Super, das ging besser!
Code:
Alles auswählen Aufklappen ATTFilter
HitmanPro 3.7.15.281
www.hitmanpro.com
Computer name . . . . : TAB
Windows . . . . . . . : 6.3.0.9600.X86/4
User name . . . . . . : TAB\nici_st
UAC . . . . . . . . . : Enabled
License . . . . . . . : Free
Scan date . . . . . . : 2016-12-19 12:36:22
Scan mode . . . . . . : Normal
Scan duration . . . . : 5m 5s
Disk access mode . . : Direct disk access (SRB)
Cloud . . . . . . . . : Internet
Reboot . . . . . . . : No
Threats . . . . . . . : 3
Traces . . . . . . . : 8
Objects scanned . . . : 1.286.974
Files scanned . . . . : 37.619
Remnants scanned . . : 413.568 files / 835.787 keys
Malware _____________________________________________________________________
C:\WINDOWS\System32\adtsexternal.dll
Size . . . . . . . : 413.312 bytes
Age . . . . . . . : 381.6 days (2015-12-03 21:21:37)
Entropy . . . . . : 6.6
SHA-256 . . . . . : 689795557962D0CC81508A2FB0CB713438E760C92CA7D5A61DF1E5652174C632
Product
Publisher
Description
Version . . . . . : 1,2,51120,2108
Copyright
RSA Key Size . . . : 2048
Service . . . . . : VineyardsTaskSrv
LanguageID . . . . : 1033
Authenticode . . . : Valid
> Bitdefender . . . : Gen:Variant.Winsecsrv.1
> Kaspersky . . . . : Trojan.Win32.Winsecsrv.f
Fuzzy . . . . . . : 103.0
Startup
HKLM\SYSTEM\CurrentControlSet\Services\VineyardsTaskSrv\
C:\WINDOWS\system32\apesdetech.sys
Size . . . . . . . : 123.056 bytes
Age . . . . . . . : 381.6 days (2015-12-03 21:21:37)
Entropy . . . . . : 6.6
SHA-256 . . . . . : CBAC30BE2E28777722C83FDE627F12333967D3E174A3F0F62B64DDC1C1D0C54A
Product
Publisher
Description
Version . . . . . : 1,2,51120,2108
Copyright
RSA Key Size . . . : 2048
LanguageID . . . . : 1033
Authenticode . . . : Valid
> Bitdefender . . . : Gen:Variant.Winsecsrv.1
> Kaspersky . . . . : Trojan.Win32.Winsecsrv.g
Fuzzy . . . . . . : 98.0
C:\WINDOWS\system32\drivers\apesdetech.sys
Size . . . . . . . : 123.056 bytes
Age . . . . . . . : 381.6 days (2015-12-03 21:21:37)
Entropy . . . . . : 6.6
SHA-256 . . . . . : CBAC30BE2E28777722C83FDE627F12333967D3E174A3F0F62B64DDC1C1D0C54A
Product
Publisher
Description
Version . . . . . : 1,2,51120,2108
Copyright
RSA Key Size . . . : 2048
Service . . . . . : appnetmsgmgr
LanguageID . . . . : 1033
Authenticode . . . : Valid
> Bitdefender . . . : Gen:Variant.Winsecsrv.1
> Kaspersky . . . . : Trojan.Win32.Winsecsrv.g
Fuzzy . . . . . . : 101.0
Startup
HKLM\SYSTEM\CurrentControlSet\Services\appnetmsgmgr\
Suspicious files ____________________________________________________________
C:\Users\nici_st\Desktop\FRST.exe
Size . . . . . . . : 1.761.792 bytes
Age . . . . . . . : 5.6 days (2016-12-13 21:01:04)
Entropy . . . . . : 7.6
SHA-256 . . . . . : 3157400629EB5821F60235C6335E39C932FF1FC4F5A8146B6FDC85101989B3BD
Needs elevation . : Yes
Fuzzy . . . . . . : 24.0
Program has no publisher information but prompts the user for permission elevation.
Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
Authors name is missing in version info. This is not common to most programs.
Version control is missing. This file is probably created by an individual. This is not typical for most programs.
Time indicates that the file appeared recently on this computer.
C:\WINDOWS\Temp\CMi1.tmp
Size . . . . . . . : 5.840.680 bytes
Age . . . . . . . : 172.1 days (2016-06-30 09:26:16)
Entropy . . . . . : 1.0
SHA-256 . . . . . : 30C25E2359F6CF15A14AE38A0EA309DE71A10208D9A43335953572AC3D16C4DE
Product . . . . . : Microsoft Office 2013
Publisher . . . . : Microsoft Corporation
Description . . . : Microsoft Office Document Cache Migration
Version . . . . . : 15.0.4825.1000
RSA Key Size . . . : 2048
LanguageID . . . . : 0
Authenticode . . . : Invalid
Fuzzy . . . . . . : 24.0
Program is altered or corrupted since it was code signed by its author. This is typical for malware and pirated software.
The file name extension of this program is not common.
19.12.2016, 12:49
Baum-Darstellung