| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Fund von Kaspersky lässt sich nicht beheben MEM:Trojan-Spy.Win32.Agent.genWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
21.02.2018, 20:45
| #11 |
 |  Fund von Kaspersky lässt sich nicht beheben MEM:Trojan-Spy.Win32.Agent.gen Guten Abend Matthias, ich könnte versuchen Kaspersky Internet Security zu deinstallieren, und die Registrierungseinträge zu löschen. Meine Lizenz läuft in 16 Tagen ab, daher sichere ich die Lizenz. Die Logfile steht unten  Hast du generell nichts verdächtiges entdeckt? Vielen Dank für deine Hilfe. Code:
ATTFilter HitmanPro 3.8.0.292
www.hitmanpro.com
Computer name . . . . : WALDI-PC
Windows . . . . . . . : 10.0.0.16299.X64/4
User name . . . . . . : WALDI-PC\Waldemar
UAC . . . . . . . . . : Enabled
License . . . . . . . : Free
Scan date . . . . . . : 2018-02-21 20:34:54
Scan mode . . . . . . : Normal
Scan duration . . . . : 1m 34s
Disk access mode . . : Direct disk access (SRB)
Cloud . . . . . . . . : Internet
Reboot . . . . . . . : No
Threats . . . . . . . : 0
Traces . . . . . . . : 11
Objects scanned . . . : 1.814.594
Files scanned . . . . : 42.721
Remnants scanned . . : 465.507 files / 1.306.366 keys
Suspicious files ____________________________________________________________
C:\Users\Waldemar\AppData\Local\PunkBuster\BC2\pb\pbcl.dll
Size . . . . . . . : 953.145 bytes
Age . . . . . . . : 648.9 days (2016-05-13 23:44:05)
Entropy . . . . . : 7.6
SHA-256 . . . . . : E1C07F31EC35315E00F8AB0BE5C4F80DD9AAEBEE7E760BBF9AFCC02D35BEBF2F
Fuzzy . . . . . . : 29.0
The .reloc (relocation) section in this program contains code. This is an indication of malware infection.
Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
Authors name is missing in version info. This is not common to most programs.
Version control is missing. This file is probably created by an individual. This is not typical for most programs.
Program contains PE structure anomalies. This is not typical for most programs.
C:\Users\Waldemar\AppData\Local\PunkBuster\BFP4F\pb\pbcl.dll
Size . . . . . . . : 954.496 bytes
Age . . . . . . . : 962.0 days (2015-07-05 21:31:30)
Entropy . . . . . : 7.6
SHA-256 . . . . . : EEBDAC091729B0B80A21E14B2CE0392E4584205BA06F5ED1B846C51D034A2177
Fuzzy . . . . . . : 29.0
The .reloc (relocation) section in this program contains code. This is an indication of malware infection.
Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
Authors name is missing in version info. This is not common to most programs.
Version control is missing. This file is probably created by an individual. This is not typical for most programs.
Program contains PE structure anomalies. This is not typical for most programs.
C:\Users\Waldemar\AppData\Local\PunkBuster\BFP4F\pb\pbclold.dll
Size . . . . . . . : 915.149 bytes
Age . . . . . . . : 962.0 days (2015-07-05 21:30:44)
Entropy . . . . . : 7.6
SHA-256 . . . . . : E189EF452F559BFAC0C0A91EFADC78EAA569B915985A213F99666BE56FC86165
Fuzzy . . . . . . : 29.0
The .reloc (relocation) section in this program contains code. This is an indication of malware infection.
Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
Authors name is missing in version info. This is not common to most programs.
Version control is missing. This file is probably created by an individual. This is not typical for most programs.
Program contains PE structure anomalies. This is not typical for most programs.
C:\Users\Waldemar\Desktop\FRST-OlderVersion\FRST64.exe
Size . . . . . . . : 2.403.328 bytes
Age . . . . . . . : 1.2 days (2018-02-20 16:23:49)
Entropy . . . . . : 7.6
SHA-256 . . . . . : D43211FF090948E79ECC7DBEA3E5D35C0EBC82046473F84BEADFA685D0B7F4D6
Needs elevation . : Yes
Fuzzy . . . . . . : 24.0
Program has no publisher information but prompts the user for permission elevation.
Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
Authors name is missing in version info. This is not common to most programs.
Version control is missing. This file is probably created by an individual. This is not typical for most programs.
Time indicates that the file appeared recently on this computer.
C:\Users\Waldemar\Desktop\FRST64.exe
Size . . . . . . . : 2.403.328 bytes
Age . . . . . . . : 0.2 days (2018-02-21 16:57:10)
Entropy . . . . . : 7.6
SHA-256 . . . . . : 3385CC2467736CEAE6240F2FAE3F8387EDBC272FC6681E98F2388650DAB9E113
Needs elevation . : Yes
Fuzzy . . . . . . : 24.0
Program has no publisher information but prompts the user for permission elevation.
Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
Authors name is missing in version info. This is not common to most programs.
Version control is missing. This file is probably created by an individual. This is not typical for most programs.
Time indicates that the file appeared recently on this computer.
Forensic Cluster
0.0s C:\Users\Waldemar\Desktop\FRST64.exe
0.8s C:\Users\Waldemar\Desktop\FRST-OlderVersion\
D:\Downloads\Electrum\electrum-3.0.6.exe
Size . . . . . . . : 3.426.640 bytes
Age . . . . . . . : 5.1 days (2018-02-16 17:18:09)
Entropy . . . . . : 8.0
SHA-256 . . . . . : B66A4E76B6E636E66FEDFF648888B51FDFC1523C59117D0730FC63A8C578940A
Desktop . . . . . : Default
Parent Name . . . : C:\WINDOWS\explorer.exe
Running processes : 4996
Fuzzy . . . . . . : 22.0
Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
Program contains PE structure anomalies. This is not typical for most programs.
This program is actively listening for inbound network connections.
Authors name is missing in version info. This is not common to most programs.
Version control is missing. This file is probably created by an individual. This is not typical for most programs.
Time indicates that the file appeared recently on this computer.
The file is in use by one or more active processes.
Program has a human-computer interface (GUI). This is typical for most programs.
References
C:\Users\Waldemar\Desktop\Electrum.lnk
Network Ports
127.0.0.1:51379
|
| Themen zu Fund von Kaspersky lässt sich nicht beheben MEM:Trojan-Spy.Win32.Agent.gen |
| aufsetzen, code, datei, explorer, fund, google, internet, kaspersky, lib, mbam, meldung, microsoft, online, programme, quarantäne, router, scan, scanner, security, svchost.exe, system, system32, trojaner, trojaner board, windows |
Baum-Darstellung