Trojaner legt Virenprogramme lahm, verhindert Installation mbam-setup.exe

jaykay · 05.01.2010, 09:49

http://www.trojaner-board.de/81119-t...bam-setup.html

Gleiches Problem mit Bitte um schnellstmögliche Hilfe;
Vielen Dank im Voraus!!!!

Logfile of random's system information tool 1.06 (written by random/random)
Run by lili at 2010-01-05 09:30:15
Microsoft Windows XP Professional Service Pack 3
System drive C: has 325 GB (98%) free of 333 GB
Total RAM: 2047 MB (82% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 09:30:23, on 05.01.2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Safe mode with network support

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Programme\Lavasoft\Ad-Aware\AAWService.exe
C:\Programme\Lavasoft\Ad-Aware\AAWTray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\Mozilla Firefox\firefox.exe
C:\Dokumente und Einstellungen\lili\Eigene Dateien\Downloads\RSIT.exe
C:\Programme\trend micro\lili.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.de/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programme\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programme\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Programme\Windows-Defender\MmSASCui.exe"
O4 - HKLM\..\Run: [AntiVir] "C:\Windows\Tmp\Avira.bat"
O4 - HKLM\..\Run: [WindowsXP] "C:\Windows\Taskman.exe" /min
O4 - HKLM\..\Run: [Ad-Watch] C:\Programme\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Programme\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [vgt] "C:\DOKUME~1\lili\LOKALE~1\Temp\vgt.exe"
O4 - HKCU\..\Run: [settdebugx.exe] C:\DOKUME~1\lili\LOKALE~1\Temp\settdebugx.exe
O4 - HKCU\..\Run: [Malware Defense] "C:\Programme\Malware Defense\mdefense.exe" -noscan
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: OpenOffice.org 3.0.lnk = C:\Programme\OpenOffice.org 3\program\quickstart.exe
O4 - Global Startup: GA311 Smart Wizard Utility.lnk = C:\Programme\NETGEAR GA311 Adapter\GA311.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programme\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Programme\Lavasoft\Ad-Aware\AAWService.exe

--
End of file - 3866 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2008-06-11 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Programme\Java\jre6\bin\jp2ssv.dll [2010-01-04 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2010-01-04 73728]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"=C:\Programme\Adobe\Reader 9.0\Reader\Reader_sl.exe [2008-06-12 34672]
"SunJavaUpdateSched"=C:\Programme\Java\jre6\bin\jusched.exe [2010-01-04 149280]
"Windows Defender"=C:\Programme\Windows-Defender\MmSASCui.exe []
"AntiVir"=C:\Windows\Tmp\Avira.bat []
"WindowsXP"=C:\Windows\Taskman.exe [2008-04-14 15872]
"Ad-Watch"=C:\Programme\Lavasoft\Ad-Aware\AAWTray.exe [2010-01-04 520024]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"MSMSGS"=C:\Programme\Messenger\msmsgs.exe [2008-04-14 1695232]
"UpData"= []
"BD"= []
"vgt"=C:\DOKUME~1\lili\LOKALE~1\Temp\vgt.exe []
"settdebugx.exe"=C:\DOKUME~1\lili\LOKALE~1\Temp\settdebugx.exe []
"Malware Defense"=C:\Programme\Malware Defense\mdefense.exe -noscan []

C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart
GA311 Smart Wizard Utility.lnk - C:\Programme\NETGEAR GA311 Adapter\GA311.exe

C:\Dokumente und Einstellungen\lili\Startmenü\Programme\Autostart
OpenOffice.org 3.0.lnk - C:\Programme\OpenOffice.org 3\program\quickstart.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2009-03-10 265096]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Lavasoft Ad-Aware Service]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

======List of files/folders created in the last 1 months======

2010-01-05 09:30:16 ----D---- C:\Programme\trend micro
2010-01-05 09:30:15 ----D---- C:\rsit
2010-01-05 08:48:53 ----D---- C:\WINDOWS\LastGood.Tmp
2010-01-04 14:45:22 ----D---- C:\Dokumente und Einstellungen\lili\Anwendungsdaten\Mozilla
2010-01-04 14:45:11 ----D---- C:\Programme\Mozilla Firefox
2010-01-04 14:13:02 ----A---- C:\WINDOWS\system32\lsdelete.exe
2010-01-04 14:06:59 ----DC---- C:\WINDOWS\system32\DRVSTORE
2010-01-04 13:34:36 ----HDC---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{83C91755-2546-441D-AC40-9A6B4B860800}
2010-01-04 13:34:32 ----D---- C:\Programme\Lavasoft
2010-01-04 13:34:32 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Lavasoft
2010-01-04 13:30:43 ----D---- C:\_OTM
2010-01-04 13:24:38 ----D---- C:\VundoFix Backups
2010-01-04 13:24:38 ----A---- C:\VundoFix.txt
2010-01-04 13:23:15 ----SHD---- C:\WINDOWS\CSC
2010-01-04 12:38:24 ----D---- C:\Programme\Spybot - Search & Destroy
2010-01-04 12:38:24 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy
2010-01-04 12:06:09 ----A---- C:\WINDOWS\system32\javaws.exe
2010-01-04 12:06:09 ----A---- C:\WINDOWS\system32\javaw.exe
2010-01-04 12:06:09 ----A---- C:\WINDOWS\system32\java.exe
2010-01-04 12:06:09 ----A---- C:\WINDOWS\system32\deploytk.dll
2010-01-04 12:05:17 ----D---- C:\WINDOWS\ie8updates
2010-01-04 12:03:46 ----HDC---- C:\WINDOWS\ie8
2010-01-04 11:47:49 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes
2010-01-04 11:47:48 ----D---- C:\Programme\Malwarebytes' Anti-Malware
2009-12-30 14:35:55 ----A---- C:\WINDOWS\system32\krl32mainweq.dll
2009-12-30 14:34:41 ----A---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\sysReserve.ini
2009-12-10 17:58:19 ----HDC---- C:\WINDOWS\$NtUninstallKB970430$
2009-12-10 17:58:15 ----HDC---- C:\WINDOWS\$NtUninstallKB974318$
2009-12-10 17:58:11 ----HDC---- C:\WINDOWS\$NtUninstallKB973904$
2009-12-10 17:57:50 ----HDC---- C:\WINDOWS\$NtUninstallKB974392$
2009-12-10 17:57:44 ----HDC---- C:\WINDOWS\$NtUninstallKB971737$

======List of files/folders modified in the last 1 months======

2010-01-05 09:30:16 ----RD---- C:\Programme
2010-01-05 09:27:06 ----D---- C:\WINDOWS\Temp
2010-01-05 09:27:06 ----D---- C:\WINDOWS\Debug
2010-01-05 09:27:06 ----D---- C:\WINDOWS
2010-01-05 09:03:42 ----D---- C:\WINDOWS\system32
2010-01-05 08:48:59 ----HD---- C:\WINDOWS\inf
2010-01-05 08:48:57 ----RSHDC---- C:\WINDOWS\system32\dllcache
2010-01-05 08:48:53 ----HD---- C:\WINDOWS\$hf_mig$
2010-01-05 08:48:52 ----D---- C:\WINDOWS\system32\CatRoot2
2010-01-04 14:18:25 ----D---- C:\WINDOWS\Prefetch
2010-01-04 14:07:02 ----SD---- C:\WINDOWS\Tasks
2010-01-04 14:07:00 ----D---- C:\WINDOWS\system32\drivers
2010-01-04 13:34:35 ----SHD---- C:\WINDOWS\Installer
2010-01-04 12:10:33 ----D---- C:\WINDOWS\system32\de-de
2010-01-04 12:10:33 ----D---- C:\WINDOWS\Media
2010-01-04 12:10:33 ----D---- C:\WINDOWS\Help
2010-01-04 12:10:33 ----D---- C:\Programme\Internet Explorer
2010-01-04 12:05:44 ----D---- C:\Programme\Java
2010-01-04 12:01:42 ----D---- C:\WINDOWS\system32\CatRoot
2010-01-04 09:00:07 ----D---- C:\WINPRAX1
2009-12-11 10:04:28 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2009-12-10 17:57:56 ----D---- C:\WINDOWS\ie7updates

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R3 HDAudBus;Microsoft UAA-Bustreiber für High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-14 144384]
R3 HDAudBus;Microsoft UAA-Bustreiber für High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-14 144384]
R3 RTL8023;NETGEAR GA311 Gigabit Adapter NDIS Driver; C:\WINDOWS\system32\DRIVERS\GA311ND5.SYS [2003-12-25 67456]
R3 usbehci;Miniporttreiber für erweiterten Microsoft USB 2.0-Hostcontroller; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-14 30208]
R3 usbhub;USB2-aktivierter Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-14 59520]
R3 usbstor;USB-Massenspeichertreiber; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]
R3 usbuhci;Miniporttreiber für universellen Microsoft USB-Hostcontroller; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-14 20608]
S1 intelppm;Intel-Prozessortreiber; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40448]
S2 LANPkt;Realtek LANPkt Protocol; C:\WINDOWS\system32\DRIVERS\LANPkt.sys [2003-12-25 8440]
S3 Arp1394;1394-ARP-Clientprotokoll; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-14 60800]
S3 Diag69xp;Diag69xp; C:\WINDOWS\System32\Drivers\Diag69xp.sys [2003-12-25 11237]
S3 NIC1394;1394-Netzwerktreiber; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-14 61824]
S3 usbprint;Microsoft USB-Druckerklasse; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-14 25856]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service; C:\Programme\Lavasoft\Ad-Aware\AAWService.exe [2010-01-04 1028432]
S2 JavaQuickStarterService;Java Quick Starter; C:\Programme\Java\jre6\bin\jqs.exe [2010-01-04 153376]
S4 WinDefend;Speicher Reserve; C:\Programme\Reserve Speicher\MMsMpEng.exe []

-----------------EOF-----------------

cosinus · 05.01.2010, 16:17

Hallo und

Zitat:

Boot mode: Safe mode with network support

Die Logs bitte NICHT im abgesicherten Modus erstellen!

TrojanHunter · 05.01.2010, 17:51

Mein Tipp auch an dich,
Lade Malwarebytes herunter und ändere den Namen, versuche dann es zu installieren.
Nach der Installation geh in den Installationsordner und benenne dort ebenfalls die mbam.exe um. z.b in run.exe
Danach müsste sich das Programm starten lassen

cosinus · 05.01.2010, 19:02

Aber bitte zuerst das Log von RSIT im normalen Modus posten!

05.01.2010, 19:02	#4
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	Trojaner legt Virenprogramme lahm, verhindert Installation mbam-setup.exe Aber bitte zuerst das Log von RSIT im normalen Modus posten! __________________ Logfiles bitte immer in CODE-Tags posten

Trojaner legt Virenprogramme lahm, verhindert Installation mbam-setup.exe

Plagegeister aller Art und deren Bekämpfung: Trojaner legt Virenprogramme lahm, verhindert Installation mbam-setup.exe