Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Tuguu VAF-Player Malware eingefangen, seitdem Warnmeldungen (svchost)

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 02.06.2013, 13:47   #1
luna_planlos
 
Tuguu VAF-Player Malware eingefangen, seitdem Warnmeldungen (svchost) - Standard

Tuguu VAF-Player Malware eingefangen, seitdem Warnmeldungen (svchost)



Hallo Ihr,
erstmal: toll, dass es dieses Forum gibt, wohin man sich wenden kann. Danke schonmal im Voraus für eure Zeit...

Seit gestern habe ich folgendes Problem:
Ich bekam eine scheinbar ganz gewöhnliche Aufforderung, den Flash-Player zu aktualisieren. Tja, reingefallen. Plötzlich hatte ich ein unerwünschtes Programm namens "VAFPlayer" auf dem PC. Ich habe panisch deinstalliert, meine sämtlichen Virenprogis (Spybot, AntiVir, Malwarebytes) nacheinander laufen lassen. Ein Fund wurde mir nur bei Spybot angezeigt, allerdings scheinbar auch bereinigt.

Allerdings ploppt seitdem immer wieder folgende Warnmeldung von Malwarebytes auf:
Zitat:
Zugang auf potentiell gefährliche Webseite erfolgreich gestoppt: 82.98.97.183
Art: ausgehend
Port: 50941 Prozess: svchost.exe
Diese Meldung kommt regelmäßig mindestens alle Viertelstunde - lasse ich Malwarebytes laufen, findet es aber nichts.

Auf Anraten eines Freundes habe ich mir noch Avast Free Antivirus runtergeladen, aber auch dieses Programm findet nichts. Nur hat sich die Meldung seitdem dahingehend verändert, dass bei "Prozess" nun "avast.exe" angegeben wird.


Wie hier im "Für alle Hilfesuchenden"-Thread angeraten, habe ich nun den Defogger downgeloadet (keine Fehlermeldung) und danach OTL und auch drüber laufen lassen.

Hier die Logs/Textdateien:

OTL.txt:
Code:
ATTFilter
OTL logfile created on: 02.06.2013 14:10:23 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Violet\Desktop
64bit- Home Premium Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,86 Gb Total Physical Memory | 2,22 Gb Available Physical Memory | 57,44% Memory free
7,71 Gb Paging File | 5,65 Gb Available in Paging File | 73,28% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 452,32 Gb Total Space | 390,54 Gb Free Space | 86,34% Space Free | Partition Type: NTFS
 
Computer Name: VIOLET-VAIO | User Name: Violet | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013.06.02 14:09:43 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Violet\Desktop\OTL (1).exe
PRC - [2013.06.01 14:30:45 | 000,360,512 | ---- | M] (eSafe Security Co., Ltd.) -- C:\ProgramData\eSafe\eSafeSvc.exe
PRC - [2013.05.09 10:58:30 | 004,858,968 | ---- | M] (AVAST Software) -- C:\Programme\AVAST Software\Avast\AvastUI.exe
PRC - [2013.05.09 10:58:30 | 000,046,808 | ---- | M] (AVAST Software) -- C:\Programme\AVAST Software\Avast\AvastSvc.exe
PRC - [2013.05.07 16:32:56 | 000,345,312 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2013.04.04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2013.04.04 14:50:32 | 000,532,040 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2013.04.04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2013.04.04 14:23:35 | 000,086,752 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2013.04.04 14:22:51 | 000,110,816 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2013.02.08 14:55:20 | 001,644,680 | ---- | M] (Ask) -- C:\Program Files (x86)\Ask.com\Updater\Updater.exe
PRC - [2011.02.14 14:23:50 | 000,044,736 | ---- | M] (Sony Corporation) -- C:\Programme\Sony\VAIO Care\VCService.exe
PRC - [2011.01.29 06:36:18 | 000,081,016 | ---- | M] (Sony of America Corporation) -- C:\Programme\Sony\VAIO Care\listener.exe
PRC - [2010.06.08 23:55:16 | 000,013,600 | ---- | M] (Broadcom Corporation.) -- C:\Programme\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe
PRC - [2010.06.01 03:01:56 | 000,367,456 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe
PRC - [2010.06.01 03:01:54 | 000,600,928 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe
PRC - [2010.05.31 19:18:32 | 000,217,968 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe
PRC - [2010.05.31 19:18:32 | 000,120,176 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe
PRC - [2010.05.31 17:01:52 | 000,673,136 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe
PRC - [2010.05.28 22:02:57 | 002,320,920 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
PRC - [2010.05.28 22:02:38 | 000,268,824 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
PRC - [2010.05.21 00:59:30 | 011,312,128 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
PRC - [2010.05.21 00:59:28 | 011,318,784 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
PRC - [2010.03.18 12:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
PRC - [2010.03.04 05:16:04 | 000,284,696 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
PRC - [2010.01.27 10:40:58 | 000,323,584 | ---- | M] (Eastman Kodak Company) -- C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\EasyShare.exe
PRC - [2009.03.05 17:07:20 | 002,260,480 | RHS- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2009.01.26 16:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
PRC - [2008.09.18 10:59:10 | 000,104,960 | ---- | M] (ArcSoft, Inc.) -- C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2013.02.16 21:07:37 | 012,433,920 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\05682429807d34d6ff05a77ea153935f\System.Windows.Forms.ni.dll
MOD - [2013.01.12 21:44:04 | 000,452,608 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\dd2d0cf72eac6e5b113a0059aeb3cab5\IAStorUtil.ni.dll
MOD - [2013.01.12 21:12:13 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\01b47a246b4ec7bfec31bf4503aceda1\System.Runtime.Remoting.ni.dll
MOD - [2013.01.12 21:11:05 | 001,592,832 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\e2ee5d77ebe0bd025e7a7a317a43d677\System.Drawing.ni.dll
MOD - [2013.01.12 21:10:15 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\10aba2c167cc1119b80159fd9ac71ca8\System.Xml.ni.dll
MOD - [2013.01.12 21:10:05 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\96a3b737db1e72adaf32d2b350e50c23\System.Configuration.ni.dll
MOD - [2013.01.12 21:09:52 | 007,974,400 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\c54750e64ba10d0fb7b6a636fb3695ca\System.ni.dll
MOD - [2013.01.12 21:08:38 | 011,490,816 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\b0b8554c05f194f546a8ed531320760b\mscorlib.ni.dll
MOD - [2012.08.27 21:33:32 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2012.08.27 21:33:08 | 001,242,512 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2010.12.15 23:02:05 | 002,236,416 | ---- | M] () -- C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\SkinuxCmpV.dll
MOD - [2010.12.15 23:02:05 | 001,396,736 | ---- | M] () -- C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\SkinuxCommonV.dll
MOD - [2010.12.15 23:02:05 | 000,868,352 | ---- | M] () -- C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\SkinuxBaseV.dll
MOD - [2010.12.15 23:02:05 | 000,847,872 | ---- | M] () -- C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\SkinuxXML2V.dll
MOD - [2010.12.15 23:02:05 | 000,782,336 | ---- | M] () -- C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\SkinuxImV.dll
MOD - [2010.12.15 23:02:05 | 000,688,128 | ---- | M] () -- C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\VPrintOnline.dll
MOD - [2010.12.15 23:02:05 | 000,688,128 | ---- | M] () -- C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\LocVistaControls.dll
MOD - [2010.12.15 23:02:05 | 000,528,384 | ---- | M] () -- C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\SkinuxProcV.dll
MOD - [2010.12.15 23:02:05 | 000,462,848 | ---- | M] () -- C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\SkinuxFFV.dll
MOD - [2010.12.15 23:02:05 | 000,237,568 | ---- | M] () -- C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\SpiffyExt.dll
MOD - [2010.12.15 23:02:05 | 000,217,088 | ---- | M] () -- C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\LocESUpload.dll
MOD - [2010.12.15 23:02:05 | 000,155,648 | ---- | M] () -- C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\SkinuxZipV.dll
MOD - [2010.12.15 23:02:05 | 000,155,648 | ---- | M] () -- C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\LocVistaCDBackup.dll
MOD - [2010.12.15 23:02:05 | 000,143,360 | ---- | M] () -- C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\VPrintOnlineHelper40.dll
MOD - [2010.12.15 23:02:05 | 000,094,208 | ---- | M] () -- C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\LocVistaPrintOnLine.dll
MOD - [2010.12.15 23:02:05 | 000,010,752 | ---- | M] () -- C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\LocVistaAdapter.dll
MOD - [2010.12.15 23:02:05 | 000,009,728 | ---- | M] () -- C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\LocUpdateCheck.dll
MOD - [2010.12.15 23:02:05 | 000,009,728 | ---- | M] () -- C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\LocPCD.dll
MOD - [2010.12.15 23:02:04 | 011,503,616 | ---- | M] () -- C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\ESSkin.esx
MOD - [2010.12.15 23:02:04 | 001,564,672 | ---- | M] () -- C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\AreaIFDLL.dll
MOD - [2010.12.15 23:02:04 | 000,761,856 | ---- | M] () -- C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\ESCliWicMDRW.esx
MOD - [2010.12.15 23:02:04 | 000,684,032 | ---- | M] () -- C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\ESEmail.esx
MOD - [2010.12.15 23:02:04 | 000,471,040 | ---- | M] () -- C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\Escom.dll
MOD - [2010.12.15 23:02:04 | 000,406,016 | ---- | M] () -- C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\Kfx.dll
MOD - [2010.12.15 23:02:04 | 000,356,352 | ---- | M] () -- C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\Atlas.dll
MOD - [2010.12.15 23:02:04 | 000,339,968 | ---- | M] () -- C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\VistaAdapter.esx
MOD - [2010.12.15 23:02:04 | 000,315,392 | ---- | M] () -- C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\VistaPrintOnline.esx
MOD - [2010.12.15 23:02:04 | 000,264,192 | ---- | M] () -- C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\AppCore.dll
MOD - [2010.12.15 23:02:04 | 000,233,984 | ---- | M] () -- C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\VistaControls.esx
MOD - [2010.12.15 23:02:04 | 000,171,520 | ---- | M] () -- C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\Pcd.esx
MOD - [2010.12.15 23:02:04 | 000,167,936 | ---- | M] () -- C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\LocESEmail.dll
MOD - [2010.12.15 23:02:04 | 000,152,576 | ---- | M] () -- C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\IStorageMediaStore.esx
MOD - [2010.12.15 23:02:04 | 000,129,536 | ---- | M] () -- C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\kpries40.dll
MOD - [2010.12.15 23:02:04 | 000,098,304 | ---- | M] () -- C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\VistaCDBackup.esx
MOD - [2010.12.15 23:02:04 | 000,094,208 | ---- | M] () -- C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\LocAcqMod.dll
MOD - [2010.12.15 23:02:04 | 000,084,480 | ---- | M] () -- C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\UpdateChecker.esx
MOD - [2010.12.15 23:02:04 | 000,084,480 | ---- | M] () -- C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\keml40.dll
MOD - [2010.12.15 23:02:04 | 000,078,848 | ---- | M] () -- C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\DXRawFormatHandler.esx
MOD - [2010.12.15 23:02:04 | 000,062,464 | ---- | M] () -- C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\DibLibIP.dll
MOD - [2010.12.15 23:02:04 | 000,052,224 | ---- | M] () -- C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\KPCDInterface.dll
MOD - [2010.12.15 23:02:04 | 000,044,544 | ---- | M] () -- C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\LocCamBack.dll
MOD - [2010.07.29 23:05:14 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll
MOD - [2010.07.29 23:05:11 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting.resources\2.0.0.0_de_b77a5c561934e089\System.Runtime.Remoting.resources.dll
MOD - [2010.05.04 16:36:28 | 000,970,752 | ---- | M] () -- C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2011.01.29 06:36:18 | 000,259,192 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Sony\VAIO Care\VCPerfService.exe -- (SampleCollector)
SRV:64bit: - [2010.10.08 08:55:08 | 000,202,752 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2013.06.01 14:30:45 | 000,360,512 | ---- | M] (eSafe Security Co., Ltd.) [Auto | Running] -- C:\ProgramData\eSafe\eSafeSvc.exe -- (eSafeSvc)
SRV - [2013.05.09 10:58:30 | 000,046,808 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Programme\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2013.04.04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2013.04.04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2013.04.04 14:23:35 | 000,086,752 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2013.04.04 14:22:51 | 000,110,816 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2013.02.28 18:45:16 | 000,161,384 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012.10.26 10:44:28 | 001,286,784 | ---- | M] (Sony Corporation) [On_Demand | Running] -- C:\Programme\Sony\VAIO Update\VUAgent.exe -- (VUAgent)
SRV - [2011.02.14 14:23:50 | 000,044,736 | ---- | M] (Sony Corporation) [On_Demand | Running] -- C:\Programme\Sony\VAIO Care\VCService.exe -- (VCService)
SRV - [2010.08.11 09:46:06 | 000,845,312 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Programme\Sony\VAIO Smart Network\VSNService.exe -- (VSNService)
SRV - [2010.07.29 13:22:44 | 000,867,080 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010.06.21 18:00:52 | 000,575,856 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Programme\Sony\VAIO Power Management\SPMService.exe -- (VAIO Power Management)
SRV - [2010.06.20 21:47:18 | 000,108,400 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe -- (SOHCImp)
SRV - [2010.06.20 21:47:16 | 000,067,952 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe -- (SOHDs)
SRV - [2010.06.18 07:07:12 | 000,423,280 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe -- (SOHDms)
SRV - [2010.06.17 12:44:10 | 000,851,824 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe -- (VCFw)
SRV - [2010.06.09 15:57:16 | 000,101,232 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe -- (VcmXmlIfHelper)
SRV - [2010.06.09 15:56:02 | 000,384,880 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Programme\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe -- (VcmINSMgr)
SRV - [2010.06.09 15:55:00 | 000,537,456 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Programme\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe -- (VcmIAlzMgr)
SRV - [2010.06.08 23:55:14 | 000,952,096 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Programme\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins)
SRV - [2010.06.06 22:13:46 | 000,304,496 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe -- (SpfService)
SRV - [2010.06.01 15:31:28 | 002,804,568 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe -- (NOBU)
SRV - [2010.06.01 03:01:56 | 000,367,456 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe -- (PMBDeviceInfoProvider)
SRV - [2010.05.31 19:18:32 | 000,217,968 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe -- (VAIO Event Service)
SRV - [2010.05.28 22:02:57 | 002,320,920 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2010.05.28 22:02:38 | 000,268,824 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010.03.18 12:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2010.03.04 05:16:06 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)
SRV - [2009.10.09 05:45:56 | 000,169,312 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor8.0)
SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008.09.18 10:59:10 | 000,104,960 | ---- | M] (ArcSoft, Inc.) [Auto | Running] -- C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe -- (uCamMonitor)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2013.05.09 10:59:07 | 001,025,808 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSnx.sys -- (aswSnx)
DRV:64bit: - [2013.05.09 10:59:07 | 000,378,432 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP)
DRV:64bit: - [2013.05.09 10:59:07 | 000,189,936 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswVmm.sys -- (aswVmm)
DRV:64bit: - [2013.05.09 10:59:07 | 000,072,016 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr2.sys -- (aswRdr)
DRV:64bit: - [2013.05.09 10:59:07 | 000,065,336 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswRvrt.sys -- (aswRvrt)
DRV:64bit: - [2013.05.09 10:59:07 | 000,064,288 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswTdi.sys -- (aswTdi)
DRV:64bit: - [2013.05.09 10:59:06 | 000,080,816 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2013.05.09 10:59:06 | 000,033,400 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV:64bit: - [2013.04.04 14:50:32 | 000,025,928 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2013.04.04 14:23:49 | 000,130,016 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2013.04.04 14:23:49 | 000,100,712 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2013.04.04 14:23:49 | 000,028,600 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr)
DRV:64bit: - [2012.08.21 13:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012.07.09 13:42:54 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012.03.01 08:54:38 | 000,022,896 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2010.10.08 08:55:08 | 006,661,120 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2010.10.08 08:55:08 | 006,661,120 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2010.10.08 08:55:08 | 000,195,584 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2010.06.24 22:34:53 | 000,271,872 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
DRV:64bit: - [2010.06.24 22:33:43 | 010,326,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2010.06.23 22:04:45 | 000,021,544 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwrchid.sys -- (btwrchid)
DRV:64bit: - [2010.06.23 22:04:43 | 000,342,056 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwampfl.sys -- (btwampfl)
DRV:64bit: - [2010.06.23 22:04:43 | 000,135,720 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt)
DRV:64bit: - [2010.06.23 22:04:43 | 000,102,952 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio)
DRV:64bit: - [2010.06.23 22:04:09 | 000,039,464 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwl2cap.sys -- (btwl2cap)
DRV:64bit: - [2010.06.23 22:03:07 | 000,078,848 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\risdsne64.sys -- (risdsnpe)
DRV:64bit: - [2010.06.23 22:02:59 | 000,094,208 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\rimssne64.sys -- (rimspci)
DRV:64bit: - [2010.05.31 23:36:48 | 000,402,720 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7)
DRV:64bit: - [2010.05.31 23:36:41 | 001,573,888 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2010.05.31 23:31:21 | 000,316,464 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2010.05.31 22:10:13 | 000,231,328 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtHDMIVX.sys -- (RTHDMIAzAudService)
DRV:64bit: - [2010.05.28 22:03:12 | 000,158,976 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd)
DRV:64bit: - [2010.05.28 22:02:36 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64)
DRV:64bit: - [2010.04.26 22:20:29 | 000,012,032 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SFEP.sys -- (SFEP)
DRV:64bit: - [2010.03.04 04:51:40 | 000,540,696 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2009.10.10 04:41:20 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2009.07.14 03:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2009.07.14 03:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.05.26 14:32:04 | 000,019,968 | ---- | M] (ArcSoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ArcSoftKsUFilter.sys -- (ArcSoftKsUFilter)
DRV:64bit: - [2008.06.16 03:00:00 | 000,055,024 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=SVEE&bmod=SVEE
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.bing.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.bing.com
IE - HKCU\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
IE - HKCU\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://www.delta-search.com/?q={searchTerms}&affID=120519&tt=gc_&babsrc=SP_ss&mntrId=54704A0F6EDBE238
IE - HKCU\..\SearchScopes\{104A6D25-CFE8-4B46-9870-30FB22C87BBA}: "URL" = hxxp://rover.ebay.com/rover/1/707-37276-16609-9/4?satitle={searchTerms}
IE - HKCU\..\SearchScopes\{11FB90CA-8588-4224-A255-B0CEE7BB34F6}: "URL" = hxxp://services.zinio.com/search?s={searchTerms}&rf=sonyslices
IE - HKCU\..\SearchScopes\{70D800E8-32F6-473B-9302-98F6E62FA7A8}: "URL" = hxxp://de.shopping.com/?linkin_id=8056363
IE - HKCU\..\SearchScopes\{ACBEF858-495B-443F-9C53-BE99D3A4B628}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=ORJ&o=100000027&src=crm&q={searchTerms}&locale=de_DE&apn_ptnrs=U3&apn_dtid=YYYYYYYYDE&apn_uid=CB4CF5E0-893D-4D53-BD9E-B067815538DB&apn_sauid=E818C8A2-5322-412B-8B4D-4F6E89AC9E76
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>;*.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultengine: "Ask.com Search"
FF - prefs.js..browser.search.defaultthis.engineName: "Search"
FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=3&q={searchTerms}"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26
FF - prefs.js..extensions.enabledItems: ffxtlbr@delta.com:1.5.0
FF - prefs.js..extensions.enabledItems: toolbar@ask.com:3.15.15.100013
FF - prefs.js..extensions.enabledItems: {872b5b88-9db5-4310-bdd0-ac189557e5f5}:2.7.2.0
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.8
FF - prefs.js..extensions.enabledItems: singalong@xenophesoft.com:1.111
FF - prefs.js..browser.startup.homepage: 
 
 
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.17.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\info@allpremiumplay.info: C:\Users\Violet\AppData\Roaming\Mozilla\Firefox\Profiles\mfjb2jkt.default\extensions\info@allpremiumplay.info [2012.03.24 21:22:10 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2013.06.02 12:14:10 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.10.07 22:54:20 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.10.07 22:54:20 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\singalong@xenophesoft.com: C:\Program Files (x86)\SingAlong\FF\ [2013.06.01 14:28:56 | 000,000,000 | ---D | M]
 
[2010.12.07 18:25:07 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Violet\AppData\Roaming\mozilla\Extensions
[2013.06.01 17:05:09 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Violet\AppData\Roaming\mozilla\Firefox\Profiles\mfjb2jkt.default\extensions
[2011.03.27 14:22:10 | 000,000,000 | ---D | M] (DVDVideoSoftTB Toolbar) -- C:\Users\Violet\AppData\Roaming\mozilla\Firefox\Profiles\mfjb2jkt.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}
[2010.12.18 16:15:18 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\Violet\AppData\Roaming\mozilla\Firefox\Profiles\mfjb2jkt.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2013.06.01 14:29:25 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Violet\AppData\Roaming\mozilla\Firefox\Profiles\mfjb2jkt.default\extensions\ffxtlbr@babylon.com
[2012.03.24 21:22:10 | 000,000,000 | ---D | M] (Codec-C) -- C:\Users\Violet\AppData\Roaming\mozilla\Firefox\Profiles\mfjb2jkt.default\extensions\info@allpremiumplay.info
[2013.04.06 16:27:22 | 000,000,000 | ---D | M] ("Ask Toolbar") -- C:\Users\Violet\AppData\Roaming\mozilla\Firefox\Profiles\mfjb2jkt.default\extensions\toolbar@ask.com
[2013.06.01 16:04:18 | 000,002,408 | ---- | M] () -- C:\Users\Violet\AppData\Roaming\mozilla\firefox\profiles\mfjb2jkt.default\searchplugins\askcom.xml
[2013.04.04 13:48:31 | 000,002,306 | ---- | M] () -- C:\Users\Violet\AppData\Roaming\mozilla\firefox\profiles\mfjb2jkt.default\searchplugins\askcomsearch.xml
[2013.06.01 14:29:03 | 000,006,503 | ---- | M] () -- C:\Users\Violet\AppData\Roaming\mozilla\firefox\profiles\mfjb2jkt.default\searchplugins\babylon.xml
[2012.04.06 13:50:55 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2010.12.07 23:26:01 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011.01.15 00:05:08 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011.03.16 14:56:12 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2011.06.24 22:31:32 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
[2013.06.01 14:28:56 | 000,000,000 | ---D | M] ("Sing Along") -- C:\PROGRAM FILES (X86)\SINGALONG\FF
File not found (No name found) -- C:\USERS\VIOLET\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MFJB2JKT.DEFAULT\EXTENSIONS\FFXTLBR@DELTA.COM
[2010.10.27 07:44:13 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2010.10.27 07:44:13 | 000,002,344 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2010.10.27 07:44:13 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2010.10.27 07:44:13 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2010.10.27 07:44:13 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}
CHR - homepage: hxxp://www.google.de/
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.94\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.94\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.94\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll
CHR - plugin: Java(TM) Platform SE 7 U17 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Java Deployment Toolkit 7.0.170.2 (Enabled) = C:\Windows\SysWOW64\npDeployJava1.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - Extension: Sing Along = C:\Users\Violet\AppData\Local\Google\Chrome\User Data\Default\Extensions\abepbblpkilpjohncjbccmdjhdhbnhdj\1.111_0\
CHR - Extension: DvdVideoSoft Free Youtube Download = C:\Users\Violet\AppData\Local\Google\Chrome\User Data\Default\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp\1.0.0.0_0\
 
O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (avast! Online Security) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Programme\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.7.8313.1002\swg64.dll (Google Inc.)
O2 - BHO: (Codec-C Class) - {0D56E386-F8C6-4FBC-9A7E-E8DA50072D26} - C:\ProgramData\Codec-C\bhoclass.dll File not found
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Sing Along) - {6492E171-2427-4932-B414-33574A089F5E} - C:\Program Files (x86)\SingAlong\singalng.dll (Xenophesoft)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.8313.1002\swg.dll (Google Inc.)
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (avast! Online Security) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Programme\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O4:64bit: - HKLM..\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [ApnUpdater] C:\Program Files (x86)\Ask.com\Updater\Updater.exe (Ask)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [ISBMgr.exe] C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe (Sony Corporation)
O4 - HKLM..\Run: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe (Symantec Corporation)
O4 - HKLM..\Run: [PMBVolumeWatcher] C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe (Sony Corporation)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKCU..\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background File not found
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - Startup: C:\Users\Violet\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Violet\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Violet\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O9 - Extra Button: Add to Evernote - {E0B8C461-F8FB-49b4-8373-FE32E92528A6} - C:\Program Files (x86)\Evernote\Evernote3.5\enbar.dll (Evernote Corporation)
O9 - Extra 'Tools' menuitem : Add to Evernote - {E0B8C461-F8FB-49b4-8373-FE32E92528A6} - C:\Program Files (x86)\Evernote\Evernote3.5\enbar.dll (Evernote Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{BC863AAA-54E2-4F05-A57B-5B003D0368DB}: DhcpNameServer = 172.16.16.19
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C3FA99C0-6D20-46D3-A571-87208C430CB4}: DhcpNameServer = 192.168.0.1
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.06.02 14:09:40 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Violet\Desktop\OTL (1).exe
[2013.06.02 12:18:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
[2013.06.02 12:14:50 | 000,378,432 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys
[2013.06.02 12:14:50 | 000,033,400 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswFsBlk.sys
[2013.06.02 12:14:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Free Antivirus
[2013.06.02 12:14:49 | 001,025,808 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys
[2013.06.02 12:14:49 | 000,072,016 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr2.sys
[2013.06.02 12:14:49 | 000,064,288 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswTdi.sys
[2013.06.02 12:14:45 | 000,080,816 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys
[2013.06.02 12:14:44 | 000,287,840 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe
[2013.06.02 12:13:54 | 000,041,664 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
[2013.06.02 12:13:34 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2013.06.02 12:12:40 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
[2013.06.01 15:36:54 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Extensions
[2013.06.01 15:36:53 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\searchplugins
[2013.06.01 14:44:08 | 000,000,000 | ---D | C] -- C:\Program Files\Uninstaller
[2013.06.01 14:43:35 | 000,000,000 | ---D | C] -- C:\Users\Violet\AppData\Roaming\player
[2013.06.01 14:37:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft.NET
[2013.06.01 14:30:45 | 000,000,000 | ---D | C] -- C:\ProgramData\eSafe
[2013.06.01 14:29:18 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP
[2013.06.01 14:28:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SingAlong
[2013.05.07 16:34:07 | 000,083,160 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avnetflt.sys
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013.06.02 14:10:06 | 000,013,872 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.06.02 14:10:06 | 000,013,872 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.06.02 14:09:43 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Violet\Desktop\OTL (1).exe
[2013.06.02 14:07:32 | 000,000,000 | ---- | M] () -- C:\Users\Violet\defogger_reenable
[2013.06.02 14:03:44 | 000,000,394 | ---- | M] () -- C:\Windows\tasks\Sing Along Update.job
[2013.06.02 13:59:21 | 000,001,120 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013.06.02 13:58:24 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.06.02 13:58:18 | 3106,480,128 | -HS- | M] () -- C:\hiberfil.sys
[2013.06.02 13:40:01 | 000,001,124 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013.06.02 12:14:50 | 000,001,922 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2013.06.02 12:14:45 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt
[2013.06.01 19:19:52 | 001,611,160 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013.06.01 19:19:52 | 000,696,370 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2013.06.01 19:19:52 | 000,651,648 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013.06.01 19:19:52 | 000,147,634 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2013.06.01 19:19:52 | 000,120,580 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013.06.01 16:28:45 | 000,001,240 | ---- | M] () -- C:\Windows\wininit.ini
[2013.06.01 15:03:05 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2013.06.01 14:42:50 | 001,589,182 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2013.05.09 10:59:07 | 001,025,808 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys
[2013.05.09 10:59:07 | 000,378,432 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys
[2013.05.09 10:59:07 | 000,189,936 | ---- | M] () -- C:\Windows\SysNative\drivers\aswVmm.sys
[2013.05.09 10:59:07 | 000,072,016 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr2.sys
[2013.05.09 10:59:07 | 000,065,336 | ---- | M] () -- C:\Windows\SysNative\drivers\aswRvrt.sys
[2013.05.09 10:59:07 | 000,064,288 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswTdi.sys
[2013.05.09 10:59:06 | 000,080,816 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys
[2013.05.09 10:59:06 | 000,033,400 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswFsBlk.sys
[2013.05.09 10:58:37 | 000,041,664 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr
[2013.05.09 10:58:11 | 000,287,840 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe
[2013.05.07 16:33:53 | 000,083,160 | ---- | M] (Avira GmbH) -- C:\Windows\SysNative\drivers\avnetflt.sys
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013.06.02 14:07:32 | 000,000,000 | ---- | C] () -- C:\Users\Violet\defogger_reenable
[2013.06.02 12:14:50 | 000,001,922 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2013.06.02 12:14:48 | 000,189,936 | ---- | C] () -- C:\Windows\SysNative\drivers\aswVmm.sys
[2013.06.02 12:14:47 | 000,065,336 | ---- | C] () -- C:\Windows\SysNative\drivers\aswRvrt.sys
[2013.06.02 12:14:45 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\config.nt
[2013.06.01 15:22:01 | 000,001,240 | ---- | C] () -- C:\Windows\wininit.ini
[2013.06.01 14:42:48 | 001,589,182 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2013.06.01 14:28:56 | 000,000,394 | ---- | C] () -- C:\Windows\tasks\Sing Along Update.job
 
========== ZeroAccess Check ==========
 
[2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 07:30:56 | 014,165,504 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 06:46:56 | 012,868,608 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009.07.14 03:15:20 | 000,605,696 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2012.09.18 17:07:58 | 000,000,000 | ---D | M] -- C:\Users\Violet\AppData\Roaming\DVDVideoSoft
[2010.12.18 16:15:18 | 000,000,000 | ---D | M] -- C:\Users\Violet\AppData\Roaming\DVDVideoSoftIEHelpers
[2012.11.03 16:30:27 | 000,000,000 | ---D | M] -- C:\Users\Violet\AppData\Roaming\IrfanView
[2010.12.12 16:25:11 | 000,000,000 | ---D | M] -- C:\Users\Violet\AppData\Roaming\OpenOffice.org
[2013.06.01 16:01:05 | 000,000,000 | ---D | M] -- C:\Users\Violet\AppData\Roaming\player
[2010.12.15 23:03:13 | 000,000,000 | ---D | M] -- C:\Users\Violet\AppData\Roaming\Skinux
 
========== Purity Check ==========
 
 

< End of report >
         

Extras.txt:
Code:
ATTFilter
OTL Extras logfile created on: 02.06.2013 14:10:23 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Violet\Desktop
64bit- Home Premium Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,86 Gb Total Physical Memory | 2,22 Gb Available Physical Memory | 57,44% Memory free
7,71 Gb Paging File | 5,65 Gb Available in Paging File | 73,28% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 452,32 Gb Total Space | 390,54 Gb Free Space | 86,34% Space Free | Partition Type: NTFS
 
Computer Name: VIOLET-VAIO | User Name: Violet | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Browse with &IrfanView] -- "C:\Program Files (x86)\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Browse with &IrfanView] -- "C:\Program Files (x86)\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0D56CE6A-DC13-41DE-9708-AB2546515D55}" = lport=139 | protocol=6 | dir=in | app=system | 
"{132995B8-4915-46D1-9D6A-8182FC6079D3}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{25524BDE-1AD7-4EC6-ACF7-6E32ADDDDF33}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{265A0432-2F75-4A14-B112-FF8228BA2D44}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{28F31BEB-2EA4-4ED8-B1D3-B72EA916EB3D}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{303766EC-B4FD-4F75-8F5E-3AFE80216B05}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{30A88A22-362E-4372-B414-4A47B1C5D9F4}" = lport=137 | protocol=17 | dir=in | app=system | 
"{388FBB07-1423-4E10-80CB-9347917EC67C}" = rport=139 | protocol=6 | dir=out | app=system | 
"{4B31CFAB-B062-45EC-A9CA-CB18074A9F50}" = rport=137 | protocol=17 | dir=out | app=system | 
"{4C72963B-A661-4D90-8CA8-0F46E39DA3FD}" = rport=445 | protocol=6 | dir=out | app=system | 
"{53F38DE4-6FA6-4800-90DB-4667B59F767D}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{55DCAC27-0470-49AC-A260-AEEB24A56C5C}" = rport=138 | protocol=17 | dir=out | app=system | 
"{5A7ACAEE-0F30-473A-84A8-E333231DD5F6}" = lport=445 | protocol=6 | dir=in | app=system | 
"{5C02ECE1-0C88-4388-8D00-CF98219A002D}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{654E8C5D-F8A5-4A99-87A8-A636B2C92802}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{81818D65-09E0-4BE4-91B9-F2FFE33D35A9}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{8842F9E0-3B40-48FA-9D60-2A336E62FFF7}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{933EB418-8396-4061-98EF-D55700BA2CEC}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{A45A7274-D0BA-49CE-880A-491566C22A19}" = lport=138 | protocol=17 | dir=in | app=system | 
"{D05A3DE4-D8F6-4C3D-9217-A63F3AE55303}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{E6F42B80-121B-4A08-85FB-8CA5408DEF56}" = rport=10243 | protocol=6 | dir=out | app=system | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00999757-10A6-4F7D-B5A3-C989EC1B190F}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{03626DA9-BA80-4C01-9B89-59B9BB52ACF3}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{0DECA0E9-4BE3-43C7-B3CB-DC7567ECE14D}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{1D561B10-E023-429F-A173-978C3A8D00AF}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{1E71CD3C-2050-415F-B5CA-74C2F0623E33}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe | 
"{24BE904A-7F80-4AD7-B7C4-98C42B6CB1DB}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{250BBFCF-A47F-47CE-A445-D6F025EA3078}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{3C8A431E-DB8F-43C4-9899-FDAD3B4C4C13}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe | 
"{4071472E-DC43-4866-AE2B-B8531F35EE2B}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{42B20A81-718D-4211-83F5-BC9EDEF2A792}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{45A02115-487D-4E9E-B568-951EE8A52693}" = protocol=6 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe | 
"{4A0DA586-2CEF-4E64-BDFB-C095BDFC7876}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{549CF477-CAF5-49D4-97A2-6199913CA4AD}" = protocol=17 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe | 
"{72E05659-6EE8-4152-8A36-5C31FBEF07B5}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{7A23DEA3-D3F3-4175-9FF5-7E99C3F1660B}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{7D989951-CBFC-47D3-9CF3-23DD5171564F}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{813E2107-7896-46B2-9B3E-17C63E371433}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{819CE6D9-2F21-4BC7-A84B-C5F90AEC0046}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{864490F6-932A-44B6-9112-56182F48BF3D}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{91FD36C4-5D16-493A-9319-19B57AEF4E85}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{9BB6F011-2BDA-4DBF-AFE7-D1B1BADF10D9}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{9D7099E5-87E6-4B88-AC7C-E64C154667A4}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{A8B89DBD-468C-4938-B7D9-EF1993698C12}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{BBB5F5C7-5D80-4FAF-B3BD-8D13DE9B6769}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{C7B9DF05-F504-4123-82CF-FABC493AB0E8}" = protocol=6 | dir=out | app=system | 
"{D820BAC6-7C55-4967-9323-5684E6D87839}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{E106146D-A2B3-45B0-B06B-13D26A3248C2}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{E4FD2156-2218-4A59-A25E-3BF151EEAAFF}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe | 
"{F2D236E3-4A4E-424F-A2C1-DD28A87FFA67}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{10E14C74-0638-4996-ABAD-BBF7A6CF1FAA}" = PMB VAIO Edition plug-in (Click to Disc)
"{115B60D5-BBDB-490E-AF2E-064D37A3CE01}" = Media Gallery
"{1493B2AE-0261-47D2-B1AA-F4DAD0F6C48B}" = iTunes
"{1E37FC84-799E-481B-9462-3489861E36C9}" = PMB VAIO Edition plug-in (Click to Disc)
"{202B76AB-1B21-434E-A289-788D767D3A7C}" = Media Gallery
"{259FD439-13B0-0136-D0A0-FA89BB05831D}" = ccc-utility64
"{26A24AE4-039D-4CA4-87B4-2F86416020FF}" = Java(TM) 6 Update 20 (64-bit)
"{436E0B79-2CFB-4E5F-9380-E17C1B25D0C5}" = WIDCOMM Bluetooth Software
"{4DABD2B3-B67A-41B0-86FE-C11AAF5D158A}" = PMB VAIO Edition plug-in (VAIO Movie Story)
"{5AC18E2C-7EAB-4F9E-BEEC-07FD722B28E3}" = PMB VAIO Edition plug-in (VAIO Movie Story)
"{5AFD1F5C-8FDA-413C-AF38-F1E7BD10D72F}" = VAIO Media plus
"{5BC83141-83DD-07BE-C940-04B385540F04}" = ATI Catalyst Install Manager
"{6B7DE186-374B-4873-AEC1-7464DA337DD6}" = VU5x64
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{7446FE8D-C1F9-4D42-AAAE-5DBCE58605A6}" = Apple Mobile Device Support
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{A3D964A6-411A-4817-9D58-5CB8808F494E}" = VAIO Media plus
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"SynTPDeinstKey" = Synaptics Pointing Device Driver
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{007B37D9-0C45-4202-834B-DD5FAAE99D63}" = ArcSoft Print Creations - Slimline Card
"{00B03993-F5A1-47B1-9C54-EC8FBDDDE17E}" = VAIO Care
"{03EDED24-8375-407D-A721-4643D9768BE1}" = kgchlwn
"{07441A52-E208-478A-92B7-5C337CA8C131}" = Remote Play mit PlayStation®3
"{07B7598E-1FB8-1A95-7A30-F534A55726B4}" = CCC Help Czech
"{0899D75A-C2FC-42EA-A702-5B9A5F24EAD5}" = VAIO Smart Network
"{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime
"{11F3F858-4131-4FFA-A560-3FE282933B6E}" = kgchday
"{14D4ED84-6A9A-45A0-96F6-1753768C3CB5}" = ESSPCD
"{159E5135-4BEA-52B7-8CDC-823F1ED6D8A5}" = CCC Help Spanish
"{177AF091-7854-4615-8327-AC7518F62782}" = VAIO Media plus
"{17DFE37C-064E-4834-AD8F-A4B2B4DF68F8}" = Adobe Photoshop Elements 8.0
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1873FFC1-FDCB-47E1-B7C7-F418211E3530}" = PMB VAIO Edition plug-in (VAIO Image Optimizer)
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{1C3DA126-D523-4089-BCCA-FA46FE34D6F8}" = Google Drive
"{20536917-E2DF-45D9-B41F-9AC0CAFFE48A}" = Media Gallery
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{265F0D95-A883-7162-0458-B78085B6B693}" = Catalyst Control Center Graphics Light
"{26A24AE4-039D-4CA4-87B4-2F83217017FF}" = Java 7 Update 17
"{2D03B6F8-DF36-4980-B7B6-5B93D5BA3A8F}" = essvatgt
"{2F9D63BE-A891-4E39-AFB3-7402D486800C}" = VAIO Hardware Diagnostics
"{339F9B4D-00CB-4C1C-BED8-EC86A9AB602A}" = PMB VAIO Edition Guide
"{35111E7A-03B9-25EC-F434-A1CD976907FC}" = CCC Help Chinese Traditional
"{36C5BBF0-E5BF-4DE1-B684-7E90B0C93FB5}" = VAIO Care
"{3DB5EA77-4A14-4EC9-8BFC-73BC848BDE73}" = Media Gallery
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{40A66DF6-22D3-44B5-A7D3-83B118A2C0DC}" = Norton Online Backup
"{427E8AD0-A4B1-D225-836E-CCB6068B490A}" = CCC Help French
"{42938595-0D83-404D-9F73-F8177FDD531A}" = ESScore
"{44D25B45-5C0E-2187-6739-E2FA0E8AFE1D}" = CCC Help Portuguese
"{4537EA4B-F603-4181-89FB-2953FC695AB1}" = netbrdg
"{4685A344-6718-4923-AA9D-158A0A2E1CFB}" = SmartSound Quicktracks for Premiere Elements 8.0
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4B9DA746-5AE1-4BA0-9087-BDB162242890}" = VAIO Media plus
"{4DCEA9C1-4D6E-41BF-A854-28CFA8B56DBF}" = PMB VAIO Edition plug-in (Click to Disc)
"{4E6DF745-C99E-909F-BCF0-B7C24A51E56E}" = CCC Help Japanese
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.3
"{52F9CDDA-26F6-4499-90E0-6DDDE6D2259C}" = VAIO Media plus
"{5316DFC9-CE99-4458-9AB3-E8726EDE0210}" = skin0001
"{5449FB4F-1802-4D5B-A6D8-087DB1142147}" = Realtek HDMI Audio Driver for ATI
"{547C9EB4-4CA6-402F-9D1B-8BD30DC71E44}" = VAIO Sample Contents
"{56589DFE-0C29-4DFE-8E42-887B771ECD23}" = ArcSoft Print Creations - Photo Book
"{5736590B-36C7-4881-5EBE-F9B390F00774}" = Catalyst Control Center Core Implementation
"{57B955CE-B5D3-495D-AF1B-FAEE0540BFEF}" = VAIO Data Restore Tool
"{586509F0-350D-48B5-B763-9CC2F8D96C4C}" = Windows Live Sync
"{596BED91-A1D8-4DF1-8CD1-1C777F7588AC}" = VAIO DVD Menu Data
"{5A92468F-3ED8-4F96-A9E1-4F176C80EC29}" = VAIO Quick Web Access
"{5DDAFB4B-C52E-468A-9E23-3B0CEEB671BF}" = VAIO-Support für Übertragungen
"{605A4E39-613C-4A12-B56F-DEFBE6757237}" = SHASTA
"{608D2A3C-6889-4C11-9B54-A42F45ACBFDB}" = fflink
"{61F569A3-1647-B6F4-08C8-40A011831827}" = CCC Help English
"{63EC2120-1742-4625-AA47-C6A8AEC9C64C}" = Apple Application Support
"{643EAE81-920C-4931-9F0B-4B343B225CA6}" = ESSBrwr
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{65B138AE-F636-4D4C-BA5D-A06E21E47C53}" = Remote-Tastatur mit PlayStation 3
"{693C08A7-9E76-43FF-B11E-9A58175474C4}" = kgckids
"{6A3F204B-323C-7E32-F890-A7308768728D}" = CCC Help Russian
"{6FA8BA2C-052B-4072-B8E2-2302C268BE9E}" = VAIO Movie Story Template Data
"{7002773F-2A53-E9F2-E161-DB3DDA0F05BE}" = CCC Help Hungarian
"{70991E0A-1108-437E-BA7D-085702C670C0}" = 
"{72042FA6-5609-489F-A8EA-3C2DD650F667}" = VAIO Control Center
"{734B6C6C-4740-476F-BB0C-F7AF469EDBB2}" = Remote Play with PlayStation 3
"{76DECE17-BCF5-9640-2854-3CA049834A40}" = CCC Help Chinese Standard
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7A63F0C4-6B2B-694C-ED72-D0670612BC29}" = CCC Help Swedish
"{7BB90344-0647-468E-925A-7F69F7983421}" = ArcSoft Magic-i Visual Effects 2
"{7C5B4583-7CBF-4289-B195-03B553959DEA}" = VoiceOver Kit
"{803E4FA5-A940-4420-B89D-A8BC2E160247}" = 
"{8211C280-5B02-4E7E-B55F-845A207249BA}" = VAIO Data Restore Tool
"{82F09B1C-F602-4552-9C40-5BD5F8EAF750}" = 
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{855DDD3C-131E-42A8-BCBD-F9581F80CACB}" = 
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{88001121-87E2-2104-F9F5-ECC15DFCA1E0}" = Catalyst Control Center Graphics Full Existing
"{8943CE61-53BD-475E-90E1-A580869E98A2}" = staticcr
"{8A502E38-29C9-49FA-BCFA-D727CA062589}" = ESSTOOLS
"{8A8664E1-84C8-4936-891C-BC1F07797549}" = kgcvday
"{8D1E61D1-1395-4E97-997F-D002DB3A5074}" = OpenOffice.org 3.2
"{8DE50158-80AA-4FF2-9E9F-0A7C46F71FCD}" = VAIO Media plus
"{8E92D746-CD9F-4B90-9668-42B74C14F765}" = ESSini
"{8EB34C0B-AF54-F265-844C-3E6FA9AE2FCD}" = CCC Help German
"{91517631-A9F3-4B7C-B482-43E0068FD55A}" = ESSgui
"{9238E8A4-BEBA-43A3-B926-769BDBF194C5}" = VAIO Media plus Opening Movie
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{9591C049-5CAE-4E89-A8D9-191F1899628B}" = ArcSoft Print Creations - Funhouse
"{999D43F4-9709-4887-9B1A-83EBB15A8370}" = VPRINTOL
"{9BD54685-1496-46A5-AB62-357CD140ED8B}" = kgcinvt
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C73041C-AB71-995D-EEC7-B4E940F93F36}" = CCC Help Finnish
"{9D12A8B5-9D41-4465-BF11-70719EB0CD02}" = VU5x86
"{9FF95DA2-7DA1-4228-93B7-DED7EC02B6B2}" = VAIO Update
"{A0E583D1-23F7-4C35-9620-B169D7715E4B}" = Adobe Premiere Elements 8.0
"{A1588373-1D86-4D44-86C9-78ABD190F9CC}" = kgcmove
"{A20548C1-4B08-C41D-A3A8-FE8C933C2A00}" = Catalyst Control Center InstallProxy
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A7C30414-2382-4086-B0D6-01A88ABA21C3}" = VAIO Gate
"{A7DA438C-2E43-4C20-BFDA-C1F4A6208558}" = 
"{A8D53A4E-77A1-E23E-A396-6D9C86A2F273}" = Catalyst Control Center Graphics Full New
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1031-7B44-A94000000001}" = Adobe Reader 9.4.5 - Deutsch
"{AE1FA02D-E6A4-4EA0-8E58-6483CAC016DD}" = ESSCDBK
"{B0D83FCD-9D42-43ED-8315-250326AADA02}" = ArcSoft Print Creations - Scrapbook
"{B162D0A6-9A1D-4B7C-91A5-88FB48113C45}" = OfotoXMI
"{B25563A0-41F4-4A81-A6C1-6DBC0911B1F3}" = PMB VAIO Edition plug-in (VAIO Movie Story)
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B4B44FE7-41FF-4DAD-8C0A-E406DDA72992}" = CCScore
"{B6A98E5F-D6A7-46FB-9E9D-1F7BF443491C}" = PMB
"{B7546697-2A80-4256-A24B-1C33163F535B}" = VAIO Gate Default
"{B941F34C-F36A-4A6F-A97C-50B5948E451F}" = VAIO Media plus
"{BFF37C6E-D735-4487-390C-271E030AA62C}" = CCC Help Italian
"{C2E171F6-9B58-4CE1-7B8B-B69FA04EBAB8}" = Catalyst Control Center Graphics Previews Vista
"{C459D829-0FF0-C210-B2BF-83DB63FC1D61}" = CCC Help Korean
"{C5529BC1-C2BF-44E8-B62A-01913D70081C}" = Catalyst Control Center - Branding
"{C6E893E7-E5EA-4CD5-917C-5443E753FCBD}" = VAIO-Handbuch
"{C7477742-DDB4-43E5-AC8D-0259E1E661B1}" = 
"{C83B7CBB-C736-BF46-9832-7A9D07E9D94C}" = CCC Help Polish
"{CA9ED5E4-1548-485B-A293-417840060158}" = ArcSoft Print Creations - Photo Calendar
"{CAE8A0F1-B498-4C23-95FA-55047E730C8F}" = ArcSoft Print Creations
"{CFB66DB0-00AC-4CBC-B99D-99EFEB03743C}" = PMB VAIO Edition plug-in (Click to Disc)
"{D2D23D08-D10E-43D6-883C-78E0B2AC9CC6}" = VU5x86
"{D32470A1-B10C-4059-BA53-CF0486F68EBC}" = Kodak EasyShare Software
"{D4936AAF-FFD0-44A1-A7EA-A2DB41CEB5BC}" = iPod for Windows 2005-09-23
"{D49989B0-7BC2-F7F1-8017-3257F617347A}" = Catalyst Control Center Graphics Previews Common
"{D6C630BF-8DBB-4042-8562-DC9A52CB6E7E}" = Intel(R) Turbo Boost Technology Driver
"{D6DEC295-88A0-5CFA-0B29-C8FDF091FFD3}" = CCC Help Dutch
"{D8FF4505-5977-4116-8DE4-2AF7174E70AC}" = Media Gallery
"{DB02F716-6275-42E9-B8D2-83BA2BF5100B}" = SFR
"{DD88F979-FA58-41AC-980C-A6E1A82B61D9}" = VAIO - Media Gallery
"{DE8AAC73-6D8D-483E-96EA-CAEDDADB9079}" = ArcSoft WebCam Companion 3
"{DF693121-40C0-3020-D655-612E51616423}" = CCC Help Danish
"{E18B549C-5D15-45DA-8D8F-8FD2BD946344}" = kgcbaby
"{E6B4117F-AC59-4B13-9274-EB136E8897EE}" = ArcSoft Print Creations - Album Page
"{EBDDC3CC-343A-C0DD-79BA-8A12D0A2CA10}" = CCC Help Turkish
"{ECF0D151-BCA0-8E6D-62DB-5D44DB4A3836}" = CCC Help Thai
"{F04F9557-81A9-4293-BC49-2C216FA325A7}" = ArcSoft Print Creations - Greeting Card
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F1B95046-E9DA-CFEC-42A8-C8224646AA32}" = ccc-core-static
"{F30FE437-0E45-D409-F629-5D86960A6591}" = CCC Help Norwegian
"{F4A2E7CC-60CA-4AFA-B67F-AD5E58173C3F}" = SKINXSDK
"{F5CC9A13-6C57-4948-75A8-3A2C92A3183B}" = Catalyst Control Center Localization All
"{F67C14C0-D73E-C55B-E132-B1904A1A709C}" = CCC Help Greek
"{F761359C-9CED-45AE-9A51-9D6605CD55C4}" = Evernote
"{F7E8DD1D-9BFD-38BB-86A5-BEF313B00C51}" = Catalyst Control Center InstallProxy
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center
"{F9593CFB-D836-49BC-BFF1-0E669A411D9F}" = WIRELESS
"{FB77DB0C-6951-47B6-9D80-A0FDBEE0334C}" = 
"{FBB4411F-1328-4E36-A5B3-16AA8CFA8F9C}" = PMB VAIO Edition plug-in (VAIO Movie Story)
"{FCDB1C92-03C6-4C76-8625-371224256091}" = ESSPDock
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Photoshop Elements 8.0" = Adobe Photoshop Elements 8.0
"avast" = avast! Free Antivirus
"Avira AntiVir Desktop" = Avira Free Antivirus
"Delta Chrome Toolbar" = Delta Chrome Toolbar
"DMUninstaller" = DMUninstaller
"eSafeSecControl" = eSafe Security Control 1.0.0.2359
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.4.7
"Free Audio Dub_is1" = Free Audio Dub version 1.7.7
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.11.32.918
"Google Chrome" = Google Chrome
"InstallShield_{1873FFC1-FDCB-47E1-B7C7-F418211E3530}" = VAIO - PMB VAIO Edition plug-in (VAIO Image Optimizer)
"InstallShield_{339F9B4D-00CB-4C1C-BED8-EC86A9AB602A}" = VAIO - PMB VAIO Edition Guide
"InstallShield_{4685A344-6718-4923-AA9D-158A0A2E1CFB}" = SmartSound Quicktracks for Premiere Elements 8.0
"InstallShield_{4DCEA9C1-4D6E-41BF-A854-28CFA8B56DBF}" = VAIO - PMB VAIO Edition plug-in (Click to Disc)
"InstallShield_{6FA8BA2C-052B-4072-B8E2-2302C268BE9E}" = VAIO Movie Story Template Data
"InstallShield_{B25563A0-41F4-4A81-A6C1-6DBC0911B1F3}" = VAIO - PMB VAIO Edition plug-in (VAIO Movie Story)
"InstallShield_{D4936AAF-FFD0-44A1-A7EA-A2DB41CEB5BC}" = iPod for Windows 2005-09-23
"IrfanView" = IrfanView (remove only)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.75.0.1300
"Mozilla Firefox (3.6.13)" = Mozilla Firefox (3.6.13)
"PremElem80" = Adobe Premiere Elements 8.0
"singalong@xenophesoft.com" = Sing Along
"splashtop" = VAIO Quick Web Access
"Uninstall_is1" = Uninstall 1.0.0.1
"VAIO Help and Support" = 
"VAIO screensaver" = VAIO screensaver
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{79A765E1-C399-405B-85AF-466F52E918B0}" = Ask Toolbar Updater
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 02.02.2012 08:04:20 | Computer Name = Violet-VAIO | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files
 (x86)\spybot - search & destroy\DelZip179.dll". Fehler in Manifest- oder Richtliniendatei
 "c:\program files (x86)\spybot - search & destroy\DelZip179.dll" in Zeile 8.  Der
 Wert "*" des "language"-Attributs im assemblyIdentity-Element ist ungültig.
 
Error - 02.02.2012 08:04:35 | Computer Name = Violet-VAIO | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files
 (x86)\spybot - search & destroy\DelZip179.dll". Fehler in Manifest- oder Richtliniendatei
 "c:\program files (x86)\spybot - search & destroy\DelZip179.dll" in Zeile 8.  Der
 Wert "*" des "language"-Attributs im assemblyIdentity-Element ist ungültig.
 
Error - 02.02.2012 08:04:35 | Computer Name = Violet-VAIO | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files
 (x86)\spybot - search & destroy\DelZip179.dll". Fehler in Manifest- oder Richtliniendatei
 "c:\program files (x86)\spybot - search & destroy\DelZip179.dll" in Zeile 8.  Der
 Wert "*" des "language"-Attributs im assemblyIdentity-Element ist ungültig.
 
Error - 05.02.2012 09:53:41 | Computer Name = Violet-VAIO | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\Program Files
 (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Fehler in Manifest- oder
 Richtliniendatei "c:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe
 AIR.dll" in Zeile 3.  Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR"
 des "version"-Attributs im assemblyIdentity-Element ist ungültig.
 
Error - 26.02.2012 08:39:42 | Computer Name = Violet-VAIO | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\Program Files
 (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Fehler in Manifest- oder
 Richtliniendatei "c:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe
 AIR.dll" in Zeile 3.  Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR"
 des "version"-Attributs im assemblyIdentity-Element ist ungültig.
 
Error - 26.02.2012 08:42:54 | Computer Name = Violet-VAIO | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files
 (x86)\spybot - search & destroy\DelZip179.dll". Fehler in Manifest- oder Richtliniendatei
 "c:\program files (x86)\spybot - search & destroy\DelZip179.dll" in Zeile 8.  Der
 Wert "*" des "language"-Attributs im assemblyIdentity-Element ist ungültig.
 
Error - 06.04.2012 07:52:52 | Computer Name = Violet-VAIO | Source = Microsoft-Windows-RestartManager | ID = 10006
Description = Die Anwendung oder der Dienst "Avira Planer" konnte nicht heruntergefahren
 werden.
 
Error - 06.04.2012 07:52:52 | Computer Name = Violet-VAIO | Source = Microsoft-Windows-RestartManager | ID = 10006
Description = Die Anwendung oder der Dienst "Avira Echtzeit Scanner" konnte nicht
 heruntergefahren werden.
 
Error - 13.04.2012 06:42:25 | Computer Name = Violet-VAIO | Source = Application Hang | ID = 1002
Description = Programm chrome.exe, Version 18.0.1025.152 kann nicht mehr unter Windows
 ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
 um nach weiteren Informationen zum Problem zu suchen.    Prozess-ID: 1730    Startzeit:
 01cd1959857d68ca    Endzeit: 10    Anwendungspfad: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

Berichts-ID:
 4d77617b-8555-11e1-a38c-c0cb38eb6db0  
 
Error - 17.04.2012 17:46:23 | Computer Name = Violet-VAIO | Source = Application Hang | ID = 1002
Description = Programm chrome.exe, Version 18.0.1025.162 kann nicht mehr unter Windows
 ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
 um nach weiteren Informationen zum Problem zu suchen.    Prozess-ID: 122c    Startzeit:
 01cd1cda7ec67f92    Endzeit: 11    Anwendungspfad: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

Berichts-ID:
 c3d711ea-88d6-11e1-a297-c0cb38eb6db0  
 
[ System Events ]
Error - 01.06.2013 08:31:36 | Computer Name = Violet-VAIO | Source = Service Control Manager | ID = 7031
Description = Der Dienst "NLA (Network Location Awareness)" wurde unerwartet beendet.
 Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 100 Millisekunden
 durchgeführt: Neustart des Diensts.
 
Error - 01.06.2013 08:31:36 | Computer Name = Violet-VAIO | Source = Service Control Manager | ID = 7031
Description = Der Dienst "Telefonie" wurde unerwartet beendet. Dies ist bereits 
1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 120000 Millisekunden durchgeführt:
 Neustart des Diensts.
 
Error - 01.06.2013 08:33:36 | Computer Name = Violet-VAIO | Source = Service Control Manager | ID = 7032
Description = Der Versuch des Dienststeuerungs-Managers, nach dem unerwarteten Beenden
 des Dienstes "DNS-Client" Korrekturmaßnahmen (Neustart des Diensts) durchzuführen,
 ist fehlgeschlagen. Fehler:   %%1056
 
Error - 01.06.2013 09:22:26 | Computer Name = Violet-VAIO | Source = Service Control Manager | ID = 7034
Description = Dienst "Desk 365 service" wurde unerwartet beendet. Dies ist bereits
 1 Mal passiert.
 
Error - 01.06.2013 10:55:54 | Computer Name = Violet-VAIO | Source = DCOM | ID = 10010
Description = 
 
Error - 02.06.2013 08:01:07 | Computer Name = Violet-VAIO | Source = DCOM | ID = 10005
Description = 
 
Error - 02.06.2013 08:01:07 | Computer Name = Violet-VAIO | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
 Windows Search erreicht.
 
Error - 02.06.2013 08:01:07 | Computer Name = Violet-VAIO | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Windows Search" wurde aufgrund folgenden Fehlers nicht
 gestartet:   %%1053
 
Error - 02.06.2013 08:02:42 | Computer Name = Violet-VAIO | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
 Intel(R) Rapid Storage Technology erreicht.
 
Error - 02.06.2013 08:02:42 | Computer Name = Violet-VAIO | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Intel(R) Rapid Storage Technology" wurde aufgrund folgenden
 Fehlers nicht gestartet:   %%1053
 
 
< End of report >
         
Ich hoffe, das war soweit alles richtig. Falls nicht, habt Geduld von mir, siehe hinterer Teil meines Usernnamens...

Sollte ich jetzt noch diesen GMER runterladen und scannen lassen?
Ich habe ein bißchen Schiss, auch wenn eure Anweisungen zum Glück ziemlich detailliert und vermeintlich idiotensicher sind.

Alt 02.06.2013, 14:07   #2
aharonov
/// TB-Ausbilder
 
Tuguu VAF-Player Malware eingefangen, seitdem Warnmeldungen (svchost) - Standard

Tuguu VAF-Player Malware eingefangen, seitdem Warnmeldungen (svchost)



Hallo luna_planlos und

Mein Name ist Leo und ich werde dich durch die Bereinigung deines Rechners begleiten.

Eins vorneweg: Ich kann dir keine Garantien geben, dass ich alles finden werde. Bei schwerwiegenden Infektionen ist ein Formatieren und Neuinstallieren meist der schnellere und immer der sicherere Weg.
Wenn du dich für eine Bereinigung entscheidest, dann sollten wir gründlich vorgehen. Bleib also dran, bis ich dir eindeutig mitteile, dass wir fertig sind.
Auch wenn die auffälligen Symptome schon früh verschwinden, bedeutet das nicht, dass dein Rechner dann schon sauber und sicher ist.

Hinweise zum Ablauf
  • Du bekommst von mir jeweils eine individuell auf dich abgestimmte schrittweise Anleitung.
    • Lese diese Anweisungen immer zuerst vollständig durch und frag bei Unklarheiten nach, bevor du beginnst.
    • Arbeite die Anleitungen dann sorgfältig und in der angegebenen Reihenfolge ab und poste deine Rückmeldungen und Logfiles erst zum Schluss gesammelt in einer Antwort.
    • Füge den Inhalt der Logfiles wenn immer möglich innerhalb von Code-Tags in deine Antwort ein.
    • Sollten Probleme auftauchen, dann brich an dieser Stelle ab und schildere sie so gut wie möglich.
  • Es ist wichtig für mich, dass sich der Zustand deines Systems nicht plötzlich unvorhersehbar ändert:
    • Lasse keine Scanner oder Tools ohne Aufforderung laufen. Lösche nichts auf eigene Faust.
    • Installiere oder deinstalliere während der Bereinigung keine Software.

Los geht's:

Zitat:
Sollte ich jetzt noch diesen GMER runterladen und scannen lassen?
Ja, lass bitte auch noch GMER nach der Anleitung scannen und poste das Log hier.
__________________

__________________

Alt 02.06.2013, 14:52   #3
luna_planlos
 
Tuguu VAF-Player Malware eingefangen, seitdem Warnmeldungen (svchost) - Standard

Tuguu VAF-Player Malware eingefangen, seitdem Warnmeldungen (svchost)



Hallo Leo,

danke für deine Antwort. Gmer ausgeführt, die Log-Textdatei ist aber um einiges zu groß zum einfügen oder anhängen (600 KB)...was mache ich in dem Fall?

(Als ich danach die Virenprogramme wieder einschalten wollte, ist mir beim Klick auf Malwarebytes übrigens alles abgestürzt...blauer Bildschirm, jede Menge Text, den ich so schnell unmöglich erfassen konnte... )
__________________

Alt 02.06.2013, 15:07   #4
aharonov
/// TB-Ausbilder
 
Tuguu VAF-Player Malware eingefangen, seitdem Warnmeldungen (svchost) - Standard

Tuguu VAF-Player Malware eingefangen, seitdem Warnmeldungen (svchost)



Hallo,

Zitat:
die Log-Textdatei ist aber um einiges zu groß zum einfügen oder anhängen (600 KB)...was mache ich in dem Fall?
Dann packe sie in ein zip-Archiv (Rechtsklick rauf -> Senden an -> zip-komprimierten Ordner) und hänge dieses hier an.
__________________
cheers,
Leo

Alt 02.06.2013, 15:12   #5
luna_planlos
 
Tuguu VAF-Player Malware eingefangen, seitdem Warnmeldungen (svchost) - Standard

Tuguu VAF-Player Malware eingefangen, seitdem Warnmeldungen (svchost)



Ok, hier kommt es als zip:


Alt 02.06.2013, 15:29   #6
aharonov
/// TB-Ausbilder
 
Tuguu VAF-Player Malware eingefangen, seitdem Warnmeldungen (svchost) - Standard

Tuguu VAF-Player Malware eingefangen, seitdem Warnmeldungen (svchost)



Also. Avira und avast sollten nicht beide zusammen laufen. Deinstalliere eines von beiden (ich würd avast behalten).


Schritt 1
  • Gehe zu Start --> Systemsteuerung und öffne Programme und Funktionen.
  • Suche und deinstalliere dort der Reihe nach folgende Einträge:
    • Ask Toolbar
    • Delta Chrome Toolbar
    • Sing Along
    • Ask Toolbar Updater
  • Schliesse das Fenster wieder und führe einen Neustart durch, wenn das gefordert wurde.



Schritt 2

Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).



Schritt 3

Starte bitte die OTL.exe.
  • Setze den Haken bei Scan all Users.
  • Drücke auf den Quick Scan Button.
  • Poste den Inhalt von OTL.txt hier in den Thread.



Bitte poste in deiner nächsten Antwort:
  • Log von AdwCleaner
  • Log von OTL
__________________
--> Tuguu VAF-Player Malware eingefangen, seitdem Warnmeldungen (svchost)

Alt 02.06.2013, 16:32   #7
luna_planlos
 
Tuguu VAF-Player Malware eingefangen, seitdem Warnmeldungen (svchost) - Standard

Tuguu VAF-Player Malware eingefangen, seitdem Warnmeldungen (svchost)



Okay, alles so weit befolgt. Habe jetzt erstmal Avast runtergeschmissen, weil mir Avira einfach vertrauter ist.

Die vier von dir aufgeführten Programme habe ich ebenfalls entfernt.

Hier nun die neuen Logs:

AdwCleaner:

Code:
ATTFilter
# AdwCleaner v2.301 - Datei am 02/06/2013 um 17:07:42 erstellt
# Aktualisiert am 16/05/2013 von Xplode
# Betriebssystem : Windows 7 Home Premium  (64 bits)
# Benutzer : Violet - VIOLET-VAIO
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Violet\Desktop\adwcleaner.exe
# Option [Löschen]


**** [Dienste] ****

Gestoppt & Gelöscht : eSafeSvc

***** [Dateien / Ordner] *****

Datei Gelöscht : C:\Program Files (x86)\Mozilla Firefox\.autoreg
Datei Gelöscht : C:\Users\Violet\AppData\Roaming\Mozilla\Firefox\Profiles\mfjb2jkt.default\bProtector_extensions.rdf
Datei Gelöscht : C:\Users\Violet\AppData\Roaming\Mozilla\Firefox\Profiles\mfjb2jkt.default\searchplugins\Askcom.xml
Datei Gelöscht : C:\Users\Violet\AppData\Roaming\Mozilla\Firefox\Profiles\mfjb2jkt.default\searchplugins\askcomsearch.xml
Datei Gelöscht : C:\Users\Violet\AppData\Roaming\Mozilla\Firefox\Profiles\mfjb2jkt.default\searchplugins\Babylon.xml
Ordner Gelöscht : C:\Program Files (x86)\Common Files\DVDVideoSoft\TB
Ordner Gelöscht : C:\ProgramData\Ask
Ordner Gelöscht : C:\ProgramData\eSafe
Ordner Gelöscht : C:\ProgramData\InstallMate
Ordner Gelöscht : C:\ProgramData\Partner
Ordner Gelöscht : C:\ProgramData\Premium
Ordner Gelöscht : C:\Users\Violet\AppData\Roaming\dvdvideosoftiehelpers
Ordner Gelöscht : C:\Users\Violet\AppData\Roaming\Mozilla\Firefox\Profiles\mfjb2jkt.default\Conduit
Ordner Gelöscht : C:\Users\Violet\AppData\Roaming\Mozilla\Firefox\Profiles\mfjb2jkt.default\CT2269050
Ordner Gelöscht : C:\Users\Violet\AppData\Roaming\Mozilla\Firefox\Profiles\mfjb2jkt.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}
Ordner Gelöscht : C:\Users\Violet\AppData\Roaming\Mozilla\Firefox\Profiles\mfjb2jkt.default\extensions\ffxtlbr@babylon.com
Ordner Gelöscht : C:\Users\Violet\AppData\Roaming\Mozilla\Firefox\Profiles\mfjb2jkt.default\extensions\info@allpremiumplay.info

***** [Registrierungsdatenbank] *****

Schlüssel Gelöscht : HKCU\Software\DataMngr
Schlüssel Gelöscht : HKCU\Software\DataMngr_Toolbar
Schlüssel Gelöscht : HKCU\Software\delta LTD
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0D56E386-F8C6-4FBC-9A7E-E8DA50072D26}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{0D56E386-F8C6-4FBC-9A7E-E8DA50072D26}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{6492E171-2427-4932-B414-33574A089F5E}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0D56E386-F8C6-4FBC-9A7E-E8DA50072D26}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{6492E171-2427-4932-B414-33574A089F5E}
Schlüssel Gelöscht : HKCU\Software\YahooPartnerToolbar
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\bhoclass.bho.bhoclass.bho
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\bhoclass.bho.bhoclass.bho.1.0
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Prod.cap
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{C2CF0D01-7657-48AA-98C9-AE5E64757FCC}
Schlüssel Gelöscht : HKLM\Software\DataMngr
Schlüssel Gelöscht : HKLM\Software\DeviceVM
Schlüssel Gelöscht : HKLM\Software\eSafeSecControl
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\5e2d9d9b33ee810
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{0D56E386-F8C6-4FBC-9A7E-E8DA50072D26}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{7D86A08B-0A8F-4BE0-B693-F05E6947E780}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{BBA74401-6D6F-4BBD-9F65-E8623814F3BB}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D2F39980-399F-492E-8D88-5FF7CCB3B47F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\eooncjejnppfjjklapaamhcdmjbilmde
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0D56E386-F8C6-4FBC-9A7E-E8DA50072D26}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\eSafeSecControl
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{BBA74401-6D6F-4BBD-9F65-E8623814F3BB}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D2F39980-399F-492E-8D88-5FF7CCB3B47F}
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]

***** [Internet Browser] *****

-\\ Internet Explorer v9.0.8112.16476

[OK] Die Registrierungsdatenbank ist sauber.

-\\ Mozilla Firefox v3.6.13 (de)

Datei : C:\Users\Violet\AppData\Roaming\Mozilla\Firefox\Profiles\mfjb2jkt.default\prefs.js

C:\Users\Violet\AppData\Roaming\Mozilla\Firefox\Profiles\mfjb2jkt.default\user.js ... Gelöscht !

Gelöscht : user_pref("browser.search.defaulturl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&Sea[...]
Gelöscht : user_pref("CommunityToolbar.alert.alertInfoInterval", 60);
Gelöscht : user_pref("CommunityToolbar.alert.alertInfoLastCheckTime", "Sat Jun 01 2013 14:24:04 GMT+0200");
Gelöscht : user_pref("CommunityToolbar.alert.clientsServerUrl", "hxxp://alert.client.conduit.com");
Gelöscht : user_pref("CommunityToolbar.alert.firstTimeAlertShown", true);
Gelöscht : user_pref("CommunityToolbar.alert.locale", "en");
Gelöscht : user_pref("CommunityToolbar.alert.loginIntervalMin", 1440);
Gelöscht : user_pref("CommunityToolbar.alert.loginLastCheckTime", "Sat Jun 01 2013 14:24:04 GMT+0200");
Gelöscht : user_pref("CommunityToolbar.alert.loginLastUpdateTime", "1313487611");
Gelöscht : user_pref("CommunityToolbar.alert.messageShowTimeSec", 20);
Gelöscht : user_pref("CommunityToolbar.alert.servicesServerUrl", "hxxp://alert.services.conduit.com");
Gelöscht : user_pref("CommunityToolbar.alert.showTrayIcon", false);
Gelöscht : user_pref("CommunityToolbar.alert.userCloseIntervalMin", 300);
Gelöscht : user_pref("CommunityToolbar.alert.userId", "{ea9bf5e2-a122-450b-b690-0a01907a1f10}");
Gelöscht : user_pref("CommunityToolbar.keywordURLSelectedCTID", "CT2269050");
Gelöscht : user_pref("CommunityToolbar.MiniIPageGadgetSize.hxxp://pgcff.pricegong.com/agreement/agree.html#pg_e[...]
Gelöscht : user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "chrome://browser-region/locale/region.pr[...]
Gelöscht : user_pref("CommunityToolbar.ToolbarsList", "CT2269050");
Gelöscht : user_pref("CommunityToolbar.ToolbarsList2", "CT2269050");
Gelöscht : user_pref("CT2269050.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
Gelöscht : user_pref("CT2269050.alertChannelId", "666138");
Gelöscht : user_pref("CT2269050.backendstorage./9b+7e+x305", "247E27413334363379453A3D2A722C797A7E7A3128333B474[...]
Gelöscht : user_pref("CT2269050.backendstorage./9b+7e,x305", "247E28412F3F3E3779453A3D2A722C797B787D3128333C474[...]
Gelöscht : user_pref("CT2269050.backendstorage./9b+7e-x305", "247E2936303C363679453A3D2A722C797A207B3128333D462[...]
Gelöscht : user_pref("CT2269050.backendstorage./9b+7e.:2z527", "247E70727330333D4634413E3C3E204B404330783223232[...]
Gelöscht : user_pref("CT2269050.backendstorage./9b+7e.x305", "247E2A4137374434337A463B3E2B732D7A7D7C213229343F5[...]
Gelöscht : user_pref("CT2269050.backendstorage./9b+7e/x305", "247E2B413536327844393C29712B787C7B773027323E4C434[...]
Gelöscht : user_pref("CT2269050.backendstorage./9b+7e06cg5el8:", "6E6D6B6D716F6D717772");
Gelöscht : user_pref("CT2269050.backendstorage./9b+7e06cg5el;8i:k", "247E2D2F226A74737173777573777D78242F4B4947[...]
Gelöscht : user_pref("CT2269050.backendstorage./9b+7e0x305", "247E2C403A407743383B28702A777C757D2F26313E4129554[...]
Gelöscht : user_pref("CT2269050.backendstorage./9b+7e1x305", "247E2D41313D403279453A3D2A722C7A77797E31283341473[...]
Gelöscht : user_pref("CT2269050.backendstorage./9b+7e2x305", "247E2E3542313D3D393A7B473C3F2C742E79207D322934435[...]
Gelöscht : user_pref("CT2269050.backendstorage./9b+7e3x305", "247E2F413F3B36333F47463F7D493E412E76307E222421352[...]
Gelöscht : user_pref("CT2269050.backendstorage./9b+7e4x305", "247E302C407642373A276F29777B74762E2530413E4F494A5[...]
Gelöscht : user_pref("CT2269050.backendstorage./9b+7e5x305", "247E3136422B7743383B28702A79757A772F2631434B3D495[...]
Gelöscht : user_pref("CT2269050.backendstorage./9b+7e6x305", "247E322C3E32323238453E7C483D402D752F7E7B2424342B3[...]
Gelöscht : user_pref("CT2269050.backendstorage./9b+7e7x305", "247E333D2C3F3E3F79453A3D2A722C7B7A797A31283347513[...]
Gelöscht : user_pref("CT2269050.backendstorage./9b+7e8x305", "247E343D3F3B35373B3F367C47472C742E7E7823322934495[...]
Gelöscht : user_pref("CT2269050.backendstorage./9b+7e9x305", "247E35332C3F327844393C29712B7B757979302732484C4F4[...]
Gelöscht : user_pref("CT2269050.backendstorage./9b+7e:x305", "247E36333B38327844393C29712B7B76797A3027324948554[...]
Gelöscht : user_pref("CT2269050.backendstorage./9b+7e;x305", "247E373F333F3738422F7B473C3F2C742E7E7A7A22332A354[...]
Gelöscht : user_pref("CT2269050.backendstorage./9b+7e<x305", "247E38343030442F463644377D493E412E7630217D2426352[...]
Gelöscht : user_pref("CT2269050.backendstorage./9b+7e=x305", "247E3933363F41413739357C483D402D752F207E2022342B3[...]
Gelöscht : user_pref("CT2269050.backendstorage./9b+7e>x305", "247E3A41363F323238387B473C3F2C742E7E20217C332A355[...]
Gelöscht : user_pref("CT2269050.backendstorage./9b+7e?x305", "247E3B2D2F2F334134403A3A7D494C2D752F2023207E342B3[...]
Gelöscht : user_pref("CT2269050.backendstorage./9b+7e@x305", "247E3C40422B7743383B28702A7B767E782F26314E52543D2[...]
Gelöscht : user_pref("CT2269050.backendstorage./9b+7eax305", "247E3D3D37387743383B28702A7B7A757E2F26314F4F544A5[...]
Gelöscht : user_pref("CT2269050.backendstorage./9b+7ebe3g=;d9n9=d", "372C2D326975762E3A3C7B3A39434A494841434B26[...]
Gelöscht : user_pref("CT2269050.backendstorage./9b+7ebx305", "247E3E393141303D33454036327E4A3F422F77317B7D23352[...]
Gelöscht : user_pref("CT2269050.backendstorage./9b+7ecx305", "247E3F3D303043312E7A463B3E2B732D7B207E31283353515[...]
Gelöscht : user_pref("CT2269050.backendstorage./9b+7edx305", "247E4035422A363879453A3D2A722C7D202F26315247543C4[...]
Gelöscht : user_pref("CT2269050.backendstorage./9b+7etx305", "247E6E2F2E3B323342357B44392B732D7A7B7B7C322934235[...]
Gelöscht : user_pref("CT2269050.backendstorage./9b-0?3g>d", "6F6B686E404041437A47447972204A7D4A7B254D50534F2A28[...]
Gelöscht : user_pref("CT2269050.backendstorage./9b-0?3g@6:5;", "");
Gelöscht : user_pref("CT2269050.backendstorage./9b-0?3gfa7ef", "2B2E2C3D");
Gelöscht : user_pref("CT2269050.backendstorage./9b-3=3eccja=f>", "247E333D2C452F4135276F292A212C393D44307832332[...]
Gelöscht : user_pref("CT2269050.backendstorage./9b/>01=9a6k6<im;krie@pdawm", "6A696B7273747576");
Gelöscht : user_pref("CT2269050.backendstorage./9b3=>@44i48?", "372C2D326975763342363341484775213F3E484F4E4D464[...]
Gelöscht : user_pref("CT2269050.backendstorage./9b5ba==9cjag", "3C3F6F3E6C3E44427A74437476487D777C787D4C7C");
Gelöscht : user_pref("CT2269050.backendstorage./9b6b11g4c56b>f;p;anr@p", "6E6D6B6D716F6D726E70727978");
Gelöscht : user_pref("CT2269050.backendstorage./9b9643g3/9e", "6A");
Gelöscht : user_pref("CT2269050.backendstorage./9b;45>:bi9i7ie", "2B2E2C3D");
Gelöscht : user_pref("CT2269050.backendstorage./9b<:222h64<", "393F352F3E");
Gelöscht : user_pref("CT2269050.backendstorage./9b=+03eh8h8j?:", "4443");
Gelöscht : user_pref("CT2269050.backendstorage./9b?+e2a52d8", "372C2D326975762E3A3C7B3A39434A494841434B26514649[...]
Gelöscht : user_pref("CT2269050.backendstorage./9b?b0d:8aj62<h", "6D");
Gelöscht : user_pref("CT2269050.backendstorage./9ba@0<0bi6a7gn:6@l?", "6E6B");
Gelöscht : user_pref("CT2269050.backendstorage.cbfirsttime", "4672692046656220303820323031332031393A34393A30362[...]
Gelöscht : user_pref("CT2269050.backendstorage.hxxp://storage_conduit_com/marketplace/83/6d/8399d181-be98-42f2-[...]
Gelöscht : user_pref("CT2269050.backendstorage.mam_gk_appsdata", "7B2261707073223A5B7B226964223A225072696365476[...]
Gelöscht : user_pref("CT2269050.backendstorage.mam_gk_appsdefaultenabled", "74727565");
Gelöscht : user_pref("CT2269050.backendstorage.mam_gk_appstate_couponbuddy", "6F6E");
Gelöscht : user_pref("CT2269050.backendstorage.mam_gk_appstate_easytobook_targeted", "6F6E");
Gelöscht : user_pref("CT2269050.backendstorage.mam_gk_appstate_pricegong", "6F6E");
Gelöscht : user_pref("CT2269050.backendstorage.mam_gk_appstate_windowshopper", "6F6E");
Gelöscht : user_pref("CT2269050.backendstorage.mam_gk_appstatereporttime", "31333730303839343535303035");
Gelöscht : user_pref("CT2269050.backendstorage.mam_gk_configuration", "7B22636F6E66696775726174696F6E223A5B7B22[...]
Gelöscht : user_pref("CT2269050.backendstorage.mam_gk_currentversion", "312E362E302E31");
Gelöscht : user_pref("CT2269050.backendstorage.mam_gk_first_time", "31");
Gelöscht : user_pref("CT2269050.backendstorage.mam_gk_lastlogintime", "31333730303839343532393135");
Gelöscht : user_pref("CT2269050.backendstorage.mam_gk_localization", "7B22676164676574436F6E74656E74506F6C69637[...]
Gelöscht : user_pref("CT2269050.backendstorage.mam_gk_settings1.6.0.1", "7B22537461747573223A227375636365656465[...]
Gelöscht : user_pref("CT2269050.backendstorage.mam_gk_showclosebutton", "74727565");
Gelöscht : user_pref("CT2269050.backendstorage.mam_gk_showwelcomegadget", "66616C7365");
Gelöscht : user_pref("CT2269050.backendstorage.mam_gk_userid", "33333130646530612D366634322D343562612D383532632[...]
Gelöscht : user_pref("CT2269050.backendstorage.pg_enable", "74727565");
Gelöscht : user_pref("CT2269050.backendstorage.searchappstate", "32");
Gelöscht : user_pref("CT2269050.backendstorage.searchapptracking", "73656E74");
Gelöscht : user_pref("CT2269050.backendstorage.sf_just_installed", "46414C5345");
Gelöscht : user_pref("CT2269050.backendstorage.sf_status", "454E41424C4544");
Gelöscht : user_pref("CT2269050.backendstorage.shoppingapp.gk.exipres", "546875204E6F7620303820323031322031353A[...]
Gelöscht : user_pref("CT2269050.backendstorage.shoppingapp.gk.geolocation", "6765726D616E79");
Gelöscht : user_pref("CT2269050.clientLogIsEnabled", false);
Gelöscht : user_pref("CT2269050.clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.asm[...]
Gelöscht : user_pref("CT2269050.CTID", "CT2269050");
Gelöscht : user_pref("CT2269050.CurrentServerDate", "1-6-2013");
Gelöscht : user_pref("CT2269050.DialogsAlignMode", "LTR");
Gelöscht : user_pref("CT2269050.DownloadReferralCookieData", "");
Gelöscht : user_pref("CT2269050.EMailNotifierPollDate", "Sat Jun 01 2013 14:24:04 GMT+0200");
Gelöscht : user_pref("CT2269050.FirstServerDate", "27-3-2011");
Gelöscht : user_pref("CT2269050.FirstTime", true);
Gelöscht : user_pref("CT2269050.FirstTimeFF3", true);
Gelöscht : user_pref("CT2269050.FirstTimeSettingsDone", true);
Gelöscht : user_pref("CT2269050.FixPageNotFoundErrors", true);
Gelöscht : user_pref("CT2269050.GroupingServerCheckInterval", 1440);
Gelöscht : user_pref("CT2269050.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
Gelöscht : user_pref("CT2269050.Initialize", true);
Gelöscht : user_pref("CT2269050.InitializeCommonPrefs", true);
Gelöscht : user_pref("CT2269050.InstallationAndCookieDataSentCount", 3);
Gelöscht : user_pref("CT2269050.InstallationType", "UnknownIntegration");
Gelöscht : user_pref("CT2269050.InstalledDate", "Sun Mar 27 2011 14:55:55 GMT+0200");
Gelöscht : user_pref("CT2269050.InvalidateCache", false);
Gelöscht : user_pref("CT2269050.IsGrouping", false);
Gelöscht : user_pref("CT2269050.IsMulticommunity", false);
Gelöscht : user_pref("CT2269050.IsOpenThankYouPage", false);
Gelöscht : user_pref("CT2269050.IsOpenUninstallPage", false);
Gelöscht : user_pref("CT2269050.LanguagePackLastCheckTime", "Sat Jun 01 2013 14:24:06 GMT+0200");
Gelöscht : user_pref("CT2269050.LanguagePackReloadIntervalMM", 1440);
Gelöscht : user_pref("CT2269050.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx[...]
Gelöscht : user_pref("CT2269050.LastLogin_2.7.2.0", "Sat Jun 01 2013 14:24:05 GMT+0200");
Gelöscht : user_pref("CT2269050.LatestVersion", "2.7.2.0");
Gelöscht : user_pref("CT2269050.Locale", "en");
Gelöscht : user_pref("CT2269050.LoginCache", 4);
Gelöscht : user_pref("CT2269050.MCDetectTooltipHeight", "83");
Gelöscht : user_pref("CT2269050.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
Gelöscht : user_pref("CT2269050.MCDetectTooltipWidth", "295");
Gelöscht : user_pref("CT2269050.myStuffEnabled", true);
Gelöscht : user_pref("CT2269050.myStuffPublihserMinWidth", 400);
Gelöscht : user_pref("CT2269050.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOr[...]
Gelöscht : user_pref("CT2269050.myStuffServiceIntervalMM", 1440);
Gelöscht : user_pref("CT2269050.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?Co[...]
Gelöscht : user_pref("CT2269050.RadioIsPodcast", false);
Gelöscht : user_pref("CT2269050.RadioLastCheckTime", "Sat Jun 01 2013 14:24:05 GMT+0200");
Gelöscht : user_pref("CT2269050.RadioLastUpdateIPServer", "3");
Gelöscht : user_pref("CT2269050.RadioLastUpdateServer", "129132338014870000");
Gelöscht : user_pref("CT2269050.RadioMediaID", "12473383");
Gelöscht : user_pref("CT2269050.RadioMediaType", "Media Player");
Gelöscht : user_pref("CT2269050.RadioMenuSelectedID", "EBRadioMenu_CT226905012473383");
Gelöscht : user_pref("CT2269050.RadioStationName", "Hotmix%20108");
Gelöscht : user_pref("CT2269050.RadioStationURL", "hxxp://67.202.67.18:8082");
Gelöscht : user_pref("CT2269050.SavedHomepage", "resource:/browserconfig.properties");
Gelöscht : user_pref("CT2269050.SearchEngine", "Search||hxxp://search.conduit.com/Results.aspx?q=UCM_SEARCH_TER[...]
Gelöscht : user_pref("CT2269050.SearchFromAddressBarIsInit", true);
Gelöscht : user_pref("CT2269050.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT226[...]
Gelöscht : user_pref("CT2269050.SearchInNewTabEnabled", true);
Gelöscht : user_pref("CT2269050.SearchInNewTabIntervalMM", 1440);
Gelöscht : user_pref("CT2269050.SearchInNewTabLastCheckTime", "Sat Jun 01 2013 14:24:04 GMT+0200");
Gelöscht : user_pref("CT2269050.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_T[...]
Gelöscht : user_pref("CT2269050.SearchInNewTabUsageUrl", "hxxp://usage.hosting.toolbar.conduit-services.com/usa[...]
Gelöscht : user_pref("CT2269050.SettingsCheckIntervalMin", 120);
Gelöscht : user_pref("CT2269050.SettingsLastCheckTime", "Sat Jun 01 2013 14:24:04 GMT+0200");
Gelöscht : user_pref("CT2269050.SettingsLastUpdate", "1370074324");
Gelöscht : user_pref("CT2269050.ThirdPartyComponentsInterval", 504);
Gelöscht : user_pref("CT2269050.ThirdPartyComponentsLastCheck", "Sat Jun 01 2013 14:24:04 GMT+0200");
Gelöscht : user_pref("CT2269050.ThirdPartyComponentsLastUpdate", "1331805997");
Gelöscht : user_pref("CT2269050.TrusteLinkUrl", "hxxp://trust.conduit.com/EB_ORIGINAL_CTID");
Gelöscht : user_pref("CT2269050.uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Reg[...]
Gelöscht : user_pref("CT2269050.UserID", "UN44565083859441485");
Gelöscht : user_pref("CT2269050.ValidationData_Toolbar", 2);
Gelöscht : user_pref("CT2269050.WeatherNetwork", "");
Gelöscht : user_pref("CT2269050.WeatherPollDate", "Sat Jun 01 2013 14:24:05 GMT+0200");
Gelöscht : user_pref("CT2269050.WeatherUnit", "C");
Gelöscht : user_pref("extensions.delta.admin", false);
Gelöscht : user_pref("extensions.delta.aflt", "babsst");
Gelöscht : user_pref("extensions.delta.appId", "{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}");
Gelöscht : user_pref("extensions.delta.autoRvrt", "false");
Gelöscht : user_pref("extensions.delta.dfltLng", "en");
Gelöscht : user_pref("extensions.delta.excTlbr", false);
Gelöscht : user_pref("extensions.delta.ffxUnstlRst", true);
Gelöscht : user_pref("extensions.delta.id", "5470724a0000000000004a0f6edbe238");
Gelöscht : user_pref("extensions.delta.instlDay", "15857");
Gelöscht : user_pref("extensions.delta.instlRef", "sst");
Gelöscht : user_pref("extensions.delta.lastVrsnTs", "1.8.21.514:29:26");
Gelöscht : user_pref("extensions.delta.newTab", false);
Gelöscht : user_pref("extensions.delta.prdct", "delta");
Gelöscht : user_pref("extensions.delta.prtnrId", "delta");
Gelöscht : user_pref("extensions.delta.rvrt", "false");
Gelöscht : user_pref("extensions.delta.smplGrp", "none");
Gelöscht : user_pref("extensions.delta.tlbrId", "base");
Gelöscht : user_pref("extensions.delta.tlbrSrchUrl", "");
Gelöscht : user_pref("extensions.delta.vrsn", "1.8.21.5");
Gelöscht : user_pref("extensions.delta.vrsni", "1.8.21.5");
Gelöscht : user_pref("extensions.delta.vrsnTs", "1.8.21.514:29:26");
Gelöscht : user_pref("extensions.delta_i.babExt", "");
Gelöscht : user_pref("extensions.delta_i.babTrack", "affID=120519&tt=gc_");
Gelöscht : user_pref("extensions.delta_i.srcExt", "ss");
Gelöscht : user_pref("extensions.nurit5562nurit235.scode", "(function(){try{if('aol.com,mail.google.com,premium[...]

-\\ Google Chrome v27.0.1453.94

Datei : C:\Users\Violet\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] Die Datei ist sauber.

*************************

AdwCleaner[S1].txt - [21504 octets] - [02/06/2013 17:07:42]

########## EOF - C:\AdwCleaner[S1].txt - [21565 octets] ##########
         

OTL im Anhang!

Geändert von luna_planlos (02.06.2013 um 16:34 Uhr) Grund: Anhang vergessen

Alt 02.06.2013, 16:33   #8
aharonov
/// TB-Ausbilder
 
Tuguu VAF-Player Malware eingefangen, seitdem Warnmeldungen (svchost) - Standard

Tuguu VAF-Player Malware eingefangen, seitdem Warnmeldungen (svchost)



Zitat:
OTL im Anhang!
(Die Logfiles bitte nicht anhängen (das erschwert mir das Auswerten massiv), sondern deren Inhalt direkt innerhalb von Codetags einfügen: [code]Inhalt Logfile[/code].)
__________________
cheers,
Leo

Geändert von aharonov (02.06.2013 um 16:42 Uhr)

Alt 02.06.2013, 16:36   #9
luna_planlos
 
Tuguu VAF-Player Malware eingefangen, seitdem Warnmeldungen (svchost) - Standard

Tuguu VAF-Player Malware eingefangen, seitdem Warnmeldungen (svchost)



Sorry, ich dachte, es wäre zu groß zum direkt reinsetzen...ich probiere es nochmal:

Code:
ATTFilter
OTL logfile created on: 02.06.2013 17:12:43 - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Violet\Desktop
64bit- Home Premium Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,86 Gb Total Physical Memory | 2,40 Gb Available Physical Memory | 62,24% Memory free
7,71 Gb Paging File | 5,98 Gb Available in Paging File | 77,51% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 452,32 Gb Total Space | 390,63 Gb Free Space | 86,36% Space Free | Partition Type: NTFS
 
Computer Name: VIOLET-VAIO | User Name: Violet | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013.06.02 14:09:43 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Violet\Desktop\OTL (1).exe
PRC - [2013.05.07 16:32:56 | 000,345,312 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2013.04.04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2013.04.04 14:50:32 | 000,532,040 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2013.04.04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2013.04.04 14:23:35 | 000,086,752 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2013.04.04 14:22:51 | 000,110,816 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2010.10.27 20:17:52 | 000,207,424 | ---- | M] (ArcSoft Inc.) -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
PRC - [2010.08.25 12:27:44 | 000,309,824 | ---- | M] (ArcSoft Inc.) -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
PRC - [2010.06.08 23:55:16 | 000,013,600 | ---- | M] (Broadcom Corporation.) -- C:\Programme\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe
PRC - [2010.06.01 03:01:56 | 000,367,456 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe
PRC - [2010.06.01 03:01:54 | 000,600,928 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe
PRC - [2010.05.31 19:18:32 | 000,217,968 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe
PRC - [2010.05.31 19:18:32 | 000,120,176 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe
PRC - [2010.05.31 17:01:52 | 000,673,136 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe
PRC - [2010.05.28 22:02:38 | 000,268,824 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
PRC - [2010.05.21 00:59:30 | 011,312,128 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
PRC - [2010.05.21 00:59:28 | 011,318,784 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
PRC - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
PRC - [2010.03.18 12:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
PRC - [2010.03.04 05:16:06 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2010.03.04 05:16:04 | 000,284,696 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
PRC - [2010.01.27 10:40:58 | 000,323,584 | ---- | M] (Eastman Kodak Company) -- C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\EasyShare.exe
PRC - [2009.03.05 17:07:20 | 002,260,480 | RHS- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2009.01.26 16:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
PRC - [2008.09.18 10:59:10 | 000,104,960 | ---- | M] (ArcSoft, Inc.) -- C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2013.02.16 21:07:37 | 012,433,920 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\05682429807d34d6ff05a77ea153935f\System.Windows.Forms.ni.dll
MOD - [2013.01.12 21:44:04 | 000,452,608 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\dd2d0cf72eac6e5b113a0059aeb3cab5\IAStorUtil.ni.dll
MOD - [2013.01.12 21:12:13 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\01b47a246b4ec7bfec31bf4503aceda1\System.Runtime.Remoting.ni.dll
MOD - [2013.01.12 21:11:05 | 001,592,832 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\e2ee5d77ebe0bd025e7a7a317a43d677\System.Drawing.ni.dll
MOD - [2013.01.12 21:10:15 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\10aba2c167cc1119b80159fd9ac71ca8\System.Xml.ni.dll
MOD - [2013.01.12 21:10:05 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\96a3b737db1e72adaf32d2b350e50c23\System.Configuration.ni.dll
MOD - [2013.01.12 21:09:52 | 007,974,400 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\c54750e64ba10d0fb7b6a636fb3695ca\System.ni.dll
MOD - [2013.01.12 21:08:38 | 011,490,816 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\b0b8554c05f194f546a8ed531320760b\mscorlib.ni.dll
MOD - [2012.08.27 21:33:32 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2012.08.27 21:33:08 | 001,242,512 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2010.12.15 23:02:05 | 002,236,416 | ---- | M] () -- C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\SkinuxCmpV.dll
MOD - [2010.12.15 23:02:05 | 001,396,736 | ---- | M] () -- C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\SkinuxCommonV.dll
MOD - [2010.12.15 23:02:05 | 000,868,352 | ---- | M] () -- C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\SkinuxBaseV.dll
MOD - [2010.12.15 23:02:05 | 000,847,872 | ---- | M] () -- C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\SkinuxXML2V.dll
MOD - [2010.12.15 23:02:05 | 000,782,336 | ---- | M] () -- C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\SkinuxImV.dll
MOD - [2010.12.15 23:02:05 | 000,688,128 | ---- | M] () -- C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\VPrintOnline.dll
MOD - [2010.12.15 23:02:05 | 000,688,128 | ---- | M] () -- C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\LocVistaControls.dll
MOD - [2010.12.15 23:02:05 | 000,528,384 | ---- | M] () -- C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\SkinuxProcV.dll
MOD - [2010.12.15 23:02:05 | 000,462,848 | ---- | M] () -- C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\SkinuxFFV.dll
MOD - [2010.12.15 23:02:05 | 000,237,568 | ---- | M] () -- C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\SpiffyExt.dll
MOD - [2010.12.15 23:02:05 | 000,217,088 | ---- | M] () -- C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\LocESUpload.dll
MOD - [2010.12.15 23:02:05 | 000,155,648 | ---- | M] () -- C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\SkinuxZipV.dll
MOD - [2010.12.15 23:02:05 | 000,155,648 | ---- | M] () -- C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\LocVistaCDBackup.dll
MOD - [2010.12.15 23:02:05 | 000,143,360 | ---- | M] () -- C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\VPrintOnlineHelper40.dll
MOD - [2010.12.15 23:02:05 | 000,094,208 | ---- | M] () -- C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\LocVistaPrintOnLine.dll
MOD - [2010.12.15 23:02:05 | 000,010,752 | ---- | M] () -- C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\LocVistaAdapter.dll
MOD - [2010.12.15 23:02:05 | 000,009,728 | ---- | M] () -- C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\LocUpdateCheck.dll
MOD - [2010.12.15 23:02:05 | 000,009,728 | ---- | M] () -- C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\LocPCD.dll
MOD - [2010.12.15 23:02:04 | 011,503,616 | ---- | M] () -- C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\ESSkin.esx
MOD - [2010.12.15 23:02:04 | 001,564,672 | ---- | M] () -- C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\AreaIFDLL.dll
MOD - [2010.12.15 23:02:04 | 000,761,856 | ---- | M] () -- C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\ESCliWicMDRW.esx
MOD - [2010.12.15 23:02:04 | 000,684,032 | ---- | M] () -- C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\ESEmail.esx
MOD - [2010.12.15 23:02:04 | 000,471,040 | ---- | M] () -- C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\Escom.dll
MOD - [2010.12.15 23:02:04 | 000,406,016 | ---- | M] () -- C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\Kfx.dll
MOD - [2010.12.15 23:02:04 | 000,356,352 | ---- | M] () -- C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\Atlas.dll
MOD - [2010.12.15 23:02:04 | 000,339,968 | ---- | M] () -- C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\VistaAdapter.esx
MOD - [2010.12.15 23:02:04 | 000,315,392 | ---- | M] () -- C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\VistaPrintOnline.esx
MOD - [2010.12.15 23:02:04 | 000,264,192 | ---- | M] () -- C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\AppCore.dll
MOD - [2010.12.15 23:02:04 | 000,233,984 | ---- | M] () -- C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\VistaControls.esx
MOD - [2010.12.15 23:02:04 | 000,171,520 | ---- | M] () -- C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\Pcd.esx
MOD - [2010.12.15 23:02:04 | 000,167,936 | ---- | M] () -- C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\LocESEmail.dll
MOD - [2010.12.15 23:02:04 | 000,152,576 | ---- | M] () -- C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\IStorageMediaStore.esx
MOD - [2010.12.15 23:02:04 | 000,129,536 | ---- | M] () -- C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\kpries40.dll
MOD - [2010.12.15 23:02:04 | 000,098,304 | ---- | M] () -- C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\VistaCDBackup.esx
MOD - [2010.12.15 23:02:04 | 000,094,208 | ---- | M] () -- C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\LocAcqMod.dll
MOD - [2010.12.15 23:02:04 | 000,084,480 | ---- | M] () -- C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\UpdateChecker.esx
MOD - [2010.12.15 23:02:04 | 000,084,480 | ---- | M] () -- C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\keml40.dll
MOD - [2010.12.15 23:02:04 | 000,078,848 | ---- | M] () -- C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\DXRawFormatHandler.esx
MOD - [2010.12.15 23:02:04 | 000,062,464 | ---- | M] () -- C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\DibLibIP.dll
MOD - [2010.12.15 23:02:04 | 000,052,224 | ---- | M] () -- C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\KPCDInterface.dll
MOD - [2010.12.15 23:02:04 | 000,044,544 | ---- | M] () -- C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\LocCamBack.dll
MOD - [2010.07.29 23:05:14 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll
MOD - [2010.07.29 23:05:11 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting.resources\2.0.0.0_de_b77a5c561934e089\System.Runtime.Remoting.resources.dll
MOD - [2010.05.04 16:36:28 | 000,970,752 | ---- | M] () -- C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2011.01.29 06:36:18 | 000,259,192 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Sony\VAIO Care\VCPerfService.exe -- (SampleCollector)
SRV:64bit: - [2010.10.08 08:55:08 | 000,202,752 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2013.04.04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2013.04.04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2013.04.04 14:23:35 | 000,086,752 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2013.04.04 14:22:51 | 000,110,816 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2013.02.28 18:45:16 | 000,161,384 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012.10.26 10:44:28 | 001,286,784 | ---- | M] (Sony Corporation) [On_Demand | Running] -- C:\Programme\Sony\VAIO Update\VUAgent.exe -- (VUAgent)
SRV - [2011.02.14 14:23:50 | 000,044,736 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Programme\Sony\VAIO Care\VCService.exe -- (VCService)
SRV - [2010.08.11 09:46:06 | 000,845,312 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Programme\Sony\VAIO Smart Network\VSNService.exe -- (VSNService)
SRV - [2010.07.29 13:22:44 | 000,867,080 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010.06.21 18:00:52 | 000,575,856 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Programme\Sony\VAIO Power Management\SPMService.exe -- (VAIO Power Management)
SRV - [2010.06.20 21:47:18 | 000,108,400 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe -- (SOHCImp)
SRV - [2010.06.20 21:47:16 | 000,067,952 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe -- (SOHDs)
SRV - [2010.06.18 07:07:12 | 000,423,280 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe -- (SOHDms)
SRV - [2010.06.17 12:44:10 | 000,851,824 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe -- (VCFw)
SRV - [2010.06.09 15:57:16 | 000,101,232 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe -- (VcmXmlIfHelper)
SRV - [2010.06.09 15:56:02 | 000,384,880 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Programme\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe -- (VcmINSMgr)
SRV - [2010.06.09 15:55:00 | 000,537,456 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Programme\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe -- (VcmIAlzMgr)
SRV - [2010.06.08 23:55:14 | 000,952,096 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Programme\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins)
SRV - [2010.06.06 22:13:46 | 000,304,496 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe -- (SpfService)
SRV - [2010.06.01 15:31:28 | 002,804,568 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe -- (NOBU)
SRV - [2010.06.01 03:01:56 | 000,367,456 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe -- (PMBDeviceInfoProvider)
SRV - [2010.05.31 19:18:32 | 000,217,968 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe -- (VAIO Event Service)
SRV - [2010.05.28 22:02:57 | 002,320,920 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2010.05.28 22:02:38 | 000,268,824 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010.03.18 12:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2010.03.04 05:16:06 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)
SRV - [2009.10.09 05:45:56 | 000,169,312 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor8.0)
SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008.09.18 10:59:10 | 000,104,960 | ---- | M] (ArcSoft, Inc.) [Auto | Running] -- C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe -- (uCamMonitor)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2013.04.04 14:50:32 | 000,025,928 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2013.04.04 14:23:49 | 000,130,016 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2013.04.04 14:23:49 | 000,100,712 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2013.04.04 14:23:49 | 000,028,600 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr)
DRV:64bit: - [2012.08.21 13:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012.07.09 13:42:54 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012.03.01 08:54:38 | 000,022,896 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2010.10.08 08:55:08 | 006,661,120 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2010.10.08 08:55:08 | 006,661,120 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2010.10.08 08:55:08 | 000,195,584 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2010.06.24 22:34:53 | 000,271,872 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
DRV:64bit: - [2010.06.24 22:33:43 | 010,326,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2010.06.23 22:04:45 | 000,021,544 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwrchid.sys -- (btwrchid)
DRV:64bit: - [2010.06.23 22:04:43 | 000,342,056 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwampfl.sys -- (btwampfl)
DRV:64bit: - [2010.06.23 22:04:43 | 000,135,720 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt)
DRV:64bit: - [2010.06.23 22:04:43 | 000,102,952 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio)
DRV:64bit: - [2010.06.23 22:04:09 | 000,039,464 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwl2cap.sys -- (btwl2cap)
DRV:64bit: - [2010.06.23 22:03:07 | 000,078,848 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\risdsne64.sys -- (risdsnpe)
DRV:64bit: - [2010.06.23 22:02:59 | 000,094,208 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\rimssne64.sys -- (rimspci)
DRV:64bit: - [2010.05.31 23:36:48 | 000,402,720 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7)
DRV:64bit: - [2010.05.31 23:36:41 | 001,573,888 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2010.05.31 23:31:21 | 000,316,464 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2010.05.31 22:10:13 | 000,231,328 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtHDMIVX.sys -- (RTHDMIAzAudService)
DRV:64bit: - [2010.05.28 22:03:12 | 000,158,976 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd)
DRV:64bit: - [2010.05.28 22:02:36 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64)
DRV:64bit: - [2010.04.26 22:20:29 | 000,012,032 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SFEP.sys -- (SFEP)
DRV:64bit: - [2010.03.04 04:51:40 | 000,540,696 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2009.10.10 04:41:20 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2009.07.14 03:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2009.07.14 03:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.05.26 14:32:04 | 000,019,968 | ---- | M] (ArcSoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ArcSoftKsUFilter.sys -- (ArcSoftKsUFilter)
DRV:64bit: - [2008.06.16 03:00:00 | 000,055,024 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = 
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
 
 
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-21-3110030631-4217454783-1680903054-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=SVEE&bmod=SVEE
IE - HKU\S-1-5-21-3110030631-4217454783-1680903054-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.bing.com
IE - HKU\S-1-5-21-3110030631-4217454783-1680903054-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.bing.com
IE - HKU\S-1-5-21-3110030631-4217454783-1680903054-1001\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-21-3110030631-4217454783-1680903054-1001\..\SearchScopes\{104A6D25-CFE8-4B46-9870-30FB22C87BBA}: "URL" = hxxp://rover.ebay.com/rover/1/707-37276-16609-9/4?satitle={searchTerms}
IE - HKU\S-1-5-21-3110030631-4217454783-1680903054-1001\..\SearchScopes\{11FB90CA-8588-4224-A255-B0CEE7BB34F6}: "URL" = hxxp://services.zinio.com/search?s={searchTerms}&rf=sonyslices
IE - HKU\S-1-5-21-3110030631-4217454783-1680903054-1001\..\SearchScopes\{70D800E8-32F6-473B-9302-98F6E62FA7A8}: "URL" = hxxp://de.shopping.com/?linkin_id=8056363
IE - HKU\S-1-5-21-3110030631-4217454783-1680903054-1001\..\SearchScopes\{ACBEF858-495B-443F-9C53-BE99D3A4B628}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=ORJ&o=100000027&src=crm&q={searchTerms}&locale=de_DE&apn_ptnrs=U3&apn_dtid=YYYYYYYYDE&apn_uid=CB4CF5E0-893D-4D53-BD9E-B067815538DB&apn_sauid=E818C8A2-5322-412B-8B4D-4F6E89AC9E76
IE - HKU\S-1-5-21-3110030631-4217454783-1680903054-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3110030631-4217454783-1680903054-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>;*.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultthis.engineName: "Search"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26
FF - prefs.js..extensions.enabledItems: ffxtlbr@delta.com:1.5.0
FF - prefs.js..extensions.enabledItems: toolbar@ask.com:3.15.15.100013
FF - prefs.js..extensions.enabledItems: {872b5b88-9db5-4310-bdd0-ac189557e5f5}:2.7.2.0
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.8
FF - prefs.js..extensions.enabledItems: singalong@xenophesoft.com:1.111
FF - prefs.js..browser.startup.homepage: 
FF - prefs.js..browser.search.defaultengine: "Google"
FF - prefs.js..browser.search.defaultenginename: "Google"
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.17.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\info@allpremiumplay.info: C:\Users\Violet\AppData\Roaming\Mozilla\Firefox\Profiles\mfjb2jkt.default\extensions\info@allpremiumplay.info
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.10.07 22:54:20 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.10.07 22:54:20 | 000,000,000 | ---D | M]
 
[2010.12.07 18:25:07 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Violet\AppData\Roaming\mozilla\Extensions
[2013.06.02 17:07:54 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Violet\AppData\Roaming\mozilla\Firefox\Profiles\mfjb2jkt.default\extensions
[2010.12.18 16:15:18 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\Violet\AppData\Roaming\mozilla\Firefox\Profiles\mfjb2jkt.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2012.04.06 13:50:55 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2010.12.07 23:26:01 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011.01.15 00:05:08 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011.03.16 14:56:12 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2011.06.24 22:31:32 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
[2010.10.27 07:44:13 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2010.10.27 07:44:13 | 000,002,344 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2010.10.27 07:44:13 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2010.10.27 07:44:13 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2010.10.27 07:44:13 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}
CHR - homepage: hxxp://www.google.de/
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.94\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.94\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.94\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll
CHR - plugin: Java(TM) Platform SE 7 U17 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Java Deployment Toolkit 7.0.170.2 (Enabled) = C:\Windows\SysWOW64\npDeployJava1.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - Extension: DvdVideoSoft Free Youtube Download = C:\Users\Violet\AppData\Local\Google\Chrome\User Data\Default\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp\1.0.0.0_0\
 
O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.7.8313.1002\swg64.dll (Google Inc.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.8313.1002\swg.dll (Google Inc.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKU\S-1-5-21-3110030631-4217454783-1680903054-1001\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O4:64bit: - HKLM..\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [ISBMgr.exe] C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe (Sony Corporation)
O4 - HKLM..\Run: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe (Symantec Corporation)
O4 - HKLM..\Run: [PMBVolumeWatcher] C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe (Sony Corporation)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-3110030631-4217454783-1680903054-1001..\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background File not found
O4 - HKU\S-1-5-21-3110030631-4217454783-1680903054-1001..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - Startup: C:\Users\Violet\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Violet\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm File not found
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Violet\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm File not found
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O9 - Extra Button: Add to Evernote - {E0B8C461-F8FB-49b4-8373-FE32E92528A6} - C:\Program Files (x86)\Evernote\Evernote3.5\enbar.dll (Evernote Corporation)
O9 - Extra 'Tools' menuitem : Add to Evernote - {E0B8C461-F8FB-49b4-8373-FE32E92528A6} - C:\Program Files (x86)\Evernote\Evernote3.5\enbar.dll (Evernote Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{BC863AAA-54E2-4F05-A57B-5B003D0368DB}: DhcpNameServer = 172.16.16.19
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C3FA99C0-6D20-46D3-A571-87208C430CB4}: DhcpNameServer = 192.168.0.1
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.06.02 16:57:50 | 000,000,000 | --SD | C] -- C:\Windows\SysWow64\Microsoft
[2013.06.02 16:03:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
[2013.06.02 16:03:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\7-Zip
[2013.06.02 14:09:40 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Violet\Desktop\OTL (1).exe
[2013.06.02 12:18:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
[2013.06.02 12:14:44 | 000,287,840 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe
[2013.06.02 12:13:34 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2013.06.02 12:12:40 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
[2013.06.01 15:36:54 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Extensions
[2013.06.01 15:36:53 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\searchplugins
[2013.06.01 14:44:08 | 000,000,000 | ---D | C] -- C:\Program Files\Uninstaller
[2013.06.01 14:43:35 | 000,000,000 | ---D | C] -- C:\Users\Violet\AppData\Roaming\player
[2013.06.01 14:37:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft.NET
[2013.06.01 14:29:18 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP
[2013.05.07 16:34:07 | 000,083,160 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avnetflt.sys
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013.06.02 17:18:17 | 000,013,872 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.06.02 17:18:17 | 000,013,872 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.06.02 17:10:09 | 000,001,120 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013.06.02 17:09:33 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.06.02 17:09:26 | 3106,480,128 | -HS- | M] () -- C:\hiberfil.sys
[2013.06.02 17:07:10 | 000,632,031 | ---- | M] () -- C:\Users\Violet\Desktop\adwcleaner.exe
[2013.06.02 16:51:34 | 001,590,506 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2013.06.02 16:51:34 | 000,696,902 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2013.06.02 16:51:34 | 000,652,180 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013.06.02 16:51:34 | 000,148,166 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2013.06.02 16:51:34 | 000,121,112 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013.06.02 16:51:27 | 001,590,506 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013.06.02 16:40:09 | 000,001,124 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013.06.02 16:11:02 | 000,039,478 | ---- | M] () -- C:\Users\Violet\Desktop\Gmer (2).zip
[2013.06.02 16:06:08 | 000,036,373 | ---- | M] () -- C:\Users\Violet\Desktop\Gmer.zip
[2013.06.02 16:05:35 | 000,015,090 | ---- | M] () -- C:\Users\Violet\Desktop\Logfiles.zip
[2013.06.02 15:36:44 | 549,934,962 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2013.06.02 15:19:49 | 000,377,856 | ---- | M] () -- C:\Users\Violet\Desktop\gmer_2.1.19163.exe
[2013.06.02 14:09:43 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Violet\Desktop\OTL (1).exe
[2013.06.02 14:07:32 | 000,000,000 | ---- | M] () -- C:\Users\Violet\defogger_reenable
[2013.06.02 12:14:45 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt
[2013.06.01 16:28:45 | 000,001,240 | ---- | M] () -- C:\Windows\wininit.ini
[2013.06.01 15:03:05 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2013.05.09 10:58:11 | 000,287,840 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe
[2013.05.07 16:33:53 | 000,083,160 | ---- | M] (Avira GmbH) -- C:\Windows\SysNative\drivers\avnetflt.sys
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013.06.02 17:06:57 | 000,632,031 | ---- | C] () -- C:\Users\Violet\Desktop\adwcleaner.exe
[2013.06.02 16:11:02 | 000,039,478 | ---- | C] () -- C:\Users\Violet\Desktop\Gmer (2).zip
[2013.06.02 16:06:07 | 000,036,373 | ---- | C] () -- C:\Users\Violet\Desktop\Gmer.zip
[2013.06.02 16:05:35 | 000,015,090 | ---- | C] () -- C:\Users\Violet\Desktop\Logfiles.zip
[2013.06.02 15:36:44 | 549,934,962 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2013.06.02 15:19:47 | 000,377,856 | ---- | C] () -- C:\Users\Violet\Desktop\gmer_2.1.19163.exe
[2013.06.02 14:07:32 | 000,000,000 | ---- | C] () -- C:\Users\Violet\defogger_reenable
[2013.06.02 12:14:45 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\config.nt
[2013.06.01 15:22:01 | 000,001,240 | ---- | C] () -- C:\Windows\wininit.ini
[2013.06.01 14:42:48 | 001,590,506 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
 
========== ZeroAccess Check ==========
 
[2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 07:30:56 | 014,165,504 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 06:46:56 | 012,868,608 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009.07.14 03:15:20 | 000,605,696 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2012.09.18 17:07:58 | 000,000,000 | ---D | M] -- C:\Users\Violet\AppData\Roaming\DVDVideoSoft
[2012.11.03 16:30:27 | 000,000,000 | ---D | M] -- C:\Users\Violet\AppData\Roaming\IrfanView
[2010.12.12 16:25:11 | 000,000,000 | ---D | M] -- C:\Users\Violet\AppData\Roaming\OpenOffice.org
[2013.06.01 16:01:05 | 000,000,000 | ---D | M] -- C:\Users\Violet\AppData\Roaming\player
[2010.12.15 23:03:13 | 000,000,000 | ---D | M] -- C:\Users\Violet\AppData\Roaming\Skinux
 
========== Purity Check ==========
 
 

< End of report >
         

Alt 02.06.2013, 16:42   #10
aharonov
/// TB-Ausbilder
 
Tuguu VAF-Player Malware eingefangen, seitdem Warnmeldungen (svchost) - Standard

Tuguu VAF-Player Malware eingefangen, seitdem Warnmeldungen (svchost)



Taucht die Meldung von MBAM jetzt immer noch auf?
__________________
cheers,
Leo

Alt 02.06.2013, 16:44   #11
luna_planlos
 
Tuguu VAF-Player Malware eingefangen, seitdem Warnmeldungen (svchost) - Standard

Tuguu VAF-Player Malware eingefangen, seitdem Warnmeldungen (svchost)



Ja, leider...zwischendurch dachte ich, sie wäre jetzt endlich weg, aber vor ein paar Minuten kam sie wieder.

Kann ich noch was tun?

Wenn jetzt die Woche anfängt, kann es sein, dass ich eventuell länger brauche, um zu reagieren...bin aber nach wie vor dabei und an Hilfe interessiert. Danke soweit schonmal.

Alt 05.06.2013, 12:10   #12
aharonov
/// TB-Ausbilder
 
Tuguu VAF-Player Malware eingefangen, seitdem Warnmeldungen (svchost) - Standard

Tuguu VAF-Player Malware eingefangen, seitdem Warnmeldungen (svchost)



Hallo,

die Meldungen kommen immer noch, nehm ich an?
Erscheinen sie denn nur, wenn z.B. ein Browser offen ist oder auch, wenn kein Programm läuft und du nichts am Rechner machst?


Schritt 1

Lade SystemLook (von jpshortstuff) herunter und speichere das Tool auf dem Desktop.
  • Doppelklicke auf die SystemLook_x64.exe, um das Tool zu starten.
    Vista und Win7 User: Rechtsklick und "als Administrator starten".
  • Kopiere den Inhalt der folgenden Codebox in das Textfeld des Tools:

    Code:
    ATTFilter
    :filefind
    *tuguu*
    *vaf*
    
    :folderfind
    *tuguu*
    *vaf*
    
    :regfind
    tuguu
    vaf
             
  • Klicke nun auf den Button Look, um den Scan zu starten.
  • Wenn der Suchlauf beendet ist, wird sich dein Editor mit den Ergebnissen öffnen. Poste diese in deinen Thread.
  • Das Log-File wird auch auf dem Desktop als SystemLook.txt gespeichert.



Bitte poste in deiner nächsten Antwort:
  • Log von SystemLook
__________________
cheers,
Leo

Alt 05.06.2013, 18:34   #13
luna_planlos
 
Tuguu VAF-Player Malware eingefangen, seitdem Warnmeldungen (svchost) - Standard

Tuguu VAF-Player Malware eingefangen, seitdem Warnmeldungen (svchost)



Hi,
da bin ich auch wieder.

Ja, die Meldungen kommen nach wie vor. Auch, wenn kein Browser offen ist oder irgendein Programm läuft, sondern der PC einfach nur so an ist. Für mich persönlich ist auch kein logisches Muster darin erkennbar, wann die Meldung erscheint...gestern kam sie z.B. erst, als der PC schon etwa eine halbe Stunde lief - gerade eben wiederum kaum, nachdem ich eingeschaltet hatte und nach 10 min bereits wieder.


Hier nun der Log von SystemLook:

Code:
ATTFilter
SystemLook 30.07.11 by jpshortstuff
Log created at 19:24 on 05/06/2013 by Violet
Administrator - Elevation successful

========== filefind ==========

Searching for "*tuguu*"
C:\ProgramData\Spybot - Search & Destroy\Recovery\TuguuVAFPlayer.zip	--a---- 326 bytes	[17:06 01/06/2013]	[17:06 01/06/2013] 5B7706ABC6F93BAD18F68145C87035FA
C:\ProgramData\Spybot - Search & Destroy\Recovery\TuguuVAFPlayer1.zip	--a---- 332 bytes	[17:06 01/06/2013]	[17:06 01/06/2013] 88725DFB895CAF0F55EAC261DA3A6036
C:\ProgramData\Spybot - Search & Destroy\Recovery\TuguuVAFPlayer2.zip	--a---- 329 bytes	[17:17 01/06/2013]	[17:17 01/06/2013] 774103B25BF4584D39612AC841B74CCD
C:\Users\All Users\Spybot - Search & Destroy\Recovery\TuguuVAFPlayer.zip	--a---- 326 bytes	[17:06 01/06/2013]	[17:06 01/06/2013] 5B7706ABC6F93BAD18F68145C87035FA
C:\Users\All Users\Spybot - Search & Destroy\Recovery\TuguuVAFPlayer1.zip	--a---- 332 bytes	[17:06 01/06/2013]	[17:06 01/06/2013] 88725DFB895CAF0F55EAC261DA3A6036
C:\Users\All Users\Spybot - Search & Destroy\Recovery\TuguuVAFPlayer2.zip	--a---- 329 bytes	[17:17 01/06/2013]	[17:17 01/06/2013] 774103B25BF4584D39612AC841B74CCD

Searching for "*vaf*"
C:\Program Files (x86)\Java\jre7\THIRDPARTYLICENSEREADME-JAVAFX.txt	--a---- 125105 bytes	[11:26 04/04/2013]	[11:26 04/04/2013] 6244D967C77B9A009E1DB06F160F96AB
C:\Program Files (x86)\Java\jre7\bin\javafx-font.dll	--a---- 241568 bytes	[11:26 04/04/2013]	[11:26 04/04/2013] 684B0F2F6E5B4541528B000557F1E0E6
C:\Program Files (x86)\Java\jre7\bin\javafx-iio.dll	--a---- 187808 bytes	[11:26 04/04/2013]	[11:26 04/04/2013] B356E20ABAF1C887F6DCB80BFA0912D2
C:\Program Files (x86)\Java\jre7\lib\javafx.properties	--a---- 28 bytes	[11:26 04/04/2013]	[11:26 04/04/2013] F15A218422DC45A2C67C023B41ED2DF5
C:\Program Files (x86)\Java\jre7\lib\security\javafx.policy	--a---- 158 bytes	[11:26 04/04/2013]	[11:26 04/04/2013] 410E12D6DB06500FDEA4B60D814CD98C
C:\ProgramData\Spybot - Search & Destroy\Recovery\TuguuVAFPlayer.zip	--a---- 326 bytes	[17:06 01/06/2013]	[17:06 01/06/2013] 5B7706ABC6F93BAD18F68145C87035FA
C:\ProgramData\Spybot - Search & Destroy\Recovery\TuguuVAFPlayer1.zip	--a---- 332 bytes	[17:06 01/06/2013]	[17:06 01/06/2013] 88725DFB895CAF0F55EAC261DA3A6036
C:\ProgramData\Spybot - Search & Destroy\Recovery\TuguuVAFPlayer2.zip	--a---- 329 bytes	[17:17 01/06/2013]	[17:17 01/06/2013] 774103B25BF4584D39612AC841B74CCD
C:\SPLASH.SYS\va-LPK2.FF-3.0.sqx	---h--- 1729228 bytes	[09:29 26/02/2010]	[09:29 26/02/2010] FF24BA67607429285421E5A6FF471D5E
C:\Users\All Users\Spybot - Search & Destroy\Recovery\TuguuVAFPlayer.zip	--a---- 326 bytes	[17:06 01/06/2013]	[17:06 01/06/2013] 5B7706ABC6F93BAD18F68145C87035FA
C:\Users\All Users\Spybot - Search & Destroy\Recovery\TuguuVAFPlayer1.zip	--a---- 332 bytes	[17:06 01/06/2013]	[17:06 01/06/2013] 88725DFB895CAF0F55EAC261DA3A6036
C:\Users\All Users\Spybot - Search & Destroy\Recovery\TuguuVAFPlayer2.zip	--a---- 329 bytes	[17:17 01/06/2013]	[17:17 01/06/2013] 774103B25BF4584D39612AC841B74CCD
C:\Users\Violet\AppData\Roaming\Microsoft\Windows\Cookies\violet@dl.javafx[1].txt	--a---- 86 bytes	[20:57 23/04/2011]	[20:57 23/04/2011] DD2267EC9E6D37903A56453C36368C34
C:\Users\Violet\Music\Vampire Diaries 4x03 Alex Clare - Too Close.m4a	--a---- 4317550 bytes	[14:10 30/12/2012]	[13:32 31/12/2012] A4606CEBC26ACAA567D40AA89CB3C078
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4OEX078L\VAIOGateCA4IGHQN.xml	--a---- 269 bytes	[15:13 07/08/2011]	[15:13 07/08/2011] 2C15EE6BEA9A2BA16454E99E2369C01C
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4OEX078L\VAIOGateCA1EH1CX.xml	--a---- 269 bytes	[19:22 09/05/2011]	[19:22 09/05/2011] 2C15EE6BEA9A2BA16454E99E2369C01C
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4OEX078L\VAIOGateCAHSLWQX.xml	--a---- 269 bytes	[22:24 10/02/2012]	[22:24 10/02/2012] 2C15EE6BEA9A2BA16454E99E2369C01C
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4OEX078L\VAIOGateCAR1SRMN.xml	--a---- 269 bytes	[15:31 10/07/2011]	[15:31 10/07/2011] 2C15EE6BEA9A2BA16454E99E2369C01C
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4OEX078L\VAIOGateCAWZ3B0L.xml	--a---- 269 bytes	[12:49 26/03/2011]	[12:49 26/03/2011] 2C15EE6BEA9A2BA16454E99E2369C01C
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4OEX078L\VAIOUpdateCAP0KNAV.xml	--a---- 482 bytes	[20:41 24/01/2012]	[20:41 24/01/2012] 5ED278C10BFEA2116690FD9E23902D8D
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4OEX078L\VAIOGate[7].xml	--a---- 269 bytes	[21:25 05/01/2011]	[21:25 05/01/2011] 2C15EE6BEA9A2BA16454E99E2369C01C
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4OEX078L\VAIOGateCA4GEFHY.xml	--a---- 269 bytes	[11:17 28/08/2011]	[11:17 28/08/2011] 2C15EE6BEA9A2BA16454E99E2369C01C
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4OEX078L\VAIOGateCAXP401M.xml	--a---- 269 bytes	[22:00 30/11/2011]	[22:00 30/11/2011] 2C15EE6BEA9A2BA16454E99E2369C01C
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4OEX078L\VAIOGateCAFR0DDP.xml	--a---- 269 bytes	[16:45 06/03/2011]	[16:45 06/03/2011] 2C15EE6BEA9A2BA16454E99E2369C01C
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4OEX078L\VAIOGateCAKMZFB2.xml	--a---- 269 bytes	[14:21 20/01/2012]	[14:21 20/01/2012] 2C15EE6BEA9A2BA16454E99E2369C01C
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4OEX078L\VAIOGateCA4APZIV.xml	--a---- 269 bytes	[19:52 11/12/2011]	[19:52 11/12/2011] 2C15EE6BEA9A2BA16454E99E2369C01C
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4OEX078L\VAIOGateCARX190C.xml	--a---- 269 bytes	[09:41 14/05/2011]	[09:41 14/05/2011] 2C15EE6BEA9A2BA16454E99E2369C01C
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4OEX078L\VAIOGateCAK7QZ33.xml	--a---- 269 bytes	[09:42 16/01/2012]	[09:42 16/01/2012] 2C15EE6BEA9A2BA16454E99E2369C01C
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4OEX078L\VAIOGateCAAM3M10.xml	--a---- 269 bytes	[12:54 16/03/2011]	[12:54 16/03/2011] 2C15EE6BEA9A2BA16454E99E2369C01C
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4OEX078L\VAIOGateCA5A6C2J.xml	--a---- 269 bytes	[14:10 24/05/2011]	[14:10 24/05/2011] 2C15EE6BEA9A2BA16454E99E2369C01C
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4OEX078L\VAIOUpdateCA8FPJ6N.xml	--a---- 482 bytes	[20:24 28/06/2011]	[20:24 28/06/2011] 2391DA97A32D0B7EF3AE6FA3AC49C131
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4OEX078L\VAIOUpdateCA142Y98.xml	--a---- 545 bytes	[21:19 22/09/2011]	[21:19 22/09/2011] 157BFD8984CF0B8B4629B3159039E5BC
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4OEX078L\VAIOGateCAGDN3VQ.xml	--a---- 269 bytes	[21:37 09/01/2011]	[21:37 09/01/2011] 2C15EE6BEA9A2BA16454E99E2369C01C
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4OEX078L\VAIOUpdateCA3MHWE1.xml	--a---- 368 bytes	[12:06 16/04/2011]	[12:06 16/04/2011] BF0615CE5E7E5BE80D7000B8687D20D2
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4OEX078L\VAIOUpdateCAON3E9O.xml	--a---- 545 bytes	[20:11 15/08/2011]	[20:11 15/08/2011] 157BFD8984CF0B8B4629B3159039E5BC
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4OEX078L\VAIOGateCAUO0U2I.xml	--a---- 269 bytes	[22:01 16/03/2012]	[22:01 16/03/2012] 2C15EE6BEA9A2BA16454E99E2369C01C
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CXIR7D5L\VAIOGate[7].xml	--a---- 269 bytes	[13:23 06/01/2011]	[13:23 06/01/2011] 2C15EE6BEA9A2BA16454E99E2369C01C
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CXIR7D5L\VAIOGateCAB4ZW1O.xml	--a---- 269 bytes	[22:58 29/12/2011]	[22:58 29/12/2011] 2C15EE6BEA9A2BA16454E99E2369C01C
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CXIR7D5L\VAIOGateCAC7GILY.xml	--a---- 269 bytes	[20:46 08/05/2012]	[20:46 08/05/2012] 2C15EE6BEA9A2BA16454E99E2369C01C
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\D1EFTMSQ\VAIOGateCAERHHNB.xml	--a---- 269 bytes	[15:39 19/03/2012]	[15:39 19/03/2012] 2C15EE6BEA9A2BA16454E99E2369C01C
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\D1EFTMSQ\VAIOGateCA2LE7JO.xml	--a---- 269 bytes	[22:28 02/12/2011]	[22:28 02/12/2011] 2C15EE6BEA9A2BA16454E99E2369C01C
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\D1EFTMSQ\VAIOGateCAJHAO60.xml	--a---- 269 bytes	[22:29 09/07/2012]	[22:29 09/07/2012] 2C15EE6BEA9A2BA16454E99E2369C01C
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\D1EFTMSQ\VAIOUpdateCA5420KP.xml	--a---- 545 bytes	[10:45 24/07/2011]	[10:45 24/07/2011] 157BFD8984CF0B8B4629B3159039E5BC
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\D1EFTMSQ\VAIOGateCAFU3YJ5.xml	--a---- 376 bytes	[13:18 03/01/2013]	[13:18 03/01/2013] EBE098304A6201674ED0FA69FBC0D6C5
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\D1EFTMSQ\VAIOUpdateCAG17P5E.xml	--a---- 545 bytes	[20:50 04/10/2011]	[20:50 04/10/2011] 157BFD8984CF0B8B4629B3159039E5BC
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\D1EFTMSQ\VAIOGateCAZMJ491.xml	--a---- 269 bytes	[17:30 01/08/2011]	[17:30 01/08/2011] 2C15EE6BEA9A2BA16454E99E2369C01C
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\D1EFTMSQ\VAIOGate[7].xml	--a---- 269 bytes	[20:53 15/01/2011]	[20:53 15/01/2011] 2C15EE6BEA9A2BA16454E99E2369C01C
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\D1EFTMSQ\VAIOGateCA3GMGJG.xml	--a---- 269 bytes	[15:31 31/05/2012]	[15:31 31/05/2012] 2C15EE6BEA9A2BA16454E99E2369C01C
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\D1EFTMSQ\VAIOGateCA1LG7BR.xml	--a---- 269 bytes	[10:37 23/10/2011]	[10:37 23/10/2011] 2C15EE6BEA9A2BA16454E99E2369C01C
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\D1EFTMSQ\VAIOGateCAEZB6AO.xml	--a---- 269 bytes	[22:08 20/12/2011]	[22:08 20/12/2011] 2C15EE6BEA9A2BA16454E99E2369C01C
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\D1EFTMSQ\VAIOGateCAM9KB12.xml	--a---- 269 bytes	[21:00 01/07/2011]	[21:00 01/07/2011] 2C15EE6BEA9A2BA16454E99E2369C01C
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\D1EFTMSQ\VAIOGateCANCJCK6.xml	--a---- 269 bytes	[22:28 27/08/2011]	[22:28 27/08/2011] 2C15EE6BEA9A2BA16454E99E2369C01C
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\D1EFTMSQ\VAIOUpdateCA28CF8Q.xml	--a---- 368 bytes	[21:34 17/03/2011]	[21:34 17/03/2011] BF0615CE5E7E5BE80D7000B8687D20D2
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\D1EFTMSQ\VAIOGateCA35XZ1L.xml	--a---- 269 bytes	[20:37 23/04/2012]	[20:37 23/04/2012] 2C15EE6BEA9A2BA16454E99E2369C01C
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\D1EFTMSQ\VAIOUpdateCAGYWQKB.xml	--a---- 368 bytes	[14:45 09/05/2011]	[14:45 09/05/2011] BF0615CE5E7E5BE80D7000B8687D20D2
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\D1EFTMSQ\VAIOGateCAZ7CQSO.xml	--a---- 376 bytes	[11:34 08/02/2013]	[11:34 08/02/2013] EBE098304A6201674ED0FA69FBC0D6C5
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\D1EFTMSQ\VAIOUpdateCA59VKCG.xml	--a---- 482 bytes	[12:09 05/05/2012]	[12:09 05/05/2012] 9E5796826C78047D5901002B5F231651
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\D1EFTMSQ\VAIOGateCA75HXOT.xml	--a---- 269 bytes	[10:14 30/05/2012]	[10:14 30/05/2012] 2C15EE6BEA9A2BA16454E99E2369C01C
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\D1EFTMSQ\VAIOGateCAJQQ7MB.xml	--a---- 269 bytes	[11:14 07/01/2012]	[11:14 07/01/2012] 2C15EE6BEA9A2BA16454E99E2369C01C
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\D1EFTMSQ\VAIOGateCA5KS2UQ.xml	--a---- 269 bytes	[15:30 17/01/2012]	[15:30 17/01/2012] 2C15EE6BEA9A2BA16454E99E2369C01C
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\D1EFTMSQ\VAIOGateCAAT0SLH.xml	--a---- 269 bytes	[17:23 07/06/2011]	[17:23 07/06/2011] 2C15EE6BEA9A2BA16454E99E2369C01C
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\D1EFTMSQ\VAIOGateCAIJQ03U.xml	--a---- 269 bytes	[20:28 11/07/2011]	[20:28 11/07/2011] 2C15EE6BEA9A2BA16454E99E2369C01C
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\D1EFTMSQ\VAIOGateCAF0FNHU.xml	--a---- 269 bytes	[21:51 12/07/2012]	[21:51 12/07/2012] 2C15EE6BEA9A2BA16454E99E2369C01C
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\D1EFTMSQ\VAIOUpdateCA6AS5DW.xml	--a---- 368 bytes	[15:16 04/04/2011]	[15:16 04/04/2011] BF0615CE5E7E5BE80D7000B8687D20D2
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\D1EFTMSQ\VAIOUpdateCAJGHC7N.xml	--a---- 607 bytes	[22:55 08/11/2012]	[22:55 08/11/2012] 41E91D7FD6555EAAB940384269425D0E
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\D1EFTMSQ\VAIOGateCAB7X7JN.xml	--a---- 269 bytes	[21:53 11/01/2012]	[21:53 11/01/2012] 2C15EE6BEA9A2BA16454E99E2369C01C
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\D1EFTMSQ\VAIOGateCABL7BNN.xml	--a---- 269 bytes	[10:31 27/03/2011]	[10:31 27/03/2011] 2C15EE6BEA9A2BA16454E99E2369C01C
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\D1EFTMSQ\VAIOUpdateCA6NLVWH.xml	--a---- 368 bytes	[19:59 15/03/2011]	[19:59 15/03/2011] BF0615CE5E7E5BE80D7000B8687D20D2
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\D1EFTMSQ\VAIOGateCA5MG5ZW.xml	--a---- 269 bytes	[21:07 07/04/2011]	[21:07 07/04/2011] 2C15EE6BEA9A2BA16454E99E2369C01C
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\D1EFTMSQ\VAIOGateCA3OJKWB.xml	--a---- 269 bytes	[19:35 10/08/2011]	[19:35 10/08/2011] 2C15EE6BEA9A2BA16454E99E2369C01C
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RIJGQRCN\VAIOGateCAF6WNGG.xml	--a---- 269 bytes	[21:57 05/01/2012]	[21:57 05/01/2012] 2C15EE6BEA9A2BA16454E99E2369C01C
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RIJGQRCN\VAIOGateCAQK0APY.xml	--a---- 269 bytes	[15:22 11/07/2011]	[15:22 11/07/2011] 2C15EE6BEA9A2BA16454E99E2369C01C
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RIJGQRCN\VAIOGate[7].xml	--a---- 269 bytes	[21:25 08/01/2011]	[21:25 08/01/2011] 2C15EE6BEA9A2BA16454E99E2369C01C
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RIJGQRCN\VAIOGateCAEXFMIA.xml	--a---- 376 bytes	[14:00 08/12/2012]	[14:00 08/12/2012] EBE098304A6201674ED0FA69FBC0D6C5
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RIJGQRCN\VAIOGateCAKKOYSM.xml	--a---- 269 bytes	[20:32 31/01/2012]	[20:32 31/01/2012] 2C15EE6BEA9A2BA16454E99E2369C01C
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RIJGQRCN\VAIOGateCA72PZE0.xml	--a---- 269 bytes	[18:47 18/01/2012]	[18:47 18/01/2012] 2C15EE6BEA9A2BA16454E99E2369C01C
C:\Windows\Web\Wallpaper\Sony\VAIO 09 img1 Wallpaper 1600x900.jpg	--a---- 426269 bytes	[11:19 29/07/2010]	[11:17 31/05/2009] 02E8AF35750B1C2EC522F5F64B8BBF7D
C:\Windows\Web\Wallpaper\Sony\VAIO 09 img3 Wallpaper 1024x768.jpg	--a---- 119706 bytes	[11:19 29/07/2010]	[11:17 31/05/2009] 1D17B516BDDAB1F83DFB1EF99A23F52C
C:\Windows\Web\Wallpaper\Sony\VAIO 09 img3 Wallpaper 1280x800.jpg	--a---- 133928 bytes	[11:19 29/07/2010]	[11:18 31/05/2009] 54CB55F6388E89590969B60CC209508C

========== folderfind ==========

Searching for "*tuguu*"
No folders found.

Searching for "*vaf*"
No folders found.

========== regfind ==========

Searching for "tuguu"
No data found.

Searching for "vaf"
[HKEY_CURRENT_USER\Software\JavaSoft\Java Update\Policy\JavaFX]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\TypedPaths]
"url1"="search-ms:displayname=Suchergebnisse%20in%20"Bibliotheken"&crumb=System.Generic.String%3Avaf&crumb=location:%3A%3A{031E4825-7B94-4DC3-B131-E946B44C8DD5}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Features\1D16E1D8593179E499F70D20BDA30547]
"gm_o_Javafilter"="gm_Optional"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Features\1D16E1D8593179E499F70D20BDA30547]
"gm_o_jf_Palm"="gm_o_Javafilter"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Features\1D16E1D8593179E499F70D20BDA30547]
"gm_o_jf_Pocketpc"="gm_o_Javafilter"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\1D16E1D8593179E499F70D20BDA30547\Features]
"gm_o_Javafilter"="gm_Optional"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\1D16E1D8593179E499F70D20BDA30547\Features]
"gm_o_jf_Palm"="gm_o_Javafilter"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\1D16E1D8593179E499F70D20BDA30547\Features]
"gm_o_jf_Pocketpc"="{-}CD]h}tcXJk*Vy3%OKgm_o_Javafilter"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\EA2B394116202D741BAA4FAD0D6F4CB8\Features]
"iTunes"="jQ9jsb5r0@]6YQx=3485p[-tfn}en=MCS'sfb@bLjAYOu86DTA~&^8Ekwr%jU2[p=n+7YA(D~CnWx3g?wdOFxNaCQ9KaVhoIH6(aY5U[HqIwg(s@r!!U.{{H?FI,&I]%h(NPZCj&lrLWK8dP]zE9h(itBN.,$wkR@Tl9soU]r=kj0f@?}RQ!@V[zER4cO9nDwowDX%}t_pGGkZzLh9r3NU)LvJSVSkCIHffW`@Xg7l2d2''UQCj*zCQQz8oUZ5(fRDLY0L0c.J.Pt?p^g$mCOr5odFsVxY,_3?t3axt)YZJAEkcIr]70~98ufRSxITDzVzO*_2dt,Ai@SrsbWH*hv9h@VbudQ9Vm(S-yyVM7+1*w%l]Cz=}Cm?t^oWW7!Es`1i3ph@CdCJWfQ``wmVun,Wme2@8=tSt7),`PjUmpC=k2`A8%19C]2_O4VPQzF2_U293&Qcg]4[laDdyzU_7l)?fgWNHc5QLt)='[Ll4y!@YV`riTeol&7rMC+vAJh(2`uG'-lVnY3!nmMupd^?Wl^BAMmje(EH]pPD6Hr?f'VlgR&KeqM5pfL_Ktg(l*d=J%lrLWGseJ3%dyV9_6Eha8hfVzI.=?_w*3]9wpw2TNA2j!MR(K&gwxF?)-tP6upAq$HWW$l,NNQ=NuS7sGVHdXcx{VnRa{L=1Pkrz@ZLQFDEZrMy!E19.Iikyt+X!56yhKIN5]a=v?Vp@]3L7xry2a86}Bj8ob.J.Q5S_&t2HIY=^8?9$fzxArf&rsr(7L0^QhQ=1n~3!arsg*{W{$2+6=k?e0{PX_4kuT%R1Du]MHm@cB7O_&`J&=M1ZKqWA,H?F_b-2)eg7Fa`OKY}!uB=i@!K&L2MFm-0{sx?,H$AE
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Perflib\009]
"Counter"="1 1847 2 System 4 Memory 6 % Processor Time 10 File Read Operations/sec 12 File Write Operations/sec 14 File Control Operations/sec 16 File Read Bytes/sec 18 File Write Bytes/sec 20 File Control Bytes/sec 24 Available Bytes 26 Committed Bytes 28 Page Faults/sec 30 Commit Limit 32 Write Copies/sec 34 Transition Faults/sec 36 Cache Faults/sec 38 Demand Zero Faults/sec 40 Pages/sec 42 Page Reads/sec 44 Processor Queue Length 46 Thread State 48 Pages Output/sec 50 Page Writes/sec 52 Browser 54 Announcements Server/sec 56 Pool Paged Bytes 58 Pool Nonpaged Bytes 60 Pool Paged Allocs 64 Pool Nonpaged Allocs 66 Pool Paged Resident Bytes 68 System Code Total Bytes 70 System Code Resident Bytes 72 System Driver Total Bytes 74 System Driver Resident Bytes 76 System Cache Resident Bytes 78 Announcements Domain/sec 80 Election Packets/sec 82 Mailslot Writes/sec 84 Server List Requests/sec 86 Cache 88 Data Maps/sec 90 Sync Data Maps/s
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\VAFPlayer_RASAPI32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\VAFPlayer_RASMANCS]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Perflib\009]
"Counter"="1 1847 2 System 4 Memory 6 % Processor Time 10 File Read Operations/sec 12 File Write Operations/sec 14 File Control Operations/sec 16 File Read Bytes/sec 18 File Write Bytes/sec 20 File Control Bytes/sec 24 Available Bytes 26 Committed Bytes 28 Page Faults/sec 30 Commit Limit 32 Write Copies/sec 34 Transition Faults/sec 36 Cache Faults/sec 38 Demand Zero Faults/sec 40 Pages/sec 42 Page Reads/sec 44 Processor Queue Length 46 Thread State 48 Pages Output/sec 50 Page Writes/sec 52 Browser 54 Announcements Server/sec 56 Pool Paged Bytes 58 Pool Nonpaged Bytes 60 Pool Paged Allocs 64 Pool Nonpaged Allocs 66 Pool Paged Resident Bytes 68 System Code Total Bytes 70 System Code Resident Bytes 72 System Driver Total Bytes 74 System Driver Resident Bytes 76 System Cache Resident Bytes 78 Announcements Domain/sec 80 Election Packets/sec 82 Mailslot Writes/sec 84 Server List Requests/sec 86 Cache 88 Data Maps/sec 90 Sync
[HKEY_USERS\S-1-5-21-3110030631-4217454783-1680903054-1001\Software\JavaSoft\Java Update\Policy\JavaFX]
[HKEY_USERS\S-1-5-21-3110030631-4217454783-1680903054-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\TypedPaths]
"url1"="search-ms:displayname=Suchergebnisse%20in%20"Bibliotheken"&crumb=System.Generic.String%3Avaf&crumb=location:%3A%3A{031E4825-7B94-4DC3-B131-E946B44C8DD5}"

-= EOF =-
         

Alt 06.06.2013, 11:42   #14
aharonov
/// TB-Ausbilder
 
Tuguu VAF-Player Malware eingefangen, seitdem Warnmeldungen (svchost) - Standard

Tuguu VAF-Player Malware eingefangen, seitdem Warnmeldungen (svchost)



Hallo,

kannst du mir bitte die Inhalte der Protection-Logs von MBAM (zu finden unter C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\Logs\protection-log-yyyy-mm-dd ) hier posten, welche die Warnungen dokumentieren, seitdem das angefangen hat?
__________________
cheers,
Leo

Alt 06.06.2013, 14:26   #15
luna_planlos
 
Tuguu VAF-Player Malware eingefangen, seitdem Warnmeldungen (svchost) - Standard

Tuguu VAF-Player Malware eingefangen, seitdem Warnmeldungen (svchost)



Hi,
am Samstag ging das Ganze ja los - hier also erstmal der 01.06.13:
Code:
ATTFilter
2013/06/01 15:03:13 +0200	VIOLET-VAIO	Violet	MESSAGE	Executing scheduled update:  Daily
2013/06/01 15:03:17 +0200	VIOLET-VAIO	Violet	MESSAGE	Starting protection
2013/06/01 15:03:17 +0200	VIOLET-VAIO	Violet	MESSAGE	Protection started successfully
2013/06/01 15:03:17 +0200	VIOLET-VAIO	Violet	MESSAGE	Starting IP protection
2013/06/01 15:03:36 +0200	VIOLET-VAIO	Violet	MESSAGE	IP Protection started successfully
2013/06/01 15:04:31 +0200	VIOLET-VAIO	Violet	MESSAGE	Starting database refresh
2013/06/01 15:04:31 +0200	VIOLET-VAIO	Violet	MESSAGE	Stopping IP protection
2013/06/01 15:04:36 +0200	VIOLET-VAIO	Violet	MESSAGE	IP Protection stopped successfully
2013/06/01 15:04:36 +0200	VIOLET-VAIO	Violet	MESSAGE	Scheduled update executed successfully:  database updated from version v2013.04.04.07 to version v2013.06.01.02
2013/06/01 15:04:39 +0200	VIOLET-VAIO	Violet	MESSAGE	Database refreshed successfully
2013/06/01 15:04:39 +0200	VIOLET-VAIO	Violet	MESSAGE	Starting IP protection
2013/06/01 15:04:42 +0200	VIOLET-VAIO	Violet	MESSAGE	IP Protection started successfully
2013/06/01 15:39:13 +0200	VIOLET-VAIO	Violet	MESSAGE	Starting protection
2013/06/01 15:39:13 +0200	VIOLET-VAIO	Violet	MESSAGE	Protection started successfully
2013/06/01 15:39:13 +0200	VIOLET-VAIO	Violet	MESSAGE	Starting IP protection
2013/06/01 15:39:17 +0200	VIOLET-VAIO	Violet	MESSAGE	IP Protection started successfully
2013/06/01 15:49:46 +0200	VIOLET-VAIO	Violet	IP-BLOCK	82.98.97.183 (Type: outgoing, Port: 49211, Process: svchost.exe)
2013/06/01 15:49:46 +0200	VIOLET-VAIO	Violet	IP-BLOCK	82.98.97.203 (Type: outgoing, Port: 49212, Process: svchost.exe)
2013/06/01 15:49:46 +0200	VIOLET-VAIO	Violet	IP-BLOCK	82.98.97.206 (Type: outgoing, Port: 49213, Process: svchost.exe)
2013/06/01 15:49:46 +0200	VIOLET-VAIO	Violet	IP-BLOCK	82.98.97.185 (Type: outgoing, Port: 49214, Process: svchost.exe)
2013/06/01 15:59:50 +0200	VIOLET-VAIO	Violet	IP-BLOCK	82.98.97.183 (Type: outgoing, Port: 49222, Process: svchost.exe)
2013/06/01 15:59:50 +0200	VIOLET-VAIO	Violet	IP-BLOCK	82.98.97.203 (Type: outgoing, Port: 49223, Process: svchost.exe)
2013/06/01 15:59:50 +0200	VIOLET-VAIO	Violet	IP-BLOCK	82.98.97.206 (Type: outgoing, Port: 49224, Process: svchost.exe)
2013/06/01 15:59:50 +0200	VIOLET-VAIO	Violet	IP-BLOCK	82.98.97.185 (Type: outgoing, Port: 49225, Process: svchost.exe)
2013/06/01 16:08:40 +0200	VIOLET-VAIO	Violet	MESSAGE	Starting protection
2013/06/01 16:08:40 +0200	VIOLET-VAIO	Violet	MESSAGE	Protection started successfully
2013/06/01 16:08:40 +0200	VIOLET-VAIO	Violet	MESSAGE	Starting IP protection
2013/06/01 16:08:45 +0200	VIOLET-VAIO	Violet	MESSAGE	IP Protection started successfully
2013/06/01 16:19:18 +0200	VIOLET-VAIO	Violet	IP-BLOCK	82.98.97.203 (Type: outgoing, Port: 49536, Process: svchost.exe)
2013/06/01 16:19:18 +0200	VIOLET-VAIO	Violet	IP-BLOCK	82.98.97.206 (Type: outgoing, Port: 49537, Process: svchost.exe)
2013/06/01 16:19:18 +0200	VIOLET-VAIO	Violet	IP-BLOCK	82.98.97.185 (Type: outgoing, Port: 49538, Process: svchost.exe)
2013/06/01 16:19:18 +0200	VIOLET-VAIO	Violet	IP-BLOCK	82.98.97.183 (Type: outgoing, Port: 49539, Process: svchost.exe)
2013/06/01 16:29:18 +0200	VIOLET-VAIO	Violet	IP-BLOCK	82.98.97.203 (Type: outgoing, Port: 49987, Process: svchost.exe)
2013/06/01 16:29:18 +0200	VIOLET-VAIO	Violet	IP-BLOCK	82.98.97.206 (Type: outgoing, Port: 49988, Process: svchost.exe)
2013/06/01 16:29:18 +0200	VIOLET-VAIO	Violet	IP-BLOCK	82.98.97.185 (Type: outgoing, Port: 49989, Process: svchost.exe)
2013/06/01 16:29:18 +0200	VIOLET-VAIO	Violet	IP-BLOCK	82.98.97.183 (Type: outgoing, Port: 49990, Process: svchost.exe)
2013/06/01 16:39:16 +0200	VIOLET-VAIO	Violet	IP-BLOCK	82.98.97.185 (Type: outgoing, Port: 50404, Process: svchost.exe)
2013/06/01 16:39:16 +0200	VIOLET-VAIO	Violet	IP-BLOCK	82.98.97.183 (Type: outgoing, Port: 50405, Process: svchost.exe)
2013/06/01 16:39:16 +0200	VIOLET-VAIO	Violet	IP-BLOCK	82.98.97.203 (Type: outgoing, Port: 50406, Process: svchost.exe)
2013/06/01 16:39:16 +0200	VIOLET-VAIO	Violet	IP-BLOCK	82.98.97.206 (Type: outgoing, Port: 50407, Process: svchost.exe)
2013/06/01 16:49:14 +0200	VIOLET-VAIO	Violet	IP-BLOCK	82.98.97.185 (Type: outgoing, Port: 50664, Process: svchost.exe)
2013/06/01 16:49:14 +0200	VIOLET-VAIO	Violet	IP-BLOCK	82.98.97.183 (Type: outgoing, Port: 50665, Process: svchost.exe)
2013/06/01 16:49:14 +0200	VIOLET-VAIO	Violet	IP-BLOCK	82.98.97.203 (Type: outgoing, Port: 50666, Process: svchost.exe)
2013/06/01 16:49:14 +0200	VIOLET-VAIO	Violet	IP-BLOCK	82.98.97.206 (Type: outgoing, Port: 50667, Process: svchost.exe)
2013/06/01 16:57:25 +0200	VIOLET-VAIO	Violet	MESSAGE	Starting protection
2013/06/01 16:57:25 +0200	VIOLET-VAIO	Violet	MESSAGE	Protection started successfully
2013/06/01 16:57:26 +0200	VIOLET-VAIO	Violet	MESSAGE	Starting IP protection
2013/06/01 16:57:29 +0200	VIOLET-VAIO	Violet	MESSAGE	IP Protection started successfully
2013/06/01 17:08:14 +0200	VIOLET-VAIO	Violet	IP-BLOCK	82.98.97.203 (Type: outgoing, Port: 50193, Process: svchost.exe)
2013/06/01 17:08:14 +0200	VIOLET-VAIO	Violet	IP-BLOCK	82.98.97.206 (Type: outgoing, Port: 50194, Process: svchost.exe)
2013/06/01 17:08:14 +0200	VIOLET-VAIO	Violet	IP-BLOCK	82.98.97.185 (Type: outgoing, Port: 50195, Process: svchost.exe)
2013/06/01 17:08:14 +0200	VIOLET-VAIO	Violet	IP-BLOCK	82.98.97.183 (Type: outgoing, Port: 50196, Process: svchost.exe)
2013/06/01 17:18:20 +0200	VIOLET-VAIO	Violet	IP-BLOCK	82.98.97.203 (Type: outgoing, Port: 50711, Process: svchost.exe)
2013/06/01 17:18:20 +0200	VIOLET-VAIO	Violet	IP-BLOCK	82.98.97.206 (Type: outgoing, Port: 50712, Process: svchost.exe)
2013/06/01 17:18:20 +0200	VIOLET-VAIO	Violet	IP-BLOCK	82.98.97.185 (Type: outgoing, Port: 50713, Process: svchost.exe)
2013/06/01 17:18:20 +0200	VIOLET-VAIO	Violet	IP-BLOCK	82.98.97.183 (Type: outgoing, Port: 50714, Process: svchost.exe)
2013/06/01 17:28:16 +0200	VIOLET-VAIO	Violet	IP-BLOCK	82.98.97.203 (Type: outgoing, Port: 50726, Process: svchost.exe)
2013/06/01 17:28:16 +0200	VIOLET-VAIO	Violet	IP-BLOCK	82.98.97.206 (Type: outgoing, Port: 50727, Process: svchost.exe)
2013/06/01 17:28:16 +0200	VIOLET-VAIO	Violet	IP-BLOCK	82.98.97.185 (Type: outgoing, Port: 50728, Process: svchost.exe)
2013/06/01 17:28:16 +0200	VIOLET-VAIO	Violet	IP-BLOCK	82.98.97.183 (Type: outgoing, Port: 50729, Process: svchost.exe)
2013/06/01 17:38:19 +0200	VIOLET-VAIO	Violet	IP-BLOCK	82.98.97.203 (Type: outgoing, Port: 50762, Process: svchost.exe)
2013/06/01 17:38:19 +0200	VIOLET-VAIO	Violet	IP-BLOCK	82.98.97.206 (Type: outgoing, Port: 50763, Process: svchost.exe)
2013/06/01 17:38:19 +0200	VIOLET-VAIO	Violet	IP-BLOCK	82.98.97.185 (Type: outgoing, Port: 50764, Process: svchost.exe)
2013/06/01 17:38:19 +0200	VIOLET-VAIO	Violet	IP-BLOCK	82.98.97.183 (Type: outgoing, Port: 50765, Process: svchost.exe)
2013/06/01 17:48:16 +0200	VIOLET-VAIO	Violet	IP-BLOCK	82.98.97.200 (Type: outgoing, Port: 50878, Process: svchost.exe)
2013/06/01 17:58:21 +0200	VIOLET-VAIO	Violet	IP-BLOCK	82.98.97.203 (Type: outgoing, Port: 50891, Process: svchost.exe)
2013/06/01 17:58:21 +0200	VIOLET-VAIO	Violet	IP-BLOCK	82.98.97.206 (Type: outgoing, Port: 50892, Process: svchost.exe)
2013/06/01 17:58:21 +0200	VIOLET-VAIO	Violet	IP-BLOCK	82.98.97.185 (Type: outgoing, Port: 50893, Process: svchost.exe)
2013/06/01 17:58:21 +0200	VIOLET-VAIO	Violet	IP-BLOCK	82.98.97.183 (Type: outgoing, Port: 50894, Process: svchost.exe)
2013/06/01 18:08:19 +0200	VIOLET-VAIO	Violet	IP-BLOCK	82.98.97.203 (Type: outgoing, Port: 50904, Process: svchost.exe)
2013/06/01 18:08:19 +0200	VIOLET-VAIO	Violet	IP-BLOCK	82.98.97.206 (Type: outgoing, Port: 50905, Process: svchost.exe)
2013/06/01 18:08:19 +0200	VIOLET-VAIO	Violet	IP-BLOCK	82.98.97.185 (Type: outgoing, Port: 50906, Process: svchost.exe)
2013/06/01 18:08:19 +0200	VIOLET-VAIO	Violet	IP-BLOCK	82.98.97.183 (Type: outgoing, Port: 50907, Process: svchost.exe)
2013/06/01 18:18:17 +0200	VIOLET-VAIO	Violet	IP-BLOCK	82.98.97.203 (Type: outgoing, Port: 50920, Process: svchost.exe)
2013/06/01 18:18:17 +0200	VIOLET-VAIO	Violet	IP-BLOCK	82.98.97.206 (Type: outgoing, Port: 50921, Process: svchost.exe)
2013/06/01 18:18:17 +0200	VIOLET-VAIO	Violet	IP-BLOCK	82.98.97.185 (Type: outgoing, Port: 50922, Process: svchost.exe)
2013/06/01 18:18:17 +0200	VIOLET-VAIO	Violet	IP-BLOCK	82.98.97.183 (Type: outgoing, Port: 50923, Process: svchost.exe)
2013/06/01 18:28:15 +0200	VIOLET-VAIO	Violet	IP-BLOCK	82.98.97.203 (Type: outgoing, Port: 50938, Process: svchost.exe)
2013/06/01 18:28:15 +0200	VIOLET-VAIO	Violet	IP-BLOCK	82.98.97.206 (Type: outgoing, Port: 50939, Process: svchost.exe)
2013/06/01 18:28:15 +0200	VIOLET-VAIO	Violet	IP-BLOCK	82.98.97.185 (Type: outgoing, Port: 50940, Process: svchost.exe)
2013/06/01 18:28:15 +0200	VIOLET-VAIO	Violet	IP-BLOCK	82.98.97.183 (Type: outgoing, Port: 50941, Process: svchost.exe)
2013/06/01 18:38:21 +0200	VIOLET-VAIO	Violet	IP-BLOCK	82.98.97.200 (Type: outgoing, Port: 50954, Process: svchost.exe)
2013/06/01 18:48:17 +0200	VIOLET-VAIO	Violet	IP-BLOCK	82.98.97.206 (Type: outgoing, Port: 50967, Process: svchost.exe)
2013/06/01 18:48:17 +0200	VIOLET-VAIO	Violet	IP-BLOCK	82.98.97.185 (Type: outgoing, Port: 50968, Process: svchost.exe)
2013/06/01 18:48:17 +0200	VIOLET-VAIO	Violet	IP-BLOCK	82.98.97.183 (Type: outgoing, Port: 50969, Process: svchost.exe)
2013/06/01 18:48:17 +0200	VIOLET-VAIO	Violet	IP-BLOCK	82.98.97.203 (Type: outgoing, Port: 50970, Process: svchost.exe)
2013/06/01 18:58:22 +0200	VIOLET-VAIO	Violet	IP-BLOCK	82.98.97.206 (Type: outgoing, Port: 50986, Process: svchost.exe)
2013/06/01 18:58:22 +0200	VIOLET-VAIO	Violet	IP-BLOCK	82.98.97.185 (Type: outgoing, Port: 50987, Process: svchost.exe)
2013/06/01 18:58:22 +0200	VIOLET-VAIO	Violet	IP-BLOCK	82.98.97.183 (Type: outgoing, Port: 50988, Process: svchost.exe)
2013/06/01 18:58:22 +0200	VIOLET-VAIO	Violet	IP-BLOCK	82.98.97.203 (Type: outgoing, Port: 50989, Process: svchost.exe)
2013/06/01 19:08:18 +0200	VIOLET-VAIO	Violet	IP-BLOCK	82.98.97.206 (Type: outgoing, Port: 50999, Process: svchost.exe)
2013/06/01 19:08:18 +0200	VIOLET-VAIO	Violet	IP-BLOCK	82.98.97.185 (Type: outgoing, Port: 51000, Process: svchost.exe)
2013/06/01 19:08:18 +0200	VIOLET-VAIO	Violet	IP-BLOCK	82.98.97.183 (Type: outgoing, Port: 51001, Process: svchost.exe)
2013/06/01 19:08:18 +0200	VIOLET-VAIO	Violet	IP-BLOCK	82.98.97.203 (Type: outgoing, Port: 51002, Process: svchost.exe)
2013/06/01 19:18:19 +0200	VIOLET-VAIO	Violet	IP-BLOCK	82.98.97.183 (Type: outgoing, Port: 51011, Process: svchost.exe)
2013/06/01 19:18:19 +0200	VIOLET-VAIO	Violet	IP-BLOCK	82.98.97.206 (Type: outgoing, Port: 51012, Process: svchost.exe)
2013/06/01 19:18:19 +0200	VIOLET-VAIO	Violet	IP-BLOCK	82.98.97.185 (Type: outgoing, Port: 51013, Process: svchost.exe)
2013/06/01 19:18:19 +0200	VIOLET-VAIO	Violet	IP-BLOCK	82.98.97.203 (Type: outgoing, Port: 51014, Process: svchost.exe)
2013/06/01 19:28:26 +0200	VIOLET-VAIO	Violet	IP-BLOCK	82.98.97.200 (Type: outgoing, Port: 51027, Process: svchost.exe)
2013/06/01 20:12:54 +0200	VIOLET-VAIO	Violet	MESSAGE	Starting protection
2013/06/01 20:12:58 +0200	VIOLET-VAIO	Violet	MESSAGE	Protection started successfully
2013/06/01 20:12:58 +0200	VIOLET-VAIO	Violet	MESSAGE	Starting IP protection
2013/06/01 20:13:03 +0200	VIOLET-VAIO	Violet	MESSAGE	IP Protection started successfully
2013/06/01 20:23:40 +0200	VIOLET-VAIO	Violet	IP-BLOCK	82.98.97.203 (Type: outgoing, Port: 49194, Process: svchost.exe)
2013/06/01 20:23:40 +0200	VIOLET-VAIO	Violet	IP-BLOCK	82.98.97.183 (Type: outgoing, Port: 49195, Process: svchost.exe)
2013/06/01 20:23:40 +0200	VIOLET-VAIO	Violet	IP-BLOCK	82.98.97.206 (Type: outgoing, Port: 49196, Process: svchost.exe)
2013/06/01 20:23:40 +0200	VIOLET-VAIO	Violet	IP-BLOCK	82.98.97.185 (Type: outgoing, Port: 49197, Process: svchost.exe)
2013/06/01 20:33:44 +0200	VIOLET-VAIO	Violet	IP-BLOCK	82.98.97.203 (Type: outgoing, Port: 49206, Process: svchost.exe)
2013/06/01 20:33:44 +0200	VIOLET-VAIO	Violet	IP-BLOCK	82.98.97.183 (Type: outgoing, Port: 49207, Process: svchost.exe)
2013/06/01 20:33:44 +0200	VIOLET-VAIO	Violet	IP-BLOCK	82.98.97.206 (Type: outgoing, Port: 49208, Process: svchost.exe)
2013/06/01 20:33:44 +0200	VIOLET-VAIO	Violet	IP-BLOCK	82.98.97.185 (Type: outgoing, Port: 49209, Process: svchost.exe)
2013/06/01 20:43:40 +0200	VIOLET-VAIO	Violet	IP-BLOCK	82.98.97.183 (Type: outgoing, Port: 49224, Process: svchost.exe)
2013/06/01 20:43:40 +0200	VIOLET-VAIO	Violet	IP-BLOCK	82.98.97.185 (Type: outgoing, Port: 49225, Process: svchost.exe)
2013/06/01 20:43:40 +0200	VIOLET-VAIO	Violet	IP-BLOCK	82.98.97.206 (Type: outgoing, Port: 49226, Process: svchost.exe)
2013/06/01 20:43:40 +0200	VIOLET-VAIO	Violet	IP-BLOCK	82.98.97.203 (Type: outgoing, Port: 49227, Process: svchost.exe)
2013/06/01 20:53:36 +0200	VIOLET-VAIO	Violet	IP-BLOCK	82.98.97.183 (Type: outgoing, Port: 49235, Process: svchost.exe)
2013/06/01 20:53:36 +0200	VIOLET-VAIO	Violet	IP-BLOCK	82.98.97.185 (Type: outgoing, Port: 49236, Process: svchost.exe)
2013/06/01 20:53:37 +0200	VIOLET-VAIO	Violet	IP-BLOCK	82.98.97.206 (Type: outgoing, Port: 49237, Process: svchost.exe)
2013/06/01 20:53:37 +0200	VIOLET-VAIO	Violet	IP-BLOCK	82.98.97.203 (Type: outgoing, Port: 49238, Process: svchost.exe)
2013/06/01 21:03:42 +0200	VIOLET-VAIO	Violet	IP-BLOCK	82.98.97.200 (Type: outgoing, Port: 49252, Process: svchost.exe)
2013/06/01 21:13:41 +0200	VIOLET-VAIO	Violet	IP-BLOCK	82.98.97.183 (Type: outgoing, Port: 49264, Process: svchost.exe)
2013/06/01 21:13:41 +0200	VIOLET-VAIO	Violet	IP-BLOCK	82.98.97.185 (Type: outgoing, Port: 49265, Process: svchost.exe)
2013/06/01 21:13:41 +0200	VIOLET-VAIO	Violet	IP-BLOCK	82.98.97.206 (Type: outgoing, Port: 49266, Process: svchost.exe)
2013/06/01 21:13:41 +0200	VIOLET-VAIO	Violet	IP-BLOCK	82.98.97.203 (Type: outgoing, Port: 49267, Process: svchost.exe)
2013/06/01 21:23:41 +0200	VIOLET-VAIO	Violet	IP-BLOCK	82.98.97.183 (Type: outgoing, Port: 49282, Process: svchost.exe)
2013/06/01 21:23:41 +0200	VIOLET-VAIO	Violet	IP-BLOCK	82.98.97.185 (Type: outgoing, Port: 49283, Process: svchost.exe)
2013/06/01 21:23:41 +0200	VIOLET-VAIO	Violet	IP-BLOCK	82.98.97.206 (Type: outgoing, Port: 49284, Process: svchost.exe)
2013/06/01 21:23:41 +0200	VIOLET-VAIO	Violet	IP-BLOCK	82.98.97.203 (Type: outgoing, Port: 49285, Process: svchost.exe)
2013/06/01 21:33:42 +0200	VIOLET-VAIO	Violet	IP-BLOCK	82.98.97.183 (Type: outgoing, Port: 49294, Process: svchost.exe)
2013/06/01 21:33:42 +0200	VIOLET-VAIO	Violet	IP-BLOCK	82.98.97.185 (Type: outgoing, Port: 49295, Process: svchost.exe)
2013/06/01 21:33:42 +0200	VIOLET-VAIO	Violet	IP-BLOCK	82.98.97.206 (Type: outgoing, Port: 49296, Process: svchost.exe)
2013/06/01 21:33:42 +0200	VIOLET-VAIO	Violet	IP-BLOCK	82.98.97.203 (Type: outgoing, Port: 49297, Process: svchost.exe)
2013/06/01 21:43:41 +0200	VIOLET-VAIO	Violet	IP-BLOCK	82.98.97.185 (Type: outgoing, Port: 49307, Process: svchost.exe)
2013/06/01 21:43:41 +0200	VIOLET-VAIO	Violet	IP-BLOCK	82.98.97.183 (Type: outgoing, Port: 49308, Process: svchost.exe)
2013/06/01 21:43:41 +0200	VIOLET-VAIO	Violet	IP-BLOCK	82.98.97.206 (Type: outgoing, Port: 49309, Process: svchost.exe)
2013/06/01 21:43:41 +0200	VIOLET-VAIO	Violet	IP-BLOCK	82.98.97.203 (Type: outgoing, Port: 49310, Process: svchost.exe)
         
02.06.13:
Code:
ATTFilter
2013/06/02 11:34:51 +0200	VIOLET-VAIO	Violet	MESSAGE	Executing scheduled update:  Daily
2013/06/02 11:34:54 +0200	VIOLET-VAIO	Violet	MESSAGE	Starting protection
2013/06/02 11:34:54 +0200	VIOLET-VAIO	Violet	MESSAGE	Protection started successfully
2013/06/02 11:34:54 +0200	VIOLET-VAIO	Violet	MESSAGE	Starting IP protection
2013/06/02 11:34:58 +0200	VIOLET-VAIO	Violet	MESSAGE	IP Protection started successfully
2013/06/02 11:35:04 +0200	VIOLET-VAIO	Violet	MESSAGE	Starting database refresh
2013/06/02 11:35:04 +0200	VIOLET-VAIO	Violet	MESSAGE	Scheduled update executed successfully:  database updated from version v2013.06.01.02 to version v2013.06.02.01
2013/06/02 11:35:04 +0200	VIOLET-VAIO	Violet	MESSAGE	Stopping IP protection
2013/06/02 11:35:05 +0200	VIOLET-VAIO	Violet	MESSAGE	IP Protection stopped successfully
2013/06/02 11:35:07 +0200	VIOLET-VAIO	Violet	MESSAGE	Database refreshed successfully
2013/06/02 11:35:07 +0200	VIOLET-VAIO	Violet	MESSAGE	Starting IP protection
2013/06/02 11:35:10 +0200	VIOLET-VAIO	Violet	MESSAGE	IP Protection started successfully
2013/06/02 11:35:55 +0200	VIOLET-VAIO	Violet	IP-BLOCK	82.98.97.203 (Type: outgoing, Port: 49190, Process: svchost.exe)
2013/06/02 11:35:56 +0200	VIOLET-VAIO	Violet	IP-BLOCK	82.98.97.185 (Type: outgoing, Port: 49191, Process: svchost.exe)
2013/06/02 11:35:56 +0200	VIOLET-VAIO	Violet	IP-BLOCK	82.98.97.183 (Type: outgoing, Port: 49192, Process: svchost.exe)
2013/06/02 11:35:56 +0200	VIOLET-VAIO	Violet	IP-BLOCK	82.98.97.206 (Type: outgoing, Port: 49193, Process: svchost.exe)
2013/06/02 11:45:55 +0200	VIOLET-VAIO	Violet	IP-BLOCK	82.98.97.183 (Type: outgoing, Port: 49306, Process: svchost.exe)
2013/06/02 11:45:55 +0200	VIOLET-VAIO	Violet	IP-BLOCK	82.98.97.203 (Type: outgoing, Port: 49307, Process: svchost.exe)
2013/06/02 11:45:55 +0200	VIOLET-VAIO	Violet	IP-BLOCK	82.98.97.185 (Type: outgoing, Port: 49308, Process: svchost.exe)
2013/06/02 11:45:55 +0200	VIOLET-VAIO	Violet	IP-BLOCK	82.98.97.206 (Type: outgoing, Port: 49309, Process: svchost.exe)
2013/06/02 11:55:59 +0200	VIOLET-VAIO	Violet	IP-BLOCK	82.98.97.183 (Type: outgoing, Port: 49841, Process: svchost.exe)
2013/06/02 11:55:59 +0200	VIOLET-VAIO	Violet	IP-BLOCK	82.98.97.203 (Type: outgoing, Port: 49842, Process: svchost.exe)
2013/06/02 11:55:59 +0200	VIOLET-VAIO	Violet	IP-BLOCK	82.98.97.185 (Type: outgoing, Port: 49843, Process: svchost.exe)
2013/06/02 11:55:59 +0200	VIOLET-VAIO	Violet	IP-BLOCK	82.98.97.206 (Type: outgoing, Port: 49844, Process: svchost.exe)
2013/06/02 12:05:56 +0200	VIOLET-VAIO	Violet	IP-BLOCK	82.98.97.183 (Type: outgoing, Port: 50514, Process: svchost.exe)
2013/06/02 12:05:56 +0200	VIOLET-VAIO	Violet	IP-BLOCK	82.98.97.203 (Type: outgoing, Port: 50515, Process: svchost.exe)
2013/06/02 12:05:56 +0200	VIOLET-VAIO	Violet	IP-BLOCK	82.98.97.185 (Type: outgoing, Port: 50516, Process: svchost.exe)
2013/06/02 12:05:56 +0200	VIOLET-VAIO	Violet	IP-BLOCK	82.98.97.206 (Type: outgoing, Port: 50517, Process: svchost.exe)
2013/06/02 12:15:54 +0200	VIOLET-VAIO	Violet	IP-BLOCK	82.98.97.183 (Type: outgoing, Port: 50555, Process: svchost.exe)
2013/06/02 12:15:54 +0200	VIOLET-VAIO	Violet	IP-BLOCK	82.98.97.203 (Type: outgoing, Port: 50556, Process: svchost.exe)
2013/06/02 12:15:54 +0200	VIOLET-VAIO	Violet	IP-BLOCK	82.98.97.185 (Type: outgoing, Port: 50557, Process: svchost.exe)
2013/06/02 12:15:54 +0200	VIOLET-VAIO	Violet	IP-BLOCK	82.98.97.206 (Type: outgoing, Port: 50558, Process: svchost.exe)
2013/06/02 12:26:02 +0200	VIOLET-VAIO	Violet	IP-BLOCK	82.98.97.200 (Type: outgoing, Port: 50659, Process: avastsvc.exe)
2013/06/02 12:26:02 +0200	VIOLET-VAIO	Violet	IP-BLOCK	82.98.97.200 (Type: outgoing, Port: 50660, Process: avastsvc.exe)
2013/06/02 12:36:07 +0200	VIOLET-VAIO	Violet	IP-BLOCK	82.98.97.183 (Type: outgoing, Port: 50697, Process: avastsvc.exe)
2013/06/02 12:36:07 +0200	VIOLET-VAIO	Violet	IP-BLOCK	82.98.97.183 (Type: outgoing, Port: 50698, Process: avastsvc.exe)
2013/06/02 12:46:05 +0200	VIOLET-VAIO	Violet	IP-BLOCK	82.98.97.183 (Type: outgoing, Port: 50724, Process: avastsvc.exe)
2013/06/02 12:46:05 +0200	VIOLET-VAIO	Violet	IP-BLOCK	82.98.97.183 (Type: outgoing, Port: 50725, Process: avastsvc.exe)
2013/06/02 12:56:03 +0200	VIOLET-VAIO	Violet	IP-BLOCK	82.98.97.183 (Type: outgoing, Port: 50737, Process: avastsvc.exe)
2013/06/02 12:56:03 +0200	VIOLET-VAIO	Violet	IP-BLOCK	82.98.97.183 (Type: outgoing, Port: 50738, Process: avastsvc.exe)
2013/06/02 13:06:08 +0200	VIOLET-VAIO	Violet	IP-BLOCK	82.98.97.183 (Type: outgoing, Port: 50752, Process: avastsvc.exe)
2013/06/02 13:06:08 +0200	VIOLET-VAIO	Violet	IP-BLOCK	82.98.97.183 (Type: outgoing, Port: 50753, Process: avastsvc.exe)
2013/06/02 13:16:06 +0200	VIOLET-VAIO	Violet	IP-BLOCK	82.98.97.200 (Type: outgoing, Port: 51576, Process: avastsvc.exe)
2013/06/02 13:16:06 +0200	VIOLET-VAIO	Violet	IP-BLOCK	82.98.97.200 (Type: outgoing, Port: 51577, Process: avastsvc.exe)
2013/06/02 13:26:08 +0200	VIOLET-VAIO	Violet	IP-BLOCK	82.98.97.183 (Type: outgoing, Port: 51939, Process: avastsvc.exe)
2013/06/02 13:26:08 +0200	VIOLET-VAIO	Violet	IP-BLOCK	82.98.97.183 (Type: outgoing, Port: 51940, Process: avastsvc.exe)
2013/06/02 13:36:03 +0200	VIOLET-VAIO	Violet	IP-BLOCK	82.98.97.183 (Type: outgoing, Port: 52458, Process: avastsvc.exe)
2013/06/02 13:36:03 +0200	VIOLET-VAIO	Violet	IP-BLOCK	82.98.97.183 (Type: outgoing, Port: 52459, Process: avastsvc.exe)
2013/06/02 13:46:06 +0200	VIOLET-VAIO	Violet	IP-BLOCK	82.98.97.183 (Type: outgoing, Port: 53010, Process: avastsvc.exe)
2013/06/02 13:46:06 +0200	VIOLET-VAIO	Violet	IP-BLOCK	82.98.97.183 (Type: outgoing, Port: 53011, Process: avastsvc.exe)
2013/06/02 13:56:09 +0200	VIOLET-VAIO	Violet	IP-BLOCK	82.98.97.183 (Type: outgoing, Port: 53508, Process: avastsvc.exe)
2013/06/02 13:56:09 +0200	VIOLET-VAIO	Violet	IP-BLOCK	82.98.97.183 (Type: outgoing, Port: 53509, Process: avastsvc.exe)
2013/06/02 14:00:00 +0200	VIOLET-VAIO	Violet	MESSAGE	Starting protection
2013/06/02 14:00:03 +0200	VIOLET-VAIO	Violet	MESSAGE	Protection started successfully
2013/06/02 14:00:03 +0200	VIOLET-VAIO	Violet	MESSAGE	Starting IP protection
2013/06/02 14:00:15 +0200	VIOLET-VAIO	Violet	MESSAGE	IP Protection started successfully
2013/06/02 14:00:59 +0200	VIOLET-VAIO	Violet	IP-BLOCK	82.98.97.185 (Type: outgoing, Port: 49184, Process: avastsvc.exe)
2013/06/02 14:01:15 +0200	VIOLET-VAIO	Violet	IP-BLOCK	82.98.97.185 (Type: outgoing, Port: 49185, Process: avastsvc.exe)
2013/06/02 14:11:03 +0200	VIOLET-VAIO	Violet	IP-BLOCK	82.98.97.185 (Type: outgoing, Port: 49403, Process: avastsvc.exe)
2013/06/02 14:11:03 +0200	VIOLET-VAIO	Violet	IP-BLOCK	82.98.97.185 (Type: outgoing, Port: 49404, Process: avastsvc.exe)
2013/06/02 14:20:59 +0200	VIOLET-VAIO	Violet	IP-BLOCK	82.98.97.185 (Type: outgoing, Port: 49440, Process: avastsvc.exe)
2013/06/02 14:20:59 +0200	VIOLET-VAIO	Violet	IP-BLOCK	82.98.97.185 (Type: outgoing, Port: 49441, Process: avastsvc.exe)
2013/06/02 14:31:03 +0200	VIOLET-VAIO	Violet	IP-BLOCK	82.98.97.185 (Type: outgoing, Port: 49672, Process: avastsvc.exe)
2013/06/02 14:31:03 +0200	VIOLET-VAIO	Violet	IP-BLOCK	82.98.97.185 (Type: outgoing, Port: 49673, Process: avastsvc.exe)
2013/06/02 14:41:04 +0200	VIOLET-VAIO	Violet	IP-BLOCK	82.98.97.185 (Type: outgoing, Port: 49693, Process: avastsvc.exe)
2013/06/02 14:41:04 +0200	VIOLET-VAIO	Violet	IP-BLOCK	82.98.97.185 (Type: outgoing, Port: 49694, Process: avastsvc.exe)
2013/06/02 14:51:07 +0200	VIOLET-VAIO	Violet	IP-BLOCK	82.98.97.200 (Type: outgoing, Port: 49810, Process: avastsvc.exe)
2013/06/02 14:51:07 +0200	VIOLET-VAIO	Violet	IP-BLOCK	82.98.97.200 (Type: outgoing, Port: 49811, Process: avastsvc.exe)
2013/06/02 15:01:02 +0200	VIOLET-VAIO	Violet	IP-BLOCK	82.98.97.185 (Type: outgoing, Port: 49975, Process: avastsvc.exe)
2013/06/02 15:01:02 +0200	VIOLET-VAIO	Violet	IP-BLOCK	82.98.97.185 (Type: outgoing, Port: 49976, Process: avastsvc.exe)
2013/06/02 15:10:58 +0200	VIOLET-VAIO	Violet	MESSAGE	Stopping protection
2013/06/02 15:10:58 +0200	VIOLET-VAIO	Violet	MESSAGE	Protection stopped successfully
2013/06/02 15:11:00 +0200	VIOLET-VAIO	Violet	MESSAGE	Stopping IP protection
2013/06/02 15:11:00 +0200	VIOLET-VAIO	Violet	MESSAGE	IP Protection stopped successfully
2013/06/02 15:37:24 +0200	VIOLET-VAIO	Violet	MESSAGE	Starting protection
2013/06/02 15:37:24 +0200	VIOLET-VAIO	Violet	MESSAGE	Protection started successfully
2013/06/02 15:37:24 +0200	VIOLET-VAIO	Violet	MESSAGE	Starting IP protection
2013/06/02 15:37:28 +0200	VIOLET-VAIO	Violet	MESSAGE	IP Protection started successfully
2013/06/02 15:39:08 +0200	VIOLET-VAIO	Violet	IP-BLOCK	82.98.97.206 (Type: outgoing, Port: 49171, Process: svchost.exe)
2013/06/02 15:39:11 +0200	VIOLET-VAIO	Violet	IP-BLOCK	82.98.97.203 (Type: outgoing, Port: 49172, Process: svchost.exe)
2013/06/02 15:39:11 +0200	VIOLET-VAIO	Violet	IP-BLOCK	82.98.97.185 (Type: outgoing, Port: 49173, Process: svchost.exe)
2013/06/02 15:39:11 +0200	VIOLET-VAIO	Violet	IP-BLOCK	82.98.97.183 (Type: outgoing, Port: 49174, Process: svchost.exe)
2013/06/02 15:49:10 +0200	VIOLET-VAIO	Violet	IP-BLOCK	82.98.97.206 (Type: outgoing, Port: 49430, Process: svchost.exe)
2013/06/02 15:49:10 +0200	VIOLET-VAIO	Violet	IP-BLOCK	82.98.97.203 (Type: outgoing, Port: 49431, Process: svchost.exe)
2013/06/02 15:49:10 +0200	VIOLET-VAIO	Violet	IP-BLOCK	82.98.97.185 (Type: outgoing, Port: 49432, Process: svchost.exe)
2013/06/02 15:49:10 +0200	VIOLET-VAIO	Violet	IP-BLOCK	82.98.97.183 (Type: outgoing, Port: 49433, Process: svchost.exe)
2013/06/02 15:59:14 +0200	VIOLET-VAIO	Violet	IP-BLOCK	82.98.97.206 (Type: outgoing, Port: 49618, Process: svchost.exe)
2013/06/02 15:59:14 +0200	VIOLET-VAIO	Violet	IP-BLOCK	82.98.97.203 (Type: outgoing, Port: 49619, Process: svchost.exe)
2013/06/02 15:59:14 +0200	VIOLET-VAIO	Violet	IP-BLOCK	82.98.97.185 (Type: outgoing, Port: 49620, Process: svchost.exe)
2013/06/02 15:59:14 +0200	VIOLET-VAIO	Violet	IP-BLOCK	82.98.97.183 (Type: outgoing, Port: 49621, Process: svchost.exe)
2013/06/02 16:09:10 +0200	VIOLET-VAIO	Violet	IP-BLOCK	82.98.97.183 (Type: outgoing, Port: 49893, Process: svchost.exe)
2013/06/02 16:09:10 +0200	VIOLET-VAIO	Violet	IP-BLOCK	82.98.97.203 (Type: outgoing, Port: 49894, Process: svchost.exe)
2013/06/02 16:09:10 +0200	VIOLET-VAIO	Violet	IP-BLOCK	82.98.97.185 (Type: outgoing, Port: 49895, Process: svchost.exe)
2013/06/02 16:09:10 +0200	VIOLET-VAIO	Violet	IP-BLOCK	82.98.97.206 (Type: outgoing, Port: 49896, Process: svchost.exe)
2013/06/02 16:19:14 +0200	VIOLET-VAIO	Violet	IP-BLOCK	82.98.97.183 (Type: outgoing, Port: 50118, Process: svchost.exe)
2013/06/02 16:19:14 +0200	VIOLET-VAIO	Violet	IP-BLOCK	82.98.97.203 (Type: outgoing, Port: 50119, Process: svchost.exe)
2013/06/02 16:19:15 +0200	VIOLET-VAIO	Violet	IP-BLOCK	82.98.97.185 (Type: outgoing, Port: 50120, Process: svchost.exe)
2013/06/02 16:19:15 +0200	VIOLET-VAIO	Violet	IP-BLOCK	82.98.97.206 (Type: outgoing, Port: 50121, Process: svchost.exe)
2013/06/02 16:29:16 +0200	VIOLET-VAIO	(null)	IP-BLOCK	82.98.97.200 (Type: outgoing, Port: 50237, Process: svchost.exe)
2013/06/02 16:39:13 +0200	VIOLET-VAIO	(null)	IP-BLOCK	82.98.97.206 (Type: outgoing, Port: 50303, Process: svchost.exe)
2013/06/02 16:39:13 +0200	VIOLET-VAIO	(null)	IP-BLOCK	82.98.97.183 (Type: outgoing, Port: 50304, Process: svchost.exe)
2013/06/02 16:39:13 +0200	VIOLET-VAIO	(null)	IP-BLOCK	82.98.97.203 (Type: outgoing, Port: 50305, Process: svchost.exe)
2013/06/02 16:39:13 +0200	VIOLET-VAIO	(null)	IP-BLOCK	82.98.97.185 (Type: outgoing, Port: 50306, Process: svchost.exe)
2013/06/02 16:49:13 +0200	VIOLET-VAIO	(null)	IP-BLOCK	82.98.97.206 (Type: outgoing, Port: 50384, Process: svchost.exe)
2013/06/02 16:49:13 +0200	VIOLET-VAIO	(null)	IP-BLOCK	82.98.97.183 (Type: outgoing, Port: 50385, Process: svchost.exe)
2013/06/02 16:49:13 +0200	VIOLET-VAIO	(null)	IP-BLOCK	82.98.97.203 (Type: outgoing, Port: 50386, Process: svchost.exe)
2013/06/02 16:49:13 +0200	VIOLET-VAIO	(null)	IP-BLOCK	82.98.97.185 (Type: outgoing, Port: 50387, Process: svchost.exe)
2013/06/02 16:53:33 +0200	VIOLET-VAIO	Violet	MESSAGE	Starting protection
2013/06/02 16:53:33 +0200	VIOLET-VAIO	Violet	MESSAGE	Protection started successfully
2013/06/02 16:53:33 +0200	VIOLET-VAIO	Violet	MESSAGE	Starting IP protection
2013/06/02 16:53:38 +0200	VIOLET-VAIO	Violet	MESSAGE	IP Protection started successfully
2013/06/02 16:59:45 +0200	VIOLET-VAIO	Violet	MESSAGE	Starting protection
2013/06/02 16:59:46 +0200	VIOLET-VAIO	Violet	MESSAGE	Protection started successfully
2013/06/02 16:59:46 +0200	VIOLET-VAIO	Violet	MESSAGE	Starting IP protection
2013/06/02 16:59:50 +0200	VIOLET-VAIO	Violet	MESSAGE	IP Protection started successfully
2013/06/02 17:10:13 +0200	VIOLET-VAIO	Violet	MESSAGE	Starting protection
2013/06/02 17:10:13 +0200	VIOLET-VAIO	Violet	MESSAGE	Protection started successfully
2013/06/02 17:10:13 +0200	VIOLET-VAIO	Violet	MESSAGE	Starting IP protection
2013/06/02 17:10:18 +0200	VIOLET-VAIO	Violet	MESSAGE	IP Protection started successfully
2013/06/02 17:20:49 +0200	VIOLET-VAIO	Violet	IP-BLOCK	82.98.97.206 (Type: outgoing, Port: 49227, Process: svchost.exe)
2013/06/02 17:20:49 +0200	VIOLET-VAIO	Violet	IP-BLOCK	82.98.97.183 (Type: outgoing, Port: 49228, Process: svchost.exe)
2013/06/02 17:20:49 +0200	VIOLET-VAIO	Violet	IP-BLOCK	82.98.97.203 (Type: outgoing, Port: 49229, Process: svchost.exe)
2013/06/02 17:20:49 +0200	VIOLET-VAIO	Violet	IP-BLOCK	82.98.97.185 (Type: outgoing, Port: 49230, Process: svchost.exe)
2013/06/02 17:30:49 +0200	VIOLET-VAIO	Violet	IP-BLOCK	82.98.97.206 (Type: outgoing, Port: 49304, Process: svchost.exe)
2013/06/02 17:30:49 +0200	VIOLET-VAIO	Violet	IP-BLOCK	82.98.97.183 (Type: outgoing, Port: 49305, Process: svchost.exe)
2013/06/02 17:30:49 +0200	VIOLET-VAIO	Violet	IP-BLOCK	82.98.97.203 (Type: outgoing, Port: 49306, Process: svchost.exe)
2013/06/02 17:30:49 +0200	VIOLET-VAIO	Violet	IP-BLOCK	82.98.97.185 (Type: outgoing, Port: 49307, Process: svchost.exe)
2013/06/02 17:40:53 +0200	VIOLET-VAIO	Violet	IP-BLOCK	82.98.97.206 (Type: outgoing, Port: 49451, Process: svchost.exe)
2013/06/02 17:40:53 +0200	VIOLET-VAIO	Violet	IP-BLOCK	82.98.97.183 (Type: outgoing, Port: 49452, Process: svchost.exe)
2013/06/02 17:40:53 +0200	VIOLET-VAIO	Violet	IP-BLOCK	82.98.97.203 (Type: outgoing, Port: 49453, Process: svchost.exe)
2013/06/02 17:40:53 +0200	VIOLET-VAIO	Violet	IP-BLOCK	82.98.97.185 (Type: outgoing, Port: 49454, Process: svchost.exe)
2013/06/02 17:50:48 +0200	VIOLET-VAIO	Violet	IP-BLOCK	82.98.97.203 (Type: outgoing, Port: 49639, Process: svchost.exe)
2013/06/02 17:50:48 +0200	VIOLET-VAIO	Violet	IP-BLOCK	82.98.97.206 (Type: outgoing, Port: 49640, Process: svchost.exe)
2013/06/02 17:50:48 +0200	VIOLET-VAIO	Violet	IP-BLOCK	82.98.97.183 (Type: outgoing, Port: 49641, Process: svchost.exe)
2013/06/02 17:50:48 +0200	VIOLET-VAIO	Violet	IP-BLOCK	82.98.97.185 (Type: outgoing, Port: 49642, Process: svchost.exe)
2013/06/02 20:16:18 +0200	VIOLET-VAIO	Violet	MESSAGE	Starting protection
2013/06/02 20:16:18 +0200	VIOLET-VAIO	Violet	MESSAGE	Protection started successfully
2013/06/02 20:16:18 +0200	VIOLET-VAIO	Violet	MESSAGE	Starting IP protection
2013/06/02 20:16:23 +0200	VIOLET-VAIO	Violet	MESSAGE	IP Protection started successfully
         
03.06.13 - war ich nicht am pc, deshalb wohl auch kein log zu finden

04.06.13:
Code:
ATTFilter
2013/06/04 16:52:57 +0200	VIOLET-VAIO	Violet	MESSAGE	Executing scheduled update:  Daily
2013/06/04 16:53:01 +0200	VIOLET-VAIO	Violet	MESSAGE	Starting protection
2013/06/04 16:53:01 +0200	VIOLET-VAIO	Violet	MESSAGE	Protection started successfully
2013/06/04 16:53:01 +0200	VIOLET-VAIO	Violet	MESSAGE	Starting IP protection
2013/06/04 16:53:05 +0200	VIOLET-VAIO	Violet	MESSAGE	IP Protection started successfully
2013/06/04 16:53:27 +0200	VIOLET-VAIO	Violet	MESSAGE	Starting database refresh
2013/06/04 16:53:27 +0200	VIOLET-VAIO	Violet	MESSAGE	Stopping IP protection
2013/06/04 16:53:27 +0200	VIOLET-VAIO	Violet	MESSAGE	Scheduled update executed successfully:  database updated from version v2013.06.02.01 to version v2013.06.04.05
2013/06/04 16:53:27 +0200	VIOLET-VAIO	Violet	MESSAGE	IP Protection stopped successfully
2013/06/04 16:53:31 +0200	VIOLET-VAIO	Violet	MESSAGE	Database refreshed successfully
2013/06/04 16:53:31 +0200	VIOLET-VAIO	Violet	MESSAGE	Starting IP protection
2013/06/04 16:53:35 +0200	VIOLET-VAIO	Violet	MESSAGE	IP Protection started successfully
2013/06/04 17:03:45 +0200	VIOLET-VAIO	Violet	IP-BLOCK	82.98.97.183 (Type: outgoing, Port: 49630, Process: svchost.exe)
2013/06/04 17:03:46 +0200	VIOLET-VAIO	Violet	IP-BLOCK	82.98.97.203 (Type: outgoing, Port: 49631, Process: svchost.exe)
2013/06/04 17:03:46 +0200	VIOLET-VAIO	Violet	IP-BLOCK	82.98.97.185 (Type: outgoing, Port: 49632, Process: svchost.exe)
2013/06/04 17:03:46 +0200	VIOLET-VAIO	Violet	IP-BLOCK	82.98.97.206 (Type: outgoing, Port: 49633, Process: svchost.exe)
2013/06/04 17:13:43 +0200	VIOLET-VAIO	Violet	IP-BLOCK	82.98.97.183 (Type: outgoing, Port: 49913, Process: svchost.exe)
2013/06/04 17:13:43 +0200	VIOLET-VAIO	Violet	IP-BLOCK	82.98.97.203 (Type: outgoing, Port: 49914, Process: svchost.exe)
2013/06/04 17:13:43 +0200	VIOLET-VAIO	Violet	IP-BLOCK	82.98.97.185 (Type: outgoing, Port: 49915, Process: svchost.exe)
2013/06/04 17:13:43 +0200	VIOLET-VAIO	Violet	IP-BLOCK	82.98.97.206 (Type: outgoing, Port: 49916, Process: svchost.exe)
2013/06/04 17:34:02 +0200	VIOLET-VAIO	Violet	IP-BLOCK	82.98.97.206 (Type: outgoing, Port: 50838, Process: svchost.exe)
2013/06/04 17:34:02 +0200	VIOLET-VAIO	Violet	IP-BLOCK	82.98.97.183 (Type: outgoing, Port: 50839, Process: svchost.exe)
2013/06/04 17:34:02 +0200	VIOLET-VAIO	Violet	IP-BLOCK	82.98.97.203 (Type: outgoing, Port: 50840, Process: svchost.exe)
2013/06/04 17:34:02 +0200	VIOLET-VAIO	Violet	IP-BLOCK	82.98.97.185 (Type: outgoing, Port: 50841, Process: svchost.exe)
2013/06/04 17:43:58 +0200	VIOLET-VAIO	Violet	IP-BLOCK	82.98.97.200 (Type: outgoing, Port: 51203, Process: svchost.exe)
2013/06/04 17:54:03 +0200	VIOLET-VAIO	Violet	IP-BLOCK	82.98.97.206 (Type: outgoing, Port: 51525, Process: svchost.exe)
2013/06/04 17:54:03 +0200	VIOLET-VAIO	Violet	IP-BLOCK	82.98.97.183 (Type: outgoing, Port: 51526, Process: svchost.exe)
2013/06/04 17:54:03 +0200	VIOLET-VAIO	Violet	IP-BLOCK	82.98.97.203 (Type: outgoing, Port: 51527, Process: svchost.exe)
2013/06/04 17:54:03 +0200	VIOLET-VAIO	Violet	IP-BLOCK	82.98.97.185 (Type: outgoing, Port: 51528, Process: svchost.exe)
         
05.06.13:
Code:
ATTFilter
2013/06/05 19:18:34 +0200	VIOLET-VAIO	Violet	MESSAGE	Starting protection
2013/06/05 19:18:34 +0200	VIOLET-VAIO	Violet	MESSAGE	Protection started successfully
2013/06/05 19:18:34 +0200	VIOLET-VAIO	Violet	MESSAGE	Starting IP protection
2013/06/05 19:18:38 +0200	VIOLET-VAIO	Violet	MESSAGE	IP Protection started successfully
2013/06/05 19:19:22 +0200	VIOLET-VAIO	Violet	IP-BLOCK	82.98.97.206 (Type: outgoing, Port: 49161, Process: svchost.exe)
2013/06/05 19:19:33 +0200	VIOLET-VAIO	Violet	IP-BLOCK	82.98.97.183 (Type: outgoing, Port: 49162, Process: svchost.exe)
2013/06/05 19:19:34 +0200	VIOLET-VAIO	Violet	IP-BLOCK	82.98.97.203 (Type: outgoing, Port: 49163, Process: svchost.exe)
2013/06/05 19:19:34 +0200	VIOLET-VAIO	Violet	IP-BLOCK	82.98.97.185 (Type: outgoing, Port: 49164, Process: svchost.exe)
2013/06/05 19:24:33 +0200	VIOLET-VAIO	Violet	MESSAGE	Executing scheduled update:  Daily
2013/06/05 19:24:45 +0200	VIOLET-VAIO	Violet	MESSAGE	Scheduled update executed successfully:  database updated from version v2013.06.04.05 to version v2013.06.05.06
2013/06/05 19:24:45 +0200	VIOLET-VAIO	Violet	MESSAGE	Starting database refresh
2013/06/05 19:24:45 +0200	VIOLET-VAIO	Violet	MESSAGE	Stopping IP protection
2013/06/05 19:24:45 +0200	VIOLET-VAIO	Violet	MESSAGE	IP Protection stopped successfully
2013/06/05 19:24:48 +0200	VIOLET-VAIO	Violet	MESSAGE	Database refreshed successfully
2013/06/05 19:24:48 +0200	VIOLET-VAIO	Violet	MESSAGE	Starting IP protection
2013/06/05 19:24:51 +0200	VIOLET-VAIO	Violet	MESSAGE	IP Protection started successfully
2013/06/05 19:29:22 +0200	VIOLET-VAIO	Violet	IP-BLOCK	82.98.97.183 (Type: outgoing, Port: 49320, Process: svchost.exe)
2013/06/05 19:29:22 +0200	VIOLET-VAIO	Violet	IP-BLOCK	82.98.97.203 (Type: outgoing, Port: 49321, Process: svchost.exe)
2013/06/05 19:29:23 +0200	VIOLET-VAIO	Violet	IP-BLOCK	82.98.97.185 (Type: outgoing, Port: 49322, Process: svchost.exe)
2013/06/05 19:29:23 +0200	VIOLET-VAIO	Violet	IP-BLOCK	82.98.97.206 (Type: outgoing, Port: 49323, Process: svchost.exe)
2013/06/05 19:39:27 +0200	VIOLET-VAIO	Violet	IP-BLOCK	82.98.97.183 (Type: outgoing, Port: 49406, Process: svchost.exe)
2013/06/05 19:39:27 +0200	VIOLET-VAIO	Violet	IP-BLOCK	82.98.97.203 (Type: outgoing, Port: 49407, Process: svchost.exe)
2013/06/05 19:39:27 +0200	VIOLET-VAIO	Violet	IP-BLOCK	82.98.97.185 (Type: outgoing, Port: 49408, Process: svchost.exe)
2013/06/05 19:39:27 +0200	VIOLET-VAIO	Violet	IP-BLOCK	82.98.97.206 (Type: outgoing, Port: 49409, Process: svchost.exe)
2013/06/05 19:49:23 +0200	VIOLET-VAIO	Violet	IP-BLOCK	82.98.97.183 (Type: outgoing, Port: 49596, Process: svchost.exe)
2013/06/05 19:49:23 +0200	VIOLET-VAIO	Violet	IP-BLOCK	82.98.97.203 (Type: outgoing, Port: 49597, Process: svchost.exe)
2013/06/05 19:49:23 +0200	VIOLET-VAIO	Violet	IP-BLOCK	82.98.97.185 (Type: outgoing, Port: 49598, Process: svchost.exe)
2013/06/05 19:49:23 +0200	VIOLET-VAIO	Violet	IP-BLOCK	82.98.97.206 (Type: outgoing, Port: 49599, Process: svchost.exe)
2013/06/05 19:59:27 +0200	VIOLET-VAIO	Violet	IP-BLOCK	82.98.97.183 (Type: outgoing, Port: 50059, Process: svchost.exe)
2013/06/05 19:59:28 +0200	VIOLET-VAIO	Violet	IP-BLOCK	82.98.97.203 (Type: outgoing, Port: 50060, Process: svchost.exe)
2013/06/05 19:59:28 +0200	VIOLET-VAIO	Violet	IP-BLOCK	82.98.97.185 (Type: outgoing, Port: 50061, Process: svchost.exe)
2013/06/05 19:59:28 +0200	VIOLET-VAIO	Violet	IP-BLOCK	82.98.97.206 (Type: outgoing, Port: 50062, Process: svchost.exe)
2013/06/05 20:09:32 +0200	VIOLET-VAIO	Violet	IP-BLOCK	82.98.97.200 (Type: outgoing, Port: 50401, Process: svchost.exe)
         
06.06.13:
Code:
ATTFilter
2013/06/06 15:13:16 +0200	VIOLET-VAIO	Violet	MESSAGE	Starting protection
2013/06/06 15:13:16 +0200	VIOLET-VAIO	Violet	MESSAGE	Protection started successfully
2013/06/06 15:13:16 +0200	VIOLET-VAIO	Violet	MESSAGE	Starting IP protection
2013/06/06 15:13:21 +0200	VIOLET-VAIO	Violet	MESSAGE	IP Protection started successfully
2013/06/06 15:23:28 +0200	VIOLET-VAIO	Violet	MESSAGE	Executing scheduled update:  Daily
2013/06/06 15:23:40 +0200	VIOLET-VAIO	Violet	MESSAGE	Scheduled update executed successfully:  database updated from version v2013.06.05.06 to version v2013.06.06.04
2013/06/06 15:23:40 +0200	VIOLET-VAIO	Violet	MESSAGE	Starting database refresh
2013/06/06 15:23:40 +0200	VIOLET-VAIO	Violet	MESSAGE	Stopping IP protection
2013/06/06 15:23:40 +0200	VIOLET-VAIO	Violet	MESSAGE	IP Protection stopped successfully
2013/06/06 15:23:43 +0200	VIOLET-VAIO	Violet	MESSAGE	Database refreshed successfully
2013/06/06 15:23:43 +0200	VIOLET-VAIO	Violet	MESSAGE	Starting IP protection
2013/06/06 15:23:47 +0200	VIOLET-VAIO	Violet	MESSAGE	IP Protection started successfully
2013/06/06 15:23:51 +0200	VIOLET-VAIO	Violet	IP-BLOCK	82.98.97.203 (Type: outgoing, Port: 49300, Process: svchost.exe)
2013/06/06 15:23:51 +0200	VIOLET-VAIO	Violet	IP-BLOCK	82.98.97.185 (Type: outgoing, Port: 49301, Process: svchost.exe)
2013/06/06 15:23:51 +0200	VIOLET-VAIO	Violet	IP-BLOCK	82.98.97.183 (Type: outgoing, Port: 49302, Process: svchost.exe)
2013/06/06 15:23:51 +0200	VIOLET-VAIO	Violet	IP-BLOCK	82.98.97.206 (Type: outgoing, Port: 49303, Process: svchost.exe)
         
das wär's soweit...

Antwort

Themen zu Tuguu VAF-Player Malware eingefangen, seitdem Warnmeldungen (svchost)
antivir, antivirus, aswrvrt.sys, avira, bho, bonjour, converter, delta chrome toolbar, error, firefox, flash player, home, install.exe, logfile, malware, mp3, plug-in, problem, programm, prozess, realtek, registry, richtlinie, safer networking, scan, security, software, svchost, svchost.exe, symantec, warnmeldungen, windows




Ähnliche Themen: Tuguu VAF-Player Malware eingefangen, seitdem Warnmeldungen (svchost)


  1. Vermeintliche Warnmeldungen von Microsoft
    Überwachung, Datenschutz und Spam - 18.11.2015 (6)
  2. svchost belastet CPU, Malware-Funde was nun?
    Plagegeister aller Art und deren Bekämpfung - 12.09.2015 (25)
  3. Avast erkennt Malware Prozess:prgramme32/svchost.exe
    Plagegeister aller Art und deren Bekämpfung - 16.07.2015 (8)
  4. Bei Installation Adobe Flash Player Virus eingefangen...
    Log-Analyse und Auswertung - 12.04.2015 (34)
  5. Relevant Knowledge eingefangen - vermutlich bei Installation von MKV Player auf CHIP.de
    Plagegeister aller Art und deren Bekämpfung - 21.08.2014 (12)
  6. Wsys Control, Bonanza Deals und qvo6 durch einen Player eingefangen. Browser laufen nicht mehr richtig.
    Log-Analyse und Auswertung - 30.10.2013 (11)
  7. "DomaIQ Tuguu SLU"
    Plagegeister aller Art und deren Bekämpfung - 25.08.2013 (12)
  8. Bundespolizei Virus eingefangen seitdem Pc laut
    Log-Analyse und Auswertung - 13.06.2013 (23)
  9. fxkldqkow.sys im Autostart + svchost.exe und ntdll.dll TROJANER/Rootkit/Malware ?
    Log-Analyse und Auswertung - 29.03.2013 (24)
  10. ZIP-Datei aus Email geöffnet, seitdem spinnt Task-Manager. Trojaner eingefangen?
    Log-Analyse und Auswertung - 27.03.2013 (9)
  11. Adobe Flash Player will immer installiert werden....Virus eingefangen?!
    Log-Analyse und Auswertung - 25.10.2012 (7)
  12. C:\WINDOWS\system32\scvhost\svchost.exe,wuauserv.exe; Win32 Malware
    Plagegeister aller Art und deren Bekämpfung - 19.09.2012 (10)
  13. Avira - aktive Malware - svchost.exe
    Plagegeister aller Art und deren Bekämpfung - 02.08.2012 (3)
  14. svchost.exe......Arbeitsspeicher 50%...mit Malware gecheckt
    Log-Analyse und Auswertung - 03.08.2011 (12)
  15. Malware? SVCHOST startet selbsttätig Seiten im Firefox, OLT Log Auswertung
    Plagegeister aller Art und deren Bekämpfung - 16.09.2010 (24)
  16. ständige malware-meldungen von antivir - svchost.exe -TR/Downloader.Gen, mit logfile
    Log-Analyse und Auswertung - 24.04.2010 (12)
  17. Seltsame Warnmeldungen von KAV...
    Antiviren-, Firewall- und andere Schutzprogramme - 10.11.2007 (10)

Zum Thema Tuguu VAF-Player Malware eingefangen, seitdem Warnmeldungen (svchost) - Hallo Ihr, erstmal: toll, dass es dieses Forum gibt, wohin man sich wenden kann. Danke schonmal im Voraus für eure Zeit... Seit gestern habe ich folgendes Problem: Ich bekam eine - Tuguu VAF-Player Malware eingefangen, seitdem Warnmeldungen (svchost)...
Archiv
Du betrachtest: Tuguu VAF-Player Malware eingefangen, seitdem Warnmeldungen (svchost) auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.