Code:
Alles auswählen Aufklappen ATTFilter
Code:
Alles auswählen Aufklappen ATTFilter
HitmanPro 3.7.9.221
www.hitmanpro.com
Computer name . . . . : FORDFIESTA
Windows . . . . . . . : 6.3.0.9600.X64/4
User name . . . . . . : FORDFIESTA\Reinhard
UAC . . . . . . . . . : Enabled
License . . . . . . . : Free
Scan date . . . . . . : 2014-07-25 16:38:55
Scan mode . . . . . . : Normal
Scan duration . . . . : 5m 11s
Disk access mode . . : Direct disk access (SRB)
Cloud . . . . . . . . : Internet
Reboot . . . . . . . : No
Threats . . . . . . . : 2
Traces . . . . . . . : 6
Objects scanned . . . : 1.341.287
Files scanned . . . . : 16.651
Remnants scanned . . : 407.529 files / 917.107 keys
Malware _____________________________________________________________________
C:\Users\Reinhard\Downloads\7BABtmp\newvideoplayersetup.exe
Size . . . . . . . : 9.853.161 bytes
Age . . . . . . . : 27.0 days (2014-06-28 15:26:14)
Entropy . . . . . : 8.0
SHA-256 . . . . . : 4AE5180A789DD1616642B5FB495F67F7FAD847598A22071E5606E26B056C7611
> Bitdefender . . . : Adware.Agent.OER
Fuzzy . . . . . . : 109.0
Forensic Cluster
-3.8s C:\Users\Reinhard\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\2427C246DCF85A06DD675914EDA68038_EEE52A74DEE31B064E156E492FD05217
-3.8s C:\Users\Reinhard\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\2427C246DCF85A06DD675914EDA68038_EEE52A74DEE31B064E156E492FD05217
-0.2s C:\Users\Reinhard\Downloads\7BABtmp\
-0.1s C:\Users\Reinhard\Downloads\7BDAtmp\
-0.1s C:\Users\Reinhard\Downloads\7C0Atmp\
-0.0s C:\Users\Reinhard\Downloads\7C3Atmp\
-0.0s C:\Users\Reinhard\Downloads\7C6Atmp\
0.0s C:\Users\Reinhard\Downloads\7BABtmp\newvideoplayersetup.exe
0.0s C:\Users\Reinhard\Downloads\7C9Atmp\
0.1s C:\Users\Reinhard\Downloads\7C0Atmp\setup.exe
0.1s C:\Users\Reinhard\Downloads\7CD9tmp\
0.1s C:\Users\Reinhard\Downloads\7D09tmp\
0.2s C:\FRST\Quarantine\C\Users\Reinhard\Downloads\7C6Atmp\freesofttoday.exe.xBAD
0.3s C:\Users\Reinhard\Downloads\7C3Atmp\setup.exe
0.5s C:\Users\Reinhard\Downloads\7BDAtmp\cloud_backup_setup.exe
0.8s C:\Users\Reinhard\Downloads\7CD9tmp\optimizerpro.exe
0.8s C:\Users\Reinhard\Downloads\7D09tmp\lly_omiga-plus.exe
4.9s C:\Users\Reinhard\Downloads\7C9Atmp\vopackage.exe
C:\Users\Reinhard\Downloads\7D09tmp\lly_omiga-plus.exe
Size . . . . . . . : 640.184 bytes
Age . . . . . . . : 27.0 days (2014-06-28 15:26:15)
Entropy . . . . . : 6.2
SHA-256 . . . . . : 7C8889AC48BD6DFB494375F2D3694E37E29805BB70D49B8E5C5A90870C079527
Product . . . . . : 556_tugs
RSA Key Size . . . : 2048
LanguageID . . . . : 2057
Authenticode . . . : Valid
> Kaspersky . . . . : not-a-virus:AdWare.Win32.ELEX.a
Fuzzy . . . . . . : 99.0
Forensic Cluster
-4.6s C:\Users\Reinhard\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\2427C246DCF85A06DD675914EDA68038_EEE52A74DEE31B064E156E492FD05217
-4.6s C:\Users\Reinhard\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\2427C246DCF85A06DD675914EDA68038_EEE52A74DEE31B064E156E492FD05217
-1.0s C:\Users\Reinhard\Downloads\7BABtmp\
-0.9s C:\Users\Reinhard\Downloads\7BDAtmp\
-0.9s C:\Users\Reinhard\Downloads\7C0Atmp\
-0.8s C:\Users\Reinhard\Downloads\7C3Atmp\
-0.8s C:\Users\Reinhard\Downloads\7C6Atmp\
-0.8s C:\Users\Reinhard\Downloads\7BABtmp\newvideoplayersetup.exe
-0.8s C:\Users\Reinhard\Downloads\7C9Atmp\
-0.8s C:\Users\Reinhard\Downloads\7C0Atmp\setup.exe
-0.7s C:\Users\Reinhard\Downloads\7CD9tmp\
-0.7s C:\Users\Reinhard\Downloads\7D09tmp\
-0.6s C:\FRST\Quarantine\C\Users\Reinhard\Downloads\7C6Atmp\freesofttoday.exe.xBAD
-0.5s C:\Users\Reinhard\Downloads\7C3Atmp\setup.exe
-0.3s C:\Users\Reinhard\Downloads\7BDAtmp\cloud_backup_setup.exe
-0.0s C:\Users\Reinhard\Downloads\7CD9tmp\optimizerpro.exe
0.0s C:\Users\Reinhard\Downloads\7D09tmp\lly_omiga-plus.exe
4.1s C:\Users\Reinhard\Downloads\7C9Atmp\vopackage.exe
Suspicious files ____________________________________________________________
C:\Users\Reinhard\Downloads\FRST64 (1).exe
Size . . . . . . . : 2.093.568 bytes
Age . . . . . . . : 1.5 days (2014-07-24 03:41:21)
Entropy . . . . . : 7.5
SHA-256 . . . . . : 70424066CD60A682FD582B66DD8D3AF350C802B96E4FE3DD161AC4780EB2F1FF
Needs elevation . : Yes
Fuzzy . . . . . . : 24.0
Program has no publisher information but prompts the user for permission elevation.
Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
Authors name is missing in version info. This is not common to most programs.
Version control is missing. This file is probably created by an individual. This is not typical for most programs.
Time indicates that the file appeared recently on this computer.
References
C:\Users\Reinhard\Desktop\FRST64 (1) - Verknüpfung.lnk
Forensic Cluster
0.0s C:\Users\Reinhard\Downloads\FRST64 (1).exe
3.5s C:\Users\Reinhard\AppData\Local\Google\Chrome\User Data\Default\Cache\f_0000a0
Potential Unwanted Programs _________________________________________________
HKU\.DEFAULT\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}\ (FLV Player)
HKU\S-1-5-18\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}\ (FLV Player)
25.07.2014, 15:50
Baum-Darstellung