Trojaner-Board - Trojaner Sparkasse Allgäu

Trojaner-Board (https://www.trojaner-board.de/)

- Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)

- - Trojaner Sparkasse Allgäu (https://www.trojaner-board.de/156754-trojaner-sparkasse-allgaeu.html)

Trojaner Sparkasse Allgäu

Hallo, hoffe mir kann jemand helfen:
Beim letzten Überweisungsversuch bei der Sparkasse Allgäu öffnete sich ein "Demokonto" worin TANs abgefragt wurden. Trojaner? Antivir hat nichts gefunden. Norton Power Earaser hat auch nichts gefunden.
Wäre über Hilfe sehr dankbar

:hallo:

Mein Name ist Jürgen und ich werde Dir bei Deinem Problem behilflich sein. Zusammen schaffen wir das...:abklatsch:

Bitte arbeite alle Schritte der Reihe nach ab.
Lese die Anleitungen sorgfältig durch bevor Du beginnst. Wenn es Probleme gibt oder Du etwas nicht verstehst, dann stoppe mit Deiner Ausführung und beschreibe mir das Problem.
Führe bitte nur Scans durch, zu denen Du von mir aufgefordert wurdest.
Bitte kein Crossposting (posten in mehreren Foren).
Installiere oder deinstalliere während der Bereinigung keine Software, außer Du wurdest dazu aufgefordert.
Speichere alle unsere Tools auf dem Desktop ab.
Poste die Logfiles direkt in Deinen Thread in Code-Tags.
Bedenke, dass wir hier alle während unserer Freizeit tätig sind, wenn du innerhalb von 24 Stunden nichts von mir liest, dann schreibe mir bitte eine PM.

Hinweis:
Ich kann Dir niemals eine Garantie geben, dass wir alle schädlichen Dateien finden werden.
Eine Formatierung ist meist der schnellere und immer der sicherste Weg, aber auch nur bei wirklicher Malware empfehlenswert.
Adware & Co. können wir sehr gut entfernen.
Solltest Du Dich für eine Bereinigung entscheiden, arbeite solange mit, bis Du mein clean :daumenhoc bekommst.

Los geht's:

Schritt 1
http://filepony.de/icon/frst.png http://deeprybka.trojaner-board.de/b...t/frstscan.png

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop:

FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)

Starte jetzt FRST.
Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)

Lesestoff
Posten in CODE-Tags: So gehts...
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert uns massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu groß für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:

Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.

http://deeprybka.trojaner-board.de/tdss/codetags.gif

FRST Logfile:

FRST Logfile:

FRST Logfile:

Code:

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 21-07-2014

Ran by Susi- (administrator) on SUSI on 22-07-2014 13:47:31

Running from C:\Users\Susi-\Downloads

Platform: Windows 8.1 (X64) OS Language: Deutsch (Deutschland)

Internet Explorer Version 11

Boot Mode: Normal
 
 

==================== Processes (Whitelisted) =================
 

(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Control Center\NetworkSetting\NetworkClient.exe

(Intel Corporation) C:\Program Files\Sony\VAIO Care\ESRV\esrv.exe

(Intel Corporation) C:\Windows\System32\igfxtray.exe

(Intel Corporation) C:\Windows\System32\hkcmd.exe

(Intel Corporation) C:\Windows\System32\igfxpers.exe

(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe

(Broadcom Corporation) C:\Program Files\Broadcom\Broadcom 802.11 Network Adapter\WLTRAY.EXE

(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe

(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

(SEIKO EPSON CORPORATION) C:\Windows\System32\spool\drivers\x64\3\E_IATIIKE.EXE

(Intel Corporation) C:\Windows\System32\igfxsrvc.exe

(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe

(Sony Corporation) C:\Program Files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe

(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe

(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe

() C:\Program Files\Sony\VAIO Care\listener.exe

(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe

(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Control Center\vim.exe

(Sony Corporation) C:\Program Files\Sony\VAIO Care\VCSystemTray.exe

(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe

(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe

(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe
 
 

==================== Registry (Whitelisted) ==================
 

HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1381744 2014-02-20] (Realtek Semiconductor)

HKLM\...\Run: [Broadcom Wireless Manager UI] => C:\Program Files\Broadcom\Broadcom 802.11 Network Adapter\WLTRAY.exe [10590208 2013-03-14] (Broadcom Corporation)

HKLM\...\Run: [Bluetooth] => C:\Program Files\WIDCOMM\Bluetooth Software\bttray.exe [526704 2012-12-14] (Broadcom Corporation.)

HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3039984 2013-03-14] (Synaptics Incorporated)

HKLM-x32\...\Run: [PMBVolumeWatcher] => C:\Program Files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe [740376 2013-02-06] (Sony Corporation)

HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)

HKLM-x32\...\Run: [Intel AppUp(R) center] => C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe [156000 2013-02-19] (Intel Corporation)

HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [750160 2014-07-12] (Avira Operations GmbH & Co. KG)

HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-05-26] (Apple Inc.)

HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-07-11] (Oracle Corporation)

Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)

HKU\S-1-5-21-1257074523-2441018885-1819162988-1001\...\Run: [EPLTarget\P0000000000000000] => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_IATIIKE.EXE [283232 2012-10-24] (SEIKO EPSON CORPORATION)

HKU\S-1-5-21-1257074523-2441018885-1819162988-1001\...\Run: [AmazonMP3DownloaderHelper] => C:\Users\Susi-\AppData\Local\Program Files\Amazon\MP3 Downloader\AmazonMP3DownloaderHelper.exe 

HKU\S-1-5-21-1257074523-2441018885-1819162988-1001\...\Run: [YhhPack Update] => regsvr32.exe 
 

==================== Internet (Whitelisted) ====================
 

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.web.de/

HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://sony13.msn.com

HKCU\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://vaioportal.sony.eu

HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie

HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie

SearchScopes: HKCU - {050147D7-80C4-4EF7-A6E6-2CD5856ACBBF} URL = hxxp://rover.ebay.com/rover/1/707-37276-16609-27/4?mpre=hxxp://shop.ebay.de/?oemInLn=ieSrch-&_nkw={searchTerms}

SearchScopes: HKCU - {56AF630B-6638-4CF3-B388-4AE452CC09BC} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MASEJS

BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)

BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File

Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
 

FireFox:

========

FF ProfilePath: C:\Users\Susi-\AppData\Roaming\Mozilla\Firefox\Profiles\zahruggu.default

FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF64_12_0_0_77.dll ()

FF Plugin: @java.com/DTPlugin,version=10.13.2 - C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)

FF Plugin-x32: @adobe.com/FlashPlayer - C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_77.dll ()

FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()

FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 - C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)

FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)

FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)

FF Plugin-x32: @java.com/DTPlugin,version=10.65.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)

FF Plugin-x32: @java.com/JavaPlugin,version=10.65.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

FF Plugin-x32: @mcafee.com/McAfeeMssPlugin - C:\Program Files (x86)\Sony\MSS\3.8.130\npMcAfeeMss.dll No File

FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 - C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()

FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF Plugin HKCU: intel.com/AppUp - C:\Program Files (x86)\Intel\IntelAppStore\bin\npAppUp.dll (Intel)

FF Plugin HKCU: intel.com/AppUpx64 - C:\Program Files (x86)\Intel\IntelAppStore\bin\npAppUp_x64.dll (Intel)

FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml

FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml

FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml

FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml

FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK
 

Chrome: 

=======

CHR Extension: (Google Wallet) - C:\Users\Susi-\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-01-20]
 

==================== Services (Whitelisted) =================
 

R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [430160 2014-07-12] (Avira Operations GmbH & Co. KG)

R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [430160 2014-07-12] (Avira Operations GmbH & Co. KG)

R2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe [1039952 2014-05-15] (Avira Operations GmbH & Co. KG)

S2 BcmBtRSupport; C:\Windows\system32\BtwRSupportService.exe [2252504 2013-09-04] (Broadcom Corporation.)

R2 EpsonScanSvc; C:\Windows\system32\EscSvc64.exe [135824 2011-12-12] (Seiko Epson Corporation)

R2 ESRV_SVC; C:\Program Files\Sony\VAIO Care\ESRV\esrv_svc.exe [377768 2013-11-19] (Intel Corporation)

R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [129824 2013-01-23] (Intel Corporation)

R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [166688 2013-01-23] (Intel Corporation)

S3 McComponentHostServiceSony; C:\Program Files (x86)\Sony\MSS\3.8.130\McCHSvc.exe [235216 2013-10-16] (McAfee, Inc.)

S3 NetworkSupport; C:\Program Files (x86)\Sony\VAIO Control Center\NetworkSetting\NetworkSupport.exe [629336 2013-09-28] (Sony Corporation)

R2 PMBDeviceInfoProvider; C:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe [483864 2013-02-06] (Sony Corporation)

R2 SampleCollector; C:\Program Files\Sony\VAIO Care\VCPerfService.exe [266168 2013-11-19] (Intel Corporation)

S3 USER_ESRV_SVC; C:\Program Files\Sony\VAIO Care\ESRV\esrv_svc.exe [377768 2013-11-19] (Intel Corporation)

S3 VCFw; C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [972000 2013-01-06] (Sony Corporation)

R3 VUAgent; C:\Program Files\Sony\VAIO Update\vuagent.exe [1642544 2014-02-27] (Sony Corporation)

S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347880 2014-03-24] (Microsoft Corporation)

S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2014-03-24] (Microsoft Corporation)

R2 wltrysvc; C:\Program Files\Broadcom\Broadcom 802.11 Network Adapter\bcmwltry.exe [6070272 2013-03-14] (Broadcom Corporation) [File not signed]
 

==================== Drivers (Whitelisted) ====================
 

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [117712 2014-07-12] (Avira Operations GmbH & Co. KG)

R1 avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [130584 2014-05-15] (Avira Operations GmbH & Co. KG)

R1 avkmgr; C:\Windows\system32\DRIVERS\avkmgr.sys [28600 2013-12-09] (Avira Operations GmbH & Co. KG)

R2 avnetflt; C:\Windows\system32\DRIVERS\avnetflt.sys [84720 2013-12-09] (Avira Operations GmbH & Co. KG)

R3 bcbtums; C:\Windows\system32\drivers\bcbtums.sys [170712 2013-09-04] (Broadcom Corporation.)

R3 BCM43XX; C:\Windows\system32\DRIVERS\bcmwl63a.sys [6971056 2013-03-14] (Broadcom Corporation)

R3 BthLEEnum; C:\Windows\System32\drivers\BthLEEnum.sys [226304 2013-12-04] (Microsoft Corporation)

R3 semav6thermal64ro; C:\WINDOWS\system32\drivers\semav6thermal64ro.sys [13792 2014-04-26] ()

R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [33008 2013-03-14] (Synaptics Incorporated)

R0 SMR410; C:\Windows\System32\drivers\SMR410.SYS [96856 2014-07-22] (Symantec Corporation)

S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [123224 2014-03-24] (Microsoft Corporation)
 

==================== NetSvcs (Whitelisted) ===================
 
 

==================== One Month Created Files and Folders ========
 

2014-07-22 13:47 - 2014-07-22 13:47 - 00011873 _____ () C:\Users\Susi-\Downloads\FRST.txt

2014-07-22 13:46 - 2014-07-22 13:47 - 05562504 _____ (Swearware) C:\Users\Susi-\Downloads\ComboFix.exe

2014-07-22 13:45 - 2014-07-22 13:47 - 00000000 ____D () C:\FRST

2014-07-22 13:44 - 2014-07-22 13:44 - 00272808 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\javaws.exe

2014-07-22 13:44 - 2014-07-22 13:44 - 00175528 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\javaw.exe

2014-07-22 13:44 - 2014-07-22 13:44 - 00175528 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\java.exe

2014-07-22 13:44 - 2014-07-22 13:44 - 00098216 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-32.dll

2014-07-22 13:44 - 2014-07-22 13:44 - 00000000 ____D () C:\ProgramData\Oracle

2014-07-22 13:44 - 2014-07-22 13:44 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java

2014-07-22 13:44 - 2014-07-22 13:44 - 00000000 ____D () C:\Program Files (x86)\Java

2014-07-22 13:43 - 2014-07-22 13:44 - 02090496 _____ (Farbar) C:\Users\Susi-\Downloads\FRST64.exe

2014-07-22 13:40 - 2014-07-22 13:40 - 316814968 _____ () C:\Users\Susi-\Downloads\rescue-system.iso.part

2014-07-22 13:40 - 2014-07-22 13:40 - 00000000 _____ () C:\Users\Susi-\Downloads\rescue-system.iso

2014-07-22 13:38 - 2014-07-22 13:38 - 00918440 _____ (Oracle Corporation) C:\Users\Susi-\Downloads\jxpiinstall.exe

2014-07-22 13:27 - 2014-07-22 13:28 - 00000000 ____D () C:\NPE

2014-07-22 13:24 - 2014-07-22 13:38 - 00000000 ____D () C:\Users\Susi-\AppData\Local\NPE

2014-07-22 13:24 - 2014-07-22 13:24 - 00096856 _____ (Symantec Corporation) C:\WINDOWS\system32\Drivers\SMR410.SYS

2014-07-22 13:24 - 2014-07-22 13:24 - 00000000 ____D () C:\ProgramData\Norton

2014-07-22 13:23 - 2014-07-22 13:23 - 03081712 ____N (Symantec Corporation) C:\Users\Susi-\Downloads\NPE.exe

2014-06-29 14:14 - 2014-06-29 14:14 - 00000000 ____D () C:\Users\HomeGroupUser$\AppData\Local\Packages

2014-06-29 14:14 - 2014-06-29 14:14 - 00000000 ____D () C:\Users\HomeGroupUser$

2014-06-29 14:14 - 2014-06-29 14:14 - 00000000 ____D () C:\Users\Gast\AppData\Local\Packages

2014-06-29 14:14 - 2014-06-29 14:14 - 00000000 ____D () C:\Users\Gast

2014-06-29 14:14 - 2014-06-29 14:14 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Packages

2014-06-29 14:14 - 2014-06-29 14:14 - 00000000 ____D () C:\Users\Administrator

2014-06-29 14:08 - 2014-06-29 14:08 - 00000998 _____ () C:\Users\Public\Desktop\VAIO Update.lnk

2014-06-29 14:08 - 2014-06-29 14:08 - 00000998 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VAIO Update.lnk
 

==================== One Month Modified Files and Folders =======
 

2014-07-22 13:47 - 2014-07-22 13:47 - 00011873 _____ () C:\Users\Susi-\Downloads\FRST.txt

2014-07-22 13:47 - 2014-07-22 13:46 - 05562504 _____ (Swearware) C:\Users\Susi-\Downloads\ComboFix.exe

2014-07-22 13:47 - 2014-07-22 13:45 - 00000000 ____D () C:\FRST

2014-07-22 13:46 - 2013-12-20 18:54 - 00003598 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1257074523-2441018885-1819162988-1001

2014-07-22 13:44 - 2014-07-22 13:44 - 00272808 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\javaws.exe

2014-07-22 13:44 - 2014-07-22 13:44 - 00175528 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\javaw.exe

2014-07-22 13:44 - 2014-07-22 13:44 - 00175528 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\java.exe

2014-07-22 13:44 - 2014-07-22 13:44 - 00098216 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-32.dll

2014-07-22 13:44 - 2014-07-22 13:44 - 00000000 ____D () C:\ProgramData\Oracle

2014-07-22 13:44 - 2014-07-22 13:44 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java

2014-07-22 13:44 - 2014-07-22 13:44 - 00000000 ____D () C:\Program Files (x86)\Java

2014-07-22 13:44 - 2014-07-22 13:43 - 02090496 _____ (Farbar) C:\Users\Susi-\Downloads\FRST64.exe

2014-07-22 13:44 - 2013-11-01 11:11 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information

2014-07-22 13:40 - 2014-07-22 13:40 - 316814968 _____ () C:\Users\Susi-\Downloads\rescue-system.iso.part

2014-07-22 13:40 - 2014-07-22 13:40 - 00000000 _____ () C:\Users\Susi-\Downloads\rescue-system.iso

2014-07-22 13:38 - 2014-07-22 13:38 - 00918440 _____ (Oracle Corporation) C:\Users\Susi-\Downloads\jxpiinstall.exe

2014-07-22 13:38 - 2014-07-22 13:24 - 00000000 ____D () C:\Users\Susi-\AppData\Local\NPE

2014-07-22 13:34 - 2014-04-07 13:51 - 00000000 ____D () C:\Users\Susi-\AppData\Roaming\Amazon

2014-07-22 13:34 - 2014-04-07 13:47 - 00000000 ____D () C:\Users\Susi-\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Amazon

2014-07-22 13:31 - 2014-02-16 06:04 - 01652067 _____ () C:\WINDOWS\WindowsUpdate.log

2014-07-22 13:28 - 2014-07-22 13:27 - 00000000 ____D () C:\NPE

2014-07-22 13:27 - 2013-08-22 16:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT

2014-07-22 13:26 - 2013-08-22 15:25 - 00262144 ___SH () C:\WINDOWS\system32\config\BBI

2014-07-22 13:24 - 2014-07-22 13:24 - 00096856 _____ (Symantec Corporation) C:\WINDOWS\system32\Drivers\SMR410.SYS

2014-07-22 13:24 - 2014-07-22 13:24 - 00000000 ____D () C:\ProgramData\Norton

2014-07-22 13:23 - 2014-07-22 13:23 - 03081712 ____N (Symantec Corporation) C:\Users\Susi-\Downloads\NPE.exe

2014-07-22 13:10 - 2014-02-17 16:44 - 00003914 _____ () C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{C7F60A85-E73B-43D2-8F59-55EA008F6EB1}

2014-07-22 13:00 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\system32\sru

2014-07-21 19:24 - 2012-07-26 10:12 - 00000000 ____D () C:\WINDOWS\LiveKernelReports

2014-07-17 19:59 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\AppReadiness

2014-07-14 14:12 - 2012-07-26 09:59 - 00000000 ____D () C:\WINDOWS\CbsTemp

2014-07-14 14:03 - 2014-01-17 16:29 - 00000000 ____D () C:\Users\Susi-\AppData\Local\YhhPack

2014-07-14 13:53 - 2014-03-22 11:40 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service

2014-07-14 13:53 - 2013-11-14 00:18 - 00008850 _____ () C:\WINDOWS\PFRO.log

2014-07-14 13:47 - 2013-12-20 18:38 - 00000000 ____D () C:\Users\Susi-\AppData\Roaming\Sony Corporation

2014-07-12 21:21 - 2013-12-20 19:15 - 00117712 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avgntflt.sys

2014-07-12 19:55 - 2013-11-14 09:27 - 01776918 _____ () C:\WINDOWS\system32\PerfStringBackup.INI

2014-07-12 19:55 - 2013-11-14 09:11 - 00765582 _____ () C:\WINDOWS\system32\perfh007.dat

2014-07-12 19:55 - 2013-11-14 09:11 - 00159366 _____ () C:\WINDOWS\system32\perfc007.dat

2014-06-30 11:10 - 2013-12-20 18:43 - 00000000 ____D () C:\Update

2014-06-29 14:14 - 2014-06-29 14:14 - 00000000 ____D () C:\Users\HomeGroupUser$\AppData\Local\Packages

2014-06-29 14:14 - 2014-06-29 14:14 - 00000000 ____D () C:\Users\HomeGroupUser$

2014-06-29 14:14 - 2014-06-29 14:14 - 00000000 ____D () C:\Users\Gast\AppData\Local\Packages

2014-06-29 14:14 - 2014-06-29 14:14 - 00000000 ____D () C:\Users\Gast

2014-06-29 14:14 - 2014-06-29 14:14 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Packages

2014-06-29 14:14 - 2014-06-29 14:14 - 00000000 ____D () C:\Users\Administrator

2014-06-29 14:14 - 2013-11-01 10:07 - 00000000 ____D () C:\Program Files\Sony

2014-06-29 14:08 - 2014-06-29 14:08 - 00000998 _____ () C:\Users\Public\Desktop\VAIO Update.lnk

2014-06-29 14:08 - 2014-06-29 14:08 - 00000998 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VAIO Update.lnk

2014-06-29 14:08 - 2013-11-01 11:30 - 00000000 ____D () C:\WINDOWS\System32\Tasks\Sony Corporation

2014-06-29 14:08 - 2013-11-01 11:25 - 00000000 ____D () C:\ProgramData\Sony Corporation

2014-06-29 14:05 - 2014-05-15 13:09 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox.bak
 

Some content of TEMP:

====================

C:\Users\Susi-\AppData\Local\Temp\avgnt.exe
 
 

==================== Bamital & volsnap Check =================
 

C:\Windows\System32\winlogon.exe => File is digitally signed

C:\Windows\System32\wininit.exe => File is digitally signed

C:\Windows\explorer.exe => File is digitally signed

C:\Windows\SysWOW64\explorer.exe => File is digitally signed

C:\Windows\System32\svchost.exe => File is digitally signed

C:\Windows\SysWOW64\svchost.exe => File is digitally signed

C:\Windows\System32\services.exe => File is digitally signed

C:\Windows\System32\User32.dll => File is digitally signed

C:\Windows\SysWOW64\User32.dll => File is digitally signed

C:\Windows\System32\userinit.exe => File is digitally signed

C:\Windows\SysWOW64\userinit.exe => File is digitally signed

C:\Windows\System32\rpcss.dll => File is digitally signed

C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 

LastRegBack: 2014-07-20 16:57
 

==================== End Of Log ============================

--- --- ---

--- --- ---

--- --- ---

Code:

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 21-07-2014

Ran by Susi- at 2014-07-22 13:48:27

Running from C:\Users\Susi-\Downloads

Boot Mode: Normal

==========================================================
 
 

==================== Security Center ========================
 

AV: Avira Desktop (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

AS: Avira Desktop (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}

AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 

==================== Installed Programs ======================
 

Adobe Digital Editions 2.0 (HKLM-x32\...\Adobe Digital Editions 2.0) (Version: 2.0.1 - Adobe Systems Incorporated)

Adobe Flash Player 12 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 12.0.0.77 - Adobe Systems Incorporated)

Adobe Reader XI (11.0.06)  MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AB0000000001}) (Version: 11.0.06 - Adobe Systems Incorporated)

Agatha Christie - Death on the Nile (x32 Version: 2.2.0.98 - WildTangent) Hidden

Aloha TriPeaks (x32 Version: 2.2.0.98 - WildTangent) Hidden

Apple Application Support (HKLM-x32\...\{D9DAD0FF-495A-472B-9F10-BAE430A26682}) (Version: 3.0.3 - Apple Inc.)

Apple Mobile Device Support (HKLM\...\{787136D2-F0F8-4625-AA3F-72D7795AC842}) (Version: 7.1.1.3 - Apple Inc.)

Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)

Avira Free Antivirus (HKLM-x32\...\Avira AntiVir Desktop) (Version: 14.0.5.450 - Avira)

Azteca (x32 Version: 2.2.0.97 - WildTangent) Hidden

Behind The Reflection 2: Witch's Revenge (x32 Version: 3.0.2.32 - WildTangent) Hidden

Bejeweled 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden

Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)

Broadcom Wireless Utility (HKLM\...\{4CDA59B9-7AD3-4283-9F5C-BC469FF975B6}) (Version: 6.30.59.125 - Broadcom Corporation)

Build-a-lot: On Vacation (x32 Version: 2.2.0.110 - WildTangent) Hidden

Chuzzle Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden

Cut the Rope (x32 Version: 3.0.2.38 - WildTangent) Hidden

Einstellungen für VAIO Media Server (HKLM\...\{62A172B2-550E-499D-9A82-5190D18390AA}) (Version: 1.1.0.02220 - Sony Corporation)

ElsterFormular (HKLM-x32\...\ElsterFormular) (Version: 15.0.13345 - Landesfinanzdirektion Thüringen)

Enchanted Cavern 2 (x32 Version: 2.2.0.110 - WildTangent) Hidden

EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version:  - Seiko Epson Corporation)

EPSON XP-302 303 305 306 Series Printer Uninstall (HKLM\...\EPSON XP-302 303 305 306 Series) (Version:  - SEIKO EPSON Corporation)

ESDL (x32 Version: 1.0.0 - Sony Corporation) Hidden

FATE (x32 Version: 2.2.0.97 - WildTangent) Hidden

FDUx86 (x32 Version: 1.0.0 - Sony Corporation) Hidden

Heroes of Hellas 3: Athens (x32 Version: 3.0.2.32 - WildTangent) Hidden

Intel AppUp(R) center (HKLM-x32\...\Intel AppUp(R) center 41800) (Version: 3.8.0.41800.66 - Intel)

Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1281 - Intel Corporation)

Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3379 - Intel Corporation)

Intel(R) PROSet/Wireless NFC-Software (HKLM\...\Intel(R) PROSet/Wireless NFC-Software) (Version: 1.0.1.003 - Intel Corporation)

Intel(R) PROSet/Wireless NFC-Software (Version: 1.0.1.003 - Intel Corporation) Hidden

Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.6.0.1030 - Intel Corporation)

Intel(R) SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)

Intel® Trusted Connect Service Client (Version: 1.24.738.1 - Intel Corporation) Hidden

iTunes (HKLM\...\{5A68A656-979F-4168-8795-E2E368AA4DC2}) (Version: 11.2.2.3 - Apple Inc.)

Java 7 Update 65 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217065FF}) (Version: 7.0.650 - Oracle)

Java Auto Updater (x32 Version: 2.1.65.20 - Oracle, Inc.) Hidden

Lidl-Fotos (HKLM-x32\...\Lidl-Fotos_is1) (Version:  - )

Luxor HD (x32 Version: 2.2.0.110 - WildTangent) Hidden

Mahjongg Artifacts (x32 Version: 2.2.0.110 - WildTangent) Hidden

Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4454.1510 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)

Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)

Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)

Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.51106 (HKLM-x32\...\{6e8f74e0-43bd-4dce-8477-6ff6828acc07}) (Version: 11.0.51106.1 - Microsoft Corporation)

Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.51106 (Version: 11.0.51106 - Microsoft Corporation) Hidden

Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.51106 (Version: 11.0.51106 - Microsoft Corporation) Hidden

Microsoft XNA Framework Redistributable 4.0 (HKLM-x32\...\{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}) (Version: 4.0.20823.0 - Microsoft Corporation)

Mozilla Firefox 30.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 30.0 (x86 de)) (Version: 30.0 - Mozilla)

Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)

My Kingdom for the Princess 3 (x32 Version: 2.2.0.110 - WildTangent) Hidden

Mystery of Mortlake Mansion (x32 Version: 2.2.0.98 - WildTangent) Hidden

OpenOffice 4.0.1 (HKLM-x32\...\{0AEC308E-7EB3-47F7-BB59-F2C9C6166B27}) (Version: 4.01.9714 - Apache Software Foundation)

Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9 - Google, Inc.)

Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.98 - WildTangent) Hidden

PlayMemories Home (HKLM-x32\...\{1E5C7043-09C5-4974-A69F-A5271FD82BBC}) (Version: 7.0.02.14060 - Sony Corporation)

Polar Bowler (x32 Version: 2.2.0.97 - WildTangent) Hidden

Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.10.1226.2012 - Realtek)

Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7177 - Realtek Semiconductor Corp.)

Realtek PCIE Card Reader (HKLM-x32\...\{0D61A55C-3ADC-409F-BF5B-A1766D1F5944}) (Version: 6.2.9200.28135 - Realtek Semiconductor Corp.)

Restore (x32 Version: 1.0.0 - Sony Corporation) Hidden

Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)

SSLx64 (Version: 1.0.0 - Sony Corporation ) Hidden

SSLx86 (x32 Version: 1.0.0 - Sony Corporation ) Hidden

Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 16.4.0.1 - Synaptics Incorporated)

Update Installer for WildTangent Games App (x32 Version:  - WildTangent) Hidden

Vacation Quest™ - Australia (x32 Version: 3.0.2.32 - WildTangent) Hidden

VAIO - Xperia Link (HKLM-x32\...\{D91558BF-D1F3-411F-AEFE-8774CB406512}) (Version: 1.2.0.02040 - Sony Corporation)

VAIO BIOS Data Transfer Utility (x32 Version: 1.0.0.02050 - Sony Corporation) Hidden

VAIO Care (HKLM\...\{92907606-B2FC-4193-B0CE-A21159DA3ABB}) (Version: 8.4.0.14286 - Sony Corporation)

VAIO Care Recovery (HKLM\...\{15B9204E-BA09-485E-8F2C-094AC0077664}) (Version: 1.1.2.13230 - Sony Corporation)

VAIO Care-Hardwarediagnose-Plugin (HKLM-x32\...\{EC153498-00E1-4C9C-89BE-81527C6750BE}) (Version: 4.8.0.13250 - Sony Corporation)

VAIO Control Center (HKLM-x32\...\{8E797841-A110-41FD-B17A-3ABC0641187A}) (Version: 6.2.0.03070 - Sony Corporation)

VAIO Data Restore Tool (HKLM-x32\...\{57B955CE-B5D3-495D-AF1B-FAEE0540BFEF}) (Version: 1.11.0.13250 - Sony Corporation)

VAIO Gesture Control (HKLM-x32\...\{692955F2-DE9F-4078-8FAA-858D6F3A1776}) (Version: 2.2.0.01230 - Sony Corporation)

VAIO Gesture Control (x32 Version: 2.2.0.01230 - Sony Corporation) Hidden

VAIO Image Optimizer (HKLM-x32\...\InstallShield_{5597C927-029A-46A7-A0C0-8DABD9891A50}) (Version: 3.1.00.14260 - Sony Corporation)

VAIO Image Optimizer (x32 Version: 3.1.00.14260 - Sony Corporation) Hidden

VAIO Improvement (HKLM-x32\...\{3A26D9BD-0F73-432D-B522-2BA18138F7EF}) (Version: 2.2.0.01240 - Sony Corporation)

VAIO Movie Creator (HKLM-x32\...\InstallShield_{C2CC5822-32E6-4D21-88EA-DE8CED09EE2F}) (Version: 4.1.01.15140 - Sony Corporation)

VAIO Movie Creator (x32 Version: 4.1.01.15140 - Sony Corporation) Hidden

VAIO Sample Music (HKLM-x32\...\{FBEE3D44-0933-4B84-BB6A-49957F89187F}) (Version: 1.0.0.03051 - Sony Corporation)

VAIO Update (HKLM-x32\...\{9FF95DA2-7DA1-4228-93B7-DED7EC02B6B2}) (Version: 7.0.0.14270 - Sony Corporation)

VAIO*CPU-Lüfterdiagnose (HKLM-x32\...\{BCE6E3D7-B565-4E1B-AC77-F780666A35FB}) (Version: 1.2.0.03050 - Sony Corporation)

VAIO-Support für Übertragungen (HKLM-x32\...\{5DDAFB4B-C52E-468A-9E23-3B0CEEB671BF}) (Version: 1.9.0.11060 - Sony Corporation)

VCCx64 (Version: 1.0.0 - Sony Corporation) Hidden

VCCx86 (x32 Version: 1.0.0 - Sony Corporation) Hidden

VHD (x32 Version: 1.0.0 - Sony Corporation) Hidden

Virtual Villagers 5 - New Believers (x32 Version: 3.0.2.32 - WildTangent) Hidden

VIx64 (Version: 1.0.0 - Sony Corporation) Hidden

VIx86 (x32 Version: 1.0.0 - Sony Corporation) Hidden

VPMx64 (Version: 1.0.0 - Sony Corporation ) Hidden

VSSTx64 (Version: 1.0.0 - Sony Corporation ) Hidden

VSSTx86 (x32 Version: 1.0.0 - Sony Corporation) Hidden

VU5x64 (Version: 1.1.0 - Sony Corporation ) Hidden

VU5x86 (x32 Version: 1.1.0 - Sony Corporation ) Hidden

VWSTx86 (x32 Version: 1.0.0 - Sony Corporation) Hidden

WIDCOMM Bluetooth Software (HKLM\...\{C6D9ED03-6FCF-4410-9CB7-45CA285F9E11}) (Version: 12.0.0.4900 - Broadcom Corporation)

WildTangent Games App (x32 Version: 4.0.10.5 - WildTangent) Hidden

WildTangent-Spiele (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.4.0 - WildTangent)

XperiaLinkx86 (x32 Version: 1.0.0 - Sony Corporation) Hidden

Youda Jewel Shop (x32 Version: 3.0.2.32 - WildTangent) Hidden
 

==================== Restore Points  =========================
 

22-07-2014 11:35:45 Konfiguriert PowerDVD
 

==================== Hosts content: ==========================
 

2013-08-22 15:25 - 2013-08-22 15:25 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts
 

==================== Scheduled Tasks (whitelisted) =============
 

Task: {05293577-D647-4185-B859-C94839A0B2E3} - System32\Tasks\Microsoft\Windows\SettingSync\NetworkStateChangeTask

Task: {08EE8261-71B7-4FE1-B686-3A8C1B0FF5E9} - System32\Tasks\Sony Corporation\VAIO Control Center\NetworkSetting\NetworkSetting Logon Start => C:\Program Files (x86)\Sony\VAIO Control Center\NetworkSetting\NetworkClient

Task: {0B545118-B563-42FC-8D07-B78F602FCF34} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList

Task: {0D000A61-6F54-431C-8A12-040B3A390B9F} - System32\Tasks\Sony Corporation\VAIO Control Center\Level4Daily => C:\Program Files (x86)\Sony\VAIO Control Center\WBCBatteryCare.exe [2013-02-02] (Sony Corporation)

Task: {0D4845E6-C7A6-424E-926B-450D358EA067} - System32\Tasks\Microsoft\Windows\WOF\WIM-Hash-Validation

Task: {1C0C03B4-E55C-41AA-83BF-C591BFCA3234} - System32\Tasks\Sony Corporation\VAIO Care\VCRLog => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2014-02-20] (Sony Corporation)

Task: {2085BF56-520D-4951-B7C0-DF34AF90CC6A} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => Rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTask

Task: {23636C25-68FB-4F29-9A77-F9DC8A96A6AA} - System32\Tasks\Sony Corporation\VAIO Care\GetPOTInfo => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2014-02-20] (Sony Corporation)

Task: {28844EA3-7868-410B-9E99-3B2217365A5D} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)

Task: {2BA0F1C4-E6B9-4C27-84FD-622BFFE8850C} - System32\Tasks\Sony Corporation\VAIO Care\VCSelfHeal => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2014-02-20] (Sony Corporation)

Task: {2C9C0C6C-2A74-46F2-858A-4389D253EAD0} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCachePrepopulate

Task: {352E6CA0-7314-4DF4-89C4-682368D80D57} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => C:\Windows\System32\AutoWorkplace.exe [2013-08-22] (Microsoft Corporation)

Task: {3B6D8A73-F20B-4C93-B8FB-56A154F172D2} - System32\Tasks\Microsoft\Windows\Time Zone\SynchronizeTimeZone => C:\Windows\system32\tzsync.exe [2013-08-22] (Microsoft Corporation)

Task: {3EF2F38A-E57F-4F04-A118-C0BB87444CC4} - System32\Tasks\USER_ESRV_SVC => Wscript.exe //B //NoLogo "C:\Program Files\Sony\VAIO Care\ESRV\task.vbs"

Task: {4484F53D-2283-497E-B42F-EF02A4E86E62} - System32\Tasks\Sony Corporation\VAIO Care\VCCheckIolo => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2014-02-20] (Sony Corporation)

Task: {4495122C-3AA9-409F-A839-5DC988F13BD7} - System32\Tasks\Sony Corporation\VAIO Care\CheckSystemInfo => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2014-02-20] (Sony Corporation)

Task: {49754026-21E1-41FC-94FD-727AFE414FE7} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCacheRebalance

Task: {4B7A305C-2CFB-45A1-BCF3-D165001D7370} - System32\Tasks\Sony Corporation\VAIO Update\VAIO Update => C:\Program Files\Sony\VAIO Update\VAIOUpdt.exe [2014-02-27] (Sony Corporation)

Task: {5934E660-8947-46C5-BC53-8AE2C88EC084} - System32\Tasks\Sony Corporation\VAIO Control Center\Level4Month => C:\Program Files (x86)\Sony\VAIO Control Center\WBCBatteryCare.exe [2013-02-02] (Sony Corporation)

Task: {59E4C35B-0EED-4268-A6D2-BE0A1D2FC297} - System32\Tasks\Microsoft\Windows\WOF\WIM-Hash-Management

Task: {5D8E6055-BCA9-48BF-A670-36898C6714CE} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2014-06-19] (Microsoft Corporation)

Task: {61CA8C45-13C1-4E62-85D9-E4844F1E5F2D} - System32\Tasks\Microsoft\Windows\WindowsUpdate\Scheduled Start With Network => Sc.exe start wuauserv

Task: {6785A54A-9CB8-4EE6-B5DA-882CB27BF5A0} - System32\Tasks\Microsoft\Windows\Shell\FamilySafetyUpload

Task: {687605AA-5D84-491E-A689-C46D525CC8B1} - System32\Tasks\Sony Corporation\VAIO Control Center\VAIOControlCenterUser => C:\Program Files (x86)\Sony\VAIO Control Center\vim.exe [2013-03-08] (Sony Corporation)

Task: {6AA91E8C-DDBD-4979-8464-4062F7681A19} - System32\Tasks\Microsoft\Windows\Plug and Play\Plug and Play Cleanup

Task: {6DFCB649-0769-4F83-BB10-F60F235F6D3D} - System32\Tasks\Microsoft\Windows\SkyDrive\Idle Sync Maintenance Task

Task: {70E5CE1C-B3A7-4AB1-B68A-15FD692B16ED} - System32\Tasks\Sony Corporation\VAIO Control Center\VAIOControlCenterSystem => C:\Program Files (x86)\Sony\VAIO Control Center\vim.exe [2013-03-08] (Sony Corporation)

Task: {7296E21F-3F39-49C4-AD6E-7A3DAE5ACDD7} - System32\Tasks\Sony Corporation\VAIO Care\UpdateSolution => C:\Program Files\Sony\VAIO Care\Solution.Updater.exe [2014-02-27] (Sony Corporation)

Task: {73B1B253-CE67-4501-AE1A-377DD1D68B65} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => Rundll32.exe Startupscan.dll,SusRunTask

Task: {77F1D869-6E65-4079-A2A0-E2023408EF97} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => Rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState

Task: {85EC3F3A-E95D-45D2-BB4C-AB8C83580000} - System32\Tasks\Sony Corporation\VAIO Update\VAIO Update Self Repair => C:\Program Files\Sony\VAIO Update\VUSR.exe [2014-02-28] (Sony Corporation)

Task: {872D0E53-FD2E-41E3-B431-698AF82882CE} - System32\Tasks\Microsoft\Windows\SkyDrive\Routine Maintenance Task

Task: {8B57CCED-3E59-41FA-A138-52E8A1BDB672} - System32\Tasks\Sony Corporation\VAIO Care\UploadPOT => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2014-02-20] (Sony Corporation)

Task: {8CC813C9-712A-41EF-9512-B233444FC669} - System32\Tasks\Microsoft\Windows\AppxDeploymentClient\Pre-staged app cleanup => Rundll32.exe %windir%\system32\AppxDeploymentClient.dll,AppxPreStageCleanupRunTask

Task: {92D26F3F-31CD-447F-B5BB-E421680E4761} - System32\Tasks\Sony Corporation\VAIO Hardware Diagnostics\VHDInformationCheck => C:\Program Files (x86)\Sony\VAIO Recovery\plugins\InformationCheck.exe [2013-01-25] (Sony Corporation)

Task: {9AA5C5F5-BB92-4ABF-8CC3-C7740D649B89} - System32\Tasks\Microsoft\Windows\DiskFootprint\Diagnostics

Task: {9FF4C139-5234-410C-B7FA-23EE2FD2AB53} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Maintenance Work

Task: {A27DD76A-52F5-4694-8FCD-BC73916F0B4A} - System32\Tasks\Microsoft\Windows\DiskCleanup\SilentCleanup => C:\Windows\system32\cleanmgr.exe [2014-02-22] (Microsoft Corporation)

Task: {AC80D8EC-FEE2-40F1-8A94-F415739B011E} - System32\Tasks\Sony Corporation\VAIO Care\VAIO Care => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2014-02-20] (Sony Corporation)

Task: {B77C15E8-DAEA-4309-932B-3773A9C3A4B5} - System32\Tasks\Sony Corporation\VAIO Care\DeployCRMflag => C:\Program Files\Sony\VAIO Care\DeployCRMflag.exe [2014-01-16] (Sony Corporation)

Task: {C3F4ABE7-B8E6-4F27-A627-0A830B134B38} - System32\Tasks\Sony Corporation\VAIO Improvement\VAIOImprovementUploader => C:\Program Files\Sony\VAIO Improvement\viuploader.exe [2013-01-24] (Sony Corporation)

Task: {CFD7C21A-808B-487B-A6EC-8A10E44E8360} - System32\Tasks\Microsoft\Windows\SettingSync\BackupTask

Task: {D88FEC9E-A82A-46F9-87E2-B6B97B301C1A} - System32\Tasks\Microsoft\Windows\WS\License Validation => Rundll32.exe WSClient.dll,WSpTLR licensing

Task: {DA46820F-FF8A-4B5E-A6B2-B12185DCFFFB} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Logon Synchronization

Task: {DD4213BC-7640-4609-A863-FDE7760A3C67} - System32\Tasks\Sony Corporation\VAIO Care\VCMetrics => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2014-02-20] (Sony Corporation)

Task: {E6D378FA-E068-4BCB-80DE-56D43A249507} - System32\Tasks\Microsoft\Windows\RecoveryEnvironment\VerifyWinRE

Task: {F2FB7B73-0AF1-4E12-BC82-5621312C0C39} - System32\Tasks\Sony Corporation\VAIO Care\UpdateContacts => %ProgramData%\Sony Corporation\VAIO Care\UpdateContacts.exe

Task: {F7A6508E-E9B2-4933-85D8-A63D5297D219} - System32\Tasks\Sony Corporation\Xperia Link\Xperia Link Logon Start => C:\Program Files (x86)\Sony\Xperia Link\Xperia Link.exe [2013-02-04] (Sony Corporation)

Task: {F824AF2B-9072-4E7A-84C2-F9CB6329FBC6} - System32\Tasks\Sony Corporation\VAIO Gesture Control\VCGULogonTask => C:\Program Files (x86)\Sony\VAIO Camera Gesture Utility\VCGU.exe [2013-01-23] (Sony Corporation)

Task: {F90A99B8-7377-49C5-BBC2-A34762C4FA79} - System32\Tasks\Sony Corporation\VAIO Care\VCOneClick => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2014-02-20] (Sony Corporation)

Task: C:\WINDOWS\Tasks\Synaptics TouchPad Enhancements.job => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
 

==================== Loaded Modules (whitelisted) =============
 

2013-12-21 01:02 - 2013-12-21 01:02 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll

2013-11-19 10:21 - 2013-11-19 10:21 - 00062464 _____ () C:\Program Files\Sony\VAIO Care\listener.exe

2014-02-12 21:58 - 2014-02-12 21:58 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll

2014-02-12 21:58 - 2014-02-12 21:58 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll

2014-06-20 11:55 - 2014-06-20 11:55 - 03852912 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
 

==================== Alternate Data Streams (whitelisted) =========
 

AlternateDataStreams: C:\Users\Susi-\AppData\Roaming\Microsoft\Windows\Start Menu\WEB.DE Homepage.website:TASKICON_0web-720625059

AlternateDataStreams: C:\Users\Susi-\AppData\Roaming\Microsoft\Windows\Start Menu\WEB.DE Homepage.website:TASKICON_1web1934756139

AlternateDataStreams: C:\Users\Susi-\AppData\Roaming\Microsoft\Windows\Start Menu\WEB.DE Homepage.website:TASKICON_2web2064578788

AlternateDataStreams: C:\Users\Susi-\AppData\Roaming\Microsoft\Windows\Start Menu\WEB.DE Homepage.website:TASKICON_3web-1601376745

AlternateDataStreams: C:\Users\Susi-\AppData\Roaming\Microsoft\Windows\Start Menu\WEB.DE Homepage.website:TASKICON_4web1432927845
 

==================== Safe Mode (whitelisted) ===================
 
 

==================== EXE Association (whitelisted) =============
 
 

==================== MSCONFIG/TASK MANAGER disabled items =========
 
 

==================== Faulty Device Manager Devices =============
 
 

==================== Event log errors: =========================
 

Application errors:

==================

Error: (07/21/2014 04:40:56 PM) (Source: Application Hang) (EventID: 1002) (User: )

Description: Programm VAIOCare.exe, Version 1.4.0.13060 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.
 

Prozess-ID: ff0
 

Startzeit: 01cfa4f1b34395f3
 

Endzeit: 4294967295
 

Anwendungspfad: C:\Program Files\WindowsApps\BD9B8345.VAIOCare_1.4.0.13060_x64__05bme2bjq6sag\VAIOCare.exe
 

Berichts-ID: 008d643e-10e5-11e4-be92-30f9eda9cfab
 

Vollständiger Name des fehlerhaften Pakets: BD9B8345.VAIOCare_1.4.0.13060_x64__05bme2bjq6sag
 

Anwendungs-ID, die relativ zum fehlerhaften Paket ist: App
 

Error: (07/21/2014 04:40:47 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 2486) (User: Susi)

Description: Die App „BD9B8345.VAIOCare_1.4.0.13060_x64__05bme2bjq6sag+App“ wurde nicht innerhalb der vorgesehenen Zeit gestartet.
 

Error: (07/21/2014 07:44:39 AM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )

Description: 80070005
 

Error: (07/19/2014 06:50:53 AM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )

Description: 80070005
 

Error: (07/17/2014 04:29:38 AM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )

Description: 80070005
 

Error: (07/14/2014 03:38:32 PM) (Source: Bonjour Service) (EventID: 100) (User: )

Description: Task Scheduling Error: m->NextScheduledSPRetry 14562
 

Error: (07/14/2014 03:38:32 PM) (Source: Bonjour Service) (EventID: 100) (User: )

Description: Task Scheduling Error: m->NextScheduledEvent 14562
 

Error: (07/14/2014 03:38:32 PM) (Source: Bonjour Service) (EventID: 100) (User: )

Description: Task Scheduling Error: Continuously busy for more than a second
 

Error: (07/14/2014 02:15:14 PM) (Source: Application Error) (EventID: 1000) (User: )

Description: Name der fehlerhaften Anwendung: DllHost.exe, Version: 6.3.9600.16384, Zeitstempel: 0x5215dfc6

Name des fehlerhaften Moduls: ntdll.dll, Version: 6.3.9600.17031, Zeitstempel: 0x530895af

Ausnahmecode: 0xc0000005

Fehleroffset: 0x0000000000065e8e

ID des fehlerhaften Prozesses: 0x8a4

Startzeit der fehlerhaften Anwendung: 0xDllHost.exe0

Pfad der fehlerhaften Anwendung: DllHost.exe1

Pfad des fehlerhaften Moduls: DllHost.exe2

Berichtskennung: DllHost.exe3

Vollständiger Name des fehlerhaften Pakets: DllHost.exe4

Anwendungs-ID, die relativ zum fehlerhaften Paket ist: DllHost.exe5
 

Error: (07/14/2014 01:26:11 PM) (Source: Bonjour Service) (EventID: 100) (User: )

Description: Task Scheduling Error: m->NextScheduledSPRetry 25422297
 
 

System errors:

=============

Error: (07/22/2014 01:28:59 PM) (Source: DCOM) (EventID: 10016) (User: Susi)

Description: AnwendungsspezifischLokalStart{7022A3B3-D004-4F52-AF11-E9E987FEE25F}{ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}SusiSusi-S-1-5-21-1257074523-2441018885-1819162988-1001LocalHost (unter Verwendung von LRPC)Nicht verfügbarNicht verfügbar
 

Error: (07/22/2014 01:28:59 PM) (Source: DCOM) (EventID: 10016) (User: Susi)

Description: AnwendungsspezifischLokalStart{7022A3B3-D004-4F52-AF11-E9E987FEE25F}{ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}SusiSusi-S-1-5-21-1257074523-2441018885-1819162988-1001LocalHost (unter Verwendung von LRPC)Nicht verfügbarNicht verfügbar
 

Error: (07/22/2014 01:28:59 PM) (Source: DCOM) (EventID: 10016) (User: Susi)

Description: AnwendungsspezifischLokalStart{7022A3B3-D004-4F52-AF11-E9E987FEE25F}{ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}SusiSusi-S-1-5-21-1257074523-2441018885-1819162988-1001LocalHost (unter Verwendung von LRPC)Nicht verfügbarNicht verfügbar
 

Error: (07/22/2014 01:28:59 PM) (Source: DCOM) (EventID: 10016) (User: Susi)

Description: AnwendungsspezifischLokalStart{7022A3B3-D004-4F52-AF11-E9E987FEE25F}{ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}SusiSusi-S-1-5-21-1257074523-2441018885-1819162988-1001LocalHost (unter Verwendung von LRPC)Nicht verfügbarNicht verfügbar
 

Error: (07/22/2014 01:28:59 PM) (Source: DCOM) (EventID: 10016) (User: Susi)

Description: AnwendungsspezifischLokalStart{7022A3B3-D004-4F52-AF11-E9E987FEE25F}{ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}SusiSusi-S-1-5-21-1257074523-2441018885-1819162988-1001LocalHost (unter Verwendung von LRPC)Nicht verfügbarNicht verfügbar
 

Error: (07/22/2014 01:28:58 PM) (Source: DCOM) (EventID: 10016) (User: Susi)

Description: AnwendungsspezifischLokalStart{7022A3B3-D004-4F52-AF11-E9E987FEE25F}{ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}SusiSusi-S-1-5-21-1257074523-2441018885-1819162988-1001LocalHost (unter Verwendung von LRPC)Nicht verfügbarNicht verfügbar
 

Error: (07/22/2014 01:28:58 PM) (Source: DCOM) (EventID: 10016) (User: Susi)

Description: AnwendungsspezifischLokalStart{7022A3B3-D004-4F52-AF11-E9E987FEE25F}{ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}SusiSusi-S-1-5-21-1257074523-2441018885-1819162988-1001LocalHost (unter Verwendung von LRPC)Nicht verfügbarNicht verfügbar
 

Error: (07/22/2014 01:28:58 PM) (Source: DCOM) (EventID: 10016) (User: Susi)

Description: AnwendungsspezifischLokalStart{7022A3B3-D004-4F52-AF11-E9E987FEE25F}{ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}SusiSusi-S-1-5-21-1257074523-2441018885-1819162988-1001LocalHost (unter Verwendung von LRPC)Nicht verfügbarNicht verfügbar
 

Error: (07/22/2014 01:25:19 PM) (Source: Service Control Manager) (EventID: 7030) (User: )

Description: Der Dienst "NPEService" ist als interaktiver Dienst gekennzeichnet. Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich sind. Der Dienst wird möglicherweise nicht richtig funktionieren.
 

Error: (07/21/2014 06:42:12 AM) (Source: DCOM) (EventID: 10010) (User: Susi)

Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001}
 
 

Microsoft Office Sessions:

=========================

Error: (07/21/2014 04:40:56 PM) (Source: Application Hang) (EventID: 1002) (User: )

Description: VAIOCare.exe1.4.0.13060ff001cfa4f1b34395f34294967295C:\Program Files\WindowsApps\BD9B8345.VAIOCare_1.4.0.13060_x64__05bme2bjq6sag\VAIOCare.exe008d643e-10e5-11e4-be92-30f9eda9cfabBD9B8345.VAIOCare_1.4.0.13060_x64__05bme2bjq6sagApp
 

Error: (07/21/2014 04:40:47 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 2486) (User: Susi)

Description: BD9B8345.VAIOCare_1.4.0.13060_x64__05bme2bjq6sag+App
 

Error: (07/21/2014 07:44:39 AM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )

Description: 80070005
 

Error: (07/19/2014 06:50:53 AM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )

Description: 80070005
 

Error: (07/17/2014 04:29:38 AM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )

Description: 80070005
 

Error: (07/14/2014 03:38:32 PM) (Source: Bonjour Service) (EventID: 100) (User: )

Description: Task Scheduling Error: m->NextScheduledSPRetry 14562
 

Error: (07/14/2014 03:38:32 PM) (Source: Bonjour Service) (EventID: 100) (User: )

Description: Task Scheduling Error: m->NextScheduledEvent 14562
 

Error: (07/14/2014 03:38:32 PM) (Source: Bonjour Service) (EventID: 100) (User: )

Description: Task Scheduling Error: Continuously busy for more than a second
 

Error: (07/14/2014 02:15:14 PM) (Source: Application Error) (EventID: 1000) (User: )

Description: DllHost.exe6.3.9600.163845215dfc6ntdll.dll6.3.9600.17031530895afc00000050000000000065e8e8a401cf9f5d446252d3C:\WINDOWS\system32\DllHost.exeC:\WINDOWS\SYSTEM32\ntdll.dll8254fbad-0b50-11e4-be92-30f9eda9cfab
 

Error: (07/14/2014 01:26:11 PM) (Source: Bonjour Service) (EventID: 100) (User: )

Description: Task Scheduling Error: m->NextScheduledSPRetry 25422297
 
 

==================== Memory info =========================== 
 

Percentage of memory in use: 41%

Total physical RAM: 3974.8 MB

Available physical RAM: 2333.94 MB

Total Pagefile: 7046.8 MB

Available Pagefile: 5022.84 MB

Total Virtual: 131072 MB

Available Virtual: 131071.8 MB
 

==================== Drives ================================
 

Drive c: () (Fixed) (Total:438.49 GB) (Free:395.7 GB) NTFS
 

==================== MBR & Partition Table ==================
 

========================================================

Disk: 0 (Size: 466 GB) (Disk ID: 6411F320)
 

Partition: GPT Partition Type.
 

==================== End Of Log ============================

Hallo Jürgen,
schon mal vielen Tausend Dank für die schnelle Hilfe.
Ich hoffe das klappt.
LG

Hi, wenn es ums Geld geht, hört der Malwarespass gänzlich auf. Daher erstmal keine Finanztransfers usw. mit dem PC durchführen. Passwörter von nem sauberen PC oder nem Handy ändern keine schlechte Idee... ;)

Zitat:

C:\Users\Susi-\Downloads\ComboFix.exe

Das bitte nicht ohne Anweisung ausführen... ;)

Erstmal machen wir so weiter:

Downloade dir bitte

Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.

Starte bitte die mbar.exe.
Folge den Anweisungen auf deinem Bildschirm gemäß Anleitung zu Malwarebytes Anti-Rootkit
Aktualisiere unbedingt die Datenbank und erlaube dem Tool, dein System zu scannen.
Klicke auf den CleanUp Button und erlaube den Neustart.
Während dem Neustart wird MBAR die gefundenen Objekte entfernen, also bleib geduldig.
Nach dem Neustart starte die mbar.exe erneut.
Sollte nochmal was gefunden werden, wiederhole den CleanUp Prozess.

Das Tool wird im erstellten Ordner eine Logfile ( mbar-log-<Jahr-Monat-Tag>.txt ) erzeugen. Bitte poste diese hier.

Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers

Nach dem Scan wurde mitgeteilt, dass keine Malware gefunden wurde

Malwarebytes Anti-Rootkit BETA 1.07.0.1012
Malwarebytes | Free Anti-Malware & Internet Security Software

Database version: v2014.07.22.03

Windows 8.1 x64 NTFS
Internet Explorer 11.0.9600.17126
Susi- :: SUSI [administrator]

22.07.2014 14:18:10
mbar-log-2014-07-22 (14-18-10).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled:
Objects scanned: 337265
Time elapsed: 19 minute(s), 14 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

Physical Sectors Detected: 0
(No malicious items detected)

(end)

OK...

Schritt 1
Downloade Dir bitte

Malwarebytes Anti-Malware

Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
Starte Malwarebytes' Anti-Malware (MBAM).
Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.

Schritt 2

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

Schritt 3

http://filepony.de/icon/frst.png http://deeprybka.trojaner-board.de/b...t/frstscan.png

Bitte starte FRST erneut, und drücke auf Scan.
Bitte poste mir den Inhalt des Logs.

Code:

Malwarebytes Anti-Malware

www.malwarebytes.org
 

Suchlauf Datum: 22.07.2014

Suchlauf-Zeit: 14:50:38

Logdatei: mbam.txt

Administrator: Ja
 

Version: 2.00.2.1012

Malware Datenbank: v2014.07.22.03

Rootkit Datenbank: v2014.07.17.01

Lizenz: Kostenlos

Malware Schutz: Deaktiviert

Bösartiger Webseiten Schutz: Deaktiviert

Self-protection: Deaktiviert
 

Betriebssystem: Windows 8.1

CPU: x64

Dateisystem: NTFS

Benutzer: Susi-
 

Suchlauf-Art: Bedrohungs-Suchlauf

Ergebnis: Abgeschlossen

Durchsuchte Objekte: 336591

Verstrichene Zeit: 13 Min, 38 Sek
 

Speicher: Aktiviert

Autostart: Aktiviert

Dateisystem: Aktiviert

Archive: Aktiviert

Rootkits: Deaktiviert

Heuristics: Aktiviert

PUP: Aktiviert

PUM: Aktiviert
 

Prozesse: 0

(No malicious items detected)
 

Module: 0

(No malicious items detected)
 

Registrierungsschlüssel: 0

(No malicious items detected)
 

Registrierungswerte: 0

(No malicious items detected)
 

Registrierungsdaten: 0

(No malicious items detected)
 

Ordner: 0

(No malicious items detected)
 

Dateien: 0

(No malicious items detected)
 

Physische Sektoren: 0

(No malicious items detected)
 
 

(end)

Code:

ESETSmartInstaller@High as downloader log:

all ok

ESETSmartInstaller@High as downloader log:

all ok

# product=EOS

# version=8

# OnlineScannerApp.exe=1.0.0.1

# OnlineScanner.ocx=1.0.0.7623

# api_version=3.0.2

# EOSSerial=83d0bbd6f423ea4b859dde9496bf6012

# engine=19292

# end=finished

# remove_checked=false

# archives_checked=true

# unwanted_checked=true

# unsafe_checked=false

# antistealth_checked=true

# utc_time=2014-07-22 03:17:18

# local_time=2014-07-22 05:17:18 (+0100, Mitteleuropäische Sommerzeit)

# country="Germany"

# lang=1031

# osver=6.2.9200 NT 

# compatibility_mode_1='Avira Desktop'

# compatibility_mode=1810 16777213 100 100 13418 19460400 0 0

# compatibility_mode_1=''

# compatibility_mode=5893 16776574 100 94 5888494 30923531 0 0

# scanned=265480

# found=9

# cleaned=0

# scan_time=7345

sh=D0378C6ECF741BD01F6BCB1B15A9F8FB89F5A1FB ft=0 fh=0000000000000000 vn="Mehrere Bedrohungen" ac=I fn="C:\Users\Susi-\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\12\7d80990c-7bb1e7e1"

sh=F4F135FFD372155D7F3308C58340C3AE4242E742 ft=0 fh=0000000000000000 vn="Mehrere Bedrohungen" ac=I fn="C:\Users\Susi-\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\25\6debac59-3b7e0782"

sh=F4F135FFD372155D7F3308C58340C3AE4242E742 ft=0 fh=0000000000000000 vn="Mehrere Bedrohungen" ac=I fn="C:\Users\Susi-\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\25\6debac59-71c44c01"

sh=B32312B252F14F9D12E5F81EAA41742AB64836FA ft=1 fh=719e46fa4b167b86 vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung" ac=I fn="F:\Programme\FreeYouTubeDownload.exe"

sh=42D4D03BCE99BEEF0A7BD8568A9ECC0AE943F957 ft=1 fh=9f77669f8ef840ee vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung" ac=I fn="F:\Programme\FreeYouTubeToDVDConverter.exe"

sh=5202E51201D6D1FDA57BAD612477A46DF4118D79 ft=1 fh=febf1be35c9e6018 vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung" ac=I fn="F:\Programme\FreeYouTubeToMp3Converter.exe"

sh=7E2DB47058308BD795A31462F926AE69CA90FC06 ft=1 fh=aac930c246e6dda5 vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung" ac=I fn="F:\Programme\FreeDVDDecrypter.exe"

sh=18763A2ECA10C59FE516D9240831C6B0D18995F5 ft=1 fh=398a74cd3f8e7cf5 vn="Win32/Toolbar.Conduit.A evtl. unerwünschte Anwendung" ac=I fn="F:\Programme\FreeVideoToDVDConverter.exe"

sh=7CE0ACE63F17B3ED807F11A84938E889DFFEC0C1 ft=1 fh=a7563853c8e289c6 vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung" ac=I fn="F:\Programme\FreeVideoToMp3Converter.exe"

FRST Logfile:

FRST Logfile:

FRST Logfile:

Code:

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 21-07-2014

Ran by Susi- (administrator) on SUSI on 22-07-2014 17:26:49

Running from C:\Users\Susi-\Downloads

Platform: Windows 8.1 (X64) OS Language: Deutsch (Deutschland)

Internet Explorer Version 11

Boot Mode: Normal
 
 

==================== Processes (Whitelisted) =================
 

(Microsoft Corporation) C:\Windows\System32\wlanext.exe

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe

(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe

(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe

(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe

(Microsoft Corporation) C:\Windows\System32\dasHost.exe

(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe

(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Control Center\NetworkSetting\NetworkClient.exe

(Sony Corporation) C:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe

(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Control Center\VESMgr.exe

(Broadcom Corporation) C:\Program Files\Broadcom\Broadcom 802.11 Network Adapter\WLTRYSVC.EXE

(Broadcom Corporation) C:\Program Files\Broadcom\Broadcom 802.11 Network Adapter\BCMWLTRY.EXE

(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Control Center\VESMgrSub.exe

(Seiko Epson Corporation) C:\Windows\System32\escsvc64.exe

(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Control Center\VESMgrSub.exe

(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe

(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Control Center\SUSSoundProxy.exe

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe

(Intel Corporation) C:\Program Files\Sony\VAIO Care\ESRV\esrv.exe

(Intel Corporation) C:\Windows\System32\igfxtray.exe

(Intel Corporation) C:\Windows\System32\hkcmd.exe

(Intel Corporation) C:\Windows\System32\igfxpers.exe

(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe

(Broadcom Corporation) C:\Program Files\Broadcom\Broadcom 802.11 Network Adapter\WLTRAY.EXE

(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe

(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

(SEIKO EPSON CORPORATION) C:\Windows\System32\spool\drivers\x64\3\E_IATIIKE.EXE

(Intel Corporation) C:\Windows\System32\igfxsrvc.exe

(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe

(Sony Corporation) C:\Program Files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe

(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe

(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe

(Sony Corporation) C:\Program Files\Sony\VAIO Update\VAIOUpdt.exe

(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe

(Sony Corporation) C:\Program Files\Sony\VAIO Update\VUAgent.exe

(Intel Corporation) C:\Program Files\Sony\VAIO Care\ESRV\esrv_svc.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe

(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Control Center\vim.exe

(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe

(Microsoft Corporation) C:\Windows\System32\dllhost.exe

(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Control Center\vim.exe

(Sony Corporation) C:\Program Files\Sony\VAIO Care\VCSystemTray.exe

(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe

(Sony Corporation) C:\Program Files\Sony\VAIO Care\VCService.exe

(Sony Corporation) C:\Program Files\Sony\VAIO Care\VCAgent.exe

(Sony Corporation) C:\Program Files\Sony\VAIO Care\VCAdmin.exe

(Intel Corporation) C:\Program Files\Sony\VAIO Care\VCPerfService.exe

() C:\Program Files\Sony\VAIO Care\listener.exe

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avcenter.exe

(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe

(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe
 
 

==================== Registry (Whitelisted) ==================
 

HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1381744 2014-02-20] (Realtek Semiconductor)

HKLM\...\Run: [Broadcom Wireless Manager UI] => C:\Program Files\Broadcom\Broadcom 802.11 Network Adapter\WLTRAY.exe [10590208 2013-03-14] (Broadcom Corporation)

HKLM\...\Run: [Bluetooth] => C:\Program Files\WIDCOMM\Bluetooth Software\bttray.exe [526704 2012-12-14] (Broadcom Corporation.)

HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3039984 2013-03-14] (Synaptics Incorporated)

HKLM-x32\...\Run: [PMBVolumeWatcher] => C:\Program Files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe [740376 2013-02-06] (Sony Corporation)

HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)

HKLM-x32\...\Run: [Intel AppUp(R) center] => C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe [156000 2013-02-19] (Intel Corporation)

HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [750160 2014-07-12] (Avira Operations GmbH & Co. KG)

HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-05-26] (Apple Inc.)

HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-07-11] (Oracle Corporation)

Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)

HKU\S-1-5-21-1257074523-2441018885-1819162988-1001\...\Run: [EPLTarget\P0000000000000000] => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_IATIIKE.EXE [283232 2012-10-24] (SEIKO EPSON CORPORATION)

HKU\S-1-5-21-1257074523-2441018885-1819162988-1001\...\Run: [AmazonMP3DownloaderHelper] => C:\Users\Susi-\AppData\Local\Program Files\Amazon\MP3 Downloader\AmazonMP3DownloaderHelper.exe 

HKU\S-1-5-21-1257074523-2441018885-1819162988-1001\...\Run: [YhhPack Update] => regsvr32.exe 
 

==================== Internet (Whitelisted) ====================
 

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.web.de/

HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://sony13.msn.com

HKCU\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://vaioportal.sony.eu

HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie

HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie

SearchScopes: HKCU - {050147D7-80C4-4EF7-A6E6-2CD5856ACBBF} URL = hxxp://rover.ebay.com/rover/1/707-37276-16609-27/4?mpre=hxxp://shop.ebay.de/?oemInLn=ieSrch-&_nkw={searchTerms}

SearchScopes: HKCU - {56AF630B-6638-4CF3-B388-4AE452CC09BC} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MASEJS

BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)

BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File

Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
 

FireFox:

========

FF ProfilePath: C:\Users\Susi-\AppData\Roaming\Mozilla\Firefox\Profiles\zahruggu.default

FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF64_12_0_0_77.dll ()

FF Plugin: @java.com/DTPlugin,version=10.13.2 - C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)

FF Plugin-x32: @adobe.com/FlashPlayer - C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_77.dll ()

FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()

FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 - C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)

FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)

FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)

FF Plugin-x32: @java.com/DTPlugin,version=10.65.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)

FF Plugin-x32: @java.com/JavaPlugin,version=10.65.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

FF Plugin-x32: @mcafee.com/McAfeeMssPlugin - C:\Program Files (x86)\Sony\MSS\3.8.130\npMcAfeeMss.dll No File

FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 - C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()

FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF Plugin HKCU: intel.com/AppUp - C:\Program Files (x86)\Intel\IntelAppStore\bin\npAppUp.dll (Intel)

FF Plugin HKCU: intel.com/AppUpx64 - C:\Program Files (x86)\Intel\IntelAppStore\bin\npAppUp_x64.dll (Intel)

FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml

FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml

FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml

FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml

FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK
 

Chrome: 

=======

CHR Extension: (Google Wallet) - C:\Users\Susi-\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-01-20]
 

==================== Services (Whitelisted) =================
 

R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [430160 2014-07-12] (Avira Operations GmbH & Co. KG)

R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [430160 2014-07-12] (Avira Operations GmbH & Co. KG)

R2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe [1039952 2014-05-15] (Avira Operations GmbH & Co. KG)

S2 BcmBtRSupport; C:\Windows\system32\BtwRSupportService.exe [2252504 2013-09-04] (Broadcom Corporation.)

R2 EpsonScanSvc; C:\Windows\system32\EscSvc64.exe [135824 2011-12-12] (Seiko Epson Corporation)

R2 ESRV_SVC; C:\Program Files\Sony\VAIO Care\ESRV\esrv_svc.exe [377768 2013-11-19] (Intel Corporation)

R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [129824 2013-01-23] (Intel Corporation)

R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [166688 2013-01-23] (Intel Corporation)

S3 McComponentHostServiceSony; C:\Program Files (x86)\Sony\MSS\3.8.130\McCHSvc.exe [235216 2013-10-16] (McAfee, Inc.)

S3 NetworkSupport; C:\Program Files (x86)\Sony\VAIO Control Center\NetworkSetting\NetworkSupport.exe [629336 2013-09-28] (Sony Corporation)

R2 PMBDeviceInfoProvider; C:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe [483864 2013-02-06] (Sony Corporation)

R2 SampleCollector; C:\Program Files\Sony\VAIO Care\VCPerfService.exe [266168 2013-11-19] (Intel Corporation)

S3 USER_ESRV_SVC; C:\Program Files\Sony\VAIO Care\ESRV\esrv_svc.exe [377768 2013-11-19] (Intel Corporation)

S3 VCFw; C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [972000 2013-01-06] (Sony Corporation)

R3 VUAgent; C:\Program Files\Sony\VAIO Update\vuagent.exe [1642544 2014-02-27] (Sony Corporation)

S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347880 2014-03-24] (Microsoft Corporation)

S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2014-03-24] (Microsoft Corporation)

R2 wltrysvc; C:\Program Files\Broadcom\Broadcom 802.11 Network Adapter\bcmwltry.exe [6070272 2013-03-14] (Broadcom Corporation) [File not signed]
 

==================== Drivers (Whitelisted) ====================
 

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [117712 2014-07-12] (Avira Operations GmbH & Co. KG)

R1 avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [130584 2014-05-15] (Avira Operations GmbH & Co. KG)

R1 avkmgr; C:\Windows\system32\DRIVERS\avkmgr.sys [28600 2013-12-09] (Avira Operations GmbH & Co. KG)

R2 avnetflt; C:\Windows\system32\DRIVERS\avnetflt.sys [84720 2013-12-09] (Avira Operations GmbH & Co. KG)

R3 bcbtums; C:\Windows\system32\drivers\bcbtums.sys [170712 2013-09-04] (Broadcom Corporation.)

R3 BCM43XX; C:\Windows\system32\DRIVERS\bcmwl63a.sys [6971056 2013-03-14] (Broadcom Corporation)

R3 BthLEEnum; C:\Windows\System32\drivers\BthLEEnum.sys [226304 2013-12-04] (Microsoft Corporation)

R3 semav6thermal64ro; C:\WINDOWS\system32\drivers\semav6thermal64ro.sys [13792 2014-04-26] ()

R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [33008 2013-03-14] (Synaptics Incorporated)

R0 SMR410; C:\Windows\System32\drivers\SMR410.SYS [96856 2014-07-22] (Symantec Corporation)

S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [123224 2014-03-24] (Microsoft Corporation)
 

==================== NetSvcs (Whitelisted) ===================
 
 

==================== One Month Created Files and Folders ========
 

2014-07-22 15:09 - 2014-07-22 15:09 - 00000000 ____D () C:\Program Files (x86)\ESET

2014-07-22 15:08 - 2014-07-22 15:08 - 02347384 _____ (ESET) C:\Users\Susi-\Downloads\esetsmartinstaller_deu.exe

2014-07-22 15:07 - 2014-07-22 15:07 - 00001146 _____ () C:\Users\Susi-\Desktop\mbam.txt

2014-07-22 14:48 - 2014-07-22 14:48 - 00001118 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2014-07-22 14:48 - 2014-07-22 14:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware

2014-07-22 14:48 - 2014-07-22 14:48 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware

2014-07-22 14:48 - 2014-05-12 07:26 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys

2014-07-22 14:48 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys

2014-07-22 14:47 - 2014-07-22 14:47 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Susi-\Downloads\mbam-setup-2.0.2.1012.exe

2014-07-22 14:18 - 2014-07-22 14:50 - 00122584 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys

2014-07-22 14:18 - 2014-07-22 14:48 - 00000000 ____D () C:\ProgramData\Malwarebytes

2014-07-22 14:18 - 2014-07-22 14:38 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)

2014-07-22 14:17 - 2014-07-22 14:38 - 00000000 ____D () C:\Users\Susi-\Desktop\mbar

2014-07-22 14:17 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys

2014-07-22 14:16 - 2014-07-22 14:17 - 14349744 _____ (Malwarebytes Corp.) C:\Users\Susi-\Downloads\mbar-1.07.0.1012.exe

2014-07-22 13:48 - 2014-07-22 13:48 - 00030039 _____ () C:\Users\Susi-\Downloads\Addition.txt

2014-07-22 13:47 - 2014-07-22 17:26 - 00014859 _____ () C:\Users\Susi-\Downloads\FRST.txt

2014-07-22 13:46 - 2014-07-22 13:47 - 05562504 _____ (Swearware) C:\Users\Susi-\Downloads\ComboFix.exe

2014-07-22 13:45 - 2014-07-22 17:26 - 00000000 ____D () C:\FRST

2014-07-22 13:44 - 2014-07-22 13:44 - 00272808 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\javaws.exe

2014-07-22 13:44 - 2014-07-22 13:44 - 00175528 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\javaw.exe

2014-07-22 13:44 - 2014-07-22 13:44 - 00175528 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\java.exe

2014-07-22 13:44 - 2014-07-22 13:44 - 00098216 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-32.dll

2014-07-22 13:44 - 2014-07-22 13:44 - 00000000 ____D () C:\ProgramData\Oracle

2014-07-22 13:44 - 2014-07-22 13:44 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java

2014-07-22 13:44 - 2014-07-22 13:44 - 00000000 ____D () C:\Program Files (x86)\Java

2014-07-22 13:43 - 2014-07-22 13:44 - 02090496 _____ (Farbar) C:\Users\Susi-\Downloads\FRST64.exe

2014-07-22 13:40 - 2014-07-22 13:56 - 638259200 _____ () C:\Users\Susi-\Downloads\rescue-system.iso

2014-07-22 13:38 - 2014-07-22 13:38 - 00918440 _____ (Oracle Corporation) C:\Users\Susi-\Downloads\jxpiinstall.exe

2014-07-22 13:27 - 2014-07-22 13:28 - 00000000 ____D () C:\NPE

2014-07-22 13:24 - 2014-07-22 13:38 - 00000000 ____D () C:\Users\Susi-\AppData\Local\NPE

2014-07-22 13:24 - 2014-07-22 13:24 - 00096856 _____ (Symantec Corporation) C:\WINDOWS\system32\Drivers\SMR410.SYS

2014-07-22 13:24 - 2014-07-22 13:24 - 00000000 ____D () C:\ProgramData\Norton

2014-07-22 13:23 - 2014-07-22 13:23 - 03081712 ____N (Symantec Corporation) C:\Users\Susi-\Downloads\NPE.exe

2014-06-29 14:14 - 2014-06-29 14:14 - 00000000 ____D () C:\Users\HomeGroupUser$\AppData\Local\Packages

2014-06-29 14:14 - 2014-06-29 14:14 - 00000000 ____D () C:\Users\HomeGroupUser$

2014-06-29 14:14 - 2014-06-29 14:14 - 00000000 ____D () C:\Users\Gast\AppData\Local\Packages

2014-06-29 14:14 - 2014-06-29 14:14 - 00000000 ____D () C:\Users\Gast

2014-06-29 14:14 - 2014-06-29 14:14 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Packages

2014-06-29 14:14 - 2014-06-29 14:14 - 00000000 ____D () C:\Users\Administrator

2014-06-29 14:08 - 2014-06-29 14:08 - 00000998 _____ () C:\Users\Public\Desktop\VAIO Update.lnk

2014-06-29 14:08 - 2014-06-29 14:08 - 00000998 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VAIO Update.lnk
 

==================== One Month Modified Files and Folders =======
 

2014-07-22 17:27 - 2014-07-22 13:47 - 00014859 _____ () C:\Users\Susi-\Downloads\FRST.txt

2014-07-22 17:26 - 2014-07-22 13:45 - 00000000 ____D () C:\FRST

2014-07-22 17:00 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\system32\sru

2014-07-22 15:13 - 2013-11-14 09:27 - 01776918 _____ () C:\WINDOWS\system32\PerfStringBackup.INI

2014-07-22 15:13 - 2013-11-14 09:11 - 00765582 _____ () C:\WINDOWS\system32\perfh007.dat

2014-07-22 15:13 - 2013-11-14 09:11 - 00159366 _____ () C:\WINDOWS\system32\perfc007.dat

2014-07-22 15:09 - 2014-07-22 15:09 - 00000000 ____D () C:\Program Files (x86)\ESET

2014-07-22 15:08 - 2014-07-22 15:08 - 02347384 _____ (ESET) C:\Users\Susi-\Downloads\esetsmartinstaller_deu.exe

2014-07-22 15:07 - 2014-07-22 15:07 - 00001146 _____ () C:\Users\Susi-\Desktop\mbam.txt

2014-07-22 15:05 - 2013-12-20 18:54 - 00003600 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1257074523-2441018885-1819162988-1001

2014-07-22 14:50 - 2014-07-22 14:18 - 00122584 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys

2014-07-22 14:48 - 2014-07-22 14:48 - 00001118 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2014-07-22 14:48 - 2014-07-22 14:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware

2014-07-22 14:48 - 2014-07-22 14:48 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware

2014-07-22 14:48 - 2014-07-22 14:18 - 00000000 ____D () C:\ProgramData\Malwarebytes

2014-07-22 14:47 - 2014-07-22 14:47 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Susi-\Downloads\mbam-setup-2.0.2.1012.exe

2014-07-22 14:38 - 2014-07-22 14:18 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)

2014-07-22 14:38 - 2014-07-22 14:17 - 00000000 ____D () C:\Users\Susi-\Desktop\mbar

2014-07-22 14:17 - 2014-07-22 14:16 - 14349744 _____ (Malwarebytes Corp.) C:\Users\Susi-\Downloads\mbar-1.07.0.1012.exe

2014-07-22 14:08 - 2014-02-16 06:04 - 01679176 _____ () C:\WINDOWS\WindowsUpdate.log

2014-07-22 13:56 - 2014-07-22 13:40 - 638259200 _____ () C:\Users\Susi-\Downloads\rescue-system.iso

2014-07-22 13:48 - 2014-07-22 13:48 - 00030039 _____ () C:\Users\Susi-\Downloads\Addition.txt

2014-07-22 13:47 - 2014-07-22 13:46 - 05562504 _____ (Swearware) C:\Users\Susi-\Downloads\ComboFix.exe

2014-07-22 13:44 - 2014-07-22 13:44 - 00272808 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\javaws.exe

2014-07-22 13:44 - 2014-07-22 13:44 - 00175528 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\javaw.exe

2014-07-22 13:44 - 2014-07-22 13:44 - 00175528 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\java.exe

2014-07-22 13:44 - 2014-07-22 13:44 - 00098216 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-32.dll

2014-07-22 13:44 - 2014-07-22 13:44 - 00000000 ____D () C:\ProgramData\Oracle

2014-07-22 13:44 - 2014-07-22 13:44 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java

2014-07-22 13:44 - 2014-07-22 13:44 - 00000000 ____D () C:\Program Files (x86)\Java

2014-07-22 13:44 - 2014-07-22 13:43 - 02090496 _____ (Farbar) C:\Users\Susi-\Downloads\FRST64.exe

2014-07-22 13:44 - 2013-11-01 11:11 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information

2014-07-22 13:38 - 2014-07-22 13:38 - 00918440 _____ (Oracle Corporation) C:\Users\Susi-\Downloads\jxpiinstall.exe

2014-07-22 13:38 - 2014-07-22 13:24 - 00000000 ____D () C:\Users\Susi-\AppData\Local\NPE

2014-07-22 13:34 - 2014-04-07 13:51 - 00000000 ____D () C:\Users\Susi-\AppData\Roaming\Amazon

2014-07-22 13:34 - 2014-04-07 13:47 - 00000000 ____D () C:\Users\Susi-\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Amazon

2014-07-22 13:28 - 2014-07-22 13:27 - 00000000 ____D () C:\NPE

2014-07-22 13:27 - 2013-08-22 16:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT

2014-07-22 13:26 - 2013-08-22 15:25 - 00262144 ___SH () C:\WINDOWS\system32\config\BBI

2014-07-22 13:24 - 2014-07-22 13:24 - 00096856 _____ (Symantec Corporation) C:\WINDOWS\system32\Drivers\SMR410.SYS

2014-07-22 13:24 - 2014-07-22 13:24 - 00000000 ____D () C:\ProgramData\Norton

2014-07-22 13:23 - 2014-07-22 13:23 - 03081712 ____N (Symantec Corporation) C:\Users\Susi-\Downloads\NPE.exe

2014-07-22 13:10 - 2014-02-17 16:44 - 00003914 _____ () C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{C7F60A85-E73B-43D2-8F59-55EA008F6EB1}

2014-07-21 19:24 - 2012-07-26 10:12 - 00000000 ____D () C:\WINDOWS\LiveKernelReports

2014-07-17 19:59 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\AppReadiness

2014-07-14 14:12 - 2012-07-26 09:59 - 00000000 ____D () C:\WINDOWS\CbsTemp

2014-07-14 14:03 - 2014-01-17 16:29 - 00000000 ____D () C:\Users\Susi-\AppData\Local\YhhPack

2014-07-14 13:53 - 2014-03-22 11:40 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service

2014-07-14 13:53 - 2013-11-14 00:18 - 00008850 _____ () C:\WINDOWS\PFRO.log

2014-07-14 13:47 - 2013-12-20 18:38 - 00000000 ____D () C:\Users\Susi-\AppData\Roaming\Sony Corporation

2014-07-12 21:21 - 2013-12-20 19:15 - 00117712 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avgntflt.sys

2014-06-30 11:10 - 2013-12-20 18:43 - 00000000 ____D () C:\Update

2014-06-29 14:14 - 2014-06-29 14:14 - 00000000 ____D () C:\Users\HomeGroupUser$\AppData\Local\Packages

2014-06-29 14:14 - 2014-06-29 14:14 - 00000000 ____D () C:\Users\HomeGroupUser$

2014-06-29 14:14 - 2014-06-29 14:14 - 00000000 ____D () C:\Users\Gast\AppData\Local\Packages

2014-06-29 14:14 - 2014-06-29 14:14 - 00000000 ____D () C:\Users\Gast

2014-06-29 14:14 - 2014-06-29 14:14 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Packages

2014-06-29 14:14 - 2014-06-29 14:14 - 00000000 ____D () C:\Users\Administrator

2014-06-29 14:14 - 2013-11-01 10:07 - 00000000 ____D () C:\Program Files\Sony

2014-06-29 14:08 - 2014-06-29 14:08 - 00000998 _____ () C:\Users\Public\Desktop\VAIO Update.lnk

2014-06-29 14:08 - 2014-06-29 14:08 - 00000998 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VAIO Update.lnk

2014-06-29 14:08 - 2013-11-01 11:30 - 00000000 ____D () C:\WINDOWS\System32\Tasks\Sony Corporation

2014-06-29 14:08 - 2013-11-01 11:25 - 00000000 ____D () C:\ProgramData\Sony Corporation

2014-06-29 14:05 - 2014-05-15 13:09 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox.bak
 

Some content of TEMP:

====================

C:\Users\Susi-\AppData\Local\Temp\avgnt.exe
 
 

==================== Bamital & volsnap Check =================
 

C:\Windows\System32\winlogon.exe => File is digitally signed

C:\Windows\System32\wininit.exe => File is digitally signed

C:\Windows\explorer.exe => File is digitally signed

C:\Windows\SysWOW64\explorer.exe => File is digitally signed

C:\Windows\System32\svchost.exe => File is digitally signed

C:\Windows\SysWOW64\svchost.exe => File is digitally signed

C:\Windows\System32\services.exe => File is digitally signed

C:\Windows\System32\User32.dll => File is digitally signed

C:\Windows\SysWOW64\User32.dll => File is digitally signed

C:\Windows\System32\userinit.exe => File is digitally signed

C:\Windows\SysWOW64\userinit.exe => File is digitally signed

C:\Windows\System32\rpcss.dll => File is digitally signed

C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 

LastRegBack: 2014-07-22 15:05
 

==================== End Of Log ============================

--- --- ---

--- --- ---

--- --- ---

Puuuh, ich hoffe das passt alles so???

Zitat:

Zitat von Computerdepp (Beitrag 1333636)

Puuuh, ich hoffe das passt alles so???

Klar... :daumenhoc

Da haste einen falschen Nickname ausgesucht... :D

Schritt 1

http://filepony.de/icon/frst.png http://deeprybka.trojaner-board.de/b...st/frstfix.png

Drücke bitte die http://deeprybka.trojaner-board.de/b...ne/revo/w7.png + R Taste und schreibe notepad in das Ausführen Fenster.
Klicke auf OK und kopiere nun den Text aus der Codebox in das leere Textdokument:

Code:

C:\Users\Susi-\AppData\LocalLow\Sun\Java\Deployment\cache\6.0

HKU\S-1-5-21-1257074523-2441018885-1819162988-1001\...\Run: [YhhPack Update] => regsvr32.exe 

Reboot:

Speichere dieses bitte als Fixlist.txt in das Verzeichnis ab, in dem sich auch die FRST-Anwendung befindet.

Starte FRST und drücke auf den Fix-Button.
Das Tool erstellt eine "Fixlog.txt" -Datei.
Poste mir bitte deren Inhalt.

PC startet neu.

Schritt 2

http://filepony.de/icon/frst.png http://deeprybka.trojaner-board.de/b...t/frstscan.png

Bitte starte FRST erneut, und drücke auf Scan.
Bitte poste mir den Inhalt des Logs.

FRST Logfile:

FRST Logfile:

FRST Logfile:

Code:

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 21-07-2014

Ran by Susi- (administrator) on SUSI on 22-07-2014 17:59:33

Running from C:\Users\Susi-\Downloads

Platform: Windows 8.1 (X64) OS Language: Deutsch (Deutschland)

Internet Explorer Version 11

Boot Mode: Normal
 
 

==================== Processes (Whitelisted) =================
 

(Microsoft Corporation) C:\Windows\System32\wlanext.exe

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe

(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe

(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe

(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe

(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe

(Microsoft Corporation) C:\Windows\System32\dasHost.exe

(Sony Corporation) C:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe

(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Control Center\VESMgr.exe

(Broadcom Corporation) C:\Program Files\Broadcom\Broadcom 802.11 Network Adapter\WLTRYSVC.EXE

(Broadcom Corporation) C:\Program Files\Broadcom\Broadcom 802.11 Network Adapter\BCMWLTRY.EXE

(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Control Center\VESMgrSub.exe

(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Control Center\VESMgrSub.exe

(Seiko Epson Corporation) C:\Windows\System32\escsvc64.exe

(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe

(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Control Center\SUSSoundProxy.exe

(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Control Center\NetworkSetting\NetworkClient.exe

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe

(Intel Corporation) C:\Windows\System32\igfxtray.exe

(Intel Corporation) C:\Windows\System32\hkcmd.exe

(Intel Corporation) C:\Windows\System32\igfxsrvc.exe

(Intel Corporation) C:\Windows\System32\igfxpers.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe

(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe

(Broadcom Corporation) C:\Program Files\Broadcom\Broadcom 802.11 Network Adapter\WLTRAY.EXE

(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe

(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe

(Intel Corporation) C:\Program Files\Sony\VAIO Care\ESRV\esrv.exe

(SEIKO EPSON CORPORATION) C:\Windows\System32\spool\drivers\x64\3\E_IATIIKE.EXE

(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

(Sony Corporation) C:\Program Files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe

(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe

(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe

(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe

(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe

(Sony Corporation) C:\Program Files\Sony\VAIO Update\VAIOUpdt.exe

(Sony Corporation) C:\Program Files\Sony\VAIO Update\VAIOUpdt.exe

(Sony Corporation) C:\Program Files\Sony\VAIO Update\VUAgent.exe

(Intel Corporation) C:\Program Files\Sony\VAIO Care\ESRV\esrv_svc.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe

(Intel Corporation) C:\Program Files\Sony\VAIO Care\VCPerfService.exe

() C:\Program Files\Sony\VAIO Care\listener.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe

(Microsoft Corporation) C:\Windows\System32\dllhost.exe

(Microsoft Corporation) C:\Windows\System32\dllhost.exe
 
 

==================== Registry (Whitelisted) ==================
 

HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1381744 2014-02-20] (Realtek Semiconductor)

HKLM\...\Run: [Broadcom Wireless Manager UI] => C:\Program Files\Broadcom\Broadcom 802.11 Network Adapter\WLTRAY.exe [10590208 2013-03-14] (Broadcom Corporation)

HKLM\...\Run: [Bluetooth] => C:\Program Files\WIDCOMM\Bluetooth Software\bttray.exe [526704 2012-12-14] (Broadcom Corporation.)

HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3039984 2013-03-14] (Synaptics Incorporated)

HKLM-x32\...\Run: [PMBVolumeWatcher] => C:\Program Files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe [740376 2013-02-06] (Sony Corporation)

HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)

HKLM-x32\...\Run: [Intel AppUp(R) center] => C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe [156000 2013-02-19] (Intel Corporation)

HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [750160 2014-07-12] (Avira Operations GmbH & Co. KG)

HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-05-26] (Apple Inc.)

HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-07-11] (Oracle Corporation)

Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)

HKU\S-1-5-21-1257074523-2441018885-1819162988-1001\...\Run: [EPLTarget\P0000000000000000] => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_IATIIKE.EXE [283232 2012-10-24] (SEIKO EPSON CORPORATION)

HKU\S-1-5-21-1257074523-2441018885-1819162988-1001\...\Run: [AmazonMP3DownloaderHelper] => C:\Users\Susi-\AppData\Local\Program Files\Amazon\MP3 Downloader\AmazonMP3DownloaderHelper.exe 
 

==================== Internet (Whitelisted) ====================
 

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.web.de/

HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://sony13.msn.com

HKCU\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://vaioportal.sony.eu

HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie

HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie

SearchScopes: HKCU - {050147D7-80C4-4EF7-A6E6-2CD5856ACBBF} URL = hxxp://rover.ebay.com/rover/1/707-37276-16609-27/4?mpre=hxxp://shop.ebay.de/?oemInLn=ieSrch-&_nkw={searchTerms}

SearchScopes: HKCU - {56AF630B-6638-4CF3-B388-4AE452CC09BC} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MASEJS

BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)

BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File

Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
 

FireFox:

========

FF ProfilePath: C:\Users\Susi-\AppData\Roaming\Mozilla\Firefox\Profiles\zahruggu.default

FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF64_12_0_0_77.dll ()

FF Plugin: @java.com/DTPlugin,version=10.13.2 - C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)

FF Plugin-x32: @adobe.com/FlashPlayer - C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_77.dll ()

FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()

FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 - C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)

FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)

FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)

FF Plugin-x32: @java.com/DTPlugin,version=10.65.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)

FF Plugin-x32: @java.com/JavaPlugin,version=10.65.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

FF Plugin-x32: @mcafee.com/McAfeeMssPlugin - C:\Program Files (x86)\Sony\MSS\3.8.130\npMcAfeeMss.dll No File

FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 - C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()

FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF Plugin HKCU: intel.com/AppUp - C:\Program Files (x86)\Intel\IntelAppStore\bin\npAppUp.dll (Intel)

FF Plugin HKCU: intel.com/AppUpx64 - C:\Program Files (x86)\Intel\IntelAppStore\bin\npAppUp_x64.dll (Intel)

FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml

FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml

FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml

FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml

FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK
 

Chrome: 

=======

CHR Extension: (Google Wallet) - C:\Users\Susi-\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-01-20]
 

==================== Services (Whitelisted) =================
 

R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [430160 2014-07-12] (Avira Operations GmbH & Co. KG)

R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [430160 2014-07-12] (Avira Operations GmbH & Co. KG)

R2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe [1039952 2014-05-15] (Avira Operations GmbH & Co. KG)

S2 BcmBtRSupport; C:\Windows\system32\BtwRSupportService.exe [2252504 2013-09-04] (Broadcom Corporation.)

R2 EpsonScanSvc; C:\Windows\system32\EscSvc64.exe [135824 2011-12-12] (Seiko Epson Corporation)

R2 ESRV_SVC; C:\Program Files\Sony\VAIO Care\ESRV\esrv_svc.exe [377768 2013-11-19] (Intel Corporation)

R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [129824 2013-01-23] (Intel Corporation)

R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [166688 2013-01-23] (Intel Corporation)

S3 McComponentHostServiceSony; C:\Program Files (x86)\Sony\MSS\3.8.130\McCHSvc.exe [235216 2013-10-16] (McAfee, Inc.)

S3 NetworkSupport; C:\Program Files (x86)\Sony\VAIO Control Center\NetworkSetting\NetworkSupport.exe [629336 2013-09-28] (Sony Corporation)

R2 PMBDeviceInfoProvider; C:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe [483864 2013-02-06] (Sony Corporation)

R2 SampleCollector; C:\Program Files\Sony\VAIO Care\VCPerfService.exe [266168 2013-11-19] (Intel Corporation)

S3 USER_ESRV_SVC; C:\Program Files\Sony\VAIO Care\ESRV\esrv_svc.exe [377768 2013-11-19] (Intel Corporation)

S3 VCFw; C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [972000 2013-01-06] (Sony Corporation)

R3 VUAgent; C:\Program Files\Sony\VAIO Update\vuagent.exe [1642544 2014-02-27] (Sony Corporation)

S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347880 2014-03-24] (Microsoft Corporation)

S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2014-03-24] (Microsoft Corporation)

R2 wltrysvc; C:\Program Files\Broadcom\Broadcom 802.11 Network Adapter\bcmwltry.exe [6070272 2013-03-14] (Broadcom Corporation) [File not signed]
 

==================== Drivers (Whitelisted) ====================
 

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [117712 2014-07-12] (Avira Operations GmbH & Co. KG)

R1 avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [130584 2014-05-15] (Avira Operations GmbH & Co. KG)

R1 avkmgr; C:\Windows\system32\DRIVERS\avkmgr.sys [28600 2013-12-09] (Avira Operations GmbH & Co. KG)

R2 avnetflt; C:\Windows\system32\DRIVERS\avnetflt.sys [84720 2013-12-09] (Avira Operations GmbH & Co. KG)

R3 bcbtums; C:\Windows\system32\drivers\bcbtums.sys [170712 2013-09-04] (Broadcom Corporation.)

R3 BCM43XX; C:\Windows\system32\DRIVERS\bcmwl63a.sys [6971056 2013-03-14] (Broadcom Corporation)

R3 BthLEEnum; C:\Windows\System32\drivers\BthLEEnum.sys [226304 2013-12-04] (Microsoft Corporation)

R3 semav6thermal64ro; C:\WINDOWS\system32\drivers\semav6thermal64ro.sys [13792 2014-04-26] ()

R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [33008 2013-03-14] (Synaptics Incorporated)

S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [123224 2014-03-24] (Microsoft Corporation)
 

==================== NetSvcs (Whitelisted) ===================
 
 

==================== One Month Created Files and Folders ========
 

2014-07-22 15:07 - 2014-07-22 15:07 - 00001146 _____ () C:\Users\Susi-\Desktop\mbam.txt

2014-07-22 14:48 - 2014-07-22 14:48 - 00001118 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2014-07-22 14:48 - 2014-07-22 14:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware

2014-07-22 14:48 - 2014-07-22 14:48 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware

2014-07-22 14:48 - 2014-05-12 07:26 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys

2014-07-22 14:48 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys

2014-07-22 14:47 - 2014-07-22 14:47 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Susi-\Downloads\mbam-setup-2.0.2.1012.exe

2014-07-22 14:18 - 2014-07-22 14:50 - 00122584 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys

2014-07-22 14:18 - 2014-07-22 14:48 - 00000000 ____D () C:\ProgramData\Malwarebytes

2014-07-22 14:18 - 2014-07-22 14:38 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)

2014-07-22 14:17 - 2014-07-22 14:38 - 00000000 ____D () C:\Users\Susi-\Desktop\mbar

2014-07-22 14:17 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys

2014-07-22 14:16 - 2014-07-22 14:17 - 14349744 _____ (Malwarebytes Corp.) C:\Users\Susi-\Downloads\mbar-1.07.0.1012.exe

2014-07-22 13:48 - 2014-07-22 13:48 - 00030039 _____ () C:\Users\Susi-\Downloads\Addition.txt

2014-07-22 13:47 - 2014-07-22 17:59 - 00014137 _____ () C:\Users\Susi-\Downloads\FRST.txt

2014-07-22 13:45 - 2014-07-22 17:59 - 00000000 ____D () C:\FRST

2014-07-22 13:44 - 2014-07-22 13:44 - 00272808 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\javaws.exe

2014-07-22 13:44 - 2014-07-22 13:44 - 00175528 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\javaw.exe

2014-07-22 13:44 - 2014-07-22 13:44 - 00175528 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\java.exe

2014-07-22 13:44 - 2014-07-22 13:44 - 00098216 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-32.dll

2014-07-22 13:44 - 2014-07-22 13:44 - 00000000 ____D () C:\ProgramData\Oracle

2014-07-22 13:44 - 2014-07-22 13:44 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java

2014-07-22 13:44 - 2014-07-22 13:44 - 00000000 ____D () C:\Program Files (x86)\Java

2014-07-22 13:43 - 2014-07-22 13:44 - 02090496 _____ (Farbar) C:\Users\Susi-\Downloads\FRST64.exe

2014-07-22 13:40 - 2014-07-22 13:56 - 638259200 _____ () C:\Users\Susi-\Downloads\rescue-system.iso

2014-07-22 13:38 - 2014-07-22 13:38 - 00918440 _____ (Oracle Corporation) C:\Users\Susi-\Downloads\jxpiinstall.exe

2014-07-22 13:27 - 2014-07-22 13:28 - 00000000 ____D () C:\NPE

2014-07-22 13:24 - 2014-07-22 13:38 - 00000000 ____D () C:\Users\Susi-\AppData\Local\NPE

2014-07-22 13:24 - 2014-07-22 13:24 - 00000000 ____D () C:\ProgramData\Norton

2014-07-22 13:23 - 2014-07-22 13:23 - 03081712 ____N (Symantec Corporation) C:\Users\Susi-\Downloads\NPE.exe

2014-06-29 14:14 - 2014-06-29 14:14 - 00000000 ____D () C:\Users\HomeGroupUser$\AppData\Local\Packages

2014-06-29 14:14 - 2014-06-29 14:14 - 00000000 ____D () C:\Users\HomeGroupUser$

2014-06-29 14:14 - 2014-06-29 14:14 - 00000000 ____D () C:\Users\Gast\AppData\Local\Packages

2014-06-29 14:14 - 2014-06-29 14:14 - 00000000 ____D () C:\Users\Gast

2014-06-29 14:14 - 2014-06-29 14:14 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Packages

2014-06-29 14:14 - 2014-06-29 14:14 - 00000000 ____D () C:\Users\Administrator

2014-06-29 14:08 - 2014-06-29 14:08 - 00000998 _____ () C:\Users\Public\Desktop\VAIO Update.lnk

2014-06-29 14:08 - 2014-06-29 14:08 - 00000998 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VAIO Update.lnk
 

==================== One Month Modified Files and Folders =======
 

2014-07-22 18:00 - 2014-07-22 13:47 - 00014137 _____ () C:\Users\Susi-\Downloads\FRST.txt

2014-07-22 18:00 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\system32\sru

2014-07-22 17:59 - 2014-07-22 13:45 - 00000000 ____D () C:\FRST

2014-07-22 17:56 - 2013-08-22 16:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT

2014-07-22 17:56 - 2013-08-22 15:25 - 00262144 ___SH () C:\WINDOWS\system32\config\BBI

2014-07-22 17:55 - 2014-02-16 06:04 - 01704333 _____ () C:\WINDOWS\WindowsUpdate.log

2014-07-22 15:13 - 2013-11-14 09:27 - 01776918 _____ () C:\WINDOWS\system32\PerfStringBackup.INI

2014-07-22 15:13 - 2013-11-14 09:11 - 00765582 _____ () C:\WINDOWS\system32\perfh007.dat

2014-07-22 15:13 - 2013-11-14 09:11 - 00159366 _____ () C:\WINDOWS\system32\perfc007.dat

2014-07-22 15:07 - 2014-07-22 15:07 - 00001146 _____ () C:\Users\Susi-\Desktop\mbam.txt

2014-07-22 15:05 - 2013-12-20 18:54 - 00003600 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1257074523-2441018885-1819162988-1001

2014-07-22 14:50 - 2014-07-22 14:18 - 00122584 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys

2014-07-22 14:48 - 2014-07-22 14:48 - 00001118 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2014-07-22 14:48 - 2014-07-22 14:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware

2014-07-22 14:48 - 2014-07-22 14:48 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware

2014-07-22 14:48 - 2014-07-22 14:18 - 00000000 ____D () C:\ProgramData\Malwarebytes

2014-07-22 14:47 - 2014-07-22 14:47 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Susi-\Downloads\mbam-setup-2.0.2.1012.exe

2014-07-22 14:38 - 2014-07-22 14:18 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)

2014-07-22 14:38 - 2014-07-22 14:17 - 00000000 ____D () C:\Users\Susi-\Desktop\mbar

2014-07-22 14:17 - 2014-07-22 14:16 - 14349744 _____ (Malwarebytes Corp.) C:\Users\Susi-\Downloads\mbar-1.07.0.1012.exe

2014-07-22 13:56 - 2014-07-22 13:40 - 638259200 _____ () C:\Users\Susi-\Downloads\rescue-system.iso

2014-07-22 13:48 - 2014-07-22 13:48 - 00030039 _____ () C:\Users\Susi-\Downloads\Addition.txt

2014-07-22 13:44 - 2014-07-22 13:44 - 00272808 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\javaws.exe

2014-07-22 13:44 - 2014-07-22 13:44 - 00175528 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\javaw.exe

2014-07-22 13:44 - 2014-07-22 13:44 - 00175528 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\java.exe

2014-07-22 13:44 - 2014-07-22 13:44 - 00098216 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-32.dll

2014-07-22 13:44 - 2014-07-22 13:44 - 00000000 ____D () C:\ProgramData\Oracle

2014-07-22 13:44 - 2014-07-22 13:44 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java

2014-07-22 13:44 - 2014-07-22 13:44 - 00000000 ____D () C:\Program Files (x86)\Java

2014-07-22 13:44 - 2014-07-22 13:43 - 02090496 _____ (Farbar) C:\Users\Susi-\Downloads\FRST64.exe

2014-07-22 13:44 - 2013-11-01 11:11 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information

2014-07-22 13:38 - 2014-07-22 13:38 - 00918440 _____ (Oracle Corporation) C:\Users\Susi-\Downloads\jxpiinstall.exe

2014-07-22 13:38 - 2014-07-22 13:24 - 00000000 ____D () C:\Users\Susi-\AppData\Local\NPE

2014-07-22 13:34 - 2014-04-07 13:51 - 00000000 ____D () C:\Users\Susi-\AppData\Roaming\Amazon

2014-07-22 13:34 - 2014-04-07 13:47 - 00000000 ____D () C:\Users\Susi-\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Amazon

2014-07-22 13:28 - 2014-07-22 13:27 - 00000000 ____D () C:\NPE

2014-07-22 13:24 - 2014-07-22 13:24 - 00000000 ____D () C:\ProgramData\Norton

2014-07-22 13:23 - 2014-07-22 13:23 - 03081712 ____N (Symantec Corporation) C:\Users\Susi-\Downloads\NPE.exe

2014-07-22 13:10 - 2014-02-17 16:44 - 00003914 _____ () C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{C7F60A85-E73B-43D2-8F59-55EA008F6EB1}

2014-07-21 19:24 - 2012-07-26 10:12 - 00000000 ____D () C:\WINDOWS\LiveKernelReports

2014-07-17 19:59 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\AppReadiness

2014-07-14 14:12 - 2012-07-26 09:59 - 00000000 ____D () C:\WINDOWS\CbsTemp

2014-07-14 14:03 - 2014-01-17 16:29 - 00000000 ____D () C:\Users\Susi-\AppData\Local\YhhPack

2014-07-14 13:53 - 2014-03-22 11:40 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service

2014-07-14 13:53 - 2013-11-14 00:18 - 00008850 _____ () C:\WINDOWS\PFRO.log

2014-07-14 13:47 - 2013-12-20 18:38 - 00000000 ____D () C:\Users\Susi-\AppData\Roaming\Sony Corporation

2014-07-12 21:21 - 2013-12-20 19:15 - 00117712 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avgntflt.sys

2014-06-30 11:10 - 2013-12-20 18:43 - 00000000 ____D () C:\Update

2014-06-29 14:14 - 2014-06-29 14:14 - 00000000 ____D () C:\Users\HomeGroupUser$\AppData\Local\Packages

2014-06-29 14:14 - 2014-06-29 14:14 - 00000000 ____D () C:\Users\HomeGroupUser$

2014-06-29 14:14 - 2014-06-29 14:14 - 00000000 ____D () C:\Users\Gast\AppData\Local\Packages

2014-06-29 14:14 - 2014-06-29 14:14 - 00000000 ____D () C:\Users\Gast

2014-06-29 14:14 - 2014-06-29 14:14 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Packages

2014-06-29 14:14 - 2014-06-29 14:14 - 00000000 ____D () C:\Users\Administrator

2014-06-29 14:14 - 2013-11-01 10:07 - 00000000 ____D () C:\Program Files\Sony

2014-06-29 14:08 - 2014-06-29 14:08 - 00000998 _____ () C:\Users\Public\Desktop\VAIO Update.lnk

2014-06-29 14:08 - 2014-06-29 14:08 - 00000998 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VAIO Update.lnk

2014-06-29 14:08 - 2013-11-01 11:30 - 00000000 ____D () C:\WINDOWS\System32\Tasks\Sony Corporation

2014-06-29 14:08 - 2013-11-01 11:25 - 00000000 ____D () C:\ProgramData\Sony Corporation

2014-06-29 14:05 - 2014-05-15 13:09 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox.bak
 

Some content of TEMP:

====================

C:\Users\Susi-\AppData\Local\Temp\avgnt.exe
 
 

==================== Bamital & volsnap Check =================
 

C:\Windows\System32\winlogon.exe => File is digitally signed

C:\Windows\System32\wininit.exe => File is digitally signed

C:\Windows\explorer.exe => File is digitally signed

C:\Windows\SysWOW64\explorer.exe => File is digitally signed

C:\Windows\System32\svchost.exe => File is digitally signed

C:\Windows\SysWOW64\svchost.exe => File is digitally signed

C:\Windows\System32\services.exe => File is digitally signed

C:\Windows\System32\User32.dll => File is digitally signed

C:\Windows\SysWOW64\User32.dll => File is digitally signed

C:\Windows\System32\userinit.exe => File is digitally signed

C:\Windows\SysWOW64\userinit.exe => File is digitally signed

C:\Windows\System32\rpcss.dll => File is digitally signed

C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 

LastRegBack: 2014-07-22 15:05
 

==================== End Of Log ============================

--- --- ---

--- --- ---

--- --- ---

FRST Logfile:

FRST Logfile:

FRST Logfile:

Code:

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 21-07-2014

Ran by Susi- (administrator) on SUSI on 22-07-2014 17:59:33

Running from C:\Users\Susi-\Downloads

Platform: Windows 8.1 (X64) OS Language: Deutsch (Deutschland)

Internet Explorer Version 11

Boot Mode: Normal
 
 
 

==================== Processes (Whitelisted) =================
 

(Microsoft Corporation) C:\Windows\System32\wlanext.exe

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe

(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe

(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe

(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe

(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe

(Microsoft Corporation) C:\Windows\System32\dasHost.exe

(Sony Corporation) C:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe

(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Control Center\VESMgr.exe

(Broadcom Corporation) C:\Program Files\Broadcom\Broadcom 802.11 Network Adapter\WLTRYSVC.EXE

(Broadcom Corporation) C:\Program Files\Broadcom\Broadcom 802.11 Network Adapter\BCMWLTRY.EXE

(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Control Center\VESMgrSub.exe

(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Control Center\VESMgrSub.exe

(Seiko Epson Corporation) C:\Windows\System32\escsvc64.exe

(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe

(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Control Center\SUSSoundProxy.exe

(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Control Center\NetworkSetting\NetworkClient.exe

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe

(Intel Corporation) C:\Windows\System32\igfxtray.exe

(Intel Corporation) C:\Windows\System32\hkcmd.exe

(Intel Corporation) C:\Windows\System32\igfxsrvc.exe

(Intel Corporation) C:\Windows\System32\igfxpers.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe

(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe

(Broadcom Corporation) C:\Program Files\Broadcom\Broadcom 802.11 Network Adapter\WLTRAY.EXE

(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe

(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe

(Intel Corporation) C:\Program Files\Sony\VAIO Care\ESRV\esrv.exe

(SEIKO EPSON CORPORATION) C:\Windows\System32\spool\drivers\x64\3\E_IATIIKE.EXE

(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

(Sony Corporation) C:\Program Files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe

(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe

(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe

(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe

(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe

(Sony Corporation) C:\Program Files\Sony\VAIO Update\VAIOUpdt.exe

(Sony Corporation) C:\Program Files\Sony\VAIO Update\VAIOUpdt.exe

(Sony Corporation) C:\Program Files\Sony\VAIO Update\VUAgent.exe

(Intel Corporation) C:\Program Files\Sony\VAIO Care\ESRV\esrv_svc.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe

(Intel Corporation) C:\Program Files\Sony\VAIO Care\VCPerfService.exe

() C:\Program Files\Sony\VAIO Care\listener.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe

(Microsoft Corporation) C:\Windows\System32\dllhost.exe

(Microsoft Corporation) C:\Windows\System32\dllhost.exe
 
 

==================== Registry (Whitelisted) ==================
 

HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1381744 2014-02-20] (Realtek Semiconductor)

HKLM\...\Run: [Broadcom Wireless Manager UI] => C:\Program Files\Broadcom\Broadcom 802.11 Network Adapter\WLTRAY.exe [10590208 2013-03-14] (Broadcom Corporation)

HKLM\...\Run: [Bluetooth] => C:\Program Files\WIDCOMM\Bluetooth Software\bttray.exe [526704 2012-12-14] (Broadcom Corporation.)

HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3039984 2013-03-14] (Synaptics Incorporated)

HKLM-x32\...\Run: [PMBVolumeWatcher] => C:\Program Files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe [740376 2013-02-06] (Sony Corporation)

HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)

HKLM-x32\...\Run: [Intel AppUp(R) center] => C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe [156000 2013-02-19] (Intel Corporation)

HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [750160 2014-07-12] (Avira Operations GmbH & Co. KG)

HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-05-26] (Apple Inc.)

HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-07-11] (Oracle Corporation)

Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)

HKU\S-1-5-21-1257074523-2441018885-1819162988-1001\...\Run: [EPLTarget\P0000000000000000] => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_IATIIKE.EXE [283232 2012-10-24] (SEIKO EPSON CORPORATION)

HKU\S-1-5-21-1257074523-2441018885-1819162988-1001\...\Run: [AmazonMP3DownloaderHelper] => C:\Users\Susi-\AppData\Local\Program Files\Amazon\MP3 Downloader\AmazonMP3DownloaderHelper.exe 
 

==================== Internet (Whitelisted) ====================
 

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.web.de/

HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://sony13.msn.com

HKCU\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://vaioportal.sony.eu

HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie

HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie

SearchScopes: HKCU - {050147D7-80C4-4EF7-A6E6-2CD5856ACBBF} URL = hxxp://rover.ebay.com/rover/1/707-37276-16609-27/4?mpre=hxxp://shop.ebay.de/?oemInLn=ieSrch-&_nkw={searchTerms}

SearchScopes: HKCU - {56AF630B-6638-4CF3-B388-4AE452CC09BC} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MASEJS

BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)

BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File

Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
 

FireFox:

========

FF ProfilePath: C:\Users\Susi-\AppData\Roaming\Mozilla\Firefox\Profiles\zahruggu.default

FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF64_12_0_0_77.dll ()

FF Plugin: @java.com/DTPlugin,version=10.13.2 - C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)

FF Plugin-x32: @adobe.com/FlashPlayer - C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_77.dll ()

FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()

FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 - C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)

FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)

FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)

FF Plugin-x32: @java.com/DTPlugin,version=10.65.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)

FF Plugin-x32: @java.com/JavaPlugin,version=10.65.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

FF Plugin-x32: @mcafee.com/McAfeeMssPlugin - C:\Program Files (x86)\Sony\MSS\3.8.130\npMcAfeeMss.dll No File

FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 - C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()

FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF Plugin HKCU: intel.com/AppUp - C:\Program Files (x86)\Intel\IntelAppStore\bin\npAppUp.dll (Intel)

FF Plugin HKCU: intel.com/AppUpx64 - C:\Program Files (x86)\Intel\IntelAppStore\bin\npAppUp_x64.dll (Intel)

FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml

FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml

FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml

FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml

FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK
 

Chrome: 

=======

CHR Extension: (Google Wallet) - C:\Users\Susi-\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-01-20]
 

==================== Services (Whitelisted) =================
 

R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [430160 2014-07-12] (Avira Operations GmbH & Co. KG)

R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [430160 2014-07-12] (Avira Operations GmbH & Co. KG)

R2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe [1039952 2014-05-15] (Avira Operations GmbH & Co. KG)

S2 BcmBtRSupport; C:\Windows\system32\BtwRSupportService.exe [2252504 2013-09-04] (Broadcom Corporation.)

R2 EpsonScanSvc; C:\Windows\system32\EscSvc64.exe [135824 2011-12-12] (Seiko Epson Corporation)

R2 ESRV_SVC; C:\Program Files\Sony\VAIO Care\ESRV\esrv_svc.exe [377768 2013-11-19] (Intel Corporation)

R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [129824 2013-01-23] (Intel Corporation)

R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [166688 2013-01-23] (Intel Corporation)

S3 McComponentHostServiceSony; C:\Program Files (x86)\Sony\MSS\3.8.130\McCHSvc.exe [235216 2013-10-16] (McAfee, Inc.)

S3 NetworkSupport; C:\Program Files (x86)\Sony\VAIO Control Center\NetworkSetting\NetworkSupport.exe [629336 2013-09-28] (Sony Corporation)

R2 PMBDeviceInfoProvider; C:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe [483864 2013-02-06] (Sony Corporation)

R2 SampleCollector; C:\Program Files\Sony\VAIO Care\VCPerfService.exe [266168 2013-11-19] (Intel Corporation)

S3 USER_ESRV_SVC; C:\Program Files\Sony\VAIO Care\ESRV\esrv_svc.exe [377768 2013-11-19] (Intel Corporation)

S3 VCFw; C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [972000 2013-01-06] (Sony Corporation)

R3 VUAgent; C:\Program Files\Sony\VAIO Update\vuagent.exe [1642544 2014-02-27] (Sony Corporation)

S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347880 2014-03-24] (Microsoft Corporation)

S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2014-03-24] (Microsoft Corporation)

R2 wltrysvc; C:\Program Files\Broadcom\Broadcom 802.11 Network Adapter\bcmwltry.exe [6070272 2013-03-14] (Broadcom Corporation) [File not signed]
 

==================== Drivers (Whitelisted) ====================
 

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [117712 2014-07-12] (Avira Operations GmbH & Co. KG)

R1 avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [130584 2014-05-15] (Avira Operations GmbH & Co. KG)

R1 avkmgr; C:\Windows\system32\DRIVERS\avkmgr.sys [28600 2013-12-09] (Avira Operations GmbH & Co. KG)

R2 avnetflt; C:\Windows\system32\DRIVERS\avnetflt.sys [84720 2013-12-09] (Avira Operations GmbH & Co. KG)

R3 bcbtums; C:\Windows\system32\drivers\bcbtums.sys [170712 2013-09-04] (Broadcom Corporation.)

R3 BCM43XX; C:\Windows\system32\DRIVERS\bcmwl63a.sys [6971056 2013-03-14] (Broadcom Corporation)

R3 BthLEEnum; C:\Windows\System32\drivers\BthLEEnum.sys [226304 2013-12-04] (Microsoft Corporation)

R3 semav6thermal64ro; C:\WINDOWS\system32\drivers\semav6thermal64ro.sys [13792 2014-04-26] ()

R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [33008 2013-03-14] (Synaptics Incorporated)

S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [123224 2014-03-24] (Microsoft Corporation)
 

==================== NetSvcs (Whitelisted) ===================
 
 

==================== One Month Created Files and Folders ========
 

2014-07-22 15:07 - 2014-07-22 15:07 - 00001146 _____ () C:\Users\Susi-\Desktop\mbam.txt

2014-07-22 14:48 - 2014-07-22 14:48 - 00001118 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2014-07-22 14:48 - 2014-07-22 14:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware

2014-07-22 14:48 - 2014-07-22 14:48 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware

2014-07-22 14:48 - 2014-05-12 07:26 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys

2014-07-22 14:48 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys

2014-07-22 14:47 - 2014-07-22 14:47 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Susi-\Downloads\mbam-setup-2.0.2.1012.exe

2014-07-22 14:18 - 2014-07-22 14:50 - 00122584 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys

2014-07-22 14:18 - 2014-07-22 14:48 - 00000000 ____D () C:\ProgramData\Malwarebytes

2014-07-22 14:18 - 2014-07-22 14:38 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)

2014-07-22 14:17 - 2014-07-22 14:38 - 00000000 ____D () C:\Users\Susi-\Desktop\mbar

2014-07-22 14:17 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys

2014-07-22 14:16 - 2014-07-22 14:17 - 14349744 _____ (Malwarebytes Corp.) C:\Users\Susi-\Downloads\mbar-1.07.0.1012.exe

2014-07-22 13:48 - 2014-07-22 13:48 - 00030039 _____ () C:\Users\Susi-\Downloads\Addition.txt

2014-07-22 13:47 - 2014-07-22 17:59 - 00014137 _____ () C:\Users\Susi-\Downloads\FRST.txt

2014-07-22 13:45 - 2014-07-22 17:59 - 00000000 ____D () C:\FRST

2014-07-22 13:44 - 2014-07-22 13:44 - 00272808 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\javaws.exe

2014-07-22 13:44 - 2014-07-22 13:44 - 00175528 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\javaw.exe

2014-07-22 13:44 - 2014-07-22 13:44 - 00175528 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\java.exe

2014-07-22 13:44 - 2014-07-22 13:44 - 00098216 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-32.dll

2014-07-22 13:44 - 2014-07-22 13:44 - 00000000 ____D () C:\ProgramData\Oracle

2014-07-22 13:44 - 2014-07-22 13:44 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java

2014-07-22 13:44 - 2014-07-22 13:44 - 00000000 ____D () C:\Program Files (x86)\Java

2014-07-22 13:43 - 2014-07-22 13:44 - 02090496 _____ (Farbar) C:\Users\Susi-\Downloads\FRST64.exe

2014-07-22 13:40 - 2014-07-22 13:56 - 638259200 _____ () C:\Users\Susi-\Downloads\rescue-system.iso

2014-07-22 13:38 - 2014-07-22 13:38 - 00918440 _____ (Oracle Corporation) C:\Users\Susi-\Downloads\jxpiinstall.exe

2014-07-22 13:27 - 2014-07-22 13:28 - 00000000 ____D () C:\NPE

2014-07-22 13:24 - 2014-07-22 13:38 - 00000000 ____D () C:\Users\Susi-\AppData\Local\NPE

2014-07-22 13:24 - 2014-07-22 13:24 - 00000000 ____D () C:\ProgramData\Norton

2014-07-22 13:23 - 2014-07-22 13:23 - 03081712 ____N (Symantec Corporation) C:\Users\Susi-\Downloads\NPE.exe

2014-06-29 14:14 - 2014-06-29 14:14 - 00000000 ____D () C:\Users\HomeGroupUser$\AppData\Local\Packages

2014-06-29 14:14 - 2014-06-29 14:14 - 00000000 ____D () C:\Users\HomeGroupUser$

2014-06-29 14:14 - 2014-06-29 14:14 - 00000000 ____D () C:\Users\Gast\AppData\Local\Packages

2014-06-29 14:14 - 2014-06-29 14:14 - 00000000 ____D () C:\Users\Gast

2014-06-29 14:14 - 2014-06-29 14:14 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Packages

2014-06-29 14:14 - 2014-06-29 14:14 - 00000000 ____D () C:\Users\Administrator

2014-06-29 14:08 - 2014-06-29 14:08 - 00000998 _____ () C:\Users\Public\Desktop\VAIO Update.lnk

2014-06-29 14:08 - 2014-06-29 14:08 - 00000998 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VAIO Update.lnk
 

==================== One Month Modified Files and Folders =======
 

2014-07-22 18:00 - 2014-07-22 13:47 - 00014137 _____ () C:\Users\Susi-\Downloads\FRST.txt

2014-07-22 18:00 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\system32\sru

2014-07-22 17:59 - 2014-07-22 13:45 - 00000000 ____D () C:\FRST

2014-07-22 17:56 - 2013-08-22 16:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT

2014-07-22 17:56 - 2013-08-22 15:25 - 00262144 ___SH () C:\WINDOWS\system32\config\BBI

2014-07-22 17:55 - 2014-02-16 06:04 - 01704333 _____ () C:\WINDOWS\WindowsUpdate.log

2014-07-22 15:13 - 2013-11-14 09:27 - 01776918 _____ () C:\WINDOWS\system32\PerfStringBackup.INI

2014-07-22 15:13 - 2013-11-14 09:11 - 00765582 _____ () C:\WINDOWS\system32\perfh007.dat

2014-07-22 15:13 - 2013-11-14 09:11 - 00159366 _____ () C:\WINDOWS\system32\perfc007.dat

2014-07-22 15:07 - 2014-07-22 15:07 - 00001146 _____ () C:\Users\Susi-\Desktop\mbam.txt

2014-07-22 15:05 - 2013-12-20 18:54 - 00003600 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1257074523-2441018885-1819162988-1001

2014-07-22 14:50 - 2014-07-22 14:18 - 00122584 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys

2014-07-22 14:48 - 2014-07-22 14:48 - 00001118 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2014-07-22 14:48 - 2014-07-22 14:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware

2014-07-22 14:48 - 2014-07-22 14:48 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware

2014-07-22 14:48 - 2014-07-22 14:18 - 00000000 ____D () C:\ProgramData\Malwarebytes

2014-07-22 14:47 - 2014-07-22 14:47 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Susi-\Downloads\mbam-setup-2.0.2.1012.exe

2014-07-22 14:38 - 2014-07-22 14:18 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)

2014-07-22 14:38 - 2014-07-22 14:17 - 00000000 ____D () C:\Users\Susi-\Desktop\mbar

2014-07-22 14:17 - 2014-07-22 14:16 - 14349744 _____ (Malwarebytes Corp.) C:\Users\Susi-\Downloads\mbar-1.07.0.1012.exe

2014-07-22 13:56 - 2014-07-22 13:40 - 638259200 _____ () C:\Users\Susi-\Downloads\rescue-system.iso

2014-07-22 13:48 - 2014-07-22 13:48 - 00030039 _____ () C:\Users\Susi-\Downloads\Addition.txt

2014-07-22 13:44 - 2014-07-22 13:44 - 00272808 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\javaws.exe

2014-07-22 13:44 - 2014-07-22 13:44 - 00175528 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\javaw.exe

2014-07-22 13:44 - 2014-07-22 13:44 - 00175528 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\java.exe

2014-07-22 13:44 - 2014-07-22 13:44 - 00098216 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-32.dll

2014-07-22 13:44 - 2014-07-22 13:44 - 00000000 ____D () C:\ProgramData\Oracle

2014-07-22 13:44 - 2014-07-22 13:44 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java

2014-07-22 13:44 - 2014-07-22 13:44 - 00000000 ____D () C:\Program Files (x86)\Java

2014-07-22 13:44 - 2014-07-22 13:43 - 02090496 _____ (Farbar) C:\Users\Susi-\Downloads\FRST64.exe

2014-07-22 13:44 - 2013-11-01 11:11 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information

2014-07-22 13:38 - 2014-07-22 13:38 - 00918440 _____ (Oracle Corporation) C:\Users\Susi-\Downloads\jxpiinstall.exe

2014-07-22 13:38 - 2014-07-22 13:24 - 00000000 ____D () C:\Users\Susi-\AppData\Local\NPE

2014-07-22 13:34 - 2014-04-07 13:51 - 00000000 ____D () C:\Users\Susi-\AppData\Roaming\Amazon

2014-07-22 13:34 - 2014-04-07 13:47 - 00000000 ____D () C:\Users\Susi-\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Amazon

2014-07-22 13:28 - 2014-07-22 13:27 - 00000000 ____D () C:\NPE

2014-07-22 13:24 - 2014-07-22 13:24 - 00000000 ____D () C:\ProgramData\Norton

2014-07-22 13:23 - 2014-07-22 13:23 - 03081712 ____N (Symantec Corporation) C:\Users\Susi-\Downloads\NPE.exe

2014-07-22 13:10 - 2014-02-17 16:44 - 00003914 _____ () C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{C7F60A85-E73B-43D2-8F59-55EA008F6EB1}

2014-07-21 19:24 - 2012-07-26 10:12 - 00000000 ____D () C:\WINDOWS\LiveKernelReports

2014-07-17 19:59 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\AppReadiness

2014-07-14 14:12 - 2012-07-26 09:59 - 00000000 ____D () C:\WINDOWS\CbsTemp

2014-07-14 14:03 - 2014-01-17 16:29 - 00000000 ____D () C:\Users\Susi-\AppData\Local\YhhPack

2014-07-14 13:53 - 2014-03-22 11:40 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service

2014-07-14 13:53 - 2013-11-14 00:18 - 00008850 _____ () C:\WINDOWS\PFRO.log

2014-07-14 13:47 - 2013-12-20 18:38 - 00000000 ____D () C:\Users\Susi-\AppData\Roaming\Sony Corporation

2014-07-12 21:21 - 2013-12-20 19:15 - 00117712 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avgntflt.sys

2014-06-30 11:10 - 2013-12-20 18:43 - 00000000 ____D () C:\Update

2014-06-29 14:14 - 2014-06-29 14:14 - 00000000 ____D () C:\Users\HomeGroupUser$\AppData\Local\Packages

2014-06-29 14:14 - 2014-06-29 14:14 - 00000000 ____D () C:\Users\HomeGroupUser$

2014-06-29 14:14 - 2014-06-29 14:14 - 00000000 ____D () C:\Users\Gast\AppData\Local\Packages

2014-06-29 14:14 - 2014-06-29 14:14 - 00000000 ____D () C:\Users\Gast

2014-06-29 14:14 - 2014-06-29 14:14 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Packages

2014-06-29 14:14 - 2014-06-29 14:14 - 00000000 ____D () C:\Users\Administrator

2014-06-29 14:14 - 2013-11-01 10:07 - 00000000 ____D () C:\Program Files\Sony

2014-06-29 14:08 - 2014-06-29 14:08 - 00000998 _____ () C:\Users\Public\Desktop\VAIO Update.lnk

2014-06-29 14:08 - 2014-06-29 14:08 - 00000998 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VAIO Update.lnk

2014-06-29 14:08 - 2013-11-01 11:30 - 00000000 ____D () C:\WINDOWS\System32\Tasks\Sony Corporation

2014-06-29 14:08 - 2013-11-01 11:25 - 00000000 ____D () C:\ProgramData\Sony Corporation

2014-06-29 14:05 - 2014-05-15 13:09 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox.bak
 

Some content of TEMP:

====================

C:\Users\Susi-\AppData\Local\Temp\avgnt.exe
 
 

==================== Bamital & volsnap Check =================
 

C:\Windows\System32\winlogon.exe => File is digitally signed

C:\Windows\System32\wininit.exe => File is digitally signed

C:\Windows\explorer.exe => File is digitally signed

C:\Windows\SysWOW64\explorer.exe => File is digitally signed

C:\Windows\System32\svchost.exe => File is digitally signed

C:\Windows\SysWOW64\svchost.exe => File is digitally signed

C:\Windows\System32\services.exe => File is digitally signed

C:\Windows\System32\User32.dll => File is digitally signed

C:\Windows\SysWOW64\User32.dll => File is digitally signed

C:\Windows\System32\userinit.exe => File is digitally signed

C:\Windows\SysWOW64\userinit.exe => File is digitally signed

C:\Windows\System32\rpcss.dll => File is digitally signed

C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 

LastRegBack: 2014-07-22 15:05
 

==================== End Of Log ============================

--- --- ---

--- --- ---

--- --- ---

Steht da in beiden logs dasselbe drin? oder hab ich etwas falsch gemacht?

Zitat:

Zitat von Computerdepp (Beitrag 1333654)

Steht da in beiden logs dasselbe drin? oder hab ich etwas falsch gemacht?

Jup, ist aber egal. Der Fix hat geklappt.

Flash-Link mit dem Firefox aufrufen. Flash runterladen und installieren. Optionales Angebot in der Mitte ablehnen.

http://deeprybka.trojaner-board.de/b...cleanupneu.png
Cleanup:

Alle Logs gepostet? Ja! Dann lade Dir bitte http://filepony.de/icon/delfix.pngDelFix herunter.

Schließe alle offenen Programme.
Starte die delfix.exe mit einem Doppelklick.
Setze vor jede Funktion ein Häkchen.
Klicke auf Start.

Hinweis: DelFix entfernt u.a. alle verwendeten Programme, die Quarantäne unserer Scanner, den Java-Cache und löscht sich abschließend selbst.
Starte Deinen Rechner abschließend neu. Sollten jetzt noch Programme aus unserer Bereinigung übrig sein, kannst Du diese bedenkenlos löschen.

>>clean<<
Wir haben es geschafft! :abklatsch:
Die Logs sehen für mich im Moment sauber aus.

Wenn Du möchtest, kannst Du hier sagen, ob Du mit mir und meiner Hilfe zufrieden warst...:dankeschoen:und/oder das Forum mit einer kleinen Spende http://www.trojaner-board.de/extra/spende.png unterstützen. :applaus:
Es bleibt mir nur noch, Dir unbeschwertes und sicheres Surfen zu wünschen und dass wir uns hier so bald nicht wiedersehen. ;)

http://www.trojaner-board.de/extra/lesestoff.pngWie kann ich mich in Zukunft besser schützen?

Tipps, Dos & Don'ts

http://deeprybka.trojaner-board.de/b...ast/schild.pngUpdates & Software

Beim Betriebsystem http://deeprybka.trojaner-board.de/b...an/windows.pngWindows die http://deeprybka.trojaner-board.de/b...an/updates.PNGautomatischen Updates aktivieren.

Auch die sicherheitsrelevante Software sollte immer nur in der aktuellsten Version vorliegen:
Browser http://deeprybka.trojaner-board.de/b...n/browsers.png
Java http://deeprybka.trojaner-board.de/b...clean/java.png
Flash-Player http://filepony.de/icon/flashplayer_firefox.png & PDF-Reader http://filepony.de/icon/adobe_reader.png

Sicherheitslücken in deren alten Versionen werden dazu ausgenutzt, um beim einfachen Besuch einer manipulierten Website per "Drive-by" Malware zu installieren.

Ich empfehle z.B. die Verwendung von Mozilla Firefox statt des Internet Explorers. Zudem lassen sich mit dem Firefox auch PDF-Dokumente öffnen.

http://deeprybka.trojaner-board.de/b...ast/schild.pngFirewall, Antivirus & Co.

Aktiviere eine http://deeprybka.trojaner-board.de/b...n/firewall.PNGFirewall. Die in Windows integrierte genügt im Normalfall völlig.
Verwende ein Antivirusprogramm mit Echtzeitscanner und stets aktueller Signaturendatenbank. (Updatefunktion aktivieren!)
Meine Empfehlungen:
Kaspersky Antivirus
Emsisoft Anti-Malware
avast Free Antivirus
Zusätzlich kannst Du Deinen PC regelmäßig mit http://filepony.de/icon/malwarebytes_anti_malware.pngMalwarebytes Anti-Malware und http://filepony.de/icon/eset_online_scanner.pngESET scannen.

Optional:
http://filepony.de/icon/noscript.png NoScript verhindert das Ausführen von aktiven Inhalten (Java, JavaScript, Flash,...) für sämtliche Websites. Man kann aber nach dem Prinzip einer Whitelist festlegen, auf welchen Seiten Scripts erlaubt werden sollen.

http://s1.directupload.net/images/140701/eivrliwa.pngCracks, Downloads & Co.

Neben unbemerkten Drive-by Installationen wird Malware aber auch oft mehr oder weniger aktiv vom Benutzer selbst installiert.
Der Besuch dubioser Websites kann bereits Risiken bergen. Auch wenn der Virenscanner im Moment darin keine Bedrohung erkennt, muss das nichts bedeuten.
Illegale Cracks, Keygens und Serials sind ein ausgesprochen einfacher und beliebter Weg um Malware zu verbreiten.
Bei Dateien aus Peer-to-Peer- und Filesharingprogrammen oder von Filehostern kann man nie sicher sein, ob auch wirklich drin ist, was drauf steht. (Trojanisches Pferd^^)

Auch http://deeprybka.trojaner-board.de/b...virustotal.png virustotal.com ist Dein Freund! Lade dubiose oder unbekannte Dateien hoch, bevor Du diese startest oder installierst.

Oft wird auch versucht, den Benutzer mit mehr oder weniger trickreichen Methoden zu verleiten, eine für ihn verhängnisvolle Handlung selbst auszuführen (Überbegriff Social Engineering).

Surfe daher mit Vorsicht und klicke mit Verstand.
Sei skeptisch bei unerwarteten E-Mails, insbesondere wenn sie Anhänge enthalten. Auch wenn sie auf den ersten Blick authentisch wirken, persönliche Daten von Dir enthalten oder vermeintlich von einem bekannten Absender stammen: Lieber nochmals in Ruhe überdenken oder nachfragen, anstatt einfach mal Links oder ausführbare Anhänge öffnen oder irgendwo Deine Daten eingeben.
Auch in sozialen Netzwerken oder über Instant Messaging Systeme können schädliche Links oder Dateien die Runde machen. Erhältst Du von einem Deiner Freunde eine Nachricht, die merkwürdig ist oder so sensationell interessant, dass man einfach draufklicken muss, dann hat bei ihm/ihr wahrscheinlich Neugier über Verstand gesiegt und Du solltest nicht denselben Fehler machen.

Nervige Adware (Werbung) und unnötige Toolbars werden auch meist durch den Benutzer selbst mitinstalliert.

Lade Software in erster Priorität immer direkt vom Hersteller herunter. Viele Softwareportale (z.B. Softonic) packen noch unnützes Zeug mit in die Installation. Alternativ dazu wähle ein sauberes Portal wie Filepony oder heise.
Wähle beim Installieren von Software immer die benutzerdefinierte Option und entferne den Haken bei allen optional angebotenen Toolbars oder sonstigen, fürs Programm, irrelevanten Ergänzungen.
Um Adware wieder los zu werden, empfiehlt sich zunächst die Deinstallation sowie die anschließende Resteentfernung mit Adwarecleaner .

Abschließend noch ein paar grundsätzliche Bemerkungen:

Erstelle regelmäßig Backups Deiner wichtigen Dateien oder des Systems.
Der Nutzen von Registry-Cleanern, Optimizern usw. zur Performancesteigerung ist umstritten. Ich empfehle deshalb, die Finger von der Registry zu lassen und lieber die windowseigene Datenträgerbereinigung zu verwenden.

Tausend Dank!
Habe alles beherzigt und hoffe vorerst Virenfrei, Trojanerfrei oder sonstwiefrei zu bleiben.
Spende folgt auf jeden Fall.
VLG

OK...;)

Alles Gute!