| deeprybka | 31.05.2015 17:44 |
|
Guten Morgen Code:
Code:
HitmanPro 3.7.9.241
www.hitmanpro.com
Computer name . . . . : JENS-PC
Windows . . . . . . . : 6.1.1.7601.X64/4
User name . . . . . . : Jens-PC\Jens
UAC . . . . . . . . . : Enabled
License . . . . . . . : Free
Scan date . . . . . . : 2015-06-01 07:43:53
Scan mode . . . . . . : Normal
Scan duration . . . . : 5m 40s
Disk access mode . . : Direct disk access (SRB)
Cloud . . . . . . . . : Internet
Reboot . . . . . . . : No
Threats . . . . . . . : 2
Traces . . . . . . . : 23
Objects scanned . . . : 1.960.308
Files scanned . . . . : 28.100
Remnants scanned . . : 267.710 files / 1.664.498 keys
Malware _____________________________________________________________________
C:\Users\Jens\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\3N1NF3YA\setup[1].exe
Size . . . . . . . : 595.248 bytes
Age . . . . . . . : 17.9 days (2015-05-14 10:23:44)
Entropy . . . . . : 8.0
SHA-256 . . . . . : 5CB731ACE159FA744B3305F9A3E8452B961D9EBAF68B0017D278AFCAD9CEBA41
Product . . . . . : Download Manager
Publisher
Description
Version . . . . . : 1.15514.115.0
RSA Key Size . . . : 2048
LanguageID . . . . : 0
Authenticode . . . : Valid
> Bitdefender . . . : Application.Bundler.Outbrowse.BI
> Kaspersky . . . . : not-a-virus:AdWare.Win32.OutBrowse.cam
Fuzzy . . . . . . : 105.0
C:\Users\Jens\AppData\Local\win32wizardSched\eDealsInstaller.exe
Size . . . . . . . : 688.595 bytes
Age . . . . . . . : 7.7 days (2015-05-24 14:31:01)
Entropy . . . . . : 8.0
SHA-256 . . . . . : 27CE03774FA54911EDD574122203057D13F50132DDC27E4479CD7ED30AE072D3
Product . . . . . : eDeals
Publisher . . . . : eDeals
Description . . . : eDeals Setup
Version
LanguageID . . . . : 0
> Bitdefender . . . : Adware.eDeals.B
Fuzzy . . . . . . : 112.0
Forensic Cluster
-0.8s C:\Users\Jens\AppData\Local\win32wizardSched\
-0.8s C:\Users\Jens\AppData\Local\win32wizardSched\QtCore4.dll
-0.6s C:\Users\Jens\AppData\Local\win32wizardSched\QtNetwork4.dll
-0.6s C:\Users\Jens\AppData\Local\win32wizardSched\msvcr100.dll
-0.6s C:\Users\Jens\AppData\Local\win32wizardSched\msvcp100.dll
-0.5s C:\Users\Jens\AppData\Local\win32wizardSched\qjson0.dll
-0.5s C:\Users\Jens\AppData\Local\win32wizardSched\contextualdirectxTask.exe
-0.5s C:\Users\Jens\AppData\Local\win32wizardSched\win32wizardSched.exe
-0.0s C:\Users\Jens\AppData\Local\win32wizardSched\SrDt.exe
0.0s C:\Users\Jens\AppData\Local\win32wizardSched\eDealsInstaller.exe
Suspicious files ____________________________________________________________
C:\Users\Jens\Desktop\Neuer Ordner\FRST-OlderVersion\FRST.exe
Size . . . . . . . : 1.146.880 bytes
Age . . . . . . . : 6.9 days (2015-05-25 10:27:08)
Entropy . . . . . : 8.0
SHA-256 . . . . . : C5C56E927257214F0EA734FA82C13A20FCE5936FF25CFD05D806A9F5C24268FD
Needs elevation . : Yes
Fuzzy . . . . . . : 24.0
Program has no publisher information but prompts the user for permission elevation.
Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
Authors name is missing in version info. This is not common to most programs.
Version control is missing. This file is probably created by an individual. This is not typical for most programs.
Time indicates that the file appeared recently on this computer.
Forensic Cluster
0.0s C:\Users\Jens\Desktop\Neuer Ordner\FRST-OlderVersion\FRST.exe
0.2s C:\Users\Jens\Desktop\Neuer Ordner\FRST-OlderVersion\FRST64.exe
C:\Users\Jens\Desktop\Neuer Ordner\FRST-OlderVersion\FRST64.exe
Size . . . . . . . : 2.108.416 bytes
Age . . . . . . . : 6.9 days (2015-05-25 10:27:08)
Entropy . . . . . : 7.5
SHA-256 . . . . . : 4784A285D2CAFDF980DD3C3B1E49FCCBADBF8E8117A70BBC89BB751474491E27
Needs elevation . : Yes
Fuzzy . . . . . . : 24.0
Program has no publisher information but prompts the user for permission elevation.
Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
Authors name is missing in version info. This is not common to most programs.
Version control is missing. This file is probably created by an individual. This is not typical for most programs.
Time indicates that the file appeared recently on this computer.
Forensic Cluster
-0.2s C:\Users\Jens\Desktop\Neuer Ordner\FRST-OlderVersion\FRST.exe
0.0s C:\Users\Jens\Desktop\Neuer Ordner\FRST-OlderVersion\FRST64.exe
C:\Users\Jens\Desktop\Neuer Ordner\FRST64.exe
Size . . . . . . . : 2.108.928 bytes
Age . . . . . . . : 4.5 days (2015-05-27 20:14:08)
Entropy . . . . . : 7.5
SHA-256 . . . . . : D095F8AD6383F2865BE4A034315B220C9EFB458A9A88305DDD96A4B588FD8E4D
Needs elevation . : Yes
Fuzzy . . . . . . : 24.0
Program has no publisher information but prompts the user for permission elevation.
Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
Authors name is missing in version info. This is not common to most programs.
Version control is missing. This file is probably created by an individual. This is not typical for most programs.
Time indicates that the file appeared recently on this computer.
References
HKU\S-1-5-21-1237588526-223779405-1965894102-1001\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache\C:\Users\Jens\Desktop\Neuer Ordner\FRST64.exe
Forensic Cluster
-0.9s C:\Users\Jens\AppData\Roaming\Microsoft\Windows\Cookies\YC3LI27Z.txt
-0.9s C:\Users\Jens\AppData\Roaming\Microsoft\Windows\Cookies\RVYF3O74.txt
0.0s C:\Users\Jens\Desktop\Neuer Ordner\FRST64.exe
3.6s C:\Users\Jens\Desktop\Neuer Ordner\FRST-OlderVersion\
C:\Windows\PEV.exe
Size . . . . . . . : 256.000 bytes
Age . . . . . . . : 3.6 days (2015-05-28 17:55:40)
Entropy . . . . . : 8.0
SHA-256 . . . . . : AE0F5CC54E4B133DF66A54572A7CE52FAFF11F8FD0CAEAB088AAD3699D6EC924
Fuzzy . . . . . . : 22.0
Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
The .rsrc (resources) section in this program is set to executable. This is an indication of malware infection.
Authors name is missing in version info. This is not common to most programs.
Version control is missing. This file is probably created by an individual. This is not typical for most programs.
Time indicates that the file appeared recently on this computer.
The file is located in a folder that contains core operating system files from Windows. This is not typical for most programs and is only common to system tools, drivers and hacking utilities.
Program contains PE structure anomalies. This is not typical for most programs.
Forensic Cluster
-7.2s C:\Qoobox\
-7.2s C:\Qoobox\Quarantine\Registry_backups\
-7.2s C:\Qoobox\Quarantine\
-3.3s C:\Qoobox\BackEnv\
-3.1s C:\Qoobox\Quarantine\catchme.log
-0.0s C:\Windows\SWXCACLS.exe
-0.0s C:\Windows\SWSC.exe
-0.0s C:\Windows\sed.exe
-0.0s C:\Windows\grep.exe
-0.0s C:\Windows\zip.exe
-0.0s C:\Windows\SWREG.exe
0.0s C:\Windows\PEV.exe
0.0s C:\Windows\NIRCMD.exe
0.0s C:\Windows\MBR.exe
Potential Unwanted Programs _________________________________________________
trovigo.com
C:\Users\Jens\AppData\Local\Google\Chrome\User Data\Default\Web Data
C:\Users\Jens\AppData\Local\Helper\chrome32.exe (eDeals)
Size . . . . . . . : 188.416 bytes
Age . . . . . . . : 17.9 days (2015-05-14 09:36:47)
Entropy . . . . . : 6.3
SHA-256 . . . . . : EE44C349A84955559EAFDC22A16D3EDE4871964FE348910FFCBB08D29FC30D28
Fuzzy . . . . . . : 7.0
Forensic Cluster
-0.0s C:\Users\Jens\AppData\Local\Helper\
0.0s C:\Users\Jens\AppData\Local\Helper\chrome32.exe
0.0s C:\Users\Jens\AppData\Local\Helper\hkx86.dll
0.0s C:\Users\Jens\AppData\Local\Helper\chrome64.exe
0.1s C:\Users\Jens\AppData\Local\Helper\hkx64.dll
0.1s C:\Users\Jens\AppData\Local\Helper\msvcr100.dll
0.1s C:\Users\Jens\AppData\Local\Helper\msvcp100.dll
2.2s C:\Windows\wauctla.exe.config
2.5s C:\Windows\SysWOW64\GroupPolicy\gpt.ini
2.5s C:\Windows\System32\GroupPolicy\Machine\
2.5s C:\Windows\System32\GroupPolicy\User\
2.5s C:\Windows\System32\GroupPolicy\Machine\Registry.pol
2.5s C:\Windows\System32\GroupPolicy\GPT.INI
7.4s C:\Windows\InstallUtil.InstallLog
7.7s C:\Windows\wauctla.InstallLog
C:\Users\Jens\AppData\Local\Helper\chrome64.exe (eDeals)
Size . . . . . . . : 243.712 bytes
Age . . . . . . . : 17.9 days (2015-05-14 09:36:47)
Entropy . . . . . : 5.9
SHA-256 . . . . . : 9666FAB3026D0EEF7F9BE7E045A8E3015F0A85B8EB6DB15C850E4EBBE6267D2C
Fuzzy . . . . . . : 7.0
Forensic Cluster
-0.0s C:\Users\Jens\AppData\Local\Helper\
-0.0s C:\Users\Jens\AppData\Local\Helper\chrome32.exe
-0.0s C:\Users\Jens\AppData\Local\Helper\hkx86.dll
0.0s C:\Users\Jens\AppData\Local\Helper\chrome64.exe
0.0s C:\Users\Jens\AppData\Local\Helper\hkx64.dll
0.0s C:\Users\Jens\AppData\Local\Helper\msvcr100.dll
0.1s C:\Users\Jens\AppData\Local\Helper\msvcp100.dll
2.2s C:\Windows\wauctla.exe.config
2.4s C:\Windows\SysWOW64\GroupPolicy\gpt.ini
2.4s C:\Windows\System32\GroupPolicy\Machine\
2.4s C:\Windows\System32\GroupPolicy\User\
2.5s C:\Windows\System32\GroupPolicy\Machine\Registry.pol
2.5s C:\Windows\System32\GroupPolicy\GPT.INI
7.4s C:\Windows\InstallUtil.InstallLog
7.6s C:\Windows\wauctla.InstallLog
C:\Users\Jens\AppData\Local\Helper\hkx64.dll (eDeals)
Size . . . . . . . : 47.616 bytes
Age . . . . . . . : 17.9 days (2015-05-14 09:36:47)
Entropy . . . . . : 5.7
SHA-256 . . . . . : 45AC307DA1EDD2F6D4808531C0F7F68E2BB7E1DA7D341589FEBDE5920E0FBDAD
Fuzzy . . . . . . : 7.0
Forensic Cluster
-0.1s C:\Users\Jens\AppData\Local\Helper\
-0.1s C:\Users\Jens\AppData\Local\Helper\chrome32.exe
-0.0s C:\Users\Jens\AppData\Local\Helper\hkx86.dll
-0.0s C:\Users\Jens\AppData\Local\Helper\chrome64.exe
0.0s C:\Users\Jens\AppData\Local\Helper\hkx64.dll
0.0s C:\Users\Jens\AppData\Local\Helper\msvcr100.dll
0.0s C:\Users\Jens\AppData\Local\Helper\msvcp100.dll
2.1s C:\Windows\wauctla.exe.config
2.4s C:\Windows\SysWOW64\GroupPolicy\gpt.ini
2.4s C:\Windows\System32\GroupPolicy\Machine\
2.4s C:\Windows\System32\GroupPolicy\User\
2.4s C:\Windows\System32\GroupPolicy\Machine\Registry.pol
2.4s C:\Windows\System32\GroupPolicy\GPT.INI
7.4s C:\Windows\InstallUtil.InstallLog
7.6s C:\Windows\wauctla.InstallLog
C:\Users\Jens\AppData\Local\Helper\hkx86.dll (eDeals)
Size . . . . . . . : 39.936 bytes
Age . . . . . . . : 17.9 days (2015-05-14 09:36:47)
Entropy . . . . . : 6.0
SHA-256 . . . . . : FA564F57E436404BB919CEC19558B21C595377C624ED02153380948DBF39E590
Fuzzy . . . . . . : 7.0
Forensic Cluster
-0.0s C:\Users\Jens\AppData\Local\Helper\
-0.0s C:\Users\Jens\AppData\Local\Helper\chrome32.exe
0.0s C:\Users\Jens\AppData\Local\Helper\hkx86.dll
0.0s C:\Users\Jens\AppData\Local\Helper\chrome64.exe
0.0s C:\Users\Jens\AppData\Local\Helper\hkx64.dll
0.0s C:\Users\Jens\AppData\Local\Helper\msvcr100.dll
0.1s C:\Users\Jens\AppData\Local\Helper\msvcp100.dll
2.2s C:\Windows\wauctla.exe.config
2.4s C:\Windows\SysWOW64\GroupPolicy\gpt.ini
2.4s C:\Windows\System32\GroupPolicy\Machine\
2.4s C:\Windows\System32\GroupPolicy\User\
2.5s C:\Windows\System32\GroupPolicy\Machine\Registry.pol
2.5s C:\Windows\System32\GroupPolicy\GPT.INI
7.4s C:\Windows\InstallUtil.InstallLog
7.6s C:\Windows\wauctla.InstallLog
C:\Users\Jens\AppData\Local\TB\ (Conduit)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID\{58124A0B-DC32-4180-9BFF-E0E21AE34026} (Iminent)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID\{977AE9CC-AF83-45E8-9E03-E2798216E2D5} (Iminent)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID\{A09AB6EB-31B5-454C-97EC-9B294D92EE2A} (Iminent)
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID\{58124A0B-DC32-4180-9BFF-E0E21AE34026} (Iminent)
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID\{977AE9CC-AF83-45E8-9E03-E2798216E2D5} (Iminent)
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID\{A09AB6EB-31B5-454C-97EC-9B294D92EE2A} (Iminent)
HKLM\SOFTWARE\Wow6432Node\Pirrit Solutions\ (PirritSuggestor)
HKU\.DEFAULT\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}\ (FLV Player)
HKU\S-1-5-18\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}\ (FLV Player)
HKU\S-1-5-21-1237588526-223779405-1965894102-1001\Software\Microsoft\Internet Explorer\DOMStorage\iminent.com\ (Iminent)
|
| deeprybka | 01.06.2015 15:18 |
Hallo! :) Schritt 1
http://filepony.de/icon/frst.pnghttp://deeprybka.trojaner-board.de/b...st/frstfix.png
Drücke bitte die http://deeprybka.trojaner-board.de/b...ne/revo/w7.png + R Taste und schreibe notepad in das Ausführen Fenster.
Klicke auf OK und kopiere nun den Text aus der Codebox in das leere Textdokument: Code:
CloseProcesses:
C:\Users\Jens\AppData\Local\Helper
C:\Users\Jens\AppData\Local\TB
C:\Users\Jens\AppData\Local\win32wizardSched
GroupPolicy: Group Policy on Chrome detected
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction
HKU\S-1-5-21-1237588526-223779405-1965894102-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
S2 Util melondrea; "C:\Program Files (x86)\melondrea\bin\utilmelondrea.exe" [X]
C:\Program Files (x86)\melondrea
EmptyTemp:
Speichere dieses bitte als Fixlist.txt in das Verzeichnis ab, in dem sich auch die FRST-Anwendung befindet. - Starte FRST und drücke auf den Fix-Button.
- Das Tool erstellt eine "Fixlog.txt" -Datei.
- Poste mir bitte deren Inhalt.
Nach dem Reboot: Schritt 2 http://filepony.de/icon/frst.pnghttp://deeprybka.trojaner-board.de/b...t/frstscan.png
Bitte starte FRST erneut, und drücke auf Scan.
Bitte poste mir den Inhalt des Logs.
Malwaretechnisch sind wir durch. http://www.trojaner-board.de/extra/lesestoff.pngGibt es jetzt noch Probleme mit dem PC? Wenn ja, welche? |
| Alle Zeitangaben in WEZ +1. Es ist jetzt 13:10 Uhr. | |
Copyright ©2000-2025, Trojaner-Board
Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.
