| |
| |||||||
Log-Analyse und Auswertung: Malewarebytes Antimalware stoppt "svchost.exe" ip :82.98.97.183 bis 82.98.97.205Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte. |
 |
27.12.2011, 21:29
| #1 |
 |  Malewarebytes Antimalware stoppt "svchost.exe" ip :82.98.97.183 bis 82.98.97.205 Hallo, Antimalware stoppt immer den zugriff auf "svchost.exe" Dieses geschiet ca alle 10 Minuten. Antivir Code:
ATTFilter
Avira Free Antivirus
Erstellungsdatum der Reportdatei: Sonntag, 25. Dezember 2011 23:39
Es wird nach 2970283 Virenstämmen gesucht.
Das Programm läuft als uneingeschränkte Vollversion.
Online-Dienste stehen zur Verfügung.
Lizenznehmer : Avira AntiVir Personal - Free Antivirus
Seriennummer : 0000149996-ADJIE-0000001
Plattform : Windows 7 x64
Windowsversion : (plain) [6.1.7600]
Boot Modus : Normal gebootet
Benutzername : Sony User
Computername : SONYUSER-VAIO
Versionsinformationen:
BUILD.DAT : 12.0.0.872 41826 Bytes 15.12.2011 16:24:00
AVSCAN.EXE : 12.1.0.18 490448 Bytes 15.12.2011 13:59:39
AVSCAN.DLL : 12.1.0.17 65744 Bytes 15.12.2011 13:59:56
LUKE.DLL : 12.1.0.17 68304 Bytes 15.12.2011 13:59:47
AVSCPLR.DLL : 12.1.0.21 99536 Bytes 15.12.2011 13:59:39
AVREG.DLL : 12.1.0.27 227536 Bytes 15.12.2011 13:59:38
VBASE000.VDF : 7.10.0.0 19875328 Bytes 06.11.2009 18:18:34
VBASE001.VDF : 7.11.0.0 13342208 Bytes 14.12.2010 23:31:49
VBASE002.VDF : 7.11.19.170 14374912 Bytes 20.12.2011 21:08:17
VBASE003.VDF : 7.11.19.171 2048 Bytes 20.12.2011 21:08:17
VBASE004.VDF : 7.11.19.172 2048 Bytes 20.12.2011 21:08:17
VBASE005.VDF : 7.11.19.173 2048 Bytes 20.12.2011 21:08:17
VBASE006.VDF : 7.11.19.174 2048 Bytes 20.12.2011 21:08:17
VBASE007.VDF : 7.11.19.175 2048 Bytes 20.12.2011 21:08:17
VBASE008.VDF : 7.11.19.176 2048 Bytes 20.12.2011 21:08:18
VBASE009.VDF : 7.11.19.177 2048 Bytes 20.12.2011 21:08:18
VBASE010.VDF : 7.11.19.178 2048 Bytes 20.12.2011 21:08:18
VBASE011.VDF : 7.11.19.179 2048 Bytes 20.12.2011 21:08:18
VBASE012.VDF : 7.11.19.180 2048 Bytes 20.12.2011 21:08:18
VBASE013.VDF : 7.11.19.217 182784 Bytes 22.12.2011 21:08:18
VBASE014.VDF : 7.11.19.255 148480 Bytes 24.12.2011 21:08:19
VBASE015.VDF : 7.11.20.0 2048 Bytes 24.12.2011 21:08:19
VBASE016.VDF : 7.11.20.1 2048 Bytes 24.12.2011 21:08:19
VBASE017.VDF : 7.11.20.2 2048 Bytes 24.12.2011 21:08:19
VBASE018.VDF : 7.11.20.3 2048 Bytes 24.12.2011 21:08:19
VBASE019.VDF : 7.11.20.4 2048 Bytes 24.12.2011 21:08:19
VBASE020.VDF : 7.11.20.5 2048 Bytes 24.12.2011 21:08:19
VBASE021.VDF : 7.11.20.6 2048 Bytes 24.12.2011 21:08:19
VBASE022.VDF : 7.11.20.7 2048 Bytes 24.12.2011 21:08:19
VBASE023.VDF : 7.11.20.8 2048 Bytes 24.12.2011 21:08:19
VBASE024.VDF : 7.11.20.9 2048 Bytes 24.12.2011 21:08:19
VBASE025.VDF : 7.11.20.10 2048 Bytes 24.12.2011 21:08:19
VBASE026.VDF : 7.11.20.11 2048 Bytes 24.12.2011 21:08:19
VBASE027.VDF : 7.11.20.12 2048 Bytes 24.12.2011 21:08:19
VBASE028.VDF : 7.11.20.13 2048 Bytes 24.12.2011 21:08:19
VBASE029.VDF : 7.11.20.14 2048 Bytes 24.12.2011 21:08:19
VBASE030.VDF : 7.11.20.15 2048 Bytes 24.12.2011 21:08:19
VBASE031.VDF : 7.11.20.18 81920 Bytes 25.12.2011 21:08:20
Engineversion : 8.2.8.8
AEVDF.DLL : 8.1.2.2 106868 Bytes 15.12.2011 13:59:36
AESCRIPT.DLL : 8.1.3.92 495996 Bytes 25.12.2011 21:08:24
AESCN.DLL : 8.1.7.2 127349 Bytes 14.12.2011 23:31:02
AESBX.DLL : 8.2.4.5 434549 Bytes 15.12.2011 13:59:35
AERDL.DLL : 8.1.9.15 639348 Bytes 14.12.2011 23:31:02
AEPACK.DLL : 8.2.15.1 770423 Bytes 15.12.2011 13:59:35
AEOFFICE.DLL : 8.1.2.24 201084 Bytes 25.12.2011 21:08:23
AEHEUR.DLL : 8.1.3.8 4231543 Bytes 25.12.2011 21:08:23
AEHELP.DLL : 8.1.18.0 254327 Bytes 15.12.2011 13:59:31
AEGEN.DLL : 8.1.5.17 405877 Bytes 15.12.2011 13:59:31
AEEMU.DLL : 8.1.3.0 393589 Bytes 14.12.2011 23:30:58
AECORE.DLL : 8.1.24.2 201080 Bytes 25.12.2011 21:08:20
AEBB.DLL : 8.1.1.0 53618 Bytes 14.12.2011 23:30:58
AVWINLL.DLL : 12.1.0.17 27344 Bytes 15.12.2011 13:59:41
AVPREF.DLL : 12.1.0.17 51920 Bytes 15.12.2011 13:59:38
AVREP.DLL : 12.1.0.17 179408 Bytes 15.12.2011 13:59:38
AVARKT.DLL : 12.1.0.19 208848 Bytes 15.12.2011 13:59:36
AVEVTLOG.DLL : 12.1.0.17 169168 Bytes 15.12.2011 13:59:37
SQLITE3.DLL : 3.7.0.0 398288 Bytes 15.12.2011 13:59:50
AVSMTP.DLL : 12.1.0.17 62928 Bytes 15.12.2011 13:59:39
NETNT.DLL : 12.1.0.17 17104 Bytes 15.12.2011 13:59:47
RCIMAGE.DLL : 12.1.0.17 4447952 Bytes 15.12.2011 13:59:58
RCTEXT.DLL : 12.1.0.16 98512 Bytes 15.12.2011 13:59:59
Konfiguration für den aktuellen Suchlauf:
Job Name..............................: Lokale Laufwerke
Konfigurationsdatei...................: C:\Program Files (x86)\Avira\AntiVir Desktop\alldrives.avp
Protokollierung.......................: standard
Primäre Aktion........................: löschen
Sekundäre Aktion......................: löschen
Durchsuche Masterbootsektoren.........: ein
Durchsuche Bootsektoren...............: ein
Bootsektoren..........................: C:, D:, E:, F:,
Durchsuche aktive Programme...........: ein
Durchsuche Registrierung..............: ein
Suche nach Rootkits...................: ein
Integritätsprüfung von Systemdateien..: ein
Datei Suchmodus.......................: Alle Dateien
Durchsuche Archive....................: ein
Rekursionstiefe einschränken..........: 20
Archiv Smart Extensions...............: ein
Abweichende Archivtypen...............: +BSD Mailbox, +Netscape/Mozilla Mailbox, +Eudora Mailbox, +Squid cache, +Pegasus Mailbox, +MS Outlook Mailbox, +ISO 9660,
Makrovirenheuristik...................: ein
Dateiheuristik........................: vollständig
Abweichende Gefahrenkategorien........: +APPL,+GAME,+JOKE,+PCK,+PFS,+SPR,
Beginn des Suchlaufs: Sonntag, 25. Dezember 2011 23:39
Der Suchlauf über die Masterbootsektoren wird begonnen:
Masterbootsektor HD0
[INFO] Es wurde kein Virus gefunden!
Masterbootsektor HD1
[INFO] Es wurde kein Virus gefunden!
Masterbootsektor HD2
[INFO] Es wurde kein Virus gefunden!
Der Suchlauf über die Bootsektoren wird begonnen:
Bootsektor 'C:\'
[INFO] Es wurde kein Virus gefunden!
Bootsektor 'D:\'
[INFO] Im Laufwerk 'D:\' ist kein Datenträger eingelegt!
Bootsektor 'E:\'
[INFO] Im Laufwerk 'E:\' ist kein Datenträger eingelegt!
Der Suchlauf nach versteckten Objekten wird begonnen.
Der Suchlauf über gestartete Prozesse wird begonnen:
Durchsuche Prozess 'avscan.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'avcenter.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'mbamgui.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'mbamservice.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'avgnt.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'sched.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'avguard.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'AdobeARM.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'VCSW.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'ISBMgr.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'VESMgrSub.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'VMCService.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'DllHost.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'VzCdbSvc.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'VCFw.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'VESMgr.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'uCamMonitor.exe' - '1' Modul(e) wurden durchsucht
Untersuchung der Systemdateien wird begonnen:
Signiert -> 'C:\Windows\system32\svchost.exe'
Signiert -> 'C:\Windows\system32\winlogon.exe'
Signiert -> 'C:\Windows\explorer.exe'
Signiert -> 'C:\Windows\system32\smss.exe'
Signiert -> 'C:\Windows\system32\wininet.DLL'
Signiert -> 'C:\Windows\system32\wsock32.DLL'
Signiert -> 'C:\Windows\system32\ws2_32.DLL'
Signiert -> 'C:\Windows\system32\services.exe'
Signiert -> 'C:\Windows\system32\lsass.exe'
Signiert -> 'C:\Windows\system32\csrss.exe'
Signiert -> 'C:\Windows\system32\drivers\kbdclass.sys'
Signiert -> 'C:\Windows\system32\spoolsv.exe'
Signiert -> 'C:\Windows\system32\alg.exe'
Signiert -> 'C:\Windows\system32\wuauclt.exe'
Signiert -> 'C:\Windows\system32\advapi32.DLL'
Signiert -> 'C:\Windows\system32\user32.DLL'
Signiert -> 'C:\Windows\system32\gdi32.DLL'
Signiert -> 'C:\Windows\system32\kernel32.DLL'
Signiert -> 'C:\Windows\system32\ntdll.DLL'
Signiert -> 'C:\Windows\system32\ntoskrnl.exe'
Signiert -> 'C:\Windows\system32\ctfmon.exe'
Die Systemdateien wurden durchsucht ('21' Dateien)
Der Suchlauf auf Verweise zu ausführbaren Dateien (Registry) wird begonnen:
Die Registry wurde durchsucht ( '2857' Dateien ).
Der Suchlauf über die ausgewählten Dateien wird begonnen:
Beginne mit der Suche in 'C:\'
C:\Users\Sony User\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KTDI2CKT\wlsetup-all.exe
[0] Archivtyp: Portable Executable Resource
--> object
[1] Archivtyp: CAB (Microsoft)
--> WriterProdLang.7z
[2] Archivtyp: 7-Zip
--> WriterProdLang.cab
[3] Archivtyp: CAB (Microsoft)
--> writerprodlang.msi
[WARNUNG] Die Datei konnte nicht gelesen werden!
--> object
[1] Archivtyp: CAB (Microsoft)
--> LanguageSelector64.7z
[2] Archivtyp: 7-Zip
--> LanguageSelector64.cab
[3] Archivtyp: CAB (Microsoft)
--> LanguageSelector64.msi
[WARNUNG] Die Datei konnte nicht gelesen werden!
C:\Users\Sony User\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\12\1dd6a40c-251ef117
[0] Archivtyp: ZIP
--> ________vload.class
[FUND] Enthält Erkennungsmuster des Exploits EXP/CVE-2008-5353.KM
--> vmain.class
[FUND] Enthält Erkennungsmuster des Exploits EXP/CVE-2008-5353.ND
[HINWEIS] Eine Sicherungskopie wurde unter dem Namen 4944268e.qua erstellt ( QUARANTÄNE )
[HINWEIS] Die Datei wurde gelöscht.
C:\Users\Sony User\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\18\105e14d2-140a64fd
[0] Archivtyp: ZIP
--> Base64cod.class
[FUND] Enthält Erkennungsmuster des Java-Virus JAVA/Dldr.Small.hej
--> Googles.class
[FUND] Enthält Erkennungsmuster des Java-Virus JAVA/Agent.F.18035
[HINWEIS] Eine Sicherungskopie wurde unter dem Namen 51a4091d.qua erstellt ( QUARANTÄNE )
[HINWEIS] Die Datei wurde gelöscht.
C:\Users\Sony User\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\23\160ba957-7a18bb26
[0] Archivtyp: ZIP
--> ________vload.class
[FUND] Enthält Erkennungsmuster des Java-Virus JAVA/Agent.AH
--> vmain.class
[FUND] Enthält Erkennungsmuster des Exploits EXP/CVE-2008-5353.PA
[HINWEIS] Eine Sicherungskopie wurde unter dem Namen 03f053fc.qua erstellt ( QUARANTÄNE )
[HINWEIS] Die Datei wurde gelöscht.
C:\Users\Sony User\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\25\cf0c019-64d6e84d
[0] Archivtyp: ZIP
--> sunos/Globales.class
[FUND] Enthält Erkennungsmuster des Java-Virus JAVA/SystemSpy.A.1
--> sunos/Manuals.class
[FUND] Enthält Erkennungsmuster des Java-Virus JAVA/ClassLoad.AF
--> sunos/Support.class
[FUND] Enthält Erkennungsmuster des Java-Virus JAVA/ClassLo.AF.1.B
[HINWEIS] Eine Sicherungskopie wurde unter dem Namen 65c71c09.qua erstellt ( QUARANTÄNE )
[HINWEIS] Die Datei wurde gelöscht.
C:\Users\Sony User\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\28\68a9cc5c-188bb89d
[0] Archivtyp: ZIP
--> ________vload.class
[FUND] Enthält Erkennungsmuster des Java-Virus JAVA/Agent.AH
--> vmain.class
[FUND] Enthält Erkennungsmuster des Exploits EXP/CVE-2008-5353.PA
[HINWEIS] Eine Sicherungskopie wurde unter dem Namen 203c3119.qua erstellt ( QUARANTÄNE )
[HINWEIS] Die Datei wurde gelöscht.
C:\Users\Sony User\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\33\30feb821-7be8da52
[0] Archivtyp: ZIP
--> ________vload.class
[FUND] Enthält Erkennungsmuster des Exploits EXP/CVE-2008-5353.KM
--> vmain.class
[FUND] Enthält Erkennungsmuster des Exploits EXP/CVE-2008-5353.ND
[HINWEIS] Eine Sicherungskopie wurde unter dem Namen 5f220364.qua erstellt ( QUARANTÄNE )
[HINWEIS] Die Datei wurde gelöscht.
C:\Users\Sony User\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\37\170f8765-23c4db87
[0] Archivtyp: ZIP
--> vmain.class
[FUND] Enthält Erkennungsmuster des Java-Virus JAVA/Agent.AL.3
[HINWEIS] Eine Sicherungskopie wurde unter dem Namen 13e02f37.qua erstellt ( QUARANTÄNE )
[HINWEIS] Die Datei wurde gelöscht.
C:\Users\Sony User\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\38\706b3426-4717d0eb
[0] Archivtyp: ZIP
--> bpac/a$1.class
[FUND] Enthält Erkennungsmuster des Exploits EXP/Java.EG
--> bpac/a.class
[FUND] Enthält Erkennungsmuster des Java-Virus JAVA/OpenConnect.CF
--> bpac/b.class
[FUND] Enthält Erkennungsmuster des Exploits EXP/CVE-2010-0840.L
--> bpac/KAVS.class
[FUND] Enthält Erkennungsmuster des Exploits EXP/CVE-2010-0840.BB
[HINWEIS] Eine Sicherungskopie wurde unter dem Namen 6ff26f7e.qua erstellt ( QUARANTÄNE )
[HINWEIS] Die Datei wurde gelöscht.
C:\Users\Sony User\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\49\1eff1eb1-611bcd93
[0] Archivtyp: ZIP
--> vmain.class
[FUND] Enthält Erkennungsmuster des Exploits EXP/CVE-2009-3867.GC
[HINWEIS] Eine Sicherungskopie wurde unter dem Namen 42d840fc.qua erstellt ( QUARANTÄNE )
[HINWEIS] Die Datei wurde gelöscht.
C:\Users\Sony User\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\52\31bba1f4-4fcf4f20
[0] Archivtyp: ZIP
--> vmain.class
[FUND] Enthält Erkennungsmuster des Exploits EXP/CVE-2009-3867.GC
[HINWEIS] Eine Sicherungskopie wurde unter dem Namen 5bb47baa.qua erstellt ( QUARANTÄNE )
[HINWEIS] Die Datei wurde gelöscht.
C:\Users\Sony User\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\53\42441975-3ff5bb5f
[0] Archivtyp: ZIP
--> vmain.class
[FUND] Enthält Erkennungsmuster des Exploits EXP/CVE-2009-3867.EH
[HINWEIS] Eine Sicherungskopie wurde unter dem Namen 379a5784.qua erstellt ( QUARANTÄNE )
[HINWEIS] Die Datei wurde gelöscht.
C:\Users\Sony User\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\58\d552d7a-448cf279
[0] Archivtyp: ZIP
--> vmain.class
[FUND] Enthält Erkennungsmuster des Java-Virus JAVA/Agent.AL.3
[HINWEIS] Eine Sicherungskopie wurde unter dem Namen 46246e12.qua erstellt ( QUARANTÄNE )
[HINWEIS] Die Datei wurde gelöscht.
C:\Users\Sony User\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\59\4eb49b7b-6939d3d5
[0] Archivtyp: ZIP
--> sunny/MyFiles.class
[FUND] Enthält Erkennungsmuster des Java-Virus JAVA/Dldr.Age.3159
[HINWEIS] Eine Sicherungskopie wurde unter dem Namen 484b5e05.qua erstellt ( QUARANTÄNE )
[HINWEIS] Die Datei wurde gelöscht.
Beginne mit der Suche in 'D:\'
Der zu durchsuchende Pfad D:\ konnte nicht geöffnet werden!
Systemfehler [21]: Das Gerät ist nicht bereit.
Beginne mit der Suche in 'E:\'
Der zu durchsuchende Pfad E:\ konnte nicht geöffnet werden!
Systemfehler [21]: Das Gerät ist nicht bereit.
Beginne mit der Suche in 'F:\'
Der zu durchsuchende Pfad F:\ konnte nicht geöffnet werden!
Systemfehler [21]: Das Gerät ist nicht bereit.
Ende des Suchlaufs: Montag, 26. Dezember 2011 00:27
Benötigte Zeit: 48:45 Minute(n)
Der Suchlauf wurde vollständig durchgeführt.
22731 Verzeichnisse wurden überprüft
423969 Dateien wurden geprüft
23 Viren bzw. unerwünschte Programme wurden gefunden
0 Dateien wurden als verdächtig eingestuft
13 Dateien wurden gelöscht
0 Viren bzw. unerwünschte Programme wurden repariert
13 Dateien wurden in die Quarantäne verschoben
0 Dateien wurden umbenannt
0 Dateien konnten nicht durchsucht werden
423946 Dateien ohne Befall
2734 Archive wurden durchsucht
2 Warnungen
13 Hinweise
27201 Objekte wurden beim Rootkitscan durchsucht
0 Versteckte Objekte wurden gefunden
Maleware Code:
ATTFilter 09:49:20 Sony User MESSAGE Protection started successfully
09:49:25 Sony User MESSAGE IP Protection started successfully
09:57:41 Sony User IP-BLOCK 82.98.97.185 (Type: outgoing, Port: 49288, Process: svchost.exe)
09:57:41 Sony User IP-BLOCK 82.98.97.203 (Type: outgoing, Port: 49289, Process: svchost.exe)
09:57:41 Sony User IP-BLOCK 82.98.97.206 (Type: outgoing, Port: 49290, Process: svchost.exe)
09:57:41 Sony User IP-BLOCK 82.98.97.183 (Type: outgoing, Port: 49291, Process: svchost.exe)
09:57:41 Sony User IP-BLOCK 82.98.97.185 (Type: outgoing, Port: 49292, Process: svchost.exe)
10:05:55 Sony User MESSAGE Protection started successfully
10:05:59 Sony User MESSAGE IP Protection started successfully
10:14:17 Sony User IP-BLOCK 82.98.97.185 (Type: outgoing, Port: 49349, Process: svchost.exe)
10:14:17 Sony User IP-BLOCK 82.98.97.203 (Type: outgoing, Port: 49350, Process: svchost.exe)
10:14:17 Sony User IP-BLOCK 82.98.97.206 (Type: outgoing, Port: 49351, Process: svchost.exe)
10:14:17 Sony User IP-BLOCK 82.98.97.183 (Type: outgoing, Port: 49352, Process: svchost.exe)
10:14:17 Sony User IP-BLOCK 82.98.97.185 (Type: outgoing, Port: 49353, Process: svchost.exe)
10:24:19 Sony User IP-BLOCK 82.98.97.203 (Type: outgoing, Port: 49365, Process: svchost.exe)
10:24:19 Sony User IP-BLOCK 82.98.97.206 (Type: outgoing, Port: 49366, Process: svchost.exe)
10:24:19 Sony User IP-BLOCK 82.98.97.183 (Type: outgoing, Port: 49367, Process: svchost.exe)
10:24:19 Sony User IP-BLOCK 82.98.97.185 (Type: outgoing, Port: 49368, Process: svchost.exe)
10:24:19 Sony User IP-BLOCK 82.98.97.203 (Type: outgoing, Port: 49369, Process: svchost.exe)
10:34:20 Sony User IP-BLOCK 82.98.97.206 (Type: outgoing, Port: 49474, Process: svchost.exe)
10:34:20 Sony User IP-BLOCK 82.98.97.183 (Type: outgoing, Port: 49475, Process: svchost.exe)
10:34:20 Sony User IP-BLOCK 82.98.97.185 (Type: outgoing, Port: 49476, Process: svchost.exe)
10:34:20 Sony User IP-BLOCK 82.98.97.203 (Type: outgoing, Port: 49477, Process: svchost.exe)
10:34:20 Sony User IP-BLOCK 82.98.97.206 (Type: outgoing, Port: 49478, Process: svchost.exe)
10:44:20 Sony User IP-BLOCK 82.98.97.183 (Type: outgoing, Port: 49796, Process: svchost.exe)
10:44:21 Sony User IP-BLOCK 82.98.97.185 (Type: outgoing, Port: 49797, Process: svchost.exe)
10:44:21 Sony User IP-BLOCK 82.98.97.203 (Type: outgoing, Port: 49798, Process: svchost.exe)
10:44:21 Sony User IP-BLOCK 82.98.97.206 (Type: outgoing, Port: 49799, Process: svchost.exe)
10:44:21 Sony User IP-BLOCK 82.98.97.183 (Type: outgoing, Port: 49800, Process: svchost.exe)
10:53:01 Sony User MESSAGE Scheduled update executed successfully
10:54:25 Sony User MESSAGE IP Protection stopped
10:54:27 Sony User MESSAGE Database updated successfully
10:54:28 Sony User MESSAGE IP Protection started successfully
11:04:19 Sony User IP-BLOCK 82.98.97.185 (Type: outgoing, Port: 49840, Process: svchost.exe)
11:04:19 Sony User IP-BLOCK 82.98.97.203 (Type: outgoing, Port: 49841, Process: svchost.exe)
11:04:19 Sony User IP-BLOCK 82.98.97.206 (Type: outgoing, Port: 49842, Process: svchost.exe)
11:04:19 Sony User IP-BLOCK 82.98.97.183 (Type: outgoing, Port: 49843, Process: svchost.exe)
11:14:20 Sony User IP-BLOCK 82.98.97.185 (Type: outgoing, Port: 49869, Process: svchost.exe)
11:14:20 Sony User IP-BLOCK 82.98.97.203 (Type: outgoing, Port: 49870, Process: svchost.exe)
11:14:20 Sony User IP-BLOCK 82.98.97.206 (Type: outgoing, Port: 49871, Process: svchost.exe)
11:14:20 Sony User IP-BLOCK 82.98.97.183 (Type: outgoing, Port: 49872, Process: svchost.exe)
11:24:23 Sony User IP-BLOCK 82.98.97.185 (Type: outgoing, Port: 49880, Process: svchost.exe)
11:24:23 Sony User IP-BLOCK 82.98.97.203 (Type: outgoing, Port: 49881, Process: svchost.exe)
11:24:23 Sony User IP-BLOCK 82.98.97.206 (Type: outgoing, Port: 49882, Process: svchost.exe)
11:24:23 Sony User IP-BLOCK 82.98.97.183 (Type: outgoing, Port: 49883, Process: svchost.exe)
11:34:17 Sony User IP-BLOCK 82.98.97.185 (Type: outgoing, Port: 49902, Process: svchost.exe)
11:34:17 Sony User IP-BLOCK 82.98.97.203 (Type: outgoing, Port: 49903, Process: svchost.exe)
11:34:17 Sony User IP-BLOCK 82.98.97.206 (Type: outgoing, Port: 49904, Process: svchost.exe)
11:34:17 Sony User IP-BLOCK 82.98.97.183 (Type: outgoing, Port: 49905, Process: svchost.exe)
11:44:17 Sony User IP-BLOCK 82.98.97.200 (Type: outgoing, Port: 49915, Process: svchost.exe)
11:54:18 Sony User IP-BLOCK 82.98.97.185 (Type: outgoing, Port: 49943, Process: svchost.exe)
11:54:18 Sony User IP-BLOCK 82.98.97.203 (Type: outgoing, Port: 49944, Process: svchost.exe)
11:54:18 Sony User IP-BLOCK 82.98.97.206 (Type: outgoing, Port: 49945, Process: svchost.exe)
11:54:18 Sony User IP-BLOCK 82.98.97.183 (Type: outgoing, Port: 49946, Process: svchost.exe)
12:04:21 Sony User IP-BLOCK 82.98.97.185 (Type: outgoing, Port: 49962, Process: svchost.exe)
12:04:21 Sony User IP-BLOCK 82.98.97.203 (Type: outgoing, Port: 49963, Process: svchost.exe)
12:04:21 Sony User IP-BLOCK 82.98.97.206 (Type: outgoing, Port: 49964, Process: svchost.exe)
12:04:21 Sony User IP-BLOCK 82.98.97.183 (Type: outgoing, Port: 49965, Process: svchost.exe)
12:14:21 Sony User IP-BLOCK 82.98.97.185 (Type: outgoing, Port: 50337, Process: svchost.exe)
12:14:21 Sony User IP-BLOCK 82.98.97.203 (Type: outgoing, Port: 50338, Process: svchost.exe)
12:14:21 Sony User IP-BLOCK 82.98.97.206 (Type: outgoing, Port: 50339, Process: svchost.exe)
12:14:21 Sony User IP-BLOCK 82.98.97.183 (Type: outgoing, Port: 50340, Process: svchost.exe)
12:24:22 Sony User IP-BLOCK 82.98.97.185 (Type: outgoing, Port: 50683, Process: svchost.exe)
12:24:22 Sony User IP-BLOCK 82.98.97.203 (Type: outgoing, Port: 50684, Process: svchost.exe)
12:24:22 Sony User IP-BLOCK 82.98.97.206 (Type: outgoing, Port: 50685, Process: svchost.exe)
12:24:22 Sony User IP-BLOCK 82.98.97.183 (Type: outgoing, Port: 50686, Process: svchost.exe)
12:34:23 Sony User IP-BLOCK 82.98.97.200 (Type: outgoing, Port: 51033, Process: svchost.exe)
12:44:23 Sony User IP-BLOCK 82.98.97.183 (Type: outgoing, Port: 51041, Process: svchost.exe)
12:44:23 Sony User IP-BLOCK 82.98.97.185 (Type: outgoing, Port: 51042, Process: svchost.exe)
12:44:23 Sony User IP-BLOCK 82.98.97.203 (Type: outgoing, Port: 51043, Process: svchost.exe)
12:44:23 Sony User IP-BLOCK 82.98.97.206 (Type: outgoing, Port: 51044, Process: svchost.exe)
12:54:19 Sony User IP-BLOCK 82.98.97.183 (Type: outgoing, Port: 51045, Process: svchost.exe)
12:54:19 Sony User IP-BLOCK 82.98.97.185 (Type: outgoing, Port: 51046, Process: svchost.exe)
12:54:19 Sony User IP-BLOCK 82.98.97.203 (Type: outgoing, Port: 51047, Process: svchost.exe)
12:54:19 Sony User IP-BLOCK 82.98.97.206 (Type: outgoing, Port: 51048, Process: svchost.exe)
13:04:20 Sony User IP-BLOCK 82.98.97.183 (Type: outgoing, Port: 51076, Process: svchost.exe)
13:04:20 Sony User IP-BLOCK 82.98.97.185 (Type: outgoing, Port: 51077, Process: svchost.exe)
13:04:20 Sony User IP-BLOCK 82.98.97.203 (Type: outgoing, Port: 51078, Process: svchost.exe)
13:04:20 Sony User IP-BLOCK 82.98.97.206 (Type: outgoing, Port: 51079, Process: svchost.exe)
13:14:22 Sony User IP-BLOCK 82.98.97.183 (Type: outgoing, Port: 51087, Process: svchost.exe)
13:14:22 Sony User IP-BLOCK 82.98.97.185 (Type: outgoing, Port: 51088, Process: svchost.exe)
13:14:22 Sony User IP-BLOCK 82.98.97.203 (Type: outgoing, Port: 51089, Process: svchost.exe)
13:14:22 Sony User IP-BLOCK 82.98.97.206 (Type: outgoing, Port: 51090, Process: svchost.exe)
13:24:24 Sony User IP-BLOCK 82.98.97.200 (Type: outgoing, Port: 51168, Process: svchost.exe)
13:34:25 Sony User IP-BLOCK 82.98.97.183 (Type: outgoing, Port: 51184, Process: svchost.exe)
13:34:25 Sony User IP-BLOCK 82.98.97.185 (Type: outgoing, Port: 51185, Process: svchost.exe)
13:34:25 Sony User IP-BLOCK 82.98.97.203 (Type: outgoing, Port: 51186, Process: svchost.exe)
13:34:25 Sony User IP-BLOCK 82.98.97.206 (Type: outgoing, Port: 51187, Process: svchost.exe)
13:44:25 Sony User IP-BLOCK 82.98.97.183 (Type: outgoing, Port: 51196, Process: svchost.exe)
13:44:25 Sony User IP-BLOCK 82.98.97.185 (Type: outgoing, Port: 51197, Process: svchost.exe)
13:44:25 Sony User IP-BLOCK 82.98.97.203 (Type: outgoing, Port: 51198, Process: svchost.exe)
13:44:25 Sony User IP-BLOCK 82.98.97.206 (Type: outgoing, Port: 51199, Process: svchost.exe)
13:54:19 Sony User IP-BLOCK 82.98.97.183 (Type: outgoing, Port: 51200, Process: svchost.exe)
13:54:19 Sony User IP-BLOCK 82.98.97.185 (Type: outgoing, Port: 51201, Process: svchost.exe)
13:54:19 Sony User IP-BLOCK 82.98.97.203 (Type: outgoing, Port: 51202, Process: svchost.exe)
13:54:20 Sony User IP-BLOCK 82.98.97.206 (Type: outgoing, Port: 51203, Process: svchost.exe)
14:11:44 Sony User IP-BLOCK 82.98.97.206 (Type: outgoing, Port: 51220, Process: svchost.exe)
14:11:44 Sony User IP-BLOCK 82.98.97.183 (Type: outgoing, Port: 51221, Process: svchost.exe)
14:11:44 Sony User IP-BLOCK 82.98.97.185 (Type: outgoing, Port: 51222, Process: svchost.exe)
14:11:44 Sony User IP-BLOCK 82.98.97.203 (Type: outgoing, Port: 51223, Process: svchost.exe)
14:21:53 Sony User IP-BLOCK 82.98.97.200 (Type: outgoing, Port: 51620, Process: svchost.exe)
14:31:53 Sony User IP-BLOCK 82.98.97.203 (Type: outgoing, Port: 51628, Process: svchost.exe)
14:31:53 Sony User IP-BLOCK 82.98.97.206 (Type: outgoing, Port: 51629, Process: svchost.exe)
14:31:53 Sony User IP-BLOCK 82.98.97.183 (Type: outgoing, Port: 51630, Process: svchost.exe)
14:31:53 Sony User IP-BLOCK 82.98.97.185 (Type: outgoing, Port: 51631, Process: svchost.exe)
14:41:53 Sony User IP-BLOCK 82.98.97.203 (Type: outgoing, Port: 51632, Process: svchost.exe)
14:41:53 Sony User IP-BLOCK 82.98.97.206 (Type: outgoing, Port: 51633, Process: svchost.exe)
14:41:54 Sony User IP-BLOCK 82.98.97.183 (Type: outgoing, Port: 51634, Process: svchost.exe)
14:41:54 Sony User IP-BLOCK 82.98.97.185 (Type: outgoing, Port: 51635, Process: svchost.exe)
14:51:54 Sony User IP-BLOCK 82.98.97.203 (Type: outgoing, Port: 51643, Process: svchost.exe)
14:51:54 Sony User IP-BLOCK 82.98.97.206 (Type: outgoing, Port: 51644, Process: svchost.exe)
14:51:54 Sony User IP-BLOCK 82.98.97.183 (Type: outgoing, Port: 51645, Process: svchost.exe)
14:51:54 Sony User IP-BLOCK 82.98.97.185 (Type: outgoing, Port: 51646, Process: svchost.exe)
15:01:54 Sony User IP-BLOCK 82.98.97.206 (Type: outgoing, Port: 51661, Process: svchost.exe)
15:01:54 Sony User IP-BLOCK 82.98.97.183 (Type: outgoing, Port: 51662, Process: svchost.exe)
15:01:55 Sony User IP-BLOCK 82.98.97.185 (Type: outgoing, Port: 51663, Process: svchost.exe)
15:01:55 Sony User IP-BLOCK 82.98.97.203 (Type: outgoing, Port: 51664, Process: svchost.exe)
15:11:55 Sony User IP-BLOCK 82.98.97.200 (Type: outgoing, Port: 51668, Process: svchost.exe)
15:21:50 Sony User IP-BLOCK 82.98.97.206 (Type: outgoing, Port: 52165, Process: svchost.exe)
15:21:51 Sony User IP-BLOCK 82.98.97.183 (Type: outgoing, Port: 52166, Process: svchost.exe)
15:21:51 Sony User IP-BLOCK 82.98.97.185 (Type: outgoing, Port: 52167, Process: svchost.exe)
15:21:51 Sony User IP-BLOCK 82.98.97.203 (Type: outgoing, Port: 52168, Process: svchost.exe)
15:31:51 Sony User IP-BLOCK 82.98.97.185 (Type: outgoing, Port: 52176, Process: svchost.exe)
15:31:51 Sony User IP-BLOCK 82.98.97.203 (Type: outgoing, Port: 52177, Process: svchost.exe)
15:31:51 Sony User IP-BLOCK 82.98.97.206 (Type: outgoing, Port: 52178, Process: svchost.exe)
15:31:51 Sony User IP-BLOCK 82.98.97.183 (Type: outgoing, Port: 52179, Process: svchost.exe)
15:41:51 Sony User IP-BLOCK 82.98.97.185 (Type: outgoing, Port: 52300, Process: svchost.exe)
15:41:51 Sony User IP-BLOCK 82.98.97.203 (Type: outgoing, Port: 52301, Process: svchost.exe)
15:41:51 Sony User IP-BLOCK 82.98.97.206 (Type: outgoing, Port: 52302, Process: svchost.exe)
15:41:51 Sony User IP-BLOCK 82.98.97.183 (Type: outgoing, Port: 52303, Process: svchost.exe)
15:51:52 Sony User IP-BLOCK 82.98.97.185 (Type: outgoing, Port: 52311, Process: svchost.exe)
15:51:52 Sony User IP-BLOCK 82.98.97.203 (Type: outgoing, Port: 52312, Process: svchost.exe)
15:51:52 Sony User IP-BLOCK 82.98.97.206 (Type: outgoing, Port: 52313, Process: svchost.exe)
15:51:52 Sony User IP-BLOCK 82.98.97.183 (Type: outgoing, Port: 52314, Process: svchost.exe)
16:01:52 Sony User IP-BLOCK 82.98.97.200 (Type: outgoing, Port: 52324, Process: svchost.exe)
18:35:34 Sony User IP-BLOCK 82.98.97.185 (Type: outgoing, Port: 52331, Process: svchost.exe)
18:40:30 Sony User MESSAGE Protection started successfully
18:40:34 Sony User MESSAGE IP Protection started successfully
18:48:51 Sony User IP-BLOCK 82.98.97.185 (Type: outgoing, Port: 49337, Process: svchost.exe)
18:48:51 Sony User IP-BLOCK 82.98.97.203 (Type: outgoing, Port: 49338, Process: svchost.exe)
18:48:51 Sony User IP-BLOCK 82.98.97.206 (Type: outgoing, Port: 49339, Process: svchost.exe)
18:48:51 Sony User IP-BLOCK 82.98.97.183 (Type: outgoing, Port: 49340, Process: svchost.exe)
18:48:51 Sony User IP-BLOCK 82.98.97.185 (Type: outgoing, Port: 49341, Process: svchost.exe)
18:58:56 Sony User IP-BLOCK 82.98.97.203 (Type: outgoing, Port: 49478, Process: svchost.exe)
18:58:56 Sony User IP-BLOCK 82.98.97.206 (Type: outgoing, Port: 49479, Process: svchost.exe)
18:58:56 Sony User IP-BLOCK 82.98.97.183 (Type: outgoing, Port: 49480, Process: svchost.exe)
18:58:56 Sony User IP-BLOCK 82.98.97.185 (Type: outgoing, Port: 49481, Process: svchost.exe)
18:58:56 Sony User IP-BLOCK 82.98.97.203 (Type: outgoing, Port: 49482, Process: svchost.exe)
19:08:49 Sony User IP-BLOCK 82.98.97.206 (Type: outgoing, Port: 50112, Process: svchost.exe)
19:08:49 Sony User IP-BLOCK 82.98.97.183 (Type: outgoing, Port: 50113, Process: svchost.exe)
19:08:49 Sony User IP-BLOCK 82.98.97.203 (Type: outgoing, Port: 50114, Process: svchost.exe)
19:08:49 Sony User IP-BLOCK 82.98.97.206 (Type: outgoing, Port: 50115, Process: svchost.exe)
19:08:49 Sony User IP-BLOCK 82.98.97.183 (Type: outgoing, Port: 50116, Process: svchost.exe)
19:18:50 Sony User IP-BLOCK 82.98.97.185 (Type: outgoing, Port: 50228, Process: svchost.exe)
19:18:50 Sony User IP-BLOCK 82.98.97.203 (Type: outgoing, Port: 50229, Process: svchost.exe)
19:18:50 Sony User IP-BLOCK 82.98.97.206 (Type: outgoing, Port: 50230, Process: svchost.exe)
19:18:50 Sony User IP-BLOCK 82.98.97.183 (Type: outgoing, Port: 50231, Process: svchost.exe)
19:18:50 Sony User IP-BLOCK 82.98.97.185 (Type: outgoing, Port: 50232, Process: svchost.exe)
19:28:53 Sony User IP-BLOCK 82.98.97.200 (Type: outgoing, Port: 50967, Process: svchost.exe)
19:38:52 Sony User IP-BLOCK 82.98.97.185 (Type: outgoing, Port: 51099, Process: svchost.exe)
19:38:52 Sony User IP-BLOCK 82.98.97.203 (Type: outgoing, Port: 51100, Process: svchost.exe)
19:38:52 Sony User IP-BLOCK 82.98.97.206 (Type: outgoing, Port: 51101, Process: svchost.exe)
19:38:52 Sony User IP-BLOCK 82.98.97.183 (Type: outgoing, Port: 51102, Process: svchost.exe)
19:48:56 Sony User IP-BLOCK 82.98.97.185 (Type: outgoing, Port: 51110, Process: svchost.exe)
19:48:56 Sony User IP-BLOCK 82.98.97.203 (Type: outgoing, Port: 51111, Process: svchost.exe)
19:48:56 Sony User IP-BLOCK 82.98.97.206 (Type: outgoing, Port: 51112, Process: svchost.exe)
19:48:56 Sony User IP-BLOCK 82.98.97.183 (Type: outgoing, Port: 51113, Process: svchost.exe)
19:58:52 Sony User IP-BLOCK 82.98.97.185 (Type: outgoing, Port: 51186, Process: svchost.exe)
19:58:52 Sony User IP-BLOCK 82.98.97.203 (Type: outgoing, Port: 51187, Process: svchost.exe)
19:58:52 Sony User IP-BLOCK 82.98.97.206 (Type: outgoing, Port: 51188, Process: svchost.exe)
19:58:52 Sony User IP-BLOCK 82.98.97.183 (Type: outgoing, Port: 51189, Process: svchost.exe)
20:08:52 Sony User IP-BLOCK 82.98.97.203 (Type: outgoing, Port: 51245, Process: svchost.exe)
20:08:52 Sony User IP-BLOCK 82.98.97.206 (Type: outgoing, Port: 51246, Process: svchost.exe)
20:08:52 Sony User IP-BLOCK 82.98.97.183 (Type: outgoing, Port: 51247, Process: svchost.exe)
20:08:52 Sony User IP-BLOCK 82.98.97.185 (Type: outgoing, Port: 51248, Process: svchost.exe)
20:18:52 Sony User IP-BLOCK 82.98.97.200 (Type: outgoing, Port: 51438, Process: svchost.exe)
20:28:52 Sony User IP-BLOCK 82.98.97.203 (Type: outgoing, Port: 51659, Process: svchost.exe)
20:28:52 Sony User IP-BLOCK 82.98.97.206 (Type: outgoing, Port: 51660, Process: svchost.exe)
20:28:52 Sony User IP-BLOCK 82.98.97.183 (Type: outgoing, Port: 51661, Process: svchost.exe)
20:28:52 Sony User IP-BLOCK 82.98.97.185 (Type: outgoing, Port: 51662, Process: svchost.exe)
20:38:55 Sony User IP-BLOCK 82.98.97.183 (Type: outgoing, Port: 51681, Process: svchost.exe)
20:38:55 Sony User IP-BLOCK 82.98.97.185 (Type: outgoing, Port: 51682, Process: svchost.exe)
20:38:55 Sony User IP-BLOCK 82.98.97.203 (Type: outgoing, Port: 51683, Process: svchost.exe)
20:38:55 Sony User IP-BLOCK 82.98.97.206 (Type: outgoing, Port: 51684, Process: svchost.exe)
20:48:51 Sony User IP-BLOCK 82.98.97.183 (Type: outgoing, Port: 51693, Process: svchost.exe)
20:48:52 Sony User IP-BLOCK 82.98.97.185 (Type: outgoing, Port: 51694, Process: svchost.exe)
20:48:52 Sony User IP-BLOCK 82.98.97.203 (Type: outgoing, Port: 51695, Process: svchost.exe)
20:48:52 Sony User IP-BLOCK 82.98.97.206 (Type: outgoing, Port: 51696, Process: svchost.exe)
20:58:56 Sony User IP-BLOCK 82.98.97.183 (Type: outgoing, Port: 51797, Process: svchost.exe)
20:58:56 Sony User IP-BLOCK 82.98.97.185 (Type: outgoing, Port: 51798, Process: svchost.exe)
20:58:56 Sony User IP-BLOCK 82.98.97.203 (Type: outgoing, Port: 51799, Process: svchost.exe)
20:58:56 Sony User IP-BLOCK 82.98.97.206 (Type: outgoing, Port: 51800, Process: svchost.exe)
21:08:53 Sony User IP-BLOCK 82.98.97.200 (Type: outgoing, Port: 52182, Process: svchost.exe)
21:18:57 Sony User IP-BLOCK 82.98.97.203 (Type: outgoing, Port: 52499, Process: svchost.exe)
21:18:57 Sony User IP-BLOCK 82.98.97.206 (Type: outgoing, Port: 52500, Process: svchost.exe)
21:18:57 Sony User IP-BLOCK 82.98.97.183 (Type: outgoing, Port: 52501, Process: svchost.exe)
21:18:57 Sony User IP-BLOCK 82.98.97.185 (Type: outgoing, Port: 52502, Process: svchost.exe)
Code:
ATTFilter OTL logfile created on: 27.12.2011 21:16:46 - Run 3 OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Sony User\Desktop 64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,97 Gb Total Physical Memory | 1,82 Gb Available Physical Memory | 45,85% Memory free 7,93 Gb Paging File | 5,52 Gb Available in Paging File | 69,60% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 456,28 Gb Total Space | 328,10 Gb Free Space | 71,91% Space Free | Partition Type: NTFS Computer Name: SONYUSER-VAIO | User Name: Sony User | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\Sony User\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) PRC - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe () PRC - C:\Users\SONYUS~1\AppData\Local\Temp\mexe.com (MicroWorld Technologies Inc.) PRC - C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe (Sony Corporation) PRC - C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe (Sony Corporation) PRC - C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe (Sony Corporation) PRC - C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe (Sony Corporation) PRC - C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe (Sony Corporation) PRC - C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe (Sony Corporation) PRC - C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe (ArcSoft, Inc.) ========== Modules (No Company Name) ========== MOD - C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll () MOD - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe () MOD - C:\Windows\SysWOW64\msjetoledb40.dll () ========== Win32 Services (SafeList) ========== SRV:64bit: - (VSNService) -- C:\Program Files\Sony\VAIO Smart Network\VSNService.exe (Sony Corporation) SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD) SRV:64bit: - (VAIO Power Management) -- C:\Program Files\Sony\VAIO Power Management\SPMService.exe (Sony Corporation) SRV:64bit: - (VcmINSMgr) -- C:\Program Files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe (Sony Corporation) SRV:64bit: - (VcmIAlzMgr) -- C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe (Sony Corporation) SRV:64bit: - (VcmXmlIfHelper) -- C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe (Sony Corporation) SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) SRV - (ServiceLayer) -- C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe (Nokia) SRV - (ACDaemon) -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.) SRV - (SOHPlMgr) -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHPlMgr.exe (Sony Corporation) SRV - (SOHDms) -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe (Sony Corporation) SRV - (SOHDs) -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe (Sony Corporation) SRV - (SOHDBSvr) -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDBSvr.exe (Sony Corporation) SRV - (SOHCImp) -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe (Sony Corporation) SRV - (RtkAudioService) -- C:\Programme\Realtek\Audio\HDA\RtkAudioService64.exe (Realtek Semiconductor) SRV - (Vcsw) -- C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe (Sony Corporation) SRV - (VAIO Entertainment TV Device Arbitration Service) -- C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VzHardwareResourceManager\VzHardwareResourceManager\VzHardwareResourceManager.exe (Sony Corporation) SRV - (VzCdbSvc) -- C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe (Sony Corporation) SRV - (VCFw) -- C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe (Sony Corporation) SRV - (btwdins) -- C:\Programme\WIDCOMM\Bluetooth Software\btwdins.exe (Broadcom Corporation.) SRV - (VAIO Event Service) -- C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe (Sony Corporation) SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) SRV - (uCamMonitor) -- C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe (ArcSoft, Inc.) ========== Driver Services (SafeList) ========== DRV:64bit: - (avkmgr) -- C:\Windows\SysNative\drivers\avkmgr.sys (Avira GmbH) DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira GmbH) DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira GmbH) DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation) DRV:64bit: - (PxHlpa64) -- C:\Windows\SysNative\drivers\PxHlpa64.sys (Sonic Solutions) DRV:64bit: - (IntcHdmiAddService) Intel(R) -- C:\Windows\SysNative\drivers\IntcHdmi.sys (Intel(R) Corporation) DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation) DRV:64bit: - (ApfiltrService) -- C:\Windows\SysNative\drivers\Apfiltr.sys (Alps Electric Co., Ltd.) DRV:64bit: - (athr) -- C:\Windows\SysNative\drivers\athrx.sys (Atheros Communications, Inc.) DRV:64bit: - (risdptsk) -- C:\Windows\SysNative\drivers\risdsn64.sys (REDC) DRV:64bit: - (rimsptsk) -- C:\Windows\SysNative\drivers\rimssn64.sys (REDC) DRV:64bit: - (yukonw7) -- C:\Windows\SysNative\drivers\yk62x64.sys (Marvell) DRV:64bit: - (btwrchid) -- C:\Windows\SysNative\drivers\btwrchid.sys (Broadcom Corporation.) DRV:64bit: - (btwavdt) -- C:\Windows\SysNative\drivers\btwavdt.sys (Broadcom Corporation.) DRV:64bit: - (btwaudio) -- C:\Windows\SysNative\drivers\btwaudio.sys (Broadcom Corporation.) DRV:64bit: - (btwl2cap) -- C:\Windows\SysNative\drivers\btwl2cap.sys (Broadcom Corporation.) DRV:64bit: - (atikmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.) DRV:64bit: - (RTHDMIAzAudService) -- C:\Windows\SysNative\drivers\RtHDMIVX.sys (Realtek Semiconductor Corp.) DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology) DRV:64bit: - (usbser) -- C:\Windows\SysNative\drivers\usbser.sys (Microsoft Corporation) DRV:64bit: - (sdbus) -- C:\Windows\SysNative\drivers\sdbus.sys (Microsoft Corporation) DRV:64bit: - (SFEP) -- C:\Windows\SysNative\drivers\SFEP.sys (Sony Corporation) DRV:64bit: - (SrvHsfV92) -- C:\Windows\SysNative\drivers\VSTDPV6.SYS (Conexant Systems, Inc.) DRV:64bit: - (SrvHsfWinac) -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS (Conexant Systems, Inc.) DRV:64bit: - (SrvHsfHDA) -- C:\Windows\SysNative\drivers\VSTAZL6.SYS (Conexant Systems, Inc.) DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation) DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV:64bit: - (netw5v64) Intel(R) -- C:\Windows\SysNative\drivers\NETw5v64.sys (Intel Corporation) DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation) DRV:64bit: - (ArcSoftKsUFilter) -- C:\Windows\SysNative\drivers\ArcSoftKsUFilter.sys (ArcSoft, Inc.) DRV:64bit: - (pccsmcfd) -- C:\Windows\SysNative\drivers\pccsmcfdx64.sys (Nokia) DRV:64bit: - (hwdatacard) -- C:\Windows\SysNative\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.) DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default Download Directory = C:\Users\Sony User\Desktop IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = E9 42 7F 95 76 C4 CC 01 [binary data] IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "" FF - prefs.js..browser.search.defaultthis.engineName: "" FF - prefs.js..browser.search.defaulturl: "" FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..browser.startup.homepage: "" FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21 FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1 FF - prefs.js..extensions.enabledItems: {872b5b88-9db5-4310-bdd0-ac189557e5f5}:3.3.3.2 FF - prefs.js..extensions.enabledItems: {800b5000-a755-47e1-992b-48a1c1357f07}:1.1.9 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24 FF - prefs.js..extensions.enabledItems: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.1.94 FF - prefs.js..extensions.enabledItems: {6904342A-8307-11DF-A508-4AE2DFD72085}:2.1.1.94 FF - prefs.js..extensions.enabledItems: FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\html5video [2011.04.06 10:35:59 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\wpa [2011.04.06 10:35:59 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011.12.25 21:56:49 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011.12.25 22:48:51 | 000,000,000 | ---D | M] [2010.05.03 18:23:16 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Sony User\AppData\Roaming\mozilla\Extensions [2011.12.27 10:01:51 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Sony User\AppData\Roaming\mozilla\Firefox\Profiles\qzmkl14c.default\extensions [2011.04.08 05:59:26 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Users\Sony User\AppData\Roaming\mozilla\Firefox\Profiles\qzmkl14c.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07} [2010.08.18 21:28:53 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\Sony User\AppData\Roaming\mozilla\Firefox\Profiles\qzmkl14c.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} [2010.08.21 20:21:07 | 000,000,873 | ---- | M] () -- C:\Users\Sony User\AppData\Roaming\Mozilla\Firefox\Profiles\qzmkl14c.default\searchplugins\conduit.xml [2010.12.21 14:59:20 | 000,000,950 | ---- | M] () -- C:\Users\Sony User\AppData\Roaming\Mozilla\Firefox\Profiles\qzmkl14c.default\searchplugins\icqplugin-2.xml [2011.04.08 06:02:37 | 000,000,950 | ---- | M] () -- C:\Users\Sony User\AppData\Roaming\Mozilla\Firefox\Profiles\qzmkl14c.default\searchplugins\icqplugin-3.xml [2011.04.08 05:59:26 | 000,000,168 | ---- | M] () -- C:\Users\Sony User\AppData\Roaming\Mozilla\Firefox\Profiles\qzmkl14c.default\searchplugins\icqplugin.gif [2011.04.08 05:59:26 | 000,000,618 | ---- | M] () -- C:\Users\Sony User\AppData\Roaming\Mozilla\Firefox\Profiles\qzmkl14c.default\searchplugins\icqplugin.src [2010.05.12 16:40:48 | 000,001,042 | ---- | M] () -- C:\Users\Sony User\AppData\Roaming\Mozilla\Firefox\Profiles\qzmkl14c.default\searchplugins\icqplugin.xml [2011.12.25 22:12:56 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2010.06.27 03:20:32 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} [2010.08.03 19:42:37 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} [2010.11.07 01:27:09 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} [2011.01.12 23:01:24 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} [2011.02.21 08:10:16 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} [2011.12.25 22:12:56 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} [2011.04.06 10:35:59 | 000,000,000 | ---D | M] (DivX Plus Web Player HTML5 <video>) -- C:\PROGRAM FILES (X86)\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\HTML5VIDEO [2011.04.06 10:35:59 | 000,000,000 | ---D | M] (DivX HiQ) -- C:\PROGRAM FILES (X86)\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\WPA File not found (No name found) -- C:\USERS\SONY USER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QZMKL14C.DEFAULT\EXTENSIONS\{872B5B88-9DB5-4310-BDD0-AC189557E5F5} File not found (No name found) -- C:\USERS\SONY USER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QZMKL14C.DEFAULT\EXTENSIONS\ENGINE@CONDUIT.COM [2011.11.10 05:54:13 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll [2011.04.09 11:40:26 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2011.04.09 11:40:27 | 000,002,344 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2011.04.09 11:40:27 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2011.04.09 11:40:27 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2011.04.09 11:40:27 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml ========== Chrome ========== O1 HOSTS File: ([2011.12.26 11:41:02 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O4:64bit: - HKLM..\Run: [Apoint] C:\Programme\Apoint\Apoint.exe (Alps Electric Co., Ltd.) O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Programme\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe () O4 - HKLM..\Run: [ISBMgr.exe] C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe (Sony Corporation) O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Sony User\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8:64bit: - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html File not found O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Sony User\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html File not found O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found O9:64bit: - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation) O9 - Extra Button: Senden an Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra 'Tools' menuitem : Senden an &Bluetooth-Gerät... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab (Java Plug-in 1.6.0_14) O16 - DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab (Java Plug-in 1.6.0_14) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab (Reg Error: Key error.) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30) O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3DBEED24-4889-479C-82EC-D972CD7A8EFF}: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{59F4ACDD-B2C9-4F4E-969D-FD30745D2CD0}: DhcpNameServer = 192.168.0.1 O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation) O20 - Winlogon\Notify\VESWinlogon: DllName - (VESWinlogon.dll) - C:\Windows\SysWow64\VESWinlogon.dll (Sony Corporation) O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2011.12.27 19:30:50 | 000,000,000 | ---D | C] -- C:\Windows\VDLL.DLL [2011.12.27 19:30:50 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\runouce.exe [2011.12.27 19:30:50 | 000,000,000 | ---D | C] -- C:\Windows\rundll16.exe [2011.12.27 19:30:50 | 000,000,000 | ---D | C] -- C:\Windows\RUNDL132.EXE [2011.12.27 19:30:50 | 000,000,000 | ---D | C] -- C:\Windows\logo1_.exe [2011.12.27 19:30:50 | 000,000,000 | ---D | C] -- C:\Windows\logo_1.exe [2011.12.27 19:22:32 | 000,632,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msvcr80.dll [2011.12.27 19:22:31 | 000,554,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msvcp80.dll [2011.12.27 19:22:30 | 000,034,048 | ---- | C] (MicroWorld Technologies Inc.) -- C:\Windows\SysWow64\eEmpty.exe [2011.12.27 19:22:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\MicroWorld [2011.12.27 19:22:22 | 000,000,000 | ---D | C] -- C:\ProgramData\MicroWorld [2011.12.27 15:15:35 | 000,000,000 | ---D | C] -- C:\Users\Sony User\Desktop\Virus [2011.12.27 15:10:58 | 000,000,000 | ---D | C] -- C:\Users\Sony User\AppData\Roaming\Roxio Log Files [2011.12.27 15:08:56 | 000,000,000 | ---D | C] -- C:\Users\Sony User\AppData\Local\SvchostViewer [2011.12.27 13:21:37 | 000,000,000 | ---D | C] -- C:\ProgramData\SecTaskMan [2011.12.27 10:06:29 | 001,918,464 | ---- | C] (AVAST Software) -- C:\Users\Sony User\Desktop\aswMBR.exe [2011.12.27 09:58:06 | 000,000,000 | ---D | C] -- C:\_OTL [2011.12.27 09:56:29 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Sony User\Desktop\OTL.exe [2011.12.26 22:41:07 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN [2011.12.26 11:56:11 | 000,000,000 | ---D | C] -- C:\Windows\temp [2011.12.26 11:34:31 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT [2011.12.26 03:06:34 | 000,096,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll [2011.12.26 03:06:33 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll [2011.12.26 03:06:32 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll [2011.12.26 03:06:32 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll [2011.12.26 03:06:31 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll [2011.12.26 03:06:31 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll [2011.12.26 03:06:28 | 002,309,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll [2011.12.26 03:06:28 | 001,493,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl [2011.12.26 03:06:28 | 001,427,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl [2011.12.26 03:06:27 | 000,818,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll [2011.12.26 03:06:27 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll [2011.12.25 22:20:28 | 000,000,000 | ---D | C] -- C:\Users\Sony User\AppData\Local\{3C11D02F-DA75-4D54-B37B-8BBA3405470A} [2011.12.25 22:20:16 | 000,000,000 | ---D | C] -- C:\Users\Sony User\AppData\Local\{07CBAF22-9E3F-4F65-8175-5AA39A15B517} [2011.12.25 22:18:12 | 000,000,000 | ---D | C] -- C:\Windows\PCHEALTH [2011.12.25 22:17:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight [2011.12.25 22:17:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Silverlight [2011.12.25 22:13:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java [2011.12.25 22:12:54 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe [2011.12.25 22:12:54 | 000,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe [2011.12.25 22:12:54 | 000,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe [2011.12.25 22:10:14 | 000,000,000 | ---D | C] -- C:\Users\Sony User\AppData\Roaming\Avira [2011.12.25 22:07:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira [2011.12.25 22:07:10 | 000,130,760 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avipbb.sys [2011.12.25 22:07:10 | 000,097,312 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avgntflt.sys [2011.12.25 22:07:10 | 000,027,760 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avkmgr.sys [2011.12.25 22:07:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira [2011.12.25 22:07:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Avira [2011.12.25 22:04:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DVDVideoSoft [2011.12.25 21:48:07 | 000,319,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\odbcjt32.dll [2011.12.25 21:48:07 | 000,212,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\odbctrac.dll [2011.12.25 21:48:07 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\odbctrac.dll [2011.12.25 21:48:07 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\odbccp32.dll [2011.12.25 21:48:07 | 000,122,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\odbccp32.dll [2011.12.25 21:48:07 | 000,106,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\odbccu32.dll [2011.12.25 21:48:07 | 000,106,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\odbccr32.dll [2011.12.25 21:48:07 | 000,086,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\odbccu32.dll [2011.12.25 21:48:07 | 000,081,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\odbccr32.dll [2011.12.25 21:47:57 | 000,142,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\poqexec.exe [2011.12.25 21:47:57 | 000,123,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\poqexec.exe [2011.12.25 21:47:52 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\csrsrv.dll [2011.12.25 21:47:23 | 000,613,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\psisdecd.dll [2011.12.25 21:47:23 | 000,465,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\psisdecd.dll [2011.12.25 21:47:23 | 000,288,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MSNP.ax [2011.12.25 21:47:23 | 000,204,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MSNP.ax [2011.12.25 21:47:23 | 000,108,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\psisrndr.ax [2011.12.25 21:47:23 | 000,075,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\psisrndr.ax [2011.12.25 21:47:22 | 000,104,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Mpeg2Data.ax [2011.12.25 21:47:22 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Mpeg2Data.ax [2011.12.25 21:47:21 | 000,075,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MSDvbNP.ax [2011.12.25 21:47:21 | 000,059,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MSDvbNP.ax [2011.12.25 21:47:19 | 001,162,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kernel32.dll [2011.12.25 21:47:19 | 000,422,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KernelBase.dll [2011.12.25 21:47:19 | 000,362,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64win.dll [2011.12.25 21:47:19 | 000,338,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\conhost.exe [2011.12.25 21:47:19 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64.dll [2011.12.25 21:47:19 | 000,214,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll [2011.12.25 21:47:18 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe [2011.12.25 21:47:18 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntvdm64.dll [2011.12.25 21:47:17 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll [2011.12.25 21:47:17 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64cpu.dll [2011.12.25 21:47:17 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe [2011.12.25 21:47:17 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll [2011.12.25 21:47:17 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll [2011.12.25 21:47:17 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-libraryloader-l1-1-0.dll [2011.12.25 21:47:16 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll [2011.12.25 21:47:16 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-security-base-l1-1-0.dll [2011.12.25 21:47:16 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-file-l1-1-0.dll [2011.12.25 21:47:16 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-file-l1-1-0.dll [2011.12.25 21:47:16 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll [2011.12.25 21:47:16 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-threadpool-l1-1-0.dll [2011.12.25 21:47:16 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll [2011.12.25 21:47:16 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processthreads-l1-1-0.dll [2011.12.25 21:47:16 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll [2011.12.25 21:47:16 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-sysinfo-l1-1-0.dll [2011.12.25 21:47:16 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll [2011.12.25 21:47:16 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-synch-l1-1-0.dll [2011.12.25 21:47:16 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll [2011.12.25 21:47:16 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll [2011.12.25 21:47:16 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localregistry-l1-1-0.dll [2011.12.25 21:47:16 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll [2011.12.25 21:47:16 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localization-l1-1-0.dll [2011.12.25 21:47:16 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll [2011.12.25 21:47:16 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-rtlsupport-l1-1-0.dll [2011.12.25 21:47:16 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll [2011.12.25 21:47:16 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processenvironment-l1-1-0.dll [2011.12.25 21:47:16 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll [2011.12.25 21:47:16 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-namedpipe-l1-1-0.dll [2011.12.25 21:47:16 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-misc-l1-1-0.dll [2011.12.25 21:47:16 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll [2011.12.25 21:47:16 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-memory-l1-1-0.dll [2011.12.25 21:47:16 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll [2011.12.25 21:47:16 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll [2011.12.25 21:47:16 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-heap-l1-1-0.dll [2011.12.25 21:47:16 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-xstate-l1-1-0.dll [2011.12.25 21:47:16 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll [2011.12.25 21:47:16 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-util-l1-1-0.dll [2011.12.25 21:47:16 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-string-l1-1-0.dll [2011.12.25 21:47:16 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-string-l1-1-0.dll [2011.12.25 21:47:16 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll [2011.12.25 21:47:16 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll [2011.12.25 21:47:16 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-profile-l1-1-0.dll [2011.12.25 21:47:16 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-io-l1-1-0.dll [2011.12.25 21:47:16 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-io-l1-1-0.dll [2011.12.25 21:47:16 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-interlocked-l1-1-0.dll [2011.12.25 21:47:16 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll [2011.12.25 21:47:16 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-handle-l1-1-0.dll [2011.12.25 21:47:16 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll [2011.12.25 21:47:16 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-fibers-l1-1-0.dll [2011.12.25 21:47:16 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll [2011.12.25 21:47:16 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-errorhandling-l1-1-0.dll [2011.12.25 21:47:16 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll [2011.12.25 21:47:16 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-delayload-l1-1-0.dll [2011.12.25 21:47:16 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll [2011.12.25 21:47:16 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-debug-l1-1-0.dll [2011.12.25 21:47:16 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll [2011.12.25 21:47:16 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-datetime-l1-1-0.dll [2011.12.25 21:47:16 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-console-l1-1-0.dll [2011.12.25 21:47:16 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-console-l1-1-0.dll [2011.12.25 21:47:15 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe [2011.12.25 21:47:13 | 000,252,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\drvinst.exe [2011.12.25 21:47:13 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\devrtl.dll [2011.12.25 21:47:10 | 000,861,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\oleaut32.dll [2011.12.25 21:47:10 | 000,331,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\oleacc.dll [2011.12.25 21:47:09 | 000,723,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\EncDec.dll [2011.12.25 21:47:09 | 000,534,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\EncDec.dll [2011.12.25 21:46:55 | 005,507,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe [2011.12.25 21:46:55 | 003,957,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe [2011.12.25 21:46:54 | 003,902,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe [2011.12.25 21:36:20 | 000,414,368 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl ========== Files - Modified Within 30 Days ========== [2011.12.27 21:19:38 | 000,041,272 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys [2011.12.27 19:30:50 | 000,000,054 | ---- | M] () -- C:\Windows\Lic.xxx [2011.12.27 19:22:31 | 000,632,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msvcr80.dll [2011.12.27 19:22:30 | 000,554,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msvcp80.dll [2011.12.27 19:22:29 | 000,034,048 | ---- | M] (MicroWorld Technologies Inc.) -- C:\Windows\SysWow64\eEmpty.exe [2011.12.27 19:21:44 | 068,866,904 | ---- | M] () -- C:\Users\Sony User\Desktop\mwav.exe [2011.12.27 18:45:35 | 000,009,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2011.12.27 18:45:35 | 000,009,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2011.12.27 18:37:32 | 000,065,536 | ---- | M] () -- C:\Windows\SysNative\Ikeext.etl [2011.12.27 18:37:19 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2011.12.27 18:37:06 | 3195,293,696 | -HS- | M] () -- C:\hiberfil.sys [2011.12.27 15:12:03 | 000,000,181 | ---- | M] () -- C:\Windows\WININIT.INI [2011.12.27 10:06:29 | 001,918,464 | ---- | M] (AVAST Software) -- C:\Users\Sony User\Desktop\aswMBR.exe [2011.12.27 09:56:29 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Sony User\Desktop\OTL.exe [2011.12.26 11:41:02 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts [2011.12.26 09:23:34 | 001,472,002 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2011.12.26 09:23:34 | 000,643,866 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2011.12.26 09:23:34 | 000,607,190 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2011.12.26 09:23:34 | 000,126,394 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2011.12.26 09:23:34 | 000,103,568 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2011.12.26 09:16:06 | 000,446,816 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2011.12.25 21:36:20 | 000,414,368 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl [2011.12.15 15:00:00 | 000,027,760 | ---- | M] (Avira GmbH) -- C:\Windows\SysNative\drivers\avkmgr.sys [2011.12.15 14:59:59 | 000,130,760 | ---- | M] (Avira GmbH) -- C:\Windows\SysNative\drivers\avipbb.sys [2011.12.15 14:59:59 | 000,097,312 | ---- | M] (Avira GmbH) -- C:\Windows\SysNative\drivers\avgntflt.sys ========== Files Created - No Company Name ========== [2011.12.27 19:22:47 | 000,000,054 | ---- | C] () -- C:\Windows\Lic.xxx [2011.12.27 19:20:18 | 068,866,904 | ---- | C] () -- C:\Users\Sony User\Desktop\mwav.exe [2011.12.27 15:12:03 | 000,000,181 | ---- | C] () -- C:\Windows\WININIT.INI [2011.12.25 22:19:24 | 000,002,486 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Messenger.lnk [2010.07.25 08:39:33 | 000,008,192 | ---- | C] () -- C:\Users\Sony User\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010.04.05 19:37:57 | 000,008,718 | ---- | C] () -- C:\Users\Sony User\AppData\Roaming\wklnhst.dat [2009.12.20 18:02:09 | 000,027,639 | ---- | C] () -- C:\Users\Sony User\AppData\Roaming\UserTile.png [2009.09.06 09:32:41 | 000,000,000 | ---- | C] () -- C:\Windows\VAIOUpdt.INI [2009.09.06 09:07:13 | 000,002,835 | ---- | C] () -- C:\Windows\SysWow64\McOEMAppRules.dat [2009.08.17 21:11:49 | 000,982,220 | ---- | C] () -- C:\Windows\SysWow64\igkrng500.bin [2009.08.17 21:11:46 | 000,134,592 | ---- | C] () -- C:\Windows\SysWow64\igfcg500.bin [2009.08.17 21:11:46 | 000,092,216 | ---- | C] () -- C:\Windows\SysWow64\igfcg500m.bin [2009.08.17 21:11:44 | 000,439,300 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng500.bin [2009.08.17 13:27:21 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin [2009.07.14 06:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2009.07.14 03:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT [2009.07.14 03:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat [2009.07.14 01:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2009.07.14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll [2009.07.13 22:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll [2009.06.10 22:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat < End of report > |
|
28.12.2011, 05:04
| #2 |
| /// Winkelfunktion /// TB-Süch-Tiger™   | Malewarebytes Antimalware stoppt "svchost.exe" ip :82.98.97.183 bis 82.98.97.205 Bitte nun routinemäßig einen Vollscan mit Malwarebytes machen und Log posten.
__________________Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss! Außerdem müssen alle Funde entfernt werden. Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten! ESET Online Scanner
Bitte alles nach Möglichkeit hier in CODE-Tags posten. Wird so gemacht: [code] hier steht das Log [/code] Und das ganze sieht dann so aus: Code:
ATTFilter hier steht das Log
__________________ |
|
28.12.2011, 13:15
| #3 |
| | Malewarebytes Antimalware stoppt "svchost.exe" ip :82.98.97.183 bis 82.98.97.205 Maleware
__________________Code:
ATTFilter Malwarebytes Anti-Malware (Test) 1.60.0.1800 www.malwarebytes.org Datenbank Version: v2011.12.28.02 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 Sony User :: SONYUSER-VAIO [Administrator] Schutz: Aktiviert 28.12.2011 10:46:12 mbam-log-2011-12-28 (10-46-12).txt Art des Suchlaufs: Vollständiger Suchlauf Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 324846 Laufzeit: 52 Minute(n), 3 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) Code:
ATTFilter ESETSmartInstaller@High as CAB hook log:
OnlineScanner64.ocx - registred OK
OnlineScanner.ocx - registred OK
esets_scanner_update returned -1 esets_gle=53251
# version=7
# iexplore.exe=9.00.8112.16421 (WIN7_IE9_RTM.110308-0330)
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=2daebe132a1b754e92169ba32dd6ea20
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2011-12-28 09:32:24
# local_time=2011-12-28 10:32:24 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=512 16777215 100 0 0 0 0 0
# compatibility_mode=1792 16777215 100 0 217348 217348 0 0
# compatibility_mode=5893 16776573 100 94 7865 76690822 0 0
# compatibility_mode=8192 67108863 100 0 5863 5863 0 0
# scanned=158839
# found=0
# cleaned=0
# scan_time=3773
Code:
ATTFilter
Avira Free Antivirus
Erstellungsdatum der Reportdatei: Sonntag, 25. Dezember 2011 23:39
Es wird nach 2970283 Virenstämmen gesucht.
Das Programm läuft als uneingeschränkte Vollversion.
Online-Dienste stehen zur Verfügung.
Lizenznehmer : Avira AntiVir Personal - Free Antivirus
Seriennummer : 0000149996-ADJIE-0000001
Plattform : Windows 7 x64
Windowsversion : (plain) [6.1.7600]
Boot Modus : Normal gebootet
Benutzername : Sony User
Computername : SONYUSER-VAIO
Versionsinformationen:
BUILD.DAT : 12.0.0.872 41826 Bytes 15.12.2011 16:24:00
AVSCAN.EXE : 12.1.0.18 490448 Bytes 15.12.2011 13:59:39
AVSCAN.DLL : 12.1.0.17 65744 Bytes 15.12.2011 13:59:56
LUKE.DLL : 12.1.0.17 68304 Bytes 15.12.2011 13:59:47
AVSCPLR.DLL : 12.1.0.21 99536 Bytes 15.12.2011 13:59:39
AVREG.DLL : 12.1.0.27 227536 Bytes 15.12.2011 13:59:38
VBASE000.VDF : 7.10.0.0 19875328 Bytes 06.11.2009 18:18:34
VBASE001.VDF : 7.11.0.0 13342208 Bytes 14.12.2010 23:31:49
VBASE002.VDF : 7.11.19.170 14374912 Bytes 20.12.2011 21:08:17
VBASE003.VDF : 7.11.19.171 2048 Bytes 20.12.2011 21:08:17
VBASE004.VDF : 7.11.19.172 2048 Bytes 20.12.2011 21:08:17
VBASE005.VDF : 7.11.19.173 2048 Bytes 20.12.2011 21:08:17
VBASE006.VDF : 7.11.19.174 2048 Bytes 20.12.2011 21:08:17
VBASE007.VDF : 7.11.19.175 2048 Bytes 20.12.2011 21:08:17
VBASE008.VDF : 7.11.19.176 2048 Bytes 20.12.2011 21:08:18
VBASE009.VDF : 7.11.19.177 2048 Bytes 20.12.2011 21:08:18
VBASE010.VDF : 7.11.19.178 2048 Bytes 20.12.2011 21:08:18
VBASE011.VDF : 7.11.19.179 2048 Bytes 20.12.2011 21:08:18
VBASE012.VDF : 7.11.19.180 2048 Bytes 20.12.2011 21:08:18
VBASE013.VDF : 7.11.19.217 182784 Bytes 22.12.2011 21:08:18
VBASE014.VDF : 7.11.19.255 148480 Bytes 24.12.2011 21:08:19
VBASE015.VDF : 7.11.20.0 2048 Bytes 24.12.2011 21:08:19
VBASE016.VDF : 7.11.20.1 2048 Bytes 24.12.2011 21:08:19
VBASE017.VDF : 7.11.20.2 2048 Bytes 24.12.2011 21:08:19
VBASE018.VDF : 7.11.20.3 2048 Bytes 24.12.2011 21:08:19
VBASE019.VDF : 7.11.20.4 2048 Bytes 24.12.2011 21:08:19
VBASE020.VDF : 7.11.20.5 2048 Bytes 24.12.2011 21:08:19
VBASE021.VDF : 7.11.20.6 2048 Bytes 24.12.2011 21:08:19
VBASE022.VDF : 7.11.20.7 2048 Bytes 24.12.2011 21:08:19
VBASE023.VDF : 7.11.20.8 2048 Bytes 24.12.2011 21:08:19
VBASE024.VDF : 7.11.20.9 2048 Bytes 24.12.2011 21:08:19
VBASE025.VDF : 7.11.20.10 2048 Bytes 24.12.2011 21:08:19
VBASE026.VDF : 7.11.20.11 2048 Bytes 24.12.2011 21:08:19
VBASE027.VDF : 7.11.20.12 2048 Bytes 24.12.2011 21:08:19
VBASE028.VDF : 7.11.20.13 2048 Bytes 24.12.2011 21:08:19
VBASE029.VDF : 7.11.20.14 2048 Bytes 24.12.2011 21:08:19
VBASE030.VDF : 7.11.20.15 2048 Bytes 24.12.2011 21:08:19
VBASE031.VDF : 7.11.20.18 81920 Bytes 25.12.2011 21:08:20
Engineversion : 8.2.8.8
AEVDF.DLL : 8.1.2.2 106868 Bytes 15.12.2011 13:59:36
AESCRIPT.DLL : 8.1.3.92 495996 Bytes 25.12.2011 21:08:24
AESCN.DLL : 8.1.7.2 127349 Bytes 14.12.2011 23:31:02
AESBX.DLL : 8.2.4.5 434549 Bytes 15.12.2011 13:59:35
AERDL.DLL : 8.1.9.15 639348 Bytes 14.12.2011 23:31:02
AEPACK.DLL : 8.2.15.1 770423 Bytes 15.12.2011 13:59:35
AEOFFICE.DLL : 8.1.2.24 201084 Bytes 25.12.2011 21:08:23
AEHEUR.DLL : 8.1.3.8 4231543 Bytes 25.12.2011 21:08:23
AEHELP.DLL : 8.1.18.0 254327 Bytes 15.12.2011 13:59:31
AEGEN.DLL : 8.1.5.17 405877 Bytes 15.12.2011 13:59:31
AEEMU.DLL : 8.1.3.0 393589 Bytes 14.12.2011 23:30:58
AECORE.DLL : 8.1.24.2 201080 Bytes 25.12.2011 21:08:20
AEBB.DLL : 8.1.1.0 53618 Bytes 14.12.2011 23:30:58
AVWINLL.DLL : 12.1.0.17 27344 Bytes 15.12.2011 13:59:41
AVPREF.DLL : 12.1.0.17 51920 Bytes 15.12.2011 13:59:38
AVREP.DLL : 12.1.0.17 179408 Bytes 15.12.2011 13:59:38
AVARKT.DLL : 12.1.0.19 208848 Bytes 15.12.2011 13:59:36
AVEVTLOG.DLL : 12.1.0.17 169168 Bytes 15.12.2011 13:59:37
SQLITE3.DLL : 3.7.0.0 398288 Bytes 15.12.2011 13:59:50
AVSMTP.DLL : 12.1.0.17 62928 Bytes 15.12.2011 13:59:39
NETNT.DLL : 12.1.0.17 17104 Bytes 15.12.2011 13:59:47
RCIMAGE.DLL : 12.1.0.17 4447952 Bytes 15.12.2011 13:59:58
RCTEXT.DLL : 12.1.0.16 98512 Bytes 15.12.2011 13:59:59
Konfiguration für den aktuellen Suchlauf:
Job Name..............................: Lokale Laufwerke
Konfigurationsdatei...................: C:\Program Files (x86)\Avira\AntiVir Desktop\alldrives.avp
Protokollierung.......................: standard
Primäre Aktion........................: löschen
Sekundäre Aktion......................: löschen
Durchsuche Masterbootsektoren.........: ein
Durchsuche Bootsektoren...............: ein
Bootsektoren..........................: C:, D:, E:, F:,
Durchsuche aktive Programme...........: ein
Durchsuche Registrierung..............: ein
Suche nach Rootkits...................: ein
Integritätsprüfung von Systemdateien..: ein
Datei Suchmodus.......................: Alle Dateien
Durchsuche Archive....................: ein
Rekursionstiefe einschränken..........: 20
Archiv Smart Extensions...............: ein
Abweichende Archivtypen...............: +BSD Mailbox, +Netscape/Mozilla Mailbox, +Eudora Mailbox, +Squid cache, +Pegasus Mailbox, +MS Outlook Mailbox, +ISO 9660,
Makrovirenheuristik...................: ein
Dateiheuristik........................: vollständig
Abweichende Gefahrenkategorien........: +APPL,+GAME,+JOKE,+PCK,+PFS,+SPR,
Beginn des Suchlaufs: Sonntag, 25. Dezember 2011 23:39
Der Suchlauf über die Masterbootsektoren wird begonnen:
Masterbootsektor HD0
[INFO] Es wurde kein Virus gefunden!
Masterbootsektor HD1
[INFO] Es wurde kein Virus gefunden!
Masterbootsektor HD2
[INFO] Es wurde kein Virus gefunden!
Der Suchlauf über die Bootsektoren wird begonnen:
Bootsektor 'C:\'
[INFO] Es wurde kein Virus gefunden!
Bootsektor 'D:\'
[INFO] Im Laufwerk 'D:\' ist kein Datenträger eingelegt!
Bootsektor 'E:\'
[INFO] Im Laufwerk 'E:\' ist kein Datenträger eingelegt!
Der Suchlauf nach versteckten Objekten wird begonnen.
Der Suchlauf über gestartete Prozesse wird begonnen:
Durchsuche Prozess 'avscan.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'avcenter.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'mbamgui.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'mbamservice.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'avgnt.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'sched.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'avguard.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'AdobeARM.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'VCSW.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'ISBMgr.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'VESMgrSub.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'VMCService.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'DllHost.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'VzCdbSvc.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'VCFw.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'VESMgr.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'uCamMonitor.exe' - '1' Modul(e) wurden durchsucht
Untersuchung der Systemdateien wird begonnen:
Signiert -> 'C:\Windows\system32\svchost.exe'
Signiert -> 'C:\Windows\system32\winlogon.exe'
Signiert -> 'C:\Windows\explorer.exe'
Signiert -> 'C:\Windows\system32\smss.exe'
Signiert -> 'C:\Windows\system32\wininet.DLL'
Signiert -> 'C:\Windows\system32\wsock32.DLL'
Signiert -> 'C:\Windows\system32\ws2_32.DLL'
Signiert -> 'C:\Windows\system32\services.exe'
Signiert -> 'C:\Windows\system32\lsass.exe'
Signiert -> 'C:\Windows\system32\csrss.exe'
Signiert -> 'C:\Windows\system32\drivers\kbdclass.sys'
Signiert -> 'C:\Windows\system32\spoolsv.exe'
Signiert -> 'C:\Windows\system32\alg.exe'
Signiert -> 'C:\Windows\system32\wuauclt.exe'
Signiert -> 'C:\Windows\system32\advapi32.DLL'
Signiert -> 'C:\Windows\system32\user32.DLL'
Signiert -> 'C:\Windows\system32\gdi32.DLL'
Signiert -> 'C:\Windows\system32\kernel32.DLL'
Signiert -> 'C:\Windows\system32\ntdll.DLL'
Signiert -> 'C:\Windows\system32\ntoskrnl.exe'
Signiert -> 'C:\Windows\system32\ctfmon.exe'
Die Systemdateien wurden durchsucht ('21' Dateien)
Der Suchlauf auf Verweise zu ausführbaren Dateien (Registry) wird begonnen:
Die Registry wurde durchsucht ( '2857' Dateien ).
Der Suchlauf über die ausgewählten Dateien wird begonnen:
Beginne mit der Suche in 'C:\'
C:\Users\Sony User\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KTDI2CKT\wlsetup-all.exe
[0] Archivtyp: Portable Executable Resource
--> object
[1] Archivtyp: CAB (Microsoft)
--> WriterProdLang.7z
[2] Archivtyp: 7-Zip
--> WriterProdLang.cab
[3] Archivtyp: CAB (Microsoft)
--> writerprodlang.msi
[WARNUNG] Die Datei konnte nicht gelesen werden!
--> object
[1] Archivtyp: CAB (Microsoft)
--> LanguageSelector64.7z
[2] Archivtyp: 7-Zip
--> LanguageSelector64.cab
[3] Archivtyp: CAB (Microsoft)
--> LanguageSelector64.msi
[WARNUNG] Die Datei konnte nicht gelesen werden!
C:\Users\Sony User\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\12\1dd6a40c-251ef117
[0] Archivtyp: ZIP
--> ________vload.class
[FUND] Enthält Erkennungsmuster des Exploits EXP/CVE-2008-5353.KM
--> vmain.class
[FUND] Enthält Erkennungsmuster des Exploits EXP/CVE-2008-5353.ND
[HINWEIS] Eine Sicherungskopie wurde unter dem Namen 4944268e.qua erstellt ( QUARANTÄNE )
[HINWEIS] Die Datei wurde gelöscht.
C:\Users\Sony User\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\18\105e14d2-140a64fd
[0] Archivtyp: ZIP
--> Base64cod.class
[FUND] Enthält Erkennungsmuster des Java-Virus JAVA/Dldr.Small.hej
--> Googles.class
[FUND] Enthält Erkennungsmuster des Java-Virus JAVA/Agent.F.18035
[HINWEIS] Eine Sicherungskopie wurde unter dem Namen 51a4091d.qua erstellt ( QUARANTÄNE )
[HINWEIS] Die Datei wurde gelöscht.
C:\Users\Sony User\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\23\160ba957-7a18bb26
[0] Archivtyp: ZIP
--> ________vload.class
[FUND] Enthält Erkennungsmuster des Java-Virus JAVA/Agent.AH
--> vmain.class
[FUND] Enthält Erkennungsmuster des Exploits EXP/CVE-2008-5353.PA
[HINWEIS] Eine Sicherungskopie wurde unter dem Namen 03f053fc.qua erstellt ( QUARANTÄNE )
[HINWEIS] Die Datei wurde gelöscht.
C:\Users\Sony User\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\25\cf0c019-64d6e84d
[0] Archivtyp: ZIP
--> sunos/Globales.class
[FUND] Enthält Erkennungsmuster des Java-Virus JAVA/SystemSpy.A.1
--> sunos/Manuals.class
[FUND] Enthält Erkennungsmuster des Java-Virus JAVA/ClassLoad.AF
--> sunos/Support.class
[FUND] Enthält Erkennungsmuster des Java-Virus JAVA/ClassLo.AF.1.B
[HINWEIS] Eine Sicherungskopie wurde unter dem Namen 65c71c09.qua erstellt ( QUARANTÄNE )
[HINWEIS] Die Datei wurde gelöscht.
C:\Users\Sony User\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\28\68a9cc5c-188bb89d
[0] Archivtyp: ZIP
--> ________vload.class
[FUND] Enthält Erkennungsmuster des Java-Virus JAVA/Agent.AH
--> vmain.class
[FUND] Enthält Erkennungsmuster des Exploits EXP/CVE-2008-5353.PA
[HINWEIS] Eine Sicherungskopie wurde unter dem Namen 203c3119.qua erstellt ( QUARANTÄNE )
[HINWEIS] Die Datei wurde gelöscht.
C:\Users\Sony User\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\33\30feb821-7be8da52
[0] Archivtyp: ZIP
--> ________vload.class
[FUND] Enthält Erkennungsmuster des Exploits EXP/CVE-2008-5353.KM
--> vmain.class
[FUND] Enthält Erkennungsmuster des Exploits EXP/CVE-2008-5353.ND
[HINWEIS] Eine Sicherungskopie wurde unter dem Namen 5f220364.qua erstellt ( QUARANTÄNE )
[HINWEIS] Die Datei wurde gelöscht.
C:\Users\Sony User\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\37\170f8765-23c4db87
[0] Archivtyp: ZIP
--> vmain.class
[FUND] Enthält Erkennungsmuster des Java-Virus JAVA/Agent.AL.3
[HINWEIS] Eine Sicherungskopie wurde unter dem Namen 13e02f37.qua erstellt ( QUARANTÄNE )
[HINWEIS] Die Datei wurde gelöscht.
C:\Users\Sony User\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\38\706b3426-4717d0eb
[0] Archivtyp: ZIP
--> bpac/a$1.class
[FUND] Enthält Erkennungsmuster des Exploits EXP/Java.EG
--> bpac/a.class
[FUND] Enthält Erkennungsmuster des Java-Virus JAVA/OpenConnect.CF
--> bpac/b.class
[FUND] Enthält Erkennungsmuster des Exploits EXP/CVE-2010-0840.L
--> bpac/KAVS.class
[FUND] Enthält Erkennungsmuster des Exploits EXP/CVE-2010-0840.BB
[HINWEIS] Eine Sicherungskopie wurde unter dem Namen 6ff26f7e.qua erstellt ( QUARANTÄNE )
[HINWEIS] Die Datei wurde gelöscht.
C:\Users\Sony User\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\49\1eff1eb1-611bcd93
[0] Archivtyp: ZIP
--> vmain.class
[FUND] Enthält Erkennungsmuster des Exploits EXP/CVE-2009-3867.GC
[HINWEIS] Eine Sicherungskopie wurde unter dem Namen 42d840fc.qua erstellt ( QUARANTÄNE )
[HINWEIS] Die Datei wurde gelöscht.
C:\Users\Sony User\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\52\31bba1f4-4fcf4f20
[0] Archivtyp: ZIP
--> vmain.class
[FUND] Enthält Erkennungsmuster des Exploits EXP/CVE-2009-3867.GC
[HINWEIS] Eine Sicherungskopie wurde unter dem Namen 5bb47baa.qua erstellt ( QUARANTÄNE )
[HINWEIS] Die Datei wurde gelöscht.
C:\Users\Sony User\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\53\42441975-3ff5bb5f
[0] Archivtyp: ZIP
--> vmain.class
[FUND] Enthält Erkennungsmuster des Exploits EXP/CVE-2009-3867.EH
[HINWEIS] Eine Sicherungskopie wurde unter dem Namen 379a5784.qua erstellt ( QUARANTÄNE )
[HINWEIS] Die Datei wurde gelöscht.
C:\Users\Sony User\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\58\d552d7a-448cf279
[0] Archivtyp: ZIP
--> vmain.class
[FUND] Enthält Erkennungsmuster des Java-Virus JAVA/Agent.AL.3
[HINWEIS] Eine Sicherungskopie wurde unter dem Namen 46246e12.qua erstellt ( QUARANTÄNE )
[HINWEIS] Die Datei wurde gelöscht.
C:\Users\Sony User\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\59\4eb49b7b-6939d3d5
[0] Archivtyp: ZIP
--> sunny/MyFiles.class
[FUND] Enthält Erkennungsmuster des Java-Virus JAVA/Dldr.Age.3159
[HINWEIS] Eine Sicherungskopie wurde unter dem Namen 484b5e05.qua erstellt ( QUARANTÄNE )
[HINWEIS] Die Datei wurde gelöscht.
Beginne mit der Suche in 'D:\'
Der zu durchsuchende Pfad D:\ konnte nicht geöffnet werden!
Systemfehler [21]: Das Gerät ist nicht bereit.
Beginne mit der Suche in 'E:\'
Der zu durchsuchende Pfad E:\ konnte nicht geöffnet werden!
Systemfehler [21]: Das Gerät ist nicht bereit.
Beginne mit der Suche in 'F:\'
Der zu durchsuchende Pfad F:\ konnte nicht geöffnet werden!
Systemfehler [21]: Das Gerät ist nicht bereit.
Ende des Suchlaufs: Montag, 26. Dezember 2011 00:27
Benötigte Zeit: 48:45 Minute(n)
Der Suchlauf wurde vollständig durchgeführt.
22731 Verzeichnisse wurden überprüft
423969 Dateien wurden geprüft
23 Viren bzw. unerwünschte Programme wurden gefunden
0 Dateien wurden als verdächtig eingestuft
13 Dateien wurden gelöscht
0 Viren bzw. unerwünschte Programme wurden repariert
13 Dateien wurden in die Quarantäne verschoben
0 Dateien wurden umbenannt
0 Dateien konnten nicht durchsucht werden
423946 Dateien ohne Befall
2734 Archive wurden durchsucht
2 Warnungen
13 Hinweise
27201 Objekte wurden beim Rootkitscan durchsucht
0 Versteckte Objekte wurden gefunden
Danach wurden aber keine viren mehr gefunden beim durchlaufen Geändert von Sohn_des_Mondes (28.12.2011 um 13:33 Uhr) |
|
28.12.2011, 17:33
| #4 |
| | Malewarebytes Antimalware stoppt "svchost.exe" ip :82.98.97.183 bis 82.98.97.205 Die Malewarelogs sind alle gleich, soll ich diese trotzdem Posten? Sind die Logfile unauffällig? |
|
28.12.2011, 20:48
| #5 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Malewarebytes Antimalware stoppt "svchost.exe" ip :82.98.97.183 bis 82.98.97.205 Mach bitte ein neues OTL-Log. Bitte alles nach Möglichkeit hier in CODE-Tags posten. Wird so gemacht: [code] hier steht das Log [/code] Und das ganze sieht dann so aus: Code:
ATTFilter hier steht das Log
Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
Code:
ATTFilter netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT
__________________ "Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak) Das Trojaner-Board unterstützen Warum Linux besser als Windows ist! |
|
28.12.2011, 22:53
| #6 |
| | Malewarebytes Antimalware stoppt "svchost.exe" ip :82.98.97.183 bis 82.98.97.205 Ok habe es gemacht, hier die Logfiles Code:
ATTFilter OTL logfile created on: 28.12.2011 22:38:22 - Run 1 OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Sony User\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,97 Gb Total Physical Memory | 2,55 Gb Available Physical Memory | 64,32% Memory free 7,93 Gb Paging File | 6,21 Gb Available in Paging File | 78,23% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 456,28 Gb Total Space | 333,04 Gb Free Space | 72,99% Space Free | Partition Type: NTFS Computer Name: SONYUSER-VAIO | User Name: Sony User | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2011.12.28 22:37:03 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Sony User\Desktop\OTL.exe PRC - [2011.12.24 17:50:18 | 000,652,872 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe PRC - [2011.12.24 17:50:18 | 000,460,872 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe PRC - [2011.12.15 14:59:48 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe PRC - [2011.12.15 14:59:38 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe PRC - [2011.12.15 14:59:37 | 000,258,512 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe PRC - [2009.07.23 09:39:38 | 000,313,264 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe PRC - [2009.07.23 09:39:36 | 000,206,336 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe PRC - [2009.07.22 14:03:04 | 000,642,920 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe PRC - [2009.07.01 10:49:34 | 000,204,648 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe PRC - [2009.07.01 10:49:34 | 000,112,488 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe PRC - [2009.05.26 08:23:14 | 000,317,288 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe PRC - [2008.09.18 09:59:10 | 000,104,960 | ---- | M] (ArcSoft, Inc.) -- C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe ========== Modules (No Company Name) ========== ========== Win32 Services (SafeList) ========== SRV:64bit: - [2009.08.12 22:11:54 | 000,522,240 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Sony\VAIO Smart Network\VSNService.exe -- (VSNService) SRV:64bit: - [2009.07.27 21:27:07 | 000,203,264 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility) SRV:64bit: - [2009.07.16 08:36:56 | 000,411,496 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Sony\VAIO Power Management\SPMService.exe -- (VAIO Power Management) SRV:64bit: - [2009.06.26 13:56:10 | 000,357,672 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe -- (VcmINSMgr) SRV:64bit: - [2009.06.26 13:35:04 | 000,468,264 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe -- (VcmIAlzMgr) SRV:64bit: - [2009.06.17 17:50:30 | 000,110,888 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe -- (VcmXmlIfHelper) SRV - [2011.12.24 17:50:18 | 000,652,872 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2011.12.15 14:59:48 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2011.12.15 14:59:38 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2010.03.18 10:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon) SRV - [2009.07.27 15:58:40 | 000,091,432 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHPlMgr.exe -- (SOHPlMgr) SRV - [2009.07.27 15:58:38 | 000,427,304 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe -- (SOHDms) SRV - [2009.07.27 15:58:38 | 000,075,048 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe -- (SOHDs) SRV - [2009.07.27 15:58:38 | 000,070,952 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDBSvr.exe -- (SOHDBSvr) SRV - [2009.07.27 15:58:36 | 000,120,104 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe -- (SOHCImp) SRV - [2009.07.24 05:34:31 | 000,189,984 | ---- | M] (Realtek Semiconductor) [Auto | Running] -- C:\Programme\Realtek\Audio\HDA\RtkAudioService64.exe -- (RtkAudioService) SRV - [2009.07.23 09:39:38 | 000,313,264 | ---- | M] (Sony Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe -- (Vcsw) SRV - [2009.07.23 09:39:38 | 000,069,632 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VzHardwareResourceManager\VzHardwareResourceManager\VzHardwareResourceManager.exe -- (VAIO Entertainment TV Device Arbitration Service) SRV - [2009.07.23 09:39:36 | 000,206,336 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe -- (VzCdbSvc) SRV - [2009.07.22 14:03:04 | 000,642,920 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe -- (VCFw) SRV - [2009.07.01 17:54:02 | 000,864,032 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Programme\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins) SRV - [2009.07.01 10:49:34 | 000,204,648 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe -- (VAIO Event Service) SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) SRV - [2008.09.18 09:59:10 | 000,104,960 | ---- | M] (ArcSoft, Inc.) [Auto | Running] -- C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe -- (uCamMonitor) ========== Driver Services (SafeList) ========== DRV:64bit: - [2011.12.15 15:00:00 | 000,027,760 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr) DRV:64bit: - [2011.12.15 14:59:59 | 000,130,760 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb) DRV:64bit: - [2011.12.15 14:59:59 | 000,097,312 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt) DRV:64bit: - [2011.12.10 15:24:08 | 000,023,152 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector) DRV:64bit: - [2010.11.20 14:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010.11.20 14:32:47 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2010.11.20 14:32:46 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2010.11.20 12:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2010.11.20 10:37:42 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus) DRV:64bit: - [2010.07.12 19:36:10 | 000,055,856 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64) DRV:64bit: - [2009.08.05 02:22:40 | 000,139,264 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\IntcHdmi.sys -- (IntcHdmiAddService) Intel(R) DRV:64bit: - [2009.08.05 02:20:51 | 007,345,632 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx) DRV:64bit: - [2009.08.03 21:06:34 | 000,250,928 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Apfiltr.sys -- (ApfiltrService) DRV:64bit: - [2009.07.31 21:29:11 | 001,484,800 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr) DRV:64bit: - [2009.07.31 21:14:14 | 000,076,288 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\risdsn64.sys -- (risdptsk) DRV:64bit: - [2009.07.31 21:13:51 | 000,086,528 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\rimssn64.sys -- (rimsptsk) DRV:64bit: - [2009.07.31 21:02:03 | 000,393,216 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7) DRV:64bit: - [2009.07.30 21:41:17 | 000,021,160 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwrchid.sys -- (btwrchid) DRV:64bit: - [2009.07.30 21:41:16 | 000,132,648 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt) DRV:64bit: - [2009.07.30 21:41:16 | 000,098,344 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio) DRV:64bit: - [2009.07.30 21:40:45 | 000,035,104 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwl2cap.sys -- (btwl2cap) DRV:64bit: - [2009.07.27 21:27:10 | 006,037,504 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag) DRV:64bit: - [2009.07.24 06:24:03 | 000,201,472 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtHDMIVX.sys -- (RTHDMIAzAudService) DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.07.14 01:06:32 | 000,032,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser.sys -- (usbser) DRV:64bit: - [2009.06.11 21:19:09 | 000,011,392 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SFEP.sys -- (SFEP) DRV:64bit: - [2009.06.10 22:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92) DRV:64bit: - [2009.06.10 22:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac) DRV:64bit: - [2009.06.10 22:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA) DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2009.06.05 21:04:10 | 005,435,904 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETw5v64.sys -- (netw5v64) Intel(R) DRV:64bit: - [2009.06.04 17:54:36 | 000,408,600 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor) DRV:64bit: - [2009.05.26 13:32:04 | 000,019,968 | ---- | M] (ArcSoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ArcSoftKsUFilter.sys -- (ArcSoftKsUFilter) DRV:64bit: - [2008.08.28 11:44:42 | 000,025,600 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\pccsmcfdx64.sys -- (pccsmcfd) DRV:64bit: - [2008.03.17 11:06:14 | 000,115,328 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ewusbmdm.sys -- (hwdatacard) DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default Download Directory = C:\Users\Sony User\Desktop IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = E9 42 7F 95 76 C4 CC 01 [binary data] IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "" FF - prefs.js..browser.search.defaultthis.engineName: "" FF - prefs.js..browser.search.defaulturl: "" FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..browser.startup.homepage: "" FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21 FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1 FF - prefs.js..extensions.enabledItems: {872b5b88-9db5-4310-bdd0-ac189557e5f5}:3.3.3.2 FF - prefs.js..extensions.enabledItems: {800b5000-a755-47e1-992b-48a1c1357f07}:1.1.9 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24 FF - prefs.js..extensions.enabledItems: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.1.94 FF - prefs.js..extensions.enabledItems: {6904342A-8307-11DF-A508-4AE2DFD72085}:2.1.1.94 FF - prefs.js..extensions.enabledItems: FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011.12.25 21:56:49 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011.12.25 22:48:51 | 000,000,000 | ---D | M] [2010.05.03 18:23:16 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Sony User\AppData\Roaming\mozilla\Extensions [2011.12.27 10:01:51 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Sony User\AppData\Roaming\mozilla\Firefox\Profiles\qzmkl14c.default\extensions [2011.04.08 05:59:26 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Users\Sony User\AppData\Roaming\mozilla\Firefox\Profiles\qzmkl14c.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07} [2010.08.18 21:28:53 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\Sony User\AppData\Roaming\mozilla\Firefox\Profiles\qzmkl14c.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} [2010.08.21 20:21:07 | 000,000,873 | ---- | M] () -- C:\Users\Sony User\AppData\Roaming\Mozilla\Firefox\Profiles\qzmkl14c.default\searchplugins\conduit.xml [2010.12.21 14:59:20 | 000,000,950 | ---- | M] () -- C:\Users\Sony User\AppData\Roaming\Mozilla\Firefox\Profiles\qzmkl14c.default\searchplugins\icqplugin-2.xml [2011.04.08 06:02:37 | 000,000,950 | ---- | M] () -- C:\Users\Sony User\AppData\Roaming\Mozilla\Firefox\Profiles\qzmkl14c.default\searchplugins\icqplugin-3.xml [2011.04.08 05:59:26 | 000,000,168 | ---- | M] () -- C:\Users\Sony User\AppData\Roaming\Mozilla\Firefox\Profiles\qzmkl14c.default\searchplugins\icqplugin.gif [2011.04.08 05:59:26 | 000,000,618 | ---- | M] () -- C:\Users\Sony User\AppData\Roaming\Mozilla\Firefox\Profiles\qzmkl14c.default\searchplugins\icqplugin.src [2010.05.12 16:40:48 | 000,001,042 | ---- | M] () -- C:\Users\Sony User\AppData\Roaming\Mozilla\Firefox\Profiles\qzmkl14c.default\searchplugins\icqplugin.xml [2011.12.25 22:12:56 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2010.06.27 03:20:32 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} [2010.08.03 19:42:37 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} [2010.11.07 01:27:09 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} [2011.01.12 23:01:24 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} [2011.02.21 08:10:16 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} [2011.12.25 22:12:56 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} File not found (No name found) -- C:\PROGRAM FILES (X86)\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\HTML5VIDEO File not found (No name found) -- C:\PROGRAM FILES (X86)\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\WPA File not found (No name found) -- C:\USERS\SONY USER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QZMKL14C.DEFAULT\EXTENSIONS\{872B5B88-9DB5-4310-BDD0-AC189557E5F5} File not found (No name found) -- C:\USERS\SONY USER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QZMKL14C.DEFAULT\EXTENSIONS\ENGINE@CONDUIT.COM [2011.11.10 05:54:13 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll [2011.04.09 11:40:26 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2011.04.09 11:40:27 | 000,002,344 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2011.04.09 11:40:27 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2011.04.09 11:40:27 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2011.04.09 11:40:27 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml ========== Chrome ========== O1 HOSTS File: ([2011.12.26 11:41:02 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O4:64bit: - HKLM..\Run: [Apoint] C:\Programme\Apoint\Apoint.exe (Alps Electric Co., Ltd.) O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Programme\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [ISBMgr.exe] C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe (Sony Corporation) O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Sony User\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8:64bit: - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html File not found O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Sony User\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html File not found O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found O9:64bit: - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation) O9 - Extra Button: Senden an Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra 'Tools' menuitem : Senden an &Bluetooth-Gerät... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000006 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab (Java Plug-in 1.6.0_14) O16 - DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab (Java Plug-in 1.6.0_14) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab (Reg Error: Key error.) O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab (Reg Error: Key error.) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30) O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3DBEED24-4889-479C-82EC-D972CD7A8EFF}: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{59F4ACDD-B2C9-4F4E-969D-FD30745D2CD0}: DhcpNameServer = 192.168.0.1 O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation) O20 - Winlogon\Notify\VESWinlogon: DllName - (VESWinlogon.dll) - C:\Windows\SysWow64\VESWinlogon.dll (Sony Corporation) O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* MsConfig:64bit - StartUpReg: MarketingTools - hkey= - key= - C:\Program Files (x86)\Sony\Marketing Tools\MarketingTools.exe (Sony Corporation) MsConfig:64bit - StartUpReg: Sidebar - hkey= - key= - C:\Program Files\Windows Sidebar\sidebar.exe (Microsoft Corporation) MsConfig:64bit - StartUpReg: Skytel - hkey= - key= - C:\Programme\Realtek\Audio\HDA\SkyTel.exe (Realtek Semiconductor Corp.) SafeBootMin:64bit: Base - Driver Group SafeBootMin:64bit: Boot Bus Extender - Driver Group SafeBootMin:64bit: Boot file system - Driver Group SafeBootMin:64bit: File system - Driver Group SafeBootMin:64bit: Filter - Driver Group SafeBootMin:64bit: HelpSvc - Service SafeBootMin:64bit: PCI Configuration - Driver Group SafeBootMin:64bit: PNP Filter - Driver Group SafeBootMin:64bit: Primary disk - Driver Group SafeBootMin:64bit: sacsvr - Service SafeBootMin:64bit: SCSI Class - Driver Group SafeBootMin:64bit: System Bus Extender - Driver Group SafeBootMin:64bit: vmms - Service SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootMin: Base - Driver Group SafeBootMin: Boot Bus Extender - Driver Group SafeBootMin: Boot file system - Driver Group SafeBootMin: File system - Driver Group SafeBootMin: Filter - Driver Group SafeBootMin: HelpSvc - Service SafeBootMin: PCI Configuration - Driver Group SafeBootMin: PNP Filter - Driver Group SafeBootMin: Primary disk - Driver Group SafeBootMin: sacsvr - Service SafeBootMin: SCSI Class - Driver Group SafeBootMin: System Bus Extender - Driver Group SafeBootMin: vmms - Service SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootNet:64bit: Base - Driver Group SafeBootNet:64bit: Boot Bus Extender - Driver Group SafeBootNet:64bit: Boot file system - Driver Group SafeBootNet:64bit: File system - Driver Group SafeBootNet:64bit: Filter - Driver Group SafeBootNet:64bit: HelpSvc - Service SafeBootNet:64bit: Messenger - Service SafeBootNet:64bit: MpfService - Service SafeBootNet:64bit: NDIS Wrapper - Driver Group SafeBootNet:64bit: NetBIOSGroup - Driver Group SafeBootNet:64bit: NetDDEGroup - Driver Group SafeBootNet:64bit: Network - Driver Group SafeBootNet:64bit: NetworkProvider - Driver Group SafeBootNet:64bit: PCI Configuration - Driver Group SafeBootNet:64bit: PNP Filter - Driver Group SafeBootNet:64bit: PNP_TDI - Driver Group SafeBootNet:64bit: Primary disk - Driver Group SafeBootNet:64bit: rdsessmgr - Service SafeBootNet:64bit: sacsvr - Service SafeBootNet:64bit: SCSI Class - Driver Group SafeBootNet:64bit: Streams Drivers - Driver Group SafeBootNet:64bit: System Bus Extender - Driver Group SafeBootNet:64bit: TDI - Driver Group SafeBootNet:64bit: vmms - Service SafeBootNet:64bit: WudfUsbccidDriver - Driver SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootNet: Base - Driver Group SafeBootNet: Boot Bus Extender - Driver Group SafeBootNet: Boot file system - Driver Group SafeBootNet: File system - Driver Group SafeBootNet: Filter - Driver Group SafeBootNet: HelpSvc - Service SafeBootNet: Messenger - Service SafeBootNet: MpfService - Service SafeBootNet: NDIS Wrapper - Driver Group SafeBootNet: NetBIOSGroup - Driver Group SafeBootNet: NetDDEGroup - Driver Group SafeBootNet: Network - Driver Group SafeBootNet: NetworkProvider - Driver Group SafeBootNet: PCI Configuration - Driver Group SafeBootNet: PNP Filter - Driver Group SafeBootNet: PNP_TDI - Driver Group SafeBootNet: Primary disk - Driver Group SafeBootNet: rdsessmgr - Service SafeBootNet: sacsvr - Service SafeBootNet: SCSI Class - Driver Group SafeBootNet: Streams Drivers - Driver Group SafeBootNet: System Bus Extender - Driver Group SafeBootNet: TDI - Driver Group SafeBootNet: vmms - Service SafeBootNet: WudfUsbccidDriver - Driver SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices ActiveX:64bit: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX:64bit: {0B74300D-9D18-4656-9F79-BBF0891365AF} - Bing Bar ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX:64bit: {4CBF8339-9F09-4213-846D-8E1C2B921451} - Desktop Icon ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig ActiveX:64bit: >{40194995-2263-49FA-93D2-0A11E13FA518} - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.) CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2011.12.28 22:36:58 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Sony User\Desktop\OTL.exe [2011.12.28 22:35:01 | 000,000,000 | -HSD | C] -- C:\Config.Msi [2011.12.28 22:07:12 | 000,000,000 | ---D | C] -- C:\Users\Sony User\AppData\Roaming\TuneUp Software [2011.12.28 22:06:09 | 000,000,000 | ---D | C] -- C:\ProgramData\TuneUp Software [2011.12.28 22:05:43 | 000,000,000 | -HSD | C] -- C:\ProgramData\{32364CEA-7855-4A3C-B674-53D8E9B97936} [2011.12.28 17:37:00 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner [2011.12.28 13:58:10 | 000,000,000 | ---D | C] -- C:\Users\Sony User\AppData\Local\{4501D3E9-5230-4A6C-A97B-6EB170FA2891} [2011.12.28 13:57:46 | 000,000,000 | ---D | C] -- C:\Users\Sony User\AppData\Local\{2D915766-C378-4435-92F9-E6287D94282D} [2011.12.28 08:51:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET [2011.12.27 22:03:28 | 000,000,000 | ---D | C] -- C:\Users\Sony User\AppData\Local\{F5869F0A-FF0B-4049-8FE5-64E49A325E91} [2011.12.27 22:03:04 | 000,000,000 | ---D | C] -- C:\Users\Sony User\AppData\Local\{D133B1AF-DD03-4C3F-9496-2BA5B29FC512} [2011.12.27 21:43:17 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\SPReview [2011.12.27 21:41:56 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\EventProviders [2011.12.27 20:33:11 | 000,116,224 | ---- | C] (Windows (R) Codename Longhorn DDK provider) -- C:\Windows\SysNative\fms.dll [2011.12.27 20:32:25 | 000,093,696 | ---- | C] (Windows (R) Codename Longhorn DDK provider) -- C:\Windows\SysWow64\fms.dll [2011.12.27 19:30:50 | 000,000,000 | ---D | C] -- C:\Windows\VDLL.DLL [2011.12.27 19:30:50 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\runouce.exe [2011.12.27 19:30:50 | 000,000,000 | ---D | C] -- C:\Windows\rundll16.exe [2011.12.27 19:30:50 | 000,000,000 | ---D | C] -- C:\Windows\RUNDL132.EXE [2011.12.27 19:30:50 | 000,000,000 | ---D | C] -- C:\Windows\logo1_.exe [2011.12.27 19:30:50 | 000,000,000 | ---D | C] -- C:\Windows\logo_1.exe [2011.12.27 19:22:30 | 000,034,048 | ---- | C] (MicroWorld Technologies Inc.) -- C:\Windows\SysWow64\eEmpty.exe [2011.12.27 19:22:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\MicroWorld [2011.12.27 19:22:22 | 000,000,000 | ---D | C] -- C:\ProgramData\MicroWorld [2011.12.27 15:15:35 | 000,000,000 | ---D | C] -- C:\Users\Sony User\Desktop\Virus [2011.12.27 15:10:58 | 000,000,000 | ---D | C] -- C:\Users\Sony User\AppData\Roaming\Roxio Log Files [2011.12.27 15:08:56 | 000,000,000 | ---D | C] -- C:\Users\Sony User\AppData\Local\SvchostViewer [2011.12.27 13:21:37 | 000,000,000 | ---D | C] -- C:\ProgramData\SecTaskMan [2011.12.26 22:41:07 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN [2011.12.26 11:56:11 | 000,000,000 | ---D | C] -- C:\Windows\temp [2011.12.26 11:34:31 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT [2011.12.25 22:20:28 | 000,000,000 | ---D | C] -- C:\Users\Sony User\AppData\Local\{3C11D02F-DA75-4D54-B37B-8BBA3405470A} [2011.12.25 22:20:16 | 000,000,000 | ---D | C] -- C:\Users\Sony User\AppData\Local\{07CBAF22-9E3F-4F65-8175-5AA39A15B517} [2011.12.25 22:18:12 | 000,000,000 | ---D | C] -- C:\Windows\PCHEALTH [2011.12.25 22:17:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight [2011.12.25 22:17:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Silverlight [2011.12.25 22:13:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java [2011.12.25 22:10:14 | 000,000,000 | ---D | C] -- C:\Users\Sony User\AppData\Roaming\Avira [2011.12.25 22:07:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira [2011.12.25 22:07:10 | 000,130,760 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avipbb.sys [2011.12.25 22:07:10 | 000,097,312 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avgntflt.sys [2011.12.25 22:07:10 | 000,027,760 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avkmgr.sys [2011.12.25 22:07:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira [2011.12.25 22:07:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Avira [2011.12.25 22:04:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DVDVideoSoft [1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2011.12.28 22:40:31 | 000,009,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2011.12.28 22:40:31 | 000,009,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2011.12.28 22:39:18 | 001,472,002 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2011.12.28 22:39:18 | 000,643,866 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2011.12.28 22:39:18 | 000,607,190 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2011.12.28 22:39:18 | 000,126,394 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2011.12.28 22:39:18 | 000,103,568 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2011.12.28 22:37:03 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Sony User\Desktop\OTL.exe [2011.12.28 22:31:48 | 000,065,536 | ---- | M] () -- C:\Windows\SysNative\Ikeext.etl [2011.12.28 22:31:40 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2011.12.28 22:31:37 | 3195,293,696 | -HS- | M] () -- C:\hiberfil.sys [2011.12.28 22:31:04 | 000,003,288 | ---- | M] () -- C:\bootsqm.dat [2011.12.28 20:16:02 | 000,000,240 | ---- | M] () -- C:\Windows\SysWow64\~.inf [2011.12.28 08:20:54 | 000,446,816 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2011.12.27 22:39:07 | 000,044,578 | ---- | M] () -- C:\Users\Sony User\Documents\pinfect.zip [2011.12.27 21:52:36 | 000,008,718 | ---- | M] () -- C:\Users\Sony User\AppData\Roaming\wklnhst.dat [2011.12.27 19:30:50 | 000,000,054 | ---- | M] () -- C:\Windows\Lic.xxx [2011.12.27 19:22:29 | 000,034,048 | ---- | M] (MicroWorld Technologies Inc.) -- C:\Windows\SysWow64\eEmpty.exe [2011.12.27 15:12:03 | 000,000,181 | ---- | M] () -- C:\Windows\WININIT.INI [2011.12.26 11:41:02 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts [2011.12.15 15:00:00 | 000,027,760 | ---- | M] (Avira GmbH) -- C:\Windows\SysNative\drivers\avkmgr.sys [2011.12.15 14:59:59 | 000,130,760 | ---- | M] (Avira GmbH) -- C:\Windows\SysNative\drivers\avipbb.sys [2011.12.15 14:59:59 | 000,097,312 | ---- | M] (Avira GmbH) -- C:\Windows\SysNative\drivers\avgntflt.sys [2011.12.10 15:24:08 | 000,023,152 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ] ========== Files Created - No Company Name ========== [2011.12.28 22:31:04 | 000,003,288 | ---- | C] () -- C:\bootsqm.dat [2011.12.28 20:14:56 | 000,000,240 | ---- | C] () -- C:\Windows\SysWow64\~.inf [2011.12.27 22:39:07 | 000,044,578 | ---- | C] () -- C:\Users\Sony User\Documents\pinfect.zip [2011.12.27 20:34:51 | 000,347,904 | ---- | C] () -- C:\Windows\SysNative\systemsf.ebd [2011.12.27 20:31:47 | 000,010,429 | ---- | C] () -- C:\Windows\SysNative\ScavengeSpace.xml [2011.12.27 20:31:23 | 000,105,559 | ---- | C] () -- C:\Windows\SysWow64\RacRules.xml [2011.12.27 20:31:23 | 000,105,559 | ---- | C] () -- C:\Windows\SysNative\RacRules.xml [2011.12.27 20:30:31 | 000,001,041 | ---- | C] () -- C:\Windows\SysWow64\tcpbidi.xml [2011.12.27 19:22:47 | 000,000,054 | ---- | C] () -- C:\Windows\Lic.xxx [2011.12.27 15:12:03 | 000,000,181 | ---- | C] () -- C:\Windows\WININIT.INI [2011.12.25 22:19:24 | 000,002,486 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Messenger.lnk [2010.07.25 08:39:33 | 000,008,192 | ---- | C] () -- C:\Users\Sony User\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010.04.05 19:37:57 | 000,008,718 | ---- | C] () -- C:\Users\Sony User\AppData\Roaming\wklnhst.dat [2009.12.20 18:02:09 | 000,027,639 | ---- | C] () -- C:\Users\Sony User\AppData\Roaming\UserTile.png [2009.09.06 09:32:41 | 000,000,000 | ---- | C] () -- C:\Windows\VAIOUpdt.INI [2009.09.06 09:07:13 | 000,002,835 | ---- | C] () -- C:\Windows\SysWow64\McOEMAppRules.dat [2009.08.17 21:11:49 | 000,982,220 | ---- | C] () -- C:\Windows\SysWow64\igkrng500.bin [2009.08.17 21:11:46 | 000,134,592 | ---- | C] () -- C:\Windows\SysWow64\igfcg500.bin [2009.08.17 21:11:46 | 000,092,216 | ---- | C] () -- C:\Windows\SysWow64\igfcg500m.bin [2009.08.17 21:11:44 | 000,439,300 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng500.bin [2009.08.17 13:27:21 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin [2009.07.14 06:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2009.07.14 03:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT [2009.07.14 03:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat [2009.07.14 01:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2009.07.14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll [2009.07.13 22:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll [2009.06.10 22:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat ========== LOP Check ========== [2011.12.25 22:04:18 | 000,000,000 | ---D | M] -- C:\Users\Sony User\AppData\Roaming\DVDVideoSoftIEHelpers [2011.04.11 10:31:47 | 000,000,000 | ---D | M] -- C:\Users\Sony User\AppData\Roaming\ICQ [2011.01.10 18:52:54 | 000,000,000 | ---D | M] -- C:\Users\Sony User\AppData\Roaming\PC Suite [2010.04.05 19:39:02 | 000,000,000 | ---D | M] -- C:\Users\Sony User\AppData\Roaming\Template [2011.12.28 22:07:12 | 000,000,000 | ---D | M] -- C:\Users\Sony User\AppData\Roaming\TuneUp Software [2009.11.24 15:01:22 | 000,000,000 | ---D | M] -- C:\Users\Sony User\AppData\Roaming\Vodafone [2011.04.13 08:21:19 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Custom Scans ========== < %ALLUSERSPROFILE%\Application Data\*. > < %ALLUSERSPROFILE%\Application Data\*.exe /s > < %APPDATA%\*. > [2009.12.08 04:31:56 | 000,000,000 | ---D | M] -- C:\Users\Sony User\AppData\Roaming\Adobe [2011.04.17 22:38:27 | 000,000,000 | ---D | M] -- C:\Users\Sony User\AppData\Roaming\Apple Computer [2009.12.27 19:26:40 | 000,000,000 | ---D | M] -- C:\Users\Sony User\AppData\Roaming\ArcSoft [2009.10.22 09:12:26 | 000,000,000 | ---D | M] -- C:\Users\Sony User\AppData\Roaming\ATI [2011.12.25 22:10:14 | 000,000,000 | ---D | M] -- C:\Users\Sony User\AppData\Roaming\Avira [2011.04.17 14:44:04 | 000,000,000 | ---D | M] -- C:\Users\Sony User\AppData\Roaming\DivX [2011.12.25 22:04:18 | 000,000,000 | ---D | M] -- C:\Users\Sony User\AppData\Roaming\DVDVideoSoftIEHelpers [2009.10.23 10:26:24 | 000,000,000 | ---D | M] -- C:\Users\Sony User\AppData\Roaming\Google [2011.04.11 10:31:47 | 000,000,000 | ---D | M] -- C:\Users\Sony User\AppData\Roaming\ICQ [2009.10.22 09:09:39 | 000,000,000 | ---D | M] -- C:\Users\Sony User\AppData\Roaming\Identities [2009.11.24 15:26:49 | 000,000,000 | ---D | M] -- C:\Users\Sony User\AppData\Roaming\Macromedia [2010.06.27 03:20:28 | 000,000,000 | ---D | M] -- C:\Users\Sony User\AppData\Roaming\Malwarebytes [2009.07.14 19:18:18 | 000,000,000 | ---D | M] -- C:\Users\Sony User\AppData\Roaming\Media Center Programs [2010.10.05 14:38:44 | 000,000,000 | --SD | M] -- C:\Users\Sony User\AppData\Roaming\Microsoft [2010.05.03 18:23:16 | 000,000,000 | ---D | M] -- C:\Users\Sony User\AppData\Roaming\Mozilla [2011.01.10 18:52:54 | 000,000,000 | ---D | M] -- C:\Users\Sony User\AppData\Roaming\PC Suite [2011.12.27 15:10:58 | 000,000,000 | ---D | M] -- C:\Users\Sony User\AppData\Roaming\Roxio Log Files [2010.09.23 00:10:27 | 000,000,000 | ---D | M] -- C:\Users\Sony User\AppData\Roaming\Sony Corporation [2010.04.05 19:39:02 | 000,000,000 | ---D | M] -- C:\Users\Sony User\AppData\Roaming\Template [2011.12.28 22:07:12 | 000,000,000 | ---D | M] -- C:\Users\Sony User\AppData\Roaming\TuneUp Software [2009.11.24 15:01:22 | 000,000,000 | ---D | M] -- C:\Users\Sony User\AppData\Roaming\Vodafone [2010.06.22 21:56:05 | 000,000,000 | ---D | M] -- C:\Users\Sony User\AppData\Roaming\WinRAR < %APPDATA%\*.exe /s > < %SYSTEMDRIVE%\*.exe > < MD5 for: AGP440.SYS > [2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\drivers\AGP440.sys [2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_a2f120466549d68b\AGP440.sys [2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\AGP440.sys [2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\AGP440.sys < MD5 for: ATAPI.SYS > [2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\ERDNT\cache64\atapi.sys [2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys [2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys [2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys [2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys < MD5 for: CNGAUDIT.DLL > [2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\ERDNT\cache86\cngaudit.dll [2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll [2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll [2009.07.14 02:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\ERDNT\cache64\cngaudit.dll [2009.07.14 02:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\SysNative\cngaudit.dll [2009.07.14 02:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll < MD5 for: IASTOR.SYS > [2009.06.04 17:54:36 | 000,408,600 | ---- | M] (Intel Corporation) MD5=1D004CB1DA6323B1F55CAEF7F94B61D9 -- C:\Windows\SysNative\drivers\iaStor.sys < MD5 for: IASTORV.SYS > [2010.11.20 14:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\SysNative\drivers\iaStorV.sys [2010.11.20 14:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_668286aa35d55928\iaStorV.sys [2010.11.20 14:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_0d3757e79e6784d0\iaStorV.sys [2009.07.14 02:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_0b06441fa1790136\iaStorV.sys < MD5 for: NETLOGON.DLL > [2009.07.14 02:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\ERDNT\cache64\netlogon.dll [2009.07.14 02:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_59aca8ea51aaeefe\netlogon.dll [2010.11.20 14:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\SysNative\netlogon.dll [2010.11.20 14:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298\netlogon.dll [2010.11.20 13:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SysWOW64\netlogon.dll [2010.11.20 13:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_6632670482fa3493\netlogon.dll [2009.07.14 02:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\ERDNT\cache86\netlogon.dll [2009.07.14 02:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_6401533c860bb0f9\netlogon.dll < MD5 for: NVSTOR.SYS > [2009.07.14 02:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_95cfb4ced8afab0e\nvstor.sys [2010.11.20 14:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\SysNative\drivers\nvstor.sys [2010.11.20 14:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_dd659ed032d28a14\nvstor.sys [2010.11.20 14:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8\nvstor.sys < MD5 for: SCECLI.DLL > [2009.07.14 02:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\ERDNT\cache86\scecli.dll [2009.07.14 02:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9e577e55272d37b4\scecli.dll [2009.07.14 02:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\ERDNT\cache64\scecli.dll [2009.07.14 02:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9402d402f2cc75b9\scecli.dll [2010.11.20 13:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SysWOW64\scecli.dll [2010.11.20 13:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll [2010.11.20 14:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\SysNative\scecli.dll [2010.11.20 14:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll < MD5 for: USER32.DLL > [2010.11.20 13:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\SysWOW64\user32.dll [2010.11.20 13:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll [2009.07.14 02:41:56 | 001,008,640 | ---- | M] (Microsoft Corporation) MD5=72D7B3EA16946E8F0CF7458150031CC6 -- C:\Windows\ERDNT\cache64\user32.dll [2009.07.14 02:41:56 | 001,008,640 | ---- | M] (Microsoft Corporation) MD5=72D7B3EA16946E8F0CF7458150031CC6 -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_292d5de8870d85d9\user32.dll [2009.07.14 02:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- C:\Windows\ERDNT\cache86\user32.dll [2009.07.14 02:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_3382083abb6e47d4\user32.dll [2010.11.20 14:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\SysNative\user32.dll [2010.11.20 14:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll < MD5 for: USERINIT.EXE > [2010.11.20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe [2010.11.20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe [2009.07.14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\ERDNT\cache86\userinit.exe [2009.07.14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe [2009.07.14 02:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\ERDNT\cache64\userinit.exe [2009.07.14 02:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe [2010.11.20 14:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe [2010.11.20 14:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe < MD5 for: WININIT.EXE > [2009.07.14 02:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\ERDNT\cache64\wininit.exe [2009.07.14 02:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\SysNative\wininit.exe [2009.07.14 02:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_8ce7aa761e01ad49\wininit.exe [2009.07.14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\ERDNT\cache86\wininit.exe [2009.07.14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\SysWOW64\wininit.exe [2009.07.14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe < MD5 for: WINLOGON.EXE > [2010.11.20 14:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe [2010.11.20 14:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe [2009.07.14 02:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe [2009.10.28 08:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe [2011.12.24 17:50:20 | 000,182,856 | ---- | M] () MD5=B382935AB01B27D0E14F267DBF288896 -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe [2009.10.28 07:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\ERDNT\cache64\winlogon.exe [2009.10.28 07:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe < MD5 for: WS2IFSL.SYS > [2009.07.14 01:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\SysNative\drivers\ws2ifsl.sys [2009.07.14 01:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_ab7b927be17eace8\ws2ifsl.sys < %systemroot%\system32\drivers\*.sys /lockedfiles > < %systemroot%\System32\config\*.sav > < %systemroot%\*. /mp /s > < %systemroot%\system32\*.dll /lockedfiles > [1 C:\Windows\system32\*.tmp files -> C:\Windows\system32\*.tmp -> ] < > < End of report > Code:
ATTFilter OTL Extras logfile created on: 28.12.2011 22:38:22 - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Sony User\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,97 Gb Total Physical Memory | 2,55 Gb Available Physical Memory | 64,32% Memory free
7,93 Gb Paging File | 6,21 Gb Available in Paging File | 78,23% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 456,28 Gb Total Space | 333,04 Gb Free Space | 72,99% Space Free | Partition Type: NTFS
Computer Name: SONYUSER-VAIO | User Name: Sony User | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- Reg Error: Key error. File not found
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L"
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L"
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
========== Firewall Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{180C8888-50F1-426B-A9DC-AB83A1989C65}" = Windows Live Language Selector
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{26A24AE4-039D-4CA4-87B4-2F86416014FF}" = Java(TM) 6 Update 14 (64-bit)
"{4D668D4F-FAA2-4726-834C-31F4614F312E}" = MSVC80_x64_v2
"{8AA7EE74-114A-FFFF-B1D2-AED4707763C9}" = ccc-utility64
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}" = WIDCOMM Bluetooth Software
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Alps Pointing-device for VAIO
"{A4BC24CB-F8C7-27FB-41D5-47A405031A41}" = ATI Catalyst Install Manager
"{AB071C8B-873C-459F-ACA9-9EBE03C3E89B}" = MSVC90_x64
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{F83779DF-E1F5-43A2-A7BE-732F856FADB7}" = Microsoft SQL Server Compact 3.5 SP1 x64 English
"CCleaner" = CCleaner
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{0271C003-CED0-2354-818F-A872734088B1}" = CCC Help Dutch
"{0899D75A-C2FC-42EA-A702-5B9A5F24EAD5}" = VAIO Smart Network
"{0A5F02E5-1A52-4F85-892C-A35227641C75}" = VAIO Content Metadata Intelligent Analyzing Manager
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{14291118-0C19-45EA-A4FA-5C1C0F5FDE09}" = Primo
"{1BA1DBDC-5431-46FD-A66F-A17EB1C439EE}" = Windows Live Messenger
"{1E40FED6-E0D6-0AA2-BA08-75B6C1E2D02F}" = CCC Help Swedish
"{1FE69600-3A33-FFFF-C488-F3E40DBC2F68}" = CCC Help Czech
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{2018C019-30D9-4240-8C01-0865C10DCF5A}" = Unterstützung für VAIO-Präsentation
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 30
"{2BE51320-174A-44EC-8041-50E35E091283}" = VAIO Content Metadata Intelligent Analyzing Manager
"{2FC5CB84-9110-DE89-379B-34E87AB8BDC1}" = CCC Help Italian
"{3662480D-028D-BE4E-DEC1-775818519CC2}" = CCC Help Norwegian
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{3B1168DE-1F8C-471C-AC49-0CA52F096170}" = VAIO Content Metadata Intelligent Network Service Manager
"{3BA4FBA3-35EE-3E3B-62D8-606AF0722950}" = ccc-core-static
"{48E29469-216B-1AE3-B156-A2DAA48E709E}" = Catalyst Control Center InstallProxy
"{48E91AD2-2A80-4E70-98E6-450A189F6048}" = VAIO Movie Story
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4D029068-CE21-848B-5654-1409E47507BB}" = CCC Help Chinese Traditional
"{4DCEA9C1-4D6E-41BF-A854-28CFA8B56DBF}" = Click to Disc Editor
"{4E7FD54B-D551-70C1-CEE7-88FD59BE8063}" = CCC Help English
"{51BEF30C-58E4-490F-BA40-A2F12AB8B5F9}" = VAIO Content Metadata Manager Settings
"{51CFD8DC-5C66-42ec-9598-72E28FD62ED5}" = MusicStation
"{52AF7D37-EECF-535F-5226-E0DD16543CD1}" = CCC Help Thai
"{54108D57-A606-774B-BA31-6C9363B0B33A}" = Catalyst Control Center Graphics Light
"{5449FB4F-1802-4D5B-A6D8-087DB1142147}" = Realtek HDMI Audio Driver for ATI
"{575E77D1-29E9-28EC-7D28-F5ABAB72C270}" = Catalyst Control Center Graphics Full Existing
"{57AABF73-E17F-4212-A103-13A9794F0869}" = VAIO Content Metadata XML Interface Library
"{57B955CE-B5D3-495D-AF1B-FAEE0540BFEF}" = VAIO Data Restore Tool
"{596BED91-A1D8-4DF1-8CD1-1C777F7588AC}" = VAIO DVD Menu Data Basic
"{5DDAFB4B-C52E-468A-9E23-3B0CEEB671BF}" = VAIO-Support für Übertragungen
"{5F2D882B-A663-4EB5-9851-48CC6C75FD2D}" = VAIO Content Metadata Intelligent Network Service Manager
"{5F5867F0-2D23-4338-A206-01A76C823924}" = VAIO Energie Verwaltung
"{62F7DA7E-CCCB-439C-A760-00C3926E761F}" = Microsoft Works
"{6529B443-1BD5-D7D3-7DAF-D6AD2C98C38A}" = CCC Help Finnish
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{68A69CFF-130D-4CDE-AB0E-7374ECB144C8}" = Click to Disc
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6B1F20F2-6321-4669-A58C-33DF8E7517FF}" = VAIO Entertainment Platform
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{6FA8BA2C-052B-4072-B8E2-2302C268BE9E}" = VAIO Movie Story Template Data
"{70991E0A-1108-437E-BA7D-085702C670C0}" =
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{72042FA6-5609-489F-A8EA-3C2DD650F667}" = VAIO Control Center
"{73330752-80F1-65AE-721D-8AA10AEFF99B}" = CCC Help Turkish
"{7395DD51-0D1A-47A7-9993-742073ECF4CE}" = VAIO Content Metadata Manager Settings
"{73C6DCFB-B606-47F3-BDFA-9A4FBF931E37}" = ICQ7.4
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7A512C74-7780-43A1-93DA-29C23D0DF374}" = VAIO Content Metadata XML Interface Library
"{7BB90344-0647-468E-925A-7F69F7983421}" = ArcSoft Magic-i Visual Effects 2
"{7E1D9B1F-A5AE-737C-E0BC-96C42D19E2CC}" = CCC Help Russian
"{7E8DE539-B044-48B3-BC76-4F0A089ABE2F}" = VAIO Content Metadata Intelligent Analyzing Manager
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{83CDA18E-0BF3-4ACA-872C-B4CDABF2360E}" = VAIO Update 4
"{876172CF-1095-181F-B037-6A713235417F}" = Catalyst Control Center Graphics Previews Vista
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8AFAF619-1FD7-71BD-26F1-8EED9C1C8A8D}" = Catalyst Control Center Graphics Previews Common
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8DE50158-80AA-4FF2-9E9F-0A7C46F71FCD}" = VAIO Media plus
"{8EE47674-9AD3-B099-C6E4-7FB9F0D14D38}" = CCC Help Spanish
"{8F47B673-8D71-49E3-98B6-BCF547C82F57}" = Click to Disc
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{E64BA721-2310-4B55-BE5A-2925F9706192}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{E64BA721-2310-4B55-BE5A-2925F9706192}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002A-0407-1000-0000000FF1CE}_HOMESTUDENTR_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{9238E8A4-BEBA-43A3-B926-769BDBF194C5}" = VAIO Media plus Opening Movie
"{931FE23C-BB40-4C7A-A594-DB35908D8E83}" = VAIO Quick Web Access
"{949419DF-F4AF-4693-B60A-522B24F233C6}" = VAIO Content Metadata XML Interface Library
"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)
"{95140000-007A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{96D0B6C6-5A72-4B47-8583-A87E55F5FE81}" =
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B00435C-61FA-BB7F-4B7A-98FCC4881C3F}" = CCC Help French
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D179733-28AD-DF80-B74A-5A0F9FD4E332}" = CCC Help Japanese
"{9D912275-85FD-45F6-9AF3-388A0F8AADB2}" = VAIO Content Metadata Intelligent Network Service Manager
"{9E39EA0D-38CD-4739-9E28-DEA4A1155522}" = Sony Home Network Library
"{9EAC0E21-510E-4259-A9C6-F5D5B8969036}" = Catalyst Control Center - Branding
"{A1432157-D6B5-BD3C-42C8-E54BEED3EB0E}" = CCC Help Korean
"{A63E7492-A0BC-4BB9-89A7-352965222380}" = VAIO Original Funktion Einstellungen
"{A7C30414-2382-4086-B0D6-01A88ABA21C3}" = VAIO Gate
"{A7DA438C-2E43-4C20-BFDA-C1F4A6208558}" = Setting Utility Series
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AB30697D-E02D-2FD7-2EF4-E60887B4B22E}" = CCC Help Chinese Standard
"{AC76BA86-7AD7-1031-7B44-A94000000001}" = Adobe Reader 9.4.7 - Deutsch
"{ACE78B09-BD0C-E6A4-1250-2482B5A126B8}" = Catalyst Control Center Graphics Full New
"{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86
"{B25563A0-41F4-4A81-A6C1-6DBC0911B1F3}" = VAIO Movie Story
"{B2A7278B-6D98-8640-760B-3D34485D1AD6}" = CCC Help Portuguese
"{BBA68DFD-AA0F-2CD0-932A-17442B41A350}" = CCC Help Danish
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections
"{C7477742-DDB4-43E5-AC8D-0259E1E661B1}" = VAIO Event Service
"{CE2121C6-C94D-4A73-8EA4-6943F33EE335}" = Music Transfer
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D03D02D8-AB64-4785-A48E-5AA8B0FB8C14}" = Sony Home Network Library
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D5068583-D569-468B-9755-5FBF5848F46F}" = Sony Picture Utility
"{D60F97EC-EF06-4E1E-B0D1-C2CBABA62FA3}" = VAIO Wallpaper Contents
"{D8AE7D4E-BA8B-4F7B-BF50-8D2F090034F0}" = VAIO Content Metadata Intelligent Analyzing Manager
"{DABF43D9-1104-4764-927B-5BED1274A3B0}" = Runtime
"{DE8AAC73-6D8D-483E-96EA-CAEDDADB9079}" = ArcSoft WebCam Companion 3
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E23CBEC5-533E-054A-4109-95751B7C3A81}" = CCC Help German
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{E59113EB-0285-4BFD-A37A-B79EAC6B8F4B}" = Microsoft SQL Server Compact 3.5 SP1 English
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
"{F0A034FE-0951-EF71-145E-F0DF36F5A203}" = Catalyst Control Center Core Implementation
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0F05BDF-4AE4-096C-C8E9-4B4DAD2DE13D}" = CCC Help Polish
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F1432614-6183-49E6-98E8-674485463CFE}" = VAIO Original Function Settings
"{F3C91479-BDAC-4B42-0B7B-54D37EB63A12}" = CCC Help Hungarian
"{F52EE3CE-A6B2-63E2-9445-EC92EEC1FB90}" = Catalyst Control Center Localization All
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FB77DB0C-6951-47B6-9D80-A0FDBEE0334C}" =
"{FBBF5D9C-1989-4933-AE4E-19EE368385B4}" = VAIO Entertainment Platform
"{FC55ADF1-53B6-269F-92F7-413AB697EE48}" = CCC Help Greek
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Avira AntiVir Desktop" = Avira Free Antivirus
"ENTERPRISE" = Microsoft Office Enterprise 2007
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.10.14.1206
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"InstallShield_{4DCEA9C1-4D6E-41BF-A854-28CFA8B56DBF}" = Click to Disc Editor
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.60.0.1800
"MarketingTools" = VAIO Marketing Tools
"MFU Module" =
"Mozilla Firefox (3.6.16)" = Mozilla Firefox (3.6.16)
"splashtop" = VAIO Quick Web Access
"Uninstall_is1" = Uninstall 1.0.0.1
"VAIO Help and Support" =
"VAIO NW screensaver" = VAIO NW screensaver
"VAIO Premium Partners 1.00" = VAIO Premium Partners 1.00
"WinLiveSuite" = Windows Live Essentials
"WinRAR archiver" = WinRAR
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 28.12.2011 12:50:09 | Computer Name = SonyUser-VAIO | Source = Windows Search Service | ID = 3028
Description =
Error - 28.12.2011 12:50:09 | Computer Name = SonyUser-VAIO | Source = Windows Search Service | ID = 3058
Description =
Error - 28.12.2011 12:50:09 | Computer Name = SonyUser-VAIO | Source = Windows Search Service | ID = 7010
Description =
Error - 28.12.2011 15:30:30 | Computer Name = SonyUser-VAIO | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Windows\Installer\{62F7DA7E-CCCB-439C-A760-00C3926E761F}\WksWP.exe".
Die
abhängige Assemblierung "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".
Error - 28.12.2011 15:30:50 | Computer Name = SonyUser-VAIO | Source = VzCdbSvc | ID = 7
Description = Das Plug-In-Modul konnte nicht geladen werden. (GUID = {56F9312C-C989-4E04-8C23-299DEE3A36F5})
(Fehlercode = 0x80042019)
Error - 28.12.2011 17:07:40 | Computer Name = SonyUser-VAIO | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Windows\Installer\{62F7DA7E-CCCB-439C-A760-00C3926E761F}\WksWP.exe".
Die
abhängige Assemblierung "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".
Error - 28.12.2011 17:07:41 | Computer Name = SonyUser-VAIO | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Windows\Installer\{62F7DA7E-CCCB-439C-A760-00C3926E761F}\WksWP.exe".
Die
abhängige Assemblierung "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".
Error - 28.12.2011 17:32:24 | Computer Name = SonyUser-VAIO | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Windows\Installer\{62F7DA7E-CCCB-439C-A760-00C3926E761F}\WksWP.exe".
Die
abhängige Assemblierung "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".
Error - 28.12.2011 17:32:45 | Computer Name = SonyUser-VAIO | Source = VzCdbSvc | ID = 7
Description = Das Plug-In-Modul konnte nicht geladen werden. (GUID = {56F9312C-C989-4E04-8C23-299DEE3A36F5})
(Fehlercode = 0x80042019)
Error - 28.12.2011 17:35:09 | Computer Name = SonyUser-VAIO | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Windows\Installer\{62F7DA7E-CCCB-439C-A760-00C3926E761F}\WksWP.exe".
Die
abhängige Assemblierung "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".
[ System Events ]
Error - 28.12.2011 12:48:20 | Computer Name = SonyUser-VAIO | Source = atikmdag | ID = 43029
Description = Display is not active
Error - 28.12.2011 12:50:09 | Computer Name = SonyUser-VAIO | Source = Service Control Manager | ID = 7024
Description = Der Dienst "Windows Search" wurde mit folgendem dienstspezifischem
Fehler beendet: %%-1073473535.
Error - 28.12.2011 12:50:09 | Computer Name = SonyUser-VAIO | Source = Service Control Manager | ID = 7031
Description = Der Dienst "Windows Search" wurde unerwartet beendet. Dies ist bereits
1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 30000 Millisekunden durchgeführt:
Neustart des Diensts.
Error - 28.12.2011 15:02:15 | Computer Name = SonyUser-VAIO | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
von Dienst Wlansvc erreicht.
Error - 28.12.2011 15:02:16 | Computer Name = SonyUser-VAIO | Source = atikmdag | ID = 43029
Description = Display is not active
Error - 28.12.2011 15:29:39 | Computer Name = SonyUser-VAIO | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?28.?12.?2011 um 20:24:40 unerwartet heruntergefahren.
Error - 28.12.2011 15:29:37 | Computer Name = SonyUser-VAIO | Source = atikmdag | ID = 52236
Description = CPLIB :: General - Invalid Parameter
Error - 28.12.2011 15:29:37 | Computer Name = SonyUser-VAIO | Source = atikmdag | ID = 43029
Description = Display is not active
Error - 28.12.2011 17:31:39 | Computer Name = SonyUser-VAIO | Source = atikmdag | ID = 52236
Description = CPLIB :: General - Invalid Parameter
Error - 28.12.2011 17:31:39 | Computer Name = SonyUser-VAIO | Source = atikmdag | ID = 43029
Description = Display is not active
< End of report >
|
|
28.12.2011, 23:45
| #7 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Malewarebytes Antimalware stoppt "svchost.exe" ip :82.98.97.183 bis 82.98.97.205 Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!) Code:
ATTFilter :OTL
[2011.04.08 05:59:26 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Users\Sony User\AppData\Roaming\mozilla\Firefox\Profiles\qzmkl14c.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2010.08.18 21:28:53 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\Sony User\AppData\Roaming\mozilla\Firefox\Profiles\qzmkl14c.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2010.08.21 20:21:07 | 000,000,873 | ---- | M] () -- C:\Users\Sony User\AppData\Roaming\Mozilla\Firefox\Profiles\qzmkl14c.default\searchplugins\conduit.xml
[2010.12.21 14:59:20 | 000,000,950 | ---- | M] () -- C:\Users\Sony User\AppData\Roaming\Mozilla\Firefox\Profiles\qzmkl14c.default\searchplugins\icqplugin-2.xml
[2011.04.08 06:02:37 | 000,000,950 | ---- | M] () -- C:\Users\Sony User\AppData\Roaming\Mozilla\Firefox\Profiles\qzmkl14c.default\searchplugins\icqplugin-3.xml
[2011.04.08 05:59:26 | 000,000,168 | ---- | M] () -- C:\Users\Sony User\AppData\Roaming\Mozilla\Firefox\Profiles\qzmkl14c.default\searchplugins\icqplugin.gif
[2011.04.08 05:59:26 | 000,000,618 | ---- | M] () -- C:\Users\Sony User\AppData\Roaming\Mozilla\Firefox\Profiles\qzmkl14c.default\searchplugins\icqplugin.src
[2010.05.12 16:40:48 | 000,001,042 | ---- | M] () -- C:\Users\Sony User\AppData\Roaming\Mozilla\Firefox\Profiles\qzmkl14c.default\searchplugins\icqplugin.xml
[2011.12.27 19:30:50 | 000,000,000 | ---D | C] -- C:\Windows\VDLL.DLL
[2011.12.27 19:30:50 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\runouce.exe
[2011.12.27 19:30:50 | 000,000,000 | ---D | C] -- C:\Windows\rundll16.exe
[2011.12.27 19:30:50 | 000,000,000 | ---D | C] -- C:\Windows\RUNDL132.EXE
[2011.12.27 19:30:50 | 000,000,000 | ---D | C] -- C:\Windows\logo1_.exe
[2011.12.27 19:30:50 | 000,000,000 | ---D | C] -- C:\Windows\logo_1.exe
[2011.12.27 19:22:30 | 000,034,048 | ---- | C] (MicroWorld Technologies Inc.) -- C:\Windows\SysWow64\eEmpty.exe
[2011.12.28 20:16:02 | 000,000,240 | ---- | M] () -- C:\Windows\SysWow64\~.inf
[2011.12.27 22:39:07 | 000,044,578 | ---- | M] () -- C:\Users\Sony User\Documents\pinfect.zip
:Commands
[emptytemp]
[resethosts]
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet. Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt. Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!
__________________ "Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak) Das Trojaner-Board unterstützen Warum Linux besser als Windows ist! |
|
29.12.2011, 08:56
| #8 |
| | Malewarebytes Antimalware stoppt "svchost.exe" ip :82.98.97.183 bis 82.98.97.205 Habe ich gemacht, hier der Logfile Code:
ATTFilter All processes killed
========== OTL ==========
C:\Users\Sony User\AppData\Roaming\mozilla\Firefox\Profiles\qzmkl14c.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\search_engine folder moved successfully.
C:\Users\Sony User\AppData\Roaming\mozilla\Firefox\Profiles\qzmkl14c.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\META-INF folder moved successfully.
C:\Users\Sony User\AppData\Roaming\mozilla\Firefox\Profiles\qzmkl14c.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\defaults\preferences folder moved successfully.
C:\Users\Sony User\AppData\Roaming\mozilla\Firefox\Profiles\qzmkl14c.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\defaults folder moved successfully.
C:\Users\Sony User\AppData\Roaming\mozilla\Firefox\Profiles\qzmkl14c.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\components folder moved successfully.
C:\Users\Sony User\AppData\Roaming\mozilla\Firefox\Profiles\qzmkl14c.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\skin folder moved successfully.
C:\Users\Sony User\AppData\Roaming\mozilla\Firefox\Profiles\qzmkl14c.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\tr folder moved successfully.
C:\Users\Sony User\AppData\Roaming\mozilla\Firefox\Profiles\qzmkl14c.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\sk folder moved successfully.
C:\Users\Sony User\AppData\Roaming\mozilla\Firefox\Profiles\qzmkl14c.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\ru folder moved successfully.
C:\Users\Sony User\AppData\Roaming\mozilla\Firefox\Profiles\qzmkl14c.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\it folder moved successfully.
C:\Users\Sony User\AppData\Roaming\mozilla\Firefox\Profiles\qzmkl14c.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\he folder moved successfully.
C:\Users\Sony User\AppData\Roaming\mozilla\Firefox\Profiles\qzmkl14c.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\fr folder moved successfully.
C:\Users\Sony User\AppData\Roaming\mozilla\Firefox\Profiles\qzmkl14c.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\es folder moved successfully.
C:\Users\Sony User\AppData\Roaming\mozilla\Firefox\Profiles\qzmkl14c.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\en-US folder moved successfully.
C:\Users\Sony User\AppData\Roaming\mozilla\Firefox\Profiles\qzmkl14c.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\de folder moved successfully.
C:\Users\Sony User\AppData\Roaming\mozilla\Firefox\Profiles\qzmkl14c.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\cs folder moved successfully.
C:\Users\Sony User\AppData\Roaming\mozilla\Firefox\Profiles\qzmkl14c.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\bg folder moved successfully.
C:\Users\Sony User\AppData\Roaming\mozilla\Firefox\Profiles\qzmkl14c.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale folder moved successfully.
C:\Users\Sony User\AppData\Roaming\mozilla\Firefox\Profiles\qzmkl14c.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\content\img folder moved successfully.
C:\Users\Sony User\AppData\Roaming\mozilla\Firefox\Profiles\qzmkl14c.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\content folder moved successfully.
C:\Users\Sony User\AppData\Roaming\mozilla\Firefox\Profiles\qzmkl14c.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome folder moved successfully.
C:\Users\Sony User\AppData\Roaming\mozilla\Firefox\Profiles\qzmkl14c.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07} folder moved successfully.
C:\Users\Sony User\AppData\Roaming\mozilla\Firefox\Profiles\qzmkl14c.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}\chrome folder moved successfully.
C:\Users\Sony User\AppData\Roaming\mozilla\Firefox\Profiles\qzmkl14c.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} folder moved successfully.
C:\Users\Sony User\AppData\Roaming\Mozilla\Firefox\Profiles\qzmkl14c.default\searchplugins\conduit.xml moved successfully.
C:\Users\Sony User\AppData\Roaming\Mozilla\Firefox\Profiles\qzmkl14c.default\searchplugins\icqplugin-2.xml moved successfully.
C:\Users\Sony User\AppData\Roaming\Mozilla\Firefox\Profiles\qzmkl14c.default\searchplugins\icqplugin-3.xml moved successfully.
C:\Users\Sony User\AppData\Roaming\Mozilla\Firefox\Profiles\qzmkl14c.default\searchplugins\icqplugin.gif moved successfully.
C:\Users\Sony User\AppData\Roaming\Mozilla\Firefox\Profiles\qzmkl14c.default\searchplugins\icqplugin.src moved successfully.
C:\Users\Sony User\AppData\Roaming\Mozilla\Firefox\Profiles\qzmkl14c.default\searchplugins\icqplugin.xml moved successfully.
C:\Windows\VDLL.DLL folder moved successfully.
C:\Windows\SysWow64\runouce.exe folder moved successfully.
C:\Windows\rundll16.exe folder moved successfully.
C:\Windows\RUNDL132.EXE folder moved successfully.
C:\Windows\logo1_.exe folder moved successfully.
C:\Windows\logo_1.exe folder moved successfully.
C:\Windows\SysWOW64\eEmpty.exe moved successfully.
C:\Windows\SysWOW64\~.inf moved successfully.
C:\Users\Sony User\Documents\pinfect.zip moved successfully.
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Public
->Temp folder emptied: 0 bytes
User: Sony User
->Temp folder emptied: 5117326 bytes
->Temporary Internet Files folder emptied: 15260828 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 470 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 3648624 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 524896 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50434 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 23,00 mb
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
OTL by OldTimer - Version 3.2.31.0 log created on 12292011_085007
Files\Folders moved on Reboot...
C:\Users\Sony User\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
Registry entries deleted on Reboot...
|
|
29.12.2011, 09:04
| #9 |
| | Malewarebytes Antimalware stoppt "svchost.exe" ip :82.98.97.183 bis 82.98.97.205 Von Malewarebytes kam die Meldung das es wieder gestoppt wurde, trotz des fixen. |
|
29.12.2011, 16:11
| #10 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Malewarebytes Antimalware stoppt "svchost.exe" ip :82.98.97.183 bis 82.98.97.205 Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet, Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten. Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C  nach, da speichert der TDSS-Killer seine Logs.Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!  Falls du durch die Infektion auf deine Dokumente/Eigenen Dateien nicht zugreifen kannst, Verknüpfungen auf dem Desktop oder im Startmenü unter "alle Programme" fehlen, bitte unhide ausführen: Downloade dir bitte unhide.exe und speichere diese Datei auf deinem Desktop. Starte das Tool und es sollten alle Dateien und Ordner wieder sichtbar sein. ( Könnte eine Weile dauern )  Windows-Vista und Windows-7-User müssen das Tool per Rechtsklick als Administrator ausführen!
__________________ "Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak) Das Trojaner-Board unterstützen Warum Linux besser als Windows ist! |
|
29.12.2011, 20:15
| #11 |
| | Malewarebytes Antimalware stoppt "svchost.exe" ip :82.98.97.183 bis 82.98.97.205 So hier der Logfile Code:
ATTFilter 20:12:26.0286 2504 TDSS rootkit removing tool 2.6.25.0 Dec 23 2011 14:51:16
20:12:27.0736 2504 ============================================================
20:12:27.0736 2504 Current date / time: 2011/12/29 20:12:27.0736
20:12:27.0736 2504 SystemInfo:
20:12:27.0736 2504
20:12:27.0736 2504 OS Version: 6.1.7601 ServicePack: 1.0
20:12:27.0736 2504 Product type: Workstation
20:12:27.0736 2504 ComputerName: SONYUSER-VAIO
20:12:27.0736 2504 UserName: Sony User
20:12:27.0736 2504 Windows directory: C:\Windows
20:12:27.0736 2504 System windows directory: C:\Windows
20:12:27.0736 2504 Running under WOW64
20:12:27.0736 2504 Processor architecture: Intel x64
20:12:27.0736 2504 Number of processors: 2
20:12:27.0736 2504 Page size: 0x1000
20:12:27.0736 2504 Boot type: Normal boot
20:12:27.0736 2504 ============================================================
20:12:32.0557 2504 Initialize success
20:12:53.0461 4932 ============================================================
20:12:53.0461 4932 Scan started
20:12:53.0461 4932 Mode: Manual; SigCheck; TDLFS;
20:12:53.0461 4932 ============================================================
20:12:55.0052 4932 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
20:12:55.0208 4932 1394ohci - ok
20:12:55.0271 4932 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
20:12:55.0286 4932 ACPI - ok
20:12:55.0317 4932 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
20:12:55.0411 4932 AcpiPmi - ok
20:12:55.0458 4932 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
20:12:55.0505 4932 adp94xx - ok
20:12:55.0536 4932 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
20:12:55.0551 4932 adpahci - ok
20:12:55.0614 4932 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
20:12:55.0645 4932 adpu320 - ok
20:12:55.0707 4932 AFD (d5b031c308a409a0a576bff4cf083d30) C:\Windows\system32\drivers\afd.sys
20:12:55.0801 4932 AFD - ok
20:12:55.0848 4932 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
20:12:55.0879 4932 agp440 - ok
20:12:55.0895 4932 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
20:12:55.0910 4932 aliide - ok
20:12:55.0957 4932 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
20:12:55.0988 4932 amdide - ok
20:12:56.0019 4932 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
20:12:56.0097 4932 AmdK8 - ok
20:12:56.0113 4932 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
20:12:56.0175 4932 AmdPPM - ok
20:12:56.0238 4932 amdsata (6ec6d772eae38dc17c14aed9b178d24b) C:\Windows\system32\drivers\amdsata.sys
20:12:56.0269 4932 amdsata - ok
20:12:56.0300 4932 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
20:12:56.0331 4932 amdsbs - ok
20:12:56.0363 4932 amdxata (1142a21db581a84ea5597b03a26ebaa0) C:\Windows\system32\drivers\amdxata.sys
20:12:56.0378 4932 amdxata - ok
20:12:56.0487 4932 ApfiltrService (56bd886820c4aedf493cfcdf1ccfb004) C:\Windows\system32\DRIVERS\Apfiltr.sys
20:12:56.0565 4932 ApfiltrService - ok
20:12:56.0643 4932 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
20:12:56.0831 4932 AppID - ok
20:12:56.0971 4932 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
20:12:57.0002 4932 arc - ok
20:12:57.0033 4932 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
20:12:57.0065 4932 arcsas - ok
20:12:57.0111 4932 ArcSoftKsUFilter (c130bc4a51b1382b2be8e44579ec4c0a) C:\Windows\system32\DRIVERS\ArcSoftKsUFilter.sys
20:12:57.0143 4932 ArcSoftKsUFilter - ok
20:12:57.0174 4932 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
20:12:57.0377 4932 AsyncMac - ok
20:12:57.0501 4932 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
20:12:57.0517 4932 atapi - ok
20:12:57.0626 4932 athr (5d4529ac4156e16bedb01441ae0cf984) C:\Windows\system32\DRIVERS\athrx.sys
20:12:57.0751 4932 athr - ok
20:12:57.0938 4932 atikmdag (de0ede41bc530f1759c6fffcb8c7a0cf) C:\Windows\system32\DRIVERS\atikmdag.sys
20:12:58.0219 4932 atikmdag - ok
20:12:58.0375 4932 avgntflt (aa8f79a1bdfc03b3bc70c44ab00589b4) C:\Windows\system32\DRIVERS\avgntflt.sys
20:12:58.0406 4932 avgntflt - ok
20:12:58.0469 4932 avipbb (f1c9db5f7b2a56a0b29667d22ba540fc) C:\Windows\system32\DRIVERS\avipbb.sys
20:12:58.0500 4932 avipbb - ok
20:12:58.0562 4932 avkmgr (248db59fc86de44d2779f4c7fb1a567d) C:\Windows\system32\DRIVERS\avkmgr.sys
20:12:58.0578 4932 avkmgr - ok
20:12:58.0671 4932 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
20:12:58.0749 4932 b06bdrv - ok
20:12:58.0812 4932 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
20:12:58.0890 4932 b57nd60a - ok
20:12:58.0921 4932 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
20:12:59.0015 4932 Beep - ok
20:12:59.0077 4932 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
20:12:59.0108 4932 blbdrive - ok
20:12:59.0171 4932 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
20:12:59.0249 4932 bowser - ok
20:12:59.0311 4932 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
20:12:59.0405 4932 BrFiltLo - ok
20:12:59.0436 4932 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
20:12:59.0467 4932 BrFiltUp - ok
20:12:59.0514 4932 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
20:12:59.0592 4932 Brserid - ok
20:12:59.0654 4932 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
20:12:59.0701 4932 BrSerWdm - ok
20:12:59.0748 4932 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
20:12:59.0795 4932 BrUsbMdm - ok
20:12:59.0841 4932 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
20:12:59.0873 4932 BrUsbSer - ok
20:12:59.0951 4932 BthEnum (cf98190a94f62e405c8cb255018b2315) C:\Windows\system32\drivers\BthEnum.sys
20:13:00.0013 4932 BthEnum - ok
20:13:00.0060 4932 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
20:13:00.0107 4932 BTHMODEM - ok
20:13:00.0138 4932 BthPan (02dd601b708dd0667e1331fa8518e9ff) C:\Windows\system32\DRIVERS\bthpan.sys
20:13:00.0216 4932 BthPan - ok
20:13:00.0263 4932 BTHPORT (64c198198501f7560ee41d8d1efa7952) C:\Windows\System32\Drivers\BTHport.sys
20:13:00.0325 4932 BTHPORT - ok
20:13:00.0372 4932 BTHUSB (f188b7394d81010767b6df3178519a37) C:\Windows\System32\Drivers\BTHUSB.sys
20:13:00.0434 4932 BTHUSB - ok
20:13:00.0481 4932 btwaudio (6bcfdc2b5b7f66d484486d4bd4b39a6b) C:\Windows\system32\drivers\btwaudio.sys
20:13:00.0512 4932 btwaudio - ok
20:13:00.0559 4932 btwavdt (82dc8b7c626e526681c1bebed2bc3ff9) C:\Windows\system32\DRIVERS\btwavdt.sys
20:13:00.0575 4932 btwavdt - ok
20:13:00.0637 4932 btwl2cap (6149301dc3f81d6f9667a3fbac410975) C:\Windows\system32\DRIVERS\btwl2cap.sys
20:13:00.0637 4932 btwl2cap - ok
20:13:00.0668 4932 btwrchid (28e105ad3b79f440bf94780f507bf66a) C:\Windows\system32\DRIVERS\btwrchid.sys
20:13:00.0684 4932 btwrchid - ok
20:13:00.0731 4932 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
20:13:00.0809 4932 cdfs - ok
20:13:00.0871 4932 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\drivers\cdrom.sys
20:13:00.0949 4932 cdrom - ok
20:13:00.0996 4932 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
20:13:01.0089 4932 circlass - ok
20:13:01.0121 4932 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
20:13:01.0136 4932 CLFS - ok
20:13:01.0183 4932 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
20:13:01.0214 4932 CmBatt - ok
20:13:01.0261 4932 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
20:13:01.0277 4932 cmdide - ok
20:13:01.0323 4932 CNG (d5fea92400f12412b3922087c09da6a5) C:\Windows\system32\Drivers\cng.sys
20:13:01.0386 4932 CNG - ok
20:13:01.0417 4932 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
20:13:01.0448 4932 Compbatt - ok
20:13:01.0495 4932 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
20:13:01.0557 4932 CompositeBus - ok
20:13:01.0573 4932 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
20:13:01.0589 4932 crcdisk - ok
20:13:01.0698 4932 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
20:13:01.0760 4932 DfsC - ok
20:13:01.0807 4932 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
20:13:01.0869 4932 discache - ok
20:13:01.0932 4932 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
20:13:01.0963 4932 Disk - ok
20:13:02.0010 4932 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
20:13:02.0057 4932 drmkaud - ok
20:13:02.0119 4932 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
20:13:02.0150 4932 DXGKrnl - ok
20:13:02.0259 4932 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
20:13:02.0369 4932 ebdrv - ok
20:13:02.0540 4932 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
20:13:02.0571 4932 elxstor - ok
20:13:02.0634 4932 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
20:13:02.0696 4932 ErrDev - ok
20:13:02.0790 4932 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
20:13:02.0883 4932 exfat - ok
20:13:02.0961 4932 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
20:13:03.0024 4932 fastfat - ok
20:13:03.0258 4932 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
20:13:03.0305 4932 fdc - ok
20:13:03.0414 4932 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
20:13:03.0429 4932 FileInfo - ok
20:13:03.0445 4932 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
20:13:03.0507 4932 Filetrace - ok
20:13:03.0554 4932 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
20:13:03.0570 4932 flpydisk - ok
20:13:03.0632 4932 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
20:13:03.0663 4932 FltMgr - ok
20:13:03.0710 4932 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
20:13:03.0726 4932 FsDepends - ok
20:13:03.0741 4932 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
20:13:03.0757 4932 Fs_Rec - ok
20:13:03.0804 4932 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
20:13:03.0819 4932 fvevol - ok
20:13:03.0882 4932 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
20:13:03.0913 4932 gagp30kx - ok
20:13:04.0007 4932 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
20:13:04.0069 4932 hcw85cir - ok
20:13:04.0131 4932 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
20:13:04.0178 4932 HdAudAddService - ok
20:13:04.0225 4932 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
20:13:04.0272 4932 HDAudBus - ok
20:13:04.0303 4932 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
20:13:04.0350 4932 HidBatt - ok
20:13:04.0397 4932 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
20:13:04.0443 4932 HidBth - ok
20:13:04.0490 4932 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
20:13:04.0537 4932 HidIr - ok
20:13:04.0615 4932 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\drivers\hidusb.sys
20:13:04.0677 4932 HidUsb - ok
20:13:04.0740 4932 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
20:13:04.0771 4932 HpSAMD - ok
20:13:04.0833 4932 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
20:13:04.0927 4932 HTTP - ok
20:13:05.0005 4932 hwdatacard (c8f3119ad72a507d12ef389df4c266ef) C:\Windows\system32\DRIVERS\ewusbmdm.sys
20:13:05.0052 4932 hwdatacard - ok
20:13:05.0099 4932 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
20:13:05.0130 4932 hwpolicy - ok
20:13:05.0177 4932 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
20:13:05.0208 4932 i8042prt - ok
20:13:05.0270 4932 iaStor (1d004cb1da6323b1f55caef7f94b61d9) C:\Windows\system32\DRIVERS\iaStor.sys
20:13:05.0301 4932 iaStor - ok
20:13:05.0348 4932 iaStorV (3df4395a7cf8b7a72a5f4606366b8c2d) C:\Windows\system32\drivers\iaStorV.sys
20:13:05.0364 4932 iaStorV - ok
20:13:05.0551 4932 igfx (dfeaf0a1d98d397035012c8e28d1520f) C:\Windows\system32\DRIVERS\igdkmd64.sys
20:13:05.0847 4932 igfx ( UnsignedFile.Multi.Generic ) - warning
20:13:05.0847 4932 igfx - detected UnsignedFile.Multi.Generic (1)
20:13:05.0972 4932 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
20:13:05.0988 4932 iirsp - ok
20:13:06.0081 4932 IntcAzAudAddService (b16fc828ce7a76a8f1ce682e6ead2627) C:\Windows\system32\drivers\RTKVHD64.sys
20:13:06.0144 4932 IntcAzAudAddService - ok
20:13:06.0206 4932 IntcHdmiAddService (88a20fa54c73ded4e8dac764e9130ae9) C:\Windows\system32\drivers\IntcHdmi.sys
20:13:06.0222 4932 IntcHdmiAddService ( UnsignedFile.Multi.Generic ) - warning
20:13:06.0222 4932 IntcHdmiAddService - detected UnsignedFile.Multi.Generic (1)
20:13:06.0269 4932 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
20:13:06.0284 4932 intelide - ok
20:13:06.0331 4932 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
20:13:06.0378 4932 intelppm - ok
20:13:06.0456 4932 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
20:13:06.0534 4932 IpFilterDriver - ok
20:13:06.0565 4932 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
20:13:06.0581 4932 IPMIDRV - ok
20:13:06.0643 4932 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
20:13:06.0721 4932 IPNAT - ok
20:13:06.0768 4932 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
20:13:06.0799 4932 IRENUM - ok
20:13:06.0846 4932 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
20:13:06.0877 4932 isapnp - ok
20:13:06.0924 4932 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
20:13:06.0955 4932 iScsiPrt - ok
20:13:06.0986 4932 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys
20:13:07.0002 4932 kbdclass - ok
20:13:07.0049 4932 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys
20:13:07.0095 4932 kbdhid - ok
20:13:07.0142 4932 KSecDD (ccd53b5bd33ce0c889e830d839c8b66e) C:\Windows\system32\Drivers\ksecdd.sys
20:13:07.0158 4932 KSecDD - ok
20:13:07.0205 4932 KSecPkg (9ff918a261752c12639e8ad4208d2c2f) C:\Windows\system32\Drivers\ksecpkg.sys
20:13:07.0236 4932 KSecPkg - ok
20:13:07.0267 4932 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
20:13:07.0345 4932 ksthunk - ok
20:13:07.0407 4932 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
20:13:07.0485 4932 lltdio - ok
20:13:07.0532 4932 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
20:13:07.0548 4932 LSI_FC - ok
20:13:07.0579 4932 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
20:13:07.0595 4932 LSI_SAS - ok
20:13:07.0641 4932 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
20:13:07.0657 4932 LSI_SAS2 - ok
20:13:07.0688 4932 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
20:13:07.0704 4932 LSI_SCSI - ok
20:13:07.0766 4932 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
20:13:07.0829 4932 luafv - ok
20:13:07.0891 4932 MBAMProtector (79da94b35371b9e7104460c7693dcb2c) C:\Windows\system32\drivers\mbam.sys
20:13:07.0907 4932 MBAMProtector - ok
20:13:07.0953 4932 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
20:13:07.0985 4932 megasas - ok
20:13:08.0016 4932 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
20:13:08.0063 4932 MegaSR - ok
20:13:08.0125 4932 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
20:13:08.0172 4932 Modem - ok
20:13:08.0203 4932 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
20:13:08.0250 4932 monitor - ok
20:13:08.0312 4932 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\drivers\mouclass.sys
20:13:08.0343 4932 mouclass - ok
20:13:08.0390 4932 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
20:13:08.0437 4932 mouhid - ok
20:13:08.0484 4932 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
20:13:08.0515 4932 mountmgr - ok
20:13:08.0562 4932 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
20:13:08.0593 4932 mpio - ok
20:13:08.0640 4932 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
20:13:08.0733 4932 mpsdrv - ok
20:13:08.0780 4932 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
20:13:08.0889 4932 MRxDAV - ok
20:13:08.0921 4932 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
20:13:08.0983 4932 mrxsmb - ok
20:13:09.0014 4932 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
20:13:09.0061 4932 mrxsmb10 - ok
20:13:09.0108 4932 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
20:13:09.0123 4932 mrxsmb20 - ok
20:13:09.0170 4932 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
20:13:09.0186 4932 msahci - ok
20:13:09.0217 4932 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
20:13:09.0248 4932 msdsm - ok
20:13:09.0295 4932 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
20:13:09.0357 4932 Msfs - ok
20:13:09.0389 4932 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
20:13:09.0435 4932 mshidkmdf - ok
20:13:09.0482 4932 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
20:13:09.0498 4932 msisadrv - ok
20:13:09.0545 4932 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
20:13:09.0623 4932 MSKSSRV - ok
20:13:09.0654 4932 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
20:13:09.0716 4932 MSPCLOCK - ok
20:13:09.0747 4932 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
20:13:09.0841 4932 MSPQM - ok
20:13:09.0888 4932 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
20:13:09.0919 4932 MsRPC - ok
20:13:09.0966 4932 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
20:13:09.0981 4932 mssmbios - ok
20:13:09.0997 4932 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
20:13:10.0059 4932 MSTEE - ok
20:13:10.0106 4932 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
20:13:10.0153 4932 MTConfig - ok
20:13:10.0184 4932 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
20:13:10.0215 4932 Mup - ok
20:13:10.0278 4932 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
20:13:10.0340 4932 NativeWifiP - ok
20:13:10.0418 4932 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
20:13:10.0449 4932 NDIS - ok
20:13:10.0496 4932 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
20:13:10.0527 4932 NdisCap - ok
20:13:10.0574 4932 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
20:13:10.0637 4932 NdisTapi - ok
20:13:10.0683 4932 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
20:13:10.0746 4932 Ndisuio - ok
20:13:10.0808 4932 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
20:13:10.0886 4932 NdisWan - ok
20:13:10.0917 4932 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
20:13:10.0995 4932 NDProxy - ok
20:13:11.0058 4932 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
20:13:11.0136 4932 NetBIOS - ok
20:13:11.0183 4932 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
20:13:11.0229 4932 NetBT - ok
20:13:11.0401 4932 netw5v64 (705283c02177809ca9fa7cc58a4f1e77) C:\Windows\system32\DRIVERS\netw5v64.sys
20:13:11.0635 4932 netw5v64 - ok
20:13:11.0744 4932 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
20:13:11.0760 4932 nfrd960 - ok
20:13:11.0822 4932 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
20:13:11.0900 4932 Npfs - ok
20:13:11.0931 4932 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
20:13:11.0978 4932 nsiproxy - ok
20:13:12.0056 4932 Ntfs (05d78aa5cb5f3f5c31160bdb955d0b7c) C:\Windows\system32\drivers\Ntfs.sys
20:13:12.0119 4932 Ntfs - ok
20:13:12.0134 4932 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
20:13:12.0181 4932 Null - ok
20:13:12.0243 4932 nvraid (5d9fd91f3d38dc9da01e3cb5fa89cd48) C:\Windows\system32\drivers\nvraid.sys
20:13:12.0275 4932 nvraid - ok
20:13:12.0290 4932 nvstor (f7cd50fe7139f07e77da8ac8033d1832) C:\Windows\system32\drivers\nvstor.sys
20:13:12.0306 4932 nvstor - ok
20:13:12.0337 4932 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
20:13:12.0353 4932 nv_agp - ok
20:13:12.0399 4932 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
20:13:12.0431 4932 ohci1394 - ok
20:13:12.0493 4932 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
20:13:12.0524 4932 Parport - ok
20:13:12.0571 4932 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
20:13:12.0602 4932 partmgr - ok
20:13:12.0680 4932 pccsmcfd (bc0018c2d29f655188a0ed3fa94fdb24) C:\Windows\system32\DRIVERS\pccsmcfdx64.sys
20:13:12.0758 4932 pccsmcfd - ok
20:13:12.0805 4932 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
20:13:12.0836 4932 pci - ok
20:13:12.0852 4932 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
20:13:12.0867 4932 pciide - ok
20:13:12.0899 4932 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
20:13:12.0914 4932 pcmcia - ok
20:13:12.0961 4932 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
20:13:12.0977 4932 pcw - ok
20:13:13.0008 4932 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
20:13:13.0070 4932 PEAUTH - ok
20:13:13.0179 4932 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
20:13:13.0242 4932 PptpMiniport - ok
20:13:13.0289 4932 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
20:13:13.0335 4932 Processor - ok
20:13:13.0398 4932 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
20:13:13.0476 4932 Psched - ok
20:13:13.0523 4932 PxHlpa64 (87b04878a6d59d6c79251dc960c674c1) C:\Windows\system32\Drivers\PxHlpa64.sys
20:13:13.0538 4932 PxHlpa64 - ok
20:13:13.0601 4932 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
20:13:13.0647 4932 ql2300 - ok
20:13:13.0679 4932 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
20:13:13.0694 4932 ql40xx - ok
20:13:13.0741 4932 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
20:13:13.0788 4932 QWAVEdrv - ok
20:13:13.0819 4932 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
20:13:13.0866 4932 RasAcd - ok
20:13:13.0913 4932 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
20:13:13.0944 4932 RasAgileVpn - ok
20:13:14.0006 4932 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
20:13:14.0069 4932 Rasl2tp - ok
20:13:14.0115 4932 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
20:13:14.0193 4932 RasPppoe - ok
20:13:14.0209 4932 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
20:13:14.0256 4932 RasSstp - ok
20:13:14.0318 4932 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
20:13:14.0412 4932 rdbss - ok
20:13:14.0443 4932 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
20:13:14.0505 4932 rdpbus - ok
20:13:14.0521 4932 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
20:13:14.0568 4932 RDPCDD - ok
20:13:14.0599 4932 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
20:13:14.0661 4932 RDPENCDD - ok
20:13:14.0693 4932 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
20:13:14.0724 4932 RDPREFMP - ok
20:13:14.0771 4932 RDPWD (15b66c206b5cb095bab980553f38ed23) C:\Windows\system32\drivers\RDPWD.sys
20:13:14.0817 4932 RDPWD - ok
20:13:14.0864 4932 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
20:13:14.0911 4932 rdyboost - ok
20:13:14.0942 4932 RFCOMM (3dd798846e2c28102b922c56e71b7932) C:\Windows\system32\DRIVERS\rfcomm.sys
20:13:14.0989 4932 RFCOMM - ok
20:13:15.0036 4932 rimsptsk (258aadb43e3f3468b5cf8cb0f84872c2) C:\Windows\system32\DRIVERS\rimssn64.sys
20:13:15.0098 4932 rimsptsk - ok
20:13:15.0145 4932 risdptsk (71e182a0de1cecb3f912960716345405) C:\Windows\system32\DRIVERS\risdsn64.sys
20:13:15.0207 4932 risdptsk - ok
20:13:15.0254 4932 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
20:13:15.0317 4932 rspndr - ok
20:13:15.0379 4932 RTHDMIAzAudService (34f05c417f038ffa3bef69b798d7d7dd) C:\Windows\system32\drivers\RtHDMIVX.sys
20:13:15.0457 4932 RTHDMIAzAudService - ok
20:13:15.0504 4932 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
20:13:15.0535 4932 sbp2port - ok
20:13:15.0582 4932 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
20:13:15.0660 4932 scfilter - ok
20:13:15.0738 4932 sdbus (111e0ebc0ad79cb0fa014b907b231cf0) C:\Windows\system32\drivers\sdbus.sys
20:13:15.0785 4932 sdbus - ok
20:13:15.0831 4932 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
20:13:15.0878 4932 secdrv - ok
20:13:15.0925 4932 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
20:13:15.0956 4932 Serenum - ok
20:13:15.0987 4932 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
20:13:16.0034 4932 Serial - ok
20:13:16.0097 4932 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
20:13:16.0128 4932 sermouse - ok
20:13:16.0206 4932 SFEP (70f9c476b62de4f2823e918a6c181ade) C:\Windows\system32\DRIVERS\SFEP.sys
20:13:16.0253 4932 SFEP - ok
20:13:16.0299 4932 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
20:13:16.0346 4932 sffdisk - ok
20:13:16.0362 4932 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
20:13:16.0393 4932 sffp_mmc - ok
20:13:16.0409 4932 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
20:13:16.0424 4932 sffp_sd - ok
20:13:16.0487 4932 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
20:13:16.0533 4932 sfloppy - ok
20:13:16.0611 4932 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
20:13:16.0643 4932 SiSRaid2 - ok
20:13:16.0674 4932 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
20:13:16.0689 4932 SiSRaid4 - ok
20:13:16.0736 4932 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
20:13:16.0814 4932 Smb - ok
20:13:16.0877 4932 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
20:13:16.0892 4932 spldr - ok
20:13:16.0955 4932 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
20:13:17.0033 4932 srv - ok
20:13:17.0064 4932 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
20:13:17.0111 4932 srv2 - ok
20:13:17.0173 4932 SrvHsfHDA (0c4540311e11664b245a263e1154cef8) C:\Windows\system32\DRIVERS\VSTAZL6.SYS
20:13:17.0220 4932 SrvHsfHDA - ok
20:13:17.0251 4932 SrvHsfV92 (02071d207a9858fbe3a48cbfd59c4a04) C:\Windows\system32\DRIVERS\VSTDPV6.SYS
20:13:17.0313 4932 SrvHsfV92 - ok
20:13:17.0360 4932 SrvHsfWinac (18e40c245dbfaf36fd0134a7ef2df396) C:\Windows\system32\DRIVERS\VSTCNXT6.SYS
20:13:17.0391 4932 SrvHsfWinac - ok
20:13:17.0438 4932 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
20:13:17.0485 4932 srvnet - ok
20:13:17.0532 4932 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
20:13:17.0563 4932 stexstor - ok
20:13:17.0610 4932 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
20:13:17.0625 4932 swenum - ok
20:13:17.0781 4932 Tcpip (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys
20:13:17.0875 4932 Tcpip - ok
20:13:17.0984 4932 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys
20:13:18.0047 4932 TCPIP6 - ok
20:13:18.0093 4932 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
20:13:18.0140 4932 tcpipreg - ok
20:13:18.0187 4932 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
20:13:18.0218 4932 TDPIPE - ok
20:13:18.0234 4932 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
20:13:18.0281 4932 TDTCP - ok
20:13:18.0327 4932 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
20:13:18.0374 4932 tdx - ok
20:13:18.0421 4932 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
20:13:18.0437 4932 TermDD - ok
20:13:18.0499 4932 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
20:13:18.0561 4932 tssecsrv - ok
20:13:18.0608 4932 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
20:13:18.0655 4932 TsUsbFlt - ok
20:13:18.0717 4932 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
20:13:18.0795 4932 tunnel - ok
20:13:18.0827 4932 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
20:13:18.0858 4932 uagp35 - ok
20:13:18.0936 4932 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
20:13:18.0998 4932 udfs - ok
20:13:19.0045 4932 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
20:13:19.0061 4932 uliagpkx - ok
20:13:19.0107 4932 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
20:13:19.0123 4932 umbus - ok
20:13:19.0154 4932 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
20:13:19.0185 4932 UmPass - ok
20:13:19.0232 4932 usbccgp (481dff26b4dca8f4cbac1f7dce1d6829) C:\Windows\system32\drivers\usbccgp.sys
20:13:19.0279 4932 usbccgp - ok
20:13:19.0341 4932 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
20:13:19.0404 4932 usbcir - ok
20:13:19.0451 4932 usbehci (74ee782b1d9c241efe425565854c661c) C:\Windows\system32\drivers\usbehci.sys
20:13:19.0497 4932 usbehci - ok
20:13:19.0529 4932 usbhub (dc96bd9ccb8403251bcf25047573558e) C:\Windows\system32\drivers\usbhub.sys
20:13:19.0575 4932 usbhub - ok
20:13:19.0607 4932 usbohci (58e546bbaf87664fc57e0f6081e4f609) C:\Windows\system32\drivers\usbohci.sys
20:13:19.0622 4932 usbohci - ok
20:13:19.0653 4932 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
20:13:19.0700 4932 usbprint - ok
20:13:19.0778 4932 usbser (0f0c72a657c622286013788b886968ad) C:\Windows\system32\drivers\usbser.sys
20:13:19.0825 4932 usbser - ok
20:13:19.0872 4932 USBSTOR (d76510cfa0fc09023077f22c2f979d86) C:\Windows\system32\drivers\USBSTOR.SYS
20:13:19.0919 4932 USBSTOR - ok
20:13:19.0965 4932 usbuhci (81fb2216d3a60d1284455d511797db3d) C:\Windows\system32\drivers\usbuhci.sys
20:13:19.0981 4932 usbuhci - ok
20:13:20.0028 4932 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\System32\Drivers\usbvideo.sys
20:13:20.0059 4932 usbvideo - ok
20:13:20.0137 4932 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
20:13:20.0168 4932 vdrvroot - ok
20:13:20.0199 4932 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
20:13:20.0231 4932 vga - ok
20:13:20.0246 4932 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
20:13:20.0324 4932 VgaSave - ok
20:13:20.0371 4932 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
20:13:20.0402 4932 vhdmp - ok
20:13:20.0449 4932 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
20:13:20.0465 4932 viaide - ok
20:13:20.0496 4932 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
20:13:20.0511 4932 volmgr - ok
20:13:20.0558 4932 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
20:13:20.0589 4932 volmgrx - ok
20:13:20.0621 4932 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
20:13:20.0636 4932 volsnap - ok
20:13:20.0683 4932 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
20:13:20.0699 4932 vsmraid - ok
20:13:20.0745 4932 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
20:13:20.0777 4932 vwifibus - ok
20:13:20.0792 4932 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
20:13:20.0808 4932 vwififlt - ok
20:13:20.0855 4932 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
20:13:20.0901 4932 WacomPen - ok
20:13:20.0964 4932 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
20:13:21.0042 4932 WANARP - ok
20:13:21.0042 4932 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
20:13:21.0089 4932 Wanarpv6 - ok
20:13:21.0135 4932 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
20:13:21.0167 4932 Wd - ok
20:13:21.0198 4932 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
20:13:21.0245 4932 Wdf01000 - ok
20:13:21.0291 4932 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
20:13:21.0323 4932 WfpLwf - ok
20:13:21.0354 4932 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
20:13:21.0369 4932 WIMMount - ok
20:13:21.0463 4932 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
20:13:21.0510 4932 WinUsb - ok
20:13:21.0572 4932 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
20:13:21.0603 4932 WmiAcpi - ok
20:13:21.0650 4932 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
20:13:21.0681 4932 ws2ifsl - ok
20:13:21.0728 4932 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
20:13:21.0791 4932 WudfPf - ok
20:13:21.0822 4932 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
20:13:21.0869 4932 WUDFRd - ok
20:13:21.0947 4932 yukonw7 (6affd75c6807b3dd3ab018e27b88ef95) C:\Windows\system32\DRIVERS\yk62x64.sys
20:13:22.0025 4932 yukonw7 - ok
20:13:22.0071 4932 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
20:13:22.0243 4932 \Device\Harddisk0\DR0 - ok
20:13:22.0243 4932 Boot (0x1200) (6c8ada99bd4e47d432ebc96f110acc66) \Device\Harddisk0\DR0\Partition0
20:13:22.0243 4932 \Device\Harddisk0\DR0\Partition0 - ok
20:13:22.0274 4932 Boot (0x1200) (b2d3c31b89ecd5dc62caceed0ddcce08) \Device\Harddisk0\DR0\Partition1
20:13:22.0274 4932 \Device\Harddisk0\DR0\Partition1 - ok
20:13:22.0274 4932 ============================================================
20:13:22.0274 4932 Scan finished
20:13:22.0274 4932 ============================================================
20:13:22.0305 4948 Detected object count: 2
20:13:22.0305 4948 Actual detected object count: 2
|
|
| Themen zu Malewarebytes Antimalware stoppt "svchost.exe" ip :82.98.97.183 bis 82.98.97.205 |
| .dll, autorun, avast, avg, bho, c:\windows\system32\services.exe, converter, desktop, dllhost.exe, error, eudora, firefox, home, internet, langs, logfile, mbamservice.exe, mp3, nodrives, nt.dll, ntdll.dll, programm, prozesse, realtek, registry, rundll, sched.exe, senden, services.exe, software, studio, svchost.exe, verweise, warnung, windows, wuauclt.exe |
Textbox von OTL - wenn OTL auf deutsch ist wird sie mit 
beschriftet
.
