![]() |
|
Log-Analyse und Auswertung: Windows 10: Webbrowserinfektion (Fingerprint: [32306749]) von G Data erkanntWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
![]() | #1 |
![]() ![]() | ![]() Windows 10: Webbrowserinfektion (Fingerprint: [32306749]) von G Data erkannt Hallo, G Data hat gestern bei mir eine Infektion meines Webbrowser festgestellt. Ich habe darauf hin den Virenscanner von G Data verwendet, Malwarebytes, Spybot und JRT Da heute Morgen wieder ein Virus gefunden wurde habe ich mich entschlossen euch um Rat zu fragen. Ich wollte das FRST downloaden und ausführen. Mein PC hat gemeldet das es nicht kompatibel ist. Das sind die Logs von GData: Code:
ATTFilter Beim Öffnen der Datei "C:\Users\Admin\AppData\Local\Temp\wkMEOwQX.exe.part" wurde der Virus "Trojan.GenericKD.32565697 (Engine A)" entdeckt. Zugriff verweigert. (Engine A: AVA 25.23646, Engine B: GD 26.16227) Beim Öffnen der Datei "C:\Users\Franziska\AppData\Local\Temp\AaLcxMpM.exe.part" wurde der Virus "Trojan.GenericKD.32565697 (Engine A)" entdeckt. Zugriff verweigert. (Engine A: AVA 25.23646, Engine B: GD 26.16227) Im Browser wurde der Schädling unbekannter Schädling (Fingerprint: [32306749]) entdeckt. Trotzdem empfehlen wir Ihnen dringend, bis zur dauerhaften Entfernung des Schädlings keine Passwörter mehr im Browser einzugeben und insbesondere auf empfindliche Vorgänge, wie z.B. Online-Banking, zu verzichten. Das Ergebnis der Virenprüfun durch G Data gestern: Code:
ATTFilter Virenprüfung mit G DATA INTERNET SECURITY Version 25.5.4.21 (29.08.2019) Virensignaturen vom 08.10.2019 Startzeit: 08.10.2019 09:36:40 Engine(s): Engine A (AVA 25.23637), Engine B (GD 26.16214) Heuristik: Ein Archive: Ein Systembereiche: Ein RootKits prüfen: Ein Prüfung der Systembereiche... Prüfung aller im Speicher befindlichen Prozesse und Verweise im Autostart... Prüfung auf RootKits... Prüfung aller lokalen Festplatten... Analyse vollständig durchgeführt: 08.10.2019 10:44:44 229493 Dateien überprüft 0 infizierte Dateien gefunden 0 verdächtige Dateien gefunden Der Zugriff auf die folgenden Dateien wurde verweigert: ---------------------------------------------------------------- C:\Users\Admin\AppData\Local\Microsoft\WindowsApps\MicrosoftEdge.exe C:\Users\Admin\AppData\Local\Microsoft\WindowsApps\python.exe C:\Users\Admin\AppData\Local\Microsoft\WindowsApps\python3.7.exe C:\Users\Admin\AppData\Local\Microsoft\WindowsApps\python3.exe C:\Users\Admin\AppData\Local\Microsoft\WindowsApps\Microsoft.DesktopAppInstaller_8wekyb3d8bbwe\python3.7.exe C:\Users\Admin\AppData\Local\Microsoft\WindowsApps\Microsoft.DesktopAppInstaller_8wekyb3d8bbwe\python.exe C:\Users\Admin\AppData\Local\Microsoft\WindowsApps\Microsoft.DesktopAppInstaller_8wekyb3d8bbwe\python3.exe C:\Users\Admin\AppData\Local\Microsoft\WindowsApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe C:\Users\Franziska\AppData\Local\Microsoft\WindowsApps\MicrosoftEdge.exe C:\Users\Franziska\AppData\Local\Microsoft\WindowsApps\python.exe C:\Users\Franziska\AppData\Local\Microsoft\WindowsApps\python3.exe C:\Users\Franziska\AppData\Local\Microsoft\WindowsApps\Microsoft.DesktopAppInstaller_8wekyb3d8bbwe\python.exe C:\Users\Franziska\AppData\Local\Microsoft\WindowsApps\Microsoft.DesktopAppInstaller_8wekyb3d8bbwe\python3.exe C:\Users\Franziska\AppData\Local\Microsoft\WindowsApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe ---------------------------------------------------------------- Die folgenden Dateien sind Passwortgeschützt: ---------------------------------------------------------------- C:\WINDOWS\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~x86~~18362.356.1.9\x86_microsoft-windows-microsoftedge_31bf3856ad364e35_10.0.18362.329_none_0b0ac4fdc948016c\f\microsoftedgesquare150x150.scale-200.png C:\WINDOWS\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~x86~~18362.356.1.9\x86_microsoft-windows-microsoftedge_31bf3856ad364e35_10.0.18362.329_none_0b0ac4fdc948016c\f\microsoftedgesquare150x150.scale-200_contrast-black.png C:\WINDOWS\SoftwareDistribution\Download\df037c969853de8b2780eba132fe3c89\Windows10.0-KB4515384-x86.cab C:\ProgramData\Spybot - Search & Destroy\Quarantine\7-Zip-0000.zip C:\ProgramData\Spybot - Search & Destroy\Quarantine\BurstMedia-0000.zip C:\ProgramData\Spybot - Search & Destroy\Quarantine\Cache-0000.zip C:\ProgramData\Spybot - Search & Destroy\Quarantine\Cache-0001.zip C:\ProgramData\Spybot - Search & Destroy\Quarantine\Cache-0002.zip C:\ProgramData\Spybot - Search & Destroy\Quarantine\Cache-0003.zip C:\ProgramData\Spybot - Search & Destroy\Quarantine\Cache-0004.zip C:\ProgramData\Spybot - Search & Destroy\Quarantine\Cookie-0000.zip C:\ProgramData\Spybot - Search & Destroy\Quarantine\Cookie-0001.zip C:\ProgramData\Spybot - Search & Destroy\Quarantine\Cookie-0002.zip C:\ProgramData\Spybot - Search & Destroy\Quarantine\Cookie-0003.zip C:\ProgramData\Spybot - Search & Destroy\Quarantine\DoubleClick-0000.zip C:\ProgramData\Spybot - Search & Destroy\Quarantine\DownloadSponsor-0000.zip C:\ProgramData\Spybot - Search & Destroy\Quarantine\History-0000.zip C:\ProgramData\Spybot - Search & Destroy\Quarantine\History-0001.zip C:\ProgramData\Spybot - Search & Destroy\Quarantine\History-0002.zip C:\ProgramData\Spybot - Search & Destroy\Quarantine\History-0003.zip C:\ProgramData\Spybot - Search & Destroy\Quarantine\Internet Explorer-0000.zip C:\ProgramData\Spybot - Search & Destroy\Quarantine\Internet Explorer-0001.zip C:\ProgramData\Spybot - Search & Destroy\Quarantine\Internet Explorer-0002.zip C:\ProgramData\Spybot - Search & Destroy\Quarantine\Internet Explorer-0003.zip C:\ProgramData\Spybot - Search & Destroy\Quarantine\MediaPlex-0000.zip C:\ProgramData\Spybot - Search & Destroy\Quarantine\MS Direct3D-0000.zip C:\ProgramData\Spybot - Search & Destroy\Quarantine\MS Direct3D-0001.zip C:\ProgramData\Spybot - Search & Destroy\Quarantine\MS Direct3D-0002.zip C:\ProgramData\Spybot - Search & Destroy\Quarantine\MS Direct3D-0003.zip C:\ProgramData\Spybot - Search & Destroy\Quarantine\MS Direct3D-0004.zip C:\ProgramData\Spybot - Search & Destroy\Quarantine\MS Direct3D-0005.zip C:\ProgramData\Spybot - Search & Destroy\Quarantine\MS DirectDraw-0000.zip C:\ProgramData\Spybot - Search & Destroy\Quarantine\MS DirectDraw-0001.zip C:\ProgramData\Spybot - Search & Destroy\Quarantine\MS DirectDraw-0002.zip C:\ProgramData\Spybot - Search & Destroy\Quarantine\MS DirectDraw-0003.zip C:\ProgramData\Spybot - Search & Destroy\Quarantine\MS Management Console-0000.zip C:\ProgramData\Spybot - Search & Destroy\Quarantine\MS Management Console-0001.zip C:\ProgramData\Spybot - Search & Destroy\Quarantine\MS Media Player-0000.zip C:\ProgramData\Spybot - Search & Destroy\Quarantine\Verlauf-0000.zip C:\ProgramData\Spybot - Search & Destroy\Quarantine\WebTrends live-0000.zip C:\ProgramData\Spybot - Search & Destroy\Quarantine\Windows Explorer-0000.zip C:\ProgramData\Spybot - Search & Destroy\Quarantine\Windows Explorer-0001.zip C:\ProgramData\Spybot - Search & Destroy\Quarantine\Windows Explorer-0002.zip C:\ProgramData\Spybot - Search & Destroy\Quarantine\Windows Explorer-0003.zip C:\ProgramData\Spybot - Search & Destroy\Quarantine\Windows Explorer-0004.zip C:\ProgramData\Spybot - Search & Destroy\Quarantine\Windows Explorer-0005.zip C:\ProgramData\Spybot - Search & Destroy\Quarantine\Windows Media SDK-0000.zip C:\ProgramData\Spybot - Search & Destroy\Quarantine\Windows-0000.zip C:\ProgramData\Spybot - Search & Destroy\Quarantine\Windows-0001.zip C:\ProgramData\Spybot - Search & Destroy\Quarantine\Windows-0002.zip C:\ProgramData\Spybot - Search & Destroy\Quarantine\Windows.OpenWith-0000.zip C:\Users\Franziska\Documents\Uni\Klinik\KFO\KFO Hauptvorlesung Sommer\2_01w_Festsitzende_Behandlung_Edgewise.pdf C:\Users\Franziska\Documents\Uni\Klinik\KFO\KFO Hauptvorlesung Sommer\2_03w_Biomechanische_Grundbegriffe.pdf C:\Users\Franziska\Documents\Uni\Klinik\KFO\KFO Hauptvorlesung Sommer\2_04w_BioZahnbeweg.pdf C:\Users\Franziska\Documents\Uni\Klinik\KFO\KFO Hauptvorlesung Sommer\2_06w_Compound.pdf C:\Users\Franziska\Documents\Uni\Klinik\KFO\KFO Hauptvorlesung Sommer\2_07w_Low-Pull-Headgear.pdf C:\Users\Franziska\Documents\Uni\Klinik\KFO\KFO Hauptvorlesung Sommer\2_08w_offener_Biss.pdf C:\Users\Franziska\Documents\Uni\Klinik\KFO\KFO Hauptvorlesung Sommer\2_09aw_Herausnehmbar.pdf C:\Users\Franziska\Documents\Uni\Klinik\KFO\KFO Hauptvorlesung Sommer\2_09bw_Platten_Schrauben.pdf C:\Users\Franziska\Documents\Uni\Klinik\KFO\KFO Hauptvorlesung Sommer\2_10w_Aktivator_1.pdf C:\Users\Franziska\Documents\Uni\Klinik\KFO\KFO Hauptvorlesung Sommer\2_10w_Aktivator_2.pdf C:\Users\Franziska\Documents\Uni\Klinik\KFO\KFO Hauptvorlesung Sommer\2_11w_Sander-II-Apparatur.pdf C:\Users\Franziska\Documents\Uni\Klinik\KFO\KFO Hauptvorlesung Sommer\2_12w_Teuscher.pdf C:\Users\Franziska\Documents\Uni\Klinik\KFO\KFO Hauptvorlesung Sommer\2_13w_Bionator.pdf C:\Users\Franziska\Documents\Uni\Klinik\KFO\KFO Hauptvorlesung winter\1_01p_Transversale_Schmalkiefer_1.pdf C:\Users\Franziska\Documents\Uni\Klinik\KFO\KFO Hauptvorlesung winter\1_02p_Transversale_Schmalkiefer_2.pdf C:\Users\Franziska\Documents\Uni\Klinik\KFO\KFO Hauptvorlesung winter\1_03p_Transversale_Schmalkiefer_3.pdf C:\Users\Franziska\Documents\Uni\Klinik\KFO\KFO Hauptvorlesung winter\1_04p_Modellanalyse_1.pdf C:\Users\Franziska\Documents\Uni\Klinik\KFO\KFO Hauptvorlesung winter\1_05p_Modellanalyse_2.pdf C:\Users\Franziska\Documents\Uni\Klinik\KFO\KFO Hauptvorlesung winter\1_07p_Funktionsanalyse.pdf C:\Users\Franziska\Documents\Uni\Klinik\KFO\KFO Hauptvorlesung winter\1_08ap_Anamnese.pdf C:\Users\Franziska\Documents\Uni\Klinik\KFO\KFO Hauptvorlesung winter\1_08bp_Roentgendiagnostik.pdf C:\Users\Franziska\Documents\Uni\Klinik\KFO\KFO Hauptvorlesung winter\1_10ap_Vererbte_Anomalien_UB.pdf C:\Users\Franziska\Documents\Uni\Klinik\KFO\KFO Hauptvorlesung winter\1_10p_Vererbte_Anomalien.pdf C:\Users\Franziska\Documents\Uni\Klinik\KFO\KFO Hauptvorlesung winter\1_12p_Zahnueberzahl.pdf C:\Users\Franziska\Documents\Uni\Klinik\KFO\KFO Hauptvorlesung winter\1_12p_Zahnunterzahl.pdf C:\Windows.old\$WINDOWS.~BT\DUImageSandbox\Windows10.0-KB4512941-x86.cab ---------------------------------------------------------------- Code:
ATTFilter Malwarebytes www.malwarebytes.com -Protokolldetails- Scan-Datum: 09.10.19 Scan-Zeit: 10:32 Protokolldatei: 5e75164e-ea6f-11e9-8193-00271365fd2c.json -Softwaredaten- Version: 3.8.3.2965 Komponentenversion: 1.0.629 Version des Aktualisierungspakets: 1.0.12821 Lizenz: Abgelaufen -Systemdaten- Betriebssystem: Windows 10 (Build 18362.356) CPU: x86 Dateisystem: NTFS Benutzer: System -Scan-Übersicht- Scan-Typ: Bedrohungs-Scan Scan gestartet von: Zeitplaner Ergebnis: Abgeschlossen Gescannte Objekte: 231194 Erkannte Bedrohungen: 0 In die Quarantäne verschobene Bedrohungen: 0 Abgelaufene Zeit: 33 Min., 9 Sek. -Scan-Optionen- Speicher: Aktiviert Start: Aktiviert Dateisystem: Aktiviert Archive: Aktiviert Rootkits: Deaktiviert Heuristik: Aktiviert PUP: Erkennung PUM: Erkennung -Scan-Details- Prozess: 0 (keine bösartigen Elemente erkannt) Modul: 0 (keine bösartigen Elemente erkannt) Registrierungsschlüssel: 0 (keine bösartigen Elemente erkannt) Registrierungswert: 0 (keine bösartigen Elemente erkannt) Registrierungsdaten: 0 (keine bösartigen Elemente erkannt) Daten-Stream: 0 (keine bösartigen Elemente erkannt) Ordner: 0 (keine bösartigen Elemente erkannt) Datei: 0 (keine bösartigen Elemente erkannt) Physischer Sektor: 0 (keine bösartigen Elemente erkannt) WMI: 0 (keine bösartigen Elemente erkannt) (end) Code:
ATTFilter Search results from Spybot - Search & Destroy 08.10.2019 11:42:16 Scan took 00:45:12. 21 items found. Internet Explorer: [SBI $1E8157BE] Typed URL list (Registry Key, nothing done) HKEY_USERS\S-1-5-21-203461993-3024751055-2779051881-1001\Software\Microsoft\Internet Explorer\TypedURLs Category=Tracks ThreatLevel=2 Weblink=hxxp://forums.spybot.info/forumdisplay.php?54 Internet Explorer: [SBI $1E8157BE] Typed URL list (Registry Key, nothing done) HKEY_USERS\S-1-5-21-203461993-3024751055-2779051881-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-10082019092856585\Software\Microsoft\Internet Explorer\TypedURLs Category=Tracks ThreatLevel=2 Weblink=hxxp://forums.spybot.info/forumdisplay.php?54 Internet Explorer: [SBI $0BC7B918] User agent (Registry Change, nothing done) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent Category=Tracks ThreatLevel=2 Weblink=hxxp://forums.spybot.info/forumdisplay.php?54 Internet Explorer: [SBI $0BC7B918] User agent (Registry Change, nothing done) HKEY_USERS\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-10082019092855194\Software\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent Category=Tracks ThreatLevel=2 Weblink=hxxp://forums.spybot.info/forumdisplay.php?54 Internet Explorer: [SBI $0BC7B918] User agent (Registry Change, nothing done) HKEY_USERS\S-1-5-21-203461993-3024751055-2779051881-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent Category=Tracks ThreatLevel=2 Weblink=hxxp://forums.spybot.info/forumdisplay.php?54 Internet Explorer: [SBI $0BC7B918] User agent (Registry Change, nothing done) HKEY_USERS\S-1-5-21-203461993-3024751055-2779051881-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-10082019092856585\Software\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent Category=Tracks ThreatLevel=2 Weblink=hxxp://forums.spybot.info/forumdisplay.php?54 Internet Explorer: [SBI $0BC7B918] User agent (Registry Change, nothing done) HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent Category=Tracks ThreatLevel=2 Weblink=hxxp://forums.spybot.info/forumdisplay.php?54 MS Media Player: [SBI $5C51E349] Client ID (Registry Change, nothing done) HKEY_USERS\S-1-5-21-203461993-3024751055-2779051881-1001\Software\Microsoft\MediaPlayer\Player\Settings\Client ID Category=Tracks ThreatLevel=2 Weblink=hxxp://forums.spybot.info/forumdisplay.php?54 MS Media Player: [SBI $5C51E349] Client ID (Registry Change, nothing done) HKEY_USERS\S-1-5-21-203461993-3024751055-2779051881-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-10082019092856585\Software\Microsoft\MediaPlayer\Player\Settings\Client ID Category=Tracks ThreatLevel=2 Weblink=hxxp://forums.spybot.info/forumdisplay.php?54 MS Direct3D: [SBI $C2A44980] Most recent application (Registry Change, nothing done) HKEY_USERS\.DEFAULT\Software\Microsoft\Direct3D\MostRecentApplication\Name Category=Tracks ThreatLevel=2 Weblink=hxxp://forums.spybot.info/forumdisplay.php?54 MS Direct3D: [SBI $C2A44980] Most recent application (Registry Change, nothing done) HKEY_USERS\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-10082019092855194\Software\Microsoft\Direct3D\MostRecentApplication\Name Category=Tracks ThreatLevel=2 Weblink=hxxp://forums.spybot.info/forumdisplay.php?54 MS Direct3D: [SBI $C2A44980] Most recent application (Registry Change, nothing done) HKEY_USERS\S-1-5-18\Software\Microsoft\Direct3D\MostRecentApplication\Name Category=Tracks ThreatLevel=2 Weblink=hxxp://forums.spybot.info/forumdisplay.php?54 Windows.OpenWith: [SBI $F1129B32] Open with list - .CPL extension (Registry Key, nothing done) HKEY_USERS\S-1-5-21-203461993-3024751055-2779051881-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.CPL\OpenWithList Category=Tracks ThreatLevel=2 Weblink=hxxp://forums.spybot.info/forumdisplay.php?54 Windows.OpenWith: [SBI $F1129B32] Open with list - .CPL extension (Registry Key, nothing done) HKEY_USERS\S-1-5-21-203461993-3024751055-2779051881-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-10082019092856585\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.CPL\OpenWithList Category=Tracks ThreatLevel=2 Weblink=hxxp://forums.spybot.info/forumdisplay.php?54 Windows Explorer: [SBI $7308A845] Run history (Registry Key, nothing done) HKEY_USERS\S-1-5-21-203461993-3024751055-2779051881-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\RunMRU Category=Tracks ThreatLevel=2 Weblink=hxxp://forums.spybot.info/forumdisplay.php?54 Windows Explorer: [SBI $7308A845] Run history (Registry Key, nothing done) HKEY_USERS\S-1-5-21-203461993-3024751055-2779051881-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-10082019092856585\Software\Microsoft\Windows\CurrentVersion\Explorer\RunMRU Category=Tracks ThreatLevel=2 Weblink=hxxp://forums.spybot.info/forumdisplay.php?54 Windows Explorer: [SBI $D20DA0AD] Recent file global history (Registry Key, nothing done) HKEY_USERS\S-1-5-21-203461993-3024751055-2779051881-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs Category=Tracks ThreatLevel=2 Weblink=hxxp://forums.spybot.info/forumdisplay.php?54 Windows Explorer: [SBI $D20DA0AD] Recent file global history (Registry Key, nothing done) HKEY_USERS\S-1-5-21-203461993-3024751055-2779051881-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-10082019092856585\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs Category=Tracks ThreatLevel=2 Weblink=hxxp://forums.spybot.info/forumdisplay.php?54 Cookie: [SBI $BCOOKIES] Browser: Cookie (3) (Browser: Cookie, nothing done) Category=Browser ThreatLevel=1 Weblink=hxxp://forums.spybot.info/forumdisplay.php?54 Cache: [SBI $BCACHE00] Browser: Cache (27) (Browser: Cache, nothing done) Category=Browser ThreatLevel=1 Weblink=hxxp://forums.spybot.info/forumdisplay.php?54 History: [SBI $BHISTORY] Browser: History (32) (Browser: History, nothing done) Category=Browser ThreatLevel=1 Weblink=hxxp://forums.spybot.info/forumdisplay.php?54 --- Spybot - Search & Destroy version: 2.7.64.131 DLL (build: 20180214) --- 2018-04-20 blindman.exe (2.7.64.152) 2018-04-20 explorer.exe (2.7.64.191) 2018-02-06 SDBootCD.exe (2.7.64.109) 2018-04-20 SDCleaner.exe (2.7.64.110) 2018-04-20 SDDelFile.exe (2.7.64.94) 2013-06-18 SDDisableProxy.exe 2018-04-20 SDFiles.exe (2.7.64.137) 2018-04-20 SDFileScanHelper.exe (2.7.64.7) 2018-04-20 SDFSSvc.exe (2.7.64.219) 2018-04-20 SDHelp.exe (2.7.64.1) 2018-02-06 SDHookHelper.exe (2.7.64.2) 2018-02-06 SDHookInst32.exe (2.7.64.2) 2018-04-20 SDImmunize.exe (2.7.64.133) 2018-08-08 SDInformV27.exe (2.7.65.0) 2014-12-17 SDInformV2i-20141217.exe (1.0.0.0) 2018-08-22 SDLicense.exe (2.7.65.3) 2018-04-20 SDLogReport.exe (2.7.64.107) 2018-04-20 SDOnAccess.exe (2.7.64.12) 2018-04-20 SDPESetup.exe (2.7.64.3) 2018-04-20 SDPEStart.exe (2.7.64.86) 2018-04-20 SDPhoneScan.exe (2.7.64.29) 2018-04-20 SDPRE.exe (2.7.64.22) 2018-02-06 SDPrepPos.exe (2.7.64.15) 2018-04-20 SDQuarantine.exe (2.7.64.103) 2018-02-06 SDRootAlyzer.exe (2.7.64.116) 2018-02-06 SDSBIEdit.exe (2.7.64.39) 2018-04-20 SDScan.exe (2.7.64.191) 2018-02-06 SDScript.exe (2.7.64.54) 2018-04-20 SDSettings.exe (2.7.64.139) 2018-04-20 SDShell.exe (2.7.64.2) 2018-02-06 SDShred.exe (2.7.64.108) 2018-02-06 SDSysRepair.exe (2.7.64.102) 2018-02-06 SDTools.exe (2.7.64.157) 2018-04-20 SDTray.exe (2.7.64.129) 2018-04-20 SDUpdate.exe (2.7.64.98) 2018-04-20 SDUpdSvc.exe (2.7.64.82) 2018-08-08 SDUpgrade.exe (2.7.65.0) 2018-08-22 SDWelcome.exe (2.7.65.131) 2018-02-06 SDWSCSvc.exe (2.7.64.3) 2018-10-16 spybot-setup.exe (2.7.64.0) 2017-06-14 spybotsd2-install-av-update-2017.exe (2.6.46.0) 2017-02-15 spybotsd2-install-bdupd-2017a.exe (2.6.52.0) 2016-05-02 spybotsd2-install-iefreezefix.exe (2.4.40.0) 2016-11-30 spybotsd2-install-wsc-update-a.exe (2.6.52.0) 2014-07-31 spybotsd2-translation-esx.exe 2013-06-19 spybotsd2-translation-frx.exe 2015-03-25 spybotsd2-translation-hrx.exe 2014-08-25 spybotsd2-translation-hux2.exe 2014-10-01 spybotsd2-translation-nlx2.exe 2014-11-05 spybotsd2-translation-ukx.exe 2016-09-21 spybotsd2-updater-update.exe (2.6.52.0) 2015-07-28 spybotsd2-windows-upgrade-installer.exe (1.4.0.0) 2018-10-16 unins000.exe (51.1052.0.0) 2017-11-28 xcacls.exe 2017-11-28 borlndmm.dll (10.0.2288.42451) 2018-01-29 DelZip190.dll (1.9.0.119) 2018-01-29 DelZip192.dll (1.9.2.136) 2018-01-29 libeay32.dll (1.0.2.14) 2012-09-10 libssl32.dll (1.0.0.4) 2018-02-06 NotificationSpreader.dll (2.7.64.4) 2018-04-20 SDAdvancedCheckLibrary.dll (2.7.64.98) 2017-05-23 SDAV.dll (2.6.46.1) 2018-02-06 SDECon32.dll (2.7.64.114) 2018-02-06 SDEvents.dll (2.7.64.2) 2018-04-20 SDFileScanLibrary.dll (2.7.64.24) 2018-02-06 SDHook32.dll (2.7.64.2) 2018-04-20 SDImmunizeLibrary.dll (2.7.64.3) 2018-04-20 SDLicense.dll (2.7.64.3) 2018-04-20 SDLists.dll (2.7.64.8) 2018-02-06 SDResources.dll (2.7.64.7) 2018-04-20 SDScanLibrary.dll (2.7.64.131) 2018-04-20 SDTasks.dll (2.7.64.15) 2018-02-06 SDWinLogon.dll (2.7.64.0) 2018-01-29 sqlite3.dll (3.22.0.0) 2018-01-29 ssleay32.dll (1.0.2.14) 2018-02-06 Tools.dll (2.7.64.36) 2018-09-24 Includes\Adware-000.sbi (*) 2018-09-24 Includes\Adware-001.sbi (*) 2018-09-24 Includes\Adware-002.sbi (*) 2018-09-24 Includes\Adware-003.sbi (*) 2018-10-10 Includes\Adware-C.sbi (*) 2014-01-13 Includes\Adware.sbi (*) 2014-01-13 Includes\AdwareC.sbi (*) 2017-11-28 Includes\Cookies.sbi (*) 2014-11-14 Includes\Dialer-000.sbi (*) 2014-11-14 Includes\Dialer-001.sbi (*) 2018-06-20 Includes\Dialer-C.sbi (*) 2014-01-13 Includes\Dialer.sbi (*) 2014-01-13 Includes\DialerC.sbi (*) 2014-01-09 Includes\Fraud-000.sbi (*) 2017-01-30 Includes\Fraud-001.sbi (*) 2014-03-31 Includes\Fraud-002.sbi (*) 2016-07-06 Includes\Fraud-003.sbi (*) 2012-11-14 Includes\HeavyDuty.sbi (*) 2014-11-14 Includes\Hijackers-000.sbi (*) 2014-11-14 Includes\Hijackers-001.sbi (*) 2018-04-04 Includes\Hijackers-C.sbi (*) 2014-01-13 Includes\Hijackers.sbi (*) 2014-01-13 Includes\HijackersC.sbi (*) 2014-01-08 Includes\iPhone-000.sbi (*) 2014-01-08 Includes\iPhone.sbi (*) 2016-05-27 Includes\Keyloggers-000.sbi (*) 2018-09-26 Includes\Keyloggers-C.sbi (*) 2014-01-13 Includes\Keyloggers.sbi (*) 2014-01-13 Includes\KeyloggersC.sbi (*) 2015-06-25 Includes\Malware-000.sbi (*) 2014-11-14 Includes\Malware-001.sbi (*) 2018-04-12 Includes\Malware-002.sbi (*) 2016-11-07 Includes\Malware-003.sbi (*) 2014-11-14 Includes\Malware-004.sbi (*) 2014-11-14 Includes\Malware-005.sbi (*) 2014-02-26 Includes\Malware-006.sbi (*) 2014-01-09 Includes\Malware-007.sbi (*) 2018-09-19 Includes\Malware-C.sbi (*) 2014-01-13 Includes\Malware.sbi (*) 2014-01-13 Includes\MalwareC.sbi (*) 2018-05-02 Includes\PUPS-000.sbi (*) 2018-05-02 Includes\PUPS-001.sbi (*) 2018-05-02 Includes\PUPS-002.sbi (*) 2018-05-02 Includes\PUPS-003.sbi (*) 2018-05-02 Includes\PUPS-004.sbi (*) 2018-10-10 Includes\PUPS-C.sbi (*) 2014-01-13 Includes\PUPS.sbi (*) 2014-01-13 Includes\PUPSC.sbi (*) 2014-01-08 Includes\Security-000.sbi (*) 2018-08-01 Includes\Security-C.sbi (*) 2014-01-21 Includes\Security.sbi (*) 2014-01-21 Includes\SecurityC.sbi (*) 2015-11-11 Includes\Spyware-000.sbi (*) 2015-05-06 Includes\Spyware-001.sbi (*) 2018-06-20 Includes\Spyware-C.sbi (*) 2014-01-21 Includes\Spyware.sbi (*) 2014-01-21 Includes\SpywareC.sbi (*) 2011-06-07 Includes\Tracks.sbi (*) 2012-11-19 Includes\Tracks.uti (*) 2017-06-28 Includes\Trojans-000.sbi (*) 2014-01-15 Includes\Trojans-001.sbi (*) 2017-10-25 Includes\Trojans-002.sbi (*) 2016-01-20 Includes\Trojans-003.sbi (*) 2018-08-20 Includes\Trojans-004.sbi (*) 2014-03-19 Includes\Trojans-005.sbi (*) 2015-03-31 Includes\Trojans-006.sbi (*) 2017-12-01 Includes\Trojans-007.sbi (*) 2014-07-09 Includes\Trojans-008.sbi (*) 2018-06-21 Includes\Trojans-009.sbi (*) 2018-06-21 Includes\Trojans-010.sbi (*) 2018-10-10 Includes\Trojans-C.sbi (*) 2014-01-15 Includes\Trojans-OG-000.sbi (*) 2014-01-15 Includes\Trojans-TD-000.sbi (*) 2014-01-15 Includes\Trojans-VM-000.sbi (*) 2014-01-15 Includes\Trojans-VM-001.sbi (*) 2014-01-15 Includes\Trojans-VM-002.sbi (*) 2014-01-15 Includes\Trojans-VM-003.sbi (*) 2014-01-15 Includes\Trojans-VM-004.sbi (*) 2014-01-15 Includes\Trojans-VM-005.sbi (*) 2014-01-15 Includes\Trojans-VM-006.sbi (*) 2014-01-15 Includes\Trojans-VM-007.sbi (*) 2014-01-15 Includes\Trojans-VM-008.sbi (*) 2014-01-15 Includes\Trojans-VM-009.sbi (*) 2014-01-15 Includes\Trojans-VM-010.sbi (*) 2014-01-15 Includes\Trojans-VM-011.sbi (*) 2014-01-15 Includes\Trojans-VM-012.sbi (*) 2014-01-15 Includes\Trojans-VM-013.sbi (*) 2014-01-15 Includes\Trojans-VM-014.sbi (*) 2014-01-15 Includes\Trojans-VM-015.sbi (*) 2014-01-15 Includes\Trojans-VM-016.sbi (*) 2014-01-15 Includes\Trojans-VM-017.sbi (*) 2014-01-15 Includes\Trojans-VM-018.sbi (*) 2014-01-15 Includes\Trojans-VM-019.sbi (*) 2014-01-15 Includes\Trojans-VM-020.sbi (*) 2014-01-15 Includes\Trojans-VM-021.sbi (*) 2014-01-15 Includes\Trojans-VM-022.sbi (*) 2014-01-15 Includes\Trojans-VM-023.sbi (*) 2014-01-15 Includes\Trojans-VM-024.sbi (*) 2014-01-15 Includes\Trojans-ZB-000.sbi (*) 2016-02-03 Includes\Trojans-ZL-000.sbi (*) 2014-01-09 Includes\Trojans.sbi (*) 2014-01-16 Includes\TrojansC-01.sbi (*) 2014-01-16 Includes\TrojansC-02.sbi (*) 2014-01-16 Includes\TrojansC-03.sbi (*) 2014-01-16 Includes\TrojansC-04.sbi (*) 2014-01-16 Includes\TrojansC-05.sbi (*) 2014-01-09 Includes\TrojansC.sbi (*) Das ist der Log nach dem Cleaning: [i] 19-10-08 11:44:54 [i] 19-10-08 11:44:54 Product Internet Explorer [+] 19-10-08 11:44:54 Moving into quarantine HKEY_USERS\S-1-5-21-203461993-3024751055-2779051881-1001\Software\Microsoft\Internet Explorer\TypedURLs [+] 19-10-08 11:44:54 Moving into quarantine HKEY_USERS\S-1-5-21-203461993-3024751055-2779051881-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-10082019092856585\Software\Microsoft\Internet Explorer\TypedURLs [+] 19-10-08 11:44:54 Moving into quarantine HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent [+] 19-10-08 11:44:54 Moving into quarantine HKEY_USERS\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-10082019092855194\Software\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent [+] 19-10-08 11:44:54 Moving into quarantine HKEY_USERS\S-1-5-21-203461993-3024751055-2779051881-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent [+] 19-10-08 11:44:54 Moving into quarantine HKEY_USERS\S-1-5-21-203461993-3024751055-2779051881-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-10082019092856585\Software\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent [+] 19-10-08 11:44:54 Moving into quarantine HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent [+] 19-10-08 11:44:54 Successfully cleaned HKEY_USERS\S-1-5-21-203461993-3024751055-2779051881-1001\Software\Microsoft\Internet Explorer\TypedURLs [+] 19-10-08 11:44:54 Successfully cleaned HKEY_USERS\S-1-5-21-203461993-3024751055-2779051881-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-10082019092856585\Software\Microsoft\Internet Explorer\TypedURLs [+] 19-10-08 11:44:54 Successfully cleaned HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent [+] 19-10-08 11:44:54 Successfully cleaned HKEY_USERS\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-10082019092855194\Software\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent [+] 19-10-08 11:44:54 Successfully cleaned HKEY_USERS\S-1-5-21-203461993-3024751055-2779051881-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent [+] 19-10-08 11:44:54 Successfully cleaned HKEY_USERS\S-1-5-21-203461993-3024751055-2779051881-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-10082019092856585\Software\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent [+] 19-10-08 11:44:54 Successfully cleaned HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent [i] 19-10-08 11:44:54 [i] 19-10-08 11:44:54 Product MS Media Player [+] 19-10-08 11:44:54 Moving into quarantine HKEY_USERS\S-1-5-21-203461993-3024751055-2779051881-1001\Software\Microsoft\MediaPlayer\Player\Settings\Client ID [+] 19-10-08 11:44:54 Moving into quarantine HKEY_USERS\S-1-5-21-203461993-3024751055-2779051881-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-10082019092856585\Software\Microsoft\MediaPlayer\Player\Settings\Client ID [+] 19-10-08 11:44:55 Successfully cleaned HKEY_USERS\S-1-5-21-203461993-3024751055-2779051881-1001\Software\Microsoft\MediaPlayer\Player\Settings\Client ID [+] 19-10-08 11:44:55 Successfully cleaned HKEY_USERS\S-1-5-21-203461993-3024751055-2779051881-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-10082019092856585\Software\Microsoft\MediaPlayer\Player\Settings\Client ID [i] 19-10-08 11:44:55 [i] 19-10-08 11:44:55 Product MS Direct3D [+] 19-10-08 11:44:55 Moving into quarantine HKEY_USERS\.DEFAULT\Software\Microsoft\Direct3D\MostRecentApplication\Name [+] 19-10-08 11:44:55 Moving into quarantine HKEY_USERS\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-10082019092855194\Software\Microsoft\Direct3D\MostRecentApplication\Name [+] 19-10-08 11:44:55 Moving into quarantine HKEY_USERS\S-1-5-18\Software\Microsoft\Direct3D\MostRecentApplication\Name [+] 19-10-08 11:44:55 Successfully cleaned HKEY_USERS\.DEFAULT\Software\Microsoft\Direct3D\MostRecentApplication\Name [+] 19-10-08 11:44:55 Successfully cleaned HKEY_USERS\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-10082019092855194\Software\Microsoft\Direct3D\MostRecentApplication\Name [+] 19-10-08 11:44:55 Successfully cleaned HKEY_USERS\S-1-5-18\Software\Microsoft\Direct3D\MostRecentApplication\Name [i] 19-10-08 11:44:55 [i] 19-10-08 11:44:55 Product Windows.OpenWith [+] 19-10-08 11:44:55 Moving into quarantine HKEY_USERS\S-1-5-21-203461993-3024751055-2779051881-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.CPL\OpenWithList [+] 19-10-08 11:44:55 Moving into quarantine HKEY_USERS\S-1-5-21-203461993-3024751055-2779051881-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-10082019092856585\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.CPL\OpenWithList [+] 19-10-08 11:44:55 Successfully cleaned HKEY_USERS\S-1-5-21-203461993-3024751055-2779051881-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.CPL\OpenWithList [+] 19-10-08 11:44:55 Successfully cleaned HKEY_USERS\S-1-5-21-203461993-3024751055-2779051881-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-10082019092856585\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.CPL\OpenWithList [i] 19-10-08 11:44:55 [i] 19-10-08 11:44:55 Product Windows Explorer [+] 19-10-08 11:44:55 Moving into quarantine HKEY_USERS\S-1-5-21-203461993-3024751055-2779051881-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\RunMRU [+] 19-10-08 11:44:55 Moving into quarantine HKEY_USERS\S-1-5-21-203461993-3024751055-2779051881-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-10082019092856585\Software\Microsoft\Windows\CurrentVersion\Explorer\RunMRU [+] 19-10-08 11:44:55 Moving into quarantine HKEY_USERS\S-1-5-21-203461993-3024751055-2779051881-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs [+] 19-10-08 11:44:55 Moving into quarantine HKEY_USERS\S-1-5-21-203461993-3024751055-2779051881-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-10082019092856585\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs [+] 19-10-08 11:44:55 Successfully cleaned HKEY_USERS\S-1-5-21-203461993-3024751055-2779051881-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\RunMRU [+] 19-10-08 11:44:55 Successfully cleaned HKEY_USERS\S-1-5-21-203461993-3024751055-2779051881-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-10082019092856585\Software\Microsoft\Windows\CurrentVersion\Explorer\RunMRU [+] 19-10-08 11:44:55 Successfully cleaned HKEY_USERS\S-1-5-21-203461993-3024751055-2779051881-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs [+] 19-10-08 11:44:55 Successfully cleaned HKEY_USERS\S-1-5-21-203461993-3024751055-2779051881-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-10082019092856585\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs [i] 19-10-08 11:44:55 [i] 19-10-08 11:44:55 Product Cookie [+] 19-10-08 11:44:55 Moving into quarantine Internet Explorer (User) (Franziska)Cookies [+] 19-10-08 11:44:56 Successfully cleaned Internet Explorer (User) (Franziska)Cookies [i] 19-10-08 11:44:56 [i] 19-10-08 11:44:56 Product Cache [+] 19-10-08 11:44:56 Moving into quarantine Internet Explorer (User) (Franziska)Cache [+] 19-10-08 11:44:56 Successfully cleaned Internet Explorer (User) (Franziska)Cache [i] 19-10-08 11:44:56 [i] 19-10-08 11:44:56 Product History [+] 19-10-08 11:44:56 Moving into quarantine Internet Explorer (User) (Franziska)History [+] 19-10-08 11:44:56 Successfully cleaned Internet Explorer (User) (Franziska)History [i] 19-10-08 11:44:56 [i] 19-10-08 11:44:56 Summary [i] 19-10-08 11:44:56 Errors while cleaning 0 [i] 19-10-08 11:44:56 Files moved into quarantine 21 [i] 19-10-08 11:44:56 Files successfully cleaned 21 Wie soll ich weiter vorgehen? Vielen Dank für die Hilfe! Viele Grüße Geändert von cosinus (09.10.2019 um 10:37 Uhr) Grund: code tags |
Themen zu Windows 10: Webbrowserinfektion (Fingerprint: [32306749]) von G Data erkannt |
appdata, bericht, datei, dateien, dringend, ergebnis, festplatte, folge, frage, gdata, infektion, infizierte, internet, kompatibel, malwarebytes, microsoft, online-banking, prozesse, prüfen, scan, schädling, spybot, temp, virus, windows, windowsapps |