Code:
Alles auswählen Aufklappen ATTFilter
HitmanPro 3.7.15.281
www.hitmanpro.com
Computer name . . . . : DESKTOP-FS8L08U
Windows . . . . . . . : 10.0.0.14393.X64/8
User name . . . . . . : DESKTOP-FS8L08U\Jannik
UAC . . . . . . . . . : Enabled
License . . . . . . . : Free
Scan date . . . . . . : 2016-12-09 22:00:13
Scan mode . . . . . . : Normal
Scan duration . . . . : 10m 24s
Disk access mode . . : Direct disk access (SRB)
Cloud . . . . . . . . : Internet
Reboot . . . . . . . : No
Threats . . . . . . . : 1
Traces . . . . . . . : 4
Objects scanned . . . : 2.877.958
Files scanned . . . . : 100.566
Remnants scanned . . : 852.442 files / 1.924.950 keys
Malware _____________________________________________________________________
C:\Users\Jannik\AppData\Local\Microsoft\Windows\INetCache\IE\G5J5SNR8\wCVYijuU[1].exe
Size . . . . . . . : 267.138 bytes
Age . . . . . . . : 3.2 days (2016-12-06 16:28:37)
Entropy . . . . . : 7.9
SHA-256 . . . . . : 4DB37CFCA8A013B2355088407624A29831ECAF22AC3DDB0FF2F2674EBCB95E08
> Kaspersky . . . . : not-a-virus:AdWare.Win32.Vopak.cqgg
Fuzzy . . . . . . : 116.0
Forensic Cluster
-10.8s C:\Users\Jannik\AppData\Local\Microsoft\Windows\INetCache\IE\36G9Y3IK\pixl[1].htm
0.0s C:\Users\Jannik\AppData\Local\Microsoft\Windows\INetCache\IE\G5J5SNR8\wCVYijuU[1].exe
19.7s C:\Users\Jannik\AppData\Local\Temp\nsi3C44.tmp
20.4s C:\Users\Jannik\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\D0E9B037875737BCE7C5CC1BF065C133_A846900AD583256DF696CF8F711A9E5E
20.4s C:\Users\Jannik\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\D0E9B037875737BCE7C5CC1BF065C133_A846900AD583256DF696CF8F711A9E5E
20.5s C:\Users\Jannik\AppData\Local\Temp\nsp3F24.tmp
20.5s C:\Users\Jannik\AppData\Local\Temp\heu39T.nss
20.9s C:\Users\Jannik\AppData\Local\Temp\nsp40AE.tmp
21.7s C:\TOSTACK
21.7s C:\Users\Jannik\AppData\Local\Microsoft\Windows\INetCache\IE\36G9Y3IK\am[1].htm
22.3s C:\Windows\System32\config\systemprofile\AppData\Local\ESET\
22.3s C:\Windows\System32\config\systemprofile\AppData\Local\ESET\ESET NOD32 Antivirus\
22.3s C:\Windows\System32\config\systemprofile\AppData\Local\ESET\ESET NOD32 Antivirus\Quarantine\
22.3s C:\Windows\System32\config\systemprofile\AppData\Local\ESET\ESET NOD32 Antivirus\Quarantine\BD29D272F97C2AF6110F75CFE5AF50E18C548949.NDF
22.3s C:\Windows\System32\config\systemprofile\AppData\Local\ESET\ESET NOD32 Antivirus\Quarantine\BD29D272F97C2AF6110F75CFE5AF50E18C548949.NQF
22.3s C:\Windows\System32\config\systemprofile\AppData\Local\ESET\ESET NOD32 Antivirus\Quarantine\INFO.NQI
22.3s C:\ProgramData\ESET\ESET NOD32 Antivirus\httpblk.dat
28.0s C:\Users\Jannik\AppData\Local\Temp\nsb5CC8.tmp
28.1s C:\Users\Jannik\AppData\Local\Microsoft\Windows\INetCache\IE\G5J5SNR8\Rf5b4yq08[1].exe
29.0s C:\Users\Jannik\AppData\Local\Temp\nsn60B2.tmp
34.1s C:\Users\Jannik\AppData\Local\Microsoft\Windows\INetCache\IE\36G9Y3IK\reportstatus[1].htm
44.1s C:\Users\Jannik\AppData\Local\Temp\nsl9B99.tmp
49.3s C:\Users\Jannik\AppData\Local\Microsoft\Windows\INetCache\IE\G5J5SNR8\pMKqrHo1[1]
51.3s C:\Users\Jannik\AppData\Local\Temp\51B76AF0-FC07-4ED8-BB28-92E045A6FB75\
64.6s C:\Users\Jannik\AppData\Local\Microsoft\Windows\INetCache\IE\CVVUJAOV\stats[1].htm
64.6s C:\Users\Jannik\AppData\Local\Temp\nsmEBBF.tmp
64.7s C:\Users\Jannik\AppData\Local\Microsoft\Windows\INetCache\IE\36G9Y3IK\timestamp[1].htm
64.9s C:\Users\Jannik\AppData\Local\Temp\nsiECDC.tmp
65.1s C:\Users\Jannik\AppData\Local\Microsoft\Windows\INetCache\IE\G5J5SNR8\JKs76NWX[1].exe
Suspicious files ____________________________________________________________
C:\Users\Jannik\Downloads\FRST64 (1).exe
Size . . . . . . . : 2.420.224 bytes
Age . . . . . . . : 2.4 days (2016-12-07 12:43:43)
Entropy . . . . . : 7.6
SHA-256 . . . . . : 6BC88900020E928F2EA88503357CC8B182FF2015A88AF456AF3F2212BA73FE1E
Needs elevation . : Yes
Fuzzy . . . . . . : 24.0
Program has no publisher information but prompts the user for permission elevation.
Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
Authors name is missing in version info. This is not common to most programs.
Version control is missing. This file is probably created by an individual. This is not typical for most programs.
Time indicates that the file appeared recently on this computer.
Forensic Cluster
-20.9s C:\Users\Jannik\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00c903
-20.8s C:\Users\Jannik\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00c904
-20.2s C:\Users\Jannik\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00c905
-20.2s C:\Users\Jannik\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00c906
-20.1s C:\Users\Jannik\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00c907
-9.9s C:\Users\Jannik\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00c908
-8.2s C:\Users\Jannik\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00c909
0.0s C:\Users\Jannik\Downloads\FRST64 (1).exe
2.4s C:\Users\Jannik\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00c90a
C:\Users\Jannik\Downloads\FRST64.exe
Size . . . . . . . : 2.420.224 bytes
Age . . . . . . . : 2.4 days (2016-12-07 12:42:48)
Entropy . . . . . : 7.6
SHA-256 . . . . . : 6BC88900020E928F2EA88503357CC8B182FF2015A88AF456AF3F2212BA73FE1E
Needs elevation . : Yes
Fuzzy . . . . . . : 24.0
Program has no publisher information but prompts the user for permission elevation.
Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
Authors name is missing in version info. This is not common to most programs.
Version control is missing. This file is probably created by an individual. This is not typical for most programs.
Time indicates that the file appeared recently on this computer.
Potential Unwanted Programs _________________________________________________
HKU\S-1-5-21-2730390117-1916495976-2665451607-1001\SOFTWARE\IM\ (Sweetpacks)
09.12.2016, 22:17
Hybrid-Darstellung
