Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: Trojaner? Logfile ist vorhanden

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.

Antwort
Alt 08.12.2013, 13:48   #1
Corinna2010
 
Trojaner? Logfile ist vorhanden - Standard

Trojaner? Logfile ist vorhanden



Hallo, bis gestern hat sich bei bei mir ständig eine Seite geöffnet, nämlich


hxxp://static.icmapp.com/blank.html#%7B%22ad_type%22%3A%22window%22%2C%22percent%22%3A50%2C%22size%22%3A%5B%7B%22percent%22%3A50%2C%22width%22%3A800%2C%22height%22%3A440%7D%2C %7B%22percent%22%3A50%2C%22width%22%3A1200%2C%22height%22%3A900%7D%5D%2C%22ad_width%22%3A800%2C%22ad_height%22%3A440%7D


da mir das erst mit einem Java update passierte, hab ich java erstmal deinstalliert. Vor einigen Jahren habt Ihr mir schonmal geholfen und wolltet einen HijackThis Logfile, den hab ich mal gemacht, würdet Ihr den mal bitte kontrollieren

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 13:32:44, on 08.12.2013
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.17267)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\ccSvcHst.exe
C:\Programme Corinna\Norton Utilities 15\Tools\Disk Doctor\DiskDoctorSrvProxy.exe
C:\Programme Corinna\Norton Utilities 15\Tools\SpeedDisk\SpeedDiskSrvProxy.exe
C:\Program Files (x86)\Sony\Media Gallery\ElbServer.exe
C:\Programme Corinna\FreeAlarmClock\FreeAlarmClock.exe
C:\Program Files (x86)\Common Files\AVerMedia\AVerQuick\AVerHIDReceiver.exe
C:\Program Files (x86)\Common Files\AVerMedia\AVerQuick\AVerQuick.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe
C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SHTtray.exe
C:\Program Files (x86)\OnecomCloudDrive\Dlls\OnecomCloudDrive.exe
C:\Programme Corinna\System\VC10Play.exe
C:\Windows\SysWOW64\RunDll32.exe
C:\Programme Corinna\Medion\ALDITALKVerbindungsassistent_Launcher.exe
C:\Programme Corinna\System\VC10Tray.exe
C:\Program Files\Sony\VAIO Personalization Manager\VpmIfPav.exe
C:\Programme Corinna\System\vc10fwd.exe
C:\Program Files\Sony\VAIO Care\listener.exe
C:\Programme Corinna\Medion\ALDITALKVerbindungsassistent.exe
C:\Users\Corinna\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Corinna\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Corinna\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Corinna\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Corinna\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Corinna\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Corinna\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Corinna\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Corinna\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Corinna\AppData\Local\Temp\OCS\Downloads\fc14996dfa99adfc7baae624196888c5\7b4e384f5b096b9656fee276ba88bb81\HiJackThis204.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://my-startpage.net/?referer=32197
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://search.babylon.com/?babsrc=SP_ss&q={searchTerms}&mntrId=eaba9015000000000000000000000000&tlver=1.4.19.19&affID=17162
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - - (no file)
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: LinkAirBrowserHelper HistoryTriggerBHO - {21A88CB9-84D2-4020-A2D1-B25A21034884} - C:\Programme Corinna\LG PC Suite IV\LinkAir\LinkAirBrowserHelper.dll
O2 - BHO: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\coIEPlg.dll
O2 - BHO: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\IPS\IPSBHO.DLL
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
O2 - BHO: (no name) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - (no file)
O2 - BHO: Windows Live ID-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.6.0_32\bin\jp2ssv.dll (file missing)
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\coIEPlg.dll
O4 - HKLM\..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe
O4 - HKLM\..\Run: [PMBVolumeWatcher] C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe
O4 - HKLM\..\Run: [SHTtray.exe] C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SHTtray.exe
O4 - HKLM\..\Run: [VC10Player] C:\Programme Corinna\System\VC10Play.exe
O4 - HKLM\..\Run: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [Elbserver] C:\Program Files (x86)\Sony\Media Gallery\ElbServer.exe /Stay
O4 - HKCU\..\Run: [Google Update] "C:\Users\Corinna\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [FreeAC] C:\Programme Corinna\FreeAlarmClock\FreeAlarmClock.exe -autorun
O4 - HKCU\..\Run: [Facebook Update] "C:\Users\Corinna\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
O4 - HKCU\..\Run: [One.com] C:\Program Files (x86)\OnecomCloudDrive\Dlls\AppLauncher.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETZWERKDIENST')
O4 - Global Startup: AVer HID Receiver.lnk = C:\Program Files (x86)\Common Files\AVerMedia\AVerQuick\AVerHIDReceiver.exe
O4 - Global Startup: AVerQuick.lnk = C:\Program Files (x86)\Common Files\AVerMedia\AVerQuick\AVerQuick.exe
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: Launcher.lnk = C:\Programme Corinna\Medion\ALDITALKVerbindungsassistent_Launcher.exe
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
O9 - Extra button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Wecker-Alarm - {7B499570-29C5-4a80-9F57-94A420D140CE} - (no file)
O9 - Extra 'Tools' menuitem: Nach Wecker für Windows exportieren - {7B499570-29C5-4a80-9F57-94A420D140CE} - (no file)
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - (no file)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - (no file)
O9 - Extra button: Add to Evernote - {E0B8C461-F8FB-49b4-8373-FE32E92528A6} - C:\Program Files (x86)\Evernote\Evernote3.5\enbar.dll
O9 - Extra 'Tools' menuitem: Add to Evernote - {E0B8C461-F8FB-49b4-8373-FE32E92528A6} - C:\Program Files (x86)\Evernote\Evernote3.5\enbar.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - hxxp://game.zylom.com/activex/zylomgamesplayer.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{1E9901BF-0FC4-41E3-9F3D-7494DEB89AE8}: NameServer = 212.23.115.150 212.23.115.132
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
O23 - Service: Adobe Active File Monitor V8 (AdobeActiveFileMonitor8.0) - Adobe Systems Incorporated - C:\Program Files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: ALDITALKVerbindungsassistent_Service - Unknown owner - C:\Programme Corinna\Medion\ALDITALKVerbindungsassistent_Service.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: AVerRemote - AVerMedia - C:\Program Files (x86)\Common Files\AVerMedia\Service\AVerRemote.exe
O23 - Service: AVerScheduleService - Unknown owner - C:\Program Files (x86)\Common Files\AVerMedia\Service\AVerScheduleService.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
O23 - Service: Norton Disk Doctor Service (DiskDoctorService) - Symantec Corporation - C:\Programme Corinna\Norton Utilities 15\Tools\Disk Doctor\DiskDoctorSrv.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update-Dienst (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Intel(R) Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Norton Internet Security (NIS) - Symantec Corporation - C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\ccSvcHst.exe
O23 - Service: Norton Online Backup (NOBU) - Symantec Corporation - C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
O23 - Service: PMBDeviceInfoProvider - Sony Corporation - C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: VAIO Care Performance Service (SampleCollector) - Sony Corporation - C:\Program Files\Sony\VAIO Care\VCPerfService.exe
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: VAIO Media plus Content Importer (SOHCImp) - Sony Corporation - C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe
O23 - Service: VAIO Media plus Digital Media Server (SOHDms) - Sony Corporation - C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe
O23 - Service: VAIO Media plus Device Searcher (SOHDs) - Sony Corporation - C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe
O23 - Service: Norton SpeedDisk Service (SpeedDiskService) - Symantec Corporation - C:\Programme Corinna\Norton Utilities 15\Tools\SpeedDisk\SpeedDiskSrv.exe
O23 - Service: VAIO Entertainment Common Service (SpfService) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: CamMonitor (uCamMonitor) - ArcSoft, Inc. - C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Intel(R) Management & Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
O23 - Service: VAIO Event Service - Sony Corporation - C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe
O23 - Service: VAIO Power Management - Sony Corporation - C:\Program Files\Sony\VAIO Power Management\SPMService.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Virtual CD v10 Management Service (VC10SecS) - H+H Software GmbH - C:\Programme Corinna\System\VC10SecS.exe
O23 - Service: VAIO Content Folder Watcher (VCFw) - Sony Corporation - C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe
O23 - Service: VAIO Content Metadata Intelligent Analyzing Manager (VcmIAlzMgr) - Sony Corporation - C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe
O23 - Service: VAIO Content Metadata Intelligent Network Service Manager (VcmINSMgr) - Sony Corporation - C:\Program Files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe
O23 - Service: VAIO Content Metadata XML Interface (VcmXmlIfHelper) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe
O23 - Service: VCService - Sony Corporation - C:\Program Files\Sony\VAIO Care\VCService.exe
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: VSNService - Sony Corporation - C:\Program Files\Sony\VAIO Smart Network\VSNService.exe
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: VUAgent - Sony Corporation - C:\Program Files\Sony\VAIO Update\VUAgent.exe
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 17277 bytes




Liebe Grüße und schonmal nen Dank für eure Geduld

Alt 08.12.2013, 14:05   #2
Psychotic
/// Malwareteam
 
Trojaner? Logfile ist vorhanden - Standard

Trojaner? Logfile ist vorhanden





Mein Name ist Marius und ich werde dir bei deinem Problem helfen.

Eines vorneweg:

Hinweis: Wir können hier nie dafür garantieren, dass wir sämtliche Reste von Schadsoftware gefunden haben. Eine Formatierung ist meist der schnellste und immer der sicherste Weg.

Solltest Du Dich für eine Bereinigung entscheiden, arbeite solange mit, bis dir jemand vom Team sagt, dass dein Rechner clean ist.

Eine Bereinigung ist mitunter mit viel Arbeit für dich verbunden.
  1. Bitte arbeite alle Schritte der Reihe nach ab.
  2. Lese die Anleitungen sorgfältig. Solltest du irgendwo nicht weiterkommen, stoppe an diesem Punkt und beschreibe dein Problem hier!
  3. Nur Scans durchführen, zu denen du von einem Helfer aufgefordert wirst.
  4. Bitte kein Crossposting (posten in mehreren Foren) - wenn du die Anweisungen mehrere Helfer ausführst, kann das schwere Probleme nach sich ziehen!.
  5. Installiere oder Deinstalliere während der Bereinigung keine Software (ausser, du wurdest dazu aufgefordert).
  6. Wenn etwas unklar ist: Frage, bevor du etwas "blind" machst!

    ...und ganz wichtig:

  7. Poste die Logfiles mit code-tags (das #-Symbol oben im Antwortfenster) in deinen Thread! Nicht anhängen, außer, ich fordere dich dazu auf. (Erschwert mir nämlich das Auswerten).


Vista und Win7 User
Alle Tools mit Rechtsklick --> "als Administrator ausführen" starten.



Schritt 1: defogger


Downloade Dir bitte defogger von jpshortstuff auf Deinem Desktop.
  • Starte das Tool mit Doppelklick.
    Vista und Win7 User mit Rechtsklick "als Administrator starten".
  • Klicke nun auf den Disable Button um die Treiber gewisser Emulatoren zu deaktivieren.
  • Wenn der Scan beendet wurde ( Finished ), klicke auf OK.
  • Defogger fordert gegebenfalls zum Neustart auf. Bestätige dies mit OK.
Sollte Defogger eine Fehlermeldung ausgeben, poste bitte die defogger_disable Log von deinem Desktop.
Klicke den Re-enable Button nicht ohne Anweisung.




Schritt 2: Gmer



Bitte
  • alle anderen Scanner gegen Viren, Spyware, usw. deaktivieren,
  • keine bestehende Verbindung zu einem Netzwerk/Internet (WLAN nicht vergessen),
  • nichts am Rechner arbeiten,
  • nach jedem Scan der Rechner neu gestarten.
Gmer scannen lassen
  • Lade Dir Gmer von dieser Seite herunter (auf den Button Download EXE drücken) und das Programm auf dem Desktop speichern.
  • Alle anderen Programme sollen geschlossen sein.
  • Starte gmer.exe (Programm hat einen willkürlichen Programm-Namen). Vista und Win7 User mit Rechtsklick und als Administrator starten.
  • Sollte sich ein Fenster mit folgender Warnung öffnen:
    WARNING !!! GMER has found system modification, which might have been caused by ROOTKIT activity. Do you want to fully scan your system ?
    Unbedingt auf "No" klicken.
  • Entferne rechts den Hacken bei:
    • IAT/EAT
    • Alle Festplatten ausser die Systemplatte (normalerweise ist nur C:\ angehackt)
    • Show all (sollte abgehackt sein)
  • Starte den Scan mit "Scan". Mache nichts am Computer während der Scan läuft.
  • Wenn der Scan fertig ist klicke auf Save und speichere die Logfile unter Gmer.txt auf deinem Desktop. Mit "Ok" wird GMER beendet.
Antiviren-Programm und sonstige Scanner wieder einschalten, bevor Du ins Netz gehst!




Schritt 3: DDS




Downloade dir bitte DDS ( von sUBs ) von einem der folgenden Downloadspiegel und speichere die Datei auf deinem Desktop.

dds.com
dds.exe
  • Starte bitte dds mit einem Doppelklick.
  • Der Desktop wird verschwinden, das ist normal.
  • Setze bitte einen Haken bei
    • dds.txt ( Sollte angehakt sein )
    • attach.txt
    Ändere keine Einstellungen ohne Anweisung
  • Wenn der Scan beendet ist, wird DDS 2 Logfiles auf deinem Desktop erstellen:
    • dds.txt
    • attach.txt
Bitte poste beide Logfiles in deiner nächsten Antwort.
__________________

__________________

Alt 08.12.2013, 14:51   #3
Corinna2010
 
Trojaner? Logfile ist vorhanden - Standard

Trojaner? Logfile ist vorhanden



Code:
ATTFilter
GMER 2.1.19163 - hxxp://www.gmer.net
Rootkit scan 2013-12-08 14:38:23
Windows 6.1.7600  x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 SAMSUNG_ rev.2AC1 465,76GB
Running: q182nwrw.exe; Driver: C:\Users\Corinna\AppData\Local\Temp\axliqkoc.sys


---- User code sections - GMER 2.1 ----

.text  C:\Programme Corinna\Norton Utilities 15\Tools\Disk Doctor\DiskDoctorSrv.exe[1552] C:\Windows\syswow64\kernel32.dll!SetUnhandledExceptionFilter        00000000758ad03c 4 bytes [C2, 04, 00, 00]
.text  C:\Programme Corinna\Norton Utilities 15\Tools\Disk Doctor\DiskDoctorSrv.exe[1552] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69             00000000757a1465 2 bytes [7A, 75]
.text  C:\Programme Corinna\Norton Utilities 15\Tools\Disk Doctor\DiskDoctorSrv.exe[1552] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155            00000000757a14bb 2 bytes [7A, 75]
.text  ...                                                                                                                                                    * 2
.text  C:\Programme Corinna\Norton Utilities 15\Tools\Disk Doctor\DiskDoctorSrvProxy.exe[2092] C:\Windows\syswow64\kernel32.dll!SetUnhandledExceptionFilter   00000000758ad03c 4 bytes [C2, 04, 00, 00]
.text  C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe[2388] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                         00000000757a1465 2 bytes [7A, 75]
.text  C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe[2388] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                        00000000757a14bb 2 bytes [7A, 75]
.text  ...                                                                                                                                                    * 2
.text  C:\Programme Corinna\Norton Utilities 15\Tools\SpeedDisk\SpeedDiskSrv.exe[2424] C:\Windows\syswow64\kernel32.dll!SetUnhandledExceptionFilter           00000000758ad03c 4 bytes [C2, 04, 00, 00]
.text  C:\Programme Corinna\Norton Utilities 15\Tools\SpeedDisk\SpeedDiskSrv.exe[2424] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                00000000757a1465 2 bytes [7A, 75]
.text  C:\Programme Corinna\Norton Utilities 15\Tools\SpeedDisk\SpeedDiskSrv.exe[2424] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155               00000000757a14bb 2 bytes [7A, 75]
.text  ...                                                                                                                                                    * 2
.text  C:\Programme Corinna\Norton Utilities 15\Tools\SpeedDisk\SpeedDiskSrvProxy.exe[2464] C:\Windows\syswow64\kernel32.dll!SetUnhandledExceptionFilter      00000000758ad03c 4 bytes [C2, 04, 00, 00]
.text  C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe[2572] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                00000000757a1465 2 bytes [7A, 75]
.text  C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe[2572] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                               00000000757a14bb 2 bytes [7A, 75]
.text  ...                                                                                                                                                    * 2
.text  C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe[2956] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                   00000000757a1465 2 bytes [7A, 75]
.text  C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe[2956] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                  00000000757a14bb 2 bytes [7A, 75]
.text  ...                                                                                                                                                    * 2
.text  C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe[2968] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                             00000000757a1465 2 bytes [7A, 75]
.text  C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe[2968] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                            00000000757a14bb 2 bytes [7A, 75]
.text  ...                                                                                                                                                    * 2
?      C:\Windows\system32\mssprxy.dll [3532] entry point in ".rdata" section                                                                                 0000000072d171e6
.text  C:\Program Files (x86)\Sony\Media Gallery\ElbServer.exe[3980] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                  00000000757a1465 2 bytes [7A, 75]
.text  C:\Program Files (x86)\Sony\Media Gallery\ElbServer.exe[3980] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                 00000000757a14bb 2 bytes [7A, 75]
.text  ...                                                                                                                                                    * 2
.text  C:\Programme Corinna\FreeAlarmClock\FreeAlarmClock.exe[2152] C:\Windows\syswow64\PSAPI.dll!GetModuleInformation + 69                                   00000000757a1465 2 bytes [7A, 75]
.text  C:\Programme Corinna\FreeAlarmClock\FreeAlarmClock.exe[2152] C:\Windows\syswow64\PSAPI.dll!GetModuleInformation + 155                                  00000000757a14bb 2 bytes [7A, 75]
.text  ...                                                                                                                                                    * 2
.text  C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3100] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69   00000000757a1465 2 bytes [7A, 75]
.text  C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3100] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155  00000000757a14bb 2 bytes [7A, 75]
.text  ...                                                                                                                                                    * 2
.text  C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SHTtray.exe[4980] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                       00000000757a1465 2 bytes [7A, 75]
.text  C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SHTtray.exe[4980] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                      00000000757a14bb 2 bytes [7A, 75]
.text  ...                                                                                                                                                    * 2
.text  C:\Program Files (x86)\OnecomCloudDrive\Dlls\OnecomCloudDrive.exe[4952] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                        00000000757a1465 2 bytes [7A, 75]
.text  C:\Program Files (x86)\OnecomCloudDrive\Dlls\OnecomCloudDrive.exe[4952] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                       00000000757a14bb 2 bytes [7A, 75]
.text  ...                                                                                                                                                    * 2
.text  C:\Programme Corinna\System\VC10Play.exe[5140] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                                 00000000757a1465 2 bytes [7A, 75]
.text  C:\Programme Corinna\System\VC10Play.exe[5140] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                                00000000757a14bb 2 bytes [7A, 75]
.text  ...                                                                                                                                                    * 2
.text  C:\Windows\SysWOW64\RunDll32.exe[5244] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                                         00000000757a1465 2 bytes [7A, 75]
.text  C:\Windows\SysWOW64\RunDll32.exe[5244] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                                        00000000757a14bb 2 bytes [7A, 75]
.text  ...                                                                                                                                                    * 2
.text  C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe[5252] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69     00000000757a1465 2 bytes [7A, 75]
.text  C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe[5252] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155    00000000757a14bb 2 bytes [7A, 75]
.text  ...                                                                                                                                                    * 2
.text  C:\Programme Corinna\Medion\ALDITALKVerbindungsassistent_Launcher.exe[5752] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                    00000000757a1465 2 bytes [7A, 75]
.text  C:\Programme Corinna\Medion\ALDITALKVerbindungsassistent_Launcher.exe[5752] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                   00000000757a14bb 2 bytes [7A, 75]
.text  ...                                                                                                                                                    * 2
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[5540] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69           00000000757a1465 2 bytes [7A, 75]
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[5540] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155          00000000757a14bb 2 bytes [7A, 75]
.text  ...                                                                                                                                                    * 2

---- Registry - GMER 2.1 ----

Reg    HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\0c6076a27abb                                                                            
Reg    HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\c0cb38d78279                                                                            
Reg    HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\c0cb38d78279@0025e5c08cb6                                                               0x17 0xC1 0x16 0x49 ...
Reg    HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\c0cb38d78279@00247c0401d9                                                               0xA2 0xA6 0xE1 0x70 ...
Reg    HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\c0cb38d78279@3c5a37aad0a2                                                               0x2A 0x0D 0x1C 0xA7 ...
Reg    HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\c0cb38d78279@6c0e0d37ed15                                                               0xDA 0xD9 0x5D 0x8A ...
Reg    HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\c0cb38d78279@74a722bf766d                                                               0xBF 0x72 0x61 0x2A ...
Reg    HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\c0cb38d78279@181456abe5ba                                                               0x18 0xBE 0x00 0xCD ...
Reg    HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\c0cb38d78279@e892a4bcdba8                                                               0x87 0xA2 0x81 0x43 ...
Reg    HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\c0cb38d78279@c488e5f8d83d                                                               0x22 0xCD 0x24 0x7C ...
Reg    HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\f07bcbe6462f                                                                            
Reg    HKLM\SYSTEM\CurrentControlSet\services\vdrv1000@ServiceBinary                                                                                          C:\Windows\system32\drivers\VDRV1000.SYS
Reg    HKLM\SYSTEM\CurrentControlSet\services\vdrv1000@Group                                                                                                  SCSI Miniport
Reg    HKLM\SYSTEM\CurrentControlSet\services\vdrv1000@ImagePath                                                                                              system32\DRIVERS\vdrv1000.sys
Reg    HKLM\SYSTEM\CurrentControlSet\services\vdrv1000@ErrorControl                                                                                           1
Reg    HKLM\SYSTEM\CurrentControlSet\services\vdrv1000@Start                                                                                                  1
Reg    HKLM\SYSTEM\CurrentControlSet\services\vdrv1000@Type                                                                                                   1
Reg    HKLM\SYSTEM\CurrentControlSet\services\vdrv1000@Tag                                                                                                    66
Reg    HKLM\SYSTEM\CurrentControlSet\services\vdrv1000\Enum                                                                                                   
Reg    HKLM\SYSTEM\CurrentControlSet\services\vdrv1000\Enum@0                                                                                                 {C317464A-8106-4e30-83E6-1825448A5FC3}\VDRV1_HWID\1&21a742e4&0&01
Reg    HKLM\SYSTEM\CurrentControlSet\services\vdrv1000\Enum@Count                                                                                             1
Reg    HKLM\SYSTEM\CurrentControlSet\services\vdrv1000\Enum@NextInstance                                                                                      1
Reg    HKLM\SYSTEM\CurrentControlSet\services\vdrv1000\parameters                                                                                             
Reg    HKLM\SYSTEM\CurrentControlSet\services\vdrv1000\parameters\pnpinterface                                                                                
Reg    HKLM\SYSTEM\CurrentControlSet\services\vdrv1000\parameters\pnpinterface@0                                                                              1
Reg    HKLM\SYSTEM\CurrentControlSet\services\vdrv1000\security                                                                                               
Reg    HKLM\SYSTEM\CurrentControlSet\services\vdrv1000                                                                                                        
Reg    HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\0c6076a27abb (not active ControlSet)                                                        
Reg    HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\c0cb38d78279 (not active ControlSet)                                                        
Reg    HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\c0cb38d78279@0025e5c08cb6                                                                   0x17 0xC1 0x16 0x49 ...
Reg    HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\c0cb38d78279@00247c0401d9                                                                   0xA2 0xA6 0xE1 0x70 ...
Reg    HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\c0cb38d78279@3c5a37aad0a2                                                                   0x2A 0x0D 0x1C 0xA7 ...
Reg    HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\c0cb38d78279@6c0e0d37ed15                                                                   0xDA 0xD9 0x5D 0x8A ...
Reg    HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\c0cb38d78279@74a722bf766d                                                                   0xBF 0x72 0x61 0x2A ...
Reg    HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\c0cb38d78279@181456abe5ba                                                                   0x18 0xBE 0x00 0xCD ...
Reg    HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\c0cb38d78279@e892a4bcdba8                                                                   0x87 0xA2 0x81 0x43 ...
Reg    HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\c0cb38d78279@c488e5f8d83d                                                                   0x22 0xCD 0x24 0x7C ...
Reg    HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\f07bcbe6462f (not active ControlSet)                                                        
Reg    HKLM\SYSTEM\ControlSet002\services\vdrv1000@ServiceBinary                                                                                              C:\Windows\system32\drivers\VDRV1000.SYS
Reg    HKLM\SYSTEM\ControlSet002\services\vdrv1000@Group                                                                                                      SCSI Miniport
Reg    HKLM\SYSTEM\ControlSet002\services\vdrv1000@ImagePath                                                                                                  system32\DRIVERS\vdrv1000.sys
Reg    HKLM\SYSTEM\ControlSet002\services\vdrv1000@ErrorControl                                                                                               1
Reg    HKLM\SYSTEM\ControlSet002\services\vdrv1000@Start                                                                                                      1
Reg    HKLM\SYSTEM\ControlSet002\services\vdrv1000@Type                                                                                                       1
Reg    HKLM\SYSTEM\ControlSet002\services\vdrv1000@Tag                                                                                                        66
Reg    HKLM\SYSTEM\ControlSet002\services\vdrv1000\Enum (not active ControlSet)                                                                               
Reg    HKLM\SYSTEM\ControlSet002\services\vdrv1000\Enum@0                                                                                                     {C317464A-8106-4e30-83E6-1825448A5FC3}\VDRV1_HWID\1&21a742e4&0&01
Reg    HKLM\SYSTEM\ControlSet002\services\vdrv1000\Enum@Count                                                                                                 1
Reg    HKLM\SYSTEM\ControlSet002\services\vdrv1000\Enum@NextInstance                                                                                          1
Reg    HKLM\SYSTEM\ControlSet002\services\vdrv1000\parameters (not active ControlSet)                                                                         
Reg    HKLM\SYSTEM\ControlSet002\services\vdrv1000\parameters\pnpinterface (not active ControlSet)                                                            
Reg    HKLM\SYSTEM\ControlSet002\services\vdrv1000\parameters\pnpinterface@0                                                                                  1
Reg    HKLM\SYSTEM\ControlSet002\services\vdrv1000\security (not active ControlSet)                                                                           

---- EOF - GMER 2.1 ----
         
DDS Logfile:
Code:
ATTFilter
DDS (Ver_2012-11-20.01) - NTFS_AMD64 
Internet Explorer: 8.0.7600.17267
Run by Corinna at 14:48:07 on 2013-12-08
Microsoft Windows 7 Home Premium   6.1.7600.0.1252.49.1031.18.3950.1742 [GMT 1:00]
.
AV: Norton Internet Security *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Norton Internet Security *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton Internet Security *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Programme Corinna\Medion\ALDITALKVerbindungsassistent_Service.exe
C:\Program Files (x86)\Common Files\AVerMedia\Service\AVerRemote.exe
C:\Program Files (x86)\Common Files\AVerMedia\Service\AVerScheduleService.exe
C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
C:\Programme Corinna\Norton Utilities 15\Tools\Disk Doctor\DiskDoctorSrv.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\ccSvcHst.exe
C:\Windows\system32\atieclxx.exe
C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe
C:\Windows\system32\Dwm.exe
C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\ccSvcHst.exe
C:\Programme Corinna\Norton Utilities 15\Tools\Disk Doctor\DiskDoctorSrvProxy.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe
C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe
C:\Programme Corinna\Norton Utilities 15\Tools\SpeedDisk\SpeedDiskSrv.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Programme Corinna\Norton Utilities 15\Tools\SpeedDisk\SpeedDiskSrvProxy.exe
C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe
C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe
C:\Programme Corinna\System\VC10SecS.exe
C:\Windows\system32\taskeng.exe
C:\Windows\SysWOW64\DllHost.exe
C:\Program Files\Sony\VAIO Gate\VAIO Gate.exe
C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe
C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe
C:\Program Files\Sony\VAIO Smart Network\VSNService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Sony\VAIO Smart Network\VSNClient.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files (x86)\Sony\Media Gallery\ElbServer.exe
C:\Programme Corinna\FreeAlarmClock\FreeAlarmClock.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Common Files\AVerMedia\AVerQuick\AVerHIDReceiver.exe
C:\Program Files (x86)\Common Files\AVerMedia\AVerQuick\AVerQuick.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe
C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SHTtray.exe
C:\Program Files\Apoint\ApMsgFwd.exe
C:\Program Files (x86)\OnecomCloudDrive\Dlls\OnecomCloudDrive.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Programme Corinna\System\VC10Play.exe
C:\Windows\SysWOW64\RunDll32.exe
C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Apoint\Apvfb.exe
C:\Programme Corinna\Medion\ALDITALKVerbindungsassistent_Launcher.exe
C:\Programme Corinna\System\VC10Tray.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Sony\VAIO Update\VAIOUpdt.exe
C:\Program Files\Sony\VAIO Update\VUAgent.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files\Sony\VAIO Care\VCPerfService.exe
C:\Program Files\Sony\VAIO Personalization Manager\VpmIfPav.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
C:\Program Files\Sony\VAIO Power Management\SPMService.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Sony\VAIO Care\VCsystray.exe
C:\Program Files\Sony\VAIO Care\VCService.exe
C:\Program Files\Sony\VAIO Care\VCAgent.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Windows\System32\vds.exe
C:\Program Files\Sony\VAIO Care\Admload.exe
C:\Programme Corinna\System\vc10fwd.exe
C:\Users\Corinna\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Corinna\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Corinna\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Corinna\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Corinna\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Corinna\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Corinna\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Corinna\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files\Sony\VAIO Care\listener.exe
C:\Programme Corinna\Medion\ALDITALKVerbindungsassistent.exe
C:\Windows\system32\taskhost.exe
C:\Windows\System32\WUDFHost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Corinna\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://my-startpage.net/?referer=32197
uDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=SVEE&bmod=SVEE
mSearchAssistant = hxxp://search.babylon.com/?babsrc=SP_ss&q={searchTerms}&mntrId=eaba9015000000000000000000000000&tlver=1.4.19.19&affID=17162
uURLSearchHooks: <No Name>:  - LocalServer32 - <no file>
mWinlogon: Userinit = userinit.exe
BHO: HistoryTriggerBHO Class: {21A88CB9-84D2-4020-A2D1-B25A21034884} - C:\Programme Corinna\LG PC Suite IV\LinkAir\LinkAirBrowserHelper.dll
BHO: Norton Identity Protection: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\coieplg.dll
BHO: Norton Vulnerability Protection: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\ips\ipsbho.dll
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
BHO: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - <orphaned>
BHO: Windows Live ID-Anmelde-Hilfsprogramm: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - 
TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\coieplg.dll
uRun: [Elbserver] C:\Program Files (x86)\Sony\Media Gallery\ElbServer.exe /Stay
uRun: [Google Update] "C:\Users\Corinna\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [FreeAC] C:\Programme Corinna\FreeAlarmClock\FreeAlarmClock.exe -autorun
uRun: [Facebook Update] "C:\Users\Corinna\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
uRun: [One.com] C:\Program Files (x86)\OnecomCloudDrive\Dlls\AppLauncher.exe
mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe
mRun: [PMBVolumeWatcher] C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe
mRun: [SHTtray.exe] C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SHTtray.exe
mRun: [VC10Player] C:\Programme Corinna\System\VC10Play.exe
mRun: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\AVERHI~1.LNK - C:\Program Files (x86)\Common Files\AVerMedia\AVerQuick\AVerHIDReceiver.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\AVERQU~1.LNK - C:\Program Files (x86)\Common Files\AVerMedia\AVerQuick\AVerQuick.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BLUETO~1.LNK - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\Launcher.lnk - C:\Programme Corinna\Medion\ALDITALKVerbindungsassistent_Launcher.exe
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
IE: Nach Microsoft E&xcel exportieren - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {7B499570-29C5-4a80-9F57-94A420D140CE} - {C8FA495F-F131-42B0-8AB8-B119A674AF8E} - <orphaned>
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
IE: {E0B8C461-F8FB-49b4-8373-FE32E92528A6} - {BC0E0A5D-AB5A-4fa4-A5FA-280E1D58EEEE} - C:\Program Files (x86)\Evernote\Evernote3.5\enbar.dll
DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} - hxxp://game.zylom.com/activex/zylomgamesplayer.cab
TCP: Interfaces\{5E48D3A9-B7C5-423D-88DE-14450A8B72EE} : NameServer = 212.23.115.148 212.23.115.132
TCP: Interfaces\{BA8119BF-FC2C-44C5-A8E8-CED8B96D86BB} : DHCPNameServer = 192.168.42.129
TCP: Interfaces\{BC863AAA-54E2-4F05-A57B-5B003D0368DB} : DHCPNameServer = 172.16.16.19
TCP: Interfaces\{C3FA99C0-6D20-46D3-A571-87208C430CB4} : DHCPNameServer = 192.168.43.1
TCP: Interfaces\{C3FA99C0-6D20-46D3-A571-87208C430CB4}\051647368677F627B6D26416D696C69656 : DHCPNameServer = 192.168.178.1
TCP: Interfaces\{C3FA99C0-6D20-46D3-A571-87208C430CB4}\3536862796C6C602B456E6E677F627470216D6024527563756E6 : DHCPNameServer = 192.168.178.1
TCP: Interfaces\{C3FA99C0-6D20-46D3-A571-87208C430CB4}\3536862796C6C602D202B456E6E677F627470216D6024527563756E6 : DHCPNameServer = 192.168.178.1
TCP: Interfaces\{C3FA99C0-6D20-46D3-A571-87208C430CB4}\A4E2D234E2020586F6E656 : DHCPNameServer = 172.20.10.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - 
x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /FORPCEE3 
x64-Run: [Apoint] C:\Program Files (x86)\Apoint\Apoint.exe
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - <orphaned>
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2010-7-30 55024]
R0 SMR410;Symantec SMR Utility Service 4.1.0;C:\Windows\System32\drivers\SMR410.SYS [2013-12-7 96856]
R0 SymDS;Symantec Data Store;C:\Windows\System32\drivers\NISx64\1404000.028\symds64.sys [2013-6-10 493656]
R0 SymEFA;Symantec Extended File Attributes;C:\Windows\System32\drivers\NISx64\1404000.028\symefa64.sys [2013-6-10 1139800]
R1 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.3.1.22\Definitions\BASHDefs\20131203.001\BHDrvx64.sys [2013-12-3 1526488]
R1 ccSet_NIS;Norton Internet Security Settings Manager;C:\Windows\System32\drivers\NISx64\1404000.028\ccsetx64.sys [2013-6-10 169048]
R1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.3.1.22\Definitions\IPSDefs\20131206.001\IDSviA64.sys [2013-12-7 521816]
R1 SymIRON;Symantec Iron Driver;C:\Windows\System32\drivers\NISx64\1404000.028\ironx64.sys [2013-6-10 224416]
R1 SymNetS;Symantec Network Security WFP Driver;C:\Windows\System32\drivers\NISx64\1404000.028\symnets.sys [2013-6-10 433752]
R1 vdrv1000;vdrv1000;C:\Windows\System32\drivers\vdrv1000.sys [2010-10-16 220696]
R2 ALDITALKVerbindungsassistent_Service;ALDITALKVerbindungsassistent_Service;C:\Programme Corinna\Medion\ALDITALKVerbindungsassistent_Service.exe [2012-2-16 358968]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2010-7-12 202752]
R2 AVerRemote;AVerRemote;C:\Program Files (x86)\Common Files\AVerMedia\Service\AVerRemote.exe [2010-10-18 344064]
R2 AVerScheduleService;AVerScheduleService;C:\Program Files (x86)\Common Files\AVerMedia\Service\AVerScheduleService.exe [2010-10-18 389120]
R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2013-4-22 822504]
R2 DiskDoctorService;Norton Disk Doctor Service;C:\Programme Corinna\Norton Utilities 15\Tools\Disk Doctor\DiskDoctorSrv.exe [2012-3-9 1029480]
R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-7-12 13336]
R2 NIS;Norton Internet Security;C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\ccsvchst.exe [2013-6-10 144368]
R2 NOBU;Norton Online Backup;C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2010-6-1 2804568]
R2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe [2010-6-1 367456]
R2 rimspci;rimspci;C:\Windows\System32\drivers\rimssne64.sys [2010-7-12 94208]
R2 risdsnpe;risdsnpe;C:\Windows\System32\drivers\risdsne64.sys [2010-7-12 78848]
R2 SampleCollector;VAIO Care Performance Service;C:\Program Files\Sony\VAIO Care\VCPerfService.exe [2012-3-20 259192]
R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2013-6-26 523944]
R2 SOHCImp;VAIO Media plus Content Importer;C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe [2010-6-20 108400]
R2 SOHDms;VAIO Media plus Digital Media Server;C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe [2010-6-18 423280]
R2 SOHDs;VAIO Media plus Device Searcher;C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe [2010-6-20 67952]
R2 SpeedDiskService;Norton SpeedDisk Service;C:\Programme Corinna\Norton Utilities 15\Tools\SpeedDisk\SpeedDiskSrv.exe [2012-3-9 1037672]
R2 uCamMonitor;CamMonitor;C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe [2010-7-30 104960]
R2 UNS;Intel(R) Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-7-30 2320920]
R2 VAIO Power Management;VAIO Power Management;C:\Program Files\Sony\VAIO Power Management\SPMService.exe [2010-7-30 575856]
R2 VC10SecS;Virtual CD v10 Management Service;C:\Programme Corinna\System\VC10SecS.exe [2010-10-16 145224]
R2 VCFw;VAIO Content Folder Watcher;C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [2010-6-17 851824]
R2 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [2010-6-9 537456]
R2 VSNService;VSNService;C:\Program Files\Sony\VAIO Smart Network\VSNService.exe [2010-7-30 836608]
R3 ArcSoftKsUFilter;ArcSoft Magic-I Visual Effect;C:\Windows\System32\drivers\ArcSoftKsUFilter.sys [2010-7-30 19968]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2013-11-21 137648]
R3 HECIx64;Intel(R) Management Engine Interface;C:\Windows\System32\drivers\HECIx64.sys [2010-6-4 56344]
R3 Impcd;Impcd;C:\Windows\System32\drivers\Impcd.sys [2010-7-12 158976]
R3 LgBttPort;LGE Bluetooth TransPort;C:\Windows\System32\drivers\lgbtpt64.sys [2009-9-29 16384]
R3 lgbusenum;LG Bluetooth Bus Enumerator;C:\Windows\System32\drivers\lgbtbs64.sys [2009-9-29 14848]
R3 LGVMODEM;LGE Virtual Modem;C:\Windows\System32\drivers\lgvmdm64.sys [2009-9-29 17408]
R3 SFEP;Sony Firmware Extension Parser;C:\Windows\System32\drivers\SFEP.sys [2010-6-2 12032]
R3 Sftfs;Sftfs;C:\Windows\System32\drivers\Sftfslh.sys [2013-6-26 767144]
R3 Sftplay;Sftplay;C:\Windows\System32\drivers\Sftplaylh.sys [2013-6-26 273576]
R3 Sftredir;Sftredir;C:\Windows\System32\drivers\Sftredirlh.sys [2013-6-26 28840]
R3 Sftvol;Sftvol;C:\Windows\System32\drivers\Sftvollh.sys [2013-6-26 23208]
R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2013-6-26 207528]
R3 SpfService;VAIO Entertainment Common Service;C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe [2010-6-6 304496]
R3 vcd10bus;Virtual CD v10 Bus Enumerator;C:\Windows\System32\drivers\vcd10bus.sys [2010-10-16 40464]
R3 VCService;VCService;C:\Program Files\Sony\VAIO Care\VCService.exe [2012-3-20 44736]
R3 VUAgent;VUAgent;C:\Program Files\Sony\VAIO Update\VUAgent.exe [2013-1-10 1286784]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\System32\drivers\yk62x64.sys [2010-7-12 402720]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-7-13 160944]
S3 AdobeActiveFileMonitor8.0;Adobe Active File Monitor V8;C:\Program Files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe [2009-10-9 169312]
S3 andnetadb;ADB Interface DriverNet;C:\Windows\System32\drivers\lgandnetadb.sys [2012-3-7 31744]
S3 AndNetDiag;LGE AndroidNet USB Serial Port;C:\Windows\System32\drivers\lgandnetdiag64.sys [2012-3-6 29184]
S3 ANDNetModem;LGE AndroidNet USB Modem;C:\Windows\System32\drivers\lgandnetmodem64.sys [2012-3-6 36352]
S3 andnetndis;LGE AndroidNet NDIS Ethernet Adapter;C:\Windows\System32\drivers\lgandnetndis64.sys [2012-3-6 93184]
S3 AVerAF35;AVerMedia A835 USB DVB-T;C:\Windows\System32\drivers\AVerAF35.sys [2009-10-19 511232]
S3 btwampfl;Bluetooth AMP USB Filter;C:\Windows\System32\drivers\btwampfl.sys [2010-7-30 342056]
S3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\System32\drivers\btwl2cap.sys [2010-7-30 39464]
S3 HH10Help.sys;HH10Help.sys;C:\Windows\System32\drivers\HH10Help.sys [2010-10-16 24088]
S3 IntcDAud;Intel(R) Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2010-7-12 271872]
S3 SymDSMon;SymDSMon;C:\Windows\System32\drivers\SymDSMon.sys [2012-3-9 191232]
S3 SYMSpeedDisk;SYMSpeedDisk;C:\Windows\System32\drivers\SymSpeedDisk.sys [2012-3-9 163384]
S3 vcd9bus;Virtual CD v9 Bus Enumerator;C:\Windows\System32\drivers\vcd9bus.sys [2011-1-28 40216]
S3 VcmINSMgr;VAIO Content Metadata Intelligent Network Service Manager;C:\Program Files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe [2010-6-9 384880]
S3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe [2010-6-9 101232]
.
=============== Created Last 30 ================
.
2013-12-07 20:53:09	96856	----a-w-	C:\Windows\System32\drivers\SMR410.SYS
2013-12-07 20:50:26	--------	d-----w-	C:\Users\Corinna\AppData\Local\NPE
.
==================== Find3M  ====================
.
2013-10-31 15:03:10	71048	----a-w-	C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-10-31 15:03:10	692616	----a-w-	C:\Windows\SysWow64\FlashPlayerApp.exe
2013-10-23 05:32:02	255352	----a-w-	C:\Windows\SysWow64\awrdscdc.ax
.
============= FINISH: 14:48:40,21 ===============
         
--- --- ---


Code:
ATTFilter
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Home Premium 
Boot Device: \Device\HarddiskVolume2
Install Date: 15.10.2010 14:15:32
System Uptime: 08.12.2013 11:44:40 (3 hours ago)
.
Motherboard: Sony Corporation |  | VAIO
Processor: Intel(R) Core(TM) i5 CPU       M 460  @ 2.53GHz | N/A | 2534/133mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 228 GiB total, 154,336 GiB free.
D: is CDROM ()
E: is CDROM ()
F: is CDROM ()
G: is CDROM (CDFS)
H: is Removable
M: is FIXED (NTFS) - 107 GiB total, 68,845 GiB free.
S: is FIXED (NTFS) - 117 GiB total, 112,199 GiB free.
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP441: 15.11.2013 03:00:29 - Windows Update
RP442: 17.11.2013 03:00:23 - Windows Update
RP443: 17.11.2013 19:13:29 - Made by Norton Utilities                                        äå
RP444: 27.11.2013 15:51:11 - Geplanter Prüfpunkt
RP445: 04.12.2013 21:53:32 - Made by Norton Utilities                                        äå
RP446: 07.12.2013 23:23:30 - Free Driver Scout
RP447: 07.12.2013 23:24:06 - Removed Java 7 Update 45
RP448: 07.12.2013 23:24:51 - Removed Java(TM) 6 Update 20 (64-bit)
RP449: 07.12.2013 23:25:30 - Removed Java(TM) 6 Update 32
.
==== Installed Programs ======================
.
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Photoshop Elements 8.0
Adobe Premiere Elements 8.0
Adobe Reader XI (11.0.05) - Deutsch
Age of Empires III
Age of Empires III - The Asian Dynasties
Age of Empires III - The WarChiefs
ALDI TALK Verbindungsassistent
Alps Pointing-device for VAIO
Apple Application Support
Apple Software Update
ArcSoft Magic-i Visual Effects 2
ArcSoft WebCam Companion 3
ATI Catalyst Install Manager
AudibleManager
AVerMedia A835 USB TV Tuner 8.0.64.43
AVerTV
Catalyst Control Center Core Implementation
Catalyst Control Center Graphics Full Existing
Catalyst Control Center Graphics Full New
Catalyst Control Center Graphics Light
Catalyst Control Center Graphics Previews Common
Catalyst Control Center Graphics Previews Vista
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
ccc-core-static
ccc-utility64
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
CCleaner
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
Evernote
Facebook Video Calling 1.2.0.287
Flatcast Viewer Plugin 5.2.2.454
Free Alarm Clock 2.5.0
GIMP 2.8.0
Google Chrome
Google Earth
Google Update Helper
Hotel Gigant 2
Intel(R) Control Center
Intel(R) Management Engine Components
Intel(R) Rapid Storage Technology
Intel(R) Turbo Boost Technology Driver
Junk Mail filter update
king.com (remove only)
LG Bluetooth Drivers
LG On-Screen Phone
LG PC Suite IV
LG United Mobile Drivers
Media Gallery
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Client Profile DEU Language Pack
Microsoft .NET Framework 4 Extended
Microsoft Age of Empires Gold
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft Office 2010
Microsoft Office Access MUI (German) 2010
Microsoft Office Excel MUI (German) 2010
Microsoft Office Groove MUI (German) 2010
Microsoft Office InfoPath MUI (German) 2010
Microsoft Office Klick-und-Los 2010
Microsoft Office Office 64-bit Components 2010
Microsoft Office OneNote MUI (German) 2010
Microsoft Office Outlook MUI (German) 2010
Microsoft Office PowerPoint MUI (German) 2010
Microsoft Office Professional Plus 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (German) 2010
Microsoft Office Proof (Italian) 2010
Microsoft Office Proofing (German) 2010
Microsoft Office Publisher MUI (German) 2010
Microsoft Office Shared 64-bit MUI (German) 2010
Microsoft Office Shared MUI (German) 2010
Microsoft Office Starter 2010 - Deutsch
Microsoft Office Word MUI (German) 2010
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable (x64)
Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
MSVCRT
MSXML 4.0 SP2 Parser and SDK
MSXML 4.0 SP3 Parser
MSXML 4.0 SP3 Parser (KB2721691)
MSXML 4.0 SP3 Parser (KB2758694)
MSXML 4.0 SP3 Parser (KB973685)
Norton Internet Security
Norton Online Backup
Norton Utilities 15
One.com Cloud Drive 0.3.12.32375
PlayReady PC Runtime amd64
Plus-HD-3.8
PMB
PMB VAIO Edition Guide
PMB VAIO Edition plug-in (Click to Disc)
PMB VAIO Edition plug-in (VAIO Image Optimizer)
PMB VAIO Edition plug-in (VAIO Movie Story)
QuickPar 0.9
QuickTime
Realtek HDMI Audio Driver for ATI
Realtek High Definition Audio Driver
Samsung Data Migration
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
Security Update for Microsoft .NET Framework 4 Client Profile DEU Language Pack (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile DEU Language Pack (KB2518870)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Security Update for Microsoft .NET Framework 4 Extended (KB2736428)
Security Update for Microsoft .NET Framework 4 Extended (KB2742595)
Security Update for Microsoft Excel 2010 (KB2826033) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553284) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2687423) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2760781) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2826023) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2826035) 32-Bit Edition
Security Update for Microsoft Outlook 2010 (KB2837597) 32-Bit Edition
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition
Skype Click to Call
Skype™ 5.10
SmartSound Quicktracks for Premiere Elements 8.0
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2600217)
Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition
Update for Microsoft Filter Pack 2.0 (KB2810071) 32-Bit Edition
Update for Microsoft Office 2010 (KB2494150)
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition
Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition
Update for Microsoft Office 2010 (KB2825640) 32-Bit Edition
Update for Microsoft Office 2010 (KB2826026) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2810072) 32-Bit Edition
Update for Microsoft PowerPoint 2010 (KB2553145) 32-Bit Edition
Update for Microsoft Visio Viewer 2010 (KB2810066) 32-Bit Edition
Update for Microsoft Word 2010 (KB2827323) 32-Bit Edition
VAIO-Handbuch
VAIO-Support für Übertragungen
VAIO - Media Gallery
VAIO - PMB VAIO Edition Guide
VAIO - PMB VAIO Edition plug-in (Click to Disc)
VAIO - PMB VAIO Edition plug-in (VAIO Image Optimizer)
VAIO - PMB VAIO Edition plug-in (VAIO Movie Story)
VAIO Care
VAIO Control Center
VAIO Data Restore Tool
VAIO DVD Menu Data
VAIO Gate
VAIO Gate Default
VAIO Hardware Diagnostics
VAIO Media plus
VAIO Media plus Opening Movie
VAIO Movie Story Template Data
VAIO Quick Web Access
VAIO Sample Contents
VAIO screensaver
VAIO Smart Network
VAIO Update
VIS
VLC media player 2.0.3
VU5x64
VU5x86
WIDCOMM Bluetooth Software
Windows Live-Uploadtool
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Fotogalerie
Windows Live ID Sign-in Assistant
Windows Live Mail
Windows Live Messenger
Windows Live Sync
Windows Live Writer
Windows Media Player Firefox Plugin
Zip Opener Packages
Zylom Games Player Plugin
.
==== End Of File ===========================
         
__________________

Alt 08.12.2013, 19:39   #4
Psychotic
/// Malwareteam
 
Trojaner? Logfile ist vorhanden - Standard

Trojaner? Logfile ist vorhanden



Combofix darf ausschließlich ausgeführt werden, wenn dies von einem Team Mitglied angewiesen wurde!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.
Downloade dir bitte Combofix von einem dieser Downloadspiegel

Link 1
Link 2


WICHTIG - Speichere Combofix auf deinem Desktop
  • Deaktiviere bitte all deine Anti Viren sowie Anti Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören.
Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.

Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort.


Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Zitat:
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.
__________________
Kein Asylrecht für Trojaner!

Proud Member of UNITE

Hinweis: Ich bin nur werktags erreichbar!
Anfragen über PM werden ignoriert!

Du bist zufrieden mit uns? Dann unterstütze das Trojaner-Board!

Alt 08.12.2013, 21:21   #5
Corinna2010
 
Trojaner? Logfile ist vorhanden - Standard

Trojaner? Logfile ist vorhanden



Code:
ATTFilter
ComboFix 13-12-08.01 - Corinna 08.12.2013  19:46:53.1.4 - x64
Microsoft Windows 7 Home Premium   6.1.7600.0.1252.49.1031.18.3950.1793 [GMT 1:00]
ausgeführt von:: c:\users\Corinna\Downloads\ComboFix.exe
AV: Norton Internet Security *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
FW: Norton Internet Security *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
SP: Norton Internet Security *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\Install.exe
c:\program files (x86)\DealPly
c:\program files (x86)\DealPly\uninst.exe
c:\users\Corinna\AppData\Local\Google\Chrome\User Data\Default\databases\chrome-extension_ofjgnhihlklpobkaloamkankaaoclfjh_0
c:\users\Corinna\AppData\Local\Google\Chrome\User Data\Default\databases\chrome-extension_ofjgnhihlklpobkaloamkankaaoclfjh_0\18
c:\users\Corinna\AppData\Local\Google\Chrome\User Data\Default\Extensions\ofjgnhihlklpobkaloamkankaaoclfjh
c:\users\Corinna\AppData\Local\Google\Chrome\User Data\Default\Extensions\ofjgnhihlklpobkaloamkankaaoclfjh\1.25.50_0\background.html
c:\users\Corinna\AppData\Local\Google\Chrome\User Data\Default\Extensions\ofjgnhihlklpobkaloamkankaaoclfjh\1.25.50_0\crossriderManifest.json
c:\users\Corinna\AppData\Local\Google\Chrome\User Data\Default\Extensions\ofjgnhihlklpobkaloamkankaaoclfjh\1.25.50_0\extensionData\manifest.xml
c:\users\Corinna\AppData\Local\Google\Chrome\User Data\Default\Extensions\ofjgnhihlklpobkaloamkankaaoclfjh\1.25.50_0\extensionData\plugins.json
c:\users\Corinna\AppData\Local\Google\Chrome\User Data\Default\Extensions\ofjgnhihlklpobkaloamkankaaoclfjh\1.25.50_0\extensionData\plugins\1_base.js
c:\users\Corinna\AppData\Local\Google\Chrome\User Data\Default\Extensions\ofjgnhihlklpobkaloamkankaaoclfjh\1.25.50_0\extensionData\plugins\101_cortica_m.js
c:\users\Corinna\AppData\Local\Google\Chrome\User Data\Default\Extensions\ofjgnhihlklpobkaloamkankaaoclfjh\1.25.50_0\extensionData\plugins\102_dealply_m.js
c:\users\Corinna\AppData\Local\Google\Chrome\User Data\Default\Extensions\ofjgnhihlklpobkaloamkankaaoclfjh\1.25.50_0\extensionData\plugins\103_intext_5_m.js
c:\users\Corinna\AppData\Local\Google\Chrome\User Data\Default\Extensions\ofjgnhihlklpobkaloamkankaaoclfjh\1.25.50_0\extensionData\plugins\104_jollywallet_m.js
c:\users\Corinna\AppData\Local\Google\Chrome\User Data\Default\Extensions\ofjgnhihlklpobkaloamkankaaoclfjh\1.25.50_0\extensionData\plugins\105_corticas_m.js
c:\users\Corinna\AppData\Local\Google\Chrome\User Data\Default\Extensions\ofjgnhihlklpobkaloamkankaaoclfjh\1.25.50_0\extensionData\plugins\108_icm_m.js
c:\users\Corinna\AppData\Local\Google\Chrome\User Data\Default\Extensions\ofjgnhihlklpobkaloamkankaaoclfjh\1.25.50_0\extensionData\plugins\116_ads_only_5_m.js
c:\users\Corinna\AppData\Local\Google\Chrome\User Data\Default\Extensions\ofjgnhihlklpobkaloamkankaaoclfjh\1.25.50_0\extensionData\plugins\117_coupons_intext_ads_5_m.js
c:\users\Corinna\AppData\Local\Google\Chrome\User Data\Default\Extensions\ofjgnhihlklpobkaloamkankaaoclfjh\1.25.50_0\extensionData\plugins\119_similar_web_m.js
c:\users\Corinna\AppData\Local\Google\Chrome\User Data\Default\Extensions\ofjgnhihlklpobkaloamkankaaoclfjh\1.25.50_0\extensionData\plugins\120_luck_m.js
c:\users\Corinna\AppData\Local\Google\Chrome\User Data\Default\Extensions\ofjgnhihlklpobkaloamkankaaoclfjh\1.25.50_0\extensionData\plugins\123_intext_adv_m.js
c:\users\Corinna\AppData\Local\Google\Chrome\User Data\Default\Extensions\ofjgnhihlklpobkaloamkankaaoclfjh\1.25.50_0\extensionData\plugins\124_superfish_no_search_no_coupons_m.js
c:\users\Corinna\AppData\Local\Google\Chrome\User Data\Default\Extensions\ofjgnhihlklpobkaloamkankaaoclfjh\1.25.50_0\extensionData\plugins\125_arcadi2_m.js
c:\users\Corinna\AppData\Local\Google\Chrome\User Data\Default\Extensions\ofjgnhihlklpobkaloamkankaaoclfjh\1.25.50_0\extensionData\plugins\126_revizer_ws_m.js
c:\users\Corinna\AppData\Local\Google\Chrome\User Data\Default\Extensions\ofjgnhihlklpobkaloamkankaaoclfjh\1.25.50_0\extensionData\plugins\127_revizer_p_m.js
c:\users\Corinna\AppData\Local\Google\Chrome\User Data\Default\Extensions\ofjgnhihlklpobkaloamkankaaoclfjh\1.25.50_0\extensionData\plugins\128_superfish_pricora_m.js
c:\users\Corinna\AppData\Local\Google\Chrome\User Data\Default\Extensions\ofjgnhihlklpobkaloamkankaaoclfjh\1.25.50_0\extensionData\plugins\129_widdit_m.js
c:\users\Corinna\AppData\Local\Google\Chrome\User Data\Default\Extensions\ofjgnhihlklpobkaloamkankaaoclfjh\1.25.50_0\extensionData\plugins\13_CrossriderAppUtils.js
c:\users\Corinna\AppData\Local\Google\Chrome\User Data\Default\Extensions\ofjgnhihlklpobkaloamkankaaoclfjh\1.25.50_0\extensionData\plugins\135_arcadi3_m.js
c:\users\Corinna\AppData\Local\Google\Chrome\User Data\Default\Extensions\ofjgnhihlklpobkaloamkankaaoclfjh\1.25.50_0\extensionData\plugins\138_getdeal_m.js
c:\users\Corinna\AppData\Local\Google\Chrome\User Data\Default\Extensions\ofjgnhihlklpobkaloamkankaaoclfjh\1.25.50_0\extensionData\plugins\14_CrossriderUtils.js
c:\users\Corinna\AppData\Local\Google\Chrome\User Data\Default\Extensions\ofjgnhihlklpobkaloamkankaaoclfjh\1.25.50_0\extensionData\plugins\141_corticas_ru_m.js.js
c:\users\Corinna\AppData\Local\Google\Chrome\User Data\Default\Extensions\ofjgnhihlklpobkaloamkankaaoclfjh\1.25.50_0\extensionData\plugins\142_intext_fa_m.js
c:\users\Corinna\AppData\Local\Google\Chrome\User Data\Default\Extensions\ofjgnhihlklpobkaloamkankaaoclfjh\1.25.50_0\extensionData\plugins\155_ibario_pops_m.js
c:\users\Corinna\AppData\Local\Google\Chrome\User Data\Default\Extensions\ofjgnhihlklpobkaloamkankaaoclfjh\1.25.50_0\extensionData\plugins\158_50onred_ads_only_no_fb_m.js
c:\users\Corinna\AppData\Local\Google\Chrome\User Data\Default\Extensions\ofjgnhihlklpobkaloamkankaaoclfjh\1.25.50_0\extensionData\plugins\159_cortica_rollover_m.js
c:\users\Corinna\AppData\Local\Google\Chrome\User Data\Default\Extensions\ofjgnhihlklpobkaloamkankaaoclfjh\1.25.50_0\extensionData\plugins\17_jQuery.js
c:\users\Corinna\AppData\Local\Google\Chrome\User Data\Default\Extensions\ofjgnhihlklpobkaloamkankaaoclfjh\1.25.50_0\extensionData\plugins\170_icm1_5_m.js
c:\users\Corinna\AppData\Local\Google\Chrome\User Data\Default\Extensions\ofjgnhihlklpobkaloamkankaaoclfjh\1.25.50_0\extensionData\plugins\171_arcadi2_sourceID_m.js
c:\users\Corinna\AppData\Local\Google\Chrome\User Data\Default\Extensions\ofjgnhihlklpobkaloamkankaaoclfjh\1.25.50_0\extensionData\plugins\174_arcadi_serp_dynamic_id_m.js
c:\users\Corinna\AppData\Local\Google\Chrome\User Data\Default\Extensions\ofjgnhihlklpobkaloamkankaaoclfjh\1.25.50_0\extensionData\plugins\175_coolmirage_m.js
c:\users\Corinna\AppData\Local\Google\Chrome\User Data\Default\Extensions\ofjgnhihlklpobkaloamkankaaoclfjh\1.25.50_0\extensionData\plugins\178_revizer_ws_dynamic_m.js
c:\users\Corinna\AppData\Local\Google\Chrome\User Data\Default\Extensions\ofjgnhihlklpobkaloamkankaaoclfjh\1.25.50_0\extensionData\plugins\179_revizer_p_dynamic_m.js
c:\users\Corinna\AppData\Local\Google\Chrome\User Data\Default\Extensions\ofjgnhihlklpobkaloamkankaaoclfjh\1.25.50_0\extensionData\plugins\19_CHAppAPIWrapper.js
c:\users\Corinna\AppData\Local\Google\Chrome\User Data\Default\Extensions\ofjgnhihlklpobkaloamkankaaoclfjh\1.25.50_0\extensionData\plugins\21_debug.js
c:\users\Corinna\AppData\Local\Google\Chrome\User Data\Default\Extensions\ofjgnhihlklpobkaloamkankaaoclfjh\1.25.50_0\extensionData\plugins\22_resources.js
c:\users\Corinna\AppData\Local\Google\Chrome\User Data\Default\Extensions\ofjgnhihlklpobkaloamkankaaoclfjh\1.25.50_0\extensionData\plugins\28_initializer.js
c:\users\Corinna\AppData\Local\Google\Chrome\User Data\Default\Extensions\ofjgnhihlklpobkaloamkankaaoclfjh\1.25.50_0\extensionData\plugins\4_jquery_1_7_1.js
c:\users\Corinna\AppData\Local\Google\Chrome\User Data\Default\Extensions\ofjgnhihlklpobkaloamkankaaoclfjh\1.25.50_0\extensionData\plugins\47_resources_background.js
c:\users\Corinna\AppData\Local\Google\Chrome\User Data\Default\Extensions\ofjgnhihlklpobkaloamkankaaoclfjh\1.25.50_0\extensionData\plugins\64_appApiMessage.js
c:\users\Corinna\AppData\Local\Google\Chrome\User Data\Default\Extensions\ofjgnhihlklpobkaloamkankaaoclfjh\1.25.50_0\extensionData\plugins\7_hooks.js
c:\users\Corinna\AppData\Local\Google\Chrome\User Data\Default\Extensions\ofjgnhihlklpobkaloamkankaaoclfjh\1.25.50_0\extensionData\plugins\72_appApiValidation.js
c:\users\Corinna\AppData\Local\Google\Chrome\User Data\Default\Extensions\ofjgnhihlklpobkaloamkankaaoclfjh\1.25.50_0\extensionData\plugins\78_CrossriderInfo.js
c:\users\Corinna\AppData\Local\Google\Chrome\User Data\Default\Extensions\ofjgnhihlklpobkaloamkankaaoclfjh\1.25.50_0\extensionData\plugins\80_CHPopupAppAPI.js
c:\users\Corinna\AppData\Local\Google\Chrome\User Data\Default\Extensions\ofjgnhihlklpobkaloamkankaaoclfjh\1.25.50_0\extensionData\plugins\87_ginyas_wrapper.js
c:\users\Corinna\AppData\Local\Google\Chrome\User Data\Default\Extensions\ofjgnhihlklpobkaloamkankaaoclfjh\1.25.50_0\extensionData\plugins\9_search_engine_hook.js
c:\users\Corinna\AppData\Local\Google\Chrome\User Data\Default\Extensions\ofjgnhihlklpobkaloamkankaaoclfjh\1.25.50_0\extensionData\plugins\91_monetizationLoader.js.js
c:\users\Corinna\AppData\Local\Google\Chrome\User Data\Default\Extensions\ofjgnhihlklpobkaloamkankaaoclfjh\1.25.50_0\extensionData\plugins\92_superfish_m.js
c:\users\Corinna\AppData\Local\Google\Chrome\User Data\Default\Extensions\ofjgnhihlklpobkaloamkankaaoclfjh\1.25.50_0\extensionData\plugins\93_superfish_no_coupons_m.js
c:\users\Corinna\AppData\Local\Google\Chrome\User Data\Default\Extensions\ofjgnhihlklpobkaloamkankaaoclfjh\1.25.50_0\extensionData\plugins\97_resourceApiWrapper.js
c:\users\Corinna\AppData\Local\Google\Chrome\User Data\Default\Extensions\ofjgnhihlklpobkaloamkankaaoclfjh\1.25.50_0\extensionData\userCode\background.js
c:\users\Corinna\AppData\Local\Google\Chrome\User Data\Default\Extensions\ofjgnhihlklpobkaloamkankaaoclfjh\1.25.50_0\extensionData\userCode\extension.js
c:\users\Corinna\AppData\Local\Google\Chrome\User Data\Default\Extensions\ofjgnhihlklpobkaloamkankaaoclfjh\1.25.50_0\icons\actions\1.png
c:\users\Corinna\AppData\Local\Google\Chrome\User Data\Default\Extensions\ofjgnhihlklpobkaloamkankaaoclfjh\1.25.50_0\icons\icon128.png
c:\users\Corinna\AppData\Local\Google\Chrome\User Data\Default\Extensions\ofjgnhihlklpobkaloamkankaaoclfjh\1.25.50_0\icons\icon16.png
c:\users\Corinna\AppData\Local\Google\Chrome\User Data\Default\Extensions\ofjgnhihlklpobkaloamkankaaoclfjh\1.25.50_0\icons\icon48.png
c:\users\Corinna\AppData\Local\Google\Chrome\User Data\Default\Extensions\ofjgnhihlklpobkaloamkankaaoclfjh\1.25.50_0\js\api\chrome.js
c:\users\Corinna\AppData\Local\Google\Chrome\User Data\Default\Extensions\ofjgnhihlklpobkaloamkankaaoclfjh\1.25.50_0\js\api\cookie.js
c:\users\Corinna\AppData\Local\Google\Chrome\User Data\Default\Extensions\ofjgnhihlklpobkaloamkankaaoclfjh\1.25.50_0\js\api\message.js
c:\users\Corinna\AppData\Local\Google\Chrome\User Data\Default\Extensions\ofjgnhihlklpobkaloamkankaaoclfjh\1.25.50_0\js\api\pageAction.js
c:\users\Corinna\AppData\Local\Google\Chrome\User Data\Default\Extensions\ofjgnhihlklpobkaloamkankaaoclfjh\1.25.50_0\js\api\pageActionBG.js
c:\users\Corinna\AppData\Local\Google\Chrome\User Data\Default\Extensions\ofjgnhihlklpobkaloamkankaaoclfjh\1.25.50_0\js\background.js
c:\users\Corinna\AppData\Local\Google\Chrome\User Data\Default\Extensions\ofjgnhihlklpobkaloamkankaaoclfjh\1.25.50_0\js\lib\app_api.js
c:\users\Corinna\AppData\Local\Google\Chrome\User Data\Default\Extensions\ofjgnhihlklpobkaloamkankaaoclfjh\1.25.50_0\js\lib\bg_app_api.js
c:\users\Corinna\AppData\Local\Google\Chrome\User Data\Default\Extensions\ofjgnhihlklpobkaloamkankaaoclfjh\1.25.50_0\js\lib\consts.js
c:\users\Corinna\AppData\Local\Google\Chrome\User Data\Default\Extensions\ofjgnhihlklpobkaloamkankaaoclfjh\1.25.50_0\js\lib\cookie_store.js
c:\users\Corinna\AppData\Local\Google\Chrome\User Data\Default\Extensions\ofjgnhihlklpobkaloamkankaaoclfjh\1.25.50_0\js\lib\crossriderAPI.js
c:\users\Corinna\AppData\Local\Google\Chrome\User Data\Default\Extensions\ofjgnhihlklpobkaloamkankaaoclfjh\1.25.50_0\js\lib\delegate.js
c:\users\Corinna\AppData\Local\Google\Chrome\User Data\Default\Extensions\ofjgnhihlklpobkaloamkankaaoclfjh\1.25.50_0\js\lib\events.js
c:\users\Corinna\AppData\Local\Google\Chrome\User Data\Default\Extensions\ofjgnhihlklpobkaloamkankaaoclfjh\1.25.50_0\js\lib\extensionDataStore.js
c:\users\Corinna\AppData\Local\Google\Chrome\User Data\Default\Extensions\ofjgnhihlklpobkaloamkankaaoclfjh\1.25.50_0\js\lib\installer.js
c:\users\Corinna\AppData\Local\Google\Chrome\User Data\Default\Extensions\ofjgnhihlklpobkaloamkankaaoclfjh\1.25.50_0\js\lib\logFile.js
c:\users\Corinna\AppData\Local\Google\Chrome\User Data\Default\Extensions\ofjgnhihlklpobkaloamkankaaoclfjh\1.25.50_0\js\lib\logging.js
c:\users\Corinna\AppData\Local\Google\Chrome\User Data\Default\Extensions\ofjgnhihlklpobkaloamkankaaoclfjh\1.25.50_0\js\lib\onBGDocumentLoad.js
c:\users\Corinna\AppData\Local\Google\Chrome\User Data\Default\Extensions\ofjgnhihlklpobkaloamkankaaoclfjh\1.25.50_0\js\lib\popupResource\newPopup.js
c:\users\Corinna\AppData\Local\Google\Chrome\User Data\Default\Extensions\ofjgnhihlklpobkaloamkankaaoclfjh\1.25.50_0\js\lib\popupResource\popup.js
c:\users\Corinna\AppData\Local\Google\Chrome\User Data\Default\Extensions\ofjgnhihlklpobkaloamkankaaoclfjh\1.25.50_0\js\lib\reports.js
c:\users\Corinna\AppData\Local\Google\Chrome\User Data\Default\Extensions\ofjgnhihlklpobkaloamkankaaoclfjh\1.25.50_0\js\lib\storageWrapper.js
c:\users\Corinna\AppData\Local\Google\Chrome\User Data\Default\Extensions\ofjgnhihlklpobkaloamkankaaoclfjh\1.25.50_0\js\lib\updateManager.js
c:\users\Corinna\AppData\Local\Google\Chrome\User Data\Default\Extensions\ofjgnhihlklpobkaloamkankaaoclfjh\1.25.50_0\js\lib\util.js
c:\users\Corinna\AppData\Local\Google\Chrome\User Data\Default\Extensions\ofjgnhihlklpobkaloamkankaaoclfjh\1.25.50_0\js\lib\xhr.js
c:\users\Corinna\AppData\Local\Google\Chrome\User Data\Default\Extensions\ofjgnhihlklpobkaloamkankaaoclfjh\1.25.50_0\js\main.js
c:\users\Corinna\AppData\Local\Google\Chrome\User Data\Default\Extensions\ofjgnhihlklpobkaloamkankaaoclfjh\1.25.50_0\manifest.json
c:\users\Corinna\AppData\Local\Google\Chrome\User Data\Default\Extensions\ofjgnhihlklpobkaloamkankaaoclfjh\1.25.50_0\popup.html
c:\users\Corinna\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ofjgnhihlklpobkaloamkankaaoclfjh
c:\users\Corinna\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ofjgnhihlklpobkaloamkankaaoclfjh\000430.ldb
c:\users\Corinna\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ofjgnhihlklpobkaloamkankaaoclfjh\000445.log
c:\users\Corinna\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ofjgnhihlklpobkaloamkankaaoclfjh\CURRENT
c:\users\Corinna\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ofjgnhihlklpobkaloamkankaaoclfjh\LOCK
c:\users\Corinna\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ofjgnhihlklpobkaloamkankaaoclfjh\LOG
c:\users\Corinna\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ofjgnhihlklpobkaloamkankaaoclfjh\LOG.old
c:\users\Corinna\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ofjgnhihlklpobkaloamkankaaoclfjh\MANIFEST-000443
c:\users\Corinna\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_ofjgnhihlklpobkaloamkankaaoclfjh_0.localstorage-journal
c:\users\Corinna\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_ofjgnhihlklpobkaloamkankaaoclfjh_0.localstorage
c:\users\Corinna\AppData\Local\Google\Chrome\User Data\Default\Preferences
c:\users\Corinna\OSU.exe
c:\users\Corinna\WtgPorts.dll
c:\users\Corinna\WTGService.exe
c:\users\Corinna\WTGVistaUtil.exe
c:\windows\security\Database\tmp.edb
c:\windows\SysWow64\pthreadVC.dll
c:\windows\Temp\log.txt
.
.
(((((((((((((((((((((((   Dateien erstellt von 2013-11-08 bis 2013-12-08  ))))))))))))))))))))))))))))))
.
.
2013-12-07 20:50 . 2013-12-07 22:03	--------	d-----w-	c:\users\Corinna\AppData\Local\NPE
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-11-15 02:01 . 2010-10-15 14:55	82896128	----a-w-	c:\windows\system32\MRT.exe
2013-10-31 15:03 . 2013-02-24 18:54	692616	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2013-10-31 15:03 . 2011-05-27 07:38	71048	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-10-23 05:32 . 2013-10-23 05:32	255352	----a-w-	c:\windows\SysWow64\awrdscdc.ax
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Elbserver"="c:\program files (x86)\Sony\Media Gallery\ElbServer.exe" [2010-06-22 81264]
"FreeAC"="c:\programme corinna\FreeAlarmClock\FreeAlarmClock.exe" [2011-11-22 1327440]
"Facebook Update"="c:\users\Corinna\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2012-07-20 138096]
"One.com"="c:\program files (x86)\OnecomCloudDrive\Dlls\AppLauncher.exe" [2012-11-12 23464]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2010-03-04 284696]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-02-08 98304]
"Norton Online Backup"="c:\program files (x86)\Symantec\Norton Online Backup\NOBuClient.exe" [2010-06-01 1155928]
"PMBVolumeWatcher"="c:\program files (x86)\Sony\PMB\PMBVolumeWatcher.exe" [2010-06-01 600928]
"SHTtray.exe"="c:\program files (x86)\Common Files\Sony Shared\SOHLib\SHTtray.exe" [2010-06-20 99696]
"VC10Player"="c:\programme corinna\System\VC10Play.exe" [2009-10-08 383304]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2012-11-05 89184]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-07-05 421888]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-05-11 958576]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
AVer HID Receiver.lnk - c:\program files (x86)\Common Files\AVerMedia\AVerQuick\AVerHIDReceiver.exe [2010-10-18 155648]
AVerQuick.lnk - c:\program files (x86)\Common Files\AVerMedia\AVerQuick\AVerQuick.exe [2010-10-18 651264]
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2010-6-8 1128224]
Launcher.lnk - c:\programme corinna\Medion\ALDITALKVerbindungsassistent_Launcher.exe [2012-2-16 510520]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer2"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"ISBMgr.exe"="c:\program files (x86)\Sony\ISB Utility\ISBMgr.exe"
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R2 SystemStoreService;System Store;c:\program files\SoftwareUpdater\SystemStore.exe  -displayname System Store -servicename SystemStoreService;c:\program files\SoftwareUpdater\SystemStore.exe  -displayname System Store -servicename SystemStoreService [x]
R3 AdobeActiveFileMonitor8.0;Adobe Active File Monitor V8;c:\program files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe;c:\program files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe [x]
R3 Andbus;LGE Android Platform Composite USB Device;c:\windows\system32\DRIVERS\lgandbus64.sys;c:\windows\SYSNATIVE\DRIVERS\lgandbus64.sys [x]
R3 AndDiag;LGE Android Platform USB Serial Port;c:\windows\system32\DRIVERS\lganddiag64.sys;c:\windows\SYSNATIVE\DRIVERS\lganddiag64.sys [x]
R3 AndGps;LGE Android Platform USB GPS NMEA Port;c:\windows\system32\DRIVERS\lgandgps64.sys;c:\windows\SYSNATIVE\DRIVERS\lgandgps64.sys [x]
R3 ANDModem;LGE Android Platform USB Modem;c:\windows\system32\DRIVERS\lgandmodem64.sys;c:\windows\SYSNATIVE\DRIVERS\lgandmodem64.sys [x]
R3 andnetadb;ADB Interface DriverNet;c:\windows\system32\Drivers\lgandnetadb.sys;c:\windows\SYSNATIVE\Drivers\lgandnetadb.sys [x]
R3 AndNetDiag;LGE AndroidNet USB Serial Port;c:\windows\system32\DRIVERS\lgandnetdiag64.sys;c:\windows\SYSNATIVE\DRIVERS\lgandnetdiag64.sys [x]
R3 ANDNetModem;LGE AndroidNet USB Modem;c:\windows\system32\DRIVERS\lgandnetmodem64.sys;c:\windows\SYSNATIVE\DRIVERS\lgandnetmodem64.sys [x]
R3 andnetndis;LGE AndroidNet NDIS Ethernet Adapter;c:\windows\system32\DRIVERS\lgandnetndis64.sys;c:\windows\SYSNATIVE\DRIVERS\lgandnetndis64.sys [x]
R3 AVerAF35;AVerMedia A835 USB DVB-T;c:\windows\system32\Drivers\AVerAF35.sys;c:\windows\SYSNATIVE\Drivers\AVerAF35.sys [x]
R3 btwampfl;Bluetooth AMP USB Filter;c:\windows\system32\drivers\btwampfl.sys;c:\windows\SYSNATIVE\drivers\btwampfl.sys [x]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys;c:\windows\SYSNATIVE\DRIVERS\btwl2cap.sys [x]
R3 HH10Help.sys;HH10Help.sys;c:\windows\system32\drivers\HH10Help.sys;c:\windows\SYSNATIVE\drivers\HH10Help.sys [x]
R3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
R3 SymDSMon;SymDSMon;c:\windows\system32\drivers\SymDSMon.sys;c:\windows\SYSNATIVE\drivers\SymDSMon.sys [x]
R3 SYMSpeedDisk;SYMSpeedDisk;c:\windows\system32\drivers\SymSpeedDisk.sys;c:\windows\SYSNATIVE\drivers\SymSpeedDisk.sys [x]
R3 vcd9bus;Virtual CD v9 Bus Enumerator;c:\windows\system32\DRIVERS\vcd9bus.sys;c:\windows\SYSNATIVE\DRIVERS\vcd9bus.sys [x]
R3 VcmINSMgr;VAIO Content Metadata Intelligent Network Service Manager;c:\program files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe;c:\program files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe [x]
R3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;c:\program files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe;c:\program files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys;c:\windows\SYSNATIVE\Drivers\PxHlpa64.sys [x]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NISx64\1404000.028\SYMDS64.SYS;c:\windows\SYSNATIVE\drivers\NISx64\1404000.028\SYMDS64.SYS [x]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NISx64\1404000.028\SYMEFA64.SYS;c:\windows\SYSNATIVE\drivers\NISx64\1404000.028\SYMEFA64.SYS [x]
S1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.3.1.22\Definitions\BASHDefs\20131203.001\BHDrvx64.sys;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.3.1.22\Definitions\BASHDefs\20131203.001\BHDrvx64.sys [x]
S1 ccSet_NIS;Norton Internet Security Settings Manager;c:\windows\system32\drivers\NISx64\1404000.028\ccSetx64.sys;c:\windows\SYSNATIVE\drivers\NISx64\1404000.028\ccSetx64.sys [x]
S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.3.1.22\Definitions\IPSDefs\20131206.001\IDSvia64.sys;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.3.1.22\Definitions\IPSDefs\20131206.001\IDSvia64.sys [x]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NISx64\1404000.028\Ironx64.SYS;c:\windows\SYSNATIVE\drivers\NISx64\1404000.028\Ironx64.SYS [x]
S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\NISx64\1404000.028\SYMNETS.SYS;c:\windows\SYSNATIVE\Drivers\NISx64\1404000.028\SYMNETS.SYS [x]
S1 vdrv1000;vdrv1000;c:\windows\system32\DRIVERS\vdrv1000.sys;c:\windows\SYSNATIVE\DRIVERS\vdrv1000.sys [x]
S2 ALDITALKVerbindungsassistent_Service;ALDITALKVerbindungsassistent_Service;c:\programme corinna\Medion\ALDITALKVerbindungsassistent_Service.exe;c:\programme corinna\Medion\ALDITALKVerbindungsassistent_Service.exe [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 AVerRemote;AVerRemote;c:\program files (x86)\Common Files\AVerMedia\Service\AVerRemote.exe;c:\program files (x86)\Common Files\AVerMedia\Service\AVerRemote.exe [x]
S2 AVerScheduleService;AVerScheduleService;c:\program files (x86)\Common Files\AVerMedia\Service\AVerScheduleService.exe;c:\program files (x86)\Common Files\AVerMedia\Service\AVerScheduleService.exe [x]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [x]
S2 DiskDoctorService;Norton Disk Doctor Service;c:\programme corinna\Norton Utilities 15\Tools\Disk Doctor\DiskDoctorSrv.exe;c:\programme corinna\Norton Utilities 15\Tools\Disk Doctor\DiskDoctorSrv.exe [x]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
S2 NIS;Norton Internet Security;c:\program files (x86)\Norton Internet Security\Engine\20.4.0.40\ccSvcHst.exe;c:\program files (x86)\Norton Internet Security\Engine\20.4.0.40\ccSvcHst.exe [x]
S2 NOBU;Norton Online Backup;c:\program files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe SERVICE;c:\program files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe SERVICE [x]
S2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;c:\program files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe;c:\program files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe [x]
S2 rimspci;rimspci;c:\windows\system32\drivers\rimssne64.sys;c:\windows\SYSNATIVE\drivers\rimssne64.sys [x]
S2 risdsnpe;risdsnpe;c:\windows\system32\DRIVERS\risdsne64.sys;c:\windows\SYSNATIVE\DRIVERS\risdsne64.sys [x]
S2 SampleCollector;VAIO Care Performance Service;c:\program files\Sony\VAIO Care\VCPerfService.exe;c:\program files\Sony\VAIO Care\VCPerfService.exe [x]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [x]
S2 SOHCImp;VAIO Media plus Content Importer;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe [x]
S2 SOHDms;VAIO Media plus Digital Media Server;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe [x]
S2 SOHDs;VAIO Media plus Device Searcher;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe [x]
S2 SpeedDiskService;Norton SpeedDisk Service;c:\programme corinna\Norton Utilities 15\Tools\SpeedDisk\SpeedDiskSrv.exe;c:\programme corinna\Norton Utilities 15\Tools\SpeedDisk\SpeedDiskSrv.exe [x]
S2 uCamMonitor;CamMonitor;c:\program files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe;c:\program files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe [x]
S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
S2 VAIO Power Management;VAIO Power Management;c:\program files\Sony\VAIO Power Management\SPMService.exe;c:\program files\Sony\VAIO Power Management\SPMService.exe [x]
S2 VC10SecS;Virtual CD v10 Management Service;c:\programme corinna\System\VC10SecS.exe;c:\programme corinna\System\VC10SecS.exe [x]
S2 VCFw;VAIO Content Folder Watcher;c:\program files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe;c:\program files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [x]
S2 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;c:\program files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe;c:\program files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [x]
S2 VSNService;VSNService;c:\program files\Sony\VAIO Smart Network\VSNService.exe;c:\program files\Sony\VAIO Smart Network\VSNService.exe [x]
S3 ArcSoftKsUFilter;ArcSoft Magic-I Visual Effect;c:\windows\system32\DRIVERS\ArcSoftKsUFilter.sys;c:\windows\SYSNATIVE\DRIVERS\ArcSoftKsUFilter.sys [x]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [x]
S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\drivers\HECIx64.sys;c:\windows\SYSNATIVE\drivers\HECIx64.sys [x]
S3 Impcd;Impcd;c:\windows\system32\drivers\Impcd.sys;c:\windows\SYSNATIVE\drivers\Impcd.sys [x]
S3 LgBttPort;LGE Bluetooth TransPort;c:\windows\system32\DRIVERS\lgbtpt64.sys;c:\windows\SYSNATIVE\DRIVERS\lgbtpt64.sys [x]
S3 lgbusenum;LG Bluetooth Bus Enumerator;c:\windows\system32\DRIVERS\lgbtbs64.sys;c:\windows\SYSNATIVE\DRIVERS\lgbtbs64.sys [x]
S3 LGVMODEM;LGE Virtual Modem;c:\windows\system32\DRIVERS\lgvmdm64.sys;c:\windows\SYSNATIVE\DRIVERS\lgvmdm64.sys [x]
S3 SFEP;Sony Firmware Extension Parser;c:\windows\system32\drivers\SFEP.sys;c:\windows\SYSNATIVE\drivers\SFEP.sys [x]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftfslh.sys [x]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftplaylh.sys [x]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftredirlh.sys [x]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftvollh.sys [x]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [x]
S3 SpfService;VAIO Entertainment Common Service;c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe;c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe [x]
S3 vcd10bus;Virtual CD v10 Bus Enumerator;c:\windows\system32\DRIVERS\vcd10bus.sys;c:\windows\SYSNATIVE\DRIVERS\vcd10bus.sys [x]
S3 VCService;VCService;c:\program files\Sony\VAIO Care\VCService.exe;c:\program files\Sony\VAIO Care\VCService.exe [x]
S3 VUAgent;VUAgent;c:\program files\Sony\VAIO Update\VUAgent.exe;c:\program files\Sony\VAIO Update\VUAgent.exe [x]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys;c:\windows\SYSNATIVE\DRIVERS\yk62x64.sys [x]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - WS2IFSL
.
Inhalt des "geplante Tasks" Ordners
.
2013-12-08 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-02-24 15:03]
.
2013-12-08 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3329411121-3798481853-334450376-1000Core.job
- c:\users\Corinna\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-06-23 12:14]
.
2013-12-08 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3329411121-3798481853-334450376-1000UA.job
- c:\users\Corinna\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-06-23 12:14]
.
2013-12-08 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-07-30 13:40]
.
2013-12-08 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-07-30 13:40]
.
2013-12-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3329411121-3798481853-334450376-1000Core.job
- c:\users\Corinna\AppData\Local\Google\Update\GoogleUpdate.exe [2011-10-07 18:31]
.
2013-12-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3329411121-3798481853-334450376-1000UA.job
- c:\users\Corinna\AppData\Local\Google\Update\GoogleUpdate.exe [2011-10-07 18:31]
.
2013-12-08 c:\windows\Tasks\NUSchedule.job
- c:\programme corinna\Norton Utilities 15\nu.exe [2012-03-09 10:17]
.
2013-12-08 c:\windows\Tasks\Plus-HD-3.8-chromeinstaller.job
- c:\program files (x86)\Plus-HD-3.8\Plus-HD-3.8-chromeinstaller.exe [2013-10-17 19:59]
.
2013-12-08 c:\windows\Tasks\Plus-HD-3.8-codedownloader.job
- c:\program files (x86)\Plus-HD-3.8\Plus-HD-3.8-codedownloader.exe [2013-10-17 19:59]
.
2013-12-08 c:\windows\Tasks\Plus-HD-3.8-enabler.job
- c:\program files (x86)\Plus-HD-3.8\Plus-HD-3.8-enabler.exe [2013-10-17 19:59]
.
2013-12-08 c:\windows\Tasks\Plus-HD-3.8-firefoxinstaller.job
- c:\program files (x86)\Plus-HD-3.8\Plus-HD-3.8-firefoxinstaller.exe [2013-10-17 19:59]
.
2013-12-08 c:\windows\Tasks\Plus-HD-3.8-updater.job
- c:\program files (x86)\Plus-HD-3.8\Plus-HD-3.8-updater.exe [2013-10-17 19:59]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\0_OneComOverlayIcon1]
@="{8EB87237-AF50-46D3-B170-435F51B6E158}"
[HKEY_CLASSES_ROOT\CLSID\{8EB87237-AF50-46D3-B170-435F51B6E158}]
2013-09-02 09:03	159744	----a-w-	c:\program files (x86)\OnecomCloudDrive\Extensions\OneComOverlayIcons.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\0_OneComOverlayIcon2]
@="{50C3B26A-0BAC-48A9-BA48-3E0FBE1E5275}"
[HKEY_CLASSES_ROOT\CLSID\{50C3B26A-0BAC-48A9-BA48-3E0FBE1E5275}]
2013-09-02 09:03	159744	----a-w-	c:\program files (x86)\OnecomCloudDrive\Extensions\OneComOverlayIcons.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\0_OneComOverlayIcon3]
@="{680C2705-E060-4AED-846C-40F1B1F253BD}"
[HKEY_CLASSES_ROOT\CLSID\{680C2705-E060-4AED-846C-40F1B1F253BD}]
2013-09-02 09:03	159744	----a-w-	c:\program files (x86)\OnecomCloudDrive\Extensions\OneComOverlayIcons.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-05-31 10775584]
"RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2010-05-31 2040352]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://my-startpage.net/?referer=32197
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = <local>
mSearchAssistant = hxxp://search.babylon.com/?babsrc=SP_ss&q={searchTerms}&mntrId=eaba9015000000000000000000000000&tlver=1.4.19.19&affID=17162
IE: Nach Microsoft E&xcel exportieren - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: {{7B499570-29C5-4a80-9F57-94A420D140CE} - {C8FA495F-F131-42B0-8AB8-B119A674AF8E} -
TCP: DhcpNameServer = 192.168.43.1
DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} - hxxp://game.zylom.com/activex/zylomgamesplayer.cab
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
HKLM-Run-Apoint - c:\program files (x86)\Apoint\Apoint.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\NIS]
"ImagePath"="\"c:\program files (x86)\Norton Internet Security\Engine\20.4.0.40\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files (x86)\Norton Internet Security\Engine\20.4.0.40\diMaster.dll\" /prefetch:1"
--
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\SampleCollector]
"ImagePath"="\"c:\program files\Sony\VAIO Care\VCPerfService.exe\" \"/service\" \"/sstates\" \"/sampleinterval=5000\" \"/procinterval=5\" \"/dllinterval=120\" \"/counter=\Processor(_Total)\% Processor Time:1/counter=\PhysicalDisk(_Total)\Disk Bytes/sec:1\" \"/counter=\Network Interface(*)\Bytes Total/sec:1\" \"/expandcounter=\Processor Information(*)\Processor Frequency:1\" \"/expandcounter=\Processor(*)\% Idle Time:1\" \"/expandcounter=\Processor(*)\% C1 Time:1\" \"/expandcounter=\Processor(*)\% C2 Time:1\" \"/expandcounter=\Processor(*)\% C3 Time:1\" \"/expandcounter=\Processor(*)\% Processor Time:1\" \"/directory=c:\programdata\Sony Corporation\VAIO Care\inteldata\""
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\vdrv1000]
"ImagePath"="system32\DRIVERS\vdrv1000.sys"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_117_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_117_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_117_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_117_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*]
@="?????????????????? v1"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*\CLSID]
@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*]
@="?????????????????? v2"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*\CLSID]
@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0007\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0009\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0010\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0016\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
c:\programme corinna\Norton Utilities 15\Tools\Disk Doctor\DiskDoctorSrvProxy.exe
c:\programme corinna\Norton Utilities 15\Tools\SpeedDisk\SpeedDiskSrvProxy.exe
c:\program files (x86)\Sony\VAIO Event Service\VESMgr.exe
c:\windows\SysWOW64\DllHost.exe
c:\program files (x86)\Sony\VAIO Event Service\VESMgrSub.exe
c:\windows\SysWOW64\RunDll32.exe
c:\programme corinna\System\VC10Tray.exe
c:\program files (x86)\OnecomCloudDrive\Dlls\OnecomCloudDrive.exe
c:\program files\Sony\VAIO Care\listener.exe
c:\program files\Sony\VAIO Personalization Manager\VpmIfPav.exe
c:\program files (x86)\Internet Explorer\IELowutil.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2013-12-08  21:03:57 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2013-12-08 20:03
.
Vor Suchlauf: 16 Verzeichnis(se), 166.892.154.880 Bytes frei
Nach Suchlauf: 23 Verzeichnis(se), 166.716.710.912 Bytes frei
.
- - End Of File - - C21FCD19662A576AE618ED535DA04962
         


Alt 09.12.2013, 23:12   #6
Corinna2010
 
Trojaner? Logfile ist vorhanden - Standard

Trojaner? Logfile ist vorhanden



Das Problem mit dieser ominösen Seite besteht noch immer

Alt 10.12.2013, 09:35   #7
Psychotic
/// Malwareteam
 
Trojaner? Logfile ist vorhanden - Standard

Trojaner? Logfile ist vorhanden



Schritt 1: Programme deinstallieren
  • Klicke Start-->Systemsteuerung.
  • Öffne Programme und Funktionen.
  • Suche und deinstalliere folgende Einträge:
    Zitat:
    Plus-HD-3.8
  • Schließe das Fenster.





Schritt 2: CF-Script


Hinweis für Mitleser:
Folgendes ComboFix Skript ist ausschließlich für diesen User in dieser Situtation erstellt worden.
Auf keinen Fall auf anderen Rechnern anwenden, das kann andere Systeme nachhaltig schädigen!


Downloade die angehängte CFScript.txt und speichere sie an den gleichen Ort, an dem du Combofix.exe abgelegt hast (sollte der Desktop sein)

Wichtig:
  • Stelle deine Anti Viren Software temporär ab. Dies kann ComboFix nämlich bei der Arbeit behindern.
    Danach wieder anstellen nicht vergessen!
  • Bewege nicht die Maus über das ComboFix-Fenster oder klicke in dieses hinein.
    Dies kann dazu führen, dass ComboFix sich aufhängt.
  • Schließe alle laufenden Programme. Gehe sicher das ComboFix ungehindert arbeiten kann.
  • Mache nichts am PC solange ComboFix läuft.
  • In Bezug auf obiges Bild, ziehe CFScript.txt in die ComboFix.exe
  • Wenn ComboFix fertig ist, wird es ein Log erstellen, C:\ComboFix.txt. Bitte füge es hier als Antwort ein.
Falls im Skript die Anweisung Suspect:: oder Collect:: enthalten ist, wird eine Message-Box erscheinen, nachdem Combofix fertig ist. Klicke OK und folge den Aufforderungen/Anweisungen, um die Dateien hochzuladen.


Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Zitat:
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.





Schritt 3: MBAM

Downloade Dir bitte Malwarebytes
  • Installiere das Programm in den vorgegebenen Pfad.
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Starte Malwarebytes, klicke auf Aktualisierung --> Suche nach Aktualisierung
  • Wenn das Update beendet wurde, aktiviere Vollständigen Scan durchführen und drücke auf Scannen.(Hinweis: Alle Festplatten anhaken!
  • Wenn der Scan beendet ist, klicke auf Ergebnisse anzeigen.
  • Versichere Dich, dass alle Funde markiert sind und drücke Entferne Auswahl.
  • Poste das Logfile, welches sich in Notepad öffnet, hier in den Thread.
  • Nachträglich kannst du den Bericht unter "Log Dateien" finden.
Angehängte Dateien
Dateityp: txt CFScript.txt (597 Bytes, 107x aufgerufen)
__________________
Kein Asylrecht für Trojaner!

Proud Member of UNITE

Hinweis: Ich bin nur werktags erreichbar!
Anfragen über PM werden ignoriert!

Du bist zufrieden mit uns? Dann unterstütze das Trojaner-Board!

Antwort

Themen zu Trojaner? Logfile ist vorhanden
acrobat update, adobe, adobe flash player, bho, explorer, flash player, google, hijack, hijackthis, hijackthis logfile, internet, internet explorer, logfile, monitor, performance, programme, rundll, security, software, symantec, system, temp, trojaner, trojaner?, windows, wmp



Ähnliche Themen: Trojaner? Logfile ist vorhanden


  1. KOBIK-Trojaner eingefangen.. FRST-Logfile bereits vorhanden
    Plagegeister aller Art und deren Bekämpfung - 03.10.2013 (12)
  2. Win7: GVU Trojaner, Abgesicherter Modus sowie Booten von USB und CD nicht möglich, FRST Logfile vorhanden
    Log-Analyse und Auswertung - 29.08.2013 (21)
  3. Browser ge-hijacked (Logfile Auswertung ist vorhanden)
    Log-Analyse und Auswertung - 23.10.2012 (2)
  4. Trojaner (Bundespolizei, Ukash) auf WinXP - OTL logfile vorhanden
    Plagegeister aller Art und deren Bekämpfung - 21.08.2012 (6)
  5. Trojaner, weißer Bildschirm, auch abgesicherter Modus (OTL Logfile bereits vorhanden)
    Log-Analyse und Auswertung - 18.08.2012 (9)
  6. Bundestrojaner evtl . noch vorhanden, ComboFix + Malwarebytes ausgeführt, Logfiles vorhanden
    Log-Analyse und Auswertung - 28.07.2012 (5)
  7. BKA Trojaner 3.04 Systemwiederherstellung aktiviert noch Reste vom Trojaner vorhanden ?
    Log-Analyse und Auswertung - 09.04.2012 (22)
  8. Bundespolizei / UKash Virus, OTL Logfile bereits vorhanden...
    Log-Analyse und Auswertung - 28.10.2011 (42)
  9. Internet wird extrem langsam (von 1,5MB auf 100-200KB) Logfile vorhanden
    Log-Analyse und Auswertung - 21.10.2011 (1)
  10. Alle Fotos weg, wie bekomm ich Trojaner weg - Logfile vorhanden
    Log-Analyse und Auswertung - 04.09.2010 (10)
  11. IE öffnet sich von alleine und zeigt Werbung an....Hijackthis-Logfile vorhanden!
    Log-Analyse und Auswertung - 21.07.2010 (3)
  12. Trojaner nach Formatierung immer noch vorhanden- Trojaner auf externer HD?
    Plagegeister aller Art und deren Bekämpfung - 30.12.2009 (11)
  13. Ungewollte Werbefenster trotz mehrer Malware Scans!! HJT-Logfile & Navilog1 vorhanden
    Log-Analyse und Auswertung - 29.11.2008 (1)
  14. Ständiges WINDOWS SECURITY ALERT: Wie entferne ich diesen Trojaner? Logfile vorhanden
    Plagegeister aller Art und deren Bekämpfung - 01.08.2008 (7)
  15. spools.exe (LogFile vorhanden)
    Log-Analyse und Auswertung - 04.04.2008 (6)
  16. Problem mit smitfraud.c, logfile und smitfile vorhanden!
    Log-Analyse und Auswertung - 30.01.2008 (7)
  17. ein weiterer DAU ersucht um Hiiiilfe, LogFile vorhanden,
    Log-Analyse und Auswertung - 18.01.2005 (7)

Zum Thema Trojaner? Logfile ist vorhanden - Hallo, bis gestern hat sich bei bei mir ständig eine Seite geöffnet, nämlich hxxp://static.icmapp.com/blank.html#%7B%22ad_type%22%3A%22window%22%2C%22percent%22%3A50%2C%22size%22%3A%5B%7B%22percent%22%3A50%2C%22width%22%3A800%2C%22height%22%3A440%7D%2C %7B%22percent%22%3A50%2C%22width%22%3A1200%2C%22height%22%3A900%7D%5D%2C%22ad_width%22%3A800%2C%22ad_height%22%3A440%7D da mir das erst mit einem Java update passierte, hab ich java erstmal deinstalliert. Vor - Trojaner? Logfile ist vorhanden...
Archiv
Du betrachtest: Trojaner? Logfile ist vorhanden auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.