Jump to content

Reconfirm

Members
  • Posts

    12
  • Joined

  • Last visited

Reputation

0 Neutral
  1. Malwarebytes Anti-Rootkit BETA 1.9.3.1001 www.malwarebytes.org Database version: main: v2017.07.05.05 rootkit: v2017.05.27.01 Windows 10 x64 NTFS Internet Explorer 11.1000.16232.0 Reconfirm :: RECONFIRM-PC [administrator] 05.07.2017 15:14:46 mbar-log-2017-07-05 (15-14-46).txt Scan type: Quick scan Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken Scan options disabled: Objects scanned: 284201 Time elapsed: 8 minute(s), 26 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 4 HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\249BDA38A611CD746A132FA2AF995A2D3C941264 (Trojan.Wdfload) -> Delete on reboot. [c7e2db8787228caa8d9e30f7b34d1be5] HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\B8EBF0E696AF77F51C96DB4D044586E2F4F8FD84 (Trojan.Wdfload) -> Delete on reboot. [1a8f3032bdec87af58c4ac76ec14847c] HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\249BDA38A611CD746A132FA2AF995A2D3C941264 (Trojan.Wdfload) -> Delete on reboot. [19906ff3cddc95a17caff334ab5509f7] HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\DISALLOWED\CERTIFICATES\B8EBF0E696AF77F51C96DB4D044586E2F4F8FD84 (Trojan.Wdfload) -> Delete on reboot. [5e4b6cf63079d660d646db47e31d6997] Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 4 C:\Program Files\SolarWinds Searc\SolarWinds Searc.dll (Trojan.Wdfload.Generic) -> Delete on reboot. [08a1b0b23574fa3ccb3aee1e19e9a957] C:\$Recycle.Bin\S-1-5-21-711978500-4163069754-996127795-1001\$R9XDRNC.exe (RiskWare.Tool.CK) -> Delete on reboot. [3970174bf8b1f442f993030839c76c94] C:\$Recycle.Bin\S-1-5-21-711978500-4163069754-996127795-1001\$RBP28ZT.exe (HackTool.FilePatch) -> Delete on reboot. [971292d0f8b16ec88e170c3fc340b14f] C:\Windows\Temp\g2DE6.tmp.exe (Trojan.Wdfload) -> Delete on reboot. [b0f9550dcbde9f97a3ae648e966b3ac6] Physical Sectors Detected: 0 (No malicious items detected) (end)
  2. I found something interesting rr2log.txt
  3. The files are still being generated... :/
  4. ================== Zip: =================== ""C:\Windows\Temp"" -> not found ""C:\Windows\System32\Tasks\SolarWinds Searc"" -> not found ""C:\Program Files\Solarwinds Searc"" -> not found =========== Zip: Ende =========== ==== Ende von Fixlog 14:18:32 ==== And the DATE-TIME Archive was empty
  5. https://www.forbes.com/sites/thomasbrewster/2017/06/28/three-things-you-can-do-to-stop-notpetya-ransomware-wrecking-your-pc/#6c8f506e77b0
  6. Because i'm not allowed to send .arn files here is a .rar RECONFIRM-PC.rar
  7. I did a search with this new files and FRST did not find anything either
  8. ================== Registry-Suche: "g3BF6;g9E44;g9644;gA5D7" =========== ====== Ende von Suche ====== Didn't find anything.... :/ and it created new ones
  9. There you are! FRST.txt Addition.txt
  10. Hey there! I got a huge problem. Since a week there are some strange files on my Computer which are generated automaticly in the Windows Temp folder. These files usually use up a lot of my CPU and my SSD. The file usually starts with "g" and 4 letters and numbers. I've got a working anti virus programm, but it says that the files are okay. But it's definitly a trojan: https://virustotal.com/en/file/aa5c544cf614ee13d944731dd62caefd0bb893258553a0f84fdfd0b631a0e662/analysis/1498754376/
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.