mail.ru eingefangen, deinstalliert und trotzdem popups

finnpower · 03.03.2017, 08:35

jup, bin dabei aber eset scanner läuft und läuft und läuft und läuft und läuft und läuft und läuft und läuft und läuft und läuft.....

ich glaube dadurch dass ich ESET als Virenscanner schon habe, hat sich das ganze nicht so verhalten wie in eurer bebilderten Anleitung...

Code:

ATTFilter

ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=4b3b1b2b6730a344a76008d85ce23981
# engine=17964
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2014-04-21 01:00:04
# local_time=2014-04-21 03:00:04 (+0100, Mitteleuropäische Sommerzeit)
# country="Austria"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=5893 16776573 100 94 95447781 149671854 0 0
# scanned=118082
# found=2
# cleaned=0
# scan_time=2754
# nod_component=V3 Build:0x30000000
sh=CB34AB6A565EA8A4B8A96443EBCEEFE71B018BAC ft=1 fh=439dcd60b0803b8c vn="Win32/Wigon.PH trojan" ac=I fn="C:\Users\I.M\AppData\Local\Temp\Low\bnd.dll"
sh=4893EF2F6A57484B70980DDF1AFCD339E67A3BDA ft=1 fh=dae093478d6c1f4e vn="a variant of Win32/Injector.AZOJ trojan" ac=I fn="C:\Users\I.M\AppData\Local\Temp\Low\yupyr.dll"
ESETSmartInstaller@High as downloader log:
all ok
ESETSmartInstaller@High as downloader log:
all ok
ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=4b3b1b2b6730a344a76008d85ce23981
# end=init
# utc_time=2017-03-02 08:09:47
# local_time=2017-03-02 09:09:47 (+0100, Mitteleuropäische Zeit)
# country="Austria"
# osver=6.1.7601 NT Service Pack 1
Update Init
Update Download
Update Finalize
Updated modules version: 32585
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=4b3b1b2b6730a344a76008d85ce23981
# end=updated
# utc_time=2017-03-02 08:12:45
# local_time=2017-03-02 09:12:45 (+0100, Mitteleuropäische Zeit)
# country="Austria"
# osver=6.1.7601 NT Service Pack 1
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7777
# api_version=3.1.1
# EOSSerial=4b3b1b2b6730a344a76008d85ce23981
# engine=32585
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2017-03-02 10:52:05
# local_time=2017-03-02 11:52:05 (+0100, Mitteleuropäische Zeit)
# country="Austria"
# lang=1031
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1=''
# compatibility_mode=5893 16776573 100 94 58569 240124975 0 0
# compatibility_mode_1='ESET NOD32 Antivirus 9.0'
# compatibility_mode=8233 16777213 100 100 820978 13878734 0 0
# scanned=442406
# found=2
# cleaned=2
# scan_time=9559
sh=9490571985CD7088384862817FFB38D04B6F1803 ft=1 fh=cef8f00630ac64bb vn="Variante von Win32/MailRu.G eventuell unerwÃ¼nschte Anwendung (GesÃ¤ubert durch LÃ¶schen)" ac=C fn="C:\AdwCleaner\quarantine\files\sfxoeeniphsaenndzppsriflrcphrvvu\MailRuUpdater\MailRuUpdater.exe"
sh=0C2DA3CBAB74CAE7F0875138A5992017791D0FF7 ft=1 fh=6b3d14a4ea7f2129 vn="Win32/SmartFileAdvisor.B eventuell unerwÃ¼nschte Anwendung (GesÃ¤ubert durch LÃ¶schen)" ac=C fn="C:\Users\I.M\Downloads\UL994\UL994\Alcohol 120 Percent v.2.0.3.8314 Multi\Alcohol120_retail_2.0.3.8314.exe"

[CODE]

Code:

ATTFilter

HitmanPro 3.7.15.281
www.hitmanpro.com

   Computer name . . . . : IM-PC
   Windows . . . . . . . : 6.1.1.7601.X64/4
   User name . . . . . . : IM-PC\I.M
   UAC . . . . . . . . . : Enabled
   License . . . . . . . : Free

   Scan date . . . . . . : 2017-03-03 08:39:48
   Scan mode . . . . . . : Normal
   Scan duration . . . . : 6m 49s
   Disk access mode  . . : Direct disk access (SRB)
   Cloud . . . . . . . . : Internet
   Reboot  . . . . . . . : No

   Threats . . . . . . . : 3
   Traces  . . . . . . . : 15

   Objects scanned . . . : 2.604.415
   Files scanned . . . . : 109.465
   Remnants scanned  . . : 824.775 files / 1.670.175 keys

Miniport ____________________________________________________________________

   Primary
      DriverObject . . . : FFFFFA800D5A3C60
      DriverName . . . . : \Driver\atapi
      DriverPath . . . . : \SystemRoot\system32\drivers\atapi.sys
      StartIo  . . . . . : 0000000000000000 +0
      IRP_MJ_SCSI  . . . : FFFFFA800CA472C0 +0
   Solution
      DriverObject . . . : FFFFFA800D5A3C60
      DriverName . . . . : \Driver\atapi
      DriverPath . . . . : \SystemRoot\system32\drivers\atapi.sys
      StartIo  . . . . . : 0000000000000000 +0
      IRP_MJ_SCSI  . . . : FFFFF88000F8D4D8 \SystemRoot\system32\drivers\ataport.SYS+29912

Malware _____________________________________________________________________

   C:\Users\I.M\Downloads\Plague Inc Evolved RIP-Unleashed\Plague.Inc.Evolved.RIP-Unleashed\unl-pie1\steam_api.dll
      Size . . . . . . . : 201.216 bytes
      Age  . . . . . . . : 309.8 days (2016-04-27 14:34:39)
      Entropy  . . . . . : 7.6
      SHA-256  . . . . . : 1C8CC087850EF820D35C5E7BA05C6A11FD6CC20A6F0F171BFEADA02CC9A7A3F6
      Product  . . . . . : Steam Client API
      Publisher  . . . . : Valve Corporation
      Description  . . . : Steam Client API
      Version  . . . . . : 02.89.45.04
      Copyright  . . . . : Copyright (C) 2007
      LanguageID . . . . : 1033
    > HitmanPro  . . . . : Mal/VMProtBad-A
      Fuzzy  . . . . . . : 108.0

   C:\Users\I.M\Downloads\revo\med\revo.uninstaller.pro.3.x.(x86)-patch.exe
      Size . . . . . . . : 77.312 bytes
      Age  . . . . . . . : 1023.6 days (2014-05-14 18:09:57)
      Entropy  . . . . . : 7.6
      SHA-256  . . . . . : 8A57C984FA08E8FD313FFDA01EBBF05B8F60F1C582DF7337FE521D0AF4BED1E6
    > Bitdefender  . . . : Application.Patch.FQ
    > HitmanPro  . . . . : Troj/Agent-WFN
      Fuzzy  . . . . . . : 114.0

   C:\Users\I.M\Downloads\UL994\UL994\Alcohol 120 Percent v.2.0.3.8314 Multi\crack\MSIMG32.dll
      Size . . . . . . . : 1.936 bytes
      Age  . . . . . . . : 165.6 days (2016-09-18 18:01:19)
      Entropy  . . . . . : 5.4
      SHA-256  . . . . . : 03C2408155C2F390DA5A827B496E8ADA3A06EE4825E324F9D77735ECE5B15DD7
    > Bitdefender  . . . : Trojan.Generic.10034832
      Fuzzy  . . . . . . : 106.0


Suspicious files ____________________________________________________________

   C:\Users\I.M\Desktop\FRST-OlderVersion\FRST64.exe
      Size . . . . . . . : 2.423.296 bytes
      Age  . . . . . . . : 2.0 days (2017-03-01 08:59:57)
      Entropy  . . . . . : 7.6
      SHA-256  . . . . . : D2CC085A5DA43447DB2389E0A9DBB2E70DBBEC9B32D29DA4CD99E21636696D69
      Needs elevation  . : Yes
      Fuzzy  . . . . . . : 24.0
         Program has no publisher information but prompts the user for permission elevation.
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
         Authors name is missing in version info. This is not common to most programs.
         Version control is missing. This file is probably created by an individual. This is not typical for most programs.
         Time indicates that the file appeared recently on this computer.
      Forensic Cluster
         -9.9s C:\Users\I.M\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\CB169E2D9AF1B7E143043659AFC0E093_60380E970678B9AFAA02ABE3D1E43277
         -9.9s C:\Users\I.M\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CB169E2D9AF1B7E143043659AFC0E093_60380E970678B9AFAA02ABE3D1E43277
         -9.6s C:\Users\I.M\AppData\Local\Google\Chrome\User Data\CertificateTransparency\312\manifest.json
         -9.5s C:\Users\I.M\AppData\Local\Google\Chrome\User Data\CertificateTransparency\312\
         -9.5s C:\Users\I.M\AppData\Local\Google\Chrome\User Data\CertificateTransparency\312\_platform_specific\
         -9.5s C:\Users\I.M\AppData\Local\Google\Chrome\User Data\CertificateTransparency\312\_platform_specific\all\
         -9.5s C:\Users\I.M\AppData\Local\Google\Chrome\User Data\CertificateTransparency\312\_platform_specific\all\sths\
         -9.5s C:\Users\I.M\AppData\Local\Google\Chrome\User Data\CertificateTransparency\312\_platform_specific\all\sths\ddeb1d2b7a0d4fa6208b81ad8168707e2e8e9d01d55c888d3d11c4cdb6ecbecc.sth
         -9.4s C:\Users\I.M\AppData\Local\Google\Chrome\User Data\CertificateTransparency\312\_platform_specific\all\sths\ee4bbdb775ce60bae142691fabe19e66a30f7e5fb072d88300c47b897aa8fdcb.sth
         -9.4s C:\Users\I.M\AppData\Local\Google\Chrome\User Data\CertificateTransparency\312\_platform_specific\all\sths\cdb5179b7fc1c046feea31136a3f8f002e6182faf8896fecc8b2f5b5ab604900.sth
         -9.3s C:\Users\I.M\AppData\Local\Google\Chrome\User Data\CertificateTransparency\312\_platform_specific\all\sths\bc78e1dfc5f63c684649334da10fa15f0979692009c081b4f3f6917f3ed9b8a5.sth
         -9.2s C:\Users\I.M\AppData\Local\Google\Chrome\User Data\CertificateTransparency\312\_platform_specific\all\sths\5614069a2fd7c2ecd3f5e1bd44b23ec74676b9bc99115cc0ef949855d689d0dd.sth
         -9.2s C:\Users\I.M\AppData\Local\Google\Chrome\User Data\CertificateTransparency\312\_platform_specific\all\sths\a4b90990b418581487bb13a2cc67700a3c359804f91bdfb8e377cd0ec80ddc10.sth
         -9.1s C:\Users\I.M\AppData\Local\Google\Chrome\User Data\CertificateTransparency\312\_platform_specific\all\sths\bbd9dfbc1f8a71b593942397aa927b473857950aab52e81a909664368e1ed185.sth
         -9.0s C:\Users\I.M\AppData\Local\Google\Chrome\User Data\CertificateTransparency\312\_platform_specific\all\sths\293c519654c83965baaa50fc5807d4b76fbf587a2972dca4c30cf4e54547f478.sth
         -8.9s C:\Users\I.M\AppData\Local\Google\Chrome\User Data\CertificateTransparency\312\_platform_specific\all\sths\34bb6ad6c3df9c03eea8a499ff7891486c9d5e5cac92d01f7bfd1bce19db48ef.sth
         -8.8s C:\Users\I.M\AppData\Local\Google\Chrome\User Data\CertificateTransparency\312\_platform_specific\all\sths\a577ac9ced7548dd8f025b67a241089df86e0f476ec203c2ecbedb185f282638.sth
         -8.8s C:\Users\I.M\AppData\Local\Google\Chrome\User Data\CertificateTransparency\312\_platform_specific\all\sths\41b2dc2e89e63ce4af1ba7bb29bf68c6dee6f9f1cc047e30dffae3b3ba259263.sth
         -8.6s C:\Users\I.M\AppData\Local\Google\Chrome\User Data\CertificateTransparency\312\_platform_specific\all\sths\ac3b9aed7fa9674757159e6d7d575672f9d98100941e9bdeffeca1313b75782d.sth
         -8.6s C:\Users\I.M\AppData\Local\Google\Chrome\User Data\CertificateTransparency\312\_platform_specific\all\sths\7461b4a09cfb3d41d75159575b2e7649a445a8d27709b0cc564a6482b7eb41a3.sth
         -8.6s C:\Users\I.M\AppData\Local\Google\Chrome\User Data\CertificateTransparency\312\_platform_specific\all\sths\68f698f81f6482be3a8ceeb9281d4cfc71515d6793d444d10a67acbb4f4ffbc4.sth
         -8.6s C:\Users\I.M\AppData\Local\Google\Chrome\User Data\CertificateTransparency\312\manifest.fingerprint
          0.0s C:\Users\I.M\Desktop\FRST-OlderVersion\FRST64.exe
          0.8s C:\Users\I.M\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F6D2120A74D8E120A79AE4737511E774_4523BD7BE9A69F720062F3DA091D56D6
          0.8s C:\Users\I.M\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F6D2120A74D8E120A79AE4737511E774_4523BD7BE9A69F720062F3DA091D56D6

   C:\Users\I.M\Desktop\FRST64.exe
      Size . . . . . . . : 2.423.808 bytes
      Age  . . . . . . . : 1.4 days (2017-03-01 22:27:48)
      Entropy  . . . . . : 7.6
      SHA-256  . . . . . : 60B968082A72AB85CF54E6FF5EE03588CD1F6CA566CC7CCDE96AA4F6080083CF
      Needs elevation  . : Yes
      Fuzzy  . . . . . . : 24.0
         Program has no publisher information but prompts the user for permission elevation.
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
         Authors name is missing in version info. This is not common to most programs.
         Version control is missing. This file is probably created by an individual. This is not typical for most programs.
         Time indicates that the file appeared recently on this computer.
      Forensic Cluster
          0.0s C:\Users\I.M\Desktop\FRST64.exe
          1.3s C:\Users\I.M\Desktop\FRST-OlderVersion\
          4.5s C:\Windows\Prefetch\AUDIODG.EXE-BDFD3029.pf
          6.2s C:\Windows\Prefetch\FRST64.EXE-B8BEACE8.pf


Potential Unwanted Programs _________________________________________________

   C:\Users\I.M\AppData\LocalLow\Adobe\Acrobat\HELP_DECRYPT.PNG (RansomNote)
   C:\Users\I.M\AppData\LocalLow\Adobe\Acrobat\HELP_DECRYPT.URL (RansomNote)
   C:\Users\I.M\AppData\LocalLow\Adobe\HELP_DECRYPT.PNG (RansomNote)
   C:\Users\I.M\AppData\LocalLow\Adobe\HELP_DECRYPT.URL (RansomNote)
   C:\Users\I.M\AppData\LocalLow\HELP_DECRYPT.PNG (RansomNote)
   C:\Users\I.M\AppData\LocalLow\HELP_DECRYPT.URL (RansomNote)
   C:\Users\I.M\AppData\LocalLow\Sun\HELP_DECRYPT.PNG (RansomNote)
   C:\Users\I.M\AppData\LocalLow\Sun\HELP_DECRYPT.URL (RansomNote)
   C:\Users\I.M\AppData\LocalLow\Sun\Java\HELP_DECRYPT.PNG (RansomNote)
   C:\Users\I.M\AppData\LocalLow\Sun\Java\HELP_DECRYPT.URL (RansomNote)

mail.ru eingefangen, deinstalliert und trotzdem popups

Plagegeister aller Art und deren Bekämpfung: mail.ru eingefangen, deinstalliert und trotzdem popups

mail.ru eingefangen, deinstalliert und trotzdem popups

Ähnliche Themen: mail.ru eingefangen, deinstalliert und trotzdem popups