Malewarebytes Antimalware stoppt "svchost.exe" ip :82.98.97.183 bis 82.98.97.205

Sohn_des_Mondes · 27.12.2011, 21:29

Hallo, Antimalware stoppt immer den zugriff auf "svchost.exe"
Dieses geschiet ca alle 10 Minuten.

Antivir

Code:

ATTFilter

Avira Free Antivirus
Erstellungsdatum der Reportdatei: Sonntag, 25. Dezember 2011  23:39

Es wird nach 2970283 Virenstämmen gesucht.

Das Programm läuft als uneingeschränkte Vollversion.
Online-Dienste stehen zur Verfügung.

Lizenznehmer   : Avira AntiVir Personal - Free Antivirus
Seriennummer   : 0000149996-ADJIE-0000001
Plattform      : Windows 7 x64
Windowsversion : (plain)  [6.1.7600]
Boot Modus     : Normal gebootet
Benutzername   : Sony User
Computername   : SONYUSER-VAIO

Versionsinformationen:
BUILD.DAT      : 12.0.0.872     41826 Bytes  15.12.2011 16:24:00
AVSCAN.EXE     : 12.1.0.18     490448 Bytes  15.12.2011 13:59:39
AVSCAN.DLL     : 12.1.0.17      65744 Bytes  15.12.2011 13:59:56
LUKE.DLL       : 12.1.0.17      68304 Bytes  15.12.2011 13:59:47
AVSCPLR.DLL    : 12.1.0.21      99536 Bytes  15.12.2011 13:59:39
AVREG.DLL      : 12.1.0.27     227536 Bytes  15.12.2011 13:59:38
VBASE000.VDF   : 7.10.0.0    19875328 Bytes  06.11.2009 18:18:34
VBASE001.VDF   : 7.11.0.0    13342208 Bytes  14.12.2010 23:31:49
VBASE002.VDF   : 7.11.19.170 14374912 Bytes  20.12.2011 21:08:17
VBASE003.VDF   : 7.11.19.171     2048 Bytes  20.12.2011 21:08:17
VBASE004.VDF   : 7.11.19.172     2048 Bytes  20.12.2011 21:08:17
VBASE005.VDF   : 7.11.19.173     2048 Bytes  20.12.2011 21:08:17
VBASE006.VDF   : 7.11.19.174     2048 Bytes  20.12.2011 21:08:17
VBASE007.VDF   : 7.11.19.175     2048 Bytes  20.12.2011 21:08:17
VBASE008.VDF   : 7.11.19.176     2048 Bytes  20.12.2011 21:08:18
VBASE009.VDF   : 7.11.19.177     2048 Bytes  20.12.2011 21:08:18
VBASE010.VDF   : 7.11.19.178     2048 Bytes  20.12.2011 21:08:18
VBASE011.VDF   : 7.11.19.179     2048 Bytes  20.12.2011 21:08:18
VBASE012.VDF   : 7.11.19.180     2048 Bytes  20.12.2011 21:08:18
VBASE013.VDF   : 7.11.19.217   182784 Bytes  22.12.2011 21:08:18
VBASE014.VDF   : 7.11.19.255   148480 Bytes  24.12.2011 21:08:19
VBASE015.VDF   : 7.11.20.0       2048 Bytes  24.12.2011 21:08:19
VBASE016.VDF   : 7.11.20.1       2048 Bytes  24.12.2011 21:08:19
VBASE017.VDF   : 7.11.20.2       2048 Bytes  24.12.2011 21:08:19
VBASE018.VDF   : 7.11.20.3       2048 Bytes  24.12.2011 21:08:19
VBASE019.VDF   : 7.11.20.4       2048 Bytes  24.12.2011 21:08:19
VBASE020.VDF   : 7.11.20.5       2048 Bytes  24.12.2011 21:08:19
VBASE021.VDF   : 7.11.20.6       2048 Bytes  24.12.2011 21:08:19
VBASE022.VDF   : 7.11.20.7       2048 Bytes  24.12.2011 21:08:19
VBASE023.VDF   : 7.11.20.8       2048 Bytes  24.12.2011 21:08:19
VBASE024.VDF   : 7.11.20.9       2048 Bytes  24.12.2011 21:08:19
VBASE025.VDF   : 7.11.20.10      2048 Bytes  24.12.2011 21:08:19
VBASE026.VDF   : 7.11.20.11      2048 Bytes  24.12.2011 21:08:19
VBASE027.VDF   : 7.11.20.12      2048 Bytes  24.12.2011 21:08:19
VBASE028.VDF   : 7.11.20.13      2048 Bytes  24.12.2011 21:08:19
VBASE029.VDF   : 7.11.20.14      2048 Bytes  24.12.2011 21:08:19
VBASE030.VDF   : 7.11.20.15      2048 Bytes  24.12.2011 21:08:19
VBASE031.VDF   : 7.11.20.18     81920 Bytes  25.12.2011 21:08:20
Engineversion  : 8.2.8.8   
AEVDF.DLL      : 8.1.2.2       106868 Bytes  15.12.2011 13:59:36
AESCRIPT.DLL   : 8.1.3.92      495996 Bytes  25.12.2011 21:08:24
AESCN.DLL      : 8.1.7.2       127349 Bytes  14.12.2011 23:31:02
AESBX.DLL      : 8.2.4.5       434549 Bytes  15.12.2011 13:59:35
AERDL.DLL      : 8.1.9.15      639348 Bytes  14.12.2011 23:31:02
AEPACK.DLL     : 8.2.15.1      770423 Bytes  15.12.2011 13:59:35
AEOFFICE.DLL   : 8.1.2.24      201084 Bytes  25.12.2011 21:08:23
AEHEUR.DLL     : 8.1.3.8      4231543 Bytes  25.12.2011 21:08:23
AEHELP.DLL     : 8.1.18.0      254327 Bytes  15.12.2011 13:59:31
AEGEN.DLL      : 8.1.5.17      405877 Bytes  15.12.2011 13:59:31
AEEMU.DLL      : 8.1.3.0       393589 Bytes  14.12.2011 23:30:58
AECORE.DLL     : 8.1.24.2      201080 Bytes  25.12.2011 21:08:20
AEBB.DLL       : 8.1.1.0        53618 Bytes  14.12.2011 23:30:58
AVWINLL.DLL    : 12.1.0.17      27344 Bytes  15.12.2011 13:59:41
AVPREF.DLL     : 12.1.0.17      51920 Bytes  15.12.2011 13:59:38
AVREP.DLL      : 12.1.0.17     179408 Bytes  15.12.2011 13:59:38
AVARKT.DLL     : 12.1.0.19     208848 Bytes  15.12.2011 13:59:36
AVEVTLOG.DLL   : 12.1.0.17     169168 Bytes  15.12.2011 13:59:37
SQLITE3.DLL    : 3.7.0.0       398288 Bytes  15.12.2011 13:59:50
AVSMTP.DLL     : 12.1.0.17      62928 Bytes  15.12.2011 13:59:39
NETNT.DLL      : 12.1.0.17      17104 Bytes  15.12.2011 13:59:47
RCIMAGE.DLL    : 12.1.0.17    4447952 Bytes  15.12.2011 13:59:58
RCTEXT.DLL     : 12.1.0.16      98512 Bytes  15.12.2011 13:59:59

Konfiguration für den aktuellen Suchlauf:
Job Name..............................: Lokale Laufwerke
Konfigurationsdatei...................: C:\Program Files (x86)\Avira\AntiVir Desktop\alldrives.avp
Protokollierung.......................: standard
Primäre Aktion........................: löschen
Sekundäre Aktion......................: löschen
Durchsuche Masterbootsektoren.........: ein
Durchsuche Bootsektoren...............: ein
Bootsektoren..........................: C:, D:, E:, F:, 
Durchsuche aktive Programme...........: ein
Durchsuche Registrierung..............: ein
Suche nach Rootkits...................: ein
Integritätsprüfung von Systemdateien..: ein
Datei Suchmodus.......................: Alle Dateien
Durchsuche Archive....................: ein
Rekursionstiefe einschränken..........: 20
Archiv Smart Extensions...............: ein
Abweichende Archivtypen...............: +BSD Mailbox, +Netscape/Mozilla Mailbox, +Eudora Mailbox, +Squid cache, +Pegasus Mailbox, +MS Outlook Mailbox, +ISO 9660, 
Makrovirenheuristik...................: ein
Dateiheuristik........................: vollständig
Abweichende Gefahrenkategorien........: +APPL,+GAME,+JOKE,+PCK,+PFS,+SPR,

Beginn des Suchlaufs: Sonntag, 25. Dezember 2011  23:39

Der Suchlauf über die Masterbootsektoren wird begonnen:
Masterbootsektor HD0
    [INFO]      Es wurde kein Virus gefunden!
Masterbootsektor HD1
    [INFO]      Es wurde kein Virus gefunden!
Masterbootsektor HD2
    [INFO]      Es wurde kein Virus gefunden!

Der Suchlauf über die Bootsektoren wird begonnen:
Bootsektor 'C:\'
    [INFO]      Es wurde kein Virus gefunden!
Bootsektor 'D:\'
    [INFO]      Im  Laufwerk 'D:\' ist kein Datenträger eingelegt!
Bootsektor 'E:\'
    [INFO]      Im  Laufwerk 'E:\' ist kein Datenträger eingelegt!

Der Suchlauf nach versteckten Objekten wird begonnen.

Der Suchlauf über gestartete Prozesse wird begonnen:
Durchsuche Prozess 'avscan.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'avcenter.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'mbamgui.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'mbamservice.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'avgnt.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'sched.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'avguard.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'AdobeARM.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'VCSW.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'ISBMgr.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'VESMgrSub.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'VMCService.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'DllHost.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'VzCdbSvc.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'VCFw.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'VESMgr.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'uCamMonitor.exe' - '1' Modul(e) wurden durchsucht

Untersuchung der Systemdateien wird begonnen:
Signiert -> 'C:\Windows\system32\svchost.exe'
Signiert -> 'C:\Windows\system32\winlogon.exe'
Signiert -> 'C:\Windows\explorer.exe'
Signiert -> 'C:\Windows\system32\smss.exe'
Signiert -> 'C:\Windows\system32\wininet.DLL'
Signiert -> 'C:\Windows\system32\wsock32.DLL'
Signiert -> 'C:\Windows\system32\ws2_32.DLL'
Signiert -> 'C:\Windows\system32\services.exe'
Signiert -> 'C:\Windows\system32\lsass.exe'
Signiert -> 'C:\Windows\system32\csrss.exe'
Signiert -> 'C:\Windows\system32\drivers\kbdclass.sys'
Signiert -> 'C:\Windows\system32\spoolsv.exe'
Signiert -> 'C:\Windows\system32\alg.exe'
Signiert -> 'C:\Windows\system32\wuauclt.exe'
Signiert -> 'C:\Windows\system32\advapi32.DLL'
Signiert -> 'C:\Windows\system32\user32.DLL'
Signiert -> 'C:\Windows\system32\gdi32.DLL'
Signiert -> 'C:\Windows\system32\kernel32.DLL'
Signiert -> 'C:\Windows\system32\ntdll.DLL'
Signiert -> 'C:\Windows\system32\ntoskrnl.exe'
Signiert -> 'C:\Windows\system32\ctfmon.exe'
Die Systemdateien wurden durchsucht ('21' Dateien)

Der Suchlauf auf Verweise zu ausführbaren Dateien (Registry) wird begonnen:
Die Registry wurde durchsucht ( '2857' Dateien ).


Der Suchlauf über die ausgewählten Dateien wird begonnen:

Beginne mit der Suche in 'C:\'
C:\Users\Sony User\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KTDI2CKT\wlsetup-all.exe
  [0] Archivtyp: Portable Executable Resource
  --> object
      [1] Archivtyp: CAB (Microsoft)
    --> WriterProdLang.7z
        [2] Archivtyp: 7-Zip
      --> WriterProdLang.cab
          [3] Archivtyp: CAB (Microsoft)
        --> writerprodlang.msi
            [WARNUNG]   Die Datei konnte nicht gelesen werden!
  --> object
      [1] Archivtyp: CAB (Microsoft)
    --> LanguageSelector64.7z
        [2] Archivtyp: 7-Zip
      --> LanguageSelector64.cab
          [3] Archivtyp: CAB (Microsoft)
        --> LanguageSelector64.msi
            [WARNUNG]   Die Datei konnte nicht gelesen werden!
C:\Users\Sony User\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\12\1dd6a40c-251ef117
  [0] Archivtyp: ZIP
  --> ________vload.class
      [FUND]      Enthält Erkennungsmuster des Exploits EXP/CVE-2008-5353.KM
  --> vmain.class
      [FUND]      Enthält Erkennungsmuster des Exploits EXP/CVE-2008-5353.ND
  [HINWEIS]   Eine Sicherungskopie wurde unter dem Namen 4944268e.qua erstellt ( QUARANTÄNE )
  [HINWEIS]   Die Datei wurde gelöscht.
C:\Users\Sony User\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\18\105e14d2-140a64fd
  [0] Archivtyp: ZIP
  --> Base64cod.class
      [FUND]      Enthält Erkennungsmuster des Java-Virus JAVA/Dldr.Small.hej
  --> Googles.class
      [FUND]      Enthält Erkennungsmuster des Java-Virus JAVA/Agent.F.18035
  [HINWEIS]   Eine Sicherungskopie wurde unter dem Namen 51a4091d.qua erstellt ( QUARANTÄNE )
  [HINWEIS]   Die Datei wurde gelöscht.
C:\Users\Sony User\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\23\160ba957-7a18bb26
  [0] Archivtyp: ZIP
  --> ________vload.class
      [FUND]      Enthält Erkennungsmuster des Java-Virus JAVA/Agent.AH
  --> vmain.class
      [FUND]      Enthält Erkennungsmuster des Exploits EXP/CVE-2008-5353.PA
  [HINWEIS]   Eine Sicherungskopie wurde unter dem Namen 03f053fc.qua erstellt ( QUARANTÄNE )
  [HINWEIS]   Die Datei wurde gelöscht.
C:\Users\Sony User\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\25\cf0c019-64d6e84d
  [0] Archivtyp: ZIP
  --> sunos/Globales.class
      [FUND]      Enthält Erkennungsmuster des Java-Virus JAVA/SystemSpy.A.1
  --> sunos/Manuals.class
      [FUND]      Enthält Erkennungsmuster des Java-Virus JAVA/ClassLoad.AF
  --> sunos/Support.class
      [FUND]      Enthält Erkennungsmuster des Java-Virus JAVA/ClassLo.AF.1.B
  [HINWEIS]   Eine Sicherungskopie wurde unter dem Namen 65c71c09.qua erstellt ( QUARANTÄNE )
  [HINWEIS]   Die Datei wurde gelöscht.
C:\Users\Sony User\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\28\68a9cc5c-188bb89d
  [0] Archivtyp: ZIP
  --> ________vload.class
      [FUND]      Enthält Erkennungsmuster des Java-Virus JAVA/Agent.AH
  --> vmain.class
      [FUND]      Enthält Erkennungsmuster des Exploits EXP/CVE-2008-5353.PA
  [HINWEIS]   Eine Sicherungskopie wurde unter dem Namen 203c3119.qua erstellt ( QUARANTÄNE )
  [HINWEIS]   Die Datei wurde gelöscht.
C:\Users\Sony User\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\33\30feb821-7be8da52
  [0] Archivtyp: ZIP
  --> ________vload.class
      [FUND]      Enthält Erkennungsmuster des Exploits EXP/CVE-2008-5353.KM
  --> vmain.class
      [FUND]      Enthält Erkennungsmuster des Exploits EXP/CVE-2008-5353.ND
  [HINWEIS]   Eine Sicherungskopie wurde unter dem Namen 5f220364.qua erstellt ( QUARANTÄNE )
  [HINWEIS]   Die Datei wurde gelöscht.
C:\Users\Sony User\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\37\170f8765-23c4db87
  [0] Archivtyp: ZIP
  --> vmain.class
      [FUND]      Enthält Erkennungsmuster des Java-Virus JAVA/Agent.AL.3
  [HINWEIS]   Eine Sicherungskopie wurde unter dem Namen 13e02f37.qua erstellt ( QUARANTÄNE )
  [HINWEIS]   Die Datei wurde gelöscht.
C:\Users\Sony User\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\38\706b3426-4717d0eb
  [0] Archivtyp: ZIP
  --> bpac/a$1.class
      [FUND]      Enthält Erkennungsmuster des Exploits EXP/Java.EG
  --> bpac/a.class
      [FUND]      Enthält Erkennungsmuster des Java-Virus JAVA/OpenConnect.CF
  --> bpac/b.class
      [FUND]      Enthält Erkennungsmuster des Exploits EXP/CVE-2010-0840.L
  --> bpac/KAVS.class
      [FUND]      Enthält Erkennungsmuster des Exploits EXP/CVE-2010-0840.BB
  [HINWEIS]   Eine Sicherungskopie wurde unter dem Namen 6ff26f7e.qua erstellt ( QUARANTÄNE )
  [HINWEIS]   Die Datei wurde gelöscht.
C:\Users\Sony User\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\49\1eff1eb1-611bcd93
  [0] Archivtyp: ZIP
  --> vmain.class
      [FUND]      Enthält Erkennungsmuster des Exploits EXP/CVE-2009-3867.GC
  [HINWEIS]   Eine Sicherungskopie wurde unter dem Namen 42d840fc.qua erstellt ( QUARANTÄNE )
  [HINWEIS]   Die Datei wurde gelöscht.
C:\Users\Sony User\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\52\31bba1f4-4fcf4f20
  [0] Archivtyp: ZIP
  --> vmain.class
      [FUND]      Enthält Erkennungsmuster des Exploits EXP/CVE-2009-3867.GC
  [HINWEIS]   Eine Sicherungskopie wurde unter dem Namen 5bb47baa.qua erstellt ( QUARANTÄNE )
  [HINWEIS]   Die Datei wurde gelöscht.
C:\Users\Sony User\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\53\42441975-3ff5bb5f
  [0] Archivtyp: ZIP
  --> vmain.class
      [FUND]      Enthält Erkennungsmuster des Exploits EXP/CVE-2009-3867.EH
  [HINWEIS]   Eine Sicherungskopie wurde unter dem Namen 379a5784.qua erstellt ( QUARANTÄNE )
  [HINWEIS]   Die Datei wurde gelöscht.
C:\Users\Sony User\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\58\d552d7a-448cf279
  [0] Archivtyp: ZIP
  --> vmain.class
      [FUND]      Enthält Erkennungsmuster des Java-Virus JAVA/Agent.AL.3
  [HINWEIS]   Eine Sicherungskopie wurde unter dem Namen 46246e12.qua erstellt ( QUARANTÄNE )
  [HINWEIS]   Die Datei wurde gelöscht.
C:\Users\Sony User\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\59\4eb49b7b-6939d3d5
  [0] Archivtyp: ZIP
  --> sunny/MyFiles.class
      [FUND]      Enthält Erkennungsmuster des Java-Virus JAVA/Dldr.Age.3159
  [HINWEIS]   Eine Sicherungskopie wurde unter dem Namen 484b5e05.qua erstellt ( QUARANTÄNE )
  [HINWEIS]   Die Datei wurde gelöscht.
Beginne mit der Suche in 'D:\'
Der zu durchsuchende Pfad D:\ konnte nicht geöffnet werden!
Systemfehler [21]: Das Gerät ist nicht bereit.
Beginne mit der Suche in 'E:\'
Der zu durchsuchende Pfad E:\ konnte nicht geöffnet werden!
Systemfehler [21]: Das Gerät ist nicht bereit.
Beginne mit der Suche in 'F:\'
Der zu durchsuchende Pfad F:\ konnte nicht geöffnet werden!
Systemfehler [21]: Das Gerät ist nicht bereit.


Ende des Suchlaufs: Montag, 26. Dezember 2011  00:27
Benötigte Zeit: 48:45 Minute(n)

Der Suchlauf wurde vollständig durchgeführt.

  22731 Verzeichnisse wurden überprüft
 423969 Dateien wurden geprüft
     23 Viren bzw. unerwünschte Programme wurden gefunden
      0 Dateien wurden als verdächtig eingestuft
     13 Dateien wurden gelöscht
      0 Viren bzw. unerwünschte Programme wurden repariert
     13 Dateien wurden in die Quarantäne verschoben
      0 Dateien wurden umbenannt
      0 Dateien konnten nicht durchsucht werden
 423946 Dateien ohne Befall
   2734 Archive wurden durchsucht
      2 Warnungen
     13 Hinweise
  27201 Objekte wurden beim Rootkitscan durchsucht
      0 Versteckte Objekte wurden gefunden

nach dem zweiten und dritten mal scannen wurde nichts mehr gefunden.

Maleware

Code:

ATTFilter

09:49:20	Sony User	MESSAGE	Protection started successfully
09:49:25	Sony User	MESSAGE	IP Protection started successfully
09:57:41	Sony User	IP-BLOCK	82.98.97.185 (Type: outgoing, Port: 49288, Process: svchost.exe)
09:57:41	Sony User	IP-BLOCK	82.98.97.203 (Type: outgoing, Port: 49289, Process: svchost.exe)
09:57:41	Sony User	IP-BLOCK	82.98.97.206 (Type: outgoing, Port: 49290, Process: svchost.exe)
09:57:41	Sony User	IP-BLOCK	82.98.97.183 (Type: outgoing, Port: 49291, Process: svchost.exe)
09:57:41	Sony User	IP-BLOCK	82.98.97.185 (Type: outgoing, Port: 49292, Process: svchost.exe)
10:05:55	Sony User	MESSAGE	Protection started successfully
10:05:59	Sony User	MESSAGE	IP Protection started successfully
10:14:17	Sony User	IP-BLOCK	82.98.97.185 (Type: outgoing, Port: 49349, Process: svchost.exe)
10:14:17	Sony User	IP-BLOCK	82.98.97.203 (Type: outgoing, Port: 49350, Process: svchost.exe)
10:14:17	Sony User	IP-BLOCK	82.98.97.206 (Type: outgoing, Port: 49351, Process: svchost.exe)
10:14:17	Sony User	IP-BLOCK	82.98.97.183 (Type: outgoing, Port: 49352, Process: svchost.exe)
10:14:17	Sony User	IP-BLOCK	82.98.97.185 (Type: outgoing, Port: 49353, Process: svchost.exe)
10:24:19	Sony User	IP-BLOCK	82.98.97.203 (Type: outgoing, Port: 49365, Process: svchost.exe)
10:24:19	Sony User	IP-BLOCK	82.98.97.206 (Type: outgoing, Port: 49366, Process: svchost.exe)
10:24:19	Sony User	IP-BLOCK	82.98.97.183 (Type: outgoing, Port: 49367, Process: svchost.exe)
10:24:19	Sony User	IP-BLOCK	82.98.97.185 (Type: outgoing, Port: 49368, Process: svchost.exe)
10:24:19	Sony User	IP-BLOCK	82.98.97.203 (Type: outgoing, Port: 49369, Process: svchost.exe)
10:34:20	Sony User	IP-BLOCK	82.98.97.206 (Type: outgoing, Port: 49474, Process: svchost.exe)
10:34:20	Sony User	IP-BLOCK	82.98.97.183 (Type: outgoing, Port: 49475, Process: svchost.exe)
10:34:20	Sony User	IP-BLOCK	82.98.97.185 (Type: outgoing, Port: 49476, Process: svchost.exe)
10:34:20	Sony User	IP-BLOCK	82.98.97.203 (Type: outgoing, Port: 49477, Process: svchost.exe)
10:34:20	Sony User	IP-BLOCK	82.98.97.206 (Type: outgoing, Port: 49478, Process: svchost.exe)
10:44:20	Sony User	IP-BLOCK	82.98.97.183 (Type: outgoing, Port: 49796, Process: svchost.exe)
10:44:21	Sony User	IP-BLOCK	82.98.97.185 (Type: outgoing, Port: 49797, Process: svchost.exe)
10:44:21	Sony User	IP-BLOCK	82.98.97.203 (Type: outgoing, Port: 49798, Process: svchost.exe)
10:44:21	Sony User	IP-BLOCK	82.98.97.206 (Type: outgoing, Port: 49799, Process: svchost.exe)
10:44:21	Sony User	IP-BLOCK	82.98.97.183 (Type: outgoing, Port: 49800, Process: svchost.exe)
10:53:01	Sony User	MESSAGE	Scheduled update executed successfully
10:54:25	Sony User	MESSAGE	IP Protection stopped
10:54:27	Sony User	MESSAGE	Database updated successfully
10:54:28	Sony User	MESSAGE	IP Protection started successfully
11:04:19	Sony User	IP-BLOCK	82.98.97.185 (Type: outgoing, Port: 49840, Process: svchost.exe)
11:04:19	Sony User	IP-BLOCK	82.98.97.203 (Type: outgoing, Port: 49841, Process: svchost.exe)
11:04:19	Sony User	IP-BLOCK	82.98.97.206 (Type: outgoing, Port: 49842, Process: svchost.exe)
11:04:19	Sony User	IP-BLOCK	82.98.97.183 (Type: outgoing, Port: 49843, Process: svchost.exe)
11:14:20	Sony User	IP-BLOCK	82.98.97.185 (Type: outgoing, Port: 49869, Process: svchost.exe)
11:14:20	Sony User	IP-BLOCK	82.98.97.203 (Type: outgoing, Port: 49870, Process: svchost.exe)
11:14:20	Sony User	IP-BLOCK	82.98.97.206 (Type: outgoing, Port: 49871, Process: svchost.exe)
11:14:20	Sony User	IP-BLOCK	82.98.97.183 (Type: outgoing, Port: 49872, Process: svchost.exe)
11:24:23	Sony User	IP-BLOCK	82.98.97.185 (Type: outgoing, Port: 49880, Process: svchost.exe)
11:24:23	Sony User	IP-BLOCK	82.98.97.203 (Type: outgoing, Port: 49881, Process: svchost.exe)
11:24:23	Sony User	IP-BLOCK	82.98.97.206 (Type: outgoing, Port: 49882, Process: svchost.exe)
11:24:23	Sony User	IP-BLOCK	82.98.97.183 (Type: outgoing, Port: 49883, Process: svchost.exe)
11:34:17	Sony User	IP-BLOCK	82.98.97.185 (Type: outgoing, Port: 49902, Process: svchost.exe)
11:34:17	Sony User	IP-BLOCK	82.98.97.203 (Type: outgoing, Port: 49903, Process: svchost.exe)
11:34:17	Sony User	IP-BLOCK	82.98.97.206 (Type: outgoing, Port: 49904, Process: svchost.exe)
11:34:17	Sony User	IP-BLOCK	82.98.97.183 (Type: outgoing, Port: 49905, Process: svchost.exe)
11:44:17	Sony User	IP-BLOCK	82.98.97.200 (Type: outgoing, Port: 49915, Process: svchost.exe)
11:54:18	Sony User	IP-BLOCK	82.98.97.185 (Type: outgoing, Port: 49943, Process: svchost.exe)
11:54:18	Sony User	IP-BLOCK	82.98.97.203 (Type: outgoing, Port: 49944, Process: svchost.exe)
11:54:18	Sony User	IP-BLOCK	82.98.97.206 (Type: outgoing, Port: 49945, Process: svchost.exe)
11:54:18	Sony User	IP-BLOCK	82.98.97.183 (Type: outgoing, Port: 49946, Process: svchost.exe)
12:04:21	Sony User	IP-BLOCK	82.98.97.185 (Type: outgoing, Port: 49962, Process: svchost.exe)
12:04:21	Sony User	IP-BLOCK	82.98.97.203 (Type: outgoing, Port: 49963, Process: svchost.exe)
12:04:21	Sony User	IP-BLOCK	82.98.97.206 (Type: outgoing, Port: 49964, Process: svchost.exe)
12:04:21	Sony User	IP-BLOCK	82.98.97.183 (Type: outgoing, Port: 49965, Process: svchost.exe)
12:14:21	Sony User	IP-BLOCK	82.98.97.185 (Type: outgoing, Port: 50337, Process: svchost.exe)
12:14:21	Sony User	IP-BLOCK	82.98.97.203 (Type: outgoing, Port: 50338, Process: svchost.exe)
12:14:21	Sony User	IP-BLOCK	82.98.97.206 (Type: outgoing, Port: 50339, Process: svchost.exe)
12:14:21	Sony User	IP-BLOCK	82.98.97.183 (Type: outgoing, Port: 50340, Process: svchost.exe)
12:24:22	Sony User	IP-BLOCK	82.98.97.185 (Type: outgoing, Port: 50683, Process: svchost.exe)
12:24:22	Sony User	IP-BLOCK	82.98.97.203 (Type: outgoing, Port: 50684, Process: svchost.exe)
12:24:22	Sony User	IP-BLOCK	82.98.97.206 (Type: outgoing, Port: 50685, Process: svchost.exe)
12:24:22	Sony User	IP-BLOCK	82.98.97.183 (Type: outgoing, Port: 50686, Process: svchost.exe)
12:34:23	Sony User	IP-BLOCK	82.98.97.200 (Type: outgoing, Port: 51033, Process: svchost.exe)
12:44:23	Sony User	IP-BLOCK	82.98.97.183 (Type: outgoing, Port: 51041, Process: svchost.exe)
12:44:23	Sony User	IP-BLOCK	82.98.97.185 (Type: outgoing, Port: 51042, Process: svchost.exe)
12:44:23	Sony User	IP-BLOCK	82.98.97.203 (Type: outgoing, Port: 51043, Process: svchost.exe)
12:44:23	Sony User	IP-BLOCK	82.98.97.206 (Type: outgoing, Port: 51044, Process: svchost.exe)
12:54:19	Sony User	IP-BLOCK	82.98.97.183 (Type: outgoing, Port: 51045, Process: svchost.exe)
12:54:19	Sony User	IP-BLOCK	82.98.97.185 (Type: outgoing, Port: 51046, Process: svchost.exe)
12:54:19	Sony User	IP-BLOCK	82.98.97.203 (Type: outgoing, Port: 51047, Process: svchost.exe)
12:54:19	Sony User	IP-BLOCK	82.98.97.206 (Type: outgoing, Port: 51048, Process: svchost.exe)
13:04:20	Sony User	IP-BLOCK	82.98.97.183 (Type: outgoing, Port: 51076, Process: svchost.exe)
13:04:20	Sony User	IP-BLOCK	82.98.97.185 (Type: outgoing, Port: 51077, Process: svchost.exe)
13:04:20	Sony User	IP-BLOCK	82.98.97.203 (Type: outgoing, Port: 51078, Process: svchost.exe)
13:04:20	Sony User	IP-BLOCK	82.98.97.206 (Type: outgoing, Port: 51079, Process: svchost.exe)
13:14:22	Sony User	IP-BLOCK	82.98.97.183 (Type: outgoing, Port: 51087, Process: svchost.exe)
13:14:22	Sony User	IP-BLOCK	82.98.97.185 (Type: outgoing, Port: 51088, Process: svchost.exe)
13:14:22	Sony User	IP-BLOCK	82.98.97.203 (Type: outgoing, Port: 51089, Process: svchost.exe)
13:14:22	Sony User	IP-BLOCK	82.98.97.206 (Type: outgoing, Port: 51090, Process: svchost.exe)
13:24:24	Sony User	IP-BLOCK	82.98.97.200 (Type: outgoing, Port: 51168, Process: svchost.exe)
13:34:25	Sony User	IP-BLOCK	82.98.97.183 (Type: outgoing, Port: 51184, Process: svchost.exe)
13:34:25	Sony User	IP-BLOCK	82.98.97.185 (Type: outgoing, Port: 51185, Process: svchost.exe)
13:34:25	Sony User	IP-BLOCK	82.98.97.203 (Type: outgoing, Port: 51186, Process: svchost.exe)
13:34:25	Sony User	IP-BLOCK	82.98.97.206 (Type: outgoing, Port: 51187, Process: svchost.exe)
13:44:25	Sony User	IP-BLOCK	82.98.97.183 (Type: outgoing, Port: 51196, Process: svchost.exe)
13:44:25	Sony User	IP-BLOCK	82.98.97.185 (Type: outgoing, Port: 51197, Process: svchost.exe)
13:44:25	Sony User	IP-BLOCK	82.98.97.203 (Type: outgoing, Port: 51198, Process: svchost.exe)
13:44:25	Sony User	IP-BLOCK	82.98.97.206 (Type: outgoing, Port: 51199, Process: svchost.exe)
13:54:19	Sony User	IP-BLOCK	82.98.97.183 (Type: outgoing, Port: 51200, Process: svchost.exe)
13:54:19	Sony User	IP-BLOCK	82.98.97.185 (Type: outgoing, Port: 51201, Process: svchost.exe)
13:54:19	Sony User	IP-BLOCK	82.98.97.203 (Type: outgoing, Port: 51202, Process: svchost.exe)
13:54:20	Sony User	IP-BLOCK	82.98.97.206 (Type: outgoing, Port: 51203, Process: svchost.exe)
14:11:44	Sony User	IP-BLOCK	82.98.97.206 (Type: outgoing, Port: 51220, Process: svchost.exe)
14:11:44	Sony User	IP-BLOCK	82.98.97.183 (Type: outgoing, Port: 51221, Process: svchost.exe)
14:11:44	Sony User	IP-BLOCK	82.98.97.185 (Type: outgoing, Port: 51222, Process: svchost.exe)
14:11:44	Sony User	IP-BLOCK	82.98.97.203 (Type: outgoing, Port: 51223, Process: svchost.exe)
14:21:53	Sony User	IP-BLOCK	82.98.97.200 (Type: outgoing, Port: 51620, Process: svchost.exe)
14:31:53	Sony User	IP-BLOCK	82.98.97.203 (Type: outgoing, Port: 51628, Process: svchost.exe)
14:31:53	Sony User	IP-BLOCK	82.98.97.206 (Type: outgoing, Port: 51629, Process: svchost.exe)
14:31:53	Sony User	IP-BLOCK	82.98.97.183 (Type: outgoing, Port: 51630, Process: svchost.exe)
14:31:53	Sony User	IP-BLOCK	82.98.97.185 (Type: outgoing, Port: 51631, Process: svchost.exe)
14:41:53	Sony User	IP-BLOCK	82.98.97.203 (Type: outgoing, Port: 51632, Process: svchost.exe)
14:41:53	Sony User	IP-BLOCK	82.98.97.206 (Type: outgoing, Port: 51633, Process: svchost.exe)
14:41:54	Sony User	IP-BLOCK	82.98.97.183 (Type: outgoing, Port: 51634, Process: svchost.exe)
14:41:54	Sony User	IP-BLOCK	82.98.97.185 (Type: outgoing, Port: 51635, Process: svchost.exe)
14:51:54	Sony User	IP-BLOCK	82.98.97.203 (Type: outgoing, Port: 51643, Process: svchost.exe)
14:51:54	Sony User	IP-BLOCK	82.98.97.206 (Type: outgoing, Port: 51644, Process: svchost.exe)
14:51:54	Sony User	IP-BLOCK	82.98.97.183 (Type: outgoing, Port: 51645, Process: svchost.exe)
14:51:54	Sony User	IP-BLOCK	82.98.97.185 (Type: outgoing, Port: 51646, Process: svchost.exe)
15:01:54	Sony User	IP-BLOCK	82.98.97.206 (Type: outgoing, Port: 51661, Process: svchost.exe)
15:01:54	Sony User	IP-BLOCK	82.98.97.183 (Type: outgoing, Port: 51662, Process: svchost.exe)
15:01:55	Sony User	IP-BLOCK	82.98.97.185 (Type: outgoing, Port: 51663, Process: svchost.exe)
15:01:55	Sony User	IP-BLOCK	82.98.97.203 (Type: outgoing, Port: 51664, Process: svchost.exe)
15:11:55	Sony User	IP-BLOCK	82.98.97.200 (Type: outgoing, Port: 51668, Process: svchost.exe)
15:21:50	Sony User	IP-BLOCK	82.98.97.206 (Type: outgoing, Port: 52165, Process: svchost.exe)
15:21:51	Sony User	IP-BLOCK	82.98.97.183 (Type: outgoing, Port: 52166, Process: svchost.exe)
15:21:51	Sony User	IP-BLOCK	82.98.97.185 (Type: outgoing, Port: 52167, Process: svchost.exe)
15:21:51	Sony User	IP-BLOCK	82.98.97.203 (Type: outgoing, Port: 52168, Process: svchost.exe)
15:31:51	Sony User	IP-BLOCK	82.98.97.185 (Type: outgoing, Port: 52176, Process: svchost.exe)
15:31:51	Sony User	IP-BLOCK	82.98.97.203 (Type: outgoing, Port: 52177, Process: svchost.exe)
15:31:51	Sony User	IP-BLOCK	82.98.97.206 (Type: outgoing, Port: 52178, Process: svchost.exe)
15:31:51	Sony User	IP-BLOCK	82.98.97.183 (Type: outgoing, Port: 52179, Process: svchost.exe)
15:41:51	Sony User	IP-BLOCK	82.98.97.185 (Type: outgoing, Port: 52300, Process: svchost.exe)
15:41:51	Sony User	IP-BLOCK	82.98.97.203 (Type: outgoing, Port: 52301, Process: svchost.exe)
15:41:51	Sony User	IP-BLOCK	82.98.97.206 (Type: outgoing, Port: 52302, Process: svchost.exe)
15:41:51	Sony User	IP-BLOCK	82.98.97.183 (Type: outgoing, Port: 52303, Process: svchost.exe)
15:51:52	Sony User	IP-BLOCK	82.98.97.185 (Type: outgoing, Port: 52311, Process: svchost.exe)
15:51:52	Sony User	IP-BLOCK	82.98.97.203 (Type: outgoing, Port: 52312, Process: svchost.exe)
15:51:52	Sony User	IP-BLOCK	82.98.97.206 (Type: outgoing, Port: 52313, Process: svchost.exe)
15:51:52	Sony User	IP-BLOCK	82.98.97.183 (Type: outgoing, Port: 52314, Process: svchost.exe)
16:01:52	Sony User	IP-BLOCK	82.98.97.200 (Type: outgoing, Port: 52324, Process: svchost.exe)
18:35:34	Sony User	IP-BLOCK	82.98.97.185 (Type: outgoing, Port: 52331, Process: svchost.exe)
18:40:30	Sony User	MESSAGE	Protection started successfully
18:40:34	Sony User	MESSAGE	IP Protection started successfully
18:48:51	Sony User	IP-BLOCK	82.98.97.185 (Type: outgoing, Port: 49337, Process: svchost.exe)
18:48:51	Sony User	IP-BLOCK	82.98.97.203 (Type: outgoing, Port: 49338, Process: svchost.exe)
18:48:51	Sony User	IP-BLOCK	82.98.97.206 (Type: outgoing, Port: 49339, Process: svchost.exe)
18:48:51	Sony User	IP-BLOCK	82.98.97.183 (Type: outgoing, Port: 49340, Process: svchost.exe)
18:48:51	Sony User	IP-BLOCK	82.98.97.185 (Type: outgoing, Port: 49341, Process: svchost.exe)
18:58:56	Sony User	IP-BLOCK	82.98.97.203 (Type: outgoing, Port: 49478, Process: svchost.exe)
18:58:56	Sony User	IP-BLOCK	82.98.97.206 (Type: outgoing, Port: 49479, Process: svchost.exe)
18:58:56	Sony User	IP-BLOCK	82.98.97.183 (Type: outgoing, Port: 49480, Process: svchost.exe)
18:58:56	Sony User	IP-BLOCK	82.98.97.185 (Type: outgoing, Port: 49481, Process: svchost.exe)
18:58:56	Sony User	IP-BLOCK	82.98.97.203 (Type: outgoing, Port: 49482, Process: svchost.exe)
19:08:49	Sony User	IP-BLOCK	82.98.97.206 (Type: outgoing, Port: 50112, Process: svchost.exe)
19:08:49	Sony User	IP-BLOCK	82.98.97.183 (Type: outgoing, Port: 50113, Process: svchost.exe)
19:08:49	Sony User	IP-BLOCK	82.98.97.203 (Type: outgoing, Port: 50114, Process: svchost.exe)
19:08:49	Sony User	IP-BLOCK	82.98.97.206 (Type: outgoing, Port: 50115, Process: svchost.exe)
19:08:49	Sony User	IP-BLOCK	82.98.97.183 (Type: outgoing, Port: 50116, Process: svchost.exe)
19:18:50	Sony User	IP-BLOCK	82.98.97.185 (Type: outgoing, Port: 50228, Process: svchost.exe)
19:18:50	Sony User	IP-BLOCK	82.98.97.203 (Type: outgoing, Port: 50229, Process: svchost.exe)
19:18:50	Sony User	IP-BLOCK	82.98.97.206 (Type: outgoing, Port: 50230, Process: svchost.exe)
19:18:50	Sony User	IP-BLOCK	82.98.97.183 (Type: outgoing, Port: 50231, Process: svchost.exe)
19:18:50	Sony User	IP-BLOCK	82.98.97.185 (Type: outgoing, Port: 50232, Process: svchost.exe)
19:28:53	Sony User	IP-BLOCK	82.98.97.200 (Type: outgoing, Port: 50967, Process: svchost.exe)
19:38:52	Sony User	IP-BLOCK	82.98.97.185 (Type: outgoing, Port: 51099, Process: svchost.exe)
19:38:52	Sony User	IP-BLOCK	82.98.97.203 (Type: outgoing, Port: 51100, Process: svchost.exe)
19:38:52	Sony User	IP-BLOCK	82.98.97.206 (Type: outgoing, Port: 51101, Process: svchost.exe)
19:38:52	Sony User	IP-BLOCK	82.98.97.183 (Type: outgoing, Port: 51102, Process: svchost.exe)
19:48:56	Sony User	IP-BLOCK	82.98.97.185 (Type: outgoing, Port: 51110, Process: svchost.exe)
19:48:56	Sony User	IP-BLOCK	82.98.97.203 (Type: outgoing, Port: 51111, Process: svchost.exe)
19:48:56	Sony User	IP-BLOCK	82.98.97.206 (Type: outgoing, Port: 51112, Process: svchost.exe)
19:48:56	Sony User	IP-BLOCK	82.98.97.183 (Type: outgoing, Port: 51113, Process: svchost.exe)
19:58:52	Sony User	IP-BLOCK	82.98.97.185 (Type: outgoing, Port: 51186, Process: svchost.exe)
19:58:52	Sony User	IP-BLOCK	82.98.97.203 (Type: outgoing, Port: 51187, Process: svchost.exe)
19:58:52	Sony User	IP-BLOCK	82.98.97.206 (Type: outgoing, Port: 51188, Process: svchost.exe)
19:58:52	Sony User	IP-BLOCK	82.98.97.183 (Type: outgoing, Port: 51189, Process: svchost.exe)
20:08:52	Sony User	IP-BLOCK	82.98.97.203 (Type: outgoing, Port: 51245, Process: svchost.exe)
20:08:52	Sony User	IP-BLOCK	82.98.97.206 (Type: outgoing, Port: 51246, Process: svchost.exe)
20:08:52	Sony User	IP-BLOCK	82.98.97.183 (Type: outgoing, Port: 51247, Process: svchost.exe)
20:08:52	Sony User	IP-BLOCK	82.98.97.185 (Type: outgoing, Port: 51248, Process: svchost.exe)
20:18:52	Sony User	IP-BLOCK	82.98.97.200 (Type: outgoing, Port: 51438, Process: svchost.exe)
20:28:52	Sony User	IP-BLOCK	82.98.97.203 (Type: outgoing, Port: 51659, Process: svchost.exe)
20:28:52	Sony User	IP-BLOCK	82.98.97.206 (Type: outgoing, Port: 51660, Process: svchost.exe)
20:28:52	Sony User	IP-BLOCK	82.98.97.183 (Type: outgoing, Port: 51661, Process: svchost.exe)
20:28:52	Sony User	IP-BLOCK	82.98.97.185 (Type: outgoing, Port: 51662, Process: svchost.exe)
20:38:55	Sony User	IP-BLOCK	82.98.97.183 (Type: outgoing, Port: 51681, Process: svchost.exe)
20:38:55	Sony User	IP-BLOCK	82.98.97.185 (Type: outgoing, Port: 51682, Process: svchost.exe)
20:38:55	Sony User	IP-BLOCK	82.98.97.203 (Type: outgoing, Port: 51683, Process: svchost.exe)
20:38:55	Sony User	IP-BLOCK	82.98.97.206 (Type: outgoing, Port: 51684, Process: svchost.exe)
20:48:51	Sony User	IP-BLOCK	82.98.97.183 (Type: outgoing, Port: 51693, Process: svchost.exe)
20:48:52	Sony User	IP-BLOCK	82.98.97.185 (Type: outgoing, Port: 51694, Process: svchost.exe)
20:48:52	Sony User	IP-BLOCK	82.98.97.203 (Type: outgoing, Port: 51695, Process: svchost.exe)
20:48:52	Sony User	IP-BLOCK	82.98.97.206 (Type: outgoing, Port: 51696, Process: svchost.exe)
20:58:56	Sony User	IP-BLOCK	82.98.97.183 (Type: outgoing, Port: 51797, Process: svchost.exe)
20:58:56	Sony User	IP-BLOCK	82.98.97.185 (Type: outgoing, Port: 51798, Process: svchost.exe)
20:58:56	Sony User	IP-BLOCK	82.98.97.203 (Type: outgoing, Port: 51799, Process: svchost.exe)
20:58:56	Sony User	IP-BLOCK	82.98.97.206 (Type: outgoing, Port: 51800, Process: svchost.exe)
21:08:53	Sony User	IP-BLOCK	82.98.97.200 (Type: outgoing, Port: 52182, Process: svchost.exe)
21:18:57	Sony User	IP-BLOCK	82.98.97.203 (Type: outgoing, Port: 52499, Process: svchost.exe)
21:18:57	Sony User	IP-BLOCK	82.98.97.206 (Type: outgoing, Port: 52500, Process: svchost.exe)
21:18:57	Sony User	IP-BLOCK	82.98.97.183 (Type: outgoing, Port: 52501, Process: svchost.exe)
21:18:57	Sony User	IP-BLOCK	82.98.97.185 (Type: outgoing, Port: 52502, Process: svchost.exe)

OTL

Code:

ATTFilter

OTL logfile created on: 27.12.2011 21:16:46 - Run 3
OTL by OldTimer - Version 3.2.31.0     Folder = C:\Users\Sony User\Desktop
64bit- Home Premium Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,97 Gb Total Physical Memory | 1,82 Gb Available Physical Memory | 45,85% Memory free
7,93 Gb Paging File | 5,52 Gb Available in Paging File | 69,60% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 456,28 Gb Total Space | 328,10 Gb Free Space | 71,91% Space Free | Partition Type: NTFS
 
Computer Name: SONYUSER-VAIO | User Name: Sony User | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Sony User\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
PRC - C:\Users\SONYUS~1\AppData\Local\Temp\mexe.com (MicroWorld Technologies Inc.)
PRC - C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe (Sony Corporation)
PRC - C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe (Sony Corporation)
PRC - C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe (Sony Corporation)
PRC - C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe (Sony Corporation)
PRC - C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe (Sony Corporation)
PRC - C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe (Sony Corporation)
PRC - C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe (ArcSoft, Inc.)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll ()
MOD - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
MOD - C:\Windows\SysWOW64\msjetoledb40.dll ()
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - (VSNService) -- C:\Program Files\Sony\VAIO Smart Network\VSNService.exe (Sony Corporation)
SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV:64bit: - (VAIO Power Management) -- C:\Program Files\Sony\VAIO Power Management\SPMService.exe (Sony Corporation)
SRV:64bit: - (VcmINSMgr) -- C:\Program Files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe (Sony Corporation)
SRV:64bit: - (VcmIAlzMgr) -- C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe (Sony Corporation)
SRV:64bit: - (VcmXmlIfHelper) -- C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe (Sony Corporation)
SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (ServiceLayer) -- C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe (Nokia)
SRV - (ACDaemon) -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.)
SRV - (SOHPlMgr) -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHPlMgr.exe (Sony Corporation)
SRV - (SOHDms) -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe (Sony Corporation)
SRV - (SOHDs) -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe (Sony Corporation)
SRV - (SOHDBSvr) -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDBSvr.exe (Sony Corporation)
SRV - (SOHCImp) -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe (Sony Corporation)
SRV - (RtkAudioService) -- C:\Programme\Realtek\Audio\HDA\RtkAudioService64.exe (Realtek Semiconductor)
SRV - (Vcsw) -- C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe (Sony Corporation)
SRV - (VAIO Entertainment TV Device Arbitration Service) -- C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VzHardwareResourceManager\VzHardwareResourceManager\VzHardwareResourceManager.exe (Sony Corporation)
SRV - (VzCdbSvc) -- C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe (Sony Corporation)
SRV - (VCFw) -- C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe (Sony Corporation)
SRV - (btwdins) -- C:\Programme\WIDCOMM\Bluetooth Software\btwdins.exe (Broadcom Corporation.)
SRV - (VAIO Event Service) -- C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe (Sony Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (uCamMonitor) -- C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe (ArcSoft, Inc.)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (avkmgr) -- C:\Windows\SysNative\drivers\avkmgr.sys (Avira GmbH)
DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira GmbH)
DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira GmbH)
DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation)
DRV:64bit: - (PxHlpa64) -- C:\Windows\SysNative\drivers\PxHlpa64.sys (Sonic Solutions)
DRV:64bit: - (IntcHdmiAddService) Intel(R) -- C:\Windows\SysNative\drivers\IntcHdmi.sys (Intel(R) Corporation)
DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)
DRV:64bit: - (ApfiltrService) -- C:\Windows\SysNative\drivers\Apfiltr.sys (Alps Electric Co., Ltd.)
DRV:64bit: - (athr) -- C:\Windows\SysNative\drivers\athrx.sys (Atheros Communications, Inc.)
DRV:64bit: - (risdptsk) -- C:\Windows\SysNative\drivers\risdsn64.sys (REDC)
DRV:64bit: - (rimsptsk) -- C:\Windows\SysNative\drivers\rimssn64.sys (REDC)
DRV:64bit: - (yukonw7) -- C:\Windows\SysNative\drivers\yk62x64.sys (Marvell)
DRV:64bit: - (btwrchid) -- C:\Windows\SysNative\drivers\btwrchid.sys (Broadcom Corporation.)
DRV:64bit: - (btwavdt) -- C:\Windows\SysNative\drivers\btwavdt.sys (Broadcom Corporation.)
DRV:64bit: - (btwaudio) -- C:\Windows\SysNative\drivers\btwaudio.sys (Broadcom Corporation.)
DRV:64bit: - (btwl2cap) -- C:\Windows\SysNative\drivers\btwl2cap.sys (Broadcom Corporation.)
DRV:64bit: - (atikmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (RTHDMIAzAudService) -- C:\Windows\SysNative\drivers\RtHDMIVX.sys (Realtek Semiconductor Corp.)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (usbser) -- C:\Windows\SysNative\drivers\usbser.sys (Microsoft Corporation)
DRV:64bit: - (sdbus) -- C:\Windows\SysNative\drivers\sdbus.sys (Microsoft Corporation)
DRV:64bit: - (SFEP) -- C:\Windows\SysNative\drivers\SFEP.sys (Sony Corporation)
DRV:64bit: - (SrvHsfV92) -- C:\Windows\SysNative\drivers\VSTDPV6.SYS (Conexant Systems, Inc.)
DRV:64bit: - (SrvHsfWinac) -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS (Conexant Systems, Inc.)
DRV:64bit: - (SrvHsfHDA) -- C:\Windows\SysNative\drivers\VSTAZL6.SYS (Conexant Systems, Inc.)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (netw5v64) Intel(R) -- C:\Windows\SysNative\drivers\NETw5v64.sys (Intel Corporation)
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)
DRV:64bit: - (ArcSoftKsUFilter) -- C:\Windows\SysNative\drivers\ArcSoftKsUFilter.sys (ArcSoft, Inc.)
DRV:64bit: - (pccsmcfd) -- C:\Windows\SysNative\drivers\pccsmcfdx64.sys (Nokia)
DRV:64bit: - (hwdatacard) -- C:\Windows\SysNative\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default Download Directory = C:\Users\Sony User\Desktop
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = E9 42 7F 95 76 C4 CC 01  [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: ""
FF - prefs.js..browser.search.defaultthis.engineName: ""
FF - prefs.js..browser.search.defaulturl: ""
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: ""
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1
FF - prefs.js..extensions.enabledItems: {872b5b88-9db5-4310-bdd0-ac189557e5f5}:3.3.3.2
FF - prefs.js..extensions.enabledItems: {800b5000-a755-47e1-992b-48a1c1357f07}:1.1.9
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.1.94
FF - prefs.js..extensions.enabledItems: {6904342A-8307-11DF-A508-4AE2DFD72085}:2.1.1.94
FF - prefs.js..extensions.enabledItems: 
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\html5video [2011.04.06 10:35:59 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\wpa [2011.04.06 10:35:59 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011.12.25 21:56:49 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011.12.25 22:48:51 | 000,000,000 | ---D | M]
 
[2010.05.03 18:23:16 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Sony User\AppData\Roaming\mozilla\Extensions
[2011.12.27 10:01:51 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Sony User\AppData\Roaming\mozilla\Firefox\Profiles\qzmkl14c.default\extensions
[2011.04.08 05:59:26 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Users\Sony User\AppData\Roaming\mozilla\Firefox\Profiles\qzmkl14c.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2010.08.18 21:28:53 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\Sony User\AppData\Roaming\mozilla\Firefox\Profiles\qzmkl14c.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2010.08.21 20:21:07 | 000,000,873 | ---- | M] () -- C:\Users\Sony User\AppData\Roaming\Mozilla\Firefox\Profiles\qzmkl14c.default\searchplugins\conduit.xml
[2010.12.21 14:59:20 | 000,000,950 | ---- | M] () -- C:\Users\Sony User\AppData\Roaming\Mozilla\Firefox\Profiles\qzmkl14c.default\searchplugins\icqplugin-2.xml
[2011.04.08 06:02:37 | 000,000,950 | ---- | M] () -- C:\Users\Sony User\AppData\Roaming\Mozilla\Firefox\Profiles\qzmkl14c.default\searchplugins\icqplugin-3.xml
[2011.04.08 05:59:26 | 000,000,168 | ---- | M] () -- C:\Users\Sony User\AppData\Roaming\Mozilla\Firefox\Profiles\qzmkl14c.default\searchplugins\icqplugin.gif
[2011.04.08 05:59:26 | 000,000,618 | ---- | M] () -- C:\Users\Sony User\AppData\Roaming\Mozilla\Firefox\Profiles\qzmkl14c.default\searchplugins\icqplugin.src
[2010.05.12 16:40:48 | 000,001,042 | ---- | M] () -- C:\Users\Sony User\AppData\Roaming\Mozilla\Firefox\Profiles\qzmkl14c.default\searchplugins\icqplugin.xml
[2011.12.25 22:12:56 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2010.06.27 03:20:32 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010.08.03 19:42:37 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010.11.07 01:27:09 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011.01.12 23:01:24 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011.02.21 08:10:16 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2011.12.25 22:12:56 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA}
[2011.04.06 10:35:59 | 000,000,000 | ---D | M] (DivX Plus Web Player HTML5 &lt;video&gt;) -- C:\PROGRAM FILES (X86)\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\HTML5VIDEO
[2011.04.06 10:35:59 | 000,000,000 | ---D | M] (DivX HiQ) -- C:\PROGRAM FILES (X86)\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\WPA
File not found (No name found) -- C:\USERS\SONY USER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QZMKL14C.DEFAULT\EXTENSIONS\{872B5B88-9DB5-4310-BDD0-AC189557E5F5}
File not found (No name found) -- C:\USERS\SONY USER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QZMKL14C.DEFAULT\EXTENSIONS\ENGINE@CONDUIT.COM
[2011.11.10 05:54:13 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2011.04.09 11:40:26 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011.04.09 11:40:27 | 000,002,344 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2011.04.09 11:40:27 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2011.04.09 11:40:27 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2011.04.09 11:40:27 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
 
O1 HOSTS File: ([2011.12.26 11:41:02 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O4:64bit: - HKLM..\Run: [Apoint] C:\Programme\Apoint\Apoint.exe (Alps Electric Co., Ltd.)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Programme\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [ISBMgr.exe] C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe (Sony Corporation)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Sony User\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8:64bit: - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html File not found
O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Sony User\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html File not found
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O9:64bit: - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: Senden an Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Senden an &Bluetooth-Gerät... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3DBEED24-4889-479C-82EC-D972CD7A8EFF}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{59F4ACDD-B2C9-4F4E-969D-FD30745D2CD0}: DhcpNameServer = 192.168.0.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O20 - Winlogon\Notify\VESWinlogon: DllName - (VESWinlogon.dll) - C:\Windows\SysWow64\VESWinlogon.dll (Sony Corporation)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011.12.27 19:30:50 | 000,000,000 | ---D | C] -- C:\Windows\VDLL.DLL
[2011.12.27 19:30:50 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\runouce.exe
[2011.12.27 19:30:50 | 000,000,000 | ---D | C] -- C:\Windows\rundll16.exe
[2011.12.27 19:30:50 | 000,000,000 | ---D | C] -- C:\Windows\RUNDL132.EXE
[2011.12.27 19:30:50 | 000,000,000 | ---D | C] -- C:\Windows\logo1_.exe
[2011.12.27 19:30:50 | 000,000,000 | ---D | C] -- C:\Windows\logo_1.exe
[2011.12.27 19:22:32 | 000,632,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msvcr80.dll
[2011.12.27 19:22:31 | 000,554,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msvcp80.dll
[2011.12.27 19:22:30 | 000,034,048 | ---- | C] (MicroWorld Technologies Inc.) -- C:\Windows\SysWow64\eEmpty.exe
[2011.12.27 19:22:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\MicroWorld
[2011.12.27 19:22:22 | 000,000,000 | ---D | C] -- C:\ProgramData\MicroWorld
[2011.12.27 15:15:35 | 000,000,000 | ---D | C] -- C:\Users\Sony User\Desktop\Virus
[2011.12.27 15:10:58 | 000,000,000 | ---D | C] -- C:\Users\Sony User\AppData\Roaming\Roxio Log Files
[2011.12.27 15:08:56 | 000,000,000 | ---D | C] -- C:\Users\Sony User\AppData\Local\SvchostViewer
[2011.12.27 13:21:37 | 000,000,000 | ---D | C] -- C:\ProgramData\SecTaskMan
[2011.12.27 10:06:29 | 001,918,464 | ---- | C] (AVAST Software) -- C:\Users\Sony User\Desktop\aswMBR.exe
[2011.12.27 09:58:06 | 000,000,000 | ---D | C] -- C:\_OTL
[2011.12.27 09:56:29 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Sony User\Desktop\OTL.exe
[2011.12.26 22:41:07 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2011.12.26 11:56:11 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2011.12.26 11:34:31 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011.12.26 03:06:34 | 000,096,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2011.12.26 03:06:33 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2011.12.26 03:06:32 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2011.12.26 03:06:32 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2011.12.26 03:06:31 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2011.12.26 03:06:31 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2011.12.26 03:06:28 | 002,309,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2011.12.26 03:06:28 | 001,493,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2011.12.26 03:06:28 | 001,427,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2011.12.26 03:06:27 | 000,818,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2011.12.26 03:06:27 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2011.12.25 22:20:28 | 000,000,000 | ---D | C] -- C:\Users\Sony User\AppData\Local\{3C11D02F-DA75-4D54-B37B-8BBA3405470A}
[2011.12.25 22:20:16 | 000,000,000 | ---D | C] -- C:\Users\Sony User\AppData\Local\{07CBAF22-9E3F-4F65-8175-5AA39A15B517}
[2011.12.25 22:18:12 | 000,000,000 | ---D | C] -- C:\Windows\PCHEALTH
[2011.12.25 22:17:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
[2011.12.25 22:17:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Silverlight
[2011.12.25 22:13:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2011.12.25 22:12:54 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe
[2011.12.25 22:12:54 | 000,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe
[2011.12.25 22:12:54 | 000,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe
[2011.12.25 22:10:14 | 000,000,000 | ---D | C] -- C:\Users\Sony User\AppData\Roaming\Avira
[2011.12.25 22:07:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
[2011.12.25 22:07:10 | 000,130,760 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avipbb.sys
[2011.12.25 22:07:10 | 000,097,312 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avgntflt.sys
[2011.12.25 22:07:10 | 000,027,760 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avkmgr.sys
[2011.12.25 22:07:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2011.12.25 22:07:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Avira
[2011.12.25 22:04:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DVDVideoSoft
[2011.12.25 21:48:07 | 000,319,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\odbcjt32.dll
[2011.12.25 21:48:07 | 000,212,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\odbctrac.dll
[2011.12.25 21:48:07 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\odbctrac.dll
[2011.12.25 21:48:07 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\odbccp32.dll
[2011.12.25 21:48:07 | 000,122,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\odbccp32.dll
[2011.12.25 21:48:07 | 000,106,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\odbccu32.dll
[2011.12.25 21:48:07 | 000,106,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\odbccr32.dll
[2011.12.25 21:48:07 | 000,086,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\odbccu32.dll
[2011.12.25 21:48:07 | 000,081,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\odbccr32.dll
[2011.12.25 21:47:57 | 000,142,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\poqexec.exe
[2011.12.25 21:47:57 | 000,123,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\poqexec.exe
[2011.12.25 21:47:52 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\csrsrv.dll
[2011.12.25 21:47:23 | 000,613,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\psisdecd.dll
[2011.12.25 21:47:23 | 000,465,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\psisdecd.dll
[2011.12.25 21:47:23 | 000,288,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MSNP.ax
[2011.12.25 21:47:23 | 000,204,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MSNP.ax
[2011.12.25 21:47:23 | 000,108,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\psisrndr.ax
[2011.12.25 21:47:23 | 000,075,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\psisrndr.ax
[2011.12.25 21:47:22 | 000,104,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Mpeg2Data.ax
[2011.12.25 21:47:22 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Mpeg2Data.ax
[2011.12.25 21:47:21 | 000,075,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MSDvbNP.ax
[2011.12.25 21:47:21 | 000,059,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MSDvbNP.ax
[2011.12.25 21:47:19 | 001,162,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kernel32.dll
[2011.12.25 21:47:19 | 000,422,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KernelBase.dll
[2011.12.25 21:47:19 | 000,362,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64win.dll
[2011.12.25 21:47:19 | 000,338,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\conhost.exe
[2011.12.25 21:47:19 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64.dll
[2011.12.25 21:47:19 | 000,214,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll
[2011.12.25 21:47:18 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe
[2011.12.25 21:47:18 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntvdm64.dll
[2011.12.25 21:47:17 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll
[2011.12.25 21:47:17 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64cpu.dll
[2011.12.25 21:47:17 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe
[2011.12.25 21:47:17 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll
[2011.12.25 21:47:17 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll
[2011.12.25 21:47:17 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-libraryloader-l1-1-0.dll
[2011.12.25 21:47:16 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
[2011.12.25 21:47:16 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-security-base-l1-1-0.dll
[2011.12.25 21:47:16 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-file-l1-1-0.dll
[2011.12.25 21:47:16 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-file-l1-1-0.dll
[2011.12.25 21:47:16 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
[2011.12.25 21:47:16 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-threadpool-l1-1-0.dll
[2011.12.25 21:47:16 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll
[2011.12.25 21:47:16 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processthreads-l1-1-0.dll
[2011.12.25 21:47:16 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll
[2011.12.25 21:47:16 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-sysinfo-l1-1-0.dll
[2011.12.25 21:47:16 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll
[2011.12.25 21:47:16 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-synch-l1-1-0.dll
[2011.12.25 21:47:16 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll
[2011.12.25 21:47:16 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll
[2011.12.25 21:47:16 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localregistry-l1-1-0.dll
[2011.12.25 21:47:16 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll
[2011.12.25 21:47:16 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localization-l1-1-0.dll
[2011.12.25 21:47:16 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
[2011.12.25 21:47:16 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-rtlsupport-l1-1-0.dll
[2011.12.25 21:47:16 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll
[2011.12.25 21:47:16 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processenvironment-l1-1-0.dll
[2011.12.25 21:47:16 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll
[2011.12.25 21:47:16 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-namedpipe-l1-1-0.dll
[2011.12.25 21:47:16 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-misc-l1-1-0.dll
[2011.12.25 21:47:16 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll
[2011.12.25 21:47:16 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-memory-l1-1-0.dll
[2011.12.25 21:47:16 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll
[2011.12.25 21:47:16 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll
[2011.12.25 21:47:16 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-heap-l1-1-0.dll
[2011.12.25 21:47:16 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-xstate-l1-1-0.dll
[2011.12.25 21:47:16 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
[2011.12.25 21:47:16 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-util-l1-1-0.dll
[2011.12.25 21:47:16 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-string-l1-1-0.dll
[2011.12.25 21:47:16 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-string-l1-1-0.dll
[2011.12.25 21:47:16 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll
[2011.12.25 21:47:16 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll
[2011.12.25 21:47:16 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-profile-l1-1-0.dll
[2011.12.25 21:47:16 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-io-l1-1-0.dll
[2011.12.25 21:47:16 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-io-l1-1-0.dll
[2011.12.25 21:47:16 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-interlocked-l1-1-0.dll
[2011.12.25 21:47:16 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll
[2011.12.25 21:47:16 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-handle-l1-1-0.dll
[2011.12.25 21:47:16 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll
[2011.12.25 21:47:16 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-fibers-l1-1-0.dll
[2011.12.25 21:47:16 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll
[2011.12.25 21:47:16 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-errorhandling-l1-1-0.dll
[2011.12.25 21:47:16 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll
[2011.12.25 21:47:16 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-delayload-l1-1-0.dll
[2011.12.25 21:47:16 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll
[2011.12.25 21:47:16 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-debug-l1-1-0.dll
[2011.12.25 21:47:16 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll
[2011.12.25 21:47:16 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-datetime-l1-1-0.dll
[2011.12.25 21:47:16 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-console-l1-1-0.dll
[2011.12.25 21:47:16 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-console-l1-1-0.dll
[2011.12.25 21:47:15 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe
[2011.12.25 21:47:13 | 000,252,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\drvinst.exe
[2011.12.25 21:47:13 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\devrtl.dll
[2011.12.25 21:47:10 | 000,861,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\oleaut32.dll
[2011.12.25 21:47:10 | 000,331,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\oleacc.dll
[2011.12.25 21:47:09 | 000,723,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\EncDec.dll
[2011.12.25 21:47:09 | 000,534,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\EncDec.dll
[2011.12.25 21:46:55 | 005,507,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2011.12.25 21:46:55 | 003,957,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2011.12.25 21:46:54 | 003,902,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2011.12.25 21:36:20 | 000,414,368 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
 
========== Files - Modified Within 30 Days ==========
 
[2011.12.27 21:19:38 | 000,041,272 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2011.12.27 19:30:50 | 000,000,054 | ---- | M] () -- C:\Windows\Lic.xxx
[2011.12.27 19:22:31 | 000,632,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msvcr80.dll
[2011.12.27 19:22:30 | 000,554,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msvcp80.dll
[2011.12.27 19:22:29 | 000,034,048 | ---- | M] (MicroWorld Technologies Inc.) -- C:\Windows\SysWow64\eEmpty.exe
[2011.12.27 19:21:44 | 068,866,904 | ---- | M] () -- C:\Users\Sony User\Desktop\mwav.exe
[2011.12.27 18:45:35 | 000,009,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011.12.27 18:45:35 | 000,009,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011.12.27 18:37:32 | 000,065,536 | ---- | M] () -- C:\Windows\SysNative\Ikeext.etl
[2011.12.27 18:37:19 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.12.27 18:37:06 | 3195,293,696 | -HS- | M] () -- C:\hiberfil.sys
[2011.12.27 15:12:03 | 000,000,181 | ---- | M] () -- C:\Windows\WININIT.INI
[2011.12.27 10:06:29 | 001,918,464 | ---- | M] (AVAST Software) -- C:\Users\Sony User\Desktop\aswMBR.exe
[2011.12.27 09:56:29 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Sony User\Desktop\OTL.exe
[2011.12.26 11:41:02 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2011.12.26 09:23:34 | 001,472,002 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011.12.26 09:23:34 | 000,643,866 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2011.12.26 09:23:34 | 000,607,190 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011.12.26 09:23:34 | 000,126,394 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2011.12.26 09:23:34 | 000,103,568 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011.12.26 09:16:06 | 000,446,816 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2011.12.25 21:36:20 | 000,414,368 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2011.12.15 15:00:00 | 000,027,760 | ---- | M] (Avira GmbH) -- C:\Windows\SysNative\drivers\avkmgr.sys
[2011.12.15 14:59:59 | 000,130,760 | ---- | M] (Avira GmbH) -- C:\Windows\SysNative\drivers\avipbb.sys
[2011.12.15 14:59:59 | 000,097,312 | ---- | M] (Avira GmbH) -- C:\Windows\SysNative\drivers\avgntflt.sys
 
========== Files Created - No Company Name ==========
 
[2011.12.27 19:22:47 | 000,000,054 | ---- | C] () -- C:\Windows\Lic.xxx
[2011.12.27 19:20:18 | 068,866,904 | ---- | C] () -- C:\Users\Sony User\Desktop\mwav.exe
[2011.12.27 15:12:03 | 000,000,181 | ---- | C] () -- C:\Windows\WININIT.INI
[2011.12.25 22:19:24 | 000,002,486 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Messenger.lnk
[2010.07.25 08:39:33 | 000,008,192 | ---- | C] () -- C:\Users\Sony User\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.04.05 19:37:57 | 000,008,718 | ---- | C] () -- C:\Users\Sony User\AppData\Roaming\wklnhst.dat
[2009.12.20 18:02:09 | 000,027,639 | ---- | C] () -- C:\Users\Sony User\AppData\Roaming\UserTile.png
[2009.09.06 09:32:41 | 000,000,000 | ---- | C] () -- C:\Windows\VAIOUpdt.INI
[2009.09.06 09:07:13 | 000,002,835 | ---- | C] () -- C:\Windows\SysWow64\McOEMAppRules.dat
[2009.08.17 21:11:49 | 000,982,220 | ---- | C] () -- C:\Windows\SysWow64\igkrng500.bin
[2009.08.17 21:11:46 | 000,134,592 | ---- | C] () -- C:\Windows\SysWow64\igfcg500.bin
[2009.08.17 21:11:46 | 000,092,216 | ---- | C] () -- C:\Windows\SysWow64\igfcg500m.bin
[2009.08.17 21:11:44 | 000,439,300 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng500.bin
[2009.08.17 13:27:21 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2009.07.14 06:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009.07.14 03:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009.07.14 03:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009.07.14 01:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009.07.14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009.07.13 22:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009.06.10 22:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat

< End of report >

Malewarebytes Antimalware stoppt "svchost.exe" ip :82.98.97.183 bis 82.98.97.205

Log-Analyse und Auswertung: Malewarebytes Antimalware stoppt "svchost.exe" ip :82.98.97.183 bis 82.98.97.205

Malewarebytes Antimalware stoppt "svchost.exe" ip :82.98.97.183 bis 82.98.97.205

Ähnliche Themen: Malewarebytes Antimalware stoppt "svchost.exe" ip :82.98.97.183 bis 82.98.97.205