| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Trojaner Sparkasse AllgäuWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
| |
22.07.2014, 17:07
| #1 |
| |  Trojaner Sparkasse Allgäu FRST Logfile: FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 21-07-2014
Ran by Susi- (administrator) on SUSI on 22-07-2014 17:59:33
Running from C:\Users\Susi-\Downloads
Platform: Windows 8.1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Sony Corporation) C:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe
(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Control Center\VESMgr.exe
(Broadcom Corporation) C:\Program Files\Broadcom\Broadcom 802.11 Network Adapter\WLTRYSVC.EXE
(Broadcom Corporation) C:\Program Files\Broadcom\Broadcom 802.11 Network Adapter\BCMWLTRY.EXE
(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Control Center\VESMgrSub.exe
(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Control Center\VESMgrSub.exe
(Seiko Epson Corporation) C:\Windows\System32\escsvc64.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Control Center\SUSSoundProxy.exe
(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Control Center\NetworkSetting\NetworkClient.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Broadcom Corporation) C:\Program Files\Broadcom\Broadcom 802.11 Network Adapter\WLTRAY.EXE
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe
(Intel Corporation) C:\Program Files\Sony\VAIO Care\ESRV\esrv.exe
(SEIKO EPSON CORPORATION) C:\Windows\System32\spool\drivers\x64\3\E_IATIIKE.EXE
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Sony Corporation) C:\Program Files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Update\VAIOUpdt.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Update\VAIOUpdt.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Update\VUAgent.exe
(Intel Corporation) C:\Program Files\Sony\VAIO Care\ESRV\esrv_svc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files\Sony\VAIO Care\VCPerfService.exe
() C:\Program Files\Sony\VAIO Care\listener.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1381744 2014-02-20] (Realtek Semiconductor)
HKLM\...\Run: [Broadcom Wireless Manager UI] => C:\Program Files\Broadcom\Broadcom 802.11 Network Adapter\WLTRAY.exe [10590208 2013-03-14] (Broadcom Corporation)
HKLM\...\Run: [Bluetooth] => C:\Program Files\WIDCOMM\Bluetooth Software\bttray.exe [526704 2012-12-14] (Broadcom Corporation.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3039984 2013-03-14] (Synaptics Incorporated)
HKLM-x32\...\Run: [PMBVolumeWatcher] => C:\Program Files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe [740376 2013-02-06] (Sony Corporation)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Intel AppUp(R) center] => C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe [156000 2013-02-19] (Intel Corporation)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [750160 2014-07-12] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-05-26] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-07-11] (Oracle Corporation)
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-1257074523-2441018885-1819162988-1001\...\Run: [EPLTarget\P0000000000000000] => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_IATIIKE.EXE [283232 2012-10-24] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-1257074523-2441018885-1819162988-1001\...\Run: [AmazonMP3DownloaderHelper] => C:\Users\Susi-\AppData\Local\Program Files\Amazon\MP3 Downloader\AmazonMP3DownloaderHelper.exe
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.web.de/
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://sony13.msn.com
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://vaioportal.sony.eu
HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie
SearchScopes: HKCU - {050147D7-80C4-4EF7-A6E6-2CD5856ACBBF} URL = hxxp://rover.ebay.com/rover/1/707-37276-16609-27/4?mpre=hxxp://shop.ebay.de/?oemInLn=ieSrch-&_nkw={searchTerms}
SearchScopes: HKCU - {56AF630B-6638-4CF3-B388-4AE452CC09BC} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MASEJS
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
FireFox:
========
FF ProfilePath: C:\Users\Susi-\AppData\Roaming\Mozilla\Firefox\Profiles\zahruggu.default
FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF64_12_0_0_77.dll ()
FF Plugin: @java.com/DTPlugin,version=10.13.2 - C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_77.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 - C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.65.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.65.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @mcafee.com/McAfeeMssPlugin - C:\Program Files (x86)\Sony\MSS\3.8.130\npMcAfeeMss.dll No File
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 - C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: intel.com/AppUp - C:\Program Files (x86)\Intel\IntelAppStore\bin\npAppUp.dll (Intel)
FF Plugin HKCU: intel.com/AppUpx64 - C:\Program Files (x86)\Intel\IntelAppStore\bin\npAppUp_x64.dll (Intel)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK
Chrome:
=======
CHR Extension: (Google Wallet) - C:\Users\Susi-\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-01-20]
==================== Services (Whitelisted) =================
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [430160 2014-07-12] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [430160 2014-07-12] (Avira Operations GmbH & Co. KG)
R2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe [1039952 2014-05-15] (Avira Operations GmbH & Co. KG)
S2 BcmBtRSupport; C:\Windows\system32\BtwRSupportService.exe [2252504 2013-09-04] (Broadcom Corporation.)
R2 EpsonScanSvc; C:\Windows\system32\EscSvc64.exe [135824 2011-12-12] (Seiko Epson Corporation)
R2 ESRV_SVC; C:\Program Files\Sony\VAIO Care\ESRV\esrv_svc.exe [377768 2013-11-19] (Intel Corporation)
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [129824 2013-01-23] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [166688 2013-01-23] (Intel Corporation)
S3 McComponentHostServiceSony; C:\Program Files (x86)\Sony\MSS\3.8.130\McCHSvc.exe [235216 2013-10-16] (McAfee, Inc.)
S3 NetworkSupport; C:\Program Files (x86)\Sony\VAIO Control Center\NetworkSetting\NetworkSupport.exe [629336 2013-09-28] (Sony Corporation)
R2 PMBDeviceInfoProvider; C:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe [483864 2013-02-06] (Sony Corporation)
R2 SampleCollector; C:\Program Files\Sony\VAIO Care\VCPerfService.exe [266168 2013-11-19] (Intel Corporation)
S3 USER_ESRV_SVC; C:\Program Files\Sony\VAIO Care\ESRV\esrv_svc.exe [377768 2013-11-19] (Intel Corporation)
S3 VCFw; C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [972000 2013-01-06] (Sony Corporation)
R3 VUAgent; C:\Program Files\Sony\VAIO Update\vuagent.exe [1642544 2014-02-27] (Sony Corporation)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347880 2014-03-24] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2014-03-24] (Microsoft Corporation)
R2 wltrysvc; C:\Program Files\Broadcom\Broadcom 802.11 Network Adapter\bcmwltry.exe [6070272 2013-03-14] (Broadcom Corporation) [File not signed]
==================== Drivers (Whitelisted) ====================
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [117712 2014-07-12] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [130584 2014-05-15] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\system32\DRIVERS\avkmgr.sys [28600 2013-12-09] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\Windows\system32\DRIVERS\avnetflt.sys [84720 2013-12-09] (Avira Operations GmbH & Co. KG)
R3 bcbtums; C:\Windows\system32\drivers\bcbtums.sys [170712 2013-09-04] (Broadcom Corporation.)
R3 BCM43XX; C:\Windows\system32\DRIVERS\bcmwl63a.sys [6971056 2013-03-14] (Broadcom Corporation)
R3 BthLEEnum; C:\Windows\System32\drivers\BthLEEnum.sys [226304 2013-12-04] (Microsoft Corporation)
R3 semav6thermal64ro; C:\WINDOWS\system32\drivers\semav6thermal64ro.sys [13792 2014-04-26] ()
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [33008 2013-03-14] (Synaptics Incorporated)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [123224 2014-03-24] (Microsoft Corporation)
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-07-22 15:07 - 2014-07-22 15:07 - 00001146 _____ () C:\Users\Susi-\Desktop\mbam.txt
2014-07-22 14:48 - 2014-07-22 14:48 - 00001118 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-07-22 14:48 - 2014-07-22 14:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware
2014-07-22 14:48 - 2014-07-22 14:48 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware
2014-07-22 14:48 - 2014-05-12 07:26 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2014-07-22 14:48 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2014-07-22 14:47 - 2014-07-22 14:47 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Susi-\Downloads\mbam-setup-2.0.2.1012.exe
2014-07-22 14:18 - 2014-07-22 14:50 - 00122584 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2014-07-22 14:18 - 2014-07-22 14:48 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-07-22 14:18 - 2014-07-22 14:38 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-07-22 14:17 - 2014-07-22 14:38 - 00000000 ____D () C:\Users\Susi-\Desktop\mbar
2014-07-22 14:17 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2014-07-22 14:16 - 2014-07-22 14:17 - 14349744 _____ (Malwarebytes Corp.) C:\Users\Susi-\Downloads\mbar-1.07.0.1012.exe
2014-07-22 13:48 - 2014-07-22 13:48 - 00030039 _____ () C:\Users\Susi-\Downloads\Addition.txt
2014-07-22 13:47 - 2014-07-22 17:59 - 00014137 _____ () C:\Users\Susi-\Downloads\FRST.txt
2014-07-22 13:45 - 2014-07-22 17:59 - 00000000 ____D () C:\FRST
2014-07-22 13:44 - 2014-07-22 13:44 - 00272808 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\javaws.exe
2014-07-22 13:44 - 2014-07-22 13:44 - 00175528 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\javaw.exe
2014-07-22 13:44 - 2014-07-22 13:44 - 00175528 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\java.exe
2014-07-22 13:44 - 2014-07-22 13:44 - 00098216 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-32.dll
2014-07-22 13:44 - 2014-07-22 13:44 - 00000000 ____D () C:\ProgramData\Oracle
2014-07-22 13:44 - 2014-07-22 13:44 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-07-22 13:44 - 2014-07-22 13:44 - 00000000 ____D () C:\Program Files (x86)\Java
2014-07-22 13:43 - 2014-07-22 13:44 - 02090496 _____ (Farbar) C:\Users\Susi-\Downloads\FRST64.exe
2014-07-22 13:40 - 2014-07-22 13:56 - 638259200 _____ () C:\Users\Susi-\Downloads\rescue-system.iso
2014-07-22 13:38 - 2014-07-22 13:38 - 00918440 _____ (Oracle Corporation) C:\Users\Susi-\Downloads\jxpiinstall.exe
2014-07-22 13:27 - 2014-07-22 13:28 - 00000000 ____D () C:\NPE
2014-07-22 13:24 - 2014-07-22 13:38 - 00000000 ____D () C:\Users\Susi-\AppData\Local\NPE
2014-07-22 13:24 - 2014-07-22 13:24 - 00000000 ____D () C:\ProgramData\Norton
2014-07-22 13:23 - 2014-07-22 13:23 - 03081712 ____N (Symantec Corporation) C:\Users\Susi-\Downloads\NPE.exe
2014-06-29 14:14 - 2014-06-29 14:14 - 00000000 ____D () C:\Users\HomeGroupUser$\AppData\Local\Packages
2014-06-29 14:14 - 2014-06-29 14:14 - 00000000 ____D () C:\Users\HomeGroupUser$
2014-06-29 14:14 - 2014-06-29 14:14 - 00000000 ____D () C:\Users\Gast\AppData\Local\Packages
2014-06-29 14:14 - 2014-06-29 14:14 - 00000000 ____D () C:\Users\Gast
2014-06-29 14:14 - 2014-06-29 14:14 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Packages
2014-06-29 14:14 - 2014-06-29 14:14 - 00000000 ____D () C:\Users\Administrator
2014-06-29 14:08 - 2014-06-29 14:08 - 00000998 _____ () C:\Users\Public\Desktop\VAIO Update.lnk
2014-06-29 14:08 - 2014-06-29 14:08 - 00000998 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VAIO Update.lnk
==================== One Month Modified Files and Folders =======
2014-07-22 18:00 - 2014-07-22 13:47 - 00014137 _____ () C:\Users\Susi-\Downloads\FRST.txt
2014-07-22 18:00 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\system32\sru
2014-07-22 17:59 - 2014-07-22 13:45 - 00000000 ____D () C:\FRST
2014-07-22 17:56 - 2013-08-22 16:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-07-22 17:56 - 2013-08-22 15:25 - 00262144 ___SH () C:\WINDOWS\system32\config\BBI
2014-07-22 17:55 - 2014-02-16 06:04 - 01704333 _____ () C:\WINDOWS\WindowsUpdate.log
2014-07-22 15:13 - 2013-11-14 09:27 - 01776918 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2014-07-22 15:13 - 2013-11-14 09:11 - 00765582 _____ () C:\WINDOWS\system32\perfh007.dat
2014-07-22 15:13 - 2013-11-14 09:11 - 00159366 _____ () C:\WINDOWS\system32\perfc007.dat
2014-07-22 15:07 - 2014-07-22 15:07 - 00001146 _____ () C:\Users\Susi-\Desktop\mbam.txt
2014-07-22 15:05 - 2013-12-20 18:54 - 00003600 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1257074523-2441018885-1819162988-1001
2014-07-22 14:50 - 2014-07-22 14:18 - 00122584 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2014-07-22 14:48 - 2014-07-22 14:48 - 00001118 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-07-22 14:48 - 2014-07-22 14:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware
2014-07-22 14:48 - 2014-07-22 14:48 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware
2014-07-22 14:48 - 2014-07-22 14:18 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-07-22 14:47 - 2014-07-22 14:47 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Susi-\Downloads\mbam-setup-2.0.2.1012.exe
2014-07-22 14:38 - 2014-07-22 14:18 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-07-22 14:38 - 2014-07-22 14:17 - 00000000 ____D () C:\Users\Susi-\Desktop\mbar
2014-07-22 14:17 - 2014-07-22 14:16 - 14349744 _____ (Malwarebytes Corp.) C:\Users\Susi-\Downloads\mbar-1.07.0.1012.exe
2014-07-22 13:56 - 2014-07-22 13:40 - 638259200 _____ () C:\Users\Susi-\Downloads\rescue-system.iso
2014-07-22 13:48 - 2014-07-22 13:48 - 00030039 _____ () C:\Users\Susi-\Downloads\Addition.txt
2014-07-22 13:44 - 2014-07-22 13:44 - 00272808 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\javaws.exe
2014-07-22 13:44 - 2014-07-22 13:44 - 00175528 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\javaw.exe
2014-07-22 13:44 - 2014-07-22 13:44 - 00175528 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\java.exe
2014-07-22 13:44 - 2014-07-22 13:44 - 00098216 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-32.dll
2014-07-22 13:44 - 2014-07-22 13:44 - 00000000 ____D () C:\ProgramData\Oracle
2014-07-22 13:44 - 2014-07-22 13:44 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-07-22 13:44 - 2014-07-22 13:44 - 00000000 ____D () C:\Program Files (x86)\Java
2014-07-22 13:44 - 2014-07-22 13:43 - 02090496 _____ (Farbar) C:\Users\Susi-\Downloads\FRST64.exe
2014-07-22 13:44 - 2013-11-01 11:11 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-07-22 13:38 - 2014-07-22 13:38 - 00918440 _____ (Oracle Corporation) C:\Users\Susi-\Downloads\jxpiinstall.exe
2014-07-22 13:38 - 2014-07-22 13:24 - 00000000 ____D () C:\Users\Susi-\AppData\Local\NPE
2014-07-22 13:34 - 2014-04-07 13:51 - 00000000 ____D () C:\Users\Susi-\AppData\Roaming\Amazon
2014-07-22 13:34 - 2014-04-07 13:47 - 00000000 ____D () C:\Users\Susi-\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Amazon
2014-07-22 13:28 - 2014-07-22 13:27 - 00000000 ____D () C:\NPE
2014-07-22 13:24 - 2014-07-22 13:24 - 00000000 ____D () C:\ProgramData\Norton
2014-07-22 13:23 - 2014-07-22 13:23 - 03081712 ____N (Symantec Corporation) C:\Users\Susi-\Downloads\NPE.exe
2014-07-22 13:10 - 2014-02-17 16:44 - 00003914 _____ () C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{C7F60A85-E73B-43D2-8F59-55EA008F6EB1}
2014-07-21 19:24 - 2012-07-26 10:12 - 00000000 ____D () C:\WINDOWS\LiveKernelReports
2014-07-17 19:59 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\AppReadiness
2014-07-14 14:12 - 2012-07-26 09:59 - 00000000 ____D () C:\WINDOWS\CbsTemp
2014-07-14 14:03 - 2014-01-17 16:29 - 00000000 ____D () C:\Users\Susi-\AppData\Local\YhhPack
2014-07-14 13:53 - 2014-03-22 11:40 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-07-14 13:53 - 2013-11-14 00:18 - 00008850 _____ () C:\WINDOWS\PFRO.log
2014-07-14 13:47 - 2013-12-20 18:38 - 00000000 ____D () C:\Users\Susi-\AppData\Roaming\Sony Corporation
2014-07-12 21:21 - 2013-12-20 19:15 - 00117712 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avgntflt.sys
2014-06-30 11:10 - 2013-12-20 18:43 - 00000000 ____D () C:\Update
2014-06-29 14:14 - 2014-06-29 14:14 - 00000000 ____D () C:\Users\HomeGroupUser$\AppData\Local\Packages
2014-06-29 14:14 - 2014-06-29 14:14 - 00000000 ____D () C:\Users\HomeGroupUser$
2014-06-29 14:14 - 2014-06-29 14:14 - 00000000 ____D () C:\Users\Gast\AppData\Local\Packages
2014-06-29 14:14 - 2014-06-29 14:14 - 00000000 ____D () C:\Users\Gast
2014-06-29 14:14 - 2014-06-29 14:14 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Packages
2014-06-29 14:14 - 2014-06-29 14:14 - 00000000 ____D () C:\Users\Administrator
2014-06-29 14:14 - 2013-11-01 10:07 - 00000000 ____D () C:\Program Files\Sony
2014-06-29 14:08 - 2014-06-29 14:08 - 00000998 _____ () C:\Users\Public\Desktop\VAIO Update.lnk
2014-06-29 14:08 - 2014-06-29 14:08 - 00000998 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VAIO Update.lnk
2014-06-29 14:08 - 2013-11-01 11:30 - 00000000 ____D () C:\WINDOWS\System32\Tasks\Sony Corporation
2014-06-29 14:08 - 2013-11-01 11:25 - 00000000 ____D () C:\ProgramData\Sony Corporation
2014-06-29 14:05 - 2014-05-15 13:09 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox.bak
Some content of TEMP:
====================
C:\Users\Susi-\AppData\Local\Temp\avgnt.exe
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2014-07-22 15:05
==================== End Of Log ============================
--- --- --- --- --- --- FRST Logfile: FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 21-07-2014
Ran by Susi- (administrator) on SUSI on 22-07-2014 17:59:33
Running from C:\Users\Susi-\Downloads
Platform: Windows 8.1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Sony Corporation) C:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe
(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Control Center\VESMgr.exe
(Broadcom Corporation) C:\Program Files\Broadcom\Broadcom 802.11 Network Adapter\WLTRYSVC.EXE
(Broadcom Corporation) C:\Program Files\Broadcom\Broadcom 802.11 Network Adapter\BCMWLTRY.EXE
(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Control Center\VESMgrSub.exe
(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Control Center\VESMgrSub.exe
(Seiko Epson Corporation) C:\Windows\System32\escsvc64.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Control Center\SUSSoundProxy.exe
(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Control Center\NetworkSetting\NetworkClient.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Broadcom Corporation) C:\Program Files\Broadcom\Broadcom 802.11 Network Adapter\WLTRAY.EXE
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe
(Intel Corporation) C:\Program Files\Sony\VAIO Care\ESRV\esrv.exe
(SEIKO EPSON CORPORATION) C:\Windows\System32\spool\drivers\x64\3\E_IATIIKE.EXE
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Sony Corporation) C:\Program Files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Update\VAIOUpdt.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Update\VAIOUpdt.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Update\VUAgent.exe
(Intel Corporation) C:\Program Files\Sony\VAIO Care\ESRV\esrv_svc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files\Sony\VAIO Care\VCPerfService.exe
() C:\Program Files\Sony\VAIO Care\listener.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1381744 2014-02-20] (Realtek Semiconductor)
HKLM\...\Run: [Broadcom Wireless Manager UI] => C:\Program Files\Broadcom\Broadcom 802.11 Network Adapter\WLTRAY.exe [10590208 2013-03-14] (Broadcom Corporation)
HKLM\...\Run: [Bluetooth] => C:\Program Files\WIDCOMM\Bluetooth Software\bttray.exe [526704 2012-12-14] (Broadcom Corporation.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3039984 2013-03-14] (Synaptics Incorporated)
HKLM-x32\...\Run: [PMBVolumeWatcher] => C:\Program Files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe [740376 2013-02-06] (Sony Corporation)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Intel AppUp(R) center] => C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe [156000 2013-02-19] (Intel Corporation)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [750160 2014-07-12] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-05-26] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-07-11] (Oracle Corporation)
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-1257074523-2441018885-1819162988-1001\...\Run: [EPLTarget\P0000000000000000] => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_IATIIKE.EXE [283232 2012-10-24] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-1257074523-2441018885-1819162988-1001\...\Run: [AmazonMP3DownloaderHelper] => C:\Users\Susi-\AppData\Local\Program Files\Amazon\MP3 Downloader\AmazonMP3DownloaderHelper.exe
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.web.de/
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://sony13.msn.com
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://vaioportal.sony.eu
HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie
SearchScopes: HKCU - {050147D7-80C4-4EF7-A6E6-2CD5856ACBBF} URL = hxxp://rover.ebay.com/rover/1/707-37276-16609-27/4?mpre=hxxp://shop.ebay.de/?oemInLn=ieSrch-&_nkw={searchTerms}
SearchScopes: HKCU - {56AF630B-6638-4CF3-B388-4AE452CC09BC} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MASEJS
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
FireFox:
========
FF ProfilePath: C:\Users\Susi-\AppData\Roaming\Mozilla\Firefox\Profiles\zahruggu.default
FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF64_12_0_0_77.dll ()
FF Plugin: @java.com/DTPlugin,version=10.13.2 - C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_77.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 - C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.65.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.65.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @mcafee.com/McAfeeMssPlugin - C:\Program Files (x86)\Sony\MSS\3.8.130\npMcAfeeMss.dll No File
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 - C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: intel.com/AppUp - C:\Program Files (x86)\Intel\IntelAppStore\bin\npAppUp.dll (Intel)
FF Plugin HKCU: intel.com/AppUpx64 - C:\Program Files (x86)\Intel\IntelAppStore\bin\npAppUp_x64.dll (Intel)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK
Chrome:
=======
CHR Extension: (Google Wallet) - C:\Users\Susi-\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-01-20]
==================== Services (Whitelisted) =================
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [430160 2014-07-12] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [430160 2014-07-12] (Avira Operations GmbH & Co. KG)
R2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe [1039952 2014-05-15] (Avira Operations GmbH & Co. KG)
S2 BcmBtRSupport; C:\Windows\system32\BtwRSupportService.exe [2252504 2013-09-04] (Broadcom Corporation.)
R2 EpsonScanSvc; C:\Windows\system32\EscSvc64.exe [135824 2011-12-12] (Seiko Epson Corporation)
R2 ESRV_SVC; C:\Program Files\Sony\VAIO Care\ESRV\esrv_svc.exe [377768 2013-11-19] (Intel Corporation)
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [129824 2013-01-23] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [166688 2013-01-23] (Intel Corporation)
S3 McComponentHostServiceSony; C:\Program Files (x86)\Sony\MSS\3.8.130\McCHSvc.exe [235216 2013-10-16] (McAfee, Inc.)
S3 NetworkSupport; C:\Program Files (x86)\Sony\VAIO Control Center\NetworkSetting\NetworkSupport.exe [629336 2013-09-28] (Sony Corporation)
R2 PMBDeviceInfoProvider; C:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe [483864 2013-02-06] (Sony Corporation)
R2 SampleCollector; C:\Program Files\Sony\VAIO Care\VCPerfService.exe [266168 2013-11-19] (Intel Corporation)
S3 USER_ESRV_SVC; C:\Program Files\Sony\VAIO Care\ESRV\esrv_svc.exe [377768 2013-11-19] (Intel Corporation)
S3 VCFw; C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [972000 2013-01-06] (Sony Corporation)
R3 VUAgent; C:\Program Files\Sony\VAIO Update\vuagent.exe [1642544 2014-02-27] (Sony Corporation)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347880 2014-03-24] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2014-03-24] (Microsoft Corporation)
R2 wltrysvc; C:\Program Files\Broadcom\Broadcom 802.11 Network Adapter\bcmwltry.exe [6070272 2013-03-14] (Broadcom Corporation) [File not signed]
==================== Drivers (Whitelisted) ====================
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [117712 2014-07-12] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [130584 2014-05-15] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\system32\DRIVERS\avkmgr.sys [28600 2013-12-09] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\Windows\system32\DRIVERS\avnetflt.sys [84720 2013-12-09] (Avira Operations GmbH & Co. KG)
R3 bcbtums; C:\Windows\system32\drivers\bcbtums.sys [170712 2013-09-04] (Broadcom Corporation.)
R3 BCM43XX; C:\Windows\system32\DRIVERS\bcmwl63a.sys [6971056 2013-03-14] (Broadcom Corporation)
R3 BthLEEnum; C:\Windows\System32\drivers\BthLEEnum.sys [226304 2013-12-04] (Microsoft Corporation)
R3 semav6thermal64ro; C:\WINDOWS\system32\drivers\semav6thermal64ro.sys [13792 2014-04-26] ()
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [33008 2013-03-14] (Synaptics Incorporated)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [123224 2014-03-24] (Microsoft Corporation)
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-07-22 15:07 - 2014-07-22 15:07 - 00001146 _____ () C:\Users\Susi-\Desktop\mbam.txt
2014-07-22 14:48 - 2014-07-22 14:48 - 00001118 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-07-22 14:48 - 2014-07-22 14:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware
2014-07-22 14:48 - 2014-07-22 14:48 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware
2014-07-22 14:48 - 2014-05-12 07:26 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2014-07-22 14:48 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2014-07-22 14:47 - 2014-07-22 14:47 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Susi-\Downloads\mbam-setup-2.0.2.1012.exe
2014-07-22 14:18 - 2014-07-22 14:50 - 00122584 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2014-07-22 14:18 - 2014-07-22 14:48 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-07-22 14:18 - 2014-07-22 14:38 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-07-22 14:17 - 2014-07-22 14:38 - 00000000 ____D () C:\Users\Susi-\Desktop\mbar
2014-07-22 14:17 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2014-07-22 14:16 - 2014-07-22 14:17 - 14349744 _____ (Malwarebytes Corp.) C:\Users\Susi-\Downloads\mbar-1.07.0.1012.exe
2014-07-22 13:48 - 2014-07-22 13:48 - 00030039 _____ () C:\Users\Susi-\Downloads\Addition.txt
2014-07-22 13:47 - 2014-07-22 17:59 - 00014137 _____ () C:\Users\Susi-\Downloads\FRST.txt
2014-07-22 13:45 - 2014-07-22 17:59 - 00000000 ____D () C:\FRST
2014-07-22 13:44 - 2014-07-22 13:44 - 00272808 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\javaws.exe
2014-07-22 13:44 - 2014-07-22 13:44 - 00175528 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\javaw.exe
2014-07-22 13:44 - 2014-07-22 13:44 - 00175528 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\java.exe
2014-07-22 13:44 - 2014-07-22 13:44 - 00098216 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-32.dll
2014-07-22 13:44 - 2014-07-22 13:44 - 00000000 ____D () C:\ProgramData\Oracle
2014-07-22 13:44 - 2014-07-22 13:44 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-07-22 13:44 - 2014-07-22 13:44 - 00000000 ____D () C:\Program Files (x86)\Java
2014-07-22 13:43 - 2014-07-22 13:44 - 02090496 _____ (Farbar) C:\Users\Susi-\Downloads\FRST64.exe
2014-07-22 13:40 - 2014-07-22 13:56 - 638259200 _____ () C:\Users\Susi-\Downloads\rescue-system.iso
2014-07-22 13:38 - 2014-07-22 13:38 - 00918440 _____ (Oracle Corporation) C:\Users\Susi-\Downloads\jxpiinstall.exe
2014-07-22 13:27 - 2014-07-22 13:28 - 00000000 ____D () C:\NPE
2014-07-22 13:24 - 2014-07-22 13:38 - 00000000 ____D () C:\Users\Susi-\AppData\Local\NPE
2014-07-22 13:24 - 2014-07-22 13:24 - 00000000 ____D () C:\ProgramData\Norton
2014-07-22 13:23 - 2014-07-22 13:23 - 03081712 ____N (Symantec Corporation) C:\Users\Susi-\Downloads\NPE.exe
2014-06-29 14:14 - 2014-06-29 14:14 - 00000000 ____D () C:\Users\HomeGroupUser$\AppData\Local\Packages
2014-06-29 14:14 - 2014-06-29 14:14 - 00000000 ____D () C:\Users\HomeGroupUser$
2014-06-29 14:14 - 2014-06-29 14:14 - 00000000 ____D () C:\Users\Gast\AppData\Local\Packages
2014-06-29 14:14 - 2014-06-29 14:14 - 00000000 ____D () C:\Users\Gast
2014-06-29 14:14 - 2014-06-29 14:14 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Packages
2014-06-29 14:14 - 2014-06-29 14:14 - 00000000 ____D () C:\Users\Administrator
2014-06-29 14:08 - 2014-06-29 14:08 - 00000998 _____ () C:\Users\Public\Desktop\VAIO Update.lnk
2014-06-29 14:08 - 2014-06-29 14:08 - 00000998 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VAIO Update.lnk
==================== One Month Modified Files and Folders =======
2014-07-22 18:00 - 2014-07-22 13:47 - 00014137 _____ () C:\Users\Susi-\Downloads\FRST.txt
2014-07-22 18:00 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\system32\sru
2014-07-22 17:59 - 2014-07-22 13:45 - 00000000 ____D () C:\FRST
2014-07-22 17:56 - 2013-08-22 16:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-07-22 17:56 - 2013-08-22 15:25 - 00262144 ___SH () C:\WINDOWS\system32\config\BBI
2014-07-22 17:55 - 2014-02-16 06:04 - 01704333 _____ () C:\WINDOWS\WindowsUpdate.log
2014-07-22 15:13 - 2013-11-14 09:27 - 01776918 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2014-07-22 15:13 - 2013-11-14 09:11 - 00765582 _____ () C:\WINDOWS\system32\perfh007.dat
2014-07-22 15:13 - 2013-11-14 09:11 - 00159366 _____ () C:\WINDOWS\system32\perfc007.dat
2014-07-22 15:07 - 2014-07-22 15:07 - 00001146 _____ () C:\Users\Susi-\Desktop\mbam.txt
2014-07-22 15:05 - 2013-12-20 18:54 - 00003600 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1257074523-2441018885-1819162988-1001
2014-07-22 14:50 - 2014-07-22 14:18 - 00122584 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2014-07-22 14:48 - 2014-07-22 14:48 - 00001118 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-07-22 14:48 - 2014-07-22 14:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware
2014-07-22 14:48 - 2014-07-22 14:48 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware
2014-07-22 14:48 - 2014-07-22 14:18 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-07-22 14:47 - 2014-07-22 14:47 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Susi-\Downloads\mbam-setup-2.0.2.1012.exe
2014-07-22 14:38 - 2014-07-22 14:18 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-07-22 14:38 - 2014-07-22 14:17 - 00000000 ____D () C:\Users\Susi-\Desktop\mbar
2014-07-22 14:17 - 2014-07-22 14:16 - 14349744 _____ (Malwarebytes Corp.) C:\Users\Susi-\Downloads\mbar-1.07.0.1012.exe
2014-07-22 13:56 - 2014-07-22 13:40 - 638259200 _____ () C:\Users\Susi-\Downloads\rescue-system.iso
2014-07-22 13:48 - 2014-07-22 13:48 - 00030039 _____ () C:\Users\Susi-\Downloads\Addition.txt
2014-07-22 13:44 - 2014-07-22 13:44 - 00272808 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\javaws.exe
2014-07-22 13:44 - 2014-07-22 13:44 - 00175528 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\javaw.exe
2014-07-22 13:44 - 2014-07-22 13:44 - 00175528 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\java.exe
2014-07-22 13:44 - 2014-07-22 13:44 - 00098216 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-32.dll
2014-07-22 13:44 - 2014-07-22 13:44 - 00000000 ____D () C:\ProgramData\Oracle
2014-07-22 13:44 - 2014-07-22 13:44 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-07-22 13:44 - 2014-07-22 13:44 - 00000000 ____D () C:\Program Files (x86)\Java
2014-07-22 13:44 - 2014-07-22 13:43 - 02090496 _____ (Farbar) C:\Users\Susi-\Downloads\FRST64.exe
2014-07-22 13:44 - 2013-11-01 11:11 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-07-22 13:38 - 2014-07-22 13:38 - 00918440 _____ (Oracle Corporation) C:\Users\Susi-\Downloads\jxpiinstall.exe
2014-07-22 13:38 - 2014-07-22 13:24 - 00000000 ____D () C:\Users\Susi-\AppData\Local\NPE
2014-07-22 13:34 - 2014-04-07 13:51 - 00000000 ____D () C:\Users\Susi-\AppData\Roaming\Amazon
2014-07-22 13:34 - 2014-04-07 13:47 - 00000000 ____D () C:\Users\Susi-\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Amazon
2014-07-22 13:28 - 2014-07-22 13:27 - 00000000 ____D () C:\NPE
2014-07-22 13:24 - 2014-07-22 13:24 - 00000000 ____D () C:\ProgramData\Norton
2014-07-22 13:23 - 2014-07-22 13:23 - 03081712 ____N (Symantec Corporation) C:\Users\Susi-\Downloads\NPE.exe
2014-07-22 13:10 - 2014-02-17 16:44 - 00003914 _____ () C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{C7F60A85-E73B-43D2-8F59-55EA008F6EB1}
2014-07-21 19:24 - 2012-07-26 10:12 - 00000000 ____D () C:\WINDOWS\LiveKernelReports
2014-07-17 19:59 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\AppReadiness
2014-07-14 14:12 - 2012-07-26 09:59 - 00000000 ____D () C:\WINDOWS\CbsTemp
2014-07-14 14:03 - 2014-01-17 16:29 - 00000000 ____D () C:\Users\Susi-\AppData\Local\YhhPack
2014-07-14 13:53 - 2014-03-22 11:40 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-07-14 13:53 - 2013-11-14 00:18 - 00008850 _____ () C:\WINDOWS\PFRO.log
2014-07-14 13:47 - 2013-12-20 18:38 - 00000000 ____D () C:\Users\Susi-\AppData\Roaming\Sony Corporation
2014-07-12 21:21 - 2013-12-20 19:15 - 00117712 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avgntflt.sys
2014-06-30 11:10 - 2013-12-20 18:43 - 00000000 ____D () C:\Update
2014-06-29 14:14 - 2014-06-29 14:14 - 00000000 ____D () C:\Users\HomeGroupUser$\AppData\Local\Packages
2014-06-29 14:14 - 2014-06-29 14:14 - 00000000 ____D () C:\Users\HomeGroupUser$
2014-06-29 14:14 - 2014-06-29 14:14 - 00000000 ____D () C:\Users\Gast\AppData\Local\Packages
2014-06-29 14:14 - 2014-06-29 14:14 - 00000000 ____D () C:\Users\Gast
2014-06-29 14:14 - 2014-06-29 14:14 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Packages
2014-06-29 14:14 - 2014-06-29 14:14 - 00000000 ____D () C:\Users\Administrator
2014-06-29 14:14 - 2013-11-01 10:07 - 00000000 ____D () C:\Program Files\Sony
2014-06-29 14:08 - 2014-06-29 14:08 - 00000998 _____ () C:\Users\Public\Desktop\VAIO Update.lnk
2014-06-29 14:08 - 2014-06-29 14:08 - 00000998 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VAIO Update.lnk
2014-06-29 14:08 - 2013-11-01 11:30 - 00000000 ____D () C:\WINDOWS\System32\Tasks\Sony Corporation
2014-06-29 14:08 - 2013-11-01 11:25 - 00000000 ____D () C:\ProgramData\Sony Corporation
2014-06-29 14:05 - 2014-05-15 13:09 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox.bak
Some content of TEMP:
====================
C:\Users\Susi-\AppData\Local\Temp\avgnt.exe
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2014-07-22 15:05
==================== End Of Log ============================
--- --- --- --- --- --- Steht da in beiden logs dasselbe drin? oder hab ich etwas falsch gemacht? |
|
22.07.2014, 17:15
| #2 | |
| /// TB-Ausbilder /// Anleitungs-Guru  | Trojaner Sparkasse AllgäuZitat:
Flash-Link mit dem Firefox aufrufen. Flash runterladen und installieren. Optionales Angebot in der Mitte ablehnen.  Cleanup: Alle Logs gepostet? Ja! Dann lade Dir bitte  DelFix herunter.
Hinweis: DelFix entfernt u.a. alle verwendeten Programme, die Quarantäne unserer Scanner, den Java-Cache und löscht sich abschließend selbst. Starte Deinen Rechner abschließend neu. Sollten jetzt noch Programme aus unserer Bereinigung übrig sein, kannst Du diese bedenkenlos löschen. >>clean<< Wir haben es geschafft!  Die Logs sehen für mich im Moment sauber aus. Wenn Du möchtest, kannst Du hier sagen, ob Du mit mir und meiner Hilfe zufrieden warst...  und/oder das Forum mit einer kleinen Spende  unterstützen.  Es bleibt mir nur noch, Dir unbeschwertes und sicheres Surfen zu wünschen und dass wir uns hier so bald nicht wiedersehen.   Wie kann ich mich in Zukunft besser schützen?Tipps, Dos & Don'ts  Updates & Software
Sicherheitslücken in deren alten Versionen werden dazu ausgenutzt, um beim einfachen Besuch einer manipulierten Website per "Drive-by" Malware zu installieren. Ich empfehle z.B. die Verwendung von Mozilla Firefox statt des Internet Explorers. Zudem lassen sich mit dem Firefox auch PDF-Dokumente öffnen. Firewall, Antivirus & Co.
 Cracks, Downloads & Co.Neben unbemerkten Drive-by Installationen wird Malware aber auch oft mehr oder weniger aktiv vom Benutzer selbst installiert. Der Besuch dubioser Websites kann bereits Risiken bergen. Auch wenn der Virenscanner im Moment darin keine Bedrohung erkennt, muss das nichts bedeuten. Illegale Cracks, Keygens und Serials sind ein ausgesprochen einfacher und beliebter Weg um Malware zu verbreiten. Bei Dateien aus Peer-to-Peer- und Filesharingprogrammen oder von Filehostern kann man nie sicher sein, ob auch wirklich drin ist, was drauf steht. (Trojanisches Pferd^^)
Oft wird auch versucht, den Benutzer mit mehr oder weniger trickreichen Methoden zu verleiten, eine für ihn verhängnisvolle Handlung selbst auszuführen (Überbegriff Social Engineering).
Nervige Adware (Werbung) und unnötige Toolbars werden auch meist durch den Benutzer selbst mitinstalliert.
Abschließend noch ein paar grundsätzliche Bemerkungen:
__________________ |
|
| Themen zu Trojaner Sparkasse Allgäu |
| allgäu, antivir, dankbar, gefunde, hilfe, hoffe, nichts, norton, power, sparkasse, tans, troja, trojaner, trojaner? |
Windows die 
automatischen Updates
Firewall. Die in Windows integrierte genügt im Normalfall völlig.
ESET
NoScript
Hybrid-Darstellung
