Home » Viren, Trojaner & Malware Forum » Taskmgr weg, regedit durch Admin gesperrt ?! - HiJackThis » Themenansicht

Taskmgr weg, regedit durch Admin gesperrt ?! - HiJackThis

Thema ist geschlossen!
Thema ist geschlossen!
#0
26.10.2010, 13:49
volleyfabian
Member

Beiträge: 36
#1 Hey Hallo,

ich habe das Problem, dass mein Taskmanager weg ist (Windows Vista - nicht durch Strg+Alt+Entf aufrufbar, auch das Feld ist grau hinterlegt, wenn ich mit Rechtsklick den Taskmgr aufrufen will.)
Ich habe einiges gelesen, mich aber doch dazu entschieden mir hier Hilfe zu holen, da ich in diesem gebit nicht so bewandert bin...
Regedit ist merkwürdigerweise durch den Admin gesperrt..

Ich habe HiJackThis runtergeladen - hier ist mein Logfile:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:10:58, on 26.10.2010
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18527)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Users\ALLE\Fabi\HiJackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.de/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Winload Toolbar - {40c3cc16-7269-4b32-9531-17f2950fb06f} - C:\Program Files\Winload\tbWinl.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Winload Toolbar - {40c3cc16-7269-4b32-9531-17f2950fb06f} - C:\Program Files\Winload\tbWinl.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Winload Toolbar - {40c3cc16-7269-4b32-9531-17f2950fb06f} - C:\Program Files\Winload\tbWinl.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe" /hide
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - Startup: Logitech . Produktregistrierung.lnk = C:\Program Files\Logitech\Logitech WebCam Software\eReg.exe
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe
O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programs\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programs\PartyGaming\PartyPoker\RunApp.exe
O13 - Gopher Prefix:
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/MessengerGamesContent/GameContent/de/uno1/GAME_UNO1.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{26459BC1-F3E4-4126-9280-7428C45F3BF7}: NameServer = 213.191.92.82 213.191.74.11
O17 - HKLM\System\CS1\Services\Tcpip\..\{26459BC1-F3E4-4126-9280-7428C45F3BF7}: NameServer = 213.191.92.82 213.191.74.11
O17 - HKLM\System\CS2\Services\Tcpip\..\{26459BC1-F3E4-4126-9280-7428C45F3BF7}: NameServer = 213.191.92.82 213.191.74.11
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: AntiVir PersonalEdition Classic Planer (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe

--
End of file - 5822 bytes

---> Bitte sagt mir, wie ich nun vorzugehen habe <---
(Soll ich die O7 markieren und "fix checked" machen?... Mein PC läuft schon seit einiger Zeit sehr sehr langsam.. Das mit dem Taskmgr hat mich jez erst wirklich zum stutzen gebracht..)
Dieser Beitrag wurde am 26.10.2010 um 13:55 Uhr von volleyfabian editiert.
Seitenanfang Seitenende
26.10.2010, 19:29
gangren
Member

Beiträge: 420
#2 Hi,

Wichtig: Bitte alle Programme, die wir einsetzen, jetzt und später mit Rechtsklick "Als Administrator" starten.

1. Malwarebytes
http://www.malwarebytes.org/affiliates/g2g/mbam-setup.exe
Malwarebytes bitte installieren, aktualisieren, einen Quick Scan durchführen, evt. Funde entfernen lassen und das Log posten.

2. OTL
http://oldtimer.geekstogo.com/OTL.exe
Starte das Programm, setze Häckchen bei "Scanne alle Benutzer", "LOP Prüfung" und "Purity Prüfung", kopiere unten in das Script-Feld rein:

Zitat

netsvcs
msconfig
und klicke auf Scan. Poste bitte die OTL.txt und Extras.txt
Seitenanfang Seitenende
27.10.2010, 13:32
volleyfabian
Member

Themenstarter

Beiträge: 36
#3 okay alles klar:
1. Malwarebytes:

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Datenbank Version: 4962

Windows 6.0.6001 Service Pack 1
Internet Explorer 7.0.6001.18000

27.10.2010 13:24:37
mbam-log-2010-10-27 (13-24-37).txt

Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 136589
Laufzeit: 6 Minute(n), 59 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 2
Infizierte Verzeichnisse: 0
Infizierte Dateien: 1

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools (Hijack.Regedit) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr (Hijack.TaskManager) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
C:\Windows\System32\cmdow.exe (Malware.Tool) -> Quarantined and deleted successfully.

2. OTL.txt:

OTL logfile created on: 27.10.2010 13:26:09 - Run 1
OTL by OldTimer - Version 3.2.17.1 Folder = C:\Users\ALLE\Downloads
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

1.022,00 Mb Total Physical Memory | 364,00 Mb Available Physical Memory | 36,00% Memory free
2,00 Gb Paging File | 1,00 Gb Available in Paging File | 61,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 465,76 Gb Total Space | 206,77 Gb Free Space | 44,39% Space Free | Partition Type: NTFS

Computer Name: ALLE-PC | User Name: ALLE | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

[color=#E56717]========== Processes (SafeList) ==========[/color]

PRC - [2010.10.27 13:17:40 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\ALLE\Downloads\OTL.exe
PRC - [2010.09.01 08:39:18 | 001,164,584 | ---- | M] () -- C:\Programme\DivX\DivX Update\DivXUpdate.exe
PRC - [2010.06.03 20:41:32 | 000,202,256 | ---- | M] (RealNetworks, Inc.) -- C:\Programme\Common Files\Real\Update_OB\realsched.exe
PRC - [2010.05.22 13:56:26 | 000,307,672 | ---- | M] (Mozilla Corporation) -- C:\Programme\Mozilla Firefox\firefox.exe
PRC - [2010.05.13 11:19:27 | 002,927,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009.10.14 13:36:56 | 002,793,304 | ---- | M] () -- C:\Programme\Logitech\Logitech WebCam Software\LWS.exe
PRC - [2009.10.14 13:34:18 | 000,560,472 | ---- | M] () -- C:\Programme\Common Files\LogiShrd\LQCVFX\COCIManager.exe
PRC - [2009.10.07 01:47:34 | 000,154,136 | ---- | M] (Logitech Inc.) -- C:\Programme\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
PRC - [2008.01.19 09:38:38 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Defender\MSASCui.exe
PRC - [2008.01.19 09:33:39 | 000,896,512 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe
PRC - [2008.01.19 09:33:39 | 000,202,240 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnscfg.exe
PRC - [2007.09.11 09:40:26 | 000,214,056 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir PersonalEdition Classic\avguard.exe
PRC - [2007.08.31 12:25:13 | 000,249,896 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir PersonalEdition Classic\avgnt.exe
PRC - [2007.08.28 13:16:15 | 000,063,016 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir PersonalEdition Classic\sched.exe


[color=#E56717]========== Modules (SafeList) ==========[/color]

MOD - [2010.10.27 13:17:40 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\ALLE\Downloads\OTL.exe
MOD - [2010.08.31 17:39:57 | 001,684,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18523_none_5cdd65e20837faf2\comctl32.dll


[color=#E56717]========== Win32 Services (SafeList) ==========[/color]

SRV - [2010.07.20 14:33:29 | 000,407,336 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2009.10.07 01:47:34 | 000,154,136 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv)
SRV - [2008.01.19 09:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007.09.11 09:40:26 | 000,214,056 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe -- (AntiVirService)
SRV - [2007.08.28 13:16:15 | 000,063,016 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe -- (AntiVirScheduler)


[color=#E56717]========== Driver Services (SafeList) ==========[/color]

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\blbdrive.sys -- (blbdrive)
DRV - [2010.05.13 11:29:07 | 000,691,696 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd)
DRV - [2010.04.03 22:55:32 | 011,573,800 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2010.03.21 17:45:11 | 000,015,872 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Users\ALLE\AppData\Local\Temp\jatmlano.sys -- (jatmlano)
DRV - [2010.03.10 17:25:58 | 000,020,968 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\cpuz133_x32.sys -- (cpuz133)
DRV - [2010.02.24 12:22:10 | 000,185,472 | ---- | M] (Protect Software GmbH) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\acedrv11.sys -- (acedrv11)
DRV - [2009.10.07 10:49:38 | 006,756,632 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lvuvc.sys -- (LVUVC) Logitech Webcam 250(UVC)
DRV - [2009.10.07 10:47:55 | 000,266,008 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lvrs.sys -- (LVRS)
DRV - [2009.10.07 10:46:12 | 000,114,712 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lvpopflt.sys -- (lvpopflt)
DRV - [2009.10.07 01:46:36 | 000,025,752 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LVPr2Mon.sys -- (LVPr2Mon)
DRV - [2008.01.19 07:53:23 | 000,073,088 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\USBAUDIO.sys -- (usbaudio) USB-Audiotreiber (WDM)
DRV - [2007.09.17 11:24:55 | 000,048,448 | ---- | M] (Avira GmbH) [File_System | On_Demand | Running] -- C:\Programme\Avira\AntiVir PersonalEdition Classic\avgntflt.sys -- (avgntflt)
DRV - [2007.09.07 12:05:12 | 000,062,016 | ---- | M] (AVIRA GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2007.03.01 10:34:30 | 000,028,352 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2007.02.27 15:25:04 | 000,011,840 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Programme\Avira\AntiVir PersonalEdition Classic\avgio.sys -- (avgio)
DRV - [2006.11.02 11:51:45 | 000,900,712 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300)
DRV - [2006.11.02 11:51:38 | 000,420,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx)
DRV - [2006.11.02 11:51:34 | 000,316,520 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor)
DRV - [2006.11.02 11:51:32 | 000,297,576 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci)
DRV - [2006.11.02 11:51:25 | 000,235,112 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci)
DRV - [2006.11.02 11:51:25 | 000,232,040 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV)
DRV - [2006.11.02 11:51:00 | 000,147,048 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320)
DRV - [2006.11.02 11:50:45 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2)
DRV - [2006.11.02 11:50:41 | 000,112,232 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid)
DRV - [2006.11.02 11:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx)
DRV - [2006.11.02 11:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata)
DRV - [2006.11.02 11:50:35 | 000,098,408 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m)
DRV - [2006.11.02 11:50:24 | 000,088,680 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid)
DRV - [2006.11.02 11:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960)
DRV - [2006.11.02 11:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp)
DRV - [2006.11.02 11:50:16 | 000,071,784 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4)
DRV - [2006.11.02 11:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor)
DRV - [2006.11.02 11:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx)
DRV - [2006.11.02 11:50:10 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas)
DRV - [2006.11.02 11:50:10 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2006.11.02 11:50:10 | 000,038,504 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid2.sys -- (SiSRaid2)
DRV - [2006.11.02 11:50:10 | 000,037,480 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs)
DRV - [2006.11.02 11:50:09 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arc.sys -- (arc)
DRV - [2006.11.02 11:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid)
DRV - [2006.11.02 11:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi)
DRV - [2006.11.02 11:50:05 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS)
DRV - [2006.11.02 11:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx)
DRV - [2006.11.02 11:50:04 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC)
DRV - [2006.11.02 11:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3)
DRV - [2006.11.02 11:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x)
DRV - [2006.11.02 11:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi)
DRV - [2006.11.02 11:49:53 | 000,028,776 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasas.sys -- (megasas)
DRV - [2006.11.02 11:49:30 | 000,017,512 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\viaide.sys -- (viaide)
DRV - [2006.11.02 11:49:28 | 000,016,488 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide)
DRV - [2006.11.02 11:49:20 | 000,014,952 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\aliide.sys -- (aliide)
DRV - [2006.11.02 10:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2006.11.02 10:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer)
DRV - [2006.11.02 10:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp)
DRV - [2006.11.02 10:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo)
DRV - [2006.11.02 10:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm)
DRV - [2006.11.02 10:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm)
DRV - [2006.11.02 09:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi)
DRV - [2006.11.02 09:30:56 | 000,044,544 | ---- | M] (Realtek Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2006.11.02 09:30:54 | 000,117,760 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel(R)
DRV - [2003.12.01 17:20:52 | 000,004,832 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\sfhlp01.sys -- (sfhlp01)
DRV - [2003.10.10 16:06:26 | 000,062,720 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\prohlp02.sys -- (prohlp02)
DRV - [2003.10.10 15:06:24 | 000,052,128 | ---- | M] (Protection Technology) [Kernel | System | Running] -- C:\Windows\System32\drivers\prodrv06.sys -- (prodrv06)
DRV - [2003.09.06 14:22:08 | 000,006,944 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\prosync1.sys -- (prosync1)


[color=#E56717]========== Standard Registry (SafeList) ==========[/color]


[color=#E56717]========== Internet Explorer ==========[/color]

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\..\URLSearchHook: {40c3cc16-7269-4b32-9531-17f2950fb06f} - C:\Programme\Winload\tbWinl.dll (Conduit Ltd.)


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-4292998420-3711059969-3473743363-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
IE - HKU\S-1-5-21-4292998420-3711059969-3473743363-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.de/
IE - HKU\S-1-5-21-4292998420-3711059969-3473743363-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-4292998420-3711059969-3473743363-1000\..\URLSearchHook: {40c3cc16-7269-4b32-9531-17f2950fb06f} - C:\Programme\Winload\tbWinl.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-4292998420-3711059969-3473743363-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

[color=#E56717]========== FireFox ==========[/color]

FF - prefs.js..browser.search.defaultthis.engineName: "Winload Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2319825&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.selectedEngine: "Winload Customized Web Search"
FF - prefs.js..browser.startup.homepage: "www.google.de"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..keyword.URL: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2319825&q="
FF - prefs.js..sweetim.toolbar.previous.keyword.URL: "chrome://browser-region/locale/region.properties"

FF - HKLM\software\mozilla\Mozilla Firefox 3.0.19\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.09.17 12:30:54 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.19\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.10.20 13:56:44 | 000,000,000 | ---D | M]

[2010.05.12 13:51:17 | 000,000,000 | ---D | M] -- C:\Users\ALLE\AppData\Roaming\mozilla\Extensions
[2010.08.13 12:16:40 | 000,000,000 | ---D | M] -- C:\Users\ALLE\AppData\Roaming\mozilla\Firefox\Profiles\xu4g2hc1.default\extensions
[2010.08.13 12:15:20 | 000,000,000 | ---D | M] (No name found) -- C:\Users\ALLE\AppData\Roaming\mozilla\Firefox\Profiles\xu4g2hc1.default\extensions\{40c3cc16-7269-4b32-9531-17f2950fb06f}-trash
[2010.03.24 16:13:02 | 000,000,917 | ---- | M] () -- C:\Users\ALLE\AppData\Roaming\Mozilla\FireFox\Profiles\xu4g2hc1.default\searchplugins\conduit.xml
[2010.08.13 09:26:53 | 000,003,915 | ---- | M] () -- C:\Users\ALLE\AppData\Roaming\Mozilla\FireFox\Profiles\xu4g2hc1.default\searchplugins\sweetim.xml
[2010.10.26 12:38:55 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions
[2010.07.02 17:52:49 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\Programme\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2010.10.20 13:56:45 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010.04.12 17:29:19 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Mozilla Firefox\plugins\npdeployJava1.dll
[2010.05.22 13:56:32 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2010.05.22 13:56:32 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml
[2010.05.22 13:56:32 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2010.05.22 13:56:32 | 000,000,986 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2010.05.22 13:56:32 | 000,000,801 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml

O1 HOSTS File: ([2010.08.21 13:22:01 | 000,000,002 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (Winload Toolbar) - {40c3cc16-7269-4b32-9531-17f2950fb06f} - C:\Programme\Winload\tbWinl.dll (Conduit Ltd.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Winload Toolbar) - {40c3cc16-7269-4b32-9531-17f2950fb06f} - C:\Programme\Winload\tbWinl.dll (Conduit Ltd.)
O3 - HKU\S-1-5-21-4292998420-3711059969-3473743363-1000\..\Toolbar\WebBrowser: (Winload Toolbar) - {40C3CC16-7269-4B32-9531-17F2950FB06F} - C:\Programme\Winload\tbWinl.dll (Conduit Ltd.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [LogitechQuickCamRibbon] C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe ()
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - Startup: C:\Users\ALLE\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Logitech . Produktregistrierung.lnk = C:\Programme\Logitech\Logitech WebCam Software\eReg.exe (Leader Technologies/Logitech)
O7 - HKU\S-1-5-21-4292998420-3711059969-3473743363-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - C:\Programme\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Programme\ICQ7.2\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Programme\ICQ7.2\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programs\PartyGaming\PartyPoker\RunApp.exe ()
O9 - Extra 'Tools' menuitem : PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programs\PartyGaming\PartyPoker\RunApp.exe ()
O13 - gopher Prefix: missing
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} http://messenger.zone.msn.com/MessengerGamesContent/GameContent/de/uno1/GAME_UNO1.cab (UnoCtrl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Common Files\microsoft shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Common Files\microsoft shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\ALLE\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\ALLE\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{80dc463c-5d2f-11df-86a7-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{80dc463c-5d2f-11df-86a7-806e6f6e6963}\Shell\ar32d301\command - "" = D:\goodies\ar32d301.exe -- File not found
O33 - MountPoints2\{80dc463c-5d2f-11df-86a7-806e6f6e6963}\Shell\AutoRun\command - "" = D:\aoesetup.exe -- File not found
O33 - MountPoints2\{80dc463c-5d2f-11df-86a7-806e6f6e6963}\Shell\dplay\command - "" = D:\goodies\DirectX\dplay60a.exe -- File not found
O33 - MountPoints2\{80dc463c-5d2f-11df-86a7-806e6f6e6963}\Shell\dxdiag\command - "" = D:\goodies\DirectX\dxdiag.exe -- File not found
O33 - MountPoints2\{80dc463c-5d2f-11df-86a7-806e6f6e6963}\Shell\dxinfo\command - "" = D:\goodies\DirectX\dxinfo.exe -- File not found
O33 - MountPoints2\{80dc463c-5d2f-11df-86a7-806e6f6e6963}\Shell\dxtest\command - "" = D:\goodies\DirectX\dx5test.exe -- File not found
O33 - MountPoints2\{80dc463c-5d2f-11df-86a7-806e6f6e6963}\Shell\dxtool\command - "" = D:\goodies\DirectX\dxtool.exe -- File not found
O33 - MountPoints2\{80dc463c-5d2f-11df-86a7-806e6f6e6963}\Shell\ie4stNT\command - "" = D:\goodies\ie40\ie4setup.exe -- File not found
O33 - MountPoints2\{80dc463c-5d2f-11df-86a7-806e6f6e6963}\Shell\ie4stw95\command - "" = D:\goodies\ie40\ie4setup.exe -- File not found
O33 - MountPoints2\{80dc463c-5d2f-11df-86a7-806e6f6e6963}\Shell\msinfo\command - "" = D:\goodies\msinfo\msinfo32.exe -- File not found
O33 - MountPoints2\{80dc463c-5d2f-11df-86a7-806e6f6e6963}\Shell\sampler\command - "" = D:\Sampler\Sampler.exe -- File not found
O33 - MountPoints2\{80dc463c-5d2f-11df-86a7-806e6f6e6963}\Shell\setup\command - "" = D:\aoesetup.exe -- File not found
O33 - MountPoints2\{ad41df80-5e74-11df-92c9-0019db226e07}\Shell - "" = AutoRun
O33 - MountPoints2\{ad41df80-5e74-11df-92c9-0019db226e07}\Shell\AutoRun\command - "" = I:\Installer.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - File not found
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

MsConfig - StartUpReg: DAEMON Tools Lite - hkey= - key= - C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
MsConfig - State: "startup" - 2

[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]

[2010.10.27 13:15:55 | 000,000,000 | ---D | C] -- C:\Users\ALLE\AppData\Roaming\Malwarebytes
[2010.10.27 13:15:43 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010.10.27 13:15:40 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010.10.27 13:15:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010.10.27 13:15:39 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware
[2010.10.26 12:43:51 | 000,062,016 | ---- | C] (AVIRA GmbH) -- C:\Windows\System32\drivers\avipbb.sys
[2010.10.26 12:43:51 | 000,028,352 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\ssmdrv.sys
[2010.10.26 12:43:51 | 000,000,000 | ---D | C] -- C:\Programme\Avira
[2010.10.25 16:28:41 | 000,000,000 | ---D | C] -- C:\Users\ALLE\AppData\Local\SKIDROW
[2010.10.25 15:47:40 | 000,000,000 | ---D | C] -- C:\Users\ALLE\AppData\Local\My Games
[2010.10.25 15:47:27 | 000,000,000 | ---D | C] -- C:\Users\ALLE\Documents\My Games
[2010.10.25 15:21:44 | 000,000,000 | ---D | C] -- C:\Programme\Sid Meier's Civilization V
[2010.10.25 13:06:38 | 000,000,000 | ---D | C] -- C:\ProgramData\WindowsSearch
[2010.10.21 00:12:14 | 000,000,000 | ---D | C] -- C:\Windows\System32\EventProviders
[2010.10.20 13:57:25 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\Java
[2010.10.20 13:56:44 | 000,411,368 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\deployJava1.dll
[2010.10.20 13:56:44 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2010.10.20 13:56:44 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2010.10.20 13:56:44 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2010.10.20 13:54:21 | 000,000,000 | ---D | C] -- C:\Programme\Adobe
[2010.10.15 14:44:32 | 000,000,000 | ---D | C] -- C:\Programme\Buka
[2010.10.13 14:16:05 | 008,147,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmploc.DLL
[2010.10.13 14:15:28 | 000,017,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netevent.dll
[2010.10.13 14:14:58 | 000,157,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\t2embed.dll
[2010.10.13 14:14:54 | 000,954,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc40.dll
[2010.10.13 14:14:54 | 000,954,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc40u.dll
[2010.10.13 14:14:51 | 002,037,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2010.10.13 14:14:47 | 000,248,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msshsq.dll
[2010.10.13 14:14:44 | 000,866,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmpmde.dll
[2010.10.13 14:14:36 | 000,467,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2010.10.13 14:14:35 | 000,380,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll
[2010.10.13 14:14:32 | 000,671,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2010.10.13 14:14:32 | 000,230,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieaksie.dll
[2010.10.13 14:14:31 | 000,389,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2010.10.13 14:14:31 | 000,389,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2010.10.13 14:14:31 | 000,193,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2010.10.13 14:14:31 | 000,078,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieencode.dll
[2010.10.13 14:14:31 | 000,028,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2010.10.13 14:14:30 | 001,383,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2010.10.03 15:36:43 | 000,000,000 | ---D | C] -- C:\Users\ALLE\AppData\Roaming\Meine Die Schlacht um Mittelerde™ II-Dateien
[2010.10.02 16:08:36 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]

[2010.10.27 13:24:47 | 000,054,016 | ---- | M] () -- C:\Windows\System32\drivers\pjnhvnv.sys
[2010.10.27 13:15:45 | 000,000,818 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.10.27 13:05:34 | 000,034,805 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2010.10.27 13:05:33 | 000,034,805 | ---- | M] () -- C:\ProgramData\nvModes.001
[2010.10.27 13:05:14 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010.10.27 13:05:14 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010.10.27 13:05:06 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010.10.27 13:05:01 | 1070,080,000 | -HS- | M] () -- C:\hiberfil.sys
[2010.10.25 15:37:24 | 000,007,168 | ---- | M] () -- C:\Users\ALLE\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.10.25 12:15:18 | 000,000,306 | RHS- | M] () -- C:\ProgramData\ntuser.pol
[2010.10.20 13:08:38 | 000,621,692 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2010.10.20 13:08:38 | 000,589,884 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010.10.20 13:08:38 | 000,123,460 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2010.10.20 13:08:38 | 000,101,896 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010.10.20 12:40:07 | 000,000,000 | ---- | M] () -- C:\Windows\System32\drivers\lvuvc.hs
[2010.10.19 11:41:44 | 000,222,080 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe
[2010.10.13 17:11:50 | 000,333,432 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010.10.03 15:57:19 | 000,000,035 | ---- | M] () -- C:\Windows\WorldBuilder.INI
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

[color=#E56717]========== Files Created - No Company Name ==========[/color]

[2010.10.27 13:24:47 | 000,054,016 | ---- | C] () -- C:\Windows\System32\drivers\pjnhvnv.sys
[2010.10.27 13:15:45 | 000,000,818 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.10.25 12:15:18 | 000,000,306 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2010.10.03 17:46:25 | 000,007,168 | ---- | C] () -- C:\Users\ALLE\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.10.03 15:57:19 | 000,000,035 | ---- | C] () -- C:\Windows\WorldBuilder.INI
[2010.09.22 19:13:13 | 000,082,289 | ---- | C] () -- C:\Windows\System32\lvcoinst.ini
[2010.09.13 20:18:51 | 000,000,296 | ---- | C] () -- C:\Windows\SIERRA.INI
[2010.08.21 13:21:34 | 000,000,000 | ---- | C] () -- C:\Users\ALLE\AppData\Roaming\chrtmp
[2010.08.18 19:42:37 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI
[2010.07.16 13:52:52 | 000,043,520 | ---- | C] () -- C:\Windows\System32\CmdLineExt03.dll
[2010.05.13 14:03:54 | 000,034,805 | ---- | C] () -- C:\ProgramData\nvModes.001
[2010.05.13 14:03:50 | 000,034,805 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2010.05.13 11:29:06 | 000,691,696 | ---- | C] () -- C:\Windows\System32\drivers\sptd.sys
[2010.05.12 14:23:44 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2009.10.07 01:46:36 | 000,025,752 | ---- | C] () -- C:\Windows\System32\drivers\LVPr2Mon.sys
[2009.10.07 01:23:08 | 000,013,584 | ---- | C] () -- C:\Windows\System32\drivers\iKeyLFT2.dll
[2008.10.07 09:13:30 | 000,197,912 | ---- | C] () -- C:\Windows\System32\physxcudart_20.dll
[2008.10.07 09:13:22 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelTraditionalChinese.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSwedish.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSpanish.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSimplifiedChinese.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelPortugese.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelKorean.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelJapanese.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelGerman.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelFrench.dll
[2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2003.02.20 18:53:42 | 000,005,702 | ---- | C] () -- C:\Windows\System32\OUTLPERF.INI

[color=#E56717]========== LOP Check ==========[/color]

[2010.07.16 13:38:47 | 000,000,000 | ---D | M] -- C:\Users\ALLE\AppData\Roaming\Atari
[2010.06.21 18:27:23 | 000,000,000 | ---D | M] -- C:\Users\ALLE\AppData\Roaming\Big Fish Games
[2010.05.13 11:58:56 | 000,000,000 | ---D | M] -- C:\Users\ALLE\AppData\Roaming\DAEMON Tools Lite
[2010.05.27 16:33:00 | 000,000,000 | ---D | M] -- C:\Users\ALLE\AppData\Roaming\gtk-2.0
[2010.10.25 15:37:59 | 000,000,000 | ---D | M] -- C:\Users\ALLE\AppData\Roaming\ICQ
[2010.07.16 13:47:57 | 000,000,000 | ---D | M] -- C:\Users\ALLE\AppData\Roaming\Leadertech
[2010.10.21 21:46:16 | 000,000,000 | ---D | M] -- C:\Users\ALLE\AppData\Roaming\Meine Die Schlacht um Mittelerde™ II-Dateien
[2010.05.12 15:01:26 | 000,000,000 | ---D | M] -- C:\Users\ALLE\AppData\Roaming\OpenOffice.org
[2010.07.05 20:29:10 | 000,000,000 | ---D | M] -- C:\Users\ALLE\AppData\Roaming\ProtectDISC
[2010.05.12 14:13:21 | 000,000,000 | ---D | M] -- C:\Users\ALLE\AppData\Roaming\TuneUp Software
[2010.08.13 10:08:42 | 000,000,000 | ---D | M] -- C:\Users\ALLE\AppData\Roaming\XnView
[2010.10.26 19:12:03 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

[color=#E56717]========== Purity Check ==========[/color]



[color=#E56717]========== Alternate Data Streams ==========[/color]

@Alternate Data Stream - 168 bytes -> C:\ProgramData\TEMP:F84B8DB5

< End of report >


3. Extras.txt:

OTL Extras logfile created on: 27.10.2010 13:26:09 - Run 1
OTL by OldTimer - Version 3.2.17.1 Folder = C:\Users\ALLE\Downloads
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

1.022,00 Mb Total Physical Memory | 364,00 Mb Available Physical Memory | 36,00% Memory free
2,00 Gb Paging File | 1,00 Gb Available in Paging File | 61,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 465,76 Gb Total Space | 206,77 Gb Free Space | 44,39% Space Free | Partition Type: NTFS

Computer Name: ALLE-PC | User Name: ALLE | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

[color=#E56717]========== Extra Registry (SafeList) ==========[/color]


[color=#E56717]========== File Associations ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-4292998420-3711059969-3473743363-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

[color=#E56717]========== Shell Spawning ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[color=#E56717]========== Security Center Settings ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[color=#E56717]========== Firewall Settings ==========[/color]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[color=#E56717]========== Authorized Applications List ==========[/color]


[color=#E56717]========== Vista Active Open Ports Exception List ==========[/color]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{1E2230EC-4CFF-4238-A7A1-6DEB7C99D496}" = lport=2869 | protocol=6 | dir=in | app=system |
"{23389DA5-A392-42FE-A0D0-7EC0472328CD}" = lport=rpc | protocol=6 | dir=in | app=c:\windows\system32\services.exe |
"{35805D81-06C3-476C-86D5-9F427EA5866A}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{36E52FD5-2FFA-4B4D-896F-1043CFA00716}" = lport=rpc | protocol=6 | dir=in | svc=* | app=c:\windows\system32\svchost.exe |
"{425B254E-2521-4E50-A023-C748D40223F0}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | app=c:\windows\system32\svchost.exe |
"{6099DC3B-AA60-4502-87ED-BD74EE52BB06}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | app=c:\windows\system32\svchost.exe |
"{61CC369D-B9A1-496A-B9D8-DA61D8C676B6}" = lport=445 | protocol=6 | dir=in | app=system |
"{92AD3CB7-1C82-4D4E-9FAB-479E5CB05FF9}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | app=c:\windows\system32\svchost.exe |
"{93EEF5D9-D3EF-455A-AFF1-2562C59EDEB2}" = lport=rpc | protocol=6 | dir=in | svc=vds | app=c:\windows\system32\vds.exe |
"{94CF9EC9-88F0-453D-8379-A16F0B07572D}" = lport=445 | protocol=6 | dir=in | app=system |
"{A871ECCC-5D70-4F27-B739-88DA1F35D618}" = lport=rpc | protocol=6 | dir=in | svc=schedule | app=c:\windows\system32\svchost.exe |
"{AB7ED484-CC53-4D99-8BC4-5207F4129500}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | app=c:\windows\system32\svchost.exe |
"{B37F78DF-6DB3-4F54-AF99-8B81187AC827}" = lport=445 | protocol=6 | dir=in | app=system |
"{B52F2A25-BC26-4F6F-A703-D7318D91D0AB}" = lport=rpc | protocol=6 | dir=in | app=c:\windows\system32\vdsldr.exe |
"{C8EA5DF2-69AD-4A6B-8DB6-CD9BFA8DCFA0}" = lport=3389 | protocol=6 | dir=in | name=remote |
"{DD5D16DA-FEF7-47BB-A2B1-683C3E641380}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | app=c:\windows\system32\svchost.exe |
"{DF2AE248-7027-4729-A19C-3B4BCB2F50CD}" = lport=rpc | protocol=6 | dir=in | svc=eventlog | app=c:\windows\system32\svchost.exe |

[color=#E56717]========== Vista Active Application Exception List ==========[/color]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00894031-8F12-4ADB-AFF2-EC42C6A5154F}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{00D8D6AA-9919-4A9D-9CF0-7D666A652498}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{041FFC17-88C0-42B8-B686-491D9BE1D652}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{059351AF-5FDA-43ED-BF08-23CFCA4038D5}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{068E83BD-E648-4C57-B052-4D596536C16A}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{07059AB5-9B4C-49F8-AC14-FAD0103B8C25}" = protocol=17 | dir=in | app=c:\program files\steam\steam.exe |
"{0728172C-E4F1-411E-891C-7C5BA1F690D7}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{1E63369E-6AE5-478E-A10D-8A36EB47BE1D}" = protocol=17 | dir=in | app=c:\program files\icq7.2\icq.exe |
"{21071F8F-35E3-46FA-AEC9-3C79CF0705B4}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{211EE909-BB43-4445-92F2-EF120229E2A6}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{231649CC-D9DB-4D4A-B472-062150A7C721}" = protocol=17 | dir=in | app=c:\program files\icq7.2\aolload.exe |
"{23551913-767D-4196-B87B-59547D12FD21}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\king arthur - the role-playing wargame\kingarthurmulti.exe |
"{2369C558-25E5-4A6E-9727-FBC874988119}" = protocol=17 | dir=in | app=c:\program files\logitech\vid hd\vid.exe |
"{27E62588-A01B-4932-AB9C-7DA8B5E99F47}" = protocol=17 | dir=in | app=c:\program files\icq7.2\aolload.exe |
"{334D0B96-9849-457A-B825-FB7AC116C60C}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{33A0E03B-DB39-47A2-957A-52B7D7A414E6}" = protocol=6 | dir=in | app=c:\program files\icq7.2\icq.exe |
"{3613C3CD-B81A-45A7-AFB7-20FBFB3F932D}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{3DB7A1CA-2D03-4E15-AA10-AEF4FC50D80C}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{3F560A43-6CD3-40B9-BC2F-B41E0D1583FB}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\king arthur - the role-playing wargame\kingarthur.exe |
"{400B5397-2B75-48BA-ACFE-963A3E051462}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{42B4AAD8-B7D7-4FC0-9FC6-8D7133CB3127}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{4393A7A3-013C-4FD3-895A-F847ECB30074}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{4502D0A8-A292-4DF2-A5CD-6BA957859319}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{46931F7C-0E4A-4C4E-8F90-7895775163A8}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{4A6544E5-9139-40D8-8CF0-4DF55787383D}" = protocol=6 | dir=in | app=c:\program files\icq7.2\aolload.exe |
"{4BD179B1-D096-4746-A6F7-FE772914CBA4}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{62A06530-1BC3-44AD-A541-A85132E805CC}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{65313C3B-0BCA-453A-8245-31B0690B0083}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{69117558-ECDB-4AD1-81F7-759F9682ECB4}" = protocol=6 | dir=in | app=c:\program files\icq7.2\icq.exe |
"{6BD3DD33-C4E8-44AB-8D3F-A379CB1332D7}" = protocol=17 | dir=in | app=c:\users\alle\desktop\sweetimsetup.exe |
"{6E178AED-0688-4BC7-A172-4CB0C1D72178}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{6F7B0926-FD29-4D01-8141-24B8A25B9003}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{6F9C1E05-B081-453F-AE87-B8843F76CE6F}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{72B1FA8F-7DC5-4E43-8250-A3CFFBB823BB}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{730A6D0B-4F71-4411-A757-F8C9968A0F99}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{7679BEED-B00A-4A89-91A0-1DFEEF01446D}" = protocol=6 | dir=in | app=c:\program files\steam\steam.exe |
"{780F2C29-395F-476E-93FB-6D4BCCEC8765}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{79FABDC7-4D33-4C3D-9BC4-C3C390FEB3F5}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{80DBFB1E-64F5-4EF4-8F88-806AC9E696F0}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{816AC6C2-6A27-463D-B835-BAACF568AFB1}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{81F911DC-A72E-4820-B0EC-26144C6B9E95}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{8A03B5DF-36B9-4CDB-B3A2-283DE49777C1}" = protocol=6 | dir=in | app=c:\program files\icq7.2\aolload.exe |
"{8AFC9300-3C4E-4C1B-9A68-D7B04764A804}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{8D35235F-4678-40C2-A0E0-6C2F654A69BD}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{93DDE6A7-BD04-45BA-B8EE-2D516B423220}" = protocol=6 | dir=in | app=c:\users\alle\desktop\sweetimsetup.exe |
"{95E6C14E-4B5A-4D88-9BDF-50122F417991}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{97030611-3C59-4C24-92D4-8F972287AA0A}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{99030234-C93C-426A-B61A-CA253167F4AD}" = protocol=17 | dir=in | app=c:\program files\thq\gas powered games\gpgnet\gpg.multiplayer.client.exe |
"{A6F13E9D-89C3-4467-95DB-6787669FCD45}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{A8EB8502-4098-4AE2-8F6D-88B2BA13B036}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{AA46B8F9-3D81-48C1-A6E7-65FE1432F68F}" = protocol=17 | dir=in | app=c:\program files\icq7.2\icq.exe |
"{ADCDD3AD-DE53-4DDA-94FC-A7F4FC52C25A}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{AE63BAA6-C5B7-4725-BE2C-38E17FC98C11}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{AF07570E-D61C-44B1-92A6-B1BDCF9C9116}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{AFB1BDBF-BFBB-45EF-93AD-88B7EFBA6B73}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{B0FA3286-DD3E-4027-8A62-82896AB9AB80}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{BC1AAB19-E321-4194-B092-40FA078C1E82}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{BC3E0465-91CE-4901-B66C-D46B2F146A73}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{BEB0C0E3-B5E2-4268-8947-31F56D4CCEB2}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{C22FB642-0B30-4FFC-A4B6-B542D1141165}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{C36750C3-4DED-48FA-9FFB-242C94033D1E}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{C6592F53-94A2-4C57-9C45-2D02ACCB8F56}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{CC30057B-ACE1-4515-89DB-CE419518E9B1}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{D3010C40-61E8-44AB-8E3E-1F6AEDC715F6}" = protocol=6 | dir=in | app=c:\program files\logitech\vid hd\vid.exe |
"{D388D271-F516-4D24-A862-E15110FE4AD4}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{D38B5A33-CD0E-4AAC-A0B1-AD59AD6856E5}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\king arthur - the role-playing wargame\kingarthurmulti.exe |
"{D65D3871-505A-4806-8CC2-E571FD896852}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\king arthur - the role-playing wargame\kingarthur.exe |
"{E1828086-29CF-4231-8E7B-BD83EAF8D126}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{E1931C5D-D9C9-4593-B731-D8B2567A2B1F}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{E22E191D-9533-43DF-9595-362F622BB408}" = protocol=6 | dir=in | app=c:\program files\electronic arts\die schlacht um mittelerde ii\game.dat |
"{E6AA5AFA-44F0-4BB2-AC8C-9544670342E2}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{E8600D6D-BC7F-48F1-B124-5986D809FA48}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{EB1C1672-66A3-4AC1-8E65-E9D5BB44574A}" = protocol=17 | dir=in | app=c:\program files\electronic arts\die schlacht um mittelerde ii\game.dat |
"{F33B5B51-FBCB-4576-830B-B1D23DE038FB}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{F35A79BE-8455-4E69-AABB-FEFB4A9AE684}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{FB9B0252-871B-4CF2-88D7-8A2B5353A3E4}" = protocol=6 | dir=in | app=c:\program files\thq\gas powered games\gpgnet\gpg.multiplayer.client.exe |
"{FE2EA5B1-DD7A-4C8F-A14E-5BE843B419F5}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{FE9D215C-19B4-4992-9165-01F206729683}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"TCP Query User{30650911-9671-4C93-9623-1FE2C392F6F9}C:\program files\microsoft games\age of empires\empiresx.exe" = protocol=6 | dir=in | app=c:\program files\microsoft games\age of empires\empiresx.exe |
"TCP Query User{397BBAB4-29A0-4731-8887-1E425A65C367}C:\users\alle\fabi\jdownloader\commonfiles\java\bin\javaw.exe" = protocol=6 | dir=in | app=c:\users\alle\fabi\jdownloader\commonfiles\java\bin\javaw.exe |
"TCP Query User{4068F46E-9EC6-4227-B18B-555306BEF66C}C:\program files\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6.5\icq.exe |
"TCP Query User{4AE9C84C-BDCC-4722-A4D5-81FEE98E17FD}C:\program files\microsoft games\age of empires\empires.exe" = protocol=6 | dir=in | app=c:\program files\microsoft games\age of empires\empires.exe |
"TCP Query User{52B3DC9C-1AE3-4D3F-8A39-308DE668A860}C:\program files\msn messenger\msnmsgr.exe" = protocol=6 | dir=in | app=c:\program files\msn messenger\msnmsgr.exe |
"TCP Query User{818F0A5C-DE70-46B4-984E-1ECD96F00B5F}C:\program files\icq7.2\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq7.2\icq.exe |
"TCP Query User{C09E8288-482F-47A1-9069-B7400DF5A56B}C:\windows\system32\dplaysvr.exe" = protocol=6 | dir=in | app=c:\windows\system32\dplaysvr.exe |
"UDP Query User{20073A22-4D50-42DC-B16A-DE287DAFBC4F}C:\windows\system32\dplaysvr.exe" = protocol=17 | dir=in | app=c:\windows\system32\dplaysvr.exe |
"UDP Query User{615AF99B-4199-41B9-BEB9-1F28D4DEDA2D}C:\users\alle\fabi\jdownloader\commonfiles\java\bin\javaw.exe" = protocol=17 | dir=in | app=c:\users\alle\fabi\jdownloader\commonfiles\java\bin\javaw.exe |
"UDP Query User{799A26A7-405B-4E98-82C5-42434B869067}C:\program files\icq7.2\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq7.2\icq.exe |
"UDP Query User{819C950A-B734-4431-970A-B00FC0579438}C:\program files\microsoft games\age of empires\empires.exe" = protocol=17 | dir=in | app=c:\program files\microsoft games\age of empires\empires.exe |
"UDP Query User{8D2FE2B6-2118-4C11-9030-330F955AE59B}C:\program files\msn messenger\msnmsgr.exe" = protocol=17 | dir=in | app=c:\program files\msn messenger\msnmsgr.exe |
"UDP Query User{9A5FFD8C-02E8-44DF-BFF2-275EF2F641D9}C:\program files\microsoft games\age of empires\empiresx.exe" = protocol=17 | dir=in | app=c:\program files\microsoft games\age of empires\empiresx.exe |
"UDP Query User{B437F102-9A57-46EB-8446-97075A40EE5B}C:\program files\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6.5\icq.exe |

[color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216018FF}" = Java(TM) 6 Update 20
"{2A9F95AB-65A3-432c-8631-B8BC5BF7477A}" = Die Schlacht um Mittelerde™ II
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{72EFBFE4-C74F-4187-AEFD-73EA3BE968D6}" = ICQ7.2
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{90110407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{AC76BA86-7AD7-1031-7B44-A94000000001}" = Adobe Reader 9.4.0 - Deutsch
"{AED2DD42-9853-407E-A6BC-8A1D6B715909}" = Windows Live Messenger
"{C27BC2A2-30DD-4014-B22E-63EB0DB572F9}" = Logitech Webcam Software
"{C5C1C0F0-D62F-4DBF-81D4-D7EF397C228B}" = NVIDIA PhysX
"{CAFA57E8-8927-4912-AFCF-B0AA3837E989}" = Windows Live Essentials
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D2041A37-5FEC-49F0-AE5C-3F2FFDFAA4F4}" = Windows Live Call
"{DAEAFD68-BB4A-4507-A241-C8804D2EA66D}" = Apple Application Support
"{E7004147-2CCA-431C-AA05-2AB166B9785D}" = QuickTime
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F4F4F84E-804F-4E9A-84D7-C34283F0088F}" = RealUpgrade 1.0
"AC3Filter" = AC3Filter (remove only)
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Age of Empires" = Microsoft Age of Empires
"Age of Empires Expansion 1.0" = Microsoft Age of Empires Expansion
"AntiVir PersonalEdition Classic" = Avira AntiVir PersonalEdition Classic
"CPUID CPU-Z_is1" = CPUID CPU-Z 1.54
"DivX Setup.divx.com" = DivX-Setup
"Don't Get Angry! 2 Demo_is1" = Don't Get Angry! 2 Demo
"EVEREST Home Edition_is1" = EVEREST Home Edition v2.20
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.2
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.3
"Logitech Vid" = Logitech Vid HD
"lvdrivers_12.10" = Logitech Webcam Software-Treiberpaket
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.0.19)" = Mozilla Firefox (3.0.19)
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"NVIDIA Drivers" = NVIDIA Drivers
"OpenAL" = OpenAL
"PartyPoker" = PartyPoker
"Pharao" = Pharao
"ProtectDisc Driver 11" = ProtectDisc Driver, Version 11
"RealPlayer 12.0" = RealPlayer
"RTPatch_is1" = RTPatch Update
"Steam App 24400" = King Arthur - The Role-playing Wargame
"TIPP10_is1" = TIPP10 Version 2.0.3
"Uninstall_is1" = Uninstall 1.0.0.1
"VLC media player" = VideoLAN VLC media player 0.8.6i
"WinGimp-2.0_is1" = GIMP 2.6.8
"WinLiveSuite_Wave3" = Windows Live Essentials
"Winload Toolbar" = Winload Toolbar
"WinRAR archiver" = WinRAR
"XnView_is1" = XnView 1.97.6

[color=#E56717]========== Last 10 Event Log Errors ==========[/color]

Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!

< End of report >
Seitenanfang Seitenende
27.10.2010, 17:50
gangren
Member

Beiträge: 420
#4 Ok,

1. Starte bitte OTL, kopiere unten in das Script-Feld rein:

Zitat

:OTL
DRV - [2010.03.21 17:45:11 | 000,015,872 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Users\ALLE\AppData\Local\Temp\jatmlano.sys -- (jatmlano)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O33 - MountPoints2\{80dc463c-5d2f-11df-86a7-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{80dc463c-5d2f-11df-86a7-806e6f6e6963}\Shell\ar32d301\command - "" = D:\goodies\ar32d301.exe -- File not found
O33 - MountPoints2\{80dc463c-5d2f-11df-86a7-806e6f6e6963}\Shell\AutoRun\command - "" = D:\aoesetup.exe -- File not found
O33 - MountPoints2\{80dc463c-5d2f-11df-86a7-806e6f6e6963}\Shell\dplay\command - "" = D:\goodies\DirectX\dplay60a.exe -- File not found
O33 - MountPoints2\{80dc463c-5d2f-11df-86a7-806e6f6e6963}\Shell\dxdiag\command - "" = D:\goodies\DirectX\dxdiag.exe -- File not found
O33 - MountPoints2\{80dc463c-5d2f-11df-86a7-806e6f6e6963}\Shell\dxinfo\command - "" = D:\goodies\DirectX\dxinfo.exe -- File not found
O33 - MountPoints2\{80dc463c-5d2f-11df-86a7-806e6f6e6963}\Shell\dxtest\command - "" = D:\goodies\DirectX\dx5test.exe -- File not found
O33 - MountPoints2\{80dc463c-5d2f-11df-86a7-806e6f6e6963}\Shell\dxtool\command - "" = D:\goodies\DirectX\dxtool.exe -- File not found
O33 - MountPoints2\{80dc463c-5d2f-11df-86a7-806e6f6e6963}\Shell\ie4stNT\command - "" = D:\goodies\ie40\ie4setup.exe -- File not found
O33 - MountPoints2\{80dc463c-5d2f-11df-86a7-806e6f6e6963}\Shell\ie4stw95\command - "" = D:\goodies\ie40\ie4setup.exe -- File not found
O33 - MountPoints2\{80dc463c-5d2f-11df-86a7-806e6f6e6963}\Shell\msinfo\command - "" = D:\goodies\msinfo\msinfo32.exe -- File not found
O33 - MountPoints2\{80dc463c-5d2f-11df-86a7-806e6f6e6963}\Shell\sampler\command - "" = D:\Sampler\Sampler.exe -- File not found
O33 - MountPoints2\{80dc463c-5d2f-11df-86a7-806e6f6e6963}\Shell\setup\command - "" = D:\aoesetup.exe -- File not found
O33 - MountPoints2\{ad41df80-5e74-11df-92c9-0019db226e07}\Shell - "" = AutoRun
O33 - MountPoints2\{ad41df80-5e74-11df-92c9-0019db226e07}\Shell\AutoRun\command - "" = I:\Installer.exe -- File not found
[2010.10.27 13:24:47 | 000,054,016 | ---- | M] () -- C:\Windows\System32\drivers\pjnhvnv.sys
[2010.10.20 12:40:07 | 000,000,000 | ---- | M] () -- C:\Windows\System32\drivers\lvuvc.hs
@Alternate Data Stream - 168 bytes -> C:\ProgramData\TEMP:F84B8DB5

:Commands
[purity]
[emptytemp]
[emptyflash]
[resethosts]
und klicke auf Fix. Unter Umständen ist ein Neustart notwendig. Poste bitte das Fix Log.

2. RootRepeal
http://sites.google.com/site/rootrepeal/
Starte RootRepeal.
Beende alle anderen Programme.
Gehe unten auf den Reiter Report.
Klicke auf Scan.
Setze alle Häkchen.
Bestätige mit OK.
Falls gefragt, wähle Laufwerk C:
Bestätige mit OK.
Am Ende des Scans wird ein Log eingeblendet, poste es bitte.
Seitenanfang Seitenende
27.10.2010, 20:55
volleyfabian
Member

Themenstarter

Beiträge: 36
#5 okay, also ich werde tun, was du sagst, aber kannst du mich mal bitte aufklären WAS ich überhaupt tue? ^^ oder was wir versuche zu "bekämpfen"? (der taskmgr ist mittlerweile wieder da - danke dafür schonmal)
Seitenanfang Seitenende
27.10.2010, 21:20
volleyfabian
Member

Themenstarter

Beiträge: 36
#6 1. OTL Fix:

All processes killed
========== OTL ==========
Service jatmlano stopped successfully!
Service jatmlano deleted successfully!
C:\Users\ALLE\AppData\Local\Temp\jatmlano.sys moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
Starting removal of ActiveX control {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
C:\Windows\Downloaded Program Files\gp.inf not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{80dc463c-5d2f-11df-86a7-806e6f6e6963}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{80dc463c-5d2f-11df-86a7-806e6f6e6963}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{80dc463c-5d2f-11df-86a7-806e6f6e6963}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{80dc463c-5d2f-11df-86a7-806e6f6e6963}\ not found.
File D:\goodies\ar32d301.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{80dc463c-5d2f-11df-86a7-806e6f6e6963}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{80dc463c-5d2f-11df-86a7-806e6f6e6963}\ not found.
File D:\aoesetup.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{80dc463c-5d2f-11df-86a7-806e6f6e6963}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{80dc463c-5d2f-11df-86a7-806e6f6e6963}\ not found.
File D:\goodies\DirectX\dplay60a.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{80dc463c-5d2f-11df-86a7-806e6f6e6963}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{80dc463c-5d2f-11df-86a7-806e6f6e6963}\ not found.
File D:\goodies\DirectX\dxdiag.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{80dc463c-5d2f-11df-86a7-806e6f6e6963}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{80dc463c-5d2f-11df-86a7-806e6f6e6963}\ not found.
File D:\goodies\DirectX\dxinfo.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{80dc463c-5d2f-11df-86a7-806e6f6e6963}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{80dc463c-5d2f-11df-86a7-806e6f6e6963}\ not found.
File D:\goodies\DirectX\dx5test.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{80dc463c-5d2f-11df-86a7-806e6f6e6963}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{80dc463c-5d2f-11df-86a7-806e6f6e6963}\ not found.
File D:\goodies\DirectX\dxtool.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{80dc463c-5d2f-11df-86a7-806e6f6e6963}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{80dc463c-5d2f-11df-86a7-806e6f6e6963}\ not found.
File D:\goodies\ie40\ie4setup.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{80dc463c-5d2f-11df-86a7-806e6f6e6963}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{80dc463c-5d2f-11df-86a7-806e6f6e6963}\ not found.
File D:\goodies\ie40\ie4setup.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{80dc463c-5d2f-11df-86a7-806e6f6e6963}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{80dc463c-5d2f-11df-86a7-806e6f6e6963}\ not found.
File D:\goodies\msinfo\msinfo32.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{80dc463c-5d2f-11df-86a7-806e6f6e6963}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{80dc463c-5d2f-11df-86a7-806e6f6e6963}\ not found.
File D:\Sampler\Sampler.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{80dc463c-5d2f-11df-86a7-806e6f6e6963}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{80dc463c-5d2f-11df-86a7-806e6f6e6963}\ not found.
File D:\aoesetup.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ad41df80-5e74-11df-92c9-0019db226e07}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ad41df80-5e74-11df-92c9-0019db226e07}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ad41df80-5e74-11df-92c9-0019db226e07}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ad41df80-5e74-11df-92c9-0019db226e07}\ not found.
File I:\Installer.exe not found.
C:\Windows\System32\drivers\pjnhvnv.sys moved successfully.
C:\Windows\System32\drivers\lvuvc.hs moved successfully.
ADS C:\ProgramData\TEMP:F84B8DB5 deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: ALLE
->Temp folder emptied: 388879654 bytes
->Temporary Internet Files folder emptied: 81856270 bytes
->Java cache emptied: 3579564 bytes
->FireFox cache emptied: 100332433 bytes
->Flash cache emptied: 81845 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 656300752 bytes
RecycleBin emptied: 142435 bytes

Total Files Cleaned = 1.174,00 mb


[EMPTYFLASH]

User: All Users

User: ALLE
->Flash cache emptied: 0 bytes

User: Default

User: Default User

User: Public

Total Flash Files Cleaned = 0,00 mb

C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

OTL by OldTimer - Version 3.2.17.1 log created on 10272010_205822

Files\Folders moved on Reboot...
File move failed. C:\Windows\temp\logishrd\LVPrcInj01.dll scheduled to be moved on reboot.

Registry entries deleted on Reboot...



2. RootRepeal:

ROOTREPEAL (c) AD, 2007-2009
==================================================
Scan Start Time: 2010/10/27 21:07
Program Version: Version 1.3.5.0
Windows Version: Windows Vista SP1
==================================================

Drivers
-------------------
Name: dump_atapi.sys
Image Path: C:\Windows\System32\Drivers\dump_atapi.sys
Address: 0x8B70C000 Size: 32768 File Visible: No Signed: -
Status: -

Name: dump_dumpata.sys
Image Path: C:\Windows\System32\Drivers\dump_dumpata.sys
Address: 0x8B701000 Size: 45056 File Visible: No Signed: -
Status: -

Name: rootrepeal.sys
Image Path: C:\Windows\system32\drivers\rootrepeal.sys
Address: 0x99BE9000 Size: 49152 File Visible: No Signed: -
Status: -

Name: sptd
Image Path: \Driver\sptd
Address: 0x00000000 Size: 0 File Visible: No Signed: -
Status: -

Name: spwu.sys
Image Path: C:\Windows\System32\Drivers\spwu.sys
Address: 0x80696000 Size: 995328 File Visible: No Signed: -
Status: -

Hidden/Locked Files
-------------------
Path: C:\hiberfil.sys
Status: Locked to the Windows API!

Path: C:\System Volume Information\{cb749424-dad5-11df-b3bd-c52109b7124a}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{d05ff785-d48c-11df-9d29-0019db226e07}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{d30b9023-d2c0-11df-9000-0019db226e07}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{d82f4025-d549-11df-8985-0019db226e07}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{e6ac3884-db9b-11df-ba42-81b0986e9647}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{f10ac823-c7cb-11df-8908-0019db226e07}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{f10ac82e-c7cb-11df-8908-0019db226e07}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{f94d59c1-cecf-11df-a567-0019db226e07}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{9f712291-e0eb-11df-8e90-ba8a61eeb445}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{9f712297-e0eb-11df-8e90-e33fe8a2acb2}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{a98a21aa-d165-11df-aa42-0019db226e07}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{AAC8B~1
Status: Locked to the Windows API!

Path: C:\System Volume Information\{b7372d67-d90e-11df-aa8d-cc2f7c6d805b}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{bd2456b0-cedf-11df-b957-0019db226e07}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{bdb04522-c79b-11df-87b2-0019db226e07}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{bdd8a9ef-d9cd-11df-b150-b11478c6695f}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{bec80dc3-c6d4-11df-a099-0019db226e07}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{927506e5-dda1-11df-a820-d2a262b1fa41}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{9b0d6288-cfd1-11df-b25c-0019db226e07}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{9D94F~1
Status: Locked to the Windows API!

Path: C:\System Volume Information\{9d94f83c-ddd8-11df-8001-f88d38b7b5fc}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{9dd7ab04-dc93-11df-bf2c-f2690ef05856}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{9f472523-d08a-11df-87cd-0019db226e07}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{39292b6c-e02f-11df-8b40-aac5745b8943}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{8be94623-d850-11df-999f-b257d2ff384b}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{8be94629-d850-11df-999f-b257d2ff384b}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{8be9462f-d850-11df-999f-b257d2ff384b}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{8CD82~1
Status: Locked to the Windows API!

Path: C:\System Volume Information\{9195e0df-c8cf-11df-84dc-0019db226e07}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{06448a06-d6dc-11df-917c-0019db226e07}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{0fc0f90e-d6c2-11df-93e0-a57fc7c2519a}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{22FA0~1
Status: Locked to the Windows API!

Path: C:\System Volume Information\{27917122-d61b-11df-8633-0019db226e07}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc90.mfcloc_1fc8b3b9a1e18e3b_9.0.30729.1_none_da4695fc507e16e1.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc90.openmp_1fc8b3b9a1e18e3b_9.0.21022.8_none_ecdf8c290e547f39.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.openmp_1fc8b3b9a1e18e3b_8.0.50727.762_none_abac38a907ee8801.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4053_none_d08d7da0442a985d.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.762_none_9193a620671dde41.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4053_none_516e2e610f48bda6.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.atl_1fc8b3b9a1e18e3b_8.0.50727.762_none_11ecb0ab9b2caf3c.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.mfcloc_1fc8b3b9a1e18e3b_8.0.50727.4053_none_03ca5532205cb096.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.9.0.microsoft.vc90.mfc_1fc8b3b9a1e18e3b_9.0.30729.1_none_7dd1e0ebd6590e0b.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.mfcloc_1fc8b3b9a1e18e3b_8.0.50727.762_none_43efccf17831d131.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.9.0.microsoft.vc90.atl_1fc8b3b9a1e18e3b_9.0.30729.4148_none_f0efb442f8a0f46c.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.atl_1fc8b3b9a1e18e3b_8.0.50727.762_none_8e053e8c6967ba9d.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc90.atl_1fc8b3b9a1e18e3b_9.0.30729.1_none_e29d1181971ae11e.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.9.0.microsoft.vc90.atl_1fc8b3b9a1e18e3b_9.0.30729.1_none_81c25f21d3d46d84.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.163_none_10b3ea459bfee365.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.atl_1fc8b3b9a1e18e3b_8.0.50727.4053_none_d1c738ec43578ea1.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.4053_none_49ef489714173a89.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.9.0.microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.1_none_8550c6b5d18a9128.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.openmp_1fc8b3b9a1e18e3b_8.0.50727.4053_none_6b86c0e9b0196766.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.mfcloc_1fc8b3b9a1e18e3b_8.0.50727.762_none_8dd7dea5d5a7a18a.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.atl_1fc8b3b9a1e18e3b_8.0.50727.4053_none_4ddfc6cd11929a02.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.762_none_0c178a139ee2a7ed.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.21022.8_none_bcb86ed6ac711f91.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.163_none_91949b06671d08ae.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.9.0.microsoft.vc90.openmp_1fc8b3b9a1e18e3b_9.0.21022.8_none_7ab8cc63a6e4c2a3.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.9.0.microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.21022.8_none_60a5df56e60dc5df.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.762_none_10b2f55f9bffb8f8.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.1_none_e163563597edeada.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.42_none_5c4003bc63e949f6.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.mfcloc_1fc8b3b9a1e18e3b_8.0.50727.4053_none_4db266e67dd280ef.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.9.0.microsoft.vc90.mfcloc_1fc8b3b9a1e18e3b_9.0.30729.1_none_818f59bf601aa775.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.4053_none_cbf21254470d8752.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.openmp_1fc8b3b9a1e18e3b_8.0.50727.4053_none_3b0e32bdc9afe437.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.openmp_1fc8b3b9a1e18e3b_8.0.50727.762_none_7b33aa7d218504d2.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.762_none_8a14c0566bec5b24.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.42_none_db5f52fb98cb24ad.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc90.atl_1fc8b3b9a1e18e3b_9.0.30729.4148_none_51ca66a2bbe76806.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc90.mfc_1fc8b3b9a1e18e3b_9.0.30729.1_none_dcc7eae99ad0d9cf.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\msil_system.servicemodel.resources_b77a5c561934e089_6.0.6000.16716_de-de_25025fdedb611a73\SYSTEM~1.DLL
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\msil_system.servicemodel.resources_b77a5c561934e089_6.0.6000.20876_de-de_0e3abadaf5031283\SYSTEM~1.DLL
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_fundisc_31bf3856ad364e35_6.0.6000.16386_none_79adacdc3df77f81\$$DeleteMe.fundisc.dll.01cafad7bda39895.0059
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-a..atibility-assistant_31bf3856ad364e35_6.0.6000.16386_none_318fc418263bf156\$$DeleteMe.pcadm.dll.01cafad7d49d7e35.00f2
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-a..atibility-assistant_31bf3856ad364e35_6.0.6000.16386_none_318fc418263bf156\$$DeleteMe.pcasvc.dll.01cafad7c94a3375.009c
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-a..on-authui.resources_31bf3856ad364e35_6.0.6000.16386_de-de_e054ff79b1405e55\$$DeleteMe.authui.dll.mui.01cafad7e590e8d5.0110
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-advapi32.resources_31bf3856ad364e35_6.0.6000.16386_de-de_6d61e03ec50bd2fe\$$DeleteMe.advapi32.dll.mui.01cafad7e771be95.0118
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-advapi32_31bf3856ad364e35_6.0.6000.16386_none_e1118fae8996a7dc\$$DeleteMe.advapi32.dll.01cafad7b4f91715.002e
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-audio-audiocore_31bf3856ad364e35_6.0.6000.16386_none_7469022ae7b4af06\$$DeleteMe.audiodg.exe.01cafad7b555ecb5.0030
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-audio-audiocore_31bf3856ad364e35_6.0.6000.16386_none_7469022ae7b4af06\$$DeleteMe.AudioEng.dll.01cafad7c5ff8cb5.0088
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-audio-audiocore_31bf3856ad364e35_6.0.6000.16386_none_7469022ae7b4af06\$$DeleteMe.AUDIOKSE.dll.01cafad7c2d89a95.0079
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-audio-audiocore_31bf3856ad364e35_6.0.6000.16386_none_7469022ae7b4af06\$$DeleteMe.AudioSes.dll.01cafad7ca500ab5.00a2
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-audio-audiocore_31bf3856ad364e35_6.0.6000.16386_none_7469022ae7b4af06\$$DeleteMe.audiosrv.dll.01cafad7d0fac495.00d1
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-authentication-authui_31bf3856ad364e35_6.0.6000.16386_none_09bcbb1af87cd123\$$DeleteMe.authui.dll.01cafad7c8e3d855.0095
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-authentication-logonui_31bf3856ad364e35_6.0.6000.16386_none_635c5092764d99de\$$DeleteMe.LogonUI.exe.01cafad7c7ec4955.0090
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-bcrypt-dll_31bf3856ad364e35_6.0.6000.16386_none_ec55d170f27a97bb\$$DeleteMe.bcrypt.dll.01cafad7b6c94335.0032
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-c..complus-eventsystem_31bf3856ad364e35_6.0.6000.16677_none_0ac2b30954c98430\$$DeleteMe.es.dll.01cafad7d0a9d5d5.00cf
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-basesrv_31bf3856ad364e35_6.0.6000.16386_none_0a9428d9e6cfbcfc\$$DeleteMe.basesrv.dll.01cafad7a5fe4ff5.000d
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-cabinet_31bf3856ad364e35_6.0.6000.16386_none_35088f20e500a372\$$DeleteMe.cabinet.dll.01cafad7cf0ba695.00c3
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-cbsapi_31bf3856ad364e35_6.0.6000.16386_none_4c2b1119f37be620\$$DeleteMe.CbsApi.dll.01cafad7ed7376d5.011b
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-cmi_31bf3856ad364e35_6.0.6000.16386_none_a797884c5d9fcdc5\$$DeleteMe.cmiv2.dll.01cafad7dfcab2f5.0109
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-credui_31bf3856ad364e35_6.0.6000.16386_none_d9008ac592026334\$$DeleteMe.credui.dll.01cafad7ae25e5d5.0011
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-cryptnet-dll_31bf3856ad364e35_6.0.6000.16386_none_14e27f1dfeeaa870\$$DeleteMe.cryptnet.dll.01cafad7c4720715.007f
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.0.6000.16386_none_73c8d7689de43d15\$$DeleteMe.cryptsvc.dll.01cafad7c010df75.0066
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-d..ellman_software_csp_31bf3856ad364e35_6.0.6000.16386_none_39c1f98787f99c82\$$DeleteMe.dssenh.dll.01cafad7d6133615.00f5
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-d..oryservices-ntdsapi_31bf3856ad364e35_6.0.6000.16386_none_cca68469f44b4003\$$DeleteMe.ntdsapi.dll.01cafad7ba6e5e35.0043
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-d..frastructure-server_31bf3856ad364e35_6.0.6000.16386_none_65f3ae999f46581e\$$DeleteMe.dps.dll.01cafad7c1cb9f35.0070
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-deltapackageexpander_31bf3856ad364e35_6.0.6000.16609_none_68015a2337d92e69\$$DeleteMe.dpx.dll.01cafad7c940adf5.009b
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-dhcp-client-dll_31bf3856ad364e35_6.0.6000.16386_none_d52367a431a4bea6\$$DeleteMe.dhcpcsvc.dll.01cafad7d2c88f55.00e5
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-dhcp-client-dll_31bf3856ad364e35_6.0.6000.16386_none_d52367a431a4bea6\$$DeleteMe.dhcpcsvc6.dll.01cafad7afb36b75.0017
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-dims_31bf3856ad364e35_6.0.6000.16386_none_a74c11b71e09911f\$$DeleteMe.dimsjob.dll.01cafad7cfb70995.00c8
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-directory-services-sam_31bf3856ad364e35_6.0.6000.16386_none_afb79761a4097d90\$$DeleteMe.samlib.dll.01cafad7c476c9d5.0080
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-directory-services-sam_31bf3856ad364e35_6.0.6000.16386_none_afb79761a4097d90\$$DeleteMe.samsrv.dll.01cafad7b429ff75.002a
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-duser_31bf3856ad364e35_6.0.6000.16386_none_583dec4cff8f7125\$$DeleteMe.duser.dll.01cafad7d3ce6695.00ee
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-eventlog-api_31bf3856ad364e35_6.0.6000.16386_none_a9fa4020685f2193\$$DeleteMe.wevtapi.dll.01cafad7b03d7b35.001a
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-failovercluster-client_31bf3856ad364e35_6.0.6000.16386_none_a4186fca55bd3a26\$$DeleteMe.clusapi.dll.01cafad7c1fffd75.0072
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-failovercluster-client_31bf3856ad364e35_6.0.6000.16386_none_a4186fca55bd3a26\$$DeleteMe.resutils.dll.01cafad7ca383cf5.00a1
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-feclient_31bf3856ad364e35_6.0.6000.16386_none_bca34f2f5aa9c40c\$$DeleteMe.feclient.dll.01cafad7d3680b75.00eb
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-feedback-service_31bf3856ad364e35_6.0.6000.16386_none_7795316593fa8ed5\$$DeleteMe.wersvc.dll.01cafad7caf44995.00aa
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-gdi_31bf3856ad364e35_6.0.6000.16939_none_a7d5725a5d6ffbb2\$$DeleteMe.lpk.dll.01cafad7d3895eb5.00ed
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-i..ersandsecurityzones_31bf3856ad364e35_6.0.6000.17037_none_b2e3494bd9b58a4d\$$DeleteMe.urlmon.dll.01cafad7cd476155.00bb
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-i..oexistencemigration_31bf3856ad364e35_6.0.6000.17021_none_0fe812727f4356a5\$$DeleteMe.iphlpsvc.dll.01cafad7a557afb5.0007
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6000.17037_none_ffe924eda4beb0e0\$$DeleteMe.wininet.dll.01cafad7c84b8055.0092
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6001.18444_none_01c1bc8da1efdba2\$$DeleteMe.wininet.dll.01cb083b45e92ca8.0002
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-ie-runtimeutilities_31bf3856ad364e35_6.0.6000.16386_none_456ce85d8f991f6f\$$DeleteMe.sqmapi.dll.01cafad7b38a8355.0027
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-ie-runtimeutilities_31bf3856ad364e35_6.0.6000.17037_none_45a3dbc98f6fcf3d\$$DeleteMe.iertutil.dll.01cafad7c330ad75.007a
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-ie-runtimeutilities_31bf3856ad364e35_6.0.6001.18444_none_477c73698ca0f9ff\$$DeleteMe.iertutil.dll.01cb083b45be53e8.0001
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-imageanalysis_31bf3856ad364e35_6.0.6000.16386_none_462555be2d3821c7\$$DeleteMe.dbghelp.dll.01cafad7bebc7ad5.0060
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-imm32_31bf3856ad364e35_6.0.6000.16386_none_5a1f5c1a7d7fec2e\$$DeleteMe.imm32.dll.01cafad7b9cc80b5.003d
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_b03f5f7f11d50a3a_6.0.6001.22230_none_c9100d9c5e29c153\WEBADM~2.MAS
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_b03f5f7f11d50a3a_6.0.6001.22230_none_c9100d9c5e29c153\WEBADM~3.MAS
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_b03f5f7f11d50a3a_6.0.6001.22230_none_c9100d9c5e29c153\WE5915~1.MAS
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_b03f5f7f11d50a3a_6.0.6001.22230_none_c9100d9c5e29c153\WEBE69~1.MAS
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-kernel32.resources_31bf3856ad364e35_6.0.6000.16386_de-de_91f32b89397b5cfe\$$DeleteMe.kernel32.dll.mui.01cafad7e7317975.0116
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-ldap-client_31bf3856ad364e35_6.0.6000.16386_none_f105859b5980a307\$$DeleteMe.Wldap32.dll.01cafad7c4c09475.0082
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-mediaplayer-wmvcore_31bf3856ad364e35_6.0.6000.16868_none_05136bbbd8da5cfa\$$DeleteMe.WMVCORE.DLL.01cafad7d17b4ed5.00d7
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-mfplat_31bf3856ad364e35_6.0.6000.16386_none_f473d6b1568a404e\$$DeleteMe.mfplat.dll.01cafad7b1813635.0021
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-mprapi_31bf3856ad364e35_6.0.6000.16386_none_11d5c2f056198a65\$$DeleteMe.mprapi.dll.01cafad7ae63c995.0013
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-mmdeviceapi_31bf3856ad364e35_6.0.6000.16386_none_52cd819bbc76c9b6\$$DeleteMe.MMDevAPI.dll.01cafad7d49b1cd5.00f1
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-msvcrt_31bf3856ad364e35_6.0.6000.16386_none_cf1e7424a1fb0cd9\$$DeleteMe.msvcrt.dll.01cafad7c2c0ccd5.0078
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-msxml30_31bf3856ad364e35_6.0.6000.16903_none_868b088499acd4c5\$$DeleteMe.msxml3.dll.01cafad7d0a9d5d5.00ce
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-msxml30_31bf3856ad364e35_6.0.6000.16903_none_868b088499acd4c5\$$DeleteMe.msxml3r.dll.01cafad7b2c9b3f5.0025
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6000.16710_none_9be9c78e2d9d5d54\$$DeleteMe.NaturalLanguage6.dll.01cafad7d4052635.00f0
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-n..-security.resources_31bf3856ad364e35_6.0.6000.16386_de-de_a30e31ec58ca6ab3\$$DeleteMe.bfe.dll.mui.01cafad7e4b84bb5.010c
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-netshell_31bf3856ad364e35_6.0.6000.16386_none_d34ca8d7111fb859\$$DeleteMe.netshell.dll.01cafad7d07a3a55.00cc
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-networkprofile_31bf3856ad364e35_6.0.6000.16386_none_76648f5e793ab701\$$DeleteMe.netprofm.dll.01cafad7ba1b0e15.0041
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-nlasvc_31bf3856ad364e35_6.0.6000.16386_none_654f33cb0dff3491\$$DeleteMe.ncsi.dll.01cafad7cb55e1f5.00ae
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-nlasvc_31bf3856ad364e35_6.0.6000.16386_none_654f33cb0dff3491\$$DeleteMe.nlaapi.dll.01cafad7d2695855.00de
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-nlasvc_31bf3856ad364e35_6.0.6000.16386_none_654f33cb0dff3491\$$DeleteMe.nlasvc.dll.01cafad7c7303cb5.008d
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-o..inefiles-win32-apis_31bf3856ad364e35_6.0.6000.16386_none_a93437d4fc3a291c\$$DeleteMe.cscapi.dll.01cafad7d2c16b35.00e4
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-ntdll_31bf3856ad364e35_6.0.6000.16386_none_56a01c45ff429b42\$$DeleteMe.ntdll.dll.01cafad7a5496775.0006
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-ntlanman_31bf3856ad364e35_6.0.6000.16386_none_2dda53c8e5b50f7b\$$DeleteMe.ntlanman.dll.01cafad7d2a27955.00e1
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-ole-automation_31bf3856ad364e35_6.0.6000.16609_none_bb22ee81fe4b8646\$$DeleteMe.oleaut32.dll.01cafad7bbdf5355.004c
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-p..play-troubleshooter_31bf3856ad364e35_6.0.6000.16386_none_b82255883cccfc4a\$$DeleteMe.pnpts.dll.01cafad7aff14f35.0019
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-p..pooler-core-spoolss_31bf3856ad364e35_6.0.6000.16386_none_5902d0e391753282\$$DeleteMe.spoolss.dll.01cafad7c91f5ab5.0099
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-p..rtmonitor-tcpmondll_31bf3856ad364e35_6.0.6000.16386_none_d075db5eaa3814ba\$$DeleteMe.tcpmon.dll.01cafad7d5b3ff15.00f4
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-p..ting-wsdportmonitor_31bf3856ad364e35_6.0.6000.16386_none_149c8231e2ae3083\$$DeleteMe.WSDMon.dll.01cafad7b84fa4b5.0038
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-pantherengine_31bf3856ad364e35_6.0.6000.16386_none_abdaad94a8eba700\$$DeleteMe.wdscore.dll.01cafad7c5cd8fd5.0086
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-peertopeerpnrp_31bf3856ad364e35_6.0.6000.16386_none_6f4853b725898435\$$DeleteMe.pnrpnsp.dll.01cafad7c6638675.008b
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-raschap_31bf3856ad364e35_6.0.6000.16932_none_10ba5ae17a3c63eb\$$DeleteMe.raschap.dll.01cafad7bbbb9eb5.004a
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-rasmanservice_31bf3856ad364e35_6.0.6000.16386_none_9c86d445a3bd7285\$$DeleteMe.rasmans.dll.01cafad7caa81d95.00a8
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-rasman_31bf3856ad364e35_6.0.6000.16386_none_6a6f882053097500\$$DeleteMe.rasman.dll.01cafad7ca6efc95.00a5
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-rasapi_31bf3856ad364e35_6.0.6000.16386_none_6b00bd6e529a21a8\$$DeleteMe.rasapi32.dll.01cafad7b1b33315.0022
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-rsaenh-dll_31bf3856ad364e35_6.0.6000.16386_none_5d904dcbb4596800\$$DeleteMe.rsaenh.dll.01cafad7be6b8c15.005e
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-s..cardsubsystemclient_31bf3856ad364e35_6.0.6000.16386_none_16adb8477cae27ab\$$DeleteMe.WinSCard.dll.01cafad7c3de71d5.007d
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-s..ent-sku-homepremium_31bf3856ad364e35_6.0.6002.18005_none_3d90d406f6a60fcd\SEC543~1.XRM
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-s..ent-sku-homepremium_31bf3856ad364e35_6.0.6002.18005_none_3d90d406f6a60fcd\SE0F57~1.XRM
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-s..ent-sku-homepremium_31bf3856ad364e35_6.0.6002.18005_none_3d90d406f6a60fcd\SE7561~1.XRM
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-s..ent-sku-homepremium_31bf3856ad364e35_6.0.6002.18005_none_3d90d406f6a60fcd\SE427A~1.XRM
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-s..ent-sku-homepremium_31bf3856ad364e35_6.0.6002.18005_none_3d90d406f6a60fcd\SE3B5D~1.XRM
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-s..ent-sku-homepremium_31bf3856ad364e35_6.0.6002.18005_none_3d90d406f6a60fcd\SE54EE~1.XRM
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-s..ent-sku-homepremium_31bf3856ad364e35_6.0.6002.18005_none_3d90d406f6a60fcd\SE5DF7~1.XRM
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-s..ent-sku-homepremium_31bf3856ad364e35_6.0.6002.18005_none_3d90d406f6a60fcd\SE1FB8~1.XRM
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86Processes
-------------------
Path: System
PID: 4 Status: Locked to the Windows API!

Path: C:\Windows\System32\audiodg.exe
PID: 1164 Status: Locked to the Windows API!

SSDT
-------------------
#: 078 Function Name: NtCreateThread
Status: Hooked by "<unknown>" at address 0x97a73954

#: 194 Function Name: NtOpenProcess
Status: Hooked by "<unknown>" at address 0x97a73940

#: 201 Function Name: NtOpenThread
Status: Hooked by "<unknown>" at address 0x97a73945

#: 334 Function Name: NtTerminateProcess
Status: Hooked by "<unknown>" at address 0x97a7394f

#: 358 Function Name: NtWriteVirtualMemory
Status: Hooked by "<unknown>" at address 0x97a7394a

Stealth Objects
-------------------
Object: Hidden Handle [Index: 760, Type: UnknownType]
Process: svchost.exe (PID: 788) Address: 0xad6b84b8 Size: -

Object: Hidden Handle [Index: 1360, Type: UnknownType]
Process: svchost.exe (PID: 788) Address: 0xad760c48 Size: -

Object: Hidden Code [Driver: Ntfs, IRP_MJ_CREATE]
Process: System Address: 0x847131f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_CLOSE]
Process: System Address: 0x847131f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_READ]
Process: System Address: 0x847131f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_WRITE]
Process: System Address: 0x847131f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_INFORMATION]
Process: System Address: 0x847131f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_INFORMATION]
Process: System Address: 0x847131f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_EA]
Process: System Address: 0x847131f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_EA]
Process: System Address: 0x847131f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_FLUSH_BUFFERS]
Process: System Address: 0x847131f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_VOLUME_INFORMATION]
Process: System Address: 0x847131f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_VOLUME_INFORMATION]
Process: System Address: 0x847131f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_DIRECTORY_CONTROL]
Process: System Address: 0x847131f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_FILE_SYSTEM_CONTROL]
Process: System Address: 0x847131f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x847131f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SHUTDOWN]
Process: System Address: 0x847131f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_LOCK_CONTROL]
Process: System Address: 0x847131f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_CLEANUP]
Process: System Address: 0x847131f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_SECURITY]
Process: System Address: 0x847131f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_SECURITY]
Process: System Address: 0x847131f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_QUOTA]
Process: System Address: 0x847131f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_QUOTA]
Process: System Address: 0x847131f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_PNP]
Process: System Address: 0x847131f8 Size: 121

Object: Hidden Code [Driver: atapi, IRP_MJ_CREATE]
Process: System Address: 0x847121f8 Size: 121

Object: Hidden Code [Driver: atapi, IRP_MJ_CLOSE]
Process: System Address: 0x847121f8 Size: 121

Object: Hidden Code [Driver: atapi, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x847121f8 Size: 121

Object: Hidden Code [Driver: atapi, IRP_MJ_POWER]
Process: System Address: 0x847121f8 Size: 121

Object: Hidden Code [Driver: atapi, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x847121f8 Size: 121

Object: Hidden Code [Driver: atapi, IRP_MJ_PNP]
Process: System Address: 0x847121f8 Size: 121

Object: Hidden Code [Driver: cdrom, IRP_MJ_CREATE]
Process: System Address: 0x85b441f8 Size: 121

Object: Hidden Code [Driver: cdrom, IRP_MJ_CLOSE]
Process: System Address: 0x85b441f8 Size: 121

Object: Hidden Code [Driver: cdrom, IRP_MJ_READ]
Process: System Address: 0x85b441f8 Size: 121

Object: Hidden Code [Driver: cdrom, IRP_MJ_WRITE]
Process: System Address: 0x85b441f8 Size: 121

Object: Hidden Code [Driver: cdrom, IRP_MJ_FLUSH_BUFFERS]
Process: System Address: 0x85b441f8 Size: 121

Object: Hidden Code [Driver: cdrom, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x85b441f8 Size: 121

Object: Hidden Code [Driver: cdrom, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x85b441f8 Size: 121

Object: Hidden Code [Driver: cdrom, IRP_MJ_SHUTDOWN]
Process: System Address: 0x85b441f8 Size: 121

Object: Hidden Code [Driver: cdrom, IRP_MJ_POWER]
Process: System Address: 0x85b441f8 Size: 121

Object: Hidden Code [Driver: cdrom, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x85b441f8 Size: 121

Object: Hidden Code [Driver: cdrom, IRP_MJ_PNP]
Process: System Address: 0x85b441f8 Size: 121

Object: Hidden Code [Driver: USBSTOR, IRP_MJ_CREATE]
Process: System Address: 0x85a74500 Size: 121

Object: Hidden Code [Driver: USBSTOR, IRP_MJ_CLOSE]
Process: System Address: 0x85a74500 Size: 121

Object: Hidden Code [Driver: USBSTOR, IRP_MJ_READ]
Process: System Address: 0x85a74500 Size: 121

Object: Hidden Code [Driver: USBSTOR, IRP_MJ_WRITE]
Process: System Address: 0x85a74500 Size: 121

Object: Hidden Code [Driver: USBSTOR, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x85a74500 Size: 121

Object: Hidden Code [Driver: USBSTOR, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x85a74500 Size: 121

Object: Hidden Code [Driver: USBSTOR, IRP_MJ_POWER]
Process: System Address: 0x85a74500 Size: 121

Object: Hidden Code [Driver: USBSTOR, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x85a74500 Size: 121

Object: Hidden Code [Driver: USBSTOR, IRP_MJ_PNP]
Process: System Address: 0x85a74500 Size: 121

Object: Hidden Code [Driver: usbuhci, IRP_MJ_CREATE]
Process: System Address: 0x85a271f8 Size: 121

Object: Hidden Code [Driver: usbuhci, IRP_MJ_CLOSE]
Process: System Address: 0x85a271f8 Size: 121

Object: Hidden Code [Driver: usbuhci, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x85a271f8 Size: 121

Object: Hidden Code [Driver: usbuhci, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x85a271f8 Size: 121

Object: Hidden Code [Driver: usbuhci, IRP_MJ_POWER]
Process: System Address: 0x85a271f8 Size: 121

Object: Hidden Code [Driver: usbuhci, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x85a271f8 Size: 121

Object: Hidden Code [Driver: usbuhci, IRP_MJ_PNP]
Process: System Address: 0x85a271f8 Size: 121

Object: Hidden Code [Driver: prodrv06Ҁ䑎潭Ēϸ蜰蘍薢蹰蘍뇦ಫ, IRP_MJ_CREATE]
Process: System Address: 0x894938b8 Size: 1065

Object: Hidden Code [Driver: prodrv06Ҁ䑎潭Ēϸ蜰蘍薢蹰蘍뇦ಫ, IRP_MJ_CLOSE]
Process: System Address: 0x894938b8 Size: 1065

Object: Hidden Code [Driver: prodrv06Ҁ䑎潭Ēϸ蜰蘍薢蹰蘍뇦ಫ, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x894938b8 Size: 1065

Object: Hidden Code [Driver: Smb, IRP_MJ_CREATE]
Process: System Address: 0x85feb1f8 Size: 121

Object: Hidden Code [Driver: Smb, IRP_MJ_CLOSE]
Process: System Address: 0x85feb1f8 Size: 121

Object: Hidden Code [Driver: Smb, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x85feb1f8 Size: 121

Object: Hidden Code [Driver: Smb, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x85feb1f8 Size: 121

Object: Hidden Code [Driver: Smb, IRP_MJ_CLEANUP]
Process: System Address: 0x85feb1f8 Size: 121

Object: Hidden Code [Driver: Smb, IRP_MJ_PNP]
Process: System Address: 0x85feb1f8 Size: 121

Object: Hidden Code [Driver: prohlp02, IRP_MJ_CREATE]
Process: System Address: 0x86b08178 Size: 2849

Object: Hidden Code [Driver: prohlp02, IRP_MJ_CLOSE]
Process: System Address: 0x86b08178 Size: 2849

Object: Hidden Code [Driver: prohlp02, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x86b08178 Size: 2849

Object: Hidden Code [Driver: netbt, IRP_MJ_CREATE]
Process: System Address: 0x85fe4500 Size: 121

Object: Hidden Code [Driver: netbt, IRP_MJ_CLOSE]
Process: System Address: 0x85fe4500 Size: 121

Object: Hidden Code [Driver: netbt, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x85fe4500 Size: 121

Object: Hidden Code [Driver: netbt, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x85fe4500 Size: 121

Object: Hidden Code [Driver: netbt, IRP_MJ_CLEANUP]
Process: System Address: 0x85fe4500 Size: 121

Object: Hidden Code [Driver: netbt, IRP_MJ_PNP]
Process: System Address: 0x85fe4500 Size: 121

Object: Hidden Code [Driver: iScsiPrt, IRP_MJ_CREATE]
Process: System Address: 0x85c121f8 Size: 121

Object: Hidden Code [Driver: iScsiPrt, IRP_MJ_CLOSE]
Process: System Address: 0x85c121f8 Size: 121

Object: Hidden Code [Driver: iScsiPrt, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x85c121f8 Size: 121

Object: Hidden Code [Driver: iScsiPrt, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x85c121f8 Size: 121

Object: Hidden Code [Driver: iScsiPrt, IRP_MJ_POWER]
Process: System Address: 0x85c121f8 Size: 121

Object: Hidden Code [Driver: iScsiPrt, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x85c121f8 Size: 121

Object: Hidden Code [Driver: iScsiPrt, IRP_MJ_PNP]
Process: System Address: 0x85c121f8 Size: 121

Object: Hidden Code [Driver: {AC8, IRP_MJ_CREATE]
Process: System Address: 0x85d371f8 Size: 121

Object: Hidden Code [Driver: {AC8, IRP_MJ_CLOSE]
Process: System Address: 0x85d371f8 Size: 121

Object: Hidden Code [Driver: {AC8, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x85d371f8 Size: 121

Object: Hidden Code [Driver: {AC8, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x85d371f8 Size: 121

Object: Hidden Code [Driver: {AC8, IRP_MJ_POWER]
Process: System Address: 0x85d371f8 Size: 121

Object: Hidden Code [Driver: {AC8, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x85d371f8 Size: 121

Object: Hidden Code [Driver: {AC8, IRP_MJ_PNP]
Process: System Address: 0x85d371f8 Size: 121

Object: Hidden Code [Driver: volmgr, IRP_MJ_CREATE]
Process: System Address: 0x83d7d1f8 Size: 121

Object: Hidden Code [Driver: volmgr, IRP_MJ_READ]
Process: System Address: 0x83d7d1f8 Size: 121

Object: Hidden Code [Driver: volmgr, IRP_MJ_WRITE]
Process: System Address: 0x83d7d1f8 Size: 121

Object: Hidden Code [Driver: volmgr, IRP_MJ_FLUSH_BUFFERS]
Process: System Address: 0x83d7d1f8 Size: 121

Object: Hidden Code [Driver: volmgr, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x83d7d1f8 Size: 121

Object: Hidden Code [Driver: volmgr, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x83d7d1f8 Size: 121

Object: Hidden Code [Driver: volmgr, IRP_MJ_SHUTDOWN]
Process: System Address: 0x83d7d1f8 Size: 121

Object: Hidden Code [Driver: volmgr, IRP_MJ_CLEANUP]
Process: System Address: 0x83d7d1f8 Size: 121

Object: Hidden Code [Driver: volmgr, IRP_MJ_POWER]
Process: System Address: 0x83d7d1f8 Size: 121

Object: Hidden Code [Driver: volmgr, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x83d7d1f8 Size: 121

Object: Hidden Code [Driver: volmgr, IRP_MJ_PNP]
Process: System Address: 0x83d7d1f8 Size: 121

Object: Hidden Code [Driver: usbehci, IRP_MJ_CREATE]
Process: System Address: 0x85a1d1f8 Size: 121

Object: Hidden Code [Driver: usbehci, IRP_MJ_CLOSE]
Process: System Address: 0x85a1d1f8 Size: 121

Object: Hidden Code [Driver: usbehci, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x85a1d1f8 Size: 121

Object: Hidden Code [Driver: usbehci, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x85a1d1f8 Size: 121

Object: Hidden Code [Driver: usbehci, IRP_MJ_POWER]
Process: System Address: 0x85a1d1f8 Size: 121

Object: Hidden Code [Driver: usbehci, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x85a1d1f8 Size: 121

Object: Hidden Code [Driver: usbehci, IRP_MJ_PNP]
Process: System Address: 0x85a1d1f8 Size: 121

Object: Hidden Code [Driver: mrxsmb, IRP_MJ_CREATE]
Process: System Address: 0x8ce991f8 Size: 121

Object: Hidden Code [Driver: mrxsmb, IRP_MJ_CREATE_NAMED_PIPE]
Process: System Address: 0x8ce991f8 Size: 121

Object: Hidden Code [Driver: mrxsmb, IRP_MJ_CLOSE]
Process: System Address: 0x8ce991f8 Size: 121

Object: Hidden Code [Driver: mrxsmb, IRP_MJ_READ]
Process: System Address: 0x8ce991f8 Size: 121

Object: Hidden Code [Driver: mrxsmb, IRP_MJ_WRITE]
Process: System Address: 0x8ce991f8 Size: 121

Object: Hidden Code [Driver: mrxsmb, IRP_MJ_QUERY_INFORMATION]
Process: System Address: 0x8ce991f8 Size: 121

Object: Hidden Code [Driver: mrxsmb, IRP_MJ_SET_INFORMATION]
Process: System Address: 0x8ce991f8 Size: 121

Object: Hidden Code [Driver: mrxsmb, IRP_MJ_QUERY_EA]
Process: System Address: 0x8ce991f8 Size: 121

Object: Hidden Code [Driver: mrxsmb, IRP_MJ_SET_EA]
Process: System Address: 0x8ce991f8 Size: 121

Object: Hidden Code [Driver: mrxsmb, IRP_MJ_FLUSH_BUFFERS]
Process: System Address: 0x8ce991f8 Size: 121

Object: Hidden Code [Driver: mrxsmb, IRP_MJ_QUERY_VOLUME_INFORMATION]
Process: System Address: 0x8ce991f8 Size: 121

Object: Hidden Code [Driver: mrxsmb, IRP_MJ_SET_VOLUME_INFORMATION]
Process: System Address: 0x8ce991f8 Size: 121

Object: Hidden Code [Driver: mrxsmb, IRP_MJ_DIRECTORY_CONTROL]
Process: System Address: 0x8ce991f8 Size: 121

Object: Hidden Code [Driver: mrxsmb, IRP_MJ_FILE_SYSTEM_CONTROL]
Process: System Address: 0x8ce991f8 Size: 121

Object: Hidden Code [Driver: mrxsmb, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x8ce991f8 Size: 121

Object: Hidden Code [Driver: mrxsmb, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x8ce991f8 Size: 121

Object: Hidden Code [Driver: mrxsmb, IRP_MJ_SHUTDOWN]
Process: System Address: 0x8ce991f8 Size: 121

Object: Hidden Code [Driver: mrxsmb, IRP_MJ_LOCK_CONTROL]
Process: System Address: 0x8ce991f8 Size: 121

Object: Hidden Code [Driver: mrxsmb, IRP_MJ_CLEANUP]
Process: System Address: 0x8ce991f8 Size: 121

Object: Hidden Code [Driver: mrxsmb, IRP_MJ_CREATE_MAILSLOT]
Process: System Address: 0x8ce991f8 Size: 121

Object: Hidden Code [Driver: mrxsmb, IRP_MJ_QUERY_SECURITY]
Process: System Address: 0x8ce991f8 Size: 121

Object: Hidden Code [Driver: mrxsmb, IRP_MJ_SET_SECURITY]
Process: System Address: 0x8ce991f8 Size: 121

Object: Hidden Code [Driver: mrxsmb, IRP_MJ_POWER]
Process: System Address: 0x8ce991f8 Size: 121

Object: Hidden Code [Driver: mrxsmb, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x8ce991f8 Size: 121

Object: Hidden Code [Driver: mrxsmb, IRP_MJ_DEVICE_CHANGE]
Process: System Address: 0x8ce991f8 Size: 121

Object: Hidden Code [Driver: mrxsmb, IRP_MJ_QUERY_QUOTA]
Process: System Address: 0x8ce991f8 Size: 121

Object: Hidden Code [Driver: mrxsmb, IRP_MJ_SET_QUOTA]
Process: System Address: 0x8ce991f8 Size: 121

Object: Hidden Code [Driver: mrxsmb, IRP_MJ_PNP]
Process: System Address: 0x8ce991f8 Size: 121

Object: Hidden Code [Driver: cdfs潉†Ј癅㌐赑LL龥, IRP_MJ_CREATE]
Process: System Address: 0x95e941f8 Size: 121

Object: Hidden Code [Driver: cdfs潉†Ј癅㌐赑LL龥, IRP_MJ_CLOSE]
Process: System Address: 0x95e941f8 Size: 121

Object: Hidden Code [Driver: cdfs潉†Ј癅㌐赑LL龥, IRP_MJ_READ]
Process: System Address: 0x95e941f8 Size: 121

Object: Hidden Code [Driver: cdfs潉†Ј癅㌐赑LL龥, IRP_MJ_WRITE]
Process: System Address: 0x95e941f8 Size: 121

Object: Hidden Code [Driver: cdfs潉†Ј癅㌐赑LL龥, IRP_MJ_QUERY_INFORMATION]
Process: System Address: 0x95e941f8 Size: 121

Object: Hidden Code [Driver: cdfs潉†Ј癅㌐赑LL龥, IRP_MJ_SET_INFORMATION]
Process: System Address: 0x95e941f8 Size: 121

Object: Hidden Code [Driver: cdfs潉†Ј癅㌐赑LL龥, IRP_MJ_QUERY_VOLUME_INFORMATION]
Process: System Address: 0x95e941f8 Size: 121

Object: Hidden Code [Driver: cdfs潉†Ј癅㌐赑LL龥, IRP_MJ_DIRECTORY_CONTROL]
Process: System Address: 0x95e941f8 Size: 121

Object: Hidden Code [Driver: cdfs潉†Ј癅㌐赑LL龥, IRP_MJ_FILE_SYSTEM_CONTROL]
Process: System Address: 0x95e941f8 Size: 121

Object: Hidden Code [Driver: cdfs潉†Ј癅㌐赑LL龥, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x95e941f8 Size: 121

Object: Hidden Code [Driver: cdfs潉†Ј癅㌐赑LL龥, IRP_MJ_SHUTDOWN]
Process: System Address: 0x95e941f8 Size: 121

Object: Hidden Code [Driver: cdfs潉†Ј癅㌐赑LL龥, IRP_MJ_LOCK_CONTROL]
Process: System Address: 0x95e941f8 Size: 121

Object: Hidden Code [Driver: cdfs潉†Ј癅㌐赑LL龥, IRP_MJ_CLEANUP]
Process: System Address: 0x95e941f8 Size: 121

Object: Hidden Code [Driver: cdfs潉†Ј癅㌐赑LL龥, IRP_MJ_PNP]
Process: System Address: 0x95e941f8 Size: 121

==EOF==
Seitenanfang Seitenende
27.10.2010, 22:07
gangren
Member

Beiträge: 420
#7

Zitat

okay, also ich werde tun, was du sagst, aber kannst du mich mal bitte aufklären WAS ich überhaupt tue? ^^ oder was wir versuche zu "bekämpfen"?
Mit dem OTL-Script wurden Sachen entfernt, die nach Malware aussehen und die Malwarebytes nicht erwischt hat, vorsorglich Autoplay-Punkte aus der Registry weggelöscht (können sich Würmer drüber verbreiten), die hosts-Datei resettet und eine Menge Müll aus allen möglichen Temp-Ordnern entsorgt.
RootRepeal hat nach sogenannten Rootkits gesucht, also Malware, die sich vor dem Betriebssystem versteckt und somit auch für "normale" Tools nicht sichtbar ist.
Das alles auch als Vorbereitung auf den nun folgenden "Hauptgang" (Punkt 1 unten). Das Ganze mit dem Ziel, am Ende keine aktive Malware mehr auf dem Rechner zu haben. Erfordert leider etwas Arbeit und Geduld.

1. Arbeite bitte diese Anleitung ab und poste das Log
http://www.bleepingcomputer.com/combofix/de/wie-combofix-benutzt-wird
Seitenanfang Seitenende
28.10.2010, 02:15
volleyfabian
Member

Themenstarter

Beiträge: 36
#8 Ist mein rechner echt so stark infiziert ??! wie kommt das nur ?
Seitenanfang Seitenende
28.10.2010, 12:47
gangren
Member

Beiträge: 420
#9 Naja, was heißt stark... infiziert ist halt infiziert, ob stark oder nicht. Wie das kommt, kann ich Dir nicht sagen, gibt viele Möglichkeiten.
Seitenanfang Seitenende
29.10.2010, 13:24
volleyfabian
Member

Themenstarter

Beiträge: 36
#10 So.. nachdem ich alles komplett ordnungsgemäß durchgeführt habe und ComboFix starten wollte, erschien 10x hintereinander derselbe Fehler (Dateifehler). Im Anschluss piepte der PC mehrmals hintereinander. Beim nochmaligem Öffnen des Programms erschien "Dateifehler" und nichts anderes. Dann folgte der Neustart und das Programm wurde ausgeführt.
Nun fehlt in der Schnellleiste (rechts unten, wo die Uhrzeit steht) AntiVir, ich muss es also komischerweise wieder manuell starten ohne die Schnellfunktion nutzen zu können. Wie dem auch sei - hier die Log Datei:

ComboFix 10-10-28.03 - ALLE 29.10.2010 13:03:35.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.49.1031.18.1022.456 [GMT 2:00]
ausgeführt von:: c:\users\ALLE\Desktop\ComboFix.exe
AV: Avira AntiVir PersonalEdition *On-access scanning enabled* (Outdated) {AD166499-45F9-482A-A743-FDD3350758C7}
SP: Avira AntiVir PersonalEdition *enabled* (Outdated) {AD166499-45F9-482A-A743-FDD3350758C7}
SP: Windows-Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\users\ALLE\AppData\Roaming\chrtmp

.
((((((((((((((((((((((( Dateien erstellt von 2010-09-28 bis 2010-10-29 ))))))))))))))))))))))))))))))
.

2010-10-29 11:12 . 2010-10-29 11:13 -------- d-----w- c:\users\ALLE\AppData\Local\temp
2010-10-29 11:12 . 2010-10-29 11:12 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-10-29 10:46 . 2010-10-07 23:21 6146896 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{EFAF0AF5-C469-474E-B372-7F274DE85AA9}\mpengine.dll
2010-10-27 18:58 . 2010-10-27 18:58 -------- d-----w- C:\_OTL
2010-10-27 11:15 . 2010-10-27 11:15 -------- d-----w- c:\users\ALLE\AppData\Roaming\Malwarebytes
2010-10-27 11:15 . 2010-04-29 13:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-10-27 11:15 . 2010-10-27 11:15 -------- d-----w- c:\programdata\Malwarebytes
2010-10-27 11:15 . 2010-04-29 13:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-10-27 11:15 . 2010-10-27 11:15 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-10-26 10:43 . 2010-10-26 10:43 -------- d-----w- c:\program files\Avira
2010-10-26 10:43 . 2007-09-07 10:05 62016 ----a-w- c:\windows\system32\drivers\avipbb.sys
2010-10-25 14:28 . 2010-10-25 14:28 -------- d-----w- c:\users\ALLE\AppData\Local\SKIDROW
2010-10-25 13:47 . 2010-10-25 13:47 -------- d-----w- c:\users\ALLE\AppData\Local\My Games
2010-10-25 13:21 . 2010-10-25 13:46 -------- d-----w- c:\program files\Sid Meier's Civilization V
2010-10-25 11:06 . 2010-10-25 11:06 -------- d-----w- c:\programdata\WindowsSearch
2010-10-20 22:12 . 2010-10-20 22:12 -------- d-----w- c:\windows\system32\EventProviders
2010-10-20 11:57 . 2010-10-20 11:57 -------- d-----w- c:\program files\Common Files\Java
2010-10-20 11:56 . 2010-04-12 15:29 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-10-20 11:56 . 2010-04-12 15:29 411368 ----a-w- c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
2010-10-15 12:44 . 2010-10-15 12:44 -------- d-----w- c:\program files\Buka
2010-10-14 16:14 . 1997-08-27 16:17 6553 ----a-w- c:\program files\Microsoft Games\Age of Empires\SP.exe
2010-10-14 16:08 . 1999-01-06 15:37 6432 ----a-w- c:\program files\Microsoft Games\Age of Empires\RoRCrack.exe
2010-10-14 16:04 . 2000-10-24 15:45 29184 ----a-w- c:\program files\Microsoft Games\Age of Empires\AoE CD Crack.exe
2010-10-13 12:16 . 2010-09-10 16:35 168960 ----a-w- c:\program files\Windows Media Player\wmplayer.exe
2010-10-13 12:16 . 2010-09-10 16:37 8147456 ----a-w- c:\windows\system32\wmploc.DLL
2010-10-13 12:15 . 2010-09-06 16:24 125952 ----a-w- c:\windows\system32\srvsvc.dll
2010-10-13 12:15 . 2010-09-06 14:13 303616 ----a-w- c:\windows\system32\drivers\srv.sys
2010-10-13 12:15 . 2010-09-06 14:12 145408 ----a-w- c:\windows\system32\drivers\srv2.sys
2010-10-13 12:15 . 2010-09-06 14:12 101888 ----a-w- c:\windows\system32\drivers\srvnet.sys
2010-10-13 12:15 . 2010-09-06 16:23 17920 ----a-w- c:\windows\system32\netevent.dll
2010-10-13 12:15 . 2010-08-10 15:02 274432 ----a-w- c:\windows\system32\schannel.dll
2010-10-13 12:15 . 2010-06-28 16:15 1315840 ----a-w- c:\windows\system32\ole32.dll
2010-10-13 12:15 . 2010-06-28 14:31 339968 ----a-w- c:\program files\Windows NT\Accessories\wordpad.exe
2010-10-03 13:36 . 2010-10-21 19:46 -------- d-----w- c:\users\ALLE\AppData\Roaming\Meine Die Schlacht um Mittelerde™ II-Dateien
2010-10-02 14:08 . 2010-06-22 12:57 2048 ----a-w- c:\windows\system32\tzres.dll

.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-10-19 09:41 . 2010-05-12 19:39 222080 ------w- c:\windows\system32\MpSigStub.exe
2010-09-08 09:17 . 2010-09-08 09:17 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2010-09-08 09:17 . 2010-09-08 09:17 69632 ----a-w- c:\windows\system32\QuickTime.qts
2010-08-17 13:32 . 2010-09-15 13:31 126464 ----a-w- c:\windows\system32\spoolsv.exe
.

(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{40c3cc16-7269-4b32-9531-17f2950fb06f}"= "c:\program files\Winload\tbWinl.dll" [2010-03-17 2355224]

[HKEY_CLASSES_ROOT\clsid\{40c3cc16-7269-4b32-9531-17f2950fb06f}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{40c3cc16-7269-4b32-9531-17f2950fb06f}]
2010-03-17 13:45 2355224 ----a-w- c:\program files\Winload\tbWinl.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{40c3cc16-7269-4b32-9531-17f2950fb06f}"= "c:\program files\Winload\tbWinl.dll" [2010-03-17 2355224]

[HKEY_CLASSES_ROOT\clsid\{40c3cc16-7269-4b32-9531-17f2950fb06f}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{40C3CC16-7269-4B32-9531-17F2950FB06F}"= "c:\program files\Winload\tbWinl.dll" [2010-03-17 2355224]

[HKEY_CLASSES_ROOT\clsid\{40c3cc16-7269-4b32-9531-17f2950fb06f}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-19 1008184]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2010-06-03 202256]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2010-09-01 1164584]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-09-08 421888]
"LogitechQuickCamRibbon"="c:\program files\Logitech\Logitech WebCam Software\LWS.exe" [2009-10-14 2793304]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-20 932288]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"avgnt"="c:\program files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2007-08-31 249896]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-04-29 1090952]

c:\users\ALLE\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Logitech . Produktregistrierung.lnk - c:\program files\Logitech\Logitech WebCam Software\eReg.exe [2009-10-14 517384]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2010-04-01 09:16 357696 ----a-w- c:\program files\DAEMON Tools Lite\DTLite.exe

R0 dvpni;dvpni;c:\windows\System32\drivers\pjnhvnv.sys [x]
R4 sptd;sptd;c:\windows\system32\Drivers\sptd.sys [2010-05-13 691696]
S2 acedrv11;acedrv11;c:\windows\system32\drivers\acedrv11.sys [2010-02-24 185472]
S2 cpuz133;cpuz133;c:\windows\system32\drivers\cpuz133_x32.sys [2010-03-10 20968]

.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.de/
IE: Nach Microsoft &Excel exportieren - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
TCP: {26459BC1-F3E4-4126-9280-7428C45F3BF7} = 213.191.92.82 213.191.74.11
FF - ProfilePath - c:\users\ALLE\AppData\Roaming\Mozilla\Firefox\Profiles\xu4g2hc1.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2319825&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Winload Customized Web Search
FF - prefs.js: browser.startup.homepage - www.google.de
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2319825&q=
FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: c:\programdata\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -

WebBrowser-{EEE6C35B-6118-11DC-9C72-001320C79847} - (no file)



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-10-29 13:13
Windows 6.0.6001 Service Pack 1 NTFS

Scanne versteckte Prozesse...

Scanne versteckte Autostarteinträge...

Scanne versteckte Dateien...

Scan erfolgreich abgeschlossen
versteckte Dateien: 0

**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------

[HKEY_USERS\S-1-5-21-4292998420-3711059969-3473743363-1000\Software\SecuROM\License information*]
@Allowed: (Read) (RestrictedCode)
.
Zeit der Fertigstellung: 2010-10-29 13:15:43
ComboFix-quarantined-files.txt 2010-10-29 11:15

Vor Suchlauf: 11 Verzeichnis(se), 224.147.972.096 Bytes frei
Nach Suchlauf: 16 Verzeichnis(se), 224.093.892.608 Bytes frei

- - End Of File - - 484589CCE0EE433F39F48DD5701149F5
Seitenanfang Seitenende
29.10.2010, 14:34
gangren
Member

Beiträge: 420
#11

Zitat

2010-10-14 16:08 . 1999-01-06 15:37 6432 ----a-w- c:\program files\Microsoft Games\Age of Empires\RoRCrack.exe
2010-10-14 16:04 . 2000-10-24 15:45 29184 ----a-w- c:\program files\Microsoft Games\Age of Empires\AoE CD Crack.exe
Tja, jetzt wissen wir auch, wo das herkommt.

Lösche jegliche Cracks, Keygens etc. und deinstalliere die dazugehörigen Programme, sonst muss ich die Hilfe einstellen. Die Benutzung solcher Sachen ist illegal und wird hier nicht toleriert. Außerdem für die Zukunft: Cracks, Keygens etc. sind zu 99,9% verseucht.
Seitenanfang Seitenende
29.10.2010, 18:42
volleyfabian
Member

Themenstarter

Beiträge: 36
#12 okay, aber:
die erweiterung dieses spiels lässt sich nicht unter windows vista deinstallieren sagt er mir. wie kann ich das umgehen? ich denke nicht, dass es reichen wird, wenn ich den Ordner "Microsoft Games" lösche. Das normale Spiel + Cracks ist deinstalliert, jedoch hapert es bei der Erweiterung (nur unter 95, 98 oder sonste was mit Service Pack 3 ausführbar...)

und nochwas.. diesen crack habe ich seit kurzem ausprobiert. installiert habe ich es vielleicht vor 1-2 wochen. mein rechner ist dennoch seit ein paar monaten sehr langsam geworden...
Seitenanfang Seitenende
29.10.2010, 19:18
gangren
Member

Beiträge: 420
#13

Zitat

und nochwas.. diesen crack habe ich seit kurzem ausprobiert. installiert habe ich es vielleicht vor 1-2 wochen. mein rechner ist dennoch seit ein paar monaten sehr langsam geworden...
Naja... wo ein Crack ist, da sind meistens noch mehr. Die müssten dann auch weg. Sag Bescheid, wenn alles weg ist. Um die Erweiterung zu entfernen, versuch mal das Programm hier:
http://www.netzwelt.de/download/13576-absolute-uninstaller.html
Seitenanfang Seitenende
30.10.2010, 09:59
volleyfabian
Member

Themenstarter

Beiträge: 36
#14 hey, also ich habe deinstalliert, was es zu deinstallieren gab, aberich glaube dennoch, dass es etwas anderes ist. Ein Kumpel von mir hat dieselben, bzw. mehr cracks und da läuft alles pikobello. Wo könnte die Ursache noch liegen?
Mein PC hat sich heute wieder erst beim 2. Versuch starten lassen.

Und das Programm hilft leider nicht. Ich habe im Anhang die Fehlermeldung als Bild eingefügt.

Anhang: Unbenannt.jpg
Seitenanfang Seitenende
30.10.2010, 13:15
gangren
Member

Beiträge: 420
#15 Nur weil alles pikobello läuft, muss nicht alles auch so sein. Die Ursache wird schon in diesen Cracks sein, keine Sorge. Wenn man jeden Schei... ausführt, muss man sich nicht wundern.

1. Hol Dir bitte die CFScript.txt aus dem Anhang auf den Desktop.
Treffe alle Vorbereitungen zum Lauf von ComboFix gemäß Anleitung, aber starte es noch nicht.
Ziehe dann die CFScript.txt mit der Maus auf das Symbol von ComboFix auf Deinem Desktop (und loslassen).
ComboFix wird erneut scannen, poste bitte anschließend das neue Log.

Anhang: CFScript.txt
Seitenanfang Seitenende
Um auf dieses Thema zu ANTWORTEN
bitte erst » hier kostenlos registrieren!!

Folgende Themen könnten Dich auch interessieren:
Seite(n): 12