Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   Windows Defender meldet sich dauernd (https://www.trojaner-board.de/86137-windows-defender-meldet-dauernd.html)

rocknblues 15.05.2010 22:00
Windows Defender meldet sich dauernd
 
Hallo zusammen :daumenhoc

Ich habe ein Problem mit dem Windows Defender.

Etwa alle 20 Minuten kommt vom Windows Defender folgende Meldung:
windows defender has finished downloading the update.
please click OK to finish the updating process.

Danach meldet sich die Benutzerkontensteuerung mit folgenden worten:
Möchten sie zulassen, dass durch das folgende Programm Änderungen an diesem Computer vorgenommen werden.
Programmname: Windows Hostprozess (rundll32)
Herausgeber: Microsoft Windows

Wenn ich dann auf OK klicke passiert nichts. Zumindest nichts sichtbares.

Ich bin mir jetzt nicht sicher, ob ich irgendetwas falsch eingestellt habe oder ob ich mir was böses eingefangen habe.

Awira AntiVir Personal ist installiert (zeigte bei der letzten Prüfung nichts verdächtiges an)
Windows Firewall ist aktiviert
Windows Defender ist aktiviert (Die erwähnte Meldung erscheint auch wenn er deaktiviert ist)

Betriebssysthem: Windows 7 Home Premium 32-bit

1. CCleaner habe ich laut Anleitung des Forums ausgeführt.

2. Malwarebytes habe ich auch laut Anleitung ausgeführt.
Hier das Logfile
Zitat:
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Datenbank Version: 4104

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

15.05.2010 22:12:14
mbam-log-2010-05-15 (22-12-14).txt

Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 116583
Laufzeit: 6 Minute(n), 11 Sekunde(n)

Infizierte Speicherprozesse: 1
Infizierte Speichermodule: 2
Infizierte Registrierungsschlüssel: 3
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 2
Infizierte Verzeichnisse: 2
Infizierte Dateien: 62

Infizierte Speicherprozesse:
C:\Users\rocknblues\AppData\Roaming\SystemProc\lsass.exe (Trojan.Tracur) -> Unloaded process successfully.

Infizierte Speichermodule:
C:\Users\rocknblues\AppData\Roaming\1F50.tmp (Trojan.Tracur) -> Delete on reboot.
C:\ProgramData\diskcopy32.dll (Trojan.Tracur) -> Delete on reboot.

Infizierte Registrierungsschlüssel:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02c621e5-d073-4b1a-a490-fead88f4a026} (Trojan.BHO.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{02c621e5-d073-4b1a-a490-fead88f4a026} (Trojan.BHO.H) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{02c621e5-d073-4b1a-a490-fead88f4a026} (Trojan.Tracur) -> Quarantined and deleted successfully.

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Tracur) -> Data: c:\windows\system32\ctl3d3232.dll -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Tracur) -> Data: system32\ctl3d3232.dll -> Delete on reboot.

Infizierte Verzeichnisse:
C:\ProgramData\1788690071 (Rogue.SecurityTool) -> Quarantined and deleted successfully.
C:\Users\rocknblues\AppData\Roaming\SystemProc (Trojan.Agent) -> Quarantined and deleted successfully.

Infizierte Dateien:
C:\ProgramData\diskcopy32.dll (Trojan.BHO.H) -> Delete on reboot.
C:\Users\rocknblues\AppData\Roaming\1F50.tmp (Trojan.Tracur) -> Delete on reboot.
C:\Users\rocknblues\AppData\Roaming\SystemProc\lsass.exe (Trojan.Tracur) -> Delete on reboot.
C:\ProgramData\asycfilt32.dll (Trojan.Tracur) -> Quarantined and deleted successfully.
C:\ProgramData\AudioSes32.dll (Trojan.Tracur) -> Quarantined and deleted successfully.
C:\ProgramData\C_ISCII32.dll (Trojan.Tracur) -> Quarantined and deleted successfully.
C:\ProgramData\d3d10warp32.dll (Trojan.Tracur) -> Quarantined and deleted successfully.
C:\ProgramData\d3d1132.dll (Trojan.Tracur) -> Quarantined and deleted successfully.
C:\ProgramData\dbghelp32.dll (Trojan.Tracur) -> Quarantined and deleted successfully.
C:\ProgramData\dciman3232.dll (Trojan.Tracur) -> Quarantined and deleted successfully.
C:\ProgramData\defaultlocationcpl32.dll (Trojan.Tracur) -> Quarantined and deleted successfully.
C:\ProgramData\DeviceDisplayStatusManager32.dll (Trojan.Tracur) -> Quarantined and deleted successfully.
C:\ProgramData\DevicePairing32.dll (Trojan.Tracur) -> Quarantined and deleted successfully.
C:\ProgramData\devobj32.dll (Trojan.Tracur) -> Quarantined and deleted successfully.
C:\ProgramData\dfdts32.dll (Trojan.Tracur) -> Quarantined and deleted successfully.
C:\ProgramData\DfsShlEx32.dll (Trojan.Tracur) -> Quarantined and deleted successfully.
C:\ProgramData\dhcpcsvc632.dll (Trojan.Tracur) -> Quarantined and deleted successfully.
C:\ProgramData\difxapi32.dll (Trojan.Tracur) -> Quarantined and deleted successfully.
C:\ProgramData\Display32.dll (Trojan.Tracur) -> Quarantined and deleted successfully.
C:\ProgramData\AzSqlExt32.dll (Trojan.Tracur) -> Quarantined and deleted successfully.
C:\ProgramData\blb_ps32.dll (Trojan.Tracur) -> Quarantined and deleted successfully.
C:\ProgramData\BOOTVID32.dll (Trojan.Tracur) -> Quarantined and deleted successfully.
C:\ProgramData\bridgeres32.dll (Trojan.Tracur) -> Quarantined and deleted successfully.
C:\ProgramData\BthpanContextHandler32.dll (Trojan.Tracur) -> Quarantined and deleted successfully.
C:\ProgramData\BWContextHandler32.dll (Trojan.Tracur) -> Quarantined and deleted successfully.
C:\ProgramData\cabview32.dll (Trojan.Tracur) -> Quarantined and deleted successfully.
C:\ProgramData\cca32.dll (Trojan.Tracur) -> Quarantined and deleted successfully.
C:\ProgramData\CertEnroll32.dll (Trojan.Tracur) -> Quarantined and deleted successfully.
C:\ProgramData\cfgmgr3232.dll (Trojan.Tracur) -> Quarantined and deleted successfully.
C:\ProgramData\divx_xx0732.dll (Trojan.Tracur) -> Quarantined and deleted successfully.
C:\ProgramData\dmdskmgr32.dll (Trojan.Tracur) -> Quarantined and deleted successfully.
C:\ProgramData\dmocx32.dll (Trojan.Tracur) -> Quarantined and deleted successfully.
C:\ProgramData\dmsynth32.dll (Trojan.Tracur) -> Quarantined and deleted successfully.
C:\ProgramData\ds16gt32.dll (Trojan.Tracur) -> Quarantined and deleted successfully.
C:\ProgramData\dsdmo32.dll (Trojan.Tracur) -> Quarantined and deleted successfully.
C:\Windows\System32\cscapi32.dll (Trojan.Tracur) -> Quarantined and deleted successfully.
C:\Windows\System32\csrsrv32.dll (Trojan.Tracur) -> Quarantined and deleted successfully.
C:\Windows\System32\d3d1032.dll (Trojan.Tracur) -> Quarantined and deleted successfully.
C:\Windows\System32\dot3api32.dll (Trojan.Tracur) -> Quarantined and deleted successfully.
C:\Windows\System32\dot3gpclnt32.dll (Trojan.Tracur) -> Quarantined and deleted successfully.
C:\Users\rocknblues\AppData\Local\Temp\1014.tmp (Trojan.Tracur) -> Quarantined and deleted successfully.
C:\Users\rocknblues\AppData\Local\Temp\12F4.tmp (Trojan.Tracur) -> Quarantined and deleted successfully.
C:\Users\rocknblues\AppData\Local\Temp\1995.tmp (Trojan.Tracur) -> Quarantined and deleted successfully.
C:\Users\rocknblues\AppData\Local\Temp\1E24.tmp (Trojan.Tracur) -> Quarantined and deleted successfully.
C:\Users\rocknblues\AppData\Local\Temp\2297.tmp (Trojan.Tracur) -> Quarantined and deleted successfully.
C:\Users\rocknblues\AppData\Local\Temp\27B2.tmp (Trojan.Tracur) -> Quarantined and deleted successfully.
C:\Users\rocknblues\AppData\Local\Temp\2E09.tmp (Trojan.Tracur) -> Quarantined and deleted successfully.
C:\Users\rocknblues\AppData\Local\Temp\33A4.tmp (Trojan.Tracur) -> Quarantined and deleted successfully.
C:\Users\rocknblues\AppData\Local\Temp\362D.tmp (Trojan.Tracur) -> Quarantined and deleted successfully.
C:\Users\rocknblues\AppData\Local\Temp\36DC.tmp (Trojan.Tracur) -> Quarantined and deleted successfully.
C:\Users\rocknblues\AppData\Local\Temp\3AB3.tmp (Trojan.Tracur) -> Quarantined and deleted successfully.
C:\Users\rocknblues\AppData\Local\Temp\3EE.tmp (Trojan.Tracur) -> Quarantined and deleted successfully.
C:\Users\rocknblues\AppData\Local\Temp\4E71.tmp (Trojan.Tracur) -> Quarantined and deleted successfully.
C:\Users\rocknblues\AppData\Local\Temp\5BB.tmp (Trojan.Tracur) -> Quarantined and deleted successfully.
C:\Users\rocknblues\AppData\Local\Temp\5DF8.tmp (Trojan.Tracur) -> Quarantined and deleted successfully.
C:\Users\rocknblues\AppData\Local\Temp\6049.tmp (Trojan.Tracur) -> Quarantined and deleted successfully.
C:\Users\rocknblues\AppData\Local\Temp\66DD.tmp (Trojan.Tracur) -> Quarantined and deleted successfully.
C:\Users\rocknblues\AppData\Local\Temp\6C4.tmp (Trojan.Tracur) -> Quarantined and deleted successfully.
C:\Users\rocknblues\AppData\Local\Temp\F138.tmp (Trojan.Tracur) -> Quarantined and deleted successfully.
C:\Users\rocknblues\AppData\Local\Temp\FB04.tmp (Trojan.Tracur) -> Quarantined and deleted successfully.
C:\Users\rocknblues\AppData\Local\Temp\FEAC.tmp (Trojan.Tracur) -> Quarantined and deleted successfully.
C:\Users\rocknblues\AppData\Roaming\SystemProc\upd.exe (Trojan.Agent) -> Delete on reboot.
3. Random´s System Information, lässt sich nicht ausführen.
Wärend des Scan Vorgang´s, kommt folgende Meldung:
Line 2563 (File "C:\ro***es\Documents\ Downloads\RSIT.exe
Error: Variable used without being declared.

rocknblues 15.05.2010 22:33
hier noch das Logfile von HijackThis:

Zitat:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:41:03, on 14.05.2010
Platform: Unknown Windows (WinNT 6.01.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\BearShare Applications\MediaBar\DataMngr\DataMngrUI.exe
C:\Users\rocknblues\AppData\Roaming\SystemProc\lsass.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\Program Files\Adobe\Reader 9.0\Reader\AcroRd32.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\FrostWire\FrostWire.exe
C:\Program Files\eMule\emule.exe
C:\Users\rocknblues\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\rocknblues\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.bearshare.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: (no name) - {02C621E5-D073-4B1A-A490-FEAD88F4A026} - C:\ProgramData\DevicePairingHandler32.dll
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: MediaBar - {0974BA1E-64EC-11DE-B2A5-E43756D89593} - C:\Program Files\BearShare Applications\MediaBar\ToolBar\BearshareMediabarDx.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: UrlHelper Class - {74322BF9-DF26-493f-B0DA-6D2FC5E6429E} - C:\Program Files\BearShare Applications\MediaBar\DataMngr\IEBHO.dll
O2 - BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: MediaBar - {0974BA1E-64EC-11DE-B2A5-E43756D89593} - C:\Program Files\BearShare Applications\MediaBar\ToolBar\BearshareMediabarDx.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [DataMngr] C:\PROGRA~1\BEARSH~1\MediaBar\DataMngr\DataMngrUI.exe
O4 - HKLM\..\Run: [RTHDBPL] C:\Users\rocknblues\AppData\Roaming\SystemProc\lsass.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [Google Update] "C:\Users\rocknblues\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETZWERKDIENST')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O9 - Extra button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: HP Smart Web Printing ein- oder ausblenden - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O13 - Gopher Prefix:
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O20 - AppInit_DLLs: C:\PROGRA~1\BEARSH~1\MediaBar\DataMngr\datamngr.dll C:\PROGRA~1\Google\GOOGLE~1\GO36F4~1.DLL,C:\Windows\system32\ctl3d3232.dll
O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Google Desktop Manager 5.9.911.3589 (GoogleDesktopManager-110309-193829) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: @C:\Program Files\Nero\Update\NASvc.exe,-200 (NAUpdate) - Nero AG - C:\Program Files\Nero\Update\NASvc.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: @%SystemRoot%\System32\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software - C:\Windows\System32\TuneUpDefragService.exe
O23 - Service: @%SystemRoot%\System32\TUProgSt.exe,-1 (TuneUp.ProgramStatisticsSvc) - TuneUp Software - C:\Windows\System32\TUProgSt.exe

--
End of file - 7102 bytes

rocknblues 16.05.2010 16:44
Weis wirklich niemand woran das liegen könnte?

Tut mir leid, dass ich so drängle aber ich bin schon ganz verzweifelt.


Alle Zeitangaben in WEZ +1. Es ist jetzt 17:35 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131