Teil III

"TCP Query User{66DFB49F-BDBE-49CA-AE76-BAD1163D5ABA}c:\\program files\\electronic arts\\eadm\\core.exe"= UDP:c:\program files\electronic arts\eadm\core.exe:EA Download Manager
"UDP Query User{1FC2329E-A467-4EB7-8A64-9B49F711F2EC}c:\\program files\\electronic arts\\eadm\\core.exe"= TCP:c:\program files\electronic arts\eadm\core.exe:EA Download Manager
"{C3826956-510C-41CD-B7A3-A7AF4FCAAC7D}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{3CCB6510-B42D-4F90-952E-F77105C83EF3}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{655989EF-9B18-48C4-9C0B-3B5F0684BC93}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{AFC1AEF5-9EE1-4059-9174-39DBF22DDA49}"= Disabled:UDP:c:\program files\BitTorrent\bittorrent.exe:BitTorrent (TCP-In)
"{0E7AF583-FFED-49AF-ABF8-5F421EAC37A3}"= Disabled:TCP:c:\program files\BitTorrent\bittorrent.exe:BitTorrent (UDP-In)
"{BAEBB70B-70BC-463C-8C93-8EAC81465A71}"= c:\program files\Skype\Phone\Skype.exe:Skype
"TCP Query User{CD672117-7F63-4AF4-886D-8E2E3AFD6715}c:\\program files\\bittorrent\\bittorrent.exe"= UDP:c:\program files\bittorrent\bittorrent.exe:BitTorrent
"UDP Query User{796CA619-B8EB-4D16-9B28-3177FA3DA6BE}c:\\program files\\bittorrent\\bittorrent.exe"= TCP:c:\program files\bittorrent\bittorrent.exe:BitTorrent
"TCP Query User{F899E985-5B1E-4179-89B4-B92F5A6A9800}c:\\program files\\dna\\btdna.exe"= UDP:c:\program files\dna\btdna.exeNA
"UDP Query User{D04A2679-D854-4835-8A84-598F76708FC2}c:\\program files\\dna\\btdna.exe"= TCP:c:\program files\dna\btdna.exeNA
"{2A3F0F33-119B-4A2F-B620-ECB5A1C97107}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{F3A6B3B7-861B-473F-AA10-3FD1043818E1}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{F8127DAB-60F5-4662-98AE-325FE34D37FB}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{F1198147-8A14-4652-BD5B-16231663F68B}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{95FD7ADE-358B-4451-B746-F5F8021587BF}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{28AE51FB-03A3-4E49-9799-DBDE0F71FF78}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{77F074FC-C21A-4D98-A6C8-7EA4A477DC09}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{7F860512-CA63-406C-8EBC-B719B9FA9F85}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{72C8B57B-24D7-43D5-99CE-1C04AB062E56}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{C3A3A076-3821-4E46-8FF6-09E049A2C772}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{CE5913A3-EF56-4F72-BE75-6D4D276E1FBC}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{59CDA3AE-9006-4A91-9647-09F99AD37B84}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{8F5523C4-7732-4B7A-8FDE-BA3C5570B039}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{7BF0D88A-22C9-4768-AA39-4E87ACD67313}"= c:\program files\Windows Live\Sync\WindowsLiveSync.exe:Windows Live Sync
"{CAA42384-CF92-4454-8337-F6299C9AC8EB}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{4142A83A-4529-48DF-9E16-76AD4E7CAED4}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{A16F3A2E-3090-4491-9534-5F02EC21DE74}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{3BD0411F-0385-4E79-8123-BC80E8AEB33E}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{7307E280-76D9-4E86-8F48-44BBF67C44E7}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{53CA7498-DD1C-48F4-A521-6162F9CB0B5F}"= c:\program files\Skype\Phone\Skype.exe:Skype
"TCP Query User{7BFCA665-036C-467A-9087-D1DFD349A397}c:\\program files\\fritz!box monitor\\fritzboxmonitor.exe"= UDP:c:\program files\fritz!box monitor\fritzboxmonitor.exe:FRITZ!Box Monitor
"UDP Query User{99A5D827-9D24-40D0-8CBC-040D7F9685CF}c:\\program files\\fritz!box monitor\\fritzboxmonitor.exe"= TCP:c:\program files\fritz!box monitor\fritzboxmonitor.exe:FRITZ!Box Monitor
"{14203BA7-056C-49B5-93FD-94C73C549071}"= UDP:c:\users\Jochen\AppData\Local\Apps\2.0\BQBQRO34.3H6\D733KVPQ.NTC\frit..tion_f8d772dfbb3f7453_0002.0001_0db5bf169ed5c0c1\fritzbox-usb-fernanschluss.exe:FRITZ!Box USB-Fernanschluss
"{3EDF25FB-721E-45C9-AC25-0616A63F47EB}"= TCP:c:\users\Jochen\AppData\Local\Apps\2.0\BQBQRO34.3H6\D733KVPQ.NTC\frit..tion_f8d772dfbb3f7453_0002.0001_0db5bf169ed5c0c1\fritzbox-usb-fernanschluss.exe:FRITZ!Box USB-Fernanschluss
"{9AB637FD-A2DD-452D-98A6-BD1398BB7FCE}"= UDP:c:\users\Jochen\AppData\Local\Apps\2.0\BQBQRO34.3H6\D733KVPQ.NTC\frit..tion_f8d772dfbb3f7453_0002.0001_0db5bf169ed5c0c1\fritzbox-usb-fernanschluss.exe:FRITZ!Box USB-Fernanschluss
"{3ABEF803-2781-47E7-BDF5-8A5FB20C5F80}"= TCP:c:\users\Jochen\AppData\Local\Apps\2.0\BQBQRO34.3H6\D733KVPQ.NTC\frit..tion_f8d772dfbb3f7453_0002.0001_0db5bf169ed5c0c1\fritzbox-usb-fernanschluss.exe:FRITZ!Box USB-Fernanschluss
"{CFE66C27-C423-48F0-A70E-6F734C1E34D4}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{84D004FF-B9F8-47E4-8D65-75B62862A00C}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{61C16FF0-4CB9-4A09-98EC-0835434778CA}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{8F05718B-A30D-4DBA-AD7C-16C35ED20742}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{76505692-0328-4F1F-96A8-38142AB8D042}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{39F1A2DB-43A0-4C02-9845-192D520C964F}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{B48E1A44-06E3-4252-9537-742A47678BE2}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{A5D80C4B-2724-49EC-BE55-7D24857684E7}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{E5F724AC-5B93-4E94-8207-B23DFE88BBD4}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{48BE7DDB-A00A-427A-A968-D464E0B9611E}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{1C0C06FB-098C-462D-85FB-D2D91BFEC09C}"= Disabled:UDP:c:\program files\Tobit ClipInc\Player\ClipInc-Player.exe:ClipInc Player
"{A4A6E27D-7718-4C86-908F-3CBCB7BB6296}"= Disabled:TCP:c:\program files\Tobit ClipInc\Player\ClipInc-Player.exe:ClipInc Player
"{88CAFDF4-6522-4A4D-BC8A-A859B2841BAE}"= Disabled:UDP:c:\program files\Tobit ClipInc\Server\ClipInc-Server.exe:ClipInc Server
"{2F9AD9C9-7AB0-4932-9D97-436A7E5D7602}"= Disabled:TCP:c:\program files\Tobit ClipInc\Server\ClipInc-Server.exe:ClipInc Server
"{34003C3C-F94B-4067-ABCA-1CF5EEA53859}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{E149AE3E-30DB-49B3-9F61-DF6F07C45AC1}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{48BE8201-0908-40D3-9CA1-C11874CDC7AF}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{30A67C99-1356-4B7F-B251-B4E2F3288069}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{7C6CEC58-5644-484C-AD76-F54623D9761E}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{D191BE23-8C06-469F-8284-E230F7D249F7}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{04A01671-046A-47EF-A886-AD964149B8C1}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{5EA0C766-A6B6-4EF9-8671-DC09B83E990F}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{DAA79E1B-2311-4D9C-8356-6B73E4B0D441}"= c:\program files\Skype\Phone\Skype.exe:Skype

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"c:\\Program Files\\BitTorrent\\bittorrent.exe"= c:\program files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent

R1 ui11rdr;ui11rdr;c:\windows\System32\drivers\ui11rdr.SYS [14.01.2009 15:49 272384]
R2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [09.07.2009 22:14 108289]
R2 regi;regi;c:\windows\System32\drivers\regi.sys [03.01.2007 11:19 11032]
R2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [24.04.2009 13:57 92008]
R2 TuneUp.ProgramStatisticsSvc;TuneUp Program Statistics Service;c:\windows\System32\TUProgSt.exe [19.07.2009 00:44 604416]
R2 vmci;VMware vmci;c:\windows\System32\drivers\vmci.sys [18.09.2008 23:06 54960]
R2 wlidsvc;Windows Live ID Sign-in Assistant;c:\program files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE [30.03.2009 16:28 1533808]
R2 XTAgent;Novell XTier Agent Services;c:\windows\System32\Novell\xtagent.exe [08.09.2005 17:14 61440]
R3 avmaura;AVM USB-Fernanschluss;c:\windows\System32\drivers\avmaura.sys [23.11.2008 19:19 101248]
R3 R5U870FLx86;R5U870 UVC Lower Filter ;c:\windows\System32\drivers\R5U870FLx86.sys [13.04.2007 20:34 73472]
R3 R5U870FUx86;R5U870 UVC Upper Filter ;c:\windows\System32\drivers\R5U870FUx86.sys [13.04.2007 20:34 43904]
R3 SonyImgF;Sony Image Conversion Filter Driver;c:\windows\System32\drivers\SonyImgF.sys [13.04.2007 20:34 31104]
R3 ti21sony;ti21sony;c:\windows\System32\drivers\ti21sony.sys [23.04.2007 14:29 812544]
S2 gupdate1c9c7544b4339d8;Google Update Service (gupdate1c9c7544b4339d8);c:\program files\Google\Update\GoogleUpdate.exe [27.04.2009 18:21 133104]
S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files\MAGIX\Common\Database\bin\fbserver.exe [08.04.2009 17:09 1527900]
S3 IPJ;IPJ;c:\users\Jochen\AppData\Local\Temp\IPJ.exe --> c:\users\Jochen\AppData\Local\Temp\IPJ.exe [?]
S3 NKZDJILO;NKZDJILO;c:\users\Jochen\AppData\Local\Temp\NKZDJILO.exe --> c:\users\Jochen\AppData\Local\Temp\NKZDJILO.exe [?]
S3 UPnPService;UPnPService;c:\program files\Common Files\MAGIX Shared\UPnPService\UPnPService.exe [08.04.2009 17:08 544768]
S3 VAIOMediaPlatform-UCLS-AppServer;VAIO Media Content Collection;c:\program files\sony\VAIO Media Integrated Server\UCLS.exe [24.05.2007 15:20 745472]
S3 VAIOMediaPlatform-UCLS-HTTP;VAIO Media Content Collection (HTTP);c:\program files\sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe [24.05.2007 15:19 397312]
S3 VAIOMediaPlatform-UCLS-UPnP;VAIO Media Content Collection (UPnP);c:\program files\sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe [24.05.2007 15:19 1089536]
S4 MSSQL$VAIO_VEDB;SQL Server (VAIO_VEDB);c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [24.11.2008 23:31 29263712]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\System32\rundll32.exe" "c:\windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.de/
uInternet Settings,ProxyServer = isa01:8008
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
LSP: c:\program files\VMware\VMware Player\vsocklib.dll
FF - ProfilePath - c:\users\Jochen\AppData\Roaming\Mozilla\Firefox\Profiles\d4x6gtuk.default\
FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\Google\Update\1.2.183.7\npGoogleOneClick8.dll
FF - plugin: c:\program files\Java\jre1.6.0\bin\npjava11.dll
FF - plugin: c:\program files\Java\jre1.6.0\bin\npjava12.dll
FF - plugin: c:\program files\Java\jre1.6.0\bin\npjava13.dll
FF - plugin: c:\program files\Java\jre1.6.0\bin\npjava14.dll
FF - plugin: c:\program files\Java\jre1.6.0\bin\npjava32.dll
FF - plugin: c:\program files\Java\jre1.6.0\bin\npjpi160.dll
FF - plugin: c:\program files\Java\jre1.6.0\bin\npoji610.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX Richtlinien ----
FF - user.js: yahoo.homepage.dontask - truec:\program files\Mozilla Firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.cache_size", 51200);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.ogg.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.wave.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.autoplay.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.dpi", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("geo.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");
.

**************************************************************************
Scanne versteckte Prozesse...

Scanne versteckte Autostarteinträge...

Scanne versteckte Dateien...

Scan erfolgreich abgeschlossen
versteckte Dateien:

**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------

[HKEY_USERS\S-1-5-21-3735403668-3670143366-2106169524-1003\Software\SecuROM\License information*]
"datasecu"=hex:4b,54,b8,b5,69,ea,ec,e9,cb,70,5b,31,09,f6,8b,22,30,cb,64,48,4a,
94,f2,ce,eb,a9,eb,3a,ff,fc,e5,be,87,8c,14,87,76,a4,e5,c0,f3,0c,4e,f8,1a,f9,\
"rkeysecu"=hex:d1,ab,58,10,5e,07,80,29,a0,d4,a0,72,0a,09,e5,36

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------

- - - - - - - > 'Explorer.exe'(2924)
c:\windows\System32\ui11np.dll
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\windows\System32\Ati2evxx.exe
c:\windows\System32\audiodg.exe
c:\windows\System32\Ati2evxx.exe
c:\windows\System32\brsvc01a.exe
c:\windows\System32\brss01a.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
c:\windows\System32\PSIService.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\windows\System32\TCPSVCS.EXE
c:\program files\sony\Wireless Switch Setting Utility\Switcher.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\windows\System32\conime.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
c:\program files\sony\VAIO Event Service\VESMgr.exe
c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
c:\windows\System32\drivers\XAudio.exe
c:\windows\System32\WUDFHost.exe
c:\program files\sony\VAIO Event Service\VESMgrSub.exe
c:\program files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
c:\program files\Windows Media Player\wmpnetwk.exe
c:\program files\Brother\ControlCenter3\BrccMCtl.exe
c:\windows\ehome\ehmsas.exe
c:\windows\System32\wbem\unsecapp.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2009-08-14 22:53 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2009-08-14 20:53

Vor Suchlauf: 14 Verzeichnis(se), 15.910.793.216 Bytes frei
Nach Suchlauf: 14 Verzeichnis(se), 17.033.170.944 Bytes frei

454 --- E O F --- 2009-08-12 09:55

Hast du GMER als Administrator gestartet? Wenn nein, dann mache es bitte.

Guten Morgen Rarman, sorry habe ich nicht, läuft gerade...

läuft wieder nicht durch - "programm muss beendet werden..." ich habe es jetzt auch mal umbenannt...

was habe ich mir da nur eingefangen?

Weiss ich noch nicht, hab aber eine idee.

Erstmal was anderes. Hast du den Ordner c:\program files\BitTorrent
Ist es gewollt, das deine Firewall deaktiviert ist? Hattest du mal ein Produkt von Symantec installiert(Norton)?
Warum ist UAC ausgeschaltet?

Das Ergebniss des Rootkitscans interessiert!

> Weiss ich noch nicht, hab aber eine idee.

> Erstmal was anderes. Hast du den Ordner c:\program files\BitTorrent
> Ist es gewollt, das deine Firewall deaktiviert ist?

nö, ich kann mich auch nicht entsinnen jemals einen BitTorrent installiert zu haben, definitiv NEIN

> Hattest du mal ein Produkt von Symantec installiert(Norton)?

Ja, es war bei dem Neukauf SONY VAIO installiert, dann habe ich es deinstalliert.

> Warum ist UAC ausgeschaltet?

Was ist UAC? Keine Ahnung warum ausgeschaltet.

hier das log:


Sophos Anti-Rootkit Version 1.5.0 (c) 2009 Sophos Plc
Started logging on 15.08.2009 at 14:26:40
User "Jochen" on computer "SFW-572"
Windows version 6.0 SP 2.0 Service Pack 2 build 6002 SM=0x300 PT=0x1 Win32
Info: Starting process scan.
Info: Starting registry scan.
Warning: Error parsing raw registry hive SECURITY. Registry scan may not be
supported on this version of Windows.
Warning: Unable to load raw registry hive SECURITY.
Registry scan may not be supported on this version of Windows.
Stopped logging on 15.08.2009 at 14:32:48


Sophos Anti-Rootkit Version 1.5.0 (c) 2009 Sophos Plc
Started logging on 15.08.2009 at 14:33:13
User "Jochen" on computer "SFW-572"
Windows version 6.0 SP 2.0 Service Pack 2 build 6002 SM=0x300 PT=0x1 Win32
Info: Starting process scan.
Info: Starting registry scan.
Warning: Error parsing raw registry hive SECURITY. Registry scan may not be
supported on this version of Windows.
Warning: Unable to load raw registry hive SECURITY.
Registry scan may not be supported on this version of Windows.
Info: Starting disk scan of C: (NTFS).
Hidden: file C:\Users\Jochen\AppData\Roaming\Skype\mueller.jochen\etilqs_gmxLhR2AfZ2cqmo6hHxk
Hidden: file C:\Backup\c\Dokumente und Einstellungen\DOJO\Eigene Dateien\todo\ulli\Jochen\Install\WINMX331.EXE
Hidden: file C:\Users\Schulung\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\RHQF95SW\exQ2cQ20bitchQ2cQ20swingerQ2cQ20gogoQ2cQ20erotikQ2cQ20dirtyQ2cQ20xQ2dtremQ29QQLH_PrefLocZ0QQ_catZ9816QQ_gcsZ1551QQ_mPrR ngCbxZ1QQ_pcatsZ11450QQ_sopZ17[1].htm
Hidden: file C:\Users\Schulung\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\W32JURS1\o%2C+erotik%2C+dirty%2C+x-trem%29;dcopt=ist;seg=DE_Top_20pct_Buyers;seg=DE_Top_30pct_Buyers;tcat=11450;items=1618;sz=728x90;tile=1;ord=1210527172875;[1].htm
Hidden: file C:\Users\Schulung\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\AL5DOV17\dcopt=ist;seg=DE_Top_20pct_Buyers;seg=DE_Top_30pct_Buyers;seg=OM_BHV-BSV_Kleidung_Meta_07110;tcat=131090;items=10;sz=728x90;tile=1;ord=1210527259241;[1].htm
Hidden: file C:\Users\Schulung\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\RHQF95SW\;dcopt=ist;seg=DE_Top_20pct_Buyers;seg=DE_Top_30pct_Buyers;seg=OM_BHV-BSV_Kleidung_Meta_07110;tcat=131090;items=5;sz=728x90;tile=1;ord=1210527326138;[1].htm
Hidden: file C:\Users\Diplomarbeit\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\K2YOIIYE\d;tpc=todo_lists;tpc=os_groups;tpc=independent;tpc=java;tpc=visualization;tpc=office;tpc=graphics;tpc=multimedia;tpc=sc ientific;ord=3740498024580347[1].5
Hidden: file C:\Users\Diplomarbeit\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\NQE09GCR\d;tpc=todo_lists;tpc=os_groups;tpc=independent;tpc=java;tpc=visualization;tpc=office;tpc=graphics;tpc=multimedia;tpc=sc ientific;ord=3740498024580347[1].5
Hidden: file C:\Users\Diplomarbeit\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\K2YOIIYE\d;tpc=todo_lists;tpc=os_groups;tpc=independent;tpc=java;tpc=visualization;tpc=office;tpc=graphics;tpc=multimedia;tpc=sc ientific;ord=3740498024580347[2].5
Hidden: file C:\Users\Diplomarbeit\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\NQE09GCR\d;tpc=todo_lists;tpc=os_groups;tpc=independent;tpc=java;tpc=visualization;tpc=office;tpc=graphics;tpc=multimedia;tpc=sc ientific;ord=3740498024580347[2].5
Hidden: file C:\Users\Diplomarbeit\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\1JUB1N8P\d;tpc=todo_lists;tpc=os_groups;tpc=independent;tpc=java;tpc=visualization;tpc=office;tpc=graphics;tpc=multimedia;tpc=sc ientific;ord=3740498024580347[1].5
Hidden: file C:\Users\Diplomarbeit\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\K2YOIIYE\d;tpc=todo_lists;tpc=os_groups;tpc=independent;tpc=java;tpc=visualization;tpc=office;tpc=graphics;tpc=multimedia;tpc=sc ientific;ord=3740498024580347[3].5
Hidden: file C:\Users\Diplomarbeit\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\55IHXASM\d;tpc=todo_lists;tpc=os_groups;tpc=independent;tpc=java;tpc=visualization;tpc=office;tpc=graphics;tpc=multimedia;tpc=sc ientific;ord=3740498024580347[1].5
Info: Starting disk scan of E: (FAT).
Stopped logging on 15.08.2009 at 16:09:30

Mache mit rootrepeal bitte einen Scan im Reiter "drivers", wenn dort im temp Ordner eine sys Datei gefunden wird, druecke mit der rechten Maustaste darauf und waehle copy, kopiere die Datei unter anderem Namen in einen anderen Ordner und teste die Datei bei virustotal.com

keine .sys datei in %temp%.

Danke raman, mein rechner läuft seit den Cleans messbar schneller.

Wenn GMER nicht will, nimm rootrepael. Denke daran es als Admin zu starten
HijackThis.de Support Board - Einzelnen Beitrag anzeigen - Rootkit-Scanner Anleitungen

Gut, dann erstmal rootrepeal

ROOTREPEAL (c) AD, 2007-2009
==================================================
Scan Start Time: 2009/08/15 10:13
Program Version: Version 1.3.5.0
Windows Version: Windows Vista SP2
==================================================

Drivers
-------------------
Name: aujasnkj.sys
Image Path: C:\Users\Jochen\AppData\Local\Temp\aujasnkj.sys
Address: 0x9C872000 Size: 83584 File Visible: No Signed: -
Status: -

Name: rootrepeal.sys
Image Path: C:\Windows\system32\drivers\rootrepeal.sys
Address: 0x9C88F000 Size: 49152 File Visible: No Signed: -
Status: -

Hidden/Locked Files
-------------------
Path: C:\Documents and Settings
Status: Locked to the Windows API!

Path: C:\Dokumente und Einstellungen
Status: Locked to the Windows API!

Path: C:\Programme
Status: Locked to the Windows API!

Path: C:\Program Files\Gemeinsame Dateien
Status: Locked to the Windows API!

Path: C:\ProgramData\Anwendungsdaten
Status: Locked to the Windows API!

Path: C:\ProgramData\Application Data
Status: Locked to the Windows API!

Path: C:\ProgramData\Desktop
Status: Locked to the Windows API!

Path: C:\ProgramData\Documents
Status: Locked to the Windows API!

Path: C:\ProgramData\Dokumente
Status: Locked to the Windows API!

Path: C:\ProgramData\Start Menu
Status: Locked to the Windows API!

Path: C:\ProgramData\Startmenü
Status: Locked to the Windows API!

Path: C:\ProgramData\Templates
Status: Locked to the Windows API!

Path: C:\ProgramData\Vorlagen
Status: Locked to the Windows API!

Path: C:\ProgramData\Favoriten
Status: Locked to the Windows API!

Path: C:\ProgramData\Favorites
Status: Locked to the Windows API!

Path: C:\System Volume Information\{18b215c6-8915-11de-a7e5-0013a9f4891b}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{18b215ca-8915-11de-a7e5-0013a9f4891b}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{e73daac6-8918-11de-9476-0013a9f4891b}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{e73daae3-8918-11de-9476-0013a9f4891b}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{e73daaf9-8918-11de-9476-0013a9f4891b}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{e73dab09-8918-11de-9476-0013a9f4891b}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\Users\All Users
Status: Locked to the Windows API!

Path: C:\Users\Default User
Status: Locked to the Windows API!

Path: C:\Program Files\Windows NT\Zubehör
Status: Locked to the Windows API!

Path: C:\Users\Default\Anwendungsdaten
Status: Locked to the Windows API!

Path: C:\Users\Default\Application Data
Status: Locked to the Windows API!

Path: C:\Users\Default\Cookies
Status: Locked to the Windows API!

Path: C:\Users\Default\Druckumgebung
Status: Locked to the Windows API!

Path: C:\Users\Default\Eigene Dateien
Status: Locked to the Windows API!

Path: C:\Users\Default\Local Settings
Status: Locked to the Windows API!

Path: C:\Users\Default\Lokale Einstellungen
Status: Locked to the Windows API!

Path: C:\Users\Default\My Documents
Status: Locked to the Windows API!

Path: C:\Users\Default\NetHood
Status: Locked to the Windows API!

Path: C:\Users\Default\Netzwerkumgebung
Status: Locked to the Windows API!

Path: C:\Users\Default\PrintHood
Status: Locked to the Windows API!

Path: C:\Users\Default\Recent
Status: Locked to the Windows API!

Path: C:\Users\Default\SendTo
Status: Locked to the Windows API!

Path: C:\Users\Default\Start Menu
Status: Locked to the Windows API!

Path: C:\Users\Default\Startmenü
Status: Locked to the Windows API!

Path: C:\Users\Default\Templates
Status: Locked to the Windows API!

Path: C:\Users\Default\Vorlagen
Status: Locked to the Windows API!

Path: C:\Users\Default\Documents\Eigene Bilder
Status: Locked to the Windows API!

Path: C:\Users\Default\Documents\Eigene Musik
Status: Locked to the Windows API!

Path: C:\Users\Default\Documents\Eigene Videos
Status: Locked to the Windows API!

Path: C:\Users\Default\Documents\My Music
Status: Locked to the Windows API!

Path: C:\Users\Default\Documents\My Pictures
Status: Locked to the Windows API!

Path: C:\Users\Default\Documents\My Videos
Status: Locked to the Windows API!

Path: C:\Users\Public\Documents\Eigene Bilder
Status: Locked to the Windows API!

Path: C:\Users\Public\Documents\Eigene Musik
Status: Locked to the Windows API!

Path: C:\Users\Public\Documents\Eigene Videos
Status: Locked to the Windows API!

Path: C:\Users\Public\Documents\My Music
Status: Locked to the Windows API!

Path: C:\Users\Public\Documents\My Pictures
Status: Locked to the Windows API!

Path: C:\Users\Public\Documents\My Videos
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.9.0.microsoft.vc90.atl_1fc8b3b9a1e18e3b_9.0.21022.8_none_5d1777c2e857a23b.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc90.mfcloc_1fc8b3b9a1e18e3b_9.0.30729.1_none_da4695fc507e16e1.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.9.0.microsoft.vc90.atl_1fc8b3b9a1e18e3b_9.0.30729.1_none_81c25f21d3d46d84.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.msxml2_6bd6b9abf345378f_4.20.9870.0_none_b7e00e6c7b30b69b.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.mfcloc_1fc8b3b9a1e18e3b_8.0.50727.762_none_43efccf17831d131.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.9.0.microsoft.vc90.atl_1fc8b3b9a1e18e3b_9.0.30729.4148_none_f0efb442f8a0f46c.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.4.20.microsoft.msxml2_6bd6b9abf345378f_4.20.9870.0_none_a6dea5dc0ea08098.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.msxml2r_6bd6b9abf345378f_4.1.1.0_none_365945b9da656e4d.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc90.debugcrt_1fc8b3b9a1e18e3b_9.0.30729.1_none_bb1f6aa1308c35eb.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.openmp_1fc8b3b9a1e18e3b_8.0.50727.762_none_7b33aa7d218504d2.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.163_none_10b3ea459bfee365.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.1_none_e163563597edeada.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.4.1.microsoft.msxml2r_6bd6b9abf345378f_4.1.1.0_none_8b7b15c031cda6db.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc90.atl_1fc8b3b9a1e18e3b_9.0.21022.8_none_bdf22a22ab9e15d5.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.msxml2_6bd6b9abf345378f_4.20.9848.0_none_b7e811287b298060.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc90.atl_1fc8b3b9a1e18e3b_9.0.30729.4148_none_51ca66a2bbe76806.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.762_none_9193a620671dde41.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.21022.8_none_bcb86ed6ac711f91.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc90.mfc_1fc8b3b9a1e18e3b_9.0.30729.1_none_dcc7eae99ad0d9cf.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.atl_1fc8b3b9a1e18e3b_8.0.50727.762_none_11ecb0ab9b2caf3c.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.9.0.microsoft.vc90.mfc_1fc8b3b9a1e18e3b_9.0.30729.1_none_7dd1e0ebd6590e0b.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc90.atl_1fc8b3b9a1e18e3b_9.0.30729.1_none_e29d1181971ae11e.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.762_none_8a14c0566bec5b24.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.163_none_91949b06671d08ae.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.atl_1fc8b3b9a1e18e3b_8.0.50727.762_none_8e053e8c6967ba9d.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.msxml2_6bd6b9abf345378f_4.20.9849.0_none_b7e911727b2899b7.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.9.0.microsoft.vc90.mfcloc_1fc8b3b9a1e18e3b_9.0.30729.1_none_818f59bf601aa775.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.4.20.microsoft.msxml2_6bd6b9abf345378f_4.20.9849.0_none_a6e7a8e20e9863b4.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.9.0.microsoft.vc90.openmp_1fc8b3b9a1e18e3b_9.0.21022.8_none_7ab8cc63a6e4c2a3.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.openmp_1fc8b3b9a1e18e3b_8.0.50727.762_none_abac38a907ee8801.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.9.0.microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.21022.8_none_60a5df56e60dc5df.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.1801_none_516953ad0f4d16c4.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.1801_none_d088a2ec442ef17b.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.762_none_10b2f55f9bffb8f8.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.mfcloc_1fc8b3b9a1e18e3b_8.0.50727.762_none_8dd7dea5d5a7a18a.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.762_none_0c178a139ee2a7ed.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.9.0.microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.1_none_8550c6b5d18a9128.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.9.0.microsoft.vc90.debugcrt_1fc8b3b9a1e18e3b_9.0.30729.1_none_61305e07e4f1bc01.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.4.20.microsoft.msxml2_6bd6b9abf345378f_4.20.9848.0_none_a6e6a8980e994a5d.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc90.openmp_1fc8b3b9a1e18e3b_9.0.21022.8_none_ecdf8c290e547f39.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Manifests\bd83dce340498e7c363093c2fc74dfb58e1ec17770453905172c7471fadd9333.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Manifests\935df4549e21123a2efb986a707f54475380a037519679510e4b4dfc4bdb5767.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Manifests\8b414e757cb8b153bff77dd00a36556aea3adab25ce15f3e8b184ffbf41ba7a2.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Manifests\71503c1b988fb27a41668f3ba35468d268daf07e8e79cf7b82a1ef64a8d213a1.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Manifests\989e628160e12c984a435d2bb2a335ad043e006646150c7b1f3bb52dccd842cc.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Manifests\18860672a5c66d86c814094edcbe638747283dd1b644f8e960f40ca51d409ff2.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Manifests\4a4e6de1088e614f7694727d621129512819bdecdb46cc6ebb7c1f192dfe380e.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Manifests\d5ecf2ab9387e082648bbcccd6eceb9d67b096939150833d0ae3066b3a1a676e.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Manifests\b080e112e69d2e9c8e71acd39a81f0d469d837625ceb8ed73b5b87da1fd1424c.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Manifests\4bde3906e1ad59953a7d8592ff3860dd7fadc4e12abe4b5c828645390461a3aa.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Manifests\23b92a7e8d7a21cc76b46dc3885c05ac29036240854e18dfce39b283b8cfdf52.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Manifests\ef483ae0673e2975dd4224fe26749623c1c702b8b3fded10161417459e1771a7.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-d..pwindowmanager-core_31bf3856ad364e35_6.0.6002.18005_none_8f8f0d20ba53c683\MICROS~1.XRM
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-slc-component-sku-ocur_31bf3856ad364e35_6.0.6002.18005_none_1a3913896b7e0bf6\SECURI~3.XRM
Status: Locked to the Windows API!

Path: c:\windows\winsxs\x86_microsoft-windows-slc-component-sku-ocur_31bf3856ad364e35_6.0.6002.18005_none_1a3913896b7e0bf6\security-licensing-slc-component-sku-ocur-ppdlic.xrm-ms
Status: Allocation size mismatch (API: 16384, Raw: 4096)

Path: C:\Windows\winsxs\x86_microsoft-windows-slc-component-sku-ocur_31bf3856ad364e35_6.0.6002.18005_none_1a3913896b7e0bf6\SECURI~2.XRM
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-wcfcorecomp.resources_31bf3856ad364e35_6.0.6000.16708_en-us_9eec237d3c4b6ca7\_SERVI~1.INI
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-wcfcorecomp.resources_31bf3856ad364e35_6.0.6000.16708_en-us_9eec237d3c4b6ca7\_TRANS~1.INI
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-wcfcorecomp.resources_31bf3856ad364e35_6.0.6000.20864_en-us_9f30df98559d4ebb\_SERVI~1.INI
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-wcfcorecomp.resources_31bf3856ad364e35_6.0.6000.20864_en-us_9f30df98559d4ebb\_TRANS~1.INI
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-wcfcorecomp.resources_31bf3856ad364e35_6.0.6001.18096_en-us_a06f105d39bcc93c\_SERVI~1.INI
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-wcfcorecomp.resources_31bf3856ad364e35_6.0.6001.18096_en-us_a06f105d39bcc93c\_TRANS~1.INI
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-wcfcorecomp.resources_31bf3856ad364e35_6.0.6001.22208_en-us_a15bfeee528f9d62\_SERVI~1.INI
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-wcfcorecomp.resources_31bf3856ad364e35_6.0.6001.22208_en-us_a15bfeee528f9d62\_TRANS~1.INI
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_defwsdlhlpgen_b03f5f7f11d50a3a_6.0.6000.16720_none_38b929534b68462d\DEFAUL~1.ASP
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_defwsdlhlpgen_b03f5f7f11d50a3a_6.0.6000.20883_none_21f13ff7650a8b20\DEFAUL~1.ASP
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_defwsdlhlpgen_b03f5f7f11d50a3a_6.0.6001.18111_none_38940e094bba52ce\DEFAUL~1.ASP
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_defwsdlhlpgen_b03f5f7f11d50a3a_6.0.6001.22230_none_21c87ea5655fcbe1\DEFAUL~1.ASP
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_regsql_cfg_b03f5f7f11d50a3a_6.0.6000.16720_none_7c654fdc62654993\ASPNET~1.CON
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_regsql_cfg_b03f5f7f11d50a3a_6.0.6000.20883_none_659d66807c078e86\ASPNET~1.CON
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_regsql_cfg_b03f5f7f11d50a3a_6.0.6001.18111_none_7c40349262b75634\ASPNET~1.CON
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_regsql_cfg_b03f5f7f11d50a3a_6.0.6001.22230_none_6574a52e7c5ccf47\ASPNET~1.CON
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_appcfg_res_b03f5f7f11d50a3a_6.0.6000.16720_none_4f196f15369ae496\APPCON~1.RES
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_appcfg_res_b03f5f7f11d50a3a_6.0.6000.16720_none_4f196f15369ae496\APPSET~1.RES
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_appcfg_res_b03f5f7f11d50a3a_6.0.6000.16720_none_4f196f15369ae496\CREATE~1.RES
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_appcfg_res_b03f5f7f11d50a3a_6.0.6000.16720_none_4f196f15369ae496\DEBUGA~1.RES
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_appcfg_res_b03f5f7f11d50a3a_6.0.6000.16720_none_4f196f15369ae496\DEFINE~1.RES
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_appcfg_res_b03f5f7f11d50a3a_6.0.6000.16720_none_4f196f15369ae496\EDITAP~1.RES
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_appcfg_res_b03f5f7f11d50a3a_6.0.6000.16720_none_4f196f15369ae496\MANAGE~1.RES
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_appcfg_res_b03f5f7f11d50a3a_6.0.6000.16720_none_4f196f15369ae496\SMTPSE~1.RES
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_appcfg_res_b03f5f7f11d50a3a_6.0.6000.20883_none_385185b9503d2989\APPCON~1.RES
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_appcfg_res_b03f5f7f11d50a3a_6.0.6000.20883_none_385185b9503d2989\APPSET~1.RES
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_appcfg_res_b03f5f7f11d50a3a_6.0.6000.20883_none_385185b9503d2989\CREATE~1.RES
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_appcfg_res_b03f5f7f11d50a3a_6.0.6000.20883_none_385185b9503d2989\DEBUGA~1.RES
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_appcfg_res_b03f5f7f11d50a3a_6.0.6000.20883_none_385185b9503d2989\DEFINE~1.RES
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_appcfg_res_b03f5f7f11d50a3a_6.0.6000.20883_none_385185b9503d2989\EDITAP~1.RES
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_appcfg_res_b03f5f7f11d50a3a_6.0.6000.20883_none_385185b9503d2989\MANAGE~1.RES
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_appcfg_res_b03f5f7f11d50a3a_6.0.6000.20883_none_385185b9503d2989\SMTPSE~1.RES
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_appcfg_res_b03f5f7f11d50a3a_6.0.6001.18111_none_4ef453cb36ecf137\APPCON~1.RES
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_appcfg_res_b03f5f7f11d50a3a_6.0.6001.18111_none_4ef453cb36ecf137\APPSET~1.RES
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_appcfg_res_b03f5f7f11d50a3a_6.0.6001.18111_none_4ef453cb36ecf137\CREATE~1.RES
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_appcfg_res_b03f5f7f11d50a3a_6.0.6001.18111_none_4ef453cb36ecf137\DEBUGA~1.RES
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_appcfg_res_b03f5f7f11d50a3a_6.0.6001.18111_none_4ef453cb36ecf137\DEFINE~1.RES
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_appcfg_res_b03f5f7f11d50a3a_6.0.6001.18111_none_4ef453cb36ecf137\EDITAP~1.RES
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_appcfg_res_b03f5f7f11d50a3a_6.0.6001.18111_none_4ef453cb36ecf137\MANAGE~1.RES
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_appcfg_res_b03f5f7f11d50a3a_6.0.6001.18111_none_4ef453cb36ecf137\SMTPSE~1.RES
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_appcfg_res_b03f5f7f11d50a3a_6.0.6001.22230_none_3828c46750926a4a\APPCON~1.RES
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_appcfg_res_b03f5f7f11d50a3a_6.0.6001.22230_none_3828c46750926a4a\APPSET~1.RES
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_appcfg_res_b03f5f7f11d50a3a_6.0.6001.22230_none_3828c46750926a4a\CREATE~1.RES
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_appcfg_res_b03f5f7f11d50a3a_6.0.6001.22230_none_3828c46750926a4a\DEBUGA~1.RES
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_appcfg_res_b03f5f7f11d50a3a_6.0.6001.22230_none_3828c46750926a4a\DEFINE~1.RES
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_appcfg_res_b03f5f7f11d50a3a_6.0.6001.22230_none_3828c46750926a4a\EDITAP~1.RES
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_appcfg_res_b03f5f7f11d50a3a_6.0.6001.22230_none_3828c46750926a4a\MANAGE~1.RES
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_appcfg_res_b03f5f7f11d50a3a_6.0.6001.22230_none_3828c46750926a4a\SMTPSE~1.RES
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_appconfig_b03f5f7f11d50a3a_6.0.6000.16720_none_4ef4fbb8699d6b09\CREATE~1.ASP
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_appconfig_b03f5f7f11d50a3a_6.0.6000.16720_none_4ef4fbb8699d6b09\DEFINE~1.ASP
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_appconfig_b03f5f7f11d50a3a_6.0.6000.16720_none_4ef4fbb8699d6b09\MANAGE~1.ASP
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_appconfig_b03f5f7f11d50a3a_6.0.6000.20883_none_382d125c833faffc\CREATE~1.ASP
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_appconfig_b03f5f7f11d50a3a_6.0.6000.20883_none_382d125c833faffc\DEFINE~1.ASP
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_appconfig_b03f5f7f11d50a3a_6.0.6000.20883_none_382d125c833faffc\MANAGE~1.ASP
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_appconfig_b03f5f7f11d50a3a_6.0.6001.18111_none_4ecfe06e69ef77aa\CREATE~1.ASP
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_appconfig_b03f5f7f11d50a3a_6.0.6001.18111_none_4ecfe06e69ef77aa\DEFINE~1.ASP
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_appconfig_b03f5f7f11d50a3a_6.0.6001.18111_none_4ecfe06e69ef77aa\MANAGE~1.ASP
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_appconfig_b03f5f7f11d50a3a_6.0.6001.22230_none_3804510a8394f0bd\CREATE~1.ASP
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_appconfig_b03f5f7f11d50a3a_6.0.6001.22230_none_3804510a8394f0bd\DEFINE~1.ASP
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_appconfig_b03f5f7f11d50a3a_6.0.6001.22230_none_3804510a8394f0bd\MANAGE~1.ASP
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_b03f5f7f11d50a3a_6.0.6000.16720_none_e000b84a44323b9f\WEBADM~2.MAS
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_b03f5f7f11d50a3a_6.0.6000.16720_none_e000b84a44323b9f\WEBADM~3.MAS
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_b03f5f7f11d50a3a_6.0.6000.16720_none_e000b84a44323b9f\WE5915~1.MAS
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_b03f5f7f11d50a3a_6.0.6000.16720_none_e000b84a44323b9f\WEBE69~1.MAS
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_b03f5f7f11d50a3a_6.0.6000.20883_none_c938ceee5dd48092\WEBADM~2.MAS
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_b03f5f7f11d50a3a_6.0.6000.20883_none_c938ceee5dd48092\WEBADM~3.MAS
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_b03f5f7f11d50a3a_6.0.6000.20883_none_c938ceee5dd48092\WE5915~1.MAS
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_b03f5f7f11d50a3a_6.0.6000.20883_none_c938ceee5dd48092\WEBE69~1.MAS
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_b03f5f7f11d50a3a_6.0.6001.18111_none_dfdb9d0044844840\WEBADM~2.MAS
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_b03f5f7f11d50a3a_6.0.6001.18111_none_dfdb9d0044844840\WEBADM~3.MAS
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_b03f5f7f11d50a3a_6.0.6001.18111_none_dfdb9d0044844840\WE5915~1.MAS
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_b03f5f7f11d50a3a_6.0.6001.18111_none_dfdb9d0044844840\WEBE69~1.MAS
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_perm_res_b03f5f7f11d50a3a_6.0.6000.16720_none_4cb2b120b7498755\CREATE~1.RES
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_perm_res_b03f5f7f11d50a3a_6.0.6000.16720_none_4cb2b120b7498755\MANAGE~1.RES
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_perm_res_b03f5f7f11d50a3a_6.0.6000.20883_none_35eac7c4d0ebcc48\CREATE~1.RES
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_perm_res_b03f5f7f11d50a3a_6.0.6000.20883_none_35eac7c4d0ebcc48\MANAGE~1.RES
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_perm_res_b03f5f7f11d50a3a_6.0.6001.18111_none_4c8d95d6b79b93f6\CREATE~1.RES
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_perm_res_b03f5f7f11d50a3a_6.0.6001.18111_none_4c8d95d6b79b93f6\MANAGE~1.RES
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_perm_res_b03f5f7f11d50a3a_6.0.6001.22230_none_35c20672d1410d09\CREATE~1.RES
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_perm_res_b03f5f7f11d50a3a_6.0.6001.22230_none_35c20672d1410d09\MANAGE~1.RES
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_providers_b03f5f7f11d50a3a_6.0.6000.16720_none_7325c867d7281910\CHOOSE~1.ASP
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_providers_b03f5f7f11d50a3a_6.0.6000.16720_none_7325c867d7281910\MANAGE~1.ASP
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_providers_b03f5f7f11d50a3a_6.0.6000.16720_none_7325c867d7281910\MANAGE~2.ASP
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_providers_b03f5f7f11d50a3a_6.0.6000.20883_none_5c5ddf0bf0ca5e03\CHOOSE~1.ASP
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_providers_b03f5f7f11d50a3a_6.0.6000.20883_none_5c5ddf0bf0ca5e03\MANAGE~1.ASP
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_providers_b03f5f7f11d50a3a_6.0.6000.20883_none_5c5ddf0bf0ca5e03\MANAGE~2.ASP
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_providers_b03f5f7f11d50a3a_6.0.6001.18111_none_7300ad1dd77a25b1\CHOOSE~1.ASP
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_providers_b03f5f7f11d50a3a_6.0.6001.18111_none_7300ad1dd77a25b1\MANAGE~1.ASP
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_providers_b03f5f7f11d50a3a_6.0.6001.18111_none_7300ad1dd77a25b1\MANAGE~2.ASP
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_providers_b03f5f7f11d50a3a_6.0.6001.22230_none_5c351db9f11f9ec4\CHOOSE~1.ASP
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_providers_b03f5f7f11d50a3a_6.0.6001.22230_none_5c351db9f11f9ec4\MANAGE~1.ASP
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_providers_b03f5f7f11d50a3a_6.0.6001.22230_none_5c351db9f11f9ec4\MANAGE~2.ASP
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_prov_res_b03f5f7f11d50a3a_6.0.6000.16720_none_e1f7e8f41a7be9de\CHOOSE~1.RES
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_prov_res_b03f5f7f11d50a3a_6.0.6000.16720_none_e1f7e8f41a7be9de\MANAGE~1.RES
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_prov_res_b03f5f7f11d50a3a_6.0.6000.16720_none_e1f7e8f41a7be9de\MANAGE~2.RES
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_prov_res_b03f5f7f11d50a3a_6.0.6000.16720_none_e1f7e8f41a7be9de\PROVID~1.RES
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_prov_res_b03f5f7f11d50a3a_6.0.6000.20883_none_cb2fff98341e2ed1\CHOOSE~1.RES
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_prov_rProcesses
-------------------
Path: System
PID: 4 Status: Locked to the Windows API!

Path: C:\Windows\System32\audiodg.exe
PID: 1444 Status: Locked to the Windows API!

SSDT
-------------------
#: 078 Function Name: NtCreateThread
Status: Hooked by "<unknown>" at address 0x99778f4c

#: 194 Function Name: NtOpenProcess
Status: Hooked by "<unknown>" at address 0x99778f38

#: 201 Function Name: NtOpenThread
Status: Hooked by "<unknown>" at address 0x99778f3d

#: 334 Function Name: NtTerminateProcess
Status: Hooked by "<unknown>" at address 0x99778f47

==EOF==

Nun gut, weils so schoen ging, bitte das ganze nochmal mit Sophos Anti Rootkit.

Download:
http://www.chip.de/downloads/Sophos-Anti-Rootkit_21584106.html

Starte die Datei wieder als administrator, lasse alles angehakt und waehle "start scan" wenn der Scan beendet ist, markiere das Ergebniss aus dem Scanfenster und poste den Inhalt hier.

Wahlweise gebe unter start im Suchfenster %temp% ein und druecke enter. Dort findest du eine Datei mit Namen sarscan.log, den Inhalt der Datei kannst du auch posten...