Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: Malewarebytes Antimalware stoppt "svchost.exe" ip :82.98.97.183 bis 82.98.97.205

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.

Antwort
Alt 27.12.2011, 20:29   #1
Sohn_des_Mondes
 
Malewarebytes Antimalware stoppt "svchost.exe" ip :82.98.97.183 bis 82.98.97.205 - Standard

Malewarebytes Antimalware stoppt "svchost.exe" ip :82.98.97.183 bis 82.98.97.205



Hallo, Antimalware stoppt immer den zugriff auf "svchost.exe"
Dieses geschiet ca alle 10 Minuten.

Antivir

Code:
ATTFilter
Avira Free Antivirus
Erstellungsdatum der Reportdatei: Sonntag, 25. Dezember 2011  23:39

Es wird nach 2970283 Virenstämmen gesucht.

Das Programm läuft als uneingeschränkte Vollversion.
Online-Dienste stehen zur Verfügung.

Lizenznehmer   : Avira AntiVir Personal - Free Antivirus
Seriennummer   : 0000149996-ADJIE-0000001
Plattform      : Windows 7 x64
Windowsversion : (plain)  [6.1.7600]
Boot Modus     : Normal gebootet
Benutzername   : Sony User
Computername   : SONYUSER-VAIO

Versionsinformationen:
BUILD.DAT      : 12.0.0.872     41826 Bytes  15.12.2011 16:24:00
AVSCAN.EXE     : 12.1.0.18     490448 Bytes  15.12.2011 13:59:39
AVSCAN.DLL     : 12.1.0.17      65744 Bytes  15.12.2011 13:59:56
LUKE.DLL       : 12.1.0.17      68304 Bytes  15.12.2011 13:59:47
AVSCPLR.DLL    : 12.1.0.21      99536 Bytes  15.12.2011 13:59:39
AVREG.DLL      : 12.1.0.27     227536 Bytes  15.12.2011 13:59:38
VBASE000.VDF   : 7.10.0.0    19875328 Bytes  06.11.2009 18:18:34
VBASE001.VDF   : 7.11.0.0    13342208 Bytes  14.12.2010 23:31:49
VBASE002.VDF   : 7.11.19.170 14374912 Bytes  20.12.2011 21:08:17
VBASE003.VDF   : 7.11.19.171     2048 Bytes  20.12.2011 21:08:17
VBASE004.VDF   : 7.11.19.172     2048 Bytes  20.12.2011 21:08:17
VBASE005.VDF   : 7.11.19.173     2048 Bytes  20.12.2011 21:08:17
VBASE006.VDF   : 7.11.19.174     2048 Bytes  20.12.2011 21:08:17
VBASE007.VDF   : 7.11.19.175     2048 Bytes  20.12.2011 21:08:17
VBASE008.VDF   : 7.11.19.176     2048 Bytes  20.12.2011 21:08:18
VBASE009.VDF   : 7.11.19.177     2048 Bytes  20.12.2011 21:08:18
VBASE010.VDF   : 7.11.19.178     2048 Bytes  20.12.2011 21:08:18
VBASE011.VDF   : 7.11.19.179     2048 Bytes  20.12.2011 21:08:18
VBASE012.VDF   : 7.11.19.180     2048 Bytes  20.12.2011 21:08:18
VBASE013.VDF   : 7.11.19.217   182784 Bytes  22.12.2011 21:08:18
VBASE014.VDF   : 7.11.19.255   148480 Bytes  24.12.2011 21:08:19
VBASE015.VDF   : 7.11.20.0       2048 Bytes  24.12.2011 21:08:19
VBASE016.VDF   : 7.11.20.1       2048 Bytes  24.12.2011 21:08:19
VBASE017.VDF   : 7.11.20.2       2048 Bytes  24.12.2011 21:08:19
VBASE018.VDF   : 7.11.20.3       2048 Bytes  24.12.2011 21:08:19
VBASE019.VDF   : 7.11.20.4       2048 Bytes  24.12.2011 21:08:19
VBASE020.VDF   : 7.11.20.5       2048 Bytes  24.12.2011 21:08:19
VBASE021.VDF   : 7.11.20.6       2048 Bytes  24.12.2011 21:08:19
VBASE022.VDF   : 7.11.20.7       2048 Bytes  24.12.2011 21:08:19
VBASE023.VDF   : 7.11.20.8       2048 Bytes  24.12.2011 21:08:19
VBASE024.VDF   : 7.11.20.9       2048 Bytes  24.12.2011 21:08:19
VBASE025.VDF   : 7.11.20.10      2048 Bytes  24.12.2011 21:08:19
VBASE026.VDF   : 7.11.20.11      2048 Bytes  24.12.2011 21:08:19
VBASE027.VDF   : 7.11.20.12      2048 Bytes  24.12.2011 21:08:19
VBASE028.VDF   : 7.11.20.13      2048 Bytes  24.12.2011 21:08:19
VBASE029.VDF   : 7.11.20.14      2048 Bytes  24.12.2011 21:08:19
VBASE030.VDF   : 7.11.20.15      2048 Bytes  24.12.2011 21:08:19
VBASE031.VDF   : 7.11.20.18     81920 Bytes  25.12.2011 21:08:20
Engineversion  : 8.2.8.8   
AEVDF.DLL      : 8.1.2.2       106868 Bytes  15.12.2011 13:59:36
AESCRIPT.DLL   : 8.1.3.92      495996 Bytes  25.12.2011 21:08:24
AESCN.DLL      : 8.1.7.2       127349 Bytes  14.12.2011 23:31:02
AESBX.DLL      : 8.2.4.5       434549 Bytes  15.12.2011 13:59:35
AERDL.DLL      : 8.1.9.15      639348 Bytes  14.12.2011 23:31:02
AEPACK.DLL     : 8.2.15.1      770423 Bytes  15.12.2011 13:59:35
AEOFFICE.DLL   : 8.1.2.24      201084 Bytes  25.12.2011 21:08:23
AEHEUR.DLL     : 8.1.3.8      4231543 Bytes  25.12.2011 21:08:23
AEHELP.DLL     : 8.1.18.0      254327 Bytes  15.12.2011 13:59:31
AEGEN.DLL      : 8.1.5.17      405877 Bytes  15.12.2011 13:59:31
AEEMU.DLL      : 8.1.3.0       393589 Bytes  14.12.2011 23:30:58
AECORE.DLL     : 8.1.24.2      201080 Bytes  25.12.2011 21:08:20
AEBB.DLL       : 8.1.1.0        53618 Bytes  14.12.2011 23:30:58
AVWINLL.DLL    : 12.1.0.17      27344 Bytes  15.12.2011 13:59:41
AVPREF.DLL     : 12.1.0.17      51920 Bytes  15.12.2011 13:59:38
AVREP.DLL      : 12.1.0.17     179408 Bytes  15.12.2011 13:59:38
AVARKT.DLL     : 12.1.0.19     208848 Bytes  15.12.2011 13:59:36
AVEVTLOG.DLL   : 12.1.0.17     169168 Bytes  15.12.2011 13:59:37
SQLITE3.DLL    : 3.7.0.0       398288 Bytes  15.12.2011 13:59:50
AVSMTP.DLL     : 12.1.0.17      62928 Bytes  15.12.2011 13:59:39
NETNT.DLL      : 12.1.0.17      17104 Bytes  15.12.2011 13:59:47
RCIMAGE.DLL    : 12.1.0.17    4447952 Bytes  15.12.2011 13:59:58
RCTEXT.DLL     : 12.1.0.16      98512 Bytes  15.12.2011 13:59:59

Konfiguration für den aktuellen Suchlauf:
Job Name..............................: Lokale Laufwerke
Konfigurationsdatei...................: C:\Program Files (x86)\Avira\AntiVir Desktop\alldrives.avp
Protokollierung.......................: standard
Primäre Aktion........................: löschen
Sekundäre Aktion......................: löschen
Durchsuche Masterbootsektoren.........: ein
Durchsuche Bootsektoren...............: ein
Bootsektoren..........................: C:, D:, E:, F:, 
Durchsuche aktive Programme...........: ein
Durchsuche Registrierung..............: ein
Suche nach Rootkits...................: ein
Integritätsprüfung von Systemdateien..: ein
Datei Suchmodus.......................: Alle Dateien
Durchsuche Archive....................: ein
Rekursionstiefe einschränken..........: 20
Archiv Smart Extensions...............: ein
Abweichende Archivtypen...............: +BSD Mailbox, +Netscape/Mozilla Mailbox, +Eudora Mailbox, +Squid cache, +Pegasus Mailbox, +MS Outlook Mailbox, +ISO 9660, 
Makrovirenheuristik...................: ein
Dateiheuristik........................: vollständig
Abweichende Gefahrenkategorien........: +APPL,+GAME,+JOKE,+PCK,+PFS,+SPR,

Beginn des Suchlaufs: Sonntag, 25. Dezember 2011  23:39

Der Suchlauf über die Masterbootsektoren wird begonnen:
Masterbootsektor HD0
    [INFO]      Es wurde kein Virus gefunden!
Masterbootsektor HD1
    [INFO]      Es wurde kein Virus gefunden!
Masterbootsektor HD2
    [INFO]      Es wurde kein Virus gefunden!

Der Suchlauf über die Bootsektoren wird begonnen:
Bootsektor 'C:\'
    [INFO]      Es wurde kein Virus gefunden!
Bootsektor 'D:\'
    [INFO]      Im  Laufwerk 'D:\' ist kein Datenträger eingelegt!
Bootsektor 'E:\'
    [INFO]      Im  Laufwerk 'E:\' ist kein Datenträger eingelegt!

Der Suchlauf nach versteckten Objekten wird begonnen.

Der Suchlauf über gestartete Prozesse wird begonnen:
Durchsuche Prozess 'avscan.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'avcenter.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'mbamgui.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'mbamservice.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'avgnt.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'sched.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'avguard.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'AdobeARM.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'VCSW.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'ISBMgr.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'VESMgrSub.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'VMCService.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'DllHost.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'VzCdbSvc.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'VCFw.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'VESMgr.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'uCamMonitor.exe' - '1' Modul(e) wurden durchsucht

Untersuchung der Systemdateien wird begonnen:
Signiert -> 'C:\Windows\system32\svchost.exe'
Signiert -> 'C:\Windows\system32\winlogon.exe'
Signiert -> 'C:\Windows\explorer.exe'
Signiert -> 'C:\Windows\system32\smss.exe'
Signiert -> 'C:\Windows\system32\wininet.DLL'
Signiert -> 'C:\Windows\system32\wsock32.DLL'
Signiert -> 'C:\Windows\system32\ws2_32.DLL'
Signiert -> 'C:\Windows\system32\services.exe'
Signiert -> 'C:\Windows\system32\lsass.exe'
Signiert -> 'C:\Windows\system32\csrss.exe'
Signiert -> 'C:\Windows\system32\drivers\kbdclass.sys'
Signiert -> 'C:\Windows\system32\spoolsv.exe'
Signiert -> 'C:\Windows\system32\alg.exe'
Signiert -> 'C:\Windows\system32\wuauclt.exe'
Signiert -> 'C:\Windows\system32\advapi32.DLL'
Signiert -> 'C:\Windows\system32\user32.DLL'
Signiert -> 'C:\Windows\system32\gdi32.DLL'
Signiert -> 'C:\Windows\system32\kernel32.DLL'
Signiert -> 'C:\Windows\system32\ntdll.DLL'
Signiert -> 'C:\Windows\system32\ntoskrnl.exe'
Signiert -> 'C:\Windows\system32\ctfmon.exe'
Die Systemdateien wurden durchsucht ('21' Dateien)

Der Suchlauf auf Verweise zu ausführbaren Dateien (Registry) wird begonnen:
Die Registry wurde durchsucht ( '2857' Dateien ).


Der Suchlauf über die ausgewählten Dateien wird begonnen:

Beginne mit der Suche in 'C:\'
C:\Users\Sony User\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KTDI2CKT\wlsetup-all.exe
  [0] Archivtyp: Portable Executable Resource
  --> object
      [1] Archivtyp: CAB (Microsoft)
    --> WriterProdLang.7z
        [2] Archivtyp: 7-Zip
      --> WriterProdLang.cab
          [3] Archivtyp: CAB (Microsoft)
        --> writerprodlang.msi
            [WARNUNG]   Die Datei konnte nicht gelesen werden!
  --> object
      [1] Archivtyp: CAB (Microsoft)
    --> LanguageSelector64.7z
        [2] Archivtyp: 7-Zip
      --> LanguageSelector64.cab
          [3] Archivtyp: CAB (Microsoft)
        --> LanguageSelector64.msi
            [WARNUNG]   Die Datei konnte nicht gelesen werden!
C:\Users\Sony User\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\12\1dd6a40c-251ef117
  [0] Archivtyp: ZIP
  --> ________vload.class
      [FUND]      Enthält Erkennungsmuster des Exploits EXP/CVE-2008-5353.KM
  --> vmain.class
      [FUND]      Enthält Erkennungsmuster des Exploits EXP/CVE-2008-5353.ND
  [HINWEIS]   Eine Sicherungskopie wurde unter dem Namen 4944268e.qua erstellt ( QUARANTÄNE )
  [HINWEIS]   Die Datei wurde gelöscht.
C:\Users\Sony User\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\18\105e14d2-140a64fd
  [0] Archivtyp: ZIP
  --> Base64cod.class
      [FUND]      Enthält Erkennungsmuster des Java-Virus JAVA/Dldr.Small.hej
  --> Googles.class
      [FUND]      Enthält Erkennungsmuster des Java-Virus JAVA/Agent.F.18035
  [HINWEIS]   Eine Sicherungskopie wurde unter dem Namen 51a4091d.qua erstellt ( QUARANTÄNE )
  [HINWEIS]   Die Datei wurde gelöscht.
C:\Users\Sony User\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\23\160ba957-7a18bb26
  [0] Archivtyp: ZIP
  --> ________vload.class
      [FUND]      Enthält Erkennungsmuster des Java-Virus JAVA/Agent.AH
  --> vmain.class
      [FUND]      Enthält Erkennungsmuster des Exploits EXP/CVE-2008-5353.PA
  [HINWEIS]   Eine Sicherungskopie wurde unter dem Namen 03f053fc.qua erstellt ( QUARANTÄNE )
  [HINWEIS]   Die Datei wurde gelöscht.
C:\Users\Sony User\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\25\cf0c019-64d6e84d
  [0] Archivtyp: ZIP
  --> sunos/Globales.class
      [FUND]      Enthält Erkennungsmuster des Java-Virus JAVA/SystemSpy.A.1
  --> sunos/Manuals.class
      [FUND]      Enthält Erkennungsmuster des Java-Virus JAVA/ClassLoad.AF
  --> sunos/Support.class
      [FUND]      Enthält Erkennungsmuster des Java-Virus JAVA/ClassLo.AF.1.B
  [HINWEIS]   Eine Sicherungskopie wurde unter dem Namen 65c71c09.qua erstellt ( QUARANTÄNE )
  [HINWEIS]   Die Datei wurde gelöscht.
C:\Users\Sony User\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\28\68a9cc5c-188bb89d
  [0] Archivtyp: ZIP
  --> ________vload.class
      [FUND]      Enthält Erkennungsmuster des Java-Virus JAVA/Agent.AH
  --> vmain.class
      [FUND]      Enthält Erkennungsmuster des Exploits EXP/CVE-2008-5353.PA
  [HINWEIS]   Eine Sicherungskopie wurde unter dem Namen 203c3119.qua erstellt ( QUARANTÄNE )
  [HINWEIS]   Die Datei wurde gelöscht.
C:\Users\Sony User\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\33\30feb821-7be8da52
  [0] Archivtyp: ZIP
  --> ________vload.class
      [FUND]      Enthält Erkennungsmuster des Exploits EXP/CVE-2008-5353.KM
  --> vmain.class
      [FUND]      Enthält Erkennungsmuster des Exploits EXP/CVE-2008-5353.ND
  [HINWEIS]   Eine Sicherungskopie wurde unter dem Namen 5f220364.qua erstellt ( QUARANTÄNE )
  [HINWEIS]   Die Datei wurde gelöscht.
C:\Users\Sony User\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\37\170f8765-23c4db87
  [0] Archivtyp: ZIP
  --> vmain.class
      [FUND]      Enthält Erkennungsmuster des Java-Virus JAVA/Agent.AL.3
  [HINWEIS]   Eine Sicherungskopie wurde unter dem Namen 13e02f37.qua erstellt ( QUARANTÄNE )
  [HINWEIS]   Die Datei wurde gelöscht.
C:\Users\Sony User\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\38\706b3426-4717d0eb
  [0] Archivtyp: ZIP
  --> bpac/a$1.class
      [FUND]      Enthält Erkennungsmuster des Exploits EXP/Java.EG
  --> bpac/a.class
      [FUND]      Enthält Erkennungsmuster des Java-Virus JAVA/OpenConnect.CF
  --> bpac/b.class
      [FUND]      Enthält Erkennungsmuster des Exploits EXP/CVE-2010-0840.L
  --> bpac/KAVS.class
      [FUND]      Enthält Erkennungsmuster des Exploits EXP/CVE-2010-0840.BB
  [HINWEIS]   Eine Sicherungskopie wurde unter dem Namen 6ff26f7e.qua erstellt ( QUARANTÄNE )
  [HINWEIS]   Die Datei wurde gelöscht.
C:\Users\Sony User\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\49\1eff1eb1-611bcd93
  [0] Archivtyp: ZIP
  --> vmain.class
      [FUND]      Enthält Erkennungsmuster des Exploits EXP/CVE-2009-3867.GC
  [HINWEIS]   Eine Sicherungskopie wurde unter dem Namen 42d840fc.qua erstellt ( QUARANTÄNE )
  [HINWEIS]   Die Datei wurde gelöscht.
C:\Users\Sony User\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\52\31bba1f4-4fcf4f20
  [0] Archivtyp: ZIP
  --> vmain.class
      [FUND]      Enthält Erkennungsmuster des Exploits EXP/CVE-2009-3867.GC
  [HINWEIS]   Eine Sicherungskopie wurde unter dem Namen 5bb47baa.qua erstellt ( QUARANTÄNE )
  [HINWEIS]   Die Datei wurde gelöscht.
C:\Users\Sony User\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\53\42441975-3ff5bb5f
  [0] Archivtyp: ZIP
  --> vmain.class
      [FUND]      Enthält Erkennungsmuster des Exploits EXP/CVE-2009-3867.EH
  [HINWEIS]   Eine Sicherungskopie wurde unter dem Namen 379a5784.qua erstellt ( QUARANTÄNE )
  [HINWEIS]   Die Datei wurde gelöscht.
C:\Users\Sony User\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\58\d552d7a-448cf279
  [0] Archivtyp: ZIP
  --> vmain.class
      [FUND]      Enthält Erkennungsmuster des Java-Virus JAVA/Agent.AL.3
  [HINWEIS]   Eine Sicherungskopie wurde unter dem Namen 46246e12.qua erstellt ( QUARANTÄNE )
  [HINWEIS]   Die Datei wurde gelöscht.
C:\Users\Sony User\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\59\4eb49b7b-6939d3d5
  [0] Archivtyp: ZIP
  --> sunny/MyFiles.class
      [FUND]      Enthält Erkennungsmuster des Java-Virus JAVA/Dldr.Age.3159
  [HINWEIS]   Eine Sicherungskopie wurde unter dem Namen 484b5e05.qua erstellt ( QUARANTÄNE )
  [HINWEIS]   Die Datei wurde gelöscht.
Beginne mit der Suche in 'D:\'
Der zu durchsuchende Pfad D:\ konnte nicht geöffnet werden!
Systemfehler [21]: Das Gerät ist nicht bereit.
Beginne mit der Suche in 'E:\'
Der zu durchsuchende Pfad E:\ konnte nicht geöffnet werden!
Systemfehler [21]: Das Gerät ist nicht bereit.
Beginne mit der Suche in 'F:\'
Der zu durchsuchende Pfad F:\ konnte nicht geöffnet werden!
Systemfehler [21]: Das Gerät ist nicht bereit.


Ende des Suchlaufs: Montag, 26. Dezember 2011  00:27
Benötigte Zeit: 48:45 Minute(n)

Der Suchlauf wurde vollständig durchgeführt.

  22731 Verzeichnisse wurden überprüft
 423969 Dateien wurden geprüft
     23 Viren bzw. unerwünschte Programme wurden gefunden
      0 Dateien wurden als verdächtig eingestuft
     13 Dateien wurden gelöscht
      0 Viren bzw. unerwünschte Programme wurden repariert
     13 Dateien wurden in die Quarantäne verschoben
      0 Dateien wurden umbenannt
      0 Dateien konnten nicht durchsucht werden
 423946 Dateien ohne Befall
   2734 Archive wurden durchsucht
      2 Warnungen
     13 Hinweise
  27201 Objekte wurden beim Rootkitscan durchsucht
      0 Versteckte Objekte wurden gefunden
         
nach dem zweiten und dritten mal scannen wurde nichts mehr gefunden.

Maleware
Code:
ATTFilter
09:49:20	Sony User	MESSAGE	Protection started successfully
09:49:25	Sony User	MESSAGE	IP Protection started successfully
09:57:41	Sony User	IP-BLOCK	82.98.97.185 (Type: outgoing, Port: 49288, Process: svchost.exe)
09:57:41	Sony User	IP-BLOCK	82.98.97.203 (Type: outgoing, Port: 49289, Process: svchost.exe)
09:57:41	Sony User	IP-BLOCK	82.98.97.206 (Type: outgoing, Port: 49290, Process: svchost.exe)
09:57:41	Sony User	IP-BLOCK	82.98.97.183 (Type: outgoing, Port: 49291, Process: svchost.exe)
09:57:41	Sony User	IP-BLOCK	82.98.97.185 (Type: outgoing, Port: 49292, Process: svchost.exe)
10:05:55	Sony User	MESSAGE	Protection started successfully
10:05:59	Sony User	MESSAGE	IP Protection started successfully
10:14:17	Sony User	IP-BLOCK	82.98.97.185 (Type: outgoing, Port: 49349, Process: svchost.exe)
10:14:17	Sony User	IP-BLOCK	82.98.97.203 (Type: outgoing, Port: 49350, Process: svchost.exe)
10:14:17	Sony User	IP-BLOCK	82.98.97.206 (Type: outgoing, Port: 49351, Process: svchost.exe)
10:14:17	Sony User	IP-BLOCK	82.98.97.183 (Type: outgoing, Port: 49352, Process: svchost.exe)
10:14:17	Sony User	IP-BLOCK	82.98.97.185 (Type: outgoing, Port: 49353, Process: svchost.exe)
10:24:19	Sony User	IP-BLOCK	82.98.97.203 (Type: outgoing, Port: 49365, Process: svchost.exe)
10:24:19	Sony User	IP-BLOCK	82.98.97.206 (Type: outgoing, Port: 49366, Process: svchost.exe)
10:24:19	Sony User	IP-BLOCK	82.98.97.183 (Type: outgoing, Port: 49367, Process: svchost.exe)
10:24:19	Sony User	IP-BLOCK	82.98.97.185 (Type: outgoing, Port: 49368, Process: svchost.exe)
10:24:19	Sony User	IP-BLOCK	82.98.97.203 (Type: outgoing, Port: 49369, Process: svchost.exe)
10:34:20	Sony User	IP-BLOCK	82.98.97.206 (Type: outgoing, Port: 49474, Process: svchost.exe)
10:34:20	Sony User	IP-BLOCK	82.98.97.183 (Type: outgoing, Port: 49475, Process: svchost.exe)
10:34:20	Sony User	IP-BLOCK	82.98.97.185 (Type: outgoing, Port: 49476, Process: svchost.exe)
10:34:20	Sony User	IP-BLOCK	82.98.97.203 (Type: outgoing, Port: 49477, Process: svchost.exe)
10:34:20	Sony User	IP-BLOCK	82.98.97.206 (Type: outgoing, Port: 49478, Process: svchost.exe)
10:44:20	Sony User	IP-BLOCK	82.98.97.183 (Type: outgoing, Port: 49796, Process: svchost.exe)
10:44:21	Sony User	IP-BLOCK	82.98.97.185 (Type: outgoing, Port: 49797, Process: svchost.exe)
10:44:21	Sony User	IP-BLOCK	82.98.97.203 (Type: outgoing, Port: 49798, Process: svchost.exe)
10:44:21	Sony User	IP-BLOCK	82.98.97.206 (Type: outgoing, Port: 49799, Process: svchost.exe)
10:44:21	Sony User	IP-BLOCK	82.98.97.183 (Type: outgoing, Port: 49800, Process: svchost.exe)
10:53:01	Sony User	MESSAGE	Scheduled update executed successfully
10:54:25	Sony User	MESSAGE	IP Protection stopped
10:54:27	Sony User	MESSAGE	Database updated successfully
10:54:28	Sony User	MESSAGE	IP Protection started successfully
11:04:19	Sony User	IP-BLOCK	82.98.97.185 (Type: outgoing, Port: 49840, Process: svchost.exe)
11:04:19	Sony User	IP-BLOCK	82.98.97.203 (Type: outgoing, Port: 49841, Process: svchost.exe)
11:04:19	Sony User	IP-BLOCK	82.98.97.206 (Type: outgoing, Port: 49842, Process: svchost.exe)
11:04:19	Sony User	IP-BLOCK	82.98.97.183 (Type: outgoing, Port: 49843, Process: svchost.exe)
11:14:20	Sony User	IP-BLOCK	82.98.97.185 (Type: outgoing, Port: 49869, Process: svchost.exe)
11:14:20	Sony User	IP-BLOCK	82.98.97.203 (Type: outgoing, Port: 49870, Process: svchost.exe)
11:14:20	Sony User	IP-BLOCK	82.98.97.206 (Type: outgoing, Port: 49871, Process: svchost.exe)
11:14:20	Sony User	IP-BLOCK	82.98.97.183 (Type: outgoing, Port: 49872, Process: svchost.exe)
11:24:23	Sony User	IP-BLOCK	82.98.97.185 (Type: outgoing, Port: 49880, Process: svchost.exe)
11:24:23	Sony User	IP-BLOCK	82.98.97.203 (Type: outgoing, Port: 49881, Process: svchost.exe)
11:24:23	Sony User	IP-BLOCK	82.98.97.206 (Type: outgoing, Port: 49882, Process: svchost.exe)
11:24:23	Sony User	IP-BLOCK	82.98.97.183 (Type: outgoing, Port: 49883, Process: svchost.exe)
11:34:17	Sony User	IP-BLOCK	82.98.97.185 (Type: outgoing, Port: 49902, Process: svchost.exe)
11:34:17	Sony User	IP-BLOCK	82.98.97.203 (Type: outgoing, Port: 49903, Process: svchost.exe)
11:34:17	Sony User	IP-BLOCK	82.98.97.206 (Type: outgoing, Port: 49904, Process: svchost.exe)
11:34:17	Sony User	IP-BLOCK	82.98.97.183 (Type: outgoing, Port: 49905, Process: svchost.exe)
11:44:17	Sony User	IP-BLOCK	82.98.97.200 (Type: outgoing, Port: 49915, Process: svchost.exe)
11:54:18	Sony User	IP-BLOCK	82.98.97.185 (Type: outgoing, Port: 49943, Process: svchost.exe)
11:54:18	Sony User	IP-BLOCK	82.98.97.203 (Type: outgoing, Port: 49944, Process: svchost.exe)
11:54:18	Sony User	IP-BLOCK	82.98.97.206 (Type: outgoing, Port: 49945, Process: svchost.exe)
11:54:18	Sony User	IP-BLOCK	82.98.97.183 (Type: outgoing, Port: 49946, Process: svchost.exe)
12:04:21	Sony User	IP-BLOCK	82.98.97.185 (Type: outgoing, Port: 49962, Process: svchost.exe)
12:04:21	Sony User	IP-BLOCK	82.98.97.203 (Type: outgoing, Port: 49963, Process: svchost.exe)
12:04:21	Sony User	IP-BLOCK	82.98.97.206 (Type: outgoing, Port: 49964, Process: svchost.exe)
12:04:21	Sony User	IP-BLOCK	82.98.97.183 (Type: outgoing, Port: 49965, Process: svchost.exe)
12:14:21	Sony User	IP-BLOCK	82.98.97.185 (Type: outgoing, Port: 50337, Process: svchost.exe)
12:14:21	Sony User	IP-BLOCK	82.98.97.203 (Type: outgoing, Port: 50338, Process: svchost.exe)
12:14:21	Sony User	IP-BLOCK	82.98.97.206 (Type: outgoing, Port: 50339, Process: svchost.exe)
12:14:21	Sony User	IP-BLOCK	82.98.97.183 (Type: outgoing, Port: 50340, Process: svchost.exe)
12:24:22	Sony User	IP-BLOCK	82.98.97.185 (Type: outgoing, Port: 50683, Process: svchost.exe)
12:24:22	Sony User	IP-BLOCK	82.98.97.203 (Type: outgoing, Port: 50684, Process: svchost.exe)
12:24:22	Sony User	IP-BLOCK	82.98.97.206 (Type: outgoing, Port: 50685, Process: svchost.exe)
12:24:22	Sony User	IP-BLOCK	82.98.97.183 (Type: outgoing, Port: 50686, Process: svchost.exe)
12:34:23	Sony User	IP-BLOCK	82.98.97.200 (Type: outgoing, Port: 51033, Process: svchost.exe)
12:44:23	Sony User	IP-BLOCK	82.98.97.183 (Type: outgoing, Port: 51041, Process: svchost.exe)
12:44:23	Sony User	IP-BLOCK	82.98.97.185 (Type: outgoing, Port: 51042, Process: svchost.exe)
12:44:23	Sony User	IP-BLOCK	82.98.97.203 (Type: outgoing, Port: 51043, Process: svchost.exe)
12:44:23	Sony User	IP-BLOCK	82.98.97.206 (Type: outgoing, Port: 51044, Process: svchost.exe)
12:54:19	Sony User	IP-BLOCK	82.98.97.183 (Type: outgoing, Port: 51045, Process: svchost.exe)
12:54:19	Sony User	IP-BLOCK	82.98.97.185 (Type: outgoing, Port: 51046, Process: svchost.exe)
12:54:19	Sony User	IP-BLOCK	82.98.97.203 (Type: outgoing, Port: 51047, Process: svchost.exe)
12:54:19	Sony User	IP-BLOCK	82.98.97.206 (Type: outgoing, Port: 51048, Process: svchost.exe)
13:04:20	Sony User	IP-BLOCK	82.98.97.183 (Type: outgoing, Port: 51076, Process: svchost.exe)
13:04:20	Sony User	IP-BLOCK	82.98.97.185 (Type: outgoing, Port: 51077, Process: svchost.exe)
13:04:20	Sony User	IP-BLOCK	82.98.97.203 (Type: outgoing, Port: 51078, Process: svchost.exe)
13:04:20	Sony User	IP-BLOCK	82.98.97.206 (Type: outgoing, Port: 51079, Process: svchost.exe)
13:14:22	Sony User	IP-BLOCK	82.98.97.183 (Type: outgoing, Port: 51087, Process: svchost.exe)
13:14:22	Sony User	IP-BLOCK	82.98.97.185 (Type: outgoing, Port: 51088, Process: svchost.exe)
13:14:22	Sony User	IP-BLOCK	82.98.97.203 (Type: outgoing, Port: 51089, Process: svchost.exe)
13:14:22	Sony User	IP-BLOCK	82.98.97.206 (Type: outgoing, Port: 51090, Process: svchost.exe)
13:24:24	Sony User	IP-BLOCK	82.98.97.200 (Type: outgoing, Port: 51168, Process: svchost.exe)
13:34:25	Sony User	IP-BLOCK	82.98.97.183 (Type: outgoing, Port: 51184, Process: svchost.exe)
13:34:25	Sony User	IP-BLOCK	82.98.97.185 (Type: outgoing, Port: 51185, Process: svchost.exe)
13:34:25	Sony User	IP-BLOCK	82.98.97.203 (Type: outgoing, Port: 51186, Process: svchost.exe)
13:34:25	Sony User	IP-BLOCK	82.98.97.206 (Type: outgoing, Port: 51187, Process: svchost.exe)
13:44:25	Sony User	IP-BLOCK	82.98.97.183 (Type: outgoing, Port: 51196, Process: svchost.exe)
13:44:25	Sony User	IP-BLOCK	82.98.97.185 (Type: outgoing, Port: 51197, Process: svchost.exe)
13:44:25	Sony User	IP-BLOCK	82.98.97.203 (Type: outgoing, Port: 51198, Process: svchost.exe)
13:44:25	Sony User	IP-BLOCK	82.98.97.206 (Type: outgoing, Port: 51199, Process: svchost.exe)
13:54:19	Sony User	IP-BLOCK	82.98.97.183 (Type: outgoing, Port: 51200, Process: svchost.exe)
13:54:19	Sony User	IP-BLOCK	82.98.97.185 (Type: outgoing, Port: 51201, Process: svchost.exe)
13:54:19	Sony User	IP-BLOCK	82.98.97.203 (Type: outgoing, Port: 51202, Process: svchost.exe)
13:54:20	Sony User	IP-BLOCK	82.98.97.206 (Type: outgoing, Port: 51203, Process: svchost.exe)
14:11:44	Sony User	IP-BLOCK	82.98.97.206 (Type: outgoing, Port: 51220, Process: svchost.exe)
14:11:44	Sony User	IP-BLOCK	82.98.97.183 (Type: outgoing, Port: 51221, Process: svchost.exe)
14:11:44	Sony User	IP-BLOCK	82.98.97.185 (Type: outgoing, Port: 51222, Process: svchost.exe)
14:11:44	Sony User	IP-BLOCK	82.98.97.203 (Type: outgoing, Port: 51223, Process: svchost.exe)
14:21:53	Sony User	IP-BLOCK	82.98.97.200 (Type: outgoing, Port: 51620, Process: svchost.exe)
14:31:53	Sony User	IP-BLOCK	82.98.97.203 (Type: outgoing, Port: 51628, Process: svchost.exe)
14:31:53	Sony User	IP-BLOCK	82.98.97.206 (Type: outgoing, Port: 51629, Process: svchost.exe)
14:31:53	Sony User	IP-BLOCK	82.98.97.183 (Type: outgoing, Port: 51630, Process: svchost.exe)
14:31:53	Sony User	IP-BLOCK	82.98.97.185 (Type: outgoing, Port: 51631, Process: svchost.exe)
14:41:53	Sony User	IP-BLOCK	82.98.97.203 (Type: outgoing, Port: 51632, Process: svchost.exe)
14:41:53	Sony User	IP-BLOCK	82.98.97.206 (Type: outgoing, Port: 51633, Process: svchost.exe)
14:41:54	Sony User	IP-BLOCK	82.98.97.183 (Type: outgoing, Port: 51634, Process: svchost.exe)
14:41:54	Sony User	IP-BLOCK	82.98.97.185 (Type: outgoing, Port: 51635, Process: svchost.exe)
14:51:54	Sony User	IP-BLOCK	82.98.97.203 (Type: outgoing, Port: 51643, Process: svchost.exe)
14:51:54	Sony User	IP-BLOCK	82.98.97.206 (Type: outgoing, Port: 51644, Process: svchost.exe)
14:51:54	Sony User	IP-BLOCK	82.98.97.183 (Type: outgoing, Port: 51645, Process: svchost.exe)
14:51:54	Sony User	IP-BLOCK	82.98.97.185 (Type: outgoing, Port: 51646, Process: svchost.exe)
15:01:54	Sony User	IP-BLOCK	82.98.97.206 (Type: outgoing, Port: 51661, Process: svchost.exe)
15:01:54	Sony User	IP-BLOCK	82.98.97.183 (Type: outgoing, Port: 51662, Process: svchost.exe)
15:01:55	Sony User	IP-BLOCK	82.98.97.185 (Type: outgoing, Port: 51663, Process: svchost.exe)
15:01:55	Sony User	IP-BLOCK	82.98.97.203 (Type: outgoing, Port: 51664, Process: svchost.exe)
15:11:55	Sony User	IP-BLOCK	82.98.97.200 (Type: outgoing, Port: 51668, Process: svchost.exe)
15:21:50	Sony User	IP-BLOCK	82.98.97.206 (Type: outgoing, Port: 52165, Process: svchost.exe)
15:21:51	Sony User	IP-BLOCK	82.98.97.183 (Type: outgoing, Port: 52166, Process: svchost.exe)
15:21:51	Sony User	IP-BLOCK	82.98.97.185 (Type: outgoing, Port: 52167, Process: svchost.exe)
15:21:51	Sony User	IP-BLOCK	82.98.97.203 (Type: outgoing, Port: 52168, Process: svchost.exe)
15:31:51	Sony User	IP-BLOCK	82.98.97.185 (Type: outgoing, Port: 52176, Process: svchost.exe)
15:31:51	Sony User	IP-BLOCK	82.98.97.203 (Type: outgoing, Port: 52177, Process: svchost.exe)
15:31:51	Sony User	IP-BLOCK	82.98.97.206 (Type: outgoing, Port: 52178, Process: svchost.exe)
15:31:51	Sony User	IP-BLOCK	82.98.97.183 (Type: outgoing, Port: 52179, Process: svchost.exe)
15:41:51	Sony User	IP-BLOCK	82.98.97.185 (Type: outgoing, Port: 52300, Process: svchost.exe)
15:41:51	Sony User	IP-BLOCK	82.98.97.203 (Type: outgoing, Port: 52301, Process: svchost.exe)
15:41:51	Sony User	IP-BLOCK	82.98.97.206 (Type: outgoing, Port: 52302, Process: svchost.exe)
15:41:51	Sony User	IP-BLOCK	82.98.97.183 (Type: outgoing, Port: 52303, Process: svchost.exe)
15:51:52	Sony User	IP-BLOCK	82.98.97.185 (Type: outgoing, Port: 52311, Process: svchost.exe)
15:51:52	Sony User	IP-BLOCK	82.98.97.203 (Type: outgoing, Port: 52312, Process: svchost.exe)
15:51:52	Sony User	IP-BLOCK	82.98.97.206 (Type: outgoing, Port: 52313, Process: svchost.exe)
15:51:52	Sony User	IP-BLOCK	82.98.97.183 (Type: outgoing, Port: 52314, Process: svchost.exe)
16:01:52	Sony User	IP-BLOCK	82.98.97.200 (Type: outgoing, Port: 52324, Process: svchost.exe)
18:35:34	Sony User	IP-BLOCK	82.98.97.185 (Type: outgoing, Port: 52331, Process: svchost.exe)
18:40:30	Sony User	MESSAGE	Protection started successfully
18:40:34	Sony User	MESSAGE	IP Protection started successfully
18:48:51	Sony User	IP-BLOCK	82.98.97.185 (Type: outgoing, Port: 49337, Process: svchost.exe)
18:48:51	Sony User	IP-BLOCK	82.98.97.203 (Type: outgoing, Port: 49338, Process: svchost.exe)
18:48:51	Sony User	IP-BLOCK	82.98.97.206 (Type: outgoing, Port: 49339, Process: svchost.exe)
18:48:51	Sony User	IP-BLOCK	82.98.97.183 (Type: outgoing, Port: 49340, Process: svchost.exe)
18:48:51	Sony User	IP-BLOCK	82.98.97.185 (Type: outgoing, Port: 49341, Process: svchost.exe)
18:58:56	Sony User	IP-BLOCK	82.98.97.203 (Type: outgoing, Port: 49478, Process: svchost.exe)
18:58:56	Sony User	IP-BLOCK	82.98.97.206 (Type: outgoing, Port: 49479, Process: svchost.exe)
18:58:56	Sony User	IP-BLOCK	82.98.97.183 (Type: outgoing, Port: 49480, Process: svchost.exe)
18:58:56	Sony User	IP-BLOCK	82.98.97.185 (Type: outgoing, Port: 49481, Process: svchost.exe)
18:58:56	Sony User	IP-BLOCK	82.98.97.203 (Type: outgoing, Port: 49482, Process: svchost.exe)
19:08:49	Sony User	IP-BLOCK	82.98.97.206 (Type: outgoing, Port: 50112, Process: svchost.exe)
19:08:49	Sony User	IP-BLOCK	82.98.97.183 (Type: outgoing, Port: 50113, Process: svchost.exe)
19:08:49	Sony User	IP-BLOCK	82.98.97.203 (Type: outgoing, Port: 50114, Process: svchost.exe)
19:08:49	Sony User	IP-BLOCK	82.98.97.206 (Type: outgoing, Port: 50115, Process: svchost.exe)
19:08:49	Sony User	IP-BLOCK	82.98.97.183 (Type: outgoing, Port: 50116, Process: svchost.exe)
19:18:50	Sony User	IP-BLOCK	82.98.97.185 (Type: outgoing, Port: 50228, Process: svchost.exe)
19:18:50	Sony User	IP-BLOCK	82.98.97.203 (Type: outgoing, Port: 50229, Process: svchost.exe)
19:18:50	Sony User	IP-BLOCK	82.98.97.206 (Type: outgoing, Port: 50230, Process: svchost.exe)
19:18:50	Sony User	IP-BLOCK	82.98.97.183 (Type: outgoing, Port: 50231, Process: svchost.exe)
19:18:50	Sony User	IP-BLOCK	82.98.97.185 (Type: outgoing, Port: 50232, Process: svchost.exe)
19:28:53	Sony User	IP-BLOCK	82.98.97.200 (Type: outgoing, Port: 50967, Process: svchost.exe)
19:38:52	Sony User	IP-BLOCK	82.98.97.185 (Type: outgoing, Port: 51099, Process: svchost.exe)
19:38:52	Sony User	IP-BLOCK	82.98.97.203 (Type: outgoing, Port: 51100, Process: svchost.exe)
19:38:52	Sony User	IP-BLOCK	82.98.97.206 (Type: outgoing, Port: 51101, Process: svchost.exe)
19:38:52	Sony User	IP-BLOCK	82.98.97.183 (Type: outgoing, Port: 51102, Process: svchost.exe)
19:48:56	Sony User	IP-BLOCK	82.98.97.185 (Type: outgoing, Port: 51110, Process: svchost.exe)
19:48:56	Sony User	IP-BLOCK	82.98.97.203 (Type: outgoing, Port: 51111, Process: svchost.exe)
19:48:56	Sony User	IP-BLOCK	82.98.97.206 (Type: outgoing, Port: 51112, Process: svchost.exe)
19:48:56	Sony User	IP-BLOCK	82.98.97.183 (Type: outgoing, Port: 51113, Process: svchost.exe)
19:58:52	Sony User	IP-BLOCK	82.98.97.185 (Type: outgoing, Port: 51186, Process: svchost.exe)
19:58:52	Sony User	IP-BLOCK	82.98.97.203 (Type: outgoing, Port: 51187, Process: svchost.exe)
19:58:52	Sony User	IP-BLOCK	82.98.97.206 (Type: outgoing, Port: 51188, Process: svchost.exe)
19:58:52	Sony User	IP-BLOCK	82.98.97.183 (Type: outgoing, Port: 51189, Process: svchost.exe)
20:08:52	Sony User	IP-BLOCK	82.98.97.203 (Type: outgoing, Port: 51245, Process: svchost.exe)
20:08:52	Sony User	IP-BLOCK	82.98.97.206 (Type: outgoing, Port: 51246, Process: svchost.exe)
20:08:52	Sony User	IP-BLOCK	82.98.97.183 (Type: outgoing, Port: 51247, Process: svchost.exe)
20:08:52	Sony User	IP-BLOCK	82.98.97.185 (Type: outgoing, Port: 51248, Process: svchost.exe)
20:18:52	Sony User	IP-BLOCK	82.98.97.200 (Type: outgoing, Port: 51438, Process: svchost.exe)
20:28:52	Sony User	IP-BLOCK	82.98.97.203 (Type: outgoing, Port: 51659, Process: svchost.exe)
20:28:52	Sony User	IP-BLOCK	82.98.97.206 (Type: outgoing, Port: 51660, Process: svchost.exe)
20:28:52	Sony User	IP-BLOCK	82.98.97.183 (Type: outgoing, Port: 51661, Process: svchost.exe)
20:28:52	Sony User	IP-BLOCK	82.98.97.185 (Type: outgoing, Port: 51662, Process: svchost.exe)
20:38:55	Sony User	IP-BLOCK	82.98.97.183 (Type: outgoing, Port: 51681, Process: svchost.exe)
20:38:55	Sony User	IP-BLOCK	82.98.97.185 (Type: outgoing, Port: 51682, Process: svchost.exe)
20:38:55	Sony User	IP-BLOCK	82.98.97.203 (Type: outgoing, Port: 51683, Process: svchost.exe)
20:38:55	Sony User	IP-BLOCK	82.98.97.206 (Type: outgoing, Port: 51684, Process: svchost.exe)
20:48:51	Sony User	IP-BLOCK	82.98.97.183 (Type: outgoing, Port: 51693, Process: svchost.exe)
20:48:52	Sony User	IP-BLOCK	82.98.97.185 (Type: outgoing, Port: 51694, Process: svchost.exe)
20:48:52	Sony User	IP-BLOCK	82.98.97.203 (Type: outgoing, Port: 51695, Process: svchost.exe)
20:48:52	Sony User	IP-BLOCK	82.98.97.206 (Type: outgoing, Port: 51696, Process: svchost.exe)
20:58:56	Sony User	IP-BLOCK	82.98.97.183 (Type: outgoing, Port: 51797, Process: svchost.exe)
20:58:56	Sony User	IP-BLOCK	82.98.97.185 (Type: outgoing, Port: 51798, Process: svchost.exe)
20:58:56	Sony User	IP-BLOCK	82.98.97.203 (Type: outgoing, Port: 51799, Process: svchost.exe)
20:58:56	Sony User	IP-BLOCK	82.98.97.206 (Type: outgoing, Port: 51800, Process: svchost.exe)
21:08:53	Sony User	IP-BLOCK	82.98.97.200 (Type: outgoing, Port: 52182, Process: svchost.exe)
21:18:57	Sony User	IP-BLOCK	82.98.97.203 (Type: outgoing, Port: 52499, Process: svchost.exe)
21:18:57	Sony User	IP-BLOCK	82.98.97.206 (Type: outgoing, Port: 52500, Process: svchost.exe)
21:18:57	Sony User	IP-BLOCK	82.98.97.183 (Type: outgoing, Port: 52501, Process: svchost.exe)
21:18:57	Sony User	IP-BLOCK	82.98.97.185 (Type: outgoing, Port: 52502, Process: svchost.exe)
         
OTL

Code:
ATTFilter
OTL logfile created on: 27.12.2011 21:16:46 - Run 3
OTL by OldTimer - Version 3.2.31.0     Folder = C:\Users\Sony User\Desktop
64bit- Home Premium Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,97 Gb Total Physical Memory | 1,82 Gb Available Physical Memory | 45,85% Memory free
7,93 Gb Paging File | 5,52 Gb Available in Paging File | 69,60% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 456,28 Gb Total Space | 328,10 Gb Free Space | 71,91% Space Free | Partition Type: NTFS
 
Computer Name: SONYUSER-VAIO | User Name: Sony User | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Sony User\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
PRC - C:\Users\SONYUS~1\AppData\Local\Temp\mexe.com (MicroWorld Technologies Inc.)
PRC - C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe (Sony Corporation)
PRC - C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe (Sony Corporation)
PRC - C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe (Sony Corporation)
PRC - C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe (Sony Corporation)
PRC - C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe (Sony Corporation)
PRC - C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe (Sony Corporation)
PRC - C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe (ArcSoft, Inc.)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll ()
MOD - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
MOD - C:\Windows\SysWOW64\msjetoledb40.dll ()
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - (VSNService) -- C:\Program Files\Sony\VAIO Smart Network\VSNService.exe (Sony Corporation)
SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV:64bit: - (VAIO Power Management) -- C:\Program Files\Sony\VAIO Power Management\SPMService.exe (Sony Corporation)
SRV:64bit: - (VcmINSMgr) -- C:\Program Files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe (Sony Corporation)
SRV:64bit: - (VcmIAlzMgr) -- C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe (Sony Corporation)
SRV:64bit: - (VcmXmlIfHelper) -- C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe (Sony Corporation)
SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (ServiceLayer) -- C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe (Nokia)
SRV - (ACDaemon) -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.)
SRV - (SOHPlMgr) -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHPlMgr.exe (Sony Corporation)
SRV - (SOHDms) -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe (Sony Corporation)
SRV - (SOHDs) -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe (Sony Corporation)
SRV - (SOHDBSvr) -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDBSvr.exe (Sony Corporation)
SRV - (SOHCImp) -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe (Sony Corporation)
SRV - (RtkAudioService) -- C:\Programme\Realtek\Audio\HDA\RtkAudioService64.exe (Realtek Semiconductor)
SRV - (Vcsw) -- C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe (Sony Corporation)
SRV - (VAIO Entertainment TV Device Arbitration Service) -- C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VzHardwareResourceManager\VzHardwareResourceManager\VzHardwareResourceManager.exe (Sony Corporation)
SRV - (VzCdbSvc) -- C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe (Sony Corporation)
SRV - (VCFw) -- C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe (Sony Corporation)
SRV - (btwdins) -- C:\Programme\WIDCOMM\Bluetooth Software\btwdins.exe (Broadcom Corporation.)
SRV - (VAIO Event Service) -- C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe (Sony Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (uCamMonitor) -- C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe (ArcSoft, Inc.)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (avkmgr) -- C:\Windows\SysNative\drivers\avkmgr.sys (Avira GmbH)
DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira GmbH)
DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira GmbH)
DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation)
DRV:64bit: - (PxHlpa64) -- C:\Windows\SysNative\drivers\PxHlpa64.sys (Sonic Solutions)
DRV:64bit: - (IntcHdmiAddService) Intel(R) -- C:\Windows\SysNative\drivers\IntcHdmi.sys (Intel(R) Corporation)
DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)
DRV:64bit: - (ApfiltrService) -- C:\Windows\SysNative\drivers\Apfiltr.sys (Alps Electric Co., Ltd.)
DRV:64bit: - (athr) -- C:\Windows\SysNative\drivers\athrx.sys (Atheros Communications, Inc.)
DRV:64bit: - (risdptsk) -- C:\Windows\SysNative\drivers\risdsn64.sys (REDC)
DRV:64bit: - (rimsptsk) -- C:\Windows\SysNative\drivers\rimssn64.sys (REDC)
DRV:64bit: - (yukonw7) -- C:\Windows\SysNative\drivers\yk62x64.sys (Marvell)
DRV:64bit: - (btwrchid) -- C:\Windows\SysNative\drivers\btwrchid.sys (Broadcom Corporation.)
DRV:64bit: - (btwavdt) -- C:\Windows\SysNative\drivers\btwavdt.sys (Broadcom Corporation.)
DRV:64bit: - (btwaudio) -- C:\Windows\SysNative\drivers\btwaudio.sys (Broadcom Corporation.)
DRV:64bit: - (btwl2cap) -- C:\Windows\SysNative\drivers\btwl2cap.sys (Broadcom Corporation.)
DRV:64bit: - (atikmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (RTHDMIAzAudService) -- C:\Windows\SysNative\drivers\RtHDMIVX.sys (Realtek Semiconductor Corp.)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (usbser) -- C:\Windows\SysNative\drivers\usbser.sys (Microsoft Corporation)
DRV:64bit: - (sdbus) -- C:\Windows\SysNative\drivers\sdbus.sys (Microsoft Corporation)
DRV:64bit: - (SFEP) -- C:\Windows\SysNative\drivers\SFEP.sys (Sony Corporation)
DRV:64bit: - (SrvHsfV92) -- C:\Windows\SysNative\drivers\VSTDPV6.SYS (Conexant Systems, Inc.)
DRV:64bit: - (SrvHsfWinac) -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS (Conexant Systems, Inc.)
DRV:64bit: - (SrvHsfHDA) -- C:\Windows\SysNative\drivers\VSTAZL6.SYS (Conexant Systems, Inc.)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (netw5v64) Intel(R) -- C:\Windows\SysNative\drivers\NETw5v64.sys (Intel Corporation)
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)
DRV:64bit: - (ArcSoftKsUFilter) -- C:\Windows\SysNative\drivers\ArcSoftKsUFilter.sys (ArcSoft, Inc.)
DRV:64bit: - (pccsmcfd) -- C:\Windows\SysNative\drivers\pccsmcfdx64.sys (Nokia)
DRV:64bit: - (hwdatacard) -- C:\Windows\SysNative\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default Download Directory = C:\Users\Sony User\Desktop
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = E9 42 7F 95 76 C4 CC 01  [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: ""
FF - prefs.js..browser.search.defaultthis.engineName: ""
FF - prefs.js..browser.search.defaulturl: ""
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: ""
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1
FF - prefs.js..extensions.enabledItems: {872b5b88-9db5-4310-bdd0-ac189557e5f5}:3.3.3.2
FF - prefs.js..extensions.enabledItems: {800b5000-a755-47e1-992b-48a1c1357f07}:1.1.9
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.1.94
FF - prefs.js..extensions.enabledItems: {6904342A-8307-11DF-A508-4AE2DFD72085}:2.1.1.94
FF - prefs.js..extensions.enabledItems: 
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\html5video [2011.04.06 10:35:59 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\wpa [2011.04.06 10:35:59 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011.12.25 21:56:49 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011.12.25 22:48:51 | 000,000,000 | ---D | M]
 
[2010.05.03 18:23:16 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Sony User\AppData\Roaming\mozilla\Extensions
[2011.12.27 10:01:51 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Sony User\AppData\Roaming\mozilla\Firefox\Profiles\qzmkl14c.default\extensions
[2011.04.08 05:59:26 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Users\Sony User\AppData\Roaming\mozilla\Firefox\Profiles\qzmkl14c.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2010.08.18 21:28:53 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\Sony User\AppData\Roaming\mozilla\Firefox\Profiles\qzmkl14c.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2010.08.21 20:21:07 | 000,000,873 | ---- | M] () -- C:\Users\Sony User\AppData\Roaming\Mozilla\Firefox\Profiles\qzmkl14c.default\searchplugins\conduit.xml
[2010.12.21 14:59:20 | 000,000,950 | ---- | M] () -- C:\Users\Sony User\AppData\Roaming\Mozilla\Firefox\Profiles\qzmkl14c.default\searchplugins\icqplugin-2.xml
[2011.04.08 06:02:37 | 000,000,950 | ---- | M] () -- C:\Users\Sony User\AppData\Roaming\Mozilla\Firefox\Profiles\qzmkl14c.default\searchplugins\icqplugin-3.xml
[2011.04.08 05:59:26 | 000,000,168 | ---- | M] () -- C:\Users\Sony User\AppData\Roaming\Mozilla\Firefox\Profiles\qzmkl14c.default\searchplugins\icqplugin.gif
[2011.04.08 05:59:26 | 000,000,618 | ---- | M] () -- C:\Users\Sony User\AppData\Roaming\Mozilla\Firefox\Profiles\qzmkl14c.default\searchplugins\icqplugin.src
[2010.05.12 16:40:48 | 000,001,042 | ---- | M] () -- C:\Users\Sony User\AppData\Roaming\Mozilla\Firefox\Profiles\qzmkl14c.default\searchplugins\icqplugin.xml
[2011.12.25 22:12:56 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2010.06.27 03:20:32 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010.08.03 19:42:37 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010.11.07 01:27:09 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011.01.12 23:01:24 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011.02.21 08:10:16 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2011.12.25 22:12:56 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA}
[2011.04.06 10:35:59 | 000,000,000 | ---D | M] (DivX Plus Web Player HTML5 <video>) -- C:\PROGRAM FILES (X86)\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\HTML5VIDEO
[2011.04.06 10:35:59 | 000,000,000 | ---D | M] (DivX HiQ) -- C:\PROGRAM FILES (X86)\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\WPA
File not found (No name found) -- C:\USERS\SONY USER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QZMKL14C.DEFAULT\EXTENSIONS\{872B5B88-9DB5-4310-BDD0-AC189557E5F5}
File not found (No name found) -- C:\USERS\SONY USER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QZMKL14C.DEFAULT\EXTENSIONS\ENGINE@CONDUIT.COM
[2011.11.10 05:54:13 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2011.04.09 11:40:26 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011.04.09 11:40:27 | 000,002,344 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2011.04.09 11:40:27 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2011.04.09 11:40:27 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2011.04.09 11:40:27 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
 
O1 HOSTS File: ([2011.12.26 11:41:02 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O4:64bit: - HKLM..\Run: [Apoint] C:\Programme\Apoint\Apoint.exe (Alps Electric Co., Ltd.)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Programme\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [ISBMgr.exe] C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe (Sony Corporation)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Sony User\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8:64bit: - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html File not found
O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Sony User\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html File not found
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O9:64bit: - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: Senden an Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Senden an &Bluetooth-Gerät... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3DBEED24-4889-479C-82EC-D972CD7A8EFF}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{59F4ACDD-B2C9-4F4E-969D-FD30745D2CD0}: DhcpNameServer = 192.168.0.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O20 - Winlogon\Notify\VESWinlogon: DllName - (VESWinlogon.dll) - C:\Windows\SysWow64\VESWinlogon.dll (Sony Corporation)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011.12.27 19:30:50 | 000,000,000 | ---D | C] -- C:\Windows\VDLL.DLL
[2011.12.27 19:30:50 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\runouce.exe
[2011.12.27 19:30:50 | 000,000,000 | ---D | C] -- C:\Windows\rundll16.exe
[2011.12.27 19:30:50 | 000,000,000 | ---D | C] -- C:\Windows\RUNDL132.EXE
[2011.12.27 19:30:50 | 000,000,000 | ---D | C] -- C:\Windows\logo1_.exe
[2011.12.27 19:30:50 | 000,000,000 | ---D | C] -- C:\Windows\logo_1.exe
[2011.12.27 19:22:32 | 000,632,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msvcr80.dll
[2011.12.27 19:22:31 | 000,554,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msvcp80.dll
[2011.12.27 19:22:30 | 000,034,048 | ---- | C] (MicroWorld Technologies Inc.) -- C:\Windows\SysWow64\eEmpty.exe
[2011.12.27 19:22:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\MicroWorld
[2011.12.27 19:22:22 | 000,000,000 | ---D | C] -- C:\ProgramData\MicroWorld
[2011.12.27 15:15:35 | 000,000,000 | ---D | C] -- C:\Users\Sony User\Desktop\Virus
[2011.12.27 15:10:58 | 000,000,000 | ---D | C] -- C:\Users\Sony User\AppData\Roaming\Roxio Log Files
[2011.12.27 15:08:56 | 000,000,000 | ---D | C] -- C:\Users\Sony User\AppData\Local\SvchostViewer
[2011.12.27 13:21:37 | 000,000,000 | ---D | C] -- C:\ProgramData\SecTaskMan
[2011.12.27 10:06:29 | 001,918,464 | ---- | C] (AVAST Software) -- C:\Users\Sony User\Desktop\aswMBR.exe
[2011.12.27 09:58:06 | 000,000,000 | ---D | C] -- C:\_OTL
[2011.12.27 09:56:29 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Sony User\Desktop\OTL.exe
[2011.12.26 22:41:07 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2011.12.26 11:56:11 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2011.12.26 11:34:31 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011.12.26 03:06:34 | 000,096,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2011.12.26 03:06:33 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2011.12.26 03:06:32 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2011.12.26 03:06:32 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2011.12.26 03:06:31 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2011.12.26 03:06:31 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2011.12.26 03:06:28 | 002,309,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2011.12.26 03:06:28 | 001,493,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2011.12.26 03:06:28 | 001,427,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2011.12.26 03:06:27 | 000,818,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2011.12.26 03:06:27 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2011.12.25 22:20:28 | 000,000,000 | ---D | C] -- C:\Users\Sony User\AppData\Local\{3C11D02F-DA75-4D54-B37B-8BBA3405470A}
[2011.12.25 22:20:16 | 000,000,000 | ---D | C] -- C:\Users\Sony User\AppData\Local\{07CBAF22-9E3F-4F65-8175-5AA39A15B517}
[2011.12.25 22:18:12 | 000,000,000 | ---D | C] -- C:\Windows\PCHEALTH
[2011.12.25 22:17:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
[2011.12.25 22:17:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Silverlight
[2011.12.25 22:13:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2011.12.25 22:12:54 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe
[2011.12.25 22:12:54 | 000,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe
[2011.12.25 22:12:54 | 000,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe
[2011.12.25 22:10:14 | 000,000,000 | ---D | C] -- C:\Users\Sony User\AppData\Roaming\Avira
[2011.12.25 22:07:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
[2011.12.25 22:07:10 | 000,130,760 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avipbb.sys
[2011.12.25 22:07:10 | 000,097,312 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avgntflt.sys
[2011.12.25 22:07:10 | 000,027,760 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avkmgr.sys
[2011.12.25 22:07:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2011.12.25 22:07:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Avira
[2011.12.25 22:04:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DVDVideoSoft
[2011.12.25 21:48:07 | 000,319,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\odbcjt32.dll
[2011.12.25 21:48:07 | 000,212,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\odbctrac.dll
[2011.12.25 21:48:07 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\odbctrac.dll
[2011.12.25 21:48:07 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\odbccp32.dll
[2011.12.25 21:48:07 | 000,122,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\odbccp32.dll
[2011.12.25 21:48:07 | 000,106,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\odbccu32.dll
[2011.12.25 21:48:07 | 000,106,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\odbccr32.dll
[2011.12.25 21:48:07 | 000,086,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\odbccu32.dll
[2011.12.25 21:48:07 | 000,081,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\odbccr32.dll
[2011.12.25 21:47:57 | 000,142,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\poqexec.exe
[2011.12.25 21:47:57 | 000,123,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\poqexec.exe
[2011.12.25 21:47:52 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\csrsrv.dll
[2011.12.25 21:47:23 | 000,613,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\psisdecd.dll
[2011.12.25 21:47:23 | 000,465,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\psisdecd.dll
[2011.12.25 21:47:23 | 000,288,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MSNP.ax
[2011.12.25 21:47:23 | 000,204,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MSNP.ax
[2011.12.25 21:47:23 | 000,108,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\psisrndr.ax
[2011.12.25 21:47:23 | 000,075,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\psisrndr.ax
[2011.12.25 21:47:22 | 000,104,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Mpeg2Data.ax
[2011.12.25 21:47:22 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Mpeg2Data.ax
[2011.12.25 21:47:21 | 000,075,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MSDvbNP.ax
[2011.12.25 21:47:21 | 000,059,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MSDvbNP.ax
[2011.12.25 21:47:19 | 001,162,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kernel32.dll
[2011.12.25 21:47:19 | 000,422,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KernelBase.dll
[2011.12.25 21:47:19 | 000,362,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64win.dll
[2011.12.25 21:47:19 | 000,338,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\conhost.exe
[2011.12.25 21:47:19 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64.dll
[2011.12.25 21:47:19 | 000,214,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll
[2011.12.25 21:47:18 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe
[2011.12.25 21:47:18 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntvdm64.dll
[2011.12.25 21:47:17 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll
[2011.12.25 21:47:17 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64cpu.dll
[2011.12.25 21:47:17 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe
[2011.12.25 21:47:17 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll
[2011.12.25 21:47:17 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll
[2011.12.25 21:47:17 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-libraryloader-l1-1-0.dll
[2011.12.25 21:47:16 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
[2011.12.25 21:47:16 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-security-base-l1-1-0.dll
[2011.12.25 21:47:16 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-file-l1-1-0.dll
[2011.12.25 21:47:16 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-file-l1-1-0.dll
[2011.12.25 21:47:16 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
[2011.12.25 21:47:16 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-threadpool-l1-1-0.dll
[2011.12.25 21:47:16 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll
[2011.12.25 21:47:16 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processthreads-l1-1-0.dll
[2011.12.25 21:47:16 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll
[2011.12.25 21:47:16 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-sysinfo-l1-1-0.dll
[2011.12.25 21:47:16 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll
[2011.12.25 21:47:16 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-synch-l1-1-0.dll
[2011.12.25 21:47:16 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll
[2011.12.25 21:47:16 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll
[2011.12.25 21:47:16 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localregistry-l1-1-0.dll
[2011.12.25 21:47:16 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll
[2011.12.25 21:47:16 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localization-l1-1-0.dll
[2011.12.25 21:47:16 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
[2011.12.25 21:47:16 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-rtlsupport-l1-1-0.dll
[2011.12.25 21:47:16 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll
[2011.12.25 21:47:16 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processenvironment-l1-1-0.dll
[2011.12.25 21:47:16 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll
[2011.12.25 21:47:16 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-namedpipe-l1-1-0.dll
[2011.12.25 21:47:16 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-misc-l1-1-0.dll
[2011.12.25 21:47:16 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll
[2011.12.25 21:47:16 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-memory-l1-1-0.dll
[2011.12.25 21:47:16 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll
[2011.12.25 21:47:16 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll
[2011.12.25 21:47:16 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-heap-l1-1-0.dll
[2011.12.25 21:47:16 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-xstate-l1-1-0.dll
[2011.12.25 21:47:16 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
[2011.12.25 21:47:16 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-util-l1-1-0.dll
[2011.12.25 21:47:16 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-string-l1-1-0.dll
[2011.12.25 21:47:16 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-string-l1-1-0.dll
[2011.12.25 21:47:16 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll
[2011.12.25 21:47:16 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll
[2011.12.25 21:47:16 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-profile-l1-1-0.dll
[2011.12.25 21:47:16 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-io-l1-1-0.dll
[2011.12.25 21:47:16 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-io-l1-1-0.dll
[2011.12.25 21:47:16 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-interlocked-l1-1-0.dll
[2011.12.25 21:47:16 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll
[2011.12.25 21:47:16 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-handle-l1-1-0.dll
[2011.12.25 21:47:16 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll
[2011.12.25 21:47:16 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-fibers-l1-1-0.dll
[2011.12.25 21:47:16 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll
[2011.12.25 21:47:16 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-errorhandling-l1-1-0.dll
[2011.12.25 21:47:16 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll
[2011.12.25 21:47:16 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-delayload-l1-1-0.dll
[2011.12.25 21:47:16 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll
[2011.12.25 21:47:16 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-debug-l1-1-0.dll
[2011.12.25 21:47:16 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll
[2011.12.25 21:47:16 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-datetime-l1-1-0.dll
[2011.12.25 21:47:16 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-console-l1-1-0.dll
[2011.12.25 21:47:16 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-console-l1-1-0.dll
[2011.12.25 21:47:15 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe
[2011.12.25 21:47:13 | 000,252,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\drvinst.exe
[2011.12.25 21:47:13 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\devrtl.dll
[2011.12.25 21:47:10 | 000,861,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\oleaut32.dll
[2011.12.25 21:47:10 | 000,331,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\oleacc.dll
[2011.12.25 21:47:09 | 000,723,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\EncDec.dll
[2011.12.25 21:47:09 | 000,534,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\EncDec.dll
[2011.12.25 21:46:55 | 005,507,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2011.12.25 21:46:55 | 003,957,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2011.12.25 21:46:54 | 003,902,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2011.12.25 21:36:20 | 000,414,368 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
 
========== Files - Modified Within 30 Days ==========
 
[2011.12.27 21:19:38 | 000,041,272 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2011.12.27 19:30:50 | 000,000,054 | ---- | M] () -- C:\Windows\Lic.xxx
[2011.12.27 19:22:31 | 000,632,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msvcr80.dll
[2011.12.27 19:22:30 | 000,554,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msvcp80.dll
[2011.12.27 19:22:29 | 000,034,048 | ---- | M] (MicroWorld Technologies Inc.) -- C:\Windows\SysWow64\eEmpty.exe
[2011.12.27 19:21:44 | 068,866,904 | ---- | M] () -- C:\Users\Sony User\Desktop\mwav.exe
[2011.12.27 18:45:35 | 000,009,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011.12.27 18:45:35 | 000,009,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011.12.27 18:37:32 | 000,065,536 | ---- | M] () -- C:\Windows\SysNative\Ikeext.etl
[2011.12.27 18:37:19 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.12.27 18:37:06 | 3195,293,696 | -HS- | M] () -- C:\hiberfil.sys
[2011.12.27 15:12:03 | 000,000,181 | ---- | M] () -- C:\Windows\WININIT.INI
[2011.12.27 10:06:29 | 001,918,464 | ---- | M] (AVAST Software) -- C:\Users\Sony User\Desktop\aswMBR.exe
[2011.12.27 09:56:29 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Sony User\Desktop\OTL.exe
[2011.12.26 11:41:02 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2011.12.26 09:23:34 | 001,472,002 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011.12.26 09:23:34 | 000,643,866 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2011.12.26 09:23:34 | 000,607,190 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011.12.26 09:23:34 | 000,126,394 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2011.12.26 09:23:34 | 000,103,568 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011.12.26 09:16:06 | 000,446,816 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2011.12.25 21:36:20 | 000,414,368 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2011.12.15 15:00:00 | 000,027,760 | ---- | M] (Avira GmbH) -- C:\Windows\SysNative\drivers\avkmgr.sys
[2011.12.15 14:59:59 | 000,130,760 | ---- | M] (Avira GmbH) -- C:\Windows\SysNative\drivers\avipbb.sys
[2011.12.15 14:59:59 | 000,097,312 | ---- | M] (Avira GmbH) -- C:\Windows\SysNative\drivers\avgntflt.sys
 
========== Files Created - No Company Name ==========
 
[2011.12.27 19:22:47 | 000,000,054 | ---- | C] () -- C:\Windows\Lic.xxx
[2011.12.27 19:20:18 | 068,866,904 | ---- | C] () -- C:\Users\Sony User\Desktop\mwav.exe
[2011.12.27 15:12:03 | 000,000,181 | ---- | C] () -- C:\Windows\WININIT.INI
[2011.12.25 22:19:24 | 000,002,486 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Messenger.lnk
[2010.07.25 08:39:33 | 000,008,192 | ---- | C] () -- C:\Users\Sony User\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.04.05 19:37:57 | 000,008,718 | ---- | C] () -- C:\Users\Sony User\AppData\Roaming\wklnhst.dat
[2009.12.20 18:02:09 | 000,027,639 | ---- | C] () -- C:\Users\Sony User\AppData\Roaming\UserTile.png
[2009.09.06 09:32:41 | 000,000,000 | ---- | C] () -- C:\Windows\VAIOUpdt.INI
[2009.09.06 09:07:13 | 000,002,835 | ---- | C] () -- C:\Windows\SysWow64\McOEMAppRules.dat
[2009.08.17 21:11:49 | 000,982,220 | ---- | C] () -- C:\Windows\SysWow64\igkrng500.bin
[2009.08.17 21:11:46 | 000,134,592 | ---- | C] () -- C:\Windows\SysWow64\igfcg500.bin
[2009.08.17 21:11:46 | 000,092,216 | ---- | C] () -- C:\Windows\SysWow64\igfcg500m.bin
[2009.08.17 21:11:44 | 000,439,300 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng500.bin
[2009.08.17 13:27:21 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2009.07.14 06:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009.07.14 03:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009.07.14 03:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009.07.14 01:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009.07.14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009.07.13 22:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009.06.10 22:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat

< End of report >
         

Alt 28.12.2011, 04:04   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Malewarebytes Antimalware stoppt "svchost.exe" ip :82.98.97.183 bis 82.98.97.205 - Standard

Malewarebytes Antimalware stoppt "svchost.exe" ip :82.98.97.183 bis 82.98.97.205



Bitte nun routinemäßig einen Vollscan mit Malwarebytes machen und Log posten.
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss! Außerdem müssen alle Funde entfernt werden.

Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten!



ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset





Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:
ATTFilter
 hier steht das Log
         
__________________

__________________

Alt 28.12.2011, 12:15   #3
Sohn_des_Mondes
 
Malewarebytes Antimalware stoppt "svchost.exe" ip :82.98.97.183 bis 82.98.97.205 - Standard

Malewarebytes Antimalware stoppt "svchost.exe" ip :82.98.97.183 bis 82.98.97.205



Maleware

Code:
ATTFilter
 Malwarebytes Anti-Malware  (Test) 1.60.0.1800
www.malwarebytes.org

Datenbank Version: v2011.12.28.02

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Sony User :: SONYUSER-VAIO [Administrator]

Schutz: Aktiviert

28.12.2011 10:46:12
mbam-log-2011-12-28 (10-46-12).txt

Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 324846
Laufzeit: 52 Minute(n), 3 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)
         
Eset
Code:
ATTFilter
ESETSmartInstaller@High as CAB hook log:
OnlineScanner64.ocx - registred OK
OnlineScanner.ocx - registred OK
esets_scanner_update returned -1 esets_gle=53251
# version=7
# iexplore.exe=9.00.8112.16421 (WIN7_IE9_RTM.110308-0330)
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=2daebe132a1b754e92169ba32dd6ea20
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2011-12-28 09:32:24
# local_time=2011-12-28 10:32:24 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=512 16777215 100 0 0 0 0 0
# compatibility_mode=1792 16777215 100 0 217348 217348 0 0
# compatibility_mode=5893 16776573 100 94 7865 76690822 0 0
# compatibility_mode=8192 67108863 100 0 5863 5863 0 0
# scanned=158839
# found=0
# cleaned=0
# scan_time=3773
         
antivir
Code:
ATTFilter
Avira Free Antivirus
Erstellungsdatum der Reportdatei: Sonntag, 25. Dezember 2011  23:39

Es wird nach 2970283 Virenstämmen gesucht.

Das Programm läuft als uneingeschränkte Vollversion.
Online-Dienste stehen zur Verfügung.

Lizenznehmer   : Avira AntiVir Personal - Free Antivirus
Seriennummer   : 0000149996-ADJIE-0000001
Plattform      : Windows 7 x64
Windowsversion : (plain)  [6.1.7600]
Boot Modus     : Normal gebootet
Benutzername   : Sony User
Computername   : SONYUSER-VAIO

Versionsinformationen:
BUILD.DAT      : 12.0.0.872     41826 Bytes  15.12.2011 16:24:00
AVSCAN.EXE     : 12.1.0.18     490448 Bytes  15.12.2011 13:59:39
AVSCAN.DLL     : 12.1.0.17      65744 Bytes  15.12.2011 13:59:56
LUKE.DLL       : 12.1.0.17      68304 Bytes  15.12.2011 13:59:47
AVSCPLR.DLL    : 12.1.0.21      99536 Bytes  15.12.2011 13:59:39
AVREG.DLL      : 12.1.0.27     227536 Bytes  15.12.2011 13:59:38
VBASE000.VDF   : 7.10.0.0    19875328 Bytes  06.11.2009 18:18:34
VBASE001.VDF   : 7.11.0.0    13342208 Bytes  14.12.2010 23:31:49
VBASE002.VDF   : 7.11.19.170 14374912 Bytes  20.12.2011 21:08:17
VBASE003.VDF   : 7.11.19.171     2048 Bytes  20.12.2011 21:08:17
VBASE004.VDF   : 7.11.19.172     2048 Bytes  20.12.2011 21:08:17
VBASE005.VDF   : 7.11.19.173     2048 Bytes  20.12.2011 21:08:17
VBASE006.VDF   : 7.11.19.174     2048 Bytes  20.12.2011 21:08:17
VBASE007.VDF   : 7.11.19.175     2048 Bytes  20.12.2011 21:08:17
VBASE008.VDF   : 7.11.19.176     2048 Bytes  20.12.2011 21:08:18
VBASE009.VDF   : 7.11.19.177     2048 Bytes  20.12.2011 21:08:18
VBASE010.VDF   : 7.11.19.178     2048 Bytes  20.12.2011 21:08:18
VBASE011.VDF   : 7.11.19.179     2048 Bytes  20.12.2011 21:08:18
VBASE012.VDF   : 7.11.19.180     2048 Bytes  20.12.2011 21:08:18
VBASE013.VDF   : 7.11.19.217   182784 Bytes  22.12.2011 21:08:18
VBASE014.VDF   : 7.11.19.255   148480 Bytes  24.12.2011 21:08:19
VBASE015.VDF   : 7.11.20.0       2048 Bytes  24.12.2011 21:08:19
VBASE016.VDF   : 7.11.20.1       2048 Bytes  24.12.2011 21:08:19
VBASE017.VDF   : 7.11.20.2       2048 Bytes  24.12.2011 21:08:19
VBASE018.VDF   : 7.11.20.3       2048 Bytes  24.12.2011 21:08:19
VBASE019.VDF   : 7.11.20.4       2048 Bytes  24.12.2011 21:08:19
VBASE020.VDF   : 7.11.20.5       2048 Bytes  24.12.2011 21:08:19
VBASE021.VDF   : 7.11.20.6       2048 Bytes  24.12.2011 21:08:19
VBASE022.VDF   : 7.11.20.7       2048 Bytes  24.12.2011 21:08:19
VBASE023.VDF   : 7.11.20.8       2048 Bytes  24.12.2011 21:08:19
VBASE024.VDF   : 7.11.20.9       2048 Bytes  24.12.2011 21:08:19
VBASE025.VDF   : 7.11.20.10      2048 Bytes  24.12.2011 21:08:19
VBASE026.VDF   : 7.11.20.11      2048 Bytes  24.12.2011 21:08:19
VBASE027.VDF   : 7.11.20.12      2048 Bytes  24.12.2011 21:08:19
VBASE028.VDF   : 7.11.20.13      2048 Bytes  24.12.2011 21:08:19
VBASE029.VDF   : 7.11.20.14      2048 Bytes  24.12.2011 21:08:19
VBASE030.VDF   : 7.11.20.15      2048 Bytes  24.12.2011 21:08:19
VBASE031.VDF   : 7.11.20.18     81920 Bytes  25.12.2011 21:08:20
Engineversion  : 8.2.8.8   
AEVDF.DLL      : 8.1.2.2       106868 Bytes  15.12.2011 13:59:36
AESCRIPT.DLL   : 8.1.3.92      495996 Bytes  25.12.2011 21:08:24
AESCN.DLL      : 8.1.7.2       127349 Bytes  14.12.2011 23:31:02
AESBX.DLL      : 8.2.4.5       434549 Bytes  15.12.2011 13:59:35
AERDL.DLL      : 8.1.9.15      639348 Bytes  14.12.2011 23:31:02
AEPACK.DLL     : 8.2.15.1      770423 Bytes  15.12.2011 13:59:35
AEOFFICE.DLL   : 8.1.2.24      201084 Bytes  25.12.2011 21:08:23
AEHEUR.DLL     : 8.1.3.8      4231543 Bytes  25.12.2011 21:08:23
AEHELP.DLL     : 8.1.18.0      254327 Bytes  15.12.2011 13:59:31
AEGEN.DLL      : 8.1.5.17      405877 Bytes  15.12.2011 13:59:31
AEEMU.DLL      : 8.1.3.0       393589 Bytes  14.12.2011 23:30:58
AECORE.DLL     : 8.1.24.2      201080 Bytes  25.12.2011 21:08:20
AEBB.DLL       : 8.1.1.0        53618 Bytes  14.12.2011 23:30:58
AVWINLL.DLL    : 12.1.0.17      27344 Bytes  15.12.2011 13:59:41
AVPREF.DLL     : 12.1.0.17      51920 Bytes  15.12.2011 13:59:38
AVREP.DLL      : 12.1.0.17     179408 Bytes  15.12.2011 13:59:38
AVARKT.DLL     : 12.1.0.19     208848 Bytes  15.12.2011 13:59:36
AVEVTLOG.DLL   : 12.1.0.17     169168 Bytes  15.12.2011 13:59:37
SQLITE3.DLL    : 3.7.0.0       398288 Bytes  15.12.2011 13:59:50
AVSMTP.DLL     : 12.1.0.17      62928 Bytes  15.12.2011 13:59:39
NETNT.DLL      : 12.1.0.17      17104 Bytes  15.12.2011 13:59:47
RCIMAGE.DLL    : 12.1.0.17    4447952 Bytes  15.12.2011 13:59:58
RCTEXT.DLL     : 12.1.0.16      98512 Bytes  15.12.2011 13:59:59

Konfiguration für den aktuellen Suchlauf:
Job Name..............................: Lokale Laufwerke
Konfigurationsdatei...................: C:\Program Files (x86)\Avira\AntiVir Desktop\alldrives.avp
Protokollierung.......................: standard
Primäre Aktion........................: löschen
Sekundäre Aktion......................: löschen
Durchsuche Masterbootsektoren.........: ein
Durchsuche Bootsektoren...............: ein
Bootsektoren..........................: C:, D:, E:, F:, 
Durchsuche aktive Programme...........: ein
Durchsuche Registrierung..............: ein
Suche nach Rootkits...................: ein
Integritätsprüfung von Systemdateien..: ein
Datei Suchmodus.......................: Alle Dateien
Durchsuche Archive....................: ein
Rekursionstiefe einschränken..........: 20
Archiv Smart Extensions...............: ein
Abweichende Archivtypen...............: +BSD Mailbox, +Netscape/Mozilla Mailbox, +Eudora Mailbox, +Squid cache, +Pegasus Mailbox, +MS Outlook Mailbox, +ISO 9660, 
Makrovirenheuristik...................: ein
Dateiheuristik........................: vollständig
Abweichende Gefahrenkategorien........: +APPL,+GAME,+JOKE,+PCK,+PFS,+SPR,

Beginn des Suchlaufs: Sonntag, 25. Dezember 2011  23:39

Der Suchlauf über die Masterbootsektoren wird begonnen:
Masterbootsektor HD0
    [INFO]      Es wurde kein Virus gefunden!
Masterbootsektor HD1
    [INFO]      Es wurde kein Virus gefunden!
Masterbootsektor HD2
    [INFO]      Es wurde kein Virus gefunden!

Der Suchlauf über die Bootsektoren wird begonnen:
Bootsektor 'C:\'
    [INFO]      Es wurde kein Virus gefunden!
Bootsektor 'D:\'
    [INFO]      Im  Laufwerk 'D:\' ist kein Datenträger eingelegt!
Bootsektor 'E:\'
    [INFO]      Im  Laufwerk 'E:\' ist kein Datenträger eingelegt!

Der Suchlauf nach versteckten Objekten wird begonnen.

Der Suchlauf über gestartete Prozesse wird begonnen:
Durchsuche Prozess 'avscan.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'avcenter.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'mbamgui.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'mbamservice.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'avgnt.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'sched.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'avguard.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'AdobeARM.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'VCSW.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'ISBMgr.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'VESMgrSub.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'VMCService.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'DllHost.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'VzCdbSvc.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'VCFw.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'VESMgr.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'uCamMonitor.exe' - '1' Modul(e) wurden durchsucht

Untersuchung der Systemdateien wird begonnen:
Signiert -> 'C:\Windows\system32\svchost.exe'
Signiert -> 'C:\Windows\system32\winlogon.exe'
Signiert -> 'C:\Windows\explorer.exe'
Signiert -> 'C:\Windows\system32\smss.exe'
Signiert -> 'C:\Windows\system32\wininet.DLL'
Signiert -> 'C:\Windows\system32\wsock32.DLL'
Signiert -> 'C:\Windows\system32\ws2_32.DLL'
Signiert -> 'C:\Windows\system32\services.exe'
Signiert -> 'C:\Windows\system32\lsass.exe'
Signiert -> 'C:\Windows\system32\csrss.exe'
Signiert -> 'C:\Windows\system32\drivers\kbdclass.sys'
Signiert -> 'C:\Windows\system32\spoolsv.exe'
Signiert -> 'C:\Windows\system32\alg.exe'
Signiert -> 'C:\Windows\system32\wuauclt.exe'
Signiert -> 'C:\Windows\system32\advapi32.DLL'
Signiert -> 'C:\Windows\system32\user32.DLL'
Signiert -> 'C:\Windows\system32\gdi32.DLL'
Signiert -> 'C:\Windows\system32\kernel32.DLL'
Signiert -> 'C:\Windows\system32\ntdll.DLL'
Signiert -> 'C:\Windows\system32\ntoskrnl.exe'
Signiert -> 'C:\Windows\system32\ctfmon.exe'
Die Systemdateien wurden durchsucht ('21' Dateien)

Der Suchlauf auf Verweise zu ausführbaren Dateien (Registry) wird begonnen:
Die Registry wurde durchsucht ( '2857' Dateien ).


Der Suchlauf über die ausgewählten Dateien wird begonnen:

Beginne mit der Suche in 'C:\'
C:\Users\Sony User\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KTDI2CKT\wlsetup-all.exe
  [0] Archivtyp: Portable Executable Resource
  --> object
      [1] Archivtyp: CAB (Microsoft)
    --> WriterProdLang.7z
        [2] Archivtyp: 7-Zip
      --> WriterProdLang.cab
          [3] Archivtyp: CAB (Microsoft)
        --> writerprodlang.msi
            [WARNUNG]   Die Datei konnte nicht gelesen werden!
  --> object
      [1] Archivtyp: CAB (Microsoft)
    --> LanguageSelector64.7z
        [2] Archivtyp: 7-Zip
      --> LanguageSelector64.cab
          [3] Archivtyp: CAB (Microsoft)
        --> LanguageSelector64.msi
            [WARNUNG]   Die Datei konnte nicht gelesen werden!
C:\Users\Sony User\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\12\1dd6a40c-251ef117
  [0] Archivtyp: ZIP
  --> ________vload.class
      [FUND]      Enthält Erkennungsmuster des Exploits EXP/CVE-2008-5353.KM
  --> vmain.class
      [FUND]      Enthält Erkennungsmuster des Exploits EXP/CVE-2008-5353.ND
  [HINWEIS]   Eine Sicherungskopie wurde unter dem Namen 4944268e.qua erstellt ( QUARANTÄNE )
  [HINWEIS]   Die Datei wurde gelöscht.
C:\Users\Sony User\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\18\105e14d2-140a64fd
  [0] Archivtyp: ZIP
  --> Base64cod.class
      [FUND]      Enthält Erkennungsmuster des Java-Virus JAVA/Dldr.Small.hej
  --> Googles.class
      [FUND]      Enthält Erkennungsmuster des Java-Virus JAVA/Agent.F.18035
  [HINWEIS]   Eine Sicherungskopie wurde unter dem Namen 51a4091d.qua erstellt ( QUARANTÄNE )
  [HINWEIS]   Die Datei wurde gelöscht.
C:\Users\Sony User\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\23\160ba957-7a18bb26
  [0] Archivtyp: ZIP
  --> ________vload.class
      [FUND]      Enthält Erkennungsmuster des Java-Virus JAVA/Agent.AH
  --> vmain.class
      [FUND]      Enthält Erkennungsmuster des Exploits EXP/CVE-2008-5353.PA
  [HINWEIS]   Eine Sicherungskopie wurde unter dem Namen 03f053fc.qua erstellt ( QUARANTÄNE )
  [HINWEIS]   Die Datei wurde gelöscht.
C:\Users\Sony User\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\25\cf0c019-64d6e84d
  [0] Archivtyp: ZIP
  --> sunos/Globales.class
      [FUND]      Enthält Erkennungsmuster des Java-Virus JAVA/SystemSpy.A.1
  --> sunos/Manuals.class
      [FUND]      Enthält Erkennungsmuster des Java-Virus JAVA/ClassLoad.AF
  --> sunos/Support.class
      [FUND]      Enthält Erkennungsmuster des Java-Virus JAVA/ClassLo.AF.1.B
  [HINWEIS]   Eine Sicherungskopie wurde unter dem Namen 65c71c09.qua erstellt ( QUARANTÄNE )
  [HINWEIS]   Die Datei wurde gelöscht.
C:\Users\Sony User\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\28\68a9cc5c-188bb89d
  [0] Archivtyp: ZIP
  --> ________vload.class
      [FUND]      Enthält Erkennungsmuster des Java-Virus JAVA/Agent.AH
  --> vmain.class
      [FUND]      Enthält Erkennungsmuster des Exploits EXP/CVE-2008-5353.PA
  [HINWEIS]   Eine Sicherungskopie wurde unter dem Namen 203c3119.qua erstellt ( QUARANTÄNE )
  [HINWEIS]   Die Datei wurde gelöscht.
C:\Users\Sony User\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\33\30feb821-7be8da52
  [0] Archivtyp: ZIP
  --> ________vload.class
      [FUND]      Enthält Erkennungsmuster des Exploits EXP/CVE-2008-5353.KM
  --> vmain.class
      [FUND]      Enthält Erkennungsmuster des Exploits EXP/CVE-2008-5353.ND
  [HINWEIS]   Eine Sicherungskopie wurde unter dem Namen 5f220364.qua erstellt ( QUARANTÄNE )
  [HINWEIS]   Die Datei wurde gelöscht.
C:\Users\Sony User\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\37\170f8765-23c4db87
  [0] Archivtyp: ZIP
  --> vmain.class
      [FUND]      Enthält Erkennungsmuster des Java-Virus JAVA/Agent.AL.3
  [HINWEIS]   Eine Sicherungskopie wurde unter dem Namen 13e02f37.qua erstellt ( QUARANTÄNE )
  [HINWEIS]   Die Datei wurde gelöscht.
C:\Users\Sony User\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\38\706b3426-4717d0eb
  [0] Archivtyp: ZIP
  --> bpac/a$1.class
      [FUND]      Enthält Erkennungsmuster des Exploits EXP/Java.EG
  --> bpac/a.class
      [FUND]      Enthält Erkennungsmuster des Java-Virus JAVA/OpenConnect.CF
  --> bpac/b.class
      [FUND]      Enthält Erkennungsmuster des Exploits EXP/CVE-2010-0840.L
  --> bpac/KAVS.class
      [FUND]      Enthält Erkennungsmuster des Exploits EXP/CVE-2010-0840.BB
  [HINWEIS]   Eine Sicherungskopie wurde unter dem Namen 6ff26f7e.qua erstellt ( QUARANTÄNE )
  [HINWEIS]   Die Datei wurde gelöscht.
C:\Users\Sony User\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\49\1eff1eb1-611bcd93
  [0] Archivtyp: ZIP
  --> vmain.class
      [FUND]      Enthält Erkennungsmuster des Exploits EXP/CVE-2009-3867.GC
  [HINWEIS]   Eine Sicherungskopie wurde unter dem Namen 42d840fc.qua erstellt ( QUARANTÄNE )
  [HINWEIS]   Die Datei wurde gelöscht.
C:\Users\Sony User\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\52\31bba1f4-4fcf4f20
  [0] Archivtyp: ZIP
  --> vmain.class
      [FUND]      Enthält Erkennungsmuster des Exploits EXP/CVE-2009-3867.GC
  [HINWEIS]   Eine Sicherungskopie wurde unter dem Namen 5bb47baa.qua erstellt ( QUARANTÄNE )
  [HINWEIS]   Die Datei wurde gelöscht.
C:\Users\Sony User\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\53\42441975-3ff5bb5f
  [0] Archivtyp: ZIP
  --> vmain.class
      [FUND]      Enthält Erkennungsmuster des Exploits EXP/CVE-2009-3867.EH
  [HINWEIS]   Eine Sicherungskopie wurde unter dem Namen 379a5784.qua erstellt ( QUARANTÄNE )
  [HINWEIS]   Die Datei wurde gelöscht.
C:\Users\Sony User\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\58\d552d7a-448cf279
  [0] Archivtyp: ZIP
  --> vmain.class
      [FUND]      Enthält Erkennungsmuster des Java-Virus JAVA/Agent.AL.3
  [HINWEIS]   Eine Sicherungskopie wurde unter dem Namen 46246e12.qua erstellt ( QUARANTÄNE )
  [HINWEIS]   Die Datei wurde gelöscht.
C:\Users\Sony User\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\59\4eb49b7b-6939d3d5
  [0] Archivtyp: ZIP
  --> sunny/MyFiles.class
      [FUND]      Enthält Erkennungsmuster des Java-Virus JAVA/Dldr.Age.3159
  [HINWEIS]   Eine Sicherungskopie wurde unter dem Namen 484b5e05.qua erstellt ( QUARANTÄNE )
  [HINWEIS]   Die Datei wurde gelöscht.
Beginne mit der Suche in 'D:\'
Der zu durchsuchende Pfad D:\ konnte nicht geöffnet werden!
Systemfehler [21]: Das Gerät ist nicht bereit.
Beginne mit der Suche in 'E:\'
Der zu durchsuchende Pfad E:\ konnte nicht geöffnet werden!
Systemfehler [21]: Das Gerät ist nicht bereit.
Beginne mit der Suche in 'F:\'
Der zu durchsuchende Pfad F:\ konnte nicht geöffnet werden!
Systemfehler [21]: Das Gerät ist nicht bereit.


Ende des Suchlaufs: Montag, 26. Dezember 2011  00:27
Benötigte Zeit: 48:45 Minute(n)

Der Suchlauf wurde vollständig durchgeführt.

  22731 Verzeichnisse wurden überprüft
 423969 Dateien wurden geprüft
     23 Viren bzw. unerwünschte Programme wurden gefunden
      0 Dateien wurden als verdächtig eingestuft
     13 Dateien wurden gelöscht
      0 Viren bzw. unerwünschte Programme wurden repariert
     13 Dateien wurden in die Quarantäne verschoben
      0 Dateien wurden umbenannt
      0 Dateien konnten nicht durchsucht werden
 423946 Dateien ohne Befall
   2734 Archive wurden durchsucht
      2 Warnungen
     13 Hinweise
  27201 Objekte wurden beim Rootkitscan durchsucht
      0 Versteckte Objekte wurden gefunden
         

Danach wurden aber keine viren mehr gefunden beim durchlaufen
__________________

Geändert von Sohn_des_Mondes (28.12.2011 um 12:33 Uhr)

Alt 28.12.2011, 16:33   #4
Sohn_des_Mondes
 
Malewarebytes Antimalware stoppt "svchost.exe" ip :82.98.97.183 bis 82.98.97.205 - Standard

Malewarebytes Antimalware stoppt "svchost.exe" ip :82.98.97.183 bis 82.98.97.205



Die Malewarelogs sind alle gleich, soll ich diese trotzdem Posten?
Sind die Logfile unauffällig?

Alt 28.12.2011, 19:48   #5
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Malewarebytes Antimalware stoppt "svchost.exe" ip :82.98.97.183 bis 82.98.97.205 - Standard

Malewarebytes Antimalware stoppt "svchost.exe" ip :82.98.97.183 bis 82.98.97.205



Mach bitte ein neues OTL-Log. Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:
ATTFilter
 hier steht das Log
         
CustomScan mit OTL

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
  • Starte bitte die OTL.exe.
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Kopiere nun den kompletten Inhalt aus der untenstehenden Codebox in die Textbox von OTL - wenn OTL auf deutsch ist wird sie mit beschriftet
Code:
ATTFilter
netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT
         
  • Schliesse bitte nun alle Programme. (Wichtig)
  • Klicke nun bitte auf den Quick Scan Button.
  • Klick auf .
  • Kopiere nun den Inhalt aus OTL.txt hier in Deinen Thread

__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 28.12.2011, 21:53   #6
Sohn_des_Mondes
 
Malewarebytes Antimalware stoppt "svchost.exe" ip :82.98.97.183 bis 82.98.97.205 - Standard

Malewarebytes Antimalware stoppt "svchost.exe" ip :82.98.97.183 bis 82.98.97.205



Ok habe es gemacht, hier die Logfiles

Code:
ATTFilter
OTL logfile created on: 28.12.2011 22:38:22 - Run 1
OTL by OldTimer - Version 3.2.31.0     Folder = C:\Users\Sony User\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,97 Gb Total Physical Memory | 2,55 Gb Available Physical Memory | 64,32% Memory free
7,93 Gb Paging File | 6,21 Gb Available in Paging File | 78,23% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 456,28 Gb Total Space | 333,04 Gb Free Space | 72,99% Space Free | Partition Type: NTFS
 
Computer Name: SONYUSER-VAIO | User Name: Sony User | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2011.12.28 22:37:03 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Sony User\Desktop\OTL.exe
PRC - [2011.12.24 17:50:18 | 000,652,872 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2011.12.24 17:50:18 | 000,460,872 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2011.12.15 14:59:48 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2011.12.15 14:59:38 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2011.12.15 14:59:37 | 000,258,512 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2009.07.23 09:39:38 | 000,313,264 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
PRC - [2009.07.23 09:39:36 | 000,206,336 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
PRC - [2009.07.22 14:03:04 | 000,642,920 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe
PRC - [2009.07.01 10:49:34 | 000,204,648 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe
PRC - [2009.07.01 10:49:34 | 000,112,488 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe
PRC - [2009.05.26 08:23:14 | 000,317,288 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe
PRC - [2008.09.18 09:59:10 | 000,104,960 | ---- | M] (ArcSoft, Inc.) -- C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe
 
 
========== Modules (No Company Name) ==========
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - [2009.08.12 22:11:54 | 000,522,240 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Sony\VAIO Smart Network\VSNService.exe -- (VSNService)
SRV:64bit: - [2009.07.27 21:27:07 | 000,203,264 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2009.07.16 08:36:56 | 000,411,496 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Sony\VAIO Power Management\SPMService.exe -- (VAIO Power Management)
SRV:64bit: - [2009.06.26 13:56:10 | 000,357,672 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe -- (VcmINSMgr)
SRV:64bit: - [2009.06.26 13:35:04 | 000,468,264 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe -- (VcmIAlzMgr)
SRV:64bit: - [2009.06.17 17:50:30 | 000,110,888 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe -- (VcmXmlIfHelper)
SRV - [2011.12.24 17:50:18 | 000,652,872 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011.12.15 14:59:48 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2011.12.15 14:59:38 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2010.03.18 10:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2009.07.27 15:58:40 | 000,091,432 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHPlMgr.exe -- (SOHPlMgr)
SRV - [2009.07.27 15:58:38 | 000,427,304 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe -- (SOHDms)
SRV - [2009.07.27 15:58:38 | 000,075,048 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe -- (SOHDs)
SRV - [2009.07.27 15:58:38 | 000,070,952 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDBSvr.exe -- (SOHDBSvr)
SRV - [2009.07.27 15:58:36 | 000,120,104 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe -- (SOHCImp)
SRV - [2009.07.24 05:34:31 | 000,189,984 | ---- | M] (Realtek Semiconductor) [Auto | Running] -- C:\Programme\Realtek\Audio\HDA\RtkAudioService64.exe -- (RtkAudioService)
SRV - [2009.07.23 09:39:38 | 000,313,264 | ---- | M] (Sony Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe -- (Vcsw)
SRV - [2009.07.23 09:39:38 | 000,069,632 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VzHardwareResourceManager\VzHardwareResourceManager\VzHardwareResourceManager.exe -- (VAIO Entertainment TV Device Arbitration Service)
SRV - [2009.07.23 09:39:36 | 000,206,336 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe -- (VzCdbSvc)
SRV - [2009.07.22 14:03:04 | 000,642,920 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe -- (VCFw)
SRV - [2009.07.01 17:54:02 | 000,864,032 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Programme\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins)
SRV - [2009.07.01 10:49:34 | 000,204,648 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe -- (VAIO Event Service)
SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008.09.18 09:59:10 | 000,104,960 | ---- | M] (ArcSoft, Inc.) [Auto | Running] -- C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe -- (uCamMonitor)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2011.12.15 15:00:00 | 000,027,760 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr)
DRV:64bit: - [2011.12.15 14:59:59 | 000,130,760 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2011.12.15 14:59:59 | 000,097,312 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2011.12.10 15:24:08 | 000,023,152 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2010.11.20 14:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.20 14:32:47 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010.11.20 14:32:46 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2010.11.20 12:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.11.20 10:37:42 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2010.07.12 19:36:10 | 000,055,856 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2009.08.05 02:22:40 | 000,139,264 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\IntcHdmi.sys -- (IntcHdmiAddService) Intel(R)
DRV:64bit: - [2009.08.05 02:20:51 | 007,345,632 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009.08.03 21:06:34 | 000,250,928 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Apfiltr.sys -- (ApfiltrService)
DRV:64bit: - [2009.07.31 21:29:11 | 001,484,800 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2009.07.31 21:14:14 | 000,076,288 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\risdsn64.sys -- (risdptsk)
DRV:64bit: - [2009.07.31 21:13:51 | 000,086,528 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\rimssn64.sys -- (rimsptsk)
DRV:64bit: - [2009.07.31 21:02:03 | 000,393,216 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7)
DRV:64bit: - [2009.07.30 21:41:17 | 000,021,160 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwrchid.sys -- (btwrchid)
DRV:64bit: - [2009.07.30 21:41:16 | 000,132,648 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt)
DRV:64bit: - [2009.07.30 21:41:16 | 000,098,344 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio)
DRV:64bit: - [2009.07.30 21:40:45 | 000,035,104 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwl2cap.sys -- (btwl2cap)
DRV:64bit: - [2009.07.27 21:27:10 | 006,037,504 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2009.07.24 06:24:03 | 000,201,472 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtHDMIVX.sys -- (RTHDMIAzAudService)
DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.07.14 01:06:32 | 000,032,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser.sys -- (usbser)
DRV:64bit: - [2009.06.11 21:19:09 | 000,011,392 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SFEP.sys -- (SFEP)
DRV:64bit: - [2009.06.10 22:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92)
DRV:64bit: - [2009.06.10 22:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac)
DRV:64bit: - [2009.06.10 22:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA)
DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.06.05 21:04:10 | 005,435,904 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETw5v64.sys -- (netw5v64) Intel(R)
DRV:64bit: - [2009.06.04 17:54:36 | 000,408,600 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2009.05.26 13:32:04 | 000,019,968 | ---- | M] (ArcSoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ArcSoftKsUFilter.sys -- (ArcSoftKsUFilter)
DRV:64bit: - [2008.08.28 11:44:42 | 000,025,600 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\pccsmcfdx64.sys -- (pccsmcfd)
DRV:64bit: - [2008.03.17 11:06:14 | 000,115,328 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ewusbmdm.sys -- (hwdatacard)
DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default Download Directory = C:\Users\Sony User\Desktop
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = E9 42 7F 95 76 C4 CC 01  [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: ""
FF - prefs.js..browser.search.defaultthis.engineName: ""
FF - prefs.js..browser.search.defaulturl: ""
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: ""
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1
FF - prefs.js..extensions.enabledItems: {872b5b88-9db5-4310-bdd0-ac189557e5f5}:3.3.3.2
FF - prefs.js..extensions.enabledItems: {800b5000-a755-47e1-992b-48a1c1357f07}:1.1.9
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.1.94
FF - prefs.js..extensions.enabledItems: {6904342A-8307-11DF-A508-4AE2DFD72085}:2.1.1.94
FF - prefs.js..extensions.enabledItems: 
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011.12.25 21:56:49 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011.12.25 22:48:51 | 000,000,000 | ---D | M]
 
[2010.05.03 18:23:16 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Sony User\AppData\Roaming\mozilla\Extensions
[2011.12.27 10:01:51 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Sony User\AppData\Roaming\mozilla\Firefox\Profiles\qzmkl14c.default\extensions
[2011.04.08 05:59:26 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Users\Sony User\AppData\Roaming\mozilla\Firefox\Profiles\qzmkl14c.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2010.08.18 21:28:53 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\Sony User\AppData\Roaming\mozilla\Firefox\Profiles\qzmkl14c.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2010.08.21 20:21:07 | 000,000,873 | ---- | M] () -- C:\Users\Sony User\AppData\Roaming\Mozilla\Firefox\Profiles\qzmkl14c.default\searchplugins\conduit.xml
[2010.12.21 14:59:20 | 000,000,950 | ---- | M] () -- C:\Users\Sony User\AppData\Roaming\Mozilla\Firefox\Profiles\qzmkl14c.default\searchplugins\icqplugin-2.xml
[2011.04.08 06:02:37 | 000,000,950 | ---- | M] () -- C:\Users\Sony User\AppData\Roaming\Mozilla\Firefox\Profiles\qzmkl14c.default\searchplugins\icqplugin-3.xml
[2011.04.08 05:59:26 | 000,000,168 | ---- | M] () -- C:\Users\Sony User\AppData\Roaming\Mozilla\Firefox\Profiles\qzmkl14c.default\searchplugins\icqplugin.gif
[2011.04.08 05:59:26 | 000,000,618 | ---- | M] () -- C:\Users\Sony User\AppData\Roaming\Mozilla\Firefox\Profiles\qzmkl14c.default\searchplugins\icqplugin.src
[2010.05.12 16:40:48 | 000,001,042 | ---- | M] () -- C:\Users\Sony User\AppData\Roaming\Mozilla\Firefox\Profiles\qzmkl14c.default\searchplugins\icqplugin.xml
[2011.12.25 22:12:56 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2010.06.27 03:20:32 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010.08.03 19:42:37 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010.11.07 01:27:09 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011.01.12 23:01:24 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011.02.21 08:10:16 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2011.12.25 22:12:56 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA}
File not found (No name found) -- C:\PROGRAM FILES (X86)\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\HTML5VIDEO
File not found (No name found) -- C:\PROGRAM FILES (X86)\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\WPA
File not found (No name found) -- C:\USERS\SONY USER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QZMKL14C.DEFAULT\EXTENSIONS\{872B5B88-9DB5-4310-BDD0-AC189557E5F5}
File not found (No name found) -- C:\USERS\SONY USER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QZMKL14C.DEFAULT\EXTENSIONS\ENGINE@CONDUIT.COM
[2011.11.10 05:54:13 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2011.04.09 11:40:26 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011.04.09 11:40:27 | 000,002,344 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2011.04.09 11:40:27 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2011.04.09 11:40:27 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2011.04.09 11:40:27 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
 
O1 HOSTS File: ([2011.12.26 11:41:02 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O4:64bit: - HKLM..\Run: [Apoint] C:\Programme\Apoint\Apoint.exe (Alps Electric Co., Ltd.)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Programme\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [ISBMgr.exe] C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe (Sony Corporation)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Sony User\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8:64bit: - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html File not found
O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Sony User\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html File not found
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O9:64bit: - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: Senden an Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Senden an &Bluetooth-Gerät... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000006 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3DBEED24-4889-479C-82EC-D972CD7A8EFF}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{59F4ACDD-B2C9-4F4E-969D-FD30745D2CD0}: DhcpNameServer = 192.168.0.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O20 - Winlogon\Notify\VESWinlogon: DllName - (VESWinlogon.dll) - C:\Windows\SysWow64\VESWinlogon.dll (Sony Corporation)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
 
MsConfig:64bit - StartUpReg: MarketingTools - hkey= - key= - C:\Program Files (x86)\Sony\Marketing Tools\MarketingTools.exe (Sony Corporation)
MsConfig:64bit - StartUpReg: Sidebar - hkey= - key= - C:\Program Files\Windows Sidebar\sidebar.exe (Microsoft Corporation)
MsConfig:64bit - StartUpReg: Skytel - hkey= - key= - C:\Programme\Realtek\Audio\HDA\SkyTel.exe (Realtek Semiconductor Corp.)
 
SafeBootMin:64bit: Base - Driver Group
SafeBootMin:64bit: Boot Bus Extender - Driver Group
SafeBootMin:64bit: Boot file system - Driver Group
SafeBootMin:64bit: File system - Driver Group
SafeBootMin:64bit: Filter - Driver Group
SafeBootMin:64bit: HelpSvc - Service
SafeBootMin:64bit: PCI Configuration - Driver Group
SafeBootMin:64bit: PNP Filter - Driver Group
SafeBootMin:64bit: Primary disk - Driver Group
SafeBootMin:64bit: sacsvr - Service
SafeBootMin:64bit: SCSI Class - Driver Group
SafeBootMin:64bit: System Bus Extender - Driver Group
SafeBootMin:64bit: vmms - Service
SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
SafeBootNet:64bit: Base - Driver Group
SafeBootNet:64bit: Boot Bus Extender - Driver Group
SafeBootNet:64bit: Boot file system - Driver Group
SafeBootNet:64bit: File system - Driver Group
SafeBootNet:64bit: Filter - Driver Group
SafeBootNet:64bit: HelpSvc - Service
SafeBootNet:64bit: Messenger - Service
SafeBootNet:64bit: MpfService - Service
SafeBootNet:64bit: NDIS Wrapper - Driver Group
SafeBootNet:64bit: NetBIOSGroup - Driver Group
SafeBootNet:64bit: NetDDEGroup - Driver Group
SafeBootNet:64bit: Network - Driver Group
SafeBootNet:64bit: NetworkProvider - Driver Group
SafeBootNet:64bit: PCI Configuration - Driver Group
SafeBootNet:64bit: PNP Filter - Driver Group
SafeBootNet:64bit: PNP_TDI - Driver Group
SafeBootNet:64bit: Primary disk - Driver Group
SafeBootNet:64bit: rdsessmgr - Service
SafeBootNet:64bit: sacsvr - Service
SafeBootNet:64bit: SCSI Class - Driver Group
SafeBootNet:64bit: Streams Drivers - Driver Group
SafeBootNet:64bit: System Bus Extender - Driver Group
SafeBootNet:64bit: TDI - Driver Group
SafeBootNet:64bit: vmms - Service
SafeBootNet:64bit: WudfUsbccidDriver - Driver
SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: MpfService - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vmms - Service
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
ActiveX:64bit: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX:64bit: {0B74300D-9D18-4656-9F79-BBF0891365AF} - Bing Bar
ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4CBF8339-9F09-4213-846D-8E1C2B921451} - Desktop Icon
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{40194995-2263-49FA-93D2-0A11E13FA518} - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - 
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011.12.28 22:36:58 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Sony User\Desktop\OTL.exe
[2011.12.28 22:35:01 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2011.12.28 22:07:12 | 000,000,000 | ---D | C] -- C:\Users\Sony User\AppData\Roaming\TuneUp Software
[2011.12.28 22:06:09 | 000,000,000 | ---D | C] -- C:\ProgramData\TuneUp Software
[2011.12.28 22:05:43 | 000,000,000 | -HSD | C] -- C:\ProgramData\{32364CEA-7855-4A3C-B674-53D8E9B97936}
[2011.12.28 17:37:00 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2011.12.28 13:58:10 | 000,000,000 | ---D | C] -- C:\Users\Sony User\AppData\Local\{4501D3E9-5230-4A6C-A97B-6EB170FA2891}
[2011.12.28 13:57:46 | 000,000,000 | ---D | C] -- C:\Users\Sony User\AppData\Local\{2D915766-C378-4435-92F9-E6287D94282D}
[2011.12.28 08:51:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2011.12.27 22:03:28 | 000,000,000 | ---D | C] -- C:\Users\Sony User\AppData\Local\{F5869F0A-FF0B-4049-8FE5-64E49A325E91}
[2011.12.27 22:03:04 | 000,000,000 | ---D | C] -- C:\Users\Sony User\AppData\Local\{D133B1AF-DD03-4C3F-9496-2BA5B29FC512}
[2011.12.27 21:43:17 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\SPReview
[2011.12.27 21:41:56 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\EventProviders
[2011.12.27 20:33:11 | 000,116,224 | ---- | C] (Windows (R) Codename Longhorn DDK provider) -- C:\Windows\SysNative\fms.dll
[2011.12.27 20:32:25 | 000,093,696 | ---- | C] (Windows (R) Codename Longhorn DDK provider) -- C:\Windows\SysWow64\fms.dll
[2011.12.27 19:30:50 | 000,000,000 | ---D | C] -- C:\Windows\VDLL.DLL
[2011.12.27 19:30:50 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\runouce.exe
[2011.12.27 19:30:50 | 000,000,000 | ---D | C] -- C:\Windows\rundll16.exe
[2011.12.27 19:30:50 | 000,000,000 | ---D | C] -- C:\Windows\RUNDL132.EXE
[2011.12.27 19:30:50 | 000,000,000 | ---D | C] -- C:\Windows\logo1_.exe
[2011.12.27 19:30:50 | 000,000,000 | ---D | C] -- C:\Windows\logo_1.exe
[2011.12.27 19:22:30 | 000,034,048 | ---- | C] (MicroWorld Technologies Inc.) -- C:\Windows\SysWow64\eEmpty.exe
[2011.12.27 19:22:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\MicroWorld
[2011.12.27 19:22:22 | 000,000,000 | ---D | C] -- C:\ProgramData\MicroWorld
[2011.12.27 15:15:35 | 000,000,000 | ---D | C] -- C:\Users\Sony User\Desktop\Virus
[2011.12.27 15:10:58 | 000,000,000 | ---D | C] -- C:\Users\Sony User\AppData\Roaming\Roxio Log Files
[2011.12.27 15:08:56 | 000,000,000 | ---D | C] -- C:\Users\Sony User\AppData\Local\SvchostViewer
[2011.12.27 13:21:37 | 000,000,000 | ---D | C] -- C:\ProgramData\SecTaskMan
[2011.12.26 22:41:07 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2011.12.26 11:56:11 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2011.12.26 11:34:31 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011.12.25 22:20:28 | 000,000,000 | ---D | C] -- C:\Users\Sony User\AppData\Local\{3C11D02F-DA75-4D54-B37B-8BBA3405470A}
[2011.12.25 22:20:16 | 000,000,000 | ---D | C] -- C:\Users\Sony User\AppData\Local\{07CBAF22-9E3F-4F65-8175-5AA39A15B517}
[2011.12.25 22:18:12 | 000,000,000 | ---D | C] -- C:\Windows\PCHEALTH
[2011.12.25 22:17:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
[2011.12.25 22:17:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Silverlight
[2011.12.25 22:13:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2011.12.25 22:10:14 | 000,000,000 | ---D | C] -- C:\Users\Sony User\AppData\Roaming\Avira
[2011.12.25 22:07:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
[2011.12.25 22:07:10 | 000,130,760 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avipbb.sys
[2011.12.25 22:07:10 | 000,097,312 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avgntflt.sys
[2011.12.25 22:07:10 | 000,027,760 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avkmgr.sys
[2011.12.25 22:07:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2011.12.25 22:07:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Avira
[2011.12.25 22:04:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DVDVideoSoft
[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2011.12.28 22:40:31 | 000,009,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011.12.28 22:40:31 | 000,009,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011.12.28 22:39:18 | 001,472,002 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011.12.28 22:39:18 | 000,643,866 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2011.12.28 22:39:18 | 000,607,190 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011.12.28 22:39:18 | 000,126,394 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2011.12.28 22:39:18 | 000,103,568 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011.12.28 22:37:03 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Sony User\Desktop\OTL.exe
[2011.12.28 22:31:48 | 000,065,536 | ---- | M] () -- C:\Windows\SysNative\Ikeext.etl
[2011.12.28 22:31:40 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.12.28 22:31:37 | 3195,293,696 | -HS- | M] () -- C:\hiberfil.sys
[2011.12.28 22:31:04 | 000,003,288 | ---- | M] () -- C:\bootsqm.dat
[2011.12.28 20:16:02 | 000,000,240 | ---- | M] () -- C:\Windows\SysWow64\~.inf
[2011.12.28 08:20:54 | 000,446,816 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2011.12.27 22:39:07 | 000,044,578 | ---- | M] () -- C:\Users\Sony User\Documents\pinfect.zip
[2011.12.27 21:52:36 | 000,008,718 | ---- | M] () -- C:\Users\Sony User\AppData\Roaming\wklnhst.dat
[2011.12.27 19:30:50 | 000,000,054 | ---- | M] () -- C:\Windows\Lic.xxx
[2011.12.27 19:22:29 | 000,034,048 | ---- | M] (MicroWorld Technologies Inc.) -- C:\Windows\SysWow64\eEmpty.exe
[2011.12.27 15:12:03 | 000,000,181 | ---- | M] () -- C:\Windows\WININIT.INI
[2011.12.26 11:41:02 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2011.12.15 15:00:00 | 000,027,760 | ---- | M] (Avira GmbH) -- C:\Windows\SysNative\drivers\avkmgr.sys
[2011.12.15 14:59:59 | 000,130,760 | ---- | M] (Avira GmbH) -- C:\Windows\SysNative\drivers\avipbb.sys
[2011.12.15 14:59:59 | 000,097,312 | ---- | M] (Avira GmbH) -- C:\Windows\SysNative\drivers\avgntflt.sys
[2011.12.10 15:24:08 | 000,023,152 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2011.12.28 22:31:04 | 000,003,288 | ---- | C] () -- C:\bootsqm.dat
[2011.12.28 20:14:56 | 000,000,240 | ---- | C] () -- C:\Windows\SysWow64\~.inf
[2011.12.27 22:39:07 | 000,044,578 | ---- | C] () -- C:\Users\Sony User\Documents\pinfect.zip
[2011.12.27 20:34:51 | 000,347,904 | ---- | C] () -- C:\Windows\SysNative\systemsf.ebd
[2011.12.27 20:31:47 | 000,010,429 | ---- | C] () -- C:\Windows\SysNative\ScavengeSpace.xml
[2011.12.27 20:31:23 | 000,105,559 | ---- | C] () -- C:\Windows\SysWow64\RacRules.xml
[2011.12.27 20:31:23 | 000,105,559 | ---- | C] () -- C:\Windows\SysNative\RacRules.xml
[2011.12.27 20:30:31 | 000,001,041 | ---- | C] () -- C:\Windows\SysWow64\tcpbidi.xml
[2011.12.27 19:22:47 | 000,000,054 | ---- | C] () -- C:\Windows\Lic.xxx
[2011.12.27 15:12:03 | 000,000,181 | ---- | C] () -- C:\Windows\WININIT.INI
[2011.12.25 22:19:24 | 000,002,486 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Messenger.lnk
[2010.07.25 08:39:33 | 000,008,192 | ---- | C] () -- C:\Users\Sony User\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.04.05 19:37:57 | 000,008,718 | ---- | C] () -- C:\Users\Sony User\AppData\Roaming\wklnhst.dat
[2009.12.20 18:02:09 | 000,027,639 | ---- | C] () -- C:\Users\Sony User\AppData\Roaming\UserTile.png
[2009.09.06 09:32:41 | 000,000,000 | ---- | C] () -- C:\Windows\VAIOUpdt.INI
[2009.09.06 09:07:13 | 000,002,835 | ---- | C] () -- C:\Windows\SysWow64\McOEMAppRules.dat
[2009.08.17 21:11:49 | 000,982,220 | ---- | C] () -- C:\Windows\SysWow64\igkrng500.bin
[2009.08.17 21:11:46 | 000,134,592 | ---- | C] () -- C:\Windows\SysWow64\igfcg500.bin
[2009.08.17 21:11:46 | 000,092,216 | ---- | C] () -- C:\Windows\SysWow64\igfcg500m.bin
[2009.08.17 21:11:44 | 000,439,300 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng500.bin
[2009.08.17 13:27:21 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2009.07.14 06:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009.07.14 03:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009.07.14 03:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009.07.14 01:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009.07.14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009.07.13 22:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009.06.10 22:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
 
========== LOP Check ==========
 
[2011.12.25 22:04:18 | 000,000,000 | ---D | M] -- C:\Users\Sony User\AppData\Roaming\DVDVideoSoftIEHelpers
[2011.04.11 10:31:47 | 000,000,000 | ---D | M] -- C:\Users\Sony User\AppData\Roaming\ICQ
[2011.01.10 18:52:54 | 000,000,000 | ---D | M] -- C:\Users\Sony User\AppData\Roaming\PC Suite
[2010.04.05 19:39:02 | 000,000,000 | ---D | M] -- C:\Users\Sony User\AppData\Roaming\Template
[2011.12.28 22:07:12 | 000,000,000 | ---D | M] -- C:\Users\Sony User\AppData\Roaming\TuneUp Software
[2009.11.24 15:01:22 | 000,000,000 | ---D | M] -- C:\Users\Sony User\AppData\Roaming\Vodafone
[2011.04.13 08:21:19 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2009.12.08 04:31:56 | 000,000,000 | ---D | M] -- C:\Users\Sony User\AppData\Roaming\Adobe
[2011.04.17 22:38:27 | 000,000,000 | ---D | M] -- C:\Users\Sony User\AppData\Roaming\Apple Computer
[2009.12.27 19:26:40 | 000,000,000 | ---D | M] -- C:\Users\Sony User\AppData\Roaming\ArcSoft
[2009.10.22 09:12:26 | 000,000,000 | ---D | M] -- C:\Users\Sony User\AppData\Roaming\ATI
[2011.12.25 22:10:14 | 000,000,000 | ---D | M] -- C:\Users\Sony User\AppData\Roaming\Avira
[2011.04.17 14:44:04 | 000,000,000 | ---D | M] -- C:\Users\Sony User\AppData\Roaming\DivX
[2011.12.25 22:04:18 | 000,000,000 | ---D | M] -- C:\Users\Sony User\AppData\Roaming\DVDVideoSoftIEHelpers
[2009.10.23 10:26:24 | 000,000,000 | ---D | M] -- C:\Users\Sony User\AppData\Roaming\Google
[2011.04.11 10:31:47 | 000,000,000 | ---D | M] -- C:\Users\Sony User\AppData\Roaming\ICQ
[2009.10.22 09:09:39 | 000,000,000 | ---D | M] -- C:\Users\Sony User\AppData\Roaming\Identities
[2009.11.24 15:26:49 | 000,000,000 | ---D | M] -- C:\Users\Sony User\AppData\Roaming\Macromedia
[2010.06.27 03:20:28 | 000,000,000 | ---D | M] -- C:\Users\Sony User\AppData\Roaming\Malwarebytes
[2009.07.14 19:18:18 | 000,000,000 | ---D | M] -- C:\Users\Sony User\AppData\Roaming\Media Center Programs
[2010.10.05 14:38:44 | 000,000,000 | --SD | M] -- C:\Users\Sony User\AppData\Roaming\Microsoft
[2010.05.03 18:23:16 | 000,000,000 | ---D | M] -- C:\Users\Sony User\AppData\Roaming\Mozilla
[2011.01.10 18:52:54 | 000,000,000 | ---D | M] -- C:\Users\Sony User\AppData\Roaming\PC Suite
[2011.12.27 15:10:58 | 000,000,000 | ---D | M] -- C:\Users\Sony User\AppData\Roaming\Roxio Log Files
[2010.09.23 00:10:27 | 000,000,000 | ---D | M] -- C:\Users\Sony User\AppData\Roaming\Sony Corporation
[2010.04.05 19:39:02 | 000,000,000 | ---D | M] -- C:\Users\Sony User\AppData\Roaming\Template
[2011.12.28 22:07:12 | 000,000,000 | ---D | M] -- C:\Users\Sony User\AppData\Roaming\TuneUp Software
[2009.11.24 15:01:22 | 000,000,000 | ---D | M] -- C:\Users\Sony User\AppData\Roaming\Vodafone
[2010.06.22 21:56:05 | 000,000,000 | ---D | M] -- C:\Users\Sony User\AppData\Roaming\WinRAR
 
< %APPDATA%\*.exe /s >
 
< %SYSTEMDRIVE%\*.exe >
 
 
< MD5 for: AGP440.SYS  >
[2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\drivers\AGP440.sys
[2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_a2f120466549d68b\AGP440.sys
[2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\AGP440.sys
[2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\ERDNT\cache64\atapi.sys
[2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys
[2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys
[2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys
[2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\ERDNT\cache86\cngaudit.dll
[2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll
[2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
[2009.07.14 02:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\ERDNT\cache64\cngaudit.dll
[2009.07.14 02:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\SysNative\cngaudit.dll
[2009.07.14 02:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll
 
< MD5 for: IASTOR.SYS  >
[2009.06.04 17:54:36 | 000,408,600 | ---- | M] (Intel Corporation) MD5=1D004CB1DA6323B1F55CAEF7F94B61D9 -- C:\Windows\SysNative\drivers\iaStor.sys
 
< MD5 for: IASTORV.SYS  >
[2010.11.20 14:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\SysNative\drivers\iaStorV.sys
[2010.11.20 14:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_668286aa35d55928\iaStorV.sys
[2010.11.20 14:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_0d3757e79e6784d0\iaStorV.sys
[2009.07.14 02:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_0b06441fa1790136\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2009.07.14 02:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\ERDNT\cache64\netlogon.dll
[2009.07.14 02:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_59aca8ea51aaeefe\netlogon.dll
[2010.11.20 14:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\SysNative\netlogon.dll
[2010.11.20 14:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298\netlogon.dll
[2010.11.20 13:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SysWOW64\netlogon.dll
[2010.11.20 13:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_6632670482fa3493\netlogon.dll
[2009.07.14 02:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\ERDNT\cache86\netlogon.dll
[2009.07.14 02:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_6401533c860bb0f9\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2009.07.14 02:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_95cfb4ced8afab0e\nvstor.sys
[2010.11.20 14:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\SysNative\drivers\nvstor.sys
[2010.11.20 14:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_dd659ed032d28a14\nvstor.sys
[2010.11.20 14:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2009.07.14 02:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\ERDNT\cache86\scecli.dll
[2009.07.14 02:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9e577e55272d37b4\scecli.dll
[2009.07.14 02:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\ERDNT\cache64\scecli.dll
[2009.07.14 02:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9402d402f2cc75b9\scecli.dll
[2010.11.20 13:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SysWOW64\scecli.dll
[2010.11.20 13:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll
[2010.11.20 14:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\SysNative\scecli.dll
[2010.11.20 14:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll
 
< MD5 for: USER32.DLL  >
[2010.11.20 13:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\SysWOW64\user32.dll
[2010.11.20 13:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll
[2009.07.14 02:41:56 | 001,008,640 | ---- | M] (Microsoft Corporation) MD5=72D7B3EA16946E8F0CF7458150031CC6 -- C:\Windows\ERDNT\cache64\user32.dll
[2009.07.14 02:41:56 | 001,008,640 | ---- | M] (Microsoft Corporation) MD5=72D7B3EA16946E8F0CF7458150031CC6 -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_292d5de8870d85d9\user32.dll
[2009.07.14 02:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- C:\Windows\ERDNT\cache86\user32.dll
[2009.07.14 02:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_3382083abb6e47d4\user32.dll
[2010.11.20 14:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\SysNative\user32.dll
[2010.11.20 14:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2010.11.20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010.11.20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009.07.14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\ERDNT\cache86\userinit.exe
[2009.07.14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2009.07.14 02:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\ERDNT\cache64\userinit.exe
[2009.07.14 02:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe
[2010.11.20 14:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe
[2010.11.20 14:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe
 
< MD5 for: WININIT.EXE  >
[2009.07.14 02:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\ERDNT\cache64\wininit.exe
[2009.07.14 02:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\SysNative\wininit.exe
[2009.07.14 02:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_8ce7aa761e01ad49\wininit.exe
[2009.07.14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\ERDNT\cache86\wininit.exe
[2009.07.14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\SysWOW64\wininit.exe
[2009.07.14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2010.11.20 14:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe
[2010.11.20 14:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2009.07.14 02:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[2009.10.28 08:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
[2011.12.24 17:50:20 | 000,182,856 | ---- | M] () MD5=B382935AB01B27D0E14F267DBF288896 -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2009.10.28 07:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\ERDNT\cache64\winlogon.exe
[2009.10.28 07:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2009.07.14 01:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\SysNative\drivers\ws2ifsl.sys
[2009.07.14 01:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_ab7b927be17eace8\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
[1 C:\Windows\system32\*.tmp files -> C:\Windows\system32\*.tmp -> ]
 
<           >

< End of report >
         
Logfile 2

Code:
ATTFilter
OTL Extras logfile created on: 28.12.2011 22:38:22 - Run 1
OTL by OldTimer - Version 3.2.31.0     Folder = C:\Users\Sony User\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,97 Gb Total Physical Memory | 2,55 Gb Available Physical Memory | 64,32% Memory free
7,93 Gb Paging File | 6,21 Gb Available in Paging File | 78,23% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 456,28 Gb Total Space | 333,04 Gb Free Space | 72,99% Space Free | Partition Type: NTFS
 
Computer Name: SONYUSER-VAIO | User Name: Sony User | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- Reg Error: Key error. File not found
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L"
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L"
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
========== Firewall Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{180C8888-50F1-426B-A9DC-AB83A1989C65}" = Windows Live Language Selector
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{26A24AE4-039D-4CA4-87B4-2F86416014FF}" = Java(TM) 6 Update 14 (64-bit)
"{4D668D4F-FAA2-4726-834C-31F4614F312E}" = MSVC80_x64_v2
"{8AA7EE74-114A-FFFF-B1D2-AED4707763C9}" = ccc-utility64
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}" = WIDCOMM Bluetooth Software
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Alps Pointing-device for VAIO
"{A4BC24CB-F8C7-27FB-41D5-47A405031A41}" = ATI Catalyst Install Manager
"{AB071C8B-873C-459F-ACA9-9EBE03C3E89B}" = MSVC90_x64
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{F83779DF-E1F5-43A2-A7BE-732F856FADB7}" = Microsoft SQL Server Compact 3.5 SP1 x64 English
"CCleaner" = CCleaner
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{0271C003-CED0-2354-818F-A872734088B1}" = CCC Help Dutch
"{0899D75A-C2FC-42EA-A702-5B9A5F24EAD5}" = VAIO Smart Network
"{0A5F02E5-1A52-4F85-892C-A35227641C75}" = VAIO Content Metadata Intelligent Analyzing Manager
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{14291118-0C19-45EA-A4FA-5C1C0F5FDE09}" = Primo
"{1BA1DBDC-5431-46FD-A66F-A17EB1C439EE}" = Windows Live Messenger
"{1E40FED6-E0D6-0AA2-BA08-75B6C1E2D02F}" = CCC Help Swedish
"{1FE69600-3A33-FFFF-C488-F3E40DBC2F68}" = CCC Help Czech
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{2018C019-30D9-4240-8C01-0865C10DCF5A}" = Unterstützung für VAIO-Präsentation
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 30
"{2BE51320-174A-44EC-8041-50E35E091283}" = VAIO Content Metadata Intelligent Analyzing Manager
"{2FC5CB84-9110-DE89-379B-34E87AB8BDC1}" = CCC Help Italian
"{3662480D-028D-BE4E-DEC1-775818519CC2}" = CCC Help Norwegian
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{3B1168DE-1F8C-471C-AC49-0CA52F096170}" = VAIO Content Metadata Intelligent Network Service Manager
"{3BA4FBA3-35EE-3E3B-62D8-606AF0722950}" = ccc-core-static
"{48E29469-216B-1AE3-B156-A2DAA48E709E}" = Catalyst Control Center InstallProxy
"{48E91AD2-2A80-4E70-98E6-450A189F6048}" = VAIO Movie Story
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4D029068-CE21-848B-5654-1409E47507BB}" = CCC Help Chinese Traditional
"{4DCEA9C1-4D6E-41BF-A854-28CFA8B56DBF}" = Click to Disc Editor
"{4E7FD54B-D551-70C1-CEE7-88FD59BE8063}" = CCC Help English
"{51BEF30C-58E4-490F-BA40-A2F12AB8B5F9}" = VAIO Content Metadata Manager Settings
"{51CFD8DC-5C66-42ec-9598-72E28FD62ED5}" = MusicStation
"{52AF7D37-EECF-535F-5226-E0DD16543CD1}" = CCC Help Thai
"{54108D57-A606-774B-BA31-6C9363B0B33A}" = Catalyst Control Center Graphics Light
"{5449FB4F-1802-4D5B-A6D8-087DB1142147}" = Realtek HDMI Audio Driver for ATI
"{575E77D1-29E9-28EC-7D28-F5ABAB72C270}" = Catalyst Control Center Graphics Full Existing
"{57AABF73-E17F-4212-A103-13A9794F0869}" = VAIO Content Metadata XML Interface Library
"{57B955CE-B5D3-495D-AF1B-FAEE0540BFEF}" = VAIO Data Restore Tool
"{596BED91-A1D8-4DF1-8CD1-1C777F7588AC}" = VAIO DVD Menu Data Basic
"{5DDAFB4B-C52E-468A-9E23-3B0CEEB671BF}" = VAIO-Support für Übertragungen
"{5F2D882B-A663-4EB5-9851-48CC6C75FD2D}" = VAIO Content Metadata Intelligent Network Service Manager
"{5F5867F0-2D23-4338-A206-01A76C823924}" = VAIO Energie Verwaltung
"{62F7DA7E-CCCB-439C-A760-00C3926E761F}" = Microsoft Works
"{6529B443-1BD5-D7D3-7DAF-D6AD2C98C38A}" = CCC Help Finnish
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{68A69CFF-130D-4CDE-AB0E-7374ECB144C8}" = Click to Disc
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6B1F20F2-6321-4669-A58C-33DF8E7517FF}" = VAIO Entertainment Platform
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{6FA8BA2C-052B-4072-B8E2-2302C268BE9E}" = VAIO Movie Story Template Data
"{70991E0A-1108-437E-BA7D-085702C670C0}" = 
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{72042FA6-5609-489F-A8EA-3C2DD650F667}" = VAIO Control Center
"{73330752-80F1-65AE-721D-8AA10AEFF99B}" = CCC Help Turkish
"{7395DD51-0D1A-47A7-9993-742073ECF4CE}" = VAIO Content Metadata Manager Settings
"{73C6DCFB-B606-47F3-BDFA-9A4FBF931E37}" = ICQ7.4
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7A512C74-7780-43A1-93DA-29C23D0DF374}" = VAIO Content Metadata XML Interface Library
"{7BB90344-0647-468E-925A-7F69F7983421}" = ArcSoft Magic-i Visual Effects 2
"{7E1D9B1F-A5AE-737C-E0BC-96C42D19E2CC}" = CCC Help Russian
"{7E8DE539-B044-48B3-BC76-4F0A089ABE2F}" = VAIO Content Metadata Intelligent Analyzing Manager
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{83CDA18E-0BF3-4ACA-872C-B4CDABF2360E}" = VAIO Update 4
"{876172CF-1095-181F-B037-6A713235417F}" = Catalyst Control Center Graphics Previews Vista
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8AFAF619-1FD7-71BD-26F1-8EED9C1C8A8D}" = Catalyst Control Center Graphics Previews Common
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8DE50158-80AA-4FF2-9E9F-0A7C46F71FCD}" = VAIO Media plus
"{8EE47674-9AD3-B099-C6E4-7FB9F0D14D38}" = CCC Help Spanish
"{8F47B673-8D71-49E3-98B6-BCF547C82F57}" = Click to Disc
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{E64BA721-2310-4B55-BE5A-2925F9706192}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{E64BA721-2310-4B55-BE5A-2925F9706192}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002A-0407-1000-0000000FF1CE}_HOMESTUDENTR_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{9238E8A4-BEBA-43A3-B926-769BDBF194C5}" = VAIO Media plus Opening Movie
"{931FE23C-BB40-4C7A-A594-DB35908D8E83}" = VAIO Quick Web Access
"{949419DF-F4AF-4693-B60A-522B24F233C6}" = VAIO Content Metadata XML Interface Library
"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)
"{95140000-007A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{96D0B6C6-5A72-4B47-8583-A87E55F5FE81}" = 
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B00435C-61FA-BB7F-4B7A-98FCC4881C3F}" = CCC Help French
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D179733-28AD-DF80-B74A-5A0F9FD4E332}" = CCC Help Japanese
"{9D912275-85FD-45F6-9AF3-388A0F8AADB2}" = VAIO Content Metadata Intelligent Network Service Manager
"{9E39EA0D-38CD-4739-9E28-DEA4A1155522}" = Sony Home Network Library
"{9EAC0E21-510E-4259-A9C6-F5D5B8969036}" = Catalyst Control Center - Branding
"{A1432157-D6B5-BD3C-42C8-E54BEED3EB0E}" = CCC Help Korean
"{A63E7492-A0BC-4BB9-89A7-352965222380}" = VAIO Original Funktion Einstellungen
"{A7C30414-2382-4086-B0D6-01A88ABA21C3}" = VAIO Gate
"{A7DA438C-2E43-4C20-BFDA-C1F4A6208558}" = Setting Utility Series
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AB30697D-E02D-2FD7-2EF4-E60887B4B22E}" = CCC Help Chinese Standard
"{AC76BA86-7AD7-1031-7B44-A94000000001}" = Adobe Reader 9.4.7 - Deutsch
"{ACE78B09-BD0C-E6A4-1250-2482B5A126B8}" = Catalyst Control Center Graphics Full New
"{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86
"{B25563A0-41F4-4A81-A6C1-6DBC0911B1F3}" = VAIO Movie Story
"{B2A7278B-6D98-8640-760B-3D34485D1AD6}" = CCC Help Portuguese
"{BBA68DFD-AA0F-2CD0-932A-17442B41A350}" = CCC Help Danish
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections
"{C7477742-DDB4-43E5-AC8D-0259E1E661B1}" = VAIO Event Service
"{CE2121C6-C94D-4A73-8EA4-6943F33EE335}" = Music Transfer
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D03D02D8-AB64-4785-A48E-5AA8B0FB8C14}" = Sony Home Network Library
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D5068583-D569-468B-9755-5FBF5848F46F}" = Sony Picture Utility
"{D60F97EC-EF06-4E1E-B0D1-C2CBABA62FA3}" = VAIO Wallpaper Contents
"{D8AE7D4E-BA8B-4F7B-BF50-8D2F090034F0}" = VAIO Content Metadata Intelligent Analyzing Manager
"{DABF43D9-1104-4764-927B-5BED1274A3B0}" = Runtime
"{DE8AAC73-6D8D-483E-96EA-CAEDDADB9079}" = ArcSoft WebCam Companion 3
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E23CBEC5-533E-054A-4109-95751B7C3A81}" = CCC Help German
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{E59113EB-0285-4BFD-A37A-B79EAC6B8F4B}" = Microsoft SQL Server Compact 3.5 SP1 English
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
"{F0A034FE-0951-EF71-145E-F0DF36F5A203}" = Catalyst Control Center Core Implementation
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F0F05BDF-4AE4-096C-C8E9-4B4DAD2DE13D}" = CCC Help Polish
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F1432614-6183-49E6-98E8-674485463CFE}" = VAIO Original Function Settings
"{F3C91479-BDAC-4B42-0B7B-54D37EB63A12}" = CCC Help Hungarian
"{F52EE3CE-A6B2-63E2-9445-EC92EEC1FB90}" = Catalyst Control Center Localization All
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FB77DB0C-6951-47B6-9D80-A0FDBEE0334C}" = 
"{FBBF5D9C-1989-4933-AE4E-19EE368385B4}" = VAIO Entertainment Platform
"{FC55ADF1-53B6-269F-92F7-413AB697EE48}" = CCC Help Greek
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Avira AntiVir Desktop" = Avira Free Antivirus
"ENTERPRISE" = Microsoft Office Enterprise 2007
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.10.14.1206
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"InstallShield_{4DCEA9C1-4D6E-41BF-A854-28CFA8B56DBF}" = Click to Disc Editor
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.60.0.1800
"MarketingTools" = VAIO Marketing Tools
"MFU Module" = 
"Mozilla Firefox (3.6.16)" = Mozilla Firefox (3.6.16)
"splashtop" = VAIO Quick Web Access
"Uninstall_is1" = Uninstall 1.0.0.1
"VAIO Help and Support" = 
"VAIO NW screensaver" = VAIO NW screensaver
"VAIO Premium Partners 1.00" = VAIO Premium Partners 1.00
"WinLiveSuite" = Windows Live Essentials
"WinRAR archiver" = WinRAR
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 28.12.2011 12:50:09 | Computer Name = SonyUser-VAIO | Source = Windows Search Service | ID = 3028
Description = 
 
Error - 28.12.2011 12:50:09 | Computer Name = SonyUser-VAIO | Source = Windows Search Service | ID = 3058
Description = 
 
Error - 28.12.2011 12:50:09 | Computer Name = SonyUser-VAIO | Source = Windows Search Service | ID = 7010
Description = 
 
Error - 28.12.2011 15:30:30 | Computer Name = SonyUser-VAIO | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Windows\Installer\{62F7DA7E-CCCB-439C-A760-00C3926E761F}\WksWP.exe".
Die
 abhängige Assemblierung "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 28.12.2011 15:30:50 | Computer Name = SonyUser-VAIO | Source = VzCdbSvc | ID = 7
Description = Das Plug-In-Modul konnte nicht geladen werden. (GUID = {56F9312C-C989-4E04-8C23-299DEE3A36F5})
 (Fehlercode = 0x80042019)
 
Error - 28.12.2011 17:07:40 | Computer Name = SonyUser-VAIO | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Windows\Installer\{62F7DA7E-CCCB-439C-A760-00C3926E761F}\WksWP.exe".
Die
 abhängige Assemblierung "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 28.12.2011 17:07:41 | Computer Name = SonyUser-VAIO | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Windows\Installer\{62F7DA7E-CCCB-439C-A760-00C3926E761F}\WksWP.exe".
Die
 abhängige Assemblierung "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 28.12.2011 17:32:24 | Computer Name = SonyUser-VAIO | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Windows\Installer\{62F7DA7E-CCCB-439C-A760-00C3926E761F}\WksWP.exe".
Die
 abhängige Assemblierung "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 28.12.2011 17:32:45 | Computer Name = SonyUser-VAIO | Source = VzCdbSvc | ID = 7
Description = Das Plug-In-Modul konnte nicht geladen werden. (GUID = {56F9312C-C989-4E04-8C23-299DEE3A36F5})
 (Fehlercode = 0x80042019)
 
Error - 28.12.2011 17:35:09 | Computer Name = SonyUser-VAIO | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Windows\Installer\{62F7DA7E-CCCB-439C-A760-00C3926E761F}\WksWP.exe".
Die
 abhängige Assemblierung "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
[ System Events ]
Error - 28.12.2011 12:48:20 | Computer Name = SonyUser-VAIO | Source = atikmdag | ID = 43029
Description = Display is not active
 
Error - 28.12.2011 12:50:09 | Computer Name = SonyUser-VAIO | Source = Service Control Manager | ID = 7024
Description = Der Dienst "Windows Search" wurde mit folgendem dienstspezifischem
 Fehler beendet: %%-1073473535.
 
Error - 28.12.2011 12:50:09 | Computer Name = SonyUser-VAIO | Source = Service Control Manager | ID = 7031
Description = Der Dienst "Windows Search" wurde unerwartet beendet. Dies ist bereits
 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 30000 Millisekunden durchgeführt:
 Neustart des Diensts.
 
Error - 28.12.2011 15:02:15 | Computer Name = SonyUser-VAIO | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
 von Dienst Wlansvc erreicht.
 
Error - 28.12.2011 15:02:16 | Computer Name = SonyUser-VAIO | Source = atikmdag | ID = 43029
Description = Display is not active
 
Error - 28.12.2011 15:29:39 | Computer Name = SonyUser-VAIO | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?28.?12.?2011 um 20:24:40 unerwartet heruntergefahren.
 
Error - 28.12.2011 15:29:37 | Computer Name = SonyUser-VAIO | Source = atikmdag | ID = 52236
Description = CPLIB :: General - Invalid Parameter
 
Error - 28.12.2011 15:29:37 | Computer Name = SonyUser-VAIO | Source = atikmdag | ID = 43029
Description = Display is not active
 
Error - 28.12.2011 17:31:39 | Computer Name = SonyUser-VAIO | Source = atikmdag | ID = 52236
Description = CPLIB :: General - Invalid Parameter
 
Error - 28.12.2011 17:31:39 | Computer Name = SonyUser-VAIO | Source = atikmdag | ID = 43029
Description = Display is not active
 
 
< End of report >
         

Alt 28.12.2011, 22:45   #7
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Malewarebytes Antimalware stoppt "svchost.exe" ip :82.98.97.183 bis 82.98.97.205 - Standard

Malewarebytes Antimalware stoppt "svchost.exe" ip :82.98.97.183 bis 82.98.97.205



Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:
ATTFilter
:OTL
[2011.04.08 05:59:26 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Users\Sony User\AppData\Roaming\mozilla\Firefox\Profiles\qzmkl14c.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2010.08.18 21:28:53 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\Sony User\AppData\Roaming\mozilla\Firefox\Profiles\qzmkl14c.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2010.08.21 20:21:07 | 000,000,873 | ---- | M] () -- C:\Users\Sony User\AppData\Roaming\Mozilla\Firefox\Profiles\qzmkl14c.default\searchplugins\conduit.xml
[2010.12.21 14:59:20 | 000,000,950 | ---- | M] () -- C:\Users\Sony User\AppData\Roaming\Mozilla\Firefox\Profiles\qzmkl14c.default\searchplugins\icqplugin-2.xml
[2011.04.08 06:02:37 | 000,000,950 | ---- | M] () -- C:\Users\Sony User\AppData\Roaming\Mozilla\Firefox\Profiles\qzmkl14c.default\searchplugins\icqplugin-3.xml
[2011.04.08 05:59:26 | 000,000,168 | ---- | M] () -- C:\Users\Sony User\AppData\Roaming\Mozilla\Firefox\Profiles\qzmkl14c.default\searchplugins\icqplugin.gif
[2011.04.08 05:59:26 | 000,000,618 | ---- | M] () -- C:\Users\Sony User\AppData\Roaming\Mozilla\Firefox\Profiles\qzmkl14c.default\searchplugins\icqplugin.src
[2010.05.12 16:40:48 | 000,001,042 | ---- | M] () -- C:\Users\Sony User\AppData\Roaming\Mozilla\Firefox\Profiles\qzmkl14c.default\searchplugins\icqplugin.xml
[2011.12.27 19:30:50 | 000,000,000 | ---D | C] -- C:\Windows\VDLL.DLL
[2011.12.27 19:30:50 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\runouce.exe
[2011.12.27 19:30:50 | 000,000,000 | ---D | C] -- C:\Windows\rundll16.exe
[2011.12.27 19:30:50 | 000,000,000 | ---D | C] -- C:\Windows\RUNDL132.EXE
[2011.12.27 19:30:50 | 000,000,000 | ---D | C] -- C:\Windows\logo1_.exe
[2011.12.27 19:30:50 | 000,000,000 | ---D | C] -- C:\Windows\logo_1.exe
[2011.12.27 19:22:30 | 000,034,048 | ---- | C] (MicroWorld Technologies Inc.) -- C:\Windows\SysWow64\eEmpty.exe
[2011.12.28 20:16:02 | 000,000,240 | ---- | M] () -- C:\Windows\SysWow64\~.inf
[2011.12.27 22:39:07 | 000,044,578 | ---- | M] () -- C:\Users\Sony User\Documents\pinfect.zip
:Commands
[emptytemp]
[resethosts]
         
Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 29.12.2011, 07:56   #8
Sohn_des_Mondes
 
Malewarebytes Antimalware stoppt "svchost.exe" ip :82.98.97.183 bis 82.98.97.205 - Standard

Malewarebytes Antimalware stoppt "svchost.exe" ip :82.98.97.183 bis 82.98.97.205



Habe ich gemacht, hier der Logfile

Code:
ATTFilter
All processes killed
========== OTL ==========
C:\Users\Sony User\AppData\Roaming\mozilla\Firefox\Profiles\qzmkl14c.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\search_engine folder moved successfully.
C:\Users\Sony User\AppData\Roaming\mozilla\Firefox\Profiles\qzmkl14c.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\META-INF folder moved successfully.
C:\Users\Sony User\AppData\Roaming\mozilla\Firefox\Profiles\qzmkl14c.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\defaults\preferences folder moved successfully.
C:\Users\Sony User\AppData\Roaming\mozilla\Firefox\Profiles\qzmkl14c.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\defaults folder moved successfully.
C:\Users\Sony User\AppData\Roaming\mozilla\Firefox\Profiles\qzmkl14c.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\components folder moved successfully.
C:\Users\Sony User\AppData\Roaming\mozilla\Firefox\Profiles\qzmkl14c.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\skin folder moved successfully.
C:\Users\Sony User\AppData\Roaming\mozilla\Firefox\Profiles\qzmkl14c.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\tr folder moved successfully.
C:\Users\Sony User\AppData\Roaming\mozilla\Firefox\Profiles\qzmkl14c.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\sk folder moved successfully.
C:\Users\Sony User\AppData\Roaming\mozilla\Firefox\Profiles\qzmkl14c.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\ru folder moved successfully.
C:\Users\Sony User\AppData\Roaming\mozilla\Firefox\Profiles\qzmkl14c.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\it folder moved successfully.
C:\Users\Sony User\AppData\Roaming\mozilla\Firefox\Profiles\qzmkl14c.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\he folder moved successfully.
C:\Users\Sony User\AppData\Roaming\mozilla\Firefox\Profiles\qzmkl14c.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\fr folder moved successfully.
C:\Users\Sony User\AppData\Roaming\mozilla\Firefox\Profiles\qzmkl14c.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\es folder moved successfully.
C:\Users\Sony User\AppData\Roaming\mozilla\Firefox\Profiles\qzmkl14c.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\en-US folder moved successfully.
C:\Users\Sony User\AppData\Roaming\mozilla\Firefox\Profiles\qzmkl14c.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\de folder moved successfully.
C:\Users\Sony User\AppData\Roaming\mozilla\Firefox\Profiles\qzmkl14c.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\cs folder moved successfully.
C:\Users\Sony User\AppData\Roaming\mozilla\Firefox\Profiles\qzmkl14c.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\bg folder moved successfully.
C:\Users\Sony User\AppData\Roaming\mozilla\Firefox\Profiles\qzmkl14c.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale folder moved successfully.
C:\Users\Sony User\AppData\Roaming\mozilla\Firefox\Profiles\qzmkl14c.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\content\img folder moved successfully.
C:\Users\Sony User\AppData\Roaming\mozilla\Firefox\Profiles\qzmkl14c.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\content folder moved successfully.
C:\Users\Sony User\AppData\Roaming\mozilla\Firefox\Profiles\qzmkl14c.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome folder moved successfully.
C:\Users\Sony User\AppData\Roaming\mozilla\Firefox\Profiles\qzmkl14c.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07} folder moved successfully.
C:\Users\Sony User\AppData\Roaming\mozilla\Firefox\Profiles\qzmkl14c.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}\chrome folder moved successfully.
C:\Users\Sony User\AppData\Roaming\mozilla\Firefox\Profiles\qzmkl14c.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} folder moved successfully.
C:\Users\Sony User\AppData\Roaming\Mozilla\Firefox\Profiles\qzmkl14c.default\searchplugins\conduit.xml moved successfully.
C:\Users\Sony User\AppData\Roaming\Mozilla\Firefox\Profiles\qzmkl14c.default\searchplugins\icqplugin-2.xml moved successfully.
C:\Users\Sony User\AppData\Roaming\Mozilla\Firefox\Profiles\qzmkl14c.default\searchplugins\icqplugin-3.xml moved successfully.
C:\Users\Sony User\AppData\Roaming\Mozilla\Firefox\Profiles\qzmkl14c.default\searchplugins\icqplugin.gif moved successfully.
C:\Users\Sony User\AppData\Roaming\Mozilla\Firefox\Profiles\qzmkl14c.default\searchplugins\icqplugin.src moved successfully.
C:\Users\Sony User\AppData\Roaming\Mozilla\Firefox\Profiles\qzmkl14c.default\searchplugins\icqplugin.xml moved successfully.
C:\Windows\VDLL.DLL folder moved successfully.
C:\Windows\SysWow64\runouce.exe folder moved successfully.
C:\Windows\rundll16.exe folder moved successfully.
C:\Windows\RUNDL132.EXE folder moved successfully.
C:\Windows\logo1_.exe folder moved successfully.
C:\Windows\logo_1.exe folder moved successfully.
C:\Windows\SysWOW64\eEmpty.exe moved successfully.
C:\Windows\SysWOW64\~.inf moved successfully.
C:\Users\Sony User\Documents\pinfect.zip moved successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Public
->Temp folder emptied: 0 bytes
 
User: Sony User
->Temp folder emptied: 5117326 bytes
->Temporary Internet Files folder emptied: 15260828 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 470 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 3648624 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 524896 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50434 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 23,00 mb
 
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
OTL by OldTimer - Version 3.2.31.0 log created on 12292011_085007

Files\Folders moved on Reboot...
C:\Users\Sony User\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

Registry entries deleted on Reboot...
         

Alt 29.12.2011, 08:04   #9
Sohn_des_Mondes
 
Malewarebytes Antimalware stoppt "svchost.exe" ip :82.98.97.183 bis 82.98.97.205 - Standard

Malewarebytes Antimalware stoppt "svchost.exe" ip :82.98.97.183 bis 82.98.97.205



Von Malewarebytes kam die Meldung das es wieder gestoppt wurde, trotz des fixen.

Alt 29.12.2011, 15:11   #10
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Malewarebytes Antimalware stoppt "svchost.exe" ip :82.98.97.183 bis 82.98.97.205 - Standard

Malewarebytes Antimalware stoppt "svchost.exe" ip :82.98.97.183 bis 82.98.97.205



Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.
Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!




Falls du durch die Infektion auf deine Dokumente/Eigenen Dateien nicht zugreifen kannst, Verknüpfungen auf dem Desktop oder im Startmenü unter "alle Programme" fehlen, bitte unhide ausführen:
Downloade dir bitte unhide.exe und speichere diese Datei auf deinem Desktop.
Starte das Tool und es sollten alle Dateien und Ordner wieder sichtbar sein. ( Könnte eine Weile dauern )
Windows-Vista und Windows-7-User müssen das Tool per Rechtsklick als Administrator ausführen!
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 29.12.2011, 19:15   #11
Sohn_des_Mondes
 
Malewarebytes Antimalware stoppt "svchost.exe" ip :82.98.97.183 bis 82.98.97.205 - Standard

Malewarebytes Antimalware stoppt "svchost.exe" ip :82.98.97.183 bis 82.98.97.205



So hier der Logfile


Code:
ATTFilter
20:12:26.0286 2504	TDSS rootkit removing tool 2.6.25.0 Dec 23 2011 14:51:16
20:12:27.0736 2504	============================================================
20:12:27.0736 2504	Current date / time: 2011/12/29 20:12:27.0736
20:12:27.0736 2504	SystemInfo:
20:12:27.0736 2504	
20:12:27.0736 2504	OS Version: 6.1.7601 ServicePack: 1.0
20:12:27.0736 2504	Product type: Workstation
20:12:27.0736 2504	ComputerName: SONYUSER-VAIO
20:12:27.0736 2504	UserName: Sony User
20:12:27.0736 2504	Windows directory: C:\Windows
20:12:27.0736 2504	System windows directory: C:\Windows
20:12:27.0736 2504	Running under WOW64
20:12:27.0736 2504	Processor architecture: Intel x64
20:12:27.0736 2504	Number of processors: 2
20:12:27.0736 2504	Page size: 0x1000
20:12:27.0736 2504	Boot type: Normal boot
20:12:27.0736 2504	============================================================
20:12:32.0557 2504	Initialize success
20:12:53.0461 4932	============================================================
20:12:53.0461 4932	Scan started
20:12:53.0461 4932	Mode: Manual; SigCheck; TDLFS; 
20:12:53.0461 4932	============================================================
20:12:55.0052 4932	1394ohci        (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
20:12:55.0208 4932	1394ohci - ok
20:12:55.0271 4932	ACPI            (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
20:12:55.0286 4932	ACPI - ok
20:12:55.0317 4932	AcpiPmi         (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
20:12:55.0411 4932	AcpiPmi - ok
20:12:55.0458 4932	adp94xx         (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
20:12:55.0505 4932	adp94xx - ok
20:12:55.0536 4932	adpahci         (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
20:12:55.0551 4932	adpahci - ok
20:12:55.0614 4932	adpu320         (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
20:12:55.0645 4932	adpu320 - ok
20:12:55.0707 4932	AFD             (d5b031c308a409a0a576bff4cf083d30) C:\Windows\system32\drivers\afd.sys
20:12:55.0801 4932	AFD - ok
20:12:55.0848 4932	agp440          (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
20:12:55.0879 4932	agp440 - ok
20:12:55.0895 4932	aliide          (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
20:12:55.0910 4932	aliide - ok
20:12:55.0957 4932	amdide          (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
20:12:55.0988 4932	amdide - ok
20:12:56.0019 4932	AmdK8           (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
20:12:56.0097 4932	AmdK8 - ok
20:12:56.0113 4932	AmdPPM          (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
20:12:56.0175 4932	AmdPPM - ok
20:12:56.0238 4932	amdsata         (6ec6d772eae38dc17c14aed9b178d24b) C:\Windows\system32\drivers\amdsata.sys
20:12:56.0269 4932	amdsata - ok
20:12:56.0300 4932	amdsbs          (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
20:12:56.0331 4932	amdsbs - ok
20:12:56.0363 4932	amdxata         (1142a21db581a84ea5597b03a26ebaa0) C:\Windows\system32\drivers\amdxata.sys
20:12:56.0378 4932	amdxata - ok
20:12:56.0487 4932	ApfiltrService  (56bd886820c4aedf493cfcdf1ccfb004) C:\Windows\system32\DRIVERS\Apfiltr.sys
20:12:56.0565 4932	ApfiltrService - ok
20:12:56.0643 4932	AppID           (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
20:12:56.0831 4932	AppID - ok
20:12:56.0971 4932	arc             (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
20:12:57.0002 4932	arc - ok
20:12:57.0033 4932	arcsas          (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
20:12:57.0065 4932	arcsas - ok
20:12:57.0111 4932	ArcSoftKsUFilter (c130bc4a51b1382b2be8e44579ec4c0a) C:\Windows\system32\DRIVERS\ArcSoftKsUFilter.sys
20:12:57.0143 4932	ArcSoftKsUFilter - ok
20:12:57.0174 4932	AsyncMac        (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
20:12:57.0377 4932	AsyncMac - ok
20:12:57.0501 4932	atapi           (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
20:12:57.0517 4932	atapi - ok
20:12:57.0626 4932	athr            (5d4529ac4156e16bedb01441ae0cf984) C:\Windows\system32\DRIVERS\athrx.sys
20:12:57.0751 4932	athr - ok
20:12:57.0938 4932	atikmdag        (de0ede41bc530f1759c6fffcb8c7a0cf) C:\Windows\system32\DRIVERS\atikmdag.sys
20:12:58.0219 4932	atikmdag - ok
20:12:58.0375 4932	avgntflt        (aa8f79a1bdfc03b3bc70c44ab00589b4) C:\Windows\system32\DRIVERS\avgntflt.sys
20:12:58.0406 4932	avgntflt - ok
20:12:58.0469 4932	avipbb          (f1c9db5f7b2a56a0b29667d22ba540fc) C:\Windows\system32\DRIVERS\avipbb.sys
20:12:58.0500 4932	avipbb - ok
20:12:58.0562 4932	avkmgr          (248db59fc86de44d2779f4c7fb1a567d) C:\Windows\system32\DRIVERS\avkmgr.sys
20:12:58.0578 4932	avkmgr - ok
20:12:58.0671 4932	b06bdrv         (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
20:12:58.0749 4932	b06bdrv - ok
20:12:58.0812 4932	b57nd60a        (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
20:12:58.0890 4932	b57nd60a - ok
20:12:58.0921 4932	Beep            (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
20:12:59.0015 4932	Beep - ok
20:12:59.0077 4932	blbdrive        (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
20:12:59.0108 4932	blbdrive - ok
20:12:59.0171 4932	bowser          (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
20:12:59.0249 4932	bowser - ok
20:12:59.0311 4932	BrFiltLo        (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
20:12:59.0405 4932	BrFiltLo - ok
20:12:59.0436 4932	BrFiltUp        (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
20:12:59.0467 4932	BrFiltUp - ok
20:12:59.0514 4932	Brserid         (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
20:12:59.0592 4932	Brserid - ok
20:12:59.0654 4932	BrSerWdm        (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
20:12:59.0701 4932	BrSerWdm - ok
20:12:59.0748 4932	BrUsbMdm        (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
20:12:59.0795 4932	BrUsbMdm - ok
20:12:59.0841 4932	BrUsbSer        (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
20:12:59.0873 4932	BrUsbSer - ok
20:12:59.0951 4932	BthEnum         (cf98190a94f62e405c8cb255018b2315) C:\Windows\system32\drivers\BthEnum.sys
20:13:00.0013 4932	BthEnum - ok
20:13:00.0060 4932	BTHMODEM        (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
20:13:00.0107 4932	BTHMODEM - ok
20:13:00.0138 4932	BthPan          (02dd601b708dd0667e1331fa8518e9ff) C:\Windows\system32\DRIVERS\bthpan.sys
20:13:00.0216 4932	BthPan - ok
20:13:00.0263 4932	BTHPORT         (64c198198501f7560ee41d8d1efa7952) C:\Windows\System32\Drivers\BTHport.sys
20:13:00.0325 4932	BTHPORT - ok
20:13:00.0372 4932	BTHUSB          (f188b7394d81010767b6df3178519a37) C:\Windows\System32\Drivers\BTHUSB.sys
20:13:00.0434 4932	BTHUSB - ok
20:13:00.0481 4932	btwaudio        (6bcfdc2b5b7f66d484486d4bd4b39a6b) C:\Windows\system32\drivers\btwaudio.sys
20:13:00.0512 4932	btwaudio - ok
20:13:00.0559 4932	btwavdt         (82dc8b7c626e526681c1bebed2bc3ff9) C:\Windows\system32\DRIVERS\btwavdt.sys
20:13:00.0575 4932	btwavdt - ok
20:13:00.0637 4932	btwl2cap        (6149301dc3f81d6f9667a3fbac410975) C:\Windows\system32\DRIVERS\btwl2cap.sys
20:13:00.0637 4932	btwl2cap - ok
20:13:00.0668 4932	btwrchid        (28e105ad3b79f440bf94780f507bf66a) C:\Windows\system32\DRIVERS\btwrchid.sys
20:13:00.0684 4932	btwrchid - ok
20:13:00.0731 4932	cdfs            (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
20:13:00.0809 4932	cdfs - ok
20:13:00.0871 4932	cdrom           (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\drivers\cdrom.sys
20:13:00.0949 4932	cdrom - ok
20:13:00.0996 4932	circlass        (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
20:13:01.0089 4932	circlass - ok
20:13:01.0121 4932	CLFS            (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
20:13:01.0136 4932	CLFS - ok
20:13:01.0183 4932	CmBatt          (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
20:13:01.0214 4932	CmBatt - ok
20:13:01.0261 4932	cmdide          (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
20:13:01.0277 4932	cmdide - ok
20:13:01.0323 4932	CNG             (d5fea92400f12412b3922087c09da6a5) C:\Windows\system32\Drivers\cng.sys
20:13:01.0386 4932	CNG - ok
20:13:01.0417 4932	Compbatt        (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
20:13:01.0448 4932	Compbatt - ok
20:13:01.0495 4932	CompositeBus    (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
20:13:01.0557 4932	CompositeBus - ok
20:13:01.0573 4932	crcdisk         (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
20:13:01.0589 4932	crcdisk - ok
20:13:01.0698 4932	DfsC            (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
20:13:01.0760 4932	DfsC - ok
20:13:01.0807 4932	discache        (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
20:13:01.0869 4932	discache - ok
20:13:01.0932 4932	Disk            (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
20:13:01.0963 4932	Disk - ok
20:13:02.0010 4932	drmkaud         (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
20:13:02.0057 4932	drmkaud - ok
20:13:02.0119 4932	DXGKrnl         (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
20:13:02.0150 4932	DXGKrnl - ok
20:13:02.0259 4932	ebdrv           (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
20:13:02.0369 4932	ebdrv - ok
20:13:02.0540 4932	elxstor         (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
20:13:02.0571 4932	elxstor - ok
20:13:02.0634 4932	ErrDev          (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
20:13:02.0696 4932	ErrDev - ok
20:13:02.0790 4932	exfat           (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
20:13:02.0883 4932	exfat - ok
20:13:02.0961 4932	fastfat         (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
20:13:03.0024 4932	fastfat - ok
20:13:03.0258 4932	fdc             (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
20:13:03.0305 4932	fdc - ok
20:13:03.0414 4932	FileInfo        (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
20:13:03.0429 4932	FileInfo - ok
20:13:03.0445 4932	Filetrace       (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
20:13:03.0507 4932	Filetrace - ok
20:13:03.0554 4932	flpydisk        (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
20:13:03.0570 4932	flpydisk - ok
20:13:03.0632 4932	FltMgr          (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
20:13:03.0663 4932	FltMgr - ok
20:13:03.0710 4932	FsDepends       (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
20:13:03.0726 4932	FsDepends - ok
20:13:03.0741 4932	Fs_Rec          (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
20:13:03.0757 4932	Fs_Rec - ok
20:13:03.0804 4932	fvevol          (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
20:13:03.0819 4932	fvevol - ok
20:13:03.0882 4932	gagp30kx        (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
20:13:03.0913 4932	gagp30kx - ok
20:13:04.0007 4932	hcw85cir        (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
20:13:04.0069 4932	hcw85cir - ok
20:13:04.0131 4932	HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
20:13:04.0178 4932	HdAudAddService - ok
20:13:04.0225 4932	HDAudBus        (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
20:13:04.0272 4932	HDAudBus - ok
20:13:04.0303 4932	HidBatt         (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
20:13:04.0350 4932	HidBatt - ok
20:13:04.0397 4932	HidBth          (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
20:13:04.0443 4932	HidBth - ok
20:13:04.0490 4932	HidIr           (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
20:13:04.0537 4932	HidIr - ok
20:13:04.0615 4932	HidUsb          (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\drivers\hidusb.sys
20:13:04.0677 4932	HidUsb - ok
20:13:04.0740 4932	HpSAMD          (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
20:13:04.0771 4932	HpSAMD - ok
20:13:04.0833 4932	HTTP            (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
20:13:04.0927 4932	HTTP - ok
20:13:05.0005 4932	hwdatacard      (c8f3119ad72a507d12ef389df4c266ef) C:\Windows\system32\DRIVERS\ewusbmdm.sys
20:13:05.0052 4932	hwdatacard - ok
20:13:05.0099 4932	hwpolicy        (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
20:13:05.0130 4932	hwpolicy - ok
20:13:05.0177 4932	i8042prt        (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
20:13:05.0208 4932	i8042prt - ok
20:13:05.0270 4932	iaStor          (1d004cb1da6323b1f55caef7f94b61d9) C:\Windows\system32\DRIVERS\iaStor.sys
20:13:05.0301 4932	iaStor - ok
20:13:05.0348 4932	iaStorV         (3df4395a7cf8b7a72a5f4606366b8c2d) C:\Windows\system32\drivers\iaStorV.sys
20:13:05.0364 4932	iaStorV - ok
20:13:05.0551 4932	igfx            (dfeaf0a1d98d397035012c8e28d1520f) C:\Windows\system32\DRIVERS\igdkmd64.sys
20:13:05.0847 4932	igfx ( UnsignedFile.Multi.Generic ) - warning
20:13:05.0847 4932	igfx - detected UnsignedFile.Multi.Generic (1)
20:13:05.0972 4932	iirsp           (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
20:13:05.0988 4932	iirsp - ok
20:13:06.0081 4932	IntcAzAudAddService (b16fc828ce7a76a8f1ce682e6ead2627) C:\Windows\system32\drivers\RTKVHD64.sys
20:13:06.0144 4932	IntcAzAudAddService - ok
20:13:06.0206 4932	IntcHdmiAddService (88a20fa54c73ded4e8dac764e9130ae9) C:\Windows\system32\drivers\IntcHdmi.sys
20:13:06.0222 4932	IntcHdmiAddService ( UnsignedFile.Multi.Generic ) - warning
20:13:06.0222 4932	IntcHdmiAddService - detected UnsignedFile.Multi.Generic (1)
20:13:06.0269 4932	intelide        (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
20:13:06.0284 4932	intelide - ok
20:13:06.0331 4932	intelppm        (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
20:13:06.0378 4932	intelppm - ok
20:13:06.0456 4932	IpFilterDriver  (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
20:13:06.0534 4932	IpFilterDriver - ok
20:13:06.0565 4932	IPMIDRV         (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
20:13:06.0581 4932	IPMIDRV - ok
20:13:06.0643 4932	IPNAT           (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
20:13:06.0721 4932	IPNAT - ok
20:13:06.0768 4932	IRENUM          (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
20:13:06.0799 4932	IRENUM - ok
20:13:06.0846 4932	isapnp          (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
20:13:06.0877 4932	isapnp - ok
20:13:06.0924 4932	iScsiPrt        (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
20:13:06.0955 4932	iScsiPrt - ok
20:13:06.0986 4932	kbdclass        (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys
20:13:07.0002 4932	kbdclass - ok
20:13:07.0049 4932	kbdhid          (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys
20:13:07.0095 4932	kbdhid - ok
20:13:07.0142 4932	KSecDD          (ccd53b5bd33ce0c889e830d839c8b66e) C:\Windows\system32\Drivers\ksecdd.sys
20:13:07.0158 4932	KSecDD - ok
20:13:07.0205 4932	KSecPkg         (9ff918a261752c12639e8ad4208d2c2f) C:\Windows\system32\Drivers\ksecpkg.sys
20:13:07.0236 4932	KSecPkg - ok
20:13:07.0267 4932	ksthunk         (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
20:13:07.0345 4932	ksthunk - ok
20:13:07.0407 4932	lltdio          (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
20:13:07.0485 4932	lltdio - ok
20:13:07.0532 4932	LSI_FC          (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
20:13:07.0548 4932	LSI_FC - ok
20:13:07.0579 4932	LSI_SAS         (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
20:13:07.0595 4932	LSI_SAS - ok
20:13:07.0641 4932	LSI_SAS2        (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
20:13:07.0657 4932	LSI_SAS2 - ok
20:13:07.0688 4932	LSI_SCSI        (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
20:13:07.0704 4932	LSI_SCSI - ok
20:13:07.0766 4932	luafv           (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
20:13:07.0829 4932	luafv - ok
20:13:07.0891 4932	MBAMProtector   (79da94b35371b9e7104460c7693dcb2c) C:\Windows\system32\drivers\mbam.sys
20:13:07.0907 4932	MBAMProtector - ok
20:13:07.0953 4932	megasas         (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
20:13:07.0985 4932	megasas - ok
20:13:08.0016 4932	MegaSR          (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
20:13:08.0063 4932	MegaSR - ok
20:13:08.0125 4932	Modem           (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
20:13:08.0172 4932	Modem - ok
20:13:08.0203 4932	monitor         (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
20:13:08.0250 4932	monitor - ok
20:13:08.0312 4932	mouclass        (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\drivers\mouclass.sys
20:13:08.0343 4932	mouclass - ok
20:13:08.0390 4932	mouhid          (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
20:13:08.0437 4932	mouhid - ok
20:13:08.0484 4932	mountmgr        (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
20:13:08.0515 4932	mountmgr - ok
20:13:08.0562 4932	mpio            (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
20:13:08.0593 4932	mpio - ok
20:13:08.0640 4932	mpsdrv          (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
20:13:08.0733 4932	mpsdrv - ok
20:13:08.0780 4932	MRxDAV          (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
20:13:08.0889 4932	MRxDAV - ok
20:13:08.0921 4932	mrxsmb          (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
20:13:08.0983 4932	mrxsmb - ok
20:13:09.0014 4932	mrxsmb10        (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
20:13:09.0061 4932	mrxsmb10 - ok
20:13:09.0108 4932	mrxsmb20        (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
20:13:09.0123 4932	mrxsmb20 - ok
20:13:09.0170 4932	msahci          (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
20:13:09.0186 4932	msahci - ok
20:13:09.0217 4932	msdsm           (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
20:13:09.0248 4932	msdsm - ok
20:13:09.0295 4932	Msfs            (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
20:13:09.0357 4932	Msfs - ok
20:13:09.0389 4932	mshidkmdf       (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
20:13:09.0435 4932	mshidkmdf - ok
20:13:09.0482 4932	msisadrv        (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
20:13:09.0498 4932	msisadrv - ok
20:13:09.0545 4932	MSKSSRV         (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
20:13:09.0623 4932	MSKSSRV - ok
20:13:09.0654 4932	MSPCLOCK        (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
20:13:09.0716 4932	MSPCLOCK - ok
20:13:09.0747 4932	MSPQM           (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
20:13:09.0841 4932	MSPQM - ok
20:13:09.0888 4932	MsRPC           (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
20:13:09.0919 4932	MsRPC - ok
20:13:09.0966 4932	mssmbios        (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
20:13:09.0981 4932	mssmbios - ok
20:13:09.0997 4932	MSTEE           (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
20:13:10.0059 4932	MSTEE - ok
20:13:10.0106 4932	MTConfig        (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
20:13:10.0153 4932	MTConfig - ok
20:13:10.0184 4932	Mup             (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
20:13:10.0215 4932	Mup - ok
20:13:10.0278 4932	NativeWifiP     (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
20:13:10.0340 4932	NativeWifiP - ok
20:13:10.0418 4932	NDIS            (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
20:13:10.0449 4932	NDIS - ok
20:13:10.0496 4932	NdisCap         (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
20:13:10.0527 4932	NdisCap - ok
20:13:10.0574 4932	NdisTapi        (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
20:13:10.0637 4932	NdisTapi - ok
20:13:10.0683 4932	Ndisuio         (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
20:13:10.0746 4932	Ndisuio - ok
20:13:10.0808 4932	NdisWan         (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
20:13:10.0886 4932	NdisWan - ok
20:13:10.0917 4932	NDProxy         (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
20:13:10.0995 4932	NDProxy - ok
20:13:11.0058 4932	NetBIOS         (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
20:13:11.0136 4932	NetBIOS - ok
20:13:11.0183 4932	NetBT           (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
20:13:11.0229 4932	NetBT - ok
20:13:11.0401 4932	netw5v64        (705283c02177809ca9fa7cc58a4f1e77) C:\Windows\system32\DRIVERS\netw5v64.sys
20:13:11.0635 4932	netw5v64 - ok
20:13:11.0744 4932	nfrd960         (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
20:13:11.0760 4932	nfrd960 - ok
20:13:11.0822 4932	Npfs            (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
20:13:11.0900 4932	Npfs - ok
20:13:11.0931 4932	nsiproxy        (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
20:13:11.0978 4932	nsiproxy - ok
20:13:12.0056 4932	Ntfs            (05d78aa5cb5f3f5c31160bdb955d0b7c) C:\Windows\system32\drivers\Ntfs.sys
20:13:12.0119 4932	Ntfs - ok
20:13:12.0134 4932	Null            (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
20:13:12.0181 4932	Null - ok
20:13:12.0243 4932	nvraid          (5d9fd91f3d38dc9da01e3cb5fa89cd48) C:\Windows\system32\drivers\nvraid.sys
20:13:12.0275 4932	nvraid - ok
20:13:12.0290 4932	nvstor          (f7cd50fe7139f07e77da8ac8033d1832) C:\Windows\system32\drivers\nvstor.sys
20:13:12.0306 4932	nvstor - ok
20:13:12.0337 4932	nv_agp          (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
20:13:12.0353 4932	nv_agp - ok
20:13:12.0399 4932	ohci1394        (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
20:13:12.0431 4932	ohci1394 - ok
20:13:12.0493 4932	Parport         (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
20:13:12.0524 4932	Parport - ok
20:13:12.0571 4932	partmgr         (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
20:13:12.0602 4932	partmgr - ok
20:13:12.0680 4932	pccsmcfd        (bc0018c2d29f655188a0ed3fa94fdb24) C:\Windows\system32\DRIVERS\pccsmcfdx64.sys
20:13:12.0758 4932	pccsmcfd - ok
20:13:12.0805 4932	pci             (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
20:13:12.0836 4932	pci - ok
20:13:12.0852 4932	pciide          (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
20:13:12.0867 4932	pciide - ok
20:13:12.0899 4932	pcmcia          (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
20:13:12.0914 4932	pcmcia - ok
20:13:12.0961 4932	pcw             (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
20:13:12.0977 4932	pcw - ok
20:13:13.0008 4932	PEAUTH          (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
20:13:13.0070 4932	PEAUTH - ok
20:13:13.0179 4932	PptpMiniport    (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
20:13:13.0242 4932	PptpMiniport - ok
20:13:13.0289 4932	Processor       (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
20:13:13.0335 4932	Processor - ok
20:13:13.0398 4932	Psched          (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
20:13:13.0476 4932	Psched - ok
20:13:13.0523 4932	PxHlpa64        (87b04878a6d59d6c79251dc960c674c1) C:\Windows\system32\Drivers\PxHlpa64.sys
20:13:13.0538 4932	PxHlpa64 - ok
20:13:13.0601 4932	ql2300          (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
20:13:13.0647 4932	ql2300 - ok
20:13:13.0679 4932	ql40xx          (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
20:13:13.0694 4932	ql40xx - ok
20:13:13.0741 4932	QWAVEdrv        (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
20:13:13.0788 4932	QWAVEdrv - ok
20:13:13.0819 4932	RasAcd          (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
20:13:13.0866 4932	RasAcd - ok
20:13:13.0913 4932	RasAgileVpn     (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
20:13:13.0944 4932	RasAgileVpn - ok
20:13:14.0006 4932	Rasl2tp         (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
20:13:14.0069 4932	Rasl2tp - ok
20:13:14.0115 4932	RasPppoe        (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
20:13:14.0193 4932	RasPppoe - ok
20:13:14.0209 4932	RasSstp         (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
20:13:14.0256 4932	RasSstp - ok
20:13:14.0318 4932	rdbss           (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
20:13:14.0412 4932	rdbss - ok
20:13:14.0443 4932	rdpbus          (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
20:13:14.0505 4932	rdpbus - ok
20:13:14.0521 4932	RDPCDD          (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
20:13:14.0568 4932	RDPCDD - ok
20:13:14.0599 4932	RDPENCDD        (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
20:13:14.0661 4932	RDPENCDD - ok
20:13:14.0693 4932	RDPREFMP        (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
20:13:14.0724 4932	RDPREFMP - ok
20:13:14.0771 4932	RDPWD           (15b66c206b5cb095bab980553f38ed23) C:\Windows\system32\drivers\RDPWD.sys
20:13:14.0817 4932	RDPWD - ok
20:13:14.0864 4932	rdyboost        (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
20:13:14.0911 4932	rdyboost - ok
20:13:14.0942 4932	RFCOMM          (3dd798846e2c28102b922c56e71b7932) C:\Windows\system32\DRIVERS\rfcomm.sys
20:13:14.0989 4932	RFCOMM - ok
20:13:15.0036 4932	rimsptsk        (258aadb43e3f3468b5cf8cb0f84872c2) C:\Windows\system32\DRIVERS\rimssn64.sys
20:13:15.0098 4932	rimsptsk - ok
20:13:15.0145 4932	risdptsk        (71e182a0de1cecb3f912960716345405) C:\Windows\system32\DRIVERS\risdsn64.sys
20:13:15.0207 4932	risdptsk - ok
20:13:15.0254 4932	rspndr          (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
20:13:15.0317 4932	rspndr - ok
20:13:15.0379 4932	RTHDMIAzAudService (34f05c417f038ffa3bef69b798d7d7dd) C:\Windows\system32\drivers\RtHDMIVX.sys
20:13:15.0457 4932	RTHDMIAzAudService - ok
20:13:15.0504 4932	sbp2port        (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
20:13:15.0535 4932	sbp2port - ok
20:13:15.0582 4932	scfilter        (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
20:13:15.0660 4932	scfilter - ok
20:13:15.0738 4932	sdbus           (111e0ebc0ad79cb0fa014b907b231cf0) C:\Windows\system32\drivers\sdbus.sys
20:13:15.0785 4932	sdbus - ok
20:13:15.0831 4932	secdrv          (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
20:13:15.0878 4932	secdrv - ok
20:13:15.0925 4932	Serenum         (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
20:13:15.0956 4932	Serenum - ok
20:13:15.0987 4932	Serial          (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
20:13:16.0034 4932	Serial - ok
20:13:16.0097 4932	sermouse        (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
20:13:16.0128 4932	sermouse - ok
20:13:16.0206 4932	SFEP            (70f9c476b62de4f2823e918a6c181ade) C:\Windows\system32\DRIVERS\SFEP.sys
20:13:16.0253 4932	SFEP - ok
20:13:16.0299 4932	sffdisk         (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
20:13:16.0346 4932	sffdisk - ok
20:13:16.0362 4932	sffp_mmc        (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
20:13:16.0393 4932	sffp_mmc - ok
20:13:16.0409 4932	sffp_sd         (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
20:13:16.0424 4932	sffp_sd - ok
20:13:16.0487 4932	sfloppy         (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
20:13:16.0533 4932	sfloppy - ok
20:13:16.0611 4932	SiSRaid2        (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
20:13:16.0643 4932	SiSRaid2 - ok
20:13:16.0674 4932	SiSRaid4        (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
20:13:16.0689 4932	SiSRaid4 - ok
20:13:16.0736 4932	Smb             (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
20:13:16.0814 4932	Smb - ok
20:13:16.0877 4932	spldr           (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
20:13:16.0892 4932	spldr - ok
20:13:16.0955 4932	srv             (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
20:13:17.0033 4932	srv - ok
20:13:17.0064 4932	srv2            (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
20:13:17.0111 4932	srv2 - ok
20:13:17.0173 4932	SrvHsfHDA       (0c4540311e11664b245a263e1154cef8) C:\Windows\system32\DRIVERS\VSTAZL6.SYS
20:13:17.0220 4932	SrvHsfHDA - ok
20:13:17.0251 4932	SrvHsfV92       (02071d207a9858fbe3a48cbfd59c4a04) C:\Windows\system32\DRIVERS\VSTDPV6.SYS
20:13:17.0313 4932	SrvHsfV92 - ok
20:13:17.0360 4932	SrvHsfWinac     (18e40c245dbfaf36fd0134a7ef2df396) C:\Windows\system32\DRIVERS\VSTCNXT6.SYS
20:13:17.0391 4932	SrvHsfWinac - ok
20:13:17.0438 4932	srvnet          (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
20:13:17.0485 4932	srvnet - ok
20:13:17.0532 4932	stexstor        (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
20:13:17.0563 4932	stexstor - ok
20:13:17.0610 4932	swenum          (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
20:13:17.0625 4932	swenum - ok
20:13:17.0781 4932	Tcpip           (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys
20:13:17.0875 4932	Tcpip - ok
20:13:17.0984 4932	TCPIP6          (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys
20:13:18.0047 4932	TCPIP6 - ok
20:13:18.0093 4932	tcpipreg        (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
20:13:18.0140 4932	tcpipreg - ok
20:13:18.0187 4932	TDPIPE          (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
20:13:18.0218 4932	TDPIPE - ok
20:13:18.0234 4932	TDTCP           (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
20:13:18.0281 4932	TDTCP - ok
20:13:18.0327 4932	tdx             (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
20:13:18.0374 4932	tdx - ok
20:13:18.0421 4932	TermDD          (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
20:13:18.0437 4932	TermDD - ok
20:13:18.0499 4932	tssecsrv        (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
20:13:18.0561 4932	tssecsrv - ok
20:13:18.0608 4932	TsUsbFlt        (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
20:13:18.0655 4932	TsUsbFlt - ok
20:13:18.0717 4932	tunnel          (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
20:13:18.0795 4932	tunnel - ok
20:13:18.0827 4932	uagp35          (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
20:13:18.0858 4932	uagp35 - ok
20:13:18.0936 4932	udfs            (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
20:13:18.0998 4932	udfs - ok
20:13:19.0045 4932	uliagpkx        (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
20:13:19.0061 4932	uliagpkx - ok
20:13:19.0107 4932	umbus           (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
20:13:19.0123 4932	umbus - ok
20:13:19.0154 4932	UmPass          (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
20:13:19.0185 4932	UmPass - ok
20:13:19.0232 4932	usbccgp         (481dff26b4dca8f4cbac1f7dce1d6829) C:\Windows\system32\drivers\usbccgp.sys
20:13:19.0279 4932	usbccgp - ok
20:13:19.0341 4932	usbcir          (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
20:13:19.0404 4932	usbcir - ok
20:13:19.0451 4932	usbehci         (74ee782b1d9c241efe425565854c661c) C:\Windows\system32\drivers\usbehci.sys
20:13:19.0497 4932	usbehci - ok
20:13:19.0529 4932	usbhub          (dc96bd9ccb8403251bcf25047573558e) C:\Windows\system32\drivers\usbhub.sys
20:13:19.0575 4932	usbhub - ok
20:13:19.0607 4932	usbohci         (58e546bbaf87664fc57e0f6081e4f609) C:\Windows\system32\drivers\usbohci.sys
20:13:19.0622 4932	usbohci - ok
20:13:19.0653 4932	usbprint        (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
20:13:19.0700 4932	usbprint - ok
20:13:19.0778 4932	usbser          (0f0c72a657c622286013788b886968ad) C:\Windows\system32\drivers\usbser.sys
20:13:19.0825 4932	usbser - ok
20:13:19.0872 4932	USBSTOR         (d76510cfa0fc09023077f22c2f979d86) C:\Windows\system32\drivers\USBSTOR.SYS
20:13:19.0919 4932	USBSTOR - ok
20:13:19.0965 4932	usbuhci         (81fb2216d3a60d1284455d511797db3d) C:\Windows\system32\drivers\usbuhci.sys
20:13:19.0981 4932	usbuhci - ok
20:13:20.0028 4932	usbvideo        (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\System32\Drivers\usbvideo.sys
20:13:20.0059 4932	usbvideo - ok
20:13:20.0137 4932	vdrvroot        (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
20:13:20.0168 4932	vdrvroot - ok
20:13:20.0199 4932	vga             (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
20:13:20.0231 4932	vga - ok
20:13:20.0246 4932	VgaSave         (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
20:13:20.0324 4932	VgaSave - ok
20:13:20.0371 4932	vhdmp           (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
20:13:20.0402 4932	vhdmp - ok
20:13:20.0449 4932	viaide          (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
20:13:20.0465 4932	viaide - ok
20:13:20.0496 4932	volmgr          (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
20:13:20.0511 4932	volmgr - ok
20:13:20.0558 4932	volmgrx         (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
20:13:20.0589 4932	volmgrx - ok
20:13:20.0621 4932	volsnap         (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
20:13:20.0636 4932	volsnap - ok
20:13:20.0683 4932	vsmraid         (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
20:13:20.0699 4932	vsmraid - ok
20:13:20.0745 4932	vwifibus        (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
20:13:20.0777 4932	vwifibus - ok
20:13:20.0792 4932	vwififlt        (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
20:13:20.0808 4932	vwififlt - ok
20:13:20.0855 4932	WacomPen        (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
20:13:20.0901 4932	WacomPen - ok
20:13:20.0964 4932	WANARP          (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
20:13:21.0042 4932	WANARP - ok
20:13:21.0042 4932	Wanarpv6        (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
20:13:21.0089 4932	Wanarpv6 - ok
20:13:21.0135 4932	Wd              (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
20:13:21.0167 4932	Wd - ok
20:13:21.0198 4932	Wdf01000        (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
20:13:21.0245 4932	Wdf01000 - ok
20:13:21.0291 4932	WfpLwf          (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
20:13:21.0323 4932	WfpLwf - ok
20:13:21.0354 4932	WIMMount        (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
20:13:21.0369 4932	WIMMount - ok
20:13:21.0463 4932	WinUsb          (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
20:13:21.0510 4932	WinUsb - ok
20:13:21.0572 4932	WmiAcpi         (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
20:13:21.0603 4932	WmiAcpi - ok
20:13:21.0650 4932	ws2ifsl         (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
20:13:21.0681 4932	ws2ifsl - ok
20:13:21.0728 4932	WudfPf          (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
20:13:21.0791 4932	WudfPf - ok
20:13:21.0822 4932	WUDFRd          (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
20:13:21.0869 4932	WUDFRd - ok
20:13:21.0947 4932	yukonw7         (6affd75c6807b3dd3ab018e27b88ef95) C:\Windows\system32\DRIVERS\yk62x64.sys
20:13:22.0025 4932	yukonw7 - ok
20:13:22.0071 4932	MBR (0x1B8)     (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
20:13:22.0243 4932	\Device\Harddisk0\DR0 - ok
20:13:22.0243 4932	Boot (0x1200)   (6c8ada99bd4e47d432ebc96f110acc66) \Device\Harddisk0\DR0\Partition0
20:13:22.0243 4932	\Device\Harddisk0\DR0\Partition0 - ok
20:13:22.0274 4932	Boot (0x1200)   (b2d3c31b89ecd5dc62caceed0ddcce08) \Device\Harddisk0\DR0\Partition1
20:13:22.0274 4932	\Device\Harddisk0\DR0\Partition1 - ok
20:13:22.0274 4932	============================================================
20:13:22.0274 4932	Scan finished
20:13:22.0274 4932	============================================================
20:13:22.0305 4948	Detected object count: 2
20:13:22.0305 4948	Actual detected object count: 2
         

Antwort

Themen zu Malewarebytes Antimalware stoppt "svchost.exe" ip :82.98.97.183 bis 82.98.97.205
.dll, autorun, avast, avg, bho, c:\windows\system32\services.exe, converter, desktop, dllhost.exe, error, eudora, firefox, home, internet, langs, logfile, mbamservice.exe, mp3, nodrives, nt.dll, ntdll.dll, programm, prozesse, realtek, registry, rundll, sched.exe, senden, services.exe, software, studio, svchost.exe, verweise, warnung, windows, wuauclt.exe



Ähnliche Themen: Malewarebytes Antimalware stoppt "svchost.exe" ip :82.98.97.183 bis 82.98.97.205


  1. in chrome + explorer "kann Seite nicht anzeigen"/stoppt
    Plagegeister aller Art und deren Bekämpfung - 31.08.2015 (11)
  2. Trojaner "c:\windows\system32\svchost.exe "Avast - Infektion geblockt"
    Log-Analyse und Auswertung - 07.06.2015 (16)
  3. Diverse Malware ("CoolSaleCoupon", "ddownlloaditkeep", "omiga-plus", "SaveSense", "SaleItCoupon"); lahmer PC & viel Werbung!
    Plagegeister aller Art und deren Bekämpfung - 11.01.2015 (16)
  4. "monstermarketplace.com" Infektion und ihre Folgen; "Anti-Virus-Blocker"," unsichtbare Toolbars" + "Browser-Hijacker" von selbst installiert
    Log-Analyse und Auswertung - 16.11.2013 (21)
  5. Malewarebytes fand infizierte Datei "PUP.Optional.DownloadSponsor.A"
    Log-Analyse und Auswertung - 22.10.2013 (8)
  6. GMER-Scan stoppt mit "Kein Datenträger"
    Plagegeister aller Art und deren Bekämpfung - 15.07.2013 (31)
  7. habe Malewarebytes,TDSS Killer,OTL und gmer vom Laptop Entfernt und danach ein avira fund ""EXP/JS.Expack.EB" gemacht
    Mülltonne - 05.02.2013 (1)
  8. Gerade GVU Trojaner mit Webcam "gehabt", ist es wirklich dank Malewarebytes weg? Wo ist die "Lücke"?
    Plagegeister aller Art und deren Bekämpfung - 10.08.2012 (23)
  9. Erster Quickscan mit Malewarebytes.53 erkannte Objekte wie "c:/WINDOWS/websvr/htdocs/system/FOLD.."
    Log-Analyse und Auswertung - 22.10.2011 (3)
  10. Laptop stoppt das Hochfahren bei der Anzeige "Loading personal settings"
    Plagegeister aller Art und deren Bekämpfung - 20.09.2011 (14)
  11. "Security Suite" wird von Malewarebytes nicht erkannt.
    Plagegeister aller Art und deren Bekämpfung - 05.09.2010 (20)
  12. Habe Laptop meines Freundes mit dem "Antimalware Doctor" infiziert!
    Plagegeister aller Art und deren Bekämpfung - 08.06.2010 (1)
  13. Virus "Daurso.A" in Datei "svchost.exe"
    Plagegeister aller Art und deren Bekämpfung - 01.06.2010 (15)
  14. dhm.scr geladen, dann ausgeführt ("Testen"), Norton SONAR stoppt und löscht, was nun?
    Mülltonne - 24.05.2010 (2)
  15. AVG findet "Trojan horse Generic15.EAM", Antimalware "Trojan.Agent" + "Rootkit.Agent"
    Plagegeister aller Art und deren Bekämpfung - 03.11.2009 (13)
  16. PC "stoppt" in regelmäßigen Abständen
    Log-Analyse und Auswertung - 17.01.2009 (4)
  17. "Adware.Virtumonde"/"Downloader.MisleadApp"/"TR/VB.agt.4"/"NewDotNet.A.1350"/"Fakerec
    Plagegeister aller Art und deren Bekämpfung - 22.08.2008 (6)

Zum Thema Malewarebytes Antimalware stoppt "svchost.exe" ip :82.98.97.183 bis 82.98.97.205 - Hallo, Antimalware stoppt immer den zugriff auf "svchost.exe" Dieses geschiet ca alle 10 Minuten. Antivir Code: Alles auswählen Aufklappen ATTFilter Avira Free Antivirus Erstellungsdatum der Reportdatei: Sonntag, 25. Dezember 2011 - Malewarebytes Antimalware stoppt "svchost.exe" ip :82.98.97.183 bis 82.98.97.205...
Archiv
Du betrachtest: Malewarebytes Antimalware stoppt "svchost.exe" ip :82.98.97.183 bis 82.98.97.205 auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.