Trojaner Sparkasse Allgäu

Computerdepp · 22.07.2014, 16:31

Code:

ATTFilter

 Malwarebytes Anti-Malware 
www.malwarebytes.org

Suchlauf Datum: 22.07.2014
Suchlauf-Zeit: 14:50:38
Logdatei: mbam.txt
Administrator: Ja

Version: 2.00.2.1012
Malware Datenbank: v2014.07.22.03
Rootkit Datenbank: v2014.07.17.01
Lizenz: Kostenlos
Malware Schutz: Deaktiviert
Bösartiger Webseiten Schutz: Deaktiviert
Self-protection: Deaktiviert

Betriebssystem: Windows 8.1
CPU: x64
Dateisystem: NTFS
Benutzer: Susi-

Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 336591
Verstrichene Zeit: 13 Min, 38 Sek

Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Deaktiviert
Heuristics: Aktiviert
PUP: Aktiviert
PUM: Aktiviert

Prozesse: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registrierungsschlüssel: 0
(No malicious items detected)

Registrierungswerte: 0
(No malicious items detected)

Registrierungsdaten: 0
(No malicious items detected)

Ordner: 0
(No malicious items detected)

Dateien: 0
(No malicious items detected)

Physische Sektoren: 0
(No malicious items detected)


(end)

Code:

ATTFilter

ESETSmartInstaller@High as downloader log:
all ok
ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=83d0bbd6f423ea4b859dde9496bf6012
# engine=19292
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2014-07-22 03:17:18
# local_time=2014-07-22 05:17:18 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1031
# osver=6.2.9200 NT 
# compatibility_mode_1='Avira Desktop'
# compatibility_mode=1810 16777213 100 100 13418 19460400 0 0
# compatibility_mode_1=''
# compatibility_mode=5893 16776574 100 94 5888494 30923531 0 0
# scanned=265480
# found=9
# cleaned=0
# scan_time=7345
sh=D0378C6ECF741BD01F6BCB1B15A9F8FB89F5A1FB ft=0 fh=0000000000000000 vn="Mehrere Bedrohungen" ac=I fn="C:\Users\Susi-\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\12\7d80990c-7bb1e7e1"
sh=F4F135FFD372155D7F3308C58340C3AE4242E742 ft=0 fh=0000000000000000 vn="Mehrere Bedrohungen" ac=I fn="C:\Users\Susi-\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\25\6debac59-3b7e0782"
sh=F4F135FFD372155D7F3308C58340C3AE4242E742 ft=0 fh=0000000000000000 vn="Mehrere Bedrohungen" ac=I fn="C:\Users\Susi-\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\25\6debac59-71c44c01"
sh=B32312B252F14F9D12E5F81EAA41742AB64836FA ft=1 fh=719e46fa4b167b86 vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung" ac=I fn="F:\Programme\FreeYouTubeDownload.exe"
sh=42D4D03BCE99BEEF0A7BD8568A9ECC0AE943F957 ft=1 fh=9f77669f8ef840ee vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung" ac=I fn="F:\Programme\FreeYouTubeToDVDConverter.exe"
sh=5202E51201D6D1FDA57BAD612477A46DF4118D79 ft=1 fh=febf1be35c9e6018 vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung" ac=I fn="F:\Programme\FreeYouTubeToMp3Converter.exe"
sh=7E2DB47058308BD795A31462F926AE69CA90FC06 ft=1 fh=aac930c246e6dda5 vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung" ac=I fn="F:\Programme\FreeDVDDecrypter.exe"
sh=18763A2ECA10C59FE516D9240831C6B0D18995F5 ft=1 fh=398a74cd3f8e7cf5 vn="Win32/Toolbar.Conduit.A evtl. unerwünschte Anwendung" ac=I fn="F:\Programme\FreeVideoToDVDConverter.exe"
sh=7CE0ACE63F17B3ED807F11A84938E889DFFEC0C1 ft=1 fh=a7563853c8e289c6 vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung" ac=I fn="F:\Programme\FreeVideoToMp3Converter.exe"

FRST Logfile:

FRST Logfile:

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 21-07-2014
Ran by Susi- (administrator) on SUSI on 22-07-2014 17:26:49
Running from C:\Users\Susi-\Downloads
Platform: Windows 8.1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal


==================== Processes (Whitelisted) =================

(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Control Center\NetworkSetting\NetworkClient.exe
(Sony Corporation) C:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe
(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Control Center\VESMgr.exe
(Broadcom Corporation) C:\Program Files\Broadcom\Broadcom 802.11 Network Adapter\WLTRYSVC.EXE
(Broadcom Corporation) C:\Program Files\Broadcom\Broadcom 802.11 Network Adapter\BCMWLTRY.EXE
(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Control Center\VESMgrSub.exe
(Seiko Epson Corporation) C:\Windows\System32\escsvc64.exe
(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Control Center\VESMgrSub.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Control Center\SUSSoundProxy.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe
(Intel Corporation) C:\Program Files\Sony\VAIO Care\ESRV\esrv.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Broadcom Corporation) C:\Program Files\Broadcom\Broadcom 802.11 Network Adapter\WLTRAY.EXE
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(SEIKO EPSON CORPORATION) C:\Windows\System32\spool\drivers\x64\3\E_IATIIKE.EXE
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe
(Sony Corporation) C:\Program Files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Update\VAIOUpdt.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Update\VUAgent.exe
(Intel Corporation) C:\Program Files\Sony\VAIO Care\ESRV\esrv_svc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Control Center\vim.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Control Center\vim.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Care\VCSystemTray.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Care\VCService.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Care\VCAgent.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Care\VCAdmin.exe
(Intel Corporation) C:\Program Files\Sony\VAIO Care\VCPerfService.exe
() C:\Program Files\Sony\VAIO Care\listener.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avcenter.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1381744 2014-02-20] (Realtek Semiconductor)
HKLM\...\Run: [Broadcom Wireless Manager UI] => C:\Program Files\Broadcom\Broadcom 802.11 Network Adapter\WLTRAY.exe [10590208 2013-03-14] (Broadcom Corporation)
HKLM\...\Run: [Bluetooth] => C:\Program Files\WIDCOMM\Bluetooth Software\bttray.exe [526704 2012-12-14] (Broadcom Corporation.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3039984 2013-03-14] (Synaptics Incorporated)
HKLM-x32\...\Run: [PMBVolumeWatcher] => C:\Program Files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe [740376 2013-02-06] (Sony Corporation)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Intel AppUp(R) center] => C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe [156000 2013-02-19] (Intel Corporation)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [750160 2014-07-12] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-05-26] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-07-11] (Oracle Corporation)
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-1257074523-2441018885-1819162988-1001\...\Run: [EPLTarget\P0000000000000000] => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_IATIIKE.EXE [283232 2012-10-24] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-1257074523-2441018885-1819162988-1001\...\Run: [AmazonMP3DownloaderHelper] => C:\Users\Susi-\AppData\Local\Program Files\Amazon\MP3 Downloader\AmazonMP3DownloaderHelper.exe 
HKU\S-1-5-21-1257074523-2441018885-1819162988-1001\...\Run: [YhhPack Update] => regsvr32.exe 

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.web.de/
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://sony13.msn.com
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://vaioportal.sony.eu
HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie
SearchScopes: HKCU - {050147D7-80C4-4EF7-A6E6-2CD5856ACBBF} URL = hxxp://rover.ebay.com/rover/1/707-37276-16609-27/4?mpre=hxxp://shop.ebay.de/?oemInLn=ieSrch-&_nkw={searchTerms}
SearchScopes: HKCU - {56AF630B-6638-4CF3-B388-4AE452CC09BC} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MASEJS
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

FireFox:
========
FF ProfilePath: C:\Users\Susi-\AppData\Roaming\Mozilla\Firefox\Profiles\zahruggu.default
FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF64_12_0_0_77.dll ()
FF Plugin: @java.com/DTPlugin,version=10.13.2 - C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_77.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 - C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.65.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.65.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @mcafee.com/McAfeeMssPlugin - C:\Program Files (x86)\Sony\MSS\3.8.130\npMcAfeeMss.dll No File
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 - C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: intel.com/AppUp - C:\Program Files (x86)\Intel\IntelAppStore\bin\npAppUp.dll (Intel)
FF Plugin HKCU: intel.com/AppUpx64 - C:\Program Files (x86)\Intel\IntelAppStore\bin\npAppUp_x64.dll (Intel)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK

Chrome: 
=======
CHR Extension: (Google Wallet) - C:\Users\Susi-\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-01-20]

==================== Services (Whitelisted) =================

R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [430160 2014-07-12] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [430160 2014-07-12] (Avira Operations GmbH & Co. KG)
R2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe [1039952 2014-05-15] (Avira Operations GmbH & Co. KG)
S2 BcmBtRSupport; C:\Windows\system32\BtwRSupportService.exe [2252504 2013-09-04] (Broadcom Corporation.)
R2 EpsonScanSvc; C:\Windows\system32\EscSvc64.exe [135824 2011-12-12] (Seiko Epson Corporation)
R2 ESRV_SVC; C:\Program Files\Sony\VAIO Care\ESRV\esrv_svc.exe [377768 2013-11-19] (Intel Corporation)
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [129824 2013-01-23] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [166688 2013-01-23] (Intel Corporation)
S3 McComponentHostServiceSony; C:\Program Files (x86)\Sony\MSS\3.8.130\McCHSvc.exe [235216 2013-10-16] (McAfee, Inc.)
S3 NetworkSupport; C:\Program Files (x86)\Sony\VAIO Control Center\NetworkSetting\NetworkSupport.exe [629336 2013-09-28] (Sony Corporation)
R2 PMBDeviceInfoProvider; C:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe [483864 2013-02-06] (Sony Corporation)
R2 SampleCollector; C:\Program Files\Sony\VAIO Care\VCPerfService.exe [266168 2013-11-19] (Intel Corporation)
S3 USER_ESRV_SVC; C:\Program Files\Sony\VAIO Care\ESRV\esrv_svc.exe [377768 2013-11-19] (Intel Corporation)
S3 VCFw; C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [972000 2013-01-06] (Sony Corporation)
R3 VUAgent; C:\Program Files\Sony\VAIO Update\vuagent.exe [1642544 2014-02-27] (Sony Corporation)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347880 2014-03-24] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2014-03-24] (Microsoft Corporation)
R2 wltrysvc; C:\Program Files\Broadcom\Broadcom 802.11 Network Adapter\bcmwltry.exe [6070272 2013-03-14] (Broadcom Corporation) [File not signed]

==================== Drivers (Whitelisted) ====================

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [117712 2014-07-12] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [130584 2014-05-15] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\system32\DRIVERS\avkmgr.sys [28600 2013-12-09] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\Windows\system32\DRIVERS\avnetflt.sys [84720 2013-12-09] (Avira Operations GmbH & Co. KG)
R3 bcbtums; C:\Windows\system32\drivers\bcbtums.sys [170712 2013-09-04] (Broadcom Corporation.)
R3 BCM43XX; C:\Windows\system32\DRIVERS\bcmwl63a.sys [6971056 2013-03-14] (Broadcom Corporation)
R3 BthLEEnum; C:\Windows\System32\drivers\BthLEEnum.sys [226304 2013-12-04] (Microsoft Corporation)
R3 semav6thermal64ro; C:\WINDOWS\system32\drivers\semav6thermal64ro.sys [13792 2014-04-26] ()
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [33008 2013-03-14] (Synaptics Incorporated)
R0 SMR410; C:\Windows\System32\drivers\SMR410.SYS [96856 2014-07-22] (Symantec Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [123224 2014-03-24] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-07-22 15:09 - 2014-07-22 15:09 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-07-22 15:08 - 2014-07-22 15:08 - 02347384 _____ (ESET) C:\Users\Susi-\Downloads\esetsmartinstaller_deu.exe
2014-07-22 15:07 - 2014-07-22 15:07 - 00001146 _____ () C:\Users\Susi-\Desktop\mbam.txt
2014-07-22 14:48 - 2014-07-22 14:48 - 00001118 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-07-22 14:48 - 2014-07-22 14:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2014-07-22 14:48 - 2014-07-22 14:48 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2014-07-22 14:48 - 2014-05-12 07:26 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2014-07-22 14:48 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2014-07-22 14:47 - 2014-07-22 14:47 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Susi-\Downloads\mbam-setup-2.0.2.1012.exe
2014-07-22 14:18 - 2014-07-22 14:50 - 00122584 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2014-07-22 14:18 - 2014-07-22 14:48 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-07-22 14:18 - 2014-07-22 14:38 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-07-22 14:17 - 2014-07-22 14:38 - 00000000 ____D () C:\Users\Susi-\Desktop\mbar
2014-07-22 14:17 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2014-07-22 14:16 - 2014-07-22 14:17 - 14349744 _____ (Malwarebytes Corp.) C:\Users\Susi-\Downloads\mbar-1.07.0.1012.exe
2014-07-22 13:48 - 2014-07-22 13:48 - 00030039 _____ () C:\Users\Susi-\Downloads\Addition.txt
2014-07-22 13:47 - 2014-07-22 17:26 - 00014859 _____ () C:\Users\Susi-\Downloads\FRST.txt
2014-07-22 13:46 - 2014-07-22 13:47 - 05562504 _____ (Swearware) C:\Users\Susi-\Downloads\ComboFix.exe
2014-07-22 13:45 - 2014-07-22 17:26 - 00000000 ____D () C:\FRST
2014-07-22 13:44 - 2014-07-22 13:44 - 00272808 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\javaws.exe
2014-07-22 13:44 - 2014-07-22 13:44 - 00175528 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\javaw.exe
2014-07-22 13:44 - 2014-07-22 13:44 - 00175528 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\java.exe
2014-07-22 13:44 - 2014-07-22 13:44 - 00098216 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-32.dll
2014-07-22 13:44 - 2014-07-22 13:44 - 00000000 ____D () C:\ProgramData\Oracle
2014-07-22 13:44 - 2014-07-22 13:44 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-07-22 13:44 - 2014-07-22 13:44 - 00000000 ____D () C:\Program Files (x86)\Java
2014-07-22 13:43 - 2014-07-22 13:44 - 02090496 _____ (Farbar) C:\Users\Susi-\Downloads\FRST64.exe
2014-07-22 13:40 - 2014-07-22 13:56 - 638259200 _____ () C:\Users\Susi-\Downloads\rescue-system.iso
2014-07-22 13:38 - 2014-07-22 13:38 - 00918440 _____ (Oracle Corporation) C:\Users\Susi-\Downloads\jxpiinstall.exe
2014-07-22 13:27 - 2014-07-22 13:28 - 00000000 ____D () C:\NPE
2014-07-22 13:24 - 2014-07-22 13:38 - 00000000 ____D () C:\Users\Susi-\AppData\Local\NPE
2014-07-22 13:24 - 2014-07-22 13:24 - 00096856 _____ (Symantec Corporation) C:\WINDOWS\system32\Drivers\SMR410.SYS
2014-07-22 13:24 - 2014-07-22 13:24 - 00000000 ____D () C:\ProgramData\Norton
2014-07-22 13:23 - 2014-07-22 13:23 - 03081712 ____N (Symantec Corporation) C:\Users\Susi-\Downloads\NPE.exe
2014-06-29 14:14 - 2014-06-29 14:14 - 00000000 ____D () C:\Users\HomeGroupUser$\AppData\Local\Packages
2014-06-29 14:14 - 2014-06-29 14:14 - 00000000 ____D () C:\Users\HomeGroupUser$
2014-06-29 14:14 - 2014-06-29 14:14 - 00000000 ____D () C:\Users\Gast\AppData\Local\Packages
2014-06-29 14:14 - 2014-06-29 14:14 - 00000000 ____D () C:\Users\Gast
2014-06-29 14:14 - 2014-06-29 14:14 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Packages
2014-06-29 14:14 - 2014-06-29 14:14 - 00000000 ____D () C:\Users\Administrator
2014-06-29 14:08 - 2014-06-29 14:08 - 00000998 _____ () C:\Users\Public\Desktop\VAIO Update.lnk
2014-06-29 14:08 - 2014-06-29 14:08 - 00000998 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VAIO Update.lnk

==================== One Month Modified Files and Folders =======

2014-07-22 17:27 - 2014-07-22 13:47 - 00014859 _____ () C:\Users\Susi-\Downloads\FRST.txt
2014-07-22 17:26 - 2014-07-22 13:45 - 00000000 ____D () C:\FRST
2014-07-22 17:00 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\system32\sru
2014-07-22 15:13 - 2013-11-14 09:27 - 01776918 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2014-07-22 15:13 - 2013-11-14 09:11 - 00765582 _____ () C:\WINDOWS\system32\perfh007.dat
2014-07-22 15:13 - 2013-11-14 09:11 - 00159366 _____ () C:\WINDOWS\system32\perfc007.dat
2014-07-22 15:09 - 2014-07-22 15:09 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-07-22 15:08 - 2014-07-22 15:08 - 02347384 _____ (ESET) C:\Users\Susi-\Downloads\esetsmartinstaller_deu.exe
2014-07-22 15:07 - 2014-07-22 15:07 - 00001146 _____ () C:\Users\Susi-\Desktop\mbam.txt
2014-07-22 15:05 - 2013-12-20 18:54 - 00003600 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1257074523-2441018885-1819162988-1001
2014-07-22 14:50 - 2014-07-22 14:18 - 00122584 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2014-07-22 14:48 - 2014-07-22 14:48 - 00001118 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-07-22 14:48 - 2014-07-22 14:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2014-07-22 14:48 - 2014-07-22 14:48 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2014-07-22 14:48 - 2014-07-22 14:18 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-07-22 14:47 - 2014-07-22 14:47 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Susi-\Downloads\mbam-setup-2.0.2.1012.exe
2014-07-22 14:38 - 2014-07-22 14:18 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-07-22 14:38 - 2014-07-22 14:17 - 00000000 ____D () C:\Users\Susi-\Desktop\mbar
2014-07-22 14:17 - 2014-07-22 14:16 - 14349744 _____ (Malwarebytes Corp.) C:\Users\Susi-\Downloads\mbar-1.07.0.1012.exe
2014-07-22 14:08 - 2014-02-16 06:04 - 01679176 _____ () C:\WINDOWS\WindowsUpdate.log
2014-07-22 13:56 - 2014-07-22 13:40 - 638259200 _____ () C:\Users\Susi-\Downloads\rescue-system.iso
2014-07-22 13:48 - 2014-07-22 13:48 - 00030039 _____ () C:\Users\Susi-\Downloads\Addition.txt
2014-07-22 13:47 - 2014-07-22 13:46 - 05562504 _____ (Swearware) C:\Users\Susi-\Downloads\ComboFix.exe
2014-07-22 13:44 - 2014-07-22 13:44 - 00272808 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\javaws.exe
2014-07-22 13:44 - 2014-07-22 13:44 - 00175528 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\javaw.exe
2014-07-22 13:44 - 2014-07-22 13:44 - 00175528 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\java.exe
2014-07-22 13:44 - 2014-07-22 13:44 - 00098216 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-32.dll
2014-07-22 13:44 - 2014-07-22 13:44 - 00000000 ____D () C:\ProgramData\Oracle
2014-07-22 13:44 - 2014-07-22 13:44 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-07-22 13:44 - 2014-07-22 13:44 - 00000000 ____D () C:\Program Files (x86)\Java
2014-07-22 13:44 - 2014-07-22 13:43 - 02090496 _____ (Farbar) C:\Users\Susi-\Downloads\FRST64.exe
2014-07-22 13:44 - 2013-11-01 11:11 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-07-22 13:38 - 2014-07-22 13:38 - 00918440 _____ (Oracle Corporation) C:\Users\Susi-\Downloads\jxpiinstall.exe
2014-07-22 13:38 - 2014-07-22 13:24 - 00000000 ____D () C:\Users\Susi-\AppData\Local\NPE
2014-07-22 13:34 - 2014-04-07 13:51 - 00000000 ____D () C:\Users\Susi-\AppData\Roaming\Amazon
2014-07-22 13:34 - 2014-04-07 13:47 - 00000000 ____D () C:\Users\Susi-\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Amazon
2014-07-22 13:28 - 2014-07-22 13:27 - 00000000 ____D () C:\NPE
2014-07-22 13:27 - 2013-08-22 16:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-07-22 13:26 - 2013-08-22 15:25 - 00262144 ___SH () C:\WINDOWS\system32\config\BBI
2014-07-22 13:24 - 2014-07-22 13:24 - 00096856 _____ (Symantec Corporation) C:\WINDOWS\system32\Drivers\SMR410.SYS
2014-07-22 13:24 - 2014-07-22 13:24 - 00000000 ____D () C:\ProgramData\Norton
2014-07-22 13:23 - 2014-07-22 13:23 - 03081712 ____N (Symantec Corporation) C:\Users\Susi-\Downloads\NPE.exe
2014-07-22 13:10 - 2014-02-17 16:44 - 00003914 _____ () C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{C7F60A85-E73B-43D2-8F59-55EA008F6EB1}
2014-07-21 19:24 - 2012-07-26 10:12 - 00000000 ____D () C:\WINDOWS\LiveKernelReports
2014-07-17 19:59 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\AppReadiness
2014-07-14 14:12 - 2012-07-26 09:59 - 00000000 ____D () C:\WINDOWS\CbsTemp
2014-07-14 14:03 - 2014-01-17 16:29 - 00000000 ____D () C:\Users\Susi-\AppData\Local\YhhPack
2014-07-14 13:53 - 2014-03-22 11:40 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-07-14 13:53 - 2013-11-14 00:18 - 00008850 _____ () C:\WINDOWS\PFRO.log
2014-07-14 13:47 - 2013-12-20 18:38 - 00000000 ____D () C:\Users\Susi-\AppData\Roaming\Sony Corporation
2014-07-12 21:21 - 2013-12-20 19:15 - 00117712 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avgntflt.sys
2014-06-30 11:10 - 2013-12-20 18:43 - 00000000 ____D () C:\Update
2014-06-29 14:14 - 2014-06-29 14:14 - 00000000 ____D () C:\Users\HomeGroupUser$\AppData\Local\Packages
2014-06-29 14:14 - 2014-06-29 14:14 - 00000000 ____D () C:\Users\HomeGroupUser$
2014-06-29 14:14 - 2014-06-29 14:14 - 00000000 ____D () C:\Users\Gast\AppData\Local\Packages
2014-06-29 14:14 - 2014-06-29 14:14 - 00000000 ____D () C:\Users\Gast
2014-06-29 14:14 - 2014-06-29 14:14 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Packages
2014-06-29 14:14 - 2014-06-29 14:14 - 00000000 ____D () C:\Users\Administrator
2014-06-29 14:14 - 2013-11-01 10:07 - 00000000 ____D () C:\Program Files\Sony
2014-06-29 14:08 - 2014-06-29 14:08 - 00000998 _____ () C:\Users\Public\Desktop\VAIO Update.lnk
2014-06-29 14:08 - 2014-06-29 14:08 - 00000998 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VAIO Update.lnk
2014-06-29 14:08 - 2013-11-01 11:30 - 00000000 ____D () C:\WINDOWS\System32\Tasks\Sony Corporation
2014-06-29 14:08 - 2013-11-01 11:25 - 00000000 ____D () C:\ProgramData\Sony Corporation
2014-06-29 14:05 - 2014-05-15 13:09 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox.bak

Some content of TEMP:
====================
C:\Users\Susi-\AppData\Local\Temp\avgnt.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-07-22 15:05

==================== End Of Log ============================

--- --- ---

--- --- ---

--- --- ---

Puuuh, ich hoffe das passt alles so???

deeprybka · 22.07.2014, 16:47

Zitat:

Zitat von Computerdepp

Puuuh, ich hoffe das passt alles so???

Klar...

Da haste einen falschen Nickname ausgesucht...

Schritt 1

Drücke bitte die

+ R Taste und schreibe notepad in das Ausführen Fenster.
Klicke auf OK und kopiere nun den Text aus der Codebox in das leere Textdokument:

Code:

ATTFilter

C:\Users\Susi-\AppData\LocalLow\Sun\Java\Deployment\cache\6.0
HKU\S-1-5-21-1257074523-2441018885-1819162988-1001\...\Run: [YhhPack Update] => regsvr32.exe 
Reboot:

Speichere dieses bitte als Fixlist.txt in das Verzeichnis ab, in dem sich auch die FRST-Anwendung befindet.

Starte FRST und drücke auf den Fix-Button.
Das Tool erstellt eine "Fixlog.txt" -Datei.
Poste mir bitte deren Inhalt.

PC startet neu.

Schritt 2

Bitte starte FRST erneut, und drücke auf Scan.
Bitte poste mir den Inhalt des Logs.

Trojaner Sparkasse Allgäu

Plagegeister aller Art und deren Bekämpfung: Trojaner Sparkasse Allgäu

Trojaner Sparkasse Allgäu

Trojaner Sparkasse Allgäu

Ähnliche Themen: Trojaner Sparkasse Allgäu