| |
| |||||||
Log-Analyse und Auswertung: XP-Rechner plötzlich sehr langsam rundll32.exe Haupttäter, neues ProgrammWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
04.02.2014, 10:06
| #2 |
 |  XP-Rechner plötzlich sehr langsam rundll32.exe Haupttäter, neues Programm Hier noch gmer:
__________________Code:
ATTFilter GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2014-02-04 09:53:05
Windows 5.1.2600 Service Pack 3 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 SAMSUNG_HM160HC rev.LQ100-10 149,05GB
Running: Gmer-19357.exe; Driver: C:\DOKUME~1\Neum\LOKALE~1\Temp\ugtdrpob.sys
---- System - GMER 2.1 ----
SSDT BA29C17C ZwClose
SSDT BA29C136 ZwCreateKey
SSDT BA29C186 ZwCreateSection
SSDT BA29C12C ZwCreateThread
SSDT BA29C13B ZwDeleteKey
SSDT BA29C145 ZwDeleteValueKey
SSDT BA29C177 ZwDuplicateObject
SSDT spzy.sys ZwEnumerateKey [0xF74FCDA4]
SSDT spzy.sys ZwEnumerateValueKey [0xF74FD132]
SSDT BA29C14A ZwLoadKey
SSDT spzy.sys ZwOpenKey [0xF74E40C0]
SSDT BA29C118 ZwOpenProcess
SSDT BA29C11D ZwOpenThread
SSDT spzy.sys ZwQueryKey [0xF74FD20A]
SSDT BA29C19F ZwQueryValueKey
SSDT BA29C154 ZwReplaceKey
SSDT BA29C190 ZwRequestWaitReplyPort
SSDT BA29C14F ZwRestoreKey
SSDT BA29C18B ZwSetContextThread
SSDT BA29C195 ZwSetSecurityObject
SSDT BA29C140 ZwSetValueKey
SSDT BA29C19A ZwSystemDebugControl
SSDT BA29C127 ZwTerminateProcess
INT 0x3B ? 8A56EBF8
INT 0x3B ? 8A56EBF8
INT 0x3B ? 8A56EBF8
INT 0x3B ? 8A56EBF8
INT 0x3E ? 8A850BF8
INT 0x3F ? 8A850BF8
---- Kernel code sections - GMER 2.1 ----
? spzy.sys Das System kann die angegebene Datei nicht finden. !
---- User code sections - GMER 2.1 ----
.text C:\Programme\Mozilla Firefox\firefox.exe[3408] ntdll.dll!LdrLoadDll 7C92632D 5 Bytes JMP 0172B780 C:\Programme\Mozilla Firefox\xul.dll
.text C:\Programme\Mozilla Firefox\firefox.exe[3408] kernel32.dll!lstrlenW + 43 7C809AEC 7 Bytes JMP 01F66EFD C:\Programme\Mozilla Firefox\xul.dll
.text C:\Programme\Mozilla Firefox\firefox.exe[3408] kernel32.dll!MapViewOfFileEx + 6A 7C80B9A0 7 Bytes JMP 01F66EDA C:\Programme\Mozilla Firefox\xul.dll
.text C:\Programme\Mozilla Firefox\firefox.exe[3408] kernel32.dll!ValidateLocale + B1C8 7C8449C8 7 Bytes JMP 01730836 C:\Programme\Mozilla Firefox\xul.dll
.text C:\Programme\Mozilla Firefox\firefox.exe[3408] GDI32.dll!SetDIBitsToDevice + 20A 77EF9E14 7 Bytes JMP 01F66E5B C:\Programme\Mozilla Firefox\xul.dll
---- Devices - GMER 2.1 ----
Device 8A84F1F8
Device Ntfs.sys
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 SynTP.sys
Device \Driver\usbuhci \Device\USBPDO-0 8A56D1F8
Device \Driver\usbuhci \Device\USBPDO-1 8A56D1F8
Device \Driver\usbuhci \Device\USBPDO-2 8A56D1F8
Device \Driver\usbehci \Device\USBPDO-3 8A40A1F8
Device \Driver\Ftdisk \Device\HarddiskVolume1 8A7E31F8
Device \Driver\Ftdisk \Device\HarddiskVolume2 8A7E31F8
Device \Driver\Cdrom \Device\CdRom0 8A56C500
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 [F783BB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdePort0 [F783BB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdePort1 [F783BB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e [F783BB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\USBSTOR \Device\000000b1 8A4A1500
Device \Driver\NetBT \Device\NetBT_Tcpip_{B54CB423-672B-427E-8E56-2233D6FB9A46} 89F8B1F8
Device \FileSystem\ndasrofs \Device\NdasRofsControl ndasfs.sys
Device \Driver\NetBT \Device\NetBt_Wins_Export 89F8B1F8
Device \Driver\NetBT \Device\NetbiosSmb 89F8B1F8
Device \Driver\USBSTOR \Device\000000b8 8A4A1500
Device \Driver\usbuhci \Device\USBFDO-0 8A56D1F8
Device \Driver\usbuhci \Device\USBFDO-1 8A56D1F8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 89F3D1F8
Device \Driver\usbuhci \Device\USBFDO-2 8A56D1F8
Device 89F3D1F8
Device \Driver\usbehci \Device\USBFDO-3 8A40A1F8
Device \Driver\Ftdisk \Device\FtControl 8A7E31F8
Device \FileSystem\Fs_Rec \FileSystem\UdfsCdRomRecognizer tfsnifs.sys
Device \FileSystem\Fs_Rec \FileSystem\FatCdRomRecognizer tfsnifs.sys
Device \FileSystem\Fs_Rec \FileSystem\CdfsRecognizer tfsnifs.sys
Device \FileSystem\Fs_Rec \FileSystem\FatDiskRecognizer tfsnifs.sys
Device \FileSystem\Fs_Rec \FileSystem\UdfsDiskRecognizer tfsnifs.sys
Device \FileSystem\Cdfs \Cdfs 8A5AE500
Device \FileSystem\Cdfs \Cdfs tfsnifs.sys
Device ndasrofs.sys
Device ndasfs.sys
---- Trace I/O - GMER 2.1 ----
Trace ntoskrnl.exe CLASSPNP.SYS disk.sys vsflt61.sys hal.dll ACPI.sys atapi.sys spzy.sys >>UNKNOWN [0x8a802938]<< 8a802938
Trace 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8a846ab8] 8a846ab8
Trace 3 CLASSPNP.SYS[f7637fd7] -> nt!IofCallDriver -> [0x8a79c9e8] 8a79c9e8
Trace 5 vsflt61.sys[f7483f9b] -> nt!IofCallDriver -> \Device\00000095[0x8a77c9e8] 8a77c9e8
Trace 7 ACPI.sys[f74a2620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x8a77d940] 8a77d940
---- Registry - GMER 2.1 ----
Reg HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch@Epoch 19317
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x3A 0x4D 0x42 0x71 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x3A 0x4D 0x42 0x71 ...
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\System
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\System@OODEFRAG08.00.00.01WORKSTATION 6152A02BDDF17CE9998BC00FD8333D54B68A015F02258B4480D62E7111E2C80269C5C4628504EFD079BC9C8835EAAC37048B6705AE23C04FB34DF85BE650B1A66365E41ABC2C573740FE719AC51427E14CA94845F4AAE0851B7E107184827BA376D3BB4C3A61ED8EBE0443D57606C3ABA3CA96E7959301CA309FF1562074D40324B7F2144BDD21AA95860BEEC85E4C54F15538DBE87C69E33FE813D107632535BA3CAB31D1A294443CBF363FD2FC42FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC7933C038D530D6EB3452A2D97226D213B555A6171C11EC38DE3D6A9A726AA28811D492A04A1C8EBB38B7166762CBD798AC2246B93B5F92A1AB110E1D72786430BB31A53A87A68486006B5819AF613D2B144ED3A6C0518F9EFC410C0E24F3D6D924072CE1E082099F69169C14AE31FA193DBA903E1CB8BF4E558BAC38CA3513DC642FB786ADD44E92ED6E5C0DE4CDFAC4229AFE18A63367064DC39B392C8753265539BA6AC2342902C8DF758ADB3E4CA37FD785A2B5D3EBB2C36FE703922CF7B597670FA4FB3012237B0AA8E89E7B1EBF568CED9E2A23D8D1DBC5835ACD55069E0DB0701FBA49A63EC9411D58BEF2C838EC8C68A0639A5D78F9B648DA2F2CA30CDDBEFE9AE1F2A7323B0C59DCCF88C5404B59051149A9CACCC8627
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\System@OODEFRAG10.00.00.01WORKSTATION 7EC9439BEDA7EA89F0AFA73825271254445633E989A5B7FD762E4EDA768AC571CF617BF160FB320A07575C57488D00097F04B448BDB5594A130A94BBF19535556BA9FE585C148BB86D012DB7E6459FB5B59ED9FA37A1D4BF1DDF2130FB8D93C35AA1EE8554B7C3C729C1FE4E3F3BCEDB027066569C1A38CBEA4D388A4308C435CD5BB1E8A1FE3061E0C076C571ABF2EEA75562E1F6A21A51F705E3CFD8ECAC1C9680F123FDD725A0613B81FC812B72D80ABF19D9341511A55FCDF037347836D8AB4A1D0B0905FE9499014C86D620B97631B59C2B261ABC13E581702DB03C4FC3A909E429469B9B439E76CC2ABFC437994C4DBFFB80B43B58FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74C5D575E7D6A3B9808A2D97226D213B555BA7FD869164D6794A6171C11EC38DE3DD88A0474420B15142B18AC557C61AF6A39C608339B4AE162B4FEE19922C29A6926B7A44B43CB9C8422CC6893E3D713879C9790ECAF1E3D2739E5787239AB1D513E3736282F4E45DA89CFE58E9A4E2A009D150704B5730DA8BA41ED7D4B64EE0E8E64C309AC4517A0E3320F21AF3AACC5F8255753C4A65CE8D1EB50B2984E89D0262E1C21C4B89DD0DB1995DA9468574691C1B3E4D7E7B6DF365670BA4221EB3D391AD1D4E181E85FBEBEEC009D786BDDEC7A107ACBBC2E7
---- Disk sectors - GMER 2.1 ----
Disk \Device\Harddisk0\DR0 unknown MBR code
---- EOF - GMER 2.1 ----
|
| Themen zu XP-Rechner plötzlich sehr langsam rundll32.exe Haupttäter, neues Programm |
| 4d36e972-e325-11ce-bfc1-08002be10318, ad-aware, adblock, adware, antivir, antivirus, askbar, avira, browser, cdburnerxp, combofix, fehlalarm, fehlercodes, firefox, flash player, helper, home, homepage, langsam, minidump, mozilla, msiinstaller, newtab, programm, realtek, rundll, scan, security, software, system, usb, windows, windows xp, xp-rechner |
Baum-Darstellung