![]() |
|
Log-Analyse und Auswertung: Support bei Auswertung DDS und CombofixWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
![]() | #1 |
| ![]() Support bei Auswertung DDS und Combofix Liebe Analysten, nach einem Rootkit-Virenbefall und der folgenden augenscheinlich möglicherweise erfolgreichen Bereinigungsversuche mittels Combofix, CCleaner und Malwarebytes bitte ich um eure Auswertung der DDS, Attach und Combofix Logs. Mein System ist Win7 Home x64. Im folgenden findet ihr DDS.txt sowie im Anhang Attach.txt und Combofix.txt, mit der Bitte um eure Auswertung. Danke, -- .DDS Logfile: Code:
ATTFilter DDS (Ver_2011-08-26.01) - NTFSAMD64 Internet Explorer: 9.0.8112.16421 Run by Patric at 13:25:03 on 2012-03-04 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.49.1031.18.6143.3960 [GMT 1:00] . AV: COMODO Antivirus *Enabled/Updated* {A7500527-8708-6548-7035-7F679C5FCEA5} SP: COMODO Defense+ *Enabled/Updated* {1C31E4C3-A132-6AC6-4A85-4415E7D88418} SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} FW: COMODO Firewall *Enabled* {9F6B8402-CD67-6410-5B6A-D652628C89DE} . ============== Running Processes =============== . C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\nvvsvc.exe C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe C:\Windows\system32\svchost.exe -k RPCSS C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k LocalService C:\Program Files (x86)\ASUS\ATK Hotkey\ASLDRSrv.exe C:\Program Files\ATKGFNEX\GFNEXSrv.exe C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe C:\Windows\System32\svchost.exe -k HPZ12 C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe C:\Windows\System32\svchost.exe -k HPZ12 C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Windows\system32\svchost.exe -k imgsvc C:\Program Files (x86)\ASUS\Turbo Gear Enhanced VGA Driver\WBVGAservice.exe C:\Windows\System32\svchost.exe -k secsvcs C:\Program Files (x86)\ASUS\Turbo Gear Enhanced VGA Driver\wbctlvga.exe C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe C:\Program Files (x86)\ASUS\SmartLogon\smartlogon.exe C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe C:\Windows\system32\nvvsvc.exe C:\Windows\system32\svchost.exe -k bthsvcs C:\Windows\system32\taskhost.exe C:\Windows\system32\taskeng.exe C:\Windows\system32\Dwm.exe C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe C:\Program Files (x86)\ASUS\Splendid\ACMON.exe C:\Program Files (x86)\ASUS\ControlDeck\ControlDeckStartUp.exe C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe C:\Windows\Explorer.EXE C:\Program Files (x86)\ASUS\Turbo Gear Enhanced VGA Driver\wbctlvga.exe C:\Windows\System32\rundll32.exe C:\Program Files (x86)\ASUS\ATK Hotkey\HControl.exe C:\Windows\SysWOW64\ACEngSvr.exe C:\Program Files (x86)\ASUS\ATK Hotkey\ATKOSD.exe C:\Program Files (x86)\ASUS\ATK Hotkey\WDC.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Windows\System32\rundll32.exe C:\Program Files\COMODO\COMODO Internet Security\cfp.exe C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe C:\Program Files\NVIDIA Corporation\Display\nvtray.exe C:\Program Files\Synaptics\SynTP\SynTPHelper.exe C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe C:\Program Files (x86)\Creative\SB Audigy\Volume Panel\VolPanlu.exe C:\Program Files (x86)\Logitech Maus RX 250\SetPoint.exe C:\Program Files (x86)\Logitech Maus RX 250\x86\SetPoint32.exe C:\Program Files (x86)\asus\VirtualCamera\VirCamWS.exe C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE C:\Windows\system32\svchost.exe -k HPService C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Windows\system32\svchost.exe -k SDRSVC C:\Windows\System32\svchost.exe -k LocalServicePeerNet C:\Program Files (x86)\Mozilla Firefox\firefox.exe C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe C:\Users\Patric\Downloads\Defogger.exe C:\Windows\system32\conhost.exe C:\Windows\system32\DllHost.exe C:\Windows\system32\DllHost.exe C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\conhost.exe C:\Windows\SysWOW64\cscript.exe C:\Windows\system32\wbem\wmiprvse.exe . ============== Pseudo HJT Report =============== . BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File {555d4d79-4bd2-4094-a395-cfc534424a05} uRun: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe mRun: [HControlUser] C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe mRun: [ATKOSD2] C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe mRun: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe mRun: [VolPanel] "C:\Program Files (x86)\Creative\SB Audigy\Volume Panel\VolPanlu.exe" /r mRun: [SpybotSnD] "C:\Program Files (x86)\Spybot - Search & Destroy\SpybotSD.exe" StartupFolder: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk.disabled StartupFolder: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk.disabled StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\LOGITE~1.LNK - C:\Program Files (x86)\Logitech Maus RX 250\SetPoint.exe mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5) mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) mPolicies-system: PromptOnSecureDesktop = 0 (0x0) TCP: DhcpNameServer = 192.168.1.1 TCP: Interfaces\{7F34F862-3E66-4BD9-8CED-B71B46FFBF4A} : DhcpNameServer = 192.168.1.1 TCP: Interfaces\{7F34F862-3E66-4BD9-8CED-B71B46FFBF4A}\359454D454E435 : DhcpNameServer = 192.168.0.1 TCP: Interfaces\{7F34F862-3E66-4BD9-8CED-B71B46FFBF4A}\3656C6562627964797D277966696 : DhcpNameServer = 172.24.1.9 TCP: Interfaces\{7F34F862-3E66-4BD9-8CED-B71B46FFBF4A}\4656661657C647 : DhcpNameServer = 192.168.1.1 TCP: Interfaces\{7F34F862-3E66-4BD9-8CED-B71B46FFBF4A}\74C6F62616C6355796475675962756C6563737 : DhcpNameServer = 4.2.2.1 TCP: Interfaces\{7F34F862-3E66-4BD9-8CED-B71B46FFBF4A}\E4544574541425 : DhcpNameServer = 192.168.0.1 AppInit_DLLs: C:\Windows\SysWOW64\guard32.dll {53707962-6F74-2D53-2644-206D7942484F} TB-X64: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File EB-X64: {555D4D79-4BD2-4094-A395-CFC534424A05} - No File mRun-x64: [HControlUser] C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe mRun-x64: [ATKOSD2] C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe mRun-x64: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe mRun-x64: [VolPanel] "C:\Program Files (x86)\Creative\SB Audigy\Volume Panel\VolPanlu.exe" /r mRun-x64: [SpybotSnD] "C:\Program Files (x86)\Spybot - Search & Destroy\SpybotSD.exe" AppInit_DLLs-X64: C:\Windows\SysWOW64\guard32.dll . ================= FIREFOX =================== . FF - ProfilePath - C:\Users\Patric\AppData\Roaming\Mozilla\Firefox\Profiles\jm53g717.default\ FF - prefs.js: browser.startup.homepage - www.web.de/fm FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll . ============= SERVICES / DRIVERS =============== . R1 cmdGuard;COMODO Internet Security Sandbox Driver;C:\Windows\system32\DRIVERS\cmdguard.sys --> C:\Windows\system32\DRIVERS\cmdguard.sys [?] R1 cmdHlp;COMODO Internet Security Helper Driver;C:\Windows\system32\DRIVERS\cmdhlp.sys --> C:\Windows\system32\DRIVERS\cmdhlp.sys [?] R1 EIO64;EIO Driver;C:\Windows\system32\DRIVERS\EIO64.sys --> C:\Windows\system32\DRIVERS\EIO64.sys [?] R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?] R2 ASMMAP64;ASMMAP64;C:\Program Files\ATKGFNEX\ASMMAP64.sys [2009-10-19 14904] R2 nvUpdatusService;NVIDIA Update Service Daemon;C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-12-1 2253120] R2 PassThru Service;Internet Pass-Through Service;C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [2011-8-12 87040] R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2011-12-3 1153368] R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-10-15 381248] R2 WBVGAservice;WB VGA Service;C:\Program Files (x86)\ASUS\Turbo Gear Enhanced VGA Driver\WBVGAservice.exe [2009-10-19 72248] R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?] R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576] S3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\system32\DRIVERS\btwl2cap.sys --> C:\Windows\system32\DRIVERS\btwl2cap.sys [?] S3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [2009-10-19 79360] S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2009-10-19 79360] S3 HTCAND64;HTC Device Driver;C:\Windows\system32\Drivers\ANDROIDUSB.sys --> C:\Windows\system32\Drivers\ANDROIDUSB.sys [?] S3 htcnprot;HTC NDIS Protocol Driver;C:\Windows\system32\DRIVERS\htcnprot.sys --> C:\Windows\system32\DRIVERS\htcnprot.sys [?] S3 MotioninJoyXFilter;MotioninJoy Virtual Xinput device Filter Driver;C:\Windows\system32\DRIVERS\MijXfilt.sys --> C:\Windows\system32\DRIVERS\MijXfilt.sys [?] S3 S332x64;SPRx3x USB SmartCard Reader;C:\Windows\system32\DRIVERS\S332x64.sys --> C:\Windows\system32\DRIVERS\S332x64.sys [?] S3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;C:\Windows\system32\DRIVERS\SiSG664.sys --> C:\Windows\system32\DRIVERS\SiSG664.sys [?] S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?] S4 AFBAgent;AFBAgent;"C:\Windows\system32\FBAgent.exe" --> C:\Windows\system32\FBAgent.exe [?] . =============== Created Last 30 ================ . 2012-03-04 11:57:19 -------- d-----w- C:\Users\Patric\AppData\Local\Diagnostics 2012-03-04 11:48:36 -------- d-sh--w- C:\$RECYCLE.BIN 2012-03-04 09:51:39 98816 ----a-w- C:\Windows\sed.exe 2012-03-04 09:51:39 518144 ----a-w- C:\Windows\SWREG.exe 2012-03-04 09:51:39 256000 ----a-w- C:\Windows\PEV.exe 2012-03-04 09:51:39 208896 ----a-w- C:\Windows\MBR.exe 2012-03-04 09:51:28 -------- d-----w- C:\C2ombo2F2ix12855C 2012-03-04 09:34:53 -------- d-----w- C:\C2ombo2F2ix14561C 2012-03-04 09:33:57 -------- d-----w- C:\C2ombo2F2ix 2012-03-04 08:33:53 388096 ----a-r- C:\Users\Patric\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe 2012-03-04 08:33:53 -------- d-----w- C:\Program Files (x86)\Trend Micro 2012-03-04 01:20:13 414368 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl 2012-03-04 01:06:19 16200 ----a-w- C:\Windows\stinger.sys 2012-03-04 01:05:57 -------- d-----w- C:\Program Files (x86)\stinger 2012-03-03 23:11:24 -------- d-----w- C:\Program Files\CCleaner 2012-02-29 21:39:58 -------- d-sh--w- C:\Windows\System32\%APPDATA% 2012-02-20 09:12:40 8602168 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{6659D2B7-9326-4F49-892F-7C4071B54C1B}\mpengine.dll 2012-02-16 06:27:55 509952 ----a-w- C:\Windows\System32\ntshrui.dll 2012-02-16 06:27:55 442880 ----a-w- C:\Windows\SysWow64\ntshrui.dll 2012-02-16 06:27:53 515584 ----a-w- C:\Windows\System32\timedate.cpl 2012-02-16 06:27:53 478720 ----a-w- C:\Windows\SysWow64\timedate.cpl 2012-02-16 06:27:51 3145728 ----a-w- C:\Windows\System32\win32k.sys 2012-02-16 06:27:48 498688 ----a-w- C:\Windows\System32\drivers\afd.sys 2012-02-16 06:27:31 690688 ----a-w- C:\Windows\SysWow64\msvcrt.dll 2012-02-16 06:27:31 634880 ----a-w- C:\Windows\System32\msvcrt.dll . ==================== Find3M ==================== . 2012-03-04 08:02:46 45056 ----a-w- C:\Windows\System32\acovcnt.exe 2012-01-26 23:52:58 279656 ------w- C:\Windows\System32\MpSigStub.exe 2011-12-27 10:48:04 175616 ----a-w- C:\Windows\System32\msclmd.dll 2011-12-27 10:48:04 152576 ----a-w- C:\Windows\SysWow64\msclmd.dll 2011-12-14 20:35:25 215128 ----a-w- C:\Windows\SysWow64\PnkBstrB.xtr 2011-12-14 20:34:23 215128 ----a-w- C:\Windows\SysWow64\PnkBstrB.ex0 2011-12-14 07:11:03 2308096 ----a-w- C:\Windows\System32\jscript9.dll 2011-12-14 07:04:30 1390080 ----a-w- C:\Windows\System32\wininet.dll 2011-12-14 07:03:38 1493504 ----a-w- C:\Windows\System32\inetcpl.cpl 2011-12-14 06:57:28 2382848 ----a-w- C:\Windows\System32\mshtml.tlb 2011-12-14 03:04:54 1798656 ----a-w- C:\Windows\SysWow64\jscript9.dll 2011-12-14 02:57:18 1127424 ----a-w- C:\Windows\SysWow64\wininet.dll 2011-12-14 02:56:58 1427456 ----a-w- C:\Windows\SysWow64\inetcpl.cpl 2011-12-14 02:50:04 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb 2011-12-10 14:24:08 23152 ----a-w- C:\Windows\System32\drivers\mbam.sys . ============= FINISH: 13:27:18,18 =============== |
Themen zu Support bei Auswertung DDS und Combofix |
antivirus, asus, auswertung, combofix, defender, device driver, dll, explorer, firefox, firewall, hijack, home, hotkey, malwarebytes, maus, mozilla, nvidia, nvidia update, realtek, rundll, security, software, svchost.exe, system, updates, windows, windows 7 home, windows 7 home premium, wmp |