Hijack zur Überprüfung nach Entfernung von AV Security

castol · 20.06.2010, 09:04

Hallo...

Ich habe das Programm AV Security von meinem Rechner entfernt und es wurde geraten die Logfiles zur Überprüfung hier einzustellen... Wäre nett, wenn ihr mal drüberschaut. Vielen Dank!

log.txt:

RSIT Logfile:

Code:

ATTFilter

Logfile of random's system information tool 1.07 (written by random/random)
Run by Carsten u. Jessi at 2010-06-20 09:51:14
Microsoft® Windows Vista™ Home Premium  Service Pack 1
System drive C: has 35 GB (48%) free of 74 GB
Total RAM: 3066 MB (60% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 09:51:33, on 20.06.2010
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v8.00 (8.00.6001.18928)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe
C:\Windows\Explorer.EXE
C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe
C:\Program Files\Samsung\Samsung Magic Doctor\MagicDoctorKbdHk.exe
C:\Program Files\Samsung\EBM\EasyBatteryMgr3.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\System32\rundll32.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
D:\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
D:\Nokia\Nokia PC Suite 7\PCSuite.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Carsten u. Jessi\Desktop\RSIT.exe
C:\Program Files\trend micro\Carsten u. Jessi.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http:\\www.samsungcomputer.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.icq.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http:\\www.samsungcomputer.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:5555
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
R3 - URLSearchHook: (no name) -  - (no file)
R3 - URLSearchHook: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
R3 - URLSearchHook: (no name) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\pdfforge Toolbar\SearchSettings.dll
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: pdfforge Toolbar - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files\pdfforge Toolbar\IE\1.1.2\pdfforgeToolbarIE.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: (no name) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\pdfforge Toolbar\SearchSettings.dll
O3 - Toolbar: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
O3 - Toolbar: pdfforge Toolbar - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files\pdfforge Toolbar\IE\1.1.2\pdfforgeToolbarIE.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKLM\..\Run: [NBKeyScan] "D:\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [avgnt] "D:\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "D:\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
O4 - HKLM\..\Run: [SearchSettings] C:\Program Files\pdfforge Toolbar\SearchSettings.exe
O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKCU\..\Run: [PC Suite Tray] "D:\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETZWERKDIENST')
O4 - Global Startup: BTTray.lnk = ?
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://D:\MICROS~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - D:\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - D:\ICQ6.5\ICQ.exe
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Avira GmbH - D:\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - D:\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Application Updater - Spigot, Inc. - C:\Program Files\Application Updater\ApplicationUpdater.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: ICQ Service - Unknown owner - C:\Program Files\ICQ6Toolbar\ICQ Service.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - D:\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\Windows\system32\IoctlSvc.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel(R) Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe
O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: Samsung Update Plus - Unknown owner - C:\Program Files\Samsung\Samsung Update Plus\SLUBackgroundService.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

--
End of file - 9954 bytes

======Scheduled tasks folder======

C:\Windows\tasks\Ad-Aware Update (Weekly).job
C:\Windows\tasks\User_Feed_Synchronization-{68F84A87-B3CE-435E-BBC6-F28EA3C8E659}.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B922D405-6D13-4A2B-AE89-08A030DA4402}]
pdfforge Toolbar - C:\Program Files\pdfforge Toolbar\IE\1.1.2\pdfforgeToolbarIE.dll [2010-01-08 700416]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-05-27 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E312764E-7706-43F1-8DAB-FCDD2B1E416D}]
C:\Program Files\pdfforge Toolbar\SearchSettings.dll [2010-01-08 1109504]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{855F3B16-6D32-4fe6-8A56-BBB695989046} - ICQToolBar - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll [2008-12-09 958200]
{B922D405-6D13-4A2B-AE89-08A030DA4402} - pdfforge Toolbar - C:\Program Files\pdfforge Toolbar\IE\1.1.2\pdfforgeToolbarIE.dll [2010-01-08 700416]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2008-01-21 1008184]
"NvCplDaemon"=C:\Windows\system32\NvCpl.dll [2008-07-26 13548064]
"NvMediaCenter"=C:\Windows\system32\NvMcTray.dll [2008-07-26 92704]
"RtHDVCpl"=C:\Windows\RtHDVCpl.exe [2008-04-17 6111232]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2007-10-26 1029416]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-01-11 39792]
"RemoteControl"=C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe [2007-03-14 71216]
"LanguageShortcut"=C:\Program Files\CyberLink\PowerDVD\Language\Language.exe [2007-01-08 52256]
"TkBellExe"=C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2009-03-11 180269]
"NWEReboot"= []
"Ad-Watch"=C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe [2010-03-01 524632]
"NBKeyScan"=D:\Nero\Nero8\Nero BackItUp\NBKeyScan.exe [2008-06-08 2221352]
"avgnt"=D:\Avira\AntiVir Desktop\avgnt.exe [2009-03-02 209153]
"SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2010-02-18 248040]
"QuickTime Task"=D:\QuickTime\QTTask.exe [2009-05-26 413696]
""= []
"RoxWatchTray"=C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe [2008-06-08 236016]
"SearchSettings"=C:\Program Files\pdfforge Toolbar\SearchSettings.exe [2010-01-08 974848]
"DivXUpdate"=C:\Program Files\DivX\DivX Update\DivXUpdate.exe [2010-06-03 1144104]
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2008-01-21 1233920]
"LightScribe Control Panel"=C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe [2008-03-17 2289664]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"=C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe [2008-06-24 1840424]
"PC Suite Tray"=D:\Nokia\Nokia PC Suite 7\PCSuite.exe [2009-06-25 1414144]
"ehTray.exe"=C:\Windows\ehome\ehTray.exe [2008-01-21 125952]
"WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe [2008-01-21 202240]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
BTTray.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Lavasoft Ad-Aware Service]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 months======

2010-06-20 09:51:14 ----D---- C:\rsit
2010-06-20 09:51:14 ----D---- C:\Program Files\trend micro
2010-06-20 09:31:19 ----A---- C:\Windows\system32\occache.dll
2010-06-20 09:31:19 ----A---- C:\Windows\system32\mstime.dll
2010-06-20 09:31:18 ----A---- C:\Windows\system32\msfeedsbs.dll
2010-06-20 09:31:18 ----A---- C:\Windows\system32\msfeeds.dll
2010-06-20 09:31:18 ----A---- C:\Windows\system32\jsproxy.dll
2010-06-20 09:31:18 ----A---- C:\Windows\system32\ieui.dll
2010-06-20 09:31:18 ----A---- C:\Windows\system32\iepeers.dll
2010-06-20 09:31:17 ----A---- C:\Windows\system32\wininet.dll
2010-06-20 09:31:17 ----A---- C:\Windows\system32\iesetup.dll
2010-06-20 09:31:17 ----A---- C:\Windows\system32\iernonce.dll
2010-06-20 09:31:17 ----A---- C:\Windows\system32\iedkcs32.dll
2010-06-20 09:31:16 ----A---- C:\Windows\system32\msfeedssync.exe
2010-06-20 09:31:16 ----A---- C:\Windows\system32\ieUnatt.exe
2010-06-20 09:31:16 ----A---- C:\Windows\system32\iesysprep.dll
2010-06-20 09:31:16 ----A---- C:\Windows\system32\iertutil.dll
2010-06-20 09:31:16 ----A---- C:\Windows\system32\ie4uinit.exe
2010-06-20 09:31:15 ----A---- C:\Windows\system32\urlmon.dll
2010-06-20 09:31:14 ----A---- C:\Windows\system32\mshtml.dll
2010-06-20 09:31:14 ----A---- C:\Windows\system32\ieframe.dll
2010-06-20 09:30:52 ----D---- C:\ProgramData\Sun
2010-06-20 09:30:51 ----D---- C:\Program Files\Common Files\Java
2010-06-20 09:30:22 ----A---- C:\Windows\system32\javaws.exe
2010-06-20 09:30:22 ----A---- C:\Windows\system32\javaw.exe
2010-06-20 09:30:22 ----A---- C:\Windows\system32\java.exe
2010-06-20 09:30:22 ----A---- C:\Windows\system32\deployJava1.dll
2010-06-20 09:29:05 ----A---- C:\Windows\system32\mshtmled.dll
2010-06-20 09:29:05 ----A---- C:\Windows\system32\icardie.dll
2010-06-20 09:29:04 ----A---- C:\Windows\system32\msls31.dll
2010-06-20 09:29:04 ----A---- C:\Windows\system32\mshtmler.dll
2010-06-20 09:29:04 ----A---- C:\Windows\system32\corpol.dll
2010-06-20 09:29:04 ----A---- C:\Windows\system32\admparse.dll
2010-06-20 09:29:03 ----A---- C:\Windows\system32\imgutil.dll
2010-06-20 09:29:03 ----A---- C:\Windows\system32\ieakeng.dll
2010-06-20 09:29:03 ----A---- C:\Windows\system32\dxtrans.dll
2010-06-20 09:29:03 ----A---- C:\Windows\system32\dxtmsft.dll
2010-06-20 09:29:02 ----A---- C:\Windows\system32\WinFXDocObj.exe
2010-06-20 09:29:02 ----A---- C:\Windows\system32\wextract.exe
2010-06-20 09:29:02 ----A---- C:\Windows\system32\webcheck.dll
2010-06-20 09:29:02 ----A---- C:\Windows\system32\msrating.dll
2010-06-20 09:29:02 ----A---- C:\Windows\system32\licmgr10.dll
2010-06-20 09:29:02 ----A---- C:\Windows\system32\inseng.dll
2010-06-20 09:29:02 ----A---- C:\Windows\system32\ieakui.dll
2010-06-20 09:29:02 ----A---- C:\Windows\system32\ieaksie.dll
2010-06-20 09:29:01 ----A---- C:\Windows\system32\vbscript.dll
2010-06-20 09:29:01 ----A---- C:\Windows\system32\url.dll
2010-06-20 09:29:01 ----A---- C:\Windows\system32\pngfilt.dll
2010-06-20 09:29:01 ----A---- C:\Windows\system32\jscript.dll
2010-06-20 09:29:01 ----A---- C:\Windows\system32\ieapfltr.dll
2010-06-20 09:29:01 ----A---- C:\Windows\system32\advpack.dll
2010-06-20 09:29:00 ----A---- C:\Windows\system32\mshta.exe
2010-06-20 09:29:00 ----A---- C:\Windows\system32\iexpress.exe
2010-06-20 09:28:59 ----A---- C:\Windows\system32\SetIEInstalledDate.exe
2010-06-20 09:28:59 ----A---- C:\Windows\system32\SetDepNx.exe
2010-06-20 09:28:59 ----A---- C:\Windows\system32\RegisterIEPKEYs.exe
2010-06-20 09:28:59 ----A---- C:\Windows\system32\PDMSetup.exe
2010-06-19 18:19:35 ----D---- C:\Users\Carsten u. Jessi\AppData\Roaming\Malwarebytes
2010-06-19 18:18:49 ----D---- C:\ProgramData\Malwarebytes
2010-06-12 15:23:27 ----D---- C:\Program Files\Common Files\DivX Shared
2010-06-09 07:06:17 ----A---- C:\Windows\system32\asycfilt.dll
2010-06-09 07:06:15 ----A---- C:\Windows\system32\atmlib.dll
2010-06-09 07:06:15 ----A---- C:\Windows\system32\atmfd.dll
2010-06-09 07:05:35 ----A---- C:\Windows\system32\quartz.dll
2010-05-27 21:03:14 ----D---- C:\ProgramData\DivX
2010-05-26 07:02:05 ----A---- C:\Windows\system32\tzres.dll

======List of files/folders modified in the last 1 months======

2010-06-20 09:51:26 ----D---- C:\Windows\Prefetch
2010-06-20 09:51:18 ----D---- C:\Windows\Temp
2010-06-20 09:51:14 ----RD---- C:\Program Files
2010-06-20 09:43:39 ----D---- C:\Windows
2010-06-20 09:42:45 ----D---- C:\Windows\system32\migration
2010-06-20 09:42:45 ----D---- C:\Windows\System32
2010-06-20 09:42:45 ----D---- C:\Program Files\Internet Explorer
2010-06-20 09:42:44 ----D---- C:\Windows\system32\de-DE
2010-06-20 09:42:40 ----D---- C:\Windows\system32\en-US
2010-06-20 09:42:40 ----D---- C:\Windows\PolicyDefinitions
2010-06-20 09:40:06 ----D---- C:\Windows\Debug
2010-06-20 09:32:06 ----D---- C:\Windows\winsxs
2010-06-20 09:32:04 ----D---- C:\Windows\system32\catroot
2010-06-20 09:31:40 ----D---- C:\Windows\system32\catroot2
2010-06-20 09:30:52 ----SHD---- C:\Windows\Installer
2010-06-20 09:30:52 ----HD---- C:\ProgramData
2010-06-20 09:30:51 ----D---- C:\Program Files\Common Files
2010-06-20 09:30:16 ----D---- C:\Program Files\Java
2010-06-20 09:30:12 ----D---- C:\Program Files\DivX
2010-06-20 09:29:55 ----D---- C:\Windows\inf
2010-06-20 09:29:55 ----A---- C:\Windows\system32\PerfStringBackup.INI
2010-06-20 09:28:42 ----SHD---- C:\System Volume Information
2010-06-19 19:05:29 ----D---- C:\Windows\system32\drivers
2010-06-19 19:04:57 ----D---- C:\Windows\PCHEALTH
2010-06-19 17:58:37 ----D---- C:\Program Files\ICQ6Toolbar
2010-06-12 15:23:37 ----D---- C:\Program Files\Common Files\PX Storage Engine
2010-06-12 10:09:50 ----SD---- C:\Users\Carsten u. Jessi\AppData\Roaming\Microsoft
2010-06-10 07:30:10 ----D---- C:\Windows\Microsoft.NET
2010-06-10 07:30:04 ----RSD---- C:\Windows\assembly
2010-06-10 07:19:05 ----D---- C:\Windows\system32\wbem
2010-06-10 07:19:03 ----D---- C:\Program Files\Windows Mail
2010-05-28 21:37:34 ----A---- C:\Windows\system32\mrt.exe
2010-05-27 21:17:58 ----D---- C:\Users\Carsten u. Jessi\AppData\Roaming\DivX
2010-05-27 07:00:49 ----D---- C:\Windows\rescache
2010-05-21 14:14:28 ----N---- C:\Windows\system32\MpSigStub.exe

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 avgio;avgio; \??\D:\Avira\AntiVir Desktop\avgio.sys [2009-02-13 11608]
R1 avipbb;avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [2009-04-27 96104]
R1 ssmdrv;ssmdrv; C:\Windows\system32\DRIVERS\ssmdrv.sys [2009-06-09 28520]
R2 avgntflt;avgntflt; C:\Windows\system32\DRIVERS\avgntflt.sys [2009-12-07 56816]
R2 KMDFMEMIO;SAMSUNG Kernel Driver; C:\Windows\system32\DRIVERS\kmdfmemio.sys [2007-05-23 13312]
R3 athr;Atheros Extensible Wireless LAN device driver; C:\Windows\system32\DRIVERS\athr.sys [2008-04-27 909824]
R3 CmBatt;Treiber für Microsoft-ACPI-Kontrollmethodenkompatible Batterie; C:\Windows\system32\DRIVERS\CmBatt.sys [2008-01-21 14208]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2008-04-17 2098904]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver; C:\Windows\system32\drivers\nvhda32v.sys [2008-08-05 44576]
R3 nvlddmkm;nvlddmkm; C:\Windows\system32\DRIVERS\nvlddmkm.sys [2008-07-26 7548000]
R3 RimVSerPort;RIM Virtual Serial Port v2; C:\Windows\system32\DRIVERS\RimSerial.sys [2007-01-18 26496]
R3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\Windows\System32\Drivers\RootMdm.sys [2008-01-21 8192]
R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys [2007-10-26 193456]
R3 VMC302;Vimicro Camera Service VMC302; C:\Windows\System32\Drivers\VMC302.sys [2008-06-05 242048]
R3 yukonwlh;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller; C:\Windows\system32\DRIVERS\yk60x86.sys [2007-12-28 298496]
S3 AgereSoftModem;Agere Systems Soft Modem; C:\Windows\system32\DRIVERS\AGRSM.sys [2006-11-28 1161888]
S3 aikc3eff;aikc3eff; C:\Windows\system32\drivers\aikc3eff.sys []
S3 bcm4sbxp;Broadcom 440x 10/100 Integrated Controller XP Driver; C:\Windows\system32\DRIVERS\bcm4sbxp.sys [2006-11-02 45056]
S3 BthEnum;Bluetooth-Anforderungsblocktreiber; C:\Windows\system32\DRIVERS\BthEnum.sys [2008-01-21 19456]
S3 BthPan;Bluetooth-Gerät (PAN); C:\Windows\system32\DRIVERS\bthpan.sys [2008-01-21 92160]
S3 BTHPORT;Bluetooth-Porttreiber; C:\Windows\System32\Drivers\BTHport.sys [2008-04-29 220160]
S3 BTHUSB;USB-Treiber für Bluetooth-Funkgerät; C:\Windows\System32\Drivers\BTHUSB.sys [2008-04-29 29184]
S3 btwaudio;Bluetooth-Audiogerät; C:\Windows\system32\drivers\btwaudio.sys [2008-02-14 80424]
S3 btwavdt;Bluetooth AVDT; C:\Windows\system32\drivers\btwavdt.sys [2007-07-16 80936]
S3 btwrchid;btwrchid; C:\Windows\system32\DRIVERS\btwrchid.sys [2007-07-16 16168]
S3 drmkaud;Microsoft Kernel-DRM-Audioentschlüsselung; C:\Windows\system32\drivers\drmkaud.sys [2008-01-21 5632]
S3 HdAudAddService;Microsoft 1.1 UAA-Funktionstreiber für High Definition Audio-Dienst; C:\Windows\system32\drivers\HdAudio.sys [2006-11-02 235520]
S3 ialm;ialm; C:\Windows\system32\DRIVERS\igdkmd32.sys [2006-10-19 1380864]
S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-21 8192]
S3 MSPCLOCK;Microsoft Proxy für Streaming Clock; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-21 5888]
S3 MSPQM;Microsoft Proxy für Streaming Quality Manager; C:\Windows\system32\drivers\MSPQM.sys [2008-01-21 5504]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink-Konvertierung; C:\Windows\system32\drivers\MSTEE.sys [2008-01-21 6016]
S3 NETw3v32;Intel(R) PRO/Wireless 3945ABG Adapter Driver for Windows Vista 32 Bit; C:\Windows\system32\DRIVERS\NETw3v32.sys [2008-01-21 2225664]
S3 nmwcd;Nokia USB Phone Parent; C:\Windows\system32\drivers\ccdcmb.sys [2009-02-09 17664]
S3 nmwcdc;Nokia USB Generic; C:\Windows\system32\drivers\ccdcmbo.sys [2009-02-09 22016]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent; C:\Windows\system32\drivers\nmwcdnsu.sys [2009-03-19 136704]
S3 nmwcdnsuc;Nokia USB Flashing Generic; C:\Windows\system32\drivers\nmwcdnsuc.sys [2009-03-19 8320]
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\Windows\system32\DRIVERS\pccsmcfd.sys [2008-08-26 18816]
S3 RFCOMM;Bluetooth-Gerät (RFCOMM-Protokoll-TDI); C:\Windows\system32\DRIVERS\rfcomm.sys [2008-02-21 50688]
S3 upperdev;upperdev; C:\Windows\system32\DRIVERS\usbser_lowerflt.sys [2009-02-09 7808]
S3 usbser;USB Modem Driver; C:\Windows\system32\drivers\usbser.sys [2008-01-21 28160]
S3 UsbserFilt;UsbserFilt; C:\Windows\system32\DRIVERS\usbser_lowerfltj.sys [2009-02-09 7808]
S3 usbvideo;USB-Videogerät (WDM); C:\Windows\System32\Drivers\usbvideo.sys [2008-01-21 134016]
S3 VMC326;Vimicro Camera Service VMC326; C:\Windows\System32\Drivers\VMC326.sys []
S3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys [2008-01-21 39936]
S3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-21 83328]
S4 ErrDev;Microsoft Hardware Error Device Driver; C:\Windows\system32\drivers\errdev.sys [2008-01-21 6656]
S4 MegaSR;MegaSR; C:\Windows\system32\drivers\megasr.sys [2008-01-21 386616]
S4 sdbus;sdbus; C:\Windows\system32\DRIVERS\sdbus.sys [2008-01-21 88576]
S4 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\drivers\wmiacpi.sys [2008-01-21 11264]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AntiVirSchedulerService;Avira AntiVir Planer; D:\Avira\AntiVir Desktop\sched.exe [2009-06-09 108289]
R2 AntiVirService;Avira AntiVir Guard; D:\Avira\AntiVir Desktop\avguard.exe [2009-08-09 185089]
R2 Application Updater;Application Updater; C:\Program Files\Application Updater\ApplicationUpdater.exe [2010-01-08 380928]
R2 Bonjour Service;##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762##; C:\Program Files\Bonjour\mDNSResponder.exe [2006-02-28 229376]
R2 BthServ;@%SystemRoot%\System32\bthserv.dll,-101; C:\Windows\system32\svchost.exe [2008-01-21 21504]
R2 EvtEng;Intel® PROSet/Wireless Event Log; C:\Program Files\Intel\WiFi\bin\EvtEng.exe [2008-07-10 819200]
R2 ICQ Service;ICQ Service; C:\Program Files\ICQ6Toolbar\ICQ Service.exe [2008-10-19 222456]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service; C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe [2010-03-01 1029456]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2008-03-17 73728]
R2 Nero BackItUp Scheduler 3;Nero BackItUp Scheduler 3; D:\Nero\Nero8\Nero BackItUp\NBService.exe [2008-06-08 877864]
R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2008-07-26 196608]
R2 PLFlash DeviceIoControl Service;PLFlash DeviceIoControl Service; C:\Windows\system32\IoctlSvc.exe [2006-12-19 81920]
R2 RegSrvc;Intel® PROSet/Wireless Registry Service; C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe [2008-07-10 466944]
R2 RichVideo;Cyberlink RichVideo Service(CRVS); C:\Program Files\CyberLink\Shared Files\RichVideo.exe [2006-12-19 272024]
R3 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe [2008-06-24 537896]
R3 ServiceLayer;ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2009-06-02 637952]
S2 Roxio Upnp Server 9;Roxio Upnp Server 9; C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe [2007-12-07 362992]
S2 RoxLiveShare9;LiveShare P2P Server 9; C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe [2008-06-08 313840]
S2 RoxWatch9;Roxio Hard Drive Watcher 9; C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe [2008-06-08 170480]
S2 Samsung Update Plus;Samsung Update Plus; C:\Program Files\Samsung\Samsung Update Plus\SLUBackgroundService.exe [2008-05-13 77480]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2009-03-13 654848]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 Roxio UPnP Renderer 9;Roxio UPnP Renderer 9; C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe [2007-12-07 88560]
S3 RoxMediaDB9;RoxMediaDB9; C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe [2008-06-08 1108464]
S3 SQLWriter;SQL Server VSS Writer; C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe [2006-04-14 87840]

-----------------EOF-----------------

--- --- ---

info.txt:

info.txtRSIT Logfile:

Code:

ATTFilter

logfile of random's system information tool 1.06 2010-06-20 09:51:35

======Uninstall list======

-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
-->C:\Windows\UNNeroBackItUp.exe /UNINSTALL
-->C:\Windows\UNNeroMediaHome.exe /UNINSTALL
-->C:\Windows\UNNeroShowTime.exe /UNINSTALL
-->C:\Windows\UNNeroVision.exe /UNINSTALL
-->C:\Windows\UNRecode.exe /UNINSTALL
-->D:\Nero\Nero8\\nero\uninstall\UNNERO.exe /UNINSTALL
-->MsiExec.exe /I{48A669A9-76FA-4CA8-BFD5-00C125AC4166}
Ad-Aware-->"C:\ProgramData\{83C91755-2546-441D-AC40-9A6B4B860800}\Ad-AwareAE.exe" REMOVE=TRUE MODIFY=FALSE
Ad-Aware-->C:\ProgramData\{83C91755-2546-441D-AC40-9A6B4B860800}\Ad-AwareAE.exe
Adobe Anchor Service CS3-->MsiExec.exe /I{90176341-0A8B-4CCC-A78D-F862228A6B95}
Adobe Asset Services CS3-->MsiExec.exe /I{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}
Adobe Bridge CS3-->MsiExec.exe /I{9C9824D9-9000-4373-A6A5-D0E5D4831394}
Adobe Bridge Start Meeting-->MsiExec.exe /I{08B32819-6EEF-4057-AEDA-5AB681A36A23}
Adobe Camera Raw 4.0-->MsiExec.exe /I{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}
Adobe CMaps-->MsiExec.exe /I{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}
Adobe Color - Photoshop Specific-->MsiExec.exe /I{A2D81E70-2A98-4A08-A628-94388B063C5E}
Adobe Color Common Settings-->MsiExec.exe /I{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}
Adobe Color EU Recommended Settings-->MsiExec.exe /I{73B5D990-04EA-4751-B10F-5534770B91F2}
Adobe Color JA Extra Settings-->MsiExec.exe /I{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}
Adobe Color NA Extra Settings-->MsiExec.exe /I{FF29A7E2-FF40-4D07-B7E4-2093DE59E10A}
Adobe Default Language CS3-->MsiExec.exe /I{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}
Adobe Device Central CS3-->MsiExec.exe /I{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}
Adobe ExtendScript Toolkit 2-->MsiExec.exe /I{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}
Adobe Flash Player 10 Plugin-->C:\Windows\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Flash Player ActiveX-->C:\Windows\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Fonts All-->MsiExec.exe /I{6ABE0BEE-D572-4FE8-B434-9E72A289431B}
Adobe Help Viewer CS3-->MsiExec.exe /I{04AF207D-9A77-465A-8B76-991F6AB66245}
Adobe Linguistics CS3-->MsiExec.exe /I{54793AA1-5001-42F4-ABB6-C364617C6078}
Adobe PDF Library Files-->MsiExec.exe /I{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}
Adobe Photoshop CS3-->C:\Program Files\Common Files\Adobe\Installers\5f143314a5d434c8511097393d17397\Setup.exe
Adobe Photoshop CS3-->MsiExec.exe /I{29F05234-DCBB-4FE0-88DC-5160C9250312}
Adobe Reader 8.1.2 - Deutsch-->MsiExec.exe /I{AC76BA86-7AD7-1031-7B44-A81200000003}
Adobe Setup-->MsiExec.exe /I{F01F79AD-1F47-4685-AE4E-CCFA4EA9FF7C}
Adobe Stock Photos CS3-->MsiExec.exe /I{29E5EA97-5F74-4A57-B8B2-D4F169117183}
Adobe Type Support-->MsiExec.exe /I{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}
Adobe Update Manager CS3-->MsiExec.exe /I{E69AE897-9E0B-485C-8552-7841F48D42D8}
Adobe Version Cue CS3 Client-->MsiExec.exe /I{D0DFF92A-492E-4C40-B862-A74A173C25C5}
Adobe WinSoft Linguistics Plugin-->MsiExec.exe /I{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}
Adobe XMP Panels CS3-->MsiExec.exe /I{802771A9-A856-4A41-ACF7-1450E523C923}
Agere Systems HDA Modem-->agrsmdel
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
Atheros WLAN Client-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{04983D37-2202-4295-94A2-8B547C66133F}\setup.exe" -l0x9 
Avira AntiVir Personal - Free Antivirus-->D:\Avira\AntiVir Desktop\setup.exe /REMOVE
BlackBerry Desktop Software 4.6-->MsiExec.exe /I{14AD69CE-B59F-4EC2-BC3A-DB56105F3D62}
BlackBerry Desktop Software 4.6-->MsiExec.exe /i{14AD69CE-B59F-4EC2-BC3A-DB56105F3D62}
CCleaner-->"D:\CCleaner\uninst.exe"
Compatibility Pack für 2007 Office System-->MsiExec.exe /X{90120000-0020-0407-0000-0000000FF1CE}
Cool MP3 Splitter-->D:\COOLMP~1\UNWISE.EXE D:\COOLMP~1\INSTALL.LOG
Counter-Strike 1.6-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{13B792AA-C078-43A4-8A3A-8B12D629940D}\Setup.exe" -l0x19 
CyberLink DVD Suite-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}\setup.exe"  -uninstall
CyberLink Power2Go-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{40BF1E83-20EB-11D8-97C5-0009C5020658}\setup.exe"  -uninstall
dBpoweramp Music Converter-->"C:\Windows\system32\SpoonUninstall.exe" <uninstall>C:\Windows\system32\SpoonUninstall-dBpoweramp Music Converter.dat
Die Sims 2: Family Fun - Accessoires-->d:\EA GAMES\Die Sims 2 Family Fun - Accessoires\EAUninstall.exe
Die Sims 2: Open For Business-->d:\EA GAMES\Die Sims 2 Open For Business\EAUninstall.exe
Die Sims 2: Wilde Campus-Jahre-->d:\EA GAMES\Die Sims 2 Wilde Campus-Jahre\EAUninstall.exe
Die Sims 2-->d:\EA GAMES\Die Sims 2\EAUninstall.exe
Die Sims™ 2 H&M®-Fashion-Accessoires-->d:\EA GAMES\Die Sims 2 H&M®-Fashion-Accessoires\EAUninstall.exe
Die Sims™ 2 Küchen- und Bad-Einrichtungs-Accessoires-->d:\EA GAMES\Die Sims 2 Küchen- und Bad-Einrichtungs-Accessoires\EAUninstall.exe
Die Sims™ 2: Glamour-Accessoires-->d:\EA GAMES\Die Sims 2 Glamour-Accessoires\EAUninstall.exe
Die*Sims™*3-->"C:\Program Files\InstallShield Installation Information\{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}\Sims3Setup.exe" -runfromtemp -l0x0007 -removeonly
DivX-Setup-->C:\ProgramData\DivX\Setup\DivXSetup.exe /uninstall /bundleGroupId divx.com
Easy Battery Manager-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6F730513-8688-4C3C-90A3-6B9792CE2EF3}\setup.exe" -l0x9 Remove
Easy Display Manager-->"C:\Program Files\InstallShield Installation Information\{17283B95-21A8-4996-97DA-547A48DB266F}\setup.exe" -runfromtemp -l0x0009 -removeonly
Easy SpeedUp Manager-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EF367AA4-070B-493C-9575-85BE59D789C9}\setup.exe" -l0x9 Remove
FLV Player 2.0 (build 25)-->d:\FLV Player\uninst.exe
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall  /qb+ REBOOTPROMPT=""
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=""
ICQ Toolbar-->C:\Program Files\ICQ6Toolbar\ICQUnToolbar.exe
ICQ6.5-->"C:\Program Files\InstallShield Installation Information\{60DE4033-9503-48D1-A483-7846BD217CA9}\setup.exe" -runfromtemp -l0x0009 -removeonly
imagine digital freedom - Samsung-->MsiExec.exe /X{8E106A57-A17E-431D-B48F-175E42EB9F74}
Intel PROSet Wireless-->Intel PROSet Wireless
Intel® Matrix Storage Manager-->C:\Windows\system32\imsmudlg.exe -uninstall
Java(TM) 6 Update 20-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216013FF}
klickIdent 19-->"d:\klickIdent Herbst 2007\unins000.exe"
klickTel Telefon- und Branchenbuch Herbst 2007-->C:\Program Files\InstallShield Installation Information\{BB164546-0510-46A1-A8A0-A0C4749A4193}\Setup.exe -runfromtemp -l0x0007 -removeonly
LabelPrint-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C59C179C-668D-49A9-B6EA-0121CCFC1243}\setup.exe"  -uninstall
LightScribe System Software  1.12.37.1-->MsiExec.exe /X{004C5DA2-2051-4D25-94BA-51CF810C91EB}
MakeitOne - MP3AlbumMaker-->MsiExec.exe /I{DD6FA976-3F0A-4C6C-A30F-6E75DFC39DE9}
Malwarebytes' Anti-Malware-->"D:\Malwarebytes' Anti-Malware\unins000.exe"
MediaMonkey 3.0-->"d:\MediaMonkey\unins000.exe"
Microsoft .NET Framework 3.5 Language Pack SP1 - DEU-->C:\Windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 Language Pack SP1 - deu\setup.exe
Microsoft .NET Framework 3.5 Language Pack SP1 - deu-->MsiExec.exe /I{052FDD78-A6EA-3187-8386-C82F4CA3A929}
Microsoft .NET Framework 3.5 SP1-->C:\Windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft Office PowerPoint Viewer 2007 (German)-->MsiExec.exe /X{95120000-00AF-0407-0000-0000000FF1CE}
Microsoft Office Professional Edition 2003-->MsiExec.exe /I{90110407-6000-11D3-8CFE-0150048383C9}
Microsoft SOAP Toolkit 2.0 SP2-->MsiExec.exe /I{36BEAD11-8577-49AD-9250-E06A50AE87B0}
Microsoft SQL Server Native Client-->MsiExec.exe /I{547DCEC7-DD2A-47E9-82C7-5CF1EAB526DA}
Microsoft SQL Server VSS Writer-->MsiExec.exe /I{2DFB5485-A3EF-4298-9280-4AF80C9F4BE9}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17-->MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475}
Microsoft WSE 3.0 Runtime-->MsiExec.exe /X{E3E71D07-CD27-46CB-8448-16D4FB29AA13}
Mozilla Firefox (3.6.3)-->d:\Mozilla Firefox\uninstall\helper.exe
Mozilla Thunderbird (2.0.0.24)-->D:\Mozilla Thunderbird\uninstall\helper.exe
MSVC80_x86-->MsiExec.exe /I{212748BB-0DA5-46DE-82A1-403736DC9F27}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 4.0 SP2 (KB973688)-->MsiExec.exe /I{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}
Namuga 1.3M Webcam-->C:\Program Files\InstallShield Installation Information\{71A51B59-E7D3-11DB-A386-005056C00008}\setup.exe -runfromtemp -l0x0009 -removeonly
Nero 8-->MsiExec.exe /X{D6C9AF27-9414-46C8-B9D8-D878BA041031}
neroxml-->MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B}
Nokia Connectivity Cable Driver-->MsiExec.exe /I{52D02A2B-03D2-4E34-A358-DC5D951FD296}
Nokia PC Suite-->C:\ProgramData\Installations\{3D39E775-DDDA-4327-B747-0BDC5F191331}\Nokia_PC_Suite_7_1_30_9_ger.exe
Nokia PC Suite-->MsiExec.exe /I{3D39E775-DDDA-4327-B747-0BDC5F191331}
Nokia Software Updater-->MsiExec.exe /X{F983B4FE-547B-4C44-BAF7-4F4DBA93D548}
NVIDIA Drivers-->C:\Windows\system32\nvuninst.exe UninstallGUI
PC Connectivity Solution-->MsiExec.exe /I{0C973594-7DDF-4BD0-84ED-3517F7622037}
PDF Settings-->MsiExec.exe /I{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}
PDFCreator-->D:\PDFCreator\unins000.exe
pdfforge Toolbar v1.1.2-->MsiExec.exe /X{5791B7D3-8B34-4218-9750-6A8E45D0AD32}
PlayCamera-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{804F1285-8CBF-408D-8CDC-D4D40003B2E4}\setup.exe" -l0x7 
PowerDirector-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}\setup.exe"  -uninstall
PowerDVD-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\setup.exe"  -uninstall
PowerProducer-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B7A0CE06-068E-11D6-97FD-0050BACBF861}\setup.exe"  -uninstall
QuickTime-->MsiExec.exe /I{C78EAC6F-7A73-452E-8134-DBB2165C5A68}
RealPlayer-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
Realtek High Definition Audio Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\setup.exe"  -removeonly
Roxio Media Manager-->MsiExec.exe /X{F6377647-81AF-41C0-BC7E-06CF37E204AB}
Samsung Magic Doctor-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{32D6A58F-9659-446C-BBFC-E6F2B41F24DC}\Setup.exe" -l0x9 Remove
Samsung Recovery Solution III-->"C:\Program Files\InstallShield Installation Information\{145DE957-0679-4A2A-BB5C-1D3E9808FAB2}\setup.exe" -runfromtemp -l0x0007 -removeonly
Samsung Update Plus-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\10\INTEL3~1\IDriver.exe /M{685707A4-911C-468D-BFC4-64A50E5E3A0C} /l1031 
Skat 3000 SE-->"C:\Program Files\Skat 3000 Special Edition\unins000.exe"
Synaptics Pointing Device Driver-->rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
Unterstützungsdateien für das Microsoft SQL Server-Setup (Englisch)-->MsiExec.exe /X{07629207-FAA0-4F1A-8092-BF5085BE511F}
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT=""
User Guide-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BAE68339-B0F6-4D33-9554-5A3DB2DFF5DA}\setup.exe" -l0x9 Remove
VC80CRTRedist - 8.0.50727.4053-->MsiExec.exe /I{5EE7D259-D137-4438-9A5F-42F432EC0421}
Vimicro UVC Camera-->C:\Program Files\InstallShield Installation Information\{71A51B09-E7D3-11DB-A386-005056C00008}\setup.exe -runfromtemp -l0x0009 -removeonly
Visual C++ 2008 x86 Runtime - (v9.0.30729)-->MsiExec.exe /X{F333A33D-125C-32A2-8DCE-5C5D14231E27}
Visual C++ 2008 x86 Runtime - v9.0.30729.01-->C:\Windows\system32\msiexec.exe /x {F333A33D-125C-32A2-8DCE-5C5D14231E27} /qb+ REBOOTPROMPT=""
WIDCOMM Bluetooth Software 6.0.1.6300-->MsiExec.exe /X{03D1988F-469F-4843-8E6E-E5FE9D17889D}
Windows Media Player Firefox Plugin-->MsiExec.exe /I{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}
Windows-Treiberpaket - Nokia Modem  (06/01/2009 4.1)-->C:\PROGRA~1\DIFX\270581355A767BF1\dpinst.exe /u C:\Windows\System32\DriverStore\FileRepository\nokia_bluetooth.inf_44b2e2d6\nokia_bluetooth.inf
Windows-Treiberpaket - Nokia Modem  (06/01/2009 7.01.0.3)-->C:\PROGRA~1\DIFX\270581355A767BF1\dpinst.exe /u C:\Windows\System32\DriverStore\FileRepository\nokbtmdm.inf_34a3d799\nokbtmdm.inf
Windows-Treiberpaket - Nokia pccsmcfd  (08/22/2008 7.0.0.0)-->C:\PROGRA~1\DIFX\B4723E9A0713E5B1\dpinst.exe /u C:\Windows\system32\DRVSTORE\pccsmcfd_A3B3916E5D8138F59EE218321B27B044D3B18294\pccsmcfd.inf
WinRAR Archivierer-->D:\WinRAR\uninstall.exe

======Security center information======

AS: Lavasoft Ad-Watch Live! (disabled)
AS: Windows Defender

======System event log======

Computer Name: CarstenundJessi
Event Code: 7036
Message: Dienst "ServiceLayer" befindet sich jetzt im Status "Ausgeführt".
Record Number: 125575
Source Name: Service Control Manager
Time Written: 20100620074835.000000-000
Event Type: Informationen
User: 

Computer Name: CarstenundJessi
Event Code: 10029
Message: DCOM hat den Dienst NMIndexingService mit den Argumenten "" gestartet, um den Server auszuführen:
{E8933C4B-2C90-4A04-A677-E958D9509F1A}
Record Number: 125576
Source Name: Microsoft-Windows-DistributedCOM
Time Written: 20100620074913.000000-000
Event Type: Informationen
User: 

Computer Name: CarstenundJessi
Event Code: 7036
Message: Dienst "NMIndexingService" befindet sich jetzt im Status "Ausgeführt".
Record Number: 125577
Source Name: Service Control Manager
Time Written: 20100620074913.000000-000
Event Type: Informationen
User: 

Computer Name: CarstenundJessi
Event Code: 7036
Message: Dienst "Samsung Update Plus" befindet sich jetzt im Status "Beendet".
Record Number: 125578
Source Name: Service Control Manager
Time Written: 20100620074959.000000-000
Event Type: Informationen
User: 

Computer Name: CarstenundJessi
Event Code: 19
Message: Installation erfolgreich: Das folgende Update wurde installiert. Internet Explorer*8 für Windows Vista
Record Number: 125579
Source Name: Microsoft-Windows-WindowsUpdateClient
Time Written: 20100620075132.239708-000
Event Type: Informationen
User: NT-AUTORITÄT\SYSTEM

=====Application event log=====

Computer Name: CarstenundJessi
Event Code: 1000
Message: Fehlerhafte Anwendung NMIndexStoreSvr.exe, Version 3.3.8.0, Zeitstempel 0x4860cce5, fehlerhaftes Modul unknown, Version 0.0.0.0, Zeitstempel 0x00000000, Ausnahmecode 0xc0000005, Fehleroffset 0x02020202, Prozess-ID 0xc34, Anwendungsstartzeit 01cb104cd7cb6cab.
Record Number: 26863
Source Name: Application Error
Time Written: 20100620074745.000000-000
Event Type: Fehler
User: 

Computer Name: CarstenundJessi
Event Code: 1
Message: Der Windows-Sicherheitscenterdienst wurde gestartet.
Record Number: 26864
Source Name: SecurityCenter
Time Written: 20100620074821.000000-000
Event Type: Informationen
User: 

Computer Name: CarstenundJessi
Event Code: 0
Message: 
Record Number: 26865
Source Name: ServiceLayer
Time Written: 20100620074835.000000-000
Event Type: Informationen
User: 

Computer Name: CarstenundJessi
Event Code: 0
Message: 
Record Number: 26866
Source Name: NMIndexingService
Time Written: 20100620074913.000000-000
Event Type: Informationen
User: 

Computer Name: CarstenundJessi
Event Code: 5
Message: Unsupported service control request (see data below)
Record Number: 26867
Source Name: LightScribeService
Time Written: 20100620075135.000000-000
Event Type: Informationen
User: 

=====Security event log=====

Computer Name: CarstenundJessi
Event Code: 4672
Message: Einer neuen Anmeldung wurden besondere Rechte zugewiesen.

Antragsteller:
	Sicherheits-ID:		S-1-5-18
	Kontoname:		SYSTEM
	Kontodomäne:		NT-AUTORITÄT
	Anmelde-ID:		0x3e7

Berechtigungen:		SeAssignPrimaryTokenPrivilege
			SeTcbPrivilege
			SeSecurityPrivilege
			SeTakeOwnershipPrivilege
			SeLoadDriverPrivilege
			SeBackupPrivilege
			SeRestorePrivilege
			SeDebugPrivilege
			SeAuditPrivilege
			SeSystemEnvironmentPrivilege
			SeImpersonatePrivilege
Record Number: 37216
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20100620074455.499508-000
Event Type: Überwachung erfolgreich
User: 

Computer Name: CarstenundJessi
Event Code: 4648
Message: Anmeldeversuch mit expliziten Anmeldeinformationen.

Antragsteller:
	Sicherheits-ID:		S-1-5-18
	Kontoname:		CARSTENUNDJESSI$
	Kontodomäne:		WORKGROUP
	Anmelde-ID:		0x3e7
	Anmelde-GUID:		{00000000-0000-0000-0000-000000000000}

Konto, dessen Anmeldeinformationen verwendet wurden:
	Kontoname:		Carsten u. Jessi
	Kontodomäne:		CarstenundJessi
	Anmelde-GUID:		{00000000-0000-0000-0000-000000000000}

Zielserver:
	Zielservername:	localhost
	Weitere Informationen:	localhost

Prozessinformationen:
	Prozess-ID:		0x348
	Prozessname:		C:\Windows\System32\winlogon.exe

Netzwerkinformationen:
	Netzwerkadresse:	127.0.0.1
	Port:			0

Dieses Ereignis wird bei einem Anmeldeversuch durch einen Prozess generiert, wenn ausdrücklich die Anmeldeinformationen des Kontos angegeben werden.  Dies ist normalerweise der Fall in Batch-Konfigurationen, z. B. bei geplanten Aufgaben oder wenn der Befehl "runas" verwendet wird.
Record Number: 37217
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20100620074711.531508-000
Event Type: Überwachung erfolgreich
User: 

Computer Name: CarstenundJessi
Event Code: 4624
Message: Ein Konto wurde erfolgreich angemeldet.

Antragsteller:
	Sicherheits-ID:		S-1-5-18
	Kontoname:		CARSTENUNDJESSI$
	Kontodomäne:		WORKGROUP
	Anmelde-ID:		0x3e7

Anmeldetyp:			2

Neue Anmeldung:
	Sicherheits-ID:		S-1-5-21-3239597559-325673224-2856335568-1003
	Kontoname:		Carsten u. Jessi
	Kontodomäne:		CarstenundJessi
	Anmelde-ID:		0x749e2
	Anmelde-GUID:		{00000000-0000-0000-0000-000000000000}

Prozessinformationen:
	Prozess-ID:		0x348
	Prozessname:		C:\Windows\System32\winlogon.exe

Netzwerkinformationen:
	Arbeitsstationsname:	CARSTENUNDJESSI
	Quellnetzwerkadresse:	127.0.0.1
	Quellport:		0

Detaillierte Authentifizierungsinformationen:
	Anmeldeprozess:		User32 
	Authentifizierungspaket:	Negotiate
	Übertragene Dienste:	-
	Paketname (nur NTLM):	-
	Schlüssellänge:		0

Dieses Ereignis wird beim Erstellen einer Anmeldesitzung generiert. Es wird auf dem Computer generiert, auf den zugegriffen wurde.

Die Antragstellerfelder geben das Konto auf dem lokalen System an, von dem die Anmeldung angefordert wurde. Dies ist meistens ein Dienst wie der Serverdienst oder ein lokaler Prozess wie "Winlogon.exe" oder "Services.exe".

Das Anmeldetypfeld gibt den jeweiligen Anmeldetyp an. Die häufigsten Typen sind 2 (interaktiv) und 3 (Netzwerk).

Die Felder für die neue Anmeldung geben das Konto an, für das die Anmeldung erstellt wurde, d. h. das angemeldete Konto.

Die Netzwerkfelder geben die Quelle einer Remoteanmeldeanforderung an. der Arbeitsstationsname ist nicht immer verfügbar und kann in manchen Fällen leer bleiben.

Die Felder für die Authentifizierungsinformationen enthalten detaillierte Informationen zu dieser speziellen Anmeldeanforderung.
	 - Die Anmelde-GUID ist ein eindeutiger Bezeichner, der verwendet werden kann, um dieses Ereignis mit einem KDC-Ereignis zu korrelieren.
	- Die übertragenen Dienste geben an, welche Zwischendienste an der Anmeldeanforderung beteiligt waren.
	- Der Paketname gibt das in den NTLM-Protokollen verwendete Unterprotokoll an.
	- Die Schlüssellänge gibt die Länge des generierten Sitzungsschlüssels an. Wenn kein Sitzungsschlüssel angefordert wurde, ist dieser Wert 0.
Record Number: 37218
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20100620074711.531508-000
Event Type: Überwachung erfolgreich
User: 

Computer Name: CarstenundJessi
Event Code: 4624
Message: Ein Konto wurde erfolgreich angemeldet.

Antragsteller:
	Sicherheits-ID:		S-1-5-18
	Kontoname:		CARSTENUNDJESSI$
	Kontodomäne:		WORKGROUP
	Anmelde-ID:		0x3e7

Anmeldetyp:			2

Neue Anmeldung:
	Sicherheits-ID:		S-1-5-21-3239597559-325673224-2856335568-1003
	Kontoname:		Carsten u. Jessi
	Kontodomäne:		CarstenundJessi
	Anmelde-ID:		0x74a0a
	Anmelde-GUID:		{00000000-0000-0000-0000-000000000000}

Prozessinformationen:
	Prozess-ID:		0x348
	Prozessname:		C:\Windows\System32\winlogon.exe

Netzwerkinformationen:
	Arbeitsstationsname:	CARSTENUNDJESSI
	Quellnetzwerkadresse:	127.0.0.1
	Quellport:		0

Detaillierte Authentifizierungsinformationen:
	Anmeldeprozess:		User32 
	Authentifizierungspaket:	Negotiate
	Übertragene Dienste:	-
	Paketname (nur NTLM):	-
	Schlüssellänge:		0

Dieses Ereignis wird beim Erstellen einer Anmeldesitzung generiert. Es wird auf dem Computer generiert, auf den zugegriffen wurde.

Die Antragstellerfelder geben das Konto auf dem lokalen System an, von dem die Anmeldung angefordert wurde. Dies ist meistens ein Dienst wie der Serverdienst oder ein lokaler Prozess wie "Winlogon.exe" oder "Services.exe".

Das Anmeldetypfeld gibt den jeweiligen Anmeldetyp an. Die häufigsten Typen sind 2 (interaktiv) und 3 (Netzwerk).

Die Felder für die neue Anmeldung geben das Konto an, für das die Anmeldung erstellt wurde, d. h. das angemeldete Konto.

Die Netzwerkfelder geben die Quelle einer Remoteanmeldeanforderung an. der Arbeitsstationsname ist nicht immer verfügbar und kann in manchen Fällen leer bleiben.

Die Felder für die Authentifizierungsinformationen enthalten detaillierte Informationen zu dieser speziellen Anmeldeanforderung.
	 - Die Anmelde-GUID ist ein eindeutiger Bezeichner, der verwendet werden kann, um dieses Ereignis mit einem KDC-Ereignis zu korrelieren.
	- Die übertragenen Dienste geben an, welche Zwischendienste an der Anmeldeanforderung beteiligt waren.
	- Der Paketname gibt das in den NTLM-Protokollen verwendete Unterprotokoll an.
	- Die Schlüssellänge gibt die Länge des generierten Sitzungsschlüssels an. Wenn kein Sitzungsschlüssel angefordert wurde, ist dieser Wert 0.
Record Number: 37219
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20100620074711.531508-000
Event Type: Überwachung erfolgreich
User: 

Computer Name: CarstenundJessi
Event Code: 4672
Message: Einer neuen Anmeldung wurden besondere Rechte zugewiesen.

Antragsteller:
	Sicherheits-ID:		S-1-5-21-3239597559-325673224-2856335568-1003
	Kontoname:		Carsten u. Jessi
	Kontodomäne:		CarstenundJessi
	Anmelde-ID:		0x749e2

Berechtigungen:		SeSecurityPrivilege
			SeTakeOwnershipPrivilege
			SeLoadDriverPrivilege
			SeBackupPrivilege
			SeRestorePrivilege
			SeDebugPrivilege
			SeSystemEnvironmentPrivilege
			SeImpersonatePrivilege
Record Number: 37220
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20100620074711.531508-000
Event Type: Überwachung erfolgreich
User: 

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"Path"=C:\Program Files\PC Connectivity Solution\;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\Intel\WiFi\bin\;D:\QuickTime\QTSystem\;C:\Program Files\Common Files\Roxio Shared\DLLShared\;C:\Program Files\Common Files\Roxio Shared\DLLShared\;C:\Program Files\Common Files\Roxio Shared\9.0\DLLShared\
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
"PROCESSOR_ARCHITECTURE"=x86
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"USERNAME"=SYSTEM
"windir"=%SystemRoot%
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 15 Stepping 13, GenuineIntel
"PROCESSOR_REVISION"=0f0d
"NUMBER_OF_PROCESSORS"=2
"TRACE_FORMAT_SEARCH_PATH"=\\NTREL202.ntdev.corp.microsoft.com\4F18C3A5-CA09-4DBD-B6FC-219FDD4C6BE0\TraceFormat
"DFSTRACINGON"=FALSE
"CLASSPATH"=.;C:\Program Files\Java\jre6\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre6\lib\ext\QTJava.zip

-----------------EOF-----------------

--- --- ---

MalwareHero · 20.06.2010, 12:00

Zitat:

Zitat von castol

Hallo...

Ich habe das Programm AV Security von meinem Rechner entfernt und es wurde geraten die Logfiles zur Überprüfung hier einzustellen... Wäre nett, wenn ihr mal drüberschaut. Vielen Dank!

Hallo,

deinstalliere:

Adobe Reader (veraltert)
Adbe Flash Player
C:\Program Files\pdfforge (Adware)

Danach öffne HijackThis mache ein Scan und fixe die Einträge: (Kästchen vor den Einträgen ankreuzen und auf "fix checked" klicken)

Zitat:

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:5555
R3 - URLSearchHook: (no name) - - (no file)
R3 - URLSearchHook: (no name) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\pdfforge Toolbar\SearchSettings.dll
O2 - BHO: (no name) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\pdfforge Toolbar\SearchSettings.dll
O3 - Toolbar: pdfforge Toolbar - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files\pdfforge Toolbar\IE\1.1.2\pdfforgeToolbarIE.dll
O4 - HKLM\..\Run: [SearchSettings] C:\Program Files\pdfforge Toolbar\SearchSettings.exe

Proxy deaktivieren: In "Internetoptionen gehe auf Verbindungen und entferne da den Haken vor "Proxy" und kreuze den vor "automatische Suche der Einst..." an.

> Hast du Malwarebyte scannen lassen? Poste mal das log.

> Mach auch ein Online Scan mit ESET oder Panda:
ESET Online Scanner - ESET Antivirus Software
FREE ANTIVIRUS Online - Download ActiveScan 2.0 and clean your PC - PANDA SECURITY

*****************

Hausdoc · 20.06.2010, 12:55

Hallo Carsten,

du solltest dein System gründlicher aufräumen.

Enferne erst mal alle Toolbars.

Danach läßt du mal den
CC Cleaner
drüberlaufen. Verwaiste Einträge löschen.

Dann solltest du deine Software aktualisieren.
Das geht damit recht schön

castol · 20.06.2010, 12:58

Hier das log:

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Datenbank Version: 4052

Windows 6.0.6001 Service Pack 1 (Safe Mode)
Internet Explorer 7.0.6001.18000

19.06.2010 19:04:29
mbam-log-2010-06-19 (19-04-29).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|)
Durchsuchte Objekte: 304593
Laufzeit: 43 Minute(n), 51 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 2
Infizierte Registrierungswerte: 1
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 1

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
HKEY_CURRENT_USER\Software\avsuite (Rogue.AntivirusSuite) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\avsoft (Trojan.Fraudpack) -> Quarantined and deleted successfully.

Infizierte Registrierungswerte:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\htqwwdxe (Rogue.AntivirusSuite.Gen) -> Quarantined and deleted successfully.

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
C:\Users\Carsten u. Jessi\AppData\Local\nrbikqvak\tpjklprtssd.exe (Rogue.AntivirusSuite.Gen) -> Quarantined and deleted successfully.

MalwareHero · 20.06.2010, 13:06

Zitat:

Zitat von castol

Hier das log:

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Datenbank Version: 4052

Ok:

UPDATE Malwarebytes vor dem Scan! Das hast du gestern nicht gemacht!
Mache dann einen neuen "schnellen Scan" und poste das Log.

Hast du den Proxy deaktiviert?

Führe auch den Online Scan durch und poste das Log.

*****************
Mit den Updates und dem CCleaner von "hausdoci" warte mal bis wir sicher sind das dein System sauber/virenfrei ist

castol · 20.06.2010, 13:32

OK...

Proxy ist deaktiviert, der ESET Scanner läuft noch und hier das neue log:

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Datenbank Version: 4217

Windows 6.0.6001 Service Pack 1
Internet Explorer 8.0.6001.18928

20.06.2010 14:30:38
mbam-log-2010-06-20 (14-30-38).txt

Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 140277
Laufzeit: 12 Minute(n), 57 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 3

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
C:\Users\Carsten u. Jessi\AppData\Local\Temp\eswcmaornx.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Users\Carsten u. Jessi\AppData\Local\Temp\rropyvnl.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Users\Carsten u. Jessi\AppData\Local\Temp\jgmkw.exe (Malware.Gen) -> Quarantined and deleted successfully.

MalwareHero · 20.06.2010, 13:44

Zitat:

Zitat von castol

C:\Users\Carsten u. Jessi\AppData\Local\Temp\eswcmaornx.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Users\Carsten u. Jessi\AppData\Local\Temp\rropyvnl.exe (Trojan.Dropper) -> Quarantined and deleted successfully.

Der PC ist NICHT sauber. Diese Malware lädt andere Malware vom Netz runter.
Hier müssen wir gründlich ran.

Kennst du das:

Zitat:

C:\Windows\system32\drivers\aikc3eff.sys

(Kann von bestimmten Malwareanalyse tools stammen)

Sonst hier überprüfen: VirusTotal - Kostenloser online Viren- und Malwarescanner und log posten.

*************************

castol · 20.06.2010, 13:52

Die Datei aikc3eff.sys finde ich auf meinem Rechner nicht...

MalwareHero · 20.06.2010, 13:59

Zitat:

Zitat von castol

Die Datei aikc3eff.sys finde ich auf meinem Rechner nicht...

Füge den Dateipfad mal direkt bei Virus Total rein> Durchsuchen- und dann einfügen bei "Dateiname".

Rootkitscan:
Lade dir RootRepeal runter:

http://download.bleepingcomputer.com...RootRepeal.exe

mit rechtem mausklick als administrator öffnen/ausführen. Im Scanfenster suche unten in der Leiste Report klicke da drauf. > klicke Scan> alle Kästchen vor den scanalternativen anhaken, ok klicken> alle Festplatenkästchen anhaken> klicke ok. Der Scan startet, nach dem Scan kommt das Log hoch. Poste es hier.

************************

castol · 20.06.2010, 14:29

Die Datei ist nicht bekannt...

Hier das Log:

Code:

ATTFilter

ROOTREPEAL (c) AD, 2007-2009
==================================================
Scan Start Time:		2010/06/20 15:03
Program Version:		Version 1.3.5.0
Windows Version:		Windows Vista SP1
==================================================

Drivers
-------------------
Name: dump_iaStor.sys
Image Path: C:\Windows\System32\Drivers\dump_iaStor.sys
Address: 0x8A9CF000	Size: 851968	File Visible: No	Signed: -
Status: -

Name: rootrepeal.sys
Image Path: C:\Windows\system32\drivers\rootrepeal.sys
Address: 0xAD85A000	Size: 49152	File Visible: No	Signed: -
Status: -

Name: spjw.sys
Image Path: C:\Windows\System32\Drivers\spjw.sys
Address: 0x8A239000	Size: 1048576	File Visible: No	Signed: -
Status: -

Name: sptd
Image Path: \Driver\sptd
Address: 0x00000000	Size: 0	File Visible: No	Signed: -
Status: -

Hidden/Locked Files
-------------------
Path: C:\hiberfil.sys
Status: Locked to the Windows API!

Path: C:\RootRepeal report 06-20-10 (15-03-33).txt
Status: Visible to the Windows API, but not on disk.

Path: C:\System Volume Information\{185d5985-7a93-11df-9c8a-001377d123f7}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{847f21f1-7c3f-11df-96ac-001377d123f7}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{847f21f7-7c3f-11df-96ac-001377d123f7}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{847f2226-7c3f-11df-96ac-001377d123f7}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{8abd6d85-7c3c-11df-9e7c-001377d123f7}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{c48118e3-79cc-11df-a07b-001377d123f7}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{e971e118-7b81-11df-a13e-001377d123f7}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\Windows\Media\WINDOW~1.WAV
Status: Locked to the Windows API!

Path: C:\Windows\Media\WINDOW~2.WAV
Status: Locked to the Windows API!

Path: C:\Windows\Media\WINDOW~4.WAV
Status: Locked to the Windows API!

Path: C:\Windows\System32\wbem\WGXINS~1.MOF
Status: Locked to the Windows API!

Path: C:\Windows\inf\.NET CLR Data\_DATAP~1.H
Status: Locked to the Windows API!

Path: C:\Windows\inf\.NET Data Provider for SqlServer\_DATAP~2.H
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.msxml2_6bd6b9abf345378f_4.20.9870.0_none_b7e00e6c7b30b69b.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.atl_1fc8b3b9a1e18e3b_8.0.50727.762_none_11ecb0ab9b2caf3c.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.21022.8_none_bcb86ed6ac711f91.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.msxml2r_6bd6b9abf345378f_4.1.0.0_none_3658456fda6654f6.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.762_none_0c178a139ee2a7ed.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.mfcloc_1fc8b3b9a1e18e3b_8.0.50727.42_none_58843c41d2730d3f.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.openmp_1fc8b3b9a1e18e3b_8.0.50727.762_none_7b33aa7d218504d2.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.mfcloc_1fc8b3b9a1e18e3b_8.0.50727.42_none_0e9c2a8d74fd3ce6.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.4.20.microsoft.msxml2_6bd6b9abf345378f_4.20.9876.0_none_a6e4a7980e9b18a2.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.9.0.microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.21022.8_none_60a5df56e60dc5df.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.openmp_1fc8b3b9a1e18e3b_8.0.50727.762_none_abac38a907ee8801.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc90.openmp_1fc8b3b9a1e18e3b_9.0.21022.8_none_ecdf8c290e547f39.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.762_none_10b2f55f9bffb8f8.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.9.0.microsoft.vc90.debugmfc_1fc8b3b9a1e18e3b_9.0.30729.1_none_5c94f2bbe7d4aaf6.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30304.0_none_d9c474bda3593bfa.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.42_none_54c11df268b7c6d9.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4053_none_d08d7da0442a985d.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.42_none_d6c3e7af9bae13a2.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.9.0.microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30304.0_none_7db1e53ddcf5e248.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.9.0.microsoft.vc90.mfc_1fc8b3b9a1e18e3b_9.0.30729.1_none_7dd1e0ebd6590e0b.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4053_none_516e2e610f48bda6.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.9.0.microsoft.vc90.debugcrt_1fc8b3b9a1e18e3b_9.0.30729.1_none_61305e07e4f1bc01.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.9.0.microsoft.vc90.mfcloc_1fc8b3b9a1e18e3b_9.0.30729.1_none_818f59bf601aa775.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc90.atl_1fc8b3b9a1e18e3b_9.0.30729.1_none_e29d1181971ae11e.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.163_none_10b3ea459bfee365.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.9.0.microsoft.vc90.atl_1fc8b3b9a1e18e3b_9.0.30729.1_none_81c25f21d3d46d84.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.4.20.microsoft.msxml2_6bd6b9abf345378f_4.20.9870.0_none_a6dea5dc0ea08098.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.atl_1fc8b3b9a1e18e3b_8.0.50727.42_none_dc990e4797f81af1.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.msxml2r_6bd6b9abf345378f_4.1.1.0_none_365945b9da656e4d.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc90.debugmfc_1fc8b3b9a1e18e3b_9.0.30729.1_none_bfff6c932d60651e.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.mfcloc_1fc8b3b9a1e18e3b_8.0.50727.762_none_8dd7dea5d5a7a18a.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.1_none_e163563597edeada.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.42_none_5c4003bc63e949f6.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc90.mfcloc_1fc8b3b9a1e18e3b_9.0.30729.1_none_da4695fc507e16e1.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.4.1.microsoft.msxml2r_6bd6b9abf345378f_4.1.1.0_none_8b7b15c031cda6db.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.msxml2_6bd6b9abf345378f_4.20.9876.0_none_b7e610287b2b4ea5.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.9.0.microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.1_none_8550c6b5d18a9128.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc90.mfc_1fc8b3b9a1e18e3b_9.0.30729.1_none_dcc7eae99ad0d9cf.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.atl_1fc8b3b9a1e18e3b_8.0.50727.42_none_58b19c2866332652.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.atl_1fc8b3b9a1e18e3b_8.0.50727.762_none_8e053e8c6967ba9d.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.9.0.microsoft.vc90.openmp_1fc8b3b9a1e18e3b_9.0.21022.8_none_7ab8cc63a6e4c2a3.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.163_none_91949b06671d08ae.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc90.debugcrt_1fc8b3b9a1e18e3b_9.0.30729.1_none_bb1f6aa1308c35eb.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.762_none_8a14c0566bec5b24.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.42_none_db5f52fb98cb24ad.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.mfcloc_1fc8b3b9a1e18e3b_8.0.50727.762_none_43efccf17831d131.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.msxml2_6bd6b9abf345378f_4.20.9818.0_none_b7e811947b297f6d.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.762_none_9193a620671dde41.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\msil_system.web.resources_b03f5f7f11d50a3a_6.0.6000.16720_de-de_52c9015e7ac59408\SYSTEM~1.DLL
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\msil_system.web.resources_b03f5f7f11d50a3a_6.0.6000.20883_de-de_3c0118029467d8fb\SYSTEM~1.DLL
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-gameexplorer_31bf3856ad364e35_6.0.6000.16651_none_3fe50116c43e1596\WGXINS~1.MOF
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-gameexplorer_31bf3856ad364e35_6.0.6000.16772_none_3fd0636ec44d63f6\WGXINS~1.MOF
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-gameexplorer_31bf3856ad364e35_6.0.6000.16917_none_40164834c4183551\WGXINS~1.MOF
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-gameexplorer_31bf3856ad364e35_6.0.6000.20788_none_40553023dd6dba94\WGXINS~1.MOF
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-gameexplorer_31bf3856ad364e35_6.0.6000.20949_none_408173e9dd4c5e75\WGXINS~1.MOF
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-gameexplorer_31bf3856ad364e35_6.0.6000.21117_none_409fbd21dd36085d\WGXINS~1.MOF
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-gameexplorer_31bf3856ad364e35_6.0.6001.18032_none_41e1dfdec15387fc\WGXINS~1.MOF
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-gameexplorer_31bf3856ad364e35_6.0.6001.18165_none_41c472dec16924fb\WGXINS~1.MOF
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-m..-downlevelmanifests_31bf3856ad364e35_6.0.6002.18005_none_04642e8a80bb8b27\MI2095~1.MAN
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-m..-downlevelmanifests_31bf3856ad364e35_6.0.6002.18005_none_04642e8a80bb8b27\MIC237~1.MAN
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-netfx3-core_31bf3856ad364e35_6.0.6001.22208_none_6832700af3374d09\FRAMEW~1.XML
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_appdata_b03f5f7f11d50a3a_6.0.6000.20883_none_8469d28baa199a7e\GROUPE~1.XML
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_appdata_b03f5f7f11d50a3a_6.0.6000.16720_none_9b31bbe79077558b\GROUPE~1.XML
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_mof_b03f5f7f11d50a3a_6.0.6000.16720_none_a54ef540d05f91fc\ASPNET~1.UNI
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_mof_b03f5f7f11d50a3a_6.0.6000.20883_none_8e870be4ea01d6ef\ASPNET~1.UNI
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_mof_b03f5f7f11d50a3a_6.0.6001.18111_none_a529d9f6d0b19e9d\ASPNET~1.UNI
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_mof_b03f5f7f11d50a3a_6.0.6001.22230_none_8e5e4a92ea5717b0\ASPNET~1.UNI
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_permissions_b03f5f7f11d50a3a_6.0.6000.16720_none_950a4e2fda3ee0ba\CREATE~1.ASP
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_permissions_b03f5f7f11d50a3a_6.0.6000.16720_none_950a4e2fda3ee0ba\MANAGE~1.ASP
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_permissions_b03f5f7f11d50a3a_6.0.6000.20883_none_7e4264d3f3e125ad\CREATE~1.ASP
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_permissions_b03f5f7f11d50a3a_6.0.6000.20883_none_7e4264d3f3e125ad\MANAGE~1.ASP
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_permissions_b03f5f7f11d50a3a_6.0.6001.18111_none_94e532e5da90ed5b\CREATE~1.ASP
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_permissions_b03f5f7f11d50a3a_6.0.6001.18111_none_94e532e5da90ed5b\MANAGE~1.ASP
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_permissions_b03f5f7f11d50a3a_6.0.6001.22230_none_7e19a381f436666e\CREATE~1.ASP
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_permissions_b03f5f7f11d50a3a_6.0.6001.22230_none_7e19a381f436666e\MANAGE~1.ASP
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_perm_res_b03f5f7f11d50a3a_6.0.6000.16720_none_4cb2b120b7498755\CREATE~1.RES
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_perm_res_b03f5f7f11d50a3a_6.0.6000.16720_none_4cb2b120b7498755\MANAGE~1.RES
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_perm_res_b03f5f7f11d50a3a_6.0.6000.20883_none_35eac7c4d0ebcc48\CREATE~1.RES
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_perm_res_b03f5f7f11d50a3a_6.0.6000.20883_none_35eac7c4d0ebcc48\MANAGE~1.RES
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_perm_res_b03f5f7f11d50a3a_6.0.6001.18111_none_4c8d95d6b79b93f6\CREATE~1.RES
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_perm_res_b03f5f7f11d50a3a_6.0.6001.18111_none_4c8d95d6b79b93f6\MANAGE~1.RES
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_perm_res_b03f5f7f11d50a3a_6.0.6001.22230_none_35c20672d1410d09\CREATE~1.RES
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_perm_res_b03f5f7f11d50a3a_6.0.6001.22230_none_35c20672d1410d09\MANAGE~1.RES
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_providers_b03f5f7f11d50a3a_6.0.6000.16720_none_7325c867d7281910\CHOOSE~1.ASP
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_providers_b03f5f7f11d50a3a_6.0.6000.16720_none_7325c867d7281910\MANAGE~1.ASP
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_providers_b03f5f7f11d50a3a_6.0.6000.16720_none_7325c867d7281910\MANAGE~2.ASP
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_providers_b03f5f7f11d50a3a_6.0.6000.20883_none_5c5ddf0bf0ca5e03\CHOOSE~1.ASP
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_providers_b03f5f7f11d50a3a_6.0.6000.20883_none_5c5ddf0bf0ca5e03\MANAGE~1.ASP
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_providers_b03f5f7f11d50a3a_6.0.6000.20883_none_5c5ddf0bf0ca5e03\MANAGE~2.ASP
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_providers_b03f5f7f11d50a3a_6.0.6001.18111_none_7300ad1dd77a25b1\CHOOSE~1.ASP
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_providers_b03f5f7f11d50a3a_6.0.6001.18111_none_7300ad1dd77a25b1\MANAGE~1.ASP
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_providers_b03f5f7f11d50a3a_6.0.6001.18111_none_7300ad1dd77a25b1\MANAGE~2.ASP
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_help_b03f5f7f11d50a3a_6.0.6001.18111_none_7c6b3231b9c3046e\WEBADM~2.ASP
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_help_b03f5f7f11d50a3a_6.0.6001.18111_none_7c6b3231b9c3046e\WEBADM~3.ASP
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_help_b03f5f7f11d50a3a_6.0.6001.18111_none_7c6b3231b9c3046e\WEBADM~4.ASP
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_help_b03f5f7f11d50a3a_6.0.6001.18111_none_7c6b3231b9c3046e\WEBB00~1.ASP
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_providers_b03f5f7f11d50a3a_6.0.6001.22230_none_5c351db9f11f9ec4\CHOOSE~1.ASP
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_providers_b03f5f7f11d50a3a_6.0.6001.22230_none_5c351db9f11f9ec4\MANAGE~1.ASP
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_providers_b03f5f7f11d50a3a_6.0.6001.22230_none_5c351db9f11f9ec4\MANAGE~2.ASP
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_roles_b03f5f7f11d50a3a_6.0.6001.18111_none_75c874a9a137a5f0\MANAGE~2.ASP
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_users_res_b03f5f7f11d50a3a_6.0.6001.22230_none_9a1350e27965368d\MANAGE~1.RES
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webevent_sqlprov_b03f5f7f11d50a3a_6.0.6001.18111_none_a335242e0936a3fd\INSTAL~1.SQL
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webevent_sqlprov_b03f5f7f11d50a3a_6.0.6001.18111_none_a335242e0936a3fd\UNINST~1.SQL
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_secur_res_b03f5f7f11d50a3a_6.0.6000.16720_none_c39efe8a3f927437\SETUPA~1.RES
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_secur_res_b03f5f7f11d50a3a_6.0.6000.20883_none_acd7152e5934b92a\SETUPA~1.RES
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_secur_res_b03f5f7f11d50a3a_6.0.6001.18111_none_c379e3403fe480d8\SETUPA~1.RES
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_secur_res_b03f5f7f11d50a3a_6.0.6001.22230_none_acae53dc5989f9eb\SETUPA~1.RES
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_users_res_b03f5f7f11d50a3a_6.0.6000.16720_none_b103fb905f6db0d9\MANAGE~1.RES
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_users_res_b03f5f7f11d50a3a_6.0.6000.20883_none_9a3c1234790ff5cc\MANAGE~1.RES
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_users_res_b03f5f7f11d50a3a_6.0.6001.18111_none_b0dee0465fbfbd7a\MANAGE~1.RES
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webmintrust_config_b03f5f7f11d50a3a_6.0.6000.16720_none_e2c358ab062e054b\WEB_MI~1.CON
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webmintrust_config_b03f5f7f11d50a3a_6.0.6000.20883_none_cbfb6f4f1fd04a3e\WEB_MI~1.CON
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webmintrust_config_b03f5f7f11d50a3a_6.0.6001.18111_none_e29e3d61068011ec\WEB_MI~1.CON
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webmintrust_config_b03f5f7f11d50a3a_6.0.6001.22230_none_cbd2adfd20258aff\WEB_MI~1.CON
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_policy.1.2.microsof..op.security.azroles_31bf3856ad364e35_6.0.6000.16386_none_ea83414c2e75b887\Microsoft.Interop.Security.AzRoles.config
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wcf-m_svc_mod_svc_perf_vrg_31bf3856ad364e35_6.0.6000.16708_none_7aa059d88e5323b0\_SERVI~1.VRG
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wcf-m_svc_mod_svc_perf_vrg_31bf3856ad364e35_6.0.6000.20864_none_7ae515f3a7a505c4\_SERVI~1.VRG
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wcf-m_svc_mod_svc_perf_vrg_31bf3856ad364e35_6.0.6001.18096_none_7c2346b88bc48045\_SERVI~1.VRG
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_wcf-m_svc_mod_svc_perf_vrg_31bf3856ad364e35_6.0.6001.22208_none_7d103549a497546b\_SERVI~1.VRG
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\msil_mscorlib.resources_b77a5c561934e089_6.0.6000.16720_de-de_65722c179a7be658\MSCORL~1.DLL
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.16681_none_2d26424d1d17e8b7\WINDOW~1.WAV
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.16681_none_2d26424d1d17e8b7\WINDOW~2.WAV
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.16681_none_2d26424d1d17e8b7\WINDOW~4.WAV
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.16711_none_2d71f3a71cdf2247\WINDOW~1.WAV
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.16711_none_2d71f3a71cdf2247\WINDOW~2.WAV
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.16711_none_2d71f3a71cdf2247\WINDOW~4.WAV
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.16809_none_2d84c7c91ccfce35\WINDOW~1.WAV
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.16809_none_2d84c7c91ccfce35\WINDOW~2.WAV
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.16809_none_2d84c7c91ccfce35\WINDOW~4.WAV
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.16830_none_2d5b556b1cf03df9\WINDOW~1.WAV
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.16830_none_2d5b556b1cf03df9\WINDOW~2.WAV
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.16830_none_2d5b556b1cf03df9\WINDOW~4.WAV
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.16851_none_2d46b5dd1cff8f32\WINDOW~1.WAV
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.16851_none_2d46b5dd1cff8f32\WINDOW~2.WAV
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.16851_none_2d46b5dd1cff8f32\WINDOW~4.WAV
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.16890_none_2d1a75e31d20e59f\WINDOW~1.WAV
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.16890_none_2d1a75e31d20e59f\WINDOW~2.WAV
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.16890_none_2d1a75e31d20e59f\WINDOW~4.WAV
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.16916_none_2d76f8e51cda9b48\WINDOW~1.WAV
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.16916_none_2d76f8e51cda9b48\WINDOW~2.WAV
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.16916_none_2d76f8e51cda9b48\WINDOW~4.WAV
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.16945_none_2d5588d71cf3d5c4\WINDOW~1.WAV
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.16945_none_2d5588d71cf3d5c4\WINDOW~2.WAV
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.16945_none_2d5588d71cf3d5c4\WINDOW~4.WAV
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.16982_none_2d2748491d16f983\WINDOW~1.WAV
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.16982_none_2d2748491d16f983\WINDOW~2.WAV
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.16982_none_2d2748491d16f983\WINDOW~4.WAV
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.17037_none_2d6231791cea1fc3\WINDOW~1.WAV
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.17037_none_2d6231791cea1fc3\WINDOW~2.WAV
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.17037_none_2d6231791cea1fc3\WINDOW~4.WAV
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.20777_none_2dc0b0c03628049a\WINDOW~1.WAV
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.20777_none_2dc0b0c03628049a\WINDOW~2.WAV
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.20777_none_2dc0b0c03628049a\WINDOW~4.WAV
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webevent_sqlprov_b03f5f7f11d50a3a_6.0.6001.22230_none_8c6994ca22dc1d10\INSTAL~1.SQL
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webevent_sqlprov_b03f5f7f11d50a3a_6.0.6001.22230_none_8c6994ca22dc1d10\UNINST~1.SQL
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webmedtrust_config_b03f5f7f11d50a3a_6.0.6000.16720_none_2c88b9b71ca44e71\WEB_ME~1.CON
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webmedtrust_config_b03f5f7f11d50a3a_6.0.6000.20883_none_15c0d05b36469364\WEB_ME~1.CON
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webmedtrust_config_b03f5f7f11d50a3a_6.0.6001.18111_none_2c639e6d1cf65b12\WEB_ME~1.CON
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webmedtrust_config_b03f5f7f11d50a3a_6.0.6001.22230_none_15980f09369bd425\WEB_ME~1.CON
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_roles_b03f5f7f11d50a3a_6.0.6001.22230_none_5efce545badd1f03\MANAGE~2.ASP
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_roles_res_b03f5f7f11d50a3a_6.0.6000.16720_none_87d39b55197883e6\MANAGE~1.RES
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_roles_res_b03f5f7f11d50a3a_6.0.6000.16720_none_87d39b55197883e6\MANAGE~2.RES
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_roles_res_b03f5f7f11d50a3a_6.0.6000.20883_none_710bb1f9331ac8d9\MANAGE~1.RES
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_roles_res_b03f5f7f11d50a3a_6.0.6000.20883_none_710bb1f9331ac8d9\MANAGE~2.RES
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_roles_res_b03f5f7f11d50a3a_6.0.6001.18111_none_87ae800b19ca9087\MANAGE~1.RES
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_roles_res_b03f5f7f11d50a3a_6.0.6001.18111_none_87ae800b19ca9087\MANAGE~2.RES
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_roles_res_b03f5f7f11d50a3a_6.0.6001.22230_none_70e2f0aProcesses
-------------------
Path: System
PID: 4	Status: Locked to the Windows API!

Path: C:\Windows\System32\audiodg.exe
PID: 1248	Status: Locked to the Windows API!

SSDT
-------------------
#: 078	Function Name: NtCreateThread
Status: Hooked by "<unknown>" at address 0x9ccd09d4

#: 194	Function Name: NtOpenProcess
Status: Hooked by "<unknown>" at address 0x9ccd09c0

#: 201	Function Name: NtOpenThread
Status: Hooked by "<unknown>" at address 0x9ccd09c5

#: 334	Function Name: NtTerminateProcess
Status: Hooked by "<unknown>" at address 0x9ccd09cf

Stealth Objects
-------------------
Object: Hidden Code [Driver: Ntfs, IRP_MJ_CREATE]
Process: System	Address: 0x850201f8	Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_CLOSE]
Process: System	Address: 0x850201f8	Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_READ]
Process: System	Address: 0x850201f8	Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_WRITE]
Process: System	Address: 0x850201f8	Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_INFORMATION]
Process: System	Address: 0x850201f8	Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_INFORMATION]
Process: System	Address: 0x850201f8	Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_EA]
Process: System	Address: 0x850201f8	Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_EA]
Process: System	Address: 0x850201f8	Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_FLUSH_BUFFERS]
Process: System	Address: 0x850201f8	Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_VOLUME_INFORMATION]
Process: System	Address: 0x850201f8	Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_VOLUME_INFORMATION]
Process: System	Address: 0x850201f8	Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_DIRECTORY_CONTROL]
Process: System	Address: 0x850201f8	Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_FILE_SYSTEM_CONTROL]
Process: System	Address: 0x850201f8	Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_DEVICE_CONTROL]
Process: System	Address: 0x850201f8	Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SHUTDOWN]
Process: System	Address: 0x850201f8	Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_LOCK_CONTROL]
Process: System	Address: 0x850201f8	Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_CLEANUP]
Process: System	Address: 0x850201f8	Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_SECURITY]
Process: System	Address: 0x850201f8	Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_SECURITY]
Process: System	Address: 0x850201f8	Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_QUOTA]
Process: System	Address: 0x850201f8	Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_QUOTA]
Process: System	Address: 0x850201f8	Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_PNP]
Process: System	Address: 0x850201f8	Size: 121

Object: Hidden Code [Driver: aikc3effП牄뎈譆䚈譆, IRP_MJ_CREATE]
Process: System	Address: 0x869291f8	Size: 121

Object: Hidden Code [Driver: aikc3effП牄뎈譆䚈譆, IRP_MJ_CLOSE]
Process: System	Address: 0x869291f8	Size: 121

Object: Hidden Code [Driver: aikc3effП牄뎈譆䚈譆, IRP_MJ_DEVICE_CONTROL]
Process: System	Address: 0x869291f8	Size: 121

Object: Hidden Code [Driver: aikc3effП牄뎈譆䚈譆, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System	Address: 0x869291f8	Size: 121

Object: Hidden Code [Driver: aikc3effП牄뎈譆䚈譆, IRP_MJ_POWER]
Process: System	Address: 0x869291f8	Size: 121

Object: Hidden Code [Driver: aikc3effП牄뎈譆䚈譆, IRP_MJ_SYSTEM_CONTROL]
Process: System	Address: 0x869291f8	Size: 121

Object: Hidden Code [Driver: aikc3effП牄뎈譆䚈譆, IRP_MJ_PNP]
Process: System	Address: 0x869291f8	Size: 121

Object: Hidden Code [Driver: atapi, IRP_MJ_CREATE]
Process: System	Address: 0x8501f1f8	Size: 121

Object: Hidden Code [Driver: atapi, IRP_MJ_CLOSE]
Process: System	Address: 0x8501f1f8	Size: 121

Object: Hidden Code [Driver: atapi, IRP_MJ_DEVICE_CONTROL]
Process: System	Address: 0x8501f1f8	Size: 121

Object: Hidden Code [Driver: atapi, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System	Address: 0x8501f1f8	Size: 121

Object: Hidden Code [Driver: atapi, IRP_MJ_POWER]
Process: System	Address: 0x8501f1f8	Size: 121

Object: Hidden Code [Driver: atapi, IRP_MJ_SYSTEM_CONTROL]
Process: System	Address: 0x8501f1f8	Size: 121

Object: Hidden Code [Driver: atapi, IRP_MJ_PNP]
Process: System	Address: 0x8501f1f8	Size: 121

Object: Hidden Code [Driver: usbuhci, IRP_MJ_CREATE]
Process: System	Address: 0x867551f8	Size: 121

Object: Hidden Code [Driver: usbuhci, IRP_MJ_CLOSE]
Process: System	Address: 0x867551f8	Size: 121

Object: Hidden Code [Driver: usbuhci, IRP_MJ_DEVICE_CONTROL]
Process: System	Address: 0x867551f8	Size: 121

Object: Hidden Code [Driver: usbuhci, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System	Address: 0x867551f8	Size: 121

Object: Hidden Code [Driver: usbuhci, IRP_MJ_POWER]
Process: System	Address: 0x867551f8	Size: 121

Object: Hidden Code [Driver: usbuhci, IRP_MJ_SYSTEM_CONTROL]
Process: System	Address: 0x867551f8	Size: 121

Object: Hidden Code [Driver: usbuhci, IRP_MJ_PNP]
Process: System	Address: 0x867551f8	Size: 121

Object: Hidden Code [Driver: cdrom蔆, IRP_MJ_CREATE]
Process: System	Address: 0x86756500	Size: 121

Object: Hidden Code [Driver: cdrom蔆, IRP_MJ_CLOSE]
Process: System	Address: 0x86756500	Size: 121

Object: Hidden Code [Driver: cdrom蔆, IRP_MJ_READ]
Process: System	Address: 0x86756500	Size: 121

Object: Hidden Code [Driver: cdrom蔆, IRP_MJ_WRITE]
Process: System	Address: 0x86756500	Size: 121

Object: Hidden Code [Driver: cdrom蔆, IRP_MJ_FLUSH_BUFFERS]
Process: System	Address: 0x86756500	Size: 121

Object: Hidden Code [Driver: cdrom蔆, IRP_MJ_DEVICE_CONTROL]
Process: System	Address: 0x86756500	Size: 121

Object: Hidden Code [Driver: cdrom蔆, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System	Address: 0x86756500	Size: 121

Object: Hidden Code [Driver: cdrom蔆, IRP_MJ_SHUTDOWN]
Process: System	Address: 0x86756500	Size: 121

Object: Hidden Code [Driver: cdrom蔆, IRP_MJ_POWER]
Process: System	Address: 0x86756500	Size: 121

Object: Hidden Code [Driver: cdrom蔆, IRP_MJ_SYSTEM_CONTROL]
Process: System	Address: 0x86756500	Size: 121

Object: Hidden Code [Driver: cdrom蔆, IRP_MJ_PNP]
Process: System	Address: 0x86756500	Size: 121

Object: Hidden Code [Driver: Smb前Ѕ獵灢敄剶癤⭨싘蛿, IRP_MJ_CREATE]
Process: System	Address: 0x871111f8	Size: 121

Object: Hidden Code [Driver: Smb前Ѕ獵灢敄剶癤⭨싘蛿, IRP_MJ_CLOSE]
Process: System	Address: 0x871111f8	Size: 121

Object: Hidden Code [Driver: Smb前Ѕ獵灢敄剶癤⭨싘蛿, IRP_MJ_DEVICE_CONTROL]
Process: System	Address: 0x871111f8	Size: 121

Object: Hidden Code [Driver: Smb前Ѕ獵灢敄剶癤⭨싘蛿, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System	Address: 0x871111f8	Size: 121

Object: Hidden Code [Driver: Smb前Ѕ獵灢敄剶癤⭨싘蛿, IRP_MJ_CLEANUP]
Process: System	Address: 0x871111f8	Size: 121

Object: Hidden Code [Driver: Smb前Ѕ獵灢敄剶癤⭨싘蛿, IRP_MJ_PNP]
Process: System	Address: 0x871111f8	Size: 121

Object: Hidden Code [Driver: netbt, IRP_MJ_CREATE]
Process: System	Address: 0x8712b1f8	Size: 121

Object: Hidden Code [Driver: netbt, IRP_MJ_CLOSE]
Process: System	Address: 0x8712b1f8	Size: 121

Object: Hidden Code [Driver: netbt, IRP_MJ_DEVICE_CONTROL]
Process: System	Address: 0x8712b1f8	Size: 121

Object: Hidden Code [Driver: netbt, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System	Address: 0x8712b1f8	Size: 121

Object: Hidden Code [Driver: netbt, IRP_MJ_CLEANUP]
Process: System	Address: 0x8712b1f8	Size: 121

Object: Hidden Code [Driver: netbt, IRP_MJ_PNP]
Process: System	Address: 0x8712b1f8	Size: 121

Object: Hidden Code [Driver: , IRP_MJ_CREATE]
Process: System	Address: 0x86943500	Size: 121

Object: Hidden Code [Driver: , IRP_MJ_CLOSE]
Process: System	Address: 0x86943500	Size: 121

Object: Hidden Code [Driver: , IRP_MJ_DEVICE_CONTROL]
Process: System	Address: 0x86943500	Size: 121

Object: Hidden Code [Driver: , IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System	Address: 0x86943500	Size: 121

Object: Hidden Code [Driver: , IRP_MJ_POWER]
Process: System	Address: 0x86943500	Size: 121

Object: Hidden Code [Driver: , IRP_MJ_SYSTEM_CONTROL]
Process: System	Address: 0x86943500	Size: 121

Object: Hidden Code [Driver: , IRP_MJ_PNP]
Process: System	Address: 0x86943500	Size: 121

Object: Hidden Code [Driver: volmgr, IRP_MJ_CREATE]
Process: System	Address: 0x8468c1f8	Size: 121

Object: Hidden Code [Driver: volmgr, IRP_MJ_READ]
Process: System	Address: 0x8468c1f8	Size: 121

Object: Hidden Code [Driver: volmgr, IRP_MJ_WRITE]
Process: System	Address: 0x8468c1f8	Size: 121

Object: Hidden Code [Driver: volmgr, IRP_MJ_FLUSH_BUFFERS]
Process: System	Address: 0x8468c1f8	Size: 121

Object: Hidden Code [Driver: volmgr, IRP_MJ_DEVICE_CONTROL]
Process: System	Address: 0x8468c1f8	Size: 121

Object: Hidden Code [Driver: volmgr, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System	Address: 0x8468c1f8	Size: 121

Object: Hidden Code [Driver: volmgr, IRP_MJ_SHUTDOWN]
Process: System	Address: 0x8468c1f8	Size: 121

Object: Hidden Code [Driver: volmgr, IRP_MJ_CLEANUP]
Process: System	Address: 0x8468c1f8	Size: 121

Object: Hidden Code [Driver: volmgr, IRP_MJ_POWER]
Process: System	Address: 0x8468c1f8	Size: 121

Object: Hidden Code [Driver: volmgr, IRP_MJ_SYSTEM_CONTROL]
Process: System	Address: 0x8468c1f8	Size: 121

Object: Hidden Code [Driver: volmgr, IRP_MJ_PNP]
Process: System	Address: 0x8468c1f8	Size: 121

Object: Hidden Code [Driver: usbehci, IRP_MJ_CREATE]
Process: System	Address: 0x8674f1f8	Size: 121

Object: Hidden Code [Driver: usbehci, IRP_MJ_CLOSE]
Process: System	Address: 0x8674f1f8	Size: 121

Object: Hidden Code [Driver: usbehci, IRP_MJ_DEVICE_CONTROL]
Process: System	Address: 0x8674f1f8	Size: 121

Object: Hidden Code [Driver: usbehci, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System	Address: 0x8674f1f8	Size: 121

Object: Hidden Code [Driver: usbehci, IRP_MJ_POWER]
Process: System	Address: 0x8674f1f8	Size: 121

Object: Hidden Code [Driver: usbehci, IRP_MJ_SYSTEM_CONTROL]
Process: System	Address: 0x8674f1f8	Size: 121

Object: Hidden Code [Driver: usbehci, IRP_MJ_PNP]
Process: System	Address: 0x8674f1f8	Size: 121

Object: Hidden Code [Driver: mrxsmb?Ї慖⁤犑螠, IRP_MJ_CREATE]
Process: System	Address: 0x87283500	Size: 121

Object: Hidden Code [Driver: mrxsmb?Ї慖⁤犑螠, IRP_MJ_CREATE_NAMED_PIPE]
Process: System	Address: 0x87283500	Size: 121

Object: Hidden Code [Driver: mrxsmb?Ї慖⁤犑螠, IRP_MJ_CLOSE]
Process: System	Address: 0x87283500	Size: 121

Object: Hidden Code [Driver: mrxsmb?Ї慖⁤犑螠, IRP_MJ_READ]
Process: System	Address: 0x87283500	Size: 121

Object: Hidden Code [Driver: mrxsmb?Ї慖⁤犑螠, IRP_MJ_WRITE]
Process: System	Address: 0x87283500	Size: 121

Object: Hidden Code [Driver: mrxsmb?Ї慖⁤犑螠, IRP_MJ_QUERY_INFORMATION]
Process: System	Address: 0x87283500	Size: 121

Object: Hidden Code [Driver: mrxsmb?Ї慖⁤犑螠, IRP_MJ_SET_INFORMATION]
Process: System	Address: 0x87283500	Size: 121

Object: Hidden Code [Driver: mrxsmb?Ї慖⁤犑螠, IRP_MJ_QUERY_EA]
Process: System	Address: 0x87283500	Size: 121

Object: Hidden Code [Driver: mrxsmb?Ї慖⁤犑螠, IRP_MJ_SET_EA]
Process: System	Address: 0x87283500	Size: 121

Object: Hidden Code [Driver: mrxsmb?Ї慖⁤犑螠, IRP_MJ_FLUSH_BUFFERS]
Process: System	Address: 0x87283500	Size: 121

Object: Hidden Code [Driver: mrxsmb?Ї慖⁤犑螠, IRP_MJ_QUERY_VOLUME_INFORMATION]
Process: System	Address: 0x87283500	Size: 121

Object: Hidden Code [Driver: mrxsmb?Ї慖⁤犑螠, IRP_MJ_SET_VOLUME_INFORMATION]
Process: System	Address: 0x87283500	Size: 121

Object: Hidden Code [Driver: mrxsmb?Ї慖⁤犑螠, IRP_MJ_DIRECTORY_CONTROL]
Process: System	Address: 0x87283500	Size: 121

Object: Hidden Code [Driver: mrxsmb?Ї慖⁤犑螠, IRP_MJ_FILE_SYSTEM_CONTROL]
Process: System	Address: 0x87283500	Size: 121

Object: Hidden Code [Driver: mrxsmb?Ї慖⁤犑螠, IRP_MJ_DEVICE_CONTROL]
Process: System	Address: 0x87283500	Size: 121

Object: Hidden Code [Driver: mrxsmb?Ї慖⁤犑螠, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System	Address: 0x87283500	Size: 121

Object: Hidden Code [Driver: mrxsmb?Ї慖⁤犑螠, IRP_MJ_SHUTDOWN]
Process: System	Address: 0x87283500	Size: 121

Object: Hidden Code [Driver: mrxsmb?Ї慖⁤犑螠, IRP_MJ_LOCK_CONTROL]
Process: System	Address: 0x87283500	Size: 121

Object: Hidden Code [Driver: mrxsmb?Ї慖⁤犑螠, IRP_MJ_CLEANUP]
Process: System	Address: 0x87283500	Size: 121

Object: Hidden Code [Driver: mrxsmb?Ї慖⁤犑螠, IRP_MJ_CREATE_MAILSLOT]
Process: System	Address: 0x87283500	Size: 121

Object: Hidden Code [Driver: mrxsmb?Ї慖⁤犑螠, IRP_MJ_QUERY_SECURITY]
Process: System	Address: 0x87283500	Size: 121

Object: Hidden Code [Driver: mrxsmb?Ї慖⁤犑螠, IRP_MJ_SET_SECURITY]
Process: System	Address: 0x87283500	Size: 121

Object: Hidden Code [Driver: mrxsmb?Ї慖⁤犑螠, IRP_MJ_POWER]
Process: System	Address: 0x87283500	Size: 121

Object: Hidden Code [Driver: mrxsmb?Ї慖⁤犑螠, IRP_MJ_SYSTEM_CONTROL]
Process: System	Address: 0x87283500	Size: 121

Object: Hidden Code [Driver: mrxsmb?Ї慖⁤犑螠, IRP_MJ_DEVICE_CHANGE]
Process: System	Address: 0x87283500	Size: 121

Object: Hidden Code [Driver: mrxsmb?Ї慖⁤犑螠, IRP_MJ_QUERY_QUOTA]
Process: System	Address: 0x87283500	Size: 121

Object: Hidden Code [Driver: mrxsmb?Ї慖⁤犑螠, IRP_MJ_SET_QUOTA]
Process: System	Address: 0x87283500	Size: 121

Object: Hidden Code [Driver: mrxsmb?Ї慖⁤犑螠, IRP_MJ_PNP]
Process: System	Address: 0x87283500	Size: 121

Object: Hidden Code [Driver: cdfsЕ楆汨螔, IRP_MJ_CREATE]
Process: System	Address: 0x84a751f8	Size: 121

Object: Hidden Code [Driver: cdfsЕ楆汨螔, IRP_MJ_CLOSE]
Process: System	Address: 0x84a751f8	Size: 121

Object: Hidden Code [Driver: cdfsЕ楆汨螔, IRP_MJ_READ]
Process: System	Address: 0x84a751f8	Size: 121

Object: Hidden Code [Driver: cdfsЕ楆汨螔, IRP_MJ_WRITE]
Process: System	Address: 0x84a751f8	Size: 121

Object: Hidden Code [Driver: cdfsЕ楆汨螔, IRP_MJ_QUERY_INFORMATION]
Process: System	Address: 0x84a751f8	Size: 121

Object: Hidden Code [Driver: cdfsЕ楆汨螔, IRP_MJ_SET_INFORMATION]
Process: System	Address: 0x84a751f8	Size: 121

Object: Hidden Code [Driver: cdfsЕ楆汨螔, IRP_MJ_QUERY_VOLUME_INFORMATION]
Process: System	Address: 0x84a751f8	Size: 121

Object: Hidden Code [Driver: cdfsЕ楆汨螔, IRP_MJ_DIRECTORY_CONTROL]
Process: System	Address: 0x84a751f8	Size: 121

Object: Hidden Code [Driver: cdfsЕ楆汨螔, IRP_MJ_FILE_SYSTEM_CONTROL]
Process: System	Address: 0x84a751f8	Size: 121

Object: Hidden Code [Driver: cdfsЕ楆汨螔, IRP_MJ_DEVICE_CONTROL]
Process: System	Address: 0x84a751f8	Size: 121

Object: Hidden Code [Driver: cdfsЕ楆汨螔, IRP_MJ_SHUTDOWN]
Process: System	Address: 0x84a751f8	Size: 121

Object: Hidden Code [Driver: cdfsЕ楆汨螔, IRP_MJ_LOCK_CONTROL]
Process: System	Address: 0x84a751f8	Size: 121

Object: Hidden Code [Driver: cdfsЕ楆汨螔, IRP_MJ_CLEANUP]
Process: System	Address: 0x84a751f8	Size: 121

Object: Hidden Code [Driver: cdfsЕ楆汨螔, IRP_MJ_PNP]
Process: System	Address: 0x84a751f8	Size: 121

==EOF==

MalwareHero · 20.06.2010, 14:49

Zitat:

Zitat von castol

Hier das Log:

ROOTREPEAL

ok.

Download http://www2.gmer.net/mbr/mbr.exeauf dein desktop. Rechtsklick mit Admin. ausführen. Es öffnet sich ganz kurz ein Scanfenster. Das log liegt auf deinem desktop. Poste es hier.

Bei dir ist Daemon Tools installiert?

***********************

castol · 20.06.2010, 15:23

Ja, Daemon Tools habe ich installiert...

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, hxxp://www.gmer.net

device: opened successfully
user: MBR read successfully
kernel: MBR read successfully
user & kernel MBR OK

MalwareHero · 20.06.2010, 15:27

Zitat:

Zitat von castol

Ja, Daemon Tools habe ich installiert...
user & kernel MBR OK

Das ist ok. Rootkits hast du keine.

Poste dann noch das Log/die Fünde von ESET.

**************************

castol · 20.06.2010, 15:31

Ist grade fertig geworden... Hat 2,5 Std. gedauert :-)

C:\Users\Carsten u. Jessi\AppData\Local\Temp\eswcmaornx.exe Variante von Win32/Kryptik.FAT Trojaner
C:\Users\Carsten u. Jessi\AppData\Local\Temp\jgmkw.exe Win32/Wigon.DC Trojaner
C:\Users\Carsten u. Jessi\AppData\Local\Temp\uhedyvt.exe Variante von Win32/Kryptik.FBM Trojaner

MalwareHero · 20.06.2010, 15:44

Zitat:

Zitat von castol

Ist grade fertig geworden... Hat 2,5 Std. gedauert :-)

Die Fünde sind nicht gut. Sieht so aus, als hattest du einiges an Schädlinge im Temp.Verzeichniss.

Bitte mal beide OTL Logs posten.
http://www.trojaner-board.de/85104-o...-oldtimer.html

Die Fünde von ESET löschen/entfernen lassen!

***************************

Hijack zur Überprüfung nach Entfernung von AV Security

Log-Analyse und Auswertung: Hijack zur Überprüfung nach Entfernung von AV Security