Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.
Reinigung meines Laptops vor Umzug. Diverser Befall, u.a. de.savefrom.net
In Eset nichts beheben nach dem Scan, nehme ich an?!
Code:
ATTFilter
Code:
ATTFilter
HitmanPro 3.8.0.295
www.hitmanpro.com
Computer name . . . . : MAGL
Windows . . . . . . . : 6.1.1.7601.X64/4
User name . . . . . . : MaGl\Mathias Glock
UAC . . . . . . . . . : Enabled
License . . . . . . . : Free
Scan date . . . . . . : 2018-09-29 19:17:49
Scan mode . . . . . . : Normal
Scan duration . . . . : 7m 22s
Disk access mode . . : Direct disk access (SRB)
Cloud . . . . . . . . : Internet
Reboot . . . . . . . : No
Threats . . . . . . . : 0
Traces . . . . . . . : 5
Objects scanned . . . : 2.557.501
Files scanned . . . . : 49.770
Remnants scanned . . : 437.833 files / 2.069.898 keys
Suspicious files ____________________________________________________________
C:\Users\Mathias Glock\Desktop\daten\Downloads\trojanerboard\FRST64.exe
Size . . . . . . . : 2.102.784 bytes
Age . . . . . . . : 565.0 days (2017-03-13 18:49:19)
Entropy . . . . . : 7.5
SHA-256 . . . . . : 2E1F5CF1B0C955C7B5B0C47D386C626E5AECDB4C7F7FFCBE4F4F8F4144B3772F
Needs elevation . : Yes
Fuzzy . . . . . . : 22.0
Program has no publisher information but prompts the user for permission elevation.
Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
Authors name is missing in version info. This is not common to most programs.
Version control is missing. This file is probably created by an individual. This is not typical for most programs.
C:\Users\Mathias Glock\Desktop\FRST-OlderVersion\FRST64.exe
Size . . . . . . . : 2.414.080 bytes
Age . . . . . . . : 2.8 days (2018-09-26 23:51:28)
Entropy . . . . . : 7.6
SHA-256 . . . . . : E95B0948889B0F0544C8B42106B7AEA3748175088A834F84B193F65827363D75
Needs elevation . : Yes
Fuzzy . . . . . . : 24.0
Program has no publisher information but prompts the user for permission elevation.
Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
Authors name is missing in version info. This is not common to most programs.
Version control is missing. This file is probably created by an individual. This is not typical for most programs.
Time indicates that the file appeared recently on this computer.
C:\Users\Mathias Glock\Desktop\FRST64.exe
Size . . . . . . . : 2.414.080 bytes
Age . . . . . . . : 0.8 days (2018-09-28 23:43:08)
Entropy . . . . . : 7.6
SHA-256 . . . . . : B51B019E8B70B06D57DD6455002B7C0129CCD06316E630C8991190B8A069444A
Needs elevation . : Yes
Fuzzy . . . . . . : 24.0
Program has no publisher information but prompts the user for permission elevation.
Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
Authors name is missing in version info. This is not common to most programs.
Version control is missing. This file is probably created by an individual. This is not typical for most programs.
Time indicates that the file appeared recently on this computer.
Forensic Cluster
-5.8s C:\Windows\Prefetch\CONSENT.EXE-531BD9EA.pf
-1.0s C:\Windows\Prefetch\DLLHOST.EXE-766398D2.pf
-0.6s C:\Users\Mathias Glock\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\9EC3B71635F8BA3FC68DE181A104A0EF_F6C39EF89D8A3A72327D8412589658B2
-0.6s C:\Users\Mathias Glock\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\9EC3B71635F8BA3FC68DE181A104A0EF_F6C39EF89D8A3A72327D8412589658B2
-0.3s C:\Users\Mathias Glock\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\64DCC9872C5635B1B7891B30665E0558_5552C20A2631357820903FD38A8C0F9F
-0.3s C:\Users\Mathias Glock\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\64DCC9872C5635B1B7891B30665E0558_5552C20A2631357820903FD38A8C0F9F
0.0s C:\Users\Mathias Glock\Desktop\FRST64.exe
1.8s C:\Users\Mathias Glock\Desktop\FRST-OlderVersion\
3.7s C:\Windows\Prefetch\FRST64.EXE-86692587.pf
6.9s C:\Users\Mathias Glock\Desktop\Fixlog.txt
7.2s C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{9261B0C6-2156-495B-8F5B-74D701772FD9}
11.4s C:\Windows\Prefetch\CMD.EXE-4A81B364.pf
13.2s C:\Windows\Prefetch\IPCONFIG.EXE-912F3D5B.pf
15.5s C:\Windows\Prefetch\BITSADMIN.EXE-71339457.pf
Potential Unwanted Programs _________________________________________________
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{9522B3FB-7A2B-4646-8AF6-36E7F593073C}\ (CouponBar)
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{9522B3FB-7A2B-4646-8AF6-36E7F593073C}\ (CouponBar)
Code:
ATTFilter
C:\Users\Mathias Glock\Downloads\BitTorrent.exe Variante von MSIL/WebCompanion.A eventuell unerwünschte Anwendung,Variante von Win32/WebCompanion.B eventuell unerwünschte Anwendung
Themen zu Reinigung meines Laptops vor Umzug. Diverser Befall, u.a. de.savefrom.net
Zum Thema Reinigung meines Laptops vor Umzug. Diverser Befall, u.a. de.savefrom.net - In Eset nichts beheben nach dem Scan, nehme ich an?!
Code:
Alles auswählen Aufklappen ATTFilter
Code:
Alles auswählen Aufklappen ATTFilter
HitmanPro 3.8.0.295
www.hitmanpro.com
Computer name . . . . : - Reinigung meines Laptops vor Umzug. Diverser Befall, u.a. de.savefrom.net...
29.09.2018, 20:36
Baum-Darstellung