Trojaner TR/ATRAPS.Gen gefunden

stinew · 26.03.2011, 12:58

Hallo,

gestern hat Avira mir einen gefundenen Trojaner angezeigt: TR/ATRAPS.Gen, der sich hier befinden soll:C:\Windows\SoftwareDistribution\Download\e92104d83eac0777223ace15a0191cf9\BIT52D3.tmp. Ich habe ihn nun in die Quarantäne verschoben und weiß nicht, wie ich nun weiter vorgehen soll. Einfach löschen wirds wohl nicht bringen, oder? Ich hoffe wirklich sehr, dass der sich ohne komplette Formatierung beseitigen lässt. Weiß jemand, was dieser Trojaner überhaupt anrichtet? Gerade habe ich auf meinem Desktop grau hinterlegte Word-Dateien gesehen mit diesem ~S vor dem Dateinamen (hm, hoffe das ist verständlich) - das macht doch ganz den Anschein, als ob die jemand geöffnet hat!? Ich wars leider nicht...Langsam werde ich etwas panisch:/

Ich poste einmal mein OTL-Logfile und den Malwarebytes-Log (da wurde nix gefunden...) und hoffe, dass mir jemand weiterhelfen kann. Ich bin in diesen Dingen leider alles andere als eine Expertin, von daher wäre ich für einfache Anweisungen sehr dankbar

Vielen Dank schon mal...

LG, Stine

OTL-LogfileOTL Logfile:

Code:

ATTFilter

OTL logfile created on: 26.03.2011 12:05:48 - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\User\Desktop\Hijack
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 48,00% Memory free
6,00 Gb Paging File | 4,00 Gb Available in Paging File | 70,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 288,22 Gb Total Space | 194,75 Gb Free Space | 67,57% Space Free | Partition Type: NTFS
Drive F: | 671,28 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
Drive G: | 20,49 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
 
Computer Name: USER-PC | User Name: User | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - File not found
PRC - C:\Users\User\Desktop\Hijack\OTL.exe (OldTimer Tools)
PRC - C:\Users\User\Desktop\Hijack\test.exe (Trend Micro Inc.)
PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Programme\McAfee\SiteAdvisor\McSACore.exe (McAfee, Inc.)
PRC - C:\Programme\Opera\opera.exe (Opera Software)
PRC - C:\Programme\Microsoft Security Client\msseces.exe (Microsoft Corporation)
PRC - c:\Programme\Microsoft Security Client\Antimalware\NisSrv.exe (Microsoft Corporation)
PRC - c:\Programme\Microsoft Security Client\Antimalware\MsMpEng.exe (Microsoft Corporation)
PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Programme\Avira\AntiVir Desktop\avcenter.exe (Avira GmbH)
PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Programme\Last.fm\LastFM.exe (Last.fm)
PRC - C:\Programme\OpenOffice.org 3\program\soffice.bin (OpenOffice.org)
PRC - C:\Programme\OpenOffice.org 3\program\soffice.exe (OpenOffice.org)
PRC - C:\ProgramData\DatacardService\DCService.exe ()
PRC - C:\ProgramData\DatacardService\DCSHelper.exe (Huawei Technologies Co., Ltd.)
PRC - C:\Programme\sony\Marketing Tools\MarketingTools.exe (Sony Corporation)
PRC - C:\Programme\DivX\DivX Update\DivXUpdate.exe ()
PRC - C:\Programme\WEB.DE\WEB.DE Club E-Mail Alarm\EmailAlarm.exe (WEB.DE)
PRC - C:\Programme\Cisco Systems\VPN Client\cvpnd.exe (Cisco Systems, Inc.)
PRC - C:\Programme\McAfee\VirusScan\Mcshield.exe (McAfee, Inc.)
PRC - C:\Programme\McAfee\VirusScan\mcsysmon.exe (McAfee, Inc.)
PRC - C:\Programme\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
PRC - C:\Programme\McAfee\MSC\mcmscsvc.exe (McAfee, Inc.)
PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH)
PRC - C:\Programme\Winamp\winamp.exe (Nullsoft, Inc.)
PRC - C:\Programme\Winamp\winampa.exe (Nullsoft, Inc.)
PRC - C:\Programme\McAfee\MPF\MpfSrv.exe (McAfee, Inc.)
PRC - C:\Programme\McAfee\MSK\msksrver.exe (McAfee, Inc.)
PRC - c:\Programme\Common Files\McAfee\McProxy\McProxy.exe (McAfee, Inc.)
PRC - c:\Programme\Common Files\McAfee\MNA\McNASvc.exe (McAfee, Inc.)
PRC - C:\Programme\Mobile Partner\Mobile Partner.exe ()
PRC - C:\Programme\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe (Sony Corporation)
PRC - C:\Programme\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe (Sony Corporation)
PRC - C:\Programme\sony\VAIO Event Service\VESMgr.exe (Sony Corporation)
PRC - C:\Programme\sony\VAIO Event Service\VESMgrSub.exe (Sony Corporation)
PRC - C:\Programme\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe (Sony Corporation)
PRC - C:\Programme\sony\Network Utility\LANUtil.exe (Sony Corporation)
PRC - C:\Programme\sony\Network Utility\NSUService.exe (Sony Corporation)
PRC - C:\Programme\sony\VAIO Power Management\SPMgr.exe (Sony Corporation)
PRC - C:\Programme\sony\VAIO Power Management\SPMService.exe (Sony Corporation)
PRC - C:\Programme\sony\VAIO Update 4\VAIOUpdt.exe (Sony Corporation)
PRC - C:\Programme\sony\ISB Utility\ISBMgr.exe (Sony Corporation)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe (ArcSoft, Inc.)
PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
PRC - C:\Windows\System32\conime.exe (Microsoft Corporation)
PRC - c:\Programme\Common Files\InterVideo\RegMgr\iviRegMgr.exe (InterVideo)
 
 
========== Modules (SafeList) ==========
 
MOD - C:\Users\User\Desktop\Hijack\OTL.exe (OldTimer Tools)
MOD - c:\Programme\McAfee\SiteAdvisor\sahook.dll (McAfee, Inc.)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18523_none_5cdd65e20837faf2\comctl32.dll (Microsoft Corporation)
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (McAfee SiteAdvisor Service) -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe (McAfee, Inc.)
SRV - (NisSrv) -- c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe (Microsoft Corporation)
SRV - (MsMpSvc) -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe (Microsoft Corporation)
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (DCService.exe) -- C:\ProgramData\DatacardService\DCService.exe ()
SRV - (CVPND) -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe (Cisco Systems, Inc.)
SRV - (McODS) -- C:\Programme\McAfee\VirusScan\mcods.exe (McAfee, Inc.)
SRV - (McShield) -- C:\Programme\McAfee\VirusScan\Mcshield.exe (McAfee, Inc.)
SRV - (McSysmon) -- C:\Programme\McAfee\VirusScan\mcsysmon.exe (McAfee, Inc.)
SRV - (mcmscsvc) -- C:\Programme\McAfee\MSC\mcmscsvc.exe (McAfee, Inc.)
SRV - (MpfService) -- C:\Program Files\McAfee\MPF\MPFSrv.exe (McAfee, Inc.)
SRV - (MSK80Service) -- C:\Program Files\McAfee\MSK\MskSrver.exe (McAfee, Inc.)
SRV - (McProxy) -- c:\Programme\Common Files\McAfee\McProxy\McProxy.exe (McAfee, Inc.)
SRV - (McNASvc) -- c:\Programme\Common Files\McAfee\MNA\McNASvc.exe (McAfee, Inc.)
SRV - (VAIO Entertainment TV Device Arbitration Service) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzHardwareResourceManager\VzHardwareResourceManager\VzHardwareResourceManager.exe (Sony Corporation)
SRV - (Vcsw) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe (Sony Corporation)
SRV - (VzCdbSvc) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe (Sony Corporation)
SRV - (SOHCImp) -- C:\Program Files\Common Files\Sony Shared\SOHLib\SOHCImp.exe (Sony Corporation)
SRV - (SOHPlMgr) -- C:\Program Files\Common Files\Sony Shared\SOHLib\SOHPlMgr.exe (Sony Corporation)
SRV - (SOHDs) -- C:\Program Files\Common Files\Sony Shared\SOHLib\SOHDs.exe (Sony Corporation)
SRV - (SOHDms) -- C:\Program Files\Common Files\Sony Shared\SOHLib\SOHDms.exe (Sony Corporation)
SRV - (SOHDBSvr) -- C:\Program Files\Common Files\Sony Shared\SOHLib\SOHDBSvr.exe (Sony Corporation)
SRV - (VcmIAlzMgr) -- C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe (Sony Corporation)
SRV - (VAIO Event Service) -- C:\Program Files\sony\VAIO Event Service\VESMgr.exe (Sony Corporation)
SRV - (VcmXmlIfHelper) -- C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper.exe (Sony Corporation)
SRV - (VCFw) -- C:\Program Files\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe (Sony Corporation)
SRV - (PACSPTISVR) -- C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe (Sony Corporation)
SRV - (NSUService) -- C:\Program Files\sony\Network Utility\NSUService.exe (Sony Corporation)
SRV - (VAIO Power Management) -- C:\Program Files\Sony\VAIO Power Management\SPMService.exe (Sony Corporation)
SRV - (uCamMonitor) -- C:\Programme\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe (ArcSoft, Inc.)
SRV - (ACDaemon) -- C:\Programme\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (IviRegMgr) -- c:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe (InterVideo)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (MpKsldf01bff5) -- c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{737654F1-DAF6-4883-9CBA-D9BD4F0F599A}\MpKsldf01bff5.sys (Microsoft Corporation)
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)
DRV - (NisDrv) -- C:\Windows\System32\drivers\NisDrvWFP.sys (Microsoft Corporation)
DRV - (MpNWMon) -- C:\Windows\System32\drivers\MpNWMon.sys (Microsoft Corporation)
DRV - (huawei_enumerator) -- C:\Windows\System32\drivers\ew_jubusenum.sys (Huawei Technologies Co., Ltd.)
DRV - (hwdatacard) -- C:\Windows\System32\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.)
DRV - (CVPNDRVA) -- C:\Windows\System32\drivers\CVPNDRVA.sys (Cisco Systems, Inc.)
DRV - (ew_hwusbdev) -- C:\Windows\System32\drivers\ew_hwusbdev.sys (Huawei Technologies Co., Ltd.)
DRV - (ewusbnet) -- C:\Windows\System32\drivers\ewusbnet.sys (Huawei Technologies Co., Ltd.)
DRV - (mfehidk) -- C:\Windows\System32\drivers\mfehidk.sys (McAfee, Inc.)
DRV - (mfeavfk) -- C:\Windows\System32\drivers\mfeavfk.sys (McAfee, Inc.)
DRV - (mfesmfk) -- C:\Windows\System32\drivers\mfesmfk.sys (McAfee, Inc.)
DRV - (mfebopk) -- C:\Windows\System32\drivers\mfebopk.sys (McAfee, Inc.)
DRV - (mferkdk) -- C:\Windows\System32\drivers\mferkdk.sys (McAfee, Inc.)
DRV - (MPFP) -- C:\Windows\System32\drivers\Mpfp.sys (McAfee, Inc.)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (atikmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV - (DMICall) -- C:\Windows\System32\drivers\DMICall.sys (Sony Corporation)
DRV - (SFEP) -- C:\Windows\System32\drivers\SFEP.sys (Sony Corporation)
DRV - (DNE) -- C:\Windows\System32\drivers\dne2000.sys (Deterministic Networks, Inc.)
DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.)
DRV - (risdptsk) -- C:\Windows\System32\drivers\risdptsk.sys (REDC)
DRV - (rimsptsk) -- C:\Windows\System32\drivers\rimsptsk.sys (REDC)
DRV - (WimFltr) -- C:\Windows\System32\drivers\WimFltr.sys (Microsoft Corporation)
DRV - (ArcSoftKsUFilter) -- C:\Windows\System32\drivers\ArcSoftKsUFilter.sys (ArcSoft, Inc.)
DRV - (XAudio) -- C:\Windows\System32\drivers\XAudio.sys (Conexant Systems, Inc.)
DRV - (regi) -- C:\Windows\System32\drivers\regi.sys (InterVideo)
DRV - (CVirtA) -- C:\Windows\System32\drivers\CVirtA.sys (Cisco Systems, Inc.)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=SNYT&bmod=SNYT
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com/ig/redirectdomain?brand=SNYT&bmod=SNYT
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=SNYT&bmod=EU01
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com/ig/redirectdomain?brand=SNYT&bmod=EU01
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Programme\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..extensions.enabledItems: {B7082FAA-CB62-4872-9106-E42DD88EDE45}:3.3
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.1
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1
 
FF - HKLM\software\mozilla\Firefox\Extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files\McAfee\SiteAdvisor [2011.03.25 19:49:04 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.12.14 21:56:17 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.12.14 21:56:17 | 000,000,000 | ---D | M]
 
[2010.04.17 14:18:30 | 000,000,000 | ---D | M] (No name found) -- C:\Users\User\AppData\Roaming\mozilla\Extensions
[2011.03.22 20:12:39 | 000,000,000 | ---D | M] (No name found) -- C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\qw8mqoa8.default\extensions
[2010.06.08 21:30:30 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\qw8mqoa8.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010.07.17 12:54:48 | 000,000,000 | ---D | M] ("DVDVideoSoft Menu") -- C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\qw8mqoa8.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2010.11.04 12:25:14 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\qw8mqoa8.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010.04.17 14:18:08 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2011.03.25 19:49:04 | 000,000,000 | ---D | M] (McAfee SiteAdvisor) -- C:\PROGRAM FILES\MCAFEE\SITEADVISOR
[2010.01.13 23:46:00 | 000,063,488 | ---- | M] (Nullsoft, Inc.) -- C:\Programme\Mozilla Firefox\plugins\npwachk.dll
[2010.06.25 17:05:20 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2010.06.25 17:05:20 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml
[2010.06.25 17:05:20 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2010.06.25 17:05:20 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2010.06.25 17:05:20 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2006.09.18 22:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\Programme\McAfee\MSK\mskapbho.dll ()
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\Programme\McAfee\VirusScan\scriptsn.dll (McAfee, Inc.)
O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Programme\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Programme\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [ISBMgr.exe] C:\Program Files\Sony\ISB Utility\ISBMgr.exe (Sony Corporation)
O4 - HKLM..\Run: [MarketingTools] C:\Programme\sony\Marketing Tools\MarketingTools.exe (Sony Corporation)
O4 - HKLM..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [McENUI] C:\Programme\McAfee\MHN\McENUI.exe (McAfee, Inc.)
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [StartCCC] c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe (Nullsoft, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [NSUFloatingUI] C:\Program Files\Sony\Network Utility\LANUtil.exe (Sony Corporation)
O4 - HKCU..\Run: [WEB.DE Club E-Mail Alarm] C:\Programme\WEB.DE\WEB.DE Club E-Mail Alarm\EmailAlarm.exe (WEB.DE)
O4 - HKCU..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKCU..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
O4 - Startup: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk = C:\Programme\OpenOffice.org 3\program\quickstart.exe ()
O8 - Extra context menu item: add to &BOM - C:\\PROGRA~1\\BIET-O~1\\\\AddToBOM.hta ()
O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\User\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm ()
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab (Java Plug-in 1.6.0_11)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 193.189.244.225 193.189.244.206
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Programme\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8050.1202.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8050.1202.dll (Microsoft Corporation)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Programme\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\VESWinlogon: DllName - VESWinlogon.dll - C:\Windows\System32\VESWinlogon.dll (Sony Corporation)
O24 - Desktop WallPaper: C:\Users\User\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\User\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2010.05.08 20:48:36 | 000,126,976 | R--- | M] () - G:\AutoRun.exe -- [ CDFS ]
O32 - AutoRun File - [2008.03.10 01:34:52 | 000,000,047 | R--- | M] () - G:\AUTORUN.INF -- [ CDFS ]
O33 - MountPoints2\{3bb8be43-d47c-11df-95b9-001dbaad4ba2}\Shell - "" = AutoRun
O33 - MountPoints2\{3bb8be43-d47c-11df-95b9-001dbaad4ba2}\Shell\AutoRun\command - "" = G:\AutoRun.exe -- [2010.05.08 20:48:36 | 000,126,976 | R--- | M] ()
O33 - MountPoints2\{3bb8be4e-d47c-11df-95b9-001e101fabdd}\Shell - "" = AutoRun
O33 - MountPoints2\{3bb8be4e-d47c-11df-95b9-001e101fabdd}\Shell\AutoRun\command - "" = G:\AutoRun.exe -- [2010.05.08 20:48:36 | 000,126,976 | R--- | M] ()
O33 - MountPoints2\{3cff0792-2f64-11e0-ad1a-001e101f9843}\Shell - "" = AutoRun
O33 - MountPoints2\{3cff0792-2f64-11e0-ad1a-001e101f9843}\Shell\AutoRun\command - "" = G:\AutoRun.exe -- [2010.05.08 20:48:36 | 000,126,976 | R--- | M] ()
O33 - MountPoints2\{90a1dd82-f4a5-11df-a839-86c8e15465a5}\Shell - "" = AutoRun
O33 - MountPoints2\{90a1dd82-f4a5-11df-a839-86c8e15465a5}\Shell\AutoRun\command - "" = G:\AutoRun.exe -- [2010.05.08 20:48:36 | 000,126,976 | R--- | M] ()
O33 - MountPoints2\{c700ecf9-cb29-11df-86bb-001dbaad4ba2}\Shell - "" = AutoRun
O33 - MountPoints2\{c700ecf9-cb29-11df-86bb-001dbaad4ba2}\Shell\AutoRun\command - "" = G:\AutoRun.exe -- [2010.05.08 20:48:36 | 000,126,976 | R--- | M] ()
O33 - MountPoints2\{c700ed27-cb29-11df-86bb-001e101fe9c7}\Shell - "" = AutoRun
O33 - MountPoints2\{c700ed27-cb29-11df-86bb-001e101fe9c7}\Shell\AutoRun\command - "" = G:\AutoRun.exe -- [2010.05.08 20:48:36 | 000,126,976 | R--- | M] ()
O33 - MountPoints2\{da988262-2fd2-11e0-b62b-001e101fe5e1}\Shell - "" = AutoRun
O33 - MountPoints2\{da988262-2fd2-11e0-b62b-001e101fe5e1}\Shell\AutoRun\command - "" = G:\AutoRun.exe -- [2010.05.08 20:48:36 | 000,126,976 | R--- | M] ()
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011.03.26 10:53:48 | 000,000,000 | ---D | C] -- C:\Users\User\Desktop\Hijack
[2011.03.12 13:51:26 | 000,222,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe
[2011.03.10 20:12:04 | 000,000,000 | ---D | C] -- C:\Programme\Microsoft Security Client
[2011.03.08 21:55:44 | 000,429,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\EncDec.dll
[2011.03.08 21:55:44 | 000,323,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sbe.dll
[2011.03.08 21:55:43 | 000,177,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mpg2splt.ax
[2011.03.08 21:55:43 | 000,153,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sbeio.dll
[2011.02.27 13:33:50 | 000,000,000 | ---D | C] -- C:\Windows\System32\WindowsPowerShell
[2011.02.27 13:28:30 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winrsmgr.dll
[2011.02.27 13:27:42 | 000,040,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winrs.exe
[2011.02.27 13:27:42 | 000,020,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winrshost.exe
[2011.02.27 13:27:42 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wsmprovhost.exe
[2011.02.27 13:27:38 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wsmplpxy.dll
[2011.02.27 13:27:38 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winrssrv.dll
[2011.02.27 13:27:35 | 000,056,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wecapi.dll
[2011.02.27 13:27:34 | 000,081,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wevtfwd.dll
[2011.02.27 13:27:34 | 000,079,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wecutil.exe
[2011.02.27 13:27:34 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WsmRes.dll
[2011.02.27 13:27:34 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pwrshplugin.dll
[2011.02.27 13:27:25 | 000,241,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winrscmd.dll
[2011.02.27 13:27:25 | 000,214,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WsmWmiPl.dll
[2011.02.27 13:27:25 | 000,145,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WsmAuto.dll
[2011.02.27 13:27:24 | 000,252,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WSManMigrationPlugin.dll
[2011.02.27 13:27:24 | 000,246,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WSManHTTPConfig.exe
 
========== Files - Modified Within 30 Days ==========
 
[2011.03.26 11:43:00 | 000,001,092 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011.03.26 10:42:27 | 000,011,328 | ---- | M] () -- C:\Windows\System32\Config.MPF
[2011.03.26 10:25:03 | 000,001,088 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011.03.26 10:25:02 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011.03.26 10:25:02 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011.03.26 10:24:44 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.03.26 10:24:41 | 3186,659,328 | -HS- | M] () -- C:\hiberfil.sys
[2011.03.23 21:56:05 | 000,001,971 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2011.03.22 20:17:13 | 000,137,656 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys
[2011.03.10 20:16:12 | 000,002,154 | ---- | M] () -- C:\Windows\epplauncher.mif
[2011.03.10 20:13:46 | 000,630,842 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2011.03.10 20:13:46 | 000,598,096 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011.03.10 20:13:46 | 000,127,454 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2011.03.10 20:13:46 | 000,105,070 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011.03.05 11:30:01 | 000,002,791 | ---- | M] () -- C:\Users\User\Desktop\lidl.jpg
[2011.02.25 23:39:16 | 000,006,836 | ---- | M] () -- C:\Users\User\AppData\Local\d3d9caps.dat
 
========== Files Created - No Company Name ==========
 
[2011.03.10 20:16:12 | 000,002,154 | ---- | C] () -- C:\Windows\epplauncher.mif
[2011.03.10 20:12:30 | 000,001,808 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
[2011.03.05 11:30:01 | 000,002,791 | ---- | C] () -- C:\Users\User\Desktop\lidl.jpg
[2011.02.27 13:27:26 | 000,201,184 | ---- | C] () -- C:\Windows\System32\winrm.vbs
[2011.02.27 13:27:26 | 000,004,675 | ---- | C] () -- C:\Windows\System32\wsmanconfig_schema.xml
[2011.02.27 13:27:26 | 000,002,426 | ---- | C] () -- C:\Windows\System32\WsmTxt.xsl
[2011.02.06 13:49:50 | 000,006,836 | ---- | C] () -- C:\Users\User\AppData\Local\d3d9caps.dat
[2010.11.02 14:59:41 | 000,020,480 | ---- | C] () -- C:\Users\User\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.08.10 17:22:19 | 000,015,873 | ---- | C] () -- C:\Windows\System32\Inetde.dll
[2010.04.17 14:21:41 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010.04.14 14:15:16 | 000,000,000 | ---- | C] () -- C:\Windows\VAIOUpdt.INI
[2010.03.23 12:26:48 | 000,201,512 | ---- | C] () -- C:\Windows\System32\vpnapi.dll
[2009.03.05 18:22:23 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2009.03.05 18:22:19 | 003,107,788 | ---- | C] () -- C:\Windows\System32\atiumdva.dat
[2009.03.05 18:22:19 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2009.03.05 18:22:18 | 000,174,819 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2009.03.05 18:22:18 | 000,090,112 | ---- | C] () -- C:\Windows\System32\atibrtmon.exe
[2009.03.05 10:27:17 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2009.03.05 09:48:25 | 000,106,605 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009.03.05 09:48:25 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2008.01.21 08:15:58 | 000,630,842 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2008.01.21 08:15:58 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2008.01.21 08:15:58 | 000,127,454 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2008.01.21 08:15:58 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2006.11.02 13:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006.11.02 13:47:37 | 000,352,248 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006.11.02 13:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 11:33:01 | 000,598,096 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006.11.02 11:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006.11.02 11:33:01 | 000,105,070 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006.11.02 11:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006.11.02 11:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006.11.02 09:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006.11.02 09:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006.11.02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
 
 
und hier der extra-logfile-falls der auch gebraucht wird?:
 
OTL Extras logfile created on: 26.03.2011 12:05:48 - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\User\Desktop\Hijack
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 48,00% Memory free
6,00 Gb Paging File | 4,00 Gb Available in Paging File | 70,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 288,22 Gb Total Space | 194,75 Gb Free Space | 67,57% Space Free | Partition Type: NTFS
Drive F: | 671,28 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
Drive G: | 20,49 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
 
Computer Name: USER-PC | User Name: User | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = Opera.HTML] -- C:\Program Files\Opera\Opera.exe (Opera Software)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Opera\Opera.exe" "%1" (Opera Software)
https [open] -- "C:\Program Files\Opera\Opera.exe" "%1" (Opera Software)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0C86FC88-42F3-415C-A44E-938DEE656F97}" = lport=445 | protocol=6 | dir=in | app=system | 
"{172B2372-8166-4BA3-8333-892EAFEAE579}" = rport=139 | protocol=6 | dir=out | app=system | 
"{2B810DFA-0B6D-4212-85B2-393BA23D0428}" = lport=137 | protocol=17 | dir=in | app=system | 
"{68A45E36-3FBE-49BA-A29F-FB08F0803DD2}" = rport=445 | protocol=6 | dir=out | app=system | 
"{6E3E3894-50DE-425B-ADFC-0258AAD4FEBA}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | 
"{75B56681-D362-4B7C-9E23-D0925E78AE4A}" = lport=139 | protocol=6 | dir=in | app=system | 
"{77A144C2-BB29-4B34-A630-2C376BBCDE7B}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{8C7BF9A6-B830-40C9-A68A-895100423FC3}" = rport=137 | protocol=17 | dir=out | app=system | 
"{AFD7CE5E-39FE-44E1-AD5E-11DD5EA1DE95}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{B9044290-6F97-4E40-831D-8E9B6395ECC5}" = rport=138 | protocol=17 | dir=out | app=system | 
"{CABE9719-6BC1-4E6D-A6BF-BA95B92CE7AB}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{DF08F73F-96E7-4433-BFFA-596721AF8180}" = lport=138 | protocol=17 | dir=in | app=system | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{25E76127-D881-4776-96D5-8E7A0A030FD8}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{3759DC1B-4285-4709-91BD-50F06940252D}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe | 
"{587F89D5-F051-465C-8349-3820BCD1FE4C}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{67309D7C-96FD-4616-BE0E-494E15EAA815}" = dir=in | app=c:\program files\common files\mcafee\mna\mcnasvc.exe | 
"{7D0E861A-850A-4794-8BE6-CC3E98B0D53D}" = protocol=17 | dir=in | app=c:\program files\opera\opera.exe | 
"{8164A2D7-A2F2-4E48-A484-549191CFC644}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{8CB26162-91E6-44BD-8668-CD9F99A5DDFD}" = protocol=6 | dir=in | app=c:\program files\opera\opera.exe | 
"{921C94F1-F359-412E-B27D-E5B05E2A8FF7}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{9EA0AFF6-8028-41F9-80FF-9B6FEDD67C3E}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{E66D467E-ED28-4615-8DD7-E289689CFD85}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | 
"{FAC546D1-9CCB-4F45-8A80-531A2AC4CC39}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{FD6E2B54-68C0-48B3-92AA-CFBC9422A08A}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{018F8F57-B46B-B9B9-C452-DE8F5618434F}" = Catalyst Control Center Graphics Full Existing
"{01FDC9FC-4D4F-4DB0-ACD1-D3E8E1D52902}" = Sony Video Shared Library
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{068F037B-2723-48E3-85F1-4D7D93A29D2A}" = VAIO Content Metadata Intelligent Analyzing Manager
"{07C93E59-2DE3-1565-28A9-8C848B26D0F5}" = CCC Help German
"{08E81ABD-79F7-49C2-881F-FD6CB0975693}" = Roxio Central Data
"{0A6F9244-8C79-1296-3A43-097F67EB666A}" = Catalyst Control Center Localization Dutch
"{14291118-0C19-45EA-A4FA-5C1C0F5FDE09}" = Primo
"{15D5C238-4C2E-4AEA-A66D-D6989A4C586B}" = VAIO Launcher
"{1790FDA2-938F-C886-8988-1ECB74E45517}" = Catalyst Control Center Localization Norwegian
"{1C815731-19F3-0770-8776-D78D6BEBC291}" = Catalyst Control Center Localization Hungarian
"{1EC06E70-BE43-DAAA-A217-E5C98869B1F8}" = Catalyst Control Center Localization Greek
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}" = Roxio Central Tools
"{2018C019-30D9-4240-8C01-0865C10DCF5A}" = Unterstützung für VAIO-Präsentation
"{20471B27-D702-4FE8-8DEC-0702CC8C0A85}" = WinDVD for VAIO
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{23825B69-36DF-4DAD-9CFD-118D11D80F16}" = VAIO Content Folder Setting
"{252E50FD-F27C-C8DD-C9E2-D2845A2DC399}" = ATI Catalyst Install Manager
"{25BA8D5A-228A-7192-6FA1-890D9F1C679F}" = CCC Help Korean
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java(TM) 6 Update 11
"{2878C3C9-9D91-430F-8F50-885BB23DB001}" = VAIO Content Folder Watcher
"{327B75F0-92AF-420A-988F-FA596A218E0B}" = VAIO Content Folder Watcher
"{3B311FB9-5B6A-328C-D7AE-2445D639D886}" = CCC Help Norwegian
"{3B659FAD-E772-44A3-B7E7-560FF084669F}" = VAIO Smart Network
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3D333C7C-102B-F474-9524-72AAA3F292B8}" = Catalyst Control Center Localization Danish
"{4529BC6B-16AE-6829-4946-36C33DBF8DD1}" = Catalyst Control Center Localization French
"{46D7A7FB-305B-F77D-60F8-8FAE1C432374}" = Catalyst Control Center InstallProxy
"{47A2CE5C-EA1F-4F58-8A0A-9452CBA795CD}" = Click to Disc
"{4DCEA9C1-4D6E-41BF-A854-28CFA8B56DBF}" = Click to Disc Editor
"{527EB2A4-BF51-B1B6-3F09-2032A861548E}" = Catalyst Control Center Graphics Light
"{537BF16E-7412-448C-95D8-846E85A1D817}" = Roxio Easy Media Creator 10 LJ
"{55C0F7C1-8B6D-CBBD-2B88-EE7261A87254}" = CCC Help Greek
"{57B955CE-B5D3-495D-AF1B-FAEE0540BFEF}" = VAIO Data Restore Tool
"{596BED91-A1D8-4DF1-8CD1-1C777F7588AC}" = VAIO DVD Menu Data Basic
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{5F5867F0-2D23-4338-A206-01A76C823924}" = VAIO Energie Verwaltung
"{629FD96D-5877-0832-2D31-0EFE781F870D}" = CCC Help Portuguese
"{62F7DA7E-CCCB-439C-A760-00C3926E761F}" = Microsoft Works
"{64DBE9FE-A07D-41A0-B81A-8D416D9647FF}" = VAIO Content Folder Watcher
"{652C5DED-9B9F-93D0-5E94-931B8C38EF0E}" = Catalyst Control Center Localization Thai
"{68A69CFF-130D-4CDE-AB0E-7374ECB144C8}" = Click to Disc
"{69C8B1E3-2665-4A0F-B049-67746E5C4CE3}" = Software Info for Me&My VAIO
"{6A54CB6A-59D1-6A3A-08F3-E34ECF8905A9}" = Catalyst Control Center Graphics Previews Vista
"{6AA6EEA5-BF09-932B-AC25-0E9CCA4B709A}" = CCC Help Danish
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6B1F20F2-6321-4669-A58C-33DF8E7517FF}" = VAIO Entertainment Platform
"{6C4EF0CA-A9DD-96CF-B722-CCDEB589DD26}" = Catalyst Control Center Localization Chinese Traditional
"{6EB6A82E-4918-481F-9AF8-3129E6D29B7E}" = Sony Home Network Library
"{6FA8BA2C-052B-4072-B8E2-2302C268BE9E}" = VAIO Movie Story Template Data
"{711D43D7-24FE-A2B7-CC52-A48BCAAF3926}" = Catalyst Control Center Graphics Previews Common
"{72042FA6-5609-489F-A8EA-3C2DD650F667}" = VAIO Control Center
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{73496381-83C9-7BE6-6EB6-4CF97C00E5FD}" = CCC Help Polish
"{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}" = Roxio Central Audio
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{774088D4-0777-4D78-904D-E435B318F5D2}" = Microsoft Antimalware
"{7782916E-3D46-4F1F-AC4B-3FB9D17049F4}" = Microsoft Antimalware Service DE-DE Language Pack
"{77A776C4-D10F-416D-88F0-53F2D9DCD9B3}" = Microsoft Security Client
"{79BBD55C-9FF6-D496-8AE6-E2EC2829F974}" = Catalyst Control Center Localization Czech
"{7B79CD75-F848-4B33-83E3-0EE1A1805A8C}" = VAIO Movie Story
"{7BB90344-0647-468E-925A-7F69F7983421}" = ArcSoft Magic-i Visual Effects 2
"{7CC28423-465C-F4B9-9379-343DF715BE62}" = CCC Help Swedish
"{80828DF5-270E-F8E6-6274-55ACA4C7E229}" = Catalyst Control Center Localization Japanese
"{835686C5-8650-49EB-8CA0-4528B4035495}" = Windows Live Call
"{837B6259-6FF5-4E66-87C1-A5A15ED36FF4}" = Windows Live Messenger
"{83CDA18E-0BF3-4ACA-872C-B4CDABF2360E}" = VAIO Update 4
"{83E2CFA9-E0EB-4E08-9F85-43E577FF3D60}" = Windows Live Anmelde-Assistent
"{84037798-D63A-F5CA-9FB2-829B362BF712}" = CCC Help Finnish
"{8470A1D9-536E-C7C1-AE2D-24B739B1665A}" = Catalyst Control Center Localization Russian
"{859B9BCA-5376-4566-9F88-C6C9DAA7A925}" = Microsoft Security Client DE-DE Language Pack
"{882683C6-8B60-5CBC-38A8-55ED185FD975}" = CCC Help Turkish
"{8843C5E1-51E5-DFA6-1AD8-757C8DCA7E37}" = CCC Help Russian
"{88C596E4-6882-8E76-EBEF-AB739F5A3B69}" = Catalyst Control Center Localization Italian
"{8C467DE1-6E04-0888-B281-172909C96F37}" = Skins
"{8C7FB08D-7A84-22E0-F553-F6B827023E17}" = CCC Help Chinese Traditional
"{8D1E61D1-1395-4E97-997F-D002DB3A5074}" = OpenOffice.org 3.2
"{8DE50158-80AA-4FF2-9E9F-0A7C46F71FCD}" = VAIO Media plus
"{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{9238E8A4-BEBA-43A3-B926-769BDBF194C5}" = VAIO Media plus Opening Movie
"{93F32124-BB54-C599-CF55-E1E57565BCE3}" = CCC Help Czech
"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{96C951BB-47C8-8497-78F0-7D8D328B58E3}" = Catalyst Control Center Localization Portuguese
"{96D0B6C6-5A72-4B47-8583-A87E55F5FE81}" = 
"{98FC7A64-774B-49B5-B046-4B4EBC053FA9}" = VAIO MusicBox Sample Music
"{9973498D-EA29-4A68-BE0B-C88D6E03E928}" = ArcSoft WebCam Companion 2
"{99D8CD4E-A5D2-A9DF-A152-B28EB5A71F85}" = Catalyst Control Center Localization German
"{9EAC0E21-510E-4259-A9C6-F5D5B8969036}" = Catalyst Control Center - Branding
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A63E7492-A0BC-4BB9-89A7-352965222380}" = VAIO Original Function Setting
"{A7DA438C-2E43-4C20-BFDA-C1F4A6208558}" = Setting Utility Series
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A939F952-1C7E-CBF8-EE77-CFBD9C6A4ECC}" = ccc-core-static
"{A9D3D707-4A1A-4227-BE6E-F16448B4CB63}" = VAIO Entertainment Platform
"{AA75988E-9EC1-EECE-CE00-D5D935974528}" = CCC Help Dutch
"{AC76BA86-7AD7-1031-7B44-A90100000001}" = Adobe Reader 9.0.1 - Deutsch
"{ACB5FD4A-6C58-972C-180C-9677C037E71D}" = Catalyst Control Center Localization Chinese Standard
"{ADBDB038-FF77-C672-04A1-7A0E67E8C73C}" = Catalyst Control Center Core Implementation
"{ADECE95F-585D-8B33-BF50-53C2BDA1E241}" = Catalyst Control Center Localization Korean
"{AE0FBCB5-3193-4583-C6CB-AA96F307EA70}" = ccc-utility
"{AFF10119-F154-4888-77F3-B149DE987976}" = Catalyst Control Center Localization Polish
"{B0BF7057-6869-4E4B-920C-EA2A58DA07F0}" = Cisco Systems VPN Client 5.0.07.0290
"{B25563A0-41F4-4A81-A6C1-6DBC0911B1F3}" = VAIO Movie Story
"{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}" = Roxio Central Copy
"{BFD85D24-D4F3-4CCC-B518-D7C4FC29C76D}" = VAIO Content Metadata Intelligent Analyzing Manager
"{C1555BC5-88B1-466B-BC79-062B5715DF92}" = VAIO Content Metadata XML Interface Library
"{C57BCDE1-7CB9-467D-B3BA-7E119916CDC1}" = Norton Online Backup aktivieren
"{C62AEA0E-90B0-4049-9780-8499A18A34D7}" = VAIO Content Metadata Manager Setting
"{C7477742-DDB4-43E5-AC8D-0259E1E661B1}" = VAIO Event Service
"{C767EE67-9AA4-1CBF-8FD4-87F52CBB041D}" = CCC Help Italian
"{C8E57F8C-64FE-28D7-0F65-7BE87AF49745}" = Catalyst Control Center Graphics Full New
"{CAE07D54-A400-DAF9-912B-306DD941B61C}" = Catalyst Control Center Localization Finnish
"{CB6CF566-E06F-2556-55EF-EE149FC6EE7F}" = CCC Help French
"{CD7E6232-D41D-4E5B-ABE1-0264B6260309}" = VAIO Content Metadata Intelligent Analyzing Manager
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240BD}" = WinZip 14.5
"{CE2121C6-C94D-4A73-8EA4-6943F33EE335}" = Music Transfer
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D03D02D8-AB64-4785-A48E-5AA8B0FB8C14}" = Sony Home Network Library
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D355ECA7-DBF5-F22E-4E1A-BF69CFC5CED8}" = CCC Help Japanese
"{D44DF260-2D5A-3277-97D6-C97D1A806CF5}" = CCC Help Thai
"{D5068583-D569-468B-9755-5FBF5848F46F}" = Sony Picture Utility
"{D60F97EC-EF06-4E1E-B0D1-C2CBABA62FA3}" = VAIO Wallpaper Contents
"{D613E659-6503-42A8-9617-4F599061EAD5}" = VAIO MusicBox
"{D7019E24-BF07-3690-18C7-3D0DE87D09AB}" = CCC Help Chinese Standard
"{D7FFE7EB-1A15-864C-B335-E768BF623B84}" = Catalyst Control Center Localization Swedish
"{DABF43D9-1104-4764-927B-5BED1274A3B0}" = Runtime
"{DE1F799A-0A02-FF3B-8786-195E91D0DE94}" = CCC Help Spanish
"{DEF97A70-C67D-41E1-837C-6462C97A6F65}" = OpenMG Secure Module 5.3.00
"{DF5F687F-8018-4542-9F98-7084E9022917}" = Windows Live Essentials
"{E31010F6-DE18-0E9F-E028-FC709306C6F1}" = Catalyst Control Center Localization Turkish
"{E3453B1B-C91B-4C48-B046-8DF635DD46F2}" = VAIO Content Metadata XML Interface Library
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{E5BD6683-301D-B224-FB7C-320299CD51F9}" = CCC Help Hungarian
"{E9730C7A-E5DA-8222-45FE-2D71E810BE46}" = Catalyst Control Center Localization Spanish
"{EA39F1F5-D4A1-C02A-0865-7F6A95A33A56}" = CCC Help English
"{EADE97A7-E7AA-43FD-A042-92A68E0187A6}" = VAIO Content Metadata Manager Setting
"{ED439A64-F018-4DD4-8BA5-328D85AB09AB}" = Roxio Central Core
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F570A6CC-53ED-4AA9-8B08-551CD3E38D8B}" = 
"{F69E83CF-B440-43F8-89E6-6EA80712109B}" = Windows Live Communications Platform
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{FE51662F-D8F6-43B5-99D9-D4894AF00F83}" = Roxio Easy Media Creator Home
"7-Zip" = 7-Zip 4.65
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"Biet-O-Matic v2.14.3" = Biet-O-Matic v2.14.3
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_104D0200" = HDAUDIO SoftV92 Data Fax Modem with SmartCP
"DivX Setup.divx.com" = DivX-Setup
"dt icon module" = 
"ElsterFormular für Privatanwender 12.0.0.5880p" = ElsterFormular für Privatanwender
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.4
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.8
"GoeMobile - Cisco VPN Client" = GoeMobile - Cisco VPN Client 5.0.07.0290
"Google Chrome" = Google Chrome
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"InstallShield_{20471B27-D702-4FE8-8DEC-0702CC8C0A85}" = WinDVD for VAIO
"InstallShield_{4DCEA9C1-4D6E-41BF-A854-28CFA8B56DBF}" = Click to Disc Editor
"InstallShield_{DEF97A70-C67D-41E1-837C-6462C97A6F65}" = OpenMG Secure Module 5.3.00
"LastFM_is1" = Last.fm 1.5.4.27091
"MarketingTools" = VAIO Marketing Tools
"MFU Module" = 
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft Security Client" = Microsoft Security Essentials
"Mobile Partner" = Mobile Partner
"Mozilla Firefox (3.6.13)" = Mozilla Firefox (3.6.13)
"MSC" = McAfee SecurityCenter
"Opera 11.01.1190" = Opera 11.01
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Uninstall_is1" = Uninstall 1.0.0.1
"VAIO Help and Support" = 
"WEB.DE Club E-Mail Alarm" = WEB.DE Club E-Mail Alarm
"Winamp" = Winamp
"WinGimp-2.0_is1" = GIMP 2.6.11
"WinLiveSuite_Wave3" = Windows Live Essentials
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Winamp Detect" = Winamp Detector Plug-in
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 22.02.2011 15:55:39 | Computer Name = User-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Windows\Installer\{62F7DA7E-CCCB-439C-A760-00C3926E761F}\WksCal.exe".
Die
abhängige Assemblierung "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".
 
Error - 22.02.2011 15:55:40 | Computer Name = User-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Windows\Installer\{62F7DA7E-CCCB-439C-A760-00C3926E761F}\wksss.exe".
Die
abhängige Assemblierung "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".
 
Error - 22.02.2011 15:55:40 | Computer Name = User-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Windows\Installer\{62F7DA7E-CCCB-439C-A760-00C3926E761F}\wksss.exe".
Die
abhängige Assemblierung "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".
 
Error - 22.02.2011 15:55:40 | Computer Name = User-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Windows\Installer\{62F7DA7E-CCCB-439C-A760-00C3926E761F}\WksWP.exe".
Die
abhängige Assemblierung "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".
 
Error - 22.02.2011 15:55:40 | Computer Name = User-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Windows\Installer\{62F7DA7E-CCCB-439C-A760-00C3926E761F}\WksWP.exe".
Die
abhängige Assemblierung "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".
 
Error - 22.02.2011 17:11:27 | Computer Name = User-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 22.02.2011 17:11:48 | Computer Name = User-PC | Source = VzCdbSvc | ID = 7
Description = Das Plug-In-Modul konnte nicht geladen werden. (GUID = {56F9312C-C989-4E04-8C23-299DEE3A36F5})
(Fehlercode = 0x80042019)
 
Error - 23.02.2011 12:33:36 | Computer Name = User-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 23.02.2011 12:33:40 | Computer Name = User-PC | Source = VzCdbSvc | ID = 7
Description = Das Plug-In-Modul konnte nicht geladen werden. (GUID = {56F9312C-C989-4E04-8C23-299DEE3A36F5})
(Fehlercode = 0x80042019)
 
Error - 23.02.2011 17:10:03 | Computer Name = User-PC | Source = EventSystem | ID = 4621
Description = 
 
[ Media Center Events ]
Error - 14.01.2011 22:02:49 | Computer Name = User-PC | Source = MCUpdate | ID = 0
Description = Es konnte nicht auf den MCUpdate-Mutex gewartet werden. Ausnahme: 
'Der Wartezustand wurde aufgrund eines abgebrochenen Mutex beendet.'.
 
[ System Events ]
Error - 06.06.2010 07:29:47 | Computer Name = User-PC | Source = netbt | ID = 4321
Description = Der Name "USER-PC :20" konnte nicht auf der Schnittstelle mit
IP-Adresse 134.76.3.149 registriert werden. Der Computer mit IP-Adresse 134.76.26.21
hat nicht zugelassen, dass dieser Computer diesen Namen verwendet.
 
Error - 06.06.2010 12:48:49 | Computer Name = User-PC | Source = Server | ID = 2505
Description = Aufgrund eines doppelten Netzwerknamens konnte zu der Transportschicht
\Device\NetBT_Tcpip_{6A0B688A-36C3-40E7-BC64-9689E937B84E} vom Serverdienst nicht
gebunden werden. Der Serverdienst konnte nicht gestartet werden.
 
Error - 06.06.2010 12:57:19 | Computer Name = User-PC | Source = Server | ID = 2505
Description = Aufgrund eines doppelten Netzwerknamens konnte zu der Transportschicht
\Device\NetBT_Tcpip_{6A0B688A-36C3-40E7-BC64-9689E937B84E} vom Serverdienst nicht
gebunden werden. Der Serverdienst konnte nicht gestartet werden.
 
Error - 07.06.2010 12:31:40 | Computer Name = User-PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am 06.06.2010 um 20:45:31 unerwartet heruntergefahren.
 
Error - 07.06.2010 12:31:45 | Computer Name = User-PC | Source = HTTP | ID = 15016
Description = 
 
Error - 07.06.2010 12:32:39 | Computer Name = User-PC | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 07.06.2010 12:32:39 | Computer Name = User-PC | Source = Service Control Manager | ID = 7009
Description = 
 
Error - 07.06.2010 12:32:39 | Computer Name = User-PC | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 08.06.2010 13:48:35 | Computer Name = User-PC | Source = HTTP | ID = 15016
Description = 
 
Error - 08.06.2010 13:49:24 | Computer Name = User-PC | Source = Service Control Manager | ID = 7000
Description = 
 
 
< End of report >

--- --- ---

Malwarebytes:

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Datenbank Version: 6173

Windows 6.0.6001 Service Pack 1
Internet Explorer 7.0.6001.18000

26.03.2011 12:54:05
mbam-log-2011-03-26 (12-54-04).txt

Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 149172
Laufzeit: 6 Minute(n), 52 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)

Trojaner TR/ATRAPS.Gen gefunden

Plagegeister aller Art und deren Bekämpfung: Trojaner TR/ATRAPS.Gen gefunden

Trojaner TR/ATRAPS.Gen gefunden

Ähnliche Themen: Trojaner TR/ATRAPS.Gen gefunden