Schwerwiegender Virusverdacht. PC läuft sehr langsam, bitte um Support...

#1 Hallo Zusammen,

seit einiger Zeit habe ich Probleme mit meinem PC. Ich erhalte andauernd Fehlermeldungen und der PC läuft sehr langsam. Programme wie Antivir können nicht mal aktiviert werden.

Als ich mit "gmer" versucht habe zu scannen, erhielt ich zweimal den bekannten Bluescreen und der PC wurde selbstständig runtergefahren. Also ist die LOG-Datei von "gmer" keinesfalls komplett.

Würdet ihr mir bitte weiterhelfen und Tipps geben, wie ich meinen PC wieder flott kriege? Falls noch einige Details fehlen, bitte ich um Rückinfo, damit ich diese schnellstens nachreichen kann. Schon mal vielen Dank im Voraus

Hier die LOG-Datein:

HiJackThis:

Code

 Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 00:31:31, on 29.10.2010
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v8.00 (8.00.6001.18943)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\avmwlanstick\WLanGUI.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\fgjf\dgdg.exe
C:\Program Files\fgjf\plugin-container.exe
C:\Program Files\Windows Mail\WinMail.exe
C:\Windows\system32\conime.exe
C:\Users\Seyin\Desktop\HiJackThis204.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.icq.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = fritz.box;192.168.178.1;*.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
R3 - URLSearchHook: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
R3 - URLSearchHook: (no name) - {9CB65206-89C4-402c-BA80-02D8C59F9B1D} - C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL (file missing)
R3 - URLSearchHook: Zynga Toolbar - {7b13ec3e-999a-4b70-b9cb-2617b8323822} - C:\Program Files\Zynga\tbZyng.dll
R3 - URLSearchHook: (no name) -  - (no file)
R3 - URLSearchHook: softonic-de3 Toolbar - {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Program Files\softonic-de3\tbsoft.dll
O1 - Hosts: ::1 localhost
O2 - BHO: vShare Plugin - {043C5167-00BB-4324-AF7E-62013FAEDACF} - C:\Program Files\vShare\vshare_toolbar.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Zynga Toolbar - {7b13ec3e-999a-4b70-b9cb-2617b8323822} - C:\Program Files\Zynga\tbZyng.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll
O2 - BHO: softonic-de3 Toolbar - {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Program Files\softonic-de3\tbsoft.dll
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll
O3 - Toolbar: Zynga Toolbar - {7b13ec3e-999a-4b70-b9cb-2617b8323822} - C:\Program Files\Zynga\tbZyng.dll
O3 - Toolbar: ICQToolBar - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
O3 - Toolbar: vShare Plugin - {043C5167-00BB-4324-AF7E-62013FAEDACF} - C:\Program Files\vShare\vshare_toolbar.dll
O3 - Toolbar: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: softonic-de3 Toolbar - {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Program Files\softonic-de3\tbsoft.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [Bluetooth HCI Monitor] RunDll32 HCIMNTR.DLL,RunCheckHCIMode
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [AVMWlanClient] C:\Program Files\avmwlanstick\wlangui.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [AdobeAAMUpdater-1.0] "C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
O4 - HKLM\..\Run: [SwitchBoard] C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O4 - HKLM\..\Run: [AdobeCS5ServiceManager] "C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [ATICustomerCare] "C:\Program Files\ATI\ATICustomerCare\ATICustomerCare.exe"
O4 - HKLM\..\Run: [POEngine] "C:\Program Files\PokerOffice\POEngine.exe" C:\Program Files\PokerOffice
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\Steam.exe" -silent
O4 - HKCU\..\Run: [SpywareTerminatorUpdate] "C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe"
O4 - HKCU\..\Run: [{BA2697AF-C676-D5EF-ACFE-AAD024CD9666}] C:\Users\Seyin\AppData\Local\Temp\poker.exe
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: McAfee Security Scan Plus.lnk = ?
O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Free YouTube Download - C:\Users\Seyin\AppData\Roaming\DVDVideoSoftIEHelpers\youtubedownload.htm
O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Seyin\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe
O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: PartyCasino - {B4B52284-A248-4c51-9F7C-F0A0C67FCC9D} - C:\Programs\PartyGaming\PartyCasino\RunApp.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyCasino - {B4B52284-A248-4c51-9F7C-F0A0C67FCC9D} - C:\Programs\PartyGaming\PartyCasino\RunApp.exe (file missing)
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programs\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programs\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: vsharechrome - {3F3A4B8A-86FC-43A4-BB00-6D7EBE9D4484} - C:\Program Files\vShare\vshare_toolbar.dll
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: AMD External Events Utility - AMD - C:\Windows\system32\atiesrxx.exe
O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: AVM WLAN Connection Service - AVM Berlin - C:\Program Files\avmwlanstick\WlanNetService.exe
O23 - Service: Dienst "Bonjour" (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Google Desktop Manager 5.9.1005.12335 (GoogleDesktopManager-051210-111108) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: ICQ Service - Unknown owner - C:\Program Files\ICQ6Toolbar\ICQ Service.exe
O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\BurnAware Professional\nmsaccessu.exe
O23 - Service: pcdservice - Phantombility, Inc - C:\Program Files\Phantombility\Phantom CD\pcdservice.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe

--
End of file - 11693 bytes
 

.

Log-File von OTL:

Code

 OTL logfile created on: 29.10.2010 00:39:26 - Run 1
OTL by OldTimer - Version 3.2.17.1     Folder = C:\Users\Seyin\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18943)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 63,00% Memory free
6,00 Gb Paging File | 5,00 Gb Available in Paging File | 84,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 698,63 Gb Total Space | 189,39 Gb Free Space | 27,11% Space Free | Partition Type: NTFS
 
Computer Name: SEYIN1 | User Name: Seyin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
[color=#E56717]========== Processes (SafeList) ==========[/color]
 
PRC - C:\Users\Seyin\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Programme\Spyware Terminator\SpywareTerminatorUpdate.exe (Crawler.com)
PRC - C:\Programme\Spyware Terminator\sp_rsser.exe (Crawler.com)
PRC - C:\Windows\System32\atieclxx.exe (AMD)
PRC - C:\Windows\System32\atiesrxx.exe (AMD)
PRC - C:\Programme\Google\Google Desktop Search\GoogleDesktop.exe (Google)
PRC - C:\Programme\Internet Explorer\iexplore.exe (Microsoft Corporation)
PRC - C:\Programme\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\Programme\ICQ6Toolbar\ICQ Service.exe ()
PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Programme\McAfee Security Scan\2.0.181\SSScheduler.exe (McAfee, Inc.)
PRC - C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
PRC - C:\Programme\Phantombility\Phantom CD\pcdservice.exe (Phantombility, Inc)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\BurnAware Professional\nmsaccessu.exe ()
PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
PRC - C:\Windows\System32\conime.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Defender\MSASCui.exe (Microsoft Corporation)
PRC - C:\Programme\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
PRC - C:\Programme\WIDCOMM\Bluetooth Software\BTStackServer.exe (Broadcom Corporation.)
PRC - C:\Programme\avmwlanstick\WLanGUI.exe (AVM Berlin)
PRC - C:\Programme\avmwlanstick\WLanNetService.exe (AVM Berlin)
PRC - C:\Programme\Microsoft Office\OFFICE11\WINWORD.EXE (Microsoft Corporation)
 
 
[color=#E56717]========== Modules (SafeList) ==========[/color]
 
MOD - C:\Users\Seyin\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18523_none_5cdd65e20837faf2\comctl32.dll (Microsoft Corporation)
 
 
[color=#E56717]========== Win32 Services (SafeList) ==========[/color]
 
SRV - (Steam Client Service) -- C:\Program Files\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (sp_rssrv) -- C:\Program Files\Spyware Terminator\sp_rsser.exe (Crawler.com)
SRV - (AMD External Events Utility) -- C:\Windows\System32\atiesrxx.exe (AMD)
SRV - (GoogleDesktopManager-051210-111108) -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (Google)
SRV - (Apple Mobile Device) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (ICQ Service) -- C:\Programme\ICQ6Toolbar\ICQ Service.exe ()
SRV - (WPFFontCache_v0400) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe (Microsoft Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (SwitchBoard) -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
SRV - (McComponentHostService) -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe (McAfee, Inc.)
SRV - (pcdservice) -- C:\Program Files\Phantombility\Phantom CD\pcdservice.exe (Phantombility, Inc)
SRV - (NMSAccessU) -- C:\Programme\BurnAware Professional\nmsaccessu.exe ()
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (AVM WLAN Connection Service) -- C:\Programme\avmwlanstick\WLanNetService.exe (AVM Berlin)
 
 
[color=#E56717]========== Driver Services (SafeList) ==========[/color]
 
DRV - (NwlnkFwd) -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys File not found
DRV - (NwlnkFlt) -- C:\Windows\System32\DRIVERS\nwlnkflt.sys File not found
DRV - (IpInIp) -- C:\Windows\System32\DRIVERS\ipinip.sys File not found
DRV - (DFUBTUSB) -- C:\Windows\System32\Drivers\frmupgr.sys File not found
DRV - (btusbflt) -- C:\Windows\System32\drivers\btusbflt.sys File not found
DRV - (sp_rsdrv2) -- C:\Windows\System32\drivers\sp_rsdrv2.sys ()
DRV - (atikmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV - (amdkmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV - (amdkmdap) -- C:\Windows\System32\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV - (AtiHDAudioService) -- C:\Windows\System32\drivers\AtihdLH3.sys (ATI Technologies, Inc.)
DRV - (atksgt) -- C:\Windows\System32\drivers\atksgt.sys ()
DRV - (lirsgt) -- C:\Windows\System32\drivers\lirsgt.sys ()
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)
DRV - (sptd) -- C:\Windows\System32\Drivers\sptd.sys ()
DRV - (AtiHdmiService) -- C:\Windows\System32\drivers\AtiHdmi.sys (ATI Technologies, Inc.)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (MegaSR) -- C:\Windows\system32\drivers\megasr.sys (LSI Corporation, Inc.)
DRV - (adpu320) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.)
DRV - (megasas) -- C:\Windows\system32\drivers\megasas.sys (LSI Corporation)
DRV - (adpu160m) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.)
DRV - (SiSRaid4) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems)
DRV - (HpCISSs) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company)
DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
DRV - (adpahci) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.)
DRV - (e1express) Intel(R) -- C:\Windows\System32\drivers\e1e6032.sys (Intel Corporation)
DRV - (LSI_SAS) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic)
DRV - (ql2300) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation)
DRV - (E1G60) Intel(R) -- C:\Windows\System32\drivers\E1G60I32.sys (Intel Corporation)
DRV - (arcsas) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.)
DRV - (iaStorV) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation)
DRV - (vsmraid) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd)
DRV - (ulsata2) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.)
DRV - (LSI_SCSI) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic)
DRV - (LSI_FC) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic)
DRV - (arc) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.)
DRV - (elxstor) -- C:\Windows\system32\drivers\elxstor.sys (Emulex)
DRV - (adp94xx) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.)
DRV - (nvraid) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation)
DRV - (nvstor) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation)
DRV - (uliahci) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.)
DRV - (viaide) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.)
DRV - (cmdide) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.)
DRV - (aliide) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.)
DRV - (btwaudio) -- C:\Windows\System32\drivers\btwaudio.sys (Broadcom Corporation.)
DRV - (btwavdt) -- C:\Windows\System32\drivers\btwavdt.sys (Broadcom Corporation.)
DRV - (btwrchid) -- C:\Windows\System32\drivers\btwrchid.sys (Broadcom Corporation.)
DRV - (AVMUNET) -- C:\Windows\System32\drivers\avmunet.sys (AVM GmbH)
DRV - (ql40xx) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation)
DRV - (UlSata) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.)
DRV - (nfrd960) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation)
DRV - (iirsp) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH)
DRV - (aic78xx) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.)
DRV - (iteraid) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.)
DRV - (iteatapi) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.)
DRV - (Symc8xx) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic)
DRV - (Sym_u3) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic)
DRV - (Mraid35x) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation)
DRV - (Sym_hi) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic)
DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.)
DRV - (BrUsbSer) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.)
DRV - (BrFiltUp) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.)
DRV - (BrFiltLo) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.)
DRV - (BrSerWdm) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.)
DRV - (BrUsbMdm) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.)
DRV - (ntrigdigi) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies)
 
 
[color=#E56717]========== Standard Registry (SafeList) ==========[/color]
 
 
[color=#E56717]========== Internet Explorer ==========[/color]
 
IE - HKLM\..\URLSearchHook:  - Reg Error: Key error. File not found
IE - HKLM\..\URLSearchHook: {7b13ec3e-999a-4b70-b9cb-2617b8323822} - C:\Programme\Zynga\tbZyng.dll (Conduit Ltd.)
IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ)
IE - HKLM\..\URLSearchHook: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Programme\softonic-de3\tbsoft.dll (Conduit Ltd.)
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://start.icq.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook:  - Reg Error: Key error. File not found
IE - HKCU\..\URLSearchHook: {7b13ec3e-999a-4b70-b9cb-2617b8323822} - C:\Programme\Zynga\tbZyng.dll (Conduit Ltd.)
IE - HKCU\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ)
IE - HKCU\..\URLSearchHook: {9CB65206-89C4-402c-BA80-02D8C59F9B1D} - C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL File not found
IE - HKCU\..\URLSearchHook: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Programme\softonic-de3\tbsoft.dll (Conduit Ltd.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = fritz.box;192.168.178.1;*.local
 
[color=#E56717]========== FireFox ==========[/color]
 
FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "www.google.de"
FF - prefs.js..extensions.enabledItems: toolbar@ask.com:3.9.1.14019
FF - prefs.js..extensions.enabledItems: DTToolbar@toolbarnet.com:1.1.1.0014
FF - prefs.js..extensions.enabledItems: {DDC359D1-844A-42a7-9AA1-88A850A938A8}:1.1.7
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1
FF - prefs.js..extensions.enabledItems: {800b5000-a755-47e1-992b-48a1c1357f07}:2.0.0.4
FF - prefs.js..extensions.enabledItems: {872b5b88-9db5-4310-bdd0-ac189557e5f5}:2.7.2.0
FF - prefs.js..extensions.enabledItems: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065}:2.7.1.3
FF - prefs.js..keyword.URL: "http://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=2.0.0.4&q="
 
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.11\extensions\\Components: C:\Program Files\fgjf\components [2010.10.22 20:42:15 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.11\extensions\\Plugins: C:\Program Files\fgjf\plugins [2010.10.28 16:54:17 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Components: C:\Program Files\Mozilla Firefox\components
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
 
[2009.11.29 11:47:35 | 000,000,000 | ---D | M] -- C:\Users\Seyin\AppData\Roaming\mozilla\Extensions
[2010.10.28 23:47:24 | 000,000,000 | ---D | M] -- C:\Users\Seyin\AppData\Roaming\mozilla\Firefox\Profiles\60bghxrq.default\extensions
[2009.12.01 17:51:32 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Seyin\AppData\Roaming\mozilla\Firefox\Profiles\60bghxrq.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010.06.06 18:24:00 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Seyin\AppData\Roaming\mozilla\Firefox\Profiles\60bghxrq.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2010.08.28 14:46:03 | 000,000,000 | ---D | M] (DVDVideoSoftTB Toolbar) -- C:\Users\Seyin\AppData\Roaming\mozilla\Firefox\Profiles\60bghxrq.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}
[2010.06.03 16:25:49 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Seyin\AppData\Roaming\mozilla\Firefox\Profiles\60bghxrq.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2010.10.28 22:35:46 | 000,000,000 | ---D | M] (softonic-de3 Toolbar) -- C:\Users\Seyin\AppData\Roaming\mozilla\Firefox\Profiles\60bghxrq.default\extensions\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}
[2009.11.29 11:50:56 | 000,000,000 | ---D | M] (DownThemAll!) -- C:\Users\Seyin\AppData\Roaming\mozilla\Firefox\Profiles\60bghxrq.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}
[2009.12.12 20:50:35 | 000,000,000 | ---D | M] -- C:\Users\Seyin\AppData\Roaming\mozilla\Firefox\Profiles\60bghxrq.default\extensions\DTToolbar@toolbarnet.com
[2010.10.16 14:05:31 | 000,000,000 | ---D | M] -- C:\Users\Seyin\AppData\Roaming\mozilla\Firefox\Profiles\60bghxrq.default\extensions\toolbar@ask.com
[2010.10.26 08:05:52 | 000,000,950 | ---- | M] () -- C:\Users\Seyin\AppData\Roaming\Mozilla\FireFox\Profiles\60bghxrq.default\searchplugins\icqplugin-1.xml
[2010.09.27 14:33:18 | 000,000,950 | ---- | M] () -- C:\Users\Seyin\AppData\Roaming\Mozilla\FireFox\Profiles\60bghxrq.default\searchplugins\icqplugin-2.xml
[2010.10.16 14:33:12 | 000,000,950 | ---- | M] () -- C:\Users\Seyin\AppData\Roaming\Mozilla\FireFox\Profiles\60bghxrq.default\searchplugins\icqplugin-3.xml
[2010.10.23 17:15:22 | 000,000,950 | ---- | M] () -- C:\Users\Seyin\AppData\Roaming\Mozilla\FireFox\Profiles\60bghxrq.default\searchplugins\icqplugin-4.xml
[2010.07.25 18:55:57 | 000,001,056 | ---- | M] () -- C:\Users\Seyin\AppData\Roaming\Mozilla\FireFox\Profiles\60bghxrq.default\searchplugins\icqplugin.xml
 
O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2 - BHO: (vShare Plugin) - {043C5167-00BB-4324-AF7E-62013FAEDACF} - C:\Programme\vShare\vshare_toolbar.dll ()
O2 - BHO: (Zynga Toolbar) - {7b13ec3e-999a-4b70-b9cb-2617b8323822} - C:\Programme\Zynga\tbZyng.dll (Conduit Ltd.)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll (Google Inc.)
O2 - BHO: (softonic-de3 Toolbar) - {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Programme\softonic-de3\tbsoft.dll (Conduit Ltd.)
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (vShare Plugin) - {043C5167-00BB-4324-AF7E-62013FAEDACF} - C:\Programme\vShare\vshare_toolbar.dll ()
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Programme\DAEMON Tools Toolbar\DTToolbar.dll ()
O3 - HKLM\..\Toolbar: (Zynga Toolbar) - {7b13ec3e-999a-4b70-b9cb-2617b8323822} - C:\Programme\Zynga\tbZyng.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ)
O3 - HKLM\..\Toolbar: (softonic-de3 Toolbar) - {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Programme\softonic-de3\tbsoft.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKCU\..\Toolbar\WebBrowser: (vShare Plugin) - {043C5167-00BB-4324-AF7E-62013FAEDACF} - C:\Programme\vShare\vshare_toolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Programme\DAEMON Tools Toolbar\DTToolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (Zynga Toolbar) - {7B13EC3E-999A-4B70-B9CB-2617B8323822} - C:\Programme\Zynga\tbZyng.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (softonic-de3 Toolbar) - {CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065} - C:\Programme\softonic-de3\tbsoft.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)
O4 - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AppleSyncNotifier] C:\Programme\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe (Apple Inc.)
O4 - HKLM..\Run: [ATICustomerCare] C:\Program Files\ATI\ATICustomerCare\ATICustomerCare.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [AVMWlanClient] C:\Programme\avmwlanstick\WLanGUI.exe (AVM Berlin)
O4 - HKLM..\Run: [Bluetooth HCI Monitor] C:\Windows\System32\HCIMNTR.DLL (Logitech Inc.)
O4 - HKLM..\Run: [Google Desktop Search] C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (Google)
O4 - HKLM..\Run: [NeroFilterCheck] C:\Programme\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [POEngine] C:\Program Files\PokerOffice\POEngine.exe ()
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SwitchBoard] C:\Programme\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [{BA2697AF-C676-D5EF-ACFE-AAD024CD9666}] C:\Users\Seyin\AppData\Local\Temp\poker.exe ()
O4 - HKCU..\Run: [AdobeBridge]  File not found
O4 - HKCU..\Run: [SpywareTerminatorUpdate] C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe (Crawler.com)
O4 - HKCU..\Run: [Steam] C:\Program Files\Steam\Steam.exe (Valve Corporation)
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Free YouTube Download - C:\Users\Seyin\AppData\Roaming\DVDVideoSoftIEHelpers\youtubedownload.htm ()
O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Seyin\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm ()
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll (Google Inc.)
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - C:\Programme\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Programme\PokerStars\PokerStarsUpdate.exe (PokerStars)
O9 - Extra Button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Programme\ICQ7.2\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Programme\ICQ7.2\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: PartyCasino - {B4B52284-A248-4c51-9F7C-F0A0C67FCC9D} - C:\Programs\PartyGaming\PartyCasino\RunApp.exe File not found
O9 - Extra 'Tools' menuitem : PartyCasino - {B4B52284-A248-4c51-9F7C-F0A0C67FCC9D} - C:\Programs\PartyGaming\PartyCasino\RunApp.exe File not found
O9 - Extra Button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programs\PartyGaming\PartyPoker\RunApp.exe File not found
O9 - Extra 'Tools' menuitem : PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programs\PartyGaming\PartyPoker\RunApp.exe File not found
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: everestcasino.com ([account] https in Trusted sites)
O15 - HKCU\..Trusted Domains: fritz.box ([]* in Local intranet)
O15 - HKCU\..Trusted Domains: localhost ([]http in Local intranet)
O15 - HKCU\..Trusted Domains: targobank.de ([www] https in Trusted sites)
O15 - HKCU\..Trusted Ranges: GD ([http] in Local intranet)
O15 - HKCU\..Trusted Ranges: Range1 (•  in Local intranet)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-0015-0000-0001-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_01-windows-i586.cab (Java Plug-in 1.5.0_01)
O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 192.168.0.1
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Common Files\microsoft shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Common Files\microsoft shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\vsharechrome {3F3A4B8A-86FC-43A4-BB00-6D7EBE9D4484} - C:\Programme\vShare\vshare_toolbar.dll ()
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL) - C:\Programme\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{27eee677-e74c-11de-9a5d-001e4ce65f72}\Shell - "" = AutoRun
O33 - MountPoints2\{27eee677-e74c-11de-9a5d-001e4ce65f72}\Shell\AutoRun\command - "" = E:\Setup.exe -- File not found
O33 - MountPoints2\{44f02b6a-64e3-11df-a00e-001e4ce65f72}\Shell\AutoRun\command - "" = F:\Driver\USB_Flash\Driver.exe -- File not found
O33 - MountPoints2\{44f02b6a-64e3-11df-a00e-001e4ce65f72}\Shell\open\command - "" = F:\Driver\USB_Flash\Driver.exe -- File not found
O33 - MountPoints2\{792a5bdf-ddd1-11de-9115-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{792a5bdf-ddd1-11de-9115-806e6f6e6963}\Shell\AutoRun\command - "" = J:\preinst.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O34 - HKLM BootExecute: (C:\PROGRA~2\SPYWAR~1\sp_rsdel.exe "\??\C:\PROGRA~2\SPYWAR~1\sp_rsdel.dat,) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]
 
[2010.10.29 00:38:13 | 000,000,000 | ---D | C] -- C:\Users\Seyin\Desktop\Logdateien
[2010.10.29 00:34:05 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Users\Seyin\Desktop\OTL.exe
[2010.10.29 00:30:04 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Users\Seyin\Desktop\HiJackThis204.exe
[2010.10.28 22:37:50 | 000,000,000 | ---D | C] -- C:\Users\Seyin\AppData\Roaming\Spyware Terminator
[2010.10.28 22:37:49 | 000,000,000 | ---D | C] -- C:\Programme\Spyware Terminator
[2010.10.28 22:37:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Spyware Terminator
[2010.10.28 22:35:47 | 000,000,000 | ---D | C] -- C:\Programme\softonic-de3
[2010.10.28 22:29:26 | 000,000,000 | ---D | C] -- C:\Users\Seyin\AppData\Roaming\Avira
[2010.10.28 22:28:08 | 000,124,784 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys
[2010.10.28 22:28:08 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\ssmdrv.sys
[2010.10.28 22:28:07 | 000,060,936 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys
[2010.10.28 22:28:07 | 000,051,992 | ---- | C] (AVIRA GmbH) -- C:\Windows\System32\drivers\avgntdd.sys
[2010.10.28 22:28:07 | 000,017,016 | ---- | C] (AVIRA GmbH) -- C:\Windows\System32\drivers\avgntmgr.sys
[2010.10.28 22:28:02 | 000,000,000 | ---D | C] -- C:\Programme\Avira
[2010.10.28 22:28:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2010.10.28 17:25:52 | 000,000,000 | ---D | C] -- C:\Users\Seyin\Desktop\Partyfriend.net
[2010.10.28 13:22:28 | 000,000,000 | ---D | C] -- C:\Programme\PokerOffice
[2010.10.27 07:32:15 | 004,240,384 | ---- | C] (Microsoft) -- C:\Windows\System32\GameUXLegacyGDFs.dll
[2010.10.27 07:32:15 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Apphlpdm.dll
[2010.10.26 16:27:45 | 000,000,000 | ---D | C] -- C:\Users\Seyin\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2010.10.23 19:13:31 | 000,000,000 | ---D | C] -- C:\Windows\3F5C371F8EA24F259D3DD0B4526E3AEA.TMP
[2010.10.16 19:52:15 | 000,000,000 | ---D | C] -- C:\ProgramData\ATI
[2010.10.16 19:31:50 | 000,000,000 | ---D | C] -- C:\Users\Seyin\AppData\Local\2K Games
[2010.10.16 19:28:02 | 000,000,000 | ---D | C] -- C:\Programme\NVIDIA Corporation
[2010.10.16 19:01:49 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\Wise Installation Wizard
[2010.10.16 18:49:16 | 000,000,000 | ---D | C] -- C:\Programme\2K Games
[2010.10.14 08:33:26 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msshsq.dll
[2010.10.13 19:03:41 | 008,147,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmploc.DLL
[2010.10.13 19:03:16 | 000,017,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netevent.dll
[2010.10.13 19:03:04 | 000,157,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\t2embed.dll
[2010.10.13 19:03:02 | 000,954,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc40.dll
[2010.10.13 19:03:02 | 000,954,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc40u.dll
[2010.10.13 19:02:56 | 002,037,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2010.10.13 19:02:54 | 000,866,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmpmde.dll
[2010.10.09 02:27:40 | 000,000,000 | ---D | C] -- C:\Windows\Sun
[2010.10.09 01:54:33 | 000,000,000 | -H-D | C] -- C:\Users\Seyin\Desktop\Recall
[2010.10.06 19:12:06 | 000,000,000 | ---D | C] -- C:\ProgramData\regid.1986-12.com.adobe
[2010.10.06 18:57:40 | 000,000,000 | ---D | C] -- C:\Programme\Adobe Media Player
[2010.09.29 12:20:24 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2010.09.29 01:58:26 | 000,000,000 | ---D | C] -- C:\Users\Seyin\AppData\Local\SKIDROW
[2009.12.12 20:13:52 | 007,397,856 | ---- | C] (DT Soft Ltd.) -- C:\Users\Seyin\AppData\Roaming\DTPro4100218Advanced.exe
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]
 
[2010.10.29 00:35:11 | 000,294,912 | ---- | M] () -- C:\Users\Seyin\Desktop\hq0zcs3x.exe
[2010.10.29 00:34:06 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Seyin\Desktop\OTL.exe
[2010.10.29 00:30:07 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Users\Seyin\Desktop\HiJackThis204.exe
[2010.10.29 00:07:00 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010.10.28 23:39:45 | 000,001,092 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010.10.28 23:39:40 | 000,003,712 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010.10.28 23:39:40 | 000,003,712 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010.10.28 23:39:36 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010.10.28 23:39:33 | 3219,050,496 | -HS- | M] () -- C:\hiberfil.sys
[2010.10.28 23:33:05 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2010.10.28 22:38:05 | 000,000,919 | ---- | M] () -- C:\Users\Public\Desktop\Spyware Terminator.lnk
[2010.10.28 22:37:50 | 000,142,592 | ---- | M] () -- C:\Windows\System32\drivers\sp_rsdrv2.sys
[2010.10.28 22:31:02 | 000,000,306 | RHS- | M] () -- C:\ProgramData\ntuser.pol
[2010.10.28 22:28:18 | 000,001,847 | ---- | M] () -- C:\Users\Public\Desktop\Avira AntiVir Control Center.lnk
[2010.10.28 16:39:32 | 000,001,887 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2010.10.28 13:22:49 | 000,001,782 | ---- | M] () -- C:\Users\Seyin\Desktop\PokerOffice.lnk
[2010.10.27 19:29:33 | 001,190,401 | ---- | M] () -- C:\Users\Seyin\Desktop\FOM_Accounting_Steuern_WS_2010_2011.pdf
[2010.10.27 19:29:27 | 000,077,241 | ---- | M] () -- C:\Users\Seyin\Desktop\FOM_Fragenkatalog_WS_2010_2011_accounting_Steuern.pdf
[2010.10.27 19:29:23 | 000,056,858 | ---- | M] () -- C:\Users\Seyin\Desktop\FOM_Fragenkatalog_WS_2010_2011_accounting_Bilanzanalyse.pdf
[2010.10.27 19:29:20 | 000,394,478 | ---- | M] () -- C:\Users\Seyin\Desktop\FOM_Accounting__Bilanzanalyse_WS_2010_2011.pdf
[2010.10.27 19:29:13 | 000,556,863 | ---- | M] () -- C:\Users\Seyin\Desktop\FOM_Accounting__Bilanzierung_WS_2010_2011.pdf
[2010.10.27 19:29:10 | 000,062,796 | ---- | M] () -- C:\Users\Seyin\Desktop\FOM_Fragenkatalog_WS_2010_2011_accounting_Bilanzen.pdf
[2010.10.27 19:29:04 | 000,036,880 | ---- | M] () -- C:\Users\Seyin\Desktop\FOM_Fragenkatalog_WS_2010_2011_accounting_Grundlagen.pdf
[2010.10.27 19:29:01 | 000,139,901 | ---- | M] () -- C:\Users\Seyin\Desktop\FOM_Accounting_Grundlagen_WS_2010_2011.pdf
[2010.10.27 19:28:44 | 002,464,720 | ---- | M] () -- C:\Users\Seyin\Desktop\Teil_3_WS_2010.pdf
[2010.10.27 19:28:38 | 001,127,508 | ---- | M] () -- C:\Users\Seyin\Desktop\Teil_2_WS_2010.pdf
[2010.10.27 19:28:28 | 001,742,917 | ---- | M] () -- C:\Users\Seyin\Desktop\Teil_1_WS_2010.pdf
[2010.10.26 18:32:02 | 000,011,776 | ---- | M] () -- C:\Users\Seyin\Desktop\Microsoft Excel-Arbeitsblatt (neu).xls
[2010.10.26 16:42:43 | 000,031,232 | ---- | M] () -- C:\Users\Seyin\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.10.26 16:07:55 | 000,069,632 | ---- | M] () -- C:\Users\Seyin\Documents\Library.indl
[2010.10.26 16:07:13 | 000,061,440 | ---- | M] () -- C:\Users\Seyin\Documents\Book 1.indb
[2010.10.25 16:16:18 | 000,049,664 | ---- | M] () -- C:\Users\Seyin\Desktop\Bericht Yilmaz.doc
[2010.10.25 12:53:57 | 000,000,069 | ---- | M] () -- C:\Windows\NeroDigital.ini
[2010.10.23 15:54:04 | 000,024,064 | -H-- | M] () -- C:\Users\Seyin\Desktop\Sometimes i feel weak if you not smilin hearty to me.doc
[2010.10.19 11:41:44 | 000,222,080 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe
[2010.10.16 19:46:38 | 000,001,933 | ---- | M] () -- C:\Users\Public\Desktop\Play The Lord of the Rings Online™ - FREE for 10 Days!.lnk
[2010.10.16 18:59:41 | 000,001,878 | ---- | M] () -- C:\Users\Public\Desktop\Mafia II.lnk
[2010.10.14 08:53:12 | 003,673,416 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010.10.09 15:54:01 | 000,000,414 | ---- | M] () -- C:\Users\Seyin\AppData\Roaming\burnaware.ini
[2010.10.07 15:17:44 | 522,295,925 | ---- | M] () -- C:\Users\Seyin\Desktop\psp_diamond_kitty-sd169_www.Lisa.to.wmv
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
[color=#E56717]========== Files Created - No Company Name ==========[/color]
 
[2010.10.29 00:35:10 | 000,294,912 | ---- | C] () -- C:\Users\Seyin\Desktop\hq0zcs3x.exe
[2010.10.28 23:39:33 | 3219,050,496 | -HS- | C] () -- C:\hiberfil.sys
[2010.10.28 22:38:05 | 000,000,919 | ---- | C] () -- C:\Users\Public\Desktop\Spyware Terminator.lnk
[2010.10.28 22:37:50 | 000,142,592 | ---- | C] () -- C:\Windows\System32\drivers\sp_rsdrv2.sys
[2010.10.28 22:31:02 | 000,000,306 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2010.10.28 22:28:18 | 000,001,847 | ---- | C] () -- C:\Users\Public\Desktop\Avira AntiVir Control Center.lnk
[2010.10.28 16:39:32 | 000,001,887 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2010.10.28 13:22:49 | 000,001,782 | ---- | C] () -- C:\Users\Seyin\Desktop\PokerOffice.lnk
[2010.10.27 19:29:32 | 001,190,401 | ---- | C] () -- C:\Users\Seyin\Desktop\FOM_Accounting_Steuern_WS_2010_2011.pdf
[2010.10.27 19:29:27 | 000,077,241 | ---- | C] () -- C:\Users\Seyin\Desktop\FOM_Fragenkatalog_WS_2010_2011_accounting_Steuern.pdf
[2010.10.27 19:29:23 | 000,056,858 | ---- | C] () -- C:\Users\Seyin\Desktop\FOM_Fragenkatalog_WS_2010_2011_accounting_Bilanzanalyse.pdf
[2010.10.27 19:29:20 | 000,394,478 | ---- | C] () -- C:\Users\Seyin\Desktop\FOM_Accounting__Bilanzanalyse_WS_2010_2011.pdf
[2010.10.27 19:29:12 | 000,556,863 | ---- | C] () -- C:\Users\Seyin\Desktop\FOM_Accounting__Bilanzierung_WS_2010_2011.pdf
[2010.10.27 19:29:09 | 000,062,796 | ---- | C] () -- C:\Users\Seyin\Desktop\FOM_Fragenkatalog_WS_2010_2011_accounting_Bilanzen.pdf
[2010.10.27 19:29:04 | 000,036,880 | ---- | C] () -- C:\Users\Seyin\Desktop\FOM_Fragenkatalog_WS_2010_2011_accounting_Grundlagen.pdf
[2010.10.27 19:29:00 | 000,139,901 | ---- | C] () -- C:\Users\Seyin\Desktop\FOM_Accounting_Grundlagen_WS_2010_2011.pdf
[2010.10.27 19:28:41 | 002,464,720 | ---- | C] () -- C:\Users\Seyin\Desktop\Teil_3_WS_2010.pdf
[2010.10.27 19:28:37 | 001,127,508 | ---- | C] () -- C:\Users\Seyin\Desktop\Teil_2_WS_2010.pdf
[2010.10.27 19:28:24 | 001,742,917 | ---- | C] () -- C:\Users\Seyin\Desktop\Teil_1_WS_2010.pdf
[2010.10.26 18:32:02 | 000,011,776 | ---- | C] () -- C:\Users\Seyin\Desktop\Microsoft Excel-Arbeitsblatt (neu).xls
[2010.10.26 16:40:56 | 522,295,925 | ---- | C] () -- C:\Users\Seyin\Desktop\psp_diamond_kitty-sd169_www.Lisa.to.wmv
[2010.10.26 16:07:28 | 000,069,632 | ---- | C] () -- C:\Users\Seyin\Documents\Library.indl
[2010.10.26 16:07:13 | 000,061,440 | ---- | C] () -- C:\Users\Seyin\Documents\Book 1.indb
[2010.10.25 16:16:18 | 000,049,664 | ---- | C] () -- C:\Users\Seyin\Desktop\Bericht Yilmaz.doc
[2010.10.23 17:13:14 | 000,015,872 | -H-- | C] () -- C:\Users\Seyin\Desktop\Playlist - Kopie.xls
[2010.10.23 17:12:56 | 000,025,088 | -H-- | C] () -- C:\Users\Seyin\Desktop\Microsoft Word-Dokument (neu) (2) - Kopie.doc
[2010.10.23 15:45:31 | 000,024,064 | -H-- | C] () -- C:\Users\Seyin\Desktop\Sometimes i feel weak if you not smilin hearty to me.doc
[2010.10.16 19:46:38 | 000,001,933 | ---- | C] () -- C:\Users\Public\Desktop\Play The Lord of the Rings Online™ - FREE for 10 Days!.lnk
[2010.10.16 18:59:41 | 000,001,878 | ---- | C] () -- C:\Users\Public\Desktop\Mafia II.lnk
[2010.10.01 09:04:57 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2010.09.27 12:09:42 | 000,000,141 | ---- | C] () -- C:\Users\Seyin\AppData\Roaming\hgksfg.bat
[2010.08.29 23:47:04 | 000,000,600 | ---- | C] () -- C:\Users\Seyin\AppData\Roaming\winscp.rnd
[2010.08.26 03:19:36 | 000,023,040 | ---- | C] () -- C:\Windows\System32\atitmpxx.dll
[2010.05.22 01:37:12 | 000,000,000 | -H-- | C] () -- C:\Users\Seyin\AppData\Roaming\.6A7EF57C4E6B54B1.sys
[2010.03.28 19:43:58 | 000,278,728 | ---- | C] () -- C:\Windows\System32\drivers\atksgt.sys
[2010.03.28 19:43:58 | 000,025,416 | ---- | C] () -- C:\Windows\System32\drivers\lirsgt.sys
[2010.02.20 01:04:06 | 000,151,552 | ---- | C] () -- C:\Windows\System32\FDlg.dll
[2010.01.21 00:32:52 | 000,000,061 | ---- | C] () -- C:\Windows\SBWIN.INI
[2010.01.20 00:21:05 | 000,163,840 | ---- | C] () -- C:\Windows\System32\ArtFfct.dll
[2009.12.26 02:44:29 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI
[2009.12.12 20:39:39 | 000,009,728 | ---- | C] () -- C:\Windows\System32\BASSMOD.dll
[2009.12.12 20:03:13 | 000,721,904 | ---- | C] () -- C:\Windows\System32\drivers\sptd.sys
[2009.11.29 18:16:28 | 000,031,232 | ---- | C] () -- C:\Users\Seyin\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009.11.29 17:36:51 | 000,000,414 | ---- | C] () -- C:\Users\Seyin\AppData\Roaming\burnaware.ini
[2009.11.29 01:43:58 | 000,000,680 | ---- | C] () -- C:\Users\Seyin\AppData\Local\d3d9caps.dat
[2009.11.06 10:58:04 | 000,178,975 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat
[2007.02.22 17:17:50 | 000,000,071 | ---- | C] () -- C:\Windows\pn.ini
[2007.02.22 17:17:50 | 000,000,051 | ---- | C] () -- C:\Windows\pr.ini
[2007.02.13 12:14:18 | 000,389,120 | ---- | C] () -- C:\Windows\System32\btwhidcs.dll
[2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2004.02.26 20:03:58 | 000,320,000 | ---- | C] () -- C:\Windows\System32\Reg.dll
[2003.02.20 21:53:42 | 000,005,702 | ---- | C] () -- C:\Windows\System32\OUTLPERF.INI
[2001.11.14 13:56:00 | 001,802,240 | ---- | C] () -- C:\Windows\System32\lcppn21.dll
 
[color=#E56717]========== LOP Check ==========[/color]
 
[2010.09.27 16:05:41 | 000,000,000 | ---D | M] -- C:\Users\Seyin\AppData\Roaming\ADE89DF515C5140284D2D02C71B66E18
[2010.01.20 01:06:35 | 000,000,000 | ---D | M] -- C:\Users\Seyin\AppData\Roaming\Antares
[2010.10.26 16:27:45 | 000,000,000 | ---D | M] -- C:\Users\Seyin\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2009.12.12 20:51:26 | 000,000,000 | ---D | M] -- C:\Users\Seyin\AppData\Roaming\DAEMON Tools
[2009.12.12 20:52:29 | 000,000,000 | ---D | M] -- C:\Users\Seyin\AppData\Roaming\DAEMON Tools Lite
[2009.12.12 20:51:26 | 000,000,000 | ---D | M] -- C:\Users\Seyin\AppData\Roaming\DAEMON Tools Pro
[2010.08.28 12:49:54 | 000,000,000 | ---D | M] -- C:\Users\Seyin\AppData\Roaming\DVDVideoSoftIEHelpers
[2010.10.19 07:49:06 | 000,000,000 | ---D | M] -- C:\Users\Seyin\AppData\Roaming\ICQ
[2010.09.25 03:30:33 | 000,000,000 | ---D | M] -- C:\Users\Seyin\AppData\Roaming\Mp3tag
[2010.01.20 01:27:39 | 000,000,000 | ---D | M] -- C:\Users\Seyin\AppData\Roaming\Sony
[2010.10.28 23:35:39 | 000,000,000 | ---D | M] -- C:\Users\Seyin\AppData\Roaming\Spyware Terminator
[2010.01.20 01:07:05 | 000,000,000 | ---D | M] -- C:\Users\Seyin\AppData\Roaming\Steinberg
[2010.07.31 12:16:42 | 000,000,000 | ---D | M] -- C:\Users\Seyin\AppData\Roaming\The Creative Assembly
[2010.05.21 22:53:50 | 000,000,000 | ---D | M] -- C:\Users\Seyin\AppData\Roaming\Waves Audio
[2010.10.28 23:33:05 | 000,032,554 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
[color=#E56717]========== Purity Check ==========[/color]
 
 

< End of report >
 

.

Log-File von OTL-Extras:

Code

 OTL Extras logfile created on: 29.10.2010 00:39:26 - Run 1
OTL by OldTimer - Version 3.2.17.1     Folder = C:\Users\Seyin\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18943)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 63,00% Memory free
6,00 Gb Paging File | 5,00 Gb Available in Paging File | 84,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 698,63 Gb Total Space | 189,39 Gb Free Space | 27,11% Space Free | Partition Type: NTFS
 
Computer Name: SEYIN1 | User Name: Seyin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
[color=#E56717]========== Extra Registry (SafeList) ==========[/color]
 
 
[color=#E56717]========== File Associations ==========[/color]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\fgjf\firefox.exe (Mozilla Corporation)
 
[color=#E56717]========== Shell Spawning ==========[/color]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Bridge] -- C:\Program Files\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[color=#E56717]========== Security Center Settings ==========[/color]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"oobe_av" = 1
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[color=#E56717]========== Firewall Settings ==========[/color]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[color=#E56717]========== Authorized Applications List ==========[/color]
 
 
[color=#E56717]========== Vista Active Open Ports Exception List ==========[/color]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{049D0224-FB79-46F5-956E-04200CE1ECC9}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{10CD4ED0-D71A-48EF-933C-A20D924276FF}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{190C270A-E4B6-4B52-986D-FDBF1061394B}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{20A8BEA1-E833-49CB-9AEB-4BD5EE90012B}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{28EB7B6E-CE94-49D9-8F3D-855CE941D6C6}" = rport=445 | protocol=6 | dir=out | app=system | 
"{295A8717-6DA5-4A6D-B7B5-26DDDE464176}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{4AD8A27D-8383-4D8B-BE11-93AB626404C3}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{56C7601B-48CD-486A-A670-4B758FB13728}" = lport=139 | protocol=6 | dir=in | app=system | 
"{626A4C1D-92D2-4EA6-96D2-001DEA78B5FE}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{7287251C-129C-4B20-BABE-1835D1185D4E}" = rport=138 | protocol=17 | dir=out | app=system | 
"{7A785268-8D5F-4CB1-B41B-12355378927B}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{AA0EA952-A87A-4086-AA60-4FF23A13E48E}" = rport=139 | protocol=6 | dir=out | app=system | 
"{BF704055-8830-4A9C-83BC-6B81833B522A}" = lport=138 | protocol=17 | dir=in | app=system | 
"{CDDD7305-093A-49B4-9A01-C02ACE21026E}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{D504BC93-1184-4E74-8FEE-8D2E12719601}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{E92223E7-A190-45EB-B6CC-966D38C644A3}" = rport=137 | protocol=17 | dir=out | app=system | 
"{F98D378E-30A7-4197-A237-20499E814B2F}" = lport=137 | protocol=17 | dir=in | app=system | 
"{FF76C7AF-7785-4879-909B-34E4976FBF72}" = lport=445 | protocol=6 | dir=in | app=system | 
 
[color=#E56717]========== Vista Active Application Exception List ==========[/color]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0002F68F-D452-4AB5-99CB-F231FC5C5E29}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{06B80D96-462C-4E19-A644-26CA868E7D44}" = protocol=6 | dir=in | app=c:\program files\ubisoft\die siedler - aufstieg eines königreichs\base\bin\settlers6.exe | 
"{18DA52D3-2340-4818-A87A-13FF02C79C26}" = protocol=6 | dir=in | app=c:\program files\icq7.2\icq.exe | 
"{1C9FF8B5-0775-404B-AF14-5EBC43114E4A}" = protocol=17 | dir=in | app=c:\program files\ubisoft\die siedler - aufstieg eines königreichs\base\bin\settlers6.exe | 
"{22FEB06B-E4F3-4033-8E6B-0C88BECE7074}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{278B0ED9-8227-4506-8C55-6DA59D61920C}" = protocol=6 | dir=in | app=c:\program files\icq7.2\aolload.exe | 
"{436BE56A-482F-44A7-961F-7785F5D52B59}" = protocol=6 | dir=in | app=c:\program files\icq7.2\aolload.exe | 
"{476F24BF-99DE-404E-ADEA-C49B961B9D4F}" = protocol=6 | dir=in | app=c:\program files\codemasters\f1 2010\f1_2010_game.exe | 
"{4AA9CAA9-7977-4928-B1F4-2B7DF8CFA38A}" = protocol=6 | dir=in | app=c:\program files\icq7.2\icq.exe | 
"{51791D21-BFF9-4314-A03D-463BD67C287D}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{58887CBC-32F2-483D-AC46-93601BBC46F4}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{6B7BA57E-6911-4134-A262-7DB2A9916BE2}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe | 
"{738CEF7B-D5C7-477D-B314-3EB695DA3808}" = protocol=17 | dir=in | app=c:\program files\codemasters\f1 2010\f1_2010_game.exe | 
"{804E7371-D0F7-48A9-AA1A-C0382F6A494D}" = protocol=6 | dir=in | app=c:\program files\firaxis games\sid meier's civilization 4\civilization4.exe | 
"{82F4FC99-6487-487E-BEF1-7EB097848968}" = protocol=17 | dir=in | app=c:\program files\icq7.2\icq.exe | 
"{956A9043-D70B-45DF-81E7-AC6ED62A7425}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe | 
"{9B5A509E-A7CB-45B8-A685-5F3C6FEC5A1E}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\mafia ii - public demo\launcher.exe | 
"{A0301225-39A6-4C93-A02E-65317F01B7AC}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{A892F00C-D3D8-4D5A-8E65-51B303AF8D28}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\mafia ii - public demo\launcher.exe | 
"{B6125FE8-93DA-462B-AD3A-483E33259EF0}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{B8B1CC27-5AA6-4FE0-8153-9F3832D8D5D6}" = protocol=17 | dir=in | app=c:\program files\icq7.2\aolload.exe | 
"{C078C8A0-8967-4580-9220-9C8D9C206892}" = protocol=17 | dir=in | app=c:\program files\firaxis games\sid meier's civilization 4\civilization4.exe | 
"{C42DCE61-5BD3-4219-A614-1000BDCA045A}" = protocol=17 | dir=in | app=c:\program files\icq7.2\icq.exe | 
"{CE77E168-5B8D-4920-9BD4-E0111AE2925C}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{D80557E0-E8EF-41E7-9F51-5F695140D0ED}" = protocol=17 | dir=in | app=c:\program files\icq7.2\aolload.exe | 
"{E1BFBDF7-8B9B-4FDB-BE99-99499150CCDB}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe | 
"{EADC2C3B-FA7F-4000-8A25-D0E6061EA854}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{ED54FAE9-FAF5-4249-8AE0-1B1ECA95904D}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe | 
"{F1EFFC63-7295-42AA-AE27-71056F4CAFBA}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"TCP Query User{197CAB08-E53F-4C61-BDB5-860564A7C4E9}C:\program files\icq7.2\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq7.2\icq.exe | 
"TCP Query User{282929E6-B2AF-4C74-A809-4FAA36F4CF88}C:\program files\electronic arts\eadm\core.exe" = protocol=6 | dir=in | app=c:\program files\electronic arts\eadm\core.exe | 
"TCP Query User{32148AE0-727F-455E-81C0-DBDC810F02E8}C:\program files\electronic arts\eadm\core.exe" = protocol=6 | dir=in | app=c:\program files\electronic arts\eadm\core.exe | 
"TCP Query User{4071F7BD-03AB-4E5E-A7EF-5D8C6F3EA16A}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | 
"TCP Query User{B4578496-A11D-455F-A73A-F9A3CB0A2A71}C:\windows\explorer.exe" = protocol=6 | dir=in | app=c:\windows\explorer.exe | 
"TCP Query User{BAAAEFDF-CA10-4083-B241-2A7109614900}C:\program files\spyware terminator\spywareterminatorupdate.exe" = protocol=6 | dir=in | app=c:\program files\spyware terminator\spywareterminatorupdate.exe | 
"TCP Query User{C25ED42D-4F2F-4F7C-8CE1-089ED5B5C82D}C:\windows\explorer.exe" = protocol=6 | dir=in | app=c:\windows\explorer.exe | 
"TCP Query User{CA915C40-7A33-4C82-AF63-B5DEF7000F4C}C:\downloads\hfs.exe" = protocol=6 | dir=in | app=c:\downloads\hfs.exe | 
"TCP Query User{D156ECC2-EBF6-4B76-ACAA-15A6891C2702}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | 
"TCP Query User{D3C1EED8-5F07-45E4-804D-148FAA2FCA06}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe | 
"TCP Query User{D71965A6-B955-4225-91F0-851C90423C92}C:\program files\spyware terminator\spywareterminatorupdate.exe" = protocol=6 | dir=in | app=c:\program files\spyware terminator\spywareterminatorupdate.exe | 
"UDP Query User{1BEB8623-DDEE-4C72-B806-934AA078B398}C:\program files\icq7.2\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq7.2\icq.exe | 
"UDP Query User{57C7B98C-10A5-4AE0-AB0C-29183C7BA2E9}C:\downloads\hfs.exe" = protocol=17 | dir=in | app=c:\downloads\hfs.exe | 
"UDP Query User{5E6F08CB-E4C3-4A3C-BC68-B2AD6D854976}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | 
"UDP Query User{692D94DD-E21E-433F-B423-49EAD7289911}C:\program files\spyware terminator\spywareterminatorupdate.exe" = protocol=17 | dir=in | app=c:\program files\spyware terminator\spywareterminatorupdate.exe | 
"UDP Query User{8AE5978A-1710-4D2A-A1BD-C2EB6DBD2496}C:\windows\explorer.exe" = protocol=17 | dir=in | app=c:\windows\explorer.exe | 
"UDP Query User{92893FE8-0370-4C62-A838-6CFE370DD37F}C:\program files\spyware terminator\spywareterminatorupdate.exe" = protocol=17 | dir=in | app=c:\program files\spyware terminator\spywareterminatorupdate.exe | 
"UDP Query User{9C81C47F-3DDC-4D40-B60A-119A8B3DCF9E}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | 
"UDP Query User{AEABE6B9-4670-4CE3-BB9C-CD49CEB4B82E}C:\windows\explorer.exe" = protocol=17 | dir=in | app=c:\windows\explorer.exe | 
"UDP Query User{D3CA57DE-EBE8-4D0D-A17B-70692D32070A}C:\program files\electronic arts\eadm\core.exe" = protocol=17 | dir=in | app=c:\program files\electronic arts\eadm\core.exe | 
"UDP Query User{E1E9BCC4-8D89-40DE-9B93-4A9566517BB5}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe | 
"UDP Query User{E6DD273C-A9FA-4EDF-B210-07800BAC711F}C:\program files\electronic arts\eadm\core.exe" = protocol=17 | dir=in | app=c:\program files\electronic arts\eadm\core.exe | 
 
[color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00C5F4F4-62F9-40D7-8000-AD8A9CD0C669}" = Microsoft Games for Windows - LIVE Redistributable
"{01339AE5-04D4-43F8-008E-13AD788DC4F7}" = SimCity 4
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{03D1988F-469F-4843-8E6E-E5FE9D17889D}" = WIDCOMM Bluetooth Software 6.0.1.4300
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0CB9668D-F979-4F31-B8B8-67FE90F929F8}" = Bonjour
"{0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}" = Adobe Community Help
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{11083C7A-D0D6-4DA4-8C3A-74B8389EC07B}" = ATI Catalyst Registration
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216015FF}" = Java(TM) 6 Update 15
"{2C9EE786-1DDB-4C98-8FA4-B1B9B5A66B77}" = Microsoft Games for Windows - LIVE
"{3248F0A8-6813-11D6-A77B-00B0D0150010}" = J2SE Runtime Environment 5.0 Update 1
"{333213B4-11B8-48A4-BC9A-A473052D51DE}" = LiquidInstrumentVst 1.5
"{35CB6715-41F8-4F99-8881-6FC75BF054B0}" = Oblivion
"{3AC54383-31D1-4907-961B-B12CBB1D0AE8}" = MobileMe Control Panel
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3D9892BB-A751-4E48-ADC8-E4289956CE1D}" = QuickTime
"{3F5C371F-8EA2-4F25-9D3D-D0B4526E3AEA}" = NVIDIA PhysX
"{3F9170C9-A7C2-408F-A4D8-EC77250040BF}" = Sound Forge Pro 10.0
"{42929F0F-CE14-47AF-9FC7-FF297A603021}" = Dell Resource CD
"{434D0831-3E0C-4D03-A5D4-5E1000008400}" = F1 2010
"{4377F918-E6C9-4ECA-A7F5-754B310B7ED8}" = Sid Meier's Civilization 4
"{43E8D9E7-AFC9-4BA3-8106-B95E02B87AB7}" = EZdrummer
"{4C4D25EB-6513-4702-8355-F4194DE2E1D9}" = Waves 4.0
"{51DC7E02-3EEE-D01E-60D1-103A0DA2C3BF}" = Catalyst Control Center Graphics Previews Common
"{52E1698D-8B87-4B79-B609-77C763C3E6D9}" = YouTube Video Converter
"{56AAE9D5-3D96-8D1D-C4C4-0290B21CE901}" = ccc-core-static
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{57386F63-DBDC-4F19-9BE9-5A09CFE156AB}" = ElastikStandalone
"{59ADFE8C-AD8C-2B04-6940-2D417FBAD111}" = CCC Help English
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{72EFBFE4-C74F-4187-AEFD-73EA3BE968D6}" = ICQ7.2
"{7F3AD00A-1819-4B15-BB7D-08B3586336D7}" = 3DMark06
"{8094F7AE-CA21-4AF2-A256-BC918CE0E796}" = EZXClaustrophobic
"{80AE0E0A-5579-4015-9C1A-35F2F2CE5673}" = Emergency 4
"{85991ED2-010C-4930-96FA-52F43C2CE98A}" = Apple Mobile Device Support
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{8ACC73AA-6511-7C55-B1A9-8E5D1DEAFAA3}" = The Lord of the Rings FREE Trial 
"{90110407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{91F7F3F3-CE80-48C3-8327-7D24A0A5716A}" = iTunes
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{92F027CB-BDF9-4047-A654-13A050908158}" = ElastikVst
"{974C4B12-4D02-4879-85E0-61C95CC63E9E}" = Fallout 3
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A2453C21-B185-437A-933D-EAFC19D0E2D2}" = LiquidInstrumentVst 1.5
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1031-7B44-A94000000001}" = Adobe Reader 9.4.0 - Deutsch
"{AF2E5BA0-759C-926D-6C3F-11A3751C286E}" = Catalyst Control Center Graphics Previews Vista
"{B2D328BE-45AD-4D92-96F9-2151490A203E}" = Apple Application Support
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Plus Web Player
"{BAF2FA20-6886-483C-8CC6-3310A1A636E5}" = ElastikVst
"{BEE64C14-BEF1-4610-8A68-A16EAA47B882}" = Futuremark SystemInfo
"{C969744F-EB74-5868-719E-D4B1F3D0792F}" = ccc-utility
"{CA85120F-D845-450B-8AF7-CF2182BD8640}" = Elastik RTAS PlugIn
"{CE03D1DC-FD8D-2F5C-5FAD-02570BA0383B}" = Catalyst Control Center InstallProxy
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CF097717-F174-4144-954A-FBC4BF301031}" = Nero 7 Ultra Edition
"{CFBCE791-2D53-4FCE-B3FB-D6E01F4112E8}" = Sid Meier's Civilization 4
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D3F80A98-05AB-4D8C-9272-766CCFA6A48D}" = DIE SIEDLER - Aufstieg eines Königreichs
"{D5A9DA4B-E4F9-FB49-017D-769FC540F1F0}" = EA Download Manager UI
"{D6E4E5D6-7693-4BB4-95BA-21F38FAFEE90}" = Safari
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DDA34038-89BD-4804-B0B8-DC48D5DFB463}" = Catalyst Control Center - Branding
"{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}" = Adobe Media Player
"{EABACFC4-1CB1-438E-A418-0A3B21CD30D1}" = Waves Gold Processors 3.6
"{EF581945-BBE9-11D5-A7FE-50275FC10000}" = Capitalism II
"{F34D6DAE-7777-5C40-E143-8A0D6A048F75}" = ATI Catalyst Install Manager
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F9766AC1-1461-1033-B862-DF8FE1C033BE}" = Adobe InDesign CS5
"1EC636D2DBA2D9924E02E10DA797DEC16306C1A9" = Windows Driver Package - Logitech HIDClass  (10/16/2006 1.0)
"4Videosoft YouTube Video Converter_is1" = 4Videosoft YouTube Video Converter
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Antares Autotune VST_is1" = Antares Autotune VST v5.09
"Arturia Arp2600 V v1.0" = Arturia Arp2600 V v1.0
"Arturia CS-80V_is1" = Arturia CS-80V v1.6
"Arturia Minimoog V v1.0" = Arturia Minimoog V v1.0
"Arturia minimoog V_is1" = Arturia minimoog V v1.6
"Arturia Moog Modular V v1.1" = Arturia Moog Modular V v1.1
"Arturia Moog Modular V2 v1.0" = Arturia Moog Modular V2 v1.0
"ASIO4ALL" = ASIO4ALL
"AskTBar Uninstall" = Ask Toolbar
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"AVMWLANCLI" = AVM FRITZ!WLAN
"BurnAware Professional_is1" = BurnAware Professional 2.2.2
"CamStudio" = CamStudio
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"com.ea.Vault.919CACB699904AC5D41B606703500DD39747C02D.1" = EA Download Manager UI
"CS-80V" = CS-80V
"DAEMON Tools Toolbar" = DAEMON Tools Toolbar
"EA Download Manager" = EA Download Manager
"EPSON SX100 Series" = Druckerdeinstallation für EPSON SX100 Series
"Everest Casino" = Everest Casino (Remove Only)
"Everest Poker" = Everest Poker (Remove Only)
"FL Studio 8" = FL Studio 8
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.4
"Free Video to iPhone Converter_is1" = Free Video to iPhone Converter version 3.0
"Free YouTube Download_is1" = Free YouTube Download 2.6
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.8
"FUSSBALL MANAGER 10" = FUSSBALL MANAGER 10
"Future Music Future Loops" = Future Music Future Loops
"Garritan Gofriller Cello" = Garritan Gofriller Cello
"GFORCE_SOFTWARE_MINIMONSTA_RTAS_VSTi_v1.06-PLZ" = GFORCE_SOFTWARE_MINIMONSTA_RTAS_VSTi_v1.06-PLZ
"GFWL_{434D0831-3E0C-4D03-A5D4-5E1000008400}" = F1 2010
"Golden ASET Mythospheric Space Synthesizer VSTi" = Golden ASET Mythospheric Space Synthesizer VSTi
"Google Desktop" = Google Desktop
"ICQToolbar" = ICQ Toolbar
"IL Download Manager" = IL Download Manager
"JDownloader" = JDownloader
"Jupiter-8V_is1" = Jupiter-8V 1.0
"KaloMa_is1" = KaloMa 4.77
"Linplug daOrgan v2.1.1" = Linplug daOrgan v2.1.1
"LinPlug Organ 3" = LinPlug Organ 3
"Mafia II_is1" = Mafia II
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"ManyOne_is1" = ManyOne 1.0
"M-Audio Drum and Bass Rig_is1" = M-Audio Drum and Bass Rig 1.0.0
"McAfee Security Scan" = McAfee Security Scan Plus
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mozilla Firefox (3.6.11)" = Mozilla Firefox (3.6.11)
"Mozilla Firefox (3.6.8)" = Mozilla Firefox (3.6.8)
"Mp3tag" = Mp3tag v2.46a
"Native Instruments FM8" = Native Instruments FM8
"Native Instruments Kontakt 3" = Native Instruments Kontakt 3
"Native Instruments Service Center" = Native Instruments Service Center
"NI Service Center" = NI Service Center
"OpenAL" = OpenAL
"Phantom CD" = Phantom CD
"Pianissimo" = Pianissimo
"PoiZone" = PoiZone
"PokerOffice" = PokerOffice (remove only)
"PokerStars" = PokerStars
"PS3 Media Center X" = PS3 Media Center X 0.92
"reFX Nexus_is1" = reFX Nexus VSTi RTAS v2.2.0
"SKAT XXL  2.0" = SKAT XXL  2.0
"softonic-de3 Toolbar" = softonic-de3 Toolbar
"Spyware Terminator_is1" = Spyware Terminator
"Steam App 50280" = Mafia II - Demo
"Steinberg HALion v3.5_is1" = Steinberg HALion VSTi DXi v3.5
"Toxic Biohazard" = Toxic Biohazard
"Uninstall_is1" = Uninstall 1.0.0.1
"Vienna" = Vienna SoundFont Studio
"Vir2 Instruments BASiS" = Vir2 Instruments BASiS
"Vir2 Instruments VI.ONE" = Vir2 Instruments VI.ONE
"VLC media player" = VLC media player 1.0.3
"vShare" = vShare Plugin
"Waves Mercury Bundle" = Waves Mercury Bundle
"WinRAR archiver" = WinRAR
"winscp3_is1" = WinSCP 4.2.8
"YouTubeGet_is1" = YouTubeGet 5.4
"Zynga Toolbar" = Zynga Toolbar
 
[color=#E56717]========== Last 10 Event Log Errors ==========[/color]
 
Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!
 
< End of report >
 

.

Log-File von gmer, soweit es ging:

Code

 GMER 1.0.15.15477 - http://www.gmer.net
Rootkit quick scan 2010-10-29 00:43:05
Windows 6.0.6001 Service Pack 1
Running: hq0zcs3x.exe; Driver: C:\Users\Seyin\AppData\Local\Temp\awldypod.sys


---- Devices - GMER 1.0.15 ----

Device   \Driver\iaStorV \Device\Ide\iaStor0                    852071F8
Device   \Driver\iaStorV \Device\Ide\IAAStorageDevice-0         852071F8
Device   \Driver\iaStorV \Device\Ide\IAAStorageDevice-1         852071F8
Device   \FileSystem\Ntfs \Ntfs                                 852081F8

---- Services - GMER 1.0.15 ----

Service  system32\drivers\hjgruirimtmxpe.sys (*** hidden *** )  [SYSTEM] hjgruijbicexqy   <-- ROOTKIT !!!

---- EOF - GMER 1.0.15 ---- 

#2 Hi,

Wichtig: Bitte alle Programme, die wir einsetzen, jetzt und später mit Rechtsklick "Als Administrator" starten.

1. RootRepeal
http://sites.google.com/site/rootrepeal/
Starte RootRepeal.
Beende alle anderen Programme.
Gehe unten auf den Reiter Report.
Klicke auf Scan.
Setze alle Häkchen.
Bestätige mit OK.
Falls gefragt, wähle Laufwerk C:
Bestätige mit OK.
Am Ende des Scans wird ein Log eingeblendet, poste es bitte.

#3 Hi Gangren,

Log von RootRepeal:

Code

 ROOTREPEAL (c) AD, 2007-2009
==================================================
Scan Start Time:        2010/10/29 15:00
Program Version:        Version 1.3.5.0
Windows Version:        Windows Vista SP1
==================================================

Drivers
-------------------
Name: dump_iaStorV.sys
Image Path: C:\Windows\System32\Drivers\dump_iaStorV.sys
Address: 0x8FB1F000    Size: 659456    File Visible: No    Signed: -
Status: -

Name: rootrepeal.sys
Image Path: C:\Windows\system32\drivers\rootrepeal.sys
Address: 0xA4F63000    Size: 49152    File Visible: No    Signed: -
Status: -

Name: spkw.sys
Image Path: C:\Windows\System32\Drivers\spkw.sys
Address: 0x80696000    Size: 1052672    File Visible: No    Signed: -
Status: -

Name: sptd
Image Path: \Driver\sptd
Address: 0x00000000    Size: 0    File Visible: No    Signed: -
Status: -

Hidden/Locked Files
-------------------
Path: C:\hiberfil.sys
Status: Locked to the Windows API!

Path: C:\System Volume Information\{018AB~1
Status: Locked to the Windows API!

Path: C:\System Volume Information\{018ab848-de9d-11df-b963-001e4ce65f72}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{018AB~3
Status: Locked to the Windows API!

Path: C:\System Volume Information\{018AB~4
Status: Locked to the Windows API!

Path: C:\System Volume Information\{0AFC9~1
Status: Locked to the Windows API!

Path: C:\System Volume Information\{0f479fb6-e2da-11df-86c0-001e4ce65f72}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{143dfb2e-d61a-11df-9b75-001e4ce65f72}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{143dfb3c-d61a-11df-9b75-001e4ce65f72}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{194A4~1
Status: Locked to the Windows API!

Path: C:\System Volume Information\{194a4b54-e2a0-11df-9660-001e4ce65f72}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{26C81~1
Status: Locked to the Windows API!

Path: C:\System Volume Information\{2727821e-e2e6-11df-a490-001e4ce65f72}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{27278228-e2e6-11df-a490-001e4ce65f72}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{8e844352-e2d5-11df-981e-001e4ce65f72}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{9E39D~1
Status: Locked to the Windows API!

Path: C:\System Volume Information\{9e39dcc2-d916-11df-a9df-001e4ce65f72}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{9e39dcc8-d916-11df-a9df-001e4ce65f72}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{9e39dcce-d916-11df-a9df-001e4ce65f72}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{9e39dcd4-d916-11df-a9df-001e4ce65f72}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{416b8d31-d411-11df-99a7-001e4ce65f72}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{43b368ae-d8a3-11df-a4f6-001e4ce65f72}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{47057917-d75c-11df-8e34-001e4ce65f72}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{779c57d4-d51b-11df-95a9-001e4ce65f72}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{c338ded4-e357-11df-9f56-001e4ce65f72}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{c338deda-e357-11df-9f56-001e4ce65f72}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{C636A~1
Status: Locked to the Windows API!

Path: C:\System Volume Information\{cb63e270-e2db-11df-8348-001e4ce65f72}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{CC57D~1
Status: Locked to the Windows API!

Path: C:\System Volume Information\{D9317~1
Status: Locked to the Windows API!

Path: C:\System Volume Information\{ee7dffe7-d94d-11df-b74a-001e4ce65f72}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{f637c5f2-e35a-11df-ad7e-001e4ce65f72}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{fd306930-db43-11df-afbe-001e4ce65f72}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\Windows\Microsoft.NET\Framework\NETFXS~1.HKF
Status: Locked to the Windows API!

Path: C:\Windows\System32\wbem\PORTAB~1.MOF
Status: Locked to the Windows API!

Path: C:\Windows\System32\wbem\PORTAB~2.MOF
Status: Locked to the Windows API!

Path: C:\Windows\System32\wbem\PORTAB~3.MOF
Status: Locked to the Windows API!

Path: C:\Windows\System32\wbem\PRINTF~1.MOF
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.msxml2_6bd6b9abf345378f_4.20.9870.0_none_b7e00e6c7b30b69b.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.atl_1fc8b3b9a1e18e3b_8.0.50727.762_none_11ecb0ab9b2caf3c.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.21022.8_none_bcb86ed6ac711f91.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.762_none_0c178a139ee2a7ed.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.mfcloc_1fc8b3b9a1e18e3b_8.0.50727.42_none_58843c41d2730d3f.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.openmp_1fc8b3b9a1e18e3b_8.0.50727.762_none_7b33aa7d218504d2.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4148_none_5090ab56bcba71c2.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.mfcloc_1fc8b3b9a1e18e3b_8.0.50727.42_none_0e9c2a8d74fd3ce6.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.msxml2_6bd6b9abf345378f_4.20.9818.0_none_b7e811947b297f6d.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.openmp_1fc8b3b9a1e18e3b_8.0.50727.42_none_7658964504b9f3b6.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc90.atl_1fc8b3b9a1e18e3b_9.0.30729.4137_none_51c97d20bbe8350e.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.openmp_1fc8b3b9a1e18e3b_8.0.50727.762_none_abac38a907ee8801.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.9.0.microsoft.vc90.openmp_1fc8b3b9a1e18e3b_9.0.30729.4148_none_0e9108e3b72e14d4.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.762_none_10b2f55f9bffb8f8.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.9.0.microsoft.vc90.mfc_1fc8b3b9a1e18e3b_9.0.30729.4137_none_ecfe4c8afb2661fb.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.762_none_8a14c0566bec5b24.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.42_none_db5f52fb98cb24ad.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.9.0.microsoft.vc90.mfcloc_1fc8b3b9a1e18e3b_9.0.30729.1_none_818f59bf601aa775.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.42_none_54c11df268b7c6d9.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc90.mfc_1fc8b3b9a1e18e3b_9.0.30729.4137_none_4bf45688bf9e2dbf.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.atl_1fc8b3b9a1e18e3b_8.0.50727.42_none_58b19c2866332652.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4053_none_d08d7da0442a985d.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4053_none_516e2e610f48bda6.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.mfcloc_1fc8b3b9a1e18e3b_8.0.50727.4053_none_4db266e67dd280ef.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.42_none_d6c3e7af9bae13a2.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc90.atl_1fc8b3b9a1e18e3b_9.0.30729.1_none_e29d1181971ae11e.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.4.1.microsoft.msxml2r_6bd6b9abf345378f_4.1.1.0_none_8b7b15c031cda6db.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.9.0.microsoft.vc90.atl_1fc8b3b9a1e18e3b_9.0.30729.4137_none_f0eecac0f8a1c174.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.4.20.microsoft.msxml2_6bd6b9abf345378f_4.20.9870.0_none_a6dea5dc0ea08098.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.atl_1fc8b3b9a1e18e3b_8.0.50727.762_none_8e053e8c6967ba9d.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.1_none_e163563597edeada.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.42_none_5c4003bc63e949f6.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.msxml2r_6bd6b9abf345378f_4.1.1.0_none_365945b9da656e4d.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.atl_1fc8b3b9a1e18e3b_8.0.50727.42_none_dc990e4797f81af1.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.9.0.microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4137_none_f47d3254f657e518.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.4053_none_cbf21254470d8752.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.mfcloc_1fc8b3b9a1e18e3b_8.0.50727.4053_none_03ca5532205cb096.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.atl_1fc8b3b9a1e18e3b_8.0.50727.4053_none_4ddfc6cd11929a02.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.mfcloc_1fc8b3b9a1e18e3b_8.0.50727.762_none_8dd7dea5d5a7a18a.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc90.mfc_1fc8b3b9a1e18e3b_9.0.30729.4148_none_4bf5400abf9d60b7.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.9.0.microsoft.vc90.atl_1fc8b3b9a1e18e3b_9.0.30729.1_none_81c25f21d3d46d84.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc90.mfcloc_1fc8b3b9a1e18e3b_9.0.30729.1_none_da4695fc507e16e1.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc90.openmp_1fc8b3b9a1e18e3b_9.0.21022.8_none_ecdf8c290e547f39.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.9.0.microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.1_none_8550c6b5d18a9128.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4137_none_508fc1d4bcbb3eca.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.9.0.microsoft.vc90.mfcloc_1fc8b3b9a1e18e3b_9.0.30729.4148_none_f0bcaee084e72e5d.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc90.openmp_1fc8b3b9a1e18e3b_9.0.30729.4148_none_80b7c8a91e9dd16a.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc90.mfc_1fc8b3b9a1e18e3b_9.0.30729.1_none_dcc7eae99ad0d9cf.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.9.0.microsoft.vc90.mfc_1fc8b3b9a1e18e3b_9.0.30729.1_none_7dd1e0ebd6590e0b.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.9.0.microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4148_none_f47e1bd6f6571810.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.9.0.microsoft.vc90.mfc_1fc8b3b9a1e18e3b_9.0.30729.4148_none_ecff360cfb2594f3.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.msxml2_6bd6b9abf345378f_4.20.9876.0_none_b7e610287b2b4ea5.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.9.0.microsoft.vc90.openmp_1fc8b3b9a1e18e3b_9.0.21022.8_none_7ab8cc63a6e4c2a3.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.atl_1fc8b3b9a1e18e3b_8.0.50727.4053_none_d1c738ec43578ea1.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.4053_none_49ef489714173a89.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.msxml2r_6bd6b9abf345378f_4.1.0.0_none_3658456fda6654f6.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.openmp_1fc8b3b9a1e18e3b_8.0.50727.42_none_45e008191e507087.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.mfcloc_1fc8b3b9a1e18e3b_8.0.50727.762_none_43efccf17831d131.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.9.0.microsoft.vc90.atl_1fc8b3b9a1e18e3b_9.0.30729.4148_none_f0efb442f8a0f46c.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.762_none_9193a620671dde41.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc90.atl_1fc8b3b9a1e18e3b_9.0.30729.4148_none_51ca66a2bbe76806.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.4.20.microsoft.msxml2_6bd6b9abf345378f_4.20.9876.0_none_a6e4a7980e9b18a2.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.9.0.microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.21022.8_none_60a5df56e60dc5df.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc90.mfcloc_1fc8b3b9a1e18e3b_9.0.30729.4148_none_4973eb1d754a9dc9.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-com-base-qfe-ole32_31bf3856ad364e35_6.0.6001.18000_none_ac1da75bf2516084\$$DeleteMe.ole32.dll.01cb6b6c2ea96c51.0002
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-n..xcorecomp.resources_31bf3856ad364e35_6.0.6000.16720_de-de_589603bea65c07cf\EDITUS~1.RES
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-n..xcorecomp.resources_31bf3856ad364e35_6.0.6000.16720_de-de_589603bea65c07cf\SMTPSE~1.RES
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-n..xcorecomp.resources_31bf3856ad364e35_6.0.6000.16720_de-de_589603bea65c07cf\WEE477~1.RES
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-n..xcorecomp.resources_31bf3856ad364e35_6.0.6000.20883_de-de_58e1c1dfbfa79b44\EDITUS~1.RES
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-n..xcorecomp.resources_31bf3856ad364e35_6.0.6000.20883_de-de_58e1c1dfbfa79b44\SMTPSE~1.RES
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-n..xcorecomp.resources_31bf3856ad364e35_6.0.6000.20883_de-de_58e1c1dfbfa79b44\WEE477~1.RES
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-n..xcorecomp.resources_31bf3856ad364e35_6.0.6001.18111_de-de_5a88129aa3799626\EDITUS~1.RES
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-n..xcorecomp.resources_31bf3856ad364e35_6.0.6001.18111_de-de_5a88129aa3799626\SMTPSE~1.RES
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-n..xcorecomp.resources_31bf3856ad364e35_6.0.6001.18111_de-de_5a88129aa3799626\WEE477~1.RES
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-netfx3-core_31bf3856ad364e35_6.0.6001.18096_none_67458179da6478e3\FRAMEW~1.XML
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-netfx3-core_31bf3856ad364e35_6.0.6000.16708_none_65c29499dcf31c4e\FRAMEW~1.XML
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-netfx3-core_31bf3856ad364e35_6.0.6000.20864_none_660750b4f644fe62\FRAMEW~1.XML
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-p..oler-filterpipeline_31bf3856ad364e35_6.0.6001.18226_none_2b9dff39db71a7a1\PRINTF~1.MOF
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-p..oler-filterpipeline_31bf3856ad364e35_6.0.6000.16830_none_29a6eeebde589a97\PRINTF~1.MOF
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-p..oler-filterpipeline_31bf3856ad364e35_6.0.6000.21023_none_2a3e34a2f76b9db7\PRINTF~1.MOF
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-s..ent-sku-homepremium_31bf3856ad364e35_6.0.6002.18005_none_3d90d406f6a60fcd\SE3B5D~1.XRM
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-s..ent-sku-homepremium_31bf3856ad364e35_6.0.6002.18005_none_3d90d406f6a60fcd\SE54EE~1.XRM
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-s..ent-sku-homepremium_31bf3856ad364e35_6.0.6002.18005_none_3d90d406f6a60fcd\SE4BA2~1.XRM
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-s..ent-sku-homepremium_31bf3856ad364e35_6.0.6002.18005_none_3d90d406f6a60fcd\SE5F3C~1.XRM
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-s..ent-sku-homepremium_31bf3856ad364e35_6.0.6002.18005_none_3d90d406f6a60fcd\SECURI~4.XRM
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-s..ent-sku-homepremium_31bf3856ad364e35_6.0.6002.18005_none_3d90d406f6a60fcd\SE5FBC~1.XRM
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-s..ent-sku-homepremium_31bf3856ad364e35_6.0.6002.18005_none_3d90d406f6a60fcd\SE6DB5~1.XRM
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-s..ent-sku-homepremium_31bf3856ad364e35_6.0.6002.18005_none_3d90d406f6a60fcd\SE9AEB~1.XRM
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-shell-comctl32-v5_31bf3856ad364e35_6.0.6001.18000_none_399c1f00d7f7837a\$$DeleteMe.comctl32.dll.01cb6b6c2e7e9391.0000
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-w..mediadeliveryengine_31bf3856ad364e35_6.0.6001.18000_none_1d7020d85d93d705\$$DeleteMe.wmpmde.dll.01cb6b6c2e8a7a71.0001
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-wpd-portabledeviceapi_31bf3856ad364e35_6.0.6000.16767_none_48e0ac03ef0db56a\PORTAB~1.MOF
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-wpd-portabledeviceapi_31bf3856ad364e35_6.0.6000.16767_none_48e0ac03ef0db56a\PORTAB~2.MOF
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-wpd-portabledeviceapi_31bf3856ad364e35_6.0.6000.16767_none_48e0ac03ef0db56a\PORTAB~3.MOF
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-wpd-portabledeviceapi_31bf3856ad364e35_6.0.6000.20941_none_4979e8d10820826f\PORTAB~1.MOF
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-wpd-portabledeviceapi_31bf3856ad364e35_6.0.6000.20941_none_4979e8d10820826f\PORTAB~2.MOF
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-wpd-portabledeviceapi_31bf3856ad364e35_6.0.6000.20941_none_4979e8d10820826f\PORTAB~3.MOF
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-wpd-portabledeviceapi_31bf3856ad364e35_6.0.6001.18160_none_4abfe8a3ec3a94fa\PORTAB~1.MOF
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-wpd-portabledeviceapi_31bf3856ad364e35_6.0.6001.18160_none_4abfe8a3ec3a94fa\PORTAB~2.MOF
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-wpd-portabledeviceapi_31bf3856ad364e35_6.0.6001.18160_none_4abfe8a3ec3a94fa\PORTAB~3.MOF
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-wpd-portabledeviceapi_31bf3856ad364e35_6.0.6001.22292_none_4b2b163f056ebb45\PORTAB~1.MOF
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-wpd-portabledeviceapi_31bf3856ad364e35_6.0.6001.22292_none_4b2b163f056ebb45\PORTAB~2.MOF
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-wpd-portabledeviceapi_31bf3856ad364e35_6.0.6001.22292_none_4b2b163f056ebb45\PORTAB~3.MOF
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-wpd-portabledeviceapi_31bf3856ad364e35_6.0.6002.18005_none_4cec3f51e92bbb79\PORTAB~1.MOF
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-wpd-portabledeviceapi_31bf3856ad364e35_6.0.6002.18005_none_4cec3f51e92bbb79\PORTAB~2.MOF
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-wpd-portabledeviceapi_31bf3856ad364e35_6.0.6002.18005_none_4cec3f51e92bbb79\PORTAB~3.MOF
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webmintrust_config_b03f5f7f11d50a3a_6.0.6000.16720_none_e2c358ab062e054b\WEB_MI~1.CON
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webmintrust_config_b03f5f7f11d50a3a_6.0.6000.20883_none_cbfb6f4f1fd04a3e\WEB_MI~1.CON
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webmintrust_config_b03f5f7f11d50a3a_6.0.6001.18111_none_e29e3d61068011ec\WEB_MI~1.CON
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webmintrust_config_b03f5f7f11d50a3a_6.0.6001.22230_none_cbd2adfd20258aff\WEB_MI~1.CON
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webevent_sqlprov_b03f5f7f11d50a3a_6.0.6001.18111_none_a335242e0936a3fd\INSTAL~1.SQL
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webevent_sqlprov_b03f5f7f11d50a3a_6.0.6001.18111_none_a335242e0936a3fd\UNINST~1.SQL
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-uninstallsqlstate_sql_b03f5f7f11d50a3a_6.0.6000.16720_none_a2f69a4627a6df36\UNINST~1.SQL
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-uninstallsqlstate_sql_b03f5f7f11d50a3a_6.0.6000.20883_none_8c2eb0ea41492429\UNINST~1.SQL
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-uninstallsqlstate_sql_b03f5f7f11d50a3a_6.0.6001.18111_none_a2d17efc27f8ebd7\UNINST~1.SQL
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-uninstallsqlstate_sql_b03f5f7f11d50a3a_6.0.6001.22230_none_8c05ef98419e64ea\UNINST~1.SQL
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-vbc_exe_config_b03f5f7f11d50a3a_6.0.6000.16720_none_32a2a55c0f70152b\VBCEXE~1.CON
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-vbc_exe_config_b03f5f7f11d50a3a_6.0.6000.20883_none_1bdabc0029125a1e\VBCEXE~1.CON
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-vbc_exe_config_b03f5f7f11d50a3a_6.0.6001.18111_none_327d8a120fc221cc\VBCEXE~1.CON
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-webhightrust_config_b03f5f7f11d50a3a_6.0.6000.16720_none_a05f40e791345747\WEB_HI~1.CON
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-webhightrust_config_b03f5f7f11d50a3a_6.0.6000.20883_none_8997578baad69c3a\WEB_HI~1.CON
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-webhightrust_config_b03f5f7f11d50a3a_6.0.6001.18111_none_a03a259d918663e8\WEB_HI~1.CON
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-webhightrust_config_b03f5f7f11d50a3a_6.0.6001.22230_none_896e9639ab2bdcfb\WEB_HI~1.CON
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-xpthemes_manifest_b03f5f7f11d50a3a_6.0.6000.16720_none_1e9c83dead284b26\XPTHEM~1.MAN
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-xpthemes_manifest_b03f5f7f11d50a3a_6.0.6000.20883_none_07d49a82c6ca9019\XPTHEM~1.MAN
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-xpthemes_manifest_b03f5f7f11d50a3a_6.0.6001.18111_none_1e776894ad7a57c7\XPTHEM~1.MAN
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-xpthemes_manifest_b03f5f7f11d50a3a_6.0.6001.22230_none_07abd930c71fd0da\XPTHEM~1.MAN
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_policy.1.2.microsof..op.security.azroles_31bf3856ad364e35_6.0.6000.16386_none_ea83414c2e75b887\Microsoft.Interop.Security.AzRoles.config
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webevent_sqlprov_b03f5f7f11d50a3a_6.0.6001.22230_none_8c6994ca22dc1d10\INSTAL~1.SQL
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webevent_sqlprov_b03f5f7f11d50a3a_6.0.6001.22230_none_8c6994ca22dc1d10\UNINST~1.SQL
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webmedtrust_config_b03f5f7f11d50a3a_6.0.6000.16720_none_2c88b9b71ca44e71\WEB_ME~1.CON
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webmedtrust_config_b03f5f7f11d50a3a_6.0.6000.20883_none_15c0d05b36469364\WEB_ME~1.CON
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webmedtrust_config_b03f5f7f11d50a3a_6.0.6001.18111_none_2c639e6d1cf65b12\WEB_ME~1.CON
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webmedtrust_config_b03f5f7f11d50a3a_6.0.6001.22230_none_15980f09369bd425\WEB_ME~1.CON
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-vbc_exe_config_b03f5f7f11d50a3a_6.0.6001.22230_none_1bb1faae29679adf\VBCEXE~1.CON
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-csc_exe_config_b03f5f7f11d50a3a_6.0.6000.16720_none_879a188098bde787\CSCEXE~1.CON
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-csc_exe_config_b03f5f7f11d50a3a_6.0.6000.20883_none_70d22f24b2602c7a\CSCEXE~1.CON
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-csc_exe_config_b03f5f7f11d50a3a_6.0.6001.18111_none_8774fd36990ff428\CSCEXE~1.CON
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-csc_exe_config_b03f5f7f11d50a3a_6.0.6001.22230_none_70a96dd2b2b56d3b\CSCEXE~1.CON
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_wizard_res_b03f5f7f11d50a3a_6.0.6000.16720_none_a5a88a6ce272adc8\CONFIR~1.RES
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_wizard_res_b03f5f7f11d50a3a_6.0.6000.16720_none_a5a88a6ce272adc8\WIZARD~2.RES
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_wizard_res_b03f5f7f11d50a3a_6.0.6000.16720_none_a5a88a6ce272adc8\WIZARD~3.RES
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_wizard_res_b03f5f7f11d50a3a_6.0.6000.16720_none_a5a88a6ce272adc8\WIZARD~4.RES
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_wizard_res_b03f5f7f11d50a3a_6.0.6000.16720_none_a5a88a6ce272adc8\WI7FD4~1.RES
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_wizard_res_b03f5f7f11d50a3a_6.0.6000.16720_none_a5a88a6ce272adc8\WI49C3~1.RES
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_wizard_res_b03f5f7f11d50a3a_6.0.6000.16720_none_a5a88a6ce272adc8\WI2CD7~1.RES
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_wizard_res_b03f5f7f11d50a3a_6.0.6000.16720_none_a5a88a6ce272adc8\WI3A48~1.RES
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_wizard_res_b03f5f7f11d50a3a_6.0.6000.20883_none_8ee0a110fc14f2bb\CONFIR~1.RES
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_wizard_res_b03f5f7f11d50a3a_6.0.6000.20883_none_8ee0a110fc14f2bb\WIZARD~2.RES
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_wizard_res_b03fProcesses
-------------------
Path: System
PID: 4    Status: Locked to the Windows API!

Path: C:\Windows\System32\audiodg.exe
PID: 1364    Status: Locked to the Windows API!

Stealth Objects
-------------------
Object: Hidden Handle [Index: 5624, Type: UnknownType]
Process: SearchIndexer.exe (PID: 3428)    Address: 0x865ec3f0    Size: -

Object: Hidden Code [Driver: Ntfs, IRP_MJ_CREATE]
Process: System    Address: 0x852081f8    Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_CLOSE]
Process: System    Address: 0x852081f8    Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_READ]
Process: System    Address: 0x852081f8    Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_WRITE]
Process: System    Address: 0x852081f8    Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_INFORMATION]
Process: System    Address: 0x852081f8    Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_INFORMATION]
Process: System    Address: 0x852081f8    Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_EA]
Process: System    Address: 0x852081f8    Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_EA]
Process: System    Address: 0x852081f8    Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_FLUSH_BUFFERS]
Process: System    Address: 0x852081f8    Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_VOLUME_INFORMATION]
Process: System    Address: 0x852081f8    Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_VOLUME_INFORMATION]
Process: System    Address: 0x852081f8    Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_DIRECTORY_CONTROL]
Process: System    Address: 0x852081f8    Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_FILE_SYSTEM_CONTROL]
Process: System    Address: 0x852081f8    Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_DEVICE_CONTROL]
Process: System    Address: 0x852081f8    Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SHUTDOWN]
Process: System    Address: 0x852081f8    Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_LOCK_CONTROL]
Process: System    Address: 0x852081f8    Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_CLEANUP]
Process: System    Address: 0x852081f8    Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_SECURITY]
Process: System    Address: 0x852081f8    Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_SECURITY]
Process: System    Address: 0x852081f8    Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_QUOTA]
Process: System    Address: 0x852081f8    Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_QUOTA]
Process: System    Address: 0x852081f8    Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_PNP]
Process: System    Address: 0x852081f8    Size: 121

Object: Hidden Code [Driver: anmvauk8П牄鍨諅甸趔
, IRP_MJ_CREATE]
Process: System    Address: 0x86d741f8    Size: 121

Object: Hidden Code [Driver: anmvauk8П牄鍨諅甸趔
, IRP_MJ_CLOSE]
Process: System    Address: 0x86d741f8    Size: 121

Object: Hidden Code [Driver: anmvauk8П牄鍨諅甸趔
, IRP_MJ_DEVICE_CONTROL]
Process: System    Address: 0x86d741f8    Size: 121

Object: Hidden Code [Driver: anmvauk8П牄鍨諅甸趔
, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System    Address: 0x86d741f8    Size: 121

Object: Hidden Code [Driver: anmvauk8П牄鍨諅甸趔
, IRP_MJ_POWER]
Process: System    Address: 0x86d741f8    Size: 121

Object: Hidden Code [Driver: anmvauk8П牄鍨諅甸趔
, IRP_MJ_SYSTEM_CONTROL]
Process: System    Address: 0x86d741f8    Size: 121

Object: Hidden Code [Driver: anmvauk8П牄鍨諅甸趔
, IRP_MJ_PNP]
Process: System    Address: 0x86d741f8    Size: 121

Object: Hidden Code [Driver: cdrom, IRP_MJ_CREATE]
Process: System    Address: 0x86c7c1f8    Size: 121

Object: Hidden Code [Driver: cdrom, IRP_MJ_CLOSE]
Process: System    Address: 0x86c7c1f8    Size: 121

Object: Hidden Code [Driver: cdrom, IRP_MJ_READ]
Process: System    Address: 0x86c7c1f8    Size: 121

Object: Hidden Code [Driver: cdrom, IRP_MJ_WRITE]
Process: System    Address: 0x86c7c1f8    Size: 121

Object: Hidden Code [Driver: cdrom, IRP_MJ_FLUSH_BUFFERS]
Process: System    Address: 0x86c7c1f8    Size: 121

Object: Hidden Code [Driver: cdrom, IRP_MJ_DEVICE_CONTROL]
Process: System    Address: 0x86c7c1f8    Size: 121

Object: Hidden Code [Driver: cdrom, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System    Address: 0x86c7c1f8    Size: 121

Object: Hidden Code [Driver: cdrom, IRP_MJ_SHUTDOWN]
Process: System    Address: 0x86c7c1f8    Size: 121

Object: Hidden Code [Driver: cdrom, IRP_MJ_POWER]
Process: System    Address: 0x86c7c1f8    Size: 121

Object: Hidden Code [Driver: cdrom, IRP_MJ_SYSTEM_CONTROL]
Process: System    Address: 0x86c7c1f8    Size: 121

Object: Hidden Code [Driver: cdrom, IRP_MJ_PNP]
Process: System    Address: 0x86c7c1f8    Size: 121

Object: Hidden Code [Driver: iaStorV, IRP_MJ_CREATE]
Process: System    Address: 0x852071f8    Size: 121

Object: Hidden Code [Driver: iaStorV, IRP_MJ_CLOSE]
Process: System    Address: 0x852071f8    Size: 121

Object: Hidden Code [Driver: iaStorV, IRP_MJ_DEVICE_CONTROL]
Process: System    Address: 0x852071f8    Size: 121

Object: Hidden Code [Driver: iaStorV, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System    Address: 0x852071f8    Size: 121

Object: Hidden Code [Driver: iaStorV, IRP_MJ_POWER]
Process: System    Address: 0x852071f8    Size: 121

Object: Hidden Code [Driver: iaStorV, IRP_MJ_SYSTEM_CONTROL]
Process: System    Address: 0x852071f8    Size: 121

Object: Hidden Code [Driver: iaStorV, IRP_MJ_PNP]
Process: System    Address: 0x852071f8    Size: 121

Object: Hidden Code [Driver: USBSTOR, IRP_MJ_CREATE]
Process: System    Address: 0x8735e1f8    Size: 121

Object: Hidden Code [Driver: USBSTOR, IRP_MJ_CLOSE]
Process: System    Address: 0x8735e1f8    Size: 121

Object: Hidden Code [Driver: USBSTOR, IRP_MJ_READ]
Process: System    Address: 0x8735e1f8    Size: 121

Object: Hidden Code [Driver: USBSTOR, IRP_MJ_WRITE]
Process: System    Address: 0x8735e1f8    Size: 121

Object: Hidden Code [Driver: USBSTOR, IRP_MJ_DEVICE_CONTROL]
Process: System    Address: 0x8735e1f8    Size: 121

Object: Hidden Code [Driver: USBSTOR, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System    Address: 0x8735e1f8    Size: 121

Object: Hidden Code [Driver: USBSTOR, IRP_MJ_POWER]
Process: System    Address: 0x8735e1f8    Size: 121

Object: Hidden Code [Driver: USBSTOR, IRP_MJ_SYSTEM_CONTROL]
Process: System    Address: 0x8735e1f8    Size: 121

Object: Hidden Code [Driver: USBSTOR, IRP_MJ_PNP]
Process: System    Address: 0x8735e1f8    Size: 121

Object: Hidden Code [Driver: usbuhci牃Ї扏楃ɀ, IRP_MJ_CREATE]
Process: System    Address: 0x86c7a1f8    Size: 121

Object: Hidden Code [Driver: usbuhci牃Ї扏楃ɀ, IRP_MJ_CLOSE]
Process: System    Address: 0x86c7a1f8    Size: 121

Object: Hidden Code [Driver: usbuhci牃Ї扏楃ɀ, IRP_MJ_DEVICE_CONTROL]
Process: System    Address: 0x86c7a1f8    Size: 121

Object: Hidden Code [Driver: usbuhci牃Ї扏楃ɀ, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System    Address: 0x86c7a1f8    Size: 121

Object: Hidden Code [Driver: usbuhci牃Ї扏楃ɀ, IRP_MJ_POWER]
Process: System    Address: 0x86c7a1f8    Size: 121

Object: Hidden Code [Driver: usbuhci牃Ї扏楃ɀ, IRP_MJ_SYSTEM_CONTROL]
Process: System    Address: 0x86c7a1f8    Size: 121

Object: Hidden Code [Driver: usbuhci牃Ї扏楃ɀ, IRP_MJ_PNP]
Process: System    Address: 0x86c7a1f8    Size: 121

Object: Hidden Code [Driver: Smb前Ј獵灢ĒĀĉࠀ肆⤷, IRP_MJ_CREATE]
Process: System    Address: 0x872d41f8    Size: 121

Object: Hidden Code [Driver: Smb前Ј獵灢ĒĀĉࠀ肆⤷, IRP_MJ_CLOSE]
Process: System    Address: 0x872d41f8    Size: 121

Object: Hidden Code [Driver: Smb前Ј獵灢ĒĀĉࠀ肆⤷, IRP_MJ_DEVICE_CONTROL]
Process: System    Address: 0x872d41f8    Size: 121

Object: Hidden Code [Driver: Smb前Ј獵灢ĒĀĉࠀ肆⤷, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System    Address: 0x872d41f8    Size: 121

Object: Hidden Code [Driver: Smb前Ј獵灢ĒĀĉࠀ肆⤷, IRP_MJ_CLEANUP]
Process: System    Address: 0x872d41f8    Size: 121

Object: Hidden Code [Driver: Smb前Ј獵灢ĒĀĉࠀ肆⤷, IRP_MJ_PNP]
Process: System    Address: 0x872d41f8    Size: 121

Object: Hidden Code [Driver: netbt蜦, IRP_MJ_CREATE]
Process: System    Address: 0x872911f8    Size: 121

Object: Hidden Code [Driver: netbt蜦, IRP_MJ_CLOSE]
Process: System    Address: 0x872911f8    Size: 121

Object: Hidden Code [Driver: netbt蜦, IRP_MJ_DEVICE_CONTROL]
Process: System    Address: 0x872911f8    Size: 121

Object: Hidden Code [Driver: netbt蜦, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System    Address: 0x872911f8    Size: 121

Object: Hidden Code [Driver: netbt蜦, IRP_MJ_CLEANUP]
Process: System    Address: 0x872911f8    Size: 121

Object: Hidden Code [Driver: netbt蜦, IRP_MJ_PNP]
Process: System    Address: 0x872911f8    Size: 121

Object: Hidden Code [Driver: iScsiPrtЅ晖呉恤輦숴舏, IRP_MJ_CREATE]
Process: System    Address: 0x86d501f8    Size: 121

Object: Hidden Code [Driver: iScsiPrtЅ晖呉恤輦숴舏, IRP_MJ_CLOSE]
Process: System    Address: 0x86d501f8    Size: 121

Object: Hidden Code [Driver: iScsiPrtЅ晖呉恤輦숴舏, IRP_MJ_DEVICE_CONTROL]
Process: System    Address: 0x86d501f8    Size: 121

Object: Hidden Code [Driver: iScsiPrtЅ晖呉恤輦숴舏, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System    Address: 0x86d501f8    Size: 121

Object: Hidden Code [Driver: iScsiPrtЅ晖呉恤輦숴舏, IRP_MJ_POWER]
Process: System    Address: 0x86d501f8    Size: 121

Object: Hidden Code [Driver: iScsiPrtЅ晖呉恤輦숴舏, IRP_MJ_SYSTEM_CONTROL]
Process: System    Address: 0x86d501f8    Size: 121

Object: Hidden Code [Driver: iScsiPrtЅ晖呉恤輦숴舏, IRP_MJ_PNP]
Process: System    Address: 0x86d501f8    Size: 121

Object: Hidden Code [Driver: volmgr, IRP_MJ_CREATE]
Process: System    Address: 0x852051f8    Size: 121

Object: Hidden Code [Driver: volmgr, IRP_MJ_READ]
Process: System    Address: 0x852051f8    Size: 121

Object: Hidden Code [Driver: volmgr, IRP_MJ_WRITE]
Process: System    Address: 0x852051f8    Size: 121

Object: Hidden Code [Driver: volmgr, IRP_MJ_FLUSH_BUFFERS]
Process: System    Address: 0x852051f8    Size: 121

Object: Hidden Code [Driver: volmgr, IRP_MJ_DEVICE_CONTROL]
Process: System    Address: 0x852051f8    Size: 121

Object: Hidden Code [Driver: volmgr, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System    Address: 0x852051f8    Size: 121

Object: Hidden Code [Driver: volmgr, IRP_MJ_SHUTDOWN]
Process: System    Address: 0x852051f8    Size: 121

Object: Hidden Code [Driver: volmgr, IRP_MJ_CLEANUP]
Process: System    Address: 0x852051f8    Size: 121

Object: Hidden Code [Driver: volmgr, IRP_MJ_POWER]
Process: System    Address: 0x852051f8    Size: 121

Object: Hidden Code [Driver: volmgr, IRP_MJ_SYSTEM_CONTROL]
Process: System    Address: 0x852051f8    Size: 121

Object: Hidden Code [Driver: volmgr, IRP_MJ_PNP]
Process: System    Address: 0x852051f8    Size: 121

Object: Hidden Code [Driver: usbehci, IRP_MJ_CREATE]
Process: System    Address: 0x86c781f8    Size: 121

Object: Hidden Code [Driver: usbehci, IRP_MJ_CLOSE]
Process: System    Address: 0x86c781f8    Size: 121

Object: Hidden Code [Driver: usbehci, IRP_MJ_DEVICE_CONTROL]
Process: System    Address: 0x86c781f8    Size: 121

Object: Hidden Code [Driver: usbehci, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System    Address: 0x86c781f8    Size: 121

Object: Hidden Code [Driver: usbehci, IRP_MJ_POWER]
Process: System    Address: 0x86c781f8    Size: 121

Object: Hidden Code [Driver: usbehci, IRP_MJ_SYSTEM_CONTROL]
Process: System    Address: 0x86c781f8    Size: 121

Object: Hidden Code [Driver: usbehci, IRP_MJ_PNP]
Process: System    Address: 0x86c781f8    Size: 121

Object: Hidden Code [Driver: mrxsmb姰貨Е畍捆焈œ
, IRP_MJ_CREATE]
Process: System    Address: 0x873b71f8    Size: 121

Object: Hidden Code [Driver: mrxsmb姰貨Е畍捆焈œ
, IRP_MJ_CREATE_NAMED_PIPE]
Process: System    Address: 0x873b71f8    Size: 121

Object: Hidden Code [Driver: mrxsmb姰貨Е畍捆焈œ
, IRP_MJ_CLOSE]
Process: System    Address: 0x873b71f8    Size: 121

Object: Hidden Code [Driver: mrxsmb姰貨Е畍捆焈œ
, IRP_MJ_READ]
Process: System    Address: 0x873b71f8    Size: 121

Object: Hidden Code [Driver: mrxsmb姰貨Е畍捆焈œ
, IRP_MJ_WRITE]
Process: System    Address: 0x873b71f8    Size: 121

Object: Hidden Code [Driver: mrxsmb姰貨Е畍捆焈œ
, IRP_MJ_QUERY_INFORMATION]
Process: System    Address: 0x873b71f8    Size: 121

Object: Hidden Code [Driver: mrxsmb姰貨Е畍捆焈œ
, IRP_MJ_SET_INFORMATION]
Process: System    Address: 0x873b71f8    Size: 121

Object: Hidden Code [Driver: mrxsmb姰貨Е畍捆焈œ
, IRP_MJ_QUERY_EA]
Process: System    Address: 0x873b71f8    Size: 121

Object: Hidden Code [Driver: mrxsmb姰貨Е畍捆焈œ
, IRP_MJ_SET_EA]
Process: System    Address: 0x873b71f8    Size: 121

Object: Hidden Code [Driver: mrxsmb姰貨Е畍捆焈œ
, IRP_MJ_FLUSH_BUFFERS]
Process: System    Address: 0x873b71f8    Size: 121

Object: Hidden Code [Driver: mrxsmb姰貨Е畍捆焈œ
, IRP_MJ_QUERY_VOLUME_INFORMATION]
Process: System    Address: 0x873b71f8    Size: 121

Object: Hidden Code [Driver: mrxsmb姰貨Е畍捆焈œ
, IRP_MJ_SET_VOLUME_INFORMATION]
Process: System    Address: 0x873b71f8    Size: 121

Object: Hidden Code [Driver: mrxsmb姰貨Е畍捆焈œ
, IRP_MJ_DIRECTORY_CONTROL]
Process: System    Address: 0x873b71f8    Size: 121

Object: Hidden Code [Driver: mrxsmb姰貨Е畍捆焈œ
, IRP_MJ_FILE_SYSTEM_CONTROL]
Process: System    Address: 0x873b71f8    Size: 121

Object: Hidden Code [Driver: mrxsmb姰貨Е畍捆焈œ
, IRP_MJ_DEVICE_CONTROL]
Process: System    Address: 0x873b71f8    Size: 121

Object: Hidden Code [Driver: mrxsmb姰貨Е畍捆焈œ
, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System    Address: 0x873b71f8    Size: 121

Object: Hidden Code [Driver: mrxsmb姰貨Е畍捆焈œ
, IRP_MJ_SHUTDOWN]
Process: System    Address: 0x873b71f8    Size: 121

Object: Hidden Code [Driver: mrxsmb姰貨Е畍捆焈œ
, IRP_MJ_LOCK_CONTROL]
Process: System    Address: 0x873b71f8    Size: 121

Object: Hidden Code [Driver: mrxsmb姰貨Е畍捆焈œ
, IRP_MJ_CLEANUP]
Process: System    Address: 0x873b71f8    Size: 121

Object: Hidden Code [Driver: mrxsmb姰貨Е畍捆焈œ
, IRP_MJ_CREATE_MAILSLOT]
Process: System    Address: 0x873b71f8    Size: 121

Object: Hidden Code [Driver: mrxsmb姰貨Е畍捆焈œ
, IRP_MJ_QUERY_SECURITY]
Process: System    Address: 0x873b71f8    Size: 121

Object: Hidden Code [Driver: mrxsmb姰貨Е畍捆焈œ
, IRP_MJ_SET_SECURITY]
Process: System    Address: 0x873b71f8    Size: 121

Object: Hidden Code [Driver: mrxsmb姰貨Е畍捆焈œ
, IRP_MJ_POWER]
Process: System    Address: 0x873b71f8    Size: 121

Object: Hidden Code [Driver: mrxsmb姰貨Е畍捆焈œ
, IRP_MJ_SYSTEM_CONTROL]
Process: System    Address: 0x873b71f8    Size: 121

Object: Hidden Code [Driver: mrxsmb姰貨Е畍捆焈œ
, IRP_MJ_DEVICE_CHANGE]
Process: System    Address: 0x873b71f8    Size: 121

Object: Hidden Code [Driver: mrxsmb姰貨Е畍捆焈œ
, IRP_MJ_QUERY_QUOTA]
Process: System    Address: 0x873b71f8    Size: 121

Object: Hidden Code [Driver: mrxsmb姰貨Е畍捆焈œ
, IRP_MJ_SET_QUOTA]
Process: System    Address: 0x873b71f8    Size: 121

Object: Hidden Code [Driver: mrxsmb姰貨Е畍捆焈œ
, IRP_MJ_PNP]
Process: System    Address: 0x873b71f8    Size: 121

Object: Hidden Code [Driver: cdfsЅ卆潲
, IRP_MJ_CREATE]
Process: System    Address: 0x87973500    Size: 121

Object: Hidden Code [Driver: cdfsЅ卆潲
, IRP_MJ_CLOSE]
Process: System    Address: 0x87973500    Size: 121

Object: Hidden Code [Driver: cdfsЅ卆潲
, IRP_MJ_READ]
Process: System    Address: 0x87973500    Size: 121

Object: Hidden Code [Driver: cdfsЅ卆潲
, IRP_MJ_WRITE]
Process: System    Address: 0x87973500    Size: 121

Object: Hidden Code [Driver: cdfsЅ卆潲
, IRP_MJ_QUERY_INFORMATION]
Process: System    Address: 0x87973500    Size: 121

Object: Hidden Code [Driver: cdfsЅ卆潲
, IRP_MJ_SET_INFORMATION]
Process: System    Address: 0x87973500    Size: 121

Object: Hidden Code [Driver: cdfsЅ卆潲
, IRP_MJ_QUERY_VOLUME_INFORMATION]
Process: System    Address: 0x87973500    Size: 121

Object: Hidden Code [Driver: cdfsЅ卆潲
, IRP_MJ_DIRECTORY_CONTROL]
Process: System    Address: 0x87973500    Size: 121

Object: Hidden Code [Driver: cdfsЅ卆潲
, IRP_MJ_FILE_SYSTEM_CONTROL]
Process: System    Address: 0x87973500    Size: 121

Object: Hidden Code [Driver: cdfsЅ卆潲
, IRP_MJ_DEVICE_CONTROL]
Process: System    Address: 0x87973500    Size: 121

Object: Hidden Code [Driver: cdfsЅ卆潲
, IRP_MJ_SHUTDOWN]
Process: System    Address: 0x87973500    Size: 121

Object: Hidden Code [Driver: cdfsЅ卆潲
, IRP_MJ_LOCK_CONTROL]
Process: System    Address: 0x87973500    Size: 121

Object: Hidden Code [Driver: cdfsЅ卆潲
, IRP_MJ_CLEANUP]
Process: System    Address: 0x87973500    Size: 121

Object: Hidden Code [Driver: cdfsЅ卆潲
, IRP_MJ_PNP]
Process: System    Address: 0x87973500    Size: 121

Hidden Services
-------------------
Service Name: hjgruijbicexqy
Image Path: C:\Windows\system32\drivers\hjgruirimtmxpe.sys

==EOF== 

#4 1. Hol Dir bitte Avenger
http://swandog46.geekstogo.com/avenger2/download.php
Entpacke Avenger auf den Desktop.
Starte Avenger.
Setze unten beide Häkchen.
Kopiere in das Skript-Feld rein:

Zitat

drivers to delete:
hjgruijbicexqy
files to delete:
C:\Windows\system32\drivers\hjgruirimtmxpe.sys

Klicke auf Execute
Neustart zulassen.
Nach dem Neustart sollte ein Log eingeblendet werden, poste es bitte.

#5 Der Log:

Code

 Logfile of The Avenger Version 2.0, (c) by Swandog46
http://swandog46.geekstogo.com

Platform:  Windows Vista

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.
No rootkits found!

Driver "hjgruijbicexqy" deleted successfully.

Error:  file "C:\Windows\system32\drivers\hjgruirimtmxpe.sys" not found!
Deletion of file "C:\Windows\system32\drivers\hjgruirimtmxpe.sys" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
  --> the object does not exist


Completed script processing.

*******************

Finished!  Terminate.
 

.

Hast du schon etwas ausfindig machen können?

#6 Jau, wir versuchen gerade einen Rootkit (http://de.wikipedia.org/wiki/Rootkit) zu löschen. Hat anscheinend nur zur Hälfte geklappt, mal sehen.

Lasse bitte RootRepeal erneut laufen und poste das neue Log.

#7 Hier der neue Log:

Code

 ROOTREPEAL (c) AD, 2007-2009
==================================================
Scan Start Time:        2010/10/29 19:27
Program Version:        Version 1.3.5.0
Windows Version:        Windows Vista SP1
==================================================

Drivers
-------------------
Name: azze.sys
Image Path: C:\Windows\system32\drivers\azze.sys
Address: 0x805A4000    Size: 61440    File Visible: No    Signed: -
Status: -

Name: dump_iaStorV.sys
Image Path: C:\Windows\System32\Drivers\dump_iaStorV.sys
Address: 0x8A50C000    Size: 659456    File Visible: No    Signed: -
Status: -

Name: rootrepeal.sys
Image Path: C:\Windows\system32\drivers\rootrepeal.sys
Address: 0x8A7C9000    Size: 49152    File Visible: No    Signed: -
Status: -

Name: sptd
Image Path: \Driver\sptd
Address: 0x00000000    Size: 0    File Visible: No    Signed: -
Status: -

Name: spwf.sys
Image Path: C:\Windows\System32\Drivers\spwf.sys
Address: 0x8068B000    Size: 1052672    File Visible: No    Signed: -
Status: -

Hidden/Locked Files
-------------------
Path: C:\hiberfil.sys
Status: Locked to the Windows API!

Path: C:\System Volume Information\{018AB~1
Status: Locked to the Windows API!

Path: C:\System Volume Information\{018ab848-de9d-11df-b963-001e4ce65f72}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{018AB~3
Status: Locked to the Windows API!

Path: C:\System Volume Information\{018AB~4
Status: Locked to the Windows API!

Path: C:\System Volume Information\{0AFC9~1
Status: Locked to the Windows API!

Path: C:\System Volume Information\{0f479fb6-e2da-11df-86c0-001e4ce65f72}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{194A4~1
Status: Locked to the Windows API!

Path: C:\System Volume Information\{194a4b54-e2a0-11df-9660-001e4ce65f72}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{26C81~1
Status: Locked to the Windows API!

Path: C:\System Volume Information\{2727821e-e2e6-11df-a490-001e4ce65f72}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{27278228-e2e6-11df-a490-001e4ce65f72}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{8e844352-e2d5-11df-981e-001e4ce65f72}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{9E39D~1
Status: Locked to the Windows API!

Path: C:\System Volume Information\{9e39dcc2-d916-11df-a9df-001e4ce65f72}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{9e39dcc8-d916-11df-a9df-001e4ce65f72}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{9e39dcce-d916-11df-a9df-001e4ce65f72}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{9e39dcd4-d916-11df-a9df-001e4ce65f72}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{43b368ae-d8a3-11df-a4f6-001e4ce65f72}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{47057917-d75c-11df-8e34-001e4ce65f72}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{c338ded4-e357-11df-9f56-001e4ce65f72}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{c338deda-e357-11df-9f56-001e4ce65f72}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{C636A~1
Status: Locked to the Windows API!

Path: C:\System Volume Information\{cb63e270-e2db-11df-8348-001e4ce65f72}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{CC57D~1
Status: Locked to the Windows API!

Path: C:\System Volume Information\{D9317~1
Status: Locked to the Windows API!

Path: C:\System Volume Information\{ee7dffe7-d94d-11df-b74a-001e4ce65f72}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{f637c5f2-e35a-11df-ad7e-001e4ce65f72}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{fd306930-db43-11df-afbe-001e4ce65f72}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\Windows\Microsoft.NET\Framework\NETFXS~1.HKF
Status: Locked to the Windows API!

Path: C:\Windows\System32\wbem\PORTAB~1.MOF
Status: Locked to the Windows API!

Path: C:\Windows\System32\wbem\PORTAB~2.MOF
Status: Locked to the Windows API!

Path: C:\Windows\System32\wbem\PORTAB~3.MOF
Status: Locked to the Windows API!

Path: C:\Windows\System32\wbem\PRINTF~1.MOF
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.msxml2_6bd6b9abf345378f_4.20.9870.0_none_b7e00e6c7b30b69b.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.atl_1fc8b3b9a1e18e3b_8.0.50727.762_none_11ecb0ab9b2caf3c.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.21022.8_none_bcb86ed6ac711f91.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.762_none_0c178a139ee2a7ed.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.mfcloc_1fc8b3b9a1e18e3b_8.0.50727.42_none_58843c41d2730d3f.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.openmp_1fc8b3b9a1e18e3b_8.0.50727.762_none_7b33aa7d218504d2.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4148_none_5090ab56bcba71c2.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.mfcloc_1fc8b3b9a1e18e3b_8.0.50727.42_none_0e9c2a8d74fd3ce6.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.msxml2_6bd6b9abf345378f_4.20.9818.0_none_b7e811947b297f6d.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.openmp_1fc8b3b9a1e18e3b_8.0.50727.42_none_7658964504b9f3b6.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc90.atl_1fc8b3b9a1e18e3b_9.0.30729.4137_none_51c97d20bbe8350e.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.openmp_1fc8b3b9a1e18e3b_8.0.50727.762_none_abac38a907ee8801.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.9.0.microsoft.vc90.openmp_1fc8b3b9a1e18e3b_9.0.30729.4148_none_0e9108e3b72e14d4.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.762_none_10b2f55f9bffb8f8.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.9.0.microsoft.vc90.mfc_1fc8b3b9a1e18e3b_9.0.30729.4137_none_ecfe4c8afb2661fb.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.762_none_8a14c0566bec5b24.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.42_none_db5f52fb98cb24ad.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.9.0.microsoft.vc90.mfcloc_1fc8b3b9a1e18e3b_9.0.30729.1_none_818f59bf601aa775.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.42_none_54c11df268b7c6d9.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc90.mfc_1fc8b3b9a1e18e3b_9.0.30729.4137_none_4bf45688bf9e2dbf.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.atl_1fc8b3b9a1e18e3b_8.0.50727.42_none_58b19c2866332652.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4053_none_d08d7da0442a985d.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4053_none_516e2e610f48bda6.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.mfcloc_1fc8b3b9a1e18e3b_8.0.50727.4053_none_4db266e67dd280ef.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.42_none_d6c3e7af9bae13a2.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc90.atl_1fc8b3b9a1e18e3b_9.0.30729.1_none_e29d1181971ae11e.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.4.1.microsoft.msxml2r_6bd6b9abf345378f_4.1.1.0_none_8b7b15c031cda6db.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.9.0.microsoft.vc90.atl_1fc8b3b9a1e18e3b_9.0.30729.4137_none_f0eecac0f8a1c174.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.4.20.microsoft.msxml2_6bd6b9abf345378f_4.20.9870.0_none_a6dea5dc0ea08098.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.atl_1fc8b3b9a1e18e3b_8.0.50727.762_none_8e053e8c6967ba9d.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.1_none_e163563597edeada.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.42_none_5c4003bc63e949f6.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.msxml2r_6bd6b9abf345378f_4.1.1.0_none_365945b9da656e4d.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.atl_1fc8b3b9a1e18e3b_8.0.50727.42_none_dc990e4797f81af1.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.9.0.microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4137_none_f47d3254f657e518.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.4053_none_cbf21254470d8752.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.mfcloc_1fc8b3b9a1e18e3b_8.0.50727.4053_none_03ca5532205cb096.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.atl_1fc8b3b9a1e18e3b_8.0.50727.4053_none_4ddfc6cd11929a02.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.mfcloc_1fc8b3b9a1e18e3b_8.0.50727.762_none_8dd7dea5d5a7a18a.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc90.mfc_1fc8b3b9a1e18e3b_9.0.30729.4148_none_4bf5400abf9d60b7.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.9.0.microsoft.vc90.atl_1fc8b3b9a1e18e3b_9.0.30729.1_none_81c25f21d3d46d84.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc90.mfcloc_1fc8b3b9a1e18e3b_9.0.30729.1_none_da4695fc507e16e1.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc90.openmp_1fc8b3b9a1e18e3b_9.0.21022.8_none_ecdf8c290e547f39.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.9.0.microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.1_none_8550c6b5d18a9128.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4137_none_508fc1d4bcbb3eca.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.9.0.microsoft.vc90.mfcloc_1fc8b3b9a1e18e3b_9.0.30729.4148_none_f0bcaee084e72e5d.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc90.openmp_1fc8b3b9a1e18e3b_9.0.30729.4148_none_80b7c8a91e9dd16a.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc90.mfc_1fc8b3b9a1e18e3b_9.0.30729.1_none_dcc7eae99ad0d9cf.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.9.0.microsoft.vc90.mfc_1fc8b3b9a1e18e3b_9.0.30729.1_none_7dd1e0ebd6590e0b.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.9.0.microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4148_none_f47e1bd6f6571810.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.9.0.microsoft.vc90.mfc_1fc8b3b9a1e18e3b_9.0.30729.4148_none_ecff360cfb2594f3.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.msxml2_6bd6b9abf345378f_4.20.9876.0_none_b7e610287b2b4ea5.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.9.0.microsoft.vc90.openmp_1fc8b3b9a1e18e3b_9.0.21022.8_none_7ab8cc63a6e4c2a3.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.atl_1fc8b3b9a1e18e3b_8.0.50727.4053_none_d1c738ec43578ea1.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.4053_none_49ef489714173a89.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.msxml2r_6bd6b9abf345378f_4.1.0.0_none_3658456fda6654f6.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.openmp_1fc8b3b9a1e18e3b_8.0.50727.42_none_45e008191e507087.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.mfcloc_1fc8b3b9a1e18e3b_8.0.50727.762_none_43efccf17831d131.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.9.0.microsoft.vc90.atl_1fc8b3b9a1e18e3b_9.0.30729.4148_none_f0efb442f8a0f46c.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.762_none_9193a620671dde41.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc90.atl_1fc8b3b9a1e18e3b_9.0.30729.4148_none_51ca66a2bbe76806.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.4.20.microsoft.msxml2_6bd6b9abf345378f_4.20.9876.0_none_a6e4a7980e9b18a2.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.9.0.microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.21022.8_none_60a5df56e60dc5df.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc90.mfcloc_1fc8b3b9a1e18e3b_9.0.30729.4148_none_4973eb1d754a9dc9.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-com-base-qfe-ole32_31bf3856ad364e35_6.0.6001.18000_none_ac1da75bf2516084\$$DeleteMe.ole32.dll.01cb6b6c2ea96c51.0002
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-n..xcorecomp.resources_31bf3856ad364e35_6.0.6000.16720_de-de_589603bea65c07cf\EDITUS~1.RES
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-n..xcorecomp.resources_31bf3856ad364e35_6.0.6000.16720_de-de_589603bea65c07cf\SMTPSE~1.RES
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-n..xcorecomp.resources_31bf3856ad364e35_6.0.6000.16720_de-de_589603bea65c07cf\WEE477~1.RES
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-n..xcorecomp.resources_31bf3856ad364e35_6.0.6000.20883_de-de_58e1c1dfbfa79b44\EDITUS~1.RES
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-n..xcorecomp.resources_31bf3856ad364e35_6.0.6000.20883_de-de_58e1c1dfbfa79b44\SMTPSE~1.RES
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-n..xcorecomp.resources_31bf3856ad364e35_6.0.6000.20883_de-de_58e1c1dfbfa79b44\WEE477~1.RES
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-n..xcorecomp.resources_31bf3856ad364e35_6.0.6001.18111_de-de_5a88129aa3799626\EDITUS~1.RES
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-n..xcorecomp.resources_31bf3856ad364e35_6.0.6001.18111_de-de_5a88129aa3799626\SMTPSE~1.RES
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-n..xcorecomp.resources_31bf3856ad364e35_6.0.6001.18111_de-de_5a88129aa3799626\WEE477~1.RES
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-netfx3-core_31bf3856ad364e35_6.0.6001.18096_none_67458179da6478e3\FRAMEW~1.XML
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-netfx3-core_31bf3856ad364e35_6.0.6000.16708_none_65c29499dcf31c4e\FRAMEW~1.XML
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-netfx3-core_31bf3856ad364e35_6.0.6000.20864_none_660750b4f644fe62\FRAMEW~1.XML
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-p..oler-filterpipeline_31bf3856ad364e35_6.0.6001.18226_none_2b9dff39db71a7a1\PRINTF~1.MOF
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-p..oler-filterpipeline_31bf3856ad364e35_6.0.6000.16830_none_29a6eeebde589a97\PRINTF~1.MOF
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-p..oler-filterpipeline_31bf3856ad364e35_6.0.6000.21023_none_2a3e34a2f76b9db7\PRINTF~1.MOF
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-s..ent-sku-homepremium_31bf3856ad364e35_6.0.6002.18005_none_3d90d406f6a60fcd\SE3B5D~1.XRM
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-s..ent-sku-homepremium_31bf3856ad364e35_6.0.6002.18005_none_3d90d406f6a60fcd\SE54EE~1.XRM
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-s..ent-sku-homepremium_31bf3856ad364e35_6.0.6002.18005_none_3d90d406f6a60fcd\SE4BA2~1.XRM
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-s..ent-sku-homepremium_31bf3856ad364e35_6.0.6002.18005_none_3d90d406f6a60fcd\SE5F3C~1.XRM
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-s..ent-sku-homepremium_31bf3856ad364e35_6.0.6002.18005_none_3d90d406f6a60fcd\SECURI~4.XRM
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-s..ent-sku-homepremium_31bf3856ad364e35_6.0.6002.18005_none_3d90d406f6a60fcd\SE5FBC~1.XRM
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-s..ent-sku-homepremium_31bf3856ad364e35_6.0.6002.18005_none_3d90d406f6a60fcd\SE6DB5~1.XRM
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-s..ent-sku-homepremium_31bf3856ad364e35_6.0.6002.18005_none_3d90d406f6a60fcd\SE9AEB~1.XRM
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-shell-comctl32-v5_31bf3856ad364e35_6.0.6001.18000_none_399c1f00d7f7837a\$$DeleteMe.comctl32.dll.01cb6b6c2e7e9391.0000
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-w..mediadeliveryengine_31bf3856ad364e35_6.0.6001.18000_none_1d7020d85d93d705\$$DeleteMe.wmpmde.dll.01cb6b6c2e8a7a71.0001
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-wpd-portabledeviceapi_31bf3856ad364e35_6.0.6000.16767_none_48e0ac03ef0db56a\PORTAB~1.MOF
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-wpd-portabledeviceapi_31bf3856ad364e35_6.0.6000.16767_none_48e0ac03ef0db56a\PORTAB~2.MOF
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-wpd-portabledeviceapi_31bf3856ad364e35_6.0.6000.16767_none_48e0ac03ef0db56a\PORTAB~3.MOF
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-wpd-portabledeviceapi_31bf3856ad364e35_6.0.6000.20941_none_4979e8d10820826f\PORTAB~1.MOF
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-wpd-portabledeviceapi_31bf3856ad364e35_6.0.6000.20941_none_4979e8d10820826f\PORTAB~2.MOF
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-wpd-portabledeviceapi_31bf3856ad364e35_6.0.6000.20941_none_4979e8d10820826f\PORTAB~3.MOF
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-wpd-portabledeviceapi_31bf3856ad364e35_6.0.6001.18160_none_4abfe8a3ec3a94fa\PORTAB~1.MOF
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-wpd-portabledeviceapi_31bf3856ad364e35_6.0.6001.18160_none_4abfe8a3ec3a94fa\PORTAB~2.MOF
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-wpd-portabledeviceapi_31bf3856ad364e35_6.0.6001.18160_none_4abfe8a3ec3a94fa\PORTAB~3.MOF
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-wpd-portabledeviceapi_31bf3856ad364e35_6.0.6001.22292_none_4b2b163f056ebb45\PORTAB~1.MOF
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-wpd-portabledeviceapi_31bf3856ad364e35_6.0.6001.22292_none_4b2b163f056ebb45\PORTAB~2.MOF
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-wpd-portabledeviceapi_31bf3856ad364e35_6.0.6001.22292_none_4b2b163f056ebb45\PORTAB~3.MOF
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-wpd-portabledeviceapi_31bf3856ad364e35_6.0.6002.18005_none_4cec3f51e92bbb79\PORTAB~1.MOF
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-wpd-portabledeviceapi_31bf3856ad364e35_6.0.6002.18005_none_4cec3f51e92bbb79\PORTAB~2.MOF
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-wpd-portabledeviceapi_31bf3856ad364e35_6.0.6002.18005_none_4cec3f51e92bbb79\PORTAB~3.MOF
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webmintrust_config_b03f5f7f11d50a3a_6.0.6000.16720_none_e2c358ab062e054b\WEB_MI~1.CON
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webmintrust_config_b03f5f7f11d50a3a_6.0.6000.20883_none_cbfb6f4f1fd04a3e\WEB_MI~1.CON
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webmintrust_config_b03f5f7f11d50a3a_6.0.6001.18111_none_e29e3d61068011ec\WEB_MI~1.CON
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webmintrust_config_b03f5f7f11d50a3a_6.0.6001.22230_none_cbd2adfd20258aff\WEB_MI~1.CON
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webevent_sqlprov_b03f5f7f11d50a3a_6.0.6001.18111_none_a335242e0936a3fd\INSTAL~1.SQL
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webevent_sqlprov_b03f5f7f11d50a3a_6.0.6001.18111_none_a335242e0936a3fd\UNINST~1.SQL
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-uninstallsqlstate_sql_b03f5f7f11d50a3a_6.0.6000.16720_none_a2f69a4627a6df36\UNINST~1.SQL
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-uninstallsqlstate_sql_b03f5f7f11d50a3a_6.0.6000.20883_none_8c2eb0ea41492429\UNINST~1.SQL
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-uninstallsqlstate_sql_b03f5f7f11d50a3a_6.0.6001.18111_none_a2d17efc27f8ebd7\UNINST~1.SQL
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-uninstallsqlstate_sql_b03f5f7f11d50a3a_6.0.6001.22230_none_8c05ef98419e64ea\UNINST~1.SQL
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-vbc_exe_config_b03f5f7f11d50a3a_6.0.6000.16720_none_32a2a55c0f70152b\VBCEXE~1.CON
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-vbc_exe_config_b03f5f7f11d50a3a_6.0.6000.20883_none_1bdabc0029125a1e\VBCEXE~1.CON
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-vbc_exe_config_b03f5f7f11d50a3a_6.0.6001.18111_none_327d8a120fc221cc\VBCEXE~1.CON
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-webhightrust_config_b03f5f7f11d50a3a_6.0.6000.16720_none_a05f40e791345747\WEB_HI~1.CON
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-webhightrust_config_b03f5f7f11d50a3a_6.0.6000.20883_none_8997578baad69c3a\WEB_HI~1.CON
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-webhightrust_config_b03f5f7f11d50a3a_6.0.6001.18111_none_a03a259d918663e8\WEB_HI~1.CON
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-webhightrust_config_b03f5f7f11d50a3a_6.0.6001.22230_none_896e9639ab2bdcfb\WEB_HI~1.CON
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-xpthemes_manifest_b03f5f7f11d50a3a_6.0.6000.16720_none_1e9c83dead284b26\XPTHEM~1.MAN
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-xpthemes_manifest_b03f5f7f11d50a3a_6.0.6000.20883_none_07d49a82c6ca9019\XPTHEM~1.MAN
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-xpthemes_manifest_b03f5f7f11d50a3a_6.0.6001.18111_none_1e776894ad7a57c7\XPTHEM~1.MAN
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-xpthemes_manifest_b03f5f7f11d50a3a_6.0.6001.22230_none_07abd930c71fd0da\XPTHEM~1.MAN
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_policy.1.2.microsof..op.security.azroles_31bf3856ad364e35_6.0.6000.16386_none_ea83414c2e75b887\Microsoft.Interop.Security.AzRoles.config
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webevent_sqlprov_b03f5f7f11d50a3a_6.0.6001.22230_none_8c6994ca22dc1d10\INSTAL~1.SQL
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webevent_sqlprov_b03f5f7f11d50a3a_6.0.6001.22230_none_8c6994ca22dc1d10\UNINST~1.SQL
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webmedtrust_config_b03f5f7f11d50a3a_6.0.6000.16720_none_2c88b9b71ca44e71\WEB_ME~1.CON
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webmedtrust_config_b03f5f7f11d50a3a_6.0.6000.20883_none_15c0d05b36469364\WEB_ME~1.CON
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webmedtrust_config_b03f5f7f11d50a3a_6.0.6001.18111_none_2c639e6d1cf65b12\WEB_ME~1.CON
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webmedtrust_config_b03f5f7f11d50a3a_6.0.6001.22230_none_15980f09369bd425\WEB_ME~1.CON
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-vbc_exe_config_b03f5f7f11d50a3a_6.0.6001.22230_none_1bb1faae29679adf\VBCEXE~1.CON
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-csc_exe_config_b03f5f7f11d50a3a_6.0.6000.16720_none_879a188098bde787\CSCEXE~1.CON
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-csc_exe_config_b03f5f7f11d50a3a_6.0.6000.20883_none_70d22f24b2602c7a\CSCEXE~1.CON
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-csc_exe_config_b03f5f7f11d50a3a_6.0.6001.18111_none_8774fd36990ff428\CSCEXE~1.CON
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-csc_exe_config_b03f5f7f11d50a3a_6.0.6001.22230_none_70a96dd2b2b56d3b\CSCEXE~1.CON
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_wizard_res_b03f5f7f11d50a3a_6.0.6000.16720_none_a5a88a6ce272adc8\CONFIR~1.RES
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_wizard_res_b03f5f7f11d50a3a_6.0.6000.16720_none_a5a88a6ce272adc8\WIZARD~2.RES
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_wizard_res_b03f5f7f11d50a3a_6.0.6000.16720_none_a5a88a6ce272adc8\WIZARD~3.RES
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_wizard_res_b03f5f7f11d50a3a_6.0.6000.16720_none_a5a88a6ce272adc8\WIZARD~4.RES
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_wizard_res_b03f5f7f11d50a3a_6.0.6000.16720_none_a5a88a6ce272adc8\WI7FD4~1.RES
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_wizard_res_b03f5f7f11d50a3a_6.0.6000.16720_none_a5a88a6ce272adc8\WI49C3~1.RES
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_wizard_res_b03f5f7f11d50a3a_6.0.6000.16720_none_a5a88a6ce272adc8\WI2CD7~1.RES
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_wizard_res_b03f5f7f11d50a3a_6.0.6000.16720_none_a5a88a6ce272adc8\WI3A48~1.RES
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_wizard_res_b03f5f7f11d50a3a_6.0.6000.20883_none_8ee0a110fc14f2bb\CONFIR~1.RES
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_wizard_res_b03f5f7f11d50a3a_6.0.6000.20883_none_8ee0a110fc14f2bb\WIZARD~2.RES
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_wizard_res_b03f5f7f11d50a3a_6.0.6000.20883_none_8ee0a110fc14f2bb\WIZARD~3.RES
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_wizard_res_b03f5f7f11d50a3a_6.0.6000.20883_none_8ee0a110fc14f2bb\WIZARD~4.RES
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_wizard_res_b03f5f7f11d50a3a_6.0.6000.20883_none_8ee0a110fc14f2bb\WI7FD4~1.RES
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_nProcesses
-------------------
Path: System
PID: 4    Status: Locked to the Windows API!

Path: C:\Windows\System32\audiodg.exe
PID: 1248    Status: Locked to the Windows API!

Stealth Objects
-------------------
Object: Hidden Code [Driver: Ntfs, IRP_MJ_CREATE]
Process: System    Address: 0x854091f8    Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_CLOSE]
Process: System    Address: 0x854091f8    Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_READ]
Process: System    Address: 0x854091f8    Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_WRITE]
Process: System    Address: 0x854091f8    Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_INFORMATION]
Process: System    Address: 0x854091f8    Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_INFORMATION]
Process: System    Address: 0x854091f8    Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_EA]
Process: System    Address: 0x854091f8    Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_EA]
Process: System    Address: 0x854091f8    Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_FLUSH_BUFFERS]
Process: System    Address: 0x854091f8    Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_VOLUME_INFORMATION]
Process: System    Address: 0x854091f8    Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_VOLUME_INFORMATION]
Process: System    Address: 0x854091f8    Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_DIRECTORY_CONTROL]
Process: System    Address: 0x854091f8    Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_FILE_SYSTEM_CONTROL]
Process: System    Address: 0x854091f8    Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_DEVICE_CONTROL]
Process: System    Address: 0x854091f8    Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SHUTDOWN]
Process: System    Address: 0x854091f8    Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_LOCK_CONTROL]
Process: System    Address: 0x854091f8    Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_CLEANUP]
Process: System    Address: 0x854091f8    Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_SECURITY]
Process: System    Address: 0x854091f8    Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_SECURITY]
Process: System    Address: 0x854091f8    Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_QUOTA]
Process: System    Address: 0x854091f8    Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_QUOTA]
Process: System    Address: 0x854091f8    Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_PNP]
Process: System    Address: 0x854091f8    Size: 121

Object: Hidden Code [Driver: iaStorV, IRP_MJ_CREATE]
Process: System    Address: 0x854081f8    Size: 121

Object: Hidden Code [Driver: iaStorV, IRP_MJ_CLOSE]
Process: System    Address: 0x854081f8    Size: 121

Object: Hidden Code [Driver: iaStorV, IRP_MJ_DEVICE_CONTROL]
Process: System    Address: 0x854081f8    Size: 121

Object: Hidden Code [Driver: iaStorV, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System    Address: 0x854081f8    Size: 121

Object: Hidden Code [Driver: iaStorV, IRP_MJ_POWER]
Process: System    Address: 0x854081f8    Size: 121

Object: Hidden Code [Driver: iaStorV, IRP_MJ_SYSTEM_CONTROL]
Process: System    Address: 0x854081f8    Size: 121

Object: Hidden Code [Driver: iaStorV, IRP_MJ_PNP]
Process: System    Address: 0x854081f8    Size: 121

Object: Hidden Code [Driver: cdrom, IRP_MJ_CREATE]
Process: System    Address: 0x86d0c1f8    Size: 121

Object: Hidden Code [Driver: cdrom, IRP_MJ_CLOSE]
Process: System    Address: 0x86d0c1f8    Size: 121

Object: Hidden Code [Driver: cdrom, IRP_MJ_READ]
Process: System    Address: 0x86d0c1f8    Size: 121

Object: Hidden Code [Driver: cdrom, IRP_MJ_WRITE]
Process: System    Address: 0x86d0c1f8    Size: 121

Object: Hidden Code [Driver: cdrom, IRP_MJ_FLUSH_BUFFERS]
Process: System    Address: 0x86d0c1f8    Size: 121

Object: Hidden Code [Driver: cdrom, IRP_MJ_DEVICE_CONTROL]
Process: System    Address: 0x86d0c1f8    Size: 121

Object: Hidden Code [Driver: cdrom, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System    Address: 0x86d0c1f8    Size: 121

Object: Hidden Code [Driver: cdrom, IRP_MJ_SHUTDOWN]
Process: System    Address: 0x86d0c1f8    Size: 121

Object: Hidden Code [Driver: cdrom, IRP_MJ_POWER]
Process: System    Address: 0x86d0c1f8    Size: 121

Object: Hidden Code [Driver: cdrom, IRP_MJ_SYSTEM_CONTROL]
Process: System    Address: 0x86d0c1f8    Size: 121

Object: Hidden Code [Driver: cdrom, IRP_MJ_PNP]
Process: System    Address: 0x86d0c1f8    Size: 121

Object: Hidden Code [Driver: anlkiyphЌ㌱㐹龨蛦玤蛦㨨蛐㨨蛐
, IRP_MJ_CREATE]
Process: System    Address: 0x86cce1f8    Size: 121

Object: Hidden Code [Driver: anlkiyphЌ㌱㐹龨蛦玤蛦㨨蛐㨨蛐
, IRP_MJ_CLOSE]
Process: System    Address: 0x86cce1f8    Size: 121

Object: Hidden Code [Driver: anlkiyphЌ㌱㐹龨蛦玤蛦㨨蛐㨨蛐
, IRP_MJ_DEVICE_CONTROL]
Process: System    Address: 0x86cce1f8    Size: 121

Object: Hidden Code [Driver: anlkiyphЌ㌱㐹龨蛦玤蛦㨨蛐㨨蛐
, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System    Address: 0x86cce1f8    Size: 121

Object: Hidden Code [Driver: anlkiyphЌ㌱㐹龨蛦玤蛦㨨蛐㨨蛐
, IRP_MJ_POWER]
Process: System    Address: 0x86cce1f8    Size: 121

Object: Hidden Code [Driver: anlkiyphЌ㌱㐹龨蛦玤蛦㨨蛐㨨蛐
, IRP_MJ_SYSTEM_CONTROL]
Process: System    Address: 0x86cce1f8    Size: 121

Object: Hidden Code [Driver: anlkiyphЌ㌱㐹龨蛦玤蛦㨨蛐㨨蛐
, IRP_MJ_PNP]
Process: System    Address: 0x86cce1f8    Size: 121

Object: Hidden Code [Driver: USBSTOR, IRP_MJ_CREATE]
Process: System    Address: 0x875371f8    Size: 121

Object: Hidden Code [Driver: USBSTOR, IRP_MJ_CLOSE]
Process: System    Address: 0x875371f8    Size: 121

Object: Hidden Code [Driver: USBSTOR, IRP_MJ_READ]
Process: System    Address: 0x875371f8    Size: 121

Object: Hidden Code [Driver: USBSTOR, IRP_MJ_WRITE]
Process: System    Address: 0x875371f8    Size: 121

Object: Hidden Code [Driver: USBSTOR, IRP_MJ_DEVICE_CONTROL]
Process: System    Address: 0x875371f8    Size: 121

Object: Hidden Code [Driver: USBSTOR, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System    Address: 0x875371f8    Size: 121

Object: Hidden Code [Driver: USBSTOR, IRP_MJ_POWER]
Process: System    Address: 0x875371f8    Size: 121

Object: Hidden Code [Driver: USBSTOR, IRP_MJ_SYSTEM_CONTROL]
Process: System    Address: 0x875371f8    Size: 121

Object: Hidden Code [Driver: USBSTOR, IRP_MJ_PNP]
Process: System    Address: 0x875371f8    Size: 121

Object: Hidden Code [Driver: usbuhci致І晖呁陀蛐ꎨ蛐횸蛌ÿ, IRP_MJ_CREATE]
Process: System    Address: 0x86d0f1f8    Size: 121

Object: Hidden Code [Driver: usbuhci致І晖呁陀蛐ꎨ蛐횸蛌ÿ, IRP_MJ_CLOSE]
Process: System    Address: 0x86d0f1f8    Size: 121

Object: Hidden Code [Driver: usbuhci致І晖呁陀蛐ꎨ蛐횸蛌ÿ, IRP_MJ_DEVICE_CONTROL]
Process: System    Address: 0x86d0f1f8    Size: 121

Object: Hidden Code [Driver: usbuhci致І晖呁陀蛐ꎨ蛐횸蛌ÿ, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System    Address: 0x86d0f1f8    Size: 121

Object: Hidden Code [Driver: usbuhci致І晖呁陀蛐ꎨ蛐횸蛌ÿ, IRP_MJ_POWER]
Process: System    Address: 0x86d0f1f8    Size: 121

Object: Hidden Code [Driver: usbuhci致І晖呁陀蛐ꎨ蛐횸蛌ÿ, IRP_MJ_SYSTEM_CONTROL]
Process: System    Address: 0x86d0f1f8    Size: 121

Object: Hidden Code [Driver: usbuhci致І晖呁陀蛐ꎨ蛐횸蛌ÿ, IRP_MJ_PNP]
Process: System    Address: 0x86d0f1f8    Size: 121

Object: Hidden Code [Driver: Smb, IRP_MJ_CREATE]
Process: System    Address: 0x8747e1f8    Size: 121

Object: Hidden Code [Driver: Smb, IRP_MJ_CLOSE]
Process: System    Address: 0x8747e1f8    Size: 121

Object: Hidden Code [Driver: Smb, IRP_MJ_DEVICE_CONTROL]
Process: System    Address: 0x8747e1f8    Size: 121

Object: Hidden Code [Driver: Smb, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System    Address: 0x8747e1f8    Size: 121

Object: Hidden Code [Driver: Smb, IRP_MJ_CLEANUP]
Process: System    Address: 0x8747e1f8    Size: 121

Object: Hidden Code [Driver: Smb, IRP_MJ_PNP]
Process: System    Address: 0x8747e1f8    Size: 121

Object: Hidden Code [Driver: netbt, IRP_MJ_CREATE]
Process: System    Address: 0x87493500    Size: 121

Object: Hidden Code [Driver: netbt, IRP_MJ_CLOSE]
Process: System    Address: 0x87493500    Size: 121

Object: Hidden Code [Driver: netbt, IRP_MJ_DEVICE_CONTROL]
Process: System    Address: 0x87493500    Size: 121

Object: Hidden Code [Driver: netbt, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System    Address: 0x87493500    Size: 121

Object: Hidden Code [Driver: netbt, IRP_MJ_CLEANUP]
Process: System    Address: 0x87493500    Size: 121

Object: Hidden Code [Driver: netbt, IRP_MJ_PNP]
Process: System    Address: 0x87493500    Size: 121

Object: Hidden Code [Driver: iScsiPrtЅ晖呉躥㈴舓, IRP_MJ_CREATE]
Process: System    Address: 0x86e451f8    Size: 121

Object: Hidden Code [Driver: iScsiPrtЅ晖呉躥㈴舓, IRP_MJ_CLOSE]
Process: System    Address: 0x86e451f8    Size: 121

Object: Hidden Code [Driver: iScsiPrtЅ晖呉躥㈴舓, IRP_MJ_DEVICE_CONTROL]
Process: System    Address: 0x86e451f8    Size: 121

Object: Hidden Code [Driver: iScsiPrtЅ晖呉躥㈴舓, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System    Address: 0x86e451f8    Size: 121

Object: Hidden Code [Driver: iScsiPrtЅ晖呉躥㈴舓, IRP_MJ_POWER]
Process: System    Address: 0x86e451f8    Size: 121

Object: Hidden Code [Driver: iScsiPrtЅ晖呉躥㈴舓, IRP_MJ_SYSTEM_CONTROL]
Process: System    Address: 0x86e451f8    Size: 121

Object: Hidden Code [Driver: iScsiPrtЅ晖呉躥㈴舓, IRP_MJ_PNP]
Process: System    Address: 0x86e451f8    Size: 121

Object: Hidden Code [Driver: volmgr, IRP_MJ_CREATE]
Process: System    Address: 0x854061f8    Size: 121

Object: Hidden Code [Driver: volmgr, IRP_MJ_READ]
Process: System    Address: 0x854061f8    Size: 121

Object: Hidden Code [Driver: volmgr, IRP_MJ_WRITE]
Process: System    Address: 0x854061f8    Size: 121

Object: Hidden Code [Driver: volmgr, IRP_MJ_FLUSH_BUFFERS]
Process: System    Address: 0x854061f8    Size: 121

Object: Hidden Code [Driver: volmgr, IRP_MJ_DEVICE_CONTROL]
Process: System    Address: 0x854061f8    Size: 121

Object: Hidden Code [Driver: volmgr, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System    Address: 0x854061f8    Size: 121

Object: Hidden Code [Driver: volmgr, IRP_MJ_SHUTDOWN]
Process: System    Address: 0x854061f8    Size: 121

Object: Hidden Code [Driver: volmgr, IRP_MJ_CLEANUP]
Process: System    Address: 0x854061f8    Size: 121

Object: Hidden Code [Driver: volmgr, IRP_MJ_POWER]
Process: System    Address: 0x854061f8    Size: 121

Object: Hidden Code [Driver: volmgr, IRP_MJ_SYSTEM_CONTROL]
Process: System    Address: 0x854061f8    Size: 121

Object: Hidden Code [Driver: volmgr, IRP_MJ_PNP]
Process: System    Address: 0x854061f8    Size: 121

Object: Hidden Code [Driver: usbehci蛐Џ浍摌㏘蛐㾐蛐￿￿￿￿
ࠌ, IRP_MJ_CREATE]
Process: System    Address: 0x86e441f8    Size: 121

Object: Hidden Code [Driver: usbehci蛐Џ浍摌㏘蛐㾐蛐￿￿￿￿
ࠌ, IRP_MJ_CLOSE]
Process: System    Address: 0x86e441f8    Size: 121

Object: Hidden Code [Driver: usbehci蛐Џ浍摌㏘蛐㾐蛐￿￿￿￿
ࠌ, IRP_MJ_DEVICE_CONTROL]
Process: System    Address: 0x86e441f8    Size: 121

Object: Hidden Code [Driver: usbehci蛐Џ浍摌㏘蛐㾐蛐￿￿￿￿
ࠌ, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System    Address: 0x86e441f8    Size: 121

Object: Hidden Code [Driver: usbehci蛐Џ浍摌㏘蛐㾐蛐￿￿￿￿
ࠌ, IRP_MJ_POWER]
Process: System    Address: 0x86e441f8    Size: 121

Object: Hidden Code [Driver: usbehci蛐Џ浍摌㏘蛐㾐蛐￿￿￿￿
ࠌ, IRP_MJ_SYSTEM_CONTROL]
Process: System    Address: 0x86e441f8    Size: 121

Object: Hidden Code [Driver: usbehci蛐Џ浍摌㏘蛐㾐蛐￿￿￿￿
ࠌ, IRP_MJ_PNP]
Process: System    Address: 0x86e441f8    Size: 121

Object: Hidden Code [Driver: mrxsmb, IRP_MJ_CREATE]
Process: System    Address: 0x87745500    Size: 121

Object: Hidden Code [Driver: mrxsmb, IRP_MJ_CREATE_NAMED_PIPE]
Process: System    Address: 0x87745500    Size: 121

Object: Hidden Code [Driver: mrxsmb, IRP_MJ_CLOSE]
Process: System    Address: 0x87745500    Size: 121

Object: Hidden Code [Driver: mrxsmb, IRP_MJ_READ]
Process: System    Address: 0x87745500    Size: 121

Object: Hidden Code [Driver: mrxsmb, IRP_MJ_WRITE]
Process: System    Address: 0x87745500    Size: 121

Object: Hidden Code [Driver: mrxsmb, IRP_MJ_QUERY_INFORMATION]
Process: System    Address: 0x87745500    Size: 121

Object: Hidden Code [Driver: mrxsmb, IRP_MJ_SET_INFORMATION]
Process: System    Address: 0x87745500    Size: 121

Object: Hidden Code [Driver: mrxsmb, IRP_MJ_QUERY_EA]
Process: System    Address: 0x87745500    Size: 121

Object: Hidden Code [Driver: mrxsmb, IRP_MJ_SET_EA]
Process: System    Address: 0x87745500    Size: 121

Object: Hidden Code [Driver: mrxsmb, IRP_MJ_FLUSH_BUFFERS]
Process: System    Address: 0x87745500    Size: 121

Object: Hidden Code [Driver: mrxsmb, IRP_MJ_QUERY_VOLUME_INFORMATION]
Process: System    Address: 0x87745500    Size: 121

Object: Hidden Code [Driver: mrxsmb, IRP_MJ_SET_VOLUME_INFORMATION]
Process: System    Address: 0x87745500    Size: 121

Object: Hidden Code [Driver: mrxsmb, IRP_MJ_DIRECTORY_CONTROL]
Process: System    Address: 0x87745500    Size: 121

Object: Hidden Code [Driver: mrxsmb, IRP_MJ_FILE_SYSTEM_CONTROL]
Process: System    Address: 0x87745500    Size: 121

Object: Hidden Code [Driver: mrxsmb, IRP_MJ_DEVICE_CONTROL]
Process: System    Address: 0x87745500    Size: 121

Object: Hidden Code [Driver: mrxsmb, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System    Address: 0x87745500    Size: 121

Object: Hidden Code [Driver: mrxsmb, IRP_MJ_SHUTDOWN]
Process: System    Address: 0x87745500    Size: 121

Object: Hidden Code [Driver: mrxsmb, IRP_MJ_LOCK_CONTROL]
Process: System    Address: 0x87745500    Size: 121

Object: Hidden Code [Driver: mrxsmb, IRP_MJ_CLEANUP]
Process: System    Address: 0x87745500    Size: 121

Object: Hidden Code [Driver: mrxsmb, IRP_MJ_CREATE_MAILSLOT]
Process: System    Address: 0x87745500    Size: 121

Object: Hidden Code [Driver: mrxsmb, IRP_MJ_QUERY_SECURITY]
Process: System    Address: 0x87745500    Size: 121

Object: Hidden Code [Driver: mrxsmb, IRP_MJ_SET_SECURITY]
Process: System    Address: 0x87745500    Size: 121

Object: Hidden Code [Driver: mrxsmb, IRP_MJ_POWER]
Process: System    Address: 0x87745500    Size: 121

Object: Hidden Code [Driver: mrxsmb, IRP_MJ_SYSTEM_CONTROL]
Process: System    Address: 0x87745500    Size: 121

Object: Hidden Code [Driver: mrxsmb, IRP_MJ_DEVICE_CHANGE]
Process: System    Address: 0x87745500    Size: 121

Object: Hidden Code [Driver: mrxsmb, IRP_MJ_QUERY_QUOTA]
Process: System    Address: 0x87745500    Size: 121

Object: Hidden Code [Driver: mrxsmb, IRP_MJ_SET_QUOTA]
Process: System    Address: 0x87745500    Size: 121

Object: Hidden Code [Driver: mrxsmb, IRP_MJ_PNP]
Process: System    Address: 0x87745500    Size: 121

Object: Hidden Code [Driver: cdfs
慖⁤
І瑎湦܇$, IRP_MJ_CREATE]
Process: System    Address: 0x893f2430    Size: 121

Object: Hidden Code [Driver: cdfs
慖⁤
І瑎湦܇$, IRP_MJ_CLOSE]
Process: System    Address: 0x893f2430    Size: 121

Object: Hidden Code [Driver: cdfs
慖⁤
І瑎湦܇$, IRP_MJ_READ]
Process: System    Address: 0x893f2430    Size: 121

Object: Hidden Code [Driver: cdfs
慖⁤
І瑎湦܇$, IRP_MJ_WRITE]
Process: System    Address: 0x893f2430    Size: 121

Object: Hidden Code [Driver: cdfs
慖⁤
І瑎湦܇$, IRP_MJ_QUERY_INFORMATION]
Process: System    Address: 0x893f2430    Size: 121

Object: Hidden Code [Driver: cdfs
慖⁤
І瑎湦܇$, IRP_MJ_SET_INFORMATION]
Process: System    Address: 0x893f2430    Size: 121

Object: Hidden Code [Driver: cdfs
慖⁤
І瑎湦܇$, IRP_MJ_QUERY_VOLUME_INFORMATION]
Process: System    Address: 0x893f2430    Size: 121

Object: Hidden Code [Driver: cdfs
慖⁤
І瑎湦܇$, IRP_MJ_DIRECTORY_CONTROL]
Process: System    Address: 0x893f2430    Size: 121

Object: Hidden Code [Driver: cdfs
慖⁤
І瑎湦܇$, IRP_MJ_FILE_SYSTEM_CONTROL]
Process: System    Address: 0x893f2430    Size: 121

Object: Hidden Code [Driver: cdfs
慖⁤
І瑎湦܇$, IRP_MJ_DEVICE_CONTROL]
Process: System    Address: 0x893f2430    Size: 121

Object: Hidden Code [Driver: cdfs
慖⁤
І瑎湦܇$, IRP_MJ_SHUTDOWN]
Process: System    Address: 0x893f2430    Size: 121

Object: Hidden Code [Driver: cdfs
慖⁤
І瑎湦܇$, IRP_MJ_LOCK_CONTROL]
Process: System    Address: 0x893f2430    Size: 121

Object: Hidden Code [Driver: cdfs
慖⁤
І瑎湦܇$, IRP_MJ_CLEANUP]
Process: System    Address: 0x893f2430    Size: 121

Object: Hidden Code [Driver: cdfs
慖⁤
І瑎湦܇$, IRP_MJ_PNP]
Process: System    Address: 0x893f2430    Size: 121

==EOF==

#8 Ok, der ist weg.

1. Malwarebytes
http://www.malwarebytes.org/affiliates/g2g/mbam-setup.exe
Malwarebytes bitte installieren, aktualisieren, einen Quick Scan durchführen, evt. Funde entfernen lassen und das Log posten.

2. OTL
http://oldtimer.geekstogo.com/OTL.exe
Starte das Programm, setze Häckchen bei "Scanne alle Benutzer", "LOP Prüfung" und "Purity Prüfung", kopiere unten in das Script-Feld rein:

Zitat

netsvcs
msconfig

und klicke auf Scan. Poste bitte die OTL.txt (Extras.txt wird diesmal nicht benötigt)

#9 Der Log von Malware:

Code

 Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Datenbank Version: 4702

Windows 6.0.6001 Service Pack 1
Internet Explorer 8.0.6001.18943

29.10.2010 20:25:58
mbam-log-2010-10-29 (20-25-58).txt

Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 137151
Laufzeit: 5 Minute(n), 3 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 3
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 97

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
C:\Windows\Temp\jla755D.tmp (Worm.Parite) -> Delete on reboot.
C:\Windows\Temp\cyaF21B.tmp (Worm.Parite) -> Delete on reboot.
C:\Users\Seyin\AppData\Local\Temp\bsaBA0B.tmp (Worm.Parite) -> Delete on reboot.

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
C:\Windows\Temp\jla755D.tmp (Worm.Parite) -> Delete on reboot.
C:\Windows\Temp\cyaF21B.tmp (Worm.Parite) -> Delete on reboot.
C:\Users\Seyin\AppData\Local\Temp\bsaBA0B.tmp (Worm.Parite) -> Delete on reboot.
C:\Users\Seyin\AppData\Local\Temp\puaCB97.tmp.ren (Worm.Parite) -> Quarantined and deleted successfully.
C:\Windows\Temp\ana8A06.tmp (Worm.Parite) -> Quarantined and deleted successfully.
C:\Windows\Temp\apa9607.tmp (Worm.Parite) -> Quarantined and deleted successfully.
C:\Windows\Temp\apa9887.tmp (Worm.Parite) -> Quarantined and deleted successfully.
C:\Windows\Temp\atvC704.tmp (Worm.Parite) -> Quarantined and deleted successfully.
C:\Windows\Temp\ayaF102.tmp (Worm.Parite) -> Quarantined and deleted successfully.
C:\Windows\Temp\bca1812.tmp (Worm.Parite) -> Quarantined and deleted successfully.
C:\Windows\Temp\bfa3513.tmp (Worm.Parite) -> Quarantined and deleted successfully.
C:\Windows\Temp\byaF112.tmp (Worm.Parite) -> Quarantined and deleted successfully.
C:\Windows\Temp\byaF20B.tmp (Worm.Parite) -> Quarantined and deleted successfully.
C:\Windows\Temp\ofa3590.tmp (Worm.Parite) -> Quarantined and deleted successfully.
C:\Windows\Temp\ona8A92.tmp (Worm.Parite) -> Quarantined and deleted successfully.
C:\Windows\Temp\osaB48F.tmp (Worm.Parite) -> Quarantined and deleted successfully.
C:\Windows\Temp\pfo3297.tmp (Worm.Parite) -> Quarantined and deleted successfully.
C:\Windows\Temp\ppa9A99.tmp (Worm.Parite) -> Quarantined and deleted successfully.
C:\Windows\Temp\psaB49E.tmp (Worm.Parite) -> Quarantined and deleted successfully.
C:\Windows\Temp\pvaD299.tmp (Worm.Parite) -> Quarantined and deleted successfully.
C:\Windows\Temp\pyaF49A.tmp (Worm.Parite) -> Quarantined and deleted successfully.
C:\Windows\Temp\qfa35A0.tmp (Worm.Parite) -> Quarantined and deleted successfully.
C:\Windows\Temp\qja5CA0.tmp (Worm.Parite) -> Quarantined and deleted successfully.
C:\Windows\Temp\qja5CA1.tmp (Worm.Parite) -> Quarantined and deleted successfully.
C:\Windows\Temp\qlj71A7.tmp (Worm.Parite) -> Quarantined and deleted successfully.
C:\Windows\Temp\qna89A8.tmp (Worm.Parite) -> Quarantined and deleted successfully.
C:\Windows\Temp\qpa96A3.tmp (Worm.Parite) -> Quarantined and deleted successfully.
C:\Windows\Temp\queC8A1.tmp (Worm.Parite) -> Quarantined and deleted successfully.
C:\Windows\Temp\qyaF3A1.tmp (Worm.Parite) -> Quarantined and deleted successfully.
C:\Windows\Temp\qyaF5A4.tmp (Worm.Parite) -> Quarantined and deleted successfully.
C:\Windows\Temp\rca18AE.tmp (Worm.Parite) -> Quarantined and deleted successfully.
C:\Windows\Temp\roa94B0.tmp (Worm.Parite) -> Quarantined and deleted successfully.
C:\Windows\Temp\ryaF3B0.tmp (Worm.Parite) -> Quarantined and deleted successfully.
C:\Windows\Temp\slj71B7.tmp (Worm.Parite) -> Quarantined and deleted successfully.
C:\Windows\Temp\soa92BD.tmp (Worm.Parite) -> Quarantined and deleted successfully.
C:\Windows\Temp\dja5C23.tmp (Worm.Parite) -> Quarantined and deleted successfully.
C:\Windows\Temp\dvaD326.tmp (Worm.Parite) -> Quarantined and deleted successfully.
C:\Windows\Temp\dvaD41F.tmp (Worm.Parite) -> Quarantined and deleted successfully.
C:\Windows\Temp\fbh1333.tmp (Worm.Parite) -> Quarantined and deleted successfully.
C:\Windows\Temp\foa9433.tmp (Worm.Parite) -> Quarantined and deleted successfully.
C:\Windows\Temp\gnb843C.tmp (Worm.Parite) -> Quarantined and deleted successfully.
C:\Windows\Temp\goa9240.tmp (Worm.Parite) -> Quarantined and deleted successfully.
C:\Windows\Temp\goa9443.tmp (Worm.Parite) -> Quarantined and deleted successfully.
C:\Windows\Temp\gsaB441.tmp (Worm.Parite) -> Quarantined and deleted successfully.
C:\Windows\Temp\cna8A15.tmp (Worm.Parite) -> Quarantined and deleted successfully.
C:\Windows\Temp\hda224E.tmp (Worm.Parite) -> Quarantined and deleted successfully.
C:\Windows\Temp\leg3073.tmp (Worm.Parite) -> Quarantined and deleted successfully.
C:\Windows\Temp\hraB24D.tmp (Worm.Parite) -> Quarantined and deleted successfully.
C:\Windows\Temp\hyaF047.tmp (Worm.Parite) -> Quarantined and deleted successfully.
C:\Windows\Temp\idb2451.tmp (Worm.Parite) -> Quarantined and deleted successfully.
C:\Windows\Temp\ija5C52.tmp (Worm.Parite) -> Quarantined and deleted successfully.
C:\Windows\Temp\ivaD557.tmp (Worm.Parite) -> Quarantined and deleted successfully.
C:\Windows\Temp\ivaD577.tmp (Worm.Parite) -> Quarantined and deleted successfully.
C:\Windows\Temp\iyaF150.tmp (Worm.Parite) -> Quarantined and deleted successfully.
C:\Windows\Temp\iyaF353.tmp (Worm.Parite) -> Quarantined and deleted successfully.
C:\Windows\Temp\jca1860.tmp (Worm.Parite) -> Quarantined and deleted successfully.
C:\Windows\Temp\jna895A.tmp.ren (Worm.Parite) -> Quarantined and deleted successfully.
C:\Windows\Temp\joa925F.tmp (Worm.Parite) -> Quarantined and deleted successfully.
C:\Windows\Temp\jraAB5B.tmp (Worm.Parite) -> Quarantined and deleted successfully.
C:\Windows\Temp\jxaEF5D.tmp (Worm.Parite) -> Quarantined and deleted successfully.
C:\Windows\Temp\klj7169.tmp (Worm.Parite) -> Quarantined and deleted successfully.
C:\Windows\Temp\klj7179.tmp (Worm.Parite) -> Quarantined and deleted successfully.
C:\Windows\Temp\koa956B.tmp (Worm.Parite) -> Quarantined and deleted successfully.
C:\Windows\Temp\moa9481.tmp (Worm.Parite) -> Quarantined and deleted successfully.
C:\Windows\Temp\nam282.tmp (Worm.Parite) -> Quarantined and deleted successfully.
C:\Windows\Temp\nna8989.tmp (Worm.Parite) -> Quarantined and deleted successfully.
C:\Windows\Temp\nna8A83.tmp (Worm.Parite) -> Quarantined and deleted successfully.
C:\Windows\Temp\npb9D86.tmp (Worm.Parite) -> Quarantined and deleted successfully.
C:\Windows\Temp\nqaA082.tmp (Worm.Parite) -> Quarantined and deleted successfully.
C:\Windows\Temp\nvaD28A.tmp (Worm.Parite) -> Quarantined and deleted successfully.
C:\Windows\Temp\uysF1D0.tmp (Worm.Parite) -> Quarantined and deleted successfully.
C:\Windows\Temp\vfa33DB.tmp (Worm.Parite) -> Quarantined and deleted successfully.
C:\Windows\Temp\vpa96D2.tmp (Worm.Parite) -> Quarantined and deleted successfully.
C:\Windows\Temp\vwkE0D9.tmp (Worm.Parite) -> Quarantined and deleted successfully.
C:\Windows\Temp\wna88DD.tmp (Worm.Parite) -> Quarantined and deleted successfully.
C:\Windows\Temp\wpa96F1.tmp (Worm.Parite) -> Quarantined and deleted successfully.
C:\Windows\Temp\wuaD1DE.tmp (Worm.Parite) -> Quarantined and deleted successfully.
C:\Windows\Temp\wwaE0DC.tmp (Worm.Parite) -> Quarantined and deleted successfully.
C:\Windows\Temp\wyaF0E3.tmp (Worm.Parite) -> Quarantined and deleted successfully.
C:\Windows\Temp\xoa92EB.tmp (Worm.Parite) -> Quarantined and deleted successfully.
C:\Windows\Temp\xoa95E8.tmp (Worm.Parite) -> Quarantined and deleted successfully.
C:\Windows\Temp\xqaA0EF.tmp (Worm.Parite) -> Quarantined and deleted successfully.
C:\Windows\Temp\ygb40F5.tmp (Worm.Parite) -> Quarantined and deleted successfully.
C:\Windows\Temp\ynd82F5.tmp (Worm.Parite) -> Quarantined and deleted successfully.
C:\Windows\Temp\yyaF2F5.tmp (Worm.Parite) -> Quarantined and deleted successfully.
C:\Windows\Temp\zqaA10F.tmp (Worm.Parite) -> Quarantined and deleted successfully.
C:\Windows\Temp\nyeF18A.tmp (Worm.Parite) -> Quarantined and deleted successfully.
C:\Windows\Temp\tla76C4.tmp (Worm.Parite) -> Quarantined and deleted successfully.
C:\Windows\Temp\uoc8FD0.tmp (Worm.Parite) -> Quarantined and deleted successfully.
C:\Windows\Temp\lpa9E70.tmp (Worm.Parite) -> Quarantined and deleted successfully.
C:\Windows\Temp\tmm7BC6.tmp (Worm.Parite) -> Quarantined and deleted successfully.
C:\Windows\Temp\tog8CC5.tmp (Worm.Parite) -> Quarantined and deleted successfully.
C:\Windows\Temp\tpa99BF.tmp (Worm.Parite) -> Quarantined and deleted successfully.
C:\Windows\Temp\tpa9BC1.tmp (Worm.Parite) -> Quarantined and deleted successfully.
C:\Windows\Temp\traACC2.tmp (Worm.Parite) -> Quarantined and deleted successfully.
C:\Windows\Temp\udm1FD1.tmp (Worm.Parite) -> Quarantined and deleted successfully.
C:\Windows\Temp\uoa92CC.tmp (Worm.Parite) -> Quarantined and deleted successfully.
 

Der Log von OTL:

Code

OTL logfile created on: 29.10.2010 20:38:50 - Run 1
OTL by OldTimer - Version 3.2.17.1     Folder = C:\Users\Seyin\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18943)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 67,00% Memory free
6,00 Gb Paging File | 5,00 Gb Available in Paging File | 85,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 698,63 Gb Total Space | 197,80 Gb Free Space | 28,31% Space Free | Partition Type: NTFS
 
Computer Name: SEYIN1 | User Name: Seyin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
[color=#E56717]========== Processes (SafeList) ==========[/color]
 
PRC - [2010.10.29 00:34:06 | 000,753,116 | ---- | M] (OldTimer Tools) -- C:\Users\Seyin\Desktop\OTL.exe
PRC - [2010.10.28 22:37:51 | 003,215,320 | ---- | M] (Crawler.com) -- C:\Programme\Spyware Terminator\SpywareTerminatorUpdate.exe
PRC - [2010.10.28 22:37:50 | 000,488,960 | ---- | M] (Crawler.com) -- C:\Programme\Spyware Terminator\sp_rsser.exe
PRC - [2010.08.26 03:57:32 | 000,380,928 | ---- | M] (AMD) -- C:\Windows\System32\atieclxx.exe
PRC - [2010.08.26 03:57:04 | 000,176,128 | ---- | M] (AMD) -- C:\Windows\System32\atiesrxx.exe
PRC - [2010.06.26 11:26:51 | 000,030,192 | ---- | M] (Google) -- C:\Programme\Google\Google Desktop Search\GoogleDesktop.exe
PRC - [2010.06.10 21:03:08 | 000,144,176 | ---- | M] (Apple Inc.) -- C:\Programme\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2010.03.02 11:28:23 | 000,460,764 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe
PRC - [2010.02.24 10:28:01 | 000,313,310 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\sched.exe
PRC - [2010.01.15 14:49:20 | 000,255,536 | ---- | M] (McAfee, Inc.) -- C:\Programme\McAfee Security Scan\2.0.181\SSScheduler.exe
PRC - [2009.11.29 02:11:47 | 000,039,408 | ---- | M] (Google Inc.) -- C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
PRC - [2008.11.06 07:34:46 | 000,266,424 | ---- | M] (Phantombility, Inc) -- C:\Programme\Phantombility\Phantom CD\pcdservice.exe
PRC - [2008.10.29 08:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008.05.03 13:31:46 | 000,071,096 | ---- | M] () -- C:\Programme\BurnAware Professional\nmsaccessu.exe
PRC - [2008.01.21 04:25:33 | 000,896,512 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe
PRC - [2008.01.21 04:25:33 | 000,202,240 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnscfg.exe
PRC - [2008.01.21 04:23:32 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Defender\MSASCui.exe
PRC - [2007.02.13 12:43:38 | 000,715,568 | ---- | M] (Broadcom Corporation.) -- C:\Programme\WIDCOMM\Bluetooth Software\BTTray.exe
PRC - [2007.02.13 12:43:36 | 001,600,304 | ---- | M] (Broadcom Corporation.) -- C:\Programme\WIDCOMM\Bluetooth Software\BTStackServer.exe
PRC - [2006.12.28 01:02:00 | 001,454,080 | R--- | M] (AVM Berlin) -- C:\Programme\avmwlanstick\WLanGUI.exe
PRC - [2006.12.28 01:02:00 | 000,356,352 | R--- | M] (AVM Berlin) -- C:\Programme\avmwlanstick\WLanNetService.exe
 
 
[color=#E56717]========== Modules (SafeList) ==========[/color]
 
MOD - [2010.10.29 20:27:54 | 000,176,128 | ---- | M] () -- C:\Users\Seyin\AppData\Local\Temp\isaBB52.tmp
MOD - [2010.10.29 00:34:06 | 000,753,116 | ---- | M] (OldTimer Tools) -- C:\Users\Seyin\Desktop\OTL.exe
MOD - [2010.08.31 17:39:57 | 001,684,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18523_none_5cdd65e20837faf2\comctl32.dll
MOD - [2008.01.21 04:23:45 | 000,015,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wsock32.dll
 
 
[color=#E56717]========== Win32 Services (SafeList) ==========[/color]
 
SRV - [2010.10.29 14:51:25 | 000,411,432 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2010.10.28 22:37:50 | 000,488,960 | ---- | M] (Crawler.com) [Auto | Running] -- C:\Program Files\Spyware Terminator\sp_rsser.exe -- (sp_rssrv)
SRV - [2010.08.26 03:57:04 | 000,176,128 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2010.06.26 11:26:51 | 000,030,192 | ---- | M] (Google) [On_Demand | Stopped] -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe -- (GoogleDesktopManager-051210-111108)
SRV - [2010.06.10 21:03:08 | 000,144,176 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2010.04.01 13:33:15 | 000,445,400 | ---- | M] (Avira GmbH) [Auto | Stopped] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2010.03.18 13:16:28 | 000,931,294 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe -- (WPFFontCache_v0400)
SRV - [2010.03.18 13:16:28 | 000,308,184 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010.02.24 10:28:01 | 000,313,310 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2010.02.19 13:37:14 | 000,694,754 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2010.01.15 14:49:20 | 000,404,958 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
SRV - [2008.11.06 07:34:46 | 000,266,424 | ---- | M] (Phantombility, Inc) [Auto | Running] -- C:\Program Files\Phantombility\Phantom CD\pcdservice.exe -- (pcdservice)
SRV - [2008.05.03 13:31:46 | 000,071,096 | ---- | M] () [Auto | Running] -- C:\Programme\BurnAware Professional\nmsaccessu.exe -- (NMSAccessU)
SRV - [2008.01.21 04:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2006.12.28 01:02:00 | 000,356,352 | R--- | M] (AVM Berlin) [Auto | Running] -- C:\Programme\avmwlanstick\WLanNetService.exe -- (AVM WLAN Connection Service)
 
 
[color=#E56717]========== Driver Services (SafeList) ==========[/color]
 
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\frmupgr.sys -- (DFUBTUSB)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\btusbflt.sys -- (btusbflt)
DRV - [2010.10.28 22:37:50 | 000,142,592 | ---- | M] () [Kernel | System | Running] -- C:\Windows\System32\drivers\sp_rsdrv2.sys -- (sp_rsdrv2)
DRV - [2010.08.26 05:36:28 | 006,380,032 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2010.08.26 05:36:28 | 006,380,032 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (amdkmdag)
DRV - [2010.08.26 03:20:36 | 000,221,696 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmpag.sys -- (amdkmdap)
DRV - [2010.07.15 14:47:24 | 000,099,344 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AtihdLH3.sys -- (AtiHDAudioService)
DRV - [2010.03.28 19:43:59 | 000,278,728 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\atksgt.sys -- (atksgt)
DRV - [2010.03.28 19:43:58 | 000,025,416 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\lirsgt.sys -- (lirsgt)
DRV - [2010.03.01 10:05:19 | 000,124,784 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2010.02.16 14:24:01 | 000,060,936 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2009.12.12 20:03:13 | 000,721,904 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd)
DRV - [2009.09.30 16:31:46 | 000,103,440 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV - [2009.05.11 10:12:49 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2008.01.21 04:23:27 | 000,386,616 | ---- | M] (LSI Corporation, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasr.sys -- (MegaSR)
DRV - [2008.01.21 04:23:27 | 000,149,560 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320)
DRV - [2008.01.21 04:23:27 | 000,031,288 | ---- | M] (LSI Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasas.sys -- (megasas)
DRV - [2008.01.21 04:23:26 | 000,101,432 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m)
DRV - [2008.01.21 04:23:26 | 000,074,808 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4)
DRV - [2008.01.21 04:23:26 | 000,040,504 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs)
DRV - [2008.01.21 04:23:26 | 000,031,616 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2008.01.21 04:23:25 | 000,300,600 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci)
DRV - [2008.01.21 04:23:25 | 000,220,672 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express) Intel(R)
DRV - [2008.01.21 04:23:25 | 000,089,656 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS)
DRV - [2008.01.21 04:23:24 | 001,122,360 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300)
DRV - [2008.01.21 04:23:24 | 000,118,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel(R)
DRV - [2008.01.21 04:23:24 | 000,079,928 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas)
DRV - [2008.01.21 04:23:23 | 000,235,064 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV)
DRV - [2008.01.21 04:23:23 | 000,130,616 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid)
DRV - [2008.01.21 04:23:23 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2)
DRV - [2008.01.21 04:23:23 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2008.01.21 04:23:23 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC)
DRV - [2008.01.21 04:23:23 | 000,079,416 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arc.sys -- (arc)
DRV - [2008.01.21 04:23:22 | 000,342,584 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor)
DRV - [2008.01.21 04:23:21 | 000,422,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx)
DRV - [2008.01.21 04:23:21 | 000,102,968 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid)
DRV - [2008.01.21 04:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor)
DRV - [2008.01.21 04:23:20 | 000,238,648 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci)
DRV - [2008.01.21 04:23:00 | 000,020,024 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\viaide.sys -- (viaide)
DRV - [2008.01.21 04:23:00 | 000,019,000 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide)
DRV - [2008.01.21 04:23:00 | 000,017,464 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\aliide.sys -- (aliide)
DRV - [2007.02.05 00:16:32 | 000,079,664 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\btwaudio.sys -- (btwaudio)
DRV - [2007.02.05 00:16:30 | 000,080,688 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\btwavdt.sys -- (btwavdt)
DRV - [2007.02.05 00:16:26 | 000,016,432 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\btwrchid.sys -- (btwrchid)
DRV - [2006.11.07 02:00:00 | 000,014,976 | ---- | M] (AVM GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\avmunet.sys -- (AVMUNET)
DRV - [2006.11.02 11:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx)
DRV - [2006.11.02 11:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata)
DRV - [2006.11.02 11:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960)
DRV - [2006.11.02 11:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp)
DRV - [2006.11.02 11:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx)
DRV - [2006.11.02 11:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid)
DRV - [2006.11.02 11:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi)
DRV - [2006.11.02 11:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx)
DRV - [2006.11.02 11:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3)
DRV - [2006.11.02 11:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x)
DRV - [2006.11.02 11:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi)
DRV - [2006.11.02 10:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2006.11.02 10:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer)
DRV - [2006.11.02 10:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp)
DRV - [2006.11.02 10:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo)
DRV - [2006.11.02 10:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm)
DRV - [2006.11.02 10:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm)
DRV - [2006.11.02 09:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi)
 
 
[color=#E56717]========== Standard Registry (SafeList) ==========[/color]
 
 
[color=#E56717]========== Internet Explorer ==========[/color]
 
IE - HKLM\..\URLSearchHook:  - Reg Error: Key error. File not found
IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - Reg Error: Key error. File not found
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-4071076449-3196111840-1513536566-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\S-1-5-21-4071076449-3196111840-1513536566-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://start.icq.com/
IE - HKU\S-1-5-21-4071076449-3196111840-1513536566-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-4071076449-3196111840-1513536566-1000\..\URLSearchHook:  - Reg Error: Key error. File not found
IE - HKU\S-1-5-21-4071076449-3196111840-1513536566-1000\..\URLSearchHook: {9CB65206-89C4-402c-BA80-02D8C59F9B1D} - Reg Error: Key error. File not found
IE - HKU\S-1-5-21-4071076449-3196111840-1513536566-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-4071076449-3196111840-1513536566-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = fritz.box;192.168.178.1;*.local
 
[color=#E56717]========== FireFox ==========[/color]
 
FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "www.google.de"
FF - prefs.js..extensions.enabledItems: toolbar@ask.com:3.9.1.14019
FF - prefs.js..extensions.enabledItems: DTToolbar@toolbarnet.com:1.1.1.0014
FF - prefs.js..extensions.enabledItems: {DDC359D1-844A-42a7-9AA1-88A850A938A8}:1.1.7
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1
FF - prefs.js..extensions.enabledItems: {800b5000-a755-47e1-992b-48a1c1357f07}:2.0.0.4
FF - prefs.js..extensions.enabledItems: {872b5b88-9db5-4310-bdd0-ac189557e5f5}:2.7.2.0
FF - prefs.js..extensions.enabledItems: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065}:2.7.1.3
FF - prefs.js..keyword.URL: "http://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=2.0.0.4&q="
 
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.11\extensions\\Components: C:\Program Files\fgjf\components [2010.10.22 20:42:15 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.11\extensions\\Plugins: C:\Program Files\fgjf\plugins [2010.10.28 16:54:17 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Components: C:\Program Files\Mozilla Firefox\components
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
 
[2009.11.29 11:47:35 | 000,000,000 | ---D | M] -- C:\Users\Seyin\AppData\Roaming\mozilla\Extensions
[2010.10.29 18:07:27 | 000,000,000 | ---D | M] -- C:\Users\Seyin\AppData\Roaming\mozilla\Firefox\Profiles\60bghxrq.default\extensions
[2009.12.01 17:51:32 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Seyin\AppData\Roaming\mozilla\Firefox\Profiles\60bghxrq.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010.06.06 18:24:00 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Seyin\AppData\Roaming\mozilla\Firefox\Profiles\60bghxrq.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2010.08.28 14:46:03 | 000,000,000 | ---D | M] (DVDVideoSoftTB Toolbar) -- C:\Users\Seyin\AppData\Roaming\mozilla\Firefox\Profiles\60bghxrq.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}
[2010.06.03 16:25:49 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Seyin\AppData\Roaming\mozilla\Firefox\Profiles\60bghxrq.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2010.10.28 22:35:46 | 000,000,000 | ---D | M] (softonic-de3 Toolbar) -- C:\Users\Seyin\AppData\Roaming\mozilla\Firefox\Profiles\60bghxrq.default\extensions\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}
[2009.11.29 11:50:56 | 000,000,000 | ---D | M] (DownThemAll!) -- C:\Users\Seyin\AppData\Roaming\mozilla\Firefox\Profiles\60bghxrq.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}
[2009.12.12 20:50:35 | 000,000,000 | ---D | M] -- C:\Users\Seyin\AppData\Roaming\mozilla\Firefox\Profiles\60bghxrq.default\extensions\DTToolbar@toolbarnet.com
[2010.10.16 14:05:31 | 000,000,000 | ---D | M] -- C:\Users\Seyin\AppData\Roaming\mozilla\Firefox\Profiles\60bghxrq.default\extensions\toolbar@ask.com
[2010.10.26 08:05:52 | 000,000,950 | ---- | M] () -- C:\Users\Seyin\AppData\Roaming\Mozilla\FireFox\Profiles\60bghxrq.default\searchplugins\icqplugin-1.xml
[2010.09.27 14:33:18 | 000,000,950 | ---- | M] () -- C:\Users\Seyin\AppData\Roaming\Mozilla\FireFox\Profiles\60bghxrq.default\searchplugins\icqplugin-2.xml
[2010.10.16 14:33:12 | 000,000,950 | ---- | M] () -- C:\Users\Seyin\AppData\Roaming\Mozilla\FireFox\Profiles\60bghxrq.default\searchplugins\icqplugin-3.xml
[2010.10.23 17:15:22 | 000,000,950 | ---- | M] () -- C:\Users\Seyin\AppData\Roaming\Mozilla\FireFox\Profiles\60bghxrq.default\searchplugins\icqplugin-4.xml
[2010.07.25 18:55:57 | 000,001,056 | ---- | M] () -- C:\Users\Seyin\AppData\Roaming\Mozilla\FireFox\Profiles\60bghxrq.default\searchplugins\icqplugin.xml
 
O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll (Google Inc.)
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Programme\DAEMON Tools Toolbar\DTToolbar.dll ()
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKU\S-1-5-21-4071076449-3196111840-1513536566-1000\..\Toolbar\WebBrowser: (no name) - {043C5167-00BB-4324-AF7E-62013FAEDACF} - No CLSID value found.
O3 - HKU\S-1-5-21-4071076449-3196111840-1513536566-1000\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKU\S-1-5-21-4071076449-3196111840-1513536566-1000\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Programme\DAEMON Tools Toolbar\DTToolbar.dll ()
O3 - HKU\S-1-5-21-4071076449-3196111840-1513536566-1000\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)
O4 - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AppleSyncNotifier] C:\Programme\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe (Apple Inc.)
O4 - HKLM..\Run: [ATICustomerCare] C:\Program Files\ATI\ATICustomerCare\ATICustomerCare.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [AVMWlanClient] C:\Programme\avmwlanstick\WLanGUI.exe (AVM Berlin)
O4 - HKLM..\Run: [Bluetooth HCI Monitor] C:\Windows\System32\HCIMNTR.DLL (Logitech Inc.)
O4 - HKLM..\Run: [Google Desktop Search] C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (Google)
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NeroFilterCheck] C:\Programme\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [POEngine] C:\Program Files\PokerOffice\POEngine.exe ()
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SwitchBoard] C:\Programme\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-4071076449-3196111840-1513536566-1000..\Run: [AdobeBridge]  File not found
O4 - HKU\S-1-5-21-4071076449-3196111840-1513536566-1000..\Run: [SpywareTerminatorUpdate] C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe (Crawler.com)
O4 - HKU\S-1-5-21-4071076449-3196111840-1513536566-1000..\Run: [Steam] C:\Program Files\Steam\Steam.exe (Valve Corporation)
O4 - HKU\S-1-5-21-4071076449-3196111840-1513536566-1000..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Free YouTube Download - C:\Users\Seyin\AppData\Roaming\DVDVideoSoftIEHelpers\youtubedownload.htm ()
O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Seyin\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm ()
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll (Google Inc.)
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - C:\Programme\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Programme\PokerStars\PokerStarsUpdate.exe (PokerStars)
O9 - Extra Button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Programme\ICQ7.2\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Programme\ICQ7.2\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: PartyCasino - {B4B52284-A248-4c51-9F7C-F0A0C67FCC9D} - C:\Programs\PartyGaming\PartyCasino\RunApp.exe File not found
O9 - Extra 'Tools' menuitem : PartyCasino - {B4B52284-A248-4c51-9F7C-F0A0C67FCC9D} - C:\Programs\PartyGaming\PartyCasino\RunApp.exe File not found
O9 - Extra Button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programs\PartyGaming\PartyPoker\RunApp.exe File not found
O9 - Extra 'Tools' menuitem : PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programs\PartyGaming\PartyPoker\RunApp.exe File not found
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-4071076449-3196111840-1513536566-1000\..Trusted Domains: everestcasino.com ([account] https in Trusted sites)
O15 - HKU\S-1-5-21-4071076449-3196111840-1513536566-1000\..Trusted Domains: fritz.box ([]* in Local intranet)
O15 - HKU\S-1-5-21-4071076449-3196111840-1513536566-1000\..Trusted Domains: localhost ([]http in Local intranet)
O15 - HKU\S-1-5-21-4071076449-3196111840-1513536566-1000\..Trusted Domains: targobank.de ([www] https in Trusted sites)
O15 - HKU\S-1-5-21-4071076449-3196111840-1513536566-1000\..Trusted Ranges: GD ([http] in Local intranet)
O15 - HKU\S-1-5-21-4071076449-3196111840-1513536566-1000\..Trusted Ranges: Range1 (•  in Local intranet)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-0015-0000-0001-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_01-windows-i586.cab (Java Plug-in 1.5.0_01)
O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 192.168.0.1
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Common Files\microsoft shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Common Files\microsoft shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\vsharechrome {3F3A4B8A-86FC-43A4-BB00-6D7EBE9D4484} - Reg Error: Key error. File not found
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL) - C:\Programme\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{27eee677-e74c-11de-9a5d-001e4ce65f72}\Shell - "" = AutoRun
O33 - MountPoints2\{27eee677-e74c-11de-9a5d-001e4ce65f72}\Shell\AutoRun\command - "" = E:\Setup.exe -- File not found
O33 - MountPoints2\{44f02b6a-64e3-11df-a00e-001e4ce65f72}\Shell\AutoRun\command - "" = F:\Driver\USB_Flash\Driver.exe -- File not found
O33 - MountPoints2\{44f02b6a-64e3-11df-a00e-001e4ce65f72}\Shell\open\command - "" = F:\Driver\USB_Flash\Driver.exe -- File not found
O33 - MountPoints2\{792a5bdf-ddd1-11de-9115-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{792a5bdf-ddd1-11de-9115-806e6f6e6963}\Shell\AutoRun\command - "" = J:\preinst.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O34 - HKLM BootExecute: (C:\PROGRA~2\SPYWAR~1\sp_rsdel.exe "\??\C:\PROGRA~2\SPYWAR~1\sp_rsdel.dat,) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]
 
[2010.10.29 14:58:51 | 000,649,694 | ---- | C] ( ) -- C:\Users\Seyin\Desktop\RootRepeal.exe
[2010.10.29 14:56:37 | 000,000,000 | ---D | C] -- C:\ProgramData\WinZip
[2010.10.29 14:56:29 | 000,000,000 | ---D | C] -- C:\Programme\WinZip
[2010.10.29 14:31:28 | 000,000,000 | ---D | C] -- C:\ProgramData\SecTaskMan
[2010.10.29 14:31:26 | 000,000,000 | ---D | C] -- C:\Programme\Security Task Manager
[2010.10.29 14:01:30 | 000,000,000 | ---D | C] -- C:\Programme\CCleaner
[2010.10.29 14:01:04 | 002,987,990 | ---- | C] (Piriform Ltd) -- C:\Users\Seyin\Desktop\ccsetup300.exe
[2010.10.29 00:38:13 | 000,000,000 | ---D | C] -- C:\Users\Seyin\Desktop\Logdateien
[2010.10.29 00:34:05 | 000,753,116 | ---- | C] (OldTimer Tools) -- C:\Users\Seyin\Desktop\OTL.exe
[2010.10.29 00:30:04 | 000,566,230 | ---- | C] (Trend Micro Inc.) -- C:\Users\Seyin\Desktop\HiJackThis204.exe
[2010.10.28 22:37:50 | 000,000,000 | ---D | C] -- C:\Users\Seyin\AppData\Roaming\Spyware Terminator
[2010.10.28 22:37:49 | 000,000,000 | ---D | C] -- C:\Programme\Spyware Terminator
[2010.10.28 22:37:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Spyware Terminator
[2010.10.28 22:29:26 | 000,000,000 | ---D | C] -- C:\Users\Seyin\AppData\Roaming\Avira
[2010.10.28 22:28:08 | 000,124,784 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys
[2010.10.28 22:28:08 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\ssmdrv.sys
[2010.10.28 22:28:07 | 000,060,936 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys
[2010.10.28 22:28:07 | 000,051,992 | ---- | C] (AVIRA GmbH) -- C:\Windows\System32\drivers\avgntdd.sys
[2010.10.28 22:28:07 | 000,017,016 | ---- | C] (AVIRA GmbH) -- C:\Windows\System32\drivers\avgntmgr.sys
[2010.10.28 22:28:02 | 000,000,000 | ---D | C] -- C:\Programme\Avira
[2010.10.28 22:28:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2010.10.28 17:25:52 | 000,000,000 | ---D | C] -- C:\Users\Seyin\Desktop\Partyfriend.net
[2010.10.28 13:22:28 | 000,000,000 | ---D | C] -- C:\Programme\PokerOffice
[2010.10.27 07:32:15 | 004,240,384 | ---- | C] (Microsoft) -- C:\Windows\System32\GameUXLegacyGDFs.dll
[2010.10.27 07:32:15 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Apphlpdm.dll
[2010.10.26 16:27:45 | 000,000,000 | ---D | C] -- C:\Users\Seyin\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2010.10.23 19:13:31 | 000,000,000 | ---D | C] -- C:\Windows\3F5C371F8EA24F259D3DD0B4526E3AEA.TMP
[2010.10.16 19:52:15 | 000,000,000 | ---D | C] -- C:\ProgramData\ATI
[2010.10.16 19:31:50 | 000,000,000 | ---D | C] -- C:\Users\Seyin\AppData\Local\2K Games
[2010.10.16 19:28:02 | 000,000,000 | ---D | C] -- C:\Programme\NVIDIA Corporation
[2010.10.16 19:01:49 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\Wise Installation Wizard
[2010.10.16 18:49:16 | 000,000,000 | ---D | C] -- C:\Programme\2K Games
[2010.10.14 08:33:26 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msshsq.dll
[2010.10.13 19:03:41 | 008,147,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmploc.DLL
[2010.10.13 19:03:16 | 000,017,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netevent.dll
[2010.10.13 19:03:04 | 000,157,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\t2embed.dll
[2010.10.13 19:03:02 | 000,954,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc40.dll
[2010.10.13 19:03:02 | 000,954,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc40u.dll
[2010.10.13 19:02:56 | 002,037,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2010.10.13 19:02:54 | 000,866,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmpmde.dll
[2010.10.09 02:27:40 | 000,000,000 | ---D | C] -- C:\Windows\Sun
[2010.10.09 01:54:33 | 000,000,000 | -H-D | C] -- C:\Users\Seyin\Desktop\Recall
[2010.10.06 19:12:06 | 000,000,000 | ---D | C] -- C:\ProgramData\regid.1986-12.com.adobe
[2010.10.06 18:57:40 | 000,000,000 | ---D | C] -- C:\Programme\Adobe Media Player
[2009.12.12 20:13:52 | 007,397,856 | ---- | C] (DT Soft Ltd.) -- C:\Users\Seyin\AppData\Roaming\DTPro4100218Advanced.exe
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]
 
[2010.10.29 20:27:44 | 000,001,092 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010.10.29 20:27:42 | 000,003,712 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010.10.29 20:27:42 | 000,003,712 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010.10.29 20:27:33 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010.10.29 20:27:25 | 3219,050,496 | -HS- | M] () -- C:\hiberfil.sys
[2010.10.29 20:26:38 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2010.10.29 20:07:00 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010.10.29 14:59:14 | 000,000,000 | ---- | M] () -- C:\Users\Seyin\Desktop\settings.dat
[2010.10.29 14:57:20 | 000,001,844 | ---- | M] () -- C:\Users\Public\Desktop\WinZip.lnk
[2010.10.29 14:54:33 | 000,006,568 | ---- | M] () -- C:\Users\Seyin\Desktop\cc_20101029_145428.reg
[2010.10.29 14:47:28 | 000,029,184 | ---- | M] () -- C:\Users\Seyin\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.10.29 14:12:37 | 000,081,792 | ---- | M] () -- C:\Users\Seyin\Desktop\cc_20101029_141220.reg
[2010.10.29 14:01:31 | 000,000,804 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2010.10.29 14:01:04 | 002,987,990 | ---- | M] (Piriform Ltd) -- C:\Users\Seyin\Desktop\ccsetup300.exe
[2010.10.29 00:43:26 | 000,097,792 | ---- | M] () -- C:\Users\Seyin\Desktop\Schritt 1.doc
[2010.10.29 00:35:11 | 000,472,532 | ---- | M] () -- C:\Users\Seyin\Desktop\hq0zcs3x.exe
[2010.10.29 00:34:06 | 000,753,116 | ---- | M] (OldTimer Tools) -- C:\Users\Seyin\Desktop\OTL.exe
[2010.10.29 00:30:07 | 000,566,230 | ---- | M] (Trend Micro Inc.) -- C:\Users\Seyin\Desktop\HiJackThis204.exe
[2010.10.28 22:38:05 | 000,000,919 | ---- | M] () -- C:\Users\Public\Desktop\Spyware Terminator.lnk
[2010.10.28 22:37:50 | 000,142,592 | ---- | M] () -- C:\Windows\System32\drivers\sp_rsdrv2.sys
[2010.10.28 22:31:02 | 000,000,306 | RHS- | M] () -- C:\ProgramData\ntuser.pol
[2010.10.28 22:28:18 | 000,001,847 | ---- | M] () -- C:\Users\Public\Desktop\Avira AntiVir Control Center.lnk
[2010.10.28 16:39:32 | 000,001,887 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2010.10.28 13:22:49 | 000,001,782 | ---- | M] () -- C:\Users\Seyin\Desktop\PokerOffice.lnk
[2010.10.27 19:29:33 | 001,190,401 | ---- | M] () -- C:\Users\Seyin\Desktop\FOM_Accounting_Steuern_WS_2010_2011.pdf
[2010.10.27 19:29:27 | 000,077,241 | ---- | M] () -- C:\Users\Seyin\Desktop\FOM_Fragenkatalog_WS_2010_2011_accounting_Steuern.pdf
[2010.10.27 19:29:23 | 000,056,858 | ---- | M] () -- C:\Users\Seyin\Desktop\FOM_Fragenkatalog_WS_2010_2011_accounting_Bilanzanalyse.pdf
[2010.10.27 19:29:20 | 000,394,478 | ---- | M] () -- C:\Users\Seyin\Desktop\FOM_Accounting__Bilanzanalyse_WS_2010_2011.pdf
[2010.10.27 19:29:13 | 000,556,863 | ---- | M] () -- C:\Users\Seyin\Desktop\FOM_Accounting__Bilanzierung_WS_2010_2011.pdf
[2010.10.27 19:29:10 | 000,062,796 | ---- | M] () -- C:\Users\Seyin\Desktop\FOM_Fragenkatalog_WS_2010_2011_accounting_Bilanzen.pdf
[2010.10.27 19:29:04 | 000,036,880 | ---- | M] () -- C:\Users\Seyin\Desktop\FOM_Fragenkatalog_WS_2010_2011_accounting_Grundlagen.pdf
[2010.10.27 19:29:01 | 000,139,901 | ---- | M] () -- C:\Users\Seyin\Desktop\FOM_Accounting_Grundlagen_WS_2010_2011.pdf
[2010.10.27 19:28:44 | 002,464,720 | ---- | M] () -- C:\Users\Seyin\Desktop\Teil_3_WS_2010.pdf
[2010.10.27 19:28:38 | 001,127,508 | ---- | M] () -- C:\Users\Seyin\Desktop\Teil_2_WS_2010.pdf
[2010.10.27 19:28:28 | 001,742,917 | ---- | M] () -- C:\Users\Seyin\Desktop\Teil_1_WS_2010.pdf
[2010.10.26 18:32:02 | 000,011,776 | ---- | M] () -- C:\Users\Seyin\Desktop\Microsoft Excel-Arbeitsblatt (neu).xls
[2010.10.26 16:07:55 | 000,069,632 | ---- | M] () -- C:\Users\Seyin\Documents\Library.indl
[2010.10.26 16:07:13 | 000,061,440 | ---- | M] () -- C:\Users\Seyin\Documents\Book 1.indb
[2010.10.25 16:16:18 | 000,049,664 | ---- | M] () -- C:\Users\Seyin\Desktop\Bericht Yilmaz.doc
[2010.10.25 12:53:57 | 000,000,069 | ---- | M] () -- C:\Windows\NeroDigital.ini
[2010.10.23 15:54:04 | 000,024,064 | -H-- | M] () -- C:\Users\Seyin\Desktop\Sometimes i feel weak if you not smilin hearty to me.doc
[2010.10.19 11:41:44 | 000,222,080 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe
[2010.10.16 19:46:38 | 000,001,933 | ---- | M] () -- C:\Users\Public\Desktop\Play The Lord of the Rings Online™ - FREE for 10 Days!.lnk
[2010.10.16 18:59:41 | 000,001,878 | ---- | M] () -- C:\Users\Public\Desktop\Mafia II.lnk
[2010.10.14 08:53:12 | 003,673,416 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010.10.09 15:54:01 | 000,000,414 | ---- | M] () -- C:\Users\Seyin\AppData\Roaming\burnaware.ini
[2010.10.07 15:17:44 | 522,295,925 | ---- | M] () -- C:\Users\Seyin\Desktop\psp_diamond_kitty-sd169_www.Lisa.to.wmv
[2010.09.30 09:40:13 | 002,024,916 | ---- | M] () -- C:\Users\Seyin\Desktop\taskmanager17.exe
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
[color=#E56717]========== Files Created - No Company Name ==========[/color]
 
[2010.10.29 14:59:14 | 000,000,000 | ---- | C] () -- C:\Users\Seyin\Desktop\settings.dat
[2010.10.29 14:57:20 | 000,001,844 | ---- | C] () -- C:\Users\Public\Desktop\WinZip.lnk
[2010.10.29 14:54:31 | 000,006,568 | ---- | C] () -- C:\Users\Seyin\Desktop\cc_20101029_145428.reg
[2010.10.29 14:53:59 | 010,921,434 | ---- | C] () -- C:\Users\Seyin\Desktop\wz145gev.exe
[2010.10.29 14:46:17 | 000,465,298 | ---- | C] () -- C:\Users\Seyin\Desktop\RootRepeal.rar
[2010.10.29 14:31:18 | 002,024,916 | ---- | C] () -- C:\Users\Seyin\Desktop\taskmanager17.exe
[2010.10.29 14:12:28 | 000,081,792 | ---- | C] () -- C:\Users\Seyin\Desktop\cc_20101029_141220.reg
[2010.10.29 14:01:31 | 000,000,804 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2010.10.29 00:42:02 | 000,097,792 | ---- | C] () -- C:\Users\Seyin\Desktop\Schritt 1.doc
[2010.10.29 00:35:10 | 000,472,532 | ---- | C] () -- C:\Users\Seyin\Desktop\hq0zcs3x.exe
[2010.10.28 23:39:33 | 3219,050,496 | -HS- | C] () -- C:\hiberfil.sys
[2010.10.28 22:38:05 | 000,000,919 | ---- | C] () -- C:\Users\Public\Desktop\Spyware Terminator.lnk
[2010.10.28 22:37:50 | 000,142,592 | ---- | C] () -- C:\Windows\System32\drivers\sp_rsdrv2.sys
[2010.10.28 22:31:02 | 000,000,306 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2010.10.28 22:28:18 | 000,001,847 | ---- | C] () -- C:\Users\Public\Desktop\Avira AntiVir Control Center.lnk
[2010.10.28 16:39:32 | 000,001,887 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2010.10.28 13:22:49 | 000,001,782 | ---- | C] () -- C:\Users\Seyin\Desktop\PokerOffice.lnk
[2010.10.27 19:29:32 | 001,190,401 | ---- | C] () -- C:\Users\Seyin\Desktop\FOM_Accounting_Steuern_WS_2010_2011.pdf
[2010.10.27 19:29:27 | 000,077,241 | ---- | C] () -- C:\Users\Seyin\Desktop\FOM_Fragenkatalog_WS_2010_2011_accounting_Steuern.pdf
[2010.10.27 19:29:23 | 000,056,858 | ---- | C] () -- C:\Users\Seyin\Desktop\FOM_Fragenkatalog_WS_2010_2011_accounting_Bilanzanalyse.pdf
[2010.10.27 19:29:20 | 000,394,478 | ---- | C] () -- C:\Users\Seyin\Desktop\FOM_Accounting__Bilanzanalyse_WS_2010_2011.pdf
[2010.10.27 19:29:12 | 000,556,863 | ---- | C] () -- C:\Users\Seyin\Desktop\FOM_Accounting__Bilanzierung_WS_2010_2011.pdf
[2010.10.27 19:29:09 | 000,062,796 | ---- | C] () -- C:\Users\Seyin\Desktop\FOM_Fragenkatalog_WS_2010_2011_accounting_Bilanzen.pdf
[2010.10.27 19:29:04 | 000,036,880 | ---- | C] () -- C:\Users\Seyin\Desktop\FOM_Fragenkatalog_WS_2010_2011_accounting_Grundlagen.pdf
[2010.10.27 19:29:00 | 000,139,901 | ---- | C] () -- C:\Users\Seyin\Desktop\FOM_Accounting_Grundlagen_WS_2010_2011.pdf
[2010.10.27 19:28:41 | 002,464,720 | ---- | C] () -- C:\Users\Seyin\Desktop\Teil_3_WS_2010.pdf
[2010.10.27 19:28:37 | 001,127,508 | ---- | C] () -- C:\Users\Seyin\Desktop\Teil_2_WS_2010.pdf
[2010.10.27 19:28:24 | 001,742,917 | ---- | C] () -- C:\Users\Seyin\Desktop\Teil_1_WS_2010.pdf
[2010.10.26 18:32:02 | 000,011,776 | ---- | C] () -- C:\Users\Seyin\Desktop\Microsoft Excel-Arbeitsblatt (neu).xls
[2010.10.26 16:40:56 | 522,295,925 | ---- | C] () -- C:\Users\Seyin\Desktop\psp_diamond_kitty-sd169_www.Lisa.to.wmv
[2010.10.26 16:07:28 | 000,069,632 | ---- | C] () -- C:\Users\Seyin\Documents\Library.indl
[2010.10.26 16:07:13 | 000,061,440 | ---- | C] () -- C:\Users\Seyin\Documents\Book 1.indb
[2010.10.25 16:16:18 | 000,049,664 | ---- | C] () -- C:\Users\Seyin\Desktop\Bericht Yilmaz.doc
[2010.10.23 17:13:14 | 000,015,872 | -H-- | C] () -- C:\Users\Seyin\Desktop\Playlist - Kopie.xls
[2010.10.23 17:12:56 | 000,025,088 | -H-- | C] () -- C:\Users\Seyin\Desktop\Microsoft Word-Dokument (neu) (2) - Kopie.doc
[2010.10.23 15:45:31 | 000,024,064 | -H-- | C] () -- C:\Users\Seyin\Desktop\Sometimes i feel weak if you not smilin hearty to me.doc
[2010.10.16 19:46:38 | 000,001,933 | ---- | C] () -- C:\Users\Public\Desktop\Play The Lord of the Rings Online™ - FREE for 10 Days!.lnk
[2010.10.16 18:59:41 | 000,001,878 | ---- | C] () -- C:\Users\Public\Desktop\Mafia II.lnk
[2010.10.01 09:04:57 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2010.09.27 12:09:42 | 000,000,141 | ---- | C] () -- C:\Users\Seyin\AppData\Roaming\hgksfg.bat
[2010.08.29 23:47:04 | 000,000,600 | ---- | C] () -- C:\Users\Seyin\AppData\Roaming\winscp.rnd
[2010.08.26 03:19:36 | 000,023,040 | ---- | C] () -- C:\Windows\System32\atitmpxx.dll
[2010.05.22 01:37:12 | 000,000,000 | -H-- | C] () -- C:\Users\Seyin\AppData\Roaming\.6A7EF57C4E6B54B1.sys
[2010.03.28 19:43:58 | 000,278,728 | ---- | C] () -- C:\Windows\System32\drivers\atksgt.sys
[2010.03.28 19:43:58 | 000,025,416 | ---- | C] () -- C:\Windows\System32\drivers\lirsgt.sys
[2010.02.20 01:04:06 | 000,151,552 | ---- | C] () -- C:\Windows\System32\FDlg.dll
[2010.01.21 00:32:52 | 000,000,061 | ---- | C] () -- C:\Windows\SBWIN.INI
[2010.01.20 00:21:05 | 000,163,840 | ---- | C] () -- C:\Windows\System32\ArtFfct.dll
[2009.12.26 02:44:29 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI
[2009.12.12 20:39:39 | 000,009,728 | ---- | C] () -- C:\Windows\System32\BASSMOD.dll
[2009.12.12 20:03:13 | 000,721,904 | ---- | C] () -- C:\Windows\System32\drivers\sptd.sys
[2009.11.29 18:16:28 | 000,029,184 | ---- | C] () -- C:\Users\Seyin\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009.11.29 17:36:51 | 000,000,414 | ---- | C] () -- C:\Users\Seyin\AppData\Roaming\burnaware.ini
[2009.11.29 01:43:58 | 000,000,680 | ---- | C] () -- C:\Users\Seyin\AppData\Local\d3d9caps.dat
[2009.11.06 10:58:04 | 000,178,975 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat
[2007.02.22 17:17:50 | 000,000,071 | ---- | C] () -- C:\Windows\pn.ini
[2007.02.22 17:17:50 | 000,000,051 | ---- | C] () -- C:\Windows\pr.ini
[2007.02.13 12:14:18 | 000,389,120 | ---- | C] () -- C:\Windows\System32\btwhidcs.dll
[2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2004.02.26 20:03:58 | 000,320,000 | ---- | C] () -- C:\Windows\System32\Reg.dll
[2003.02.20 21:53:42 | 000,005,702 | ---- | C] () -- C:\Windows\System32\OUTLPERF.INI
[2001.11.14 13:56:00 | 001,802,240 | ---- | C] () -- C:\Windows\System32\lcppn21.dll
 
[color=#E56717]========== LOP Check ==========[/color]
 
[2010.09.27 16:05:41 | 000,000,000 | ---D | M] -- C:\Users\Seyin\AppData\Roaming\ADE89DF515C5140284D2D02C71B66E18
[2010.01.20 01:06:35 | 000,000,000 | ---D | M] -- C:\Users\Seyin\AppData\Roaming\Antares
[2010.10.26 16:27:45 | 000,000,000 | ---D | M] -- C:\Users\Seyin\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2009.12.12 20:51:26 | 000,000,000 | ---D | M] -- C:\Users\Seyin\AppData\Roaming\DAEMON Tools
[2009.12.12 20:52:29 | 000,000,000 | ---D | M] -- C:\Users\Seyin\AppData\Roaming\DAEMON Tools Lite
[2009.12.12 20:51:26 | 000,000,000 | ---D | M] -- C:\Users\Seyin\AppData\Roaming\DAEMON Tools Pro
[2010.08.28 12:49:54 | 000,000,000 | ---D | M] -- C:\Users\Seyin\AppData\Roaming\DVDVideoSoftIEHelpers
[2010.10.19 07:49:06 | 000,000,000 | ---D | M] -- C:\Users\Seyin\AppData\Roaming\ICQ
[2010.09.25 03:30:33 | 000,000,000 | ---D | M] -- C:\Users\Seyin\AppData\Roaming\Mp3tag
[2010.01.20 01:27:39 | 000,000,000 | ---D | M] -- C:\Users\Seyin\AppData\Roaming\Sony
[2010.10.28 23:35:39 | 000,000,000 | ---D | M] -- C:\Users\Seyin\AppData\Roaming\Spyware Terminator
[2010.01.20 01:07:05 | 000,000,000 | ---D | M] -- C:\Users\Seyin\AppData\Roaming\Steinberg
[2010.07.31 12:16:42 | 000,000,000 | ---D | M] -- C:\Users\Seyin\AppData\Roaming\The Creative Assembly
[2010.05.21 22:53:50 | 000,000,000 | ---D | M] -- C:\Users\Seyin\AppData\Roaming\Waves Audio
[2010.10.29 20:26:38 | 000,032,554 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
[color=#E56717]========== Purity Check ==========[/color]
 
 

< End of report >

#10 1. Starte bitte OTL, kopiere unten in das Script-Feld rein:

Zitat

:OTL
MOD - [2010.10.29 20:27:54 | 000,176,128 | ---- | M] () -- C:\Users\Seyin\AppData\Local\Temp\isaBB52.tmp
IE - HKLM\..\URLSearchHook: - Reg Error: Key error. File not found
IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - Reg Error: Key error. File not found
IE - HKU\S-1-5-21-4071076449-3196111840-1513536566-1000\..\URLSearchHook: - Reg Error: Key error. File not found
IE - HKU\S-1-5-21-4071076449-3196111840-1513536566-1000\..\URLSearchHook: {9CB65206-89C4-402c-BA80-02D8C59F9B1D} - Reg Error: Key error. File not found
O3 - HKU\S-1-5-21-4071076449-3196111840-1513536566-1000\..\Toolbar\WebBrowser: (no name) - {043C5167-00BB-4324-AF7E-62013FAEDACF} - No CLSID value found.
O4 - HKU\S-1-5-21-4071076449-3196111840-1513536566-1000..\Run: [AdobeBridge] File not found
O9 - Extra Button: PartyCasino - {B4B52284-A248-4c51-9F7C-F0A0C67FCC9D} - C:\Programs\PartyGaming\PartyCasino\RunApp.exe File not found
O9 - Extra 'Tools' menuitem : PartyCasino - {B4B52284-A248-4c51-9F7C-F0A0C67FCC9D} - C:\Programs\PartyGaming\PartyCasino\RunApp.exe File not found
O9 - Extra Button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programs\PartyGaming\PartyPoker\RunApp.exe File not found
O9 - Extra 'Tools' menuitem : PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programs\PartyGaming\PartyPoker\RunApp.exe File not found
O18 - Protocol\Handler\vsharechrome {3F3A4B8A-86FC-43A4-BB00-6D7EBE9D4484} - Reg Error: Key error. File not found
O33 - MountPoints2\{27eee677-e74c-11de-9a5d-001e4ce65f72}\Shell - "" = AutoRun
O33 - MountPoints2\{27eee677-e74c-11de-9a5d-001e4ce65f72}\Shell\AutoRun\command - "" = E:\Setup.exe -- File not found
O33 - MountPoints2\{44f02b6a-64e3-11df-a00e-001e4ce65f72}\Shell\AutoRun\command - "" = F:\Driver\USB_Flash\Driver.exe -- File not found
O33 - MountPoints2\{44f02b6a-64e3-11df-a00e-001e4ce65f72}\Shell\open\command - "" = F:\Driver\USB_Flash\Driver.exe -- File not found
O33 - MountPoints2\{792a5bdf-ddd1-11de-9115-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{792a5bdf-ddd1-11de-9115-806e6f6e6963}\Shell\AutoRun\command - "" = J:\preinst.exe -- File not
O34 - HKLM BootExecute: (C:\PROGRA~2\SPYWAR~1\sp_rsdel.exe "\??\C:\PROGRA~2\SPYWAR~1\sp_rsdel.dat,) - File not found
[2010.05.22 01:37:12 | 000,000,000 | -H-- | C] () -- C:\Users\Seyin\AppData\Roaming\.6A7EF57C4E6B54B1.sys

:Commands
[purity]
[emptytemp]
[emptyflash]

und klicke auf Fix. Unter Umständen ist ein Neustart notwendig. Poste bitte das Fix Log.

2. Arbeite bitte diese Aneitung ab und poste das Log:
http://www.bleepingcomputer.com/combofix/de/wie-combofix-benutzt-wird

#11 Hi gangren,

Log von Combofix:

Code

 ComboFix 10-10-28.09 - Seyin 30.10.2010   4:38.2.4 - x86
Microsoft® Windows Vista™ Home Premium   6.0.6001.1.1252.49.1031.18.3069.1619 [GMT 2:00]
ausgeführt von:: c:\users\Seyin\Desktop\ComboFix.exe
SP: Spyware Terminator *disabled* (Updated) {55EE49A8-16BE-4601-BBE6-607B7F7317DE}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\users\Seyin\AppData\Local\temp\bia5511.tmp
c:\windows\TEMP\dka6825.tmp
c:\windows\TEMP\eha472C.tmp
c:\windows\TEMP\vbaDD5.tmp

.
(((((((((((((((((((((((   Dateien erstellt von 2010-09-28 bis 2010-10-30  ))))))))))))))))))))))))))))))
.

2010-10-30 02:51 . 2010-10-30 02:51    --------    d-----w-    c:\users\Default\AppData\Local\temp
2010-10-29 21:33 . 2010-10-30 02:53    --------    d-----w-    c:\users\Seyin\AppData\Local\temp
2010-10-29 20:43 . 2010-10-29 20:43    --------    d-----w-    C:\_OTL
2010-10-29 12:56 . 2010-10-29 12:57    --------    d-----w-    c:\programdata\WinZip
2010-10-29 12:31 . 2010-10-29 12:34    --------    d-----w-    c:\programdata\SecTaskMan
2010-10-29 12:31 . 2010-10-29 12:31    --------    d-----w-    c:\program files\Security Task Manager
2010-10-29 12:01 . 2010-10-29 12:01    --------    d-----w-    c:\program files\CCleaner
2010-10-29 08:22 . 2010-10-07 23:21    6146896    ----a-w-    c:\programdata\Microsoft\Windows Defender\Definition Updates\{7631DF37-8274-49B1-8281-70636115C5BA}\mpengine.dll
2010-10-29 01:03 . 2010-09-08 06:02    638232    ----a-w-    c:\program files\Internet Explorer\iexplore.exe
2010-10-29 01:03 . 2010-09-08 04:26    133632    ----a-w-    c:\windows\system32\ieUnatt.exe
2010-10-28 20:37 . 2010-10-28 21:35    --------    d-----w-    c:\users\Seyin\AppData\Roaming\Spyware Terminator
2010-10-28 20:37 . 2010-10-28 20:37    142592    ----a-w-    c:\windows\system32\drivers\sp_rsdrv2.sys
2010-10-28 20:37 . 2010-10-28 22:46    --------    d-----w-    c:\programdata\Spyware Terminator
2010-10-28 20:37 . 2010-10-28 21:45    --------    d-----w-    c:\program files\Spyware Terminator
2010-10-28 20:29 . 2010-10-28 20:29    --------    d-----w-    c:\users\Seyin\AppData\Roaming\Avira
2010-10-28 20:28 . 2010-03-01 08:05    124784    ----a-w-    c:\windows\system32\drivers\avipbb.sys
2010-10-28 20:28 . 2010-02-16 12:24    60936    ----a-w-    c:\windows\system32\drivers\avgntflt.sys
2010-10-28 20:28 . 2009-05-11 10:49    51992    ----a-w-    c:\windows\system32\drivers\avgntdd.sys
2010-10-28 20:28 . 2009-05-11 10:49    17016    ----a-w-    c:\windows\system32\drivers\avgntmgr.sys
2010-10-28 20:28 . 2010-10-28 20:28    --------    d-----w-    c:\programdata\Avira
2010-10-28 20:28 . 2010-10-28 20:28    --------    d-----w-    c:\program files\Avira
2010-10-28 11:22 . 2010-10-28 11:23    --------    d-----w-    c:\program files\PokerOffice
2010-10-27 05:32 . 2010-08-26 16:01    28672    ----a-w-    c:\windows\system32\Apphlpdm.dll
2010-10-27 05:32 . 2010-08-26 14:11    4240384    ----a-w-    c:\windows\system32\GameUXLegacyGDFs.dll
2010-10-26 14:27 . 2010-10-26 14:27    --------    d-----w-    c:\users\Seyin\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
2010-10-16 17:52 . 2010-10-16 17:52    --------    d-----w-    c:\programdata\ATI
2010-10-16 17:31 . 2010-10-16 17:31    --------    d-----w-    c:\users\Seyin\AppData\Local\2K Games
2010-10-16 17:28 . 2010-10-16 17:28    --------    d-----w-    c:\program files\NVIDIA Corporation
2010-10-16 17:01 . 2010-10-16 17:01    --------    d-----w-    c:\program files\Common Files\Wise Installation Wizard
2010-10-16 16:49 . 2010-10-16 16:49    --------    d-----w-    c:\program files\2K Games
2010-10-14 06:33 . 2010-09-20 09:25    231936    ----a-w-    c:\windows\system32\msshsq.dll
2010-10-13 17:02 . 2010-08-31 13:39    2037248    ----a-w-    c:\windows\system32\win32k.sys
2010-10-13 17:02 . 2010-08-20 15:21    866816    ----a-w-    c:\windows\system32\wmpmde.dll
2010-10-13 17:02 . 2010-08-31 15:40    531968    ----a-w-    c:\windows\system32\comctl32.dll
2010-10-09 00:27 . 2010-10-09 00:27    --------    d-----w-    c:\windows\Sun
2010-10-06 17:12 . 2010-10-26 14:14    --------    d-----w-    c:\programdata\regid.1986-12.com.adobe
2010-10-06 16:57 . 2010-10-06 16:57    --------    d-----w-    c:\program files\Adobe Media Player

.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-10-19 09:41 . 2009-11-29 09:35    222080    ------w-    c:\windows\system32\MpSigStub.exe
2010-09-27 10:09 . 2010-09-27 10:09    141    ----a-w-    c:\users\Seyin\AppData\Roaming\hgksfg.bat
2010-09-26 23:28 . 2010-09-26 23:16    444952    ----a-w-    c:\windows\system32\wrap_oal.dll
2010-09-26 23:28 . 2010-09-26 23:16    109080    ----a-w-    c:\windows\system32\OpenAL32.dll
2010-08-26 16:01 . 2010-10-27 05:32    173056    ----a-w-    c:\windows\apppatch\AcXtrnal.dll
2010-08-26 16:01 . 2010-10-27 05:32    459776    ----a-w-    c:\windows\apppatch\AcSpecfc.dll
2010-08-26 16:01 . 2010-10-27 05:32    541696    ----a-w-    c:\windows\apppatch\AcLayers.dll
2010-08-26 16:01 . 2010-10-27 05:32    2153984    ----a-w-    c:\windows\apppatch\AcGenral.dll
2010-08-26 03:36 . 2010-08-26 03:36    6380032    ----a-w-    c:\windows\system32\drivers\atikmdag.sys
2010-08-26 02:01 . 2010-08-26 02:01    320992    ----a-w-    c:\windows\system32\atiapfxx.exe
2010-08-26 02:01 . 2010-08-26 02:01    528384    ----a-w-    c:\windows\system32\aticfx32.dll
2010-08-26 01:57 . 2010-08-26 01:57    450560    ----a-w-    c:\windows\system32\ATIDEMGX.dll
2010-08-26 01:57 . 2010-08-26 01:57    380928    ----a-w-    c:\windows\system32\atieclxx.exe
2010-08-26 01:57 . 2010-08-26 01:57    176128    ----a-w-    c:\windows\system32\atiesrxx.exe
2010-08-26 01:55 . 2009-11-04 15:43    159744    ----a-w-    c:\windows\system32\atitmmxx.dll
2010-08-26 01:55 . 2010-08-26 01:55    15830016    ----a-w-    c:\windows\system32\atioglxx.dll
2010-08-26 01:55 . 2009-11-04 15:43    356352    ----a-w-    c:\windows\system32\atipdlxx.dll
2010-08-26 01:55 . 2010-08-26 01:55    278528    ----a-w-    c:\windows\system32\Oemdspif.dll
2010-08-26 01:55 . 2010-08-26 01:55    11776    ----a-w-    c:\windows\system32\atimuixx.dll
2010-08-26 01:55 . 2010-08-26 01:55    43520    ----a-w-    c:\windows\system32\ati2edxx.dll
2010-08-26 01:52 . 2010-08-26 01:52    3914240    ----a-w-    c:\windows\system32\atidxx32.dll
2010-08-26 01:34 . 2010-08-26 01:34    46080    ----a-w-    c:\windows\system32\aticalrt.dll
2010-08-26 01:34 . 2010-08-26 01:34    44032    ----a-w-    c:\windows\system32\aticalcl.dll
2010-08-26 01:33 . 2009-11-04 15:23    4032512    ----a-w-    c:\windows\system32\atiumdag.dll
2010-08-26 01:33 . 2010-08-26 01:33    4375552    ----a-w-    c:\windows\system32\aticaldd.dll
2010-08-26 01:27 . 2010-08-26 01:27    65536    ----a-w-    c:\windows\system32\coinst.dll
2010-08-26 01:25 . 2009-11-04 15:05    3392000    ----a-w-    c:\windows\system32\atiumdva.dll
2010-08-26 01:21 . 2010-08-26 01:21    241664    ----a-w-    c:\windows\system32\atiadlxx.dll
2010-08-26 01:21 . 2010-08-26 01:21    12800    ----a-w-    c:\windows\system32\atiglpxx.dll
2010-08-26 01:21 . 2010-08-26 01:21    19968    ----a-w-    c:\windows\system32\atigktxx.dll
2010-08-26 01:20 . 2010-08-26 01:20    221696    ----a-w-    c:\windows\system32\drivers\atikmpag.sys
2010-08-26 01:20 . 2010-08-26 01:20    30208    ----a-w-    c:\windows\system32\atiuxpag.dll
2010-08-26 01:19 . 2010-08-26 01:19    28160    ----a-w-    c:\windows\system32\atiu9pag.dll
2010-08-26 01:19 . 2010-08-26 01:19    23040    ----a-w-    c:\windows\system32\atitmpxx.dll
2010-08-26 01:19 . 2010-08-26 01:19    53248    ----a-w-    c:\windows\system32\drivers\ati2erec.dll
2010-08-26 01:13 . 2010-08-26 01:13    52736    ----a-w-    c:\windows\system32\atimpc32.dll
2010-08-26 01:13 . 2010-08-26 01:13    52736    ----a-w-    c:\windows\system32\amdpcom32.dll
2010-08-17 13:32 . 2010-09-14 19:10    126464    ----a-w-    c:\windows\system32\spoolsv.exe
.

((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2010-09-28 20:44    1400712    ----a-w-    c:\program files\Ask.com\GenericAskToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-09-28 1400712]

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-09-28 1400712]

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-11-29 39408]
"Steam"="c:\program files\Steam\Steam.exe" [2010-10-29 1242448]
"SpywareTerminatorUpdate"="c:\program files\Spyware Terminator\SpywareTerminatorUpdate.exe" [2010-10-28 3215320]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"Bluetooth HCI Monitor"="HCIMNTR.DLL" [2006-12-07 9728]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-08-13 357856]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 333276]
"AVMWlanClient"="c:\program files\avmwlanstick\wlangui.exe" [2006-12-27 1454080]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2010-06-26 30192]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-18 599520]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-07-21 141608]
"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 677858]
"SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 694754]
"AdobeCS5ServiceManager"="c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-22 584666]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-08-25 275922]
"ATICustomerCare"="c:\program files\ATI\ATICustomerCare\ATICustomerCare.exe" [2010-03-04 488924]
"POEngine"="c:\program files\PokerOffice\POEngine.exe" [2007-02-22 652768]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 213472]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-20 1109974]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-03-02 460764]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-04-29 1090952]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
BTTray.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2007-2-13 715568]
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~3\GoogleDesktopNetwork3.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute    REG_MULTI_SZ       autocheck autochk *\0c:\progra~2\SPYWAR~1\sp_rsdel.exe \??\c:\progra~2\SPYWAR~1\sp_rsdel.dat

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 308184]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-03-20 313306]
R3 AVMUNET;AVM FRITZ!Box;c:\windows\system32\DRIVERS\avmunet.sys [2006-11-07 14976]
R3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [x]
R3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2010-06-26 30192]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 404958]
R3 SwitchBoard;SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 694754]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 931294]
R4 sptd;sptd;c:\windows\system32\Drivers\sptd.sys [2009-12-12 721904]
S1 sp_rsdrv2;Spyware Terminator Driver 2;c:\windows\system32\drivers\sp_rsdrv2.sys [2010-10-28 142592]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-08-26 176128]
S2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [2010-02-24 313310]
S2 pcdservice;pcdservice;c:\program files\Phantombility\Phantom CD\pcdservice.exe [2008-11-06 266424]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2010-08-26 6380032]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2010-08-26 221696]
S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdLH3.sys [2010-07-15 99344]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs    REG_MULTI_SZ       BthServ
.
Inhalt des "geplante Tasks" Ordners

2010-10-30 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-03-20 15:38]

2010-10-30 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-03-20 15:38]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://start.icq.com/
uInternet Settings,ProxyOverride = fritz.box;192.168.178.1;*.local
uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
IE: Bild an &Bluetooth-Gerät senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Free YouTube Download - c:\users\Seyin\AppData\Roaming\DVDVideoSoftIEHelpers\youtubedownload.htm
IE: Free YouTube to Mp3 Converter - c:\users\Seyin\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html
IE: Nach Microsoft &Excel exportieren - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Seite an &Bluetooth-Gerät senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
Trusted Zone: everestcasino.com\account
Trusted Zone: targobank.de\www
.

**************************************************************************
Scanne versteckte Prozesse... 

Scanne versteckte Autostarteinträge... 

Scanne versteckte Dateien... 

Scan erfolgreich abgeschlossen
versteckte Dateien: 

**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------

[HKEY_USERS\S-1-5-21-4071076449-3196111840-1513536566-1000\Software\SecuROM\License information*]
"datasecu"=hex:d6,94,14,34,2b,98,dd,10,85,9a,f6,3b,0b,62,b9,c9,6d,25,bd,39,e7,
   92,b0,a1,f8,8e,08,ba,5b,94,37,b3,bd,b8,06,d8,3e,87,a4,a0,e9,6a,c4,f1,f7,a3,\
"rkeysecu"=hex:b6,0a,91,e8,d2,38,c7,43,04,11,2b,8e,fd,d8,00,cf
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------

- - - - - - - > 'Explorer.exe'(4796)
c:\users\Seyin\AppData\Local\Temp\rwaE5AC.tmp
c:\windows\system32\btmmhook.dll
c:\windows\system32\btncopy.dll
c:\program files\WinSCP\DragExt.dll
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\windows\system32\WUDFHost.exe
c:\windows\System32\lpksetup.exe
c:\windows\system32\atieclxx.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\avmwlanstick\WlanNetService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
c:\program files\BurnAware Professional\nmsaccessu.exe
c:\program files\Spyware Terminator\sp_rsser.exe
c:\windows\system32\WUDFHost.exe
c:\windows\servicing\TrustedInstaller.exe
c:\windows\system32\conime.exe
c:\windows\system32\WerCon.exe
c:\windows\system32\WerFault.exe
c:\windows\system32\WerFault.exe
c:\program files\Windows Media Player\wmpnscfg.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\program files\WIDCOMM\Bluetooth Software\BtStackServer.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Common Files\Steam\SteamService.exe
c:\windows\system32\wermgr.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2010-10-30  05:00:57 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2010-10-30 03:00
ComboFix2.txt  2010-10-30 00:30

Vor Suchlauf: 20 Verzeichnis(se), 215.633.526.784 Bytes frei
Nach Suchlauf: 22 Verzeichnis(se), 215.511.801.856 Bytes frei

- - End Of File - - ED68BA191BF9C1DCA11584ED16B21C6F
 

#12 Hast Du den OTL-Fix gemacht?

1. Avenger
Starte Avenger.
Setze unten beide Häkchen.
Kopiere in das Skript-Feld rein:

Zitat

drivers to delete:
azze

files to delete:
C:\Windows\system32\drivers\azze.sys
c:\users\Seyin\AppData\Local\Temp\rwaE5AC.tmp

Klicke auf Execute
Neustart zulassen.
Nach dem Neustart sollte ein Log eingeblendet werden, poste es bitte.

#13 Yo, OTL-Fix hab ich gemacht.

Log von Avenger

Code

 Logfile of The Avenger Version 2.0, (c) by Swandog46
http://swandog46.geekstogo.com

Platform:  Windows Vista

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.
No rootkits found!


Error:  registry key "\Registry\Machine\System\CurrentControlSet\Services\azze" not found!
Deletion of driver "azze" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
  --> the object does not exist


Error:  file "C:\Windows\system32\drivers\azze.sys" not found!
Deletion of file "C:\Windows\system32\drivers\azze.sys" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
  --> the object does not exist

File "c:\users\Seyin\AppData\Local\Temp\rwaE5AC.tmp" deleted successfully.

Completed script processing.

*******************

Finished!  Terminate.
 

.

#14 Zähes Teil, irgendwo hockt anscheinend noch was.

1. Lass bitte Malwarebytes, diesmal im Vollscan, laufen und poste das Log.

2. Lass ComboFix erneut laufen und poste das Log.

3. Lass bitte RootRepeal erneut laufen und poste das Log.

Mal sehen, ob noch was da ist.

#15 Log von Malware:

Code

 Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Datenbank Version: 4702

Windows 6.0.6001 Service Pack 1
Internet Explorer 8.0.6001.18975

31.10.2010 00:15:37
mbam-log-2010-10-31 (00-15-37).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|)
Durchsuchte Objekte: 412564
Laufzeit: 1 Stunde(n), 24 Minute(n), 15 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 4
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 43

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
C:\Windows\temp\oja5C90.tmp (Worm.Parite) -> Delete on reboot.
C:\Windows\temp\lyaF076.tmp (Worm.Parite) -> Delete on reboot.
C:\Users\Seyin\AppData\Local\temp\apa9607.tmp (Worm.Parite) -> Delete on reboot.
C:\Users\Seyin\AppData\Local\temp\moa9481.tmp (Worm.Parite) -> Delete on reboot.

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
C:\Windows\temp\oja5C90.tmp (Worm.Parite) -> Delete on reboot.
C:\Windows\temp\lyaF076.tmp (Worm.Parite) -> Delete on reboot.
C:\Users\Seyin\AppData\Local\temp\apa9607.tmp (Worm.Parite) -> Quarantined and deleted successfully.
C:\Users\Seyin\AppData\Local\temp\moa9481.tmp (Worm.Parite) -> Delete on reboot.
C:\Qoobox\Quarantine\C\Users\Seyin\AppData\Local\temp\bia5511.tmp.vir (Worm.Parite) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\Windows\Temp\dka6825.tmp.vir (Worm.Parite) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\Windows\Temp\eha472C.tmp.vir (Worm.Parite) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\Windows\Temp\kla6F64.tmp.vir (Worm.Parite) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\Windows\Temp\vbaDD5.tmp.vir (Worm.Parite) -> Quarantined and deleted successfully.
C:\Users\Seyin\AppData\Local\temp\ioa9452.tmp (Worm.Parite) -> Quarantined and deleted successfully.
C:\Users\Seyin\AppData\Local\temp\mqaA478.tmp (Worm.Parite) -> Quarantined and deleted successfully.
C:\Users\Seyin\AppData\Local\temp\ooa9491.tmp (Worm.Parite) -> Quarantined and deleted successfully.
C:\Windows\SoftwareDistribution\Download\cde11068f5b77b180111333ef9781925\x86_microsoft-windows-consoleime_31bf3856ad364e35_6.0.6002.18005_none_b826026c54dd064c\conime.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\Windows\temp\qzxFAA7.tmp (Worm.Parite) -> Quarantined and deleted successfully.
C:\Windows\temp\ang8700.tmp (Worm.Parite) -> Quarantined and deleted successfully.
C:\Windows\temp\apa9706.tmp (Worm.Parite) -> Quarantined and deleted successfully.
C:\Windows\temp\bng871F.tmp (Worm.Parite) -> Quarantined and deleted successfully.
C:\Windows\temp\cpa9819.tmp (Worm.Parite) -> Quarantined and deleted successfully.
C:\Windows\temp\cpa9F1B.tmp (Worm.Parite) -> Quarantined and deleted successfully.
C:\Windows\temp\cukC91A.tmp (Worm.Parite) -> Quarantined and deleted successfully.
C:\Windows\temp\exdE92B.tmp (Worm.Parite) -> Quarantined and deleted successfully.
C:\Windows\temp\fcm1C39.tmp (Worm.Parite) -> Quarantined and deleted successfully.
C:\Windows\temp\fyaF037.tmp (Worm.Parite) -> Quarantined and deleted successfully.
C:\Windows\temp\gtoC643.tmp (Worm.Parite) -> Quarantined and deleted successfully.
C:\Windows\temp\hja5F4E.tmp (Worm.Parite) -> Quarantined and deleted successfully.
C:\Windows\temp\hqzA34A.tmp (Worm.Parite) -> Quarantined and deleted successfully.
C:\Windows\temp\ing8655.tmp (Worm.Parite) -> Quarantined and deleted successfully.
C:\Windows\temp\ing8674.tmp (Worm.Parite) -> Quarantined and deleted successfully.
C:\Windows\temp\jla705E.tmp (Worm.Parite) -> Quarantined and deleted successfully.
C:\Windows\temp\kspB869.tmp (Worm.Parite) -> Quarantined and deleted successfully.
C:\Windows\temp\nyaF085.tmp (Worm.Parite) -> Quarantined and deleted successfully.
C:\Windows\temp\rll76AC.tmp (Worm.Parite) -> Quarantined and deleted successfully.
C:\Windows\temp\sqvA7B7.tmp (Worm.Parite) -> Quarantined and deleted successfully.
C:\Windows\temp\tstB4C6.tmp (Worm.Parite) -> Quarantined and deleted successfully.
C:\Windows\temp\tviD7BF.tmp (Worm.Parite) -> Quarantined and deleted successfully.
C:\Windows\temp\ula70CB.tmp (Worm.Parite) -> Quarantined and deleted successfully.
C:\Windows\temp\ula70CC.tmp (Worm.Parite) -> Quarantined and deleted successfully.
C:\Windows\temp\uveD9CB.tmp (Worm.Parite) -> Quarantined and deleted successfully.
C:\Windows\temp\vbrBD5.tmp (Worm.Parite) -> Quarantined and deleted successfully.
C:\Windows\temp\xeg2CEA.tmp (Worm.Parite) -> Quarantined and deleted successfully.
C:\Windows\temp\xga42E9.tmp (Worm.Parite) -> Quarantined and deleted successfully.
C:\Windows\temp\xgb3DE9.tmp (Worm.Parite) -> Quarantined and deleted successfully.
C:\Windows\temp\xxaEFE9.tmp (Worm.Parite) -> Quarantined and deleted successfully. 

Bei Combofix wurde mir folgender Fehler angezeigt:"2. Kann syntaktisch nicht an dieser Stelle verarbeitet werden."
Der Log:

Code

 ComboFix 10-10-30.01 - Seyin 31.10.2010  12:23:05.4.4 - x86
Microsoft® Windows Vista™ Home Premium   6.0.6001.1.1252.49.1031.18.3069.1932 [GMT 1:00]
ausgeführt von:: c:\users\Seyin\Desktop\ComboFix.exe
SP: Spyware Terminator *disabled* (Updated) {55EE49A8-16BE-4601-BBE6-607B7F7317DE}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\users\Seyin\AppData\Local\temp\dzaFD22.tmp
c:\windows\TEMP\nja6382.tmp

.
(((((((((((((((((((((((   Dateien erstellt von 2010-09-28 bis 2010-10-31  ))))))))))))))))))))))))))))))
.

2010-10-31 11:30 . 2010-10-31 11:40    --------    d-----w-    c:\users\Seyin\AppData\Local\temp
2010-10-31 11:30 . 2010-10-31 11:30    --------    d-----w-    c:\users\Default\AppData\Local\temp
2010-10-29 20:43 . 2010-10-29 20:43    --------    d-----w-    C:\_OTL
2010-10-29 12:56 . 2010-10-29 12:57    --------    d-----w-    c:\programdata\WinZip
2010-10-29 12:31 . 2010-10-29 12:34    --------    d-----w-    c:\programdata\SecTaskMan
2010-10-29 12:31 . 2010-10-29 12:31    --------    d-----w-    c:\program files\Security Task Manager
2010-10-29 12:01 . 2010-10-29 12:01    --------    d-----w-    c:\program files\CCleaner
2010-10-29 08:22 . 2010-10-07 23:21    6146896    ----a-w-    c:\programdata\Microsoft\Windows Defender\Definition Updates\{7631DF37-8274-49B1-8281-70636115C5BA}\mpengine.dll
2010-10-29 01:03 . 2010-09-08 06:02    638232    ----a-w-    c:\program files\Internet Explorer\iexplore.exe
2010-10-29 01:03 . 2010-09-08 04:26    133632    ----a-w-    c:\windows\system32\ieUnatt.exe
2010-10-28 20:37 . 2010-10-28 21:35    --------    d-----w-    c:\users\Seyin\AppData\Roaming\Spyware Terminator
2010-10-28 20:37 . 2010-10-28 20:37    142592    ----a-w-    c:\windows\system32\drivers\sp_rsdrv2.sys
2010-10-28 20:37 . 2010-10-28 22:46    --------    d-----w-    c:\programdata\Spyware Terminator
2010-10-28 20:37 . 2010-10-28 21:45    --------    d-----w-    c:\program files\Spyware Terminator
2010-10-28 20:29 . 2010-10-28 20:29    --------    d-----w-    c:\users\Seyin\AppData\Roaming\Avira
2010-10-28 20:28 . 2010-03-01 08:05    124784    ----a-w-    c:\windows\system32\drivers\avipbb.sys
2010-10-28 20:28 . 2010-02-16 12:24    60936    ----a-w-    c:\windows\system32\drivers\avgntflt.sys
2010-10-28 20:28 . 2009-05-11 10:49    51992    ----a-w-    c:\windows\system32\drivers\avgntdd.sys
2010-10-28 20:28 . 2009-05-11 10:49    17016    ----a-w-    c:\windows\system32\drivers\avgntmgr.sys
2010-10-28 20:28 . 2010-10-28 20:28    --------    d-----w-    c:\programdata\Avira
2010-10-28 20:28 . 2010-10-28 20:28    --------    d-----w-    c:\program files\Avira
2010-10-28 11:22 . 2010-10-28 11:23    --------    d-----w-    c:\program files\PokerOffice
2010-10-27 05:32 . 2010-08-26 16:01    28672    ----a-w-    c:\windows\system32\Apphlpdm.dll
2010-10-27 05:32 . 2010-08-26 14:11    4240384    ----a-w-    c:\windows\system32\GameUXLegacyGDFs.dll
2010-10-26 14:27 . 2010-10-26 14:27    --------    d-----w-    c:\users\Seyin\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
2010-10-16 17:52 . 2010-10-16 17:52    --------    d-----w-    c:\programdata\ATI
2010-10-16 17:31 . 2010-10-16 17:31    --------    d-----w-    c:\users\Seyin\AppData\Local\2K Games
2010-10-16 17:28 . 2010-10-16 17:28    --------    d-----w-    c:\program files\NVIDIA Corporation
2010-10-16 17:01 . 2010-10-16 17:01    --------    d-----w-    c:\program files\Common Files\Wise Installation Wizard
2010-10-16 16:49 . 2010-10-16 16:49    --------    d-----w-    c:\program files\2K Games
2010-10-14 06:33 . 2010-09-20 09:25    231936    ----a-w-    c:\windows\system32\msshsq.dll
2010-10-13 17:02 . 2010-08-31 13:39    2037248    ----a-w-    c:\windows\system32\win32k.sys
2010-10-13 17:02 . 2010-08-20 15:21    866816    ----a-w-    c:\windows\system32\wmpmde.dll
2010-10-13 17:02 . 2010-08-31 15:40    531968    ----a-w-    c:\windows\system32\comctl32.dll
2010-10-09 00:27 . 2010-10-09 00:27    --------    d-----w-    c:\windows\Sun
2010-10-06 17:12 . 2010-10-26 14:14    --------    d-----w-    c:\programdata\regid.1986-12.com.adobe
2010-10-06 16:57 . 2010-10-06 16:57    --------    d-----w-    c:\program files\Adobe Media Player

.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-10-19 09:41 . 2009-11-29 09:35    222080    ------w-    c:\windows\system32\MpSigStub.exe
2010-09-27 10:09 . 2010-09-27 10:09    141    ----a-w-    c:\users\Seyin\AppData\Roaming\hgksfg.bat
2010-09-26 23:28 . 2010-09-26 23:16    444952    ----a-w-    c:\windows\system32\wrap_oal.dll
2010-09-26 23:28 . 2010-09-26 23:16    109080    ----a-w-    c:\windows\system32\OpenAL32.dll
2010-08-26 16:01 . 2010-10-27 05:32    173056    ----a-w-    c:\windows\apppatch\AcXtrnal.dll
2010-08-26 16:01 . 2010-10-27 05:32    459776    ----a-w-    c:\windows\apppatch\AcSpecfc.dll
2010-08-26 16:01 . 2010-10-27 05:32    541696    ----a-w-    c:\windows\apppatch\AcLayers.dll
2010-08-26 16:01 . 2010-10-27 05:32    2153984    ----a-w-    c:\windows\apppatch\AcGenral.dll
2010-08-26 03:36 . 2010-08-26 03:36    6380032    ----a-w-    c:\windows\system32\drivers\atikmdag.sys
2010-08-26 02:01 . 2010-08-26 02:01    320992    ----a-w-    c:\windows\system32\atiapfxx.exe
2010-08-26 02:01 . 2010-08-26 02:01    528384    ----a-w-    c:\windows\system32\aticfx32.dll
2010-08-26 01:57 . 2010-08-26 01:57    450560    ----a-w-    c:\windows\system32\ATIDEMGX.dll
2010-08-26 01:57 . 2010-08-26 01:57    380928    ----a-w-    c:\windows\system32\atieclxx.exe
2010-08-26 01:57 . 2010-08-26 01:57    176128    ----a-w-    c:\windows\system32\atiesrxx.exe
2010-08-26 01:55 . 2009-11-04 15:43    159744    ----a-w-    c:\windows\system32\atitmmxx.dll
2010-08-26 01:55 . 2010-08-26 01:55    15830016    ----a-w-    c:\windows\system32\atioglxx.dll
2010-08-26 01:55 . 2009-11-04 15:43    356352    ----a-w-    c:\windows\system32\atipdlxx.dll
2010-08-26 01:55 . 2010-08-26 01:55    278528    ----a-w-    c:\windows\system32\Oemdspif.dll
2010-08-26 01:55 . 2010-08-26 01:55    11776    ----a-w-    c:\windows\system32\atimuixx.dll
2010-08-26 01:55 . 2010-08-26 01:55    43520    ----a-w-    c:\windows\system32\ati2edxx.dll
2010-08-26 01:52 . 2010-08-26 01:52    3914240    ----a-w-    c:\windows\system32\atidxx32.dll
2010-08-26 01:34 . 2010-08-26 01:34    46080    ----a-w-    c:\windows\system32\aticalrt.dll
2010-08-26 01:34 . 2010-08-26 01:34    44032    ----a-w-    c:\windows\system32\aticalcl.dll
2010-08-26 01:33 . 2009-11-04 15:23    4032512    ----a-w-    c:\windows\system32\atiumdag.dll
2010-08-26 01:33 . 2010-08-26 01:33    4375552    ----a-w-    c:\windows\system32\aticaldd.dll
2010-08-26 01:27 . 2010-08-26 01:27    65536    ----a-w-    c:\windows\system32\coinst.dll
2010-08-26 01:25 . 2009-11-04 15:05    3392000    ----a-w-    c:\windows\system32\atiumdva.dll
2010-08-26 01:21 . 2010-08-26 01:21    241664    ----a-w-    c:\windows\system32\atiadlxx.dll
2010-08-26 01:21 . 2010-08-26 01:21    12800    ----a-w-    c:\windows\system32\atiglpxx.dll
2010-08-26 01:21 . 2010-08-26 01:21    19968    ----a-w-    c:\windows\system32\atigktxx.dll
2010-08-26 01:20 . 2010-08-26 01:20    221696    ----a-w-    c:\windows\system32\drivers\atikmpag.sys
2010-08-26 01:20 . 2010-08-26 01:20    30208    ----a-w-    c:\windows\system32\atiuxpag.dll
2010-08-26 01:19 . 2010-08-26 01:19    28160    ----a-w-    c:\windows\system32\atiu9pag.dll
2010-08-26 01:19 . 2010-08-26 01:19    23040    ----a-w-    c:\windows\system32\atitmpxx.dll
2010-08-26 01:19 . 2010-08-26 01:19    53248    ----a-w-    c:\windows\system32\drivers\ati2erec.dll
2010-08-26 01:13 . 2010-08-26 01:13    52736    ----a-w-    c:\windows\system32\atimpc32.dll
2010-08-26 01:13 . 2010-08-26 01:13    52736    ----a-w-    c:\windows\system32\amdpcom32.dll
2010-08-17 13:32 . 2010-09-14 19:10    126464    ----a-w-    c:\windows\system32\spoolsv.exe
.

((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2010-09-28 20:44    1400712    ----a-w-    c:\program files\Ask.com\GenericAskToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-09-28 1400712]

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-09-28 1400712]

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-11-29 39408]
"Steam"="c:\program files\Steam\Steam.exe" [2010-10-30 1242448]
"SpywareTerminatorUpdate"="c:\program files\Spyware Terminator\SpywareTerminatorUpdate.exe" [2010-10-28 3215320]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"Bluetooth HCI Monitor"="HCIMNTR.DLL" [2006-12-07 9728]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-08-13 357856]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 333276]
"AVMWlanClient"="c:\program files\avmwlanstick\wlangui.exe" [2006-12-27 1454080]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2010-06-26 30192]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-18 599520]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-07-21 141608]
"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 677858]
"SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 694754]
"AdobeCS5ServiceManager"="c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-22 584666]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-08-25 275922]
"ATICustomerCare"="c:\program files\ATI\ATICustomerCare\ATICustomerCare.exe" [2010-03-04 488924]
"POEngine"="c:\program files\PokerOffice\POEngine.exe" [2007-02-22 652768]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 213472]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-20 1109974]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-03-02 460764]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-04-29 1090952]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
BTTray.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2007-2-13 715568]
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~3\GoogleDesktopNetwork3.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute    REG_MULTI_SZ       autocheck autochk *\0c:\progra~2\SPYWAR~1\sp_rsdel.exe \??\c:\progra~2\SPYWAR~1\sp_rsdel.dat

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 308184]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-03-20 313306]
R3 AVMUNET;AVM FRITZ!Box;c:\windows\system32\DRIVERS\avmunet.sys [2006-11-07 14976]
R3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [x]
R3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2010-06-26 30192]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 404958]
R3 SwitchBoard;SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 694754]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 931294]
R4 sptd;sptd;c:\windows\system32\Drivers\sptd.sys [2009-12-12 721904]
S1 sp_rsdrv2;Spyware Terminator Driver 2;c:\windows\system32\drivers\sp_rsdrv2.sys [2010-10-28 142592]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-08-26 176128]
S2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [2010-02-24 313310]
S2 pcdservice;pcdservice;c:\program files\Phantombility\Phantom CD\pcdservice.exe [2008-11-06 266424]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2010-08-26 6380032]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2010-08-26 221696]
S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdLH3.sys [2010-07-15 99344]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs    REG_MULTI_SZ       BthServ
.
Inhalt des "geplante Tasks" Ordners

2010-10-31 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-03-20 15:38]

2010-10-31 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-03-20 15:38]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://start.icq.com/
uInternet Settings,ProxyOverride = fritz.box;192.168.178.1;*.local
uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
IE: Bild an &Bluetooth-Gerät senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Free YouTube Download - c:\users\Seyin\AppData\Roaming\DVDVideoSoftIEHelpers\youtubedownload.htm
IE: Free YouTube to Mp3 Converter - c:\users\Seyin\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html
IE: Nach Microsoft &Excel exportieren - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Seite an &Bluetooth-Gerät senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
Trusted Zone: everestcasino.com\account
Trusted Zone: targobank.de\www
.

**************************************************************************
Scanne versteckte Prozesse... 

Scanne versteckte Autostarteinträge... 

Scanne versteckte Dateien... 

Scan erfolgreich abgeschlossen
versteckte Dateien: 

**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------

[HKEY_USERS\S-1-5-21-4071076449-3196111840-1513536566-1000\Software\SecuROM\License information*]
"datasecu"=hex:d6,94,14,34,2b,98,dd,10,85,9a,f6,3b,0b,62,b9,c9,6d,25,bd,39,e7,
   92,b0,a1,f8,8e,08,ba,5b,94,37,b3,bd,b8,06,d8,3e,87,a4,a0,e9,6a,c4,f1,f7,a3,\
"rkeysecu"=hex:b6,0a,91,e8,d2,38,c7,43,04,11,2b,8e,fd,d8,00,cf
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------

- - - - - - - > 'Explorer.exe'(5212)
c:\windows\system32\btmmhook.dll
c:\program files\PokerOffice\bin\pshimp.Dll
c:\windows\system32\btncopy.dll
c:\program files\WinSCP\DragExt.dll
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\windows\system32\WUDFHost.exe
c:\windows\system32\WUDFHost.exe
c:\windows\system32\atieclxx.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\avmwlanstick\WlanNetService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
c:\program files\BurnAware Professional\nmsaccessu.exe
c:\program files\Spyware Terminator\sp_rsser.exe
c:\windows\system32\WUDFHost.exe
c:\windows\servicing\TrustedInstaller.exe
c:\windows\System32\rundll32.exe
c:\windows\system32\conime.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
c:\program files\WIDCOMM\Bluetooth Software\BtStackServer.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
c:\program files\PokerOffice\bin\javaw.exe
c:\\?\c:\windows\system32\wbem\WMIADAP.EXE
c:\program files\Windows Mail\WinMail.exe
c:\program files\Windows Media Player\wmpnscfg.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\program files\Internet Explorer\iexplore.exe
c:\program files\Internet Explorer\iexplore.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2010-10-31  12:48:07 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2010-10-31 11:48
ComboFix2.txt  2010-10-31 11:15
ComboFix3.txt  2010-10-30 03:00
ComboFix4.txt  2010-10-30 00:30

Vor Suchlauf: 20 Verzeichnis(se), 215.214.366.720 Bytes frei
Nach Suchlauf: 21 Verzeichnis(se), 215.130.284.032 Bytes frei

- - End Of File - - E402F1E38F7A45C91B524D7A6FB16278

Log von Rootrepeal:

Code

 ROOTREPEAL (c) AD, 2007-2009
==================================================
Scan Start Time:        2010/10/31 12:54
Program Version:        Version 1.3.5.0
Windows Version:        Windows Vista SP1
==================================================

Drivers
-------------------
Name: catchme.sys
Image Path: C:\ComboFix\catchme.sys
Address: 0x9EB5D000    Size: 31744    File Visible: No    Signed: -
Status: -

Name: dump_iaStorV.sys
Image Path: C:\Windows\System32\Drivers\dump_iaStorV.sys
Address: 0x8F28E000    Size: 659456    File Visible: No    Signed: -
Status: -

Name: PROCEXP113.SYS
Image Path: C:\Windows\system32\Drivers\PROCEXP113.SYS
Address: 0x9EB65000    Size: 7872    File Visible: No    Signed: -
Status: -

Name: rootrepeal.sys
Image Path: C:\Windows\system32\drivers\rootrepeal.sys
Address: 0x9EB67000    Size: 49152    File Visible: No    Signed: -
Status: -

Hidden/Locked Files
-------------------
Path: C:\hiberfil.sys
Status: Locked to the Windows API!

Path: C:\System Volume Information\{018AB~1
Status: Locked to the Windows API!

Path: C:\System Volume Information\{018ab848-de9d-11df-b963-001e4ce65f72}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{018AB~3
Status: Locked to the Windows API!

Path: C:\System Volume Information\{018AB~4
Status: Locked to the Windows API!

Path: C:\System Volume Information\{0AFC9~1
Status: Locked to the Windows API!

Path: C:\System Volume Information\{0f479fb6-e2da-11df-86c0-001e4ce65f72}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{194A4~1
Status: Locked to the Windows API!

Path: C:\System Volume Information\{194a4b54-e2a0-11df-9660-001e4ce65f72}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{26C81~1
Status: Locked to the Windows API!

Path: C:\System Volume Information\{2727821e-e2e6-11df-a490-001e4ce65f72}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{27278228-e2e6-11df-a490-001e4ce65f72}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{7c527401-e3bb-11df-af9b-001e4ce65f72}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{8e844352-e2d5-11df-981e-001e4ce65f72}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{9E39D~1
Status: Locked to the Windows API!

Path: C:\System Volume Information\{9e39dcc2-d916-11df-a9df-001e4ce65f72}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{9e39dcc8-d916-11df-a9df-001e4ce65f72}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{9e39dcce-d916-11df-a9df-001e4ce65f72}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{9e39dcd4-d916-11df-a9df-001e4ce65f72}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{43b368ae-d8a3-11df-a4f6-001e4ce65f72}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{47057917-d75c-11df-8e34-001e4ce65f72}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{c338ded4-e357-11df-9f56-001e4ce65f72}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{c338deda-e357-11df-9f56-001e4ce65f72}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{C636A~1
Status: Locked to the Windows API!

Path: C:\System Volume Information\{cb63e270-e2db-11df-8348-001e4ce65f72}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{CC57D~1
Status: Locked to the Windows API!

Path: C:\System Volume Information\{D9317~1
Status: Locked to the Windows API!

Path: C:\System Volume Information\{ee7dffe7-d94d-11df-b74a-001e4ce65f72}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{f637c5f2-e35a-11df-ad7e-001e4ce65f72}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{fd306930-db43-11df-afbe-001e4ce65f72}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\Windows\Microsoft.NET\Framework\NETFXS~1.HKF
Status: Locked to the Windows API!

Path: C:\Windows\System32\wbem\PORTAB~1.MOF
Status: Locked to the Windows API!

Path: C:\Windows\System32\wbem\PORTAB~2.MOF
Status: Locked to the Windows API!

Path: C:\Windows\System32\wbem\PORTAB~3.MOF
Status: Locked to the Windows API!

Path: C:\Windows\System32\wbem\PRINTF~1.MOF
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.msxml2_6bd6b9abf345378f_4.20.9870.0_none_b7e00e6c7b30b69b.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.atl_1fc8b3b9a1e18e3b_8.0.50727.762_none_11ecb0ab9b2caf3c.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.21022.8_none_bcb86ed6ac711f91.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.762_none_0c178a139ee2a7ed.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.mfcloc_1fc8b3b9a1e18e3b_8.0.50727.42_none_58843c41d2730d3f.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.openmp_1fc8b3b9a1e18e3b_8.0.50727.762_none_7b33aa7d218504d2.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4148_none_5090ab56bcba71c2.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.mfcloc_1fc8b3b9a1e18e3b_8.0.50727.42_none_0e9c2a8d74fd3ce6.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.msxml2_6bd6b9abf345378f_4.20.9818.0_none_b7e811947b297f6d.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.openmp_1fc8b3b9a1e18e3b_8.0.50727.42_none_7658964504b9f3b6.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc90.atl_1fc8b3b9a1e18e3b_9.0.30729.4137_none_51c97d20bbe8350e.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.openmp_1fc8b3b9a1e18e3b_8.0.50727.762_none_abac38a907ee8801.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.9.0.microsoft.vc90.openmp_1fc8b3b9a1e18e3b_9.0.30729.4148_none_0e9108e3b72e14d4.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.762_none_10b2f55f9bffb8f8.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.9.0.microsoft.vc90.mfc_1fc8b3b9a1e18e3b_9.0.30729.4137_none_ecfe4c8afb2661fb.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.762_none_8a14c0566bec5b24.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.42_none_db5f52fb98cb24ad.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.9.0.microsoft.vc90.mfcloc_1fc8b3b9a1e18e3b_9.0.30729.1_none_818f59bf601aa775.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.42_none_54c11df268b7c6d9.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc90.mfc_1fc8b3b9a1e18e3b_9.0.30729.4137_none_4bf45688bf9e2dbf.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.atl_1fc8b3b9a1e18e3b_8.0.50727.42_none_58b19c2866332652.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4053_none_d08d7da0442a985d.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4053_none_516e2e610f48bda6.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.mfcloc_1fc8b3b9a1e18e3b_8.0.50727.4053_none_4db266e67dd280ef.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.42_none_d6c3e7af9bae13a2.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc90.atl_1fc8b3b9a1e18e3b_9.0.30729.1_none_e29d1181971ae11e.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.4.1.microsoft.msxml2r_6bd6b9abf345378f_4.1.1.0_none_8b7b15c031cda6db.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.9.0.microsoft.vc90.atl_1fc8b3b9a1e18e3b_9.0.30729.4137_none_f0eecac0f8a1c174.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.4.20.microsoft.msxml2_6bd6b9abf345378f_4.20.9870.0_none_a6dea5dc0ea08098.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.atl_1fc8b3b9a1e18e3b_8.0.50727.762_none_8e053e8c6967ba9d.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.1_none_e163563597edeada.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.42_none_5c4003bc63e949f6.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.msxml2r_6bd6b9abf345378f_4.1.1.0_none_365945b9da656e4d.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.atl_1fc8b3b9a1e18e3b_8.0.50727.42_none_dc990e4797f81af1.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.9.0.microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4137_none_f47d3254f657e518.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.4053_none_cbf21254470d8752.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.mfcloc_1fc8b3b9a1e18e3b_8.0.50727.4053_none_03ca5532205cb096.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.atl_1fc8b3b9a1e18e3b_8.0.50727.4053_none_4ddfc6cd11929a02.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.mfcloc_1fc8b3b9a1e18e3b_8.0.50727.762_none_8dd7dea5d5a7a18a.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc90.mfc_1fc8b3b9a1e18e3b_9.0.30729.4148_none_4bf5400abf9d60b7.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.9.0.microsoft.vc90.atl_1fc8b3b9a1e18e3b_9.0.30729.1_none_81c25f21d3d46d84.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc90.mfcloc_1fc8b3b9a1e18e3b_9.0.30729.1_none_da4695fc507e16e1.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc90.openmp_1fc8b3b9a1e18e3b_9.0.21022.8_none_ecdf8c290e547f39.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.9.0.microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.1_none_8550c6b5d18a9128.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4137_none_508fc1d4bcbb3eca.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.9.0.microsoft.vc90.mfcloc_1fc8b3b9a1e18e3b_9.0.30729.4148_none_f0bcaee084e72e5d.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc90.openmp_1fc8b3b9a1e18e3b_9.0.30729.4148_none_80b7c8a91e9dd16a.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc90.mfc_1fc8b3b9a1e18e3b_9.0.30729.1_none_dcc7eae99ad0d9cf.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.9.0.microsoft.vc90.mfc_1fc8b3b9a1e18e3b_9.0.30729.1_none_7dd1e0ebd6590e0b.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.9.0.microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4148_none_f47e1bd6f6571810.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.9.0.microsoft.vc90.mfc_1fc8b3b9a1e18e3b_9.0.30729.4148_none_ecff360cfb2594f3.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.msxml2_6bd6b9abf345378f_4.20.9876.0_none_b7e610287b2b4ea5.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.9.0.microsoft.vc90.openmp_1fc8b3b9a1e18e3b_9.0.21022.8_none_7ab8cc63a6e4c2a3.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.atl_1fc8b3b9a1e18e3b_8.0.50727.4053_none_d1c738ec43578ea1.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.4053_none_49ef489714173a89.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.msxml2r_6bd6b9abf345378f_4.1.0.0_none_3658456fda6654f6.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.openmp_1fc8b3b9a1e18e3b_8.0.50727.42_none_45e008191e507087.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.mfcloc_1fc8b3b9a1e18e3b_8.0.50727.762_none_43efccf17831d131.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.9.0.microsoft.vc90.atl_1fc8b3b9a1e18e3b_9.0.30729.4148_none_f0efb442f8a0f46c.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.762_none_9193a620671dde41.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc90.atl_1fc8b3b9a1e18e3b_9.0.30729.4148_none_51ca66a2bbe76806.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.4.20.microsoft.msxml2_6bd6b9abf345378f_4.20.9876.0_none_a6e4a7980e9b18a2.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.9.0.microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.21022.8_none_60a5df56e60dc5df.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc90.mfcloc_1fc8b3b9a1e18e3b_9.0.30729.4148_none_4973eb1d754a9dc9.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-com-base-qfe-ole32_31bf3856ad364e35_6.0.6001.18000_none_ac1da75bf2516084\$$DeleteMe.ole32.dll.01cb6b6c2ea96c51.0002
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-n..xcorecomp.resources_31bf3856ad364e35_6.0.6000.16720_de-de_589603bea65c07cf\EDITUS~1.RES
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-n..xcorecomp.resources_31bf3856ad364e35_6.0.6000.16720_de-de_589603bea65c07cf\SMTPSE~1.RES
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-n..xcorecomp.resources_31bf3856ad364e35_6.0.6000.16720_de-de_589603bea65c07cf\WEE477~1.RES
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-n..xcorecomp.resources_31bf3856ad364e35_6.0.6000.20883_de-de_58e1c1dfbfa79b44\EDITUS~1.RES
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-n..xcorecomp.resources_31bf3856ad364e35_6.0.6000.20883_de-de_58e1c1dfbfa79b44\SMTPSE~1.RES
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-n..xcorecomp.resources_31bf3856ad364e35_6.0.6000.20883_de-de_58e1c1dfbfa79b44\WEE477~1.RES
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-n..xcorecomp.resources_31bf3856ad364e35_6.0.6001.18111_de-de_5a88129aa3799626\EDITUS~1.RES
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-n..xcorecomp.resources_31bf3856ad364e35_6.0.6001.18111_de-de_5a88129aa3799626\SMTPSE~1.RES
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-n..xcorecomp.resources_31bf3856ad364e35_6.0.6001.18111_de-de_5a88129aa3799626\WEE477~1.RES
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-netfx3-core_31bf3856ad364e35_6.0.6001.18096_none_67458179da6478e3\FRAMEW~1.XML
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-netfx3-core_31bf3856ad364e35_6.0.6000.16708_none_65c29499dcf31c4e\FRAMEW~1.XML
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-netfx3-core_31bf3856ad364e35_6.0.6000.20864_none_660750b4f644fe62\FRAMEW~1.XML
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-p..oler-filterpipeline_31bf3856ad364e35_6.0.6001.18226_none_2b9dff39db71a7a1\PRINTF~1.MOF
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-p..oler-filterpipeline_31bf3856ad364e35_6.0.6000.16830_none_29a6eeebde589a97\PRINTF~1.MOF
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-p..oler-filterpipeline_31bf3856ad364e35_6.0.6000.21023_none_2a3e34a2f76b9db7\PRINTF~1.MOF
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-s..ent-sku-homepremium_31bf3856ad364e35_6.0.6002.18005_none_3d90d406f6a60fcd\SE3B5D~1.XRM
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-s..ent-sku-homepremium_31bf3856ad364e35_6.0.6002.18005_none_3d90d406f6a60fcd\SE54EE~1.XRM
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-s..ent-sku-homepremium_31bf3856ad364e35_6.0.6002.18005_none_3d90d406f6a60fcd\SE4BA2~1.XRM
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-s..ent-sku-homepremium_31bf3856ad364e35_6.0.6002.18005_none_3d90d406f6a60fcd\SE5F3C~1.XRM
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-s..ent-sku-homepremium_31bf3856ad364e35_6.0.6002.18005_none_3d90d406f6a60fcd\SECURI~4.XRM
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-s..ent-sku-homepremium_31bf3856ad364e35_6.0.6002.18005_none_3d90d406f6a60fcd\SE5FBC~1.XRM
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-s..ent-sku-homepremium_31bf3856ad364e35_6.0.6002.18005_none_3d90d406f6a60fcd\SE6DB5~1.XRM
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-s..ent-sku-homepremium_31bf3856ad364e35_6.0.6002.18005_none_3d90d406f6a60fcd\SE9AEB~1.XRM
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-shell-comctl32-v5_31bf3856ad364e35_6.0.6001.18000_none_399c1f00d7f7837a\$$DeleteMe.comctl32.dll.01cb6b6c2e7e9391.0000
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-w..mediadeliveryengine_31bf3856ad364e35_6.0.6001.18000_none_1d7020d85d93d705\$$DeleteMe.wmpmde.dll.01cb6b6c2e8a7a71.0001
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-wpd-portabledeviceapi_31bf3856ad364e35_6.0.6000.16767_none_48e0ac03ef0db56a\PORTAB~1.MOF
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-wpd-portabledeviceapi_31bf3856ad364e35_6.0.6000.16767_none_48e0ac03ef0db56a\PORTAB~2.MOF
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-wpd-portabledeviceapi_31bf3856ad364e35_6.0.6000.16767_none_48e0ac03ef0db56a\PORTAB~3.MOF
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-wpd-portabledeviceapi_31bf3856ad364e35_6.0.6000.20941_none_4979e8d10820826f\PORTAB~1.MOF
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-wpd-portabledeviceapi_31bf3856ad364e35_6.0.6000.20941_none_4979e8d10820826f\PORTAB~2.MOF
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-wpd-portabledeviceapi_31bf3856ad364e35_6.0.6000.20941_none_4979e8d10820826f\PORTAB~3.MOF
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-wpd-portabledeviceapi_31bf3856ad364e35_6.0.6001.18160_none_4abfe8a3ec3a94fa\PORTAB~1.MOF
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-wpd-portabledeviceapi_31bf3856ad364e35_6.0.6001.18160_none_4abfe8a3ec3a94fa\PORTAB~2.MOF
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-wpd-portabledeviceapi_31bf3856ad364e35_6.0.6001.18160_none_4abfe8a3ec3a94fa\PORTAB~3.MOF
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-wpd-portabledeviceapi_31bf3856ad364e35_6.0.6001.22292_none_4b2b163f056ebb45\PORTAB~1.MOF
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-wpd-portabledeviceapi_31bf3856ad364e35_6.0.6001.22292_none_4b2b163f056ebb45\PORTAB~2.MOF
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-wpd-portabledeviceapi_31bf3856ad364e35_6.0.6001.22292_none_4b2b163f056ebb45\PORTAB~3.MOF
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-wpd-portabledeviceapi_31bf3856ad364e35_6.0.6002.18005_none_4cec3f51e92bbb79\PORTAB~1.MOF
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-wpd-portabledeviceapi_31bf3856ad364e35_6.0.6002.18005_none_4cec3f51e92bbb79\PORTAB~2.MOF
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-wpd-portabledeviceapi_31bf3856ad364e35_6.0.6002.18005_none_4cec3f51e92bbb79\PORTAB~3.MOF
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webmintrust_config_b03f5f7f11d50a3a_6.0.6000.16720_none_e2c358ab062e054b\WEB_MI~1.CON
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webmintrust_config_b03f5f7f11d50a3a_6.0.6000.20883_none_cbfb6f4f1fd04a3e\WEB_MI~1.CON
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webmintrust_config_b03f5f7f11d50a3a_6.0.6001.18111_none_e29e3d61068011ec\WEB_MI~1.CON
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webmintrust_config_b03f5f7f11d50a3a_6.0.6001.22230_none_cbd2adfd20258aff\WEB_MI~1.CON
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webevent_sqlprov_b03f5f7f11d50a3a_6.0.6001.18111_none_a335242e0936a3fd\INSTAL~1.SQL
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webevent_sqlprov_b03f5f7f11d50a3a_6.0.6001.18111_none_a335242e0936a3fd\UNINST~1.SQL
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-uninstallsqlstate_sql_b03f5f7f11d50a3a_6.0.6000.16720_none_a2f69a4627a6df36\UNINST~1.SQL
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-uninstallsqlstate_sql_b03f5f7f11d50a3a_6.0.6000.20883_none_8c2eb0ea41492429\UNINST~1.SQL
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-uninstallsqlstate_sql_b03f5f7f11d50a3a_6.0.6001.18111_none_a2d17efc27f8ebd7\UNINST~1.SQL
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-uninstallsqlstate_sql_b03f5f7f11d50a3a_6.0.6001.22230_none_8c05ef98419e64ea\UNINST~1.SQL
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-vbc_exe_config_b03f5f7f11d50a3a_6.0.6000.16720_none_32a2a55c0f70152b\VBCEXE~1.CON
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-vbc_exe_config_b03f5f7f11d50a3a_6.0.6000.20883_none_1bdabc0029125a1e\VBCEXE~1.CON
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-vbc_exe_config_b03f5f7f11d50a3a_6.0.6001.18111_none_327d8a120fc221cc\VBCEXE~1.CON
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-webhightrust_config_b03f5f7f11d50a3a_6.0.6000.16720_none_a05f40e791345747\WEB_HI~1.CON
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-webhightrust_config_b03f5f7f11d50a3a_6.0.6000.20883_none_8997578baad69c3a\WEB_HI~1.CON
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-webhightrust_config_b03f5f7f11d50a3a_6.0.6001.18111_none_a03a259d918663e8\WEB_HI~1.CON
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-webhightrust_config_b03f5f7f11d50a3a_6.0.6001.22230_none_896e9639ab2bdcfb\WEB_HI~1.CON
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-xpthemes_manifest_b03f5f7f11d50a3a_6.0.6000.16720_none_1e9c83dead284b26\XPTHEM~1.MAN
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-xpthemes_manifest_b03f5f7f11d50a3a_6.0.6000.20883_none_07d49a82c6ca9019\XPTHEM~1.MAN
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-xpthemes_manifest_b03f5f7f11d50a3a_6.0.6001.18111_none_1e776894ad7a57c7\XPTHEM~1.MAN
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-xpthemes_manifest_b03f5f7f11d50a3a_6.0.6001.22230_none_07abd930c71fd0da\XPTHEM~1.MAN
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_policy.1.2.microsof..op.security.azroles_31bf3856ad364e35_6.0.6000.16386_none_ea83414c2e75b887\Microsoft.Interop.Security.AzRoles.config
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webevent_sqlprov_b03f5f7f11d50a3a_6.0.6001.22230_none_8c6994ca22dc1d10\INSTAL~1.SQL
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webevent_sqlprov_b03f5f7f11d50a3a_6.0.6001.22230_none_8c6994ca22dc1d10\UNINST~1.SQL
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webmedtrust_config_b03f5f7f11d50a3a_6.0.6000.16720_none_2c88b9b71ca44e71\WEB_ME~1.CON
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webmedtrust_config_b03f5f7f11d50a3a_6.0.6000.20883_none_15c0d05b36469364\WEB_ME~1.CON
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webmedtrust_config_b03f5f7f11d50a3a_6.0.6001.18111_none_2c639e6d1cf65b12\WEB_ME~1.CON
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webmedtrust_config_b03f5f7f11d50a3a_6.0.6001.22230_none_15980f09369bd425\WEB_ME~1.CON
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-vbc_exe_config_b03f5f7f11d50a3a_6.0.6001.22230_none_1bb1faae29679adf\VBCEXE~1.CON
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-csc_exe_config_b03f5f7f11d50a3a_6.0.6000.16720_none_879a188098bde787\CSCEXE~1.CON
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-csc_exe_config_b03f5f7f11d50a3a_6.0.6000.20883_none_70d22f24b2602c7a\CSCEXE~1.CON
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-csc_exe_config_b03f5f7f11d50a3a_6.0.6001.18111_none_8774fd36990ff428\CSCEXE~1.CON
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-csc_exe_config_b03f5f7f11d50a3a_6.0.6001.22230_none_70a96dd2b2b56d3b\CSCEXE~1.CON
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_wizard_res_b03f5f7f11d50a3a_6.0.6000.16720_none_a5a88a6ce272adc8\CONFIR~1.RES
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_wizard_res_b03f5f7f11d50a3a_6.0.6000.16720_none_a5a88a6ce272adc8\WIZARD~2.RES
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_wizard_res_b03f5f7f11d50a3a_6.0.6000.16720_none_a5a88a6ce272adc8\WIZARD~3.RES
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_wizard_res_b03f5f7f11d50a3a_6.0.6000.16720_none_a5a88a6ce272adc8\WIZARD~4.RES
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_wizard_res_b03f5f7f11d50a3a_6.0.6000.16720_none_a5a88a6ce272adc8\WI7FD4~1.RES
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_wizard_res_b03f5f7f11d50a3a_6.0.6000.16720_none_a5a88a6ce272adc8\WI49C3~1.RES
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_wizard_res_b03f5f7f11d50a3a_6.0.6000.16720_none_a5a88a6ce272adc8\WI2CD7~1.RES
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_wizard_res_b03f5f7f11d50a3a_6.0.6000.16720_none_a5a88a6ce272adc8\WI3A48~1.RES
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_wizard_res_b03f5f7f11d50a3a_6.0.6000.20883_none_8ee0a110fc14f2bb\CONFIR~1.RES
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_wizard_res_b03f5f7f11d50a3a_6.0.6000.20883_none_8ee0a110fc14f2bb\WIZARD~2.RES
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_wizard_res_b03f5f7f11d50a3a_6.0.6000.20883_none_8ee0a110fc14f2bb\WIZARD~3.RES
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_wizard_res_b03f5f7f11d50a3a_6.0.6000.20883_none_8ee0a110fc14f2bb\WIZARD~4.RES
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_wizard_res_b03f5f7f11d50a3a_6.0.6000.20883_none_8ee0a110fc14f2bb\WI7FD4~1.RES
Status: Locked to the WiProcesses
-------------------
Path: System
PID: 4    Status: Locked to the Windows API!

Path: C:\Windows\System32\audiodg.exe
PID: 1212    Status: Locked to the Windows API!

Stealth Objects
-------------------
Object: Hidden Handle [Index: 360, Type: UnknownType]
Process: sched.exe (PID: 1808)    Address: 0x859d7b20    Size: -

Object: Hidden Handle [Index: 368, Type: UnknownType]
Process: sched.exe (PID: 1808)    Address: 0x85eb4cf8    Size: -

==EOF==