| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Trojaner Sparkasse AllgäuWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
22.07.2014, 16:31
| #7 |
| |  Trojaner Sparkasse AllgäuCode:
ATTFilter Malwarebytes Anti-Malware www.malwarebytes.org Suchlauf Datum: 22.07.2014 Suchlauf-Zeit: 14:50:38 Logdatei: mbam.txt Administrator: Ja Version: 2.00.2.1012 Malware Datenbank: v2014.07.22.03 Rootkit Datenbank: v2014.07.17.01 Lizenz: Kostenlos Malware Schutz: Deaktiviert Bösartiger Webseiten Schutz: Deaktiviert Self-protection: Deaktiviert Betriebssystem: Windows 8.1 CPU: x64 Dateisystem: NTFS Benutzer: Susi- Suchlauf-Art: Bedrohungs-Suchlauf Ergebnis: Abgeschlossen Durchsuchte Objekte: 336591 Verstrichene Zeit: 13 Min, 38 Sek Speicher: Aktiviert Autostart: Aktiviert Dateisystem: Aktiviert Archive: Aktiviert Rootkits: Deaktiviert Heuristics: Aktiviert PUP: Aktiviert PUM: Aktiviert Prozesse: 0 (No malicious items detected) Module: 0 (No malicious items detected) Registrierungsschlüssel: 0 (No malicious items detected) Registrierungswerte: 0 (No malicious items detected) Registrierungsdaten: 0 (No malicious items detected) Ordner: 0 (No malicious items detected) Dateien: 0 (No malicious items detected) Physische Sektoren: 0 (No malicious items detected) (end) Code:
ATTFilter ESETSmartInstaller@High as downloader log:
all ok
ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=83d0bbd6f423ea4b859dde9496bf6012
# engine=19292
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2014-07-22 03:17:18
# local_time=2014-07-22 05:17:18 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1031
# osver=6.2.9200 NT
# compatibility_mode_1='Avira Desktop'
# compatibility_mode=1810 16777213 100 100 13418 19460400 0 0
# compatibility_mode_1=''
# compatibility_mode=5893 16776574 100 94 5888494 30923531 0 0
# scanned=265480
# found=9
# cleaned=0
# scan_time=7345
sh=D0378C6ECF741BD01F6BCB1B15A9F8FB89F5A1FB ft=0 fh=0000000000000000 vn="Mehrere Bedrohungen" ac=I fn="C:\Users\Susi-\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\12\7d80990c-7bb1e7e1"
sh=F4F135FFD372155D7F3308C58340C3AE4242E742 ft=0 fh=0000000000000000 vn="Mehrere Bedrohungen" ac=I fn="C:\Users\Susi-\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\25\6debac59-3b7e0782"
sh=F4F135FFD372155D7F3308C58340C3AE4242E742 ft=0 fh=0000000000000000 vn="Mehrere Bedrohungen" ac=I fn="C:\Users\Susi-\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\25\6debac59-71c44c01"
sh=B32312B252F14F9D12E5F81EAA41742AB64836FA ft=1 fh=719e46fa4b167b86 vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung" ac=I fn="F:\Programme\FreeYouTubeDownload.exe"
sh=42D4D03BCE99BEEF0A7BD8568A9ECC0AE943F957 ft=1 fh=9f77669f8ef840ee vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung" ac=I fn="F:\Programme\FreeYouTubeToDVDConverter.exe"
sh=5202E51201D6D1FDA57BAD612477A46DF4118D79 ft=1 fh=febf1be35c9e6018 vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung" ac=I fn="F:\Programme\FreeYouTubeToMp3Converter.exe"
sh=7E2DB47058308BD795A31462F926AE69CA90FC06 ft=1 fh=aac930c246e6dda5 vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung" ac=I fn="F:\Programme\FreeDVDDecrypter.exe"
sh=18763A2ECA10C59FE516D9240831C6B0D18995F5 ft=1 fh=398a74cd3f8e7cf5 vn="Win32/Toolbar.Conduit.A evtl. unerwünschte Anwendung" ac=I fn="F:\Programme\FreeVideoToDVDConverter.exe"
sh=7CE0ACE63F17B3ED807F11A84938E889DFFEC0C1 ft=1 fh=a7563853c8e289c6 vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung" ac=I fn="F:\Programme\FreeVideoToMp3Converter.exe"
FRST Logfile: FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 21-07-2014
Ran by Susi- (administrator) on SUSI on 22-07-2014 17:26:49
Running from C:\Users\Susi-\Downloads
Platform: Windows 8.1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Control Center\NetworkSetting\NetworkClient.exe
(Sony Corporation) C:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe
(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Control Center\VESMgr.exe
(Broadcom Corporation) C:\Program Files\Broadcom\Broadcom 802.11 Network Adapter\WLTRYSVC.EXE
(Broadcom Corporation) C:\Program Files\Broadcom\Broadcom 802.11 Network Adapter\BCMWLTRY.EXE
(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Control Center\VESMgrSub.exe
(Seiko Epson Corporation) C:\Windows\System32\escsvc64.exe
(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Control Center\VESMgrSub.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Control Center\SUSSoundProxy.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe
(Intel Corporation) C:\Program Files\Sony\VAIO Care\ESRV\esrv.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Broadcom Corporation) C:\Program Files\Broadcom\Broadcom 802.11 Network Adapter\WLTRAY.EXE
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(SEIKO EPSON CORPORATION) C:\Windows\System32\spool\drivers\x64\3\E_IATIIKE.EXE
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe
(Sony Corporation) C:\Program Files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Update\VAIOUpdt.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Update\VUAgent.exe
(Intel Corporation) C:\Program Files\Sony\VAIO Care\ESRV\esrv_svc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Control Center\vim.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Control Center\vim.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Care\VCSystemTray.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Care\VCService.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Care\VCAgent.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Care\VCAdmin.exe
(Intel Corporation) C:\Program Files\Sony\VAIO Care\VCPerfService.exe
() C:\Program Files\Sony\VAIO Care\listener.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avcenter.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1381744 2014-02-20] (Realtek Semiconductor)
HKLM\...\Run: [Broadcom Wireless Manager UI] => C:\Program Files\Broadcom\Broadcom 802.11 Network Adapter\WLTRAY.exe [10590208 2013-03-14] (Broadcom Corporation)
HKLM\...\Run: [Bluetooth] => C:\Program Files\WIDCOMM\Bluetooth Software\bttray.exe [526704 2012-12-14] (Broadcom Corporation.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3039984 2013-03-14] (Synaptics Incorporated)
HKLM-x32\...\Run: [PMBVolumeWatcher] => C:\Program Files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe [740376 2013-02-06] (Sony Corporation)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Intel AppUp(R) center] => C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe [156000 2013-02-19] (Intel Corporation)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [750160 2014-07-12] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-05-26] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-07-11] (Oracle Corporation)
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-1257074523-2441018885-1819162988-1001\...\Run: [EPLTarget\P0000000000000000] => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_IATIIKE.EXE [283232 2012-10-24] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-1257074523-2441018885-1819162988-1001\...\Run: [AmazonMP3DownloaderHelper] => C:\Users\Susi-\AppData\Local\Program Files\Amazon\MP3 Downloader\AmazonMP3DownloaderHelper.exe
HKU\S-1-5-21-1257074523-2441018885-1819162988-1001\...\Run: [YhhPack Update] => regsvr32.exe
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.web.de/
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://sony13.msn.com
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://vaioportal.sony.eu
HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie
SearchScopes: HKCU - {050147D7-80C4-4EF7-A6E6-2CD5856ACBBF} URL = hxxp://rover.ebay.com/rover/1/707-37276-16609-27/4?mpre=hxxp://shop.ebay.de/?oemInLn=ieSrch-&_nkw={searchTerms}
SearchScopes: HKCU - {56AF630B-6638-4CF3-B388-4AE452CC09BC} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MASEJS
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
FireFox:
========
FF ProfilePath: C:\Users\Susi-\AppData\Roaming\Mozilla\Firefox\Profiles\zahruggu.default
FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF64_12_0_0_77.dll ()
FF Plugin: @java.com/DTPlugin,version=10.13.2 - C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_77.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 - C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.65.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.65.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @mcafee.com/McAfeeMssPlugin - C:\Program Files (x86)\Sony\MSS\3.8.130\npMcAfeeMss.dll No File
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 - C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: intel.com/AppUp - C:\Program Files (x86)\Intel\IntelAppStore\bin\npAppUp.dll (Intel)
FF Plugin HKCU: intel.com/AppUpx64 - C:\Program Files (x86)\Intel\IntelAppStore\bin\npAppUp_x64.dll (Intel)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK
Chrome:
=======
CHR Extension: (Google Wallet) - C:\Users\Susi-\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-01-20]
==================== Services (Whitelisted) =================
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [430160 2014-07-12] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [430160 2014-07-12] (Avira Operations GmbH & Co. KG)
R2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe [1039952 2014-05-15] (Avira Operations GmbH & Co. KG)
S2 BcmBtRSupport; C:\Windows\system32\BtwRSupportService.exe [2252504 2013-09-04] (Broadcom Corporation.)
R2 EpsonScanSvc; C:\Windows\system32\EscSvc64.exe [135824 2011-12-12] (Seiko Epson Corporation)
R2 ESRV_SVC; C:\Program Files\Sony\VAIO Care\ESRV\esrv_svc.exe [377768 2013-11-19] (Intel Corporation)
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [129824 2013-01-23] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [166688 2013-01-23] (Intel Corporation)
S3 McComponentHostServiceSony; C:\Program Files (x86)\Sony\MSS\3.8.130\McCHSvc.exe [235216 2013-10-16] (McAfee, Inc.)
S3 NetworkSupport; C:\Program Files (x86)\Sony\VAIO Control Center\NetworkSetting\NetworkSupport.exe [629336 2013-09-28] (Sony Corporation)
R2 PMBDeviceInfoProvider; C:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe [483864 2013-02-06] (Sony Corporation)
R2 SampleCollector; C:\Program Files\Sony\VAIO Care\VCPerfService.exe [266168 2013-11-19] (Intel Corporation)
S3 USER_ESRV_SVC; C:\Program Files\Sony\VAIO Care\ESRV\esrv_svc.exe [377768 2013-11-19] (Intel Corporation)
S3 VCFw; C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [972000 2013-01-06] (Sony Corporation)
R3 VUAgent; C:\Program Files\Sony\VAIO Update\vuagent.exe [1642544 2014-02-27] (Sony Corporation)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347880 2014-03-24] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2014-03-24] (Microsoft Corporation)
R2 wltrysvc; C:\Program Files\Broadcom\Broadcom 802.11 Network Adapter\bcmwltry.exe [6070272 2013-03-14] (Broadcom Corporation) [File not signed]
==================== Drivers (Whitelisted) ====================
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [117712 2014-07-12] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [130584 2014-05-15] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\system32\DRIVERS\avkmgr.sys [28600 2013-12-09] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\Windows\system32\DRIVERS\avnetflt.sys [84720 2013-12-09] (Avira Operations GmbH & Co. KG)
R3 bcbtums; C:\Windows\system32\drivers\bcbtums.sys [170712 2013-09-04] (Broadcom Corporation.)
R3 BCM43XX; C:\Windows\system32\DRIVERS\bcmwl63a.sys [6971056 2013-03-14] (Broadcom Corporation)
R3 BthLEEnum; C:\Windows\System32\drivers\BthLEEnum.sys [226304 2013-12-04] (Microsoft Corporation)
R3 semav6thermal64ro; C:\WINDOWS\system32\drivers\semav6thermal64ro.sys [13792 2014-04-26] ()
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [33008 2013-03-14] (Synaptics Incorporated)
R0 SMR410; C:\Windows\System32\drivers\SMR410.SYS [96856 2014-07-22] (Symantec Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [123224 2014-03-24] (Microsoft Corporation)
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-07-22 15:09 - 2014-07-22 15:09 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-07-22 15:08 - 2014-07-22 15:08 - 02347384 _____ (ESET) C:\Users\Susi-\Downloads\esetsmartinstaller_deu.exe
2014-07-22 15:07 - 2014-07-22 15:07 - 00001146 _____ () C:\Users\Susi-\Desktop\mbam.txt
2014-07-22 14:48 - 2014-07-22 14:48 - 00001118 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-07-22 14:48 - 2014-07-22 14:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware
2014-07-22 14:48 - 2014-07-22 14:48 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware
2014-07-22 14:48 - 2014-05-12 07:26 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2014-07-22 14:48 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2014-07-22 14:47 - 2014-07-22 14:47 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Susi-\Downloads\mbam-setup-2.0.2.1012.exe
2014-07-22 14:18 - 2014-07-22 14:50 - 00122584 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2014-07-22 14:18 - 2014-07-22 14:48 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-07-22 14:18 - 2014-07-22 14:38 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-07-22 14:17 - 2014-07-22 14:38 - 00000000 ____D () C:\Users\Susi-\Desktop\mbar
2014-07-22 14:17 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2014-07-22 14:16 - 2014-07-22 14:17 - 14349744 _____ (Malwarebytes Corp.) C:\Users\Susi-\Downloads\mbar-1.07.0.1012.exe
2014-07-22 13:48 - 2014-07-22 13:48 - 00030039 _____ () C:\Users\Susi-\Downloads\Addition.txt
2014-07-22 13:47 - 2014-07-22 17:26 - 00014859 _____ () C:\Users\Susi-\Downloads\FRST.txt
2014-07-22 13:46 - 2014-07-22 13:47 - 05562504 _____ (Swearware) C:\Users\Susi-\Downloads\ComboFix.exe
2014-07-22 13:45 - 2014-07-22 17:26 - 00000000 ____D () C:\FRST
2014-07-22 13:44 - 2014-07-22 13:44 - 00272808 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\javaws.exe
2014-07-22 13:44 - 2014-07-22 13:44 - 00175528 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\javaw.exe
2014-07-22 13:44 - 2014-07-22 13:44 - 00175528 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\java.exe
2014-07-22 13:44 - 2014-07-22 13:44 - 00098216 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-32.dll
2014-07-22 13:44 - 2014-07-22 13:44 - 00000000 ____D () C:\ProgramData\Oracle
2014-07-22 13:44 - 2014-07-22 13:44 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-07-22 13:44 - 2014-07-22 13:44 - 00000000 ____D () C:\Program Files (x86)\Java
2014-07-22 13:43 - 2014-07-22 13:44 - 02090496 _____ (Farbar) C:\Users\Susi-\Downloads\FRST64.exe
2014-07-22 13:40 - 2014-07-22 13:56 - 638259200 _____ () C:\Users\Susi-\Downloads\rescue-system.iso
2014-07-22 13:38 - 2014-07-22 13:38 - 00918440 _____ (Oracle Corporation) C:\Users\Susi-\Downloads\jxpiinstall.exe
2014-07-22 13:27 - 2014-07-22 13:28 - 00000000 ____D () C:\NPE
2014-07-22 13:24 - 2014-07-22 13:38 - 00000000 ____D () C:\Users\Susi-\AppData\Local\NPE
2014-07-22 13:24 - 2014-07-22 13:24 - 00096856 _____ (Symantec Corporation) C:\WINDOWS\system32\Drivers\SMR410.SYS
2014-07-22 13:24 - 2014-07-22 13:24 - 00000000 ____D () C:\ProgramData\Norton
2014-07-22 13:23 - 2014-07-22 13:23 - 03081712 ____N (Symantec Corporation) C:\Users\Susi-\Downloads\NPE.exe
2014-06-29 14:14 - 2014-06-29 14:14 - 00000000 ____D () C:\Users\HomeGroupUser$\AppData\Local\Packages
2014-06-29 14:14 - 2014-06-29 14:14 - 00000000 ____D () C:\Users\HomeGroupUser$
2014-06-29 14:14 - 2014-06-29 14:14 - 00000000 ____D () C:\Users\Gast\AppData\Local\Packages
2014-06-29 14:14 - 2014-06-29 14:14 - 00000000 ____D () C:\Users\Gast
2014-06-29 14:14 - 2014-06-29 14:14 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Packages
2014-06-29 14:14 - 2014-06-29 14:14 - 00000000 ____D () C:\Users\Administrator
2014-06-29 14:08 - 2014-06-29 14:08 - 00000998 _____ () C:\Users\Public\Desktop\VAIO Update.lnk
2014-06-29 14:08 - 2014-06-29 14:08 - 00000998 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VAIO Update.lnk
==================== One Month Modified Files and Folders =======
2014-07-22 17:27 - 2014-07-22 13:47 - 00014859 _____ () C:\Users\Susi-\Downloads\FRST.txt
2014-07-22 17:26 - 2014-07-22 13:45 - 00000000 ____D () C:\FRST
2014-07-22 17:00 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\system32\sru
2014-07-22 15:13 - 2013-11-14 09:27 - 01776918 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2014-07-22 15:13 - 2013-11-14 09:11 - 00765582 _____ () C:\WINDOWS\system32\perfh007.dat
2014-07-22 15:13 - 2013-11-14 09:11 - 00159366 _____ () C:\WINDOWS\system32\perfc007.dat
2014-07-22 15:09 - 2014-07-22 15:09 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-07-22 15:08 - 2014-07-22 15:08 - 02347384 _____ (ESET) C:\Users\Susi-\Downloads\esetsmartinstaller_deu.exe
2014-07-22 15:07 - 2014-07-22 15:07 - 00001146 _____ () C:\Users\Susi-\Desktop\mbam.txt
2014-07-22 15:05 - 2013-12-20 18:54 - 00003600 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1257074523-2441018885-1819162988-1001
2014-07-22 14:50 - 2014-07-22 14:18 - 00122584 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2014-07-22 14:48 - 2014-07-22 14:48 - 00001118 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-07-22 14:48 - 2014-07-22 14:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware
2014-07-22 14:48 - 2014-07-22 14:48 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware
2014-07-22 14:48 - 2014-07-22 14:18 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-07-22 14:47 - 2014-07-22 14:47 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Susi-\Downloads\mbam-setup-2.0.2.1012.exe
2014-07-22 14:38 - 2014-07-22 14:18 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-07-22 14:38 - 2014-07-22 14:17 - 00000000 ____D () C:\Users\Susi-\Desktop\mbar
2014-07-22 14:17 - 2014-07-22 14:16 - 14349744 _____ (Malwarebytes Corp.) C:\Users\Susi-\Downloads\mbar-1.07.0.1012.exe
2014-07-22 14:08 - 2014-02-16 06:04 - 01679176 _____ () C:\WINDOWS\WindowsUpdate.log
2014-07-22 13:56 - 2014-07-22 13:40 - 638259200 _____ () C:\Users\Susi-\Downloads\rescue-system.iso
2014-07-22 13:48 - 2014-07-22 13:48 - 00030039 _____ () C:\Users\Susi-\Downloads\Addition.txt
2014-07-22 13:47 - 2014-07-22 13:46 - 05562504 _____ (Swearware) C:\Users\Susi-\Downloads\ComboFix.exe
2014-07-22 13:44 - 2014-07-22 13:44 - 00272808 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\javaws.exe
2014-07-22 13:44 - 2014-07-22 13:44 - 00175528 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\javaw.exe
2014-07-22 13:44 - 2014-07-22 13:44 - 00175528 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\java.exe
2014-07-22 13:44 - 2014-07-22 13:44 - 00098216 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-32.dll
2014-07-22 13:44 - 2014-07-22 13:44 - 00000000 ____D () C:\ProgramData\Oracle
2014-07-22 13:44 - 2014-07-22 13:44 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-07-22 13:44 - 2014-07-22 13:44 - 00000000 ____D () C:\Program Files (x86)\Java
2014-07-22 13:44 - 2014-07-22 13:43 - 02090496 _____ (Farbar) C:\Users\Susi-\Downloads\FRST64.exe
2014-07-22 13:44 - 2013-11-01 11:11 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-07-22 13:38 - 2014-07-22 13:38 - 00918440 _____ (Oracle Corporation) C:\Users\Susi-\Downloads\jxpiinstall.exe
2014-07-22 13:38 - 2014-07-22 13:24 - 00000000 ____D () C:\Users\Susi-\AppData\Local\NPE
2014-07-22 13:34 - 2014-04-07 13:51 - 00000000 ____D () C:\Users\Susi-\AppData\Roaming\Amazon
2014-07-22 13:34 - 2014-04-07 13:47 - 00000000 ____D () C:\Users\Susi-\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Amazon
2014-07-22 13:28 - 2014-07-22 13:27 - 00000000 ____D () C:\NPE
2014-07-22 13:27 - 2013-08-22 16:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-07-22 13:26 - 2013-08-22 15:25 - 00262144 ___SH () C:\WINDOWS\system32\config\BBI
2014-07-22 13:24 - 2014-07-22 13:24 - 00096856 _____ (Symantec Corporation) C:\WINDOWS\system32\Drivers\SMR410.SYS
2014-07-22 13:24 - 2014-07-22 13:24 - 00000000 ____D () C:\ProgramData\Norton
2014-07-22 13:23 - 2014-07-22 13:23 - 03081712 ____N (Symantec Corporation) C:\Users\Susi-\Downloads\NPE.exe
2014-07-22 13:10 - 2014-02-17 16:44 - 00003914 _____ () C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{C7F60A85-E73B-43D2-8F59-55EA008F6EB1}
2014-07-21 19:24 - 2012-07-26 10:12 - 00000000 ____D () C:\WINDOWS\LiveKernelReports
2014-07-17 19:59 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\AppReadiness
2014-07-14 14:12 - 2012-07-26 09:59 - 00000000 ____D () C:\WINDOWS\CbsTemp
2014-07-14 14:03 - 2014-01-17 16:29 - 00000000 ____D () C:\Users\Susi-\AppData\Local\YhhPack
2014-07-14 13:53 - 2014-03-22 11:40 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-07-14 13:53 - 2013-11-14 00:18 - 00008850 _____ () C:\WINDOWS\PFRO.log
2014-07-14 13:47 - 2013-12-20 18:38 - 00000000 ____D () C:\Users\Susi-\AppData\Roaming\Sony Corporation
2014-07-12 21:21 - 2013-12-20 19:15 - 00117712 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avgntflt.sys
2014-06-30 11:10 - 2013-12-20 18:43 - 00000000 ____D () C:\Update
2014-06-29 14:14 - 2014-06-29 14:14 - 00000000 ____D () C:\Users\HomeGroupUser$\AppData\Local\Packages
2014-06-29 14:14 - 2014-06-29 14:14 - 00000000 ____D () C:\Users\HomeGroupUser$
2014-06-29 14:14 - 2014-06-29 14:14 - 00000000 ____D () C:\Users\Gast\AppData\Local\Packages
2014-06-29 14:14 - 2014-06-29 14:14 - 00000000 ____D () C:\Users\Gast
2014-06-29 14:14 - 2014-06-29 14:14 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Packages
2014-06-29 14:14 - 2014-06-29 14:14 - 00000000 ____D () C:\Users\Administrator
2014-06-29 14:14 - 2013-11-01 10:07 - 00000000 ____D () C:\Program Files\Sony
2014-06-29 14:08 - 2014-06-29 14:08 - 00000998 _____ () C:\Users\Public\Desktop\VAIO Update.lnk
2014-06-29 14:08 - 2014-06-29 14:08 - 00000998 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VAIO Update.lnk
2014-06-29 14:08 - 2013-11-01 11:30 - 00000000 ____D () C:\WINDOWS\System32\Tasks\Sony Corporation
2014-06-29 14:08 - 2013-11-01 11:25 - 00000000 ____D () C:\ProgramData\Sony Corporation
2014-06-29 14:05 - 2014-05-15 13:09 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox.bak
Some content of TEMP:
====================
C:\Users\Susi-\AppData\Local\Temp\avgnt.exe
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2014-07-22 15:05
==================== End Of Log ============================
--- --- --- --- --- --- Puuuh, ich hoffe das passt alles so??? |
| Themen zu Trojaner Sparkasse Allgäu |
| allgäu, antivir, dankbar, gefunde, hilfe, hoffe, nichts, norton, power, sparkasse, tans, troja, trojaner, trojaner? |
Baum-Darstellung