Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung
Hijack zur Überprüfung nach Entfernung von AV Security

Hijack zur Überprüfung nach Entfernung von AV Security


Log-Analyse und Auswertung: Hijack zur Überprüfung nach Entfernung von AV Security

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML.

Antwort
Alt 20.06.2010, 13:32   #1
castol
 
Hijack zur Überprüfung nach Entfernung von AV Security - Standard

Hijack zur Überprüfung nach Entfernung von AV Security


OK...

Proxy ist deaktiviert, der ESET Scanner läuft noch und hier das neue log:

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Datenbank Version: 4217

Windows 6.0.6001 Service Pack 1
Internet Explorer 8.0.6001.18928

20.06.2010 14:30:38
mbam-log-2010-06-20 (14-30-38).txt

Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 140277
Laufzeit: 12 Minute(n), 57 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 3

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
C:\Users\Carsten u. Jessi\AppData\Local\Temp\eswcmaornx.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Users\Carsten u. Jessi\AppData\Local\Temp\rropyvnl.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Users\Carsten u. Jessi\AppData\Local\Temp\jgmkw.exe (Malware.Gen) -> Quarantined and deleted successfully.

Alt 20.06.2010, 13:44   #2
MalwareHero
 
Hijack zur Überprüfung nach Entfernung von AV Security - Standard

Hijack zur Überprüfung nach Entfernung von AV Security


Zitat:
Zitat von castol Beitrag anzeigen
C:\Users\Carsten u. Jessi\AppData\Local\Temp\eswcmaornx.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Users\Carsten u. Jessi\AppData\Local\Temp\rropyvnl.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
Der PC ist NICHT sauber. Diese Malware lädt andere Malware vom Netz runter.
Hier müssen wir gründlich ran.

Kennst du das:
Zitat:
C:\Windows\system32\drivers\aikc3eff.sys
(Kann von bestimmten Malwareanalyse tools stammen)

Sonst hier überprüfen: VirusTotal - Kostenloser online Viren- und Malwarescanner und log posten.

*************************
__________________

__________________
Alt 20.06.2010, 13:52   #3
castol
 
Hijack zur Überprüfung nach Entfernung von AV Security - Standard

Hijack zur Überprüfung nach Entfernung von AV Security


Die Datei aikc3eff.sys finde ich auf meinem Rechner nicht...
__________________
Alt 20.06.2010, 13:59   #4
MalwareHero
 
Hijack zur Überprüfung nach Entfernung von AV Security - Standard

Hijack zur Überprüfung nach Entfernung von AV Security


Zitat:
Zitat von castol Beitrag anzeigen
Die Datei aikc3eff.sys finde ich auf meinem Rechner nicht...
Füge den Dateipfad mal direkt bei Virus Total rein> Durchsuchen- und dann einfügen bei "Dateiname".

Rootkitscan:
Lade dir RootRepeal runter:

http://download.bleepingcomputer.com...RootRepeal.exe

mit rechtem mausklick als administrator öffnen/ausführen. Im Scanfenster suche unten in der Leiste Report klicke da drauf. > klicke Scan> alle Kästchen vor den scanalternativen anhaken, ok klicken> alle Festplatenkästchen anhaken> klicke ok. Der Scan startet, nach dem Scan kommt das Log hoch. Poste es hier.

************************
__________________
Arroganz ist das Selbstbewusstsein des Minderwertigkeitskomplexes.
(Jean Rostand)

Alt 20.06.2010, 14:29   #5
castol
 
Hijack zur Überprüfung nach Entfernung von AV Security - Standard

Hijack zur Überprüfung nach Entfernung von AV Security


Die Datei ist nicht bekannt...

Hier das Log:

Code:
ATTFilter
ROOTREPEAL (c) AD, 2007-2009
==================================================
Scan Start Time:		2010/06/20 15:03
Program Version:		Version 1.3.5.0
Windows Version:		Windows Vista SP1
==================================================

Drivers
-------------------
Name: dump_iaStor.sys
Image Path: C:\Windows\System32\Drivers\dump_iaStor.sys
Address: 0x8A9CF000	Size: 851968	File Visible: No	Signed: -
Status: -

Name: rootrepeal.sys
Image Path: C:\Windows\system32\drivers\rootrepeal.sys
Address: 0xAD85A000	Size: 49152	File Visible: No	Signed: -
Status: -

Name: spjw.sys
Image Path: C:\Windows\System32\Drivers\spjw.sys
Address: 0x8A239000	Size: 1048576	File Visible: No	Signed: -
Status: -

Name: sptd
Image Path: \Driver\sptd
Address: 0x00000000	Size: 0	File Visible: No	Signed: -
Status: -

Hidden/Locked Files
-------------------
Path: C:\hiberfil.sys
Status: Locked to the Windows API!

Path: C:\RootRepeal report 06-20-10 (15-03-33).txt
Status: Visible to the Windows API, but not on disk.

Path: C:\System Volume Information\{185d5985-7a93-11df-9c8a-001377d123f7}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{847f21f1-7c3f-11df-96ac-001377d123f7}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{847f21f7-7c3f-11df-96ac-001377d123f7}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{847f2226-7c3f-11df-96ac-001377d123f7}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{8abd6d85-7c3c-11df-9e7c-001377d123f7}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{c48118e3-79cc-11df-a07b-001377d123f7}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{e971e118-7b81-11df-a13e-001377d123f7}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\Windows\Media\WINDOW~1.WAV
Status: Locked to the Windows API!

Path: C:\Windows\Media\WINDOW~2.WAV
Status: Locked to the Windows API!

Path: C:\Windows\Media\WINDOW~4.WAV
Status: Locked to the Windows API!

Path: C:\Windows\System32\wbem\WGXINS~1.MOF
Status: Locked to the Windows API!

Path: C:\Windows\inf\.NET CLR Data\_DATAP~1.H
Status: Locked to the Windows API!

Path: C:\Windows\inf\.NET Data Provider for SqlServer\_DATAP~2.H
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.msxml2_6bd6b9abf345378f_4.20.9870.0_none_b7e00e6c7b30b69b.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.atl_1fc8b3b9a1e18e3b_8.0.50727.762_none_11ecb0ab9b2caf3c.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.21022.8_none_bcb86ed6ac711f91.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.msxml2r_6bd6b9abf345378f_4.1.0.0_none_3658456fda6654f6.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.762_none_0c178a139ee2a7ed.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.mfcloc_1fc8b3b9a1e18e3b_8.0.50727.42_none_58843c41d2730d3f.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.openmp_1fc8b3b9a1e18e3b_8.0.50727.762_none_7b33aa7d218504d2.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.mfcloc_1fc8b3b9a1e18e3b_8.0.50727.42_none_0e9c2a8d74fd3ce6.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.4.20.microsoft.msxml2_6bd6b9abf345378f_4.20.9876.0_none_a6e4a7980e9b18a2.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.9.0.microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.21022.8_none_60a5df56e60dc5df.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.openmp_1fc8b3b9a1e18e3b_8.0.50727.762_none_abac38a907ee8801.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc90.openmp_1fc8b3b9a1e18e3b_9.0.21022.8_none_ecdf8c290e547f39.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.762_none_10b2f55f9bffb8f8.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.9.0.microsoft.vc90.debugmfc_1fc8b3b9a1e18e3b_9.0.30729.1_none_5c94f2bbe7d4aaf6.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30304.0_none_d9c474bda3593bfa.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.42_none_54c11df268b7c6d9.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4053_none_d08d7da0442a985d.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.42_none_d6c3e7af9bae13a2.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.9.0.microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30304.0_none_7db1e53ddcf5e248.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.9.0.microsoft.vc90.mfc_1fc8b3b9a1e18e3b_9.0.30729.1_none_7dd1e0ebd6590e0b.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4053_none_516e2e610f48bda6.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.9.0.microsoft.vc90.debugcrt_1fc8b3b9a1e18e3b_9.0.30729.1_none_61305e07e4f1bc01.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.9.0.microsoft.vc90.mfcloc_1fc8b3b9a1e18e3b_9.0.30729.1_none_818f59bf601aa775.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc90.atl_1fc8b3b9a1e18e3b_9.0.30729.1_none_e29d1181971ae11e.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.163_none_10b3ea459bfee365.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.9.0.microsoft.vc90.atl_1fc8b3b9a1e18e3b_9.0.30729.1_none_81c25f21d3d46d84.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.4.20.microsoft.msxml2_6bd6b9abf345378f_4.20.9870.0_none_a6dea5dc0ea08098.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.atl_1fc8b3b9a1e18e3b_8.0.50727.42_none_dc990e4797f81af1.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.msxml2r_6bd6b9abf345378f_4.1.1.0_none_365945b9da656e4d.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc90.debugmfc_1fc8b3b9a1e18e3b_9.0.30729.1_none_bfff6c932d60651e.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.mfcloc_1fc8b3b9a1e18e3b_8.0.50727.762_none_8dd7dea5d5a7a18a.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.1_none_e163563597edeada.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.42_none_5c4003bc63e949f6.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc90.mfcloc_1fc8b3b9a1e18e3b_9.0.30729.1_none_da4695fc507e16e1.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.4.1.microsoft.msxml2r_6bd6b9abf345378f_4.1.1.0_none_8b7b15c031cda6db.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.msxml2_6bd6b9abf345378f_4.20.9876.0_none_b7e610287b2b4ea5.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.9.0.microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.1_none_8550c6b5d18a9128.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc90.mfc_1fc8b3b9a1e18e3b_9.0.30729.1_none_dcc7eae99ad0d9cf.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.atl_1fc8b3b9a1e18e3b_8.0.50727.42_none_58b19c2866332652.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.atl_1fc8b3b9a1e18e3b_8.0.50727.762_none_8e053e8c6967ba9d.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.9.0.microsoft.vc90.openmp_1fc8b3b9a1e18e3b_9.0.21022.8_none_7ab8cc63a6e4c2a3.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.163_none_91949b06671d08ae.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc90.debugcrt_1fc8b3b9a1e18e3b_9.0.30729.1_none_bb1f6aa1308c35eb.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.762_none_8a14c0566bec5b24.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.42_none_db5f52fb98cb24ad.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.mfcloc_1fc8b3b9a1e18e3b_8.0.50727.762_none_43efccf17831d131.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.msxml2_6bd6b9abf345378f_4.20.9818.0_none_b7e811947b297f6d.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.762_none_9193a620671dde41.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\msil_system.web.resources_b03f5f7f11d50a3a_6.0.6000.16720_de-de_52c9015e7ac59408\SYSTEM~1.DLL
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\msil_system.web.resources_b03f5f7f11d50a3a_6.0.6000.20883_de-de_3c0118029467d8fb\SYSTEM~1.DLL
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-gameexplorer_31bf3856ad364e35_6.0.6000.16651_none_3fe50116c43e1596\WGXINS~1.MOF
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-gameexplorer_31bf3856ad364e35_6.0.6000.16772_none_3fd0636ec44d63f6\WGXINS~1.MOF
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-gameexplorer_31bf3856ad364e35_6.0.6000.16917_none_40164834c4183551\WGXINS~1.MOF
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-gameexplorer_31bf3856ad364e35_6.0.6000.20788_none_40553023dd6dba94\WGXINS~1.MOF
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-gameexplorer_31bf3856ad364e35_6.0.6000.20949_none_408173e9dd4c5e75\WGXINS~1.MOF
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-gameexplorer_31bf3856ad364e35_6.0.6000.21117_none_409fbd21dd36085d\WGXINS~1.MOF
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-gameexplorer_31bf3856ad364e35_6.0.6001.18032_none_41e1dfdec15387fc\WGXINS~1.MOF
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-gameexplorer_31bf3856ad364e35_6.0.6001.18165_none_41c472dec16924fb\WGXINS~1.MOF
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-m..-downlevelmanifests_31bf3856ad364e35_6.0.6002.18005_none_04642e8a80bb8b27\MI2095~1.MAN
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-m..-downlevelmanifests_31bf3856ad364e35_6.0.6002.18005_none_04642e8a80bb8b27\MIC237~1.MAN
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-netfx3-core_31bf3856ad364e35_6.0.6001.22208_none_6832700af3374d09\FRAMEW~1.XML
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_appdata_b03f5f7f11d50a3a_6.0.6000.20883_none_8469d28baa199a7e\GROUPE~1.XML
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_appdata_b03f5f7f11d50a3a_6.0.6000.16720_none_9b31bbe79077558b\GROUPE~1.XML
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_mof_b03f5f7f11d50a3a_6.0.6000.16720_none_a54ef540d05f91fc\ASPNET~1.UNI
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_mof_b03f5f7f11d50a3a_6.0.6000.20883_none_8e870be4ea01d6ef\ASPNET~1.UNI
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_mof_b03f5f7f11d50a3a_6.0.6001.18111_none_a529d9f6d0b19e9d\ASPNET~1.UNI
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_mof_b03f5f7f11d50a3a_6.0.6001.22230_none_8e5e4a92ea5717b0\ASPNET~1.UNI
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_permissions_b03f5f7f11d50a3a_6.0.6000.16720_none_950a4e2fda3ee0ba\CREATE~1.ASP
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_permissions_b03f5f7f11d50a3a_6.0.6000.16720_none_950a4e2fda3ee0ba\MANAGE~1.ASP
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_permissions_b03f5f7f11d50a3a_6.0.6000.20883_none_7e4264d3f3e125ad\CREATE~1.ASP
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_permissions_b03f5f7f11d50a3a_6.0.6000.20883_none_7e4264d3f3e125ad\MANAGE~1.ASP
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_permissions_b03f5f7f11d50a3a_6.0.6001.18111_none_94e532e5da90ed5b\CREATE~1.ASP
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_permissions_b03f5f7f11d50a3a_6.0.6001.18111_none_94e532e5da90ed5b\MANAGE~1.ASP
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_permissions_b03f5f7f11d50a3a_6.0.6001.22230_none_7e19a381f436666e\CREATE~1.ASP
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_permissions_b03f5f7f11d50a3a_6.0.6001.22230_none_7e19a381f436666e\MANAGE~1.ASP
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_perm_res_b03f5f7f11d50a3a_6.0.6000.16720_none_4cb2b120b7498755\CREATE~1.RES
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_perm_res_b03f5f7f11d50a3a_6.0.6000.16720_none_4cb2b120b7498755\MANAGE~1.RES
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_perm_res_b03f5f7f11d50a3a_6.0.6000.20883_none_35eac7c4d0ebcc48\CREATE~1.RES
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_perm_res_b03f5f7f11d50a3a_6.0.6000.20883_none_35eac7c4d0ebcc48\MANAGE~1.RES
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_perm_res_b03f5f7f11d50a3a_6.0.6001.18111_none_4c8d95d6b79b93f6\CREATE~1.RES
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_perm_res_b03f5f7f11d50a3a_6.0.6001.18111_none_4c8d95d6b79b93f6\MANAGE~1.RES
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_perm_res_b03f5f7f11d50a3a_6.0.6001.22230_none_35c20672d1410d09\CREATE~1.RES
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_perm_res_b03f5f7f11d50a3a_6.0.6001.22230_none_35c20672d1410d09\MANAGE~1.RES
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_providers_b03f5f7f11d50a3a_6.0.6000.16720_none_7325c867d7281910\CHOOSE~1.ASP
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_providers_b03f5f7f11d50a3a_6.0.6000.16720_none_7325c867d7281910\MANAGE~1.ASP
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_providers_b03f5f7f11d50a3a_6.0.6000.16720_none_7325c867d7281910\MANAGE~2.ASP
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_providers_b03f5f7f11d50a3a_6.0.6000.20883_none_5c5ddf0bf0ca5e03\CHOOSE~1.ASP
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_providers_b03f5f7f11d50a3a_6.0.6000.20883_none_5c5ddf0bf0ca5e03\MANAGE~1.ASP
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_providers_b03f5f7f11d50a3a_6.0.6000.20883_none_5c5ddf0bf0ca5e03\MANAGE~2.ASP
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_providers_b03f5f7f11d50a3a_6.0.6001.18111_none_7300ad1dd77a25b1\CHOOSE~1.ASP
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_providers_b03f5f7f11d50a3a_6.0.6001.18111_none_7300ad1dd77a25b1\MANAGE~1.ASP
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_providers_b03f5f7f11d50a3a_6.0.6001.18111_none_7300ad1dd77a25b1\MANAGE~2.ASP
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_help_b03f5f7f11d50a3a_6.0.6001.18111_none_7c6b3231b9c3046e\WEBADM~2.ASP
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_help_b03f5f7f11d50a3a_6.0.6001.18111_none_7c6b3231b9c3046e\WEBADM~3.ASP
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_help_b03f5f7f11d50a3a_6.0.6001.18111_none_7c6b3231b9c3046e\WEBADM~4.ASP
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_help_b03f5f7f11d50a3a_6.0.6001.18111_none_7c6b3231b9c3046e\WEBB00~1.ASP
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_providers_b03f5f7f11d50a3a_6.0.6001.22230_none_5c351db9f11f9ec4\CHOOSE~1.ASP
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_providers_b03f5f7f11d50a3a_6.0.6001.22230_none_5c351db9f11f9ec4\MANAGE~1.ASP
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_providers_b03f5f7f11d50a3a_6.0.6001.22230_none_5c351db9f11f9ec4\MANAGE~2.ASP
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_roles_b03f5f7f11d50a3a_6.0.6001.18111_none_75c874a9a137a5f0\MANAGE~2.ASP
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_users_res_b03f5f7f11d50a3a_6.0.6001.22230_none_9a1350e27965368d\MANAGE~1.RES
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webevent_sqlprov_b03f5f7f11d50a3a_6.0.6001.18111_none_a335242e0936a3fd\INSTAL~1.SQL
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webevent_sqlprov_b03f5f7f11d50a3a_6.0.6001.18111_none_a335242e0936a3fd\UNINST~1.SQL
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_secur_res_b03f5f7f11d50a3a_6.0.6000.16720_none_c39efe8a3f927437\SETUPA~1.RES
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_secur_res_b03f5f7f11d50a3a_6.0.6000.20883_none_acd7152e5934b92a\SETUPA~1.RES
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_secur_res_b03f5f7f11d50a3a_6.0.6001.18111_none_c379e3403fe480d8\SETUPA~1.RES
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_secur_res_b03f5f7f11d50a3a_6.0.6001.22230_none_acae53dc5989f9eb\SETUPA~1.RES
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_users_res_b03f5f7f11d50a3a_6.0.6000.16720_none_b103fb905f6db0d9\MANAGE~1.RES
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_users_res_b03f5f7f11d50a3a_6.0.6000.20883_none_9a3c1234790ff5cc\MANAGE~1.RES
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_users_res_b03f5f7f11d50a3a_6.0.6001.18111_none_b0dee0465fbfbd7a\MANAGE~1.RES
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webmintrust_config_b03f5f7f11d50a3a_6.0.6000.16720_none_e2c358ab062e054b\WEB_MI~1.CON
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webmintrust_config_b03f5f7f11d50a3a_6.0.6000.20883_none_cbfb6f4f1fd04a3e\WEB_MI~1.CON
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webmintrust_config_b03f5f7f11d50a3a_6.0.6001.18111_none_e29e3d61068011ec\WEB_MI~1.CON
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webmintrust_config_b03f5f7f11d50a3a_6.0.6001.22230_none_cbd2adfd20258aff\WEB_MI~1.CON
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_policy.1.2.microsof..op.security.azroles_31bf3856ad364e35_6.0.6000.16386_none_ea83414c2e75b887\Microsoft.Interop.Security.AzRoles.config
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wcf-m_svc_mod_svc_perf_vrg_31bf3856ad364e35_6.0.6000.16708_none_7aa059d88e5323b0\_SERVI~1.VRG
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wcf-m_svc_mod_svc_perf_vrg_31bf3856ad364e35_6.0.6000.20864_none_7ae515f3a7a505c4\_SERVI~1.VRG
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wcf-m_svc_mod_svc_perf_vrg_31bf3856ad364e35_6.0.6001.18096_none_7c2346b88bc48045\_SERVI~1.VRG
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wcf-m_svc_mod_svc_perf_vrg_31bf3856ad364e35_6.0.6001.22208_none_7d103549a497546b\_SERVI~1.VRG
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\msil_mscorlib.resources_b77a5c561934e089_6.0.6000.16720_de-de_65722c179a7be658\MSCORL~1.DLL
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.16681_none_2d26424d1d17e8b7\WINDOW~1.WAV
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.16681_none_2d26424d1d17e8b7\WINDOW~2.WAV
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.16681_none_2d26424d1d17e8b7\WINDOW~4.WAV
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.16711_none_2d71f3a71cdf2247\WINDOW~1.WAV
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.16711_none_2d71f3a71cdf2247\WINDOW~2.WAV
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.16711_none_2d71f3a71cdf2247\WINDOW~4.WAV
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.16809_none_2d84c7c91ccfce35\WINDOW~1.WAV
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.16809_none_2d84c7c91ccfce35\WINDOW~2.WAV
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.16809_none_2d84c7c91ccfce35\WINDOW~4.WAV
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.16830_none_2d5b556b1cf03df9\WINDOW~1.WAV
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.16830_none_2d5b556b1cf03df9\WINDOW~2.WAV
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.16830_none_2d5b556b1cf03df9\WINDOW~4.WAV
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.16851_none_2d46b5dd1cff8f32\WINDOW~1.WAV
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.16851_none_2d46b5dd1cff8f32\WINDOW~2.WAV
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.16851_none_2d46b5dd1cff8f32\WINDOW~4.WAV
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.16890_none_2d1a75e31d20e59f\WINDOW~1.WAV
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.16890_none_2d1a75e31d20e59f\WINDOW~2.WAV
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.16890_none_2d1a75e31d20e59f\WINDOW~4.WAV
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.16916_none_2d76f8e51cda9b48\WINDOW~1.WAV
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.16916_none_2d76f8e51cda9b48\WINDOW~2.WAV
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.16916_none_2d76f8e51cda9b48\WINDOW~4.WAV
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.16945_none_2d5588d71cf3d5c4\WINDOW~1.WAV
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.16945_none_2d5588d71cf3d5c4\WINDOW~2.WAV
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.16945_none_2d5588d71cf3d5c4\WINDOW~4.WAV
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.16982_none_2d2748491d16f983\WINDOW~1.WAV
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.16982_none_2d2748491d16f983\WINDOW~2.WAV
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.16982_none_2d2748491d16f983\WINDOW~4.WAV
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.17037_none_2d6231791cea1fc3\WINDOW~1.WAV
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.17037_none_2d6231791cea1fc3\WINDOW~2.WAV
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.17037_none_2d6231791cea1fc3\WINDOW~4.WAV
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.20777_none_2dc0b0c03628049a\WINDOW~1.WAV
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.20777_none_2dc0b0c03628049a\WINDOW~2.WAV
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.20777_none_2dc0b0c03628049a\WINDOW~4.WAV
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webevent_sqlprov_b03f5f7f11d50a3a_6.0.6001.22230_none_8c6994ca22dc1d10\INSTAL~1.SQL
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webevent_sqlprov_b03f5f7f11d50a3a_6.0.6001.22230_none_8c6994ca22dc1d10\UNINST~1.SQL
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webmedtrust_config_b03f5f7f11d50a3a_6.0.6000.16720_none_2c88b9b71ca44e71\WEB_ME~1.CON
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webmedtrust_config_b03f5f7f11d50a3a_6.0.6000.20883_none_15c0d05b36469364\WEB_ME~1.CON
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webmedtrust_config_b03f5f7f11d50a3a_6.0.6001.18111_none_2c639e6d1cf65b12\WEB_ME~1.CON
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webmedtrust_config_b03f5f7f11d50a3a_6.0.6001.22230_none_15980f09369bd425\WEB_ME~1.CON
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_roles_b03f5f7f11d50a3a_6.0.6001.22230_none_5efce545badd1f03\MANAGE~2.ASP
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_roles_res_b03f5f7f11d50a3a_6.0.6000.16720_none_87d39b55197883e6\MANAGE~1.RES
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_roles_res_b03f5f7f11d50a3a_6.0.6000.16720_none_87d39b55197883e6\MANAGE~2.RES
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_roles_res_b03f5f7f11d50a3a_6.0.6000.20883_none_710bb1f9331ac8d9\MANAGE~1.RES
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_roles_res_b03f5f7f11d50a3a_6.0.6000.20883_none_710bb1f9331ac8d9\MANAGE~2.RES
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_roles_res_b03f5f7f11d50a3a_6.0.6001.18111_none_87ae800b19ca9087\MANAGE~1.RES
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_roles_res_b03f5f7f11d50a3a_6.0.6001.18111_none_87ae800b19ca9087\MANAGE~2.RES
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_roles_res_b03f5f7f11d50a3a_6.0.6001.22230_none_70e2f0aProcesses
-------------------
Path: System
PID: 4	Status: Locked to the Windows API!

Path: C:\Windows\System32\audiodg.exe
PID: 1248	Status: Locked to the Windows API!

SSDT
-------------------
#: 078	Function Name: NtCreateThread
Status: Hooked by "<unknown>" at address 0x9ccd09d4

#: 194	Function Name: NtOpenProcess
Status: Hooked by "<unknown>" at address 0x9ccd09c0

#: 201	Function Name: NtOpenThread
Status: Hooked by "<unknown>" at address 0x9ccd09c5

#: 334	Function Name: NtTerminateProcess
Status: Hooked by "<unknown>" at address 0x9ccd09cf

Stealth Objects
-------------------
Object: Hidden Code [Driver: Ntfs, IRP_MJ_CREATE]
Process: System	Address: 0x850201f8	Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_CLOSE]
Process: System	Address: 0x850201f8	Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_READ]
Process: System	Address: 0x850201f8	Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_WRITE]
Process: System	Address: 0x850201f8	Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_INFORMATION]
Process: System	Address: 0x850201f8	Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_INFORMATION]
Process: System	Address: 0x850201f8	Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_EA]
Process: System	Address: 0x850201f8	Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_EA]
Process: System	Address: 0x850201f8	Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_FLUSH_BUFFERS]
Process: System	Address: 0x850201f8	Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_VOLUME_INFORMATION]
Process: System	Address: 0x850201f8	Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_VOLUME_INFORMATION]
Process: System	Address: 0x850201f8	Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_DIRECTORY_CONTROL]
Process: System	Address: 0x850201f8	Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_FILE_SYSTEM_CONTROL]
Process: System	Address: 0x850201f8	Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_DEVICE_CONTROL]
Process: System	Address: 0x850201f8	Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SHUTDOWN]
Process: System	Address: 0x850201f8	Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_LOCK_CONTROL]
Process: System	Address: 0x850201f8	Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_CLEANUP]
Process: System	Address: 0x850201f8	Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_SECURITY]
Process: System	Address: 0x850201f8	Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_SECURITY]
Process: System	Address: 0x850201f8	Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_QUOTA]
Process: System	Address: 0x850201f8	Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_QUOTA]
Process: System	Address: 0x850201f8	Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_PNP]
Process: System	Address: 0x850201f8	Size: 121

Object: Hidden Code [Driver: aikc3effП牄뎈譆䚈譆, IRP_MJ_CREATE]
Process: System	Address: 0x869291f8	Size: 121

Object: Hidden Code [Driver: aikc3effП牄뎈譆䚈譆, IRP_MJ_CLOSE]
Process: System	Address: 0x869291f8	Size: 121

Object: Hidden Code [Driver: aikc3effП牄뎈譆䚈譆, IRP_MJ_DEVICE_CONTROL]
Process: System	Address: 0x869291f8	Size: 121

Object: Hidden Code [Driver: aikc3effП牄뎈譆䚈譆, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System	Address: 0x869291f8	Size: 121

Object: Hidden Code [Driver: aikc3effП牄뎈譆䚈譆, IRP_MJ_POWER]
Process: System	Address: 0x869291f8	Size: 121

Object: Hidden Code [Driver: aikc3effП牄뎈譆䚈譆, IRP_MJ_SYSTEM_CONTROL]
Process: System	Address: 0x869291f8	Size: 121

Object: Hidden Code [Driver: aikc3effП牄뎈譆䚈譆, IRP_MJ_PNP]
Process: System	Address: 0x869291f8	Size: 121

Object: Hidden Code [Driver: atapi, IRP_MJ_CREATE]
Process: System	Address: 0x8501f1f8	Size: 121

Object: Hidden Code [Driver: atapi, IRP_MJ_CLOSE]
Process: System	Address: 0x8501f1f8	Size: 121

Object: Hidden Code [Driver: atapi, IRP_MJ_DEVICE_CONTROL]
Process: System	Address: 0x8501f1f8	Size: 121

Object: Hidden Code [Driver: atapi, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System	Address: 0x8501f1f8	Size: 121

Object: Hidden Code [Driver: atapi, IRP_MJ_POWER]
Process: System	Address: 0x8501f1f8	Size: 121

Object: Hidden Code [Driver: atapi, IRP_MJ_SYSTEM_CONTROL]
Process: System	Address: 0x8501f1f8	Size: 121

Object: Hidden Code [Driver: atapi, IRP_MJ_PNP]
Process: System	Address: 0x8501f1f8	Size: 121

Object: Hidden Code [Driver: usbuhci, IRP_MJ_CREATE]
Process: System	Address: 0x867551f8	Size: 121

Object: Hidden Code [Driver: usbuhci, IRP_MJ_CLOSE]
Process: System	Address: 0x867551f8	Size: 121

Object: Hidden Code [Driver: usbuhci, IRP_MJ_DEVICE_CONTROL]
Process: System	Address: 0x867551f8	Size: 121

Object: Hidden Code [Driver: usbuhci, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System	Address: 0x867551f8	Size: 121

Object: Hidden Code [Driver: usbuhci, IRP_MJ_POWER]
Process: System	Address: 0x867551f8	Size: 121

Object: Hidden Code [Driver: usbuhci, IRP_MJ_SYSTEM_CONTROL]
Process: System	Address: 0x867551f8	Size: 121

Object: Hidden Code [Driver: usbuhci, IRP_MJ_PNP]
Process: System	Address: 0x867551f8	Size: 121

Object: Hidden Code [Driver: cdrom蔆, IRP_MJ_CREATE]
Process: System	Address: 0x86756500	Size: 121

Object: Hidden Code [Driver: cdrom蔆, IRP_MJ_CLOSE]
Process: System	Address: 0x86756500	Size: 121

Object: Hidden Code [Driver: cdrom蔆, IRP_MJ_READ]
Process: System	Address: 0x86756500	Size: 121

Object: Hidden Code [Driver: cdrom蔆, IRP_MJ_WRITE]
Process: System	Address: 0x86756500	Size: 121

Object: Hidden Code [Driver: cdrom蔆, IRP_MJ_FLUSH_BUFFERS]
Process: System	Address: 0x86756500	Size: 121

Object: Hidden Code [Driver: cdrom蔆, IRP_MJ_DEVICE_CONTROL]
Process: System	Address: 0x86756500	Size: 121

Object: Hidden Code [Driver: cdrom蔆, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System	Address: 0x86756500	Size: 121

Object: Hidden Code [Driver: cdrom蔆, IRP_MJ_SHUTDOWN]
Process: System	Address: 0x86756500	Size: 121

Object: Hidden Code [Driver: cdrom蔆, IRP_MJ_POWER]
Process: System	Address: 0x86756500	Size: 121

Object: Hidden Code [Driver: cdrom蔆, IRP_MJ_SYSTEM_CONTROL]
Process: System	Address: 0x86756500	Size: 121

Object: Hidden Code [Driver: cdrom蔆, IRP_MJ_PNP]
Process: System	Address: 0x86756500	Size: 121

Object: Hidden Code [Driver: Smb前Ѕ獵灢敄剶癤⭨싘蛿, IRP_MJ_CREATE]
Process: System	Address: 0x871111f8	Size: 121

Object: Hidden Code [Driver: Smb前Ѕ獵灢敄剶癤⭨싘蛿, IRP_MJ_CLOSE]
Process: System	Address: 0x871111f8	Size: 121

Object: Hidden Code [Driver: Smb前Ѕ獵灢敄剶癤⭨싘蛿, IRP_MJ_DEVICE_CONTROL]
Process: System	Address: 0x871111f8	Size: 121

Object: Hidden Code [Driver: Smb前Ѕ獵灢敄剶癤⭨싘蛿, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System	Address: 0x871111f8	Size: 121

Object: Hidden Code [Driver: Smb前Ѕ獵灢敄剶癤⭨싘蛿, IRP_MJ_CLEANUP]
Process: System	Address: 0x871111f8	Size: 121

Object: Hidden Code [Driver: Smb前Ѕ獵灢敄剶癤⭨싘蛿, IRP_MJ_PNP]
Process: System	Address: 0x871111f8	Size: 121

Object: Hidden Code [Driver: netbt, IRP_MJ_CREATE]
Process: System	Address: 0x8712b1f8	Size: 121

Object: Hidden Code [Driver: netbt, IRP_MJ_CLOSE]
Process: System	Address: 0x8712b1f8	Size: 121

Object: Hidden Code [Driver: netbt, IRP_MJ_DEVICE_CONTROL]
Process: System	Address: 0x8712b1f8	Size: 121

Object: Hidden Code [Driver: netbt, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System	Address: 0x8712b1f8	Size: 121

Object: Hidden Code [Driver: netbt, IRP_MJ_CLEANUP]
Process: System	Address: 0x8712b1f8	Size: 121

Object: Hidden Code [Driver: netbt, IRP_MJ_PNP]
Process: System	Address: 0x8712b1f8	Size: 121

Object: Hidden Code [Driver: , IRP_MJ_CREATE]
Process: System	Address: 0x86943500	Size: 121

Object: Hidden Code [Driver: , IRP_MJ_CLOSE]
Process: System	Address: 0x86943500	Size: 121

Object: Hidden Code [Driver: , IRP_MJ_DEVICE_CONTROL]
Process: System	Address: 0x86943500	Size: 121

Object: Hidden Code [Driver: , IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System	Address: 0x86943500	Size: 121

Object: Hidden Code [Driver: , IRP_MJ_POWER]
Process: System	Address: 0x86943500	Size: 121

Object: Hidden Code [Driver: , IRP_MJ_SYSTEM_CONTROL]
Process: System	Address: 0x86943500	Size: 121

Object: Hidden Code [Driver: , IRP_MJ_PNP]
Process: System	Address: 0x86943500	Size: 121

Object: Hidden Code [Driver: volmgr, IRP_MJ_CREATE]
Process: System	Address: 0x8468c1f8	Size: 121

Object: Hidden Code [Driver: volmgr, IRP_MJ_READ]
Process: System	Address: 0x8468c1f8	Size: 121

Object: Hidden Code [Driver: volmgr, IRP_MJ_WRITE]
Process: System	Address: 0x8468c1f8	Size: 121

Object: Hidden Code [Driver: volmgr, IRP_MJ_FLUSH_BUFFERS]
Process: System	Address: 0x8468c1f8	Size: 121

Object: Hidden Code [Driver: volmgr, IRP_MJ_DEVICE_CONTROL]
Process: System	Address: 0x8468c1f8	Size: 121

Object: Hidden Code [Driver: volmgr, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System	Address: 0x8468c1f8	Size: 121

Object: Hidden Code [Driver: volmgr, IRP_MJ_SHUTDOWN]
Process: System	Address: 0x8468c1f8	Size: 121

Object: Hidden Code [Driver: volmgr, IRP_MJ_CLEANUP]
Process: System	Address: 0x8468c1f8	Size: 121

Object: Hidden Code [Driver: volmgr, IRP_MJ_POWER]
Process: System	Address: 0x8468c1f8	Size: 121

Object: Hidden Code [Driver: volmgr, IRP_MJ_SYSTEM_CONTROL]
Process: System	Address: 0x8468c1f8	Size: 121

Object: Hidden Code [Driver: volmgr, IRP_MJ_PNP]
Process: System	Address: 0x8468c1f8	Size: 121

Object: Hidden Code [Driver: usbehci, IRP_MJ_CREATE]
Process: System	Address: 0x8674f1f8	Size: 121

Object: Hidden Code [Driver: usbehci, IRP_MJ_CLOSE]
Process: System	Address: 0x8674f1f8	Size: 121

Object: Hidden Code [Driver: usbehci, IRP_MJ_DEVICE_CONTROL]
Process: System	Address: 0x8674f1f8	Size: 121

Object: Hidden Code [Driver: usbehci, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System	Address: 0x8674f1f8	Size: 121

Object: Hidden Code [Driver: usbehci, IRP_MJ_POWER]
Process: System	Address: 0x8674f1f8	Size: 121

Object: Hidden Code [Driver: usbehci, IRP_MJ_SYSTEM_CONTROL]
Process: System	Address: 0x8674f1f8	Size: 121

Object: Hidden Code [Driver: usbehci, IRP_MJ_PNP]
Process: System	Address: 0x8674f1f8	Size: 121

Object: Hidden Code [Driver: mrxsmb?Ї慖⁤犑螠, IRP_MJ_CREATE]
Process: System	Address: 0x87283500	Size: 121

Object: Hidden Code [Driver: mrxsmb?Ї慖⁤犑螠, IRP_MJ_CREATE_NAMED_PIPE]
Process: System	Address: 0x87283500	Size: 121

Object: Hidden Code [Driver: mrxsmb?Ї慖⁤犑螠, IRP_MJ_CLOSE]
Process: System	Address: 0x87283500	Size: 121

Object: Hidden Code [Driver: mrxsmb?Ї慖⁤犑螠, IRP_MJ_READ]
Process: System	Address: 0x87283500	Size: 121

Object: Hidden Code [Driver: mrxsmb?Ї慖⁤犑螠, IRP_MJ_WRITE]
Process: System	Address: 0x87283500	Size: 121

Object: Hidden Code [Driver: mrxsmb?Ї慖⁤犑螠, IRP_MJ_QUERY_INFORMATION]
Process: System	Address: 0x87283500	Size: 121

Object: Hidden Code [Driver: mrxsmb?Ї慖⁤犑螠, IRP_MJ_SET_INFORMATION]
Process: System	Address: 0x87283500	Size: 121

Object: Hidden Code [Driver: mrxsmb?Ї慖⁤犑螠, IRP_MJ_QUERY_EA]
Process: System	Address: 0x87283500	Size: 121

Object: Hidden Code [Driver: mrxsmb?Ї慖⁤犑螠, IRP_MJ_SET_EA]
Process: System	Address: 0x87283500	Size: 121

Object: Hidden Code [Driver: mrxsmb?Ї慖⁤犑螠, IRP_MJ_FLUSH_BUFFERS]
Process: System	Address: 0x87283500	Size: 121

Object: Hidden Code [Driver: mrxsmb?Ї慖⁤犑螠, IRP_MJ_QUERY_VOLUME_INFORMATION]
Process: System	Address: 0x87283500	Size: 121

Object: Hidden Code [Driver: mrxsmb?Ї慖⁤犑螠, IRP_MJ_SET_VOLUME_INFORMATION]
Process: System	Address: 0x87283500	Size: 121

Object: Hidden Code [Driver: mrxsmb?Ї慖⁤犑螠, IRP_MJ_DIRECTORY_CONTROL]
Process: System	Address: 0x87283500	Size: 121

Object: Hidden Code [Driver: mrxsmb?Ї慖⁤犑螠, IRP_MJ_FILE_SYSTEM_CONTROL]
Process: System	Address: 0x87283500	Size: 121

Object: Hidden Code [Driver: mrxsmb?Ї慖⁤犑螠, IRP_MJ_DEVICE_CONTROL]
Process: System	Address: 0x87283500	Size: 121

Object: Hidden Code [Driver: mrxsmb?Ї慖⁤犑螠, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System	Address: 0x87283500	Size: 121

Object: Hidden Code [Driver: mrxsmb?Ї慖⁤犑螠, IRP_MJ_SHUTDOWN]
Process: System	Address: 0x87283500	Size: 121

Object: Hidden Code [Driver: mrxsmb?Ї慖⁤犑螠, IRP_MJ_LOCK_CONTROL]
Process: System	Address: 0x87283500	Size: 121

Object: Hidden Code [Driver: mrxsmb?Ї慖⁤犑螠, IRP_MJ_CLEANUP]
Process: System	Address: 0x87283500	Size: 121

Object: Hidden Code [Driver: mrxsmb?Ї慖⁤犑螠, IRP_MJ_CREATE_MAILSLOT]
Process: System	Address: 0x87283500	Size: 121

Object: Hidden Code [Driver: mrxsmb?Ї慖⁤犑螠, IRP_MJ_QUERY_SECURITY]
Process: System	Address: 0x87283500	Size: 121

Object: Hidden Code [Driver: mrxsmb?Ї慖⁤犑螠, IRP_MJ_SET_SECURITY]
Process: System	Address: 0x87283500	Size: 121

Object: Hidden Code [Driver: mrxsmb?Ї慖⁤犑螠, IRP_MJ_POWER]
Process: System	Address: 0x87283500	Size: 121

Object: Hidden Code [Driver: mrxsmb?Ї慖⁤犑螠, IRP_MJ_SYSTEM_CONTROL]
Process: System	Address: 0x87283500	Size: 121

Object: Hidden Code [Driver: mrxsmb?Ї慖⁤犑螠, IRP_MJ_DEVICE_CHANGE]
Process: System	Address: 0x87283500	Size: 121

Object: Hidden Code [Driver: mrxsmb?Ї慖⁤犑螠, IRP_MJ_QUERY_QUOTA]
Process: System	Address: 0x87283500	Size: 121

Object: Hidden Code [Driver: mrxsmb?Ї慖⁤犑螠, IRP_MJ_SET_QUOTA]
Process: System	Address: 0x87283500	Size: 121

Object: Hidden Code [Driver: mrxsmb?Ї慖⁤犑螠, IRP_MJ_PNP]
Process: System	Address: 0x87283500	Size: 121

Object: Hidden Code [Driver: cdfsЕ楆汨螔, IRP_MJ_CREATE]
Process: System	Address: 0x84a751f8	Size: 121

Object: Hidden Code [Driver: cdfsЕ楆汨螔, IRP_MJ_CLOSE]
Process: System	Address: 0x84a751f8	Size: 121

Object: Hidden Code [Driver: cdfsЕ楆汨螔, IRP_MJ_READ]
Process: System	Address: 0x84a751f8	Size: 121

Object: Hidden Code [Driver: cdfsЕ楆汨螔, IRP_MJ_WRITE]
Process: System	Address: 0x84a751f8	Size: 121

Object: Hidden Code [Driver: cdfsЕ楆汨螔, IRP_MJ_QUERY_INFORMATION]
Process: System	Address: 0x84a751f8	Size: 121

Object: Hidden Code [Driver: cdfsЕ楆汨螔, IRP_MJ_SET_INFORMATION]
Process: System	Address: 0x84a751f8	Size: 121

Object: Hidden Code [Driver: cdfsЕ楆汨螔, IRP_MJ_QUERY_VOLUME_INFORMATION]
Process: System	Address: 0x84a751f8	Size: 121

Object: Hidden Code [Driver: cdfsЕ楆汨螔, IRP_MJ_DIRECTORY_CONTROL]
Process: System	Address: 0x84a751f8	Size: 121

Object: Hidden Code [Driver: cdfsЕ楆汨螔, IRP_MJ_FILE_SYSTEM_CONTROL]
Process: System	Address: 0x84a751f8	Size: 121

Object: Hidden Code [Driver: cdfsЕ楆汨螔, IRP_MJ_DEVICE_CONTROL]
Process: System	Address: 0x84a751f8	Size: 121

Object: Hidden Code [Driver: cdfsЕ楆汨螔, IRP_MJ_SHUTDOWN]
Process: System	Address: 0x84a751f8	Size: 121

Object: Hidden Code [Driver: cdfsЕ楆汨螔, IRP_MJ_LOCK_CONTROL]
Process: System	Address: 0x84a751f8	Size: 121

Object: Hidden Code [Driver: cdfsЕ楆汨螔, IRP_MJ_CLEANUP]
Process: System	Address: 0x84a751f8	Size: 121

Object: Hidden Code [Driver: cdfsЕ楆汨螔, IRP_MJ_PNP]
Process: System	Address: 0x84a751f8	Size: 121

==EOF==


Alt 20.06.2010, 14:49   #6
MalwareHero
 
Hijack zur Überprüfung nach Entfernung von AV Security - Standard

Hijack zur Überprüfung nach Entfernung von AV Security


Zitat:
Zitat von castol Beitrag anzeigen
Hier das Log:

ROOTREPEAL
ok.

Download http://www2.gmer.net/mbr/mbr.exeauf dein desktop. Rechtsklick mit Admin. ausführen. Es öffnet sich ganz kurz ein Scanfenster. Das log liegt auf deinem desktop. Poste es hier.

Bei dir ist Daemon Tools installiert?

***********************
__________________
--> Hijack zur Überprüfung nach Entfernung von AV Security

Alt 20.06.2010, 15:23   #7
castol
 
Hijack zur Überprüfung nach Entfernung von AV Security - Standard

Hijack zur Überprüfung nach Entfernung von AV Security


Ja, Daemon Tools habe ich installiert...

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, hxxp://www.gmer.net

device: opened successfully
user: MBR read successfully
kernel: MBR read successfully
user & kernel MBR OK

Antwort

Themen zu Hijack zur Überprüfung nach Entfernung von AV Security
32 bit, ad-aware, ad-watch, ad-watch live, agere systems, antivir, antivir guard, avgntflt.sys, avira, bho, bonjour, browser, desktop, device driver, drvstore, error, excel, firefox, flash player, hdaudio.sys, hijack, hijackthis, home, home premium, install.exe, installation, mp3, msiexec.exe, notepad.exe, nvlddmkm.sys, pdfforge toolbar, plug-in, programdata, programm, realtek, registry, security, software, spigot, start menu, svchost.exe, system, usbvideo.sys, vista 32, vista 32 bit, windows, windows-sicherheitscenterdienst, wireless lan, wscript.exe


« 100% CPU Auslastung, PC sehr langsam, hängt immer wieder minutenlang | Internet Exploder öffnet sich automatisch! »


Ähnliche Themen: Hijack zur Überprüfung nach Entfernung von AV Security


  1. Binkiland Entfernung bzw Überprüfung
    Log-Analyse und Auswertung - 23.02.2015 (11)
  2. Vorgehen nach Live Security Platinum Entfernung?
    Plagegeister aller Art und deren Bekämpfung - 24.07.2012 (1)
  3. System nicht sauber nach XP Security 2012 Entfernung
    Log-Analyse und Auswertung - 06.02.2012 (20)
  4. [doppelt] GEMA Virus nach XP-Security-Entfernung auf unsicherem System eingefangen.
    Mülltonne - 02.02.2012 (2)
  5. Security Sphere 2012 - Immer noch Fehler nach Entfernung!
    Log-Analyse und Auswertung - 12.11.2011 (25)
  6. Startprobleme XP SP2 nach Entfernung von Microsoft Security Essentials Alert
    Plagegeister aller Art und deren Bekämpfung - 01.10.2010 (0)
  7. Ständige Norton Meldung nach Entfernung von microsoft security essentials alert
    Plagegeister aller Art und deren Bekämpfung - 08.09.2010 (3)
  8. Nach Entfernung der AV Security Suite kein Internet mehr....aber Ping geht
    Netzwerk und Hardware - 20.08.2010 (38)
  9. Probleme nach der "Entfernung" von AV Security Suite
    Plagegeister aller Art und deren Bekämpfung - 25.07.2010 (33)
  10. AV Security Suite - Nach Entfernung öffnen sich in Firefox ungewünschte Tabs
    Log-Analyse und Auswertung - 15.07.2010 (29)
  11. AV Security Suite - Systemprüfung nach Entfernung gemäß FAQ
    Plagegeister aller Art und deren Bekämpfung - 12.07.2010 (1)
  12. Datei dhcpcsvc.dll erstellt sich selbst neu nach entfernung von Security Essentials 2010
    Plagegeister aller Art und deren Bekämpfung - 03.07.2010 (7)
  13. Weitergehende Prüfung nach Entfernung von MY Security Engine
    Plagegeister aller Art und deren Bekämpfung - 27.05.2010 (7)
  14. Bitte um Überprüfung meiner Hijack Logfile
    Log-Analyse und Auswertung - 23.04.2009 (1)
  15. nach entfernung von antispy2009 bitte hijack check!
    Log-Analyse und Auswertung - 27.12.2008 (0)
  16. Bitte um Überprüfung vom logfile hijack und Escanlog
    Log-Analyse und Auswertung - 23.01.2005 (3)
  17. Trojaner Angriff Hijack Überprüfung
    Log-Analyse und Auswertung - 14.01.2005 (2)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema Hijack zur Überprüfung nach Entfernung von AV Security - OK... Proxy ist deaktiviert, der ESET Scanner läuft noch und hier das neue log: Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Datenbank Version: 4217 Windows 6.0.6001 Service Pack 1 Internet Explorer 8.0.6001.18928 20.06.2010 - Hijack zur Überprüfung nach Entfernung von AV Security...
Archiv
Du betrachtest: Hijack zur Überprüfung nach Entfernung von AV Security auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131