|
Trojaner legt Virenprogramme lahm, verhindert Installation mbam-setup.exe http://www.trojaner-board.de/81119-t...bam-setup.html Gleiches Problem mit Bitte um schnellstmögliche Hilfe; Vielen Dank im Voraus!!!! Logfile of random's system information tool 1.06 (written by random/random) Run by lili at 2010-01-05 09:30:15 Microsoft Windows XP Professional Service Pack 3 System drive C: has 325 GB (98%) free of 333 GB Total RAM: 2047 MB (82% free) Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 09:30:23, on 05.01.2010 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Safe mode with network support Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\Explorer.EXE C:\Programme\Lavasoft\Ad-Aware\AAWService.exe C:\Programme\Lavasoft\Ad-Aware\AAWTray.exe C:\WINDOWS\system32\ctfmon.exe C:\Programme\Mozilla Firefox\firefox.exe C:\Dokumente und Einstellungen\lili\Eigene Dateien\Downloads\RSIT.exe C:\Programme\trend micro\lili.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.de/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 F2 - REG:system.ini: UserInit=userinit.exe, O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programme\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programme\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [Windows Defender] "C:\Programme\Windows-Defender\MmSASCui.exe" O4 - HKLM\..\Run: [AntiVir] "C:\Windows\Tmp\Avira.bat" O4 - HKLM\..\Run: [WindowsXP] "C:\Windows\Taskman.exe" /min O4 - HKLM\..\Run: [Ad-Watch] C:\Programme\Lavasoft\Ad-Aware\AAWTray.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Programme\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [vgt] "C:\DOKUME~1\lili\LOKALE~1\Temp\vgt.exe" O4 - HKCU\..\Run: [settdebugx.exe] C:\DOKUME~1\lili\LOKALE~1\Temp\settdebugx.exe O4 - HKCU\..\Run: [Malware Defense] "C:\Programme\Malware Defense\mdefense.exe" -noscan O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKALER DIENST') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETZWERKDIENST') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Startup: OpenOffice.org 3.0.lnk = C:\Programme\OpenOffice.org 3\program\quickstart.exe O4 - Global Startup: GA311 Smart Wizard Utility.lnk = C:\Programme\NETGEAR GA311 Adapter\GA311.exe O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programme\Java\jre6\bin\jqs.exe O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Programme\Lavasoft\Ad-Aware\AAWService.exe -- End of file - 3866 bytes ======Scheduled tasks folder====== C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job ======Registry dump====== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}] Adobe PDF Link Helper - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2008-06-11 75128] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}] Java(tm) Plug-In 2 SSV Helper - C:\Programme\Java\jre6\bin\jp2ssv.dll [2010-01-04 41760] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}] JQSIEStartDetectorImpl Class - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2010-01-04 73728] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "Adobe Reader Speed Launcher"=C:\Programme\Adobe\Reader 9.0\Reader\Reader_sl.exe [2008-06-12 34672] "SunJavaUpdateSched"=C:\Programme\Java\jre6\bin\jusched.exe [2010-01-04 149280] "Windows Defender"=C:\Programme\Windows-Defender\MmSASCui.exe [] "AntiVir"=C:\Windows\Tmp\Avira.bat [] "WindowsXP"=C:\Windows\Taskman.exe [2008-04-14 15872] "Ad-Watch"=C:\Programme\Lavasoft\Ad-Aware\AAWTray.exe [2010-01-04 520024] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360] "MSMSGS"=C:\Programme\Messenger\msmsgs.exe [2008-04-14 1695232] "UpData"= [] "BD"= [] "vgt"=C:\DOKUME~1\lili\LOKALE~1\Temp\vgt.exe [] "settdebugx.exe"=C:\DOKUME~1\lili\LOKALE~1\Temp\settdebugx.exe [] "Malware Defense"=C:\Programme\Malware Defense\mdefense.exe -noscan [] C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart GA311 Smart Wizard Utility.lnk - C:\Programme\NETGEAR GA311 Adapter\GA311.exe C:\Dokumente und Einstellungen\lili\Startmenü\Programme\Autostart OpenOffice.org 3.0.lnk - C:\Programme\OpenOffice.org 3\program\quickstart.exe [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon] C:\WINDOWS\system32\WgaLogon.dll [2009-03-10 265096] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Lavasoft Ad-Aware Service] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoDriveTypeAutoRun"=145 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "HonorAutoRunSetting"= [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" ======List of files/folders created in the last 1 months====== 2010-01-05 09:30:16 ----D---- C:\Programme\trend micro 2010-01-05 09:30:15 ----D---- C:\rsit 2010-01-05 08:48:53 ----D---- C:\WINDOWS\LastGood.Tmp 2010-01-04 14:45:22 ----D---- C:\Dokumente und Einstellungen\lili\Anwendungsdaten\Mozilla 2010-01-04 14:45:11 ----D---- C:\Programme\Mozilla Firefox 2010-01-04 14:13:02 ----A---- C:\WINDOWS\system32\lsdelete.exe 2010-01-04 14:06:59 ----DC---- C:\WINDOWS\system32\DRVSTORE 2010-01-04 13:34:36 ----HDC---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{83C91755-2546-441D-AC40-9A6B4B860800} 2010-01-04 13:34:32 ----D---- C:\Programme\Lavasoft 2010-01-04 13:34:32 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Lavasoft 2010-01-04 13:30:43 ----D---- C:\_OTM 2010-01-04 13:24:38 ----D---- C:\VundoFix Backups 2010-01-04 13:24:38 ----A---- C:\VundoFix.txt 2010-01-04 13:23:15 ----SHD---- C:\WINDOWS\CSC 2010-01-04 12:38:24 ----D---- C:\Programme\Spybot - Search & Destroy 2010-01-04 12:38:24 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy 2010-01-04 12:06:09 ----A---- C:\WINDOWS\system32\javaws.exe 2010-01-04 12:06:09 ----A---- C:\WINDOWS\system32\javaw.exe 2010-01-04 12:06:09 ----A---- C:\WINDOWS\system32\java.exe 2010-01-04 12:06:09 ----A---- C:\WINDOWS\system32\deploytk.dll 2010-01-04 12:05:17 ----D---- C:\WINDOWS\ie8updates 2010-01-04 12:03:46 ----HDC---- C:\WINDOWS\ie8 2010-01-04 11:47:49 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes 2010-01-04 11:47:48 ----D---- C:\Programme\Malwarebytes' Anti-Malware 2009-12-30 14:35:55 ----A---- C:\WINDOWS\system32\krl32mainweq.dll 2009-12-30 14:34:41 ----A---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\sysReserve.ini 2009-12-10 17:58:19 ----HDC---- C:\WINDOWS\$NtUninstallKB970430$ 2009-12-10 17:58:15 ----HDC---- C:\WINDOWS\$NtUninstallKB974318$ 2009-12-10 17:58:11 ----HDC---- C:\WINDOWS\$NtUninstallKB973904$ 2009-12-10 17:57:50 ----HDC---- C:\WINDOWS\$NtUninstallKB974392$ 2009-12-10 17:57:44 ----HDC---- C:\WINDOWS\$NtUninstallKB971737$ ======List of files/folders modified in the last 1 months====== 2010-01-05 09:30:16 ----RD---- C:\Programme 2010-01-05 09:27:06 ----D---- C:\WINDOWS\Temp 2010-01-05 09:27:06 ----D---- C:\WINDOWS\Debug 2010-01-05 09:27:06 ----D---- C:\WINDOWS 2010-01-05 09:03:42 ----D---- C:\WINDOWS\system32 2010-01-05 08:48:59 ----HD---- C:\WINDOWS\inf 2010-01-05 08:48:57 ----RSHDC---- C:\WINDOWS\system32\dllcache 2010-01-05 08:48:53 ----HD---- C:\WINDOWS\$hf_mig$ 2010-01-05 08:48:52 ----D---- C:\WINDOWS\system32\CatRoot2 2010-01-04 14:18:25 ----D---- C:\WINDOWS\Prefetch 2010-01-04 14:07:02 ----SD---- C:\WINDOWS\Tasks 2010-01-04 14:07:00 ----D---- C:\WINDOWS\system32\drivers 2010-01-04 13:34:35 ----SHD---- C:\WINDOWS\Installer 2010-01-04 12:10:33 ----D---- C:\WINDOWS\system32\de-de 2010-01-04 12:10:33 ----D---- C:\WINDOWS\Media 2010-01-04 12:10:33 ----D---- C:\WINDOWS\Help 2010-01-04 12:10:33 ----D---- C:\Programme\Internet Explorer 2010-01-04 12:05:44 ----D---- C:\Programme\Java 2010-01-04 12:01:42 ----D---- C:\WINDOWS\system32\CatRoot 2010-01-04 09:00:07 ----D---- C:\WINPRAX1 2009-12-11 10:04:28 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI 2009-12-10 17:57:56 ----D---- C:\WINDOWS\ie7updates ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R3 HDAudBus;Microsoft UAA-Bustreiber für High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-14 144384] R3 HDAudBus;Microsoft UAA-Bustreiber für High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-14 144384] R3 RTL8023;NETGEAR GA311 Gigabit Adapter NDIS Driver; C:\WINDOWS\system32\DRIVERS\GA311ND5.SYS [2003-12-25 67456] R3 usbehci;Miniporttreiber für erweiterten Microsoft USB 2.0-Hostcontroller; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-14 30208] R3 usbhub;USB2-aktivierter Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-14 59520] R3 usbstor;USB-Massenspeichertreiber; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368] R3 usbuhci;Miniporttreiber für universellen Microsoft USB-Hostcontroller; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-14 20608] S1 intelppm;Intel-Prozessortreiber; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40448] S2 LANPkt;Realtek LANPkt Protocol; C:\WINDOWS\system32\DRIVERS\LANPkt.sys [2003-12-25 8440] S3 Arp1394;1394-ARP-Clientprotokoll; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-14 60800] S3 Diag69xp;Diag69xp; C:\WINDOWS\System32\Drivers\Diag69xp.sys [2003-12-25 11237] S3 NIC1394;1394-Netzwerktreiber; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-14 61824] S3 usbprint;Microsoft USB-Druckerklasse; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-14 25856] S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys [] ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service; C:\Programme\Lavasoft\Ad-Aware\AAWService.exe [2010-01-04 1028432] S2 JavaQuickStarterService;Java Quick Starter; C:\Programme\Java\jre6\bin\jqs.exe [2010-01-04 153376] S4 WinDefend;Speicher Reserve; C:\Programme\Reserve Speicher\MMsMpEng.exe [] -----------------EOF----------------- |
Hallo und :hallo: Zitat:
|
Mein Tipp auch an dich, Lade Malwarebytes herunter und ändere den Namen, versuche dann es zu installieren. Nach der Installation geh in den Installationsordner und benenne dort ebenfalls die mbam.exe um. z.b in run.exe Danach müsste sich das Programm starten lassen |
Aber bitte zuerst das Log von RSIT im normalen Modus posten! |
| Alle Zeitangaben in WEZ +1. Es ist jetzt 02:12 Uhr. |
Copyright ©2000-2025, Trojaner-Board