Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: avto1.exe; svchosty.exe; q1.exe; ...: "System Error. Code: 5. Zugriff verweigert."

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 20.05.2010, 15:50   #1
Ingosh
 
avto1.exe; svchosty.exe; q1.exe; ...: "System Error. Code: 5. Zugriff verweigert." - Standard

avto1.exe; svchosty.exe; q1.exe; ...: "System Error. Code: 5. Zugriff verweigert."



Sobald ich meinen Laptop starte kommem direkt nach dem anmelden zuerst etliche dieser fehlermeldungssounds und ab und zu kann ich dann eben die fehlermeldung "System Error. Code: 5. Zugriff verweigert." sehen.
es handelt sich dabei um avto1.exe; svchosty.exe; q1.exe; teste2_p.exe ...
svchosty ist wohl ein trojaner der diese jahr im januar zuerst aufgetaucht ist:
hxxp://www.virus-com.com/viruscom/viruscom_80709.html
Zitat:
SVCHOSTY.EXE description : The filename SVCHOSTY.EXE was last seen on 04.2.2010, and it is considered unsafe. Threat name Win32.X Filename [System32Root]\svchosty.exe Filesize Unknown Last seen 04.2.2010 Status Known to RemoveIT Pro as unsafe. This file can perform following behavior. - File is created as process on the disk. - This process can create, delete or modify files on the disk.
avto1.exe ebenfalls:
hxxp://www.tongjimba.com/exeviruses/9501.html
Zitat:
avto1.exe was first detected on 05.5.2010, and it is considered as as a threat. Threat type: Malware ,File Path: %%ProfileFolder%%\local settings\temp\avto1.exe Filesize: 6K bytes first submitted: 05.5.2010 Suggestion: Remove it as a threat. The avto1.exe has the following action:.
->Creat file as process on the disk.
->Creat the process, delete or modify files on the disk.Unkonow path
ich hab antivir und spybot schon mehrmals rüberlaufen lassen aber ich zweifel daran, dass es behoben ist. vllt kann mir ja jemand helfen denn platt machen möchte ich egtl nicht.
hier 2 screens wie es zurzeit aussieht:


Alt 20.05.2010, 20:14   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
avto1.exe; svchosty.exe; q1.exe; ...: "System Error. Code: 5. Zugriff verweigert." - Standard

avto1.exe; svchosty.exe; q1.exe; ...: "System Error. Code: 5. Zugriff verweigert."



Hallo und

bitte nen Vollscan mit Malwarebytes machen und Log posten. Danach OTL:

Systemscan mit OTL

Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
  • Doppelklick auf die OTL.exe
  • Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
  • Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
  • Unter Extra Registry, wähle bitte Use SafeList
  • Klicke nun auf Run Scan links oben
  • Wenn der Scan beendet wurde werden 2 Logfiles erstellt
  • Poste die Logfiles hier in den Thread.
__________________

__________________

Alt 20.05.2010, 22:12   #3
Ingosh
 
avto1.exe; svchosty.exe; q1.exe; ...: "System Error. Code: 5. Zugriff verweigert." - Standard

avto1.exe; svchosty.exe; q1.exe; ...: "System Error. Code: 5. Zugriff verweigert."



also Malwarebytes funktioniert bei mir nicht. nach der installation reagiert das programm bei versuch des öffnens einfach nicht. habe mehrere mal neu installiert aber funzt nicht. daher hab ich ein scan mit hjtscanlist.bat gemacht:
Code:
ATTFilter
                        $$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$ 
                        º                                    º 
                                    hjtscanlist v2.0              
                        º                                    º 
                        $$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$ 

Microsoft Windows [Version 6.0.6001]
 
 
C:

       C:\hiberfil.sys ---------    
       C:\pagefile.sys ---------    
  20.05.2010 22:37     C:\ProgramData --------- 20480   
  20.05.2010 17:06     C:\Program Files --------- 49152   
  19.05.2010 17:35     C:\Windows --------- 40960   
  19.05.2010 15:04     C:\System Volume Information --------- 28672   
  19.05.2010 14:57     C:\Avenger --------- 0   
  19.05.2010 14:56     C:\avenger.txt --------- 1426   
  27.04.2010 19:50     C:\$Recycle.Bin --------- 4096   
  27.04.2010 19:47     C:\Users --------- 4096   
  01.04.2010 20:45     C:\Games --------- 0   
  12.10.2009 17:04     C:\pdf995 --------- 0   
  12.10.2009 16:39     C:\Output --------- 0   
  03.10.2009 18:39     C:\FOG41 --------- 4096   
  01.09.2009 17:39     C:\downloads --------- 0   
  20.07.2009 16:49     C:\fpRedmon.log --------- 388   
  15.07.2009 22:49     C:\download --------- 0   
  02.05.2009 19:48     C:\phenomedia --------- 0   
  28.03.2009 01:11     C:\Nexon --------- 0   
  07.03.2009 11:27     C:\Big Fish Games --------- 4096   
  09.02.2009 16:37     C:\AILog.txt --------- 0   
  02.02.2009 01:13     C:\Multimedia Files --------- 0   
  21.09.2008 00:49     C:\DVDVideoSoft --------- 0   
  28.07.2008 13:09     C:\Boot --------- 4096   
  27.07.2008 23:59     C:\PerfLogs --------- 0   
  13.07.2008 00:39     C:\IO.SYS --------- 0   
  13.07.2008 00:39     C:\MSDOS.SYS --------- 0   
  06.07.2008 21:51     C:\Temp --------- 0   
  06.07.2008 14:24     C:\Update --------- 0   
  10.06.2008 14:11     C:\adorage-protocol.txt --------- 898462   
  10.06.2008 13:34     C:\Binaries --------- 0   
  10.06.2008 13:19     C:\AUTOEXEC.BAT --------- 121   
  30.04.2008 17:14     C:\INSTALLEUM --------- 0   
  19.01.2008 09:45     C:\bootmgr --------- 333203   
  09.01.2008 18:24     C:\vcredist_x86.log --------- 390276   
  09.01.2008 18:24     C:\Documentation --------- 0   
  09.01.2008 18:16     C:\InstantON --------- 0   
  09.01.2008 18:08     C:\WAUUPGRD --------- 0   
  07.11.2007 09:12     C:\VC_RED.MSI --------- 232960   
  07.11.2007 09:09     C:\VC_RED.cab --------- 1442522   
  07.11.2007 09:03     C:\install.res.1033.dll --------- 91152   
  07.11.2007 09:03     C:\install.res.1040.dll --------- 95248   
  07.11.2007 09:03     C:\install.res.3082.dll --------- 96272   
  07.11.2007 09:03     C:\install.res.1031.dll --------- 96272   
  07.11.2007 09:03     C:\install.exe --------- 562688   
  07.11.2007 09:03     C:\install.res.2052.dll --------- 75792   
  07.11.2007 09:03     C:\install.res.1041.dll --------- 81424   
  07.11.2007 09:03     C:\install.res.1042.dll --------- 79888   
  07.11.2007 09:03     C:\install.res.1036.dll --------- 97296   
  07.11.2007 09:03     C:\install.res.1028.dll --------- 76304   
  07.11.2007 09:00     C:\eula.1031.txt --------- 17734   
  07.11.2007 09:00     C:\install.ini --------- 843   
  07.11.2007 09:00     C:\vcredist.bmp --------- 5686   
  07.11.2007 09:00     C:\globdata.ini --------- 1110   
  07.11.2007 09:00     C:\eula.3082.txt --------- 17734   
  07.11.2007 09:00     C:\eula.2052.txt --------- 17734   
  07.11.2007 09:00     C:\eula.1042.txt --------- 17734   
  07.11.2007 09:00     C:\eula.1041.txt --------- 118   
  07.11.2007 09:00     C:\eula.1040.txt --------- 17734   
  07.11.2007 09:00     C:\eula.1033.txt --------- 10134   
  07.11.2007 09:00     C:\eula.1036.txt --------- 17734   
  07.11.2007 09:00     C:\eula.1028.txt --------- 17734   
  02.11.2007 19:48     C:\BOOTSECT.BAK --------- 8192   
  02.11.2007 14:31     C:\MSOCache --------- 0   
  02.11.2007 10:54     C:\Programme --------- 0   
  02.11.2007 10:54     C:\Dokumente und Einstellungen --------- 0   
  19.10.2007 18:55     C:\kernel.pam --------- 76   
  02.11.2006 15:02     C:\Documents and Settings --------- 0   
  18.09.2006 23:43     C:\config.sys --------- 10   
  03.01.2005 14:37     C:\initrd.pam --------- 17   
----------------------------------------

 
C:\Windows

  20.05.2010 22:48     C:\Windows\bootstat.dat --------- 67584   
  20.05.2010 22:47     C:\Windows\bthservsdp.dat --------- 12   
  20.05.2010 22:46     C:\Windows\WindowsUpdate.log --------- 1407737   
  18.05.2010 22:44     C:\Windows\wininit.ini --------- 110   
  21.04.2010 14:24     C:\Windows\NEXON_EU_DownloaderUpdater.exe --------- 421888   
  10.04.2010 00:02     C:\Windows\ULEAD32.INI --------- 4465   
  23.09.2009 22:16     C:\Windows\SoftWriting.ini --------- 331   
  21.07.2009 11:02     C:\Windows\hdsinstall.mif --------- 1762   
  23.05.2009 23:52     C:\Windows\win.ini --------- 307   
  22.05.2009 20:13     C:\Windows\_MSRSTRT.EXE --------- 2560   
  14.03.2009 02:43     C:\Windows\csvvt16.ini --------- 1429   
  26.02.2009 22:09     C:\Windows\NeroDigital.ini --------- 69   
  22.02.2009 19:18     C:\Windows\SpeedGear.INI --------- 55   
  01.02.2009 15:39     C:\Windows\CleaningLab.INI --------- 0   
  01.02.2009 15:38     C:\Windows\mgxoschk.ini --------- 6768   
  29.10.2008 08:29     C:\Windows\explorer.exe --------- 2927104   
  26.10.2008 01:30     C:\Windows\is-7CBP1.lst --------- 1120   
  26.10.2008 01:30     C:\Windows\is-7CBP1.exe --------- 630784   
  24.08.2008 18:20     C:\Windows\PPSMediaList.ini --------- 323   
  24.08.2008 18:08     C:\Windows\msgtn.ini --------- 13   
  28.07.2008 13:09     C:\Windows\WindowsShell.Manifest --------- 749   
  10.06.2008 14:20     C:\Windows\MovingPicture.ini --------- 17   
  19.01.2008 09:33     C:\Windows\regedit.exe --------- 134656   
  19.01.2008 09:33     C:\Windows\notepad.exe --------- 151040   
  19.01.2008 09:33     C:\Windows\HelpPane.exe --------- 498176   
  19.01.2008 09:33     C:\Windows\fveupdate.exe --------- 13312   
  19.01.2008 09:33     C:\Windows\bfsvc.exe --------- 58880   
  09.01.2008 18:24     C:\Windows\VAIOUpdt.INI --------- 0   
  02.11.2007 14:44     C:\Windows\ocsetup_install_OEMHelpCustomization.etl --------- 8323072   
  02.11.2007 14:44     C:\Windows\ocsetup_cbs_install_OEMHelpCustomization.perf --------- 196608   
  02.11.2007 14:44     C:\Windows\ocsetup_cbs_install_OEMHelpCustomization.dpx --------- 65536   
  31.10.2007 06:52     C:\Windows\csup.txt --------- 12   
  26.10.2007 08:21     C:\Windows\WMPrfDeu.prx --------- 33820   
  20.09.2007 09:59     C:\Windows\UNRecode.exe --------- 972072   
  20.09.2007 09:55     C:\Windows\UNNeroMediaHome.exe --------- 972072   
  28.08.2007 19:23     C:\Windows\BtwIEProxy.exe --------- 285224   
  21.03.2007 21:02     C:\Windows\UNNeroVision.exe --------- 972336   
  20.03.2007 21:22     C:\Windows\UNNeroBackItUp.exe --------- 972336   
  28.02.2007 16:41     C:\Windows\UNNeroShowTime.exe --------- 972336   
  02.11.2006 14:35     C:\Windows\WMSysPr9.prx --------- 316640   
  02.11.2006 14:34     C:\Windows\twunk_16.exe --------- 49680   
  02.11.2006 14:34     C:\Windows\twain_32.dll --------- 50688   
  02.11.2006 14:34     C:\Windows\twunk_32.exe --------- 31232   
  02.11.2006 14:34     C:\Windows\twain.dll --------- 94784   
  02.11.2006 11:45     C:\Windows\winhlp32.exe --------- 9216   
  02.11.2006 11:45     C:\Windows\hh.exe --------- 14848   
  02.11.2006 09:46     C:\Windows\mib.bin --------- 43131   
  19.09.2006 13:41     C:\Windows\HomePremium.xml --------- 8328   
  18.09.2006 23:46     C:\Windows\system.ini --------- 219   
  18.09.2006 23:43     C:\Windows\_default.pif --------- 707   
  18.09.2006 23:43     C:\Windows\winhelp.exe --------- 256192   
  18.09.2006 23:30     C:\Windows\msdfmap.ini --------- 1405   
  15.09.2005 14:35     C:\Windows\UNNeroMediaHome.cfg --------- 50   
  30.08.2005 21:37     C:\Windows\UNNeroVision.cfg --------- 50   
  30.08.2005 21:37     C:\Windows\UNNeroShowTime.cfg --------- 50   
  30.08.2005 21:36     C:\Windows\UNRecode.cfg --------- 50   
  30.08.2005 21:33     C:\Windows\UNNeroBackItUp.cfg --------- 50   
  24.02.2004 13:04     C:\Windows\RSETPATH.exe --------- 41219   
  26.07.2002 17:02     C:\Windows\UNWISE.EXE --------- 153088   
  16.05.2001 01:49     C:\Windows\wmprftrk.prx --------- 16822   
  16.05.2001 01:49     C:\Windows\WMPrfAra.prx --------- 25269   
  16.05.2001 01:49     C:\Windows\wmprfsve.prx --------- 17019   
  16.05.2001 01:49     C:\Windows\wmprfslv.prx --------- 16814   
  16.05.2001 01:49     C:\Windows\wmprfrus.prx --------- 635   
  16.05.2001 01:49     C:\Windows\wmprfptg.prx --------- 18422   
  16.05.2001 01:49     C:\Windows\wmprfptb.prx --------- 17199   
  16.05.2001 01:49     C:\Windows\wmprfplk.prx --------- 18536   
  16.05.2001 01:49     C:\Windows\wmprfesp.prx --------- 17953   
  16.05.2001 01:49     C:\Windows\wmprffin.prx --------- 16265   
  16.05.2001 01:49     C:\Windows\wmprfnor.prx --------- 16446   
  16.05.2001 01:49     C:\Windows\wmprfheb.prx --------- 20481   
  16.05.2001 01:49     C:\Windows\wmprfhun.prx --------- 19751   
  16.05.2001 01:49     C:\Windows\wmprfita.prx --------- 17830   
  16.05.2001 01:49     C:\Windows\WMPrfJpn.prx --------- 20704   
  16.05.2001 01:49     C:\Windows\WMPrfKor.prx --------- 17903   
  16.05.2001 01:49     C:\Windows\wmprfnld.prx --------- 16398   
  16.05.2001 01:49     C:\Windows\wmprffra.prx --------- 19437   
  16.05.2001 01:48     C:\Windows\wmprfell.prx --------- 27807   
  16.05.2001 01:48     C:\Windows\WMPrfCHS.prx --------- 83   
  16.05.2001 01:48     C:\Windows\wmprfdan.prx --------- 15903   
  16.05.2001 01:48     C:\Windows\wmprfcsy.prx --------- 18878   
  16.05.2001 01:48     C:\Windows\wmprfsky.prx --------- 20055   
  16.05.2001 01:48     C:\Windows\WMPrfCHT.prx --------- 77   
  17.11.1998 12:44     C:\Windows\IsUn0407.exe --------- 328704   
  29.10.1998 17:45     C:\Windows\IsUninst.exe --------- 306688   
  16.01.1997 00:00     C:\Windows\ST5UNST.EXE --------- 71680   
  08.02.1996 18:06     C:\Windows\unin0407.exe --------- 284160   
  09.01.1996 10:38     C:\Windows\uninst.exe --------- 283648   
----------------------------------------

 
C:\Windows\System

 02.11.2007 14:47      C:\Windows\System\ykrp.com --------- 180 
 02.11.2006 14:34      C:\Windows\System\mciseq.drv --------- 25264 
 02.11.2006 14:34      C:\Windows\System\mciwave.drv --------- 28160 
 02.11.2006 14:34      C:\Windows\System\avifile.dll --------- 109456 
 02.11.2006 14:34      C:\Windows\System\avicap.dll --------- 69584 
 02.11.2006 14:34      C:\Windows\System\mciavi.drv --------- 73376 
 02.11.2006 14:34      C:\Windows\System\msvideo.dll --------- 126912 
 02.11.2006 09:10      C:\Windows\System\OLESVR.DLL --------- 24064 
 02.11.2006 09:10      C:\Windows\System\WFWNET.DRV --------- 12704 
 02.11.2006 09:10      C:\Windows\System\COMMDLG.DLL --------- 32816 
 02.11.2006 09:10      C:\Windows\System\TIMER.DRV --------- 4048 
 02.11.2006 09:10      C:\Windows\System\MMSYSTEM.DLL --------- 68992 
 02.11.2006 09:10      C:\Windows\System\mmtask.tsk --------- 1152 
 02.11.2006 09:10      C:\Windows\System\mouse.drv --------- 2032 
 02.11.2006 09:10      C:\Windows\System\vga.drv --------- 2176 
 02.11.2006 09:10      C:\Windows\System\sound.drv --------- 1744 
 02.11.2006 09:10      C:\Windows\System\keyboard.drv --------- 2000 
 02.11.2006 09:10      C:\Windows\System\SHELL.DLL --------- 5120 
 02.11.2006 09:10      C:\Windows\System\system.drv --------- 3360 
 18.09.2006 23:43      C:\Windows\System\ver.dll --------- 9008 
 18.09.2006 23:43      C:\Windows\System\olecli.dll --------- 82944 
 18.09.2006 23:43      C:\Windows\System\lzexpand.dll --------- 9936 
 18.09.2006 23:35      C:\Windows\System\stdole.tlb --------- 5532 
----------------------------------------

 
C:\Windows\System32

 20.05.2010 22:48     C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 --------- 3568  
 20.05.2010 22:48     C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 --------- 3568  
 20.05.2010 22:37     C:\Windows\system32\drivers --------- 65536  
 20.05.2010 18:13     C:\Windows\system32\perfh009.dat --------- 595946  
 20.05.2010 18:13     C:\Windows\system32\perfc009.dat --------- 105276  
 20.05.2010 18:13     C:\Windows\system32\perfh007.dat --------- 628910  
 20.05.2010 18:13     C:\Windows\system32\perfc007.dat --------- 127412  
 20.05.2010 18:13     C:\Windows\system32\PerfStringBackup.INI --------- 1447610  
 19.05.2010 22:06     C:\Windows\system32\FNTCACHE.DAT --------- 1907192  
 18.05.2010 22:18     C:\Windows\system32\Tasks --------- 8192  
 07.05.2010 15:01     C:\Windows\system32\catroot2 --------- 8192  
 06.05.2010 10:36     C:\Windows\system32\MpSigStub.exe --------- 221568  
 09.04.2010 23:25     C:\Windows\system32\catroot --------- 4096  
 10.01.2010 04:06     C:\Windows\system32\URTTEMP --------- 0  
 10.01.2010 03:38     C:\Windows\system32\DonationCoder_urlsnooper_InstallInfo.dat --------- 46  
 11.11.2009 00:08     C:\Windows\system32\QuickTime.qts --------- 69632  
 11.11.2009 00:08     C:\Windows\system32\QuickTimeVR.qtx --------- 94208  
 20.10.2009 20:20     C:\Windows\system32\Packet.dll --------- 96784  
 20.10.2009 20:19     C:\Windows\system32\wpcap.dll --------- 281104  
 20.10.2009 20:19     C:\Windows\system32\pthreadVC.dll --------- 53299  
 12.10.2009 17:41     C:\Windows\system32\javaws.exe --------- 149280  
 12.10.2009 17:41     C:\Windows\system32\javaw.exe --------- 145184  
 12.10.2009 17:41     C:\Windows\system32\java.exe --------- 145184  
 12.10.2009 17:41     C:\Windows\system32\deploytk.dll --------- 411368  
 10.09.2009 15:35     C:\Windows\system32\DRVSTORE --------- 0  
 28.08.2009 19:42     C:\Windows\system32\usbaaplrc.dll --------- 2065696  
 16.08.2009 17:34     C:\Windows\system32\CmdLineExt.dll --------- 107888  
 09.08.2009 03:12     C:\Windows\system32\migration --------- 0  
 30.07.2009 02:49     C:\Windows\system32\mrt.exe --------- 24281536  
 26.07.2009 16:44     C:\Windows\system32\sirenacm.dll --------- 48448  
 21.07.2009 23:52     C:\Windows\system32\wininet.dll --------- 915456  
 21.07.2009 23:52     C:\Windows\system32\urlmon.dll --------- 1208832  
 21.07.2009 23:50     C:\Windows\system32\occache.dll --------- 206848  
 21.07.2009 23:48     C:\Windows\system32\mshtml.dll --------- 5937152  
 21.07.2009 23:48     C:\Windows\system32\msfeeds.dll --------- 594432  
 21.07.2009 23:48     C:\Windows\system32\msfeedsbs.dll --------- 55296  
 21.07.2009 23:47     C:\Windows\system32\jsproxy.dll --------- 25600  
 21.07.2009 23:47     C:\Windows\system32\inetcpl.cpl --------- 1469440  
 21.07.2009 23:47     C:\Windows\system32\ieui.dll --------- 164352  
 21.07.2009 23:47     C:\Windows\system32\iesysprep.dll --------- 109056  
 21.07.2009 23:47     C:\Windows\system32\iesetup.dll --------- 71680  
 21.07.2009 23:47     C:\Windows\system32\iertutil.dll --------- 1985536  
 21.07.2009 23:47     C:\Windows\system32\iernonce.dll --------- 55808  
 21.07.2009 23:47     C:\Windows\system32\iepeers.dll --------- 184320  
 21.07.2009 23:47     C:\Windows\system32\ieframe.dll --------- 11067392  
 21.07.2009 23:47     C:\Windows\system32\iedkcs32.dll --------- 386048  
 21.07.2009 22:13     C:\Windows\system32\ieUnatt.exe --------- 133632  
 21.07.2009 22:13     C:\Windows\system32\ie4uinit.exe --------- 173056  
 21.07.2009 22:13     C:\Windows\system32\msfeedssync.exe --------- 13312  
 21.07.2009 22:12     C:\Windows\system32\mshtml.tlb --------- 1638912  
 21.07.2009 20:31     C:\Windows\system32\ieuinit.inf --------- 57667  
 17.07.2009 16:35     C:\Windows\system32\atl.dll --------- 71680  
 14.07.2009 17:17     C:\Windows\system32\xlive.dll --------- 15308440  
 14.07.2009 17:17     C:\Windows\system32\xlivefnt.dll --------- 13642888  
 14.07.2009 17:15     C:\Windows\system32\xlive.dll.cat --------- 178432  
 14.07.2009 15:00     C:\Windows\system32\wmpdxm.dll --------- 313344  
 14.07.2009 15:00     C:\Windows\system32\wmp.dll --------- 10626048  
 14.07.2009 14:59     C:\Windows\system32\msdxm.ocx --------- 4096  
 14.07.2009 14:59     C:\Windows\system32\dxmasf.dll --------- 4096  
 14.07.2009 14:58     C:\Windows\system32\spwmp.dll --------- 7680  
 14.07.2009 12:59     C:\Windows\system32\wmploc.DLL --------- 8147456  
 14.07.2009 10:30     C:\Windows\system32\msdxm.tlb --------- 43520  
 14.07.2009 10:30     C:\Windows\system32\amcompat.tlb --------- 18432  
 09.07.2009 14:06     C:\Windows\system32\Iosubsys --------- 0  
 15.06.2009 17:24     C:\Windows\system32\t2embed.dll --------- 156672  
 15.06.2009 17:20     C:\Windows\system32\fontsub.dll --------- 72704  
 15.06.2009 17:20     C:\Windows\system32\dciman32.dll --------- 10240  
 15.06.2009 14:52     C:\Windows\system32\atmfd.dll --------- 289792  
 15.06.2009 01:24     C:\Windows\system32\de-DE --------- 266240  
 14.06.2009 17:18     C:\Windows\system32\XPSViewer --------- 0  
 14.06.2009 17:18     C:\Windows\system32\en-US --------- 8192  
 14.06.2009 17:18     C:\Windows\system32\wbem --------- 61440  
 10.06.2009 14:12     C:\Windows\system32\wkssvc.dll --------- 160256  
 10.06.2009 14:07     C:\Windows\system32\avifil32.dll --------- 91136  
 04.06.2009 14:34     C:\Windows\system32\mstscax.dll --------- 2066432  
 01.05.2009 23:02     C:\Windows\system32\DivX.dll --------- 685056  
 01.05.2009 23:02     C:\Windows\system32\divx_xx07.dll --------- 823296  
 01.05.2009 23:02     C:\Windows\system32\divx_xx11.dll --------- 802816  
 01.05.2009 23:02     C:\Windows\system32\divx_xx0c.dll --------- 823296  
 01.05.2009 23:02     C:\Windows\system32\divx_xx16.dll --------- 811008  
 01.05.2009 23:02     C:\Windows\system32\divx_xx0a.dll --------- 815104  
 30.04.2009 23:42     C:\Windows\system32\WDI --------- 8192  
 30.04.2009 14:37     C:\Windows\system32\psisdecd.dll --------- 293376  
 30.04.2009 14:37     C:\Windows\system32\psisrndr.ax --------- 217088  
 30.04.2009 14:37     C:\Windows\system32\EncDec.dll --------- 428544  
 30.04.2009 14:35     C:\Windows\system32\MSNP.ax --------- 80896  
 30.04.2009 14:34     C:\Windows\system32\mpg2splt.ax --------- 177664  
 23.04.2009 14:43     C:\Windows\system32\rpcrt4.dll --------- 784896  
 23.04.2009 14:42     C:\Windows\system32\localspl.dll --------- 636928  
 21.04.2009 14:51     C:\Windows\system32\TubeFinder.exe --------- 294912  
 21.04.2009 13:55     C:\Windows\system32\win32k.sys --------- 2033152  
 19.04.2009 19:34     C:\Windows\system32\aspi --------- 0  
 17.04.2009 03:22     C:\Windows\system32\manifeststore --------- 0  
 10.04.2009 19:42     C:\Windows\system32\xlive --------- 0  
 17.03.2009 05:38     C:\Windows\system32\apilogen.dll --------- 13824  
 17.03.2009 05:38     C:\Windows\system32\amxread.dll --------- 24064  
 08.03.2009 13:35     C:\Windows\system32\html.iec --------- 385024  
 08.03.2009 13:34     C:\Windows\system32\WinFXDocObj.exe --------- 208384  
 08.03.2009 13:34     C:\Windows\system32\webcheck.dll --------- 236544  
 08.03.2009 13:34     C:\Windows\system32\licmgr10.dll --------- 43008  
----------------------------------------

 
C:\Windows\Prefetch

----------------------------------------

 
C:\Windows\Tasks

 20.05.2010 22:48     C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job --------- 1092  
 20.05.2010 22:48     C:\Windows\Tasks\{8C3FDD81-7AE0-4605-A46A-2488B179F2A3}.job --------- 290  
 20.05.2010 22:48     C:\Windows\Tasks\SA.DAT --------- 6  
 20.05.2010 22:47     C:\Windows\Tasks\SCHEDLGU.TXT --------- 32534  
 20.05.2010 17:26     C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job --------- 1096  
----------------------------------------

 
C:\Windows\Temp

 20.05.2010 22:51     C:\Windows\Temp\TMP000000053D30BDF59C44E295 --------- 524288  
 20.05.2010 18:20     C:\Windows\Temp\fwtsqmfile03.sqm --------- 120  
 19.05.2010 23:39     C:\Windows\Temp\fwtsqmfile02.sqm --------- 632  
 19.05.2010 18:03     C:\Windows\Temp\fwtsqmfile01.sqm --------- 120  
 19.05.2010 17:40     C:\Windows\Temp\fwtsqmfile00.sqm --------- 632  
----------------------------------------

 
C:\Users\Marvin\AppData\Local\Temp

 20.05.2010 22:49     C:\Users\Marvin\AppData\Local\Temp\WPDNSE --------- 0  
 20.05.2010 22:49     C:\Users\Marvin\AppData\Local\Temp\Marvin.bmp --------- 31832  
 20.05.2010 22:49     C:\Users\Marvin\AppData\Local\Temp\sfeef83shuifhsf873hudgd.tmp --------- 12  
 20.05.2010 22:49     C:\Users\Marvin\AppData\Local\Temp\jisfije9fjoiee.tmp --------- 4  
 20.05.2010 22:49     C:\Users\Marvin\AppData\Local\Temp\hafi8uehfeufh87dfuefsefds.tmp --------- 12  
 20.05.2010 22:48     C:\Users\Marvin\AppData\Local\Temp\~DF9B0D.tmp --------- 16384  
 20.05.2010 22:46     C:\Users\Marvin\AppData\Local\Temp\Low --------- 0  
 20.05.2010 22:46     C:\Users\Marvin\AppData\Local\Temp\Google Toolbar --------- 0  
 20.05.2010 22:38     C:\Users\Marvin\AppData\Local\Temp\{2a58e278-12a3-4802-81b8-a66d28ebe877} --------- 0  
 20.05.2010 22:35     C:\Users\Marvin\AppData\Local\Temp\plugtmp --------- 0  
 20.05.2010 22:28     C:\Users\Marvin\AppData\Local\Temp\opeC522.exe --------- 415744  
 20.05.2010 22:28     C:\Users\Marvin\AppData\Local\Temp\opeC522.tmp --------- 0  
 20.05.2010 22:28     C:\Users\Marvin\AppData\Local\Temp\teste2_p.exe --------- 354816  
 20.05.2010 22:27     C:\Users\Marvin\AppData\Local\Temp\BF2D.tmp --------- 2349056  
 20.05.2010 18:15     C:\Users\Marvin\AppData\Local\Temp\MessengerCache --------- 602112  
 20.05.2010 17:11     C:\Users\Marvin\AppData\Local\Temp\PCULog0.txt --------- 1580  
 20.05.2010 17:11     C:\Users\Marvin\AppData\Local\Temp\srv10E.tmp --------- 0  
 20.05.2010 17:11     C:\Users\Marvin\AppData\Local\Temp\PCULog1.txt --------- 1307  
 20.05.2010 16:37     C:\Users\Marvin\AppData\Local\Temp\OIS --------- 0  
 20.05.2010 15:39     C:\Users\Marvin\AppData\Local\Temp\wmplog01.sqm --------- 1654  
 20.05.2010 08:19     C:\Users\Marvin\AppData\Local\Temp\wmplog00.sqm --------- 1654  
 20.05.2010 08:19     C:\Users\Marvin\AppData\Local\Temp\3D3.tmp --------- 2349056  
 19.05.2010 23:35     C:\Users\Marvin\AppData\Local\Temp\80DDWFou.htm.part --------- 0  
 19.05.2010 22:12     C:\Users\Marvin\AppData\Local\Temp\jusched.log --------- 369  
 19.05.2010 22:09     C:\Users\Marvin\AppData\Local\Temp\svchosty.exe --------- 296960  
 19.05.2010 22:09     C:\Users\Marvin\AppData\Local\Temp\wmsetup.log --------- 404  
 19.05.2010 22:09     C:\Users\Marvin\AppData\Local\Temp\ope19BC.exe --------- 423424  
 19.05.2010 22:09     C:\Users\Marvin\AppData\Local\Temp\ope19BC.tmp --------- 0  
 19.05.2010 22:09     C:\Users\Marvin\AppData\Local\Temp\avto.exe --------- 304640  
 19.05.2010 22:09     C:\Users\Marvin\AppData\Local\Temp\avto1.exe --------- 298496  
 19.05.2010 22:09     C:\Users\Marvin\AppData\Local\Temp\teste3_p.exe --------- 363008  
 19.05.2010 22:09     C:\Users\Marvin\AppData\Local\Temp\9414.tmp --------- 2431488  
 19.05.2010 17:40     C:\Users\Marvin\AppData\Local\Temp\dBPCEC4.tmp --------- 0  
 19.05.2010 16:23     C:\Users\Marvin\AppData\Local\Temp\wmplog06.sqm --------- 1862  
 19.05.2010 16:21     C:\Users\Marvin\AppData\Local\Temp\ope1931.exe --------- 423424  
 19.05.2010 16:21     C:\Users\Marvin\AppData\Local\Temp\ope1931.tmp --------- 0  
 19.05.2010 16:21     C:\Users\Marvin\AppData\Local\Temp\EDF7.tmp --------- 2431488  
 19.05.2010 14:36     C:\Users\Marvin\AppData\Local\Temp\opeE76.exe --------- 423424  
 19.05.2010 14:36     C:\Users\Marvin\AppData\Local\Temp\opeE76.tmp --------- 0  
 19.05.2010 14:35     C:\Users\Marvin\AppData\Local\Temp\C429.tmp --------- 2431488  
 19.05.2010 02:21     C:\Users\Marvin\AppData\Local\Temp\ope2AF2.exe --------- 423424  
 19.05.2010 02:21     C:\Users\Marvin\AppData\Local\Temp\ope2AF2.tmp --------- 0  
 19.05.2010 02:21     C:\Users\Marvin\AppData\Local\Temp\38B.tmp --------- 2431488  
 19.05.2010 00:20     C:\Users\Marvin\AppData\Local\Temp\opeC970.exe --------- 423424  
 19.05.2010 00:20     C:\Users\Marvin\AppData\Local\Temp\opeC970.tmp --------- 0  
 19.05.2010 00:20     C:\Users\Marvin\AppData\Local\Temp\8FFE.tmp --------- 2431488  
 18.05.2010 22:20     C:\Users\Marvin\AppData\Local\Temp\1CA0.tmp --------- 2431488  
 18.05.2010 20:19     C:\Users\Marvin\AppData\Local\Temp\A6C2.tmp --------- 2431488  
 18.05.2010 18:18     C:\Users\Marvin\AppData\Local\Temp\ope5524.exe --------- 423424  
 18.05.2010 18:18     C:\Users\Marvin\AppData\Local\Temp\ope5524.tmp --------- 0  
 18.05.2010 18:18     C:\Users\Marvin\AppData\Local\Temp\3345.tmp --------- 2431488  
 17.05.2010 23:27     C:\Users\Marvin\AppData\Local\Temp\nnooml.dll --------- 80896  
 17.05.2010 23:25     C:\Users\Marvin\AppData\Local\Temp\avp.exe --------- 60004  
 17.05.2010 23:25     C:\Users\Marvin\AppData\Local\Temp\k4zmwmkj.exe --------- 30001  
 17.05.2010 23:25     C:\Users\Marvin\AppData\Local\Temp\vtucw.dll --------- 30000  
 17.05.2010 02:48     C:\Users\Marvin\AppData\Local\Temp\sshnas21.dll --------- 218112  
----------------------------------------

 
C:\Program Files

 20.05.2010 22:48     C:\Program Files\Malwarebytes' Anti-Malware --------- 4096  
 19.05.2010 17:14     C:\Program Files\CCleaner --------- 0  
 18.05.2010 22:01     C:\Program Files\Spybot - Search & Destroy --------- 8192  
 14.05.2010 01:30     C:\Program Files\Google --------- 4096  
 08.05.2010 00:14     C:\Program Files\Common Files --------- 8192  
 26.04.2010 15:26     C:\Program Files\Skype --------- 0  
 24.04.2010 15:48     C:\Program Files\Mozilla Firefox --------- 28672  
 18.04.2010 21:43     C:\Program Files\LibUSB-Win32 --------- 4096  
 13.04.2010 19:10     C:\Program Files\GMX --------- 0  
 13.04.2010 00:20     C:\Program Files\DVDVideoSoft --------- 4096  
 12.04.2010 16:53     C:\Program Files\Ask.com --------- 4096  
 12.04.2010 16:49     C:\Program Files\Adobe --------- 4096  
 10.04.2010 00:02     C:\Program Files\InstallShield Installation Information --------- 24576  
 09.04.2010 23:55     C:\Program Files\Ulead Systems --------- 0  
 09.04.2010 23:40     C:\Program Files\DVD Shrink --------- 4096  
 09.04.2010 23:23     C:\Program Files\DVDFab 5 --------- 4096  
 02.04.2010 18:50     C:\Program Files\JanSoft --------- 0  
 02.04.2010 18:26     C:\Program Files\WebZIP 7 --------- 4096  
 01.04.2010 19:05     C:\Program Files\GIMP-2.0 --------- 0  
 23.03.2010 21:19     C:\Program Files\ICQ6.5 --------- 20480  
 23.03.2010 21:03     C:\Program Files\ICQ6 --------- 0  
 23.03.2010 18:48     C:\Program Files\iTunes --------- 4096  
 23.03.2010 18:47     C:\Program Files\iPod --------- 0  
 23.03.2010 18:44     C:\Program Files\QuickTime --------- 4096  
 16.03.2010 17:21     C:\Program Files\OpenOffice.org 3 --------- 4096  
 27.01.2010 20:48     C:\Program Files\TeamViewer --------- 0  
 10.01.2010 05:17     C:\Program Files\Audacity --------- 4096  
 10.01.2010 04:06     C:\Program Files\Internet Explorer --------- 4096  
 10.01.2010 03:42     C:\Program Files\WinPcap --------- 4096  
 10.01.2010 03:41     C:\Program Files\URLSnooper2 --------- 4096  
 19.12.2009 16:53     C:\Program Files\KGB --------- 0  
 07.12.2009 18:37     C:\Program Files\Cain --------- 0  
 22.11.2009 23:12     C:\Program Files\DivX --------- 8192  
 09.11.2009 21:25     C:\Program Files\Corel --------- 0  
 08.11.2009 21:36     C:\Program Files\Messenger Plus Live --------- 4096  
 12.10.2009 17:41     C:\Program Files\Java --------- 4096  
 12.10.2009 17:16     C:\Program Files\OpenOffice.org 2.4 --------- 0  
 12.10.2009 17:07     C:\Program Files\BeCyPDFMetaEdit --------- 4096  
 12.10.2009 16:54     C:\Program Files\Free PDF to Word Doc Converter --------- 4096  
 12.10.2009 16:41     C:\Program Files\Freeware PDF Unlocker --------- 98304  
 12.10.2009 16:41     C:\Program Files\Easy Pdf Password Remover Free --------- 0  
 09.10.2009 16:35     C:\Program Files\Canon --------- 0  
 08.10.2009 20:01     C:\Program Files\Cyanide --------- 0  
 07.10.2009 14:22     C:\Program Files\Microsoft --------- 0  
 23.09.2009 22:15     C:\Program Files\SimpleOCR --------- 4096  
 17.09.2009 23:02     C:\Program Files\Project64 1.6 --------- 4096  
 02.09.2009 16:36     C:\Program Files\Steam --------- 0  
 01.09.2009 17:38     C:\Program Files\Free Music Zilla --------- 4096  
 16.08.2009 16:58     C:\Program Files\EA SPORTS --------- 0  
 12.08.2009 03:11     C:\Program Files\Windows Media Player --------- 4096  
 12.08.2009 03:04     C:\Program Files\Windows Mail --------- 4096  
 09.08.2009 03:13     C:\Program Files\Microsoft Silverlight --------- 4096  
 15.07.2009 20:07     C:\Program Files\capella-software --------- 0  
 15.07.2009 19:36     C:\Program Files\Anvil Studio --------- 4096  
 11.07.2009 14:11     C:\Program Files\Macromedia --------- 0  
 08.07.2009 16:30     C:\Program Files\WarRock --------- 0  
 04.07.2009 13:50     C:\Program Files\Free FLV Converter --------- 8192  
 26.06.2009 17:35     C:\Program Files\FileZilla FTP Client --------- 4096  
 21.06.2009 12:56     C:\Program Files\Sierra --------- 0  
 20.06.2009 15:07     C:\Program Files\Winamp --------- 0  
 12.06.2009 14:42     C:\Program Files\Microsoft Works --------- 28672  
 10.06.2009 15:23     C:\Program Files\SystemRequirementsLab --------- 0  
 03.06.2009 22:27     C:\Program Files\Ubisoft --------- 4096  
 03.06.2009 22:24     C:\Program Files\Image-Line --------- 4096  
 03.06.2009 22:23     C:\Program Files\VstPlugins --------- 0  
 03.06.2009 22:00     C:\Program Files\Electronic Arts --------- 0  
 31.05.2009 11:57     C:\Program Files\Pcsx2 --------- 0  
 22.05.2009 20:56     C:\Program Files\Lan.FS --------- 0  
 22.05.2009 19:51     C:\Program Files\DKS --------- 0  
 16.05.2009 23:07     C:\Program Files\Google Hacks --------- 0  
 02.05.2009 19:37     C:\Program Files\Visual Pinball --------- 0  
 02.05.2009 19:11     C:\Program Files\TopWare --------- 0  
 02.05.2009 18:31     C:\Program Files\Avira --------- 0  
 19.04.2009 19:34     C:\Program Files\intelliScore Ensemble WAV to MIDI Converter Demo --------- 4096  
 19.04.2009 19:31     C:\Program Files\Cool Record Edit Pro --------- 4096  
 15.04.2009 16:47     C:\Program Files\Vuze --------- 4096  
 10.04.2009 19:54     C:\Program Files\Microsoft Games for Windows - LIVE --------- 0  
 10.04.2009 01:41     C:\Program Files\WinRAR --------- 4096  
 09.04.2009 01:25     C:\Program Files\Pamela --------- 4096  
 04.04.2009 22:08     C:\Program Files\AviSynth 2.5 --------- 0  
 04.04.2009 22:08     C:\Program Files\eRightSoft --------- 0  
 31.03.2009 21:41     C:\Program Files\Nvu --------- 8192  
 22.03.2009 03:44     C:\Program Files\Bonjour --------- 0  
 19.03.2009 22:42     C:\Program Files\Windows Live --------- 4096  
 19.03.2009 22:42     C:\Program Files\Windows Live SkyDrive --------- 0  
 14.03.2009 02:43     C:\Program Files\PhotoZoom Pro 2 --------- 4096  
 07.03.2009 11:23     C:\Program Files\RAR Password Cracker --------- 0  
 22.02.2009 19:53     C:\Program Files\Speed Gear --------- 0  
 05.02.2009 22:41     C:\Program Files\Microsoft Games --------- 4096  
 02.02.2009 01:13     C:\Program Files\Microsoft GIF Animator --------- 4096  
 01.02.2009 15:32     C:\Program Files\MAGIX --------- 4096  
 07.01.2009 13:42     C:\Program Files\Pando Networks --------- 0  
 04.01.2009 21:45     C:\Program Files\UltraVNC --------- 4096  
 29.12.2008 02:42     C:\Program Files\Bits N Bytes --------- 0  
 27.12.2008 02:09     C:\Program Files\WinSCP --------- 4096  
 07.12.2008 21:34     C:\Program Files\MafiaDemo --------- 0  
 07.12.2008 19:12     C:\Program Files\Creative --------- 0  
 02.12.2008 22:24     C:\Program Files\AoA MP4 Converter --------- 4096  
 01.12.2008 19:01     C:\Program Files\Babylon --------- 0  
 23.11.2008 22:54     C:\Program Files\Passware --------- 4096  
 18.11.2008 00:24     C:\Program Files\WildPackets --------- 0  
 09.11.2008 14:32     C:\Program Files\Teamspeak2_RC2 --------- 4096  
 06.11.2008 22:21     C:\Program Files\MSBuild --------- 0  
 06.11.2008 22:20     C:\Program Files\Microsoft Visual Studio --------- 0  
 06.11.2008 22:19     C:\Program Files\Microsoft Office --------- 4096  
 06.11.2008 22:15     C:\Program Files\Microsoft Visual Studio 8 --------- 0  
 26.10.2008 01:30     C:\Program Files\Free Audio Pack --------- 4096  
 16.10.2008 23:02     C:\Program Files\Windows Live Safety Center --------- 0  
 15.10.2008 01:17     C:\Program Files\SpacialAudio --------- 0  
 14.10.2008 16:29     C:\Program Files\S.A.D --------- 0  
 14.10.2008 16:22     C:\Program Files\NCH Swift Sound --------- 4096  
 14.10.2008 16:13     C:\Program Files\NCH Software --------- 0  
 13.10.2008 16:02     C:\Program Files\Apple Software Update --------- 4096  
 29.09.2008 17:03     C:\Program Files\ConvertHelper --------- 0  
 21.09.2008 20:09     C:\Program Files\CDex_170b2 --------- 4096  
 20.09.2008 15:34     C:\Program Files\Native Instruments --------- 0  
 19.09.2008 17:51     C:\Program Files\Half-Life --------- 0  
 30.08.2008 10:13     C:\Program Files\Illustrate --------- 0  
 24.08.2008 17:30     C:\Program Files\FDRLab --------- 0  
 24.08.2008 17:16     C:\Program Files\JLC's Software --------- 0  
 06.08.2008 11:30     C:\Program Files\VID_0E8F&PID_0012 --------- 0  
 05.08.2008 22:52     C:\Program Files\Codemasters --------- 0  
 03.08.2008 11:52     C:\Program Files\Firebird --------- 0  
 28.07.2008 18:23     C:\Program Files\ASIO4ALL v2 --------- 4096  
 28.07.2008 13:09     C:\Program Files\desktop.ini --------- 174  
 28.07.2008 00:00     C:\Program Files\Windows Calendar --------- 0  
 28.07.2008 00:00     C:\Program Files\Windows Sidebar --------- 4096  
 28.07.2008 00:00     C:\Program Files\Movie Maker --------- 4096  
 28.07.2008 00:00     C:\Program Files\Windows Collaboration --------- 4096  
 28.07.2008 00:00     C:\Program Files\Windows Journal --------- 4096  
 28.07.2008 00:00     C:\Program Files\Windows Photo Gallery --------- 4096  
 27.07.2008 23:59     C:\Program Files\Windows Defender --------- 4096  
 15.07.2008 15:10     C:\Program Files\Nero --------- 0  
 15.07.2008 14:40     C:\Program Files\Jetico --------- 0  
 14.07.2008 19:00     C:\Program Files\Valve --------- 0  
 13.07.2008 00:40     C:\Program Files\Sony --------- 12288  
 08.07.2008 15:35     C:\Program Files\TechSmith --------- 0  
 06.07.2008 18:09     C:\Program Files\JAP --------- 0  
 10.06.2008 14:16     C:\Program Files\proDAD --------- 0  
 10.06.2008 14:02     C:\Program Files\AdorageI-GfxDatas --------- 0  
 10.06.2008 14:01     C:\Program Files\AdorageI-SAL --------- 0  
 10.06.2008 13:34     C:\Program Files\BIAS --------- 0  
 10.06.2008 13:32     C:\Program Files\Pinnacle --------- 4096  
 30.04.2008 17:49     C:\Program Files\OpenOffice.org 2.3 --------- 0  
 30.04.2008 17:37     C:\Program Files\VideoLAN --------- 0  
 30.04.2008 17:32     C:\Program Files\IrfanView --------- 4096  
 30.04.2008 17:32     C:\Program Files\Foxit Software --------- 0  
 30.04.2008 17:31     C:\Program Files\FreePDF_XP --------- 8192  
 30.04.2008 17:30     C:\Program Files\gs --------- 0  
 30.04.2008 17:29     C:\Program Files\7-Zip --------- 4096  
 30.04.2008 16:25     C:\Program Files\Microsoft CAPICOM 2.1.0.2 --------- 0  
 30.04.2008 14:40     C:\Program Files\CONEXANT --------- 0  
 09.01.2008 18:26     C:\Program Files\InterVideo --------- 0  
 09.01.2008 18:21     C:\Program Files\Sony Corporation --------- 0  
 09.01.2008 18:18     C:\Program Files\Roxio --------- 0  
 09.01.2008 18:16     C:\Program Files\ArcSoft --------- 0  
 02.11.2007 14:39     C:\Program Files\Google BAE --------- 4096  
 02.11.2007 14:36     C:\Program Files\BFG --------- 0  
 02.11.2007 14:34     C:\Program Files\Activation Assistant for the 2007 Microsoft Office suites --------- 8192  
 02.11.2007 14:32     C:\Program Files\Microsoft.NET --------- 0  
 02.11.2007 12:43     C:\Program Files\WIDCOMM --------- 0  
 02.11.2007 12:40     C:\Program Files\IDT --------- 0  
 02.11.2007 12:40     C:\Program Files\Sigmatel --------- 0  
 02.11.2007 12:35     C:\Program Files\Apoint --------- 4096  
 02.11.2007 12:25     C:\Program Files\Intel --------- 0  
 02.11.2007 11:29     C:\Program Files\MSXML 4.0 --------- 0  
 02.11.2007 10:54     C:\Program Files\Windows NT --------- 4096  
 02.11.2007 10:54     C:\Program Files\Gemeinsame Dateien --------- 0  
 02.11.2006 15:01     C:\Program Files\Uninstall Information --------- 0  
 02.11.2006 14:37     C:\Program Files\Reference Assemblies --------- 0  
----------------------------------------

 
C:\ProgramData\.. 

Marvin    
Public    
huhu    
desktop.ini    
Administrator    
Default    
Default User    
All Users    
----------------------------------------

 
C:\Windows\system32\drivers\etc\hosts

127.0.0.1       localhost
::1             localhost
127.0.0.1	www.007guard.com
127.0.0.1	007guard.com
127.0.0.1	008i.com
127.0.0.1	www.008k.com
127.0.0.1	008k.com
127.0.0.1	www.00hq.com
127.0.0.1	00hq.com
127.0.0.1	010402.com
127.0.0.1	www.032439.com
127.0.0.1	032439.com
127.0.0.1	www.0scan.com
127.0.0.1	0scan.com
127.0.0.1	1000gratisproben.com
127.0.0.1	www.1000gratisproben.com
127.0.0.1	1001namen.com
127.0.0.1	www.1001namen.com
127.0.0.1	100888290cs.com
127.0.0.1	www.100888290cs.com
127.0.0.1	www.100sexlinks.com
127.0.0.1	100sexlinks.com
127.0.0.1	10sek.com
127.0.0.1	www.10sek.com
127.0.0.1	www.1-2005-search.com
127.0.0.1	1-2005-search.com
127.0.0.1	www.123fporn.info
127.0.0.1	123fporn.info
127.0.0.1	123haustiereundmehr.com
127.0.0.1	www.123haustiereundmehr.com
127.0.0.1	123moviedownload.com
127.0.0.1	www.123moviedownload.com
127.0.0.1	123simsen.com
127.0.0.1	www.123simsen.com
127.0.0.1	123topsearch.com
127.0.0.1	www.123topsearch.com
127.0.0.1	125sms.co.uk
127.0.0.1	www.125sms.co.uk
127.0.0.1	125sms.com
127.0.0.1	www.125sms.com
127.0.0.1	132.com
127.0.0.1	www.132.com
127.0.0.1	1337crew.info
127.0.0.1	www.1337crew.info
127.0.0.1	www.1337-crew.to
127.0.0.1	1337-crew.to
127.0.0.1	136136.net
127.0.0.1	www.136136.net
127.0.0.1	www.150freesms.de
127.0.0.1	150freesms.de
127.0.0.1	www.163ns.com
127.0.0.1	163ns.com
127.0.0.1	171203.com
127.0.0.1	17concepts.info
127.0.0.1	www.17concepts.info
127.0.0.1	17-plus.com
127.0.0.1	1800searchonline.com
127.0.0.1	www.1800searchonline.com
127.0.0.1	180searchassistant.com
127.0.0.1	www.180searchassistant.com
127.0.0.1	180solutions.com
127.0.0.1	www.180solutions.com
127.0.0.1	181.365soft.info
127.0.0.1	www.181.365soft.info
127.0.0.1	1987324.com
127.0.0.1	www.1987324.com
127.0.0.1	1-domains-registrations.com
127.0.0.1	www.1-domains-registrations.com
127.0.0.1	www.1sexparty.com
127.0.0.1	1sexparty.com
127.0.0.1	www.1sms.de
127.0.0.1	1sms.de
127.0.0.1	www.1spybot.com
127.0.0.1	1spybot.com
127.0.0.1	www.1stantivirus.com
127.0.0.1	1stantivirus.com
127.0.0.1	www.1stpagehere.com
127.0.0.1	1stpagehere.com
127.0.0.1	www.1stsearchportal.com
127.0.0.1	1stsearchportal.com
127.0.0.1	2.82211.net
127.0.0.1	2006ooo.com
127.0.0.1	www.2006ooo.com
127.0.0.1	2007-download.com
127.0.0.1	www.2007-download.com
127.0.0.1	2008firefox.com
127.0.0.1	www.2008firefox.com
127.0.0.1	www.2008search-destroy.com
127.0.0.1	2008search-destroy.com
127.0.0.1	2008-search-destroy.com
127.0.0.1	www.2008-search-destroy.com
127.0.0.1	2008-viewer.com
127.0.0.1	www.2008-viewer.com
127.0.0.1	2009--access.com
127.0.0.1	www.2009--access.com
127.0.0.1	www.2009antivirpro.com
127.0.0.1	2009antivirpro.com
127.0.0.1	www.2009-edition.com
127.0.0.1	2009-edition.com

----------------------------------------

 

Abbildname                     PID Sitzungsname       Sitz.-Nr. Speichernutzung
========================= ======== ================ =========== ===============
System Idle Process              0 Services                   0            24 K
System                           4 Services                   0         1.932 K
smss.exe                       416 Services                   0           740 K
csrss.exe                      488 Services                   0         5.272 K
wininit.exe                    540 Services                   0         4.200 K
csrss.exe                      552 Console                    1        12.436 K
services.exe                   584 Services                   0         7.264 K
lsass.exe                      616 Services                   0         8.640 K
lsm.exe                        624 Services                   0         4.080 K
winlogon.exe                   712 Console                    1         5.560 K
svchost.exe                    788 Services                   0         6.652 K
svchost.exe                    868 Services                   0         6.928 K
svchost.exe                    904 Services                   0        41.976 K
svchost.exe                    996 Services                   0        12.992 K
svchost.exe                   1028 Services                   0        65.744 K
svchost.exe                   1040 Services                   0        32.116 K
audiodg.exe                   1160 Services                   0        14.548 K
svchost.exe                   1184 Services                   0         4.808 K
SLsvc.exe                     1200 Services                   0        10.040 K
svchost.exe                   1224 Services                   0        14.420 K
svchost.exe                   1448 Services                   0        19.928 K
spoolsv.exe                   1676 Services                   0        11.604 K
sched.exe                     1700 Services                   0           360 K
svchost.exe                   1712 Services                   0        20.336 K
dwm.exe                        260 Console                    1         6.460 K
taskeng.exe                    272 Console                    1        11.240 K
taskeng.exe                    428 Services                   0         5.944 K
explorer.exe                   468 Console                    1        66.396 K
taskeng.exe                   1828 Console                    1         4.644 K
VAIOUpdt.exe                  1952 Console                    1         7.308 K
Switcher.exe                  2020 Console                    1         6.704 K
svchost.exe                    288 Services                   0        11.868 K
avguard.exe                    772 Services                   0        27.548 K
AppleMobileDeviceService.     1340 Services                   0         3.928 K
mDNSResponder.exe              680 Services                   0         4.780 K
svchost.exe                   2012 Services                   0         3.424 K
fbguard.exe                   2052 Services                   0         3.544 K
iviRegMgr.exe                 2196 Services                   0         3.280 K
NBService.exe                 2208 Services                   0         7.500 K
PnkBstrA.exe                  2376 Services                   0         3.756 K
PnkBstrB.exe                  2400 Services                   0         4.116 K
svchost.exe                   2420 Services                   0         5.608 K
PsiService_2.exe              2432 Services                   0         2.844 K
stacsv.exe                    2472 Services                   0         6.368 K
svchost.exe                   2516 Services                   0         7.044 K
TeamViewer_Service.exe        2536 Services                   0         3.092 K
VESMgr.exe                    2584 Services                   0        12.092 K
VCSW.exe                      2604 Services                   0         7.416 K
svchost.exe                   2632 Services                   0         2.064 K
SearchIndexer.exe             2688 Services                   0        22.684 K
XAudio.exe                    2736 Services                   0         2.488 K
VzCdbSvc.exe                  2768 Services                   0        11.456 K
SDWinSec.exe                  2824 Services                   0         7.900 K
VESMgrSub.exe                 3012 Console                    1         9.280 K
VzFw.exe                      3352 Services                   0         9.588 K
WUDFHost.exe                  3424 Services                   0         6.112 K
fbserver.exe                  3760 Services                   0         5.476 K
alg.exe                       3824 Services                   0         4.492 K
SPMgr.exe                     1620 Console                    1         7.884 K
Apoint.exe                    3928 Console                    1        12.208 K
ISBMgr.exe                     852 Console                    1         6.292 K
MarketingTools.exe            2356 Console                    1         5.072 K
jusched.exe                   3972 Console                    1         4.876 K
fpassist.exe                  3916 Console                    1         6.748 K
reader_sl.exe                 4056 Console                    1         5.448 K
GrooveMonitor.exe             1104 Console                    1         7.408 K
avgnt.exe                     1148 Console                    1         2.480 K
rundll32.exe                  3920 Console                    1         7.428 K
WmiPrvSE.exe                  3496 Services                   0         6.428 K
iTunesHelper.exe              1460 Console                    1        12.992 K
ehtray.exe                    4072 Console                    1         3.572 K
msnmsgr.exe                   4016 Console                    1        59.864 K
NMBgMonitor.exe               2220 Console                    1        12.196 K
GoogleToolbarNotifier.exe     3752 Console                    1         3.072 K
ehmsas.exe                    2684 Console                    1         5.980 K
wmpnscfg.exe                  2552 Console                    1         6.380 K
SMSMngr.exe                   1252 Console                    1        28.140 K
rundll32.exe                  3644 Console                    1         8.692 K
rundll32.exe                  4120 Console                    1        12.736 K
k4zmwmkj.exe                  4128 Console                    1        12.228 K
avp.exe                       4156 Console                    1        12.288 K
rundll32.exe                  4164 Console                    1         4.796 K
TeaTimer.exe                  4196 Console                    1       118.816 K
BTTray.exe                    4204 Console                    1         9.828 K
wmpnetwk.exe                  4332 Services                   0        11.428 K
ApMsgFwd.exe                  4684 Console                    1         2.852 K
ApntEx.exe                    5192 Console                    1         5.464 K
NMIndexingService.exe         5680 Services                   0        10.976 K
NMIndexStoreSvr.exe           5756 Console                    1        17.484 K
SearchProtocolHost.exe        5808 Services                   0         9.208 K
SearchFilterHost.exe          5932 Services                   0         6.000 K
iPodService.exe               4780 Services                   0         5.452 K
conime.exe                    3880 Console                    1         5.708 K
wlcomm.exe                    5432 Console                    1        11.452 K
cmd.exe                       3628 Console                    1         3.040 K
tasklist.exe                  5600 Console                    1         4.884 K
WmiPrvSE.exe                  5704 Services                   0         6.204 K

 
***** Ende des Scans 20.05.2010 um 22:51:57,64 ***
         
__________________

Alt 20.05.2010, 22:14   #4
Ingosh
 
avto1.exe; svchosty.exe; q1.exe; ...: "System Error. Code: 5. Zugriff verweigert." - Standard

avto1.exe; svchosty.exe; q1.exe; ...: "System Error. Code: 5. Zugriff verweigert."



übrigens konnte ich diese aufpoppenden fehler fenster unter taskmanager/prozesse einfach schließen und jezt sind sie weg. ausserdem funtioniert internet explorer nicht und windows live msg sagt mir:

Ausserdem öffnen sich bei firefox des öfteren unerwünschte seiten (oftmals porno-seiten). z.B. google ich "haus" und wenn ich dann auf den google eintrag mit quelle wikipedia haus klicke kommt nicht wikipedia sondern sonst was. das ist aber auch sehr unterschiedlich. beim 2ten öffnen funktioniert es dann auch meistens


Und hier noch die beiden OTL-files:

1. "OTL"
Code:
ATTFilter
OTL logfile created on: 20.05.2010 22:59:58 - Run 1
OTL by OldTimer - Version 3.2.5.0     Folder = C:\Users\Marvin\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18813)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 53,00% Memory free
6,00 Gb Paging File | 5,00 Gb Available in Paging File | 77,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 175,77 Gb Total Space | 8,42 Gb Free Space | 4,79% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 952,19 Mb Total Space | 822,34 Mb Free Space | 86,36% Space Free | Partition Type: FAT
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: MARVIN-PC
Current User Name: Marvin
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Marvin\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Users\Marvin\AppData\Local\Temp\avp.exe ()
PRC - C:\Users\Marvin\AppData\Local\Temp\k4zmwmkj.exe ()
PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Programme\TeamViewer\Version5\TeamViewer_Service.exe (TeamViewer GmbH)
PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Programme\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation)
PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Programme\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
PRC - C:\Programme\Windows Live\Contacts\wlcomm.exe (Microsoft Corporation)
PRC - C:\Programme\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
PRC - C:\Windows\System32\cmd.exe (Microsoft Corporation)
PRC - C:\Windows\System32\conime.exe (Microsoft Corporation)
PRC - C:\Programme\Sony\Marketing Tools\MarketingTools.exe (Sony NSCE)
PRC - C:\Windows\System32\stacsv.exe (IDT, Inc.)
PRC - C:\Programme\Firebird\Firebird_2_1\bin\fbguard.exe (FirebirdSQL Project)
PRC - C:\Programme\Firebird\Firebird_2_1\bin\fbserver.exe (FirebirdSQL Project)
PRC - C:\Programme\Sony\VAIO Power Management\SPMgr.exe (Sony Corporation)
PRC - C:\Programme\Common Files\Nero\Lib\NMIndexStoreSvr.exe (Nero AG)
PRC - C:\Programme\Common Files\Nero\Lib\NMBgMonitor.exe (Nero AG)
PRC - C:\Programme\Sony\ISB Utility\ISBMgr.exe (Sony Corporation)
PRC - C:\Programme\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
PRC - C:\Programme\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe (Sony Corporation)
PRC - C:\Programme\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe (Sony Corporation)
PRC - C:\Programme\Sony\VAIO Event Service\VESMgr.exe (Sony Corporation)
PRC - C:\Programme\Sony\VAIO Event Service\VESMgrSub.exe (Sony Corporation)
PRC - c:\Programme\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.)
PRC - C:\Programme\GMX\GMX SMS-Manager\SMSMngr.exe (1&1 Internet AG)
PRC - C:\Programme\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe (Sony Corporation)
PRC - C:\Programme\Sony\Wireless Switch Setting Utility\Switcher.exe (Sony Corporation)
PRC - C:\Programme\Apoint\Apoint.exe (Alps Electric Co., Ltd.)
PRC - C:\Programme\Apoint\ApntEx.exe (Alps Electric Co., Ltd.)
PRC - C:\Programme\Apoint\ApMsgFwd.exe (Alps Electric Co., Ltd.)
PRC - C:\Programme\Sony\VAIO Update 3\VAIOUpdt.exe (Sony Corporation)
PRC - C:\Programme\FreePDF_XP\fpassist.exe (shbox.de)
PRC - C:\Programme\Common Files\InterVideo\RegMgr\iviRegMgr.exe (InterVideo)
 
 
========== Modules (SafeList) ==========
 
MOD - C:\Users\Marvin\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Windows\System32\msscript.ocx (Microsoft Corporation)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18000_none_5cdbaa5a083979cc\comctl32.dll (Microsoft Corporation)
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (Zwunzi Service) --  File not found
SRV - (CLTNetCnService) --  File not found
SRV - (Akamai) -- c:\Programme\Common Files\Akamai\rswin_3697.dll ()
SRV - (TeamViewer5) -- C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe (TeamViewer GmbH)
SRV - (rpcapd) Remote Packet Capture Protocol v.0 (experimental) -- C:\Program Files\WinPcap\rpcapd.exe (CACE Technologies, Inc.)
SRV - (Steam Client Service) -- C:\Program Files\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (SBSDWSCService) -- C:\Programme\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)
SRV - (VcmXmlIfHelper) -- C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper.exe (Sony Corporation)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (STacSV) -- C:\Windows\System32\stacsv.exe (IDT, Inc.)
SRV - (FirebirdGuardianDefaultInstance) -- C:\Program Files\Firebird\Firebird_2_1\bin\fbguard.exe (FirebirdSQL Project)
SRV - (FirebirdServerDefaultInstance) -- C:\Program Files\Firebird\Firebird_2_1\bin\fbserver.exe (FirebirdSQL Project)
SRV - (VcmIAlzMgr) -- C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe (Sony Corporation)
SRV - (VzFw) -- C:\Programme\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe (Sony Corporation)
SRV - (VzCdbSvc) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe (Sony Corporation)
SRV - (VAIO Event Service) -- C:\Programme\Sony\VAIO Event Service\VESMgr.exe (Sony Corporation)
SRV - (PSI_SVC_2) -- c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.)
SRV - (VAIO Entertainment TV Device Arbitration Service) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe (Sony Corporation)
SRV - (Vcsw) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe (Sony Corporation)
SRV - (VAIOMediaPlatform-IntegratedServer-AppServer) -- C:\Programme\Sony\VAIO Media Integrated Server\VMISrv.exe (Sony Corporation)
SRV - (VAIOMediaPlatform-Mobile-Gateway) -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe (Sony Corporation)
SRV - (VAIOMediaPlatform-UCLS-UPnP) VAIO Media Content Collection (UPnP) -- C:\Programme\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe (Sony Corporation)
SRV - (VAIOMediaPlatform-IntegratedServer-UPnP) VAIO Media Integrated Server (UPnP) -- C:\Programme\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe (Sony Corporation)
SRV - (VAIOMediaPlatform-UCLS-HTTP) VAIO Media Content Collection (HTTP) -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe (Sony Corporation)
SRV - (VAIOMediaPlatform-IntegratedServer-HTTP) VAIO Media Integrated Server (HTTP) -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe (Sony Corporation)
SRV - (VAIOMediaPlatform-UCLS-AppServer) -- C:\Programme\Sony\VAIO Media Integrated Server\UCLS.exe (Sony Corporation)
SRV - (IviRegMgr) -- C:\Programme\Common Files\InterVideo\RegMgr\iviRegMgr.exe (InterVideo)
SRV - (UPnPService) -- C:\Programme\Common Files\MAGIX Shared\UPnPService\UPnPService.exe (Magix AG)
SRV - (MSCSPTISRV) -- C:\Programme\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe (Sony Corporation)
SRV - (SPTISRV) -- C:\Programme\Common Files\Sony Shared\AVLib\SPTISRV.exe (Sony Corporation)
SRV - (PACSPTISVR) -- C:\Programme\Common Files\Sony Shared\AVLib\PACSPTISVR.exe ()
SRV - (FirebirdServerMAGIXInstance) -- C:\Programme\MAGIX\Common\Database\bin\fbserver.exe (MAGIX®)
SRV - (IDriverT) -- C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe (Macrovision Corporation)
SRV - (PCLEPCI) -- C:\Windows\System32\drivers\Pclepci.sys (Pinnacle Systems GmbH)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)
DRV - (NPF) -- C:\Windows\System32\drivers\npf.sys (CACE Technologies, Inc.)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgio) -- C:\Programme\Avira\AntiVir Desktop\avgio.sys (Avira GmbH)
DRV - (teamviewervpn) -- C:\Windows\System32\drivers\teamviewervpn.sys (TeamViewer GmbH)
DRV - (usbaudio) USB-Audiotreiber (WDM) -- C:\Windows\System32\drivers\USBAUDIO.sys (Microsoft Corporation)
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (R5U870FLx86) -- C:\Windows\System32\drivers\R5U870FLx86.sys (Ricoh)
DRV - (R5U870FUx86) -- C:\Windows\System32\drivers\R5U870FUx86.sys (Ricoh)
DRV - (STHDA) -- C:\Windows\System32\drivers\stwrt.sys (IDT, Inc.)
DRV - (btwrchid) -- C:\Windows\System32\drivers\btwrchid.sys (Broadcom Corporation.)
DRV - (btwavdt) -- C:\Windows\System32\drivers\btwavdt.sys (Broadcom Corporation.)
DRV - (btwaudio) -- C:\Windows\System32\drivers\btwaudio.sys (Broadcom Corporation.)
DRV - (btwl2cap) -- C:\Windows\System32\drivers\btwl2cap.sys (Broadcom Corporation.)
DRV - (XAudio) -- C:\Windows\System32\drivers\XAudio.sys (Conexant Systems, Inc.)
DRV - (HSF_DPV) -- C:\Windows\System32\drivers\HSX_DPV.sys (Conexant Systems, Inc.)
DRV - (winachsf) -- C:\Windows\System32\drivers\HSX_CNXT.sys (Conexant Systems, Inc.)
DRV - (HSXHWAZL) -- C:\Windows\System32\drivers\HSXHWAZL.sys (Conexant Systems, Inc.)
DRV - (yukonwlh) -- C:\Windows\System32\drivers\yk60x86.sys (Marvell)
DRV - (NETw4v32) Intel(R) -- C:\Windows\System32\drivers\NETw4v32.sys (Intel Corporation)
DRV - (DMICall) -- C:\Windows\System32\drivers\DMICall.sys (Sony Corporation)
DRV - (SFEP) -- C:\Windows\System32\drivers\SFEP.sys (Sony Corporation)
DRV - (ApfiltrService) -- C:\Windows\System32\drivers\Apfiltr.sys (Alps Electric Co., Ltd.)
DRV - (ti21sony) -- C:\Windows\System32\drivers\ti21sony.sys (Texas Instruments)
DRV - (regi) -- C:\Windows\System32\drivers\regi.sys (InterVideo)
DRV - (libusb0) -- C:\Windows\System32\drivers\libusb0.sys (hxxp://libusb-win32.sourceforge.net)
DRV - (iaStor) -- C:\Windows\system32\drivers\iastor.sys (Intel Corporation)
DRV - (WimFltr) -- C:\Windows\System32\drivers\WimFltr.sys (Microsoft Corporation)
DRV - (MarvinBus) -- C:\Windows\System32\drivers\MarvinBus.sys (Pinnacle Systems GmbH)
DRV - (ql2300) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation)
DRV - (adp94xx) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.)
DRV - (elxstor) -- C:\Windows\system32\drivers\elxstor.sys (Emulex)
DRV - (adpahci) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.)
DRV - (uliahci) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.)
DRV - (iaStorV) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation)
DRV - (adpu320) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.)
DRV - (ulsata2) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.)
DRV - (vsmraid) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd)
DRV - (ql40xx) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation)
DRV - (UlSata) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.)
DRV - (adpu160m) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.)
DRV - (nvraid) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation)
DRV - (nfrd960) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation)
DRV - (iirsp) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH)
DRV - (SiSRaid4) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems)
DRV - (nvstor) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation)
DRV - (aic78xx) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.)
DRV - (arcsas) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.)
DRV - (LSI_SCSI) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic)
DRV - (SiSRaid2) -- C:\Windows\system32\drivers\sisraid2.sys (Silicon Integrated Systems Corp.)
DRV - (HpCISSs) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company)
DRV - (arc) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.)
DRV - (iteraid) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.)
DRV - (iteatapi) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.)
DRV - (LSI_SAS) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic)
DRV - (Symc8xx) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic)
DRV - (LSI_FC) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic)
DRV - (Sym_u3) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic)
DRV - (Mraid35x) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation)
DRV - (Sym_hi) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic)
DRV - (megasas) -- C:\Windows\system32\drivers\megasas.sys (LSI Logic Corporation)
DRV - (viaide) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.)
DRV - (cmdide) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.)
DRV - (aliide) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.)
DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.)
DRV - (BrUsbSer) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.)
DRV - (BrFiltUp) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.)
DRV - (BrFiltLo) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.)
DRV - (BrSerWdm) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.)
DRV - (BrUsbMdm) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.)
DRV - (HSFHWAZL) -- C:\Windows\System32\drivers\VSTAZL3.SYS (Conexant Systems, Inc.)
DRV - (ntrigdigi) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies)
DRV - (E1G60) Intel(R) -- C:\Windows\System32\drivers\E1G60I32.sys (Intel Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.club-vaio.com
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [Binary data over 100 bytes]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5555
 
========== FireFox ==========
 
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.6.4
FF - prefs.js..extensions.enabledItems: {1018e4d6-728f-4b20-ad56-37578a4de76b}:3.3.17
FF - prefs.js..extensions.enabledItems: {0538E3E3-7E9B-4d49-8831-A227C80A7AD3}:0.9.10.1
FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.8.20090920.2
FF - prefs.js..extensions.enabledItems: {37E4D8EA-8BDA-4831-8EA1-89053939A250}:3.0.0.1
FF - prefs.js..extensions.enabledItems: {2A1D5949-B519-4924-BF62-8522FE0D5274}:0.13
FF - prefs.js..extensions.enabledItems: {27A2FD41-CB23-4518-AB5C-C25BAFFDE531}:1.4.1
FF - prefs.js..extensions.enabledItems: {F270F1AF-34D6-41CB-A9F5-8200EF7DB41F}:1.0
FF - prefs.js..network.proxy.autoconfig_url: "w3cache.aster.pl"
 
FF - user.js..network.proxy.type: 0
FF - user.js..network.proxy.http: ""
FF - user.js..network.proxy.http_port: 0
FF - user.js..network.proxy.ssl: ""
FF - user.js..network.proxy.ssl_port: 0
FF - user.js..network.proxy.ftp: ""
FF - user.js..network.proxy.ftp_port: 0
FF - user.js..network.proxy.gopher: ""
FF - user.js..network.proxy.gopher_port: 0
FF - user.js..network.proxy.socks_version: 5
FF - user.js..network.proxy.socks: ""
FF - user.js..network.proxy.socks_port: 0
 
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.19\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.04.01 19:05:39 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.19\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.04.12 16:53:36 | 000,000,000 | ---D | M]
 
[2008.10.18 20:51:52 | 000,000,000 | ---D | M] -- C:\Users\Marvin\AppData\Roaming\mozilla\Extensions
[2010.05.20 15:38:35 | 000,000,000 | ---D | M] -- C:\Users\Marvin\AppData\Roaming\mozilla\Firefox\Profiles\4ioevbv7.default\extensions
[2009.06.17 11:30:01 | 000,000,000 | ---D | M] (Forecastfox) -- C:\Users\Marvin\AppData\Roaming\mozilla\Firefox\Profiles\4ioevbv7.default\extensions\{0538E3E3-7E9B-4d49-8831-A227C80A7AD3}
[2009.10.16 17:44:35 | 000,000,000 | ---D | M] (Flagfox) -- C:\Users\Marvin\AppData\Roaming\mozilla\Firefox\Profiles\4ioevbv7.default\extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}
[2008.07.06 18:26:31 | 000,000,000 | ---D | M] (SwitchProxy Tool) -- C:\Users\Marvin\AppData\Roaming\mozilla\Firefox\Profiles\4ioevbv7.default\extensions\{27A2FD41-CB23-4518-AB5C-C25BAFFDE531}
[2009.04.05 22:42:08 | 000,000,000 | ---D | M] (PDFescape Extension) -- C:\Users\Marvin\AppData\Roaming\mozilla\Firefox\Profiles\4ioevbv7.default\extensions\{2A1D5949-B519-4924-BF62-8522FE0D5274}
[2010.04.12 16:54:25 | 000,000,000 | ---D | M] (PDF Download) -- C:\Users\Marvin\AppData\Roaming\mozilla\Firefox\Profiles\4ioevbv7.default\extensions\{37E4D8EA-8BDA-4831-8EA1-89053939A250}
[2009.10.16 17:44:38 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Marvin\AppData\Roaming\mozilla\Firefox\Profiles\4ioevbv7.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2009.10.16 17:44:37 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Users\Marvin\AppData\Roaming\mozilla\Firefox\Profiles\4ioevbv7.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2010.04.12 16:54:25 | 000,000,000 | ---D | M] -- C:\Users\Marvin\AppData\Roaming\mozilla\Firefox\Profiles\4ioevbv7.default\extensions\staged-xpis
[2010.04.12 16:54:27 | 000,000,000 | ---D | M] -- C:\Users\Marvin\AppData\Roaming\mozilla\Firefox\Profiles\4ioevbv7.default\extensions\toolbar@ask.com
[2010.01.10 04:21:33 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions
[2010.01.10 04:21:33 | 000,000,000 | ---D | M] (Zwunzi) -- C:\Programme\Mozilla Firefox\extensions\{F270F1AF-34D6-41CB-A9F5-8200EF7DB41F}
[2010.04.12 16:53:07 | 000,075,208 | ---- | M] (Foxit Software Company) -- C:\Programme\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll
[2009.01.07 13:43:07 | 000,239,432 | ---- | M] (Pando Networks) -- C:\Programme\Mozilla Firefox\plugins\npPandoWebInst.dll
[2008.03.15 15:56:14 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2008.10.13 20:34:40 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml
[2008.02.19 16:40:48 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2006.12.03 17:59:22 | 000,000,986 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2006.11.17 13:19:24 | 000,000,801 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2010.05.18 22:11:55 | 000,394,514 | R--- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O1 - Hosts: 127.0.0.1	www.007guard.com
O1 - Hosts: 127.0.0.1	007guard.com
O1 - Hosts: 127.0.0.1	008i.com
O1 - Hosts: 127.0.0.1	www.008k.com
O1 - Hosts: 127.0.0.1	008k.com
O1 - Hosts: 127.0.0.1	www.00hq.com
O1 - Hosts: 127.0.0.1	00hq.com
O1 - Hosts: 127.0.0.1	010402.com
O1 - Hosts: 127.0.0.1	www.032439.com
O1 - Hosts: 127.0.0.1	032439.com
O1 - Hosts: 127.0.0.1	www.0scan.com
O1 - Hosts: 127.0.0.1	0scan.com
O1 - Hosts: 127.0.0.1	1000gratisproben.com
O1 - Hosts: 127.0.0.1	www.1000gratisproben.com
O1 - Hosts: 127.0.0.1	1001namen.com
O1 - Hosts: 127.0.0.1	www.1001namen.com
O1 - Hosts: 127.0.0.1	100888290cs.com
O1 - Hosts: 127.0.0.1	www.100888290cs.com
O1 - Hosts: 127.0.0.1	www.100sexlinks.com
O1 - Hosts: 127.0.0.1	100sexlinks.com
O1 - Hosts: 127.0.0.1	10sek.com
O1 - Hosts: 127.0.0.1	www.10sek.com
O1 - Hosts: 127.0.0.1	www.1-2005-search.com
O1 - Hosts: 13649 more lines...
O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll (Google Inc.)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Programme\Google BAE\BAE.dll (Your Company Name)
O2 - BHO: (Foxit Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask.com)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Foxit Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask.com)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Foxit Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask.com)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Apoint] C:\Programme\Apoint\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [FreePDF Assistant] C:\Programme\FreePDF_XP\fpassist.exe (shbox.de)
O4 - HKLM..\Run: [ISBMgr.exe] C:\Program Files\Sony\ISB Utility\ISBMgr.exe (Sony Corporation)
O4 - HKLM..\Run: [MarketingTools] C:\Programme\Sony\Marketing Tools\MarketingTools.exe (Sony NSCE)
O4 - HKLM..\Run: [NBKeyScan] C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe (Nero AG)
O4 - HKLM..\Run: [NeroFilterCheck] C:\Programme\Common Files\Nero\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvSvc] C:\Windows\System32\nvsvc.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [AdobeUpdater] C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe (Adobe Systems Incorporated)
O4 - HKCU..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe (Nero AG)
O4 - HKCU..\Run: [Canaveral] C:\Users\Marvin\AppData\Local\Temp\sshnas21.DLL ()
O4 - HKCU..\Run: [GMX SMS-Manager] C:\Programme\GMX\GMX SMS-Manager\SMSMngr.exe (1&1 Internet AG)
O4 - HKCU..\Run: [hsfe8owijfisjhgs7ye39gjsoighsd7y3eu] C:\Users\Marvin\AppData\Local\Temp\k4zmwmkj.exe ()
O4 - HKCU..\Run: [hsfg9w8gujsokgahi8gysgnsdgefshyjy] C:\Users\Marvin\AppData\Local\Temp\avp.exe ()
O4 - HKCU..\Run: [iTap] H:\remote\iTap-2.2\iTap.exe File not found
O4 - HKCU..\Run: [mcexecwin] C:\Users\Marvin\AppData\Local\Temp\vtucw.DLL ()
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Programme\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKCU..\Run: [ssqqqqsys] c:\users\marvin\appdata\local\temp\nnooml.DLL ()
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKCU..\Run: [userinit] C:\Users\Marvin\AppData\Roaming\sdra64.exe ()
O4 - HKCU..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKCU..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
O4 - Startup: C:\Users\Marvin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\FIFA 09-Registrierung.lnk = C:\Program Files\EA Sports\FIFA 09\Support\EAregister.exe File not found
O4 - Startup: C:\Users\Marvin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk = C:\Programme\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
O4 - Startup: C:\Users\Marvin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PPS.lnk = C:\Program Files\PPStream\PPStream.exe File not found
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll (Google Inc.)
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O9 - Extra Button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe (ICQ, LLC.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {588031A3-94BF-4CDD-86D0-939F6F93910F} https://fixit.support.microsoft.com/ActiveX/FixItClient.CAB (FixItClient Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab (Java Plug-in 1.6.0_02)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_04-windows-i586.cab (Java Plug-in 1.6.0_04)
O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {DC6FEBC5-0A2D-458A-A01B-5DB15EEC4305} hxxp://webc.marvin-plogsties.de/auth/controls/IlosoftImageUpload.dll (IlosoftImageUploadCtl Class)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programme\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\PROGRA~1\GOOGLE\GOOGLE~1\GOEC62~1.DLL) - C:\PROGRA~1\GOOGLE\GOOGLE~1\GOEC62~1.DLL File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\VESWinlogon: DllName - VESWinlogon.dll - C:\Windows\System32\VESWinlogon.dll (Sony Corporation)
O24 - Desktop WallPaper: C:\Users\Marvin\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\Marvin\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008.06.10 13:19:48 | 000,000,121 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{03446b49-32f0-11dd-8963-001e3d88026b}\Shell - "" = AutoRun
O33 - MountPoints2\{03446b49-32f0-11dd-8963-001e3d88026b}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -- File not found
O33 - MountPoints2\G\Shell - "" = AutoRun
O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\LaunchU3.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2010.05.20 22:42:53 | 000,000,000 | ---D | C] -- C:\Users\Marvin\Desktop\hjtscanlist
[2010.05.20 22:37:54 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010.05.20 22:37:52 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010.05.20 22:37:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010.05.20 22:34:51 | 000,571,904 | ---- | C] (OldTimer Tools) -- C:\Users\Marvin\Desktop\OTL.exe
[2010.05.20 17:24:21 | 097,547,048 | ---- | C] (Apple Inc.) -- C:\Users\Marvin\Desktop\iTunesSetup.exe
[2010.05.20 17:07:00 | 000,000,000 | ---D | C] -- C:\Users\Marvin\AppData\Roaming\Malwarebytes
[2010.05.20 17:06:48 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware
[2010.05.20 17:06:01 | 006,153,352 | ---- | C] (Malwarebytes Corporation                                    ) -- C:\Users\Marvin\Desktop\mbam-setup-1.46.exe
[2010.05.19 17:14:27 | 000,000,000 | ---D | C] -- C:\Programme\CCleaner
[2010.05.19 17:14:03 | 001,140,800 | ---- | C] (Piriform Ltd) -- C:\Users\Marvin\Desktop\ccsetup231_slim.exe
[2010.05.19 14:56:09 | 000,000,000 | ---D | C] -- C:\Avenger
[2010.05.19 14:53:43 | 000,000,000 | ---D | C] -- C:\Users\Marvin\Desktop\avenger
[2010.05.18 21:55:31 | 000,000,000 | ---D | C] -- C:\Programme\Spybot - Search & Destroy
[2010.05.18 21:55:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2010.05.18 21:50:08 | 016,409,960 | ---- | C] (Safer Networking Limited                                    ) -- C:\Users\Marvin\Desktop\spybotsd162(2).exe
[2010.05.18 21:47:18 | 016,409,960 | ---- | C] (Safer Networking Limited                                    ) -- C:\Users\Marvin\Desktop\spybotsd162.exe
[2010.05.17 23:25:52 | 000,000,000 | ---D | C] -- C:\Users\Marvin\AppData\Local\ymiboupot
[2010.05.17 23:24:52 | 000,000,000 | -HSD | C] -- C:\Users\Marvin\AppData\Roaming\lowsec
[2010.05.17 16:20:45 | 000,000,000 | ---D | C] -- C:\Users\Marvin\AppData\Roaming\Foxit Software
[2010.05.17 02:48:23 | 000,000,000 | ---D | C] -- C:\Users\Marvin\AppData\Roaming\E8281C0B29E14B298950287F464B285A
[2010.05.11 17:02:43 | 000,000,000 | ---D | C] -- C:\Users\Marvin\Desktop\209-run-dmc_vs._jason_nevin_-_(its)_tricky-zzzz
[2010.05.08 02:04:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Blizzard Entertainment
[2010.05.07 21:10:48 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\Blizzard Entertainment
[2010.05.07 21:10:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Blizzard
[2010.05.07 21:04:23 | 001,663,664 | ---- | C] (Blizzard Entertainment) -- C:\Users\Marvin\Desktop\InstallWoW.exe
[2010.05.07 15:35:18 | 000,000,000 | ---D | C] -- C:\Users\Marvin\AppData\Local\Blizzard Entertainment
[2010.05.07 15:29:26 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Blizzard Entertainment
[2010.05.07 15:28:48 | 003,493,144 | ---- | C] (Blizzard Entertainment) -- C:\Users\Marvin\Desktop\TryWoW.exe
[2010.04.26 15:27:06 | 000,000,000 | ---D | C] -- C:\Users\Marvin\AppData\Roaming\skypePM
[2010.04.26 15:26:29 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\Skype
[2010.04.26 15:26:28 | 000,000,000 | R--D | C] -- C:\Programme\Skype
[2010.04.26 15:24:51 | 001,683,240 | ---- | C] (Skype Technologies S.A.) -- C:\Users\Marvin\Desktop\SkypeSetup.exe
[2010.04.24 15:43:15 | 000,000,000 | ---D | C] -- C:\Users\Marvin\Desktop\MW2_Chams_v1.0
[2010.04.21 17:17:05 | 000,000,000 | ---D | C] -- C:\Users\Marvin\Documents\³Ø½¼ Ç÷¯±×
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[1 C:\Users\Marvin\Desktop\*.tmp files -> C:\Users\Marvin\Desktop\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2010.05.20 23:03:12 | 010,485,760 | -HS- | M] () -- C:\Users\Marvin\NTUSER.DAT
[2010.05.20 22:49:12 | 000,091,614 | ---- | M] () -- C:\Users\Marvin\AppData\Roaming\nvModes.001
[2010.05.20 22:48:42 | 000,000,434 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts.ics
[2010.05.20 22:48:25 | 000,001,092 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010.05.20 22:48:25 | 000,000,290 | -H-- | M] () -- C:\Windows\tasks\{8C3FDD81-7AE0-4605-A46A-2488B179F2A3}.job
[2010.05.20 22:48:18 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010.05.20 22:48:18 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010.05.20 22:48:15 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010.05.20 22:48:11 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010.05.20 22:48:05 | 3219,578,880 | -HS- | M] () -- C:\hiberfil.sys
[2010.05.20 22:47:03 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2010.05.20 22:46:54 | 000,524,288 | -HS- | M] () -- C:\Users\Marvin\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms
[2010.05.20 22:46:54 | 000,065,536 | -HS- | M] () -- C:\Users\Marvin\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf
[2010.05.20 22:46:24 | 003,091,040 | -H-- | M] () -- C:\Users\Marvin\AppData\Local\IconCache.db
[2010.05.20 22:42:30 | 000,002,097 | ---- | M] () -- C:\Users\Marvin\Desktop\hjtscanlist.zip
[2010.05.20 22:37:56 | 000,000,818 | ---- | M] () -- C:\Users\Public\Desktop\Malware-bytes' Anti-Malware.lnk
[2010.05.20 22:34:58 | 000,571,904 | ---- | M] (OldTimer Tools) -- C:\Users\Marvin\Desktop\OTL.exe
[2010.05.20 18:13:47 | 001,447,610 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010.05.20 18:13:47 | 000,628,910 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2010.05.20 18:13:47 | 000,595,946 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010.05.20 18:13:47 | 000,127,412 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2010.05.20 18:13:47 | 000,105,276 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010.05.20 17:29:27 | 004,046,710 | ---- | M] () -- C:\Users\Marvin\02R96G1.pdf
[2010.05.20 17:29:02 | 097,547,048 | ---- | M] (Apple Inc.) -- C:\Users\Marvin\Desktop\iTunesSetup.exe
[2010.05.20 17:28:49 | 000,870,815 | ---- | M] () -- C:\Users\Marvin\02R96G3.pdf
[2010.05.20 17:26:02 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010.05.20 17:11:00 | 000,002,828 | -HS- | M] () -- C:\ProgramData\KGyGaAvL.sys
[2010.05.20 17:06:16 | 006,153,352 | ---- | M] (Malwarebytes Corporation                                    ) -- C:\Users\Marvin\Desktop\mbam-setup-1.46.exe
[2010.05.20 16:33:32 | 008,206,880 | ---- | M] () -- C:\Users\Marvin\Desktop\SUPERAntiSpyware.exe
[2010.05.19 22:08:19 | 000,177,072 | ---- | M] () -- C:\Users\Marvin\AppData\Local\GDIPFONTCACHEV1.DAT
[2010.05.19 22:06:35 | 001,907,192 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010.05.19 17:42:39 | 000,398,078 | ---- | M] () -- C:\Users\Marvin\Documents\cc_20100519_174218.reg
[2010.05.19 17:14:30 | 000,001,670 | ---- | M] () -- C:\Users\Marvin\Desktop\CCleaner.lnk
[2010.05.19 17:14:08 | 001,140,800 | ---- | M] (Piriform Ltd) -- C:\Users\Marvin\Desktop\ccsetup231_slim.exe
[2010.05.19 16:58:18 | 000,091,614 | ---- | M] () -- C:\Users\Marvin\AppData\Roaming\nvModes.dat
[2010.05.19 14:52:57 | 000,724,952 | ---- | M] () -- C:\Users\Marvin\Desktop\avenger.zip
[2010.05.18 22:44:52 | 000,000,110 | ---- | M] () -- C:\Windows\wininit.ini
[2010.05.18 22:11:55 | 000,394,514 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2010.05.18 21:55:35 | 000,001,055 | ---- | M] () -- C:\Users\Marvin\Desktop\Spybot - Search & Destroy.lnk
[2010.05.18 21:51:01 | 016,409,960 | ---- | M] (Safer Networking Limited                                    ) -- C:\Users\Marvin\Desktop\spybotsd162(2).exe
[2010.05.18 21:48:08 | 016,409,960 | ---- | M] (Safer Networking Limited                                    ) -- C:\Users\Marvin\Desktop\spybotsd162.exe
[2010.05.18 21:47:23 | 000,030,758 | ---- | M] () -- C:\Users\Marvin\Desktop\lang.deutsch.zip
[2010.05.17 17:39:50 | 004,129,892 | ---- | M] () -- C:\Users\Marvin\Desktop\Edward Maya Ft Vika Jigulina - Stereo Love.mp3
[2010.05.17 01:32:04 | 002,561,952 | ---- | M] () -- C:\Users\Marvin\Desktop\Kyra feat. Mc Amino - Ich liebe dich [www.Libano-Style.de]  .mp3
[2010.05.17 01:31:59 | 005,267,888 | ---- | M] () -- C:\Users\Marvin\Desktop\Mo von D-Yongs feat. Kyra - Ich Liebe Dich (2009) [www.Libano-Style.de] .mp3
[2010.05.16 01:28:51 | 000,035,840 | ---- | M] () -- C:\Users\Marvin\Desktop\MLK.doc
[2010.05.16 01:27:43 | 000,016,563 | ---- | M] () -- C:\Users\Marvin\Desktop\MLK.docx
[2010.05.16 01:26:19 | 000,016,607 | ---- | M] () -- C:\Users\Marvin\Desktop\Microsoft Office Word-Dokument (neu) (2).docx
[2010.05.15 00:50:17 | 000,176,382 | ---- | M] () -- C:\Users\Marvin\291-12-05-10.jpg
[2010.05.15 00:48:42 | 000,169,879 | ---- | M] () -- C:\Users\Marvin\284-12-05-10.jpg
[2010.05.15 00:47:42 | 000,159,681 | ---- | M] () -- C:\Users\Marvin\270-12-05-10.jpg
[2010.05.15 00:47:21 | 000,158,409 | ---- | M] () -- C:\Users\Marvin\266-12-05-10.jpg
[2010.05.15 00:46:32 | 000,154,220 | ---- | M] () -- C:\Users\Marvin\258-12-05-10.jpg
[2010.05.15 00:42:11 | 000,130,826 | ---- | M] () -- C:\Users\Marvin\169-12-05-10.jpg
[2010.05.15 00:41:24 | 000,128,784 | ---- | M] () -- C:\Users\Marvin\152-12-05-10.jpg
[2010.05.15 00:41:15 | 000,128,369 | ---- | M] () -- C:\Users\Marvin\149-12-05-10.jpg
[2010.05.15 00:35:50 | 000,109,362 | ---- | M] () -- C:\Users\Marvin\019-12-05-10.jpg
[2010.05.14 01:30:30 | 000,002,073 | ---- | M] () -- C:\Users\Public\Desktop\Google Earth.lnk
[2010.05.12 02:04:00 | 001,896,542 | ---- | M] () -- C:\Users\Marvin\röschenhof lied.mp3
[2010.05.12 02:03:46 | 000,756,662 | ---- | M] () -- C:\Users\Marvin\röschenhof beitrag.mp3
[2010.05.12 02:03:11 | 000,325,942 | ---- | M] () -- C:\Users\Marvin\röschenhof.mp3
[2010.05.12 02:01:17 | 000,315,118 | ---- | M] () -- C:\Users\Marvin\pr005.mp3
[2010.05.12 01:57:47 | 001,606,792 | ---- | M] () -- C:\Users\Marvin\schlüssel.mp3
[2010.05.12 01:52:40 | 003,419,750 | ---- | M] () -- C:\Users\Marvin\dümmer als die Polizei erlaubt.mp3
[2010.05.12 01:47:39 | 001,194,889 | ---- | M] () -- C:\Users\Marvin\gewitter.mp3
[2010.05.12 01:47:02 | 001,367,819 | ---- | M] () -- C:\Users\Marvin\helmut poppen.mp3
[2010.05.09 20:14:40 | 000,000,743 | ---- | M] () -- C:\Users\Public\Desktop\World of Warcraft.lnk
[2010.05.09 19:08:08 | 000,000,494 | ---- | M] () -- C:\Users\Marvin\Desktop\World of Warcraft-Installationsprogramm.lnk
[2010.05.08 02:28:46 | 000,010,357 | ---- | M] () -- C:\Users\Marvin\Desktop\Microsoft Office Word-Dokument (neu).docx
[2010.05.07 21:04:30 | 001,663,664 | ---- | M] (Blizzard Entertainment) -- C:\Users\Marvin\Desktop\InstallWoW.exe
[2010.05.07 15:34:11 | 000,000,667 | ---- | M] () -- C:\Users\Marvin\Desktop\World of Warcraft.lnk
[2010.05.07 15:29:00 | 003,493,144 | ---- | M] (Blizzard Entertainment) -- C:\Users\Marvin\Desktop\TryWoW.exe
[2010.05.06 10:36:38 | 000,221,568 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe
[2010.05.03 16:47:22 | 000,055,953 | ---- | M] () -- C:\Users\Marvin\Desktop\Schuelerstudium-Flyer.pdf
[2010.04.30 22:13:43 | 003,831,168 | ---- | M] () -- C:\Users\Marvin\Desktop\zyklon36_feat._darkonia_-_Rapliebe_www.rappers.in.mp3
[2010.04.30 22:07:25 | 003,984,867 | ---- | M] () -- C:\Users\Marvin\Desktop\manu_beat_2.mp3
[2010.04.30 19:23:49 | 006,601,925 | ---- | M] () -- C:\Users\Marvin\Desktop\Hot_Rod_ft._Tila_Tequila__Boniface_-_I_Like_To_Fuck.rar
[2010.04.29 16:22:11 | 000,972,959 | ---- | M] () -- C:\Users\Marvin\Desktop\Foto236.jpg
[2010.04.29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010.04.29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010.04.28 01:10:35 | 000,000,349 | ---- | M] () -- C:\Users\Public\Documents\PCLECHAL.INI
[2010.04.28 00:17:04 | 000,051,886 | ---- | M] () -- C:\Users\Marvin\Desktop\schiller der handschuh1p.pdf
[2010.04.28 00:16:46 | 000,016,530 | ---- | M] () -- C:\Users\Marvin\Desktop\schiller der handschuh.docx
[2010.04.28 00:12:24 | 000,009,778 | ---- | M] () -- C:\Users\Marvin\Desktop\schiller der handschuh.pdf
[2010.04.28 00:11:47 | 000,009,782 | ---- | M] () -- C:\Users\Marvin\Documents\schiller der handschuh.pdf
[2010.04.27 23:11:28 | 000,014,017 | ---- | M] () -- C:\Users\Marvin\Desktop\der handschuh.docx
[2010.04.26 15:27:06 | 000,000,056 | -H-- | M] () -- C:\ProgramData\ezsidmv.dat
[2010.04.26 15:24:55 | 001,683,240 | ---- | M] (Skype Technologies S.A.) -- C:\Users\Marvin\Desktop\SkypeSetup.exe
[2010.04.24 13:26:33 | 000,357,792 | ---- | M] () -- C:\Users\Marvin\Desktop\MW2_Chams_v1.0.rar
[2010.04.24 13:24:55 | 001,367,808 | ---- | M] () -- C:\Users\Marvin\Desktop\[cheat-project.com] Simple Chams 1.2 2009-02-21.rar
[2010.04.24 04:16:52 | 000,094,302 | ---- | M] () -- C:\Users\Marvin\Desktop\I Am Rich (cracked).ipa
[2010.04.24 04:07:54 | 000,220,672 | ---- | M] () -- C:\Users\Marvin\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.04.21 15:40:20 | 000,000,671 | ---- | M] () -- C:\Users\Public\Desktop\Combat Arms EU.lnk
[2010.04.21 15:40:20 | 000,000,671 | ---- | M] () -- C:\Users\Marvin\Desktop\Combat Arms EU.lnk
[2010.04.21 14:24:33 | 000,421,888 | ---- | M] (NEXON Inc.) -- C:\Windows\NEXON_EU_DownloaderUpdater.exe
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[1 C:\Users\Marvin\Desktop\*.tmp files -> C:\Users\Marvin\Desktop\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2010.05.20 22:42:30 | 000,002,097 | ---- | C] () -- C:\Users\Marvin\Desktop\hjtscanlist.zip
[2010.05.20 22:37:56 | 000,000,818 | ---- | C] () -- C:\Users\Public\Desktop\Malware-bytes' Anti-Malware.lnk
[2010.05.20 17:28:30 | 000,870,815 | ---- | C] () -- C:\Users\Marvin\02R96G3.pdf
[2010.05.20 17:28:24 | 004,046,710 | ---- | C] () -- C:\Users\Marvin\02R96G1.pdf
[2010.05.20 16:32:44 | 008,206,880 | ---- | C] () -- C:\Users\Marvin\Desktop\SUPERAntiSpyware.exe
[2010.05.19 17:42:22 | 000,398,078 | ---- | C] () -- C:\Users\Marvin\Documents\cc_20100519_174218.reg
[2010.05.19 17:14:30 | 000,001,670 | ---- | C] () -- C:\Users\Marvin\Desktop\CCleaner.lnk
[2010.05.19 14:52:55 | 000,724,952 | ---- | C] () -- C:\Users\Marvin\Desktop\avenger.zip
[2010.05.18 22:44:52 | 000,000,110 | ---- | C] () -- C:\Windows\wininit.ini
[2010.05.18 21:55:35 | 000,001,055 | ---- | C] () -- C:\Users\Marvin\Desktop\Spybot - Search & Destroy.lnk
[2010.05.18 21:47:23 | 000,030,758 | ---- | C] () -- C:\Users\Marvin\Desktop\lang.deutsch.zip
[2010.05.17 17:38:30 | 004,129,892 | ---- | C] () -- C:\Users\Marvin\Desktop\Edward Maya Ft Vika Jigulina - Stereo Love.mp3
[2010.05.17 02:48:23 | 000,000,290 | -H-- | C] () -- C:\Windows\tasks\{8C3FDD81-7AE0-4605-A46A-2488B179F2A3}.job
[2010.05.17 01:31:55 | 002,561,952 | ---- | C] () -- C:\Users\Marvin\Desktop\Kyra feat. Mc Amino - Ich liebe dich [www.Libano-Style.de]  .mp3
[2010.05.17 01:31:32 | 005,267,888 | ---- | C] () -- C:\Users\Marvin\Desktop\Mo von D-Yongs feat. Kyra - Ich Liebe Dich (2009) [www.Libano-Style.de] .mp3
[2010.05.16 01:28:51 | 000,035,840 | ---- | C] () -- C:\Users\Marvin\Desktop\MLK.doc
[2010.05.16 01:26:35 | 000,016,563 | ---- | C] () -- C:\Users\Marvin\Desktop\MLK.docx
[2010.05.15 23:46:08 | 000,016,607 | ---- | C] () -- C:\Users\Marvin\Desktop\Microsoft Office Word-Dokument (neu) (2).docx
[2010.05.15 00:50:16 | 000,176,382 | ---- | C] () -- C:\Users\Marvin\291-12-05-10.jpg
[2010.05.15 00:48:42 | 000,169,879 | ---- | C] () -- C:\Users\Marvin\284-12-05-10.jpg
[2010.05.15 00:47:42 | 000,159,681 | ---- | C] () -- C:\Users\Marvin\270-12-05-10.jpg
[2010.05.15 00:47:19 | 000,158,409 | ---- | C] () -- C:\Users\Marvin\266-12-05-10.jpg
[2010.05.15 00:46:31 | 000,154,220 | ---- | C] () -- C:\Users\Marvin\258-12-05-10.jpg
[2010.05.15 00:42:11 | 000,130,826 | ---- | C] () -- C:\Users\Marvin\169-12-05-10.jpg
[2010.05.15 00:41:24 | 000,128,784 | ---- | C] () -- C:\Users\Marvin\152-12-05-10.jpg
[2010.05.15 00:41:13 | 000,128,369 | ---- | C] () -- C:\Users\Marvin\149-12-05-10.jpg
[2010.05.15 00:35:47 | 000,109,362 | ---- | C] () -- C:\Users\Marvin\019-12-05-10.jpg
[2010.05.14 01:30:30 | 000,002,073 | ---- | C] () -- C:\Users\Public\Desktop\Google Earth.lnk
[2010.05.12 02:01:16 | 000,315,118 | ---- | C] () -- C:\Users\Marvin\pr005.mp3
[2010.05.12 02:00:35 | 000,756,662 | ---- | C] () -- C:\Users\Marvin\röschenhof beitrag.mp3
[2010.05.12 02:00:23 | 001,896,542 | ---- | C] () -- C:\Users\Marvin\röschenhof lied.mp3
[2010.05.12 01:59:26 | 000,325,942 | ---- | C] () -- C:\Users\Marvin\röschenhof.mp3
[2010.05.12 01:57:02 | 001,606,792 | ---- | C] () -- C:\Users\Marvin\schlüssel.mp3
[2010.05.12 01:51:06 | 003,419,750 | ---- | C] () -- C:\Users\Marvin\dümmer als die Polizei erlaubt.mp3
[2010.05.12 01:45:44 | 001,367,819 | ---- | C] () -- C:\Users\Marvin\helmut poppen.mp3
[2010.05.08 02:22:26 | 000,010,357 | ---- | C] () -- C:\Users\Marvin\Desktop\Microsoft Office Word-Dokument (neu).docx
[2010.05.07 21:10:48 | 000,000,743 | ---- | C] () -- C:\Users\Public\Desktop\World of Warcraft.lnk
[2010.05.07 21:10:14 | 000,000,494 | ---- | C] () -- C:\Users\Marvin\Desktop\World of Warcraft-Installationsprogramm.lnk
[2010.05.07 15:34:11 | 000,000,667 | ---- | C] () -- C:\Users\Marvin\Desktop\World of Warcraft.lnk
[2010.05.03 16:47:22 | 000,055,953 | ---- | C] () -- C:\Users\Marvin\Desktop\Schuelerstudium-Flyer.pdf
[2010.04.30 22:13:27 | 003,831,168 | ---- | C] () -- C:\Users\Marvin\Desktop\zyklon36_feat._darkonia_-_Rapliebe_www.rappers.in.mp3
[2010.04.30 22:07:11 | 003,984,867 | ---- | C] () -- C:\Users\Marvin\Desktop\manu_beat_2.mp3
[2010.04.30 19:22:58 | 006,601,925 | ---- | C] () -- C:\Users\Marvin\Desktop\Hot_Rod_ft._Tila_Tequila__Boniface_-_I_Like_To_Fuck.rar
[2010.04.29 16:22:08 | 000,972,959 | ---- | C] () -- C:\Users\Marvin\Desktop\Foto236.jpg
[2010.04.28 00:17:04 | 000,051,886 | ---- | C] () -- C:\Users\Marvin\Desktop\schiller der handschuh1p.pdf
[2010.04.28 00:12:24 | 000,009,778 | ---- | C] () -- C:\Users\Marvin\Desktop\schiller der handschuh.pdf
[2010.04.28 00:11:45 | 000,009,782 | ---- | C] () -- C:\Users\Marvin\Documents\schiller der handschuh.pdf
[2010.04.27 22:24:17 | 000,014,017 | ---- | C] () -- C:\Users\Marvin\Desktop\der handschuh.docx
[2010.04.27 19:04:39 | 000,000,671 | ---- | C] () -- C:\Users\Marvin\Desktop\Combat Arms EU.lnk
[2010.04.27 16:00:13 | 000,016,530 | ---- | C] () -- C:\Users\Marvin\Desktop\schiller der handschuh.docx
[2010.04.26 15:27:06 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010.04.24 13:26:31 | 000,357,792 | ---- | C] () -- C:\Users\Marvin\Desktop\MW2_Chams_v1.0.rar
[2010.04.24 13:24:48 | 001,367,808 | ---- | C] () -- C:\Users\Marvin\Desktop\[cheat-project.com] Simple Chams 1.2 2009-02-21.rar
[2010.04.24 04:16:51 | 000,094,302 | ---- | C] () -- C:\Users\Marvin\Desktop\I Am Rich (cracked).ipa
[2010.04.21 15:40:20 | 000,000,671 | ---- | C] () -- C:\Users\Public\Desktop\Combat Arms EU.lnk
[2010.04.02 19:15:08 | 000,004,465 | ---- | C] () -- C:\Windows\ULEAD32.INI
[2009.10.20 20:19:30 | 000,053,299 | ---- | C] () -- C:\Windows\System32\pthreadVC.dll
[2009.09.23 22:08:41 | 000,000,331 | ---- | C] () -- C:\Windows\SoftWriting.ini
[2009.07.14 17:15:00 | 000,178,432 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat
[2009.04.04 22:08:37 | 000,027,648 | ---- | C] () -- C:\Windows\System32\AVSredirect.dll
[2009.03.14 02:43:45 | 000,001,429 | ---- | C] () -- C:\Windows\csvvt16.ini
[2009.02.26 22:09:33 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2009.02.22 19:18:38 | 000,000,055 | ---- | C] () -- C:\Windows\SpeedGear.INI
[2009.02.01 15:39:14 | 000,000,000 | ---- | C] () -- C:\Windows\CleaningLab.INI
[2008.12.01 19:01:16 | 000,034,308 | ---- | C] () -- C:\Windows\System32\BASSMOD.dll
[2008.08.24 18:07:47 | 000,000,013 | ---- | C] () -- C:\Windows\msgtn.ini
[2008.08.24 18:06:40 | 000,000,323 | ---- | C] () -- C:\Windows\PPSMediaList.ini
[2008.08.05 23:18:13 | 000,036,864 | ---- | C] () -- C:\Windows\System32\DGRip.dll
[2008.08.05 23:18:10 | 000,110,592 | ---- | C] () -- C:\Windows\System32\imsised.dll
[2008.08.05 23:18:08 | 000,053,248 | ---- | C] () -- C:\Windows\System32\imslevel.dll
[2008.07.12 11:25:09 | 000,022,328 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2008.07.03 19:51:24 | 000,049,152 | ---- | C] () -- C:\Windows\System32\mgxasio2.dll
[2008.07.03 19:48:17 | 000,120,200 | ---- | C] () -- C:\Windows\System32\DLLDEV32i.dll
[2008.07.03 19:47:43 | 000,006,768 | ---- | C] () -- C:\Windows\mgxoschk.ini
[2008.06.10 14:20:22 | 000,000,017 | ---- | C] () -- C:\Windows\MovingPicture.ini
[2008.06.10 13:19:47 | 000,196,096 | ---- | C] () -- C:\Windows\System32\macd32.dll
[2008.06.10 13:19:47 | 000,138,752 | ---- | C] () -- C:\Windows\System32\mase32.dll
[2008.06.10 13:19:47 | 000,136,192 | ---- | C] () -- C:\Windows\System32\mamc32.dll
[2008.06.10 13:19:47 | 000,057,856 | ---- | C] () -- C:\Windows\System32\masd32.dll
[2008.06.10 13:19:47 | 000,027,648 | ---- | C] () -- C:\Windows\System32\ma32.dll
[2008.04.30 17:31:20 | 000,116,224 | ---- | C] () -- C:\Windows\System32\redmonnt.dll
[2008.01.09 18:24:01 | 000,000,000 | ---- | C] () -- C:\Windows\VAIOUpdt.INI
[2008.01.09 18:02:48 | 000,019,968 | ---- | C] () -- C:\Windows\System32\cpuinf32.dll
[2008.01.09 18:01:53 | 000,344,064 | ---- | C] () -- C:\Windows\System32\SSMSIppCustom.dll
[2007.08.28 19:03:14 | 000,389,120 | ---- | C] () -- C:\Windows\System32\btwhidcs.dll
[2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2004.01.12 23:53:52 | 000,172,032 | ---- | C] () -- C:\Windows\System32\lame_enc.dll
[2002.06.06 02:01:58 | 000,029,696 | ---- | C] () -- C:\Windows\System32\asutl8.dll
[2001.11.14 14:56:00 | 001,802,240 | ---- | C] () -- C:\Windows\System32\lcppn21.dll
[1997.06.14 10:56:08 | 000,056,832 | ---- | C] () -- C:\Windows\System32\iyvu9_32.dll
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 114 bytes -> C:\ProgramData\TEMP:255C70C8
< End of report >
         

Alt 20.05.2010, 22:15   #5
Ingosh
 
avto1.exe; svchosty.exe; q1.exe; ...: "System Error. Code: 5. Zugriff verweigert." - Standard

avto1.exe; svchosty.exe; q1.exe; ...: "System Error. Code: 5. Zugriff verweigert."



2. "Extras"
Code:
ATTFilter
OTL Extras logfile created on: 20.05.2010 22:59:58 - Run 1
OTL by OldTimer - Version 3.2.5.0     Folder = C:\Users\Marvin\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18813)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 53,00% Memory free
6,00 Gb Paging File | 5,00 Gb Available in Paging File | 77,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 175,77 Gb Total Space | 8,42 Gb Free Space | 4,79% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 952,19 Mb Total Space | 822,34 Mb Free Space | 86,36% Space Free | Partition Type: FAT
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: MARVIN-PC
Current User Name: Marvin
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.reg [@ = Regedit.Document] -- Reg Error: Key error. File not found
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
jsfile [edit] -- "C:\Program Files\Macromedia\Dreamweaver 8\dreamweaver.exe" "%1" (Macromedia, Inc.)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Browse with &IrfanView] -- "C:\Program Files\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" [2009.05.23 23:55:12 | 000,000,000 | ---D | M]
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\PPMate\ppmate.exe" = C:\Program Files\PPMate\ppmate.exe:*:Enabled:PPMate -- File not found
"C:\Program Files\PPMate\ppmnet.exe" = C:\Program Files\PPMate\ppmnet.exe:*:Enabled:PPMate -- File not found
"C:\Program Files\PPStream\PPStream.exe" = C:\Program Files\PPStream\PPStream.exe:*:Enabled:PPSÍøÂçµçÊÓ -- File not found
"C:\Program Files\PPStream\PPSAP.exe" = C:\Program Files\PPStream\PPSAP.exe:*:Enabled:PPS ÍøÂç¼ÓËÙÆ÷ -- File not found
"C:\Nexon\Combat Arms\CombatArms.exe" = C:\Nexon\Combat Arms\CombatArms.exe:*Enabled:CombatArms.exe -- File not found
"C:\Nexon\Combat Arms\Engine.exe" = C:\Nexon\Combat Arms\Engine.exe:*Enabled:Engine.exe -- File not found
"C:\Nexon\Combat Arms EU\CombatArms.exe" = C:\Nexon\Combat Arms EU\CombatArms.exe:*Enabled:CombatArms.exewallPolicy\StandardProfile\AuthorizedApplications\List -- File not found
"C:\Nexon\Combat Arms EU\Engine.exe" = C:\Nexon\Combat Arms EU\Engine.exe:*Enabled:Engine.exe -- File not found
"C:\Nexon\NEXON_EU_Downloader\NEXON_EU_Downloader_Engine.exe" = [String data over 1000 bytes]
"G:\Program Files\Combat Arms EU\CombatArms.exe" = G:\Program Files\Combat Arms EU\CombatArms.exe:*Enabled:CombatArms.exe -- File not found
"G:\Program Files\Combat Arms EU\Engine.exe" = G:\Program Files\Combat Arms EU\Engine.exe:*Enabled:Engine.exewallPolicy\StandardProfile\AuthorizedApplications\List -- File not found
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{03811618-D513-4427-A330-67B1FA18A3E8}" = lport=53 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | 
"{06DCDDAC-691A-4A76-9D3A-462AB6CB082C}" = lport=68 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | 
"{108F1E74-7458-4309-A2DA-77A395CB3C51}" = lport=5000 | protocol=17 | dir=in | name=akamai netsession interface | 
"{10C341FB-6084-4062-98A2-765E3B6E5C07}" = rport=3540 | protocol=17 | dir=out | svc=pnrpsvc | app=%systemroot%\system32\svchost.exe | 
"{166AE583-7CB7-4857-A9F5-53AEB646CEBB}" = lport=3587 | protocol=6 | dir=in | svc=p2psvc | app=%systemroot%\system32\svchost.exe | 
"{16C64A51-4CA2-4615-AEB5-EFEAA75E1CF4}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{16DD5EBE-57DD-4E1E-BB0C-83DD1309AAA1}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{1ECFE706-F450-430A-BC5A-A08AC319BC8D}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{2B554BCB-257F-44A4-92E8-3FAAA973D14A}" = rport=3587 | protocol=6 | dir=out | svc=p2psvc | app=%systemroot%\system32\svchost.exe | 
"{2FBBBA05-20E8-407F-9108-6577C9DFD0C7}" = lport=5357 | protocol=6 | dir=in | app=system | 
"{3126C917-73DB-49A8-B633-D34037EC5F68}" = rport=5722 | protocol=6 | dir=out | svc=dfsr | app=%systemroot%\system32\dfsr.exe | 
"{37354222-0781-4594-87AE-F506F849B599}" = rport=5722 | protocol=6 | dir=out | svc=dfsr | app=%systemroot%\system32\dfsr.exe | 
"{3EA638C7-57E2-4E17-A9E0-9C291F427464}" = lport=2869 | protocol=6 | dir=in | name=microsoft upnp-port (tcp) | 
"{413DE190-9365-488A-B319-2E9D3E4A7737}" = lport=67 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | 
"{4B8AF0DD-DA81-442F-9CFD-E72346D45889}" = lport=3540 | protocol=17 | dir=in | svc=pnrpsvc | app=%systemroot%\system32\svchost.exe | 
"{4DBB5877-07B3-4873-9FE2-0E77E0C3966B}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{4F438359-BF69-446E-BF53-A7634D82924F}" = rport=3702 | protocol=17 | dir=out | app=%systemroot%\system32\netproj.exe | 
"{5182FF19-050F-4F9C-A68C-BF281B26EC1D}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{53C17F2A-604C-4130-A2A2-1CD5FAFC35FC}" = lport=5722 | protocol=6 | dir=in | svc=dfsr | app=%systemroot%\system32\dfsr.exe | 
"{54184EA3-5FF1-468A-AB9E-AF58ABEC42E8}" = lport=3540 | protocol=17 | dir=in | svc=pnrpsvc | app=%systemroot%\system32\svchost.exe | 
"{60419566-3FFC-4C44-927C-DBAA682B49C3}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{69E2A524-BB90-43AF-924D-D80C3FD4083C}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{6B5BC7A7-45DD-403D-8729-BE91FDA05AEF}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{6C0C7535-3EE0-4A8B-8DBE-A4527C547BEF}" = lport=5000 | protocol=17 | dir=in | name=akamai netsession interface | 
"{6F7AE336-78E6-4FC5-A654-7488F592CE83}" = rport=3587 | protocol=6 | dir=out | svc=p2psvc | app=%systemroot%\system32\svchost.exe | 
"{70F8509D-C82A-43FA-A259-C6A26B6DE1F2}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{74BD9C0F-13DD-454C-B19E-2CABD81A5E4A}" = lport=5722 | protocol=6 | dir=in | svc=dfsr | app=%systemroot%\system32\dfsr.exe | 
"{77045C62-6AA7-4AFA-8F22-7FAF8ABE4DA4}" = lport=1900 | protocol=17 | dir=in | name=microsoft upnp-port (udp) | 
"{7D0B1A01-7CA8-40D6-8EF3-833B25B66049}" = lport=5358 | protocol=6 | dir=in | app=system | 
"{8A5DEB5A-C25D-4B03-B8B0-D2B620F7B01A}" = rport=3702 | protocol=17 | dir=out | app=%systemroot%\system32\p2phost.exe | 
"{8D65EF37-4A62-4309-85FB-FA3A306D87C1}" = lport=3587 | protocol=6 | dir=in | svc=p2psvc | app=%systemroot%\system32\svchost.exe | 
"{8E78876B-191B-4B6F-B2AD-1577D3422377}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{9328F9B8-2C8E-404E-B3E4-A4802F574822}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{93B29429-BF97-4FB1-B702-E292989F5597}" = lport=0 | protocol=6 | dir=in | name=magix upnp media server | 
"{9B588467-F6F9-4751-AFA3-8B54CB73B29A}" = lport=3702 | protocol=17 | dir=in | app=%systemroot%\system32\p2phost.exe | 
"{9B6D4BC0-7971-4CFE-87B9-399229D770C9}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{9BD7AA90-68CD-4DD2-B7F3-753456CE202D}" = rport=5357 | protocol=6 | dir=out | app=system | 
"{9E8F06CD-E142-4E47-9113-E0BDC27F0021}" = lport=547 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | 
"{9F88161C-D220-463B-A0B0-1A7EC2238E92}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{A2F104CA-0852-4CF4-BF4F-8138B9BA809F}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{A630D4BA-C062-4A7B-BABA-5ACF31537827}" = rport=3702 | protocol=17 | dir=out | app=%systemroot%\system32\p2phost.exe | 
"{AA14BB49-1EEC-4504-A945-7B921FD6F56C}" = rport=2869 | protocol=6 | dir=out | app=system | 
"{B34FCB92-5F2E-4952-BFDF-A673F125508D}" = rport=3540 | protocol=17 | dir=out | svc=pnrpsvc | app=%systemroot%\system32\svchost.exe | 
"{B5BF74DF-FFCD-4A10-BEF5-9D7E16907B17}" = lport=3702 | protocol=17 | dir=in | app=%systemroot%\system32\netproj.exe | 
"{BBF3DF86-7A59-4EC9-AA22-CD1317987A43}" = lport=55368 | protocol=6 | dir=in | name=akamai netsession interface | 
"{BF860750-175F-47C1-A90D-27ACC7985824}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe | 
"{C684C7F2-EAC3-442D-B313-D3B0BBB87FCC}" = rport=3702 | protocol=17 | dir=out | app=%systemroot%\system32\netproj.exe | 
"{C81558FF-DD6B-4B7E-91F1-83263F3CF254}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{CD08221A-0D5C-40DC-A41D-EE4E74688379}" = rport=5358 | protocol=6 | dir=out | app=system | 
"{D3A8A8ED-8130-484F-ABF8-F0DB42A9D6A3}" = lport=3702 | protocol=17 | dir=in | app=%systemroot%\system32\netproj.exe | 
"{D47C71D6-CC21-4EBC-BC27-8E600E5044AD}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{DD010BCC-3144-48AF-93A9-3438151A80B3}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{E1900DC2-D66E-40F9-81EB-5E73D23AFB9F}" = lport=49163 | protocol=6 | dir=in | name=akamai netsession interface | 
"{F21B954F-7D51-4B82-A7D9-54FD323C7751}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | 
"{FD1F5CDE-5CAC-4B33-B21B-49570056E14F}" = lport=3702 | protocol=17 | dir=in | app=%systemroot%\system32\p2phost.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{005A903F-0D13-4B6C-A85C-E1C277AE78B9}" = protocol=17 | dir=in | app=c:\program files\electronic arts\battleforge\battleforge.exe | 
"{00BC7E84-2A13-4B53-BFFA-DD66B2CB67FB}" = protocol=17 | dir=out | app=%programfiles%\windows collaboration\wincollab.exe | 
"{017FBF47-4C08-442F-82EB-B70CF25FD24A}" = protocol=6 | dir=in | app=c:\program files\google\google talk\googletalk.exe | 
"{065AB4C8-FE94-46D2-9A0F-F7418A7D7921}" = protocol=17 | dir=in | app=g:\program files\combat arms eu\nmservice.exe | 
"{07554B80-4FDF-46F7-8F7C-53089B142098}" = protocol=6 | dir=in | app=%programfiles%\windows collaboration\wincollab.exe | 
"{083243E9-C61A-4CA0-AFE0-A74E9385BADF}" = protocol=6 | dir=in | app=%programfiles%\windows collaboration\wincollab.exe | 
"{085A07BC-FB57-47AC-9A63-C3728EAC1866}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version5\teamviewer.exe | 
"{09499B0A-E24D-42FB-A886-161E2455CC19}" = protocol=6 | dir=in | app=%systemroot%\system32\netproj.exe | 
"{09F0D7BB-0CD4-49D4-BA5C-50E40EB9DADE}" = protocol=17 | dir=in | app=c:\programdata\nexonus\ngm\ngm.exe | 
"{0CFE8F0A-0DD9-423E-9F65-EBDC6E9FF16D}" = protocol=6 | dir=in | app=g:\program files\firaxis games\sid meier's civilization 4\civilization4.exe | 
"{0EBCBC0E-D90A-4BE8-AEE2-45D1E453EE9C}" = protocol=17 | dir=in | app=c:\program files\pinnacle\studio 11\programs\umi.exe | 
"{14401D9D-BEDB-464C-8A8B-CC296BEA9EA3}" = protocol=17 | dir=in | app=c:\program files\pplive\pplive.exe | 
"{1559DEE9-07F0-4730-9E26-45036B7EE807}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe | 
"{159DE89B-278F-42CC-A99A-AA548737C57E}" = protocol=17 | dir=in | app=g:\program files\firaxis games\sid meier's civilization 4\civilization4.exe | 
"{15F19800-CC89-4B1E-B533-E3B3C522330D}" = protocol=6 | dir=in | app=c:\program files\pinnacle\studio 11\programs\pmsregisterfile.exe | 
"{15F9D684-F166-4B1E-8C7D-599BBCF4B74C}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{16791F02-33B9-4699-8A44-C9B92584F5F8}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{16D48908-41AF-41E5-AF49-757C1CF887FD}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{16E955CE-6FAF-43A8-AB7E-AF712AC2AB69}" = protocol=6 | dir=in | app=c:\program files\pinnacle\studio 11\programs\rm.exe | 
"{187CA0A1-89FF-47D4-90BC-9C1409D935D1}" = protocol=6 | dir=in | app=%systemroot%\system32\p2phost.exe | 
"{1AF63AF7-5A24-4521-8971-12FA5F190310}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstrb.exe | 
"{1BAEB2CB-45A1-4569-92CB-462A85D3FBCC}" = protocol=17 | dir=in | app=c:\program files\pinnacle\studio 11\programs\pmsregisterfile.exe | 
"{1CE0A800-4E40-4712-A0E7-46EA081320BA}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe | 
"{263E08A3-C279-4100-9C18-5803301800E7}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe | 
"{26E9C593-5DEC-401A-A4A4-0C7502FD640B}" = protocol=17 | dir=in | app=c:\program files\ubisoft\far cry 2\bin\fc2editor.exe | 
"{298F6F8F-4A38-48B6-BDB5-ED9192431A5B}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{2D618F05-9419-4B86-B093-C8096CC4A15D}" = protocol=6 | dir=in | app=c:\programdata\nexoneu\ngm\ngm.exe | 
"{31A53CFE-AE45-4EC3-A757-08AE1FEDD36A}" = protocol=6 | dir=in | app=c:\program files\electronic arts\battleforge\battleforge.exe | 
"{32841CDE-D75A-4EB6-AF06-8CC188B2536D}" = protocol=6 | dir=in | app=c:\nexon\combat arms eu\nmservice.exe | 
"{35C86A0F-B968-428A-82B3-AC9288B8B0D4}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{3AA7F06A-BE17-4A9E-952A-558C278CF766}" = protocol=6 | dir=in | app=c:\program files\pplive\pplive.exe | 
"{3BE11353-0E61-48FC-A6AA-8070FF829749}" = dir=out | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | 
"{42720A1F-5B7D-4CAB-ACD1-7250782B3C76}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{42BA242A-9640-4AF0-A106-CFBE47EEEF65}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{46E2B583-446F-4EC6-AD40-40ABEA97C227}" = protocol=6 | dir=out | app=%systemroot%\system32\netproj.exe | 
"{489EAFBA-1B02-49C8-963E-A11DB63F15EE}" = protocol=17 | dir=in | app=c:\program files\electronic arts\battleforge\bootstrapper.exe | 
"{4D4C4205-0AF6-4F4B-B139-BEC415696AA0}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version5\teamviewer.exe | 
"{4E9F4365-86C6-4D3B-997D-C276538C396B}" = protocol=6 | dir=out | app=system | 
"{507B36DF-4483-4FE0-9514-5AA5DD225CF7}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{529E0EE9-7CA0-4264-8444-8FF44E58C0FB}" = protocol=6 | dir=in | app=%systemroot%\system32\p2phost.exe | 
"{532003F7-48C0-41BE-B3E4-8B0FD54A36F6}" = protocol=6 | dir=in | app=c:\program files\pinnacle\studio 11\programs\studio.exe | 
"{5651211F-E811-46A4-A584-BD888F807367}" = protocol=17 | dir=in | app=c:\nexon\combat arms eu\nmservice.exe | 
"{568F303B-352E-40A1-A5E7-9E1601C79B82}" = protocol=6 | dir=out | app=%systemroot%\system32\p2phost.exe | 
"{5EEB2EC3-9DA1-48BA-A591-CF41DDD16B5F}" = protocol=6 | dir=in | app=c:\program files\common files\magix shared\upnpservice\upnpservice.exe | 
"{60BB625B-F8B8-41AC-8045-C715BB0D6DB3}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe | 
"{63DECB9A-806F-4598-9693-E8860CA67B45}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{697A3EA4-D0F5-49E4-A83F-59E9ADBA51A7}" = protocol=17 | dir=in | app=c:\program files\ultravnc\vncviewer.exe | 
"{6998FAB4-9E96-4996-AA6D-90E76BBD22AF}" = protocol=17 | dir=in | app=c:\program files\pinnacle\studio 11\programs\studio.exe | 
"{6AC665FD-6F12-43F8-A445-5577E2E75E25}" = protocol=17 | dir=in | app=%programfiles%\windows collaboration\wincollab.exe | 
"{6B7EBBC1-8703-4425-A60C-AE88476ED0A6}" = protocol=6 | dir=in | app=g:\users\public\games\world of warcraft\wow-3.2.0-dede-downloader.exe | 
"{71F38344-E2D3-40D6-94E2-39E8CA9D59CB}" = protocol=17 | dir=in | app=c:\program files\ubisoft\tom clancy's endwar\binaries\endwar.exe | 
"{72FF0AE5-4DE4-4AA9-B018-61027BD39FC3}" = protocol=6 | dir=in | app=c:\program files\ubisoft\tom clancy's endwar\binaries\endwar.exe | 
"{76FB49B4-CA35-4042-AC4F-A6307C497449}" = protocol=17 | dir=in | app=c:\program files\ubisoft\far cry 2\bin\fc2launcher.exe | 
"{7B36D69F-E1AA-4013-8F87-2708F913827F}" = protocol=6 | dir=in | app=c:\program files\pinnacle\studio 11\programs\umi.exe | 
"{7BF183B5-CD4B-4ECB-9304-2572665AD505}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstra.exe | 
"{7EEC59AB-3FA5-4B55-B48C-79A7A5E1C5F2}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe | 
"{7F4630FA-15E3-4A9B-81AD-4ACEEDAAF902}" = protocol=17 | dir=out | app=%programfiles%\windows collaboration\wincollab.exe | 
"{8219BD5F-F94A-4410-9583-1D624B59C354}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe | 
"{824F6E3A-8ED1-4585-8C92-86023CB0E20F}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{8260A6CC-1744-44C1-AF3C-758186029593}" = protocol=6 | dir=out | app=%programfiles%\windows collaboration\wincollab.exe | 
"{835B1C8B-42C5-4135-ABB1-BC9118BF9E57}" = protocol=6 | dir=in | app=c:\program files\ubisoft\tom clancy's endwar\tom clancy's endwar launcher.exe | 
"{838CF00B-1D49-4E65-B88B-A24AAFDA2E6D}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstrb.exe | 
"{86A2CA44-0871-4AF0-8BEC-F57738CE7610}" = protocol=17 | dir=in | app=c:\program files\google\google talk\googletalk.exe | 
"{87F5267C-4469-4FAB-8147-86866AF3D9EA}" = protocol=17 | dir=in | app=c:\programdata\nexoneu\ngm\ngm.exe | 
"{8DDCD3BD-98F3-45E8-ACE4-B0E61B6AD969}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{9420B905-276A-43E3-9DEF-ECBF3581E427}" = protocol=6 | dir=out | app=%programfiles%\windows collaboration\wincollab.exe | 
"{965749E2-9FA3-4D5B-8904-90327C57CB68}" = protocol=17 | dir=in | app=c:\program files\ubisoft\tom clancy's endwar\tom clancy's endwar launcher.exe | 
"{A0126C27-9286-4EB0-8BBA-5DF35C768C66}" = protocol=17 | dir=in | app=g:\users\public\games\world of warcraft\wow-3.2.0-dede-downloader.exe | 
"{A3865D36-9DD8-477D-96B5-C5B32E60EAA6}" = protocol=6 | dir=out | app=%systemroot%\system32\p2phost.exe | 
"{A3E267AA-7639-43CC-A958-279D7E6D3880}" = protocol=58 | dir=in | name=@hnetcfg.dll,-148 | 
"{A9B87859-5A48-4113-A444-CDD9355FF946}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{AF3FB26D-2E09-4D78-922E-B556201D0611}" = protocol=17 | dir=in | app=c:\program files\common files\magix shared\upnpservice\upnpservice.exe | 
"{B4D587EC-2E99-4C64-8D3F-A4900024E84D}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{B52FD02C-8DB2-4243-B945-16E888EB10C8}" = protocol=6 | dir=in | app=c:\program files\dks\lehrerconsole\lcserver.exe | 
"{B5FFD5AE-68E2-4017-BACC-7ABD6AC15143}" = protocol=6 | dir=in | app=c:\program files\ubisoft\far cry 2\bin\fc2launcher.exe | 
"{B8B3D601-F668-4DBD-A967-3981B24AA12B}" = protocol=6 | dir=in | app=c:\program files\ubisoft\far cry 2\bin\farcry2.exe | 
"{BDE1BF1C-B9A4-46A2-8C57-2576B415F72D}" = protocol=17 | dir=in | app=%programfiles%\windows collaboration\wincollab.exe | 
"{C885BA96-C1FE-40A4-B772-A9425E7E2747}" = protocol=6 | dir=in | app=g:\program files\combat arms eu\nmservice.exe | 
"{C99B62FD-5981-4BF6-A066-8AC557B5B2DA}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe | 
"{CBE2F047-21D2-45C5-AE6D-D2E10BEAC6DF}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe | 
"{CCEC1226-AF7F-4596-BF90-7B556757BF49}" = protocol=6 | dir=in | app=c:\program files\ultravnc\vncviewer.exe | 
"{D143A3CA-A7F4-4E03-97F7-A81DFFD6B682}" = protocol=6 | dir=in | app=c:\program files\ubisoft\far cry 2\bin\fc2editor.exe | 
"{D1831C69-D3C8-45D6-9FDC-182686F7925D}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | 
"{D202C910-E5AD-42B4-8548-0E8DF4E6918F}" = protocol=17 | dir=in | app=c:\program files\ubisoft\far cry 2\bin\farcry2.exe | 
"{D9238811-522C-4FB9-8591-2AE439430373}" = protocol=6 | dir=in | app=c:\programdata\nexoneu\ngm\ngm.exe | 
"{DE0B00D8-ED23-4957-848F-DEF82E3EAAE6}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstra.exe | 
"{E4AA91D5-9539-4737-890E-3DC2CD6DC430}" = protocol=17 | dir=in | app=c:\program files\dks\lehrerconsole\lcserver.exe | 
"{EC1B3AD9-8261-4E20-ADA6-B4018F891A72}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe | 
"{EC9F553A-A23B-46C9-97A0-27DC49E304D8}" = protocol=6 | dir=in | app=c:\programdata\nexonus\ngm\ngm.exe | 
"{EDA6EC42-C5AC-48E7-8639-F7690E8FE002}" = protocol=17 | dir=in | app=c:\program files\pinnacle\studio 11\programs\rm.exe | 
"{EE74961B-E111-4A8E-8EB1-C2EF80EC208C}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{EECECEB2-5383-432D-9C88-B9A178B50FD9}" = protocol=17 | dir=in | app=c:\programdata\nexoneu\ngm\ngm.exe | 
"{EF50F8D3-E4AE-4333-85EA-728F8EABB324}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{F1084597-D15D-48A8-AEA4-8AE83B824A89}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{F34337FD-D42D-4310-AF63-0BD59AA81C55}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{F37B33B3-7942-488B-90C1-E6185EADD1D2}" = protocol=6 | dir=in | app=c:\program files\electronic arts\battleforge\bootstrapper.exe | 
"{F46B797C-C407-469D-9A16-58D334FA135E}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{FAC13BA7-0F8E-4615-BE73-6D0667018350}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"TCP Query User{0E8C22AF-2FF1-4690-BBBA-C51073951F0C}C:\program files\java\jre1.6.0_04\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre1.6.0_04\bin\javaw.exe | 
"TCP Query User{1F232C5B-4EAB-4113-AB7B-18888BA5F6E1}H:\remotepadserver-2.0-windows\remotepad server.exe" = protocol=6 | dir=in | app=h:\remotepadserver-2.0-windows\remotepad server.exe | 
"TCP Query User{26798DD4-ADCE-4EE0-86F8-2CC5BFBAE92B}C:\program files\ubisoft\far cry 2\bin\farcry2.exe" = protocol=6 | dir=in | app=c:\program files\ubisoft\far cry 2\bin\farcry2.exe | 
"TCP Query User{310626D6-C776-452A-9CE3-A150863CBDDC}C:\program files\skype\phone\skype.exe" = protocol=6 | dir=in | app=c:\program files\skype\phone\skype.exe | 
"TCP Query User{3888C969-2C6F-487E-AC3B-8A1499DC41DF}C:\program files\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\java.exe | 
"TCP Query User{52E8F8A6-54B1-4C14-9CD5-9A7B468E59A1}C:3\program files\combat arms eu\nmservice.exe" = protocol=6 | dir=in | app=c:3\program files\combat arms eu\nmservice.exe | 
"TCP Query User{53AA20D8-2C93-432C-88AF-7B90BEB04C63}C:\programdata\kaspersky lab setup files\kaspersky internet security 2009\german\setup.exe" = protocol=6 | dir=in | app=c:\programdata\kaspersky lab setup files\kaspersky internet security 2009\german\setup.exe | 
"TCP Query User{557CA195-CE14-46C8-B7BD-5F409D4C8089}C:\program files\cyanide\radsport manager\cym2003.exe" = protocol=6 | dir=in | app=c:\program files\cyanide\radsport manager\cym2003.exe | 
"TCP Query User{621F8812-3B7B-4166-BC2F-18626E170243}C:\program files\vuze\azureus.exe" = protocol=6 | dir=in | app=c:\program files\vuze\azureus.exe | 
"TCP Query User{69637B84-763D-4852-B048-896733679300}C:\program files\lan.fs\lan-fs.exe" = protocol=6 | dir=in | app=c:\program files\lan.fs\lan-fs.exe | 
"TCP Query User{6CEEE10D-138F-451D-80A0-A43769F63278}C:\programdata\kaspersky lab setup files\kaspersky anti-virus 2009\german\setup.exe" = protocol=6 | dir=in | app=c:\programdata\kaspersky lab setup files\kaspersky anti-virus 2009\german\setup.exe | 
"TCP Query User{70CACB44-16B9-4AAB-8AFF-F64C03896E25}C:2\program files\combat arms eu\nmservice.exe" = protocol=6 | dir=in | app=c:2\program files\combat arms eu\nmservice.exe | 
"TCP Query User{75241715-DFEB-4384-A764-79490AE10783}H:\remote\itap-2.2\itap.exe" = protocol=6 | dir=in | app=h:\remote\itap-2.2\itap.exe | 
"TCP Query User{7B863626-2A4C-4765-A8D4-E6B30398CA90}G:\users\public\games\world of warcraft\launcher.exe" = protocol=6 | dir=in | app=g:\users\public\games\world of warcraft\launcher.exe | 
"TCP Query User{8ECED89D-964A-4228-9F8B-CAE570749B90}C:\program files\microsoft office\office12\groove.exe" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe | 
"TCP Query User{9D515098-36F7-4D79-B5DB-590218A7B835}C:\windows\explorer.exe" = protocol=6 | dir=in | app=c:\windows\explorer.exe | 
"TCP Query User{B1E27738-9658-4B19-BAB9-828593C9A215}C:\program files\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6.5\icq.exe | 
"TCP Query User{D695C9FA-6C4F-4212-93C6-D815DFAFD80F}G:\users\public\games\world of warcraft trial\backgrounddownloader.exe" = protocol=6 | dir=in | app=g:\users\public\games\world of warcraft trial\backgrounddownloader.exe | 
"TCP Query User{D9471245-DF3A-49AD-A4F2-09AE219C7F90}C:\program files\valve\hl.exe" = protocol=6 | dir=in | app=c:\program files\valve\hl.exe | 
"TCP Query User{E32DFBC3-F32F-4E6E-A317-C1FBBF437B3E}C:\program files\valve\hl.exe" = protocol=6 | dir=in | app=c:\program files\valve\hl.exe | 
"TCP Query User{E93383FE-AA03-43C6-AD27-68E4BE187366}C:\program files\free music zilla\fmzilla.exe" = protocol=6 | dir=in | app=c:\program files\free music zilla\fmzilla.exe | 
"TCP Query User{E9705A05-C181-4482-9D8A-80E3A9B406AF}H:\remote\itap-2.2\itap.exe" = protocol=6 | dir=in | app=h:\remote\itap-2.2\itap.exe | 
"TCP Query User{E9FA86A1-6E17-4884-B2BB-902B2756A7EB}C:\program files\vuze\azureus.exe" = protocol=6 | dir=in | app=c:\program files\vuze\azureus.exe | 
"TCP Query User{EF8490D1-0172-4AC6-9E9A-E9E2F2414901}C:\program files\skype\phone\skype.exe" = protocol=6 | dir=in | app=c:\program files\skype\phone\skype.exe | 
"TCP Query User{FD025D76-73F3-4DA9-B974-AC9FDEE1C7EE}C:\program files\pinnacle\studio 11\programs\studio.exe" = protocol=6 | dir=in | app=c:\program files\pinnacle\studio 11\programs\studio.exe | 
"TCP Query User{FD39AA06-BA3E-4926-848A-BFF44E9949A7}C:\nexon\nexon_eu_downloader\nexon_eu_downloader_engine.exe" = protocol=6 | dir=in | app=c:\nexon\nexon_eu_downloader\nexon_eu_downloader_engine.exe | 
"UDP Query User{04451D5F-3F56-40AC-9360-987135635DE1}C:2\program files\combat arms eu\nmservice.exe" = protocol=17 | dir=in | app=c:2\program files\combat arms eu\nmservice.exe | 
"UDP Query User{26C8CA8A-BA6B-44A2-B330-93945687A5E2}C:\program files\pinnacle\studio 11\programs\studio.exe" = protocol=17 | dir=in | app=c:\program files\pinnacle\studio 11\programs\studio.exe | 
"UDP Query User{2A470F42-EE45-4675-B874-9A8D50D503E6}C:\program files\lan.fs\lan-fs.exe" = protocol=17 | dir=in | app=c:\program files\lan.fs\lan-fs.exe | 
"UDP Query User{30E0AC42-8E46-4A3E-9666-EB16EC7ACBD4}C:\program files\valve\hl.exe" = protocol=17 | dir=in | app=c:\program files\valve\hl.exe | 
"UDP Query User{3C059756-604F-4B17-A61D-45DD854EA522}C:\program files\microsoft office\office12\groove.exe" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe | 
"UDP Query User{3FF31CD5-7778-4151-B958-4F192567F0F1}C:\windows\explorer.exe" = protocol=17 | dir=in | app=c:\windows\explorer.exe | 
"UDP Query User{6659AFF8-563B-45CA-8BA9-ED5BAC508BEB}C:\program files\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\java.exe | 
"UDP Query User{74BDD7AC-5B15-4C7D-BAFD-B0F1401CF82B}C:\program files\skype\phone\skype.exe" = protocol=17 | dir=in | app=c:\program files\skype\phone\skype.exe | 
"UDP Query User{780C75BE-5039-4517-9065-FB2BD820B8F0}G:\users\public\games\world of warcraft trial\backgrounddownloader.exe" = protocol=17 | dir=in | app=g:\users\public\games\world of warcraft trial\backgrounddownloader.exe | 
"UDP Query User{7C66F307-9490-4338-835B-FAF5A8613C18}C:\program files\java\jre1.6.0_04\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre1.6.0_04\bin\javaw.exe | 
"UDP Query User{8454967A-102E-4DDC-B7BD-6D0E0DEE60C6}C:\program files\free music zilla\fmzilla.exe" = protocol=17 | dir=in | app=c:\program files\free music zilla\fmzilla.exe | 
"UDP Query User{88B31210-F5B8-4BBF-9F8C-EA4BE28B5C3F}C:\program files\vuze\azureus.exe" = protocol=17 | dir=in | app=c:\program files\vuze\azureus.exe | 
"UDP Query User{910EB843-69B8-4E12-9AE7-EBE2F7512694}C:\program files\cyanide\radsport manager\cym2003.exe" = protocol=17 | dir=in | app=c:\program files\cyanide\radsport manager\cym2003.exe | 
"UDP Query User{9D3FAB09-284F-45FA-A83F-1023EE372059}C:\program files\ubisoft\far cry 2\bin\farcry2.exe" = protocol=17 | dir=in | app=c:\program files\ubisoft\far cry 2\bin\farcry2.exe | 
"UDP Query User{A0754F2C-B72C-41F2-88B7-9AC7C3ADE00D}C:\program files\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6.5\icq.exe | 
"UDP Query User{A40F16E3-FDF2-4C3A-AC77-E29086E06309}C:\programdata\kaspersky lab setup files\kaspersky internet security 2009\german\setup.exe" = protocol=17 | dir=in | app=c:\programdata\kaspersky lab setup files\kaspersky internet security 2009\german\setup.exe | 
"UDP Query User{AC214FFC-B4D5-451A-8928-ADE54D731B29}H:\remote\itap-2.2\itap.exe" = protocol=17 | dir=in | app=h:\remote\itap-2.2\itap.exe | 
"UDP Query User{AF3E8C46-8F70-448A-B0FA-7EA15C2A98AF}C:\nexon\nexon_eu_downloader\nexon_eu_downloader_engine.exe" = protocol=17 | dir=in | app=c:\nexon\nexon_eu_downloader\nexon_eu_downloader_engine.exe | 
"UDP Query User{BD0DE86B-A3D6-4900-A1D6-9A0864FE9059}C:\program files\skype\phone\skype.exe" = protocol=17 | dir=in | app=c:\program files\skype\phone\skype.exe | 
"UDP Query User{C233DBA9-BBBC-45B6-883B-CFA85A229DF6}H:\remote\itap-2.2\itap.exe" = protocol=17 | dir=in | app=h:\remote\itap-2.2\itap.exe | 
"UDP Query User{D58E460B-6377-42B2-82D7-E60FAEB291FA}C:\programdata\kaspersky lab setup files\kaspersky anti-virus 2009\german\setup.exe" = protocol=17 | dir=in | app=c:\programdata\kaspersky lab setup files\kaspersky anti-virus 2009\german\setup.exe | 
"UDP Query User{D8F22B65-33BC-4444-AD87-BBD4CDA8502B}H:\remotepadserver-2.0-windows\remotepad server.exe" = protocol=17 | dir=in | app=h:\remotepadserver-2.0-windows\remotepad server.exe | 
"UDP Query User{E06E0E8D-5E1E-4F52-AD8C-BD58EE2AA6E8}G:\users\public\games\world of warcraft\launcher.exe" = protocol=17 | dir=in | app=g:\users\public\games\world of warcraft\launcher.exe | 
"UDP Query User{E99E0A7F-7EFE-4922-9179-6CEFC236322F}C:\program files\valve\hl.exe" = protocol=17 | dir=in | app=c:\program files\valve\hl.exe | 
"UDP Query User{F62031DC-DE9C-4F44-A6FF-4FCF596452DE}C:\program files\vuze\azureus.exe" = protocol=17 | dir=in | app=c:\program files\vuze\azureus.exe | 
"UDP Query User{FC476A89-C16B-4769-9896-006460045521}C:3\program files\combat arms eu\nmservice.exe" = protocol=17 | dir=in | app=c:3\program files\combat arms eu\nmservice.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"_{7F05E704-30A6-421A-97A7-8EEB1C7FF010}" = CorelDRAW(R) Graphics Suite X4
"_{CE2DA11A-917F-4CF5-AB55-755EC115DD10}" = CorelDRAW(R) Graphics Suite X4 - Windows Shell Extension
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{0046FA01-C5B9-4985-BACB-398DC480FC05}" = Adobe Photoshop CS3
"{009E7FB7-1775-4D89-8956-F5C9A1C019FC}" = DSD Playback Plug-in
"{010C0B4A-DC93-4BB4-893B-BDDE95355A3E}" = Freeware PDF Unlocker
"{017FDD1B-A971-4084-B652-584181002812}" = VAIO Content Metadata Intelligent Analyzing Manager
"{01FDC9FC-4D4F-4DB0-ACD1-D3E8E1D52902}" = Sony Video Shared Library
"{03D1988F-469F-4843-8E6E-E5FE9D17889D}" = WIDCOMM Bluetooth Software 6.1.0.2000
"{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{07159635-9DFE-4105-BFC0-2817DB540C68}" = Roxio Activation Module
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{07D8511D-C9FE-4A93-933F-EAA5C8F20095}" = IDT Audio
"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
"{0F022A2E-7022-497D-90A5-0F46746D8275}" = Macromedia Extension Manager
"{110B1ADF-2EAE-4E8F-B501-D2A1E6D8ED9D}" = Studio 11
"{13B792AA-C078-43A4-8A3A-8B12D629940D}" = Counter-Strike 1.6
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}" = QuickTime
"{15D5C238-4C2E-4AEA-A66D-D6989A4C586B}" = VAIO Launcher
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{20471B27-D702-4FE8-8DEC-0702CC8C0A85}" = WinDVD BD for VAIO
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{2063C2E8-3812-4BBD-9998-6610F80C1DD4}" = VAIO Media AC3 Decoder 1.0
"{206FD69B-F9FE-4164-81BD-D52552BC9C23}" = GearDrvs
"{2217B0B4-35CB-48C6-B640-864DF2F30F99}" = OpenOffice.org 3.2
"{226b64e8-dc75-4eea-a6c8-abcb496320f2}-Google Talk" = Google Talk (remove only)
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{23825B69-36DF-4DAD-9CFD-118D11D80F16}" = VAIO Content Folder Setting
"{26A24AE4-039D-4CA4-87B4-2F83216016FF}" = Java(TM) 6 Update 16
"{27CC6AB1-E72B-4179-AF1A-EAE507EBAF51}_is1" = ConvertHelper 2.1
"{28549656-3CB3-44B6-9FAB-925A18DAC796}" = VAIO Movie Story
"{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3
"{2A0F3EF9-68EE-49E9-A05B-ED5B82DF63E5}" = Wireless Switch Setting Utility
"{2F952048-3220-4AC7-A206-D01EFC774BB2}" = Studio 11
"{3248F0A8-6813-11D6-A77B-00B0D0160020}" = Java(TM) 6 Update 2
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java(TM) 6 Update 3
"{3248F0A8-6813-11D6-A77B-00B0D0160040}" = Java(TM) 6 Update 4
"{3921A67A-5AB1-4E48-9444-C71814CF3027}" = VCRedistSetup
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3D960387-76B3-4758-BAF7-D156B14A032F}" = Ulead PhotoImpact 8
"{3EB47E4E-AEA2-4DCD-BC4C-7191D4E1B3EF}" = VAIO Content Metadata XML Interface Library
"{3EE33958-7381-4E7B-A4F3-6E43098E9E9C}" = Browser Address Error Redirector
"{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support
"{3FB63031-4DF3-43E1-98E4-F39F6172C2FE}" = aerosoft's - German Airports 3 - FS2002
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{419EE2A0-0E9B-4312-9689-4FD10738531E}" = Visual Pinball
"{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger
"{4377F918-E6C9-4ECA-A7F5-754B310B7ED8}" = Sid Meier's Civilization 4
"{44025BD7-AD10-4769-99AE-6378FD0303D6}" = Macromedia Dreamweaver 8
"{44A27085-0616-4181-A0C3-81C7ECA17F73}" = CorelDRAW Graphics Suite X4
"{45A1BF92-700A-4408-B95E-79F462E3D67D}" = Studio 11 Bonus DVD
"{48820099-ED7D-424B-890C-9A82EF00656D}" = VAIO Update 3
"{4DCEA9C1-4D6E-41BF-A854-28CFA8B56DBF}" = Click to Disc Editor
"{4EA2F95F-A537-4d17-9E7F-6B3FF8D9BBE3}" = Microsoft Works
"{4EA55D20-27FB-45D7-8726-147E8A5F6C62}" = VAIO MusicBox
"{500162A0-4DD5-460A-BAFD-895AAE48C532}" = VAIO Media Content Collection 6.0
"{51846830-E7B2-4218-8968-B77F0FF475B8}" = Adobe Color EU Extra Settings
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{533D0A8A-D7E7-4F15-BC9E-FF2916A6BAA7}" = DSD Direct Player
"{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3
"{560F6B2E-F0DF-44E5-8190-A4A161F0E205}" = VAIO Media 6.0
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{57B955CE-B5D3-495D-AF1B-FAEE0540BFEF}" = VAIO Data Restore Tool
"{5855C127-1F20-404D-B7FB-1FD84D7EAB5E}" = VAIO Media Redistribution 6.0
"{596BED91-A1D8-4DF1-8CD1-1C777F7588AC}" = VAIO DVD Menu Data Basic
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call
"{60DE4033-9503-48D1-A483-7846BD217CA9}" = ICQ6.5
"{6332AFF1-9D9A-429C-AA03-F82749FA4F49}" = SonicStage Mastering Studio
"{63A6E9A9-A190-46D4-9430-2DB28654AFD8}" = Norton 360
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{68A69CFF-130D-4CDE-AB0E-7374ECB144C8}" = Click to Disc
"{69351E9E-23ED-41D5-B146-EDBF83C63B66}" = VAIO Content Metadata Manager Setting
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6ABE0BEE-D572-4FE8-B434-9E72A289431B}" = Adobe Fonts All
"{6B1F20F2-6321-4669-A58C-33DF8E7517FF}" = VAIO Entertainment Platform
"{6D2576EC-A0E9-418A-A09A-409933A3B6F4}" = VAIO Camera Capture Utility
"{6FA8BA2C-052B-4072-B8E2-2302C268BE9E}" = VAIO Movie Story Template Data
"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3
"{72042FA6-5609-489F-A8EA-3C2DD650F667}" = VAIO Control Center
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{785EB1D4-ECEC-4195-99B4-73C47E187721}" = VAIO Media Integrated Server 6.1
"{7B3F0113-E63C-4D6D-AF19-111A3165CCA2}" = Text-To-Speech-Runtime
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7F05E704-30A6-421A-97A7-8EEB1C7FF010}" = CorelDRAW Graphics SUite X4 - ICA
"{7F05E704-30A6-421A-97A7-8EEB1C7FF012}" = CorelDRAW Graphics Suite X4 - Capture
"{7F05E704-30A6-421A-97A7-8EEB1C7FF013}" = CorelDRAW Graphics Suite X4 - Draw
"{7F05E704-30A6-421A-97A7-8EEB1C7FF014}" = CorelDRAW Graphics Suite X4 - PP
"{7F05E704-30A6-421A-97A7-8EEB1C7FF016}" = CorelDRAW Graphics Suite X4 - Content
"{7F05E704-30A6-421A-97A7-8EEB1C7FF017}" = CorelDRAW Graphics Suite X4 - Filters
"{7F05E704-30A6-421A-97A7-8EEB1C7FF019}" = CorelDRAW Graphics Suite X4 - FontNav
"{802771A9-A856-4A41-ACF7-1450E523C923}" = Adobe XMP Panels CS3
"{802889F8-6AF5-45A5-9764-CA5B999E50FC}" = VAIO Power Management
"{81063354-9060-42B2-A000-1EBE96778AA9}" = iTunes
"{82D5BACA-3619-4D34-99DB-3A65CFB4DA33}" = DSD Direct
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8AF3E926-ED59-11D4-A44B-0000E86D2305}" = Ulead GIF Animator 5 Test
"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3
"{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISE_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9559F7CA-5E34-4237-A2D9-D856464AD727}" = Project64 1.6
"{95655ED4-7CA5-46DF-907F-7144877A32E5}" = Adobe Color NA Recommended Settings
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{989112B0-74DB-4A40-932F-580049CD0B97}" = Visual Basic for Applications (R) Core - German
"{98FC7A64-774B-49B5-B046-4B4EBC053FA9}" = VAIO MusicBox Sample Music
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9AB83A3C-604D-4B4F-AA25-A23A3FC39844}" = ArcSoft Magic-i Visual Effects Installer
"{9B7802FF-2E35-4361-8A82-D207C7E9F99B}" = Camtasia Studio 5
"{9C1C8A04-F8CA-4472-A92D-4288CE32DE86}" = SonicStage Mastering Studio Plugins
"{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3
"{9D0798D0-AF6C-4E62-94B1-AEBF1A43E00A}" = CorelDRAW Graphics Suite X4 - IPM
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Alps Pointing-device for VAIO
"{9FA8B5F5-4BDC-4CF4-9202-AA97FF79AE98}" = VAIO Media
"{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps
"{A2D81E70-2A98-4A08-A628-94388B063C5E}" = Adobe Color - Photoshop Specific
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A63E7492-A0BC-4BB9-89A7-352965222380}" = VAIO Original Function Setting
"{A7DA438C-2E43-4C20-BFDA-C1F4A6208558}" = Setting Utility Series
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder
"{AA346790-8BF2-4826-9E30-18E9BB547663}" = VAIO Content Metadata Manager Setting
"{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter
"{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support
"{ABF29EC7-47C1-4C63-8FE7-3824FD66F357}" = VAIO Content Metadata Intelligent Analyzing Manager
"{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}" = PDF Settings
"{AC76BA86-7AD7-1031-7B44-A81200000003}" = Adobe Reader 8.1.2 - Deutsch
"{AEBB1D78-EB8C-4F8B-B57E-459958979C3B}" = VAIO Content Metadata XML Interface Library
"{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder
"{AEFBAC58-2DDD-4CEF-BDFD-52A5A5F432ED}" = CorelDRAW Graphics Suite X4 - Lang DE
"{B0DC2DA9-2AF9-422A-88E0-1B84E0F65DB5}" = Speed-Link SL-6535 USB Pad
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B25563A0-41F4-4A81-A6C1-6DBC0911B1F3}" = VAIO Movie Story
"{B3940EA5-7872-487E-AF15-CF20DBD65F1B}" = RapidLeecher
"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B45FABE7-D101-4D99-A671-E16DA40AF7F0}" = Microsoft Games for Windows - LIVE
"{B578C85A-A84C-4230-A177-C5B2AF565B8C}" = Microsoft Games for Windows - LIVE Redistributable
"{B61D21B6-469D-4423-B161-62DB20B8A70E}" = Visual Basic for Applications (R) Core - English
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Plus Web Player
"{B7FB0C86-41A4-4402-9A33-912C462042A0}" = Roxio Easy Media Creator Home
"{B944FA21-81AF-4A77-8328-CE4F4CC51031}" = Nero 8
"{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3
"{BF439B41-0252-48DE-8B8B-0430CB26A181}" = CorelDRAW Graphics Suite X4 - VBA
"{C11B0B31-C101-4B56-8BA8-F5113022EF2B}" = VAIO Content Metadata Intelligent Analyzing Manager
"{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}" = Adobe ExtendScript Toolkit 2
"{C580908C-B3BA-4C19-BD60-16F02F272201}" = BattleForge™
"{C7340571-7773-4A8C-9EBC-4E4243B38C76}" = Microsoft XML Parser
"{C7477742-DDB4-43E5-AC8D-0259E1E661B1}" = VAIO Event Service
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CBF78A5F-7950-4CF1-A063-C4C7B2B82CE6}" = SoundSoap PE
"{CC874CBB-BD87-4126-9465-AE73BB62D6E0}" = Studio 11 Ultimate
"{CCD663AE-610D-4BDF-AAB0-E914B044527D}" = OpenMG Secure Module 4.7.00
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE2DA11A-917F-4CF5-AB55-755EC115DD10}" = CorelDRAW(R) Graphics Suite X4 - Windows Shell Extension
"{CFBCE791-2D53-4FCE-B3FB-D6E01F4112E8}" = Sid Meier's Civilization 4
"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D1BB4446-AE9C-4256-9A7F-4D46604D2462}" = Adobe Setup
"{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files
"{D60F97EC-EF06-4E1E-B0D1-C2CBABA62FA3}" = VAIO Wallpaper Contents
"{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}" = Adobe Color Common Settings
"{DB81779E-7CC5-4630-BCFC-754004956444}" = Visual Basic for Applications (R) Core
"{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}" = Adobe Color JA Extra Settings
"{DF7DB916-90E5-40F2-9010-B8125EB5FD6F}" = SonicStage Mastering Studio Audio Filter
"{E503B4BF-F7BB-3D5F-8BC8-F694B1CFF942}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218
"{E66BB7B9-EC7B-45A6-B479-AD43A9B32AA0}" = SonicStage Mastering Studio
"{E6707034-D7A4-49B1-94D0-F5AACE46F06C}" = Instant Mode
"{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3
"{EC37A846-53AC-4DA7-98FA-76A4E74AA900}" = Benutzerdefinierte Voreinstellungen für SonicStage Mastering Studio Audio Filter
"{EF781A5C-58F5-4BFD-87F9-E4F14D382F25}" = Pinnacle Instant DVD Recorder
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F0F927A8-589F-4569-0001-309A9C79D6D0}" = i-Studio 2
"{F2835483-37F2-4123-B4FE-0E77D58447F2}" = Far Cry 2
"{F2981287-40A5-4814-A906-07A2BBBCC2B2}" = capella 2008
"{F5397A82-641F-4643-8200-51D7F0016511}" = Click to Disc
"{F570A6CC-53ED-4AA9-8B08-551CD3E38D8B}" = 
"{F7B0939E-58DF-11DF-B3A6-005056806466}" = Google Earth
"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials
"{F9AEEC34-CF00-4CBD-9E36-DF9DC4002685}" = Yahoo! Desktop Login
"{FE0646A7-19D0-41B4-A2BB-2C35D644270D}" = Windows Live OneCare safety scanner
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"7-Zip" = 7-Zip 4.57
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe_2ac78060bc5856b0c1cf873bb919b58" = Adobe Photoshop CS3
"AFPL Ghostscript 8.54" = AFPL Ghostscript 8.54
"AFPL Ghostscript Fonts" = AFPL Ghostscript Fonts
"Age of Empires 2.0" = Microsoft Age of Empires II
"Akamai" = Akamai NetSession Interface
"AnyTV Free_is1" = AnyTV Free 2.21
"AoA MP4 Converter_is1" = AoA MP4 Converter
"ASIO4ALL" = ASIO4ALL
"AsUninst.exe" = Anvil Studio
"Atlantis - Sky Patrol" = Atlantis - Sky Patrol (remove only)
"Audacity_is1" = Audacity 1.2.6
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"BeCyPDFMetaEdit" = BeCyPDFMetaEdit
"Big Fish Games Center" = Big Fish Games Center
"Big Fish Games Sudoku" = Big Fish Games Sudoku (remove only)
"CCleaner" = CCleaner
"CDex" = CDex extraction audio
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_104D0200" = HDAUDIO SoftV92 Data Fax Modem with SmartCP
"Collab" = Collab
"Combat Arms EU" = Combat Arms EU
"Cool Record Edit Pro" = Cool Record Edit Pro
"dBpoweramp Music Converter" = dBpoweramp Music Converter
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"dt icon module" = 
"DVD Shrink_is1" = DVD Shrink 3.2
"DVDFab (Platinum/Gold/HD Decrypter) (Option: Mobile) 5_is1" = DVDFab (Platinum/Gold/HD Decrypter) (Option: Mobile) 5.0.3.0
"EAX Unified" = EAX Unified
"ENTERPRISE" = Microsoft Office Enterprise 2007
"ExpressBurn" = Express Burn
"FBDBServer_2_0_is1" = Firebird 2.1.0.16780 (Win32)
"FileZilla Client" = FileZilla Client 3.2.4.1
"Firebird SQL Server D" = Firebird SQL Server - MAGIX Edition 2.0.0.1 (D)
"Flight Simulator 8.0" = Microsoft Flight Simulator 2002
"FONTOG41" = Fontographer 4.1
"Foxit Reader" = Foxit Reader
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.2
"Free Audio Dub_is1" = Free Audio Dub version 1.6
"Free Audio to Flash Converter_is1" = Free Audio to Flash Converter version 1.3
"Free DVD Decrypter_is1" = Free DVD Decrypter version 1.4
"Free DVD Video Burner_is1" = Free DVD Video Burner version 2.1
"Free DVD Video Converter_is1" = Free DVD Video Converter version 1.1
"Free FLV Converter_is1" = Free FLV Converter V 6.32
"Free Music Zilla_is1" = Free Music Zilla
"Free PDF to Word Doc Converter_is1" = Free PDF to Word Doc Converter v1.1
"Free Video Dub_is1" = Free Video Dub version 1.6
"Free Video to DVD Converter_is1" = Free Video to DVD Converter version 1.2
"Free Video to Flash Converter_is1" = Free Video to Flash Converter version 4.4
"Free Video to iPod Converter_is1" = Free Video to iPod Converter version 3.4
"Free Video to MP3 Converter_is1" = Free Video to MP3 Converter version 3.4
"Free YouTube Download_is1" = Free YouTube Download 2.4
"Free YouTube to DVD Converter_is1" = Free YouTube to DVD Converter version 2.2
"Free YouTube to iPhone Converter_is1" = Free YouTube to iPhone Converter version 2.3
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.3
"FreePDF_XP" = FreePDF XP (Remove only)
"FUSSBALL MANAGER 09" = FUSSBALL MANAGER 09
"GIF Animator" = Microsoft GIF Animator
"GMX SMS-Manager" = GMX SMS-Manager
"gtfirstboot Setting Request" = 
"Half-Life" = Half-Life
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"Icy Tower v1.4_is1" = Icy Tower v1.4
"InstallShield_{20471B27-D702-4FE8-8DEC-0702CC8C0A85}" = WinDVD BD for VAIO
"InstallShield_{4DCEA9C1-4D6E-41BF-A854-28CFA8B56DBF}" = Click to Disc Editor
"InstallShield_{CCD663AE-610D-4BDF-AAB0-E914B044527D}" = OpenMG Secure Module 4.7.00
"intelliScore Ensemble WAV to MIDI Converter Demo" = intelliScore Ensemble WAV to MIDI Converter Demo
"IrfanView" = IrfanView (remove only)
"JAP" = JAP
"JLC's Internet TV" = JLC's Internet TV
"LibUSB-Win32_is1" = LibUSB-Win32-0.1.12.1
"MAGIX Foto Manager 2007 D" = MAGIX Foto Manager 2007 4.2.0.42 (D)
"MAGIX Goya burnR D" = MAGIX Goya burnR 2.3.1.3 (D)
"MAGIX Music Cleaning Lab 2007 deluxe D" = MAGIX Music Cleaning Lab 2007 deluxe 8.0.1.0 (D)
"MAGIX Music Maker Hip Hop Edition 2 D" = MAGIX Music Maker Hip Hop Edition 2 4.0.0.10 (D)
"MAGIX Music Manager 2007 D" = MAGIX Music Manager 2007 8.1.1.29 (D)
"MAGIX Online Druck Service D" = MAGIX Online Druck Service 2.3.2.0 (D)
"Mahjong Towers Eternity EU" = Mahjong Towers Eternity EU (remove only)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"MarketingTools" = Vaio Marketing Tools
"Messenger Plus! Live" = Messenger Plus! Live
"MFU Module" = 
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Moorhuhn Pinball XS" = Moorhuhn Pinball XS
"Movies" = Movies
"Mozilla Firefox (3.0.19)" = Mozilla Firefox (3.0.19)
"MP Navigator 3.0" = Canon MP Navigator 3.0
"Mystery Case Files - Prime Suspects" = Mystery Case Files - Prime Suspects (remove only)
"Native Instruments Traktor DJ Studio 3" = Native Instruments Traktor DJ Studio 3
"NVIDIA Drivers" = NVIDIA Drivers
"Nvu_is1" = Nvu 1.0
"OpenMG HotFix4.7-07-13-22-01" = OpenMG Limited Patch 4.7-07-15-19-01
"Pamela" = Pamela Basic 4.5
"proDAD-Heroglyph-2.5" = proDAD Heroglyph 2.5
"proDAD-Vitascene-1.0" = proDAD Vitascene 1.0
"PunkBusterSvc" = PunkBuster Services
"Redirection Port Monitor" = RedMon - Redirection Port Monitor
"SimpleOCR 3.1" = SimpleOCR 3.1
"SUPER ©" = SUPER © Version 2009.bld.35 (Jan 5, 2009)
"SystemRequirementsLab" = System Requirements Lab
"Teamspeak 2 RC2_is1" = TeamSpeak 2 RC2
"TeamViewer 5" = TeamViewer 5
"Ultravnc2_is1" = UltraVNC 1.0.5.3
"Uninstall_is1" = Uninstall 1.0.0.1
"URLSnooper 2_is1" = URL Snooper v2.26.01
"VAIO Help and Support" = 
"VAIO_My Club VAIO" = My Club VAIO
"VAIO_Photoshop" = 
"VAIO_Premiere" = 
"VAIO_Standard" = 
"VLC media player" = VideoLAN VLC media player 0.8.6d
"Vuze" = Vuze
"WebZIP" = WebZIP
"WildPackets AiroPeek NX 2.0.2" = WildPackets AiroPeek NX 2.0.2
"Windows Live OneCare safety scanner" = Windows Live OneCare safety scanner
"WinGimp-2.0_is1" = GIMP 2.6.8
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinPcapInst" = WinPcap 4.1.1
"WinRAR archiver" = WinRAR
"winscp3_is1" = WinSCP 4.1.7
"World of Warcraft" = World of Warcraft
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"PhotoZoom Pro 2" = BenVista PhotoZoom Pro 2.3.4
 
========== Last 10 Event Log Errors ==========
 
Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!
 
< End of report >
         


Alt 20.05.2010, 23:18   #6
Ingosh
 
avto1.exe; svchosty.exe; q1.exe; ...: "System Error. Code: 5. Zugriff verweigert." - Standard

avto1.exe; svchosty.exe; q1.exe; ...: "System Error. Code: 5. Zugriff verweigert."



grade sind die svchosty fenster wieder aufgetaucht. deswegen hier nochmal der
hjtscablist.bat log (markiert sind die betreffenden):

Code:
ATTFilter
 
                        $$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$ 
                        º                                    º 
                                    hjtscanlist v2.0              
                        º                                    º 
                        $$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$ 

Microsoft Windows [Version 6.0.6001]
 
 
C:

  21.05.2010 00:10     C:\Config.Msi --------- 524288   
  21.05.2010 00:07     C:\Program Files --------- 49152   
  21.05.2010 00:07     C:\ProgramData --------- 20480   
  21.05.2010 00:02     C:\System Volume Information --------- 28672   
  20.05.2010 23:55     C:\Windows --------- 40960   
       C:\hiberfil.sys ---------    
       C:\pagefile.sys ---------    
  19.05.2010 14:57     C:\Avenger --------- 0   
  19.05.2010 14:56     C:\avenger.txt --------- 1426   
  27.04.2010 19:50     C:\$Recycle.Bin --------- 0   
  27.04.2010 19:47     C:\Users --------- 4096   
  01.04.2010 20:45     C:\Games --------- 0   
  12.10.2009 17:04     C:\pdf995 --------- 0   
  12.10.2009 16:39     C:\Output --------- 0   
  03.10.2009 18:39     C:\FOG41 --------- 4096   
  01.09.2009 17:39     C:\downloads --------- 0   
  20.07.2009 16:49     C:\fpRedmon.log --------- 388   
  15.07.2009 22:49     C:\download --------- 0   
  02.05.2009 19:48     C:\phenomedia --------- 0   
  28.03.2009 01:11     C:\Nexon --------- 0   
  07.03.2009 11:27     C:\Big Fish Games --------- 0   
  09.02.2009 16:37     C:\AILog.txt --------- 0   
  02.02.2009 01:13     C:\Multimedia Files --------- 0   
  21.09.2008 00:49     C:\DVDVideoSoft --------- 0   
  28.07.2008 13:09     C:\Boot --------- 4096   
  27.07.2008 23:59     C:\PerfLogs --------- 0   
  13.07.2008 00:39     C:\IO.SYS --------- 0   
  13.07.2008 00:39     C:\MSDOS.SYS --------- 0   
  06.07.2008 21:51     C:\Temp --------- 0   
  06.07.2008 14:24     C:\Update --------- 0   
  10.06.2008 14:11     C:\adorage-protocol.txt --------- 898462   
  10.06.2008 13:34     C:\Binaries --------- 0   
  10.06.2008 13:19     C:\AUTOEXEC.BAT --------- 121   
  30.04.2008 17:14     C:\INSTALLEUM --------- 0   
  19.01.2008 09:45     C:\bootmgr --------- 333203   
  09.01.2008 18:24     C:\vcredist_x86.log --------- 390276   
  09.01.2008 18:24     C:\Documentation --------- 0   
  09.01.2008 18:16     C:\InstantON --------- 0   
  09.01.2008 18:08     C:\WAUUPGRD --------- 0   
  07.11.2007 09:12     C:\VC_RED.MSI --------- 232960   
  07.11.2007 09:09     C:\VC_RED.cab --------- 1442522   
  07.11.2007 09:03     C:\install.res.1042.dll --------- 79888   
  07.11.2007 09:03     C:\install.res.2052.dll --------- 75792   
  07.11.2007 09:03     C:\install.res.3082.dll --------- 96272   
  07.11.2007 09:03     C:\install.exe --------- 562688   
  07.11.2007 09:03     C:\install.res.1031.dll --------- 96272   
  07.11.2007 09:03     C:\install.res.1033.dll --------- 91152   
  07.11.2007 09:03     C:\install.res.1028.dll --------- 76304   
  07.11.2007 09:03     C:\install.res.1041.dll --------- 81424   
  07.11.2007 09:03     C:\install.res.1036.dll --------- 97296   
  07.11.2007 09:03     C:\install.res.1040.dll --------- 95248   
  07.11.2007 09:00     C:\install.ini --------- 843   
  07.11.2007 09:00     C:\globdata.ini --------- 1110   
  07.11.2007 09:00     C:\eula.3082.txt --------- 17734   
  07.11.2007 09:00     C:\eula.2052.txt --------- 17734   
  07.11.2007 09:00     C:\eula.1042.txt --------- 17734   
  07.11.2007 09:00     C:\eula.1041.txt --------- 118   
  07.11.2007 09:00     C:\eula.1040.txt --------- 17734   
  07.11.2007 09:00     C:\eula.1036.txt --------- 17734   
  07.11.2007 09:00     C:\eula.1033.txt --------- 10134   
  07.11.2007 09:00     C:\eula.1031.txt --------- 17734   
  07.11.2007 09:00     C:\eula.1028.txt --------- 17734   
  07.11.2007 09:00     C:\vcredist.bmp --------- 5686   
  02.11.2007 19:48     C:\BOOTSECT.BAK --------- 8192   
  02.11.2007 14:31     C:\MSOCache --------- 0   
  02.11.2007 10:54     C:\Programme --------- 0   
  02.11.2007 10:54     C:\Dokumente und Einstellungen --------- 0   
  19.10.2007 18:55     C:\kernel.pam --------- 76   
  02.11.2006 15:02     C:\Documents and Settings --------- 0   
  18.09.2006 23:43     C:\config.sys --------- 10   
  03.01.2005 14:37     C:\initrd.pam --------- 17   
----------------------------------------

 
C:\Windows

  20.05.2010 22:52     C:\Windows\WindowsUpdate.log --------- 1409295   
  20.05.2010 22:48     C:\Windows\bootstat.dat --------- 67584   
  20.05.2010 22:47     C:\Windows\bthservsdp.dat --------- 12   
  18.05.2010 22:44     C:\Windows\wininit.ini --------- 110   
  21.04.2010 14:24     C:\Windows\NEXON_EU_DownloaderUpdater.exe --------- 421888   
  10.04.2010 00:02     C:\Windows\ULEAD32.INI --------- 4465   
  23.09.2009 22:16     C:\Windows\SoftWriting.ini --------- 331   
  21.07.2009 11:02     C:\Windows\hdsinstall.mif --------- 1762   
  23.05.2009 23:52     C:\Windows\win.ini --------- 307   
  22.05.2009 20:13     C:\Windows\_MSRSTRT.EXE --------- 2560   
  14.03.2009 02:43     C:\Windows\csvvt16.ini --------- 1429   
  26.02.2009 22:09     C:\Windows\NeroDigital.ini --------- 69   
  22.02.2009 19:18     C:\Windows\SpeedGear.INI --------- 55   
  01.02.2009 15:39     C:\Windows\CleaningLab.INI --------- 0   
  01.02.2009 15:38     C:\Windows\mgxoschk.ini --------- 6768   
  29.10.2008 08:29     C:\Windows\explorer.exe --------- 2927104   
  26.10.2008 01:30     C:\Windows\is-7CBP1.lst --------- 1120   
  26.10.2008 01:30     C:\Windows\is-7CBP1.exe --------- 630784   
  24.08.2008 18:20     C:\Windows\PPSMediaList.ini --------- 323   
  24.08.2008 18:08     C:\Windows\msgtn.ini --------- 13   
  28.07.2008 13:09     C:\Windows\WindowsShell.Manifest --------- 749   
  10.06.2008 14:20     C:\Windows\MovingPicture.ini --------- 17   
  19.01.2008 09:33     C:\Windows\regedit.exe --------- 134656   
  19.01.2008 09:33     C:\Windows\notepad.exe --------- 151040   
  19.01.2008 09:33     C:\Windows\HelpPane.exe --------- 498176   
  19.01.2008 09:33     C:\Windows\fveupdate.exe --------- 13312   
  19.01.2008 09:33     C:\Windows\bfsvc.exe --------- 58880   
  09.01.2008 18:24     C:\Windows\VAIOUpdt.INI --------- 0   
  02.11.2007 14:44     C:\Windows\ocsetup_install_OEMHelpCustomization.etl --------- 8323072   
  02.11.2007 14:44     C:\Windows\ocsetup_cbs_install_OEMHelpCustomization.perf --------- 196608   
  02.11.2007 14:44     C:\Windows\ocsetup_cbs_install_OEMHelpCustomization.dpx --------- 65536   
  31.10.2007 06:52     C:\Windows\csup.txt --------- 12   
  26.10.2007 08:21     C:\Windows\WMPrfDeu.prx --------- 33820   
  20.09.2007 09:59     C:\Windows\UNRecode.exe --------- 972072   
  20.09.2007 09:55     C:\Windows\UNNeroMediaHome.exe --------- 972072   
  28.08.2007 19:23     C:\Windows\BtwIEProxy.exe --------- 285224   
  21.03.2007 21:02     C:\Windows\UNNeroVision.exe --------- 972336   
  20.03.2007 21:22     C:\Windows\UNNeroBackItUp.exe --------- 972336   
  28.02.2007 16:41     C:\Windows\UNNeroShowTime.exe --------- 972336   
  02.11.2006 14:35     C:\Windows\WMSysPr9.prx --------- 316640   
  02.11.2006 14:34     C:\Windows\twunk_16.exe --------- 49680   
  02.11.2006 14:34     C:\Windows\twain_32.dll --------- 50688   
  02.11.2006 14:34     C:\Windows\twunk_32.exe --------- 31232   
  02.11.2006 14:34     C:\Windows\twain.dll --------- 94784   
  02.11.2006 11:45     C:\Windows\winhlp32.exe --------- 9216   
  02.11.2006 11:45     C:\Windows\hh.exe --------- 14848   
  02.11.2006 09:46     C:\Windows\mib.bin --------- 43131   
  19.09.2006 13:41     C:\Windows\HomePremium.xml --------- 8328   
  18.09.2006 23:46     C:\Windows\system.ini --------- 219   
  18.09.2006 23:43     C:\Windows\_default.pif --------- 707   
  18.09.2006 23:43     C:\Windows\winhelp.exe --------- 256192   
  18.09.2006 23:30     C:\Windows\msdfmap.ini --------- 1405   
  15.09.2005 14:35     C:\Windows\UNNeroMediaHome.cfg --------- 50   
  30.08.2005 21:37     C:\Windows\UNNeroVision.cfg --------- 50   
  30.08.2005 21:37     C:\Windows\UNNeroShowTime.cfg --------- 50   
  30.08.2005 21:36     C:\Windows\UNRecode.cfg --------- 50   
  30.08.2005 21:33     C:\Windows\UNNeroBackItUp.cfg --------- 50   
  24.02.2004 13:04     C:\Windows\RSETPATH.exe --------- 41219   
  26.07.2002 17:02     C:\Windows\UNWISE.EXE --------- 153088   
  16.05.2001 01:49     C:\Windows\wmprftrk.prx --------- 16822   
  16.05.2001 01:49     C:\Windows\WMPrfAra.prx --------- 25269   
  16.05.2001 01:49     C:\Windows\wmprfsve.prx --------- 17019   
  16.05.2001 01:49     C:\Windows\wmprfslv.prx --------- 16814   
  16.05.2001 01:49     C:\Windows\wmprfrus.prx --------- 635   
  16.05.2001 01:49     C:\Windows\wmprfptg.prx --------- 18422   
  16.05.2001 01:49     C:\Windows\wmprfptb.prx --------- 17199   
  16.05.2001 01:49     C:\Windows\wmprfplk.prx --------- 18536   
  16.05.2001 01:49     C:\Windows\wmprfesp.prx --------- 17953   
  16.05.2001 01:49     C:\Windows\wmprffin.prx --------- 16265   
  16.05.2001 01:49     C:\Windows\wmprfnor.prx --------- 16446   
  16.05.2001 01:49     C:\Windows\wmprfheb.prx --------- 20481   
  16.05.2001 01:49     C:\Windows\wmprfhun.prx --------- 19751   
  16.05.2001 01:49     C:\Windows\wmprfita.prx --------- 17830   
  16.05.2001 01:49     C:\Windows\WMPrfJpn.prx --------- 20704   
  16.05.2001 01:49     C:\Windows\WMPrfKor.prx --------- 17903   
  16.05.2001 01:49     C:\Windows\wmprfnld.prx --------- 16398   
  16.05.2001 01:49     C:\Windows\wmprffra.prx --------- 19437   
  16.05.2001 01:48     C:\Windows\wmprfell.prx --------- 27807   
  16.05.2001 01:48     C:\Windows\WMPrfCHS.prx --------- 83   
  16.05.2001 01:48     C:\Windows\wmprfdan.prx --------- 15903   
  16.05.2001 01:48     C:\Windows\wmprfcsy.prx --------- 18878   
  16.05.2001 01:48     C:\Windows\wmprfsky.prx --------- 20055   
  16.05.2001 01:48     C:\Windows\WMPrfCHT.prx --------- 77   
  17.11.1998 12:44     C:\Windows\IsUn0407.exe --------- 328704   
  29.10.1998 17:45     C:\Windows\IsUninst.exe --------- 306688   
  16.01.1997 00:00     C:\Windows\ST5UNST.EXE --------- 71680   
  08.02.1996 18:06     C:\Windows\unin0407.exe --------- 284160   
  09.01.1996 10:38     C:\Windows\uninst.exe --------- 283648   
----------------------------------------

 
C:\Windows\System

 02.11.2007 14:47      C:\Windows\System\ykrp.com --------- 180 
 02.11.2006 14:34      C:\Windows\System\mciseq.drv --------- 25264 
 02.11.2006 14:34      C:\Windows\System\mciwave.drv --------- 28160 
 02.11.2006 14:34      C:\Windows\System\avifile.dll --------- 109456 
 02.11.2006 14:34      C:\Windows\System\avicap.dll --------- 69584 
 02.11.2006 14:34      C:\Windows\System\mciavi.drv --------- 73376 
 02.11.2006 14:34      C:\Windows\System\msvideo.dll --------- 126912 
 02.11.2006 09:10      C:\Windows\System\OLESVR.DLL --------- 24064 
 02.11.2006 09:10      C:\Windows\System\WFWNET.DRV --------- 12704 
 02.11.2006 09:10      C:\Windows\System\COMMDLG.DLL --------- 32816 
 02.11.2006 09:10      C:\Windows\System\TIMER.DRV --------- 4048 
 02.11.2006 09:10      C:\Windows\System\MMSYSTEM.DLL --------- 68992 
 02.11.2006 09:10      C:\Windows\System\mmtask.tsk --------- 1152 
 02.11.2006 09:10      C:\Windows\System\mouse.drv --------- 2032 
 02.11.2006 09:10      C:\Windows\System\vga.drv --------- 2176 
 02.11.2006 09:10      C:\Windows\System\sound.drv --------- 1744 
 02.11.2006 09:10      C:\Windows\System\keyboard.drv --------- 2000 
 02.11.2006 09:10      C:\Windows\System\SHELL.DLL --------- 5120 
 02.11.2006 09:10      C:\Windows\System\system.drv --------- 3360 
 18.09.2006 23:43      C:\Windows\System\ver.dll --------- 9008 
 18.09.2006 23:43      C:\Windows\System\olecli.dll --------- 82944 
 18.09.2006 23:43      C:\Windows\System\lzexpand.dll --------- 9936 
 18.09.2006 23:35      C:\Windows\System\stdole.tlb --------- 5532 
----------------------------------------

 
C:\Windows\System32

 21.05.2010 00:08     C:\Windows\system32\drivers --------- 65536  
 20.05.2010 23:59     C:\Windows\system32\Tasks --------- 8192  
 20.05.2010 23:58     C:\Windows\system32\perfh009.dat --------- 595946  
 20.05.2010 23:58     C:\Windows\system32\perfc009.dat --------- 105276  
 20.05.2010 23:58     C:\Windows\system32\perfh007.dat --------- 628910  
 20.05.2010 23:58     C:\Windows\system32\perfc007.dat --------- 127412  
 20.05.2010 23:58     C:\Windows\system32\PerfStringBackup.INI --------- 1447610  
 20.05.2010 23:55     C:\Windows\system32\catroot --------- 4096  
 20.05.2010 22:48     C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 --------- 3568  
 20.05.2010 22:48     C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 --------- 3568  
 19.05.2010 22:06     C:\Windows\system32\FNTCACHE.DAT --------- 1907192  
 07.05.2010 15:01     C:\Windows\system32\catroot2 --------- 8192  
 06.05.2010 10:36     C:\Windows\system32\MpSigStub.exe --------- 221568  
 16.04.2010 08:33     C:\Windows\system32\usbaaplrc.dll --------- 3003680  
 08.04.2010 13:20     C:\Windows\system32\dns-sd.exe --------- 107808  
 08.04.2010 13:20     C:\Windows\system32\dnssd.dll --------- 91424  
 17.03.2010 21:53     C:\Windows\system32\QuickTime.qts --------- 69632  
 17.03.2010 21:53     C:\Windows\system32\QuickTimeVR.qtx --------- 94208  
 10.01.2010 04:06     C:\Windows\system32\URTTEMP --------- 0  
 10.01.2010 03:38     C:\Windows\system32\DonationCoder_urlsnooper_InstallInfo.dat --------- 46  
 20.10.2009 20:20     C:\Windows\system32\Packet.dll --------- 96784  
 20.10.2009 20:19     C:\Windows\system32\wpcap.dll --------- 281104  
 20.10.2009 20:19     C:\Windows\system32\pthreadVC.dll --------- 53299  
 12.10.2009 17:41     C:\Windows\system32\javaws.exe --------- 149280  
 12.10.2009 17:41     C:\Windows\system32\javaw.exe --------- 145184  
 12.10.2009 17:41     C:\Windows\system32\java.exe --------- 145184  
 12.10.2009 17:41     C:\Windows\system32\deploytk.dll --------- 411368  
 10.09.2009 15:35     C:\Windows\system32\DRVSTORE --------- 4096  
 16.08.2009 17:34     C:\Windows\system32\CmdLineExt.dll --------- 107888  
 09.08.2009 03:12     C:\Windows\system32\migration --------- 4096  
 30.07.2009 02:49     C:\Windows\system32\mrt.exe --------- 24281536  
 26.07.2009 16:44     C:\Windows\system32\sirenacm.dll --------- 48448  
 21.07.2009 23:52     C:\Windows\system32\wininet.dll --------- 915456  
 21.07.2009 23:52     C:\Windows\system32\urlmon.dll --------- 1208832  
 21.07.2009 23:50     C:\Windows\system32\occache.dll --------- 206848  
 21.07.2009 23:48     C:\Windows\system32\mshtml.dll --------- 5937152  
 21.07.2009 23:48     C:\Windows\system32\msfeeds.dll --------- 594432  
 21.07.2009 23:48     C:\Windows\system32\msfeedsbs.dll --------- 55296  
 21.07.2009 23:47     C:\Windows\system32\jsproxy.dll --------- 25600  
 21.07.2009 23:47     C:\Windows\system32\inetcpl.cpl --------- 1469440  
 21.07.2009 23:47     C:\Windows\system32\ieui.dll --------- 164352  
 21.07.2009 23:47     C:\Windows\system32\iesysprep.dll --------- 109056  
 21.07.2009 23:47     C:\Windows\system32\iesetup.dll --------- 71680  
 21.07.2009 23:47     C:\Windows\system32\iertutil.dll --------- 1985536  
 21.07.2009 23:47     C:\Windows\system32\iernonce.dll --------- 55808  
 21.07.2009 23:47     C:\Windows\system32\iepeers.dll --------- 184320  
 21.07.2009 23:47     C:\Windows\system32\ieframe.dll --------- 11067392  
 21.07.2009 23:47     C:\Windows\system32\iedkcs32.dll --------- 386048  
 21.07.2009 22:13     C:\Windows\system32\ieUnatt.exe --------- 133632  
 21.07.2009 22:13     C:\Windows\system32\ie4uinit.exe --------- 173056  
 21.07.2009 22:13     C:\Windows\system32\msfeedssync.exe --------- 13312  
 21.07.2009 22:12     C:\Windows\system32\mshtml.tlb --------- 1638912  
 21.07.2009 20:31     C:\Windows\system32\ieuinit.inf --------- 57667  
 17.07.2009 16:35     C:\Windows\system32\atl.dll --------- 71680  
 14.07.2009 17:17     C:\Windows\system32\xlive.dll --------- 15308440  
 14.07.2009 17:17     C:\Windows\system32\xlivefnt.dll --------- 13642888  
 14.07.2009 17:15     C:\Windows\system32\xlive.dll.cat --------- 178432  
 14.07.2009 15:00     C:\Windows\system32\wmpdxm.dll --------- 313344  
 14.07.2009 15:00     C:\Windows\system32\wmp.dll --------- 10626048  
 14.07.2009 14:59     C:\Windows\system32\msdxm.ocx --------- 4096  
 14.07.2009 14:59     C:\Windows\system32\dxmasf.dll --------- 4096  
 14.07.2009 14:58     C:\Windows\system32\spwmp.dll --------- 7680  
 14.07.2009 12:59     C:\Windows\system32\wmploc.DLL --------- 8147456  
 14.07.2009 10:30     C:\Windows\system32\msdxm.tlb --------- 43520  
 14.07.2009 10:30     C:\Windows\system32\amcompat.tlb --------- 18432  
 09.07.2009 14:06     C:\Windows\system32\Iosubsys --------- 0  
 15.06.2009 17:24     C:\Windows\system32\t2embed.dll --------- 156672  
 15.06.2009 17:20     C:\Windows\system32\fontsub.dll --------- 72704  
 15.06.2009 17:20     C:\Windows\system32\dciman32.dll --------- 10240  
 15.06.2009 14:52     C:\Windows\system32\atmfd.dll --------- 289792  
 15.06.2009 01:24     C:\Windows\system32\de-DE --------- 266240  
 14.06.2009 17:18     C:\Windows\system32\XPSViewer --------- 4096  
 14.06.2009 17:18     C:\Windows\system32\en-US --------- 8192  
 14.06.2009 17:18     C:\Windows\system32\wbem --------- 61440  
 10.06.2009 14:12     C:\Windows\system32\wkssvc.dll --------- 160256  
 10.06.2009 14:07     C:\Windows\system32\avifil32.dll --------- 91136  
 04.06.2009 14:34     C:\Windows\system32\mstscax.dll --------- 2066432  
 01.05.2009 23:02     C:\Windows\system32\divx_xx0c.dll --------- 823296  
 01.05.2009 23:02     C:\Windows\system32\DivX.dll --------- 685056  
 01.05.2009 23:02     C:\Windows\system32\divx_xx11.dll --------- 802816  
 01.05.2009 23:02     C:\Windows\system32\divx_xx07.dll --------- 823296  
 01.05.2009 23:02     C:\Windows\system32\divx_xx16.dll --------- 811008  
 01.05.2009 23:02     C:\Windows\system32\divx_xx0a.dll --------- 815104  
 30.04.2009 23:42     C:\Windows\system32\WDI --------- 8192  
 30.04.2009 14:37     C:\Windows\system32\psisdecd.dll --------- 293376  
 30.04.2009 14:37     C:\Windows\system32\psisrndr.ax --------- 217088  
 30.04.2009 14:37     C:\Windows\system32\EncDec.dll --------- 428544  
 30.04.2009 14:35     C:\Windows\system32\MSNP.ax --------- 80896  
 30.04.2009 14:34     C:\Windows\system32\mpg2splt.ax --------- 177664  
 23.04.2009 14:43     C:\Windows\system32\rpcrt4.dll --------- 784896  
 23.04.2009 14:42     C:\Windows\system32\localspl.dll --------- 636928  
 21.04.2009 14:51     C:\Windows\system32\TubeFinder.exe --------- 294912  
 21.04.2009 13:55     C:\Windows\system32\win32k.sys --------- 2033152  
 19.04.2009 19:34     C:\Windows\system32\aspi --------- 0  
 17.04.2009 03:22     C:\Windows\system32\manifeststore --------- 0  
 10.04.2009 19:42     C:\Windows\system32\xlive --------- 0  
 17.03.2009 05:38     C:\Windows\system32\apilogen.dll --------- 13824  
 17.03.2009 05:38     C:\Windows\system32\amxread.dll --------- 24064  
 08.03.2009 13:35     C:\Windows\system32\html.iec --------- 385024  
 08.03.2009 13:34     C:\Windows\system32\WinFXDocObj.exe --------- 208384  
----------------------------------------

 
C:\Windows\Prefetch

----------------------------------------

 
C:\Windows\Tasks

 20.05.2010 23:37     C:\Windows\Tasks\{8C3FDD81-7AE0-4605-A46A-2488B179F2A3}.job --------- 290  
 20.05.2010 23:26     C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job --------- 1096  
 20.05.2010 22:48     C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job --------- 1092  
 20.05.2010 22:48     C:\Windows\Tasks\SA.DAT --------- 6  
 20.05.2010 22:47     C:\Windows\Tasks\SCHEDLGU.TXT --------- 32534  
----------------------------------------

 
C:\Windows\Temp

 20.05.2010 18:20     C:\Windows\Temp\fwtsqmfile03.sqm --------- 120  
 19.05.2010 23:39     C:\Windows\Temp\fwtsqmfile02.sqm --------- 632  
 19.05.2010 18:03     C:\Windows\Temp\fwtsqmfile01.sqm --------- 120  
 19.05.2010 17:40     C:\Windows\Temp\fwtsqmfile00.sqm --------- 632  
----------------------------------------

 
C:\Users\Marvin\AppData\Local\Temp

 21.05.2010 00:12     C:\Users\Marvin\AppData\Local\Temp\svchosty.exe --------- 296960  
 21.05.2010 00:12     C:\Users\Marvin\AppData\Local\Temp\ope5AD2.exe --------- 415744  
 21.05.2010 00:12     C:\Users\Marvin\AppData\Local\Temp\ope5AD2.tmp --------- 0  
 21.05.2010 00:12     C:\Users\Marvin\AppData\Local\Temp\avto.exe --------- 299008  
 21.05.2010 00:11     C:\Users\Marvin\AppData\Local\Temp\teste2_p.exe --------- 354816  
 21.05.2010 00:11     C:\Users\Marvin\AppData\Local\Temp\teste3_p.exe --------- 357888  
 21.05.2010 00:11     C:\Users\Marvin\AppData\Local\Temp\C3D0.tmp --------- 2349056  
 21.05.2010 00:11     C:\Users\Marvin\AppData\Local\Temp\etilqs_aJAxotld55zRiLKNTNNg --------- 0  
 21.05.2010 00:10     C:\Users\Marvin\AppData\Local\Temp\iTunesSetup16E8.log --------- 2183  
 21.05.2010 00:10     C:\Users\Marvin\AppData\Local\Temp\Marvin.bmp --------- 31832  
 21.05.2010 00:06     C:\Users\Marvin\AppData\Local\Temp\QTInstallCode.log --------- 9200  
 21.05.2010 00:02     C:\Users\Marvin\AppData\Local\Temp\SetupAdmin4E8.log --------- 5396871  
 21.05.2010 00:02     C:\Users\Marvin\AppData\Local\Temp\qtplugin.log --------- 4064  
 21.05.2010 00:01     C:\Users\Marvin\AppData\Local\Temp\jisfije9fjoiee.tmp --------- 4  
 20.05.2010 23:08     C:\Users\Marvin\AppData\Local\Temp\sfeef83shuifhsf873hudgd.tmp --------- 12  
 20.05.2010 23:05     C:\Users\Marvin\AppData\Local\Temp\hafi8uehfeufh87dfuefsefds.tmp --------- 12  
 20.05.2010 22:55     C:\Users\Marvin\AppData\Local\Temp\~DFF1A.tmp --------- 65536  
 20.05.2010 22:55     C:\Users\Marvin\AppData\Local\Temp\{9632e9bc-7a2c-4ceb-a454-33ff13e005c4} --------- 0  
 20.05.2010 22:54     C:\Users\Marvin\AppData\Local\Temp\plugtmp-1 --------- 0  
 20.05.2010 22:54     C:\Users\Marvin\AppData\Local\Temp\~DF7463.tmp --------- 65536  
 20.05.2010 22:54     C:\Users\Marvin\AppData\Local\Temp\fla209.tmp --------- 8935938  
 20.05.2010 22:53     C:\Users\Marvin\AppData\Local\Temp\jusched.log --------- 738  
 20.05.2010 22:49     C:\Users\Marvin\AppData\Local\Temp\WPDNSE --------- 0  
 20.05.2010 22:48     C:\Users\Marvin\AppData\Local\Temp\~DF9B0D.tmp --------- 16384  
 20.05.2010 22:46     C:\Users\Marvin\AppData\Local\Temp\Low --------- 0  
 20.05.2010 22:46     C:\Users\Marvin\AppData\Local\Temp\Google Toolbar --------- 0  
 20.05.2010 22:38     C:\Users\Marvin\AppData\Local\Temp\{2a58e278-12a3-4802-81b8-a66d28ebe877} --------- 0  
 20.05.2010 22:35     C:\Users\Marvin\AppData\Local\Temp\plugtmp --------- 0  
 20.05.2010 22:28     C:\Users\Marvin\AppData\Local\Temp\opeC522.exe --------- 415744  
 20.05.2010 22:28     C:\Users\Marvin\AppData\Local\Temp\opeC522.tmp --------- 0  
 20.05.2010 22:27     C:\Users\Marvin\AppData\Local\Temp\BF2D.tmp --------- 2349056  
 20.05.2010 18:15     C:\Users\Marvin\AppData\Local\Temp\MessengerCache --------- 602112  
 20.05.2010 17:11     C:\Users\Marvin\AppData\Local\Temp\PCULog0.txt --------- 1580  
 20.05.2010 17:11     C:\Users\Marvin\AppData\Local\Temp\srv10E.tmp --------- 0  
 20.05.2010 17:11     C:\Users\Marvin\AppData\Local\Temp\PCULog1.txt --------- 1307  
 20.05.2010 16:37     C:\Users\Marvin\AppData\Local\Temp\OIS --------- 0  
 20.05.2010 15:39     C:\Users\Marvin\AppData\Local\Temp\wmplog01.sqm --------- 1654  
 20.05.2010 08:19     C:\Users\Marvin\AppData\Local\Temp\wmplog00.sqm --------- 1654  
 20.05.2010 08:19     C:\Users\Marvin\AppData\Local\Temp\3D3.tmp --------- 2349056  
 19.05.2010 23:35     C:\Users\Marvin\AppData\Local\Temp\80DDWFou.htm.part --------- 0  
 19.05.2010 22:09     C:\Users\Marvin\AppData\Local\Temp\wmsetup.log --------- 404  
 19.05.2010 22:09     C:\Users\Marvin\AppData\Local\Temp\ope19BC.exe --------- 423424  
 19.05.2010 22:09     C:\Users\Marvin\AppData\Local\Temp\ope19BC.tmp --------- 0  
 19.05.2010 22:09     C:\Users\Marvin\AppData\Local\Temp\9414.tmp --------- 2431488  
 19.05.2010 17:40     C:\Users\Marvin\AppData\Local\Temp\dBPCEC4.tmp --------- 0  
 19.05.2010 16:23     C:\Users\Marvin\AppData\Local\Temp\wmplog06.sqm --------- 1862  
 19.05.2010 16:21     C:\Users\Marvin\AppData\Local\Temp\ope1931.exe --------- 423424  
 19.05.2010 16:21     C:\Users\Marvin\AppData\Local\Temp\ope1931.tmp --------- 0  
 19.05.2010 16:21     C:\Users\Marvin\AppData\Local\Temp\EDF7.tmp --------- 2431488  
 19.05.2010 14:36     C:\Users\Marvin\AppData\Local\Temp\opeE76.exe --------- 423424  
 19.05.2010 14:36     C:\Users\Marvin\AppData\Local\Temp\opeE76.tmp --------- 0  
 19.05.2010 14:35     C:\Users\Marvin\AppData\Local\Temp\C429.tmp --------- 2431488  
 19.05.2010 02:21     C:\Users\Marvin\AppData\Local\Temp\ope2AF2.exe --------- 423424  
 19.05.2010 02:21     C:\Users\Marvin\AppData\Local\Temp\ope2AF2.tmp --------- 0  
 19.05.2010 02:21     C:\Users\Marvin\AppData\Local\Temp\38B.tmp --------- 2431488  
 19.05.2010 00:20     C:\Users\Marvin\AppData\Local\Temp\opeC970.exe --------- 423424  
 19.05.2010 00:20     C:\Users\Marvin\AppData\Local\Temp\opeC970.tmp --------- 0  
 19.05.2010 00:20     C:\Users\Marvin\AppData\Local\Temp\8FFE.tmp --------- 2431488  
 18.05.2010 22:20     C:\Users\Marvin\AppData\Local\Temp\1CA0.tmp --------- 2431488  
 18.05.2010 20:19     C:\Users\Marvin\AppData\Local\Temp\A6C2.tmp --------- 2431488  
 18.05.2010 18:18     C:\Users\Marvin\AppData\Local\Temp\ope5524.exe --------- 423424  
 18.05.2010 18:18     C:\Users\Marvin\AppData\Local\Temp\ope5524.tmp --------- 0  
 18.05.2010 18:18     C:\Users\Marvin\AppData\Local\Temp\3345.tmp --------- 2431488  
 17.05.2010 23:27     C:\Users\Marvin\AppData\Local\Temp\nnooml.dll --------- 80896  
 17.05.2010 23:25     C:\Users\Marvin\AppData\Local\Temp\avp.exe --------- 60004  
 17.05.2010 23:25     C:\Users\Marvin\AppData\Local\Temp\k4zmwmkj.exe --------- 30001  
 17.05.2010 23:25     C:\Users\Marvin\AppData\Local\Temp\vtucw.dll --------- 30000  
 17.05.2010 02:48     C:\Users\Marvin\AppData\Local\Temp\sshnas21.dll --------- 218112  
----------------------------------------

 
C:\Program Files

 21.05.2010 00:09     C:\Program Files\iTunes --------- 4096  
 21.05.2010 00:07     C:\Program Files\iPod --------- 0  
 21.05.2010 00:02     C:\Program Files\QuickTime --------- 4096  
 20.05.2010 23:59     C:\Program Files\Apple Software Update --------- 4096  
 20.05.2010 23:54     C:\Program Files\Bonjour --------- 4096  
 20.05.2010 22:48     C:\Program Files\Malwarebytes' Anti-Malware --------- 4096  
 19.05.2010 17:14     C:\Program Files\CCleaner --------- 0  
 18.05.2010 22:01     C:\Program Files\Spybot - Search & Destroy --------- 8192  
 14.05.2010 01:30     C:\Program Files\Google --------- 4096  
 08.05.2010 00:14     C:\Program Files\Common Files --------- 8192  
 26.04.2010 15:26     C:\Program Files\Skype --------- 0  
 24.04.2010 15:48     C:\Program Files\Mozilla Firefox --------- 28672  
 18.04.2010 21:43     C:\Program Files\LibUSB-Win32 --------- 4096  
 13.04.2010 19:10     C:\Program Files\GMX --------- 0  
 13.04.2010 00:20     C:\Program Files\DVDVideoSoft --------- 4096  
 12.04.2010 16:53     C:\Program Files\Ask.com --------- 4096  
 12.04.2010 16:49     C:\Program Files\Adobe --------- 4096  
 10.04.2010 00:02     C:\Program Files\InstallShield Installation Information --------- 24576  
 09.04.2010 23:55     C:\Program Files\Ulead Systems --------- 0  
 09.04.2010 23:40     C:\Program Files\DVD Shrink --------- 4096  
 09.04.2010 23:23     C:\Program Files\DVDFab 5 --------- 4096  
 02.04.2010 18:50     C:\Program Files\JanSoft --------- 0  
 02.04.2010 18:26     C:\Program Files\WebZIP 7 --------- 4096  
 01.04.2010 19:05     C:\Program Files\GIMP-2.0 --------- 0  
 23.03.2010 21:19     C:\Program Files\ICQ6.5 --------- 20480  
 23.03.2010 21:03     C:\Program Files\ICQ6 --------- 0  
 16.03.2010 17:21     C:\Program Files\OpenOffice.org 3 --------- 4096  
 27.01.2010 20:48     C:\Program Files\TeamViewer --------- 0  
 10.01.2010 05:17     C:\Program Files\Audacity --------- 4096  
 10.01.2010 04:06     C:\Program Files\Internet Explorer --------- 4096  
 10.01.2010 03:42     C:\Program Files\WinPcap --------- 0  
 10.01.2010 03:41     C:\Program Files\URLSnooper2 --------- 4096  
 19.12.2009 16:53     C:\Program Files\KGB --------- 0  
 07.12.2009 18:37     C:\Program Files\Cain --------- 0  
 22.11.2009 23:12     C:\Program Files\DivX --------- 8192  
 09.11.2009 21:25     C:\Program Files\Corel --------- 0  
 08.11.2009 21:36     C:\Program Files\Messenger Plus Live --------- 4096  
 12.10.2009 17:41     C:\Program Files\Java --------- 4096  
 12.10.2009 17:16     C:\Program Files\OpenOffice.org 2.4 --------- 0  
 12.10.2009 17:07     C:\Program Files\BeCyPDFMetaEdit --------- 4096  
 12.10.2009 16:54     C:\Program Files\Free PDF to Word Doc Converter --------- 4096  
 12.10.2009 16:41     C:\Program Files\Freeware PDF Unlocker --------- 98304  
 12.10.2009 16:41     C:\Program Files\Easy Pdf Password Remover Free --------- 0  
 09.10.2009 16:35     C:\Program Files\Canon --------- 0  
 08.10.2009 20:01     C:\Program Files\Cyanide --------- 0  
 07.10.2009 14:22     C:\Program Files\Microsoft --------- 0  
 23.09.2009 22:15     C:\Program Files\SimpleOCR --------- 4096  
 17.09.2009 23:02     C:\Program Files\Project64 1.6 --------- 4096  
 02.09.2009 16:36     C:\Program Files\Steam --------- 0  
 01.09.2009 17:38     C:\Program Files\Free Music Zilla --------- 0  
 16.08.2009 16:58     C:\Program Files\EA SPORTS --------- 0  
 12.08.2009 03:11     C:\Program Files\Windows Media Player --------- 4096  
 12.08.2009 03:04     C:\Program Files\Windows Mail --------- 4096  
 09.08.2009 03:13     C:\Program Files\Microsoft Silverlight --------- 0  
 15.07.2009 20:07     C:\Program Files\capella-software --------- 0  
 15.07.2009 19:36     C:\Program Files\Anvil Studio --------- 4096  
 11.07.2009 14:11     C:\Program Files\Macromedia --------- 0  
 08.07.2009 16:30     C:\Program Files\WarRock --------- 0  
 04.07.2009 13:50     C:\Program Files\Free FLV Converter --------- 8192  
 26.06.2009 17:35     C:\Program Files\FileZilla FTP Client --------- 4096  
 21.06.2009 12:56     C:\Program Files\Sierra --------- 0  
 20.06.2009 15:07     C:\Program Files\Winamp --------- 4096  
 12.06.2009 14:42     C:\Program Files\Microsoft Works --------- 28672  
 10.06.2009 15:23     C:\Program Files\SystemRequirementsLab --------- 0  
 03.06.2009 22:27     C:\Program Files\Ubisoft --------- 0  
 03.06.2009 22:24     C:\Program Files\Image-Line --------- 4096  
 03.06.2009 22:23     C:\Program Files\VstPlugins --------- 0  
 03.06.2009 22:00     C:\Program Files\Electronic Arts --------- 0  
 31.05.2009 11:57     C:\Program Files\Pcsx2 --------- 0  
 22.05.2009 20:56     C:\Program Files\Lan.FS --------- 0  
 22.05.2009 19:51     C:\Program Files\DKS --------- 0  
 16.05.2009 23:07     C:\Program Files\Google Hacks --------- 0  
 02.05.2009 19:37     C:\Program Files\Visual Pinball --------- 0  
 02.05.2009 19:11     C:\Program Files\TopWare --------- 0  
 02.05.2009 18:31     C:\Program Files\Avira --------- 0  
 19.04.2009 19:34     C:\Program Files\intelliScore Ensemble WAV to MIDI Converter Demo --------- 4096  
 19.04.2009 19:31     C:\Program Files\Cool Record Edit Pro --------- 4096  
 15.04.2009 16:47     C:\Program Files\Vuze --------- 4096  
 10.04.2009 19:54     C:\Program Files\Microsoft Games for Windows - LIVE --------- 0  
 10.04.2009 01:41     C:\Program Files\WinRAR --------- 4096  
 09.04.2009 01:25     C:\Program Files\Pamela --------- 0  
 04.04.2009 22:08     C:\Program Files\AviSynth 2.5 --------- 0  
 04.04.2009 22:08     C:\Program Files\eRightSoft --------- 0  
 31.03.2009 21:41     C:\Program Files\Nvu --------- 8192  
 19.03.2009 22:42     C:\Program Files\Windows Live --------- 4096  
 19.03.2009 22:42     C:\Program Files\Windows Live SkyDrive --------- 0  
 14.03.2009 02:43     C:\Program Files\PhotoZoom Pro 2 --------- 4096  
 07.03.2009 11:23     C:\Program Files\RAR Password Cracker --------- 0  
 22.02.2009 19:53     C:\Program Files\Speed Gear --------- 0  
 05.02.2009 22:41     C:\Program Files\Microsoft Games --------- 4096  
 02.02.2009 01:13     C:\Program Files\Microsoft GIF Animator --------- 4096  
 01.02.2009 15:32     C:\Program Files\MAGIX --------- 4096  
 07.01.2009 13:42     C:\Program Files\Pando Networks --------- 0  
 04.01.2009 21:45     C:\Program Files\UltraVNC --------- 0  
 29.12.2008 02:42     C:\Program Files\Bits N Bytes --------- 0  
 27.12.2008 02:09     C:\Program Files\WinSCP --------- 4096  
 07.12.2008 21:34     C:\Program Files\MafiaDemo --------- 0  
 07.12.2008 19:12     C:\Program Files\Creative --------- 0  
 02.12.2008 22:24     C:\Program Files\AoA MP4 Converter --------- 4096  
 01.12.2008 19:01     C:\Program Files\Babylon --------- 0  
 23.11.2008 22:54     C:\Program Files\Passware --------- 4096  
 18.11.2008 00:24     C:\Program Files\WildPackets --------- 0  
 09.11.2008 14:32     C:\Program Files\Teamspeak2_RC2 --------- 0  
 06.11.2008 22:21     C:\Program Files\MSBuild --------- 0  
 06.11.2008 22:20     C:\Program Files\Microsoft Visual Studio --------- 0  
 06.11.2008 22:19     C:\Program Files\Microsoft Office --------- 4096  
 06.11.2008 22:15     C:\Program Files\Microsoft Visual Studio 8 --------- 0  
 26.10.2008 01:30     C:\Program Files\Free Audio Pack --------- 4096  
 16.10.2008 23:02     C:\Program Files\Windows Live Safety Center --------- 0  
 15.10.2008 01:17     C:\Program Files\SpacialAudio --------- 0  
 14.10.2008 16:29     C:\Program Files\S.A.D --------- 0  
 14.10.2008 16:22     C:\Program Files\NCH Swift Sound --------- 4096  
 14.10.2008 16:13     C:\Program Files\NCH Software --------- 0  
 29.09.2008 17:03     C:\Program Files\ConvertHelper --------- 0  
 21.09.2008 20:09     C:\Program Files\CDex_170b2 --------- 4096  
 20.09.2008 15:34     C:\Program Files\Native Instruments --------- 0  
 19.09.2008 17:51     C:\Program Files\Half-Life --------- 0  
 30.08.2008 10:13     C:\Program Files\Illustrate --------- 0  
 24.08.2008 17:30     C:\Program Files\FDRLab --------- 0  
 24.08.2008 17:16     C:\Program Files\JLC's Software --------- 0  
 06.08.2008 11:30     C:\Program Files\VID_0E8F&PID_0012 --------- 0  
 05.08.2008 22:52     C:\Program Files\Codemasters --------- 0  
 03.08.2008 11:52     C:\Program Files\Firebird --------- 0  
 28.07.2008 18:23     C:\Program Files\ASIO4ALL v2 --------- 4096  
 28.07.2008 13:09     C:\Program Files\desktop.ini --------- 174  
 28.07.2008 00:00     C:\Program Files\Windows Calendar --------- 0  
 28.07.2008 00:00     C:\Program Files\Windows Sidebar --------- 4096  
 28.07.2008 00:00     C:\Program Files\Movie Maker --------- 4096  
 28.07.2008 00:00     C:\Program Files\Windows Collaboration --------- 4096  
 28.07.2008 00:00     C:\Program Files\Windows Journal --------- 4096  
 28.07.2008 00:00     C:\Program Files\Windows Photo Gallery --------- 4096  
 27.07.2008 23:59     C:\Program Files\Windows Defender --------- 4096  
 15.07.2008 15:10     C:\Program Files\Nero --------- 0  
 15.07.2008 14:40     C:\Program Files\Jetico --------- 0  
 14.07.2008 19:00     C:\Program Files\Valve --------- 0  
 13.07.2008 00:40     C:\Program Files\Sony --------- 12288  
 08.07.2008 15:35     C:\Program Files\TechSmith --------- 0  
 06.07.2008 18:09     C:\Program Files\JAP --------- 0  
 10.06.2008 14:16     C:\Program Files\proDAD --------- 0  
 10.06.2008 14:02     C:\Program Files\AdorageI-GfxDatas --------- 0  
 10.06.2008 14:01     C:\Program Files\AdorageI-SAL --------- 0  
 10.06.2008 13:34     C:\Program Files\BIAS --------- 0  
 10.06.2008 13:32     C:\Program Files\Pinnacle --------- 4096  
 30.04.2008 17:49     C:\Program Files\OpenOffice.org 2.3 --------- 4096  
 30.04.2008 17:37     C:\Program Files\VideoLAN --------- 0  
 30.04.2008 17:32     C:\Program Files\IrfanView --------- 4096  
 30.04.2008 17:32     C:\Program Files\Foxit Software --------- 0  
 30.04.2008 17:31     C:\Program Files\FreePDF_XP --------- 8192  
 30.04.2008 17:30     C:\Program Files\gs --------- 0  
 30.04.2008 17:29     C:\Program Files\7-Zip --------- 4096  
 30.04.2008 16:25     C:\Program Files\Microsoft CAPICOM 2.1.0.2 --------- 0  
 30.04.2008 14:40     C:\Program Files\CONEXANT --------- 0  
 09.01.2008 18:26     C:\Program Files\InterVideo --------- 0  
 09.01.2008 18:21     C:\Program Files\Sony Corporation --------- 0  
 09.01.2008 18:18     C:\Program Files\Roxio --------- 0  
 09.01.2008 18:16     C:\Program Files\ArcSoft --------- 0  
 02.11.2007 14:39     C:\Program Files\Google BAE --------- 4096  
 02.11.2007 14:36     C:\Program Files\BFG --------- 0  
 02.11.2007 14:34     C:\Program Files\Activation Assistant for the 2007 Microsoft Office suites --------- 8192  
 02.11.2007 14:32     C:\Program Files\Microsoft.NET --------- 0  
 02.11.2007 12:43     C:\Program Files\WIDCOMM --------- 0  
 02.11.2007 12:40     C:\Program Files\IDT --------- 0  
 02.11.2007 12:40     C:\Program Files\Sigmatel --------- 0  
 02.11.2007 12:35     C:\Program Files\Apoint --------- 4096  
 02.11.2007 12:25     C:\Program Files\Intel --------- 0  
 02.11.2007 11:29     C:\Program Files\MSXML 4.0 --------- 0  
 02.11.2007 10:54     C:\Program Files\Windows NT --------- 4096  
 02.11.2007 10:54     C:\Program Files\Gemeinsame Dateien --------- 0  
 02.11.2006 15:01     C:\Program Files\Uninstall Information --------- 0  
 02.11.2006 14:37     C:\Program Files\Reference Assemblies --------- 0  
----------------------------------------

 
C:\ProgramData\.. 

Marvin    
Public    
huhu    
desktop.ini    
Administrator    
Default    
Default User    
All Users    
----------------------------------------

 
C:\Windows\system32\drivers\etc\hosts

127.0.0.1       localhost
::1             localhost
127.0.0.1	www.007guard.com
127.0.0.1	007guard.com
127.0.0.1	008i.com
127.0.0.1	www.008k.com
127.0.0.1	008k.com
127.0.0.1	www.00hq.com
127.0.0.1	00hq.com
127.0.0.1	010402.com
127.0.0.1	www.032439.com
127.0.0.1	032439.com
127.0.0.1	www.0scan.com
127.0.0.1	0scan.com
127.0.0.1	1000gratisproben.com
127.0.0.1	www.1000gratisproben.com
127.0.0.1	1001namen.com
127.0.0.1	www.1001namen.com
127.0.0.1	100888290cs.com
127.0.0.1	www.100888290cs.com
127.0.0.1	www.100sexlinks.com
127.0.0.1	100sexlinks.com
127.0.0.1	10sek.com
127.0.0.1	www.10sek.com
127.0.0.1	www.1-2005-search.com
127.0.0.1	1-2005-search.com
127.0.0.1	www.123fporn.info
127.0.0.1	123fporn.info
127.0.0.1	123haustiereundmehr.com
127.0.0.1	www.123haustiereundmehr.com
127.0.0.1	123moviedownload.com
127.0.0.1	www.123moviedownload.com
127.0.0.1	123simsen.com
127.0.0.1	www.123simsen.com
127.0.0.1	123topsearch.com
127.0.0.1	www.123topsearch.com
127.0.0.1	125sms.co.uk
127.0.0.1	www.125sms.co.uk
127.0.0.1	125sms.com
127.0.0.1	www.125sms.com
127.0.0.1	132.com
127.0.0.1	www.132.com
127.0.0.1	1337crew.info
127.0.0.1	www.1337crew.info
127.0.0.1	www.1337-crew.to
127.0.0.1	1337-crew.to
127.0.0.1	136136.net
127.0.0.1	www.136136.net
127.0.0.1	www.150freesms.de
127.0.0.1	150freesms.de
127.0.0.1	www.163ns.com
127.0.0.1	163ns.com
127.0.0.1	171203.com
127.0.0.1	17concepts.info
127.0.0.1	www.17concepts.info
127.0.0.1	17-plus.com
127.0.0.1	1800searchonline.com
127.0.0.1	www.1800searchonline.com
127.0.0.1	180searchassistant.com
127.0.0.1	www.180searchassistant.com
127.0.0.1	180solutions.com
127.0.0.1	www.180solutions.com
127.0.0.1	181.365soft.info
127.0.0.1	www.181.365soft.info
127.0.0.1	1987324.com
127.0.0.1	www.1987324.com
127.0.0.1	1-domains-registrations.com
127.0.0.1	www.1-domains-registrations.com
127.0.0.1	www.1sexparty.com
127.0.0.1	1sexparty.com
127.0.0.1	www.1sms.de
127.0.0.1	1sms.de
127.0.0.1	www.1spybot.com
127.0.0.1	1spybot.com
127.0.0.1	www.1stantivirus.com
127.0.0.1	1stantivirus.com
127.0.0.1	www.1stpagehere.com
127.0.0.1	1stpagehere.com
127.0.0.1	www.1stsearchportal.com
127.0.0.1	1stsearchportal.com
127.0.0.1	2.82211.net
127.0.0.1	2006ooo.com
127.0.0.1	www.2006ooo.com
127.0.0.1	2007-download.com
127.0.0.1	www.2007-download.com
127.0.0.1	2008firefox.com
127.0.0.1	www.2008firefox.com
127.0.0.1	www.2008search-destroy.com
127.0.0.1	2008search-destroy.com
127.0.0.1	2008-search-destroy.com
127.0.0.1	www.2008-search-destroy.com
127.0.0.1	2008-viewer.com
127.0.0.1	www.2008-viewer.com
127.0.0.1	2009--access.com
127.0.0.1	www.2009--access.com
127.0.0.1	www.2009antivirpro.com
127.0.0.1	2009antivirpro.com
127.0.0.1	www.2009-edition.com
127.0.0.1	2009-edition.com

----------------------------------------

 

Abbildname                     PID Sitzungsname       Sitz.-Nr. Speichernutzung
========================= ======== ================ =========== ===============
System Idle Process              0 Services                   0            24 K
System                           4 Services                   0        12.812 K
smss.exe                       416 Services                   0           616 K
csrss.exe                      488 Services                   0         5.172 K
wininit.exe                    540 Services                   0         3.624 K
csrss.exe                      552 Console                    1        13.460 K
services.exe                   584 Services                   0         6.992 K
lsass.exe                      616 Services                   0         7.884 K
lsm.exe                        624 Services                   0         3.792 K
winlogon.exe                   712 Console                    1         5.120 K
svchost.exe                    788 Services                   0         6.544 K
svchost.exe                    868 Services                   0         6.644 K
svchost.exe                    904 Services                   0        36.544 K
svchost.exe                    996 Services                   0        12.412 K
svchost.exe                   1028 Services                   0        81.072 K
svchost.exe                   1040 Services                   0        30.292 K
audiodg.exe                   1160 Services                   0        12.944 K
svchost.exe                   1184 Services                   0         4.392 K
SLsvc.exe                     1200 Services                   0         5.992 K
svchost.exe                   1224 Services                   0        13.400 K
svchost.exe                   1448 Services                   0        24.828 K
spoolsv.exe                   1676 Services                   0         9.680 K
sched.exe                     1700 Services                   0         1.520 K
svchost.exe                   1712 Services                   0        21.376 K
dwm.exe                        260 Console                    1         6.700 K
taskeng.exe                    272 Console                    1        11.208 K
taskeng.exe                    428 Services                   0         5.644 K
explorer.exe                   468 Console                    1        83.872 K
taskeng.exe                   1828 Console                    1         5.104 K
VAIOUpdt.exe                  1952 Console                    1         5.572 K
Switcher.exe                  2020 Console                    1         5.128 K
svchost.exe                    288 Services                   0        10.724 K
avguard.exe                    772 Services                   0        18.944 K
svchost.exe                   2012 Services                   0         2.928 K
fbguard.exe                   2052 Services                   0         3.112 K
iviRegMgr.exe                 2196 Services                   0         3.092 K
NBService.exe                 2208 Services                   0         5.780 K
PnkBstrA.exe                  2376 Services                   0         3.300 K
PnkBstrB.exe                  2400 Services                   0         3.572 K
svchost.exe                   2420 Services                   0         5.088 K
PsiService_2.exe              2432 Services                   0         2.492 K
stacsv.exe                    2472 Services                   0         5.424 K
svchost.exe                   2516 Services                   0         6.632 K
TeamViewer_Service.exe        2536 Services                   0         2.876 K
VESMgr.exe                    2584 Services                   0         9.972 K
VCSW.exe                      2604 Services                   0         6.440 K
svchost.exe                   2632 Services                   0         1.960 K
SearchIndexer.exe             2688 Services                   0        51.548 K
XAudio.exe                    2736 Services                   0         2.128 K
VzCdbSvc.exe                  2768 Services                   0         7.484 K
SDWinSec.exe                  2824 Services                   0         7.988 K
VESMgrSub.exe                 3012 Console                    1         7.644 K
VzFw.exe                      3352 Services                   0         6.660 K
WUDFHost.exe                  3424 Services                   0        11.144 K
fbserver.exe                  3760 Services                   0         4.532 K
alg.exe                       3824 Services                   0         3.956 K
SPMgr.exe                     1620 Console                    1         6.916 K
Apoint.exe                    3928 Console                    1         9.108 K
ISBMgr.exe                     852 Console                    1         5.544 K
MarketingTools.exe            2356 Console                    1         3.696 K
jusched.exe                   3972 Console                    1         4.404 K
fpassist.exe                  3916 Console                    1         5.896 K
GrooveMonitor.exe             1104 Console                    1         8.072 K
avgnt.exe                     1148 Console                    1         2.392 K
rundll32.exe                  3920 Console                    1         6.248 K
ehtray.exe                    4072 Console                    1         4.224 K
msnmsgr.exe                   4016 Console                    1        62.848 K
NMBgMonitor.exe               2220 Console                    1         8.784 K
GoogleToolbarNotifier.exe     3752 Console                    1           628 K
ehmsas.exe                    2684 Console                    1         5.716 K
wmpnscfg.exe                  2552 Console                    1         6.060 K
SMSMngr.exe                   1252 Console                    1        31.424 K
rundll32.exe                  3644 Console                    1         7.784 K
rundll32.exe                  4120 Console                    1        11.484 K
k4zmwmkj.exe                  4128 Console                    1        10.512 K
avp.exe                       4156 Console                    1        10.824 K
(an dieser stelle ist egtl noch die avto.exe ca 6.000 K, habe den prozess nur eben schon beendet)
rundll32.exe                  4164 Console                    1         4.300 K
TeaTimer.exe                  4196 Console                    1       119.392 K
BTTray.exe                    4204 Console                    1         9.220 K
wmpnetwk.exe                  4332 Services                   0        12.068 K
ApMsgFwd.exe                  4684 Console                    1         2.584 K
ApntEx.exe                    5192 Console                    1         4.924 K
NMIndexingService.exe         5680 Services                   0        11.060 K
NMIndexStoreSvr.exe           5756 Console                    1        17.492 K
conime.exe                    3880 Console                    1         5.808 K
wlcomm.exe                    5432 Console                    1        12.384 K
firefox.exe                   5444 Console                    1       360.084 K
msiexec.exe                   5340 Services                   0        31.000 K
SearchProtocolHost.exe        5648 Services                   0         9.872 K
mDNSResponder.exe             5028 Services                   0         5.192 K
AppleMobileDeviceService.     3440 Services                   0         5.020 K
WUDFHost.exe                  4576 Services                   0         5.216 K
iPodService.exe               5704 Services                   0         5.536 K
iTunes.exe                    1468 Console                    1        75.772 K
teste3_p.exe                  5460 Console                    1        20.640 K
teste2_p.exe                   784 Console                    1        30.812 K
svchosty.exe                  3748 Console                    1        20.312 K
svchosty.exe                  5952 Console                    1        20.320 K
svchosty.exe                  5872 Console                    1        20.312 K
svchosty.exe                  4976 Console                    1        20.292 K
svchosty.exe                   912 Console                    1        20.340 K
svchosty.exe                  5068 Console                    1        20.308 K
svchosty.exe                  2140 Console                    1        20.376 K
svchosty.exe                  4084 Console                    1        20.264 K
svchosty.exe                  5232 Console                    1        20.296 K
SearchFilterHost.exe          3072 Services                   0         4.700 K
cmd.exe                       5268 Console                    1         3.804 K
tasklist.exe                  3784 Console                    1         4.916 K
WmiPrvSE.exe                  1548 Services                   0         6.284 K

 
***** Ende des Scans 21.05.2010 um  0:13:44,68 ***
         

Alt 21.05.2010, 10:48   #7
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
avto1.exe; svchosty.exe; q1.exe; ...: "System Error. Code: 5. Zugriff verweigert." - Standard

avto1.exe; svchosty.exe; q1.exe; ...: "System Error. Code: 5. Zugriff verweigert."



Zitat:
also Malwarebytes funktioniert bei mir nicht.
Gehts so? => http://www.trojaner-board.de/82699-m...tet-nicht.html
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 21.05.2010, 13:56   #8
Ingosh
 
avto1.exe; svchosty.exe; q1.exe; ...: "System Error. Code: 5. Zugriff verweigert." - Standard

avto1.exe; svchosty.exe; q1.exe; ...: "System Error. Code: 5. Zugriff verweigert."



ja wundrbar ich denke das funktioniert. malwarebytes' läuft jetzt schon sei 1 1/2 stunden ich poste dann den log wenn es fertig ist.

Alt 22.05.2010, 19:00   #9
Ingosh
 
avto1.exe; svchosty.exe; q1.exe; ...: "System Error. Code: 5. Zugriff verweigert." - Standard

avto1.exe; svchosty.exe; q1.exe; ...: "System Error. Code: 5. Zugriff verweigert."



So jetzt hier der MBs' - Log:

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Datenbank Version: 4122

Windows 6.0.6001 Service Pack 1
Internet Explorer 8.0.6001.18813

22.05.2010 19:58:22
mbam-log-2010-05-22 (19-58-22).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|)
Durchsuchte Objekte: 446000
Laufzeit: 30 Stunde(n), 33 Minute(n), 19 Sekunde(n)

Infizierte Speicherprozesse: 5
Infizierte Speichermodule: 2
Infizierte Registrierungsschlüssel: 5
Infizierte Registrierungswerte: 7
Infizierte Dateiobjekte der Registrierung: 1
Infizierte Verzeichnisse: 4
Infizierte Dateien: 27

Infizierte Speicherprozesse:
C:\Users\Marvin\AppData\Local\Temp\k4zmwmkj.exe (Trojan.Crypt) -> No action taken.
C:\Users\Marvin\AppData\Local\Temp\avp.exe (Trojan.Hatigh) -> No action taken.
C:\Users\Marvin\AppData\Local\Temp\teste2_p.exe (Trojan.Agent) -> No action taken.
C:\Users\Marvin\AppData\Local\Temp\teste3_p.exe (Trojan.Agent) -> No action taken.
C:\Users\Marvin\AppData\Local\Temp\svchosty.exe (Trojan.Agent) -> No action taken.

Infizierte Speichermodule:
C:\Users\Marvin\AppData\Local\Temp\vtucw.dll (Trojan.Ertfor) -> No action taken.
C:\Users\Marvin\AppData\Local\Temp\sshnas21.dll (Trojan.Downloader) -> No action taken.

Infizierte Registrierungsschlüssel:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{19127ad2-394b-70f5-c650-b97867baa1f7} (Backdoor.Bot) -> No action taken.
HKEY_CURRENT_USER\Software\M5T8QL3YW3 (Trojan.FakeAlert) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Zwunzi (Adware.Zwunzi) -> No action taken.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\zwunzi service (Adware.Zwunzi) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Handle (Malware.Trace) -> No action taken.

Infizierte Registrierungswerte:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\mcexecwin (Trojan.Ertfor) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\hsfe8owijfisjhgs7ye39gjsoighsd7y3eu (Trojan.Crypt) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\hsfg9w8gujsokgahi8gysgnsdgefshyjy (Trojan.Hatigh) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\canaveral (Trojan.Downloader) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\winid (Malware.Trace) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\userinit (Trojan.Agent) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ssqqqqsys (Trojan.Vundo) -> No action taken.

Infizierte Dateiobjekte der Registrierung:
HKEY_CLASSES_ROOT\regfile\shell\open\command\(default) (Broken.OpenCommand) -> Bad: ("regedit.exe" "%1") Good: (regedit.exe "%1") -> No action taken.

Infizierte Verzeichnisse:
C:\Program Files\Mozilla Firefox\extensions\{F270F1AF-34D6-41CB-A9F5-8200EF7DB41F} (Adware.Zwunzi) -> No action taken.
C:\Program Files\Mozilla Firefox\extensions\{F270F1AF-34D6-41CB-A9F5-8200EF7DB41F}\chrome (Adware.Zwunzi) -> No action taken.
C:\Program Files\Mozilla Firefox\extensions\{F270F1AF-34D6-41CB-A9F5-8200EF7DB41F}\defaults (Adware.Zwunzi) -> No action taken.
C:\Program Files\Mozilla Firefox\extensions\{F270F1AF-34D6-41CB-A9F5-8200EF7DB41F}\defaults\preferences (Adware.Zwunzi) -> No action taken.

Infizierte Dateien:
C:\Users\Marvin\AppData\Local\Temp\vtucw.dll (Trojan.Ertfor) -> No action taken.
C:\Users\Marvin\AppData\Local\Temp\k4zmwmkj.exe (Trojan.Crypt) -> No action taken.
C:\Users\Marvin\AppData\Local\Temp\avp.exe (Trojan.Hatigh) -> No action taken.
C:\Program Files\AoA MP4 Converter\AoAMP4Converter.exe (Malware.pacler) -> No action taken.
C:\Users\Marvin\AppData\Local\Temp\ope5AD2.exe (Trojan.Inject) -> No action taken.
C:\Users\Marvin\AppData\Local\Temp\opeC522.exe (Trojan.Inject) -> No action taken.
C:\Users\Marvin\AppData\Local\Temp\BF2D.tmp (VirTool.Obfuscator) -> No action taken.
C:\Users\Marvin\AppData\Local\Temp\C3D0.tmp (VirTool.Obfuscator) -> No action taken.
C:\Users\Marvin\AppData\Local\Temp\3D3.tmp (VirTool.Obfuscator) -> No action taken.
C:\Users\Marvin\AppData\Roaming\E8281C0B29E14B298950287F464B285A\gotnewupdate000.exe (Malware.Packer.Gen) -> No action taken.
C:\Program Files\Mozilla Firefox\extensions\{F270F1AF-34D6-41CB-A9F5-8200EF7DB41F}\chrome.manifest (Adware.Zwunzi) -> No action taken.
C:\Program Files\Mozilla Firefox\extensions\{F270F1AF-34D6-41CB-A9F5-8200EF7DB41F}\install.rdf (Adware.Zwunzi) -> No action taken.
C:\Program Files\Mozilla Firefox\extensions\{F270F1AF-34D6-41CB-A9F5-8200EF7DB41F}\chrome\zwunzi.jar (Adware.Zwunzi) -> No action taken.
C:\Program Files\Mozilla Firefox\extensions\{F270F1AF-34D6-41CB-A9F5-8200EF7DB41F}\defaults\preferences\prefs.js (Adware.Zwunzi) -> No action taken.
C:\Windows\Tasks\{8C3FDD81-7AE0-4605-A46A-2488B179F2A3}.job (Trojan.Downloader) -> No action taken.
C:\Users\Marvin\AppData\Local\Temp\1on.exe (Trojan.VirTool) -> No action taken.
C:\Users\Marvin\AppData\Local\Temp\sshnas21.dll (Trojan.Downloader) -> No action taken.
C:\Users\Marvin\AppData\Local\Temp\avto.exe (Trojan.Agent) -> No action taken.
C:\Users\Marvin\AppData\Local\Temp\avto1.exe (Trojan.Agent) -> No action taken.
C:\Users\Marvin\AppData\Local\Temp\avto2.exe (Trojan.Agent) -> No action taken.
C:\Users\Marvin\AppData\Local\Temp\avto3.exe (Trojan.Agent) -> No action taken.
C:\Users\Marvin\AppData\Roaming\sdra64.exe (Trojan.Agent) -> No action taken.
C:\Users\Marvin\AppData\Local\Temp\teste2_p.exe (Trojan.Agent) -> No action taken.
C:\Users\Marvin\AppData\Local\Temp\teste3_p.exe (Trojan.Agent) -> No action taken.
C:\Users\Marvin\AppData\Local\Temp\jisfije9fjoiee.tmp (Trojan.Downloader) -> No action taken.
c:\Users\Marvin\AppData\Local\Temp\nnooml.dll (Trojan.Vundo) -> No action taken.
C:\Users\Marvin\AppData\Local\Temp\svchosty.exe (Trojan.Agent) -> No action taken.

Alt 23.05.2010, 12:32   #10
Ingosh
 
avto1.exe; svchosty.exe; q1.exe; ...: "System Error. Code: 5. Zugriff verweigert." - Standard

avto1.exe; svchosty.exe; q1.exe; ...: "System Error. Code: 5. Zugriff verweigert."



Ich habe jezt alles gelöscht, jedoch kriege ich beim starten des pcs 2 rundll fehler:

ich finde sie lästig. kriege ich die irgendwie weg und sind die überhaupt echt? (bei einer von beiden fehlermeldungen ist das C klein?)

im übrigen hatte Malwarebytes die beiden datein als viren gekennzeichnet:
Code:
ATTFilter
Infizierte Speichermodule:
C:\Users\Marvin\AppData\Local\Temp\vtucw.dll (Trojan.Ertfor)
...
Infizierte Dateien:
C:\Users\Marvin\AppData\Local\Temp\vtucw.dll (Trojan.Ertfor)
...
c:\Users\Marvin\AppData\Local\Temp\nnooml.dll (Trojan.Vundo)
         
Ausserdem funktionieren internet explorer und windows live immernoch nicht...

Geändert von Ingosh (23.05.2010 um 12:41 Uhr)

Alt 23.05.2010, 22:23   #11
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
avto1.exe; svchosty.exe; q1.exe; ...: "System Error. Code: 5. Zugriff verweigert." - Standard

avto1.exe; svchosty.exe; q1.exe; ...: "System Error. Code: 5. Zugriff verweigert."



Beende alle Programme, starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:
ATTFilter
:OTL
PRC - C:\Users\Marvin\AppData\Local\Temp\k4zmwmkj.exe ()
PRC - C:\Users\Marvin\AppData\Local\Temp\avp.exe ()
SRV - (Zwunzi Service) --  File not found
SRV - (CLTNetCnService) --  File not found
O4 - HKCU..\Run: [Canaveral] C:\Users\Marvin\AppData\Local\Temp\sshnas21.DLL ()
O4 - HKCU..\Run: [hsfe8owijfisjhgs7ye39gjsoighsd7y3eu] C:\Users\Marvin\AppData\Local\Temp\k4zmwmkj.exe ()
O4 - HKCU..\Run: [hsfg9w8gujsokgahi8gysgnsdgefshyjy] C:\Users\Marvin\AppData\Local\Temp\avp.exe ()
O4 - HKCU..\Run: [iTap] H:\remote\iTap-2.2\iTap.exe File not found
O4 - HKCU..\Run: [mcexecwin] C:\Users\Marvin\AppData\Local\Temp\vtucw.DLL ()
O4 - HKCU..\Run: [ssqqqqsys] c:\users\marvin\appdata\local\temp\nnooml.DLL ()
O4 - HKCU..\Run: [userinit] C:\Users\Marvin\AppData\Roaming\sdra64.exe ()
O4 - HKCU..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKCU..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
[2010.05.17 23:25:52 | 000,000,000 | ---D | C] -- C:\Users\Marvin\AppData\Local\ymiboupot
[2010.05.17 23:24:52 | 000,000,000 | -HSD | C] -- C:\Users\Marvin\AppData\Roaming\lowsec
[2010.05.20 22:48:25 | 000,000,290 | -H-- | M] () -- C:\Windows\tasks\{8C3FDD81-7AE0-4605-A46A-2488B179F2A3}.job
@Alternate Data Stream - 114 bytes -> C:\ProgramData\TEMP:255C70C8
:Commands
[purity]
[resethosts]
[emptytemp]
         
Klick dann auf den Button Run Fixes!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 25.05.2010, 13:36   #12
Ingosh
 
avto1.exe; svchosty.exe; q1.exe; ...: "System Error. Code: 5. Zugriff verweigert." - Standard

avto1.exe; svchosty.exe; q1.exe; ...: "System Error. Code: 5. Zugriff verweigert."



ich habe das jetzt gemacht. wlm funktioniert immernoch nicht :S
hier der log:
Code:
ATTFilter
All processes killed
========== OTL ==========
No active process named k4zmwmkj.exe was found!
No active process named avp.exe was found!
Error: No service named Zwunzi Service was found to stop!
Service\Driver key Zwunzi Service not found.
File   File not found not found.
Service CLTNetCnService stopped successfully!
Service CLTNetCnService deleted successfully!
File   File not found not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\Canaveral not found.
File C:\Users\Marvin\AppData\Local\Temp\sshnas21.DLL not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\hsfe8owijfisjhgs7ye39gjsoighsd7y3eu not found.
File C:\Users\Marvin\AppData\Local\Temp\k4zmwmkj.exe not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\hsfg9w8gujsokgahi8gysgnsdgefshyjy not found.
File C:\Users\Marvin\AppData\Local\Temp\avp.exe not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\iTap deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\mcexecwin deleted successfully.
File C:\Users\Marvin\AppData\Local\Temp\vtucw.DLL not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\ssqqqqsys not found.
File c:\users\marvin\appdata\local\temp\nnooml.DLL not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\userinit deleted successfully.
File C:\Users\Marvin\AppData\Roaming\sdra64.exe not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\WindowsWelcomeCenter deleted successfully.
File move failed. C:\Windows\System32\oobefldr.dll scheduled to be moved on reboot.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\WMPNSCFG deleted successfully.
File move failed. C:\Programme\Windows Media Player\wmpnscfg.exe scheduled to be moved on reboot.
C:\Users\Marvin\AppData\Local\ymiboupot folder moved successfully.
C:\Users\Marvin\AppData\Roaming\lowsec folder moved successfully.
File C:\Windows\tasks\{8C3FDD81-7AE0-4605-A46A-2488B179F2A3}.job not found.
ADS C:\ProgramData\TEMP:255C70C8 deleted successfully.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
[EMPTYTEMP]
 
User: Administrator
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 157 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: huhu
->Temp folder emptied: 58215 bytes
->Temporary Internet Files folder emptied: 275434 bytes
->Flash cache emptied: 157 bytes
 
User: Marvin
->Temp folder emptied: 86610172 bytes
->Temporary Internet Files folder emptied: 8141548 bytes
->Java cache emptied: 79880352 bytes
->FireFox cache emptied: 97065641 bytes
->Flash cache emptied: 1530181 bytes
 
User: Public
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 630784 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 9388 bytes
RecycleBin emptied: 6204417 bytes
 
Total Files Cleaned = 267,00 mb
 
 
OTL by OldTimer - Version 3.2.5.0 log created on 05252010_142841

Files\Folders moved on Reboot...
File move failed. C:\Windows\System32\oobefldr.dll scheduled to be moved on reboot.
File move failed. C:\Programme\Windows Media Player\wmpnscfg.exe scheduled to be moved on reboot.

Registry entries deleted on Reboot...
         

Alt 25.05.2010, 13:55   #13
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
avto1.exe; svchosty.exe; q1.exe; ...: "System Error. Code: 5. Zugriff verweigert." - Standard

avto1.exe; svchosty.exe; q1.exe; ...: "System Error. Code: 5. Zugriff verweigert."



Ok. Es wird Zeit für CF:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix
  • Lade dir ComboFix hier herunter auf deinen Desktop. Benenne es beim Runterladen um in cofi.exe.
  • Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.
  • Starte cofi.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
    Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.
  • Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.
Wichtiger Hinweis:
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 25.05.2010, 15:22   #14
Ingosh
 
avto1.exe; svchosty.exe; q1.exe; ...: "System Error. Code: 5. Zugriff verweigert." - Standard

avto1.exe; svchosty.exe; q1.exe; ...: "System Error. Code: 5. Zugriff verweigert."



So CF ist fertig. ich starte gleich mal neu um zu gucken ob das problem behoben ist.
[CODE]
Combofix Logfile:
Code:
ATTFilter
ComboFix 10-05-24.07 - Marvin 25.05.2010  16:02:20.1.2 - x86
Microsoft® Windows Vista™ Home Premium   6.0.6001.1.1252.49.1031.18.3070.1952 [GMT 2:00]
ausgeführt von:: c:\users\Marvin\Desktop\cofi.exe
SP: Spybot - Search and Destroy *disabled* (Outdated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: Windows-Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\install.exe
c:\users\Marvin\AppData\Roaming\inst.exe
c:\windows\system32\winio.vxd
c:\windows\UNWISE.EXE

.
(((((((((((((((((((((((   Dateien erstellt von 2010-04-25 bis 2010-05-25  ))))))))))))))))))))))))))))))
.

2010-05-25 12:28 . 2010-05-25 12:28	--------	d-----w-	C:\_OTL
2010-05-23 12:50 . 2010-05-23 12:50	--------	d-----w-	c:\program files\Microsoft SQL Server Compact Edition
2010-05-20 22:07 . 2010-05-20 22:07	--------	d-----w-	c:\program files\iPod
2010-05-20 22:07 . 2010-05-20 22:09	--------	d-----w-	c:\programdata\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2010-05-20 22:07 . 2010-05-20 22:09	--------	d-----w-	c:\program files\iTunes
2010-05-20 21:59 . 2010-05-20 21:59	--------	d-----w-	c:\program files\Apple Software Update
2010-05-20 20:37 . 2010-04-29 13:39	38224	----a-w-	c:\windows\system32\drivers\mbamswissarmy.sys
2010-05-20 20:37 . 2010-05-20 20:37	--------	d-----w-	c:\programdata\Malwarebytes
2010-05-20 20:37 . 2010-04-29 13:39	20952	----a-w-	c:\windows\system32\drivers\mbam.sys
2010-05-20 15:07 . 2010-05-20 15:07	--------	d-----w-	c:\users\Marvin\AppData\Roaming\Malwarebytes
2010-05-20 15:06 . 2010-05-22 17:58	--------	d-----w-	c:\program files\Malwarebytes' Anti-Malware
2010-05-19 15:14 . 2010-05-19 15:14	--------	d-----w-	c:\program files\CCleaner
2010-05-18 19:55 . 2010-05-19 15:36	--------	d-----w-	c:\programdata\Spybot - Search & Destroy
2010-05-18 19:55 . 2010-05-18 20:01	--------	d-----w-	c:\program files\Spybot - Search & Destroy
2010-05-17 14:20 . 2010-05-17 14:20	--------	d-----w-	c:\users\Marvin\AppData\Roaming\Foxit Software
2010-05-17 00:48 . 2010-05-22 22:03	--------	d-----w-	c:\users\Marvin\AppData\Roaming\E8281C0B29E14B298950287F464B285A
2010-05-08 00:04 . 2010-05-08 00:14	--------	d-----w-	c:\programdata\Blizzard Entertainment
2010-05-07 19:10 . 2010-05-07 22:14	--------	d-----w-	c:\program files\Common Files\Blizzard Entertainment
2010-05-07 19:10 . 2010-05-07 19:10	--------	d-----w-	c:\programdata\Blizzard
2010-05-07 13:35 . 2010-05-07 13:35	--------	d-----w-	c:\users\Marvin\AppData\Local\Blizzard Entertainment
2010-04-28 13:45 . 2010-04-28 13:45	73000	----a-w-	c:\programdata\Apple Computer\Installer Cache\iTunes 9.1.1.12\SetupAdmin.exe
2010-04-27 17:52 . 2010-04-27 17:52	--------	d-----w-	c:\users\huhu\AppData\Local\Sony_NSCE
2010-04-27 17:51 . 2010-04-27 17:51	--------	d-----w-	c:\users\huhu\AppData\Roaming\Nero
2010-04-27 17:49 . 2010-04-27 17:49	--------	d-----w-	c:\users\huhu\AppData\Local\VirtualStore
2010-04-26 13:27 . 2010-05-22 22:08	--------	d-----w-	c:\users\Marvin\AppData\Roaming\skypePM
2010-04-26 13:26 . 2010-04-26 13:26	--------	d-----w-	c:\program files\Common Files\Skype
2010-04-26 13:26 . 2010-04-26 13:26	--------	d-----r-	c:\program files\Skype

.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-05-25 14:13 . 2010-04-01 17:43	--------	d-----w-	c:\program files\Common Files\Akamai
2010-05-25 13:54 . 2006-11-02 15:33	628910	----a-w-	c:\windows\system32\perfh007.dat
2010-05-25 13:54 . 2006-11-02 15:33	127412	----a-w-	c:\windows\system32\perfc007.dat
2010-05-25 12:29 . 2007-11-02 09:52	12	----a-w-	c:\windows\bthservsdp.dat
2010-05-24 18:03 . 2008-04-30 12:51	91614	----a-w-	c:\users\Marvin\AppData\Roaming\nvModes.dat
2010-05-23 12:52 . 2008-05-03 11:11	--------	d-----w-	c:\program files\Windows Live
2010-05-23 00:35 . 2008-10-04 13:47	--------	d-----w-	c:\users\Marvin\AppData\Roaming\Skype
2010-05-22 23:42 . 2008-12-02 20:24	--------	d-----w-	c:\program files\AoA MP4 Converter
2010-05-20 22:15 . 2008-04-30 12:51	2032	----a-w-	c:\users\Marvin\AppData\Local\d3d9caps.dat
2010-05-20 22:07 . 2008-10-13 14:00	--------	d-----w-	c:\program files\Common Files\Apple
2010-05-20 22:02 . 2008-10-13 14:02	--------	d-----w-	c:\program files\QuickTime
2010-05-20 21:54 . 2008-07-15 15:45	--------	d-----w-	c:\program files\Bonjour
2010-05-20 15:11 . 2009-11-09 19:33	2828	--sha-w-	c:\programdata\KGyGaAvL.sys
2010-05-20 15:11 . 2009-11-09 19:33	2828	--sha-w-	c:\programdata\KGyGaAvL.sys
2010-05-19 20:08 . 2008-04-30 12:51	177072	----a-w-	c:\users\Marvin\AppData\Local\GDIPFONTCACHEV1.DAT
2010-05-17 13:57 . 2009-09-23 20:14	--------	d-----w-	c:\users\Marvin\AppData\Roaming\Canon
2010-05-13 23:30 . 2007-11-02 09:46	--------	d-----w-	c:\program files\Google
2010-05-12 09:21 . 2009-10-04 08:54	221568	------w-	c:\windows\system32\MpSigStub.exe
2010-04-27 17:51 . 2010-04-27 17:48	176688	----a-w-	c:\users\huhu\AppData\Local\GDIPFONTCACHEV1.DAT
2010-04-26 13:27 . 2010-04-26 13:27	56	---ha-w-	c:\programdata\ezsidmv.dat
2010-04-26 13:26 . 2007-11-02 12:41	--------	d-----w-	c:\programdata\Skype
2010-04-21 13:32 . 2009-01-07 14:05	98304	----a-w-	c:\programdata\NexonEU\NGM\nxgameeu.dll
2010-04-21 13:32 . 2009-01-07 14:05	81920	----a-w-	c:\programdata\NexonEU\NGM\npNxGameeu.dll
2010-04-21 13:32 . 2009-01-07 14:05	532480	----a-w-	c:\programdata\NexonEU\NGM\NGMDll.dll
2010-04-21 13:32 . 2009-01-07 14:05	331776	----a-w-	c:\programdata\NexonEU\NGM\NGMResource.dll
2010-04-21 13:32 . 2009-01-07 14:05	258352	----a-w-	c:\programdata\NexonEU\NGM\unicows.dll
2010-04-21 13:32 . 2009-01-07 14:05	155648	----a-w-	c:\programdata\NexonEU\NGM\NGM.exe
2010-04-21 12:24 . 2009-01-07 13:12	421888	----a-w-	c:\windows\NEXON_EU_DownloaderUpdater.exe
2010-04-18 19:43 . 2010-04-18 19:38	--------	d-----w-	c:\program files\LibUSB-Win32
2010-04-16 23:45 . 2010-04-16 23:45	307056	----a-w-	c:\windows\WLXPGSS.SCR
2010-04-16 20:12 . 2010-04-16 20:12	48464	----a-w-	c:\windows\system32\sirenacm.dll
2010-04-16 06:33 . 2010-04-16 06:33	41472	----a-w-	c:\windows\system32\drivers\usbaapl.sys
2010-04-16 06:33 . 2010-04-16 06:33	3003680	----a-w-	c:\windows\system32\usbaaplrc.dll
2010-04-13 17:10 . 2010-04-13 17:10	--------	d-----w-	c:\program files\GMX
2010-04-12 22:20 . 2008-06-05 14:38	--------	d-----w-	c:\program files\Common Files\DVDVideoSoft
2010-04-12 22:20 . 2008-06-05 14:38	--------	d-----w-	c:\program files\DVDVideoSoft
2010-04-12 14:53 . 2010-04-12 14:53	--------	d-----w-	c:\program files\Ask.com
2010-04-12 14:49 . 2007-11-02 12:35	--------	d-----w-	c:\program files\Common Files\Adobe
2010-04-09 22:36 . 2010-04-09 21:24	--------	d-----w-	c:\users\Marvin\AppData\Roaming\Vso
2010-04-09 22:02 . 2007-11-02 10:39	--------	d--h--w-	c:\program files\InstallShield Installation Information
2010-04-09 21:55 . 2010-04-02 17:15	--------	d-----w-	c:\program files\Ulead Systems
2010-04-09 21:55 . 2007-11-02 09:55	--------	d-----w-	c:\program files\Common Files\InstallShield
2010-04-09 21:54 . 2010-04-09 21:54	--------	d-----w-	c:\programdata\Ulead Systems
2010-04-09 21:40 . 2010-04-09 21:40	--------	d-----w-	c:\program files\DVD Shrink
2010-04-09 21:24 . 2010-04-09 21:24	47360	----a-w-	c:\windows\system32\drivers\pcouffin.sys
2010-04-09 21:24 . 2010-04-09 21:24	47360	----a-w-	c:\users\Marvin\AppData\Roaming\pcouffin.sys
2010-04-09 21:24 . 2010-04-09 21:24	47360	----a-w-	c:\users\Marvin\AppData\Roaming\pcouffin.sys
2010-04-09 21:23 . 2010-04-09 21:23	--------	d-----w-	c:\program files\DVDFab 5
2010-04-08 11:20 . 2010-04-08 11:20	91424	----a-w-	c:\windows\system32\dnssd.dll
2010-04-08 11:20 . 2010-04-08 11:20	107808	----a-w-	c:\windows\system32\dns-sd.exe
2010-04-02 16:50 . 2010-04-02 16:50	--------	d-----w-	c:\program files\JanSoft
2010-04-02 16:26 . 2010-04-02 16:26	--------	d-----w-	c:\program files\WebZIP 7
2010-04-01 17:05 . 2010-04-01 17:05	--------	d-----w-	c:\program files\GIMP-2.0
2010-03-28 13:01 . 2009-10-12 15:49	1	----a-w-	c:\users\Marvin\AppData\Roaming\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2010-03-02 14:18 . 2010-03-02 14:18	509552	----a-w-	c:\programdata\Google\Google Toolbar\Update\gtb9810.tmp.exe
2006-05-03 10:06 . 2009-04-04 20:08	163328	--sh--r-	c:\windows\System32\flvDX.dll
2007-02-21 11:47 . 2009-04-04 20:08	31232	--sh--r-	c:\windows\System32\msfDX.dll
2008-03-16 13:30 . 2009-04-04 20:08	216064	--sh--r-	c:\windows\System32\nbDX.dll
.

((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2010-02-04 14:50	1197448	----a-w-	c:\program files\Ask.com\GenericAskToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-02-04 1197448]

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-02-04 1197448]

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2010-04-16 3872080]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Nero\Lib\NMBgMonitor.exe" [2007-09-20 202024]
"AdobeUpdater"="c:\program files\Common Files\Adobe\Updater5\AdobeUpdater.exe" [2009-01-27 2356088]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-02-22 39408]
"GMX SMS-Manager"="c:\program files\GMX\GMX SMS-Manager\SMSMngr.exe" [2007-07-19 3539968]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-19 1008184]
"Apoint"="c:\program files\Apoint\Apoint.exe" [2007-06-10 118784]
"ISBMgr.exe"="c:\program files\Sony\ISB Utility\ISBMgr.exe" [2007-09-19 311296]
"MarketingTools"="c:\program files\Sony\Marketing Tools\MarketingTools.exe" [2007-11-02 36864]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-12 149280]
"FreePDF Assistant"="c:\program files\FreePDF_XP\fpassist.exe" [2007-04-25 311296]
"NeroFilterCheck"="c:\program files\Common Files\Nero\Lib\NeroCheck.exe" [2007-03-01 153136]
"NBKeyScan"="c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-09-20 1836328]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"NvSvc"="c:\windows\system32\nvsvc.dll" [2007-10-30 86016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-10-30 8429568]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-10-30 81920]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-17 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-04-28 142120]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
BTTray.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2007-8-28 739880]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
2007-08-14 19:05	98304	----a-w-	c:\windows\System32\VESWinlogon.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

R2 gupdate1c9dc68870196c5;Google Update Service (gupdate1c9dc68870196c5);c:\program files\Google\Update\GoogleUpdate.exe [2009-05-24 133104]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2007-10-10 28464]
R3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files\MAGIX\Common\Database\bin\fbserver.exe [2005-11-17 1527900]
R3 teamviewervpn;TeamViewer VPN Adapter;c:\windows\system32\DRIVERS\teamviewervpn.sys [2008-01-25 25088]
R3 UPnPService;UPnPService;c:\program files\Common Files\MAGIX Shared\UPnPService\UPnPService.exe [2006-12-14 544768]
R3 VAIOMediaPlatform-UCLS-AppServer;VAIO Media Content Collection;c:\program files\Sony\VAIO Media Integrated Server\UCLS.exe [2007-01-10 745472]
R3 VAIOMediaPlatform-UCLS-HTTP;VAIO Media Content Collection (HTTP);c:\program files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe [2007-06-20 397312]
R3 VAIOMediaPlatform-UCLS-UPnP;VAIO Media Content Collection (UPnP);c:\program files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe [2007-06-20 1089536]
R3 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;c:\program files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [2007-09-28 292128]
R3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;c:\program files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper.exe [2008-03-17 87328]
S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2008-01-19 21504]
S2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [2009-06-09 108289]
S2 FirebirdGuardianDefaultInstance;Firebird Guardian - DefaultInstance;c:\program files\Firebird\Firebird_2_1\bin\fbguard.exe [2007-10-16 81920]
S2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2009-10-20 50704]
S2 regi;regi;c:\windows\system32\drivers\regi.sys [2007-04-17 11032]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S2 TeamViewer5;TeamViewer 5;c:\program files\TeamViewer\Version5\TeamViewer_Service.exe [2010-01-12 185640]
S3 FirebirdServerDefaultInstance;Firebird Server - DefaultInstance;c:\program files\Firebird\Firebird_2_1\bin\fbserver.exe [2007-10-16 2711552]
S3 libusb0;LibUsb-Win32 - Kernel Driver, Version 0.1.12.1;c:\windows\system32\drivers\libusb0.sys [2007-03-20 28672]
S3 R5U870FLx86;R5U870 UVC Lower Filter  ;c:\windows\system32\Drivers\R5U870FLx86.sys [2007-10-30 75008]
S3 R5U870FUx86;R5U870 UVC Upper Filter  ;c:\windows\system32\Drivers\R5U870FUx86.sys [2007-10-30 43904]
S3 SFEP;Sony Firmware Extension Parser;c:\windows\system32\DRIVERS\SFEP.sys [2007-08-29 9344]
S3 ti21sony;ti21sony;c:\windows\system32\drivers\ti21sony.sys [2007-06-06 812544]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs	REG_MULTI_SZ   	BthServ
Akamai	REG_MULTI_SZ   	Akamai
.
Inhalt des "geplante Tasks" Ordners

2010-05-25 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-05-24 12:09]

2010-05-25 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-05-24 12:09]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.de/
uInternet Settings,ProxyOverride = <local>;*.local
uInternet Settings,ProxyServer = http=127.0.0.1:5555
uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
IE: Bild an &Bluetooth-Gerät senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Seite an &Bluetooth-Gerät senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
DPF: {DC6FEBC5-0A2D-458A-A01B-5DB15EEC4305} - hxxp://webc.marvin-plogsties.de/auth/controls/IlosoftImageUpload.dll
FF - ProfilePath - c:\users\Marvin\AppData\Roaming\Mozilla\Firefox\Profiles\4ioevbv7.default\
FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npPandoWebInst.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: c:\programdata\NexonEU\NGM\npNxGameeu.dll
FF - plugin: c:\programdata\NexonUS\NGM\npNxGameUS.dll

---- FIREFOX Richtlinien ----
FF - user.js: network.proxy.type - 0
FF - user.js: network.proxy.http - 
FF - user.js: network.proxy.http_port - 0
FF - user.js: network.proxy.ssl - 
FF - user.js: network.proxy.ssl_port - 0
FF - user.js: network.proxy.ftp - 
FF - user.js: network.proxy.ftp_port - 0
FF - user.js: network.proxy.gopher - 
FF - user.js: network.proxy.gopher_port - 0
FF - user.js: network.proxy.socks_version - 5
FF - user.js: network.proxy.socks - 
FF - user.js: network.proxy.socks_port - 0
.
.
------- Dateityp-Verknüpfung -------
.
.reg=Regedit.Document
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -

HKLM-Run- Malwarebytes Anti-Malware  (reboot) - c:\program files\Malwarebytes' Anti-Malware\mbam.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2010-05-25 16:13
Windows 6.0.6001 Service Pack 1 NTFS

Scanne versteckte Prozesse... 

Scanne versteckte Autostarteinträge... 

Scanne versteckte Dateien... 

Scan erfolgreich abgeschlossen
versteckte Dateien: 0

**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------

[HKEY_USERS\S-1-5-21-3766326107-1066465417-3371808887-1000\Software\SecuROM\License information*]
"datasecu"=hex:8f,46,db,d1,f4,2c,ff,3b,0f,b6,e1,0b,a2,90,20,c4,4d,e4,42,50,0e,
   16,9e,6e,8b,67,a4,01,e7,49,cc,96,94,c2,90,d8,f5,cf,05,3e,44,c8,a4,c7,d1,8a,\
"rkeysecu"=hex:73,28,8c,08,11,2c,27,83,f5,c4,d5,54,2c,55,b9,22

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Zeit der Fertigstellung: 2010-05-25  16:18:48
ComboFix-quarantined-files.txt  2010-05-25 14:18

Vor Suchlauf: 6.793.908.224 Bytes frei
Nach Suchlauf: 6.704.091.136 Bytes frei

- - End Of File - - 63454636B2D78323E09BC1BAAFF4E899
         
aber auch schon ohne neustart sehe ich, dass IE, WLM und weitere programme wie online games die über internet laufen wieder fuktionieren.
vielen dank dafür

Antwort

Themen zu avto1.exe; svchosty.exe; q1.exe; ...: "System Error. Code: 5. Zugriff verweigert."
anmelden, antivir, avto1, bytes, detected, direkt, file, januar, laptop, malware, melde, process, spybot, starte, status, svchosty, temp, this, trojan.ertfor, trojan.vundo, trojaner, win



Ähnliche Themen: avto1.exe; svchosty.exe; q1.exe; ...: "System Error. Code: 5. Zugriff verweigert."


  1. Windows 7 64bit - Permanent "Fehler 5: Zugriff verweigert" trotz Adminrechten
    Log-Analyse und Auswertung - 17.12.2014 (14)
  2. Win8.1 - unknown MBR Code aber keine Funde - TaskManager zeigte Zugriff Verweigert
    Plagegeister aller Art und deren Bekämpfung - 24.08.2014 (18)
  3. Eigene Dateien nur noch als Verknüpfung da, und "zugriff verweigert"
    Plagegeister aller Art und deren Bekämpfung - 15.12.2013 (7)
  4. "system error. hard disk failure detected" sämtliche daten gelöscht
    Log-Analyse und Auswertung - 25.05.2012 (29)
  5. Virus "System Error. Hard disk failure detected"
    Log-Analyse und Auswertung - 17.05.2012 (39)
  6. Problem mit "System Check" Critical error
    Plagegeister aller Art und deren Bekämpfung - 16.03.2012 (9)
  7. aswMBR.exe findet "Windows XP default MBR code" auf Win7 64bit System und unbekannte Partitionstabel
    Log-Analyse und Auswertung - 29.10.2011 (5)
  8. [GELÖST] ESET Fehlermeldung "Zugriff verweigert"
    Log-Analyse und Auswertung - 30.06.2011 (3)
  9. svchosty System Error Code 5. Zugriff verweigert
    Plagegeister aller Art und deren Bekämpfung - 10.06.2010 (1)
  10. Vista startet nicht mehr wegen "c000021a {Fatal System Error}"
    Alles rund um Windows - 21.08.2009 (11)
  11. Zugriff auf Laufwerke wird verweigert: "Recycler/... konnte nicht gefunden werden."
    Plagegeister aller Art und deren Bekämpfung - 19.05.2009 (3)
  12. "error cleaner" "privacy protector" "spyware&malware protection"
    Plagegeister aller Art und deren Bekämpfung - 28.06.2008 (7)
  13. "error cleaner" "privacy protector" "spyware und malware protection"
    Plagegeister aller Art und deren Bekämpfung - 28.06.2008 (2)
  14. "System Error"-Meldungen über einen Trojaner...hilfe bitte
    Mülltonne - 26.06.2008 (0)
  15. Habe auch dieses Problem" system error your computer was infected by unknown trojan"
    Plagegeister aller Art und deren Bekämpfung - 24.03.2008 (3)
  16. iexplore.exe "zugriff verweigert" und 8X svchost.exe
    Log-Analyse und Auswertung - 21.01.2008 (1)
  17. ">"">><meta http-equiv="Refresh" content="0;url=http://askimizsonsuza.com/code/">"">
    Plagegeister aller Art und deren Bekämpfung - 04.09.2006 (4)

Zum Thema avto1.exe; svchosty.exe; q1.exe; ...: "System Error. Code: 5. Zugriff verweigert." - Sobald ich meinen Laptop starte kommem direkt nach dem anmelden zuerst etliche dieser fehlermeldungssounds und ab und zu kann ich dann eben die fehlermeldung "System Error. Code: 5. Zugriff verweigert." - avto1.exe; svchosty.exe; q1.exe; ...: "System Error. Code: 5. Zugriff verweigert."...
Archiv
Du betrachtest: avto1.exe; svchosty.exe; q1.exe; ...: "System Error. Code: 5. Zugriff verweigert." auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.