Anbei mal die entsprechenden Zeilen aus der Defender log (gesamte Datei ist sonst zu lang). Code:
T15:02:42.600Z DETECTIONEVENT TrojanDownloader:Win32/Esaprof!rfn file:C:\ProgramData\Avira\Antivirus\TEMP\AVSCAN-20160101-155931-02D5BF62\0000003E-150D2FCE;
2016-01-01T15:02:42.826Z DETECTION_ADD TrojanDownloader:Win32/Esaprof!rfn file:C:\ProgramData\Avira\Antivirus\TEMP\AVSCAN-20160101-155931-02D5BF62\0000003E-150D2FCE
T TrojanDownloader:Win32/Esaprof!rfn file:C:\Windows\Temp\0000003E-161A0C5D;
2016-01-01T15:02:47.764Z IWscAVStatus::UpdateStatus() succceeded writing instance with state (1), snoooze state (0), and up-to-date state(1)
2016-01-01T15:02:47.764Z DETECTION_ADD TrojanDownloader:Win32/Esaprof!rfn file:C:\Windows\Temp\0000003E-161A0C5D
T TrojanDownloader:Win32/Esaprof!rfn file:C:\ProgramData\Avira\Antivirus\TEMP\AVSCAN-20160108-155930-52A10CF6\00000127-5CA9AD68;
2016-01-08T15:01:13.084Z DETECTION_ADD TrojanDownloader:Win32/Esaprof!rfn file:C:\ProgramData\Avira\Antivirus\TEMP\AVSCAN-20160108-155930-52A10CF6\00000127-5CA9AD68
2016-01-08T15:01:18.579Z Task(GetDeviceTicket -AccessKey BB67112E-C31E-BEFE-044D-CD5FF73217D3 ) launched as network service
Resource Path:C:\ProgramData\Avira\Antivirus\TEMP\AVSCAN-20160115-155931-A60D9AFB\00000210-B149943F
Result Count:1
Threat Name:TrojanDownloader:Win32/Esaprof!rfn
ID:2147693023
Severity:5
Number of Resources:1
2016-01-15T15:01:27.266Z DETECTIONEVENT TrojanDownloader:Win32/Esaprof!rfn file:C:\ProgramData\Avira\Antivirus\TEMP\AVSCAN-20160115-155931-A60D9AFB\00000210-B149943F;
2016-01-15T15:01:27.319Z DETECTION_ADD TrojanDownloader:Win32/Esaprof!rfn file:C:\ProgramData\Avira\Antivirus\TEMP\AVSCAN-20160115-155931-A60D9AFB\00000210-B149943F
2016-01-15T15:01:33.874Z IWscAVStatus::UpdateStatus() succceeded writing instance with state (1), snoooze state (0), and up-to-date state(1)
2016-01-15T15:01:33.877Z IWscASStatus::UpdateStatus() succceeded writing instance with state (1), snoooze state (0), and up-to-date state(1)
AMSI Scan AppID:JScript
AMSI Result:Clean
2016-01-20T19:26:41.693Z DETECTIONEVENT TrojanDownloader:Win32/Esaprof!rfn file:C:\Windows\Temp\000002BD-7CF9EBA2;
2016-01-20T19:26:41.694Z DETECTION_ADD TrojanDownloader:Win32/Esaprof!rfn file:C:\Windows\Temp\000002BD-7CF9EBA2
2016-01-22T15:01:17.167Z DETECTIONEVENT TrojanDownloader:Win32/Esaprof!rfn file:C:\ProgramData\Avira\Antivirus\TEMP\AVSCAN-20160122-155933-FA7D7C0E\0000001F-04A54F0D;
2016-01-22T15:01:17.205Z DETECTION_ADD TrojanDownloader:Win32/Esaprof!rfn file:C:\ProgramData\Avira\Antivirus\TEMP\AVSCAN-20160122-155933-FA7D7C0E\0000001F-04A54F0D
2016-01-22T15:01:22.399Z Task(GetDeviceTicket -AccessKey 66DA2F7E-75A5-6678-60B9-347FE43410E9 ) launched as network service
2016-01-22T15:01:24.017Z IWscAVStatus::UpdateStatus() succceeded writing instance with state (1), snoooze state (0), and up-to-date state(1)
2016-01-22T15:01:24.021Z IWscASStatus::UpdateStatus() succceeded writing instance with state (1), snoooze state (0), and up-to-date state(1)
2016-01-22T15:01:26.028Z IWscAVStatus::UpdateStatus() succceeded writing instance with state (1), snoooze state (0), and up-to-date state(1)
2016-01-22T15:01:26.036Z IWscASStatus::UpdateStatus() succceeded writing instance with state (1), snoooze state (0), and up-to-date state(1)
Start Time:01-22-2016 16:02:08
End Time:01-22-2016 16:03:54
Explicit resource to scan
Resource Schema:file
Resource Path:C:\Windows\Temp\0000001F-09BE9834
Result Count:1
Threat Name:TrojanDownloader:Win32/Esaprof!rfn
ID:2147693023
Severity:5
Number of Resources:1
Resource Schema:file
Resource Path:C:\Windows\Temp\0000001F-09BE9834
Extended Info:23633372774047
End Scan
2016-01-22T15:03:54.436Z DETECTIONEVENT TrojanDownloader:Win32/Esaprof!rfn file:C:\Windows\Temp\0000001F-09BE9834;
2016-01-22T15:03:54.436Z DETECTION_ADD TrojanDownloader:Win32/Esaprof!rfn file:C:\Windows\Temp\0000001F-09BE9834
2016-01-22T15:03:54.483Z DETECTION_ADD TrojanDownloader:Win32/Esaprof!rfn file:C:\Windows\Temp\0000001F-0AE4A081
2016-01-22T15:03:56.445Z IWscAVStatus::UpdateStatus() succceeded writing instance with state (1), snoooze state (0), and up-to-date state(1)
2016-01-22T15:03:56.450Z IWscASStatus::UpdateStatus() succceeded writing instance with state (1), snoooze state (0), and up-to-date state(1)
2016-01-22T15:03:58.458Z IWscAVStatus::UpdateStatus() succceeded writing instance with state (1), snoooze state (0), and up-to-date state(1)
2016-01-22T15:03:58.461Z IWscASStatus::UpdateStatus() succceeded writing instance with state (1), snoooze state (0), and up-to-date state(1)
Begin Resource Scan
Scan ID:{34D38344-B65E-43D1-AC0F-FE48E94DBA4C}
Scan Source:3
Start Time:01-22-2016 16:05:48
End Time:01-22-2016 16:06:01
Explicit resource to scan
Resource Schema:file
Resource Path:C:\ProgramData\Avira\Antivirus\TEMP\AVSCAN-20160122-160241-0D1F4E95\0000001F-1F8CC51B
Result Count:1
Threat Name:TrojanDownloader:Win32/Esaprof!rfn
ID:2147693023
Severity:5
Number of Resources:1
Resource Schema:file
Resource Path:C:\ProgramData\Avira\Antivirus\TEMP\AVSCAN-20160122-160241-0D1F4E95\0000001F-1F8CC51B
Extended Info:23633372774047
End Scan
2016-01-22T15:06:01.492Z DETECTIONEVENT TrojanDownloader:Win32/Esaprof!rfn file:C:\ProgramData\Avira\Antivirus\TEMP\AVSCAN-20160122-160241-0D1F4E95\0000001F-1F8CC51B;
2016-01-22T15:06:01.492Z DETECTION_ADD TrojanDownloader:Win32/Esaprof!rfn file:C:\ProgramData\Avira\Antivirus\TEMP\AVSCAN-20160122-160241-0D1F4E95\0000001F-1F8CC51B
2016-01-22T15:06:03.519Z IWscAVStatus::UpdateStatus() succceeded writing instance with state (1), snoooze state (0), and up-to-date state(1)
2016-01-22T15:06:03.522Z IWscASStatus::UpdateStatus() succceeded writing instance with state (1), snoooze state (0), and up-to-date state(1)
2016-01-22T15:06:05.528Z IWscAVStatus::UpdateStatus() succceeded writing instance with state (1), snoooze state (0), and up-to-date state(1)
2016-01-22T15:06:05.531Z IWscASStatus::UpdateStatus() succceeded writing instance with state (1), snoooze state (0), and up-to-date state(1)
Internal signature match:subtype=Persist, sigseq=0x000005554791553A, signame=#PERSIST_PUA:PoorCertRep:ML2:Block, cached=false, resource="\\?\C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\Assistant64.exe"
Internal signature match:subtype=Persist, sigseq=0x000005554791553A, signame=#PERSIST_PUA:PoorCertRep:ML2:Block, cached=false, resource="\\?\C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns64.dll"
Internal signature match:subtype=Persist, sigseq=0x000005554791553A, signame=#PERSIST_PUA:PoorCertRep:ML2:Block, cached=false, resource="\\?\C:\Program Files (x86)\Common Files\DVDVideoSoft\lib\MediaTagsEditor.dll"
Internal signature match:subtype=Persist, sigseq=0x000005554791553A, signame=#PERSIST_PUA:PoorCertRep:ML2:Block, cached=false, resource="\\?\C:\Program Files (x86)\Common Files\DVDVideoSoft\lib\Uninstall.exe"
Internal signature match:subtype=Persist, sigseq=0x000005554791553A, signame=#PERSIST_PUA:PoorCertRep:ML2:Block, cached=false, resource="\\?\C:\Program Files (x86)\DVDVideoSoft\unins000.exe"
Internal signature match:subtype=Persist, sigseq=0x000005554791553A, signame=#PERSIST_PUA:PoorCertRep:ML2:Block, cached=false, resource="\\?\C:\Program Files (x86)\DVDVideoSoft\Free YouTube to MP3 Converter\FreeYouTubeToMP3Converter.exe"
Internal signature match:subtype=Lowfi, sigseq=0x0000157E78082D34, signame=ALF:Trojan:Win32/Skeeyah.A!rfn, cached=false, resource="\Device\HarddiskVolume5\Autodesk\WI\Autodesk Inventor 2014\x64\Components\DWGVIEWER\Program Files\DWG TrueView 2014\styshwiz.exe"
Internal signature match:subtype=Lowfi, sigseq=0x0000157E78082D34, signame=ALF:Trojan:Win32/Skeeyah.A!rfn, cached=true, resource="\Device\HarddiskVolume5\Autodesk\WI\Autodesk Inventor 2014\x64\Components\DWGVIEWER\Program Files\DWG TrueView 2014\styshwiz.exe"
Begin Resource Scan
Scan ID:{DBF51279-51FD-4EC1-88F2-BA5E9F92808F}
Scan Source:7
Start Time:01-22-2016 16:16:49
End Time:01-22-2016 16:16:49
Explicit resource to scan
Resource Schema:queryfilertsig
Resource Path:C:\Autodesk\WI\Autodesk Inventor 2014\x64\Components\DWGVIEWER\Program Files\DWG TrueView 2014\styshwiz.exe
Result Count:1
Known File
Number of Resources:1
Resource Schema:file
Resource Path:C:\Autodesk\WI\Autodesk Inventor 2014\x64\Components\DWGVIEWER\Program Files\DWG TrueView 2014\styshwiz.exe
Extended Info:103835837907976
End Scan
Internal signature match:subtype=Persist, sigseq=0x000005554791553A, signame=#PERSIST_PUA:PoorCertRep:ML2:Block, cached=false, resource="\Device\HarddiskVolume5\Program Files (x86)\Common Files\DVDVideoSoft\FreeStudioManager.exe"
Internal signature match:subtype=Persist, sigseq=0x000005554791553A, signame=#PERSIST_PUA:PoorCertRep:ML2:Block, cached=false, resource="\Device\HarddiskVolume5\Program Files (x86)\Common Files\DVDVideoSoft\FreeStudioManager.exe"
2016-01-22T15:46:20.317Z DETECTIONEVENT TrojanDownloader:Win32/Esaprof!rfn file:C:\ProgramData\Avira\Antivirus\TEMP\AVSCAN-20160122-160241-0D1F4E95\00000020-0F8911E3;
2016-01-22T15:46:20.318Z DETECTION_ADD TrojanDownloader:Win32/Esaprof!rfn file:C:\ProgramData\Avira\Antivirus\TEMP\AVSCAN-20160122-160241-0D1F4E95\00000020-0F8911E3
Internal signature match:subtype=Persist, sigseq=0x000005554791553A, signame=#PERSIST_PUA:PoorCertRep:ML2:Block, cached=false, resource="\Device\HarddiskVolume5\Program Files (x86)\Common Files\DVDVideoSoft\FreeStudioManager.exe"
2016-01-22T20:05:40.290Z DETECTIONEVENT TrojanDownloader:Win32/Esaprof!rfn file:C:\Windows\Temp\00000001-34E26F0D;
2016-01-22T20:05:40.337Z DETECTION_ADD TrojanDownloader:Win32/Esaprof!rfn file:C:\Windows\Temp\00000001-34E26F0D
Internal signature match:subtype=Persist, sigseq=0x000005554791553A, signame=#PERSIST_PUA:PoorCertRep:ML2:Block, cached=false, resource="\Device\HarddiskVolume5\Program Files (x86)\DVDVideoSoft\Free YouTube to MP3 Converter\FreeYouTubeToMP3Converter.exe"
2016-01-22T20:05:42.367Z IWscAVStatus::UpdateStatus() succceeded writing instance with state (1), snoooze state (0), and up-to-date state(1)
2016-01-22T20:05:42.369Z IWscASStatus::UpdateStatus() succceeded writing instance with state (1), snoooze state (0), and up-to-date state(1)
2016-01-22T20:05:44.373Z IWscAVStatus::UpdateStatus() succceeded writing instance with state (1), snoooze state (0), and up-to-date state(1)
2016-01-22T20:05:44.376Z IWscASStatus::UpdateStatus() succceeded writing instance with state (1), snoooze state (0), and up-to-date state(1)
AMSI Scan AppID:JScript
AMSI Result:Clean
Internal signature match:subtype=Persist, sigseq=0x000005554791553A, signame=#PERSIST_PUA:PoorCertRep:ML2:Block, cached=false, resource="\\?\C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns64.dll"
016-01-22T20:05:40.290Z DETECTIONEVENT TrojanDownloader:Win32/Esaprof!rfn file:C:\Windows\Temp\00000001-34E26F0D;
2016-01-22T20:05:40.337Z DETECTION_ADD TrojanDownloader:Win32/Esaprof!rfn file:C:\Windows\Temp\00000001-34E26F0D |