| |
| |||||||
Log-Analyse und Auswertung: Sperrung durch Bundespolizei (Cyber Crimes Unit)Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
30.03.2012, 18:52
| #1 |
| |  Sperrung durch Bundespolizei (Cyber Crimes Unit) Hallo zusammen, leider hat sich ein Bekannter die o.g. Malware eingefangen. Zwar habe ich einige Anleitungen zur Entfernung des Problems gefunden, da diese sich jedoch zum Teil widersprechen und ich hier die Empfehlung für individuelle Analyse fand, habe ich zunächst nicht eingegriffen. Symptome:
Weitere Anmerkungen:
Selbstverständlich sind wir für die hier angebotene Hilfe sehr dankbar! DDS.txt Code:
ATTFilter .
DDS (Ver_2011-08-26.01) - NTFSx86 NETWORK
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_29
Run by anonfool at 18:25:53 on 2012-03-30
Microsoft Windows 7 Professional 6.1.7601.1.1252.49.1031.18.3327.2869 [GMT 2:00]
.
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\Explorer.EXE
C:\Windows\system32\ctfmon.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Ipswitch\WS_FTP 12\WsftpCOMHelper.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://google.de/
uWindow Title = Windows Internet Explorer bereitgestellt von MSN
uURLSearchHooks: pdfforge Toolbar: {b922d405-6d13-4a2b-ae89-08a030da4402} - c:\program files\pdfforge toolbar\ie\5.1\pdfforgeToolbarIE.dll
uURLSearchHooks: UrlSearchHook Class: {00000000-6e41-4fd3-8538-502f5495e5fc} - c:\program files\ask.com\GenericAskToolbar.dll
uURLSearchHooks: Freeware.de Toolbar: {7e111a5c-3d11-4f56-9463-5310c3c69025} - c:\program files\freeware.de\prxtbFree.dll
mURLSearchHooks: Freeware.de Toolbar: {7e111a5c-3d11-4f56-9463-5310c3c69025} - c:\program files\freeware.de\prxtbFree.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\prxConduitEngine.dll
BHO: Freeware.de Toolbar: {7e111a5c-3d11-4f56-9463-5310c3c69025} - c:\program files\freeware.de\prxtbFree.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: pdfforge Toolbar: {b922d405-6d13-4a2b-ae89-08a030da4402} - c:\program files\pdfforge toolbar\ie\5.1\pdfforgeToolbarIE.dll
BHO: Softonic Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: Freeware.de Toolbar: {7e111a5c-3d11-4f56-9463-5310c3c69025} - c:\program files\freeware.de\prxtbFree.dll
TB: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\prxConduitEngine.dll
TB: Softonic Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: pdfforge Toolbar: {b922d405-6d13-4a2b-ae89-08a030da4402} - c:\program files\pdfforge toolbar\ie\5.1\pdfforgeToolbarIE.dll
uRun: [SJelite3Launch] c:\users\anonfool\appdata\roaming\transcend\sjelite3\SJelite3Launch.exe
uRun: [Winsplit] c:\program files\winsplit revolution\WinSplit.exe
uRun: [PCSpeedUp] c:\program files\pc beschleunigen\PCSpeedUp.lnk
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [KiesHelper] c:\program files\samsung\kies\KiesHelper.exe /s
uRun: [KiesPDLR] c:\program files\samsung\kies\external\firmwareupdate\KiesPDLR.exe
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
mRun: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe
mRun: [EvtMgr6] c:\program files\logitech\setpointp\SetPoint.exe /launchGaming
mRun: [Start WingMan Profiler] c:\program files\logitech\gaming software\LWEMon.exe /noui
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [MMTray] c:\program files\musicmatch\musicmatch jukebox\mm_tray.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [PDFPrint] c:\program files\pdf24\pdf24.exe
mRun: [ApnUpdater] "c:\program files\ask.com\updater\Updater.exe"
mRun: [EPSON PageSTM InboxIcon01] c:\program files\epson\istm3\pg\E_L20IC3.EXE
mRun: [KiesTrayAgent] c:\program files\samsung\kies\KiesTrayAgent.exe
mRun: [LexwareInfoService] c:\program files\common files\lexware\update manager\LxUpdateManager.exe /autostart
mRun: [<NO NAME>]
mRun: [SearchSettings] "c:\program files\common files\spigot\search settings\SearchSettings.exe"
StartupFolder: c:\users\anonfool\appdata\roaming\micros~1\windows\startm~1\programs\startup\audiov~1.lnk - e:\audioVolume.bat
StartupFolder: c:\users\anonfool\appdata\roaming\micros~1\windows\startm~1\programs\startup\mozill~1.lnk - c:\program files\mozilla thunderbird\thunderbird.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\google~1.lnk - c:\program files\google\google calendar sync\GoogleCalendarSync.exe
uPolicies-system: DisableTaskMgr = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
mPolicies-system: EnableLUA = 0 (0x0)
IE: Nach Microsoft &Excel exportieren - c:\progra~1\micros~1\office11\EXCEL.EXE/3000
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\windows\windowsmobile\INetRepl.dll
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\windows\windowsmobile\INetRepl.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~1\office11\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 192.168.0.1
TCP: Interfaces\{16431724-B950-4966-B70C-4454066221B7} : DhcpNameServer = 192.168.0.1
TCP: Interfaces\{89A9EE2A-2739-4B07-B5F3-F2DE7401FDD1} : DhcpNameServer = 192.168.0.1
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\anonfool\appdata\roaming\mozilla\firefox\profiles\jfhveehr.tmp\
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\canon\apu\npCCBPLFirefox.dll
FF - plugin: c:\program files\canon\zoombrowser ex\program\NPCIG.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft silverlight\4.1.10111.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
.
============= SERVICES / DRIVERS ===============
.
R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-14 48128]
R3 RRNetCapMP;RRNetCapMP;c:\windows\system32\drivers\rrnetcap.sys [2011-12-8 31848]
R3 RTL8187B;NETGEAR WG111v3 Wireless-G USB Adapter Win7 Driver;c:\windows\system32\drivers\wg111v3.sys [2011-10-31 376832]
R3 X10Hid;X10 Hid Device;c:\windows\system32\drivers\x10hid.sys [2011-1-25 13976]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\common files\adobe\arm\1.0\armsvc.exe [2012-1-3 63928]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-11-26 176128]
S2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files\avira\antivir desktop\sched.exe [2011-1-24 136360]
S2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2011-1-24 269480]
S2 Application Updater;Application Updater;c:\program files\application updater\ApplicationUpdater.exe [2012-3-4 748440]
S2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2011-1-24 66616]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-1-25 136176]
S3 amdkmdag;amdkmdag;c:\windows\system32\drivers\atikmdag.sys [2010-11-26 6650368]
S3 amdkmdap;amdkmdap;c:\windows\system32\drivers\atikmpag.sys [2010-11-26 231936]
S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW73.sys [2010-11-17 101392]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-14 229888]
S3 GigasetGenericUSB;GigasetGenericUSB;c:\windows\system32\drivers\GigasetGenericUSB.sys [2012-1-26 44032]
S3 gupdatem;Google Update-Dienst (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2011-1-25 136176]
S3 kncbda;KNC BDA DVB-C;c:\windows\system32\drivers\kncbda32.sys [2011-1-24 151040]
S3 netr28u;RT2870-USB-Drahtlos-LAN-Kartentreiber für Vista;c:\windows\system32\drivers\netr28u.sys [2009-6-10 657408]
S3 RRNetCap;RRNetCap Service;c:\windows\system32\drivers\rrnetcap.sys [2011-12-8 31848]
S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\drivers\ssadbus.sys [2012-2-12 121064]
S3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\drivers\ssadmdfl.sys [2012-2-12 12776]
S3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\drivers\ssadmdm.sys [2012-2-12 136808]
S3 StorSvc;Speicherdienst;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-14 20992]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-6-9 52224]
.
=============== Created Last 30 ================
.
2012-03-30 09:48:03 6582328 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{935c7f33-1fcb-4959-856d-5752a0536f27}\mpengine.dll
2012-03-28 17:36:05 -------- d-----w- c:\program files\Gigaset QuickSync
2012-03-27 04:26:07 -------- d-----w- C:\Office-Daten
2012-03-25 15:44:23 -------- d-----w- c:\program files\pdfforge Toolbar
2012-03-25 15:44:23 -------- d-----w- c:\program files\common files\Spigot
2012-03-25 15:44:23 -------- d-----w- c:\program files\Application Updater
2012-03-21 16:09:01 2300696 ----a-w- c:\programdata\microsoft\ehome\packages\mceclientux\updateablemarkup-2\markup.dll
2012-03-21 16:08:45 42776 ----a-w- c:\programdata\microsoft\ehome\packages\mceclientux\dsm-3\StartResources.dll
2012-03-21 16:00:46 -------- d-----w- C:\c47d15a4022baa1f1d30ff9b3e
2012-03-18 07:07:00 592824 ----a-w- c:\program files\mozilla firefox\gkmedias.dll
2012-03-18 07:07:00 44472 ----a-w- c:\program files\mozilla firefox\mozglue.dll
2012-03-14 15:41:47 2343424 ----a-w- c:\windows\system32\win32k.sys
2012-03-14 15:41:45 1077248 ----a-w- c:\windows\system32\DWrite.dll
2012-03-14 15:41:42 8192 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-03-14 15:41:42 58880 ----a-w- c:\windows\system32\rdpwsx.dll
2012-03-14 15:41:42 129536 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-03-14 15:41:38 826880 ----a-w- c:\windows\system32\rdpcore.dll
2012-03-14 15:41:38 24576 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2012-03-14 15:41:38 183808 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-03-14 15:34:10 3968368 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-03-14 15:34:09 3913584 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-03-13 05:39:50 -------- d-----w- C:\3cf249c1195da8ec5dcbaff2a3
2012-03-09 05:09:36 -------- d-----w- c:\program files\Amazon
2012-03-01 12:46:38 495616 ----a-w- c:\windows\system32\Gqstsp.tsp
2012-03-01 04:01:20 6582328 ----a-w- c:\programdata\microsoft\windows defender\definition updates\backup\mpengine.dll
.
==================== Find3M ====================
.
2012-03-22 18:25:08 16400 ----a-w- c:\windows\system32\drivers\LNonPnP.sys
2012-03-01 03:54:20 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-02-23 08:18:36 237072 ------w- c:\windows\system32\MpSigStub.exe
2012-01-31 17:15:50 4659712 ----a-w- c:\windows\system32\Redemption.dll
2012-01-31 17:15:44 90112 ----a-w- c:\windows\MAMCityDownload.ocx
2012-01-31 17:15:44 325552 ----a-w- c:\windows\MASetupCaller.dll
2012-01-31 17:15:44 30568 ----a-w- c:\windows\MusiccityDownload.exe
2012-01-31 17:15:42 821824 ----a-w- c:\windows\system32\dgderapi.dll
2012-01-14 17:20:05 698000 ----a-w- c:\windows\unins000.exe
2012-01-04 08:58:41 442880 ----a-w- c:\windows\system32\ntshrui.dll
2012-01-01 13:26:05 428088 ----a-w- c:\windows\system32\drivers\sptd.sys
2009-01-12 01:52:00 354304 ----a-w- c:\program files\traybackup.exe
.
============= FINISH: 18:26:10,19 ===============
|
| Themen zu Sperrung durch Bundespolizei (Cyber Crimes Unit) |
| acrobat update, adapter, administratorrechte, adobe, antivir, antivir guard, avg, avgnt, avira, bundespolizei, canon, conduit, defender, desktop, device driver, disabletaskmgr, explorer, firefox, ftp, gesperrt, google earth, malware, mozilla, mozilla thunderbird, national cyber crimes unit, netgear, pdfforge toolbar, plug-in, softonic, svchost.exe, system32, vista, windows, windows internet, windows7 |
Baum-Darstellung