Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   Malewarebytes Antimalware stoppt "svchost.exe" ip :82.98.97.183 bis 82.98.97.205 (https://www.trojaner-board.de/107022-malewarebytes-antimalware-stoppt-svchost-exe-ip-82-98-97-183-82-98-97-205-a.html)

Sohn_des_Mondes 27.12.2011 21:29
Malewarebytes Antimalware stoppt "svchost.exe" ip :82.98.97.183 bis 82.98.97.205
 
Hallo, Antimalware stoppt immer den zugriff auf "svchost.exe"
Dieses geschiet ca alle 10 Minuten.

Antivir

Code:

Avira Free Antivirus
Erstellungsdatum der Reportdatei: Sonntag, 25. Dezember 2011  23:39

Es wird nach 2970283 Virenstämmen gesucht.

Das Programm läuft als uneingeschränkte Vollversion.
Online-Dienste stehen zur Verfügung.

Lizenznehmer  : Avira AntiVir Personal - Free Antivirus
Seriennummer  : 0000149996-ADJIE-0000001
Plattform      : Windows 7 x64
Windowsversion : (plain)  [6.1.7600]
Boot Modus    : Normal gebootet
Benutzername  : Sony User
Computername  : SONYUSER-VAIO

Versionsinformationen:
BUILD.DAT      : 12.0.0.872    41826 Bytes  15.12.2011 16:24:00
AVSCAN.EXE    : 12.1.0.18    490448 Bytes  15.12.2011 13:59:39
AVSCAN.DLL    : 12.1.0.17      65744 Bytes  15.12.2011 13:59:56
LUKE.DLL      : 12.1.0.17      68304 Bytes  15.12.2011 13:59:47
AVSCPLR.DLL    : 12.1.0.21      99536 Bytes  15.12.2011 13:59:39
AVREG.DLL      : 12.1.0.27    227536 Bytes  15.12.2011 13:59:38
VBASE000.VDF  : 7.10.0.0    19875328 Bytes  06.11.2009 18:18:34
VBASE001.VDF  : 7.11.0.0    13342208 Bytes  14.12.2010 23:31:49
VBASE002.VDF  : 7.11.19.170 14374912 Bytes  20.12.2011 21:08:17
VBASE003.VDF  : 7.11.19.171    2048 Bytes  20.12.2011 21:08:17
VBASE004.VDF  : 7.11.19.172    2048 Bytes  20.12.2011 21:08:17
VBASE005.VDF  : 7.11.19.173    2048 Bytes  20.12.2011 21:08:17
VBASE006.VDF  : 7.11.19.174    2048 Bytes  20.12.2011 21:08:17
VBASE007.VDF  : 7.11.19.175    2048 Bytes  20.12.2011 21:08:17
VBASE008.VDF  : 7.11.19.176    2048 Bytes  20.12.2011 21:08:18
VBASE009.VDF  : 7.11.19.177    2048 Bytes  20.12.2011 21:08:18
VBASE010.VDF  : 7.11.19.178    2048 Bytes  20.12.2011 21:08:18
VBASE011.VDF  : 7.11.19.179    2048 Bytes  20.12.2011 21:08:18
VBASE012.VDF  : 7.11.19.180    2048 Bytes  20.12.2011 21:08:18
VBASE013.VDF  : 7.11.19.217  182784 Bytes  22.12.2011 21:08:18
VBASE014.VDF  : 7.11.19.255  148480 Bytes  24.12.2011 21:08:19
VBASE015.VDF  : 7.11.20.0      2048 Bytes  24.12.2011 21:08:19
VBASE016.VDF  : 7.11.20.1      2048 Bytes  24.12.2011 21:08:19
VBASE017.VDF  : 7.11.20.2      2048 Bytes  24.12.2011 21:08:19
VBASE018.VDF  : 7.11.20.3      2048 Bytes  24.12.2011 21:08:19
VBASE019.VDF  : 7.11.20.4      2048 Bytes  24.12.2011 21:08:19
VBASE020.VDF  : 7.11.20.5      2048 Bytes  24.12.2011 21:08:19
VBASE021.VDF  : 7.11.20.6      2048 Bytes  24.12.2011 21:08:19
VBASE022.VDF  : 7.11.20.7      2048 Bytes  24.12.2011 21:08:19
VBASE023.VDF  : 7.11.20.8      2048 Bytes  24.12.2011 21:08:19
VBASE024.VDF  : 7.11.20.9      2048 Bytes  24.12.2011 21:08:19
VBASE025.VDF  : 7.11.20.10      2048 Bytes  24.12.2011 21:08:19
VBASE026.VDF  : 7.11.20.11      2048 Bytes  24.12.2011 21:08:19
VBASE027.VDF  : 7.11.20.12      2048 Bytes  24.12.2011 21:08:19
VBASE028.VDF  : 7.11.20.13      2048 Bytes  24.12.2011 21:08:19
VBASE029.VDF  : 7.11.20.14      2048 Bytes  24.12.2011 21:08:19
VBASE030.VDF  : 7.11.20.15      2048 Bytes  24.12.2011 21:08:19
VBASE031.VDF  : 7.11.20.18    81920 Bytes  25.12.2011 21:08:20
Engineversion  : 8.2.8.8 
AEVDF.DLL      : 8.1.2.2      106868 Bytes  15.12.2011 13:59:36
AESCRIPT.DLL  : 8.1.3.92      495996 Bytes  25.12.2011 21:08:24
AESCN.DLL      : 8.1.7.2      127349 Bytes  14.12.2011 23:31:02
AESBX.DLL      : 8.2.4.5      434549 Bytes  15.12.2011 13:59:35
AERDL.DLL      : 8.1.9.15      639348 Bytes  14.12.2011 23:31:02
AEPACK.DLL    : 8.2.15.1      770423 Bytes  15.12.2011 13:59:35
AEOFFICE.DLL  : 8.1.2.24      201084 Bytes  25.12.2011 21:08:23
AEHEUR.DLL    : 8.1.3.8      4231543 Bytes  25.12.2011 21:08:23
AEHELP.DLL    : 8.1.18.0      254327 Bytes  15.12.2011 13:59:31
AEGEN.DLL      : 8.1.5.17      405877 Bytes  15.12.2011 13:59:31
AEEMU.DLL      : 8.1.3.0      393589 Bytes  14.12.2011 23:30:58
AECORE.DLL    : 8.1.24.2      201080 Bytes  25.12.2011 21:08:20
AEBB.DLL      : 8.1.1.0        53618 Bytes  14.12.2011 23:30:58
AVWINLL.DLL    : 12.1.0.17      27344 Bytes  15.12.2011 13:59:41
AVPREF.DLL    : 12.1.0.17      51920 Bytes  15.12.2011 13:59:38
AVREP.DLL      : 12.1.0.17    179408 Bytes  15.12.2011 13:59:38
AVARKT.DLL    : 12.1.0.19    208848 Bytes  15.12.2011 13:59:36
AVEVTLOG.DLL  : 12.1.0.17    169168 Bytes  15.12.2011 13:59:37
SQLITE3.DLL    : 3.7.0.0      398288 Bytes  15.12.2011 13:59:50
AVSMTP.DLL    : 12.1.0.17      62928 Bytes  15.12.2011 13:59:39
NETNT.DLL      : 12.1.0.17      17104 Bytes  15.12.2011 13:59:47
RCIMAGE.DLL    : 12.1.0.17    4447952 Bytes  15.12.2011 13:59:58
RCTEXT.DLL    : 12.1.0.16      98512 Bytes  15.12.2011 13:59:59

Konfiguration für den aktuellen Suchlauf:
Job Name..............................: Lokale Laufwerke
Konfigurationsdatei...................: C:\Program Files (x86)\Avira\AntiVir Desktop\alldrives.avp
Protokollierung.......................: standard
Primäre Aktion........................: löschen
Sekundäre Aktion......................: löschen
Durchsuche Masterbootsektoren.........: ein
Durchsuche Bootsektoren...............: ein
Bootsektoren..........................: C:, D:, E:, F:,
Durchsuche aktive Programme...........: ein
Durchsuche Registrierung..............: ein
Suche nach Rootkits...................: ein
Integritätsprüfung von Systemdateien..: ein
Datei Suchmodus.......................: Alle Dateien
Durchsuche Archive....................: ein
Rekursionstiefe einschränken..........: 20
Archiv Smart Extensions...............: ein
Abweichende Archivtypen...............: +BSD Mailbox, +Netscape/Mozilla Mailbox, +Eudora Mailbox, +Squid cache, +Pegasus Mailbox, +MS Outlook Mailbox, +ISO 9660,
Makrovirenheuristik...................: ein
Dateiheuristik........................: vollständig
Abweichende Gefahrenkategorien........: +APPL,+GAME,+JOKE,+PCK,+PFS,+SPR,

Beginn des Suchlaufs: Sonntag, 25. Dezember 2011  23:39

Der Suchlauf über die Masterbootsektoren wird begonnen:
Masterbootsektor HD0
    [INFO]      Es wurde kein Virus gefunden!
Masterbootsektor HD1
    [INFO]      Es wurde kein Virus gefunden!
Masterbootsektor HD2
    [INFO]      Es wurde kein Virus gefunden!

Der Suchlauf über die Bootsektoren wird begonnen:
Bootsektor 'C:\'
    [INFO]      Es wurde kein Virus gefunden!
Bootsektor 'D:\'
    [INFO]      Im  Laufwerk 'D:\' ist kein Datenträger eingelegt!
Bootsektor 'E:\'
    [INFO]      Im  Laufwerk 'E:\' ist kein Datenträger eingelegt!

Der Suchlauf nach versteckten Objekten wird begonnen.

Der Suchlauf über gestartete Prozesse wird begonnen:
Durchsuche Prozess 'avscan.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'avcenter.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'mbamgui.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'mbamservice.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'avgnt.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'sched.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'avguard.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'AdobeARM.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'VCSW.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'ISBMgr.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'VESMgrSub.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'VMCService.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'DllHost.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'VzCdbSvc.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'VCFw.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'VESMgr.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'uCamMonitor.exe' - '1' Modul(e) wurden durchsucht

Untersuchung der Systemdateien wird begonnen:
Signiert -> 'C:\Windows\system32\svchost.exe'
Signiert -> 'C:\Windows\system32\winlogon.exe'
Signiert -> 'C:\Windows\explorer.exe'
Signiert -> 'C:\Windows\system32\smss.exe'
Signiert -> 'C:\Windows\system32\wininet.DLL'
Signiert -> 'C:\Windows\system32\wsock32.DLL'
Signiert -> 'C:\Windows\system32\ws2_32.DLL'
Signiert -> 'C:\Windows\system32\services.exe'
Signiert -> 'C:\Windows\system32\lsass.exe'
Signiert -> 'C:\Windows\system32\csrss.exe'
Signiert -> 'C:\Windows\system32\drivers\kbdclass.sys'
Signiert -> 'C:\Windows\system32\spoolsv.exe'
Signiert -> 'C:\Windows\system32\alg.exe'
Signiert -> 'C:\Windows\system32\wuauclt.exe'
Signiert -> 'C:\Windows\system32\advapi32.DLL'
Signiert -> 'C:\Windows\system32\user32.DLL'
Signiert -> 'C:\Windows\system32\gdi32.DLL'
Signiert -> 'C:\Windows\system32\kernel32.DLL'
Signiert -> 'C:\Windows\system32\ntdll.DLL'
Signiert -> 'C:\Windows\system32\ntoskrnl.exe'
Signiert -> 'C:\Windows\system32\ctfmon.exe'
Die Systemdateien wurden durchsucht ('21' Dateien)

Der Suchlauf auf Verweise zu ausführbaren Dateien (Registry) wird begonnen:
Die Registry wurde durchsucht ( '2857' Dateien ).


Der Suchlauf über die ausgewählten Dateien wird begonnen:

Beginne mit der Suche in 'C:\'
C:\Users\Sony User\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KTDI2CKT\wlsetup-all.exe
  [0] Archivtyp: Portable Executable Resource
  --> object
      [1] Archivtyp: CAB (Microsoft)
    --> WriterProdLang.7z
        [2] Archivtyp: 7-Zip
      --> WriterProdLang.cab
          [3] Archivtyp: CAB (Microsoft)
        --> writerprodlang.msi
            [WARNUNG]  Die Datei konnte nicht gelesen werden!
  --> object
      [1] Archivtyp: CAB (Microsoft)
    --> LanguageSelector64.7z
        [2] Archivtyp: 7-Zip
      --> LanguageSelector64.cab
          [3] Archivtyp: CAB (Microsoft)
        --> LanguageSelector64.msi
            [WARNUNG]  Die Datei konnte nicht gelesen werden!
C:\Users\Sony User\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\12\1dd6a40c-251ef117
  [0] Archivtyp: ZIP
  --> ________vload.class
      [FUND]      Enthält Erkennungsmuster des Exploits EXP/CVE-2008-5353.KM
  --> vmain.class
      [FUND]      Enthält Erkennungsmuster des Exploits EXP/CVE-2008-5353.ND
  [HINWEIS]  Eine Sicherungskopie wurde unter dem Namen 4944268e.qua erstellt ( QUARANTÄNE )
  [HINWEIS]  Die Datei wurde gelöscht.
C:\Users\Sony User\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\18\105e14d2-140a64fd
  [0] Archivtyp: ZIP
  --> Base64cod.class
      [FUND]      Enthält Erkennungsmuster des Java-Virus JAVA/Dldr.Small.hej
  --> Googles.class
      [FUND]      Enthält Erkennungsmuster des Java-Virus JAVA/Agent.F.18035
  [HINWEIS]  Eine Sicherungskopie wurde unter dem Namen 51a4091d.qua erstellt ( QUARANTÄNE )
  [HINWEIS]  Die Datei wurde gelöscht.
C:\Users\Sony User\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\23\160ba957-7a18bb26
  [0] Archivtyp: ZIP
  --> ________vload.class
      [FUND]      Enthält Erkennungsmuster des Java-Virus JAVA/Agent.AH
  --> vmain.class
      [FUND]      Enthält Erkennungsmuster des Exploits EXP/CVE-2008-5353.PA
  [HINWEIS]  Eine Sicherungskopie wurde unter dem Namen 03f053fc.qua erstellt ( QUARANTÄNE )
  [HINWEIS]  Die Datei wurde gelöscht.
C:\Users\Sony User\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\25\cf0c019-64d6e84d
  [0] Archivtyp: ZIP
  --> sunos/Globales.class
      [FUND]      Enthält Erkennungsmuster des Java-Virus JAVA/SystemSpy.A.1
  --> sunos/Manuals.class
      [FUND]      Enthält Erkennungsmuster des Java-Virus JAVA/ClassLoad.AF
  --> sunos/Support.class
      [FUND]      Enthält Erkennungsmuster des Java-Virus JAVA/ClassLo.AF.1.B
  [HINWEIS]  Eine Sicherungskopie wurde unter dem Namen 65c71c09.qua erstellt ( QUARANTÄNE )
  [HINWEIS]  Die Datei wurde gelöscht.
C:\Users\Sony User\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\28\68a9cc5c-188bb89d
  [0] Archivtyp: ZIP
  --> ________vload.class
      [FUND]      Enthält Erkennungsmuster des Java-Virus JAVA/Agent.AH
  --> vmain.class
      [FUND]      Enthält Erkennungsmuster des Exploits EXP/CVE-2008-5353.PA
  [HINWEIS]  Eine Sicherungskopie wurde unter dem Namen 203c3119.qua erstellt ( QUARANTÄNE )
  [HINWEIS]  Die Datei wurde gelöscht.
C:\Users\Sony User\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\33\30feb821-7be8da52
  [0] Archivtyp: ZIP
  --> ________vload.class
      [FUND]      Enthält Erkennungsmuster des Exploits EXP/CVE-2008-5353.KM
  --> vmain.class
      [FUND]      Enthält Erkennungsmuster des Exploits EXP/CVE-2008-5353.ND
  [HINWEIS]  Eine Sicherungskopie wurde unter dem Namen 5f220364.qua erstellt ( QUARANTÄNE )
  [HINWEIS]  Die Datei wurde gelöscht.
C:\Users\Sony User\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\37\170f8765-23c4db87
  [0] Archivtyp: ZIP
  --> vmain.class
      [FUND]      Enthält Erkennungsmuster des Java-Virus JAVA/Agent.AL.3
  [HINWEIS]  Eine Sicherungskopie wurde unter dem Namen 13e02f37.qua erstellt ( QUARANTÄNE )
  [HINWEIS]  Die Datei wurde gelöscht.
C:\Users\Sony User\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\38\706b3426-4717d0eb
  [0] Archivtyp: ZIP
  --> bpac/a$1.class
      [FUND]      Enthält Erkennungsmuster des Exploits EXP/Java.EG
  --> bpac/a.class
      [FUND]      Enthält Erkennungsmuster des Java-Virus JAVA/OpenConnect.CF
  --> bpac/b.class
      [FUND]      Enthält Erkennungsmuster des Exploits EXP/CVE-2010-0840.L
  --> bpac/KAVS.class
      [FUND]      Enthält Erkennungsmuster des Exploits EXP/CVE-2010-0840.BB
  [HINWEIS]  Eine Sicherungskopie wurde unter dem Namen 6ff26f7e.qua erstellt ( QUARANTÄNE )
  [HINWEIS]  Die Datei wurde gelöscht.
C:\Users\Sony User\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\49\1eff1eb1-611bcd93
  [0] Archivtyp: ZIP
  --> vmain.class
      [FUND]      Enthält Erkennungsmuster des Exploits EXP/CVE-2009-3867.GC
  [HINWEIS]  Eine Sicherungskopie wurde unter dem Namen 42d840fc.qua erstellt ( QUARANTÄNE )
  [HINWEIS]  Die Datei wurde gelöscht.
C:\Users\Sony User\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\52\31bba1f4-4fcf4f20
  [0] Archivtyp: ZIP
  --> vmain.class
      [FUND]      Enthält Erkennungsmuster des Exploits EXP/CVE-2009-3867.GC
  [HINWEIS]  Eine Sicherungskopie wurde unter dem Namen 5bb47baa.qua erstellt ( QUARANTÄNE )
  [HINWEIS]  Die Datei wurde gelöscht.
C:\Users\Sony User\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\53\42441975-3ff5bb5f
  [0] Archivtyp: ZIP
  --> vmain.class
      [FUND]      Enthält Erkennungsmuster des Exploits EXP/CVE-2009-3867.EH
  [HINWEIS]  Eine Sicherungskopie wurde unter dem Namen 379a5784.qua erstellt ( QUARANTÄNE )
  [HINWEIS]  Die Datei wurde gelöscht.
C:\Users\Sony User\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\58\d552d7a-448cf279
  [0] Archivtyp: ZIP
  --> vmain.class
      [FUND]      Enthält Erkennungsmuster des Java-Virus JAVA/Agent.AL.3
  [HINWEIS]  Eine Sicherungskopie wurde unter dem Namen 46246e12.qua erstellt ( QUARANTÄNE )
  [HINWEIS]  Die Datei wurde gelöscht.
C:\Users\Sony User\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\59\4eb49b7b-6939d3d5
  [0] Archivtyp: ZIP
  --> sunny/MyFiles.class
      [FUND]      Enthält Erkennungsmuster des Java-Virus JAVA/Dldr.Age.3159
  [HINWEIS]  Eine Sicherungskopie wurde unter dem Namen 484b5e05.qua erstellt ( QUARANTÄNE )
  [HINWEIS]  Die Datei wurde gelöscht.
Beginne mit der Suche in 'D:\'
Der zu durchsuchende Pfad D:\ konnte nicht geöffnet werden!
Systemfehler [21]: Das Gerät ist nicht bereit.
Beginne mit der Suche in 'E:\'
Der zu durchsuchende Pfad E:\ konnte nicht geöffnet werden!
Systemfehler [21]: Das Gerät ist nicht bereit.
Beginne mit der Suche in 'F:\'
Der zu durchsuchende Pfad F:\ konnte nicht geöffnet werden!
Systemfehler [21]: Das Gerät ist nicht bereit.


Ende des Suchlaufs: Montag, 26. Dezember 2011  00:27
Benötigte Zeit: 48:45 Minute(n)

Der Suchlauf wurde vollständig durchgeführt.

  22731 Verzeichnisse wurden überprüft
 423969 Dateien wurden geprüft
    23 Viren bzw. unerwünschte Programme wurden gefunden
      0 Dateien wurden als verdächtig eingestuft
    13 Dateien wurden gelöscht
      0 Viren bzw. unerwünschte Programme wurden repariert
    13 Dateien wurden in die Quarantäne verschoben
      0 Dateien wurden umbenannt
      0 Dateien konnten nicht durchsucht werden
 423946 Dateien ohne Befall
  2734 Archive wurden durchsucht
      2 Warnungen
    13 Hinweise
  27201 Objekte wurden beim Rootkitscan durchsucht
      0 Versteckte Objekte wurden gefunden
nach dem zweiten und dritten mal scannen wurde nichts mehr gefunden.

Maleware
Code:
09:49:20        Sony User        MESSAGE        Protection started successfully
09:49:25        Sony User        MESSAGE        IP Protection started successfully
09:57:41        Sony User        IP-BLOCK        82.98.97.185 (Type: outgoing, Port: 49288, Process: svchost.exe)
09:57:41        Sony User        IP-BLOCK        82.98.97.203 (Type: outgoing, Port: 49289, Process: svchost.exe)
09:57:41        Sony User        IP-BLOCK        82.98.97.206 (Type: outgoing, Port: 49290, Process: svchost.exe)
09:57:41        Sony User        IP-BLOCK        82.98.97.183 (Type: outgoing, Port: 49291, Process: svchost.exe)
09:57:41        Sony User        IP-BLOCK        82.98.97.185 (Type: outgoing, Port: 49292, Process: svchost.exe)
10:05:55        Sony User        MESSAGE        Protection started successfully
10:05:59        Sony User        MESSAGE        IP Protection started successfully
10:14:17        Sony User        IP-BLOCK        82.98.97.185 (Type: outgoing, Port: 49349, Process: svchost.exe)
10:14:17        Sony User        IP-BLOCK        82.98.97.203 (Type: outgoing, Port: 49350, Process: svchost.exe)
10:14:17        Sony User        IP-BLOCK        82.98.97.206 (Type: outgoing, Port: 49351, Process: svchost.exe)
10:14:17        Sony User        IP-BLOCK        82.98.97.183 (Type: outgoing, Port: 49352, Process: svchost.exe)
10:14:17        Sony User        IP-BLOCK        82.98.97.185 (Type: outgoing, Port: 49353, Process: svchost.exe)
10:24:19        Sony User        IP-BLOCK        82.98.97.203 (Type: outgoing, Port: 49365, Process: svchost.exe)
10:24:19        Sony User        IP-BLOCK        82.98.97.206 (Type: outgoing, Port: 49366, Process: svchost.exe)
10:24:19        Sony User        IP-BLOCK        82.98.97.183 (Type: outgoing, Port: 49367, Process: svchost.exe)
10:24:19        Sony User        IP-BLOCK        82.98.97.185 (Type: outgoing, Port: 49368, Process: svchost.exe)
10:24:19        Sony User        IP-BLOCK        82.98.97.203 (Type: outgoing, Port: 49369, Process: svchost.exe)
10:34:20        Sony User        IP-BLOCK        82.98.97.206 (Type: outgoing, Port: 49474, Process: svchost.exe)
10:34:20        Sony User        IP-BLOCK        82.98.97.183 (Type: outgoing, Port: 49475, Process: svchost.exe)
10:34:20        Sony User        IP-BLOCK        82.98.97.185 (Type: outgoing, Port: 49476, Process: svchost.exe)
10:34:20        Sony User        IP-BLOCK        82.98.97.203 (Type: outgoing, Port: 49477, Process: svchost.exe)
10:34:20        Sony User        IP-BLOCK        82.98.97.206 (Type: outgoing, Port: 49478, Process: svchost.exe)
10:44:20        Sony User        IP-BLOCK        82.98.97.183 (Type: outgoing, Port: 49796, Process: svchost.exe)
10:44:21        Sony User        IP-BLOCK        82.98.97.185 (Type: outgoing, Port: 49797, Process: svchost.exe)
10:44:21        Sony User        IP-BLOCK        82.98.97.203 (Type: outgoing, Port: 49798, Process: svchost.exe)
10:44:21        Sony User        IP-BLOCK        82.98.97.206 (Type: outgoing, Port: 49799, Process: svchost.exe)
10:44:21        Sony User        IP-BLOCK        82.98.97.183 (Type: outgoing, Port: 49800, Process: svchost.exe)
10:53:01        Sony User        MESSAGE        Scheduled update executed successfully
10:54:25        Sony User        MESSAGE        IP Protection stopped
10:54:27        Sony User        MESSAGE        Database updated successfully
10:54:28        Sony User        MESSAGE        IP Protection started successfully
11:04:19        Sony User        IP-BLOCK        82.98.97.185 (Type: outgoing, Port: 49840, Process: svchost.exe)
11:04:19        Sony User        IP-BLOCK        82.98.97.203 (Type: outgoing, Port: 49841, Process: svchost.exe)
11:04:19        Sony User        IP-BLOCK        82.98.97.206 (Type: outgoing, Port: 49842, Process: svchost.exe)
11:04:19        Sony User        IP-BLOCK        82.98.97.183 (Type: outgoing, Port: 49843, Process: svchost.exe)
11:14:20        Sony User        IP-BLOCK        82.98.97.185 (Type: outgoing, Port: 49869, Process: svchost.exe)
11:14:20        Sony User        IP-BLOCK        82.98.97.203 (Type: outgoing, Port: 49870, Process: svchost.exe)
11:14:20        Sony User        IP-BLOCK        82.98.97.206 (Type: outgoing, Port: 49871, Process: svchost.exe)
11:14:20        Sony User        IP-BLOCK        82.98.97.183 (Type: outgoing, Port: 49872, Process: svchost.exe)
11:24:23        Sony User        IP-BLOCK        82.98.97.185 (Type: outgoing, Port: 49880, Process: svchost.exe)
11:24:23        Sony User        IP-BLOCK        82.98.97.203 (Type: outgoing, Port: 49881, Process: svchost.exe)
11:24:23        Sony User        IP-BLOCK        82.98.97.206 (Type: outgoing, Port: 49882, Process: svchost.exe)
11:24:23        Sony User        IP-BLOCK        82.98.97.183 (Type: outgoing, Port: 49883, Process: svchost.exe)
11:34:17        Sony User        IP-BLOCK        82.98.97.185 (Type: outgoing, Port: 49902, Process: svchost.exe)
11:34:17        Sony User        IP-BLOCK        82.98.97.203 (Type: outgoing, Port: 49903, Process: svchost.exe)
11:34:17        Sony User        IP-BLOCK        82.98.97.206 (Type: outgoing, Port: 49904, Process: svchost.exe)
11:34:17        Sony User        IP-BLOCK        82.98.97.183 (Type: outgoing, Port: 49905, Process: svchost.exe)
11:44:17        Sony User        IP-BLOCK        82.98.97.200 (Type: outgoing, Port: 49915, Process: svchost.exe)
11:54:18        Sony User        IP-BLOCK        82.98.97.185 (Type: outgoing, Port: 49943, Process: svchost.exe)
11:54:18        Sony User        IP-BLOCK        82.98.97.203 (Type: outgoing, Port: 49944, Process: svchost.exe)
11:54:18        Sony User        IP-BLOCK        82.98.97.206 (Type: outgoing, Port: 49945, Process: svchost.exe)
11:54:18        Sony User        IP-BLOCK        82.98.97.183 (Type: outgoing, Port: 49946, Process: svchost.exe)
12:04:21        Sony User        IP-BLOCK        82.98.97.185 (Type: outgoing, Port: 49962, Process: svchost.exe)
12:04:21        Sony User        IP-BLOCK        82.98.97.203 (Type: outgoing, Port: 49963, Process: svchost.exe)
12:04:21        Sony User        IP-BLOCK        82.98.97.206 (Type: outgoing, Port: 49964, Process: svchost.exe)
12:04:21        Sony User        IP-BLOCK        82.98.97.183 (Type: outgoing, Port: 49965, Process: svchost.exe)
12:14:21        Sony User        IP-BLOCK        82.98.97.185 (Type: outgoing, Port: 50337, Process: svchost.exe)
12:14:21        Sony User        IP-BLOCK        82.98.97.203 (Type: outgoing, Port: 50338, Process: svchost.exe)
12:14:21        Sony User        IP-BLOCK        82.98.97.206 (Type: outgoing, Port: 50339, Process: svchost.exe)
12:14:21        Sony User        IP-BLOCK        82.98.97.183 (Type: outgoing, Port: 50340, Process: svchost.exe)
12:24:22        Sony User        IP-BLOCK        82.98.97.185 (Type: outgoing, Port: 50683, Process: svchost.exe)
12:24:22        Sony User        IP-BLOCK        82.98.97.203 (Type: outgoing, Port: 50684, Process: svchost.exe)
12:24:22        Sony User        IP-BLOCK        82.98.97.206 (Type: outgoing, Port: 50685, Process: svchost.exe)
12:24:22        Sony User        IP-BLOCK        82.98.97.183 (Type: outgoing, Port: 50686, Process: svchost.exe)
12:34:23        Sony User        IP-BLOCK        82.98.97.200 (Type: outgoing, Port: 51033, Process: svchost.exe)
12:44:23        Sony User        IP-BLOCK        82.98.97.183 (Type: outgoing, Port: 51041, Process: svchost.exe)
12:44:23        Sony User        IP-BLOCK        82.98.97.185 (Type: outgoing, Port: 51042, Process: svchost.exe)
12:44:23        Sony User        IP-BLOCK        82.98.97.203 (Type: outgoing, Port: 51043, Process: svchost.exe)
12:44:23        Sony User        IP-BLOCK        82.98.97.206 (Type: outgoing, Port: 51044, Process: svchost.exe)
12:54:19        Sony User        IP-BLOCK        82.98.97.183 (Type: outgoing, Port: 51045, Process: svchost.exe)
12:54:19        Sony User        IP-BLOCK        82.98.97.185 (Type: outgoing, Port: 51046, Process: svchost.exe)
12:54:19        Sony User        IP-BLOCK        82.98.97.203 (Type: outgoing, Port: 51047, Process: svchost.exe)
12:54:19        Sony User        IP-BLOCK        82.98.97.206 (Type: outgoing, Port: 51048, Process: svchost.exe)
13:04:20        Sony User        IP-BLOCK        82.98.97.183 (Type: outgoing, Port: 51076, Process: svchost.exe)
13:04:20        Sony User        IP-BLOCK        82.98.97.185 (Type: outgoing, Port: 51077, Process: svchost.exe)
13:04:20        Sony User        IP-BLOCK        82.98.97.203 (Type: outgoing, Port: 51078, Process: svchost.exe)
13:04:20        Sony User        IP-BLOCK        82.98.97.206 (Type: outgoing, Port: 51079, Process: svchost.exe)
13:14:22        Sony User        IP-BLOCK        82.98.97.183 (Type: outgoing, Port: 51087, Process: svchost.exe)
13:14:22        Sony User        IP-BLOCK        82.98.97.185 (Type: outgoing, Port: 51088, Process: svchost.exe)
13:14:22        Sony User        IP-BLOCK        82.98.97.203 (Type: outgoing, Port: 51089, Process: svchost.exe)
13:14:22        Sony User        IP-BLOCK        82.98.97.206 (Type: outgoing, Port: 51090, Process: svchost.exe)
13:24:24        Sony User        IP-BLOCK        82.98.97.200 (Type: outgoing, Port: 51168, Process: svchost.exe)
13:34:25        Sony User        IP-BLOCK        82.98.97.183 (Type: outgoing, Port: 51184, Process: svchost.exe)
13:34:25        Sony User        IP-BLOCK        82.98.97.185 (Type: outgoing, Port: 51185, Process: svchost.exe)
13:34:25        Sony User        IP-BLOCK        82.98.97.203 (Type: outgoing, Port: 51186, Process: svchost.exe)
13:34:25        Sony User        IP-BLOCK        82.98.97.206 (Type: outgoing, Port: 51187, Process: svchost.exe)
13:44:25        Sony User        IP-BLOCK        82.98.97.183 (Type: outgoing, Port: 51196, Process: svchost.exe)
13:44:25        Sony User        IP-BLOCK        82.98.97.185 (Type: outgoing, Port: 51197, Process: svchost.exe)
13:44:25        Sony User        IP-BLOCK        82.98.97.203 (Type: outgoing, Port: 51198, Process: svchost.exe)
13:44:25        Sony User        IP-BLOCK        82.98.97.206 (Type: outgoing, Port: 51199, Process: svchost.exe)
13:54:19        Sony User        IP-BLOCK        82.98.97.183 (Type: outgoing, Port: 51200, Process: svchost.exe)
13:54:19        Sony User        IP-BLOCK        82.98.97.185 (Type: outgoing, Port: 51201, Process: svchost.exe)
13:54:19        Sony User        IP-BLOCK        82.98.97.203 (Type: outgoing, Port: 51202, Process: svchost.exe)
13:54:20        Sony User        IP-BLOCK        82.98.97.206 (Type: outgoing, Port: 51203, Process: svchost.exe)
14:11:44        Sony User        IP-BLOCK        82.98.97.206 (Type: outgoing, Port: 51220, Process: svchost.exe)
14:11:44        Sony User        IP-BLOCK        82.98.97.183 (Type: outgoing, Port: 51221, Process: svchost.exe)
14:11:44        Sony User        IP-BLOCK        82.98.97.185 (Type: outgoing, Port: 51222, Process: svchost.exe)
14:11:44        Sony User        IP-BLOCK        82.98.97.203 (Type: outgoing, Port: 51223, Process: svchost.exe)
14:21:53        Sony User        IP-BLOCK        82.98.97.200 (Type: outgoing, Port: 51620, Process: svchost.exe)
14:31:53        Sony User        IP-BLOCK        82.98.97.203 (Type: outgoing, Port: 51628, Process: svchost.exe)
14:31:53        Sony User        IP-BLOCK        82.98.97.206 (Type: outgoing, Port: 51629, Process: svchost.exe)
14:31:53        Sony User        IP-BLOCK        82.98.97.183 (Type: outgoing, Port: 51630, Process: svchost.exe)
14:31:53        Sony User        IP-BLOCK        82.98.97.185 (Type: outgoing, Port: 51631, Process: svchost.exe)
14:41:53        Sony User        IP-BLOCK        82.98.97.203 (Type: outgoing, Port: 51632, Process: svchost.exe)
14:41:53        Sony User        IP-BLOCK        82.98.97.206 (Type: outgoing, Port: 51633, Process: svchost.exe)
14:41:54        Sony User        IP-BLOCK        82.98.97.183 (Type: outgoing, Port: 51634, Process: svchost.exe)
14:41:54        Sony User        IP-BLOCK        82.98.97.185 (Type: outgoing, Port: 51635, Process: svchost.exe)
14:51:54        Sony User        IP-BLOCK        82.98.97.203 (Type: outgoing, Port: 51643, Process: svchost.exe)
14:51:54        Sony User        IP-BLOCK        82.98.97.206 (Type: outgoing, Port: 51644, Process: svchost.exe)
14:51:54        Sony User        IP-BLOCK        82.98.97.183 (Type: outgoing, Port: 51645, Process: svchost.exe)
14:51:54        Sony User        IP-BLOCK        82.98.97.185 (Type: outgoing, Port: 51646, Process: svchost.exe)
15:01:54        Sony User        IP-BLOCK        82.98.97.206 (Type: outgoing, Port: 51661, Process: svchost.exe)
15:01:54        Sony User        IP-BLOCK        82.98.97.183 (Type: outgoing, Port: 51662, Process: svchost.exe)
15:01:55        Sony User        IP-BLOCK        82.98.97.185 (Type: outgoing, Port: 51663, Process: svchost.exe)
15:01:55        Sony User        IP-BLOCK        82.98.97.203 (Type: outgoing, Port: 51664, Process: svchost.exe)
15:11:55        Sony User        IP-BLOCK        82.98.97.200 (Type: outgoing, Port: 51668, Process: svchost.exe)
15:21:50        Sony User        IP-BLOCK        82.98.97.206 (Type: outgoing, Port: 52165, Process: svchost.exe)
15:21:51        Sony User        IP-BLOCK        82.98.97.183 (Type: outgoing, Port: 52166, Process: svchost.exe)
15:21:51        Sony User        IP-BLOCK        82.98.97.185 (Type: outgoing, Port: 52167, Process: svchost.exe)
15:21:51        Sony User        IP-BLOCK        82.98.97.203 (Type: outgoing, Port: 52168, Process: svchost.exe)
15:31:51        Sony User        IP-BLOCK        82.98.97.185 (Type: outgoing, Port: 52176, Process: svchost.exe)
15:31:51        Sony User        IP-BLOCK        82.98.97.203 (Type: outgoing, Port: 52177, Process: svchost.exe)
15:31:51        Sony User        IP-BLOCK        82.98.97.206 (Type: outgoing, Port: 52178, Process: svchost.exe)
15:31:51        Sony User        IP-BLOCK        82.98.97.183 (Type: outgoing, Port: 52179, Process: svchost.exe)
15:41:51        Sony User        IP-BLOCK        82.98.97.185 (Type: outgoing, Port: 52300, Process: svchost.exe)
15:41:51        Sony User        IP-BLOCK        82.98.97.203 (Type: outgoing, Port: 52301, Process: svchost.exe)
15:41:51        Sony User        IP-BLOCK        82.98.97.206 (Type: outgoing, Port: 52302, Process: svchost.exe)
15:41:51        Sony User        IP-BLOCK        82.98.97.183 (Type: outgoing, Port: 52303, Process: svchost.exe)
15:51:52        Sony User        IP-BLOCK        82.98.97.185 (Type: outgoing, Port: 52311, Process: svchost.exe)
15:51:52        Sony User        IP-BLOCK        82.98.97.203 (Type: outgoing, Port: 52312, Process: svchost.exe)
15:51:52        Sony User        IP-BLOCK        82.98.97.206 (Type: outgoing, Port: 52313, Process: svchost.exe)
15:51:52        Sony User        IP-BLOCK        82.98.97.183 (Type: outgoing, Port: 52314, Process: svchost.exe)
16:01:52        Sony User        IP-BLOCK        82.98.97.200 (Type: outgoing, Port: 52324, Process: svchost.exe)
18:35:34        Sony User        IP-BLOCK        82.98.97.185 (Type: outgoing, Port: 52331, Process: svchost.exe)
18:40:30        Sony User        MESSAGE        Protection started successfully
18:40:34        Sony User        MESSAGE        IP Protection started successfully
18:48:51        Sony User        IP-BLOCK        82.98.97.185 (Type: outgoing, Port: 49337, Process: svchost.exe)
18:48:51        Sony User        IP-BLOCK        82.98.97.203 (Type: outgoing, Port: 49338, Process: svchost.exe)
18:48:51        Sony User        IP-BLOCK        82.98.97.206 (Type: outgoing, Port: 49339, Process: svchost.exe)
18:48:51        Sony User        IP-BLOCK        82.98.97.183 (Type: outgoing, Port: 49340, Process: svchost.exe)
18:48:51        Sony User        IP-BLOCK        82.98.97.185 (Type: outgoing, Port: 49341, Process: svchost.exe)
18:58:56        Sony User        IP-BLOCK        82.98.97.203 (Type: outgoing, Port: 49478, Process: svchost.exe)
18:58:56        Sony User        IP-BLOCK        82.98.97.206 (Type: outgoing, Port: 49479, Process: svchost.exe)
18:58:56        Sony User        IP-BLOCK        82.98.97.183 (Type: outgoing, Port: 49480, Process: svchost.exe)
18:58:56        Sony User        IP-BLOCK        82.98.97.185 (Type: outgoing, Port: 49481, Process: svchost.exe)
18:58:56        Sony User        IP-BLOCK        82.98.97.203 (Type: outgoing, Port: 49482, Process: svchost.exe)
19:08:49        Sony User        IP-BLOCK        82.98.97.206 (Type: outgoing, Port: 50112, Process: svchost.exe)
19:08:49        Sony User        IP-BLOCK        82.98.97.183 (Type: outgoing, Port: 50113, Process: svchost.exe)
19:08:49        Sony User        IP-BLOCK        82.98.97.203 (Type: outgoing, Port: 50114, Process: svchost.exe)
19:08:49        Sony User        IP-BLOCK        82.98.97.206 (Type: outgoing, Port: 50115, Process: svchost.exe)
19:08:49        Sony User        IP-BLOCK        82.98.97.183 (Type: outgoing, Port: 50116, Process: svchost.exe)
19:18:50        Sony User        IP-BLOCK        82.98.97.185 (Type: outgoing, Port: 50228, Process: svchost.exe)
19:18:50        Sony User        IP-BLOCK        82.98.97.203 (Type: outgoing, Port: 50229, Process: svchost.exe)
19:18:50        Sony User        IP-BLOCK        82.98.97.206 (Type: outgoing, Port: 50230, Process: svchost.exe)
19:18:50        Sony User        IP-BLOCK        82.98.97.183 (Type: outgoing, Port: 50231, Process: svchost.exe)
19:18:50        Sony User        IP-BLOCK        82.98.97.185 (Type: outgoing, Port: 50232, Process: svchost.exe)
19:28:53        Sony User        IP-BLOCK        82.98.97.200 (Type: outgoing, Port: 50967, Process: svchost.exe)
19:38:52        Sony User        IP-BLOCK        82.98.97.185 (Type: outgoing, Port: 51099, Process: svchost.exe)
19:38:52        Sony User        IP-BLOCK        82.98.97.203 (Type: outgoing, Port: 51100, Process: svchost.exe)
19:38:52        Sony User        IP-BLOCK        82.98.97.206 (Type: outgoing, Port: 51101, Process: svchost.exe)
19:38:52        Sony User        IP-BLOCK        82.98.97.183 (Type: outgoing, Port: 51102, Process: svchost.exe)
19:48:56        Sony User        IP-BLOCK        82.98.97.185 (Type: outgoing, Port: 51110, Process: svchost.exe)
19:48:56        Sony User        IP-BLOCK        82.98.97.203 (Type: outgoing, Port: 51111, Process: svchost.exe)
19:48:56        Sony User        IP-BLOCK        82.98.97.206 (Type: outgoing, Port: 51112, Process: svchost.exe)
19:48:56        Sony User        IP-BLOCK        82.98.97.183 (Type: outgoing, Port: 51113, Process: svchost.exe)
19:58:52        Sony User        IP-BLOCK        82.98.97.185 (Type: outgoing, Port: 51186, Process: svchost.exe)
19:58:52        Sony User        IP-BLOCK        82.98.97.203 (Type: outgoing, Port: 51187, Process: svchost.exe)
19:58:52        Sony User        IP-BLOCK        82.98.97.206 (Type: outgoing, Port: 51188, Process: svchost.exe)
19:58:52        Sony User        IP-BLOCK        82.98.97.183 (Type: outgoing, Port: 51189, Process: svchost.exe)
20:08:52        Sony User        IP-BLOCK        82.98.97.203 (Type: outgoing, Port: 51245, Process: svchost.exe)
20:08:52        Sony User        IP-BLOCK        82.98.97.206 (Type: outgoing, Port: 51246, Process: svchost.exe)
20:08:52        Sony User        IP-BLOCK        82.98.97.183 (Type: outgoing, Port: 51247, Process: svchost.exe)
20:08:52        Sony User        IP-BLOCK        82.98.97.185 (Type: outgoing, Port: 51248, Process: svchost.exe)
20:18:52        Sony User        IP-BLOCK        82.98.97.200 (Type: outgoing, Port: 51438, Process: svchost.exe)
20:28:52        Sony User        IP-BLOCK        82.98.97.203 (Type: outgoing, Port: 51659, Process: svchost.exe)
20:28:52        Sony User        IP-BLOCK        82.98.97.206 (Type: outgoing, Port: 51660, Process: svchost.exe)
20:28:52        Sony User        IP-BLOCK        82.98.97.183 (Type: outgoing, Port: 51661, Process: svchost.exe)
20:28:52        Sony User        IP-BLOCK        82.98.97.185 (Type: outgoing, Port: 51662, Process: svchost.exe)
20:38:55        Sony User        IP-BLOCK        82.98.97.183 (Type: outgoing, Port: 51681, Process: svchost.exe)
20:38:55        Sony User        IP-BLOCK        82.98.97.185 (Type: outgoing, Port: 51682, Process: svchost.exe)
20:38:55        Sony User        IP-BLOCK        82.98.97.203 (Type: outgoing, Port: 51683, Process: svchost.exe)
20:38:55        Sony User        IP-BLOCK        82.98.97.206 (Type: outgoing, Port: 51684, Process: svchost.exe)
20:48:51        Sony User        IP-BLOCK        82.98.97.183 (Type: outgoing, Port: 51693, Process: svchost.exe)
20:48:52        Sony User        IP-BLOCK        82.98.97.185 (Type: outgoing, Port: 51694, Process: svchost.exe)
20:48:52        Sony User        IP-BLOCK        82.98.97.203 (Type: outgoing, Port: 51695, Process: svchost.exe)
20:48:52        Sony User        IP-BLOCK        82.98.97.206 (Type: outgoing, Port: 51696, Process: svchost.exe)
20:58:56        Sony User        IP-BLOCK        82.98.97.183 (Type: outgoing, Port: 51797, Process: svchost.exe)
20:58:56        Sony User        IP-BLOCK        82.98.97.185 (Type: outgoing, Port: 51798, Process: svchost.exe)
20:58:56        Sony User        IP-BLOCK        82.98.97.203 (Type: outgoing, Port: 51799, Process: svchost.exe)
20:58:56        Sony User        IP-BLOCK        82.98.97.206 (Type: outgoing, Port: 51800, Process: svchost.exe)
21:08:53        Sony User        IP-BLOCK        82.98.97.200 (Type: outgoing, Port: 52182, Process: svchost.exe)
21:18:57        Sony User        IP-BLOCK        82.98.97.203 (Type: outgoing, Port: 52499, Process: svchost.exe)
21:18:57        Sony User        IP-BLOCK        82.98.97.206 (Type: outgoing, Port: 52500, Process: svchost.exe)
21:18:57        Sony User        IP-BLOCK        82.98.97.183 (Type: outgoing, Port: 52501, Process: svchost.exe)
21:18:57        Sony User        IP-BLOCK        82.98.97.185 (Type: outgoing, Port: 52502, Process: svchost.exe)
OTL

Code:
OTL logfile created on: 27.12.2011 21:16:46 - Run 3
OTL by OldTimer - Version 3.2.31.0    Folder = C:\Users\Sony User\Desktop
64bit- Home Premium Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,97 Gb Total Physical Memory | 1,82 Gb Available Physical Memory | 45,85% Memory free
7,93 Gb Paging File | 5,52 Gb Available in Paging File | 69,60% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 456,28 Gb Total Space | 328,10 Gb Free Space | 71,91% Space Free | Partition Type: NTFS
 
Computer Name: SONYUSER-VAIO | User Name: Sony User | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Sony User\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
PRC - C:\Users\SONYUS~1\AppData\Local\Temp\mexe.com (MicroWorld Technologies Inc.)
PRC - C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe (Sony Corporation)
PRC - C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe (Sony Corporation)
PRC - C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe (Sony Corporation)
PRC - C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe (Sony Corporation)
PRC - C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe (Sony Corporation)
PRC - C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe (Sony Corporation)
PRC - C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe (ArcSoft, Inc.)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll ()
MOD - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
MOD - C:\Windows\SysWOW64\msjetoledb40.dll ()
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - (VSNService) -- C:\Program Files\Sony\VAIO Smart Network\VSNService.exe (Sony Corporation)
SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV:64bit: - (VAIO Power Management) -- C:\Program Files\Sony\VAIO Power Management\SPMService.exe (Sony Corporation)
SRV:64bit: - (VcmINSMgr) -- C:\Program Files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe (Sony Corporation)
SRV:64bit: - (VcmIAlzMgr) -- C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe (Sony Corporation)
SRV:64bit: - (VcmXmlIfHelper) -- C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe (Sony Corporation)
SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (ServiceLayer) -- C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe (Nokia)
SRV - (ACDaemon) -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.)
SRV - (SOHPlMgr) -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHPlMgr.exe (Sony Corporation)
SRV - (SOHDms) -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe (Sony Corporation)
SRV - (SOHDs) -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe (Sony Corporation)
SRV - (SOHDBSvr) -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDBSvr.exe (Sony Corporation)
SRV - (SOHCImp) -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe (Sony Corporation)
SRV - (RtkAudioService) -- C:\Programme\Realtek\Audio\HDA\RtkAudioService64.exe (Realtek Semiconductor)
SRV - (Vcsw) -- C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe (Sony Corporation)
SRV - (VAIO Entertainment TV Device Arbitration Service) -- C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VzHardwareResourceManager\VzHardwareResourceManager\VzHardwareResourceManager.exe (Sony Corporation)
SRV - (VzCdbSvc) -- C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe (Sony Corporation)
SRV - (VCFw) -- C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe (Sony Corporation)
SRV - (btwdins) -- C:\Programme\WIDCOMM\Bluetooth Software\btwdins.exe (Broadcom Corporation.)
SRV - (VAIO Event Service) -- C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe (Sony Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (uCamMonitor) -- C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe (ArcSoft, Inc.)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (avkmgr) -- C:\Windows\SysNative\drivers\avkmgr.sys (Avira GmbH)
DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira GmbH)
DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira GmbH)
DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation)
DRV:64bit: - (PxHlpa64) -- C:\Windows\SysNative\drivers\PxHlpa64.sys (Sonic Solutions)
DRV:64bit: - (IntcHdmiAddService) Intel(R) -- C:\Windows\SysNative\drivers\IntcHdmi.sys (Intel(R) Corporation)
DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)
DRV:64bit: - (ApfiltrService) -- C:\Windows\SysNative\drivers\Apfiltr.sys (Alps Electric Co., Ltd.)
DRV:64bit: - (athr) -- C:\Windows\SysNative\drivers\athrx.sys (Atheros Communications, Inc.)
DRV:64bit: - (risdptsk) -- C:\Windows\SysNative\drivers\risdsn64.sys (REDC)
DRV:64bit: - (rimsptsk) -- C:\Windows\SysNative\drivers\rimssn64.sys (REDC)
DRV:64bit: - (yukonw7) -- C:\Windows\SysNative\drivers\yk62x64.sys (Marvell)
DRV:64bit: - (btwrchid) -- C:\Windows\SysNative\drivers\btwrchid.sys (Broadcom Corporation.)
DRV:64bit: - (btwavdt) -- C:\Windows\SysNative\drivers\btwavdt.sys (Broadcom Corporation.)
DRV:64bit: - (btwaudio) -- C:\Windows\SysNative\drivers\btwaudio.sys (Broadcom Corporation.)
DRV:64bit: - (btwl2cap) -- C:\Windows\SysNative\drivers\btwl2cap.sys (Broadcom Corporation.)
DRV:64bit: - (atikmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (RTHDMIAzAudService) -- C:\Windows\SysNative\drivers\RtHDMIVX.sys (Realtek Semiconductor Corp.)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (usbser) -- C:\Windows\SysNative\drivers\usbser.sys (Microsoft Corporation)
DRV:64bit: - (sdbus) -- C:\Windows\SysNative\drivers\sdbus.sys (Microsoft Corporation)
DRV:64bit: - (SFEP) -- C:\Windows\SysNative\drivers\SFEP.sys (Sony Corporation)
DRV:64bit: - (SrvHsfV92) -- C:\Windows\SysNative\drivers\VSTDPV6.SYS (Conexant Systems, Inc.)
DRV:64bit: - (SrvHsfWinac) -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS (Conexant Systems, Inc.)
DRV:64bit: - (SrvHsfHDA) -- C:\Windows\SysNative\drivers\VSTAZL6.SYS (Conexant Systems, Inc.)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (netw5v64) Intel(R) -- C:\Windows\SysNative\drivers\NETw5v64.sys (Intel Corporation)
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)
DRV:64bit: - (ArcSoftKsUFilter) -- C:\Windows\SysNative\drivers\ArcSoftKsUFilter.sys (ArcSoft, Inc.)
DRV:64bit: - (pccsmcfd) -- C:\Windows\SysNative\drivers\pccsmcfdx64.sys (Nokia)
DRV:64bit: - (hwdatacard) -- C:\Windows\SysNative\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default Download Directory = C:\Users\Sony User\Desktop
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = E9 42 7F 95 76 C4 CC 01  [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: ""
FF - prefs.js..browser.search.defaultthis.engineName: ""
FF - prefs.js..browser.search.defaulturl: ""
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: ""
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1
FF - prefs.js..extensions.enabledItems: {872b5b88-9db5-4310-bdd0-ac189557e5f5}:3.3.3.2
FF - prefs.js..extensions.enabledItems: {800b5000-a755-47e1-992b-48a1c1357f07}:1.1.9
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.1.94
FF - prefs.js..extensions.enabledItems: {6904342A-8307-11DF-A508-4AE2DFD72085}:2.1.1.94
FF - prefs.js..extensions.enabledItems:
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\html5video [2011.04.06 10:35:59 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\wpa [2011.04.06 10:35:59 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011.12.25 21:56:49 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011.12.25 22:48:51 | 000,000,000 | ---D | M]
 
[2010.05.03 18:23:16 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Sony User\AppData\Roaming\mozilla\Extensions
[2011.12.27 10:01:51 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Sony User\AppData\Roaming\mozilla\Firefox\Profiles\qzmkl14c.default\extensions
[2011.04.08 05:59:26 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Users\Sony User\AppData\Roaming\mozilla\Firefox\Profiles\qzmkl14c.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2010.08.18 21:28:53 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\Sony User\AppData\Roaming\mozilla\Firefox\Profiles\qzmkl14c.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2010.08.21 20:21:07 | 000,000,873 | ---- | M] () -- C:\Users\Sony User\AppData\Roaming\Mozilla\Firefox\Profiles\qzmkl14c.default\searchplugins\conduit.xml
[2010.12.21 14:59:20 | 000,000,950 | ---- | M] () -- C:\Users\Sony User\AppData\Roaming\Mozilla\Firefox\Profiles\qzmkl14c.default\searchplugins\icqplugin-2.xml
[2011.04.08 06:02:37 | 000,000,950 | ---- | M] () -- C:\Users\Sony User\AppData\Roaming\Mozilla\Firefox\Profiles\qzmkl14c.default\searchplugins\icqplugin-3.xml
[2011.04.08 05:59:26 | 000,000,168 | ---- | M] () -- C:\Users\Sony User\AppData\Roaming\Mozilla\Firefox\Profiles\qzmkl14c.default\searchplugins\icqplugin.gif
[2011.04.08 05:59:26 | 000,000,618 | ---- | M] () -- C:\Users\Sony User\AppData\Roaming\Mozilla\Firefox\Profiles\qzmkl14c.default\searchplugins\icqplugin.src
[2010.05.12 16:40:48 | 000,001,042 | ---- | M] () -- C:\Users\Sony User\AppData\Roaming\Mozilla\Firefox\Profiles\qzmkl14c.default\searchplugins\icqplugin.xml
[2011.12.25 22:12:56 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2010.06.27 03:20:32 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010.08.03 19:42:37 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010.11.07 01:27:09 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011.01.12 23:01:24 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011.02.21 08:10:16 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2011.12.25 22:12:56 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA}
[2011.04.06 10:35:59 | 000,000,000 | ---D | M] (DivX Plus Web Player HTML5 <video>) -- C:\PROGRAM FILES (X86)\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\HTML5VIDEO
[2011.04.06 10:35:59 | 000,000,000 | ---D | M] (DivX HiQ) -- C:\PROGRAM FILES (X86)\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\WPA
File not found (No name found) -- C:\USERS\SONY USER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QZMKL14C.DEFAULT\EXTENSIONS\{872B5B88-9DB5-4310-BDD0-AC189557E5F5}
File not found (No name found) -- C:\USERS\SONY USER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QZMKL14C.DEFAULT\EXTENSIONS\ENGINE@CONDUIT.COM
[2011.11.10 05:54:13 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2011.04.09 11:40:26 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011.04.09 11:40:27 | 000,002,344 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2011.04.09 11:40:27 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2011.04.09 11:40:27 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2011.04.09 11:40:27 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
 
O1 HOSTS File: ([2011.12.26 11:41:02 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1      localhost
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O4:64bit: - HKLM..\Run: [Apoint] C:\Programme\Apoint\Apoint.exe (Alps Electric Co., Ltd.)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Programme\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [ISBMgr.exe] C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe (Sony Corporation)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Sony User\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8:64bit: - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html File not found
O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Sony User\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html File not found
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O9:64bit: - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: Senden an Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Senden an &Bluetooth-Gerät... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3DBEED24-4889-479C-82EC-D972CD7A8EFF}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{59F4ACDD-B2C9-4F4E-969D-FD30745D2CD0}: DhcpNameServer = 192.168.0.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O20 - Winlogon\Notify\VESWinlogon: DllName - (VESWinlogon.dll) - C:\Windows\SysWow64\VESWinlogon.dll (Sony Corporation)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011.12.27 19:30:50 | 000,000,000 | ---D | C] -- C:\Windows\VDLL.DLL
[2011.12.27 19:30:50 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\runouce.exe
[2011.12.27 19:30:50 | 000,000,000 | ---D | C] -- C:\Windows\rundll16.exe
[2011.12.27 19:30:50 | 000,000,000 | ---D | C] -- C:\Windows\RUNDL132.EXE
[2011.12.27 19:30:50 | 000,000,000 | ---D | C] -- C:\Windows\logo1_.exe
[2011.12.27 19:30:50 | 000,000,000 | ---D | C] -- C:\Windows\logo_1.exe
[2011.12.27 19:22:32 | 000,632,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msvcr80.dll
[2011.12.27 19:22:31 | 000,554,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msvcp80.dll
[2011.12.27 19:22:30 | 000,034,048 | ---- | C] (MicroWorld Technologies Inc.) -- C:\Windows\SysWow64\eEmpty.exe
[2011.12.27 19:22:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\MicroWorld
[2011.12.27 19:22:22 | 000,000,000 | ---D | C] -- C:\ProgramData\MicroWorld
[2011.12.27 15:15:35 | 000,000,000 | ---D | C] -- C:\Users\Sony User\Desktop\Virus
[2011.12.27 15:10:58 | 000,000,000 | ---D | C] -- C:\Users\Sony User\AppData\Roaming\Roxio Log Files
[2011.12.27 15:08:56 | 000,000,000 | ---D | C] -- C:\Users\Sony User\AppData\Local\SvchostViewer
[2011.12.27 13:21:37 | 000,000,000 | ---D | C] -- C:\ProgramData\SecTaskMan
[2011.12.27 10:06:29 | 001,918,464 | ---- | C] (AVAST Software) -- C:\Users\Sony User\Desktop\aswMBR.exe
[2011.12.27 09:58:06 | 000,000,000 | ---D | C] -- C:\_OTL
[2011.12.27 09:56:29 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Sony User\Desktop\OTL.exe
[2011.12.26 22:41:07 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2011.12.26 11:56:11 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2011.12.26 11:34:31 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011.12.26 03:06:34 | 000,096,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2011.12.26 03:06:33 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2011.12.26 03:06:32 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2011.12.26 03:06:32 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2011.12.26 03:06:31 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2011.12.26 03:06:31 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2011.12.26 03:06:28 | 002,309,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2011.12.26 03:06:28 | 001,493,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2011.12.26 03:06:28 | 001,427,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2011.12.26 03:06:27 | 000,818,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2011.12.26 03:06:27 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2011.12.25 22:20:28 | 000,000,000 | ---D | C] -- C:\Users\Sony User\AppData\Local\{3C11D02F-DA75-4D54-B37B-8BBA3405470A}
[2011.12.25 22:20:16 | 000,000,000 | ---D | C] -- C:\Users\Sony User\AppData\Local\{07CBAF22-9E3F-4F65-8175-5AA39A15B517}
[2011.12.25 22:18:12 | 000,000,000 | ---D | C] -- C:\Windows\PCHEALTH
[2011.12.25 22:17:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
[2011.12.25 22:17:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Silverlight
[2011.12.25 22:13:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2011.12.25 22:12:54 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe
[2011.12.25 22:12:54 | 000,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe
[2011.12.25 22:12:54 | 000,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe
[2011.12.25 22:10:14 | 000,000,000 | ---D | C] -- C:\Users\Sony User\AppData\Roaming\Avira
[2011.12.25 22:07:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
[2011.12.25 22:07:10 | 000,130,760 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avipbb.sys
[2011.12.25 22:07:10 | 000,097,312 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avgntflt.sys
[2011.12.25 22:07:10 | 000,027,760 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avkmgr.sys
[2011.12.25 22:07:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2011.12.25 22:07:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Avira
[2011.12.25 22:04:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DVDVideoSoft
[2011.12.25 21:48:07 | 000,319,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\odbcjt32.dll
[2011.12.25 21:48:07 | 000,212,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\odbctrac.dll
[2011.12.25 21:48:07 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\odbctrac.dll
[2011.12.25 21:48:07 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\odbccp32.dll
[2011.12.25 21:48:07 | 000,122,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\odbccp32.dll
[2011.12.25 21:48:07 | 000,106,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\odbccu32.dll
[2011.12.25 21:48:07 | 000,106,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\odbccr32.dll
[2011.12.25 21:48:07 | 000,086,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\odbccu32.dll
[2011.12.25 21:48:07 | 000,081,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\odbccr32.dll
[2011.12.25 21:47:57 | 000,142,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\poqexec.exe
[2011.12.25 21:47:57 | 000,123,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\poqexec.exe
[2011.12.25 21:47:52 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\csrsrv.dll
[2011.12.25 21:47:23 | 000,613,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\psisdecd.dll
[2011.12.25 21:47:23 | 000,465,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\psisdecd.dll
[2011.12.25 21:47:23 | 000,288,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MSNP.ax
[2011.12.25 21:47:23 | 000,204,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MSNP.ax
[2011.12.25 21:47:23 | 000,108,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\psisrndr.ax
[2011.12.25 21:47:23 | 000,075,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\psisrndr.ax
[2011.12.25 21:47:22 | 000,104,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Mpeg2Data.ax
[2011.12.25 21:47:22 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Mpeg2Data.ax
[2011.12.25 21:47:21 | 000,075,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MSDvbNP.ax
[2011.12.25 21:47:21 | 000,059,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MSDvbNP.ax
[2011.12.25 21:47:19 | 001,162,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kernel32.dll
[2011.12.25 21:47:19 | 000,422,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KernelBase.dll
[2011.12.25 21:47:19 | 000,362,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64win.dll
[2011.12.25 21:47:19 | 000,338,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\conhost.exe
[2011.12.25 21:47:19 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64.dll
[2011.12.25 21:47:19 | 000,214,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll
[2011.12.25 21:47:18 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe
[2011.12.25 21:47:18 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntvdm64.dll
[2011.12.25 21:47:17 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll
[2011.12.25 21:47:17 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64cpu.dll
[2011.12.25 21:47:17 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe
[2011.12.25 21:47:17 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll
[2011.12.25 21:47:17 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll
[2011.12.25 21:47:17 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-libraryloader-l1-1-0.dll
[2011.12.25 21:47:16 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
[2011.12.25 21:47:16 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-security-base-l1-1-0.dll
[2011.12.25 21:47:16 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-file-l1-1-0.dll
[2011.12.25 21:47:16 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-file-l1-1-0.dll
[2011.12.25 21:47:16 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
[2011.12.25 21:47:16 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-threadpool-l1-1-0.dll
[2011.12.25 21:47:16 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll
[2011.12.25 21:47:16 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processthreads-l1-1-0.dll
[2011.12.25 21:47:16 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll
[2011.12.25 21:47:16 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-sysinfo-l1-1-0.dll
[2011.12.25 21:47:16 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll
[2011.12.25 21:47:16 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-synch-l1-1-0.dll
[2011.12.25 21:47:16 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll
[2011.12.25 21:47:16 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll
[2011.12.25 21:47:16 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localregistry-l1-1-0.dll
[2011.12.25 21:47:16 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll
[2011.12.25 21:47:16 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localization-l1-1-0.dll
[2011.12.25 21:47:16 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
[2011.12.25 21:47:16 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-rtlsupport-l1-1-0.dll
[2011.12.25 21:47:16 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll
[2011.12.25 21:47:16 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processenvironment-l1-1-0.dll
[2011.12.25 21:47:16 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll
[2011.12.25 21:47:16 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-namedpipe-l1-1-0.dll
[2011.12.25 21:47:16 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-misc-l1-1-0.dll
[2011.12.25 21:47:16 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll
[2011.12.25 21:47:16 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-memory-l1-1-0.dll
[2011.12.25 21:47:16 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll
[2011.12.25 21:47:16 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll
[2011.12.25 21:47:16 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-heap-l1-1-0.dll
[2011.12.25 21:47:16 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-xstate-l1-1-0.dll
[2011.12.25 21:47:16 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
[2011.12.25 21:47:16 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-util-l1-1-0.dll
[2011.12.25 21:47:16 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-string-l1-1-0.dll
[2011.12.25 21:47:16 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-string-l1-1-0.dll
[2011.12.25 21:47:16 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll
[2011.12.25 21:47:16 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll
[2011.12.25 21:47:16 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-profile-l1-1-0.dll
[2011.12.25 21:47:16 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-io-l1-1-0.dll
[2011.12.25 21:47:16 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-io-l1-1-0.dll
[2011.12.25 21:47:16 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-interlocked-l1-1-0.dll
[2011.12.25 21:47:16 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll
[2011.12.25 21:47:16 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-handle-l1-1-0.dll
[2011.12.25 21:47:16 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll
[2011.12.25 21:47:16 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-fibers-l1-1-0.dll
[2011.12.25 21:47:16 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll
[2011.12.25 21:47:16 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-errorhandling-l1-1-0.dll
[2011.12.25 21:47:16 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll
[2011.12.25 21:47:16 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-delayload-l1-1-0.dll
[2011.12.25 21:47:16 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll
[2011.12.25 21:47:16 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-debug-l1-1-0.dll
[2011.12.25 21:47:16 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll
[2011.12.25 21:47:16 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-datetime-l1-1-0.dll
[2011.12.25 21:47:16 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-console-l1-1-0.dll
[2011.12.25 21:47:16 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-console-l1-1-0.dll
[2011.12.25 21:47:15 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe
[2011.12.25 21:47:13 | 000,252,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\drvinst.exe
[2011.12.25 21:47:13 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\devrtl.dll
[2011.12.25 21:47:10 | 000,861,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\oleaut32.dll
[2011.12.25 21:47:10 | 000,331,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\oleacc.dll
[2011.12.25 21:47:09 | 000,723,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\EncDec.dll
[2011.12.25 21:47:09 | 000,534,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\EncDec.dll
[2011.12.25 21:46:55 | 005,507,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2011.12.25 21:46:55 | 003,957,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2011.12.25 21:46:54 | 003,902,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2011.12.25 21:36:20 | 000,414,368 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
 
========== Files - Modified Within 30 Days ==========
 
[2011.12.27 21:19:38 | 000,041,272 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2011.12.27 19:30:50 | 000,000,054 | ---- | M] () -- C:\Windows\Lic.xxx
[2011.12.27 19:22:31 | 000,632,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msvcr80.dll
[2011.12.27 19:22:30 | 000,554,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msvcp80.dll
[2011.12.27 19:22:29 | 000,034,048 | ---- | M] (MicroWorld Technologies Inc.) -- C:\Windows\SysWow64\eEmpty.exe
[2011.12.27 19:21:44 | 068,866,904 | ---- | M] () -- C:\Users\Sony User\Desktop\mwav.exe
[2011.12.27 18:45:35 | 000,009,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011.12.27 18:45:35 | 000,009,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011.12.27 18:37:32 | 000,065,536 | ---- | M] () -- C:\Windows\SysNative\Ikeext.etl
[2011.12.27 18:37:19 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.12.27 18:37:06 | 3195,293,696 | -HS- | M] () -- C:\hiberfil.sys
[2011.12.27 15:12:03 | 000,000,181 | ---- | M] () -- C:\Windows\WININIT.INI
[2011.12.27 10:06:29 | 001,918,464 | ---- | M] (AVAST Software) -- C:\Users\Sony User\Desktop\aswMBR.exe
[2011.12.27 09:56:29 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Sony User\Desktop\OTL.exe
[2011.12.26 11:41:02 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2011.12.26 09:23:34 | 001,472,002 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011.12.26 09:23:34 | 000,643,866 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2011.12.26 09:23:34 | 000,607,190 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011.12.26 09:23:34 | 000,126,394 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2011.12.26 09:23:34 | 000,103,568 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011.12.26 09:16:06 | 000,446,816 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2011.12.25 21:36:20 | 000,414,368 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2011.12.15 15:00:00 | 000,027,760 | ---- | M] (Avira GmbH) -- C:\Windows\SysNative\drivers\avkmgr.sys
[2011.12.15 14:59:59 | 000,130,760 | ---- | M] (Avira GmbH) -- C:\Windows\SysNative\drivers\avipbb.sys
[2011.12.15 14:59:59 | 000,097,312 | ---- | M] (Avira GmbH) -- C:\Windows\SysNative\drivers\avgntflt.sys
 
========== Files Created - No Company Name ==========
 
[2011.12.27 19:22:47 | 000,000,054 | ---- | C] () -- C:\Windows\Lic.xxx
[2011.12.27 19:20:18 | 068,866,904 | ---- | C] () -- C:\Users\Sony User\Desktop\mwav.exe
[2011.12.27 15:12:03 | 000,000,181 | ---- | C] () -- C:\Windows\WININIT.INI
[2011.12.25 22:19:24 | 000,002,486 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Messenger.lnk
[2010.07.25 08:39:33 | 000,008,192 | ---- | C] () -- C:\Users\Sony User\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.04.05 19:37:57 | 000,008,718 | ---- | C] () -- C:\Users\Sony User\AppData\Roaming\wklnhst.dat
[2009.12.20 18:02:09 | 000,027,639 | ---- | C] () -- C:\Users\Sony User\AppData\Roaming\UserTile.png
[2009.09.06 09:32:41 | 000,000,000 | ---- | C] () -- C:\Windows\VAIOUpdt.INI
[2009.09.06 09:07:13 | 000,002,835 | ---- | C] () -- C:\Windows\SysWow64\McOEMAppRules.dat
[2009.08.17 21:11:49 | 000,982,220 | ---- | C] () -- C:\Windows\SysWow64\igkrng500.bin
[2009.08.17 21:11:46 | 000,134,592 | ---- | C] () -- C:\Windows\SysWow64\igfcg500.bin
[2009.08.17 21:11:46 | 000,092,216 | ---- | C] () -- C:\Windows\SysWow64\igfcg500m.bin
[2009.08.17 21:11:44 | 000,439,300 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng500.bin
[2009.08.17 13:27:21 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2009.07.14 06:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009.07.14 03:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009.07.14 03:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009.07.14 01:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009.07.14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009.07.13 22:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009.06.10 22:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat

< End of report >

cosinus 28.12.2011 05:04
Bitte nun routinemäßig einen Vollscan mit malwarebytes machen und Log posten.
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss! Außerdem müssen alle Funde entfernt werden.

Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten!



ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset





Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:
hier steht das Log

Sohn_des_Mondes 28.12.2011 13:15
Maleware

Code:
Malwarebytes Anti-Malware (Test) 1.60.0.1800
www.malwarebytes.org

Datenbank Version: v2011.12.28.02

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Sony User :: SONYUSER-VAIO [Administrator]

Schutz: Aktiviert

28.12.2011 10:46:12
mbam-log-2011-12-28 (10-46-12).txt

Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 324846
Laufzeit: 52 Minute(n), 3 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)
Eset
Code:
ESETSmartInstaller@High as CAB hook log:
OnlineScanner64.ocx - registred OK
OnlineScanner.ocx - registred OK
esets_scanner_update returned -1 esets_gle=53251
# version=7
# iexplore.exe=9.00.8112.16421 (WIN7_IE9_RTM.110308-0330)
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=2daebe132a1b754e92169ba32dd6ea20
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2011-12-28 09:32:24
# local_time=2011-12-28 10:32:24 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=512 16777215 100 0 0 0 0 0
# compatibility_mode=1792 16777215 100 0 217348 217348 0 0
# compatibility_mode=5893 16776573 100 94 7865 76690822 0 0
# compatibility_mode=8192 67108863 100 0 5863 5863 0 0
# scanned=158839
# found=0
# cleaned=0
# scan_time=3773
antivir
Code:

Avira Free Antivirus
Erstellungsdatum der Reportdatei: Sonntag, 25. Dezember 2011  23:39

Es wird nach 2970283 Virenstämmen gesucht.

Das Programm läuft als uneingeschränkte Vollversion.
Online-Dienste stehen zur Verfügung.

Lizenznehmer  : Avira AntiVir Personal - Free Antivirus
Seriennummer  : 0000149996-ADJIE-0000001
Plattform      : Windows 7 x64
Windowsversion : (plain)  [6.1.7600]
Boot Modus    : Normal gebootet
Benutzername  : Sony User
Computername  : SONYUSER-VAIO

Versionsinformationen:
BUILD.DAT      : 12.0.0.872    41826 Bytes  15.12.2011 16:24:00
AVSCAN.EXE    : 12.1.0.18    490448 Bytes  15.12.2011 13:59:39
AVSCAN.DLL    : 12.1.0.17      65744 Bytes  15.12.2011 13:59:56
LUKE.DLL      : 12.1.0.17      68304 Bytes  15.12.2011 13:59:47
AVSCPLR.DLL    : 12.1.0.21      99536 Bytes  15.12.2011 13:59:39
AVREG.DLL      : 12.1.0.27    227536 Bytes  15.12.2011 13:59:38
VBASE000.VDF  : 7.10.0.0    19875328 Bytes  06.11.2009 18:18:34
VBASE001.VDF  : 7.11.0.0    13342208 Bytes  14.12.2010 23:31:49
VBASE002.VDF  : 7.11.19.170 14374912 Bytes  20.12.2011 21:08:17
VBASE003.VDF  : 7.11.19.171    2048 Bytes  20.12.2011 21:08:17
VBASE004.VDF  : 7.11.19.172    2048 Bytes  20.12.2011 21:08:17
VBASE005.VDF  : 7.11.19.173    2048 Bytes  20.12.2011 21:08:17
VBASE006.VDF  : 7.11.19.174    2048 Bytes  20.12.2011 21:08:17
VBASE007.VDF  : 7.11.19.175    2048 Bytes  20.12.2011 21:08:17
VBASE008.VDF  : 7.11.19.176    2048 Bytes  20.12.2011 21:08:18
VBASE009.VDF  : 7.11.19.177    2048 Bytes  20.12.2011 21:08:18
VBASE010.VDF  : 7.11.19.178    2048 Bytes  20.12.2011 21:08:18
VBASE011.VDF  : 7.11.19.179    2048 Bytes  20.12.2011 21:08:18
VBASE012.VDF  : 7.11.19.180    2048 Bytes  20.12.2011 21:08:18
VBASE013.VDF  : 7.11.19.217  182784 Bytes  22.12.2011 21:08:18
VBASE014.VDF  : 7.11.19.255  148480 Bytes  24.12.2011 21:08:19
VBASE015.VDF  : 7.11.20.0      2048 Bytes  24.12.2011 21:08:19
VBASE016.VDF  : 7.11.20.1      2048 Bytes  24.12.2011 21:08:19
VBASE017.VDF  : 7.11.20.2      2048 Bytes  24.12.2011 21:08:19
VBASE018.VDF  : 7.11.20.3      2048 Bytes  24.12.2011 21:08:19
VBASE019.VDF  : 7.11.20.4      2048 Bytes  24.12.2011 21:08:19
VBASE020.VDF  : 7.11.20.5      2048 Bytes  24.12.2011 21:08:19
VBASE021.VDF  : 7.11.20.6      2048 Bytes  24.12.2011 21:08:19
VBASE022.VDF  : 7.11.20.7      2048 Bytes  24.12.2011 21:08:19
VBASE023.VDF  : 7.11.20.8      2048 Bytes  24.12.2011 21:08:19
VBASE024.VDF  : 7.11.20.9      2048 Bytes  24.12.2011 21:08:19
VBASE025.VDF  : 7.11.20.10      2048 Bytes  24.12.2011 21:08:19
VBASE026.VDF  : 7.11.20.11      2048 Bytes  24.12.2011 21:08:19
VBASE027.VDF  : 7.11.20.12      2048 Bytes  24.12.2011 21:08:19
VBASE028.VDF  : 7.11.20.13      2048 Bytes  24.12.2011 21:08:19
VBASE029.VDF  : 7.11.20.14      2048 Bytes  24.12.2011 21:08:19
VBASE030.VDF  : 7.11.20.15      2048 Bytes  24.12.2011 21:08:19
VBASE031.VDF  : 7.11.20.18    81920 Bytes  25.12.2011 21:08:20
Engineversion  : 8.2.8.8 
AEVDF.DLL      : 8.1.2.2      106868 Bytes  15.12.2011 13:59:36
AESCRIPT.DLL  : 8.1.3.92      495996 Bytes  25.12.2011 21:08:24
AESCN.DLL      : 8.1.7.2      127349 Bytes  14.12.2011 23:31:02
AESBX.DLL      : 8.2.4.5      434549 Bytes  15.12.2011 13:59:35
AERDL.DLL      : 8.1.9.15      639348 Bytes  14.12.2011 23:31:02
AEPACK.DLL    : 8.2.15.1      770423 Bytes  15.12.2011 13:59:35
AEOFFICE.DLL  : 8.1.2.24      201084 Bytes  25.12.2011 21:08:23
AEHEUR.DLL    : 8.1.3.8      4231543 Bytes  25.12.2011 21:08:23
AEHELP.DLL    : 8.1.18.0      254327 Bytes  15.12.2011 13:59:31
AEGEN.DLL      : 8.1.5.17      405877 Bytes  15.12.2011 13:59:31
AEEMU.DLL      : 8.1.3.0      393589 Bytes  14.12.2011 23:30:58
AECORE.DLL    : 8.1.24.2      201080 Bytes  25.12.2011 21:08:20
AEBB.DLL      : 8.1.1.0        53618 Bytes  14.12.2011 23:30:58
AVWINLL.DLL    : 12.1.0.17      27344 Bytes  15.12.2011 13:59:41
AVPREF.DLL    : 12.1.0.17      51920 Bytes  15.12.2011 13:59:38
AVREP.DLL      : 12.1.0.17    179408 Bytes  15.12.2011 13:59:38
AVARKT.DLL    : 12.1.0.19    208848 Bytes  15.12.2011 13:59:36
AVEVTLOG.DLL  : 12.1.0.17    169168 Bytes  15.12.2011 13:59:37
SQLITE3.DLL    : 3.7.0.0      398288 Bytes  15.12.2011 13:59:50
AVSMTP.DLL    : 12.1.0.17      62928 Bytes  15.12.2011 13:59:39
NETNT.DLL      : 12.1.0.17      17104 Bytes  15.12.2011 13:59:47
RCIMAGE.DLL    : 12.1.0.17    4447952 Bytes  15.12.2011 13:59:58
RCTEXT.DLL    : 12.1.0.16      98512 Bytes  15.12.2011 13:59:59

Konfiguration für den aktuellen Suchlauf:
Job Name..............................: Lokale Laufwerke
Konfigurationsdatei...................: C:\Program Files (x86)\Avira\AntiVir Desktop\alldrives.avp
Protokollierung.......................: standard
Primäre Aktion........................: löschen
Sekundäre Aktion......................: löschen
Durchsuche Masterbootsektoren.........: ein
Durchsuche Bootsektoren...............: ein
Bootsektoren..........................: C:, D:, E:, F:,
Durchsuche aktive Programme...........: ein
Durchsuche Registrierung..............: ein
Suche nach Rootkits...................: ein
Integritätsprüfung von Systemdateien..: ein
Datei Suchmodus.......................: Alle Dateien
Durchsuche Archive....................: ein
Rekursionstiefe einschränken..........: 20
Archiv Smart Extensions...............: ein
Abweichende Archivtypen...............: +BSD Mailbox, +Netscape/Mozilla Mailbox, +Eudora Mailbox, +Squid cache, +Pegasus Mailbox, +MS Outlook Mailbox, +ISO 9660,
Makrovirenheuristik...................: ein
Dateiheuristik........................: vollständig
Abweichende Gefahrenkategorien........: +APPL,+GAME,+JOKE,+PCK,+PFS,+SPR,

Beginn des Suchlaufs: Sonntag, 25. Dezember 2011  23:39

Der Suchlauf über die Masterbootsektoren wird begonnen:
Masterbootsektor HD0
    [INFO]      Es wurde kein Virus gefunden!
Masterbootsektor HD1
    [INFO]      Es wurde kein Virus gefunden!
Masterbootsektor HD2
    [INFO]      Es wurde kein Virus gefunden!

Der Suchlauf über die Bootsektoren wird begonnen:
Bootsektor 'C:\'
    [INFO]      Es wurde kein Virus gefunden!
Bootsektor 'D:\'
    [INFO]      Im  Laufwerk 'D:\' ist kein Datenträger eingelegt!
Bootsektor 'E:\'
    [INFO]      Im  Laufwerk 'E:\' ist kein Datenträger eingelegt!

Der Suchlauf nach versteckten Objekten wird begonnen.

Der Suchlauf über gestartete Prozesse wird begonnen:
Durchsuche Prozess 'avscan.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'avcenter.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'mbamgui.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'mbamservice.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'avgnt.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'sched.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'avguard.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'AdobeARM.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'VCSW.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'ISBMgr.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'VESMgrSub.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'VMCService.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'DllHost.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'VzCdbSvc.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'VCFw.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'VESMgr.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'uCamMonitor.exe' - '1' Modul(e) wurden durchsucht

Untersuchung der Systemdateien wird begonnen:
Signiert -> 'C:\Windows\system32\svchost.exe'
Signiert -> 'C:\Windows\system32\winlogon.exe'
Signiert -> 'C:\Windows\explorer.exe'
Signiert -> 'C:\Windows\system32\smss.exe'
Signiert -> 'C:\Windows\system32\wininet.DLL'
Signiert -> 'C:\Windows\system32\wsock32.DLL'
Signiert -> 'C:\Windows\system32\ws2_32.DLL'
Signiert -> 'C:\Windows\system32\services.exe'
Signiert -> 'C:\Windows\system32\lsass.exe'
Signiert -> 'C:\Windows\system32\csrss.exe'
Signiert -> 'C:\Windows\system32\drivers\kbdclass.sys'
Signiert -> 'C:\Windows\system32\spoolsv.exe'
Signiert -> 'C:\Windows\system32\alg.exe'
Signiert -> 'C:\Windows\system32\wuauclt.exe'
Signiert -> 'C:\Windows\system32\advapi32.DLL'
Signiert -> 'C:\Windows\system32\user32.DLL'
Signiert -> 'C:\Windows\system32\gdi32.DLL'
Signiert -> 'C:\Windows\system32\kernel32.DLL'
Signiert -> 'C:\Windows\system32\ntdll.DLL'
Signiert -> 'C:\Windows\system32\ntoskrnl.exe'
Signiert -> 'C:\Windows\system32\ctfmon.exe'
Die Systemdateien wurden durchsucht ('21' Dateien)

Der Suchlauf auf Verweise zu ausführbaren Dateien (Registry) wird begonnen:
Die Registry wurde durchsucht ( '2857' Dateien ).


Der Suchlauf über die ausgewählten Dateien wird begonnen:

Beginne mit der Suche in 'C:\'
C:\Users\Sony User\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KTDI2CKT\wlsetup-all.exe
  [0] Archivtyp: Portable Executable Resource
  --> object
      [1] Archivtyp: CAB (Microsoft)
    --> WriterProdLang.7z
        [2] Archivtyp: 7-Zip
      --> WriterProdLang.cab
          [3] Archivtyp: CAB (Microsoft)
        --> writerprodlang.msi
            [WARNUNG]  Die Datei konnte nicht gelesen werden!
  --> object
      [1] Archivtyp: CAB (Microsoft)
    --> LanguageSelector64.7z
        [2] Archivtyp: 7-Zip
      --> LanguageSelector64.cab
          [3] Archivtyp: CAB (Microsoft)
        --> LanguageSelector64.msi
            [WARNUNG]  Die Datei konnte nicht gelesen werden!
C:\Users\Sony User\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\12\1dd6a40c-251ef117
  [0] Archivtyp: ZIP
  --> ________vload.class
      [FUND]      Enthält Erkennungsmuster des Exploits EXP/CVE-2008-5353.KM
  --> vmain.class
      [FUND]      Enthält Erkennungsmuster des Exploits EXP/CVE-2008-5353.ND
  [HINWEIS]  Eine Sicherungskopie wurde unter dem Namen 4944268e.qua erstellt ( QUARANTÄNE )
  [HINWEIS]  Die Datei wurde gelöscht.
C:\Users\Sony User\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\18\105e14d2-140a64fd
  [0] Archivtyp: ZIP
  --> Base64cod.class
      [FUND]      Enthält Erkennungsmuster des Java-Virus JAVA/Dldr.Small.hej
  --> Googles.class
      [FUND]      Enthält Erkennungsmuster des Java-Virus JAVA/Agent.F.18035
  [HINWEIS]  Eine Sicherungskopie wurde unter dem Namen 51a4091d.qua erstellt ( QUARANTÄNE )
  [HINWEIS]  Die Datei wurde gelöscht.
C:\Users\Sony User\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\23\160ba957-7a18bb26
  [0] Archivtyp: ZIP
  --> ________vload.class
      [FUND]      Enthält Erkennungsmuster des Java-Virus JAVA/Agent.AH
  --> vmain.class
      [FUND]      Enthält Erkennungsmuster des Exploits EXP/CVE-2008-5353.PA
  [HINWEIS]  Eine Sicherungskopie wurde unter dem Namen 03f053fc.qua erstellt ( QUARANTÄNE )
  [HINWEIS]  Die Datei wurde gelöscht.
C:\Users\Sony User\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\25\cf0c019-64d6e84d
  [0] Archivtyp: ZIP
  --> sunos/Globales.class
      [FUND]      Enthält Erkennungsmuster des Java-Virus JAVA/SystemSpy.A.1
  --> sunos/Manuals.class
      [FUND]      Enthält Erkennungsmuster des Java-Virus JAVA/ClassLoad.AF
  --> sunos/Support.class
      [FUND]      Enthält Erkennungsmuster des Java-Virus JAVA/ClassLo.AF.1.B
  [HINWEIS]  Eine Sicherungskopie wurde unter dem Namen 65c71c09.qua erstellt ( QUARANTÄNE )
  [HINWEIS]  Die Datei wurde gelöscht.
C:\Users\Sony User\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\28\68a9cc5c-188bb89d
  [0] Archivtyp: ZIP
  --> ________vload.class
      [FUND]      Enthält Erkennungsmuster des Java-Virus JAVA/Agent.AH
  --> vmain.class
      [FUND]      Enthält Erkennungsmuster des Exploits EXP/CVE-2008-5353.PA
  [HINWEIS]  Eine Sicherungskopie wurde unter dem Namen 203c3119.qua erstellt ( QUARANTÄNE )
  [HINWEIS]  Die Datei wurde gelöscht.
C:\Users\Sony User\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\33\30feb821-7be8da52
  [0] Archivtyp: ZIP
  --> ________vload.class
      [FUND]      Enthält Erkennungsmuster des Exploits EXP/CVE-2008-5353.KM
  --> vmain.class
      [FUND]      Enthält Erkennungsmuster des Exploits EXP/CVE-2008-5353.ND
  [HINWEIS]  Eine Sicherungskopie wurde unter dem Namen 5f220364.qua erstellt ( QUARANTÄNE )
  [HINWEIS]  Die Datei wurde gelöscht.
C:\Users\Sony User\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\37\170f8765-23c4db87
  [0] Archivtyp: ZIP
  --> vmain.class
      [FUND]      Enthält Erkennungsmuster des Java-Virus JAVA/Agent.AL.3
  [HINWEIS]  Eine Sicherungskopie wurde unter dem Namen 13e02f37.qua erstellt ( QUARANTÄNE )
  [HINWEIS]  Die Datei wurde gelöscht.
C:\Users\Sony User\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\38\706b3426-4717d0eb
  [0] Archivtyp: ZIP
  --> bpac/a$1.class
      [FUND]      Enthält Erkennungsmuster des Exploits EXP/Java.EG
  --> bpac/a.class
      [FUND]      Enthält Erkennungsmuster des Java-Virus JAVA/OpenConnect.CF
  --> bpac/b.class
      [FUND]      Enthält Erkennungsmuster des Exploits EXP/CVE-2010-0840.L
  --> bpac/KAVS.class
      [FUND]      Enthält Erkennungsmuster des Exploits EXP/CVE-2010-0840.BB
  [HINWEIS]  Eine Sicherungskopie wurde unter dem Namen 6ff26f7e.qua erstellt ( QUARANTÄNE )
  [HINWEIS]  Die Datei wurde gelöscht.
C:\Users\Sony User\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\49\1eff1eb1-611bcd93
  [0] Archivtyp: ZIP
  --> vmain.class
      [FUND]      Enthält Erkennungsmuster des Exploits EXP/CVE-2009-3867.GC
  [HINWEIS]  Eine Sicherungskopie wurde unter dem Namen 42d840fc.qua erstellt ( QUARANTÄNE )
  [HINWEIS]  Die Datei wurde gelöscht.
C:\Users\Sony User\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\52\31bba1f4-4fcf4f20
  [0] Archivtyp: ZIP
  --> vmain.class
      [FUND]      Enthält Erkennungsmuster des Exploits EXP/CVE-2009-3867.GC
  [HINWEIS]  Eine Sicherungskopie wurde unter dem Namen 5bb47baa.qua erstellt ( QUARANTÄNE )
  [HINWEIS]  Die Datei wurde gelöscht.
C:\Users\Sony User\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\53\42441975-3ff5bb5f
  [0] Archivtyp: ZIP
  --> vmain.class
      [FUND]      Enthält Erkennungsmuster des Exploits EXP/CVE-2009-3867.EH
  [HINWEIS]  Eine Sicherungskopie wurde unter dem Namen 379a5784.qua erstellt ( QUARANTÄNE )
  [HINWEIS]  Die Datei wurde gelöscht.
C:\Users\Sony User\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\58\d552d7a-448cf279
  [0] Archivtyp: ZIP
  --> vmain.class
      [FUND]      Enthält Erkennungsmuster des Java-Virus JAVA/Agent.AL.3
  [HINWEIS]  Eine Sicherungskopie wurde unter dem Namen 46246e12.qua erstellt ( QUARANTÄNE )
  [HINWEIS]  Die Datei wurde gelöscht.
C:\Users\Sony User\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\59\4eb49b7b-6939d3d5
  [0] Archivtyp: ZIP
  --> sunny/MyFiles.class
      [FUND]      Enthält Erkennungsmuster des Java-Virus JAVA/Dldr.Age.3159
  [HINWEIS]  Eine Sicherungskopie wurde unter dem Namen 484b5e05.qua erstellt ( QUARANTÄNE )
  [HINWEIS]  Die Datei wurde gelöscht.
Beginne mit der Suche in 'D:\'
Der zu durchsuchende Pfad D:\ konnte nicht geöffnet werden!
Systemfehler [21]: Das Gerät ist nicht bereit.
Beginne mit der Suche in 'E:\'
Der zu durchsuchende Pfad E:\ konnte nicht geöffnet werden!
Systemfehler [21]: Das Gerät ist nicht bereit.
Beginne mit der Suche in 'F:\'
Der zu durchsuchende Pfad F:\ konnte nicht geöffnet werden!
Systemfehler [21]: Das Gerät ist nicht bereit.


Ende des Suchlaufs: Montag, 26. Dezember 2011  00:27
Benötigte Zeit: 48:45 Minute(n)

Der Suchlauf wurde vollständig durchgeführt.

  22731 Verzeichnisse wurden überprüft
 423969 Dateien wurden geprüft
    23 Viren bzw. unerwünschte Programme wurden gefunden
      0 Dateien wurden als verdächtig eingestuft
    13 Dateien wurden gelöscht
      0 Viren bzw. unerwünschte Programme wurden repariert
    13 Dateien wurden in die Quarantäne verschoben
      0 Dateien wurden umbenannt
      0 Dateien konnten nicht durchsucht werden
 423946 Dateien ohne Befall
  2734 Archive wurden durchsucht
      2 Warnungen
    13 Hinweise
  27201 Objekte wurden beim Rootkitscan durchsucht
      0 Versteckte Objekte wurden gefunden

Danach wurden aber keine viren mehr gefunden beim durchlaufen

Sohn_des_Mondes 28.12.2011 17:33
Die Malewarelogs sind alle gleich, soll ich diese trotzdem Posten?
Sind die Logfile unauffällig?

cosinus 28.12.2011 20:48
Mach bitte ein neues OTL-Log. Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:
hier steht das Log
CustomScan mit OTL

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
Code:
netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT

Sohn_des_Mondes 28.12.2011 22:53
Ok habe es gemacht, hier die Logfiles

Code:
OTL logfile created on: 28.12.2011 22:38:22 - Run 1
OTL by OldTimer - Version 3.2.31.0    Folder = C:\Users\Sony User\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,97 Gb Total Physical Memory | 2,55 Gb Available Physical Memory | 64,32% Memory free
7,93 Gb Paging File | 6,21 Gb Available in Paging File | 78,23% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 456,28 Gb Total Space | 333,04 Gb Free Space | 72,99% Space Free | Partition Type: NTFS
 
Computer Name: SONYUSER-VAIO | User Name: Sony User | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2011.12.28 22:37:03 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Sony User\Desktop\OTL.exe
PRC - [2011.12.24 17:50:18 | 000,652,872 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2011.12.24 17:50:18 | 000,460,872 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2011.12.15 14:59:48 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2011.12.15 14:59:38 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2011.12.15 14:59:37 | 000,258,512 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2009.07.23 09:39:38 | 000,313,264 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
PRC - [2009.07.23 09:39:36 | 000,206,336 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
PRC - [2009.07.22 14:03:04 | 000,642,920 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe
PRC - [2009.07.01 10:49:34 | 000,204,648 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe
PRC - [2009.07.01 10:49:34 | 000,112,488 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe
PRC - [2009.05.26 08:23:14 | 000,317,288 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe
PRC - [2008.09.18 09:59:10 | 000,104,960 | ---- | M] (ArcSoft, Inc.) -- C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe
 
 
========== Modules (No Company Name) ==========
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - [2009.08.12 22:11:54 | 000,522,240 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Sony\VAIO Smart Network\VSNService.exe -- (VSNService)
SRV:64bit: - [2009.07.27 21:27:07 | 000,203,264 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2009.07.16 08:36:56 | 000,411,496 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Sony\VAIO Power Management\SPMService.exe -- (VAIO Power Management)
SRV:64bit: - [2009.06.26 13:56:10 | 000,357,672 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe -- (VcmINSMgr)
SRV:64bit: - [2009.06.26 13:35:04 | 000,468,264 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe -- (VcmIAlzMgr)
SRV:64bit: - [2009.06.17 17:50:30 | 000,110,888 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe -- (VcmXmlIfHelper)
SRV - [2011.12.24 17:50:18 | 000,652,872 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011.12.15 14:59:48 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2011.12.15 14:59:38 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2010.03.18 10:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2009.07.27 15:58:40 | 000,091,432 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHPlMgr.exe -- (SOHPlMgr)
SRV - [2009.07.27 15:58:38 | 000,427,304 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe -- (SOHDms)
SRV - [2009.07.27 15:58:38 | 000,075,048 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe -- (SOHDs)
SRV - [2009.07.27 15:58:38 | 000,070,952 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDBSvr.exe -- (SOHDBSvr)
SRV - [2009.07.27 15:58:36 | 000,120,104 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe -- (SOHCImp)
SRV - [2009.07.24 05:34:31 | 000,189,984 | ---- | M] (Realtek Semiconductor) [Auto | Running] -- C:\Programme\Realtek\Audio\HDA\RtkAudioService64.exe -- (RtkAudioService)
SRV - [2009.07.23 09:39:38 | 000,313,264 | ---- | M] (Sony Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe -- (Vcsw)
SRV - [2009.07.23 09:39:38 | 000,069,632 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VzHardwareResourceManager\VzHardwareResourceManager\VzHardwareResourceManager.exe -- (VAIO Entertainment TV Device Arbitration Service)
SRV - [2009.07.23 09:39:36 | 000,206,336 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe -- (VzCdbSvc)
SRV - [2009.07.22 14:03:04 | 000,642,920 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe -- (VCFw)
SRV - [2009.07.01 17:54:02 | 000,864,032 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Programme\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins)
SRV - [2009.07.01 10:49:34 | 000,204,648 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe -- (VAIO Event Service)
SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008.09.18 09:59:10 | 000,104,960 | ---- | M] (ArcSoft, Inc.) [Auto | Running] -- C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe -- (uCamMonitor)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2011.12.15 15:00:00 | 000,027,760 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr)
DRV:64bit: - [2011.12.15 14:59:59 | 000,130,760 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2011.12.15 14:59:59 | 000,097,312 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2011.12.10 15:24:08 | 000,023,152 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2010.11.20 14:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.20 14:32:47 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010.11.20 14:32:46 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2010.11.20 12:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.11.20 10:37:42 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2010.07.12 19:36:10 | 000,055,856 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2009.08.05 02:22:40 | 000,139,264 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\IntcHdmi.sys -- (IntcHdmiAddService) Intel(R)
DRV:64bit: - [2009.08.05 02:20:51 | 007,345,632 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009.08.03 21:06:34 | 000,250,928 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Apfiltr.sys -- (ApfiltrService)
DRV:64bit: - [2009.07.31 21:29:11 | 001,484,800 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2009.07.31 21:14:14 | 000,076,288 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\risdsn64.sys -- (risdptsk)
DRV:64bit: - [2009.07.31 21:13:51 | 000,086,528 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\rimssn64.sys -- (rimsptsk)
DRV:64bit: - [2009.07.31 21:02:03 | 000,393,216 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7)
DRV:64bit: - [2009.07.30 21:41:17 | 000,021,160 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwrchid.sys -- (btwrchid)
DRV:64bit: - [2009.07.30 21:41:16 | 000,132,648 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt)
DRV:64bit: - [2009.07.30 21:41:16 | 000,098,344 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio)
DRV:64bit: - [2009.07.30 21:40:45 | 000,035,104 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwl2cap.sys -- (btwl2cap)
DRV:64bit: - [2009.07.27 21:27:10 | 006,037,504 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2009.07.24 06:24:03 | 000,201,472 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtHDMIVX.sys -- (RTHDMIAzAudService)
DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.07.14 01:06:32 | 000,032,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser.sys -- (usbser)
DRV:64bit: - [2009.06.11 21:19:09 | 000,011,392 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SFEP.sys -- (SFEP)
DRV:64bit: - [2009.06.10 22:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92)
DRV:64bit: - [2009.06.10 22:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac)
DRV:64bit: - [2009.06.10 22:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA)
DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.06.05 21:04:10 | 005,435,904 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETw5v64.sys -- (netw5v64) Intel(R)
DRV:64bit: - [2009.06.04 17:54:36 | 000,408,600 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2009.05.26 13:32:04 | 000,019,968 | ---- | M] (ArcSoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ArcSoftKsUFilter.sys -- (ArcSoftKsUFilter)
DRV:64bit: - [2008.08.28 11:44:42 | 000,025,600 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\pccsmcfdx64.sys -- (pccsmcfd)
DRV:64bit: - [2008.03.17 11:06:14 | 000,115,328 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ewusbmdm.sys -- (hwdatacard)
DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default Download Directory = C:\Users\Sony User\Desktop
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = E9 42 7F 95 76 C4 CC 01  [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: ""
FF - prefs.js..browser.search.defaultthis.engineName: ""
FF - prefs.js..browser.search.defaulturl: ""
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: ""
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1
FF - prefs.js..extensions.enabledItems: {872b5b88-9db5-4310-bdd0-ac189557e5f5}:3.3.3.2
FF - prefs.js..extensions.enabledItems: {800b5000-a755-47e1-992b-48a1c1357f07}:1.1.9
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.1.94
FF - prefs.js..extensions.enabledItems: {6904342A-8307-11DF-A508-4AE2DFD72085}:2.1.1.94
FF - prefs.js..extensions.enabledItems:
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011.12.25 21:56:49 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011.12.25 22:48:51 | 000,000,000 | ---D | M]
 
[2010.05.03 18:23:16 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Sony User\AppData\Roaming\mozilla\Extensions
[2011.12.27 10:01:51 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Sony User\AppData\Roaming\mozilla\Firefox\Profiles\qzmkl14c.default\extensions
[2011.04.08 05:59:26 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Users\Sony User\AppData\Roaming\mozilla\Firefox\Profiles\qzmkl14c.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2010.08.18 21:28:53 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\Sony User\AppData\Roaming\mozilla\Firefox\Profiles\qzmkl14c.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2010.08.21 20:21:07 | 000,000,873 | ---- | M] () -- C:\Users\Sony User\AppData\Roaming\Mozilla\Firefox\Profiles\qzmkl14c.default\searchplugins\conduit.xml
[2010.12.21 14:59:20 | 000,000,950 | ---- | M] () -- C:\Users\Sony User\AppData\Roaming\Mozilla\Firefox\Profiles\qzmkl14c.default\searchplugins\icqplugin-2.xml
[2011.04.08 06:02:37 | 000,000,950 | ---- | M] () -- C:\Users\Sony User\AppData\Roaming\Mozilla\Firefox\Profiles\qzmkl14c.default\searchplugins\icqplugin-3.xml
[2011.04.08 05:59:26 | 000,000,168 | ---- | M] () -- C:\Users\Sony User\AppData\Roaming\Mozilla\Firefox\Profiles\qzmkl14c.default\searchplugins\icqplugin.gif
[2011.04.08 05:59:26 | 000,000,618 | ---- | M] () -- C:\Users\Sony User\AppData\Roaming\Mozilla\Firefox\Profiles\qzmkl14c.default\searchplugins\icqplugin.src
[2010.05.12 16:40:48 | 000,001,042 | ---- | M] () -- C:\Users\Sony User\AppData\Roaming\Mozilla\Firefox\Profiles\qzmkl14c.default\searchplugins\icqplugin.xml
[2011.12.25 22:12:56 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2010.06.27 03:20:32 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010.08.03 19:42:37 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010.11.07 01:27:09 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011.01.12 23:01:24 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011.02.21 08:10:16 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2011.12.25 22:12:56 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA}
File not found (No name found) -- C:\PROGRAM FILES (X86)\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\HTML5VIDEO
File not found (No name found) -- C:\PROGRAM FILES (X86)\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\WPA
File not found (No name found) -- C:\USERS\SONY USER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QZMKL14C.DEFAULT\EXTENSIONS\{872B5B88-9DB5-4310-BDD0-AC189557E5F5}
File not found (No name found) -- C:\USERS\SONY USER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QZMKL14C.DEFAULT\EXTENSIONS\ENGINE@CONDUIT.COM
[2011.11.10 05:54:13 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2011.04.09 11:40:26 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011.04.09 11:40:27 | 000,002,344 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2011.04.09 11:40:27 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2011.04.09 11:40:27 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2011.04.09 11:40:27 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
 
O1 HOSTS File: ([2011.12.26 11:41:02 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1      localhost
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O4:64bit: - HKLM..\Run: [Apoint] C:\Programme\Apoint\Apoint.exe (Alps Electric Co., Ltd.)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Programme\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [ISBMgr.exe] C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe (Sony Corporation)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Sony User\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8:64bit: - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html File not found
O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Sony User\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html File not found
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O9:64bit: - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: Senden an Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Senden an &Bluetooth-Gerät... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000006 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3DBEED24-4889-479C-82EC-D972CD7A8EFF}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{59F4ACDD-B2C9-4F4E-969D-FD30745D2CD0}: DhcpNameServer = 192.168.0.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O20 - Winlogon\Notify\VESWinlogon: DllName - (VESWinlogon.dll) - C:\Windows\SysWow64\VESWinlogon.dll (Sony Corporation)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
 
MsConfig:64bit - StartUpReg: MarketingTools - hkey= - key= - C:\Program Files (x86)\Sony\Marketing Tools\MarketingTools.exe (Sony Corporation)
MsConfig:64bit - StartUpReg: Sidebar - hkey= - key= - C:\Program Files\Windows Sidebar\sidebar.exe (Microsoft Corporation)
MsConfig:64bit - StartUpReg: Skytel - hkey= - key= - C:\Programme\Realtek\Audio\HDA\SkyTel.exe (Realtek Semiconductor Corp.)
 
SafeBootMin:64bit: Base - Driver Group
SafeBootMin:64bit: Boot Bus Extender - Driver Group
SafeBootMin:64bit: Boot file system - Driver Group
SafeBootMin:64bit: File system - Driver Group
SafeBootMin:64bit: Filter - Driver Group
SafeBootMin:64bit: HelpSvc - Service
SafeBootMin:64bit: PCI Configuration - Driver Group
SafeBootMin:64bit: PNP Filter - Driver Group
SafeBootMin:64bit: Primary disk - Driver Group
SafeBootMin:64bit: sacsvr - Service
SafeBootMin:64bit: SCSI Class - Driver Group
SafeBootMin:64bit: System Bus Extender - Driver Group
SafeBootMin:64bit: vmms - Service
SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
SafeBootNet:64bit: Base - Driver Group
SafeBootNet:64bit: Boot Bus Extender - Driver Group
SafeBootNet:64bit: Boot file system - Driver Group
SafeBootNet:64bit: File system - Driver Group
SafeBootNet:64bit: Filter - Driver Group
SafeBootNet:64bit: HelpSvc - Service
SafeBootNet:64bit: Messenger - Service
SafeBootNet:64bit: MpfService - Service
SafeBootNet:64bit: NDIS Wrapper - Driver Group
SafeBootNet:64bit: NetBIOSGroup - Driver Group
SafeBootNet:64bit: NetDDEGroup - Driver Group
SafeBootNet:64bit: Network - Driver Group
SafeBootNet:64bit: NetworkProvider - Driver Group
SafeBootNet:64bit: PCI Configuration - Driver Group
SafeBootNet:64bit: PNP Filter - Driver Group
SafeBootNet:64bit: PNP_TDI - Driver Group
SafeBootNet:64bit: Primary disk - Driver Group
SafeBootNet:64bit: rdsessmgr - Service
SafeBootNet:64bit: sacsvr - Service
SafeBootNet:64bit: SCSI Class - Driver Group
SafeBootNet:64bit: Streams Drivers - Driver Group
SafeBootNet:64bit: System Bus Extender - Driver Group
SafeBootNet:64bit: TDI - Driver Group
SafeBootNet:64bit: vmms - Service
SafeBootNet:64bit: WudfUsbccidDriver - Driver
SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: MpfService - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vmms - Service
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
ActiveX:64bit: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX:64bit: {0B74300D-9D18-4656-9F79-BBF0891365AF} - Bing Bar
ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4CBF8339-9F09-4213-846D-8E1C2B921451} - Desktop Icon
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{40194995-2263-49FA-93D2-0A11E13FA518} - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} -
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011.12.28 22:36:58 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Sony User\Desktop\OTL.exe
[2011.12.28 22:35:01 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2011.12.28 22:07:12 | 000,000,000 | ---D | C] -- C:\Users\Sony User\AppData\Roaming\TuneUp Software
[2011.12.28 22:06:09 | 000,000,000 | ---D | C] -- C:\ProgramData\TuneUp Software
[2011.12.28 22:05:43 | 000,000,000 | -HSD | C] -- C:\ProgramData\{32364CEA-7855-4A3C-B674-53D8E9B97936}
[2011.12.28 17:37:00 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2011.12.28 13:58:10 | 000,000,000 | ---D | C] -- C:\Users\Sony User\AppData\Local\{4501D3E9-5230-4A6C-A97B-6EB170FA2891}
[2011.12.28 13:57:46 | 000,000,000 | ---D | C] -- C:\Users\Sony User\AppData\Local\{2D915766-C378-4435-92F9-E6287D94282D}
[2011.12.28 08:51:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2011.12.27 22:03:28 | 000,000,000 | ---D | C] -- C:\Users\Sony User\AppData\Local\{F5869F0A-FF0B-4049-8FE5-64E49A325E91}
[2011.12.27 22:03:04 | 000,000,000 | ---D | C] -- C:\Users\Sony User\AppData\Local\{D133B1AF-DD03-4C3F-9496-2BA5B29FC512}
[2011.12.27 21:43:17 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\SPReview
[2011.12.27 21:41:56 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\EventProviders
[2011.12.27 20:33:11 | 000,116,224 | ---- | C] (Windows (R) Codename Longhorn DDK provider) -- C:\Windows\SysNative\fms.dll
[2011.12.27 20:32:25 | 000,093,696 | ---- | C] (Windows (R) Codename Longhorn DDK provider) -- C:\Windows\SysWow64\fms.dll
[2011.12.27 19:30:50 | 000,000,000 | ---D | C] -- C:\Windows\VDLL.DLL
[2011.12.27 19:30:50 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\runouce.exe
[2011.12.27 19:30:50 | 000,000,000 | ---D | C] -- C:\Windows\rundll16.exe
[2011.12.27 19:30:50 | 000,000,000 | ---D | C] -- C:\Windows\RUNDL132.EXE
[2011.12.27 19:30:50 | 000,000,000 | ---D | C] -- C:\Windows\logo1_.exe
[2011.12.27 19:30:50 | 000,000,000 | ---D | C] -- C:\Windows\logo_1.exe
[2011.12.27 19:22:30 | 000,034,048 | ---- | C] (MicroWorld Technologies Inc.) -- C:\Windows\SysWow64\eEmpty.exe
[2011.12.27 19:22:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\MicroWorld
[2011.12.27 19:22:22 | 000,000,000 | ---D | C] -- C:\ProgramData\MicroWorld
[2011.12.27 15:15:35 | 000,000,000 | ---D | C] -- C:\Users\Sony User\Desktop\Virus
[2011.12.27 15:10:58 | 000,000,000 | ---D | C] -- C:\Users\Sony User\AppData\Roaming\Roxio Log Files
[2011.12.27 15:08:56 | 000,000,000 | ---D | C] -- C:\Users\Sony User\AppData\Local\SvchostViewer
[2011.12.27 13:21:37 | 000,000,000 | ---D | C] -- C:\ProgramData\SecTaskMan
[2011.12.26 22:41:07 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2011.12.26 11:56:11 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2011.12.26 11:34:31 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011.12.25 22:20:28 | 000,000,000 | ---D | C] -- C:\Users\Sony User\AppData\Local\{3C11D02F-DA75-4D54-B37B-8BBA3405470A}
[2011.12.25 22:20:16 | 000,000,000 | ---D | C] -- C:\Users\Sony User\AppData\Local\{07CBAF22-9E3F-4F65-8175-5AA39A15B517}
[2011.12.25 22:18:12 | 000,000,000 | ---D | C] -- C:\Windows\PCHEALTH
[2011.12.25 22:17:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
[2011.12.25 22:17:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Silverlight
[2011.12.25 22:13:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2011.12.25 22:10:14 | 000,000,000 | ---D | C] -- C:\Users\Sony User\AppData\Roaming\Avira
[2011.12.25 22:07:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
[2011.12.25 22:07:10 | 000,130,760 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avipbb.sys
[2011.12.25 22:07:10 | 000,097,312 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avgntflt.sys
[2011.12.25 22:07:10 | 000,027,760 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avkmgr.sys
[2011.12.25 22:07:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2011.12.25 22:07:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Avira
[2011.12.25 22:04:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DVDVideoSoft
[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2011.12.28 22:40:31 | 000,009,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011.12.28 22:40:31 | 000,009,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011.12.28 22:39:18 | 001,472,002 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011.12.28 22:39:18 | 000,643,866 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2011.12.28 22:39:18 | 000,607,190 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011.12.28 22:39:18 | 000,126,394 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2011.12.28 22:39:18 | 000,103,568 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011.12.28 22:37:03 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Sony User\Desktop\OTL.exe
[2011.12.28 22:31:48 | 000,065,536 | ---- | M] () -- C:\Windows\SysNative\Ikeext.etl
[2011.12.28 22:31:40 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.12.28 22:31:37 | 3195,293,696 | -HS- | M] () -- C:\hiberfil.sys
[2011.12.28 22:31:04 | 000,003,288 | ---- | M] () -- C:\bootsqm.dat
[2011.12.28 20:16:02 | 000,000,240 | ---- | M] () -- C:\Windows\SysWow64\~.inf
[2011.12.28 08:20:54 | 000,446,816 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2011.12.27 22:39:07 | 000,044,578 | ---- | M] () -- C:\Users\Sony User\Documents\pinfect.zip
[2011.12.27 21:52:36 | 000,008,718 | ---- | M] () -- C:\Users\Sony User\AppData\Roaming\wklnhst.dat
[2011.12.27 19:30:50 | 000,000,054 | ---- | M] () -- C:\Windows\Lic.xxx
[2011.12.27 19:22:29 | 000,034,048 | ---- | M] (MicroWorld Technologies Inc.) -- C:\Windows\SysWow64\eEmpty.exe
[2011.12.27 15:12:03 | 000,000,181 | ---- | M] () -- C:\Windows\WININIT.INI
[2011.12.26 11:41:02 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2011.12.15 15:00:00 | 000,027,760 | ---- | M] (Avira GmbH) -- C:\Windows\SysNative\drivers\avkmgr.sys
[2011.12.15 14:59:59 | 000,130,760 | ---- | M] (Avira GmbH) -- C:\Windows\SysNative\drivers\avipbb.sys
[2011.12.15 14:59:59 | 000,097,312 | ---- | M] (Avira GmbH) -- C:\Windows\SysNative\drivers\avgntflt.sys
[2011.12.10 15:24:08 | 000,023,152 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2011.12.28 22:31:04 | 000,003,288 | ---- | C] () -- C:\bootsqm.dat
[2011.12.28 20:14:56 | 000,000,240 | ---- | C] () -- C:\Windows\SysWow64\~.inf
[2011.12.27 22:39:07 | 000,044,578 | ---- | C] () -- C:\Users\Sony User\Documents\pinfect.zip
[2011.12.27 20:34:51 | 000,347,904 | ---- | C] () -- C:\Windows\SysNative\systemsf.ebd
[2011.12.27 20:31:47 | 000,010,429 | ---- | C] () -- C:\Windows\SysNative\ScavengeSpace.xml
[2011.12.27 20:31:23 | 000,105,559 | ---- | C] () -- C:\Windows\SysWow64\RacRules.xml
[2011.12.27 20:31:23 | 000,105,559 | ---- | C] () -- C:\Windows\SysNative\RacRules.xml
[2011.12.27 20:30:31 | 000,001,041 | ---- | C] () -- C:\Windows\SysWow64\tcpbidi.xml
[2011.12.27 19:22:47 | 000,000,054 | ---- | C] () -- C:\Windows\Lic.xxx
[2011.12.27 15:12:03 | 000,000,181 | ---- | C] () -- C:\Windows\WININIT.INI
[2011.12.25 22:19:24 | 000,002,486 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Messenger.lnk
[2010.07.25 08:39:33 | 000,008,192 | ---- | C] () -- C:\Users\Sony User\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.04.05 19:37:57 | 000,008,718 | ---- | C] () -- C:\Users\Sony User\AppData\Roaming\wklnhst.dat
[2009.12.20 18:02:09 | 000,027,639 | ---- | C] () -- C:\Users\Sony User\AppData\Roaming\UserTile.png
[2009.09.06 09:32:41 | 000,000,000 | ---- | C] () -- C:\Windows\VAIOUpdt.INI
[2009.09.06 09:07:13 | 000,002,835 | ---- | C] () -- C:\Windows\SysWow64\McOEMAppRules.dat
[2009.08.17 21:11:49 | 000,982,220 | ---- | C] () -- C:\Windows\SysWow64\igkrng500.bin
[2009.08.17 21:11:46 | 000,134,592 | ---- | C] () -- C:\Windows\SysWow64\igfcg500.bin
[2009.08.17 21:11:46 | 000,092,216 | ---- | C] () -- C:\Windows\SysWow64\igfcg500m.bin
[2009.08.17 21:11:44 | 000,439,300 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng500.bin
[2009.08.17 13:27:21 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2009.07.14 06:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009.07.14 03:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009.07.14 03:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009.07.14 01:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009.07.14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009.07.13 22:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009.06.10 22:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
 
========== LOP Check ==========
 
[2011.12.25 22:04:18 | 000,000,000 | ---D | M] -- C:\Users\Sony User\AppData\Roaming\DVDVideoSoftIEHelpers
[2011.04.11 10:31:47 | 000,000,000 | ---D | M] -- C:\Users\Sony User\AppData\Roaming\ICQ
[2011.01.10 18:52:54 | 000,000,000 | ---D | M] -- C:\Users\Sony User\AppData\Roaming\PC Suite
[2010.04.05 19:39:02 | 000,000,000 | ---D | M] -- C:\Users\Sony User\AppData\Roaming\Template
[2011.12.28 22:07:12 | 000,000,000 | ---D | M] -- C:\Users\Sony User\AppData\Roaming\TuneUp Software
[2009.11.24 15:01:22 | 000,000,000 | ---D | M] -- C:\Users\Sony User\AppData\Roaming\Vodafone
[2011.04.13 08:21:19 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2009.12.08 04:31:56 | 000,000,000 | ---D | M] -- C:\Users\Sony User\AppData\Roaming\Adobe
[2011.04.17 22:38:27 | 000,000,000 | ---D | M] -- C:\Users\Sony User\AppData\Roaming\Apple Computer
[2009.12.27 19:26:40 | 000,000,000 | ---D | M] -- C:\Users\Sony User\AppData\Roaming\ArcSoft
[2009.10.22 09:12:26 | 000,000,000 | ---D | M] -- C:\Users\Sony User\AppData\Roaming\ATI
[2011.12.25 22:10:14 | 000,000,000 | ---D | M] -- C:\Users\Sony User\AppData\Roaming\Avira
[2011.04.17 14:44:04 | 000,000,000 | ---D | M] -- C:\Users\Sony User\AppData\Roaming\DivX
[2011.12.25 22:04:18 | 000,000,000 | ---D | M] -- C:\Users\Sony User\AppData\Roaming\DVDVideoSoftIEHelpers
[2009.10.23 10:26:24 | 000,000,000 | ---D | M] -- C:\Users\Sony User\AppData\Roaming\Google
[2011.04.11 10:31:47 | 000,000,000 | ---D | M] -- C:\Users\Sony User\AppData\Roaming\ICQ
[2009.10.22 09:09:39 | 000,000,000 | ---D | M] -- C:\Users\Sony User\AppData\Roaming\Identities
[2009.11.24 15:26:49 | 000,000,000 | ---D | M] -- C:\Users\Sony User\AppData\Roaming\Macromedia
[2010.06.27 03:20:28 | 000,000,000 | ---D | M] -- C:\Users\Sony User\AppData\Roaming\Malwarebytes
[2009.07.14 19:18:18 | 000,000,000 | ---D | M] -- C:\Users\Sony User\AppData\Roaming\Media Center Programs
[2010.10.05 14:38:44 | 000,000,000 | --SD | M] -- C:\Users\Sony User\AppData\Roaming\Microsoft
[2010.05.03 18:23:16 | 000,000,000 | ---D | M] -- C:\Users\Sony User\AppData\Roaming\Mozilla
[2011.01.10 18:52:54 | 000,000,000 | ---D | M] -- C:\Users\Sony User\AppData\Roaming\PC Suite
[2011.12.27 15:10:58 | 000,000,000 | ---D | M] -- C:\Users\Sony User\AppData\Roaming\Roxio Log Files
[2010.09.23 00:10:27 | 000,000,000 | ---D | M] -- C:\Users\Sony User\AppData\Roaming\Sony Corporation
[2010.04.05 19:39:02 | 000,000,000 | ---D | M] -- C:\Users\Sony User\AppData\Roaming\Template
[2011.12.28 22:07:12 | 000,000,000 | ---D | M] -- C:\Users\Sony User\AppData\Roaming\TuneUp Software
[2009.11.24 15:01:22 | 000,000,000 | ---D | M] -- C:\Users\Sony User\AppData\Roaming\Vodafone
[2010.06.22 21:56:05 | 000,000,000 | ---D | M] -- C:\Users\Sony User\AppData\Roaming\WinRAR
 
< %APPDATA%\*.exe /s >
 
< %SYSTEMDRIVE%\*.exe >
 
 
< MD5 for: AGP440.SYS  >
[2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\drivers\AGP440.sys
[2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_a2f120466549d68b\AGP440.sys
[2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\AGP440.sys
[2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\ERDNT\cache64\atapi.sys
[2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys
[2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys
[2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys
[2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\ERDNT\cache86\cngaudit.dll
[2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll
[2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
[2009.07.14 02:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\ERDNT\cache64\cngaudit.dll
[2009.07.14 02:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\SysNative\cngaudit.dll
[2009.07.14 02:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll
 
< MD5 for: IASTOR.SYS  >
[2009.06.04 17:54:36 | 000,408,600 | ---- | M] (Intel Corporation) MD5=1D004CB1DA6323B1F55CAEF7F94B61D9 -- C:\Windows\SysNative\drivers\iaStor.sys
 
< MD5 for: IASTORV.SYS  >
[2010.11.20 14:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\SysNative\drivers\iaStorV.sys
[2010.11.20 14:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_668286aa35d55928\iaStorV.sys
[2010.11.20 14:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_0d3757e79e6784d0\iaStorV.sys
[2009.07.14 02:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_0b06441fa1790136\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2009.07.14 02:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\ERDNT\cache64\netlogon.dll
[2009.07.14 02:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_59aca8ea51aaeefe\netlogon.dll
[2010.11.20 14:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\SysNative\netlogon.dll
[2010.11.20 14:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298\netlogon.dll
[2010.11.20 13:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SysWOW64\netlogon.dll
[2010.11.20 13:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_6632670482fa3493\netlogon.dll
[2009.07.14 02:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\ERDNT\cache86\netlogon.dll
[2009.07.14 02:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_6401533c860bb0f9\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2009.07.14 02:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_95cfb4ced8afab0e\nvstor.sys
[2010.11.20 14:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\SysNative\drivers\nvstor.sys
[2010.11.20 14:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_dd659ed032d28a14\nvstor.sys
[2010.11.20 14:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2009.07.14 02:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\ERDNT\cache86\scecli.dll
[2009.07.14 02:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9e577e55272d37b4\scecli.dll
[2009.07.14 02:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\ERDNT\cache64\scecli.dll
[2009.07.14 02:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9402d402f2cc75b9\scecli.dll
[2010.11.20 13:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SysWOW64\scecli.dll
[2010.11.20 13:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll
[2010.11.20 14:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\SysNative\scecli.dll
[2010.11.20 14:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll
 
< MD5 for: USER32.DLL  >
[2010.11.20 13:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\SysWOW64\user32.dll
[2010.11.20 13:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll
[2009.07.14 02:41:56 | 001,008,640 | ---- | M] (Microsoft Corporation) MD5=72D7B3EA16946E8F0CF7458150031CC6 -- C:\Windows\ERDNT\cache64\user32.dll
[2009.07.14 02:41:56 | 001,008,640 | ---- | M] (Microsoft Corporation) MD5=72D7B3EA16946E8F0CF7458150031CC6 -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_292d5de8870d85d9\user32.dll
[2009.07.14 02:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- C:\Windows\ERDNT\cache86\user32.dll
[2009.07.14 02:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_3382083abb6e47d4\user32.dll
[2010.11.20 14:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\SysNative\user32.dll
[2010.11.20 14:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2010.11.20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010.11.20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009.07.14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\ERDNT\cache86\userinit.exe
[2009.07.14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2009.07.14 02:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\ERDNT\cache64\userinit.exe
[2009.07.14 02:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe
[2010.11.20 14:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe
[2010.11.20 14:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe
 
< MD5 for: WININIT.EXE  >
[2009.07.14 02:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\ERDNT\cache64\wininit.exe
[2009.07.14 02:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\SysNative\wininit.exe
[2009.07.14 02:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_8ce7aa761e01ad49\wininit.exe
[2009.07.14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\ERDNT\cache86\wininit.exe
[2009.07.14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\SysWOW64\wininit.exe
[2009.07.14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2010.11.20 14:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe
[2010.11.20 14:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2009.07.14 02:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[2009.10.28 08:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
[2011.12.24 17:50:20 | 000,182,856 | ---- | M] () MD5=B382935AB01B27D0E14F267DBF288896 -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2009.10.28 07:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\ERDNT\cache64\winlogon.exe
[2009.10.28 07:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2009.07.14 01:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\SysNative\drivers\ws2ifsl.sys
[2009.07.14 01:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_ab7b927be17eace8\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
[1 C:\Windows\system32\*.tmp files -> C:\Windows\system32\*.tmp -> ]
 
<          >

< End of report >
Logfile 2

Code:
OTL Extras logfile created on: 28.12.2011 22:38:22 - Run 1
OTL by OldTimer - Version 3.2.31.0    Folder = C:\Users\Sony User\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,97 Gb Total Physical Memory | 2,55 Gb Available Physical Memory | 64,32% Memory free
7,93 Gb Paging File | 6,21 Gb Available in Paging File | 78,23% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 456,28 Gb Total Space | 333,04 Gb Free Space | 72,99% Space Free | Partition Type: NTFS
 
Computer Name: SONYUSER-VAIO | User Name: Sony User | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- Reg Error: Key error. File not found
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L"
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L"
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
========== Firewall Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{180C8888-50F1-426B-A9DC-AB83A1989C65}" = Windows Live Language Selector
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{26A24AE4-039D-4CA4-87B4-2F86416014FF}" = Java(TM) 6 Update 14 (64-bit)
"{4D668D4F-FAA2-4726-834C-31F4614F312E}" = MSVC80_x64_v2
"{8AA7EE74-114A-FFFF-B1D2-AED4707763C9}" = ccc-utility64
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}" = WIDCOMM Bluetooth Software
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Alps Pointing-device for VAIO
"{A4BC24CB-F8C7-27FB-41D5-47A405031A41}" = ATI Catalyst Install Manager
"{AB071C8B-873C-459F-ACA9-9EBE03C3E89B}" = MSVC90_x64
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{F83779DF-E1F5-43A2-A7BE-732F856FADB7}" = Microsoft SQL Server Compact 3.5 SP1 x64 English
"CCleaner" = CCleaner
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{0271C003-CED0-2354-818F-A872734088B1}" = CCC Help Dutch
"{0899D75A-C2FC-42EA-A702-5B9A5F24EAD5}" = VAIO Smart Network
"{0A5F02E5-1A52-4F85-892C-A35227641C75}" = VAIO Content Metadata Intelligent Analyzing Manager
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{14291118-0C19-45EA-A4FA-5C1C0F5FDE09}" = Primo
"{1BA1DBDC-5431-46FD-A66F-A17EB1C439EE}" = Windows Live Messenger
"{1E40FED6-E0D6-0AA2-BA08-75B6C1E2D02F}" = CCC Help Swedish
"{1FE69600-3A33-FFFF-C488-F3E40DBC2F68}" = CCC Help Czech
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{2018C019-30D9-4240-8C01-0865C10DCF5A}" = Unterstützung für VAIO-Präsentation
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 30
"{2BE51320-174A-44EC-8041-50E35E091283}" = VAIO Content Metadata Intelligent Analyzing Manager
"{2FC5CB84-9110-DE89-379B-34E87AB8BDC1}" = CCC Help Italian
"{3662480D-028D-BE4E-DEC1-775818519CC2}" = CCC Help Norwegian
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{3B1168DE-1F8C-471C-AC49-0CA52F096170}" = VAIO Content Metadata Intelligent Network Service Manager
"{3BA4FBA3-35EE-3E3B-62D8-606AF0722950}" = ccc-core-static
"{48E29469-216B-1AE3-B156-A2DAA48E709E}" = Catalyst Control Center InstallProxy
"{48E91AD2-2A80-4E70-98E6-450A189F6048}" = VAIO Movie Story
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4D029068-CE21-848B-5654-1409E47507BB}" = CCC Help Chinese Traditional
"{4DCEA9C1-4D6E-41BF-A854-28CFA8B56DBF}" = Click to Disc Editor
"{4E7FD54B-D551-70C1-CEE7-88FD59BE8063}" = CCC Help English
"{51BEF30C-58E4-490F-BA40-A2F12AB8B5F9}" = VAIO Content Metadata Manager Settings
"{51CFD8DC-5C66-42ec-9598-72E28FD62ED5}" = MusicStation
"{52AF7D37-EECF-535F-5226-E0DD16543CD1}" = CCC Help Thai
"{54108D57-A606-774B-BA31-6C9363B0B33A}" = Catalyst Control Center Graphics Light
"{5449FB4F-1802-4D5B-A6D8-087DB1142147}" = Realtek HDMI Audio Driver for ATI
"{575E77D1-29E9-28EC-7D28-F5ABAB72C270}" = Catalyst Control Center Graphics Full Existing
"{57AABF73-E17F-4212-A103-13A9794F0869}" = VAIO Content Metadata XML Interface Library
"{57B955CE-B5D3-495D-AF1B-FAEE0540BFEF}" = VAIO Data Restore Tool
"{596BED91-A1D8-4DF1-8CD1-1C777F7588AC}" = VAIO DVD Menu Data Basic
"{5DDAFB4B-C52E-468A-9E23-3B0CEEB671BF}" = VAIO-Support für Übertragungen
"{5F2D882B-A663-4EB5-9851-48CC6C75FD2D}" = VAIO Content Metadata Intelligent Network Service Manager
"{5F5867F0-2D23-4338-A206-01A76C823924}" = VAIO Energie Verwaltung
"{62F7DA7E-CCCB-439C-A760-00C3926E761F}" = Microsoft Works
"{6529B443-1BD5-D7D3-7DAF-D6AD2C98C38A}" = CCC Help Finnish
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{68A69CFF-130D-4CDE-AB0E-7374ECB144C8}" = Click to Disc
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6B1F20F2-6321-4669-A58C-33DF8E7517FF}" = VAIO Entertainment Platform
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{6FA8BA2C-052B-4072-B8E2-2302C268BE9E}" = VAIO Movie Story Template Data
"{70991E0A-1108-437E-BA7D-085702C670C0}" =
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{72042FA6-5609-489F-A8EA-3C2DD650F667}" = VAIO Control Center
"{73330752-80F1-65AE-721D-8AA10AEFF99B}" = CCC Help Turkish
"{7395DD51-0D1A-47A7-9993-742073ECF4CE}" = VAIO Content Metadata Manager Settings
"{73C6DCFB-B606-47F3-BDFA-9A4FBF931E37}" = ICQ7.4
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7A512C74-7780-43A1-93DA-29C23D0DF374}" = VAIO Content Metadata XML Interface Library
"{7BB90344-0647-468E-925A-7F69F7983421}" = ArcSoft Magic-i Visual Effects 2
"{7E1D9B1F-A5AE-737C-E0BC-96C42D19E2CC}" = CCC Help Russian
"{7E8DE539-B044-48B3-BC76-4F0A089ABE2F}" = VAIO Content Metadata Intelligent Analyzing Manager
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{83CDA18E-0BF3-4ACA-872C-B4CDABF2360E}" = VAIO Update 4
"{876172CF-1095-181F-B037-6A713235417F}" = Catalyst Control Center Graphics Previews Vista
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8AFAF619-1FD7-71BD-26F1-8EED9C1C8A8D}" = Catalyst Control Center Graphics Previews Common
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8DE50158-80AA-4FF2-9E9F-0A7C46F71FCD}" = VAIO Media plus
"{8EE47674-9AD3-B099-C6E4-7FB9F0D14D38}" = CCC Help Spanish
"{8F47B673-8D71-49E3-98B6-BCF547C82F57}" = Click to Disc
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{E64BA721-2310-4B55-BE5A-2925F9706192}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{E64BA721-2310-4B55-BE5A-2925F9706192}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002A-0407-1000-0000000FF1CE}_HOMESTUDENTR_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{9238E8A4-BEBA-43A3-B926-769BDBF194C5}" = VAIO Media plus Opening Movie
"{931FE23C-BB40-4C7A-A594-DB35908D8E83}" = VAIO Quick Web Access
"{949419DF-F4AF-4693-B60A-522B24F233C6}" = VAIO Content Metadata XML Interface Library
"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)
"{95140000-007A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{96D0B6C6-5A72-4B47-8583-A87E55F5FE81}" =
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B00435C-61FA-BB7F-4B7A-98FCC4881C3F}" = CCC Help French
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D179733-28AD-DF80-B74A-5A0F9FD4E332}" = CCC Help Japanese
"{9D912275-85FD-45F6-9AF3-388A0F8AADB2}" = VAIO Content Metadata Intelligent Network Service Manager
"{9E39EA0D-38CD-4739-9E28-DEA4A1155522}" = Sony Home Network Library
"{9EAC0E21-510E-4259-A9C6-F5D5B8969036}" = Catalyst Control Center - Branding
"{A1432157-D6B5-BD3C-42C8-E54BEED3EB0E}" = CCC Help Korean
"{A63E7492-A0BC-4BB9-89A7-352965222380}" = VAIO Original Funktion Einstellungen
"{A7C30414-2382-4086-B0D6-01A88ABA21C3}" = VAIO Gate
"{A7DA438C-2E43-4C20-BFDA-C1F4A6208558}" = Setting Utility Series
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AB30697D-E02D-2FD7-2EF4-E60887B4B22E}" = CCC Help Chinese Standard
"{AC76BA86-7AD7-1031-7B44-A94000000001}" = Adobe Reader 9.4.7 - Deutsch
"{ACE78B09-BD0C-E6A4-1250-2482B5A126B8}" = Catalyst Control Center Graphics Full New
"{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86
"{B25563A0-41F4-4A81-A6C1-6DBC0911B1F3}" = VAIO Movie Story
"{B2A7278B-6D98-8640-760B-3D34485D1AD6}" = CCC Help Portuguese
"{BBA68DFD-AA0F-2CD0-932A-17442B41A350}" = CCC Help Danish
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections
"{C7477742-DDB4-43E5-AC8D-0259E1E661B1}" = VAIO Event Service
"{CE2121C6-C94D-4A73-8EA4-6943F33EE335}" = Music Transfer
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D03D02D8-AB64-4785-A48E-5AA8B0FB8C14}" = Sony Home Network Library
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D5068583-D569-468B-9755-5FBF5848F46F}" = Sony Picture Utility
"{D60F97EC-EF06-4E1E-B0D1-C2CBABA62FA3}" = VAIO Wallpaper Contents
"{D8AE7D4E-BA8B-4F7B-BF50-8D2F090034F0}" = VAIO Content Metadata Intelligent Analyzing Manager
"{DABF43D9-1104-4764-927B-5BED1274A3B0}" = Runtime
"{DE8AAC73-6D8D-483E-96EA-CAEDDADB9079}" = ArcSoft WebCam Companion 3
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E23CBEC5-533E-054A-4109-95751B7C3A81}" = CCC Help German
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{E59113EB-0285-4BFD-A37A-B79EAC6B8F4B}" = Microsoft SQL Server Compact 3.5 SP1 English
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
"{F0A034FE-0951-EF71-145E-F0DF36F5A203}" = Catalyst Control Center Core Implementation
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F0F05BDF-4AE4-096C-C8E9-4B4DAD2DE13D}" = CCC Help Polish
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F1432614-6183-49E6-98E8-674485463CFE}" = VAIO Original Function Settings
"{F3C91479-BDAC-4B42-0B7B-54D37EB63A12}" = CCC Help Hungarian
"{F52EE3CE-A6B2-63E2-9445-EC92EEC1FB90}" = Catalyst Control Center Localization All
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FB77DB0C-6951-47B6-9D80-A0FDBEE0334C}" =
"{FBBF5D9C-1989-4933-AE4E-19EE368385B4}" = VAIO Entertainment Platform
"{FC55ADF1-53B6-269F-92F7-413AB697EE48}" = CCC Help Greek
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Avira AntiVir Desktop" = Avira Free Antivirus
"ENTERPRISE" = Microsoft Office Enterprise 2007
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.10.14.1206
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"InstallShield_{4DCEA9C1-4D6E-41BF-A854-28CFA8B56DBF}" = Click to Disc Editor
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.60.0.1800
"MarketingTools" = VAIO Marketing Tools
"MFU Module" =
"Mozilla Firefox (3.6.16)" = Mozilla Firefox (3.6.16)
"splashtop" = VAIO Quick Web Access
"Uninstall_is1" = Uninstall 1.0.0.1
"VAIO Help and Support" =
"VAIO NW screensaver" = VAIO NW screensaver
"VAIO Premium Partners 1.00" = VAIO Premium Partners 1.00
"WinLiveSuite" = Windows Live Essentials
"WinRAR archiver" = WinRAR
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 28.12.2011 12:50:09 | Computer Name = SonyUser-VAIO | Source = Windows Search Service | ID = 3028
Description =
 
Error - 28.12.2011 12:50:09 | Computer Name = SonyUser-VAIO | Source = Windows Search Service | ID = 3058
Description =
 
Error - 28.12.2011 12:50:09 | Computer Name = SonyUser-VAIO | Source = Windows Search Service | ID = 7010
Description =
 
Error - 28.12.2011 15:30:30 | Computer Name = SonyUser-VAIO | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Windows\Installer\{62F7DA7E-CCCB-439C-A760-00C3926E761F}\WksWP.exe".
Die
 abhängige Assemblierung "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 28.12.2011 15:30:50 | Computer Name = SonyUser-VAIO | Source = VzCdbSvc | ID = 7
Description = Das Plug-In-Modul konnte nicht geladen werden. (GUID = {56F9312C-C989-4E04-8C23-299DEE3A36F5})
 (Fehlercode = 0x80042019)
 
Error - 28.12.2011 17:07:40 | Computer Name = SonyUser-VAIO | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Windows\Installer\{62F7DA7E-CCCB-439C-A760-00C3926E761F}\WksWP.exe".
Die
 abhängige Assemblierung "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 28.12.2011 17:07:41 | Computer Name = SonyUser-VAIO | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Windows\Installer\{62F7DA7E-CCCB-439C-A760-00C3926E761F}\WksWP.exe".
Die
 abhängige Assemblierung "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 28.12.2011 17:32:24 | Computer Name = SonyUser-VAIO | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Windows\Installer\{62F7DA7E-CCCB-439C-A760-00C3926E761F}\WksWP.exe".
Die
 abhängige Assemblierung "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 28.12.2011 17:32:45 | Computer Name = SonyUser-VAIO | Source = VzCdbSvc | ID = 7
Description = Das Plug-In-Modul konnte nicht geladen werden. (GUID = {56F9312C-C989-4E04-8C23-299DEE3A36F5})
 (Fehlercode = 0x80042019)
 
Error - 28.12.2011 17:35:09 | Computer Name = SonyUser-VAIO | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Windows\Installer\{62F7DA7E-CCCB-439C-A760-00C3926E761F}\WksWP.exe".
Die
 abhängige Assemblierung "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
[ System Events ]
Error - 28.12.2011 12:48:20 | Computer Name = SonyUser-VAIO | Source = atikmdag | ID = 43029
Description = Display is not active
 
Error - 28.12.2011 12:50:09 | Computer Name = SonyUser-VAIO | Source = Service Control Manager | ID = 7024
Description = Der Dienst "Windows Search" wurde mit folgendem dienstspezifischem
 Fehler beendet: %%-1073473535.
 
Error - 28.12.2011 12:50:09 | Computer Name = SonyUser-VAIO | Source = Service Control Manager | ID = 7031
Description = Der Dienst "Windows Search" wurde unerwartet beendet. Dies ist bereits
 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 30000 Millisekunden durchgeführt:
 Neustart des Diensts.
 
Error - 28.12.2011 15:02:15 | Computer Name = SonyUser-VAIO | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
 von Dienst Wlansvc erreicht.
 
Error - 28.12.2011 15:02:16 | Computer Name = SonyUser-VAIO | Source = atikmdag | ID = 43029
Description = Display is not active
 
Error - 28.12.2011 15:29:39 | Computer Name = SonyUser-VAIO | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?28.?12.?2011 um 20:24:40 unerwartet heruntergefahren.
 
Error - 28.12.2011 15:29:37 | Computer Name = SonyUser-VAIO | Source = atikmdag | ID = 52236
Description = CPLIB :: General - Invalid Parameter
 
Error - 28.12.2011 15:29:37 | Computer Name = SonyUser-VAIO | Source = atikmdag | ID = 43029
Description = Display is not active
 
Error - 28.12.2011 17:31:39 | Computer Name = SonyUser-VAIO | Source = atikmdag | ID = 52236
Description = CPLIB :: General - Invalid Parameter
 
Error - 28.12.2011 17:31:39 | Computer Name = SonyUser-VAIO | Source = atikmdag | ID = 43029
Description = Display is not active
 
 
< End of report >

cosinus 28.12.2011 23:45
Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:
:OTL
[2011.04.08 05:59:26 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Users\Sony User\AppData\Roaming\mozilla\Firefox\Profiles\qzmkl14c.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2010.08.18 21:28:53 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\Sony User\AppData\Roaming\mozilla\Firefox\Profiles\qzmkl14c.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2010.08.21 20:21:07 | 000,000,873 | ---- | M] () -- C:\Users\Sony User\AppData\Roaming\Mozilla\Firefox\Profiles\qzmkl14c.default\searchplugins\conduit.xml
[2010.12.21 14:59:20 | 000,000,950 | ---- | M] () -- C:\Users\Sony User\AppData\Roaming\Mozilla\Firefox\Profiles\qzmkl14c.default\searchplugins\icqplugin-2.xml
[2011.04.08 06:02:37 | 000,000,950 | ---- | M] () -- C:\Users\Sony User\AppData\Roaming\Mozilla\Firefox\Profiles\qzmkl14c.default\searchplugins\icqplugin-3.xml
[2011.04.08 05:59:26 | 000,000,168 | ---- | M] () -- C:\Users\Sony User\AppData\Roaming\Mozilla\Firefox\Profiles\qzmkl14c.default\searchplugins\icqplugin.gif
[2011.04.08 05:59:26 | 000,000,618 | ---- | M] () -- C:\Users\Sony User\AppData\Roaming\Mozilla\Firefox\Profiles\qzmkl14c.default\searchplugins\icqplugin.src
[2010.05.12 16:40:48 | 000,001,042 | ---- | M] () -- C:\Users\Sony User\AppData\Roaming\Mozilla\Firefox\Profiles\qzmkl14c.default\searchplugins\icqplugin.xml
[2011.12.27 19:30:50 | 000,000,000 | ---D | C] -- C:\Windows\VDLL.DLL
[2011.12.27 19:30:50 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\runouce.exe
[2011.12.27 19:30:50 | 000,000,000 | ---D | C] -- C:\Windows\rundll16.exe
[2011.12.27 19:30:50 | 000,000,000 | ---D | C] -- C:\Windows\RUNDL132.EXE
[2011.12.27 19:30:50 | 000,000,000 | ---D | C] -- C:\Windows\logo1_.exe
[2011.12.27 19:30:50 | 000,000,000 | ---D | C] -- C:\Windows\logo_1.exe
[2011.12.27 19:22:30 | 000,034,048 | ---- | C] (MicroWorld Technologies Inc.) -- C:\Windows\SysWow64\eEmpty.exe
[2011.12.28 20:16:02 | 000,000,240 | ---- | M] () -- C:\Windows\SysWow64\~.inf
[2011.12.27 22:39:07 | 000,044,578 | ---- | M] () -- C:\Users\Sony User\Documents\pinfect.zip
:Commands
[emptytemp]
[resethosts]
Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!

Sohn_des_Mondes 29.12.2011 08:56
Habe ich gemacht, hier der Logfile

Code:
All processes killed
========== OTL ==========
C:\Users\Sony User\AppData\Roaming\mozilla\Firefox\Profiles\qzmkl14c.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\search_engine folder moved successfully.
C:\Users\Sony User\AppData\Roaming\mozilla\Firefox\Profiles\qzmkl14c.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\META-INF folder moved successfully.
C:\Users\Sony User\AppData\Roaming\mozilla\Firefox\Profiles\qzmkl14c.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\defaults\preferences folder moved successfully.
C:\Users\Sony User\AppData\Roaming\mozilla\Firefox\Profiles\qzmkl14c.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\defaults folder moved successfully.
C:\Users\Sony User\AppData\Roaming\mozilla\Firefox\Profiles\qzmkl14c.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\components folder moved successfully.
C:\Users\Sony User\AppData\Roaming\mozilla\Firefox\Profiles\qzmkl14c.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\skin folder moved successfully.
C:\Users\Sony User\AppData\Roaming\mozilla\Firefox\Profiles\qzmkl14c.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\tr folder moved successfully.
C:\Users\Sony User\AppData\Roaming\mozilla\Firefox\Profiles\qzmkl14c.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\sk folder moved successfully.
C:\Users\Sony User\AppData\Roaming\mozilla\Firefox\Profiles\qzmkl14c.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\ru folder moved successfully.
C:\Users\Sony User\AppData\Roaming\mozilla\Firefox\Profiles\qzmkl14c.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\it folder moved successfully.
C:\Users\Sony User\AppData\Roaming\mozilla\Firefox\Profiles\qzmkl14c.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\he folder moved successfully.
C:\Users\Sony User\AppData\Roaming\mozilla\Firefox\Profiles\qzmkl14c.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\fr folder moved successfully.
C:\Users\Sony User\AppData\Roaming\mozilla\Firefox\Profiles\qzmkl14c.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\es folder moved successfully.
C:\Users\Sony User\AppData\Roaming\mozilla\Firefox\Profiles\qzmkl14c.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\en-US folder moved successfully.
C:\Users\Sony User\AppData\Roaming\mozilla\Firefox\Profiles\qzmkl14c.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\de folder moved successfully.
C:\Users\Sony User\AppData\Roaming\mozilla\Firefox\Profiles\qzmkl14c.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\cs folder moved successfully.
C:\Users\Sony User\AppData\Roaming\mozilla\Firefox\Profiles\qzmkl14c.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\bg folder moved successfully.
C:\Users\Sony User\AppData\Roaming\mozilla\Firefox\Profiles\qzmkl14c.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale folder moved successfully.
C:\Users\Sony User\AppData\Roaming\mozilla\Firefox\Profiles\qzmkl14c.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\content\img folder moved successfully.
C:\Users\Sony User\AppData\Roaming\mozilla\Firefox\Profiles\qzmkl14c.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\content folder moved successfully.
C:\Users\Sony User\AppData\Roaming\mozilla\Firefox\Profiles\qzmkl14c.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome folder moved successfully.
C:\Users\Sony User\AppData\Roaming\mozilla\Firefox\Profiles\qzmkl14c.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07} folder moved successfully.
C:\Users\Sony User\AppData\Roaming\mozilla\Firefox\Profiles\qzmkl14c.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}\chrome folder moved successfully.
C:\Users\Sony User\AppData\Roaming\mozilla\Firefox\Profiles\qzmkl14c.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} folder moved successfully.
C:\Users\Sony User\AppData\Roaming\Mozilla\Firefox\Profiles\qzmkl14c.default\searchplugins\conduit.xml moved successfully.
C:\Users\Sony User\AppData\Roaming\Mozilla\Firefox\Profiles\qzmkl14c.default\searchplugins\icqplugin-2.xml moved successfully.
C:\Users\Sony User\AppData\Roaming\Mozilla\Firefox\Profiles\qzmkl14c.default\searchplugins\icqplugin-3.xml moved successfully.
C:\Users\Sony User\AppData\Roaming\Mozilla\Firefox\Profiles\qzmkl14c.default\searchplugins\icqplugin.gif moved successfully.
C:\Users\Sony User\AppData\Roaming\Mozilla\Firefox\Profiles\qzmkl14c.default\searchplugins\icqplugin.src moved successfully.
C:\Users\Sony User\AppData\Roaming\Mozilla\Firefox\Profiles\qzmkl14c.default\searchplugins\icqplugin.xml moved successfully.
C:\Windows\VDLL.DLL folder moved successfully.
C:\Windows\SysWow64\runouce.exe folder moved successfully.
C:\Windows\rundll16.exe folder moved successfully.
C:\Windows\RUNDL132.EXE folder moved successfully.
C:\Windows\logo1_.exe folder moved successfully.
C:\Windows\logo_1.exe folder moved successfully.
C:\Windows\SysWOW64\eEmpty.exe moved successfully.
C:\Windows\SysWOW64\~.inf moved successfully.
C:\Users\Sony User\Documents\pinfect.zip moved successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Public
->Temp folder emptied: 0 bytes
 
User: Sony User
->Temp folder emptied: 5117326 bytes
->Temporary Internet Files folder emptied: 15260828 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 470 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 3648624 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 524896 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50434 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 23,00 mb
 
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
OTL by OldTimer - Version 3.2.31.0 log created on 12292011_085007

Files\Folders moved on Reboot...
C:\Users\Sony User\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

Registry entries deleted on Reboot...

Sohn_des_Mondes 29.12.2011 09:04
Von Malewarebytes kam die Meldung das es wieder gestoppt wurde, trotz des fixen.

cosinus 29.12.2011 16:11
Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.
Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C:) nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!

http://saved.im/mtkwmtcxexhp/setting...8_16-25-18.jpg


Falls du durch die Infektion auf deine Dokumente/Eigenen Dateien nicht zugreifen kannst, Verknüpfungen auf dem Desktop oder im Startmenü unter "alle Programme" fehlen, bitte unhide ausführen:
Downloade dir bitte unhide.exe und speichere diese Datei auf deinem Desktop.
Starte das Tool und es sollten alle Dateien und Ordner wieder sichtbar sein. ( Könnte eine Weile dauern )
http://www.trojaner-board.de/images/icons/icon4.gif Windows-Vista und Windows-7-User müssen das Tool per Rechtsklick als Administrator ausführen! http://www.trojaner-board.de/images/icons/icon4.gif

Sohn_des_Mondes 29.12.2011 20:15
So hier der Logfile


Code:
20:12:26.0286 2504        TDSS rootkit removing tool 2.6.25.0 Dec 23 2011 14:51:16
20:12:27.0736 2504        ============================================================
20:12:27.0736 2504        Current date / time: 2011/12/29 20:12:27.0736
20:12:27.0736 2504        SystemInfo:
20:12:27.0736 2504       
20:12:27.0736 2504        OS Version: 6.1.7601 ServicePack: 1.0
20:12:27.0736 2504        Product type: Workstation
20:12:27.0736 2504        ComputerName: SONYUSER-VAIO
20:12:27.0736 2504        UserName: Sony User
20:12:27.0736 2504        Windows directory: C:\Windows
20:12:27.0736 2504        System windows directory: C:\Windows
20:12:27.0736 2504        Running under WOW64
20:12:27.0736 2504        Processor architecture: Intel x64
20:12:27.0736 2504        Number of processors: 2
20:12:27.0736 2504        Page size: 0x1000
20:12:27.0736 2504        Boot type: Normal boot
20:12:27.0736 2504        ============================================================
20:12:32.0557 2504        Initialize success
20:12:53.0461 4932        ============================================================
20:12:53.0461 4932        Scan started
20:12:53.0461 4932        Mode: Manual; SigCheck; TDLFS;
20:12:53.0461 4932        ============================================================
20:12:55.0052 4932        1394ohci        (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
20:12:55.0208 4932        1394ohci - ok
20:12:55.0271 4932        ACPI            (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
20:12:55.0286 4932        ACPI - ok
20:12:55.0317 4932        AcpiPmi        (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
20:12:55.0411 4932        AcpiPmi - ok
20:12:55.0458 4932        adp94xx        (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
20:12:55.0505 4932        adp94xx - ok
20:12:55.0536 4932        adpahci        (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
20:12:55.0551 4932        adpahci - ok
20:12:55.0614 4932        adpu320        (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
20:12:55.0645 4932        adpu320 - ok
20:12:55.0707 4932        AFD            (d5b031c308a409a0a576bff4cf083d30) C:\Windows\system32\drivers\afd.sys
20:12:55.0801 4932        AFD - ok
20:12:55.0848 4932        agp440          (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
20:12:55.0879 4932        agp440 - ok
20:12:55.0895 4932        aliide          (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
20:12:55.0910 4932        aliide - ok
20:12:55.0957 4932        amdide          (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
20:12:55.0988 4932        amdide - ok
20:12:56.0019 4932        AmdK8          (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
20:12:56.0097 4932        AmdK8 - ok
20:12:56.0113 4932        AmdPPM          (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
20:12:56.0175 4932        AmdPPM - ok
20:12:56.0238 4932        amdsata        (6ec6d772eae38dc17c14aed9b178d24b) C:\Windows\system32\drivers\amdsata.sys
20:12:56.0269 4932        amdsata - ok
20:12:56.0300 4932        amdsbs          (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
20:12:56.0331 4932        amdsbs - ok
20:12:56.0363 4932        amdxata        (1142a21db581a84ea5597b03a26ebaa0) C:\Windows\system32\drivers\amdxata.sys
20:12:56.0378 4932        amdxata - ok
20:12:56.0487 4932        ApfiltrService  (56bd886820c4aedf493cfcdf1ccfb004) C:\Windows\system32\DRIVERS\Apfiltr.sys
20:12:56.0565 4932        ApfiltrService - ok
20:12:56.0643 4932        AppID          (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
20:12:56.0831 4932        AppID - ok
20:12:56.0971 4932        arc            (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
20:12:57.0002 4932        arc - ok
20:12:57.0033 4932        arcsas          (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
20:12:57.0065 4932        arcsas - ok
20:12:57.0111 4932        ArcSoftKsUFilter (c130bc4a51b1382b2be8e44579ec4c0a) C:\Windows\system32\DRIVERS\ArcSoftKsUFilter.sys
20:12:57.0143 4932        ArcSoftKsUFilter - ok
20:12:57.0174 4932        AsyncMac        (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
20:12:57.0377 4932        AsyncMac - ok
20:12:57.0501 4932        atapi          (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
20:12:57.0517 4932        atapi - ok
20:12:57.0626 4932        athr            (5d4529ac4156e16bedb01441ae0cf984) C:\Windows\system32\DRIVERS\athrx.sys
20:12:57.0751 4932        athr - ok
20:12:57.0938 4932        atikmdag        (de0ede41bc530f1759c6fffcb8c7a0cf) C:\Windows\system32\DRIVERS\atikmdag.sys
20:12:58.0219 4932        atikmdag - ok
20:12:58.0375 4932        avgntflt        (aa8f79a1bdfc03b3bc70c44ab00589b4) C:\Windows\system32\DRIVERS\avgntflt.sys
20:12:58.0406 4932        avgntflt - ok
20:12:58.0469 4932        avipbb          (f1c9db5f7b2a56a0b29667d22ba540fc) C:\Windows\system32\DRIVERS\avipbb.sys
20:12:58.0500 4932        avipbb - ok
20:12:58.0562 4932        avkmgr          (248db59fc86de44d2779f4c7fb1a567d) C:\Windows\system32\DRIVERS\avkmgr.sys
20:12:58.0578 4932        avkmgr - ok
20:12:58.0671 4932        b06bdrv        (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
20:12:58.0749 4932        b06bdrv - ok
20:12:58.0812 4932        b57nd60a        (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
20:12:58.0890 4932        b57nd60a - ok
20:12:58.0921 4932        Beep            (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
20:12:59.0015 4932        Beep - ok
20:12:59.0077 4932        blbdrive        (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
20:12:59.0108 4932        blbdrive - ok
20:12:59.0171 4932        bowser          (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
20:12:59.0249 4932        bowser - ok
20:12:59.0311 4932        BrFiltLo        (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
20:12:59.0405 4932        BrFiltLo - ok
20:12:59.0436 4932        BrFiltUp        (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
20:12:59.0467 4932        BrFiltUp - ok
20:12:59.0514 4932        Brserid        (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
20:12:59.0592 4932        Brserid - ok
20:12:59.0654 4932        BrSerWdm        (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
20:12:59.0701 4932        BrSerWdm - ok
20:12:59.0748 4932        BrUsbMdm        (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
20:12:59.0795 4932        BrUsbMdm - ok
20:12:59.0841 4932        BrUsbSer        (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
20:12:59.0873 4932        BrUsbSer - ok
20:12:59.0951 4932        BthEnum        (cf98190a94f62e405c8cb255018b2315) C:\Windows\system32\drivers\BthEnum.sys
20:13:00.0013 4932        BthEnum - ok
20:13:00.0060 4932        BTHMODEM        (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
20:13:00.0107 4932        BTHMODEM - ok
20:13:00.0138 4932        BthPan          (02dd601b708dd0667e1331fa8518e9ff) C:\Windows\system32\DRIVERS\bthpan.sys
20:13:00.0216 4932        BthPan - ok
20:13:00.0263 4932        BTHPORT        (64c198198501f7560ee41d8d1efa7952) C:\Windows\System32\Drivers\BTHport.sys
20:13:00.0325 4932        BTHPORT - ok
20:13:00.0372 4932        BTHUSB          (f188b7394d81010767b6df3178519a37) C:\Windows\System32\Drivers\BTHUSB.sys
20:13:00.0434 4932        BTHUSB - ok
20:13:00.0481 4932        btwaudio        (6bcfdc2b5b7f66d484486d4bd4b39a6b) C:\Windows\system32\drivers\btwaudio.sys
20:13:00.0512 4932        btwaudio - ok
20:13:00.0559 4932        btwavdt        (82dc8b7c626e526681c1bebed2bc3ff9) C:\Windows\system32\DRIVERS\btwavdt.sys
20:13:00.0575 4932        btwavdt - ok
20:13:00.0637 4932        btwl2cap        (6149301dc3f81d6f9667a3fbac410975) C:\Windows\system32\DRIVERS\btwl2cap.sys
20:13:00.0637 4932        btwl2cap - ok
20:13:00.0668 4932        btwrchid        (28e105ad3b79f440bf94780f507bf66a) C:\Windows\system32\DRIVERS\btwrchid.sys
20:13:00.0684 4932        btwrchid - ok
20:13:00.0731 4932        cdfs            (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
20:13:00.0809 4932        cdfs - ok
20:13:00.0871 4932        cdrom          (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\drivers\cdrom.sys
20:13:00.0949 4932        cdrom - ok
20:13:00.0996 4932        circlass        (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
20:13:01.0089 4932        circlass - ok
20:13:01.0121 4932        CLFS            (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
20:13:01.0136 4932        CLFS - ok
20:13:01.0183 4932        CmBatt          (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
20:13:01.0214 4932        CmBatt - ok
20:13:01.0261 4932        cmdide          (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
20:13:01.0277 4932        cmdide - ok
20:13:01.0323 4932        CNG            (d5fea92400f12412b3922087c09da6a5) C:\Windows\system32\Drivers\cng.sys
20:13:01.0386 4932        CNG - ok
20:13:01.0417 4932        Compbatt        (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
20:13:01.0448 4932        Compbatt - ok
20:13:01.0495 4932        CompositeBus    (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
20:13:01.0557 4932        CompositeBus - ok
20:13:01.0573 4932        crcdisk        (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
20:13:01.0589 4932        crcdisk - ok
20:13:01.0698 4932        DfsC            (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
20:13:01.0760 4932        DfsC - ok
20:13:01.0807 4932        discache        (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
20:13:01.0869 4932        discache - ok
20:13:01.0932 4932        Disk            (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
20:13:01.0963 4932        Disk - ok
20:13:02.0010 4932        drmkaud        (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
20:13:02.0057 4932        drmkaud - ok
20:13:02.0119 4932        DXGKrnl        (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
20:13:02.0150 4932        DXGKrnl - ok
20:13:02.0259 4932        ebdrv          (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
20:13:02.0369 4932        ebdrv - ok
20:13:02.0540 4932        elxstor        (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
20:13:02.0571 4932        elxstor - ok
20:13:02.0634 4932        ErrDev          (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
20:13:02.0696 4932        ErrDev - ok
20:13:02.0790 4932        exfat          (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
20:13:02.0883 4932        exfat - ok
20:13:02.0961 4932        fastfat        (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
20:13:03.0024 4932        fastfat - ok
20:13:03.0258 4932        fdc            (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
20:13:03.0305 4932        fdc - ok
20:13:03.0414 4932        FileInfo        (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
20:13:03.0429 4932        FileInfo - ok
20:13:03.0445 4932        Filetrace      (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
20:13:03.0507 4932        Filetrace - ok
20:13:03.0554 4932        flpydisk        (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
20:13:03.0570 4932        flpydisk - ok
20:13:03.0632 4932        FltMgr          (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
20:13:03.0663 4932        FltMgr - ok
20:13:03.0710 4932        FsDepends      (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
20:13:03.0726 4932        FsDepends - ok
20:13:03.0741 4932        Fs_Rec          (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
20:13:03.0757 4932        Fs_Rec - ok
20:13:03.0804 4932        fvevol          (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
20:13:03.0819 4932        fvevol - ok
20:13:03.0882 4932        gagp30kx        (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
20:13:03.0913 4932        gagp30kx - ok
20:13:04.0007 4932        hcw85cir        (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
20:13:04.0069 4932        hcw85cir - ok
20:13:04.0131 4932        HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
20:13:04.0178 4932        HdAudAddService - ok
20:13:04.0225 4932        HDAudBus        (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
20:13:04.0272 4932        HDAudBus - ok
20:13:04.0303 4932        HidBatt        (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
20:13:04.0350 4932        HidBatt - ok
20:13:04.0397 4932        HidBth          (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
20:13:04.0443 4932        HidBth - ok
20:13:04.0490 4932        HidIr          (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
20:13:04.0537 4932        HidIr - ok
20:13:04.0615 4932        HidUsb          (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\drivers\hidusb.sys
20:13:04.0677 4932        HidUsb - ok
20:13:04.0740 4932        HpSAMD          (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
20:13:04.0771 4932        HpSAMD - ok
20:13:04.0833 4932        HTTP            (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
20:13:04.0927 4932        HTTP - ok
20:13:05.0005 4932        hwdatacard      (c8f3119ad72a507d12ef389df4c266ef) C:\Windows\system32\DRIVERS\ewusbmdm.sys
20:13:05.0052 4932        hwdatacard - ok
20:13:05.0099 4932        hwpolicy        (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
20:13:05.0130 4932        hwpolicy - ok
20:13:05.0177 4932        i8042prt        (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
20:13:05.0208 4932        i8042prt - ok
20:13:05.0270 4932        iaStor          (1d004cb1da6323b1f55caef7f94b61d9) C:\Windows\system32\DRIVERS\iaStor.sys
20:13:05.0301 4932        iaStor - ok
20:13:05.0348 4932        iaStorV        (3df4395a7cf8b7a72a5f4606366b8c2d) C:\Windows\system32\drivers\iaStorV.sys
20:13:05.0364 4932        iaStorV - ok
20:13:05.0551 4932        igfx            (dfeaf0a1d98d397035012c8e28d1520f) C:\Windows\system32\DRIVERS\igdkmd64.sys
20:13:05.0847 4932        igfx ( UnsignedFile.Multi.Generic ) - warning
20:13:05.0847 4932        igfx - detected UnsignedFile.Multi.Generic (1)
20:13:05.0972 4932        iirsp          (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
20:13:05.0988 4932        iirsp - ok
20:13:06.0081 4932        IntcAzAudAddService (b16fc828ce7a76a8f1ce682e6ead2627) C:\Windows\system32\drivers\RTKVHD64.sys
20:13:06.0144 4932        IntcAzAudAddService - ok
20:13:06.0206 4932        IntcHdmiAddService (88a20fa54c73ded4e8dac764e9130ae9) C:\Windows\system32\drivers\IntcHdmi.sys
20:13:06.0222 4932        IntcHdmiAddService ( UnsignedFile.Multi.Generic ) - warning
20:13:06.0222 4932        IntcHdmiAddService - detected UnsignedFile.Multi.Generic (1)
20:13:06.0269 4932        intelide        (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
20:13:06.0284 4932        intelide - ok
20:13:06.0331 4932        intelppm        (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
20:13:06.0378 4932        intelppm - ok
20:13:06.0456 4932        IpFilterDriver  (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
20:13:06.0534 4932        IpFilterDriver - ok
20:13:06.0565 4932        IPMIDRV        (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
20:13:06.0581 4932        IPMIDRV - ok
20:13:06.0643 4932        IPNAT          (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
20:13:06.0721 4932        IPNAT - ok
20:13:06.0768 4932        IRENUM          (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
20:13:06.0799 4932        IRENUM - ok
20:13:06.0846 4932        isapnp          (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
20:13:06.0877 4932        isapnp - ok
20:13:06.0924 4932        iScsiPrt        (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
20:13:06.0955 4932        iScsiPrt - ok
20:13:06.0986 4932        kbdclass        (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys
20:13:07.0002 4932        kbdclass - ok
20:13:07.0049 4932        kbdhid          (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys
20:13:07.0095 4932        kbdhid - ok
20:13:07.0142 4932        KSecDD          (ccd53b5bd33ce0c889e830d839c8b66e) C:\Windows\system32\Drivers\ksecdd.sys
20:13:07.0158 4932        KSecDD - ok
20:13:07.0205 4932        KSecPkg        (9ff918a261752c12639e8ad4208d2c2f) C:\Windows\system32\Drivers\ksecpkg.sys
20:13:07.0236 4932        KSecPkg - ok
20:13:07.0267 4932        ksthunk        (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
20:13:07.0345 4932        ksthunk - ok
20:13:07.0407 4932        lltdio          (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
20:13:07.0485 4932        lltdio - ok
20:13:07.0532 4932        LSI_FC          (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
20:13:07.0548 4932        LSI_FC - ok
20:13:07.0579 4932        LSI_SAS        (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
20:13:07.0595 4932        LSI_SAS - ok
20:13:07.0641 4932        LSI_SAS2        (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
20:13:07.0657 4932        LSI_SAS2 - ok
20:13:07.0688 4932        LSI_SCSI        (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
20:13:07.0704 4932        LSI_SCSI - ok
20:13:07.0766 4932        luafv          (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
20:13:07.0829 4932        luafv - ok
20:13:07.0891 4932        MBAMProtector  (79da94b35371b9e7104460c7693dcb2c) C:\Windows\system32\drivers\mbam.sys
20:13:07.0907 4932        MBAMProtector - ok
20:13:07.0953 4932        megasas        (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
20:13:07.0985 4932        megasas - ok
20:13:08.0016 4932        MegaSR          (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
20:13:08.0063 4932        MegaSR - ok
20:13:08.0125 4932        Modem          (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
20:13:08.0172 4932        Modem - ok
20:13:08.0203 4932        monitor        (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
20:13:08.0250 4932        monitor - ok
20:13:08.0312 4932        mouclass        (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\drivers\mouclass.sys
20:13:08.0343 4932        mouclass - ok
20:13:08.0390 4932        mouhid          (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
20:13:08.0437 4932        mouhid - ok
20:13:08.0484 4932        mountmgr        (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
20:13:08.0515 4932        mountmgr - ok
20:13:08.0562 4932        mpio            (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
20:13:08.0593 4932        mpio - ok
20:13:08.0640 4932        mpsdrv          (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
20:13:08.0733 4932        mpsdrv - ok
20:13:08.0780 4932        MRxDAV          (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
20:13:08.0889 4932        MRxDAV - ok
20:13:08.0921 4932        mrxsmb          (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
20:13:08.0983 4932        mrxsmb - ok
20:13:09.0014 4932        mrxsmb10        (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
20:13:09.0061 4932        mrxsmb10 - ok
20:13:09.0108 4932        mrxsmb20        (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
20:13:09.0123 4932        mrxsmb20 - ok
20:13:09.0170 4932        msahci          (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
20:13:09.0186 4932        msahci - ok
20:13:09.0217 4932        msdsm          (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
20:13:09.0248 4932        msdsm - ok
20:13:09.0295 4932        Msfs            (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
20:13:09.0357 4932        Msfs - ok
20:13:09.0389 4932        mshidkmdf      (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
20:13:09.0435 4932        mshidkmdf - ok
20:13:09.0482 4932        msisadrv        (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
20:13:09.0498 4932        msisadrv - ok
20:13:09.0545 4932        MSKSSRV        (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
20:13:09.0623 4932        MSKSSRV - ok
20:13:09.0654 4932        MSPCLOCK        (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
20:13:09.0716 4932        MSPCLOCK - ok
20:13:09.0747 4932        MSPQM          (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
20:13:09.0841 4932        MSPQM - ok
20:13:09.0888 4932        MsRPC          (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
20:13:09.0919 4932        MsRPC - ok
20:13:09.0966 4932        mssmbios        (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
20:13:09.0981 4932        mssmbios - ok
20:13:09.0997 4932        MSTEE          (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
20:13:10.0059 4932        MSTEE - ok
20:13:10.0106 4932        MTConfig        (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
20:13:10.0153 4932        MTConfig - ok
20:13:10.0184 4932        Mup            (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
20:13:10.0215 4932        Mup - ok
20:13:10.0278 4932        NativeWifiP    (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
20:13:10.0340 4932        NativeWifiP - ok
20:13:10.0418 4932        NDIS            (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
20:13:10.0449 4932        NDIS - ok
20:13:10.0496 4932        NdisCap        (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
20:13:10.0527 4932        NdisCap - ok
20:13:10.0574 4932        NdisTapi        (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
20:13:10.0637 4932        NdisTapi - ok
20:13:10.0683 4932        Ndisuio        (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
20:13:10.0746 4932        Ndisuio - ok
20:13:10.0808 4932        NdisWan        (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
20:13:10.0886 4932        NdisWan - ok
20:13:10.0917 4932        NDProxy        (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
20:13:10.0995 4932        NDProxy - ok
20:13:11.0058 4932        NetBIOS        (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
20:13:11.0136 4932        NetBIOS - ok
20:13:11.0183 4932        NetBT          (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
20:13:11.0229 4932        NetBT - ok
20:13:11.0401 4932        netw5v64        (705283c02177809ca9fa7cc58a4f1e77) C:\Windows\system32\DRIVERS\netw5v64.sys
20:13:11.0635 4932        netw5v64 - ok
20:13:11.0744 4932        nfrd960        (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
20:13:11.0760 4932        nfrd960 - ok
20:13:11.0822 4932        Npfs            (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
20:13:11.0900 4932        Npfs - ok
20:13:11.0931 4932        nsiproxy        (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
20:13:11.0978 4932        nsiproxy - ok
20:13:12.0056 4932        Ntfs            (05d78aa5cb5f3f5c31160bdb955d0b7c) C:\Windows\system32\drivers\Ntfs.sys
20:13:12.0119 4932        Ntfs - ok
20:13:12.0134 4932        Null            (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
20:13:12.0181 4932        Null - ok
20:13:12.0243 4932        nvraid          (5d9fd91f3d38dc9da01e3cb5fa89cd48) C:\Windows\system32\drivers\nvraid.sys
20:13:12.0275 4932        nvraid - ok
20:13:12.0290 4932        nvstor          (f7cd50fe7139f07e77da8ac8033d1832) C:\Windows\system32\drivers\nvstor.sys
20:13:12.0306 4932        nvstor - ok
20:13:12.0337 4932        nv_agp          (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
20:13:12.0353 4932        nv_agp - ok
20:13:12.0399 4932        ohci1394        (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
20:13:12.0431 4932        ohci1394 - ok
20:13:12.0493 4932        Parport        (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
20:13:12.0524 4932        Parport - ok
20:13:12.0571 4932        partmgr        (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
20:13:12.0602 4932        partmgr - ok
20:13:12.0680 4932        pccsmcfd        (bc0018c2d29f655188a0ed3fa94fdb24) C:\Windows\system32\DRIVERS\pccsmcfdx64.sys
20:13:12.0758 4932        pccsmcfd - ok
20:13:12.0805 4932        pci            (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
20:13:12.0836 4932        pci - ok
20:13:12.0852 4932        pciide          (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
20:13:12.0867 4932        pciide - ok
20:13:12.0899 4932        pcmcia          (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
20:13:12.0914 4932        pcmcia - ok
20:13:12.0961 4932        pcw            (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
20:13:12.0977 4932        pcw - ok
20:13:13.0008 4932        PEAUTH          (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
20:13:13.0070 4932        PEAUTH - ok
20:13:13.0179 4932        PptpMiniport    (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
20:13:13.0242 4932        PptpMiniport - ok
20:13:13.0289 4932        Processor      (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
20:13:13.0335 4932        Processor - ok
20:13:13.0398 4932        Psched          (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
20:13:13.0476 4932        Psched - ok
20:13:13.0523 4932        PxHlpa64        (87b04878a6d59d6c79251dc960c674c1) C:\Windows\system32\Drivers\PxHlpa64.sys
20:13:13.0538 4932        PxHlpa64 - ok
20:13:13.0601 4932        ql2300          (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
20:13:13.0647 4932        ql2300 - ok
20:13:13.0679 4932        ql40xx          (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
20:13:13.0694 4932        ql40xx - ok
20:13:13.0741 4932        QWAVEdrv        (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
20:13:13.0788 4932        QWAVEdrv - ok
20:13:13.0819 4932        RasAcd          (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
20:13:13.0866 4932        RasAcd - ok
20:13:13.0913 4932        RasAgileVpn    (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
20:13:13.0944 4932        RasAgileVpn - ok
20:13:14.0006 4932        Rasl2tp        (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
20:13:14.0069 4932        Rasl2tp - ok
20:13:14.0115 4932        RasPppoe        (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
20:13:14.0193 4932        RasPppoe - ok
20:13:14.0209 4932        RasSstp        (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
20:13:14.0256 4932        RasSstp - ok
20:13:14.0318 4932        rdbss          (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
20:13:14.0412 4932        rdbss - ok
20:13:14.0443 4932        rdpbus          (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
20:13:14.0505 4932        rdpbus - ok
20:13:14.0521 4932        RDPCDD          (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
20:13:14.0568 4932        RDPCDD - ok
20:13:14.0599 4932        RDPENCDD        (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
20:13:14.0661 4932        RDPENCDD - ok
20:13:14.0693 4932        RDPREFMP        (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
20:13:14.0724 4932        RDPREFMP - ok
20:13:14.0771 4932        RDPWD          (15b66c206b5cb095bab980553f38ed23) C:\Windows\system32\drivers\RDPWD.sys
20:13:14.0817 4932        RDPWD - ok
20:13:14.0864 4932        rdyboost        (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
20:13:14.0911 4932        rdyboost - ok
20:13:14.0942 4932        RFCOMM          (3dd798846e2c28102b922c56e71b7932) C:\Windows\system32\DRIVERS\rfcomm.sys
20:13:14.0989 4932        RFCOMM - ok
20:13:15.0036 4932        rimsptsk        (258aadb43e3f3468b5cf8cb0f84872c2) C:\Windows\system32\DRIVERS\rimssn64.sys
20:13:15.0098 4932        rimsptsk - ok
20:13:15.0145 4932        risdptsk        (71e182a0de1cecb3f912960716345405) C:\Windows\system32\DRIVERS\risdsn64.sys
20:13:15.0207 4932        risdptsk - ok
20:13:15.0254 4932        rspndr          (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
20:13:15.0317 4932        rspndr - ok
20:13:15.0379 4932        RTHDMIAzAudService (34f05c417f038ffa3bef69b798d7d7dd) C:\Windows\system32\drivers\RtHDMIVX.sys
20:13:15.0457 4932        RTHDMIAzAudService - ok
20:13:15.0504 4932        sbp2port        (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
20:13:15.0535 4932        sbp2port - ok
20:13:15.0582 4932        scfilter        (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
20:13:15.0660 4932        scfilter - ok
20:13:15.0738 4932        sdbus          (111e0ebc0ad79cb0fa014b907b231cf0) C:\Windows\system32\drivers\sdbus.sys
20:13:15.0785 4932        sdbus - ok
20:13:15.0831 4932        secdrv          (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
20:13:15.0878 4932        secdrv - ok
20:13:15.0925 4932        Serenum        (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
20:13:15.0956 4932        Serenum - ok
20:13:15.0987 4932        Serial          (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
20:13:16.0034 4932        Serial - ok
20:13:16.0097 4932        sermouse        (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
20:13:16.0128 4932        sermouse - ok
20:13:16.0206 4932        SFEP            (70f9c476b62de4f2823e918a6c181ade) C:\Windows\system32\DRIVERS\SFEP.sys
20:13:16.0253 4932        SFEP - ok
20:13:16.0299 4932        sffdisk        (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
20:13:16.0346 4932        sffdisk - ok
20:13:16.0362 4932        sffp_mmc        (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
20:13:16.0393 4932        sffp_mmc - ok
20:13:16.0409 4932        sffp_sd        (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
20:13:16.0424 4932        sffp_sd - ok
20:13:16.0487 4932        sfloppy        (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
20:13:16.0533 4932        sfloppy - ok
20:13:16.0611 4932        SiSRaid2        (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
20:13:16.0643 4932        SiSRaid2 - ok
20:13:16.0674 4932        SiSRaid4        (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
20:13:16.0689 4932        SiSRaid4 - ok
20:13:16.0736 4932        Smb            (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
20:13:16.0814 4932        Smb - ok
20:13:16.0877 4932        spldr          (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
20:13:16.0892 4932        spldr - ok
20:13:16.0955 4932        srv            (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
20:13:17.0033 4932        srv - ok
20:13:17.0064 4932        srv2            (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
20:13:17.0111 4932        srv2 - ok
20:13:17.0173 4932        SrvHsfHDA      (0c4540311e11664b245a263e1154cef8) C:\Windows\system32\DRIVERS\VSTAZL6.SYS
20:13:17.0220 4932        SrvHsfHDA - ok
20:13:17.0251 4932        SrvHsfV92      (02071d207a9858fbe3a48cbfd59c4a04) C:\Windows\system32\DRIVERS\VSTDPV6.SYS
20:13:17.0313 4932        SrvHsfV92 - ok
20:13:17.0360 4932        SrvHsfWinac    (18e40c245dbfaf36fd0134a7ef2df396) C:\Windows\system32\DRIVERS\VSTCNXT6.SYS
20:13:17.0391 4932        SrvHsfWinac - ok
20:13:17.0438 4932        srvnet          (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
20:13:17.0485 4932        srvnet - ok
20:13:17.0532 4932        stexstor        (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
20:13:17.0563 4932        stexstor - ok
20:13:17.0610 4932        swenum          (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
20:13:17.0625 4932        swenum - ok
20:13:17.0781 4932        Tcpip          (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys
20:13:17.0875 4932        Tcpip - ok
20:13:17.0984 4932        TCPIP6          (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys
20:13:18.0047 4932        TCPIP6 - ok
20:13:18.0093 4932        tcpipreg        (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
20:13:18.0140 4932        tcpipreg - ok
20:13:18.0187 4932        TDPIPE          (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
20:13:18.0218 4932        TDPIPE - ok
20:13:18.0234 4932        TDTCP          (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
20:13:18.0281 4932        TDTCP - ok
20:13:18.0327 4932        tdx            (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
20:13:18.0374 4932        tdx - ok
20:13:18.0421 4932        TermDD          (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
20:13:18.0437 4932        TermDD - ok
20:13:18.0499 4932        tssecsrv        (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
20:13:18.0561 4932        tssecsrv - ok
20:13:18.0608 4932        TsUsbFlt        (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
20:13:18.0655 4932        TsUsbFlt - ok
20:13:18.0717 4932        tunnel          (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
20:13:18.0795 4932        tunnel - ok
20:13:18.0827 4932        uagp35          (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
20:13:18.0858 4932        uagp35 - ok
20:13:18.0936 4932        udfs            (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
20:13:18.0998 4932        udfs - ok
20:13:19.0045 4932        uliagpkx        (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
20:13:19.0061 4932        uliagpkx - ok
20:13:19.0107 4932        umbus          (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
20:13:19.0123 4932        umbus - ok
20:13:19.0154 4932        UmPass          (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
20:13:19.0185 4932        UmPass - ok
20:13:19.0232 4932        usbccgp        (481dff26b4dca8f4cbac1f7dce1d6829) C:\Windows\system32\drivers\usbccgp.sys
20:13:19.0279 4932        usbccgp - ok
20:13:19.0341 4932        usbcir          (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
20:13:19.0404 4932        usbcir - ok
20:13:19.0451 4932        usbehci        (74ee782b1d9c241efe425565854c661c) C:\Windows\system32\drivers\usbehci.sys
20:13:19.0497 4932        usbehci - ok
20:13:19.0529 4932        usbhub          (dc96bd9ccb8403251bcf25047573558e) C:\Windows\system32\drivers\usbhub.sys
20:13:19.0575 4932        usbhub - ok
20:13:19.0607 4932        usbohci        (58e546bbaf87664fc57e0f6081e4f609) C:\Windows\system32\drivers\usbohci.sys
20:13:19.0622 4932        usbohci - ok
20:13:19.0653 4932        usbprint        (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
20:13:19.0700 4932        usbprint - ok
20:13:19.0778 4932        usbser          (0f0c72a657c622286013788b886968ad) C:\Windows\system32\drivers\usbser.sys
20:13:19.0825 4932        usbser - ok
20:13:19.0872 4932        USBSTOR        (d76510cfa0fc09023077f22c2f979d86) C:\Windows\system32\drivers\USBSTOR.SYS
20:13:19.0919 4932        USBSTOR - ok
20:13:19.0965 4932        usbuhci        (81fb2216d3a60d1284455d511797db3d) C:\Windows\system32\drivers\usbuhci.sys
20:13:19.0981 4932        usbuhci - ok
20:13:20.0028 4932        usbvideo        (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\System32\Drivers\usbvideo.sys
20:13:20.0059 4932        usbvideo - ok
20:13:20.0137 4932        vdrvroot        (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
20:13:20.0168 4932        vdrvroot - ok
20:13:20.0199 4932        vga            (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
20:13:20.0231 4932        vga - ok
20:13:20.0246 4932        VgaSave        (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
20:13:20.0324 4932        VgaSave - ok
20:13:20.0371 4932        vhdmp          (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
20:13:20.0402 4932        vhdmp - ok
20:13:20.0449 4932        viaide          (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
20:13:20.0465 4932        viaide - ok
20:13:20.0496 4932        volmgr          (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
20:13:20.0511 4932        volmgr - ok
20:13:20.0558 4932        volmgrx        (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
20:13:20.0589 4932        volmgrx - ok
20:13:20.0621 4932        volsnap        (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
20:13:20.0636 4932        volsnap - ok
20:13:20.0683 4932        vsmraid        (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
20:13:20.0699 4932        vsmraid - ok
20:13:20.0745 4932        vwifibus        (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
20:13:20.0777 4932        vwifibus - ok
20:13:20.0792 4932        vwififlt        (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
20:13:20.0808 4932        vwififlt - ok
20:13:20.0855 4932        WacomPen        (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
20:13:20.0901 4932        WacomPen - ok
20:13:20.0964 4932        WANARP          (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
20:13:21.0042 4932        WANARP - ok
20:13:21.0042 4932        Wanarpv6        (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
20:13:21.0089 4932        Wanarpv6 - ok
20:13:21.0135 4932        Wd              (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
20:13:21.0167 4932        Wd - ok
20:13:21.0198 4932        Wdf01000        (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
20:13:21.0245 4932        Wdf01000 - ok
20:13:21.0291 4932        WfpLwf          (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
20:13:21.0323 4932        WfpLwf - ok
20:13:21.0354 4932        WIMMount        (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
20:13:21.0369 4932        WIMMount - ok
20:13:21.0463 4932        WinUsb          (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
20:13:21.0510 4932        WinUsb - ok
20:13:21.0572 4932        WmiAcpi        (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
20:13:21.0603 4932        WmiAcpi - ok
20:13:21.0650 4932        ws2ifsl        (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
20:13:21.0681 4932        ws2ifsl - ok
20:13:21.0728 4932        WudfPf          (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
20:13:21.0791 4932        WudfPf - ok
20:13:21.0822 4932        WUDFRd          (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
20:13:21.0869 4932        WUDFRd - ok
20:13:21.0947 4932        yukonw7        (6affd75c6807b3dd3ab018e27b88ef95) C:\Windows\system32\DRIVERS\yk62x64.sys
20:13:22.0025 4932        yukonw7 - ok
20:13:22.0071 4932        MBR (0x1B8)    (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
20:13:22.0243 4932        \Device\Harddisk0\DR0 - ok
20:13:22.0243 4932        Boot (0x1200)  (6c8ada99bd4e47d432ebc96f110acc66) \Device\Harddisk0\DR0\Partition0
20:13:22.0243 4932        \Device\Harddisk0\DR0\Partition0 - ok
20:13:22.0274 4932        Boot (0x1200)  (b2d3c31b89ecd5dc62caceed0ddcce08) \Device\Harddisk0\DR0\Partition1
20:13:22.0274 4932        \Device\Harddisk0\DR0\Partition1 - ok
20:13:22.0274 4932        ============================================================
20:13:22.0274 4932        Scan finished
20:13:22.0274 4932        ============================================================
20:13:22.0305 4948        Detected object count: 2
20:13:22.0305 4948        Actual detected object count: 2


Alle Zeitangaben in WEZ +1. Es ist jetzt 16:09 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20