Hallo liebe Freunde,

ich bin gerade dabei einen die letzten 3 Jahre nicht genutzten Win7 Rechner auf Win10 upzugraden. Allerdings will ich natürlich vorher meine Daten sichern. Damit ich meine externe Festplatte nicht verseuche, scanne ich mein System immer vorher mit Emisoft Emergency Kit (EEK) und danach mit ESET Online Scanner vor dem Backup.

Es wurde folgendes gefunden:

EEK-Log

Code: Alles auswählenAufklappen

ATTFilter

Emsisoft Emergency Kit - Version 2020.4
Last update: 4/11/2020 7:46:35 PM
My own Intrepid\***
 ***
 Windows 7x64 Service Pack 1

Scan settings:

Scan type: Custom Scan
Objects: Rootkits, Memory, Traces, C:\, D:\, E:\, F:\, H:\

Detect PUPs: ON
Scan archives: ON
Scan mail archives: OFF
ADS Scan: ON
File extension filter: OFF
Direct disk access: OFF

Scan start:	4/14/2020 9:03:55 PM
C:\ProgramData\apn 	detected: Application.AppInstall (A) [224108]
C:\Windows\TEMP\APN-Stub 	detected: Application.Win32.WebToolbar (A) [224131]
Key: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432NODE\MICROSOFT\TRACING\ASKINSTALLCHECKER_RASAPI32 	detected: Application.AppInstall (A) [279650]
Key: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432NODE\MICROSOFT\TRACING\ASKINSTALLCHECKER_RASMANCS 	detected: Application.AppInstall (A) [279651]
Key: HKEY_USERS\.DEFAULT\SOFTWARE\ASKPARTNERNETWORK 	detected: Application.InstallAd (A) [280312]
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AskToolbarInstaller-AVIRA-V7[5].7z -> program files/AskPartnerNetwork/Toolbar/Updater/tbnhlpr.exe 	detected: Application.Toolbar (A) [283438]
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AskToolbarInstaller-AVIRA-V7[5].7z -> program files/AskPartnerNetwork/Toolbar/Updater/tbnhlpr_x64.exe 	detected: Application.Toolbar (A) [288215]
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AskToolbarInstaller-AVIRA-V7[5].7z -> program files/AskPartnerNetwork/Toolbar/Updater/TBNotifier.exe 	detected: Application.Toolbar (A) [283439]
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AskToolbarInstaller-AVIRA-V7[5].7z -> program files/AskPartnerNetwork/Toolbar/Toolbar.exe 	detected: Application.Toolbar (A) [283436]
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AskToolbarInstaller-AVIRA-V7[5].7z -> program files/AskPartnerNetwork/Toolbar/UpdateManager.exe 	detected: Application.Toolbar (A) [283440]
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AskToolbarInstaller-AVIRA-V7[6].7z -> program files/AskPartnerNetwork/Toolbar/DeskBar.exe 	detected: Application.Toolbar (A) [283437]
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AskToolbarInstaller-AVIRA-V7[6].7z -> program files/AskPartnerNetwork/Toolbar/Updater/tbnhlpr.exe 	detected: Application.Toolbar (A) [283438]
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AskToolbarInstaller-AVIRA-V7[6].7z -> program files/AskPartnerNetwork/Toolbar/Updater/tbnhlpr_x64.exe 	detected: Application.Toolbar (A) [288215]
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AskToolbarInstaller-AVIRA-V7[6].7z -> program files/AskPartnerNetwork/Toolbar/Updater/TBNotifier.exe 	detected: Application.Toolbar (A) [283439]
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AskToolbarInstaller-AVIRA-V7[6].7z -> program files/AskPartnerNetwork/Toolbar/Toolbar.exe 	detected: Application.Toolbar (A) [283436]
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AskToolbarInstaller-AVIRA-V7[6].7z -> program files/AskPartnerNetwork/Toolbar/UpdateManager.exe 	detected: Application.Toolbar (A) [283440]
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AskToolbarInstaller-AVIRA-V7[1].7z -> program files/AskPartnerNetwork/Toolbar/Updater/TBNotifier.exe 	detected: Application.Toolbar (A) [283439]
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AskToolbarInstaller-AVIRA-V7[1].7z -> program files/AskPartnerNetwork/Toolbar/Toolbar.exe 	detected: Application.Toolbar (A) [283436]
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AskToolbarInstaller-AVIRA-V7[1].7z -> program files/AskPartnerNetwork/Toolbar/UpdateManager.exe 	detected: Application.Toolbar (A) [283440]
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AskToolbarInstaller-AVIRA-V7[2].7z -> program files/AskPartnerNetwork/Toolbar/Updater/TBNotifier.exe 	detected: Application.Toolbar (A) [283439]
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AskToolbarInstaller-AVIRA-V7[2].7z -> program files/AskPartnerNetwork/Toolbar/Toolbar.exe 	detected: Application.Toolbar (A) [283436]
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AskToolbarInstaller-AVIRA-V7[2].7z -> program files/AskPartnerNetwork/Toolbar/UpdateManager.exe 	detected: Application.Toolbar (A) [283440]
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AskToolbarInstaller-AVIRA-V7[4].7z -> program files/AskPartnerNetwork/Toolbar/Updater/TBNotifier.exe 	detected: Application.Toolbar (A) [283439]
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AskToolbarInstaller-AVIRA-V7[4].7z -> program files/AskPartnerNetwork/Toolbar/Toolbar.exe 	detected: Application.Toolbar (A) [283436]
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AskToolbarInstaller-AVIRA-V7[4].7z -> program files/AskPartnerNetwork/Toolbar/UpdateManager.exe 	detected: Application.Toolbar (A) [283440]
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AskToolbarInstaller-AVIRA-V7[3].7z -> program files/AskPartnerNetwork/Toolbar/Updater/TBNotifier.exe 	detected: Application.Toolbar (A) [283439]
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AskToolbarInstaller-AVIRA-V7[3].7z -> program files/AskPartnerNetwork/Toolbar/Toolbar.exe 	detected: Application.Toolbar (A) [283436]
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AskToolbarInstaller-AVIRA-V7[3].7z -> program files/AskPartnerNetwork/Toolbar/UpdateManager.exe 	detected: Application.Toolbar (A) [283440]

Scanned	206478
Found	28

Scan end:	4/14/2020 9:11:50 PM
Scan time:	0:07:55
         

ESET Online Scanner Log

Code: Alles auswählenAufklappen

ATTFilter

4/15/2020 2:57:52 AM
Files scanned: 176748
Detected files: 1
Cleaned files: 1
Total scan time 00:33:40
Scan status: Finished

C:\Windows\Installer\MSIC997.tmp	a variant of Win32/Bundled.Toolbar.Ask.N potentially unsafe application	cleaned by deleting
         

Danach ließ ich noch Malwarebytes drüber laufen mit folgendem Ergebnis:

Malwarebytes Log

Code: Alles auswählenAufklappen

ATTFilter

Malwarebytes
www.malwarebytes.com

-Log Details-
Scan Date: 4/15/20
Scan Time: 2:51 PM
Log File: e55a680c-7f17-11ea-9853-c8600077156f.json

-Software Information-
Version: 4.1.0.56
Components Version: 1.0.867
Update Package Version: 1.0.22504
License: Trial

-System Information-
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: ***\***
-Scan Summary-
Scan Type: Threat Scan
Scan Initiated By: Manual
Result: Completed
Objects Scanned: 216868
Threats Detected: 16
Threats Quarantined: 16
Time Elapsed: 0 min, 42 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Detect
PUM: Detect

-Scan Details-
Process: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registry Key: 1
PUP.Optional.APNToolBar.Gen, HKU\S-1-5-18\SOFTWARE\AskPartnerNetwork, Quarantined, 933, 186876, 1.0.22504, , ame, 

Registry Value: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Data Stream: 0
(No malicious items detected)

Folder: 3
PUP.Optional.APNToolBar.Gen, C:\PROGRAMDATA\APN\APN-STUB, Quarantined, 933, 175062, 1.0.22504, , ame, 
PUP.Optional.ASK.Gen, C:\Windows\Temp\APN-Stub\AVIRA-V7, Quarantined, 3628, 181296, , , , 
PUP.Optional.ASK.Gen, C:\WINDOWS\TEMP\APN-STUB, Quarantined, 3628, 181296, 1.0.22504, , ame, 

File: 12
PUP.Optional.ASK.Gen, C:\Windows\Temp\APN-Stub\AVIRA-V7\Msi0e06b32d-4a75-473b-8dc5-dedfd553eea3.log, Quarantined, 3628, 181296, , , , 
PUP.Optional.ASK.Gen, C:\Windows\Temp\APN-Stub\AVIRA-V7\Msi17b82a9c-e345-4274-99b1-7794f3394d99.log, Quarantined, 3628, 181296, , , , 
PUP.Optional.ASK.Gen, C:\Windows\Temp\APN-Stub\AVIRA-V7\Msi2e6bf00c-804f-4215-abb0-2efeba9d7f21.log, Quarantined, 3628, 181296, , , , 
PUP.Optional.ASK.Gen, C:\Windows\Temp\APN-Stub\AVIRA-V7\Msi3b134917-32d5-4d5a-859b-c59376bede37.log, Quarantined, 3628, 181296, , , , 
PUP.Optional.ASK.Gen, C:\Windows\Temp\APN-Stub\AVIRA-V7\Msic3645dd9-eb4a-4fb2-9b0c-d86646d103cc.log, Quarantined, 3628, 181296, , , , 
PUP.Optional.ASK.Gen, C:\Windows\Temp\APN-Stub\AVIRA-V7\Msid80e59e8-5208-4a63-bbea-6d975d465578.log, Quarantined, 3628, 181296, , , , 
PUP.Optional.ASK.Gen, C:\Windows\Temp\APN-Stub\AVIRA-V7\Stb0e06b32d-4a75-473b-8dc5-dedfd553eea3.log, Quarantined, 3628, 181296, , , , 
PUP.Optional.ASK.Gen, C:\Windows\Temp\APN-Stub\AVIRA-V7\Stb17b82a9c-e345-4274-99b1-7794f3394d99.log, Quarantined, 3628, 181296, , , , 
PUP.Optional.ASK.Gen, C:\Windows\Temp\APN-Stub\AVIRA-V7\Stb2e6bf00c-804f-4215-abb0-2efeba9d7f21.log, Quarantined, 3628, 181296, , , , 
PUP.Optional.ASK.Gen, C:\Windows\Temp\APN-Stub\AVIRA-V7\Stb3b134917-32d5-4d5a-859b-c59376bede37.log, Quarantined, 3628, 181296, , , , 
PUP.Optional.ASK.Gen, C:\Windows\Temp\APN-Stub\AVIRA-V7\Stbc3645dd9-eb4a-4fb2-9b0c-d86646d103cc.log, Quarantined, 3628, 181296, , , , 
PUP.Optional.ASK.Gen, C:\Windows\Temp\APN-Stub\AVIRA-V7\Stbd80e59e8-5208-4a63-bbea-6d975d465578.log, Quarantined, 3628, 181296, , , , 

Physical Sector: 0
(No malicious items detected)

WMI: 0
(No malicious items detected)


(end)
         

Mir ist klar, dass für Windows 7 keine Reinigungen mehr vorgenommen werden, was auch richtig ist. Die Ergebnisse scheinen alle auf die damalige Verwendung von Avira Antivirus und dessen Browsertoolbar zurückführbar zu sein. Ich bin mir bei diesen Einträgen vom EEK allerdings nicht sicher:

Code: Alles auswählenAufklappen

ATTFilter

C:\ProgramData\apn 	detected: Application.AppInstall (A) [224108]
C:\Windows\TEMP\APN-Stub 	detected: Application.Win32.WebToolbar (A) [224131]
Key: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432NODE\MICROSOFT\TRACING\ASKINSTALLCHECKER_RASAPI32 	detected: Application.AppInstall (A) [279650]
Key: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432NODE\MICROSOFT\TRACING\ASKINSTALLCHECKER_RASMANCS 	detected: Application.AppInstall (A) [279651]
Key: HKEY_USERS\.DEFAULT\SOFTWARE\ASKPARTNERNETWORK 	detected: Application.InstallAd (A) [280312]
         

Da ich das System eh platt machen werde, ist meine Frage hauptsächlich, ob ich meine Dateien einfach sichern kann, oder ob ich damit meine externe Festplatte und damit andere Rechner in Gefahr bringe.

Ich danke schonmal vielmals!

Da wurde doch nur irgendein Müll und Junkware gefunden.
Einfach nur persönliche Dateien sichern und fertig. Programme, Spiele und deren Setups zu sichern macht eh keinen Sinn.

Das ist genau das. Es handelt sich nur um ein paar Bilder, Videos und Spielstände. Wenn ich das bedenkenlos sichern kann, bin ich schon glücklich.

Kannst du. Und was wichtig ist: Nach der Installation von Windows 10 keinen Virenscanner installieren. Windows 10 hat den Defender an Bord, der ist völlig ausreichend.

Danke Stefan, genau das werde ich auch tun. Avira ist nur ein Relikt aus vergangenen Tagen...