| |
| |||||||
Log-Analyse und Auswertung: Windows 7 mehrere funde via EsetWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
| |
20.03.2015, 23:39
| #1 | |
 |  Windows 7 mehrere funde via Eset ich habe mal nach der pev.exe im netz gesucht und bin dabei auf einen link gestoßen Zitat:
fixlog Code:
ATTFilter Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 11-03-2015
Ran by poi at 2015-03-20 23:00:55 Run:2
Running from C:\Users\poi\Desktop
Loaded Profiles: poi (Available profiles: poi)
Boot Mode: Normal
==============================================
Content of fixlist:
*****************
start
CloseProcesses:
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
HKU\S-1-5-21-2209928351-3718787372-2710401756-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
Task: {367CAC07-64BD-43BA-8880-8D4315198E07} - \D1qqBNSRJ0PMcbG No Task File <==== ATTENTION
Task: {5547A3DF-89F1-49F4-AC06-27910F8DA918} - \trik3004 No Task File <==== ATTENTION
Task: {6513735E-16A3-411D-BB8D-A6037D512CE5} - \eOtShZcX9Pocmsq No Task File <==== ATTENTION
Task: {B7D35575-173C-49D7-83DB-C35984765215} - \JJQB No Task File <==== ATTENTION
Task: {BC484F6F-FE90-428B-9470-3484895FFD11} - \CGPYMDU No Task File <==== ATTENTION
Task: {CA908A0F-8933-4892-8A57-34312547DA8F} - \AuZK1afEXJ5UMwo No Task File <==== ATTENTION
Task: {CD519141-DCA0-48FB-BA0F-8933FD14AAC6} - \ON No Task File <==== ATTENTION
Task: {DB0779C7-88A3-4833-A2C7-D4E1C11E2328} - \SPBIW_UpdateTask_Time_3535323337303137302d3437415a556c2a3223346c41 No Task File <==== ATTENTION
EmptyTemp:
end
*****************
Processes closed successfully.
"HKLM\SOFTWARE\Policies\Google" => Key deleted successfully.
"HKU\S-1-5-21-2209928351-3718787372-2710401756-1000\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{367CAC07-64BD-43BA-8880-8D4315198E07}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{367CAC07-64BD-43BA-8880-8D4315198E07}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\D1qqBNSRJ0PMcbG" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{5547A3DF-89F1-49F4-AC06-27910F8DA918}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5547A3DF-89F1-49F4-AC06-27910F8DA918}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\trik3004" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{6513735E-16A3-411D-BB8D-A6037D512CE5}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6513735E-16A3-411D-BB8D-A6037D512CE5}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\eOtShZcX9Pocmsq" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{B7D35575-173C-49D7-83DB-C35984765215}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B7D35575-173C-49D7-83DB-C35984765215}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\JJQB" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{BC484F6F-FE90-428B-9470-3484895FFD11}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{BC484F6F-FE90-428B-9470-3484895FFD11}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\CGPYMDU" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{CA908A0F-8933-4892-8A57-34312547DA8F}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CA908A0F-8933-4892-8A57-34312547DA8F}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\AuZK1afEXJ5UMwo" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{CD519141-DCA0-48FB-BA0F-8933FD14AAC6}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CD519141-DCA0-48FB-BA0F-8933FD14AAC6}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ON" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{DB0779C7-88A3-4833-A2C7-D4E1C11E2328}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{DB0779C7-88A3-4833-A2C7-D4E1C11E2328}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SPBIW_UpdateTask_Time_3535323337303137302d3437415a556c2a3223346c41" => Key deleted successfully.
EmptyTemp: => Removed 28.6 MB temporary data.
The system needed a reboot.
==== End of Fixlog 23:00:56 ====
Code:
ATTFilter HitmanPro 3.7.9.238
www.hitmanpro.com
Computer name . . . . : POI-PC
Windows . . . . . . . : 6.1.1.7601.X64/4
User name . . . . . . : poi-PC\poi
UAC . . . . . . . . . : Enabled
License . . . . . . . : Trial (30 days left)
Scan date . . . . . . : 2015-03-20 23:07:02
Scan mode . . . . . . : Normal
Scan duration . . . . : 3m 5s
Disk access mode . . : Direct disk access (SRB)
Cloud . . . . . . . . : Internet
Reboot . . . . . . . : Yes
Threats . . . . . . . : 0
Traces . . . . . . . : 22
Objects scanned . . . : 988.379
Files scanned . . . . : 7.968
Remnants scanned . . : 224.787 files / 755.624 keys
Suspicious files ____________________________________________________________
C:\Users\poi\Desktop\FRST64.exe
Size . . . . . . . : 2.095.616 bytes
Age . . . . . . . : 0.3 days (2015-03-20 15:26:07)
Entropy . . . . . : 7.5
SHA-256 . . . . . : 72AAB1C62CF0BC00F5B102954B603D1509B2AF5F0BD1911E9CAE98C4DDE2D152
Needs elevation . : Yes
Fuzzy . . . . . . : 24.0
Program has no publisher information but prompts the user for permission elevation.
Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
Authors name is missing in version info. This is not common to most programs.
Version control is missing. This file is probably created by an individual. This is not typical for most programs.
Time indicates that the file appeared recently on this computer.
References
HKU\S-1-5-21-2209928351-3718787372-2710401756-1000\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache\C:\Users\poi\Desktop\FRST64.exe
Forensic Cluster
0.0s C:\Users\poi\Desktop\FRST64.exe
0.0s C:\Users\poi\Desktop\FRST64.exe
0.0s C:\Users\poi\Desktop\FRST64.exe
0.0s C:\Users\poi\Desktop\FRST64.exe
0.0s C:\Users\poi\Desktop\FRST64.exe
0.0s C:\Users\poi\Desktop\FRST64.exe
0.0s C:\Users\poi\Desktop\FRST64.exe
0.0s C:\Users\poi\Desktop\FRST64.exe
0.0s C:\Users\poi\Desktop\FRST64.exe
0.0s C:\Users\poi\Desktop\FRST64.exe
0.0s C:\Users\poi\Desktop\FRST64.exe
C:\Windows\PEV.exe
Size . . . . . . . : 256.000 bytes
Age . . . . . . . : 0.0 days (2015-03-20 22:25:14)
Entropy . . . . . : 8.0
SHA-256 . . . . . : AE0F5CC54E4B133DF66A54572A7CE52FAFF11F8FD0CAEAB088AAD3699D6EC924
Fuzzy . . . . . . : 22.0
Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
The .rsrc (resources) section in this program is set to executable. This is an indication of malware infection.
Authors name is missing in version info. This is not common to most programs.
Version control is missing. This file is probably created by an individual. This is not typical for most programs.
Time indicates that the file appeared recently on this computer.
The file is located in a folder that contains core operating system files from Windows. This is not typical for most programs and is only common to system tools, drivers and hacking utilities.
Program contains PE structure anomalies. This is not typical for most programs.
Forensic Cluster
-12.3s C:\Windows\erdnt\
-12.3s C:\Windows\erdnt\Hiv-backup\
-12.3s C:\Windows\erdnt\Hiv-backup\ERDNT.INF
-12.3s C:\Windows\erdnt\Hiv-backup\ERDNT.CON
-12.3s C:\Windows\erdnt\Hiv-backup\BCD
-12.2s C:\Windows\erdnt\Hiv-backup\SYSTEM
-11.9s C:\Windows\erdnt\Hiv-backup\SOFTWARE
-11.3s C:\Windows\erdnt\Hiv-backup\DEFAULT
-11.3s C:\Windows\erdnt\Hiv-backup\SECURITY
-11.3s C:\Windows\erdnt\Hiv-backup\SAM
-10.6s C:\Windows\erdnt\Hiv-backup\ERDNT.EXE
-10.6s C:\Windows\erdnt\Hiv-backup\ERDNTWIN.LOC
-10.6s C:\Windows\erdnt\Hiv-backup\ERDNTDOS.LOC
-10.6s C:\Windows\Prefetch\ERUNT.3XE-0CE9010A.pf
-10.4s C:\Windows\Prefetch\PEV.3XE-BBB04023.pf
-10.3s C:\Windows\Prefetch\IEXPLORE.EXE-350A1F3E.pf
-10.2s C:\Windows\Prefetch\IEXPLORE.EXE-61AC44C9.pf
-10.2s C:\Windows\Prefetch\IEXPLORE.EXE-5C5AAA0A.pf
-10.0s C:\Windows\Prefetch\SWXCACLS.3XE-6DBE11CC.pf
-10.0s C:\Windows\Prefetch\GSAR.3XE-7C99C245.pf
-10.0s C:\Windows\Prefetch\SWREG.3XE-F683F82C.pf
-9.9s C:\Windows\Prefetch\SWSC.3XE-9057E4B4.pf
-9.9s C:\Windows\Prefetch\GREP.3XE-6AB882FA.pf
-9.9s C:\Windows\Prefetch\SED.3XE-E2A7D068.pf
-9.7s C:\Windows\Prefetch\SETPATH.3XE-76BB1A69.pf
-7.2s C:\Users\Public\Documents\
-7.2s C:\Users\Public\Documents\desktop.ini
-7.2s C:\Windows\Prefetch\HIDEC.3XE-9CA99565.pf
-7.2s C:\Users\Public\Music\
-7.2s C:\Users\Public\Music\desktop.ini
-7.2s C:\Users\Public\Pictures\
-7.2s C:\Users\Public\Pictures\desktop.ini
-7.2s C:\Users\Public\Videos\
-7.2s C:\Users\Public\Videos\desktop.ini
-7.2s C:\Users\Public\Videos\desktop.ini
-6.5s C:\Windows\Prefetch\NIRCMD.3XE-B11D0B7D.pf
-6.5s C:\Windows\Prefetch\NIRCMD.3XE-B11D0B7D.pf
-6.5s C:\Windows\Prefetch\NIRCMD.3XE-B11D0B7D.pf
-3.9s C:\Windows\Prefetch\CSCRIPT.EXE-FCD9ABA9.pf
-3.5s C:\Qoobox\Quarantine\Registry_backups\
-3.5s C:\Qoobox\Quarantine\Registry_backups\
-3.5s C:\Qoobox\
-3.5s C:\Qoobox\Quarantine\
-3.4s C:\Windows\Prefetch\CHCP.COM-E5840C00.pf
-3.3s C:\Windows\Prefetch\RMBR.3XE-1523E2F3.pf
-3.2s C:\Windows\Prefetch\HANDLE64.EXE-6D6B36AC.pf
-3.2s C:\Windows\Prefetch\HANDLE.3XE-1DF96F70.pf
-2.6s C:\Windows\Prefetch\ATTRIB.3XE-28186452.pf
-2.4s C:\Windows\Prefetch\CSCRIPT.3XE-05844A44.pf
-2.4s C:\Windows\Prefetch\CSCRIPT.3XE-05844A44.pf
-2.1s C:\Windows\Prefetch\ATTRIB.EXE-8E9FC84B.pf
-2.0s C:\Windows\Prefetch\CF2026.3XE-E0BEF450.pf
-1.9s C:\Windows\Prefetch\CHCP.COM-2CF9B15C.pf
-1.9s C:\Windows\Prefetch\PEV.3XE-8F640100.pf
-1.9s C:\Qoobox\BackEnv\
-1.9s C:\Windows\Prefetch\SWREG.3XE-156BC039.pf
-1.9s C:\Windows\Prefetch\SED.3XE-B65B9145.pf
-1.9s C:\Windows\Prefetch\ATTRIB.3XE-6D9531D7.pf
-1.9s C:\Windows\Prefetch\GREP.3XE-86FAE0CF.pf
-1.8s C:\Qoobox\Quarantine\catchme.log
-1.8s C:\Windows\Prefetch\NIRCMDC.3XE-35FB2FF1.pf
-1.7s C:\Windows\Prefetch\SWXCACLS.3XE-6CCE8401.pf
-1.2s C:\Windows\Prefetch\PV.3XE-D4B06887.pf
-1.0s C:\Windows\Prefetch\CMD.3XE-FE426700.pf
-1.0s C:\Windows\Prefetch\PEV.EXE-D9C9E3FA.pf
-1.0s C:\Windows\Prefetch\PEV.EXE-D9C9E3FA.pf
-1.0s C:\Windows\Prefetch\PEV.EXE-D9C9E3FA.pf
-0.9s C:\Windows\Prefetch\SWSC.3XE-AC9A4289.pf
-0.9s C:\Windows\Prefetch\NIRKMD.3XE-FE9652AA.pf
-0.0s C:\Windows\Prefetch\FINDSTR.EXE-1BC2295F.pf
-0.0s C:\Windows\SWXCACLS.exe
-0.0s C:\Windows\SWSC.exe
-0.0s C:\Windows\sed.exe
-0.0s C:\Windows\grep.exe
-0.0s C:\Windows\zip.exe
-0.0s C:\Windows\SWREG.exe
0.0s C:\Windows\PEV.exe
0.0s C:\Windows\NIRCMD.exe
0.0s C:\Windows\NIRCMD.exe
0.0s C:\Windows\NIRCMD.exe
0.0s C:\Windows\MBR.exe
0.0s C:\Windows\MBR.exe
0.0s C:\Windows\Prefetch\HIDEC.3XE-BB915D72.pf
0.1s C:\Windows\Prefetch\GSAR.3XE-98DC201A.pf
0.2s C:\Windows\Prefetch\SWSC.EXE-7EE996F7.pf
0.3s C:\Windows\Prefetch\NIRCMD.3XE-F699D902.pf
0.3s C:\Windows\Prefetch\NIRCMD.3XE-F699D902.pf
0.3s C:\Windows\Prefetch\NIRCMD.3XE-F699D902.pf
0.3s C:\Windows\Prefetch\NIRCMD.3XE-F699D902.pf
0.3s C:\Windows\Prefetch\NIRCMD.3XE-F699D902.pf
0.7s C:\Windows\Prefetch\REG.EXE-A93A1343.pf
0.9s C:\Windows\Prefetch\SWREG.EXE-2F315887.pf
1.0s C:\Windows\Prefetch\SED.EXE-147D5ED3.pf
1.7s C:\Windows\Prefetch\GREP.EXE-594A353D.pf
3.5s C:\Windows\Prefetch\CSCRIPT.3XE-9DEB5681.pf
3.5s C:\Windows\Prefetch\CSCRIPT.3XE-9DEB5681.pf
Potential Unwanted Programs _________________________________________________
HKLM\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\SysMenuExt\ (YTDownloader) -> Deleted
HKLM\SOFTWARE\Classes\AppID\SysMenu.DLL\ (Goobzo) -> Deleted
HKLM\SOFTWARE\Classes\AppID\{D813D5BB-EBC7-45F9-B8A4-36A305168069}\ (Goobzo) -> Deleted
HKLM\SOFTWARE\Classes\Wow6432Node\AppID\SysMenu.DLL\ (Goobzo) -> PendingDelete
HKLM\SOFTWARE\Classes\Wow6432Node\AppID\{D813D5BB-EBC7-45F9-B8A4-36A305168069}\ (Goobzo) -> PendingDelete
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Ext\Stats\{5645E0E7-FC12-43BF-A6E4-F9751942B298}\ (DomalQ) -> Deleted
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Ext\Stats\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}\ (DomalQ) -> Deleted
HKLM\SYSTEM\ControlSet001\Control\Class\{0014298C-A9BA-440D-AAA8-AD12C7010EE5}\ (ShopperPro) -> Deleted
HKLM\SYSTEM\ControlSet001\Control\Class\{181A06EA-B82C-47DE-B851-E20FD0E1CC7D}\ (ShopperPro) -> Deleted
HKLM\SYSTEM\ControlSet001\Enum\Root\LEGACY_SPBIUPDD\ (ShopperPro) -> Deleted
HKLM\SYSTEM\ControlSet002\Control\Class\{0014298C-A9BA-440D-AAA8-AD12C7010EE5}\ (ShopperPro) -> Deleted
HKLM\SYSTEM\ControlSet002\Control\Class\{181A06EA-B82C-47DE-B851-E20FD0E1CC7D}\ (ShopperPro) -> Deleted
HKLM\SYSTEM\ControlSet002\Enum\Root\LEGACY_SPBIUPDD\ (ShopperPro) -> Deleted
HKLM\SYSTEM\CurrentControlSet\Control\Class\{0014298C-A9BA-440D-AAA8-AD12C7010EE5}\ (ShopperPro) -> PendingDelete
HKLM\SYSTEM\CurrentControlSet\Control\Class\{181A06EA-B82C-47DE-B851-E20FD0E1CC7D}\ (ShopperPro) -> PendingDelete
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SPBIUPDD\ (ShopperPro) -> PendingDelete
HKU\S-1-5-21-2209928351-3718787372-2710401756-1000\Software\Classes\*\ShellEx\ContextMenuHandlers\SysMenuExt\ (YTDownloader) -> Deleted
HKU\S-1-5-21-2209928351-3718787372-2710401756-1000_Classes\*\ShellEx\ContextMenuHandlers\SysMenuExt\ (YTDownloader) -> PendingDelete
Cookies _____________________________________________________________________
C:\Users\poi\AppData\Roaming\Mozilla\Firefox\Profiles\b9ihz8fy.default\cookies.sqlite:doubleclick.net
Code:
ATTFilter ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=c4d8e5cdbdb6b7469c0b9aa2f2858ff4
# engine=23004
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2015-03-20 05:18:48
# local_time=2015-03-20 06:18:48 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1031
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1=''
# compatibility_mode=5893 16776573 100 94 18110 178501778 0 0
# scanned=149880
# found=12
# cleaned=0
# scan_time=1193
sh=9413821E4285C46DAF48156B472065FC2D763FE8 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.C evtl. unerwünschte Anwendung" ac=I fn="C:\$Recycle.Bin\S-1-5-21-2209928351-3718787372-2710401756-1000\$R6UB797"
sh=96EDAD94BE1A45EC7D5E7D67B97FE20C1DE1D676 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.C evtl. unerwünschte Anwendung" ac=I fn="C:\$Recycle.Bin\S-1-5-21-2209928351-3718787372-2710401756-1000\$RWLRPUU"
sh=6C06A31CB1C186D90A4E6F66E9DCD404133435ED ft=1 fh=8113374969a15c74 vn="Variante von Win32/SpeedBit.E evtl. unerwünschte Anwendung" ac=I fn="C:\Users\poi\AppData\Local\Installer\Install_25099\DCytdieamo_amodc_setup.exe"
sh=4495024B25F21088902FBD82FC915E621187FE85 ft=1 fh=cc5f08593bdd79bc vn="MSIL/MyPCBackup.D evtl. unerwünschte Anwendung" ac=I fn="C:\Users\poi\AppData\Local\Temp\CloudBackup4563.exe"
sh=A1889BF8FE6D8CA7CDE02AC512931E1FF9D98932 ft=1 fh=9ac083f18deba41f vn="Win32/DownWare.L evtl. unerwünschte Anwendung" ac=I fn="C:\Users\poi\AppData\Local\Temp\nsr8A7A.tmp"
sh=5B8CAFF7AF689D3F923F812E0B709B5E8F23E406 ft=1 fh=5a810feafc06837a vn="Variante von Win32/SpeedBit.D evtl. unerwünschte Anwendung" ac=I fn="C:\Users\poi\AppData\Local\Temp\ytdieamo_amodc_setup.exe"
sh=BF9E47A6084A5B7AB3027978DB06F3A7060F5D6E ft=1 fh=d5e47c88265a5b9e vn="Variante von Win32/SpeedBit.D evtl. unerwünschte Anwendung" ac=I fn="C:\Users\poi\AppData\Local\Temp\Install_11216\ins_shopperpro.exe"
sh=259AF64339F1A80C1378DA847C0063330C6C75A5 ft=1 fh=8aeec32a224d2101 vn="Variante von Win32/SpeedBit.D evtl. unerwünschte Anwendung" ac=I fn="C:\Users\poi\AppData\Local\Temp\Install_11216\ins_ytd.exe"
sh=2121DEE1CE3A21D7763D35FEA505D2B8E83CEB1A ft=1 fh=c71c001181a536a0 vn="Variante von Win32/Packed.VMDetector.L evtl. unerwünschte Anwendung" ac=I fn="C:\Users\poi\AppData\Local\Temp\nsz1A57.tmp\InstallerUtils.dll"
sh=F01325F6C053438B70355DD33A80DDA0512F3A46 ft=1 fh=cf410674374fc386 vn="Variante von Win32/Toolbar.CrossRider.CF evtl. unerwünschte Anwendung" ac=I fn="C:\Users\poi\AppData\Local\Temp\nsz1A57.tmp\InstallerUtils2.dll"
sh=7FF3F72344435C903F4110818294379FF1D2DFF2 ft=1 fh=c71c0011780ad664 vn="Variante von Win32/ELEX.CE evtl. unerwünschte Anwendung" ac=I fn="C:\Users\poi\AppData\Local\Temp\~dl755F\bjl\jieya.dll"
sh=E527BBCAFEDDC287A621A2DB49A1F10502C1E3D0 ft=1 fh=4c77490216ec3f95 vn="Variante von Win32/ELEX.BH evtl. unerwünschte Anwendung" ac=I fn="C:\Users\poi\AppData\Local\Temp\~dl755F\zdma\tmp\wpm_v20.0.0.1953_0302.exe"
ESETSmartInstaller@High as downloader log:
Can not open internetesets_scanner_update returned -1 esets_gle=45314
ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=c4d8e5cdbdb6b7469c0b9aa2f2858ff4
# engine=23007
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2015-03-20 10:35:36
# local_time=2015-03-20 11:35:36 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1031
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1=''
# compatibility_mode=5893 16776573 100 94 33518 178520786 0 0
# scanned=148802
# found=0
# cleaned=0
# scan_time=896
Code:
ATTFilter Results of screen317's Security Check version 0.99.97
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 11
``````````````Antivirus/Firewall Check:``````````````
WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
Java 64-bit 8 Update 31
Adobe Flash Player 17.0.0.134
Mozilla Firefox (36.0.1)
````````Process Check: objlist.exe by Laurent````````
`````````````````System Health check`````````````````
Total Fragmentation on Drive C:
````````````````````End of Log``````````````````````
|
|
| Themen zu Windows 7 mehrere funde via Eset |
| .dll, administrator, anti-malware, appdata, browser, crypt, defender, detected, deutsch, diverse, explorer, firefox, free download, google, home, installation, malwarebytes, microsoft, registry, ruckel, software, start, system, system32, windows, windows xp |
Hybrid-Darstellung
