Google Search Redirect

**The_Sandyman** · 2009-12-26, 11:58

2nd try w/o attachments
Hi,
since a few days I have the same Google redirect issue as many other users. By Clicking on the Google search results, I got redirected to different sites but not the one I want to go to. After a few clicks a virus alert page starts in the browser. Additionally I experianced a pishing attack, after logging into my online banking account (the login page was bookmarked). After logging in, I was redirected to a site, asking me for 10 unused iTANs. I run an AVIRA and Spybot check without findings.

Fortunately I got a separate laptop for posting my problem and so on. I disconnected the PC from the internet. I run HJT and GMER as explained in the thread before. It seams to be hard to get rid of this malware, therefor I decided to ask a specialist here. Thanks in advance to the volunteers!

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:45:12, on 25.12.2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Unable to get Internet Explorer version!
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\ANTIVI~1\avcenter.exe
C:\Programme\Avira\AntiVir Desktop\sched.exe
C:\Programme\Avira\AntiVir Desktop\avguard.exe
C:\WINDOWS\Explorer.EXE
C:\Programme\FRITZ!DSL\IGDCTRL.EXE
C:\Programme\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\WINDOWS\system32\libusbd-nt.exe
C:\Programme\CDBurnerXP\NMSAccessU.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\System32\DSentry.exe
C:\WINDOWS\system32\SerExt.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
C:\Programme\Avira\AntiVir Desktop\avgnt.exe
C:\Programme\Creative\SBLive\Diagnostics\diagent.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\TraXEx\TraXEx.exe
C:\Programme\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.euro.dell.com/countries/d...en/default.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.de/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.euro.dell.com/countries/d...en/default.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: (no name) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - (no file)
O2 - BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.5.0_06\bin\ssv.dll
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [SerExt] SerExt.exe /plug
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [diagent] C:\Programme\Creative\SBLive\Diagnostics\diagent.exe startup
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programme\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Programme\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [nwiz] C:\Programme\NVIDIA Corporation\nView\nwiz.exe /install
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = C:\Programme\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: TraXEx 3.3.lnk = C:\Programme\TraXEx\TraXEx.exe
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: IE-Spuren löschen - {6C7C0C9A-B51D-4ADB-A74D-C4E33744F866} - C:\Programme\TraXEx\Integration\TraXEx Internet Explorer.lnk
O9 - Extra button: Löschautomat - {8DA7743F-9274-4BE8-899E-C0FF6ED61B00} - C:\Programme\TraXEx\Integration\TraXEx Löschautomat.lnk
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.co...?1095545767187
O16 - DPF: {90A29DA5-D020-4B18-8660-6689520C7CD7} - http://support.euro.dell.com/global/...r/PROFILER.CAB
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} - https://h17000.www1.hp.com/ewfrf-JAV...oadManager.ocx
O18 - Protocol: haufereader - {39198710-62F7-42CD-9458-069843FA5D32} - C:\Programme\Haufe\HaufeReader\HRInstmon.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Avira GmbH - C:\Programme\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Programme\Avira\AntiVir Desktop\avguard.exe
O23 - Service: AVM IGD CTRL Service - AVM Berlin - C:\Programme\FRITZ!DSL\IGDCTRL.EXE
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Programme\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: AVM FRITZ!web Routing Service (de_serv) - AVM Berlin - C:\Programme\Gemeinsame Dateien\AVM\de_serv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LibUsb-Win32 - Daemon, Version 0.1.10.1 (libusbd) - http://libusb-win32.sourceforge.net - C:\WINDOWS\system32\libusbd-nt.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Programme\Gemeinsame Dateien\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: NMSAccessU - Unknown owner - C:\Programme\CDBurnerXP\NMSAccessU.exe
O23 - Service: Intel(R) NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\System32\NMSSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SiSoftware Deployment Agent Service (SandraAgentSrv) - SiSoftware - C:\Programme\SiSoftware\SiSoftware Sandra Lite 2009.SP1\RpcAgentSrv.exe
O23 - Service: Sandra Data Service (SandraDataSrv) - Unknown owner - C:\Programme\SiSoftware\SiSoftware Sandra Lite 2007\Win32\RpcDataSrv.exe (file missing)
O23 - Service: Sandra Service (SandraTheSrv) - Unknown owner - C:\Programme\SiSoftware\SiSoftware Sandra Lite 2007\RpcSandraSrv.exe (file missing)
O23 - Service: xControlCOM - Siemens - C:\Programme\T-Sinus 721\T-Sinus 721 PC\xControlCOM.exe

--
End of file - 8092 bytes

**Shaba** · 2009-12-29, 13:02

Hi The_Sandyman

Please post next gmer log

**The_Sandyman** · 2009-12-30, 09:52

Here is the Log.

I used GMER 1.0.12 from the alternate download site as recommanded in other (recent!) blogs. the direct link to GMER is to download version 1.0.15 which did not run on my infected computer.

As the file is too big for one post, I will split it into two.
GMER 1.0.12.12011 - http://www.gmer.net
Rootkit scan 2009-12-30 09:50:41
Windows 5.1.2600 Service Pack 3

---- System - GMER 1.0.12 ----

SSDT a347bus.sys ZwClose
SSDT F7D95AAE ZwCreateKey
SSDT a347bus.sys ZwCreatePagingFile
SSDT F7D95AA4 ZwCreateThread
SSDT F7D95AB3 ZwDeleteKey
SSDT F7D95ABD ZwDeleteValueKey
SSDT a347bus.sys ZwEnumerateKey
SSDT a347bus.sys ZwEnumerateValueKey
SSDT F7D95AC2 ZwLoadKey
SSDT a347bus.sys ZwOpenFile
SSDT a347bus.sys ZwOpenKey
SSDT F7D95A90 ZwOpenProcess
SSDT F7D95A95 ZwOpenThread
SSDT a347bus.sys ZwQueryKey
SSDT a347bus.sys ZwQueryValueKey
SSDT F7D95ACC ZwReplaceKey
SSDT F7D95AC7 ZwRestoreKey
SSDT a347bus.sys ZwSetSystemPowerState
SSDT F7D95AB8 ZwSetValueKey
SSDT F7D95A9F ZwTerminateProcess

---- Kernel code sections - GMER 1.0.12 ----

.text USBPORT.SYS!DllUnload F6A9E8AC 5 Bytes JMP 8620A1C8

---- User code sections - GMER 1.0.12 ----

.text C:\Programme\Avira\AntiVir Desktop\avguard.exe[480] ADVAPI32.dll!CryptDestroyKey 77DB9EBC 7 Bytes JMP 0178299A
.text C:\Programme\Avira\AntiVir Desktop\avguard.exe[480] ADVAPI32.dll!CryptDecrypt 77DBA129 7 Bytes JMP 0178294A
.text C:\Programme\Avira\AntiVir Desktop\avguard.exe[480] ADVAPI32.dll!CryptEncrypt 77DBE360 7 Bytes JMP 0178290E
.text C:\Programme\Avira\AntiVir Desktop\avguard.exe[480] WS2_32.dll!closesocket 71A13E2B 5 Bytes JMP 017828F2
.text C:\Programme\Avira\AntiVir Desktop\avguard.exe[480] WS2_32.dll!send 71A14C27 5 Bytes JMP 0178277E
.text C:\Programme\Avira\AntiVir Desktop\avguard.exe[480] WS2_32.dll!WSARecv 71A14CB5 5 Bytes JMP 01782870
.text C:\Programme\Avira\AntiVir Desktop\avguard.exe[480] WS2_32.dll!recv 71A1676F 5 Bytes JMP 017827B6
.text C:\Programme\Avira\AntiVir Desktop\avguard.exe[480] WS2_32.dll!WSASend 71A168FA 5 Bytes JMP 017827EE
.text C:\Programme\FRITZ!DSL\IGDCTRL.EXE[496] WS2_32.dll!closesocket 71A13E2B 5 Bytes JMP 023928F2
.text C:\Programme\FRITZ!DSL\IGDCTRL.EXE[496] WS2_32.dll!send 71A14C27 5 Bytes JMP 0239277E
.text C:\Programme\FRITZ!DSL\IGDCTRL.EXE[496] WS2_32.dll!WSARecv 71A14CB5 5 Bytes JMP 02392870
.text C:\Programme\FRITZ!DSL\IGDCTRL.EXE[496] WS2_32.dll!recv 71A1676F 5 Bytes JMP 023927B6
.text C:\Programme\FRITZ!DSL\IGDCTRL.EXE[496] WS2_32.dll!WSASend 71A168FA 5 Bytes JMP 023927EE
.text C:\Programme\FRITZ!DSL\IGDCTRL.EXE[496] ADVAPI32.dll!CryptDestroyKey 77DB9EBC 7 Bytes JMP 0239299A
.text C:\Programme\FRITZ!DSL\IGDCTRL.EXE[496] ADVAPI32.dll!CryptDecrypt 77DBA129 7 Bytes JMP 0239294A
.text C:\Programme\FRITZ!DSL\IGDCTRL.EXE[496] ADVAPI32.dll!CryptEncrypt 77DBE360 7 Bytes JMP 0239290E
.text C:\WINDOWS\SYSTEM32\nvsvc32.exe[1240] ADVAPI32.dll!CryptDestroyKey 77DB9EBC 7 Bytes JMP 00EC299A
.text C:\WINDOWS\SYSTEM32\nvsvc32.exe[1240] ADVAPI32.dll!CryptDecrypt 77DBA129 7 Bytes JMP 00EC294A
.text C:\WINDOWS\SYSTEM32\nvsvc32.exe[1240] ADVAPI32.dll!CryptEncrypt 77DBE360 7 Bytes JMP 00EC290E
.text C:\WINDOWS\SYSTEM32\nvsvc32.exe[1240] WS2_32.dll!closesocket 71A13E2B 5 Bytes JMP 00EC28F2
.text C:\WINDOWS\SYSTEM32\nvsvc32.exe[1240] WS2_32.dll!send 71A14C27 5 Bytes JMP 00EC277E
.text C:\WINDOWS\SYSTEM32\nvsvc32.exe[1240] WS2_32.dll!WSARecv 71A14CB5 5 Bytes JMP 00EC2870
.text C:\WINDOWS\SYSTEM32\nvsvc32.exe[1240] WS2_32.dll!recv 71A1676F 5 Bytes JMP 00EC27B6
.text C:\WINDOWS\SYSTEM32\nvsvc32.exe[1240] WS2_32.dll!WSASend 71A168FA 5 Bytes JMP 00EC27EE
.text C:\Programme\Avira\AntiVir Desktop\sched.exe[1864] ADVAPI32.dll!CryptDestroyKey 77DB9EBC 7 Bytes JMP 0188299A
.text C:\Programme\Avira\AntiVir Desktop\sched.exe[1864] ADVAPI32.dll!CryptDecrypt 77DBA129 7 Bytes JMP 0188294A
.text C:\Programme\Avira\AntiVir Desktop\sched.exe[1864] ADVAPI32.dll!CryptEncrypt 77DBE360 7 Bytes JMP 0188290E
.text C:\Programme\Avira\AntiVir Desktop\sched.exe[1864] WS2_32.dll!closesocket 71A13E2B 5 Bytes JMP 018828F2
.text C:\Programme\Avira\AntiVir Desktop\sched.exe[1864] WS2_32.dll!send 71A14C27 5 Bytes JMP 0188277E
.text C:\Programme\Avira\AntiVir Desktop\sched.exe[1864] WS2_32.dll!WSARecv 71A14CB5 5 Bytes JMP 01882870
.text C:\Programme\Avira\AntiVir Desktop\sched.exe[1864] WS2_32.dll!recv 71A1676F 5 Bytes JMP 018827B6
.text C:\Programme\Avira\AntiVir Desktop\sched.exe[1864] WS2_32.dll!WSASend 71A168FA 5 Bytes JMP 018827EE
.text C:\WINDOWS\explorer.exe[2416] ADVAPI32.dll!CryptDestroyKey 77DB9EBC 7 Bytes JMP 0163299A
.text C:\WINDOWS\explorer.exe[2416] ADVAPI32.dll!CryptDecrypt 77DBA129 7 Bytes JMP 0163294A
.text C:\WINDOWS\explorer.exe[2416] ADVAPI32.dll!CryptEncrypt 77DBE360 7 Bytes JMP 0163290E
.text C:\WINDOWS\explorer.exe[2416] WS2_32.dll!closesocket 71A13E2B 5 Bytes JMP 016328F2
.text C:\WINDOWS\explorer.exe[2416] WS2_32.dll!send 71A14C27 5 Bytes JMP 0163277E
.text C:\WINDOWS\explorer.exe[2416] WS2_32.dll!WSARecv 71A14CB5 5 Bytes JMP 01632870
.text C:\WINDOWS\explorer.exe[2416] WS2_32.dll!recv 71A1676F 5 Bytes JMP 016327B6
.text C:\WINDOWS\explorer.exe[2416] WS2_32.dll!WSASend 71A168FA 5 Bytes JMP 016327EE
.text C:\WINDOWS\SYSTEM32\alg.exe[2816] ADVAPI32.dll!CryptDestroyKey 77DB9EBC 7 Bytes JMP 00B4299A
.text C:\WINDOWS\SYSTEM32\alg.exe[2816] ADVAPI32.dll!CryptDecrypt 77DBA129 7 Bytes JMP 00B4294A
.text C:\WINDOWS\SYSTEM32\alg.exe[2816] ADVAPI32.dll!CryptEncrypt 77DBE360 7 Bytes JMP 00B4290E
.text C:\WINDOWS\SYSTEM32\alg.exe[2816] WS2_32.dll!closesocket 71A13E2B 5 Bytes JMP 00B428F2
.text C:\WINDOWS\SYSTEM32\alg.exe[2816] WS2_32.dll!send 71A14C27 5 Bytes JMP 00B4277E
.text C:\WINDOWS\SYSTEM32\alg.exe[2816] WS2_32.dll!WSARecv 71A14CB5 5 Bytes JMP 00B42870
.text C:\WINDOWS\SYSTEM32\alg.exe[2816] WS2_32.dll!recv 71A1676F 5 Bytes JMP 00B427B6
.text C:\WINDOWS\SYSTEM32\alg.exe[2816] WS2_32.dll!WSASend 71A168FA 5 Bytes JMP 00B427EE
.text C:\WINDOWS\SYSTEM32\rundll32.exe[3376] ADVAPI32.dll!CryptDestroyKey 77DB9EBC 7 Bytes JMP 00EB299A
.text C:\WINDOWS\SYSTEM32\rundll32.exe[3376] ADVAPI32.dll!CryptDecrypt 77DBA129 7 Bytes JMP 00EB294A
.text C:\WINDOWS\SYSTEM32\rundll32.exe[3376] ADVAPI32.dll!CryptEncrypt 77DBE360 7 Bytes JMP 00EB290E
.text C:\WINDOWS\SYSTEM32\rundll32.exe[3376] WS2_32.dll!closesocket 71A13E2B 5 Bytes JMP 00EB28F2
.text C:\WINDOWS\SYSTEM32\rundll32.exe[3376] WS2_32.dll!send 71A14C27 5 Bytes JMP 00EB277E
.text C:\WINDOWS\SYSTEM32\rundll32.exe[3376] WS2_32.dll!WSARecv 71A14CB5 5 Bytes JMP 00EB2870
.text C:\WINDOWS\SYSTEM32\rundll32.exe[3376] WS2_32.dll!recv 71A1676F 5 Bytes JMP 00EB27B6
.text C:\WINDOWS\SYSTEM32\rundll32.exe[3376] WS2_32.dll!WSASend 71A168FA 5 Bytes JMP 00EB27EE
.text C:\Programme\WinRAR\WinRAR.exe[3548] ADVAPI32.DLL!CryptDestroyKey 77DB9EBC 7 Bytes JMP 020B299A
.text C:\Programme\WinRAR\WinRAR.exe[3548] ADVAPI32.DLL!CryptDecrypt 77DBA129 7 Bytes JMP 020B294A
.text C:\Programme\WinRAR\WinRAR.exe[3548] ADVAPI32.DLL!CryptEncrypt 77DBE360 7 Bytes JMP 020B290E
.text C:\Programme\WinRAR\WinRAR.exe[3548] WS2_32.dll!closesocket 71A13E2B 5 Bytes JMP 020B28F2
.text C:\Programme\WinRAR\WinRAR.exe[3548] WS2_32.dll!send 71A14C27 5 Bytes JMP 020B277E
.text C:\Programme\WinRAR\WinRAR.exe[3548] WS2_32.dll!WSARecv 71A14CB5 5 Bytes JMP 020B2870
.text C:\Programme\WinRAR\WinRAR.exe[3548] WS2_32.dll!recv 71A1676F 5 Bytes JMP 020B27B6
.text C:\Programme\WinRAR\WinRAR.exe[3548] WS2_32.dll!WSASend 71A168FA 5 Bytes JMP 020B27EE

**The_Sandyman** · 2009-12-30, 09:53

---- Devices - GMER 1.0.12 ----

Device \FileSystem\Ntfs \Ntfs IRP_MJ_CREATE 8733F1E8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_CLOSE 8733F1E8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_READ 8733F1E8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_WRITE 8733F1E8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_INFORMATION 8733F1E8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_SET_INFORMATION 8733F1E8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_EA 8733F1E8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_SET_EA 8733F1E8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_FLUSH_BUFFERS 8733F1E8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_VOLUME_INFORMATION 8733F1E8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_SET_VOLUME_INFORMATION 8733F1E8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_DIRECTORY_CONTROL 8733F1E8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_FILE_SYSTEM_CONTROL 8733F1E8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_DEVICE_CONTROL 8733F1E8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_SHUTDOWN 8733F1E8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_LOCK_CONTROL 8733F1E8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_CLEANUP 8733F1E8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_SECURITY 8733F1E8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_SET_SECURITY 8733F1E8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_QUOTA 8733F1E8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_SET_QUOTA 8733F1E8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_PNP 8733F1E8
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_CREATE 861D11E8
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_CLOSE 861D11E8
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_READ 856CCAF8
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_WRITE 861D11E8
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_QUERY_INFORMATION 861D11E8
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_SET_INFORMATION 861D11E8
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_QUERY_EA 861D11E8
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_SET_EA 861D11E8
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_FLUSH_BUFFERS 861D11E8
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_QUERY_VOLUME_INFORMATION 861D11E8
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_SET_VOLUME_INFORMATION 861D11E8
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_DIRECTORY_CONTROL 861D11E8
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_FILE_SYSTEM_CONTROL 861D11E8
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_DEVICE_CONTROL 861D11E8
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_SHUTDOWN 861D11E8
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_LOCK_CONTROL 861D11E8
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_CLEANUP 861D11E8
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_PNP 861D11E8
Device \Driver\usbuhci \Device\USBPDO-0 IRP_MJ_CREATE 861F1790
Device \Driver\usbuhci \Device\USBPDO-0 IRP_MJ_CLOSE 861F1790
Device \Driver\usbuhci \Device\USBPDO-0 IRP_MJ_DEVICE_CONTROL 861F1790
Device \Driver\usbuhci \Device\USBPDO-0 IRP_MJ_INTERNAL_DEVICE_CONTROL 861F1790
Device \Driver\usbuhci \Device\USBPDO-0 IRP_MJ_POWER 861F1790
Device \Driver\usbuhci \Device\USBPDO-0 IRP_MJ_SYSTEM_CONTROL 861F1790
Device \Driver\usbuhci \Device\USBPDO-0 IRP_MJ_PNP 861F1790
Device \Driver\usbuhci \Device\USBPDO-1 IRP_MJ_CREATE 861F1790
Device \Driver\usbuhci \Device\USBPDO-1 IRP_MJ_CLOSE 861F1790
Device \Driver\usbuhci \Device\USBPDO-1 IRP_MJ_DEVICE_CONTROL 861F1790
Device \Driver\usbuhci \Device\USBPDO-1 IRP_MJ_INTERNAL_DEVICE_CONTROL 861F1790
Device \Driver\usbuhci \Device\USBPDO-1 IRP_MJ_POWER 861F1790
Device \Driver\usbuhci \Device\USBPDO-1 IRP_MJ_SYSTEM_CONTROL 861F1790
Device \Driver\usbuhci \Device\USBPDO-1 IRP_MJ_PNP 861F1790
Device \Driver\usbuhci \Device\USBPDO-2 IRP_MJ_CREATE 861F1790
Device \Driver\usbuhci \Device\USBPDO-2 IRP_MJ_CLOSE 861F1790
Device \Driver\usbuhci \Device\USBPDO-2 IRP_MJ_DEVICE_CONTROL 861F1790
Device \Driver\usbuhci \Device\USBPDO-2 IRP_MJ_INTERNAL_DEVICE_CONTROL 861F1790
Device \Driver\usbuhci \Device\USBPDO-2 IRP_MJ_POWER 861F1790
Device \Driver\usbuhci \Device\USBPDO-2 IRP_MJ_SYSTEM_CONTROL 861F1790
Device \Driver\usbuhci \Device\USBPDO-2 IRP_MJ_PNP 861F1790
Device \Driver\usbehci \Device\USBPDO-3 IRP_MJ_CREATE 862091E8
Device \Driver\usbehci \Device\USBPDO-3 IRP_MJ_CLOSE 862091E8
Device \Driver\usbehci \Device\USBPDO-3 IRP_MJ_DEVICE_CONTROL 862091E8
Device \Driver\usbehci \Device\USBPDO-3 IRP_MJ_INTERNAL_DEVICE_CONTROL 862091E8
Device \Driver\usbehci \Device\USBPDO-3 IRP_MJ_POWER 862091E8
Device \Driver\usbehci \Device\USBPDO-3 IRP_MJ_SYSTEM_CONTROL 862091E8
Device \Driver\usbehci \Device\USBPDO-3 IRP_MJ_PNP 862091E8
Device \Driver\prodrv06 \Device\ProDrv06 IRP_MJ_CREATE E1AC3008
Device \Driver\prodrv06 \Device\ProDrv06 IRP_MJ_CLOSE E1AC3008
Device \Driver\prodrv06 \Device\ProDrv06 IRP_MJ_DEVICE_CONTROL E1AC3008
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_CREATE 873CB1E8
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_READ 873CB1E8
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_WRITE 873CB1E8
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_FLUSH_BUFFERS 873CB1E8
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_DEVICE_CONTROL 873CB1E8
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_INTERNAL_DEVICE_CONTROL 873CB1E8
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_SHUTDOWN 873CB1E8
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_CLEANUP 873CB1E8
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_POWER 873CB1E8
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_SYSTEM_CONTROL 873CB1E8
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_PNP 873CB1E8
Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_CREATE 873CB1E8
Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_READ 873CB1E8
Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_WRITE 873CB1E8
Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_FLUSH_BUFFERS 873CB1E8
Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_DEVICE_CONTROL 873CB1E8
Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_INTERNAL_DEVICE_CONTROL 873CB1E8
Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_SHUTDOWN 873CB1E8
Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_CLEANUP 873CB1E8
Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_POWER 873CB1E8
Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_SYSTEM_CONTROL 873CB1E8
Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_PNP 873CB1E8
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_CREATE 86204538
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_CREATE_NAMED_PIPE 86204538
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_CLOSE 86204538
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_READ 86204538
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_WRITE 86204538
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_QUERY_INFORMATION 86204538
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SET_INFORMATION 86204538
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_QUERY_EA 86204538
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SET_EA 86204538
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_FLUSH_BUFFERS 86204538
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_QUERY_VOLUME_INFORMATION 86204538
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SET_VOLUME_INFORMATION 86204538
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_DIRECTORY_CONTROL 86204538
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_FILE_SYSTEM_CONTROL 86204538
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_DEVICE_CONTROL 86204538
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_INTERNAL_DEVICE_CONTROL 86204538
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SHUTDOWN 86204538
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_LOCK_CONTROL 86204538
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_CLEANUP 86204538
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_CREATE_MAILSLOT 86204538
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_QUERY_SECURITY 86204538
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SET_SECURITY 86204538
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_POWER 86204538
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SYSTEM_CONTROL 86204538
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_DEVICE_CHANGE 86204538
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_QUERY_QUOTA 86204538
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SET_QUOTA 86204538
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_PNP 86204538
Device \Driver\USBSTOR \Device\000000b0 IRP_MJ_CREATE 85716790
Device \Driver\USBSTOR \Device\000000b0 IRP_MJ_CLOSE 85716790
Device \Driver\USBSTOR \Device\000000b0 IRP_MJ_READ 85716790
Device \Driver\USBSTOR \Device\000000b0 IRP_MJ_WRITE 85716790
Device \Driver\USBSTOR \Device\000000b0 IRP_MJ_DEVICE_CONTROL 85716790
Device \Driver\USBSTOR \Device\000000b0 IRP_MJ_INTERNAL_DEVICE_CONTROL [F77908B4] sfsync02.sys
Device \Driver\USBSTOR \Device\000000b0 IRP_MJ_POWER 85716790
Device \Driver\USBSTOR \Device\000000b0 IRP_MJ_SYSTEM_CONTROL 85716790
Device \Driver\USBSTOR \Device\000000b0 IRP_MJ_PNP 85716790
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_READ 8608B630
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_CREATE 86204538
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_CREATE_NAMED_PIPE 86204538
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_CLOSE 86204538
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_READ 86204538
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_WRITE 86204538
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_QUERY_INFORMATION 86204538
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SET_INFORMATION 86204538
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_QUERY_EA 86204538
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SET_EA 86204538
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_FLUSH_BUFFERS 86204538
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_QUERY_VOLUME_INFORMATION 86204538
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SET_VOLUME_INFORMATION 86204538
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_DIRECTORY_CONTROL 86204538
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_FILE_SYSTEM_CONTROL 86204538
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_DEVICE_CONTROL 86204538
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_INTERNAL_DEVICE_CONTROL 86204538
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SHUTDOWN 86204538
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_LOCK_CONTROL 86204538
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_CLEANUP 86204538
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_CREATE_MAILSLOT 86204538
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_QUERY_SECURITY 86204538
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SET_SECURITY 86204538
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_POWER 86204538
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SYSTEM_CONTROL 86204538
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_DEVICE_CHANGE 86204538
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_QUERY_QUOTA 86204538
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SET_QUOTA 86204538
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_PNP 86204538
Device \Driver\IdeChnDr \Device\Ide\IdeDeviceP1T0L0 IRP_MJ_CREATE 861F9A98
Device \Driver\IdeChnDr \Device\Ide\IdeDeviceP1T0L0 IRP_MJ_CREATE_NAMED_PIPE 861F9A98
Device \Driver\IdeChnDr \Device\Ide\IdeDeviceP1T0L0 IRP_MJ_CLOSE 861F9A98
Device \Driver\IdeChnDr \Device\Ide\IdeDeviceP1T0L0 IRP_MJ_READ 861F9A98
Device \Driver\IdeChnDr \Device\Ide\IdeDeviceP1T0L0 IRP_MJ_WRITE 861F9A98
Device \Driver\IdeChnDr \Device\Ide\IdeDeviceP1T0L0 IRP_MJ_QUERY_INFORMATION 861F9A98
Device \Driver\IdeChnDr \Device\Ide\IdeDeviceP1T0L0 IRP_MJ_SET_INFORMATION 861F9A98
Device \Driver\IdeChnDr \Device\Ide\IdeDeviceP1T0L0 IRP_MJ_QUERY_EA 861F9A98
Device \Driver\IdeChnDr \Device\Ide\IdeDeviceP1T0L0 IRP_MJ_SET_EA 861F9A98
Device \Driver\IdeChnDr \Device\Ide\IdeDeviceP1T0L0 IRP_MJ_FLUSH_BUFFERS 861F9A98
Device \Driver\IdeChnDr \Device\Ide\IdeDeviceP1T0L0 IRP_MJ_QUERY_VOLUME_INFORMATION 861F9A98
Device \Driver\IdeChnDr \Device\Ide\IdeDeviceP1T0L0 IRP_MJ_SET_VOLUME_INFORMATION 861F9A98
Device \Driver\IdeChnDr \Device\Ide\IdeDeviceP1T0L0 IRP_MJ_DIRECTORY_CONTROL 861F9A98
Device \Driver\IdeChnDr \Device\Ide\IdeDeviceP1T0L0 IRP_MJ_FILE_SYSTEM_CONTROL 861F9A98
Device \Driver\IdeChnDr \Device\Ide\IdeDeviceP1T0L0 IRP_MJ_DEVICE_CONTROL 861F9A98
Device \Driver\IdeChnDr \Device\Ide\IdeDeviceP1T0L0 IRP_MJ_INTERNAL_DEVICE_CONTROL 856E4110
Device \Driver\IdeChnDr \Device\Ide\IdeDeviceP1T0L0 IRP_MJ_SHUTDOWN 861F9A98
Device \Driver\IdeChnDr \Device\Ide\IdeDeviceP1T0L0 IRP_MJ_LOCK_CONTROL 861F9A98
Device \Driver\IdeChnDr \Device\Ide\IdeDeviceP1T0L0 IRP_MJ_CLEANUP 861F9A98
Device \Driver\IdeChnDr \Device\Ide\IdeDeviceP1T0L0 IRP_MJ_CREATE_MAILSLOT 861F9A98
Device \Driver\IdeChnDr \Device\Ide\IdeDeviceP1T0L0 IRP_MJ_QUERY_SECURITY 861F9A98
Device \Driver\IdeChnDr \Device\Ide\IdeDeviceP1T0L0 IRP_MJ_SET_SECURITY 861F9A98
Device \Driver\IdeChnDr \Device\Ide\IdeDeviceP1T0L0 IRP_MJ_POWER 861F9A98
Device \Driver\IdeChnDr \Device\Ide\IdeDeviceP1T0L0 IRP_MJ_SYSTEM_CONTROL 861F9A98
Device \Driver\IdeChnDr \Device\Ide\IdeDeviceP1T0L0 IRP_MJ_DEVICE_CHANGE 861F9A98
Device \Driver\IdeChnDr \Device\Ide\IdeDeviceP1T0L0 IRP_MJ_QUERY_QUOTA 861F9A98
Device \Driver\IdeChnDr \Device\Ide\IdeDeviceP1T0L0 IRP_MJ_SET_QUOTA 861F9A98
Device \Driver\IdeChnDr \Device\Ide\IdeDeviceP1T0L0 IRP_MJ_PNP 861F9A98
Device \Driver\IdeChnDr \Device\Ide\IdeDeviceP1T1L0 IRP_MJ_CREATE 861F9A98
Device \Driver\IdeChnDr \Device\Ide\IdeDeviceP1T1L0 IRP_MJ_CREATE_NAMED_PIPE 861F9A98
Device \Driver\IdeChnDr \Device\Ide\IdeDeviceP1T1L0 IRP_MJ_CLOSE 861F9A98
Device \Driver\IdeChnDr \Device\Ide\IdeDeviceP1T1L0 IRP_MJ_READ 861F9A98
Device \Driver\IdeChnDr \Device\Ide\IdeDeviceP1T1L0 IRP_MJ_WRITE 861F9A98
Device \Driver\IdeChnDr \Device\Ide\IdeDeviceP1T1L0 IRP_MJ_QUERY_INFORMATION 861F9A98
Device \Driver\IdeChnDr \Device\Ide\IdeDeviceP1T1L0 IRP_MJ_SET_INFORMATION 861F9A98
Device \Driver\IdeChnDr \Device\Ide\IdeDeviceP1T1L0 IRP_MJ_QUERY_EA 861F9A98
Device \Driver\IdeChnDr \Device\Ide\IdeDeviceP1T1L0 IRP_MJ_SET_EA 861F9A98
Device \Driver\IdeChnDr \Device\Ide\IdeDeviceP1T1L0 IRP_MJ_FLUSH_BUFFERS 861F9A98
Device \Driver\IdeChnDr \Device\Ide\IdeDeviceP1T1L0 IRP_MJ_QUERY_VOLUME_INFORMATION 861F9A98
Device \Driver\IdeChnDr \Device\Ide\IdeDeviceP1T1L0 IRP_MJ_SET_VOLUME_INFORMATION 861F9A98
Device \Driver\IdeChnDr \Device\Ide\IdeDeviceP1T1L0 IRP_MJ_DIRECTORY_CONTROL 861F9A98
Device \Driver\IdeChnDr \Device\Ide\IdeDeviceP1T1L0 IRP_MJ_FILE_SYSTEM_CONTROL 861F9A98
Device \Driver\IdeChnDr \Device\Ide\IdeDeviceP1T1L0 IRP_MJ_DEVICE_CONTROL 861F9A98
Device \Driver\IdeChnDr \Device\Ide\IdeDeviceP1T1L0 IRP_MJ_INTERNAL_DEVICE_CONTROL 856E4110
Device \Driver\IdeChnDr \Device\Ide\IdeDeviceP1T1L0 IRP_MJ_SHUTDOWN 861F9A98
Device \Driver\IdeChnDr \Device\Ide\IdeDeviceP1T1L0 IRP_MJ_LOCK_CONTROL 861F9A98
Device \Driver\IdeChnDr \Device\Ide\IdeDeviceP1T1L0 IRP_MJ_CLEANUP 861F9A98
Device \Driver\IdeChnDr \Device\Ide\IdeDeviceP1T1L0 IRP_MJ_CREATE_MAILSLOT 861F9A98
Device \Driver\IdeChnDr \Device\Ide\IdeDeviceP1T1L0 IRP_MJ_QUERY_SECURITY 861F9A98
Device \Driver\IdeChnDr \Device\Ide\IdeDeviceP1T1L0 IRP_MJ_SET_SECURITY 861F9A98
Device \Driver\IdeChnDr \Device\Ide\IdeDeviceP1T1L0 IRP_MJ_POWER 861F9A98
Device \Driver\IdeChnDr \Device\Ide\IdeDeviceP1T1L0 IRP_MJ_SYSTEM_CONTROL 861F9A98
Device \Driver\IdeChnDr \Device\Ide\IdeDeviceP1T1L0 IRP_MJ_DEVICE_CHANGE 861F9A98
Device \Driver\IdeChnDr \Device\Ide\IdeDeviceP1T1L0 IRP_MJ_QUERY_QUOTA 861F9A98
Device \Driver\IdeChnDr \Device\Ide\IdeDeviceP1T1L0 IRP_MJ_SET_QUOTA 861F9A98
Device \Driver\IdeChnDr \Device\Ide\IdeDeviceP1T1L0 IRP_MJ_PNP 861F9A98
Device \Driver\IdeChnDr \Device\Ide\IdeDeviceP0T0L0 IRP_MJ_CREATE 861F9A98
Device \Driver\IdeChnDr \Device\Ide\IdeDeviceP0T0L0 IRP_MJ_CREATE_NAMED_PIPE 861F9A98
Device \Driver\IdeChnDr \Device\Ide\IdeDeviceP0T0L0 IRP_MJ_CLOSE 861F9A98
Device \Driver\IdeChnDr \Device\Ide\IdeDeviceP0T0L0 IRP_MJ_READ 861F9A98
Device \Driver\IdeChnDr \Device\Ide\IdeDeviceP0T0L0 IRP_MJ_WRITE 861F9A98
Device \Driver\IdeChnDr \Device\Ide\IdeDeviceP0T0L0 IRP_MJ_QUERY_INFORMATION 861F9A98
Device \Driver\IdeChnDr \Device\Ide\IdeDeviceP0T0L0 IRP_MJ_SET_INFORMATION 861F9A98
Device \Driver\IdeChnDr \Device\Ide\IdeDeviceP0T0L0 IRP_MJ_QUERY_EA 861F9A98
Device \Driver\IdeChnDr \Device\Ide\IdeDeviceP0T0L0 IRP_MJ_SET_EA 861F9A98
Device \Driver\IdeChnDr \Device\Ide\IdeDeviceP0T0L0 IRP_MJ_FLUSH_BUFFERS 861F9A98
Device \Driver\IdeChnDr \Device\Ide\IdeDeviceP0T0L0 IRP_MJ_QUERY_VOLUME_INFORMATION 861F9A98
Device \Driver\IdeChnDr \Device\Ide\IdeDeviceP0T0L0 IRP_MJ_SET_VOLUME_INFORMATION 861F9A98
Device \Driver\IdeChnDr \Device\Ide\IdeDeviceP0T0L0 IRP_MJ_DIRECTORY_CONTROL 861F9A98
Device \Driver\IdeChnDr \Device\Ide\IdeDeviceP0T0L0 IRP_MJ_FILE_SYSTEM_CONTROL 861F9A98
Device \Driver\IdeChnDr \Device\Ide\IdeDeviceP0T0L0 IRP_MJ_DEVICE_CONTROL 861F9A98
Device \Driver\IdeChnDr \Device\Ide\IdeDeviceP0T0L0 IRP_MJ_INTERNAL_DEVICE_CONTROL 856E4110
Device \Driver\IdeChnDr \Device\Ide\IdeDeviceP0T0L0 IRP_MJ_SHUTDOWN 861F9A98
Device \Driver\IdeChnDr \Device\Ide\IdeDeviceP0T0L0 IRP_MJ_LOCK_CONTROL 861F9A98
Device \Driver\IdeChnDr \Device\Ide\IdeDeviceP0T0L0 IRP_MJ_CLEANUP 861F9A98
Device \Driver\IdeChnDr \Device\Ide\IdeDeviceP0T0L0 IRP_MJ_CREATE_MAILSLOT 861F9A98
Device \Driver\IdeChnDr \Device\Ide\IdeDeviceP0T0L0 IRP_MJ_QUERY_SECURITY 861F9A98
Device \Driver\IdeChnDr \Device\Ide\IdeDeviceP0T0L0 IRP_MJ_SET_SECURITY 861F9A98
Device \Driver\IdeChnDr \Device\Ide\IdeDeviceP0T0L0 IRP_MJ_POWER 861F9A98
Device \Driver\IdeChnDr \Device\Ide\IdeDeviceP0T0L0 IRP_MJ_SYSTEM_CONTROL 861F9A98
Device \Driver\IdeChnDr \Device\Ide\IdeDeviceP0T0L0 IRP_MJ_DEVICE_CHANGE 861F9A98
Device \Driver\IdeChnDr \Device\Ide\IdeDeviceP0T0L0 IRP_MJ_QUERY_QUOTA 861F9A98
Device \Driver\IdeChnDr \Device\Ide\IdeDeviceP0T0L0 IRP_MJ_SET_QUOTA 861F9A98
Device \Driver\IdeChnDr \Device\Ide\IdeDeviceP0T0L0 IRP_MJ_PNP 861F9A98
Device \Driver\IdeChnDr \Device\Ide\IdeChnDr0 IRP_MJ_CREATE 861F9A98
Device \Driver\IdeChnDr \Device\Ide\IdeChnDr0 IRP_MJ_CREATE_NAMED_PIPE 861F9A98
Device \Driver\IdeChnDr \Device\Ide\IdeChnDr0 IRP_MJ_CLOSE 861F9A98
Device \Driver\IdeChnDr \Device\Ide\IdeChnDr0 IRP_MJ_READ 861F9A98
Device \Driver\IdeChnDr \Device\Ide\IdeChnDr0 IRP_MJ_WRITE 861F9A98
Device \Driver\IdeChnDr \Device\Ide\IdeChnDr0 IRP_MJ_QUERY_INFORMATION 861F9A98
Device \Driver\IdeChnDr \Device\Ide\IdeChnDr0 IRP_MJ_SET_INFORMATION 861F9A98
Device \Driver\IdeChnDr \Device\Ide\IdeChnDr0 IRP_MJ_QUERY_EA 861F9A98
Device \Driver\IdeChnDr \Device\Ide\IdeChnDr0 IRP_MJ_SET_EA 861F9A98
Device \Driver\IdeChnDr \Device\Ide\IdeChnDr0 IRP_MJ_FLUSH_BUFFERS 861F9A98
Device \Driver\IdeChnDr \Device\Ide\IdeChnDr0 IRP_MJ_QUERY_VOLUME_INFORMATION 861F9A98
Device \Driver\IdeChnDr \Device\Ide\IdeChnDr0 IRP_MJ_SET_VOLUME_INFORMATION 861F9A98
Device \Driver\IdeChnDr \Device\Ide\IdeChnDr0 IRP_MJ_DIRECTORY_CONTROL 861F9A98
Device \Driver\IdeChnDr \Device\Ide\IdeChnDr0 IRP_MJ_FILE_SYSTEM_CONTROL 861F9A98
Device \Driver\IdeChnDr \Device\Ide\IdeChnDr0 IRP_MJ_DEVICE_CONTROL 861F9A98
Device \Driver\IdeChnDr \Device\Ide\IdeChnDr0 IRP_MJ_INTERNAL_DEVICE_CONTROL 856E4110
Device \Driver\IdeChnDr \Device\Ide\IdeChnDr0 IRP_MJ_SHUTDOWN 861F9A98
Device \Driver\IdeChnDr \Device\Ide\IdeChnDr0 IRP_MJ_LOCK_CONTROL 861F9A98
Device \Driver\IdeChnDr \Device\Ide\IdeChnDr0 IRP_MJ_CLEANUP 861F9A98
Device \Driver\IdeChnDr \Device\Ide\IdeChnDr0 IRP_MJ_CREATE_MAILSLOT 861F9A98
Device \Driver\IdeChnDr \Device\Ide\IdeChnDr0 IRP_MJ_QUERY_SECURITY 861F9A98
Device \Driver\IdeChnDr \Device\Ide\IdeChnDr0 IRP_MJ_SET_SECURITY 861F9A98
Device \Driver\IdeChnDr \Device\Ide\IdeChnDr0 IRP_MJ_POWER 861F9A98
Device \Driver\IdeChnDr \Device\Ide\IdeChnDr0 IRP_MJ_SYSTEM_CONTROL 861F9A98
Device \Driver\IdeChnDr \Device\Ide\IdeChnDr0 IRP_MJ_DEVICE_CHANGE 861F9A98
Device \Driver\IdeChnDr \Device\Ide\IdeChnDr0 IRP_MJ_QUERY_QUOTA 861F9A98
Device \Driver\IdeChnDr \Device\Ide\IdeChnDr0 IRP_MJ_SET_QUOTA 861F9A98
Device \Driver\IdeChnDr \Device\Ide\IdeChnDr0 IRP_MJ_PNP 861F9A98
Device \Driver\IdeChnDr \Device\Ide\IdeChnDr1 IRP_MJ_CREATE 861F9A98
Device \Driver\IdeChnDr \Device\Ide\IdeChnDr1 IRP_MJ_CREATE_NAMED_PIPE 861F9A98
Device \Driver\IdeChnDr \Device\Ide\IdeChnDr1 IRP_MJ_CLOSE 861F9A98
Device \Driver\IdeChnDr \Device\Ide\IdeChnDr1 IRP_MJ_READ 861F9A98
Device \Driver\IdeChnDr \Device\Ide\IdeChnDr1 IRP_MJ_WRITE 861F9A98
Device \Driver\IdeChnDr \Device\Ide\IdeChnDr1 IRP_MJ_QUERY_INFORMATION 861F9A98
Device \Driver\IdeChnDr \Device\Ide\IdeChnDr1 IRP_MJ_SET_INFORMATION 861F9A98
Device \Driver\IdeChnDr \Device\Ide\IdeChnDr1 IRP_MJ_QUERY_EA 861F9A98
Device \Driver\IdeChnDr \Device\Ide\IdeChnDr1 IRP_MJ_SET_EA 861F9A98
Device \Driver\IdeChnDr \Device\Ide\IdeChnDr1 IRP_MJ_FLUSH_BUFFERS 861F9A98
Device \Driver\IdeChnDr \Device\Ide\IdeChnDr1 IRP_MJ_QUERY_VOLUME_INFORMATION 861F9A98
Device \Driver\IdeChnDr \Device\Ide\IdeChnDr1 IRP_MJ_SET_VOLUME_INFORMATION 861F9A98
Device \Driver\IdeChnDr \Device\Ide\IdeChnDr1 IRP_MJ_DIRECTORY_CONTROL 861F9A98
Device \Driver\IdeChnDr \Device\Ide\IdeChnDr1 IRP_MJ_FILE_SYSTEM_CONTROL 861F9A98
Device \Driver\IdeChnDr \Device\Ide\IdeChnDr1 IRP_MJ_DEVICE_CONTROL 861F9A98
Device \Driver\IdeChnDr \Device\Ide\IdeChnDr1 IRP_MJ_INTERNAL_DEVICE_CONTROL 856E4110
Device \Driver\IdeChnDr \Device\Ide\IdeChnDr1 IRP_MJ_SHUTDOWN 861F9A98
Device \Driver\IdeChnDr \Device\Ide\IdeChnDr1 IRP_MJ_LOCK_CONTROL 861F9A98
Device \Driver\IdeChnDr \Device\Ide\IdeChnDr1 IRP_MJ_CLEANUP 861F9A98
Device \Driver\IdeChnDr \Device\Ide\IdeChnDr1 IRP_MJ_CREATE_MAILSLOT 861F9A98
Device \Driver\IdeChnDr \Device\Ide\IdeChnDr1 IRP_MJ_QUERY_SECURITY 861F9A98
Device \Driver\IdeChnDr \Device\Ide\IdeChnDr1 IRP_MJ_SET_SECURITY 861F9A98
Device \Driver\IdeChnDr \Device\Ide\IdeChnDr1 IRP_MJ_POWER 861F9A98
Device \Driver\IdeChnDr \Device\Ide\IdeChnDr1 IRP_MJ_SYSTEM_CONTROL 861F9A98
Device \Driver\IdeChnDr \Device\Ide\IdeChnDr1 IRP_MJ_DEVICE_CHANGE 861F9A98
Device \Driver\IdeChnDr \Device\Ide\IdeChnDr1 IRP_MJ_QUERY_QUOTA 861F9A98
Device \Driver\IdeChnDr \Device\Ide\IdeChnDr1 IRP_MJ_SET_QUOTA 861F9A98
Device \Driver\IdeChnDr \Device\Ide\IdeChnDr1 IRP_MJ_PNP 861F9A98
Device \Driver\USBSTOR \Device\000000b1 IRP_MJ_CREATE 85716790
Device \Driver\USBSTOR \Device\000000b1 IRP_MJ_CLOSE 85716790
Device \Driver\USBSTOR \Device\000000b1 IRP_MJ_READ 85716790
Device \Driver\USBSTOR \Device\000000b1 IRP_MJ_WRITE 85716790
Device \Driver\USBSTOR \Device\000000b1 IRP_MJ_DEVICE_CONTROL 85716790
Device \Driver\USBSTOR \Device\000000b1 IRP_MJ_INTERNAL_DEVICE_CONTROL [F77908B4] sfsync02.sys
Device \Driver\USBSTOR \Device\000000b1 IRP_MJ_POWER 85716790
Device \Driver\USBSTOR \Device\000000b1 IRP_MJ_SYSTEM_CONTROL 85716790
Device \Driver\USBSTOR \Device\000000b1 IRP_MJ_PNP 85716790
Device \Driver\prohlp02 \Device\ProHlp02 IRP_MJ_CREATE E199BF10
Device \Driver\prohlp02 \Device\ProHlp02 IRP_MJ_CLOSE E199BF10
Device \Driver\prohlp02 \Device\ProHlp02 IRP_MJ_DEVICE_CONTROL E199BF10
Device \Driver\NetBT \Device\NetBt_Wins_Export IRP_MJ_CREATE 85CEC1E8
Device \Driver\NetBT \Device\NetBt_Wins_Export IRP_MJ_CLOSE 85CEC1E8
Device \Driver\NetBT \Device\NetBt_Wins_Export IRP_MJ_DEVICE_CONTROL 85CEC1E8
Device \Driver\NetBT \Device\NetBt_Wins_Export IRP_MJ_INTERNAL_DEVICE_CONTROL 85CEC1E8
Device \Driver\NetBT \Device\NetBt_Wins_Export IRP_MJ_CLEANUP 85CEC1E8
Device \Driver\NetBT \Device\NetBt_Wins_Export IRP_MJ_PNP 85CEC1E8
Device \Driver\NetBT \Device\NetbiosSmb IRP_MJ_CREATE 85CEC1E8
Device \Driver\NetBT \Device\NetbiosSmb IRP_MJ_CLOSE 85CEC1E8
Device \Driver\NetBT \Device\NetbiosSmb IRP_MJ_DEVICE_CONTROL 85CEC1E8
Device \Driver\NetBT \Device\NetbiosSmb IRP_MJ_INTERNAL_DEVICE_CONTROL 85CEC1E8
Device \Driver\NetBT \Device\NetbiosSmb IRP_MJ_CLEANUP 85CEC1E8
Device \Driver\NetBT \Device\NetbiosSmb IRP_MJ_PNP 85CEC1E8
Device \FileSystem\Srv \Device\LanmanServer IRP_MJ_READ 854EE560
Device \Driver\usbuhci \Device\USBFDO-0 IRP_MJ_CREATE 861F1790
Device \Driver\usbuhci \Device\USBFDO-0 IRP_MJ_CLOSE 861F1790
Device \Driver\usbuhci \Device\USBFDO-0 IRP_MJ_DEVICE_CONTROL 861F1790
Device \Driver\usbuhci \Device\USBFDO-0 IRP_MJ_INTERNAL_DEVICE_CONTROL 861F1790
Device \Driver\usbuhci \Device\USBFDO-0 IRP_MJ_POWER 861F1790
Device \Driver\usbuhci \Device\USBFDO-0 IRP_MJ_SYSTEM_CONTROL 861F1790
Device \Driver\usbuhci \Device\USBFDO-0 IRP_MJ_PNP 861F1790
Device \Driver\usbuhci \Device\USBFDO-1 IRP_MJ_CREATE 861F1790
Device \Driver\usbuhci \Device\USBFDO-1 IRP_MJ_CLOSE 861F1790
Device \Driver\usbuhci \Device\USBFDO-1 IRP_MJ_DEVICE_CONTROL 861F1790
Device \Driver\usbuhci \Device\USBFDO-1 IRP_MJ_INTERNAL_DEVICE_CONTROL 861F1790
Device \Driver\usbuhci \Device\USBFDO-1 IRP_MJ_POWER 861F1790
Device \Driver\usbuhci \Device\USBFDO-1 IRP_MJ_SYSTEM_CONTROL 861F1790
Device \Driver\usbuhci \Device\USBFDO-1 IRP_MJ_PNP 861F1790
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_CREATE 85876790
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_CREATE_NAMED_PIPE 85876790
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_CLOSE 85876790
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_READ 8608D7F8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_WRITE 85876790
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_QUERY_INFORMATION 85876790
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SET_INFORMATION 85876790
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_QUERY_EA 85876790
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SET_EA 85876790
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_FLUSH_BUFFERS 85876790
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_QUERY_VOLUME_INFORMATION 85876790
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SET_VOLUME_INFORMATION 85876790
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_DIRECTORY_CONTROL 85876790
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_FILE_SYSTEM_CONTROL 85876790
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_DEVICE_CONTROL 85876790
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_INTERNAL_DEVICE_CONTROL 85876790
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SHUTDOWN 85876790
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_LOCK_CONTROL 85876790
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_CLEANUP 85876790
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_CREATE_MAILSLOT 85876790
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_QUERY_SECURITY 85876790
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SET_SECURITY 85876790
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_POWER 85876790
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SYSTEM_CONTROL 85876790
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_DEVICE_CHANGE 85876790
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_QUERY_QUOTA 85876790
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SET_QUOTA 85876790
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_PNP 85876790
Device \Driver\usbuhci \Device\USBFDO-2 IRP_MJ_CREATE 861F1790
Device \Driver\usbuhci \Device\USBFDO-2 IRP_MJ_CLOSE 861F1790
Device \Driver\usbuhci \Device\USBFDO-2 IRP_MJ_DEVICE_CONTROL 861F1790
Device \Driver\usbuhci \Device\USBFDO-2 IRP_MJ_INTERNAL_DEVICE_CONTROL 861F1790
Device \Driver\usbuhci \Device\USBFDO-2 IRP_MJ_POWER 861F1790
Device \Driver\usbuhci \Device\USBFDO-2 IRP_MJ_SYSTEM_CONTROL 861F1790
Device \Driver\usbuhci \Device\USBFDO-2 IRP_MJ_PNP 861F1790
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_CREATE 85876790
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_CREATE_NAMED_PIPE 85876790
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_CLOSE 85876790
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_READ 8608D7F8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_WRITE 85876790
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_QUERY_INFORMATION 85876790
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SET_INFORMATION 85876790
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_QUERY_EA 85876790
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SET_EA 85876790
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_FLUSH_BUFFERS 85876790
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_QUERY_VOLUME_INFORMATION 85876790
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SET_VOLUME_INFORMATION 85876790
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_DIRECTORY_CONTROL 85876790
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_FILE_SYSTEM_CONTROL 85876790
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_DEVICE_CONTROL 85876790
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_INTERNAL_DEVICE_CONTROL 85876790
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SHUTDOWN 85876790
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_LOCK_CONTROL 85876790
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_CLEANUP 85876790
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_CREATE_MAILSLOT 85876790
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_QUERY_SECURITY 85876790
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SET_SECURITY 85876790
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_POWER 85876790
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SYSTEM_CONTROL 85876790
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_DEVICE_CHANGE 85876790
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_QUERY_QUOTA 85876790
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SET_QUOTA 85876790
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_PNP 85876790
Device \Driver\usbehci \Device\USBFDO-3 IRP_MJ_CREATE 862091E8
Device \Driver\usbehci \Device\USBFDO-3 IRP_MJ_CLOSE 862091E8
Device \Driver\usbehci \Device\USBFDO-3 IRP_MJ_DEVICE_CONTROL 862091E8
Device \Driver\usbehci \Device\USBFDO-3 IRP_MJ_INTERNAL_DEVICE_CONTROL 862091E8
Device \Driver\usbehci \Device\USBFDO-3 IRP_MJ_POWER 862091E8
Device \Driver\usbehci \Device\USBFDO-3 IRP_MJ_SYSTEM_CONTROL 862091E8
Device \Driver\usbehci \Device\USBFDO-3 IRP_MJ_PNP 862091E8
Device \Driver\NetBT \Device\NetBT_Tcpip_{BB6A99A2-6C1E-42F7-9D52-B176171688B3} IRP_MJ_CREATE 85CEC1E8
Device \Driver\NetBT \Device\NetBT_Tcpip_{BB6A99A2-6C1E-42F7-9D52-B176171688B3} IRP_MJ_CLOSE 85CEC1E8
Device \Driver\NetBT \Device\NetBT_Tcpip_{BB6A99A2-6C1E-42F7-9D52-B176171688B3} IRP_MJ_DEVICE_CONTROL 85CEC1E8
Device \Driver\NetBT \Device\NetBT_Tcpip_{BB6A99A2-6C1E-42F7-9D52-B176171688B3} IRP_MJ_INTERNAL_DEVICE_CONTROL 85CEC1E8
Device \Driver\NetBT \Device\NetBT_Tcpip_{BB6A99A2-6C1E-42F7-9D52-B176171688B3} IRP_MJ_CLEANUP 85CEC1E8
Device \Driver\NetBT \Device\NetBT_Tcpip_{BB6A99A2-6C1E-42F7-9D52-B176171688B3} IRP_MJ_PNP 85CEC1E8
Device \FileSystem\Npfs \Device\NamedPipe IRP_MJ_READ 86091108
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_CREATE 873CB1E8
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_READ 873CB1E8
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_WRITE 873CB1E8
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_FLUSH_BUFFERS 873CB1E8
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_DEVICE_CONTROL 873CB1E8
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_INTERNAL_DEVICE_CONTROL 873CB1E8
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_SHUTDOWN 873CB1E8
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_CLEANUP 873CB1E8
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_POWER 873CB1E8
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_SYSTEM_CONTROL 873CB1E8
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_PNP 873CB1E8
Device \FileSystem\Msfs \Device\Mailslot IRP_MJ_READ 85DC80C8
Device \Driver\a347scsi \Device\Scsi\a347scsi1 IRP_MJ_CREATE 873411E8
Device \Driver\a347scsi \Device\Scsi\a347scsi1 IRP_MJ_CLOSE 873411E8
Device \Driver\a347scsi \Device\Scsi\a347scsi1 IRP_MJ_DEVICE_CONTROL 873411E8
Device \Driver\a347scsi \Device\Scsi\a347scsi1 IRP_MJ_INTERNAL_DEVICE_CONTROL 873411E8
Device \Driver\a347scsi \Device\Scsi\a347scsi1 IRP_MJ_POWER 873411E8
Device \Driver\a347scsi \Device\Scsi\a347scsi1 IRP_MJ_SYSTEM_CONTROL 873411E8
Device \Driver\a347scsi \Device\Scsi\a347scsi1 IRP_MJ_PNP 873411E8
Device \FileSystem\Fastfat \Fat IRP_MJ_CREATE 861D11E8
Device \FileSystem\Fastfat \Fat IRP_MJ_CLOSE 861D11E8
Device \FileSystem\Fastfat \Fat IRP_MJ_READ 856CCAF8
Device \FileSystem\Fastfat \Fat IRP_MJ_WRITE 861D11E8
Device \FileSystem\Fastfat \Fat IRP_MJ_QUERY_INFORMATION 861D11E8
Device \FileSystem\Fastfat \Fat IRP_MJ_SET_INFORMATION 861D11E8
Device \FileSystem\Fastfat \Fat IRP_MJ_QUERY_EA 861D11E8
Device \FileSystem\Fastfat \Fat IRP_MJ_SET_EA 861D11E8
Device \FileSystem\Fastfat \Fat IRP_MJ_FLUSH_BUFFERS 861D11E8
Device \FileSystem\Fastfat \Fat IRP_MJ_QUERY_VOLUME_INFORMATION 861D11E8
Device \FileSystem\Fastfat \Fat IRP_MJ_SET_VOLUME_INFORMATION 861D11E8
Device \FileSystem\Fastfat \Fat IRP_MJ_DIRECTORY_CONTROL 861D11E8
Device \FileSystem\Fastfat \Fat IRP_MJ_FILE_SYSTEM_CONTROL 861D11E8
Device \FileSystem\Fastfat \Fat IRP_MJ_DEVICE_CONTROL 861D11E8
Device \FileSystem\Fastfat \Fat IRP_MJ_SHUTDOWN 861D11E8
Device \FileSystem\Fastfat \Fat IRP_MJ_LOCK_CONTROL 861D11E8
Device \FileSystem\Fastfat \Fat IRP_MJ_CLEANUP 861D11E8
Device \FileSystem\Fastfat \Fat IRP_MJ_PNP 861D11E8
Device \FileSystem\Fs_Rec \FileSystem\UdfsCdRomRecognizer IRP_MJ_READ 86080FB0
Device \FileSystem\Fs_Rec \FileSystem\FatCdRomRecognizer IRP_MJ_READ 86080FB0
Device \FileSystem\Fs_Rec \FileSystem\CdfsRecognizer IRP_MJ_READ 86080FB0
Device \FileSystem\Fs_Rec \FileSystem\FatDiskRecognizer IRP_MJ_READ 86080FB0
Device \FileSystem\Fs_Rec \FileSystem\UdfsDiskRecognizer IRP_MJ_READ 86080FB0
Device \FileSystem\Cdfs \Cdfs IRP_MJ_CREATE 857181E8
Device \FileSystem\Cdfs \Cdfs IRP_MJ_CLOSE 857181E8
Device \FileSystem\Cdfs \Cdfs IRP_MJ_READ 85718C10
Device \FileSystem\Cdfs \Cdfs IRP_MJ_QUERY_INFORMATION 857181E8
Device \FileSystem\Cdfs \Cdfs IRP_MJ_SET_INFORMATION 857181E8
Device \FileSystem\Cdfs \Cdfs IRP_MJ_QUERY_VOLUME_INFORMATION 857181E8
Device \FileSystem\Cdfs \Cdfs IRP_MJ_DIRECTORY_CONTROL 857181E8
Device \FileSystem\Cdfs \Cdfs IRP_MJ_FILE_SYSTEM_CONTROL 857181E8
Device \FileSystem\Cdfs \Cdfs IRP_MJ_DEVICE_CONTROL 857181E8
Device \FileSystem\Cdfs \Cdfs IRP_MJ_SHUTDOWN 857181E8
Device \FileSystem\Cdfs \Cdfs IRP_MJ_LOCK_CONTROL 857181E8
Device \FileSystem\Cdfs \Cdfs IRP_MJ_CLEANUP 857181E8
Device \FileSystem\Cdfs \Cdfs IRP_MJ_PNP 857181E8

---- Modules - GMER 1.0.12 ----

Module ____________ F7550000

---- Files - GMER 1.0.12 ----

ADS C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:C946DB94
ADS C:\Dokumente und Einstellungen\Axel\Favoriten\Geld\Postbank direkt.url:favicon
ADS C:\Dokumente und Einstellungen\HelpAssistant.DH3WXK0J\Favoriten\Geld\Postbank direkt.url:favicon
ADS C:\Dokumente und Einstellungen\Peter.DH3WXK0J:zylomtest
ADS C:\Dokumente und Einstellungen\Peter.DH3WXK0J:zylomtr{000HQ7FF-AD7A-3FG4-MO09-24UF17SCEVT1}
ADS C:\RECYCLER\S-1-5-21-3753018816-3508293876-2501954535-500\Dc98.INF:SummaryInformation
ADS C:\RECYCLER\S-1-5-21-3753018816-3508293876-2501954535-500\Dc98.INF:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}

---- EOF - GMER 1.0.12 ----

**Shaba** · 2009-12-30, 11:09

We will continue with ComboFix.exe. Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingcomputer.com/comb...o-use-combofix

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Please include the C:\ComboFix.txt in your next reply for further review.

**The_Sandyman** · 2009-12-30, 16:39

Hi Shaba, thanks for quick reply. Here the log

ComboFix 09-12-29.05 - Axel 30.12.2009 15:56:34.1.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.49.1031.18.1023.691 [GMT 1:00]
ausgeführt von:: c:\dokumente und einstellungen\Axel\Desktop\ComboFix.exe
AV: AntiVir Desktop *On-access scanning disabled* (Outdated) {AD166499-45F9-482A-A743-FDD3350758C7}
AV: AntiVir PersonalEdition Classic Virenschutz *On-access scanning enabled* (Updated) {00000000-0000-0000-0000-000000000000}
AV: AntiVir PersonalEdition Classic Virenschutz *On-access scanning enabled* (Updated) {804E5358-FFA4-00DA-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virenschutz *On-access scanning enabled* (Updated) {804E5358-FFA4-00EB-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virenschutz *On-access scanning enabled* (Updated) {804E5358-FFA4-00FC-0D24-347CA8A3377C}
.

(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\dokumente und einstellungen\Axel\Anwendungsdaten\.#
C:\LOG.TXT
c:\programme\\setup.exe
c:\recycler\S-1-5-21-3753018816-3508293876-2501954535-1009
c:\windows\pi.exe
c:\windows\system32\Data
c:\windows\system32\Thumbs.db
c:\windows\unins000.dat
c:\windows\unins000.exe

.
((((((((((((((((((((((( Dateien erstellt von 2009-11-28 bis 2009-12-30 ))))))))))))))))))))))))))))))
.

2009-12-25 16:43 . 2009-12-25 16:43 -------- d-----w- c:\programme\Trend Micro
2009-12-24 13:46 . 2009-12-24 13:47 -------- d-----w- c:\windows\048298C9A4D3490B9FF9AB023A9238F3.TMP
2009-12-24 11:33 . 2009-12-24 11:33 -------- d-----w- c:\dokumente und einstellungen\HelpAssistant.DH3WXK0J\WINDOWS
2009-12-24 11:33 . 2009-12-24 11:33 -------- d-----w- c:\dokumente und einstellungen\HelpAssistant.DH3WXK0J\UserData
2009-12-24 11:33 . 2009-12-24 11:33 -------- d-----w- c:\dokumente und einstellungen\HelpAssistant.DH3WXK0J\presets
2009-12-24 11:26 . 2009-12-24 11:26 -------- d-----w- c:\dokumente und einstellungen\HelpAssistant.DH3WXK0J\InstallAnywhere
2009-12-24 11:26 . 2009-12-24 11:26 -------- d-----w- c:\dokumente und einstellungen\HelpAssistant.DH3WXK0J\Incomplete
2009-12-24 11:26 . 2009-12-24 11:26 -------- d-----w- c:\dokumente und einstellungen\HelpAssistant.DH3WXK0J\ElsterFormular
2009-12-24 11:21 . 2009-12-24 11:21 -------- d-----w- c:\dokumente und einstellungen\HelpAssistant.DH3WXK0J\Bluetooth Software
2009-12-24 07:32 . 2009-12-24 07:32 -------- d--h--r- c:\dokumente und einstellungen\HelpAssistant\Anwendungsdaten
2009-12-13 16:13 . 2009-12-24 13:58 -------- d-----w- c:\programme\Steam
2009-12-12 09:28 . 2009-12-12 09:28 -------- d-----w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\Ubisoft

.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-12-25 00:24 . 2004-07-23 17:02 -------- d-----w- c:\programme\Spybot - Search & Destroy
2009-12-24 14:39 . 2008-10-11 13:40 -------- d-----w- c:\programme\7-Zip
2009-12-24 14:17 . 2005-02-22 13:27 -------- d-----w- c:\programme\EA SPORTS
2009-12-24 13:51 . 2002-12-02 11:08 -------- d--h--w- c:\programme\InstallShield Installation Information
2009-12-21 16:51 . 2008-11-16 16:46 1629 ----a-w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\xmlB3.tmp
2009-12-21 16:51 . 2008-11-16 16:46 13827 ----a-w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\xmlB2.tmp
2009-12-21 16:51 . 2008-11-16 16:46 7420 ----a-w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\xmlB1.tmp
2009-12-21 16:16 . 2005-01-24 15:54 -------- d-----w- c:\programme\UBISOFT
2009-12-21 16:14 . 2007-06-01 14:16 -------- d-----w- c:\dokumente und einstellungen\Peter.DH3WXK0J\Anwendungsdaten\ICQ
2009-12-13 08:56 . 2002-12-21 12:04 63928 -c--a-w- c:\dokumente und einstellungen\Axel\Lokale Einstellungen\Anwendungsdaten\GDIPFONTCACHEV1.DAT
2009-12-12 09:27 . 2009-12-12 09:27 22328 ----a-w- c:\dokumente und einstellungen\Axel\Anwendungsdaten\PnkBstrK.sys
2009-12-12 09:27 . 2008-11-21 20:13 22328 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2009-12-12 09:27 . 2008-11-21 20:13 107832 ----a-w- c:\windows\system32\PnkBstrB.exe
2009-12-12 09:27 . 2008-11-21 20:13 2337865 ----a-w- c:\windows\system32\pbsvc.exe
2009-12-11 16:39 . 2009-04-18 08:31 -------- d-----w- c:\dokumente und einstellungen\Axel\Anwendungsdaten\Move Networks
2009-12-11 15:14 . 2002-12-02 10:58 543930 ----a-w- c:\windows\system32\PERFH007.DAT
2009-12-11 15:14 . 2002-12-02 10:58 104398 ----a-w- c:\windows\system32\PERFC007.DAT
2009-12-08 13:07 . 2009-11-20 22:40 56816 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2009-12-04 20:46 . 2009-10-02 13:47 -------- d-----w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\TrackMania
2009-12-04 20:16 . 2004-09-16 16:14 62752 ----a-w- c:\dokumente und einstellungen\Peter.DH3WXK0J\Lokale Einstellungen\Anwendungsdaten\GDIPFONTCACHEV1.DAT
2009-11-29 16:53 . 2009-11-29 12:10 -------- d-----w- c:\programme\Schrankplaner2
2009-11-27 13:26 . 2009-10-17 07:36 3152 ----a-w- c:\dokumente und einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\FontCache3.0.0.0.dat
2009-11-20 23:34 . 2009-11-20 23:34 -------- d-----w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\NVIDIA Corporation
2009-11-20 23:34 . 2009-11-20 23:34 -------- d-----w- c:\programme\NVIDIA Corporation
2009-11-20 23:18 . 2009-11-20 23:18 -------- d-----w- c:\programme\Avira
2009-11-20 23:18 . 2009-11-20 23:18 -------- d-----w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\Avira
2009-11-20 22:01 . 2008-11-23 23:01 -------- d-----w- c:\programme\SystemRequirementsLab
2009-11-20 21:58 . 2009-11-20 21:58 -------- d-----w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\AntiVir PersonalEdition Classic
2009-11-16 20:31 . 2009-11-16 20:31 -------- d-----w- c:\programme\Sony
2009-11-16 20:22 . 2005-09-05 19:32 -------- d-----w- c:\programme\Google
2009-11-15 22:19 . 2006-01-14 11:02 -------- d-----w- c:\dokumente und einstellungen\Peter.DH3WXK0J\Anwendungsdaten\LimeWire
2009-11-15 17:11 . 2006-01-23 21:09 -------- d-----w- c:\programme\TraXEx
2009-11-09 20:22 . 2005-11-24 20:50 -------- d-----w- c:\programme\PDFCreator
2009-11-08 11:33 . 2002-12-14 16:23 -------- d-----w- c:\programme\Microsoft Games
2009-10-22 15:58 . 2009-09-28 18:25 25 ----a-w- c:\windows\popcinfot.dat
2009-10-21 05:38 . 2004-09-15 19:56 25088 ----a-w- c:\windows\system32\httpapi.dll
2009-10-21 05:38 . 2004-09-15 19:55 75776 ----a-w- c:\windows\system32\strmfilt.dll
2009-10-20 16:20 . 2004-09-15 19:56 265728 ------w- c:\windows\system32\drivers\http.sys
2009-10-13 10:32 . 2003-10-29 22:15 271360 ----a-w- c:\windows\system32\oakley.dll
2009-10-12 13:38 . 2003-10-29 22:15 79872 ----a-w- c:\windows\system32\raschap.dll
2009-10-12 13:38 . 2003-10-29 22:15 150528 ----a-w- c:\windows\system32\rastls.dll
2008-12-21 11:49 . 2008-12-21 11:49 1829 ---ha-r- c:\programme\MT6.DSC
2008-01-31 13:29 . 2008-01-31 13:29 1930768 ----a-w- c:\programme\MathType.exe
2008-01-31 12:43 . 2008-01-31 12:43 1099195 ----a-w- c:\programme\MT6DEU.chm
2008-01-07 13:09 . 2008-01-07 13:09 45731 ---h--w- c:\programme\Setup.inf
2007-10-30 06:45 . 2007-10-30 06:45 1133935 ----a-w- c:\programme\MT6enu.chm
2002-12-15 15:31 . 2002-12-15 15:28 1861545 -c--a-w- c:\programme\Uninst.isu
2002-09-06 18:38 . 2002-12-15 15:28 3525034 ----a-w- c:\programme\Sims.exe
1999-10-29 23:33 . 2002-12-15 15:28 835628 -c--a-w- c:\programme\gimex.dll
1999-02-09 09:46 . 2002-12-15 15:28 137728 -c--a-w- c:\programme\ijl10.dll
2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\programme\mozilla firefox\plugins\libdivx.dll
2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\programme\mozilla firefox\plugins\ssldivx.dll
2006-05-03 09:06 . 2008-07-17 22:13 163328 --sh--r- c:\windows\SYSTEM32\flvDX.dll
2007-02-21 10:47 . 2008-07-17 22:13 31232 --sh--r- c:\windows\SYSTEM32\msfDX.dll
2008-03-16 12:30 . 2008-07-17 22:13 216064 --sh--r- c:\windows\SYSTEM32\nbDX.dll
.

(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
"DVDSentry"="c:\windows\System32\DSentry.exe" [2002-08-14 28672]
"SerExt"="SerExt.exe" [2002-10-22 221184]
"NeroCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"diagent"="c:\programme\Creative\SBLive\Diagnostics\diagent.exe" [2002-04-02 135264]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb04.exe" [2001-12-12 196608]
"Adobe Reader Speed Launcher"="c:\programme\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"avgnt"="c:\programme\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-09-27 13918208]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-09-27 86016]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]

c:\dokumente und einstellungen\All Users\Startmen\Programme\Autostart\
Microsoft Office.lnk - c:\programme\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
TraXEx 3.3.lnk - c:\programme\TraXEx\TraXEx.exe [2009-11-15 3881984]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Programme\\TrackMania\\TrackMania.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Programme\\FRITZ!DSL\\IGDCTRL.EXE"=
"c:\\Programme\\FRITZ!DSL\\FBOXUPD.EXE"=
"c:\\Programme\\Microsoft Games\\Age of Empires II\\EMPIRES2.ICD"=
"c:\\Programme\\TrackMania Nations ESWC\\TmNationsESWC.exe"=
"c:\\Programme\\Gadu-Gadu\\gg.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programme\\Mozilla Firefox\\firefox.exe"=
"c:\\Programme\\SiSoftware\\SiSoftware Sandra Lite 2009.SP1\\RpcAgentSrv.exe"=
"c:\\WINDOWS\\SYSTEM32\\PnkBstrA.exe"=
"c:\\WINDOWS\\SYSTEM32\\PnkBstrB.exe"=
"c:\\Programme\\TmNationsForever\\TmForever.exe"=
"c:\\Programme\\Steam\\Steam.exe"=
"c:\\Programme\\SiSoftware\\SiSoftware Sandra Lite 2009.SP1\\WNt500x86\\RpcSandraSrv.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"65533:TCP"= 65533:TCP:Services
"52344:TCP"= 52344:TCP:Services
"2479:TCP"= 2479:TCP:Services
"3323:TCP"= 3323:TCP:Services
"3389:TCP"= 3389:TCP:Remote Desktop
"3246:TCP"= 3246:TCP:Services
"8691:TCP"= 8691:TCP:Services
"9321:TCP"= 9321:TCP:Services

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)

R0 a347bus;a347bus;c:\windows\SYSTEM32\DRIVERS\a347bus.sys [24.05.2005 10:51 160640]
R0 a347scsi;a347scsi;c:\windows\SYSTEM32\DRIVERS\a347scsi.sys [24.05.2005 10:51 5248]
R2 AntiVirSchedulerService;Avira AntiVir Planer;c:\programme\Avira\AntiVir Desktop\sched.exe [21.11.2009 00:18 108289]
R2 AWISp50;AWISp50 NDIS Protocol Driver;c:\windows\SYSTEM32\DRIVERS\AWISp50.sys [13.07.2007 17:30 17664]
R2 libusbd;LibUsb-Win32 - Daemon, Version 0.1.10.1;system32\libusbd-nt.exe --> system32\libusbd-nt.exe [?]
R3 DectEnum;DectEnum;c:\windows\SYSTEM32\DRIVERS\DectEnum.sys [14.12.2002 18:44 9714]
R3 Gigser;Dect Serial Driver;c:\windows\SYSTEM32\DRIVERS\Gigser.sys [14.12.2002 18:44 58718]
R3 HRCMPA;ISDN Wan driver (Ver. 1.10.0021);c:\windows\SYSTEM32\DRIVERS\hrcmpa.sys [14.12.2002 18:44 253648]
R3 IUAPIWDM;ISDN USB Interface (Ver. 1.10.0021);c:\windows\SYSTEM32\DRIVERS\IUAPIWDM.sys [14.12.2002 18:44 49344]
R3 libusb0;LibUsb-Win32 - Kernel Driver, Version 0.1.10.1;c:\windows\SYSTEM32\DRIVERS\libusb0.sys [10.01.2009 23:08 33792]
R3 siellif;siellif;c:\windows\SYSTEM32\DRIVERS\siellif.sys [14.12.2002 18:44 115856]
S0 ElbyVCD;ElbyVCD;c:\windows\system32\DRIVERS\ElbyVCD.sys --> c:\windows\system32\DRIVERS\ElbyVCD.sys [?]
S1 atitray;atitray;\??\c:\programme\Ray Adams\ATI Tray Tools\atitray.sys --> c:\programme\Ray Adams\ATI Tray Tools\atitray.sys [?]
S2 MNQFRMLL;MNQFRMLL;\??\c:\windows\system32\mnqfrmll.jzv --> c:\windows\system32\mnqfrmll.jzv [?]
S3 Gigusb;Dect USB Driver;c:\windows\SYSTEM32\DRIVERS\Gigusb.sys [14.12.2002 18:44 59070]
S3 Isapfg;Isapfg;c:\windows\SYSTEM32\DRIVERS\mrxdav.sys [18.08.2001 06:00 180608]
S3 PSTRIP;PSTRIP;\??\c:\windows\system32\DRIVERS\PSTRIP.SYS --> c:\windows\system32\DRIVERS\PSTRIP.SYS [?]
S3 SandraAgentSrv;SiSoftware Deployment Agent Service;c:\programme\SiSoftware\SiSoftware Sandra Lite 2009.SP1\RpcAgentSrv.exe [16.11.2008 17:46 98488]
S3 xControlCOM;xControlCOM;c:\programme\T-Sinus 721\T-Sinus 721 PC\xControlCOM.exe [22.10.2002 10:42 339968]
S4 sptd;sptd;c:\windows\SYSTEM32\DRIVERS\sptd.sys [15.11.2007 16:29 685816]
.
Inhalt des "geplante Tasks" Ordners

2009-12-30 c:\windows\Tasks\AntiVir PersonalEdition Classic starten.job
- c:\progra~1\ANTIVI~1\avcenter.exe [2006-02-12 06:05]

2009-11-24 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\programme\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.de/
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
IE: Nach Microsoft &Excel exportieren - c:\progra~1\MICROS~4\Office10\EXCEL.EXE/3000
IE: {{6C7C0C9A-B51D-4ADB-A74D-C4E33744F866} - c:\programme\TraXEx\Integration\TraXEx Internet Explorer.lnk
IE: {{8DA7743F-9274-4BE8-899E-C0FF6ED61B00} - c:\programme\TraXEx\Integration\TraXEx Löschautomat.lnk
Handler: haufereader - {39198710-62F7-42CD-9458-069843FA5D32} - c:\programme\Haufe\HaufeReader\HRInstmon.dll
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\dokumente und einstellungen\Axel\Anwendungsdaten\Mozilla\Firefox\Profiles\dwbdk1u4.default\
FF - plugin: c:\dokumente und einstellungen\All Users\Anwendungsdaten\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll
FF - plugin: c:\dokumente und einstellungen\Axel\Anwendungsdaten\Mozilla\Firefox\Profiles\dwbdk1u4.default\extensions\moveplayer@movenetworks.com\platform\WINNT_x86-msvc\plugins\npmnqmp071303000004.dll
FF - plugin: c:\programme\Java\jre1.5.0_06\bin\NPJava11.dll
FF - plugin: c:\programme\Java\jre1.5.0_06\bin\NPJava12.dll
FF - plugin: c:\programme\Java\jre1.5.0_06\bin\NPJava13.dll
FF - plugin: c:\programme\Java\jre1.5.0_06\bin\NPJava14.dll
FF - plugin: c:\programme\Java\jre1.5.0_06\bin\NPJava32.dll
FF - plugin: c:\programme\Java\jre1.5.0_06\bin\NPJPI150_06.dll
FF - plugin: c:\programme\Java\jre1.5.0_06\bin\NPOJI610.dll
FF - plugin: c:\programme\Mozilla Firefox\plugins\npalnn.dll
FF - plugin: c:\programme\Mozilla Firefox\plugins\npzylomgamesplayer.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -

HKLM-Run-nwiz - c:\programme\NVIDIA Corporation\nView\nwiz.exe
AddRemove-Age of Empires 2.0 - c:\programme\Microsoft Games\Age of Empires II\UNINSTAL.EXE
AddRemove-DSMT6 - c:\programme\Setup.exe
AddRemove-IMG Tool - c:\dokumente und einstellungen\Axel\Desktop\IMG Tool\Uninstall.exe
AddRemove-mIRC - c:\program files\mIRC\mirc.exe
AddRemove-Mousotron Pro_is1 - c:\dokumente und einstellungen\Peter.DH3WXK0J\Desktop\maus\unins000.exe
AddRemove-NVIDIA nView Desktop Manager - c:\programme\NVIDIA Corporation\nView\nViewSetup.exe
AddRemove-Spybot - Search & Destroy_is1 - c:\windows\unins000.exe
AddRemove-TV3DDeinstKey - c:\tv3d\DeIsL1.isu

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-12-30 16:12
Windows 5.1.2600 Service Pack 3 NTFS

Scanne versteckte Prozesse...

Scanne versteckte Autostarteinträge...

Scanne versteckte Dateien...

Scan erfolgreich abgeschlossen
versteckte Dateien: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x85D8CFA8]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xf7853f28
\Driver\ACPI -> ACPI.sys @ 0xf76fdcb8
\Driver\atapi -> atapi.sys @ 0xf769d852
IoDeviceObjectType -> DeleteProcedure -> ntoskrnl.exe @ 0x805a05a9
ParseProcedure -> ntoskrnl.exe @ 0x8056ea15
\Device\Harddisk0\DR0 -> DeleteProcedure -> ntoskrnl.exe @ 0x805a05a9
ParseProcedure -> ntoskrnl.exe @ 0x8056ea15
NDIS: Intel(R) PRO/100 VE Network Connection -> SendCompleteHandler -> 0x85639530
PacketIndicateHandler -> NDIS.sys @ 0xf7546a21
SendHandler -> NDIS.sys @ 0xf752487b
user & kernel MBR OK

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MNQFRMLL]
"ImagePath"="\??\c:\windows\system32\mnqfrmll.jzv"
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\windows\system32\nvsvc32.exe
c:\programme\Avira\AntiVir Desktop\avguard.exe
c:\programme\FRITZ!DSL\IGDCTRL.EXE
c:\programme\WIDCOMM\Bluetooth Software\bin\btwdins.exe
c:\windows\System32\CTsvcCDA.exe
c:\windows\system32\libusbd-nt.exe
c:\programme\CDBurnerXP\NMSAccessU.exe
c:\windows\System32\MsPMSPSv.exe
c:\windows\system32\SerExt.exe
c:\windows\system32\RUNDLL32.EXE
.
**************************************************************************
.
Zeit der Fertigstellung: 2009-12-30 16:29:33 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2009-12-30 15:29

Vor Suchlauf: 23 Verzeichnis(se), 77.358.194.688 Bytes frei
Nach Suchlauf: 24 Verzeichnis(se), 77.782.806.528 Bytes frei

WindowsXP-KB310994-SP2-Home-BootDisk-DEU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn

Current=1 Default=1 Failed=0 LastKnownGood=2 Sets=,1,2,3
- - End Of File - - F1A5BD6990F4BD508C7D94293661B668

**Shaba** · 2009-12-31, 15:50

Please post also a fresh HijackThis log

**The_Sandyman** · 2009-12-31, 16:27

done

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:25:14, on 31.12.2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Unable to get Internet Explorer version!
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\Avira\AntiVir Desktop\sched.exe
C:\PROGRA~1\ANTIVI~1\avcenter.exe
C:\WINDOWS\Explorer.EXE
C:\Programme\Avira\AntiVir Desktop\avguard.exe
C:\Programme\FRITZ!DSL\IGDCTRL.EXE
C:\Programme\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\WINDOWS\system32\libusbd-nt.exe
C:\Programme\CDBurnerXP\NMSAccessU.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\System32\DSentry.exe
C:\WINDOWS\system32\SerExt.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
C:\Programme\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Programme\Avira\AntiVir Desktop\avgnt.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Programme\Creative\SBLive\Diagnostics\diagent.exe
C:\Programme\TraXEx\TraXEx.exe
C:\Programme\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.de/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: (no name) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - (no file)
O2 - BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.5.0_06\bin\ssv.dll
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [SerExt] SerExt.exe /plug
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [diagent] C:\Programme\Creative\SBLive\Diagnostics\diagent.exe startup
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programme\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Programme\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = C:\Programme\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: TraXEx 3.3.lnk = C:\Programme\TraXEx\TraXEx.exe
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: IE-Spuren löschen - {6C7C0C9A-B51D-4ADB-A74D-C4E33744F866} - C:\Programme\TraXEx\Integration\TraXEx Internet Explorer.lnk
O9 - Extra button: Löschautomat - {8DA7743F-9274-4BE8-899E-C0FF6ED61B00} - C:\Programme\TraXEx\Integration\TraXEx Löschautomat.lnk
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.co...?1095545767187
O16 - DPF: {90A29DA5-D020-4B18-8660-6689520C7CD7} - http://support.euro.dell.com/global/...r/PROFILER.CAB
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} - https://h17000.www1.hp.com/ewfrf-JAV...oadManager.ocx
O18 - Protocol: haufereader - {39198710-62F7-42CD-9458-069843FA5D32} - C:\Programme\Haufe\HaufeReader\HRInstmon.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Avira GmbH - C:\Programme\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Programme\Avira\AntiVir Desktop\avguard.exe
O23 - Service: AVM IGD CTRL Service - AVM Berlin - C:\Programme\FRITZ!DSL\IGDCTRL.EXE
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Programme\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: AVM FRITZ!web Routing Service (de_serv) - AVM Berlin - C:\Programme\Gemeinsame Dateien\AVM\de_serv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LibUsb-Win32 - Daemon, Version 0.1.10.1 (libusbd) - http://libusb-win32.sourceforge.net - C:\WINDOWS\system32\libusbd-nt.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Programme\Gemeinsame Dateien\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: NMSAccessU - Unknown owner - C:\Programme\CDBurnerXP\NMSAccessU.exe
O23 - Service: Intel(R) NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\System32\NMSSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SiSoftware Deployment Agent Service (SandraAgentSrv) - SiSoftware - C:\Programme\SiSoftware\SiSoftware Sandra Lite 2009.SP1\RpcAgentSrv.exe
O23 - Service: Sandra Data Service (SandraDataSrv) - Unknown owner - C:\Programme\SiSoftware\SiSoftware Sandra Lite 2007\Win32\RpcDataSrv.exe (file missing)
O23 - Service: Sandra Service (SandraTheSrv) - Unknown owner - C:\Programme\SiSoftware\SiSoftware Sandra Lite 2007\RpcSandraSrv.exe (file missing)
O23 - Service: xControlCOM - Siemens - C:\Programme\T-Sinus 721\T-Sinus 721 PC\xControlCOM.exe

--
End of file - 7857 bytes

**Shaba** · 2010-01-01, 15:40

Have you uninstalled IE?

**The_Sandyman** · 2010-01-01, 17:35

Hi,
Internet Explorer was originally installed and used on the PC- Since 3 years I do use only Firefox. Possible that there are still IE rests on the PC. Since the two HJT logs I did no de-istallation of any software.

Thread: Google Search Redirect

Thread Tools

Display

Google Search Redirect

Posting Permissions