Hallo, alles klar. Hier dann mal die Logs
Hitman
Code:
Alles auswählen Aufklappen ATTFilter
Code:
Alles auswählen Aufklappen ATTFilter
HitmanPro 3.7.20.286
www.hitmanpro.com
Computer name . . . . : EUGEN
Windows . . . . . . . : 6.3.0.9600.X64/4
User name . . . . . . : EUGEN\Anisimov
UAC . . . . . . . . . : Enabled
License . . . . . . . : Free
Scan date . . . . . . : 2017-11-03 08:42:21
Scan mode . . . . . . : Normal
Scan duration . . . . : 4m 45s
Disk access mode . . : Direct disk access (SRB)
Cloud . . . . . . . . : Internet
Reboot . . . . . . . : No
Threats . . . . . . . : 0
Traces . . . . . . . : 16
Objects scanned . . . : 1.905.158
Files scanned . . . . : 63.547
Remnants scanned . . : 579.339 files / 1.262.272 keys
Suspicious files ____________________________________________________________
C:\Users\Anisimov\Desktop\FRST64.exe
Size . . . . . . . : 2.403.328 bytes
Age . . . . . . . : 0.6 days (2017-11-02 17:58:56)
Entropy . . . . . : 7.6
SHA-256 . . . . . : 0AF9E15774EB98DE5E89662BC939177586FAA9138192B1C1EDD8228B95259A90
Needs elevation . : Yes
Fuzzy . . . . . . : 24.0
Program has no publisher information but prompts the user for permission elevation.
Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
Authors name is missing in version info. This is not common to most programs.
Version control is missing. This file is probably created by an individual. This is not typical for most programs.
Time indicates that the file appeared recently on this computer.
Potential Unwanted Programs _________________________________________________
HKU\S-1-5-21-2170353134-3406697385-2337659682-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Approved Extensions\{4D2D3B0F-69BE-477A-90F5-FDDB05357975} (Claro)
HKU\S-1-5-21-2170353134-3406697385-2337659682-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Approved Extensions\{98889811-442D-49DD-99D7-DC866BE87DBC} (Claro)
HKU\S-1-5-21-2170353134-3406697385-2337659682-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\TabbedBrowsing\bProtectNewTabPageShow (22Find)
HKU\S-1-5-21-2170353134-3406697385-2337659682-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-11022017111054718\Software\Microsoft\Internet Explorer\Approved Extensions\{4D2D3B0F-69BE-477A-90F5-FDDB05357975} (Claro)
HKU\S-1-5-21-2170353134-3406697385-2337659682-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-11022017111054718\Software\Microsoft\Internet Explorer\Approved Extensions\{98889811-442D-49DD-99D7-DC866BE87DBC} (Claro)
HKU\S-1-5-21-2170353134-3406697385-2337659682-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-11022017111054718\Software\Microsoft\Internet Explorer\TabbedBrowsing\bProtectNewTabPageShow (22Find)
HKU\S-1-5-21-2170353134-3406697385-2337659682-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-11022017142951722\Software\Microsoft\Internet Explorer\Approved Extensions\{4D2D3B0F-69BE-477A-90F5-FDDB05357975} (Claro)
HKU\S-1-5-21-2170353134-3406697385-2337659682-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-11022017142951722\Software\Microsoft\Internet Explorer\Approved Extensions\{98889811-442D-49DD-99D7-DC866BE87DBC} (Claro)
HKU\S-1-5-21-2170353134-3406697385-2337659682-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-11022017142951722\Software\Microsoft\Internet Explorer\TabbedBrowsing\bProtectNewTabPageShow (22Find)
HKU\S-1-5-21-2170353134-3406697385-2337659682-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-11022017161502191\Software\Microsoft\Internet Explorer\Approved Extensions\{4D2D3B0F-69BE-477A-90F5-FDDB05357975} (Claro)
HKU\S-1-5-21-2170353134-3406697385-2337659682-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-11022017161502191\Software\Microsoft\Internet Explorer\Approved Extensions\{98889811-442D-49DD-99D7-DC866BE87DBC} (Claro)
HKU\S-1-5-21-2170353134-3406697385-2337659682-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-11022017161502191\Software\Microsoft\Internet Explorer\TabbedBrowsing\bProtectNewTabPageShow (22Find)
HKU\S-1-5-21-2170353134-3406697385-2337659682-1001\Software\Microsoft\Internet Explorer\Approved Extensions\{4D2D3B0F-69BE-477A-90F5-FDDB05357975} (Claro)
HKU\S-1-5-21-2170353134-3406697385-2337659682-1001\Software\Microsoft\Internet Explorer\Approved Extensions\{98889811-442D-49DD-99D7-DC866BE87DBC} (Claro)
HKU\S-1-5-21-2170353134-3406697385-2337659682-1001\Software\Microsoft\Internet Explorer\TabbedBrowsing\bProtectNewTabPageShow (22Find)
ESET
Code:
Alles auswählen Aufklappen ATTFilter
C:\AdwCleaner\Quarantine\C\Program Files (x86)\delta\delta\1.8.16.16\deltaEng.dll.vir Variante von Win32/Toolbar.Montiera.A eventuell unerwünschte Anwendung
C:\AdwCleaner\Quarantine\C\Program Files (x86)\delta\delta\1.8.16.16\deltasrv.exe.vir Variante von Win32/Toolbar.Montiera.A eventuell unerwünschte Anwendung
C:\AdwCleaner\Quarantine\C\Program Files (x86)\delta\delta\1.8.16.16\uninstall.exe.vir Win32/Toolbar.Montiera.B eventuell unerwünschte Anwendung
C:\AdwCleaner\Quarantine\C\ProgramData\BrowserProtect\2.6.1519.190\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\FirefoxExtension\bprotector.js.vir Win32/bProtector.F eventuell unerwünschte Anwendung
C:\AdwCleaner\Quarantine\C\Users\Anisimov\AppData\Roaming\BabSolution\Shared\BabMaint.exe.vir Win32/Toolbar.Babylon.I eventuell unerwünschte Anwendung
C:\AdwCleaner\Quarantine\C\Users\Anisimov\AppData\Roaming\BabSolution\Shared\BUSolution.dll.vir Win32/Toolbar.Babylon.AE eventuell unerwünschte Anwendung
C:\AdwCleaner\Quarantine\C\Users\Anisimov\AppData\Roaming\OpenCandy\3779538814844F038A332BE95D8F1679\DeltaTB.exe.vir Variante von Win32/Toolbar.Babylon.C eventuell unerwünschte Anwendung
Danke
03.11.2017, 10:10
Baum-Darstellung