Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung
Comodo Internet Security blockt Verbindung zu unbekanntem Programm/ HJT Loganalyse

Comodo Internet Security blockt Verbindung zu unbekanntem Programm/ HJT Loganalyse


Log-Analyse und Auswertung: Comodo Internet Security blockt Verbindung zu unbekanntem Programm/ HJT Loganalyse

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML

Antwort
Alt 22.08.2009, 22:22   #1
Turrican
 
Comodo Internet Security blockt Verbindung zu unbekanntem Programm/ HJT Loganalyse - Standard

Comodo Internet Security blockt Verbindung zu unbekanntem Programm/ HJT Loganalyse


Liebes Forum,

ein herzliches Hallo von Turrican.

Mein Rechner ist ein Laptop, 4 GB RAM, Dualcore, Windows XP und Vista auf 2 Partitionen. Es geht um XP, XP Prof. um genauer zu sein. Installiert sind Avast Antivirus, Comodo Internet Security, AdAware, Spybot.

Heute meldete Comodo, dass ein Programm namens [] eine Verbindung aus dem Internet zulassen wollte. Ein Klick auf das Symbol (ein Kästchen nur, da wo sonst der Dateipfad steht) resultiert in der Meldung "Datei nicht gefunden". Also guck ich in die Liste der Programme, die Verbindungen aufbauen/abrufen dürfen und da finde ich dieses verfluchte Kästchen ganz unten noch 2x, beide male erlaubt :-(. Hab das direkt gesperrt, wobei die Anfrage noch einmal kam.

Kennt jemand diese Meldung? Habe bei Google und Comodo nix gefunden.

Darum meine Bitte um Auswertung meines Hijack-Logs. Kann mir jemand sagen, ob was auf meiner Kiste los ist, und vielleicht hat auch jemand das gleiche erlebt wie ich mit dem komischen unbekannten Programm?

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:04:29, on 22.08.2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
D:\XP\System32\smss.exe
D:\XP\system32\winlogon.exe
D:\XP\system32\services.exe
D:\XP\system32\lsass.exe
D:\XP\system32\nvsvc32.exe
D:\XP\system32\svchost.exe
D:\Programme\Comodo\COMODO Internet Security\cmdagent.exe
D:\XP\system32\svchost.exe
D:\Programme\Bluetooth\bin\btwdins.exe
D:\Programme\Intel\WiFi\bin\S24EvMon.exe
D:\Programme\Avast4\aswUpdSv.exe
D:\Programme\Lavasoft\Ad-Aware\AAWService.exe
D:\Programme\Avast4\ashServ.exe
D:\XP\system32\spoolsv.exe
D:\XP\Explorer.EXE
D:\XP\system32\agrsmsvc.exe
D:\Programme\Intel\WiFi\bin\EvtEng.exe
D:\Programme\Java\jre6\bin\jqs.exe
D:\PROGRA~1\Avast4\ashDisp.exe
D:\Programme\COMODO\SafeSurf\cssurf.exe
D:\Programme\Gemeinsame Dateien\Intel\WirelessCommon\RegSrvc.exe
D:\Programme\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
D:\XP\system32\RUNDLL32.EXE
D:\XP\RTHDCPL.EXE
D:\Programme\Intel\WiFi\bin\ZCfgSvc.exe
D:\Programme\Gemeinsame Dateien\Intel\WirelessCommon\iFrmewrk.exe
D:\Programme\Lavasoft\Ad-Aware\AAWTray.exe
D:\XP\System32\spool\DRIVERS\W32X86\3\E_FATIAEE.EXE
D:\Programme\Java\jre6\bin\jusched.exe
D:\Programme\Spybot - Search & Destroy\TeaTimer.exe
D:\XP\system32\ctfmon.exe
D:\XP\system32\svchost.exe
D:\Programme\Bluetooth\BTTray.exe
D:\Programme\Avast4\ashMaiSv.exe
D:\Programme\Avast4\ashWebSv.exe
D:\XP\system32\wbem\unsecapp.exe
D:\XP\system32\wbem\wmiapsrv.exe
D:\Programme\Comodo\COMODO Internet Security\cfpupdat.exe
D:\XP\system32\winlogon.exe
D:\Programme\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Programme\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - D:\Programme\AskBarDis\bar\bin\askBar.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - D:\Programme\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - D:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - D:\Programme\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - D:\Programme\AskBarDis\bar\bin\askBar.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - D:\Programme\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O4 - HKLM\..\Run: [avast!] D:\PROGRA~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE D:\XP\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE D:\XP\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [AzMixerSel] D:\Programme\Realtek\Audio\InstallShield\AzMixerSel.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [IntelZeroConfig] "D:\Programme\Intel\WiFi\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "D:\Programme\Gemeinsame Dateien\Intel\WirelessCommon\iFrmewrk.exe" /tf Intel Wireless Tray
O4 - HKLM\..\Run: [Ad-Watch] D:\Programme\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKLM\..\Run: [EPSON Stylus DX4200 Series] D:\XP\System32\spool\DRIVERS\W32X86\3\E_FATIAEE.EXE /P26 "EPSON Stylus DX4200 Series" /O6 "USB001" /M "Stylus DX4200"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "D:\Programme\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [COMODO Internet Security] "D:\Programme\Comodo\COMODO Internet Security\cfp.exe" -h
O4 - HKCU\..\Run: [SpybotSD TeaTimer] D:\Programme\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [ctfmon.exe] D:\XP\system32\ctfmon.exe
O4 - HKUS\S-1-5-21-1715567821-1336601894-1801674531-1004\..\Run: [SpybotSD TeaTimer] D:\Programme\Spybot - Search & Destroy\TeaTimer.exe (User 'Internet')
O4 - HKUS\S-1-5-21-1715567821-1336601894-1801674531-1004\..\Run: [ctfmon.exe] D:\XP\system32\ctfmon.exe (User 'Internet')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] D:\XP\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] D:\XP\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: BTTray.lnk = ?
O8 - Extra context menu item: Senden an &Bluetooth-Gerät... - D:\Programme\Bluetooth\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Programme\Java\jre6\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Programme\Java\jre6\bin\ssv.dll
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - D:\Programme\Bluetooth\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - D:\Programme\Bluetooth\btsendto_ie.htm
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\Programme\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\Programme\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\XP\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\XP\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Programme\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O20 - AppInit_DLLs: D:\XP\system32\guard32.dll
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - D:\XP\system32\agrsmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - D:\Programme\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - D:\Programme\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - D:\Programme\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - D:\Programme\Avast4\ashWebSv.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - D:\Programme\Bluetooth\bin\btwdins.exe
O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - COMODO - D:\Programme\Comodo\COMODO Internet Security\cmdagent.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel(R) Corporation - D:\Programme\Intel\WiFi\bin\EvtEng.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - D:\Programme\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - D:\Programme\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - D:\XP\system32\nvsvc32.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel(R) Corporation - D:\Programme\Gemeinsame Dateien\Intel\WirelessCommon\RegSrvc.exe
O23 - Service: Intel® PROSet/Wireless WiFi Service (S24EventMonitor) - Intel(R) Corporation - D:\Programme\Intel\WiFi\bin\S24EvMon.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - D:\Programme\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

--
End of file - 7950 bytes

Also ich erkenne nix Böses, aber mit diesem [] kann ich echt nix anfangen, der Eintrag ist insgesamt 3x in der Programm-Liste von Comodo.

Hoffe es kann mir jemand helfen :-).


VG
Turrican

Alt 23.08.2009, 00:00   #2
undoreal
/// AVZ-Toolkit Guru
 
Comodo Internet Security blockt Verbindung zu unbekanntem Programm/ HJT Loganalyse - Standard

Comodo Internet Security blockt Verbindung zu unbekanntem Programm/ HJT Loganalyse


Halli hallo.

[Korrektur]

Frag' bitte im Comodo Forum nach warum da die Lokalisierung zu Datei fehlt.

Außerdem deinstalliere bitte die AskBar über die Systemsteuerung -> Software.

Danach überprüfe den Rechner mit Malwarebytes und Rootrepeal.

Erstellung eines RootRepeal Reports
  • Downloade dir RootRepeal hier: http://ad13.geekstogo.com/RootRepeal.rar
  • Schließe alle AntiVirus Wächter die im Hintergrund arbeiten.
  • Entpacke das Archiv.
  • Starte die RootRepeal.exe als Administrator.
  • Wechsel in den Reiter <Report> der sich am unteren Rand des Programmfensters befindet.
  • Drücke danach den "Scan" Button. -> Setze alle Haken und drücke "oK".
  • Wähle die Festplatte aus auf der Windows installiert ist. (Normalerweise ist das C:\)
  • Nachdem der Scan beendet ist (das kann recht lange dauern) öffnet sich ein Fenster welches dir den Report zeigt. Speichere den Bericht (Datei->Speichern unter) und hänge die .txt Datei an deinen nächsten Post an.
__________________

__________________
Alt 23.08.2009, 13:17   #3
Turrican
 
Comodo Internet Security blockt Verbindung zu unbekanntem Programm/ HJT Loganalyse - Standard

Comodo Internet Security blockt Verbindung zu unbekanntem Programm/ HJT Loganalyse


Hallo Undorial,

dankeschön für Deine Hilfe :-). Habe mich mal im Comodo Forum angemeldet und meine Frage dort gestellt. Werde jetzt mal mit den Programmen, die Du mir empfohlen hast die Scans ausführen.

Nebenbei - wenn ich XP hochfahre und mal angenommen, es ist, mit was auch immer, infiziert, und ich fahre es herunter, bzw. starte den Rechner neu und starte dann Vista, also ohne den Rechner vorher auszuschalten, da besteht doch die Gefahr, dass die Malware resident ist und sich auch in Vista einnistet? So war es zumindest damals beim Amiga...

VG
Turrican
__________________
Alt 23.08.2009, 15:48   #4
Turrican
 
Comodo Internet Security blockt Verbindung zu unbekanntem Programm/ HJT Loganalyse - Standard

Comodo Internet Security blockt Verbindung zu unbekanntem Programm/ HJT Loganalyse


Hallo Undorial,

habe mal die entsprechenden Scans durchgeführt und poste hier die Log-Dateien, zuerst mal das, was Malwarebytes ergeben hat:

********************************************************
Malwarebytes' Anti-Malware 1.40
Datenbank Version: 2682
Windows 5.1.2600 Service Pack 3

23.08.2009 15:54:50
mbam-log-2009-08-23 (15-54-50).txt

Scan-Methode: Vollständiger Scan (C:\|D:\|)
Durchsuchte Objekte: 300091
Laufzeit: 1 hour(s), 28 minute(s), 36 second(s)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)
********************************************************

Liest sich gut für mich, scheint ja nix zu sein. Nun der Log von RootRepeal, zuerst für beide Platten (c: und d, in einem separaten Post.

Alt 23.08.2009, 15:50   #5
Turrican
 
Comodo Internet Security blockt Verbindung zu unbekanntem Programm/ HJT Loganalyse - Standard

Comodo Internet Security blockt Verbindung zu unbekanntem Programm/ HJT Loganalyse


Nun noch RootRepeal, für c: und d:

********************************************************
ROOTREPEAL (c) AD, 2007-2009
==================================================
Scan Start Time: 2009/08/23 15:57
Program Version: Version 1.3.5.0
Windows Version: Windows XP SP3
==================================================

Drivers
-------------------
Name: dump_iaStor.sys
Image Path: D:\XP\System32\Drivers\dump_iaStor.sys
Address: 0xA750C000 Size: 897024 File Visible: No Signed: -
Status: -

Name: rootrepeal.sys
Image Path: D:\XP\system32\drivers\rootrepeal.sys
Address: 0xA2CC3000 Size: 49152 File Visible: No Signed: -
Status: -

Hidden/Locked Files
-------------------
Path: C:\ProgramData\Favoriten
Status: Locked to the Windows API!

Path: C:\ProgramData\Favorites
Status: Locked to the Windows API!

Path: C:\Users\All Users
Status: Locked to the Windows API!

Path: C:\Users\Default\Music
Status: Locked to the Windows API!

Path: C:\Users\Default\Pictures
Status: Locked to the Windows API!

Path: C:\Users\Default\Videos
Status: Locked to the Windows API!

Path: C:\Users\Public\Favorites
Status: Locked to the Windows API!

Path: C:\Users\Default\Documents\Eigene Bilder
Status: Locked to the Windows API!

Path: C:\Users\Default\Documents\Eigene Musik
Status: Locked to the Windows API!

Path: C:\Users\Default\Documents\Eigene Videos
Status: Locked to the Windows API!

Path: C:\Users\Default\Documents\My Music
Status: Locked to the Windows API!

Path: C:\Users\Default\Documents\My Pictures
Status: Locked to the Windows API!

Path: C:\Users\Default\Documents\My Videos
Status: Locked to the Windows API!

Path: C:\Windows\System32\drivers\sfi.dat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc90.debugcrt_1fc8b3b9a1e18e3b_9.0.30729.1_none_bb1f6aa1308c35eb.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.9.0.microsoft.vc90.mfcloc_1fc8b3b9a1e18e3b_9.0.30729.1_none_818f59bf601aa775.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.762_none_0c178a139ee2a7ed.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.msxml2_6bd6b9abf345378f_4.20.9818.0_none_b7e811947b297f6d.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.9.0.microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.21022.8_none_60a5df56e60dc5df.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.mfcloc_1fc8b3b9a1e18e3b_8.0.50727.762_none_43efccf17831d131.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc90.mfcloc_1fc8b3b9a1e18e3b_9.0.30729.1_none_da4695fc507e16e1.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc90.mfc_1fc8b3b9a1e18e3b_9.0.30729.1_none_dcc7eae99ad0d9cf.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.4.1.microsoft.msxml2r_6bd6b9abf345378f_4.1.1.0_none_8b7b15c031cda6db.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.msxml2_6bd6b9abf345378f_4.20.9870.0_none_b7e00e6c7b30b69b.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.atl_1fc8b3b9a1e18e3b_8.0.50727.4053_none_d1c738ec43578ea1.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.msxml2r_6bd6b9abf345378f_4.1.0.0_none_3658456fda6654f6.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.debugcrt_1fc8b3b9a1e18e3b_8.0.50727.762_none_24c8a196583ff03b.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.762_none_10b2f55f9bffb8f8.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.762_none_8a14c0566bec5b24.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.42_none_db5f52fb98cb24ad.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc90.atl_1fc8b3b9a1e18e3b_9.0.30729.1_none_e29d1181971ae11e.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.openmp_1fc8b3b9a1e18e3b_8.0.50727.762_none_7b33aa7d218504d2.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.atl_1fc8b3b9a1e18e3b_8.0.50727.762_none_11ecb0ab9b2caf3c.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.21022.8_none_bcb86ed6ac711f91.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.openmp_1fc8b3b9a1e18e3b_8.0.50727.762_none_abac38a907ee8801.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.4.20.microsoft.msxml2_6bd6b9abf345378f_4.20.9870.0_none_a6dea5dc0ea08098.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.762_none_9193a620671dde41.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.msxml2r_6bd6b9abf345378f_4.1.1.0_none_365945b9da656e4d.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.atl_1fc8b3b9a1e18e3b_8.0.50727.762_none_8e053e8c6967ba9d.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.1_none_e163563597edeada.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.42_none_5c4003bc63e949f6.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.9.0.microsoft.vc90.mfc_1fc8b3b9a1e18e3b_9.0.30729.1_none_7dd1e0ebd6590e0b.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.9.0.microsoft.vc90.debugcrt_1fc8b3b9a1e18e3b_9.0.30729.1_none_61305e07e4f1bc01.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.9.0.microsoft.vc90.debugmfc_1fc8b3b9a1e18e3b_9.0.30729.1_none_5c94f2bbe7d4aaf6.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.9.0.microsoft.vc90.atl_1fc8b3b9a1e18e3b_9.0.30729.1_none_81c25f21d3d46d84.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc90.debugmfc_1fc8b3b9a1e18e3b_9.0.30729.1_none_bfff6c932d60651e.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.mfcloc_1fc8b3b9a1e18e3b_8.0.50727.762_none_8dd7dea5d5a7a18a.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.9.0.microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.1_none_8550c6b5d18a9128.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.debugcrt_1fc8b3b9a1e18e3b_8.0.50727.762_none_6d78e2ee5a7eb616.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.atl_1fc8b3b9a1e18e3b_8.0.50727.4053_none_4ddfc6cd11929a02.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\msil_system.web.resources_b03f5f7f11d50a3a_6.0.6000.16720_de-de_52c9015e7ac59408\SYSTEM~1.DLL
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\msil_system.web.resources_b03f5f7f11d50a3a_6.0.6000.20883_de-de_3c0118029467d8fb\SYSTEM~1.DLL
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\msil_system.web.resources_b03f5f7f11d50a3a_6.0.6001.18111_de-de_52a3e6147b17a0a9\SYSTEM~1.DLL
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\msil_system.web.resources_b03f5f7f11d50a3a_6.0.6001.22230_de-de_3bd856b094bd19bc\SYSTEM~1.DLL
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-ie-feedsbs_31bf3856ad364e35_6.0.6001.18000_none_fc4def09dac203c5\MSFEED~1.MOF
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-ie-feedsbs_31bf3856ad364e35_6.0.6002.18005_none_fe396815d7e3cf11\MSFEED~1.MOF
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-ie-feedsbs_31bf3856ad364e35_8.0.6001.18702_none_df391163f08d7422\MSFEED~1.MOF
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-ie-feedsbs_31bf3856ad364e35_8.0.6001.18813_none_df2f43a7f094a691\MSFEED~1.MOF
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-ie-feedsbs_31bf3856ad364e35_8.0.6001.22903_none_dfc3b05f09aa2a6a\MSFEED~1.MOF
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-netfx3-core_31bf3856ad364e35_6.0.6000.16708_none_65c29499dcf31c4e\FRAMEW~1.XML
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-netfx3-core_31bf3856ad364e35_6.0.6000.20864_none_660750b4f644fe62\FRAMEW~1.XML
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-netfx3-core_31bf3856ad364e35_6.0.6001.18096_none_67458179da6478e3\FRAMEW~1.XML
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-netfx3-core_31bf3856ad364e35_6.0.6001.22208_none_6832700af3374d09\FRAMEW~1.XML
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-netfx3-core_31bf3856ad364e35_6.0.6002.18005_none_698c4815d742b0ac\FRAMEW~1.XML
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-v..e-filters-tvdigital_31bf3856ad364e35_6.0.6001.18061_none_dbbd58ec573f657a\MPEG2D~1.AX
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-v..e-filters-tvdigital_31bf3856ad364e35_6.0.6001.18177_none_dbb88ca25742169c\MPEG2D~1.AX
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-v..e-filters-tvdigital_31bf3856ad364e35_6.0.6001.18254_none_dbcb2d8257348fdc\MPEG2D~1.AX
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-v..e-filters-tvdigital_31bf3856ad364e35_6.0.6002.18005_none_dde8b13654316fc9\MPEG2D~1.AX
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-v..e-filters-tvdigital_31bf3856ad364e35_6.0.6001.18000_none_dbfd382a570fa47d\MPEG2D~1.AX
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-wwfcorecomp.resources_31bf3856ad364e35_6.0.6000.16708_en-us_b9851a92245b1b73\SQLPER~2.SQL
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-wwfcorecomp.resources_31bf3856ad364e35_6.0.6000.16716_de-de_108774193586f8f1\PERFCO~1.INI
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-wwfcorecomp.resources_31bf3856ad364e35_6.0.6000.16716_de-de_108774193586f8f1\SQLPER~2.SQL
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-wwfcorecomp.resources_31bf3856ad364e35_6.0.6000.16716_de-de_108774193586f8f1\TRACKI~1.SQL
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-wwfcorecomp.resources_31bf3856ad364e35_6.0.6000.16716_de-de_108774193586f8f1\TRACKI~2.SQL
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-wwfcorecomp.resources_31bf3856ad364e35_6.0.6000.20864_en-us_b9c9d6ad3dacfd87\SQLPER~2.SQL
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-wwfcorecomp.resources_31bf3856ad364e35_6.0.6000.20876_de-de_10d0315c4ed54061\PERFCO~1.INI
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-wwfcorecomp.resources_31bf3856ad364e35_6.0.6000.20876_de-de_10d0315c4ed54061\SQLPER~2.SQL
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-wwfcorecomp.resources_31bf3856ad364e35_6.0.6000.20876_de-de_10d0315c4ed54061\TRACKI~1.SQL
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-wwfcorecomp.resources_31bf3856ad364e35_6.0.6000.20876_de-de_10d0315c4ed54061\TRACKI~2.SQL
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-wwfcorecomp.resources_31bf3856ad364e35_6.0.6001.18096_en-us_bb08077221cc7808\SQLPER~2.SQL
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-wwfcorecomp.resources_31bf3856ad364e35_6.0.6001.18106_de-de_127882ab32a56df1\PERFCO~1.INI
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-wwfcorecomp.resources_31bf3856ad364e35_6.0.6001.18106_de-de_127882ab32a56df1\SQLPER~2.SQL
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-wwfcorecomp.resources_31bf3856ad364e35_6.0.6001.18106_de-de_127882ab32a56df1\TRACKI~1.SQL
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-wwfcorecomp.resources_31bf3856ad364e35_6.0.6001.18106_de-de_127882ab32a56df1\TRACKI~2.SQL
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-wwfcorecomp.resources_31bf3856ad364e35_6.0.6001.22208_en-us_bbf4f6033a9f4c2e\SQLPER~2.SQL
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-wwfcorecomp.resources_31bf3856ad364e35_6.0.6001.22221_de-de_12e77e2c4bd7c6ea\PERFCO~1.INI
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-wwfcorecomp.resources_31bf3856ad364e35_6.0.6001.22221_de-de_12e77e2c4bd7c6ea\SQLPER~2.SQL
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-wwfcorecomp.resources_31bf3856ad364e35_6.0.6001.22221_de-de_12e77e2c4bd7c6ea\TRACKI~1.SQL
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-wwfcorecomp.resources_31bf3856ad364e35_6.0.6001.22221_de-de_12e77e2c4bd7c6ea\TRACKI~2.SQL
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-wwfcorecomp.resources_31bf3856ad364e35_6.0.6002.18005_de-de_145df8152fcca40c\PERFCO~1.INI
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-wwfcorecomp.resources_31bf3856ad364e35_6.0.6002.18005_de-de_145df8152fcca40c\SQLPER~2.SQL
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-wwfcorecomp.resources_31bf3856ad364e35_6.0.6002.18005_de-de_145df8152fcca40c\TRACKI~1.SQL
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-wwfcorecomp.resources_31bf3856ad364e35_6.0.6002.18005_de-de_145df8152fcca40c\TRACKI~2.SQL
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_appdata_b03f5f7f11d50a3a_6.0.6000.20883_none_8469d28baa199a7e\GROUPE~1.XML
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_common_sql_b03f5f7f11d50a3a_6.0.6001.22230_none_f7b87ebdaa5b4f12\UNINST~1.SQL
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_membership_sql_b03f5f7f11d50a3a_6.0.6001.22230_none_569b6e0c6aa641d3\UNINST~1.SQL
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_appdata_b03f5f7f11d50a3a_6.0.6000.16720_none_9b31bbe79077558b\GROUPE~1.XML
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_regbrowser_files_b03f5f7f11d50a3a_6.0.6000.16720_none_712a3d9ccb71e1f6\AVANTG~1.BRO
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_regbrowser_files_b03f5f7f11d50a3a_6.0.6000.16720_none_712a3d9ccb71e1f6\CASSIO~1.BRO
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_regbrowser_files_b03f5f7f11d50a3a_6.0.6000.16720_none_712a3d9ccb71e1f6\DEFAUL~1.BRO
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_regbrowser_files_b03f5f7f11d50a3a_6.0.6000.16720_none_712a3d9ccb71e1f6\DOCOMO~1.BRO
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_regbrowser_files_b03f5f7f11d50a3a_6.0.6000.16720_none_712a3d9ccb71e1f6\ERICSS~1.BRO
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_regbrowser_files_b03f5f7f11d50a3a_6.0.6000.16720_none_712a3d9ccb71e1f6\EZWAP~1.BRO
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_regbrowser_files_b03f5f7f11d50a3a_6.0.6000.16720_none_712a3d9ccb71e1f6\GATEWA~1.BRO
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_regbrowser_files_b03f5f7f11d50a3a_6.0.6000.16720_none_712a3d9ccb71e1f6\GENERI~1.BRO
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_regbrowser_files_b03f5f7f11d50a3a_6.0.6000.16720_none_712a3d9ccb71e1f6\GOAMER~1.BRO
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_regbrowser_files_b03f5f7f11d50a3a_6.0.6000.16720_none_712a3d9ccb71e1f6\JATAAY~1.BRO
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_regbrowser_files_b03f5f7f11d50a3a_6.0.6000.16720_none_712a3d9ccb71e1f6\JPHONE~1.BRO
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_regbrowser_files_b03f5f7f11d50a3a_6.0.6000.16720_none_712a3d9ccb71e1f6\LEGEND~1.BRO
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_regbrowser_files_b03f5f7f11d50a3a_6.0.6000.16720_none_712a3d9ccb71e1f6\NETSCA~1.BRO
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_regbrowser_files_b03f5f7f11d50a3a_6.0.6000.16720_none_712a3d9ccb71e1f6\NOKIA~1.BRO
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_regbrowser_files_b03f5f7f11d50a3a_6.0.6000.16720_none_712a3d9ccb71e1f6\OPENWA~1.BRO
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_regbrowser_files_b03f5f7f11d50a3a_6.0.6000.16720_none_712a3d9ccb71e1f6\OPERA~1.BRO
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_regbrowser_files_b03f5f7f11d50a3a_6.0.6000.16720_none_712a3d9ccb71e1f6\PALM~1.BRO
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_regbrowser_files_b03f5f7f11d50a3a_6.0.6000.16720_none_712a3d9ccb71e1f6\PANASO~1.BRO
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_regbrowser_files_b03f5f7f11d50a3a_6.0.6000.16720_none_712a3d9ccb71e1f6\WEBTV~1.BRO
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_regbrowser_files_b03f5f7f11d50a3a_6.0.6000.16720_none_712a3d9ccb71e1f6\WINWAP~1.BRO
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_regbrowser_files_b03f5f7f11d50a3a_6.0.6000.16720_none_712a3d9ccb71e1f6\XIINO~1.BRO
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_regbrowser_files_b03f5f7f11d50a3a_6.0.6000.20883_none_5a625440e51426e9\AVANTG~1.BRO
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_regbrowser_files_b03f5f7f11d50a3a_6.0.6000.20883_none_5a625440e51426e9\CASSIO~1.BRO
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_regbrowser_files_b03f5f7f11d50a3a_6.0.6000.20883_none_5a625440e51426e9\DEFAUL~1.BRO
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_regbrowser_files_b03f5f7f11d50a3a_6.0.6000.20883_none_5a625440e51426e9\DOCOMO~1.BRO
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_regbrowser_files_b03f5f7f11d50a3a_6.0.6000.20883_none_5a625440e51426e9\ERICSS~1.BRO
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_regbrowser_files_b03f5f7f11d50a3a_6.0.6000.20883_none_5a625440e51426e9\EZWAP~1.BRO
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_regbrowser_files_b03f5f7f11d50a3a_6.0.6000.20883_none_5a625440e51426e9\GATEWA~1.BRO
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_regbrowser_files_b03f5f7f11d50a3a_6.0.6000.20883_none_5a625440e51426e9\GENERI~1.BRO
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_regbrowser_files_b03f5f7f11d50a3a_6.0.6000.20883_none_5a625440e51426e9\GOAMER~1.BRO
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_regbrowser_files_b03f5f7f11d50a3a_6.0.6000.20883_none_5a625440e51426e9\JATAAY~1.BRO
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_regbrowser_files_b03f5f7f11d50a3a_6.0.6000.20883_none_5a625440e51426e9\JPHONE~1.BRO
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_regbrowser_files_b03f5f7f11d50a3a_6.0.6000.20883_none_5a625440e51426e9\LEGEND~1.BRO
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_regbrowser_files_b03f5f7f11d50a3a_6.0.6000.20883_none_5a625440e51426e9\NETSCA~1.BRO
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_regbrowser_files_b03f5f7f11d50a3a_6.0.6000.20883_none_5a625440e51426e9\NOKIA~1.BRO
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_regbrowser_files_b03f5f7f11d50a3a_6.0.6000.20883_none_5a625440e51426e9\OPENWA~1.BRO
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_regbrowser_files_b03f5f7f11d50a3a_6.0.6000.20883_none_5a625440e51426e9\OPERA~1.BRO
Status: Locked to the Windows API!


Alt 23.08.2009, 15:52   #6
Turrican
 
Comodo Internet Security blockt Verbindung zu unbekanntem Programm/ HJT Loganalyse - Standard

Comodo Internet Security blockt Verbindung zu unbekanntem Programm/ HJT Loganalyse


Hier die Fortsetzung.

Path: C:\Windows\winsxs\x86_netfx-aspnet_regbrowser_files_b03f5f7f11d50a3a_6.0.6000.20883_none_5a625440e51426e9\PALM~1.BRO
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_regbrowser_files_b03f5f7f11d50a3a_6.0.6000.20883_none_5a625440e51426e9\PANASO~1.BRO
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_regbrowser_files_b03f5f7f11d50a3a_6.0.6000.20883_none_5a625440e51426e9\WEBTV~1.BRO
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_regbrowser_files_b03f5f7f11d50a3a_6.0.6000.20883_none_5a625440e51426e9\WINWAP~1.BRO
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_regbrowser_files_b03f5f7f11d50a3a_6.0.6000.20883_none_5a625440e51426e9\XIINO~1.BRO
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_regbrowser_files_b03f5f7f11d50a3a_6.0.6001.18000_none_710438f4cbc4bb4e\AVANTG~1.BRO
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_regbrowser_files_b03f5f7f11d50a3a_6.0.6001.18000_none_710438f4cbc4bb4e\CASSIO~1.BRO
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_regbrowser_files_b03f5f7f11d50a3a_6.0.6001.18000_none_710438f4cbc4bb4e\DEFAUL~1.BRO
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_regbrowser_files_b03f5f7f11d50a3a_6.0.6001.18000_none_710438f4cbc4bb4e\DOCOMO~1.BRO
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_regbrowser_files_b03f5f7f11d50a3a_6.0.6001.18000_none_710438f4cbc4bb4e\ERICSS~1.BRO
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_regbrowser_files_b03f5f7f11d50a3a_6.0.6001.18000_none_710438f4cbc4bb4e\EZWAP~1.BRO
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_regbrowser_files_b03f5f7f11d50a3a_6.0.6001.18000_none_710438f4cbc4bb4e\GATEWA~1.BRO
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_regbrowser_files_b03f5f7f11d50a3a_6.0.6001.18000_none_710438f4cbc4bb4e\GENERI~1.BRO
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_regbrowser_files_b03f5f7f11d50a3a_6.0.6001.18000_none_710438f4cbc4bb4e\GOAMER~1.BRO
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_regbrowser_files_b03f5f7f11d50a3a_6.0.6001.18000_none_710438f4cbc4bb4e\JATAAY~1.BRO
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_regbrowser_files_b03f5f7f11d50a3a_6.0.6001.18000_none_710438f4cbc4bb4e\JPHONE~1.BRO
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_regbrowser_files_b03f5f7f11d50a3a_6.0.6001.18000_none_710438f4cbc4bb4e\LEGEND~1.BRO
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_regbrowser_files_b03f5f7f11d50a3a_6.0.6001.18000_none_710438f4cbc4bb4e\NETSCA~1.BRO
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_regbrowser_files_b03f5f7f11d50a3a_6.0.6001.18000_none_710438f4cbc4bb4e\NOKIA~1.BRO
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_regbrowser_files_b03f5f7f11d50a3a_6.0.6001.18000_none_710438f4cbc4bb4e\OPENWA~1.BRO
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_regbrowser_files_b03f5f7f11d50a3a_6.0.6001.18000_none_710438f4cbc4bb4e\OPERA~1.BRO
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_regbrowser_files_b03f5f7f11d50a3a_6.0.6001.18000_none_710438f4cbc4bb4e\PALM~1.BRO
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_regbrowser_files_b03f5f7f11d50a3a_6.0.6001.18000_none_710438f4cbc4bb4e\PANASO~1.BRO
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_regbrowser_files_b03f5f7f11d50a3a_6.0.6001.18000_none_710438f4cbc4bb4e\WEBTV~1.BRO
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_regbrowser_files_b03f5f7f11d50a3a_6.0.6001.18000_none_710438f4cbc4bb4e\WINWAP~1.BRO
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_regbrowser_files_b03f5f7f11d50a3a_6.0.6001.18000_none_710438f4cbc4bb4e\XIINO~1.BRO
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_users_res_b03f5f7f11d50a3a_6.0.6000.16720_none_b103fb905f6db0d9\MANAGE~1.RES
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_users_res_b03f5f7f11d50a3a_6.0.6000.20883_none_9a3c1234790ff5cc\MANAGE~1.RES
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_users_res_b03f5f7f11d50a3a_6.0.6001.18111_none_b0dee0465fbfbd7a\MANAGE~1.RES
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webmintrust_config_b03f5f7f11d50a3a_6.0.6000.16720_none_e2c358ab062e054b\WEB_MI~1.CON
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webmintrust_config_b03f5f7f11d50a3a_6.0.6000.20883_none_cbfb6f4f1fd04a3e\WEB_MI~1.CON
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webmintrust_config_b03f5f7f11d50a3a_6.0.6001.18111_none_e29e3d61068011ec\WEB_MI~1.CON
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webmintrust_config_b03f5f7f11d50a3a_6.0.6001.22230_none_cbd2adfd20258aff\WEB_MI~1.CON
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_web_config_b03f5f7f11d50a3a_6.0.6000.16720_none_9e3e9a071d8dacdd\WEB~1.CON
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_web_config_b03f5f7f11d50a3a_6.0.6000.20883_none_8776b0ab372ff1d0\WEB~1.CON
Status: Locked to the Windows API!

Path: c:\windows\winsxs\x86_netfx-data_perf_ini_b03f5f7f11d50a3a_6.0.6001.18111_none_c1ef3d4e25fb09ec\_dataperfcounters_shared12_neutral_d.ini
Status: Allocation size mismatch (API: 102400, Raw: 56)

Path: c:\windows\winsxs\x86_netfx-data_perf_ini_b03f5f7f11d50a3a_6.0.6001.22230_none_ab23adea3fa082ff\_dataperfcounters_shared12_neutral_d.ini
Status: Allocation size mismatch (API: 102400, Raw: 56)

Path: C:\Windows\winsxs\x86_netfx-data_perf_ini_b03f5f7f11d50a3a_6.0.6002.18005_none_c1c9d92c264d6ab7\_DATAP~1.INI
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-data_perf_ini_b03f5f7f11d50a3a_6.0.6001.18000_none_c1ee53f025fbd6a3\_DATAP~1.INI
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-fw_perfcounters_b03f5f7f11d50a3a_6.0.6001.18000_none_96c284fce6c3e38a\_NETWO~1.H
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-installutil_exe_config_rtm_31bf3856ad364e35_6.0.6000.16720_none_c2e2272db9e7b99c\INSTAL~1.CON
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-installutil_exe_config_rtm_31bf3856ad364e35_6.0.6000.20883_none_c32de54ed3334d11\INSTAL~1.CON
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-installutil_exe_config_rtm_31bf3856ad364e35_6.0.6001.18111_none_c4d43609b70547f3\INSTAL~1.CON
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-installutil_exe_config_rtm_31bf3856ad364e35_6.0.6001.22230_none_c54732b2d0340648\INSTAL~1.CON
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-uninstallsqlstate_sql_b03f5f7f11d50a3a_6.0.6000.16720_none_a2f69a4627a6df36\UNINST~1.SQL
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-uninstallsqlstate_sql_b03f5f7f11d50a3a_6.0.6000.20883_none_8c2eb0ea41492429\UNINST~1.SQL
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-uninstallsqlstate_sql_b03f5f7f11d50a3a_6.0.6001.18111_none_a2d17efc27f8ebd7\UNINST~1.SQL
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-uninstallsqlstate_sql_b03f5f7f11d50a3a_6.0.6001.22230_none_8c05ef98419e64ea\UNINST~1.SQL
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-vbc_exe_config_b03f5f7f11d50a3a_6.0.6000.16720_none_32a2a55c0f70152b\VBCEXE~1.CON
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-vbc_exe_config_b03f5f7f11d50a3a_6.0.6000.20883_none_1bdabc0029125a1e\VBCEXE~1.CON
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-webhightrust_config_b03f5f7f11d50a3a_6.0.6000.16720_none_a05f40e791345747\WEB_HI~1.CON
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-webhightrust_config_b03f5f7f11d50a3a_6.0.6000.20883_none_8997578baad69c3a\WEB_HI~1.CON
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-webhightrust_config_b03f5f7f11d50a3a_6.0.6001.18111_none_a03a259d918663e8\WEB_HI~1.SSDT
-------------------
#: 011 Function Name: NtAdjustPrivilegesToken
Status: Hooked by "D:\XP\System32\DRIVERS\cmdguard.sys" at address 0xab718f68

#: 025 Function Name: NtClose
Status: Hooked by "D:\XP\System32\Drivers\aswSP.SYS" at address 0xa75ef6b8

#: 031 Function Name: NtConnectPort
Status: Hooked by "D:\XP\System32\DRIVERS\cmdguard.sys" at address 0xab718472

#: 037 Function Name: NtCreateFile
Status: Hooked by "D:\XP\System32\DRIVERS\cmdguard.sys" at address 0xab718b0c

#: 041 Function Name: NtCreateKey
Status: Hooked by "D:\XP\System32\Drivers\aswSP.SYS" at address 0xa75ef574

#: 045 Function Name: NtCreatePagingFile
Status: Hooked by "vax347b.sys" at address 0xb7f81c70

#: 046 Function Name: NtCreatePort
Status: Hooked by "D:\XP\System32\DRIVERS\cmdguard.sys" at address 0xab718150

#: 050 Function Name: NtCreateSection
Status: Hooked by "D:\XP\System32\DRIVERS\cmdguard.sys" at address 0xab71a1f0

#: 052 Function Name: NtCreateSymbolicLinkObject
Status: Hooked by "D:\XP\System32\DRIVERS\cmdguard.sys" at address 0xab71a4c8

#: 053 Function Name: NtCreateThread
Status: Hooked by "D:\XP\System32\DRIVERS\cmdguard.sys" at address 0xab717d16

#: 063 Function Name: NtDeleteKey
Status: Hooked by "D:\XP\System32\DRIVERS\cmdguard.sys" at address 0xab71914e

#: 065 Function Name: NtDeleteValueKey
Status: Hooked by "D:\XP\System32\Drivers\aswSP.SYS" at address 0xa75efa52

#: 068 Function Name: NtDuplicateObject
Status: Hooked by "D:\XP\System32\Drivers\aswSP.SYS" at address 0xa75ef14c

#: 071 Function Name: NtEnumerateKey
Status: Hooked by "vax347b.sys" at address 0xb7f824fe

#: 073 Function Name: NtEnumerateValueKey
Status: Hooked by "vax347b.sys" at address 0xb7f8dcb0

#: 097 Function Name: NtLoadDriver
Status: Hooked by "D:\XP\System32\DRIVERS\cmdguard.sys" at address 0xab719e72

#: 105 Function Name: NtMakeTemporaryObject
Status: Hooked by "D:\XP\System32\DRIVERS\cmdguard.sys" at address 0xab7186f6

#: 116 Function Name: NtOpenFile
Status: Hooked by "D:\XP\System32\DRIVERS\cmdguard.sys" at address 0xab718d50

#: 119 Function Name: NtOpenKey
Status: Hooked by "D:\XP\System32\Drivers\aswSP.SYS" at address 0xa75ef64e

#: 122 Function Name: NtOpenProcess
Status: Hooked by "D:\XP\System32\Drivers\aswSP.SYS" at address 0xa75ef08c

#: 125 Function Name: NtOpenSection
Status: Hooked by "D:\XP\System32\DRIVERS\cmdguard.sys" at address 0xab718986

#: 128 Function Name: NtOpenThread
Status: Hooked by "D:\XP\System32\Drivers\aswSP.SYS" at address 0xa75ef0f0

#: 160 Function Name: NtQueryKey
Status: Hooked by "vax347b.sys" at address 0xb7f8251e

#: 177 Function Name: NtQueryValueKey
Status: Hooked by "D:\XP\System32\Drivers\aswSP.SYS" at address 0xa75ef76e

#: 192 Function Name: NtRenameKey
Status: Hooked by "D:\XP\System32\DRIVERS\cmdguard.sys" at address 0xab7198aa

#: 200 Function Name: NtRequestWaitReplyPort
Status: Hooked by "D:\XP\System32\DRIVERS\cmdguard.sys" at address 0xab71826e

#: 204 Function Name: NtRestoreKey
Status: Hooked by "D:\XP\System32\Drivers\aswSP.SYS" at address 0xa75ef72e

#: 210 Function Name: NtSecureConnectPort
Status: Hooked by "D:\XP\System32\DRIVERS\cmdguard.sys" at address 0xab719c0e

#: 240 Function Name: NtSetSystemInformation
Status: Hooked by "D:\XP\System32\DRIVERS\cmdguard.sys" at address 0xab71a020

#: 241 Function Name: NtSetSystemPowerState
Status: Hooked by "vax347b.sys" at address 0xb7f8d450

#: 247 Function Name: NtSetValueKey
Status: Hooked by "D:\XP\System32\Drivers\aswSP.SYS" at address 0xa75ef8ae

#: 249 Function Name: NtShutdownSystem
Status: Hooked by "D:\XP\System32\DRIVERS\cmdguard.sys" at address 0xab718690

#: 255 Function Name: NtSystemDebugControl
Status: Hooked by "D:\XP\System32\DRIVERS\cmdguard.sys" at address 0xab71887a

#: 257 Function Name: NtTerminateProcess
Status: Hooked by "D:\XP\System32\DRIVERS\cmdguard.sys" at address 0xab71801a

#: 258 Function Name: NtTerminateThread
Status: Hooked by "D:\XP\System32\DRIVERS\cmdguard.sys" at address 0xab717ee8

Stealth Objects
-------------------
Object: Hidden Code [Driver: Ntfs, IRP_MJ_READ]
Process: System Address: 0x8ad927a8 Size: 11

Object: Hidden Code [Driver: iaStor, IRP_MJ_CREATE]
Process: System Address: 0x8ad46f00 Size: 99

Object: Hidden Code [Driver: iaStor, IRP_MJ_CREATE_NAMED_PIPE]
Process: System Address: 0x8ad46f00 Size: 99

Object: Hidden Code [Driver: iaStor, IRP_MJ_CLOSE]
Process: System Address: 0x8ad46f00 Size: 99

Object: Hidden Code [Driver: iaStor, IRP_MJ_READ]
Process: System Address: 0x8ad46f00 Size: 99

Object: Hidden Code [Driver: iaStor, IRP_MJ_WRITE]
Process: System Address: 0x8ad46f00 Size: 99

Object: Hidden Code [Driver: iaStor, IRP_MJ_QUERY_INFORMATION]
Process: System Address: 0x8ad46f00 Size: 99

Object: Hidden Code [Driver: iaStor, IRP_MJ_SET_INFORMATION]
Process: System Address: 0x8ad46f00 Size: 99

Object: Hidden Code [Driver: iaStor, IRP_MJ_QUERY_EA]
Process: System Address: 0x8ad46f00 Size: 99

Object: Hidden Code [Driver: iaStor, IRP_MJ_SET_EA]
Process: System Address: 0x8ad46f00 Size: 99

Object: Hidden Code [Driver: iaStor, IRP_MJ_FLUSH_BUFFERS]
Process: System Address: 0x8ad46f00 Size: 99

Object: Hidden Code [Driver: iaStor, IRP_MJ_QUERY_VOLUME_INFORMATION]
Process: System Address: 0x8ad46f00 Size: 99

Object: Hidden Code [Driver: iaStor, IRP_MJ_SET_VOLUME_INFORMATION]
Process: System Address: 0x8ad46f00 Size: 99

Object: Hidden Code [Driver: iaStor, IRP_MJ_DIRECTORY_CONTROL]
Process: System Address: 0x8ad46f00 Size: 99

Object: Hidden Code [Driver: iaStor, IRP_MJ_FILE_SYSTEM_CONTROL]
Process: System Address: 0x8ad46f00 Size: 99

Object: Hidden Code [Driver: iaStor, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x8ad46f00 Size: 99

Object: Hidden Code [Driver: iaStor, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x8ad46f00 Size: 99

Object: Hidden Code [Driver: iaStor, IRP_MJ_SHUTDOWN]
Process: System Address: 0x8ad46f00 Size: 99

Object: Hidden Code [Driver: iaStor, IRP_MJ_LOCK_CONTROL]
Process: System Address: 0x8ad46f00 Size: 99

Object: Hidden Code [Driver: iaStor, IRP_MJ_CLEANUP]
Process: System Address: 0x8ad46f00 Size: 99

Object: Hidden Code [Driver: iaStor, IRP_MJ_CREATE_MAILSLOT]
Process: System Address: 0x8ad46f00 Size: 99

Object: Hidden Code [Driver: iaStor, IRP_MJ_QUERY_SECURITY]
Process: System Address: 0x8ad46f00 Size: 99

Object: Hidden Code [Driver: iaStor, IRP_MJ_SET_SECURITY]
Process: System Address: 0x8ad46f00 Size: 99

Object: Hidden Code [Driver: iaStor, IRP_MJ_POWER]
Process: System Address: 0x8ad46f00 Size: 99

Object: Hidden Code [Driver: iaStor, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x8ad46f00 Size: 99

Object: Hidden Code [Driver: iaStor, IRP_MJ_DEVICE_CHANGE]
Process: System Address: 0x8ad46f00 Size: 99

Object: Hidden Code [Driver: iaStor, IRP_MJ_QUERY_QUOTA]
Process: System Address: 0x8ad46f00 Size: 99

Object: Hidden Code [Driver: iaStor, IRP_MJ_SET_QUOTA]
Process: System Address: 0x8ad46f00 Size: 99

Object: Hidden Code [Driver: iaStor, IRP_MJ_PNP]
Process: System Address: 0x8ad46f00 Size: 99

Object: Hidden Code [Driver: Cdrom, IRP_MJ_CREATE]
Process: System Address: 0x89fc60d8 Size: 99

Object: Hidden Code [Driver: Cdrom, IRP_MJ_CREATE_NAMED_PIPE]
Process: System Address: 0x89fc60d8 Size: 99

Object: Hidden Code [Driver: Cdrom, IRP_MJ_CLOSE]
Process: System Address: 0x89fc60d8 Size: 99

Object: Hidden Code [Driver: Cdrom, IRP_MJ_READ]
Process: System Address: 0x89fc60d8 Size: 99

Object: Hidden Code [Driver: Cdrom, IRP_MJ_WRITE]
Process: System Address: 0x89fc60d8 Size: 99

Object: Hidden Code [Driver: Cdrom, IRP_MJ_QUERY_INFORMATION]
Process: System Address: 0x89fc60d8 Size: 99

Object: Hidden Code [Driver: Cdrom, IRP_MJ_SET_INFORMATION]
Process: System Address: 0x89fc60d8 Size: 99

Object: Hidden Code [Driver: Cdrom, IRP_MJ_QUERY_EA]
Process: System Address: 0x89fc60d8 Size: 99

Object: Hidden Code [Driver: Cdrom, IRP_MJ_SET_EA]
Process: System Address: 0x89fc60d8 Size: 99

Object: Hidden Code [Driver: Cdrom, IRP_MJ_FLUSH_BUFFERS]
Process: System Address: 0x89fc60d8 Size: 99

Object: Hidden Code [Driver: Cdrom, IRP_MJ_QUERY_VOLUME_INFORMATION]
Process: System Address: 0x89fc60d8 Size: 99

Object: Hidden Code [Driver: Cdrom, IRP_MJ_SET_VOLUME_INFORMATION]
Process: System Address: 0x89fc60d8 Size: 99

Object: Hidden Code [Driver: Cdrom, IRP_MJ_DIRECTORY_CONTROL]
Process: System Address: 0x89fc60d8 Size: 99

Object: Hidden Code [Driver: Cdrom, IRP_MJ_FILE_SYSTEM_CONTROL]
Process: System Address: 0x89fc60d8 Size: 99

Object: Hidden Code [Driver: Cdrom, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x89fc60d8 Size: 99

Object: Hidden Code [Driver: Cdrom, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x89fc60d8 Size: 99

Object: Hidden Code [Driver: Cdrom, IRP_MJ_SHUTDOWN]
Process: System Address: 0x89fc60d8 Size: 99

Object: Hidden Code [Driver: Cdrom, IRP_MJ_LOCK_CONTROL]
Process: System Address: 0x89fc60d8 Size: 99

Object: Hidden Code [Driver: Cdrom, IRP_MJ_CLEANUP]
Process: System Address: 0x89fc60d8 Size: 99

Object: Hidden Code [Driver: Cdrom, IRP_MJ_CREATE_MAILSLOT]
Process: System Address: 0x89fc60d8 Size: 99

Object: Hidden Code [Driver: Cdrom, IRP_MJ_QUERY_SECURITY]
Process: System Address: 0x89fc60d8 Size: 99

Object: Hidden Code [Driver: Cdrom, IRP_MJ_SET_SECURITY]
Process: System Address: 0x89fc60d8 Size: 99

Object: Hidden Code [Driver: Cdrom, IRP_MJ_POWER]
Process: System Address: 0x89fc60d8 Size: 99

Object: Hidden Code [Driver: Cdrom, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x89fc60d8 Size: 99

Object: Hidden Code [Driver: Cdrom, IRP_MJ_DEVICE_CHANGE]
Process: System Address: 0x89fc60d8 Size: 99

Object: Hidden Code [Driver: Cdrom, IRP_MJ_QUERY_QUOTA]
Process: System Address: 0x89fc60d8 Size: 99

Object: Hidden Code [Driver: Cdrom, IRP_MJ_SET_QUOTA]
Process: System Address: 0x89fc60d8 Size: 99

Object: Hidden Code [Driver: Cdrom, IRP_MJ_PNP]
Process: System Address: 0x89fc60d8 Size: 99

Object: Hidden Code [Driver: vax347s, IRP_MJ_CREATE]
Process: System Address: 0x8a228008 Size: 99

Object: Hidden Code [Driver: vax347s, IRP_MJ_CREATE_NAMED_PIPE]
Process: System Address: 0x8a228008 Size: 99

Object: Hidden Code [Driver: vax347s, IRP_MJ_CLOSE]
Process: System Address: 0x8a228008 Size: 99

Object: Hidden Code [Driver: vax347s, IRP_MJ_READ]
Process: System Address: 0x8a228008 Size: 99

Object: Hidden Code [Driver: vax347s, IRP_MJ_WRITE]
Process: System Address: 0x8a228008 Size: 99

Object: Hidden Code [Driver: vax347s, IRP_MJ_QUERY_INFORMATION]
Process: System Address: 0x8a228008 Size: 99

Object: Hidden Code [Driver: vax347s, IRP_MJ_SET_INFORMATION]
Process: System Address: 0x8a228008 Size: 99

Object: Hidden Code [Driver: vax347s, IRP_MJ_QUERY_EA]
Process: System Address: 0x8a228008 Size: 99

Object: Hidden Code [Driver: vax347s, IRP_MJ_SET_EA]
Process: System Address: 0x8a228008 Size: 99

Object: Hidden Code [Driver: vax347s, IRP_MJ_FLUSH_BUFFERS]
Process: System Address: 0x8a228008 Size: 99

Object: Hidden Code [Driver: vax347s, IRP_MJ_QUERY_VOLUME_INFORMATION]
Process: System Address: 0x8a228008 Size: 99

Object: Hidden Code [Driver: vax347s, IRP_MJ_SET_VOLUME_INFORMATION]
Process: System Address: 0x8a228008 Size: 99

Object: Hidden Code [Driver: vax347s, IRP_MJ_DIRECTORY_CONTROL]
Process: System Address: 0x8a228008 Size: 99

Object: Hidden Code [Driver: vax347s, IRP_MJ_FILE_SYSTEM_CONTROL]
Process: System Address: 0x8a228008 Size: 99

Object: Hidden Code [Driver: vax347s, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x8a228008 Size: 99

Object: Hidden Code [Driver: vax347s, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x8a228008 Size: 99

Object: Hidden Code [Driver: vax347s, IRP_MJ_SHUTDOWN]
Process: System Address: 0x8a228008 Size: 99

Object: Hidden Code [Driver: vax347s, IRP_MJ_LOCK_CONTROL]
Process: System Address: 0x8a228008 Size: 99

Object: Hidden Code [Driver: vax347s, IRP_MJ_CLEANUP]
Process: System Address: 0x8a228008 Size: 99

Object: Hidden Code [Driver: vax347s, IRP_MJ_CREATE_MAILSLOT]
Process: System Address: 0x8a228008 Size: 99

Object: Hidden Code [Driver: vax347s, IRP_MJ_QUERY_SECURITY]
Process: System Address: 0x8a228008 Size: 99

Object: Hidden Code [Driver: vax347s, IRP_MJ_SET_SECURITY]
Process: System Address: 0x8a228008 Size: 99

Object: Hidden Code [Driver: vax347s, IRP_MJ_POWER]
Process: System Address: 0x8a228008 Size: 99

Object: Hidden Code [Driver: vax347s, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x8a228008 Size: 99

Object: Hidden Code [Driver: vax347s, IRP_MJ_DEVICE_CHANGE]
Process: System Address: 0x8a228008 Size: 99

Object: Hidden Code [Driver: vax347s, IRP_MJ_QUERY_QUOTA]
Process: System Address: 0x8a228008 Size: 99

Object: Hidden Code [Driver: vax347s, IRP_MJ_SET_QUOTA]
Process: System Address: 0x8a228008 Size: 99

Object: Hidden Code [Driver: vax347s, IRP_MJ_PNP]
Process: System Address: 0x8a228008 Size: 99

Object: Hidden Code [Driver: Rdbss, IRP_MJ_READ]
Process: System Address: 0x8a278030 Size: 11

Object: Hidden Code [Driver: Srv, IRP_MJ_READ]
Process: System Address: 0x88f7eca8 Size: 11

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_READ]
Process: System Address: 0x8a119ce8 Size: 11

Object: Hidden Code [Driver: Npfsȅ卆浩ȁడ獕畱, IRP_MJ_READ]
Process: System Address: 0x89c30930 Size: 11

Object: Hidden Code [Driver: Msfs؅ఝ䵃慄$歶 ¸, IRP_MJ_READ]
Process: System Address: 0x8ad382e8 Size: 11

Object: Hidden Code [Driver: Fs_Rec, IRP_MJ_READ]
Process: System Address: 0x89f77030 Size: 11

Object: Hidden Code [Driver: Cdfsࠅఈ浍浓浈訂Ȁ, IRP_MJ_READ]
Process: System Address: 0x89fc3258 Size: 11

Shadow SSDT
-------------------
#: 013 Function Name: NtGdiBitBlt
Status: Hooked by "D:\XP\System32\DRIVERS\cmdguard.sys" at address 0xab71c2a4

#: 122 Function Name: NtGdiDeleteObjectApp
Status: Hooked by "D:\XP\System32\DRIVERS\cmdguard.sys" at address 0xab71c9c8

#: 227 Function Name: NtGdiMaskBlt
Status: Hooked by "D:\XP\System32\DRIVERS\cmdguard.sys" at address 0xab71c3d8

#: 233 Function Name: NtGdiOpenDCW
Status: Hooked by "D:\XP\System32\DRIVERS\cmdguard.sys" at address 0xab71c888

#: 237 Function Name: NtGdiPlgBlt
Status: Hooked by "D:\XP\System32\DRIVERS\cmdguard.sys" at address 0xab71c518

#: 292 Function Name: NtGdiStretchBlt
Status: Hooked by "D:\XP\System32\DRIVERS\cmdguard.sys" at address 0xab71c64c

#: 310 Function Name: NtUserBlockInput
Status: Hooked by "D:\XP\System32\DRIVERS\cmdguard.sys" at address 0xab71c124

#: 319 Function Name: NtUserCallHwndParamLock
Status: Hooked by "D:\XP\System32\DRIVERS\cmdguard.sys" at address 0xab71b376

#: 383 Function Name: NtUserGetAsyncKeyState
Status: Hooked by "D:\XP\System32\DRIVERS\cmdguard.sys" at address 0xab71bdf4

#: 389 Function Name: NtUserGetClipboardData
Status: Hooked by "D:\XP\System32\DRIVERS\cmdguard.sys" at address 0xab71c786

#: 414 Function Name: NtUserGetKeyboardState
Status: Hooked by "D:\XP\System32\DRIVERS\cmdguard.sys" at address 0xab71bb62

#: 416 Function Name: NtUserGetKeyState
Status: Hooked by "D:\XP\System32\DRIVERS\cmdguard.sys" at address 0xab71bca4

#: 460 Function Name: NtUserMessageCall
Status: Hooked by "D:\XP\System32\DRIVERS\cmdguard.sys" at address 0xab71b846

#: 465 Function Name: NtUserMoveWindow
Status: Hooked by "D:\XP\System32\DRIVERS\cmdguard.sys" at address 0xab71b0ae

#: 475 Function Name: NtUserPostMessage
Status: Hooked by "D:\XP\System32\DRIVERS\cmdguard.sys" at address 0xab71b4f8

#: 476 Function Name: NtUserPostThreadMessage
Status: Hooked by "D:\XP\System32\DRIVERS\cmdguard.sys" at address 0xab71b6a4

#: 491 Function Name: NtUserRegisterRawInputDevices
Status: Hooked by "D:\XP\System32\DRIVERS\cmdguard.sys" at address 0xab71bf44

#: 502 Function Name: NtUserSendInput
Status: Hooked by "D:\XP\System32\DRIVERS\cmdguard.sys" at address 0xab71ba08

#: 509 Function Name: NtUserSetClipboardViewer
Status: Hooked by "D:\XP\System32\DRIVERS\cmdguard.sys" at address 0xab71c03a

Alt 23.08.2009, 15:53   #7
Turrican
 
Comodo Internet Security blockt Verbindung zu unbekanntem Programm/ HJT Loganalyse - Standard

Comodo Internet Security blockt Verbindung zu unbekanntem Programm/ HJT Loganalyse


Noch mal...

#: 529 Function Name: NtUserSetParent
Status: Hooked by "D:\XP\System32\DRIVERS\cmdguard.sys" at address 0xab71b21e

#: 549 Function Name: NtUserSetWindowsHookEx
Status: Hooked by "D:\XP\System32\DRIVERS\cmdguard.sys" at address 0xab71ca2e

#: 552 Function Name: NtUserSetWinEventHook
Status: Hooked by "D:\XP\System32\DRIVERS\cmdguard.sys" at address 0xab71cc62

==EOF==

Werd ich nicht mehr ganz schlau draus, aber das hier sieht seltsam aus:

Object: Hidden Code [Driver: Npfsȅ卆浩ȁడ獕畱, IRP_MJ_READ]
Process: System Address: 0x89c30930 Size: 11

Object: Hidden Code [Driver: Msfs؅ఝ䵃慄$歶 ¸, IRP_MJ_READ]
Process: System Address: 0x8ad382e8 Size: 11

Object: Hidden Code [Driver: Cdfsࠅఈ浍浓浈訂Ȁ, IRP_MJ_READ]
Process: System Address: 0x89fc3258 Size: 11

Dieser Scan wurde für c: und d: durchgeführt, wobei gebootet von d:, d.h. Win-XP war. Habe den Scan mal nur für XP, also d:, wiederholt.

********************************************************
ROOTREPEAL (c) AD, 2007-2009
==================================================
Scan Start Time: 2009/08/23 16:15
Program Version: Version 1.3.5.0
Windows Version: Windows XP SP3
==================================================

Drivers
-------------------
Name: dump_iaStor.sys
Image Path: D:\XP\System32\Drivers\dump_iaStor.sys
Address: 0xA750C000 Size: 897024 File Visible: No Signed: -
Status: -

Name: rootrepeal.sys
Image Path: D:\XP\system32\drivers\rootrepeal.sys
Address: 0xA2CC3000 Size: 49152 File Visible: No Signed: -
Status: -

Hidden/Locked Files
-------------------
Path: D:\hiberfil.sys
Status: Locked to the Windows API!

Path: D:\Programme\Comodo\COMODO Internet Security\Quarantine
Status: Locked to the Windows API!

Path: D:\XP\system32\drivers\sfi.dat
Status: Locked to the Windows API!

Path: \\?\D:\Programme\Comodo\COMODO Internet Security\Quarantine\*
Status: Could not enumerate files with the Windows API (0x00000005)!


SSDT
-------------------
#: 011 Function Name: NtAdjustPrivilegesToken
Status: Hooked by "D:\XP\System32\DRIVERS\cmdguard.sys" at address 0xab718f68

#: 025 Function Name: NtClose
Status: Hooked by "D:\XP\System32\Drivers\aswSP.SYS" at address 0xa75ef6b8

#: 031 Function Name: NtConnectPort
Status: Hooked by "D:\XP\System32\DRIVERS\cmdguard.sys" at address 0xab718472

#: 037 Function Name: NtCreateFile
Status: Hooked by "D:\XP\System32\DRIVERS\cmdguard.sys" at address 0xab718b0c

#: 041 Function Name: NtCreateKey
Status: Hooked by "D:\XP\System32\Drivers\aswSP.SYS" at address 0xa75ef574

#: 045 Function Name: NtCreatePagingFile
Status: Hooked by "vax347b.sys" at address 0xb7f81c70

#: 046 Function Name: NtCreatePort
Status: Hooked by "D:\XP\System32\DRIVERS\cmdguard.sys" at address 0xab718150

#: 050 Function Name: NtCreateSection
Status: Hooked by "D:\XP\System32\DRIVERS\cmdguard.sys" at address 0xab71a1f0

#: 052 Function Name: NtCreateSymbolicLinkObject
Status: Hooked by "D:\XP\System32\DRIVERS\cmdguard.sys" at address 0xab71a4c8

#: 053 Function Name: NtCreateThread
Status: Hooked by "D:\XP\System32\DRIVERS\cmdguard.sys" at address 0xab717d16

#: 063 Function Name: NtDeleteKey
Status: Hooked by "D:\XP\System32\DRIVERS\cmdguard.sys" at address 0xab71914e

#: 065 Function Name: NtDeleteValueKey
Status: Hooked by "D:\XP\System32\Drivers\aswSP.SYS" at address 0xa75efa52

#: 068 Function Name: NtDuplicateObject
Status: Hooked by "D:\XP\System32\Drivers\aswSP.SYS" at address 0xa75ef14c

#: 071 Function Name: NtEnumerateKey
Status: Hooked by "vax347b.sys" at address 0xb7f824fe

#: 073 Function Name: NtEnumerateValueKey
Status: Hooked by "vax347b.sys" at address 0xb7f8dcb0

#: 097 Function Name: NtLoadDriver
Status: Hooked by "D:\XP\System32\DRIVERS\cmdguard.sys" at address 0xab719e72

#: 105 Function Name: NtMakeTemporaryObject
Status: Hooked by "D:\XP\System32\DRIVERS\cmdguard.sys" at address 0xab7186f6

#: 116 Function Name: NtOpenFile
Status: Hooked by "D:\XP\System32\DRIVERS\cmdguard.sys" at address 0xab718d50

#: 119 Function Name: NtOpenKey
Status: Hooked by "D:\XP\System32\Drivers\aswSP.SYS" at address 0xa75ef64e

#: 122 Function Name: NtOpenProcess
Status: Hooked by "D:\XP\System32\Drivers\aswSP.SYS" at address 0xa75ef08c

#: 125 Function Name: NtOpenSection
Status: Hooked by "D:\XP\System32\DRIVERS\cmdguard.sys" at address 0xab718986

#: 128 Function Name: NtOpenThread
Status: Hooked by "D:\XP\System32\Drivers\aswSP.SYS" at address 0xa75ef0f0

#: 160 Function Name: NtQueryKey
Status: Hooked by "vax347b.sys" at address 0xb7f8251e

#: 177 Function Name: NtQueryValueKey
Status: Hooked by "D:\XP\System32\Drivers\aswSP.SYS" at address 0xa75ef76e

#: 192 Function Name: NtRenameKey
Status: Hooked by "D:\XP\System32\DRIVERS\cmdguard.sys" at address 0xab7198aa

#: 200 Function Name: NtRequestWaitReplyPort
Status: Hooked by "D:\XP\System32\DRIVERS\cmdguard.sys" at address 0xab71826e

#: 204 Function Name: NtRestoreKey
Status: Hooked by "D:\XP\System32\Drivers\aswSP.SYS" at address 0xa75ef72e

#: 210 Function Name: NtSecureConnectPort
Status: Hooked by "D:\XP\System32\DRIVERS\cmdguard.sys" at address 0xab719c0e

#: 240 Function Name: NtSetSystemInformation
Status: Hooked by "D:\XP\System32\DRIVERS\cmdguard.sys" at address 0xab71a020

#: 241 Function Name: NtSetSystemPowerState
Status: Hooked by "vax347b.sys" at address 0xb7f8d450

#: 247 Function Name: NtSetValueKey
Status: Hooked by "D:\XP\System32\Drivers\aswSP.SYS" at address 0xa75ef8ae

#: 249 Function Name: NtShutdownSystem
Status: Hooked by "D:\XP\System32\DRIVERS\cmdguard.sys" at address 0xab718690

#: 255 Function Name: NtSystemDebugControl
Status: Hooked by "D:\XP\System32\DRIVERS\cmdguard.sys" at address 0xab71887a

#: 257 Function Name: NtTerminateProcess
Status: Hooked by "D:\XP\System32\DRIVERS\cmdguard.sys" at address 0xab71801a

#: 258 Function Name: NtTerminateThread
Status: Hooked by "D:\XP\System32\DRIVERS\cmdguard.sys" at address 0xab717ee8

Stealth Objects
-------------------
Object: Hidden Code [Driver: Ntfs, IRP_MJ_READ]
Process: System Address: 0x8ad927a8 Size: 11

Object: Hidden Code [Driver: iaStor, IRP_MJ_CREATE]
Process: System Address: 0x8ad46f00 Size: 99

Object: Hidden Code [Driver: iaStor, IRP_MJ_CREATE_NAMED_PIPE]
Process: System Address: 0x8ad46f00 Size: 99

Object: Hidden Code [Driver: iaStor, IRP_MJ_CLOSE]
Process: System Address: 0x8ad46f00 Size: 99

Object: Hidden Code [Driver: iaStor, IRP_MJ_READ]
Process: System Address: 0x8ad46f00 Size: 99

Object: Hidden Code [Driver: iaStor, IRP_MJ_WRITE]
Process: System Address: 0x8ad46f00 Size: 99

Object: Hidden Code [Driver: iaStor, IRP_MJ_QUERY_INFORMATION]
Process: System Address: 0x8ad46f00 Size: 99

Object: Hidden Code [Driver: iaStor, IRP_MJ_SET_INFORMATION]
Process: System Address: 0x8ad46f00 Size: 99

Alt 23.08.2009, 15:55   #8
Turrican
 
Comodo Internet Security blockt Verbindung zu unbekanntem Programm/ HJT Loganalyse - Standard

Comodo Internet Security blockt Verbindung zu unbekanntem Programm/ HJT Loganalyse


So, endlich letzte Fortsetzung...



Object: Hidden Code [Driver: iaStor, IRP_MJ_QUERY_EA]
Process: System Address: 0x8ad46f00 Size: 99

Object: Hidden Code [Driver: iaStor, IRP_MJ_SET_EA]
Process: System Address: 0x8ad46f00 Size: 99

Object: Hidden Code [Driver: iaStor, IRP_MJ_FLUSH_BUFFERS]
Process: System Address: 0x8ad46f00 Size: 99

Object: Hidden Code [Driver: iaStor, IRP_MJ_QUERY_VOLUME_INFORMATION]
Process: System Address: 0x8ad46f00 Size: 99

Object: Hidden Code [Driver: iaStor, IRP_MJ_SET_VOLUME_INFORMATION]
Process: System Address: 0x8ad46f00 Size: 99

Object: Hidden Code [Driver: iaStor, IRP_MJ_DIRECTORY_CONTROL]
Process: System Address: 0x8ad46f00 Size: 99

Object: Hidden Code [Driver: iaStor, IRP_MJ_FILE_SYSTEM_CONTROL]
Process: System Address: 0x8ad46f00 Size: 99

Object: Hidden Code [Driver: iaStor, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x8ad46f00 Size: 99

Object: Hidden Code [Driver: iaStor, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x8ad46f00 Size: 99

Object: Hidden Code [Driver: iaStor, IRP_MJ_SHUTDOWN]
Process: System Address: 0x8ad46f00 Size: 99

Object: Hidden Code [Driver: iaStor, IRP_MJ_LOCK_CONTROL]
Process: System Address: 0x8ad46f00 Size: 99

Object: Hidden Code [Driver: iaStor, IRP_MJ_CLEANUP]
Process: System Address: 0x8ad46f00 Size: 99

Object: Hidden Code [Driver: iaStor, IRP_MJ_CREATE_MAILSLOT]
Process: System Address: 0x8ad46f00 Size: 99

Object: Hidden Code [Driver: iaStor, IRP_MJ_QUERY_SECURITY]
Process: System Address: 0x8ad46f00 Size: 99

Object: Hidden Code [Driver: iaStor, IRP_MJ_SET_SECURITY]
Process: System Address: 0x8ad46f00 Size: 99

Object: Hidden Code [Driver: iaStor, IRP_MJ_POWER]
Process: System Address: 0x8ad46f00 Size: 99

Object: Hidden Code [Driver: iaStor, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x8ad46f00 Size: 99

Object: Hidden Code [Driver: iaStor, IRP_MJ_DEVICE_CHANGE]
Process: System Address: 0x8ad46f00 Size: 99

Object: Hidden Code [Driver: iaStor, IRP_MJ_QUERY_QUOTA]
Process: System Address: 0x8ad46f00 Size: 99

Object: Hidden Code [Driver: iaStor, IRP_MJ_SET_QUOTA]
Process: System Address: 0x8ad46f00 Size: 99

Object: Hidden Code [Driver: iaStor, IRP_MJ_PNP]
Process: System Address: 0x8ad46f00 Size: 99

Object: Hidden Code [Driver: Cdrom, IRP_MJ_CREATE]
Process: System Address: 0x89fc60d8 Size: 99

Object: Hidden Code [Driver: Cdrom, IRP_MJ_CREATE_NAMED_PIPE]
Process: System Address: 0x89fc60d8 Size: 99

Object: Hidden Code [Driver: Cdrom, IRP_MJ_CLOSE]
Process: System Address: 0x89fc60d8 Size: 99

Object: Hidden Code [Driver: Cdrom, IRP_MJ_READ]
Process: System Address: 0x89fc60d8 Size: 99

Object: Hidden Code [Driver: Cdrom, IRP_MJ_WRITE]
Process: System Address: 0x89fc60d8 Size: 99

Object: Hidden Code [Driver: Cdrom, IRP_MJ_QUERY_INFORMATION]
Process: System Address: 0x89fc60d8 Size: 99

Object: Hidden Code [Driver: Cdrom, IRP_MJ_SET_INFORMATION]
Process: System Address: 0x89fc60d8 Size: 99

Object: Hidden Code [Driver: Cdrom, IRP_MJ_QUERY_EA]
Process: System Address: 0x89fc60d8 Size: 99

Object: Hidden Code [Driver: Cdrom, IRP_MJ_SET_EA]
Process: System Address: 0x89fc60d8 Size: 99

Object: Hidden Code [Driver: Cdrom, IRP_MJ_FLUSH_BUFFERS]
Process: System Address: 0x89fc60d8 Size: 99

Object: Hidden Code [Driver: Cdrom, IRP_MJ_QUERY_VOLUME_INFORMATION]
Process: System Address: 0x89fc60d8 Size: 99

Object: Hidden Code [Driver: Cdrom, IRP_MJ_SET_VOLUME_INFORMATION]
Process: System Address: 0x89fc60d8 Size: 99

Object: Hidden Code [Driver: Cdrom, IRP_MJ_DIRECTORY_CONTROL]
Process: System Address: 0x89fc60d8 Size: 99

Object: Hidden Code [Driver: Cdrom, IRP_MJ_FILE_SYSTEM_CONTROL]
Process: System Address: 0x89fc60d8 Size: 99

Object: Hidden Code [Driver: Cdrom, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x89fc60d8 Size: 99

Object: Hidden Code [Driver: Cdrom, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x89fc60d8 Size: 99

Object: Hidden Code [Driver: Cdrom, IRP_MJ_SHUTDOWN]
Process: System Address: 0x89fc60d8 Size: 99

Object: Hidden Code [Driver: Cdrom, IRP_MJ_LOCK_CONTROL]
Process: System Address: 0x89fc60d8 Size: 99

Object: Hidden Code [Driver: Cdrom, IRP_MJ_CLEANUP]
Process: System Address: 0x89fc60d8 Size: 99

Object: Hidden Code [Driver: Cdrom, IRP_MJ_CREATE_MAILSLOT]
Process: System Address: 0x89fc60d8 Size: 99

Object: Hidden Code [Driver: Cdrom, IRP_MJ_QUERY_SECURITY]
Process: System Address: 0x89fc60d8 Size: 99

Object: Hidden Code [Driver: Cdrom, IRP_MJ_SET_SECURITY]
Process: System Address: 0x89fc60d8 Size: 99

Object: Hidden Code [Driver: Cdrom, IRP_MJ_POWER]
Process: System Address: 0x89fc60d8 Size: 99

Object: Hidden Code [Driver: Cdrom, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x89fc60d8 Size: 99

Object: Hidden Code [Driver: Cdrom, IRP_MJ_DEVICE_CHANGE]
Process: System Address: 0x89fc60d8 Size: 99

Object: Hidden Code [Driver: Cdrom, IRP_MJ_QUERY_QUOTA]
Process: System Address: 0x89fc60d8 Size: 99

Object: Hidden Code [Driver: Cdrom, IRP_MJ_SET_QUOTA]
Process: System Address: 0x89fc60d8 Size: 99

Object: Hidden Code [Driver: Cdrom, IRP_MJ_PNP]
Process: System Address: 0x89fc60d8 Size: 99

Object: Hidden Code [Driver: vax347s, IRP_MJ_CREATE]
Process: System Address: 0x8a228008 Size: 99

Object: Hidden Code [Driver: vax347s, IRP_MJ_CREATE_NAMED_PIPE]
Process: System Address: 0x8a228008 Size: 99

Object: Hidden Code [Driver: vax347s, IRP_MJ_CLOSE]
Process: System Address: 0x8a228008 Size: 99

Object: Hidden Code [Driver: vax347s, IRP_MJ_READ]
Process: System Address: 0x8a228008 Size: 99

Object: Hidden Code [Driver: vax347s, IRP_MJ_WRITE]
Process: System Address: 0x8a228008 Size: 99

Object: Hidden Code [Driver: vax347s, IRP_MJ_QUERY_INFORMATION]
Process: System Address: 0x8a228008 Size: 99

Object: Hidden Code [Driver: vax347s, IRP_MJ_SET_INFORMATION]
Process: System Address: 0x8a228008 Size: 99

Object: Hidden Code [Driver: vax347s, IRP_MJ_QUERY_EA]
Process: System Address: 0x8a228008 Size: 99

Object: Hidden Code [Driver: vax347s, IRP_MJ_SET_EA]
Process: System Address: 0x8a228008 Size: 99

Object: Hidden Code [Driver: vax347s, IRP_MJ_FLUSH_BUFFERS]
Process: System Address: 0x8a228008 Size: 99

Object: Hidden Code [Driver: vax347s, IRP_MJ_QUERY_VOLUME_INFORMATION]
Process: System Address: 0x8a228008 Size: 99

Object: Hidden Code [Driver: vax347s, IRP_MJ_SET_VOLUME_INFORMATION]
Process: System Address: 0x8a228008 Size: 99

Object: Hidden Code [Driver: vax347s, IRP_MJ_DIRECTORY_CONTROL]
Process: System Address: 0x8a228008 Size: 99

Object: Hidden Code [Driver: vax347s, IRP_MJ_FILE_SYSTEM_CONTROL]
Process: System Address: 0x8a228008 Size: 99

Object: Hidden Code [Driver: vax347s, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x8a228008 Size: 99

Object: Hidden Code [Driver: vax347s, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x8a228008 Size: 99

Object: Hidden Code [Driver: vax347s, IRP_MJ_SHUTDOWN]
Process: System Address: 0x8a228008 Size: 99

Object: Hidden Code [Driver: vax347s, IRP_MJ_LOCK_CONTROL]
Process: System Address: 0x8a228008 Size: 99

Object: Hidden Code [Driver: vax347s, IRP_MJ_CLEANUP]
Process: System Address: 0x8a228008 Size: 99

Object: Hidden Code [Driver: vax347s, IRP_MJ_CREATE_MAILSLOT]
Process: System Address: 0x8a228008 Size: 99

Object: Hidden Code [Driver: vax347s, IRP_MJ_QUERY_SECURITY]
Process: System Address: 0x8a228008 Size: 99

Object: Hidden Code [Driver: vax347s, IRP_MJ_SET_SECURITY]
Process: System Address: 0x8a228008 Size: 99

Object: Hidden Code [Driver: vax347s, IRP_MJ_POWER]
Process: System Address: 0x8a228008 Size: 99

Object: Hidden Code [Driver: vax347s, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x8a228008 Size: 99

Object: Hidden Code [Driver: vax347s, IRP_MJ_DEVICE_CHANGE]
Process: System Address: 0x8a228008 Size: 99

Object: Hidden Code [Driver: vax347s, IRP_MJ_QUERY_QUOTA]
Process: System Address: 0x8a228008 Size: 99

Object: Hidden Code [Driver: vax347s, IRP_MJ_SET_QUOTA]
Process: System Address: 0x8a228008 Size: 99

Object: Hidden Code [Driver: vax347s, IRP_MJ_PNP]
Process: System Address: 0x8a228008 Size: 99

Object: Hidden Code [Driver: Rdbss, IRP_MJ_READ]
Process: System Address: 0x8a278030 Size: 11

Object: Hidden Code [Driver: Srv, IRP_MJ_READ]
Process: System Address: 0x88f7eca8 Size: 11

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_READ]
Process: System Address: 0x8a119ce8 Size: 11

Object: Hidden Code [Driver: Npfsȅ卆浩ȁడ獕畱, IRP_MJ_READ]
Process: System Address: 0x89c30930 Size: 11

Object: Hidden Code [Driver: Msfs؅ఝ䵃慄$歶 ¸, IRP_MJ_READ]
Process: System Address: 0x8ad382e8 Size: 11

Object: Hidden Code [Driver: Fs_Rec, IRP_MJ_READ]
Process: System Address: 0x89f77030 Size: 11

Object: Hidden Code [Driver: Cdfsࠅఈ浍浓浈訂Ȁ, IRP_MJ_READ]
Process: System Address: 0x89fc3258 Size: 11

Shadow SSDT
-------------------
#: 013 Function Name: NtGdiBitBlt
Status: Hooked by "D:\XP\System32\DRIVERS\cmdguard.sys" at address 0xab71c2a4

#: 122 Function Name: NtGdiDeleteObjectApp
Status: Hooked by "D:\XP\System32\DRIVERS\cmdguard.sys" at address 0xab71c9c8

#: 227 Function Name: NtGdiMaskBlt
Status: Hooked by "D:\XP\System32\DRIVERS\cmdguard.sys" at address 0xab71c3d8

#: 233 Function Name: NtGdiOpenDCW
Status: Hooked by "D:\XP\System32\DRIVERS\cmdguard.sys" at address 0xab71c888

#: 237 Function Name: NtGdiPlgBlt
Status: Hooked by "D:\XP\System32\DRIVERS\cmdguard.sys" at address 0xab71c518

#: 292 Function Name: NtGdiStretchBlt
Status: Hooked by "D:\XP\System32\DRIVERS\cmdguard.sys" at address 0xab71c64c

#: 310 Function Name: NtUserBlockInput
Status: Hooked by "D:\XP\System32\DRIVERS\cmdguard.sys" at address 0xab71c124

#: 319 Function Name: NtUserCallHwndParamLock
Status: Hooked by "D:\XP\System32\DRIVERS\cmdguard.sys" at address 0xab71b376

#: 383 Function Name: NtUserGetAsyncKeyState
Status: Hooked by "D:\XP\System32\DRIVERS\cmdguard.sys" at address 0xab71bdf4

#: 389 Function Name: NtUserGetClipboardData
Status: Hooked by "D:\XP\System32\DRIVERS\cmdguard.sys" at address 0xab71c786

#: 414 Function Name: NtUserGetKeyboardState
Status: Hooked by "D:\XP\System32\DRIVERS\cmdguard.sys" at address 0xab71bb62

#: 416 Function Name: NtUserGetKeyState
Status: Hooked by "D:\XP\System32\DRIVERS\cmdguard.sys" at address 0xab71bca4

#: 460 Function Name: NtUserMessageCall
Status: Hooked by "D:\XP\System32\DRIVERS\cmdguard.sys" at address 0xab71b846

#: 465 Function Name: NtUserMoveWindow
Status: Hooked by "D:\XP\System32\DRIVERS\cmdguard.sys" at address 0xab71b0ae

#: 475 Function Name: NtUserPostMessage
Status: Hooked by "D:\XP\System32\DRIVERS\cmdguard.sys" at address 0xab71b4f8

#: 476 Function Name: NtUserPostThreadMessage
Status: Hooked by "D:\XP\System32\DRIVERS\cmdguard.sys" at address 0xab71b6a4

#: 491 Function Name: NtUserRegisterRawInputDevices
Status: Hooked by "D:\XP\System32\DRIVERS\cmdguard.sys" at address 0xab71bf44

#: 502 Function Name: NtUserSendInput
Status: Hooked by "D:\XP\System32\DRIVERS\cmdguard.sys" at address 0xab71ba08

#: 509 Function Name: NtUserSetClipboardViewer
Status: Hooked by "D:\XP\System32\DRIVERS\cmdguard.sys" at address 0xab71c03a

#: 529 Function Name: NtUserSetParent
Status: Hooked by "D:\XP\System32\DRIVERS\cmdguard.sys" at address 0xab71b21e

#: 549 Function Name: NtUserSetWindowsHookEx
Status: Hooked by "D:\XP\System32\DRIVERS\cmdguard.sys" at address 0xab71ca2e

#: 552 Function Name: NtUserSetWinEventHook
Status: Hooked by "D:\XP\System32\DRIVERS\cmdguard.sys" at address 0xab71cc62

==EOF==
**********************************************************

Hier fiel mir vor allem das auf:


Path: \\?\D:\Programme\Comodo\COMODO Internet Security\Quarantine\*
Status: Could not enumerate files with the Windows API (0x00000005)!

Erinnert mich an das komische Ding mit dem Kästchen statt einem Dateinamen. Das war im ersten Scan nicht mit drin. Und auch wieder die Zeilen mit den japanischen Zeichen.

Ich hoffe, das reicht an Infos.


Vielen Dank für die Mühe, ist ja einiges an Daten :-/. Hab mal selber versucht, das etwas zu analysieren, wobei ich nicht ganz schlau werde. Als verdächtig erscheinen mir der Eintrag mit dem ? sowie das mit den komischen Zeichen, der Rest scheint mir normal zu sein.

Ist es normal, dass das eine solche Menge an Zeilen ist?

VG
Turrican

Alt 23.08.2009, 21:01   #9
undoreal
/// AVZ-Toolkit Guru
 
Comodo Internet Security blockt Verbindung zu unbekanntem Programm/ HJT Loganalyse - Standard

Comodo Internet Security blockt Verbindung zu unbekanntem Programm/ HJT Loganalyse


Das sieht alles sauber aus.

Hast du die AskBar deinstalliert?

Deintsalliere auch Lavasoft. Das taugt garnichts.

Also Avast und Comodo setzen rel. ähnliche Hooks. Das kann schnell zu Problemen führen.

Ich würde Comodo mit dem Revo Uninstallare (erweiterter Uninstall Modus) deinstallieren, danach mit dem CCleaner aufräumen, den Rechner neustarten und gucken on das das Problem behebt...
__________________
- Sämtliche Hilfestellungen im Forum werden ohne Gewährleistung oder Haftung gegeben -
Alt 23.08.2009, 21:20   #10
Turrican
 
Comodo Internet Security blockt Verbindung zu unbekanntem Programm/ HJT Loganalyse - Standard

Comodo Internet Security blockt Verbindung zu unbekanntem Programm/ HJT Loganalyse


Hallo Undoreal,

danke für die Info, ja habe die Taskbar deinstalliert ^^. Hmmm bislang war ich mit AdAware recht zufrieden, hast Du denn einen Tipp was besser wäre? Es wäre gut möglich, dass sich Comodo und Avast beissen, allerdings habe ich das Problem bei Vista nicht, irgendwie... Gibt es eine bessere Firewall als Comodo?

Was besagen denn die chinesischen Zeichen?

Auf jeden Fall einen recht herzlichen Dank für die enorme Mühe, das alles durchzulesen, waren ja doch etliche Seiten. Hab auch den SUPERAntiSpyware mal drüberlaufen lassen, der hat nur ein paar alberne Tracking Cookies gefunden, also nix Wildes ^^.

Nochmals vielen Dank und schönen Abend
werde mich um den Rest die Woche kümmern.


VG
Turrican

Alt 23.08.2009, 22:16   #11
undoreal
/// AVZ-Toolkit Guru
 
Comodo Internet Security blockt Verbindung zu unbekanntem Programm/ HJT Loganalyse - Standard

Comodo Internet Security blockt Verbindung zu unbekanntem Programm/ HJT Loganalyse


Zitat:
Hmmm bislang war ich mit AdAware recht zufrieden, hast Du denn einen Tipp was besser wäre?
SuperAntiSpyware oder Anti-Malware. Allerdings beide ohne Wächter! Die Wächter taugen bei all den Progs überhaupt nichts!

Zitat:
Gibt es eine bessere Firewall als Comodo?
Aber hallo. Eine viel bessere! Die Windows Firewall.

Zitat:
Was besagen denn die chinesischen Zeichen?
Keine Ahnung. Muss irgendein Bug sein; sieht man immer mal wieder.
__________________
- Sämtliche Hilfestellungen im Forum werden ohne Gewährleistung oder Haftung gegeben -
Antwort

Themen zu Comodo Internet Security blockt Verbindung zu unbekanntem Programm/ HJT Loganalyse
ad-aware, ad-watch, adobe, agere systems, antivirus, ask toolbar, askbar, avast, avast antivirus, avast!, bho, frage, gesperrt, google, hijackthis, hkus\s-1-5-18, internet, internet explorer, internet security, kis, monitor, nicht gefunden, programm, realtek, registry, rundll, security, senden, software, system, usb, vista, windows, windows xp


« nach paar torrent downloads spinnt der browser | Internet nach Entfernung eines Trojaner defekt!! »

Ähnliche Themen: Comodo Internet Security blockt Verbindung zu unbekanntem Programm/ HJT Loganalyse


  1. Comodo Security Freeware - lässt sich nicht komplett deinstallieren
    Log-Analyse und Auswertung - 11.08.2015 (12)
  2. Virenbefall Windows 8.1 64 bit Comodo. Dringend Trojaner bereits Internet Verbindung
    Plagegeister aller Art und deren Bekämpfung - 17.07.2015 (31)
  3. Befunde durch mein Internet Security Programm
    Log-Analyse und Auswertung - 26.02.2015 (4)
  4. MCAfee LifeSafe - Internet Security Meldung: Potentiell unerwünschtes Programm blockiert
    Plagegeister aller Art und deren Bekämpfung - 05.12.2014 (3)
  5. G DATA INTERNET SECURITY "Dieses Programm wurde durch eine Gruppenrichtlinie blockiert."
    Log-Analyse und Auswertung - 11.11.2014 (7)
  6. Nach Deinstallation von Comodo Internet Security - Netzwerk defekt
    Alles rund um Windows - 03.04.2014 (4)
  7. Comodo Security Antivirus Free
    Smartphone, Tablet & Handy Security - 10.10.2013 (0)
  8. Avast- kein Avast Internet Security-Programm Update möglich 29.02.2012
    Plagegeister aller Art und deren Bekämpfung - 05.03.2012 (3)
  9. Internet Security /Security Warning , Fake Security Programm
    Plagegeister aller Art und deren Bekämpfung - 07.02.2012 (11)
  10. Virus blockt teils Internet verbindung
    Plagegeister aller Art und deren Bekämpfung - 26.01.2012 (14)
  11. PC-Start sehr langsam, Verbindung zu unbekanntem Server, Rootkit-Anzeichen (TDSS?)
    Log-Analyse und Auswertung - 06.12.2011 (23)
  12. Comodo Internet Security deinstallieren...
    Antiviren-, Firewall- und andere Schutzprogramme - 11.06.2011 (2)
  13. Virus blockt teils Internet verbindung
    Plagegeister aller Art und deren Bekämpfung - 07.10.2010 (1)
  14. Taugt die Comodo Internet Security was?
    Antiviren-, Firewall- und andere Schutzprogramme - 05.04.2010 (1)
  15. Programm "Internet Security 2010" eingefangen; HJT Logfile
    Log-Analyse und Auswertung - 10.01.2010 (14)
  16. Problem mit einem unbekanntem programm !
    Log-Analyse und Auswertung - 02.11.2009 (3)
  17. Firewall Blockt verbindung zu megauplingbindinstaller.com
    Log-Analyse und Auswertung - 11.12.2008 (0)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema Comodo Internet Security blockt Verbindung zu unbekanntem Programm/ HJT Loganalyse - Liebes Forum, ein herzliches Hallo von Turrican. Mein Rechner ist ein Laptop, 4 GB RAM, Dualcore, Windows XP und Vista auf 2 Partitionen. Es geht um XP, XP Prof. um - Comodo Internet Security blockt Verbindung zu unbekanntem Programm/ HJT Loganalyse...
Archiv
Du betrachtest: Comodo Internet Security blockt Verbindung zu unbekanntem Programm/ HJT Loganalyse auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129