Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML.
HitmanPro 3.7.9.238
www.hitmanpro.com
Computer name . . . . : NECRO
Windows . . . . . . . : 6.3.0.9600.X64/8
User name . . . . . . : Necro\MC-Necro
UAC . . . . . . . . . : Enabled
License . . . . . . . : Trial (30 days left)
Scan date . . . . . . : 2015-03-16 17:43:47
Scan mode . . . . . . : Normal
Scan duration . . . . : 39s
Disk access mode . . : Direct disk access (SRB)
Cloud . . . . . . . . : Internet
Reboot . . . . . . . : Yes
Threats . . . . . . . : 1
Traces . . . . . . . : 11
Objects scanned . . . : 1.498.721
Files scanned . . . . : 24.626
Remnants scanned . . : 356.056 files / 1.118.039 keys
Suspicious files ____________________________________________________________
C:\Users\MC-Necro\AppData\Local\PunkBuster\BF4\pb\PnkBstrK.sys
Size . . . . . . . : 139.688 bytes
Age . . . . . . . : 65.8 days (2015-01-09 22:21:23)
Entropy . . . . . : 7.7
SHA-256 . . . . . : 56603E771ED3AF871845B96684B7983EDF3FBDFEBAE81DC7E4CA567E3492159A
RSA Key Size . . . : 2048
Authenticode . . . : Valid
Fuzzy . . . . . . : 22.0
The .reloc (relocation) section in this program contains code. This is an indication of malware infection.
Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
Authors name is missing in version info. This is not common to most programs.
Version control is missing. This file is probably created by an individual. This is not typical for most programs.
Program contains PE structure anomalies. This is not typical for most programs.
The file is a device driver. Device drivers run as trusted (highly privileged) code.
Program is code signed with a valid Authenticode certificate.
C:\Users\MC-Necro\AppData\Local\PunkBuster\BFH\pb\PnkBstrK.sys
Size . . . . . . . : 140.128 bytes
Age . . . . . . . : 37.9 days (2015-02-06 18:54:13)
Entropy . . . . . : 7.7
SHA-256 . . . . . : 2F2D9F995E89C133A53D941304EEE1D1B327F1438FA2B9CA31C019B03A297FF6
RSA Key Size . . . : 2048
Authenticode . . . : Valid
Fuzzy . . . . . . : 22.0
The .reloc (relocation) section in this program contains code. This is an indication of malware infection.
Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
Authors name is missing in version info. This is not common to most programs.
Version control is missing. This file is probably created by an individual. This is not typical for most programs.
Program contains PE structure anomalies. This is not typical for most programs.
The file is a device driver. Device drivers run as trusted (highly privileged) code.
Program is code signed with a valid Authenticode certificate.
Potential Unwanted Programs _________________________________________________
HKLM\SOFTWARE\Classes\AppID\secman.DLL\ (Babylon) -> Deleted
HKLM\SOFTWARE\Classes\secman.OutlookSecurityManager.1\ (Babylon) -> Deleted
HKLM\SOFTWARE\Classes\secman.OutlookSecurityManager\ (Babylon) -> Deleted
HKLM\SOFTWARE\Classes\Wow6432Node\AppID\secman.DLL\ (Babylon) -> PendingDelete
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Ext\Stats\{5645E0E7-FC12-43BF-A6E4-F9751942B298}\ (DomalQ) -> Deleted
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Ext\Stats\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}\ (DomalQ) -> Deleted
HKU\.DEFAULT\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}\ (FLV Player) -> Deleted
HKU\S-1-5-18\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}\ (FLV Player) -> PendingDelete
Code:
ATTFilter
Results of screen317's Security Check version 0.99.97
x64 (UAC is enabled)
Internet Explorer 11
``````````````Antivirus/Firewall Check:``````````````
ESET Smart Security 8.0
Windows Defender
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
VirusTotal Uploader 2.2
AVG PC TuneUp 2015
AVG PC TuneUp 2015 (de-DE)
AVG PC TuneUp 2015
Java 8 Update 40
Java version 32-bit out of Date! Java 64-bit 8 Update 31
Adobe Reader XI
Google Chrome (41.0.2272.89)
````````Process Check: objlist.exe by Laurent````````
ESET NOD32 Antivirus egui.exe
ESET NOD32 Antivirus ekrn.exe
Malwarebytes Anti-Malware mbamservice.exe
Malwarebytes Anti-Malware mbam.exe
Malwarebytes Anti-Malware mbamscheduler.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: %
````````````````````End of Log``````````````````````
16.03.2015, 17:52
Baum-Darstellung