| |
| |||||||
Log-Analyse und Auswertung: Windows 8.1 64 bit: Java Update Fake in allen Browsern (z.B. von mostshinstar.com)Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
| |
24.04.2014, 22:02
| #1 |
 |  Windows 8.1 64 bit: Java Update Fake in allen Browsern (z.B. von mostshinstar.com) Neee gar nix mach ich mehr  aber ich hab doch mal die alten logs von Malwarebytes gefunden:<?xml version="1.0" encoding="UTF-16" ?> <mbam-log> <header> <date>2014/04/22 23:13:51 +0200</date> <log>mbam-log-2014-04-22 (23-08-22).xml</log> <isadmin>yes</isadmin> </header> <engine> <version>2.00.1.1004</version> <rules-database>v2014.04.22.05</rules-database> <swissarmy-database>v2014.03.27.01</swissarmy-database> <license>free</license> <file-protection>disabled</file-protection> <web-protection>disabled</web-protection> <self-protection>disabled</self-protection> </engine> <system> <osversion>Windows 8.1</osversion> <arch>x64</arch> <username>DerGrosse</username> <filesys>NTFS</filesys> </system> <summary> <type>threat</type> <result>cancelled</result> <objects>72709</objects> <time>328</time> <processes>1</processes> <modules>0</modules> <keys>4</keys> <values>0</values> <datas>0</datas> <folders>0</folders> <files>2</files> <sectors>0</sectors> </summary> <options> <memory>enabled</memory> <startup>enabled</startup> <filesystem>enabled</filesystem> <archives>enabled</archives> <rootkits>disabled</rootkits> <deeprootkit>disabled</deeprootkit> <shuriken>enabled</shuriken> <pup>enabled</pup> <pum>enabled</pum> </options> <items> <process><path>C:\Program Files\002\yewimmxqbs64.exe</path><vendor>Adware.Adpeak</vendor><action>delete-on-reboot</action><pid>5684</pid><hash>2538cc6195e6989eb5bc22fe28dc629e</hash></process> <key><path>HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\yewimmxqbs64</path><vendor>Adware.Adpeak</vendor><action>success</action><hash>2538cc6195e6989eb5bc22fe28dc629e</hash></key> <key><path>HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{10AD2C61-0898-4348-8600-14A342F22AC3}</path><vendor>PUP.Optional.AdPeak.A</vendor><action>success</action><hash>d489220b522964d214cc8a8c9d65f10f</hash></key> <key><path>HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{10AD2C61-0898-4348-8600-14A342F22AC3}</path><vendor>PUP.Optional.AdPeak.A</vendor><action>success</action><hash>d489220b522964d214cc8a8c9d65f10f</hash></key> <key><path>HKU\S-1-5-21-2705255475-1628493413-3981717287-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{AEAC172E-2E4B-4B92-9AF6-B0CDB1ACECDB}</path><vendor>PUP.Optional.BrowseMark.A</vendor><action>success</action><hash>64f92706047753e3b3ae898ecc3605fb</hash></key> <file><path>C:\Program Files\002\yewimmxqbs64.exe</path><vendor>Adware.Adpeak</vendor><action>delete-on-reboot</action><hash>2538cc6195e6989eb5bc22fe28dc629e</hash></file> <file><path>C:\Program Files (x86)\Rr Savings\RrSavings.dll</path><vendor>PUP.Optional.AdPeak.A</vendor><action>success</action><hash>d489220b522964d214cc8a8c9d65f10f</hash></file> </items> </mbam-log> <?xml version="1.0" encoding="UTF-16" ?> <mbam-log> <header> <date>2014/04/22 23:53:36 +0200</date> <log>mbam-log-2014-04-22 (23-37-11).xml</log> <isadmin>yes</isadmin> </header> <engine> <version>2.00.1.1004</version> <rules-database>v2014.04.22.07</rules-database> <swissarmy-database>v2014.03.27.01</swissarmy-database> <license>free</license> <file-protection>disabled</file-protection> <web-protection>disabled</web-protection> <self-protection>disabled</self-protection> </engine> <system> <osversion>Windows 8.1</osversion> <arch>x64</arch> <username>DerGrosse</username> <filesys>NTFS</filesys> </system> <summary> <type>threat</type> <result>completed</result> <objects>307183</objects> <time>977</time> <processes>0</processes> <modules>0</modules> <keys>5</keys> <values>1</values> <datas>0</datas> <folders>0</folders> <files>1</files> <sectors>0</sectors> </summary> <options> <memory>enabled</memory> <startup>enabled</startup> <filesystem>enabled</filesystem> <archives>enabled</archives> <rootkits>disabled</rootkits> <deeprootkit>disabled</deeprootkit> <shuriken>enabled</shuriken> <pup>enabled</pup> <pum>enabled</pum> </options> <items> <key><path>HKLM\SOFTWARE\rrsavings</path><vendor>PUP.Optional.RRSavings.A</vendor><action>success</action><hash>085755d80279a88e7815c2ab748e867a</hash></key> <key><path>HKU\S-1-5-21-2705255475-1628493413-3981717287-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\Rr Savings</path><vendor>PUP.Optional.RRSavings.A</vendor><action>delete-on-reboot</action><hash>dc83012c3942d363d5be82eb3ac84db3</hash></key> <key><path>HKU\S-1-5-21-2705255475-1628493413-3981717287-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLCORE\1I1T1Q1S</path><vendor>PUP.Optional.InstallCore.A</vendor><action>delete-on-reboot</action><hash>df80a18caecd44f26aef8af728da2ed2</hash></key> <key><path>HKU\S-1-5-21-2705255475-1628493413-3981717287-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLCORE</path><vendor>PUP.Optional.InstallCore.A</vendor><action>delete-on-reboot</action><hash>4718939acfacda5c8ffcebacb94ad22e</hash></key> <key><path>HKU\S-1-5-21-2705255475-1628493413-3981717287-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\SOFTONIC\Universal Downloader</path><vendor>PUP.Optional.Softonic.A</vendor><action>delete-on-reboot</action><hash>67f8be6fc9b2f34333510a6511f1718f</hash></key> <value><path>HKU\S-1-5-21-2705255475-1628493413-3981717287-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLCORE</path><valuename>tb</valuename><vendor>PUP.Optional.InstallCore.A</vendor><action>delete-on-reboot</action><valuedata>0I2Z1H1E2V1R0O1O</valuedata><hash>4718939acfacda5c8ffcebacb94ad22e</hash></value> <file><path>C:\Users\DerGrosse\AppData\Local\Temp\instract.exe</path><vendor>PUP.Optional.OutBrowse</vendor><action>success</action><hash>0659f33abfbc94a2fd2368034fb26b95</hash></file> </items> </mbam-log> Nach diesen zwei Suchläufen hatte Malwarebytes nichts mehr gefunden. Das war gestern. |
|
24.04.2014, 22:04
| #2 |
| /// TB-Ausbilder /// Anleitungs-Guru  | Windows 8.1 64 bit: Java Update Fake in allen Browsern (z.B. von mostshinstar.com) OK, Danke! Kannst vielleicht noch einen Screenshot von diesem Java-Update machen wenn es kommt? Sieht das auch so aus?
__________________ Geändert von deeprybka (24.04.2014 um 22:29 Uhr) |
|
| Themen zu Windows 8.1 64 bit: Java Update Fake in allen Browsern (z.B. von mostshinstar.com) |
| adware/adware.gen, browser, explorer, html/scrinject.b.gen, internet, internet explorer, java update, malwarebytes, neue, programm, pup.optional.adpeak.a, pup.optional.browsemark.a, pup.optional.outbrowse, pup.optional.rrsavings, pup.optional.rrsavings.a, scanner, speichern, virenscanner, win32/adware.speedingupmypc.g, windows, windows 8.1 64 bit, windows 8.1 64bit |
Hybrid-Darstellung
