| |
| |||||||
Log-Analyse und Auswertung: Windows 10: Webbrowserinfektion (Fingerprint: [32306749]) von G Data erkanntWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML |
09.10.2019, 10:14
| #1 |
 | ![Windows 10: Webbrowserinfektion (Fingerprint: [32306749]) von G Data erkannt - Standard](images/icons/icon1.gif){kind=icon} Windows 10: Webbrowserinfektion (Fingerprint: [32306749]) von G Data erkannt Hallo, G Data hat gestern bei mir eine Infektion meines Webbrowser festgestellt. Ich habe darauf hin den Virenscanner von G Data verwendet, Malwarebytes, Spybot und JRT Da heute Morgen wieder ein Virus gefunden wurde habe ich mich entschlossen euch um Rat zu fragen. Ich wollte das FRST downloaden und ausführen. Mein PC hat gemeldet das es nicht kompatibel ist. Das sind die Logs von GData: Code:
ATTFilter Beim Öffnen der Datei "C:\Users\Admin\AppData\Local\Temp\wkMEOwQX.exe.part" wurde der Virus "Trojan.GenericKD.32565697 (Engine A)" entdeckt. Zugriff verweigert. (Engine A: AVA 25.23646, Engine B: GD 26.16227)
Beim Öffnen der Datei "C:\Users\Franziska\AppData\Local\Temp\AaLcxMpM.exe.part" wurde der Virus "Trojan.GenericKD.32565697 (Engine A)" entdeckt. Zugriff verweigert. (Engine A: AVA 25.23646, Engine B: GD 26.16227)
Im Browser wurde der Schädling unbekannter Schädling
(Fingerprint: [32306749])
entdeckt.
Trotzdem empfehlen wir Ihnen dringend, bis zur dauerhaften Entfernung des Schädlings keine Passwörter mehr im Browser einzugeben und insbesondere auf empfindliche Vorgänge, wie z.B. Online-Banking, zu verzichten. Das Ergebnis der Virenprüfun durch G Data gestern: Code:
ATTFilter Virenprüfung mit G DATA INTERNET SECURITY
Version 25.5.4.21 (29.08.2019)
Virensignaturen vom 08.10.2019
Startzeit: 08.10.2019 09:36:40
Engine(s): Engine A (AVA 25.23637), Engine B (GD 26.16214)
Heuristik: Ein
Archive: Ein
Systembereiche: Ein
RootKits prüfen: Ein
Prüfung der Systembereiche...
Prüfung aller im Speicher befindlichen Prozesse und Verweise im Autostart...
Prüfung auf RootKits...
Prüfung aller lokalen Festplatten...
Analyse vollständig durchgeführt: 08.10.2019 10:44:44
229493 Dateien überprüft
0 infizierte Dateien gefunden
0 verdächtige Dateien gefunden
Der Zugriff auf die folgenden Dateien wurde verweigert:
----------------------------------------------------------------
C:\Users\Admin\AppData\Local\Microsoft\WindowsApps\MicrosoftEdge.exe
C:\Users\Admin\AppData\Local\Microsoft\WindowsApps\python.exe
C:\Users\Admin\AppData\Local\Microsoft\WindowsApps\python3.7.exe
C:\Users\Admin\AppData\Local\Microsoft\WindowsApps\python3.exe
C:\Users\Admin\AppData\Local\Microsoft\WindowsApps\Microsoft.DesktopAppInstaller_8wekyb3d8bbwe\python3.7.exe
C:\Users\Admin\AppData\Local\Microsoft\WindowsApps\Microsoft.DesktopAppInstaller_8wekyb3d8bbwe\python.exe
C:\Users\Admin\AppData\Local\Microsoft\WindowsApps\Microsoft.DesktopAppInstaller_8wekyb3d8bbwe\python3.exe
C:\Users\Admin\AppData\Local\Microsoft\WindowsApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
C:\Users\Franziska\AppData\Local\Microsoft\WindowsApps\MicrosoftEdge.exe
C:\Users\Franziska\AppData\Local\Microsoft\WindowsApps\python.exe
C:\Users\Franziska\AppData\Local\Microsoft\WindowsApps\python3.exe
C:\Users\Franziska\AppData\Local\Microsoft\WindowsApps\Microsoft.DesktopAppInstaller_8wekyb3d8bbwe\python.exe
C:\Users\Franziska\AppData\Local\Microsoft\WindowsApps\Microsoft.DesktopAppInstaller_8wekyb3d8bbwe\python3.exe
C:\Users\Franziska\AppData\Local\Microsoft\WindowsApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
----------------------------------------------------------------
Die folgenden Dateien sind Passwortgeschützt:
----------------------------------------------------------------
C:\WINDOWS\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~x86~~18362.356.1.9\x86_microsoft-windows-microsoftedge_31bf3856ad364e35_10.0.18362.329_none_0b0ac4fdc948016c\f\microsoftedgesquare150x150.scale-200.png
C:\WINDOWS\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~x86~~18362.356.1.9\x86_microsoft-windows-microsoftedge_31bf3856ad364e35_10.0.18362.329_none_0b0ac4fdc948016c\f\microsoftedgesquare150x150.scale-200_contrast-black.png
C:\WINDOWS\SoftwareDistribution\Download\df037c969853de8b2780eba132fe3c89\Windows10.0-KB4515384-x86.cab
C:\ProgramData\Spybot - Search & Destroy\Quarantine\7-Zip-0000.zip
C:\ProgramData\Spybot - Search & Destroy\Quarantine\BurstMedia-0000.zip
C:\ProgramData\Spybot - Search & Destroy\Quarantine\Cache-0000.zip
C:\ProgramData\Spybot - Search & Destroy\Quarantine\Cache-0001.zip
C:\ProgramData\Spybot - Search & Destroy\Quarantine\Cache-0002.zip
C:\ProgramData\Spybot - Search & Destroy\Quarantine\Cache-0003.zip
C:\ProgramData\Spybot - Search & Destroy\Quarantine\Cache-0004.zip
C:\ProgramData\Spybot - Search & Destroy\Quarantine\Cookie-0000.zip
C:\ProgramData\Spybot - Search & Destroy\Quarantine\Cookie-0001.zip
C:\ProgramData\Spybot - Search & Destroy\Quarantine\Cookie-0002.zip
C:\ProgramData\Spybot - Search & Destroy\Quarantine\Cookie-0003.zip
C:\ProgramData\Spybot - Search & Destroy\Quarantine\DoubleClick-0000.zip
C:\ProgramData\Spybot - Search & Destroy\Quarantine\DownloadSponsor-0000.zip
C:\ProgramData\Spybot - Search & Destroy\Quarantine\History-0000.zip
C:\ProgramData\Spybot - Search & Destroy\Quarantine\History-0001.zip
C:\ProgramData\Spybot - Search & Destroy\Quarantine\History-0002.zip
C:\ProgramData\Spybot - Search & Destroy\Quarantine\History-0003.zip
C:\ProgramData\Spybot - Search & Destroy\Quarantine\Internet Explorer-0000.zip
C:\ProgramData\Spybot - Search & Destroy\Quarantine\Internet Explorer-0001.zip
C:\ProgramData\Spybot - Search & Destroy\Quarantine\Internet Explorer-0002.zip
C:\ProgramData\Spybot - Search & Destroy\Quarantine\Internet Explorer-0003.zip
C:\ProgramData\Spybot - Search & Destroy\Quarantine\MediaPlex-0000.zip
C:\ProgramData\Spybot - Search & Destroy\Quarantine\MS Direct3D-0000.zip
C:\ProgramData\Spybot - Search & Destroy\Quarantine\MS Direct3D-0001.zip
C:\ProgramData\Spybot - Search & Destroy\Quarantine\MS Direct3D-0002.zip
C:\ProgramData\Spybot - Search & Destroy\Quarantine\MS Direct3D-0003.zip
C:\ProgramData\Spybot - Search & Destroy\Quarantine\MS Direct3D-0004.zip
C:\ProgramData\Spybot - Search & Destroy\Quarantine\MS Direct3D-0005.zip
C:\ProgramData\Spybot - Search & Destroy\Quarantine\MS DirectDraw-0000.zip
C:\ProgramData\Spybot - Search & Destroy\Quarantine\MS DirectDraw-0001.zip
C:\ProgramData\Spybot - Search & Destroy\Quarantine\MS DirectDraw-0002.zip
C:\ProgramData\Spybot - Search & Destroy\Quarantine\MS DirectDraw-0003.zip
C:\ProgramData\Spybot - Search & Destroy\Quarantine\MS Management Console-0000.zip
C:\ProgramData\Spybot - Search & Destroy\Quarantine\MS Management Console-0001.zip
C:\ProgramData\Spybot - Search & Destroy\Quarantine\MS Media Player-0000.zip
C:\ProgramData\Spybot - Search & Destroy\Quarantine\Verlauf-0000.zip
C:\ProgramData\Spybot - Search & Destroy\Quarantine\WebTrends live-0000.zip
C:\ProgramData\Spybot - Search & Destroy\Quarantine\Windows Explorer-0000.zip
C:\ProgramData\Spybot - Search & Destroy\Quarantine\Windows Explorer-0001.zip
C:\ProgramData\Spybot - Search & Destroy\Quarantine\Windows Explorer-0002.zip
C:\ProgramData\Spybot - Search & Destroy\Quarantine\Windows Explorer-0003.zip
C:\ProgramData\Spybot - Search & Destroy\Quarantine\Windows Explorer-0004.zip
C:\ProgramData\Spybot - Search & Destroy\Quarantine\Windows Explorer-0005.zip
C:\ProgramData\Spybot - Search & Destroy\Quarantine\Windows Media SDK-0000.zip
C:\ProgramData\Spybot - Search & Destroy\Quarantine\Windows-0000.zip
C:\ProgramData\Spybot - Search & Destroy\Quarantine\Windows-0001.zip
C:\ProgramData\Spybot - Search & Destroy\Quarantine\Windows-0002.zip
C:\ProgramData\Spybot - Search & Destroy\Quarantine\Windows.OpenWith-0000.zip
C:\Users\Franziska\Documents\Uni\Klinik\KFO\KFO Hauptvorlesung Sommer\2_01w_Festsitzende_Behandlung_Edgewise.pdf
C:\Users\Franziska\Documents\Uni\Klinik\KFO\KFO Hauptvorlesung Sommer\2_03w_Biomechanische_Grundbegriffe.pdf
C:\Users\Franziska\Documents\Uni\Klinik\KFO\KFO Hauptvorlesung Sommer\2_04w_BioZahnbeweg.pdf
C:\Users\Franziska\Documents\Uni\Klinik\KFO\KFO Hauptvorlesung Sommer\2_06w_Compound.pdf
C:\Users\Franziska\Documents\Uni\Klinik\KFO\KFO Hauptvorlesung Sommer\2_07w_Low-Pull-Headgear.pdf
C:\Users\Franziska\Documents\Uni\Klinik\KFO\KFO Hauptvorlesung Sommer\2_08w_offener_Biss.pdf
C:\Users\Franziska\Documents\Uni\Klinik\KFO\KFO Hauptvorlesung Sommer\2_09aw_Herausnehmbar.pdf
C:\Users\Franziska\Documents\Uni\Klinik\KFO\KFO Hauptvorlesung Sommer\2_09bw_Platten_Schrauben.pdf
C:\Users\Franziska\Documents\Uni\Klinik\KFO\KFO Hauptvorlesung Sommer\2_10w_Aktivator_1.pdf
C:\Users\Franziska\Documents\Uni\Klinik\KFO\KFO Hauptvorlesung Sommer\2_10w_Aktivator_2.pdf
C:\Users\Franziska\Documents\Uni\Klinik\KFO\KFO Hauptvorlesung Sommer\2_11w_Sander-II-Apparatur.pdf
C:\Users\Franziska\Documents\Uni\Klinik\KFO\KFO Hauptvorlesung Sommer\2_12w_Teuscher.pdf
C:\Users\Franziska\Documents\Uni\Klinik\KFO\KFO Hauptvorlesung Sommer\2_13w_Bionator.pdf
C:\Users\Franziska\Documents\Uni\Klinik\KFO\KFO Hauptvorlesung winter\1_01p_Transversale_Schmalkiefer_1.pdf
C:\Users\Franziska\Documents\Uni\Klinik\KFO\KFO Hauptvorlesung winter\1_02p_Transversale_Schmalkiefer_2.pdf
C:\Users\Franziska\Documents\Uni\Klinik\KFO\KFO Hauptvorlesung winter\1_03p_Transversale_Schmalkiefer_3.pdf
C:\Users\Franziska\Documents\Uni\Klinik\KFO\KFO Hauptvorlesung winter\1_04p_Modellanalyse_1.pdf
C:\Users\Franziska\Documents\Uni\Klinik\KFO\KFO Hauptvorlesung winter\1_05p_Modellanalyse_2.pdf
C:\Users\Franziska\Documents\Uni\Klinik\KFO\KFO Hauptvorlesung winter\1_07p_Funktionsanalyse.pdf
C:\Users\Franziska\Documents\Uni\Klinik\KFO\KFO Hauptvorlesung winter\1_08ap_Anamnese.pdf
C:\Users\Franziska\Documents\Uni\Klinik\KFO\KFO Hauptvorlesung winter\1_08bp_Roentgendiagnostik.pdf
C:\Users\Franziska\Documents\Uni\Klinik\KFO\KFO Hauptvorlesung winter\1_10ap_Vererbte_Anomalien_UB.pdf
C:\Users\Franziska\Documents\Uni\Klinik\KFO\KFO Hauptvorlesung winter\1_10p_Vererbte_Anomalien.pdf
C:\Users\Franziska\Documents\Uni\Klinik\KFO\KFO Hauptvorlesung winter\1_12p_Zahnueberzahl.pdf
C:\Users\Franziska\Documents\Uni\Klinik\KFO\KFO Hauptvorlesung winter\1_12p_Zahnunterzahl.pdf
C:\Windows.old\$WINDOWS.~BT\DUImageSandbox\Windows10.0-KB4512941-x86.cab
----------------------------------------------------------------
Code:
ATTFilter Malwarebytes
www.malwarebytes.com
-Protokolldetails-
Scan-Datum: 09.10.19
Scan-Zeit: 10:32
Protokolldatei: 5e75164e-ea6f-11e9-8193-00271365fd2c.json
-Softwaredaten-
Version: 3.8.3.2965
Komponentenversion: 1.0.629
Version des Aktualisierungspakets: 1.0.12821
Lizenz: Abgelaufen
-Systemdaten-
Betriebssystem: Windows 10 (Build 18362.356)
CPU: x86
Dateisystem: NTFS
Benutzer: System
-Scan-Übersicht-
Scan-Typ: Bedrohungs-Scan
Scan gestartet von: Zeitplaner
Ergebnis: Abgeschlossen
Gescannte Objekte: 231194
Erkannte Bedrohungen: 0
In die Quarantäne verschobene Bedrohungen: 0
Abgelaufene Zeit: 33 Min., 9 Sek.
-Scan-Optionen-
Speicher: Aktiviert
Start: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Deaktiviert
Heuristik: Aktiviert
PUP: Erkennung
PUM: Erkennung
-Scan-Details-
Prozess: 0
(keine bösartigen Elemente erkannt)
Modul: 0
(keine bösartigen Elemente erkannt)
Registrierungsschlüssel: 0
(keine bösartigen Elemente erkannt)
Registrierungswert: 0
(keine bösartigen Elemente erkannt)
Registrierungsdaten: 0
(keine bösartigen Elemente erkannt)
Daten-Stream: 0
(keine bösartigen Elemente erkannt)
Ordner: 0
(keine bösartigen Elemente erkannt)
Datei: 0
(keine bösartigen Elemente erkannt)
Physischer Sektor: 0
(keine bösartigen Elemente erkannt)
WMI: 0
(keine bösartigen Elemente erkannt)
(end)
Code:
ATTFilter Search results from Spybot - Search & Destroy
08.10.2019 11:42:16
Scan took 00:45:12.
21 items found.
Internet Explorer: [SBI $1E8157BE] Typed URL list (Registry Key, nothing done)
HKEY_USERS\S-1-5-21-203461993-3024751055-2779051881-1001\Software\Microsoft\Internet Explorer\TypedURLs
Category=Tracks
ThreatLevel=2
Weblink=hxxp://forums.spybot.info/forumdisplay.php?54
Internet Explorer: [SBI $1E8157BE] Typed URL list (Registry Key, nothing done)
HKEY_USERS\S-1-5-21-203461993-3024751055-2779051881-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-10082019092856585\Software\Microsoft\Internet Explorer\TypedURLs
Category=Tracks
ThreatLevel=2
Weblink=hxxp://forums.spybot.info/forumdisplay.php?54
Internet Explorer: [SBI $0BC7B918] User agent (Registry Change, nothing done)
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent
Category=Tracks
ThreatLevel=2
Weblink=hxxp://forums.spybot.info/forumdisplay.php?54
Internet Explorer: [SBI $0BC7B918] User agent (Registry Change, nothing done)
HKEY_USERS\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-10082019092855194\Software\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent
Category=Tracks
ThreatLevel=2
Weblink=hxxp://forums.spybot.info/forumdisplay.php?54
Internet Explorer: [SBI $0BC7B918] User agent (Registry Change, nothing done)
HKEY_USERS\S-1-5-21-203461993-3024751055-2779051881-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent
Category=Tracks
ThreatLevel=2
Weblink=hxxp://forums.spybot.info/forumdisplay.php?54
Internet Explorer: [SBI $0BC7B918] User agent (Registry Change, nothing done)
HKEY_USERS\S-1-5-21-203461993-3024751055-2779051881-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-10082019092856585\Software\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent
Category=Tracks
ThreatLevel=2
Weblink=hxxp://forums.spybot.info/forumdisplay.php?54
Internet Explorer: [SBI $0BC7B918] User agent (Registry Change, nothing done)
HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent
Category=Tracks
ThreatLevel=2
Weblink=hxxp://forums.spybot.info/forumdisplay.php?54
MS Media Player: [SBI $5C51E349] Client ID (Registry Change, nothing done)
HKEY_USERS\S-1-5-21-203461993-3024751055-2779051881-1001\Software\Microsoft\MediaPlayer\Player\Settings\Client ID
Category=Tracks
ThreatLevel=2
Weblink=hxxp://forums.spybot.info/forumdisplay.php?54
MS Media Player: [SBI $5C51E349] Client ID (Registry Change, nothing done)
HKEY_USERS\S-1-5-21-203461993-3024751055-2779051881-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-10082019092856585\Software\Microsoft\MediaPlayer\Player\Settings\Client ID
Category=Tracks
ThreatLevel=2
Weblink=hxxp://forums.spybot.info/forumdisplay.php?54
MS Direct3D: [SBI $C2A44980] Most recent application (Registry Change, nothing done)
HKEY_USERS\.DEFAULT\Software\Microsoft\Direct3D\MostRecentApplication\Name
Category=Tracks
ThreatLevel=2
Weblink=hxxp://forums.spybot.info/forumdisplay.php?54
MS Direct3D: [SBI $C2A44980] Most recent application (Registry Change, nothing done)
HKEY_USERS\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-10082019092855194\Software\Microsoft\Direct3D\MostRecentApplication\Name
Category=Tracks
ThreatLevel=2
Weblink=hxxp://forums.spybot.info/forumdisplay.php?54
MS Direct3D: [SBI $C2A44980] Most recent application (Registry Change, nothing done)
HKEY_USERS\S-1-5-18\Software\Microsoft\Direct3D\MostRecentApplication\Name
Category=Tracks
ThreatLevel=2
Weblink=hxxp://forums.spybot.info/forumdisplay.php?54
Windows.OpenWith: [SBI $F1129B32] Open with list - .CPL extension (Registry Key, nothing done)
HKEY_USERS\S-1-5-21-203461993-3024751055-2779051881-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.CPL\OpenWithList
Category=Tracks
ThreatLevel=2
Weblink=hxxp://forums.spybot.info/forumdisplay.php?54
Windows.OpenWith: [SBI $F1129B32] Open with list - .CPL extension (Registry Key, nothing done)
HKEY_USERS\S-1-5-21-203461993-3024751055-2779051881-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-10082019092856585\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.CPL\OpenWithList
Category=Tracks
ThreatLevel=2
Weblink=hxxp://forums.spybot.info/forumdisplay.php?54
Windows Explorer: [SBI $7308A845] Run history (Registry Key, nothing done)
HKEY_USERS\S-1-5-21-203461993-3024751055-2779051881-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\RunMRU
Category=Tracks
ThreatLevel=2
Weblink=hxxp://forums.spybot.info/forumdisplay.php?54
Windows Explorer: [SBI $7308A845] Run history (Registry Key, nothing done)
HKEY_USERS\S-1-5-21-203461993-3024751055-2779051881-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-10082019092856585\Software\Microsoft\Windows\CurrentVersion\Explorer\RunMRU
Category=Tracks
ThreatLevel=2
Weblink=hxxp://forums.spybot.info/forumdisplay.php?54
Windows Explorer: [SBI $D20DA0AD] Recent file global history (Registry Key, nothing done)
HKEY_USERS\S-1-5-21-203461993-3024751055-2779051881-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs
Category=Tracks
ThreatLevel=2
Weblink=hxxp://forums.spybot.info/forumdisplay.php?54
Windows Explorer: [SBI $D20DA0AD] Recent file global history (Registry Key, nothing done)
HKEY_USERS\S-1-5-21-203461993-3024751055-2779051881-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-10082019092856585\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs
Category=Tracks
ThreatLevel=2
Weblink=hxxp://forums.spybot.info/forumdisplay.php?54
Cookie: [SBI $BCOOKIES] Browser: Cookie (3) (Browser: Cookie, nothing done)
Category=Browser
ThreatLevel=1
Weblink=hxxp://forums.spybot.info/forumdisplay.php?54
Cache: [SBI $BCACHE00] Browser: Cache (27) (Browser: Cache, nothing done)
Category=Browser
ThreatLevel=1
Weblink=hxxp://forums.spybot.info/forumdisplay.php?54
History: [SBI $BHISTORY] Browser: History (32) (Browser: History, nothing done)
Category=Browser
ThreatLevel=1
Weblink=hxxp://forums.spybot.info/forumdisplay.php?54
--- Spybot - Search & Destroy version: 2.7.64.131 DLL (build: 20180214) ---
2018-04-20 blindman.exe (2.7.64.152)
2018-04-20 explorer.exe (2.7.64.191)
2018-02-06 SDBootCD.exe (2.7.64.109)
2018-04-20 SDCleaner.exe (2.7.64.110)
2018-04-20 SDDelFile.exe (2.7.64.94)
2013-06-18 SDDisableProxy.exe
2018-04-20 SDFiles.exe (2.7.64.137)
2018-04-20 SDFileScanHelper.exe (2.7.64.7)
2018-04-20 SDFSSvc.exe (2.7.64.219)
2018-04-20 SDHelp.exe (2.7.64.1)
2018-02-06 SDHookHelper.exe (2.7.64.2)
2018-02-06 SDHookInst32.exe (2.7.64.2)
2018-04-20 SDImmunize.exe (2.7.64.133)
2018-08-08 SDInformV27.exe (2.7.65.0)
2014-12-17 SDInformV2i-20141217.exe (1.0.0.0)
2018-08-22 SDLicense.exe (2.7.65.3)
2018-04-20 SDLogReport.exe (2.7.64.107)
2018-04-20 SDOnAccess.exe (2.7.64.12)
2018-04-20 SDPESetup.exe (2.7.64.3)
2018-04-20 SDPEStart.exe (2.7.64.86)
2018-04-20 SDPhoneScan.exe (2.7.64.29)
2018-04-20 SDPRE.exe (2.7.64.22)
2018-02-06 SDPrepPos.exe (2.7.64.15)
2018-04-20 SDQuarantine.exe (2.7.64.103)
2018-02-06 SDRootAlyzer.exe (2.7.64.116)
2018-02-06 SDSBIEdit.exe (2.7.64.39)
2018-04-20 SDScan.exe (2.7.64.191)
2018-02-06 SDScript.exe (2.7.64.54)
2018-04-20 SDSettings.exe (2.7.64.139)
2018-04-20 SDShell.exe (2.7.64.2)
2018-02-06 SDShred.exe (2.7.64.108)
2018-02-06 SDSysRepair.exe (2.7.64.102)
2018-02-06 SDTools.exe (2.7.64.157)
2018-04-20 SDTray.exe (2.7.64.129)
2018-04-20 SDUpdate.exe (2.7.64.98)
2018-04-20 SDUpdSvc.exe (2.7.64.82)
2018-08-08 SDUpgrade.exe (2.7.65.0)
2018-08-22 SDWelcome.exe (2.7.65.131)
2018-02-06 SDWSCSvc.exe (2.7.64.3)
2018-10-16 spybot-setup.exe (2.7.64.0)
2017-06-14 spybotsd2-install-av-update-2017.exe (2.6.46.0)
2017-02-15 spybotsd2-install-bdupd-2017a.exe (2.6.52.0)
2016-05-02 spybotsd2-install-iefreezefix.exe (2.4.40.0)
2016-11-30 spybotsd2-install-wsc-update-a.exe (2.6.52.0)
2014-07-31 spybotsd2-translation-esx.exe
2013-06-19 spybotsd2-translation-frx.exe
2015-03-25 spybotsd2-translation-hrx.exe
2014-08-25 spybotsd2-translation-hux2.exe
2014-10-01 spybotsd2-translation-nlx2.exe
2014-11-05 spybotsd2-translation-ukx.exe
2016-09-21 spybotsd2-updater-update.exe (2.6.52.0)
2015-07-28 spybotsd2-windows-upgrade-installer.exe (1.4.0.0)
2018-10-16 unins000.exe (51.1052.0.0)
2017-11-28 xcacls.exe
2017-11-28 borlndmm.dll (10.0.2288.42451)
2018-01-29 DelZip190.dll (1.9.0.119)
2018-01-29 DelZip192.dll (1.9.2.136)
2018-01-29 libeay32.dll (1.0.2.14)
2012-09-10 libssl32.dll (1.0.0.4)
2018-02-06 NotificationSpreader.dll (2.7.64.4)
2018-04-20 SDAdvancedCheckLibrary.dll (2.7.64.98)
2017-05-23 SDAV.dll (2.6.46.1)
2018-02-06 SDECon32.dll (2.7.64.114)
2018-02-06 SDEvents.dll (2.7.64.2)
2018-04-20 SDFileScanLibrary.dll (2.7.64.24)
2018-02-06 SDHook32.dll (2.7.64.2)
2018-04-20 SDImmunizeLibrary.dll (2.7.64.3)
2018-04-20 SDLicense.dll (2.7.64.3)
2018-04-20 SDLists.dll (2.7.64.8)
2018-02-06 SDResources.dll (2.7.64.7)
2018-04-20 SDScanLibrary.dll (2.7.64.131)
2018-04-20 SDTasks.dll (2.7.64.15)
2018-02-06 SDWinLogon.dll (2.7.64.0)
2018-01-29 sqlite3.dll (3.22.0.0)
2018-01-29 ssleay32.dll (1.0.2.14)
2018-02-06 Tools.dll (2.7.64.36)
2018-09-24 Includes\Adware-000.sbi (*)
2018-09-24 Includes\Adware-001.sbi (*)
2018-09-24 Includes\Adware-002.sbi (*)
2018-09-24 Includes\Adware-003.sbi (*)
2018-10-10 Includes\Adware-C.sbi (*)
2014-01-13 Includes\Adware.sbi (*)
2014-01-13 Includes\AdwareC.sbi (*)
2017-11-28 Includes\Cookies.sbi (*)
2014-11-14 Includes\Dialer-000.sbi (*)
2014-11-14 Includes\Dialer-001.sbi (*)
2018-06-20 Includes\Dialer-C.sbi (*)
2014-01-13 Includes\Dialer.sbi (*)
2014-01-13 Includes\DialerC.sbi (*)
2014-01-09 Includes\Fraud-000.sbi (*)
2017-01-30 Includes\Fraud-001.sbi (*)
2014-03-31 Includes\Fraud-002.sbi (*)
2016-07-06 Includes\Fraud-003.sbi (*)
2012-11-14 Includes\HeavyDuty.sbi (*)
2014-11-14 Includes\Hijackers-000.sbi (*)
2014-11-14 Includes\Hijackers-001.sbi (*)
2018-04-04 Includes\Hijackers-C.sbi (*)
2014-01-13 Includes\Hijackers.sbi (*)
2014-01-13 Includes\HijackersC.sbi (*)
2014-01-08 Includes\iPhone-000.sbi (*)
2014-01-08 Includes\iPhone.sbi (*)
2016-05-27 Includes\Keyloggers-000.sbi (*)
2018-09-26 Includes\Keyloggers-C.sbi (*)
2014-01-13 Includes\Keyloggers.sbi (*)
2014-01-13 Includes\KeyloggersC.sbi (*)
2015-06-25 Includes\Malware-000.sbi (*)
2014-11-14 Includes\Malware-001.sbi (*)
2018-04-12 Includes\Malware-002.sbi (*)
2016-11-07 Includes\Malware-003.sbi (*)
2014-11-14 Includes\Malware-004.sbi (*)
2014-11-14 Includes\Malware-005.sbi (*)
2014-02-26 Includes\Malware-006.sbi (*)
2014-01-09 Includes\Malware-007.sbi (*)
2018-09-19 Includes\Malware-C.sbi (*)
2014-01-13 Includes\Malware.sbi (*)
2014-01-13 Includes\MalwareC.sbi (*)
2018-05-02 Includes\PUPS-000.sbi (*)
2018-05-02 Includes\PUPS-001.sbi (*)
2018-05-02 Includes\PUPS-002.sbi (*)
2018-05-02 Includes\PUPS-003.sbi (*)
2018-05-02 Includes\PUPS-004.sbi (*)
2018-10-10 Includes\PUPS-C.sbi (*)
2014-01-13 Includes\PUPS.sbi (*)
2014-01-13 Includes\PUPSC.sbi (*)
2014-01-08 Includes\Security-000.sbi (*)
2018-08-01 Includes\Security-C.sbi (*)
2014-01-21 Includes\Security.sbi (*)
2014-01-21 Includes\SecurityC.sbi (*)
2015-11-11 Includes\Spyware-000.sbi (*)
2015-05-06 Includes\Spyware-001.sbi (*)
2018-06-20 Includes\Spyware-C.sbi (*)
2014-01-21 Includes\Spyware.sbi (*)
2014-01-21 Includes\SpywareC.sbi (*)
2011-06-07 Includes\Tracks.sbi (*)
2012-11-19 Includes\Tracks.uti (*)
2017-06-28 Includes\Trojans-000.sbi (*)
2014-01-15 Includes\Trojans-001.sbi (*)
2017-10-25 Includes\Trojans-002.sbi (*)
2016-01-20 Includes\Trojans-003.sbi (*)
2018-08-20 Includes\Trojans-004.sbi (*)
2014-03-19 Includes\Trojans-005.sbi (*)
2015-03-31 Includes\Trojans-006.sbi (*)
2017-12-01 Includes\Trojans-007.sbi (*)
2014-07-09 Includes\Trojans-008.sbi (*)
2018-06-21 Includes\Trojans-009.sbi (*)
2018-06-21 Includes\Trojans-010.sbi (*)
2018-10-10 Includes\Trojans-C.sbi (*)
2014-01-15 Includes\Trojans-OG-000.sbi (*)
2014-01-15 Includes\Trojans-TD-000.sbi (*)
2014-01-15 Includes\Trojans-VM-000.sbi (*)
2014-01-15 Includes\Trojans-VM-001.sbi (*)
2014-01-15 Includes\Trojans-VM-002.sbi (*)
2014-01-15 Includes\Trojans-VM-003.sbi (*)
2014-01-15 Includes\Trojans-VM-004.sbi (*)
2014-01-15 Includes\Trojans-VM-005.sbi (*)
2014-01-15 Includes\Trojans-VM-006.sbi (*)
2014-01-15 Includes\Trojans-VM-007.sbi (*)
2014-01-15 Includes\Trojans-VM-008.sbi (*)
2014-01-15 Includes\Trojans-VM-009.sbi (*)
2014-01-15 Includes\Trojans-VM-010.sbi (*)
2014-01-15 Includes\Trojans-VM-011.sbi (*)
2014-01-15 Includes\Trojans-VM-012.sbi (*)
2014-01-15 Includes\Trojans-VM-013.sbi (*)
2014-01-15 Includes\Trojans-VM-014.sbi (*)
2014-01-15 Includes\Trojans-VM-015.sbi (*)
2014-01-15 Includes\Trojans-VM-016.sbi (*)
2014-01-15 Includes\Trojans-VM-017.sbi (*)
2014-01-15 Includes\Trojans-VM-018.sbi (*)
2014-01-15 Includes\Trojans-VM-019.sbi (*)
2014-01-15 Includes\Trojans-VM-020.sbi (*)
2014-01-15 Includes\Trojans-VM-021.sbi (*)
2014-01-15 Includes\Trojans-VM-022.sbi (*)
2014-01-15 Includes\Trojans-VM-023.sbi (*)
2014-01-15 Includes\Trojans-VM-024.sbi (*)
2014-01-15 Includes\Trojans-ZB-000.sbi (*)
2016-02-03 Includes\Trojans-ZL-000.sbi (*)
2014-01-09 Includes\Trojans.sbi (*)
2014-01-16 Includes\TrojansC-01.sbi (*)
2014-01-16 Includes\TrojansC-02.sbi (*)
2014-01-16 Includes\TrojansC-03.sbi (*)
2014-01-16 Includes\TrojansC-04.sbi (*)
2014-01-16 Includes\TrojansC-05.sbi (*)
2014-01-09 Includes\TrojansC.sbi (*)
Das ist der Log nach dem Cleaning:
[i] 19-10-08 11:44:54
[i] 19-10-08 11:44:54 Product Internet Explorer
[+] 19-10-08 11:44:54 Moving into quarantine HKEY_USERS\S-1-5-21-203461993-3024751055-2779051881-1001\Software\Microsoft\Internet Explorer\TypedURLs
[+] 19-10-08 11:44:54 Moving into quarantine HKEY_USERS\S-1-5-21-203461993-3024751055-2779051881-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-10082019092856585\Software\Microsoft\Internet Explorer\TypedURLs
[+] 19-10-08 11:44:54 Moving into quarantine HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent
[+] 19-10-08 11:44:54 Moving into quarantine HKEY_USERS\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-10082019092855194\Software\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent
[+] 19-10-08 11:44:54 Moving into quarantine HKEY_USERS\S-1-5-21-203461993-3024751055-2779051881-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent
[+] 19-10-08 11:44:54 Moving into quarantine HKEY_USERS\S-1-5-21-203461993-3024751055-2779051881-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-10082019092856585\Software\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent
[+] 19-10-08 11:44:54 Moving into quarantine HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent
[+] 19-10-08 11:44:54 Successfully cleaned HKEY_USERS\S-1-5-21-203461993-3024751055-2779051881-1001\Software\Microsoft\Internet Explorer\TypedURLs
[+] 19-10-08 11:44:54 Successfully cleaned HKEY_USERS\S-1-5-21-203461993-3024751055-2779051881-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-10082019092856585\Software\Microsoft\Internet Explorer\TypedURLs
[+] 19-10-08 11:44:54 Successfully cleaned HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent
[+] 19-10-08 11:44:54 Successfully cleaned HKEY_USERS\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-10082019092855194\Software\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent
[+] 19-10-08 11:44:54 Successfully cleaned HKEY_USERS\S-1-5-21-203461993-3024751055-2779051881-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent
[+] 19-10-08 11:44:54 Successfully cleaned HKEY_USERS\S-1-5-21-203461993-3024751055-2779051881-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-10082019092856585\Software\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent
[+] 19-10-08 11:44:54 Successfully cleaned HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent
[i] 19-10-08 11:44:54
[i] 19-10-08 11:44:54 Product MS Media Player
[+] 19-10-08 11:44:54 Moving into quarantine HKEY_USERS\S-1-5-21-203461993-3024751055-2779051881-1001\Software\Microsoft\MediaPlayer\Player\Settings\Client ID
[+] 19-10-08 11:44:54 Moving into quarantine HKEY_USERS\S-1-5-21-203461993-3024751055-2779051881-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-10082019092856585\Software\Microsoft\MediaPlayer\Player\Settings\Client ID
[+] 19-10-08 11:44:55 Successfully cleaned HKEY_USERS\S-1-5-21-203461993-3024751055-2779051881-1001\Software\Microsoft\MediaPlayer\Player\Settings\Client ID
[+] 19-10-08 11:44:55 Successfully cleaned HKEY_USERS\S-1-5-21-203461993-3024751055-2779051881-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-10082019092856585\Software\Microsoft\MediaPlayer\Player\Settings\Client ID
[i] 19-10-08 11:44:55
[i] 19-10-08 11:44:55 Product MS Direct3D
[+] 19-10-08 11:44:55 Moving into quarantine HKEY_USERS\.DEFAULT\Software\Microsoft\Direct3D\MostRecentApplication\Name
[+] 19-10-08 11:44:55 Moving into quarantine HKEY_USERS\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-10082019092855194\Software\Microsoft\Direct3D\MostRecentApplication\Name
[+] 19-10-08 11:44:55 Moving into quarantine HKEY_USERS\S-1-5-18\Software\Microsoft\Direct3D\MostRecentApplication\Name
[+] 19-10-08 11:44:55 Successfully cleaned HKEY_USERS\.DEFAULT\Software\Microsoft\Direct3D\MostRecentApplication\Name
[+] 19-10-08 11:44:55 Successfully cleaned HKEY_USERS\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-10082019092855194\Software\Microsoft\Direct3D\MostRecentApplication\Name
[+] 19-10-08 11:44:55 Successfully cleaned HKEY_USERS\S-1-5-18\Software\Microsoft\Direct3D\MostRecentApplication\Name
[i] 19-10-08 11:44:55
[i] 19-10-08 11:44:55 Product Windows.OpenWith
[+] 19-10-08 11:44:55 Moving into quarantine HKEY_USERS\S-1-5-21-203461993-3024751055-2779051881-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.CPL\OpenWithList
[+] 19-10-08 11:44:55 Moving into quarantine HKEY_USERS\S-1-5-21-203461993-3024751055-2779051881-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-10082019092856585\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.CPL\OpenWithList
[+] 19-10-08 11:44:55 Successfully cleaned HKEY_USERS\S-1-5-21-203461993-3024751055-2779051881-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.CPL\OpenWithList
[+] 19-10-08 11:44:55 Successfully cleaned HKEY_USERS\S-1-5-21-203461993-3024751055-2779051881-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-10082019092856585\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.CPL\OpenWithList
[i] 19-10-08 11:44:55
[i] 19-10-08 11:44:55 Product Windows Explorer
[+] 19-10-08 11:44:55 Moving into quarantine HKEY_USERS\S-1-5-21-203461993-3024751055-2779051881-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\RunMRU
[+] 19-10-08 11:44:55 Moving into quarantine HKEY_USERS\S-1-5-21-203461993-3024751055-2779051881-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-10082019092856585\Software\Microsoft\Windows\CurrentVersion\Explorer\RunMRU
[+] 19-10-08 11:44:55 Moving into quarantine HKEY_USERS\S-1-5-21-203461993-3024751055-2779051881-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs
[+] 19-10-08 11:44:55 Moving into quarantine HKEY_USERS\S-1-5-21-203461993-3024751055-2779051881-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-10082019092856585\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs
[+] 19-10-08 11:44:55 Successfully cleaned HKEY_USERS\S-1-5-21-203461993-3024751055-2779051881-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\RunMRU
[+] 19-10-08 11:44:55 Successfully cleaned HKEY_USERS\S-1-5-21-203461993-3024751055-2779051881-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-10082019092856585\Software\Microsoft\Windows\CurrentVersion\Explorer\RunMRU
[+] 19-10-08 11:44:55 Successfully cleaned HKEY_USERS\S-1-5-21-203461993-3024751055-2779051881-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs
[+] 19-10-08 11:44:55 Successfully cleaned HKEY_USERS\S-1-5-21-203461993-3024751055-2779051881-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-10082019092856585\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs
[i] 19-10-08 11:44:55
[i] 19-10-08 11:44:55 Product Cookie
[+] 19-10-08 11:44:55 Moving into quarantine Internet Explorer (User) (Franziska)Cookies
[+] 19-10-08 11:44:56 Successfully cleaned Internet Explorer (User) (Franziska)Cookies
[i] 19-10-08 11:44:56
[i] 19-10-08 11:44:56 Product Cache
[+] 19-10-08 11:44:56 Moving into quarantine Internet Explorer (User) (Franziska)Cache
[+] 19-10-08 11:44:56 Successfully cleaned Internet Explorer (User) (Franziska)Cache
[i] 19-10-08 11:44:56
[i] 19-10-08 11:44:56 Product History
[+] 19-10-08 11:44:56 Moving into quarantine Internet Explorer (User) (Franziska)History
[+] 19-10-08 11:44:56 Successfully cleaned Internet Explorer (User) (Franziska)History
[i] 19-10-08 11:44:56
[i] 19-10-08 11:44:56 Summary
[i] 19-10-08 11:44:56 Errors while cleaning 0
[i] 19-10-08 11:44:56 Files moved into quarantine 21
[i] 19-10-08 11:44:56 Files successfully cleaned 21
Wie soll ich weiter vorgehen? Vielen Dank für die Hilfe! Viele Grüße Geändert von cosinus (09.10.2019 um 10:37 Uhr) Grund: code tags |
| Themen zu Windows 10: Webbrowserinfektion (Fingerprint: [32306749]) von G Data erkannt |
| appdata, bericht, datei, dateien, dringend, ergebnis, festplatte, folge, frage, gdata, infektion, infizierte, internet, kompatibel, malwarebytes, microsoft, online-banking, prozesse, prüfen, scan, schädling, spybot, temp, virus, windows, windowsapps |
![Windows 10: Webbrowserinfektion (Fingerprint: [32306749]) von G Data erkannt](iconimages/log-analyse-auswertung/windows-10-webbrowserinfektion-fingerprint-32306749-g-data-erkannt_ltr.gif)
Baum-Darstellung