Malware Bytes

reklam · 08.07.2011, 20:43

Hallo,

Ich teste seit kurzem die Vollversion von Malwarebytes Anti Malware, ich habe den Aktiv Schutz eingeschaltet.

Nun Sagt der mir Ständig das gefährliche Seiten Aufrufe geblockt wurden, und gibt mir eine Nummer an z.b 122.133.222 oder so änlich.

Jetzt habe ich Angst das ich mir was Schlimmes eingefangen habe.

Eine andere Frage habe ich auch noch, ich bin bei Hotmail, wie kann man sich vor gefährliche Email (Schäuble Email

) Schützen ?

Gibt es empfehlenswerte Programme dafür ?

defogger

Code:

ATTFilter

defogger_disable by jpshortstuff (23.02.10.1)
Log created at 16:00 on 08/07/2011 (Haziran)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.

Checking for services/drivers...
Unable to read sptd.sys
SPTD -> Disabled (Service running -> reboot required)


-=E.O.F=-

OTL.txt

OTL EXTRAS Logfile:

Code:

ATTFilter

OTL logfile created on: 08.07.2011 16:07:59 - Run 1
OTL by OldTimer - Version 3.2.26.1     Folder = C:\Dokumente und Einstellungen\Haziran\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1023,49 Mb Total Physical Memory | 554,02 Mb Available Physical Memory | 54,13% Memory free
2,40 Gb Paging File | 2,04 Gb Available in Paging File | 84,68% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 111,78 Gb Total Space | 88,81 Gb Free Space | 79,45% Space Free | Partition Type: NTFS
 
Computer Name: YOUR-IJA9DHES9N | User Name: Haziran | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2011.07.08 16:05:09 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Haziran\Desktop\OTL.exe
PRC - [2011.06.28 19:01:51 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Meine Installierten Programme\Avira\AntiVir Desktop\avguard.exe
PRC - [2011.06.14 01:52:23 | 001,011,768 | ---- | M] (Google Inc.) -- C:\Dokumente und Einstellungen\Haziran\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\Application\chrome.exe
PRC - [2011.06.06 17:16:20 | 000,671,552 | ---- | M] (TuneUp Software) -- C:\Programme\TuneUp Utilities 2011\TuneUpUtilitiesApp32.exe
PRC - [2011.06.06 17:14:42 | 001,524,544 | ---- | M] (TuneUp Software) -- C:\Programme\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe
PRC - [2011.05.29 09:11:28 | 000,449,584 | ---- | M] (Malwarebytes Corporation) -- C:\Meine Installierten Programme\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2011.05.29 09:11:28 | 000,366,640 | ---- | M] (Malwarebytes Corporation) -- C:\Meine Installierten Programme\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2011.04.30 08:46:17 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Meine Installierten Programme\Avira\AntiVir Desktop\sched.exe
PRC - [2011.01.10 15:22:55 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Meine Installierten Programme\Avira\AntiVir Desktop\avgnt.exe
PRC - [2010.01.14 22:10:53 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Meine Installierten Programme\Avira\AntiVir Desktop\avshadow.exe
PRC - [2008.04.14 08:52:46 | 001,036,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2002.11.13 16:34:36 | 000,073,728 | R--- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\sstray.exe
 
 
========== Modules (SafeList) ==========
 
MOD - [2011.07.08 16:05:09 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Haziran\Desktop\OTL.exe
MOD - [2010.08.23 18:11:46 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV - File not found [On_Demand | Stopped] --  -- (AppMgmt)
SRV - [2011.06.28 19:01:51 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Meine Installierten Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011.06.06 17:14:42 | 001,524,544 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Programme\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe -- (TuneUp.UtilitiesSvc)
SRV - [2011.06.06 17:12:18 | 000,029,504 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\WINDOWS\system32\uxtuneup.dll -- (UxTuneUp)
SRV - [2011.05.29 09:11:28 | 000,366,640 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Meine Installierten Programme\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011.04.30 08:46:17 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Meine Installierten Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2010.11.11 13:57:04 | 000,268,528 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- c:\Programme\Zune\WMZuneComm.exe -- (WMZuneComm)
SRV - [2010.11.11 13:57:02 | 000,444,656 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- c:\Programme\Zune\ZuneWlanCfgSvc.exe -- (ZuneWlanCfgSvc)
SRV - [2010.11.11 13:55:56 | 006,351,600 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- c:\Programme\Zune\ZuneNss.exe -- (ZuneNetworkSvc)
SRV - [2010.11.11 13:55:56 | 000,057,072 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- c:\Programme\Zune\ZuneBusEnum.exe -- (ZuneBusEnum)
SRV - [2010.03.25 10:25:22 | 030,969,208 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Meine Installierten Programme\Office 2010\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service)
SRV - [2010.01.09 21:37:50 | 004,640,000 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc)
SRV - [2010.01.09 20:18:00 | 000,149,352 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
 
 
========== Driver Services (SafeList) ==========
 [/PHP]


Extras.txt


[PHP]OTL Extras logfile created on: 08.07.2011 16:07:59 - Run 1
OTL by OldTimer - Version 3.2.26.1     Folder = C:\Dokumente und Einstellungen\Haziran\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1023,49 Mb Total Physical Memory | 554,02 Mb Available Physical Memory | 54,13% Memory free
2,40 Gb Paging File | 2,04 Gb Available in Paging File | 84,68% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 111,78 Gb Total Space | 88,81 Gb Free Space | 79,45% Space Free | Partition Type: NTFS
 
Computer Name: YOUR-IJA9DHES9N | User Name: Haziran | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Meine Installierten Programme\Office 2010\Office14\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Meine Installierten Programme\Office 2010\Office14\msohtmed.exe" /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Meine Installierten Programme\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Meine Installierten Programme\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"5985:TCP" = 5985:TCP:*:Disabled:Windows-Remoteverwaltung 
"80:TCP" = 80:TCP:*:Disabled:Windows-Remoteverwaltung - Kompatibilitätsmodus (HTTP eingehend) 
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Meine Installierten Programme\Office 2010\Office14\GROOVE.EXE" = C:\Meine Installierten Programme\Office 2010\Office14\GROOVE.EXE:*:Enabled:Microsoft SharePoint Workspace -- (Microsoft Corporation)
"C:\Meine Installierten Programme\Office 2010\Office14\ONENOTE.EXE" = C:\Meine Installierten Programme\Office 2010\Office14\ONENOTE.EXE:*:Enabled:Microsoft OneNote -- (Microsoft Corporation)
"C:\Meine Installierten Programme\Office 2010\Office14\OUTLOOK.EXE" = C:\Meine Installierten Programme\Office 2010\Office14\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook -- (Microsoft Corporation)
"C:\Programme\Java\jre6\bin\javaw.exe" = C:\Programme\Java\jre6\bin\javaw.exe:*:Enabled:Java(TM) Platform SE binary -- (Sun Microsystems, Inc.)
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{07EEE598-5F21-4B57-B40B-46592625B3D9}" = Zune Language Pack (PTB)
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F63ED0B-EDD2-4037-B6AB-1358C624AF48}" = Scan
"{21E75254-410E-49C4-8981-2E1A2A2221F2}" = HP Diagnostic Assistant
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{24036256-BFDB-4CD3-BE8A-A3D6160F2E16}" = TuneUp Utilities 2011
"{2405665A-16C9-4D3A-B70E-F006220E1472}" = Overland
"{267868CE-6DFF-40F7-9C58-C01119B7B117}" = Fax
"{26A24AE4-039D-4CA4-87B4-2F83216024FF}" = Java(TM) 6 Update 24
"{2BBC9458-07CA-4843-848B-5C8146E5EFA8}" = CreativeProjects
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{34A59AC3-6C5C-4A09-A7F5-369A37176C8A}" = AiOSoftware
"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3AE681E0-4E8D-453F-950A-48534D3C0724}" = Copy
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3CF78481-FB7B-4B51-99A2-D5E0CD0B3AAF}" = HPSystemDiagnostics
"{41254D7B-EADF-4078-AE4A-BD73B300EE86}" = Unload
"{457791C5-D702-4143-A7B2-2744BE9573F2}" = HP Software Update
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{5C93E291-A1CC-4E51-85C6-E194209FCDB4}" = Zune Language Pack (PTG)
"{5D4C60AA-84E6-4E1A-8A68-69970D387BE1}" = TuneUp Utilities Language Pack (de-DE)
"{6740BCB0-5863-47F4-80F4-44F394DE4FE2}" = Zune Language Pack (NLD)
"{6B33492E-FBBC-4EC3-8738-09E16E395A10}" = Zune Language Pack (ESP)
"{7006ED29-58F2-40C3-AE87-039287AD20B6}" = Zune
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{8777AC6D-89F9-4793-8266-DE406F343E89}" = QFolder
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90140000-0010-0407-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders  (German) 14
"{90140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2010
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{981FB376-8418-4EA8-BBED-9DE5AA63E7D5}" = SkinsHP1
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9CB2512B-3EC4-43DF-8002-46BDAB5EDD1B}" = QuickProjects
"{9EEBF8D5-8712-4D1D-88F4-4CDC2D270BC3}" = PrintScreen
"{A1062847-0846-427A-92A1-BB8251A91E91}" = HP PSC & OfficeJet 4.2
"{A1DCC235-DACC-4E1F-8D11-D630634B4AEF}" = PhotoGallery
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A2500497-FD32-493e-B8E5-28D6728DBEF5}" = Readme
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A4EA3AB4-E78C-4286-96DF-26035507CE55}" = AiO_Scan
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.0) - Deutsch
"{AED2DD42-9853-407E-A6BC-8A1D6B715909}" = Windows Live Messenger
"{B32C75F2-7495-4D01-9431-C11E97D66F8C}" = DocProc
"{B3D5D4E0-E965-41C4-ABFD-A7B1AD0663C2}" = Director
"{B45D9FEE-1AF4-46F3-9A83-2545F81547F5}" = CreativeProjectsTemplates
"{B56D5B09-C4FB-4EA0-8EAD-7BC3E2715A2D}" = DocumentViewer
"{BCC992E5-5C81-4066-9B55-03DC10B24D21}" = InstantShare
"{BE236D9A-52EC-4A17-82DA-84B5EAD31E3E}" = Zune Language Pack (DEU)
"{BF018D2F-C788-4AB1-AB95-1280EAB8F13E}" = TrayApp
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C2C284D2-6BD7-3B34-B0C5-B2CAED168DF7}" = Microsoft .NET Framework 3.0 Service Pack 2 Language Pack - DEU
"{C314CE45-3392-3B73-B4E1-139CD41CA933}" = Microsoft .NET Framework 2.0 Service Pack 2 Language Pack - DEU
"{C5D37FFA-7483-410B-982B-91E93FD3B7DA}" = Zune Language Pack (ITA)
"{C68D33B1-0204-4EBE-BC45-A6E432B1D13A}" = Zune Language Pack (FRA)
"{CAFA57E8-8927-4912-AFCF-B0AA3837E989}" = Windows Live Essentials
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D2041A37-5FEC-49F0-AE5C-3F2FFDFAA4F4}" = Windows Live Call
"{E78BFA60-5393-4C38-82AB-E8019E464EB4}" = Microsoft .NET Framework 1.1 German Language Pack
"{EC8673DA-F96B-497E-B2DB-BC7B029FD680}" = BufferChm
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F2CB8C3C-9C9E-4FAB-9067-655601C5F748}" = Windows Mobile Device Updater Component
"{F4F47155-5B4D-42AA-97F8-490BC52EA7F3}" = Destinations
"{F65787F3-B356-45EC-8DD0-0E6758EDBCEE}" = WebReg
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{FB08F381-6533-4108-B7DD-039E11FBC27E}" = Realtek AC'97 Audio
"{FF26F7EA-BCEE-478C-9A1B-6B4F88717D73}" = CueTour
"1489-3350-5074-6281" = JDownloader 0.9
"7-Zip" = 7-Zip 9.20
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"CCleaner" = CCleaner
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.9.40.602
"HP Photo & Imaging" = HP Image Zone 4.2
"ie8" = Windows Internet Explorer 8
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware Version 1.51.0.1200
"Microsoft .NET Framework 1.1  (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Monopoly Deluxe" = Monopoly Deluxe
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NVIDIA Drivers" = NVIDIA Drivers
"NVIDIAnForce" = NVIDIA nForce Treiber für Windows 2000/XP
"Office14.PROPLUS" = Microsoft Office Professional Plus 2010
"SSUtils" = NVIDIA nForce Utilities
"TuneUp Utilities 2011" = TuneUp Utilities 2011
"VLC media player" = VLC media player 1.1.7
"Wdf01009" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinLiveSuite_Wave3" = Windows Live Essentials
"winusb0100" = Microsoft WinUsb 1.0
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01009" = Microsoft User-Mode Driver Framework Feature Pack 1.9
"XPSEPSCLP" = XML Paper Specification Shared Components Language Pack 1.0
"Zune" = Zune
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
 
========== Last 10 Event Log Errors ==========
 
Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!
 
< End of report >

--- --- ---

Gmer.txt

Code:

ATTFilter

GMER 1.0.15.15640 - hxxp://www.gmer.net
Rootkit scan 2011-07-08 19:53:11
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 ST3120020A rev.3.30
Running: io8rs3rh.exe; Driver: C:\DOKUME~1\Haziran\LOKALE~1\Temp\pxrdyfob.sys


---- Registry - GMER 1.0.15 ----

Reg    HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)                                                            
Reg    HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4                                                                                
Reg    HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0                                                                                 0
Reg    HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0                                                                             0
Reg    HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh                                                                              0x76 0xA6 0xCD 0xF6 ...
Reg    HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh                                                                          0x76 0xA6 0xCD 0xF6 ...

---- User code sections - GMER 1.0.15 ----

.text  C:\Dokumente und Einstellungen\Haziran\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\Application\chrome.exe[2408] ntdll.dll!NtCreateFile + 6               7C91D0B4 4 Bytes  [28, 00, 16, 00]
.text  C:\Dokumente und Einstellungen\Haziran\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\Application\chrome.exe[2408] ntdll.dll!NtCreateFile + B               7C91D0B9 1 Byte  [E2]
.text  C:\Dokumente und Einstellungen\Haziran\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\Application\chrome.exe[2408] ntdll.dll!NtMapViewOfSection + 6         7C91D524 1 Byte  [28]
.text  C:\Dokumente und Einstellungen\Haziran\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\Application\chrome.exe[2408] ntdll.dll!NtMapViewOfSection + 6         7C91D524 4 Bytes  [28, 03, 16, 00]
.text  C:\Dokumente und Einstellungen\Haziran\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\Application\chrome.exe[2408] ntdll.dll!NtMapViewOfSection + B         7C91D529 1 Byte  [E2]
.text  C:\Dokumente und Einstellungen\Haziran\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\Application\chrome.exe[2408] ntdll.dll!NtOpenFile + 6                 7C91D5A4 4 Bytes  [68, 00, 16, 00]
.text  C:\Dokumente und Einstellungen\Haziran\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\Application\chrome.exe[2408] ntdll.dll!NtOpenFile + B                 7C91D5A9 1 Byte  [E2]
.text  C:\Dokumente und Einstellungen\Haziran\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\Application\chrome.exe[2408] ntdll.dll!NtOpenProcess + 6              7C91D604 4 Bytes  [A8, 01, 16, 00]
.text  C:\Dokumente und Einstellungen\Haziran\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\Application\chrome.exe[2408] ntdll.dll!NtOpenProcess + B              7C91D609 1 Byte  [E2]
.text  C:\Dokumente und Einstellungen\Haziran\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\Application\chrome.exe[2408] ntdll.dll!NtOpenProcessToken + 6         7C91D614 4 Bytes  CALL 7B91EC1A 
.text  C:\Dokumente und Einstellungen\Haziran\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\Application\chrome.exe[2408] ntdll.dll!NtOpenProcessToken + B         7C91D619 1 Byte  [E2]
.text  C:\Dokumente und Einstellungen\Haziran\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\Application\chrome.exe[2408] ntdll.dll!NtOpenProcessTokenEx + 6       7C91D624 4 Bytes  [A8, 02, 16, 00]
.text  C:\Dokumente und Einstellungen\Haziran\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\Application\chrome.exe[2408] ntdll.dll!NtOpenProcessTokenEx + B       7C91D629 1 Byte  [E2]
.text  C:\Dokumente und Einstellungen\Haziran\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\Application\chrome.exe[2408] ntdll.dll!NtOpenThread + 6               7C91D664 4 Bytes  [68, 01, 16, 00]
.text  C:\Dokumente und Einstellungen\Haziran\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\Application\chrome.exe[2408] ntdll.dll!NtOpenThread + B               7C91D669 1 Byte  [E2]
.text  C:\Dokumente und Einstellungen\Haziran\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\Application\chrome.exe[2408] ntdll.dll!NtOpenThreadToken + 6          7C91D674 4 Bytes  [68, 02, 16, 00]
.text  C:\Dokumente und Einstellungen\Haziran\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\Application\chrome.exe[2408] ntdll.dll!NtOpenThreadToken + B          7C91D679 1 Byte  [E2]
.text  C:\Dokumente und Einstellungen\Haziran\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\Application\chrome.exe[2408] ntdll.dll!NtOpenThreadTokenEx + 6        7C91D684 4 Bytes  CALL 7B91EC8B 
.text  C:\Dokumente und Einstellungen\Haziran\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\Application\chrome.exe[2408] ntdll.dll!NtOpenThreadTokenEx + B        7C91D689 1 Byte  [E2]
.text  C:\Dokumente und Einstellungen\Haziran\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\Application\chrome.exe[2408] ntdll.dll!NtQueryAttributesFile + 6      7C91D714 4 Bytes  [A8, 00, 16, 00]
.text  C:\Dokumente und Einstellungen\Haziran\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\Application\chrome.exe[2408] ntdll.dll!NtQueryAttributesFile + B      7C91D719 1 Byte  [E2]
.text  C:\Dokumente und Einstellungen\Haziran\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\Application\chrome.exe[2408] ntdll.dll!NtQueryFullAttributesFile + 6  7C91D7B4 4 Bytes  CALL 7B91EDB9 
.text  C:\Dokumente und Einstellungen\Haziran\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\Application\chrome.exe[2408] ntdll.dll!NtQueryFullAttributesFile + B  7C91D7B9 1 Byte  [E2]
.text  C:\Dokumente und Einstellungen\Haziran\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\Application\chrome.exe[2408] ntdll.dll!NtSetInformationFile + 6       7C91DC64 4 Bytes  [28, 01, 16, 00]
.text  C:\Dokumente und Einstellungen\Haziran\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\Application\chrome.exe[2408] ntdll.dll!NtSetInformationFile + B       7C91DC69 1 Byte  [E2]
.text  C:\Dokumente und Einstellungen\Haziran\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\Application\chrome.exe[2408] ntdll.dll!NtSetInformationThread + 6     7C91DCB4 4 Bytes  [28, 02, 16, 00]
.text  C:\Dokumente und Einstellungen\Haziran\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\Application\chrome.exe[2408] ntdll.dll!NtSetInformationThread + B     7C91DCB9 1 Byte  [E2]
.text  C:\Dokumente und Einstellungen\Haziran\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\Application\chrome.exe[2408] ntdll.dll!NtUnmapViewOfSection + 6       7C91DF14 1 Byte  [68]
.text  C:\Dokumente und Einstellungen\Haziran\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\Application\chrome.exe[2408] ntdll.dll!NtUnmapViewOfSection + 6       7C91DF14 4 Bytes  [68, 03, 16, 00]
.text  C:\Dokumente und Einstellungen\Haziran\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\Application\chrome.exe[2408] ntdll.dll!NtUnmapViewOfSection + B       7C91DF19 1 Byte  [E2]

---- Kernel code sections - GMER 1.0.15 ----

init   C:\WINDOWS\system32\drivers\nvax.sys                                                                                                                            entry point in "init" section [0xF7CD9392]
.text  C:\WINDOWS\System32\DRIVERS\nv4_mini.sys                                                                                                                        section is writeable [0xF6F61360, 0x24BB1D, 0xE8000020]

---- System - GMER 1.0.15 ----

SSDT   F7EF4114                                                                                                                                                        ZwClose
SSDT   F7EF40CE                                                                                                                                                        ZwCreateKey
SSDT   F7EF411E                                                                                                                                                        ZwCreateSection
SSDT   F7EF40C4                                                                                                                                                        ZwCreateThread
SSDT   F7EF40D3                                                                                                                                                        ZwDeleteKey
SSDT   F7EF40DD                                                                                                                                                        ZwDeleteValueKey
SSDT   F7EF410F                                                                                                                                                        ZwDuplicateObject
SSDT   F7EF40E2                                                                                                                                                        ZwLoadKey
SSDT   F7EF40B0                                                                                                                                                        ZwOpenProcess
SSDT   F7EF40B5                                                                                                                                                        ZwOpenThread
SSDT   F7EF40EC                                                                                                                                                        ZwReplaceKey
SSDT   F7EF40E7                                                                                                                                                        ZwRestoreKey
SSDT   F7EF4123                                                                                                                                                        ZwSetContextThread
SSDT   F7EF40D8                                                                                                                                                        ZwSetValueKey
SSDT   F7EF40BF                                                                                                                                                        ZwTerminateProcess

---- EOF - GMER 1.0.15 ----

Vielen dank im voraus für eure Hilfe.

cosinus · 11.07.2011, 10:33

Gibt es noch weitere Logs von Malwarebytes? Wenn ja bitte alle posten, die in Malwarebytes im Reiter Logdateien sichtbar sind.

Poste die Logs bitte NICHT in PHP-Tags! Verwende CODE-Tags oder häng sie gezippt hier an!

11.07.2011, 10:33	#2
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	Malware Bytes Gibt es noch weitere Logs von Malwarebytes? Wenn ja bitte alle posten, die in Malwarebytes im Reiter Logdateien sichtbar sind. Poste die Logs bitte NICHT in PHP-Tags! Verwende CODE-Tags oder häng sie gezippt hier an! __________________ __________________

Malware Bytes

Log-Analyse und Auswertung: Malware Bytes

Malware Bytes

Malware Bytes

Ähnliche Themen: Malware Bytes