| |
| |||||||
Log-Analyse und Auswertung: Bundestrojaner weiteres vorgehenWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
07.04.2013, 11:20
| #1 |
| |  Bundestrojaner weiteres vorgehen Hallo Trojaner Board Team, mein Laptop hat sich leider den bundestrojaner eingefangen (also weißer Bildschirm nach booten und keine Möglichkeit auf den Desktop zuzugreifen), durch sorgfältiges lesen habe ich bereits folgende schritte durchgeführt: - start von OTLPE und scan mit folgenden Einstellungen: "Wähle Scanne Alle Benuzer Oben findest Du ein Kästchen mit Ausgabe. Wähle bitte Minimale Ausgabe Unter Extra Registrierung, wähle bitte Benutze SafeList Klicke nun auf Scan links oben " Da der Scan individuell ist brauche ich bitte euren Support, hier die logs: Code:
ATTFilter OTL logfile created on: 4/7/2013 1:12:07 PM - Run
OTLPE by OldTimer - Version 3.1.48.0 Folder = X:\Programs\OTLPE
Windows Vista (TM) Home Premium Service Pack 2 (Version = 6.0.6002) - Type = System
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 89.00% Memory free
3.00 Gb Paging File | 3.00 Gb Available in Paging File | 97.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 223.07 Gb Total Space | 16.12 Gb Free Space | 7.22% Space Free | Partition Type: NTFS
Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet003
========== Win32 Services (SafeList) ==========
SRV - (SPTISRV) -- File not found
SRV - (MSCSPTISRV) -- File not found
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (NCO) -- C:\Program Files\Norton Identity Safe\Engine\2013.3.0.26\ccSvcHst.exe (Symantec Corporation)
SRV - (NAV) -- C:\Program Files\Norton AntiVirus\Engine\20.3.0.36\ccSvcHst.exe (Symantec Corporation)
SRV - (SkypeUpdate) -- C:\Program Files\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (VUAgent) -- C:\Program Files\sony\VAIO Update\VUAgent.exe (Sony Corporation)
SRV - (LMIMaint) -- C:\Program Files\LogMeIn\x86\RaMaint.exe (LogMeIn, Inc.)
SRV - (LMIGuardianSvc) -- C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe (LogMeIn, Inc.)
SRV - (LogMeIn) -- C:\Program Files\LogMeIn\x86\LogMeIn.exe (LogMeIn, Inc.)
SRV - (ACDaemon) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.)
SRV - (ServiceLayer) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe (Nokia)
SRV - (VcmIAlzMgr) -- C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe (Sony Corporation)
SRV - (VcmXmlIfHelper) -- C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper.exe (Sony Corporation)
SRV - (EvtEng) Intel(R) -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe (Intel(R) Corporation)
SRV - (RegSrvc) Intel(R) -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel(R) Corporation)
SRV - (PACSPTISVR) -- C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe (Sony Corporation)
SRV - (Vcsw) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe (Sony Corporation)
SRV - (VzCdbSvc) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe (Sony Corporation)
SRV - (VAIO Entertainment TV Device Arbitration Service) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzHardwareResourceManager\VzHardwareResourceManager\VzHardwareResourceManager.exe (Sony Corporation)
SRV - (VCFw) -- C:\Program Files\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe (Sony Corporation)
SRV - (VAIO Event Service) -- C:\Program Files\sony\VAIO Event Service\VESMgr.exe (Sony Corporation)
SRV - (NSUService) -- C:\Program Files\sony\Network Utility\NSUService.exe (Sony Corporation)
SRV - (SOHDms) -- C:\Program Files\Sony\VAIO Media plus\SOHDms.exe (Sony Corporation)
SRV - (SOHDs) -- C:\Program Files\Sony\VAIO Media plus\SOHDs.exe (Sony Corporation)
SRV - (SOHCImp) -- C:\Program Files\Sony\VAIO Media plus\SOHCImp.exe (Sony Corporation)
SRV - (RtkAudioService) -- C:\Windows\RTKAUDIOSERVICE.EXE (Realtek Semiconductor)
SRV - (uCamMonitor) -- C:\Program Files\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe (ArcSoft, Inc.)
SRV - (VAIO Power Management) -- C:\Program Files\Sony\VAIO Power Management\SPMService.exe (Sony Corporation)
SRV - (CVPND) -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe (Cisco Systems, Inc.)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (GtDetectSc) -- C:\Program Files\T-Mobile\web'n'walk Manager\GtDetectSc.exe (Option)
SRV - (IviRegMgr) -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe (InterVideo)
========== Driver Services (SafeList) ==========
DRV - (NwlnkFwd) -- File not found
DRV - (NwlnkFlt) -- File not found
DRV - (mdmxsdk) -- File not found
DRV - (IpInIp) -- File not found
DRV - (igfx) -- File not found
DRV - (HSXHWAZL) -- File not found
DRV - (BHDrvx86) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_20.1.0.24\Definitions\BASHDefs\20130322.001\BHDrvx86.sys (Symantec Corporation)
DRV - (SYMTDIv) -- C:\Windows\System32\Drivers\NAV\1403000.024\SYMTDIV.SYS (Symantec Corporation)
DRV - (SymEFA) -- C:\Windows\System32\drivers\NAV\1403000.024\symefa.sys (Symantec Corporation)
DRV - (SRTSP) -- C:\Windows\System32\Drivers\NAV\1403000.024\SRTSP.SYS (Symantec Corporation)
DRV - (SRTSPX) Symantec Real Time Storage Protection (PEL) -- C:\Windows\system32\drivers\NAV\1403000.024\SRTSPX.SYS (Symantec Corporation)
DRV - (SymDS) -- C:\Windows\System32\drivers\NAV\1403000.024\symds.sys (Symantec Corporation)
DRV - (NAVEX15) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_20.1.0.24\Definitions\VirusDefs\20130405.005\NAVEX15.SYS (Symantec Corporation)
DRV - (NAVENG) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_20.1.0.24\Definitions\VirusDefs\20130405.005\NAVENG.SYS (Symantec Corporation)
DRV - (eeCtrl) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys (Symantec Corporation)
DRV - (SymEvent) -- C:\Windows\System32\drivers\SYMEVENT.SYS (Symantec Corporation)
DRV - (IDSVix86) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_20.1.0.24\Definitions\IPSDefs\20130404.001\IDSvix86.sys (Symantec Corporation)
DRV - (SymIRON) -- C:\Windows\system32\drivers\NAV\1403000.024\Ironx86.SYS (Symantec Corporation)
DRV - (ccSet_NST) -- C:\Windows\system32\drivers\NST\7DD03000.01A\ccSetx86.sys (Symantec Corporation)
DRV - (ccSet_NAV) -- C:\Windows\system32\drivers\NAV\1403000.024\ccSetx86.sys (Symantec Corporation)
DRV - (EraserUtilRebootDrv) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation)
DRV - (LMIRfsClientNP) -- C:\Windows\System32\LMIRfsClientNP.dll (LogMeIn, Inc.)
DRV - (LMIRfsDriver) -- C:\Windows\System32\drivers\LMIRfsDriver.sys (LogMeIn, Inc.)
DRV - (LMIInfo) -- C:\Program Files\LogMeIn\x86\rainfo.sys (LogMeIn, Inc.)
DRV - (NETw5v32) Intel(R) -- C:\Windows\System32\drivers\NETw5v32.sys (Intel Corporation)
DRV - (atikmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV - (risdptsk) -- C:\Windows\System32\drivers\risdptsk.sys (REDC)
DRV - (CVPNDRVA) -- C:\Windows\System32\drivers\CVPNDRVA.sys (Cisco Systems, Inc.)
DRV - (pccsmcfd) -- C:\Windows\System32\drivers\pccsmcfd.sys (Nokia)
DRV - (DMICall) -- C:\Windows\System32\drivers\DMICall.sys (Sony Corporation)
DRV - (SFEP) -- C:\Windows\System32\drivers\SFEP.sys (Sony Corporation)
DRV - (BthAvrcp) -- C:\Windows\System32\drivers\BthAvrcp.sys (CSR, plc)
DRV - (rimsptsk) -- C:\Windows\System32\drivers\rimsptsk.sys (REDC)
DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.)
DRV - (WimFltr) -- C:\Windows\System32\drivers\WimFltr.sys (Microsoft Corporation)
DRV - (ArcSoftKsUFilter) -- C:\Windows\System32\drivers\ArcSoftKsUFilter.sys (ArcSoft, Inc.)
DRV - (DNE) -- C:\Windows\System32\drivers\dne2000.sys (Deterministic Networks, Inc.)
DRV - (NCBULK) -- C:\Windows\System32\drivers\NcBulk.sys (NetChip Technology, Inc.)
DRV - (GT72NDISIPXP) -- C:\Windows\System32\drivers\Gt51Ip.sys (Option NV)
DRV - (GT72UBUS) -- C:\Windows\System32\drivers\gt72ubus.sys (Option N.V.)
DRV - (regi) -- C:\Windows\System32\drivers\regi.sys (InterVideo)
DRV - (GTPTSER) -- C:\Windows\System32\drivers\gtptser.sys (Option N.V.)
DRV - (CVirtA) -- C:\Windows\System32\drivers\CVirtA.sys (Cisco Systems, Inc.)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.club-vaio.com
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\LogMeInRemoteUser_ON_C\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.club-vaio.com
IE - HKU\LogMeInRemoteUser_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.club-vaio.com
IE - HKU\LogMeInRemoteUser_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\rlz_ON_C\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.club-vaio.com
IE - HKU\rlz_ON_C\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [Binary data over 100 bytes]
IE - HKU\rlz_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://de.msn.com/
IE - HKU\rlz_ON_C\Software\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\rlz_ON_C\..\URLSearchHook: {0027da2d-c9f2-4b0b-ae05-e2cd1bdb6cff} - Reg Error: Key error. File not found
IE - HKU\rlz_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\rlz_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
========== FireFox ==========
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: File not found
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_20.1.0.24\IPSFFPlgn\ [2012/12/17 05:14:01 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{F04D2D30-776C-4d02-8627-8E4385ECA58D}: C:\ProgramData\Norton\{92622AAD-05E8-4459-B256-765CE1E929FB}\NST_2013.2.0.18\coFFPlgn\ [2013/04/07 05:20:19 | 000,000,000 | ---D | M]
[2011/01/29 07:18:54 | 000,000,000 | ---D | M] (No name found) -- C:\Users\rlz\AppData\Roaming\Mozilla\Extensions
[2011/01/29 07:18:54 | 000,000,000 | ---D | M] (No name found) -- C:\Users\rlz\AppData\Roaming\Mozilla\Extensions\{6376c195-6789-9a8b-ef87-f5268f87e875}
O1 HOSTS File: ([2006/09/18 17:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton AntiVirus\Engine\20.3.0.36\ips\ipsbho.dll (Symantec Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Norton Identity Protection) - {AB4C7833-A6EC-433f-B9FE-6B14B1A2F836} - C:\Program Files\Norton Identity Safe\Engine\2013.3.0.26\coieplg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (Norton Identity Safe Toolbar) - {A13C2648-91D4-4bf3-BC6D-0079707C4389} - C:\Program Files\Norton Identity Safe\Engine\2013.3.0.26\coieplg.dll (Symantec Corporation)
O3 - HKU\rlz_ON_C\..\Toolbar\WebBrowser: (no name) - {0027DA2D-C9F2-4B0B-AE05-E2CD1BDB6CFF} - No CLSID value found.
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [ISBMgr.exe] C:\Program Files\Sony\ISB Utility\ISBMgr.exe (Sony Corporation)
O4 - HKLM..\Run: [LogMeIn GUI] C:\Program Files\LogMeIn\x86\LogMeInSystray.exe (LogMeIn, Inc.)
O4 - HKLM..\Run: [MarketingTools] C:\Program Files\sony\Marketing Tools\MarketingTools.exe (Sony Corporation)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKU\LocalService_ON_C..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\LogMeInRemoteUser_ON_C..\Run: [NSUFloatingUI] C:\Program Files\Sony\Network Utility\LANUtil.exe (Sony Corporation)
O4 - HKU\LogMeInRemoteUser_ON_C..\Run: [swg] File not found
O4 - HKU\LogMeInRemoteUser_ON_C..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\NetworkService_ON_C..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\rlz_ON_C..\Run: [NSUFloatingUI] C:\Program Files\Sony\Network Utility\LANUtil.exe (Sony Corporation)
O4 - HKU\rlz_ON_C..\Run: [Spotify] C:\Users\rlz\AppData\Roaming\Spotify\Spotify.exe (Spotify Ltd)
O4 - HKU\rlz_ON_C..\Run: [Spotify Web Helper] C:\Users\rlz\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe (Spotify Ltd)
O7 - HKU\LocalService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149
O7 - HKU\LogMeInRemoteUser_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149
O7 - HKU\NetworkService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149
O7 - HKU\rlz_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\rlz\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.11.5
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKU\rlz_ON_C Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKU\rlz_ON_C Winlogon: Shell - (C:\Users\rlz\AppData\Roaming\skype.dat) - C:\Users\rlz\AppData\Roaming\skype.dat ()
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - File not found
O20 - Winlogon\Notify\VESWinlogon: DllName - VESWinlogon.dll - C:\Windows\System32\VESWinlogon.dll (Sony Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 17:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2006/03/24 07:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O33 - MountPoints2\{c947fff9-5138-11e0-bf5b-001dbaafb676}\Shell - "" = AutoRun
O33 - MountPoints2\{c947fff9-5138-11e0-bf5b-001dbaafb676}\Shell\AutoRun\command - "" = G:\setup.exe AUTORUN=1
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
========== Files/Folders - Created Within 30 Days ==========
[2013/03/21 16:03:10 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\usb8023.sys
[2013/03/15 06:03:58 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2013/03/15 06:03:57 | 000,420,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vbscript.dll
[2013/03/15 06:03:56 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2013/03/15 06:03:55 | 000,607,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2013/03/15 06:03:55 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2013/03/15 06:03:55 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2013/03/15 06:03:54 | 001,800,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2013/03/15 06:03:54 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript.dll
[2013/03/15 06:03:54 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2013/03/15 06:03:53 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
========== Files - Modified Within 30 Days ==========
[2013/04/07 05:20:54 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/04/07 05:20:34 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2013/04/07 05:20:22 | 000,000,004 | ---- | M] () -- C:\Users\rlz\AppData\Roaming\skype.ini
[2013/04/07 05:19:50 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2013/04/07 05:19:50 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2013/04/05 15:47:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/04/02 10:47:38 | 000,000,432 | -H-- | M] () -- C:\Windows\tasks\Norton Security Scan for rlz.job
[2013/04/01 07:17:16 | 000,628,928 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2013/04/01 07:17:16 | 000,596,182 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013/04/01 07:17:16 | 000,126,640 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2013/04/01 07:17:16 | 000,104,256 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013/03/15 06:10:18 | 000,000,000 | ---D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
[2013/03/14 11:22:18 | 000,002,661 | ---- | M] () -- C:\Users\rlz\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Word 2003.lnk
[2013/03/13 16:47:52 | 000,693,976 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2013/03/13 16:47:52 | 000,073,432 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2013/03/11 12:16:30 | 000,113,462 | ---- | M] () -- C:\Users\rlz\Desktop\Falten Gesicht.jpg
[2013/03/11 12:07:37 | 000,002,689 | ---- | M] () -- C:\Users\rlz\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Excel 2003.lnk
========== Files Created - No Company Name ==========
[2013/04/05 16:27:13 | 000,000,004 | ---- | C] () -- C:\Users\rlz\AppData\Roaming\skype.ini
[2013/03/11 12:17:24 | 000,113,462 | ---- | C] () -- C:\Users\rlz\Desktop\Falten Gesicht.jpg
[2013/01/14 18:55:28 | 000,000,902 | ---- | C] () -- C:\Windows\wiso.ini
[2012/01/11 07:50:56 | 000,090,112 | ---- | C] () -- C:\Users\rlz\AppData\Roaming\skype.dat
[2010/10/20 15:20:07 | 000,001,940 | ---- | C] () -- C:\Users\rlz\AppData\Local\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini
[2009/10/10 08:48:30 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2009/06/25 04:28:44 | 000,115,200 | ---- | C] () -- C:\Users\rlz\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/06/21 05:06:24 | 000,116,224 | ---- | C] () -- C:\Windows\System32\pdfcmnnt.dll
[2009/06/14 06:18:37 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009/06/14 06:18:36 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/06/14 05:43:27 | 000,000,012 | ---- | C] () -- C:\Windows\bthservsdp.dat
[2009/06/13 03:11:48 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI
[2009/06/12 05:56:24 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2009/06/12 05:15:18 | 000,002,032 | ---- | C] () -- C:\Users\rlz\AppData\Local\d3d9caps.dat
[2009/05/14 16:22:08 | 000,011,264 | ---- | C] () -- C:\Windows\System32\atimuixx.dll
[2009/05/14 09:29:30 | 000,008,520 | ---- | C] () -- C:\Windows\System32\ractrlkeyhook.dll
[2008/11/28 04:03:53 | 000,000,000 | ---- | C] () -- C:\Windows\VAIOUpdt.INI
[2008/10/29 11:13:34 | 000,180,720 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2008/10/23 14:50:56 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1511.dll
[2008/10/23 14:49:43 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2008/10/23 14:48:25 | 003,107,788 | ---- | C] () -- C:\Windows\System32\atiumdva.dat
[2008/10/23 14:48:24 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2008/10/23 14:48:16 | 000,090,112 | ---- | C] () -- C:\Windows\System32\atibrtmon.exe
[2008/10/23 07:04:14 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2008/10/23 05:34:11 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2008/08/29 08:58:26 | 000,197,408 | ---- | C] () -- C:\Windows\System32\vpnapi.dll
[2008/01/21 03:15:58 | 000,628,928 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2008/01/21 03:15:58 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2008/01/21 03:15:58 | 000,126,640 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2008/01/21 03:15:58 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2006/11/02 08:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 08:47:37 | 000,395,824 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 08:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 06:33:01 | 000,596,182 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 06:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 06:33:01 | 000,104,256 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 06:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 06:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 04:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 04:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 03:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 03:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2003/02/20 13:53:42 | 000,005,702 | ---- | C] () -- C:\Windows\System32\OUTLPERF.INI
========== LOP Check ==========
[2012/07/26 15:37:37 | 000,000,000 | ---D | M] -- C:\Users\rlz\AppData\Roaming\Anyti
[2013/01/14 18:08:05 | 000,000,000 | ---D | M] -- C:\Users\rlz\AppData\Roaming\Buhl Data Service
[2011/01/29 07:18:58 | 000,000,000 | ---D | M] -- C:\Users\rlz\AppData\Roaming\doctronic
[2012/07/30 07:32:17 | 000,000,000 | ---D | M] -- C:\Users\rlz\AppData\Roaming\DVDVideoSoft
[2012/07/30 07:31:25 | 000,000,000 | ---D | M] -- C:\Users\rlz\AppData\Roaming\DVDVideoSoftIEHelpers
[2010/04/14 14:14:06 | 000,000,000 | ---D | M] -- C:\Users\rlz\AppData\Roaming\elsterformular
[2011/04/03 02:38:03 | 000,000,000 | ---D | M] -- C:\Users\rlz\AppData\Roaming\FileZilla
[2010/08/08 08:18:15 | 000,000,000 | ---D | M] -- C:\Users\rlz\AppData\Roaming\InterVideo
[2012/07/26 15:37:31 | 000,000,000 | ---D | M] -- C:\Users\rlz\AppData\Roaming\Iqfoi
[2012/02/28 17:08:54 | 000,000,000 | ---D | M] -- C:\Users\rlz\AppData\Roaming\kreawi
[2010/11/04 09:51:51 | 000,000,000 | ---D | M] -- C:\Users\rlz\AppData\Roaming\Nikon
[2010/01/04 06:08:16 | 000,000,000 | ---D | M] -- C:\Users\rlz\AppData\Roaming\Nokia
[2012/07/30 07:32:10 | 000,000,000 | ---D | M] -- C:\Users\rlz\AppData\Roaming\OpenCandy
[2009/06/21 01:20:33 | 000,000,000 | ---D | M] -- C:\Users\rlz\AppData\Roaming\PC Suite
[2011/01/29 07:18:58 | 000,000,000 | ---D | M] -- C:\Users\rlz\AppData\Roaming\Pfanneberg
[2011/01/29 07:18:51 | 000,000,000 | ---D | M] -- C:\Users\rlz\AppData\Roaming\Pfanneberg (Pfanneberg)
[2013/04/05 14:17:43 | 000,000,000 | ---D | M] -- C:\Users\rlz\AppData\Roaming\Spotify
[2009/10/10 08:48:28 | 000,000,000 | ---D | M] -- C:\Users\rlz\AppData\Roaming\Thunderbird
[2012/07/30 07:34:19 | 000,000,000 | ---D | M] -- C:\Users\rlz\AppData\Roaming\TuneUp Software
[2013/04/01 09:30:48 | 000,000,000 | ---D | M] -- C:\Users\rlz\AppData\Roaming\uTorrent
[2013/02/21 11:51:07 | 000,000,000 | ---D | M] -- C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1
[2009/06/12 05:11:33 | 000,000,000 | -HSD | M] -- C:\ProgramData\Anwendungsdaten
[2006/11/02 09:02:03 | 000,000,000 | -HSD | M] -- C:\ProgramData\Application Data
[2013/01/02 14:31:24 | 000,000,000 | ---D | M] -- C:\ProgramData\Battle.net
[2013/02/01 06:52:01 | 000,000,000 | ---D | M] -- C:\ProgramData\Buhl Data Service GmbH
[2012/07/30 07:33:47 | 000,000,000 | -H-D | M] -- C:\ProgramData\Common Files
[2006/11/02 09:02:03 | 000,000,000 | -HSD | M] -- C:\ProgramData\Desktop
[2006/11/02 09:02:03 | 000,000,000 | -HSD | M] -- C:\ProgramData\Documents
[2009/06/12 05:11:33 | 000,000,000 | -HSD | M] -- C:\ProgramData\Dokumente
[2010/04/14 14:09:19 | 000,000,000 | ---D | M] -- C:\ProgramData\elsterformular
[2009/06/12 05:11:33 | 000,000,000 | -HSD | M] -- C:\ProgramData\Favoriten
[2006/11/02 09:02:03 | 000,000,000 | -HSD | M] -- C:\ProgramData\Favorites
[2010/09/26 02:09:47 | 000,000,000 | ---D | M] -- C:\ProgramData\Installations
[2011/03/22 00:22:21 | 000,000,000 | ---D | M] -- C:\ProgramData\LogMeIn
[2010/11/04 09:58:20 | 000,000,000 | ---D | M] -- C:\ProgramData\Nikon
[2009/06/14 06:25:13 | 000,000,000 | ---D | M] -- C:\ProgramData\PC Suite
[2010/09/07 15:20:46 | 000,000,000 | ---D | M] -- C:\ProgramData\PCSettings
[2011/01/29 07:18:29 | 000,000,000 | ---D | M] -- C:\ProgramData\Pfanneberg
[2008/11/28 04:08:38 | 000,000,000 | ---D | M] -- C:\ProgramData\Roaming
[2006/11/02 09:02:03 | 000,000,000 | -HSD | M] -- C:\ProgramData\Start Menu
[2009/06/12 05:11:33 | 000,000,000 | -HSD | M] -- C:\ProgramData\Startmenü
[2006/11/02 09:02:04 | 000,000,000 | -HSD | M] -- C:\ProgramData\Templates
[2012/07/30 07:35:01 | 000,000,000 | ---D | M] -- C:\ProgramData\TuneUp Software
[2008/11/28 03:56:27 | 000,000,000 | ---D | M] -- C:\ProgramData\Uninstall
[2009/06/12 05:11:33 | 000,000,000 | -HSD | M] -- C:\ProgramData\Vorlagen
[2009/09/11 13:01:11 | 000,000,000 | ---D | M] -- C:\ProgramData\WindowsSearch
[2012/07/30 07:33:47 | 000,000,000 | -HSD | M] -- C:\ProgramData\{32364CEA-7855-4A3C-B674-53D8E9B97936}
[2010/04/12 05:53:04 | 000,000,000 | ---D | M] -- C:\ProgramData\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2009/09/21 04:58:07 | 000,000,000 | ---D | M] -- C:\ProgramData\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2009/07/12 11:19:29 | 000,000,000 | ---D | M] -- C:\ProgramData\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2013/04/07 05:20:34 | 000,032,558 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
========== Purity Check ==========
und die extras: Code:
ATTFilter OTL Extras logfile created on: 4/7/2013 1:12:07 PM - Run
OTLPE by OldTimer - Version 3.1.48.0 Folder = X:\Programs\OTLPE
Windows Vista (TM) Home Premium Service Pack 2 (Version = 6.0.6002) - Type = System
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 89.00% Memory free
3.00 Gb Paging File | 3.00 Gb Available in Paging File | 97.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 223.07 Gb Total Space | 16.12 Gb Free Space | 7.22% Space Free | Partition Type: NTFS
Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet003
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
http [open] -- Reg Error: Value error.
https [open] -- Reg Error: Value error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [Browse with FastStone] -- "C:\Program Files\FastStone Image Viewer\FSViewer.exe" "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
========== Authorized Applications List ==========
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{01FDC9FC-4D4F-4DB0-ACD1-D3E8E1D52902}" = Sony Video Shared Library
"{04830D0F-F980-4EC0-89F1-594F2FD2A1B5}" = ElsterFormular 2008/2009
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{07629207-FAA0-4F1A-8092-BF5085BE511F}" = Unterstützungsdateien für das Microsoft SQL Server-Setup (Englisch)
"{088C7311-A3BB-43C5-B046-C114D2F9728C}" = VAIO Media plus
"{08E81ABD-79F7-49C2-881F-FD6CB0975693}" = Roxio Central Data
"{0B9B76C9-4967-59FC-C994-191AEA152F04}" = ATI Catalyst Install Manager
"{0CC1DAFB-40C8-4903-953D-471E541477C7}" = WISO Steuer-Sparbuch 2012
"{11CF3ABC-DFB0-47DE-B31F-71CB995A12D7}_is1" = Mein Büro
"{12D0BE8D-538C-4AB1-86DE-C540308F50DA}" = VAIO Content Metadata Manager Settings
"{14291118-0C19-45EA-A4FA-5C1C0F5FDE09}" = Primo
"{15D5C238-4C2E-4AEA-A66D-D6989A4C586B}" = VAIO Launcher
"{18510937-0146-417B-95D8-14706649C384}" = VAIO Content Metadata Manager Settings
"{1D1D8ADC-BF08-4E61-9393-5FA305B16864}" = Microsoft SQL Server Native Client
"{1E04F83B-2AB9-4301-9EF7-E86307F79C72}" = Google Earth
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}" = Roxio Central Tools
"{2018C019-30D9-4240-8C01-0865C10DCF5A}" = Unterstützung für VAIO-Präsentation
"{202F2838-156B-FC76-013F-9241B9673F39}" = CCC Help Thai
"{20471B27-D702-4FE8-8DEC-0702CC8C0A85}" = WinDVD for VAIO
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{212748BB-0DA5-46DE-82A1-403736DC9F27}" = MSVC80_x86
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{23825B69-36DF-4DAD-9CFD-118D11D80F16}" = VAIO Content Folder Setting
"{25DEC9F7-08C7-4511-9B4A-40A61E40658E}" = web'n'walk Manager
"{268278CF-FB69-4D98-B70E-BFEC1CDCA225}" = iTunes
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
"{291FB4BF-EEC7-4CF9-8469-F39ED1DBC4D8}" = VAIO Content Metadata XML Interface Library
"{2BA722D1-48D1-406E-9123-8AE5431D63EF}" = Windows Live Fotogalerie
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{325ED81A-EC15-7CE8-729B-0392A1DD3854}" = CCC Help Czech
"{327B75F0-92AF-420A-988F-FA596A218E0B}" = VAIO Content Folder Watcher
"{3B659FAD-E772-44A3-B7E7-560FF084669F}" = VAIO Smart Network
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3CCA23DD-CEDA-CC7F-C74C-4D1EDAE919AA}" = Catalyst Control Center Graphics Full New
"{3EFEF049-23D4-4B46-8903-4592FEA51018}" = Windows Live Movie Maker
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{42DD2173-B7CA-8AB3-8AC2-40DFE2CA6FBC}" = CCC Help German
"{430DD2C5-65FD-9781-F9F2-693CAF05CD10}" = Catalyst Control Center InstallProxy
"{4475560E-9418-4908-A158-472D873AE139}" = LogMeIn
"{45C56AA7-ED1B-4800-A97F-EDDF3F3520B1}" = Apple Application Support
"{46D7A7FB-305B-F77D-60F8-8FAE1C432374}" = Catalyst Control Center InstallProxy
"{4882EBF5-CA37-4EF4-BCB8-9B0E78B907D0}" = VAIO Content Metadata Intelligent Analyzing Manager
"{49B8916D-1DEA-F18A-731F-BF0FE209C63B}" = CCC Help Chinese Standard
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4DCEA9C1-4D6E-41BF-A854-28CFA8B56DBF}" = Click to Disc Editor
"{4EA55D20-27FB-45D7-8726-147E8A5F6C62}" = VAIO MusicBox
"{4EEAF8D8-CB79-06CA-A566-EAC1726DAABB}" = CCC Help Finnish
"{51FB15F4-AD27-43BC-AD4B-DD0354FB6BBD}" = Cisco Systems VPN Client 5.0.04.0300
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{537BF16E-7412-448C-95D8-846E85A1D817}" = Roxio Easy Media Creator 10 LJ
"{540DB82A-EE11-BBC1-8BD8-BB7D937A53A4}" = CCC Help Hungarian
"{57B955CE-B5D3-495D-AF1B-FAEE0540BFEF}" = VAIO Data Restore Tool
"{5882396B-9FB3-37AC-1AE1-5EA344BD7705}" = Catalyst Control Center Graphics Previews Vista
"{596BED91-A1D8-4DF1-8CD1-1C777F7588AC}" = VAIO DVD Menu Data Basic
"{5BA149D9-D5FA-5AB3-400B-9F1BF424B7CE}" = CCC Help Chinese Traditional
"{5C5EE8F2-0B38-4C13-AE4E-A87A237FE718}" =
"{5C759B74-34F4-43C6-A5D9-039CB754C5E9}" = Microsoft SQL Server VSS Writer
"{5F5867F0-2D23-4338-A206-01A76C823924}" = VAIO Energie Verwaltung
"{642F96CC-1D3B-20DE-8673-44EE15B3DC2F}" = CCC Help Portuguese
"{68A69CFF-130D-4CDE-AB0E-7374ECB144C8}" = Click to Disc
"{69C8B1E3-2665-4A0F-B049-67746E5C4CE3}" = Software Info for Me&My VAIO
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6B1F20F2-6321-4669-A58C-33DF8E7517FF}" = VAIO Entertainment Platform
"{6D26ACF9-4919-0744-C509-28EAF53112D4}" = CCC Help Dutch
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{6E0352EE-6F0D-4FBC-B1B8-4FF032C78BE0}" = PC Connectivity Solution
"{6FA8BA2C-052B-4072-B8E2-2302C268BE9E}" = VAIO Movie Story Template Data
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{71256374-2053-CF0F-BD54-20082980B95C}" = Catalyst Control Center Graphics Full Existing
"{72042FA6-5609-489F-A8EA-3C2DD650F667}" = VAIO Control Center
"{72EEB695-388B-4835-8EA6-0C04545B06B9}" = Intel(R) PROSet/Wireless WiFi-Software
"{737D8F4D-24D4-D626-DEC0-9E39A6166890}" = CCC Help Danish
"{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}" = Roxio Central Audio
"{74B705C2-173A-FFD1-98BC-AD5FB647AB38}" = CCC Help Polish
"{75F52FAC-16CE-4A2A-B89A-9742F39A1864}" = VAIO Movie Story
"{76618402-179D-4699-A66B-D351C59436BC}" = Windows Live Sync
"{76D7CCD6-8369-405C-B494-5F34FAE67249}" = Me&My VAIO
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{784BDC03-2D22-BCAE-5CAC-84AFA799FBDE}" = CCC Help Turkish
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7B63B2922B174135AFC0E1377DD81EC2}" =
"{7BB90344-0647-468E-925A-7F69F7983421}" = ArcSoft Magic-i Visual Effects 2
"{8572CE7D-46B0-70B3-96CD-534F07B35F5D}" = CCC Help Italian
"{87544F2E-CCA5-01BC-AEBC-D8C1D759EE61}" = CCC Help English
"{8973631B-D3CE-4F74-8A72-F734D928B940}" = DVRManager
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8DE50158-80AA-4FF2-9E9F-0A7C46F71FCD}" = VAIO Media plus
"{90110407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{90B38901-52C8-85A7-D6C8-9A5592C9FCAA}" = CCC Help Greek
"{91F2D688-B8CB-4461-A92D-6B35279DAE8F}" = VAIO Content Folder Watcher
"{9238E8A4-BEBA-43A3-B926-769BDBF194C5}" = VAIO Media plus Opening Movie
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9648D00F-0589-619B-6114-BF2A0620168B}" = CCC Help Korean
"{96D0B6C6-5A72-4B47-8583-A87E55F5FE81}" =
"{9805E4EE-9B66-CABD-AF6B-4B84F2A8EF46}" = Skins
"{989ED050-E296-4FDC-9E4E-C48B4AF76E32}" = VAIO Content Metadata Intelligent Analyzing Manager
"{98FC7A64-774B-49B5-B046-4B4EBC053FA9}" = VAIO MusicBox Sample Music
"{9973498D-EA29-4A68-BE0B-C88D6E03E928}" = ArcSoft WebCam Companion 2
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9AC34FA1-BCDE-1D09-5DB7-EB6A064FDEA9}" = CCC Help Spanish
"{9B973FC0-E71F-6F89-10D6-1BFD063D1707}" = CCC Help Swedish
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D12A8B5-9D41-4465-BF11-70719EB0CD02}" = VU5x86
"{9EAC0E21-510E-4259-A9C6-F5D5B8969036}" = Catalyst Control Center - Branding
"{9FF95DA2-7DA1-4228-93B7-DED7EC02B6B2}" = VAIO Update
"{A2052C95-48CC-4AC9-A8D4-FCD89DDD8F2C}" = VAIO Content Folder Watcher
"{A3563827-B0DB-44DC-B037-15CC4E5E692F}" = VAIO Content Metadata XML Interface Library
"{A3979A05-6834-D0A7-75CD-71B5A9E5F4C0}" = Catalyst Control Center Localization All
"{A63E7492-A0BC-4BB9-89A7-352965222380}" = VAIO Original Function Setting
"{A6F21795-E629-35B2-9487-00A8363B28AA}" = Catalyst Control Center Graphics Light
"{A7DA438C-2E43-4C20-BFDA-C1F4A6208558}" = Setting Utility Series
"{AC76BA86-7AD7-1031-7B44-A95000000001}" = Adobe Reader 9.5.4 - Deutsch
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{AEA6A4C2-7C4E-48F9-A770-879DE2EDEE1B}" = OpenMG Secure Module 5.4.00
"{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}" = QuickTime
"{B1991F22-4F93-4D11-9866-A7DFE551DF9E}" = VAIO Content Metadata Intelligent Analyzing Manager
"{B25563A0-41F4-4A81-A6C1-6DBC0911B1F3}" = VAIO Movie Story
"{B3668C08-EBB1-40F4-B4F9-4F8E13501A7D}" = VAIO Entertainment Platform
"{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}" = Roxio Central Copy
"{C0482AA0-9CDF-49B4-9B39-551FD1A7A7E6}" = VAIO Movie Story 1.5 Upgrade
"{C075111D-43AB-4F54-AA22-E59456B0B788}" = SmartFTP Client
"{C0AD2831-3398-A078-CBEB-39A6B381BB56}" = CCC Help Japanese
"{C18A02EC-966B-E7A7-9AC9-082F770ABF9B}" = CCC Help Russian
"{C7477742-DDB4-43E5-AC8D-0259E1E661B1}" = VAIO Event Service
"{C9C390CC-F9B9-EFE8-27DF-6EB7FF8F8760}" = CCC Help Norwegian
"{CD431A7B-88D8-0823-E66F-CCFAEA6DA7B4}" = ccc-core-static
"{CE2121C6-C94D-4A73-8EA4-6943F33EE335}" = Music Transfer
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CF0F8D1B-5FB9-468D-BD88-E6239906D2B7}" = Click to Disc
"{D47E6B9C-F5A5-23B7-AB6A-3806AD4C9529}" = ccc-utility
"{D5068583-D569-468B-9755-5FBF5848F46F}" = Sony Picture Utility
"{D60F97EC-EF06-4E1E-B0D1-C2CBABA62FA3}" = VAIO Wallpaper Contents
"{D6CC2FAF-F827-4091-96A1-D32CC9B69C79}" = WISO Steuer-Sparbuch 2013
"{D6DA6836-77C2-5338-10E3-D7A6CD65681D}" = Catalyst Control Center Core Implementation
"{DA8F979E-43B9-3EEC-721C-F297D9509992}" = Catalyst Control Center Graphics Previews Common
"{E14ADE0E-75F3-4A46-87E5-26692DD626EC}" = Apple Mobile Device Support
"{EA17F4FC-FDBF-4CF8-A529-2D983132D053}" = Skype™ 6.0
"{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform
"{ED439A64-F018-4DD4-8BA5-328D85AB09AB}" = Roxio Central Core
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F570A6CC-53ED-4AA9-8B08-551CD3E38D8B}" =
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials
"{FA54AFB1-5745-4389-B8C1-9F7509672ED1}" = iPhone-Konfigurationsprogramm
"{FE0782BC-7AB0-CF6A-6E38-D3040462C7EC}" = CCC Help French
"{FE51662F-D8F6-43B5-99D9-D4894AF00F83}" = Roxio Easy Media Creator Home
"504244733D18C8F63FF584AEB290E3904E791693" = Windows-Treiberpaket - Nokia pccsmcfd (08/22/2008 7.0.0.0)
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Diablo III" = Diablo III
"dt icon module" =
"ElsterFormular 11.3.0.4235" = ElsterFormular
"ElsterFormular 11.5.1.4843" = ElsterFormular
"FastStone Image Viewer" = FastStone Image Viewer 4.0
"FileZilla Client" = FileZilla Client 3.2.7.1
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.11.26.706
"InstallShield_{20471B27-D702-4FE8-8DEC-0702CC8C0A85}" = WinDVD for VAIO
"InstallShield_{4DCEA9C1-4D6E-41BF-A854-28CFA8B56DBF}" = Click to Disc Editor
"InstallShield_{AEA6A4C2-7C4E-48F9-A770-879DE2EDEE1B}" = OpenMG Secure Module 5.4.00
"MarketingTools" = VAIO Marketing Tools
"MFU Module" =
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"mIRC" = mIRC
"NAV" = Norton AntiVirus
"NSS" = Norton Security Scan
"NST" = Norton Identity Safe
"Pfanneberg_Standard" = Pfanneberg - Herings Lexikon der Küche
"ProInst" = Intel PROSet Wireless
"SmartFTP Client 4.0 Setup Files" = SmartFTP Client 4.0 Setup Files (remove only)
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"VAIO Help and Support" =
"VirtualCloneDrive" = VirtualCloneDrive
"VLC media player" = VLC media player 2.0.5
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR 4.00 beta 5 (32-bit)
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\rlz_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Spotify" = Spotify
"uTorrent" = µTorrent
< End of report >
Hier noch eine Frage, da ich nicht auf meinen Desktop zugreifen kann, geht leider auch die installtion von Malwarebytes Anti-Rootkit BETA nicht. Gibt es da einen Trick wie man auf den Desktop zugreifen kann? |
| Themen zu Bundestrojaner weiteres vorgehen |
| antivirus, bonjour, bundestrojaner eingefangen, conduitsearch, conduitsearch entfernen, converter, desktop, error, firefox, flash player, google, home, install.exe, launch, mp3, plug-in, realtek, registry, rundll, scan, software, spotify web helper, symantec, trick, trojan.ransom.rre, trojaner board, usb, vista |
Baum-Darstellung