| |
| |||||||
Log-Analyse und Auswertung: Trojanerfund durch MSE - Trojan:Win32/Peaac.gen!A!plockWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
05.11.2014, 13:49
| #1 |
 |  Trojanerfund durch MSE - Trojan:Win32/Peaac.gen!A!plock Hallo Trojaner-Board Ich bin (leider) mal wider auf eure Hilfe angwiesen. Heute morgen meldete MSE einen Trojaner den ich in Quarantäne verschoben habe. Vollständiger Scan anschliessend brachte nix mehr aber die Suchläufe mit ESET und MBAM brachten Meldungen hoch. Es wäre nett wenn da mal einer rüberschauen könnte. Vielen Dank im voraus MBAM Log Code:
ATTFilter Malwarebytes Anti-Malware 1.70.0.1100 www.malwarebytes.org Datenbank Version: v2014.11.05.04 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 11.0.9600.17358 Cak :: CAK-PC [Administrator] 05.11.2014 11:22:30 MBAM-log-2014-11-05 (13-31-39).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 557798 Laufzeit: 2 Stunde(n), 8 Minute(n), 4 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 3 C:\ProgramData\7093A903.cpp (Spyware.Zbot.ED) -> Keine Aktion durchgeführt. C:\Users\Cak\AppData\Local\Temp\Low\ogcG.dll (Spyware.Zbot.ED) -> Keine Aktion durchgeführt. C:\Users\Cak\AppData\Local\Temp\Low\U2Dv.dll (Trojan.FakeMS.ED) -> Keine Aktion durchgeführt. (Ende) Code:
ATTFilter C:\Users\All Users\309A3907.dot Variante von Win64/Kryptik.GK Trojaner
C:\Users\All Users\7093A903.cpp Variante von Win32/Kryptik.CPAQ Trojaner
C:\ProgramData\309A3907.dot Variante von Win64/Kryptik.GK Trojaner Gesäubert durch Löschen - in Quarantäne kopiert
C:\ProgramData\7093A903.cpp Variante von Win32/Kryptik.CPAQ Trojaner Gesäubert durch Löschen (nach dem nächsten Neustart) - in Quarantäne kopiert
C:\Users\Cak\AppData\Local\Temp\Low\ogcG.dll Variante von Win32/Kryptik.CPAQ Trojaner Gesäubert durch Löschen - in Quarantäne kopiert
C:\Users\Cak\AppData\Local\Temp\Low\U2Dv.dll Variante von Win32/Kryptik.COZM Trojaner Gesäubert durch Löschen - in Quarantäne kopiert
Arbeitsspeicher Mehrere Bedrohungen
Code:
ATTFilter Microsoft Security Essentials (EDB4FA23-53B8-4AFA-8C5D-99752CCA7094) Service Log
Started On 11-04-2014 16:55:14
************************************************************
2014-11-04T15:55:14.926Z Trace session started - MpWppTracing-11042014-165514-00000003-ffffffff.bin**********Cache stats************
No. Of buckets -> 96852
Each Bucket has max capacity of -> 1 entries
number of Entries is 67267
Number of invalid entries is 0
Number of inserts issued is 513115
Number of replaces issued is 0
Number of insert failures is 2570
Number of inserts with duplicate entries is 9968
Number of lookups is 18165204
Number of lookup misses is 3296974
Number of fast lookup misses is 6208031
Number of false fast lookups is 1208828
Number of invalidations is 41138
Number of maintenance invalidations is 64090
Current File Size is 2371584
Journal ID = 1ce0194bf803394
Trusted image state = 1 USN = 0
Setup boot count = 0
2014-11-04T15:55:14.942Z Verifying RTP plugin...
2014-11-04T15:55:14.942Z verified!
2014-11-04T15:55:14.957Z Verifying Nis plugin...
2014-11-04T15:55:14.957Z verified!
2014-11-04T15:55:14.957Z Initializing Nis plugin state...
2014-11-04T15:55:14.957Z Nis initialized!
2014-11-04T15:55:14.957Z Loading engine...
2014-11-04T15:55:15.347Z Verifying engine and signature files (source: 1) ...
2014-11-04T15:55:15.347Z verified!
2014-11-04T15:55:17.472Z Initializing SQM in engine...
2014-11-04T15:55:17.472Z SQM initialized in the engine successfully
2014-11-04T15:55:17.542Z CSignatureStatus: back to good
2014-11-04T15:55:17.542Z Initializing RTP plugin state...
2014-11-04T15:55:17.542Z initialized!
****************************RTP Perf Log***************************
RTP Start:N/A
Last Perf:(null)
First RTP Scan:N/A
Plugin States: AV:2 AS:2 RTP:2 OA:2 BM:2
Process Exclusions:
Path Exclusions:
Ext Exclusions:
Worker Threads:
AM:19
Async:4
Cache Flushes:
RTP:0
System File Cache:
Hits:0
Misses:0
BM Queue:0,0,0
Proc:0,0,0
File:0,0,0
Plugin Queue:0,0,0
Threat:0,0,0
Susp:0,0,0
Unknown:0,0,0
Error:0,0,0
Request Queue:1,1,0
SetEngine:1,1,0
SetState:0,0,0
SetUser:0,0,0
Config:0,0,0
ProcExcl:0,0,0
FilterReload:0,0,0
FilterUnload:0,0,0
MpFilter:
Scans:0
Pending:0
RegSize:0
AsyncQNotif:0
AsyncQMissed:0
AsyncQTotalSent:1548
AsyncQCurrent:0
BMFlags:8
ServiceMaj:0
ServiceMin:0
ProcBitmap:0
NumInstance:5
TotalStreamCon:1113
TotalBitmap:101840
NTFS Cache Statistics:
TotalMisses:2982
TotalHits:0
InstanceCacheHits:0
CSVFS Cache Statistics (Type:GenericTable, Policy:WriteBack):
TotalMisses:0
TotalHits:0
InstanceCacheInserts:0
InstanceCacheUpdates:0
InstanceCacheDeletes:0
InstanceCacheHits:0
InstanceCacheMisses:0
InstanceCacheOverflows:0
REFS Cache Statistics (Type:GenericTable, Policy:WriteBack):
TotalMisses:0
TotalHits:0
InstanceCacheInserts:0
InstanceCacheUpdates:0
InstanceCacheDeletes:0
InstanceCacheHits:0
InstanceCacheMisses:0
InstanceCacheOverflows:0
**************************END RTP Perf Log*************************
2014-11-04T15:55:17.662Z loaded!
2014-11-04T15:55:17.672Z Verifying license file...
2014-11-04T15:55:17.672Z verified!
2014-11-04T15:55:17.672Z Product supports installmode: 0
2014-11-04T15:55:17.672Z Auto purger task is scheduled to run in 600000(ms) from now with period 86400000(ms)
Product Version: 4.6.305.0
Service Version: 4.6.305.0
Engine Version: 1.1.11104.0
AS Signature Version: 1.187.1228.0
AV Signature Version: 1.187.1228.0
************************************************************
2014-11-04T15:56:15.019Z Process scan (poststartupscan) started.
2014-11-04T15:56:16.704Z Process scan (poststartupscan) completed.
2014-11-04T15:57:23.940Z IWscAVStatus::UpdateStatus() succceeded writing instance with state (1) and up-to-date state(1)
2014-11-04T15:57:23.972Z IWscASStatus::UpdateStatus() succceeded writing instance with state (1) and up-to-date state(1)
2014-11-04T16:05:29.633Z AutoPurgeWorker triggered with dwWork=0x3
2014-11-04T16:05:29.758Z Product supports installmode: 0
2014-11-04T16:05:31.037Z Task(SignatureUpdate -ScheduleJob -RestrictPrivileges) is scheduled to run in 86400000(ms) from now with period 86400000(ms)
2014-11-04T16:05:31.037Z Task(Scan -ScheduleJob -RestrictPrivileges -ScanType 2) is scheduled to run in 86400000(ms) from now with period 31830870(ms)
2014-11-04T16:05:36.450Z Detection State: Finished(1) Failed(0) CriticalFailed(0) Additional Actions(0)
2014-11-04T16:05:36.934Z Trace buffers written: 5, events lost: 0, buffers lost: 0, days: 0
2014-11-04T16:05:36.934Z Trusted image bitmap: 0x0
2014-11-04T16:05:36.934Z Trusted image OEM name: (not found)
2014-11-04T16:05:36.996Z Task(-UploadSQM -RestrictPrivileges) launched
Internal signature match:subtype=Lowfi, sigseq=0x00000555BBDDC943, signame=#ExplFN.P
Internal signature match:subtype=Lowfi, sigseq=0x00000555BBDDC943, signame=#ExplFN.P
Internal signature match:subtype=Lowfi, sigseq=0x00000555BBDDC943, signame=#ExplFN.P
DSS Timeout:Received results after timeout
Begin Resource Scan
Scan ID:{5DFB9888-0020-436F-B4B6-05A2171FF3C0}
Scan Source:7
Start Time:11-04-2014 18:54:31
End Time:11-04-2014 18:54:31
Explicit resource to scan
Resource Schema:queryfilertsig
Resource Path:C:\PROGRA~3\7093A903.cpp
Result Count:1
Unknown File
Identifier:347110553111494654
Number of Resources:1
Resource Schema:queryfilertsig
Resource Path:C:\ProgramData\7093A903.cpp
Extended Info:5865782233411
End Scan
************************************************************
Internal signature match:subtype=Lowfi, sigseq=0x00000555726F90B3, signame=#LowFiContextRundllAppdata
Internal signature match:subtype=Persist, sigseq=0x00000555A6D4A051, signame=#PERSIST_ContextRundllAppdata
DSS Timeout:Received results after timeout
Internal signature match:subtype=Lowfi, sigseq=0x0000055596322E13, signame=#Lowfi:HSTR:VirTool:Win64/Obfuscator.ADB_Reveton_str
Internal signature match:subtype=Lowfi, sigseq=0x00000555726F90B3, signame=#LowFiContextRundllAppdata
Internal signature match:subtype=Persist, sigseq=0x00000555A6D4A051, signame=#PERSIST_ContextRundllAppdata
Internal signature match:subtype=Lowfi, sigseq=0x0000055596322E13, signame=#Lowfi:HSTR:VirTool:Win64/Obfuscator.ADB_Reveton_str
Internal signature match:subtype=Lowfi, sigseq=0x00000555726F90B3, signame=#LowFiContextRundllAppdata
Internal signature match:subtype=Persist, sigseq=0x00000555A6D4A051, signame=#PERSIST_ContextRundllAppdata
Internal signature match:subtype=Lowfi, sigseq=0x0000055596322E13, signame=#Lowfi:HSTR:VirTool:Win64/Obfuscator.ADB_Reveton_str
Internal signature match:subtype=Lowfi, sigseq=0x00000555726F90B3, signame=#LowFiContextRundllAppdata
Internal signature match:subtype=Persist, sigseq=0x00000555A6D4A051, signame=#PERSIST_ContextRundllAppdata
Internal signature match:subtype=Lowfi, sigseq=0x0000055596322E13, signame=#Lowfi:HSTR:VirTool:Win64/Obfuscator.ADB_Reveton_str
Internal signature match:subtype=Lowfi, sigseq=0x00000555726F90B3, signame=#LowFiContextRundllAppdata
Internal signature match:subtype=Persist, sigseq=0x00000555A6D4A051, signame=#PERSIST_ContextRundllAppdata
Internal signature match:subtype=Lowfi, sigseq=0x0000055596322E13, signame=#Lowfi:HSTR:VirTool:Win64/Obfuscator.ADB_Reveton_str
DSS Timeout:Received results after timeout
Begin Resource Scan
Scan ID:{3BD71219-E949-40E0-89A3-B8B333E29DC9}
Scan Source:7
Start Time:11-04-2014 18:54:51
End Time:11-04-2014 18:55:03
Explicit resource to scan
Resource Schema:queryfilertsig
Resource Path:C:\ProgramData\309A3907.dot
Result Count:1
Unknown File
Identifier:5109740018881003518
Number of Resources:1
Resource Schema:queryfilertsig
Resource Path:C:\ProgramData\309A3907.dot
Extended Info:5864550273203
End Scan
************************************************************
DSS Timeout:Received results after timeout
2014-11-04T18:02:28.824Z Task(SignaturesUpdateService -UnmanagedUpdate) launched
2014-11-04T18:03:31.402Z Verifying engine and signature files (source: 0) ...
2014-11-04T18:03:31.543Z verified!
2014-11-04T18:03:36.301Z Dynamic signature dropped
Dynamic Signature has been dropped
Dynamic Signature Type:Signature Update
Signature Path:C:\ProgramData\Microsoft\Microsoft Antimalware\Scans\\RtSigs\Data\7d44d915685b464d74d489c2a81a3a410b5b0657
Dynamic Signature Compilation Timestamp:01-01-1601 01:02:21
Persistence Type:VDM Version
Source Version:282278216073217
Expiration Version:282278216073217
2014-11-04T18:03:46.130Z Initializing SQM in engine...
2014-11-04T18:03:46.130Z SQM initialized in the engine successfully
2014-11-04T18:03:46.208Z Initializing RTP plugin state...
2014-11-04T18:03:46.208Z initialized!
****************************RTP Perf Log***************************
RTP Start:11-04-2014 16:55:17
Last Perf:11-04-2014 16:55:17
First RTP Scan:11-04-2014 16:55:18
Plugin States: AV:1 AS:1 RTP:1 OA:1 BM:1
Process Exclusions:
Path Exclusions:
Ext Exclusions:
Worker Threads:
AM:19
Async:4
Cache Flushes:
RTP:1
System File Cache:
Hits:3515
Misses:3960
BM Queue:7,235,0
Proc:0,190,0
File:7,235,0
Plugin Queue:0,1,0
Threat:0,1,0
Susp:0,0,0
Unknown:0,0,0
Error:0,0,0
Request Queue:1,3,0
SetEngine:1,1,0
SetState:0,1,0
SetUser:0,0,0
Config:0,1,0
ProcExcl:0,1,0
FilterReload:0,0,0
FilterUnload:0,0,0
MpFilter:
Scans:10410
Pending:0
RegSize:60206
AsyncQNotif:0
AsyncQMissed:0
AsyncQTotalSent:1013398
AsyncQCurrent:0
BMFlags:15
ServiceMaj:0
ServiceMin:0
ProcBitmap:0
NumInstance:6
TotalStreamCon:3654
TotalBitmap:101840
NTFS Cache Statistics:
TotalMisses:11288
TotalHits:121393
InstanceCacheHits:78
CSVFS Cache Statistics (Type:GenericTable, Policy:WriteBack):
TotalMisses:0
TotalHits:0
InstanceCacheInserts:0
InstanceCacheUpdates:0
InstanceCacheDeletes:0
InstanceCacheHits:0
InstanceCacheMisses:0
InstanceCacheOverflows:0
REFS Cache Statistics (Type:GenericTable, Policy:WriteBack):
TotalMisses:0
TotalHits:0
InstanceCacheInserts:0
InstanceCacheUpdates:0
InstanceCacheDeletes:0
InstanceCacheHits:0
InstanceCacheMisses:0
InstanceCacheOverflows:0
**************************END RTP Perf Log*************************
Signature updated on 11-04-2014 19:03:46
Product Version: 4.6.305.0
Service Version: 4.6.305.0
Engine Version: 1.1.11104.0
AS Signature Version: 1.187.1292.0
AV Signature Version: 1.187.1292.0
************************************************************
2014-11-04T18:03:46.239Z Process scan (postsignatureupdatescan) started.
Signature updated via MicrosoftUpdateServer on 11-04-2014 19:03:46
************************************************************
2014-11-04T18:03:48.220Z IWscAVStatus::UpdateStatus() succceeded writing instance with state (1) and up-to-date state(1)
2014-11-04T18:03:48.220Z IWscASStatus::UpdateStatus() succceeded writing instance with state (1) and up-to-date state(1)
Internal signature match:subtype=Lowfi, sigseq=0x00000555BBDDC943, signame=#ExplFN.P
Internal signature match:subtype=Lowfi, sigseq=0x00000555BBDDC943, signame=#ExplFN.P
DSS Timeout:Received results after timeout
2014-11-04T18:03:56.685Z Process scan (postsignatureupdatescan) completed.
Internal signature match:subtype=Lowfi, sigseq=0x00000555BBDDC943, signame=#ExplFN.P
Internal signature match:subtype=Lowfi, sigseq=0x00000555BBDDC943, signame=#ExplFN.P
Internal signature match:subtype=Lowfi, sigseq=0x00000555BBDDC943, signame=#ExplFN.P
Internal signature match:subtype=Lowfi, sigseq=0x00000555BBDDC943, signame=#ExplFN.P
Internal signature match:subtype=Lowfi, sigseq=0x00000555BBDDC943, signame=#ExplFN.P
Internal signature match:subtype=Lowfi, sigseq=0x00000555BBDDC943, signame=#ExplFN.P
DSS Timeout:Received results after timeout
Begin Resource Scan
Scan ID:{00A128CF-EA28-41BC-92AF-00F6E1D788AD}
Scan Source:7
Start Time:11-04-2014 19:03:56
End Time:11-04-2014 19:04:03
Explicit resource to scan
Resource Schema:process
Resource Path:pid:2812,ProcessStart:130595972720472967
Explicit resource to scan
Resource Schema:process
Resource Path:pid:2888,ProcessStart:130595972717172963
Explicit resource to scan
Resource Schema:queryfilertsig
Resource Path:C:\ProgramData\7093A903.cpp
Result Count:1
Unknown File
Identifier:347110553111494654
Number of Resources:3
Resource Schema:process
Resource Path:pid:2812,ProcessStart:130595972720472967
Extended Info:0
Resource Schema:process
Resource Path:pid:2888,ProcessStart:130595972717172963
Extended Info:0
Resource Schema:queryfilertsig
Resource Path:C:\ProgramData\7093A903.cpp
Extended Info:5865782233411
End Scan
************************************************************
DSS Timeout:Received results after timeout
Internal signature match:subtype=Lowfi, sigseq=0x00000555BBDDC943, signame=#ExplFN.P
Internal signature match:subtype=Lowfi, sigseq=0x00000555BBDDC943, signame=#ExplFN.P
Internal signature match:subtype=Lowfi, sigseq=0x00000555BBDDC943, signame=#ExplFN.P
Internal signature match:subtype=Lowfi, sigseq=0x00000555BBDDC943, signame=#ExplFN.P
Internal signature match:subtype=Lowfi, sigseq=0x0000055565173AD3, signame=#VirTool:Win32/Obfuscator.ADB
Internal signature match:subtype=Lowfi, sigseq=0x0000055596322E13, signame=#Lowfi:HSTR:VirTool:Win64/Obfuscator.ADB_Reveton_str
Internal signature match:subtype=Lowfi, sigseq=0x00000555BBDDC943, signame=#ExplFN.P
Internal signature match:subtype=Lowfi, sigseq=0x00000555BBDDC943, signame=#ExplFN.P
DSS Timeout:Received results after timeout
Internal signature match:subtype=Lowfi, sigseq=0x00000555726F90B3, signame=#LowFiContextRundllAppdata
Internal signature match:subtype=Persist, sigseq=0x00000555A6D4A051, signame=#PERSIST_ContextRundllAppdata
Internal signature match:subtype=Lowfi, sigseq=0x0000055596322E13, signame=#Lowfi:HSTR:VirTool:Win64/Obfuscator.ADB_Reveton_str
Internal signature match:subtype=Lowfi, sigseq=0x00000555BBDDC943, signame=#ExplFN.P
Internal signature match:subtype=Lowfi, sigseq=0x00000555726F90B3, signame=#LowFiContextRundllAppdata
Internal signature match:subtype=Persist, sigseq=0x00000555A6D4A051, signame=#PERSIST_ContextRundllAppdata
Internal signature match:subtype=Lowfi, sigseq=0x0000055596322E13, signame=#Lowfi:HSTR:VirTool:Win64/Obfuscator.ADB_Reveton_str
Internal signature match:subtype=Lowfi, sigseq=0x00000555726F90B3, signame=#LowFiContextRundllAppdata
Internal signature match:subtype=Persist, sigseq=0x00000555A6D4A051, signame=#PERSIST_ContextRundllAppdata
Internal signature match:subtype=Lowfi, sigseq=0x0000055596322E13, signame=#Lowfi:HSTR:VirTool:Win64/Obfuscator.ADB_Reveton_str
Internal signature match:subtype=Lowfi, sigseq=0x00000555726F90B3, signame=#LowFiContextRundllAppdata
Internal signature match:subtype=Persist, sigseq=0x00000555A6D4A051, signame=#PERSIST_ContextRundllAppdata
Internal signature match:subtype=Lowfi, sigseq=0x0000055596322E13, signame=#Lowfi:HSTR:VirTool:Win64/Obfuscator.ADB_Reveton_str
DSS Timeout:Received results after timeout
Begin Resource Scan
Scan ID:{099A2150-2F11-49A0-AC5E-991D8FD725F6}
Scan Source:7
Start Time:11-04-2014 20:49:03
End Time:11-04-2014 20:49:18
Explicit resource to scan
Resource Schema:file
Resource Path:C:\Users\Cak\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\program.lnk
Explicit resource to scan
Resource Schema:process
Resource Path:pid:2812,ProcessStart:130595972720472967
Explicit resource to scan
Resource Schema:process
Resource Path:pid:2888,ProcessStart:130595972717172963
Explicit resource to scan
Resource Schema:queryfilertsig
Resource Path:C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\overlay.dll
Explicit resource to scan
Resource Schema:queryfilertsig
Resource Path:C:\ProgramData\309A3907.dot
Explicit resource to scan
Resource Schema:queryfilertsig
Resource Path:C:\ProgramData\7093A903.cpp
Explicit resource to scan
Resource Schema:startup
Resource Path:C:\Users\Cak\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\program.lnk
Result Count:2
Unknown File
Identifier:8440141038399520766
Number of Resources:4
Resource Schema:process
Resource Path:pid:2888,ProcessStart:130595972717172963
Extended Info:0
Resource Schema:file
Resource Path:C:\Users\Cak\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\program.lnk
Extended Info:0
Resource Schema:file
Resource Path:C:\ProgramData\7093A903.cpp
Extended Info:0
Resource Schema:startup
Resource Path:C:\Users\Cak\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\program.lnk
Extended Info:0
Unknown File
Identifier:5109740018881003518
Number of Resources:1
Resource Schema:queryfilertsig
Resource Path:C:\ProgramData\309A3907.dot
Extended Info:5864550273203
End Scan
************************************************************
DSS Timeout:Received results after timeout
2014-11-05T02:28:24.260Z Task(SignaturesUpdateService -ScheduleJob -UnmanagedUpdate) launched
2014-11-05T02:29:19.781Z Verifying engine and signature files (source: 0) ...
2014-11-05T02:29:19.921Z verified!
2014-11-05T02:29:33.930Z Initializing SQM in engine...
2014-11-05T02:29:33.930Z SQM initialized in the engine successfully
2014-11-05T02:29:34.024Z Initializing RTP plugin state...
2014-11-05T02:29:34.024Z initialized!
****************************RTP Perf Log***************************
RTP Start:11-04-2014 19:03:46
Last Perf:11-04-2014 19:03:46
First RTP Scan:11-04-2014 19:03:46
Plugin States: AV:1 AS:1 RTP:1 OA:1 BM:1
Process Exclusions:
Path Exclusions:
Ext Exclusions:
Worker Threads:
AM:19
Async:4
Cache Flushes:
RTP:1
System File Cache:
Hits:2873
Misses:4135
BM Queue:0,214,0
Proc:0,30,0
File:0,214,0
Plugin Queue:0,0,0
Threat:0,0,0
Susp:0,0,0
Unknown:0,0,0
Error:0,0,0
Request Queue:1,2,0
SetEngine:1,1,0
SetState:0,1,0
SetUser:0,0,0
Config:0,1,0
ProcExcl:0,1,0
FilterReload:0,0,0
FilterUnload:0,0,0
MpFilter:
Scans:28105
Pending:0
RegSize:60206
AsyncQNotif:0
AsyncQMissed:0
AsyncQTotalSent:7322350
AsyncQCurrent:0
BMFlags:15
ServiceMaj:0
ServiceMin:0
ProcBitmap:0
NumInstance:6
TotalStreamCon:7807
TotalBitmap:101840
NTFS Cache Statistics:
TotalMisses:18622
TotalHits:230748
InstanceCacheHits:156
CSVFS Cache Statistics (Type:GenericTable, Policy:WriteBack):
TotalMisses:0
TotalHits:0
InstanceCacheInserts:0
InstanceCacheUpdates:0
InstanceCacheDeletes:0
InstanceCacheHits:0
InstanceCacheMisses:0
InstanceCacheOverflows:0
REFS Cache Statistics (Type:GenericTable, Policy:WriteBack):
TotalMisses:0
TotalHits:0
InstanceCacheInserts:0
InstanceCacheUpdates:0
InstanceCacheDeletes:0
InstanceCacheHits:0
InstanceCacheMisses:0
InstanceCacheOverflows:0
**************************END RTP Perf Log*************************
Signature updated on 11-05-2014 03:29:34
Product Version: 4.6.305.0
Service Version: 4.6.305.0
Engine Version: 1.1.11104.0
AS Signature Version: 1.187.1329.0
AV Signature Version: 1.187.1329.0
************************************************************
2014-11-05T02:29:34.070Z Process scan (postsignatureupdatescan) started.
Signature updated via MicrosoftUpdateServer on 11-05-2014 03:29:34
************************************************************
2014-11-05T02:29:36.052Z IWscAVStatus::UpdateStatus() succceeded writing instance with state (1) and up-to-date state(1)
2014-11-05T02:29:36.067Z IWscASStatus::UpdateStatus() succceeded writing instance with state (1) and up-to-date state(1)
Internal signature match:subtype=Lowfi, sigseq=0x00000555BBDDC943, signame=#ExplFN.P
Internal signature match:subtype=Lowfi, sigseq=0x00000555BBDDC943, signame=#ExplFN.P
2014-11-05T02:29:38.080Z IWscAVStatus::UpdateStatus() succceeded writing instance with state (1) and up-to-date state(1)
2014-11-05T02:29:38.080Z IWscASStatus::UpdateStatus() succceeded writing instance with state (1) and up-to-date state(1)
2014-11-05T02:29:39.421Z Process scan (postsignatureupdatescan) completed.
Internal signature match:subtype=Lowfi, sigseq=0x0000055565173AD3, signame=#VirTool:Win32/Obfuscator.ADB
Internal signature match:subtype=Lowfi, sigseq=0x0000055596322E13, signame=#Lowfi:HSTR:VirTool:Win64/Obfuscator.ADB_Reveton_str
Internal signature match:subtype=Lowfi, sigseq=0x00000555BBDDC943, signame=#ExplFN.P
|
| Themen zu Trojanerfund durch MSE - Trojan:Win32/Peaac.gen!A!plock |
| administrator, anti-malware, antimalware, appdata, autostart, generic, löschen, malwarebytes, microsoft, neustart, roaming, security, speicher, spyware.zbot.ed, trojan.fakems.ed, trojan:win32/peaac.gen!a!plock, win32/kryptik.cozm, win32/kryptik.cpaq, win64/kryptik.gk |
Baum-Darstellung