![]() |
|
Log-Analyse und Auswertung: Malewarebytes Antimalware stoppt "svchost.exe" ip :82.98.97.183 bis 82.98.97.205Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
![]() | #1 |
![]() ![]() | ![]() Malewarebytes Antimalware stoppt "svchost.exe" ip :82.98.97.183 bis 82.98.97.205 Hallo, Antimalware stoppt immer den zugriff auf "svchost.exe" Dieses geschiet ca alle 10 Minuten. Antivir Code:
ATTFilter Avira Free Antivirus Erstellungsdatum der Reportdatei: Sonntag, 25. Dezember 2011 23:39 Es wird nach 2970283 Virenstämmen gesucht. Das Programm läuft als uneingeschränkte Vollversion. Online-Dienste stehen zur Verfügung. Lizenznehmer : Avira AntiVir Personal - Free Antivirus Seriennummer : 0000149996-ADJIE-0000001 Plattform : Windows 7 x64 Windowsversion : (plain) [6.1.7600] Boot Modus : Normal gebootet Benutzername : Sony User Computername : SONYUSER-VAIO Versionsinformationen: BUILD.DAT : 12.0.0.872 41826 Bytes 15.12.2011 16:24:00 AVSCAN.EXE : 12.1.0.18 490448 Bytes 15.12.2011 13:59:39 AVSCAN.DLL : 12.1.0.17 65744 Bytes 15.12.2011 13:59:56 LUKE.DLL : 12.1.0.17 68304 Bytes 15.12.2011 13:59:47 AVSCPLR.DLL : 12.1.0.21 99536 Bytes 15.12.2011 13:59:39 AVREG.DLL : 12.1.0.27 227536 Bytes 15.12.2011 13:59:38 VBASE000.VDF : 7.10.0.0 19875328 Bytes 06.11.2009 18:18:34 VBASE001.VDF : 7.11.0.0 13342208 Bytes 14.12.2010 23:31:49 VBASE002.VDF : 7.11.19.170 14374912 Bytes 20.12.2011 21:08:17 VBASE003.VDF : 7.11.19.171 2048 Bytes 20.12.2011 21:08:17 VBASE004.VDF : 7.11.19.172 2048 Bytes 20.12.2011 21:08:17 VBASE005.VDF : 7.11.19.173 2048 Bytes 20.12.2011 21:08:17 VBASE006.VDF : 7.11.19.174 2048 Bytes 20.12.2011 21:08:17 VBASE007.VDF : 7.11.19.175 2048 Bytes 20.12.2011 21:08:17 VBASE008.VDF : 7.11.19.176 2048 Bytes 20.12.2011 21:08:18 VBASE009.VDF : 7.11.19.177 2048 Bytes 20.12.2011 21:08:18 VBASE010.VDF : 7.11.19.178 2048 Bytes 20.12.2011 21:08:18 VBASE011.VDF : 7.11.19.179 2048 Bytes 20.12.2011 21:08:18 VBASE012.VDF : 7.11.19.180 2048 Bytes 20.12.2011 21:08:18 VBASE013.VDF : 7.11.19.217 182784 Bytes 22.12.2011 21:08:18 VBASE014.VDF : 7.11.19.255 148480 Bytes 24.12.2011 21:08:19 VBASE015.VDF : 7.11.20.0 2048 Bytes 24.12.2011 21:08:19 VBASE016.VDF : 7.11.20.1 2048 Bytes 24.12.2011 21:08:19 VBASE017.VDF : 7.11.20.2 2048 Bytes 24.12.2011 21:08:19 VBASE018.VDF : 7.11.20.3 2048 Bytes 24.12.2011 21:08:19 VBASE019.VDF : 7.11.20.4 2048 Bytes 24.12.2011 21:08:19 VBASE020.VDF : 7.11.20.5 2048 Bytes 24.12.2011 21:08:19 VBASE021.VDF : 7.11.20.6 2048 Bytes 24.12.2011 21:08:19 VBASE022.VDF : 7.11.20.7 2048 Bytes 24.12.2011 21:08:19 VBASE023.VDF : 7.11.20.8 2048 Bytes 24.12.2011 21:08:19 VBASE024.VDF : 7.11.20.9 2048 Bytes 24.12.2011 21:08:19 VBASE025.VDF : 7.11.20.10 2048 Bytes 24.12.2011 21:08:19 VBASE026.VDF : 7.11.20.11 2048 Bytes 24.12.2011 21:08:19 VBASE027.VDF : 7.11.20.12 2048 Bytes 24.12.2011 21:08:19 VBASE028.VDF : 7.11.20.13 2048 Bytes 24.12.2011 21:08:19 VBASE029.VDF : 7.11.20.14 2048 Bytes 24.12.2011 21:08:19 VBASE030.VDF : 7.11.20.15 2048 Bytes 24.12.2011 21:08:19 VBASE031.VDF : 7.11.20.18 81920 Bytes 25.12.2011 21:08:20 Engineversion : 8.2.8.8 AEVDF.DLL : 8.1.2.2 106868 Bytes 15.12.2011 13:59:36 AESCRIPT.DLL : 8.1.3.92 495996 Bytes 25.12.2011 21:08:24 AESCN.DLL : 8.1.7.2 127349 Bytes 14.12.2011 23:31:02 AESBX.DLL : 8.2.4.5 434549 Bytes 15.12.2011 13:59:35 AERDL.DLL : 8.1.9.15 639348 Bytes 14.12.2011 23:31:02 AEPACK.DLL : 8.2.15.1 770423 Bytes 15.12.2011 13:59:35 AEOFFICE.DLL : 8.1.2.24 201084 Bytes 25.12.2011 21:08:23 AEHEUR.DLL : 8.1.3.8 4231543 Bytes 25.12.2011 21:08:23 AEHELP.DLL : 8.1.18.0 254327 Bytes 15.12.2011 13:59:31 AEGEN.DLL : 8.1.5.17 405877 Bytes 15.12.2011 13:59:31 AEEMU.DLL : 8.1.3.0 393589 Bytes 14.12.2011 23:30:58 AECORE.DLL : 8.1.24.2 201080 Bytes 25.12.2011 21:08:20 AEBB.DLL : 8.1.1.0 53618 Bytes 14.12.2011 23:30:58 AVWINLL.DLL : 12.1.0.17 27344 Bytes 15.12.2011 13:59:41 AVPREF.DLL : 12.1.0.17 51920 Bytes 15.12.2011 13:59:38 AVREP.DLL : 12.1.0.17 179408 Bytes 15.12.2011 13:59:38 AVARKT.DLL : 12.1.0.19 208848 Bytes 15.12.2011 13:59:36 AVEVTLOG.DLL : 12.1.0.17 169168 Bytes 15.12.2011 13:59:37 SQLITE3.DLL : 3.7.0.0 398288 Bytes 15.12.2011 13:59:50 AVSMTP.DLL : 12.1.0.17 62928 Bytes 15.12.2011 13:59:39 NETNT.DLL : 12.1.0.17 17104 Bytes 15.12.2011 13:59:47 RCIMAGE.DLL : 12.1.0.17 4447952 Bytes 15.12.2011 13:59:58 RCTEXT.DLL : 12.1.0.16 98512 Bytes 15.12.2011 13:59:59 Konfiguration für den aktuellen Suchlauf: Job Name..............................: Lokale Laufwerke Konfigurationsdatei...................: C:\Program Files (x86)\Avira\AntiVir Desktop\alldrives.avp Protokollierung.......................: standard Primäre Aktion........................: löschen Sekundäre Aktion......................: löschen Durchsuche Masterbootsektoren.........: ein Durchsuche Bootsektoren...............: ein Bootsektoren..........................: C:, D:, E:, F:, Durchsuche aktive Programme...........: ein Durchsuche Registrierung..............: ein Suche nach Rootkits...................: ein Integritätsprüfung von Systemdateien..: ein Datei Suchmodus.......................: Alle Dateien Durchsuche Archive....................: ein Rekursionstiefe einschränken..........: 20 Archiv Smart Extensions...............: ein Abweichende Archivtypen...............: +BSD Mailbox, +Netscape/Mozilla Mailbox, +Eudora Mailbox, +Squid cache, +Pegasus Mailbox, +MS Outlook Mailbox, +ISO 9660, Makrovirenheuristik...................: ein Dateiheuristik........................: vollständig Abweichende Gefahrenkategorien........: +APPL,+GAME,+JOKE,+PCK,+PFS,+SPR, Beginn des Suchlaufs: Sonntag, 25. Dezember 2011 23:39 Der Suchlauf über die Masterbootsektoren wird begonnen: Masterbootsektor HD0 [INFO] Es wurde kein Virus gefunden! Masterbootsektor HD1 [INFO] Es wurde kein Virus gefunden! Masterbootsektor HD2 [INFO] Es wurde kein Virus gefunden! Der Suchlauf über die Bootsektoren wird begonnen: Bootsektor 'C:\' [INFO] Es wurde kein Virus gefunden! Bootsektor 'D:\' [INFO] Im Laufwerk 'D:\' ist kein Datenträger eingelegt! Bootsektor 'E:\' [INFO] Im Laufwerk 'E:\' ist kein Datenträger eingelegt! Der Suchlauf nach versteckten Objekten wird begonnen. Der Suchlauf über gestartete Prozesse wird begonnen: Durchsuche Prozess 'avscan.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'avcenter.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'mbamgui.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'mbamservice.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'avgnt.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'sched.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'avguard.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'AdobeARM.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'VCSW.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'ISBMgr.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'VESMgrSub.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'VMCService.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'DllHost.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'VzCdbSvc.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'VCFw.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'VESMgr.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'uCamMonitor.exe' - '1' Modul(e) wurden durchsucht Untersuchung der Systemdateien wird begonnen: Signiert -> 'C:\Windows\system32\svchost.exe' Signiert -> 'C:\Windows\system32\winlogon.exe' Signiert -> 'C:\Windows\explorer.exe' Signiert -> 'C:\Windows\system32\smss.exe' Signiert -> 'C:\Windows\system32\wininet.DLL' Signiert -> 'C:\Windows\system32\wsock32.DLL' Signiert -> 'C:\Windows\system32\ws2_32.DLL' Signiert -> 'C:\Windows\system32\services.exe' Signiert -> 'C:\Windows\system32\lsass.exe' Signiert -> 'C:\Windows\system32\csrss.exe' Signiert -> 'C:\Windows\system32\drivers\kbdclass.sys' Signiert -> 'C:\Windows\system32\spoolsv.exe' Signiert -> 'C:\Windows\system32\alg.exe' Signiert -> 'C:\Windows\system32\wuauclt.exe' Signiert -> 'C:\Windows\system32\advapi32.DLL' Signiert -> 'C:\Windows\system32\user32.DLL' Signiert -> 'C:\Windows\system32\gdi32.DLL' Signiert -> 'C:\Windows\system32\kernel32.DLL' Signiert -> 'C:\Windows\system32\ntdll.DLL' Signiert -> 'C:\Windows\system32\ntoskrnl.exe' Signiert -> 'C:\Windows\system32\ctfmon.exe' Die Systemdateien wurden durchsucht ('21' Dateien) Der Suchlauf auf Verweise zu ausführbaren Dateien (Registry) wird begonnen: Die Registry wurde durchsucht ( '2857' Dateien ). Der Suchlauf über die ausgewählten Dateien wird begonnen: Beginne mit der Suche in 'C:\' C:\Users\Sony User\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KTDI2CKT\wlsetup-all.exe [0] Archivtyp: Portable Executable Resource --> object [1] Archivtyp: CAB (Microsoft) --> WriterProdLang.7z [2] Archivtyp: 7-Zip --> WriterProdLang.cab [3] Archivtyp: CAB (Microsoft) --> writerprodlang.msi [WARNUNG] Die Datei konnte nicht gelesen werden! --> object [1] Archivtyp: CAB (Microsoft) --> LanguageSelector64.7z [2] Archivtyp: 7-Zip --> LanguageSelector64.cab [3] Archivtyp: CAB (Microsoft) --> LanguageSelector64.msi [WARNUNG] Die Datei konnte nicht gelesen werden! C:\Users\Sony User\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\12\1dd6a40c-251ef117 [0] Archivtyp: ZIP --> ________vload.class [FUND] Enthält Erkennungsmuster des Exploits EXP/CVE-2008-5353.KM --> vmain.class [FUND] Enthält Erkennungsmuster des Exploits EXP/CVE-2008-5353.ND [HINWEIS] Eine Sicherungskopie wurde unter dem Namen 4944268e.qua erstellt ( QUARANTÄNE ) [HINWEIS] Die Datei wurde gelöscht. C:\Users\Sony User\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\18\105e14d2-140a64fd [0] Archivtyp: ZIP --> Base64cod.class [FUND] Enthält Erkennungsmuster des Java-Virus JAVA/Dldr.Small.hej --> Googles.class [FUND] Enthält Erkennungsmuster des Java-Virus JAVA/Agent.F.18035 [HINWEIS] Eine Sicherungskopie wurde unter dem Namen 51a4091d.qua erstellt ( QUARANTÄNE ) [HINWEIS] Die Datei wurde gelöscht. C:\Users\Sony User\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\23\160ba957-7a18bb26 [0] Archivtyp: ZIP --> ________vload.class [FUND] Enthält Erkennungsmuster des Java-Virus JAVA/Agent.AH --> vmain.class [FUND] Enthält Erkennungsmuster des Exploits EXP/CVE-2008-5353.PA [HINWEIS] Eine Sicherungskopie wurde unter dem Namen 03f053fc.qua erstellt ( QUARANTÄNE ) [HINWEIS] Die Datei wurde gelöscht. C:\Users\Sony User\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\25\cf0c019-64d6e84d [0] Archivtyp: ZIP --> sunos/Globales.class [FUND] Enthält Erkennungsmuster des Java-Virus JAVA/SystemSpy.A.1 --> sunos/Manuals.class [FUND] Enthält Erkennungsmuster des Java-Virus JAVA/ClassLoad.AF --> sunos/Support.class [FUND] Enthält Erkennungsmuster des Java-Virus JAVA/ClassLo.AF.1.B [HINWEIS] Eine Sicherungskopie wurde unter dem Namen 65c71c09.qua erstellt ( QUARANTÄNE ) [HINWEIS] Die Datei wurde gelöscht. C:\Users\Sony User\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\28\68a9cc5c-188bb89d [0] Archivtyp: ZIP --> ________vload.class [FUND] Enthält Erkennungsmuster des Java-Virus JAVA/Agent.AH --> vmain.class [FUND] Enthält Erkennungsmuster des Exploits EXP/CVE-2008-5353.PA [HINWEIS] Eine Sicherungskopie wurde unter dem Namen 203c3119.qua erstellt ( QUARANTÄNE ) [HINWEIS] Die Datei wurde gelöscht. C:\Users\Sony User\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\33\30feb821-7be8da52 [0] Archivtyp: ZIP --> ________vload.class [FUND] Enthält Erkennungsmuster des Exploits EXP/CVE-2008-5353.KM --> vmain.class [FUND] Enthält Erkennungsmuster des Exploits EXP/CVE-2008-5353.ND [HINWEIS] Eine Sicherungskopie wurde unter dem Namen 5f220364.qua erstellt ( QUARANTÄNE ) [HINWEIS] Die Datei wurde gelöscht. C:\Users\Sony User\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\37\170f8765-23c4db87 [0] Archivtyp: ZIP --> vmain.class [FUND] Enthält Erkennungsmuster des Java-Virus JAVA/Agent.AL.3 [HINWEIS] Eine Sicherungskopie wurde unter dem Namen 13e02f37.qua erstellt ( QUARANTÄNE ) [HINWEIS] Die Datei wurde gelöscht. C:\Users\Sony User\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\38\706b3426-4717d0eb [0] Archivtyp: ZIP --> bpac/a$1.class [FUND] Enthält Erkennungsmuster des Exploits EXP/Java.EG --> bpac/a.class [FUND] Enthält Erkennungsmuster des Java-Virus JAVA/OpenConnect.CF --> bpac/b.class [FUND] Enthält Erkennungsmuster des Exploits EXP/CVE-2010-0840.L --> bpac/KAVS.class [FUND] Enthält Erkennungsmuster des Exploits EXP/CVE-2010-0840.BB [HINWEIS] Eine Sicherungskopie wurde unter dem Namen 6ff26f7e.qua erstellt ( QUARANTÄNE ) [HINWEIS] Die Datei wurde gelöscht. C:\Users\Sony User\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\49\1eff1eb1-611bcd93 [0] Archivtyp: ZIP --> vmain.class [FUND] Enthält Erkennungsmuster des Exploits EXP/CVE-2009-3867.GC [HINWEIS] Eine Sicherungskopie wurde unter dem Namen 42d840fc.qua erstellt ( QUARANTÄNE ) [HINWEIS] Die Datei wurde gelöscht. C:\Users\Sony User\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\52\31bba1f4-4fcf4f20 [0] Archivtyp: ZIP --> vmain.class [FUND] Enthält Erkennungsmuster des Exploits EXP/CVE-2009-3867.GC [HINWEIS] Eine Sicherungskopie wurde unter dem Namen 5bb47baa.qua erstellt ( QUARANTÄNE ) [HINWEIS] Die Datei wurde gelöscht. C:\Users\Sony User\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\53\42441975-3ff5bb5f [0] Archivtyp: ZIP --> vmain.class [FUND] Enthält Erkennungsmuster des Exploits EXP/CVE-2009-3867.EH [HINWEIS] Eine Sicherungskopie wurde unter dem Namen 379a5784.qua erstellt ( QUARANTÄNE ) [HINWEIS] Die Datei wurde gelöscht. C:\Users\Sony User\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\58\d552d7a-448cf279 [0] Archivtyp: ZIP --> vmain.class [FUND] Enthält Erkennungsmuster des Java-Virus JAVA/Agent.AL.3 [HINWEIS] Eine Sicherungskopie wurde unter dem Namen 46246e12.qua erstellt ( QUARANTÄNE ) [HINWEIS] Die Datei wurde gelöscht. C:\Users\Sony User\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\59\4eb49b7b-6939d3d5 [0] Archivtyp: ZIP --> sunny/MyFiles.class [FUND] Enthält Erkennungsmuster des Java-Virus JAVA/Dldr.Age.3159 [HINWEIS] Eine Sicherungskopie wurde unter dem Namen 484b5e05.qua erstellt ( QUARANTÄNE ) [HINWEIS] Die Datei wurde gelöscht. Beginne mit der Suche in 'D:\' Der zu durchsuchende Pfad D:\ konnte nicht geöffnet werden! Systemfehler [21]: Das Gerät ist nicht bereit. Beginne mit der Suche in 'E:\' Der zu durchsuchende Pfad E:\ konnte nicht geöffnet werden! Systemfehler [21]: Das Gerät ist nicht bereit. Beginne mit der Suche in 'F:\' Der zu durchsuchende Pfad F:\ konnte nicht geöffnet werden! Systemfehler [21]: Das Gerät ist nicht bereit. Ende des Suchlaufs: Montag, 26. Dezember 2011 00:27 Benötigte Zeit: 48:45 Minute(n) Der Suchlauf wurde vollständig durchgeführt. 22731 Verzeichnisse wurden überprüft 423969 Dateien wurden geprüft 23 Viren bzw. unerwünschte Programme wurden gefunden 0 Dateien wurden als verdächtig eingestuft 13 Dateien wurden gelöscht 0 Viren bzw. unerwünschte Programme wurden repariert 13 Dateien wurden in die Quarantäne verschoben 0 Dateien wurden umbenannt 0 Dateien konnten nicht durchsucht werden 423946 Dateien ohne Befall 2734 Archive wurden durchsucht 2 Warnungen 13 Hinweise 27201 Objekte wurden beim Rootkitscan durchsucht 0 Versteckte Objekte wurden gefunden Maleware Code:
ATTFilter 09:49:20 Sony User MESSAGE Protection started successfully 09:49:25 Sony User MESSAGE IP Protection started successfully 09:57:41 Sony User IP-BLOCK 82.98.97.185 (Type: outgoing, Port: 49288, Process: svchost.exe) 09:57:41 Sony User IP-BLOCK 82.98.97.203 (Type: outgoing, Port: 49289, Process: svchost.exe) 09:57:41 Sony User IP-BLOCK 82.98.97.206 (Type: outgoing, Port: 49290, Process: svchost.exe) 09:57:41 Sony User IP-BLOCK 82.98.97.183 (Type: outgoing, Port: 49291, Process: svchost.exe) 09:57:41 Sony User IP-BLOCK 82.98.97.185 (Type: outgoing, Port: 49292, Process: svchost.exe) 10:05:55 Sony User MESSAGE Protection started successfully 10:05:59 Sony User MESSAGE IP Protection started successfully 10:14:17 Sony User IP-BLOCK 82.98.97.185 (Type: outgoing, Port: 49349, Process: svchost.exe) 10:14:17 Sony User IP-BLOCK 82.98.97.203 (Type: outgoing, Port: 49350, Process: svchost.exe) 10:14:17 Sony User IP-BLOCK 82.98.97.206 (Type: outgoing, Port: 49351, Process: svchost.exe) 10:14:17 Sony User IP-BLOCK 82.98.97.183 (Type: outgoing, Port: 49352, Process: svchost.exe) 10:14:17 Sony User IP-BLOCK 82.98.97.185 (Type: outgoing, Port: 49353, Process: svchost.exe) 10:24:19 Sony User IP-BLOCK 82.98.97.203 (Type: outgoing, Port: 49365, Process: svchost.exe) 10:24:19 Sony User IP-BLOCK 82.98.97.206 (Type: outgoing, Port: 49366, Process: svchost.exe) 10:24:19 Sony User IP-BLOCK 82.98.97.183 (Type: outgoing, Port: 49367, Process: svchost.exe) 10:24:19 Sony User IP-BLOCK 82.98.97.185 (Type: outgoing, Port: 49368, Process: svchost.exe) 10:24:19 Sony User IP-BLOCK 82.98.97.203 (Type: outgoing, Port: 49369, Process: svchost.exe) 10:34:20 Sony User IP-BLOCK 82.98.97.206 (Type: outgoing, Port: 49474, Process: svchost.exe) 10:34:20 Sony User IP-BLOCK 82.98.97.183 (Type: outgoing, Port: 49475, Process: svchost.exe) 10:34:20 Sony User IP-BLOCK 82.98.97.185 (Type: outgoing, Port: 49476, Process: svchost.exe) 10:34:20 Sony User IP-BLOCK 82.98.97.203 (Type: outgoing, Port: 49477, Process: svchost.exe) 10:34:20 Sony User IP-BLOCK 82.98.97.206 (Type: outgoing, Port: 49478, Process: svchost.exe) 10:44:20 Sony User IP-BLOCK 82.98.97.183 (Type: outgoing, Port: 49796, Process: svchost.exe) 10:44:21 Sony User IP-BLOCK 82.98.97.185 (Type: outgoing, Port: 49797, Process: svchost.exe) 10:44:21 Sony User IP-BLOCK 82.98.97.203 (Type: outgoing, Port: 49798, Process: svchost.exe) 10:44:21 Sony User IP-BLOCK 82.98.97.206 (Type: outgoing, Port: 49799, Process: svchost.exe) 10:44:21 Sony User IP-BLOCK 82.98.97.183 (Type: outgoing, Port: 49800, Process: svchost.exe) 10:53:01 Sony User MESSAGE Scheduled update executed successfully 10:54:25 Sony User MESSAGE IP Protection stopped 10:54:27 Sony User MESSAGE Database updated successfully 10:54:28 Sony User MESSAGE IP Protection started successfully 11:04:19 Sony User IP-BLOCK 82.98.97.185 (Type: outgoing, Port: 49840, Process: svchost.exe) 11:04:19 Sony User IP-BLOCK 82.98.97.203 (Type: outgoing, Port: 49841, Process: svchost.exe) 11:04:19 Sony User IP-BLOCK 82.98.97.206 (Type: outgoing, Port: 49842, Process: svchost.exe) 11:04:19 Sony User IP-BLOCK 82.98.97.183 (Type: outgoing, Port: 49843, Process: svchost.exe) 11:14:20 Sony User IP-BLOCK 82.98.97.185 (Type: outgoing, Port: 49869, Process: svchost.exe) 11:14:20 Sony User IP-BLOCK 82.98.97.203 (Type: outgoing, Port: 49870, Process: svchost.exe) 11:14:20 Sony User IP-BLOCK 82.98.97.206 (Type: outgoing, Port: 49871, Process: svchost.exe) 11:14:20 Sony User IP-BLOCK 82.98.97.183 (Type: outgoing, Port: 49872, Process: svchost.exe) 11:24:23 Sony User IP-BLOCK 82.98.97.185 (Type: outgoing, Port: 49880, Process: svchost.exe) 11:24:23 Sony User IP-BLOCK 82.98.97.203 (Type: outgoing, Port: 49881, Process: svchost.exe) 11:24:23 Sony User IP-BLOCK 82.98.97.206 (Type: outgoing, Port: 49882, Process: svchost.exe) 11:24:23 Sony User IP-BLOCK 82.98.97.183 (Type: outgoing, Port: 49883, Process: svchost.exe) 11:34:17 Sony User IP-BLOCK 82.98.97.185 (Type: outgoing, Port: 49902, Process: svchost.exe) 11:34:17 Sony User IP-BLOCK 82.98.97.203 (Type: outgoing, Port: 49903, Process: svchost.exe) 11:34:17 Sony User IP-BLOCK 82.98.97.206 (Type: outgoing, Port: 49904, Process: svchost.exe) 11:34:17 Sony User IP-BLOCK 82.98.97.183 (Type: outgoing, Port: 49905, Process: svchost.exe) 11:44:17 Sony User IP-BLOCK 82.98.97.200 (Type: outgoing, Port: 49915, Process: svchost.exe) 11:54:18 Sony User IP-BLOCK 82.98.97.185 (Type: outgoing, Port: 49943, Process: svchost.exe) 11:54:18 Sony User IP-BLOCK 82.98.97.203 (Type: outgoing, Port: 49944, Process: svchost.exe) 11:54:18 Sony User IP-BLOCK 82.98.97.206 (Type: outgoing, Port: 49945, Process: svchost.exe) 11:54:18 Sony User IP-BLOCK 82.98.97.183 (Type: outgoing, Port: 49946, Process: svchost.exe) 12:04:21 Sony User IP-BLOCK 82.98.97.185 (Type: outgoing, Port: 49962, Process: svchost.exe) 12:04:21 Sony User IP-BLOCK 82.98.97.203 (Type: outgoing, Port: 49963, Process: svchost.exe) 12:04:21 Sony User IP-BLOCK 82.98.97.206 (Type: outgoing, Port: 49964, Process: svchost.exe) 12:04:21 Sony User IP-BLOCK 82.98.97.183 (Type: outgoing, Port: 49965, Process: svchost.exe) 12:14:21 Sony User IP-BLOCK 82.98.97.185 (Type: outgoing, Port: 50337, Process: svchost.exe) 12:14:21 Sony User IP-BLOCK 82.98.97.203 (Type: outgoing, Port: 50338, Process: svchost.exe) 12:14:21 Sony User IP-BLOCK 82.98.97.206 (Type: outgoing, Port: 50339, Process: svchost.exe) 12:14:21 Sony User IP-BLOCK 82.98.97.183 (Type: outgoing, Port: 50340, Process: svchost.exe) 12:24:22 Sony User IP-BLOCK 82.98.97.185 (Type: outgoing, Port: 50683, Process: svchost.exe) 12:24:22 Sony User IP-BLOCK 82.98.97.203 (Type: outgoing, Port: 50684, Process: svchost.exe) 12:24:22 Sony User IP-BLOCK 82.98.97.206 (Type: outgoing, Port: 50685, Process: svchost.exe) 12:24:22 Sony User IP-BLOCK 82.98.97.183 (Type: outgoing, Port: 50686, Process: svchost.exe) 12:34:23 Sony User IP-BLOCK 82.98.97.200 (Type: outgoing, Port: 51033, Process: svchost.exe) 12:44:23 Sony User IP-BLOCK 82.98.97.183 (Type: outgoing, Port: 51041, Process: svchost.exe) 12:44:23 Sony User IP-BLOCK 82.98.97.185 (Type: outgoing, Port: 51042, Process: svchost.exe) 12:44:23 Sony User IP-BLOCK 82.98.97.203 (Type: outgoing, Port: 51043, Process: svchost.exe) 12:44:23 Sony User IP-BLOCK 82.98.97.206 (Type: outgoing, Port: 51044, Process: svchost.exe) 12:54:19 Sony User IP-BLOCK 82.98.97.183 (Type: outgoing, Port: 51045, Process: svchost.exe) 12:54:19 Sony User IP-BLOCK 82.98.97.185 (Type: outgoing, Port: 51046, Process: svchost.exe) 12:54:19 Sony User IP-BLOCK 82.98.97.203 (Type: outgoing, Port: 51047, Process: svchost.exe) 12:54:19 Sony User IP-BLOCK 82.98.97.206 (Type: outgoing, Port: 51048, Process: svchost.exe) 13:04:20 Sony User IP-BLOCK 82.98.97.183 (Type: outgoing, Port: 51076, Process: svchost.exe) 13:04:20 Sony User IP-BLOCK 82.98.97.185 (Type: outgoing, Port: 51077, Process: svchost.exe) 13:04:20 Sony User IP-BLOCK 82.98.97.203 (Type: outgoing, Port: 51078, Process: svchost.exe) 13:04:20 Sony User IP-BLOCK 82.98.97.206 (Type: outgoing, Port: 51079, Process: svchost.exe) 13:14:22 Sony User IP-BLOCK 82.98.97.183 (Type: outgoing, Port: 51087, Process: svchost.exe) 13:14:22 Sony User IP-BLOCK 82.98.97.185 (Type: outgoing, Port: 51088, Process: svchost.exe) 13:14:22 Sony User IP-BLOCK 82.98.97.203 (Type: outgoing, Port: 51089, Process: svchost.exe) 13:14:22 Sony User IP-BLOCK 82.98.97.206 (Type: outgoing, Port: 51090, Process: svchost.exe) 13:24:24 Sony User IP-BLOCK 82.98.97.200 (Type: outgoing, Port: 51168, Process: svchost.exe) 13:34:25 Sony User IP-BLOCK 82.98.97.183 (Type: outgoing, Port: 51184, Process: svchost.exe) 13:34:25 Sony User IP-BLOCK 82.98.97.185 (Type: outgoing, Port: 51185, Process: svchost.exe) 13:34:25 Sony User IP-BLOCK 82.98.97.203 (Type: outgoing, Port: 51186, Process: svchost.exe) 13:34:25 Sony User IP-BLOCK 82.98.97.206 (Type: outgoing, Port: 51187, Process: svchost.exe) 13:44:25 Sony User IP-BLOCK 82.98.97.183 (Type: outgoing, Port: 51196, Process: svchost.exe) 13:44:25 Sony User IP-BLOCK 82.98.97.185 (Type: outgoing, Port: 51197, Process: svchost.exe) 13:44:25 Sony User IP-BLOCK 82.98.97.203 (Type: outgoing, Port: 51198, Process: svchost.exe) 13:44:25 Sony User IP-BLOCK 82.98.97.206 (Type: outgoing, Port: 51199, Process: svchost.exe) 13:54:19 Sony User IP-BLOCK 82.98.97.183 (Type: outgoing, Port: 51200, Process: svchost.exe) 13:54:19 Sony User IP-BLOCK 82.98.97.185 (Type: outgoing, Port: 51201, Process: svchost.exe) 13:54:19 Sony User IP-BLOCK 82.98.97.203 (Type: outgoing, Port: 51202, Process: svchost.exe) 13:54:20 Sony User IP-BLOCK 82.98.97.206 (Type: outgoing, Port: 51203, Process: svchost.exe) 14:11:44 Sony User IP-BLOCK 82.98.97.206 (Type: outgoing, Port: 51220, Process: svchost.exe) 14:11:44 Sony User IP-BLOCK 82.98.97.183 (Type: outgoing, Port: 51221, Process: svchost.exe) 14:11:44 Sony User IP-BLOCK 82.98.97.185 (Type: outgoing, Port: 51222, Process: svchost.exe) 14:11:44 Sony User IP-BLOCK 82.98.97.203 (Type: outgoing, Port: 51223, Process: svchost.exe) 14:21:53 Sony User IP-BLOCK 82.98.97.200 (Type: outgoing, Port: 51620, Process: svchost.exe) 14:31:53 Sony User IP-BLOCK 82.98.97.203 (Type: outgoing, Port: 51628, Process: svchost.exe) 14:31:53 Sony User IP-BLOCK 82.98.97.206 (Type: outgoing, Port: 51629, Process: svchost.exe) 14:31:53 Sony User IP-BLOCK 82.98.97.183 (Type: outgoing, Port: 51630, Process: svchost.exe) 14:31:53 Sony User IP-BLOCK 82.98.97.185 (Type: outgoing, Port: 51631, Process: svchost.exe) 14:41:53 Sony User IP-BLOCK 82.98.97.203 (Type: outgoing, Port: 51632, Process: svchost.exe) 14:41:53 Sony User IP-BLOCK 82.98.97.206 (Type: outgoing, Port: 51633, Process: svchost.exe) 14:41:54 Sony User IP-BLOCK 82.98.97.183 (Type: outgoing, Port: 51634, Process: svchost.exe) 14:41:54 Sony User IP-BLOCK 82.98.97.185 (Type: outgoing, Port: 51635, Process: svchost.exe) 14:51:54 Sony User IP-BLOCK 82.98.97.203 (Type: outgoing, Port: 51643, Process: svchost.exe) 14:51:54 Sony User IP-BLOCK 82.98.97.206 (Type: outgoing, Port: 51644, Process: svchost.exe) 14:51:54 Sony User IP-BLOCK 82.98.97.183 (Type: outgoing, Port: 51645, Process: svchost.exe) 14:51:54 Sony User IP-BLOCK 82.98.97.185 (Type: outgoing, Port: 51646, Process: svchost.exe) 15:01:54 Sony User IP-BLOCK 82.98.97.206 (Type: outgoing, Port: 51661, Process: svchost.exe) 15:01:54 Sony User IP-BLOCK 82.98.97.183 (Type: outgoing, Port: 51662, Process: svchost.exe) 15:01:55 Sony User IP-BLOCK 82.98.97.185 (Type: outgoing, Port: 51663, Process: svchost.exe) 15:01:55 Sony User IP-BLOCK 82.98.97.203 (Type: outgoing, Port: 51664, Process: svchost.exe) 15:11:55 Sony User IP-BLOCK 82.98.97.200 (Type: outgoing, Port: 51668, Process: svchost.exe) 15:21:50 Sony User IP-BLOCK 82.98.97.206 (Type: outgoing, Port: 52165, Process: svchost.exe) 15:21:51 Sony User IP-BLOCK 82.98.97.183 (Type: outgoing, Port: 52166, Process: svchost.exe) 15:21:51 Sony User IP-BLOCK 82.98.97.185 (Type: outgoing, Port: 52167, Process: svchost.exe) 15:21:51 Sony User IP-BLOCK 82.98.97.203 (Type: outgoing, Port: 52168, Process: svchost.exe) 15:31:51 Sony User IP-BLOCK 82.98.97.185 (Type: outgoing, Port: 52176, Process: svchost.exe) 15:31:51 Sony User IP-BLOCK 82.98.97.203 (Type: outgoing, Port: 52177, Process: svchost.exe) 15:31:51 Sony User IP-BLOCK 82.98.97.206 (Type: outgoing, Port: 52178, Process: svchost.exe) 15:31:51 Sony User IP-BLOCK 82.98.97.183 (Type: outgoing, Port: 52179, Process: svchost.exe) 15:41:51 Sony User IP-BLOCK 82.98.97.185 (Type: outgoing, Port: 52300, Process: svchost.exe) 15:41:51 Sony User IP-BLOCK 82.98.97.203 (Type: outgoing, Port: 52301, Process: svchost.exe) 15:41:51 Sony User IP-BLOCK 82.98.97.206 (Type: outgoing, Port: 52302, Process: svchost.exe) 15:41:51 Sony User IP-BLOCK 82.98.97.183 (Type: outgoing, Port: 52303, Process: svchost.exe) 15:51:52 Sony User IP-BLOCK 82.98.97.185 (Type: outgoing, Port: 52311, Process: svchost.exe) 15:51:52 Sony User IP-BLOCK 82.98.97.203 (Type: outgoing, Port: 52312, Process: svchost.exe) 15:51:52 Sony User IP-BLOCK 82.98.97.206 (Type: outgoing, Port: 52313, Process: svchost.exe) 15:51:52 Sony User IP-BLOCK 82.98.97.183 (Type: outgoing, Port: 52314, Process: svchost.exe) 16:01:52 Sony User IP-BLOCK 82.98.97.200 (Type: outgoing, Port: 52324, Process: svchost.exe) 18:35:34 Sony User IP-BLOCK 82.98.97.185 (Type: outgoing, Port: 52331, Process: svchost.exe) 18:40:30 Sony User MESSAGE Protection started successfully 18:40:34 Sony User MESSAGE IP Protection started successfully 18:48:51 Sony User IP-BLOCK 82.98.97.185 (Type: outgoing, Port: 49337, Process: svchost.exe) 18:48:51 Sony User IP-BLOCK 82.98.97.203 (Type: outgoing, Port: 49338, Process: svchost.exe) 18:48:51 Sony User IP-BLOCK 82.98.97.206 (Type: outgoing, Port: 49339, Process: svchost.exe) 18:48:51 Sony User IP-BLOCK 82.98.97.183 (Type: outgoing, Port: 49340, Process: svchost.exe) 18:48:51 Sony User IP-BLOCK 82.98.97.185 (Type: outgoing, Port: 49341, Process: svchost.exe) 18:58:56 Sony User IP-BLOCK 82.98.97.203 (Type: outgoing, Port: 49478, Process: svchost.exe) 18:58:56 Sony User IP-BLOCK 82.98.97.206 (Type: outgoing, Port: 49479, Process: svchost.exe) 18:58:56 Sony User IP-BLOCK 82.98.97.183 (Type: outgoing, Port: 49480, Process: svchost.exe) 18:58:56 Sony User IP-BLOCK 82.98.97.185 (Type: outgoing, Port: 49481, Process: svchost.exe) 18:58:56 Sony User IP-BLOCK 82.98.97.203 (Type: outgoing, Port: 49482, Process: svchost.exe) 19:08:49 Sony User IP-BLOCK 82.98.97.206 (Type: outgoing, Port: 50112, Process: svchost.exe) 19:08:49 Sony User IP-BLOCK 82.98.97.183 (Type: outgoing, Port: 50113, Process: svchost.exe) 19:08:49 Sony User IP-BLOCK 82.98.97.203 (Type: outgoing, Port: 50114, Process: svchost.exe) 19:08:49 Sony User IP-BLOCK 82.98.97.206 (Type: outgoing, Port: 50115, Process: svchost.exe) 19:08:49 Sony User IP-BLOCK 82.98.97.183 (Type: outgoing, Port: 50116, Process: svchost.exe) 19:18:50 Sony User IP-BLOCK 82.98.97.185 (Type: outgoing, Port: 50228, Process: svchost.exe) 19:18:50 Sony User IP-BLOCK 82.98.97.203 (Type: outgoing, Port: 50229, Process: svchost.exe) 19:18:50 Sony User IP-BLOCK 82.98.97.206 (Type: outgoing, Port: 50230, Process: svchost.exe) 19:18:50 Sony User IP-BLOCK 82.98.97.183 (Type: outgoing, Port: 50231, Process: svchost.exe) 19:18:50 Sony User IP-BLOCK 82.98.97.185 (Type: outgoing, Port: 50232, Process: svchost.exe) 19:28:53 Sony User IP-BLOCK 82.98.97.200 (Type: outgoing, Port: 50967, Process: svchost.exe) 19:38:52 Sony User IP-BLOCK 82.98.97.185 (Type: outgoing, Port: 51099, Process: svchost.exe) 19:38:52 Sony User IP-BLOCK 82.98.97.203 (Type: outgoing, Port: 51100, Process: svchost.exe) 19:38:52 Sony User IP-BLOCK 82.98.97.206 (Type: outgoing, Port: 51101, Process: svchost.exe) 19:38:52 Sony User IP-BLOCK 82.98.97.183 (Type: outgoing, Port: 51102, Process: svchost.exe) 19:48:56 Sony User IP-BLOCK 82.98.97.185 (Type: outgoing, Port: 51110, Process: svchost.exe) 19:48:56 Sony User IP-BLOCK 82.98.97.203 (Type: outgoing, Port: 51111, Process: svchost.exe) 19:48:56 Sony User IP-BLOCK 82.98.97.206 (Type: outgoing, Port: 51112, Process: svchost.exe) 19:48:56 Sony User IP-BLOCK 82.98.97.183 (Type: outgoing, Port: 51113, Process: svchost.exe) 19:58:52 Sony User IP-BLOCK 82.98.97.185 (Type: outgoing, Port: 51186, Process: svchost.exe) 19:58:52 Sony User IP-BLOCK 82.98.97.203 (Type: outgoing, Port: 51187, Process: svchost.exe) 19:58:52 Sony User IP-BLOCK 82.98.97.206 (Type: outgoing, Port: 51188, Process: svchost.exe) 19:58:52 Sony User IP-BLOCK 82.98.97.183 (Type: outgoing, Port: 51189, Process: svchost.exe) 20:08:52 Sony User IP-BLOCK 82.98.97.203 (Type: outgoing, Port: 51245, Process: svchost.exe) 20:08:52 Sony User IP-BLOCK 82.98.97.206 (Type: outgoing, Port: 51246, Process: svchost.exe) 20:08:52 Sony User IP-BLOCK 82.98.97.183 (Type: outgoing, Port: 51247, Process: svchost.exe) 20:08:52 Sony User IP-BLOCK 82.98.97.185 (Type: outgoing, Port: 51248, Process: svchost.exe) 20:18:52 Sony User IP-BLOCK 82.98.97.200 (Type: outgoing, Port: 51438, Process: svchost.exe) 20:28:52 Sony User IP-BLOCK 82.98.97.203 (Type: outgoing, Port: 51659, Process: svchost.exe) 20:28:52 Sony User IP-BLOCK 82.98.97.206 (Type: outgoing, Port: 51660, Process: svchost.exe) 20:28:52 Sony User IP-BLOCK 82.98.97.183 (Type: outgoing, Port: 51661, Process: svchost.exe) 20:28:52 Sony User IP-BLOCK 82.98.97.185 (Type: outgoing, Port: 51662, Process: svchost.exe) 20:38:55 Sony User IP-BLOCK 82.98.97.183 (Type: outgoing, Port: 51681, Process: svchost.exe) 20:38:55 Sony User IP-BLOCK 82.98.97.185 (Type: outgoing, Port: 51682, Process: svchost.exe) 20:38:55 Sony User IP-BLOCK 82.98.97.203 (Type: outgoing, Port: 51683, Process: svchost.exe) 20:38:55 Sony User IP-BLOCK 82.98.97.206 (Type: outgoing, Port: 51684, Process: svchost.exe) 20:48:51 Sony User IP-BLOCK 82.98.97.183 (Type: outgoing, Port: 51693, Process: svchost.exe) 20:48:52 Sony User IP-BLOCK 82.98.97.185 (Type: outgoing, Port: 51694, Process: svchost.exe) 20:48:52 Sony User IP-BLOCK 82.98.97.203 (Type: outgoing, Port: 51695, Process: svchost.exe) 20:48:52 Sony User IP-BLOCK 82.98.97.206 (Type: outgoing, Port: 51696, Process: svchost.exe) 20:58:56 Sony User IP-BLOCK 82.98.97.183 (Type: outgoing, Port: 51797, Process: svchost.exe) 20:58:56 Sony User IP-BLOCK 82.98.97.185 (Type: outgoing, Port: 51798, Process: svchost.exe) 20:58:56 Sony User IP-BLOCK 82.98.97.203 (Type: outgoing, Port: 51799, Process: svchost.exe) 20:58:56 Sony User IP-BLOCK 82.98.97.206 (Type: outgoing, Port: 51800, Process: svchost.exe) 21:08:53 Sony User IP-BLOCK 82.98.97.200 (Type: outgoing, Port: 52182, Process: svchost.exe) 21:18:57 Sony User IP-BLOCK 82.98.97.203 (Type: outgoing, Port: 52499, Process: svchost.exe) 21:18:57 Sony User IP-BLOCK 82.98.97.206 (Type: outgoing, Port: 52500, Process: svchost.exe) 21:18:57 Sony User IP-BLOCK 82.98.97.183 (Type: outgoing, Port: 52501, Process: svchost.exe) 21:18:57 Sony User IP-BLOCK 82.98.97.185 (Type: outgoing, Port: 52502, Process: svchost.exe) Code:
ATTFilter OTL logfile created on: 27.12.2011 21:16:46 - Run 3 OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Sony User\Desktop 64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,97 Gb Total Physical Memory | 1,82 Gb Available Physical Memory | 45,85% Memory free 7,93 Gb Paging File | 5,52 Gb Available in Paging File | 69,60% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 456,28 Gb Total Space | 328,10 Gb Free Space | 71,91% Space Free | Partition Type: NTFS Computer Name: SONYUSER-VAIO | User Name: Sony User | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\Sony User\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) PRC - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe () PRC - C:\Users\SONYUS~1\AppData\Local\Temp\mexe.com (MicroWorld Technologies Inc.) PRC - C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe (Sony Corporation) PRC - C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe (Sony Corporation) PRC - C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe (Sony Corporation) PRC - C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe (Sony Corporation) PRC - C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe (Sony Corporation) PRC - C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe (Sony Corporation) PRC - C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe (ArcSoft, Inc.) ========== Modules (No Company Name) ========== MOD - C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll () MOD - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe () MOD - C:\Windows\SysWOW64\msjetoledb40.dll () ========== Win32 Services (SafeList) ========== SRV:64bit: - (VSNService) -- C:\Program Files\Sony\VAIO Smart Network\VSNService.exe (Sony Corporation) SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD) SRV:64bit: - (VAIO Power Management) -- C:\Program Files\Sony\VAIO Power Management\SPMService.exe (Sony Corporation) SRV:64bit: - (VcmINSMgr) -- C:\Program Files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe (Sony Corporation) SRV:64bit: - (VcmIAlzMgr) -- C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe (Sony Corporation) SRV:64bit: - (VcmXmlIfHelper) -- C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe (Sony Corporation) SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) SRV - (ServiceLayer) -- C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe (Nokia) SRV - (ACDaemon) -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.) SRV - (SOHPlMgr) -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHPlMgr.exe (Sony Corporation) SRV - (SOHDms) -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe (Sony Corporation) SRV - (SOHDs) -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe (Sony Corporation) SRV - (SOHDBSvr) -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDBSvr.exe (Sony Corporation) SRV - (SOHCImp) -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe (Sony Corporation) SRV - (RtkAudioService) -- C:\Programme\Realtek\Audio\HDA\RtkAudioService64.exe (Realtek Semiconductor) SRV - (Vcsw) -- C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe (Sony Corporation) SRV - (VAIO Entertainment TV Device Arbitration Service) -- C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VzHardwareResourceManager\VzHardwareResourceManager\VzHardwareResourceManager.exe (Sony Corporation) SRV - (VzCdbSvc) -- C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe (Sony Corporation) SRV - (VCFw) -- C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe (Sony Corporation) SRV - (btwdins) -- C:\Programme\WIDCOMM\Bluetooth Software\btwdins.exe (Broadcom Corporation.) SRV - (VAIO Event Service) -- C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe (Sony Corporation) SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) SRV - (uCamMonitor) -- C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe (ArcSoft, Inc.) ========== Driver Services (SafeList) ========== DRV:64bit: - (avkmgr) -- C:\Windows\SysNative\drivers\avkmgr.sys (Avira GmbH) DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira GmbH) DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira GmbH) DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation) DRV:64bit: - (PxHlpa64) -- C:\Windows\SysNative\drivers\PxHlpa64.sys (Sonic Solutions) DRV:64bit: - (IntcHdmiAddService) Intel(R) -- C:\Windows\SysNative\drivers\IntcHdmi.sys (Intel(R) Corporation) DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation) DRV:64bit: - (ApfiltrService) -- C:\Windows\SysNative\drivers\Apfiltr.sys (Alps Electric Co., Ltd.) DRV:64bit: - (athr) -- C:\Windows\SysNative\drivers\athrx.sys (Atheros Communications, Inc.) DRV:64bit: - (risdptsk) -- C:\Windows\SysNative\drivers\risdsn64.sys (REDC) DRV:64bit: - (rimsptsk) -- C:\Windows\SysNative\drivers\rimssn64.sys (REDC) DRV:64bit: - (yukonw7) -- C:\Windows\SysNative\drivers\yk62x64.sys (Marvell) DRV:64bit: - (btwrchid) -- C:\Windows\SysNative\drivers\btwrchid.sys (Broadcom Corporation.) DRV:64bit: - (btwavdt) -- C:\Windows\SysNative\drivers\btwavdt.sys (Broadcom Corporation.) DRV:64bit: - (btwaudio) -- C:\Windows\SysNative\drivers\btwaudio.sys (Broadcom Corporation.) DRV:64bit: - (btwl2cap) -- C:\Windows\SysNative\drivers\btwl2cap.sys (Broadcom Corporation.) DRV:64bit: - (atikmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.) DRV:64bit: - (RTHDMIAzAudService) -- C:\Windows\SysNative\drivers\RtHDMIVX.sys (Realtek Semiconductor Corp.) DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology) DRV:64bit: - (usbser) -- C:\Windows\SysNative\drivers\usbser.sys (Microsoft Corporation) DRV:64bit: - (sdbus) -- C:\Windows\SysNative\drivers\sdbus.sys (Microsoft Corporation) DRV:64bit: - (SFEP) -- C:\Windows\SysNative\drivers\SFEP.sys (Sony Corporation) DRV:64bit: - (SrvHsfV92) -- C:\Windows\SysNative\drivers\VSTDPV6.SYS (Conexant Systems, Inc.) DRV:64bit: - (SrvHsfWinac) -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS (Conexant Systems, Inc.) DRV:64bit: - (SrvHsfHDA) -- C:\Windows\SysNative\drivers\VSTAZL6.SYS (Conexant Systems, Inc.) DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation) DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV:64bit: - (netw5v64) Intel(R) -- C:\Windows\SysNative\drivers\NETw5v64.sys (Intel Corporation) DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation) DRV:64bit: - (ArcSoftKsUFilter) -- C:\Windows\SysNative\drivers\ArcSoftKsUFilter.sys (ArcSoft, Inc.) DRV:64bit: - (pccsmcfd) -- C:\Windows\SysNative\drivers\pccsmcfdx64.sys (Nokia) DRV:64bit: - (hwdatacard) -- C:\Windows\SysNative\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.) DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default Download Directory = C:\Users\Sony User\Desktop IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = E9 42 7F 95 76 C4 CC 01 [binary data] IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "" FF - prefs.js..browser.search.defaultthis.engineName: "" FF - prefs.js..browser.search.defaulturl: "" FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..browser.startup.homepage: "" FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21 FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1 FF - prefs.js..extensions.enabledItems: {872b5b88-9db5-4310-bdd0-ac189557e5f5}:3.3.3.2 FF - prefs.js..extensions.enabledItems: {800b5000-a755-47e1-992b-48a1c1357f07}:1.1.9 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24 FF - prefs.js..extensions.enabledItems: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.1.94 FF - prefs.js..extensions.enabledItems: {6904342A-8307-11DF-A508-4AE2DFD72085}:2.1.1.94 FF - prefs.js..extensions.enabledItems: FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\html5video [2011.04.06 10:35:59 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\wpa [2011.04.06 10:35:59 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011.12.25 21:56:49 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011.12.25 22:48:51 | 000,000,000 | ---D | M] [2010.05.03 18:23:16 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Sony User\AppData\Roaming\mozilla\Extensions [2011.12.27 10:01:51 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Sony User\AppData\Roaming\mozilla\Firefox\Profiles\qzmkl14c.default\extensions [2011.04.08 05:59:26 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Users\Sony User\AppData\Roaming\mozilla\Firefox\Profiles\qzmkl14c.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07} [2010.08.18 21:28:53 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\Sony User\AppData\Roaming\mozilla\Firefox\Profiles\qzmkl14c.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} [2010.08.21 20:21:07 | 000,000,873 | ---- | M] () -- C:\Users\Sony User\AppData\Roaming\Mozilla\Firefox\Profiles\qzmkl14c.default\searchplugins\conduit.xml [2010.12.21 14:59:20 | 000,000,950 | ---- | M] () -- C:\Users\Sony User\AppData\Roaming\Mozilla\Firefox\Profiles\qzmkl14c.default\searchplugins\icqplugin-2.xml [2011.04.08 06:02:37 | 000,000,950 | ---- | M] () -- C:\Users\Sony User\AppData\Roaming\Mozilla\Firefox\Profiles\qzmkl14c.default\searchplugins\icqplugin-3.xml [2011.04.08 05:59:26 | 000,000,168 | ---- | M] () -- C:\Users\Sony User\AppData\Roaming\Mozilla\Firefox\Profiles\qzmkl14c.default\searchplugins\icqplugin.gif [2011.04.08 05:59:26 | 000,000,618 | ---- | M] () -- C:\Users\Sony User\AppData\Roaming\Mozilla\Firefox\Profiles\qzmkl14c.default\searchplugins\icqplugin.src [2010.05.12 16:40:48 | 000,001,042 | ---- | M] () -- C:\Users\Sony User\AppData\Roaming\Mozilla\Firefox\Profiles\qzmkl14c.default\searchplugins\icqplugin.xml [2011.12.25 22:12:56 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2010.06.27 03:20:32 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} [2010.08.03 19:42:37 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} [2010.11.07 01:27:09 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} [2011.01.12 23:01:24 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} [2011.02.21 08:10:16 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} [2011.12.25 22:12:56 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} [2011.04.06 10:35:59 | 000,000,000 | ---D | M] (DivX Plus Web Player HTML5 <video>) -- C:\PROGRAM FILES (X86)\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\HTML5VIDEO [2011.04.06 10:35:59 | 000,000,000 | ---D | M] (DivX HiQ) -- C:\PROGRAM FILES (X86)\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\WPA File not found (No name found) -- C:\USERS\SONY USER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QZMKL14C.DEFAULT\EXTENSIONS\{872B5B88-9DB5-4310-BDD0-AC189557E5F5} File not found (No name found) -- C:\USERS\SONY USER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QZMKL14C.DEFAULT\EXTENSIONS\ENGINE@CONDUIT.COM [2011.11.10 05:54:13 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll [2011.04.09 11:40:26 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2011.04.09 11:40:27 | 000,002,344 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2011.04.09 11:40:27 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2011.04.09 11:40:27 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2011.04.09 11:40:27 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml ========== Chrome ========== O1 HOSTS File: ([2011.12.26 11:41:02 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O4:64bit: - HKLM..\Run: [Apoint] C:\Programme\Apoint\Apoint.exe (Alps Electric Co., Ltd.) O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Programme\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe () O4 - HKLM..\Run: [ISBMgr.exe] C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe (Sony Corporation) O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Sony User\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8:64bit: - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html File not found O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Sony User\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html File not found O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found O9:64bit: - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation) O9 - Extra Button: Senden an Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra 'Tools' menuitem : Senden an &Bluetooth-Gerät... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab (Java Plug-in 1.6.0_14) O16 - DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab (Java Plug-in 1.6.0_14) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab (Reg Error: Key error.) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30) O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3DBEED24-4889-479C-82EC-D972CD7A8EFF}: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{59F4ACDD-B2C9-4F4E-969D-FD30745D2CD0}: DhcpNameServer = 192.168.0.1 O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation) O20 - Winlogon\Notify\VESWinlogon: DllName - (VESWinlogon.dll) - C:\Windows\SysWow64\VESWinlogon.dll (Sony Corporation) O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2011.12.27 19:30:50 | 000,000,000 | ---D | C] -- C:\Windows\VDLL.DLL [2011.12.27 19:30:50 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\runouce.exe [2011.12.27 19:30:50 | 000,000,000 | ---D | C] -- C:\Windows\rundll16.exe [2011.12.27 19:30:50 | 000,000,000 | ---D | C] -- C:\Windows\RUNDL132.EXE [2011.12.27 19:30:50 | 000,000,000 | ---D | C] -- C:\Windows\logo1_.exe [2011.12.27 19:30:50 | 000,000,000 | ---D | C] -- C:\Windows\logo_1.exe [2011.12.27 19:22:32 | 000,632,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msvcr80.dll [2011.12.27 19:22:31 | 000,554,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msvcp80.dll [2011.12.27 19:22:30 | 000,034,048 | ---- | C] (MicroWorld Technologies Inc.) -- C:\Windows\SysWow64\eEmpty.exe [2011.12.27 19:22:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\MicroWorld [2011.12.27 19:22:22 | 000,000,000 | ---D | C] -- C:\ProgramData\MicroWorld [2011.12.27 15:15:35 | 000,000,000 | ---D | C] -- C:\Users\Sony User\Desktop\Virus [2011.12.27 15:10:58 | 000,000,000 | ---D | C] -- C:\Users\Sony User\AppData\Roaming\Roxio Log Files [2011.12.27 15:08:56 | 000,000,000 | ---D | C] -- C:\Users\Sony User\AppData\Local\SvchostViewer [2011.12.27 13:21:37 | 000,000,000 | ---D | C] -- C:\ProgramData\SecTaskMan [2011.12.27 10:06:29 | 001,918,464 | ---- | C] (AVAST Software) -- C:\Users\Sony User\Desktop\aswMBR.exe [2011.12.27 09:58:06 | 000,000,000 | ---D | C] -- C:\_OTL [2011.12.27 09:56:29 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Sony User\Desktop\OTL.exe [2011.12.26 22:41:07 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN [2011.12.26 11:56:11 | 000,000,000 | ---D | C] -- C:\Windows\temp [2011.12.26 11:34:31 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT [2011.12.26 03:06:34 | 000,096,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll [2011.12.26 03:06:33 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll [2011.12.26 03:06:32 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll [2011.12.26 03:06:32 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll [2011.12.26 03:06:31 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll [2011.12.26 03:06:31 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll [2011.12.26 03:06:28 | 002,309,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll [2011.12.26 03:06:28 | 001,493,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl [2011.12.26 03:06:28 | 001,427,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl [2011.12.26 03:06:27 | 000,818,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll [2011.12.26 03:06:27 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll [2011.12.25 22:20:28 | 000,000,000 | ---D | C] -- C:\Users\Sony User\AppData\Local\{3C11D02F-DA75-4D54-B37B-8BBA3405470A} [2011.12.25 22:20:16 | 000,000,000 | ---D | C] -- C:\Users\Sony User\AppData\Local\{07CBAF22-9E3F-4F65-8175-5AA39A15B517} [2011.12.25 22:18:12 | 000,000,000 | ---D | C] -- C:\Windows\PCHEALTH [2011.12.25 22:17:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight [2011.12.25 22:17:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Silverlight [2011.12.25 22:13:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java [2011.12.25 22:12:54 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe [2011.12.25 22:12:54 | 000,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe [2011.12.25 22:12:54 | 000,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe [2011.12.25 22:10:14 | 000,000,000 | ---D | C] -- C:\Users\Sony User\AppData\Roaming\Avira [2011.12.25 22:07:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira [2011.12.25 22:07:10 | 000,130,760 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avipbb.sys [2011.12.25 22:07:10 | 000,097,312 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avgntflt.sys [2011.12.25 22:07:10 | 000,027,760 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avkmgr.sys [2011.12.25 22:07:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira [2011.12.25 22:07:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Avira [2011.12.25 22:04:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DVDVideoSoft [2011.12.25 21:48:07 | 000,319,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\odbcjt32.dll [2011.12.25 21:48:07 | 000,212,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\odbctrac.dll [2011.12.25 21:48:07 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\odbctrac.dll [2011.12.25 21:48:07 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\odbccp32.dll [2011.12.25 21:48:07 | 000,122,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\odbccp32.dll [2011.12.25 21:48:07 | 000,106,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\odbccu32.dll [2011.12.25 21:48:07 | 000,106,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\odbccr32.dll [2011.12.25 21:48:07 | 000,086,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\odbccu32.dll [2011.12.25 21:48:07 | 000,081,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\odbccr32.dll [2011.12.25 21:47:57 | 000,142,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\poqexec.exe [2011.12.25 21:47:57 | 000,123,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\poqexec.exe [2011.12.25 21:47:52 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\csrsrv.dll [2011.12.25 21:47:23 | 000,613,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\psisdecd.dll [2011.12.25 21:47:23 | 000,465,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\psisdecd.dll [2011.12.25 21:47:23 | 000,288,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MSNP.ax [2011.12.25 21:47:23 | 000,204,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MSNP.ax [2011.12.25 21:47:23 | 000,108,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\psisrndr.ax [2011.12.25 21:47:23 | 000,075,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\psisrndr.ax [2011.12.25 21:47:22 | 000,104,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Mpeg2Data.ax [2011.12.25 21:47:22 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Mpeg2Data.ax [2011.12.25 21:47:21 | 000,075,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MSDvbNP.ax [2011.12.25 21:47:21 | 000,059,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MSDvbNP.ax [2011.12.25 21:47:19 | 001,162,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kernel32.dll [2011.12.25 21:47:19 | 000,422,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KernelBase.dll [2011.12.25 21:47:19 | 000,362,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64win.dll [2011.12.25 21:47:19 | 000,338,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\conhost.exe [2011.12.25 21:47:19 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64.dll [2011.12.25 21:47:19 | 000,214,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll [2011.12.25 21:47:18 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe [2011.12.25 21:47:18 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntvdm64.dll [2011.12.25 21:47:17 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll [2011.12.25 21:47:17 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64cpu.dll [2011.12.25 21:47:17 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe [2011.12.25 21:47:17 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll [2011.12.25 21:47:17 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll [2011.12.25 21:47:17 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-libraryloader-l1-1-0.dll [2011.12.25 21:47:16 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll [2011.12.25 21:47:16 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-security-base-l1-1-0.dll [2011.12.25 21:47:16 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-file-l1-1-0.dll [2011.12.25 21:47:16 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-file-l1-1-0.dll [2011.12.25 21:47:16 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll [2011.12.25 21:47:16 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-threadpool-l1-1-0.dll [2011.12.25 21:47:16 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll [2011.12.25 21:47:16 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processthreads-l1-1-0.dll [2011.12.25 21:47:16 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll [2011.12.25 21:47:16 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-sysinfo-l1-1-0.dll [2011.12.25 21:47:16 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll [2011.12.25 21:47:16 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-synch-l1-1-0.dll [2011.12.25 21:47:16 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll [2011.12.25 21:47:16 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll [2011.12.25 21:47:16 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localregistry-l1-1-0.dll [2011.12.25 21:47:16 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll [2011.12.25 21:47:16 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localization-l1-1-0.dll [2011.12.25 21:47:16 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll [2011.12.25 21:47:16 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-rtlsupport-l1-1-0.dll [2011.12.25 21:47:16 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll [2011.12.25 21:47:16 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processenvironment-l1-1-0.dll [2011.12.25 21:47:16 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll [2011.12.25 21:47:16 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-namedpipe-l1-1-0.dll [2011.12.25 21:47:16 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-misc-l1-1-0.dll [2011.12.25 21:47:16 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll [2011.12.25 21:47:16 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-memory-l1-1-0.dll [2011.12.25 21:47:16 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll [2011.12.25 21:47:16 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll [2011.12.25 21:47:16 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-heap-l1-1-0.dll [2011.12.25 21:47:16 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-xstate-l1-1-0.dll [2011.12.25 21:47:16 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll [2011.12.25 21:47:16 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-util-l1-1-0.dll [2011.12.25 21:47:16 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-string-l1-1-0.dll [2011.12.25 21:47:16 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-string-l1-1-0.dll [2011.12.25 21:47:16 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll [2011.12.25 21:47:16 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll [2011.12.25 21:47:16 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-profile-l1-1-0.dll [2011.12.25 21:47:16 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-io-l1-1-0.dll [2011.12.25 21:47:16 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-io-l1-1-0.dll [2011.12.25 21:47:16 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-interlocked-l1-1-0.dll [2011.12.25 21:47:16 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll [2011.12.25 21:47:16 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-handle-l1-1-0.dll [2011.12.25 21:47:16 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll [2011.12.25 21:47:16 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-fibers-l1-1-0.dll [2011.12.25 21:47:16 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll [2011.12.25 21:47:16 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-errorhandling-l1-1-0.dll [2011.12.25 21:47:16 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll [2011.12.25 21:47:16 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-delayload-l1-1-0.dll [2011.12.25 21:47:16 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll [2011.12.25 21:47:16 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-debug-l1-1-0.dll [2011.12.25 21:47:16 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll [2011.12.25 21:47:16 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-datetime-l1-1-0.dll [2011.12.25 21:47:16 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-console-l1-1-0.dll [2011.12.25 21:47:16 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-console-l1-1-0.dll [2011.12.25 21:47:15 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe [2011.12.25 21:47:13 | 000,252,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\drvinst.exe [2011.12.25 21:47:13 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\devrtl.dll [2011.12.25 21:47:10 | 000,861,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\oleaut32.dll [2011.12.25 21:47:10 | 000,331,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\oleacc.dll [2011.12.25 21:47:09 | 000,723,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\EncDec.dll [2011.12.25 21:47:09 | 000,534,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\EncDec.dll [2011.12.25 21:46:55 | 005,507,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe [2011.12.25 21:46:55 | 003,957,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe [2011.12.25 21:46:54 | 003,902,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe [2011.12.25 21:36:20 | 000,414,368 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl ========== Files - Modified Within 30 Days ========== [2011.12.27 21:19:38 | 000,041,272 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys [2011.12.27 19:30:50 | 000,000,054 | ---- | M] () -- C:\Windows\Lic.xxx [2011.12.27 19:22:31 | 000,632,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msvcr80.dll [2011.12.27 19:22:30 | 000,554,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msvcp80.dll [2011.12.27 19:22:29 | 000,034,048 | ---- | M] (MicroWorld Technologies Inc.) -- C:\Windows\SysWow64\eEmpty.exe [2011.12.27 19:21:44 | 068,866,904 | ---- | M] () -- C:\Users\Sony User\Desktop\mwav.exe [2011.12.27 18:45:35 | 000,009,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2011.12.27 18:45:35 | 000,009,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2011.12.27 18:37:32 | 000,065,536 | ---- | M] () -- C:\Windows\SysNative\Ikeext.etl [2011.12.27 18:37:19 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2011.12.27 18:37:06 | 3195,293,696 | -HS- | M] () -- C:\hiberfil.sys [2011.12.27 15:12:03 | 000,000,181 | ---- | M] () -- C:\Windows\WININIT.INI [2011.12.27 10:06:29 | 001,918,464 | ---- | M] (AVAST Software) -- C:\Users\Sony User\Desktop\aswMBR.exe [2011.12.27 09:56:29 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Sony User\Desktop\OTL.exe [2011.12.26 11:41:02 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts [2011.12.26 09:23:34 | 001,472,002 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2011.12.26 09:23:34 | 000,643,866 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2011.12.26 09:23:34 | 000,607,190 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2011.12.26 09:23:34 | 000,126,394 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2011.12.26 09:23:34 | 000,103,568 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2011.12.26 09:16:06 | 000,446,816 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2011.12.25 21:36:20 | 000,414,368 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl [2011.12.15 15:00:00 | 000,027,760 | ---- | M] (Avira GmbH) -- C:\Windows\SysNative\drivers\avkmgr.sys [2011.12.15 14:59:59 | 000,130,760 | ---- | M] (Avira GmbH) -- C:\Windows\SysNative\drivers\avipbb.sys [2011.12.15 14:59:59 | 000,097,312 | ---- | M] (Avira GmbH) -- C:\Windows\SysNative\drivers\avgntflt.sys ========== Files Created - No Company Name ========== [2011.12.27 19:22:47 | 000,000,054 | ---- | C] () -- C:\Windows\Lic.xxx [2011.12.27 19:20:18 | 068,866,904 | ---- | C] () -- C:\Users\Sony User\Desktop\mwav.exe [2011.12.27 15:12:03 | 000,000,181 | ---- | C] () -- C:\Windows\WININIT.INI [2011.12.25 22:19:24 | 000,002,486 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Messenger.lnk [2010.07.25 08:39:33 | 000,008,192 | ---- | C] () -- C:\Users\Sony User\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010.04.05 19:37:57 | 000,008,718 | ---- | C] () -- C:\Users\Sony User\AppData\Roaming\wklnhst.dat [2009.12.20 18:02:09 | 000,027,639 | ---- | C] () -- C:\Users\Sony User\AppData\Roaming\UserTile.png [2009.09.06 09:32:41 | 000,000,000 | ---- | C] () -- C:\Windows\VAIOUpdt.INI [2009.09.06 09:07:13 | 000,002,835 | ---- | C] () -- C:\Windows\SysWow64\McOEMAppRules.dat [2009.08.17 21:11:49 | 000,982,220 | ---- | C] () -- C:\Windows\SysWow64\igkrng500.bin [2009.08.17 21:11:46 | 000,134,592 | ---- | C] () -- C:\Windows\SysWow64\igfcg500.bin [2009.08.17 21:11:46 | 000,092,216 | ---- | C] () -- C:\Windows\SysWow64\igfcg500m.bin [2009.08.17 21:11:44 | 000,439,300 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng500.bin [2009.08.17 13:27:21 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin [2009.07.14 06:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2009.07.14 03:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT [2009.07.14 03:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat [2009.07.14 01:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2009.07.14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll [2009.07.13 22:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll [2009.06.10 22:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat < End of report > |
Themen zu Malewarebytes Antimalware stoppt "svchost.exe" ip :82.98.97.183 bis 82.98.97.205 |
.dll, autorun, avast, avg, bho, c:\windows\system32\services.exe, converter, desktop, dllhost.exe, error, eudora, firefox, home, internet, langs, logfile, mbamservice.exe, mp3, nodrives, nt.dll, ntdll.dll, plug-in, programm, prozesse, realtek, registry, rundll, sched.exe, senden, services.exe, software, studio, svchost.exe, verweise, warnung, windows, wuauclt.exe |