| |
| |||||||
Log-Analyse und Auswertung: Sicherheitscenter und Defender werden deaktiviert win7Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
05.04.2011, 18:08
| #1 |
 |  Sicherheitscenter und Defender werden deaktiviert win7 Hallo liebe User, mein Problem ist wohl schon des öfteren aufgetreten aber die lösung scheint immer individuell anders zu sein zumindest kommt mir das so vor wenn ich die threats hier so lese. also nun zum problem es haben sich ständig IE fenster mit werbung geöffnet und nach diversen scans und antivieren software habe ich das auch wieder in den griff bekommen allerdings sind wohl folgeschäden des befalls übrig geblieben. der defender geht direkt wieder zu und das sicherheitscenter kann ich über dienste von deaktiviert auf automatisch stellen und anschließend starten aber nach kurzer zeit ist es wieder deaktiviert. Kaspersky findet nix mehr und wenn ich bei google nach seiten suche die mir helfen könnten und diese anklick werde ich umgeleitet auf irgendwelche werbung nachdem ich die seite angeklickt habe. wenn ich die linkadresse kopier und manuell in einen neuen tab einfüge funktioniert es in der regel aber das ich auf die gewünschte seite komme. hijackthis bringt folgendes ergebnis: Code:
ATTFilter Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 18:39:18, on 05.04.2011 Platform: Unknown Windows (WinNT 6.01.3505 SP1) MSIE: Internet Explorer v8.00 (8.00.7601.17514) Boot mode: Normal Running processes: C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe C:\Program Files (x86)\Rainlendar2\Rainlendar2.exe C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin C:\Program Files (x86)\Winamp\winampa.exe C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe C:\Program Files (x86)\iTunes\iTunesHelper.exe C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe C:\Program Files (x86)\Brother\ControlCenter3\brccMCtl.exe C:\Program Files (x86)\Brother\Brmfcmon\BrMfcmon.exe C:\Program Files (x86)\Adobe\Reader 9.0\Reader\reader_sl.exe C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe C:\Program Files (x86)\Mozilla Firefox\firefox.exe C:\Program Files (x86)\Trend Micro\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Preserve R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = h**p://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = h**p://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = h**p://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = h**p://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = F2 - REG:system.ini: UserInit=userinit.exe, O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\ievkbd.dll O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll O2 - BHO: link filter bho - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\klwtbbho.dll O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files (x86)\Winamp\winampa.exe" O4 - HKLM\..\Run: [VirtualCloneDrive] "C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [ControlCenter3] C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe /autorun O4 - HKLM\..\Run: [BrMfcWnd] C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" O4 - HKLM\..\Run: [AVP] "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe" O4 - HKCU\..\Run: [Sony Ericsson PC Suite] "C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" /systray /nologon O4 - HKCU\..\Run: [Rainlendar2] C:\Program Files (x86)\Rainlendar2\Rainlendar2.exe O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOKALER DIENST') O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOKALER DIENST') O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETZWERKDIENST') O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETZWERKDIENST') O4 - Startup: OpenOffice.org 3.1.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe O9 - Extra button: &Virtuelle Tastatur - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\klwtbbho.dll O9 - Extra button: ICQ7.4 - {73C6DCFB-B606-47F3-BDFA-9A4FBF931E37} - C:\Program Files (x86)\ICQ7.4\ICQ.exe O9 - Extra 'Tools' menuitem: ICQ7.4 - {73C6DCFB-B606-47F3-BDFA-9A4FBF931E37} - C:\Program Files (x86)\ICQ7.4\ICQ.exe O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: Li&nks untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\klwtbbho.dll O13 - Gopher Prefix: O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - h**p://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL O20 - AppInit_DLLs: C:\PROGRA~2\KASPER~1\KASPER~1\mzvkbd3.dll O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing) O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe O23 - Service: AVM WLAN Connection Service - AVM Berlin - C:\Program Files (x86)\avmwlanstick\WlanNetService.exe O23 - Service: Kaspersky Anti-Virus Service (AVP) - Kaspersky Lab ZAO - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe O23 - Service: Dienst "Bonjour" (Bonjour Service) - Apple Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\Windows\SysWOW64\brsvc01a.exe O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing) O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing) O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: NIHardwareService - Native Instruments GmbH - C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe O23 - Service: ServiceLayer - Nokia - C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing) O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing) O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing) O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) -- End of file - 9869 bytes Code:
ATTFilter Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org
Datenbank Version: 6278
Windows 6.1.7601 Service Pack 1
Internet Explorer 8.0.7601.17514
05.04.2011 17:18:43
mbam-log-2011-04-05 (17-18-43).txt
Art des Suchlaufs: Vollständiger Suchlauf (C:\|)
Durchsuchte Objekte: 323978
Laufzeit: 34 Minute(n), 30 Sekunde(n)
Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 2
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0
Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)
Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungsschlüssel:
HKEY_CURRENT_USER\SOFTWARE\IKXGVMFZHI (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Q8PS7ZCLN6 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)
Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)
Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)
Infizierte Dateien:
(Keine bösartigen Objekte gefunden)
Code:
ATTFilter --- Spybot - Search & Destroy version: 1.6.2 (build: 20090126) ---
2009-01-26 blindman.exe (1.0.0.8)
2009-01-26 SDFiles.exe (1.6.1.7)
2009-01-26 SDMain.exe (1.0.0.6)
2009-01-26 SDShred.exe (1.0.2.5)
2009-01-26 SDUpdate.exe (1.6.0.12)
2009-01-26 SDWinSec.exe (1.0.0.12)
2009-01-26 SpybotSD.exe (1.6.2.46)
2009-03-05 TeaTimer.exe (1.6.6.32)
2009-12-23 unins000.exe (51.49.0.0)
2009-01-26 Update.exe (1.6.0.7)
2009-11-04 advcheck.dll (1.6.5.20)
2007-04-02 aports.dll (2.1.0.0)
2008-06-14 DelZip179.dll (1.79.11.1)
2009-01-26 SDHelper.dll (1.6.2.14)
2008-06-19 sqlite3.dll
2009-01-26 Tools.dll (2.1.6.10)
2009-01-16 UninsSrv.dll (1.0.0.0)
2011-03-18 Includes\Adware.sbi
2011-03-22 Includes\AdwareC.sbi
2010-08-13 Includes\Cookies.sbi
2010-12-14 Includes\Dialer.sbi
2011-03-08 Includes\DialerC.sbi
2011-02-24 Includes\HeavyDuty.sbi
2011-03-29 Includes\Hijackers.sbi
2011-03-29 Includes\HijackersC.sbi
2010-09-15 Includes\iPhone.sbi
2010-12-14 Includes\Keyloggers.sbi
2011-03-08 Includes\KeyloggersC.sbi
2004-11-29 Includes\LSP.sbi
2011-03-29 Includes\Malware.sbi
2011-03-29 Includes\MalwareC.sbi
2011-02-24 Includes\PUPS.sbi
2011-03-15 Includes\PUPSC.sbi
2010-01-25 Includes\Revision.sbi
2009-01-13 Includes\Security.sbi
2011-03-08 Includes\SecurityC.sbi
2008-06-03 Includes\Spybots.sbi
2008-06-03 Includes\SpybotsC.sbi
2011-02-24 Includes\Spyware.sbi
2011-03-15 Includes\SpywareC.sbi
2010-03-08 Includes\Tracks.uti
2010-12-28 Includes\Trojans.sbi
2011-03-25 Includes\TrojansC-02.sbi
2011-03-29 Includes\TrojansC-03.sbi
2011-03-08 Includes\TrojansC-04.sbi
2011-03-29 Includes\TrojansC-05.sbi
2011-03-08 Includes\TrojansC.sbi
2008-03-04 Plugins\Chai.dll
2008-03-05 Plugins\Fennel.dll
2008-02-26 Plugins\Mate.dll
2007-12-24 Plugins\TCPIPAddress.dll
--- System information ---
Unknown Windows version 6.1 (Build: 7601) Service Pack 1 (6.1.7601)
--- Startup entries list ---
Located: HK_LM:Run, Adobe ARM
command: "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
file: C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
size: 932288
MD5: BAD6BEA0DE1F69C82BDB74378CE0C20A
Located: HK_LM:Run, Adobe Reader Speed Launcher
command: "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
file: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe
size: 35760
MD5: 37BF603C3685289CA684C4D3400A9DE7
Located: HK_LM:Run, AppleSyncNotifier
command: C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
file: C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
size: 47904
MD5: 310638EBDD87B49DF3D12EDB853D5166
Located: HK_LM:Run, AVP
command: "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe"
file: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe
size: 365336
MD5: B2B3FCBA37671C853879DF7DDE8A839A
Located: HK_LM:Run, BrMfcWnd
command: C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
file: C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe
size: 1159168
MD5: 4D5D968FE6AE6BF94A807F73F7FF6B3D
Located: HK_LM:Run, ControlCenter3
command: C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe /autorun
file: C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe
size: 114688
MD5: 4DE3EF07E0854547309C6B40235A9D44
Located: HK_LM:Run, iTunesHelper
command: "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
file: C:\Program Files (x86)\iTunes\iTunesHelper.exe
size: 421160
MD5: F3DEAA1F2FCF70FAF6DE3757CA343FA5
Located: HK_LM:Run, QuickTime Task
command: "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
file: C:\Program Files (x86)\QuickTime\QTTask.exe
size: 421888
MD5: 0AEE5668EB59912F32FF245BFA72465F
Located: HK_LM:Run, StartCCC
command: "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
file: C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
size: 61440
MD5: F9E9D44FDB0861536E5BBBC4B63FE224
Located: HK_LM:Run, SunJavaUpdateSched
command: "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
file: C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
size: 249064
MD5: 2E5212A0BFB98FE0167C92C76C87AFE3
Located: HK_LM:Run, VirtualCloneDrive
command: "C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
file: C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
size: 85160
MD5: 860927EC4DA5D1B5D15337BF3E997C6A
Located: HK_LM:Run, WinampAgent
command: "C:\Program Files (x86)\Winamp\winampa.exe"
file: C:\Program Files (x86)\Winamp\winampa.exe
size: 37888
MD5: BD74140F2EBC9FCD1AC425BE81DF6329
Located: HK_CU:Run, Rainlendar2
where: S-1-5-21-804603618-2216213293-859293424-1001...
command: C:\Program Files (x86)\Rainlendar2\Rainlendar2.exe
file: C:\Program Files (x86)\Rainlendar2\Rainlendar2.exe
size: 5148672
MD5: 98635DED2D7D265110FC861ABD75C344
Located: HK_CU:Run, Sidebar
where: S-1-5-21-804603618-2216213293-859293424-1001...
command: C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
file: C:\Program Files\Windows Sidebar\sidebar.exe
size: 1475584
MD5: E3BF29CED96790CDAAFA981FFDDF53A3
Located: HK_CU:Run, Sony Ericsson PC Suite
where: S-1-5-21-804603618-2216213293-859293424-1001...
command: "C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" /systray /nologon
file: C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe
size: 434176
MD5: A80BD9E34A26FF8E25CACB5A06AE4F14
Located: Startup (Benutzer), OpenOffice.org 3.1.lnk
where: C:\Users\Amok\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup...
command: C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe
file: C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe
size: 384000
MD5: C047C9C6CD8E134AFDFDB374E80547E5
--- Browser helper object list ---
{18DF081C-E8AD-4283-A596-FA578C2EBDC3} (AcroIEHelperStub)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name: AcroIEHelperStub
CLSID name: Adobe PDF Link Helper
Path: C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\
Long name: AcroIEHelperShim.dll
Short name: ACROIE~2.DLL
Date (created): 22.09.2010 18:04:14
Date (last access): 11.10.2010 16:58:32
Date (last write): 22.09.2010 18:04:14
Filesize: 75200
Attributes: archive
MD5: 203A74767EB81F96A5166B1933DB46D0
CRC32: B0D671C9
Version: 9.4.0.195
{59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} (IEVkbdBHO)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name: IEVkbdBHO
CLSID name: IEVkbdBHO Class
Path: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\
Long name: ievkbd.dll
Short name:
Date (created): 05.10.2010 20:27:00
Date (last access): 03.04.2011 18:27:10
Date (last write): 05.10.2010 20:27:00
Filesize: 68280
Attributes: archive
MD5: 3936312618A1B4E8B79231DC53C326E7
CRC32: 7AF036B8
Version: 11.0.2.556
{9030D464-4C02-4ABF-8ECC-5164760863C6} (Windows Live Anmelde-Hilfsprogramm)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name: Windows Live Anmelde-Hilfsprogramm
Path: C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\
Long name: WindowsLiveLogin.dll
Short name: WINDOW~1.DLL
Date (created): 22.01.2009 16:41:30
Date (last access): 12.12.2009 21:02:26
Date (last write): 22.01.2009 16:41:30
Filesize: 408448
Attributes: archive
MD5: B7899C3E21B299D7A3C0DA96CAE340BD
CRC32: 288935F8
Version: 5.0.818.5
{DBC80044-A445-435b-BC74-9C25C1C588A9} (Java(tm) Plug-In 2 SSV Helper)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name: Java(tm) Plug-In 2 SSV Helper
Path: C:\Program Files (x86)\Java\jre6\bin\
Long name: jp2ssv.dll
Short name:
Date (created): 09.02.2011 17:31:20
Date (last access): 28.02.2011 15:57:38
Date (last write): 09.02.2011 17:31:20
Filesize: 41760
Attributes: archive
MD5: 88E49C2B7E75B1D9695D6A063F28A8BB
CRC32: A5ABF297
Version: 6.0.240.7
{E33CF602-D945-461A-83F0-819F76A199F8} (link filter bho)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name: link filter bho
CLSID name: FilterBHO Class
Path: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\
Long name: klwtbbho.dll
Short name:
Date (created): 05.10.2010 20:27:06
Date (last access): 03.04.2011 18:27:14
Date (last write): 05.10.2010 20:27:06
Filesize: 191160
Attributes: archive
MD5: 888A8C956207A88036571E8AE2356C46
CRC32: 79DC82BB
Version: 11.0.2.556
--- ActiveX list ---
{8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0)
DPF name: Java Runtime Environment 1.6.0
CLSID name: Java Plug-in 1.6.0_24
Installer:
Codebase: h**p://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
description: Sun Java
classification: Legitimate
known filename: %PROGRAM FILES%\JabaSoft\JRE\*\Bin\npjava131.dll
info link:
info source: Patrick M. Kolla
Path: C:\Program Files (x86)\Java\jre6\bin\
Long name: jp2iexp.dll
Short name:
Date (created): 05.12.2009 10:31:54
Date (last access): 02.02.2011 23:46:34
Date (last write): 02.02.2011 22:40:28
Filesize: 112416
Attributes: archive
MD5: 8E66E95FCD0218767CC5953F7BA64D19
CRC32: F9A66843
Version: 6.0.240.7
{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} (Java Runtime Environment 1.6.0)
DPF name: Java Runtime Environment 1.6.0
CLSID name: Java Plug-in 1.6.0_16
Installer:
Codebase: h**p://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
Path: C:\Program Files (x86)\Java\jre6\bin\
Long name: jp2iexp.dll
Short name:
Date (created): 05.12.2009 10:31:54
Date (last access): 02.02.2011 23:46:34
Date (last write): 02.02.2011 22:40:28
Filesize: 112416
Attributes: archive
MD5: 8E66E95FCD0218767CC5953F7BA64D19
CRC32: F9A66843
Version: 6.0.240.7
{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} (Java Runtime Environment 1.6.0)
DPF name: Java Runtime Environment 1.6.0
CLSID name: Java Plug-in 1.6.0_24
Installer:
Codebase: h**p://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
Path: C:\Program Files (x86)\Java\jre6\bin\
Long name: jp2iexp.dll
Short name:
Date (created): 05.12.2009 10:31:54
Date (last access): 02.02.2011 23:46:34
Date (last write): 02.02.2011 22:40:28
Filesize: 112416
Attributes: archive
MD5: 8E66E95FCD0218767CC5953F7BA64D19
CRC32: F9A66843
Version: 6.0.240.7
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} (Java Runtime Environment 1.6.0)
DPF name: Java Runtime Environment 1.6.0
CLSID name: Java Plug-in 1.6.0_24
Installer:
Codebase: h**p://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
description:
classification: Legitimate
known filename: npjpi150_06.dll
info link:
info source: Safer Networking Ltd.
Path: C:\Program Files (x86)\Java\jre6\bin\
Long name: npjpi160_24.dll
Short name: NPJPI1~1.DLL
Date (created): 02.02.2011 20:19:42
Date (last access): 02.02.2011 23:46:44
Date (last write): 02.02.2011 22:40:34
Filesize: 141088
Attributes: archive
MD5: 1DA2629EEE65A34D54BB9741CE30DE3D
CRC32: 64BB8CA2
Version: 6.0.240.7
{D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object)
DPF name:
CLSID name: Shockwave Flash Object
Installer: C:\Windows\Downloaded Program Files\swflash.inf
Codebase: h**p://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
description: Macromedia Shockwave Flash Player
classification: Legitimate
known filename:
info link:
info source: Patrick M. Kolla
Path: C:\Windows\SysWOW64\Macromed\Flash\
Long name: Flash10l.ocx
Short name:
Date (created): 16.11.2010 08:56:02
Date (last access): 16.11.2010 08:56:02
Date (last write): 16.11.2010 08:56:02
Filesize: 6071760
Attributes: readonly archive
MD5: 9C54F2CC2301599D698399D7E49C7321
CRC32: DFC2F74C
Version: 10.1.102.64
--- Process list ---
PID: 0 ( 0) [System]
PID: 2600 (1780) C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe
size: 434176
MD5: A80BD9E34A26FF8E25CACB5A06AE4F14
PID: 2720 (1780) C:\Program Files (x86)\Rainlendar2\Rainlendar2.exe
size: 5148672
MD5: 98635DED2D7D265110FC861ABD75C344
PID: 2900 (2888) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
size: 7424000
MD5: 83170B8E03213093B065A9638E146499
PID: 2908 (2900) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
size: 7418368
MD5: 873867A02F0E83F18CF871E776B651DC
PID: 2920 (2828) C:\Program Files (x86)\Winamp\winampa.exe
size: 37888
MD5: BD74140F2EBC9FCD1AC425BE81DF6329
PID: 2928 (2828) C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
size: 85160
MD5: 860927EC4DA5D1B5D15337BF3E997C6A
PID: 2988 (2828) C:\Program Files (x86)\iTunes\iTunesHelper.exe
size: 421160
MD5: F3DEAA1F2FCF70FAF6DE3757CA343FA5
PID: 3012 (2828) C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe
size: 1159168
MD5: 4D5D968FE6AE6BF94A807F73F7FF6B3D
PID: 3028 (2996) C:\Program Files (x86)\Brother\ControlCenter3\brccMCtl.exe
size: 872448
MD5: 36E5CA5DCE72A831A3F7C7ED8AEA83AE
PID: 2076 (3012) C:\Program Files (x86)\Brother\Brmfcmon\BrMfcmon.exe
size: 221184
MD5: 490F9A7948EF661DF32A9F0DC8534284
PID: 3844 (2828) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
size: 249064
MD5: 2E5212A0BFB98FE0167C92C76C87AFE3
PID: 3912 (2828) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe
size: 365336
MD5: B2B3FCBA37671C853879DF7DDE8A839A
PID: 772 (1780) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
size: 924632
MD5: 7AAF26E5CEC48A364FAB61A3505668FB
PID: 4736 (1780) C:\Program Files (x86)\Spybot - Search & Destroy\SpybotSD.exe
size: 5365592
MD5: 0477C2F9171599CA5BC3307FDFBA8D89
PID: 4 ( 0) System
PID: 304 ( 4) smss.exe
PID: 500 ( 484) csrss.exe
PID: 564 ( 484) wininit.exe
size: 96256
PID: 584 ( 572) csrss.exe
PID: 620 ( 564) services.exe
PID: 644 ( 564) lsass.exe
PID: 652 ( 564) lsm.exe
PID: 732 ( 572) winlogon.exe
PID: 800 ( 620) svchost.exe
size: 20992
PID: 880 ( 620) svchost.exe
size: 20992
PID: 956 ( 620) svchost.exe
size: 20992
PID: 1012 ( 620) svchost.exe
size: 20992
PID: 252 ( 620) svchost.exe
size: 20992
PID: 1028 ( 620) svchost.exe
size: 20992
PID: 1144 ( 620) svchost.exe
size: 20992
PID: 1272 ( 620) brsvc01a.exe
size: 57344
PID: 1280 ( 252) taskeng.exe
size: 192000
PID: 1352 ( 620) spoolsv.exe
PID: 1380 ( 620) svchost.exe
size: 20992
PID: 1436 (1280) rundll32.exe
size: 44544
PID: 1444 (1436) rundll32.exe
size: 44544
PID: 1508 ( 620) AppleMobileDeviceService.exe
PID: 1536 (1272) brss01a.exe
size: 45056
PID: 1564 ( 620) WLanNetService.exe
PID: 1600 ( 620) avp.exe
PID: 1692 ( 620) C:\Windows\System32\taskhost.exe
PID: 1756 (1012) C:\Windows\System32\dwm.exe
PID: 1780 (1748) C:\Windows\explorer.exe
size: 2872320
MD5: AC4C51EB24AA95B77F705AB159189E24
PID: 1928 ( 620) mDNSResponder.exe
PID: 1968 ( 620) svchost.exe
size: 20992
PID: 2020 ( 620) NIHardwareService.exe
PID: 1680 ( 620) TCPSVCS.EXE
size: 9216
PID: 2080 ( 620) svchost.exe
size: 20992
PID: 2100 ( 620) svchost.exe
size: 20992
PID: 2588 (1780) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
size: 9608224
MD5: 899886E81E666D147036C9358FA94A01
PID: 2820 (1780) C:\Program Files\Windows Sidebar\sidebar.exe
size: 1475584
MD5: E3BF29CED96790CDAAFA981FFDDF53A3
PID: 2944 (2936) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
size: 49152
MD5: 6B87742F27B087AF7FD4ADC2DB685DE0
PID: 2792 (2944) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
size: 49152
MD5: 4C08FB7ACB28689B586D986D3F5826CF
PID: 3200 ( 620) iPodService.exe
PID: 3596 ( 620) svchost.exe
size: 20992
PID: 3708 ( 620) wmpnetwk.exe
PID: 3928 ( 620) svchost.exe
size: 20992
PID: 2756 ( 620) svchost.exe
size: 20992
PID: 3112 ( 956) audiodg.exe
--- Browser start & search pages list ---
Spybot - Search & Destroy browser pages report, 05.04.2011 19:00:42
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Local Page
C:\Windows\system32\blank.htm
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Search Page
h**p://go.microsoft.com/fwlink/?LinkId=54896
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Search Bar
Preserve
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Start Page
about:blank
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Local Page
C:\Windows\SysWOW64\blank.htm
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Search Page
h**p://go.microsoft.com/fwlink/?LinkId=54896
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Start Page
about:blank
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Page_URL
h**p://go.microsoft.com/fwlink/?LinkId=69157
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Search_URL
h**p://go.microsoft.com/fwlink/?LinkId=54896
--- Winsock Layered Service Provider list ---
Protocol 0: MSAFD-Tcpip [TCP/IP]
GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IP protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip[*]
Protocol 1: MSAFD-Tcpip [UDP/IP]
GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IP protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip[*]
Protocol 2: MSAFD-Tcpip [RAW/IP]
GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IP protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip[*]
Protocol 3: MSAFD-Tcpip [TCP/IPv6]
GUID: {F9EAB0C0-26D4-11D0-BBBF-00AA006C34E4}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IPv6 protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip[*]
Protocol 4: MSAFD-Tcpip [UDP/IPv6]
GUID: {F9EAB0C0-26D4-11D0-BBBF-00AA006C34E4}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IPv6 protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip[*]
Protocol 5: MSAFD-Tcpip [RAW/IPv6]
GUID: {F9EAB0C0-26D4-11D0-BBBF-00AA006C34E4}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IPv6 protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip[*]
Protocol 6: RSVP-TCPv6-Dienstanbieter
GUID: {9D60A9E0-337A-11D0-BD88-0000C082E69A}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP RVSP
DB filename: %SystemRoot%\system32\rsvpsp.dll
DB protocol: RSVP * Service Provider
Protocol 7: RSVP-TCP-Dienstanbieter
GUID: {9D60A9E0-337A-11D0-BD88-0000C082E69A}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP RVSP
DB filename: %SystemRoot%\system32\rsvpsp.dll
DB protocol: RSVP * Service Provider
Protocol 8: RSVP-UDPv6-Dienstanbieter
GUID: {9D60A9E0-337A-11D0-BD88-0000C082E69A}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP RVSP
DB filename: %SystemRoot%\system32\rsvpsp.dll
DB protocol: RSVP * Service Provider
Protocol 9: RSVP-UDP-Dienstanbieter
GUID: {9D60A9E0-337A-11D0-BD88-0000C082E69A}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP RVSP
DB filename: %SystemRoot%\system32\rsvpsp.dll
DB protocol: RSVP * Service Provider
Protocol 10: MSAFD RfComm [Bluetooth]
GUID: {9FC48064-7298-43E4-B7BD-181F2089792A}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Bluetooth
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD RfComm [Bluetooth]
Namespace Provider 0: NLA (Network Location Awareness, NLAv1)-Namespace
GUID: {6642243A-3BA8-4AA6-BAA5-2E0BD71FDD83}
Filename:
Description: Microsoft Windows NT/2k/XP name space provider
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: NLA-Namespace
Namespace Provider 1: E-Mail-Namenshimanbieter
GUID: {964ACBA2-B2BC-40EB-8C6A-A6DB40161CAE}
Filename:
Namespace Provider 2: PNRP-Wolken-Namespaceanbieter
GUID: {03FE89CE-766D-4976-B9C1-BB9BC42C7B4D}
Filename:
Namespace Provider 3: PNRP-Namen-Namespaceanbieter
GUID: {03FE89CD-766D-4976-B9C1-BB9BC42C7B4D}
Filename:
Namespace Provider 4: Bluetooth-Namespace
GUID: {06AA63E0-7D60-41FF-AFB2-3EE6D2D9392D}
Filename: %SystemRoot%\system32\wshbth.dll
Description: Bluetooth
DB filename: %SystemRoot%\system32\wshbth.dll
DB protocol: Bluetooth-Namespace
Namespace Provider 5: mdnsNSP
GUID: {B600E6E9-553B-4A19-8696-335E5C896153}
Filename: C:\Program Files (x86)\Bonjour\mdnsNSP.dll
Description: Apple Rendezvous protocol
DB filename: %ProgramFiles%\Rendezvous\bin\mdnsNSP.dll
DB protocol: mdnsNSP
Namespace Provider 6: TCP/IP
GUID: {22059D40-7E9E-11CF-AE5A-00AA00A7112B}
Filename:
Description: Microsoft Windows NT/2k/XP TCP/IP name space provider
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: TCP/IP
Namespace Provider 7: NTDS
GUID: {3B2637EE-E580-11CF-A555-00C04FD8D4AC}
Filename: %SystemRoot%\System32\winrnr.dll
Description: Microsoft Windows NT/2k/XP name space provider
DB filename: %SystemRoot%\system32\winrnr.dll
DB protocol: NTDS
|
|
05.04.2011, 18:42
| #2 |
| /// Winkelfunktion /// TB-Süch-Tiger™   | Sicherheitscenter und Defender werden deaktiviert win7 Gibt es noch weitere Logs von Malwarebytes? Wenn ja bitte alle posten, die in Malwarebytes im Reiter Logdateien sichtbar sind.
__________________
__________________ |
Linear-Darstellung
