Fund von Application.AppInstall (A) kritisch?

Worufuwuddo · 15.04.2020, 14:30

Hallo liebe Freunde,

ich bin gerade dabei einen die letzten 3 Jahre nicht genutzten Win7 Rechner auf Win10 upzugraden. Allerdings will ich natürlich vorher meine Daten sichern. Damit ich meine externe Festplatte nicht verseuche, scanne ich mein System immer vorher mit Emisoft Emergency Kit (EEK) und danach mit ESET Online Scanner vor dem Backup.

Es wurde folgendes gefunden:

EEK-Log

Code:

ATTFilter

Emsisoft Emergency Kit - Version 2020.4
Last update: 4/11/2020 7:46:35 PM
My own Intrepid\***
 ***
 Windows 7x64 Service Pack 1

Scan settings:

Scan type: Custom Scan
Objects: Rootkits, Memory, Traces, C:\, D:\, E:\, F:\, H:\

Detect PUPs: ON
Scan archives: ON
Scan mail archives: OFF
ADS Scan: ON
File extension filter: OFF
Direct disk access: OFF

Scan start:	4/14/2020 9:03:55 PM
C:\ProgramData\apn 	detected: Application.AppInstall (A) [224108]
C:\Windows\TEMP\APN-Stub 	detected: Application.Win32.WebToolbar (A) [224131]
Key: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432NODE\MICROSOFT\TRACING\ASKINSTALLCHECKER_RASAPI32 	detected: Application.AppInstall (A) [279650]
Key: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432NODE\MICROSOFT\TRACING\ASKINSTALLCHECKER_RASMANCS 	detected: Application.AppInstall (A) [279651]
Key: HKEY_USERS\.DEFAULT\SOFTWARE\ASKPARTNERNETWORK 	detected: Application.InstallAd (A) [280312]
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AskToolbarInstaller-AVIRA-V7[5].7z -> program files/AskPartnerNetwork/Toolbar/Updater/tbnhlpr.exe 	detected: Application.Toolbar (A) [283438]
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AskToolbarInstaller-AVIRA-V7[5].7z -> program files/AskPartnerNetwork/Toolbar/Updater/tbnhlpr_x64.exe 	detected: Application.Toolbar (A) [288215]
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AskToolbarInstaller-AVIRA-V7[5].7z -> program files/AskPartnerNetwork/Toolbar/Updater/TBNotifier.exe 	detected: Application.Toolbar (A) [283439]
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AskToolbarInstaller-AVIRA-V7[5].7z -> program files/AskPartnerNetwork/Toolbar/Toolbar.exe 	detected: Application.Toolbar (A) [283436]
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AskToolbarInstaller-AVIRA-V7[5].7z -> program files/AskPartnerNetwork/Toolbar/UpdateManager.exe 	detected: Application.Toolbar (A) [283440]
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AskToolbarInstaller-AVIRA-V7[6].7z -> program files/AskPartnerNetwork/Toolbar/DeskBar.exe 	detected: Application.Toolbar (A) [283437]
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AskToolbarInstaller-AVIRA-V7[6].7z -> program files/AskPartnerNetwork/Toolbar/Updater/tbnhlpr.exe 	detected: Application.Toolbar (A) [283438]
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AskToolbarInstaller-AVIRA-V7[6].7z -> program files/AskPartnerNetwork/Toolbar/Updater/tbnhlpr_x64.exe 	detected: Application.Toolbar (A) [288215]
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AskToolbarInstaller-AVIRA-V7[6].7z -> program files/AskPartnerNetwork/Toolbar/Updater/TBNotifier.exe 	detected: Application.Toolbar (A) [283439]
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AskToolbarInstaller-AVIRA-V7[6].7z -> program files/AskPartnerNetwork/Toolbar/Toolbar.exe 	detected: Application.Toolbar (A) [283436]
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AskToolbarInstaller-AVIRA-V7[6].7z -> program files/AskPartnerNetwork/Toolbar/UpdateManager.exe 	detected: Application.Toolbar (A) [283440]
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AskToolbarInstaller-AVIRA-V7[1].7z -> program files/AskPartnerNetwork/Toolbar/Updater/TBNotifier.exe 	detected: Application.Toolbar (A) [283439]
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AskToolbarInstaller-AVIRA-V7[1].7z -> program files/AskPartnerNetwork/Toolbar/Toolbar.exe 	detected: Application.Toolbar (A) [283436]
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AskToolbarInstaller-AVIRA-V7[1].7z -> program files/AskPartnerNetwork/Toolbar/UpdateManager.exe 	detected: Application.Toolbar (A) [283440]
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AskToolbarInstaller-AVIRA-V7[2].7z -> program files/AskPartnerNetwork/Toolbar/Updater/TBNotifier.exe 	detected: Application.Toolbar (A) [283439]
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AskToolbarInstaller-AVIRA-V7[2].7z -> program files/AskPartnerNetwork/Toolbar/Toolbar.exe 	detected: Application.Toolbar (A) [283436]
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AskToolbarInstaller-AVIRA-V7[2].7z -> program files/AskPartnerNetwork/Toolbar/UpdateManager.exe 	detected: Application.Toolbar (A) [283440]
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AskToolbarInstaller-AVIRA-V7[4].7z -> program files/AskPartnerNetwork/Toolbar/Updater/TBNotifier.exe 	detected: Application.Toolbar (A) [283439]
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AskToolbarInstaller-AVIRA-V7[4].7z -> program files/AskPartnerNetwork/Toolbar/Toolbar.exe 	detected: Application.Toolbar (A) [283436]
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AskToolbarInstaller-AVIRA-V7[4].7z -> program files/AskPartnerNetwork/Toolbar/UpdateManager.exe 	detected: Application.Toolbar (A) [283440]
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AskToolbarInstaller-AVIRA-V7[3].7z -> program files/AskPartnerNetwork/Toolbar/Updater/TBNotifier.exe 	detected: Application.Toolbar (A) [283439]
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AskToolbarInstaller-AVIRA-V7[3].7z -> program files/AskPartnerNetwork/Toolbar/Toolbar.exe 	detected: Application.Toolbar (A) [283436]
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AskToolbarInstaller-AVIRA-V7[3].7z -> program files/AskPartnerNetwork/Toolbar/UpdateManager.exe 	detected: Application.Toolbar (A) [283440]

Scanned	206478
Found	28

Scan end:	4/14/2020 9:11:50 PM
Scan time:	0:07:55

ESET Online Scanner Log

Code:

ATTFilter

4/15/2020 2:57:52 AM
Files scanned: 176748
Detected files: 1
Cleaned files: 1
Total scan time 00:33:40
Scan status: Finished

C:\Windows\Installer\MSIC997.tmp	a variant of Win32/Bundled.Toolbar.Ask.N potentially unsafe application	cleaned by deleting

Danach ließ ich noch Malwarebytes drüber laufen mit folgendem Ergebnis:

Malwarebytes Log

Code:

ATTFilter

Malwarebytes
www.malwarebytes.com

-Log Details-
Scan Date: 4/15/20
Scan Time: 2:51 PM
Log File: e55a680c-7f17-11ea-9853-c8600077156f.json

-Software Information-
Version: 4.1.0.56
Components Version: 1.0.867
Update Package Version: 1.0.22504
License: Trial

-System Information-
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: ***\***
-Scan Summary-
Scan Type: Threat Scan
Scan Initiated By: Manual
Result: Completed
Objects Scanned: 216868
Threats Detected: 16
Threats Quarantined: 16
Time Elapsed: 0 min, 42 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Detect
PUM: Detect

-Scan Details-
Process: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registry Key: 1
PUP.Optional.APNToolBar.Gen, HKU\S-1-5-18\SOFTWARE\AskPartnerNetwork, Quarantined, 933, 186876, 1.0.22504, , ame, 

Registry Value: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Data Stream: 0
(No malicious items detected)

Folder: 3
PUP.Optional.APNToolBar.Gen, C:\PROGRAMDATA\APN\APN-STUB, Quarantined, 933, 175062, 1.0.22504, , ame, 
PUP.Optional.ASK.Gen, C:\Windows\Temp\APN-Stub\AVIRA-V7, Quarantined, 3628, 181296, , , , 
PUP.Optional.ASK.Gen, C:\WINDOWS\TEMP\APN-STUB, Quarantined, 3628, 181296, 1.0.22504, , ame, 

File: 12
PUP.Optional.ASK.Gen, C:\Windows\Temp\APN-Stub\AVIRA-V7\Msi0e06b32d-4a75-473b-8dc5-dedfd553eea3.log, Quarantined, 3628, 181296, , , , 
PUP.Optional.ASK.Gen, C:\Windows\Temp\APN-Stub\AVIRA-V7\Msi17b82a9c-e345-4274-99b1-7794f3394d99.log, Quarantined, 3628, 181296, , , , 
PUP.Optional.ASK.Gen, C:\Windows\Temp\APN-Stub\AVIRA-V7\Msi2e6bf00c-804f-4215-abb0-2efeba9d7f21.log, Quarantined, 3628, 181296, , , , 
PUP.Optional.ASK.Gen, C:\Windows\Temp\APN-Stub\AVIRA-V7\Msi3b134917-32d5-4d5a-859b-c59376bede37.log, Quarantined, 3628, 181296, , , , 
PUP.Optional.ASK.Gen, C:\Windows\Temp\APN-Stub\AVIRA-V7\Msic3645dd9-eb4a-4fb2-9b0c-d86646d103cc.log, Quarantined, 3628, 181296, , , , 
PUP.Optional.ASK.Gen, C:\Windows\Temp\APN-Stub\AVIRA-V7\Msid80e59e8-5208-4a63-bbea-6d975d465578.log, Quarantined, 3628, 181296, , , , 
PUP.Optional.ASK.Gen, C:\Windows\Temp\APN-Stub\AVIRA-V7\Stb0e06b32d-4a75-473b-8dc5-dedfd553eea3.log, Quarantined, 3628, 181296, , , , 
PUP.Optional.ASK.Gen, C:\Windows\Temp\APN-Stub\AVIRA-V7\Stb17b82a9c-e345-4274-99b1-7794f3394d99.log, Quarantined, 3628, 181296, , , , 
PUP.Optional.ASK.Gen, C:\Windows\Temp\APN-Stub\AVIRA-V7\Stb2e6bf00c-804f-4215-abb0-2efeba9d7f21.log, Quarantined, 3628, 181296, , , , 
PUP.Optional.ASK.Gen, C:\Windows\Temp\APN-Stub\AVIRA-V7\Stb3b134917-32d5-4d5a-859b-c59376bede37.log, Quarantined, 3628, 181296, , , , 
PUP.Optional.ASK.Gen, C:\Windows\Temp\APN-Stub\AVIRA-V7\Stbc3645dd9-eb4a-4fb2-9b0c-d86646d103cc.log, Quarantined, 3628, 181296, , , , 
PUP.Optional.ASK.Gen, C:\Windows\Temp\APN-Stub\AVIRA-V7\Stbd80e59e8-5208-4a63-bbea-6d975d465578.log, Quarantined, 3628, 181296, , , , 

Physical Sector: 0
(No malicious items detected)

WMI: 0
(No malicious items detected)


(end)

Mir ist klar, dass für Windows 7 keine Reinigungen mehr vorgenommen werden, was auch richtig ist. Die Ergebnisse scheinen alle auf die damalige Verwendung von Avira Antivirus und dessen Browsertoolbar zurückführbar zu sein. Ich bin mir bei diesen Einträgen vom EEK allerdings nicht sicher:

Code:

ATTFilter

C:\ProgramData\apn 	detected: Application.AppInstall (A) [224108]
C:\Windows\TEMP\APN-Stub 	detected: Application.Win32.WebToolbar (A) [224131]
Key: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432NODE\MICROSOFT\TRACING\ASKINSTALLCHECKER_RASAPI32 	detected: Application.AppInstall (A) [279650]
Key: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432NODE\MICROSOFT\TRACING\ASKINSTALLCHECKER_RASMANCS 	detected: Application.AppInstall (A) [279651]
Key: HKEY_USERS\.DEFAULT\SOFTWARE\ASKPARTNERNETWORK 	detected: Application.InstallAd (A) [280312]

Da ich das System eh platt machen werde, ist meine Frage hauptsächlich, ob ich meine Dateien einfach sichern kann, oder ob ich damit meine externe Festplatte und damit andere Rechner in Gefahr bringe.

Ich danke schonmal vielmals!

Fund von Application.AppInstall (A) kritisch?

Diskussionsforum: Fund von Application.AppInstall (A) kritisch?

Fund von Application.AppInstall (A) kritisch?

Ähnliche Themen: Fund von Application.AppInstall (A) kritisch?