| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Nach Bundestrojaner-Befall auch im Heimnetzwerk Funde auf anderem Rechner (Win32/Packed.Autoit.C.)Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
25.02.2012, 00:51
| #1 |
 |  Nach Bundestrojaner-Befall auch im Heimnetzwerk Funde auf anderem Rechner (Win32/Packed.Autoit.C.) Hallo liebes Trojaner-Board-Team, ich hatte neulich auf meinem Rechner den Bundestrojaner. Da das System eh schon ein wenig alt war und macken zeigte, hab ich es neu aufgesetzt. Da ich einige Daten per externer Platte gerettet habe, will ich sichergehen, das alles sicher ist. Und vor allem: Ich will sichergehen, dass der Rechner meiner Freundin sauber ist. Sind im selben Netzwerk daheim, aber eigentlich mit recht wenig Datenaustausch. Ich weiß, hierbei handelt es sich um 2 Anfragen, die ich nacheinander in 2 Threads angehen werde (oder darf ich es auch parallel in 2 verschiedenen Threads?). Zuerst will ich die Sicherheit des Systems auf dem Rechner meiner Freundin überprüfen. Also fang ich mal damit hier an: Rechnerkonfiguration: Win 7, 64bit System. Verwendeter Browser: Firefox Avira Antivir, Windows Firewall. Eigentlich sollten die Updates immer aktuell sein. Dazu das DDS-Log: Code:
ATTFilter .
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 8.0.7601.17514 BrowserJavaVersion: 1.6.0_26
Run by Lena at 1:05:27 on 2012-02-25
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.49.1031.18.4094.2282 [GMT 1:00]
.
AV: AntiVir Desktop *Enabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: AntiVir Desktop *Enabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe
c:\Program Files (x86)\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Windows\SysWOW64\svchost.exe -k Akamai
C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\Bonjour\mDNSResponder.exe
C:\Windows\system32\dlcccoms.exe
C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerSvc.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
C:\Windows\system32\conhost.exe
C:\Program Files (x86)\Packard Bell\Registration\GregHSRW.exe
C:\Program Files (x86)\NewTech Infosystems\Packard Bell MyBackup\IScheduleSvc.exe
C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerTray.exe
C:\Program Files\Packard Bell\Packard Bell Updater\UpdaterService.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\10.0.6\ToolbarUpdater.exe
C:\ProgramData\Macrovision\FLEXnet Connect\6\ISUSPM.exe
C:\Program Files (x86)\MP3 Skype Recorder\MP3 Skype Recorder.exe
C:\Users\Lena\AppData\Roaming\Genieo\Application\TrayUi\bin\gentray.exe
C:\Program Files (x86)\dradio-Recorder\phonostarTimer.exe
C:\Users\Lena\AppData\Local\Akamai\netsession_win.exe
C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe
C:\Users\Lena\AppData\Local\Akamai\netsession_win.exe
C:\Program Files (x86)\Java\jre6\bin\javaw.exe
C:\Program Files (x86)\NewTech Infosystems\Packard Bell MyBackup\BackupManagerTray.exe
C:\Users\Lena\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files (x86)\Launch Manager\LManager.exe
C:\Program Files (x86)\Video Web Camera\traybar.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerEvent.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\PDF24\pdf24.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Users\Lena\AppData\Roaming\Genieo\Application\Updater\bin\genupdater.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://isearch.avg.com/?cid={A66813C6-8045-4EE1-8D00-4984880458AC}&mid=fbab8f17d4f347d1816cd16f64732ad8-231a3b522ad0e08dd0b9e9955a773bfb3991f65e&lang=en&ds=tg028&pr=sa&d=2011-09-19 20:54:26&v=8.0.0.34&sap=hp
uDefault_Page_URL = hxxp://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0407&m=easynote_lj65&r=27360110q045l03f4z1j5f49m2t420
mDefault_Page_URL = hxxp://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0407&m=easynote_lj65&r=27360110q045l03f4z1j5f49m2t420
mStart Page = hxxp://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0407&m=easynote_lj65&r=27360110q045l03f4z1j5f49m2t420
uInternet Settings,ProxyOverride = *.local;127.0.0.1:9421;
mWinlogon: Userinit=userinit.exe
BHO: My Personal Homepage: {0538cf1c-8419-4800-adbb-0c00c799fda2} - C:\Users\Lena\AppData\Roaming\Genieo\Application\IEPlugins\bin\IEWrapper.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Windows Live Anmelde-Hilfsprogramm: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - C:\Program Files (x86)\AVG Secure Search\10.0.0.7\AVG Secure Search_toolbar.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO: FDMIECookiesBHO Class: {cc59e0f9-7e43-44fa-9faa-8377850bf205} - C:\Program Files (x86)\Free Download Manager\iefdm2.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - C:\Program Files (x86)\AVG Secure Search\10.0.0.7\AVG Secure Search_toolbar.dll
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
{e7df6bff-55a5-4eb7-a673-4ed3e9456d39}
uRun: [ISUSPM] "C:\ProgramData\Macrovision\FLEXnet Connect\6\ISUSPM.exe" -scheduler
uRun: [MP3 Skype Recorder] C:\Program Files (x86)\MP3 Skype Recorder\MP3 Skype Recorder.exe
uRun: [GenieoUpdaterService] "C:\Users\Lena\AppData\Roaming\Genieo\Application\Updater\bin\genupdater.exe" -wait 5
uRun: [GenieoSystemTray] "C:\Users\Lena\AppData\Roaming\Genieo\Application\TrayUi\bin\gentray.exe"
uRun: [dradio-RecorderTimer] C:\Program Files (x86)\dradio-Recorder\phonostarTimer.exe
uRun: [Akamai NetSession Interface] "C:\Users\Lena\AppData\Local\Akamai\netsession_win.exe"
mRun: [BackupManagerTray] "C:\Program Files (x86)\NewTech Infosystems\Packard Bell MyBackup\BackupManagerTray.exe" -h -k
mRun: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe
mRun: [Camera Assistant Software] "C:\Program Files (x86)\Video Web Camera\traybar.exe"
mRun: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"
mRun: [<NO NAME>]
mRun: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"
mRun: [AdobeCS4ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe"
mRun: [PDFPrint] C:\Program Files (x86)\PDF24\pdf24.exe
mRun: [ROC_roc_dec12] "C:\Program Files (x86)\AVG Secure Search\ROC_roc_dec12.exe" /PROMPT /CMPID=roc_dec12
mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
mRunOnce: [ Malwarebytes Anti-Malware ] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
StartupFolder: C:\Users\Lena\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Lena\AppData\Roaming\Dropbox\bin\Dropbox.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MCAFEE~1.LNK - C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\WISOME~1.LNK - C:\Program Files (x86)\WISO\Steuersoftware 2011\mshaktuell.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Alles mit FDM herunterladen - file://C:\Program Files (x86)\Free Download Manager\dlall.htm
IE: An vorhandene PDF-Datei anfügen - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Auswahl mit FDM herunterladen - file://C:\Program Files (x86)\Free Download Manager\dlselected.htm
IE: Datei mit FDM herunterladen - file://C:\Program Files (x86)\Free Download Manager\dllink.htm
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: In Adobe PDF konvertieren - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: Linkziel an vorhandene PDF-Datei anhängen - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Linkziel in Adobe PDF konvertieren - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Videos mit FDM herunterladen - file://C:\Program Files (x86)\Free Download Manager\dlfvideo.htm
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{510C11A6-9D61-4985-A9E7-A57CEAB5EC6E} : DhcpNameServer = 192.168.0.1
TCP: Interfaces\{55BD4753-1FE6-4011-95B1-AF1271D01FD0} : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{55BD4753-1FE6-4011-95B1-AF1271D01FD0}\64F4E4F51405 : DhcpNameServer = 192.168.182.1 192.168.182.1
TCP: Interfaces\{55BD4753-1FE6-4011-95B1-AF1271D01FD0}\64F4E4F54716374796373686 : DhcpNameServer = 192.168.182.1 192.168.182.1
TCP: Interfaces\{55BD4753-1FE6-4011-95B1-AF1271D01FD0}\94269637 : DhcpNameServer = 10.254.0.100 10.254.0.150
TCP: Interfaces\{55BD4753-1FE6-4011-95B1-AF1271D01FD0}\D49705C6163656 : DhcpNameServer = 192.168.10.1
TCP: Interfaces\{55BD4753-1FE6-4011-95B1-AF1271D01FD0}\F6B696 : DhcpNameServer = 192.168.1.1
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\MP3 Skype Recorder\Skype4Com.dll
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\10.0.6\ViProtocol.dll
AppInit_DLLs: acaptuser32.dll
{0538CF1C-8419-4800-ADBB-0C00C799FDA2}
{18DF081C-E8AD-4283-A596-FA578C2EBDC3}
BHO-X64: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
{9030D464-4C02-4ABF-8ECC-5164760863C6}
{95B7759C-8C7F-4BF1-B163-73684A933233}
{AE7CD045-E861-484f-8273-0445EE161910}
{CC59E0F9-7E43-44FA-9FAA-8377850BF205}
{DBC80044-A445-435b-BC74-9C25C1C588A9}
{F4971EE7-DAA0-4053-9964-665D8EE6A077}
{47833539-D0C5-4125-9FA8-0819E2EAAC93}
{95B7759C-8C7F-4BF1-B163-73684A933233}
TB-X64: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
mRun-x64: [BackupManagerTray] "C:\Program Files (x86)\NewTech Infosystems\Packard Bell MyBackup\BackupManagerTray.exe" -h -k
mRun-x64: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe
mRun-x64: [Camera Assistant Software] "C:\Program Files (x86)\Video Web Camera\traybar.exe"
mRun-x64: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"
mRun-x64: [(Standard)]
mRun-x64: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"
mRun-x64: [AdobeCS4ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe"
mRun-x64: [PDFPrint] C:\Program Files (x86)\PDF24\pdf24.exe
mRun-x64: [ROC_roc_dec12] "C:\Program Files (x86)\AVG Secure Search\ROC_roc_dec12.exe" /PROMPT /CMPID=roc_dec12
mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
mRunOnce-x64: [ Malwarebytes Anti-Malware ] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
AppInit_DLLs-X64: acaptuser32.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Lena\AppData\Roaming\Mozilla\Firefox\Profiles\2cxt9tat.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.startup.homepage - hxxp://www.dradio.de/dkultur/
FF - prefs.js: keyword.URL - chrome://browser-region/locale/region.properties
FF - component: C:\Program Files (x86)\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}\components\SkypeFfComponent.dll
FF - component: C:\Users\Lena\AppData\Roaming\Mozilla\Firefox\Profiles\2cxt9tat.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\components\RadioWMPCoreGecko19.dll
FF - component: C:\Users\Lena\AppData\Roaming\Mozilla\Firefox\Profiles\2cxt9tat.default\extensions\engine@conduit.com\components\RadioWMPCoreGecko19.dll
FF - plugin: C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Air\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
FF - plugin: C:\Program Files (x86)\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Win7codecs\rm\browser\plugins\nppl3260.dll
FF - plugin: C:\Program Files (x86)\Win7codecs\rm\browser\plugins\nprpjplug.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
.
---- FIREFOX POLICIES ----
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
============= SERVICES / DRIVERS ===============
.
R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 AAV UpdateService;AAV UpdateService;C:\Program Files (x86)\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe [2008-10-24 128296]
R2 AdobeActiveFileMonitor7.0;Adobe Active File Monitor V7;C:\Program Files (x86)\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe [2008-12-8 169312]
R2 Akamai;Akamai NetSession Interface;C:\Windows\System32\svchost.exe -k Akamai [2009-7-14 20992]
R2 AntiVirSchedulerService;Avira AntiVir Planer;C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [2010-1-12 136360]
R2 AntiVirService;Avira AntiVir Guard;C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [2010-1-12 269480]
R2 avgntflt;avgntflt;C:\Windows\system32\DRIVERS\avgntflt.sys --> C:\Windows\system32\DRIVERS\avgntflt.sys [?]
R2 ePowerSvc;Acer ePower Service;C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerSvc.exe [2009-10-24 844320]
R2 Greg_Service;GRegService;C:\Program Files (x86)\Packard Bell\Registration\GregHSRW.exe [2009-8-28 1150496]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-2-24 652360]
R2 NTI IScheduleSvc;NTI IScheduleSvc;C:\Program Files (x86)\NewTech Infosystems\Packard Bell MyBackup\IScheduleSvc.exe [2009-9-24 62720]
R2 Updater Service;Updater Service;C:\Program Files\Packard Bell\Packard Bell Updater\UpdaterService.exe [2009-10-24 240160]
R2 vToolbarUpdater;vToolbarUpdater;C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\10.0.6\ToolbarUpdater.exe [2012-1-23 909152]
R3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;C:\Windows\system32\DRIVERS\k57nd60a.sys --> C:\Windows\system32\DRIVERS\k57nd60a.sys [?]
R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]
R3 NETw5s64;Intel(R) Wireless WiFi Link Adaptertreiber für Windows 7 64-Bit;C:\Windows\system32\DRIVERS\NETw5s64.sys --> C:\Windows\system32\DRIVERS\NETw5s64.sys [?]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;C:\Windows\system32\drivers\nvhda64v.sys --> C:\Windows\system32\drivers\nvhda64v.sys [?]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-2-2 135664]
S2 HsfXAudioService;HsfXAudioService;C:\Windows\system32\svchost.exe -k HsfXAudioService [2009-7-14 20992]
S3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2010-3-7 1038088]
S3 gupdatem;Google Update-Dienst (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-2-2 135664]
S3 McComponentHostService;McAfee Security Scan Component Host Service;C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-1-15 227232]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\System32\drivers\RtsUStor.sys [2009-10-23 225280]
S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\system32\DRIVERS\VSTAZL6.SYS --> C:\Windows\system32\DRIVERS\VSTAZL6.SYS [?]
S3 SrvHsfV92;SrvHsfV92;C:\Windows\system32\DRIVERS\VSTDPV6.SYS --> C:\Windows\system32\DRIVERS\VSTDPV6.SYS [?]
S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\system32\DRIVERS\VSTCNXT6.SYS --> C:\Windows\system32\DRIVERS\VSTCNXT6.SYS [?]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 WatAdminSvc;Windows-Aktivierungstechnologieservice;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
.
=============== Created Last 30 ================
.
2012-02-24 21:25:38 -------- d-----w- C:\Program Files (x86)\ESET
2012-02-24 21:14:09 -------- d-----w- C:\Users\Lena\AppData\Roaming\Malwarebytes
2012-02-24 21:14:02 -------- d-----w- C:\ProgramData\Malwarebytes
2012-02-24 21:14:01 23152 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-02-24 21:14:01 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-02-24 20:19:10 8643640 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{44A1BB86-3EBB-444E-B2D9-F87E203CECFC}\mpengine.dll
2012-02-20 22:16:15 2560 ----a-w- C:\Windows\_MSRSTRT.EXE
2012-02-19 13:10:33 414368 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-02-19 13:10:23 -------- d-----w- C:\ProgramData\McAfee Security Scan
2012-02-19 13:10:19 -------- d-----w- C:\Program Files (x86)\McAfee Security Scan
2012-02-19 12:45:59 163328 ----a-w- C:\Program Files (x86)\Internet Explorer\ieproxy.dll
2012-02-19 12:45:56 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-02-19 12:45:56 1638912 ----a-w- C:\Windows\System32\mshtml.tlb
.
==================== Find3M ====================
.
2012-01-29 04:10:42 279656 ------w- C:\Windows\System32\MpSigStub.exe
2012-01-14 04:06:27 3145728 ----a-w- C:\Windows\System32\win32k.sys
2011-12-28 03:59:24 498688 ----a-w- C:\Windows\System32\drivers\afd.sys
2011-12-16 08:47:38 1188864 ----a-w- C:\Windows\System32\wininet.dll
2011-12-16 08:46:06 634880 ----a-w- C:\Windows\System32\msvcrt.dll
2011-12-16 07:54:22 981504 ----a-w- C:\Windows\SysWow64\wininet.dll
2011-12-16 07:52:58 690688 ----a-w- C:\Windows\SysWow64\msvcrt.dll
.
============= FINISH: 1:06:13,16 ===============
Code:
ATTFilter Malwarebytes Anti-Malware (Test) 1.60.1.1000 www.malwarebytes.org Datenbank Version: v2012.02.24.02 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 8.0.7601.17514 Lena :: NUMMER5 [Administrator] Schutz: Aktiviert 24.02.2012 22:15:30 mbam-log-2012-02-24 (22-15-30).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 188934 Laufzeit: 3 Minute(n), 54 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) Code:
ATTFilter
ESETSmartInstaller@High as downloader log:
all ok
ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=d96e79c357d769468a0b3b7b70455e81
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-02-24 11:36:48
# local_time=2012-02-25 12:36:48 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1797 16775165 100 100 6892 105012071 990 0
# compatibility_mode=5893 16776573 100 94 7957 81748957 0 0
# compatibility_mode=8192 67108863 100 0 3969 3969 0 0
# scanned=223101
# found=6
# cleaned=0
# scan_time=7521
C:\Program Files\Win7codecs\Tools\settings64.exe Win32/Packed.Autoit.C.Gen application (unable to clean) 00000000000000000000000000000000 I
C:\Program Files (x86)\Win7codecs\Tools\Settings32.exe Win32/Packed.Autoit.C.Gen application (unable to clean) 00000000000000000000000000000000 I
C:\ProgramData\Win7codecs\{CCA2B0AA-EC29-4792-816B-D396FA4168D3}\Win7codecs.msi Win32/Packed.Autoit.C.Gen application (unable to clean) 00000000000000000000000000000000 I
C:\Users\All Users\Win7codecs\{CCA2B0AA-EC29-4792-816B-D396FA4168D3}\Win7codecs.msi Win32/Packed.Autoit.C.Gen application (unable to clean) 00000000000000000000000000000000 I
C:\Users\Lena\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\31\7978919f-41c815a0 Java/TrojanDownloader.OpenStream.NCM trojan (unable to clean) 00000000000000000000000000000000 I
C:\Windows\Installer\b0129.msi Win32/Packed.Autoit.C.Gen application (unable to clean) 00000000000000000000000000000000 I
Soll ich nun nochmal Malwarebytes als vollständigen Scan laufen lassen? Ich dachte, ich warte nun auf Euch, nicht, dass ich was ungeschicktes mache. Ich würde mich sehr freuen, wenn ihr mir dabei helft! ahhh, merke jetzt erst, dass ich mich gedanklich vertan habe. Meine für die Überschrift natürlich nicht Bundestrojaner, sondern BKA-Trojaner  Würde mich sehr freuen, wenn mir jemand hilft. Vielen Dank schonmal im vorraus! Viele Grüße Tobi |
| Themen zu Nach Bundestrojaner-Befall auch im Heimnetzwerk Funde auf anderem Rechner (Win32/Packed.Autoit.C.) |
| 64-bit, antivir, appdata, avg secure search, avg security toolbar, bericht, browser, cache, code, dateisystem, downloader, escan, fehlalarm, folge, frage, fragen, free download, google earth, heuristiks/extra, heuristiks/shuriken, java, java/trojandownloader.openstream.ncm, log, malwarebytes, netzwerk, onlinescan, packard bell, plug-in, rechner, roc_roc_dec12, secure search, security scan, service, sicherheit, system, tools, updates, version, vtoolbarupdater, win32/packed.autoit.c.gen, windows, windows 7 64-bit, windows 7 home, windows 7 home premium |
Baum-Darstellung