Code:
Alles auswählen Aufklappen ATTFilter
Malwarebytes Anti-Malware
www.malwarebytes.org
Suchlauf Datum: 10.07.2014
Suchlauf-Zeit: 22:43:37
Logdatei:
Administrator: Ja
Version: 2.00.2.1012
Malware Datenbank: v2014.07.09.13
Rootkit Datenbank: v2014.07.09.01
Lizenz: Kostenlos
Malware Schutz: Deaktiviert
Bösartiger Webseiten Schutz: Deaktiviert
Self-protection: Deaktiviert
Betriebssystem: Windows 8
CPU: x64
Dateisystem: NTFS
Benutzer: Acer1
Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 280409
Verstrichene Zeit: 13 Min, 19 Sek
Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Aktiviert
Heuristics: Aktiviert
PUP: Aktiviert
PUM: Aktiviert
Prozesse: 0
(No malicious items detected)
Module: 0
(No malicious items detected)
Registrierungsschlüssel: 0
(No malicious items detected)
Registrierungswerte: 0
(No malicious items detected)
Registrierungsdaten: 0
(No malicious items detected)
Ordner: 0
(No malicious items detected)
Dateien: 0
(No malicious items detected)
Physische Sektoren: 0
(No malicious items detected)
(end)
Code:
Alles auswählen Aufklappen ATTFilter
Code:
Alles auswählen Aufklappen ATTFilter
HitmanPro 3.7.9.220
www.hitmanpro.com
Computer name . . . . : ACER
Windows . . . . . . . : 6.2.0.9200.X64/2
User name . . . . . . : Acer\Acer1
UAC . . . . . . . . . : Enabled
License . . . . . . . : Free
Scan date . . . . . . : 2014-07-10 23:01:01
Scan mode . . . . . . : Normal
Scan duration . . . . : 4m 26s
Disk access mode . . : Direct disk access (SRB)
Cloud . . . . . . . . : Internet
Reboot . . . . . . . : No
Threats . . . . . . . : 0
Traces . . . . . . . : 13
Objects scanned . . . : 1.754.423
Files scanned . . . . : 24.490
Remnants scanned . . : 406.352 files / 1.323.581 keys
Suspicious files ____________________________________________________________
C:\Users\Acer1\Desktop\FRST-OlderVersion\FRST64.exe
Size . . . . . . . : 2.157.056 bytes
Age . . . . . . . : 117.5 days (2014-03-15 10:35:05)
Entropy . . . . . : 7.5
SHA-256 . . . . . : C95B9760D492835A6E26C7ADA570F805B729C55FCA067EB746DA0A2183C279A2
Needs elevation . : Yes
Fuzzy . . . . . . : 22.0
Program has no publisher information but prompts the user for permission elevation.
Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
Authors name is missing in version info. This is not common to most programs.
Version control is missing. This file is probably created by an individual. This is not typical for most programs.
C:\Users\Acer1\Desktop\FRST64.exe
Size . . . . . . . : 2.084.864 bytes
Age . . . . . . . : 0.0 days (2014-07-10 22:24:23)
Entropy . . . . . : 7.5
SHA-256 . . . . . : 4B94F1146E7B2F3E38D83A221EE678A1C4316989867EBFEDBA73BD853B811419
Needs elevation . : Yes
Source URL . . . . : hxxp://download.bleepingcomputer.com/dl/ac9ed667a8e661cb239531c2cb45283b/53bef677/windows/security/security-utilities/f/farbar-recovery-scan-tool/64/FRST64.exe
Fuzzy . . . . . . : 27.0
Program has no publisher information but prompts the user for permission elevation.
Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
The file is downloaded from the Internet to this computer.
Authors name is missing in version info. This is not common to most programs.
Version control is missing. This file is probably created by an individual. This is not typical for most programs.
Time indicates that the file appeared recently on this computer.
Forensic Cluster
-0.8s C:\Users\Acer1\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4IDICOPG\FRST64[1].exe
-0.3s C:\Users\Acer1\AppData\Roaming\Microsoft\Windows\Cookies\6TANB3IP.txt
-0.3s C:\Users\Acer1\AppData\Roaming\Microsoft\Windows\Cookies\I1GIZCEZ.txt
-0.3s C:\Users\Acer1\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4IDICOPG\82[1].htm
-0.0s C:\Users\Acer1\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4IDICOPG\FRST64[2].exe
0.0s C:\Users\Acer1\Desktop\FRST64.exe
3.4s C:\Users\Acer1\Desktop\FRST-OlderVersion\
4.5s C:\Users\Acer1\AppData\Local\Microsoft\Windows\Explorer\thumbcache_idx.db
4.5s C:\Users\Acer1\AppData\Local\Microsoft\Windows\Explorer\thumbcache_16.db
4.5s C:\Users\Acer1\AppData\Local\Microsoft\Windows\Explorer\thumbcache_32.db
4.5s C:\Users\Acer1\AppData\Local\Microsoft\Windows\Explorer\thumbcache_48.db
4.5s C:\Users\Acer1\AppData\Local\Microsoft\Windows\Explorer\thumbcache_96.db
4.5s C:\Users\Acer1\AppData\Local\Microsoft\Windows\Explorer\thumbcache_256.db
4.5s C:\Users\Acer1\AppData\Local\Microsoft\Windows\Explorer\thumbcache_1024.db
4.5s C:\Users\Acer1\AppData\Local\Microsoft\Windows\Explorer\thumbcache_sr.db
4.5s C:\Users\Acer1\AppData\Local\Microsoft\Windows\Explorer\thumbcache_wide.db
4.5s C:\Users\Acer1\AppData\Local\Microsoft\Windows\Explorer\thumbcache_exif.db
7.6s C:\Users\Acer1\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SLIHN0GP\up64[1]
C:\Users\Acer1\Downloads\FRST64.exe
Size . . . . . . . : 2.157.056 bytes
Age . . . . . . . : 117.5 days (2014-03-15 10:34:35)
Entropy . . . . . : 7.5
SHA-256 . . . . . : C95B9760D492835A6E26C7ADA570F805B729C55FCA067EB746DA0A2183C279A2
Needs elevation . : Yes
Fuzzy . . . . . . : 22.0
Program has no publisher information but prompts the user for permission elevation.
Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
Authors name is missing in version info. This is not common to most programs.
Version control is missing. This file is probably created by an individual. This is not typical for most programs.
Potential Unwanted Programs _________________________________________________
C:\Program Files (x86)\AskPartnerNetwork\ (AskBar)
C:\Program Files (x86)\AskPartnerNetwork\Toolbar\ (AskBar)
C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe (AskBar)
Size . . . . . . . : 166.352 bytes
Age . . . . . . . : 147.7 days (2014-02-13 07:22:47)
Entropy . . . . . : 6.4
SHA-256 . . . . . : C3081358313A982F53CAD54C214AFECAD9660A59FB4A3DDFE068724E83041AF8
Product . . . . . : APN Updater
Publisher . . . . : APN LLC.
Description . . . : APN Updater
Version . . . . . : 21.5.0.2560
Copyright . . . . : (c) APN LLC. All rights reserved.
LanguageID . . . . : 1033
Fuzzy . . . . . . : -8.0
C:\Program Files (x86)\AskPartnerNetwork\Toolbar\UpdateManager.exe (AskBar)
Size . . . . . . . : 114.128 bytes
Age . . . . . . . : 147.7 days (2014-02-13 07:22:47)
Entropy . . . . . : 6.4
SHA-256 . . . . . : DCB7FE544B967787BB1515F9CD344688B9234D188BC50DAE5C966BBD9D5E8836
Product . . . . . : Update Manager
Publisher . . . . : APN LLC.
Description . . . : Update Manager
Version . . . . . : 21.5.0.2560
Copyright . . . . : (c) APN LLC. All rights reserved.
LanguageID . . . . : 1033
Fuzzy . . . . . . : -8.0
C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\ (AskBar)
C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe (AskBar)
Size . . . . . . . : 1.758.160 bytes
Age . . . . . . . : 147.7 days (2014-02-13 07:22:26)
Entropy . . . . . : 6.4
SHA-256 . . . . . : 5C557182618218B2A66408BA89438E154B3236D0F0EED2D64C3CD65C68129700
Product . . . . . : Ask TBNotifier
Publisher . . . . : APN
Description . . . : Ask Toolbar Notifier
Version . . . . . : 31.6.3.286
Copyright . . . . : (c) Ask. All rights reserved.
LanguageID . . . . : 1033
Fuzzy . . . . . . : -8.0
HKU\.DEFAULT\Software\AskPartnerNetwork\ (AskBar)
HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\AskPartnerNetwork\ (AskBar)
HKU\S-1-5-18\Software\AskPartnerNetwork\ (AskBar)
HKU\S-1-5-21-3942060078-1468770267-3527270758-1001\Software\Softonic\ (Softonic)
10.07.2014, 22:08
Baum-Darstellung