Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   Riskware und andere bei HitmanPro Scan, gefährlich? (https://www.trojaner-board.de/140486-riskware-andere-hitmanpro-scan-gefaehrlich.html)

Noob:( 26.08.2013 14:18
Riskware und andere bei HitmanPro Scan, gefährlich?
 
Hallo!
Ich habe mir auf Grund eines anderen Problems vor mehreren Wochen das Programm "HitmanPro 3.7.7" runtergeladen. Seit dem macht es jede ca 20 h einen Sicherheitsscan. Gerade eben lief der wieder durch und hat diesmal was gefunden, nämlich 2 "Dinge" bei denen Riskware huintendran stand und 12 "Dinge" mit Adware.ClickPotato. Ist das Gefährlich und wenn ja wie bekomm ich das wieder weg?
Danke schon mal für die Antwort!
Noob

schrauber 26.08.2013 14:52
hi,

zeig mal das Logfile.

Noob:( 26.08.2013 14:58
Müsste der hier sein:

Code:
HitmanPro 3.7.7.203
www.hitmanpro.com

  Computer name . . . . : ***-PC
  Windows . . . . . . . : 6.1.1.7601.X64/8
  User name . . . . . . : ***-PC\***
  UAC . . . . . . . . . : Enabled
  License . . . . . . . : Trial (Expired)

  Scan date . . . . . . : 2013-08-26 15:03:34
  Scan mode . . . . . . : Normal
  Scan duration . . . . : 4m 6s
  Disk access mode  . . : Direct disk access (SRB)
  Cloud . . . . . . . . : Internet
  Reboot  . . . . . . . : No

  Threats . . . . . . . : 97
  Traces  . . . . . . . : 374

  Objects scanned . . . : 1.162.379
  Files scanned . . . . : 10.943
  Remnants scanned  . . : 290.683 files / 860.753 keys

Malware _____________________________________________________________________

  C:\Program Files (x86)\LyricsPal\130.dll
      Size . . . . . . . : 145.920 bytes
      Age  . . . . . . . : 0.1 days (2013-08-26 12:50:06)
      Entropy  . . . . . : 6.5
      SHA-256  . . . . . : 51BE8F7C1DB27A8E162AD50C81E47AE8E01D8ADE33A336C5AF229B716158ADB5
      Product  . . . . . : Lyrics-Pal
      Publisher  . . . . : Lyrics-Pal
      Copyright  . . . . : Copyright (c) 2013
      Gossip . . . . . . : (x86)
    > G Data . . . . . . : Gen:Variant.Adware.Graftor.108504
      Fuzzy  . . . . . . : 99.0
      Startup
        HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{dc29db0f-529e-415e-9754-c4d493333108}\
      References
        HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{dc29db0f-529e-415e-9754-c4d493333108}\
        HKLM\SOFTWARE\Wow6432Node\Classes\TypeLib\b1d37378-70fb-44d4-aa8d-200f912820ff\

  C:\SysPart\Default\Program Files (x86)\LyricsPal\130.dll
      Size . . . . . . . : 145.920 bytes
      Age  . . . . . . . : 0.1 days (2013-08-26 12:50:06)
      Entropy  . . . . . : 6.5
      SHA-256  . . . . . : 51BE8F7C1DB27A8E162AD50C81E47AE8E01D8ADE33A336C5AF229B716158ADB5
      Product  . . . . . : Lyrics-Pal
      Publisher  . . . . : Lyrics-Pal
      Copyright  . . . . : Copyright (c) 2013
    > G Data . . . . . . : Gen:Variant.Adware.Graftor.108504
      Fuzzy  . . . . . . : 105.0
      Forensic Cluster
        -2.9s C:\SysPart\Default\ProgramData\Microsoft\Crypto\RSA\MachineKeys\5704840f0b3e82908309923567b498c3_75109218-4e06-43d7-9b1a-814dd81dac59
        -0.0s C:\SysPart\Default\Program Files (x86)\LyricsPal\00.crx
        -0.0s C:\SysPart\Default\Program Files (x86)\LyricsPal\00.xpi
          0.0s C:\SysPart\Default\Program Files (x86)\LyricsPal\130.crx
          0.0s C:\SysPart\Default\Program Files (x86)\LyricsPal\130.dll
          0.0s C:\SysPart\Default\Program Files (x86)\LyricsPal\130.xpi
        14.7s C:\SysPart\Default\Windows\ServiceProfiles\LocalService\AppData\Roaming\PeerNetworking\b03b28dccff9b225f5153fa13a557666\4fb1bb4721b5a959f351deea759d5584\grouping\tmp.edb
        17.1s C:\SysPart\Default\Windows\System32\Tasks\Lyrics-Pal Update
        19.2s C:\SysPart\Default\Program Files (x86)\LyricsPal\130.dat
        19.4s C:\SysPart\Default\Users\***\AppData\Local\Temp\upr6F36.tmp
        20.9s C:\SysPart\Default\Users\***\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CDG5XQOQ\updated[1].htm
        25.0s C:\SysPart\Default\Users\***\AppData\Local\Temp\upe8594.tmp
        26.1s C:\SysPart\Default\Users\***\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\94XAELA4\130[1].xml
        29.9s C:\SysPart\Default\Users\***\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Spotify.lnk


Suspicious files ____________________________________________________________

  C:\Users\***\Desktop\ComboFix.exe
      Size . . . . . . . : 5.087.643 bytes
      Age  . . . . . . . : 46.8 days (2013-07-10 20:40:44)
      Entropy  . . . . . : 8.0
      SHA-256  . . . . . : 6748E61A6234D5CDBB82C782963595FF99CCBFAAAB0D1386D5CBC264BFC27AD5
      Product  . . . . . : ComboFix
      Publisher  . . . . : Swearware
      Description  . . . : ComboFix NSIS Installer
      Version  . . . . . : 13.07.09.01
      Copyright  . . . . : sUBs
      Fuzzy  . . . . . . : 23.0
        The file is completely hidden from view and most antivirus products. It may belong to a rootkit.
        Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
      References
        HKU\S-1-5-21-1311006177-775220444-537829284-1001\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache\C:\Users\Klemens\Desktop\ComboFix.exe

  C:\Windows\system32\drivers\AVIPBB.sys
      Size . . . . . . . : 129.216 bytes
      Age  . . . . . . . : 206.7 days (2013-01-31 21:24:09)
      Entropy  . . . . . : 6.6
      SHA-256  . . . . . : 22AA33B1276C2B0FB36F22371FA43BFB8987CED0E81947D6DCC5F134B28E64B6
      Product  . . . . . : Avira Professional Security
      Publisher  . . . . : Avira Operations GmbH & Co. KG
      Description  . . . : Avira Driver for Security Enhancement
      Version  . . . . . : 13.05.01.04
      Copyright  . . . . : Copyright Š 2000 - 2013 Avira Operations GmbH & Co. KG. All rights reserved.
      Fuzzy  . . . . . . : 42.0
        The file is hidden from Windows API. This is typical for malware.
        The file is completely hidden from view and most antivirus products. It may belong to a rootkit.
        The file is located in a folder that contains core operating system files from Windows. This is not typical for most programs and is only common to system tools, drivers and hacking utilities.
        The file is a device driver. Device drivers run as trusted (highly privileged) code.

  C:\Windows\system32\drivers\AVKMGR.sys
      Size . . . . . . . : 27.800 bytes
      Age  . . . . . . . : 206.7 days (2013-01-31 21:24:09)
      Entropy  . . . . . : 6.4
      SHA-256  . . . . . : F9C76B8F100F7CF2A95F451445A4BAEB83BC43C5CF4126175CAE065E0E2A2EEB
      Product  . . . . . : Avira Professional Security
      Publisher  . . . . : Avira Operations GmbH & Co. KG
      Description  . . . : Avira Manager Driver
      Version  . . . . . : 13.04.00.03
      Copyright  . . . . : Copyright Š 2000 - 2013 Avira Operations GmbH & Co. KG. All rights reserved.
      Fuzzy  . . . . . . : 42.0
        The file is hidden from Windows API. This is typical for malware.
        The file is completely hidden from view and most antivirus products. It may belong to a rootkit.
        The file is located in a folder that contains core operating system files from Windows. This is not typical for most programs and is only common to system tools, drivers and hacking utilities.
        The file is a device driver. Device drivers run as trusted (highly privileged) code.

  C:\Windows\system32\drivers\cfwids.sys
      Size . . . . . . . : 65.264 bytes
      Age  . . . . . . . : 681.1 days (2011-10-15 12:16:16)
      Entropy  . . . . . : 6.1
      SHA-256  . . . . . : 096F50891302F84E2543F32F2D5A51E0183A12900B920A2DD8976459B4B2C051
      Needs elevation  . : Yes
      Product  . . . . . : SYSCORE
      Publisher  . . . . : McAfee, Inc.
      Description  . . . : McAfee Personal Firewall IDS Plugin
      Version  . . . . . : SYSCORE.14.4.0.478
      Copyright  . . . . : CopyrightŠ 1995-2011 McAfee, Inc. All Rights Reserved.
      Fuzzy  . . . . . . : 22.0
        The file is completely hidden from view and most antivirus products. It may belong to a rootkit.
        The file is located in a folder that contains core operating system files from Windows. This is not typical for most programs and is only common to system tools, drivers and hacking utilities.
        The file is a device driver. Device drivers run as trusted (highly privileged) code.

  C:\Windows\system32\drivers\mfeapfk.sys
      Size . . . . . . . : 160.280 bytes
      Age  . . . . . . . : 681.1 days (2011-10-15 12:16:16)
      Entropy  . . . . . : 6.3
      SHA-256  . . . . . : C7728392FADE8AE792458224C40E9AED4789F9DA4233C34E0A0B303DE33ABE86
      Product  . . . . . : SYSCORE
      Publisher  . . . . : McAfee, Inc.
      Description  . . . : Access Protection Filter Driver
      Version  . . . . . : SYSCORE.14.4.0.478
      Copyright  . . . . : CopyrightŠ 1995-2011 McAfee, Inc. All Rights Reserved.
      Fuzzy  . . . . . . : 22.0
        The file is completely hidden from view and most antivirus products. It may belong to a rootkit.
        The file is located in a folder that contains core operating system files from Windows. This is not typical for most programs and is only common to system tools, drivers and hacking utilities.
        The file is a device driver. Device drivers run as trusted (highly privileged) code.

  C:\Windows\system32\drivers\mfeavfk.sys
      Size . . . . . . . : 229.528 bytes
      Age  . . . . . . . : 681.1 days (2011-10-15 12:16:16)
      Entropy  . . . . . : 6.3
      SHA-256  . . . . . : 986EBE286B34AC6E39F70E069AD6D1069538C23B0F2D47771C5A8FB8B1C5B5BB
      Product  . . . . . : SYSCORE
      Publisher  . . . . : McAfee, Inc.
      Description  . . . : Anti-Virus File System Filter Driver
      Version  . . . . . : SYSCORE.14.4.0.478
      Copyright  . . . . : CopyrightŠ 1995-2011 McAfee, Inc. All Rights Reserved.
      Fuzzy  . . . . . . : 22.0
        The file is completely hidden from view and most antivirus products. It may belong to a rootkit.
        The file is located in a folder that contains core operating system files from Windows. This is not typical for most programs and is only common to system tools, drivers and hacking utilities.
        The file is a device driver. Device drivers run as trusted (highly privileged) code.

  C:\Windows\system32\drivers\mfeclnk.sys
      Size . . . . . . . : 10.248 bytes
      Age  . . . . . . . : 359.6 days (2012-09-01 00:37:57)
      Entropy  . . . . . : 6.7
      SHA-256  . . . . . : E7A513683AC0CAA950DF126B4D87FBD4FCD766B67AFCEC4EC9E4FB7198DA3116
      Product  . . . . . : SYSCORE
      Publisher  . . . . : McAfee, Inc.
      Description  . . . : McAfee Driver Cleaning Driver
      Version  . . . . . : SYSCORE.14.4.0.478
      Copyright  . . . . : CopyrightŠ 1995-2011 McAfee, Inc. All Rights Reserved.
      Fuzzy  . . . . . . : 22.0
        The file is completely hidden from view and most antivirus products. It may belong to a rootkit.
        The file is located in a folder that contains core operating system files from Windows. This is not typical for most programs and is only common to system tools, drivers and hacking utilities.
        The file is a device driver. Device drivers run as trusted (highly privileged) code.

  C:\Windows\system32\drivers\mfefirek.sys
      Size . . . . . . . : 481.768 bytes
      Age  . . . . . . . : 681.1 days (2011-10-15 12:16:16)
      Entropy  . . . . . : 6.3
      SHA-256  . . . . . : C3CBFD0FABA4E165C2485A21D61A2B7E39083E6DBFB62423DAF1C2CDB1817164
      Product  . . . . . : SYSCORE
      Publisher  . . . . : McAfee, Inc.
      Description  . . . : McAfee Core Firewall Engine Driver
      Version  . . . . . : SYSCORE.14.4.0.478
      Copyright  . . . . : CopyrightŠ 1995-2011 McAfee, Inc. All Rights Reserved.
      Fuzzy  . . . . . . : 22.0
        The file is completely hidden from view and most antivirus products. It may belong to a rootkit.
        The file is located in a folder that contains core operating system files from Windows. This is not typical for most programs and is only common to system tools, drivers and hacking utilities.
        The file is a device driver. Device drivers run as trusted (highly privileged) code.

  C:\Windows\system32\drivers\mfehidk.sys
      Size . . . . . . . : 771.096 bytes
      Age  . . . . . . . : 204.8 days (2013-02-02 19:07:44)
      Entropy  . . . . . : 6.1
      SHA-256  . . . . . : D736EBCA40097A135AC1463E73457FDB7C5BC5D1620583865F70E2B94795B316
      Product  . . . . . : SYSCORE
      Publisher  . . . . : McAfee, Inc.
      Description  . . . : McAfee Link Driver
      Version  . . . . . : SYSCORE.15.1.0.594
      Copyright  . . . . : CopyrightŠ 1995-2012 McAfee, Inc. All Rights Reserved.
      Fuzzy  . . . . . . : 22.0
        The file is completely hidden from view and most antivirus products. It may belong to a rootkit.
        The file is located in a folder that contains core operating system files from Windows. This is not typical for most programs and is only common to system tools, drivers and hacking utilities.
        The file is a device driver. Device drivers run as trusted (highly privileged) code.

  C:\Windows\system32\drivers\mfenlfk.sys
      Size . . . . . . . : 75.808 bytes
      Age  . . . . . . . : 681.1 days (2011-10-15 12:16:16)
      Entropy  . . . . . : 6.1
      SHA-256  . . . . . : 505EE789B4BC47721B6224B48C0FFA9B2BB002FAC8E451F2612428430596A2C9
      Product  . . . . . : SYSCORE
      Publisher  . . . . : McAfee, Inc.
      Description  . . . : McAfee NDIS Light Filter Driver
      Version  . . . . . : SYSCORE.14.4.0.478
      Copyright  . . . . : CopyrightŠ 1995-2011 McAfee, Inc. All Rights Reserved.
      Fuzzy  . . . . . . : 22.0
        The file is completely hidden from view and most antivirus products. It may belong to a rootkit.
        The file is located in a folder that contains core operating system files from Windows. This is not typical for most programs and is only common to system tools, drivers and hacking utilities.
        The file is a device driver. Device drivers run as trusted (highly privileged) code.

  C:\Windows\system32\drivers\mferkdet.sys
      Size . . . . . . . : 100.912 bytes
      Age  . . . . . . . : 681.1 days (2011-10-15 12:16:16)
      Entropy  . . . . . : 6.3
      SHA-256  . . . . . : E16D442E51D37F4024FA4B1573167BA3C13A5F22FEC86B32021F7A2C8A749C71
      Product  . . . . . : SYSCORE
      Publisher  . . . . : McAfee, Inc.
      Description  . . . : McAfee Code Analysis Driver
      Version  . . . . . : SYSCORE.14.4.0.478
      Copyright  . . . . : CopyrightŠ 1995-2011 McAfee, Inc. All Rights Reserved.
      Fuzzy  . . . . . . : 22.0
        The file is completely hidden from view and most antivirus products. It may belong to a rootkit.
        The file is located in a folder that contains core operating system files from Windows. This is not typical for most programs and is only common to system tools, drivers and hacking utilities.
        The file is a device driver. Device drivers run as trusted (highly privileged) code.

  C:\Windows\system32\drivers\mfewfpk.sys
      Size . . . . . . . : 339.776 bytes
      Age  . . . . . . . : 204.8 days (2013-02-02 19:07:39)
      Entropy  . . . . . : 4.9
      SHA-256  . . . . . : B7ED3FB5FAA70F6C4298AA480CF3494BEF09FB07E87594C376BA60D9E082327A
      Product  . . . . . : SYSCORE
      Publisher  . . . . : McAfee, Inc.
      Description  . . . : Anti-Virus Mini-Firewall Driver
      Version  . . . . . : SYSCORE.15.1.0.594
      Copyright  . . . . : CopyrightŠ 1995-2012 McAfee, Inc. All Rights Reserved.
      Fuzzy  . . . . . . : 22.0
        The file is completely hidden from view and most antivirus products. It may belong to a rootkit.
        The file is located in a folder that contains core operating system files from Windows. This is not typical for most programs and is only common to system tools, drivers and hacking utilities.
        The file is a device driver. Device drivers run as trusted (highly privileged) code.

  C:\Windows\system32\mfevtps.exe
      Size . . . . . . . : 161.168 bytes
      Age  . . . . . . . : 359.6 days (2012-09-01 00:37:55)
      Entropy  . . . . . : 6.3
      SHA-256  . . . . . : 17D23D0BCC3BB9C29ACB0163E4C9B2C550085A215A6688F1D98E204A37DDC0F0
      Needs elevation  . : Yes
      Product  . . . . . : SYSCORE
      Publisher  . . . . : McAfee, Inc.
      Description  . . . : McAfee Process Validation Service
      Version  . . . . . : SYSCORE.14.4.0.478
      Copyright  . . . . : CopyrightŠ 1995-2011 McAfee, Inc. All Rights Reserved.
      Fuzzy  . . . . . . : 22.0
        The file is completely hidden from view and most antivirus products. It may belong to a rootkit.
        The file is located in a folder that contains core operating system files from Windows. This is not typical for most programs and is only common to system tools, drivers and hacking utilities.


Malware remnants ____________________________________________________________

  HKLM\SOFTWARE\Classes\AppID\{38A066B0-DD5F-4226-AC4F-6A27C1BFB892}\ (Adware.ClickPotato)
  HKLM\SOFTWARE\Classes\Interface\{1B97A696-5576-43AC-A73B-E1D2C78F21E8}\ (Adware.ClickPotato)
  HKLM\SOFTWARE\Classes\Interface\{75BF416E-4326-45B5-8A2D-AE32D05B930B}\ (Adware.ClickPotato)
  HKLM\SOFTWARE\Classes\PricePeep.PricePeepBho.1\ (Adware.ClickPotato)
  HKLM\SOFTWARE\Classes\PricePeep.PricePeepBho\ (Adware.ClickPotato)
  HKLM\SOFTWARE\Classes\TypeLib\{3BF3DED5-0FC8-4207-AC09-AA7B5AF4E408}\ (Adware.ClickPotato)
  HKLM\SOFTWARE\Classes\Wow6432Node\AppID\{38A066B0-DD5F-4226-AC4F-6A27C1BFB892}\ (Adware.ClickPotato)
  HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{FD6D90C0-E6EE-4BC6-B9F7-9ED319698007}\ (Adware.ClickPotato)
  HKLM\SOFTWARE\Classes\Wow6432Node\Interface\{1B97A696-5576-43AC-A73B-E1D2C78F21E8}\ (Adware.ClickPotato)
  HKLM\SOFTWARE\Classes\Wow6432Node\Interface\{75BF416E-4326-45B5-8A2D-AE32D05B930B}\ (Adware.ClickPotato)
  HKLM\SOFTWARE\Classes\Wow6432Node\TypeLib\{3BF3DED5-0FC8-4207-AC09-AA7B5AF4E408}\ (Adware.ClickPotato)
  HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{FD6D90C0-E6EE-4BC6-B9F7-9ED319698007}\ (Adware.ClickPotato)
  HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\PricePeep\ (Adware.ClickPotato)

Potential Unwanted Programs _________________________________________________

  HKU\S-1-5-21-1311006177-775220444-537829284-1001\Software\Microsoft\Internet Explorer\Approved Extensions\{4D2D3B0F-69BE-477A-90F5-FDDB05357975} (Claro)
  HKU\S-1-5-21-1311006177-775220444-537829284-1001\Software\Microsoft\Internet Explorer\Approved Extensions\{98889811-442D-49DD-99D7-DC866BE87DBC} (Claro)

Cookies _____________________________________________________________________

  C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\9R7QLOEB.txt
  C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\DQBT8Y6N.txt
  C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\INDZNNF0.txt
  C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\MR9KTKON.txt
  C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\NWPLVFNF.txt
  C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\PBBJ4ZAA.txt
  C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\S7RZIBGN.txt
  C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\TAN298VS.txt

schrauber 26.08.2013 18:05
Joah, hast wieder Adware installiert.

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST Download FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
  • Starte jetzt FRST.
  • Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
  • Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
  • Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)


Noob:( 29.08.2013 14:11
Soll ich Farbar's Recovery Scan Tool jetzt so machen wie es iin der Anleitung steht, oder einfach nur runterladen, auf den Desktop ziehen und starten?

schrauber 29.08.2013 17:44
genau :)

Noob:( 29.08.2013 17:46
Auf ne Oder-Frage kann man nich mit "genau" antworten :D Also was jetzt?

schrauber 30.08.2013 06:25
Desktop :)


Alle Zeitangaben in WEZ +1. Es ist jetzt 21:51 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131