Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Trojaner TR/ATRAPS.Gen gefunden

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 26.03.2011, 12:58   #1
stinew
 
Trojaner TR/ATRAPS.Gen gefunden - Standard

Trojaner TR/ATRAPS.Gen gefunden



Hallo,

gestern hat Avira mir einen gefundenen Trojaner angezeigt: TR/ATRAPS.Gen, der sich hier befinden soll:C:\Windows\SoftwareDistribution\Download\e92104d83eac0777223ace15a0191cf9\BIT52D3.tmp. Ich habe ihn nun in die Quarantäne verschoben und weiß nicht, wie ich nun weiter vorgehen soll. Einfach löschen wirds wohl nicht bringen, oder? Ich hoffe wirklich sehr, dass der sich ohne komplette Formatierung beseitigen lässt. Weiß jemand, was dieser Trojaner überhaupt anrichtet? Gerade habe ich auf meinem Desktop grau hinterlegte Word-Dateien gesehen mit diesem ~S vor dem Dateinamen (hm, hoffe das ist verständlich) - das macht doch ganz den Anschein, als ob die jemand geöffnet hat!? Ich wars leider nicht...Langsam werde ich etwas panisch:/

Ich poste einmal mein OTL-Logfile und den Malwarebytes-Log (da wurde nix gefunden...) und hoffe, dass mir jemand weiterhelfen kann. Ich bin in diesen Dingen leider alles andere als eine Expertin, von daher wäre ich für einfache Anweisungen sehr dankbar

Vielen Dank schon mal...

LG, Stine

OTL-LogfileOTL Logfile:
Code:
ATTFilter
OTL logfile created on: 26.03.2011 12:05:48 - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\User\Desktop\Hijack
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 48,00% Memory free
6,00 Gb Paging File | 4,00 Gb Available in Paging File | 70,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 288,22 Gb Total Space | 194,75 Gb Free Space | 67,57% Space Free | Partition Type: NTFS
Drive F: | 671,28 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
Drive G: | 20,49 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
 
Computer Name: USER-PC | User Name: User | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - File not found
PRC - C:\Users\User\Desktop\Hijack\OTL.exe (OldTimer Tools)
PRC - C:\Users\User\Desktop\Hijack\test.exe (Trend Micro Inc.)
PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Programme\McAfee\SiteAdvisor\McSACore.exe (McAfee, Inc.)
PRC - C:\Programme\Opera\opera.exe (Opera Software)
PRC - C:\Programme\Microsoft Security Client\msseces.exe (Microsoft Corporation)
PRC - c:\Programme\Microsoft Security Client\Antimalware\NisSrv.exe (Microsoft Corporation)
PRC - c:\Programme\Microsoft Security Client\Antimalware\MsMpEng.exe (Microsoft Corporation)
PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Programme\Avira\AntiVir Desktop\avcenter.exe (Avira GmbH)
PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Programme\Last.fm\LastFM.exe (Last.fm)
PRC - C:\Programme\OpenOffice.org 3\program\soffice.bin (OpenOffice.org)
PRC - C:\Programme\OpenOffice.org 3\program\soffice.exe (OpenOffice.org)
PRC - C:\ProgramData\DatacardService\DCService.exe ()
PRC - C:\ProgramData\DatacardService\DCSHelper.exe (Huawei Technologies Co., Ltd.)
PRC - C:\Programme\sony\Marketing Tools\MarketingTools.exe (Sony Corporation)
PRC - C:\Programme\DivX\DivX Update\DivXUpdate.exe ()
PRC - C:\Programme\WEB.DE\WEB.DE Club E-Mail Alarm\EmailAlarm.exe (WEB.DE)
PRC - C:\Programme\Cisco Systems\VPN Client\cvpnd.exe (Cisco Systems, Inc.)
PRC - C:\Programme\McAfee\VirusScan\Mcshield.exe (McAfee, Inc.)
PRC - C:\Programme\McAfee\VirusScan\mcsysmon.exe (McAfee, Inc.)
PRC - C:\Programme\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
PRC - C:\Programme\McAfee\MSC\mcmscsvc.exe (McAfee, Inc.)
PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH)
PRC - C:\Programme\Winamp\winamp.exe (Nullsoft, Inc.)
PRC - C:\Programme\Winamp\winampa.exe (Nullsoft, Inc.)
PRC - C:\Programme\McAfee\MPF\MpfSrv.exe (McAfee, Inc.)
PRC - C:\Programme\McAfee\MSK\msksrver.exe (McAfee, Inc.)
PRC - c:\Programme\Common Files\McAfee\McProxy\McProxy.exe (McAfee, Inc.)
PRC - c:\Programme\Common Files\McAfee\MNA\McNASvc.exe (McAfee, Inc.)
PRC - C:\Programme\Mobile Partner\Mobile Partner.exe ()
PRC - C:\Programme\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe (Sony Corporation)
PRC - C:\Programme\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe (Sony Corporation)
PRC - C:\Programme\sony\VAIO Event Service\VESMgr.exe (Sony Corporation)
PRC - C:\Programme\sony\VAIO Event Service\VESMgrSub.exe (Sony Corporation)
PRC - C:\Programme\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe (Sony Corporation)
PRC - C:\Programme\sony\Network Utility\LANUtil.exe (Sony Corporation)
PRC - C:\Programme\sony\Network Utility\NSUService.exe (Sony Corporation)
PRC - C:\Programme\sony\VAIO Power Management\SPMgr.exe (Sony Corporation)
PRC - C:\Programme\sony\VAIO Power Management\SPMService.exe (Sony Corporation)
PRC - C:\Programme\sony\VAIO Update 4\VAIOUpdt.exe (Sony Corporation)
PRC - C:\Programme\sony\ISB Utility\ISBMgr.exe (Sony Corporation)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe (ArcSoft, Inc.)
PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
PRC - C:\Windows\System32\conime.exe (Microsoft Corporation)
PRC - c:\Programme\Common Files\InterVideo\RegMgr\iviRegMgr.exe (InterVideo)
 
 
========== Modules (SafeList) ==========
 
MOD - C:\Users\User\Desktop\Hijack\OTL.exe (OldTimer Tools)
MOD - c:\Programme\McAfee\SiteAdvisor\sahook.dll (McAfee, Inc.)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18523_none_5cdd65e20837faf2\comctl32.dll (Microsoft Corporation)
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (McAfee SiteAdvisor Service) -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe (McAfee, Inc.)
SRV - (NisSrv) -- c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe (Microsoft Corporation)
SRV - (MsMpSvc) -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe (Microsoft Corporation)
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (DCService.exe) -- C:\ProgramData\DatacardService\DCService.exe ()
SRV - (CVPND) -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe (Cisco Systems, Inc.)
SRV - (McODS) -- C:\Programme\McAfee\VirusScan\mcods.exe (McAfee, Inc.)
SRV - (McShield) -- C:\Programme\McAfee\VirusScan\Mcshield.exe (McAfee, Inc.)
SRV - (McSysmon) -- C:\Programme\McAfee\VirusScan\mcsysmon.exe (McAfee, Inc.)
SRV - (mcmscsvc) -- C:\Programme\McAfee\MSC\mcmscsvc.exe (McAfee, Inc.)
SRV - (MpfService) -- C:\Program Files\McAfee\MPF\MPFSrv.exe (McAfee, Inc.)
SRV - (MSK80Service) -- C:\Program Files\McAfee\MSK\MskSrver.exe (McAfee, Inc.)
SRV - (McProxy) -- c:\Programme\Common Files\McAfee\McProxy\McProxy.exe (McAfee, Inc.)
SRV - (McNASvc) -- c:\Programme\Common Files\McAfee\MNA\McNASvc.exe (McAfee, Inc.)
SRV - (VAIO Entertainment TV Device Arbitration Service) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzHardwareResourceManager\VzHardwareResourceManager\VzHardwareResourceManager.exe (Sony Corporation)
SRV - (Vcsw) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe (Sony Corporation)
SRV - (VzCdbSvc) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe (Sony Corporation)
SRV - (SOHCImp) -- C:\Program Files\Common Files\Sony Shared\SOHLib\SOHCImp.exe (Sony Corporation)
SRV - (SOHPlMgr) -- C:\Program Files\Common Files\Sony Shared\SOHLib\SOHPlMgr.exe (Sony Corporation)
SRV - (SOHDs) -- C:\Program Files\Common Files\Sony Shared\SOHLib\SOHDs.exe (Sony Corporation)
SRV - (SOHDms) -- C:\Program Files\Common Files\Sony Shared\SOHLib\SOHDms.exe (Sony Corporation)
SRV - (SOHDBSvr) -- C:\Program Files\Common Files\Sony Shared\SOHLib\SOHDBSvr.exe (Sony Corporation)
SRV - (VcmIAlzMgr) -- C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe (Sony Corporation)
SRV - (VAIO Event Service) -- C:\Program Files\sony\VAIO Event Service\VESMgr.exe (Sony Corporation)
SRV - (VcmXmlIfHelper) -- C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper.exe (Sony Corporation)
SRV - (VCFw) -- C:\Program Files\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe (Sony Corporation)
SRV - (PACSPTISVR) -- C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe (Sony Corporation)
SRV - (NSUService) -- C:\Program Files\sony\Network Utility\NSUService.exe (Sony Corporation)
SRV - (VAIO Power Management) -- C:\Program Files\Sony\VAIO Power Management\SPMService.exe (Sony Corporation)
SRV - (uCamMonitor) -- C:\Programme\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe (ArcSoft, Inc.)
SRV - (ACDaemon) -- C:\Programme\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (IviRegMgr) -- c:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe (InterVideo)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (MpKsldf01bff5) -- c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{737654F1-DAF6-4883-9CBA-D9BD4F0F599A}\MpKsldf01bff5.sys (Microsoft Corporation)
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)
DRV - (NisDrv) -- C:\Windows\System32\drivers\NisDrvWFP.sys (Microsoft Corporation)
DRV - (MpNWMon) -- C:\Windows\System32\drivers\MpNWMon.sys (Microsoft Corporation)
DRV - (huawei_enumerator) -- C:\Windows\System32\drivers\ew_jubusenum.sys (Huawei Technologies Co., Ltd.)
DRV - (hwdatacard) -- C:\Windows\System32\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.)
DRV - (CVPNDRVA) -- C:\Windows\System32\drivers\CVPNDRVA.sys (Cisco Systems, Inc.)
DRV - (ew_hwusbdev) -- C:\Windows\System32\drivers\ew_hwusbdev.sys (Huawei Technologies Co., Ltd.)
DRV - (ewusbnet) -- C:\Windows\System32\drivers\ewusbnet.sys (Huawei Technologies Co., Ltd.)
DRV - (mfehidk) -- C:\Windows\System32\drivers\mfehidk.sys (McAfee, Inc.)
DRV - (mfeavfk) -- C:\Windows\System32\drivers\mfeavfk.sys (McAfee, Inc.)
DRV - (mfesmfk) -- C:\Windows\System32\drivers\mfesmfk.sys (McAfee, Inc.)
DRV - (mfebopk) -- C:\Windows\System32\drivers\mfebopk.sys (McAfee, Inc.)
DRV - (mferkdk) -- C:\Windows\System32\drivers\mferkdk.sys (McAfee, Inc.)
DRV - (MPFP) -- C:\Windows\System32\drivers\Mpfp.sys (McAfee, Inc.)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (atikmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV - (DMICall) -- C:\Windows\System32\drivers\DMICall.sys (Sony Corporation)
DRV - (SFEP) -- C:\Windows\System32\drivers\SFEP.sys (Sony Corporation)
DRV - (DNE) -- C:\Windows\System32\drivers\dne2000.sys (Deterministic Networks, Inc.)
DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.)
DRV - (risdptsk) -- C:\Windows\System32\drivers\risdptsk.sys (REDC)
DRV - (rimsptsk) -- C:\Windows\System32\drivers\rimsptsk.sys (REDC)
DRV - (WimFltr) -- C:\Windows\System32\drivers\WimFltr.sys (Microsoft Corporation)
DRV - (ArcSoftKsUFilter) -- C:\Windows\System32\drivers\ArcSoftKsUFilter.sys (ArcSoft, Inc.)
DRV - (XAudio) -- C:\Windows\System32\drivers\XAudio.sys (Conexant Systems, Inc.)
DRV - (regi) -- C:\Windows\System32\drivers\regi.sys (InterVideo)
DRV - (CVirtA) -- C:\Windows\System32\drivers\CVirtA.sys (Cisco Systems, Inc.)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=SNYT&bmod=SNYT
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com/ig/redirectdomain?brand=SNYT&bmod=SNYT
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=SNYT&bmod=EU01
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com/ig/redirectdomain?brand=SNYT&bmod=EU01
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Programme\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..extensions.enabledItems: {B7082FAA-CB62-4872-9106-E42DD88EDE45}:3.3
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.1
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1
 
FF - HKLM\software\mozilla\Firefox\Extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files\McAfee\SiteAdvisor [2011.03.25 19:49:04 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.12.14 21:56:17 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.12.14 21:56:17 | 000,000,000 | ---D | M]
 
[2010.04.17 14:18:30 | 000,000,000 | ---D | M] (No name found) -- C:\Users\User\AppData\Roaming\mozilla\Extensions
[2011.03.22 20:12:39 | 000,000,000 | ---D | M] (No name found) -- C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\qw8mqoa8.default\extensions
[2010.06.08 21:30:30 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\qw8mqoa8.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010.07.17 12:54:48 | 000,000,000 | ---D | M] ("DVDVideoSoft Menu") -- C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\qw8mqoa8.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2010.11.04 12:25:14 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\qw8mqoa8.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010.04.17 14:18:08 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2011.03.25 19:49:04 | 000,000,000 | ---D | M] (McAfee SiteAdvisor) -- C:\PROGRAM FILES\MCAFEE\SITEADVISOR
[2010.01.13 23:46:00 | 000,063,488 | ---- | M] (Nullsoft, Inc.) -- C:\Programme\Mozilla Firefox\plugins\npwachk.dll
[2010.06.25 17:05:20 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2010.06.25 17:05:20 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml
[2010.06.25 17:05:20 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2010.06.25 17:05:20 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2010.06.25 17:05:20 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2006.09.18 22:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\Programme\McAfee\MSK\mskapbho.dll ()
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\Programme\McAfee\VirusScan\scriptsn.dll (McAfee, Inc.)
O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Programme\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Programme\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [ISBMgr.exe] C:\Program Files\Sony\ISB Utility\ISBMgr.exe (Sony Corporation)
O4 - HKLM..\Run: [MarketingTools] C:\Programme\sony\Marketing Tools\MarketingTools.exe (Sony Corporation)
O4 - HKLM..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [McENUI] C:\Programme\McAfee\MHN\McENUI.exe (McAfee, Inc.)
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [StartCCC] c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe (Nullsoft, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [NSUFloatingUI] C:\Program Files\Sony\Network Utility\LANUtil.exe (Sony Corporation)
O4 - HKCU..\Run: [WEB.DE Club E-Mail Alarm] C:\Programme\WEB.DE\WEB.DE Club E-Mail Alarm\EmailAlarm.exe (WEB.DE)
O4 - HKCU..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKCU..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
O4 - Startup: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk = C:\Programme\OpenOffice.org 3\program\quickstart.exe ()
O8 - Extra context menu item: add to &BOM - C:\\PROGRA~1\\BIET-O~1\\\\AddToBOM.hta ()
O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\User\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm ()
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab (Java Plug-in 1.6.0_11)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 193.189.244.225 193.189.244.206
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Programme\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8050.1202.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8050.1202.dll (Microsoft Corporation)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Programme\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\VESWinlogon: DllName - VESWinlogon.dll - C:\Windows\System32\VESWinlogon.dll (Sony Corporation)
O24 - Desktop WallPaper: C:\Users\User\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\User\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2010.05.08 20:48:36 | 000,126,976 | R--- | M] () - G:\AutoRun.exe -- [ CDFS ]
O32 - AutoRun File - [2008.03.10 01:34:52 | 000,000,047 | R--- | M] () - G:\AUTORUN.INF -- [ CDFS ]
O33 - MountPoints2\{3bb8be43-d47c-11df-95b9-001dbaad4ba2}\Shell - "" = AutoRun
O33 - MountPoints2\{3bb8be43-d47c-11df-95b9-001dbaad4ba2}\Shell\AutoRun\command - "" = G:\AutoRun.exe -- [2010.05.08 20:48:36 | 000,126,976 | R--- | M] ()
O33 - MountPoints2\{3bb8be4e-d47c-11df-95b9-001e101fabdd}\Shell - "" = AutoRun
O33 - MountPoints2\{3bb8be4e-d47c-11df-95b9-001e101fabdd}\Shell\AutoRun\command - "" = G:\AutoRun.exe -- [2010.05.08 20:48:36 | 000,126,976 | R--- | M] ()
O33 - MountPoints2\{3cff0792-2f64-11e0-ad1a-001e101f9843}\Shell - "" = AutoRun
O33 - MountPoints2\{3cff0792-2f64-11e0-ad1a-001e101f9843}\Shell\AutoRun\command - "" = G:\AutoRun.exe -- [2010.05.08 20:48:36 | 000,126,976 | R--- | M] ()
O33 - MountPoints2\{90a1dd82-f4a5-11df-a839-86c8e15465a5}\Shell - "" = AutoRun
O33 - MountPoints2\{90a1dd82-f4a5-11df-a839-86c8e15465a5}\Shell\AutoRun\command - "" = G:\AutoRun.exe -- [2010.05.08 20:48:36 | 000,126,976 | R--- | M] ()
O33 - MountPoints2\{c700ecf9-cb29-11df-86bb-001dbaad4ba2}\Shell - "" = AutoRun
O33 - MountPoints2\{c700ecf9-cb29-11df-86bb-001dbaad4ba2}\Shell\AutoRun\command - "" = G:\AutoRun.exe -- [2010.05.08 20:48:36 | 000,126,976 | R--- | M] ()
O33 - MountPoints2\{c700ed27-cb29-11df-86bb-001e101fe9c7}\Shell - "" = AutoRun
O33 - MountPoints2\{c700ed27-cb29-11df-86bb-001e101fe9c7}\Shell\AutoRun\command - "" = G:\AutoRun.exe -- [2010.05.08 20:48:36 | 000,126,976 | R--- | M] ()
O33 - MountPoints2\{da988262-2fd2-11e0-b62b-001e101fe5e1}\Shell - "" = AutoRun
O33 - MountPoints2\{da988262-2fd2-11e0-b62b-001e101fe5e1}\Shell\AutoRun\command - "" = G:\AutoRun.exe -- [2010.05.08 20:48:36 | 000,126,976 | R--- | M] ()
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011.03.26 10:53:48 | 000,000,000 | ---D | C] -- C:\Users\User\Desktop\Hijack
[2011.03.12 13:51:26 | 000,222,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe
[2011.03.10 20:12:04 | 000,000,000 | ---D | C] -- C:\Programme\Microsoft Security Client
[2011.03.08 21:55:44 | 000,429,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\EncDec.dll
[2011.03.08 21:55:44 | 000,323,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sbe.dll
[2011.03.08 21:55:43 | 000,177,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mpg2splt.ax
[2011.03.08 21:55:43 | 000,153,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sbeio.dll
[2011.02.27 13:33:50 | 000,000,000 | ---D | C] -- C:\Windows\System32\WindowsPowerShell
[2011.02.27 13:28:30 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winrsmgr.dll
[2011.02.27 13:27:42 | 000,040,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winrs.exe
[2011.02.27 13:27:42 | 000,020,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winrshost.exe
[2011.02.27 13:27:42 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wsmprovhost.exe
[2011.02.27 13:27:38 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wsmplpxy.dll
[2011.02.27 13:27:38 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winrssrv.dll
[2011.02.27 13:27:35 | 000,056,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wecapi.dll
[2011.02.27 13:27:34 | 000,081,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wevtfwd.dll
[2011.02.27 13:27:34 | 000,079,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wecutil.exe
[2011.02.27 13:27:34 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WsmRes.dll
[2011.02.27 13:27:34 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pwrshplugin.dll
[2011.02.27 13:27:25 | 000,241,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winrscmd.dll
[2011.02.27 13:27:25 | 000,214,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WsmWmiPl.dll
[2011.02.27 13:27:25 | 000,145,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WsmAuto.dll
[2011.02.27 13:27:24 | 000,252,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WSManMigrationPlugin.dll
[2011.02.27 13:27:24 | 000,246,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WSManHTTPConfig.exe
 
========== Files - Modified Within 30 Days ==========
 
[2011.03.26 11:43:00 | 000,001,092 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011.03.26 10:42:27 | 000,011,328 | ---- | M] () -- C:\Windows\System32\Config.MPF
[2011.03.26 10:25:03 | 000,001,088 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011.03.26 10:25:02 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011.03.26 10:25:02 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011.03.26 10:24:44 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.03.26 10:24:41 | 3186,659,328 | -HS- | M] () -- C:\hiberfil.sys
[2011.03.23 21:56:05 | 000,001,971 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2011.03.22 20:17:13 | 000,137,656 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys
[2011.03.10 20:16:12 | 000,002,154 | ---- | M] () -- C:\Windows\epplauncher.mif
[2011.03.10 20:13:46 | 000,630,842 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2011.03.10 20:13:46 | 000,598,096 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011.03.10 20:13:46 | 000,127,454 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2011.03.10 20:13:46 | 000,105,070 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011.03.05 11:30:01 | 000,002,791 | ---- | M] () -- C:\Users\User\Desktop\lidl.jpg
[2011.02.25 23:39:16 | 000,006,836 | ---- | M] () -- C:\Users\User\AppData\Local\d3d9caps.dat
 
========== Files Created - No Company Name ==========
 
[2011.03.10 20:16:12 | 000,002,154 | ---- | C] () -- C:\Windows\epplauncher.mif
[2011.03.10 20:12:30 | 000,001,808 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
[2011.03.05 11:30:01 | 000,002,791 | ---- | C] () -- C:\Users\User\Desktop\lidl.jpg
[2011.02.27 13:27:26 | 000,201,184 | ---- | C] () -- C:\Windows\System32\winrm.vbs
[2011.02.27 13:27:26 | 000,004,675 | ---- | C] () -- C:\Windows\System32\wsmanconfig_schema.xml
[2011.02.27 13:27:26 | 000,002,426 | ---- | C] () -- C:\Windows\System32\WsmTxt.xsl
[2011.02.06 13:49:50 | 000,006,836 | ---- | C] () -- C:\Users\User\AppData\Local\d3d9caps.dat
[2010.11.02 14:59:41 | 000,020,480 | ---- | C] () -- C:\Users\User\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.08.10 17:22:19 | 000,015,873 | ---- | C] () -- C:\Windows\System32\Inetde.dll
[2010.04.17 14:21:41 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010.04.14 14:15:16 | 000,000,000 | ---- | C] () -- C:\Windows\VAIOUpdt.INI
[2010.03.23 12:26:48 | 000,201,512 | ---- | C] () -- C:\Windows\System32\vpnapi.dll
[2009.03.05 18:22:23 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2009.03.05 18:22:19 | 003,107,788 | ---- | C] () -- C:\Windows\System32\atiumdva.dat
[2009.03.05 18:22:19 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2009.03.05 18:22:18 | 000,174,819 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2009.03.05 18:22:18 | 000,090,112 | ---- | C] () -- C:\Windows\System32\atibrtmon.exe
[2009.03.05 10:27:17 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2009.03.05 09:48:25 | 000,106,605 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009.03.05 09:48:25 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2008.01.21 08:15:58 | 000,630,842 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2008.01.21 08:15:58 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2008.01.21 08:15:58 | 000,127,454 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2008.01.21 08:15:58 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2006.11.02 13:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006.11.02 13:47:37 | 000,352,248 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006.11.02 13:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 11:33:01 | 000,598,096 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006.11.02 11:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006.11.02 11:33:01 | 000,105,070 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006.11.02 11:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006.11.02 11:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006.11.02 09:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006.11.02 09:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006.11.02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
 
 
und hier der extra-logfile-falls der auch gebraucht wird?:
 
OTL Extras logfile created on: 26.03.2011 12:05:48 - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\User\Desktop\Hijack
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 48,00% Memory free
6,00 Gb Paging File | 4,00 Gb Available in Paging File | 70,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 288,22 Gb Total Space | 194,75 Gb Free Space | 67,57% Space Free | Partition Type: NTFS
Drive F: | 671,28 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
Drive G: | 20,49 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
 
Computer Name: USER-PC | User Name: User | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = Opera.HTML] -- C:\Program Files\Opera\Opera.exe (Opera Software)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Opera\Opera.exe" "%1" (Opera Software)
https [open] -- "C:\Program Files\Opera\Opera.exe" "%1" (Opera Software)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0C86FC88-42F3-415C-A44E-938DEE656F97}" = lport=445 | protocol=6 | dir=in | app=system | 
"{172B2372-8166-4BA3-8333-892EAFEAE579}" = rport=139 | protocol=6 | dir=out | app=system | 
"{2B810DFA-0B6D-4212-85B2-393BA23D0428}" = lport=137 | protocol=17 | dir=in | app=system | 
"{68A45E36-3FBE-49BA-A29F-FB08F0803DD2}" = rport=445 | protocol=6 | dir=out | app=system | 
"{6E3E3894-50DE-425B-ADFC-0258AAD4FEBA}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | 
"{75B56681-D362-4B7C-9E23-D0925E78AE4A}" = lport=139 | protocol=6 | dir=in | app=system | 
"{77A144C2-BB29-4B34-A630-2C376BBCDE7B}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{8C7BF9A6-B830-40C9-A68A-895100423FC3}" = rport=137 | protocol=17 | dir=out | app=system | 
"{AFD7CE5E-39FE-44E1-AD5E-11DD5EA1DE95}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{B9044290-6F97-4E40-831D-8E9B6395ECC5}" = rport=138 | protocol=17 | dir=out | app=system | 
"{CABE9719-6BC1-4E6D-A6BF-BA95B92CE7AB}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{DF08F73F-96E7-4433-BFFA-596721AF8180}" = lport=138 | protocol=17 | dir=in | app=system | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{25E76127-D881-4776-96D5-8E7A0A030FD8}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{3759DC1B-4285-4709-91BD-50F06940252D}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe | 
"{587F89D5-F051-465C-8349-3820BCD1FE4C}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{67309D7C-96FD-4616-BE0E-494E15EAA815}" = dir=in | app=c:\program files\common files\mcafee\mna\mcnasvc.exe | 
"{7D0E861A-850A-4794-8BE6-CC3E98B0D53D}" = protocol=17 | dir=in | app=c:\program files\opera\opera.exe | 
"{8164A2D7-A2F2-4E48-A484-549191CFC644}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{8CB26162-91E6-44BD-8668-CD9F99A5DDFD}" = protocol=6 | dir=in | app=c:\program files\opera\opera.exe | 
"{921C94F1-F359-412E-B27D-E5B05E2A8FF7}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{9EA0AFF6-8028-41F9-80FF-9B6FEDD67C3E}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{E66D467E-ED28-4615-8DD7-E289689CFD85}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | 
"{FAC546D1-9CCB-4F45-8A80-531A2AC4CC39}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{FD6E2B54-68C0-48B3-92AA-CFBC9422A08A}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{018F8F57-B46B-B9B9-C452-DE8F5618434F}" = Catalyst Control Center Graphics Full Existing
"{01FDC9FC-4D4F-4DB0-ACD1-D3E8E1D52902}" = Sony Video Shared Library
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{068F037B-2723-48E3-85F1-4D7D93A29D2A}" = VAIO Content Metadata Intelligent Analyzing Manager
"{07C93E59-2DE3-1565-28A9-8C848B26D0F5}" = CCC Help German
"{08E81ABD-79F7-49C2-881F-FD6CB0975693}" = Roxio Central Data
"{0A6F9244-8C79-1296-3A43-097F67EB666A}" = Catalyst Control Center Localization Dutch
"{14291118-0C19-45EA-A4FA-5C1C0F5FDE09}" = Primo
"{15D5C238-4C2E-4AEA-A66D-D6989A4C586B}" = VAIO Launcher
"{1790FDA2-938F-C886-8988-1ECB74E45517}" = Catalyst Control Center Localization Norwegian
"{1C815731-19F3-0770-8776-D78D6BEBC291}" = Catalyst Control Center Localization Hungarian
"{1EC06E70-BE43-DAAA-A217-E5C98869B1F8}" = Catalyst Control Center Localization Greek
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}" = Roxio Central Tools
"{2018C019-30D9-4240-8C01-0865C10DCF5A}" = Unterstützung für VAIO-Präsentation
"{20471B27-D702-4FE8-8DEC-0702CC8C0A85}" = WinDVD for VAIO
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{23825B69-36DF-4DAD-9CFD-118D11D80F16}" = VAIO Content Folder Setting
"{252E50FD-F27C-C8DD-C9E2-D2845A2DC399}" = ATI Catalyst Install Manager
"{25BA8D5A-228A-7192-6FA1-890D9F1C679F}" = CCC Help Korean
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java(TM) 6 Update 11
"{2878C3C9-9D91-430F-8F50-885BB23DB001}" = VAIO Content Folder Watcher
"{327B75F0-92AF-420A-988F-FA596A218E0B}" = VAIO Content Folder Watcher
"{3B311FB9-5B6A-328C-D7AE-2445D639D886}" = CCC Help Norwegian
"{3B659FAD-E772-44A3-B7E7-560FF084669F}" = VAIO Smart Network
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3D333C7C-102B-F474-9524-72AAA3F292B8}" = Catalyst Control Center Localization Danish
"{4529BC6B-16AE-6829-4946-36C33DBF8DD1}" = Catalyst Control Center Localization French
"{46D7A7FB-305B-F77D-60F8-8FAE1C432374}" = Catalyst Control Center InstallProxy
"{47A2CE5C-EA1F-4F58-8A0A-9452CBA795CD}" = Click to Disc
"{4DCEA9C1-4D6E-41BF-A854-28CFA8B56DBF}" = Click to Disc Editor
"{527EB2A4-BF51-B1B6-3F09-2032A861548E}" = Catalyst Control Center Graphics Light
"{537BF16E-7412-448C-95D8-846E85A1D817}" = Roxio Easy Media Creator 10 LJ
"{55C0F7C1-8B6D-CBBD-2B88-EE7261A87254}" = CCC Help Greek
"{57B955CE-B5D3-495D-AF1B-FAEE0540BFEF}" = VAIO Data Restore Tool
"{596BED91-A1D8-4DF1-8CD1-1C777F7588AC}" = VAIO DVD Menu Data Basic
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{5F5867F0-2D23-4338-A206-01A76C823924}" = VAIO Energie Verwaltung
"{629FD96D-5877-0832-2D31-0EFE781F870D}" = CCC Help Portuguese
"{62F7DA7E-CCCB-439C-A760-00C3926E761F}" = Microsoft Works
"{64DBE9FE-A07D-41A0-B81A-8D416D9647FF}" = VAIO Content Folder Watcher
"{652C5DED-9B9F-93D0-5E94-931B8C38EF0E}" = Catalyst Control Center Localization Thai
"{68A69CFF-130D-4CDE-AB0E-7374ECB144C8}" = Click to Disc
"{69C8B1E3-2665-4A0F-B049-67746E5C4CE3}" = Software Info for Me&My VAIO
"{6A54CB6A-59D1-6A3A-08F3-E34ECF8905A9}" = Catalyst Control Center Graphics Previews Vista
"{6AA6EEA5-BF09-932B-AC25-0E9CCA4B709A}" = CCC Help Danish
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6B1F20F2-6321-4669-A58C-33DF8E7517FF}" = VAIO Entertainment Platform
"{6C4EF0CA-A9DD-96CF-B722-CCDEB589DD26}" = Catalyst Control Center Localization Chinese Traditional
"{6EB6A82E-4918-481F-9AF8-3129E6D29B7E}" = Sony Home Network Library
"{6FA8BA2C-052B-4072-B8E2-2302C268BE9E}" = VAIO Movie Story Template Data
"{711D43D7-24FE-A2B7-CC52-A48BCAAF3926}" = Catalyst Control Center Graphics Previews Common
"{72042FA6-5609-489F-A8EA-3C2DD650F667}" = VAIO Control Center
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{73496381-83C9-7BE6-6EB6-4CF97C00E5FD}" = CCC Help Polish
"{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}" = Roxio Central Audio
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{774088D4-0777-4D78-904D-E435B318F5D2}" = Microsoft Antimalware
"{7782916E-3D46-4F1F-AC4B-3FB9D17049F4}" = Microsoft Antimalware Service DE-DE Language Pack
"{77A776C4-D10F-416D-88F0-53F2D9DCD9B3}" = Microsoft Security Client
"{79BBD55C-9FF6-D496-8AE6-E2EC2829F974}" = Catalyst Control Center Localization Czech
"{7B79CD75-F848-4B33-83E3-0EE1A1805A8C}" = VAIO Movie Story
"{7BB90344-0647-468E-925A-7F69F7983421}" = ArcSoft Magic-i Visual Effects 2
"{7CC28423-465C-F4B9-9379-343DF715BE62}" = CCC Help Swedish
"{80828DF5-270E-F8E6-6274-55ACA4C7E229}" = Catalyst Control Center Localization Japanese
"{835686C5-8650-49EB-8CA0-4528B4035495}" = Windows Live Call
"{837B6259-6FF5-4E66-87C1-A5A15ED36FF4}" = Windows Live Messenger
"{83CDA18E-0BF3-4ACA-872C-B4CDABF2360E}" = VAIO Update 4
"{83E2CFA9-E0EB-4E08-9F85-43E577FF3D60}" = Windows Live Anmelde-Assistent
"{84037798-D63A-F5CA-9FB2-829B362BF712}" = CCC Help Finnish
"{8470A1D9-536E-C7C1-AE2D-24B739B1665A}" = Catalyst Control Center Localization Russian
"{859B9BCA-5376-4566-9F88-C6C9DAA7A925}" = Microsoft Security Client DE-DE Language Pack
"{882683C6-8B60-5CBC-38A8-55ED185FD975}" = CCC Help Turkish
"{8843C5E1-51E5-DFA6-1AD8-757C8DCA7E37}" = CCC Help Russian
"{88C596E4-6882-8E76-EBEF-AB739F5A3B69}" = Catalyst Control Center Localization Italian
"{8C467DE1-6E04-0888-B281-172909C96F37}" = Skins
"{8C7FB08D-7A84-22E0-F553-F6B827023E17}" = CCC Help Chinese Traditional
"{8D1E61D1-1395-4E97-997F-D002DB3A5074}" = OpenOffice.org 3.2
"{8DE50158-80AA-4FF2-9E9F-0A7C46F71FCD}" = VAIO Media plus
"{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{9238E8A4-BEBA-43A3-B926-769BDBF194C5}" = VAIO Media plus Opening Movie
"{93F32124-BB54-C599-CF55-E1E57565BCE3}" = CCC Help Czech
"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{96C951BB-47C8-8497-78F0-7D8D328B58E3}" = Catalyst Control Center Localization Portuguese
"{96D0B6C6-5A72-4B47-8583-A87E55F5FE81}" = 
"{98FC7A64-774B-49B5-B046-4B4EBC053FA9}" = VAIO MusicBox Sample Music
"{9973498D-EA29-4A68-BE0B-C88D6E03E928}" = ArcSoft WebCam Companion 2
"{99D8CD4E-A5D2-A9DF-A152-B28EB5A71F85}" = Catalyst Control Center Localization German
"{9EAC0E21-510E-4259-A9C6-F5D5B8969036}" = Catalyst Control Center - Branding
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A63E7492-A0BC-4BB9-89A7-352965222380}" = VAIO Original Function Setting
"{A7DA438C-2E43-4C20-BFDA-C1F4A6208558}" = Setting Utility Series
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A939F952-1C7E-CBF8-EE77-CFBD9C6A4ECC}" = ccc-core-static
"{A9D3D707-4A1A-4227-BE6E-F16448B4CB63}" = VAIO Entertainment Platform
"{AA75988E-9EC1-EECE-CE00-D5D935974528}" = CCC Help Dutch
"{AC76BA86-7AD7-1031-7B44-A90100000001}" = Adobe Reader 9.0.1 - Deutsch
"{ACB5FD4A-6C58-972C-180C-9677C037E71D}" = Catalyst Control Center Localization Chinese Standard
"{ADBDB038-FF77-C672-04A1-7A0E67E8C73C}" = Catalyst Control Center Core Implementation
"{ADECE95F-585D-8B33-BF50-53C2BDA1E241}" = Catalyst Control Center Localization Korean
"{AE0FBCB5-3193-4583-C6CB-AA96F307EA70}" = ccc-utility
"{AFF10119-F154-4888-77F3-B149DE987976}" = Catalyst Control Center Localization Polish
"{B0BF7057-6869-4E4B-920C-EA2A58DA07F0}" = Cisco Systems VPN Client 5.0.07.0290
"{B25563A0-41F4-4A81-A6C1-6DBC0911B1F3}" = VAIO Movie Story
"{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}" = Roxio Central Copy
"{BFD85D24-D4F3-4CCC-B518-D7C4FC29C76D}" = VAIO Content Metadata Intelligent Analyzing Manager
"{C1555BC5-88B1-466B-BC79-062B5715DF92}" = VAIO Content Metadata XML Interface Library
"{C57BCDE1-7CB9-467D-B3BA-7E119916CDC1}" = Norton Online Backup aktivieren
"{C62AEA0E-90B0-4049-9780-8499A18A34D7}" = VAIO Content Metadata Manager Setting
"{C7477742-DDB4-43E5-AC8D-0259E1E661B1}" = VAIO Event Service
"{C767EE67-9AA4-1CBF-8FD4-87F52CBB041D}" = CCC Help Italian
"{C8E57F8C-64FE-28D7-0F65-7BE87AF49745}" = Catalyst Control Center Graphics Full New
"{CAE07D54-A400-DAF9-912B-306DD941B61C}" = Catalyst Control Center Localization Finnish
"{CB6CF566-E06F-2556-55EF-EE149FC6EE7F}" = CCC Help French
"{CD7E6232-D41D-4E5B-ABE1-0264B6260309}" = VAIO Content Metadata Intelligent Analyzing Manager
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240BD}" = WinZip 14.5
"{CE2121C6-C94D-4A73-8EA4-6943F33EE335}" = Music Transfer
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D03D02D8-AB64-4785-A48E-5AA8B0FB8C14}" = Sony Home Network Library
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D355ECA7-DBF5-F22E-4E1A-BF69CFC5CED8}" = CCC Help Japanese
"{D44DF260-2D5A-3277-97D6-C97D1A806CF5}" = CCC Help Thai
"{D5068583-D569-468B-9755-5FBF5848F46F}" = Sony Picture Utility
"{D60F97EC-EF06-4E1E-B0D1-C2CBABA62FA3}" = VAIO Wallpaper Contents
"{D613E659-6503-42A8-9617-4F599061EAD5}" = VAIO MusicBox
"{D7019E24-BF07-3690-18C7-3D0DE87D09AB}" = CCC Help Chinese Standard
"{D7FFE7EB-1A15-864C-B335-E768BF623B84}" = Catalyst Control Center Localization Swedish
"{DABF43D9-1104-4764-927B-5BED1274A3B0}" = Runtime
"{DE1F799A-0A02-FF3B-8786-195E91D0DE94}" = CCC Help Spanish
"{DEF97A70-C67D-41E1-837C-6462C97A6F65}" = OpenMG Secure Module 5.3.00
"{DF5F687F-8018-4542-9F98-7084E9022917}" = Windows Live Essentials
"{E31010F6-DE18-0E9F-E028-FC709306C6F1}" = Catalyst Control Center Localization Turkish
"{E3453B1B-C91B-4C48-B046-8DF635DD46F2}" = VAIO Content Metadata XML Interface Library
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{E5BD6683-301D-B224-FB7C-320299CD51F9}" = CCC Help Hungarian
"{E9730C7A-E5DA-8222-45FE-2D71E810BE46}" = Catalyst Control Center Localization Spanish
"{EA39F1F5-D4A1-C02A-0865-7F6A95A33A56}" = CCC Help English
"{EADE97A7-E7AA-43FD-A042-92A68E0187A6}" = VAIO Content Metadata Manager Setting
"{ED439A64-F018-4DD4-8BA5-328D85AB09AB}" = Roxio Central Core
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F570A6CC-53ED-4AA9-8B08-551CD3E38D8B}" = 
"{F69E83CF-B440-43F8-89E6-6EA80712109B}" = Windows Live Communications Platform
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{FE51662F-D8F6-43B5-99D9-D4894AF00F83}" = Roxio Easy Media Creator Home
"7-Zip" = 7-Zip 4.65
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"Biet-O-Matic v2.14.3" = Biet-O-Matic v2.14.3
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_104D0200" = HDAUDIO SoftV92 Data Fax Modem with SmartCP
"DivX Setup.divx.com" = DivX-Setup
"dt icon module" = 
"ElsterFormular für Privatanwender 12.0.0.5880p" = ElsterFormular für Privatanwender
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.4
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.8
"GoeMobile - Cisco VPN Client" = GoeMobile - Cisco VPN Client 5.0.07.0290
"Google Chrome" = Google Chrome
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"InstallShield_{20471B27-D702-4FE8-8DEC-0702CC8C0A85}" = WinDVD for VAIO
"InstallShield_{4DCEA9C1-4D6E-41BF-A854-28CFA8B56DBF}" = Click to Disc Editor
"InstallShield_{DEF97A70-C67D-41E1-837C-6462C97A6F65}" = OpenMG Secure Module 5.3.00
"LastFM_is1" = Last.fm 1.5.4.27091
"MarketingTools" = VAIO Marketing Tools
"MFU Module" = 
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft Security Client" = Microsoft Security Essentials
"Mobile Partner" = Mobile Partner
"Mozilla Firefox (3.6.13)" = Mozilla Firefox (3.6.13)
"MSC" = McAfee SecurityCenter
"Opera 11.01.1190" = Opera 11.01
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Uninstall_is1" = Uninstall 1.0.0.1
"VAIO Help and Support" = 
"WEB.DE Club E-Mail Alarm" = WEB.DE Club E-Mail Alarm
"Winamp" = Winamp
"WinGimp-2.0_is1" = GIMP 2.6.11
"WinLiveSuite_Wave3" = Windows Live Essentials
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Winamp Detect" = Winamp Detector Plug-in
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 22.02.2011 15:55:39 | Computer Name = User-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Windows\Installer\{62F7DA7E-CCCB-439C-A760-00C3926E761F}\WksCal.exe".
Die
abhängige Assemblierung "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".
 
Error - 22.02.2011 15:55:40 | Computer Name = User-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Windows\Installer\{62F7DA7E-CCCB-439C-A760-00C3926E761F}\wksss.exe".
Die
abhängige Assemblierung "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".
 
Error - 22.02.2011 15:55:40 | Computer Name = User-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Windows\Installer\{62F7DA7E-CCCB-439C-A760-00C3926E761F}\wksss.exe".
Die
abhängige Assemblierung "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".
 
Error - 22.02.2011 15:55:40 | Computer Name = User-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Windows\Installer\{62F7DA7E-CCCB-439C-A760-00C3926E761F}\WksWP.exe".
Die
abhängige Assemblierung "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".
 
Error - 22.02.2011 15:55:40 | Computer Name = User-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Windows\Installer\{62F7DA7E-CCCB-439C-A760-00C3926E761F}\WksWP.exe".
Die
abhängige Assemblierung "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".
 
Error - 22.02.2011 17:11:27 | Computer Name = User-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 22.02.2011 17:11:48 | Computer Name = User-PC | Source = VzCdbSvc | ID = 7
Description = Das Plug-In-Modul konnte nicht geladen werden. (GUID = {56F9312C-C989-4E04-8C23-299DEE3A36F5})
(Fehlercode = 0x80042019)
 
Error - 23.02.2011 12:33:36 | Computer Name = User-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 23.02.2011 12:33:40 | Computer Name = User-PC | Source = VzCdbSvc | ID = 7
Description = Das Plug-In-Modul konnte nicht geladen werden. (GUID = {56F9312C-C989-4E04-8C23-299DEE3A36F5})
(Fehlercode = 0x80042019)
 
Error - 23.02.2011 17:10:03 | Computer Name = User-PC | Source = EventSystem | ID = 4621
Description = 
 
[ Media Center Events ]
Error - 14.01.2011 22:02:49 | Computer Name = User-PC | Source = MCUpdate | ID = 0
Description = Es konnte nicht auf den MCUpdate-Mutex gewartet werden. Ausnahme: 
'Der Wartezustand wurde aufgrund eines abgebrochenen Mutex beendet.'.
 
[ System Events ]
Error - 06.06.2010 07:29:47 | Computer Name = User-PC | Source = netbt | ID = 4321
Description = Der Name "USER-PC :20" konnte nicht auf der Schnittstelle mit
IP-Adresse 134.76.3.149 registriert werden. Der Computer mit IP-Adresse 134.76.26.21
hat nicht zugelassen, dass dieser Computer diesen Namen verwendet.
 
Error - 06.06.2010 12:48:49 | Computer Name = User-PC | Source = Server | ID = 2505
Description = Aufgrund eines doppelten Netzwerknamens konnte zu der Transportschicht
\Device\NetBT_Tcpip_{6A0B688A-36C3-40E7-BC64-9689E937B84E} vom Serverdienst nicht
gebunden werden. Der Serverdienst konnte nicht gestartet werden.
 
Error - 06.06.2010 12:57:19 | Computer Name = User-PC | Source = Server | ID = 2505
Description = Aufgrund eines doppelten Netzwerknamens konnte zu der Transportschicht
\Device\NetBT_Tcpip_{6A0B688A-36C3-40E7-BC64-9689E937B84E} vom Serverdienst nicht
gebunden werden. Der Serverdienst konnte nicht gestartet werden.
 
Error - 07.06.2010 12:31:40 | Computer Name = User-PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am 06.06.2010 um 20:45:31 unerwartet heruntergefahren.
 
Error - 07.06.2010 12:31:45 | Computer Name = User-PC | Source = HTTP | ID = 15016
Description = 
 
Error - 07.06.2010 12:32:39 | Computer Name = User-PC | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 07.06.2010 12:32:39 | Computer Name = User-PC | Source = Service Control Manager | ID = 7009
Description = 
 
Error - 07.06.2010 12:32:39 | Computer Name = User-PC | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 08.06.2010 13:48:35 | Computer Name = User-PC | Source = HTTP | ID = 15016
Description = 
 
Error - 08.06.2010 13:49:24 | Computer Name = User-PC | Source = Service Control Manager | ID = 7000
Description = 
 
 
< End of report >
         
--- --- ---



Malwarebytes:

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Datenbank Version: 6173

Windows 6.0.6001 Service Pack 1
Internet Explorer 7.0.6001.18000

26.03.2011 12:54:05
mbam-log-2011-03-26 (12-54-04).txt

Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 149172
Laufzeit: 6 Minute(n), 52 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)

Alt 26.03.2011, 21:42   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Trojaner TR/ATRAPS.Gen gefunden - Standard

Trojaner TR/ATRAPS.Gen gefunden



Zitat:
Art des Suchlaufs: Quick-Scan
Hallo und

Bitte routinemäßig einen Vollscan mit Malwarebytes machen und Log posten.
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss!

Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten!
__________________

__________________

Alt 27.03.2011, 13:49   #3
stinew
 
Trojaner TR/ATRAPS.Gen gefunden - Standard

Trojaner TR/ATRAPS.Gen gefunden



hallo,

ich habe jetzt nochmal aktualisiert und den Vollscan durchgeführt (s.u.), da wurde wieder nichts gefunden. Ich hoffe, mir kann hier jemand weiterhelfen - die Google-Ergebnisse waren nicht sehr erfreulich:/

Danke schon mal!

LG Stine

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Datenbank Version: 6182

Windows 6.0.6001 Service Pack 1
Internet Explorer 7.0.6001.18000

27.03.2011 14:38:32
mbam-log-2011-03-27 (14-38-32).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|)
Durchsuchte Objekte: 280760
Laufzeit: 1 Stunde(n), 39 Minute(n), 37 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)
__________________

Alt 27.03.2011, 21:02   #4
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Trojaner TR/ATRAPS.Gen gefunden - Standard

Trojaner TR/ATRAPS.Gen gefunden



Gibt es noch weitere Logs von Malwarebytes? Wenn ja bitte alle posten, die in Malwarebytes im Reiter Logdateien sichtbar sind.
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 27.03.2011, 21:41   #5
stinew
 
Trojaner TR/ATRAPS.Gen gefunden - Standard

Trojaner TR/ATRAPS.Gen gefunden



Nein, leider nicht - ich habe Malwarebytes erst installiert, nachdem ich mich hier angemeldet habe:/ es gibt also nur die zwei bereits geposteten...
Würde es denn erstmal reichen, wenn ich meine Passwörter an einem anderen PC ändere oder sollte ich - zumindest beim Onlinebanking - gleich meinen Account sperren lassen?
LG


Alt 28.03.2011, 08:48   #6
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Trojaner TR/ATRAPS.Gen gefunden - Standard

Trojaner TR/ATRAPS.Gen gefunden



Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)


Code:
ATTFilter
:OTL
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2010.05.08 20:48:36 | 000,126,976 | R--- | M] () - G:\AutoRun.exe -- [ CDFS ]
O32 - AutoRun File - [2008.03.10 01:34:52 | 000,000,047 | R--- | M] () - G:\AUTORUN.INF -- [ CDFS ]
O33 - MountPoints2\{3bb8be43-d47c-11df-95b9-001dbaad4ba2}\Shell - "" = AutoRun
O33 - MountPoints2\{3bb8be43-d47c-11df-95b9-001dbaad4ba2}\Shell\AutoRun\command - "" = G:\AutoRun.exe -- [2010.05.08 20:48:36 | 000,126,976 | R--- | M] ()
O33 - MountPoints2\{3bb8be4e-d47c-11df-95b9-001e101fabdd}\Shell - "" = AutoRun
O33 - MountPoints2\{3bb8be4e-d47c-11df-95b9-001e101fabdd}\Shell\AutoRun\command - "" = G:\AutoRun.exe -- [2010.05.08 20:48:36 | 000,126,976 | R--- | M] ()
O33 - MountPoints2\{3cff0792-2f64-11e0-ad1a-001e101f9843}\Shell - "" = AutoRun
O33 - MountPoints2\{3cff0792-2f64-11e0-ad1a-001e101f9843}\Shell\AutoRun\command - "" = G:\AutoRun.exe -- [2010.05.08 20:48:36 | 000,126,976 | R--- | M] ()
O33 - MountPoints2\{90a1dd82-f4a5-11df-a839-86c8e15465a5}\Shell - "" = AutoRun
O33 - MountPoints2\{90a1dd82-f4a5-11df-a839-86c8e15465a5}\Shell\AutoRun\command - "" = G:\AutoRun.exe -- [2010.05.08 20:48:36 | 000,126,976 | R--- | M] ()
O33 - MountPoints2\{c700ecf9-cb29-11df-86bb-001dbaad4ba2}\Shell - "" = AutoRun
O33 - MountPoints2\{c700ecf9-cb29-11df-86bb-001dbaad4ba2}\Shell\AutoRun\command - "" = G:\AutoRun.exe -- [2010.05.08 20:48:36 | 000,126,976 | R--- | M] ()
O33 - MountPoints2\{c700ed27-cb29-11df-86bb-001e101fe9c7}\Shell - "" = AutoRun
O33 - MountPoints2\{c700ed27-cb29-11df-86bb-001e101fe9c7}\Shell\AutoRun\command - "" = G:\AutoRun.exe -- [2010.05.08 20:48:36 | 000,126,976 | R--- | M] ()
O33 - MountPoints2\{da988262-2fd2-11e0-b62b-001e101fe5e1}\Shell - "" = AutoRun
O33 - MountPoints2\{da988262-2fd2-11e0-b62b-001e101fe5e1}\Shell\AutoRun\command - "" = G:\AutoRun.exe -- [2010.05.08 20:48:36 | 000,126,976 | R--- | M] ()
:Commands
[purity]
[resethosts]
[emptytemp]
         
Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.
__________________
--> Trojaner TR/ATRAPS.Gen gefunden

Alt 28.03.2011, 17:48   #7
stinew
 
Trojaner TR/ATRAPS.Gen gefunden - Standard

Trojaner TR/ATRAPS.Gen gefunden



Hallo,

danke für die Hilfe - habe das eben wie angegeben getan. Microsoft Security Essentials ließ sich jedoch nicht deaktivieren, ich hoffe das ist ok!? Puh, das muss anstrengend sein, sich mit solchen Anfängern wie mir rumzuplagen

Hier der Logfile, der nach dem Neustart rauskam:


All processes killed
========== OTL ==========
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
C:\autoexec.bat moved successfully.
File move failed. G:\AutoRun.exe scheduled to be moved on reboot.
File move failed. G:\AUTORUN.INF scheduled to be moved on reboot.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3bb8be43-d47c-11df-95b9-001dbaad4ba2}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3bb8be43-d47c-11df-95b9-001dbaad4ba2}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3bb8be43-d47c-11df-95b9-001dbaad4ba2}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3bb8be43-d47c-11df-95b9-001dbaad4ba2}\ not found.
File move failed. G:\AutoRun.exe scheduled to be moved on reboot.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3bb8be4e-d47c-11df-95b9-001e101fabdd}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3bb8be4e-d47c-11df-95b9-001e101fabdd}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3bb8be4e-d47c-11df-95b9-001e101fabdd}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3bb8be4e-d47c-11df-95b9-001e101fabdd}\ not found.
File move failed. G:\AutoRun.exe scheduled to be moved on reboot.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3cff0792-2f64-11e0-ad1a-001e101f9843}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3cff0792-2f64-11e0-ad1a-001e101f9843}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3cff0792-2f64-11e0-ad1a-001e101f9843}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3cff0792-2f64-11e0-ad1a-001e101f9843}\ not found.
File move failed. G:\AutoRun.exe scheduled to be moved on reboot.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{90a1dd82-f4a5-11df-a839-86c8e15465a5}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{90a1dd82-f4a5-11df-a839-86c8e15465a5}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{90a1dd82-f4a5-11df-a839-86c8e15465a5}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{90a1dd82-f4a5-11df-a839-86c8e15465a5}\ not found.
File move failed. G:\AutoRun.exe scheduled to be moved on reboot.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c700ecf9-cb29-11df-86bb-001dbaad4ba2}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c700ecf9-cb29-11df-86bb-001dbaad4ba2}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c700ecf9-cb29-11df-86bb-001dbaad4ba2}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c700ecf9-cb29-11df-86bb-001dbaad4ba2}\ not found.
File move failed. G:\AutoRun.exe scheduled to be moved on reboot.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c700ed27-cb29-11df-86bb-001e101fe9c7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c700ed27-cb29-11df-86bb-001e101fe9c7}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c700ed27-cb29-11df-86bb-001e101fe9c7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c700ed27-cb29-11df-86bb-001e101fe9c7}\ not found.
File move failed. G:\AutoRun.exe scheduled to be moved on reboot.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{da988262-2fd2-11e0-b62b-001e101fe5e1}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{da988262-2fd2-11e0-b62b-001e101fe5e1}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{da988262-2fd2-11e0-b62b-001e101fe5e1}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{da988262-2fd2-11e0-b62b-001e101fe5e1}\ not found.
File move failed. G:\AutoRun.exe scheduled to be moved on reboot.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Public

User: User
->Temp folder emptied: 197142800 bytes
->Temporary Internet Files folder emptied: 56679643 bytes
->FireFox cache emptied: 60505260 bytes
->Google Chrome cache emptied: 33670914 bytes
->Opera cache emptied: 30123827 bytes
->Flash cache emptied: 46372 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 82817430 bytes
RecycleBin emptied: 802754118 bytes

Total Files Cleaned = 1.205,00 mb


OTL by OldTimer - Version 3.2.22.3 log created on 03282011_182841

Files\Folders moved on Reboot...
File move failed. G:\AutoRun.exe scheduled to be moved on reboot.
File move failed. G:\AUTORUN.INF scheduled to be moved on reboot.
File\Folder C:\Windows\temp\mcafee_Fu3RI78RQ5gdb67 not found!
File\Folder C:\Windows\temp\mcafee_Ss2HqNhnmrwM9xY not found!
File\Folder C:\Windows\temp\mcafee_y2KcitDbM4JqA6e not found!
File\Folder C:\Windows\temp\mcmsc_5oYIgF1R8oLoRSp not found!
File\Folder C:\Windows\temp\mcmsc_afQ3hM6XtM2vLVz not found!
File\Folder C:\Windows\temp\mcmsc_JbfD8epqeb8lhSq not found!
File\Folder C:\Windows\temp\mcmsc_qf6lr7VWvgBztZW not found!
File\Folder C:\Windows\temp\sqlite_55Prh1Zt1GLafAP not found!
File\Folder C:\Windows\temp\sqlite_Nf04cOZSdJ4xZsc not found!
File\Folder C:\Windows\temp\sqlite_Ze9yunT5nDMDpyf not found!
File\Folder C:\Windows\temp\sqlite_ZhVQH6lLKFfNu86 not found!

Registry entries deleted on Reboot...


LG Stine

Alt 28.03.2011, 19:25   #8
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Trojaner TR/ATRAPS.Gen gefunden - Standard

Trojaner TR/ATRAPS.Gen gefunden



Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix
  • Lade dir ComboFix hier herunter auf deinen Desktop. Benenne es beim Runterladen um in cofi.exe.
  • Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.
  • Starte cofi.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
    Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.
  • Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.
Wichtiger Hinweis:
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 28.03.2011, 22:21   #9
stinew
 
Trojaner TR/ATRAPS.Gen gefunden - Standard

Trojaner TR/ATRAPS.Gen gefunden



Hallo,

so, habe gerade die Combofix-Sache durchgeführt und poste unten das Ergebnis. Ich habe nun aber (also nachdem Combofix durch war) die Firewall und Antivirenprogramme wieder aktiviert, hoffe das ist ok.

Danke!!

Combofix Logfile:
Code:
ATTFilter
ComboFix 11-03-28.01 - User 28.03.2011  22:54:23.1.2 - x86
Microsoft® Windows Vista™ Home Premium   6.0.6001.1.1252.49.1031.18.3038.1711 [GMT 2:00]
ausgeführt von:: c:\users\User\Desktop\ComboFix.exe
AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
AV: McAfee VirusScan *Enabled/Outdated* {86355677-4064-3EA7-ABB3-1B136EB04637}
AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
FW: McAfee Personal Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: McAfee VirusScan *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Im Speicher befindliches AV aktiv.
.
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\Thumbs.db
.
.
(((((((((((((((((((((((   Dateien erstellt von 2011-02-28 bis 2011-03-28  ))))))))))))))))))))))))))))))
.
.
2011-03-28 21:07 . 2011-03-28 21:07	--------	d-----w-	c:\users\User\AppData\Local\temp
2011-03-28 21:07 . 2011-03-28 21:07	--------	d-----w-	c:\users\Default\AppData\Local\temp
2011-03-28 16:35 . 2011-03-28 16:35	28752	----a-w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{8AB67124-2FF7-4253-9C0B-34E2492D8D90}\MpKsl50be3a1c.sys
2011-03-28 16:28 . 2011-03-28 16:28	--------	d-----w-	C:\_OTL
2011-03-28 16:27 . 2011-03-28 16:27	28752	----a-w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{8AB67124-2FF7-4253-9C0B-34E2492D8D90}\MpKsl35acfe37.sys
2011-03-28 16:26 . 2011-03-15 04:05	6792528	----a-w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{8AB67124-2FF7-4253-9C0B-34E2492D8D90}\mpengine.dll
2011-03-27 10:04 . 2011-03-12 12:52	439632	------w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2011-03-27 10:03 . 2011-03-12 12:52	439632	------w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{D0C9E26C-C344-424F-A104-00B99956408F}\gapaengine.dll
2011-03-26 11:32 . 2011-03-26 11:32	--------	d-----w-	c:\users\User\AppData\Roaming\Malwarebytes
2011-03-26 11:32 . 2010-12-20 17:09	38224	----a-w-	c:\windows\system32\drivers\mbamswissarmy.sys
2011-03-26 11:32 . 2011-03-26 11:32	--------	d-----w-	c:\programdata\Malwarebytes
2011-03-26 11:32 . 2010-12-20 17:08	20952	----a-w-	c:\windows\system32\drivers\mbam.sys
2011-03-26 11:32 . 2011-03-26 11:32	--------	d-----w-	c:\users\User\Malwarebytes' Anti-Malware
2011-03-12 12:56 . 2011-03-15 04:05	6792528	----a-w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-03-12 12:51 . 2010-10-19 20:51	222080	------w-	c:\windows\system32\MpSigStub.exe
2011-03-10 19:12 . 2011-03-10 19:14	--------	d-----w-	c:\program files\Microsoft Security Client
2011-03-08 20:55 . 2010-12-29 17:41	323072	----a-w-	c:\windows\system32\sbe.dll
2011-03-08 20:55 . 2010-12-29 17:41	429056	----a-w-	c:\windows\system32\EncDec.dll
2011-03-08 20:55 . 2010-12-29 17:41	153088	----a-w-	c:\windows\system32\sbeio.dll
2011-03-08 20:55 . 2010-12-29 17:39	177664	----a-w-	c:\windows\system32\mpg2splt.ax
2011-03-08 20:55 . 2010-12-17 16:43	2067456	----a-w-	c:\windows\system32\mstscax.dll
2011-03-08 20:55 . 2010-12-17 15:06	677888	----a-w-	c:\windows\system32\mstsc.exe
2011-02-27 12:28 . 2009-10-09 21:56	2048	----a-w-	c:\windows\system32\winrsmgr.dll
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-03-22 19:17 . 2010-05-08 18:42	137656	----a-w-	c:\windows\system32\drivers\avipbb.sys
2011-01-08 07:50 . 2011-02-13 16:04	34304	----a-w-	c:\windows\system32\atmlib.dll
2011-01-08 05:57 . 2011-02-13 16:04	292352	----a-w-	c:\windows\system32\atmfd.dll
2010-12-31 13:25 . 2011-02-13 16:05	2038784	----a-w-	c:\windows\system32\win32k.sys
2010-12-28 21:10 . 2010-12-28 21:10	1222408	----a-w-	c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WindowsWelcomeCenter"="oobefldr.dll" [2008-01-21 2153472]
"NSUFloatingUI"="c:\program files\Sony\Network Utility\LANUtil.exe" [2008-12-21 274432]
"WEB.DE Club E-Mail Alarm"="c:\program files\WEB.DE\WEB.DE Club E-Mail Alarm\EmailAlarm.exe" [2010-04-08 2153472]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-01-06 6703648]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-03-10 835584]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-12-03 35184]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-05 136600]
"ISBMgr.exe"="c:\program files\Sony\ISB Utility\ISBMgr.exe" [2008-12-18 317288]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 61440]
"McENUI"="c:\progra~1\McAfee\MHN\McENUI.exe" [2009-07-07 1176808]
"MarketingTools"="c:\program files\Sony\Marketing Tools\MarketingTools.exe" [2010-04-14 26112]
"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2010-02-11 1218008]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2010-01-13 37888]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2010-04-12 1135912]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-11-07 281768]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2010-11-30 997408]
.
c:\users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.2.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2010-5-20 1195008]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
VPN Client.lnk - c:\windows\Installer\{B0BF7057-6869-4E4B-920C-EA2A58DA07F0}\Icon3E5562ED7.ico [2010-5-14 6144]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
2009-01-19 10:49	98304	----a-w-	c:\windows\System32\VESWinlogon.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R1 MpKsl3bfa13e5;MpKsl3bfa13e5;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{3ED037DF-0EAA-4520-9A69-357A0407DEE7}\MpKsl3bfa13e5.sys [x]
R1 MpKsl95f77852;MpKsl95f77852;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{F33CF980-15A9-47D3-BF8A-EAD3981954C2}\MpKsl95f77852.sys [x]
R1 MpKslfd5749ca;MpKslfd5749ca;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{8D25F5EB-4B23-48E1-862B-1F5716FC9955}\MpKslfd5749ca.sys [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 DCService.exe;DCService.exe;c:\programdata\DatacardService\DCService.exe [2010-05-08 229376]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-05-08 135664]
R3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\DRIVERS\ew_hwusbdev.sys [2010-03-20 101504]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2010-10-24 54144]
R3 NisSrv;Microsoft-Netzwerkinspektion;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2010-11-11 206360]
R3 SOHCImp;VAIO Media plus Content Importer;c:\program files\Common Files\Sony Shared\SOHLib\SOHCImp.exe [2009-01-20 120104]
R3 SOHDBSvr;VAIO Media plus Database Manager;c:\program files\Common Files\Sony Shared\SOHLib\SOHDBSvr.exe [2009-01-20 70952]
R3 SOHDms;VAIO Media plus Digital Media Server;c:\program files\Common Files\Sony Shared\SOHLib\SOHDms.exe [2009-01-20 390440]
R3 SOHDs;VAIO Media plus Device Searcher;c:\program files\Common Files\Sony Shared\SOHLib\SOHDs.exe [2009-01-20 75048]
R3 SOHPlMgr;VAIO Media plus Playlist Manager;c:\program files\Common Files\Sony Shared\SOHLib\SOHPlMgr.exe [2009-01-20 91432]
R3 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;c:\program files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [2009-01-19 394536]
R3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;c:\program files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper.exe [2009-01-16 83240]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S1 MpKsl35acfe37;MpKsl35acfe37;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{8AB67124-2FF7-4253-9C0B-34E2492D8D90}\MpKsl35acfe37.sys [2011-03-28 28752]
S1 MpKsl50be3a1c;MpKsl50be3a1c;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{8AB67124-2FF7-4253-9C0B-34E2492D8D90}\MpKsl50be3a1c.sys [2011-03-28 28752]
S2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [2010-11-07 135336]
S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [2011-02-16 88176]
S2 NSUService;NSUService;c:\program files\sony\Network Utility\NSUService.exe [2008-12-21 303104]
S2 regi;regi;c:\windows\system32\drivers\regi.sys [2007-04-17 11032]
S2 uCamMonitor;CamMonitor;c:\program files\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe [2008-09-18 104960]
S2 VAIO Power Management;VAIO Power Management;c:\program files\Sony\VAIO Power Management\SPMService.exe [2008-12-19 415592]
S2 VCFw;VAIO Content Folder Watcher;c:\program files\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [2009-01-14 5184872]
S3 ArcSoftKsUFilter;ArcSoft Magic-I Visual Effect;c:\windows\system32\DRIVERS\ArcSoftKsUFilter.sys [2008-04-24 17920]
S3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\DRIVERS\ewusbnet.sys [2010-03-20 116736]
S3 huawei_enumerator;huawei_enumerator;c:\windows\system32\DRIVERS\ew_jubusenum.sys [2010-04-09 63616]
S3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [2010-10-24 43392]
S3 SFEP;Sony Firmware Extension Parser;c:\windows\system32\DRIVERS\SFEP.sys [2008-11-19 9344]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - MPKSL50BE3A1C
.
Inhalt des "geplante Tasks" Ordners
.
2011-03-28 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-05-08 14:14]
.
2011-03-28 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-05-08 14:14]
.
2010-04-14 c:\windows\Tasks\McDefragTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2010-04-17 10:22]
.
2010-04-14 c:\windows\Tasks\McQcTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2010-04-17 10:22]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.com/ig/redirectdomain?brand=SNYT&bmod=EU01
mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=SNYT&bmod=SNYT
IE: add to &BOM - c:\\PROGRA~1\\BIET-O~1\\\\AddToBOM.hta
IE: Free YouTube to Mp3 Converter - c:\users\User\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\qw8mqoa8.default\
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: McAfee SiteAdvisor: {B7082FAA-CB62-4872-9106-E42DD88EDE45} - c:\program files\McAfee\SiteAdvisor
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
FF - Ext: DVDVideoSoft Menu: {ACAA314B-EEBA-48e4-AD47-84E31C44796C} - %profile%\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2011-03-28 23:07
Windows 6.0.6001 Service Pack 1 NTFS
.
Scanne versteckte Prozesse... 
.
Scanne versteckte Autostarteinträge... 
.
Scanne versteckte Dateien... 
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:00000042
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0007\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Zeit der Fertigstellung: 2011-03-28  23:11:56
ComboFix-quarantined-files.txt  2011-03-28 21:11
.
Vor Suchlauf: 8 Verzeichnis(se), 211.625.762.816 Bytes frei
Nach Suchlauf: 12 Verzeichnis(se), 211.556.408.832 Bytes frei
.
- - End Of File - - 190C1AF3627593BA99B7E4E5D61F4F3F
         
--- --- ---

Alt 29.03.2011, 13:17   #10
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Trojaner TR/ATRAPS.Gen gefunden - Standard

Trojaner TR/ATRAPS.Gen gefunden



Zitat:
AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
AV: McAfee VirusScan *Enabled/Outdated* {86355677-4064-3EA7-ABB3-1B136EB04637}
AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
FW: McAfee Personal Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: McAfee VirusScan *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
Du übertreibst! Viel hilft viel ist bei Virenscanner/Sicherheitssoftware eindeutig NICHT der Fall!

- Verwende nur einen Virenscanner. Ich würde bei Micosoft Security Essentials bleiben, McAfee und AntiVir (falls noch installiert) deinstallieren
- McAfee Personal Firewall ist kontraproduktiv, allein deswegen schon McAfee komplett deinstallieren und die Windows-Firewall verwenden!
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 29.03.2011, 14:39   #11
stinew
 
Trojaner TR/ATRAPS.Gen gefunden - Standard

Trojaner TR/ATRAPS.Gen gefunden



Ok, gut zu wissen (ich dachte tatsächlich, hier hilft viel viel...). Werde mich ab jetzt wie empfohlen auf Microsoft Security Essentials beschränken.

Kann ich denn nun davon ausgehen, dass der Trojaner entfernt wurde? Oder muss ich noch irgendetwas tun?

Danke!! LG, Stine

Alt 29.03.2011, 16:58   #12
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Trojaner TR/ATRAPS.Gen gefunden - Standard

Trojaner TR/ATRAPS.Gen gefunden



Sind die Dinger runter?

Wenn ja, bitte dieses Tool von Kaspersky ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 29.03.2011, 21:19   #13
stinew
 
Trojaner TR/ATRAPS.Gen gefunden - Standard

Trojaner TR/ATRAPS.Gen gefunden



Ja, ich habe antivir und mcafee deinstalliert und danach den TDSSKiller durchlaufen lassen. Unten das Ergebnis:

LG, Stine

2011/03/29 22:14:59.0410 5836 TDSS rootkit removing tool 2.4.21.0 Mar 10 2011 12:26:28
2011/03/29 22:15:01.0411 5836 ================================================================================
2011/03/29 22:15:01.0412 5836 SystemInfo:
2011/03/29 22:15:01.0412 5836
2011/03/29 22:15:01.0412 5836 OS Version: 6.0.6001 ServicePack: 1.0
2011/03/29 22:15:01.0412 5836 Product type: Workstation
2011/03/29 22:15:01.0412 5836 ComputerName: USER-PC
2011/03/29 22:15:01.0412 5836 UserName: User
2011/03/29 22:15:01.0412 5836 Windows directory: C:\Windows
2011/03/29 22:15:01.0412 5836 System windows directory: C:\Windows
2011/03/29 22:15:01.0412 5836 Processor architecture: Intel x86
2011/03/29 22:15:01.0412 5836 Number of processors: 2
2011/03/29 22:15:01.0412 5836 Page size: 0x1000
2011/03/29 22:15:01.0412 5836 Boot type: Normal boot
2011/03/29 22:15:01.0412 5836 ================================================================================
2011/03/29 22:15:01.0991 5836 Initialize success
2011/03/29 22:15:41.0440 2304 ================================================================================
2011/03/29 22:15:41.0440 2304 Scan started
2011/03/29 22:15:41.0440 2304 Mode: Manual;
2011/03/29 22:15:41.0440 2304 ================================================================================
2011/03/29 22:15:41.0861 2304 ACPI (fcb8c7210f0135e24c6580f7f649c73c) C:\Windows\system32\drivers\acpi.sys
2011/03/29 22:15:42.0079 2304 adp94xx (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys
2011/03/29 22:15:42.0266 2304 adpahci (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys
2011/03/29 22:15:42.0391 2304 adpu160m (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys
2011/03/29 22:15:42.0454 2304 adpu320 (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys
2011/03/29 22:15:42.0641 2304 AFD (763e172a55177e478cb419f88fd0ba03) C:\Windows\system32\drivers\afd.sys
2011/03/29 22:15:42.0812 2304 agp440 (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys
2011/03/29 22:15:42.0922 2304 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
2011/03/29 22:15:42.0984 2304 aliide (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys
2011/03/29 22:15:43.0093 2304 amdagp (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys
2011/03/29 22:15:43.0109 2304 amdide (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys
2011/03/29 22:15:43.0218 2304 AmdK7 (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys
2011/03/29 22:15:43.0312 2304 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\drivers\amdk8.sys
2011/03/29 22:15:43.0390 2304 arc (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys
2011/03/29 22:15:43.0468 2304 arcsas (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys
2011/03/29 22:15:43.0530 2304 ArcSoftKsUFilter (857b48965a0503b7ab795d4bfe7cbd8b) C:\Windows\system32\DRIVERS\ArcSoftKsUFilter.sys
2011/03/29 22:15:43.0639 2304 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
2011/03/29 22:15:43.0702 2304 atapi (2d9c903dc76a66813d350a562de40ed9) C:\Windows\system32\drivers\atapi.sys
2011/03/29 22:15:43.0811 2304 athr (1ea05449220e3d755477ce517a83846b) C:\Windows\system32\DRIVERS\athr.sys
2011/03/29 22:15:44.0060 2304 atikmdag (9f66d1ba97911731133e46212539a08d) C:\Windows\system32\DRIVERS\atikmdag.sys
2011/03/29 22:15:44.0185 2304 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
2011/03/29 22:15:44.0279 2304 blbdrive (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys
2011/03/29 22:15:44.0388 2304 bowser (74b442b2be1260b7588c136177ceac66) C:\Windows\system32\DRIVERS\bowser.sys
2011/03/29 22:15:44.0482 2304 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
2011/03/29 22:15:44.0591 2304 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
2011/03/29 22:15:44.0700 2304 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
2011/03/29 22:15:44.0794 2304 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
2011/03/29 22:15:44.0872 2304 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
2011/03/29 22:15:44.0887 2304 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
2011/03/29 22:15:44.0950 2304 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
2011/03/29 22:15:45.0199 2304 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
2011/03/29 22:15:45.0293 2304 cdrom (1ec25cea0de6ac4718bf89f9e1778b57) C:\Windows\system32\DRIVERS\cdrom.sys
2011/03/29 22:15:45.0386 2304 circlass (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\drivers\circlass.sys
2011/03/29 22:15:45.0449 2304 CLFS (465745561c832b29f7c48b488aab3842) C:\Windows\system32\CLFS.sys
2011/03/29 22:15:45.0574 2304 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys
2011/03/29 22:15:45.0636 2304 cmdide (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys
2011/03/29 22:15:45.0667 2304 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
2011/03/29 22:15:45.0745 2304 crcdisk (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys
2011/03/29 22:15:45.0792 2304 Crusoe (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys
2011/03/29 22:15:45.0901 2304 CVirtA (b5ecadf7708960f1818c7fa015f4c239) C:\Windows\system32\DRIVERS\CVirtA.sys
2011/03/29 22:15:45.0995 2304 CVPNDRVA (18994842386fd3039279d7865740abbd) C:\Windows\system32\Drivers\CVPNDRVA.sys
2011/03/29 22:15:46.0104 2304 DfsC (9e635ae5e8ad93e2b5989e2e23679f97) C:\Windows\system32\Drivers\dfsc.sys
2011/03/29 22:15:46.0244 2304 disk (64109e623abd6955c8fb110b592e68b7) C:\Windows\system32\drivers\disk.sys
2011/03/29 22:15:46.0307 2304 DMICall (f206e28ed74c491fd5d7c0a1119ce37f) C:\Windows\system32\DRIVERS\DMICall.sys
2011/03/29 22:15:46.0338 2304 DNE (b5aa5aa5ac327bd7c1aec0c58f0c1144) C:\Windows\system32\DRIVERS\dne2000.sys
2011/03/29 22:15:46.0463 2304 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
2011/03/29 22:15:46.0525 2304 DXGKrnl (85f33880b8cfb554bd3d9ccdb486845a) C:\Windows\System32\drivers\dxgkrnl.sys
2011/03/29 22:15:46.0650 2304 E1G60 (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys
2011/03/29 22:15:46.0775 2304 Ecache (dd2cd259d83d8b72c02c5f2331ff9d68) C:\Windows\system32\drivers\ecache.sys
2011/03/29 22:15:46.0868 2304 elxstor (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys
2011/03/29 22:15:46.0978 2304 ErrDev (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys
2011/03/29 22:15:47.0087 2304 ewusbnet (921878114f48949cfae9abe6fc4c4cc3) C:\Windows\system32\DRIVERS\ewusbnet.sys
2011/03/29 22:15:47.0165 2304 ew_hwusbdev (e98a64c7f106740a38fb2b78197816f8) C:\Windows\system32\DRIVERS\ew_hwusbdev.sys
2011/03/29 22:15:47.0258 2304 exfat (0d858eb20589a34efb25695acaa6aa2d) C:\Windows\system32\drivers\exfat.sys
2011/03/29 22:15:47.0336 2304 fastfat (3c489390c2e2064563727752af8eab9e) C:\Windows\system32\drivers\fastfat.sys
2011/03/29 22:15:47.0477 2304 fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
2011/03/29 22:15:47.0539 2304 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
2011/03/29 22:15:47.0570 2304 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
2011/03/29 22:15:47.0648 2304 flpydisk (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
2011/03/29 22:15:47.0711 2304 FltMgr (05ea53afe985443011e36dab07343b46) C:\Windows\system32\drivers\fltmgr.sys
2011/03/29 22:15:47.0726 2304 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
2011/03/29 22:15:47.0804 2304 gagp30kx (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys
2011/03/29 22:15:47.0945 2304 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
2011/03/29 22:15:47.0976 2304 HDAudBus (c87b1ee051c0464491c1a7b03fa0bc99) C:\Windows\system32\DRIVERS\HDAudBus.sys
2011/03/29 22:15:48.0007 2304 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
2011/03/29 22:15:48.0101 2304 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
2011/03/29 22:15:48.0179 2304 HidUsb (3c64042b95e583b366ba4e5d2450235e) C:\Windows\system32\drivers\hidusb.sys
2011/03/29 22:15:48.0272 2304 HpCISSs (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys
2011/03/29 22:15:48.0397 2304 HSFHWAZL (46d67209550973257601a533e2ac5785) C:\Windows\system32\DRIVERS\VSTAZL3.SYS
2011/03/29 22:15:48.0475 2304 HSF_DPV (7bc42c65b5c6281777c1a7605b253ba8) C:\Windows\system32\DRIVERS\HSX_DPV.sys
2011/03/29 22:15:48.0584 2304 HSXHWAZL (9ebf2d102ccbb6bcdfbf1b7922f8ba2e) C:\Windows\system32\DRIVERS\HSXHWAZL.sys
2011/03/29 22:15:48.0647 2304 HTTP (96e241624c71211a79c84f50a8e71cab) C:\Windows\system32\drivers\HTTP.sys
2011/03/29 22:15:48.0772 2304 huawei_enumerator (22a4b14530194fc57c1c849fb5afee17) C:\Windows\system32\DRIVERS\ew_jubusenum.sys
2011/03/29 22:15:48.0803 2304 hwdatacard (0b3957226ec94b1ecb7b9348bb535a23) C:\Windows\system32\DRIVERS\ewusbmdm.sys
2011/03/29 22:15:48.0850 2304 i2omp (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys
2011/03/29 22:15:48.0943 2304 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
2011/03/29 22:15:49.0006 2304 iaStor (db0cc620b27a928d968c1a1e9cd9cb87) C:\Windows\system32\DRIVERS\iaStor.sys
2011/03/29 22:15:49.0037 2304 iaStorV (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys
2011/03/29 22:15:49.0130 2304 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
2011/03/29 22:15:49.0255 2304 IntcAzAudAddService (3aa1f82efa2b0454af163124c9920d16) C:\Windows\system32\drivers\RTKVHDA.sys
2011/03/29 22:15:49.0380 2304 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
2011/03/29 22:15:49.0411 2304 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
2011/03/29 22:15:49.0520 2304 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2011/03/29 22:15:49.0598 2304 IPMIDRV (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys
2011/03/29 22:15:49.0630 2304 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
2011/03/29 22:15:49.0723 2304 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
2011/03/29 22:15:49.0754 2304 isapnp (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys
2011/03/29 22:15:49.0786 2304 iScsiPrt (f247eec28317f6c739c16de420097301) C:\Windows\system32\DRIVERS\msiscsi.sys
2011/03/29 22:15:49.0817 2304 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
2011/03/29 22:15:49.0910 2304 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
2011/03/29 22:15:49.0988 2304 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
2011/03/29 22:15:50.0082 2304 kbdhid (18247836959ba67e3511b62846b9c2e0) C:\Windows\system32\drivers\kbdhid.sys
2011/03/29 22:15:50.0144 2304 KSecDD (7a0cf7908b6824d6a2a1d313e5ae3dca) C:\Windows\system32\Drivers\ksecdd.sys
2011/03/29 22:15:50.0254 2304 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
2011/03/29 22:15:50.0332 2304 LSI_FC (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys
2011/03/29 22:15:50.0347 2304 LSI_SAS (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys
2011/03/29 22:15:50.0441 2304 LSI_SCSI (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys
2011/03/29 22:15:50.0488 2304 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
2011/03/29 22:15:50.0581 2304 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\Windows\system32\DRIVERS\mdmxsdk.sys
2011/03/29 22:15:50.0644 2304 megasas (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys
2011/03/29 22:15:50.0690 2304 MegaSR (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys
2011/03/29 22:15:50.0768 2304 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
2011/03/29 22:15:50.0831 2304 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
2011/03/29 22:15:50.0909 2304 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
2011/03/29 22:15:50.0956 2304 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\drivers\mouhid.sys
2011/03/29 22:15:50.0971 2304 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
2011/03/29 22:15:51.0112 2304 MpFilter (7e34bfa1a7b60bba1da03d677f16cd63) C:\Windows\system32\DRIVERS\MpFilter.sys
2011/03/29 22:15:51.0158 2304 mpio (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys
2011/03/29 22:15:51.0377 2304 MpKslbbca2c98 (5f53edfead46fa7adb78eee9ecce8fdf) c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{F8FA329E-448B-4FC7-85E0-024E2E8A9FBC}\MpKslbbca2c98.sys
2011/03/29 22:15:51.0595 2304 MpNWMon (f32e2d6a1640a469a9ed4f1929a4a861) C:\Windows\system32\DRIVERS\MpNWMon.sys
2011/03/29 22:15:51.0658 2304 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
2011/03/29 22:15:51.0704 2304 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
2011/03/29 22:15:51.0782 2304 MRxDAV (ae3de84536b6799d2267443cec8edbb9) C:\Windows\system32\drivers\mrxdav.sys
2011/03/29 22:15:51.0845 2304 mrxsmb (7afc42e60432fd1014f5342f2b1b1f74) C:\Windows\system32\DRIVERS\mrxsmb.sys
2011/03/29 22:15:51.0938 2304 mrxsmb10 (8a75752ae17924f65452746674b14b78) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2011/03/29 22:15:51.0985 2304 mrxsmb20 (f4d0f3252e651f02be64984ffa738394) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2011/03/29 22:15:52.0079 2304 msahci (28023e86f17001f7cd9b15a5bc9ae07d) C:\Windows\system32\drivers\msahci.sys
2011/03/29 22:15:52.0126 2304 msdsm (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys
2011/03/29 22:15:52.0172 2304 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
2011/03/29 22:15:52.0250 2304 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
2011/03/29 22:15:52.0328 2304 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
2011/03/29 22:15:52.0406 2304 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
2011/03/29 22:15:52.0469 2304 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
2011/03/29 22:15:52.0500 2304 MsRPC (b5614aecb05a9340aa0fb55bf561cc63) C:\Windows\system32\drivers\MsRPC.sys
2011/03/29 22:15:52.0562 2304 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
2011/03/29 22:15:52.0625 2304 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
2011/03/29 22:15:52.0656 2304 Mup (6dfd1d322de55b0b7db7d21b90bec49c) C:\Windows\system32\Drivers\mup.sys
2011/03/29 22:15:52.0750 2304 NativeWifiP (3c21ce48ff529bb73dadb98770b54025) C:\Windows\system32\DRIVERS\nwifi.sys
2011/03/29 22:15:52.0828 2304 NDIS (9bdc71790fa08f0a0b5f10462b1bd0b1) C:\Windows\system32\drivers\ndis.sys
2011/03/29 22:15:52.0906 2304 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
2011/03/29 22:15:52.0937 2304 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
2011/03/29 22:15:53.0030 2304 NdisWan (3d14c3b3496f88890d431e8aa022a411) C:\Windows\system32\DRIVERS\ndiswan.sys
2011/03/29 22:15:53.0077 2304 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
2011/03/29 22:15:53.0155 2304 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
2011/03/29 22:15:53.0202 2304 netbt (7c5fee5b1c5728507cd96fb4a13e7a02) C:\Windows\system32\DRIVERS\netbt.sys
2011/03/29 22:15:53.0264 2304 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
2011/03/29 22:15:53.0374 2304 NisDrv (17e2c08c5ecfbe94a7c67b1c275ee9d9) C:\Windows\system32\DRIVERS\NisDrvWFP.sys
2011/03/29 22:15:53.0452 2304 Npfs (ecb5003f484f9ed6c608d6d6c7886cbb) C:\Windows\system32\drivers\Npfs.sys
2011/03/29 22:15:53.0530 2304 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
2011/03/29 22:15:53.0608 2304 Ntfs (b4effe29eb4f15538fd8a9681108492d) C:\Windows\system32\drivers\Ntfs.sys
2011/03/29 22:15:53.0686 2304 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
2011/03/29 22:15:53.0732 2304 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
2011/03/29 22:15:53.0764 2304 nvraid (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys
2011/03/29 22:15:53.0795 2304 nvstor (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys
2011/03/29 22:15:53.0888 2304 nv_agp (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys
2011/03/29 22:15:53.0982 2304 ohci1394 (790e27c3db53410b40ff9ef2fd10a1d9) C:\Windows\system32\DRIVERS\ohci1394.sys
2011/03/29 22:15:54.0091 2304 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
2011/03/29 22:15:54.0138 2304 partmgr (3b38467e7c3daed009dfe359e17f139f) C:\Windows\system32\drivers\partmgr.sys
2011/03/29 22:15:54.0216 2304 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
2011/03/29 22:15:54.0294 2304 pci (01b94418deb235dff777cc80076354b4) C:\Windows\system32\drivers\pci.sys
2011/03/29 22:15:54.0310 2304 pciide (fc175f5ddab666d7f4d17449a547626f) C:\Windows\system32\drivers\pciide.sys
2011/03/29 22:15:54.0356 2304 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
2011/03/29 22:15:54.0466 2304 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
2011/03/29 22:15:54.0622 2304 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
2011/03/29 22:15:54.0684 2304 Processor (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\drivers\processr.sys
2011/03/29 22:15:54.0793 2304 PSched (bfef604508a0ed1eae2a73e872555ffb) C:\Windows\system32\DRIVERS\pacer.sys
2011/03/29 22:15:54.0856 2304 PxHelp20 (153d02480a0a2f45785522e814c634b6) C:\Windows\system32\Drivers\PxHelp20.sys
2011/03/29 22:15:54.0980 2304 ql2300 (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys
2011/03/29 22:15:55.0090 2304 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
2011/03/29 22:15:55.0136 2304 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
2011/03/29 22:15:55.0168 2304 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
2011/03/29 22:15:55.0199 2304 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
2011/03/29 22:15:55.0277 2304 RasPppoe (3e9d9b048107b40d87b97df2e48e0744) C:\Windows\system32\DRIVERS\raspppoe.sys
2011/03/29 22:15:55.0324 2304 RasSstp (a7d141684e9500ac928a772ed8e6b671) C:\Windows\system32\DRIVERS\rassstp.sys
2011/03/29 22:15:55.0339 2304 rdbss (6e1c5d0457622f9ee35f683110e93d14) C:\Windows\system32\DRIVERS\rdbss.sys
2011/03/29 22:15:55.0417 2304 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
2011/03/29 22:15:55.0480 2304 rdpdr (fbc0bacd9c3d7f6956853f64a66e252d) C:\Windows\system32\drivers\rdpdr.sys
2011/03/29 22:15:55.0495 2304 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
2011/03/29 22:15:55.0542 2304 RDPWD (e1c18f4097a5abcec941dc4b2f99db7e) C:\Windows\system32\drivers\RDPWD.sys
2011/03/29 22:15:55.0651 2304 regi (001b4278407f4303efc902a2b16f2453) C:\Windows\system32\drivers\regi.sys
2011/03/29 22:15:55.0714 2304 rimsptsk (f7d9ecf41ebd3cf6c65944368150f66b) C:\Windows\system32\DRIVERS\rimsptsk.sys
2011/03/29 22:15:55.0792 2304 risdptsk (1be6c42767a7c67ba31ae32b293b37a3) C:\Windows\system32\DRIVERS\risdptsk.sys
2011/03/29 22:15:55.0854 2304 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
2011/03/29 22:15:55.0932 2304 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
2011/03/29 22:15:56.0010 2304 sdbus (126ea89bcc413ee45e3004fb0764888f) C:\Windows\system32\DRIVERS\sdbus.sys
2011/03/29 22:15:56.0041 2304 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
2011/03/29 22:15:56.0135 2304 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
2011/03/29 22:15:56.0182 2304 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
2011/03/29 22:15:56.0197 2304 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
2011/03/29 22:15:56.0306 2304 SFEP (8b7c1768d2cde2e02e09a66563ddfd16) C:\Windows\system32\DRIVERS\SFEP.sys
2011/03/29 22:15:56.0384 2304 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\drivers\sffdisk.sys
2011/03/29 22:15:56.0400 2304 sffp_mmc (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys
2011/03/29 22:15:56.0416 2304 sffp_sd (3d0ea348784b7ac9ea9bd9f317980979) C:\Windows\system32\drivers\sffp_sd.sys
2011/03/29 22:15:56.0447 2304 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
2011/03/29 22:15:56.0478 2304 sisagp (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys
2011/03/29 22:15:56.0572 2304 SiSRaid2 (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys
2011/03/29 22:15:56.0618 2304 SiSRaid4 (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys
2011/03/29 22:15:56.0665 2304 Smb (031e6bcd53c9b2b9ace111eafec347b6) C:\Windows\system32\DRIVERS\smb.sys
2011/03/29 22:15:56.0790 2304 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
2011/03/29 22:15:56.0884 2304 srv (5754e8bae40943871d0ab9becbf335e8) C:\Windows\system32\DRIVERS\srv.sys
2011/03/29 22:15:56.0946 2304 srv2 (d47b09ff7d28ee44d728f57c2d1fab86) C:\Windows\system32\DRIVERS\srv2.sys
2011/03/29 22:15:56.0977 2304 srvnet (32d52290341a740881521e118106acd6) C:\Windows\system32\DRIVERS\srvnet.sys
2011/03/29 22:15:57.0102 2304 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
2011/03/29 22:15:57.0211 2304 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
2011/03/29 22:15:57.0320 2304 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
2011/03/29 22:15:57.0430 2304 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
2011/03/29 22:15:57.0539 2304 SynTP (99da94793332aadbb17bbb521ae56e21) C:\Windows\system32\DRIVERS\SynTP.sys
2011/03/29 22:15:57.0695 2304 Tcpip (6216a954ed7045b62880a92d6c9b9fc7) C:\Windows\system32\drivers\tcpip.sys
2011/03/29 22:15:57.0820 2304 Tcpip6 (6216a954ed7045b62880a92d6c9b9fc7) C:\Windows\system32\DRIVERS\tcpip.sys
2011/03/29 22:15:57.0929 2304 tcpipreg (d4a2e4a4b011f3a883af77315a5ae76b) C:\Windows\system32\drivers\tcpipreg.sys
2011/03/29 22:15:57.0976 2304 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
2011/03/29 22:15:57.0991 2304 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
2011/03/29 22:15:58.0085 2304 tdx (d09276b1fab033ce1d40dcbdf303d10f) C:\Windows\system32\DRIVERS\tdx.sys
2011/03/29 22:15:58.0132 2304 TermDD (a048056f5e1a96a9bf3071b91741a5aa) C:\Windows\system32\DRIVERS\termdd.sys
2011/03/29 22:15:58.0194 2304 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
2011/03/29 22:15:58.0272 2304 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
2011/03/29 22:15:58.0334 2304 tunnel (6042505ff6fa9ac1ef7684d0e03b6940) C:\Windows\system32\DRIVERS\tunnel.sys
2011/03/29 22:15:58.0366 2304 uagp35 (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys
2011/03/29 22:15:58.0475 2304 udfs (8b5088058fa1d1cd897a2113ccff6c58) C:\Windows\system32\DRIVERS\udfs.sys
2011/03/29 22:15:58.0600 2304 uliagpkx (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys
2011/03/29 22:15:58.0678 2304 uliahci (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys
2011/03/29 22:15:58.0740 2304 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
2011/03/29 22:15:58.0818 2304 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
2011/03/29 22:15:58.0880 2304 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
2011/03/29 22:15:58.0974 2304 usbccgp (a7cd5b4adea26765cab06bdab7b07b13) C:\Windows\system32\DRIVERS\usbccgp.sys
2011/03/29 22:15:59.0021 2304 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
2011/03/29 22:15:59.0114 2304 usbehci (686d4188ae36254c3008b71fedacadf3) C:\Windows\system32\DRIVERS\usbehci.sys
2011/03/29 22:15:59.0161 2304 usbhub (4e42f665a658f08d153f7fffe7c83806) C:\Windows\system32\DRIVERS\usbhub.sys
2011/03/29 22:15:59.0192 2304 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
2011/03/29 22:15:59.0270 2304 usbprint (b51e52acf758be00ef3a58ea452fe360) C:\Windows\system32\drivers\usbprint.sys
2011/03/29 22:15:59.0348 2304 usbscan (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys
2011/03/29 22:15:59.0442 2304 USBSTOR (87ba6b83c5d19b69160968d07d6e2982) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2011/03/29 22:15:59.0504 2304 usbuhci (40f95a3d6d50d82f947f1d167c2ec39d) C:\Windows\system32\DRIVERS\usbuhci.sys
2011/03/29 22:15:59.0598 2304 usbvideo (e67998e8f14cb0627a769f6530bcb352) C:\Windows\system32\Drivers\usbvideo.sys
2011/03/29 22:15:59.0692 2304 vga (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys
2011/03/29 22:15:59.0770 2304 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
2011/03/29 22:15:59.0816 2304 viaagp (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys
2011/03/29 22:15:59.0848 2304 ViaC7 (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys
2011/03/29 22:15:59.0863 2304 viaide (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys
2011/03/29 22:15:59.0941 2304 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
2011/03/29 22:15:59.0988 2304 volmgrx (98f5ffe6316bd74e9e2c97206c190196) C:\Windows\system32\drivers\volmgrx.sys
2011/03/29 22:16:00.0019 2304 volsnap (d8b4a53dd2769f226b3eb374374987c9) C:\Windows\system32\drivers\volsnap.sys
2011/03/29 22:16:00.0050 2304 vsmraid (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys
2011/03/29 22:16:00.0160 2304 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
2011/03/29 22:16:00.0206 2304 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
2011/03/29 22:16:00.0222 2304 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
2011/03/29 22:16:00.0269 2304 Wd (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys
2011/03/29 22:16:00.0394 2304 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
2011/03/29 22:16:00.0503 2304 WimFltr (090a2b8f055343815556a01f725f6c35) C:\Windows\system32\DRIVERS\wimfltr.sys
2011/03/29 22:16:00.0612 2304 winachsf (5a77ac34a0ffb70ce8b35b524fede9ba) C:\Windows\system32\DRIVERS\HSX_CNXT.sys
2011/03/29 22:16:00.0752 2304 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\drivers\wmiacpi.sys
2011/03/29 22:16:00.0846 2304 WpdUsb (0cec23084b51b8288099eb710224e955) C:\Windows\system32\DRIVERS\wpdusb.sys
2011/03/29 22:16:00.0940 2304 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
2011/03/29 22:16:01.0002 2304 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
2011/03/29 22:16:01.0096 2304 XAudio (88af537264f2b818da15479ceeaf5d7c) C:\Windows\system32\DRIVERS\xaudio.sys
2011/03/29 22:16:01.0158 2304 yukonwlh (7d4cca3659fa0780603206e3d12a993f) C:\Windows\system32\DRIVERS\yk60x86.sys
2011/03/29 22:16:01.0267 2304 ================================================================================
2011/03/29 22:16:01.0267 2304 Scan finished
2011/03/29 22:16:01.0267 2304 ================================================================================
2011/03/29 22:16:26.0336 5276 Deinitialize success

Alt 30.03.2011, 11:29   #14
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Trojaner TR/ATRAPS.Gen gefunden - Standard

Trojaner TR/ATRAPS.Gen gefunden



Ok. Bitte nun Logs mit GMER und OSAM erstellen und posten.
GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen.
Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst.


Downloade Dir danach bitte MBRCheck (by a_d_13) und speichere die Datei auf dem Desktop.
  • Doppelklick auf die MBRCheck.exe.
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Das Tool braucht nur wenige Sekunden.
  • Danach solltest du eine MBRCheck_<Datum>_<Uhrzeit>.txt auf dem Desktop finden.
Poste mir bitte den Inhalt des .txt Dokumentes
__________________
Logfiles bitte immer in CODE-Tags posten

Antwort

Themen zu Trojaner TR/ATRAPS.Gen gefunden
7-zip, adblock, antivir, avgntflt.sys, avira, bho, cisco vpn, converter, data restore, desktop, e-mail, error, excel.exe, firefox, flash player, gebraucht, home, install.exe, location, media center, microsoft office word, microsoft security, mozilla, mp3, nicht gefunden, office 2007, oldtimer, opera.exe, otl.exe, phishing, plug-in, programdata, realtek, registry, saver, scan, sched.exe, searchplugins, security, security update, senden, shell32.dll, shortcut, siteadvisor, skype.exe, start menu, svchost.exe, trojaner, trojaner tr/atraps.gen, updates, vista, windows



Ähnliche Themen: Trojaner TR/ATRAPS.Gen gefunden


  1. Trojaner von Avira gefunden (EXP/Java.HLP.CJ und TR/ATRAPS.Gen2). Windows 7 64 Bit
    Log-Analyse und Auswertung - 14.09.2015 (9)
  2. Malware und Trojaner gefunden TR/AtRAPS.GEN, TR/Dropper.Gen2 und weitere
    Plagegeister aller Art und deren Bekämpfung - 03.03.2015 (27)
  3. Trojaner: tr/atraps.gen2, tr/atraps.gen, tr/atraps.gen3, tr/atraps.gen4, tr/atraps.gen5, tr/atraps.gen7 und services.exe virus
    Plagegeister aller Art und deren Bekämpfung - 11.01.2013 (29)
  4. TR/ATRAPS.Gen & TR/ATRAPS.Gen2 durch Avira gefunden
    Plagegeister aller Art und deren Bekämpfung - 10.11.2012 (3)
  5. Trojaner Befall TR/ATRAPS.GEN ,TR/ATRAPS.GEN2 , TR/Cutwail.jhg , TR/ZAccess.H , TR/Sirefef.A.37
    Plagegeister aller Art und deren Bekämpfung - 08.10.2012 (17)
  6. Von Avira gefundene Trojaner - TR/Crypt.ZPACK.Gen, TR/ATRAPS.Gen, TR/ATRAPS.Gen2 und BDS/ZAccess.T
    Log-Analyse und Auswertung - 27.07.2012 (25)
  7. Trojaner Atraps.Gen, Atraps.Gen2 und Sirefef.AB.20 - gelöscht, aber auch sicher?
    Log-Analyse und Auswertung - 14.07.2012 (23)
  8. Trojaner gefunden TR/ATRAPS.Gen
    Plagegeister aller Art und deren Bekämpfung - 13.07.2012 (11)
  9. TR/ATRAPS.Gen , TR/ATRAPS.Gen2 und Live Security Platinum gefunden
    Plagegeister aller Art und deren Bekämpfung - 12.07.2012 (3)
  10. Virus gefunden: TR/ATRAPS.Gen, TR/ATRAPS.Gen2
    Plagegeister aller Art und deren Bekämpfung - 12.07.2012 (1)
  11. Antivir findet 4 Trojaner: TR/ATRAPS.Gen, TR/ATRAPS.Gen2, Sirefef.P.342, Dldr.Phdet.E.41
    Log-Analyse und Auswertung - 11.07.2012 (1)
  12. Und noch einer: Trojaner TR/ATRAPS.Gen2 und TR/ATRAPS.Gen und W32/Patched.UA HILFE!!!
    Log-Analyse und Auswertung - 28.06.2012 (7)
  13. TR/Small.FI, TR/ATRAPS.Gen und TR/ATRAPS.Gen2 gefunden, aber nach Systemwiederherstellung weg?
    Plagegeister aller Art und deren Bekämpfung - 25.06.2012 (4)
  14. Trojaner TR/ATRAPS.GEN2 und TR/Sirefef.AG.35 von Avira gefunden
    Plagegeister aller Art und deren Bekämpfung - 21.06.2012 (31)
  15. TR/SmallFI, TR/ATRAPS.Gen und TR/ATRAPS.Gen von Avira gefunden - was nun?
    Plagegeister aller Art und deren Bekämpfung - 18.06.2012 (12)
  16. AVIRA AntiVir hat auf meinem System folgenden Trojaner gefunden TR/ATRAPS.GEN, was nun??
    Plagegeister aller Art und deren Bekämpfung - 03.05.2012 (8)
  17. TR/ATRAPS.Gen2, TR/Kryptik.FYC, TR/Kazy.47207.1 und andere Trojaner gefunden.
    Log-Analyse und Auswertung - 09.12.2011 (5)

Zum Thema Trojaner TR/ATRAPS.Gen gefunden - Hallo, gestern hat Avira mir einen gefundenen Trojaner angezeigt: TR/ATRAPS.Gen, der sich hier befinden soll:C:\Windows\SoftwareDistribution\Download\e92104d83eac0777223ace15a0191cf9\BIT52D3.tmp. Ich habe ihn nun in die Quarantäne verschoben und weiß nicht, wie ich nun weiter - Trojaner TR/ATRAPS.Gen gefunden...
Archiv
Du betrachtest: Trojaner TR/ATRAPS.Gen gefunden auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.