prosync1.sys
Device \Driver\atapi \Device\Ide\IdePort2 IRP_MJ_INTERNAL_DEVICE_CONTROL [F7A6A661] prosync1.sys
Device \Driver\atapi \Device\Ide\IdePort3 IRP_MJ_INTERNAL_DEVICE_CONTROL [F7A6A661] prosync1.sys
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-12 IRP_MJ_INTERNAL_DEVICE_CONTROL [F7A6A661] prosync1.sys
Device \Driver\prohlp02 \Device\ProHlp02 IRP_MJ_CREATE E100E110
Device \Driver\prohlp02 \Device\ProHlp02 IRP_MJ_CLOSE E100E110
Device \Driver\prohlp02 \Device\ProHlp02 IRP_MJ_DEVICE_CONTROL E100E110
Device \Driver\NetBT \Device\NetBt_Wins_Export IRP_MJ_CREATE 82C4C0E8
Device \Driver\NetBT \Device\NetBt_Wins_Export IRP_MJ_CLOSE 82C4C0E8
Device \Driver\NetBT \Device\NetBt_Wins_Export IRP_MJ_DEVICE_CONTROL 82C4C0E8
Device \Driver\NetBT \Device\NetBt_Wins_Export IRP_MJ_INTERNAL_DEVICE_CONTROL 82C4C0E8
Device \Driver\NetBT \Device\NetBt_Wins_Export IRP_MJ_CLEANUP 82C4C0E8
Device \Driver\NetBT \Device\NetBt_Wins_Export IRP_MJ_PNP 82C4C0E8
Device \Driver\NetBT \Device\NetbiosSmb IRP_MJ_CREATE 82C4C0E8
Device \Driver\NetBT \Device\NetbiosSmb IRP_MJ_CLOSE 82C4C0E8
Device \Driver\NetBT \Device\NetbiosSmb IRP_MJ_DEVICE_CONTROL 82C4C0E8
Device \Driver\NetBT \Device\NetbiosSmb IRP_MJ_INTERNAL_DEVICE_CONTROL 82C4C0E8
Device \Driver\NetBT \Device\NetbiosSmb IRP_MJ_CLEANUP 82C4C0E8
Device \Driver\NetBT \Device\NetbiosSmb IRP_MJ_PNP 82C4C0E8
Device \Driver\00000066 \Device\0000004c IRP_MJ_POWER [F747DEA8] sptd.sys
Device \Driver\00000066 \Device\0000004c IRP_MJ_SYSTEM_CONTROL [F7491A70] sptd.sys
Device \Driver\00000066 \Device\0000004c IRP_MJ_PNP [F748A728] sptd.sys
Device \Driver\Disk \Device\Harddisk0\DR0 IRP_MJ_CREATE 82F8C0E8
Device \Driver\Disk \Device\Harddisk0\DR0 IRP_MJ_CLOSE 82F8C0E8
Device \Driver\Disk \Device\Harddisk0\DR0 IRP_MJ_READ 82F8C0E8
Device \Driver\Disk \Device\Harddisk0\DR0 IRP_MJ_WRITE 82F8C0E8
Device \Driver\Disk \Device\Harddisk0\DR0 IRP_MJ_FLUSH_BUFFERS 82F8C0E8
Device \Driver\Disk \Device\Harddisk0\DR0 IRP_MJ_DEVICE_CONTROL 82F8C0E8
Device \Driver\Disk \Device\Harddisk0\DR0 IRP_MJ_INTERNAL_DEVICE_CONTROL 82F8C0E8
Device \Driver\Disk \Device\Harddisk0\DR0 IRP_MJ_SHUTDOWN 82F8C0E8
Device \Driver\Disk \Device\Harddisk0\DR0 IRP_MJ_POWER 82F8C0E8
Device \Driver\Disk \Device\Harddisk0\DR0 IRP_MJ_SYSTEM_CONTROL 82F8C0E8
Device \Driver\Disk \Device\Harddisk0\DR0 IRP_MJ_PNP 82F8C0E8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_CREATE 82D6C610
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_CREATE_NAMED_PIPE 82D6C610
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_CLOSE 82D6C610
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_READ 82D6C610
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_WRITE 82D6C610
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_QUERY_INFORMATION 82D6C610
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SET_INFORMATION 82D6C610
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_QUERY_EA 82D6C610
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SET_EA 82D6C610
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_FLUSH_BUFFERS 82D6C610
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_QUERY_VOLUME_INFORMATION 82D6C610
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SET_VOLUME_INFORMATION 82D6C610
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_DIRECTORY_CONTROL 82D6C610
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_FILE_SYSTEM_CONTROL 82D6C610
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_DEVICE_CONTROL 82D6C610
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_INTERNAL_DEVICE_CONTROL 82D6C610
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SHUTDOWN 82D6C610
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_LOCK_CONTROL 82D6C610
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_CLEANUP 82D6C610
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_CREATE_MAILSLOT 82D6C610
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_QUERY_SECURITY 82D6C610
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SET_SECURITY 82D6C610
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_POWER 82D6C610
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SYSTEM_CONTROL 82D6C610
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_DEVICE_CHANGE 82D6C610
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_QUERY_QUOTA 82D6C610
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SET_QUOTA 82D6C610
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_PNP 82D6C610
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_CREATE 82D6C610
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_CREATE_NAMED_PIPE 82D6C610
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_CLOSE 82D6C610
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_READ 82D6C610
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_WRITE 82D6C610
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_QUERY_INFORMATION 82D6C610
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SET_INFORMATION 82D6C610
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_QUERY_EA 82D6C610
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SET_EA 82D6C610
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_FLUSH_BUFFERS 82D6C610
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_QUERY_VOLUME_INFORMATION 82D6C610
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SET_VOLUME_INFORMATION 82D6C610
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_DIRECTORY_CONTROL 82D6C610
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_FILE_SYSTEM_CONTROL 82D6C610
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_DEVICE_CONTROL 82D6C610
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_INTERNAL_DEVICE_CONTROL 82D6C610
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SHUTDOWN 82D6C610
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_LOCK_CONTROL 82D6C610
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_CLEANUP 82D6C610
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_CREATE_MAILSLOT 82D6C610
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_QUERY_SECURITY 82D6C610
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SET_SECURITY 82D6C610
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_POWER 82D6C610
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SYSTEM_CONTROL 82D6C610
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_DEVICE_CHANGE 82D6C610
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_QUERY_QUOTA 82D6C610
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SET_QUOTA 82D6C610
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_PNP 82D6C610
Device \FileSystem\Npfs \Device\NamedPipe IRP_MJ_CREATE 82B7F288
Device \FileSystem\Npfs \Device\NamedPipe IRP_MJ_CREATE_NAMED_PIPE 82B7F288
Device \FileSystem\Npfs \Device\NamedPipe IRP_MJ_CLOSE 82B7F288
Device \FileSystem\Npfs \Device\NamedPipe IRP_MJ_READ 82B7F288
Device \FileSystem\Npfs \Device\NamedPipe IRP_MJ_WRITE 82B7F288
Device \FileSystem\Npfs \Device\NamedPipe IRP_MJ_QUERY_INFORMATION 82B7F288
Device \FileSystem\Npfs \Device\NamedPipe IRP_MJ_SET_INFORMATION 82B7F288
Device \FileSystem\Npfs \Device\NamedPipe IRP_MJ_FLUSH_BUFFERS 82B7F288
Device \FileSystem\Npfs \Device\NamedPipe IRP_MJ_QUERY_VOLUME_INFORMATION 82B7F288
Device \FileSystem\Npfs \Device\NamedPipe IRP_MJ_DIRECTORY_CONTROL 82B7F288
Device \FileSystem\Npfs \Device\NamedPipe IRP_MJ_FILE_SYSTEM_CONTROL 82B7F288
Device \FileSystem\Npfs \Device\NamedPipe IRP_MJ_CLEANUP 82B7F288
Device \FileSystem\Npfs \Device\NamedPipe IRP_MJ_QUERY_SECURITY 82B7F288
Device \FileSystem\Npfs \Device\NamedPipe IRP_MJ_SET_SECURITY 82B7F288
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_CREATE 82FD7948
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_READ 82FD7948
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_WRITE 82FD7948
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_FLUSH_BUFFERS 82FD7948
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_DEVICE_CONTROL 82FD7948
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_INTERNAL_DEVICE_CONTROL 82FD7948
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_SHUTDOWN 82FD7948
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_CLEANUP 82FD7948
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_POWER 82FD7948
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_SYSTEM_CONTROL 82FD7948
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_PNP 82FD7948
Device \FileSystem\Msfs \Device\Mailslot IRP_MJ_CREATE 82BCD0E8
Device \FileSystem\Msfs \Device\Mailslot IRP_MJ_CLOSE 82BCD0E8
Device \FileSystem\Msfs \Device\Mailslot IRP_MJ_READ 82BCD0E8
Device \FileSystem\Msfs \Device\Mailslot IRP_MJ_WRITE 82BCD0E8
Device \FileSystem\Msfs \Device\Mailslot IRP_MJ_QUERY_INFORMATION 82BCD0E8
Device \FileSystem\Msfs \Device\Mailslot IRP_MJ_SET_INFORMATION 82BCD0E8
Device \FileSystem\Msfs \Device\Mailslot IRP_MJ_QUERY_VOLUME_INFORMATION 82BCD0E8
Device \FileSystem\Msfs \Device\Mailslot IRP_MJ_DIRECTORY_CONTROL 82BCD0E8
Device \FileSystem\Msfs \Device\Mailslot IRP_MJ_FILE_SYSTEM_CONTROL 82BCD0E8
Device \FileSystem\Msfs \Device\Mailslot IRP_MJ_CLEANUP 82BCD0E8
Device \FileSystem\Msfs \Device\Mailslot IRP_MJ_CREATE_MAILSLOT 82BCD0E8
Device \FileSystem\Msfs \Device\Mailslot IRP_MJ_QUERY_SECURITY 82BCD0E8
Device \FileSystem\Msfs \Device\Mailslot IRP_MJ_SET_SECURITY 82BCD0E8
Device \Driver\dtscsi \Device\Scsi\dtscsi1Port4Path0Target0Lun0 IRP_MJ_CREATE 82E110E8
Device \Driver\dtscsi \Device\Scsi\dtscsi1Port4Path0Target0Lun0 IRP_MJ_CLOSE 82E110E8
Device \Driver\dtscsi \Device\Scsi\dtscsi1Port4Path0Target0Lun0 IRP_MJ_DEVICE_CONTROL 82E110E8
Device \Driver\dtscsi \Device\Scsi\dtscsi1Port4Path0Target0Lun0 IRP_MJ_INTERNAL_DEVICE_CONTROL [F7408A7C] sfsync04.sys
Device \Driver\dtscsi \Device\Scsi\dtscsi1Port4Path0Target0Lun0 IRP_MJ_POWER 82E110E8
Device \Driver\dtscsi \Device\Scsi\dtscsi1Port4Path0Target0Lun0 IRP_MJ_SYSTEM_CONTROL 82E110E8
Device \Driver\dtscsi \Device\Scsi\dtscsi1Port4Path0Target0Lun0 IRP_MJ_PNP 82E110E8
Device \Driver\dtscsi \Device\Scsi\dtscsi1 IRP_MJ_CREATE 82E110E8
Device \Driver\dtscsi \Device\Scsi\dtscsi1 IRP_MJ_CLOSE 82E110E8
Device \Driver\dtscsi \Device\Scsi\dtscsi1 IRP_MJ_DEVICE_CONTROL 82E110E8
Device \Driver\dtscsi \Device\Scsi\dtscsi1 IRP_MJ_INTERNAL_DEVICE_CONTROL [F7408A7C] sfsync04.sys
Device \Driver\dtscsi \Device\Scsi\dtscsi1 IRP_MJ_POWER 82E110E8
Device \Driver\dtscsi \Device\Scsi\dtscsi1 IRP_MJ_SYSTEM_CONTROL 82E110E8
Device \Driver\dtscsi \Device\Scsi\dtscsi1 IRP_MJ_PNP 82E110E8
Device \FileSystem\Cdfs \Cdfs IRP_MJ_CREATE 82BD1A10
Device \FileSystem\Cdfs \Cdfs IRP_MJ_CLOSE 82BD1A10
Device \FileSystem\Cdfs \Cdfs IRP_MJ_READ 82BD1A10
Device \FileSystem\Cdfs \Cdfs IRP_MJ_QUERY_INFORMATION 82BD1A10
Device \FileSystem\Cdfs \Cdfs IRP_MJ_SET_INFORMATION 82BD1A10
Device \FileSystem\Cdfs \Cdfs IRP_MJ_QUERY_VOLUME_INFORMATION 82BD1A10
Device \FileSystem\Cdfs \Cdfs IRP_MJ_DIRECTORY_CONTROL 82BD1A10
Device \FileSystem\Cdfs \Cdfs IRP_MJ_FILE_SYSTEM_CONTROL 82BD1A10
Device \FileSystem\Cdfs \Cdfs IRP_MJ_DEVICE_CONTROL 82BD1A10
Device \FileSystem\Cdfs \Cdfs IRP_MJ_SHUTDOWN 82BD1A10
Device \FileSystem\Cdfs \Cdfs IRP_MJ_LOCK_CONTROL 82BD1A10
Device \FileSystem\Cdfs \Cdfs IRP_MJ_CLEANUP 82BD1A10
Device \FileSystem\Cdfs \Cdfs IRP_MJ_PNP 82BD1A10

---- EOF - GMER 1.0.12 ----

sodalla hat ja etwas gedauert

jetzt wirds gespenstisch

grade kam ne meldung

Gefährliche Situation
Der Prozess "" Versucht Kaspersky AntiVirus Monitur zu beenden
Sound hab ich keinen mehr
und die Taskleiste war kurz im Win95 Design ?!?!?!

Was geht hier ab bitte???

Hali hallo.

Der Kopf deines Virustotal logs fehlt. Reiche ihn bitte unbedingt nach oder führe die Überprüfung nochmal durch. Wir müssen genau sehen können welche Datei durchsucht wurde und das steht halt drüber..^^

Zitat:

Gefährliche Situation
Der Prozess "" Versucht Kaspersky AntiVirus Monitur zu beenden
Sound hab ich keinen mehr
und die Taskleiste war kurz im Win95 Design ?!?!?!

das ist wirklich nicht witzig; gut, dass du den Selbstschutz aktiv hast... welcher Prozess war es denn oder sah die Meldung tatsächlich so aus? Versuche mal mehr Infos zu bekommen wer sich da an KAV zu schaffen macht.

Tu jetzt mal als erstes folgendes:


-Update Kav und stelle die höchste Sicherheitsstufe ein.
-Wechsel in den abgesicherten Modus und mache dort einen kompletten Systemscan.
-Lasse AdAware(Lavasoft) und Spybot Search and Destroy über dein System linsen.
-Danach folgst du der Anleitung aus meiner Signatur zu eScan.

Gruß

Undoreal

das is alles was er mir gibt

omplete scanning result of "hijackthis.log", received in VirusTotal at 05.24.2007, 13:10:57 (CET).

Antivirus Version Update Result
AhnLab-V3 2007.5.24.0 05.23.2007 no virus found
AntiVir 7.4.0.27 05.24.2007 no virus found
Authentium 4.93.8 05.23.2007 no virus found
Avast 4.7.997.0 05.24.2007 no virus found
AVG 7.5.0.467 05.23.2007 no virus found
BitDefender 7.2 05.24.2007 no virus found
CAT-QuickHeal 9.00 05.23.2007 no virus found
ClamAV devel-20070416 05.24.2007 no virus found
DrWeb 4.33 05.24.2007 no virus found
eSafe 7.0.15.0 05.21.2007 no virus found
eTrust-Vet 30.7.3660 05.24.2007 no virus found
Ewido 4.0 05.24.2007 no virus found
FileAdvisor 1 05.24.2007 no virus found
Fortinet 2.85.0.0 05.24.2007 no virus found
F-Prot 4.3.2.48 05.23.2007 no virus found
F-Secure 6.70.13030.0 05.24.2007 no virus found
Ikarus T3.1.1.8 05.24.2007 no virus found
Kaspersky 4.0.2.24 05.24.2007 no virus found
McAfee 5037 05.23.2007 no virus found
Microsoft 1.2503 05.22.2007 no virus found
NOD32v2 2289 05.24.2007 no virus found
Norman 5.80.02 05.23.2007 no virus found
Panda 9.0.0.4 05.24.2007 no virus found
Prevx1 V2 05.24.2007 no virus found
Sophos 4.17.0 05.23.2007 no virus found
Sunbelt 2.2.907.0 05.24.2007 no virus found
Symantec 10 05.24.2007 no virus found
TheHacker 6.1.6.121 05.23.2007 no virus found
VBA32 3.12.0 05.23.2007 no virus found
VirusBuster 4.3.23:9 05.23.2007 no virus found
Webwasher-Gateway 6.0.1 05.24.2007 no virus found

Aditional Information
File size: 7423 bytes
MD5: d5e1f19fcf16c385fc0b74830c43a01f
SHA1: 43809ed7033f3bd129b03b7509c9cac4f1b9eb3d


ja die Meldung stand genau so...

werde jetzt mal das ganze durcharbeiten... melde mich gleich wieder

Zitat:

omplete scanning result of "hijackthis.log", received in VirusTotal at 05.24.2007, 13:10:57 (CET).

:aplaus: :aplaus:

man, wie gut, dass ich nochmal nachgefragt habe!!!!

Du solltest nicht das HJT log bei virustotal scannen sondern die

Zitat:

svhost.exe, svchosts.exe, syshost.exe oder svchost2.exe

wie auch immer sie denn dann heißt.

Mache jetzt mal folgendes:

-Lies den link aus meiner Signatur zum Suchen von Dateien.
-Suche dir im Taskmanager die * svhost.exe, svchosts.exe, syshost.exe oder svchost2.exe * heraus und schreibe dir den Namen ganz genau ab.
-Nach diesem suchst du dann!
-Die gefundene Datei lädst du bei Virustotal hoch und postest das Ergebnis..

Gruß

Undoreal

escan hat 53 viren gefunden aber keine gelöscht?!?!

das mit der konsole hat ned gefunkt habs jetzt 3 mal probiert
hab aber ein log am desktop das is aber eeeelendslang

im taskmanager scheinen 4 svchost.exe auf
wenn ich sie aber suche findet er nur 2 -.-

langsam glaub ich hier geht alles in arsch

erstes

File "svchost.exe" received on 05.25.2007 at 00:40:42 (CET) is being scanned by VirusTotal in this moment. Results will be shown as they're generated.

Antivirus Version Update Result
AhnLab-V3 2007.5.24.0 05.23.2007 no virus found
AntiVir 7.4.0.27 05.24.2007 no virus found
Authentium 4.93.8 05.23.2007 no virus found
Avast 4.7.997.0 05.24.2007 no virus found
AVG 7.5.0.467 05.24.2007 no virus found
BitDefender 7.2 05.24.2007 no virus found
CAT-QuickHeal 9.00 05.24.2007 no virus found
ClamAV devel-20070416 05.24.2007 no virus found
DrWeb 4.33 05.25.2007 no virus found
eSafe 7.0.15.0 05.24.2007 no virus found
eTrust-Vet 30.7.3662 05.25.2007 no virus found
Ewido 4.0 05.24.2007 no virus found
FileAdvisor 1 05.25.2007 No threat detected
Fortinet 2.85.0.0 05.24.2007 no virus found
F-Prot 4.3.2.48 05.24.2007 no virus found
F-Secure 6.70.13030.0 05.24.2007 no virus found
Ikarus T3.1.1.8 05.24.2007 no virus found
Kaspersky 4.0.2.24 05.25.2007 no virus found
McAfee 5038 05.24.2007 no virus found
Microsoft 1.2503 05.24.2007 no virus found
NOD32v2 2290 05.24.2007 no virus found
Norman 5.80.02 05.24.2007 no virus found
Panda 9.0.0.4 05.24.2007 no virus found
Prevx1 V2 05.25.2007 no virus found
Sophos 4.17.0 05.23.2007 no virus found
Sunbelt 2.2.907.0 05.24.2007 no virus found

Aditional Information
File size: 14336 bytes
MD5: 65a819b121eb6fdab4400ea42bdffe64
SHA1: 0dfdee2871427e9c40ec82541156884ff9b4bfa3
Bit9 info: http://fileadvisor.bit9.com/services/extinfo.aspx?md5=65a819b121eb6fdab4400ea42bdffe64

2tes

File "svchost.exe" received on 05.25.2007 at 00:29:52 (CET) is being scanned by VirusTotal in this moment. Results will be shown as they're generated.

Antivirus Version Update Result
AhnLab-V3 2007.5.24.0 05.23.2007 no virus found
AntiVir 7.4.0.27 05.24.2007 no virus found
Authentium 4.93.8 05.23.2007 no virus found
Avast 4.7.997.0 05.24.2007 no virus found
AVG 7.5.0.467 05.24.2007 no virus found
BitDefender 7.2 05.24.2007 no virus found
CAT-QuickHeal 9.00 05.24.2007 no virus found
ClamAV devel-20070416 05.24.2007 no virus found
DrWeb 4.33 05.24.2007 no virus found
eSafe 7.0.15.0 05.24.2007 no virus found
eTrust-Vet 30.7.3662 05.25.2007 no virus found
Ewido 4.0 05.24.2007 no virus found
FileAdvisor 1 05.25.2007 No threat detected
Fortinet 2.85.0.0 05.24.2007 no virus found
F-Prot 4.3.2.48 05.24.2007 no virus found
F-Secure 6.70.13030.0 05.24.2007 no virus found
Ikarus T3.1.1.8 05.24.2007 no virus found
Kaspersky 4.0.2.24 05.25.2007 no virus found
McAfee 5038 05.24.2007 no virus found
Microsoft 1.2503 05.24.2007 no virus found
NOD32v2 2290 05.24.2007 no virus found
Norman 5.80.02 05.24.2007 no virus found
Panda 9.0.0.4 05.24.2007 no virus found
Prevx1 V2 05.25.2007 no virus found
Sophos 4.17.0 05.23.2007 no virus found
Sunbelt 2.2.907.0 05.24.2007 no virus found
Symantec 10 05.25.2007 no virus found
TheHacker 6.1.6.121 05.23.2007 no virus found
VBA32 3.12.0 05.23.2007 no virus found
VirusBuster 4.3.23:9 05.24.2007 no virus found

Aditional Information
File size: 12800 bytes
MD5: adbb33d5893bcf08e75ea54bb5669205
SHA1: 23c55cf3635d2f77b119f639853a0a89869e30f3
Bit9 info: http://fileadvisor.bit9.com/services/extinfo.aspx?md5=adbb33d5893bcf08e75ea54bb5669205

hmmmm?!

Och man jetzt komm schon. Lies bitte die Anleitung von eScan genau durch und poste das log mit Hilfe der find.bat!!!!!

Zitat:

im taskmanager scheinen 4 svchost.exe auf
wenn ich sie aber suche findet er nur 2 -.-

das ist normal weil windows die Prozesse nicht zusammenfassen kann aber du solltest ja auch nicht nach der
" svchost.exe " suchen ! ! ! Lies doch was ich dir poste.

Du sollst nach der Datei suchen, die die hohe Auslastung verursacht...

Die wird entweder etwa so aussehen: " svhost.exe, svchosts.exe, syshost.exe oder svchost2.exe " oder wirklich svchost.exe heißen, sich dann aber nicht im Windows\System32 Ordner befinden. Jetzt geb' dir bitte Mühe sonst kann dir keiner helfen..
Suche halt im Taskmanager den Namen der Datei heraus die die Auslastung verursacht und schreibe ihn GANZ genau ab. Poste ihn hier wenn du nicht selber danach suchen kannst; dann helfe ich dir aber ich brauche den verluchten Namen!



Gruß

Undoreal

hab nen screenshot gemacht von dem task manager soll ich schicken?

ich hab das befolgt mit diesem escan... werde es nochmal probieren!

gruß!

edit: wenn ich auf die auswertdatei klick lädt sich nichts herunter?!
okay habs jetzt
jetzt mal zum mitschreiben
ich scan alles nochmal etc dann öffne ich mittels cmd das konsolenfenster und tip dann
notepad %systemdrive%\bases_x\escan_neu.txt

ein? mit leerzeichen etc?!

Hier meine Daten...

[edit]
bitte eröffne, wie jeder andere hier auch, für dein problem einen eigenen beitrag
nur so wird sichergestellt, das jedem user übersichtlich und individuell geholfen werden kann

danke
GUA
[/edit]

Zitat:

Logfile of HijackThis v1.99.1
Scan saved at 17:52:57, on 29.05.2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Anleitung zum Neuaufsetzen aus meiner Signatur folgen...

DIR FEHLEN SERVICE PACK 2 UND ÜBER 100 UPDATES!!!

@despe: eröffne bitte einen neuen Thread oder setzte gleich neu auf.

@apocalypt: der gehört hier garnicht her

@misterWoo: Hast du keinen Router???

Gruß

Undoreal