| |
| |||||||
Log-Analyse und Auswertung: Malware? Ergebnis des Log-FilesWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
12.07.2015, 17:17
| #1 |
| |  Malware? Ergebnis des Log-Files Habe wohl versehentlich Malware, Phishing oder ähnliches nach öffnen eines Links installiert. Was genau passiert ist, weiss ich leider nicht. Jedenfalls öffnen sich beim klicken auf Links nicht passende Websites, Pop ups gehen einfach auf und meine Browser sind voll von Werbung trotz AdBlockPlus. Habe nun nach "Anleitung: Malwarebytes Anti-Malware " aus diesem Forum installiert und Suchlauf gestartet. Freue mich nun über Hilfe. Im Log-Ordner finde ich zwei Files. Hier der Inhalt des Ersten, mit dem Namen: protection-log-2015-07-12.xml Code:
ATTFilter <?xml version="1.0" encoding="UTF-8"?>
-<logs>
<record toVersion="2015.7.12.2" name="Malware Database" last_modified_tag="74ec6303-1c19-488a-93ac-11442ca6d4ad" fromVersion="2015.7.10.4" systemname="THINKPAD" username="SYSTEM" type="Update" source="Scheduler" datetime="2015-07-12T16:32:14.383956+02:00" LoggingEventType="1" severity="debug"/>
<record toVersion="2015.6.12.1" name="IP Database" last_modified_tag="bd5135b5-68b3-49c8-8a0b-b954a85122a7" fromVersion="0.0.0.0" systemname="THINKPAD" username="SYSTEM" type="Update" source="Manual" datetime="2015-07-12T17:49:09.295197+02:00" LoggingEventType="1" severity="debug"/>
<record toVersion="2015.6.12.1" name="Domain Database" last_modified_tag="f8c6da2a-9ede-4ca8-a3f2-a17af90c98e1" fromVersion="0.0.0.0" systemname="THINKPAD" username="SYSTEM" type="Update" source="Manual" datetime="2015-07-12T17:49:09.303204+02:00" LoggingEventType="1" severity="debug"/>
<record toVersion="2015.7.10.1" name="Rootkit Database" last_modified_tag="3d452f8a-faa2-40f6-947a-f09a038eaf4d" fromVersion="2015.2.25.1" systemname="THINKPAD" username="SYSTEM" type="Update" source="Manual" datetime="2015-07-12T17:49:09.714833+02:00" LoggingEventType="1" severity="debug"/>
<record toVersion="2015.7.1.2" name="Remediation Database" last_modified_tag="2766d606-3ba1-4ec2-9716-70a431aafdea" fromVersion="2015.3.9.1" systemname="THINKPAD" username="SYSTEM" type="Update" source="Manual" datetime="2015-07-12T17:49:10.375178+02:00" LoggingEventType="1" severity="debug"/>
<record toVersion="2015.7.12.2" name="Malware Database" last_modified_tag="d8db089e-3845-4d9a-8949-d1fcd91497dd" fromVersion="2015.3.9.5" systemname="THINKPAD" username="SYSTEM" type="Update" source="Manual" datetime="2015-07-12T17:49:39.235709+02:00" LoggingEventType="1" severity="debug"/>
<record last_modified_tag="149a5e9b-238c-47ee-8fb0-0887d2387680" systemname="THINKPAD" username="SYSTEM" type="Scan" source="Manual" datetime="2015-07-12T18:02:49.325581+02:00" LoggingEventType="6" severity="debug" scanresult="completed" nonmalwaredetections="28" malwaredetections="0" duration="671" starttime="2015-07-12T17:50:00+02:00" scantype="threat"/>
</logs>
Das zweite Log File mit dem Namen: mbam-log-2015-07-12 (17-49-41).xml Code:
ATTFilter <?xml version="1.0" encoding="UTF-16"?>
-<mbam-log>
-<header>
<date>2015/07/12 17:50:00 +0200</date>
<logfile>mbam-log-2015-07-12 (17-49-41).xml</logfile>
<isadmin>yes</isadmin>
</header>
-<engine>
<version>2.01.6.1022</version>
<malware-database>v2015.07.12.02</malware-database>
<rootkit-database>v2015.07.10.01</rootkit-database>
<license>free</license>
<file-protection>disabled</file-protection>
<web-protection>disabled</web-protection>
<self-protection>disabled</self-protection>
</engine>
-<system>
<osversion>Windows 8.1</osversion>
<arch>x86</arch>
<username>Christopher</username>
<filesys>NTFS</filesys>
</system>
-<summary>
<type>threat</type>
<result>completed</result>
<objects>333958</objects>
<time>671</time>
<processes>2</processes>
<modules>8</modules>
<keys>1</keys>
<values>1</values>
<datas>0</datas>
<folders>2</folders>
<files>14</files>
<sectors>0</sectors>
</summary>
-<options>
<memory>enabled</memory>
<startup>enabled</startup>
<filesystem>enabled</filesystem>
<archives>enabled</archives>
<rootkits>disabled</rootkits>
<deeprootkit>disabled</deeprootkit>
<heuristics>enabled</heuristics>
<pup>enabled</pup>
<pum>enabled</pum>
</options>
-<items>
-<process>
<path>C:\Program Files\KuokaKpinque\KuokaKpinque.exe</path>
<vendor>PUP.Optional.PrxySvrRST</vendor>
<action>delete-on-reboot</action>
<pid>2004</pid>
<hash>c81ae8f84446ff37428a88324ab755ab</hash>
</process>
-<process>
<path>C:\Program Files\KuokaKpinque\KuokaKpinque.exe</path>
<vendor>PUP.Optional.PrxySvrRST</vendor>
<action>delete-on-reboot</action>
<pid>5332</pid>
<hash>c81ae8f84446ff37428a88324ab755ab</hash>
</process>
-<module>
<path>C:\Program Files\KuokaKpinque\msvcp120.dll</path>
<vendor>PUP.Optional.Obrona.Gen</vendor>
<action>delete-on-reboot</action>
<hash>21c1d30d0c7e1125e15a40c0a45fb64a</hash>
</module>
-<module>
<path>C:\Program Files\KuokaKpinque\msvcp120.dll</path>
<vendor>PUP.Optional.Obrona.Gen</vendor>
<action>delete-on-reboot</action>
<hash>21c1d30d0c7e1125e15a40c0a45fb64a</hash>
</module>
-<module>
<path>C:\Program Files\KuokaKpinque\msvcr120.dll</path>
<vendor>PUP.Optional.Obrona.Gen</vendor>
<action>delete-on-reboot</action>
<hash>21c1d30d0c7e1125e15a40c0a45fb64a</hash>
</module>
-<module>
<path>C:\Program Files\KuokaKpinque\msvcr120.dll</path>
<vendor>PUP.Optional.Obrona.Gen</vendor>
<action>delete-on-reboot</action>
<hash>21c1d30d0c7e1125e15a40c0a45fb64a</hash>
</module>
-<module>
<path>C:\Program Files\KuokaKpinque\Qt5Core.dll</path>
<vendor>PUP.Optional.Obrona.Gen</vendor>
<action>delete-on-reboot</action>
<hash>21c1d30d0c7e1125e15a40c0a45fb64a</hash>
</module>
-<module>
<path>C:\Program Files\KuokaKpinque\Qt5Core.dll</path>
<vendor>PUP.Optional.Obrona.Gen</vendor>
<action>delete-on-reboot</action>
<hash>21c1d30d0c7e1125e15a40c0a45fb64a</hash>
</module>
-<module>
<path>C:\Program Files\KuokaKpinque\Qt5Network.dll</path>
<vendor>PUP.Optional.Obrona.Gen</vendor>
<action>delete-on-reboot</action>
<hash>21c1d30d0c7e1125e15a40c0a45fb64a</hash>
</module>
-<module>
<path>C:\Program Files\KuokaKpinque\Qt5Network.dll</path>
<vendor>PUP.Optional.Obrona.Gen</vendor>
<action>delete-on-reboot</action>
<hash>21c1d30d0c7e1125e15a40c0a45fb64a</hash>
</module>
-<key>
<path>HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\KuokaKpinque</path>
<vendor>PUP.Optional.PrxySvrRST</vendor>
<action>success</action>
<hash>c81ae8f84446ff37428a88324ab755ab</hash>
</key>
-<value>
<path>HKU\S-1-5-21-3540895450-3843021349-4200515488-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS</path>
<valuename>ProxyServer</valuename>
<vendor>PUM.Bad.Proxy</vendor>
<action>success</action>
<valuedata>http=127.0.0.1:9880</valuedata>
<hash>3aa87967325868ce85967baa887bbe42</hash>
</value>
-<folder>
<path>C:\Program Files\KuokaKpinque</path>
<vendor>PUP.Optional.Obrona.Gen</vendor>
<action>delete-on-reboot</action>
<hash>21c1d30d0c7e1125e15a40c0a45fb64a</hash>
</folder>
-<folder>
<path>C:\Program Files\KuokaKpinque\platforms</path>
<vendor>PUP.Optional.Obrona.Gen</vendor>
<action>success</action>
<hash>21c1d30d0c7e1125e15a40c0a45fb64a</hash>
</folder>
-<file>
<path>C:\Program Files\KuokaKpinque\KuokaKpinque.exe</path>
<vendor>PUP.Optional.PrxySvrRST</vendor>
<action>delete-on-reboot</action>
<hash>c81ae8f84446ff37428a88324ab755ab</hash>
</file>
-<file>
<path>C:\Users\Christopher\AppData\Roaming\Mozilla\Firefox\Profiles\{DefaultProfilesFolder}\extensions\toolbar_AVIRA-V7@apn.ask.com.xpi</path>
<vendor>PUP.Optional.AskAPN.Gen</vendor>
<action>success</action>
<hash>9052ad338efcee4831ef01ff55ae38c8</hash>
</file>
-<file>
<path>C:\Program Files\KuokaKpinque\LoopbackForWin8.exe</path>
<vendor>PUP.Optional.Obrona.Gen</vendor>
<action>success</action>
<hash>21c1d30d0c7e1125e15a40c0a45fb64a</hash>
</file>
-<file>
<path>C:\Program Files\KuokaKpinque\msvcp120.dll</path>
<vendor>PUP.Optional.Obrona.Gen</vendor>
<action>delete-on-reboot</action>
<hash>21c1d30d0c7e1125e15a40c0a45fb64a</hash>
</file>
-<file>
<path>C:\Program Files\KuokaKpinque\msvcr120.dll</path>
<vendor>PUP.Optional.Obrona.Gen</vendor>
<action>delete-on-reboot</action>
<hash>21c1d30d0c7e1125e15a40c0a45fb64a</hash>
</file>
-<file>
<path>C:\Program Files\KuokaKpinque\Qt5Core.dll</path>
<vendor>PUP.Optional.Obrona.Gen</vendor>
<action>delete-on-reboot</action>
<hash>21c1d30d0c7e1125e15a40c0a45fb64a</hash>
</file>
-<file>
<path>C:\Program Files\KuokaKpinque\Qt5Network.dll</path>
<vendor>PUP.Optional.Obrona.Gen</vendor>
<action>delete-on-reboot</action>
<hash>21c1d30d0c7e1125e15a40c0a45fb64a</hash>
</file>
-<file>
<path>C:\Program Files\KuokaKpinque\platforms\qwindows.dll</path>
<vendor>PUP.Optional.Obrona.Gen</vendor>
<action>success</action>
<hash>21c1d30d0c7e1125e15a40c0a45fb64a</hash>
</file>
-<file>
<path>C:\Users\Christopher\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_static.pricepeep00.pricepeep.net_0.localstorage</path>
<vendor>PUP.Optional.PricePeep.A</vendor>
<action>delete-on-reboot</action>
<hash>548ebc24d7b340f60b6da75ba360e020</hash>
</file>
-<file>
<path>C:\Users\Christopher\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_static.pricepeep00.pricepeep.net_0.localstorage-journal</path>
<vendor>PUP.Optional.PricePeep.A</vendor>
<action>delete-on-reboot</action>
<hash>2cb611cf56346ec886f2ec16d92a50b0</hash>
</file>
-<file>
<path>C:\Users\Christopher\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_inst.shoppingate.info_0.localstorage</path>
<vendor>PUP.Optional.ShoppingGate.A</vendor>
<action>delete-on-reboot</action>
<hash>c81a10d06822ac8a0b925bdced164db3</hash>
</file>
-<file>
<path>C:\Users\Christopher\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_inst.shoppingate.info_0.localstorage-journal</path>
<vendor>PUP.Optional.ShoppingGate.A</vendor>
<action>delete-on-reboot</action>
<hash>b52d835da2e8c274c5d8e3543fc4f60a</hash>
</file>
-<file>
<path>C:\Users\Christopher\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_static.re-markable00.re-markable.net_0.localstorage</path>
<vendor>PUP.Optional.ReMarkable.A</vendor>
<action>delete-on-reboot</action>
<hash>f0f200e00b7f0a2c74c8f09511f313ed</hash>
</file>
-<file>
<path>C:\Users\Christopher\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_static.re-markable00.re-markable.net_0.localstorage-journal</path>
<vendor>PUP.Optional.ReMarkable.A</vendor>
<action>delete-on-reboot</action>
<hash>10d2825e8505c86ee854a9dced178878</hash>
</file>
</items>
</mbam-log>
Geändert von ckesting82 (12.07.2015 um 18:03 Uhr) |
| Themen zu Malware? Ergebnis des Log-Files |
| anleitung, anti-malware, debug, domain, ergebnis, forum, freue, installier, installiert, leitung, log-file, malware, malwarebytes, malwarebytes anti-malware, malwarede, manual, pup.optional.obrona.gen, pup.optional.prxysvrrst, rootkit, scan, scheduler, source, system, thinkpad, threat, update, version |
Baum-Darstellung