Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Diskussionsforum (https://www.trojaner-board.de/diskussionsforum/)
-   -   Fund von Application.AppInstall (A) kritisch? (https://www.trojaner-board.de/198652-fund-application-appinstall-a-kritisch.html)

Worufuwuddo 15.04.2020 14:30
Fund von Application.AppInstall (A) kritisch?
 
Hallo liebe Freunde,

ich bin gerade dabei einen die letzten 3 Jahre nicht genutzten Win7 Rechner auf Win10 upzugraden. Allerdings will ich natürlich vorher meine Daten sichern. Damit ich meine externe Festplatte nicht verseuche, scanne ich mein System immer vorher mit Emisoft Emergency Kit (EEK) und danach mit ESET Online Scanner vor dem Backup.

Es wurde folgendes gefunden:

EEK-Log
Code:
Emsisoft Emergency Kit - Version 2020.4
Last update: 4/11/2020 7:46:35 PM
My own Intrepid\***
 ***
 Windows 7x64 Service Pack 1

Scan settings:

Scan type: Custom Scan
Objects: Rootkits, Memory, Traces, C:\, D:\, E:\, F:\, H:\

Detect PUPs: ON
Scan archives: ON
Scan mail archives: OFF
ADS Scan: ON
File extension filter: OFF
Direct disk access: OFF

Scan start:        4/14/2020 9:03:55 PM
C:\ProgramData\apn        detected: Application.AppInstall (A) [224108]
C:\Windows\TEMP\APN-Stub        detected: Application.Win32.WebToolbar (A) [224131]
Key: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432NODE\MICROSOFT\TRACING\ASKINSTALLCHECKER_RASAPI32        detected: Application.AppInstall (A) [279650]
Key: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432NODE\MICROSOFT\TRACING\ASKINSTALLCHECKER_RASMANCS        detected: Application.AppInstall (A) [279651]
Key: HKEY_USERS\.DEFAULT\SOFTWARE\ASKPARTNERNETWORK        detected: Application.InstallAd (A) [280312]
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AskToolbarInstaller-AVIRA-V7[5].7z -> program files/AskPartnerNetwork/Toolbar/Updater/tbnhlpr.exe        detected: Application.Toolbar (A) [283438]
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AskToolbarInstaller-AVIRA-V7[5].7z -> program files/AskPartnerNetwork/Toolbar/Updater/tbnhlpr_x64.exe        detected: Application.Toolbar (A) [288215]
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AskToolbarInstaller-AVIRA-V7[5].7z -> program files/AskPartnerNetwork/Toolbar/Updater/TBNotifier.exe        detected: Application.Toolbar (A) [283439]
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AskToolbarInstaller-AVIRA-V7[5].7z -> program files/AskPartnerNetwork/Toolbar/Toolbar.exe        detected: Application.Toolbar (A) [283436]
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AskToolbarInstaller-AVIRA-V7[5].7z -> program files/AskPartnerNetwork/Toolbar/UpdateManager.exe        detected: Application.Toolbar (A) [283440]
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AskToolbarInstaller-AVIRA-V7[6].7z -> program files/AskPartnerNetwork/Toolbar/DeskBar.exe        detected: Application.Toolbar (A) [283437]
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AskToolbarInstaller-AVIRA-V7[6].7z -> program files/AskPartnerNetwork/Toolbar/Updater/tbnhlpr.exe        detected: Application.Toolbar (A) [283438]
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AskToolbarInstaller-AVIRA-V7[6].7z -> program files/AskPartnerNetwork/Toolbar/Updater/tbnhlpr_x64.exe        detected: Application.Toolbar (A) [288215]
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AskToolbarInstaller-AVIRA-V7[6].7z -> program files/AskPartnerNetwork/Toolbar/Updater/TBNotifier.exe        detected: Application.Toolbar (A) [283439]
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AskToolbarInstaller-AVIRA-V7[6].7z -> program files/AskPartnerNetwork/Toolbar/Toolbar.exe        detected: Application.Toolbar (A) [283436]
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AskToolbarInstaller-AVIRA-V7[6].7z -> program files/AskPartnerNetwork/Toolbar/UpdateManager.exe        detected: Application.Toolbar (A) [283440]
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AskToolbarInstaller-AVIRA-V7[1].7z -> program files/AskPartnerNetwork/Toolbar/Updater/TBNotifier.exe        detected: Application.Toolbar (A) [283439]
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AskToolbarInstaller-AVIRA-V7[1].7z -> program files/AskPartnerNetwork/Toolbar/Toolbar.exe        detected: Application.Toolbar (A) [283436]
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AskToolbarInstaller-AVIRA-V7[1].7z -> program files/AskPartnerNetwork/Toolbar/UpdateManager.exe        detected: Application.Toolbar (A) [283440]
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AskToolbarInstaller-AVIRA-V7[2].7z -> program files/AskPartnerNetwork/Toolbar/Updater/TBNotifier.exe        detected: Application.Toolbar (A) [283439]
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AskToolbarInstaller-AVIRA-V7[2].7z -> program files/AskPartnerNetwork/Toolbar/Toolbar.exe        detected: Application.Toolbar (A) [283436]
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AskToolbarInstaller-AVIRA-V7[2].7z -> program files/AskPartnerNetwork/Toolbar/UpdateManager.exe        detected: Application.Toolbar (A) [283440]
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AskToolbarInstaller-AVIRA-V7[4].7z -> program files/AskPartnerNetwork/Toolbar/Updater/TBNotifier.exe        detected: Application.Toolbar (A) [283439]
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AskToolbarInstaller-AVIRA-V7[4].7z -> program files/AskPartnerNetwork/Toolbar/Toolbar.exe        detected: Application.Toolbar (A) [283436]
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AskToolbarInstaller-AVIRA-V7[4].7z -> program files/AskPartnerNetwork/Toolbar/UpdateManager.exe        detected: Application.Toolbar (A) [283440]
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AskToolbarInstaller-AVIRA-V7[3].7z -> program files/AskPartnerNetwork/Toolbar/Updater/TBNotifier.exe        detected: Application.Toolbar (A) [283439]
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AskToolbarInstaller-AVIRA-V7[3].7z -> program files/AskPartnerNetwork/Toolbar/Toolbar.exe        detected: Application.Toolbar (A) [283436]
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AskToolbarInstaller-AVIRA-V7[3].7z -> program files/AskPartnerNetwork/Toolbar/UpdateManager.exe        detected: Application.Toolbar (A) [283440]

Scanned        206478
Found        28

Scan end:        4/14/2020 9:11:50 PM
Scan time:        0:07:55
ESET Online Scanner Log

Code:
4/15/2020 2:57:52 AM
Files scanned: 176748
Detected files: 1
Cleaned files: 1
Total scan time 00:33:40
Scan status: Finished

C:\Windows\Installer\MSIC997.tmp        a variant of Win32/Bundled.Toolbar.Ask.N potentially unsafe application        cleaned by deleting
Danach ließ ich noch Malwarebytes drüber laufen mit folgendem Ergebnis:

Malwarebytes Log

Code:
Malwarebytes
www.malwarebytes.com

-Log Details-
Scan Date: 4/15/20
Scan Time: 2:51 PM
Log File: e55a680c-7f17-11ea-9853-c8600077156f.json

-Software Information-
Version: 4.1.0.56
Components Version: 1.0.867
Update Package Version: 1.0.22504
License: Trial

-System Information-
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: ***\***
-Scan Summary-
Scan Type: Threat Scan
Scan Initiated By: Manual
Result: Completed
Objects Scanned: 216868
Threats Detected: 16
Threats Quarantined: 16
Time Elapsed: 0 min, 42 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Detect
PUM: Detect

-Scan Details-
Process: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registry Key: 1
PUP.Optional.APNToolBar.Gen, HKU\S-1-5-18\SOFTWARE\AskPartnerNetwork, Quarantined, 933, 186876, 1.0.22504, , ame,

Registry Value: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Data Stream: 0
(No malicious items detected)

Folder: 3
PUP.Optional.APNToolBar.Gen, C:\PROGRAMDATA\APN\APN-STUB, Quarantined, 933, 175062, 1.0.22504, , ame,
PUP.Optional.ASK.Gen, C:\Windows\Temp\APN-Stub\AVIRA-V7, Quarantined, 3628, 181296, , , ,
PUP.Optional.ASK.Gen, C:\WINDOWS\TEMP\APN-STUB, Quarantined, 3628, 181296, 1.0.22504, , ame,

File: 12
PUP.Optional.ASK.Gen, C:\Windows\Temp\APN-Stub\AVIRA-V7\Msi0e06b32d-4a75-473b-8dc5-dedfd553eea3.log, Quarantined, 3628, 181296, , , ,
PUP.Optional.ASK.Gen, C:\Windows\Temp\APN-Stub\AVIRA-V7\Msi17b82a9c-e345-4274-99b1-7794f3394d99.log, Quarantined, 3628, 181296, , , ,
PUP.Optional.ASK.Gen, C:\Windows\Temp\APN-Stub\AVIRA-V7\Msi2e6bf00c-804f-4215-abb0-2efeba9d7f21.log, Quarantined, 3628, 181296, , , ,
PUP.Optional.ASK.Gen, C:\Windows\Temp\APN-Stub\AVIRA-V7\Msi3b134917-32d5-4d5a-859b-c59376bede37.log, Quarantined, 3628, 181296, , , ,
PUP.Optional.ASK.Gen, C:\Windows\Temp\APN-Stub\AVIRA-V7\Msic3645dd9-eb4a-4fb2-9b0c-d86646d103cc.log, Quarantined, 3628, 181296, , , ,
PUP.Optional.ASK.Gen, C:\Windows\Temp\APN-Stub\AVIRA-V7\Msid80e59e8-5208-4a63-bbea-6d975d465578.log, Quarantined, 3628, 181296, , , ,
PUP.Optional.ASK.Gen, C:\Windows\Temp\APN-Stub\AVIRA-V7\Stb0e06b32d-4a75-473b-8dc5-dedfd553eea3.log, Quarantined, 3628, 181296, , , ,
PUP.Optional.ASK.Gen, C:\Windows\Temp\APN-Stub\AVIRA-V7\Stb17b82a9c-e345-4274-99b1-7794f3394d99.log, Quarantined, 3628, 181296, , , ,
PUP.Optional.ASK.Gen, C:\Windows\Temp\APN-Stub\AVIRA-V7\Stb2e6bf00c-804f-4215-abb0-2efeba9d7f21.log, Quarantined, 3628, 181296, , , ,
PUP.Optional.ASK.Gen, C:\Windows\Temp\APN-Stub\AVIRA-V7\Stb3b134917-32d5-4d5a-859b-c59376bede37.log, Quarantined, 3628, 181296, , , ,
PUP.Optional.ASK.Gen, C:\Windows\Temp\APN-Stub\AVIRA-V7\Stbc3645dd9-eb4a-4fb2-9b0c-d86646d103cc.log, Quarantined, 3628, 181296, , , ,
PUP.Optional.ASK.Gen, C:\Windows\Temp\APN-Stub\AVIRA-V7\Stbd80e59e8-5208-4a63-bbea-6d975d465578.log, Quarantined, 3628, 181296, , , ,

Physical Sector: 0
(No malicious items detected)

WMI: 0
(No malicious items detected)


(end)
Mir ist klar, dass für Windows 7 keine Reinigungen mehr vorgenommen werden, was auch richtig ist. Die Ergebnisse scheinen alle auf die damalige Verwendung von Avira Antivirus und dessen Browsertoolbar zurückführbar zu sein. Ich bin mir bei diesen Einträgen vom EEK allerdings nicht sicher:
Code:
C:\ProgramData\apn        detected: Application.AppInstall (A) [224108]
C:\Windows\TEMP\APN-Stub        detected: Application.Win32.WebToolbar (A) [224131]
Key: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432NODE\MICROSOFT\TRACING\ASKINSTALLCHECKER_RASAPI32        detected: Application.AppInstall (A) [279650]
Key: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432NODE\MICROSOFT\TRACING\ASKINSTALLCHECKER_RASMANCS        detected: Application.AppInstall (A) [279651]
Key: HKEY_USERS\.DEFAULT\SOFTWARE\ASKPARTNERNETWORK        detected: Application.InstallAd (A) [280312]
Da ich das System eh platt machen werde, ist meine Frage hauptsächlich, ob ich meine Dateien einfach sichern kann, oder ob ich damit meine externe Festplatte und damit andere Rechner in Gefahr bringe.

Ich danke schonmal vielmals!

cosinus 15.04.2020 14:35
Da wurde doch nur irgendein Müll und Junkware gefunden.
Einfach nur persönliche Dateien sichern und fertig. Programme, Spiele und deren Setups zu sichern macht eh keinen Sinn.

Worufuwuddo 15.04.2020 15:46
Das ist genau das. Es handelt sich nur um ein paar Bilder, Videos und Spielstände. Wenn ich das bedenkenlos sichern kann, bin ich schon glücklich.

stefanbecker 15.04.2020 16:12
Kannst du. Und was wichtig ist: Nach der Installation von Windows 10 keinen Virenscanner installieren. Windows 10 hat den Defender an Bord, der ist völlig ausreichend.

Worufuwuddo 15.04.2020 17:04
Danke Stefan, genau das werde ich auch tun. Avira ist nur ein Relikt aus vergangenen Tagen...


Alle Zeitangaben in WEZ +1. Es ist jetzt 04:14 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131