Windows 7 - Facebook Link angeklickt, unsicher bezüglich eventueller Malware!

Bobby_Peru · 21.01.2019, 22:11

Code:

ATTFilter

HitmanPro 3.8.0.295
www.hitmanpro.com

   Computer name . . . . : DIUBLA-PC
   Windows . . . . . . . : 6.1.1.7601.X64/2
   User name . . . . . . : diubla-PC\Peter
   UAC . . . . . . . . . : Enabled
   License . . . . . . . : Free

   Scan date . . . . . . : 2019-01-21 21:13:49
   Scan mode . . . . . . : Normal
   Scan duration . . . . : 7m 22s
   Disk access mode  . . : Direct disk access (SRB)
   Cloud . . . . . . . . : Internet
   Reboot  . . . . . . . : No

   Threats . . . . . . . : 0
   Traces  . . . . . . . : 3

   Objects scanned . . . : 2.502.260
   Files scanned . . . . : 38.600
   Remnants scanned  . . : 614.230 files / 1.849.430 keys

Suspicious files ____________________________________________________________

   D:\Users\Peter\Downloads\FRST-OlderVersion\FRST64(1).exe
      Size . . . . . . . : 2.427.904 bytes
      Age  . . . . . . . : 6.2 days (2019-01-15 17:31:38)
      Entropy  . . . . . : 7.6
      SHA-256  . . . . . : 28613F7293E48DD473D3E4463A1EFCCE51BCF440AB2CE7A46D09B8A661E6C67A
      Needs elevation  . : Yes
      Fuzzy  . . . . . . : 24.0
         Program has no publisher information but prompts the user for permission elevation.
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
         Authors name is missing in version info. This is not common to most programs.
         Version control is missing. This file is probably created by an individual. This is not typical for most programs.
         Time indicates that the file appeared recently on this computer.

   D:\Users\Peter\Downloads\FRST-OlderVersion\FRST64.exe
      Size . . . . . . . : 2.406.912 bytes
      Age  . . . . . . . : 826.4 days (2016-10-17 11:48:29)
      Entropy  . . . . . : 7.6
      SHA-256  . . . . . : E9812F6438CD666A91D568AD77544A074CA037ED84C64F5CC63105F90A843341
      Needs elevation  . : Yes
      Fuzzy  . . . . . . : 22.0
         Program has no publisher information but prompts the user for permission elevation.
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
         Authors name is missing in version info. This is not common to most programs.
         Version control is missing. This file is probably created by an individual. This is not typical for most programs.

   D:\Users\Peter\Downloads\FRST64(1).exe
      Size . . . . . . . : 2.428.416 bytes
      Age  . . . . . . . : 1.2 days (2019-01-20 17:15:24)
      Entropy  . . . . . : 7.6
      SHA-256  . . . . . : 9D5475767907F29A71C13C15DA81EC088116CEC92C324581ACC758B98C01B697
      Needs elevation  . : Yes
      Fuzzy  . . . . . . : 24.0
         Program has no publisher information but prompts the user for permission elevation.
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
         Authors name is missing in version info. This is not common to most programs.
         Version control is missing. This file is probably created by an individual. This is not typical for most programs.
         Time indicates that the file appeared recently on this computer.
      Forensic Cluster
         -28.2s D:\Windows\Prefetch\CMD.EXE-89305D47.pf
         -24.1s D:\Windows\Prefetch\FRST64(1).EXE-C4CF641E.pf
         -20.6s D:\Users\Peter\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\5457A8CE4B2A7499F8299A013B6E1C7C_CE50F893881D43DC0C815E4D80FAF2B4
         -20.6s D:\Users\Peter\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\5457A8CE4B2A7499F8299A013B6E1C7C_CE50F893881D43DC0C815E4D80FAF2B4
         -14.1s D:\Users\Peter\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\5080DC7A65DB6A5960ECD874088F3328_6CBA2C06D5985DD95AE59AF8FC7C6220
         -14.1s D:\Users\Peter\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\5080DC7A65DB6A5960ECD874088F3328_6CBA2C06D5985DD95AE59AF8FC7C6220
         -6.8s D:\Users\Peter\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\9EC3B71635F8BA3FC68DE181A104A0EF_F6C39EF89D8A3A72327D8412589658B2
         -6.8s D:\Users\Peter\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\9EC3B71635F8BA3FC68DE181A104A0EF_F6C39EF89D8A3A72327D8412589658B2
         -0.2s D:\Users\Peter\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\64DCC9872C5635B1B7891B30665E0558_5552C20A2631357820903FD38A8C0F9F
         -0.2s D:\Users\Peter\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\64DCC9872C5635B1B7891B30665E0558_5552C20A2631357820903FD38A8C0F9F
          0.0s D:\Users\Peter\Downloads\FRST64(1).exe
          1.0s D:\Users\Peter\Downloads\FRST-OlderVersion\
         12.5s D:\Windows\Prefetch\ERUNT.EXE-5D8398BB.pf

Hahaha. Danke. Deine Schritt für Schritt Anleitungen sind ja aber auch ziemlich idiotensicher. Und es bleibt leider bei Stückwerk. ESET file kommt erst morgen.

Vielen Dank für die Hilfe nochmal.

Bis morgen....

Windows 7 - Facebook Link angeklickt, unsicher bezüglich eventueller Malware!

Log-Analyse und Auswertung: Windows 7 - Facebook Link angeklickt, unsicher bezüglich eventueller Malware!

Windows 7 - Facebook Link angeklickt, unsicher bezüglich eventueller Malware!

Ähnliche Themen: Windows 7 - Facebook Link angeklickt, unsicher bezüglich eventueller Malware!